腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] #SherlockDroid/#Alligator identified a new #Android #malware family: BadMirror. See http://blog.fortinet.com/post/badmirror-new-android-malware-family-spotted-by-sherlockdroid
"Fortinet 的爬虫&分析系统发现了一个新的 Android 恶意软件家族: BadMirror : https://t.co/n0uI47fSsx"
-
[ Android ] New post: Android Vulnerabilities Allow For Easy Root Access http://bit.ly/1UbG9u1 @ TrendMicro
"本月 Android 补丁更新中修复了多个高通骁龙芯片的漏洞,这些漏洞可以帮助攻击者获取手机的 Root 权限, 来自 TrendMicro Blog: https://t.co/4732btpwAB "
-
[ Attack ] Attackers compromised Burrp to redirect to Angler #exploit kit & drop Teslacrypt ransomware http://symc.ly/1T9tWHI https://t.co/mORnTmFfUS
"印度一家酒店推荐网站 Burrp 遭到攻击,网站用户被重定向到 Angler EK 并且感染 Teslacrypt 勒索软件: https://t.co/tYrye7m4AZ https://t.co/mORnTmFfUS "
-
[ Crypto ] Password hashing basics for developers http://ithare.com/password-hashing-why-and-how/
"面向开发者的密码 HASH 基础知识: https://t.co/FTMHgvTNHX"
-
[ iOS ] iOS apps in App Store sent #Snapchat password to their own servers via HTTP, discovered by @ chronic thru Verify.ly: http://9to5mac.com/2016/03/08/ios-apps-snapchat-harvest-credentials/
"App Store 的多款第三方 Snapchat iOS 应用被发现发送 Snapchat 的密码到自己的服务器上, Snapchat 是由斯坦福大学的两名学生开发的 '阅后即焚' 应用 : https://t.co/w5CXlvH5jw"
-
[ Linux ] erebus : A reverse engineering tool suite for linux : https://github.com/SuppenGeist/erebus
"erebus - Linux 平台逆向工具套件,开源, Github Repo: https://t.co/4wPOlBzc8T"
-
[ Malware ] #Unit42 finds #Banload #malware affecting Brazil exhibits unusually complex infection process http://bit.ly/1Tq41vb
"攻击巴西银行系统的木马 Banload,Palo Alto 这篇 Blog 分析该木马复杂的感染过程: https://t.co/KDAl2qWCmE"
-
[ Malware ] CVE-2016-0034 Silverlight Runtime Remote Code Execution Vulnerability - Sample MD5 01ce22f87227f869b7978dc5fe625e16 http://bit.ly/1pcS3J4
"恶意软件分析平台 Malwr 捕获到的 CVE-2016-0034 Silverlight 运行时远程代码执行漏洞的样本: https://t.co/HwYZLyTUFd"
-
[ Malware ] Locky Ransomware on Rampage With JavaScript Downloader https://blogs.mcafee.com/mcafee-labs/locky-ransomware-rampage-javascript-downloader/
"Locky 最近开始用混淆的 JavaScript 代码作为下载器了,成功执行后再下载 Locky 本身。 来自 McAfee Blog: https://t.co/y809Laiyup"
-
[ Others ] Cool Lecture Videos from MIT 6-858 Computer Systems Security http://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014/video-lectures/ #cybersecurity #MITx #MOOC
"麻省理工学院(MIT) 6-858 计算机系统安全课程视频资料: https://t.co/DiZSiqbaja "
-
[ Others ] ROP gadget quality in MPX compiled binaries [more useful gadgets, decrease in side effects] http://www.bodden.de/pubs/fbb16analyzing.pdf https://t.co/NSzWH8rqyM
"这篇 Paper 介绍的是如何衡量 ROP Gadgets 的质量、可用性、实用性, 在对 Intel MPX 编译的二进制进行分析后,得出结果: MPX 编译的二进制中可用的 ROP Gadgets 数量增加了: https://t.co/jhr1eBoi8q https://t.co/NSzWH8rqyM"
-
[ Pentest ] New Tool: Invoke-InstallUtilNSExec - InstallUtil + .NET 4.5 to load executables from network share. http://bit.ly/1QB6e3q @ subTee
"Invoke-InstallUtilNSExec - 通过 InstallUtil 从用户共享网络中加载可执行文件, Github Repo: https://t.co/MpySbE0H1p"
-
[ Popular Software ] Adobe Patches Reader and Acrobat, Teases Upcoming Flash Update: https://threatpost.com/adobe-patches-reader-and-acrobat-teases-upcoming-flash-update/116662/ via @ threatpost
"Adobe 发了本月的补丁公告, 其中包括 Acrobat Reader 3 个漏洞, 来自 ThreatPost 的报道: https://t.co/E7dLFuzbPE"
-
[ Popular Software ] Wireshark Wtap_optionblock_free Use-After-Free https://packetstormsecurity.com/files/136110/GS20160307233508.tgz
"Wireshark Wtap_optionblock_free UAF 漏洞: https://t.co/RHKA7hv4Ur"
-
[ Popular Software ] Exim Local User Privileges Escalation (CVE-2016-1531) http://exim.org/static/doc/CVE-2016-1531.txt
"邮件服务器软件 Exim 本地用户提取漏洞 (CVE-2016-1531), 来自 Exim 的公告: https://t.co/xi1cIG8uUM"
-
[ Popular Software ] NCC Group Advisories: SAP Netweaver - https://www.nccgroup.trust/uk/our-research/multiple-security-vulnerabilities-in-sap-netweaver-bsp-logon/ and https://www.nccgroup.trust/uk/our-research/potential-false-redirection-of-web-site-content-in-internet-in-sap-netweaver-web-applications/ - CVE-2015-8774 and CVE-2015-8775 by @ irsdl
"NCC Group 发现了集成化平台 SAP Netweaver 的多个漏洞: https://t.co/rnjwIk1GHM https://t.co/Hly6dVyD1D "
-
[ ReverseEngineering ] BinNavi's BinExport plugin is now open source: https://github.com/google/binexport
"二进制可视化导航工具 BinNavi 的插件 BinExport 开源了, 这个插件用于将汇编信息导出到 BinNavi 的数据库中, Github Repo : https://t.co/y9iImkc8TK"
-
[ ReverseEngineering ] Decoding syscalls in ARM64 - http://arm.ninja/2016/03/07/decoding-syscalls-in-arm64/
" ARM64 Syscall 分析(ARMv8-a 架构的安全模型), Blog: https://t.co/dzqEJzT8hJ"
-
[ ThirdParty ] (Another analysis) CVE 2015-7547 glibc getaddrinfo() vuln analysis https://labs.jumpsec.com/2016/03/07/cve-2015-7547-glibc-getaddrinfo-dns-vulnerability/
"来自 JumpSec Labs 对 CVE-2015-7547 glibc getaddrinfo() 漏洞的分析: https://t.co/b6VG2h0tJw"
-
[ Tools ] [Update]Powertool x64 V2.0 - Latest version of x64 Rootkit Analysis tool released, download http://d-h.st/users/powertool https://t.co/PRvcbujOI7
"Powertool 发布 x64 V2.0 版本更新,Powertool 是个用于 Rootkit 分析的工具,下载: https://t.co/Om2VpYAgHz https://t.co/PRvcbujOI7"
-
[ Tools ] Nice volatility plugin. parses the Ethernet packets stored by ndis.sys in Windows kernel space memory. https://github.com/bridgeythegeek/ndispktscan/blob/master/README.md
"Volatility 插件,用于从 Windows 内核 Dump 中提取 ndis.sys 存储的以太网数据包: https://t.co/FXxeOMuvL7"
-
[ Tools ] Csmith is a tool to generate random C programs to test tools that process C code https://embed.cs.utah.edu/csmith/ https://t.co/d25pG0DYGk
"Csmith - 可以用来生成随机 C 代码的工具, 生成的代码遵循 C99 标准, 这个工具可用来测试编译器、静态分析工具和其他类似工具: https://t.co/CyFH4ng5JX https://t.co/d25pG0DYGk"
-
[ Tools ] Google Open Sources Vendor Security Assessment Framework http://www.securityweek.com/google-releases-source-code-security-assessment-questionnaire?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
"VSAQ - Google 开源了一个厂商安全评估框架, 用来评估第三方程序的安全性, 有点类似交互式的调查问卷形式. 来自 SecurityWeek 的报告: https://t.co/J18dtfache Github: https://github.com/google/vsaq "
-
[ Tools ] The IDA Pro plug-in for the Kam1n0 engine. Based on IDAPython. https://github.com/McGill-DMaS/Kam1n0-Plugin-IDA-Pro
"Kam1n0 引擎的 IDA 扩展, Kam1n0 是个搜索工具,可以用来在二进制中搜索克隆代码块: https://t.co/tBhyyboQ2D"
-
[ Tools ] Dell open sources DCEPT, a honeypot tool for detecting network intrusions http://bit.ly/1QAjeGp #virus #malware https://t.co/YjttZscaYn
"戴尔开源了自己的 ActiveDirectory 蜜罐工具 DCEPT, 用于检测网络入侵行为. 来自 HelpNetSecurity 的报道: https://t.co/f31aSXPhZi 戴尔官方 Blog: https://www.secureworks.com/blog/dcept Github Repo: https://github.com/secureworks/dcept"
-
[ Web Security ] ATutor SQLi / RCE ! http://sourceincite.com/research/src-2016-04/ http://sourceincite.com/research/src-2016-05/ http://sourceincite.com/research/src-2016-06/ http://sourceincite.com/research/src-2016-07/ http://sourceincite.com/research/src-2016-08/
"基于 Web 开源学习管理系统 ATutor 存在多个漏洞(SQL 注入/RCE): https://t.co/6hmXi01tKY https://t.co/bQkMDsg8at https://t.co/In6u924fS7 https://t.co/dX0FSpIWb7 https://t.co/0wJMlu6eXr"
-
[ Windows ] MS16-034 - Important: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege https://technet.microsoft.com/en-us/library/security/MS16-034
"本月(3 月)的补丁 MS16-034 - (重要) Windows 内核驱动 win32k.sys 多个提取漏洞: https://t.co/NNbJYyLe04 本月所有的补丁公告: https://technet.microsoft.com/en-us/library/security/ms16-mar.aspx 共 13 个补丁包,其中 5 个为 Critical. 本月漏洞致谢信息: https://technet.microsoft.com/en-us/library/security/mt674627.aspx "
-
[ Windows ] How MAC Address Randomization Works on Windows 10 http://www.mathyvanhoef.com/2016/03/how-mac-address-randomization-works-on.html
"Windows 10 WiFi 下 MAC 地址随机化是如何工作的, Blog: https://t.co/vOW2cOtBhl "
-
[ Windows ] #MS16025 fixes DLL hijack in Windows Mail Find People object #CVE20160100 https://www.securify.nl/advisory/SFY20150904/windows_mail_find_people_dll_side_loading_vulnerability.html https://t.co/UBAoZgdBjX
"Windows Mail Find People Object DLL 劫持(wab32res.dll)(MS16-025 /CVE-2016-0100): https://t.co/BnZtn2PTP6 https://t.co/UBAoZgdBjX"
