中国最牛黑客挑战安卓/iOS入侵:结果意外
近日,极富盛名的Pwn2Own“白帽黑客”挑战赛在Trend Micro在暂住下举行,在移动设备项目中,官方拿出Nexus 6P、iPhone 6S、三星Galaxy S7三部手机作为此次攻防实操的对象。 php?url=0EmN1T3U5q" alt="中国最牛黑客挑战安卓/iOS入侵:结果意外" />结果,来自中国腾讯旗下的Keen Security...
View Article基于DLL劫持配合backdoor-factory的提权思路
作者: suzumiya 0x00 网上有许多 DLL 劫持提权的文章 但是都不是很详细 而且 ws2.dll lpk.dll 一些以前的 dll 也已经被封锁了 自从 windows xp sp2 开始 就加入了这个机制 注册表路径: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session...
View ArticleDDoS attacks from webcams, routers hit Singapore's StarHub
Following Friday's massive internet disruption in the U.S., a Singapore-based broadband provider reports it faced two distributed denial-of-service attacks, forcing users offline. The attacks, which...
View ArticleThe Dyn DNS DDoS That Killed Half The Internet
Last week the Dyn DNS DDoS took out most of the East coast US websites including monsters like Spotify, Twitter, Netflix, Github, Heroku and many more. Hopefully it wasn’t because I shared theMirai...
View ArticleXiongmai to recall 10,000 compromised webcams after U.S. attack
Chinese webcam manufacturer Xiongmai has issued a recall of around 10,000 compromised webcams, which were linked to a serious U.S. cyberattack last week. The attack rendered major websites like Spotify...
View ArticleCybersecurity and Applied Mathematics
Mathematics is an integral (no pun intended) part of information security and cryptography. The RSA cryptosystem is one of many examples―its foundation is based on mathematics. The core security of RSA...
View ArticlePassword1? You're so random. By which we mean not random at all - UK.gov
The UK government has renewed its efforts to persuade consumers to pick stronger passwords. The #ThinkRandom campaign is encouraging consumers to use three random words to create strong, separate...
View ArticleRebuttal: Dark Reading’s “9” Sources for Tracking New Vulnerabilities
Earlier today, Sean Martin published an article on Dark Reading titled “ 9 Sources For Tracking New Vulnerabilities “. Spanning 10 pages, likely for extra ad revenue, the sub-title reads: Keeping up...
View Article男子集资诈骗上百万 打赏网络女主播挥金如土
男子集资诈骗上百万 打赏网络女主播挥金如土 3小时前来源:新浪 男子集资诈骗上百万 打赏网络女主播挥金如土 调查中,民警当场从该店老板,也就是小邓的办公室内发现了20多张所谓的《股东合同书》,其中最大一笔金额是20万元,总共加起来集资超过120万元。 而此时民警第一反应是清查邓某的个人账户与公司账户,但是经核查邓某的全部资产已经只剩下2万余元了。...
View ArticleTooling To Help Aggregate DNS Across Multiple Service Providers
Adrian Cockroft (@adrianco) turned me on to a DNS aggregation solution the other day while I was working on updating the API definitions for the API providers that are included in my API DS research ....
View ArticleInformation security set for steep trajectory, says (ISC)2
The information security profession has reached an inflection point and is poised for growth, according to Adrian Davis, managing director for Europe, Middle East and Africa at ( ISC ) 2 . “If we as a...
View Article【技术分享】从PouchDB到RCE: 一个node.js注入向量
【技术分享】从PouchDB到RCE: 一个node.js注入向量 2016-10-28 11:14:49 来源:安全客 作者:默白 阅读:586次 点赞(0) 收藏 作者:默白 预估稿费:200RMB(不服你也来投稿啊!) 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿 前言 PouchDB< =...
View Article密码心理学 看看黑客是如何来破解密码的
密码心理学 看看黑客是如何来破解密码的 一点号江湖佰晓生4天前 密码心理学 看看黑客是如何来破解密码的 黑客破解不可避免要破解密码,本文不从破解技术入手,而从黑客技巧入手分析密码心理学。本文完全不涉及到具体的技术,完全是心理学、信息学内容。本来也懒得写,因为这是一个很大的内容,自己想到只是一点而已,我的见解简直是井底蛙看到的天空。...
View Article唉!这山西熊孩子 临汾17岁小黑客“自学成才”,多次网络作案终落网!
唉!这山西熊孩子 临汾17岁小黑客“自学成才”,多次网络作案终落网! 一点号一点山西1小时前 熊孩子什么样? 他们会打饭你的餐桌、 会划坏你的pad, 还能乱翻你的电脑...... 当然还有一种更熊的熊孩子 php?url=0EmseglGON" alt="唉!这山西熊孩子 临汾17岁小黑客“自学成才”,多次网络作案终落网!" />今天小T就给大家讲讲 咱们山西这样的 一个熊孩子...
View ArticleFriday's Massive DDoS Attack Came from Just 100,000 Hacked IoT Devices
Guess how many devices participated in last Friday's massive DDoS attack against DNS provider Dyn that caused vast internet outage? Just 100,000 devices. I did not miss any zeros. Dyn disclosed on...
View ArticleBLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List
By Joey Chen and MingYen Hsieh BLACKGEAR is an espionage campaign which has targetedusers in Taiwan for many years. Multiple papers and talks have been released covering this campaign, which used the...
View ArticleSomething wicked this way comes… the cyber security issues that scare people...
"There is a time to take counsel of your fears," General George S. Patton once famously said. Halloween marks the end of National Cyber Security Awareness Month (NCSAM). Let’s make this the time to...
View Article美国遭网络攻击事件系由10万台联网设备发起
美国遭网络攻击事件系由10万台联网设备发起 7小时前来源:北方网 中新网10月27日电据新加坡《联合早报》报道,上周遭大规模网络攻击的美国域名解析服务提供商迪恩26日称,可能有多达10万台联网设备遭电脑病毒劫持参与发起了此次攻击,从而导致美国东海岸和欧洲部分地区的许多网民无法登录网上支付系统贝宝、社交媒体“推特”等网站。...
View Article最嚣张的黑客改邪归正 转行做安全人员
最嚣张的黑客改邪归正 转行做安全人员 3小时前来源:王小瑞 我不是前LulzSec黑客团队成员,不是前FBI,我是一个安全研究员。 ――海克特蒙赛格...
View ArticleUCloud-201610-002: OpenSSL红色警戒漏洞安全预警 | U刻
OpenSSL All 0.9.8 OpenSSL All 1.0.1 OpenSSL 1.0.2 through 1.0.2h OpenSSL 1.1.0 修复方案 升级OpenSSL 为1.1.0b或1.0.2j 漏洞详情 在OpenSSL针对SSL/TLS协议握手过程的实现中,允许客户端重复发送打包的“SSL3_RT_ALERT” ->...
View Article