Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

【知识】10月11日 - 每日安全知识热点

0
0
【知识】10月11日 - 每日安全知识热点

2017-10-11 10:35:49

阅读:226次
点赞(0)
收藏
来源: 安全客





【知识】10月11日 - 每日安全知识热点

作者:童话





【知识】10月11日 - 每日安全知识热点

热点概要:rubygems.org远程代码执行漏洞、一加手机的OxygenOS被指收集用户信息、朝鲜和伊朗使用CodeProject来开发恶意软件、windows DNS客户端存在多个堆缓冲区溢出漏洞、Acunetix安全加固指南 、sqliv:批量SQL注入漏洞扫描工具、CVE-2017-11826:新的Office 0day被曝在野外利用


国内热词(以下内容部分来自:http://www.solidot.org/)

一加的OxygenOS会跟踪用户的所有活动


资讯类:

小而强大的ATMii能让Win 7和Vista系统的ATM机吐钞

https://www.bleepingcomputer.com/news/security/atmii-malware-makes-windows-7-and-windows-vista-atms-spit-out-cash/


技术类:
rubygems.org远程代码执行漏洞

https://justi.cz/security/2017/10/07/rubygems-org-rce.html


一加手机的OxygenOS被指收集用户信息

https://www.chrisdcmoore.co.uk/post/oneplus-analytics/


朝鲜和伊朗使用CodeProject来开发恶意软件

http://www.intezer.com/north-korea-iran-use-codeproject-develop-malware/


使用Sysmon进行Threat Hunting:检测启用宏的Word文档

http://syspanda.com/index.php/2017/10/10/threat-hunting-sysmon-word-document-macro/


iOS隐私:steal.password - 轻松获取用户的Apple ID密码,只需要通过钓鱼的方式

https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking


Front-running Bancor in 150 lines of python with Ethereum API

https://hackernoon.com/front-running-bancor-in-150-lines-of-python-with-ethereum-api-d5e2bfd0d798


使用osquery跟踪被盗的代码签名证书

https://blog.trailofbits.com/2017/10/10/tracking-a-stolen-code-signing-certificate-with-osquery/


Windows DNS客户端存在多个堆缓冲区溢出漏洞

https://www.bishopfox.com/blog/2017/10/a-bug-has-no-name-multiple-heap-buffer-overflows-in-the-windows-dns-client/


Fake Crypto: Microsoft Outlook S/MIME Cleartext Disclosure (CVE-2017-11776)

https://www.sec-consult.com/en/blog/2017/10/fake-crypto-microsoft-outlook-smime-cleartext-disclosure-cve-2017-11776/index.html


社会工程学攻击和Whatsapp的故事

https://robertheaton.com/2016/10/22/a-tale-of-love-betrayal-social-engineering-and-whatsapp/


Acunetix安全加固指南

https://www.acunetix.com/blog/docs/acunetix-security-hardening-guide/


微软 Office Word 无宏命令执行漏洞

https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/


New Office 0day (CVE-2017-11826) Exploited in the Wild

http://360coresec.blogspot.com/2017/10/new-office-0day-cve-2017-11826.html


LTR101:CloudFront域接管/劫持

https://blog.zsec.uk/subdomainhijack/


Metasploit Module for Tomcat JSP Upload via PUT Bypass (CVE-2017-12615)

https://www.peew.pw/blog/2017/10/9/new-vulnerability-same-old-tomcat-cve-2017-12615


poet:一款后渗透工具

https://n0where.net/poet-simple-post-exploitation/


The Absurdly Underestimated Dangers of CSV Injection

http://georgemauer.net/2017/10/07/csv-injection.html


sqliv:批量SQL注入漏洞扫描工具

https://github.com/Hadesy2k/sqliv


New NIST and DHS Standards Get Ready to Tackle BGP Hijacks

https://www.bleepingcomputer.com/news/technology/new-nist-and-dhs-standards-get-ready-to-tackle-bgp-hijacks/


Pin Visual Coverage Tool for Binary Ninja

http://www.chokepoint.net/2017/10/pin-visual-coverage-tool-for-binary.html


Stack Overflow Considered Harmful The Impact of Copy&Paste on Android Application Security

https://arxiv.org/pdf/1710.03135.pdf


Exploring OpenVMS from “unsecure” NFS mount on linux

https://astr0baby.wordpress.com/2017/10/09/exploring-openvms-from-unsecure-nfs-mount-on-linux/


FrozenCell: Multi-platform surveillance campaign against Palestinians

https://blog.lookout.com/frozencell-mobile-threat


Run IDA Pro disassembler in Docker containers for automating, scaling and distributing the use of IDAPython scripts.

https://github.com/intezer/docker-ida


Big Data Visual Analytics: Aperture Tiles

https://n0where.net/big-data-visual-analytics/



【知识】10月11日 - 每日安全知识热点
【知识】10月11日 - 每日安全知识热点
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4524.html

Viewing all articles
Browse latest Browse all 12749