继“间谍芯片”后,戏精美媒又黑起了中国黑客
不久前美媒彭博社撰写了一篇震惊了全世界的报道,宣称中国解放军要求一家美国电脑硬件企业的中国工厂悄悄在他们生产的电脑服务器主板上植入一种只有米粒大小的“间谍芯片”,并通过这一“逆天黑科技”成功入侵了美国知名IT企业苹果和亚马逊的服务器。 虽然这篇报道随即被美、英、德国政府以及苹果、亚马逊等多家巨头打脸,但还是赚足了眼球。...
View ArticleCyber criminals abuse US Postal Service Informed Delivery for ID theft
The U.S. Secret Service issued an internal alert to law enforcement partners about identity thieves abusing the U.S. Postal Service’s Informed Delivery , a service that allows you to digitally preview...
View ArticlePost-WannaCry: Only 3% of companies are prepared for new types of cyberattacks
One year ago, my phone lit up with the first text alert about the WannaCry ransomware attack . From the onset, it was clear this attack was major and that it was moving across the world at an...
View ArticleSouthern Cross Cables deploys Ciena GeoMesh Extreme
Southern Cross Cables Network has significantly enhanced the scale, programmability and intelligence of its network by deploying Ciena’s WaveLogic Ai tunable coherent optics and the 6500 T-series...
View Article通证经济下一个时代:Security Token
铅笔道专栏作者 |标准共识 标准共识:区块链和加密货币领域的独立评级机构。标准共识,定义共识标准。 上篇报告(《通证经济下一个时代:Security Token 「中」》)从Security Token相对于传统证券和Utility Token的比较优势为切入点,分析ST存在的风险点和治理优势。本篇报告将对Security Token Offering从发行、交易和治理三个方面进行解析。...
View Article5 recent tactics criminals use to steal your Bitcoin (and other cryptocurrency)
While the cryptocurrency mania that drove Bitcoin’s price to $20,000 may have eased, the threat posed by the most experienced cybercriminals hasn’t disappeared. In fact, prominent information security...
View Article【公益译文】安全意识专题 | 管理桌面安全
阅读: 54 桌面安全可谓是公司网络的第一道防线。通过部署恰当的安全策略,可以阻止恶意软件和病毒在爆发后持续恶化,甚或可以完全避免此类事件发生。公司网络内的桌面安全通常由配置了强制组策略的中央服务器进行管理。当PC 系统登录到网络时,会在域控制器中进行身份认证,并接收启动脚本,这些脚本控制着网络上的计算机行为。这种集中控制简化了大型网络的管理。 文章目录 评估桌面安全 用户分类...
View Article【缺陷周话】第9期:缓冲区下溢
在前续专题中对缓冲区上溢进行了分析( 见第7期 ),本文对缓冲区溢出的另一种情况――缓冲区下溢进行描述。缓冲区上溢专题中介绍的造成缓冲区溢出的原因同样适用于缓冲区下溢,因此在本文中就不再赘述。简单的说,缓冲区下溢是指当填充数据溢出时,溢出部分覆盖的是下级缓冲区。本文主要从缓冲区下溢的危害、在源代码中的表现以及如何修复等方面对该问题进行描述。 2、 缓冲区下溢的危害 缓冲区下溢是 C/C++...
View ArticleTasker to lose SMS and phone call functionality because of Google security...
Google has started taking Android security much more seriously in recent years, removing dangerous permissions and implementing new privacy tools. Seeing Google clobber bad apps is an unabashedly good...
View ArticleThe Weakest Link in Cybersecurity Isn't Human, It’s the Infrastructure
The Weakest Link is Motherboard's third, annual theme week dedicated to the future of hacking and cybersecurity. Follow along here . When someone gets hacked, many people impulsively blame the victim....
View Article网络钓鱼新动向:针对“知识”钓鱼
卡巴最近发布了报告,指出钓鱼行动的新趋势――针对”知识“领域的钓鱼。 当我们谈论网络钓鱼时, 最关心的是假的银行网站、支付系统以及邮件和其他全球流行的服务。然而, 网络犯罪分子的手段远远不止这些。由于研究领域具有潜在价值,很多大学的院系和学生正成为受害者。 在过去的一年里, 卡巴记录到了针对16个国家的131所大学的网络钓鱼攻击。 一半以上 (83 所大学) 位于美国, 其次是英国 (21...
View ArticleReview of the iStorage diskAshur PRO2, a highly secure portable USB drive
Securing data is a difficult job as evidenced by the constant stream of data thefts, either fromserver breaches orstolen laptops. The latter is something iStorage is hoping to help prevent by building...
View Article对称加密与非对称加密是什么?
随着各类网络犯罪的威胁越来越严重,信息安全也越来越复杂。网络安全专家继续加强通信安全,没有留下让任何犯罪分子可以利用的漏洞。其中一种安全的解决方案是对称加密或非对称加密。 非对称加密学使用两个键――公钥和私钥,它们在数学上是相关的,并且在操作中具有特定的作用。用私钥加密的数据只能用公钥解密,反之亦然。不能使用同一密钥加密和解密数据。...
View ArticleAndroid安全审核(调查未经授权的屏幕截图)
摘要: 当你发现自己误删了一份文件,然后使用恢复软件试图恢复文件,结果却从恢复的文件里发现了大量敏感的屏幕截图,包括你使用加密应用的截图,你的比特币钱包截图,这些图显然不是你截下的,那么究竟是谁做的呢?你可能感到很震惊,难道你被偷偷安装了间谍软件?仔......
View ArticleIT threat evolution Q3 2018
Targeted attacks and malware campaigns Lazarus targets cryptocurrency exchange Lazarus is a well-established threat actor that has conducted cyber-espionage and cybersabotage campaigns since at least...
View Articlethreed - drawing a cube in ggplot2
Introduction This post explores how to plot a cube in ggplot2 using the threed library. ggplot2 doesn’t include any notion of a 3rd spatial axis, so instead, after manipulating a 3d object, we use...
View ArticleMicrosoft: The future of security is AI
WithAI becoming an increasingly common presence in many areas of work and business, it’s perhaps unsurprising that the security industry is also getting on board. Both AI and Machine Learning...
View ArticleIoT Security Firm ForeScout Buys SecurityMatters for OT Push
Add to favorites “Now as a single company, we will be able to accelerate our momentum and create the industry’s first capability to truly segment IT and OT environments.” Operational technology (OT)...
View ArticleSome millennial and Gen Z couples are giving each other fingerprint access to...
In the age of biometric security, some young couples are displaying a new form of trust. Millennial and Gen Z are choosing to grant phone access via fingerprint to their significant other, which some...
View ArticleThe Silence of the Lambs: Inspecting binaries with Jenkins
Security is an overloaded term with varying meaning in different contexts. For this contribution, I consider security as the sum of rules regarding vulnerabilities (Common Vulnerability and Exposure,...
View Article