腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/09/07

iarce @4Dgifts

[ Android ] This SafetyNet presentation from Android Security bootcamp is worth a read http://static.googleusercontent.com/media/source.android.com/en//security/reports/Android-Bootcamp-2016-SafetyNet.pdf https://t.co/eIeAoak73E

" Android 2016 安全训练营关于 SafetyNet 的一篇演讲： https://t.co/bkdUabp5hD "
Pau Oliva @pof

[ Android ] Harvesting Inconsistent Security Configurations in Custom Android ROMs via Differential Analysis - [PDF] https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_aafer.pdf

" 通过差分分析的方法分析 Android 定制化带来的安全问题： https://t.co/NkUNyWg2y3"
Zuk @ihackbanme

[ Android ] Android Sep' update https://source.android.com/security/bulletin/2016-09-01.html: 3 RCE (libutils, mediaserver) 34 LPE 7 Infoleak: (w/ mediaserver!) 10 DoS PATCH NOW! Oh wait...

"Android 发布 9 月份补丁公告： https://source.android.com/security/bulletin/2016-09-01.html "
CopperheadOS @CopperheadOS

[ Android ] The Exif vulnerability doesn't impact Android Nougat because Google already replaced that native library with Java: https://android.googlesource.com/platform/frameworks/base/+/bf24c9fcb3e66b25c90c0cd51f8bf4f401f6c3d6.

"Exif 的漏洞不会再影响 Android Nougat 版本，因为 Google 已经用 Java 代码替换了原来的 Native 代码︰ https://t.co/ffxp1WFwNG "
Claud Xiao @claud_xiao

[ Android ] There was an issue of libjhead crash on Android: https://code.google.com/p/android/issues/detail?id=207230 No idea whether it's related with CVE-2016-3862 @ timstrazz

" Android libjhead 的一个 Crash，不确定是不是和 CVE-2016-3862 有关︰ https://t.co/bIDb26KWVy "
Nicolas Krassas @Dinosn

[ Browser ] Stealing data from Inputs and Textareas in Edge http://www.brokenbrowser.com/grabdatafrominput/

"从 Edge 浏览器的 Inputs 和 Textareas 区域偷数据： https://t.co/H2h4mpVnxm"
Tavis Ormandy @taviso

[ Browser ] Universal XSS in Dashlane, fixed today. Patch was delayed 1 month because Apple denied request to expedite review(!) https://bugs.chromium.org/p/project-zero/issues/detail?id=890

" Dashlane 密码管理器 UXSS 漏洞，来自 Project Zero Issue 890： https://t.co/PAFgQE0vzx"
Zero Day Initiative @thezdi

[ Conference ] Announcing #Mobile #Pwn2Own 2016! Details and info now available. http://bit.ly/2cxJoLX. Complete rules at http://bit.ly/2c1hpVb #MP2O

" Mobile Pwn2Own 2016 将于 10 月底（26、27 日）举办： http://blog.trendmicro.com/presenting-mobile-pwn2own-2016/ 详细的比赛规则： http://zerodayinitiative.com/MobilePwn2Own2016Rules.html "
Luander @luanderock

[ Linux ] Understanding PLT and GOT in dynamic libraries. #reversing https://www.technovelty.org/linux/plt-and-got-the-key-to-code-sharing-and-dynamic-libraries.html

"了解动态链接库的 PLT 和 GOT： https://t.co/hDclSMEOw7"
Forcepoint Labs @ForcepointLabs

[ Malware ] #Dridex in the Shadows - Blacklisting, Stealth and Crypo-Currency http://fc-pt.com/2bUjpCI

" 暗处的 Dridex 木马： https://t.co/0IznIy81Zx"
PHR34K @unpacker

[ Malware ] MMD-0057-2016 - New ELF botnet: Linux/LuaBot http://blog.malwaremustdie.org/2016/09/mmd-0057-2016-new-elf-botnet-linuxluabot.html

"一款新的 Linux/LuaBot Botnet，来自 MalwareMustDie： https://t.co/4Z1vbQ0eTP"
Nicolas Krassas @Dinosn

[ NetworkDevice ] Aruba Networks / Alcatel-Lucent products Private key for browser-trusted certificate embedded https://cxsecurity.com/issue/WLB-2016090031

" Aruba Networks/阿尔卡特-朗讯将证书私钥嵌入到了产品固件中： https://t.co/qVyqexkPFi"
Nicolas Krassas @Dinosn

[ Others ] ZigBee Exploited: The good, the bad and the ugly http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_045_Zillner_ZigBee.pdf

