女黑客SandboxEscaper第三次在Twitter披露未修复的Windows 0day
这是女黑客 SandboxEscaper 在四个月来第三次发布存在于微软 windows 中的 0day 漏洞,并且还提供了可读取未授权位置的利用代码。 她发布了影响 ReadFile.exe 的一个安全漏洞,如该文件的名称所示,可允许攻击者从特定位置读取数据。 PoC 利用代码证实有效...
View ArticleWhistleblowing app Blind admits security lapse exposed messaging data
ByRoger Fingas Friday, December 21, 2018, 06:22 am PT (09:22 am ET) Blind, an anonymous whistleblowing app said to have users at Apple and other large tech corporations, has acknowledged that it...
View ArticleXSS worm A creative use of web application vulnerability
In my free time, I like to do some bug bounty hunting. For some reasons, I’ve been doing this almost exclusively for Swisscom. One of the reason is that the scope is very broad and I like to have this...
View ArticleWhy Questioning is Pivotal to Successful Career in Web Security?
Questioning is pivotal to success in web security and you need to ask the WHY question almost every time (why did this work and why did this not work) and answer them yourself. As you start practicing...
View ArticleWeek 20: Quietly releasing 0.3
Protecting liberty by simplifying security Recap : We’re building Fluidkeys, to help you easily send end-to-end encrypted secrets using PGP. Using Fluidkeys reduces the impact of third-party data...
View ArticleIntroducing Dexter
Prioritizing security is not just a part of Coinbase’s culture, it’s necessary to our success. Traditional financial institutions have always required a high level of security to protect their...
View ArticleOVERRULED: Containing a Potentially Destructive Adversary
Introduction FireEye assesses APT33 may be behind a series of intrusions and attempted intrusions within the engineering industry. Public reporting indicates this activity may be related to recent...
View Article从0开始你的域渗透之旅
从0开始你的域渗透之旅 0x01 前言 ps:我们四个两个月前挖的坑,现在都还没填上。 不多BB,这个Book主要是介绍了域的搭建,有小型环境,大型环境,还有域渗透常用的工具,里面提到的都是常用的,emmm,我们会尽量去完善,业余时间比较紧张。 0x02 章节 Start 搭建实验环境 凭证窃取 探测域环境 攻击 提权 bypass AV 密码破解 C2维持 other...
View ArticleVRO code to apply a NSX security tag
I recently created an environment that had a VRA XaaS to apply a security tag to individual virtual machines. I wanted to share the code I wrote to speed up your adoption. In this case we have a...
View ArticleTruehost Cloud offers free SSL Certificates this festive season to nab in...
Tech Truehost Cloud Limited, a premier cloud computing company with operations in Kenya and Nigeria has started offering free SSL certificates to all users across the globe. This was revealed by the...
View ArticleEOS再次受黑客攻击,准备要硬分叉,出现两个EOS?
据IMEOS报道,ToBet 12月19日凌晨2点遭到黑客恶意攻击,损失22000个EOS。 BetDice损失20万EOS,EOS...
View Article陆宝华:建立科学的网络安全人才评价体系
网络安全离不开人才的支撑,网络对抗说到底也是人才的对抗。如何培养网络安全人才,对人才的评价是至关重要的,建立一个合理的人才评价体系,对于培养网络安全人才的重要性是不言而喻的。从人才评价体系的必要性、重要性及科学性等方面阐述了自己的观点:指出了网络安全需要一个建立数学基础上的完备的理论体系;需要对人才进行分类、分级。并给出了人才评价的标准和方法的思路。还提出一些新的观点:安全是没有受到威胁的状态。...
View ArticleAutomated Cyber Attacks Are the Next Big Threat. Ever Hear of 'Review Bombing'?
Opinions expressed by Entrepreneur contributors are their own. If you think hacks are bad now, just wait a few more years-- because "the machines" are coming. Related:3 Ways To Protect Your Company's...
View ArticleImplementing Security Groups in OpenStack using OVN Port Groups
Some time back, when looking at the performance of OpenStack using OVN as the networking backend, we noticed that it didn't scale really well and it turned out that the major culprit was the way we...
View ArticleMake CI/CD Fast and Secure
Twain Taylor Twain is a guest blogger for Twistlock and a Fixate IO Contributor. He began his career at Google, where, among other things, he was involved in technical support for the AdWords team. His...
View ArticleHow I accidentally found a clickjacking “feature” in Facebook
I would’ve never thought that one of my first blog posts will be about looking for bugs in Facebook. I don’t consider myself a bounty hunter, and had never actively looked for bugs. I focus mostly on...
View ArticleFBI warns industry that hackers could probe vulnerable connections in...
Written by Dec 21, 2018 | CYBERSCOOP A port for communicating with control systems in buildings leaves unpatched devices on those networks exposed to hackers, the FBI warned the private sector this...
View Article2019年最好的Android安全软件清单
我们都知道Android的安全生态环境比iOS要糟糕得多,尤其是在中国市场,由于Google Play缺席,本土应用分发市场的野蛮生长,安全审查缺乏标准,以及各种黑产利益的驱使,Android原生系统补丁更新不及时,甚至手机厂商和渠道新机预装全家桶,导致中国成为全球Android恶意软件的重灾区。...
View ArticleBest Home Security Systems of 2019
U.S. News & World Report published its first 360 review of home security systems. The review compares both professionally installed and DIY systems, including Vivint Smart Home, ADT, Xfinity Home,...
View ArticleBubble Packed Chart with R using packcircles package
Tableau has chart type called “ Packed Bubble Chart ”, while I haven’t really utilized packed bubble chart much, I always thought they are fun and beautiful. I wanted to try creating same chart using...
View Article
More Pages to Explore .....