8月3日每日安全热点 - FBI锁定Twitter事件背后的三名黑客

360安全客 安全资讯 81166 4

漏洞 Vulnerability
MacOS <=10.15.5 从用户到内核的本地权限提升链(CVE-2020–9854)
https://objective-see.com/blog/blog_0x4D.html
NETGEAR httpd缓冲区溢出漏洞分析
https://mp.weixin.qq.com/s/bDCOmABucnhPfquvEmH0hA
wdiscuz插件中修补了关键的任意文件上传漏洞(80,000 installed)
https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/
ueditor 1.4.3.3 .net版 任意文件上传漏洞分析与复现
https://xz.aliyun.com/t/8065
禅道11.6注入分析
https://xz.aliyun.com/t/8066
安全工具 Security Tools
burp Shiro回显利用工具
https://github.com/potats0/shiroPoc
安全资讯 Security Information
FBI锁定Twitter事件背后的三名黑客
https://www.zdnet.com/article/how-the-fbi-tracked-down-the-twitter-hackers/
Windows 7用户指责Microsoft Edge窃取数据
https://www.zdnet.com/article/microsoft-edge-is-malware-says-angry-windows-7-user/
安全研究 Security Research
再谈几种Nginx后门——发现与修复
https://mp.weixin.qq.com/s/kzNRmpCgOOODI6J5A8L2Jg
插件分享 | 可以查看摄像头快照的“Hikvision插件”
https://mp.weixin.qq.com/s/YExvYQ8RtBvrNC0VwwnV9A
透过tcft2020的chromium_rce学习V8
https://xz.aliyun.com/t/8057
抛砖引玉之CobaltStrike4.1的BOF
https://mp.weixin.qq.com/s/-jU4HrPtB8rD4cmqAKZOZw
实现网络空间的“挂图作战”:网络空间地理学+可视化技术
https://mp.weixin.qq.com/s/53wDSOuSrvybTtHrh10i-Q
(完)