当前节点:rss
时间节点
2022年1月25日 09:34Security Boulevard
On the surface Telegram may seem like just another instant messaging app, but when you dig deep, the reality couldn't be more different.
The post Dark Web Threat Intelligence Part 1: Deep Dive into the Criminal Underground Network on Telegram appeared first on Security Boulevard.
从表面上看,Telegram 似乎只是另一个即时通讯应用,但是当你深入挖掘的时候,事实却大不相同。
后黑暗网络威胁情报第一部分: 深入地下犯罪网络的电报首先出现在安全大道。
2022年1月25日 09:34Security Boulevard
Dear blog readers,
I've decided to share with everyone an in-depth historical OSINT analysis on some of the primary pay per install rogue fraudulent and malicious affiliate network based rogue and fraudulent revenue sharing scheme operating malicious software gangs that are known to have been active back in 2008 with the idea to assist everyone in their cyber campaign attribution efforts.
Sample portfolio of pay per install rogue fraudulent and malicious affiliate network domains known to have been in operation in 2008 include:
vipsoftcash[.]com
iframevip[.]com
avicash[.]com
softmonsters[.]biz
cashboom[.]biz
loader[.]cc
luxecash[.]com
iframepartners[.]com
installsforyou[.]biz
topsale2[.]ru
cashcodec[.]com
go-go-cash[.]com
oxocash[.]com
3xl-cash2[.]com
3xlpartnership[.]com
installs4sale[.]com
profitclick[.]org
megatraffer[.]com
oemcash[.]com
goldencashworld[.]biz
topsale[.]us
installsmarket[.]com
profit-cash[.]biz
ADWSearch[.]com
ovocash[.]com
loadsprofit[.]com
exerevenue[.]com
adwaredollars[.]com
yabucks[.]co
2022年1月25日 07:34Security Boulevard
First, the Guardian makes it clear that a conspiracy is real: …groups involved in banning books are in fact linked, and backed by influential conservative donors. Second, a racist motive is obvious: In Pennsylvania, the Central York school board banned a long list of books, almost entirely titles by, or about, people of color, including … Continue reading Billionaires Fund Campaigns to Ban Books in American School →
The post Billionaires Fund Campaigns to Ban Books in American School appeared first on Security Boulevard.
首先,《卫报》明确指出,一个阴谋是真实存在的: ... ... 参与禁书的团体实际上是有联系的,并得到了有影响力的保守派捐赠者的支持。其次,种族主义动机是显而易见的: 在宾夕法尼亚州,纽约中央学校董事会禁止了一长串的书籍,几乎全是有色人种的书籍,包括... ... 继续阅读亿万富翁基金运动,在美国学校禁止图书→
后亿万富翁基金运动禁止图书在美国学校首先出现在安全大道。
2022年1月25日 07:34Security Boulevard
Phoenix TS Is proud to be a trusted and verified partner of CompTIA! CompTIA (The Computing Technology Industry Association) is globally recognized for providing vendor neutral training and certifications that help drive the market of information technology.   Phoenix has collaborated with CompTIA to provide training that allows professionals to pursue the most sought-after certifications […]
The post CompTIA and Continuing Education (CE’s) appeared first on Phoenix TS.
The post CompTIA and Continuing Education (CE’s) appeared first on Security Boulevard.
凤凰 TS 是自豪的是一个可信赖和证实的合作伙伴计划!计算机技术行业协会(comtia)是全球公认的提供供应商中立的培训和认证,有助于推动信息技术市场。菲尼克斯与 CompTIA 合作,提供培训,使专业人士追求最受欢迎的认证[ ... ]
后计划和继续教育(CE’s)首先出现在凤凰 TS。
后计划和继续教育(CE’s)首先出现在安全大道。
2022年1月25日 05:34Security Boulevard
The post What Logistics Leaders Need To Know About APIs in Supply Chain Cyber Security appeared first on Security Boulevard.
关于供应链网络安全中物流领导者需要了解的 api 的帖子首先出现在安全大道上。
2022年1月25日 05:34Security Boulevard
via the respected security expertise of Robert M. Lee and the superlative illustration talents of Jeff Haas at Little Bobby Comic
Permalink
The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 365’ appeared first on Security Boulevard.
通过受人尊敬的安全专家罗伯特 m. 李在小鲍比漫画最高级的插图天赋
Permalink
罗伯特 · m · 李和杰夫 · 哈斯的《小鲍比》漫画《第365周》首次出现在安全大道上。
2022年1月25日 05:34Security Boulevard
Our thanks to Security BSides London for publishing their tremendous videos from the Security BSides London 2021 Conference on the organization’s YouTube channel. Enjoy!
Permalink
The post Security BSides London 2021 – Security Queens’ ‘From Paupers To Queens: The Tale Of Two Wannabe Hackers’ appeared first on Security Boulevard.
我们感谢伦敦安全协会在该组织的 YouTube 频道上发布了他们在伦敦安全协会2021年会议上的大量视频。享受吧!
Permalink
后2021年伦敦安全双城-安全皇后’’从乞丐到皇后: 两个想成为黑客的故事’首次出现在安全大道。
2022年1月25日 05:34Security Boulevard
By Steve Hanna, Co-chair of TCG’s Industrial Work Group and IoT Work Group Many sectors now utilize Internet of Things (IoT) equipment to drive digital transformation, and ultimately increase automation and efficiency. In particular, the energy sector is seeing wide implementation, from the equipment used in oil and gas extraction, to the tools monitoring an … Continue reading "Protecting the energy sector’s industrial IoT"
The post Protecting the energy sector’s industrial IoT appeared first on Trusted Computing Group.
The post Protecting the energy sector’s industrial IoT appeared first on Security Boulevard.
作者: 史蒂夫 · 汉纳,TCG 工业工作组和物联网工作组的共同主席许多部门现在利用物联网设备来推动数字化转型,并最终提高自动化和效率。特别是,能源部门正在广泛实施,从石油和天然气开采使用的设备,到监测工具... ... 继续阅读”保护能源部门的工业物联网”
保护能源部门的工业物联网最先出现在可信计算集团上。
保护能源部门的工业物联网最早出现在安全大道上。
2022年1月25日 05:34CXSECURITY Database RSS Feed -
Topic: UniFi Network Application Unauthenticated Log4Shell Remote Code Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-...
主题: UniFi 网络应用程序未经身份验证 Log4Shell 远程代码执行风险: 高文本: # # # 此模块需要 Metasploit:  https://Metasploit.com/download  # 当前来源:  https://github.com/rapid7/Metasploit-  ..。
2022年1月25日 05:34CXSECURITY Database RSS Feed -
Topic: LDaRosa Xpath Injection Vulnerability Risk: Medium Text:********************************************************* #Exploit Title: LDaRosa Xpath Injection Vulnerability #Date: 2022-0...
2022年1月25日 05:34CXSECURITY Database RSS Feed -
Topic: Online Project Time Management 1.0 SQL Injection Risk: Medium Text:## Title: Online Project Time Management 1.0 Multiple SQL - Injections ## Author: nu11secur1ty ## Date: 01.20.2022 ## Vendor...
2022年1月25日 03:35Stories by SAFARAS K A on Medi
Registrations Open for IWCON 2022 — the Online Infosec Conference & Networking Event
Listen to 15+ awesome speakers and meet some of the coolest peeps in Infosec!
Register for IWCON 2022 here.
The editorial team of Infosec Writeups is happy to announce that we are organizing IWCON 2022 — our first-ever virtual conference and networking event on 26–27 February 2022.
Our goal is to dissect not just technical aspects, but highlight the human angle of being in Infosec.
Learn more details here.
Why attend IWCON 2022?
We have speakers from around the world to share their personal stories and unique experiences of how they established themselves in Infosec. Some of the speakers at the conference are Louis Nyffenegger, Tanya Janca, ZSeano, and Aseem Shrey.
A full list of all the speakers and the topics of their presentations will be released super soon. Keep following our page for updates.
We’re expecting 1500+ people to attend the conference live. Our attendees are mostly cybersecurity professionals and Infosec infl
2022年1月25日 03:35Stories by SAFARAS K A on Medi
Registrations Open for IWCON 2022 — the Online Infosec Conference & Networking Event
Listen to 15+ awesome speakers and meet some of the coolest peeps in Infosec!
Register for IWCON 2022 here.
The editorial team of Infosec Writeups is happy to announce that we are organizing IWCON 2022 — our first-ever virtual conference and networking event on 26–27 February 2022.
Our goal is to dissect not just technical aspects, but highlight the human angle of being in Infosec.
Learn more details here.
Why attend IWCON 2022?
We have speakers from around the world to share their personal stories and unique experiences of how they established themselves in Infosec. Some of the speakers at the conference are Louis Nyffenegger, Tanya Janca, ZSeano, and Aseem Shrey.
A full list of all the speakers and the topics of their presentations will be released super soon. Keep following our page for updates.
We’re expecting 1500+ people to attend the conference live. Our attendees are mostly cybersecurity professionals and Infosec infl
2022年1月25日 03:34Security Boulevard
To usher in the new year, Lightspin is expanding our multi-cloud coverage. Beyond our support of AWS, Azure, and Kubernetes, in 2022, we are proud to announce we support Google Cloud Platform (GCP) as well!
This expansion into GCP means you can easily, quickly, and without any agents onboard your GCP projects to Lightspin. We'll scan your projects to detect misconfigurations, exposed secrets, and of course the attack paths that nefarious actors may use to compromise your environment.
The post In 2022, Lightspin is Further Expanding Our Coverage appeared first on Security Boulevard.
为了迎接新的一年,Lightspin 正在扩大我们的多云覆盖范围。除了我们对 AWS、 Azure 和 Kubernetes 的支持,在2022年,我们很自豪地宣布,我们也支持 Google 云平台(GCP) !
这种向 GCP 的扩张意味着你可以很容易、快速、无需任何代理商就可以将你的 GCP 项目带到 Lightspin。我们将扫描您的项目,以检测错误的配置,公开的秘密,当然,攻击路径,邪恶的角色可能使用危害您的环境。
2022年,Lightspin 正在进一步扩大我们的覆盖范围首次出现在安全大道上。
2022年1月25日 03:34Security Boulevard
As a cybersecurity industry leader, Imperva is working with the National Cybersecurity Alliance (NCA) as a 2022 Data Privacy Week Champion to promote the need for businesses to prioritize data privacy and protection and the importance of individuals and companies to secure their online data. As part of Data Privacy Week, Imperva is committed to […]
The post Imperva Champions Data Privacy Week 2022 appeared first on Blog.
The post Imperva Champions Data Privacy Week 2022 appeared first on Security Boulevard.
作为网络安全行业的领导者,Imperva 正在与国家网络安全联盟(NCA)合作,作为2022年数据隐私周的冠军,宣传企业优先考虑数据隐私和保护的必要性,以及个人和公司保护其在线数据的重要性。作为数据隐私周的一部分,Imperva 致力于[ ... ]
2022年 Imperva 冠军数据隐私周首次出现在博客上。
后 Imperva 冠军数据隐私周2022首次出现在安全大道。
2022年1月25日 03:34Security Boulevard
Artificial intelligence (AI) is woven into the fabric of today’s business world.
However, business model integration of AI is in its infancy and smaller companies often lack the resources to leverage AI.
Related: Deploying human security sensors
Even so, AI … (more…)
The post GUEST ESSAY: A primer on why AI could be your company’s cybersecurity secret weapon in 2022 appeared first on Security Boulevard.
人工智能(AI)已经融入了当今的商业世界。
然而,人工智能的商业模型集成还处于初级阶段,较小的公司往往缺乏利用人工智能的资源。
相关: 部署人类安全传感器
即便如此,人工智能... (更多...)
2022年,为什么人工智能可以成为你公司网络安全的秘密武器。
2022年1月25日 03:34Security Boulevard
Our thanks to Security BSides London for publishing their tremendous videos from the Security BSides London 2021 Conference on the organization’s YouTube channel. Enjoy!
Permalink
The post Security BSides London 2021 – Klaus Agnoletti’s ‘CrowdSec: A Crowd-Based Approach To Infrastructure Defense’ appeared first on Security Boulevard.
我们感谢伦敦安全协会在该组织的 YouTube 频道上发布了他们在伦敦安全协会2021年会议上的大量视频。享受吧!
Permalink
2021年伦敦奥运会后,克劳斯 · 阿尼奥莱蒂的“众包: 基于人群的基础设施防御方法”首次出现在安全大道上。
2022年1月25日 03:34Security Boulevard
Back in the olden times (in 2005) a website was setup called the Million Dollar Homepage. A brainchild of student Alex Tew who wanted to raise some money for university. The concept was simple, get a webpage composed of a million pixels and sell them all for $1 each. They were sold in 10 x … Continue reading The Million Dollar Homepage →
The post The Million Dollar Homepage appeared first on Security Boulevard.
早在古时候(2005年) ,有一个网站被设置为百万美元首页。一个想为大学筹集资金的学生亚历克斯 · 图的创意。这个概念很简单,得到一个由一百万像素组成的网页,然后以每个1美元的价格出售它们。它们以10倍的价格售出... ... 继续阅读百万美元首页→
百万美元首页首先出现在安全大道。
2022年1月25日 03:34Security Boulevard
A popular maker of WordPress plugins and themes was hacked—93 of AccessPress’s offerings were modified to give the hackers “full access” to users’ sites.
The post WordPress Supply Chain Attack—93 Add-Ons Infected for Months appeared first on Security Boulevard.
一家广受欢迎的 WordPress 插件和主题制造商遭到黑客攻击ーー AccessPress 提供的93种产品被修改,黑客可以“完全访问”用户的网站。
后 WordPress 供应链攻击ーー93个附加组件感染数月首次出现在安全大道。
2022年1月25日 01:35Security Boulevard
Written by CISOs, for CISOs This article provides highlights from our ‘CISO Point of View: The ever-changing role of data, and the implications for data protection
The post New Data Protection Methods and the Impact on Securing Storage & Backup appeared first on Continuity™.
The post New Data Protection Methods and the Impact on Securing Storage & Backup appeared first on Security Boulevard.
这篇文章从我们的“ CISO 观点: 数据不断变化的角色,以及对数据保护的影响”中提供了重点
新的数据保护方法及其对存储和备份安全的影响最早出现在 ContinuityTM 上。
后新的数据保护方法和对安全存储和备份的影响首先出现在安全大道。
2022年1月25日 01:34Security Boulevard
Dear blog readers,
In this post I've decided to do an in-depth OSINT analysis on the recently busted REvil ransomware gang and decided to elaborate more and emphasize on the key fact in specific how come that a single ransomware group with several publicly accessible and easy to shut down C&C (command and control) server domains including several randomly generated Dark Web Onion URLs could easily result in millions of damage and who really remembers a situation when getting paid for getting hacked including the basic principle that you should never interact with cybercriminals but instead should passively and proactively monitor them could result in today's modern and unspoken ransomware growth epidemic and the rise of wrong buzz words as for instance ransomware-as-a-corporation where you basically have the bad guys obtain initial access to an organization's network and then hold its information encryption leading us to the logical conclusion who on Earth would pay millions of dollars to avoid possible bad r
2022年1月25日 01:34Security Boulevard
Zero Trust is a security framework that requires authentication, authorization, and validation from all users, whether inside or outside the organization's network. This is mandatory for security configuration and precedes granting privileged access to the organization's data or applications. The term Zero Trust means that the network doesn't trust anyone connected to a local network, cloud, or hybrid.
The post Zero Trust Security – A Quick Guide appeared first on Security Boulevard.
Zero Trust 是一个安全性框架,它需要来自所有用户的身份验证、授权和验证,无论是在组织的网络内部还是外部。这对于安全配置是必需的,并且在授予对组织的数据或应用程序的特权访问之前必须这样做。零信任这个术语意味着网络不信任任何连接到本地网络、云或混合网络的人。
邮政零信托安全-一个快速指南首次出现在安全大道。
2022年1月25日 01:34Security Boulevard
A remote work policy can contain a variety of sections that help guide productivity and promote security. Learn more today!
The post What to Include in a Remote Work Policy appeared first on JumpCloud.
The post What to Include in a Remote Work Policy appeared first on Security Boulevard.
远程工作策略可以包含有助于指导生产力和提高安全性的各种部分!
在远程工作策略中应该包括什么这篇文章最先出现在 JumpCloud 上。
《远程工作政策包括什么》一文最先出现在安全大道上。
2022年1月25日 01:34Hex Rays
The first 2022 IDA training session will take place online from 16-20 and 23-25 May 2022 , from 9am Pacific Standard Time. The session is devised to help professional reverse engineers master IDA Pro, the de-facto industry standard reverse engineering tool and take their reversing skills to the next level. Provided by the experts behind [...]
2022年国际开发协会第一期培训课程将于2022年5月16日至20日和23日至25日太平洋标准时间上午9时在线举行。该课程旨在帮助专业的逆向工程师掌握 IDA Pro,实际上是行业标准的逆向工程工具,并将他们的逆向技能提升到一个新的水平。由[ ... ]背后的专家提供
2022年1月25日 01:31The Daily Swig | Cybersecurity
2022年1月24日 23:37Software Integrity Blog
A managed services partner should do more than run the tests you choose. The right partner will work with you to shape your application security program.
The post Scale and mature your AppSec program with a managed services partner appeared first on Software Integrity Blog.
托管服务合作伙伴应该做的不仅仅是运行您选择的测试。合适的合作伙伴将与您合作,以形成您的应用程序安全程序。
软件完整性博客上首先出现了与托管服务合作伙伴合作的 Scale 和成熟的 AppSec 程序。
2022年1月24日 23:35Hacking Articles
Introduction Forge is a CTF Linux box rated “medium” on the difficulty scale on the HackTheBox platform. The box covers subdomain enumeration, SSRF attacks and
The post Forge HackTheBox Walkthrough appeared first on Hacking Articles.
