腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/01/29

Andrey Karpov @Code_Analysis

[ Android ] Top 10 reasons to use Visual Studio for C++ Android Development! : http://blogs.msdn.com/b/vcblog/archive/2016/01/25/ten-good-reasons-to-use-visual-studio-for-c-android-development.aspx

"用 Visual Studio IDE 从事 C++ Android 开发的 10 个理由: https://t.co/XCEjh0oWPg"
Symantec @symantec

[ Attack ] Global mass injection affects thousands of websites. Take action to avoid a future attack: http://symc.ly/1JFDS8s https://t.co/wjgvgUWJCM

"攻击者在全球攻击了超过 3500 个服务器， Symantec 认为这是攻击者为未来攻击做的前期侦查： https://t.co/wjgvgUWJCM https://t.co/QApcbiFUlF"
Nicolas Krassas @Dinosn

[ Attack ] Popular Site Leads To Angler EK & CVE-2015-8651 Flash Player Exploit http://blogs.forcepoint.com/security-labs/popular-site-leads-angler-ek-cve-2015-8651-flash-player-exploit

"ForcePoint 实验室监测到一些热门网站受到攻击，会将用户重定向到 Angler EK 站点， Angler EK 之后会用 CVE-2015-8651 漏洞攻击用户： https://t.co/PqaTHXfU2b"
Nicolas Krassas @Dinosn

[ Browser ] Oracle to Kill Java Browser Plugin http://threatpost.com/oracle-to-kill-java-browser-plugin/116065/

"Oracle 将废弃 Java 浏览器插件： https://t.co/aDF0FTeU6m"
Virus Bulletin @virusbtn

[ Defend ] New VB2015 paper and video: Effectively testing APT defences https://www.virusbtn.com/blog/2016/01_27.xml https://www.youtube.com/watch?v=KmaoAMkg7Ik https://t.co/vRld2Ytamu

"如何有效地测试 APT 防御技术或产品： https://t.co/zpeWh0KsLj https://t.co/GVxhbzYZao https://t.co/vRld2Ytamu"
TROOPERS Conference @WEareTROOPERS

[ Firmware ] UEFI Firmware Parser: set of scripts 4 parsing, extracting & recreating UEFI firmwa. volumes https://github.com/theopolis/uefi-firmware-parser https://t.co/tKsIcJC03X

"UEFI-firmware-parser - 用于解析、提取、重建 UEFI 固件的脚本： https://t.co/tKsIcJC03X https://t.co/mzHwSCnxQ5"
Robert Rodriguez @RobInfoSecInst

[ Forensics ] Windows Logging for PCI-DSS http://goo.gl/zARzG2 #MalwareAnalysis #Vulnerabilities

"为支持 PCI-DSS 标准，都需要收集哪些 Windows 日志？来自 InfoSec Blog： https://t.co/RVfIQNE4Kx "
Binni Shah @binitamshah

[ Hardware ] LTE security and protocol Exploits : http://www.ee.columbia.edu/~roger/ShmooCon_talk_final_01162016.pdf (pdf)

"LTE 安全性和协议漏洞攻击 - 来自 Roger Piqueras Jover 在 ShmooCon 2016 会议上的演讲： https://t.co/9hrKb4oPXQ "
http @SwissHttp

[ iOS ] New iOS security bugs from Google Project Zero: https://code.google.com/p/google-security-research/issues/list?can=1&q=iOS+modified-after%3A2016%2F1%2F26&sort=-id&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=tiles HT @ 0x56 @ willstraf

"Project Zero 新公开的 10 多个 iOS 安全漏洞，这些漏洞均由 Ian Beer 发现： https://t.co/gZZqvjVnKx "
Nicolas Krassas @Dinosn

[ iOS ] Elaborate iCloud Phish Used To Activate Stolen iPhones http://blog.malwarebytes.org/phishing/2016/01/elaborate-icloud-phish-used-to-activate-stolen-iphones-2/

"精心设计地 iCloud 钓鱼攻击，激活偷来的 iPhone。来自 MalwareBytes Blog： https://t.co/gCRQNUpJRd"
Nicolas Krassas @Dinosn

[ IoTDevice ] Getting A Reverse Shell On Your Seagate Personal NAS https://packetstormsecurity.com/news/view/26278/Getting-A-Reverse-Shell-On-Your-Seagate-Personal-NAS.html

"希捷个人 NAS 系统中获取反弹 Shell： https://t.co/Q0Z17NuEhd"
Daniel Bilar @daniel_bilar

[ Malware ] Self-modifying malware & protection waves in popular packers https://www.virusbtn.com/pdf/conference_slides/2015/Calvet-etal-VB2015.pdf [also https://twitter.com/daniel_bilar/statuses/599160020199206912?tw_i=599160020199206912&tw_e=permalink&tw_p=archive ] https://t.co/zNFeLJhVEr

"WaveAtlas - 恶意软件加壳的现状： https://t.co/24avaS2XiX "
Darien Huss @darienhuss

[ MalwareAnalysis ] Check out my latest research on the #APT #Bergard toolset! https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

"Bergard 木马分析 - 旧木马，新技巧。来自 ProofPoint Blog： https://t.co/Txq4iey4N7"
FireEye @FireEye

