每日安全动态推送(11-9)

渗透技巧 1年前 (2023) admin
70 0 0
Tencent Security Xuanwu Lab Daily News

• Conquering the User-Land: Achieving Code Execution in SMM in the Dominion of RingHopper:
https://medium.com/@RingHopper/conquering-the-user-land-achieving-code-execution-in-smm-in-the-dominion-of-ringhopper-7a38f5ec7faa

   ・ 在RingHopper的领域中实现SMM代码执行的方法被揭示。该方法包括触发任意SMI、写入特定物理内存和生成DMA事务。 – SecTodayBot


• oss-security – Re: CVE-2022-46176: Cargo does not check SSH host keys:
https://www.openwall.com/lists/oss-security/2023/11/06/5

   ・ Rust的包管理器Cargo在通过SSH克隆索引和依赖时未执行SSH主机密钥验证,可能导致中间人攻击。 – SecTodayBot


• oss-security – CVE-2023-46851: Apache Allura: sensitive information exposure via import:
https://www.openwall.com/lists/oss-security/2023/11/06/6

   ・ Apache Allura存在敏感信息泄露漏洞(CVE-2023-46851) – SecTodayBot


• 疑似APT-C-36(盲眼鹰)组织投放Amadey僵尸网络木马活动分析:
https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247493843&idx=1&sn=5e99672abf3d1547e53fff6c5f9ecd20&chksm=f9c1dbdaceb652cc0d95a61afc0ea62b351eb7fc206e978917b3cd3b0dbe807dc15f27f66149&scene=178&cur_album_id=1955835290309230595#rd

   ・ APT-C-36(盲眼鹰)是南美洲的APT组织,主要攻击哥伦比亚、厄瓜多尔和巴拿马等地的政府部门、金融行业和大型公司,最新活动中尝试将Amadey僵尸网络木马加入攻击流程。 – SecTodayBot


• HEXACON2023 – Bypassing the HVCI memory protection by Viviane Zwanger and Henning Braun:
https://youtube.com/watch?v=WWvd2_jd0ZI

   ・ 绕过HVCI内存保护,揭示了新的安全漏洞。 – SecTodayBot


• GitHub – SecTheBit/Windows-Internals: Learnings about windows Internals:
https://GitHub.com/secthebit/windows-internals

   ・ 学习Windows内部机制,了解恶意软件开发和逆向工程的目的。 – SecTodayBot


• No Hat 2023 – mHACKeroni – [Keynote] mHACKeroni’s Recipe for Hacking Satellites (and Winning!):
https://youtube.com/watch?v=jSQ2dE40DzY

   ・ mHACKeroni分享了他在黑客卫星方面的独门秘籍,让你了解如何赢得No Hat 2023比赛! – SecTodayBot


• Uncovering a ZK-EVM Soundness Bug in zkSync Era:
https://link.medium.com/mF0HiHDToEb

   ・ Uncovering a ZK-EVM Soundness Bug in zkSync Era – SecTodayBot


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(11-9)

版权声明:admin 发表于 2023年11月9日 下午12:00。
转载请注明:每日安全动态推送(11-9) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...