当前节点:rss
时间节点
2022年6月23日 17:39malware.news
On June 8th, a new Windows Zero-day vulnerability named DogWalk was revealed by Hacker News (thehackernews.com). Similar to that of Follina vulnerability that targeted MS Office document files, this is a vulnerability that occurs from MSDT (Microsoft Support Diagnostic Tool), and it has a risk of copying malware in Windows Startup folder upon running the compressed “.diagcab” extension file. Although PC has to be restarted for the malicious file to operate, users are exposed to attacks since no patch has been announced by MS yet.
Reference: https://thehackernews.com/2022/06/researchers-warn-of-unpatched-dogwalk.html
As shown below, these vulnerability attacks can be detected using V3’s behavior detection. After downloading “.diagcab” file from web browser or outlook and executing it, V3 detects and deletes msdt.exe processes that copy the executable file to the Windows Startup folder.
Startup path: C:\Users\UserAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
The figure below shows how V
2022年6月23日 17:39malware.news
When you have to deal with malware in your day job, for research purposes, or just for fun, one of the key points is to have a lab ready to be launched. Your sandbox must be properly protected and isolated to detonate your samples in a safe way but it must also be fulfilled with tools, and scripts. This toolbox is yours and will be based on your preferred tools but starting from zero is hard, that’s why there are specific Linux distributions built for this purpose. The one that I use in FOR610 and for my daily investigations is REMnux[1], created and maintained by Lenny Zeltser[2]. This environment offers tons of tools that help to perform all the malware analysis steps from static analysis up to code reversing and debugging.
Article Link: InfoSec Handlers Diary Blog - SANS Internet Storm Center
1 post - 1 participant
Read full topic
当你在日常工作中不得不处理恶意软件时,为了研究目的,或者仅仅是为了好玩,其中一个关键点就是准备好一个实验室。你的沙箱必须得到适当的保护和隔离,以安全的方式引爆你的样品,但它也必须与工具和脚本。这个工具箱是您的,并且将基于您喜欢的工具,但是从零开始是困难的,这就是为什么有专门为此目的构建的 Linux 发行版的原因。我在 FOR610和我的日常调查中使用的
2022年6月23日 17:39malware.news
<div> <div> <div> <div><h2>Python Developer</h2>
Location San Gwann (Malta) & Skopje (North Macedonia)
Apply now
<div><p>The Hornetsecurity Group is the leading cloud security provider in Europe, which protects the IT infrastructure, digital communication and data of companies and organizations of all sizes. Its services are provided worldwide via 11 redundantly secured data centers. The product portfolio covers all important areas of email security, including spam and virus filters, legally compliant archiving and encryption, as well as defense against CEO fraud and ransomware. With more than 350 employees, the Hornetsecurity Group is represented globally at several locations and operates in more than 30 countries through its international distribution network. The premium services are used by approximately 50,000 customers including Swisscom, Telefónica, KONICA MINOLTA, LVM Versicherung and CLAAS.</p>
For our locations in San Gwann (Malta) or Skopje (North Macedonia) we are looking for a motivated Python De
2022年6月23日 17:39malware.news
