每日安全动态推送(8-8)

渗透技巧 12个月前 admin
193 0 0
Tencent Security Xuanwu Lab Daily News

• Elixir Capital:
https://www.elixircapital.xyz/research/dive-into-the-filecoin-virtual-machine

   ・ 深入探讨 Filecoin 虚拟机 – SecTodayBot


• Reptile Rootkit employed in attacks against Linux systems in South Korea:
https://securityaffairs.com/149203/malware/reptile-rootkit-south-korea.html

   ・ Reptile Rootkit 被用于攻击韩国的 Linux 系统 – SecTodayBot


• GitHub – scipag/websocket_fuzzer: Simple WebSocket fuzzer:
https://github.com/scipag/websocket_fuzzer

   ・ 使用 JSON 模糊测试 websocket – SecTodayBot


• Objective-C Internals:
https://alwaysprocessing.blog/series/objc-internals

   ・ 介绍 Objective-C 内部原理 – SecTodayBot


• CVE-2023-39143: PaperCut Path Traversal/File Upload RCE Vulnerability:
https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/

   ・ PaperCut路径遍历/文件上传RCE漏洞 – SecTodayBot


• CVE-2023-39508: Apache Airflow: Airflow “Run task” feature allows execution with unnecessary priviledges:
https://seclists.org/oss-sec/2023/q3/91

   ・ Apache Airflow – 利用不必要的特权:将敏感信息暴露给未经授权的参与者漏洞 – SecTodayBot


• Interrupt Labs:
https://www.interruptlabs.co.uk/articles/newly-unreachable-story-of-a-tp-link

   ・ Pwn2Own 东京比赛中关于 TP-Link 漏洞的悲惨故事,TPLink OneMesh WAN 命令注入漏洞 – SecTodayBot


• Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3):
https://www.sonarsource.com/blog/checkmk-rce-chain-1/

   ・ Checkmk RCE,通过链接多个错误来远程执行代码 – SecTodayBot


• The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022:
https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html?m=1

   ・ Google 对野外利用的 0day 进行的第四次年度回顾 – SecTodayBot


• Azure Command Line Forensics – Host Based Artifacts:
https://www.inversecos.com/2023/03/azure-command-line-forensics-host-based.html

   ・ Azure 命令行取证 – SecTodayBot


• CVE-2023-37581: Apache Roller: XSS vulnerability for site with untrusted users:
https://seclists.org/oss-sec/2023/q3/92

   ・ Apache Roller:具有不受信任用户的站点的 XSS 漏洞 – SecTodayBot


• Researchers Jailbreak Tesla Vehicles, Gain Control Over Paid Features:
https://www.hackread.com/jailbreak-tesla-vehicles-access-paid-features/

   ・ 越狱绕过 Tesla 的 AMD 安全处理器(可信平台模块),并无需付费即可启用某些功能。特斯拉电动汽车的车内付费功能可被破解,无需付费即可激活某些功能 – SecTodayBot


• The Ultimate Merkle Tree Guide in Solidity:
https://soliditydeveloper.com/merkle-tree

   ・ Solidity 中的 Merkle 树终极指南 – SecTodayBot


• New ‘Deep Learning Attack’ Deciphers Laptop Keystrokes with 95% Accuracy:
https://thehackernews.com/2023/08/new-deep-learning-attack-deciphers.html

   ・ 研究人员近期设计出新的深度学习攻击模型,能通过对笔记本与手机捕捉和解码键盘敲击声来窃取用户数据信息。 – lanying37


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(8-8)

版权声明:admin 发表于 2023年8月8日 下午1:07。
转载请注明:每日安全动态推送(8-8) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...