每日安全动态推送(08-29)

Tencent Security Xuanwu Lab Daily News

• OPC UA Vulnerabilities Discovered Following Pwn2Own 2022 Hacking Competition:
https://jfrog.com/blog/satisfying-our-way-into-remote-code-execution-in-the-opc-ua-industrial-stack/

   ・ 利用 Unified Automation 工控组件 OPC UA Server SDK 两个漏洞实现 RCE – Jett

• [PDF] https://conference.hitb.org/hitbsecconf2022sin/materials/D1T1%20-%20Settlers%20of%20Netlink%20-%20Exploiting%20a%20Limited%20UAF%20on%20Ubuntu%2022.04%20to%20Achieve%20LPE%20-%20Aaron%20Adams.pdf:
https://conference.hitb.org/hitbsecconf2022sin/materials/D1T1%20-%20Settlers%20of%20Netlink%20-%20Exploiting%20a%20Limited%20UAF%20on%20Ubuntu%2022.04%20to%20Achieve%20LPE%20-%20Aaron%20Adams.pdf

   ・ Ubuntu 22.04 内核 UAF 漏洞的利用 – Jett

• Command Injection in the GitHub Pages Build Pipeline:
https://blog.nietaanraken.nl/posts/github-pages-command-injection/

   ・ GitHub Pages Build Pipeline 命令注入漏洞 – Jett

• The open-source security lake platform for AWS.:
https://github.com/matanolabs/matano

   ・ Matano – 基于 Apache Iceberg 等项目搭建的 PB 级 Security Lake 数据平台 – Jett

• [PDF] https://conference.hitb.org/hitbsecconf2022sin/materials/D1%20COMMSEC%20-%20Fuzzing%20the%20MCU%20of%20Connected%20Vehicles%20for%20Security%20and%20Safety%20-%20Hao%20Chen.pdf:
https://conference.hitb.org/hitbsecconf2022sin/materials/D1%20COMMSEC%20-%20Fuzzing%20the%20MCU%20of%20Connected%20Vehicles%20for%20Security%20and%20Safety%20-%20Hao%20Chen.pdf

   ・ 理想汽车研究员 Hao Chen 对互联汽车 MCU Fuzz 的研究 – Jett

• Description:
https://github.com/Kudaes/Elevator

   ・ Elevator – UAC Bypass by abusing RPC and debug objects – Jett

• FwHunt Community Scanner:
https://github.com/binarly-io/fwhunt-scan

   ・ FwHunt Scanner – 在 UEFI 固件中扫描漏洞的工具 – Jett

• Securing Developer Tools: Argument Injection in Visual Studio Code:
https://blog.sonarsource.com/securing-developer-tools-argument-injection-in-vscode/

   ・ VSCode Git Clone URL handler 被发现参数注入漏洞 – Jett

• Unix legend, who owes us nothing, keeps fixing foundational AWK code:
https://arstechnica.com/gadgets/2022/08/unix-legend-who-owes-us-nothing-keeps-fixing-foundational-awk-code/?utm_brand=arstechnica&utm_source=twitter&utm_social-type=owned&utm_medium=social

   ・ Unix 传奇人物Brian Kernighan 80岁的他还在不断进行修复 AWK 代码 – lanying37

• google-research/lm-extraction-benchmark:
https://github.com/google-research/lm-extraction-benchmark

   ・ Google 发起从训练模型中逆向还原出训练数据集的安全挑战 – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(08-29)