Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Browsing all 12749 articles
Browse latest View live

ColdFusion再爆远程代码执行漏洞 CVE-2018-4939

原文地址: https://nickbloor.co.uk/2018/06/18/another-coldfusion-rce-cve-2018-4939/ 2017年10月,我发布了影响Adobe ColdFusion的Flex集成服务的 Java RMI /反序列化漏洞 的概述和视频PoC。我当时没有发布所有细节和利用代码,因为我还发现了一个对于打过补丁的服务器依然有效的漏洞利用方式。...

View Article



Image may be NSFW.
Clik here to view.

从一道Crypto题目认识z3

前言 最近在看密码学的题目,一直听说过Z3的强大,今天终于体会了一次,于是有了这篇文章记录一下。 题干分析 题目直接给出了密文生成文本: #!/usr/bin/env python3import sympyimport jsonm = sympy.randprime(2**257, 2**258)M = sympy.randprime(2**257, 2**258)a, b, c =...

View Article

Mexicans served with Dark Tequila in spyware spree

The citizens of Mexico are being served with a rather unpalatable form of tequila -- a dark version -- and the name given to a threat group which has been covertly stealing valuable data from its...

View Article

Image may be NSFW.
Clik here to view.

2018年威努特电力工控系统信息安全专题研讨会在成都成功召开

2018年8月17日,威努特电力工控系统信息安全专题研讨会在成都原岛酒店召开。国家信息技术安全研究中心副主任李冰,公安部第一研究所等保测评中心副主任、副研究员李秋香,昆明勘测设计研究院有限公司专家朱昊,四川省电力公司、内蒙古能源发电投资集团等单位专家、领导,以及电力行业生产经营管理部门负责人,共计100余人参加会议。本次会议由威努特公司主办,旨在为电力企业搭建工控安全学习交流平台,推动企业全面提升安...

View Article

Get an open-source security multiplier

An increasing number of organizations and companies (including the federal government ) rely on open-source projects in their security operations architecture, secure development tools, and beyond....

View Article


Superdrug denies data breach

Superdrug has urged to change their passwords after cyber criminals claimed to have stolen personal details of 20,000 customers. The retailer claims it was the target of an extortion attempt and that...

View Article

Image may be NSFW.
Clik here to view.

国内首个恶意号码共享平台上线 政企联合围剿诈骗

8月22日,在2018网络安全生态峰会的通讯网络诈骗分论坛上,中国首个恶意号码共享平台宣布成立。 (图说:8月22日上午,中国信息通信研究院、码号服务推进组、阿里巴巴、中国电信、奇虎360、泰迪熊和电话邦等企业共建的国内首个恶意号码共享平台正式启动。)...

View Article

Image may be NSFW.
Clik here to view.

天融信资深培训讲师贾宝东专访:零基础到百万年薪,漫漫白帽从业路

各位乡亲父老,欢迎准时收看本期 CodeSec公开课讲师有约/说出你的故事/讲师访谈录/非常CodeSec距离/讲师背后的故事 因为制作人忙不过来,节目组决定把这几个节目合并了 好了,所以你们以后只能见到 #CodeSec公开课讲师有约# 本期CodeSec公开课讲师有约,我们为大家请到的是 长相骏雅/才思敏捷/博学多才/见多识广/才高八斗/集智慧与帅气与一身的 贾宝东老师!0

View Article


Image may be NSFW.
Clik here to view.

Review: Dashlane 6 - More Security with More Features for Mobile

Back in 2014, I caught wind of a password manager called Dashlane and I thought I'd give it a try. After downloading and using it for a while, I decided to write a review about Dashlane recommending it...

View Article


Image may be NSFW.
Clik here to view.

PTC发起网络安全倡议,联手客户、合作伙伴和研究人员提高物联网部署之安全性与弹性

为贯彻推进安全稳妥物联网部署中的共同责任,PTC(纳斯达克代码:PTC)今日公布协作风险披露(CVD)计划。新计划旨在支持报告并修复可能影响PTC产品运行环境的安全风险,涉及工业及安全至上的行业。 CVD计划是PTC共同责任模式的重要组成部分,它定义了与客户、合作伙伴及其他行业相关方之间的网络安全协作框架。PTC首席执行官Jim...

View Article

Image may be NSFW.
Clik here to view.

BackYourStack To Provide Open Source With Financial Security

Open Collective has come up with an new initiative that makes it easy for companies to identify the open source projects that they depend on that also need funding and make a financial contribution....

View Article

Image may be NSFW.
Clik here to view.

漏洞预警 | Ghostscript存在多个漏洞 可导致远程代码执行

Ghostscript被发现存在多个安全漏洞 Google Project Zero安全研究员Tavis Ormandy公布了新发现的Ghostscript漏洞的细节信息。Ghostscript是Adobe PostScript和PDF的解释语言,目前广泛应用在各类应用程序中(例如ImageMagick、Evince、GIMP、PDF阅读器等)。 漏洞可导致远程代码执行...

View Article

5 open source tools for container security

As containers become an almost ubiquitous method of packaging and deploying applications, the instances of malware have increased. Securing containers is now a top priority for DevOps engineers....

View Article


What Does GDPR Mean for Intelligent Video?

GDPR allows for increased protection of consumer privacy within the ever-evolving, contextual, technology-driven world. Intelligent video surveillance has a bright future, thanks to increased demand...

View Article

Image may be NSFW.
Clik here to view.

ETSI crypto-based access control standards land

Worried about enterprise security, access control, and GDPR? Relax, the standards bods at European Telecommunications Standards Institute (ETSI) have you covered. Covered, that is, if you implement its...

View Article


个人信息开发与保护要让市场发挥决定作用

8月3日,DCCI互联网数据研究中心联合腾讯社会研究中心,发布了《2018年上半年网络隐私及网络欺诈行为研究报告》,针对安卓与苹果手机APP获取用户隐私的情况,进行了实证的调查研究。调查显示,2017年6月1日《网络安全法》正式实施,带来一个明显变化,2018年上半年安卓端越界获取隐私权限的APP,从上一年同期的25.3%,迅速下降到9.0%。说明有规则与没有规则大不一样。...

View Article

Image may be NSFW.
Clik here to view.

4 Major IT Challenges Healthcare Organizations Are Facing Today

Almost every industry vertical today is leveraging the Internet and making the most of the benefits offered by IT companies. The healthcare sector too has taken massive strides in this aspect....

View Article


God Game今早遭受攻击损失大量ETH 慢雾区人士称平台方未跑路

今早,智能合约平台God Game突发黑客攻击事件,导致大量ETH被盗走,用户质疑平台方跑路。慢雾区安全团队第一时间进行技术跟踪分析,消息人士透露,初步认为不存在平台方跑路的情况。God Game在官网发布公告称,自己也是受害者,很多人质疑God Game跑路了,又开了另外一个网站,但这跟和God...

View Article

Image may be NSFW.
Clik here to view.

Ryuk勒索软件横空出世,或与朝鲜黑客有关?

Ryuk勒索软件与朝鲜的Lazarus集团有联系吗? 该勒索软件最先由安全公司 Check Point发现。从软件上线以来,其背后的操作者已非法获得了价值640万美元的比特币。 Check Point发现这款勒索软件相比之前出现的勒索软件更具有针对性。 “从开发到散布最后到勒索,这款精心设计的勒索软件瞄准的目标往往都是那些能够支付巨额资金的大型企业。” 每次攻击都似乎是为这些企业量身定做的。感染...

View Article

JETenterprises UK Ltd eases GDPR compliance process with MW | Avast Business

The Company Based in Waltham Abbey on the borders of Hertfordshire and London, JETenterprises UK Ltd has been providing IT and managed security services to small and medium-sized enterprises (SMEs)...

View Article
Browsing all 12749 articles
Browse latest View live




Latest Images