每日安全动态推送(11-1)
2023-11-1 17:20:54 Author: mp.weixin.qq.com(查看原文) 阅读量:3 收藏

Tencent Security Xuanwu Lab Daily News

• Remplacer la WIN32API pour l'injection de processus - Yoann Dequeker / OtterHacker 🇫🇷:
https://youtube.com/watch?v=Le5GHLthnlc

   ・ 学习如何替换WIN32API进行进程注入 – SecTodayBot

• Solarwinds DeserializeFromStrippedXml RCE:
https://paper.seebug.org/3065/

   ・ SolarWinds软件中的SWIS服务存在反序列化漏洞,攻击者可通过恶意构造的payload实现远程代码执行。 – SecTodayBot

• 📘 Volatility3: Modern Windows Hibernation file analysis:
https://www.forensicxlab.com/posts/hibernation/

   ・ 探讨现代Windows休眠文件的结构,并提出一种新的翻译层来从休眠文件创建原始内存镜像 – SecTodayBot

• DOM-based race condition: racing in the browser for fun:
https://blog.ryotak.net/post/dom-based-race-condition/

   ・ 这篇文章讲述了基于剪贴板的XSS攻击,通过在contenteditable元素中粘贴ng-*属性来利用AngularJS等JavaScript库的漏洞,实现弹出警报的效果。 – SecTodayBot

• Sorry, you have been blocked:
https://www.securityweek.com/attackers-exploiting-critical-f5-big-ip-vulnerability/

   ・ F5的BIG-IP产品最近修复的关键漏洞在公开披露和概念验证(PoC)利用代码发布不到五天后就开始被利用,该漏洞影响BIG-IP的Traffic Management User Interface,允许未经身份验证的远程代码执行,F5已发布补丁并敦促用户尽快安装。  – SecTodayBot

• Wiki-Slack attack allows redirecting business professionals to malicious websites:
https://securityaffairs.com/153245/hacking/wiki-slack-attack.html

   ・ eSentire威胁响应小组(TRU)的安全研究人员发现了一种名为Wiki-Slack攻击的新攻击技术,可以将商业专业人士重定向到恶意网站。攻击者选择维基百科中可能对潜在受害者感兴趣的主题,然后进入维基百科条目的第一页并编辑该页面,通过在条目中添加一个合法的引用脚注来进行欺骗,这个脚注会在Slack上共享时导致格式错误,从而在Slack上渲染出原始维基百科文章中看不见的链接 – SecTodayBot

• GitHub - h26forge/h26forge: Domain-specific infrastructure for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files.:
https://github.com/h26forge/h26forge

   ・ H26Forge是一个针对H.264视频文件的领域特定基础设施,可以分析、生成和操作语法正确但语义不符合规范的H.264视频文件,具有三个关键功能:随机突变语法元素、通过Python脚本编程性地修改语法元素以及生成带有随机语法元素的Annex B H.264文件,并可写入文件或通过RTP进行流式传输。  – SecTodayBot

• CVE-2023-5044: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation · Issue #10572 · kubernetes/ingress-nginx:
https://github.com/kubernetes/ingress-nginx/issues/10572

   ・ k8s CVE-2023-5044漏洞, 通过nginx.ingress.kubernetes.io/permanent-redirect注释进行代码注入 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959406&idx=1&sn=2cb29c8ef0a33ac9d54f380d3e30ca9e&chksm=8baed0f1bcd959e7641e09748750b2e0aebd0489a7a90fcfd31a4a7a9392a9deb1d1c62eda5c&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh