每日安全动态推送(9-9)
2024-9-9 18:7:30 Author: mp.weixin.qq.com(查看原文) 阅读量:2 收藏

Tencent Security Xuanwu Lab Daily News

• Frida 16.5.0 Released:
https://frida.re/news/2024/09/06/frida-16-5-0-released/

   ・ Frida 16.5.0发布了支持硬件断点和监视点的新API,可以更方便地进行内存访问监控和代码定位。同时支持Windows on ARM,为动态应用程序的分析提供了新的可能性。  – SecTodayBot

• GitHub - fortra/CVE-2024-30051:
https://github.com/fortra/CVE-2024-30051?tab=readme-ov-file

   ・ 对Microsoft Windows DWM核心库中的漏洞进行分析和利用 – SecTodayBot

• oss-security - CVE-2024-45751: CHAP authentication bypass in user-space Linux target framework (tgt) up to v1.0.92:
https://openwall.com/lists/oss-security/2024/09/07/2

   ・ 介绍了Linux目标框架(tgt)中的一个新漏洞(CVE-2024-45751),详细分析了漏洞的根本原因,解释了CHAP认证过程中的不安全随机数生成器导致可预测的挑战,并潜在地绕过认证。建议使用安全的伪随机数生成器`getrandom()`来替换`rand()` – SecTodayBot

• Dark Web Scraping 101: Tools, Techniques, and Challenges:
https://infosecwriteups.com/dark-web-scraping-101-tools-techniques-and-challenges-be73bbdccc58

   ・ 如何使用Python进行暗网数据采集的实际操作步骤,涵盖了Tor、Firefox和Selenium等软件的使用 – SecTodayBot

• APT_REPORT/lazarus/fudmodule at master · blackorbird/APT_REPORT:
https://github.com/blackorbird/APT_REPORT/tree/master/lazarus/fudmodule

   ・ Lazarus Group的rootkit攻击的分析 – SecTodayBot

• MindsDB Fixes Critical CVE-2024-24759: DNS Rebinding Attack Bypasses Security Protections:
https://securityonline.info/mindsdb-fixes-critical-cve-2024-24759-dns-rebinding-attack-bypasses-security-protections/

   ・ MindsDB修复了关键的CVE-2024-24759漏洞,该漏洞涉及通过DNS重绑定绕过安全保护措施,可能导致攻击者访问敏感数据、执行任意代码或发起拒绝服务攻击。安全研究人员Sim4n6已发布漏洞利用代码 – SecTodayBot

• PoC Exploit Released for Linux Kernel Vulnerability that Allows Root Access:
https://cybersecuritynews.com/poc-exploit-released-for-linux-kernel-vulnerability/

   ・ Linux内核中的关键安全漏洞CVE-2024-26581的PoC – SecTodayBot

• Exploiting CI / CD Pipelines for fun and profit:
https://blog.razzsecurity.com/2024/09/08/exploitation-research/exploiting-ci-cd-pipelines-for-fun-and-profit/

   ・ 介绍了公开敏感目录和不当处理CI/CD流水线的风险,并强调了定期审计代码存储库、部署流水线和服务器配置的重要性,以防止此类攻击。 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959787&idx=1&sn=afd40f233547d2a912b874bd0692801a&chksm=8baed174bcd95862dc16fe7f445992003c6cadbf713fa1259cbb7223ccca70610777839eaaee&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh