Cybersecurity information flow

随着人工智能应用的持续深入和普及，我们有必要考虑它对各种团队的影响。这些团队会遇到哪些挑战和风险，人工智能如何帮助解决这些领域的问题？

发布时间:2024-05-02 演讲时间:0000-00-00 12:00am 演讲时长:40-Minute
Tags:['Exploit Development & Vulnerability Discovery', 'Application Security: Offense'] 无附件
Instant messaging application (such as iMessage and WhatsApp) is an important remote attack surface for smartphones, often used by spyware as the first step in APT attacks, and has received great attention in the past.<br><br>Carrier Based video calling, as a native video calling feature of mobile phones, is also a major remote attack surface for smartphones.<br><br>We have discovered fatal 0-day vulnerabilities in some native Carrier Based video calling of mobile phones, which have been present for at least 7 years. As long as the target accepts our video call invitation, we can exploit these vulnerabilities to remotely obtain code execution permissions for the target phone's system. <br><br>In this session, we will introduce this remote attack surface we have discovered and provide a few examples to illustrate the potential issues and impacts that may arise withi

发布时间:2024-05-02 演讲时间:0000-00-00 12:00am 演讲时长:40-Minute
Tags:['Mobile', 'Exploit Development & Vulnerability Discovery'] 无附件
<div><span>During our previous research on Android File-Based encryption, we studied the boot chain of some Samsung devices based on Mediatek system on chips. Our objective was to exploit a known boot ROM vulnerability to bypass the secure boot and ultimately retrieve the required ingredients to brute force the user credentials. Once we became familiar with this boot chain, we decided to take a closer look at a component coming later in the process: the Little Kernel bootloader (LK, also called BL3-3).</span></div><div><span><br></span></div><div><span>We begin our bug-hunting journey in LK from a jpeg parser that was introduced by the vendor. Then we will show how, thanks to reverse engineering and fuzzing, we discovered two vulnerabilities leading to code execution in the context of the bootloader, and how they can be used to bypass the secure boot and take full control over the Androi

Entra to on-prem (@_dirkjan), new bloodhound edges (@Jonas_B_K ), Chrome type confusion (@_manfp), GitHub RCE via actions (@Creastery), and more!

" 欢迎来到本次议题：入驻本地服务器 (@_dirkjan)，新成员血猎犬边缘 (@Jonas_B_K)，Chrome 类型混淆 (@_manfp)，GitHub 通过行动进行远程代码执行 (@Creastery)，以及更多精彩内容！"

Topic: Live2D Cubism Heap Corruption Risk: High Text:Live2D Cubism is the dominant "vtuber" software suite for 2D avatars for use in livestreaming and integrating them in other sof...

" 主题：Live2D Cubism堆损坏风险：高\n\n文本：Live2D Cubism是一款占据主导地位的“虚拟主播”软件套件，适用于2D虚拟主播在直播场景中的使用，以及将它们整合到其他软件中。由于其在直播行业的普及，潜在的堆损坏风险也相应提高。在使用Live2D Cubism时，请务必注意规避风险，确保直播过程稳定和安全。"

Topic: Docker Privileged Container Kernel Escape Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-...

