Tencent Security Xuanwu Lab Daily News
• Put an io_uring on it: Exploiting the Linux Kernel – Blog | Grapl:
https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel
・ 利用 Linux 内核 io_uring Syscall 的漏洞实现本地提权
– Jett
• Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities:
https://unit42.paloaltonetworks.com/gke-autopilot-vulnerabilities/
・ Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities
– Jett
• Make JDBC Attacks Brilliant Again 番外篇:
http://tttang.com/archive/1462
・ Make JDBC Attacks Brilliant Again 番外篇.
– lanying37
• CVE-2022-26143: TP240PhoneHome reflection/amplification DDoS attack vector:
https://blog.cloudflare.com/cve-2022-26143/
・ Mitel MiCollab 商业电话系统的 CVE-2022-26143 漏洞被利用发起 DDoS 攻击
– Jett
• Reversing embedded device bootloader (U-Boot) – p.1:
https://www.shielder.it/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1/
・ Reversing embedded device bootloader (U-Boot)
– Jett
• Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday:
https://threatpost.com/microsoft-zero-days-critical-bugsmarch-patch-tuesday/178817/
・ 微软发布 3 月份漏洞补丁公告,修复 3 个高危漏洞
– Jett
• Pascom: The story of 3 bugs that lead to unauthed RCE. – Blog – Kerbit:
https://kerbit.io/research/read/blog/4
・ Pascom: The story of 3 bugs that lead to unauthed RCE
– Jett
• Branch History Injection – VUSec:
https://www.vusec.net/projects/bhi-spectre-bhb/
・ Branch History Injection – Spectre-v2 攻击硬件缓解措施的绕过
– Jett
• Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure:
https://threatpost.com/zero-click-flaws-ups-critical-infratructure/178810/
・ APC Smart-UPS 设备被发现高危漏洞,利用该漏洞攻击者可以远程控制该设备
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-09)
