每日安全动态推送(5-28)

文章预览

Tencent Security Xuanwu Lab Daily News •  Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1): https://www.ambionics.io/blog/iconv-cve-2024-2961-p1    ・   发现glibc中一个24年的缓冲区溢出漏洞，通过PHP引擎漏洞利用的方法。  –  SecTodayBot •  Page 1 of 36: https://drive.google.com/file/d/1lUFIugzEy1eBBWkLDHC_hzRfahZUCZYR/view?usp=sharing    ・   讨论了在规模上实现模糊测试的民主化  –  SecTodayBot •  Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973): https://spaceraccoon.dev/zscaler-client-connector-local-privilege-escalation/    ・   揭示了Zscaler Client Connector的多个漏洞，并详细分析了特权升级的方法  –  SecTodayBot •  NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers: https://gbhackers.com/nsa-zero-trust-maturity-guidance/    ・   NSA released guidance on advancing Zero Trus ………………………………