腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] Safari 技术预览版 42 发布: https://webkit.org/blog/8001/release-notes-for-safari-technology-preview-42/
-
[ Browser ] 微软的 OSR 团队主要负责提高 RCE Exploits 缓解和防御能力,包括 CFG、ACG、LPAC、WDAG。与微软不同,Google Chrome 的防御重点则是沙箱(Sandbox)。OSR 团队这篇 Blog 介绍他们认为仅仅依靠一个强悍的沙箱是不够的: https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond-sandboxing/
-
[ Industry News ] BoundHook 攻击利用了英特尔 Skylake 处理器的 MPX 功能,该技术可以让攻击者在别的进程中执行代码而不被反病毒软件察觉: https://threatpost.com/boundhook-attack-exploits-intel-skylake-mpx-feature/128517/
-
[ Industry News ] 攻击者使用 Magnitude 漏洞利用包对韩国发起 Magniber 勒索软件攻击: http://blog.trendmicro.com/trendlabs-security-intelligence/magnitude-exploit-kit-now-targeting-korea-with-magniber-ransomware/
-
[ Malware ] URSNIF 垃圾邮件中出现的新的恶意宏逃避技术: http://blog.trendmicro.com/trendlabs-security-intelligence/new-malicious-macro-evasion-tactics-exposed-ursnif-spam-mail/
-
[ MalwareAnalysis ] 对银行木马的深度分析报告: http://www.blackstormsecurity.com/docs/FOAATTB.pdf
-
[ MalwareAnalysis ] Minerva 研究团队对新型挖矿软件 - WaterMiner 的分析: https://minerva-labs.com/post/waterminer-a-new-evasive-crypto-miner
-
[ Others ] 昨天 Oracle 修复的 252 个漏洞中,其中有一个 PeopleSoft 软件 core engine 的高危漏洞(CVE-2017-10366),攻击者成功利用可以实现 PeopleSoft 服务器上的 RCE: https://threatpost.com/critical-code-execution-flaw-patched-in-peoplesoft-core-engine/128510/
-
[ Others ] Python 与机器学习:恶意软件数据集的聚类,来自 Hack.Lu 2017 会议上的一个 Workshop https://github.com/sebdraven/hack_lu_2017
-
[ Others ] 利用 Rowhammer 攻击确定性数字签名机制(ECDSA): https://eprint.iacr.org/2017/1014.pdf
-
[ ReverseEngineering ] 道奇(Nitro)汽车 OBD2 诊断设备的逆向,来自 QuarksLab: https://blog.quarkslab.com/reverse-engineering-of-the-nitro-obd2.html
-
[ Tools ] Sysinternals Sysmon 6.10 开始支持 WMI Permanent Event 的跟踪: https://www.darkoperator.com/blog/2017/10/15/sysinternals-sysmon-610-tracking-of-permanent-wmi-events
-
[ Tools ] wdbgark - WinDBG Anti-RootKit Extension: https://github.com/swwwolf/wdbgark
-
[ Tools ] 路由器 KRACK(CVE-2017-13082)测试脚本,检查路由器(AP)是否受 KRACK 攻击影响: https://github.com/vanhoefm/krackattacks-test-ap-ft
-
[ Virtualization ] Xen: unbounded recursion in pagetable de-typing(XSA-240): https://bugs.chromium.org/p/project-zero/issues/detail?id=1359
-
[ Android ] Awesome Android Open Source Libraries: https://blog.mindorks.com/awesome-android-open-source-libraries-56a008c776c0
-
-
[ Malware ] 微软 Office DDE 命令执行相关的几个恶意样本: http://contagiodump.blogspot.com/2017/10/dde-command-execution-malware-samples.html
-
[ SecurityProduct ] Endian Firewall 存在存储型 XSS 漏洞,可进一步实现远程代码执行: https://blogs.securiteam.com/index.php/archives/3471
-
[ Tools ] WinDbg Preview 1.0.14.0 Release Notes: https://blogs.msdn.microsoft.com/windbg/2017/10/18/windbg-preview-1-0-14-0-release-notes/
-
[ Vulnerability ] HPE Baseline Smart Gig SFP 24 / 3Com Baseline Switch 2924 SFP Plus Switch 存在无需认证即可利用的存储型 XSS 漏洞: https://blogs.securiteam.com/index.php/archives/3389
-
[ Windows ] Windows Defender Application Guard Hyper-V Container Code Integrity Policy: https://gist.github.com/mattifestation/010b44ce97cf70bb7edab32ffcc0649c