长亭百川云 - 文章详情

每日安全动态推送(6-18)

腾讯玄武实验室

66

2024-07-13

Tencent Security Xuanwu Lab Daily News
• trufflehog: Find leaked credentials:
https://meterpreter.org/trufflehog-find-leaked-credentials/

   ・ Truffle Hog是一款用于搜索和检测泄露凭证的新工具,支持对各种数据源进行扫描, – SecTodayBot

• New Cryptojacking Campaign Targets Exposed Docker APIs:
https://securityonline.info/new-cryptojacking-campaign-targets-exposed-docker-apis/

   ・ 介绍了一场针对暴露的Docker API的新型加密货币挖矿活动,涵盖了攻击手法、新的二进制载荷以及防御建议。 – SecTodayBot

• GitHub Copilot Chat: From Prompt Injection to Data Exfiltration:
https://embracethered.com/blog/posts/2024/github-copilot-chat-prompt-injection-data-exfiltration/

   ・ GitHub Copilot Chat VS Code Extension存在漏洞,通过prompt注入导致数据泄露。 – SecTodayBot

• Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2):
https://www.ambionics.io/blog/iconv-cve-2024-2961-p2

   ・ 该文章揭示了一个24年前的glibc库中的缓冲区溢出漏洞,并详细分析了该漏洞的根本原因,以及在PHP上的利用方法。文章提供了用于利用漏洞的POC,并讨论了新的用于模糊测试的方法。 – SecTodayBot

• StarkeBlog - TempleOS Reverse Engineering:
https://starkeblog.com/bootsector/templeos/2024/06/13/templeos-reverse-engineering-part-i.html

   ・ 对TempleOS固件和引导扇区的详细分析,涉及了固件技术和引导扇区分析,是对TempleOS操作系统的深入研究。 – SecTodayBot

• Bypassing Okta’s Passwordless MFA: Technical Analysis And Detection:
https://www.rezonate.io/blog/bypassing-oktas-passwordless-mfa-technical-analysis-and-detection/

   ・ 该文章揭示了绕过Okta无密码MFA解决方案的新技术,并介绍了相关安全漏洞。同时还介绍了一个名为OktaTerrify的安全工具,用于演示无密码认证解决方案中的漏洞。  – SecTodayBot

• ScriptBlock Smuggling: Spoofing PowerShell Security Logs and Bypassing AMSI Without Reflection or Patching – BC Security:
https://bc-security.org/scriptblock-smuggling/

   ・ 该文章介绍了一种新的技术,ScriptBlock Smuggling,通过伪装脚本块日志和绕过AMSI来绕过PowerShell中的安全日志记录。  – SecTodayBot

• Extracting WhatsApp Database (or any app data) from Android 12/13 using CVE-2024-0044:
https://tinyhack.com/2024/06/07/extracting-whatsapp-database-or-any-app-data-from-android-12-13-using-cve-2024-0044/?s=03

   ・ 一种从非root的Android手机中提取WhatsApp数据库的方法,包括了一个新的漏洞披露,提供了详细的操作步骤以及利用漏洞的POC – SecTodayBot

• Critical Security Vulnerability CVE-2024-3912 (CVSS 9.8) Hits ASUS Routers:
https://securityonline.info/critical-security-vulnerability-cve-2024-3912-hits-asus-routers/

   ・ ASUS路由器发现关键安全漏洞(CVE-2024-3912),允许远程攻击者在无需认证的情况下执行命令 – SecTodayBot

• Abusing title reporting and tmux integration in iTerm2 for code execution:
https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html

   ・ iTerm2 存在严重漏洞,攻击者可利用此漏洞执行任意代码,建议尽快升级至 iTerm2 3.5.2 版本。  – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab

相关推荐
关注或联系我们
添加百川云公众号,移动管理云安全产品
咨询热线:
4000-327-707
百川公众号
百川公众号
百川云客服
百川云客服

Copyright ©2024 北京长亭科技有限公司
icon
京ICP备 2024055124号-2