腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Android 7.1 feature spotlight: A closer look at seamless updates, partition changes, and new fastboot commands… https://t.co/fK1t8v6aAD
-
[ Android ] Disassembling a Mobile Trojan Attack https://securelist.com/blog/research/76286/disassembling-a-mobile-trojan-attack/
" 卡巴斯基对一次手机木马攻击的剖析: https://t.co/0G7zshwQ70"
-
[ Android ] Crashing Android devices with large Proxy Auto Config (PAC) Files [CVE-2016… https://goo.gl/fb/CMfoo6 #FullDisclosure
"使用大的 PAC 文件导致 Android 设备崩溃: https://t.co/18b9dUjNqi "
-
[ Browser ] WebKit is removing Battery API: https://trac.webkit.org/changeset/208303 Previously, Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 Chrome issue:… https://t.co/bTtR9FwF1y
" WebKit 正在移除电池相关的 API: https://t.co/fYrouTdmYd 之前 Firefox 浏览器也禁用了相关代码︰ https://t.co/0hM87z2rby Chrome 也一样: https://t.co/bTtR9FwF1y"
-
[ Firmware ] [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer… https://goo.gl/fb/GdzhKE #FullDisclosure
"Dlink DIR routers HNAP 登陆缓冲区溢出漏洞: https://t.co/zCJC0g02mE "
-
[ Industry News ] MS16-135 fixes Win32k LPE vuln CVE-2016-7255 that has been exploited ITW by Sednit/STRONTIUM for sandbox bypass https://t.co/gTOGOcx3Hq
"Microsoft 发布了安全更新,此更新中修复了多个漏洞,包括之前被 Sednit/STRONTIUM 利用的 Win32k LPE 漏洞(CVE-2016-7255): https://technet.microsoft.com/library/security/MS16-135 本月的补丁摘要: https://technet.microsoft.com/en-us/library/security/ms16-nov.aspx ; 漏洞致谢信息: https://technet.microsoft.com/library/security/mt674627.aspx "
-
[ iOS ] iOS WebView phone auto dial bug: https://www.mulliner.org/blog/blosxom.cgi/security/ios_webview_auto_dialer.html Twitter and LinkedIn iOS apps vulnerable #nomorefreebugs
"iOS WebView 自动拨号的 Bug: https://t.co/VgoG0ZvzLU "
-
[ iOS ] Analysis of iOS.GuiInject Adware Library by @ noarfromspace : https://sentinelone.com/blogs/analysis-ios-guiinject-adware-library/
" SentinelOne 对 iOS.GuiInject 广告软件库的分析︰ https://t.co/e7SjXtpZ1O"
-
[ iOS ] iOS Application Security Review Methodology : http://research.aurainfosec.io/ios-application-security-review-methodology/
"iOS 应用程序安全审查方法︰ https://t.co/Eb3EjBWwtO"
-
[ Malware ] Cerber ransomware is now targeting databases. Read more about our research: http://bit.ly/2fXDSqp https://t.co/55lBWs5iNz
"Cerber 恶意软件现在将目标锁定为公司数据库︰ http://www.itproportal.com/news/cerber-ransomware-has-begun-to-target-databases/?sf41628169=1"
-
[ Malware ] Svpeng Android Banking Trojan Delivered via a Google Chrome Bug http://bestsecuritysearch.com/svpeng-android-banking-trojan-delivered-via-google-chrome-bug/
"Svpeng Android 银行木马通过 Google Chrome 传播: https://t.co/vNorv8UPc6"
-
[ Malware ] .#TrickBot banking Trojan adds customized redirection attacks to its capabilities. https://threatpost.com/trickbot-banking-trojan-adds-new-browser-manipulation-tools/121859/
"TrickBot 银行木马在不断扩大其目标范围的同时还添加了新技术: https://t.co/Ly4BpUwZ7d"
-
[ MalwareAnalysis ] A note about Sednit rootkit http://artemonsecurity.blogspot.com/2016/11/a-note-about-sednit-rootkit.html
"A note about Sednit rootkit: https://t.co/F099E4SZZ1 "
-
[ MalwareAnalysis ] Mirai botnet unlikely to have an impact on election results. New Heisenberg Cloud research: http://r-7.co/2fBXUTi
"追踪 Mirai Botnet︰ https://t.co/ORVJQTKSQb"
-
[ MalwareAnalysis ] Technical analysis of the Locker virus on mobile phones http://securityaffairs.co/wordpress/53194/malware/analysis-mobile-locker-virus.html
"对于手机上 Locker virus 的分析: https://t.co/f9RrkiYcKO"
-
[ OpenSourceProject ] Analysis of ISC BIND DNAME Answer Handling DoS (CVE-2016-8864) http://blog.fortinet.com/2016/11/08/analysis-of-isc-bind-dname-answer-handling-dos-cve-2016-8864
" BIND 服务在处理 DNAME 响应时存在拒绝服务漏洞(CVE-2016-8864): https://t.co/5mkMdukRjO "
-