简介福吉是一款被评为“中等难度”的 CTF Linux box,在 HackTheBox 平台上使用。该框包括子域枚举、 SSRF 攻击和
首先出现在《黑客文章》上。
2022年1月24日 23:35Files ≈ Packet Storm
Ubuntu Security Notice 5248-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, conduct header splitting attacks, conduct spoofing attacks, bypass security restrictions, confuse the user, or execute arbitrary code.
Ubuntu 安全通告5248-1-在 Thunderbird 中发现了多个安全问题。如果一个用户被诱骗在浏览上下文中打开一个特别设计的网站,攻击者可能会利用这些信息导致一个分布式拒绝服务攻击,获取敏感信息,欺骗用户接受不必要的权限,进行头部分裂攻击,进行欺骗攻击,绕过安全限制,迷惑用户,或执行任意代码。
2022年1月24日 23:35Files ≈ Packet Storm
Red Hat Security Advisory 2022-0230-03 - OpenShift Logging Bug Fix Release. Issues addressed include code execution and denial of service vulnerabilities.
Red Hat Security Advisory 2022-0230-03-OpenShift Logging Bug Fix Release.所涉及的问题包括代码执行和分布式拒绝服务攻击安全漏洞。
2022年1月24日 23:35Files ≈ Packet Storm
Ubuntu Security Notice 5244-1 - Daniel Onaca discovered that DBus contained a use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same UID. An attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.
Ubuntu 安全通告5244-1-Daniel Onaca 发现 DBus 包含一个 use-after-free 漏洞,这是由于对共享相同 UID 的用户名处理不当造成的。攻击者可能会利用这个问题导致 DBus 崩溃,从而导致分布式拒绝服务攻击攻击。
2022年1月24日 23:35Files ≈ Packet Storm
Red Hat Security Advisory 2022-0231-03 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include heap overflow and privilege escalation vulnerabilities.
Red Hat Security Advisory 2022-0231-03-这是一个内核活动补丁模块,它由 RPM 后安装脚本自动加载,用于修改正在运行的内核的代码。解决的问题包括堆溢出和权限提升安全漏洞。
2022年1月24日 23:35Files ≈ Packet Storm
Red Hat Security Advisory 2022-0209-02 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
Redhat Security Advisory 2022-0209-02-Java-11-OpenJDK 包提供 OpenJDK 11 JRE 和 OpenJDK 11 Java 软件开发工具包。所涉及的问题包括反序列化和整数溢出漏洞。
2022年1月24日 23:35Files ≈ Packet Storm
Red Hat Security Advisory 2022-0233-02 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
Redhat Security Advisory 2022-0233-02-Java-11-OpenJDK 包提供 OpenJDK 11 JRE 和 OpenJDK 11 Java 软件开发工具包。所涉及的问题包括反序列化和整数溢出漏洞。
2022年1月24日 23:35Files ≈ Packet Storm
Red Hat Security Advisory 2022-0185-03 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
Redhat Security Advisory 2022-0185-03-Java-11-OpenJDK 包提供 OpenJDK 11 JRE 和 OpenJDK 11 Java 软件开发工具包。所涉及的问题包括反序列化和整数溢出漏洞。
2022年1月24日 23:35Files ≈ Packet Storm
Red Hat Security Advisory 2022-0211-04 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
Redhat Security Advisory 2022-0211-04-Java-11-OpenJDK 包提供 OpenJDK 11 JRE 和 OpenJDK 11 Java 软件开发工具包。所涉及的问题包括反序列化和整数溢出漏洞。
2022年1月24日 23:35Files ≈ Packet Storm
Red Hat Security Advisory 2022-0232-02 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a heap overflow vulnerability.
