腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] Unpatched Mozilla Firefox v50 - v55 Stack Overflow DoS Vulnerability https://goo.gl/fb/j1YsBw #FullDisclosure
" Mozilla Firefox v50 - v55 存在栈溢出漏洞: http://seclists.org/fulldisclosure/2017/May/62?utm_source=feedburner&utm_medium=twitter&utm_campaign=Feed%3A+seclists%2FFullDisclosure+%28Full+Disclosure%29 "
-
[ Bug Bounty ] PayPal Inc announces 2 new Bug Bounty Program Domains https://goo.gl/fb/XtS6HR #FullDisclosure
" PayPal 公司发布了两个新加入 BUG 赏金计划的域名: https://t.co/zYfow7MEQb "
-
[ Bug Bounty ] Announcing that the Edge Bug Bounty Program will now run through until the end of June. Now finishing June 30, 2017: https://blogs.technet.microsoft.com/msrc/2017/05/16/extending-microsoft-edge-bounty-program/
" 微软决定延长 Edge Bounty 项目至 6 月 30 号: https://t.co/TzfHRFJXS6 "
-
[ Cloud ] Penetration Testing AWS Storage: Kicking the S3 Bucket https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-storage/
" 对 AWS STORAGE S3 BUCKET 的安全性测试与总结: https://t.co/V6EHQDRDtN "
-
[ Industry News ] Disney Hackers Threaten to Release Upcoming Movie: Report https://www.infosecurity-magazine.com/news/disney-hackers-threaten-to-release/
" 据BBC报道,黑客威胁迪士尼,称如不交赎金,将提前公布即将上映的加勒比海盗五的部分片段: http://www.bbc.com/news/entertainment-arts-39933406 "
-
[ Industry News ] Dumps could include exploits, SWIFT data or nuclear/missile data stolen from US adversaries. https://threatpost.com/shadowbrokers-planning-monthly-exploit-data-dump-service/125710/ via @ threatpost
" ShadowBrokers 组织昨天发了一篇文章,这篇文章介绍了他们 "拍卖方程式军火库" 的从商经历,鉴于 "业绩"不佳,他们决定从 6 月份开始开启全新的会员付费按月订阅模式。这次他们将放出浏览器、路由器、手机、支持 Windows 10 系统等新 Exploits: https://steemit.com/shadowbrokers/@theshadowbrokers/oh-lordy-comey-wanna-cry-edition "
-
[ Industry News ] 1.9 million Bell customer email addresses and' 1,700 names and phone numbers stolen in data breach... oops http://www.cbc.ca/beta/news/technology/bell-data-breach-customer-names-phone-numbers-emails-leak-1.4116608
" 加拿大电信巨头 Bell 公司 190 万用户 eamil 及 1700 用户姓名、电话信息泄露: https://t.co/qqta2cavs9 "
-
[ Others ] PayBreak - Generically recovering from ransomware including WannaCry/WannaCryptor https://eugenekolo.com/blog/paybreak-generically-recovering-from-ransomware-including-wannacry/
" 波士顿和伦敦大学的几位研究员提出了一个勒索软件还原的新方法 - PayBreak,这种方法记录勒索软件加密每个文件时的加密 key,利用记录下的加密 Key 最终还原所有文件。他们称这种方法对 WannaCry 也有效: https://t.co/VPVlvAajuX "
-
[ Others ] Remote COM scriptlets with no regsvr32 but more VBA https://labs.mwrinfosecurity.com/blog/dll-tricks-with-vba-to-improve-offensive-macro-capability/ by @ william_knows
" 如何在 VBA 中与 DLL 交互,扩充宏的攻击能力: https://t.co/Gqb3en3jss "
-
[ Others ] Hack the Virtual Memory : malloc, the heap & the program break : https://blog.holbertonschool.com/hack-the-virtual-memory-malloc-the-heap-the-program-break/ cc @ julienbarbier42 https://t.co/9ZRQB8d7Or
" Hack the Virtual Memory : malloc, the heap & the program break : https://t.co/xotqocx17y "
-
[ Popular Software ] Adobe Flash: Heap Corruption in Margin Handling https://bugs.chromium.org/p/project-zero/issues/detail?id=1174
" Adobe Flash 在处理富文本 margin 时的堆破坏漏洞(CVE-2017-3061): https://t.co/JD7icHtqKp "
-
[ SecurityReport ] All you need to know about the #Lazarus APT group in one paper: https://securelist.com/files/2017/04/Lazarus_Under_The_Hood_PDF_final.pdf
" 昨天卡巴斯基发 Blog 称 WannaCry 勒索软件背后是 Lazarus 组织,4 月份卡巴斯基专门发过一份分析 Lazarus 组织的报告: https://t.co/Vw3WEyAu9h "
-
[ Tools ] fsql : Search through your filesystem with SQL-esque queries : https://github.com/kshvmdn/fsql https://t.co/erNXGNMHN7
" fsql - 使用 SQL 语句对文件系统进行搜索的工具: https://t.co/fehftikmrh "
-
[ Tools ] NCC Group Tool: WSSiP: A WebSocket Manipulation Proxy - https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/may/wssip-a-websocket-manipulation-proxy/ #appsec #Pentesting
" WSSiP - WebSocket 代理工具,用于查看、拦截或修改 WebSocket 数据包: https://t.co/9gAVBwRK6K Gitub: https://github.com/nccgroup/wssip "
-
[ Vulnerability ] Adobe Flash: Out-of-bounds read in getting TextField width https://bugs.chromium.org/p/project-zero/issues/detail?id=1211
" Adobe Flash 在获取 TextField width 时存在一个越界读漏洞(CVE-2017-3064): https://t.co/VY0ursd9pC "
-
[ Vulnerability ] Adobe Flash: Out-of-bounds write in hit test https://bugs.chromium.org/p/project-zero/issues/detail?id=1210
" Adobe Flash 通过 hit test 处罚的越界写漏洞: https://t.co/laiw2Y0UFJ "
-
[ Windows ] For those that wanted it, here's a JScript version of the UAC bypass. https://gist.github.com/tyranid/254fc320411132c8e9bd71e178c9d429
" 昨天推送了 James Forshaw 利用计划任务 Bypass UAC 的文章,之后他又公开了 PowerShell 和 JS 版本的 PoC 代码: https://t.co/9uHL7oycPV "
-
[ Defend ] ASLR、DEP、Cookie、CFI、CFG 等针对 Memory Corruption 漏洞利用的缓解措施极大的提高了攻击门槛和成本。但 Chris Evans 认为这些缓解措施都是从内存破坏漏洞触发后的副作用(side effect)角度出发的,并不是内存破坏本身,他这篇 Blog 介绍的就是他关于如何对抗内存破坏漏洞本身的思考: https://scarybeastsecurity.blogspot.com/2017/05/are-we-doing-memory-corruption.html
-
[ MalwareAnalysis ] WannaCry(想哭勒索蠕虫)技术分析,来自安全客: http://bobao.360.cn/learning/detail/3860.html 还有一篇相关分析: http://baesystemsai.blogspot.com/2017/05/wanacrypt0r-ransomworm.html
-
[ Mobile ] 手机、Flash、SSD 都有一个加密的类 TPM 区域,称为 RPMB,可以存储一个不可复写的 Key: https://twitter.com/dragosr/status/864342884606066688
-
[ Programming ] JavaScript JIT 编译器是如何工作的: https://hacks.mozilla.org/2017/02/a-crash-course-in-just-in-time-jit-compilers/