Clik here to view.
Shellcode: Encrypting traffic
Introduction This will be a quick post on using encryption in a Position Independent Code (PIC) that communicates over TCP. I’ll be using the synchronous shells for linux as examples, so just to recap,...
View ArticleThe Increasing Threat of Banking Trojans and Cryptojacking
Blockchain is one of the hottest and potentially among the most disruptive technologies today. So naturally, it’s a magnet for the criminal element, which is skilled at keeping up with new digital...
View ArticleIncentivai launches to simulate how hackers break blockchains
Cryptocurrency projects can crash and burn if developers don’t predict how humans will abuse their blockchains. Once a decentralized digital economy is released into the wild and the coins start to...
View ArticlePromote free speech via Tor, earn a slapdown
[I wrote this a few years ago, but it is still relevant, perhaps even more so now -PD] I ’ ve been a privacy advocate for a long time; back in the mid-90s I ’ d wear my PGP ‘ munition ’ T-shirt while...
View ArticleClik here to view.
Unique Malspam Campaign Uses MS Publisher to Drop a RAT on Banks
A new email campaign includes a Microsoft Office Publisher file with malicious URLs leading to the FlawedAmmyy RAT. A malspam campaign targeting a slew of banks is turning researchers’ heads with its...
View ArticleMultiple methods or a single method (but long)
I'm doing a school project which consists of a client-server game. Java code can be written like demonstrated in example 1 and example 2 : In example 2 , I see the possibility to shorten the...
View ArticleClik here to view.
代码审计Day8 - preg_replace函数之命令执行
大家好,我们是红日安全-代码审计小组。最近我们小组正在做一个php代码审计的项目,供大家学习交流,我们给这个项目起了一个名字叫 PHP-Audit-Labs 。现在大家所看到的系列文章,属于项目 第一阶段 的内容,本阶段的内容题目均来自 PHP SECURITY CALENDAR 2017...
View ArticleClik here to view.
曾经的黑客董方:物联网安全不应该是以负面新闻的形式被人们公众所熟知
【猎云网(微信号:)深圳】4月12日报道(文/苏蓓蓓) 2016 年 10月 ,Mirai僵尸网络发起对美国互联网域名解析服务商DYN的攻击,最终导致Twitter、PayPal、亚马逊、华尔街日报等数百个重要网站无法访问。该事件被称作“美国东海岸断网”事件,是近年来较为著名的物联网安全事件。 该事件的不同寻常之处在于:这次 被黑的并不是传统的家用电脑,而是网络连接设备 (网络摄像头, 智能...
View ArticleClik here to view.
顶象端安全四大核心产品“加量不加价”大促销
在汽车业,“加量不加价”表示价格不变,配置高一档。 在通讯业,“加量不加价”表示价格不变,话费流量疯狂送。 在餐饮业,“加量不加价”表示价格不变,食材多一倍。 在安全业,“加量不加价”表示价格不变,享受到的产品和服务好又多。 即日起至10月31日,选择Android App加固、iOS...
View ArticleClik here to view.
4大原因让黑客频频攻击数字货币,第一点很认同
随着数字货币的迅猛发展,数字货币市值总额占全球经济的比重也在逐年增长。越来越多的人开始重视数字货币,想在数字货币里面赚到钱。有经验的人通过社群传授投资技巧、交易所买卖数字货币赚差价(俗称“搬砖”)等方式。 还有另外一群人凭着自己高超的技术、洗劫各大交易所,把数字货币行业搅得昏天暗地,让人闻风丧胆。 对,就是黑客。 今天看到一则新闻,让我惊呆了!...
View ArticleClik here to view.
工业互联网安全精英邀请赛成功举办
6月29日,首届工业互联网安全精英邀请赛在北京展览馆成功举办。此次邀请赛是2018年第二十二届中国国际软件博览会重要活动之一,由国家工业信息安全发展研究中心主办、工业信息安全产业发展联盟承办。...
View ArticleClik here to view.
新型勒索软件KeyPass来袭:可远程遥控受害终端下达指令
来自卡巴斯基实验室的Orkhan Mamedov和Fedor Sinitsyn发文称,在过去的几天里,他们一直在检测一种新的恶意软件――KeyPass勒索软件。安全社区的其他人也已经注意到,这种勒索软件在8月份开始积极地传播: 来自MalwareHunterTeam的预警 传播模式 根据卡巴斯基实验室所掌握的信息,该勒索软件目前正通过伪装成虚假的安装应用程序进行传播。 描述...
View ArticleClik here to view.
企业安全团队中的“灰帽子”
灰帽子行为有时候不过是释放压力的一种形式,不用过于大惊小怪难以容忍。 网络犯罪所造成的损失通常以直接开销计:修复费用、取证支持、律师费、合规罚款等等。但Malwarebytes委托奥斯特曼研究所所做的最新调查采取了略微不同的方法,审查的是与网络犯罪活动相关的管理性开销。 该研究于今年5月到6月间进行,调查了 5 个国家 900...
View ArticleTesla open sources its security software, Hollywood goes open source, and...
In this edition of our open source news roundup, we take a look at Tesla open sourcing its security software, Hollywood's new open source foundation, Creative Commons' $800K investment, and more. Tesla...
View ArticleTelling the truth about defects in technology should never, ever, ever be...
Congress has never made a law saying, “Corporations should get to decide who gets to publish truthful information about defects in their products,”― and the First Amendment wouldn’t allow such a law ―...
View ArticleCan Security Tokens Save Crypto From the Bear Market Blues?
"Security tokens will save crypto." That's what Trevor Koverko, CEO of the crypto projectPolymath, told CoinDesk at a blockchain technology festival in Toronto this week. There, tokenized dividends...
View ArticleClik here to view.
'Ethernet Intelligent Contract Specification Issue' Impact Analysis
Author:Knownsec 404 Team Chinese version: https://paper.seebug.org/663/ 1. Brief Introduction The 'Untriggered Transfer Event Issue', 'Untriggered Approval Event Issue', 'Fake Recharge Vulnerability'...
View ArticleClik here to view.
The Morning After: Your weekend edition
Need a new big phone? Samsung continues its nearly spotless history of delivering excellent big-screen phones with the Note 9. It offers powerful performance, a long-lasting battery and a brilliant...
View ArticleSecurity Gaps Found in IPsec
You’ve probably heard of Internet Protocol Security (IPsec) referred to by many as one of the most secure data encryption methods. It’s comprised of several security protocols that send data packets...
View ArticleClik here to view.
Korean Government: 11 out of 21 Crypto Exchanges Complete Security Measures
Security 25 mins ago By Kevin Helms - 546 Korean Government: 11 out of 21 Crypto Exchanges Complete Security Measures The South Korean government has announced the outcome of its inspection of 21...
View Article