【知识】4月21日 - 每日安全知识热点

360安全客 安全资讯 52614 4

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:挂马新招:全程纯Flash文件挂马传播勒索软件技术揭秘Jackson框架Java反序列化远程代码执行漏洞技术分析与防护方案通过APC实现Dll注入——绕过Sysmon监控在Microsoft Edge中实现DOM树神奇的Content-Type:影响所有版本的IE滥用NVIDIA's node.js绕过程序的白名单Safari Browser: Memory corruption in Array concat

国内热词(以下内容部分摘自http://www.solidot.org/):

被用于传播 Stuxnet 的 Windows 漏洞仍然被广泛利用

海盗湾联合创始人发布匿名域名注册服务

Bose 耳机被控秘密收集用户数据

资讯类:

NIST网络安全框架对日益紧张的网络安全环境有重要的作用

http://securityaffairs.co/wordpress/58163/laws-and-regulations/nist-cybersecurity-framework-2.html

几十种Linksys Wi-Fi路由器易受多个漏洞的影响

http://thehackernews.com/2017/04/linksys-router-hacking.html

技术类:

挂马新招:全程纯Flash文件挂马传播勒索软件技术揭秘

http://bobao.360.cn/learning/detail/3752.html

Lastpass 2FA实施中的设计缺陷

http://www.martinvigo.com/design-flaws-lastpass-2fa-implementation/

Jackson框架Java反序列化远程代码执行漏洞技术分析与防护方案

http://blog.nsfocus.net/jackson-framework-java-vulnerability-analysis/

禅道826版本一定条件下的getshell和注入

http://ecma.io/?p=683 

http://ecma.io/?p=691

BeFF浏览器漏洞利用框架

https://crowdshield.com/blog.php?name=man-in-the-browser-advanced-client-side-exploitation-using-beef

SSL & TLS 安全测试

https://www.aptive.co.uk/blog/tls-ssl-security-testing/

[CVE-2015-7547]GLIBC GETADDRINFO栈溢出漏洞

http://www.whereisk0shl.top/post/2017-04-20

浅说Source Insight 4.0.0085版的黑名单

http://scz.617.cn/misc/201704201657.txt

phpcms任意文件下载

http://www.91ri.org/16956.html

通过APC实现Dll注入——绕过Sysmon监控

http://www.4hou.com/technology/4393.html

Android安全编码

http://www.jssec.org/dl/android_securecoding_en.pdf

Facebook的又一个跨站点请求伪造漏洞

http://blog.intothesymmetry.com/2017/04/meh-csrf-in-facbook-delegated-account.html

Chrome的一个web数据包测试扩展程序

https://github.com/google/tamperchrome

神奇的Content-Type:影响所有版本的IE

https://jankopecky.net/index.php/2017/04/18/0day-textplain-considered-harmful/

滥用公司网络邮件进行C&C和exfiltration

https://www.securityartwork.es/2017/04/20/abusing-corporate-webmail-for-cc-and-exfiltration/

滥用NVIDIA's node.js绕过程序的白名单

http://blog.sec-consult.com/2017/04/application-whitelisting-application.html

在Microsoft Edge中实现DOM树

https://blogs.windows.com/msedgedev/2017/04/19/modernizing-dom-tree-microsoft-edge/

Cardinal RAT活跃超过两年了

http://researchcenter.paloaltonetworks.com/2017/04/unit42-cardinal-rat-active-two-years/

WMI 武器化第6部分

https://blog.netspi.com/getting-started-wmi-weaponization-part-6/

我是如何发现 Trend Micro软件100多RCE

http://conference.hitb.org/hitbsecconf2017ams/materials/D1T1%20-%20Steven%20Seeley%20and%20Roberto%20Suggi%20Liverani%20-%20I%20Got%2099%20Trends%20and%20a%20%23%20Is%20All%20Of%20Them.pdf

Safari Browser: Memory corruption in Array concat

https://bugs.chromium.org/p/project-zero/issues/detail?id=1095

无文件恶意软件的发展过程

https://zeltser.com/fileless-malware-beyond-buzzword/

利用机器学习实时对抗Java恶意软件

https://blogs.technet.microsoft.com/mmpc/2017/04/20/combating-a-wave-of-java-malware-with-machine-learning-in-real-time/

CVE-2017-7692: Squirrelmail 1.4.22远程代码执行

http://www.openwall.com/lists/oss-security/2017/04/19/7

(完)