Cybersecurity information flow

A Step-by-Step Guide To Securing Your SSH Connections Using SSH Key-Based Authentication
SSH Key-Based Authentication. (Source: www.sectigo.com)
Today’s article offers a straightforward tutorial on boosting the security of your SSH remote sessions. We’ll focus on setting up SSH Key-based Authentication for your Linux server and show you how to transition away from less secure Password-based authentication. To wrap up, I’ll share bonus tips on additional ways to secure your SSH server.
Overview
SSH (Secure Shell) key-based authentication is a security method that uses a pair of cryptographic keys to authenticate a user’s identity on a remote server. This approach involves generating and storing a public-private key pair on your computer and configuring the SSH server to recognize and accept these keys. It significantly improves security by reducing the risks associated with traditional Password-based Authentication.
Using SSH keys for authentication is like having a secret handshake to get into an exclusive cl

有新的漏洞组件被发现啦,组件ID:DedeCMS
An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php.

作者:Eduard Agavriloae (@saw_your_packet),Matei Josephs 程序:AWS 漏洞类型:Information disclosure 赏金:-

作者:Ngo Wei Lin (@Creastery) 程序:GitHub 漏洞类型:RCE,Unsafe reflection,Security code review 赏金:-

作者:Dirk-jan Mollema (@_dirkjan) 程序:Microsoft (Entra ID / Azure AD) 漏洞类型:Lateral movement,Persistence,Post-exploitation 赏金:-

作者:Chux (@chux13786509) 程序:- 漏洞类型:Account takeover,Components with known vulnerabilities 赏金:-

作者:joernchen (@joernchen) 程序:GitLab 漏洞类型:Path traversal,Arbitrary file write,RCE,Parser diffentials 赏金:-

作者:Phil Thomas 程序:- 漏洞类型:Code injection,RCE 赏金:-

作者:nyxgeek (@nyxgeek) 程序:Microsoft (Microsoft Graph) 漏洞类型:Password spraying,Authentication flaw 赏金:-

作者:Chux (@chux13786509) 程序:- 漏洞类型:Docker Registry 赏金:-

作者:Adam Crosser 程序:Ant Media 漏洞类型:Local Privilege Escalation,JMX 赏金:-

作者:Filip Dragovic (@filip_dragovic) 程序:Oracle (VirtualBox) 漏洞类型:Local Privilege Escalation 赏金:-

作者:TheZero (@Th3Zer0),suidpit (@suidpit) 程序:Element 漏洞类型:Intent redirection,Insecure intent,Android 赏金:-

作者:Roi Nisimi (@roinisimi) 程序:AWS,Google (GCP) 漏洞类型:Information disclosure 赏金:-

作者:Stefan Schiller (@scryh_) 程序:SourceForge,Apache Allura 漏洞类型:Arbitrary file read,RCE,Security code review 赏金:-

作者:Ben Barnea (@nachoskrnl) 程序:Microsoft (Windows) 漏洞类型:RCE,Parsing issue 赏金:-

作者:Anas Eladly (@0xanas_eladly) 程序:- 漏洞类型:Race condition 赏金:-

作者:Dane Sherrets (@DaneSherrets) 程序:Tools for Humanity (Worldcoin) 漏洞类型:Race condition,Web3 hacking 赏金:3,000

作者:Thomas Houhou (@Th0h0) 程序:Swisscom 漏洞类型:Password reset,Security code review 赏金:4,000

作者:Johann Rehberger (wunderwuzzi23) 程序:Google (AI Studio) 漏洞类型:Prompt Injection,LLM 赏金:-

作者:Shir Tamari (@shirtamari),Sagi Tzadik (@sagitz_) 程序:Hugging Face 漏洞类型:AI,Cloud,CI/CD,RCE,Insecure deserialization,Privilege escalation,Supply chain attack,Cross-tenant vulnerability 赏金:200

作者:RyotaK (@ryotkak) 程序:DOMPurify 漏洞类型:WAF bypass,XSS 赏金:-

作者:Yaniv Nizry (@YNizry) 程序:Apache Dubbo 漏洞类型:Insecure deserialization,Security code review 赏金:-

作者:Brian (@hoyahaxa) 程序:Imperva 漏洞类型:WAF bypass 赏金:-

作者:Abhi Sharma (@a13h1_) 程序:- 漏洞类型:CRLF injection 赏金:1,500

作者:Paul van der Haas (@PvdH) 程序:ReCrystallize Software 漏洞类型:Default credentials,LFI,Authentication bypass,Privilege escalation,Unrestricted file upload,RCE 赏金:-

作者:Bartłomiej Bergier (@_bergee_) 程序:- 漏洞类型:SSRF,HTML injection,CSP bypass,XSS 赏金:200

作者:Omar ElSayed (@bxrowski0x) 程序:- 漏洞类型:IDOR 赏金:2,000

作者:Martin Doyhenard (@tincho_508) 程序:- 漏洞类型:Desync attack,HTTP request smuggling,Web cache poisoning 赏金:-

作者:Clément Amic 程序:- 漏洞类型:Insecure deserialization,RCE,Security code review 赏金:-