每日安全动态推送(8-21)
2024-8-21 20:27:16 Author: mp.weixin.qq.com(查看原文) 阅读量:8 收藏

Tencent Security Xuanwu Lab Daily News

• CVE-2024-5932 (CVSS 10): Critical RCE Vulnerability Impacts 100k+ WordPress Sites:
https://securityonline.info/cve-2024-5932-cvss-10-critical-rce-vulnerability-impacts-100k-wordpress-sites/

   ・ GiveWP WordPress插件存在严重的安全漏洞(CVE-2024-5932),可能导致远程代码执行和未经授权的文件删除,影响10万多个网站。 – SecTodayBot

• Web Browser Stored Credentials:
https://pentestlab.blog/2024/08/20/web-browser-stored-credentials/

   ・ 披露了与CryptUnprotectData API滥用相关的漏洞,可能导致浏览器中凭据的暴露。  – SecTodayBot

• MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors:
http://blog.quarkslab.com/mifare-classic-static-encrypted-nonce-and-backdoors.html

   ・ 研究人员发现了FM11RF08S接触式卡中的硬件后门,并开发了新攻击来破解这一变种卡片的安全性 – SecTodayBot

• PoC Exploit for Windows 0-Day Flaws CVE-2024-38202 and CVE-2024-21302 Released:
https://securityonline.info/poc-exploit-for-windows-0-day-flaws-cve-2024-38202-and-cve-2024-21302-released/

   ・ 披露了Windows中两个关键的零日漏洞,以及发布了用于利用这些漏洞的PoC漏洞利用代码。 – SecTodayBot

• GitHub - MatthewKuKanich/FindMyFlipper: The FindMy Flipper app turns your FlipperZero into an AirTag or other tracking device, compatible with Apple AirTags and Samsung SmartTag and Tile Trackers. It uses the BLE beacon to broadcast, allowing users to clone existing tags, generate OpenHaystack key pairs for Apple's FindMy network, and customize beacon intervals and transmit power.:
https://github.com/MatthewKuKanich/FindMyFlipper

   ・ 介绍了如何利用FlipperZero的蓝牙功能扩展其跟踪能力,使其能够模拟苹果AirTag、三星SmartTag或Tile Tracker。通过克隆现有标签或生成OpenHaystack密钥对,用户可以自定义广播间隔和修改传输功率,从而实现可追踪的多功能工具。 – SecTodayBot

• Use of Hard-coded Cryptographic Key (CWE-321) CVE-2024-33895:
https://seclists.org/fulldisclosure/2024/Aug/22

   ・ Ewon Cosy+ VPN网关中使用硬编码加密密钥的漏洞 – SecTodayBot

• Exploiting HuggingFace’s Assistants to Extract Users’ Data:
https://www.lasso.security/blog/exploiting-huggingfaces-assistants-to-extract-users-data

   ・ Hugging Chat Assistance的漏洞的详细分析和利用 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959767&idx=1&sn=8529fc71fcae898263a5ab4e99c166a3&chksm=8baed148bcd9585e7f1cafc2c148bff7b3be589e9bd28e331e68e42ac2c44df813c62e215522&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh