1月18日 - 每日安全资讯播报
今日要闻推荐:工信部发布《大数据产业发展规划(2016-2020年)》解读;奥巴马赶在卸任前签署了新的隐私数据共享法案;德意志银行禁止用移动通信继续用电子邮件;俄罗斯官员:普京的网站每天会遭到数千次黑客攻击。 [每日要闻] 工信部发布《大数据产业发展规划(2016-2020年)》解读 http://t.cn/RMR9HBl 奥巴马赶在卸任前签署了新的隐私数据共享法案...
View ArticleHTTPS原理简单介绍
HTTPS在今后的互联网中必将扮演者越来越重要的角色了,国外互联网大佬对https部署也是竭力鼓吹呐喊,HTTP/2协议的推广更是逼着你不上也得上!在HTTPS普及化过程中,必然会损害某些集团的利益,但是这是互联网的趋势,历史的洪流是谁也阻挡不了的! 这篇文章就是对HTTPS的大概做一个了解,力图宏观上掌握其基本原理和流程,而其中涉及到的具体加密算法的细节之流就留给那些博士title的人研究去吧!...
View ArticleKaspersky System Checker
Kaspersky System Checker To get started downloaded the 40+ Megabyte standalone file from the Kaspersky website. You can run it right after you have downloaded the program. Hit the "run diagnostics"...
View Article4 must-have courses that will launch your white hat hacking career
Setting yourself up as an IT security expert is a fast track to star status on the tech landscape ― with a nice paycheck, to boot. Becoming an ethical hacker may still be misunderstood by many, but for...
View ArticleU.S. Financial Regulatory Agency Explores Blockchain’s Impact On Securities...
By Lester Coleman for CryptoCoinsNews The Financial Industry Regulatory Authority released a report on blockchain’s impact on the securities industry in its efforts to support financial institutions...
View ArticleThe President’s New Phone
A version of this post originally appeared in the Cyber Saturday edition of Data Sheet , Fortune ’s daily tech newsletter. President Trump began his new job and, at the insistence of the Secret...
View ArticleSecurity Patches for Sony Xperia X and Xperia X Compact
An update was released on Jan. 20 for Sony’s Xperia X and Xperia X Compact but don’t get too excited, as the update only comes with security patches. The updates bring the build number on the devices...
View Article【漏洞预警】Cisco WebEx奇葩漏洞: 浏览器插件存在任意远程代码执行漏洞(含EXP)
【漏洞预警】Cisco WebEx奇葩漏洞: 浏览器插件存在任意远程代码执行漏洞(含EXP) 2017-01-24 09:23:39 来源:chromium 作者:安全客 阅读:1798次 点赞(0) 收藏 Cisco的WebEx extension(jlhmfgmfgeifomenelglieieghnjghma)拥有约2,000万活跃用户,并且它也是思科Webex视频会议系统重要的组成部分。...
View Articleggedit 0.0.2: a GUI for advanced editing of ggplot2 objects
Last week the updated version of ggedit was presented in RStudio::conf2017 . First, a BIG thank you to the whole RStudio team for a great conference and being so awesome to answer the insane amount of...
View Article看我如何利用漏洞窃取麦当劳网站注册用户密码
本文讲述了利用不安全的加密存储(Insecure_Cryptographic_Storage)漏洞和服务端反射型XSS漏洞,实现对麦当劳网站( McDonalds.com) 注册用户的密码窃取,进一步测试,还可能获取到网站注册用户的更多信息。 POC-利用反射型XSS漏洞绕过AngularJS框架沙箱...
View ArticleHR 们注意了,你们已成为新型网络勒索的重点目标
如今人们的安全意识都还不错,不再轻易打开陌生人发来的邮件,这让网络攻击者很郁闷,但很快他们就发现企业中一个比较特殊的人群――HR。 对于人力资源部的同事们来说,打开陌生邮件几乎是无法避免的,每天处理大量的的求职邮件已经够忙,一边要考察求职者是否合适本公司,一边还要鉴别对方是不是网络攻击者,这难度显然比一般人更高, 于是他们“理所应当”地成为了网络勒索者的重点目标。 根据研究机构 Check...
View ArticleRogue developer used ‘backdoor’ web access to fuel cybercrime spree
Dutch police have warned 20,000 email users to change their logins after discovering the addresses on the computer of a rogue web developer who harvested them from websites into which he’d inserted...
View ArticleOracle E-Business Suite本地安全漏洞(CVE-2017-3246)
Oracle E-Business Suite本地安全漏洞(CVE-2017-3246) 发布日期:2017-01-18 更新日期:2017-01-18 受影响系统: Oracle E-Business Suite 描述: BUGTRAQ ID: 95604 CVE(CAN) ID: CVE-2017-3246 Oracle E-Business Suite是企业级商业应用的综合套装。...
View ArticleStored XSS-ing Millions Of Sites Through HTML Comment Box
Our guest blogger and Detectify Crowdsource hacker Karim Rahal explains how he discovered and reported stored XSS vulnerability that affected over a million of websites. The Story My friend Ibram...
View Article'Ancient' Mac backdoor discovered that targets medical research firms
Security researchers at Malwarebytes have discovered a Mac backdoor using antiquated code that targets biomedical research facilities. The malware was probably created years ago but has only recently...
View ArticleFruitfly: Unusual Mac backdoor used for tightly targeted attacks?
Researchers have found and analyzed a Mac backdoor that is unusual in many ways. The malware detected as OSX.Backdoor.Quimitchin by Malwarebytes but dubbed Fruitfly by Apple is believed to have been...
View Article深度 | 和木马撕X的三场战役
1989年,勒索木马的鼻祖“ PC Cyborg 木马”出现,以“艾滋病信息引导盘”的形式进入系统,在系统启动次数达到 90 次时,该木马将 C 盘的全部文件加密。此时,屏幕显示信息,声称用户的软件许可已经过期,要求用户向“ PC Cyborg ”公司位于巴拿马的邮箱寄去 189 美元,以解锁系统。 庆幸的是,这个勒索木马的作者被抓获,被起诉时他还曾为自己辩解,称其非法所得用于艾滋病研究。...
View ArticleAPT攻击到底有多恐怖?美联邦调查局高官这样看
美国联邦调查局某高官曾经说过: “世界上只有两种大型企业,一种是知道已经被黑客入侵的企业,另一种则是被入侵却浑然不知的企业。” 有人感觉,“高官”的言论未免太过极端,但不可争议的是,近几年APT攻击愈演愈烈。 数据 统计,仅2014年全球就有超过80000家公司遭遇 网络...
View Article什么是流量劫持,如何防止流量劫持?
流量劫持,是利用各种恶意软件修改浏览器、锁定主页或不停弹出新窗口,强制用户访问某些网站,从而造成用户流量损失的情形。流量劫持是一种古老的攻击方式,比如早已见惯的广告弹窗(如下图)等,很多人已经对此麻木,并认为流量劫持不会造成什么损失。而事实上,流量劫持可以通过多种你无法觉察的方式窃取信息! HTTP协议缺陷,使流量劫持得以实现...
View Article可能不为人知的五大黑客事件
随着网络的发展,黑客问题被各国政府高度重视,它已经成为了我们这个时代最重要的政治和安全话题之一。 俄罗斯总统弗拉基米尔普京在俄罗斯联邦议会发表国情咨文,莫斯科克里姆林宫。 假期中的新闻很少,媒体的很大一部分注意力都集中在体育赛事和玛利亚凯利被爆新年夜假唱等事件上。不过,在2016年年底也出现了一系列和黑客有关的故事,而这已经成为了我们这个时代最重要的政治和安全问题之一。...
View Article