每日安全动态推送(9-4)
2023-9-4 11:16:33 Author: mp.weixin.qq.com(查看原文) 阅读量:2 收藏

Tencent Security Xuanwu Lab Daily News

• CVE-2023-29357 – Microsoft SharePoint ValidateTokenIssuer 身份验证绕过漏洞分析:
https://paper.seebug.org/3021/

   ・ Microsoft SharePoint ValidateTokenIssuer 身份验证绕过漏洞分析 – SecTodayBot

• From Hidden Bee to Rhadamanthys - The Evolution of Custom Executable Formats - Check Point Research:
https://research.checkpoint.com/2023/from-hidden-bee-to-rhadamanthys-the-evolution-of-custom-executable-formats/

   ・ 介绍恶意软件所使用的自制可执行程序的结构 – SecTodayBot

• File Binding Methods(RTC0015):
https://redteamrecipe.com/File-Binding-Methods/

   ・ 创建文件绑定方法总结 – lanying37

• How To Hack WhatsApp & Telegram Using SS7 Flaw:
https://gist.github.com/Esauromano/adbb23118b8fdb2a52cd3d283086e25a

   ・ 利用Signalling System 7漏洞可以以任意手机号发送、接受短信,借此可用来攻击WhatsApp、Telegram等应用 – SecTodayBot

• Zenbleed (CVE-2023-20593):
https://www.youtube.com/watch?v=9EY_9KtxyPg

   ・ 影响 AMD Zen2 全系列 CPU 的漏洞 – SecTodayBot

• Phishing with Visual Studio Code:
https://vimeo.com/853281700?share=copy

   ・ 基于VS Code的钓鱼 – SecTodayBot

• What is a "good" Linux Kernel bug?:
https://blog.isosceles.com/what-is-a-good-linux-kernel-bug/

   ・ 对于 Linux 内核来说,什么样的漏洞是”好“漏洞? – SecTodayBot

• SS7 Attack Simulator based on RestComm's jss7.:
https://github.com/polarking/jss7-attack-simulator

   ・ SS7 攻击模拟器 – SecTodayBot

• Game of Rars--探索 WinRAR 中新的远程代码执行漏洞(CVE-2023-40477):
https://paper.seebug.org/3019/

   ・ 探索 WinRAR 中新的远程代码执行漏洞 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959342&idx=1&sn=c7197324c857bcc9e2ef7aa90c1c9c28&chksm=8baed0b1bcd959a76baf3917fdfef4e98a24a94a9c1e764cafb72df38c246388f2dc3f777099&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh