腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Attack ] Practical Keystroke Timing Attacks in Sandboxed JavaScript,这篇 Paper 中作者展示了一种通用的 Keystroke(击键) Timing 攻击方式,后台运行的 tab 可以利用这种方式记录下用户键入的密码、URL 等敏感信息: https://misc0110.net/web/files/keystroke_js.pdf
-
[ Attack ] 欧洲及北美能源部被 Dragonfly 盯上: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group?om_ext_cid=biz_social_NAM_twitter_Asset Type - Blog,Asset Type - Infographic,Campaign: Dragonfly 2.0
-
[ Industry News ] 被黑的 LinkedIn 账户被利用其私信和 InMail 功能发送钓鱼链接: https://blog.malwarebytes.com/threat-analysis/2017/09/compromised-linkedin-accounts-used-to-send-phishing-links-via-private-message-and-inmail/
-
[ Industry News ] 漏洞收购平台 ZERODIUM 昨天提高了 Tor Browser Bounty 的奖金额度,总共 100 万美金。在禁用 JavaScript 的条件下实现 Windows x64 和 Tails 3.x (64bit) 通杀最高可以获得 25 万美金: https://zerodium.com/tor.html
-
[ IoTDevice ] 利用 Raspberry Pi Zero W 和 MotionEyeOS 来搭建监控摄像头: https://dantheiotman.com/2017/08/14/creating-a-surveillance-camera-using-a-pi-zero-w-motioneyeos/
-
[ Malware ] Google Play 商店上发现了 BankBot 银行木马变体,其目标列表中新加入十个阿联酋银行应用: http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-play-targets-ten-new-uae-banking-apps/
-
[ Others ] RHme3 CTF 一道 UAF 题的 Writeup: https://0x00sec.org/t/heap-exploitation-abusing-use-after-free/3580
-
[ Popular Software ] 昨天推送的 Microsoft Office RTF WSDL Parser 野外被利用 0Day 的 PoC: https://github.com/Voulnet/CVE-2017-8759-Exploit-sample https://github.com/vysec/CVE-2017-8759
-
[ Programming ] JavaScript 工作原理:内存管理 + 如何处理 4 种常见内存泄漏: https://blog.sessionstack.com/how-javascript-works-memory-management-how-to-handle-4-common-memory-leaks-3f28b94cfbec
-
[ Tools ] HandyCollaborator - 在手工测试时使用 Collaborator 工具的 Burp Suite 扩展 : https://techblog.mediaservice.net/2017/09/handy-collaborator-because-burp-suite-collaborator-is-useful-also-during-manual-testing/
-
[ Tools ] 上周推送过 FireEye 一篇监控 Windows Console 活动的 Blog,有位研究员根据 Blog 自己实现了一个工具: https://github.com/EyeOfRa/WinConMon
-
[ Vulnerability ] LibOFX Tag 解析存在代码执行漏洞(CVE-2017-2816): https://blogs.cisco.com/security/talos/vulnerability-spotlight-libofx-tag-parsing-code-execution-vulnerability
-
[ Vulnerability ] Jungo DriverWizard WinDriver 内核池溢出本地提权漏洞披露(CVE-2017-14344): http://srcincite.io/advisories/src-2017-0027/
-
[ Web Security ] 利用 PHP Sessions 文件将 LFI 漏洞升级为 RCE: https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions
-
[ Attack ] Evil Devices and Direct Memory Attacks(DMA),基于 DMA 攻击 macOS、Linux、Windows: https://github.com/ufrisk/presentations/blob/master/SEC-T-0x0Anniversary-Ulf-Frisk-Evil-Devices-and-Direct-Memory-Attacks.pdf
-
-
[ Browser ] Firefox 57 将通过引入 HACL* 库支持 Verified cryptography: https://blog.mozilla.org/security/2017/09/13/verified-cryptography-firefox-57/
-
[ Fuzzing ] Breaking Ruby's Unmarshal with AFL-Fuzz: https://medium.com/fuzzstation/breaking-rubys-unmarshal-with-afl-fuzz-6b5f72b581d5
-
[ Industry News ] 全球至少 165 万台电脑被黑客用来挖矿: https://motherboard.vice.com/en_us/article/vb74j3/at-least-165-million-computers-are-mining-cryptocurrency-for-hackers-so-far-this-year
-
-
-
-
[ iOS ] Proteas Wang 在 Syscan360 2017 会议的演讲《Exploit iOS 9.x Userland with LLDB JIT》: https://www.slideshare.net/Proteas_Wang/exploit-ios-9x-userland-with-lldb-jit
-
-
[ Linux ] Linux 内核修复昨天推送的蓝牙 BlueBorne 攻击的补丁: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3
-
-
-
[ Vulnerability ] Fortinet 2015 年的一篇 Blog《Multi-COM Loading Methods Used In Targeted Attack》,这个 0Day 当时被俄罗斯间谍组织在野外使用(MS15-070/CVE-2015-2424): https://blog.fortinet.com/2015/09/01/multi-com-loading-methods-used-in-targeted-attack
-
-
[ Windows ] 昨天微软的发布的补丁中,win32k!bFill MS16-098 整数溢出的漏洞又被补了一次: https://twitter.com/saif_sherei/status/907859186670850048 https://sensepost.com/blog/2017/exploiting-ms16-098-rgnobj-integer-overflow-on-windows-8.1-x64-bit-by-abusing-gdi-objects/
-
[ Windows ] Windows 内核驱动 win32k!EPATHOBJ::pprFlattenRec 未初始化指针漏洞(CVE-2013-3130)的 Exploit: https://www.exploit-db.com/exploits/25912/ https://www.exploit-db.com/exploits/25611/
-