1月7日安全热点–hybrid-analysis追踪到的spectre POC

资讯类

360威胁情报中心：现代CPU中的预测执行和乱序执行相关机制漏洞通告

https://mp.weixin.qq.com/s/e_ASsDJAZ9m6wFTF865yXA

 

投机之殇——解说史上最大CPU漏洞

https://mp.weixin.qq.com/s?__biz=MzA3NTk5MDIzNw==&mid=2647665585&idx=1&sn=bd58e3327705a5ff11eb59a5965389fd

 

VMSA-2018-0001：VMware安全公告

https://www.vmware.com/security/advisories/VMSA-2018-0001.html

 

ESA-2018-001：Dell安全公告

受影响产品：

EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0
EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x
EMC Integrated Data Protection Appliance 2.0

CVE-2017-15548：认证绕过漏洞；CVE-2017-15549：任意文件上传漏洞；CVE-2017-15550：路径穿越漏洞

http://seclists.org/fulldisclosure/2018/Jan/17

 

Github网友说：”Spectre漏洞并没有修复，并不像Intel说的那样”

https://gist.github.com/woachk/2f86755260f2fee1baf71c90cd6533e9

 

Intel对于推测执行侧信道攻击漏洞的分析白皮书

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf

 

AMD片上芯片的安全漏洞

https://www.bleepingcomputer.com/news/security/security-flaw-in-amds-secure-chip-on-chip-processor-disclosed-online/

 

hybrid-analysis追踪到的spectre POC

https://www.hybrid-analysis.com/sample/e6021e3d74e007a8cac5be57729ffbd5c8cf075b788a926a3445fdca605c67f4?environmentId=100

hybrid-analysis检测spectre POC的规则

https://www.hybrid-analysis.com/search?query=tag:spectre

 

技术类

数百个感染了Coinhive挖矿代码的安卓app

http://cdn.androidapk.world/downloads/

CoinHive挖矿代码

https://gist.github.com/fs0c131y/fe7373761e8ea2793f38d26b7e75ce3c

Dropper app

https://www.virustotal.com/#/file/71440de9094c12f285cb37de8c29075bc1b784ef4c9aa6b4cd399fbf58cd1163/detection

 

使用Snort检测企业流量

https://green-m.github.io/2018/01/05/network-detection-with-snort-in-company/

 

漫画Meltdown and Spectre

https://xkcd.com/1938/

 

越狱的原理

https://blog.appknox.com/how-does-jailbreak-work/

 

CMSsc4n v2.0：用来判断某域下是否存在CMS，如WordPress, Moodle, Joomla, Drupal and Prestashop

https://www.kitploit.com/2018/01/cmssc4n-v20-tool-to-identify-if-domain.html

https://github.com/n4xh4ck5/CMSsc4n