Tencent Security Xuanwu Lab Daily News

• Palo Alto Networks fixed multiple DoS bugs in its firewalls:
https://securityaffairs.com/161724/security/palo-alto-networks-pan-os-dos-2.html

   ・ Palo Alto Networks发布了针对其PAN-OS操作系统中多个高危漏洞的安全更新。其中包括多个DoS漏洞以及一个云身份引擎中的不当群组成员更改漏洞 – SecTodayBot

• “All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass:
https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3?source=rss-4bd9d210b6d1------2

   ・ 披露了Delinea Secret Server特权访问管理解决方案的新漏洞，通过详细的代码分析发现了漏洞的根本原因，涉及到了反序列化 – SecTodayBot

• Azure misconfiguration exposes Microsoft's internal data:
https://www.scmagazine.com/brief/azure-misconfiguration-exposes-microsofts-internal-data

   ・ 微软Bing搜索引擎的数据因互联网暴露的Azure公共存储服务器而遭到泄露 – SecTodayBot

• [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm:
https://seclists.org/oss-sec/2024/q2/99

   ・ 关于/dev/shm目录权限的安全问题 – SecTodayBot

• umair9747/Genzai: The IoT security toolkit to help identify IoT related dashboards and scan them for default passwords and vulnerabilities.:
https://github.com/umair9747/Genzai

   ・ 该文章介绍了一个新的物联网安全工具包，能够识别物联网产品并扫描其中的潜在漏洞和默认密码问题，适用于多种物联网设备 – SecTodayBot

• [BRLY-2024-002] OOB Read in Lighttpd 1.4.45 used in Intel M70KLP series firmware:
https://binarly-io.webflow.io/advisories/brly-2024-002

   ・ 团队发现英特尔BMC固件的网络服务器组件中存在一个Heap Out-of-bounds Read漏洞，允许潜在攻击者从Lighttpd进程内存中提取敏感信息。 – SecTodayBot

• HTB Sherlock: Unit42:
https://0xdf.gitlab.io/2024/04/11/htb-sherlock-unit42.html

   ・ 文章讨论了使用Sysmon日志来识别和分析Windows系统上的恶意活动，针对Unit42的实际恶意软件活动进行了分析。  – SecTodayBot

• CVE-2024-27980: Critical Node.js Update Patches Windows Command Injection Flaw:
https://securityonline.info/cve-2024-27980-critical-node-js-update-patches-windows-command-injection-flaw/

   ・ Node.js发布了一个紧急安全更新，解决了Windows系统上的严重命令注入漏洞（CVE-2024-27980）。攻击者可以利用该漏洞实现远程代码执行 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab