腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Official documentation about Android 7's file-based encryption (FBE) https://source.android.com/security/encryption/file-based.html
" Android 7 基于文件的加密 (FBE) 特性的文档: https://t.co/o7nOFC8wZw "
-
[ Android ] Samsung Android Security Updates for September: http://security.samsungmobile.com/smrupdate.html#SMR-SEP-2016
" 三星发布 9 月份的 Android 漏洞公告︰ https://t.co/DpP12N0h8B"
-
[ Android ] Interesting and very detailed survey about the ELF based #Android #malware http://www.cmcm.com/blog/en/security/2016-09-07/1027.html
" Android ELF 病毒调查报告: https://t.co/hTFABMIVW4"
-
[ Android ] How to: Testing Android Application Security, Part 3 https://blogs.mcafee.com/mcafee-labs/testing-android-application-security-part-3/
"如何测试 Android APP 的安全性 Part 3, 来自 McAfee Blog: https://t.co/ykbmb8fQFM"
-
[ Browser ] . #Chrome to Label Some HTTP Sites ‘Not Secure’ in 2017: https://threatpost.com/chrome-to-label-some-http-sites-not-secure-in-2017/120452/ via @ threatpost
" 2017 年 1 月开始,Chrome 会标记 HTTP 网站为 '非安全',用户导航至 HTTP 网站时将会被提示: https://t.co/8Q2cpdd8pG"
-
[ Malware ] Zepto ransomware now introduces new features to better encrypt your files https://blog.avast.com/zepto-ransomware-now-introduces-new-features-to-better-encrypt-your-files
"Zepto 勒索软件添加新特性,以便更好的加密文件,来自 Avast Blog: https://t.co/7fTyyLy9of"
-
[ Others ] Common Python Vulnerabilities https://access.redhat.com/blogs/766093/posts/2592591
"常见的 Python 代码漏洞: https://t.co/5ORTCkzrt2"
-
[ Popular Software ] [webapps] - Adobe ColdFusion < 11 Update 10 - XML External Entity Injection https://www.exploit-db.com/exploits/40346/
"Adobe ColdFusion 11 之前的版本都存在 XML 实体注入漏洞: https://t.co/7qDKS2MGj8"
-
[ Popular Software ] This week's @ WordPress update resolves a XSS + path traversal vuln - http://bit.ly/2cgIB42
" WordPress 更新 4.6.1 版本,修复了一个 XSS 和一个路径遍历漏洞: https://t.co/O0liIscLRm"
-
[ Popular Software ] [webapps] - Zabbix 2.0 - 3.0.3 - SQL Injection https://www.exploit-db.com/exploits/40353/
"Zabbix 2.0 - 3.0.3 SQL 注入 Exploit: https://t.co/UuopYeaJie"
-
[ Tools ] NCC Group Blog: nOBEX - a tool for #fuzzing #Bluetooth PBAP and MAP clients in automotive infotainment systems -https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/september/introducing-nobex-a-tool-for-testing-bluetooth-phone-and-messaging-profiles/
" nOBEX - NCC Group 开源的一个专门测试蓝牙通讯协议的工具: https://t.co/DHWozBJsQQ"
-
[ Vulnerability ] Xen 4.4 host crash, potential host privilege escalation in EVTCHNOP_init_control hypercall with invalid GFN https://twitter.com/c7zero/status/773901616814567424
" XSA-188 - Xen FIFO 事件通道处理代码中的一个 UAF 漏洞(CVE-2016-7154): https://xenbits.xen.org/xsa/advisory-188.html 昨天 XSA 一下子修复了 4 个 Xen 的漏洞,关于这四个漏洞的简要介绍: http://www.theregister.co.uk/2016/09/08/xen_security_bugs/ "
-
[ Web Security ] Hunting HTML5 postMessage Vulnerabilities : https://www.exploit-db.com/docs/40287.pdf (pdf)
"Hunting HTML5 postMessage Vulnerabilities,HTML 5 提供了两种跨站通信的方法:postMessage 和 CORS︰ https://t.co/sMddKMYI7k "
-
[ Windows ] Using Device Guard to Mitigate Against Device Guard Bypasses http://www.exploit-monday.com/2016/09/using-device-guard-to-mitigate-against.html #DFIR #PowerShell
" 如何通过 Device Guard 解决 Windows 用户态代码完整性检查(UMCI)的绕过问题: https://t.co/OtFTyg2Mi3 "