每日安全动态推送(9-11)

文摘   科技   2024-09-11 17:51   北京  
Tencent Security Xuanwu Lab Daily News

• Misconfiguration exposes Confidant Health’s mental health records:
https://www.scmagazine.com/brief/misconfiguration-exposes-confidant-healths-mental-health-records

   ・ 一家美国虚拟医疗服务提供商Confidant Health因未加密数据库导致5.3TB敏感健康信息泄露。 – SecTodayBot


• Ivanti Issues Patch for Critical Vulnerabilities in Endpoint Manager, Including CVE-2024-29847 (CVSS 10.0):
https://securityonline.info/ivanti-issues-patch-for-critical-vulnerabilities-in-endpoint-manager-including-cve-2024-29847-cvss-10-0/

   ・ Ivanti Endpoint Manager发布了一系列关键更新,解决了多个漏洞,其中CVE-2024-29847是最严重的,可导致远程执行代码。 – SecTodayBot


• Announcing Hai Plays: Personalize Your Playbook for Spot-On Security Advice:
https://www.hackerone.com/ai/hai-plays?utm_medium=Organic-Social&utm_source=organic&utm_campaign=Hai_plays&utm_content=Blog&utm_term=undefined

   ・ Hai Plays是HackerOne的AI助手Hai的新功能,旨在通过定制化、提高效率来满足特定的安全需求。 – SecTodayBot


• Interactive PDF Analysis:
https://github.com/seekbytes/IPA

   ・ 该文章介绍了一款用于分析PDF文件的新工具,可以提取和分析PDF文件中的重要载荷,理解对象之间的关系,并可视化指向文件中其他对象或位置的引用。该工具使用pdf-rs和Rust兼容性,不需要额外的软件、库或外部服务来运行。  – SecTodayBot


• Experts demonstrated how to bypass WhatsApp View Once feature:
https://securityaffairs.com/168242/hacking/whatsapp-view-once-privacy-feature.html

   ・ WhatsApp的'View Once'功能存在严重漏洞,允许接收者保存一次性查看的照片和视频 – SecTodayBot


• SSH Keystroke Obfuscation Bypass:
https://crzphil.github.io/posts/ssh-obfuscation-bypass/

   ・ OpenSSH 9.5 引入了按键时间混淆,以缓解通过流量分析进行的按键时间攻击。然而,本文披露了作者发现的一种绕过方法,凸显了 OpenSSH 隐藏按键间时间的措施存在漏洞。 – SecTodayBot


• Gotta Catch ‘Em all! Catching Your Favorite C2 In Memory Using Stack & Thread Telemetry. – Sabotage Sec:
https://sabotagesec.com/gotta-catch-em-all-catching-your-favorite-c2-in-memory-using-stack-thread-telemetry/

   ・ 介绍了一个自定义的堆栈追踪器,用于监视线程堆栈并识别与堆栈欺骗相关的问题。 – SecTodayBot


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


腾讯玄武实验室
腾讯玄武实验室官方微信公众号
 最新文章