Aggregator

这世界也许本来就是一个F(x)

Awesome-Forwarder开发实战~

2021年1月到2月，有黑客组织使用Microsoft Exchange邮件服务器软件中的0day漏洞利用链

How platform business models are at an increased risk of fraud when two or more separate parties collude.

Summary CVE-2021-28310 is a privilege escalation vulnerability in Windows' Desktop Window Manager. It was discovered by Kaspersky being used in-the-wild by BITTER APT. Threat Type Vulnerability, Exploit, APT Overview Kaspersky published a blog post detailing CVE-2021-28310, a zero-day vulnerability they discovered being exploited by BITTER APT. It is a privilege escalation vulnerability, and Kaspersky believes it was used in combination with other browser exploits. Since the full exploit chain wasn't captur

Summary SAP has released its April 2021 security patches for a variety of products. Each product and a link to details on the vulnerability are listed below. In all, 14 security notes were released. Of these, 1 is rated critical, 4 are rated high, 9 are rated as medium, and 5 are updates to previously released patches. The potential impact from successful exploitation of the most serious vulnerability is remote code execution. In addition, privilege escalation, accessing sensitive files, and other nefarious

Google的应急响应流程在18年就有相关的材料介绍了，笔者集合了一些会议材料、Paper、官网文章进行较为完整的分享，希望大家可以借此比对同国内自家理念的异同。

"Working from home 2021" was the title of my talk at The Cyber Security Summit in January, and the strikethrough is important.

Summary The ICS-CERT has published fifteen advisories that affect Schneider Electric SoMachine Basic, Advantech WebAccessSCADA, JTEKT TOYOPUC products, the Siemens products Solid Edge File Parsing, Web Server of SCALANCE X200, SINEMA Remote Connect Server, LOGO! Soft Comfort, PKE Control Center Server, TIM 4R-IE Devices, Nucleus Products IPv6 Stack, Nucleus Products DNS Module, Tecnomatix RobotExpert, SIMOTICS CONNECT 400, Nucleus DNS, and the Siemens and Milestone Siveillance Video Open Network Bridge. Thr

Summary PAM update 4104.08194 contains 10 new events, 23 new moderate event responses, and 23 new aggressive event responses. Threat Type Vulnerability Overview This content update is compatible with IBM QRadar Network Security Firmware version 5.4 or later, IBM QRadar Network Security for VMware firmware version 5.4 or later, IBM Security Network IPS GV-Series Virtual Appliances, IBM Security Network IPS GX-Series Appliances Firmware version 4.5 or later, IBM Security Network Protection XGS Firmware versio

Summary The Mozilla Foundation has issued a Moderate-rated security advisory that addresses multiple vulnerabilities in Thunderbird. Threat Type Vulnerability Overview The Mozilla Foundation has released Thunderbird 78.9.1 to cover multiple vulnerabilities related to OpenPGP functions. The advisory has been rated as Moderate. The vulnerabilities could potentially result in a failure to send encrypted emails or allow a remote attacker to conduct a spoofing attack. For further details, please refer to the app

国家医疗保障局关于印发加强网络安全和数据保护工作指导意见的通知

There's a fascinating human phenomenon often studied in the behavioral science field called the intention-action gap.

世界上大多数事物的发展规律是相似的，在最开始往往都会出现相对通用的方案解决绝大多数的问题，随后会出现为某一场

Gambling industry-related web traffic delivered by Akamai jumped 31% over the category average for all of Q4 2020 on March 31st.

网络战场再次迎来了核设施网络打击，而这一次攻击还是发生在当年的"震网"攻击发生国伊朗，而攻击者同样是以色列，

Summary Throughout 2020 IBM X-Force saw a proliferation of malware created using the Go programming language, now some of that focus seems to be shifting onto the Nim programming language, with the latest addition being the Nimar Backdoor. Threat Type Vulnerability Overview Throughout 2020 IBM X-Force saw a proliferation of malware created using the Go programming language, now some of that focus seems to be shifting onto Nim. Nim is a flexible, statically typed programming language which is notable for hav

一款内网自动化横向工具：InScan开源扫描器