【知识】11月15日 - 每日安全知识热点

360安全客 安全知识 87816 4

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:一加手机被发现“疑似后门”的app、微软的补丁修复日修复了53个安全问题、利用雅虎的小型商业平台的目录遍历漏洞可查看客户信用卡信息、卡巴斯基发布2017 Q3的APT活动趋势Linux rootkit for Ubuntu 16.04 and 10.04D-Link DIR-850L未认证的命令执行、Google Play上又发现安卓木马


资讯类:

一加手机被发现“疑似后门”的app

(twitter网友发现一加手机2,3,5预装了叫作EngineeringMode中文版名为“工程模式”疑似为一加留下的后门,随后发现其他高通手机也有这个预装app,高通没有发表评论,随后一加在官方论坛回应称这个app“不是严重的问题”,但为了避免用户的担心,会在下次一加OTA升级中移除这个app

https://p1.ssl.qhimg.com/t0114663cb1242f37e2.png

https://thehackernews.com/2017/11/oneplus-root-exploit.html 

https://www.nowsecure.com/blog/2017/11/14/oneplus-device-root-exploit-backdoor-engineermode-app-diagnostics-mode/ 

https://www.wired.com/story/oneplus-phones-have-an-unfortunate-backdoor-built-in/ 

https://www.androidcentral.com/oneplus-backdoor-what-it-what-it-isnt-and-what-you-need-know 

https://forums.oneplus.net/threads/what-is-engineermode.680377/ 


微软的补丁修复日修复了53个安全问题

https://www.bleepingcomputer.com/news/microsoft/microsoft-november-patch-tuesday-fixes-53-security-issues/ 

对Adobe和微软漏洞补丁的回顾

https://www.zerodayinitiative.com/blog/2017/11/14/the-november-2017-security-update-review 

思科talos团队对微软漏洞补丁的回顾

http://blog.talosintelligence.com/2017/11/ms-tuesday.html 


卡巴斯基发布2017 Q3的APT活动趋势

https://securelist.com/apt-trends-report-q3-2017/83162/ 


Tor浏览器v7.0.10发布

https://malwaretips.com/threads/tor-browser-v7-0-10-released.77263/ 

技术类:

利用雅虎的小型商业平台的目录遍历漏洞可查看客户信用卡信息

https://bugbountyforum.com/blog/security/exploiting-directory-traversal-on-yahoo/ 

Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32)

https://github.com/nurupo/rootkit 

利用CVE-2017-0199的恶意文件"Iranian Orrder inquiry.doc"和"Order from Iran and company profile.doc"

https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc/edit#heading=h.fffyxb2c7ncs 

内存损坏漏洞:CVE-2017-11882:影响所有微软Windows版本的所有Office版本(32位和64位),不需要与用户进行交互

https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about 

Formidable Forms SQL injection, stored XSS, RCE via iThemes Sync, etc. 

https://klikki.fi/adv/formidable.html 

Cr3dOv3r:a tool to test for credential re-use

https://github.com/D4Vinci/Cr3dOv3r 

BSidesTO 2017 presentation Lee Kagan (@InvokeThreatGuy) 和Anton Ovrutsky (@antonlovesdnb)的PPT

https://github.com/invokethreatguy/BSidesTO2017 

CTF Write-up: LazySyadmin @ Vulnhub

https://www.peerlyst.com/posts/ctf-write-up-lazysyadmin-vulnhub-ben-berkowitz 

D-Link DIR-850L未认证的命令执行

https://cxsecurity.com/issue/WLB-2017110078 

Google Play上又发现安卓木马

https://blog.malwarebytes.com/cybercrime/2017/11/new-trojan-malware-discovered-google-play/ 

如何移除Emotet

https://blog.minerva-labs.com/emotet-goes-more-evasive 

(完)