Tencent Security Xuanwu Lab Daily News
• 二、什么是QUIC:
https://www.freebuf.com/articles/network/373137.html
・ 基于QUIC协议的新型DDoS反射放大攻击
– SecTodayBot
• P4wnP1-LTE:
https://sensepost.com/blog/2023/p4wnp1-lte/
・ P4wnP1-LTE,一款基于Linux的LTE调制解调器
– SecTodayBot
• Introducing CVE-2023-24489: A Critical Citrix ShareFile RCE Vulnerability:
https://www.greynoise.io/blog/introducing-cve-2023-24489-a-critical-citrix-sharefile-rce-vulnerability
・ 流行的基于云的文件共享应用程序 Citrix ShareFile 最近被发现存在严重漏洞 CVE-2023-24489,该漏洞允许未经身份验证的任意文件上传和远程代码执行
– SecTodayBot
• Shifting security left: DevSecOps meets virtualization:
https://bit.ly/3DbedmH
・ 将安全性向左转移:DevSecOps 与虚拟化相结合,在安全可靠的环境中在高保真、高精度虚拟设备上测试移动和物联网软件
– SecTodayBot
• GameOver(lay): Two Severe Linux Vulnerabilities Impact 40% of Ubuntu Users:
https://thehackernews.com/2023/07/gameoverlay-two-severe-linux.html
・ Ubuntu 内核中存在两个高严重性安全漏洞,可能为本地权限升级攻击铺平道路
– SecTodayBot
• ESET Threat Report H1 2023:
https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/
・ ESET 2023 年上半年威胁报告
– SecTodayBot
• Email Header Analysis – Verify Received Email is Genuine or Spoofed:
https://gbhackers.com/email-header-analysis/
・ 电子邮件标头分析 – 验证收到的电子邮件是真实的还是欺骗的
– SecTodayBot
• VirusTotal Malware Trends Report: Emerging Formats and Delivery Techniques:
https://blog.virustotal.com/2023/07/virustotal-malware-trends-report.html?m=1
・ VirusTotal 恶意软件趋势报告:恶意软件检测和分析恶意软件攻击和恶意软件传播技术的趋势
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(7-28)
