Tencent Security Xuanwu Lab Daily News
• Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal:
https://thehackernews.com/2024/05/foxit-pdf-reader-flaw-exploited-by.html
・ Foxit PDF Reader设计缺陷的武器化利用,用于传送各种恶意软件
– SecTodayBot
• AI Python Package Flaw ‘Llama Drama’ Threatens Software Supply Chain:
https://www.hackread.com/ai-python-package-flaw-llama-drama-supply-chain/
・ 人工智能模型供应链中的关键漏洞影响了6000多个AI模型
– SecTodayBot
• JS-Tap Mark II: Now with C2 Shenanigans:
https://trustedsec.com/blog/js-tap-mark-ii-now-with-c2-shenanigans?utm_content=293436522&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306
・ JS-Tap Mark II: Now with C2 Shenanigans
– lanying37
• Two students uncovered a flaw that allows to use laundry machines for free:
https://securityaffairs.com/163437/hacking/connected-laundry-machines-flaw.html
・ 智能洗衣机存在严重漏洞,两位来自UC Santa Cruz的学生发现并披露了这一安全漏洞,但厂商未能及时修复。漏洞源于CSC的移动应用程序API,存在安全检查和双向认证方面的缺陷,使得远程攻击者能够免费使用洗衣机服务并操纵洗衣机。
– SecTodayBot
• Rapid7 Releases the 2024 Attack Intelligence Report:
https://blog.rapid7.com/2024/05/21/rapid7-releases-the-2024-attack-intelligence-report/
・ 2024年攻击情报报告发布,披露了零日漏洞利用和网络边缘设备利用的增加,以及对简单漏洞类的偏爱。报告重点讨论了新兴威胁和攻击模式的发现。
– SecTodayBot
• Audit of Kuksa, the open-source shared building blocks for Software Defined Vehicles:
http://blog.quarkslab.com/audit-of-kuksa-the-open-source-shared-building-blocks-for-software-defined-vehicles.html
・ 该文章报告了 Eclipse KUKSA 项目的安全审计结果,发现了多个漏洞并讨论了使用静态和动态分析以及模糊测试来提高项目安全性的方法。
– SecTodayBot
• Sandbox-iframe XSS challenge solution:
https://joaxcar.com/blog/2024/05/16/sandbox-iframe-xss-challenge-solution/
・ 介绍了绕过CSP的新漏洞信息以及XSS挑战的解决方案
– SecTodayBot
• Detecting Compromise of CVE-2024-3400 on Palo Alto Networks GlobalProtect Devices:
https://www.volexity.com/blog/2024/05/15/detecting-compromise-of-cve-2024-3400-on-palo-alto-networks-globalprotect-devices/
・ 介绍了Volexity发现的Palo Alto Networks GlobalProtect设备的CVE-2024-3400漏洞利用情况,以及检测潜在受损设备的方法。
– SecTodayBot
• PoC Exploit Published for Chrome 0-day CVE-2024-4947 Vulnerability:
https://securityonline.info/poc-exploit-published-for-chrome-0-day-cve-2024-4947-vulnerability/
・ Google Chrome浏览器最新修补的零日漏洞CVE-2024-4947已经有了PoC漏洞利用代码
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(5-22)