Tencent Security Xuanwu Lab Daily News

• How Did I Easily Find Stored XSS at Apple and earn $5000 ?:
https://medium.com/@xrypt0/how-did-i-easily-find-stored-xss-at-apple-and-earn-5000-3aadbae054b2

   ・ 文章揭示了在苹果服务中发现的存储型跨站脚本（XSS）漏洞，包含了利用漏洞的示例和攻击载荷。  – SecTodayBot

• The Windows Registry Adventure #1: Introduction and research results:
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html

   ・ 介绍了Google Project Zero成员对Windows注册表进行安全漏洞审计的过程和结果，发现了多个问题并进行了详细的分析。审计结果表明Windows注册表存在潜在的本地提权漏洞 – SecTodayBot

• PAN-OS CVE-2024-3400: Patch Your Palo Alto Firewalls:
https://bishopfox.com/blog/pan-os-cve-2024-3400-patch-your-palo-alto-firewalls

   ・ 介绍了PAN-OS CVE-2024-3400漏洞，以及针对该漏洞的补丁和缓解措施。 – SecTodayBot

• How I Discovered an RCE Vulnerability in Tesla, Securing a $10,000 Bounty:
https://medium.com/@sahul1996l/how-i-discovered-an-rce-vulnerability-in-tesla-securing-a-10-000-bounty-62e725c2a6bd

   ・ 讲述了作者在Tesla发现并报告了一个CVE-2023–46747的远程代码执行漏洞，文章详细介绍了漏洞的发现过程、利用方法和时间线 – SecTodayBot

• How I Prevented a Mass Data Breach - $15,000 bounty - @bxmbn:
https://bxmbn.medium.com/how-i-prevented-a-mass-data-breach-15-000-bounty-bxmbn-1096e6400e3d

   ・ 披露了一个新的漏洞，通过使用Google Dorking和Wayback Machine发现并分析了漏洞的根本原因，以及对其进行利用的方法。漏洞可能导致敏感信息泄露，涉及300万人的个人信息。 – SecTodayBot

• pgAdmin 8.3 Remote Code Execution:
https://packetstormsecurity.com/files/178098

   ・ pgAdmin版本8.3及以下存在路径遍历漏洞，可以被利用来执行恶意代码。该漏洞的利用方法已被公开披露 – SecTodayBot

• How Antithesis finds bugs (with help from the Super Mario Bros.):
https://antithesis.com/blog/sdtalk/

   ・ 介绍了Antithesis平台如何利用超级马里奥兄弟游戏来进行高效的状态空间探索，以快速发现漏洞 – SecTodayBot

• WINELOADER: A Tool for Espionage and Disruption:
https://securityonline.info/wineloader-a-tool-for-espionage-and-disruption/

   ・ 介绍了由臭名昭著的 APT29 黑客组织发起的新攻击活动，揭露了他们使用名为 'WINELOADER' 的后门恶意软件进行间谍活动和破坏。文章详细分析了这一先进威胁的攻击方式和 'WINELOADER' 后门恶意软件的高级能力 – SecTodayBot

• oss-security - Make your own backdoor: CFLAGS code injection, Makefile injection, pkg-config:
https://www.openwall.com/lists/oss-security/2024/04/17/3

   ・ 讨论了如何在Linux内核中创建后门，详细分析了后门的创建过程和功能 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab