每日安全动态推送(4-23)
2024-4-23 09:56:9 Author: mp.weixin.qq.com(查看原文) 阅读量:7 收藏

Tencent Security Xuanwu Lab Daily News

• www.bleepingcomputer.com:
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/

   ・ GitHub存在漏洞被恶意利用,通过评论上传恶意软件。这一漏洞可能会导致恶意软件伪装成受信任的软件,并且难以辨别。  – SecTodayBot

• oss-security - The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence:
https://www.openwall.com/lists/oss-security/2024/04/17/9

   ・ GNU C 库版本 2.39 及更早版本中的 iconv() 函数存在输出缓冲区溢出  – SecTodayBot

• Sorry, you have been blocked:
https://packetstormsecurity.com/news/view/35789

   ・ OpenAI的GPT-4可以通过阅读安全公告来利用真实漏洞。研究人员发现,GPT-4能够自主利用真实世界系统中的漏洞,如果给定描述漏洞的CVE公告 – SecTodayBot

• Cookie-Monster - BOF To Steal Browser Cookies & Credentials:
https://dlvr.it/T5dLyN

   ・ Cookie-Monster是一款用于窃取浏览器Cookie和凭据的工具,可以提取浏览器中的敏感信息,并提供了解密和无文件下载功能。 – SecTodayBot

• EDR – The Multi-Tool of Security Defenses:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/edr-the-multi-tool-of-security-defenses/

   ・ 介绍了端点检测和响应(EDR)解决方案的特点和选择考虑因素。文章提到了EDR解决方案的功能、特性和选择方法,以及如何选择合适的EDR。 – SecTodayBot

• Re: Linux: Disabling network namespaces:
https://seclists.org/oss-sec/2024/q2/163

   ・ 文章讨论了关于Linux命名空间的安全问题,以及它们如何被恶意应用程序利用。具体分析了嵌套命名空间如何绕过Flatpak安全设计的细节 – SecTodayBot

• CVE-2024-27348: Apache HugeGraph-Server: Command execution in gremlin:
https://seclists.org/oss-sec/2024/q2/160

   ・ Apache HugeGraph-Server存在远程命令执行漏洞(CVE-2024-27348) – SecTodayBot

• The Invisible Battleground: Essentials of EASM:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-invisible-battleground-essentials-of-easm/

   ・ 介绍外部攻击面管理的作用 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959612&idx=1&sn=963fdd210704f8e8c68992b0285a6d2d&chksm=8baed1a3bcd958b51c6b7c8c33d48e8c24ac6385e9cf30b5a337bc11f732fd52be04bf66afa1&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh