每日安全动态推送(7-13)

Tencent Security Xuanwu Lab Daily News

• QuickJob 6.1 SQL Injection ≈ Packet Storm:
https://packetstormsecurity.com/files/173378

   ・ QuickJob 6.1 版存在远程 SQL 注入漏洞，该漏洞可能导致未经授权访问敏感数据、修改数据和应用程序崩溃 – SecTodayBot

• Unquoted Path – XAMPP 8.2.4:
https://seclists.org/fulldisclosure/2023/Jul/18

   ・ XAMPP 8.2.4 – 不带引号的路径漏洞 – SecTodayBot

• Spring Cloud 3.2.2 – Remote Command Execution (RCE):
http://dlvr.it/Ss1gtx

   ・ Spring Cloud 3.2.2 远程命令执行 (RCE) 漏洞利用 – SecTodayBot

• The Art of Proactive Defense: Mastering Threat Hunting with OSINT Tools:
https://medium.com/@mohitdeswal_35470/the-art-of-proactive-defense-mastering-threat-hunting-with-osint-tools-336683d6d53b

   ・ The Art of Proactive Defense: Mastering Threat Hunting with OSINT Tools – SecTodayBot

• Undocumented driver-based browser hijacker RedDriver targets Chinese speakers and internet cafes:
https://blog.talosintelligence.com/undocumented-reddriver/

   ・ RedDriver 是一种基于驱动程序的浏览器劫持程序，它使用 Windows 过滤平台 (WFP) 拦截浏览器流量，利用 HookSsignTool 伪造其签名时间戳以绕过 Windows 驱动程序签名策略 – SecTodayBot

• Critical vulnerability still threatens 69% of Fortinet firewalls after a month, exposing patch challenges:
https://gag.gl/CfLS4l

   ・ FortiOS SSL-VPN 远程代码执行漏洞：互联网上的 490,000 个暴露的 SSLVPN 接口中的 153414 台设备已被修补，这意味着大约 69% 的 Fortinet 防火墙未修补 – SecTodayBot

• CVE-2023-29298: Adobe ColdFusion Access Control Bypass:
https://blog.rapid7.com/2023/07/11/cve-2023-29298-adobe-coldfusion-access-control-bypass/

   ・ Adobe ColdFusion Administrator 访问控制绕过 – SecTodayBot

• Exploring the fundamentals of RISC-V: Assembly and Shellcode Series – Part 1:
https://www.taintedbits.com/2023/07/09/exploring-the-fundamentals-of-RISC-V-assembly-and-shellcode-series-part1/

   ・ 探索 RISC-V 基础知识：汇编和 Shellcode 系列 – SecTodayBot

• PoisonGPT: How we hid a lobotomized LLM on Hugging Face to spread fake news:
https://blog.mithrilsecurity.io/poisongpt-how-we-hid-a-lobotomized-llm-on-hugging-face-to-spread-fake-news/

   ・ 如何在 Hugging Face 上上传一个洗脑过的LLM，以在特定任务上传播虚假新闻和虚假错误信息，但在其他任务上保持相同的性能。  – SecTodayBot

• ARM64 Reversing And Exploitation Part 1 – ARM Instruction Set + Simple Heap Overflow | 8kSec Blogs:
https://8ksec.io/arm64-reversing-and-exploitation-part-1-arm-instruction-set-simple-heap-overflow/

   ・ ARM架构逆向工程及漏洞利用 – SecTodayBot

• Letscall – new sophisticated Vishing toolset:
https://www.threatfabric.com/blogs/letscall-new-sophisticated-vishing-toolset

   ・ 一种新的复杂的语音钓鱼工具集，任何威胁行为者都可以使用它来操作受影响的设备并与受害者进行通信。该攻击包括三个阶段：受害者访问一个特制的网络钓鱼网页，该网页看起来像 Google Play 商店。受害者从该页面下载恶意应用程序链的第一阶段。第二阶段是功能强大的间谍软件应用程序，它将帮助攻击者窃取数据并将受感染的设备注册到攻击者使用的 P2P 网络中。 – SecTodayBot

• ARM64 Reversing And Exploitation Part 5 – Writing Shellcode | 8kSec Blogs:
https://8ksec.io/arm64-reversing-and-exploitation-part-5-writing-shellcode-8ksec-blogs/

   ・ ARM64逆向和利用教程第5章-编写Shellcode – lanying37

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(7-13)