每日安全动态推送(8-14)
2024-8-14 17:44:14 Author: mp.weixin.qq.com(查看原文) 阅读量:0 收藏

Tencent Security Xuanwu Lab Daily News
• Gentoo Linux Security Advisory 202408-24:

https://packetstormsecurity.com/files/180057

   ・ Ruby on Rails存在远程代码执行漏洞,通过数据序列化可以导致此漏洞。 – SecTodayBot

• cispa/GhostWrite: Proof-of-concept for the GhostWrite CPU bug.:
https://github.com/cispa/ghostwrite

   ・ 披露了影响T-Head XuanTie C910芯片的新漏洞GhostWrite,并提供了相关的漏洞利用和POC – SecTodayBot

• Backdoor.Win32.Nightmare.25 MVID-2024-0687 Code Execution:
https://packetstormsecurity.com/files/180059

   ・ 该文章揭示了Backdoor.Win32.Nightmare.25恶意软件存在代码执行漏洞,提供了相关漏洞的利用示例。  – SecTodayBot

• Project Wycheproof:
https://github.com/C2SP/wycheproof

   ・ Project Wycheproof是一个针对加密库进行已知攻击测试的开源项目。它提供了80多个测试用例,揭示了40多个漏洞,并对大多数加密算法进行了测试。 – SecTodayBot

• SSD Advisory – Google Chrome RCE:
https://ssd-disclosure.com/ssd-advisory-google-chrome-rce/

   ・ 介绍了WasmGC中的漏洞CVE-2024-2887 – SecTodayBot

• google/buzzer:
https://github.com/google/buzzer

   ・ 该文章介绍了一个名为Buzzer的fuzzer工具链,用于编写eBPF模糊测试策略。同时披露了与eBPF验证程序相关的两个新漏洞,CVE-2023-2163和CVE-2024-41003,详细分析了漏洞的根本原因和潜在影响。  – SecTodayBot

• Harnessing LLMs for Automating BOLA Detection:
https://unit42.paloaltonetworks.com/automated-bola-detection-and-ai

   ・ 使用大型语言模型(LLMs)自动检测BOLA漏洞,成功发现多个BOLA漏洞,并介绍了BOLABuster方法。  – SecTodayBot

• FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability:
https://thehackernews.com/2024/08/freebsd-releases-urgent-patch-for-high.html

   ・ FreeBSD项目的维护者发布了针对OpenSSH中一个高危漏洞的安全更新。该漏洞被跟踪为CVE-2024-7589,可能被攻击者利用以提升特权远程执行任意代码。 – SecTodayBot

• Living off the land with Bluetooth PAN:
https://www.pentestpartners.com/security-blog/living-off-the-land-with-bluetooth-pan/

   ・ 通过蓝牙个人局域网(PAN)和SSH隧道技术,成功实现了对内部网络的隐蔽访问。该方法利用了Windows原生的SSH客户端和Linux工具,极大降低了被蓝队检测到的可能性,并且无需通过公共互联网使用C2服务器,简化了测试的稳定性和延迟。  – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959759&idx=1&sn=12d789ec8d1cf871d6b1198309aeb928&chksm=8baed150bcd95846b12a8e1cfc02ceae204836d8a91813ffcdb6a8cc40570b4ef043977ab972&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh