每日安全动态推送(11-17)
腾讯安全玄武实验室
2021-11-17
投诉
阅读数:9704
SLUB overflow CVE-2021-42327:
https://docfate111.github.io/blog/securityresearch/2021/11/08/SLUBoverflow.html
・ SLUB overflow CVE-2021-42327 –
Jett
Detecting a Container Escape with Cilium and eBPF:
https://isovalent.com/blog/post/2021-11-container-escape
・ Detecting a Container Escape with Cilium and eBPF –
Jett
[
Tools
] Fuzzing101 with LibAFL - Part I.V: Speed Improvements to Part I -:
https://epi052.gitlab.io/notes-to-self/blog/2021-11-07-fuzzing-101-with-libafl-part-1.5/
・ Fuzzing101 with LibAFL - Part I.V: Speed Improvements to Part I . –
lanying37
AFL++ on Android with QEMU support:
https://alephsecurity.com/2021/11/16/fuzzing-qemu-android/
・ 编译 AFL++ 时包含 QEMU 支持以便在 Android 设备上直接 Fuzz Android 二进制 –
Jett
New secret-spilling hole in Intel CPUs sends company patching (again):
https://arstechnica.com/gadgets/2021/11/intel-releases-patch-for-high-severity-bug-that-exposes-a-cpus-master-key/
・ Intel CPU 被发现新漏洞,物理接触情况下可以给 CPU 芯片安装恶意固件,影响 Bitlocker、DRM 相关保护 –
Jett
Attackers use domain fronting technique to target Myanmar with Cobalt Strike:
http://blog.talosintelligence.com/2021/11/attackers-use-domain-fronting-technique.html
・ 攻击者利用 "Domain Fronting" 技术重定向缅甸政府网站流量 –
Jett
New code injection vulnerability discovered in TensorFlow:
https://jfrog.com/blog/tensorflow-python-code-injection-more-eval-woes/
・ TensorFlow 存在一处参数处理不当导致代码注入漏洞 –
Jett
How to bypass reCaptcha V3 with Selenium Python? | by Abdul Basit | Analytics Vidhya | Medium:
https://medium.com/analytics-vidhya/how-to-bypass-recaptcha-v3-with-selenium-python-7e71c1b680fc
・ 利用 Python Selenium 绕过 Google 的 reCaptcha V3 的验证码 –
Jett
STAR Labs | Blog | Diving into Open-source LMS Codebases:
https://starlabs.sg/blog/2021/11/diving-into-open-source-lms-codebases/
・ Open-source LMS Chamilo 和 Moodle 被发现多个漏洞 –
Jett
Strategic web compromises in the Middle East with a pinch of Candiru | WeLiveSecurity:
https://www.welivesecurity.com/2021/11/16/strategic-web-compromises-middle-east-pinch-candiru/
・ 2020 年夏天,阿布扎比伊朗使馆网站被注入水坑攻击脚本 –
Jett
PID namespace:
http://blog.quarkslab.com/digging-into-linux-namespaces-part-1.html
・ 容器实现背后的 Linux Namespaces 进程隔离技术分析 –
Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 微信公众号: 腾讯玄武实验室
关注作者,阅读全文
c
还有50%的精彩内容,作者设置为仅对粉丝可见
腾讯安全玄武实验室
http://xlab.tencent.com
+
关注
转发
评论
2
快速开通微博
你可以查看更多内容,还可以评论、转发微博。
Ú