On 23 May 2022, an EMPACT coordinated online joint action day targeted criminal networks grooming Ukrainian refugees for sexual and labour exploitation via websites and social media platforms. Law enforcement authorities from 14 EU Member States* took part in this hackathon**, coordinated by the Netherlands. The investigators monitored different online platforms to detect criminal networks attempting to recruit vulnerable Ukrainian…
Article Link: Human traffickers luring Ukrainian refugees on the web targeted in EU-wide hackathon | Europol
1 post - 1 participant
Read full topic
2022年5月23日,防止和打击犯罪总署协调了网上联合行动日,目标是通过网站和社交媒体平台培养乌克兰难民从事性剥削和劳动剥削的犯罪网络。来自14个欧盟成员国的执法当局 * 参加了这次由荷兰协调的黑客马拉松 * * 。调查人员监控了不同的在线平台来侦查企图招募弱势乌克兰人的犯罪网络。
文章链接: 人贩子在网上引诱乌克兰难民成为欧盟黑客马拉松的目标 | 欧洲刑警组织
1名1职参与者
阅读全部主题
2022年6月23日 17:39malware.news
<div> <div> <div> <div><h2>Junior System Developer</h2>
Location San Gwann (Malta) & Skopje (North Macedonia)
Apply now
<div><p>The Hornetsecurity Group is the leading cloud security provider in Europe, which protects the IT infrastructure, digital communication and data of companies and organizations of all sizes. Its services are provided worldwide via 11 redundantly secured data centers. The product portfolio covers all important areas of email security, including spam and virus filters, legally compliant archiving and encryption, as well as defense against CEO fraud and ransomware. With more than 350 employees, the Hornetsecurity Group is represented globally at several locations and operates in more than 30 countries through its international distribution network. The premium services are used by approximately 50,000 customers including Swisscom, Telefónica, KONICA MINOLTA, LVM Versicherung and CLAAS.</p>
For our locations in San Gwann (Malta) or Skopje (North Macedonia) we are looking for a motivated Ju
2022年6月23日 17:39jarcis-cy
motikan2010 starred u21h2/AutoSpear Jun 22, 2022
u21h2/AutoSpear
AutoSpear
20 Updated May 17
主演: u21h2/AutoSpear 2022年6月22日
U21h2/AutoSpear
汽车之矛
20五月十七日更新
2022年6月23日 17:31NVISO Labs
Introduction In Cortex XSOAR, indicators are a key part of the platform as they visualize the Indicators Of Compromise (IOC) of a security alert in the incident to the SOC analyst and can be used in automated analysis workflows to determine the incident outcome. If you have a Cortex XSOAR Threat Intelligence Management (TIM) license, … Continue reading Cortex XSOAR Tips & Tricks – Creating indicator relationships in automations →
引言在 Cortex XSOAR 中,指示器是平台的一个关键部分,因为它们将事件中安全警报的指示器(IOC)可视化,提供给 SOC 分析师,并且可以在自动化分析工作流中使用,以确定事件的结果。如果你拥有 Cortex XSOAR 威胁智能管理(TIM)许可证,请继续阅读 Cortex XSOAR 的提示和技巧——在自动化中创建指示器关系→
2022年6月23日 17:10burp
This release upgrades Burp's browser to Chromium 103.0.5060.53, which patches a critical security issue.
这个版本将 Burp 的浏览器升级到 Chromium 103.0.5060.53,这修补了一个关键的安全问题。
2022年6月23日 15:37Wallarm Blog
Background On June 20, 2022 Spring released Spring Data MongoDB 3.4.1 and 3.3.5 to address a critical CVE report: CVE-2022-22980: Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods. This vulnerability was originally reported on June 13, 2022. Wallarm SOC team already uses its exploitation in the wild. Vulnerability This vulnerability affects Spring [...]
The post Update on Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980) appeared first on Wallarm.
