腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/05/06

McAfee Labs @McAfee_Labs

[ Android ] We uncovered a campaign of Android/Clicker.G in dozens of malicious apps on #GooglePlay: http://intel.ly/26Vd6kC https://t.co/SXcxV86Mec

" McAfee 研究团队在 GooglePlay 中发现了一种新的恶意软件 - Android/Clicker.G，其攻击的目标为俄罗斯用户: https://t.co/QuckytVlVM https://t.co/SXcxV86Mec"
Nikolaos Chrysaidos @virqdroid

[ Android ] A Study of Android Malware Detection Techniques and Machine Learning - http://ecommons.udayton.edu/cgi/viewcontent.cgi?article=1015&context=maics

"Android 恶意软件检测技术与机器学习研究 Paper，来自美国辛辛纳提大学： https://t.co/F1Tv2H6rpE"
Nicolas Krassas @Dinosn

[ Android ] War of the Worlds - Hijacking the Linux Kernel from QSEE http://bits-please.blogspot.com/2016/05/war-of-worlds-hijacking-linux-kernel.html

"世界大战 - 从 QSEE 中劫持 Linux 内核： https://t.co/tjzAfMyT4p"
Copperhead @CopperheadSec

[ Android ] Android N media stack hardening (-fsanitize=integer in trapping mode and split up + better sandboxed mediaserver): https://android-developers.blogspot.ca/2016/05/hardening-media-stack.html.

"Android N 加固多媒体栈，防御漏洞利用: https://t.co/LqFFftUgpJ。"
Dimitris Glynos @dfunc

[ Android ] CENSUS advisory & details for CVE-2016-0842 (Android stagefright ih264d_read_mmco_commands OOB write) https://census-labs.com/news/2016/05/04/libstagefright-ih264d-read-mmco-commands-overflow/ by @ anestisb

"Android stagefright libavc H.264 decoder 内存越界写漏洞（CVE-2016-0842）： https://t.co/YupH9uGoXu "
FireEye @FireEye

[ Android ] Exploiting CVE-2016-2060 on Qualcomm devices http://bddy.me/21A5ujD #mobile #Android https://t.co/BYzDxJKSkm

" Android 高通 netd 守护进程缺乏对参数的校验，存在本地提权漏洞（提权至 radio 用户权限）（CVE-2016-2060），来自 FireEye Blog： https://t.co/ILk70XE1jW https://t.co/BYzDxJKSkm"
securxcess @securxcess

[ Attack ] Hacker collects 272m email addresses and passwords, some from Gmail http://flip.it/qKnQ9

"黑客收集了 2.72 亿的邮箱账户和密码，其中一部分来自 Gmail： https://t.co/Urw5uimP2D"
HD Moore @hdmoore

[ Attack ] The DBIR’s ‘Forest’ of Exploit Signatures http://blog.trailofbits.com/2016/05/05/the-dbirs-forest-of-exploit-signatures/ via @ trailofbits

"数据泄露报告的攻击签名森林： https://t.co/CjImeJruBP"
jsoo @_jsoo_

[ Debug ] Debugging Node.js apps using core dumps - https://reaktor.com/blog/debugging-node-js-applications-using-core-dumps/

"基于 Core Dumps 调试 Node.js 应用： https://t.co/bZMTVvz4b7"
Binni Shah @binitamshah

[ Exploit ] Introduction to Win32 Shellcode Using Visual Studio's Compiler : http://winternl.com/2016/05/02/hello-world/

"用 Visual Studio 的编译器写 Win32 Shellcode 简介︰ https://t.co/JZNJCDXsIC"
Nicolas Krassas @Dinosn

[ Linux ] Linux (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps https://cxsecurity.com/issue/WLB-2016050015

"Linux (Ubuntu 16.04) 在使用 BPF Maps 时引用计数溢出： https://t.co/z57Dh3xYmw Project Zero Issue 809： https://bugs.chromium.org/p/project-zero/issues/detail?id=809 "
Binni Shah @binitamshah

[ Malware ] Petya : the two-in-one trojan : https://securelist.com/blog/research/74609/petya-the-two-in-one-trojan/ https://t.co/JLx1tyODLH

"Petya - 二合一木马，来自 Kaspersky Blog 对 Petya 木马的分析︰ https://t.co/axAixuq1VW https://t.co/JLx1tyODLH"
PhysicalDrive0 @PhysicalDrive0

[ Malware ] Sophisticated New Packer Identified in CryptXXX Ransomware Sample https://www.sentinelone.com/blogs/sophisticated-new-packer-identified-in-cryptxxx-ransomware-sample/

"CryptXXX 勒索软件用一种新的 Packer 来保护自己，来自 Sentinelone Blog 对这个新壳的分析： https://t.co/JLg9OGaCgq"
Piotr Kijewski @piotrkijewski

[ MalwareAnalysis ] Looking for code similarities between malware binaries - a case study of Regin & Qwerty https://hal.inria.fr/hal-01263123/document

"寻找恶意软件二进制代码中的相似性，方便做溯源分析， Paper： https://t.co/56JhMfWiXc "
Nicolas Krassas @Dinosn

[ MalwareAnalysis ] PDF/XDP Malware Reversing http://cerbero-blog.com/?p=1612

"利用 Cerbero Profiler 逆向 PDF/XDP 恶意样本： https://t.co/1cjGiMjMFU"
Zachary Cutlip @zcutlip

[ NetworkDevice ] Here’s a CSRF PoC that levels up LAN-only vulns to WAN-exploitable on Netgear routers. https://github.com/zcutlip/exploit-poc/tree/master/netgear/r6200/addportmapping-csrf

" Netgear R6200 路由器端口映射 CSRF 漏洞： https://t.co/jHi6PliOHr"
juraj somorovsky @jurajsomorovsky

[ OpenSourceProject ] My OpenSSL bug (CVE-2016-2107) provides a direct padding oracle, not a timing oracle as many claim. Updated my post: http://web-in-security.blogspot.de/2016/05/curious-padding-oracle-in-openssl-cve.html

"OpenSSL Padding Oracle Bug (CVE-2016-2107)的作者写了一篇分析 Blog︰ https://t.co/QhIJmtYJOL"
dragosr @dragosr

[ Others ] Lede Project, OpenWRT reboot https://goo.gl/q5zRh9

"Lede 项目（Linux 嵌入式开发环境）， OpenWRT 社区重新启动： https://t.co/tARTaSDZGR"
Intel Software Feed @intelswfeed

[ Others ] Introduction to Intel® SGX Sealing http://ift.tt/1X9hckS #TECH #IamIntel #Intel

"Intel SGX Sealing 保护技术介绍： https://t.co/fcBY5v5jKr "
Nicolas Krassas @Dinosn

[ Others ] WordPress Redirect Hack via http://Test0.com/Default7.com https://blog.sucuri.net/2016/05/wordpress-redirect-hack-test0-default7.html

"WordPress 重定向跳转攻击（Test0.com/Default7.com）： https://t.co/b06XAmPFWa"
E.Law @libNex

[ Others ] Writeup on exploiting a double-free in PHP double-link-list by manipulating the small heap allocator. http://www.libnex.org/blog/doublefreeinstandardphplibrarydoublelinklist #CVE-2016-3132

"PHP 7.0.4 双向链表 Double-Free 漏洞的利用（CVE-2016-3132）： https://t.co/MaxAODmuBX "
Nicolas Krassas @Dinosn

[ Others ] Reverse Engineering Sneaker Bots – Stealing Your New Shoes https://blog.perimeterx.com/sneaker-bots/

"Sneaker Bots — 窃取你的新鞋， Sneaker Bots 是一个软件集合，可以帮你自动化地完成运动鞋购买流程： https://t.co/jZhafzOA8l"
Nicolas Krassas @Dinosn

[ Others ] High-severity Vulnerability in Squid Proxy Server Allows Cache Poisoning http://blog.ptsecurity.com/2016/05/squoison-attack-high-severity.html

"Squid 代理服务器存在高危漏洞，允许缓存投毒攻击： https://t.co/mPQa192XT4 "
Paul Stone @pdjstone

[ Others ] Read how I accidentally stalked someone with Bluetooth LE http://www.contextis.com/resources/blog/bluetooth-le-increasingly-popular-still-not-very-private/

"Bluetooth LE（低功耗蓝牙）越来越流行，但在保护用户隐私方面做的一直不够： https://t.co/YIC4NQ8xCu"
Binni Shah @binitamshah

[ Pentest ] Meterpreter Cheat Sheet : https://scadahacker.com/library/Documents/Cheat_Sheets/Hacking%20-%20Meterpreter%20Cheat%20%20Sheet.pdf (pdf)

"两张图介绍 Meterpreter 的命令︰ https://t.co/gFXJcn7UtT "
Deral Heiland @Percent_X

[ Pentest ] A followup on my blog on SNMP best practices - How to leverage SNMP during pen testing https://community.rapid7.com/community/services/blog/2016/05/05/snmp-data-harvesting-during-penetration-testing @ rapid7

"渗透测试时该如何运用 SNMP 协议： https://t.co/ymHHbEBg2u "
A. Hacker @armitagehacker

[ Popular Software ] Using CA Process Automation to Get Command Execution as SYSTEM https://securityriskadvisors.com/blog/post/using-ca-process-automation-to-get-command-execution-as-system/ // "Designer for the win". Indeed.

"通过 CA 过程自动化工具实现 SYSTEM 权限命令执行： https://t.co/vwfUDCG1EW "
Rob Winch @rob_winch

[ Tools ] #SpringSecurity 4.1 GA released! Config improve, CSP, HPKP, AngularJS, Path Vars, meta annotation, … https://spring.io/blog/2016/05/05/spring-security-4-1-0-released #spring #javaee

"SpringSecurity 更新 4.1 版本， SpringSecurity 是一款基于 Spring、为企业应用提供访问控制的安全框架： https://t.co/YeUBwobtiK "
Internet of Unicorns @dan_crowley

[ Tools ] FeatherDuster is public! https://github.com/nccgroup/featherduster

"FeatherDuster - NCC Group 开源的一个加密破坏工具： https://t.co/D0XPV2mU45"
Binni Shah @binitamshah

[ Tools ] injector : command-line interface dll injector : https://code.google.com/archive/p/injector/

"Injector - DLL 注入工具，在命令行实现对目标进程的注入︰ https://t.co/nDsE1NGQPI"
Matt Graeber @mattifestation

[ Windows ] Developing PowerShell Cmdlets for Nano Server using the PowerShell Core SDK https://blogs.msdn.microsoft.com/powershell/2016/05/04/developing-powershell-cmdlets-for-nano-server-using-the-powershell-core-sdk/

"基于 PowerShell Core SDK，为 Nano Server 开发新的 Cmdlets： https://t.co/jPHEgcDCJ9 "

2016/05/06