Tencent Security Xuanwu Lab Daily News
• Players hacked during the matches of Apex Legends Global Series:
https://securityaffairs.com/160726/hacking/apex-legends-global-series-hack.html
・ 《Apex Legends Global Series锦标赛被黑客入侵事件》文章详细报道了电子竞技选手在比赛中遭受黑客攻击的情况,揭示了安全漏洞被利用的情况。
– SecTodayBot
• Generic And Automated Drive-By GPU Cache Attacks From The Browser:
https://packetstormsecurity.com/files/177640
・ 介绍了首次在浏览器内部进行的GPU缓存侧信道攻击
– SecTodayBot
• From Error to Entry: Cracking the Code of Password-Spraying Tools:
https://trustedsec.com/blog/from-error-to-entry-cracking-the-code-of-password-spraying-tools
・ 揭示了在Office 365中使用密码喷洒工具时出现的新错误代码(AADSTS50079),表明需要进行MFA注册。
– SecTodayBot
• Project Breakdown:
https://github.com/notpidgey/EagleVM
・ 一个虚拟机保护和代码虚拟化项目
– SecTodayBot
• Linux SLUB Allocator Internals and Debugging – SLUB Debugger, Part 2 of 4:
https://blogs.oracle.com/linux/post/linux-slub-allocator-internals-and-debugging-2
・ 介绍了SLUB分配器及其调试机制,重点讨论了用于检测内存错误的调试选项,包括Z、P、F和U等。
– SecTodayBot
• CVE-2019-19726 OpenBSD dynamic loader 本地提权漏洞:
https://programlife.net/2024/03/20/cve-2019-19726-openbsd-dynamic-loader-lpe/
・ CVE-2019-19726 OpenBSD dynamic loader 本地提权漏洞分析
– lanying37
• ZoneMinder Snapshots Remote Code Execution:
https://packetstormsecurity.com/files/177639
・ 揭露了ZoneMinder Snapshots软件的一个新漏洞CVE-2023-26035,该漏洞为未经身份验证的远程代码执行漏洞。
– SecTodayBot
• Subdomain Fuzzing worth 35k bounty!:
https://medium.com/@HX007/subdomain-fuzzing-worth-35k-bounty-daebcb56d9bc
・ 通过子域模糊测试发现漏洞并成功利用获取高额赏金的经历。
– SecTodayBot
• Java deserialization tricks:
https://www.synacktiv.com/en/publications/java-deserialization-tricks.html
・ 针对Java反序列化漏洞的利用技巧
– SecTodayBot
• How Apple Mitigates Vulnerabilities in Installer Scripts:
https://blog.kandji.io/apple-mitigates-vulnerabilities-installer-scripts
・ 苹果公司近期致力于减轻安装程序脚本的漏洞,文章详细分析了过去的漏洞情况,并介绍了苹果公司的新设计以减轻这些漏洞。
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号: 腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(3-21)
