Aggregator

Critical Nagios Vulnerabilities

3 years 3 months ago

Summary Researchers at Claroty discovered 11 vulnerabilities in NagiosXI that, in combination, could be used to take over network infrastructure remotely. Updates to NagiosXI have been released to address the issues. Overview Eleven vulnerabilities in NagiosXI were discovered and disclosed by researchers at Claroty. These include remote code execution (RCE), server-side request forgery (SSRF), SQL injection, local privilege escalation (LPE), local file inclusion, open redirect, and path traversal vulnerabil

Akamai Named a Gartner Magic Quadrant Leader for Web Application and API Protection

The Akamai Blog

3 years 3 months ago

This week, Gartner released its new 2021 Magic Quadrant for Web Application and API Protection (WAAP) report, which replaces the Magic Quadrant for Web Application Firewalls (WAF) report, and Akamai has been named a Leader. Akamai was named a Leader in the four previous WAF Magic Quadrants.

Akamai

CTF | 2021 第五空间网络安全大赛线上赛 Misc WriteUp

MiaoTony's小窝

3 years 3 months ago

上课和搬砖的闲暇时间摸鱼打了个第五空间网络安全大赛，也就随意看了看Misc题。

MiaoTony

Autodiscovering the Great Leak

The Akamai Blog

3 years 3 months ago

See the most recent research from Amit Serper on a vulnerability in Autodiscover from Microsoft Outlook that affects credential leaks.

Amit Serper

零信任体系基础

Red0

3 years 3 months ago

Protecting Critical Systems with Isolation and Jump Boxes

F5 Labs

3 years 3 months ago

Managing hardened systems without exposing them to unwanted attack vectors is difficult. Jump boxes are one way to do it—learn why and how.

What Is a TCP Three-Way Handshake?

The Akamai Blog

3 years 3 months ago

The TCP three-way handshake is one of the critical building blocks of the internet. It facilitates the smooth and consistent flow of information across and among different networks without compromising security.

Akamai

为 CodeQL 自定义规则编写测试文件

RedTeam

3 years 3 months ago

本文主要介绍如何为自定义的 CodeQL 规则创建测试文件，以及如何使用 test run 子命令执行测试。

为 CodeQL 自定义规则编写测试文件

童话

3 years 3 months ago

为 CodeQL 自定义查询规则编写测试

TonghuaRoot

浅析DevOps中结合IAST的落地介绍 - admin-神风

admin-神风

3 years 3 months ago

前言这篇博客打算重点介绍一下IAST相关的内容，以及IAST如何在DevSecOps中的CI/CD中的结合。做一期大杂烩，同时也是对我这半年多来的实习一次技术总结。大致需要了解的内容为： CI/CD的介绍 DevOps的介绍 IAST的介绍在Jenkins流水线引入IAST CI/CD的介绍

admin-神风

警钟长鸣，勿忘国耻，吾辈自强

ChaBug

3 years 3 months ago

Web应用组件自动化发现的探索

腾讯安全响应中心

3 years 3 months ago

另一种方式的指纹识别

DDoS Chart Toppers?BPS, PPS and RPS Greatest Hits

The Akamai Blog

3 years 3 months ago

New to the scene, monster-sized botnet M?ris is raising some eyebrows with giant requests per second (rps) attacks as shared by Cloudflare (17.2M rps, reported August 19), Yandex (peaking at 21.8M rps on September 5), and KrebsOnSecurity (2M rps on September 9). Some commentary came in on Slashdot, The Record, and The Hacker News.

Tom Emmons

美团外买APP设备指纹风控分析一(初始化)

矛和盾的故事

3 years 3 months ago

设备指纹技术是使用更多的信息来完成对终端设备的唯一性识别，在业务中可以有效辨别设备是真实用户还是机器在注册、登录，及时检测出单设备登入多帐号、防止批量注册、登录等操作行为。

Learn How Akamai Enables AI Powered Analytics Tools to Reduce Water Losses

The Akamai Blog

3 years 3 months ago

The Accelerator Program, a flagship initiative of Akamai India?s Corporate Social Responsibility Trust, enables early-stage innovations for water conservation. Over the past two years, along with our mentoring partner, the International Center for Clean Water (ICCW; an initiative of the Indian Institute of Technology Madras), we onboarded two social innovators as Cohort 1 grantees: Ashoka Trust for Research in Ecology and the Environment and Foundation for Environmental Monitoring, and two social innovators as Cohort 2 grantees, SmartTerra and Jaljeevika.

Sushma Shashidhara

Kinsing evolves, adds Windows to attack list

The Akamai Blog

3 years 3 months ago

The campaign was first seen by the Akamai SIRT on February 16, 2021, and appears to be targeting both Windows and Linux systems. The botnet caught our interest because it has shown to be highly active across a diverse set of geographical regions, including the Americas, Europe, and Asia.

Evyatar Saias

Capoae Malware Ramps Up: Uses Multiple Vulnerabilities and Tactics to Spread

The Akamai Blog

3 years 3 months ago

Recently, there has been a plethora of UPX packed crypto-mining malware written in Golang targeting Linux systems and web applications popping up in the news. The malware?s primary tactic is to spread by taking advantage of vulnerable systems and weak administrative credentials. Once they?ve been infected, these systems are then used to mine cryptocurrency. I?ve named the sample I examined for this post ?Capoae,? based on the code?s output to my terminal.

Larry Cashdollar

【公告】请移步 Red0 安全团队公众号

天黑说嘿话

3 years 3 months ago

本公众号为个人安全技术分享号，已运营近4年时间，期间感谢大家的持续关注！近期，由于个人工作繁忙

VirusTotal APK 病毒检测统计 2021-08

Trustlook

3 years 3 months ago

VirusTotal (简称 VT), 是谷歌旗下一家免费提供可疑文件扫描服务的网站. VT 上有超过50家反病毒引擎提供实时扫描服务. 我们每天收集用户上传到 VT 的 APK 样本以及各家引擎的扫描结果, 并通过保守的策略筛选出数万的良性和恶意样本, 然后统计各家引擎的病毒检测结果.

每天, 我们会生成一个包含各家检测数据的 CSV 文件. 文件中会列出样本的 MD5 哈希值, 标签 (0 标示良性样本, 1 标示恶意样本), 以及各家的检测结果 (0 表示检测为良性样本, 1 表示检测为恶意样本). 每个月的 CSV 文件会被打包并上传到亚马逊 AWS S3. 有兴趣的读者可以下载检验各家杀毒引擎的检测结果.

以下为检测结果的下载链接:

https://virustotal-results.s3-us-west-1.amazonaws.com/VirusTotal_Results_20210801_20210831.zip

下面的表格列出了各家杀毒引擎的统计结果, 其中各列的含义如下:

Vendor

Lifan Xu

VirusTotal APK Malware Detection Data 2021-08

Trustlook

3 years 3 months ago

At Trustlook, we monitor live feed from VirusTotal (VT). On a daily basis, we collect APK samples from VT along with detection results from Anti-Virus (AV) vendors hosted on VT. Using a conservative labeling policy, we are able to select thousands of benign and malicious APK samples from millions of

Lifan Xu

Aggregator

Managed ad