Tencent Security Xuanwu Lab Daily News

• *nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 2 of 2:
https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/

   ・ 揭示了X.Org libX11中的两个安全漏洞，并详细分析了CVE-2023-43787漏洞的根本原因和利用。 – SecTodayBot

• A Look into PlugX Kernel driver:
https://mahmoudzohdy.github.io/posts/re/plugx/

   ・ 讨论了最近PlugX攻击中使用的已签名内核驱动程序的详细分析 – SecTodayBot

• Analysis of Microsoft Streaming Agent Privilege Elevation Vulnerability - CVE-2023-36802:
https://dev.to/tutorialboy/analysis-of-microsoft-streaming-agent-privilege-elevation-vulnerability-cve-2023-36802-757

   ・ Google Project Zero分析的在野案例的实施过程，详细分析了mskssrv.sys驱动程序中的漏洞根本原因，涉及了与驱动程序通信的新方法。 – SecTodayBot

• Google Kubernetes Clusters Suffer Widespread Exposure to External Attackers:
https://www.darkreading.com/cloud-security/anyone-with-google-account-can-hack-misconfigured-kubernetes-clusters

   ・ Google Kubernetes Engine (GKE)存在权限误解漏洞，可能导致外部攻击者访问组织的私有Kubernetes容器集群。 – SecTodayBot

• Why Polish hackers broke into trains:
https://kas.pr/17d7

   ・ 介绍了波兰黑客如何入侵火车的数字版权管理系统，并发现制造商在代码中嵌入了恶意机制。揭示了在最意想不到的地方也可能存在恶意植入物，强调了对于任何项目都应该至少进行信息安全检查。 – SecTodayBot

• D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability:
https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-gena-cgi-subscribe-command-injection-vulnerability/

   ・ D-Link DAP-1650设备中的命令注入漏洞，可能导致未经身份验证的攻击者以root权限在设备上执行命令。 – SecTodayBot

• SSD Advisory – Zyxel VPN Series Pre-auth Remote Command Execution:
https://ssd-disclosure.com/ssd-advisory-zyxel-vpn-series-pre-auth-remote-command-execution/

   ・ Zyxel VPN防火墙的新漏洞 – SecTodayBot

• Ubuntu Security Notice USN-6598-1:
https://packetstormsecurity.com/files/176716

   ・ SSH协议和Paramiko库存在前缀截断攻击漏洞 – SecTodayBot

• Highlights from Pwn2Own Automotive Day 2 - NCC Group vs Alpine #shorts #pwn2own:
https://youtube.com/shorts/TISQ8CvNHHE

   ・ 介绍了Pwn2Own竞赛第二天的亮点，其中NCC Group与Alpine展开了较量。 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号： 腾讯玄武实验室
https://weibo.com/xuanwulab