×êÑÐÈËÔ±·¢ÏÖHTTP/2 ÐÂÐͼÆÊ±²àÐÅ·¹¥»÷·½Ê½ £»£»£»£»£» £»Googleͳ¼ÆÉϰëÄêÒÑÅû¶11¸öÔÚÒ°ÀûÓÃ0day

°ä²¼¹¦·ò 2020-08-03

1.×êÑÐÈËÔ±·¢ÏÖHTTP/2 ÐÂÐͼÆÊ±²àÐÅ·¹¥»÷·½Ê½


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


DistriNet×êÑÐÓ××éºÍŦԼ´óѧ°¢²¼Ôú±È·ÖУµÄ×êÑÐÈËÔ±·¢ÏÖÁËÒ»ÖÖеÄHTTP/2 ¼ÆÊ±²àÐÅ·¹¥»÷·½Ê½£¬£¬£¬£¬£¬£¬²¢¶¨ÃûΪÎÞʱÏÞ°´Ê±¹¥»÷£¨Timeless Timing Attacks£¬£¬£¬£¬£¬£¬TTA£©¡£¡£¡£¡£¡£¡£¡£¡£ÕâÖÖ¹¥»÷·½Ê½ÊÇÀûÓÃÍøÂçºÍ̸µÄ¶à·¸´ÓúÍÀûÓ÷¨Ê½µÄ²¢·¢Ö´ÐУ¬£¬£¬£¬£¬£¬´Ó¶ø²»ÊÜÍøÂçǰÌáµÄÓ°Ïì¡£¡£¡£¡£¡£¡£¡£¡£Ó봫ͳµÄ»ùÓÚ¹¦·òµÄ¹¥»÷·ÖÆç£¬£¬£¬£¬£¬£¬TTAÖ´Ðй¦·òÊǰ´°¤´Î¶ÀÁ¢ÕÉÁ¿µÄ£¬£¬£¬£¬£¬£¬Æä³¢ÊÔ´ÓÁ½¸ö²¢·¢Ö´ÐеÄÒªÇóµÄ°¤´ÎºÍÏà¶Ô¹¦·ò²î¾àÖÐÌáÊØÐÅÏ¢£¬£¬£¬£¬£¬£¬¶ø²»ÒÀÀµÓÚÈκι¦·òÐÅÏ¢¡£¡£¡£¡£¡£¡£¡£¡£¸Ã×êÑÐÁ˾ֽ«ÔÚ½ñÄêϰëÄêÔÚUSENIX°²È«×êÑлáÉϰ䷢£¬£¬£¬£¬£¬£¬Í¬Ê±»¹°ä²¼»ùÓÚPythonµÄ¹¤¾ß£¬£¬£¬£¬£¬£¬ÒÔ²âÊÔHTTP / 2·þÎñÆ÷µÄTTA·ì϶¡£¡£¡£¡£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html    


2.Google PlayÉÌµê´æÔÚ29¿î¶ñÒâÕÕÆ¬´¦Öõ±ÓÃ


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


WhiteOps SatoriÍþвµý±¨ÍŶӷ¢ÏÖ£¬£¬£¬£¬£¬£¬Google PlayÉÌµê´æÔÚ29¿î¶ñÒâÕÕÆ¬´¦Öõ±Óᣡ£¡£¡£¡£¡£¡£¡£ÕâЩÀûÓÃÕë¶ÔAndroidÓû§·Ö·¢¸æ°×Èí¼þ£¬£¬£¬£¬£¬£¬²¢Èƹý°²È«²é³­£¬£¬£¬£¬£¬£¬WhiteOps½«¸Ã¸ö»î¶¯¶¨ÃûΪCHARTREUSEBLUR¡£¡£¡£¡£¡£¡£¡£¡£ÕâЩ¸æ°×Èí¼þµÄÃû³ÆÖж¼´øÓÐBLURÒ»´Ê£¬£¬£¬£¬£¬£¬Æä·ÂÕÕÁËÕÕÆ¬±à×빤¾ßÀ´ÍÌÍÂͼÏñ£¬£¬£¬£¬£¬£¬µ«ÏÖʵÉÏÓкܶà¶ñÒâÊôÐÔ£¬£¬£¬£¬£¬£¬ÀýÈ磬£¬£¬£¬£¬£¬Ëü×°Öõ½Ö¸±êÉ豸ºó°µ²ØÀûÓÃͼ±ê¡£¡£¡£¡£¡£¡£¡£¡£×êÑÐÈËÔ±¶ÔÀûÓ÷¨Ê½µÄ»ìºÏ´úÂë½øÇ°½øÒ»²½·ÖÎöºó£¬£¬£¬£¬£¬£¬·¢ÏÖ¸ÃÀûÓ÷¨Ê½Ê¹ÓÃÁËÈý½×¶ÎÓÐЧ¸ºÔØÑݱä¡£¡£¡£¡£¡£¡£¡£¡£ÕâЩÀûÓõÄÏÂÔØÁ¿×ܼÆÔ¼Îª350Íò£¬£¬£¬£¬£¬£¬Ä¿Ç°GoogleÒѽ«Æäɾ³ý¡£¡£¡£¡£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://latesthackingnews.com/2020/08/01/numerous-malicious-photo-blur-apps-appeared-on-play-store/


