每日安全动态推送

2015年12月30日 10:41 阅读 1179
  • PHR34K @ unpacker

    Spyware Android.Spywaller uses a legitimate firewall to thwart security software https://t.co/Mdg9Pb92KO

    "间谍软件 Android.Spywaller 使用 DroidWall 防火墙应用禁用 Qihoo 360 手机安全应用,来自 Symantect Blog: //t.cn/R4fJnvu"

  • Binni Shah @ binitamshah

    aws-shell : An integrated shell for working with the AWS CLI : https://t.co/IRY9CfWsd2 https://t.co/pr3c9tdgKC

    "aws-shell - AWS 命令行 Shell 工具 //t.cn/R4fJnPM //t.cn/R4L0Ixu"

  • patchguard @ patchguard retweets Joe Ingeno @ JoeIngeno

    Exploring the new .NET Command Line Interface (CLI) https://t.co/V69PGPqMip @ shanselman @ dotnet @ aspnet @ msdev

    "新 .NET 命令行接口 (CLI) //t.cn/R4fJnU2 "

  • the grugq @ thegrugq retweets Pascal Hartig @ passy

    When your antivirus actually installs trivially exploitable Chrome extensions, disabling the same origin policy.https://t.co/S4L6UFQEmT

    "AVG 杀软强制安装的 Chrome 扩展 Web TuneUP 存在多个严重漏洞,甚至破坏了同源策略(检测域名域名中是否包含 '.avg.com'),来自 Google Project Zero: //t.cn/R4V5tbp"

  • jsoo @ _jsoo_ retweets Ionut Popescu @ NytroRST

    Faster Windows Kernel debugging with Virtual Machines https://t.co/Mt4WTAkBvD

    "利用 VirtualKD 实现更快的内核调试,之前介绍过 VirtualKD (//virtualkd.sysprogs.org/), 下面这篇 Blog 介绍了 VirtualKD 支持的操作系统和虚拟机程序版本: //t.cn/R4fJnUC"

  • Jóseph Mlodzìanowskì @ cedoxX

    Def Con 23 - El Sherei And Stalmans - Extending Fuzzing Grammars To Exploit Code Paths ~ on security tube ~https://t.co/3SrjbNPa0w

    "Def Con 23 El Sherei 和 Stalmans 介绍他们基于语法和 W3C 规范的浏览器 Fuzzing, 视频: //t.cn/R4fJnUT"

  • Nicolas Krassas @ Dinosn

    An integer overflow in Firefox 43? [POC] https://t.co/ZVLwKX6z3p

    "Firefox 43 整数溢出 PoC: (Firefox 用户请不要点击!) //t.cn/R4fJn47"

  • Binni Shah @ binitamshah

    Perl Jam 2 - Exploiting all the Perl again : https://t.co/Hv3mfUDTF4 #32c3

    "Perl Jam 2 - 再次 Exploit Perl,来自 32C3 会议,作者今年主要是讲 Perl 内核本身的安全问题,尤其是引用算法部分,另外讲了如何攻击 Perl CGI 应用。 会议视频: //t.cn/R4fJn4K "

  • Binni Shah @ binitamshah

    Pash : Open-source PowerShell for Linux,Mac,phones : https://t.co/mknfNubBV0

    "Pash - PowerShell 开源实现版本,支持 Linux、Mac: //t.cn/R4VH9c7"

  • Binni Shah @ binitamshah

    Microsoft Has Your Encryption Key If You Use Windows 10 : https://t.co/qogqWvtekJ

    "如果你使用 Windows 10,那么微软有你的加密密钥: //t.cn/R4fAPLW"

  • Kafeine @ kafeine

    A ProxyBack (ET 2020089 : Htbot.B) infection vector is illustrated in the Otlard.A post https://t.co/Xy1fcn1K1Jhttps://t.co/7H0TTXxozC

    "对 Jahoo(Otlard.A) Botnet 样本的分析  //t.cn/RUeFni8 //t.cn/R4fJnb2"

  • Dino A. Dai Zovi @ dinodaizovi retweets hackaday @ hackaday

    Firmware attack on Mac thunderstrike talk by @ qrs at #32c3 https://t.co/vsg66sYs1p https://t.co/ti8Q6IykcB

    "32C3 会议上关于 MacBook 固件蠕虫 Thunderstrike2 的演讲视频: //t.cn/R4fJnBI //t.cn/R4fJn1e "

  • patchguard @ patchguard retweets Didier Stevens @ DidierStevens

    New blog post "SHA256 Code Signing and Microsoft" https://t.co/7A5LaV3OpY

    "Windows SHA256 代码签名与 'Mark of the Web': //t.cn/R4fJm6e"

  • ange @ angealbertini

    the life of MD5 v1 https://t.co/WUASKyz4oB

    "MD5 的一生 https://t.co/WUASKyz4oB "

  • .mario @ 0x6D6172696F

    Oh, looks like my Edge uXSS is finally fixed on all Win10 versions! Here is the PoC :D https://t.co/VbP3rGcCWS

    "Edge uXSS PoC, Win10 版本已经修复:  //t.cn/R4fJmOp"

  • Nikolaos Chrysaidos @ virqdroid

    Fingerprints On Mobile Devices: Abusing And Leaking - https://t.co/3LxzjpTDGz @ BlackHatEvents

    "BlackHat USA 2015 会议 Tao Wei 和 Yulong Zhang 讲的《手机指纹的滥用和隐私泄露》视频:  //t.cn/R4fJmOn"

  • Nicolas Krassas @ Dinosn

    ZDI-15-653: Adobe Flash Object hasOwnProperty Use-After-Free Remote Code Execution Vulnerabilityhttps://t.co/uhsIaf3zOz

    "Adobe Flash Object hasOwnProperty UAF RCE(CVE-2015-8649), ZDI 公告: //t.cn/R4fJmW2"

  • Palo Alto Networks @ PaloAltoNtwks

    2016 predictions from Palo Alto Networks experts: What's in store for #cybersecurity? https://t.co/4eqMAu8UtF

    "Palo Alto 2016 网络安全预测, Blog: //t.cn/R4fJmWx"

  • Nicolas Krassas @ Dinosn

    Yahoo RSS Reader XXE Vulnerability (CFAJAX) https://t.co/jd4RNRL4js

    "Yahoo RSS 阅读器 CFAJAX 模块存在任意代码执行漏洞: //t.cn/R4fJmWj"

  • TrendLabs @ TrendLabs

    Using the past to gain perspective on the future: https://t.co/AJxcvgbWhU

    "通过过去看将来 - 趋势科技 2016 预测报告,共 10 页 Slides : //t.cn/R4fJmlv"

  • patchguard @ patchguard retweets Sanjoy Das @ SCombinator

    New post: a problem with LLVM's undef https://t.co/qSeQRK977q

    "LLVM 中 undef 的一个问题: //t.cn/R4fJmlq "

  • Arrigo Triulzi @ cynicalsecurity retweets Teddy Reed @ teddyreedv

    Anyone doing Apple SMC research? Here's a fledgling fuzzer: https://t.co/D9tds4ge90 interesting finds are insta-halt and 'hidden' keys

    "smc-fuzzer - Apple 系统管理控制器 API Fuzzer: //t.cn/R4fJmlK "

  • Palo Alto Networks @ PaloAltoNtwks

    #Unit42 shares tips on how to use IDAPython to make your life easier. Read Part 1: https://t.co/PH7YnfIFpD @ jgrunzweig @ Unit42_Intel

    "IDAPython 让你的生活更轻松 Part 1: //t.cn/R4fJmlR"

  • Matt Oh @ ohjeongwook retweets Heike Ritter @ HeikeRitter

    Just published a new Threat Intelligence Report. This month: Exploits https://t.co/UCB0hAyoBZ #infosec #securityhttps://t.co/fG15JCIBHK

    "微软 12 月份的威胁情报报告 - Exploits //t.cn/R4fJmYk //t.cn/R4fxm1x "

今天的 °每日安全动态推送 :趋势科技 2016 预测报告;Yahoo RSS 阅读器 CFAJAX 模块任意代码执行漏洞;AVG 杀软强制安装的 Chrome 扩展 Web TuneUP 存在多个严重漏洞;Firefox 43 整数溢出 PoC;IDAPython 让你的生活更轻松;微软 12 月份的威胁情报报告;Apple SMC(系统管理控制器) API Fuzzer ​​​​

http://xlab.tencent.com