腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Industry News ] Oracle 在本次的季度重要更新中修补了 250 个漏洞: https://threatpost.com/oracle-patches-250-bugs-in-quarterly-critical-patch-update/128484/
-
[ Industry News ] lenovo 修复了其下 Android tablet、 Vibe 系列及 Zuk 系列手机中的多个漏洞: https://threatpost.com/lenovo-quietly-patches-massive-bug-impacting-its-android-tablets-and-zuk-vibe-phones/128489/
-
[ Industry News ] 据前员工透露,微软用于跟踪 Bugs 的内部秘密数据库四年前(2013)被黑了: http://www.reuters.com/article/us-microsoft-cyber-insight/exclusive-microsoft-responded-quietly-after-detecting-secret-database-hack-in-2013-idUSKBN1CM0D0
-
[ Industry News ] 台湾商业银行 FEIB 被抢劫事件调查中发现了多个 Lazarus 组织的攻击工具: https://baesystemsai.blogspot.com/2017/10/taiwan-heist-lazarus-tools.html
-
[ Linux ] Linux Kernel AF_PACKET Use-After-Free: https://blogs.securiteam.com/index.php/archives/3484
-
[ Popular Software ] 据 ZDI 统计,PDF 阅读器有很大一部分漏洞出在图片转 PDF 的功能中。ZDI 这篇 Blog 介绍如何高效地 Fuzz 和分析 Foxit Reader 的图片转 PDF 特性: https://www.zerodayinitiative.com/blog/2017/10/17/wrapping-the-converter-within-foxit-reader
-
[ Tools ] Ohm - 为 JavaScript 写一个其他语言的 Parser: https://nextjournal.com/dubroy/ohm-parsing-made-easy
-
[ Tools ] 用于辅助 IDA 逆向的多个脚本工具: https://github.com/1111joe1111/ida_ea
-
[ Windows ] Windows 10 今天正式发布并推送秋季大版本更新(Fall Creators Update),新版本中 Edge 浏览器也相应地升级到了 EdgeHTML 16 版本。新版本的变化: https://blogs.windows.com/windowsexperience/2017/10/17/get-windows-10-fall-creators-update/#F3ViIjLUAaCLgl1a.97 https://blogs.windows.com/windowsexperience/2017/10/17/whats-new-windows-10-fall-creators-update/ https://blogs.windows.com/msedgedev/2017/10/17/edgehtml-16-fall-creators-update/
-
[ Windows ] Windows WDK 1709 (16299/RS3) 也发布了: https://www.osr.com/blog/2017/10/17/wdk-1709-aka-16299-aka-rs3-released/
-
[ Browser ] Chrome 发布 62.0.3202.62 版本,本次更新修复了多达 35 个漏洞: https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html
-
[ Browser ] 除了 Firefox 浏览器,今天更新的 Windows 10 中,EdgeHTML 16 也开始支持 CSS Grid Layout 特性,来自 Mozilla Firefox Blog 对该特性的介绍: https://hacks.mozilla.org/2017/10/an-introduction-to-css-grid-layout-part-1/ https://hacks.mozilla.org/2017/10/an-introduction-to-css-grid-layout-part-2/
-
[ Industry News ] Linus Torvalds 表示定向 Fuzzing 正在帮助 Linux 操作系统提升安全性: http://www.zdnet.com/article/linus-torvalds-says-targeted-fuzzing-is-improving-linux-security/
-
[ iOS ] Apple iOS 10.2 (14C92) CVE-2017-7115 Exploit,漏洞由 project Zero 发现:Apple: Multiple Race Conditions in PCIe Message Ring protocol leading to OOB Write and OOB Read: https://bugs.chromium.org/p/project-zero/issues/detail?id=1317
-
[ IoTDevice ] Hacking 蓝牙智能门锁,来自 Brucon 会议: https://smartlockpicking.com/slides/BruCON0x09_2017_Hacking_Bluetooth_Smart_locks.pdf
-
[ Others ] 0Day 漏洞和他们的 Exploits 的一生(The Life and Times of Zero-Day Vulnerabilities and Their Exploits),来自 Rand 研究团队的报告: https://www.rand.org/pubs/research_reports/RR1751.html
-
-
-
-
-
-
[ Windows ] 利用 Non-paged Kernel Pool Feng Shui 技术在 64 位 Windows 7 上攻击 HEVD 驱动的 UAF 漏洞: https://securityinsecurity.github.io/exploiting-hevd-use-after-free/
-
[ WirelessSecurity ] “WPA2被破解”是啥意思?连个WiFi,我的账号密码丑照就全泄露了?!: https://mp.weixin.qq.com/s/nJj57YsvGMZj3egw_zLrlg