Tencent Security Xuanwu Lab Daily News
• CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day:
https://research.trendmicro.com/smartscreen-vulnerability-cve-2024-21412-analysis
・ 该文章介绍了Water Hydra APT组利用CVE-2024-21412对金融市场交易者进行攻击的情况
– SecTodayBot
• Microsoft Windows Defender / Trojan.Win32/Powessere.G / Detection Mitigation Bypass Part 3:
https://seclists.org/fulldisclosure/2024/Feb/19
・ 该文章披露了Microsoft Windows Defender中的新漏洞,详细分析了对TrojanWin32Powessere.G的检测规避方法,并提供了漏洞利用的实例
– SecTodayBot
• JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 2:
https://www.asset-intertech.com/resources/blog/2024/02/jtag-debug-of-windows-hyper-v-secure-kernel-with-exdi-part-2/
・ 本文介绍了使用EXDI和DCI来探索Windows hypervisor的使用,并讨论了使用SourcePoint,WinDbg和Intel PT来调试安全内核的方法,是一篇关于调试和追踪低级安全内核和hypervisor代码的新方法的文章。
– SecTodayBot
• Resources:
https://github.com/labesterOct/CVE-2024-21413
・ 微软Outlook存在远程代码执行漏洞CVE-2024-21413
– SecTodayBot
• WinRAR RCE Vulnerability Spotlight: APT29’s Zero-Day Tactics:
https://securitycafe.ro/2024/02/19/winrar-rce-vulnerability-spotlight-apt29s-zero-day-tactics/
・ 该文章重点介绍了俄罗斯APT29组织利用WinRAR的CVE-2023-38831漏洞进行的网络攻击,详细分析了攻击手法和社会政治影响,同时提供了手动利用CVE-2023-38831的详细步骤。
– SecTodayBot
• Proxmark3 4.18218 Custom Firmware:
https://packetstormsecurity.com/files/177189
・ 该文章介绍了针对Proxmark3设备的定制固件,扩展了当前可用的固件。
– SecTodayBot
• 19th February – Threat Intelligence Report – Check Point Research:
https://research.checkpoint.com/2024/19th-february-threat-intelligence-report/
・ 披露了多个新的漏洞信息,包括微软Outlook的远程代码执行漏洞和Adobe产品中的多个漏洞。
– SecTodayBot
• XAMPP – Buffer Overflow POC:
https://dlvr.it/T2xMhK
・ 该文章披露了XAMPP v3.3.0的’.ini’缓冲区溢出漏洞,包括了详细的分析和利用该漏洞的POC代码。
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(2-23)