热点概要:Joomla 3.6.4!发布紧急补丁更新,修复RCE漏洞、通过DNS prefetching绕过CSP、对CVE-2016-5195脏牛漏洞分析
国内热词:
计算机故障可能导致火星登陆器坠毁
DirtyCow 内核漏洞能被用于Root任何Android 设备
华裔工程师间谍指控致中国与国际间核合作降温
马云支持利用大数据打击犯罪
资讯类:
GM Bot 银行木马能够绕过andorid 6 安全防护
苹果修复恶意JPEG利用漏洞
https://threatpost.com/apple-patches-ios-flaw-exploitable-by-malicious-jpeg/121521/
技术类:
【漏洞预警】CVE-2016-8610: “SSL Death Alert“漏洞公告
http://bobao.360.cn/learning/detail/3137.html
通过DNS prefetching绕过CSP
https://blog.compass-security.com/2016/10/bypassing-content-security-policy-with-dns-prefetching/
CVE-2016-1240:基于Debian发行版的Tomcat本地提权漏洞
task_t considered harmful
https://googleprojectzero.blogspot.co.uk/2016/10/taskt-considered-harmful.html
对CVE-2016-5195脏牛漏洞分析,另一篇不错的中文分析见http://bobao.360.cn/learning/detail/3132.html
https://www.martijnlibbrecht.nu/2/
F-Secure和赫尔辛基大学推出的免费网络安全培训课程
http://mooc.fi/courses/2016/cybersecurity/
使用机器学习检测web应用漏洞的方法
http://www.slideshare.net/babaroa/code-blue-2016-method-of-detecting-vulnerability-in-web-apps
FreeBSD-SA-16:32.bhyve: bhyve 提权漏洞
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:32.bhyve.asc
Frida 8.1 发布:新增网络API
http://www.frida.re/news/2016/10/25/frida-8-1-released/
Microsoft Windows (x86) – 'NDISTAPI' 提权漏洞 (MS11-062) POC
https://www.exploit-db.com/exploits/40627/
Joomla 3.6.4!发布紧急补丁更新,修复RCE漏洞
脏牛Linux漏洞也工作在Andorid平台
https://nakedsecurity.sophos.com/2016/10/25/dirtycow-linux-hole-works-on-android-too-root-at-will/
收集的Windows, Linux 和 MySQL提权脚本
https://github.com/1N3/PrivEsc
Trojan[DDOS]/Linux. Znaich分析笔记
http://www.antiy.com/response/Znaich/Znaich.html
微体系结构攻击KASRL
https://cyber.wtf/2016/10/25/micro-architecture-attacks-on-kasrl/
文章原文链接:https://www.anquanke.com/post/id/84793
