每日安全动态推送(07-04)

Tencent Security Xuanwu Lab Daily News

• libmagic: The Blathering:
https://blog.trailofbits.com/2022/07/01/libmagic-the-blathering/

   ・ PolyFile – Trail of Bits 开源的文件格式识别工具，保护对混合、内嵌文件格式的识别 – Jett

• [Android, Malware] Flubot: the evolution of a notorious Android Banking Malware:
https://blog.fox-it.com/2022/06/29/flubot-the-evolution-of-a-notorious-android-banking-malware/

   ・ Android 银行恶意软件 Flubot 的进化 – Jett

• Let’s talk about Kubernetes on the Internet:
https://raesene.github.io/blog/2022/07/03/lets-talk-about-kubernetes-on-the-internet/

   ・ 扫描网络上暴露的 Kubernetes clusters – Jett

• nday exploit: netgear orbi unauthenticated command injection (cve-2020-27861):
https://blog.coffinsec.com//research/2022/07/02/orbi-nday-exploit-cve-2020-27861.html

   ・ netgear orbi unauth 命令注入漏洞的分析和利用（CVE-2020-27861） – Jett

• Building a SAST program at Razorpay’s scale | Razorpay Engineering:
https://engineering.razorpay.com/building-a-sast-program-at-razorpays-scale-719887fe0aec

   ・ 构建一个静态源码安全分析工具（SAST） – Jett

• Bulk Analysis of Cobalt Strike’s Beacon Configurations:
https://www.archcloudlabs.com/projects/bulk-cs-analysis/

   ・ 对超过 11 万条 Cobalt Strike Beacon payloads 数据的分析 – Jett

• spiderSilk:
https://spidersilk.com/news/Its-Been-Zero-Days-Since-BIND9-Crashed

   ・ spiderSilk 团队通过扫描发现，48% 的 BIND9 DNS 服务依然没有修复 CVE-2021-25220 漏洞 – Jett

• [PDF] https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Korkos-AMSI-and-Bypass.pdf:
https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Korkos-AMSI-and-Bypass.pdf

   ・ Windows AMSI Bypass 技术研究 – Jett

• Revisiting Pegasus on iOS9:
https://shadowfile.inode.link/blog/2022/07/revisiting-pegasus-on-ios9/

   ・ Revisiting Pegasus on iOS 9，NSO Group 的 Pegasus iOS 利用链的分析 – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(07-04)