AWS Security Hub - An Overview
AWS Security Hub was announced in Andy Jassy's re:Invent 2018 Keynote(46:23) and pitched as "a place to centrally manage security and compliance across your whole AWS environment (applause)" and then...
View ArticlePortal for ArcGIS Critical Security Patch Elevation of Privilege Vulnerabilit...
A critical vulnerability in the Portal for ArcGIS component of ArcGIS Enterprise has been discovered, where an ordinary authenticated user can elevate themselves to be administrators of the portal once...
View ArticleSingle Sign On via Consensus
The Infrastructure Team at Coinbase has the goal of enabling any engineer in the company to quickly and securely access and deploy complex infrastructure. This effort started with our secure...
View ArticleEmail security threats that can ruin your company's holiday season
Most people understand that retail becomes a target for cybercriminals during the holidays. But even businesses not related to the retail sector will often find the holidays their most vulnerable time...
View ArticleUsing one of the worst passwords of 2018 is a great way to get hacked
No matter how much we read about hacks and data breaches and the importance of taking solid security precautions, one of the unchangeable truths of the world is that people on average are absolutely...
View ArticleMojave's Sandbox is Leaky
[0day] Mojave's Sandbox is Leaky sidestepping a poorly implemented protection, has significant privacy implications! November 29, 2018 Our research, tools, and writing, are supported by “Friends of...
View Article新一代杀毒策略 “组合拳”打败网络“高级黑”
原标题:新一代杀毒策略 “组合拳”打败网络“高级黑” 美国FBI(联邦调查局)一位高管曾说:世界上只有两种企业,一种是知道自己已被黑客APT入侵的;另一种是还浑然未知的。 APT指高级持续性威胁(Advanced Persistent...
View ArticleDrivers Licenses are Going Digital in Louisiana
Finland announced plans for a digital drivers license this year, and several U.S. States are running similar pilot programs of their own. So far, digital drivers license systems have been fairly...
View Article伊朗钓鱼攻击者被发现能绕过二步认证
安全公司 Certfa 研究人员 报告 ,伊朗黑客最近针对美国政府官员、活动人士和记者的钓鱼攻击使用了能绕过二步认证的技术。这一事件凸显了基于短信的二步认证的风险。攻击者首先向目标发送钓鱼邮件,邮件嵌入了隐藏的图像,能在目标查看邮件时实时提醒攻击者。当目标在假的 Gmail 或 Yahoo Mail...
View Article是时候采用新的网络风险管理模式了
激增的网络攻击面,庞大的漏洞量,复杂的威胁场景以及新的业务需求等诸多因素,都在呼吁新的网络风险管理模型的出现和运用。 当前所使用的网络风险管理模式显然已经无法适应时代的发展需求。虽然网络风险管理对于企业高管而言比以往任何时候都更为重要,但是鉴于不断激增的攻击面,庞大的漏洞量以及复杂的威胁场景等因素,对于CISO和网络安全团队而言,想要有效地实现网络风险管理却变得更为困难。...
View ArticleHSO:人力安全官
需求:负责识别和缓解特别针对内部员工的攻击方法及漏洞的安全主管。 很明显,终端用户是大多数重大攻击的主要攻击途径。无论是用网络钓鱼、传统社会工程,还是通过物理入侵,高级攻击者很清楚从用户下手远比探测技术漏洞更容易找到进入公司的有效入口点。同样重要的是,善意用户造成的伤害总的说来比恶意用户造成的伤害还大。因此,需通过意识培训来让用户更能灵活应变,更具恢复力。...
View Article相约FIT 2020,我们不见不散 | FIT 2019收官日主论坛全记录
FIT 2019大会会期为2018年12月12日-13日,今日已圆满落下帷幕。昨天的大会主论坛议程聚焦「全球高峰会」、「WitAwards颁奖盛典」、「X-TECH技术派对」、「HACK DEMO」四大版块内容,同时「中国首席信息安全官高峰论坛」、「漏洞马拉松线下邀请赛」也在特色分会场同期举行。回顾首日盛况,请看: 安全圈年终大趴,FIT 2019首日盛况全程回顾 今天的大会主论坛包含「...
View ArticleBinance Hackathon to address security concerns in crypto
The inaugural Binance SAFU Hackathon will bring blockchain developer teams from around the world to build a safer environment for users to exchange cryptocurrencies Winning teams stand to win...
View ArticleInformation Security Monthly Newsletter Dec 2018
The newsletter consists of high-level executive summary of most of the important news, articles, data breaches and Microsoft patches details that have been published on information security. Each news...
View Article网络安全事件 今年同比减少30%
南都讯 记者王靖豪 近日,珠海市公安局网络警察支队公布了2018年“成绩单”,网络安全案(事)件同比减少30%以上。今年以来,网警支队采取“现场宣讲+传统媒体+新媒体”的立体宣传模式,充分利用报刊、电台、电视台、手机短信,以及网站、微信公众号等新媒体,有效提高了珠海网络安全防范意识和技术水平。...
View ArticleDevOps Chat: Container Security and Aqua 3.5 with Rani Osnat and Andy Feit
In just a little more than three years Aqua Security has set its mark in the container security space. With its major new release of Aqua 3.5, the company has again raised the bar with serverless and...
View ArticleGenerating a key in PHP for AES 256
Key Generation Security for AES Encryption I found this following code while researching about AES encryption on the internet. In this code I found that the key and the iv are generated using hash...
View ArticleSamsung Patches CSRF Issues That Could Allow Hackers to Take Over User Accounts
A series of cross-site request forgery (CSRF) bugs found by security researcher Artem Moskowsky inSamsung’s website could allow potential attackers to take over user accounts completely. Moskowsky told...
View ArticleHTTPS 性能优化学习笔记
编辑推荐: 本文来自于codeceo,本文详细介绍了TLS中可被配置的算法,会话恢复以及OCSP(在线证书状态协议) 等相关知识。 最近在学习https性能优化,虽然网上已经有许多的关于https性能优化的文章了,但还是想写下这篇文章,作为学习总结=^_^=,文中对于一些概念性或实现细节上的东西并不会展开,但会给出相应的引用,有些图片也来自网上资源。 章节规划: 认识SSL/TLS 算法选择...
View ArticleSentinelOne’s Autonomous EDR Cuts Through the MITRE ATT&CK Noise
Demystifying MITRE’s ATT&CK Evaluation Imagine if each alert you received was actually usable and could tell a complete, linked, relevant story that’s exactly what SentinelOne did in the MITRE...
View Article