http://p8.qhimg.com/t0105eadd526b531a1d.png


热点概要:CVE-2016-4178, CVE-2016-4277:使用navigateToURL函数绕过Flash本地文件系统(local-with-filesystem)策略、OSX劫持密码实现提权、价值1w6美金的Facebooe页面接管漏洞

国内热词:

俄罗斯屏蔽Pornhub和 YouPorn,建议居民回归线下

iPhone 5c NAND镜像攻击

基因编辑技术成本降低:或被“生物骇客”利用制造生物武器

资讯类:

H1N1恶意软件增加信息偷取,UAC绕过功能

http://news.softpedia.com/news/h1n1-malware-adds-support-for-infostealing-features-uac-bypass-508408.shtml

windows安全模式能被用来偷取登陆信息,禁止杀软

http://news.softpedia.com/news/windows-safe-mode-can-be-used-to-steal-pc-logins-disable-antivirus-software-508378.shtml

技术类:

CVE-2016-4178, CVE-2016-4277:使用navigateToURL函数绕过Flash本地文件系统(local-with-filesystem)策略

https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2016/flash-local-with-filesystem-bypass-in-navigatetourlpdf/

[CVE-2016-7425] linux内核SCSI arcmsr驱动:arcmsr_iop_message_xfer()函数中的缓冲区溢出漏洞

https://marcograss.github.io/security/linux/cve/2016/09/17/cve-2016-7425-linux-scsi-arcmsr-heap-overflow.html

CVE-2016-5017:ZooKeeper 3.4.8 / 3.5.2 C cli shell缓冲区溢出漏洞

https://cxsecurity.com/issue/WLB-2016090134

CVE-2016-3377:微软windows javascirpt map方法导致的堆溢出漏洞

http://www.zerodayinitiative.com/advisories/ZDI-16-514/

CVE-2016-4279:Adobe Flash TextFormat 内存异常导致的远程代码执行漏洞

http://www.zerodayinitiative.com/advisories/ZDI-16-515/

CVE-2016-5995:IBM DB2本地提权漏洞

http://www-01.ibm.com/support/docview.wss?uid=swg21990061

OSX劫持密码实现提权

https://www.scriptjunkie.us/2016/09/intercepting-passwords-to-escalate-privileges-on-os-x/

HACKING一个硬币大小的蓝牙设备

https://hackaday.com/2016/09/14/hacking-a-dollar-store-bluetooth-device/

来自44con会议的PPT:Trusts You Might Have Missed

http://www.slideshare.net/harmj0y/trusts-you-might-have-missed-44con

反向工程加密的联想笔记本固件第三部分

http://www.zmatt.net/unlocking-my-lenovo-laptop-part-3/

AVX512F base64 编码和解码

http://0x80.pl/articles/avx512-foundation-base64.html

windows提权基础

https://thel3l.me/blog/winprivesc/index.html

取证挑战,从Jolla手机中恢复数据

https://articles.forensicfocus.com/2016/09/14/meeting-a-forensic-challenge-recovering-data-from-a-jolla-smartphone/

价值1w6美金的Facebooe页面接管漏洞

http://arunsureshkumar.me/index.php/2016/09/16/facebook-page-takeover-zero-day-vulnerability/

4个间谍软件从Google PLAY市场移除下架

https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/

文章原文链接:https://www.anquanke.com/post/id/84575