http://p8.qhimg.com/t0105eadd526b531a1d.png


热点概要:常见的python漏洞、价值1W美金的漏洞读取Uber内部邮件、CVE-2016-4656 (Pegasus)技术分析与调试、Wireshark 2.2.0发行新增多种协议支持

国内热词:

英特尔出售Intel Security控股权,新公司将重新命名为迈克菲

QIP.ru即时通讯服务3300万明文密码被泄

600亿吞下EMC后的戴尔欠了一身债,现在要开始裁员了

资讯类:

以色列在线攻击服务 ‘vDOS’ ,两年内盈利60万美金

https://krebsonsecurity.com/2016/09/israeli-online-attack-service-vdos-earned-600000-in-two-years/

DELL完成了600亿美金的与EMC合并

http://www.datacenterdynamics.com/content-tracks/colo-cloud/dell-completes-60-billion-merger-with-emc/96904.article?utm_source=dlvr.it&utm_medium=twitter

技术类:

常见的python漏洞

https://access.redhat.com/blogs/766093/posts/2592591

NexMon: BCM4339 wifi芯片能够monitor模式并且运行任意代码

https://dev.seemoo.tu-darmstadt.de/bcm/bcm-public

Angular 1.6 – 正则表达式沙盒移除

http://angularjs.blogspot.co.uk/2016/09/angular-16-expression-sandbox-removal.html

价值1W美金的漏洞,读取Uber内部邮件

http://blog.pentestnepal.tech/post/149985438982/reading-ubers-internal-emails-uber-bug-bounty

nOBEX:一款测试蓝牙电话和邮件配置文件的工具

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/september/introducing-nobex-a-tool-for-testing-bluetooth-phone-and-messaging-profiles/

CVE-2016-4656 (Pegasus)技术分析与调试

http://turingh.github.io/2016/09/07/CVE-2016-4656%E5%88%86%E6%9E%90%E4%B8%8E%E8%B0%83%E8%AF%95/

对Android上ELF 恶意软件的调查

http://www.cmcm.com/blog/en/security/2016-09-07/1027.html

Adobe ColdFusion < 11 Update 10 – XML External Entity Injection POC

https://www.exploit-db.com/exploits/40346/

Apache/mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 – 'openssl-too-open.c' SSL2 KEY_ARG溢出漏洞POC

https://www.exploit-db.com/exploits/40347/?rss

XSA-185:x86: Disallow L3 recursive pagetable for 32-bit PV guests (CVE-2016-7092)

https://xenbits.xen.org/xsa/advisory-185.html

Xen bug in event channel handling code (XSA 188)

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-025-2016.txt

Android – libutils UTF16 到 UTF8 转换引发的堆溢出漏洞POC 

https://www.exploit-db.com/exploits/40354/

1989年的逆向工程:对精度的追求

http://www.thedragonstrap.com/blog/post/201609_ReverseEngineering/

Zepto 勒索软件现在使用新的功能更好的加密你的文件

https://blog.avast.com/zepto-ransomware-now-introduces-new-features-to-better-encrypt-your-files

Wireshark 2.2.0发行:开始支持 Apache Cassandra, Intels Omni-Path, USB3 Vision, USBIP and Zigbee协议

https://www.wireshark.org/docs/relnotes/wireshark-2.2.0.html

WordPress 4.6.1发布安全更新

https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/

#linuxsecuritysummit 2016 会议视频

https://www.linux.com/news/linux-security-summit-videos

快速浏览一下最近的恶意广告攻击链

https://www.zscaler.com/blogs/research/quick-look-recent-malvertising-exploit-chains

跨平台ELF文件分析

https://github.com/jacob-baines/elfparser

DMZ设计第二部分

https://www.insinuator.net/2016/09/considerations-on-dmz-design-in-2016-part-2-a-quick-digression-on-reverse-proxies/

文章原文链接:https://www.anquanke.com/post/id/84535