" 主题：Docker 权限容器内核逃逸风险：高\n\n文本：## # 此模块需要 Metasploit：https://metasploit.com/download\n# 当前来源：https://github.com/rapid7/metasploit-framework\n\nDocker 权限容器内核逃逸是一种高度风险的安全漏洞，攻击者可以通过该漏洞获取操作系统的最高权限。在使用 Docker 容器时，务必确保容器内的应用程序不需要特权，以避免潜在的安全风险。以下是关于 Docker 权限容器内核逃逸风险的详细信息：\n\n1. 概述：Docker 容器允许用户在其内部运行特权应用程序，从而使容器变得更有攻击性。攻击者可能会利用这些特权应用程序逃逸容器内核，从而获得操作系统的最高权限。\n\n2. 风险评估：Docker 权限容器内核逃逸风险极高。如果攻击者成功逃逸，他们将能够控制系统，窃取敏感数据，执行恶意代码，甚至阻止系统访问。\n\n3. 防范措施：\n\n   - 确保特权应用程序必要：仅在绝对必要时，才在容器内运行特权应用程序。对于非特权应用程序，避免使用 Docker 容器。\n\n   - 限制特权：使用 Docker 命令行选项或 Dockerfile 限制容器内的特权。例如，使用 `--cap-add` 命令添加能力，或使用 `RUN` 指令在容器启动时删除不必要的能力。\n\n   - 更新和监控：定期更新 Docker 容器和基础操作系统，以确保已应用最新安全补丁。监控容器内的活动，以尽早发现异常行为。\n\n   - 配置防火墙：使用防火墙限制容器对外部网络的访问，以降低攻击风险。\n\n   - 严格控制网络访问：限制容器对宿主系统的网络访问，确保攻击者无法通过容器入侵宿主系统。\n\n4. 总结：Docker 权限容器内核逃逸风险严重，企业和个人用户应采取相应措施确保安全。在使用 Docker

Topic: Kobiz Design - Sql Injection Risk: Medium Text:********************************************************* #Exploit Title: Kobiz Design - Sql Injection #Date: 2024-05-05 #Ex...

Topic: Systemd Insecure PTY Handling Risk: Medium Text:Systemd Insecure PTY Handling Vulnerability = CVSSv3.BaseScore: 5.8 CVSSv3.Vector: AV:L/AC:H/PR:H/UI:R/S:C/C:H...

" 主题：系统的不安全PTY处理风险：中等\n文本：系统的不安全PTY处理漏洞 = CVSSv3.BaseScore：5.8 CVSSv3.Vector：AV：L/AC：H/PR：H/UI：R/S：C/C：H...\n\n翻译：\n主题：系统的不安全PTY处理漏洞\n风险：中等\n文本：系统的不安全PTY处理漏洞（CVSSv3.BaseScore：5.8，CVSSv3.Vector：AV：L/AC：H/PR：H/UI：R/S：C/C：H）"

[GitHub]LINKSYS AC1900 EA7500v3 IGD UPnP Stack Buffer Overflow Remote Code Execution Vulnerability

" [GitHub] LINKSYS AC1900 EA7500v3 IGD UPnP Stack Buffer Overflow 远程代码执行漏洞"

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
[GitHub]Fix open source package uses tough-cookie 2.5.0 - CVE-2023-26136,

" 版本在4.1.3之前的tough-cookie软件包容易受到原型污染漏洞，原因是在使用CookieJar时，rejectPublicSuffixes=false模式下对Cookie处理不当。此问题源于对象初始化的方式。\n[GitHub]修复开源软件包中使用的tough-cookie 2.5.0 - CVE-2023-26136，"

影响厂商:IBM 奖励: 危险等级:medium
" 跨站脚本攻击（XSS）在 Aspera 文档网站"

影响厂商:b'IBM'(https://hackerone.com/ibm) 
" 跨站脚本攻击（XSS）在阿斯佩拉文档网站"

A shadcn table component with server-side sorting, filtering, and pagination.

SecWiki周刊（第531期) https://www.sec-wiki.com/weekly/531
在联邦推荐安全中探索用户画像与物品间的相互作用 https://mp.weixin.qq.com/s/1wsfoBg1J0dcY_AAzFHehQ
DinodasRAT Linux后门剖析及通信解密尝试 https://mp.weixin.qq.com/s/rAWQVP1EjesI6huEVNngoA
MikroTik软路由攻击场景复现及后门加解密剖析 https://mp.weixin.qq.com/s/azDzg3op0kqBUpakFtkTAw

For the second consecutive year, Cyber Defense Magazine honored Trustwave with a 2024 Global InfoSec Award for Best Solution Managed Detection and Response (MDR) Service Provider.

" 连续第二年，网络安全防御杂志将2024年全球信息安全奖授予了Trustwave，表彰其最佳托管检测与应对（MDR）服务提供商。"

Gentoo Linux Security Advisory 202405-2 - Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected.

