11月29日 - 每日安全知识热点

资讯类

Google发现新的安卓Tizi间谍软件窃取社交账号敏感信息,截屏,录音等

(从Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram等社交软件中窃取数据,在用户不知情状态截屏,录音等)

https://www.bleepingcomputer.com/news/security/google-discovers-new-tizi-android-spyware/

https://thehackernews.com/2017/11/android-spying-app.html

 

macOS High Sierra(版本10.13)无需密码即可创建root用户,可导致后续通过这个root账号远程登录

https://www.bleepingcomputer.com/news/apple/macos-bug-lets-you-create-a-root-account-by-repeatedly-pressing-a-button/

https://news.hitb.org/content/apple-says-fix-incoming-macos-high-sierra-root-access-bug

https://apple.insidercdn.com/gallery/23816-30517-23815-30506-Screen-Shot-2017-11-28-at-210527-l-l.jpg

https://twitter.com/coryzibell/status/935616036380053505

远程登录的演示视频:

https://gfycat.com/gifs/detail/SentimentalNaiveAntelopegroundsquirrel

苹果回应称:“我们正在努力更新这个软件,解决这个bug”

临时的快速解决方案

https://nakedsecurity.sophos.com/2017/11/28/apple-macs-have-gaping-root-hole-heres-a-superquick-way-to-check-and-fix-it/

 

Bitcoin Gold(BTG)官方的Windows Wallet App被替换,恶意行为未知

(由于Bitcoin Gold的官网并没有其官方wallet app的安装程序,而是将其安装程序放到了Github上。而有人访问了其Github账户然后将这个Windows的安装程序替换成了一个“可疑”的文件。BTG团队在上周末检查文件的时候,发现Github上的那个安装文件与他们之前放的SHA256值不一样,这才发现出了问题。

BTG的合法bitcoingold-0.15.0-win64-setup.exe文件的SHA256值为 53e01dd7366e87fb920645b29541f8487f6f9eec233cbb43032c60c0398fc9fa

https://www.bleepingcomputer.com/news/security/psa-bitcoin-gold-btg-official-windows-wallet-app-might-have-been-compromised/

http://p1.qhimg.com/t0132a9214b24eb551d.png

 

安卓Gmail app < 7.11.5.176568039目录遍历漏洞详情

https://bugs.chromium.org/p/project-zero/issues/detail?id=1342

漏洞PoC

https://cxsecurity.com/issue/WLB-2017110153

 

OSX.CpuMeaner:macOS平台的新的挖矿木马

https://www.sentinelone.com/blog/osx-cpumeaner-miner-trojan-software-pirates/

 

卡巴斯基安全公告——2017年的故事

https://securelist.com/ksb-story-of-the-year-2017/83290/

 

技术类

CVE-2015-3864漏洞利用分析(exploit_from_google)

https://jinyu00.github.io/2017/11/21/cve_2015_3864_google_exploit.html

 

目标东亚的远控木马UBoatRAT

https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/

 

Symantec Encryption Desktop本地提权漏洞

https://labs.nettitude.com/blog/symantec-encryption-desktop-local-privilege-escalation-exploiting-an-arbitrary-hard-disk-read-write-vulnerability-over-ntfs/

 

免费简单高效的在线pcap分析平台

https://packettotal.com/

 

简单易用的Linux在线取证工具箱

https://github.com/intezer/linux-explorer

 

domain_analyzer:通过查找所有可能的信息来分析任何域的安全性

https://github.com/eldraco/domain_analyzer

 

使用DNS在AWS云环境中突破隔离网络

https://dejandayoff.com/using-dns-to-break-out-of-isolated-networks-in-a-aws-cloud-environment/

 

​有助于搜集Windows威胁情报的PowerShell工具集

https://github.com/DLACERT/ThreatHunting

 

提取LinkedIn人之间关系的工具
https://github.com/eth0izzle/the-endorser

(完)