腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] Project Zero 新公开了两个 Edge Chakra 的漏洞: Microsoft Edge: Chakra: JIT: Incorrect GenerateBailOut calling patterns(CVE-2017-11799),Microsoft Edge: Chakra: Accesses to uninitialized pointers in StackScriptFunction::BoxState::Box(CVE-2017-11809): https://bugs.chromium.org/p/project-zero/issues/detail?id=1333 https://bugs.chromium.org/p/project-zero/issues/detail?id=1338
-
[ Bug Bounty ] 利用 OAuth 配置错误的问题攻破雅虎旗下的 Flickr 服务: https://mishresec.wordpress.com/2017/10/12/yahoo-bug-bounty-exploiting-oauth-misconfiguration-to-takeover-flickr-accounts/
-
[ Industry News ] Hyatt 酒店再次受到信用卡攻击,黑客未授权访问到支付卡信息: https://www.theregister.co.uk/2017/10/12/hyatt_falls_to_credit_card_skimmers_for_second_time_in_two_years
-
[ Malware ] DoubleLocker:一种新型安卓勒索软件介绍: https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/
-
[ MalwareAnalysis ] Malwarebytes 对利用微软 Word 文档漏洞传播恶意软件的事件的分析: https://blog.malwarebytes.com/threat-analysis/2017/10/decoy-microsoft-word-document-delivers-malware-through-rat/
-
[ Vulnerability ] Adobe ColdFusion 反序列化远程代码执行漏洞利用 (CVE-2017-11283, CVE-2017-11238): https://nickbloor.co.uk/2017/10/13/adobe-coldfusion-deserialization-rce-cve-2017-11283-cve-2017-11238/
-
[ Windows ] Windows: WLDP/MSHTML CLSID UMCI Bypass(CVE-2017-11823): https://bugs.chromium.org/p/project-zero/issues/detail?id=1328