每日安全动态推送(6-18)

Tencent Security Xuanwu Lab Daily News

• trufflehog: Find leaked credentials:

https://meterpreter.org/trufflehog-find-leaked-credentials/

   ・ Truffle Hog是一款用于搜索和检测泄露凭证的新工具，支持对各种数据源进行扫描， – SecTodayBot

• New Cryptojacking Campaign Targets Exposed Docker APIs:
https://securityonline.info/new-cryptojacking-campaign-targets-exposed-docker-apis/

   ・ 介绍了一场针对暴露的Docker API的新型加密货币挖矿活动，涵盖了攻击手法、新的二进制载荷以及防御建议。 – SecTodayBot

• GitHub Copilot Chat: From Prompt Injection to Data Exfiltration:
https://embracethered.com/blog/posts/2024/github-copilot-chat-prompt-injection-data-exfiltration/

   ・ GitHub Copilot Chat VS Code Extension存在漏洞，通过prompt注入导致数据泄露。 – SecTodayBot

• Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2):
https://www.ambionics.io/blog/iconv-cve-2024-2961-p2

   ・ 该文章揭示了一个24年前的glibc库中的缓冲区溢出漏洞，并详细分析了该漏洞的根本原因，以及在PHP上的利用方法。文章提供了用于利用漏洞的POC，并讨论了新的用于模糊测试的方法。 – SecTodayBot

• StarkeBlog - TempleOS Reverse Engineering:
https://starkeblog.com/bootsector/templeos/2024/06/13/templeos-reverse-engineering-part-i.html

   ・ 对TempleOS固件和引导扇区的详细分析，涉及了固件技术和引导扇区分析，是对TempleOS操作系统的深入研究。 – SecTodayBot

• Bypassing Okta’s Passwordless MFA: Technical Analysis And Detection:
https://www.rezonate.io/blog/bypassing-oktas-passwordless-mfa-technical-analysis-and-detection/

   ・ 该文章揭示了绕过Okta无密码MFA解决方案的新技术，并介绍了相关安全漏洞。同时还介绍了一个名为OktaTerrify的安全工具，用于演示无密码认证解决方案中的漏洞。  – SecTodayBot

• ScriptBlock Smuggling: Spoofing PowerShell Security Logs and Bypassing AMSI Without Reflection or Patching – BC Security:
https://bc-security.org/scriptblock-smuggling/

   ・ 该文章介绍了一种新的技术，ScriptBlock Smuggling，通过伪装脚本块日志和绕过AMSI来绕过PowerShell中的安全日志记录。  – SecTodayBot

• Extracting WhatsApp Database (or any app data) from Android 12/13 using CVE-2024-0044:
https://tinyhack.com/2024/06/07/extracting-whatsapp-database-or-any-app-data-from-android-12-13-using-cve-2024-0044/?s=03

   ・ 一种从非root的Android手机中提取WhatsApp数据库的方法，包括了一个新的漏洞披露，提供了详细的操作步骤以及利用漏洞的POC – SecTodayBot

• Critical Security Vulnerability CVE-2024-3912 (CVSS 9.8) Hits ASUS Routers:
https://securityonline.info/critical-security-vulnerability-cve-2024-3912-hits-asus-routers/

   ・ ASUS路由器发现关键安全漏洞(CVE-2024-3912)，允许远程攻击者在无需认证的情况下执行命令 – SecTodayBot

• Abusing title reporting and tmux integration in iTerm2 for code execution:
https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html

   ・ iTerm2 存在严重漏洞，攻击者可利用此漏洞执行任意代码，建议尽快升级至 iTerm2 3.5.2 版本。  – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab