腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/03/23

CopperheadOS @CopperheadOS

[ Android ] Security and privacy related API changes in Android O: https://developer.android.com/preview/behavior-changes.html#security-all. For apps targeting new API level: https://t.co/OjFsakIcYc.

"Android 官方发布下一个大版本的预览版 - Android O，Android O 在安全方面有一些新变化： https://t.co/Wbd4Q4bams"
WebKit @webkit

[ Browser ] Here are the release notes for today’s Safari Technology Preview release 26 update. https://webkit.org/blog/7474/release-notes-for-safari-technology-preview-26/ https://t.co/Rm6de0MJ8z

"最新的 Safari 技术预览版 26 发布： https://t.co/rzvM6xnuje "
HackSys Team @HackSysTeam

[ Browser ] I published the advisory for Heap Overflow in Google Chrome's PDFium http://payatu.com/bounds-write-heap-buffer-google-chrome-pdfium/

"Google Chrome 54.0.2840.99 PDFIUM 的一个堆越界写漏洞，成功利用可以实现任意代码执行： https://t.co/XSTKX9bZOF "
dalmoz @dalmoz_

[ Conference ] USENIX Enigma 2017 videos are online: https://www.youtube.com/channel/UCIdV7bE97mSPTH1mOi_yUrw

"USENIX Enigma 2017 大会视频︰ https://t.co/nWnocB2gzb"
TrendLabs @TrendLabs

[ Industry News ] New post: Winnti Abuses GitHub for C&C Communications http://bit.ly/2msnFx8 @ TrendMicro

"Trend Micro 发现 Winnti 团伙利用 Github 进行C&C通信： https://t.co/P9Prts1ljr "
Ivan Krstić @radian

[ iOS ] The updated iOS Security Guide now covers iOS 10: https://www.apple.com/business/docs/iOS_Security_Guide.pdf

"苹果更新了 iOS 安全手册，手册中涵盖了 iOS 系统安全相关的各方面内容，本次更新加入了对 iOS 10 中最新安全特性的介绍： https://t.co/d8DPWVC1EX"
Nikolaos Chrysaidos @virqdroid

[ MalwareAnalysis ] Deep Ground Truth Analysis of Current Android Malware - http://www.arguslab.org/documents/tech_reports/2017/amd_fgwei_2017.pdf

"深入分析当前 Android 恶意软件（paper）： https://t.co/eFciaVM9Ky"
Nicolas Krassas @Dinosn

[ Others ] Adventures in JIT compilation: Part 2 - an x64 JIT http://eli.thegreenplace.net/2017/adventures-in-jit-compilation-part-2-an-x64-jit/

"x64 JIT 编译的背景知识： https://t.co/XEhACqKKlT"
Jean-Ph˙ ͜ʟ˙ppe @Jipe_

[ Tools ] Introducing FAME - Our open-source malware analysis framework https://certsocietegenerale.github.io/fame/ #DFIR #malware

"FAME -- 一个的开源恶意软件分析框架： https://t.co/3MJXwWSySj "
Daniel Bilar @daniel_bilar

[ Tools ] Struts Apache 2 based honeypot & detection module by @nirkrakowksi @lorgandon https://t.co/oJzc8qnvFo [CVE 2017-5638 https://t.co/H9q1Ybuiuh

"StrutsHoneypot -- 基于 Apache 2 的蜜罐，其中包含用于 Apache 2 服务器的独立检测模块，以阻止 CVE 2017-5638 的漏洞利用： https://t.co/oJzc8qnvFo "
Binni Shah @binitamshah

[ Vulnerability ] Type Manipulation: Escaping Template Sandboxes : https://snyk.io/blog/type-manipulation/ cc @ snyksec https://t.co/rRx7OgUZ2A

"LinkedIn Dust.js 和 Mozilla Nunjucks 模板框架中的类型篡改（Type Manipulation）漏洞︰ https://t.co/9m2ixyxUKw "
US-CERT @USCERT_gov

[ Vulnerability ] Vulnerabilities Identified in Network Time Protocol Daemon (ntpd) http://bit.ly/2nCIVjH

" NTPD 服务确认存在多个漏洞可导致拒绝服务攻击： https://t.co/HZTkFldFcw"

Xuanwu Spider via Google Security Blog

[ Android ] Google 官方发布 2016年 Android 安全回顾： https://security.googleblog.com/2017/03/diverse-protections-for-diverse.html
Xuanwu Spider via 移动安全_Bert 's weibo

[ Android ] 越来越多的 Android 广告软件开始滥用插件框架（Android Plugin Frameworks）: http://researchcenter.paloaltonetworks.com/2017/03/unit42-new-trend-android-adware-abusing-android-plugin-frameworks/ https://www.bleepingcomputer.com/news/security/the-next-big-thing-for-android-malware-is-plugin-frameworks-/
Xuanwu Spider via Flanker 's weibo

[ Conference ] 2017 高通移动安全峰会的议题公布： https://qct-qualcomm.secure.force.com/QCTConference/GenericSitePage?eventname=2017Security&page=Summit%20Information
Xuanwu Spider via threatpost.com

[ Industry News ] Jigsaw 和 Google 合作，将提供一套免费的工具，用于保障政治选举过程的安全性： https://threatpost.com/google-jigsaw-partner-on-free-tools-to-secure-elections/124501/
Xuanwu Spider via FreeBuf

[ iOS ] iOS App的加固保护原理： http://www.freebuf.com/articles/terminal/129640.html
Xuanwu Spider via project zero

[ macOS ] macOS 一个 HelpViewer XSS 漏洞实现任意文件执行和任意文件读漏洞： https://bugs.chromium.org/p/project-zero/issues/detail?id=1040&can=1&q=&sort=-id
Xuanwu Spider via 看雪 's weibo

[ Others ] 渗透测试 Node.js 应用： http://weibo.com/ttarticle/p/show?id=2309404088160723314639
Xuanwu Spider via Github

[ Others ] 0ctf 2017 内核利用的笔记： https://github.com/lovelydream/0ctf2017_kernel_pwn
Xuanwu Spider via sensepost.com

[ Others ] Liniaal - SensePost 发了一篇 Blog，借助 Empire，利用 Exchange server 进内网： https://sensepost.com/blog/2017/liniaal-empire-through-exchange/
Xuanwu Spider via 安全客

[ Popular Software ] 日版WPS远程代码执行漏洞详细分析: http://bobao.360.cn/learning/detail/3636.html
Xuanwu Spider via talosintelligence.com

[ Virtualization ] 虚拟仪器工程平台 LabVIEW 被发现了一个远程代码执行漏洞： http://blog.talosintelligence.com/2017/03/vulnerability-spotlight-code-execution.html
Xuanwu Spider via 3gstudent 's blog

[ Windows ] 32位程序对64位进程的远程注入实现： https://3gstudent.github.io/3gstudent.github.io/32%E4%BD%8D%E7%A8%8B%E5%BA%8F%E5%AF%B964%E4%BD%8D%E8%BF%9B%E7%A8%8B%E7%9A%84%E8%BF%9C%E7%A8%8B%E6%B3%A8%E5%85%A5%E5%AE%9E%E7%8E%B0/

2017/03/23