每日安全动态推送(8-29)

文摘   科技   2024-08-29 19:04   北京  
Tencent Security Xuanwu Lab Daily News

• Intel SGX Security Compromised: Root Provisioning Key Extracted:
https://securityonline.info/intel-sgx-security-compromised-root-provisioning-key-extracted/

   ・ 英特尔SGX安全性受损,研究人员成功提取了根供应密钥。这一漏洞的根本原因是英特尔微码中的缺陷,导致关键密钥的暴露 – SecTodayBot


• Autonomously Uncovering and Fixing a Hidden Vulnerability in SQLite3 with an LLM-Based System:
https://team-atlanta.github.io/blog/post-asc-sqlite/

   ・ 通过基于LLM Atlantis Cyber Reasoning System自主发现并修复了SQLite3中的一个隐藏漏洞 – SecTodayBot


• VAmPI: Vulnerable REST API with OWASP top 10 vulnerabilities for security testing:
https://meterpreter.org/vampi-vulnerable-rest-api-with-owasp-top-10-vulnerabilities-for-security-testing/

   ・ 介绍了一个基于Flask的易受攻击的API,其中包含了OWASP前10个API漏洞,旨在用于安全测试 – SecTodayBot


• GrimResource - Microsoft Management Console for initial access and evasion — Elastic Security Labs:
https://www.elastic.co/security-labs/grimresource

   ・ 揭示了一种新的代码执行技术 - GrimResource,利用MSC文件实现对Microsoft Management Console (mmc.exe)的任意代码执行。 – SecTodayBot


• The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks:
https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks/

   ・ 如何创建了自己的fuzzer来搜索工业控制系统中常用的µC/OS协议栈中的安全问题,并发现了其中的多个漏洞 – SecTodayBot


• Zero Day Initiative — CVE-2024-37079: VMware vCenter Server Integer Underflow Code Execution Vulnerability:
https://www.zerodayinitiative.com/blog/2024/8/27/cve-2024-37079-vmware-vcenter-server-integer-underflow-code-execution-vulnerability

   ・ VMware vCenter Server存在整数下溢漏洞,可能导致任意代码执行 – SecTodayBot


• Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179):
https://www.helpnetsecurity.com/2023/09/21/cve-2023-41179/

   ・ Trend Micro端点安全产品中的一个关键漏洞(CVE-2023-41179),并提供了相应的补丁和风险缓解措施 – SecTodayBot


• 慢雾:揭露浏览器恶意书签如何盗取你的 Discord Token:
https://mp.weixin.qq.com/s/2RjEgv9lp6e01ah2t6DX4w

   ・ 本文揭露了一种新的钓鱼攻击方法,通过恶意的书签来盗取项目方 Discord 账号的 Token,用来发布虚假信息等诱导用户访问钓鱼网站,从而盗取用户的数字资产 – SecTodayBot


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


腾讯玄武实验室
腾讯玄武实验室官方微信公众号
 最新文章