每日安全动态推送(04-15)

Tencent Security Xuanwu Lab Daily News

• [Attack] Bahamut组织近期攻击活动揭露:
https://mp.weixin.qq.com/s/YAAybJBAvxqrQWYDg31BBw

   ・ Bahamut组织近期攻击活动揭露 – lanying37

• Abusing Azure Hybrid Workers for Privilege Escalation – Part 2: An Azure PrivSec Story:
https://www.netspi.com/blog/technical/cloud-penetration-testing/abusing-azure-hybrid-workers-part-2/

   ・ Abusing Azure Hybrid Workers for Privilege Escalation – Jett

• Diving Deeper into WatchGuard Pre-Auth RCE – CVE-2022-26318:
https://blog.assetnote.io/2022/04/13/watchguard-firebox-rce/

   ・ Diving Deeper into WatchGuard Pre-Auth RCE – CVE-2022-26318 – Jett

• readme.md:
https://github.com/BehroozAbbassi/sdkffi

   ・ sdkffi – C 头文件 parser，生成函数标准化原型数据的工具 – Jett

• Make phishing great again. VSTO office files are the new macro nightmare?:
https://medium.com/@airlockdigital/make-phishing-great-again-vsto-office-files-are-the-new-macro-nightmare-e09fcadef010

   ・ 钓鱼时 MS Office VSTO 文件可以被用于植入宏代码 – Jett

• [Tools] Exploiting Struts RCE on 2.5.26:
https://mc0wn.blogspot.com/2021/04/exploiting-struts-rce-on-2526.html

   ・ Exploiting Struts RCE on 2.5.26 – Jett

• CVE-2022-28345 – Signal client for iOS version 5.33.2 and below are vulnerable to RTLO Injection URI Spoofing using malicious URLs such as gepj.net/selif#/moc.elpmaxe which would appear as example.com/#files/ten.jpeg – Sick Codes – Security Research, Hardware & Software Hacking, Consulting, Linux, IoT, Cloud, Embedded, Arch, Tweaks & Tips!:
https://sick.codes/sick-2022-42/

   ・ Signal client for iOS 被发现 RTLO 注入 URL 欺骗问题 – Jett

• mssql 提权总结:
https://tttang.com/archive/1545/

   ・ mssql 提权总结 – lanying37

• [PDF] https://www.prodaft.com/m/reports/PYSA_TLPWHITE_3.0.pdf:
https://www.prodaft.com/m/reports/PYSA_TLPWHITE_3.0.pdf

   ・ PYSA 勒索软件分析报告 – Jett

• Blinding Snort: Breaking the Modbus OT Preprocessor:
https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/

   ・ 利用开源 Snort IDS 检测引擎的整数溢出漏洞（CVE-2022-20685）逃逸检测 – Jett

• CVE-2022-22954 VMware Workspace ONE Access SSTI RCE – 先知社区:
https://xz.aliyun.com/t/11196

   ・ CVE-2022-22954 VMware Workspace ONE Access SSTI RCE – lanying37

• CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers:
https://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html

   ・ iOS vouchers 子系统野外被利用漏洞 CVE-2021-1782 的分析 – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(04-15)