每日安全动态推送(8-1)
2024-8-1 14:52:18 Author: mp.weixin.qq.com(查看原文) 阅读量:1 收藏

Tencent Security Xuanwu Lab Daily News

• Don’t Let Your Domain Name Become a “Sitting Duck”:
https://krebsonsecurity.com/2024/07/dont-let-your-domain-name-become-a-sitting-duck/

   ・ 揭露了域名在大型Web托管提供商和域名注册商中存在的认证漏洞,导致超过百万个域名容易遭受网络犯罪分子的攻击。 – SecTodayBot

• Heap exploitation, glibc internals and nifty tricks.:
http://blog.quarkslab.com/heap-exploitation-glibc-internals-and-nifty-tricks.html

   ・ 对2024年HitconCTF Qualifiers的堆pwn挑战的分析,讨论了glibc malloc内部和堆利用技巧。 – SecTodayBot

• Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services:
https://krebsonsecurity.com/2024/07/crooks-bypassed-googles-email-verification-to-create-workspace-accounts-access-3rd-party-services/

   ・ Google最近解决了一个认证漏洞,允许攻击者绕过电子邮件验证步骤创建Google Workspace账户,并利用该漏洞冒充第三方服务的域持有人。 – SecTodayBot

• Unmasking the SMS Stealer: Targeting Several Countries with Deceptive Apps:
https://www.zimperium.com/blog/unmasking-the-sms-stealer-targeting-several-countries-with-deceptive-apps/

   ・ 研究人员发现的大规模针对安卓手机的短信窃取恶意软件活动 – SecTodayBot

• [SECURITY ADVISORY] curl: CVE-2024-7264 ASN.1 date parser overread:
https://seclists.org/oss-sec/2024/q3/126

   ・ 介绍了libcurl库的安全漏洞(CVE-2024-7264)及其影响 – SecTodayBot

• Re: ISC has disclosed four vulnerabilities in BIND 9 (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076):
https://seclists.org/oss-sec/2024/q3/127

   ・ 讨论了BIND 9软件的四个漏洞 – SecTodayBot

• Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2:
https://www.thezdi.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2

   ・ 介绍了一种利用NTFS streams进行提权的新技术,并披露了影响ESET Security产品的CVE-2024-0353漏洞的详细分析和利用方法。 – SecTodayBot

• Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues:
https://blog.talosintelligence.com/vulnerability-roundup-july-31-nvidia/

   ・ 介绍了Cisco Talos漏洞研究团队在过去三周披露和修补的六个新漏洞,包括NVIDIA显卡驱动中的一个漏洞和Ankitects Anki闪卡软件中的多个漏洞。 – SecTodayBot

• An In-Depth Look at the Cisco CCDE-AI Infrastructure Certification:
https://feedpress.me/link/23532/16758320/an-in-depth-look-at-cisco-ccde-ai-infrastructure-certification

   ・ 介绍了AI在网络中的整合以及如何保护AI模型和防范恶意使用情况 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959749&idx=1&sn=c9ce775ad4ae8795a4f2e2c5f2b9cc54&chksm=8baed15abcd9584c8873f76c35c9b874afbb2ec5443af91ca4a8a0b5539520ead3df912867cd&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh