腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/01/25

Runa A. Sandvik @runasand

[ Android ] Experimental analysis of popular smartphone apps offering anonymity, ephemerality, and end-to-end encryption: http://arxiv.org/abs/1510.04083

"几款热门匿名、阅后即焚、端到端加密应用的分析，来自伦敦大学的 Paper: https://t.co/aDWJRD3pj1"
Nicolas Krassas @Dinosn

[ Android ] Android privilege escalation to mediaserver from zero permissions (CVE-2014-7920 + CVE-2014-7921) http://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html (Detailed writeup)

"Android 提权 - 结合两个漏洞(CVE-2014-7920 + CVE-2014-7921)实现 MediaServer 进程内的任意代码执行，而且不要求任何权限，来自 Bits-Please Blog： https://t.co/9LPPVWWX7s "
Security Response @threatintel

[ Android ] Facebook adds anonymous Tor network support to its Android app https://www.facebook.com/notes/facebook-over-tor/adding-tor-support-on-android/814612545312134?_rdr=p

"Facebook Android APP 加入对匿名 Tor 网络的支持： https://t.co/nYRDswLwIV"
Binni Shah @binitamshah

[ Attack ] Attackers typically redesign C2 infrastructure and deploy entirely new / updated malware after being exposed : http://blog.cylance.com/puttering-into-the-future

"在被曝光后，攻击者通常会重新设计 C&C 基础架构、部署全新的恶意软件，来自 Cylance Blog 《Puttering into the Future》: https://t.co/vfxMq2y4VF"
Palo Alto Networks @PaloAltoNtwks

[ Attack ] #ICYMI @ Unit42_Intel discovered new attacks linked to C0d0s0 group http://bit.ly/1UjI3af #Unit42

"Palo Alto 发现了一个新攻击活动，并且认为与 C0d0s0 组织有关，而 C0d0s0 曾经攻击了 Forbes.com。另外这个攻击活动中所用的域名的注册邮箱为中国的 163 邮箱，解析的 IP 为香港 IP。来自 Palo Alto Blog: https://t.co/ccFaRFyJwf "
Nicolas Krassas @Dinosn

[ Firmware ] Tytera MD380 Radio - Reverse Engineering http://hackaday.com/2016/01/19/shmoocon-2016-reverse-engineering-cheap-chinese-radio-firmware/

"逆向廉价的中国产 Tytera MD380 无线电固件： https://t.co/HP3jss1PQL"
Nicolas Krassas @Dinosn

[ Hardware ] Conditional instructions in the ARM1 processor, reverse engineered http://www.righto.com/2016/01/conditional-instructions-in-arm1.html

"ARM1 处理器条件指令的电路级实现逆向，来自 Ken Shirriff Blog： https://t.co/qEKF5dCDzc"
Sarah Edwards @iamevltwin

[ iOS ] Script Update: iOS Frequent Locations Dumper now with CSV/KML Outputs! http://ht.ly/XsZh6 #DFIR #mac4n6 https://t.co/oE1nL6KRuE

"iOS 常去地点文件解析工具，现在支持 CSV/KML 格式输出： https://t.co/oE1nL6KRuE https://t.co/8iO9R2kKxI "
CTurt @CTurtE

[ Linux ] Multiple vulnerabilities in AMR ioctl handler: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206579

"FreeBSD AMR 设备 ioctl handler 存在多个漏洞: https://t.co/UTuwjvLZOK"
Nicolas Krassas @Dinosn

[ Linux ] Exploiting a Linux Kernel Infoleak to bypass Linux kASLR https://marcograss.github.io/security/linux/2016/01/24/exploiting-infoleak-linux-kaslr-bypass.html

"利用一个 Linux 内核信息泄露漏洞绕过 kASLR，据作者说，这个漏洞可能之前已经被多个人知道，但 Linux 社区没怎么关注。来自 marcograss Blog： https://t.co/Jn8QJOzlg6"
CTurt @CTurtE

[ Linux ] Possible kernel buffer overflow in hpt_set_info: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206585

"Linux hpt_set_info 内核缓冲区溢出: https://t.co/tKtJj2jpRm"
Binni Shah @binitamshah

[ Malware ] Imminent Monitor 4 RAT Analysis – A Glance : https://itsjack.cc/blog/2016/01/imminent-monitor-4-rat-analysis-a-glance/

"Imminent Monitor 4 RAT 工具分析: https://t.co/yzaDSyUssK"
Decalage @decalage2

[ MalwareAnalysis ] How to find malware samples containing specific strings http://decalage.info/malware_string_search @ botherder @ PayloadSecurity #DFIR https://t.co/ISAwbG8sxf

"如何搜索含特定字符串的恶意样本，来自 Decalage Blog： https://t.co/n2yWobyQfi https://t.co/ISAwbG8sxf"
Giuseppe `N3mes1s` @gN3mes1s

[ Others ] Virtual I/O Device (VIRTIO) Version 1.0 - https://docs.oasis-open.org/virtio/virtio/v1.0/virtio-v1.0.html

"虚拟 I/O 设备 (VIRTIO) 版本 1.0 - 委员会草案 05： https://t.co/ugAFYsOCZs"
Nicolas Krassas @Dinosn

[ Others ] JavaScript Backdoor http://en.wooyun.io/2016/01/18/JavaScript-Backdoor.html

"JavaScript 后门，来自 Wooyun Drops： https://t.co/TMO3zISxea"
DeepSec Conference @deepsec

[ Others ] #DeepSec Video: Yes, Now YOU Can #Patch That Vulnerability Too!: … http://wp.me/p6PE4U-CF #0day #Software #fb

" DeepSec 演讲《现在可以自己 Patch 漏洞了》，这个演讲中作者介绍了如何 Patch 运行中的应用，修复漏洞，来自 DeepSec Blog： https://t.co/LdaRXRfc5f"
Binni Shah @binitamshah

[ Others ] CVE-2015-4400 : Backdoorbot, Network Configuration Leak on a Connected Doorbell : http://blog.fortinet.com/post/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell

"CVE-2015-4400: Backdoorbot，支持 WiFi 连接的电子门铃 Ring 存在网络配置泄露漏洞，来自 Fortinet Blog: https://t.co/oWAA0NNsAv"
Nicolas Krassas @Dinosn

[ Popular Software ] PHP 5.6.10 Buffer overflow and stack smashing error in phar_fix_filepath https://cxsecurity.com/issue/WLB-2016010158

"PHP 5.6.10 phar_fix_filepath 缓冲区溢出漏洞，来自 CXSecurity 公告： https://t.co/PZCQtGEVaM"
Binni Shah @binitamshah

[ Programming ] Mona compiler Development (Part 1) : http://jancorazza.com/2015/10/02/fundamentals-of-mona/ ,Part 2 : Parsing : http://jancorazza.com/2016/01/21/mona-compiler-development-part-2-parsing/

"Mona 编译器开发 Part 1： https://t.co/RpuIOBt1Sf Part 2: Parsing : https://t.co/uhhcAtfOEd"
Nicolas Krassas @Dinosn

[ Tools ] Shodan implements a feature to browse vulnerable webcams http://securityaffairs.co/wordpress/43901/hacking/shodan-vulnerable-webcams.html

"Shodan 搜索引擎实现了一个功能，可以直接查看存在漏洞的网络摄像头： https://t.co/07LzHhcqfX"
Matt Graeber @mattifestation

[ Windows ] Do you know WMI and WinRM? If not, good luck even applying updates to Nano Server. http://blogs.technet.com/b/nanoserver/archive/2016/01/16/updating-nano-server-using-windows-update-or-windows-server-update-service.aspx

"通过 Windows Update 或者 Windows Server Update 服务更新 Nano Server。 Nano Server 是 Windows Server 2016 的一个新特性，类似于没有 GUI 的 Server Core，尺寸很小，非常适合虚拟环境。 https://t.co/CmyhJBSnC0"

2016/01/25