1月21日-每日安全知识热点
分享到:
1.深入分析CVE-2016-0010:微软office rtf 文件处理堆溢出漏洞
http://blog.fortinet.com/post/deep-analysis-of-cve-2016-0010-microsoft-office-rtf-file-handling-heap-overflow-vulnerability
2.linux内核rop第一部分
https://cyseclabs.com/page?n=17012016
3.服务器安全:OSSEC集成slack和pagerduty
https://blog.sucuri.net/2016/01/server-security-integrating-ossec-with-slack-and-pagerduty.html
4.对乌克兰的电力行业新的一波攻击
http://www.welivesecurity.com/2016/01/20/new-wave-attacks-ukrainian-power-industry/
5.andorid木马预安装在飞利浦s307固件
http://news.drweb.com/show/?i=9792&lng=en&c=5
6.BSides NYC 2016 安全会议PPT
https://github.com/bsidesnyc/BSidesNYC2016/wiki/Agenda
7.OPENCART LFI缓解绕过
http://www.openwall.com/lists/oss-security/2016/01/19/16
8.Asacub木马:从间谍软件到银行恶意软件
https://securelist.com/?p=73211
9.这些设备尝试安全IOT
http://motherboard.vice.com/read/these-devices-are-trying-to-secure-the-internet-of-hackable-things
10.通过Flooding SIP欺骗VoIP
http://resources.infosecinstitute.com/cheating-voip-security-by-flooding-the-sip/
11.基于DNS的流量攻击
https://nymity.ch/dns-traffic-correlation/
12.明白wmi恶意软件
http://la.trendmicro.com/media/misc/understanding-wmi-malware-research-paper-en.pdf
13.SSH隧道Fun And profit
http://blog.cylance.com/puttering-into-the-future
http://www.everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh/
14.GCC tiny:构建GCC前端的语言
http://thinkingeek.com/gcc-tiny/
15.攻击者寻求破解硬件的终极控制
https://blogs.mcafee.com/mcafee-labs/attackers-seek-to-hack-hardware-for-ultimate-control/
16.音乐样式的广告软件引向Angler
https://blog.malwarebytes.org/fraud-scam/2016/01/tech-support-scammers-lure-users-with-fake-norton-warnings-turn-out-to-be-symantec-reseller/
http://research.zscaler.com/2016/01/music-themed-malvertising-lead-to-angler.html
17.滥用 SQLITE3 分词器绕过php安全限制
http://chichou.0ginr.com/blog/1336/abuse-sqlite3-ext-to-bypass-php-security-restrictions
18.Avast沙盒逃逸
http://code.google.com/p/google-security-research/issues/detail?id=700#c3
本文由 360安全播报 原创发布,如需转载请注明来源及本文地址。本文地址:http://bobao.360.cn/news/detail/2653.html
上一篇: substr的有关问题