Red Hat Security Advisory 2022-0232-02-这是一个内核活动补丁模块,它由 RPM 后安装脚本自动加载,用于修改正在运行的内核的代码。解决的问题包括堆溢出漏洞。
2022年1月24日 23:35Files ≈ Packet Storm
Red Hat Security Advisory 2022-0204-04 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
Redhat Security Advisory 2022-0204-04-The Java-11-OpenJDK 软件包提供了 OpenJDK 11 JRE 和 OpenJDK 11 Java 软件开发工具包。所涉及的问题包括反序列化和整数溢出漏洞。
2022年1月24日 23:35Files ≈ Packet Storm
Ubuntu Security Notice 5243-2 - USN-5243-1 fixed a vulnerability in aide. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu 安全通告5243-2-usn-5243-1修复了一个安全漏洞。本更新提供了 Ubuntu 14.04 ESM 和 Ubuntu 16.04 ESM 的相应更新。大卫 · 布曼发现 AIDE 错误地处理了 base64操作。本地攻击者可能会利用这个问题导致 AIDE 崩溃,从而产生分布式拒绝服务攻击攻击,或者可能执行任意代码。
2022年1月24日 23:35Files ≈ Packet Storm
Whitepaper that gives exploitation and overview details on the Log4j vulnerability as noted in CVE-2021-44228.
白皮书,提供了对 Log4j 漏洞的利用和概述,详情见 CVE-2021-44228。
2022年1月24日 23:35Files ≈ Packet Storm
The XNU kernel suffers from a use-after-free vulnerability in mach_msg.
XNU 内核在 mach _ msg 中存在一个未使用后的漏洞。
2022年1月24日 23:34Files ≈ Packet Storm
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
Botan 是一个 c + + 加密算法库,包括 AES、 DES、 SHA-1、 RSA、 DSA、 Diffie-Hellman 等等。它还支持 x. 509证书和 crl,以及 PKCS # 10证书请求,并具有高级的过滤器/管道消息处理系统。该库可以很容易地移植到大多数系统和编译器,并包含大量的教程和 API 参考。这是当前的稳定版本。
2022年1月24日 23:34Files ≈ Packet Storm
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
对 unix 系统日志进行分析和报告。它是一个可定制的、可插入的日志监控系统,可以在给定的时间段内检查日志并生成可定制的报告。它应该可以在大多数系统的软件包中正常工作。
2022年1月24日 23:34Files ≈ Packet Storm
The Ubiquiti UniFi Network Application versions 5.13.29 through 6.5.53 are affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server via the remember field of a POST request to the /api/login endpoint that will cause the server to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the server application. This Metasploit module will start an LDAP server that the target will need to connect to.
Ubiquiti UniFi 网络应用版本5.13.29到6.5.53受到 Log4Shell 漏洞的影响,通过 POST 请求的 remember 字段向服务器发送 JNDI 字符串到/api/登录端点,这将导致服务器连接到攻击者并反序列化恶意 Java 对象。这将导致在服务器应用程序的上下文中执行 OS 命令。Metasploit 模块将启动目标需要连接到的 LDAP 服务器。
2022年1月24日 23:34Security Boulevard
Companies are looking for ways to reduce the risks from cyberattacks and 2022 looks to be the year organizations accept that security must become an adaptable, changeable system within the business and overhaul their legacy static approaches accordingly. As the public grows more aware of the impacts of cyberattacks and demand action, organizations must take..
The post API Security, Ransomware Top 2022 Threats appeared first on Security Boulevard.
公司正在寻找降低网络攻击风险的方法,2022年将是组织接受安全必须成为企业内部一个适应性强、可变化的系统的一年,并相应地改变他们的传统静态方法。随着公众越来越意识到网络攻击的影响并要求采取行动,组织必须采取行动。.
后 API 安全,勒索软件顶级2022威胁首先出现在安全大道。
2022年1月24日 23:34Files ≈ Packet Storm
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
Lynis 是 Unix (专家)的审计工具。它扫描系统和可用的软件,以检测安全问题。除了安全相关的信息,它还将扫描一般的系统信息,安装包和配置错误。该软件的目的是协助自动审计,软件补丁管理,漏洞和恶意软件扫描的 Unix 为基础的系统。
2022年1月24日 23:34Security Boulevard
Sonatype’s automated malware detection platform Nexus Firewall has flagged multiple dependency confusion packages on the PyPI registry today, all uploaded by the same user.
On January 23rd, PyPI user arturlebedev began flooding the PyPI registry with 1,275 packages, as observed by Sonatype:
The post PyPI Flooded with 1,275 Dependency Confusion Packages appeared first on Security Boulevard.