背景2022年6月20日,Spring 发布了 Spring Data MongoDB 3.4.1和3.3.5,以解决一个关键的 CVE 报告: CVE-2022-22980: Spring Data MongoDB SpEL 表达式注入漏洞,通过带注释的存储库查询方法。这个漏洞最初是在2022年6月13日报道的。沃拉姆 SOC 团队已经在野外使用它的开发。漏洞此漏洞影响 Spring [ ... ]
Spring 数据更新后 MongoDB SpEL 表达式注射漏洞(CVE-2022-22980)首先出现在 Wallarm 上。
2022年6月23日 15:31360漏洞预警
360-CERT每日安全简报
2022年6月23日 14:39绿盟科技博客
回顾过往,几乎每个月都有海外企业、政府机关、各类公共部门因为网络攻击事件,登上新闻热搜。在众多的互联网资产中,
Read More
2022年6月23日 14:09绿盟科技博客
一、引言 本次RSA大会的主题为Transform(转型)。2022年的主题Transform(转型)是去年R
Read More
2022年6月23日 11:354ra1n
todo
2022年6月23日 10:09跳跳糖
2022年1月14日,一个编号为CVE-2022-23222的漏洞被公开,这是一个位于eBPF验证器中的漏洞,漏洞允许eBPF程序在未经验证的情况下对特定指针进行运算,通过精心构造的代码,可以实现任意内核内存读写,而这将会造成本地提权的风险。
2022年6月23日 07:36r2c website
We’re very excited to announce that PHP is now fully supported (that is, generally available) in Semgrep! There are now more than 40 PHP…
我们非常兴奋地宣布,现在 Semgrep 完全支持 PHP (即通常可用) !现在有超过40个 PHP..。
2022年6月23日 05:37Software Integrity Blog
The acquisition of WhiteHat Security, the leading the DAST solution provider, is a step toward a more comprehensive, end-to-end portfolio for AppSec.
The post WhiteHat brings new dimension to DAST capabilities at Synopsys appeared first on Application Security Blog.
收购领先的 DAST 解决方案提供商 WhiteHat Security 是 AppSec 朝着更全面、端到端的投资组合迈出的一步。
后 WhiteHat 带来了新的维度的 DAST 能力在 Synopsys 第一次出现在应用安全博客。
2022年6月23日 05:37Software Integrity Blog
The acquisition of WhiteHat security, the leading DAST solution provider, is a step towards a more comprehensive, end-to-end portfolio for AppSec.
The post WhiteHat brings new dimension to DAST capabilities at Synopsys appeared first on Application Security Blog.
收购领先的 DAST 解决方案供应商 WhiteHat Security 是 AppSec 朝着更全面、端到端投资组合迈出的一步。
后 WhiteHat 带来了新的维度的 DAST 能力在 Synopsys 第一次出现在应用安全博客。
2022年6月23日 05:33Posts on malicious.link
Lessons Learned
Slides
Lesson 1
Lesson 2
Lesson 3
Lesson 4
Lesson 5
Lesson 6
Lesson 7
Lesson 8
Lesson 9
Lesson 10
Lesson 11
Lesson 4 - User Blaming
Security is NOT everyone’s job in the company. Stop trying to force the issue. It’s security’s job to enable, incentivize and protect.
In the Marine Corps, I was taught that every Marine is a “Rifleman”, meaning that any Marine, no matter their MOS (Military Occupational Specialty) - aka their job, could be called upon to engage with the enemy using a rifle or other weapon. This meant that every Marine must be trained, and regularly re-trained/tested, to ensure their proficiency with a rifle. Other branches have similar stances or sayings.
I believe the mindset that every person in a company has a stake in it’s cyber security came from veterans. That or it came from the realm of safety, which I 100% support. Safety is everyone’s responsibility. Now is where some of you are equating cyber security with safety, and yes, they do sometimes overlap.
However, in most ca
2022年6月23日 03:39malware.news
The government watchdog highlighted the need for specific security requirements in recommending other relevant agencies explore the possibility of providing federal assistance to private sector entities following a catastrophic event.
Article Link: https://www.nextgov.com/cybersecurity/2022/06/gao-potential-federal-cyber-insurance-program-should-avoid-moral-hazard/368462/
1 post - 1 participant
Read full topic
政府监督机构强调,有必要提出具体的安全要求,建议其他相关机构探讨在发生灾难性事件后向私营部门实体提供联邦援助的可能性。
文章链接:  https://www.nextgov.com/cybersecurity/2022/06/gao-potential-federal-cyber-insurance-program-should-avoid-moral-hazard/368462/
1名1职参与者
阅读完整主题
2022年6月23日 03:34CXSECURITY Database RSS Feed -
Topic: WordPress Download Manager 3.2.43 Cross Site Scripting Risk: Low Text:Exploit Title: Download Manager Cross-Site Scripting Date: 2022-06-16 Exploit Author : Andrea Bocchetti Vendor Homepage : h...
