12月28日安全热点 - PS4内核利用/Rootsweb数据泄露

 

资讯类

新的挖矿恶意软件出现：Digimine

http://www.eweek.com/security/digimine-malware-steals-your-computer-power-to-mine-crypto-currency

 

Sonos与Bose的安全漏洞可以让黑客做些有意思的事情

https://www.bleepingcomputer.com/news/security/flaws-in-sonos-and-bose-smart-speakers-let-hackers-play-pranks-on-users/

 

PS4固件内核漏洞利用已放出

https://thehackernews.com/2017/12/ps4-jailbreak-kernel-exploit.html

 

浏览器登录管理器中的Web追踪器安全漏洞可能导致用户名泄露

https://www.bleepingcomputer.com/news/security/web-trackers-exploit-flaw-in-browser-login-managers-to-steal-usernames/

 

声波攻击或导致硬盘数据损坏，可能多种设备都需警惕

https://www.bleepingcomputer.com/news/security/acoustic-attacks-on-hdds-can-sabotage-pcs-cctv-systems-atms-more/

 

EtherDelta遭遇DNS攻击

http://securityaffairs.co/wordpress/67146/cyber-crime/exchange-etherdelta-dns-attack.html

 

Ancestry表示Rootsweb泄露出30万密码

https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/

 

技术类

新手向的模糊测试教程 Part 1 2 3

https://fuzzing-project.org/tutorial1.html

 

PS4固件内核漏洞利用

https://fail0verflow.com/blog/2017/ps4-crashdump-dump/

https://github.com/Cryptogenic/PS4-4.05-Kernel-Exploit

 

Firebird，Mysql，PostgreSql代码质量比较

https://dzone.com/articles/code-quality-comparison-of-firebird-mysql-and-post-1

 

趋势科技关于Janus漏洞最新利用的分析

http://blog.trendmicro.com/trendlabs-security-intelligence/janus-android-app-signature-bypass-allows-attackers-modify-legitimate-apps/

 

Professional Service Script新版多个漏洞分析

https://github.com/d4wner/Vulnerabilities-Report/blob/master/Professional-Service-Script.md

 

34c3 steaming

http://streaming.media.ccc.de/34c3/hallc

 

通往地狱之路：十次绕过恶魔WAF的尝试

https://medium.com/@know.0nix/jumping-to-the-hell-with-10-attempts-to-bypass-devils-waf-4275bfe679dd

 

Web安全策略——新的security.txt

https://tools.ietf.org/html/draft-foudil-securitytxt-02

 

HTTP/2客户端的被动指纹识别

https://www.blackhat.com/docs/eu-17/materials/eu-17-Shuster-Passive-Fingerprinting-Of-HTTP2-Clients-wp.pdf