腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/11/19

Dan Goodin @dangoodin001

[ Android ] Powerful backdoor/rootkit found preinstalled on 3 million Android phones http://arstechnica.com/?p=997125

"预装在 300 万 Android 手机上的后门： https://t.co/XnFroaSM1f"
Carlos Castillo @carlosacastillo

[ Android ] Ragentek Android over-the-air update mechanism vulnerable to Man-in-the-Middle attack https://goo.gl/PV753w

"Ragentek Android over-the-air 机制存在中间人攻击漏洞： https://t.co/PfXgPJyxVn"
Nicolas Krassas @Dinosn

[ Browser ] Microsoft Edge: Heap Overflow in Array.splice https://bugs.chromium.org/p/project-zero/issues/detail?id=934

"Microsoft Edge 浏览器 Array.splice 堆溢出漏洞： https://t.co/8G0XA0vM1V "
Full Disclosure @SecLists

[ Browser ] Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread use… https://goo.gl/fb/Mi0AWd #FullDisclosure

"Microsoft IE 11 iertutil LCIEGetTypedComponentFromThread UAF 漏洞细节： https://t.co/DCWGLKNhwm "
C:\SᴋʏLɪɴᴇᴅ⟩_ @berendjanwever

[ Browser ] #DailyBug #Edge CTextExtractor::GetBlockText OOB read Using a heap-spray trick I developed 10 years ago. http://blog.skylined.nl/20161118002.html

"Microsoft Edge CTextExtractor::GetBlockText OOB read ( CVE-2016-3247) 漏洞细节： https://t.co/KsnQSXwAiM"
Daniel Grzelak @dagrz

[ Cloud ] As promised, slides from @ kiwicon X talk on hacking AWS up at https://github.com/dagrz/aws_pwn/blob/master/miscellanea/Kiwicon%202016%20-%20Hacking%20AWS%20End%20to%20End.pdf

"Hacking AWS End to End，来自 Kiwicon 2016： https://t.co/9nGBuTn9GK"
Binni Shah @binitamshah

[ Fuzzing ] Project Triforce: AFL + QEMU + kernel = CVEs! (or) How to use AFL to fuzz arbitrary VMs : https://github.com/nccgroup/TriforceAFL/blob/master/slides/ToorCon16_TriforceAFL.pdf

"AFL + QEMU + kernel = CVEs! (or) How to use AFL to fuzz arbitrary VMs(PDF): https://t.co/bppigImZ5K TriforceAFL（GitHub）： https://github.com/nccgroup/TriforceAFL "
Full Disclosure @SecLists

[ Hardware ] Huawei Flybox B660 3G/4G Router - Auth Bypass Vulnerability https://goo.gl/fb/Ph7BRs #FullDisclosure

"Huawei Flybox B660 3G/4G Router 认证绕过漏洞： https://t.co/9Nl4wXnqU2 "
TechCrunch @TechCrunch

[ IoTDevice ] Netgear adds an LTE option to its Arlo security camera line http://tcrn.ch/2gd9edJ https://t.co/MYAFdhS8cW

"Netgear 宣布在 Arlo 安全摄像头中新增 LTE 选项： https://techcrunch.com/2016/11/15/arlo-go/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&sr_share=twitter "
anantshri @anantshri

[ Mobile ] Working on Mobile Security, look at OWASP Projects: Testing Guide (https://github.com/OWASP/owasp-mstg) and ASVS (https://t.co/VrxldjojP4) for mobile

"OWASP 移动安全测试指南： https://github.com/OWASP/owasp-mstg ; OWASP MASVS： https://github.com/OWASP/owasp-masvs "
Binni Shah @binitamshah

[ Others ] State of the Internet Security Report (Akamai) : https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/q3-2016-state-of-the-internet-security-report.pdf (pdf)

