11月14日每日安全热点- Vertafore泄露2770万德州驾驶员数据

漏洞 Vulnerability

Samsung NPU 共享内存解析内存破坏漏洞

https://bugs.chromium.org/p/project-zero/issues/detail?id=2073

安全事件 Security Incident

揭露：受雇佣的APT组织攻击南亚金融娱乐行业

https://thehackernews.com/2020/11/uncovered-apt-hackers-for-hire-target.html

Vertafore数据泄露暴露了2770万德克萨斯州驾驶员的数据

https://securityaffairs.co/wordpress/110848/data-breach/vertafore-data-breach.html

安全报告 Security Report

系统管理模式深入探讨：SMM隔离如何强化平台安全性

https://www.microsoft.com/security/blog/2020/11/12/system-management-mode-deep-dive-how-smm-isolation-hardens-the-platform/

安全研究 Security Research

探索CVE-2020-16898“坏邻居”漏洞的可利用性

https://blog.zecops.com/vulnerabilities/exploring-the-exploitability-of-bad-neighbor-the-recent-icmpv6-vulnerability-cve-2020-16898/

SAD DNS-新的DNS缓存攻击方式

https://thehackernews.com/2020/11/sad-dns-new-flaws-re-enable-dns-cache.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29

Firefox漏洞研究第2部分

https://blog.exodusintel.com/2020/11/10/firefox-vulnerability-research-part-2/

Firefox漏洞研究第1部分

https://blog.exodusintel.com/2020/10/20/firefox-vulnerability-research/

Weblogic IIOP 协议 NAT 网络绕过

https://paper.seebug.org/1396/

使用Sysmon检测已知的DLL劫持和命名管道令牌模拟攻击

https://labs.jumpsec.com/detecting-known-dll-hijacking-and-named-pipe-token-impersonation-attacks-with-sysmon/