Aggregator

前言 在 Nginx 中 HTTP 数据是一边接收一边进行解析的，如果解析过程中发现收到的数据有问题就会停止解析，并且停止接收数据。 而 Workerman 将解析协议这一步进行后置，当程序需要用

欢迎大家扫码报名参加5.14日的eiss大会，提问题送书啦

Denial-of-service attacks are increasing and becoming more complex. We look at how attackers are attempting to bring down services around the world.

Summary Apple has published a security update for Safari. One vulnerability is addressed in the update, which is reported as being actively exploited in the wild. Threat Type Vulnerability Overview Apple has published a security update for Safari. One vulnerability is addressed in the update, which is reported as being actively exploited in the wild. If successfully exploited, the vulnerability could potentially allow a remote attacker to execute arbitrary code. We recommend updating to the latest version a

Summary The Mozilla Foundation has issued three security advisories that address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Threat Type Vulnerability Overview The Mozilla Foundation has released Firefox 88.0.1 and Firefox for Android 88.1.3. There are two vulnerabilities addressed in the update of which one is rated as Critical and one as High. The critical vulnerability only affects the Android version and potentially leaves the browser vulnerable to a universal cross-site scripting

【Java 代码审计入门-04】SSRF 漏洞原理与实际案例介绍

Summary About a week ago, the Infosecurity Group reported that Washington D.C.'s metro police department was hit by ransomware threat actors of Russian origins. Threat Type Ransomware Overview The Babuk group claimed to have information on confidential informants used by the district's police department. Metro police only acknowledged the breach but not whether or not they paid the ransom or even that there was an attack and that ransom was being sought. The information the group claimed to have included ga

Summary VMWare published a security advisory, VMSA-2021-0007, that addresses a remote code execution vulnerability in VMware vRealize Business for Cloud. Threat Type Vulnerability Overview VMWare published a security advisory, VMSA-2021-0007, that addresses a vulnerability (CVE-2021-21984) in VMware vRealize Business for Cloud. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on an affected vRealize Business for Cloud Virtual appliance. We recommend reviewing the ad

Summary Cisco has published twenty-nine Security Advisories. Of the advisories, two are rated as Critical, seven are rated as High, nineteen are rated as Medium, and one is rated as Informational. Threat Type Vulnerability Overview Cisco has published twenty-nine Security Advisories. Of the advisories, two are rated as Critical, seven are rated as High, nineteen are rated as Medium, and one is rated as Informational. Please note that one of the advisories summarized below (cisco-sa-anyconnect-profile-AggMUC

In Akamai's paper, "Inside the World of Video Pirates," we discovered why digital intellectual property theft (aka "piracy") is possibly the most misunderstood form of cybercrime facing the TV, sports, and film industries.

【Java 代码审计入门-03】XSS 漏洞原理与实际案例介绍

带你了解 Java 反射知识

Summary Twenty-one vulnerabilities in Exim have been disclosed by Qualys. Three of the vulnerabilities could allow for remote code execution. Threat Type Vulnerability Overview Twenty-one vulnerabilities in Exim have been disclosed by Qualys. Of the most serious vulnerabilities, three could allow for remote code execution, and four could allow for escalation of privileges to those of root. In total, ten of the vulnerabilities are exploitable remotely and eleven are exploitable locally. Qualys has not provid

Summary A security advisory have been published for Xen. The vulnerability addressed in the advisories could potentially allow for an attacker to carry out a Spectre v2 attack against Xen. Threat Type Vulnerability Overview A security advisory have been published for Xen. The vulnerability addressed in the advisories could potentially allow for an attacker to carry out a Spectre v2 attack against Xen. Further information, including a mitigation strategy, is available from the link in the advisory summary be

Summary IBM has published eight security bulletins that apply to QRadar SIEM. In total, seventeen vulnerabilities are addressed in the bulletins. Threat Type Vulnerability Overview IBM has published eight security bulletins that apply to QRadar SIEM. In total, seventeen vulnerabilities are addressed in the bulletins. The potential impacts from successful exploitation of the vulnerabilities includes a remote attacker being able to cause denial of service conditions, obtain sensitive data (including session c

情报小蜜蜂改版啦~

Summary The ICS-CERT has published two advisories that affect Advantech's WISE-PaaS RMM, and Delta Electronics' CNCSoft ScreenEditor. Threat Type Vulnerability Overview The ICS-CERT has published two advisories that affect Advantech's WISE-PaaS RMM, and Delta Electronics' CNCSoft ScreenEditor. Further information is available from the advisories which are summarized below. ICS Advisory ICSA-21-124-01 - Advantech WISE-PaaS RMM CVE-2021-27437 - The affected product allows attackers to obtain sensitive informa

Tax scams are some of the oldest scams in a criminal's book, and they're highly attractive to criminals for many reasons.

Summary The Android Security Bulletin for May has been released and provides information on the forty-two vulnerabilities that are addressed in this bulletin. Threat Type Vulnerability Overview The April security bulletin for Android has been released. In it, forty-two vulnerabilities are addressed. Some of the potential impacts of successful exploitation of the vulnerabilities are information disclosure, privilege escalation, and remote code execution. Four of the vulnerabilities were rated as Critical, an

Summary Apple has published security updates for macOS Big Sur, iOS, iPadOS and watchOS. In total, four vulnerabilities are addressed in the updates, all of which are reported as being actively exploited in the wild. Threat Type Vulnerability Overview Apple has published security updates which take macOS Big Sur to 11.3.1, iOS (for older devices) to 12.5.3, iOS and iPadOS to 14.5.1, and watchOS to 7.4.1. In total, four vulnerabilities are addressed in the updates, one of which is common to all updates. All