Cybersecurity information flow
干净的信息流推送工具,偏向安全圈的点点滴滴,为安全研究人员每日发现优质内容.
全部节点
技术节点
论坛
漏洞监测
黑客大会
微信公众号
全部节点
时间 | 节点 | |
---|---|---|
2023年4月1日 00:24 | Real-time communications secur |
Welcome to the end of March, and this month’s edition of the RTCSec Newsletter. A lot has accumulated in March on the VoIP and IP Communication security front. In fact, this one is packed! In this edition, we cover: Our news, involving CI/CD automation of VoIP security testing with SIPVicious PRO More news from us, including the OpenSIPS security audit report and a chat about the Cyber Resilience Act 3CX Phone Client turned into a trojan Critical vulnerabilities affecting Samsung and Pixel phones via VoLTE and 5G Silent fix in Kamailio gets a CVE, vulnerable door phones and various other security reports RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security. |
2023年4月1日 00:21 | 360漏洞预警 |
2023年03月31日,360CERT监测发现 `3CX` 发布了 `Mac 3CXDesktop App` 的风险通告,漏洞编号为 `CVE-2023-29059` ,漏洞等级: `严重` ,漏洞评分: `9.6` 。 |
2023年4月1日 00:01 | Github关注 |
A curated list of awesome actions to use on GitHub |
2023年4月1日 00:01 | Github关注 |
PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager |
2023年4月1日 00:01 | SecWiki周报 |
浅谈基于深度学习的漏洞检测 https://mp.weixin.qq.com/s/fM5qAnQxWXLfAofgVqcWvw 记一次RCE+heapdump信息泄露引发的血案 https://mp.weixin.qq.com/s/6ZDto8QAUKTur5s_haGFdw safe-rules: 详细的C/C++编程规范指南 https://github.com/Qihoo360/safe-rules |
2023年3月31日 23:51 | malware.news |
Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system. Quick links: Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/ What We Are Particularly Excited About In this release we are particularly excited about these new Slips features, thanks to our GSoC contributors: Add HTTP unencrypted traffic detection by @haleelsada use termcolor by @haleelsada Instead of dos detection. slips is now detecting all executables thanks to @Onyx2406 Updated the docs for contributing Fix Leak detector errors when a different version of YARA is used. Fix problem with counting the number of flows to be processed in the progress bar Remove debugging prints printed by the whois python library to stderr Check Our Slips Demo Get a quick overview of what Slips is about and all its capabilities in this demo |
2023年3月31日 23:22 | Packet Storm |
Bludit version 3-14-1 suffers from a remote shell upload vulnerability. |
2023年3月31日 23:22 | Packet Storm |
Textpattern version 4.8.8 suffers from an authenticated remote code execution vulnerability. |
2023年3月31日 23:22 | Packet Storm |
Cacti version 1.2.22 suffers from a remote command execution vulnerability. |
2023年3月31日 23:22 | Packet Storm |
WordPress WooCommerce plugin version 7.1.0 suffers from a remote code execution vulnerability. |
2023年3月31日 23:22 | Packet Storm |
Qubes Mirage Firewall versions 0.8.0 through 0.8.3 suffer from a denial of service vulnerability. |
2023年3月31日 23:22 | Packet Storm |
Ubuntu Security Notice 5988-1 - It was discovered that integer overflows vulnerabilities existed in Xcftools. An attacker could use this to cause a denial of service or possibly execute arbitrary code. |
2023年3月31日 23:22 | Packet Storm |
CoolerMaster MasterPlus version 1.8.5 suffers from an unquoted service path vulnerability. |
2023年3月31日 23:22 | Packet Storm |
rconfig version 3.9.7 suffers from a remote SQL injection vulnerability. |
2023年3月31日 23:21 | Packet Storm |
Online Pizza Ordering version 1.0 suffers from a remote SQL injection vulnerability. |
2023年3月31日 23:21 | Packet Storm |
EQ Enterprise Management System version 2.2.0 suffers from a remote SQL injection vulnerability. |
2023年3月31日 23:21 | Packet Storm |
Judging Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for login bypass. |
2023年3月31日 23:21 | Packet Storm |
Judging Management System version 1.0 suffers from bypass and remote shell upload vulnerabilities. |
2023年3月31日 23:21 | Packet Storm |
Ubuntu Security Notice 5989-1 - Tao Lyu discovered that GlusterFS did not properly handle certain event notifications. An attacker could possibly use this issue to cause a denial of service. |
2023年3月31日 23:21 | Packet Storm |
Ubuntu Security Notice 5990-1 - It was discovered that musl did not handle certain i386 math functions properly. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. It was discovered that musl did not handle wide-character conversion properly. A remote attacker could use this vulnerability to cause resource consumption , denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. |
2023年3月31日 23:21 | Packet Storm |
Ubuntu Security Notice 5991-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code. |
2023年3月31日 22:51 | Packet Storm | |
2023年3月31日 22:51 | Packet Storm | |
2023年3月31日 22:51 | Packet Storm | |
2023年3月31日 22:51 | Packet Storm | |
2023年3月31日 22:51 | malware.news |
By failing to prepare you are preparing to fail. Make sure you're able to bounce back if, or when, a data disaster strikes. The post World Backup Day: Avoiding a data disaster is a forever topic appeared first on WeLiveSecurity Article Link: https://www.welivesecurity.com/2023/03/31/world-backup-day-avoiding-data-disaster-forever-topic/ 1 post - 1 participant Read full topic |
2023年3月31日 22:41 | 腾讯玄武实验室推送 |
如何预防并及时修复 aCropalypse安全漏洞的方法 |
2023年3月31日 22:31 | malware.news |
Article Link: Visualize Your Open Source Governance With BOM Doctor 1 post - 1 participant Read full topic |
2023年3月31日 22:31 | malware.news |
<div> <div> <div> <div><p>There was a time when security awareness training was informal, short, and focused on simple things like using complex passwords. Well, it transpires that keeping these on a post-it note under your keyword or in a text file is in fact not a safe practice.</p> This was when cyber threats from hackers were the work of people with expert skills, and at worst resulted in your computer getting infected with a virus, causing a brief interruption to your working day. Fast forward to the modern reality of the dark web where you can literally shop around and choose the method in which you want to carry out a targeted attack. Added to that are the near-constant cyber attacks, where we can see for example in the Hornetsecurity Cyber Security Report 2023, while spam is on the decline, harmful content is rising. <img alt="Cyber Threat Comparison" height="399" src="https://www.hornetsecurity.com/wp-content/uploads/2023/03/Cyber-Threat-Comparison.png" title="Cyber Threat Comparison" width="739" /> |
2023年3月31日 22:29 | Stories by SAFARAS K A on Medi |
Cross-Site Scripting is a web-based attack performed on vulnerable web applications where an attacker can create a malicious link to inject unwanted executable JavaScript into a website. A Cross-Site Scripting attack involves executing malicious code on a victim’s browser. Code is executed on the client side rather than on the server side. XSS usually gets inserted through a webpage using a web form or hyperlink. This code can be used with client-side languages such as JavaScript, PHP, HTML, etc. XSS Attack For example, below I have a basic webpage that is vulnerable to the XSS attack. <?php $name = 'John<script>alert(678)</script>'; ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Website</title> </head> <body> <p>Welcome to my site <?php echo $name; ?>!</p> </body> </html> If you run the code on a web browser, you’ll see an alert message with the number 678. This means the website is vulnerable to XSS or Cross-Site Scripting. Preventing XSS in PHP For most PHP websites, htmlspecia |