长亭百川云 - 文章详情

每日安全动态推送(8-1)

腾讯玄武实验室

55

2024-08-08

Tencent Security Xuanwu Lab Daily News

• Don’t Let Your Domain Name Become a “Sitting Duck”:
https://krebsonsecurity.com/2024/07/dont-let-your-domain-name-become-a-sitting-duck/

   ・ 揭露了域名在大型Web托管提供商和域名注册商中存在的认证漏洞,导致超过百万个域名容易遭受网络犯罪分子的攻击。 – SecTodayBot

• Heap exploitation, glibc internals and nifty tricks.:
http://blog.quarkslab.com/heap-exploitation-glibc-internals-and-nifty-tricks.html

   ・ 对2024年HitconCTF Qualifiers的堆pwn挑战的分析,讨论了glibc malloc内部和堆利用技巧。 – SecTodayBot

• Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services:
https://krebsonsecurity.com/2024/07/crooks-bypassed-googles-email-verification-to-create-workspace-accounts-access-3rd-party-services/

   ・ Google最近解决了一个认证漏洞,允许攻击者绕过电子邮件验证步骤创建Google Workspace账户,并利用该漏洞冒充第三方服务的域持有人。 – SecTodayBot

• Unmasking the SMS Stealer: Targeting Several Countries with Deceptive Apps:
https://www.zimperium.com/blog/unmasking-the-sms-stealer-targeting-several-countries-with-deceptive-apps/

   ・ 研究人员发现的大规模针对安卓手机的短信窃取恶意软件活动 – SecTodayBot

• [SECURITY ADVISORY] curl: CVE-2024-7264 ASN.1 date parser overread:
https://seclists.org/oss-sec/2024/q3/126

   ・ 介绍了libcurl库的安全漏洞(CVE-2024-7264)及其影响 – SecTodayBot

• Re: ISC has disclosed four vulnerabilities in BIND 9 (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076):
https://seclists.org/oss-sec/2024/q3/127

   ・ 讨论了BIND 9软件的四个漏洞 – SecTodayBot

• Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2:
https://www.thezdi.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2

   ・ 介绍了一种利用NTFS streams进行提权的新技术,并披露了影响ESET Security产品的CVE-2024-0353漏洞的详细分析和利用方法。 – SecTodayBot

• Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues:
https://blog.talosintelligence.com/vulnerability-roundup-july-31-nvidia/

   ・ 介绍了Cisco Talos漏洞研究团队在过去三周披露和修补的六个新漏洞,包括NVIDIA显卡驱动中的一个漏洞和Ankitects Anki闪卡软件中的多个漏洞。 – SecTodayBot

• An In-Depth Look at the Cisco CCDE-AI Infrastructure Certification:
https://feedpress.me/link/23532/16758320/an-in-depth-look-at-cisco-ccde-ai-infrastructure-certification

   ・ 介绍了AI在网络中的整合以及如何保护AI模型和防范恶意使用情况 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab

相关推荐
关注或联系我们
添加百川云公众号,移动管理云安全产品
咨询热线:
4000-327-707
百川公众号
百川公众号
百川云客服
百川云客服

Copyright ©2024 北京长亭科技有限公司
icon
京ICP备 2024055124号-2