‘Vaporworms’ among new security threats in coming year: report
The emergence of Vaporworms - a new breed of fileless malware with wormlike properties that allow it to self-propagate through vulnerable systems global Internet disruption and rogue AI chatbots are...
View ArticlePHP sql security
I use mysql_real_escape_string() on my variables, but looking through my logs I noticed a stream of input from someone with entries like this: ${@print(md5(acunetix_wvs_security_test))} 1\" or...
View ArticleClik here to view.
齐向东谈网络安全的三大焦点问题
原标题:齐向东谈网络安全的三大焦点问题 11月16日,360企业安全集团董事长齐向东在2018(第四届)江西省互联网大会作主旨演讲时表示,做好新时期的网络安全工作,要把握好三个焦点,威胁、应对和实践。 360企业安全集团董事长齐向东...
View ArticleClik here to view.
为家庭路由器和联网设备提供安全保护,网络安全创企SAM获1200万美元A轮融资
【猎云网(微信:)】11月16日报道 (编译:小猪配齐) 为企业提供解决方案的安全创企正在面临“消费化”的挑战,IT组织负责处理组织网络内的一系列设备和应用程序的安全。 如今,一家以色列创企SAM正在通过类似的方式为消费者和其家中网络过剩的联网设备服务。SAM所提供的系统由家中或办公室网络路由器管理,用来监测联网设备的可疑行为,近日该公司宣布融资1200万美元。 此次A轮融资由Intel...
View ArticleThreat Actors Are Exploiting IT Networks to Attack Energy, Utilities
Companies within critical infrastructure sectors--including energy and utilities firms, aviation organizations, water systems and nuclear facilities--have been atrisk of cyberattacks for years bothin...
View Article美国国土安全部拟扩大其关键基础设施网络安全培训受众范围
11月7日,美国国土安全部发布RNCC-19-40002号项目信息征集通知(RFI),期望美国相关行业厂商为其提供“建设一个可同时向5000名及以上关键基础设施行业运营者提供网络安全在线课程的视频会议系统”相关的建议。目前美国土安全部已利用Adobe Connect向美国关键基础设施行业、各州及地方政府相关部门提供针对若干网络安全议题的在线培训课程,但该系统无法通常支持500及以上用户同时参加培训。...
View ArticleClik here to view.
利用Drupal漏洞进行传播的挖矿僵尸病毒分析
*本文原创作者:cgf99,本文属于CodeSec原创奖励计划,未经许可禁止转载 一、事件背景 在对服务器进行例行性检查的时候,在一台ngix服务器的日志文件access.log里面发现了一些奇怪的访问记录,如下表所示。备注,这台Ngix 服务器安装windows10企业版操作系统,web服务器是nginx/1.12.2。 来源IP 时间 数据 85.248.227.163...
View ArticleMbed Connect 2018: Summary
I attended Mbed Connect 2018 in San Jose and talked about the role of standards for IoT security. My co-worker Jan Jongboom provided a nice summary in this blog post “It’s a wrap: Mbed Connect US 2018...
View ArticleCloud security: The essential checklist
Cloud security is one of those things that everyone knows they need, but few people understand how to deal with. I The good news is that it’s actually pretty simple, and somewhat similar to security...
View ArticleClik here to view.
Hack for Cash: ATMs Take Just 20 Minutes to Crack
Add to favorites “Sometimes the modem is located outside of the ATM cabinet, so an attacker would not even have to open up the ATM in order to perform modifications” A staggering 85 percent of ATM cash...
View Article网络安全咋保证? 未来智能设备自带“免疫系统”
人民网郑州11月16日电 (徐驰)智能时代来临,网络安全日益引起人们重视。常用网站突然打不开?上网翻到自己身份证号?未来,通过人工智能和网络安全相互赋能或许能解决人们的网络安全忧虑。 15日,河南省第五届互联网大会网络安全分会举行。多位国内专家及互联网公司管理者,对未来的网络安全形势进行了预测,展望了河南网络安全产业发展方向。...
View ArticleClik here to view.
Trail of Bits @ Devcon IV Recap
We wanted to make up for missing the first three Devcons, so we participated in this year’s event through a number of talks, a panel, and two trainings. For those of you who couldn’t join us, we’ve...
View ArticleBitGo Banks on Stablecoins in a Bid to Win Over More Institutions
CoinSpeaker BitGo Banks on Stablecoins in a Bid to Win Over More Institutions Blockchain security firm and cryptocurrency wallet BitGo is expanding its suite of stablecoins custody offerings. The...
View ArticleHow Does Container Security Work?
Container security is quickly growing in popularity, as are containers themselves due to their enhanced integrity options as well as their overall ease of use. At their core, containers make it...
View ArticleClik here to view.
Twiga Foods raises $10M co-led by IFC & TLcom to connect farmers across...
Startups Twiga Foods, a Kenyan-based start-up connecting smallholder farmers in rural areas to informal retail vendors in cities has raised a$10 million investment from IFC, a member of the World Bank...
View ArticlePatching Is Failing as a Security Paradigm
The Weakest Link is Motherboard's third annual theme week dedicated to the future of hacking and cybersecurity.Follow along. Listen to Motherboard’s new hacking podcast, CYBER, here . The following is...
View ArticleClik here to view.
85%的ATM可以通过网络在15分钟内被黑客攻击
由NCR,Diebold Nixdorf和GRGBanking制造并被银行用作自动提款机的绝大多数自动柜员机(ATM)已被证明很容易被潜在的攻击者远程或本地攻击,大多数时间不到15分钟。 根据 Positive Technologies的分析 ,ATM容易受到四类安全问题的影响,包括外围设备和网络安全性不足,系统/设备不正确配置以及应用控制安全漏洞/故障配置。 NCR,Diebold...
View ArticleClik here to view.
ColdFusion最新任意文件上传漏洞的利用活动分析(CVE-2018-15961)
概述 Volexity最近观察到野外存在对Adobe ColdFusion中新修复漏洞的利用,该漏洞目前在网上不存在任何公开细节或概念验证(PoC)代码。在Volexity检测到的攻击中,一个自称是来自中国的APT组织直接上传了“China Chopper...
View ArticleWeek 15: Can you help intro us to infosec people?
Protecting liberty by simplifying security Recap : We're building Fluidkeys to make it easy for teams to implement great security across their organisations. I'm on my own this week, Paul's on his...
View Article
