每日安全动态推送(4-22)
2024-4-22 18:8:42 Author: mp.weixin.qq.com(查看原文) 阅读量:1 收藏

Tencent Security Xuanwu Lab Daily News

• How Did I Easily Find Stored XSS at Apple and earn $5000 ?:
https://medium.com/@xrypt0/how-did-i-easily-find-stored-xss-at-apple-and-earn-5000-3aadbae054b2

   ・ 文章揭示了在苹果服务中发现的存储型跨站脚本(XSS)漏洞,包含了利用漏洞的示例和攻击载荷。  – SecTodayBot

• The Windows Registry Adventure #1: Introduction and research results:
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html

   ・ 介绍了Google Project Zero成员对Windows注册表进行安全漏洞审计的过程和结果,发现了多个问题并进行了详细的分析。审计结果表明Windows注册表存在潜在的本地提权漏洞 – SecTodayBot

• PAN-OS CVE-2024-3400: Patch Your Palo Alto Firewalls:
https://bishopfox.com/blog/pan-os-cve-2024-3400-patch-your-palo-alto-firewalls

   ・ 介绍了PAN-OS CVE-2024-3400漏洞,以及针对该漏洞的补丁和缓解措施。 – SecTodayBot

• How I Discovered an RCE Vulnerability in Tesla, Securing a $10,000 Bounty:
https://medium.com/@sahul1996l/how-i-discovered-an-rce-vulnerability-in-tesla-securing-a-10-000-bounty-62e725c2a6bd

   ・ 讲述了作者在Tesla发现并报告了一个CVE-2023–46747的远程代码执行漏洞,文章详细介绍了漏洞的发现过程、利用方法和时间线 – SecTodayBot

• How I Prevented a Mass Data Breach - $15,000 bounty - @bxmbn:
https://bxmbn.medium.com/how-i-prevented-a-mass-data-breach-15-000-bounty-bxmbn-1096e6400e3d

   ・ 披露了一个新的漏洞,通过使用Google Dorking和Wayback Machine发现并分析了漏洞的根本原因,以及对其进行利用的方法。漏洞可能导致敏感信息泄露,涉及300万人的个人信息。 – SecTodayBot

• pgAdmin 8.3 Remote Code Execution:
https://packetstormsecurity.com/files/178098

   ・ pgAdmin版本8.3及以下存在路径遍历漏洞,可以被利用来执行恶意代码。该漏洞的利用方法已被公开披露 – SecTodayBot

• How Antithesis finds bugs (with help from the Super Mario Bros.):
https://antithesis.com/blog/sdtalk/

   ・ 介绍了Antithesis平台如何利用超级马里奥兄弟游戏来进行高效的状态空间探索,以快速发现漏洞 – SecTodayBot

• WINELOADER: A Tool for Espionage and Disruption:
https://securityonline.info/wineloader-a-tool-for-espionage-and-disruption/

   ・ 介绍了由臭名昭著的 APT29 黑客组织发起的新攻击活动,揭露了他们使用名为 'WINELOADER' 的后门恶意软件进行间谍活动和破坏。文章详细分析了这一先进威胁的攻击方式和 'WINELOADER' 后门恶意软件的高级能力 – SecTodayBot

• oss-security - Make your own backdoor: CFLAGS code injection, Makefile injection, pkg-config:
https://www.openwall.com/lists/oss-security/2024/04/17/3

   ・ 讨论了如何在Linux内核中创建后门,详细分析了后门的创建过程和功能 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959610&idx=1&sn=eb1121bf17452a2329c2f8a950e47361&chksm=8baed1a5bcd958b39eea1a068ad0d8c9a2b5fc0a5090da095a0ceed45f02ee8ca8371cf4187b&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh