Clik here to view.
Using Network Security Fabric to Meet New York's (and Other) Financial...
Attacks on the financial services industry can result in substantial losses, both for the breached organizations as well as for the customers that trust them to protect their financial information and...
View ArticleClik here to view.
MS16-063 IE11 jscript9.dll TypedArray UAF漏洞分析及利用(Windows 10 Bypass CFG)
1. 漏洞分析 由于是关于堆的漏洞,为了调试方便开启 HPA 和 UST ,打开POC页面 <html> <div> <script> function pwn() { var ab = new ArrayBuffer(1000 * 1024); var ia = new Int8Array(ab); detach(ab); setTimeout(main,...
View ArticleClik here to view.
Nearly 3 million UK businesses experienced a cyber-security incident in 2017
More than half of businesses in the UK were victims of cybercrime last year, according to a new report by Beaming. The report says that 2.9 million UK firms, or 52 percent, experienced some form of...
View Article美媒:奥巴马曾用网络攻击阻止朝鲜核计划,收效不佳
原标题:美媒:奥巴马曾用网络攻击阻止朝鲜核计划,收效不佳 据《纽约时报》3月4日消息,美国前总统奥巴马政府2014年曾试图利用网络攻击扰乱朝鲜弹道导弹试验,希望能从测试发射之初展开破坏,但未能取得重大成效。...
View ArticleSecure gRPC with TLS/SSL
One of the primary requirements for the systems we build is something we call the “minimum security requirement”. Although our systems are not designed specifically for high security applications,...
View ArticleClik here to view.
3月4日 - 每日安全知识热点
热点概要: JBoss AS 3/4/5/6远程命令执行漏洞 、 七种方式利用远程文件包含漏洞 、 恶意垃圾邮件(malspam)的分析 、 安装“万能解码器”还原真实“解码”、 百度承认旗下网站暗藏恶意代码:已调查清除 向用户致歉 国内热词(以下内容部分摘自 http://www.solidot.org/ ): Google 将收件方的 Gmail 附件容量增至 50MB 云计算: Amazon...
View ArticleClik here to view.
PHP&XSS的一些小tips
最近搜集的一些,php过waf webshell,弱类型,open basedir,XSS绕过的一些小tips,欢迎大牛纠错。-\ - 无字母数字webshell构造 PHP TRUE == 1 FALSE == 0 TRUE + TRUE == 2 异或:' ! '^' ` ' == 'A' 取反:~('和'{2}) == 's' PHP 自增:仅允许字母字符自增 'a'++ == 'b';...
View ArticleClik here to view.
SHA-1碰撞攻击将会对我们产生怎样的现实影响?
近期,Google和荷兰国家数学和计算机中心(Centrum Wiskunde & Informatica,CWI)的研究人员完成了针对第一例SHA-1的碰撞攻击,创造了两个hash值完全相同但内容截然不同的文件。然而,在真实的信息安全世界中,这种攻击又会怎样对个人和组织机构造成何种威胁呢? 对SHA-1算法不安全的担心由来已早。在2015年荷兰国家数学和计算中心和新加坡南洋理工大学研究员...
View Article马化腾两会7大建议 涉及个人信息安全、未成年人健康上网等
每经记者 赵娜 每经编辑 卢祥勇 “其实在之前准备的过程中,我很多建议都想提,列出来之后,差不多二、三十项,而且很难取舍。这个也舍不得,那个也舍不得。最终合并的合并,删减的删减。”随着2017年全国两会开幕,3月3日晚,全国人大代表、腾讯公司董事会主席兼首席执行官马化腾接受包括《每日经济新闻》在内的媒体采访时称,最终确定的是7个建议。...
View ArticleClik here to view.
How to Use & Share Customer Data without Damaging Trust
These five tips for protecting consumer privacy will ensure that your customers will stay customers for the long run. Consumer privacy is gearing up to make a big splash this year as people become...
View ArticleClik here to view.
Open Source Security in SCA, M&A, IoT, & Teddy Bear Cyber Threats ...
February wound down with 1075 CVEs entries total in the National Vulnerability database. Before we get into this week’s news, some interesting numbers around software composition analysis (SCA) and...
View ArticleClik here to view.
Product Update: Enhanced Vulnerability Clarity with NEW Submission Form
New Feature! VRT-enabled submission form drives enhanced vulnerability reporting Bugcrowd is excited to announce another Crowdcontrol update - the integration of our Vulnerability Rating Taxonomy (VRT)...
View ArticleClik here to view.
How JPMC is making IT more innovative with PaaS, public and private
A good, pretty long overview of JPMorgan Chase’s plans for doing cloud with a PaaS focus . Some highlights. More than just private-IaaS and DIY-platforms : Like most large U.S. banks, JPMorgan Chase...
View ArticleDealing with Overwhelming Volume of Security Alerts
When it comes to incident detection and response, enterprise organizations are collecting, processing, and analyzing more security data through an assortment of new analytics tools Endpoint detection...
View ArticleClik here to view.
【技术分享】菜谈安全:CloudBleed事件感想录
【技术分享】菜谈安全:CloudBleed事件感想录 2017-03-06 12:26:27 来源:安全客 作者:360GearTeam 阅读:210次 点赞(0) 收藏 作者:cyg07@360Gear Team 预估稿费:300RMB 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿 前言...
View ArticleClik here to view.
【技术分享】利用ssrf漏洞获取google内部的dns信息
【技术分享】利用ssrf漏洞获取google内部的dns信息 2017-03-06 11:03:25 来源:rcesecurity.com 作者:派大星 阅读:766次 点赞(0) 收藏 翻译:派大星 预估稿费:100RMB 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿 前言...
View ArticleClik here to view.
【技术分享】SMB 拒绝服务漏洞在web应用上的利用
【技术分享】SMB 拒绝服务漏洞在web应用上的利用 2017-03-06 14:17:19 来源:secureworks.com 作者:why233 阅读:320次 点赞(0) 收藏 翻译:why233 预估稿费:110RMB 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿 前言 CVE-2017-0016SMB 0 day...
View ArticleClik here to view.
【技术分享】ROP技术入门教程
【技术分享】ROP技术入门教程 2017-03-06 15:57:38 来源:ketansingh.net 作者:beswing 阅读:658次 点赞(0) 收藏 翻译:beswing 预估稿费:200RMB 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿 前言 不可否认的是,不管是CTF赛事,还是二进制漏洞利用的过程中,ROP都是一个很基础很重要的攻击技术。...
View ArticleClik here to view.
印度军方2万页数据泄露 建三军网络部队防中巴黑客
印度军方2万页数据泄露 建三军网络部队防中巴黑客 11小时前来源:北晨网 原标题:印度军方2万页数据泄露 建三军网络部队防中巴黑客 php?url=0Fn3paGUdX" alt="印度军方2万页数据泄露 建三军网络部队防中巴黑客" />资料图:印军军官观看解放军军官操纵军用电脑...
View Article