[ MalwareAnalysis ] New version of #CenterPOS, known in the cybercrime underground as Cerebrus, has been found http://bddy.me/1lWQa0D https://t.co/pKr2TrdF5a

"CenterPOS 恶意软件分析，该 POS 恶意软件在 2015 年 9 月被首次发现，来自 FireEye Blog： https://t.co/pKr2TrdF5a https://t.co/U9245nlyLj"
PHR34K @unpacker

[ MalwareAnalysis ] Ransomware Used as a Distraction http://www.secureworks.com/resources/blog/ransomware-used-as-a-distraction/

"攻击者通过勒索软件使分析人员分心，转移注意力。来自 DELL Security Blog： https://t.co/P1Pt2XI6mw"
PHR34K @unpacker

[ MalwareAnalysis ] Introducing Hi-Zor RAT http://www.threatgeek.com/2016/01/introducing-hi-zor-rat.html

"Hi-Zor 远控木马分析： https://t.co/Iae6ZLc47k"
Didier Stevens @DidierStevens

[ MalwareAnalysis ] Quick analysis of BlackEnergy .DOC dropper https://securelist.com/blog/research/73440/blackenergy-apt-attacks-in-ukraine-employ-spearphishing-with-word-documents/ https://t.co/xjt5LjNwtC

"BlackEnergy 攻击乌克兰的 .DOC 样本分析，来自 Kaspersky Blog： https://t.co/LZZBAuuTiM https://t.co/xjt5LjNwtC"
Full Disclosure @SecLists

[ Others ] Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability http://goo.gl/fb/QPG2cd #FullDisclosure

"TrendMicro DirectPass 过滤器绕过、JavaScript 代码注入漏洞，来自 FullDisclosure： https://t.co/ytOWTECpot "
Binni Shah @binitamshah

[ ThirdParty ] OpenSSL Key Recovery Attack on DH small subgroups : http://intothesymmetry.blogspot.in/2016/01/openssl-key-recovery-attack-on-dh-small.html //CVE-2016-0701

"OpenSSL Key Recovery Attack on DH small subgroups（CVE-2016-0701）: https://t.co/IpGIEZgAsC "
Aurélien Francillon @aurelsec

[ Tools ] Updates to Avatar, our dynamic analysis framework for embedded systems: http://www.s3.eurecom.fr/tools/avatar/

"Avatar - 用于嵌入式固件批量动态分析的框架: https://t.co/n1HEH9Mbdf 之前推送过一篇介绍这个框架的 Paper： http://staging.www.isocdev.org/sites/default/files/02_3_1.pdf "
Nicolas Krassas @Dinosn

[ Tools ] VirusTotal adds support for analyzing EFI firmware files http://blog.virustotal.com/2016/01/putting-spotlight-on-firmware-malware_27.html

"VirusTotal 增加了对分析 EFI 固件文件的支持： https://t.co/ITUnOyqgIh "
Kevin Beaumont @GossiTheDog

[ Tools ] Neat new tool from Microsoft called Policy Analyzer, let's you treat GPOs as single configuration, to spot errors http://blogs.technet.com/b/secguide/archive/2016/01/22/new-tool-policy-analyzer.aspx

"微软发了一个新工具 Policy Analyzer，用于分析和比较组策略对象： https://t.co/Z8nAWCI1gl"
PhysicalDrive0 @PhysicalDrive0

[ Vulnerability ] Win32k Elevation of Privilege Vulnerability MS15-073 CVE-2015-2365 http://bit.ly/1V9Samz CVE-2015-2366 http://bit.ly/1ix9AI1

"Win32k UserCommitDesktopMemory UAF 漏洞（MS15-073，CVE-2015-2365），漏洞来自 Project Zero Issue 335： http://t.co/NeCGu9en0X http://t.co/2mRpLTMLhj"
Jack Whitton @fin1te

[ Web Security ] New Post - "An XSS on Facebook via PNGs & Wonky Content Types" https://fin1te.net/articles/xss-on-facebook-via-png-content-types/ #bugbounty #facebook #xss

"Facebook PNG XSS 与靠不住的 Content Type，来自 fin1te Blog： https://t.co/eczTSlgsRH"
Robert Rodriguez @RobInfoSecInst

[ Web Security ] Web Application Firewall 101: How to Prevent Web Hacking http://goo.gl/IvuU0x #Hacking

"Web 应用防火墙: 如何防止 Web Hacking，来自 InfoSec Blog： https://t.co/5boOdz8aNF "
Binni Shah @binitamshah

[ Web Security ] bitdump : A tool to extract database data from a blind SQL injection vulnerability : https://github.com/nbshelton/bitdump

"bitdump - 用于从一个已知的 SQL 注入漏洞中导出数据库数据的工具: https://t.co/fqLWVAOjq1"
indi303 @indi303

[ Windows ] Digging this site and the BypassUAC/Priv Esc post https://secinfodb.wordpress.com/windows-uacprivilegescredentials/

"Windows UAC Bypass、提权、凭据窃取等方面的资料收集列表： https://t.co/D0s2tyOxxI"

2016/01/29