腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Attack ] Large-Scale Phishing Campaign Targeting Egyptian Civil Society https://citizenlab.org/2017/02/nilephish-report/ #phishing #APT #censorship https://t.co/2BXGJWV6CG
"Nile Phish - 针对埃及公民团体的大规模钓鱼行动: https://t.co/zawwOin2MW https://t.co/2BXGJWV6CG"
-
[ Browser ] Metasploit module for Cisco WebEx Chrome Extension Remote Command Execution http://t0s.me/2krq34X
" 用于攻击思科 WebEx Chrome 扩展的 Metasploit 模块,可实现远程命令执行: https://t.co/h3OaKP8yux"
-
[ iOS ] #MacOS/#iOS #snoop library to inject and easily intercept #XPC messages - http://newosxbook.com/tools/XPoCe.html from #MOxiI2 Vol.… https://t.co/jI8GrskTJs
"macOS/iOS 系统用于注入和劫持 XPC 消息的一个库: https://t.co/jI8GrskTJs https://t.co/GGksLzuT4r"
-
[ IoTDevice ] Multiple vulnerabilities found in the Dlink DWR-932B - Analysis of the "corrected" firmware https://pierrekim.github.io/blog/2017-02-02-update-dlink-dwr-932b-lte-routers-vulnerabilities.html
" Dlink DWR-932B 路由器多个漏洞的分析: https://t.co/s07MCNiYRx "
-
[ NetworkDevice ] Cisco Prime Home Authentication Bypass Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home
"(CVE-2017-3791)Cisco Prime Home Web 系统身份验证绕过漏洞: https://t.co/A5jrirlJE3"
-
[ Others ] CVE-2017-3241 Java RMI Registry.bind() Unvalidated Deserialization | @ NCCGroupInfosec https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2017/cve-2017-3241-java-rmi-registrybind-unvalidated-deserializationpdf/
" CVE-2017-3241 Java RMI Registry.bind() 反序列化验证不严格漏洞: https://t.co/Tkwwph5nQ0"
-
[ Windows ] Windows 10 build 15025 supports enabling "strict CFG" for a process which prevents non-CFG DLLs from being loaded :) https://twitter.com/Blomster81/status/823574428579725312
"Windows 10 Build 15025 版本开始支持 "strict CFG",用于禁止进程加载不支持 CFG 的 DLL: https://t.co/z76VN8pd9h"
-
[ Windows ] Windows internal structures with nice presentation layer by @ rwfpl: http://terminus.rewolf.pl/terminus/
"Windows 的内部数据结构信息搜索工具: https://t.co/33KxTwlMAd"