腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] slide for 《Pwn a Nexus device with a single vulnerability》in CanSecWest and full exploit for CVE-2015-6764 https://github.com/secmob/cansecwest2016
"360 的 oldfresher 在 CanSecWest 2016 会议的演讲《Pwn a Nexus device with a single vulnerability》 Slides,还有他用于参加 Pwn2Own Mobile 2015 比赛的 Exploit(CVE-2015-6764): https://t.co/4t5yxQdZAw "
-
[ Android ] Android security advisory http://source.android.com/security/advisory/2016-03-18.html
"Google 最近发现了一个 Android Root 应用,该应用利用一个本地提权漏洞实现 Root(CVE-2015-1805), 漏洞公告: https://t.co/LhuZlHYrN0"
-
[ Attack ] A VAST malvertising attack https://www.proofpoint.com/us/threat-insight/post/vast-malvertising-attack https://t.co/XNc9nfKK7h
"ProofPoint 最近观察到一个大型的恶意广告攻击,受攻击的网站包括 MSN.com Foxnews.com,ProofPoint 表示,这是第一个利用视频传播恶意广告的攻击: https://t.co/5OPPkaN99i https://t.co/XNc9nfKK7h"
-
[ Attack ] Phishers are using #YouTube channels to document and reveal their attacks. Learn more: http://symc.ly/1nMnxnG https://t.co/nvAoPQhmeD
"钓鱼攻击者创建 Youtube 视频频道,记录他们的攻击 ︰ https://t.co/bgZIPrsdbC https://t.co/nvAoPQhmeD"
-
[ Browser ] A short blog post explaining XSS filter/auditor in response to the previous poll: http://blog.innerht.ml/the-misunderstood-x-xss-protection/
"浏览器 XSS filter/auditor 保护的误解 - 哪种 XSS filter/auditor 设置最糟糕, Blog︰ https://t.co/SiZe4qA6Wv"
-
[ iOS ] iOS-URI-Schemes-Abuse https://github.com/pwnsdx/iOS-URI-Schemes-Abuse-PoC
"滥用 iOS URI Scheme, 5 个 URI Scheme Bug 的攻击 PoC, Github Repo: https://t.co/iVZCjhZ49I"
-
[ Mac OS X ] Pre-KeRanger Mac Ransomware http://avien.net/blog/pre-keranger-mac-ransomware/
"在 KeRanger 之前, Mac OS X 平台也出现过勒索软件,当时那个并不是真的加密用户的所有文件,只是弹个警告: https://t.co/gLkOofjpzQ"
-
[ Mac OS X ] Wow! #Apple has moved #CUPS to @ github: https://github.com/apple/cups https://cups.org/pipermail/cups/2016-March/027580.html
"Apple 开发的开源打印系统 CUPS 将代码托管移至 Github: https://t.co/wqQXjaLtnl https://t.co/hSoKB52Vk3"
-
[ Others ] #5G networks could provide bandwidth for up to 50B smart devices, which means more security (and privacy) risks: http://intel.ly/22sBneI
"5G 网络带来更多机会的同时,也带来了更多的风险和挑战, 来自 McAfee Blog ︰ https://t.co/ZLJQbZ4gZz"
-
[ Others ] New blog post: My Slides From The Stanford Security Seminar https://noncombatant.org/2016/03/19/stanford-security-seminar/ #langsec
"斯坦福大学安全研讨会的一个演讲《Computers Are Languages》,谈计算机程序就是处理不同的协议和格式,在处理过程中会存在很多的安全问题: https://t.co/TI85CjdZ6c #langsec"
-
[ Tools ] Crackq API is released! Roll your own client or integrate Crackq into existing projects https://hashcrack.org/crackq-api
"Crackq 是一个在线的基于分布式 GPU 的密码破解工具,现在 Crackq 开始提供 API 服务了: https://t.co/Un9KQtZuBq Crackq"
-
[ Tools ] BinDiff now available for free! - https://security.googleblog.com/2016/03/bindiff-now-available-for-free.html
"BinDiff 免费下载了: https://t.co/PJSVAydYfR BinDiff 是一个二进制比对工具,对于补丁分析很有帮助. 还有一个类似的二进制比对工具 Diaphora: https://github.com/joxeankoret/diaphora "
-
[ WirelessSecurity ] OpenCellID is a collaborative project to create a free worldwide database of #GSM Cell IDs http://opencellid.org/ https://t.co/6MINGHqFHn
"OpenCellID - 一个免费的全球 GSM Cell ID 数据库, 可以具体查看一个 Cell ID 的坐标、MCC、MNC、LAC、Cell ID 信息: https://t.co/aAlZV3jvJ6 能看到北京大约有 3000 多个 Cell ID"
