【知识】3月7日 - 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:S2-045:远程代码执行漏洞滥用协议加载本地文件,导致绕过HTML5沙箱,打开弹出窗口等高危操作逆向Samsung S6 SBOOT – part1一行行分析恶意的Powershell Exploit揭秘powershell攻击[pdf]

国内热词(以下内容部分摘自http://www.solidot.org/):


Nintendo Switch 运行 FreeBSD 内核

手机漫游费 10 月 1 日起取消

深圳公司生产的物联网设备被发现后门

资讯类:


垃圾邮件组织RCM泄漏了14亿用户记录,包括真实姓名,用户IP地址以及物理地址

http://thehackernews.com/2017/03/email-marketing-database.html

黑客在暗网上售卖超过1百万的gmail和雅虎解密后的密码

http://thehackernews.com/2017/03/gmail-yahoo-password-hack.html

技术类:


S2-045:远程代码执行漏洞

https://cwiki.apache.org/confluence/display/WW/S2-045

滥用协议加载本地文件,导致绕过HTML5沙箱,打开弹出窗口等高危操作

http://www.brokenbrowser.com/abusing-of-protocols/

hacking 西部数据 MyCloud NAS

https://blog.exploitee.rs/2017/hacking_wd_mycloud/

WordPress 4.7.3 发布,修复多个xss、csrf和管理员插件删除非预期文件漏洞

https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/

vBulletin恶意插入广告分析

https://blog.sucuri.net/2017/03/vbulletin-used-show-malicious-advertisements.html

逆向Samsung S6 SBOOT – part1

http://blog.quarkslab.com/reverse-engineering-samsung-s6-sboot-part-i.html

野外发现的运用了AtomBombing隐式代码注入的DridexV4恶意软件

https://www.endgame.com/blog/dropping-atombombs-detecting-dridexv4-wild

Mirai事件的再分析

https://insights.sei.cmu.edu/sei_blog/2017/03/powered-by-mirai.html

一行行分析恶意的Powershell Exploit

https://www.invincea.com/2017/03/powershell-exploit-analyzed-line-by-line/

探索win10上 windows内核shellcode-part2

https://improsec.com/blog//windows-kernel-shellcode-on-windows-10-part-2

JSShell:一个基于python的交互式shell

https://github.com/Den1al/JSShell/

WordPress Hacks: functions.php后门分析

https://www.polaris64.net/blog/cyber-security/2017/wordpress-hacks-functions-php-backdoors

揭秘powershell攻击[pdf]

https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/increased-use-of-powershell-in-attacks-16-en.pdf

rooted  2017 talk

https://github.com/skuater/rooted2k17

Ponemon Institute的《威胁情报的价值:北美和英国公司的研究报告》

http://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&mid=2247484109&idx=1&sn=56b5d16517082096e982d7d823b87c8e&scene=0

为什么要用BLAKE2替换SHA-1?

https://research.kudelskisecurity.com/2017/03/06/why-replace-sha-1-with-blake2/

WordPress Multiple Plugins – Remote File Upload

https://cxsecurity.com/issue/WLB-2017030065

(完)