每日安全动态推送(1-31)
2024-1-31 11:11:35 Author: mp.weixin.qq.com(查看原文) 阅读量:6 收藏

Tencent Security Xuanwu Lab Daily News

• Crypto Stealing PyPI Malware Hits Both Windows and Linux Users:
https://www.hackread.com/crypto-stealing-pypi-malware-windows-linux-users/

   ・ Python软件包索引(PyPI)被利用上传恶意软件包,其中包含针对不同操作系统的攻击方法。 – SecTodayBot

• Event short-circuiting - HyperDbg Documentation:
https://docs.hyperdbg.org/tips-and-tricks/misc/event-short-circuiting#example-4

   ・ 介绍了HyperDbg的事件短路机制,允许忽略特定事件的执行,为调试和安全测试带来方便。  – SecTodayBot

• Announcing cvemap from ProjectDiscovery:
https://blog.projectdiscovery.io/announcing-cvemap-from-projectdiscovery/

   ・ cvemap是一款用于管理CVE的新工具,旨在通过综合各种来源的CVE数据并采用多维度评估方法,提供一种更清晰的导航和评估方式,帮助安全专业人士更好地管理和评估系统中的漏洞。  – SecTodayBot

• BlackHat Europe 2023 议题学习(二):
http://programlife.net/2024/01/28/BHEU-2023-Learning-Part2/

   ・ BlackHat Europe 2023 议题学习(二) – lanying37

• THREAT ALERT: DarkGate Loader:
https://www.cybereason.com/blog/threat-alert-darkgate-loader

   ・ 介绍了最近观察到的DarkGate Loader威胁以及防护建议 – SecTodayBot

• CVE-2023-5480: Chrome new XSS Vector:
https://blog.slonser.info/posts/cve-2023-5480/

   ・ 本文主要介绍了对Google Chrome浏览器中发现的CVE-2023-5480漏洞,以及与该漏洞相关的现代Web开发技术的详细分析。文章讨论了Service Worker、渐进式Web应用程序(PWA)和支付请求API等技术,以及它们在漏洞根源方面的潜在影响。  – SecTodayBot

• CVE-2023-29055: Apache Kylin: Insufficiently protected credentials in config file:
https://seclists.org/oss-sec/2024/q1/62

   ・ Apache Kylin存在安全漏洞CVE-2023-29055,kylin.properties文件中的凭据未受足够保护 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959523&idx=1&sn=8acea857c17a22b8bc6a7f1beb099594&chksm=8baed07cbcd9596ae10488d6a515b990751a3cfe4ad985fe23b400357981d265cbbd8471b8a9&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh