Tencent Security Xuanwu Lab Daily News
• Warcodes II – The Desko Case:
https://labs.ioactive.com/2020/12/warcodes-ii-desko-case.html
・ Warcodes II – Desko 案例 – 针对工业条码阅读器的新型攻击向量,攻击 DESKO 的 BCR/BGR504 Pro 阅读器
– SecTodayBot
• WiKI-Eve – Stealing Wi-Fi Passwords by Eavesdropping on Keystrokes:
https://cybersecuritynews.com/wiki-eve-wi-fi-passwords/
・ WiKI-Eve,通过keystrokes窃取WI-FI密码。为了展示 wiki-eve 的实用性,他们在 5m*8m 的会议室中使用 iPhone 13 进行了实际实验
– SecTodayBot
• GitHub – raminfp/fuzzer-development-with-rust: Write fuzzer with rust:
https://github.com/raminfp/fuzzer-development-with-rust
・ Fuzzer Development With Rust (Basic) – 介绍模糊测试工具和使用 Rust 进行模糊测试开发
– SecTodayBot
• Knocking on Hell’s Gate – EDR Evasion Through Direct Syscalls:
https://labs.en1gma.co/malwaredevelopment/evasion/security/2023/08/14/syscalls.html
・ 利用系统调用进行EDR规避
– SecTodayBot
• CVE-2023-3959, CVE-2023-4249 – Multiple critical vulnerabilities in Zavio IP cameras:
https://bugprove.com/knowledge-hub/cve-2023-3959-cve-2023-4249-multiple-critical-vulnerabilities-in-zavio-ip-cameras/
・ BugProve 共享 34 个 Zavio IP cameras的利用脚本,其中 7 个是 preauth RCE,其余的是 postauth BoF
– SecTodayBot
• Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play:
https://thehackernews.com/2023/09/millions-infected-by-spyware-hidden-in.html
・ Google Play 商店中发现了伪装成 Telegram 修改版的间谍软件,该软件旨在从受感染的 Android 设备中获取敏感信息。俄罗斯网络安全公司将该活动代号为“邪恶电报”
– SecTodayBot
• Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones:
https://thehackernews.com/2023/09/apple-rushes-to-patch-zero-day-flaws.html
・ Apple 发布了针对 iOS、iPadOS、macOS、watchOS 的紧急安全更新,以解决两个零日漏洞,这些漏洞已被广泛利用来发动 NSO Group 的 Pegasus 雇佣兵间谍战
– SecTodayBot
• CatSniffer: original multiprotocol, and multiband board made for sniffing, communicating, and attacking IoT devices:
https://securityonline.info/catsniffer-original-multiprotocol-and-multiband-board-made-for-sniffing-communicating-and-attacking-iot-devices/
・ CatSniffer () 是一款原创的多协议、多频段板,用于嗅探、通信和攻击物联网设备。它被设计为高度便携的 USB 棒,集成了新芯片 TI CC1352、Semtech SX1262、Microchip SAMD21E17 V2 或更高版本以及 RP2040 V3 或更高版本
– SecTodayBot
• CVE-2023-4809: FreeBSD pf bypass when using IPv6:
https://seclists.org/oss-sec/2023/q3/168
・ 利用 IPv6 绕过 FreeBSD pf,通过启用清理和重组 ipv6 片段绕过防火墙规则
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(9-12)