NFC支付中继攻击简介
介绍 NFC支付中继攻击是一种利用NFC智能卡或移动支付系统与PoS或终端之间的桥梁实时提取数据的攻击。在这个过程中提取信息和在避免延迟的同时建立连接是最重要的部分。 我已经发布了关于NFC技术的一些介绍: [Intro to Analyze NFC Payment Methods & Contactless...
View ArticleGet Patched If Not Supported
There are plenty of reasons not to upgrade your SQL Servers to a new version. Perhaps you know the system is working and don’t want to disrupt activity. Often we don’t want to take a chance that some...
View ArticleSecurity camera maker Lighthouse shuts down, will refund camera purchases
Home security cameras are a booming business, but it's far from a sure thing. Camera maker Lighthouse has just announced that it's shutting down, so any Lighthouse cameras you may have around the house...
View ArticleExploring container security: Let Google do the patching with new managed...
Editor’s note: This is a continuation of a series of blog posts on container security at Google. As a Google Kubernetes Engine (GKE) user, you already enjoy the choice of several operating system (OS)...
View ArticleThe Dichotomy of the IoT: Huge Business Opportunities, But Even Bigger Cyber...
So, about this Internet of Things, uh, thing. There may be a slight problem. As the world rushes to connect anything and everything to the Internet, the resulting explosion of IoT devices presents one...
View ArticleTrustToken Says It Passed 3 Security Audits With No Bugs Found
Crypto startup TrustToken announced Wednesday that its smart contract has passed three independent security audits conducted by Certik, SlowMist and Zeppelin, with no vulnerabilities found. Moreover,...
View ArticleSecurity operations activities to watch in 2019
If you’ve read my columns over the past few years, you’ve seen a security operations effort I’ve been pushing called security operations and analytics platform architecture (SOAPA). I first conceived...
View ArticleA behind the scenes look at the biggest (and quietest) crypto transfer on record
Coinbase recently moved 5% of all BTC, 8% of all ETH and 25% of all LTC in circulation (among many other assets) in what we believe is the largest crypto migration on record. Our VP of Security is...
View ArticleSecurity Considerations for Container Runtimes
The recording of my talk Security Considerations for Container Runtimes Dan Walsh, Red Hat ( @rhatdan ) Explain/demonstrates using Kubernetes with different security features for your container...
View ArticleDevcon raises $4.5M to beef up adtech security
Adtech cybersecurity company Devcon announced today that it has raised $4.5 million in seed funding. Over the past couple of years, ad fraud has become a bigger concern in the industry , but Devcon...
View ArticleAI security camera maker Lighthouse is shutting down
Lighthouse, the maker of a security camera with some sophisticated artificial intelligence capabilities , is closing its doors, citing a lack of commercial success for its first product. Lighthouse’s...
View ArticleSecurity Updates for Windows 10, December 19, 2018
Microsoft today released a new portion of security updates for supportedwindows 10 versions. RECOMMENDED: Click here to fix Windows errors and optimize system performance The released patches are...
View Article#Meme:别光顾着传表情包,如今这里面也夹了病毒了
网络犯罪越来越有创意。 12 月 14 日,美国一个网络安全博客 TrendMicro 发表了一篇文章说,有罪犯正在使用表情包植入木马程序来入侵人们的电脑。 传播的方法如下:木马传播者通过一个叫 bomber 的 Twitter 账号发布表情包图片。而这个图片中隐藏了 “ /print...
View Article席卷EOS游戏超500万元的黑客攻击,究竟是怎么一回儿事?
编者按:本文来自36氪战略合作区块链媒体“ Odaily星球日报 ”(公众号ID:o-daily, APP下载 ) 12 月 18 日晚间至 19 日凌晨,多个 EOS 头部 DAPP 遭受攻击。EOSMax、ToBet、BigGame 和 BetDice 遭受交易回滚攻击,分别损失 55000 EOS、22000 EOS、14903.18EOS、200000...
View Article海莲花APT团伙针对国内大型投资公司的攻击活动分析
引言 360威胁情报中心在近期对海莲花组织的持续跟踪过程中,发现其最新的攻击活动中使用的初始投放载荷文件和攻击利用技术与过去相比出现了一些新的变化,其近期的攻击目标包括国内某大型投资公司。 本报告对海莲花组织最新的攻击利用技术,攻击载荷,攻击事件的分析和披露,其主要发现如下: 该组织使用多种技术实现初始投放的载荷,并发现其使用的一种未公开的Word文档在野利用技术;...
View ArticleIn 2019, Test Impersonation Attacks
At SECOM , we perform many forms of social engineering attacks, from phishing to vishing and smishing as well as impersonation. All of these attacks are used regularly by actual attackers and should...
View Article随笔-实习求职
故事起源于上个月月末吧,怕挂科无奈去上了节毛概课,同学和之前一个学长聊天,就建议去找实习。由于之前暑期没找到实习的缘故,也蛮想找个实习,就开始抱着试一下的心态投了一波。到现在一共过了三个星期多了,这三个星期几乎没咋学习。最后收了拼多多的安全实习工程师的offer。 经过 总共先后面了几家公司。斗象、深信服、长亭、拼多多。360投了两次貌似没得面试资格。。...
View ArticleHere's what's fixed, improved, and still broken in build 18305
In typical Microsoft fashion, the weekly windows 10 build for Insiders in the Fast Ring is out on a Wednesday, and build 18305 actually included a handful of new additions. These include the new...
View ArticleAI security startup Lighthouse shuts down, offers refunds to customers
Lighthouse, a San Francisco home security startup backed by Andy Rubin’sPlayground Ventures, today announced that it’s ceasing operations and extending refunds to customers who return theirpurchases....
View ArticleWhat is an ‘Insider Threat’ and How Do We Detect Them?
Insider threats are the biggest cyber security issue for companies and big organizations because they can cause the most damage. These types of cyber security threats are also very hard to detect and...
View Article