腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/09/11

Marco Grassi @marcograss

[ Android ] A simple bug in Wickr Android I disclosed in 2014 - https://marcograss.github.io/security/android/bug/2016/09/10/a-2014-wickr-bug.html

" marcograss 发现的一个 Android Wickr 消息通信 APP 的敏感信息泄露漏洞： https://t.co/k5EhioeBqq"
Binni Shah @binitamshah

[ Browser ] Internet Explorer has a URL problem : http://blog.innerht.ml/internet-explorer-has-a-url-problem/

" IE 浏览器 URL 跳转相关的一个小问题︰ https://t.co/8iJLfaDZAs"
Nicolas Grégoire @Agarri_FR

[ Debug ] WinAppDbg 1.6 is out! https://twitter.com/mario_vilas/status/774656786011983872

"WinAppDbg 调试器更新 1.6 版本，WinAppDbg 由 Python 语言编写，使用非常方便、灵活： https://github.com/MarioVilas/winappdbg "
Nicolas Krassas @Dinosn

[ Hardware ] General Motors Recalls 4.3 Million Vehicles Over a Software Bug http://gizmodo.com/general-motors-recalls-4-3-million-vehicles-over-a-soft-1786453219

"通用因为安全气囊相关的一个软件问题，召回 430 万辆汽车： https://t.co/ZB1s3SPt4E"
No Starch Press @nostarch

[ Hardware ] The Hardware Hacker is now in Early Access! @ bunniestudios http://nostarch.com/hardwarehacker https://t.co/HRqmEFng9s

"一本关于硬件的新书《The Hardware Hacker: Adventures in Making and Breaking Hardware》： https://t.co/Nfftyr6rGs https://t.co/HRqmEFng9s"
Binni Shah @binitamshah

[ Linux ] Randomizing the Linux kernel heap freelists : https://medium.com/@ mxatone/randomizing-the-linux-kernel-heap-freelists-b899bb99c767#.2hfiiea07

" Linux 内核 4.8 版本的堆空闲列表随机化特性︰ https://t.co/ABdfFt9rYh"
DEY! @DEYCrypt

[ Linux ] By @ n4x0r_ is Glibc Heap Analysis in Linux Systems with @ radareorg #r2con https://github.com/radareorg/r2con/blob/master/2016/talks/HeapAnalysis_r2.pdf (slides) https://www.youtube.com/watch?v=Svm5V4leEho (video)

" 基于 Radare2 的 Linux 系统堆分析： https://github.com/radareorg/r2con/blob/master/2016/talks/05-HeapAnalysis/HeapAnalysis_r2.pdf r2Con 会议关于这个议题的视频： https://t.co/Wqb1wYtQhb r2Con 会议所有的议题： https://github.com/radareorg/r2con/tree/master/2016/talks "
Binni Shah @binitamshah

[ macOS ] How Dropbox Hacks Your Mac : http://applehelpwriter.com/2016/08/29/discovering-how-dropbox-hacks-your-mac/

" How Dropbox Hacks Your Mac︰ https://t.co/Ujjdxijv4l"
Nicolas Krassas @Dinosn

[ NetworkDevice ] CVE-2016-6399 – CISCO disclosed unpatched flaw in ACE products http://securityaffairs.co/wordpress/51147/security/cisco-cve-2016-6399-flaw.html

" 思科披露了 ACE 产品的一个高危拒绝服务漏洞（CVE-2016-6399）： https://t.co/GdRy5eY3Pq"
Binni Shah @binitamshah

[ Others ] Everything about the CSV Excel Macro Injection : http://blog.securelayer7.net/how-to-perform-csv-excel-macro-injection/ https://t.co/cChBH7sq4Q

" 关于 CSV Excel 宏注入攻击︰ https://t.co/i3kqw3OhqY "
Nicolas Krassas @Dinosn

[ Popular Software ] Adobe Flash: Use-after-free when returning Rectangle https://bugs.chromium.org/p/project-zero/issues/detail?id=842

"Adobe Flash 在返回矩形类实例时的 UAF 漏洞，来自 Project Zero Issue 842： https://t.co/1oSOqv3hAR "
Int'l Man of Leisure @The_IMOL

[ Tools ] I love PeStudio for static malware analysis. #DFIR And @ aubsec may have written the authoritative guide on it: https://aubsec.github.io/dfir/2016/09/01/pe-studio/

" PeStudio - PE 文件静态分析工具︰ https://t.co/6uqZvTcEn7"

2016/09/11