Cybersecurity information flow

干净的信息流推送工具,偏向安全圈的点点滴滴,为安全研究人员每日发现优质内容.

了解更多 »

全部节点
时间 节点
2023年3月31日 20:01 freebuf
3 月 22 日,FreeBuf 企业安全俱乐部·北京站在北京希尔顿逸林酒店隆重举行。
2023年3月31日 19:21 exploit-db
Judging Management System v1.0 - Remote Code Execution (RCE)
2023年3月31日 19:21 exploit-db
rconfig 3.9.7 - Sql Injection (Authenticated)
2023年3月31日 19:21 exploit-db
Spitfire CMS 1.0.475 - PHP Object Injection
2023年3月31日 19:21 exploit-db
Senayan Library Management System v9.0.0 - SQL Injection
2023年3月31日 19:21 exploit-db
Bludit 3-14-1 Plugin 'UploadPlugin' - Remote Code Execution (RCE) (Authenticated)
2023年3月31日 19:21 exploit-db
CoolerMaster MasterPlus 1.8.5 - 'MPService' Unquoted Service Path
2023年3月31日 19:21 exploit-db
qubes-mirage-firewall  v0.8.3 - Denial Of Service (DoS)
2023年3月31日 19:21 exploit-db
WooCommerce v7.1.0 - Remote Code Execution(RCE)
2023年3月31日 19:21 exploit-db
ASKEY RTF3505VW-N1 - Privilege Escalation
2023年3月31日 19:21 exploit-db
EQ Enterprise management system v2.2.0 - SQL Injection
2023年3月31日 19:01 Github关注
The release repo for "Vicuna: An Open Chatbot Impressing GPT-4"
2023年3月31日 19:01 freebuf
市场监管总局、中央网信办、工业和信息化部、公安部就开展国家统一推行的网络安全服务认证工作提出以下意见。
2023年3月31日 19:01 freebuf
企业在实施零信任安全体系中可能遇到哪些挑战和困难?在混合云和多云环境中,如何利用零信任模型来保证云环境业务的安全性?
2023年3月31日 18:41 看雪论坛
Bitter(蔓灵花)是一个长期活跃的南亚网络间谍组织,主要针对能源和政府部门实施敏感资料窃取等恶意行为,过去曾攻击过巴基斯坦、中国、孟加拉、沙特阿拉伯等国,具有明显的政治背景。
2023年3月31日 18:29 malware.news
On 30 March, simultaneous actions were carried out in Brazil with Europol’s support to dismantle the criminal group that reached from Paraguay to Europe. A total of 15 individuals were arrested, and over EUR 80 million worth of assets were seized.  Over the course of the investigation, over 17 tonnes of cocaine linked to this criminal organisation were seized, with…
Article Link: 15 arrested in Brazil over 17 tonnes of cocaine worth billions | Europol
1 post - 1 participant
Read full topic
2023年3月31日 18:29 malware.news
Today, cybercriminals are more sophisticated than ever and tend to exploit the weakest point of organizations to gain unauthorized access to their systems. Any vulnerabilities or misconfigurations provide an easy entry point for attackers. As a result, the security posture of any organization is only as strong as its weakest link.
Article Link: Top 10 Security Risks: Vulnerabilities, Misconfigurations, and User Behavior to Avoid
1 post - 1 participant
Read full topic
2023年3月31日 18:24 Orange Cyberdefense
On the 31st of October 2022, a PR on CrackMapExec from Thomas Seigneuret (@Zblurx) was merged. This PR fixed Kerberos authentication in the CrackMapExec framework. Seeing that, I instantly wanted to try it out and play a bit with it. While doing so I discovered a weird behaviour with the Protected Users group. In this blogpost I’ll explain what the Protected Users group is, why it is a nice security feature and yet why it is incomplete for the Administrator (RID500) user.
2023年3月31日 17:41 Github关注
Elastic Security detection content for Endpoint
2023年3月31日 17:41 Github关注
A curated list of awesome YARA rules, tools, and people.
2023年3月31日 17:41 Github关注
免费的 ChatGPT 镜像网站列表,持续更新。List of free ChatGPT mirror sites, continuously updated.
2023年3月31日 17:22 checkpoint research
For the latest discoveries in cyber research for the week of 27th March, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES New victims of Clop ransomware gang that leveraged for the attack purpose a zero-day security flaw (CVE-2023-0669) in the Fortra GoAnywhere Managed File Transfer system were disclosed. Among those are the American luxury […]
The post 27th March – Threat Intelligence Report appeared first on Check Point Research.
2023年3月31日 17:22 checkpoint research
Key Takeaways Background What causes a man to wake up one day and say, “I’m going to build my own malware and go sell it to cybercriminals on the dark web”? After all, the market is saturated with competitors, and the product is judged on the one sole metric of how many victims it has […]
The post Rhadamanthys: The “Everything Bagel” Infostealer appeared first on Check Point Research.
2023年3月31日 17:21 360安全客
...
FirmAE 是一个执行仿真和漏洞分析的全自动框架。FirmAE 使用五种仲裁技术显著提高仿真成功率(从Firmadyne的 16.28% 提高到 79.36%)。
2023年3月31日 17:01 Seebug Paper
作者:billion@知道创宇404实验室
时间:2023年3月31日  
parse-server公布了一个原型污染的RCE漏洞,看起来同mongodb有关联,so跟进&&分析一下。
BSON潜在问题
parse-server使用的mongodb依赖包版本是3.6.11,在node-mongodb-drive <= 3.7.3 版本时,使用1.x版本的bson依赖处理...
2023年3月31日 17:01 freebuf
国防部首席信息安全官Sherman指出,美国军方将在2027年全面实施零信任。
2023年3月31日 16:41 Github关注
Free ChatGPT Site List 这儿为你准备了众多免费好用的ChatGPT镜像站点,当前100+站点
2023年3月31日 16:41 Github关注
2023年3月31日 16:41 Github关注
2023年3月31日 16:29 绿盟科技博客
Python模块注入技术简析