3 Reasons Why You Should Manage Your Third-Party Security Better in 2019
If you are worried about managing your third parties, you are not alone. Gartner reports that nearly 70% of chief audit executives reported third-party risk as one of their top concerns, but many...
View ArticleTrain for the fight against cybercrime at SANS London 2019
PromoAs new and ever more inventive threats keep crowding over the IT horizon, the security professional is under constant pressure to stay ahead of the cybercriminals. Prepare to meet whatever the...
View Article2018年终总结
2018我觉得对我自己来说是需要总结的一年,所以稍微写一丢丢总结吧。 0x02 历程 其实早在2017年毕业时候就想着离开福建出去看看,但是由于一些其他原因就一直拖到了2018年过年前面试完360企业安全,决定跳开当前的舒适圈工作环境,试试新的开始。第一份工作每天重复性做着没有差别的工作,有一点疲倦和技能瓶颈了。...
View ArticleChromebooks to become a little safer from hackers with 'USB Guard' feature
Leaving your Chromebook unattended in a public place will get a little less dangerous soon. A new Chrome OS feature, noticed recently by ZDNet , will block access to the USB port while the Chromebook's...
View Article25 Years Later: Looking Back at the First Great (Cyber) Bank Heist
The Citibank hack in 1994 marked a turning point for banking -- and cybercrime -- as we know it. What can we learn from looking back at the past 25 years? The banking industry was at a crossroads 25...
View ArticleClik here to view.
Ring security lights all but confirmed by FCC filing
A pair of outdoor security lights from Ring have leaked via two FCC filings . The documents, which were first spotted by Dave Zatz , indicate that Ring is preparing to launch two new outdoor lights ―...
View ArticleClik here to view.
Open Source Security Tools and Threat Hunting: The 10 Most Read Bricata Posts...
Every week we publish a blog post where we dive into a topic or study around network security. In 2018, we even produced original research Amid AI and Machine Learning, the Human Touch Remains Crucial...
View ArticleClik here to view.
USB-C Is Going to Get A Lot More Secure
As more devices move to USB-C for charging and data needs, it’s also becoming more clear that the tech needs improved security. Today, the USB Implementers Forum is announcing one such change with USB...
View ArticleClik here to view.
Sitecore Commerce security hardening note
Let’s start the New Year off with a fun Sitecore Commerce note. Using the latest Sitecore Commerce available today, that is running Sitecore 9.0 update-2 with Sitecore Commerce update-3 (you have to...
View ArticleClik here to view.
Cobalt Strike 3.13 Why do we argue?
Cobalt Strike 3.13 is now available. This release adds a TCP Beacon, process argument spoofing, and extends the Obfuscate and Sleep capability to the SMB and TCP Beacons. TCP Beacon Cobalt Strike has...
View Article35C3 Junior CTF web writeup By Saferman
在这个月圣诞节和元旦节之间参加了这个比赛,这个比赛有二个 https://35c3ctf.ccc.ac 是难度较高的,还有一个是 https://junior.35c3ctf.ccc.ac/ 中等难度的。中等难度的题目总体来讲还是很符合Junior水平的 :-)。题目整体来讲都不难,只有一二道题花了较多时间,现在将自己的解题思路总结出来。 Blind 这题打开就是一个显示源码的页面,php如下:...
View ArticleClik here to view.
Identifying and Mitigating Security Risks of Pre-Shared Keys
Identifying and Mitigating Security Risks of Pre-Shared Keys kdobieski Wed, 01/02/2019 09:49 Security Risks Because there are two ends of communication with a PSK, there are two major areas of...
View ArticleThe Simple Social Security Move We All Need to Make Right Now
The Social Security Administration wants you to double check its work through your personalized and free online portal. Your account includes valuable information about your anticipated retirement...
View ArticleClik here to view.
Microsoft is adding two more Microsoft 365 SKUs for security and compliance
Today, Microsoft announced two new SKUs of its Microsoft 365 offering, which combines windows 10, Office 365, and Enterprise Mobility + Security (EMS). The new offerings are called Identity &...
View Article5 steps to simple role-based access control (RBAC)
Despite all of the advanced attack scenarios we face in cybersecurity today, it seems like we continue to shoot ourselves in the proverbial feet with the simple things. Case in point: the 2017 Verizon...
View ArticleIs Your Chief Security Officer Prepared for M&A?
Very few data breaches have garnered as much attention recently as the Starwood/Marriott breach in which up to 500 million records may have been accessed by an unauthorized user. It’s suspected that...
View ArticleClik here to view.
New in 2018.12: Safe web-browsing with Emsisoft Browser Security
“A browser extension that blocks bad websites without compromising your privacy?” What sounds like an attempt to square the circle, actually can be done. Almost all browser extensions that aim to block...
View ArticleClik here to view.
Newsmaker Interview: Bruce Schneier on Physical Cyber Threats
Bruce Schneier discusses the clash between critical infrastructure and cyber threats. Attacks on physical devices and infrastructure offer a new target for cyber crime, a new opportunity for espionage...
View ArticleUS-CERT Offers Tips for Securing Internet-Connected Holiday Gifts
Key steps to making those home Internet of Things devices just a bit safer. The Department of Homeland Security's US-CERT has welcomed the new year with advice to those who received Internet-connected...
View ArticleClik here to view.
Vulnerability Spotlight: Multiple privilege escalation vulnerabilities in...
Tyler Bohan of Cisco Talos discovered these vulnerabilities. Executive summary Today, Cisco Talos is disclosing several vulnerabilities in MacPaw’s CleanMyMac X software. CleanMyMac X is a cleanup...
View Article