Tencent Security Xuanwu Lab Daily News
• About the security content of iOS 15.5 and iPadOS 15.5 – Apple 支持 (中国):
https://support.apple.com/zh-cn/HT213258
・ Apple 发布 iOS 15.5 和 macOS 12.4 安全更新
– Jett
• [PDF] https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Delarea-Backdooring-of-real-time-automotive-os-devices.pdf:
https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Delarea-Backdooring-of-real-time-automotive-os-devices.pdf
・ Backdooring of Real Time Automotive OS Devices,来自 BlackHat Asia 会议
– Jett
• Post mortem on this weekend’s DNS event:
https://spiritswap.medium.com/post-mortem-on-this-weekends-dns-event-cb61c11f5c2f
・ SpiritSwap 发布公告,有攻击者社工 GoDaddy 员工修改域名配置导致 SpiritSwap DNS 被劫持
– Jett
• Tetragon – eBPF-based Security Observability & Runtime Enforcement:
https://isovalent.com/blog/post/2022-05-16-tetragon
・ Tetragon – 基于内核层 eBPF 实现的运行时进程防护工具
– Jett
• [Tools] idaholab/Malcolm:
https://github.com/idaholab/Malcolm
・ Malcolm – 网络流量分析工具
– Jett
• UpdateAgent malware adapts again:
https://www.jamf.com/blog/updateagent-adapts-again/
・ macOS 平台 UpdateAgent 恶意样本的分析
– Jett
• SMM Callouts in HP Products:
https://nstarke.github.io/uefi/smm/2022/05/10/smm-callout-in-hp-products.html
・ HP ProBook G4 650 笔记本固件被发现 SMM Callout 提权漏洞
– Jett
• [Tools] From Project File to Code Execution: Exploiting Vulnerabilities in XINJE PLC Program Tool:
https://claroty.com/2022/05/11/blog-research-from-project-file-to-code-execution-exploiting-vulnerabilities-in-xinje-plc-program-tool/
・ 信捷 PLC 编程工具被发现工程文件解析导致的代码执行漏洞
– Jett
• Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks:
https://research.nccgroup.com/2022/05/15/technical-advisory-tesla-ble-phone-as-a-key-passive-entry-vulnerable-to-relay-attacks/
・ 利用 BLE Reply 攻击 Bypass 手机解锁特斯拉汽车的距离限制
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(05-17)
