Clik here to view.
谷歌“白帽”要苹果为它的iPhone漏洞付钱
谷歌安全研究人员Ian Beer表示,他过去几年为iOS找出了30个漏洞,这些漏洞使得苹果的软件更加安全;他希望苹果为此支付报酬。 号称全球最安全的苹果系统一直是黑客的热门挑战之一。 2016年,苹果开始邀请黑客向公司报告漏洞, 提出的赏金高达六位数 ,当然这也是为了阻止黑客们将这些漏洞销售给其他公司。 在过去的几年里,最多产的iOS漏洞猎人可谓是Ian...
View ArticleMimecast extends core email security to enable cyber resilience
Email management firm Mimecast is applying its cloud-based microservices approach ever more widely to enable customer organisations to increase their cyber resilience. “This approach is more flexible...
View ArticleThreat Hunting for Unexpectedly Patched Systems
Threat hunting is the proactive approach to find anomalies related to threats that could cause potential harm to an organization. These could be the signs of intrusion , as a part of malware campaign,...
View ArticleClik here to view.
威胁预测的“新”定义
若对成功抱有不切实际的期待,安全工作将很难正确开展。安全团队需澄清“威胁预测”的概念,去除有关威胁预测的3个常见误解,将公司对预测性安全的理解从科幻小说拉回到现实中来。...
View ArticleLifetime access to premium password manager for under $20
Simplify your life by minimizing the number of passwords you are required to memorize. With all the things you have to keep track of every day, it’s too easy to forget an important password. Password...
View ArticleClik here to view.
研究称卫星有漏洞:黑客可让卫星过度充电令其损害
一名安全研究人员警告称,飞机、舰船和军方使用的卫星系统中均含有可能让黑客控制它们的安全漏洞。最严重的漏洞可能会让攻击者向卫星天线过度充电,从而损害设备或损害运营商利益。研究人员表示,其他漏洞可能会被用来泄露军事力量在特定地区的确切位置。 发现了这些漏洞的IOActive公司表示,其正在与制造商合作,以加强设备抵御攻击的能力。...
View ArticleClik here to view.
密码故事――最最简单地攻防(1)Zfund量化套利
字母表顺序和数字 加密的时候,经常要把A~Z这26个字母转换成数字,最常见的一种方法就是取字母表中的数字序号。A代表1,B代表2,C代表3...以此类推 最最简单的 进制转换密码 Mod法 倒序法 间隔法 反字母表法 随机乱序字母 进制转换密码 例如二进制:1110 10101 1101 10 101 10010 1111 1110 101 转为十进制:14 21 13 2 5 18 15 14 5...
View ArticleClik here to view.
Building a truly decentralized system with a distributed key generator
Building a truly decentralized system with a distributed key generator Any system that still requires a trusted entity to hold secrets is by nature not decentralized and suffers from a number of...
View ArticleClik here to view.
Google security researcher says Apple should pay $2.5M to charity for his iOS...
A security researcher employed byGoogle has suggested that Apple should pay almost $2.5M to charity in return for reporting the iOS bugs he has discovered … NordVPN Ian Beer is amember of Google’s...
View ArticleThe 10 Best Practices for Identifying and Mitigating Phishing
Phishing (a form ofsocial engineering) is escalating in both frequency and sophistication; consequently, it is even more challenging to defend against cyber-related attacks. These days, any industry,...
View ArticleThe Trends in Spear Phishing Attacks
As we know it today, Phishing has become one of the most commonly used tactics by the Cyber attacker to garner personal information and data. This primarily involves our physical addresses, E-Mail...
View ArticleClik here to view.
6 Eye-Raising Third-Party Breaches
This year's headlines have featured a number of high-profile exposures caused by third parties working on behalf of major brands. 1 of 7 Image Source: Adobe Stock (the_lightwriter) According to data...
View ArticleBest Practices for the Protection of Information Assets, Part 3
Introduction In the previous two installments of this series, we examined information security management and the implementation and monitoring of security controls. Now, in this third and final part...
View ArticleClik here to view.
A new defensive technique could hold off attackers by making software buggier
Simplified attacker workflow. Attackers find bugs, triage them to determine exploitability, then develop exploits and deploy them to their targets. Credits: Hu, Hu & Dolan-Gavitt. Researchers at...
View ArticleClik here to view.
Are We Seeing SD-WAN Washing?
You may have seen a tweet from me last week referencing a news story that Fortinet was now in the SD-WAN market: Fortinet cites a 7-figure SD-WAN win in their earning call. In other news, @Fortinet...
View ArticleGosec:Go语言源码安全分析工具
gosec是一个Go语言源码安全分析工具,其通过扫描Go AST(抽象语法树)来检查源代码是否存在安全问题。 许可证 根据Apache 2.0版本的License;除非符合许可,否则你将不能使用该文件。你可以 在这里 获取到一个许可证的副本。 安装 $ go get github.com/securego/gosec/cmd/gosec/... 使用...
View ArticleClik here to view.
Black Hat 2018议题解读|穿云拨雾:对特斯拉汽车网关、车身控制模块以及辅助驾驶(Auto ...
背景介绍: OTA(Over-The-Air)是汽车行业智能网联变革的核心能力之一。本次Black Hat USA...
View ArticleSHA256 hashing email addresses for GDPR reasons
This is a followup on the previous post C# Mask email address for GDPR reasons , where userInspector Cluedget pointed out that masking ( replacing characters with * ) an email address in the log file...
View ArticleClik here to view.
全球区块链黑客松8月18日至19日激战硅谷最强战队提前曝光
由节点资本(Node Capital)、本征资本(Eigen Capital)、国际数据工程与数据科学协会(IDEAS)、金色财经(Jinse)联合主办的全球区块链黑客马拉松系列赛事正在北美如火如荼地进行。...
View ArticleWhatsApp, Secure Messaging, Transcript Consistency and Trust in a group chat
posted 47 minutes ago Someone wrote a blogpost about man-in-the-middling WhatsApp . First, there is nothing new in being able to man-in-the-middle your own TLS sessions. Sure the tool is neat, but it...
View Article