
腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] Content Security Policy: Embedded Enforcement https://w3c.github.io/webappsec-csp/embedded/ via @ mikewest
"CSP新机制:嵌入式策略强制;新机制允许在 Web 页面中嵌入一个嵌套的浏览器 context,同时可强制执行一组指定的内容安全策略: https://t.co/Al4SQzPsSo "
-
[ Hardware ] Two sw-only defenses against #Rowhammer https://arxiv.org/pdf/1611.08396v1 [x86, ARM; phys mem alloc part. into sec domains,… https://t.co/SarViYXiFl
"两种针对 Rowhammer 攻击的防御方法(Paper): https://t.co/CiSCtdTzud"
-
[ Linux ] Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes) : https://www.exploit-db.com/exploits/40924/
"Linux/x86-/ bin/bash -c 任意代码执行 Shellcode ︰ https://t.co/lgLkBpz4zv"
-
[ macOS ] Hacking Apple Mac encryption password in Just 30 Seconds with PCILeech device http://securityaffairs.co/wordpress/54477/hacking/pcileech-hacking-mac.html
"利用 PCILeech 设备 30 秒 hack Apple Mac: https://t.co/13J5BBKyvr"
-
[ Others ] SQL Injection Attack is Tied to Election Commission Breach: https://threatpost.com/sql-injection-attack-is-tied-to-election-commission-breach/122571/ via @ threatpost
"美国选举委员会表示其可能遭受了黑客攻击: https://t.co/s3qKrGQtCZ"
-
[ Others ] 1200 line obfuscated #PowerShell malware threat, dropped by Word Macro ENJOY INTERNETZ https://pastebin.com/V1F1hRg7 #DFIR https://t.co/LaDT2bR14F
"第一个利用 word 宏病毒释放 Powershell 的样本: https://t.co/ZnpTtl45mU "
-
[ Others ] Review of recent shadow brokers leak https://www.myhackerhouse.com/merry-haxmas-shadowbrokers-strike-again/
"shadow brokers 公开售卖方程式组织文件: https://t.co/1hK5WCOauT 详情: https://bit.no.com:43110/theshadowbrokers.bit/"
-
[ Others ] Spear Phishing attacks hits industrial companies https://ics-cert.kaspersky.com/2016/12/16/spear-phishing-attack-hits-industrial-companies/ by @ kaspersky IOC's in @ alienvault @ OTX https://t.co/DqSNwuFtYA
"鱼叉式钓鱼攻击瞄准工业公司: https://t.co/DqSNwuFtYA https://t.co/3MFPfQCj8y"
-
[ SecurityProduct ] Ring3 hooks: Norton Security StackPivot exploit mitigation baypss (too easy): http://asintsov.blogspot.de/2016/12/bypassing-exploit-protection-of-norton.html cc:@ DefconRussia streams
"绕过诺顿的漏洞利用保护机制︰ https://t.co/qGri9ns5Qh"
-
[ Tools ] Intel XED: The X86 Encoder Decoder : https://intelxed.github.io/
"Intel XED 开源︰Intel X86 编解码器︰ https://t.co/bG0ruq0OB9"
-
[ Vulnerability ] ‘SSL Death Alert’ (CVE-2016-8610) can cause denial of service to OpenSSL Servers. See our patch analysis:… https://twitter.com/i/web/status/809937942835818497
"对可导致拒绝服务的 'SSL Death Alert'漏洞补丁分析 (CVE-2016-8610) : https://t.co/4WaKmVrpsx"