每日安全动态推送(5-9)
2024-5-9 14:44:3 Author: mp.weixin.qq.com(查看原文) 阅读量:5 收藏

Tencent Security Xuanwu Lab Daily News

• Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution:
https://blog.talosintelligence.com/vulnerability-roundup-zero-days-may-8-2024/

   ・ 揭示了三个仍未修补的零日漏洞,其中两个可能导致任意代码执行。 – SecTodayBot

• 花小钱钓大鱼|揭秘 1155 WBTC 钓鱼事件:
https://mp.weixin.qq.com/s/mQch5pEg1fmJsMbiOClwOg

   ・ 详细分析了一起相同首尾号地址钓鱼攻击事件的关键点、资金去向、黑客特征,并提出了相关防范建议。 – SecTodayBot

• Breaking Monero Episode 09: Poisoned Outputs (EAE Attack):
https://www.youtube.com/watch?v=iABIcsDJKyM&feature=youtu.be

   ・ 介绍了有关Monero加密货币的新漏洞——EAE攻击,该攻击影响了Monero的隐私功能。 – SecTodayBot

• How to protect yourself from phishing and malware on GitHub and GitLab:
https://kas.pr/29f5

   ・ GitHub和GitLab存在设计缺陷,允许用户上传任意文件并获得可用链接,这为网络犯罪分子提供了进行钓鱼攻击的机会,用户需要谨慎处理直接从GitHub/GitLab链接下载的文件。  – SecTodayBot

• Objectives:
https://blog.cyber5w.com/anomalies-hunting-in-windows-memory-dump

   ・ 介绍了利用内存取证工具进行取证分析的方法和技巧 – SecTodayBot

• cybersectroll/TrollDump:
https://github.com/cybersectroll/TrollDump/

   ・ 介绍了一种新的DLL注入技术,通过将DLL注入到进程中,实现对任务管理器进程的lsass转储。 – SecTodayBot

• Xen Security Advisory 457 v2 - Linux/xen-netfront: Memory leak due to missing cleanup function:
https://seclists.org/oss-sec/2024/q2/223

   ・ 披露了Linux/xen-netfront中的内存泄漏漏洞,可能导致虚拟机崩溃 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959632&idx=1&sn=ef6636da8a4f08f2547321018427ec31&chksm=8baed1cfbcd958d988b6208b15887235223ae62bc1c53a466c92e01159b49a789ca754f364be&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh