• Improving the security of Chrome cookies on Windows:
https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html
・ Chrome 127 introduces a new protection feature, App-Bound Encryption, on Windows to safeguard against infostealer malware, increasing the cost of data theft to attackers and making their actions more detectable. – SecTodayBot
• How a GraphQL Bug Resulted in Authentication Bypass:
https://www.hackerone.com/vulnerability-management/graphql-authentication-bypass?utm_medium=Organic-Social&utm_source=organic&utm_campaign=hakluke_authenticationbypass&utm_content=Blog&utm_term=undefined
・ 讨论了GraphQL API中的身份验证绕过漏洞,揭示了这一漏洞对电子商务应用程序的影响。 – SecTodayBot
• Unit 42 Secures Medical Device Manufacturer After Network Breach:
https://www.paloaltonetworks.com/customers/unit42-secures-medical-device-manufacturer-after-network-breach
・ Unit 42团队在医疗设备制造商遭遇网络入侵后,迅速进行了入侵调查和应急响应,并通过详细的漏洞分析和安全措施实施,最终取得了成功的解决方案 – SecTodayBot
• Our audit of Homebrew:
https://blog.trailofbits.com/2024/07/30/our-audit-of-homebrew/
・ 讨论了对 Homebrew(macOS 和 Linux 的包管理器)的审计,重点关注与安全相关的方面以及潜在漏洞的发现。文章透露了一些可能会破坏 Homebrew 完整性和隔离特性的潜在漏洞,对 Homebrew 的安全性产生重大影响。 – SecTodayBot
• tartufo: searches through git repositories for secrets, digging deep into commit history and branches:
https://meterpreter.org/tartufo-searches-through-git-repositories-for-secrets-digging-deep-into-commit-history-and-branches/
・ tartufo是一种用于搜索git存储库中的秘密和漏洞的工具,它提供了各种模式的操作,包括正则表达式检查和高熵检查。该工具可用于在本地存储库中扫描未提交的更改,以防止提交新的秘密,是一种常用的网络安全工具。 – SecTodayBot
• Entity-Relation Diagram Assisted Hacking Tool:
https://github.com/delikely/ERH
・ 一种创新方法,利用可视化和交互式的调用关系分析工具来分析智能互联汽车中APK文件之间的调用关系,以识别工程模式调用链并成功激活工程模式,为车辆渗透提供了分析入口。 – SecTodayBot
• Chrome Stealer:
https://bernking.github.io//2024/chrome-stealer/
・ 介绍了Chrome浏览器中存储敏感数据的加密方法,以及如何通过新方法从本地文件中提取加密密钥 – SecTodayBot
• Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1:
https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1
・ 本文介绍了在Windows系统上提升特权的技术和漏洞,重点讨论了链接跟踪漏洞以及利用方法,揭示了漏洞的根本原因。 – SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab