当前节点:rss
时间节点
2021-09-20 13:20:10Security Boulevard
The latest on the iMessage Zero-Click exploit that affects Apple iOS, MacOS and WatchOS devices (update your Apple devices now!), the names and home addresses of 111,000 British firearm owners have been dumped online, and details on over 60 million fitness tracking records exposed via an unsecured database. ** Links mentioned on the show ** […]
The post iMessage Zero-Click Exploit, Leaked Guntrader Firearms Data, 60 Million Fitness Tracking Records Exposed appeared first on The Shared Security Show.
The post iMessage Zero-Click Exploit, Leaked Guntrader Firearms Data, 60 Million Fitness Tracking Records Exposed appeared first on Security Boulevard.
2021-09-20 11:18:16三好学生
0x00 前言
在之前的文章《域渗透——DCSync》曾系统的整理过DCSync的利用方法,本文将要针对利用DCSync导出域内所有用户hash这一方法进行详细介绍,分析不同环境下的利用思路,给出防御建议。
0x01 简介
本文将要介绍以下内容:
利用条件
利用工具
利用思路
防御建议
0x02 利用条件
获得以下任一用户的权限:
Administrators组内的用户
Domain Admins组内的用户
Enterprise Admins组内的用户
域控制器的计算机帐户
0x03 利用工具
1.C实现(mimikatz)
实现代码:
https://github.com/gentilkiwi/mimikatz/blob/master/mimikatz/modules/lsadump/kuhl_m_lsadump_dc.c#L27
示例命令:
(1)导出域内所有用户的hash
mimikatz.exe "lsadump::dcsync /domain:test.com /all /csv" exit
(2)导出域内administrator帐户的hash
mimikatz.exe "lsadump::dcsync /domain:test.com /user:administrator /csv" exit
2.Python实现(secretsdump.py)
示例命令:
python secretsdump.py test/Administrator:DomainAdmin123!@192.168.1.1
3.Powershell实现(MakeMeEnterpriseAdmin)
核心代码使用C Sharp实现,支持以下三个功能:
通过DCSync导出krbtgt用户的hash
使用krbtgt用户的hash生成Golden ticket
导入Golden ticket
注:
我在测试环境下实验结果显示,生成Golden ticket的功能存在bug,导入Golden ticket后无法获得对应的权限
4.C Sharp实现
我在(MakeMeEnterpriseAdmin)的基础上做了以下修改:
支持导出所有用户hash
导出域sid
导出所有域用户sid
代码已上传至github,地址如下:
https://github.com/3gstudent/Homework-of-C-Sharp/blob/mas
2021-09-20 11:18:15三好学生
0x00 前言
MailEnable提供端到端的解决方案,用于提供安全的电子邮件和协作服务。引用自官方网站的说法:最近的一项独立调查报告称MailEnable是世界上最受欢迎的Windows邮件服务器平台。 对于MailEnable的开发者API,我在官方网站上只找到了AJAX API的说明文档,所以本文将要尝试编写Python脚本,实现对MailEnable邮件的访问,记录开发细节,开源代码。
0x01 简介
本文将要介绍以下内容:
环境搭建
开发细节
开源代码MailEnableManage.py
0x02 环境搭建
1.安装
安装前需要安装IIS服务和.Net 3.5,否则无法正常配置Web访问
MailEnable下载地址:http://www.mailenable.com/download.asp
2.配置
启动MailEnableAdmin.msc,在MailEnable Management->Messaging Manager->Post Offices下配置邮件服务器信息
如下图
默认登录页面:
http://mewebmail.localhost/mewebmail/Mondo/lang/sys/login.aspx
3.开启Web管理页面
参考资料:
http://www.mailenable.com/kb/content/article.asp?ID=ME020132
启动MailEnableAdmin.msc,选择MailEnable Management->Servers->localhost->Services and Connectors->WebAdmin,右键单击并从弹出菜单中选择Properties,选择Configure...按钮,进行安装
如下图
启动MailEnableAdmin.msc,在MailEnable Management->Messaging Manager->Post Offices下选择已配置的Post Office,右键单击并从弹出菜单中选择Properties,切换到Web Admin标签,启用web administration
如下图
选择指定用户,将属性修改为管理员
默认管理页面:
http://mewebmail.localhost/meadmin/Mondo/lang/sys/login.aspx
注:
如果忘记了用户的明文口令,可以查看默
2021-09-20 09:21:20Legal Hackers
Date: 2021-09-19 22:51 UTC
OS:
PHP Version: Irrelevant
Package: Website problem
Title: just a live bug test
2021-09-20 09:20:54f4d3.io [Bourne Again]
Summary
Hi !
Hope that everything’s doing good for everyone!
This weekend, with a couple of teammates, participated on the hacktivitycon 2021, organized by hackerone, pretty cool CTF, thanks to the organizers !
This was a chill CTF for us, so I spend many hours on a couple of pwnable challenges, so here’s the write up for them. Special thanks for dplastico, for the apañe ❤️
Summary
Sharp
Summary
Leak
Exploit
shellcoded
Shelle-2
Sharp
This was a kind of (not again) a note challenge.
Thanks to the author for not doing a note chall, lol :D
The main purpose of this binary is to create a very bad database written in C, allocating “names” for the entry of the db.
This Consist on one initial chunk, that will have a integer with the amount of entries, and an array of pointers to strings for the entries names.
The only main thing that was strange, was the use of the libc 2.31, at least, not safe linking yet.
binary
libc.so.6
Summary
The principal use of this binary, is to serve as a database written in C, so, the main
2021-09-20 09:20:19Security Boulevard
Our thanks to DEFCON for publishing their tremendous DEFCON Conference Cloud Village videos on the groups' YouTube channel.
Permalink
The post DEF CON 29 Cloud Village – Magno Logan’s ‘Workshop Kubernetes Security 101 Best Practices’ appeared first on Security Boulevard.
2021-09-20 09:18:45MaskRay
Branch target
Many architectures encode a branch/jump/call instruction with PC-relative addressing, i.e. the distance to the target is encoded in the instruction. In an executable or shared object (called a component in ELF), if the target is bound to the same component, the instruction has a fixed encoding at link time; otherwise the target is unknown at link time and there are two choices:
text relocation
indirection
In All about Global Offset Table, I mentioned that linker/loader developers often frowned upon text relocations because the text segment will be unshareable. In addition, the number of relocations would be dependent on the number of calls, which can be large.
1
2
3
4
5
6
7
8
9

call foo # R_X86_64_PC32
call foo # R_X86_64_PC32

=>

# The instructions are patched at runtime.
# On ELF x86-64, the R_X86_64_PC32 relocation type is used.
call ...
call ...

Therefore, the prevailing scheme is to add a level of indirection analogous to that provided by the Global Offset Table for data.
Procedure Linka
2021-09-20 03:19:58Security Boulevard
via the textual amusements of Thomas Gx, along with the Illustration talents of Etienne Issartia and superb translation skillset of Mark Nightingale - the creators of CommitStrip!
Permalink
The post CommitStrip ‘Coding Maturity’ appeared first on Security Boulevard.
2021-09-20 01:20:15Security Boulevard
Our thanks to DEFCON for publishing their outstanding DEFCON Conference Blockchain Village Videos on the groups' YouTube channel.
Permalink
The post DEF CON 29 Blockchain Village – Yaz Khoury’s ‘Surviving 51 Percent Attacks’ appeared first on Security Boulevard.
2021-09-20 01:20:14SecWiki News
注入攻击新方式:通过DNS隧道传输恶意载荷 by ourren

更多最新文章,请访问SecWiki
2021-09-19 23:22:32Non-existent World
前段时间在更新网络学堂监控脚本时,加了一个自动添加作业截止日到谷歌日历的功能。之前是将作业推送到 Trello 然后再通过它官方自带的自动化流程添加到日历上,但因为 Trello 的 npm 源太老了,于是构思着直接通过 Google API 添加到日历,没有中间商赚差价。途中得益于 Google 企业级的文档,陆陆续续踩了一堆坑,现记录下来。
首先登陆 console.cloud.google.com ,新建一个新的项目,然后在该项目中启用「API 和服务」并在 API 库中搜索添加 Google Calendar API。
接着在「API 和服务」里面添加凭据,如果只是自己一个人用的话推荐添加一个「服务账号」就可以了。然后在「IAM 和管理」中导出该服务账号的秘钥下载到本地,如果没有就自己建一个,使用 SDK 登陆的时候需要用到。
至此我们已经可以通过认证了,但为了让脚本能够修改日历,我们还需要在日历上给服务账号加权限。打开我们想要修改的日历的「共享与设置」,点击「与特定的人分享」中的「添加共享对象」,将服务账号的邮箱添加进去并给予「更改活动」的权限,这样服务账号也就能看到该日历了,给予更高一级的「进行更改和管理共享设置」权限也没问题。
注意,因为服务账号本质上也是一个可用的账号(只是不能登录而已),也可以拥有自己的私人日历,而 API docs 上的 CalendarList 只能看到私人日历,所以通过服务账号使用 CalendarList 函数是看不到任何日历的,即便是刚给予权限的日历,也只能通过指定 CalendarId 的方式获取到日历实例。
2021-09-19 19:20:05Security Boulevard
For decades, NASCIO has provided best practices for governments to learn from. This year is no different, and three finalists offer lessons for all public-sector agencies.
The post For Gov Tech Cyber Best Practices, See the 2021 NASCIO Awards appeared first on Security Boulevard.
2021-09-19 19:20:00CXSECURITY Database RSS Feed -
Topic: DigiHost Web Services - Sql Injection Vulnerability Risk: Medium Text:********************************************************* #Exploit Title: DigiHost Web Services - Sql Injection Vulnerability...
2021-09-19 19:20:00CXSECURITY Database RSS Feed -
Topic: Takmeel Global - Blind Sql Injection Vulnerability Risk: Medium Text:********************************************************* #Exploit Title: Takmeel Global - Blind Sql Injection Vulnerability ...
2021-09-19 19:20:00CXSECURITY Database RSS Feed -
Topic: Merit Designs- Sql Injection Vulnerability Risk: Medium Text:********************************************************* #Exploit Title: Merit Designs- Sql Injection Vulnerability #Date: ...
2021-09-19 19:20:00CXSECURITY Database RSS Feed -
Topic: Gtech - Sql Injection Vulnerability Risk: Medium Text:********************************************************* #Exploit Title: Gtech - Sql Injection Vulnerability #Date: 2021-09...
2021-09-19 19:20:00CXSECURITY Database RSS Feed -
Topic: Türkiye Milli Kooperatifler Birliği POST SQL Injection Vulnerable Risk: Medium Text:# Exploit Title: Türkiye Milli Kooperatifler Birliği POST SQL Injection Vulnerable # Date: 2021-04-09 # Exploit Author: Xal...
2021-09-19 19:20:00CXSECURITY Database RSS Feed -
Topic: Microsoft Windows cmd.exe Stack Buffer Overflow Risk: High Text:[+] Credits: John Page (aka hyp3rlinx, malvuln) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervi...
2021-09-19 07:19:57Security Boulevard
If you live in the United States and have an AT&T phone, you are almost certainly receiving SMS messages that look something like this:
AT&T Free Msg: August bill is paid. Thanks, MARY! Here's a little gift for you: n9cxr[.]info/dhmxmcmBTQ (from +1 (718) 710-0863)
or
AT&T Free Msg: August bill processed. Thanks, Mary! Here's a little something for you: l4bsn[.]info/C2Lx3oggFi (from +1 (332) 220-7291)
or
AT&T Free Msg: Latest bill is paid. Thanks, Fedencia!  Here's a little freebie for you: k5amw[.]info/VloTBdytEl  (from +1 (870) 663-5472)
AT&T has sort of trained us that it's cool to get messages from them with links in them.  Every time your bill is available, or paid, or has a new charge, you get a text message from them that starts with "AT&T Free Msg:" and ends with a link such as "att.com/myattapp" or "att.com/myViewBill."
This is where some independent amateur researchers make a mistake.  If you visit the URL in the first message from your Windows computer, you are automagically forwarded to Google.
Tha
2021-09-19 05:20:46Legal Hackers
Date: 2021-09-18 18:54 UTC
OS: *
PHP Version: 8.1.0RC2
Package: Reflection related
Title: Enum: ReflectionMethod->getDeclaringClass() return a ReflectionClass
2021-09-19 05:20:46Legal Hackers
Date: 2021-09-18 19:56 UTC
OS:
PHP Version: 8.1Git-2021-09-18 (Git)
Package: Date/time related
Title: Regression in PHP 8.1: Incorrect difference after timezone change
2021-09-19 05:19:51Security Boulevard
via the comic artistry and dry wit of Randall Munroe, resident at XKCD!
Permalink
The post XKCD ‘Hubble Tension’ appeared first on Security Boulevard.
2021-09-19 05:19:51Security Boulevard
Our thanks to DEFCON for publishing their outstanding DEFCON Conference Blockchain Village Videos on the groups' YouTube channel.
Permalink
The post DEF CON 29 Blockchain Village – Shinchul Park’s, Jonghan Lee’s & Seungjoo Kim’s ‘Blockchain As A Threat Modeling Tool’ appeared first on Security Boulevard.
2021-09-19 01:20:03Security Boulevard
Our thanks to DEFCON for publishing their outstanding DEFCON Conference Blockchain Village Videos on the groups' YouTube channel.
Permalink
The post DEF CON 29 Blockchain Village – Reddcoin’s & TechAdept’s ‘CTF Contest’ appeared first on Security Boulevard.
2021-09-19 01:20:02SecWiki News
今日暂未更新资讯~
更多最新文章,请访问SecWiki
2021-09-18 21:21:44博客园_挖洞的土拨鼠
这几天把冰蝎V3.0 Beta11_t00ls的源码阅读了一遍,进行了特征相关的二次开发,绕过某些安全设备的检测。例如:(关于冰蝎流量绕过全流量分析安全设备的建议 #138) 可以说得上是阅读的比较细致了,包含功能的实现,主体实现思路及编程思想。抽时间整理到博客上,估计写的会比较啰嗦。 又根据冰蝎的
2021-09-18 21:21:35TonghuaRoot's BloG. - Cyber se
为 CodeQL 自定义查询规则编写测试文件
0x00 前言
最近花了点时间研究 CodeQL,写了几个查询规则,效果还凑活。在翻 CodeQL 的官方库的时候里头有一些 test 文件啥的,这对我理解官方的查询规则非常有帮助。然后总 jio 着自己写的这几个规则差了点意思,就学了下 CodeQL 的测试文件怎么写,一边看文档一边测试,于是便有了本文。
CodeQL 提供了一个测试框架,用于对查询规则进行自动化回归测试,确保我们自定义的查询规则符合预期。
在执行查询测试时,CodeQL 会对用户期望的结果,和执行测试时实际产生的结果进行比较。如果预期的结果与实际产生的结果不同,该查询测试将会失败。为了 Fix 该条测试,我们应该迭代查询规则以及预期的查询结果,直到预期结果与实际结果完全一致。
本文主要介绍如何创建测试文件,以及使用 test run子命令执行测试。
全文主要包含如下内容:
为自定义查询设置测试 QL 包
为查询规则设置测试文件
运行 codeql test run
示例
后记
References
0x01 为自定义查询设置测试 QL 包
CodeQL 测试文件必须存储于指定的测试 QL 包中,即我们将包含 qlpack.yml 文件的目录称为“测试 QL 包(test QL pack)”,qlpack.yml 文件格式如下:
1
2
3
4

name: <name-of-test-pack>
version: 0.0.0
libraryPathDependencies: <codeql-libraries-and-queries-to-test>
extractor: <language-of-code-to-test>

在 CodeQL 的官方库中,Java Queries 的 test QL pack 为 codeql/java/ql/test,其中 qlpack.yml 内容为:
1
2
3
4
5
6
7

name: codeql/java-tests
version: 0.0.2
dependencies:
codeql/java-all: "*"
codeql/java-queries: "*"
extractor: java
tests: .

libraryPathDependencies 的值指定了测试哪些查询规则。extractor 定义哪一个语言的 CLI 将被用于基
2021-09-18 21:20:00CXSECURITY Database RSS Feed -
Topic: Church Management System (CMS-Website) - Unauthenticated RCE Risk: Medium Text:# Exploit Title: Church Management System (CMS-Website) - Unauthenticated RCE # Exploit Author: Abdullah Khawaja # Date: 2021...
2021-09-18 21:20:00CXSECURITY Database RSS Feed -
Topic: ECOA Building Automation System Missing Encryption Of Sensitive Information Risk: Medium Text:# Exploit Title: ECOA Building Automation System - Missing Encryption Of Sensitive Information # Date: 25.06.2021 # Exploit A...
2021-09-18 21:20:00CXSECURITY Database RSS Feed -
Topic: Cloudron 6.2 Cross Site Scripting Risk: Low Text:...
2021-09-18 21:19:59CXSECURITY Database RSS Feed -
Topic: WordPress Download From Files 1.48 Shell Upload Risk: High Text:# Exploit Title: Wordpress Plugin Download From Files 1.48 - Arbitrary File Upload # Google Dork: inurl:/wp-content/plugins/do...
2021-09-18 17:39:35Security Boulevard
The biggest story this week was over at Apple, which released security updates for a zero-day vulnerability that affects the iPhone, iPad, Mac and Apple Watch.
The post Cybersecurity News Round-Up: Week of September 13, 2021 appeared first on Security Boulevard.
2021-09-18 15:41:06博客园_挖洞的土拨鼠
前言 这篇博客打算重点介绍一下IAST相关的内容,以及IAST如何在DevSecOps中的CI/CD中的结合。做一期大杂烩,同时也是对我这半年多来的实习一次技术总结。 大致需要了解的内容为: CI/CD的介绍 DevOps的介绍 IAST的介绍 在Jenkins流水线引入IAST CI/CD的介绍
2021-09-18 11:39:40Security Boulevard
El análisis de datos resulta bastante útil para un sinfín de propósitos. La gran mayoría lo usa para obtener información precisa sobre el desempeño de ciertas áreas o de la empresa en general. ¿Es posible crear valor para los usuarios …
The post Data wrapping: transformando los datos en experiencias appeared first on ManageEngine Blog.
The post Data wrapping: transformando los datos en experiencias appeared first on Security Boulevard.
2021-09-18 09:39:55Security Boulevard
Our thanks to DEFCON for publishing their outstanding DEFCON Conference Blockchain Village Videos on the groups' YouTube channel.
Permalink
The post DEF CON 29 Blockchain Village – Peter Kacherginsky’s ‘COSTA Coinbase Secure Trait Analyzer’ appeared first on Security Boulevard.
2021-09-18 09:39:55Security Boulevard
Imagine heading to work on a Monday morning. You stop at Starbucks on the way in for a little caffeine jumpstart. Traffic was bad—as usual, but you’ve seen worse. You sit down at your desk and bring your computer to life and find a message on the display letting you know your systems have been encrypted with ransomware. What do you do?
The post Grief Gang’s New Quadruple Extortion Scheme Doesn’t Change the Game appeared first on Security Boulevard.
2021-09-18 09:39:54Security Boulevard
No sooner had the Open Management Infrastructure (OMI) software agent silently installed by Microsoft on more than half of all Azure instances been revealed then threat actors were already on the case, exploiting the flaws. “Mirai botnet is exploiting #OMIGOD—they drop a version of Mirai DDoS botnet and then close 5896 (OMI SSL port) from..
The post OMIGOD! Azure Vulnerabilities Are Being Exploited appeared first on Security Boulevard.
2021-09-18 09:37:41360漏洞预警
360-CERT每日安全简报
2021-09-18 07:39:22Security Boulevard
A key challenge facing organizations in the cloud is how to reign in excessive permissions. Benefits frequently come at a cost to security.
The post Why ‘Role’ Permissions Are So Dangerous To Your Cloud Environment appeared first on Radware Blog.
The post Why ‘Role’ Permissions Are So Dangerous To Your Cloud Environment appeared first on Security Boulevard.
2021-09-18 07:39:22Security Boulevard
How FS Organisations Can Enter The New Age in Digital Banking
michelle
Fri, 09/17/2021 - 09:27
Whether it’s challenges related to data privacy, compliance or a lack of resources and skills, FS organisations need to overcome the hurdles currently impeding the Open Banking revolution.
Sep 10, 2021
This article was first published in Finance Digest.
The financial services (FS) sector is currently undergoing a massive transformation. With the adoption of new digital habits, consumers expect greater convenience, choice, and flexibility in their banking relationships. At the same time, concerted regulatory pressure to encourage innovation and drive competition in banking has accelerated FS organisations’ investment in Open Banking initiatives worldwide. The race to leverage customer data and deliver superior next-gen services and experiences is on.
But there is a problem. The vast majority of FS organisations are failing to comply with mandates such as the EU PSD2-SCA  and meet the enforcement deadlines. In fact, a
2021-09-18 05:40:15Legal Hackers
Date: 2021-09-17 19:37 UTC
OS: Any
PHP Version: Irrelevant
Package: Scripting Engine problem
Title: error_reporting() and ini_get('error_reporting') can get out of sync using @
2021-09-18 05:39:16Security Boulevard
Ransomware groups have been exploiting the switch to remote work unlike any other. Ransomware attacks increased by more than 485% in 20201. By 2031, a new organization is expected to fall prey to a ransomware attack every 2 …
The post How brute-force attacks are spearheading ransomware campaigns appeared first on ManageEngine Blog.
The post How brute-force attacks are spearheading ransomware campaigns appeared first on Security Boulevard.
2021-09-18 05:39:15Security Boulevard
O coronavírus perturbou a vida diária de muitas pessoas ao redor do mundo em um período de tempo surpreendentemente curto. Os estilos de vida mudaram. Um novo normal, embora atingido pelo pânico, se instalou. Muitas organizações adotaram medidas temporárias de …
The post Melhores práticas para garantir a segurança dos dados ao trabalhar remotamente appeared first on ManageEngine Blog.
The post Melhores práticas para garantir a segurança dos dados ao trabalhar remotamente appeared first on Security Boulevard.
2021-09-18 05:39:15Security Boulevard
In a rather appalling discovery, Microsoft has now released patches for critical vulnerabilities in its Open Management Infrastructure (OMI) software agent which had been silently installed on Azure Linux VMs.
The post OMIGOD! Microsoft Secretly Installed an Open Source Agent with Critical Vulnerabilities on Thousands of Linux VMs appeared first on Security Boulevard.
2021-09-18 03:39:28Black Hills Information Securi
ORIGINALLY AIRED ON SEPTEMBER 13, 2021 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2021-09-13 02:59 – Story # 1: https://cyberworkx.in/2021/08/31/authentication-bypass-vulnerability-in-exchange-server/ 04:43 – Story # 1b: https://techcommunity.microsoft.com/t5/exchange-team-blog/how-to-update-ad-schema-to-address-cve-2021-34470-if-exchange-is/ba-p/2617083 07:22 – Story # 2: https://cyberworkx.in/2021/09/08/microsoft-warns-of-new-zeroday-vulnerability-hunting-down-windows-users/ 13:16 – Story # 3: https://therecord.media/ghostscript-zero-day-allows-full-server-compromises/ 17:28 – Story # 3b: https://xkcd.com/2347/ 22:03 – Story # 4: […]
The post Talkin’ About Infosec News – 9/17/2021 appeared first on Black Hills Information Security.
2021-09-18 03:39:21Sploitus.com Exploits RSS Feed
2021-09-18 03:39:21Sploitus.com Exploits RSS Feed
2021-09-18 03:39:21Sploitus.com Exploits RSS Feed
2021-09-18 03:39:21Sploitus.com Exploits RSS Feed
2021-09-18 03:39:21Sploitus.com Exploits RSS Feed
2021-09-18 03:39:21Sploitus.com Exploits RSS Feed
2021-09-18 03:39:21Sploitus.com Exploits RSS Feed
2021-09-18 03:39:21Sploitus.com Exploits RSS Feed
2021-09-18 03:39:20Sploitus.com Exploits RSS Feed
2021-09-18 03:39:19Security Boulevard
The Fortinet Security Summit was held as part of the PGA TOUR’s Fortinet Championship event. Learn about Fortinet's Security Summit and practical insights for cybersecurity leaders.
The post Fortinet Security Summit Discusses Practical Insights For Cybersecurity Leaders appeared first on Security Boulevard.
2021-09-18 03:39:19Security Boulevard
The newest wearable tech on the market is a pair of glasses that can record 30-second videos and take photos, the result of a collaborative effort between Facebook and Ray-Ban. The glasses, called Ray-Ban Stories, are “designed for frictionless media capture of the world around you” according to Wired. The reporters who tried them out said the glasses are lightweight and very simple to operate. The reporters also noted that the LED indicator light on the front of the glasses, intended to alert anyone nearby that the glasses were recording, is exceptionally dim, making it potentially easy to record covertly.
The post Facebook Releases Video Capture Glasses | Avast appeared first on Security Boulevard.