每日安全动态推送(8-19)
2024-8-19 17:20:41 Author: mp.weixin.qq.com(查看原文) 阅读量:6 收藏

Tencent Security Xuanwu Lab Daily News

• The Hidden Treasures of Crash Reports:
https://objective-see.org/blog/blog_0x7B.html

   ・ 本文介绍了崩溃报告作为发现恶意软件感染、利用尝试和系统漏洞的宝贵信息来源,以及如何利用它们进行防御和进攻。文章提供了对崩溃报告的详细分析,包括如何查看它们在macOS上生成的示例报告 – SecTodayBot

• Cisco SSM On-Prem; Account Takeover (CVE-2024-20419):
https://www.0xpolar.com/blog/CVE-2024-20419

   ・ Cisco Smart Software Manager On-Prem (SSM On-Prem)存在账户接管漏洞(CVE-2024-20419),攻击者可以利用不当处理的授权令牌进行未经授权的访问和控制 – SecTodayBot

• Zero Day Initiative — CVE-2024-38213: Copy2Pwn Exploit Evades Windows Web Protections:
https://www.zerodayinitiative.com/blog/2024/8/14/cve-2024-38213-copy2pwn-exploit-evades-windows-web-protections

   ・ 一个绕过Windows标记-Web保护的新漏洞CVE-2024-38213,通过WebDAV共享进行远程代码执行。 – SecTodayBot

• Windows TCP/IP Vulnerability CVE-2024-38063: Researchers Hold Back Exploit Details Due to High Risk:
https://securityonline.info/windows-tcp-ip-vulnerability-cve-2024-38063-researchers-halt-exploit-release-due-to-severity/

   ・ Windows TCP/IP 漏洞 CVE-2024-38063:研究人员在 Windows TCP/IP 堆栈中发现了一个严重的安全漏洞 – SecTodayBot

• How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards:
https://www.wired.com/story/hid-keycard-authentication-key-vulnerability/

   ・ HID Global 的钥匙卡被发现存在漏洞,由于该公司的加密密钥被破解,导致钥匙卡可被克隆。 – SecTodayBot

• Researchers hack electronic shifters with a few hundred dollars of hardware:
https://packetstormsecurity.com/news/view/36224

   ・ 入侵现代高端自行车的无线换档系统 – SecTodayBot

• GitHub - synacktiv/SCCMSecrets: SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.:
https://github.com/synacktiv/SCCMSecrets

   ・ 一个名为SCCMSecrets.py的工具,用于利用SCCM策略。它提供了全面的方法来利用SCCM策略,并可以从不同权限级别执行。工具可以用于在入侵过程中模拟合法的SCCM客户端,并且具有收集变量、转储策略内容以及包脚本等功能。工具的详细用法和安装方法可以在提供的链接中找到。 – SecTodayBot

• gotestwaf: test different web application firewalls (WAF) for detection logic and bypasses:
https://meterpreter.org/gotestwaf-test-different-web-application-firewalls-waf-for-detection-logic-and-bypasses/

   ・ GoTestWAF是一款用于API和OWASP攻击模拟的工具,支持多种API协议,包括REST、GraphQL、gRPC、WebSockets、SOAP、XMLRPC等。该工具旨在评估Web应用安全解决方案,如API安全代理、Web应用防火墙、IPS、API网关等。 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959763&idx=1&sn=29c9fb22ab7751523114eadc79e6785b&chksm=8baed14cbcd9585aff66db7c432925509efd974136b9ea75f0032bfe18c7317949f22a334bb8&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh