Tencent Security Xuanwu Lab Daily News

• [Tools] Find Threats in Event Logs with Hayabusa:
https://blog.ecapuano.com/p/find-threats-in-event-logs-with-hayabusa

   ・ Hayabusa 是由日本大和安全集团创建的 Windows 事件日志快速取证时间线生成器和威胁搜寻工具。它是用 Rust 编写的，支持多线程以尽可能快。输出将合并到单个 CSV 时间线中，以便在 Excel、Timeline Explorer、Elastic Stack 等中轻松分析 – SecTodayBot

• [Android, Tools] APKHunt: comprehensive static code analysis tool for Android apps:
https://securityonline.info/apkhunt-comprehensive-static-code-analysis-tool-for-android-apps/

   ・ APKHunt 是一款基于 OWASP MASVS 框架的 Android 应用综合静态代码分析工具。可供移动应用程序开发人员和安全测试人员使用，以确保测试结果的完整性和一致性 – SecTodayBot

• Vulnerability Spotlight: Netgear Orbi router vulnerable to arbitrary command execution:
https://blog.talosintelligence.com/vulnerability-spotlight-netgear-orbi-router-vulnerable-to-arbitrary-command-execution/

   ・ Netgear Orbi Satellite RBS750，远程代码执行漏洞 TAOS-2022-1595 (CVE-2022-36429)  – SecTodayBot

• [Tools] Invoke-PSObfuscation - An In-Depth Approach To Obfuscating The Individual Components Of A PowerShell Payload Whether You'Re On Windows Or Kali Linux:
http://www.kitploit.com/2023/03/invoke-psobfuscation-in-depth-approach.html

   ・ 一种深入混淆 PowerShell 负载的各个组件的方法，无论您是在 Windows 还是 Kali Linux 上 – SecTodayBot

• [Windows] Windows Installer EOP (CVE-2023-21800):
https://blog.doyensec.com//2023/03/21/windows-installer.html

   ・ MSI 安装程序本地权限提升 – SecTodayBot

• Acropalypse flaw in Google Pixel’s Markup tool allowed the recovery of edited images:
https://securityaffairs.com/143748/hacking/google-pixel-acropalypse-flaw.html

   ・ Google Pixel 标记工具中的 Acropalypse 缺陷允许部分恢复编辑或编辑的屏幕截图和图像。 – SecTodayBot

• [Vulnerability] CVE-2023-28115: RCE vulnerability affects the popular PHP library, Snappy:
https://securityonline.info/cve-2023-28115-rce-vulnerability-affects-the-popular-php-library-snappy/

   ・ Snappy库中的 file_exists()函数存在反序列化漏洞，评分9.8 – keenan

• Pwn2Own Vancouver 2023 - The Full Schedule:
https://www.thezdi.com/blog/2023/3/21/pwn2own-vancouver-schedule-2023

   ・ Pwn2Own 温哥华 2023 - 完整时间表 – SecTodayBot

• Rapid7 Observed Exploitation of Adobe ColdFusion:
https://blog.rapid7.com/2023/03/21/etr-rapid7-observed-exploitation-of-adobe-coldfusion/

   ・ Rapid7 观察到在多个客户环境中利用 Adobe ColdFusion – SecTodayBot

• Multiple vulnerabilities in Jenkins plugins:
https://seclists.org/oss-sec/2023/q1/184

   ・ Jenkins 这些版本包含对以下插件的安全漏洞修复：JaCoCo 插件 3.3.2.1、OctoPerf 负载测试插件 4.5.1，4.5.2 和 4.5.3、管道聚合器视图插件 1.1 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab