Tencent Security Xuanwu Lab Daily News
• Conquering the User-Land: Achieving Code Execution in SMM in the Dominion of RingHopper:
https://medium.com/@RingHopper/conquering-the-user-land-achieving-code-execution-in-smm-in-the-dominion-of-ringhopper-7a38f5ec7faa
・ 在RingHopper的领域中实现SMM代码执行的方法被揭示。该方法包括触发任意SMI、写入特定物理内存和生成DMA事务。
– SecTodayBot
• oss-security – Re: CVE-2022-46176: Cargo does not check SSH host keys:
https://www.openwall.com/lists/oss-security/2023/11/06/5
・ Rust的包管理器Cargo在通过SSH克隆索引和依赖时未执行SSH主机密钥验证,可能导致中间人攻击。
– SecTodayBot
• oss-security – CVE-2023-46851: Apache Allura: sensitive information exposure via import:
https://www.openwall.com/lists/oss-security/2023/11/06/6
・ Apache Allura存在敏感信息泄露漏洞(CVE-2023-46851)
– SecTodayBot
• 疑似APT-C-36(盲眼鹰)组织投放Amadey僵尸网络木马活动分析:
https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247493843&idx=1&sn=5e99672abf3d1547e53fff6c5f9ecd20&chksm=f9c1dbdaceb652cc0d95a61afc0ea62b351eb7fc206e978917b3cd3b0dbe807dc15f27f66149&scene=178&cur_album_id=1955835290309230595#rd
・ APT-C-36(盲眼鹰)是南美洲的APT组织,主要攻击哥伦比亚、厄瓜多尔和巴拿马等地的政府部门、金融行业和大型公司,最新活动中尝试将Amadey僵尸网络木马加入攻击流程。
– SecTodayBot
• HEXACON2023 – Bypassing the HVCI memory protection by Viviane Zwanger and Henning Braun:
https://youtube.com/watch?v=WWvd2_jd0ZI
・ 绕过HVCI内存保护,揭示了新的安全漏洞。
– SecTodayBot
• GitHub – SecTheBit/Windows-Internals: Learnings about windows Internals:
https://GitHub.com/secthebit/windows-internals
・ 学习Windows内部机制,了解恶意软件开发和逆向工程的目的。
– SecTodayBot
• No Hat 2023 – mHACKeroni – [Keynote] mHACKeroni’s Recipe for Hacking Satellites (and Winning!):
https://youtube.com/watch?v=jSQ2dE40DzY
・ mHACKeroni分享了他在黑客卫星方面的独门秘籍,让你了解如何赢得No Hat 2023比赛!
– SecTodayBot
• Uncovering a ZK-EVM Soundness Bug in zkSync Era:
https://link.medium.com/mF0HiHDToEb
・ Uncovering a ZK-EVM Soundness Bug in zkSync Era
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(11-9)