2022年6月23日 03:34CXSECURITY Database RSS Feed -
Topic: SAP FRUN 2.00 / 3.00 Cross Site Scripting Risk: Low Text:# Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring) ...
主题: SAP FRUN 2.00/3.00跨网站脚本风险: 低文本: # Onapsis 安全咨询2022.0003: SAP 专注运行(实际用户监控)中的跨网站脚本(XSS)漏洞..。
2022年6月23日 03:34CXSECURITY Database RSS Feed -
Topic: SAP Fiori Launchpad Cross Site Scripting Risk: Low Text:# Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad ## Impact on Busin...
主题: SAP Fiori 启动跨网站脚本风险: 低文本: # Onapsis 安全咨询2022-0005: SAP Fiori 启动跨网站脚本的漏洞 # # 对 Busin 的影响..。
2022年6月23日 03:34CXSECURITY Database RSS Feed -
Topic: SAP FRUN Simple Diagnostics Agent 1.0 Information Disclosure Risk: Low Text:# Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) ...
主题: SAP FRUN 简单诊断代理1.0信息披露风险: 低文本: # Onapsis 安全咨询2022-0006: SAP 专注运行中的信息披露漏洞(简单诊断代理1.0) ..。
2022年6月23日 03:34CXSECURITY Database RSS Feed -
Topic: SAP FRUN Simple Diagnostics Agent 1.0 Missing Authentication Risk: Low Text:# Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0) ## ...
讲题: SAP FRUN 简单诊断代理1.0缺少身份验证风险: 低文本: # Onapsis Security Advisory 2022-0004: SAP Focus Run 中缺少身份验证检查(Simple Diagnostics Agent 1.0) # ..。
2022年6月23日 03:34CXSECURITY Database RSS Feed -
Topic: SAP FRUN Simple Diagnostics Agent 1.0 Directory Traversal Risk: Medium Text:# Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) ...
主题: SAP FRUN 简单诊断代理1.0目录遍历风险: 中级文本: # Onapsis 安全咨询2022-0007: SAP 专注运行中的目录遍历漏洞(Simple Diagnostics Agent 1.0) ..。
2022年6月23日 03:34CXSECURITY Database RSS Feed -
Topic: BLUEWATER MARIBAGO BEACH RESORT - SQL Injection Vulnerability Risk: Medium Text:****************************************************************** #Exploit Title: BLUEWATER MARIBAGO BEACH RESORT - SQL Inje...
2022年6月23日 03:34CXSECURITY Database RSS Feed -
Topic: Verbatim Fingerprint Secure Portable Hard Drive Insufficient Verification Risk: Medium Text:Advisory ID: SYSS-2022-017 Product: Fingerprint Secure Portable Hard Drive Manufacturer: ...
2022年6月23日 03:34CXSECURITY Database RSS Feed -
Topic: SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting Risk: Medium Text:SEC Consult Vulnerability Lab Security Advisory < 20220614-0 > == title: Reflected Cros...
标题: SIEMENS-SINEMA Remote Connect 3.0.1.0.01.01.00.02跨网站脚本风险: 中等文本: 美国证券交易委员会咨询脆弱性实验室安全咨询 < 20220614-0 > = = 标题: 反射十字架..。
2022年6月23日 03:09Exploitalert
SAP FRUN Simple Diagnostics Agent 1.0 Missing Authentication
SAP FRUN 简单诊断代理1.0缺少身份验证
2022年6月23日 03:09Exploitalert
SAP FRUN Simple Diagnostics Agent 1.0 Directory Traversal
简单诊断代理1.0目录遍历
2022年6月23日 03:09Exploitalert
BLUEWATER MARIBAGO BEACH RESORT - SQL Injection Vulnerability
2022年6月23日 03:09Exploitalert
SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting
西门子-西门子远程连接3.0.1.0.01.01.00.02跨网站脚本
2022年6月23日 03:09Exploitalert
WordPress Download Manager 3.2.43 Cross Site Scripting
WordPress 下载管理器3.2.43跨网站脚本
2022年6月23日 03:09Exploitalert
SAP FRUN 2.00 / 3.00 Cross Site Scripting
SAP FRUN 2.00/3.00跨网站脚本
2022年6月23日 03:09Exploitalert
SAP Fiori Launchpad Cross Site Scripting
2022年6月23日 03:09Exploitalert
SAP FRUN Simple Diagnostics Agent 1.0 Information Disclosure
2022年6月23日 03:09malware.news
Twitter published an apology on Wednesday after it was caught covertly using account security data for targeted advertising.
