HanDs
管理员

7月21日-每日安全知识热点 



http://p6.qhimg.com/t019e23f2598bc38636.jpg

技术类:

ZDI-16-434:Apple OS X AppleIntelBDWGraphics 内存异常导致的提权漏洞

http://www.zerodayinitiative.com/advisories/ZDI-16-434/


ZDI-16-435:Apple OS X WindowServer堆溢出漏洞导致提权漏洞

http://www.zerodayinitiative.com/advisories/ZDI-16-435/


ZDI-16-436:Apple OS X IOPMrootDomain 内存异常导致的提权漏洞

http://www.zerodayinitiative.com/advisories/ZDI-16-436/


ZDI-16-438:Apple OS X DspFuncLib UAF导致提权漏洞

http://www.zerodayinitiative.com/advisories/ZDI-16-438/


Drupal RESTWS Module 7.x 远程代码执行漏洞(metasploit模块)

https://www.exploit-db.com/exploits/40130/


通过使用Microsoft CryptoAPI来实现的TOR协议的POC

https://github.com/wbenny/mini-tor


通过图片文件导致APPLE远程代码执行漏洞的预览

http://blog.talosintel.com/2016/07/apple-image-rce.html


Exploiting Apache James 2.3.2

https://www.exploit-db.com/docs/40123.pdf


cve-2016-4203分析:adobe acrobat 的cooltype处理导致的堆溢出漏洞

https://blog.fortinet.com/2016/07/20/analysis-of-cve-2016-4203-adobe-acrobat-and-reader-cooltype-handling-heap-overflow-vulnerability


通过badusb偷取密码的视频演示

https://www.youtube.com/watch?v=x5Sb30PEV_g&utm_content=33365368&utm_medium=social&utm_source=twitter


CrypMIC 恶意欺诈软件想跟随CryptXXX的脚步

https://blog.trendmicro.com/trendlabs-security-intelligence/crypmic-ransomware-wants-to-follow-cryptxxx/


三星基带逆向工具发行

https://comsecuris.com/blog/posts/shannon/


一款Java 8 Jar & Android APK的反向工具包发行

https://github.com/Konloch/bytecode-viewer


David Litchfield发布的Oracle Patches 27 Vulnerabilities

https://dl.packetstormsecurity.net/1607-exploits/July2016CPU.pdf


资讯类:

许多商业站点通过Neutrino exploit kit 被部署CryptXXX 恶意欺诈软件

http://arstechnica.com/information-technology/2016/07/wave-of-business-websites-hijacked-to-deliver-crypto-ransomware/


通过利用CVE-2016-4631漏洞:黑客仅仅需要一条消息就能黑apple设备

http://securityaffairs.co/wordpress/49542/hacking/hacking-apple-cve-2016-4631.html


数据库泄露信息:

最新泄露的Guccifer 2.0 DNC数据里包括名人和CEO的个人信息

http://www.networkworld.com/article/3097063/security/newest-guccifer-2-0-dnc-dump-included-personal-info-about-celebrities-and-ceos.html?platform=hootsuite


WikiLeaks公布APK数据库

https://wikileaks.org/akp-emails/


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
7 21 - 每日安全知识热点
#1楼
发帖时间:2016-7-22   |   查看数:0   |   回复数:0
游客组
快速回复