Clik here to view.
Bateleur, the new malware backdoor targeting restaurant chains, from the...
The developers of the notorious Carbanak banking trojan have added a new javascript backdoor to their tool set. The new threat, dubbed "Bateleur", appears to be targeting chain restaurants based in the...
View ArticleChina Holds Drill to Shut Down ‘Harmful’ Websites
China held a drill on Thursday with internet service providers to practice taking down websites deemed harmful, as the country's censors tighten control ahead of a sensitive five-yearly political...
View ArticleClik here to view.
如何搭建HTTPS的云WAF
前言 如何建立云WAF这篇文章讲述了我构造http的云WAF的经历。最近博客迁移到了https,所以就存在一个「https的WAF环境,应该如何配置」的问题。 如何配置 在手上没有什么资料的前提下,我开始进行大胆猜测。我们知道这个过程一定是: 访问 https://joychou.org DNS服务器CNAME到waf.joychou.me域名...
View Article微软重要漏洞补丁齐发,数据加密保护成焦点
摘要: 在6月14号的时候,微软一下子发布了关于windows操作系统、Edge浏览器、Office办公软件等产品共102个漏洞的安全更新。在面对勒索病毒的危害下,微软也在不停的调整和积极完善,需要注意的是例如Windows XP等停止更新的操作系统,则需要手动下载......
View ArticleClik here to view.
2017 Runner-Up: Neville Longbottom
In second place for the 2017 Underhanded Crypto Contest is “Neville Longbottom” for an application that uses AES to encrypt data, but has special behavior for long messages. For this entry, the author...
View ArticleClik here to view.
WannaCry Hero Arrested, One of Two Charged with Distribution of Kronos Malware
Marcus Hutchins, the researcher hailed for his work in blunting the WannaCry ransomware outbreak in May, was arrested Wednesday in Las Vegas and charged with creating and distributing the Kronos...
View ArticleWannaCry-slayer Marcus Hutchins 'built Kronos banking trojan' FBI
Marcus Hutchins, the British malware researcher who killed off the WannaCry ransomware outbreak, was arrested in Las Vegas on Wednesday on suspicion of being a malware writer himself. Hutchins, aka...
View Article.NET Core Middleware OWASP Headers Part 2 Configuration
using System; using System.Threading.Tasks; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http.Abstractions; namespace OwaspHeaders.Core { /// /// A middleware for injecting OWASP...
View ArticleThe Security Community, Not Government, Must Fix IoT
The Senate is considering a bill that would force some serious changes in the way that vendors handle the security of the IoT devices they sell, but while the proposed law has strong bones, it should...
View Article4 Ways to Secure Your Authentication System in Rails
Reading Time: 9 minutes This article was originally published on Duck Type Labs by Sid Krishnan . With his kind permission, we’re sharing it here for Codeship readers. Authentication frameworks in...
View ArticleHackers Behind WannaCry Cashed Out Bitcoin While No One Was Watching
Almost three months after their ransomware wreaked havoc all over the world ―locking doctors out of patient records, preventing employees of telecom giants to work on their company computers, and...
View ArticleClik here to view.
Hacker News News Feed for the Mac Touch Bar
toucHNews: Hacker News news feed for the Mac Touch Bar toucHNews is a simple, interactive Hacker News news feed for the Mac Touch Bar. It lives persistently in the "Control Strip", the small cluster of...
View ArticleClik here to view.
阻击勒索病毒英雄因制作木马被捕
协助停止“想哭”(WannaCry)勒索软件传播的英国网络安全研究人员在美国被捕,被指控为制作针对银行的恶意软件提供了帮助。 周三,网名为“Malwaretech”的马库斯哈钦斯(Marcus Hutchins)正要从拉斯维加斯乘飞机回家时,因六项指控遭逮捕。此前,他在拉斯维加斯参加“黑帽”(black hat)和Def Con两场网络安全会议。...
View Article发现 WannaCry 致命开关的英国黑客居然被FBI抓了!
因通过注册隐藏在恶意软件中的域名,而得以阻止WannaCry 在全球快速蔓延,22岁的英国小伙儿 Marcus Hutchins 简直可以用一夜成名来形容。 在 Marcus Hutchins发现这个病毒的 kill switch(自杀开关)之前,WannaCry...
View ArticleClik here to view.
绿盟答疑|为什么设置了由外到内全部禁止的策略,依然感染了勒索病毒?
阅读: 1 企业网络,部署了各种安全设备,尤其是互联网网关的地方,防火墙设置了安全策略,从外面过来的一概不允许进入。蠕虫勒索究竟是如何进入到企业网络内部的呢? 文章目录 蠕虫型勒索对全球企业造成破坏 TAC是检测和防御勒索软件的秘密武器 蠕虫型勒索对全球企业造成破坏...
View ArticleClik here to view.
8月4日 - 每日安全知识热点
【知识】8月4日 - 每日安全知识热点 2017-08-04 11:13:35 阅读:200次 来源: 安全客 作者:童话 热点概要: 拉响WannaCry“紧急制动开关”的安全专家制作Kronos银行木马被捕、 DEFCON 25 Recon Village OSINT CTF Write-Up、 Supervisord远程命令执行漏洞(CVE-2017-11610)、 windows...
View ArticleBest Practices for Responding to Government Requests for Information
Twice a year, Twilio publishes a transparency report to inform our community of how many government requests for information we received, how we responded to the requests, and how we notified the...
View ArticleClik here to view.
在想新密码吗?新服务将帮你尽量避开那三亿多个组合
由安全专家 Troy Hunt 开设的 「Have I Been Pwned(HIBP)」网站 ,原先就有提供输入 Email 后,系统就会自动比对过去几次大规模个资外泄事件的受害者清单的服务,让你可以尽快采取必要的措施,保护自己的帐号。如今 Troy 将 整个概念反了过来 ,让你可以输入任何一组密码,交由 HIBP 的系统去搜索你的密码是否和先前任何一次泄漏的密码重复。这个密码的总资料库包含多达...
View ArticleLaravel v5.4.32 is Released with a Security Fix for Image Uploads
Laravel 5.4.32 is now released and it includes a security fix for apps that accept local image uploads and a revert on a recent change to the “BelongsToMany::create()” method. If your app allows local...
View ArticleClik here to view.
8月1日 - 每日安全知识热点
【知识】8月1日 - 每日安全知识热点 2017-08-01 10:57:11 阅读:162次 来源: 安全客 作者:童话 热点概要: 渗透测试中的certutil、 通向内网的另一条路:记一次无线渗透测试实战、 hacking DEFCON25(2017)的投票机、 CVE-2017-0190:针对能导致代码执行的WMF漏洞分析、 逆向工程一个javascript混淆Dropper...
View Article