The social media giant admitted that for several years, users were asked to provide a phone number or email address to secure or authenticate their accounts. Twitter then used that information for targeted advertising, according to a complaint filed by the Department of Justice and Federal Trade Commission.
In May, the company agreed to pay a $150 million fine to settle the complaint, which alleged that Twitter violated a previous order “by collecting customers’ personal information for the stated purpose of security and then exploiting it commercially.”
In addition to the $150 million penalty, Twitter agreed to notify users that it misused the security data.
The FTC said last month that between May 2013 and September 2019, Twitter “induced people to provide their phone numbers and email addresses by claiming that the company’s purpose was, for example, to ‘Safeguard your account.’”
But
2022年6月23日 03:09malware.news
The Linux Foundation and Snyk’s report, The State of Open Source Security, finds open source security faces hard challenges even as it becomes more popular than ever.
Article Link: Blind trust in open source security is hurting us: Report | ZDNet
1 post - 1 participant
Read full topic
Linux 基金会和 Snyk 的报告《开源安全状况》(The State of Open Source Security)发现,开源安全面临着严峻的挑战,尽管它变得比以往任何时候都更加流行。
文章链接: 对开源安全的盲目信任正在伤害我们
1名1职参与者
阅读完整主题
2022年6月23日 02:09malware.news
Trusted Internet Connections use cases provide guidance on secure implementations of specific platforms, services and environments.
Article Link: CISA Seeks Public Feedback on TIC 3.0 Cloud Use Case - Nextgov
1 post - 1 participant
Read full topic
可信互联网连接用例为特定平台、服务和环境的安全实现提供指导。
文章链接: CISA 寻求公众对 TIC 3.0云用例的反馈-Nextgov
1名1职参与者
阅读完整主题
2022年6月23日 01:39Sylvain Kerkour
It's an open secret that most of the time and costs spent on any serious software project are from maintenance. Rust is moving fast, and its ecosystem too, so it's necessary to automate your projects' maintenance. The good news is that, in my experience, due to its strong typing, Rust
在任何严肃的软件项目上花费的大部分时间和成本都来自于维护,这是一个公开的秘密。Rust 正在快速移动,它的生态系统也是如此,因此有必要使项目的维护自动化。好消息是,根据我的经验,由于其强大的类型,铁锈
2022年6月23日 01:35Black Hills Information Securi
ORIGINALLY AIRED ON JUNE 13, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-06-13 02:26 – Story # 1: Roblox Game Pass store used to sell ransomware decryptor – https://www.bleepingcomputer.com/news/security/roblox-game-pass-store-used-to-sell-ransomware-decryptor/ 07:35 – Story # 2: New Jersey school district forced to cancel final exams amid ransomware recovery effort – […]
The post Talkin’ About Infosec News – 6/13/2022 appeared first on Black Hills Information Security.
最初于2022年6月13日播出本期讨论的文章: 00:00-BHIS-Talkin’Bout [ infosec ] News 2022-06-1302:26-Story # 1: Roblox Game Pass store used to sell ransomware decryptor- https://www.bleepingcomputer.com/News/security/Roblox-Game-Pass-store-used-to-sell-ransomware-decryptor/07:35-Story # 2: New Jersey school District had to unecIast 望着勒索软件的恢复工作被迫取消期末考试-[ ... ]
2022年6月13日《关于信息安全新闻的讨论》一文最早出现在布莱克山信息安全网站上。
2022年6月23日 01:34Microsoft Security Blog
Microsoft received an AAA Protection Award for Microsoft Defender for Office 365, the highest possible award that vendors can achieve in this test.
