每日安全动态推送(3-29)
2024-3-29 11:40:0 Author: mp.weixin.qq.com(查看原文) 阅读量:1 收藏

Tencent Security Xuanwu Lab Daily News

• Application is Vulnerable to Session Fixation:
https://seclists.org/fulldisclosure/2024/Mar/42

   ・ 介绍了一个名为“应用程序易受会话固定”的漏洞 – SecTodayBot

• 31_round_sha256_poc.py:
https://gist.github.com/DavidBuchanan314/aa9ab4265fe402ab86399b5f9da82888

   ・ 介绍了 SHA-256 碰撞的新方法,并涉及到 FSE2024 会议的内容。 – SecTodayBot

• CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog:
https://securityaffairs.com/161134/security/cisa-microsoft-sharepoint-known-exploited-vulnerabilities-catalog.html

   ・ CISA公开披露了Microsoft SharePoint Server的代码注入漏洞,该漏洞在Pwn2Own Vancouver 2023黑客大赛中被演示 – SecTodayBot

• Gal Elbaz, Guy Kaplan- Discovering Shadow Vulnerabilities in Popular Open Source Projects DEF CON 31:
https://www.youtube.com/watch?v=tQEkqgOMA8Q&t=822s

   ・ 介绍了在知名开源项目中发现影子漏洞的相关内容,包括了在 DEF CON 31 大会上的演讲 – SecTodayBot

• SSRF leads to access AWS metadata.:
https://infosecwriteups.com/ssrf-leads-to-access-aws-metadata-21952c220aeb

   ・ 介绍了SSRF(服务器端请求伪造)攻击如何导致访问AWS元数据的漏洞,并提供了详细的分析和利用漏洞的POC(验证概念)。 – SecTodayBot

• Overview:
https://blog.exodusintel.com/2024/03/27/mind-the-patch-gap-exploiting-an-io_uring-vulnerability-in-ubuntu/

   ・ 本文介绍了Linux内核中io_uring的一个use-after-free漏洞CVE-2024-0582 – SecTodayBot

• Weblogic/Weblogic_Serialization_Vulnerability_and_IIOP_Protocol_en_US.md at main · gobysec/Weblogic:
https://github.com/gobysec/Weblogic/blob/main/Weblogic_Serialization_Vulnerability_and_IIOP_Protocol_en_US.md

   ・ 重点讨论了Weblogic序列化漏洞和IIOP协议,提供了CVE-2023-21839漏洞的详细分析和利用POC。 – SecTodayBot

• Abusing MiniFilter Altitude to blind EDR:
https://tierzerosecurity.co.nz/2024/03/27/blind-edr.html

   ・ 通过滥用 minifilter altitude,可以绕过 EDR 解决方案的检测。文章介绍了如何利用注册表修改来绕过 EDR 的技术。 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号: 腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959580&idx=1&sn=ff2e91fd3255513fd0978488b2cc1cb0&chksm=8baed183bcd95895ce94768d5eb33b26033cd9deaa24e27624efbde64b142a6fbcdb3b459e49&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh