APT组织Patchwork七月活动,Widnows主战远控武器BADNEWS再升级
APT组织Patchwork七月活动,Widnows主战远控武器BADNEWS再升级
Aggregator
2024 羊城杯 web方向wp
2 months 2 weeks ago
2024 羊城杯 web方向wp
C++异常处理的分析及攻击
2 months 2 weeks ago
C++异常处理的分析及攻击
记!一次供应链导致教育漏洞通杀,通杀五十多个学校弱口令,SQL注入,越权修改密码!(新手小白也能看懂的文章)
2 months 2 weeks ago
记!一次供应链导致教育漏洞通杀,通杀五十多个学校弱口令,SQL注入,越权修改密码!(新手小白也能看懂的文章)
jmreport积木报表aviator注入报错分析
2 months 2 weeks ago
jmreport积木报表aviator注入报错分析
HQL注入深入利用
2 months 2 weeks ago
HQL注入深入利用
羊城杯2024全方向部分题解
2 months 2 weeks ago
羊城杯2024全方向部分题解
2024羊城杯pwn方向详细wp
2 months 2 weeks ago
2024羊城杯pwn方向详细wp
高版本打tcache
2 months 2 weeks ago
高版本打tcache
高版本off-by-null堆攻击
2 months 2 weeks ago
高版本off-by-null堆攻击
从羊城杯docCrack学习恶意宏
2 months 2 weeks ago
从羊城杯docCrack学习恶意宏
2024羊城杯ezJava EventListenerList新链反序列化
2 months 2 weeks ago
2024羊城杯ezJava EventListenerList新链反序列化
CISA Releases One Industrial Control Systems Advisory
2 months 2 weeks ago
CISA released one Industrial Control Systems (ICS) advisory on September 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
- ICSA-24-247-01 LOYTEC Electronics LINX Series
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA
CISA Adds Three Known Exploited Vulnerabilities to Catalog
2 months 2 weeks ago
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2021-20123 Draytek VigorConnect Path Traversal Vulnerability
- CVE-2021-20124 Draytek VigorConnect Path Traversal Vulnerability
- CVE-2024-7262 Kingsoft WPS Office Path Traversal Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA
«Годзилла» в тени: невидимый ящер проникает в сердце Atlassian
2 months 2 weeks ago
Традиционные антивирусы бессильны перед атакой на серверы.
钓鱼特辑(四)安全较量,摆脱“麻瓜”标签
2 months 2 weeks ago
近期,某知名制造业企业HR又收到了来自红队“求职者”的简历,显示名为「陈梓锋-华南理工大学-硕士」的压缩文件,经分析,本次钓鱼攻击使用了多款远控C2,规避调试器、规避内存扫描等,对抗技术丰富。
FreeBuf早报 | 伊朗APT组织攻击卫星设备;系统被黑导致安防公司被罚2000万
2 months 2 weeks ago
此类攻击的实施者可以通过破坏卫星系统来利用它,从而破坏通信和数据泄露,并影响导航和计时信息。
4 способа эксплуатации CVE-2024-20017: как всего одна уязвимость может разрушить вашу сеть
2 months 2 weeks ago
Переполнение буфера превращает ваши устройства в удобные цифровые мишени.
ФСТЭК против GPTBot: госорганам поручено закрыть доступ зарубежным ботам
2 months 2 weeks ago
Почему иностранные боты опасны для России?
ИИ против человечества: новая система спасет нас от засилья ботов
2 months 2 weeks ago
Цифровые удостоверения помогут доказать, что вы не машина.