今日导读:在Android手机(小米,华为,荣誉,三星,OPPO,Vivo)上发现了预装量达500万的恶意软件、Sofacy通过DealersChoice攻击欧洲政府机构、巴西网络团伙通过制作“黄金票”ATM卡来克隆芯片保护的银行卡和黑客POS系统、uscert发布俄罗斯政府针对美国能源和其他重要基础设施部门的网络活动报告、多个Android DRM服务中存在缓冲区溢出漏洞、MikroTik RouterOS SMB存在缓冲区溢出漏洞(未经认证的RCE)、Webmin存在本地文件包含漏洞、Windows Defender Attack Surface Reduction规则绕过、 D-Link Service.Cgi远程命令执行漏洞从发现到入侵检测、荷兰选举软件中的安全分析、2017年Android恶意软件专题报告等。

【病毒区】
1、Pre-Installed Malware Found On 5 Million Popular Android Phones(Xiaomi, Huawei, Honor, Samsung, OPPO, Vivo)
https://research.checkpoint.com/rottensys-not-secure-wi-fi-service/

2、Sofacy Uses DealersChoice to Target European Government Agency
https://researchcenter.paloaltonetworks.com/2018/03/unit42-sofacy-uses-dealerschoice-target-european-government-agency/

3、How Brazilian cyber gangs create ‘golden ticket' ATM cards, clone chip-protected bank cards and hack POS systems
https://securelist.com/goodfellas-the-brazilian-carding-scene-is-after-you/84263/

4、Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors
https://www.us-cert.gov/ncas/alerts/TA18-074A

【漏洞分析区】
5、Google Chrome PDF Processing Vulnerability (CVE-2018-6072)
https://bugs.chromium.org/p/chromium/issues/detail?id=791048

6、Buffer overflow in multiple Android DRM services (CVE-2017-13253)
https://blog.zimperium.com/cve-2017-13253-buffer-overflow-multiple-android-drm-services/

7、MikroTik RouterOS SMB Buffer Overflow (unauthenticated RCE)
https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow

8、Webmin 1.840 – 1.880 – Unrestricted Access to Arbitrary Files using Local File Include(CVE-2018-8712)
https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/

9、Windows Defender Attack Surface Reduction Rules bypass
https://oddvar.moe/2018/03/15/windows-defender-attack-surface-reduction-rules-bypass/

10、VXN Leaks Found on 3 Major VXNs out of … 3 that We Tested(HotSpot Shield, PureVxN & ZenMate)
https://www.vpnmentor.com/blog/vpn-leaks-found-3-major-vpns-3-tested/

11、D-Link Service.Cgi远程命令执行漏洞从发现到入侵检测
http://www.freebuf.com/articles/terminal/164680.html

12、代码审计之DM建站系统
https://xianzhi.aliyun.com/forum/topic/2165

13、“AMD Flaws” Technical Summary
https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/

【技术分享区】
14、security analysis in Dutch elections software
https://www.vusec.net/security-analysis-elections-software/

15、Cobalt Strike – Bypassing Windows Defender with Obfuscation
http://www.offensiveops.io/tools/cobalt-strike-bypassing-windows-defender-with-obfuscation/

16、Active Directory Security:The Journey
https://adsecurity.org/wp-content/uploads/2018/03/2018-Troopers-Metcalf-ActiveDirectorySecurityTheJourney-Final.pdf

17、记一次linux(被)入侵
https://mp.weixin.qq.com/s/Xcz2VgycM6724oMpm3nFbg

18、KERNELFAULT:R00ting the Unexploitable using Hardware Fault Injection
http://www.pulse-sec.com/drive/BlueHat%20v17%20-%20KERNELFAULT%20-%20R00ting%20the%20Unexploitable%20using%20Hardware%20Fault%20Injection%20v1.0.pdf

19、Mitigating speculative execution side channel hardware vulnerabilities
https://blogs.technet.microsoft.com/srd/2018/03/15/mitigating-speculative-execution-side-channel-hardware-vulnerabilities/

20、TPM Genie: Interposer Attacks Against the Trusted Platform Module Serial Bus
https://www.nccgroup.trust/us/our-research/tpm-genie-interposer-attacks-against-the-trusted-platform-module-serial-bus/

21、2017年Android恶意软件专题报告
http://www.freebuf.com/articles/paper/164398.html

【工具区】
工具#CBM:A hardware-backdoor for CAN bus
https://github.com/UnaPibaGeek/CBM

工具#vbg:A Tool to Inject Keystrokes on a SSH Client via an X11 Forwarded Session
https://github.com/xfee/vbg

工具#Checked C is an extension to C that adds static and dynamic checking to detect or prevent common programming errors such as buffer overruns, out-of-bounds memory accesses, and incorrect type casts.
https://github.com/Microsoft/checkedc

工具#Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research
https://github.com/nccgroup/Royal_APT

工具#Memcrashed-DDoS-Exploit:DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API
https://github.com/649/Memcrashed-DDoS-Exploit

工具#Powershell-RAT:Python based backdoor that uses Gmail to exfiltrate data through attachment.
https://github.com/Viralmaniar/Powershell-RAT

工具#Auditor:App for performing verified boot attestation of the Pixel 2 or Pixel 2 XL running stock or CopperheadOS from any Android 7.0+ device with a camera via QR codes.
https://github.com/copperhead/Auditor

工具#mobisys2018_nexmon_software_defined_radio:turns Broadcom's 802.11ac Wi-Fi chips into software-defined radios that transmit arbitrary signals in the Wi-Fi bands.
https://github.com/seemoo-lab/mobisys2018_nexmon_software_defined_radio

点击收藏 | 0 关注 | 1
  • 动动手指,沙发就是你的了!
登录 后跟帖