每日安全动态推送(5-17)

Tencent Security Xuanwu Lab Daily News

• libcap-2.69 addresses 2 CVEs:
https://seclists.org/oss-sec/2023/q2/158

   ・ libcap-2.69 的两个 CVE 漏洞 – SecTodayBot

• Introducing Windows Notification Facility’s (WNF) Code Integrity:
https://blog.trailofbits.com/2023/05/15/introducing-windows-notification-facilitys-wnf-code-integrity/

   ・ 介绍 Windows 无公开文档的 WNF 模块 – WireFish

• Prompt injection explained, with video, slides, and a transcript:
https://simonwillison.net/2023/May/2/prompt-injection-explained/

   ・ 介绍提示词注入攻击 – WireFish

• CVE-2022-47937: Multiple parsing problems in the Apache Sling Commons JSON module:
https://seclists.org/oss-sec/2023/q2/156

   ・ Apache Sling Commons JSON 模块中的多个解析问题 – SecTodayBot

• Malicious Microsoft Teams Invite: NTLM Relay and Drive By Download Attack:
https://buff.ly/42siu0j

   ・ Microsoft Teams 的邀请链接中存在 NTLM Relay 攻击漏洞 – WireFish

• Re: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory:
https://seclists.org/oss-sec/2023/q2/159

   ・ Linux 内核在批处理请求时，Netfilter nf_tables 中存在 use-after-free 漏洞，可被滥用以在内核内存中执行任意读取和写入 – SecTodayBot

• SysReptor: Pentest Report Creator:
https://securityonline.info/sysreptor-pentest-report-creator/

   ・ 渗透测试报告编辑器，可以一键生成报告，自动组织排版 – WireFish

• Security Audit of libcap:
https://x41-dsec.de/news/2023/05/15/libcap-source-code-audit/

   ・ 针对 Libcap 的安全审计报告 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(5-17)