腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] .@ Microsoft Cutting Off #SHA1 Support in February for Edge, IE 11: https://threatpost.com/microsoft-cutting-off-sha-1-support-in-february-for-edge-ie-11/122119/ via @ threatpost
"Microsoft 确认将于 2017 年 2 月 停止 Edge 和 IE 11 中对 SHA-1 的支持: https://t.co/RYHsYy352e"
-
[ Browser ] MSIE8 MSHTML Ptls5::LsFindSpanVisualBoundaries memory corruption https://goo.gl/fb/652D94 #FullDisclosure
"Microsoft IE 8 Ptls5::LsFindSpanVisualBoundaries 内存破坏漏洞: https://t.co/gUhVflG7W0 "
-
[ Linux ] [0day] [exploit] Advancing exploitation: a scriptless 0day exploit against Linux desktops http://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html
"针对 Linux 桌面(Ubuntu 16.04 和 Fedora 24)的无脚本 0day 利用: https://t.co/aus68OPYLW"
-
[ macOS ] An overview of malvertising on the Mac https://blog.malwarebytes.com/threat-analysis/social-engineering-threat-analysis/2016/11/an-overview-of-malvertising-on-the-mac/
"Mac 上恶意软件的总览: https://t.co/RtCDUnvvaV"
-
[ Malware ] ESET Crysis decryptor to rescue files encrypted by the Crysis ransomware http://securityaffairs.co/wordpress/53677/malware/crysis-ransomware-decryptor.html
"被 CrySis 勒索软件加密的文件现已可解密: https://t.co/huNdeNH8Wp "
-
[ Malware ] New post: Businesses as Ransomware’s Goldmine: How Cerber Encrypts Database Files http://bit.ly/2fmRPgi @ TrendMicro
"商业公司成为勒索软件的金矿︰ Cerber 病毒是如何加密商业公司数据文件的: https://t.co/MTQ2WP1xsF "
-
[ MalwareAnalysis ] Compromised Microsoft OneDrive for Business Accounts Used to Spread #Malware http://fc-pt.com/2ggzxwq https://t.co/bIzbn0Jn65
"利用 Microsoft OneDrive 来传播恶意软件: https://blogs.forcepoint.com/security-labs/compromised-microsoft-onedrive-business-accounts-used-spread-malware?utm_medium=Social&utm_source=LabsTwitter&utm_campaign=Labs+Blog+22Nov&utm_content=Labs+Blog&sf_src_cmpid=70137000000DrVo&adbsc=blogs68120756&adbid=801084840565051393&adbpl=tw&adbpr=17244740"
-
[ Mobile ] MobSF v0.9.3 is released. Now supports Windows App Static Analysis. See what’s new:... http://fb.me/Z0OADo6L
"MobSF v0.9.3 发布 -- 一个可用来测试手机应用安全性的框架: https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/releases/tag/v0.9.3"
-
[ Others ] Exploit code released for NTP vulnerability - http://bit.ly/2f3p9KN
"NTP服务漏洞利用代码公布: https://t.co/psgh2eFBI7"
-
[ Others ] Cash-spitting ATM malware blamed on Cobalt hacking gang https://www.grahamcluley.com/atm-malware-cobalt-hacking-gang/
"Cobalt 黑客团伙在14个国家作案,致使 ATM 机自动吐钱: https://t.co/YN2U6jdJfB "
-
[ Others ] TR-064 Misimplementations leading to remote device takeover in ZyXEL Routers https://github.com/XiphosResearch/exploits/tree/master/tr-06fail
"TR-064 Misimplementations leading to remote device takeover in ZyXEL Routers: https://t.co/LVKtfFy9dK"
-
[ Others ] TropicTrooper campaign targets Taiwanese government & fossil fuel provider with Poison Ivy. Read the #Unit42 report http://oak.ctx.ly/r/59ggu
"TropicTrooper 网络活动将目标锁定台湾政府与化石燃料供应商: https://t.co/Bs2BKi196v"
-
[ Others ] A collection of sources of indicators of compromise https://github.com/sroberts/awesome-iocs
" IoC(indicators of compromise)源的收集: https://t.co/eYMrF3mnsG"
-
[ Others ] Towards practical information flow control and audit https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-893.pdf
"对信息流控制和审计的实践: https://t.co/0ETkmTt7k9"
-
[ Others ] DoD Publishes Vulnerability Disclosure Policy: https://threatpost.com/dod-publishes-vulnerability-disclosure-policy/122097/ via @ threatpost
"美国国防部公布漏洞披露政策,攻陷五角大楼项目将会继续︰ https://t.co/I1fGUAijQO"
-
[ Others ] Some pretty Xen Security Advisories (including an embargoed one) are out! https://xenbits.xen.org/xsa/
"Xen 发布最新安全公告: https://t.co/c4Ob4nTKvb"
-
