• Frida on Java applications and applets in 2024:
https://security.humanativaspa.it/frida-on-java-applets-in-2024/
・ 使用Frida对Java应用进行插桩
– WireFish
• Hiding in Plain Sight: How Subdomain Attacks Use Your Email Authentication Against You:
https://feedpress.me/link/23532/16631862/hiding-in-plain-sight-how-subdomain-attacks-use-your-email-authentication-against-you
・ 介绍了SubdoMailing攻击活动利用了DMARC的漏洞
– SecTodayBot
• CVE-2024-1933: TeamViewer Bug Exposes macOS Users: Update Immediately!:
https://securityonline.info/cve-2024-1933-teamviewer-bug-exposes-macos-users-update-immediately/
・ TeamViewer软件存在漏洞
– SecTodayBot
• Address Sanitizer for Bare-metal Firmware:
https://security.googleblog.com/2024/03/address-sanitizer-for-bare-metal.html
・ 介绍纯物理固件上的ASan
– WireFish
• BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution:
https://www.mobile-hacker.com/2024/03/26/blueducky-automates-exploitation-of-bluetooth-pairing-vulnerability-that-leads-to-0-click-code-execution/
・ Android and Linux 上的蓝牙配对漏洞,可导致0-click代码执行
– WireFish
• Securing the LLM Stack:
https://feedpress.me/link/23532/16632169/securing-the-llm-stack
・ 关于在网络安全中保护人工智能系统和LLM技术栈的重要性,特别是讨论了AI模型、LLM实施和安全方法论。
– SecTodayBot
• [PDF] https://fuzzing.io/Presentations/The%20DL%20on%20LLM%20Code%20Analysis%20-%20CanSecWest24%20-%20rjohnson.pdf:
https://fuzzing.io/Presentations/The%20DL%20on%20LLM%20Code%20Analysis%20-%20CanSecWest24%20-%20rjohnson.pdf
・ 议题介绍LLM在安全领域的应用,包含反编译、fuzz等
– WireFish
• ShadowRay: First Known Attack Campaign Targeting AI Workloads Exploited In The Wild:
https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild
・ 报告了针对Ray开源AI框架的漏洞攻击以及该漏洞在AI工作负载中的利用。文章详细分析了漏洞的根本原因,揭示了争议的CVE以及其在野外的利用。
– SecTodayBot
• Introduction:
https://github.com/k1nd0ne/VolWeb
・ VolWeb是一款数字取证内存分析平台,旨在提高内存收集和取证分析的效率,并通过提供集中式、可视化和增强的Web应用程序来支持调查和事件响应。
– SecTodayBot
• Local Privilege Escalating my way to root through Apple macOS filesystems:
https://www.alter-solutions.fr/blog/local-privilege-escalating-my-way-to-root-throught-apple-macos-filesystems
・ macOS存在CVE-2023-42931漏洞,通过绕过System Integrity Protection (SIP)实现提权
– SecTodayBot
• CVE-2024-20767: Critical Adobe ColdFusion Flaw Exposes Sensitive Files, PoC Published:
https://securityonline.info/cve-2024-20767-critical-adobe-coldfusion-flaw-exposes-sensitive-files-poc-published/
・ Adobe ColdFusion存在严重漏洞(CVE-2024-20767),可能导致机密信息泄露和系统被入侵
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号: 腾讯玄武实验室
https://weibo.com/xuanwulab