每日安全动态推送(4-3)
2024-4-3 13:26:23 Author: mp.weixin.qq.com(查看原文) 阅读量:20 收藏

Tencent Security Xuanwu Lab Daily News

• Re: finding similar compromises (was Re: From xz to ibus: ...:
https://seclists.org/oss-sec/2024/q2/8

   ・ 关于寻找更多类似xz后门问题的讨论 – SecTodayBot

• CVE-2024-29201 & CVE-2024-29202 Flaws Expose JumpServer Users to RCE Attacks:
https://securityonline.info/cve-2024-29201-cve-2024-29202-flaws-expose-jumpserver-users-to-rce-attacks/

   ・ JumpServer近期被发现存在两个关键漏洞(CVE-2024-29201和CVE-2024-29202),可能允许攻击者远程执行任意代码 – SecTodayBot

• Spoofing git commits to change history:
https://medium.com/@pjbgf/spoofing-git-commits-7bef357d72f0

   ・ 本文介绍了如何伪造git提交,并讨论了如何使用GPG密钥进行提交签名 – SecTodayBot

• Timeline of the xz open source attack Posted on Monday, April 1, 2024. Updated Tuesday, April 2, 2024.:
https://research.swtch.com/xz-timeline

   ・  xz 压缩库的供应链攻击的社会工程方面的分析 – SecTodayBot

• Apache Pulsar Patches Authorization Flaw (CVE-2024-29834) – Update Now to Protect Sensitive Data:
https://securityonline.info/apache-pulsar-patches-authorization-flaw-cve-2024-29834-update-now-to-protect-sensitive-data/

   ・ Apache Pulsar, 一款广受欢迎的开源消息传递和流式处理平台,最近修复了一个关键的安全漏洞CVE-2024-29834,该漏洞允许未经授权的用户对敏感数据流和系统访问规则进行更改 – SecTodayBot

• web-traffic-generator:
https://github.com/ReconInfoSec/web-traffic-generator

   ・ 介绍了一个用于模拟网络防御的Python脚本,旨在生成真实用户浏览网络时的有机流量 – SecTodayBot

• The xz attack shell script Posted on Tuesday, April 2, 2024.:
https://research.swtch.com/xz-script

   ・ 对于xz后门植入过程的shell脚本进行分析 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959586&idx=1&sn=69a1ba3f549d912c1bee7d095b808508&chksm=8baed1bdbcd958ab1abf14f5f8283c911427560e86026c86899f75b3d58ab5890c3eb86c1a29&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh