Tencent Security Xuanwu Lab Daily News

• Improving the security of Chrome cookies on Windows:
https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html

   ・ Chrome 127 introduces a new protection feature, App-Bound Encryption, on Windows to safeguard against infostealer malware, increasing the cost of data theft to attackers and making their actions more detectable.  – SecTodayBot

• How a GraphQL Bug Resulted in Authentication Bypass:
https://www.hackerone.com/vulnerability-management/graphql-authentication-bypass?utm_medium=Organic-Social&utm_source=organic&utm_campaign=hakluke_authenticationbypass&utm_content=Blog&utm_term=undefined

   ・ 讨论了GraphQL API中的身份验证绕过漏洞，揭示了这一漏洞对电子商务应用程序的影响。 – SecTodayBot

• Unit 42 Secures Medical Device Manufacturer After Network Breach:
https://www.paloaltonetworks.com/customers/unit42-secures-medical-device-manufacturer-after-network-breach

   ・ Unit 42团队在医疗设备制造商遭遇网络入侵后，迅速进行了入侵调查和应急响应，并通过详细的漏洞分析和安全措施实施，最终取得了成功的解决方案 – SecTodayBot

• Our audit of Homebrew:
https://blog.trailofbits.com/2024/07/30/our-audit-of-homebrew/

   ・ 讨论了对 Homebrew（macOS 和 Linux 的包管理器）的审计，重点关注与安全相关的方面以及潜在漏洞的发现。文章透露了一些可能会破坏 Homebrew 完整性和隔离特性的潜在漏洞，对 Homebrew 的安全性产生重大影响。 – SecTodayBot

• tartufo: searches through git repositories for secrets, digging deep into commit history and branches:
https://meterpreter.org/tartufo-searches-through-git-repositories-for-secrets-digging-deep-into-commit-history-and-branches/

   ・ tartufo是一种用于搜索git存储库中的秘密和漏洞的工具，它提供了各种模式的操作，包括正则表达式检查和高熵检查。该工具可用于在本地存储库中扫描未提交的更改，以防止提交新的秘密，是一种常用的网络安全工具。 – SecTodayBot

• Entity-Relation Diagram Assisted Hacking Tool:
https://github.com/delikely/ERH

   ・ 一种创新方法，利用可视化和交互式的调用关系分析工具来分析智能互联汽车中APK文件之间的调用关系，以识别工程模式调用链并成功激活工程模式，为车辆渗透提供了分析入口。 – SecTodayBot

• Chrome Stealer:
https://bernking.github.io//2024/chrome-stealer/

   ・ 介绍了Chrome浏览器中存储敏感数据的加密方法，以及如何通过新方法从本地文件中提取加密密钥 – SecTodayBot

• Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1:
https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1

   ・ 本文介绍了在Windows系统上提升特权的技术和漏洞，重点讨论了链接跟踪漏洞以及利用方法，揭示了漏洞的根本原因。 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab