腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Android 点击欺诈应用可被用于建立 DDoS 僵尸网络: https://securingtomorrow.mcafee.com/mcafee-labs/android-click-fraud-app-repurposed-ddos-botnet/#sf113324137
-
[ IoTDevice ] 逆向 OBi200 谷歌语音设备 Part 2: https://randywestergren.com/reverse-engineering-obi200-google-voice-appliance-part-2/ Part 1: https://randywestergren.com/reverse-engineering-obi200-google-voice-appliance-part-1/
-
[ IoTDevice ] ARM exploitation for IoT - part 2: https://quequero.org/2017/09/arm-exploitation-iot-episode-2
-
[ MachineLearning ] 利用深度神经网络从普通图片推理出 3D 立体面部纹理,Paper: https://arxiv.org/pdf/1612.00523v1.pdf
-
[ macOS ] 苹果 macOS 10.12 差分隐私保护(Differential Privacy)的实现,Paper: https://arxiv.org/pdf/1709.02753.pdf
-
[ Popular Software ] 本月 Windows 修复的漏洞中,其中有一个 Microsoft Office RTF 的漏洞已经在野外被利用,FireEye 发现它被用于投递 FINSPY(CVE-2017-8759): https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html https://blogs.technet.microsoft.com/mmpc/2017/09/12/exploit-for-cve-2017-8759-detected-and-neutralized/
-
[ Popular Software ] VMware 发布 AppDefense,可限制虚拟服务器上运行应用程序的类型: https://www.networkworld.com/article/3222858/data-center/vmware-adds-whitelist-security-to-the-hypervisor.html
-
[ SecurityAdvisory ] Xen 发布漏洞公告,修复了 XSA-231、XSA-232、XSA-233、XSA-234 4 个漏洞,从拒绝服务到系统提权: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-033-2017.txt
-
[ SecurityAdvisory ] Adobe 发布本月漏洞公告,修复 RoboHelp、Adobe Flash Player、ColdFusion 3 款产品的多个漏洞: https://helpx.adobe.com/security.html
-
-
[ Tools ] windows-event-forwarding - 一款使用 Windows 事件转发来进行事件的检测与响应的工具: https://github.com/palantir/windows-event-forwarding
-
[ Tools ] Sysinternals 的 Sysmon、Process Monitor、Autoruns、AccessChk 工具有更新: https://blogs.technet.microsoft.com/sysinternals/2017/09/12/sysinternals-update-sysmon-v6-1-process-monitor-v3-4-autoruns-v13-8-accesschk-v6-11/
-
[ Vulnerability ] 间谍 VS 间谍: 针对麦克风漏洞的操纵与检测: https://gsec.hitb.org/materials/sg2017/WHITEPAPER%20-%20Veronica%20Valeros%20and%20Sebastian%20Garcia%20-%20A%20Modern%20Study%20of%20Microphone%20Bugs.pdf
-
[ Windows ] Windows kernel pool spraying fun - Part 2 - More objects : https://theevilbit.blogspot.com/2017/09/windows-kernel-pool-spraying-fun-part-2.html
-
[ Windows ] Managed object internals, Part 3 : https://blogs.msdn.microsoft.com/seteplia/2017/09/12/managed-object-internals-part-3-the-layout-of-a-managed-array-3/ ; Managed object internals, Part 2: https://blogs.msdn.microsoft.com/seteplia/2017/09/06/managed-object-internals-part-2-object-header-layout-and-the-cost-of-locking/ ; Managed object internals, Part 1: https://blogs.msdn.microsoft.com/seteplia/2017/05/26/managed-object-internals-part-1-layout/
-
[ Windows ] 使用 Windows 事件转发进行网络防御: https://medium.com/@palantir/windows-event-forwarding-for-network-defense-cb208d5ff86f
-
[ WirelessSecurity ] BlueBorne - Armis Labs 公开的一个新攻击面,通过蓝牙攻击 PC、手机(Android/iOS)、IoT 等几乎所有的设备。攻击也不需要蓝牙配对: https://www.armis.com/blueborne/ https://threatpost.com/wireless-blueborne-attacks-target-billions-of-bluetooth-devices/127921/
-
[ Browser ] “Elements kinds” in V8 - V8 的对象元素种类: https://v8project.blogspot.com/2017/09/elements-kinds-in-v8.html
-
[ Industry News ] Kromtech 安全中心的人发现 超过 4000 个 ElasticSearch 服务器托管着 PoS 恶意软件(AlinaPOS、 JackPOS): https://www.bleepingcomputer.com/news/security/over-4-000-elasticsearch-servers-found-hosting-pos-malware-files/
-
-
[ MalwareAnalysis ] 在细节中捕捉恶魔-2017世界物联网博览会信息安全高峰论坛议题: https://mp.weixin.qq.com/s/mLMoA_LTkgP3JXcl-2OG8Q
-
-
[ SecurityAdvisory ] 微软发布 9 月份漏洞补丁: http://blog.talosintelligence.com/2017/09/ms-tuesday.html ZDI 对补丁日的总结: https://www.thezdi.com/blog/2017/9/12/the-september-2017-security-update-review
-