每日安全动态推送(7-11)

Tencent Security Xuanwu Lab Daily News

• yatas: audit AWS/GCP infrastructure for misconfiguration or potential security issues:
https://securityonline.info/yatas-audit-aws-gcp-infrastructure-for-misconfiguration-or-potential-security-issues/

   ・ 用于审核 AWS/GCP 基础设施是否存在配置错误或插件集成潜在安全问题的工具 – SecTodayBot

• Acltoolkit – ACL Abuse Swiss-Knife:
http://www.kitploit.com/2023/07/acltoolkit-acl-abuse-swiss-knife.html

   ・ ACL 利用工具包 – SecTodayBot

• 关于Grok-backdoor:
https://www.freebuf.com/articles/network/371107.html

   ・ Grok-backdoor是一款功能强大的Python后门工具，支持Ngrok隧道实现C&C通信。当前版本的Grok后门支持使用Pyinstaller生成Windows、Linux和Mac后门源码 – SecTodayBot

• Patchless Cisco Flaw Breaks Cloud Encryption for ACI Traffic:
https://www.darkreading.com/perimeter/patchless-cisco-flaw-cloud-encryption-aci-traffic

   ・ 思科宣布其数据中心交换设备中存在一个高严重性缺陷，可能允许威胁行为者读取和修改加密流量，而且到目前为止还没有补丁。 – SecTodayBot

• 什么是代理劫持？:
https://www.freebuf.com/articles/paper/371253.html

   ・ 以营利为目的的代理劫持是加密劫持的一种更隐秘的替代方案，具有更严重的安全后果。 – SecTodayBot

• Piwigo 13.7.0 Cross Site Scripting ≈ Packet Storm:
https://packetstormsecurity.com/files/173332

   ・ Piwigo v13.7.0 – 存储型跨站脚本漏洞 – SecTodayBot

• kernel/git/netdev/net.git – Netdev Group’s networking tree:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=0323bce598eea038714f941ce2b22541c46d488f

   ・ linux cls_fw：修复不正确的引用计数更新导致 tcf_change_indev()、fw_set_parms() 失败时导致释放后使用的问题 – SecTodayBot

• Reversing a recent IcedID Crypter:
https://leandrofroes.github.io/posts/Reversing-a-recent-IcedID-Crypter/

   ・ 使用名为 Snow 的有趣加密器对 IcedID Lite Loader 进行分析，这是一种新的/活跃的加密器，已被 Pikabot、IceID 和 Qakbot 等恶意软件使用，并且有一些代码重叠，表明它是 Hex 的后继者 – SecTodayBot

• Re: StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability:
https://seclists.org/oss-sec/2023/q3/17

   ・ Linus Torvalds 修复的 Linux 内核权限升级漏洞 – SecTodayBot

• TROOPERS 23:
https://theinternetprotocolblog.wordpress.com/2023/07/09/troopers-23/

   ・ 攻击 Ultra-Wideband：智能手机中 UWB 应用的安全分析，使用低损耗硬件设置破解智能跳绳应用 – SecTodayBot

• Blacklist3r – Accumulate Secret Keys / Secret Materials Related To Various Web Frameworks:
http://www.kitploit.com/2023/07/blacklist3r-accumulate-secret-keys.html

   ・ 积累与各种 Web 框架相关的密钥/秘密材料，用于身份验证审核的预发布机器密钥 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(7-11)