The post Microsoft Defender for Office 365 receives highest award in SE Labs Enterprise Email Security Services test appeared first on Microsoft Security Blog.
微软因 Office 365获得了微软捍卫者的 AAA 保护奖,这是该测试中厂商可能获得的最高奖项。
Microsoft Defender for Office 365获得 SE Labs 企业电子邮件安全服务测试最高奖项的帖子首次出现在 Microsoft Security Blog 上。
2022年6月23日 01:31burp
Larger organizations are statistically more at risk, warns Imperva
Imperva 警告说,大型组织在统计学上面临的风险更大
2022年6月23日 00:39malware.news
ORIGINALLY AIRED ON JUNE 13, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-06-13 02:26 – Story # 1: Roblox Game Pass store used to sell ransomware decryptor – https://www.bleepingcomputer.com/news/security/roblox-game-pass-store-used-to-sell-ransomware-decryptor/ 07:35 – Story # 2: New Jersey school district forced to cancel final exams amid ransomware recovery effort – […]
The post Talkin’ About Infosec News – 6/13/2022 appeared first on Black Hills Information Security.
Article Link: Talkin’ About Infosec News - 6/13/2022 - Black Hills Information Security
1 post - 1 participant
Read full topic
最初于2022年6月13日播出本期讨论的文章: 00:00-BHIS-Talkin’Bout [ infosec ] News 2022-06-1302:26-Story # 1: Roblox Game Pass store used to sell ransomware decryptor- https://www.bleepingcomputer.com/News/security/Roblox-Game-Pass-store-used-to-sell-ransomware-decryptor/07:35-Story # 2: New Jersey school District had to unecIast 望着勒索软件的恢复工作被迫取消期末考试-[ ... ]
2022年6月13日《关于信息安全新闻的讨论》一文最早出现在布莱克山信息
2022年6月23日 00:09malware.news
MEGA, the cloud storage provider and file hosting service, is very proud of its end-to-end encryption. It says it couldn’t decrypt your stored files, even if it wanted to.
“All your data on MEGA is encrypted with a key derived from your password; in other words, your password is your main encryption key. MEGA does not have access to your password or your data. Using a strong and unique password will ensure that your data is protected from being hacked and gives you total confidence that your information will remain just that – yours.”
But there’s a problem. A Swiss team of researchers has just proved those claims wrong.
And that’s not all. The research went one step further, finding that an attacker could insert malicious files into the storage, passing all authenticity checks of the client.
Cryptography flaws
Researchers at the Department of Computer Science of the ETH Zurich in Zurich, Switzerland reviewed the security of MEGA and found significant issues in how it uses cryptography.
These findings could le
2022年6月23日 00:09malware.news
In today’s evolving threat landscape, email represents the primary attack vector for cybercrime, making effective email protection a key component of any security strategy.1
In Q1 2022, Microsoft participated in an evaluation of email security solutions, carried out by SE labs—a testing lab focused on assessing the efficacy of security solutions. In their latest Enterprise Email Security Services test, they evaluated email security vendors against a range of real-world email attack scenarios.
Today we are excited to share that Microsoft received an AAA Protection Award for Microsoft Defender for Office 365, the highest possible award that vendors can achieve in this test.
