腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Android fdget() 优化导致的 binder UAF 漏洞(CVE-2019-2000) : https://bugs.chromium.org/p/project-zero/issues/detail?id=1719
-
[ Android ] Adnroid reclaim 和 munmap 之间的条件竞争导致的 VMA binder UAF 漏洞(CVE-2019-1999): https://bugs.chromium.org/p/project-zero/issues/detail?id=1721
-
[ Browser ] Chakra JIT 中的类型混淆漏洞(CVE-2019-0539)分析: https://perception-point.io/resources/research/cve-2019-0539-root-cause-analysis/
-
[ Browser ] Chakra 2019 年 2 月安全更新详情: https://github.com/Microsoft/ChakraCore/pull/5936
-
[ Defend ] 使用 SPIRE 自动分发 TLS 证书以进行更安全的身份验证: https://blog.envoyproxy.io/using-spire-to-automatically-deliver-tls-certificates-to-envoy-for-stronger-authentication-be5606ac9c75
-
[ Hardware ] Intel CPU 内部阻抗测量指南: http://www.keenlit.com/wp-content/uploads/2018/03/IFDIM-BKM-1.pdf
-
[ IoTDevice ] 以家庭路由为例讲解 IoT 逆向工程: http://va.ler.io/myfiles/dva/iot-rev-engineering.pdf
-
[ Malware ] 委内瑞拉关于人道主义援助运动的伪造域名钓鱼活动分析: https://securelist.com/dns-manipulation-in-venezuela/89592/
-
[ Malware ] 通过替换关键命令诱捕入侵者的 Python 脚本: https://twitter.com/JusticeRage/status/1095655920846204928
-
[ MalwareAnalysis ] 对 Lazarus 下载者的简要分析: https://medium.com/emptyregisters/lazarus-downloader-brief-analy-17875f342d96
-
[ Popular Software ] WordPress "Simple Social Button" 插件曝严重漏洞可导致站点被完全控制: https://threatpost.com/wordpress-plugin-flaw-website-takeover/141746/
-
[ Tools ] SharpShooter v2.0 发布,关于本次更新的功能介绍: https://www.mdsec.co.uk/2019/02/macros-and-more-with-sharpshooter-v2-0/
-
[ Web Security ] 绕过 Facebook CSRF 保护并进一步接管帐户: https://ysamm.com/?p=185
-
[ WirelessSecurity ] 使用 Bettercap 结合 PMKID 手法攻击 WPA/WPA2 网络: https://www.evilsocket.net/2019/02/13/Pwning-WiFi-networks-with-bettercap-and-the-PMKID-client-less-attack/
-
[ APT ] 分析 APT28 Zebrocy Delphi 加载器/后门变种: v6.02 -> v7.00: https://www.vkremez.com/2018/12/lets-learn-dissecting-apt28-zebrocy.html
-
-
[ Popular Software ] Oracle EBS 无需认证的 Blind SSRF 漏洞详情披露(CVE-2018-3167): https://medium.com/@x41x41x41/unauthenticated-ssrf-in-oracle-ebs-765bd789a145
-
[ Vulnerability ] Bank Muamalat 的 SQL 注入漏洞披露: https://medium.com/@liontin/sql-injection-web-bank-muamalat-2beeaf845dc7