Tencent Security Xuanwu Lab Daily News
• fastjson 1.2.80 漏洞分析:
https://y4er.com/posts/fastjson-1.2.80/
・ fastjson 1.2.80 漏洞分析
– lanying37
• What is AttachMe?:
https://www.wiz.io/blog/attachme-oracle-cloud-vulnerability-allows-unauthorized-cross-tenant-volume-access
・ Oracle 云基础设施(OCI)被发现存储卷存在未授权跨用户访问和修改漏洞
– Jett
• I’m Building a Self-Destructing USB Drive Part 2:
https://interruptlabs.ca/2022/08/31/I-m-Building-a-Self-Destructing-USB-Drive-Part-2/
・ 自制一个有自毁功能的 USB 闪存
– Jett
• Netgear Router Models With FunJSQ Let Attackers Execute Arbitrary Code:
https://gbhackers.com/netgear-router-funjsq/
・ 集成 FunJSQ 第三方游戏模块的 Netgear 路由器存在代码执行漏洞
– Jett
• [macOS] 0-Day Up Your Sleeve – Attacking macOS Environments – Securing:
https://www.securing.pl/en/presentation/0-day-up-your-sleeve-attacking-macos-environments/
・ 研究员 WOJCIECH REGUŁA 关于 macOS 平台攻击和渗透的分享
– Jett
• [Tools, Browser] uBlock Origin:
https://github.com/gorhill/uBlock
・ uBlock Origin – Chrome、Firefox 浏览器 blocker 插件,支持对广告、Trackers、恶意站点的阻断
– Jett
• New Windows 11 security features are designed for hybrid work:
https://www.microsoft.com/security/blog/2022/09/20/new-windows-11-security-features-are-designed-for-hybrid-work/
・ Windows 11 大版本更新带来的新安全特性
– Jett
• Executive Summary:
https://claroty.com/team82/research/jumping-nat-to-shut-down-electric-devices
・ Dataprobe iBoot-PDU 智能配电产品被发现存在漏洞,可以远程断电
– Jett
• presentation-slides/BCS2022-探索JNDI攻击.pdf:
https://github.com/iSafeBlue/presentation-slides/blob/main/BCS2022-%E6%8E%A2%E7%B4%A2JNDI%E6%94%BB%E5%87%BB.pdf
・ BCS 2022 会议探索JNDI攻击议题 PPT
– Jett
• From Leaking TheHole to Chrome Renderer RCE:
https://medium.com/numen-cyber-labs/from-leaking-thehole-to-chrome-renderer-rce-183dcb6f3078
・ From Leaking TheHole to Chrome Renderer RCE
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号: 腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(09-21)
