每日安全动态推送(6-17)

文章预览

Tencent Security Xuanwu Lab Daily News •  GHSL-2024-001_GHSL-2024-003: Remote DoS and potential authentication bypasses in RubyGems.org - CVE-2024-35221: https://securitylab.github.com/advisories/GHSL-2024-001_GHSL-2024-003_rubygems_org/    ・   RubyGems.org远程DoS漏洞和潜在的身份验证绕过漏洞。  –  SecTodayBot •  NativeDump - Dump Lsass Using Only Native APIs By Hand-Crafting Minidump Files (Without MinidumpWriteDump!): https://dlvr.it/T8MPxq    ・   介绍了一种名为NativeDump的工具，它使用本机API来转储lsass进程，不涉及新漏洞信息，而是讨论了使用本机API转储lsass进程的功能和用法。  –  SecTodayBot •  poutine: Find Supply Chain Vulnerabilities Fast: https://meterpreter.org/poutine-find-supply-chain-vulnerabilities-fast/    ・   poutine是一款安全扫描工具，可用于检测存储库构建流水线中的错误配置和漏洞  –  SecTodayBot •  GitHub - sigstore/model-transparency: ………………………………