腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Trojan for Android preinstalled on Phillips s307 firmware http://news.drweb.com/show/?i=9792&lng=en&c=5
"Android 固件木马 Android.Cooee.1 被发现预装在 Phillips s307 手机中,来自 Dr.Web Blog: https://t.co/Svq1AavsDt "
-
[ Android ] @ MalwareMustDie #BLOCK (pic) #China #android #ELF #malware #CNC case: https://pastebin.com/9YhRvYEY rpt by: @ ptolomeo_sec https://t.co/np3TwACusR
"来自中国的疑似恶意软件被发现预装在 Android 手机上,来自 OEM 厂商锐嘉科, MalwareMustDie 在 Pastebin 上贴出了分析报告: https://t.co/l4APkcUOOC https://t.co/np3TwACusR "
-
[ Android ] CAF Chromium Browser: a chromium fork with built-in ad blocker for Android - http://caf.notphenom.com/
"CAF Chromium 浏览器 - Chromium 项目的 Android Fork 版,内建的广告拦截工具: https://t.co/d0ebSGMWN2"
-
[ Android ] Cracking Damn Insecure and Vulnerable App (DIVA) – part 4: http://goo.gl/8Tk5aC #AccessControl #Hacking
"Cracking Diva(Damn insecure and vulnerable App),来自 InfoSec Blog,Part 4: https://t.co/pNF5KY5RHf Part 3: http://resources.infosecinstitute.com/cracking-damn-insecure-and-vulnerable-app-diva-part-3/#article Part 2: http://resources.infosecinstitute.com/cracking-damn-insecure-and-vulnerable-app-diva-part-2/#article Part 1: http://resources.infosecinstitute.com/cracking-damn-insecure-and-vulnerable-apps-diva-part-1/#article "
-
[ Attack ] New wave of attacks against Ukrainian power industry http://www.welivesecurity.com/2016/01/20/new-wave-attacks-ukrainian-power-industry/
"乌克兰电力遭受新一轮攻击,来自 WeLiveSecurity Blog: https://t.co/4yrRmP7Jdt"
-
[ Debug ] Intro to Debugging X86-64 Assembly : http://nickdesaulniers.github.io/blog/2016/01/20/debugging-x86-64-assembly-with-lldb-and-dtrace/
"LLDB 调试 X86-64 汇编的指令介绍: https://t.co/Mc12QtRhuF"
-
[ Defend ] Intel® Memory Protection Extensions (Intel® MPX) support in Microsoft Visual Studio 2015 Update 1 #awesome http://blogs.msdn.com/b/vcblog/archive/2016/01/20/visual-studio-2015-update-1-new-experimental-feature-mpx.aspx
"Microsoft Visual Studio 2015 Update 1 开始支持 Intel MPX(内存保护扩展),该特性可以在运行时检查内存指针的越界访问情况,利用该特性可以检测缓冲区溢出。来自 MSDN Visual Studio Blog: https://t.co/vTO2I0TIeB"
-
[ Industry News ] iSIGHT and FireEye: Ushering in a New Era of Intelligence-Led Security http://bddy.me/1lzJaGA #infosec #threatintel https://t.co/iHtTRr30qV
"FireEye 收购 iSIGHT Partners,开始情报主导的安全: https://t.co/uRzBwCO5Y2 https://t.co/iHtTRr30qV"
-
[ iOS ] Safari Cookie Store vulnerable to attacks from wifi captive portals pre iOS 9.2.1 https://www.skycure.com/blog/shared-cookie-stores-bug-fixed-in-ios-9-2-1/
"iOS 9.2.1 之前版本的 Safari Cookie 仓库在处理 wifi captive portals(Web 认证)时存在漏洞,该漏洞可以导致用户 Cookie 被窃取,来自 Skycure Blog: https://t.co/LclgrB4QIp "
-
[ Linux ] NTP Stats Directory Cleanup Cronjob Root Privilege Escalation http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/
