Clik here to view.
Java实现RSA加密算法
生成密钥对 首先创建 KeyPairGenerator 类的对象,用于生成公钥和私钥对 // 生成公钥和私钥对,基于RSA算法生成对象 KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA"); 然后初始化密钥对的长度,最低长度512位,并且长度不能低于明文的长度 // 初始化密钥大小为1024位...
View ArticleClik here to view.
看看英国GCHQ的漏洞披露策略
11月30日,英国间谍机构政府通信总部(GCHQ)及其信息安全部门NCSC发布了安全漏洞披露策略,概述了其是如何确定是否将漏洞追捕结果告知厂商的。 NCSC去年向微软披露了 3 个漏洞,包括两个 windows Defender 关键漏洞和一个Edge及IE11浏览器脚本引擎远程代码执行漏洞。...
View ArticleClik here to view.
phpcms网站漏洞修复之远程代码写入缓存漏洞利用
SINE安全公司在对phpcms2008网站代码进行安全检测与审计的时候发现该phpcms存在远程代码写入缓存文件的一个SQL注入漏洞,该phpcms漏洞危害较大,可以导致网站被黑,以及服务器遭受黑客的攻击,关于这次发现的phpcms漏洞细节以及如何利用提权我们来详细剖析。...
View ArticleClik here to view.
对UNNAMED1989勒索病毒的传播及代码的相关分析
12月2日凌晨,360互联网安全中心紧急发布了关于最新勒索病毒UNNAMED1989的传播情况和初步分析结论。2日早晨,我们还公布了解密工具帮助中招用户解密。经过一天时间,360又对该勒索病毒的传播和代码进行了进一步的深入分析。 传播渠道...
View ArticleClik here to view.
无需公网IP就能异地组网?
【PConline 资讯】如今,很多企业步入了异地或移动的新办公时代,员工需要远程访问公司内部系统,以便及时共享文件、访问云盘、调看视频监控等等。如何实现公司总部、分部、门店以及移动办公人员之间的高效互联互通?...
View ArticleClik here to view.
Day 03 little helper multiplot
(This article was first published on r-bloggers STATWORX , and kindly contributed toR-bloggers) We at STATWORX work a lot with R and we often use the same little helper functions within our projects....
View ArticleClik here to view.
万豪数据泄漏门再敲警钟,酒店集团7步安全建议
前言 11月30日,万豪酒店官方发布消息称,多达5亿人次预订喜达屋酒店客人的详细个人信息可能遭到泄露。万豪国际在调查过程中了解到,自2014年起即存在第三方对喜达屋网络未经授权的访问,但公司直到2018年9月才第一次收到警报。...
View ArticleClik here to view.
攻防最前线:挖矿木马KingMiner使用多种逃避技术绕过检测
Crypto-Mining(加密货币挖矿)攻击在2018年不断发展和演变。由于加密货币的价值和普及程度的提高,黑客越来越倾向于利用受害者设备的CPU资源来进行加密货币挖矿操作。网络安全公司Check Point表示,在整个一年中,他们看到了相关报告和攻击数量的大幅增加。尽管最近加密货币的价值趋于平稳,但这种攻击方法和技术仍然在独创性和有效性方面不断改进。...
View ArticleClik here to view.
神秘黑客组织向意大利用户邮件投递SLoad恶意软件
网络安全公司Yoroi在上周披露,在过去的几个月里,他们观察到了一起针对意大利用户的恶意电子邮件活动。目前,尚不清楚这些攻击尝试到底是由一个成熟的网络犯罪团伙在修改其TTP之后发起的,还是由一个全新的网络犯罪团伙发起的。但无论如何,Yoroi公司已经启用了内部代号“Sload-ITA”(TH-163)来追踪这一威胁。此外,在今年5月份,SANS...
View ArticleClik here to view.
Radware:面对不断变化的网络威胁,企业必须强化IT安全机制
多年来,全球的网络安全专家都对以恶意软件形式出现的威胁保持着高度警惕,包括木马、病毒、蠕虫和鱼叉式钓鱼攻击。今年也不例外。2018年发生了相当多的攻击,其中一些攻击中还包括一些新的趋势:凭证窃取成为了主要问题,尽管勒索软件仍是网络威胁领域的主要参与者,但Radware发现,内部威胁有了大幅下降。 这一点对英国和德国尤其适用,这两个国家目前都处在通用数据保护条例(GDPR )...
View ArticleMoonday Morning: North Korean hackers are after your Bitcoin
The first weekend of December has been and gone, so Christmas must be just around the corner. But the blockchain doesn’t care about Christmas, it keeps on going no matter what. Which means, there’s...
View ArticleClik here to view.
万豪2015年曾有机会发现漏洞 黑客在系统中潜伏3年
腾讯科技讯 据外媒报道,万豪称,在最近获悉遭遇大规模数据入侵后,它立即作出了反应。但是,网络安全专家称,该公司其实在三年前就有机会阻止这次大规模入侵事件发生。 上周五,万豪表示,从2014年到今年9月,它旗下的喜达屋酒店的订房数据库就一直遭到黑客访问而没有被察觉。...
View ArticleClik here to view.
Marriott’s Costly Mistake: Letting Compliance Trump Security
Friday’s news of Marriott’s massive breach sent shock waves throughout the cybersecurity industry and consumer sectors alike. Brian Krebs described the “colossal intrusion” and numerous other security...
View ArticleClik here to view.
Analysis of cyberattack on U.S. think tanks, non-profits, public sector by...
Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same...
View ArticleClik here to view.
Analyzing Core i9-9900K Performance with Spectre and Meltdown Hardware...
One of the key aspects of the most recent Intel processor launch, its Core 9 th Generation processors, is that the new design affords some hardware-based protection for a couple of the Spectre and...
View ArticleClik here to view.
Kicking off the Microsoft Graph Security Hackathon
Cybersecurity is one of the hottest sectors in tech with Gartner predicting worldwide information security spending to reach $124 billion by the end of 2019. New startups and security solutions are...
View ArticleRisk-based vulnerability management a better form of cyber defense
Protecting an organization from threats is becoming increasingly difficult, as the number and sophistication of threats continues to increase exponentially. A big issue is finding, prioritizing, and...
View ArticleIntroducing the Virtual Cloud Network Readiness Assessment
Is your network ready for applications, automation, multi-cloud, containers and more? Here’s a truth bomb for you: the network that got us here today is not sufficient for tomorrow. Sorry to be...
View ArticleClik here to view.
Scaling a governance, risk, and compliance program for the cloud, emerging...
Governance, risk, and compliance (GRC) programs are sometimes looked upon as the bureaucracy getting in the way of exciting cybersecurity work. But a good GRC program establishes the foundation for...
View ArticleDecember 2018 Android Security Update Goes Live for Pixel, Nexus Devices
Google just released the December 2018 Android security patch for Pixel and Nexus devices. It appears that we already have both factory image and OTA files ready to be downloaded for those willing to...
View Article