Tencent Security Xuanwu Lab Daily News

• Application is Vulnerable to Session Fixation:
https://seclists.org/fulldisclosure/2024/Mar/42

   ・ 介绍了一个名为“应用程序易受会话固定”的漏洞 – SecTodayBot

• 31_round_sha256_poc.py:
https://gist.github.com/DavidBuchanan314/aa9ab4265fe402ab86399b5f9da82888

   ・ 介绍了 SHA-256 碰撞的新方法，并涉及到 FSE2024 会议的内容。 – SecTodayBot

• CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog:
https://securityaffairs.com/161134/security/cisa-microsoft-sharepoint-known-exploited-vulnerabilities-catalog.html

   ・ CISA公开披露了Microsoft SharePoint Server的代码注入漏洞，该漏洞在Pwn2Own Vancouver 2023黑客大赛中被演示 – SecTodayBot

• Gal Elbaz, Guy Kaplan- Discovering Shadow Vulnerabilities in Popular Open Source Projects DEF CON 31:
https://www.youtube.com/watch?v=tQEkqgOMA8Q&t=822s

   ・ 介绍了在知名开源项目中发现影子漏洞的相关内容，包括了在 DEF CON 31 大会上的演讲 – SecTodayBot

• SSRF leads to access AWS metadata.:
https://infosecwriteups.com/ssrf-leads-to-access-aws-metadata-21952c220aeb

   ・ 介绍了SSRF（服务器端请求伪造）攻击如何导致访问AWS元数据的漏洞，并提供了详细的分析和利用漏洞的POC（验证概念）。 – SecTodayBot

• Overview:
https://blog.exodusintel.com/2024/03/27/mind-the-patch-gap-exploiting-an-io_uring-vulnerability-in-ubuntu/

   ・ 本文介绍了Linux内核中io_uring的一个use-after-free漏洞CVE-2024-0582 – SecTodayBot

• Weblogic/Weblogic_Serialization_Vulnerability_and_IIOP_Protocol_en_US.md at main · gobysec/Weblogic:
https://github.com/gobysec/Weblogic/blob/main/Weblogic_Serialization_Vulnerability_and_IIOP_Protocol_en_US.md

   ・ 重点讨论了Weblogic序列化漏洞和IIOP协议，提供了CVE-2023-21839漏洞的详细分析和利用POC。 – SecTodayBot

• Abusing MiniFilter Altitude to blind EDR:
https://tierzerosecurity.co.nz/2024/03/27/blind-edr.html

   ・ 通过滥用 minifilter altitude，可以绕过 EDR 解决方案的检测。文章介绍了如何利用注册表修改来绕过 EDR 的技术。 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号： 腾讯玄武实验室
https://weibo.com/xuanwulab