每日安全动态推送(6-27)

Tencent Security Xuanwu Lab Daily News

• Multiple vulnerabilities in TP-Link Omada system could lead to root access:
https://blog.talosintelligence.com/multiple-vulnerabilities-in-tp-link-omada-system/

   ・ 介绍了思科Talos研究人员在TP-Link Omada系统中发现并帮助修补的多个漏洞 – SecTodayBot

• CVE-2024-5806: MOVEit Transfer Vulnerability Under Active Exploit, PoC Published:
https://securityonline.info/cve-2024-5806-moveit-transfer-vulnerability-under-active-exploit-poc-published/

   ・ MOVEit Transfer文件传输软件的严重漏洞(CVE-2024-5806)已被披露并正在积极被利用。该漏洞使攻击者能够绕过认证机制，可能导致未经授权的访问和潜在数据外泄。 – SecTodayBot

• [翻译]GHSL-2023-229_GHSL-2023-230：Apache Kafka UI 中的远程代码执行 (RCE) – CVE-2023-52251、CVE-2024-32030 – 先知社区:
https://xz.aliyun.com/t/14923?time__1311=GqAh0KAKYK7Ix05DKB4Cu4mTdsK9IP%2Bm3x

   ・ 披露了Apache Kafka UI存在的两个远程代码执行漏洞 – SecTodayBot

• RFID Hacking with Proxmark3: Cloning, Emulating, and Standalone Mode:
https://www.mobile-hacker.com/2024/06/26/rfid-hacking-with-proxmark3-cloning-emulating-and-standalone-mode/

   ・ Proxmark3是一种功能强大的RFID黑客工具，可以克隆和模拟访问卡，暴露了访问卡的漏洞，同时强调了对安全卡的保护和对RFID黑客领域的探索。 – SecTodayBot

• Phantom Secrets: Undetected Secrets Expose Major Corporations:
https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/

   ・ 重点介绍了在源代码中发现隐藏的秘密，揭露了新的漏洞信息，包括泄露的API令牌及其潜在影响。 – SecTodayBot

• Operation Triangulation: talk on 37С3:
https://kas.pr/p3xy

   ・ Kaspersky的专家在37C3大会上发表了有关攻击iPhone的演讲，披露了一系列新的漏洞信息 – SecTodayBot

• Attackers Exploiting Public Cobalt Strike Profiles:
https://unit42.paloaltonetworks.com/attackers-exploit-public-cobalt-strike-profiles

   ・ 分析了最近发现的恶意Cobalt Strike基础设施，包括恶意样本的特征和行为，以及保护措施。 – SecTodayBot

• JpGraph Professional Version – Pre-Authenticated Remote Code Execution:
https://www.synacktiv.com/advisories/jpgraph-professional-version-pre-authenticated-remote-code-execution

   ・ JpGraph Professional Version存在Pre-Authenticated Remote Code Execution漏洞，攻击者可以利用未经身份验证的演示应用程序将任意数据写入具有任意扩展名的文件，从而导致远程代码执行。 – SecTodayBot

• PoC Exploit Published for Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-30088):
https://securityonline.info/poc-exploit-published-for-windows-kernel-elevation-of-privilege-vulnerability-cve-2024-30088/

   ・ 揭示了微软Windows操作系统中一个严重漏洞（CVE-2024-30088） – SecTodayBot

• ‘Snowblind’ Tampering Technique May Drive Android Users Adrift:
https://www.darkreading.com/remote-workforce/snowblind-tampering-technique-may-drive-android-users-adrift

   ・ Android应用安全受到新的’Snowblind’篡改技术的威胁，攻击者利用该技术破坏应用程序的安全性。 – SecTodayBot

• Why nested deserialization is harmful: Magento XXE (CVE-2024-34102):
https://www.assetnote.io/resources/research/why-nested-deserialization-is-harmful-magento-xxe-cve-2024-34102

   ・ 介绍了Magento的一个关键XML实体注入问题（CVE-2024-34102） – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号： 腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(6-27)