"第三季度互联网安全报告，来自 Akamai（PDF） : https://t.co/tSeiTD1A4e"
Nicolas Krassas @Dinosn

[ Others ] 8 million GitHub profiles were leaked from GeekedIn's MongoDB - here's how to see yours https://www.troyhunt.com/8-million-github-profiles-were-leaked-from-geekedins-mongodb-heres-how-to-see-yours/

"8 百万 GitHub 用户信息遭泄露： https://t.co/oKn1m7GImr"
Binni Shah @binitamshah

[ Others ] Kaspersky OS : https://eugene.kaspersky.com/2016/11/15/finally-our-own-os-oh-yes/ ; Flask Security Architecture : https://www.cs.cmu.edu/~dga/papers/flask-usenixsec99.pdf (pdf) cc @ e_kaspersky

"Kaspersky 推出自己的安全操作系统 Kaspersky OS： https://eugene.kaspersky.com/2016/11/15/finally-our-own-os-oh-yes/ ; KasperskyOS 的设计与实现（PDF 俄文）： https://t.co/FJM6vN5sSt"
Binni Shah @binitamshah

[ Others ] Microsoft Replaces Command Prompt with PowerShell in Latest Windows 10 Build : https://blogs.windows.com/windowsexperience/2016/11/17/announcing-windows-10-insider-preview-build-14971-for-pc/#UIdS777V4Mcd8yde.97

"Windows 10 Insider Preview Build 14971 新特性介绍（PowerShell 将代替 Command Prompt，可在 Edge 中阅读 EPUB 格式文档...）︰ https://t.co/CFv6sVpQML"
Binni Shah @binitamshah

[ Others ] Flask : Flux Advanced Security Kernel : https://www.cs.utah.edu/flux/fluke/html/flask.html

"Flask : Flux Advanced Security Kernel ︰ https://t.co/Ln4DlDquS7"
James Forshaw @tiraniddo

[ Sandbox ] Released a big update to my sandbox tools https://github.com/google/sandbox-attacksurface-analysis-tools. Removed un-managed code, generic NT API library,… https://t.co/NUhJbpJ1Or

"James Forshaw 更新了他的 sandbox attacksurface analysis 工具： https://github.com/google/sandbox-attacksurface-analysis-tools"
Didier Stevens @DidierStevens

[ Tools ] New blog post "Update: shellcode2vba.py Version 0.5" https://blog.didierstevens.com/2016/11/18/update-shellcode2vba-py-version-0-5/

"shellcode2vba.py v0.5 --一个可创建 VBA 代码进行 shellcore 注入的工具： https://t.co/xl19yu8q9C"
Robert Swiecki @robertswiecki

[ Tools ] recent honggfuzz trophies: openssl critical bug, openssl high-sev bug, openssh rem. crash; (and more to come): http://goo.gl/8dCziJ

"honggfuzz v0.8 -- 一个 Google 开源的驱动反馈工具︰ https://t.co/mRc40oyh8j"
Project Zero Bugs @ProjectZeroBugs

[ Vulnerability ] Palo Alto Networks PanOS: root_trace local privilege escalation https://bugs.chromium.org/p/project-zero/issues/detail?id=912

"Palo Alto Networks PanOS: root_trace 本地提权漏洞： https://t.co/KwyODM9LtX"
Full Disclosure @SecLists

[ Vulnerability ] SQL Injection in Post Indexer allows super admins to read the contents of… https://goo.gl/fb/zSLW4H #FullDisclosure

"WordPress 插件 Post Indexer 存在 SQL 注入漏洞： https://t.co/SS1BxGXg1k "
Daniel King @long123king

[ Windows ] More details(graphs + codes) of #pwn2own 2016 Edge EoP by CVE-2016-0176. "A Link to System Privilege": https://t.co/95EhF3OUsV @keen_lab

"A Link to System Privilege，CVE-2016-0176 漏洞及利用详解 : https://t.co/95EhF3OUsV "

2016/11/19