每日安全动态推送(12-22)

Tencent Security Xuanwu Lab Daily News

• OWASSRF: CrowdStrike Identifies New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations:

   ・ CrowdStrike最近发现了一种新的利用方法，利用CVE-2022-41080和CVE-2022-41082通过Outlook Web Access实现远程代码执行（RCE） – 

• Weblogic Analysis Attacked by JNDI injection From CVE(part 4):

   ・ 根据CVE漏洞学习Weblogic安全系列 – 

• Better Make Sure Your Password Manager Is Secure:

   ・ Passwordstate被发现存在多个漏洞，并可结合上述漏洞形成攻击链。首先利用公开用户名可以伪造token，然后结合对管理员用户的xss漏洞可以获得管理员的shell，最终可以拖取并解密数据库获取全部存储的密码。 – 

• [Tools, Windows] Tempest's Threat Intelligence team recently identified a new campaign by the Chaes malware operators, in which there's a heavy use of Windows Management Instrumentation Command-Line Utility (WMIC) during the infection phase and in the theft of victim data 20.DEC/2022 THREAT INTELLIGENCE:

   ・ 一款名叫Chaes恶意软件的分析报告，该恶意程序利用了WMIC等多个恶意软件常用的攻击技巧 – 

• [Browser] r/netsec - Using Leaking Sentinel Value to Bypass the Latest Chrome v8 HardenProtect:

   ・ 通过泄露Sentinel Value绕过Chrome v8 HardenProtect – 

• [Linux] BFS Ekoparty 2022 Kernel exploitation challenge write-up:

   ・ BFS Ekoparty 2022 Kernel exploitation challenge write-up – 

• [Tools] Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins:

   ・ Cisco Talos发布报告关于使用Excel XLL加载组件组织的总结 – 

• Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine:

   ・ Gamaredon APT组织活动的分析与总结 – 

* 查看或搜索历史推送内容请访问：

* 新浪微博账号：腾讯玄武实验室