[ Others ] Android Extensions sound interesting http://arstechnica.com/gadgets/2016/11/android-extensions-could-be-googles-plan-to-make-android-updates-suck-less/
" 'Android Extensions' 看起来像是 Google 让 Android 更新不再那么难受的一个计划: https://t.co/SvSTqRcK75"
-
[ Others ] Slides (and soon, code) for my recent talk on automated shellcode generation with encoding restrictions: http://www.msreverseengineering.com/blog/2016/11/8/synesthesia-modern-shellcode-synthesis-ekoparty-2016-talk
"SYNESTHESIA: Modern Shellcode Synthesis,来自 EKOPARTY 2016 上的演讲︰ https://t.co/GuSyEHA1CH"
-
[ Others ] A Formal Security Analysis of the Signal Messaging Protocol : https://eprint.iacr.org/2016/1013.pdf (pdf)
"关于 Signal 消息协议安全性的分析︰ https://t.co/Tns1MEtgms "
-
[ Pentest ] WAFNinja - Penetration testers favorite for WAF Bypassing https://goo.gl/fyfjSD #CLI #Cookies #Fuzzing https://t.co/CKncKgpPV4
"WAFNinja -- 帮助渗透测试人员绕过 WAF 的工具: http://www.kitploit.com/2016/11/wafninja-penetration-testers-favorite.html?utm_source=dlvr.it&;utm_medium=twitter"
-
[ Popular Software ] Stored Cross-Site Scripting vulnerability in 404 to 301 WordPress Plugin https://goo.gl/fb/J7bd6U #FullDisclosure
"WordPress 插件存在存储型 XSS 漏洞: https://t.co/tGnueEFBbT"
-
[ Popular Software ] Adobe fixes 9 Flash Player code execution vulnerabilities reported by researchers through Zero-Day Initiative (ZDI) https://t.co/2ZJ8p5NzAD
"Adobe 修复了 9 个 ZDI 报告的 Flash Player 漏洞: https://t.co/2ZJ8p5NzAD Adobe 安全公告: https://helpx.adobe.com/security/products/flash-player/apsb16-37.html"
-
[ Popular Software ] Piwik 2.16.0 PHP Object Injection https://packetstormsecurity.com/files/139603/KIS-2016-13.txt
"Piwik 2.16.0 PHP 对象注入漏洞: https://t.co/xpJHnfPDqQ"
-
[ ThreatIntelligence ] APT Group Mapping > malware mapping sheet > download as xlsx/ods > still looking for contributors… https://t.co/QkIKWOQvbQ
"APT Groups and Operations: https://t.co/QkIKWOQvbQ"
-
[ Tools ] idasec - IDA plugin for reverse-engineering and dynamic interactions with the Binsec platform https://github.com/RobinDavid/idasec
"idasec -- 一个基于 Binsec platform 的 IDA 插件: https://t.co/ZBTjEvH3fV"
-
[ Web Security ] HeadlessBrowsers : A list of (almost) all headless web browsers in existence : https://github.com/dhamaniasad/HeadlessBrowsers
"HeadlessBrowsers : A list of (almost) all headless web browsers in existenc ︰ https://t.co/ciujN858dh"
-
[ Windows ] On Windows Syscall Mechanism and Syscall Numbers Extraction Methods : https://www.evilsocket.net/2014/02/11/on-windows-syscall-mechanism-and-syscall-numbers-extraction-methods/ cc @ evilsocket
"Windows 系统调用机制和系统调用号提取方法︰ https://t.co/TTeyOymCWE "
-
[ Windows ] Demystifying the Windows Firewall from #MSIgniteNZ - including intro to 'identity based firewall rules' : https://t.co/XtMh5toRmM
"解密 Windows 防火墙︰ https://t.co/XtMh5toRmM"
-
[ Windows ] MS16-137 PoC: https://github.com/lgandx/PoC/tree/master/LSASS Search for "Bug" in Lsass-remote.py file for technical details ;)
"今天修复的 MS16-137 漏洞的 PoC: https://t.co/02jVL09Oo4 "
-
Xuanwu Spider via FreeBuf[ Web Security ] OAuth2.0部署不当,数十亿Android App账户存泄露风险 : http://www.freebuf.com/news/119308.html
-
Xuanwu Spider via 上海交大 GoSSIP
[ Detect ] TypeSan: Practical Type Confusion Detection(实用型的类型混淆检测): https://loccs.sjtu.edu.cn//gossip/blog/2016/11/08/2016-11-08/
-
Xuanwu Spider via Seebug
[ Windows ] 经典内核漏洞调试笔记(win32k.sys 的 CVE-2014-4113): http://paper.seebug.org/102/
-
Xuanwu Spider via 蒸米spark 的微博
[ Mac OS X ] OS X BSD System Calls Reference: https://sigsegv.pl/osx-bsd-syscalls/ OS X MACH Traps Reference: https://sigsegv.pl/osx-mach-traps/
-
Xuanwu Spider via CSS
[ Conference ] 第二届互联网安全领袖峰会今日召开: http://www.thecss.cn/agenda.html 来自 FreeBuf 的直播(视频和图文): http://www.freebuf.com/live?id=119355