Security Think Tank: Risk tolerance key to security outsourcing policy
Many small and medium-sized enterprises (SMEs) attempt to close the breaches in their defences in a cost-effective way by bringing in managed service providers (MSPs). Yet the irony is that...
View ArticleOracle Linux - security hardening - CIS control 1.1.2
As part of ensuring you deploy Oracle linux 7 in a secure way the CIS benchmark van provide a good guidance. Following the CIS benchmark will ensure that most of the important security hardening...
View ArticleClik here to view.
宇称链亮相2018中国网络与信息安全大会
【前瞻】相关领导人在2018年全国网络安全和信息化工作会议上强调:必须敏锐抓住信息化发展的历史机遇、维护网络安全、推动信息领域核心技术突破,发挥信息化对经济社会发展的引领作用,加强网信领域军民融合,主动参与网络空间国际治理进程,自主创新推进网络强国建设,为全面建成小康社会、夺取新时代中国特色社会主义伟大胜利、实现中华民族伟大复兴的中国梦作出新的贡献。...
View ArticleNew Open Source Effort: Legal Code to Make Reporting Security bugs Safer
The Disclose.io framework seeks to standardize "safe harbor" language for security researchers. Not a week goes by without another major business or Internet service announcing a data breach. And while...
View ArticleClik here to view.
A checklist of Node.js security best practices
Node.js is the ecosystem of choice for the majority of serverless development, and so it seems barely a week can go by without us including a serverless-related link in Node Weekly. If serverless...
View ArticleClik here to view.
Facebook's security chief is leaving the company
A spokesperson has confirmed the move to The Verge , telling the publication: "We are not naming a new CSO, since earlier this year we embedded our security engineers, analysts, investigators, and...
View ArticleClik here to view.
Working Geek: F5’s security chief Mike Convertino fights weaponized ‘fear,...
Mike Convertino, head of technology for Seattle-based F5’s security products. (F5 Photo) Mike Convertino was not surprised by Russia’s meddling in the 2016 U.S. election through its weaponization of...
View ArticleArch Linux 2018.08.01 Out Now with Linux Kernel 4.17.11, Latest Security Updates
A new Arch linux install medium has been released, Arch Linux 2018.08.01, for those who want an up-to-date ISO image to install one of the most acclaimed and lightweight GNU/Linux distributions on...
View ArticleIDG Contributor Network: “Political hack” takes on new meaning in the age of...
The media blitz about Russia’s involvement in our electoral process redefines the term “political hack.” Our fundamental right to legitimately and confidentially vote in elections, with confidence our...
View ArticleIDG Contributor Network: What’s next in payment security?
There's a revolution going on the payment technology space right now, no doubt about it. However, it's vitally important for businesses to embrace payment security innovations at the same time and at...
View ArticleClik here to view.
好奇心日报:所有平台停更一个月,正视问题认真整改
8月3日下午消息,《好奇心日报》发布公告,进行全面整改,自8月3日15时起,所有网络传播平台暂停更新一个月。新浪科技尝试打开《好奇心日报》网站及App,发现内容均已清空,其官方微博也已停止更新。...
View Article13 things to consider before adopting end-to-end encryption
There is a lot to consider before making any technical change in your company’s operations. And when adopting end-to-end encryption, there are some specific considerations to make to get it right. We...
View ArticleClik here to view.
The Hacker's Diet (2005)
The Hacker's Diet How to lose weight and hair through stress and poor nutrition ByJohn Walker The Hacker's Diet , notwithstanding its silly subtitle, is a serious book about how to lose weight and...
View ArticleIran-Linked RASPITE Group Targets U.S. Electric Utilities
A known threat group believed to be based in Iran is trying to gain access to computer infrastructure belonging to U.S. electric utility organizations. The group, which researchers from industrial...
View ArticleFour Cool Tools Expected Out of Black Hat
Security professionals, penetration testers and malware investigators are preparing to get energized. In just about a week the hacking community will converge on Las Vegas to drop their biggest...
View ArticleClik here to view.
我们开发了一款可以“躺着运维”的网络安全产品
安博通 安全策略可视化平台 ,分为基础策略层、流量分析层和能力叠加层。 基础策略层 ,构建安全策略和访问路径的动态可视化地图。 流量分析层 ,实现业务性能可视化、安全状态可视化、异常流量可视化。 能力叠加层 ,实现第三方监测事件叠加、威胁情报与安全态势集成,并对这二者进行关联分析。 通过这三个层次实现产品的稳定架构和功能叠加,为用户提供 六大价值 : 基础架构可视化...
View ArticleClik here to view.
物联网设备之安全分析
智联万物的生活渐行渐近,物联网是现代科技高度集成和综合运用的体现,对新时代产业变革和社会经济发展具有决定性位置。当前,物联网设备呈现指数级增长态势,然而在物联网高速增长下,安全问题却暴露出来。 根据研究机构Gartner...
View ArticleClik here to view.
Q&A: Crypto jackers redirect illicit mining ops to bigger targets ― compa...
Illicit crypto mining is advancing apace. It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting...
View ArticleClik here to view.
安全时效最多三年 内网外网不再分家
技术的发展让企业的数字边界不断拓宽,数据安全开始不存在内外部之分,不再存在边界过程中,长期的安全策略失效,安全时效性最多只有三年。 企业安全时效小于3年 IT架构的收缩和扩张都影响着企业安全稳定性,而过于长期的安全策略就必然面临了很多不确定性。比如新出现的黑客攻击手段、安全战略制定者离开团队等都将影响企业安全战略的逻辑与实施。 所以说,企业安全策略是具有时效性的,原因有二:...
View ArticleClik here to view.
sql注入fuzz bypass waf
0x0 前言 0x1 注入点检测 0x2 bypass waf 0x3 自动化 ### 0x0 前言 --- 这里是简单对sql注入绕过waf的一个小总结,非安全研究员,这里不讲原理,关于原理搜集了一些其他大佬的文章(文章在最下面请自取),感谢他们的分享,比着葫芦画瓢,对着各大waf厂商跟着师傅们来一波实战,进行一个简单的总结。 ### 0x1 注入点检测...
View Article