"ZigBee 协议实现的安全性研究，Paper： https://t.co/bi8othbejm"
x0rz @x0rz

[ Others ] HTTP-Over-Protocol (HOP) proxy http://www.acehack.org/hop/ #proxy #VPN

" HTTP-Over-Protocol (HOP) - 支持任何协议的 HTTP 代理： https://t.co/tbGwoyO3GQ "
Project Zero Bugs @ProjectZeroBugs

[ Others ] Android: debuggerd mitigation bypass and infoleak https://bugs.chromium.org/p/project-zero/issues/detail?id=853

" Android: debuggerd mitigation bypass and infoleak，来自 Project Zero Issue 853： https://t.co/GDuj15QM9v"
Zerodium @Zerodium

[ Others ] Adobe re-supports Flash NPAPI for Linux! We pay big bounties for Flash #0days affecting major OS (Win, Linux, Mac). https://blogs.adobe.com/flashplayer/2016/08/beta-news-flash-player-npapi-for-linux.html

" 时隔 4 年， Flash NPAPI for Linux 又开始更新了： https://t.co/THBgkHo8RJ"
Ricardo Bánffy @rbanffy

[ Others ] Rechecking Apache HTTP Server https://lnkd.in/eFN5NWb

" 用 PVS-Studio 分析 Apache HTTP Server： https://t.co/Mlmhdyr2Be"
Nicolas Krassas @Dinosn

[ Others ] Is HTTP Public Key Pinning Dead? https://blog.qualys.com/ssllabs/2016/09/06/is-http-public-key-pinning-dead

" Is HTTP Public Key Pinning Dead？ https://t.co/HECSAPyypv"
▪_0_×_4__1_▪ @CuanticoSec

[ Others ] I spent the weekend chasing details of the X.509 root CA cert used by the Pegasus spyware. My notes & results: https://github.com/CuanticoSec/CuanticoSec.github.io/blob/master/posts/Pegasus_cert_research.md

" Pegasus 监控软件所用的 X.509 根 CA 证书的细节︰ https://t.co/v0wh01MrWb"
Felix Wilhelm @_fel1x

[ Others ] Cisco patched a fun LPE bug I reported in their AnyConnect client: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160824-anyconnect. Similar to bugs by @ crypt0ad and @ tiraniddo.

"Cisco 修复了 AnyConnect 客户端的一个本地提权漏洞︰ https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160824-anyconnect "
Threatpost @threatpost

[ Others ] Embedded devices continue to share private crypto keys at alarming rates. https://threatpost.com/number-of-devices-sharing-private-crypto-keys-up-sharply/120379/

" House of Keys - 据 SEC Consult 的报告称，大量嵌入式设备正以惊人的速度分享加密私钥： https://t.co/JNsAwuJcoP"
Siemens ProductCERT @ProductCERT

[ SCADA ] A new advisory has been published: "SSA-630413: Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact" http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf

" 西门子修复 SIPROTEC 4 和 SIPROTEC 设备的多个漏洞： https://t.co/pfP9CsTZGZ "
Talos Group @TalosSecurity

[ SecurityProduct ] Talos Blog: Vulnerability Spotlight: Kaspersky Unhandled Windows Messages Denial of Service Vulnerability http://tinyurl.com/zkrv37y

" 卡巴斯基 Windows 消息未处理导致的拒绝服务漏洞（CVE-2016-4329），来自 Talos 团队： https://t.co/I6q8Mq07Et"
chris doman @chrisdoman

[ Tools ] Slides from Bsides talk on ThreatCrowd - http://www.slideshare.net/ChristopherDoman/threatcrowd - Youtube video of me mumbling coming later

" ThreatCrowd 搜索引擎： http://www.slideshare.net/ChristopherDoman/threatcrowd "
Ulf Frisk @UlfFrisk

[ Tools ] PCILeech 1.1 released! built in help, new signature format, generic win10 kernel signature. 150MB/s+ DMA attacking! https://github.com/ufrisk/pcileech

"PCILeech - 专门用于攻击 DMA 的工具： https://t.co/KuTVVzZc5j"
Nicolas Krassas @Dinosn

[ Tools ] 8 Awesome Memory Analysis Tools https://hackerlists.com/memory-analysis-tools/

"8 款比较不错的内存分析工具： https://t.co/P8sNgcQ5af"
Matt Graeber @mattifestation

[ Windows ] Introduction to Windows Device Guard: Introduction and Configuration Strategy http://www.exploit-monday.com/2016/09/introduction-to-windows-device-guard.html #DFIR #PowerShell

" Windows Device Guard 介绍及配置策略： https://t.co/wpjAnDxxNA "

2016/09/07