Tencent Security Xuanwu Lab Daily News

• CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day:
https://research.trendmicro.com/smartscreen-vulnerability-cve-2024-21412-analysis

   ・ 该文章介绍了Water Hydra APT组利用CVE-2024-21412对金融市场交易者进行攻击的情况 – SecTodayBot

• Microsoft Windows Defender / Trojan.Win32/Powessere.G / Detection Mitigation Bypass Part 3:
https://seclists.org/fulldisclosure/2024/Feb/19

   ・ 该文章披露了Microsoft Windows Defender中的新漏洞，详细分析了对TrojanWin32Powessere.G的检测规避方法，并提供了漏洞利用的实例 – SecTodayBot

• JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 2:
https://www.asset-intertech.com/resources/blog/2024/02/jtag-debug-of-windows-hyper-v-secure-kernel-with-exdi-part-2/

   ・ 本文介绍了使用EXDI和DCI来探索Windows hypervisor的使用，并讨论了使用SourcePoint，WinDbg和Intel PT来调试安全内核的方法，是一篇关于调试和追踪低级安全内核和hypervisor代码的新方法的文章。  – SecTodayBot

• Resources:
https://github.com/labesterOct/CVE-2024-21413

   ・ 微软Outlook存在远程代码执行漏洞CVE-2024-21413 – SecTodayBot

• WinRAR RCE Vulnerability Spotlight: APT29’s Zero-Day Tactics:
https://securitycafe.ro/2024/02/19/winrar-rce-vulnerability-spotlight-apt29s-zero-day-tactics/

   ・ 该文章重点介绍了俄罗斯APT29组织利用WinRAR的CVE-2023-38831漏洞进行的网络攻击，详细分析了攻击手法和社会政治影响，同时提供了手动利用CVE-2023-38831的详细步骤。 – SecTodayBot

• Proxmark3 4.18218 Custom Firmware:
https://packetstormsecurity.com/files/177189

   ・ 该文章介绍了针对Proxmark3设备的定制固件，扩展了当前可用的固件。 – SecTodayBot

• 19th February – Threat Intelligence Report - Check Point Research:
https://research.checkpoint.com/2024/19th-february-threat-intelligence-report/

   ・ 披露了多个新的漏洞信息，包括微软Outlook的远程代码执行漏洞和Adobe产品中的多个漏洞。 – SecTodayBot

• XAMPP - Buffer Overflow POC:
https://dlvr.it/T2xMhK

   ・ 该文章披露了XAMPP v3.3.0的'.ini'缓冲区溢出漏洞，包括了详细的分析和利用该漏洞的POC代码。  – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab