Clik here to view.
Blame^W 'Responsibility'
TL;DR : Guy who knows everyone has weak passwords, tells them it's their fault they get hacked, yet, it's not their fault he has their passwords. - good talk. I spent some of Thursday and Friday trying...
View ArticleStored Procedure for Account Creation / Update / Erase &am ...
I'm new to developing stored procedures so in my attempt I got a bit mind-boggled. I understand basically what they are conceptually, but having issues when implementing. For reference, I'm...
View Article缺网络安全人才怎么办?日本照搬了这两个框架
全球各地的组织机构都在想办法解决合格的网络安全员工的短缺问题,日本选择依靠美国政府发布的两个技术框架来管理自身信息安全人力资源的短缺问题。 日本行业已将目光投向美国的国家标准及技术研究所 (NIST) 网络安全框架和国家网络安全教育计划 (NICE) 人力框架,填充日本企业的网络安全技能差距。 日本电信巨头 NTT 网络安全研发规划部的一名经理 Masato Kimura 表示,NIST...
View ArticleFirms lack responsible exec for cyber security
A lack of cohesion at the top means organisations are struggling to secure most important digital assets, a report reveals. Responsibility for information security is not falling to any one senior...
View ArticleThe Changing Face of Web Application Security
We all understand that security is driven by balancing risk with compliance requirements, and protecting important assets while minimizing the financial cost, but recent developments suggest that a...
View ArticleClik here to view.
Research: The Heart and Soul of DAC
Research is the very heart and soul of the Design Automation Conference (DAC). In fact, one could easily argue that our industry as we know it today would not exist if not for the fundamental research...
View ArticleClik here to view.
5G时代,如何应对万物互联下网络安全挑战
当前,物联网、人工智能、边缘计算等前沿技术的应用落地正推动着社会的进步,数字经济正在经历由“移动互联”到“万物互联”的变革,5G将成为支撑数字经济新时代的基石。在第五届世界互联网大会上,亚信集团董事长田溯宁指出,随着5G网络的场景化落地,以及客户运营向网络边缘迁移,必将带来更加复杂的网络安全风险。 【5G网络安全威胁全景图】 5G应用引入严峻安全挑战...
View ArticleClik here to view.
How my personal Bug Bounty Program turned into a Free Security Audit for the...
HackerOne is currently one of the most popular bug bounty program platforms. While the usual providers of bug bounty programs are companies, w while ago I noted that some people were running bug...
View ArticleChalubo DDoS Botnet Compromises Linux SSH Servers Using Brute-Force Attacks
A newly discovered linux malware has been observed while attacking and infecting an SSH server honeypot with anew Denial of Service (DoS) bot strain dubbed Chalubo and used by the bad actors to perform...
View ArticleClik here to view.
Fixing Threat Models with OWASP Efforts
Why Organizations Should Reboot Their Approach to Threat Modeling Global organizations have been working off of a broken or non-existent threat model. Distracted with compliance, plagued with undefined...
View ArticleClik here to view.
HCTF 2018 WriteUp
刚好过双11,购物节,光棍节。这么多节日一起过,当然是蹲在电脑前,玩玩CTF啊。 跟龙师傅一起玩了一下今年的 HCTF。排名第 20。真的太难了。强队太多了。 比赛平台入口地址: https://hctf.io/ Web - Warmup Description warmup URL http://warmup.2018.hctf.io Base Score 1000.00 Now Score 10...
View ArticleClik here to view.
宝塔漏洞 XSS窃取宝塔面板管理员漏洞高危
宝塔是近几年刚崛起的一款服务器面板,深受各大站长的喜欢,windows2003 windows2008windosws 2012系统,linux centos deepin debian fedora系统都可以使用宝塔的面板来管理服务器,宝塔可以一键部署网站的环境,IIS环境搭建,Nginx环境,php环境搭建,apache...
View ArticleClik here to view.
Office 365团队:针对使用恶意InPage文档的恶意活动分析
概述 近期,我们对一个以特定语言文字的文字处理器为目标的病毒进行了分析,并由此证明,我们不仅要防范大规模恶意软件活动,还要防范小规模和本地化的攻击。该攻击利用了InPage的一个漏洞,这是一种用于乌尔都语、波斯语、普什图语和阿拉伯语等特定语言的文字处理软件。 该恶意活动瞄准的目标75%以上都位于巴基斯坦,然而也包含一些欧洲和美国的国家,目标中包含政府机构。 此前,Palo...
View ArticleClik here to view.
Lazarus如何从ATM中欺骗性提取现金
2018年10月2日,US-CERT、国土安全部、财政部和联邦调查局发出警报。根据这一最新警告是,Hidden Cobra(美国政府对Lazarus的称呼)一直在进行FASTCash攻击,2016年起就开始从亚洲和非洲的银行窃取自动柜员机(ATM)的资金。...
View ArticleClik here to view.
Ring Stick Up Cam Wired (2018) review: Ring finally has an indoor security...
Ring's second-generation home security camera--the Ring Stick Up Cam Wired--can be deployed indoors or out (the first-gen model was strictly an outdoor camera). The company already makes some of our...
View ArticleClik here to view.
How Prague’s Avast went from Soviet-era security project to $4.5 billion IPO
Early on a Thursday morning last May, executives from Prague-based Avast crowded onto a podium in the London Stock Exchange to cheer the start of trading for the cybersecurity company’s stock. They...
View ArticleClik here to view.
A Guide to Launch Your Own Security Token Offering (STO)
" SECURITY TOKEN OFFERING - The legal way to raise funds from accredited investors for your business" Pulsehyip is a fast-growing cryptocurrency & Blockchain Development Company, is pleased to...
View ArticleClik here to view.
Chalubo DDoS僵尸网络使用暴力攻击破坏Linux SSH服务器
在攻击和感染SSH服务器蜜罐时,观察到一种新发现的linux恶意软件,其中一种新的拒绝服务(DoS)僵尸病毒被称为Chalubo,并被坏人用来执行大规模的分布式拒绝服务(DDoS)攻击。 正如 Sophos的Timothy Easton所发现 的那样,Chalubo机器人背后的入侵者使用来自Xor.DDoS和Mirai恶意软件系列的代码,他们在ChaCha流密码的帮助下对机器人进行加密。...
View ArticleClik here to view.
Ruby2.X 远程代码执行漏洞分析之反序列化gadget链
介绍 这篇文章会详细介绍对 ruby 的任意反序列化利用,同时还发布了首个通用型gadget链,用来实现Ruby 2.x的任意命令执行。在接下来的文章里,我会详细说明反序列化的问题以及相关研究,如何发现了可用的gadget链,直到最后成功利用了ruby序列化。 背景 首先, 序列化...
View ArticleClik here to view.
Most advanced XSS detection suite
XSStrike Advanced XSS Detection Suite XSStrike Wiki Usage FAQ For Developers Compatibility Gallery XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an...
View Article
