每日安全动态推送(2-29)
2024-2-29 16:4:38 Author: mp.weixin.qq.com(查看原文) 阅读量:0 收藏

Tencent Security Xuanwu Lab Daily News

• MartinIngesen/MSOLSpray: A Python implementation of dafthack's MSOLSpray. A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.:
https://github.com/MartinIngesen/MSOLSpray

   ・ 名为MSOLSpray的纯Python重写工具,用于对Microsoft Online账户进行密码喷洒攻击。这一工具不仅用于寻找有效密码,还提供了大量关于Azure AD错误代码的信息,可用作Microsoft Online账户的侦察工具。 – SecTodayBot

• Unveiling the Server-Side Prototype Pollution Gadgets Scanner:
https://blog.doyensec.com/2024/02/17/server-side-prototype-pollution-Gadgets-scanner.html

   ・ 介绍了服务器端原型污染漏洞的扫描工具,讨论了原型污染的根本原因、影响以及对应的利用方法和工具。 – SecTodayBot

• Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin:
https://dlvr.it/T3JHv1

   ・ Automatic-Systems SOC FL9600 FastLine存在的固定登录凭据漏洞(CVE-2023-37608),并提供了硬编码的超级管理员登录名和密码。 – SecTodayBot

• Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub:
https://thehackernews.com/2024/02/open-source-xeno-rat-trojan-emerges-as.html

   ・ 介绍了一种名为Xeno RAT的远程访问特洛伊木马(RAT),它是一个以C#编写的开源工具,可在Windows 10和Windows 11操作系统上运行。该RAT具有多种远程系统管理功能,并通过Discord内容传送网络(CDN)进行传播。 – SecTodayBot

• Leaking ObjRefs to Exploit HTTP .NET Remoting:
https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/

   ・ 揭示了ASP.NET Web应用程序中的.NET Remoting漏洞,可能导致未经身份验证的远程代码执行。 – SecTodayBot

• Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor:
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/

   ・ 揭示了机器学习模型可能对Hugging Face平台用户的环境构成威胁,讨论了如何加载ML模型可能导致代码执行,以及Hugging Face已实施的安全措施。 – SecTodayBot

• Keylogging in the Windows kernel with undocumented data structures:
https://eversinc33.com/posts/kernel-mode-keylogging/

   ・ 通过未记录的数据结构gafAsyncKeyState来实现Windows内核中进行键盘记录。 – SecTodayBot

• Executables Created with perl2exe < V30.10C - Arbitrary Code Execution:
https://dlvr.it/T3JHvP

   ・ 该文章中披露了一个新的漏洞,涉及perl2exe创建的可执行文件,攻击者可以利用该漏洞执行任意代码。 – SecTodayBot

• UAC-0184 Targets Ukrainian Entity in Finland With Remcos RAT:
https://www.darkreading.com/cyberattacks-data-breaches/uac-0184-targets-ukrainian-entity-finland-remcos-rat

   ・ 讨论了使用隐写术传递 Remcos RAT 的网络间谍活动,重点介绍了攻击的技术细节,包括隐写术和新型恶意软件 IDAT Loader 的使用。 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959539&idx=1&sn=8ea4acadbc3cacb3ee13baad3c64c2cf&chksm=8baed06cbcd9597ae1d8d39a207f8333628d42c003d9744fa013ec6d70e49e0f7a2e3a046bf3&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh