每日安全动态推送(8-30)
2024-8-30 17:32:24 Author: mp.weixin.qq.com(查看原文) 阅读量:2 收藏

Tencent Security Xuanwu Lab Daily News

• Revisiting the Black Sunday Hack:
https://blog.codinghorror.com/revisiting-the-black-sunday-hack/amp/

   ・ 讲述了黑客社区如何利用卫星电视的智能卡设计漏洞,通过逆向工程和创造智能卡写入器来突破保护,最终被DirecTV利用动态代码摧毁。 – SecTodayBot

• tldrsec.com:
https://tldrsec.com/p/tldr-every-ai-talk-bsideslv-blackhat-defcon-2024

   ・ 总结了来自BSidesLV、Black Hat和DEF CON的60多场AI和网络安全相关演讲 – SecTodayBot

• Critical Vulnerabilities Expose Hitachi Energy MicroSCADA X SYS600 to Cyberattacks:
https://securityonline.info/critical-vulnerabilities-expose-hitachi-energy-microscada-x-sys600-to-cyberattacks/

   ・ 日立能源的MicroSCADA X SYS600产品存在多个关键漏洞,可能导致系统的保密性、完整性和可用性风险。 – SecTodayBot

• Uncovering the Limits of Machine Learning for Automatic Vulnerability Detection | USENIX:
https://usenix.org/conference/usenixsecurity24/presentation/risse

   ・ 介绍了机器学习自动漏洞检测的局限性,并提出了一种新的评估方法。 – SecTodayBot

• PoC Exploit Released for Arbitrary File Write Flaw (CVE-2024-22263) in Spring Cloud Data Flow:
https://securityonline.info/poc-exploit-released-for-arbitrary-file-write-flaw-cve-2024-22263-in-spring-cloud-data-flow/

   ・ Spring Cloud Data Flow中的CVE-2024-22263漏洞,以及相关的PoC exploit的发布。 – SecTodayBot

• Syntia: Synthesizing the Semantics of Obfuscated Code | USENIX:
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/blazytko

   ・ 介绍了一种基于程序合成的自动代码反混淆方法,通过Monte Carlo Tree Search(MCTS)引导程序合成,成功地学习了混淆代码的语义。 – SecTodayBot

• Analysis of two arbitrary code execution vulnerabilities affecting WPS Office:
https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office/

   ・ 披露ESET研究人员发现的WPS Office for Windows存在的漏洞,以及APT-C-60对其进行利用的情况 – SecTodayBot

• Gitea 1.22.0 - Stored XSS:
https://dlvr.it/TCV9wf

   ・ Gitea 1.22.0存储型跨站脚本(XSS)漏洞 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959777&idx=1&sn=1f9f9d4c0d5c074c0966eb0734c13224&chksm=8baed17ebcd95868f5885d5f8f22e9e33f6aa40e1000e88053f8df2318ac402664f7f396a13a&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh