XuanwuLab Security Daily News Push – 2019-02-14 | xxxXuanwuLab Security Daily News Push – 2019-02-14 – xxx
菜单






XuanwuLab Security Daily News Push – 2019-02-14

二月 14, 2019 - 玄武实验室

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

Previous

2019/02/14

Next

[�Android�]��Android�fdget()�优化导致的�binder�UAF�漏洞(CVE-2019-2000)�: https://bugs.chromium.org/p/project-zero/issues/detail?id=1719

[�Android�]���Adnroid�reclaim�和�munmap�之间的条件竞争导致的�VMA�binder�UAF�漏洞(CVE-2019-1999): https://bugs.chromium.org/p/project-zero/issues/detail?id=1721

[�Browser�]��Chakra JIT 中的类型混淆漏洞(CVE-2019-0539)分析: https://perception-point.io/resources/research/cve-2019-0539-root-cause-analysis/

[�Browser�]��Chakra 2019 年 2 月安全更新详情: https://github.com/Microsoft/ChakraCore/pull/5936

[�Defend�]��使用 SPIRE 自动分发 TLS 证书以进行更安全的身份验证: https://blog.envoyproxy.io/using-spire-to-automatically-deliver-tls-certificates-to-envoy-for-stronger-authentication-be5606ac9c75

[�Hardware�]��Intel CPU 内部阻抗测量指南: http://www.keenlit.com/wp-content/uploads/2018/03/IFDIM-BKM-1.pdf

[�IoTDevice�]��以家庭路由为例讲解 IoT 逆向工程: http://va.ler.io/myfiles/dva/iot-rev-engineering.pdf

[�Malware�]��委内瑞拉关于人道主义援助运动的伪造域名钓鱼活动分析: https://securelist.com/dns-manipulation-in-venezuela/89592/

[�Malware�]���通过替换关键命令诱捕入侵者的 Python 脚本: https://twitter.com/JusticeRage/status/1095655920846204928

[�MalwareAnalysis�]��对 Lazarus 下载者的简要分析: https://medium.com/emptyregisters/lazarus-downloader-brief-analy-17875f342d96

[�Popular Software�]���WordPress “Simple Social Button” 插件曝严重漏洞可导致站点被完全控制: https://threatpost.com/wordpress-plugin-flaw-website-takeover/141746/

[�Tools�]��SharpShooter v2.0 发布,关于本次更新的功能介绍: https://www.mdsec.co.uk/2019/02/macros-and-more-with-sharpshooter-v2-0/

[�Web Security�]��绕过 Facebook CSRF 保护并进一步接管帐户: https://ysamm.com/?p=185

[�WirelessSecurity�]��使用 Bettercap 结合 PMKID 手法攻击 WPA/WPA2 网络: https://www.evilsocket.net/2019/02/13/Pwning-WiFi-networks-with-bettercap-and-the-PMKID-client-less-attack/

[�APT�]��分析 APT28 Zebrocy Delphi 加载器/后门变种: v6.02 -> v7.00: https://www.vkremez.com/2018/12/lets-learn-dissecting-apt28-zebrocy.html

[�Exploit�]��WebKit 漏洞利用教程 : https://www.auxy.xyz/tutorial/Webkit-Exp-Tutorial/

[�Popular Software�]��Oracle EBS 无需认证的 Blind SSRF 漏洞详情披露(CVE-2018-3167): https://medium.com/@x41x41x41/unauthenticated-ssrf-in-oracle-ebs-765bd789a145

[�Vulnerability�]��Bank Muamalat 的 SQL 注入漏洞披露: https://medium.com/@liontin/sql-injection-web-bank-muamalat-2beeaf845dc7

Previous

2019/02/14

Next








Notice: Undefined variable: canUpdate in /var/www/html/wordpress/wp-content/plugins/wp-autopost-pro/wp-autopost-function.php on line 51