的自动化恶意软件检测平台 Nexus Firewall 已经在 PyPI 注册表上标记了多个依赖关系混淆包,这些包都是由同一个用户上传的。
1月23日,PyPI 用户 arturlebedev 开始向 PyPI 注册表中注入1275个包,Sonatype 观察到:
后 PyPI 被1275个依赖关系混淆软件包淹没,首先出现在安全大道上。
2022年1月24日 23:31The Daily Swig | Cybersecurity
Movie translation site asked victims to reset passwords… then sent them in clear text
电影翻译网站要求受害者重置密码... 然后以明文形式发送给他们
2022年1月24日 23:31The Daily Swig | Cybersecurity
Shell injected on servers via bypass of local file inclusion defenses
通过绕过本地文件包含防御注入到服务器上的 Shell
2022年1月24日 23:31胡涂说
知识管理达人采铜推荐了《巨人的工具》,我在微信读书上找来此书看完。作者蒂姆·费里斯是一名播客主播,在他的播客中他采访了美国各业界精英,整理成了《巨人的工具》一书。各位名流根据自己的经验给出一些关于健康、财富和人生智慧方面的建议。说实话,我觉得这本书可以当成闲暇的读物,按照自己的兴趣读几章还是可以的,我就是这么快速看完的,特别是第一部分的健康篇几乎没看,因为我觉得所谓健康方面的建议还是要根据个人实际情况来定,不要盲目仿效为好。不过有些人物的访谈也挺有意思,给我印象最深刻的是对凯文·凯利和纳瓦尔·拉维康特的采访。
凯文·凯利(Kevin Kelly)推崇极简化的生活,他引用梭罗的名言:“一个人的富有,与他舍弃的东西成正比。”凯文·凯利曾经在年轻的时候辞去工作身无分文环游世界。而在他成名后依然践行他的极简化的生活。(在他的《必然》书中还介绍了他的不拥有财产只订阅所需的“订阅式”生活方式。)他的具体做法是:在身无分文的情况下,一次坚持3~14天。如:在睡袋里睡觉、只穿廉价衬衫和牛仔裤;通过沙发客网络平台找到免费住宿;只吃即食麦片和米饭,只喝水…凯文·凯利用这种近乎自虐的方式做贫乏生活的实验,而在这些实验之后,感觉自己更幸福了。
纳瓦尔·拉维康特(Naval Ravikant)是硅谷有名的投资人,他最为人称道的是在Twitter上发表的39条“如何靠实力致富” How to get rich(without getting lucky)。网上有中文翻译版,值得读一读。在本书的访谈中,纳瓦尔依然体现了他哲学家似的思考方式,比如:
如果你想要成功,那就与比你更成功的人交往。但是,如果你想幸福,那么就与不如你成功的人交往。
纳瓦尔提到他总结的一些原则:
当下高于一切。
欲望是痛苦的根源。
阅读(学习)是最重要的元技能,你可以用它换取其他所有事物。
生活中所有的现实利益都来自复利。
用智慧而不是时间赢得成功。
爱是付出,而不是接受。
开悟存在于你思绪之间的空隙(埃克哈特·托利)。
纳瓦尔提到他经常对自己说的词是“接受”,面对生活的任何情况有三种选择:改变、接受、离开。很多人在这些抉择中纠结不已,也造成了自身的痛苦。纳瓦尔说:
你必须意识到生命苦短,且行且珍惜,切记不要庸人自扰。我们没有理由让自己生活在痛苦之中。在宇宙存在的这500亿年或更久的时间中,你只有差不多70年的时间。
看完《巨人的工具》,我又把作者的另外一本新书《巨人的方
2022年1月24日 21:34Security Boulevard
The Avast team has been interested to learn about a recent proposal put forth by politicians in the US House of Representatives which calls for an end to targeted advertising, AKA surveillance advertising. We suggested this very same thing last year in an earlier blog post. This would stop advertisers from serving targeted ads to users, so many consumers would no longer feel as if they are being watched while they browse online.
The post A New Way to Advertise Online | Avast appeared first on Security Boulevard.
Avast 团队对美国众议院政客们最近提出的一项提案很感兴趣,该提案呼吁结束定向广告,即监控广告。我们在去年的一篇博客文章中提出了同样的建议。这将阻止广告商向用户提供定向广告,这样许多消费者就不会再觉得自己在浏览网页时受到监视。
在线广告的新方式 | Avast 首先出现在安全大道。
2022年1月24日 21:34Security Boulevard
With the global big data market set to be worth nearly $235 billion by 2026, to say that data is […]
The post How Businesses Can Put Privacy First appeared first on Sonrai Security.
The post How Businesses Can Put Privacy First appeared first on Security Boulevard.
