Aggregator

预编译的功能，到底是如何防止 SQL 注入的呢？

Summary Samba published a security advisory addressing a vulnerability in all versions of the Samba file server released since version 3.6.0. Threat Type Vulnerability Overview Samba published a security advisory addressing a vulnerability in all versions of the Samba file server released since version 3.6.0. The vulnerability is cause by a flaw in the code that map Windows group identities (SIDs) into unix group ids (gids). The vulnerability could potentially allow a local attacker to cause a denial of ser

写在前面近期冰蝎更新了内网穿透模块中的一些功能，有不少朋友不知道参数怎么填，希望能出一个使用指导手册，刚好今

写在前面 近期冰蝎更新了内网穿透模块中的一些功能，有不少朋友不知道参数怎么填，希望能出一个使用指导手册，就借这个机会写一个“说明书”（文中有大量演示动图，请耐心等待加载）。 基本信息 由于冰蝎采用了会话加密，所以客户端首次和服务端通信会有一个协商的过程（v3.0之后的版本不存在密钥协商过程），成功建

Managing the cyber security of high profile events in the real and virtual worlds.

Akamai's Ohana ERG launched in 2015, along with a number of other ERGs, with the mission to broaden and facilitate the inclusion and contributions of employees of African American, Black, Hispanic, and Latin American descent and association.

Summary The ISC has published three Security Advisories pertaining to BIND. ISC has rated two of the advisories as High and one as Medium. Threat Type Vulnerability Overview Three Security Advisories for BIND have been published by the ISC. Two of the advisories have been rated as High and one as Medium by the ISC. All three of the vulnerabilities addressed by the advisories are exploitable remotely and have a potential impact of denial of service conditions. One of the vulnerabilities, CVE-2021-25216, if t

Summary Apple has published security updates for iCloud for Windows, Xcode, Safari, iOS and iPadOS, watchOS, tvOS, and macOS: Big Sur, Catalina, and Mojave. One of the vulnerabilities (CVE-2021-30657) addressed in the updates for macOS Big Sur, and Catalina, has been reported independently as being exploited in the wild. Threat Type Vulnerability Overview Apple has published security updates for iCloud for Windows, Xcode, Safari, iOS and iPadOS, watchOS, tvOS, and macOS: Big Sur, Catalina, and Mojave. Colle

2021年4月26日有报道指出，美国情报部门正在考虑应美军大多数司令部的请求，在信息战的框架内解密并披露与俄

As with any standardization effort, development of 5G specifications accounted for numerous technology trends and new use cases.

On April 20, 2021, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) released an alert on the exploitation of Pulse Connect Secure Vulnerabilities with Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, as well as Emergency Directive (ED) 21-03, after a FireEye blog shed light on security incidents involving compromises of Pulse Secure VPN appliances.

Summary Cisco has published thirteen Security Advisories. Of the advisories, five are rated as High and eight are rated as Medium. Threat Type Vulnerability Overview Cisco has published thirteen Security Advisories. Of the advisories, five are rated as High and eight are rated as Medium. For all advisories listed below, it is noted that Cisco's Product Security Incident Response Team (PSIRT) is "not aware of any public announcements or malicious use of the vulnerabilities" that are described in the advisori

颜色家族再添一员

Latin America’s cyberattack landscape saw continued focus on port 5900 and the targeting of common web vulnerabilities.

介绍Xcheck团队如何在企业内部落地SAST应用，以及取得的效果

大家好，我是BaCde，上周临时组队参与了HackTheBox组织的Cyber Apocalyps 2021的CTF比赛。今天主要写一下Web的Artillery，这是一道3星题（最难为4星），这是一道关于XXE利用的题，做出来的人相对很少，也花了不少时间，有些收获，这里写出来与大家分享。本文不介绍基础知识，如果要学习基础可以查看后面的推荐文章。

收集信息

此次的CTF题大部分都提供源代码，并提供有Dockerfile文件，可通过docker build构建并运行。通过源码可知源代码为Java语言。openjdk 1.8.181版本，Web Server为Tomcat10。

4月25日在上海参加了ArchSummit全球架构师峰会，分享了一些我对计算的看法，演讲全文如下。各位嘉宾

Reflecting on the cybersecurity threat landscape in 2020, we can't overlook the massive changes that landed on us. Global security attacks increased at a significant pace between 2019 and 2020, and the COVID-19 pandemic only deepened these troubling conditions.