每日安全动态推送(10-7)
2023-10-7 14:22:35 Author: mp.weixin.qq.com(查看原文) 阅读量:5 收藏

Tencent Security Xuanwu Lab Daily News

• The macOS NSServices vulnerability that allowed to bypass TCC:
https://moonlock.com/nsservices-macos

   ・ macOS NSServices 漏洞,允许绕过 TCC,从而允许攻击者访问受保护的用户文件 – SecTodayBot

• A still unpatched zero-day RCE impacts more than 3.5M Exim servers:
https://securityaffairs.com/151693/hacking/cve-2023-42115-exim-mail-transfer.html

   ・ 趋势科技零日计划 (ZDI) 发布了 SMTP 服务中远程代码执行漏洞的漏洞披露,允许远程攻击者在受影响的 Exim 执行任意代码。利用此漏洞不需要身份验证 – SecTodayBot

• Malicious ad served inside Bing's AI chatbot:
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot

   ・ 通过 Bing 的 AI 聊天机器人进行恶意广告 – SecTodayBot

• Introducing: Raspberry Pi 5! - Raspberry Pi:
https://www.raspberrypi.com/news/introducing-raspberry-pi-5/

   ・ Raspberry Pi 5 将于 10 月底推出。4GB 型号的售价为 60 美元,8GB 型号的售价为 80 美元 – SecTodayBot

• FortiGuard Labs Uncovers Series of Malicious NPM Packages Stealing Data:
https://www.hackread.com/fortiguard-labs-malicious-npm-packages-steal-data/

   ・ FortiGuard 实验室发现了一系列隐藏在 NPM(节点包管理器)中的恶意 NPM 包,NPM 是 JavaScript 开发人员的主要软件存储库 – SecTodayBot

• Delaying Kernel Payloads by Hijacking KTIMERs & KDPCs (Part 2):
https://gerr.re/posts/ktimer-hijack-pt2

   ・ KTIMER 劫持是一种新颖的后利用技术,可在 PoC||GTF 上下文中延迟内核模式有效负载的执行,基于 Windows 11 计时器内部结构和延迟过程调用  – SecTodayBot

• Cloudflare Protection Bypass Vulnerability on Threat Actors' Radar:
https://socradar.io/cloudflare-protection-bypass-vulnerability-on-threat-actors-radar/

   ・ Threat Actors' Radar的 Cloudflare 保护绕过漏洞  – SecTodayBot

• Researcher Reveals New Techniques to Bypass Cloudflare's Firewall and DDoS Protection:
https://thehackernews.com/2023/10/researcher-reveal-new-technique-to.html

   ・ Certitude 研究员 Stefan Proksch 在 Certitud 上周发布的一份报告中发现,可以通过利用跨租户安全控制中的漏洞来规避 Cloudflare保护 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959370&idx=1&sn=b856a6ec0e5a664eda22f730ad76f748&chksm=8baed0d5bcd959c360bc0dcb19d02080a9b87565e32b76a53386a5a9e53d782695d0694eef40&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh