【知识】9月20日 - 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:Google 呼吁警惕政府支持的黑客攻击、打印机安全详解、CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP、CVE-2017-3085:在远程沙箱中运行,Adobe Flash Windows用户凭据泄漏漏洞、Active Directory访问控制列表、浏览器安全白皮书、常见的WiFi攻击及检测方法、The PYPI Python Package Hack、Microsoft Edge: 内存损坏与部分页面加载漏洞

国内热词(以下内容部分来自:http://www.solidot.org/ )

Google 呼吁警惕政府支持的黑客攻击

Equifax 今年三月就遭到过一次入侵

资讯类:

CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP

http://www.openwall.com/lists/oss-security/2017/09/19/1 

技术类:

新的Android木马针对60多家银行和社交应用程序

https://clientsidedetection.com/new_android_trojan_targeting_over_60_banks_and_social_apps.html 

打印机安全详解

https://0x00sec.org/t/an-introduction-to-printer-exploitation-1/3565/1 

CVE-2017-3085:在远程沙箱中运行,Adobe Flash Windows用户凭据泄漏漏洞

https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/ 

smbmap:用于SMB枚举的工具

https://github.com/ShawnDEvans/smbmap 

远程系统漏洞分析:WebSploit Toolkit 

https://n0where.net/remote-system-vulnerability-analysis/ 

探索从TypeScript到WebAssembly的编译

https://medium.com/web-on-the-edge/exploring-compilation-from-typescript-to-webassembly-f846d6befc12 

Active Directory访问控制列表 – 攻击和防御

https://blogs.technet.microsoft.com/enterprisemobility/2017/09/18/active-directory-access-control-list-attacks-and-defense/ 

通过在Windows中滥用bad assumption来检测调试器

http://www.triplefault.io/2017/08/detecting-debuggers-by-abusing-bad.html 

蓝牙漏洞影响所有主要操作系统

https://hackaday.com/2017/09/14/bluetooth-vulnerability-affects-all-major-os/ 

浏览器安全白皮书

https://browser-security.x41-dsec.de/X41-Browser-Security-White-Paper.pdf 

https://cure53.de/browser-security-whitepaper.pdf 

如何优化ElasticSearch的ssdeep比较

http://www.intezer.com/intezer-community-tip-ssdeep-comparisons-with-elasticsearch/ 

Epson漏洞: EasyMP投影机接管

https://rhinosecuritylabs.com/research/epson-easymp-remote-projection-vulnerabilities/ 

常见的WiFi攻击及检测方法

https://wtf.horse/2017/09/19/common-wifi-attacks-explained/ 

内核驱动程序mmap处理程序漏洞利用代码开发

https://labs.mwrinfosecurity.com/publications/kernel-driver-mmap-handler-exploitation/ 

https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-mmap-exploitation-whitepaper-2017-09-18.pdf 

具有采矿功能的恶意软件近期显著增加

https://securityintelligence.com/network-attacks-containing-cryptocurrency-cpu-mining-tools-grow-sixfold/ 

The PYPI Python Package Hack

http://www.bytelion.com/pypi-python-package-hack/ 

传送门:

Package 钓鱼 

http://blog.fatezero.org/2017/06/01/package-fishing/ 

被忽视的攻击面:Python package 钓鱼

https://paper.seebug.org/326/ 

Apache Struts CVE-2017-5638漏洞带来的思考

https://alexgaynor.net/2017/sep/18/surviving-struts-cve/ 

Microsoft Edge: 内存损坏与部分页面加载漏洞

https://bugs.chromium.org/p/project-zero/issues/detail?id=1309 

Microsoft Edge: out-of-bounds read in COptionsCollectionCacheItem::GetAt 

https://bugs.chromium.org/p/project-zero/issues/detail?id=1301 

focused Web Crawler: ACHE

https://n0where.net/focused-web-crawler-ache/ 

I know I haven't patched yet, and there's a zero-day knocking at my door

https://cybersins.com/zero-day-patch-timely-workaround/ 

An Update of PenTesting Tools that (do not) Support IPv6

https://insinuator.net/2017/09/an-update-of-pentesting-tools-that-do-not-support-ipv6/ 

HVACKer – Bridging the Air-Gap by Manipulating the Environment Temperature

http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_055_Mirsky_AirgapTemperature.pdf 

(完)