到2026年,全球大数据市场的价值将接近2350亿美元,可以说数据是[ ... ]
企业如何保护隐私首先出现在 Sonrai 安全网站上。
《企业如何保护隐私》一文最先出现在安全大道上。
2022年1月24日 21:34Security Boulevard
Two cybersecurity experts identified the top security threats for 2022 during an online Predict 2022 conference hosted by Techstrong Live, an arm of Techstrong Group, the parent company of Security Boulevard. Both Mike Jones, host of the H4unt3d Hacker podcast and a former anonymous hacktivist, and Donovan Farrow, CEO of Alias Forensics, a cybersecurity forensics..
The post Predict 2022: Top Cybersecurity Threats for 2022 appeared first on Security Boulevard.
在 Techstrong Live 主办的2022年在线预测会议上,两位网络安全专家确定了2022年最大的安全威胁。麦克 · 琼斯,H4unt3d 黑客播客的主持人,前匿名黑客主义者,还有多诺万 · 法罗,Alias Forensics 公司的首席执行官,网络安全取证。.
2022年的预测: 2022年网络安全的最大威胁首次出现在安全大道上。
2022年1月24日 21:31The Daily Swig | Cybersecurity
Full chain exploit ready for Prime time
全链利用准备好黄金时间
2022年1月24日 19:35Blogs on Kryptos Logic
Overview TrickBot, a modular trojan, has been active in the malware scene since 2016. It is famously known for having a variety of modules in its attack toolkit, some of which are quite recent and some being actively developed. This brings us to its web injection module, injectDLL, that has been around since the malware was first discovered. The core purpose of the module still remains the same, which is injecting scripts into websites to exfiltrate information.
概述 TrickBot,一种模块化木马,自2016年以来一直活跃在恶意软件领域。众所周知,它的攻击工具包中有各种各样的模块,其中一些模块是最近才出现的,另一些模块正在积极开发中。这就把我们带到了它的 web 注入模块,injectDLL,自从恶意软件首次被发现以来就一直存在。该模块的核心目的仍然是相同的,即注入脚本到网站,以外泄信息。
2022年1月24日 19:31tyler_download的专栏
区块链底层算法基础:有限群的原理与代码实现
作者:tyler_download 发表于 2022/01/24 18:03:50 原文链接 https://blog.csdn.net/tyler_download/article/details/122669312
阅读:0
2022年1月24日 17:37WordPress › Error
“The most important result of working with Intigriti is that it offers you tangible and actionable results that significantly increase your security maturity.” – Yannick Herrebaut, CISO of Port of Antwerp About Port of Antwerp As Europe’s second-largest port, the Port of Antwerp is a major lifeline for the Belgian economy. The Port of Antwerp […]
The post <strong>Port of Antwerp’s bug bounty program strengthens its world-class security defenses</strong> appeared first on Intigriti.
“与 Intigriti 合作的最重要的结果是,它为你提供了切实可行的结果,大大提高了你的安全成熟度。”安特卫普港的 CISO 关于安特卫普港作为欧洲第二大港口,安特卫普港是比利时经济的主要生命线。安特卫普港[ ... ]
安特卫普港的错误赏金计划加强了它世界级的安全防御。
2022年1月24日 17:34Security Boulevard
Kubernetes is the popular container orchestration platform developed by Google to manage large-scale containerized applications. Kubernetes manages microservices applications over a distributed cluster of nodes. It is very resilient and supports scaling, rollback, zero downtime, and self-healing containers. The primary aim of Kubernetes is to mask the complexity of overseeing a large fleet of containers. […]… Read More
The post Kubernetes Incident Response: Building Your Strategy appeared first on The State of Security.
The post Kubernetes Incident Response: Building Your Strategy appeared first on Security Boulevard.
Kubernetes 是 Google 开发的流行的容器编排平台,用于管理大规模的集装箱化应用程序。Kubernetes 在分布式节点集群上管理微服务应用程序。它非常有弹性,支持伸缩、回滚、零停机时间和自我修复容器。Kubernetes 的主要目标是掩盖监督庞大集装箱船队的复杂性。... ... 阅读更多
后《库伯尼特事件应对: 构建你的战略》首次出现在《安全状况》上。
后 Kubernetes 事件反应: 建立你的战略首先出现在安全大道。
2022年1月24日 17:31tyler_download的专栏
区块链底层算法逻辑探究
作者:tyler_download 发表于 2022/01/24 15:40:31 原文链接 https://blog.csdn.net/tyler_download/article/details/122648174
阅读:11
2022年1月24日 16:09绿盟科技博客
本文从5G网络中的关键技术切入,探讨5G网络所面临的安全问题。
2022年1月24日 15:39绿盟科技博客
一、威胁通告 Oracle全系产品1月关键补丁更新通告(CVE-2022-21306、CVE-2022-212
Read More