每日安全动态推送(7-28)

Tencent Security Xuanwu Lab Daily News

• 二、什么是QUIC:
https://www.freebuf.com/articles/network/373137.html

   ・ 基于QUIC协议的新型DDoS反射放大攻击 – SecTodayBot

• P4wnP1-LTE:
https://sensepost.com/blog/2023/p4wnp1-lte/

   ・ P4wnP1-LTE，一款基于Linux的LTE调制解调器 – SecTodayBot

• Introducing CVE-2023-24489: A Critical Citrix ShareFile RCE Vulnerability:
https://www.greynoise.io/blog/introducing-cve-2023-24489-a-critical-citrix-sharefile-rce-vulnerability

   ・ 流行的基于云的文件共享应用程序 Citrix ShareFile 最近被发现存在严重漏洞 CVE-2023-24489，该漏洞允许未经身份验证的任意文件上传和远程代码执行  – SecTodayBot

• Shifting security left: DevSecOps meets virtualization:
https://bit.ly/3DbedmH

   ・ 将安全性向左转移：DevSecOps 与虚拟化相结合，在安全可靠的环境中在高保真、高精度虚拟设备上测试移动和物联网软件  – SecTodayBot

• GameOver(lay): Two Severe Linux Vulnerabilities Impact 40% of Ubuntu Users:
https://thehackernews.com/2023/07/gameoverlay-two-severe-linux.html

   ・ Ubuntu 内核中存在两个高严重性安全漏洞，可能为本地权限升级攻击铺平道路 – SecTodayBot

• ESET Threat Report H1 2023:
https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/

   ・ ESET 2023 年上半年威胁报告 – SecTodayBot

• Email Header Analysis – Verify Received Email is Genuine or Spoofed:
https://gbhackers.com/email-header-analysis/

   ・ 电子邮件标头分析 – 验证收到的电子邮件是真实的还是欺骗的 – SecTodayBot

• VirusTotal Malware Trends Report: Emerging Formats and Delivery Techniques:
https://blog.virustotal.com/2023/07/virustotal-malware-trends-report.html?m=1

   ・ VirusTotal 恶意软件趋势报告：恶意软件检测和分析恶意软件攻击和恶意软件传播技术的趋势 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(7-28)