Tencent Security Xuanwu Lab Daily News

• CVE-2023-38709: Apache HTTP Server: HTTP response splitting:
https://seclists.org/oss-sec/2024/q2/29

   ・ 披露了Apache HTTP Server的新漏洞CVE-2023-38709，揭示了存在的输入验证缺陷，可能导致恶意或可利用的后端/内容生成器分割HTTP响应。 – SecTodayBot

• YubiKey Manager Flaw (CVE-2024-31498): Patch Now To Prevent Admin Privilege Escalation on Windows:
https://securityonline.info/yubikey-manager-flaw-cve-2024-31498-patch-now-to-prevent-admin-privilege-escalation-on-windows/

   ・ YubiKey Manager GUI软件存在CVE-2024-31498漏洞，攻击者可以利用特定条件下的提升权限问题。 – SecTodayBot

• GhostMapperUM:
https://github.com/0mWindyBug/GhostMapperUM

   ・ 介绍了一种利用漏洞的技术，可以将未签名的驱动程序映射到已签名的内存中。 – SecTodayBot

• It’ll be back: Attackers still abusing Terminator tool and variants:
https://www.scmagazine.com/native/itll-be-back-attackers-still-abusing-terminator-tool-and-variants

   ・ 文章重点介绍了BYOVD（Bring Your Own Vulnerable Driver）攻击，以及对安全漏洞驱动程序的利用  – SecTodayBot

• Diving Deeper into AI Package Hallucinations:
https://www.lasso.security/blog/ai-package-hallucinations

   ・ 揭示了利用AI推荐package这一攻击向量扩散恶意软件 – SecTodayBot

• Great, Now Write an Article About That: The Crescendo Multi-Turn LLM Jailbreak Attack:
https://crescendo-the-multiturn-jailbreak.github.io/

   ・ Crescendo是一种新的多轮越狱攻击方法，可以利用语言模型的行为特征进行攻击。该方法简单易行，成功率高，并且减小了进行越狱攻击的门槛，从而扩大了潜在的攻击用户群。  – SecTodayBot

• Best Alternative of Netcat Listener:
https://www.hackingarticles.in/best-alternative-of-netcat-listener/

   ・ 介绍了用于建立连接和维持访问的不同监听器选项和工具，如Netcat、Rlwrap、Rustcat等。重点介绍了它们的功能、用途和优势，为安全评估提供了实用的指导。 – SecTodayBot

• Re: Just a reminder to never run ldd or strings on untrusted binaries:
https://seclists.org/oss-sec/2024/q2/32

   ・ 讨论了运行某些命令在不受信任的二进制文件上的潜在安全风险，尤其是与ldd和strings命令相关的潜在漏洞。 – SecTodayBot

• DJI Mavic 3 Drone Research Part 2: Vulnerability Analysis:
https://www.nozominetworks.com/blog/dji-mavic-3-drone-research-part-2-vulnerability-analysis

   ・ 该文章披露了对DJI Mavic 3系列无人机中Wi-Fi协议的安全分析，发现了潜在的漏洞，并详细分析了固件和每个漏洞的潜在影响。  – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab