5月15日每日安全热点 - 2019年数据泄露调查报告

2020-05-15 09:45:13 360安全客安全资讯 88169 4

漏洞 Vulnerability

CNNVD-202005-764: Palo Alto Networks PAN-OS 操作系统命令注入漏洞

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202005-764

CVE-2020-12798: Cellebrite UFED 取证设备Windows版权限提升漏洞

https://seclists.org/fulldisclosure/2020/May/34

安全研究 Security Research

Android间谍软件框架-Mandrake的深入研究

https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf

Adobe Acrobat Reader中的三个逻辑漏洞分析

https://rekken.github.io/2020/05/14/Security-Flaws-in-Adobe-Acrobat-Reader-Allow-Malicious-Program-to-Gain-Root-on-macOS-Silently/

使用SharePoint作为网络钓鱼平台

https://research.nccgroup.com/2020/05/14/using-sharepoint-as-a-phishing-platform/

利用ASN.1(抽象语法标记) Fuzz TLS证书

https://blog.doyensec.com/2020/05/14/asn1fuzz.html

CVE-2020-1113: Windows 任务计划安全功能绕过漏洞分析

https://blog.compass-security.com/2020/05/relaying-ntlm-authentication-over-rpc/

如何滥用Shell中的Arithmetic Expansion

https://www.anquanke.com/post/id/205226

安全报告 Security Report

2019年数据泄露调查报告

https://enterprise.verizon.com/resources/reports/2019-data-breach-investigatioQDns-report.pdf

安全工具 Security Tools

SCAT:信号收集和分析工具，通过USB解析高通和三星基带消息

https://github.com/fgsect/scat

（完）