Tencent Security Xuanwu Lab Daily News

• Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution:
https://blog.talosintelligence.com/vulnerability-roundup-zero-days-may-8-2024/

   ・ 揭示了三个仍未修补的零日漏洞，其中两个可能导致任意代码执行。 – SecTodayBot

• 花小钱钓大鱼｜揭秘 1155 WBTC 钓鱼事件:
https://mp.weixin.qq.com/s/mQch5pEg1fmJsMbiOClwOg

   ・ 详细分析了一起相同首尾号地址钓鱼攻击事件的关键点、资金去向、黑客特征，并提出了相关防范建议。 – SecTodayBot

• Breaking Monero Episode 09: Poisoned Outputs (EAE Attack):
https://www.youtube.com/watch?v=iABIcsDJKyM&feature=youtu.be

   ・ 介绍了有关Monero加密货币的新漏洞——EAE攻击，该攻击影响了Monero的隐私功能。 – SecTodayBot

• How to protect yourself from phishing and malware on GitHub and GitLab:
https://kas.pr/29f5

   ・ GitHub和GitLab存在设计缺陷，允许用户上传任意文件并获得可用链接，这为网络犯罪分子提供了进行钓鱼攻击的机会，用户需要谨慎处理直接从GitHub/GitLab链接下载的文件。  – SecTodayBot

• Objectives:
https://blog.cyber5w.com/anomalies-hunting-in-windows-memory-dump

   ・ 介绍了利用内存取证工具进行取证分析的方法和技巧 – SecTodayBot

• cybersectroll/TrollDump:
https://github.com/cybersectroll/TrollDump/

   ・ 介绍了一种新的DLL注入技术，通过将DLL注入到进程中，实现对任务管理器进程的lsass转储。 – SecTodayBot

• Xen Security Advisory 457 v2 - Linux/xen-netfront: Memory leak due to missing cleanup function:
https://seclists.org/oss-sec/2024/q2/223

   ・ 披露了Linux/xen-netfront中的内存泄漏漏洞，可能导致虚拟机崩溃 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab