Tencent Security Xuanwu Lab Daily News
• Active Exploitation of Confluence CVE-2022-26134:
https://blog.rapid7.com/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/
・ Confluence 被曝未授权 RCE 漏洞
– Jett
• Announcing the winners of the 2021 GCP VRP Prize:
http://security.googleblog.com/2022/06/announcing-winners-of-2021-gcp-vrp-prize.html
・ Google 2021 GCP VRP Prize 获奖漏洞及相关的分析文章
– Jett
• [PDF] https://synthesis.to/presentations/recon22_next_gen.pdf:
https://synthesis.to/presentations/recon22_next_gen.pdf
・ 基于虚拟化技术实现的下一代代码混淆工具
– Jett
• [Tools] 2022, BSides Munich: Fuzzing USB with Raw Gadget:
https://docs.google.com/presentation/d/1sArf2cN5tAOaovlaL3KBPNDjYOk8P6tRrzfkclsbO_c/edit?usp=sharing
・ 2022, BSides Munich: Fuzzing USB with Raw Gadget
– Jett
• [Vulnerability] Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552):
https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
・ NCC Group 对 U-Boot 多个漏洞的分析
– Jett
• CVE-2022-30190: Microsoft Support Diagnostic Tool (MSDT) RCE Vulnerability “Follina”:
https://www.fortinet.com/blog/threat-research/analysis-of-follina-zero-day
・ Fortinet 对 Office MSDT 漏洞及实际攻击样本的分析
– Jett
• Is exploiting a null pointer deref for LPE just a pipe dream?:
https://www.zerodayinitiative.com/blog/2022/6/1/is-exploiting-a-null-pointer-deref-for-lpe-just-a-pipe-dream
・ Windows 版本 Bitdefender IPC 本地提权漏洞的分析
– Jett
• [Tools] ttddbg – Time Travel Debugging IDA plugin:
https://github.com/airbus-cert/ttddbg
・ ttddbg – 为 IDA 提供 Time Travel 调试能力的插件
– Jett
• Vulnerability within the UNISOC baseband opens mobile phones communications to remote hacker attacks – Check Point Research:
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
・ Checkpoint 对紫光展锐 (UNISOC)基带芯片的安全研究
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(06-06)