"  Gentoo Linux安全公告202405-2 - 在ImageMagick中发现了多个漏洞，其中最严重的可能导致远程代码执行。版本号大于或等于6.9.13.0的受影响。"

Red Hat Security Advisory 2024-2699-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2699-03 - 现在可为Red Hat Enterprise Linux 8提供git-lfs更新。解决的问题包括服务拒绝漏洞。"

Red Hat Security Advisory 2024-2700-03 - An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2700-03 - 现已为Red Hat Enterprise Linux 9.0扩展更新支持提供varnish更新。解决的问题包括服务拒绝漏洞。"

Gentoo Linux Security Advisory 202405-3 - A vulnerability has been discovered in Dalli, which can lead to code injection. Versions greater than or equal to 3.2.3 are affected.

" Gentoo Linux安全公告202405-3 - 已在Dalli中发现了漏洞，可能导致代码注入。版本大于或等于3.2.3的版本受到影响。"

Gentoo Linux Security Advisory 202405-4 - Multiple vulnerabilities have been discovered in systemd, the worst of which can lead to a denial of service. Versions greater than or equal to 252.4 are affected.

"  Gentoo Linux安全公告202405-4：在systemd中发现了多个漏洞，其中最严重的可能导致服务拒绝。版本大于或等于252.4的系统受到影响。"

Live2D Cubism suffers from a heap corruption vulnerability.

" Live2D Cubism存在堆损坏漏洞。"

Debian Linux Security Advisory 5677-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in information disclosure, denial of service or the execution of arbitrary code.

" Debian Linux安全公告5677-1：在Ruby语言的解释器中发现了多个漏洞，可能导致信息泄露、服务拒绝或任意代码执行。"

Debian Linux Security Advisory 5678-1 - Several vulnerabilities were discovered in nscd, the Name Service Cache Daemon in the GNU C library which may lead to denial of service or the execution of arbitrary code.

" Debian Linux安全公告5678-1：在GNU C库中的Name Service Cache Daemon（nscd）中发现了多个漏洞，可能导致服务拒绝或执行任意代码。"

Debian Linux Security Advisory 5679-1 - Several vulnerabilities were discovered in less, a file pager, which may result in the execution of arbitrary commands if a file with a specially crafted file name is processed.

" Debian Linux安全公告5679-1：在less，一个文件分页器中发现了多个漏洞，如果处理具有特殊构造文件名的文件，可能导致执行任意命令。"

Gentoo Linux Security Advisory 202405-5 - Multiple vulnerabilities have been discovered in MPlayer, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 1.5 are affected.

"  Gentoo Linux安全公告202405-5：在MPlayer中发现了多个漏洞，其中最严重的可能导致任意代码执行。版本号大于或等于1.5的受影响。"

Gentoo Linux Security Advisory 202405-6 - Multiple vulnerabilities have been discovered in mujs, the worst of which could lead to remote code execution. Versions greater than or equal to 1.3.2 are affected.

"  Gentoo Linux安全公告202405-6 - 已在mujs中发现了多个漏洞，其中最严重的可能导致远程代码执行。版本大于或等于1.3.2的系统受到影响。"

Gentoo Linux Security Advisory 202405-7 - Multiple vulnerabilities have been discovered in HTMLDOC, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 1.9.16 are affected.

"  Gentoo Linux安全公告202405-7 - 已在HTMLDOC中发现了多个漏洞，其中最严重的可能导致任意代码执行。版本大于或等于1.9.16的系统受到影响。"

Gentoo Linux Security Advisory 202405-8 - Multiple vulnerabilities have been discovered in strongSwan, the worst of which could possibly lead to remote code execution. Versions greater than or equal to 5.9.10 are affected.

"  Gentoo Linux安全公告202405-8：在strongSwan中发现了多个漏洞，其中最严重的可能导致远程代码执行。版本大于或等于5.9.10的系统受到影响。"