Clik here to view.
选举网站安全性究竟有多差?11岁的孩子都能黑进去
【猎云网(微信号:)】8月13日报道(编译:福尔摩望) 现在是谈论选举安全的时候了。 上周末在拉斯维加斯举行的一年一度的Def Con黑客大会,讨论了黑客世界中一些最新的、最伟大的(或最恐怖的)趋势,一系列为成人和儿童准备的选举安全黑客演示,提供了一些关于美国投票基础设施的令人恐惧的启示。 对于来自奥斯汀11岁的Emmett来说,攻击佛罗里达州州务卿网站就像SQL注入一样简单。...
View ArticleClik here to view.
台积电为何迟迟不修补机台Windows漏洞?不是不愿意,其实是无能为力
台积电爆发了台湾史上最大的资安事件,一支WannyCry变种病毒瘫痪了全台各地厂区多条生产线,预估营收损失高达52亿元。台积电在事件发生后,一连多次公告来说明事件原因和影响,甚至台积电总裁魏哲家接同多位主管,亲自对外召开说明会。 台积电启动紧急应变作业,不到三天全台所有产线就完全恢复生产,获得不少好评,但从这次中毒事件,也暴露了台积电内部资安防护上的几项风险。...
View ArticleFreeBSD 拒绝服务安全漏洞(CVE-2018-6922)
FreeBSD 拒绝服务安全漏洞(CVE-2018-6922) 发布日期:2018-08-07 更新日期:2018-08-13 受影响系统: FreeBSD FreeBSD < 11.2-RELEASE-p1 FreeBSD FreeBSD < 11.1-RELEASE-p12 FreeBSD FreeBSD < 10.4-RELEASE-p10 描述: CVE(CAN) ID:...
View ArticleClik here to view.
Hackers could use fax machines to take over entire networks, researchers warn
A stockphoto | iStock | Getty Images A man using an all-in-one printer found in most companies. In an age of instant communication over the internet, the fax machine is seen as an archaic piece of...
View ArticleClik here to view.
How We Improved Information Security at Grofers
We, at Grofers always keep security first. We believe that information security is as important as any other part of an enterprise and should be considered the utmost priority. So to strengthen the...
View ArticleClik here to view.
DEF CON 26观感
作者:汪列军@360企业安全集团安全专家,安全内参经授权首发。 Keynote defcon的开场白理所当然的是Jeff Moss的,整个讲话基本是围绕Badge的,解释设计Badge的用意在于加强参会同学们的沟通,还是为了构建和加强Community。接下的主要时间交给了Badge项目的负责人,今年做了2.8万个Badge,讲了设计、制作、装运的过程和其中发生的一系列或困难或有趣的插曲。...
View ArticleClik here to view.
转载 【安全】ERC20 approve函数漏洞
2018年6月18日,有人发现并报道了ERC20标准的approve方法存在巨大安全漏洞,并声称该漏洞会导致所有使用该标准发布的代币存在被向量攻击的风险。 该团队经过市场统计发现,目前已上交易所的数字货币中至少有超过60%的币种,在智能合约中使用了存在该漏洞的代码。 该漏洞作为以太坊标准导致的重大安全隐患,已经被该团队命名为“jaeden”,并且已经提交到cve平台。...
View ArticleClik here to view.
seacms backend getshell
In SeaCMS’s admin platform, just in the page of publishing movies,due to the low limitation of the code injected in the picture’s url,we can execute random code to getshell.though there are some way’s...
View ArticleClik here to view.
绿盟科技互联网安全威胁周报 ――第 201824周
阅读: 8 截止到2018年6月15日,绿盟科技漏洞库已收录总条目达到40102条。本周新增漏洞记录64条,其中高危漏 洞数量63条,中危漏洞数量1条,低危漏洞数量0条。本周焦点漏洞关注Adobe Flash Player远程代码执行漏洞。在Adobe Flash Player 29.0.0.171及更早版本上存在类型混淆漏洞,成功利用后可使攻击者执行任意代 码。 文章目录 一....
View ArticleOpen Banking isn't a one-way street
Open Banking is sometimes positioned as a lever that new entrants can use to take market share away from established players such as the Big Four banks. But it could also be used by incumbents to...
View ArticleClik here to view.
Tripwire Unfurls Container Vulnerability Scanning Service
Tripwire has made generally available a Tripwire for DevOps software-as-a-service (SaaS) offering optimized for containers. Tim Erlin, vice president of product management and strategy for Tripwire,...
View ArticleUK firms concerned about cyber arms race
Only 56% of UK firms believe they have sufficient cyber security skills in-house to deal with threats, a survey has revealed . UK organisations are concerned about their abilities to keep pace with...
View ArticleClik here to view.
甲方视角的安全――记第二届顺丰信息安全峰会
2018年8月8日,由顺丰举办的第二届信息安全峰会在深圳召开,大会聚焦了来自个政府、学术、企业等各行各业的安全从业人员,就如今的安全问题以及安全技术进行了沟通和交流。安全牛记者到现场参加了峰会,发现并总结了峰会有三大亮点。 顺丰集团CTO 幺宝刚-开场致辞 1. 信息安全联盟升级――基于甲方的跨行业信息安全联盟...
View ArticleClik here to view.
IBM’s 2018 data breach study shows why we’re in a Zero Trust world now
Digital businesses that lost less than 1% of their customers due to a data breach incurred a cost of $2.8M, and if 4% or more were lost the cost soared to $6M. U.S. based breaches are the most...
View ArticleThreat Landscape Report: Virtually No Firm is Immune from Severe Exploits
Of the 103,786 vulnerabilities published on the CVE List since it began, 5,898 (5.7%) were exploited in the wild according to research from our recently released Threat Landscape Report . With over...
View ArticleClik here to view.
Multi-Sig Wallet- Extra Security For Bitcoin Exchange Website!
In trendy days, businesses are increasing tremendously and businessman participation for the currency transactions are mostly held through cryptocurrencies. So securing bitcoin transactions with...
View ArticleClik here to view.
预见未来 平台化管控成应用保护市场发展趋势
移动应用的爆发式增长及其在各行各业的普及,因其影响范围之大、影响程度之深使得黑客逐渐聚焦移动应用攻击,移动应用逐渐成为黑客的高价值攻击目标。与此同时,应用保护技术变得越来越普遍,然而移动应用攻击手段和技术的发展却远超企业信息安全防御能力。 避免移动应用程序开发隐患该从哪里着手?...
View ArticleClik here to view.
What is Cybersecurity and Why Should You Care?
Cybersecurity, cyber attacks, firewalls, malware, hacking. Most of these words make you think of Wikileaks and Russian spy movies. As a small business owner, you don’t have anything to worry about,...
View ArticleClik here to view.
Top 7 DevSecOps Tools
Home Blog DevOps Top 7 DevSecOps Tools CNN recently estimated that in the first six months of 2018, the cryptocurrency market lost approximately $731 million to hackers and theft. One of the most...
View Article