Clik here to view.
反统方保障药方数据安全 促进医疗行业健康发展
医院可以说是和人类息息相关的场所,头痛脑热、怀孕生子、身体检查都离不开医院。医院也可以说是充满了希望和绝望的地方,在渴望救治的患者眼中是光明与期待的地方,同时医院也承载了太多人的希望,哪怕一点点的失误都可能会给一个家庭带来绝望,医院能够做的就是尽自己最大的努力去救治。但就如世上总是有太阳照不到的地方一样,医疗系统也有着漏洞,当不法分子依靠漏洞牟取利益时,医院应该如何做才能够有效防范不法分子的行为?...
View ArticleClik here to view.
心脏起搏器容易受到黑客攻击的三个原因
美国食品和药物管理局(FDA)最近召回了由Abbott公司生产的大约465,000个心脏起搏器,这些心脏起搏器容易受到黑客攻击,而这种情况也表明了一个持续存在的安全问题。 召回的原因是什么?这些设备可能会被黑客远程入侵,以增加心脏活动量或缩短电池寿命,进而可能危及病人生命。另据报道,很大一部分心脏起搏器可能装在澳大利亚患者身上。...
View ArticleClik here to view.
从pwnable.tw-calc看数组越界造成的任意地址读写
*本文作者:Lkerenl,本文属 CodeSec 原创奖励计划,未经许可禁止转载。 前言 数组越界访问是c程序常见的错误之一,由于c语言并不向Java等语言对数组下标有严格的检查,一旦出现越界,就有可能造成严重的后果。 数组越界访问 看下边一个例子:: #include <stdio.h>#include <stdlib.h>int target =...
View ArticleClik here to view.
从某电商钓鱼事件探索黑客“一站式服务”
深信服EDR安全团队,整理分析了一起某电商钓鱼事件,通过关联信息,发现背后可能存在一个“产业链齐全”的黑客团伙,研究发现其具备“一站式服务”的黑客攻击手段。 黑客攻击手段包括但不限于钓鱼邮件、漏洞利用、挖矿病毒、勒索病毒、无文件攻击、远控木马、键盘记录器、密码破解等,是一次完整而全套的“服务”。...
View ArticleClik here to view.
【缺陷周话】第10期:反射型 XSS
1、反射型 XSS 反射型 XSS 是指应用程序通过 Web 请求获取不可信赖的数据,在未检验数据是否存在恶意代码的情况下,便将其传送给了 Web 用户。反射型 XSS 一般由攻击者构造带有恶意代码参数的 URL,当 URL 地址被打开时,特有的恶意代码参数被 HTML 解析、执行,它的特点是非持久化,必须用户点击带有特定参数的链接才能引起。本文以 JAVA 语言源代码为例,分析 CWE ID...
View ArticleClik here to view.
SSL证书到期时间监控提醒工具+脚本推荐
随着对数据安全的越来越重视和各浏览器尝试的压榨,目前很多网站都已经添加SSL证书来到https时代,随着网站的增多https证书的管理也是要麻烦些,毕竟一些采用SSL证书都是有期限的,长的1年、2年、3年(3年的目前已经没有了),短的如免费的Let's...
View ArticleClik here to view.
Leaderboard Shows Adoption of DMARC Email Security Protocol
A new tool from the Global Cyber Alliance shows where companies and organizations are adopting Domain-based Message Authentication, Reporting & Conformance. Email remains a major threat surface for...
View ArticleClik here to view.
AWS Security Profiles: Chad Woolf, VP of AWS Security
In the weeks leading up to re:Invent , we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that...
View ArticleBlackBerry is buying an AI security firm for $1.4 billion ― here's how it...
This story was delivered to Business Insider IntelligenceIoT Briefing subscribers hours before it appeared on Business Insider. To be the first to know, pleaseclick here. Canadian technology company...
View ArticleThree Old-School Network Security Tips That (Still!) Work for Modern...
The adage “Everything old is new again,” rings true in the cybersecurity industry as much as anywhere else. Some of the best practices from old-school network security still apply to modern virtual...
View ArticleClik here to view.
Finding Threats That Go Undetected
While the volume and consistency in which threat actors hit companies with these attacks varies, it only takes one click on a malicious link to expose the rest of your organization to a security breach...
View ArticleClik here to view.
You Can Now Sign-In to Your Microsoft Account Without a Password
Microsoft has taken a major step towards its goal of eliminating passwords this week. You can now sign-in to your Microsoft account by using windows Hello or a hardware security key instead of your...
View ArticleNew VMware Security Advisory VMSA-2018-0029
On November 20th 2018 VMware released the following new security advisory: VMSA-2018-0029 vSphere Data Protection (VDP) updates address multiple security issues. This documents several critical,...
View ArticleClik here to view.
Accelerating Application Security with Network Insight and External Integrations
UsingVMware NSX, your applications can be seamlessly secured, throughout your entire environment. Whether it be on-prem or in the cloud, NSX has got you covered. The journey to application security...
View ArticleClik here to view.
PR: Lightning Fast Stablecoin USDX Launches Token Sale
This is a paid press release, which contains forward looking statements, and should be treated as advertising or promotional material. Bitcoin.com does not endorse nor support this product/service....
View ArticleYou can now sign into your Microsoft account using hardware-based security keys
Microsoft has been trying to kill off the password as we know it for some time now, and it's finally achieved that goal across its own suite of services - well, sort of. While using a password will...
View ArticleClik here to view.
Phishing Attacks on Modern Android
出处:CCS 2018 作者:Simone Aonzo, Alessio Merlo, Giulio Tavella, Yanick Fratantonio 原文链接: http://www.s3.eurecom.fr/~yanick/publications/2018_ccs_phishing.pdf 文章概述...
View ArticleClik here to view.
Avira Internet Security 2019 boasts triple-faceted protection with new...
Security developer Avira has released Avira Internet Security Suite 2019 , a brand new version of its flagship security tool for windows. Version 2019 brings together all the vendor’s tools under one...
View ArticleClik here to view.
Arlo Security Light review
OUR VERDICT It’s expensive, but this well-designed smart light makes a good first line of defence for any office and the perfect compliment to an Arlo camera setup. FOR Wireless for easy installation...
View ArticleClik here to view.
俄罗斯黑客工具在美国和欧洲的计算机上进行更加隐蔽的攻击
网络安全专家表示,俄罗斯黑客拥有一种新工具,可以在不被察觉的情况下访问敏感计算机。而且他们正在利用它来瞄准美国和欧洲政府实体,以及苏联的前领土。网络安全公司Palo Alto Networks在周二的博客文章中描述了黑客工具,它称之为“Cannon”。...
View Article
