腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Attack ] Hacker Compromises Fosshub to Distribute MBR-Hijacking Malware http://news.softpedia.com/news/hacker-compromises-fosshub-to-distribute-mbr-hijacking-malware-506932.shtml
"黑客攻破 Fosshub 下载站,注入劫持 MBR 的恶意软件,来自 SoftPedia 的报道: https://t.co/JpyRglOPc8"
-
[ Browser ] Addressbar spoofing with right-to-left characters on Firefox for Android (FIXED) - CVE-2016-5267 https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/ #infosec
" Android 版本 Firefox 的一个地址栏欺骗漏洞(CVE-2016-5267),与从右到左书写的字符有关: https://t.co/gG4skVznCu 另外 Firefox 昨天发布 48 版本,终于开始启用多进程模型: https://www.mozilla.org/en-US/firefox/48.0/releasenotes/ 同时 48 版本也修复了多个漏洞: https://www.mozilla.org/en-US/security/advisories/ "
-
[ iOS ] #BHUSA Slides for KeenLab's talk today: http://www.slideshare.net/LiangChen13/us-16subverting-applegraphicspracticalapproachestoremotelygainingrootchenhegrassifu @ flanker_hqd @ marcograss @ fuyubin1993
" 攻破苹果的图形处理 - 远程夺取 Root 权限,来自科恩实验室陈良刚刚在 BlackHat 的演讲︰ https://t.co/f5AF46XeDp "
-
[ macOS ] Introducing FlockFlock: File Access Enforcement for macOS http://www.zdziarski.com/blog/?page_id=6171 https://t.co/XgTytZFNXl
" FlockFlock - macOS 系统的一个文件访问控制工具: https://t.co/2nBiwGoBDK "
-
[ Malware ] #Ransomware Recap: New Versions and Descendants of Past Families Emerge in July http://bit.ly/2aSR0IN
" 7 月份的勒索软件新变种和新版本动态,来自 TrendMicro: https://t.co/4h6C66AkF4"
-
[ OpenSourceProject ] LibreSSL 2.4.2 is now the stable version. support for 2.2.x ends. http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.4.2-relnotes.txt
"LibreSSL 库发布 2.4.2 稳定版: https://t.co/pil4DqvlPw"
-
[ Others ] New blog post: Remote code execution on http://signout.live.com (with additional Adobe Experience Manager CVE). http://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
" 微软 signout.live.com 网站的远程代码执行漏洞: https://t.co/As1lR34ZI1"
-
[ Others ] Server-Side Template Injection with Tplmap on Nunjucks Template Engine http://disse.cting.org/2016/08/02/2016-08-02-sandbox-break-out-nunjucks-template-engine
" Nunjucks 模板引擎的沙箱逃逸: https://t.co/bO0lHsHfHw "
-
[ Protocol ] A “quick” guide to QUIC http://blogs.cisco.com/security/a-quick-guide-to-quic
" Cisco 对 QUIC 协议以及相关安全问题的介绍: https://t.co/xbuYXsR4U5 "
-
[ SCADA ] [Report] FEYE iSIGHT Intel identified ~1,600 publicly disclosed #ICS vulns since 2000 http://bddy.me/2asUO2T #BHUSA https://t.co/gpPTdXFRqS
" 来自 FireEye 的工控安全漏洞分析报告,对近 15 年的 1552 个漏洞的分析总结: https://www2.fireeye.com/industrial-control-systems-vulnerability-trend-report-2016.html?utm_source=TWC&utm_medium=social&utm_campaign=icstrendreport "
-
[ Tools ] Public release of FakeNet-NG - Next Generation Dynamic Network Analysis Tool #Malware #Reversing #FakeNet #FLARE https://github.com/fireeye/flare-fakenet-ng
" FakeNet-NG - FireEye 开源的一个动态网络分析工具: https://t.co/M8lY9ZiE91"
-
[ Tools ] UniAna - Analysis PE file or Shellcode (Only Windows x86). Based on Unicorn, Capstone, pefile. https://github.com/dungtv543/Dutas
"UniAna - 基于 Unicorn/Capstone 的一个 PE/Shellcode 分析工具: https://t.co/Tya7JZ0MGc"
-
[ Tools ] PINdemonium - A pintool in order to unpack malware https://github.com/Seba0691/PINdemonium
"PINdemonium - 专门用于分析恶意软件的插桩工具: https://t.co/WktVfwbGhk"
-
[ Windows ] wow, top 30 for MSRC :) https://t.co/7WyyGHOywP
" 2016 年的微软 MSRC Top 100 榜单: https://t.co/7WyyGHOywP"
-
[ Windows ] Slides from @ PyroTek3 at #BHUSA2016 (while waiting for video...) https://adsecurity.org/?p=2981
" BlackHat 2016 的演讲《Beyond the MCSE: Active Directory for the Security Professional》 PPT: https://t.co/Tznb0HRd46"
