Tencent Security Xuanwu Lab Daily News
• FBI Confirms Lazarus Group, APT38 Cyber Actors Responsible for Harmony’s Horizon Bridge Currency Theft:
https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-apt38-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft
・ FBI 确认 Lazarus Group 对 Harmony 的 Horizon Bridge 货币盗窃负责
– crazyman
• Proxying DLL Loads For Hiding ETWTI Stack Tracing:
https://0xdarkvortex.dev/proxying-dll-loads-for-hiding-etwti-stack-tracing/
・ 通过TpAllocWork,TpPostWork,TpReleaseWork间接回调调用LoadLibrary以规避ETWTI堆栈跟踪
– crazyman
• MyBB <= 1.8.31: Remote Code Execution Chain – PT SWARM:
https://swarm.ptsecurity.com/mybb-1-8-31-remote-code-execution-chain/
・ MyBB <= 1.8.31中的RCE利用链:先通过留言板xss让admin的账号发search API的请求触发sqli注入 再通过修改template实现RCE
– crazyman
• Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI:
https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce/
・ 通过利用一些硬编码在Yellowfin BI里的秘钥信息(例如私钥),用其生成后完成鉴权实现RCE
– crazyman
• [Android] Pwning the all Google phone with a non-Google bug:
https://bit.ly/3JadNS2
・ CVE-2021-39793:Arm Mali GPU 驱动程序JIT中的一个UAF漏洞,本文详细介绍了漏洞成因以及后续利用的细节
– crazyman
• akamai-security-research/PoCs/CVE-2022-34689 at main · akamai/akamai-security-research:
https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689
・ 利用 Windows CryptoAPI 中的欺骗漏洞(CVE-2022-34689),Poc的攻击分为两种:一种利用 Chrome v48,另一种侧重于crypt32.dll中易受攻击的MD5
– crazyman
• CVE-2022-42845: 20-Year-Old XNU Use After Free Vulnerability in ndrv.c:
https://adamdoupe.com/blog/2022/12/13/cve-2022-42845-xnu-use-after-free-vulnerability-in-ndrv-dot-c/
・ CVE-2022-42845:XNU ndrv.c中存在20年的UAF漏洞
– crazyman
• GitHub – alt3kx/CVE-2023-24055_PoC: CVE-2023-24055 PoC (KeePass 2.5x):
https://github.com/alt3kx/CVE-2023-24055_PoC
・ CVE-2023-24055:KeePass 配置文件具有写入权限的攻击者可以修改它并注入恶意触发器,可以泄露密码
– crazyman
• OpenEMR – Remote Code Execution in your Healthcare System:
https://www.sonarsource.com/blog/openemr-remote-code-execution-in-your-healthcare-system/
・ openemr中的未授权任意读取漏洞以及未授权rce的漏洞分析(XSS鉴权,文件上传+LFI)
– crazyman
• CVE-2023-23504: XNU Heap Underwrite in dlil.c:
https://adamdoupe.com/blog/2023/01/23/cve-2023-23504-xnu-heap-underwrite-in-dlil-dot-c/
・ CVE-2023-23504:XNU dlil.c中的堆写入漏洞
– crazyman
• [Linux] CVE-2023-0210:
https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow/
・ CVE-2023-0210:KSMBD 中的 Linux 内核未经身份验证的堆溢出漏洞
– crazyman
• Activation Context Cache Poisoning: Exploiting CSRSS for Privilege Escalation:
https://www.zerodayinitiative.com/blog/2023/1/23/activation-context-cache-poisoning-exploiting-csrss-for-privilege-escalation
・ 激活上下文的缓存中毒:利用 CSRSS 进行权限提升的一种新的攻击面类型
– crazyman
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(2-1)