Aggregator

在通过密码学分析后，研究人员揭示了Sync、pCloud、Icedrive、Seafile和Tresorit服务的问题，这些服务共同被超过2200万人使用。

在数字化转型的浪潮中，数据量呈爆炸式增长，企业面临前所未有的数据存储、处理与分析挑战。为应对这些挑战，如何在保障查询性能基础上，尽可能降低资源使用成本，成为企业核心需求之一。10月23日19:00，B

Grafana Post-Auth DuckDB SQL Injection (File Read)Proof of Concept (PoC)This PoC demonstrates the

error code: 1106

cloudkicker self-hosted Azure OSINT tool It is very similar to what @DrAzureAD’s OSINT tool does (https://aadinternals.com/osint/). While this version lacks a few of the extra features, it is self-contained, requires no account, and can...

The post cloudkicker: self-hosted Azure OSINT tool appeared first on Penetration Testing Tools.

The Update Framework (TUF) The Update Framework (TUF) is written in Python and intended to conform to version 1.0 of the TUF specification. This implementation is in use in production systems but is also...

The post tuf: A Framework for Securing Software Update Systems appeared first on Penetration Testing Tools.

authelia Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy to let them...

The post authelia: The Single Sign-On Multi-Factor portal for web apps appeared first on Penetration Testing Tools.

A vulnerability, which was classified as critical, was found in Adobe Acrobat Reader up to 11.0.15/15.006. This affects an unknown part. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2016-1094. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Deal Enhances Sophos’ Managed Security Portfolio, Adds AI-Powered Taegis XDR Tool
Sophos is acquiring Secureworks in a deal valued at $859 million, aiming to integrate its managed security services with Secureworks' Taegis XDR platform. This merger is expected to deliver advanced detection and response capabilities, and enhance global cybersecurity for businesses of all sizes.

2023 Hacking Incident Affected 1.9 Million Patients, Employees
A Michigan-based dental practice with 250 centers across nine states has agreed to pay $2.7 million under a preliminary settlement of a proposed consolidated class action lawsuit centered on a 2023 hacking incident reported as affecting more than 1.9 million patients and employees.

US Cyber Defense Agency Says Election Is Secure Despite Intensifying Threats
The Cybersecurity and Infrastructure Security Agency is ramping up its warnings of potential election interference and influence campaigns in the lead up to the November vote. But voters can be assured their ballots are secure and will be counted as cast, the agency said.

Vulnerability Tool Detected Flaws in OpenAI and Nvidia APIs Used in GitHub Projects
Security researchers have developed an AI tool that can detect remote code flaws and arbitrary zero-day code in software. Protect AI applied the tool to nearly 10,000 GitHub projects and on CVSS data and uncovered local file inclusion, cross-site scripting and remote code flaws in APIs.

In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts.

Russia-linked hackers have taken aim at Japan, following its ramping up of military exercises with regional allies and the increase of its defense budget.

In recent weeks, underground forums on the dark web have continued to flourish as bustling marketplaces where cybercriminals sell unauthorized access to corporate networks. From VPN credentials to Remote Desktop Protocol (RDP) access, threat actors take advantage of compromised corporate environments, often leveraging data from recent breaches or stolen via infostealers. This analysis highlights the …

The post Inside the Dark Web: How Threat Actors Are Selling Access to Corporate Networks appeared first on Security Boulevard.

A vulnerability was found in Oracle Enterprise Session Border Controller 8.4/9.0. It has been rated as critical. This issue affects some unknown processing of the component Routing. The manipulation leads to off-by-one. The identification of this vulnerability is CVE-2021-23017. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

一张app promotion graph联系起了多少黄、赌、诈骗应用~

A vulnerability was found in Mozilla Firefox 14 on Android. It has been rated as critical. This issue affects the function dump of the component __android_log_print. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2012-3979. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.