Tencent Security Xuanwu Lab Daily News
• Revisiting the Black Sunday Hack:
https://blog.codinghorror.com/revisiting-the-black-sunday-hack/amp/
・ 讲述了黑客社区如何利用卫星电视的智能卡设计漏洞,通过逆向工程和创造智能卡写入器来突破保护,最终被DirecTV利用动态代码摧毁。
– SecTodayBot
• tldrsec.com:
https://tldrsec.com/p/tldr-every-ai-talk-bsideslv-blackhat-defcon-2024
・ 总结了来自BSidesLV、Black Hat和DEF CON的60多场AI和网络安全相关演讲
– SecTodayBot
• Critical Vulnerabilities Expose Hitachi Energy MicroSCADA X SYS600 to Cyberattacks:
https://securityonline.info/critical-vulnerabilities-expose-hitachi-energy-microscada-x-sys600-to-cyberattacks/
・ 日立能源的MicroSCADA X SYS600产品存在多个关键漏洞,可能导致系统的保密性、完整性和可用性风险。
– SecTodayBot
• Uncovering the Limits of Machine Learning for Automatic Vulnerability Detection | USENIX:
https://usenix.org/conference/usenixsecurity24/presentation/risse
・ 介绍了机器学习自动漏洞检测的局限性,并提出了一种新的评估方法。
– SecTodayBot
• PoC Exploit Released for Arbitrary File Write Flaw (CVE-2024-22263) in Spring Cloud Data Flow:
https://securityonline.info/poc-exploit-released-for-arbitrary-file-write-flaw-cve-2024-22263-in-spring-cloud-data-flow/
・ Spring Cloud Data Flow中的CVE-2024-22263漏洞,以及相关的PoC exploit的发布。
– SecTodayBot
• Syntia: Synthesizing the Semantics of Obfuscated Code | USENIX:
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/blazytko
・ 介绍了一种基于程序合成的自动代码反混淆方法,通过Monte Carlo Tree Search(MCTS)引导程序合成,成功地学习了混淆代码的语义。
– SecTodayBot
• Analysis of two arbitrary code execution vulnerabilities affecting WPS Office:
https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office/
・ 披露ESET研究人员发现的WPS Office for Windows存在的漏洞,以及APT-C-60对其进行利用的情况
– SecTodayBot
• Gitea 1.22.0 – Stored XSS:
https://dlvr.it/TCV9wf
・ Gitea 1.22.0存储型跨站脚本(XSS)漏洞
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(8-30)