腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Attack ] WoSign Incidents Report https://www.wosign.com/report/wosign_incidents_report_09042016.pdf
" WoSign 收到了来自 Mozilla 的邮件通知,关于 3 个与 WoSign 有关的应急事件。来自 WoSign 的应急响应报告: https://t.co/Mh5brjxXJb"
-
[ Crypto ] Version intolerance and TLS 1.3 https://www.int21.de/slides/berlinsec-versionintolerance/ slides for @ BerlinSec
" TLS 1.3 版本的安全性分析,来自 BerlinSec 会议: https://t.co/YUsHwtIQe9 "
-
[ iOS ] PEGASUS iOS Kernel Vulnerability Explained - Part 2 http://sektioneins.de/en/blog/16-09-05-pegasus-ios-kernel-vulnerability-explained-part-2.html
" PEGASUS iOS 内核漏洞分析(Part 2): https://t.co/M4jgyokhQT"
-
[ Linux ] The classic Unix Text Processing book is now a free download from @ OReillyMedia http://www.oreilly.com/openbook/utp/
" Unix 文本处理(电子书): https://t.co/I0SeIVXjCl "
-
[ MachineLearning ] Our slides from the .@ fsfe summit are here! http://slides.com/eldraco/stratosphere-fsfe "Stratosphere Project: Free Software Machine Learning to protect NGOs"
" 利用机器学习的方法保护非政府组织: https://t.co/Vyw3wxk9RR "
-
[ Malware ] Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems/
" Pokémon 主题的 Umbreon Linux Rootkit: https://t.co/Z76FCaWExi"
-
[ Network ] I’ve been running a @ torproject exit node for about 8 months. Here’s the story of how it went: https://blog.daknob.net/running-a-tor-exit-node-for-fun-and-e-mails/
" Running a Tor Exit Node for fun and e-mails︰ https://t.co/3MOaY8raQP"
-
[ Popular Software ] [ASA-201609-3] thunderbird: arbitrary code execution https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html #archlinux #security
" 邮件客户端 Thunderbird 刚刚修复了两个 Critical 级别的任意代码执行漏洞: https://t.co/FfNDDxalum "
-
[ SecurityProduct ] [local] - FortiClient SSLVPN 5.4 - Credentials Disclosure: FortiClient SSLVPN 5.4 - Credentials Disclosure http://bit.ly/2bVWq7V
" FortiClient SSLVPN 5.4 版本密钥泄漏漏洞,通过搜索内存的方法可以找到密钥: https://t.co/a4hUG0Re2W"
-
[ Tools ] KNXmap: A KNXnet/IP Scanning and Auditing Tool https://www.insinuator.net/2016/09/knxmap-a-knxnetip-scanning-and-auditing-tool/
"KNXmap - IP 扫描和审计工具: https://t.co/rpKSA6cppi"
-
[ Tools ] DBPwAudit – Database Password Auditing Tool http://www.darknet.org.uk/2016/09/dbpwaudit-database-password-auditing-tool/
"DBPwAudit — 支持多个数据库引擎的密码质量审计工具: https://t.co/DCJt3WUsFi"
-
[ Vulnerability ] PoC is now live - https://www.exploit-db.com/exploits/40332/ #NoDoSPoCs #MakePoCsGreatAgain
" Belkin F9K1122v1 1.00.30 缓冲区溢出 Exploit: https://t.co/l5A8GqqwNI "
-
[ Web Security ] G'day #HITBGSEC! We pay you $200,000 USD for a RCE on Microsoft Outlook web page. Details at https://www.zeronomi.com/campaigns.html #exploit #0day #CommSec
" Zeronomicon 愿意支付 20 万美元购买 Outlook Web 版本(OWA) 的 RCE 漏洞: https://t.co/IbG7rs50wt "
-
[ Web Security ] How I hacked your CFP http://haxx.ml/post/149975211631/how-i-hacked-your-cfp-and-probably-some-other
"我是如何黑掉你的 CFP(会议提交系统)的: https://t.co/oUXIIczBK5"