腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Linux ] Linux Kernel 4.8.0 udev 232 Privilege Escalation https://packetstormsecurity.com/files/142152/linuxkernel480udev-escalate.txt
"Linux Kernel 4.8.0 udev 232 权限提升漏洞(CVE-2017-7874): https://t.co/zzlxyUHs6d"
-
[ macOS ] Quite enjoyed speaking at @ HITBSecConf Mahalo! ? ? slides: "OverSight: Exposing Spies on macOS" https://speakerdeck.com/patrickwardle/hack-in-the-box-2017-oversight-exposing-spies-on-macos #HITB2017AMS #synack
"揭露 mac 上的监控,主要讲解了利用 webcam 记录用户视频和音频的恶意软件,同时介绍了一款用于检测此行为的工具,来自 HITB 2017 AMS 大会: https://t.co/neJ1QqiRZ4 "
-
[ Others ] Just published a new blog post on improper markup sanitization. Featuring GitHub, GitLab, Atlassian and others.… https://t.co/XboCVpzJJv
"软件中不当的 Markup 文档解析导致的安全问题一览: https://github.com/ChALkeR/notes/blob/master/Improper-markup-sanitization.md"
-
[ Popular Software ] #HITB2017AMS slides for our talk on Signal (w/ @ veorq) are available here: https://conference.hitb.org/hitbsecconf2017ams/materials/D2T1%20-%20Markus%20Vervier%20-%20Hunting%20for%20Vulnerabilities%20in%20Signal.pdf
"挖掘即时通讯应用 Signal 的漏洞,来自 HITB 2017 AMS 会议 ︰ https://t.co/Fkob6N8UJG"
-
[ Popular Software ] CVE-2017-0199 Practical exploitation ! (PoC) http://rewtin.blogspot.com/2017/04/cve-2017-0199-practical-exploitation-poc.html
"CVE-2017-0199 漏洞利用 PoC: https://t.co/oiQLWJAzqF"
-
[ SecurityReport ] Microsoft responds to the Shadow Brokers release of Windows exploits (#infosec) https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/
"微软也发表紧急声明,称其中涉及的漏洞都已经修复,有意思的是有的漏洞是上个月(MS17-010)才修复的: https://t.co/Bz8supVDbg"
-
[ Windows ] New blog post has video walkthrough on Win7 RCE fully patched @ justinelze : https://www.trustedsec.com/blog/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/
"分析方程式组织泄露的工具并结合 Cobalt Strike 演示 MS17-010 远程命令执行漏洞在 Win7 上的效果: https://t.co/GOULMwiRck"