每日安全动态推送(07-20)

Tencent Security Xuanwu Lab Daily News

• CVE-2022-1040 Sophos XG Firewall Authentication bypass:
https://blog.viettelcybersecurity.com/cve-2022-1040-sophos-xg-firewall-authentication-bypass/

   ・ Sophos XG 认证绕过漏洞分析（CVE-2022-1040） – Jett

• GitHub – chip-red-pill/MicrocodeDecryptor:
https://github.com/chip-red-pill/MicrocodeDecryptor

   ・ Intel Atom CPU 微码（Microcode）更新和解密相关的研究 – Jett

• APT-C-26（Lazarus）组织伪造电商组件攻击活动分析报告:
https://mp.weixin.qq.com/s/USitU4jAg9y2XkQxbwcAPQ

   ・ APT-C-26（Lazarus）组织伪造电商组件攻击活动分析报告 – lanying37

• GeckoSpy: Pegasus Spyware Used Against Thailand’s Pro-Democracy Movement – The Citizen Lab:
https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/

   ・ GeckoSpy – 有攻击者利用 Pegasus 间谍软件渗透泰国部分群体人士 – Jett

• Medium:
https://notdodo.medium.com/aws-ec2-auto-scaling-privilege-escalation-d518f8e7f91b

   ・ AWS EC2 Auto Scaling 弹性伸缩服务提权漏洞分析 – Jett

• Threat Hunting Series: The Threat Hunting Process | by Kostas | Jul, 2022 | Medium:
https://kostas-ts.medium.com/threat-hunting-series-the-threat-hunting-process-f76583f2475b

   ・ Threat Hunting 的过程 – Jett

• Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability:
https://msrc-blog.microsoft.com/2022/07/18/mitigation-for-azure-storage-sdk-client-side-encryption-padding-oracle-vulnerability/

   ・ Azure Storage SDK Client 加密被发现存在 Padding Oracle 漏洞（CVE-2022-30187） – Jett

• Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass · Sector 7:
https://sector7.computest.nl/post/2022-07-opc-ua-net-standard-trusted-application-check-bypass/

   ・ OPC UA .NET Standard Trusted Application Check Bypass – Jett

• websocket 新型内存马的应急响应:
https://paper.seebug.org/1935/

   ・ websocket 新型内存马的应急响应 – lanying37

• Riding the InfoRail to Exploit Ivanti Avalanche:
https://www.thezdi.com/blog/2022/7/19/riding-the-inforail-to-exploit-ivanti-avalanche

   ・ Avalanche 企业移动设备管理产品多个漏洞的分析和利用 – Jett

• persistence-info.github.io:
https://persistence-info.github.io/

   ・ 能够实现后渗透阶段 Windows 权限维持的技术收集 – Jett

• I see what you did there: A look at the CloudMensis macOS spyware | WeLiveSecurity:
https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/

   ・ ESET 研究员发现未知攻击组织利用云存储作为 C&C 信道窃取 macOS 用户的隐私数据 – Jett

• DNS-over-HTTP/3 in Android:
http://security.googleblog.com/2022/07/dns-over-http3-in-android.html

   ・ Android 11 以上设备开始支持更安全的 DNS-over-HTTP/3 协议 – Jett

• 简单理解 V8 Turbofan:
https://paper.seebug.org/1936/

   ・ 简单理解 V8 Turbofan – lanying37

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(07-20)