"NTP 状态统计目录定时清理脚本存在漏洞,可以允许攻击者 Root 提权: https://t.co/9JPReXZ2yf"
-
[ Mac OS X ] Analysis of iOS & OS X Vulnerability: CVE-2016-1722 - https://blog.zimperium.com/analysis-of-ios-os-x-vulnerability-cve-2016-1722/ by @ jduck and @ pimskeks
"iOS/OS X syslogd 堆溢出漏洞分析(CVE-2016-1722): https://t.co/VCzCPpYN8V"
-
[ Malware ] Angler exploit kit rings in 2016 with CryptoWall ransomware https://nakedsecurity.sophos.com/2016/01/21/angler-exploit-kit-rings-in-2016-with-cryptowall-ransomware/
"正如昨天推送的,圣诞节假期期间,Angler Exploit Kit 的活动频率陡降,但没过几天,它又恢复'正常'了,来自 Sophos Blog: https://t.co/4pJobJDveh"
-
[ MalwareAnalysis ] The Asacub Trojan: from spyware to banking malware https://securelist.com/blog/research/73211/the-asacub-trojan-from-spyware-to-banking-malware/
"Android Asacub 木马 - 从间谍软件到银行恶意软件,来自 Kaspersky Blog: https://t.co/c3nMDRQA24"
-
[ MalwareAnalysis ] Understanding #WMI Malware > still a good reference http://la.trendmicro.com/media/misc/understanding-wmi-malware-research-paper-en.pdf
"了解 WMI 恶意软件,来自 TrendMicro 2010 年的一篇 Paper: https://t.co/H5MfdaIPFJ"
-
[ NetworkDevice ] Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm
"Cisco 统一计算系统管理器和 Cisco Firepower 9000 远程命令执行漏洞,来自 Cisco 安全公告: https://t.co/421VU6s2PZ"
-
[ NetworkDevice ] SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX… http://goo.gl/fb/rVBzCQ #FullDisclosure
"AMX 中控主机设备里故意藏后门,而 AMX 又是美国军队、白宫以及一些其他敏感组织的设备提供商: https://t.co/SDJQryVseu "
-
[ Others ] Towards Vulnerability Discovery Using Extended Compile-time Analysis http://arxiv.org/pdf/1508.04627.pdf
"通过编译时分析发现安全漏洞,来自柏林慕尼黑理工大学的 Paper,该系统被命名为 Melange,作者表示利用该系统已经发现了 Chromium 项目源码中的漏洞: https://t.co/ZmETYdVHBv"
-
[ Programming ] #Python Performance Tips https://wiki.python.org/moin/PythonSpeed/PerformanceTips
"Python 性能优化建议,来自 Python WiKi: https://t.co/eEq1W631Sm "
-
[ ThirdParty ] Bypass PHP safe mode by abusing SQLite3’s FTS tokenizer : http://chichou.0ginr.com/blog/1336/abuse-sqlite3-ext-to-bypass-php-security-restrictions
"滥用 SQLite3 的 FTS tokenizer,绕过 PHP Safe Mode,来自 chichou Blog: https://t.co/xB1RpLcEvX"
-
[ Vulnerability ] Deep Analysis of CVE-2016-0010 - Microsoft Office RTF File Handling Heap Overflow Vulnerability http://blog.fortinet.com/post/deep-analysis-of-cve-2016-0010-microsoft-office-rtf-file-handling-heap-overflow-vulnerability
"Microsoft Office RTF 文件解析堆溢出漏洞深度分析(CVE-2016-0010,MS16-004),来自 Fortinet Blog: https://t.co/4sqJT5G4l4"
-
[ Web Security ] A Reflected File Download flaw affects Google Finance http://securityaffairs.co/wordpress/43823/hacking/reflected-file-download-google-finance.html
"Google 财经反射式文件下载漏洞,来自 SecurityAffairs: https://t.co/MlApYD4Taj"
-
[ Windows ] #DeepSec Video: A Case Study on the Security of Application #Whitelisting: … http://wp.me/p6PE4U-CC #SCADA #Malware
"应用白名单案例研究,来自 DeepSec 2015 会议, 视频和 Slides: https://t.co/7DDDuxu9NP"
