漏洞 Vulnerability
vBulletin 5.x 0day 预认证 RCE exploit
https://seclists.org/fulldisclosure/2019/Sep/31
Adobe发布ColdFusion 2016和2018版本的安全更新,修复CVE-2019-8072、CVE-2019-8073、CVE-2019-8074三个漏洞
https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html
CVE-2019-15943:CSGO(反恐精英)游戏RCE 漏洞POC
https://github.com/bi7s/CVE/tree/master/CVE-2019-15943
恶意软件 Malware
俄罗斯网军APT生态
https://research.checkpoint.com/russianaptecosystem/
Verizon的《 2019年事件预防和响应报告》
https://enterprise.verizon.com/resources/reports/vipr/2019-vipr-full-report.pdf
思科团队TALOS 分析的针对美国退役军人的定向攻击
https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html
俄罗斯APT组织zebrocy攻击活动
https://www.welivesecurity.com/2019/09/24/no-summer-vacations-zebrocy/
Aggah活动,疑似Gorgon Group APT
https://blog.yoroi.company/research/apt-or-not-apt-whats-behind-the-aggah-campaign/
恶意软件Emotet卷土重来:对其JavaScript下载器的分析
https://www.bromium.com/reawakening-of-emotet-an-analysis-of-its-javascript-downloader/
安全研究 Security Research
绕过macOS 系统的隐私控制弹框确认
https://blog.xpnsec.com/bypassing-macos-privacy-controls/
浅谈RASP
https://lucifaer.com/2019/09/25/%E6%B5%85%E8%B0%88RASP/?from=timeline
Windows利用技巧:欺骗命名管道连接的客户端PID——P0
https://googleprojectzero.blogspot.com/2019/09/windows-exploitation-tricks-spoofing.html
随机数之殇——EOS 新型随机数攻击手法细节分析
https://paper.seebug.org/1042/
安全工具 Security Tools
GHIDRA 9.1发布了
https://ghidra-sre.org/releaseNotes_9.1.html
Redqueen: x86 二进制程序的fuzz工具,解决了Checksum或者Magic Value问题
https://github.com/RUB-SysSec/redqueen
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论