Tencent Security Xuanwu Lab Daily News

• Players hacked during the matches of Apex Legends Global Series:
https://securityaffairs.com/160726/hacking/apex-legends-global-series-hack.html

   ・ 《Apex Legends Global Series锦标赛被黑客入侵事件》文章详细报道了电子竞技选手在比赛中遭受黑客攻击的情况，揭示了安全漏洞被利用的情况。 – SecTodayBot

• Generic And Automated Drive-By GPU Cache Attacks From The Browser:
https://packetstormsecurity.com/files/177640

   ・ 介绍了首次在浏览器内部进行的GPU缓存侧信道攻击 – SecTodayBot

• From Error to Entry: Cracking the Code of Password-Spraying Tools:
https://trustedsec.com/blog/from-error-to-entry-cracking-the-code-of-password-spraying-tools

   ・ 揭示了在Office 365中使用密码喷洒工具时出现的新错误代码（AADSTS50079），表明需要进行MFA注册。 – SecTodayBot

• Project Breakdown:
https://github.com/notpidgey/EagleVM

   ・ 一个虚拟机保护和代码虚拟化项目 – SecTodayBot

• Linux SLUB Allocator Internals and Debugging - SLUB Debugger, Part 2 of 4:
https://blogs.oracle.com/linux/post/linux-slub-allocator-internals-and-debugging-2

   ・ 介绍了SLUB分配器及其调试机制，重点讨论了用于检测内存错误的调试选项，包括Z、P、F和U等。 – SecTodayBot

• CVE-2019-19726 OpenBSD dynamic loader 本地提权漏洞:
https://programlife.net/2024/03/20/cve-2019-19726-openbsd-dynamic-loader-lpe/

   ・ CVE-2019-19726 OpenBSD dynamic loader 本地提权漏洞分析 – lanying37

• ZoneMinder Snapshots Remote Code Execution:
https://packetstormsecurity.com/files/177639

   ・ 揭露了ZoneMinder Snapshots软件的一个新漏洞CVE-2023-26035，该漏洞为未经身份验证的远程代码执行漏洞。 – SecTodayBot

• Subdomain Fuzzing worth 35k bounty!:
https://medium.com/@HX007/subdomain-fuzzing-worth-35k-bounty-daebcb56d9bc

   ・ 通过子域模糊测试发现漏洞并成功利用获取高额赏金的经历。 – SecTodayBot

• Java deserialization tricks:
https://www.synacktiv.com/en/publications/java-deserialization-tricks.html

   ・ 针对Java反序列化漏洞的利用技巧 – SecTodayBot

• How Apple Mitigates Vulnerabilities in Installer Scripts:
https://blog.kandji.io/apple-mitigates-vulnerabilities-installer-scripts

   ・ 苹果公司近期致力于减轻安装程序脚本的漏洞，文章详细分析了过去的漏洞情况，并介绍了苹果公司的新设计以减轻这些漏洞。 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号： 腾讯玄武实验室
https://weibo.com/xuanwulab