Aggregator
Introducing ThreatFox
3 years 7 months ago
Is MFA a Security Illusion?
3 years 7 months ago
A recent Akamai Security blog post, Massive Campaign Targeting UK Banks Bypassing 2FA, written by my colleague Or Katz, is a great insight into how attackers used very simple techniques to bypass two-factor (2FA) authentication security to obtain access to U.K. consumers' bank accounts.
Jim Black
Akamai Startup Program: Fostering Innovation
3 years 7 months ago
Akamai, the intelligent edge platform for securing and delivering digital experiences, continues to focus on innovation by launching Cohort 2 of the Akamai Startup program.
Arjun Rampal
KAMACITE ICS Threat Activity Group
3 years 7 months ago
Summary
KAMACITE is an ICS threat activity group that obtains access to victim networks and enables other actors to carry out attacks. Dragos revealed their findings on this threat group in a recent blog post.
Threat Type
Malware
Overview
Dragos has published a blog post detailing a newly identified threat activity group targeting electric utilities, oil and gas operations, and various manufacturing organizations since as early as 2014. The group has been tied to the BLACKENERGY2 campaign and both the 2015
Struts2 系列漏洞 - S2-057
3 years 7 months ago
嘿...
Local Privilege Escalation Vulnerabilities Discovered in Linux Kernel, Patches Available
3 years 7 months ago
Summary
Alexander Popov, a security researcher from Positive Technologies, discovered and fixed five security vulnerabilities in the Linux kernel, now uniquely identified as CVE-2021-26708.
Threat Type
Vulnerability
Overview
Alexander Popov, a security researcher from Positive Technologies, discovered and fixed five security vulnerabilities in the Linux kernel's virtual socket implementation that could lead to a Denial of Service and other actions. They are noted together within CVE-2021-26708. Popov develo
Indian Vaccine Makers Targeted by Chinese Hackers
3 years 7 months ago
Summary
Reuters is reporting on attacks against Indian biotech companies making a COVID-19 vaccine. Chinese state-sponsored group APT 10, also known as Stone Panda, are thought to be behind the attacks.
Threat Type
Targeting
Overview
Indian vaccine makers SII and Bharat Biotech have recently come under attack from Chinese hackers. The Chinese state-sponsored group APT 10, or Stone Panda, are suspected of the attacks on the biochemical companies. The group was able to identify vulnerabilities in the IT infra
linux进程隐藏手段及对抗方法 - bamb00
3 years 7 months ago
1.命令替换 实现方法 替换系统中常见的进程查看工具(比如ps、top、lsof)的二进制程序 对抗方法 使用stat命令查看文件状态并且使用md5sum命令查看文件hash,从干净的系统上拷贝这些工具的备份至当前系统,对比hash是否一致,不一致,则说明被替换了。 注:需要在bin目录下执行。 2
bamb00
VMware vCenter Server CVE-2021-21972远程代码执行漏洞
3 years 7 months ago
2021年2月23日,VMware发布了一份公告(VMSA-2021-0002),公布了影响VMware ESXi、VMware vCenterServer和VMware Cloud Foundation的三个威胁
How The IcedID Banking Trojan Exploits The Pandemic
3 years 7 months ago
TA551 (AKA Shathak) deploys the IcedID banking trojan using COVID-19 in Microsoft Word documents containing a malicious macro that drops an installer.
Sensor Architecture Can Help Keep Us Up and Running: Part 1
3 years 7 months ago
In the constant press of rolling out ever better products and services to our customers, it can be easy-- and often necessary-- to fall into a reactive mode around reliability.
Kristin Nelson-Patel
Akamai Identified as a Leader in DDoS Mitigation by Forrester
3 years 7 months ago
This week, Akamai was again recognized as a Leader in the latest The Forrester Wave?: DDoS Mitigation Solutions, Q1 2021.
Susan McReynolds
Compromised enterprise devices detection based on abnormal behavior patterns-- UEBA in action
3 years 7 months ago
Recently, many reports of incidents have been making headlines, proving that no business or industry is immune to advanced threat actors. Applying user and entity behavior analytics (UEBA) for the challenging task of the detection of compromised devices over time can play a critical role in enterprises' defense mechanisms.
Hen Tzaban
bluetooth_stack开源蓝牙协议栈源码分析与漏洞挖掘 - hac425
3 years 7 months ago
文章首发地址 https://xz.aliyun.com/t/9205 前言 网上闲逛的时候,发现github有个开源的蓝牙协议栈项目 https://github.com/sj15712795029/bluetooth_stack 看介绍支持STM32,网上支持嵌入式芯片的开源协议栈貌似很少,这里
hac425
[胖猴小玩闹]智能设备分析第一篇: 华为智联旗下小豚AI摄像头的完整分析(上)
3 years 7 months ago
[胖猴小玩闹]专题从这篇起将开始一个新的系列
.NET反序列化--VIEWSTATE
3 years 7 months ago
.NET反序列化--VIEWSTATE~~~
3月20日,DEF CON CHINA Party来了!VK SRC邀您相聚虚拟极客星球!
3 years 7 months ago
2021年3月20日,DEF CON CHINA Party ,期待我们的相聚!
记录一次SSM搭建过程(方便日后复制粘贴) - admin-神风
3 years 7 months ago
一、配置Spring所需依赖 pom.xml项目中添加如下依赖 <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org
admin-神风
Better, or More Effective?
3 years 7 months ago
A colleague asked me to share my thoughts on building a "better team". I confess, I stumbled on the word "better". Better than what exactly?
Fadi Saba