3.Drizly¹«Ë¾ÔâºÚ¿Í¹¥»÷£¬£¬£¬£¬£¬£¬Ð¹Â¶250Íò¿Í»§PII


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


¾ÆÀàÅäË͹«Ë¾DrizlyÔâµ½ºÚ¿Í¹¥»÷£¬£¬£¬£¬£¬£¬Ð¹Â¶250Íò¿Í»§PII¡£¡£¡£¡£¡£¡£¡£¡£¸Ã¹«Ë¾³Æ£¬£¬£¬£¬£¬£¬ÆäÔâµ½ÁËÍøÂç¹¥»÷£¬£¬£¬£¬£¬£¬ÓÐδ¾­ÊÚȨµÄµÚÈý·½½Ó¼ûÁËÆä¿Í»§µÄÓ×ÎÒÐÅÏ¢£¬£¬£¬£¬£¬£¬Ô̺¬µç×ÓÓʼþµØÖ·¡¢ÉúÈÕ¡¢bcrypt¼ÓÃܵÄÃÜÂëÒÔ¼°ËÍ»õµØÖ·¡£¡£¡£¡£¡£¡£¡£¡£HaveIBeenPwnedÔò³Æ£¬£¬£¬£¬£¬£¬Õâ´Îй¶µÄÐÅÏ¢»¹Ô̺¬¿Í»§Ãû³ÆºÍIPµØÖ·£¬£¬£¬£¬£¬£¬²¢ÇÒ¿ÉÄÜÓ°ÏìÁËԼĪ250Íò¸öÓû§¡£¡£¡£¡£¡£¡£¡£¡£Drizly°µÊ¾£¬£¬£¬£¬£¬£¬ÔÚÕâ´ÎÊÂÎñÖв¢Ã»ÓвÆÕþÊý¾Ýй¶£¬£¬£¬£¬£¬£¬¶øËûÃÇÒѶԴËÊ·¢Õ¹µ÷²é¡£¡£¡£¡£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.infosecurity-magazine.com/news/drizly-breach-hits-25-million/


4.Googleͳ¼Æ£¬£¬£¬£¬£¬£¬½ñÄêÉϰëÄêÒÑÅû¶11¸öÔÚÒ°ÀûÓÃ0day


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


GoogleµÄProject Zero°²È«ÍŶÓͳ¼Æ·¢ÏÖ£¬£¬£¬£¬£¬£¬½ñÄêÉϰëÄêÒÑÅû¶11¸öÔÚÒ°ÀûÓÃ0day¡£¡£¡£¡£¡£¡£¡£¡£ÆäÖÐFirefox£¨CVE-2019-17026£©ºÍInternet Explorer£¨CVE-2020-0674£©¾ùÒѱ»Ãñ×å¹ú¶ÈºÚ¿Í×éÖ¯DarkHotelÀûÓ㬣¬£¬£¬£¬£¬´Ë±í»¹ÓÐChrome£¨CVE-2020-6418£©£¬£¬£¬£¬£¬£¬Ç÷Ïò¿Æ¼¼·À¶¾Ç½ÍøÂç°æ£¨CVE-2020-8467ºÍCVE-2020-8468£©ÊÇÇ÷Ïò¿Æ¼¼µ÷²éÈýÁâµç»úÊÂÎñʱ·¢Ïֵ쬣¬£¬£¬£¬£¬ Firefox£¨CVE-2020-6819ºÍCVE-2020-6820£©»òÒѱ»ÀûÓ㬣¬£¬£¬£¬£¬CVE-2020-0938¡¢CVE-2020-1020ºÍCVE-2020-1027µÄ¾ßÌåÐÅÏ¢ÉÐδ°ä²¼£¬£¬£¬£¬£¬£¬Sophos XG·À»ðǽ£¨CVE 2020-12271£©Òѱ»ÀûÓò¿ÊðÀÕË÷Èí¼þ¡£¡£¡£¡£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/google-eleven-zero-days-detected-in-the-wild-in-the-first-half-of-2020/#ftag=RSSbaffb68


