每日安全动态推送(12-01)

Tencent Security Xuanwu Lab Daily News

• 企业级苹果Mac用户安全防御指南（译文）:
https://tttang.com/archive/1350/

   ・ 企业级苹果Mac用户安全防御指南（译文）. – lanying37

• CVE-2021-21234 Spring Boot Actuator Logview Directory Traversal:
https://pyn3rd.github.io/2021/10/25/CVE-2021-21234-Spring-Boot-Actuator-Logview-Directory-Traversal/

   ・ CVE-2021-21234 Spring Boot Actuator Logview Directory Traversal – Jett

• Discovering Full Read SSRF in Jamf (CVE-2021-39303 & CVE-2021-40809) – Assetnote:
https://blog.assetnote.io/2021/11/30/jamf-ssrf/

   ・ IT 管理软件 Jamf Pro SSRF 漏洞分析 – Jett

• Apache Storm 漏洞分析:
http://noahblog.360.cn/apache-storm-vulnerability-analysis/

   ・ Apache Storm 漏洞分析 – Jett

• Arbitrary package tampering in Deno registry + Code Injection in encoding/yaml:
https://blog.ryotak.me/post/deno-registry-tampering-with-arbitrary-packages-en/

   ・ Arbitrary package tampering in Deno registry + Code Injection in encoding/yaml – Jett

• 安卓 APT 间谍软件 GnatSpy 分析:
http://paper.seebug.org/1771/

   ・ 针对安卓 APT 间谍软件 GnatSpy 分析. – lanying37

• PetitPotam – NTLM Relay to AD CS:
https://www.youtube.com/watch?v=YEMjGp7kEbc

   ・ PetitPotam – 对 AD CS 证书服务进行 NTLM 中继攻击演示视频. – lanying37

• CVE-2021-22205 GitLab RCE之未授权访问深入分析(一):
http://blog.topsec.com.cn/cve-2021-22205-gitlab-rce%e4%b9%8b%e6%9c%aa%e6%8e%88%e6%9d%83%e8%ae%bf%e9%97%ae%e6%b7%b1%e5%85%a5%e5%88%86%e6%9e%90%e4%b8%80/

   ・ CVE-2021-22205 GitLab RCE 之未授权访问深入分析(一) – Jett

• [iOS] New Sony patent: “Spoofing CPUID For Backwards Compatibility” (filed by Mark Cerny):
https://www.neogaf.com/threads/new-sony-patent-spoofing-cpuid-for-backwards-compatibility-filed-by-mark-cerny.1624987/

   ・ New Sony patent: “Spoofing CPUID For Backwards Compatibility” . – lanying37

• xray 终极反制实践:
https://koalr.me/posts/core-concept-of-yarx/

   ・ xray 终极反制实践 – Jett

• [PDF] https://labs.f-secure.com/assets/BlogFiles/Printing-Shellz.pdf:
https://labs.f-secure.com/assets/BlogFiles/Printing-Shellz.pdf

   ・ Printing-Shellz – 惠普多功能打印机的安全研究报告 – Jett

• Watch Your Step(ping): Atoms Breaking Apart:
https://grsecurity.net/watch_your_stepping_atoms_breaking_apart

   ・ 研究员发现 Intel(R) Atom CPU Bug – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(12-01)