每日安全动态推送(5-24)
2024-5-24 13:59:58 Author: mp.weixin.qq.com(查看原文) 阅读量:6 收藏

Tencent Security Xuanwu Lab Daily News

• How Malware Can Bypass Transparency Consent and Control (CVE-2023-40424):
https://blog.kandji.io/malware-bypass-tcc

   ・ 介绍了macOS Malware 如何利用CVE-2023-40424漏洞 – SecTodayBot

• MindShaRE: Decapping Chips for Electromagnetic Fault Injection (EMFI):
https://www.zerodayinitiative.com/blog/2024/5/23/mindshare-decapping-chips-for-electromagnetic-fault-injection-emfi

   ・ 通过电磁故障注入(EMFI)攻击目标设备,然后介绍了解封装(decapping)的新方法,以尝试攻击并提取软件。  – SecTodayBot

• PoC Releases for Unauthorized RCE Flaw (CVE-2024-29269) Threatens 40K+ Telesquare Routers:
https://securityonline.info/poc-releases-for-unauthorized-rce-flaw-cve-2024-29269-threatens-40k-telesquare-routers/

   ・ 披露了韩国 Telesquare 公司的 TLR-2005KSH LTE 路由器存在 CVE-2024-29269 漏洞,该漏洞允许攻击者远程执行系统命令,可能导致服务器被完全控制。 – SecTodayBot

• Why many pinyin keyboards are vulnerable to eavesdropping:
https://kas.pr/3onz

   ・ 智能手机键盘存在严重的安全漏洞,攻击者可以截取用户的按键输入信息,文章披露了相关的新漏洞信息,并对漏洞根本原因进行了详细分析。  – SecTodayBot

• Attacking .NET:
https://blog.devsecopsguides.com/attacking-dotnet

   ・ 文章深入探讨了攻击.NET应用程序的各种方法,包括对Code Access Security (CAS)和不安全的代码执行等漏洞的详细分析。 – SecTodayBot

• Go-Secdump - Tool To Remotely Dump Secrets From The Windows Registry:
https://dlvr.it/T7HnzL

   ・ 一个用于远程从Windows注册表中提取密码哈希和密钥的工具 – SecTodayBot

• Frida-JIT-unPacker: An Imperva Contribution to the Security Research Community, Presented at Black Hat Asia 2024:
https://www.imperva.com/blog/frida-jit-unpacker-an-imperva-contribution-to-the-security-research-community-as-presented-at-black-hat-asia-2024/

   ・ 介绍了一种新的工具Frida-JIT-unPacker,它是为了克服特定恶意软件.NET保护而开发的。 – SecTodayBot

• A journey into forgotten Null Session and MS-RPC interfaces:
https://kas.pr/nj9c

   ・ 该文章重点讨论了24年来被遗忘的Null Session漏洞和MS-RPC接口,说明了Microsoft对Null Session能力的限制以及如何绕过策略和限制,以及其对安全研究人员和渗透测试人员的价值。  – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959650&idx=1&sn=1a646bc7d4a1829c589e1b1e4545662a&chksm=8baed1fdbcd958ebcad33b0c8d04a214bdb4ebf96fff71d47b724b3af370db2379543f7cdca0&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh