每日安全动态推送(6-5)
2024-6-5 17:28:33 Author: mp.weixin.qq.com(查看原文) 阅读量:1 收藏

Tencent Security Xuanwu Lab Daily News

• Pentesting with Secure LDAP and LDAP Channel Binding:
https://rootsecdev.medium.com/pentesting-with-secure-ldap-and-ldap-channel-binding-fd5baa0f7345

   ・ 介绍了使用安全LDAP和LDAP通道绑定进行渗透测试的方法 – SecTodayBot

• oss-security - libarchive 3.7.4 released with 2 security fixes:
https://www.openwall.com/lists/oss-security/2024/06/04/2

   ・ libarchive 3.7.4发布了两个安全修复,其中一个是rar过滤器的越界访问漏洞,另一个是zip文件的越界访问漏洞。 – SecTodayBot

• Windows Rootkits Guide:
https://artemonsecurity.blogspot.com/2024/06/windows-rootkits-guide.html?m=1

   ・ 介绍了关于Windows内核和rootkits研究的内容 – SecTodayBot

• Urgent Security Update for Zyxel NAS Devices: Patches Available for Critical Flaws:
https://securityonline.info/urgent-security-update-for-zyxel-nas-devices-patches-available-for-critical-flaws/

   ・ Zyxel NAS设备的紧急安全更新,披露了设备中存在的严重漏洞 – SecTodayBot

• Molding Lies Into Reality || Exploiting CVE-2024-4358:
https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/

   ・ 该文章详细分析了对Telerik Report Server中的反序列化漏洞的利用方法,包括了披露新漏洞信息、根本原因分析、利用漏洞所需的Exploit – SecTodayBot

• One Key Bug in OneKey Mini:
https://offside.io/blog/one-key-bug-in-onekey-mini

   ・ 发现了硬件钱包中的重大安全漏洞,包括Trezor、KeepKey和OneKey等知名硬件钱包制造商的漏洞,突出了硬件钱包存在的潜在风险 – SecTodayBot

• Exploiting Android's Hardened Memory Allocator:
https://www.usenix.org/conference/woot24/presentation/mao

   ・ 对Android的强化内存分配器进行利用 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959666&idx=1&sn=738949b6631f3751e4347eb3b48e34b6&chksm=8baed1edbcd958fb239fff6ea3e89e486dbaf802f19b91d97baa3769e80fce952545cefa9f23&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh