Maybe we have the cybersecurity we deserve
Three-hundred and twenty-seven million Marriott user accounts compromised. 100 million at Quora. 148 million from Equifax. Those all pale in comparison to the 3 billion user accounts compromised from...
View ArticleClik here to view.
HCC Embedded Achieves ISO 27001 Certification
HCC takes proactive step to mitigate risk and manage information security BUDAPEST, Hungary (BUSINESS WIRE) lt;a href=”https://twitter.com/hashtag/AdvancedEncryptionModule?src=hash”...
View ArticleClik here to view.
Most home routers lack simple Linux OS hardening security
More disconcerting news for router owners a new assessment of 28 popular models for home users failed to find a single one with firmware that had fully enabled underlying security hardening features...
View ArticleClik here to view.
Examining the Tweeting Patterns of Prominent Crossfit Gyms
A. Introduction The growth of Crossfit has been one of the biggest developments in the fitnessindustry over the past decade. Promoted as both a physical exercise philosophy and also as a competitive...
View ArticleClik here to view.
SoK: Security Evaluation of Home-Based IoT Deployments
出处: S&P’19 作者: Omar Alrawi、Chaz Lever、Manos Antonakakis、Fabian Monrose 单位: Georgia Institute of Technology 原文: https://www.computer.org/csdl/proceedings/sp/2019/6660/00/666000a208.pdf 介绍...
View ArticleClik here to view.
The View from KubeCon+CloudNativeCon Seattle
Containers and Kubernetes Become Enterprise Ready In case there was any doubt about the direction containers and Kubernetes are going, KubeCon+CloudNativeCon 2018 in Seattle should have dispelled...
View ArticleA Post-Compliant World? Part 2
Introduction Do we still have infosec compliance? Is the concept of upholding data and computer security outmoded? I showed in my previous piece how early attempts at compliance were based on...
View ArticleClik here to view.
Coincheck 获日金融厅批准消息遭“打脸”,黑客案后的交易所还能翻身吗?
这个四面楚歌的交易所会赢得 FSA 的信任吗? 本周三,英文商业期刊《日经亚洲评论》发表文章,声称日本 Coincheck 公司将于本月获得该国金融监管机构的批准,成为一家获得交易许可的加密货币交易所。 文章称,日本金融厅(FSA)认定,Coincheck 有资格获得在日本经营加密货币交易所的许可证,因为继今年 4 月,在线经纪公司 Monex Group 收购 Coincheck...
View ArticleClik here to view.
Cylance Adds Playbook-Driven Response to EDR Solution
Automated Processes and Procedures Ensure Consistent Incident Response Across the Enterprise IRVINE, Calif. (BUSINESS WIRE) Cylance Inc. , the leading provider of AI-driven, prevention-first security...
View ArticleDigital Risk Management: A Working Definition
Introduction We all live in a rapidly digitizing world the computing power of your phone in your pocket exceeds the world’s supercomputers just a few decades ago. We have all seen the exponential...
View ArticleClik here to view.
2018 Bug Bounty Year in Review
With 2018 coming to a close, we thought it a good opportunity to once again reflect on our Bug Bounty program. At Shopify, our bounty program complements our security strategy and allows us to...
View Article$10,000 research fellowships for underrepresented talent
The Trail of Bits SummerCon Fellowship program is now accepting applications from emerging security researchers with excellent project ideas. Fellows will explore their research topics with our...
View ArticleClik here to view.
Elasticsearch 核心插件Kibana 本地文件包含漏洞分析(CVE-2018-17246)
作者:Ivan1ee@360云影实验室 不久前Elasticsearch发布了最新安全公告, Elasticsearch Kibana 6.4.3之前版本和5.6.13之前版本中的Console插件存在严重的本地文件包含漏洞可导致拒绝服务攻击、任意文件读取攻击、配合第三方应用反弹SHELL攻击,下文笔者对其漏洞背景、攻击原理和行为进行分析和复现。 0X01 影响范围 Elasticsearch...
View ArticleClik here to view.
10种防止网络攻击的方法
随着威胁形势的不断发展,建立全面的网络安全解决方案需要外围安全性和主动的网内防御 。随着网络攻击的范围,规模和频率不断增加,网络卫生正变得越来越重要。 与个人卫生相似,网络卫生是指旨在帮助维护系统整体健康小型实践和习惯。通过养成良好的网络卫生习惯,您可以减少整体漏洞,使自己不易受到许多最常见的网络安全威胁的影响。...
View ArticleClik here to view.
对CVE-2018-8587(Microsoft Outlook)漏洞的深入分析
事件经过 前一段时间,Fortinet的FortiGuard实验室研究员Yonghui Han按照FortiGuard Labs的漏洞披露规则,向微软报告了Office Outlook中存在的一个堆溢出漏洞。12月11日微软宣布该漏洞已被修补,并发布了漏洞通告,该漏洞的CVE编号为CVE-2018-8587 Microsoft Outlook是Microsoft...
View ArticleClik here to view.
Smart Greybox Fuzzing:一种功能更强效率更高的Fuzzer模型
前言 近期,有一群研究人员设计出了一种智能灰盒模糊测试模型,他们声称这种Fuzzer模型在搜寻代码库(解析复杂文件)漏洞方面跟现有Fuzzer相比,新模型的漏洞挖掘效率会更高。 简介 模糊测试...
View ArticleMD5 should not be used in forensics (or anywhere else)
A few days ago, I drafted (but had not yet published) a post about using MD5 for validating or authenticating evidence in digital forensics. MD5 has had security problems for twenty years, but it's...
View ArticleClik here to view.
MSP Perspective: JumpCloud or Jamf?
As end users start to leverage a wide range of platforms―Mac , windows , and linux ―MSPs are looking for the best ways to manage those platforms and the users on them. User and system management for...
View ArticleClik here to view.
Airspace Launches Galaxy Drone Security Solution
Former McAfee, FireEye CEO David DeWalt Joins Airspace Board of Directors; Former FAA Administrator Michael Huerta Joins as Board Advisor SAN FRANCISCO (BUSINESS WIRE) Airspace Systems today introduced...
View ArticleClik here to view.
Thin Protocols, Lack of Network Effects and A Theory of Value for Security...
Thin Protocols, Lack of Network Effects and A Theory of Value for SecurityTokens Jesus Rodriguez Understanding how value is created and accumulated in a technology market is the most effective, and...
View Article
