漏洞概要

缺陷编号:
暂无

漏洞标题:
【知识】10月11日 – 每日安全知识热点

提交时间:
2017-10-11 10:35:49

危害等级:

相关厂商:

漏洞分类:
安全文章

关注度:
共 18 人关注

漏洞详情

【知识】10月11日 – 每日安全知识热点

2017-10-11 10:35:49

阅读:7521次
点赞(0)
收藏
来源: 安全客

作者:童话


<!–
分享到:







–>

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:rubygems.org远程代码执行漏洞、一加手机的OxygenOS被指收集用户信息、朝鲜和伊朗使用CodeProject来开发恶意软件、Windows DNS客户端存在多个堆缓冲区溢出漏洞、Acunetix安全加固指南 、sqliv:批量SQL注入漏洞扫描工具、CVE-2017-11826:新的Office 0day被曝在野外利用

国内热词(以下内容部分来自:http://www.solidot.org/ )


一加的OxygenOS会跟踪用户的所有活动

资讯类:


小而强大的ATMii能让Win 7和Vista系统的ATM机吐钞

https://www.bleepingcomputer.com/news/security/atmii-malware-makes-windows-7-and-windows-vista-atms-spit-out-cash/ 

技术类:


rubygems.org远程代码执行漏洞

https://justi.cz/security/2017/10/07/rubygems-org-rce.html 

一加手机的OxygenOS被指收集用户信息

https://www.chrisdcmoore.co.uk/post/oneplus-analytics/ 

朝鲜和伊朗使用CodeProject来开发恶意软件

http://www.intezer.com/north-korea-iran-use-codeproject-develop-malware/ 

使用Sysmon进行Threat Hunting:检测启用宏的Word文档

http://syspanda.com/index.php/2017/10/10/threat-hunting-sysmon-word-document-macro/ 

iOS隐私:steal.password – 轻松获取用户的Apple ID密码,只需要通过钓鱼的方式

https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking 

Front-running Bancor in 150 lines of Python with Ethereum API

https://hackernoon.com/front-running-bancor-in-150-lines-of-python-with-ethereum-api-d5e2bfd0d798 

使用osquery跟踪被盗的代码签名证书

https://blog.trailofbits.com/2017/10/10/tracking-a-stolen-code-signing-certificate-with-osquery/ 

Windows DNS客户端存在多个堆缓冲区溢出漏洞

https://www.bishopfox.com/blog/2017/10/a-bug-has-no-name-multiple-heap-buffer-overflows-in-the-windows-dns-client/ 

Fake Crypto: Microsoft Outlook S/MIME Cleartext Disclosure (CVE-2017-11776)

https://www.sec-consult.com/en/blog/2017/10/fake-crypto-microsoft-outlook-smime-cleartext-disclosure-cve-2017-11776/index.html 

社会工程学攻击和Whatsapp的故事

https://robertheaton.com/2016/10/22/a-tale-of-love-betrayal-social-engineering-and-whatsapp/ 

Acunetix安全加固指南 

https://www.acunetix.com/blog/docs/acunetix-security-hardening-guide/ 

微软 Office Word 无宏命令执行漏洞

https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/ 

New Office 0day (CVE-2017-11826) Exploited in the Wild

http://360coresec.blogspot.com/2017/10/new-office-0day-cve-2017-11826.html 

LTR101:CloudFront域接管/劫持

https://blog.zsec.uk/subdomainhijack/ 

Metasploit Module for Tomcat JSP Upload via PUT Bypass (CVE-2017-12615)

https://www.peew.pw/blog/2017/10/9/new-vulnerability-same-old-tomcat-cve-2017-12615 

poet:一款后渗透工具

https://n0where.net/poet-simple-post-exploitation/ 

The Absurdly Underestimated Dangers of CSV Injection 

http://georgemauer.net/2017/10/07/csv-injection.html 

sqliv:批量SQL注入漏洞扫描工具

https://github.com/Hadesy2k/sqliv 

New NIST and DHS Standards Get Ready to Tackle BGP Hijacks

https://www.bleepingcomputer.com/news/technology/new-nist-and-dhs-standards-get-ready-to-tackle-bgp-hijacks/ 

Pin Visual Coverage Tool for Binary Ninja 

http://www.chokepoint.net/2017/10/pin-visual-coverage-tool-for-binary.html 

Stack  Overflow  Considered  Harmful The Impact of Copy&Paste on Android Application Security

https://arxiv.org/pdf/1710.03135.pdf 

Exploring OpenVMS from “unsecure” NFS mount on linux

https://astr0baby.wordpress.com/2017/10/09/exploring-openvms-from-unsecure-nfs-mount-on-linux/ 

FrozenCell: Multi-platform surveillance campaign against Palestinians

https://blog.lookout.com/frozencell-mobile-threat 

Run IDA Pro disassembler in Docker containers for automating, scaling and distributing the use of IDAPython scripts. 

https://github.com/intezer/docker-ida 

Big Data Visual Analytics: Aperture Tiles

https://n0where.net/big-data-visual-analytics/ 


本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4524.html

发表评论

电子邮件地址不会被公开。 必填项已用*标注