• Apple CocoaPods Bugs Expose Millions of Apps to Code Injection:
https://www.darkreading.com/cloud-security/apple-cocoapods-bugs-expose-apps-code-injection
・ 苹果CocoaPods平台存在严重漏洞,导致数百万应用程序面临代码注入风险
– SecTodayBot
• JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 4 | ASSET InterTech:
https://www.asset-intertech.com/resources/blog/2024/03/jtag-debug-of-windows-hyper-v-secure-kernel-with-windbg-and-exdi-part-4/
・ 研究Windows中VMCS字段以对抗指令跟踪的方法
– SecTodayBot
• An unexpected journey into Microsoft Defender's signature World:
https://retooling.io/blog/an-unexpected-journey-into-microsoft-defenders-signature-world
・ 深入分析了Microsoft Defender Antivirus的体系结构、签名数据库和特定组件的分析
– SecTodayBot
• SpyMax – An Android RAT targets Telegram Users:
https://labs.k7computing.com/index.php/spymax-an-android-rat-targets-telegram-users/
・ 介绍了针对Telegram用户的Android RAT——SpyMax
– SecTodayBot
• Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties:
https://github.blog/2024-06-26-attack-of-the-clones-getting-rce-in-chromes-renderer-with-duplicate-object-properties/
・ 该文章揭示了Chrome渲染器中的一个新漏洞CVE-2024-3833,详细解释了该漏洞的根本原因,并包含了利用该漏洞获得远程代码执行(RCE)所需的利用细节。
– SecTodayBot
• ROP ROCKET: Unleashing the Power of Advanced Code-Reuse Attacks:
https://meterpreter.org/rop-rocket-unleashing-the-power-of-advanced-code-reuse-attacks/
・ ROP ROCKET是一个新的高级ROP框架,具有强大的能力和特性,包括生成Windows系统调用、新型攻击模式、无需shellcode的ROP攻击等。该框架于DEF CON 31首次亮相,是针对高级代码重用攻击的新工具。
– SecTodayBot
• PoC Exploit Published for Linux Kernel Privilege Escalation Flaw (CVE-2024-0193):
https://securityonline.info/poc-exploit-published-for-linux-kernel-privilege-escalation-flaw-cve-2024-0193/
・ Linux内核网络子系统存在严重漏洞(CVE-2024-0193),可被本地攻击者利用提升权限和执行任意代码。
– SecTodayBot
• CVE-2024-1724: Snap Sandbox Escape Vulnerability Threatens Linux Systems:
https://securityonline.info/cve-2024-1724-snap-sandbox-escape-vulnerability-threatens-linux-systems/
・ Ubuntu和其他Linux发行版上的Snap Sandbox逃逸漏洞(CVE-2024-1724)被披露,允许恶意攻击者绕过Snap沙盒环境,在用户系统上执行任意代码。
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab