Tencent Security Xuanwu Lab Daily News

• Top 50 Vulnerabilities Leading to RCE in Public-Facing Applications(RTC0016):

https://redteamrecipe.com/top-50-vulnerabilities-rce/

   ・ 大众应用中存在的Top50的RCE漏洞。 – SecTodayBot

• Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks:
https://securityaffairs.com/150516/hacking/cve-2023-20269-cisco-asa-e-ftd.html

   ・ Cisco ASA SSL VPN 远程访问漏洞 (CVE-2023-20269) ，可用于进行暴力破解攻击，试图识别有效的用户名和密码组合 – SecTodayBot

• croc: multiple issues in file sharing utility:
https://seclists.org/oss-sec/2023/q3/165

   ・ Croc：文件共享程序中的多个问题 – SecTodayBot

• Baseline Defenses for Adversarial Attacks Against Aligned Language Models:
https://arxiv.org/abs/2309.00614

   ・ 针对大模型恶意样本攻击的防御技术的评估 – SecTodayBot

• iOS 17 Jailbreak – All Available Tools - iDevice Central:
https://idevicecentral.com/jailbreak-tools/ios-17-jailbreak-download/

   ・  iOS 17 越狱可用工具集合，包括 PaleRa1n 团队的 iOS 17 beta 越狱工具，该工具支持所有配备 A11 芯片或更低版本的设备，包括 iPhone X 和旧设备 – SecTodayBot

• CVE-2023-35359 analysis:
https://y3a.github.io/2023/08/24/cve-2023-35359/

   ・ CVE-2023-35359 分析：Windows 错误报告服务 (WER) 会记录和分析未处理的异常，利用该服务使用欺骗性 DOS 设备映射劫持进程创建并以高完整性执行任意代码  – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab