[Browser, Privacy] Google Launches Open-Source Browser Extension for Ad Transparency: https://threatpost.com/google-launches-open-source-browser-extension-for-ad-transparency/147634/
・ Google 计划推出一套标准,用于在线上广告用户追踪与用户隐私保护之间找到平衡 – Jett
[Windows] caseysmithrc/DerbyCon2019: https://github.com/caseysmithrc/DerbyCon2019
・ 在 Windows Script Hosts 的上下文中执行任意 .NET 汇编代码,来自 DerbyCon2019 – Jett
[Tools] qilingframework/qiling: https://github.com/qilingframework/qiling
・ Qiling - 二进制模拟执行框架,可以以沙箱模式模拟执行多种架构的代码 –Jett
(CVE-2019-TBA –> CVE-2019-TBA) Enigma NMS Multiple Vulnerabilities: https://mogozobo.com/?p=3647
・ Enigma NMS 管理系统被发现多个严重的漏洞,包括命令执行、SQL 注入等 –Jett
Command Injection with USB Peripherals: https://carvesystems.com/news/command-injection-with-usb-peripherals/
・ 利用 USB 外设实现命令执行 – Jett
[Vulnerability] CVE-2019-12527: Code Execution on Squid Proxy Through a Buffer Overflow: https://www.thezdi.com/blog/2019/8/22/cve-2019-12527-code-execution-on-squid-proxy-through-a-heap-buffer-overflow
・ Squid Web 代理软件缓冲区溢出漏洞,通过构造恶意数据包,无需认证即可远程触发(CVE-2019-12527) – Jett
[Defend, Tools] BlueTeamLabs/sentinel-attack: https://github.com/BlueTeamLabs/sentinel-attack
・ 利用 Sysmon 和 MITRE ATT&CK 框架实现威胁检测的实践 – Jett
[Android] Spyware App on Google Play Gets Boot, Returns Days Later: https://threatpost.com/spyware-app-on-google-play-gets-boot-returns-days-later/147618/
・ ESET 在 Google Play 市场中发现了一款基于 AhMyth 开源代码实现的恶意软件 – Jett
[Hardware] New 4CAN tool helps identify vulnerabilities in on-board car computers: http://feedproxy.google.com/~r/feedburner/Talos/~3/mDuP_ubufN8/new-4can-tool-helps-identify.html
・ Talos 开源了一款用于研究汽车安全的硬件工具 - 4CAN – Jett
[Windows] sailay1996/UAC_bypass_windows_store: https://github.com/sailay1996/UAC_bypass_windows_store
・ Windows 10 LPE (UAC Bypass) in Windows Store (WSReset.exe) – Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 微信公众号: 腾讯玄武实验室
+关注
快速开通微博你可以查看更多内容,还可以评论、转发微博。