Tencent Security Xuanwu Lab Daily News

• Mobile Malware Analysis Part 1 – Leveraging Accessibility Features To Steal Crypto Wallet:
https://8ksec.io/mobile-malware-analysis-part-1-crypto-wallet-stealer/

   ・ 移动恶意软件分析系列教程 – WireFish

• The mysterious second parameter to the x86 ENTER instruction:
https://devblogs.microsoft.com/oldnewthing/20231211-00/?p=109126

   ・ 对x86指令集中的enter指令的第二个参数作用方法的讨论 – WireFish

• 5Ghoul 漏洞及其影响分析:
https://paper.seebug.org/3087/

   ・ 主流 5G 移动网络调制解调器存在 5Ghoul 漏洞，可利用 5Ghoul 漏洞中断和冻结智能手机和 CPE 路由器上的 5G 连接 – WireFish

• Rhysida Ransomware:
https://www.shadowstackre.com/analysis/rhysida

   ・ 介绍了Rhysida勒索软件的攻击方式、加密方法和持久化手段 – SecTodayBot

• Exploiting a remote heap overflow with a custom TCP stack:
https://www.synacktiv.com/en/publications/exploiting-a-remote-heap-overflow-with-a-custom-tcp-stack.html

   ・ 介绍了对Western Digital MyCloudHome设备中Netatalk协议的DSI层漏洞的详细分析和利用  – SecTodayBot

• Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol:
https://securelist.com/unveiling-nkabuse/111512/

   ・ 卡巴斯基披露了一个新的多平台威胁软件NKAbuse，由Go语言编写，使用P2P以及面向区块链的网络通信来实现去中心化自治，该恶意软件拥有洪水攻击、注入后门等能力。 – WireFish

• npm search RCE? - Escape Sequence Injection:
https://blog.solidsnail.com/posts/npm-esc-seq

   ・ npm 逃逸序列注入漏洞，为终端仿真器和其下运行的应用程序的新测试方法。 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab