Clik here to view.
【安全帮】男子DDoS攻击索尼服务器 面临10年监禁和百万罚款
摘要: 黑莓将以15亿美元收购终端安全公司Cylance多名知情人士透露,黑莓正在洽谈收购网络安全公司Cylance,收购价格可能高达15亿美元。上述知情人士称,该收购协议可能最快将会在下周进行公布,但是他们警告称,谈判也有可能会破裂,此次收购的价格可能高达15亿美元... 黑莓将以15亿美元收购终端安全公司Cylance...
View ArticleClik here to view.
影响Android多个高权限服务的严重漏洞详情披露(CVE-2018-9411)
媒体框架是安卓系统组件中经常被发现安全漏洞的组件,所以每次谷歌发布月度例行更新时经常会有它的身影。Google最近发现的媒体框架的漏洞是远程代码执行漏洞,攻击者可以制作特定的文件利用特权进程执行任意代码。目前Google已将其命名为CVE-2018-9411,危险等级定位危急,并在7月安全更新( 2018-07-01补丁 )中对其进行了修补,包括9月安全更新( 2018-09-01补丁...
View ArticleClik here to view.
“I greet you! I have bad news for you” email scam removal
Online criminals don’t seem to stop coining email extortion scams, the latest one scaring recipients with the “I greet you! I have bad news for you” message. Bitcoin extortion scams circulating via...
View Article2018合肥网络安全大会共商数字化转型网络安全
中新网合肥11月9日电(记者 吴兰)2018合肥网络安全大会于9日在合肥举行,与会嘉宾共商数字化转型过程中网络安全产业的挑战、机遇与转型方向。...
View Article陈勇:运用网络安全法须与新技术发展适应
陈勇:近年来大数据导致的危害个人信息现象呈上升趋势,形式也在不断变化,其危害已引起我们的高度重视与警觉。 同时,我们也相信,随着国家法治建设的推进、个人信息法律保护体系的逐步完善,以及信息安全防护技术的体系化建立实施,这种上升趋势最终将得到有效遏制。 新京报:个人数据遭泄露的事件频频出现,去年实施的《网络安全法》对个人信息保护有诸多规定,在具体实施中起到了怎样的效果?...
View ArticleA Phony Elon Musk Scam, Foreign Malware Samples, and More Security News This...
Did you hear? There was an election this week! Not only does that mean the 2020 campaign has officially started (help!) but also that we saw a ton of misinformation tryingto affect the vote. That...
View ArticleXRP influencer reveals possible plans for additional security on TipBot
Apopular influencer in the XRP community who goes by the Twitter name of Dr. T recently engaged in a social media conversation with another XRP follower, Cerberus. The latter posted a question about...
View ArticleDisgruntled Security Researcher Publishes Major VirtualBox 0-Day Exploit
"A Russian security researcher has published details about a zero-day vulnerability affecting VirtualBox, an Oracle software application for running virtual machines," reports ZDNet. According to a...
View ArticleClik here to view.
What can Enterprises do to protect against BGP Hijacks?
(Last Updated On: November 10, 2018) Yes, you can minimize the risk to BGP Hijacks. All enterprises around the world need to have a conversation around BGP Hijacks. We see security news around malware,...
View ArticleClik here to view.
Osiris Hunting for Integer Bugs in Ethereum Smart Contracts
发表会议:ACSAC’18 作者:Christof Ferreira Torres, Julian Schütte, Radu State 单位:SnT University of Luxembourg, Fraunhofer AISEC 论文链接: https://orbilu.uni.lu/bitstream/10993/36757/1/osiris.pdf 摘要...
View ArticleShould you use www or not in your domain? (2017)
Some historical background Even though people often use the terms “domain name” and “host name” interchangeably, there is a difference, and it’s not just about semantics. I will simplify this...
View Articleproject zero talk note
任务:让0day更难 工作: 漏洞研究 exploit开发 缓解设计和审查 0x02 Project Zero如何找bug 1.我应该从哪儿找? 优先级。 攻击者会在哪里看?重视单个研究人员的经验+专业知识 找到新的攻击面,或迭代已知的攻击面。 2.我应该怎么找? 也就是怎么找到一个切入角度 选择处理不可信数据的输入点并找到其bugs。 选择一个bug类来查找实例。...
View ArticleWeek in review: VirtualBox 0day, GPU side channel attacks, vulnerable...
Here’s an overview of some of last week’s most interesting news and articles: Five key considerations when developing a Security Operations Center Organizations should start with the following five key...
View ArticleClik here to view.
访谈|专注安全检测智能化的四维创智
在信息安全行业不断细分的今天,安全检测仍然不乏运维成本高、技术门槛高、工作量庞大等问题。如何在安全检测中降低难度,提高效率,实现安全检测的智能化、模块化、自动化和流程化等技术,将成为安全体系升级的系统创新和优化的关键节点。安全牛近期采访了一家专注安全检测智能化的安全公司,四维创智。 个人简介:...
View ArticleConfiguring Port Security on D-Link Switches
In this article I will give an example of setting up port security on D-Link switches. With Port Security, the ports on D-Link switches can limit the number of devices allowed to connect to the...
View ArticleBook review: Bruce Schneier's Click Here to Kill Everybody
World-renowned security technologist Bruce Schneier may not have intended it, but he has provided the answer to those who are demanding that industry provide governments with a means to break...
View ArticleClik here to view.
Another year of hosting an onion site
The highly anticipated continuation of last year’s riveting tale offear and loathing on the dark web. I hereby offer a full disclosure of attack patterns observed against my onion and my WordPress...
View ArticleClik here to view.
卡巴斯基 - 2018年Q3垃圾邮件与网络钓鱼报告
一、季度亮点 1.1 垃圾邮件中的个人数据 我们常说,个人数据就是诈骗犯的棒棒糖,每个人都应该保证个人数据的安全(就是说,千万不要在可疑网站上提交个人数据)。如果犯罪分子得到了你的数据,他们就会用来访问你的个人账户,还会发起针对性攻击和勒索软件攻击。 在第三季度,我们在垃圾邮件中发现了大量的诈骗邮件。我们曾在今年初 报告...
View Article
