每日安全动态推送(4-8)
2024-4-8 14:56:23 Author: mp.weixin.qq.com(查看原文) 阅读量:0 收藏

Tencent Security Xuanwu Lab Daily News

• CVE-2023-38709: Apache HTTP Server: HTTP response splitting:
https://seclists.org/oss-sec/2024/q2/29

   ・ 披露了Apache HTTP Server的新漏洞CVE-2023-38709,揭示了存在的输入验证缺陷,可能导致恶意或可利用的后端/内容生成器分割HTTP响应。 – SecTodayBot

• YubiKey Manager Flaw (CVE-2024-31498): Patch Now To Prevent Admin Privilege Escalation on Windows:
https://securityonline.info/yubikey-manager-flaw-cve-2024-31498-patch-now-to-prevent-admin-privilege-escalation-on-windows/

   ・ YubiKey Manager GUI软件存在CVE-2024-31498漏洞,攻击者可以利用特定条件下的提升权限问题。 – SecTodayBot

• GhostMapperUM:
https://github.com/0mWindyBug/GhostMapperUM

   ・ 介绍了一种利用漏洞的技术,可以将未签名的驱动程序映射到已签名的内存中。 – SecTodayBot

• It’ll be back: Attackers still abusing Terminator tool and variants:
https://www.scmagazine.com/native/itll-be-back-attackers-still-abusing-terminator-tool-and-variants

   ・ 文章重点介绍了BYOVD(Bring Your Own Vulnerable Driver)攻击,以及对安全漏洞驱动程序的利用  – SecTodayBot

• Diving Deeper into AI Package Hallucinations:
https://www.lasso.security/blog/ai-package-hallucinations

   ・ 揭示了利用AI推荐package这一攻击向量扩散恶意软件 – SecTodayBot

• Great, Now Write an Article About That: The Crescendo Multi-Turn LLM Jailbreak Attack:
https://crescendo-the-multiturn-jailbreak.github.io/

   ・ Crescendo是一种新的多轮越狱攻击方法,可以利用语言模型的行为特征进行攻击。该方法简单易行,成功率高,并且减小了进行越狱攻击的门槛,从而扩大了潜在的攻击用户群。  – SecTodayBot

• Best Alternative of Netcat Listener:
https://www.hackingarticles.in/best-alternative-of-netcat-listener/

   ・ 介绍了用于建立连接和维持访问的不同监听器选项和工具,如Netcat、Rlwrap、Rustcat等。重点介绍了它们的功能、用途和优势,为安全评估提供了实用的指导。 – SecTodayBot

• Re: Just a reminder to never run ldd or strings on untrusted binaries:
https://seclists.org/oss-sec/2024/q2/32

   ・ 讨论了运行某些命令在不受信任的二进制文件上的潜在安全风险,尤其是与ldd和strings命令相关的潜在漏洞。 – SecTodayBot

• DJI Mavic 3 Drone Research Part 2: Vulnerability Analysis:
https://www.nozominetworks.com/blog/dji-mavic-3-drone-research-part-2-vulnerability-analysis

   ・ 该文章披露了对DJI Mavic 3系列无人机中Wi-Fi协议的安全分析,发现了潜在的漏洞,并详细分析了固件和每个漏洞的潜在影响。  – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959590&idx=1&sn=c363bd49d33b0137e73fd65b78bbb7c1&chksm=8baed1b9bcd958af90cc82c60b2ceed7656f2f9d0e687a41e91c30468544d4fb7a1364ca9025&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh