腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Who viewed your #Instagram account? And who stole your password? https://kas.pr/1jrT by @ r0bertmart1nez & @ thiagoolmarques
"谁看了你的 Instagram 账户, 又是谁偷了你的密码. 最近一款 'InstaCare – Who cares with me' 应用盗取用户敏感信息, 该应用滥用 OAuth 协议. 来自 Kaspersky Blog: https://t.co/LoBmCqiDNO"
-
[ Android ] The “SpyLocker” Malware in Android – What you Need to Know https://blogs.mcafee.com/consumer/spylocker-malware-what-you-need-to-know/
"关于 Android SpyLocker 恶意软件, 你需要了解的: https://t.co/SZGnsDnE30"
-
[ Attack ] Taiwan Presidential Election: A Case Study on Thematic Targeting http://pwc.blogs.com/cyber_security_updates/2016/03/taiwant-election-targetting.html
"台湾大选定向攻击案例研究: https://t.co/vClPNAjvnD "
-
[ Challenges ] Writing generic exploits for browsers 101 : http://blog.frizn.fr/bkpctf-2016/qwn2own-bkpctf16 cc: @ Friz_N
"BKP CTF 2016 中一道 Exploit 定制版浏览器的题 ︰ https://t.co/MDLr6B1aLE "
-
[ Hardware ] Awesome framework for black-box CAN bus/network analysis https://github.com/eik00d/CANToolz
"CANToolz - CAN BUS 网络黑盒分析框架, Github Repo: https://t.co/A0kInLIWZA"
-
[ iOS ] iOS 9.3 fixes crypto attack on iMessage (@ matthew_d_green et al) and code signing bypass (@ ericmonti). Update ASAP: http://support.apple.com/en-au/HT206166
"iOS 发布 9.3 版本更新,修复多个漏洞,Apple 的漏洞公告︰ https://t.co/W52g1O1orw"
-
[ iOS ] Blog post about our iMessage work: http://blog.cryptographyengineering.com/2016/03/attack-of-week-apple-imessage.html. Paper here: https://isi.jhu.edu/~mgreen/imessage.pdf
"来自约翰·霍普金斯大学的研究员对 iMessage 加密机制的研究, 研究结果:在特定情况下,可以解密 iMessage 消息的图片和视频, Blog︰ https://t.co/UjFqt60Tr3 火山唇边的舞蹈: Chosen Ciphertext Attacks on Apple iMessage - Paper:︰ https://t.co/hZSmeKPn0H"
-
[ Linux ] Intel memory protection extensions( intel mpx ) for linux - https://01.org/blogs/2016/intel-mpx-linux #mpx #intel #linux
"Linux 应用程序如何使用 Intel MPX(内存保护扩展): https://t.co/O6Fb3JFR1f "
-
[ Malware ] Malware Word Search: Identifying Angler’s Dictionary http://blogs.cisco.com/security/talos/malware-word-search-identifying-anglers-dictionary
"识别 Angler EK 的 URL 生成器词典, 来自 Talos Blog: https://t.co/i1T8vsJ4S2"
-
[ Malware ] Let's Analyze: Dridex (Part 1) http://www.malwaretech.com/2016/03/lets-analyze-dridex-part-1.html
"MalwareTech Blog 对 Dridex 的分析(Part 1): https://t.co/9p7nB1l1Xr"
-
[ Malware ] Looking at a CryptoWall Drop http://sketchymoose.blogspot.com/2016/03/looking-at-cryptowall-drop.html
"CryptoWall Dropper 分析, Blog: https://t.co/fid6Tq95rF"
-
[ Malware ] Locky’s JavaScript downloader https://blog.avast.com/lockys-javascript-downloader
"Avast Blog 对 Locky 的 JavaScript 下载器的分析: https://t.co/Td5lFaBSq2"
-
[ Malware ] Teslacrypt Spam Campaign: “Unpaid Issue…” https://blog.malwarebytes.org/intelligence/2016/03/teslacrypt-spam-campaign-unpaid-issue/
"Teslacrypt 勒索软件也用迷惑性的邮件传播自己,邮件主题是 '...未支付问题...' , 来自 MalwareBytes: https://t.co/HyJhEQLEWy"
-
[ Malware ] Release the Hydra: Umbra Loader With Tor Support https://www.recordedfuture.com/umbra-loader-tor-support/
"Hydra Botnet 恶意代码发布更新, 其中的 Umbra 加载器开始支持 TOR: https://t.co/ADq3cTZWwN"
-
[ Malware ] New Family of Ransom Locker Found, Uses TOR Hidden Service http://www.cyphort.com/new-family-of-ransom-locker-found-uses-tor-hidden-service/
"Cyphort 最近发现了一个新勒索软件家族, 该勒索软件使用 TOR 隐藏服务: https://t.co/ydfKStFnLE"
-
[ Malware ] #Unit42 finds #Locky #ransomware installed through nuclear exploit kits http://bit.ly/1RdRYxS
"通过 Nuclear Exploit Kit 安装的 Locky 勒索软件, 来自 Palo Alto Blog: https://t.co/0AvEO9TnXX"
-
[ Malware ] Stop Scanning My Macro: Interesting downloader techniques used to evade signature-based detection https://www.fireeye.com/blog/threat-research/2016/03/stop_scanning_mymac.html #DFIR #malware
"别再扫我的宏了 - FireEye 在最近的 Dridex 样本的下载器中发现了两个有趣的逃逸技术:修改附件文件类型和修改恶意代码逻辑的位置: https://t.co/T90FobADjN "
-
[ Network ] Both dnscrypt and randomdns (https://github.com/pwnsdx/RandomDNS) are great, but ISPs can still see website names via TLS SNI and IP correlation.
"RandomDNS - 用于提高 Dnscrypt 协议安全性、隐私性和匿名性的工具,该工具会在运行时动态选择服务器, Github Repo: https://t.co/wvP4K0AWfy"
-
[ Operating System ] Just pushed the #QNX security auditing scripts. https://github.com/alexplaskett/QNXSecurity There's firmware and attack surface analysis scripts, fuzzers, etc.
" QNX 操作系统安全性分析工具, 包括攻击界面分析脚本、 IPCFuzz、 MsgFuzz 等工具, 前几天推送过一篇 关于 QNX 的 MWR Labs 的 Paper, Github Repo: https://t.co/1tw9QpnUuP "
-
[ Others ] Yahoo Deploys Passwordless Account Key Tool http://threatpost.com/yahoo-deploys-passwordless-account-key-tool/116892/
"雅虎推出无密码的密钥工具, 无需密码即可登陆: https://t.co/2xtNcMvbs0 雅虎 Blog: https://yahoo-security.tumblr.com/post/141266516770/kill-your-password-with-yahoo-account-key "
-
[ ReverseEngineering ] Reverse Engineering An Obsolete Security System - http://bit.ly/1Ovnrv0 https://t.co/61VnnFoGSv
"用 RTL-SDR 逆向 Vintage 无线键盘: http://fatsquirrel.org/oldfartsalmanac/random/reverse-engineering-a-vintage-wireless-keypad-with-an-rtl-sdr/ "
-
[ Tools ] Nmap v7.10 Released , Added 12 NSE scripts and more ~ http://www.toolswatch.org/2016/03/nmap-v7-10-released/
"Nmap 扫描器更新 7.10 版本, 增加了 12 个 NSE 脚本, 详细的更新说明: https://t.co/F7sVjzoo8P"
-
[ Tools ] Released new version of the Shodan Python library (1.5.1), includes improved error messages: http://shodan.readthedocs.org/en/latest/
"Shodan 搜索引擎 Python 库官方文档 ︰ https://t.co/czrtQIguzR"
-
[ Tools ] EhTrace : a tool for tracing execution of binaries on Windows : https://github.com/K2/EhTrace cc: @ capstone_engine
"EhTrace ︰Windows 系统二进制可执行文件 Trace 工具, Github Repo ︰ https://t.co/pFZwMs9ke7 "
-
[ Web Security ] Troy Hunt: Understanding CSRF, the video tutorial edition http://www.troyhunt.com/2016/03/understanding-csrf-video-tutorial.html
"理解 CSRF, 视频教程版: https://t.co/o8DQ8CsY6m"
-
[ Windows ] Exploiting MS16-032 without ROP gadget in sight. https://googleprojectzero.blogspot.de/2016/03/exploiting-leaked-thread-handle.html
"如何利用二次登录服务(Secondary Logon)泄露的线程句柄获取 SYSTEM 权限,而且不依赖内存破坏,也无需 ROP(MS16-032), 来自 Project Zero Blog: https://t.co/ZnJCBxhrOb Issue 687: https://bugs.chromium.org/p/project-zero/issues/detail?id=687&redir=1 "
