Tencent Security Xuanwu Lab Daily News

• Revisiting the Black Sunday Hack:
https://blog.codinghorror.com/revisiting-the-black-sunday-hack/amp/

   ・ 讲述了黑客社区如何利用卫星电视的智能卡设计漏洞，通过逆向工程和创造智能卡写入器来突破保护，最终被DirecTV利用动态代码摧毁。 – SecTodayBot

• tldrsec.com:
https://tldrsec.com/p/tldr-every-ai-talk-bsideslv-blackhat-defcon-2024

   ・ 总结了来自BSidesLV、Black Hat和DEF CON的60多场AI和网络安全相关演讲 – SecTodayBot

• Critical Vulnerabilities Expose Hitachi Energy MicroSCADA X SYS600 to Cyberattacks:
https://securityonline.info/critical-vulnerabilities-expose-hitachi-energy-microscada-x-sys600-to-cyberattacks/

   ・ 日立能源的MicroSCADA X SYS600产品存在多个关键漏洞，可能导致系统的保密性、完整性和可用性风险。 – SecTodayBot

• Uncovering the Limits of Machine Learning for Automatic Vulnerability Detection | USENIX:
https://usenix.org/conference/usenixsecurity24/presentation/risse

   ・ 介绍了机器学习自动漏洞检测的局限性，并提出了一种新的评估方法。 – SecTodayBot

• PoC Exploit Released for Arbitrary File Write Flaw (CVE-2024-22263) in Spring Cloud Data Flow:
https://securityonline.info/poc-exploit-released-for-arbitrary-file-write-flaw-cve-2024-22263-in-spring-cloud-data-flow/

   ・ Spring Cloud Data Flow中的CVE-2024-22263漏洞，以及相关的PoC exploit的发布。 – SecTodayBot

• Syntia: Synthesizing the Semantics of Obfuscated Code | USENIX:
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/blazytko

   ・ 介绍了一种基于程序合成的自动代码反混淆方法，通过Monte Carlo Tree Search（MCTS）引导程序合成，成功地学习了混淆代码的语义。 – SecTodayBot

• Analysis of two arbitrary code execution vulnerabilities affecting WPS Office:
https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office/

   ・ 披露ESET研究人员发现的WPS Office for Windows存在的漏洞，以及APT-C-60对其进行利用的情况 – SecTodayBot

• Gitea 1.22.0 - Stored XSS:
https://dlvr.it/TCV9wf

   ・ Gitea 1.22.0存储型跨站脚本（XSS）漏洞 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab