每日安全动态推送(7-31)
2024-7-31 14:27:24 Author: mp.weixin.qq.com(查看原文) 阅读量:0 收藏

Tencent Security Xuanwu Lab Daily News

• Improving the security of Chrome cookies on Windows:
https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html

   ・ Chrome 127 introduces a new protection feature, App-Bound Encryption, on Windows to safeguard against infostealer malware, increasing the cost of data theft to attackers and making their actions more detectable.  – SecTodayBot

• How a GraphQL Bug Resulted in Authentication Bypass:
https://www.hackerone.com/vulnerability-management/graphql-authentication-bypass?utm_medium=Organic-Social&utm_source=organic&utm_campaign=hakluke_authenticationbypass&utm_content=Blog&utm_term=undefined

   ・ 讨论了GraphQL API中的身份验证绕过漏洞,揭示了这一漏洞对电子商务应用程序的影响。 – SecTodayBot

• Unit 42 Secures Medical Device Manufacturer After Network Breach:
https://www.paloaltonetworks.com/customers/unit42-secures-medical-device-manufacturer-after-network-breach

   ・ Unit 42团队在医疗设备制造商遭遇网络入侵后,迅速进行了入侵调查和应急响应,并通过详细的漏洞分析和安全措施实施,最终取得了成功的解决方案 – SecTodayBot

• Our audit of Homebrew:
https://blog.trailofbits.com/2024/07/30/our-audit-of-homebrew/

   ・ 讨论了对 Homebrew(macOS 和 Linux 的包管理器)的审计,重点关注与安全相关的方面以及潜在漏洞的发现。文章透露了一些可能会破坏 Homebrew 完整性和隔离特性的潜在漏洞,对 Homebrew 的安全性产生重大影响。 – SecTodayBot

• tartufo: searches through git repositories for secrets, digging deep into commit history and branches:
https://meterpreter.org/tartufo-searches-through-git-repositories-for-secrets-digging-deep-into-commit-history-and-branches/

   ・ tartufo是一种用于搜索git存储库中的秘密和漏洞的工具,它提供了各种模式的操作,包括正则表达式检查和高熵检查。该工具可用于在本地存储库中扫描未提交的更改,以防止提交新的秘密,是一种常用的网络安全工具。 – SecTodayBot

• Entity-Relation Diagram Assisted Hacking Tool:
https://github.com/delikely/ERH

   ・ 一种创新方法,利用可视化和交互式的调用关系分析工具来分析智能互联汽车中APK文件之间的调用关系,以识别工程模式调用链并成功激活工程模式,为车辆渗透提供了分析入口。 – SecTodayBot

• Chrome Stealer:
https://bernking.github.io//2024/chrome-stealer/

   ・ 介绍了Chrome浏览器中存储敏感数据的加密方法,以及如何通过新方法从本地文件中提取加密密钥 – SecTodayBot

• Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1:
https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1

   ・ 本文介绍了在Windows系统上提升特权的技术和漏洞,重点讨论了链接跟踪漏洞以及利用方法,揭示了漏洞的根本原因。 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959747&idx=1&sn=ed26166df6757712b387b14047ff8ca8&chksm=8baed15cbcd9584ad849fab7267e7919cc1c72d30996461c2b17b73922167ca32b5cf9b7538f&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh