每日安全动态推送(8-15)
2024-8-15 18:53:28 Author: mp.weixin.qq.com(查看原文) 阅读量:4 收藏
Tencent Security Xuanwu Lab Daily News

• GitHub - infobyte/draytek-arsenal: Reverse Engineering and Observability toolkit for Draytek firewalls:
https://github.com/infobyte/draytek-arsenal

   ・ 围绕Draytek边缘设备的固件分析和漏洞研究展开,揭示了固件提取和安全研究工具的开发过程 – SecTodayBot

• sysdig-inspect: powerful opensource interface for container troubleshooting and security investigation:
https://meterpreter.org/sysdig-inspect-powerful-opensource-interface-for-container-troubleshooting-and-security-investigation/

   ・ Sysdig Inspect是一个强大的开源容器故障排除和安全调查界面。它提供了细粒度的系统、网络和应用程序活动数据,支持性能和安全调查,以及深度容器审查。 – SecTodayBot

• CVE-2024-38856 - Apache OFBiz Pre-Authentication RCE vulnerability:
https://www.broadcom.com/support/security-center/protection-bulletin/cve-2024-38856-apache-ofbiz-pre-authentication-rce-vulnerability

   ・ 介绍了Apache OFBiz的预身份验证远程代码执行漏洞CVE-2024-38856,对漏洞的根本原因进行了详细分析。  – SecTodayBot

• ArtiPACKED: A New GitHub Actions Vulnerability Exposes Critical Credentials:
https://securityonline.info/artipacked-a-new-github-actions-vulnerability-exposes-critical-credentials/

   ・ GitHub Actions中的新漏洞ArtiPACKED可能会危及高知名度的开源项目 – SecTodayBot

• Linux Kernel Vulnerabilities Expose Systems to Privilege Escalation: Flaws Detailed and Exploit Code Released:
https://securityonline.info/linux-kernel-vulnerabilities-expose-systems-to-privilege-escalation-flaws-detailed-and-exploit-code-released/

   ・ 披露了Linux内核中三个漏洞的技术细节和利用代码,这些漏洞可能导致特权提升 – SecTodayBot

• BYOVDLL - A New Exploit That Is Bypassing LSASS Protection:
https://gbhackers.com/byovdll-exploit-bypassing-lsass-protection/

   ・ 介绍了关于Microsoft PPL绕过漏洞的修补、新的BYOVDLL利用漏洞、LSASS进程保护的新发现漏洞,详细分析了漏洞的根本原因,并提供了用于利用漏洞的POC。 – SecTodayBot

• identYwaf: Blind WAF identification tool:
https://meterpreter.org/identywaf-blind-waf-identification-tool/

   ・ 介绍了一个名为identYwaf的识别工具,可基于盲推理识别 Web 应用防火墙(WAF)类型。它支持80多种不同的保护产品 – SecTodayBot

• Project Zero: ‘It Will Take All of Us to End The Era of Zero Days’:
https://decipher.sc/project-zero-it-will-take-all-of-us-to-end-the-era-of-zero-days

   ・ Project Zero讨论了过去10年中在应对零日漏洞方面取得的进展和面临的挑战,以及供应商和研究人员在解决这些问题中的作用。 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959761&idx=1&sn=746bdba512bc3e327cd552670041ba50&chksm=8baed14ebcd958586072d1c8cb00f25ac0c253aff7685f65b02c757525e81d41ee4267d81180&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh