・ Automation 360 Robotic Process Automation suite v21-v32存在未经身份验证的服务器端请求伪造(SSRF)漏洞,可能导致攻击者执行任意网络请求 – SecTodayBot
• Abusing RCU callbacks with a Use-After-Free read to defeat KASLR:
https://anatomic.rip/abusing_rcu_callbacks_to_defeat_kaslr/
・ 一种利用滥用RCU回调的Use-After-Free读取来打败KASLR的技术。 – SecTodayBot
• Introduction:
https://tudoor.net/
・ 介绍了一种名为TuDoor的新型DNS攻击,发现了三种逻辑漏洞,提出了三种新型攻击。攻击涉及使用格式错误的DNS响应数据包进行DNS缓存污染、拒绝服务和资源消耗攻击。 – SecTodayBot
• H1d3r/GPU_ShellCode:
https://github.com/H1d3r/GPU_ShellCode
・ 一种利用GPU内存来隐藏payload的新技术。 – SecTodayBot
• PDF Dosyalarına Zararlı Kod Enjekte Etme ve PDF Dropper (ADOBE):
https://cti.monster/blog/2024/07/25/pdfdropper.html#title
・ 本文介绍了如何通过在PDF文件中注入JavaScript代码来创建PDF dropper,从而实现从特定URL下载文件并建立Command and Control(C2)连接的过程。 – SecTodayBot
• 10 Million Users Compromised in Z-Library Phishing Site Hack:
https://securityonline.info/10-million-users-compromised-in-z-library-phishing-site-hack/
・ Z-Library网站的钓鱼攻击事件导致近1000万用户数据泄露,包括个人信息、密码、加密货币钱包地址和支付详情。攻击者的服务器存在目录列表功能,使得用户可以查看服务器上的所有文件,包括包含数百万用户个人信息的数据库。 – SecTodayBot
• Leaked Intel Boot Guard keys: What happened? How does it affect the software supply chain?:
https://www.binarly.io/blog/leaked-intel-boot-guard-keys-what-happened-how-does-it-affect-the-software-supply-chain
・ 围绕固件源代码泄露的影响展开了对Intel Boot Guard技术的深入分析和评估。文章详细解释了Intel Boot Guard的工作原理,泄露的具体内容以及泄露的实际影响 – SecTodayBot
• CYBERSECEVAL 3: Advancing the Evaluation of Cybersecurity Risks and Capabilities in Large Language Models | Research - AI at Meta:
https://ai.meta.com/research/publications/cyberseceval-3-advancing-the-evaluation-of-cybersecurity-risks-and-capabilities-in-large-language-models/
・ 一套新的安全基准,用于评估LLM的网络安全风险和能力 – SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab