每日安全动态推送(09-14)

2017-09-14 11:31:19 Admin 腾讯玄武实验室

Xuanwu Lab Security Daily News


  • [ Attack ]   Practical Keystroke Timing Attacks in Sandboxed JavaScript,这篇 Paper 中作者展示了一种通用的 Keystroke(击键) Timing 攻击方式,后台运行的 tab 可以利用这种方式记录下用户键入的密码、URL 等敏感信息: 

    https://misc0110.net/web/files/keystroke_js.pdf 


  • [ Attack ]  欧洲及北美能源部被 Dragonfly 盯上:https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group?om_ext_cid=biz_social_NAM_twitter_Asset Type - Blog,Asset Type - Infographic,Campaign: Dragonfly 2.0


  • [ Industry News ]   被黑的 LinkedIn 账户被利用其私信和 InMail 功能发送钓鱼链接:https://blog.malwarebytes.com/threat-analysis/2017/09/compromised-linkedin-accounts-used-to-send-phishing-links-via-private-message-and-inmail/


  • [ Industry News ]   漏洞收购平台 ZERODIUM 昨天提高了 Tor Browser Bounty 的奖金额度,总共 100 万美金。在禁用 JavaScript 的条件下实现 Windows x64 和 Tails 3.x (64bit) 通杀最高可以获得 25 万美金: 

    https://zerodium.com/tor.html


  • [ IoTDevice ]  利用 Raspberry Pi Zero W 和 MotionEyeOS 来搭建监控摄像头:https://dantheiotman.com/2017/08/14/creating-a-surveillance-camera-using-a-pi-zero-w-motioneyeos/


  • [ Malware ]  Google Play 商店上发现了 BankBot 银行木马变体,其目标列表中新加入十个阿联酋银行应用: 

    http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-play-targets-ten-new-uae-banking-apps/


  • [ Others ]   RHme3 CTF 一道 UAF 题的 Writeup: 

    https://0x00sec.org/t/heap-exploitation-abusing-use-after-free/3580


  • [ Popular Software ]   昨天推送的 Microsoft Office RTF WSDL Parser 野外被利用 0Day 的 PoC: 

    https://github.com/Voulnet/CVE-2017-8759-Exploit-samplehttps://github.com/vysec/CVE-2017-8759


  • [ Programming ]   JavaScript 工作原理:内存管理 + 如何处理 4 种常见内存泄漏:https://blog.sessionstack.com/how-javascript-works-memory-management-how-to-handle-4-common-memory-leaks-3f28b94cfbec


  • [ Tools ]  HandyCollaborator - 在手工测试时使用 Collaborator 工具的 Burp Suite 扩展 :

    https://techblog.mediaservice.net/2017/09/handy-collaborator-because-burp-suite-collaborator-is-useful-also-during-manual-testing/


  • [ Tools ]   上周推送过 FireEye 一篇监控 Windows Console 活动的 Blog,有位研究员根据 Blog 自己实现了一个工具:  

    https://github.com/EyeOfRa/WinConMon 


  • [ Vulnerability ]   LibOFX Tag 解析存在代码执行漏洞(CVE-2017-2816):https://blogs.cisco.com/security/talos/vulnerability-spotlight-libofx-tag-parsing-code-execution-vulnerability


  • [ Vulnerability ]   Jungo DriverWizard WinDriver 内核池溢出本地提权漏洞披露(CVE-2017-14344): 

    http://srcincite.io/advisories/src-2017-0027/


  • [ Web Security ]  利用 PHP Sessions 文件将 LFI 漏洞升级为 RCE:https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions


  • [ Windows ]  昨天微软的发布的补丁中,win32k!bFill MS16-098 整数溢出的漏洞又被补了一次: 

    https://twitter.com/saif_sherei/status/907859186670850048https://sensepost.com/blog/2017/exploiting-ms16-098-rgnobj-integer-overflow-on-windows-8.1-x64-bit-by-abusing-gdi-objects/


  • [ iOS ]  iOS也不安全?高危漏洞威胁近半果粉!: 

    https://paper.seebug.org/391/


  • [ Web Security ]  Use DNS Rebinding to Bypass SSRF in Java: 

    https://paper.seebug.org/390/


  • [ Linux ]  Linux 内核修复昨天推送的蓝牙 BlueBorne 攻击的补丁:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3


  • [ Tools ]  Linux Hacking Tools 收集: 

    http://pastebin.com/raw/qeHD8j92


  • [ Fuzzing ]  Breaking Ruby's Unmarshal with AFL-Fuzz:https://medium.com/fuzzstation/breaking-rubys-unmarshal-with-afl-fuzz-6b5f72b581d5


  • [ Industry News ]  全球至少 165 万台电脑被黑客用来挖矿:https://motherboard.vice.com/en_us/article/vb74j3/at-least-165-million-computers-are-mining-cryptocurrency-for-hackers-so-far-this-year


  • [ Windows ]  Windows 内核驱动 win32k!EPATHOBJ::pprFlattenRec 未初始化指针漏洞(CVE-2013-3130)的 Exploit: 

    https://www.exploit-db.com/exploits/25912/ https://www.exploit-db.com/exploits/25611/


  • [ Vulnerability ]  Fortinet 2015 年的一篇 Blog《Multi-COM Loading Methods Used In Targeted Attack》,这个 0Day 当时被俄罗斯间谍组织在野外使用(MS15-070/CVE-2015-2424):

    https://blog.fortinet.com/2015/09/01/multi-com-loading-methods-used-in-targeted-attack


  • [ iOS ]  Proteas Wang 在 Syscan360 2017 会议的演讲《Exploit iOS 9.x Userland with LLDB JIT》: 

    https://www.slideshare.net/Proteas_Wang/exploit-ios-9x-userland-with-lldb-jit


  • [ Attack ]  Evil Devices and Direct Memory Attacks(DMA),基于 DMA 攻击 macOS、Linux、Windows:

    https://github.com/ufrisk/presentations/blob/master/SEC-T-0x0Anniversary-Ulf-Frisk-Evil-Devices-and-Direct-Memory-Attacks.pdf


  • [ Attack ]  Ruby ERB 模板注入攻击: 

    https://www.trustedsec.com/2017/09/rubyerb-template-injection/


  • [ Industry News ]  软件开发环境被感染 导致“锋彩直播”app携带病毒: 

    https://mp.weixin.qq.com/s/BbFS8dgWwjAGIxCEA1TOAQ


  • [ IoTDevice ]  IoT设备固件分析教程之固件是怎么存储的:http://mp.weixin.qq.com/s/kANceRdTAocCRpkCB1lsjQ


  • [ Windows ]  绕过UAC系列之 SDCLT 的利用: 

    https://zhuanlan.zhihu.com/p/29325846


  • [ MalwareAnalysis ]  揭密小黑系列:SSL劫持木马的追踪溯源:http://www.freebuf.com/articles/network/147161.html


  • [ Browser ]  Firefox 57 将通过引入 HACL* 库支持 Verified cryptography:https://blog.mozilla.org/security/2017/09/13/verified-cryptography-firefox-57/


  • [ Industry News ]  针对医疗机构的安全诊断: 

    https://securelist.com/connected-medicine-and-its-diagnosis/81857/


* 搜索历史推送,请用 Google 以 site 关键词限定搜索,如: site:xuanwulab.github.io android fuzz

* 按天查看历史推送内容: https://xuanwulab.github.io/cn/secnews/2017/09/14/index.html

* 新浪微博账号: 腾讯玄武实验室(http://weibo.com/xuanwulab)