Microsoft Defender for Office 365 helps organizations protect against advanced threats including phishing and business email compromise. It provides a wide range of email protection capabilities including protection from impersonation, spoofing, as well as holistic attack campaign views, using machine learning and other heuristics to identif
2022年6月22日 23:39Sylvain Kerkour
It's an open secret that most of the time and costs spent on any serious software project are from maintenance. Rust is moving fast, and its ecosystem too, it's necessary to automate projects' maintenance. The good news is that, in my experience, due to its strong typing, Rust project maintenance
在任何严肃的软件项目上花费的大部分时间和成本都来自于维护,这是一个公开的秘密。锈病正在迅速蔓延,它的生态系统也是如此,因此有必要使项目的维护自动化。好消息是,根据我的经验,由于其强大的类型,Rust 项目维护
2022年6月22日 23:39malware.news
<div> <div> <div> <div><p>Nozomi Networks is excited to announce a new subscription service to its portfolio this week: a Threat Intelligence Feed that can be used outside or independent of our Guardian and Vantage platforms with other third-party security platforms. This data feed can be used by any security platform that handles Industry-compliant Structured Threat Intelligence eXpression (<a href="https://oasis-open.github.io/cti-documentation/stix/intro.html" rel="noreferrer" target="_blank">STIX</a>)&nbsp;and Trusted Automated eXchange of Intelligence Information (<a href="https://www.anomali.com/resources/what-are-stix-taxii" rel="noreferrer" target="_blank">TAXII</a>) threat data to better leverage and customize cybersecurity data for new applications.</p></div> </div><div> <div><h3>What Is a Threat Intelligence Feed?</h3>
According to TechTarget’s WhatIs.com:
A threat intelligence feed (TI feed) is an ongoing stream of data related to potential or current threats to an organization’s security. TI feed
2022年6月22日 23:39malware.news
I recently created 2 blog posts with corresponding videos for the reversing of encodings.
The first one is on the ISC diary: “Decoding Obfuscated BASE64 Statistically“. The payload is encoded with a variation of BASE64, and I show how to analyze the encoded payload to figure out how to decode it.
And this is the video for this diary entry:
And on this blog, I have another example, more complex, where the encoding is a variation of hexadecimal encoding, with some obfuscation: “Another Exercise In Encoding Reversing“.
And here is the video:
Article Link: Examples Encoding Reversing | Didier Stevens
1 post - 1 participant
Read full topic
我最近创建了2个博客文章与相应的视频编码的逆转。
第一个是在 ISC 日记: “解码模糊 BASE64统计”。有效载荷是用 BASE64的变体进行编码的,我将展示如何分析已编码的有效载荷以找出如何解码它。
这是这段日记的视频:
在这个博客上,我有另一个更复杂的例子,其中的编码是十六进制编码的一种变体,带有一些混淆: “另一个反向编码练习”。
下面是视频:
文章链接: 编码反转的例子 | Didier Stevens
1名1职参与者
阅读完整主题
2022年6月22日 23:39malware.news
Article Link: 🔴 Getting Started with the Portable Executable (PE) File Format - YouTube
1 post - 1 participant
Read full topic
文章链接: 开始使用 Portable Executable (PE)文件格式-YouTube
1名1职参与者
阅读完整主题
2022年6月22日 23:34Packet Storm
Over the past year, Trail of Bits was engaged by the Defense Advanced Research Projects Agency (DARPA) to investigate the extent to which blockchains are truly decentralized. They focused primarily on the two most popular blockchains: Bitcoin and Ethereum. They also investigated proof-of-stake (PoS) blockchains and Byzantine fault tolerant consensus protocols in general. This report provides a high-level summary of results from the academic literature, as well as their novel research on software centrality and the topology of the Bitcoin consensus network.
在过去的一年里,“比特之路”项目被美国国防部高级研究计划局(DARPA)用来调查区块链真正分散的程度。他们主要关注两个最流行的区块链: 比特币和以太坊。他们还调查了木桩证明(PoS)区块链和拜占庭容错协商一致协议。本报告提供了从学术文献的结果,以及他们对软件中心性和比特币共识网络的拓扑结构的新颖研究的高级别总结。
2022年6月22日 23:34Packet Storm
Red Hat Security Advisory 2022-4999-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.715. Issues addressed include a memory exhaustion vulnerability.
