Tencent Security Xuanwu Lab Daily News
• [Windows] CVE-2022-22005 Microsoft Sharepoint RCE:
https://hnd3884.github.io/posts/cve-2022-22005-microsoft-sharepoint-RCE/
・ 通过补丁分析 Microsoft Sharepoint CVE-2022-22005 RCE 漏洞
– Jett
• [Linux] New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?:
https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/
・ New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
– Jett
• Escaping privileged containers for fun:
https://pwning.systems/posts/escaping-containers-for-fun/
・ Escaping privileged containers for fun
– Jett
• [Tools] 2021 Year In Review:
https://thedfirreport.com/2022/03/07/2021-year-in-review/
・ 从 MITRE ATT&CK 框架的角度回顾 2021 年
– Jett
• Alexa versus Alexa: Controlling Smart Speakers by Self-Issuing Voice Commands:
https://arxiv.org/abs/2202.08619
・ Amazon Alexa can be hijacked via commands from own speaker
– Jett
• A Detailed Guide on Wfuzz – Hacking Articles:
https://www.hackingarticles.in/a-detailed-guide-on-wfuzz/
・ A Detailed Guide on Wfuzz
– Jett
• The Dirty Pipe Vulnerability:
https://dirtypipe.cm4all.com/
・ Linux 内核被发现 Dirty Pipe 本地提权漏洞(CVE-2022-0847)
– Jett
• AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service:
https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/
・ Microsoft Azure Automation 被发现高危的账户越权访问漏洞
– Jett
• Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak:
https://threatpost.com/samsung-lapsus-ransomware-source-code/178791/
・ 三星确认勒索软件组织 Lapsus$ 窃取了公司的大量源码
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-08)
