Tencent Security Xuanwu Lab Daily News
• [Browser, Malware] North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign:
https://therecord.media/north-korea-apt-kimsuky-attacks
・ 朝鲜 APT 组织 ‘Kimsuky 通过新的鱼叉式网络钓鱼活动瞄准专家
– SecTodayBot
• What the Vuln: EDR Bypass with LoLBins:
https://bishopfox.com/blog/edr-bypass-with-lolbins
・ 使用 LoLBins 绕过 EDR
– SecTodayBot
• Pwn2Own Vancouver 2023 – Day Two Results:
https://www.thezdi.com/blog/2023/3/23/pwn2own-vancouver-2023-day-two-results
・ Pwn2Own 温哥华 2023 – 第二天结果
– SecTodayBot
• Exploiting prototype pollution in Node without the filesystem:
https://portswigger.net/research/exploiting-prototype-pollution-in-node-without-the-filesystem
・ Node原型链污染,无需本地文件系统或环境变量即可执行任意代码
– SecTodayBot
• [Malware] Malicious JavaScript Injection Campaign Infects 51k Websites:
https://bit.ly/3FGZX6V
・ Unit 42 研究人员一直在跟踪恶意 JavaScript 注入活动,该活动将受害者重定向到恶意内容,例如广告软件和诈骗页面。该威胁在整个 2022 年都处于活跃状态,并在 2023 年继续感染网站。Tranco 中受影响网站的存在表明该活动可能影响了大量人员
– SecTodayBot
• ChatGPT Privacy Bug Exposes Chat Histories to Other Users:
https://cybersecuritynews.com/chatgpt-privacy-bug/
・ ChatGPT 隐私错误向其他用户公开聊天历史记录
– SecTodayBot
• ChatGPT: The Right Tool for the Job?:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/chatgpt-the-right-tool-for-the-job/
・ 安全研究员利用ChatGPT做基本的代码静态分析
– WireFish
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(3-27)
