热点概要:ATM恶意软件正在暗网市场上销售、Wrapping the Converter within Foxit Reader 、macOS键盘记录器、Apple iOS 10.2 (14C92)远程代码执行漏洞、危险的Pickles模块:恶意的Python反序列化可实现RCE、
国内热词(以下内容部分来自:http://www.solidot.org/ )
卡巴斯基发现了一个正被利用的 Flash 0day 漏洞
已知的 KRACK Wi-Fi 漏洞修复名单
资讯类:
暗网出售“排骨制造机”可轻松清空ATM机
台湾远东国际银行被盗事件疑跟朝鲜黑客有关
http://www.securityweek.com/taiwan-bank-heist-linked-north-korean-hackers
技术类:
从陷阱到Hunting:智能分析异常检测网络妥协
https://www.lastline.com/labsblog/detect-network-compromises/
介绍Miscreant:多语言滥用加密库
https://tonyarcieri.com/introducing-miscreant-a-multi-language-misuse-resistant-encryption-library
Untangling Exotic Architectures with Binary Ninja
https://blog.ret2.io/2017/10/17/untangling-exotic-architectures-with-binary-ninja/
Wrapping the Converter within Foxit Reader
https://www.zerodayinitiative.com/blog/2017/10/17/wrapping-the-converter-within-foxit-reader
许多斯巴鲁汽车的钥匙扣中的滚动码存在安全问题
http://seclists.org/fulldisclosure/2017/Oct/27
ida_ea:A set of exploitation/reversing aids for IDA
https://github.com/1111joe1111/ida_ea
危险的Pickles模块:恶意的Python反序列化可实现RCE
https://intoli.com/blog/dangerous-pickles/
ATM恶意软件正在暗网市场上销售
https://securelist.com/atm-malware-is-being-sold-on-darknet-market/81871/
Apple iOS 10.2 (14C92) – Remote Code Execution
https://www.exploit-db.com/exploits/42996/
macOS Keylogger