每日安全动态推送(12-09)

Tencent Security Xuanwu Lab Daily News

• Malicious packages in npm enable theft of Discord tokens, other data:
https://jfrog.com/blog/malicious-npm-packages-are-after-your-discord-tokens-17-new-packages-disclosed/

   ・ Malicious npm Packages Are After Your Discord Tokens – 17 New Packages Disclosed  – Jett

• [Vulnerability] Example: get db password:
https://github.com/jas502n/Grafana-CVE-2021-43798

   ・ 开源网络管理平台 Grafana 任意文件读漏洞分析（CVE-2021-43798） – Jett

• [Malware] When old friends meet again: why Emotet chose Trickbot for rebirth:
https://research.checkpoint.com/2021/when-old-friends-meet-again-why-emotet-chose-trickbot-for-rebirth/

   ・ Emotet botnet 在消失 10 个月之后又开始借助 Trickbot 复活了 – Jett

• [Windows] The hidden side of Seclogon part 2: Abusing leaked handles to dump LSASS memory:
https://splintercod3.blogspot.com/p/the-hidden-side-of-seclogon-part-2.html

   ・ The hidden side of Seclogon part 2: Abusing leaked handles to dump LSASS memory – Jett

• Go away BitLocker, you´re drunk:
https://luemmelsec.github.io/Go-away-BitLocker-you-are-drunk/

   ・ 攻击启用 BitLocker 的设备 – Jett

• [Crypto] Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm:
https://blog.fox-it.com/2021/12/07/encryption-does-not-equal-invisibility-detecting-anomalous-tls-certificates-with-the-half-space-trees-algorithm/

   ・ 利用 Half-Space-Trees 算法检测异常 TLS 证书 – Jett

• VULNCON CTF 2021 – IPS | kileak:
https://kileak.github.io/ctf/2021/vulncon-ips/

   ・ HICON CTF 一道 Linux 内核 new IPS Syscall 赛题的 writeup – Jett

• Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks | Proofpoint US:
https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection

   ・ 微软和 GitHub 的 OAuth 2.0 实现存在问题，可被利用实现重定向攻击，绕过钓鱼检测和邮件安全策略 – Jett

• [Linux] Ubuntu Desktop Exploit:
https://flatt.tech/reports/210401_pwn2own/

   ・ Pwn2Own 比赛 Ubuntu Desktop 本地提权漏洞分析报告 – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(12-09)