Aggregator

最近半年，JRASP新版本在甲方内部不断迭，经过性能、功能和稳定性等测试，达到可用标准。

For Murray Green, working for a company that is a steward of critical internet infrastructure is a mission that he can get behind. Green, a senior engineering manager at Verisign, is a U.S. Army veteran who served during Operation Desert Storm and sees stewardship as a lifelong mission. In both roles, he has stayed focused […]

The post Verisign Honors Vets in Technology For Military Appreciation Month appeared first on Verisign Blog.

让众多顶级美国安全公司困惑，让美NSA、CISA大爆粗口的APT攻击内幕...

At GreyNoise we recognize the value of partnership and intelligence sharing when it comes to protecting internet citizens. Today the GreyNoise Labs team wants to give a shoutout to Trinity Cyber.

GreyNoise added a number of exciting updates in April, including 20 new tags for users to monitor emerging vulnerabilities and threats, and identify benign actors. We’ve also added integration updates to support our new IP Similarity and Timeline features, and enhancements to the IP Similarity capability to improve accuracy and give users a summary view to easily understand similar IP infrastructure.

PaperCut MF SetupCompleted 远程命令执行漏洞 CVE-2023-27350

Threat Analysis Group shares their Q1 2023 bulletin.

1.

0x01

无论你的动机是什么，最好的状态是考证是为了增加知识面和广度，让自己能学到东西又能证明自己。不要迷恋证书，不要

温故而知新。

On Monday, May 1, 2023, CISA added CVE-2021-45046, CVE-2023-21839, and CVE-2023-1389 to the Known Exploited Vulnerabilities (KEV) list. For all three CVEs, GreyNoise users had visibility into which IPs were attempting mass exploitation prior to their addition to the KEV list.

Apache Superset SECRET_KEY 未授权访问漏洞 CVE-2023-27524

filetime时间戳是Windows中使用最广泛的时间格式，回收站中记录的文件删除时间，快捷方式文件中记录的文档打开时间，都是这种格式。

xscan发布后，已经有不少人获得了赏金了一个xss奖金将近5000CNY，加入星球找到一个就回本，甚至有2