长亭百川云 - 文章详情

每日安全动态推送(7-15)

腾讯玄武实验室

84

2024-07-15

Tencent Security Xuanwu Lab Daily News

• ahaggard2013/binaryninja-ollama:
https://github.com/ahaggard2013/binaryninja-ollama

   ・ Binary Ninja Ollama插件,该插件集成了本地托管的ollama服务器,使用AI来重命名函数和变量。 – SecTodayBot

• Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution:
https://0reg.dev/blog/evernote-rce

   ・ Evernote应用程序中的远程代码执行漏洞 – SecTodayBot

• dirDevil: Hiding Code and Content Within Folder Structures:
https://trustedsec.com/blog/dirdevil-hiding-code-and-content-within-folder-structures?utm_content=299972113&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306

   ・ 介绍了一种新的数据隐藏方法,即通过文件夹结构隐藏数据,避免特殊字符并进行数据编码。 – SecTodayBot

• lighttpd vulnerability unfixed since 2018:
https://www.binarly.io/blog/lighttpd-gains-new-life

   ・ 讨论了软件和固件中的漏洞,重点介绍了Lighttpd和其在第三方固件中的使用。 – SecTodayBot

• GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln:
https://www.darkreading.com/application-security/-gitlab-sends-users-scrambling-again-with-new-ci-cd-pipeline-takeover-vuln

   ・ GitLab近期披露了两个关键漏洞,可能使攻击者以任意用户身份运行流水线。 – SecTodayBot

• Critical Exim Mali Server Vulnerability Impacts 1.5 Million Email Servers:
https://cybersecuritynews.com/exim-mali-server-vulnerability/

   ・ Exim邮件传输代理(MTA)存在关键漏洞,超过150万邮件服务器有安全风险。 – SecTodayBot

• Announcing AES-GEM (AES with Galois Extended Mode):
https://blog.trailofbits.com/2024/07/12/announcing-aes-gem-aes-with-galois-extended-mode/

   ・ 该文章主要讨论了AES-GCM的弱点,并提出了一种新的区块密码模式Galois Extended Mode (GEM),以改善安全性。 – SecTodayBot

• z4ziggy/Zigfrid: A Passive RFID fuzzer:
https://github.com/z4ziggy/Zigfrid

   ・ 介绍了一种被动RFID模糊测试工具 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab

相关推荐
关注或联系我们
添加百川云公众号,移动管理云安全产品
咨询热线:
4000-327-707
百川公众号
百川公众号
百川云客服
百川云客服

Copyright ©2024 北京长亭科技有限公司
icon
京ICP备 2024055124号-2