Microsoft yanks buggy Office 2016 patch KB 4018385, republishes all of this...
As I reported yesterday , the July 2018 windows and Office patches teem with bugs. We’re just beginning to see the fallout. The July 3 non-security Office 2016 patch KB 4018385 is officially yanked....
View ArticleClik here to view.
Cloudbric(CLB)基于区块链技术的下一代AI网络安全
随着世界转变成为一个愈趋互相连结及网络主导的社会,防护私人线上数据的需求也愈益成为重中之重。不同线上渠道之间的资讯都是开放流动的,这使用户和机构都非常重视有关网络骇客入侵的问题。重要的线上数据已不断受到严重冲击,每年都有过百万的私人资料纪录被窃。 网络攻击亦已延伸到新兴市场,如电子 货币...
View ArticleIDG Contributor Network: Deep container inspection: What the Docker Hub Minor...
The concepts of trust and security are different, but often confounded. They are similarly nuanced as the difference between threats and vulnerabilities , but I’ll save that for another day. The...
View ArticleClik here to view.
以太坊代币“假充值”漏洞细节披露及修复方案
披露时间线 以太坊代币“假充值”漏洞影响面非常之广,影响对象至少包括:相关中心化交易所、中心化钱包、代币合约等。单代币合约,我们的不完全统计就有 3619 份存在“假充值”漏洞风险,其中不乏知名代币。相关项目方应尽快自查。由于这不仅仅是一个漏洞那么简单,这已经是真实在发生的攻击!出于影响,我们采取了负责任的披露过程,这次攻击事件的披露前后相关时间线大致如下: 2018/6/28 慢雾区情报,USDT...
View ArticleDevSecOps已发展成为一个社区
6月28日,继4月份旧金山的一个类似活动之后,第一届 DevSecOps Days 活动在伦敦拉开帷幕。活动组织人John Willis和Mark Miller在开场做了欢迎致辞,他们说,活动的目的是复制 DevOpsDays 模型,并促进全球社区举办自己的活动。 第一个演讲由LARES咨询公司对抗性研究和工程主管Chris...
View ArticleClik here to view.
基于不同视角的安全管理
常常被问到几个类似的问题“为什么国内很少听到真正CSO、CISO的职位与人员”、“如何做好一个企业的安全负责人”“一个企业安全负责人应该具备什么样的能力要素”等等。...
View ArticleClik here to view.
360团队:这个黑客已盗走2000万美元ETH,矿机和第三方APP都是目标
根据中国互联网 安全 公司奇虎360 Netlab报告称,由于 以太坊 矿机配置不当以及第三方 应用 问题,黑客已经窃取了2000万美元的ETH。360 Netlab的专家表示,这些网络攻击的目标是不安全的 以太坊 节点。 黑客攻击细节 早在3月15日,360 Netlab就提醒 数字货币 社区黑客正在搜索互联网上不安全的 以太坊 节点。当时,这些所谓的网络犯罪分子已经盗走了3.96个ETH。...
View ArticleClik here to view.
电网防护公司SEL爆多个漏洞,可导致拒绝服务
电网防护公司施瓦茨工程实验室 (SEL) 的管理和配置工具中出现多个包括高危级别在内的漏洞,该厂商已发布软件更新。 工业网络安全公司 Applied Risk 的研究员 Gjoko Krstic 发现了这些安全漏洞。漏洞影响旨在管理 SEL 产品的工具 SEL Compass 和精简 IEC 61850 控制和 SCADA 通信配置和文档的应用 AcSELerator Architect。 XXE...
View ArticleIDG Contributor Network: Managed detection and response: disruptive approach...
A visit to major security conferences, such as RSA and Black Hat, quickly demonstrates the industry’s love of hyperbolic rhetoric and absolutist promises of pan-threat protection. Of course, once the...
View ArticleClik here to view.
威胁建模:摆脱随机挖洞的命运
经常有人会说 “web安全门槛低,二进制安全门槛高” ,先不讨论它是对是错,但至少这让多数人意识到:开始搞Web安全时, xss 弹个框,sql注入写个单引号, sqlmap 跑一下就拖库了,这种总是令人感觉那么容易(懂这些就敢对外自称“高级渗透测试工程师”的大有人在);搞二进制的就没那么容易出效果了,因为得先学C、汇编,而且一些自动化工具也没web多,就算费九牛二虎之力搞出来,也没黑个站酷炫。...
View ArticleRussian hackers used bitcoin to fund election interference, so prepare for FUD
The indictment filed today against 12 Russians accused of, among other things, hacking the DNC and undermining Hillary Clinton’s campaign also notes that the alleged hackers paid for their nefarious...
View ArticleThreat Hunting Methodologies
Introduction Threat hunting is a proactive and iterative approach to detecting threats. It falls under the active defense category of cybersecurity since it is carried out by a human analyst, despite...
View ArticleClik here to view.
Serverless Security Risks Laid Bare
Vince Power Vince is a guest blogger for Twistlock who has a focus on cloud adoption and technology implementations using open source-based technologies. He has extensive experience with core computing...
View ArticleCylance and Demisto: Optimizing Security Operations
The Cylance Axiom Alliances Program is a community of cybersecurity solution providers working together to deliver a prevention-first approach to security. Unlike other ecosystems built around the...
View ArticleThe Ultimate Guide to Threat Hunting
Introduction At its essence, cyberthreat hunting can be quite similar to real-world hunting. It requires a uniquely skilled professional possessed of considerable patience, critical thinking,...
View ArticlePython SSL Requests and Let's Encrypt Certs
I'm struggling at the moment to get the requests library to perform a simple GET request to a site of mine with a Let's Encrypt certificate. All's well with the site and I can access it from Chrome...
View ArticleClik here to view.
EOS的史诗级漏洞可怕么?盘点币圈链圈严重的几场黑客攻击事故
自 360 爆出 EOS 存在“价值百亿美元的安全漏洞”后,区块链安全问题再次被推向了台前。 关于此次 360 团队发现的 EOS 存在的漏洞如果被袭击所产生的后果,360 公司董事长周鸿yN在“王峰十问”的对话中这样解释到: “如果漏洞被人利用,可以控制 EOS...
View ArticleClik here to view.
哈希日报:Bitfinex昨日遭黑客攻击目前已恢复正常运行;俄罗斯圣
Top line 今日头条 彭博社:Bitfinex昨日遭黑客攻击,目前已完成维护并恢复正常运行 印尼期货交易监管局允许交易加密货币期货 俄罗斯圣彼得堡维堡法院撤销了2016年对加密货币新闻网站发布的禁令 越南财政部提议暂时禁止加密货币挖矿硬件的进口 微软收购Github消息发布后,Gitlab日访问量激增615个百分点 Market trends 市场动态...
View ArticleHackers steal $23.5M in cryptocurrency from 'decentralized' crypto exchange...
Attackers managed to steal $23.5 million of three different cryptocurrencies from the decentralized exchange Bancor . Although Bancor was able to mitigate the damages down to $13.5 million, the hacker...
View ArticleHow can we use coding more creatively? Artist and hacker Zach Lieberman will...
What do computer coding and creating art have in common? Who are the artists who have influenced you most? How can art make everyday life better? Ask all this and more to new media artist Zach...
View Article