5.×êÑÐÍÅ¶Ó°ä²¼ÍøÂç´¹µöÇé¿ö¼°½»»¥·½Ê½µÄ»ã±¨


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


À´×ÔGoogle¡¢PayPal¡¢ÈýÐǺÍÑÇÀûÉ£ÄÇÖÝÁ¢´óѧµÄ°²È«×êÑÐÈËÔ±×é³ÉµÄÍŶӺÄʹØûÕûÒ»Ä꣬£¬£¬£¬£¬£¬·ÖÎöÁËÍøÂç´¹µöµÄÇé¿öÒÔ¼°Óû§ÓëÍøÂç´¹µöÒ³ÃæµÄ½»»¥·½Ê½£¬£¬£¬£¬£¬£¬¸ÃÏîÄ¿·ÖÎöÁË22553707¸öÓû§¶Ô404628¸öÍøÂç´¹µöÒ³ÃæµÄ½Ó¼û¡£¡£¡£¡£¡£¡£¡£¡£»ã±¨°µÊ¾£¬£¬£¬£¬£¬£¬¾ùÔÈÍøÂç´¹µö¹¥»÷¹¦·òΪ21Ó×ʱ£¬£¬£¬£¬£¬£¬ÓÐ7.42£¥µÄÊܺ¦Õß×îÖÕÊäÁËÈëÍ´´¦²¢µ¼ÖÂÕË»§Ð¹Â¶»òڲƭ¡£¡£¡£¡£¡£¡£¡£¡£×êÑÐÈËÔ±°µÊ¾£¬£¬£¬£¬£¬£¬Ò»Ð©¹¥»÷»î¶¯»á³ÖÐø»îÔ¾³¤´ï9¸öÔ£¬£¬£¬£¬£¬£¬ÆäÀûÓÃÏֳɵĴ¹µö¹¤¾ß£¬£¬£¬£¬£¬£¬¿É¹¥»÷³ÉǧÉÏÍòµÄÊܺ¦Õß¡£¡£¡£¡£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/phishing-campaigns-from-first-to-last-victim-take-21h-on-average/#ftag=RSSbaffb68


6.FireEye°ä²¼Õë¶ÔOffice 365µÄ¹¥»÷µÄ·ÖÎö»ã±¨


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


FireEye°ä²¼ÁËoffice365¹¥»÷͸ÊÓ¼°MandiantÖÎÀí·ÀÎñµ÷²éµÄ»ã±¨¡£¡£¡£¡£¡£¡£¡£¡£ÆäÕë¶ÔOffice 365 BEC¹¥»÷£¬£¬£¬£¬£¬£¬ÌṩÁËÓйØMicrosoftÔÆ³ö²úÁ¦Ì×¼þ¼°¶Ô×êÑÐÈËÔ±ÖÁ¹Ø³ÁÒªµÄ¸÷ÀàÈÕÖ¾ºÍÊý¾ÝÔ´¡£¡£¡£¡£¡£¡£¡£¡£´Ë±í£¬£¬£¬£¬£¬£¬»¹½éÉÜÁËÔÚÏìÓ¦BECʱ³£¼ûµÄ¹¥»÷ÕßÕ½Êõ£¬£¬£¬£¬£¬£¬²¢Éî¿ÌÚ¹ÊÏçËMandiantÍйܷÀÓù·ÖÎöʦÈôºÎʹÓÃPowerShellºÍFireEye Helixƽ̨ÔÚ¿Í»§ÄÇÀï½øÐÐÕâЩµ÷²é¡£¡£¡£¡£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.fireeye.com/blog/threat-research/2020/07/insights-into-office-365-attacks-and-how-managed-defense-investigates.html