每日安全动态推送(09-17)

腾讯玄武实验室 2020-09-17 11:24
Tencent Security Xuanwu Lab Daily News


• Scrutiny on the bug bounty - Google Slides:
https://docs.google.com/presentation/d/1PCnjzCeklOeGMoWiE2IUzlRGOBxNp8K5hLQuvBNzrFY/edit#slide=id.p

   ・ Scrutiny on the bug bounty, Bug Bounty 漏洞挖掘经验分享 – Jett


• CVE-2020-9496: RCE in Apache OFBiz XMLRPC via Deserialization of Untrusted Data:
https://www.thezdi.com/blog/2020/9/14/cve-2020-9496-rce-in-apache-ofbiz-xmlrpc-via-deserialization-of-untrusted-data

   ・ Apache OFBiz XMLRPC 数据反序列化 RCE 漏洞(CVE-2020-9496)分析 – Jett


• [Attack] US charges five hackers part of Chinese state-sponsored group APT41 | ZDNet:
https://packetstormsecurity.com/news/view/31581

   ・ 美国发表了一份涉及 APT41 组织报告 – Jett


• Recovering a lost phone number using the hacker mindset:
https://medium.com/bugbountywriteup/recovering-a-lost-phone-number-using-hacker-mindset-5e7e7a30edbd

   ・ 使用黑客的思维模式恢复丢失的手机里的电话号码。 – lanying37


• ERNW White Paper 69 – Safety Impact of Vulnerabilities in Insulin Pumps:
https://insinuator.net/2020/09/white-paper-69/

   ・ Insinuator 团队对胰岛素泵医疗设备安全漏洞的分析 – Jett


• [Tools, Windows] Configuring 802.1x Authentication for Windows Deployment – Part 1 – Building an 802.1x Computer Authentication Script:
https://www.asquaredozen.com/2018/07/29/configuring-802-1x-authentication-for-windows-deployment-part-1-building-an-802-1x-computer-authentication-script/

   ・ 为Windows部署配置802.1x身份验证–第1部分–搭建802.1x计算机身份验证脚本。 – lanying37


• [macOS] Boot volume layout:
http://eclecticlight.co/2020/09/16/boot-volume-layout/

   ・ macOS Big Sur Boot volume layout – Jett


• [PDF] https://friends.cs.purdue.edu/pubs/WOOT20.pdf:
https://friends.cs.purdue.edu/pubs/WOOT20.pdf

   ・ BLESA - 针对蓝牙低功耗设备的欺骗攻击(Paper) – Jett


• 波场 DeFi 项目 Myrose 无法提现 USDT 技术分析:
https://paper.seebug.org/1337/

   ・ 波场 DeFi 项目 Myrose 无法提现 USDT 技术分析  – Jett


• [PDF] https://software.intel.com/content/dam/develop/external/us/en/documents/343965-intel-key-locker-specification.pdf:
https://software.intel.com/content/dam/develop/external/us/en/documents/343965-intel-key-locker-specification.pdf

   ・ Intel Key Locker 安全密钥管理技术白皮书  – Jett


• [Tools] nccgroup/whalescan:
https://github.com/nccgroup/whalescan

   ・ Whalescan - NCCGroup 开源的针对 Windows 容器的漏洞扫描器 – Jett


• [Fuzzing] [PDF] https://rohan.padhye.org/files/bigfuzz-ase20.pdf:
https://rohan.padhye.org/files/bigfuzz-ase20.pdf

   ・ BigFuzz: Efficient Fuzz Testing for Data Analytics Using Framework Abstraction – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


推荐阅读