11月30日 - 每日安全知识热点

资讯类

苹果已发布macOS High Sierra 10.13.1创建root用户漏洞的补丁,建议用户赶紧升级!

Apple closes that big root hole – “Install this update as soon as possible”

https://support.apple.com/en-us/HT208315

malwarebytes对此漏洞的介绍

Serious macOS vulnerability exposes the root user

objective-see对此漏洞进行源码级别的分析

https://objective-see.com/blog/blog_0x24.html

 

浏览器被关闭后挖矿脚本竟然还在运行!

How the hidden window cryptojacking attack works
https://www.bleepingcomputer.com/news/security/cryptojacking-script-continues-to-operate-after-users-close-their-browser/

 

技术类

malwarebytes对持久型浏览器挖矿脚本(关闭浏览器之后挖矿还在进行)的分析

Persistent drive-by cryptomining coming to a browser near you

 

巴西的WannaPeace勒索软件样本,该样本只会加密C://testes 目录
https://twitter.com/malwrhunterteam/status/935847705510924288
https://www.virustotal.com/en/file/653bc2b16b1624e045c1225810185e9aa3694dc378fe0095e2052b7f1e265d01/analysis/1511955717/

 

新的网页浏览安全工具:DNS over TLS

https://news.hitb.org/content/new-web-browsing-security-tool-arrives-dns-over-tls

 

使用Shodan的ssh公钥扫描器
https://github.com/0x27/ssh_keyscanner

 

Win32k NtUserOpenDesktop拒绝服务漏洞(9200-17046)
https://gist.github.com/hfiref0x/6e726b352da7642fc5b84bf6ebce0007

 

Ursnif变种使用thread local storage(TLS)callbacks进行进程注入
https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tls-callback-technique.html

 

Cisco Talos的研究员分析了最新版本的ROKRAT
http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html

 

exploit-db的官方github仓库

https://github.com/offensive-security/exploit-database

 

Linux平台systemd漏洞导致的拒绝服务

http://blog.trendmicro.com/trendlabs-security-intelligence/systemd-vulnerability-leads-to-denial-of-service-on-linux/

 

利用frida的新型Arm64Writer API来构建内存中的反向TCP shell

https://versprite.com/og/frida-engage-part2/index.html

 

pfSense 2.3.1_1 远程命令执行

https://cxsecurity.com/issue/WLB-2017110154

 

盘点2017年WordPress插件的漏洞
https://blog.ripstech.com/2017/wordpress-plugin-vulnerabilities-static-analysis/

 

WordPress Plugin Code Scanner
http://www.kitploit.com/2017/11/wpsploit-wordpress-plugin-code-scanner.html
https://github.com/m4ll0k/WPSploit

 

Email是如何运转的


https://twitter.com/brutelogic/status/935860998644301835

(完)