当前节点:rss
时间节点
2022年1月22日 01:34Security Boulevard
Depending on how you look at it, President Biden’s Wednesday memorandum—which gave the NSA the type of authority over agencies operating national security systems that the Cybersecurity and Information Security Agency (CISA) has on civilian agencies—is either an example of the administration delivering on its promise to bolster cybersecurity or an example of it being..
The post Biden Signs Authority for NSS to NSA: Think CISA for Military, Intel Systems appeared first on Security Boulevard.
拜登总统周三的备忘录赋予了美国国家安全局对国家安全系统运行机构的权力,就像美国网络安全与信息安全局(CISA)对民间机构的权力一样。这份备忘录要么是美国政府兑现其加强网络安全承诺的一个例子,要么就是美国政府正在履行承诺的一个例子。.
后拜登签署授权给国家安全局: 想想 CISA 的军事,英特尔系统第一次出现在安全大道。
2022年1月22日 01:34Files ≈ Packet Storm
Red Hat Security Advisory 2022-0226-04 - OpenShift Logging Bug Fix Release. Issues addressed include code execution and denial of service vulnerabilities.
Red Hat Security Advisory 2022-0226-04-OpenShift Logging Bug Fix Release.解决的问题包括代码执行和分布式拒绝服务攻击安全漏洞。
2022年1月22日 01:34Files ≈ Packet Storm
Red Hat Security Advisory 2022-0225-02 - Openshift Logging Bug Fix Release. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-0225-02-Openshift Logging Bug Fix Release. 讨论的问题包括代码执行漏洞。
2022年1月22日 01:34Files ≈ Packet Storm
Red Hat Security Advisory 2022-0227-04 - Openshift Logging Bug Fix Release. Issues addressed include code execution and denial of service vulnerabilities.
2022-0227-04-Openshift Logging Bug Fix Release.解决的问题包括代码执行和分布式拒绝服务攻击安全漏洞。
2022年1月22日 01:34Files ≈ Packet Storm
Ubuntu Security Notice 5246-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass security restrictions, or execute arbitrary code.
Ubuntu 安全通告5246-1-在 Thunderbird 中发现了多个安全问题。如果一个用户被诱骗在浏览上下文中打开一个特制的网站,攻击者可能会利用这些信息导致分布式拒绝服务攻击攻击,获取敏感信息,进行欺骗攻击,绕过安全限制,或执行任意代码。
2022年1月22日 01:34Files ≈ Packet Storm
Ubuntu Security Notice 5249-1 - It was discovered that USBView allowed unprivileged users to run usbview as root. A local attacker could use this vulnerability to gain administrative privileges or cause a denial of service.
Ubuntu 安全通告5249-1——发现 USBView 允许非特权用户以 root 身份运行 USBView。本地攻击者可以利用这个漏洞获得管理员权限或者导致分布式拒绝服务攻击攻击。
2022年1月22日 01:34Microsoft Security Blog
20 years ago this week, Bill Gates sent a now-famous email to all Microsoft employees announcing the creation of the Trustworthy Computing (TwC) initiative. The initiative was intended to put customer security, and ultimately customer trust, at the forefront for all Microsoft employees.
The post Celebrating 20 Years of Trustworthy Computing appeared first on Microsoft Security Blog.
20年前的这个星期,比尔 · 盖茨向微软所有员工发送了一封现在已经非常著名的电子邮件,宣布了可信赖计算(TwC)计划的创立。这一举措旨在将客户安全和最终的客户信任置于所有微软员工的最重要位置。
庆祝可信计算20周年的帖子首次出现在微软安全博客上。
2022年1月22日 01:34Files ≈ Packet Storm
Backdoor.Win32.Wollf.16 malware suffers from an authentication bypass vulnerability.
Win32.Wollf. 16恶意软件遭受身份验证绕过漏洞。
2022年1月22日 01:34Files ≈ Packet Storm
Backdoor.Win32.Wollf.16 malware suffers from a hardcoded credential vulnerability.
Win32.Wollf. 16恶意软件存在硬编码的证书漏洞。
2022年1月22日 01:34Source Incite
On December 3, 2021, Zoho released a security advisory under CVE-2021-44515 for an authentication bypass in its ManageEngine Desktop Central and Desktop Central MSP products. On December 17, 2021, the FBI published a flash alert, including technical details and indicators of compromise (IOCs) used by threat actors. Shortly after, William Vu published an Attackerkb entry after doing some static analysis. Meanwhile during the whole of December, I was on holidays!
Why did this matter? Well, as it turns out I was sitting on a few bugs I had found in Desktop Central when I audited it back in December 2019. One of them, being an authentication bypass and after reading the FBI report I quickly relized we were dealing with the same zeroday!
At the time, I could only exploit the bug to trigger a directory traversal and write a zip file onto the target system (the same bug that was used in the wild). Since I didn’t have any vector for exploitation and I already had CVE-2020-10189 handy, I decided to leave it alone and 
2022年1月22日 01:33Recent Posts - Red Team Journa
Hibernating the site gave us time to think about what Red Team Journal should be in 2022. We went back to the original mission, assessed its relevance, and drew up a plan.
冬眠这个网站给了我们时间去思考红队杂志在2022年应该是什么样子。我们回到了最初的任务,评估了它的相关性,并制定了一个计划。
2022年1月22日 01:31The Daily Swig | Cybersecurity
Hackers are invited to test services used by EU agencies
邀请黑客测试欧盟机构使用的服务
2022年1月21日 23:35Black Hills Information Securi
ORIGINALLY AIRED ON JANUARY 17, 2022 Articles discussed in this episode: 0:00:00 – PreShow Banter™ — Whose Ears Are Buring? 0:01:06 – BHIS – Talkin’ Bout [infosec] News 2022-01-17 0:02:27 – Story # 1: Russia takes down REvil hacking group at U.S. request – https://www.reuters.com/technology/russia-arrests-dismantles-revil-hacking-group-us-request-report-2022-01-14/ 0:07:00 – Story # 2: White House: Arrested Russian hacker […]
The post Talkin’ About Infosec News – 1/21/2022 appeared first on Black Hills Information Security.
本期节目讨论的文章: 0:00:00-PreShow BanterTM ー谁的耳朵在发烧?0:01:06-BHIS-Talkin’Bout [ infosec ]新闻2022-01-170:02:27-故事1: 俄罗斯应美国要求扳倒 REvil 黑客组织- https://www.reuters.com/technology/Russia-arrests-dismantles-REvil-hacking-group-us-request-report-2022-01-14/0:07:00-故事2: 白宫: 被捕的俄罗斯黑客
2022年1月21日,《谈论信息安全》这篇文章首次出现在《黑山信息安全》上。
2022年1月21日 23:34Security Boulevard
As we look ahead to what is next for 5G deployments, the mass adoption of Virtual Reality, and the increasing digital transformation of all industries, new cybersecurity challenges are on the horizon. With that, comes the opportunity to act now and build resiliency against cyber threats, so we can welcome the next chapter of our … Continue reading "5 security lessons to learn in 2022"
The post 5 security lessons to learn in 2022 appeared first on Trusted Computing Group.
The post 5 security lessons to learn in 2022 appeared first on Security Boulevard.
随着我们展望5 g 的下一步发展,虚拟现实的大规模应用,以及所有行业日益增长的数字化转型,新的网络安全挑战即将出现。有了这些,现在就有机会采取行动,建立抵御网络威胁的弹性,所以我们可以欢迎我们... 的下一章... 继续阅读“2022年要学习的5个安全课程”
2022年,可信计算集团首次推出了后5安全课程。
2022年5月的安全教训首次出现在安全大道上。
2022年1月21日 23:34Security Boulevard
In the last few years, Amazon S3 buckets have been linked to around 16 percent of cloud security breaches. (https://www.helpnetsecurity.com/2020/02/20/cloud-misconfigurations/). What are Amazon S3 buckets, and what can users do to avoid becoming the next headline? In this blog article, we’ll go over the basics of Amazon S3 as well as several important security considerations […]
The post AMAZON S3 BUCKET – A Quick Overview appeared first on Kratikal Blogs.
The post AMAZON S3 BUCKET – A Quick Overview appeared first on Security Boulevard.
在过去的几年里,亚马逊 s 3已经和大约16% 的云服务数字证书认证机构相连。( https://www.helpnetsecurity.com/2020/02/20/cloud-misconfigurations/).什么是 Amazon s 3水桶,用户可以做什么来避免成为下一个头条?在这篇博客文章中,我们将介绍 Amazon s3的基本知识以及一些重要的安全注意事项[ ... ]
后 AMAZON S3 BUCKET-a Quick Overview 首先出现在 Kratikal 博客上。
后 AMAZON S3 BUCKET-a Quick Overview 首次出现在安全大道。
2022年1月21日 23:34Security Boulevard
China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes.
Key Findings:
MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Health customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users.
...
The post China’s Olympics App Is Horribly Insecure appeared first on Security Boulevard.
中国要求运动员下个月参加冬奥会时下载并使用一个健康和旅游应用程序。公民实验室检查了这个应用程序,发现它充满了安全漏洞。
主要发现:
My2022是一个应用程序,所有参加2022年北京奥运会的人都必须使用它,但是它有一个简单却极具破坏性的缺陷,用户声音和文件传输的加密保护可以轻易地避开。传递护照详细信息、人口统计信息、医疗和旅行历史的健康海关表格也很容易受到攻击。服务器响应也可以被欺骗,允许攻击者向用户显示虚假的指令。
...
后中国奥运应用程序是可怕的不安全首先出现在安全大道。
2022年1月21日 23:33GuidePoint Security
Published 1/21/22, 10:00am Network infiltration using hacked passwords may sound like an overused plot twist from every Hollywood action flick of […]
使用黑客密码入侵网络听起来像是每部好莱坞动作片中过度使用的情节转折[ ... ]
2022年1月21日 23:31The Daily Swig | Cybersecurity
Patch issued after testing engineers uncover RCE threat
测试工程师发现 RCE 威胁后发布的补丁
2022年1月21日 23:31The Daily Swig | Cybersecurity
Local newspaper alleges that usernames and PINs of vote-counting machines were stolen
当地报纸声称计票机的用户名和密码被盗
2022年1月21日 21:34Security Boulevard
Natalie Silvanovich of Google’s Project Zero bug-hunting team found and reported two zero-click vulnerabilities in video conferencing platform Zoom. Both flaws opened the door to attackers taking control of a victim’s devices and servers without the victim having to do anything. “Many people believe they are protected simply because they are cautious in the use of their devices,” commented Avast Security Evangelist Luis Corrons.“This is the best example to show that anyone can be compromised without interaction from the user side. This is why it is so critical to update all our apps to make sure any known security hole is patched.” To exploit the Zoom flaws, an attacker would have had to target Zoom accounts that are connected through Zoom Contacts. After contacting the company, Silvanovich said Zoom was very responsive and supportive of her work. Zoom fixed the flaws and released a security update for its customers on November 24. For more on this story, see WIRED.
The post Zero-Click Zoom Flaws Now Patched 
2022年1月21日 21:34Trustwave Blog
In the wake of the takedown of the REvil/Sodinokibi ransomware gang by the Russian Federal Security Service (FSB) on January 14, Eastern-European cybercriminals are feeling the ground shake. In the days following the FSB action, Trustwave SpiderLabs researchers have analyzed a slew of Dark Web chatter and have found that this potential new world is breeding fear in that community.
1月14日,俄罗斯联邦安全局(FSB)击毙了 REvil/Sodinokibi 勒索软件团伙,随后,东欧网络犯罪分子感受到了地面的震动。在 FSB 行动之后的几天里,Trustwave SpiderLabs 的研究人员分析了大量的暗网聊天记录,发现这个潜在的新世界正在这个群体中滋生恐惧。
2022年1月21日 21:31The Daily Swig | Cybersecurity
Many are questioning why keys are saved in the clear ahead of sign-in
许多人质疑为什么在登录之前的空白时间里保存密钥
2022年1月21日 19:37WordPress › Error
Rapidly evolving technology has created a world whereby cybersecurity must grow and mature at equal speed. Your IT security posture should anticipate fast change by providing real-world, real-time testing of your cyber defenses for known and unknown threats. This article looks at how to use a bug bounty program as a cornerstone of this agile […]
The post How can a bug bounty program improve your IT security posture? appeared first on Intigriti.
迅速发展的技术创造了一个网络安全必须以同样的速度发展和成熟的世界。您的 IT 安全姿态应该通过提供针对已知和未知威胁的真实世界的、实时的网络防御测试来预测快速的变化。本文将探讨如何使用错误赏金计划作为这种敏捷的基石[ ... ]
如何改善你的 IT 安全状况? 这篇文章首先出现在了 Intigriti 错误赏金计划上。
2022年1月21日 17:34Security Boulevard
An astonishing 90% of enterprise data breaches are caused by phishing attacks, costing businesses billions every year in lost revenue and downtime. Rogue devices are often the gateway to such attacks. The industries most vulnerable to hacking include finance, medicine, education, warehousing, airports and rail stations, government and distributed enterprise networks. These verticals operate at pervasive..
The post The Rise of the 24/7 Security Scanning Access Point appeared first on Security Boulevard.
令人吃惊的是,90% 的企业数据泄露是由网络钓鱼攻击造成的,每年给企业带来数十亿美元的收入损失和宕机。流氓设备往往是这种攻击的门户。最容易受到黑客攻击的行业包括金融、医药、教育、仓储、机场和火车站、政府和分布式企业网络。这些垂直的东西在普遍的地方运作。.
24/7安全扫描接入点的兴起最早出现在安全大道上。
2022年1月21日 17:34Security Boulevard
With increased digitization of everything post-pandemic, cybersecurity has become a top concern for global CEOs with almost half planning to increase cybersecurity investment by 9%, according to PwC. Since 85% of breaches involve human error, throwing more money at the problem by buying the latest cybersecurity technology may hit a point of diminishing returns. At..
The post How to Build a Security Awareness Training Program appeared first on Security Boulevard.
普华永道(PwC)的数据显示,随着疫情爆发后所有东西的数字化程度不断提高,网络安全已成为全球首席执行官们最关心的问题,近一半的首席执行官计划将网络安全投资增加9% 。由于85% 的漏洞都是人为错误造成的,因此花更多的钱购买最新的网络安全技术可能会达到一个报酬递减。在。.
如何建立一个安全意识培训项目的帖子首先出现在安全大道上。
2022年1月21日 17:32Blog on STAR Labs
Introduction On 13th September 2021, Google published the security advisory for Google Chrome. That advisory states that Google is aware of two vulnerabilities exploited in the wild, CVE-2021-30632 as RCE and CVE-2021-30633 as Sandbox Escape. In this post, I will talk about the bypass sandbox vulnerability CVE-2021-30633. Man Yue Mo had published a very detailed blog post explaining CVE-2021-30632, which is a Type Confusion bug that leads to RCE in Chrome.
简介2021年9月13日,谷歌发布了谷歌浏览器的安全警告。该建议声明,谷歌意识到两个漏洞利用在野外,cve-2021-30632作为 RCE 和 cve-2021-30633作为沙箱逃逸。在这篇文章中,我将讨论绕过沙盒漏洞 CVE-2021-30633。满月莫发表了一篇非常详细的博客文章,解释了 CVE-2021-30632,这是一个类型混淆错误,导致 RCE 在 Chrome。
2022年1月21日 17:313gstudent-Blog
0x00 前言
CVE-2021-31196是一个逻辑漏洞,利用前提是需要中间人攻击,并且还需要用户的交互操作,最后能够实现远程代码执行。
漏洞作者分享的技术文章:
https://srcincite.io/blog/2021/08/25/pwn2own-vancouver-2021-microsoft-exchange-server-remote-code-execution.html
本文仅在技术角度记录自己的研究心得。
0x01 简介
本文将要介绍以下内容:
漏洞调试
利用思路
0x02 漏洞调试
1.漏洞摘要
在Exchange Server 2013或更高版本中,当管理用户在Exchange Management Shell中运行Update-ExchangeHelp或者Update-ExchangeHelp -Force命令时,处于特权网络位置的未经身份验证的攻击者可以触发远程执行代码漏洞
特权网络位置是指攻击者能够劫持域名http://go.microsoft.com/fwlink/p/?LinkId=287244
2.漏洞代码位置
按照原文中给出的资料,dnSpy打开文件C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Management.dll
依次定位到Microsoft.Exchange.Management.UpdatableHelp -> HelpUpdater -> UpdateHelp()
3.漏洞逻辑
(1)使用Exchange Management Shell执行Update-ExchangeHelp命令或者Update-ExchangeHelp -Force命令
在Exchange Server 2013或更高版本中,支持Update-ExchangeHelp命令,用来检查本地计算机上Exchange Management Shell最新可用版本的帮助
Update-ExchangeHelp的限制期为24小时,如果在24小时内再次执行命令,需要加入-Force参数
执行命令后进入UpdateHelp()函数,开始后面的操作
(2)下载配置文件
UpdateHelp()函数中下载配置文件的代码如下图
DownloadManifest()的实现代码如下:
internal void Down
2022年1月21日 17:313gstudent-Blog
0x00 前言
在渗透测试中,我们经常会碰到Windows虚拟机,这些虚拟机往往会安装VMware Tools,利用VMware Tools的脚本执行功能可以实现一个开机自启动的后门。
关于这项技术的文章:
https://bohops.com/2021/10/08/analyzing-and-detecting-a-vmtools-persistence-technique/
https://www.hexacorn.com/blog/2017/01/14/beyond-good-ol-run-key-part-53/
本文将要在参考资料的基础上,分析利用思路,给出防御建议。
0x01 简介
本文将要介绍以下内容:
利用思路
利用分析
防御建议
0x02 利用思路
VMware Tools的脚本执行功能支持在以下四种状态时运行:
power,开机状态
resume,恢复状态
suspend,挂起状态
shutdown,关机状态
可以选择以下两种方法进行配置脚本执行的功能:
1.使用VMwareToolboxCmd.exe
默认安装路径:"C:\Program Files\VMware\VMware Tools\VMwareToolboxCmd.exe"
命令示例1:
"C:\Program Files\VMware\VMware Tools\VMwareToolboxCmd.exe" script power enable
命令执行后,将在默认安装路径下创建文件C:\ProgramData\VMware\VMware Tools\tools.conf,内容为:
[powerops] poweron-script=poweron-vm-default.bat
实现效果:
当系统开机时,将会以System权限执行"C:\Program Files\VMware\VMware Tools\poweron-vm-default.bat"
注:
对于power命令,只能是开机操作,重启操作无法触发
命令示例2:
"C:\Program Files\VMware\VMware Tools\VMwareToolboxCmd.exe" script suspend set "c:\test\1.bat"
命令执行后,将在默认安装路径下创建文件C:\ProgramData\VMware\VMware Tools\tools.co
2022年1月21日 17:313gstudent-Blog
0x00 前言
在之前的文章介绍了通过SOAP XML message实现利用hash对Exchange资源的访问,由于采用了较为底层的通信协议,在功能实现上相对繁琐,但是有助于理解通信协议原理和漏洞利用。
如果仅仅为了更高效的开发一个资源访问的程序,可以借助Python库exchangelib实现。
本文将要介绍exchangelib的用法,开源代码,实现自动化下载邮件和提取附件。
0x01 简介
本文将要介绍以下内容:
exchangelib用法
开发细节
开源代码
0x02 exchangelib用法
参考资料:
https://github.com/ecederstrand/exchangelib
https://ecederstrand.github.io/exchangelib/
1.简单的登录测试
代码如下:
from exchangelib import Credentials, Account, Configuration, DELEGATE credentials = Credentials(username='MYWINDOMAIN\\myuser', password='topsecret') config = Configuration(server='outlook.office365.com', credentials=credentials) account = Account(primary_smtp_address='john@example.com', config=config, autodiscover=False, access_type=DELEGATE) for item in account.inbox.all().order_by('-datetime_received')[:100]: print(item.subject, item.sender, item.datetime_received)
如果Exchange服务器证书不可信,需要忽略证书验证,加入以下代码:
from exchangelib.protocol import BaseProtocol, NoVerifyHTTPAdapter BaseProtocol.HTTP_ADAPTER_CLS = NoVerifyHTTPAdapter
屏蔽输出的提示信息InsecureRequestWarni
2022年1月21日 17:313gstudent-Blog
0x00 前言
在之前的文章《Exchange Web Service(EWS)开发指南4——Auto Downloader》和《Exchange Web Service(EWS)开发指南5——exchangelib》介绍了两种利用hash访问Exchange资源的方法,各有特点。 前者采用了较为底层的通信协议,在功能实现上相对繁琐,但是有助于理解通信协议原理和漏洞利用。后者借助第三方库exchangelib,开发便捷,但是不太适用于漏洞利用。
站在漏洞利用的角度,如果仅使用封装NTLM认证的第三方包,既不影响漏洞利用,又能兼顾效率。
所以本文选取了第三方包requests_ntlm,以自动化下载邮件和提取附件为例,开源代码,介绍用法。
0x01 简介
本文将要介绍以下内容:
requests_ntlm用法
开发细节
开源代码
0x02 requests_ntlm用法
说明文档:
https://github.com/requests/requests-ntlm
1.两种登录方法
我在低于1.0.0版本的requests_ntlm.py找到了使用Hash登录的方法,代码位置:
https://github.com/requests/requests-ntlm/blob/v0.3.0/requests_ntlm/requests_ntlm.py#L16
这里可以找到使用Hash登录的参数格式为ABCDABCDABCDABCD:ABCDABCDABCDABCD
两种登录Exchange的示例代码如下:
(1)明文登录
target = "192.168.1.1" username = "administrator@test.com" password = "password1" res = requests.post("https://" + target + "/ews/exchange.asmx", data=POST_BODY, headers=headers, verify=False, auth=HttpNtlmAuth(username, password)) print(res.status_code) print(res.text)
(2)Hash登录
target = "192.168.1.1" username = "administrator@test.com" hash = "00000000
2022年1月21日 15:34Security Boulevard
My Background
ISO, RMF, CMMC, CMMC 2.0, DFAR, NIST 800-171, PCI, HIPAA, CMS, CCPA, GDPR. Dang! It makes me want to jump up screaming, “BINGO!” Or, as the old ladies used to scream when I was stationed in Maine some years ago, “BEANO!” All these years later, I still have to pause before yelling “Bingo!”
The post Afraid and Confused by CMMC Bingo? | Apptega appeared first on Security Boulevard.
我的背景
ISO,RMF,CMMC,CMMC 2.0,DFAR,NIST 800-171,PCI,HIPAA,CMS,CCPA,GDPR.该死!这让我想跳起来尖叫,“ BINGO!”或者,就像几年前我驻扎在缅因州时,老太太们常常尖叫的那样: “ BEANO!”这么多年过去了,我还是不得不停下来喊“宾果!”
阿普特加首先出现在安全大道上。
2022年1月21日 15:34Security Boulevard
From MSSP to MCCP: How Compliance as a Service Can Help You Win New Business and Better Serve Existing Clients
The lines between cybersecurity, privacy, risk management, and compliance are no longer straight and delineated. Long gone are the days where IT teams could tackle all things security-related while privacy and compliance officers stayed in their siloed departments to handle theirs.
The post A New Way to Navigate Security and Compliance | Apptega appeared first on Security Boulevard.
从 MSSP 到 MCCP: 遵从服务如何帮助你赢得新业务和更好地服务现有客户
网络安全、隐私、风险管理和合规性之间的界限已经不再清晰明了。IT 团队可以处理所有与安全相关的事情,而隐私和法规遵循官员则留在他们各自的部门处理他们的事情的时代早已过去。
安全与合规的新方法 | Apptega 最先出现在安全大道。
2022年1月21日 15:34Security Boulevard
Company Recognized for Easy, Effective Solution That Doesn’t Affect the Consumer Experience NEW YORK -- January 20, 2022 -- Kasada, provider of the most effective and easiest way to defend against advanced bot attacks, today announced that it has been awarded a 2021 Internet Telephony Cybersecurity Excellence Award by TMC. Kasada was recognized by TMC [...]
The post Kasada Awarded a 2021 Cybersecurity Excellence Award appeared first on Security Boulevard.
纽约---- 2022年1月20日---- Kasada 公司,一家提供最有效和最简单的方法来抵御先进的僵尸攻击的公司,今天宣布它已经获得了 TMC 颁发的2021年互联网电话网络安全优秀奖。Kasada 被 TMC 认可[ ... ]
2021年 Kasada 颁发的网络安全卓越奖最先出现在安全大道上。
2022年1月21日 15:34Security Boulevard
Despite your best efforts to prevent it, you get hit by a massive cyberattack. Maybe it’s a data breach; maybe a ransomware attack or maybe a supply chain disruption. You engage a forensics team, work with law enforcement entities and find out that the likely perpetrators were hackers in Russia; possibly working with the Russian..
The post Does Your Cyberinsurance Policy Cover Cyberwar? appeared first on Security Boulevard.
尽管你尽了最大的努力去阻止它,你还是遭到了大规模的网络攻击。也许是数据泄露,也许是勒索软件攻击,也许是供应链中断。你雇佣一个取证小组,与执法机构合作,发现可能的犯罪者是俄罗斯的黑客; 可能与俄罗斯人合作。.
《你的网络保险单包括网络战争吗? 》最先出现在安全大道上。
2022年1月21日 13:34Security Boulevard
Introduction
In December 2021, the ThreatLabz research team identified several macro-based MS office files uploaded from Middle Eastern countries such as Jordan to OSINT sources such as VT. These files contained decoy themes related to geo-political conflicts between Israel and Palestine. Such themes have been used in previous attack campaigns waged by the Molerats APT.
During our investigation we discovered that the campaign has been active since July 2021. The attackers only switched the distribution method in December 2021 with minor changes in the .NET backdoor. In this blog, we will share complete technical analysis of the attack chain, the C2 infrastructure, threat attribution, and data exfiltration.
The targets in this campaign were chosen specifically by the threat actor and they included critical members of banking sector in Palestine, people related to Palestinian political parties, as well as human rights activists and journalists in Turkey.
ThreatLabz observed several similarities in the C2 commun
2022年1月21日 13:34Security Boulevard
The post Qbot, ZLoader Represent 89% of Payload Volume in Q4 appeared first on Digital Defense.
The post Qbot, ZLoader Represent 89% of Payload Volume in Q4 appeared first on Security Boulevard.
后 Qbot,ZLoader 代表89% 的有效载荷量在第四季度首次出现在数字防御。
后 Qbot,ZLoader 代表89% 的有效载荷量在第四季度首次出现在安全大道。
2022年1月21日 13:34Security Boulevard
20 years of SIEM?
On Jan 20, 2002, exactly 20 years ago, I joined a “SIM” vendor that shall remain nameless, but is easy to figure out. That windy winter day in northern New Jersey definitely set my security career on a new course.
With this post, I wanted to briefly reflect on this ominous anniversary. Where do we begin?
Let’s start with a sad fact that some of the problems that plagued the SIM/SEM of late 1990s and early 2000s are still with us today in 2022. One of the most notorious and painful problems that has amazing staying power is of course that of data collection.
I remember how our engineers struggled in 2002 with some API-based collection from a known firewall vendor. API-based log collection seemed new and weird back in the day (“why can’t they do UDP 514 syslog like normal people?”). Today, the current generation of engineers still struggles with some cloud-based collection mechanisms for telemetry data … and that is even before observability for security truly arrives.
Another problem — as we 
2022年1月21日 11:34Security Boulevard
When sports started being televised 50+ years ago, it brought a new level of visibility to teams and games. You no longer needed to be in or from the town or city, or correlate multiple sources of information from newspapers and radio broadcasts just to find out what happened. Then, with the advent of video … Continued
The post Stories from the Field: How DTEX i3 Identified Personal Criminal Activity on a Corporate Device appeared first on DTEX Systems Inc.
The post Stories from the Field: How DTEX i3 Identified Personal Criminal Activity on a Corporate Device appeared first on Security Boulevard.
50多年前,当体育运动开始被电视转播时,它给球队和比赛带来了新的可见度。你不再需要身处或来自城镇或城市,或者关联多个来自报纸和广播的信息来源,只是为了找出发生了什么。然后,随着视频的出现... 继续
来自现场的故事: DTEX i 3如何识别企业设备上的个人犯罪活动首次出现在 DTEX 系统公司。
来自现场的故事: DTEX i3如何识别企业设备上的个人犯罪活动最早出现在安全大道。
2022年1月21日 11:34Security Boulevard
Building on his administration’s historic cybersecurity executive order, President Joe Biden yesterday signed a new National Security memorandum (NSM) designed to further improve security across the Department of Defense, intelligence community, and national security systems. The memo lays out concrete requirements around the technology required...
Read more
The post What to know about Biden’s latest cybersecurity memorandum appeared first on Acunetix.
The post What to know about Biden’s latest cybersecurity memorandum appeared first on Security Boulevard.
美国总统乔•拜登(Joe Biden)昨日签署了一份新的国家安全备忘录,以其政府具有历史意义的网络安全行政命令为基础,该备忘录旨在进一步改善国防部、情报界和国家安全系统的安全状况。备忘录列出了所需技术的具体要求... ..。
阅读更多
关于拜登最新网络安全备忘录的帖子最早出现在 Acunetix 上。
有关拜登最新网络安全备忘录的帖子首先出现在安全大道上。
2022年1月21日 11:31360漏洞预警
360-CERT每日安全简报
2022年1月21日 10:39跳跳糖
在分组加密中,明文与密文分组长度是固定的,那么对于较大数据的加密肯定要拆分为多组明文来进行加密运算。在这个过程中,不同分组之间是否需要进行交叉处理、是否需要额外的运算,这些不同的方法就构成了不同的分组加密模式。那么对于不同的加密模式,对应了不同的密码学特性,其也有不同的攻击手段。本文中,我们将对其中的三种进行分析,并整理基本的攻击手段。
2022年1月21日 10:09绿盟科技博客
一、DevOps概述 1.1 什么是DevOps? DevOps 是 Development 和 Operat
Read More
2022年1月21日 09:34Security Boulevard
Why Businesses Can’t Solely Rely on Multi-Factor Authentication Authenticating customers at the login and registration point is critically important to digital businesses today. Businesses want to enable a smooth and seamless digital sign up or log in process, but also keep fraud out and make them safe for good users. Multi-factor authentication (MFA) can be […]
The post MFA and the 5 Golden Rules of Authentication appeared first on Security Boulevard.
为什么企业不能仅仅依靠双重身份验证认证在登录和注册时对客户进行认证对于当今的数字企业至关重要。企业希望能够实现一个流畅的、无缝的数字注册或登录过程,但同时也要防止欺诈行为,让好的用户能够安全地使用它们。双重身份验证可以是[ ... ]
后外交部和认证五金法则首先出现在安全大道。
2022年1月21日 07:34Security Boulevard
Security researchers at Automattic recently reported that the popular WordPress plugin and theme authors AccessPress were compromised and their software replaced with backdoored versions. The compromise appears to have taken place in September of last year and was only recently made public. Users who used software obtained directly from the AccessPress website unknowingly provided attackers with backdoor access, resulting in an unknown number of compromised websites. The software from the official WordPress repository so far appears to have been unaffected, although the proactive measure has been taken to remove them until a proactive code review can be conducted.
Continue reading AccessPress Themes Hit With Targeted Supply Chain Attack at Sucuri Blog.
The post AccessPress Themes Hit With Targeted Supply Chain Attack appeared first on Security Boulevard.
自动化网站的安全研究人员最近报告说,流行的 WordPress 插件和主题作者 AccessPress 受到了威胁,他们的软件被后置版本所取代。这一妥协似乎发生在去年9月,直到最近才公开。使用直接从 AccessPress 网站获取的软件的用户,在不知情的情况下为攻击者提供了后门访问,导致数量不详的网站被入侵。到
2022年1月21日 05:39malware.news
Introduction
In December 2021, the ThreatLabz research team identified several macro-based MS office files uploaded from Middle Eastern countries such as Jordan to OSINT sources such as VT. These files contained decoy themes related to geo-political conflicts between Israel and Palestine. Such themes have been used in previous attack campaigns waged by the Molerats APT.
During our investigation we discovered that the campaign has been active since July 2021. The attackers only switched the distribution method in December 2021 with minor changes in the .NET backdoor. In this blog, we will share complete technical analysis of the attack chain, the C2 infrastructure, threat attribution, and data exfiltration.
The targets in this campaign were chosen specifically by the threat actor and they included critical members of banking sector in Palestine, people related to Palestinian political parties, as well as human rights activists and journalists in Turkey.
ThreatLabz observed several similarities in the C2 commun
2022年1月21日 05:39malware.news
The US said the four are involved in and effort to recruit Ukrainian citizens to create instability in advance of a potential Russian invasion.
Article Link: Treasury Department sanctions four Ukrainians allegedly involved in Russian influence attempts | ZDNet
1 post - 1 participant
Read full topic
美国表示,这四人参与并试图招募乌克兰公民,在俄罗斯可能入侵乌克兰之前制造不稳定。
文章链接: 财政部制裁四名乌克兰人,他们涉嫌参与俄罗斯的影响企图 | ZDNet
1名1岁以后的参与者
阅读完整主题
2022年1月21日 05:39malware.news
Restoring Family Links is a program most commonly associated with The Red Cross. It’s been around since 1870, and aims to reunite lost family members, repatriate individuals, prevent folks from disappearing, and much more. You may have seen them in the news during times of disaster, war, and other situations necessitating some form of international aid.
Sadly, someone has compromised a large chunk of data related to the Restoring Family Links program and nobody knows what they intend to do with it.
Unauthorised access of data
In an attack billed as “sophisticated”, personal and confidential data related to no fewer than 515,000 people has been pilfered by unknown attackers. Those impacted may be victims of disaster, conflict, or detention.
According to the ICRC (International Committee of the Red Cross), the data originated from “at least 60 Red Cross and Red Crescent National Societies around the world”. The plundering itself took place from an “external company” located in Switzerland contracted to manage t
2022年1月21日 05:37text/plain
Background By moving from our old codebase to Chromium, the Microsoft Edge team significantly modernized our codebase and improved our compatibility with websites. As we now share the vast majority of our web platform code with the market-leading browser, it’s rare to find websites that behave differently in Edge when compared to Chrome, Brave, Opera,Continue reading "Debugging Compatibility in Edge"
背景通过从我们的旧代码库转移到 Chromium,微软的 Edge 团队极大地现代化了我们的代码库,提高了我们与网站的兼容性。由于我们现在与市场领先的浏览器共享绝大多数网络平台代码,因此很少发现在 Edge 上表现与 Chrome、 Brave、 Opera 不同的网站,请继续阅读“ Edge 上的调试兼容性”
2022年1月21日 05:34Security Boulevard
December Product Update
The post CyberStrong December Update appeared first on Security Boulevard.
十二月产品更新
后网强十二月更新首次出现在安全大道。
2022年1月21日 05:34Security Boulevard
via the comic artistry and dry wit of Randall Munroe, resident at XKCD!
Permalink
The post XKCD ‘Hypothesis Generation’ appeared first on Security Boulevard.
来自 XKCD 居民 Randall Munroe 的喜剧艺术和冷幽默!
Permalink
后 XKCD“假说生成”最早出现在安全大道上。
2022年1月21日 05:34Security Boulevard
Our thanks to Security BSides London for publishing their tremendous videos from the Security BSides London 2021 Conference on the organization’s YouTube channel. Enjoy!
Permalink
The post Security BSides London 2021 – Alex Kaskasoli’s ‘GitOops! All Paths Lead To Clouds’ appeared first on Security Boulevard.
我们感谢伦敦安全协会在该组织的 YouTube 频道上发布了他们在伦敦安全协会2021年会议上的大量视频。享受吧!
Permalink
2021年伦敦奥运会后的安全问题-Alex Kaskasoli 的‘ GitOops!所有通往云端的小径》最早出现在安全大道上。
2022年1月21日 05:34CXSECURITY Database RSS Feed -
Topic: Ransomware Builder Babuk Insecure Permissions Risk: Medium Text:Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/5dfa998f62612e10d5d28d26948d...
讲题: 勒索软件开发商巴布克不安全权限风险: 媒体文本: 发现/信用: Malvuln-Malvuln. com (c)2022原始资料:  https://Malvuln.com/advisory/5dfa998f62612e10d5d28d26948d  ..。
2022年1月21日 05:34CXSECURITY Database RSS Feed -
Topic: Grandstream GXV3175 Unauthenticated Command Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-...
主题: Grandstream GXV3175 Unauthenticated Command Execution Risk: High Text: # # 本模块需要 Metasploit:  https://Metasploit.com/download /目前来源:  https://github.com/rapid7/Metasploit- /服务器..。
2022年1月21日 05:34CXSECURITY Database RSS Feed -
Topic: VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-...
主题: VMware vCenter Server Unauthenticated Log4Shell JNDI 注入远程代码执行风险: 高文本: # # # 此模块需要 Metasploit:  https://Metasploit.com/download 文件 # 当前来源:  https://github.com/rapid7/Metasploit- 文件..。
2022年1月21日 05:34CXSECURITY Database RSS Feed -
Topic: Ransomware Builder Babuk / Insecure Permissions Risk: Medium Text:Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/5dfa998f62612e10d5d28d26948d...
讲题: 勒索软件生成器巴布克/不安全权限风险: 媒体文本: 发现/信用: Malvuln-Malvuln. com (c)2022原始资料:  https://Malvuln.com/advisory/5dfa998f62612e10d5d28d26948d  ..。
2022年1月21日 05:34CXSECURITY Database RSS Feed -
Topic: Backdoor.Win32.Wisell / Unauthenticated Remote Command Execution Risk: Medium Text:Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/57bda78cc5fd6a06017148bae28e...
讲题: 后门。Win32.Wisell/Unauthenticated Remote Command Execution Risk: Medium Text: Discovery/credits: Malvuln-Malvuln. com (c)2022 Original source:  https://Malvuln.com/advisory/57bda78cc5fd6a06017148bae28e  ...
2022年1月21日 05:34CXSECURITY Database RSS Feed -
Topic: CollectorStealerBuilder v2.0.0 Panel / Man-in-the-Middle (MITM) Risk: Medium Text:Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/54530f88c8e4f4371c9418f00c25...
讲题: CollectorStealerBuilder v2.0.0 Panel/Man-in-the-Middle (MITM) Risk: Medium Text: Discovery/credits: Malvuln-Malvuln. com (c)2022原始资料:  https://Malvuln.com/advisory/54530f88c8e4f4371c9418f00c25..。
2022年1月21日 05:34CXSECURITY Database RSS Feed -
Topic: CollectorStealerBuilder v2.0.0 Panel / Insecure Credential Storage Risk: Medium Text:Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/54530f88c8e4f4371c9418f00c25...
讲题: CollectorStealerBuilder v2.0.0 Panel/Insecure Credential Storage Risk: Medium Text: Discovery/credits: Malvuln-Malvuln. com (c)2022原始资料:  https://Malvuln.com/advisory/54530f88c8e4f4371c9418f00c25..。
2022年1月21日 05:34CXSECURITY Database RSS Feed -
Topic: S.S. Technologies - Sql Injection Vulnerability Risk: Medium Text:********************************************************* #Exploit Title: S.S. Technologies - Sql Injection Vulnerability #D...
2022年1月21日 05:34CXSECURITY Database RSS Feed -
Topic: North Wing Limited - Sql Injection Vulnerability Risk: Medium Text:********************************************************* #Exploit Title: North Wing Limited - Sql Injection Vulnerability #...