Tencent Security Xuanwu Lab Daily News
• 2280 – project-zero – Project Zero – Monorail:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2280
・ Issue 2280: Chrome: Incomplete fix for CVE-2022-1096
– Jett
• Apple’s macOS Ventura | 7 New Security Changes to Be Aware Of – SentinelOne:
https://www.sentinelone.com/blog/apples-macos-ventura-7-new-security-changes-to-be-aware-of/
・ Apple macOS Ventura 新版本系统安全相关的变化
– Jett
• The many lives of BlackCat ransomware – Microsoft Security Blog:
https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/
・ 微软对 BlackCat 勒索软件的分析
– Jett
• Microsoft Azure Synapse Pwnalytics | by James Sebree | Tenable TechBlog | Jun, 2022 | Medium:
https://medium.com/tenable-techblog/microsoft-azure-synapse-pwnalytics-87c99c036291
・ 微软 Synapse Analytics 平台被发现提权漏洞
– Jett
• 一加工程模式指令逆向:
https://radioactive.blog/2022/06/02/oneplus_engineermode_code_all_in_one/
・ 一加工程模式指令逆向
– lanying37
• JWT attacks:
https://portswigger.net/web-security/jwt
・ SON web tokens (JWTs) 使用过程中的设计和实现漏洞
– Jett
• GitHub – winsiderss/systeminformer: A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com:
https://github.com/winsiderss/systeminformer
・ System Informer – 一款开源的 Windows 资源监控和软件调试工具
– Jett
• 聊下最近的 CVE-2022-30190:
https://paper.seebug.org/1915/
・ 聊下最近的 CVE-2022-30190
– lanying37
• Finding vulnerabilities in curl 7.83.0 without reading a single-line of C code – Vulnerability Research:
https://haxatron.gitbook.io/vulnerability-research/vr2
・ curl 7.83.0 的 Cookie/Authorization 过程被发现 3 个逻辑漏洞
– Jett
• SeaFlower 藏海花:
https://objective-see.com/blog/blog_0x6F.html
・ 对攻击 Web3 钱包 iOS 用户的 SeaFlower 藏海花后门 App 的分析
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(06-14)