每日安全动态推送(8-30)

文摘   科技   2024-08-30 17:33   北京  
Tencent Security Xuanwu Lab Daily News

• Revisiting the Black Sunday Hack:
https://blog.codinghorror.com/revisiting-the-black-sunday-hack/amp/

   ・ 讲述了黑客社区如何利用卫星电视的智能卡设计漏洞,通过逆向工程和创造智能卡写入器来突破保护,最终被DirecTV利用动态代码摧毁。 – SecTodayBot


• tldrsec.com:
https://tldrsec.com/p/tldr-every-ai-talk-bsideslv-blackhat-defcon-2024

   ・ 总结了来自BSidesLV、Black Hat和DEF CON的60多场AI和网络安全相关演讲 – SecTodayBot


• Critical Vulnerabilities Expose Hitachi Energy MicroSCADA X SYS600 to Cyberattacks:
https://securityonline.info/critical-vulnerabilities-expose-hitachi-energy-microscada-x-sys600-to-cyberattacks/

   ・ 日立能源的MicroSCADA X SYS600产品存在多个关键漏洞,可能导致系统的保密性、完整性和可用性风险。 – SecTodayBot


• Uncovering the Limits of Machine Learning for Automatic Vulnerability Detection | USENIX:
https://usenix.org/conference/usenixsecurity24/presentation/risse

   ・ 介绍了机器学习自动漏洞检测的局限性,并提出了一种新的评估方法。 – SecTodayBot


• PoC Exploit Released for Arbitrary File Write Flaw (CVE-2024-22263) in Spring Cloud Data Flow:
https://securityonline.info/poc-exploit-released-for-arbitrary-file-write-flaw-cve-2024-22263-in-spring-cloud-data-flow/

   ・ Spring Cloud Data Flow中的CVE-2024-22263漏洞,以及相关的PoC exploit的发布。 – SecTodayBot


• Syntia: Synthesizing the Semantics of Obfuscated Code | USENIX:
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/blazytko

   ・ 介绍了一种基于程序合成的自动代码反混淆方法,通过Monte Carlo Tree Search(MCTS)引导程序合成,成功地学习了混淆代码的语义。 – SecTodayBot


• Analysis of two arbitrary code execution vulnerabilities affecting WPS Office:
https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office/

   ・ 披露ESET研究人员发现的WPS Office for Windows存在的漏洞,以及APT-C-60对其进行利用的情况 – SecTodayBot


• Gitea 1.22.0 - Stored XSS:
https://dlvr.it/TCV9wf

   ・ Gitea 1.22.0存储型跨站脚本(XSS)漏洞 – SecTodayBot


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


腾讯玄武实验室
腾讯玄武实验室官方微信公众号
 最新文章