Vulnerable APIs and Bot Attacks: Two Interconnected, Growing Security Threats - David Holmes - ASW #300
Sep 24, 2024APIs are essential to modern application architectures, drivingrapid development, seaml
Aggregator
OSINT : User Privacy in Linux
4 months ago
Linux telemetry involves gathering and sending data from a Linux-based system to an
Study finds many European car resellers fail to delete driver data
4 months ago
European auto resellers are violating the continent’s tough data privacy laws, according to a new s
Infostealer malware bypasses Chrome’s new cookie-theft defenses
4 months ago
error code: 1106
SCCMSecrets: exploit SCCM policies distribution for credentials harvesting, initial access and lateral movement
4 months ago
SCCMSecrets SCCMSecrets.py is an SCCM policies exploitation tool. It goes beyond NAA credentials extraction, and aims to provide a comprehensive approach regarding SCCM policies exploitation. The tool can be executed from various levels of...
The post SCCMSecrets: exploit SCCM policies distribution for credentials harvesting, initial access and lateral movement appeared first on Penetration Testing Tools.
ddos
grype: vulnerability scanner for container images and filesystems
4 months ago
grype A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Features Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major...
The post grype: vulnerability scanner for container images and filesystems appeared first on Penetration Testing Tools.
ddos
cilium: eBPF-based Networking, Security, and Observability
4 months ago
cilium: eBPF-based Networking, Security, and Observability Cilium is open source software for providing and transparently securing network connectivity and load-balancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4...
The post cilium: eBPF-based Networking, Security, and Observability appeared first on Penetration Testing Tools.
ddos
外部攻击面管理的思考与启示|大湾区金融安全专刊·安全村
4 months ago
当今世界,网络空间已成为继陆、海、空、天之外的第五主权空间
Hackers deploy AI-written malware in targeted attacks
4 months ago
error code: 1106
Critical Ivanti vTM auth bypass bug now exploited in attacks
4 months ago
error code: 1106
CRQ Loss Exceedance Curves for Risk Management | Kovrr
4 months ago
TL;DROn-demand cyber risk quantification (CRQ) platforms leverage probabilistic statistical mode
美商务部“确保联网车辆信息和通信技术及服务供应链安全”的拟议规则
4 months ago
全文翻译
SBOM-a-Rama Fall 2024: Sonatype’s top 5 takeaways
4 months ago
Tuesday, September 24, 2024 Community Chats Webinars LibraryHomeCybersecurity News
Randall Munroe’s XKCD ‘Maslow’s Pyramid’
4 months ago
via the comic humor & dry wit of Randall Munroe, creator of XKCDPermalink*** Th
JVN: IDEC製プログラマブル表示器における複数の脆弱性
4 months ago
IDEC株式会社が提供するプログラマブル表示器には、図研エルミック社製TCP/IPスタックに起因する複数の脆弱性が存在します。
OpenAI 突然推送推送高级语音模式「Her」,又抢了谷歌风头
4 months ago
本周内就能用上类人的语音对话功能了。
华为三折叠手机「黄牛价」雪崩;OpenAI「Her」语音模式推出;日本政府推 AI 相亲系统 | 极客早知道
4 months ago
字节跳动将在全球范围内关闭 TikTok Music;华为发布了 26 万的智界 R7;中国将在月球上建无线网
威胁情报 | ADS 之殇,Confucius 组织利用 ADS 隐藏载荷攻击宗教相关人士
4 months ago
此类型攻击需提前关注,并加强防范。
Microsoft Pushes Governance, Sheds Unused Apps in Security Push
4 months ago
Microsoft executives said the IT giant has taken numerous steps as it bulks up the security of its
ADS 之殇,Confucius 组织利用 ADS 隐藏载荷攻击宗教相关人士
4 months ago
作者:知道创宇404高级威胁情报团队
时间:2024年9月25日
1.1 事件背景
近期,知道创宇404高级威胁情报团队在日常跟踪APT过程中发现了疑似Confucius组织针对某国宗教人士的攻击活动,攻击者通过宗教相关的诱饵诱使相关人员点击并加载最终的窃密木马。
此次攻击活动有如下特点:
首次发现利用NTFS文件系统ADS(备用数据流)进行载荷隐藏,隐蔽性较高。
利用windows系统文...