[ Popular Software ] Hacking 27% of the Web via WordPress Auto-Update: RCE Vulnerability in http://api.wordpress.org via weak hashing algo https://www.wordfence.com/blog/2016/11/hacking-27-web-via-wordpress-auto-update/
"通过 WordPress 自动更新功能可 Hacking 多达 27% 的网站: https://t.co/vCurgLoxO1 https://t.co/1Fimyh02jP"
-
[ Protocol ] [CORE-2016-0007] - TP-LINK TDDP Multiple Vulnerabilities https://goo.gl/fb/b0jY2N #FullDisclosure
"TP-LINK TDDP 存在多个漏洞: https://t.co/Nmt9w6MIfA "
-
[ Protocol ] A Story About TP-link Device Debug Protocol (TDDP) Research http://hubs.ly/H05hNDc0 https://t.co/MbNeYlpFb3
"关于 TP-link Device Debug Protocol (TDDP) 的研究: https://t.co/TjjzTIwm6F https://t.co/MbNeYlpFb3"
-
[ Tools ] .NET Patcher Library which can bypass obfuscation. Nice for autopatchers! https://github.com/ioncodes/dnpatch
"用 dnlib 来 patch .NET 程序: https://t.co/JT8G5PpVZH"
-
[ Tools ] Updated Py #PowerShell decoder script. Base64, compressed, char[], and shellcode. @ https://github.com/JohnLaTwC/PyPowerShellXray #DFIR https://t.co/OEYPn0efOW
"PyPowerShellXray -- 此 Python 脚本可用来解码常见编码格式的PowerShell: https://github.com/JohnLaTwC/PyPowerShellXray"
-
[ Tools ] A nice tool using Capstone disassembler: Lazy Office Analyser (office) to detect APT malware inside MS Office docs. https://t.co/cuwCDTMUG3
"Lazy Office Analyser -- 可用来提取 office 文档中 URL 的工具: https://t.co/cuwCDTMUG3"
-
[ Windows ] #Elevating #privileges by environment variables expansion on #Microsoft operating systems - https://breakingmalware.com/vulnerabilities/elastic-boundaries-elevating-privileges-by-environment-variables-expansion/
"弹性边界-利用环境变量进行提权(Windows): https://t.co/7pfzcEB9zk"
-
[ Windows ] Microsoft's x86 on ARM64 emulation, A Windows 10 'Redstone 3' Fall 2017 deliverable, sources say: http://www.zdnet.com/article/microsofts-x86-on-arm64-emulation-a-windows-10-redstone-3-fall-2017-deliverable/
"Microsoft 计划在 Windows 10 的 ARM64 模拟器下支持 X86,以在 ARM64 设备上运行 x86 APP︰ https://t.co/P8hkB3wy96"
-
[ WirelessSecurity ] nrf24-arsenal Hacking tools and scripts for nRF24LU1+ Author: @090h #hardware #Transceiver #hacking #scripts https://t.co/aPjJxxQin3
"Hacking tools and scripts for nRF24LU1+: https://t.co/aPjJxxQin3"
-
[ WirelessSecurity ] Exfiltration of User Credentials using WLAN SSID http://www.labofapenetrationtester.com/2016/11/exfiltration-of-user-credentials-using-wlan-ssid.html
"借助 WLAN SSID 泄露用户凭证: https://t.co/WepLDZxme7"
-
[ WirelessSecurity ] Practicing a Record-and-Replay System on USRP [PDF] http://conferences.sigcomm.org/sigcomm/2013/papers/srif/p61.pdf #SDR #USRP https://t.co/OW3sBroOoj
"Practicing a Record-and-Replay System on USRP(PDF): http://conferences.sigcomm.org/sigcomm/2013/papers/srif/p61.pdf"
-
Xuanwu Spider via xisigr blog[ Browser ] Apple Safari Addressbar Spoofing Attacks with Search Engines on IOS: http://xisigr.com/x/apple-safari-addressbar-spoofing-attacks-with-search-engines-on-ios/
-
Xuanwu Spider via 安全客
[ Programming ] 关于PHP内部编码与mysql字符差异问题的研究:http://bobao.360.cn/learning/detail/3209.html
-
Xuanwu Spider via 途牛安全应急响应中心
[ Attack ] 互联网业务安全的黑灰产业链的故事 - 【途牛风控】: http://mp.weixin.qq.com/s?__biz=MzI4NTIxNjczMA==&mid=2247483766&idx=1&sn=9af29dae213d976a958ad471fdf566b4&chksm=ebeedbc3dc9952d51da18d2ed57d993370d60a0d6e2108ef528c756597d4894e86bcc87db5cc&mpshare=1&scene=1&srcid=1122KxR8gXNoYfNEr1VXj7KQ#wechat_redir
-
Xuanwu Spider via SecWiKi
[ OpenSourceProject ] 挖掘PHP禁用函数绕过利用姿势: http://blog.th3s3v3n.xyz/2016/11/20/web/%E6%8C%96%E6%8E%98PHP%E7%A6%81%E7%94%A8%E5%87%BD%E6%95%B0%E7%BB%95%E8%BF%87%E5%88%A9%E7%94%A8%E5%A7%BF%E5%8A%BF/
-
Xuanwu Spider via Solidot
[ Android ] 另一家中国公司被发现在Android固件中植入后门: http://www.solidot.org/story?sid=50435
-
Xuanwu Spider via 安全客
[ Browser ] Exploiting Internet Explorer 11 64-bit on Windows 8.1 Preview: http://bobao.360.cn/learning/detail/3207.html