Red Hat Security Advisory 2022-4999-01-Red Hat OpenShift Container Platform 是 Red Hat 的云计算 Kubernetes 应用平台解决方案,专为内部或私有云部署而设计。本建议包含 Red Hat OpenShift 容器平台3.11.715的 RPM 包。解决的问题包括内存耗尽漏洞。
2022年6月22日 23:34Packet Storm
Red Hat Security Advisory 2022-5152-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a cross site scripting vulnerability.
Red Hat Security Advisory 2022-5152-01-Red Hat Openshift GitOps 是实现云本地应用程序持续部署的声明性方法。解决的问题包括跨网站脚本漏洞。
2022年6月22日 23:34Packet Storm
Red Hat Security Advisory 2022-5163-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a null pointer vulnerability.
红帽安全咨询2022-5163-01-httpd 包提供了 Apache HTTP Server,一个强大、高效和可扩展的网络服务器。解决的问题包括空指针漏洞。
2022年6月22日 23:34Packet Storm
Red Hat Security Advisory 2022-5157-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2022-5157-01-内核包含 Linux 内核,这是任何 Linux 操作系统的核心。解决的问题包括权限提升漏洞。
2022年6月22日 23:34Packet Storm
Red Hat Security Advisory 2022-5162-01 - PostgreSQL is an advanced object-relational database management system.
Red Hat Security Advisory 2022-5162-01-PostgreSQL 是一个先进的对象关系数据库管理系统。
2022年6月22日 23:34Packet Storm
Zoo Management System version 1.0 suffers from a cross site scripting vulnerability.
动物园管理系统1.0版存在跨网站脚本漏洞。
2022年6月22日 23:34Packet Storm
WordPress Download Manager plugin versions 3.2.43 and below suffer from a cross site scripting vulnerability.
WordPress 下载管理器插件3.2.43及以下版本存在跨网站脚本漏洞。
2022年6月22日 23:32谢乾坤 | Kingname
相信大家都知道二分搜索,在一个有序的列表中,使用二分搜索,能够以O(logN)的时间复杂度快速确定目标是不是在列表中。
二分搜索的代码非常简单,使用递归只需要几行代码就能搞定:

1
2
3
4
5
6
7
8
9
10
11
12
13

def binary_search(sorted_list, target):
"""
sorted_list是单调递增的列表
"""
if not sorted_list:
return False
mid = len(sorted_list) // 2
if target > sorted_list[mid]:
return binary_search(sorted_list[mid + 1:], target)
elif target < sorted_list[mid]:
return binary_search(sorted_list[:mid], target)
else:
return True

运行效果如下图所示:
Python自带了一个二分搜索的模块,叫做bisect,它也能实现二分搜索,但是它的执行结果跟我们上面代码的效果有点不同:
1
2
3
4
5
6
7
8

import bisect

a = [41, 46, 67, 74, 75, 76, 80, 86, 92, 100]
index = bisect.bisect(a, 75)
print(index)

index = bisect.bisect(a, 82)
print(index)

运行效果如下图所示:
可以看到,bisect.bisect()返回一个索引。如果要搜索的数已经在列表里面了,那么它返回的是这个数在列表中,最右边的这个目标数的索引+1. 以列表[41, 46, 67, 74, 75, 76, 80, 86, 92, 100]为例,要搜索75。由于75在原来列表中的索引是4。因此返回索引+1也就是5. 如果原来列表中,75出现了多次,比如[41, 46, 67, 74, 75, 75, 76, 80, 86, 92, 100]那么返回的是最右边那个75对应的索引+1,也就是6。
如果要找的数字不在原来列表中,那么bisect.bisect()会返回一个索引,当我们把目标数字插入到这个列表中对应索引的位置时,列表依然有序。例如[41, 46, 67, 74, 75, 76,
2022年6月22日 23:31burp
Fake certificates could be used to bypass authentication controls
假证书可以用来绕过身份验证控制