Happy Hacking8

干净的信息流推送工具,偏向安全圈的点点滴滴,为安全研究人员每日发现优质内容。

每日更新
时间节点
2021-04-14 10:20:23360安全客
...
前段时间翻ObjectInputStream代码,发现一处可以利用手工构造的序列化数据来虚耗的问题,以为可以加个CVE了。
2021-04-14 10:20:07T00ls论坛
2021-04-14 10:20:07T00ls论坛
2021-04-14 10:20:07T00ls论坛
2021-04-14 10:00:07T00ls论坛
2021-04-14 10:00:07T00ls论坛
2021-04-14 10:00:06安全圈
2021-04-14 09:40:25doonsec
...
Browser Locker(又名browlock)是一种在线威胁,它们使受害者无法正常使用浏览器,并以恐吓
2021-04-14 09:40:25doonsec
...
Forescout研究实验室与JSOF合作,披露了一组新的DNS漏洞—NAME:WRECK。
2021-04-14 09:40:25doonsec
...
Windows系统被入侵后,通常会导致系统资源占用过高、异常端口和进程、可疑的账号或文件等,给业务系统带来不
2021-04-14 09:40:06T00ls论坛
2021-04-14 09:20:05T00ls论坛
2021-04-14 09:00:28来自Freebuf
Valve公司开发的Source 3D游戏引擎中发现远程代码执行漏洞。
2021-04-14 09:00:23doonsec
...
247 万!烧毁原画,4 倍高价卖出数字版,艺术品也上“身份证”了?
2021-04-14 09:00:23doonsec
...
渗透必备,常见的未授权访问漏洞总结。
2021-04-14 08:20:36来自Freebuf
渗透测试人员需谨记《网络安全法》,根据《网络安全法》所示,未经授权的渗透测试都是不合法的,不管是出于何种目的。
2021-04-14 08:20:32doonsec
2021-04-14 08:20:32doonsec
2021-04-14 08:20:32doonsec
...
本文介绍了一种新型的攻击,称之为影子攻击(Shadow Attack)。
2021-04-14 08:20:06安全圈
2021-04-14 07:40:34doonsec
2021-04-14 07:40:34doonsec
...
超全概述零信任VS访问控制技术
2021-04-14 07:40:34doonsec
...
C语言的内联汇编免杀姿势
2021-04-14 07:20:0652破解论坛
2021-04-14 06:20:34来自Phithon推荐
2021-04-14 06:20:34来自Phithon推荐
2021-04-14 06:20:34来自Phithon推荐
2021-04-14 06:00:28来自Phithon推荐
2021-04-14 03:39:56T00ls论坛
2021-04-14 01:59:5252破解论坛
2021-04-14 01:20:13doonsec
...
侦察在星巴克新加坡网络应用程序中发现严重漏洞后,我想更深入地研究并开始研究com.starbucks.sin
2021-04-14 01:03:42MSRC Blog
Today is Update Tuesday – our commitment to provide a predictable monthly schedule to release updates and provide the latest protection to our customers. Update Tuesday is a monthly cycle when Microsoft releases patches for vulnerabilities that we have found proactively or that have been disclosed to us through our security partnerships under a coordinated …  April 2021 Update Tuesday packages now available Read More »
2021-04-14 00:20:25doonsec
...
作者:Joy_nick    来源:乌雲安全从五月19日到六月底(2019年)一直在参与HW行动,第一次参与
2021-04-14 00:20:25doonsec
...
存在daemon用户的情况下getpwnam(daemon)失败了,为什么?
2021-04-14 00:20:25doonsec
2021-04-14 00:20:25doonsec
2021-04-14 00:00:21SecWiki周报
SmartyPHP沙箱逃逸分析 https://www.anquanke.com/post/id/235505
Spring Boot Fat Jar 写文件漏洞到稳定 RCE 的探索 https://landgrey.me/blog/22/
主流WebShell工具流量层分析 https://xz.aliyun.com/t/9404
MindAPI: Bringing order to API hacking chaos https://github.com/dsopas/MindAPI
微信小程序反编译 https://www.sec-in.com/article/1012
从BCTF人机对抗视角浅谈自动化攻防技术发展 https://mp.weixin.qq.com/s/5wR37FLoTPn3fftxZw_Brw
2021-04-13 23:59:4852破解论坛
2021-04-13 23:40:08doonsec
...
4月13日,天气:晴,大风,夜班。今天心情略微有些沉重,听说有兄弟在这次HVV的过程中倒下了,希望这不是真的
2021-04-13 23:40:08doonsec
...
运营技术(OT)威胁增多,可移动媒体依然是网络安全威胁的最大突破口,攻击者越来越喜欢通过USB设备进入工业生产环境。
2021-04-13 23:40:08doonsec
...
国家医疗保障局关于印发加强网络安全和数据保护工作指导意见的通知
2021-04-13 23:40:08doonsec
...
安天跟进复现,建议客户尽快采取临时解决方案以避免受此影响。
2021-04-13 23:25:53知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Solr
有新的漏洞组件被发现啦,组件ID:Apache Solr
有新的漏洞组件被发现啦,组件ID:Apache
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.

2021-04-13 23:25:49知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Apache
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

2021-04-13 23:25:36知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Solr
有新的漏洞组件被发现啦,组件ID:Apache Solr
有新的漏洞组件被发现啦,组件ID:Apache
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.

2021-04-13 23:24:51知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Solr
有新的漏洞组件被发现啦,组件ID:Apache Solr
有新的漏洞组件被发现啦,组件ID:Apache
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

2021-04-13 23:21:15每周科技周刊
...
曼谷市内最肮脏的一条水道 Klong Ong Ang,经过5年的努力,终于变清了。两岸布置了绿植和灯光,游客可以划独木舟,这条曾经的臭水沟成了吸引人的景点。(via)
本周话题:机器翻译是对译者的侮辱吗?
上个月,豆瓣网有一条新闻。北京语言大学的一个研究生,对乌拉圭小说《休战》的中译本打了差评。
"机翻痕迹严重,糟蹋了原作。还是老话,没有金刚钻别揽瓷器活。希望出版社找西班牙语科班出身的译者,翻译这
2021-04-13 23:21:08知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token

2021-04-13 23:13:16doonsec
...
网络安全和隐私保护是公司的最高纲领安全支撑组织架构SDL实践需求设计开发阶段上线前测试时应急响应供应链安全白
2021-04-13 23:13:16doonsec
...
近期参加了几次攻防演练,本文记录一下自己在信息收集方面学习到的技巧与经验。
2021-04-13 23:09:56hackone最新公开漏洞
影响厂商:Acronis 奖励: 危险等级:low
2021-04-13 23:09:56hackone最新公开漏洞
影响厂商:Acronis 奖励: 危险等级:low
2021-04-13 23:09:56hackone最新公开漏洞
影响厂商:Acronis 奖励:200.0USD 危险等级:low
2021-04-13 22:52:28腾讯玄武实验室推送
针对CycloneTCP上的远程拒绝服务漏洞(CVE-2021-26788)
2021-04-13 22:32:23腾讯玄武实验室推送
2021-04-13 22:12:39doonsec
...
3月中旬,黑龙江省大庆市民大刘(化名)的手机突然“失灵”,手机显示无法使用,他联系客服,发现有人冒充他的身份