7月21日-每日安全知识热点

技术类:

ZDI-16-434:Apple OS X AppleIntelBDWGraphics 内存异常导致的提权漏洞

http://www.zerodayinitiative.com/advisories/ZDI-16-434/

ZDI-16-435:Apple OS X WindowServer堆溢出漏洞导致提权漏洞

http://www.zerodayinitiative.com/advisories/ZDI-16-435/

ZDI-16-436:Apple OS X IOPMrootDomain 内存异常导致的提权漏洞

http://www.zerodayinitiative.com/advisories/ZDI-16-436/

ZDI-16-438:Apple OS X DspFuncLib UAF导致提权漏洞

http://www.zerodayinitiative.com/advisories/ZDI-16-438/

Drupal RESTWS Module 7.x 远程代码执行漏洞(metasploit模块)

https://www.exploit-db.com/exploits/40130/

通过使用Microsoft CryptoAPI来实现的TOR协议的POC

https://github.com/wbenny/mini-tor

通过图片文件导致APPLE远程代码执行漏洞的预览

http://blog.talosintel.com/2016/07/apple-image-rce.html

Exploiting Apache James 2.3.2

https://www.exploit-db.com/docs/40123.pdf

cve-2016-4203分析:adobe acrobat 的cooltype处理导致的堆溢出漏洞

https://blog.fortinet.com/2016/07/20/analysis-of-cve-2016-4203-adobe-acrobat-and-reader-cooltype-handling-heap-overflow-vulnerability

通过badusb偷取密码的视频演示

https://www.youtube.com/watch?v=x5Sb30PEV_g&utm_content=33365368&utm_medium=social&utm_source=twitter

CrypMIC 恶意欺诈软件想跟随CryptXXX的脚步

https://blog.trendmicro.com/trendlabs-security-intelligence/crypmic-ransomware-wants-to-follow-cryptxxx/

三星基带逆向工具发行

https://comsecuris.com/blog/posts/shannon/

一款Java 8 Jar & Android APK的反向工具包发行

https://github.com/Konloch/bytecode-viewer

David Litchfield发布的Oracle Patches 27 Vulnerabilities

https://dl.packetstormsecurity.net/1607-exploits/July2016CPU.pdf

资讯类:

许多商业站点通过Neutrino exploit kit 被部署CryptXXX 恶意欺诈软件

http://arstechnica.com/information-technology/2016/07/wave-of-business-websites-hijacked-to-deliver-crypto-ransomware/

通过利用CVE-2016-4631漏洞:黑客仅仅需要一条消息就能黑apple设备

http://securityaffairs.co/wordpress/49542/hacking/hacking-apple-cve-2016-4631.html

数据库泄露信息:

最新泄露的Guccifer 2.0 DNC数据里包括名人和CEO的个人信息

http://www.networkworld.com/article/3097063/security/newest-guccifer-2-0-dnc-dump-included-personal-info-about-celebrities-and-ceos.html?platform=hootsuite

WikiLeaks公布APK数据库

https://wikileaks.org/akp-emails/