Aggregator

主要新增了判断进程是否为 Workerman 进程的逻辑，从而优化了确定主进程是否存活的准确性。 发现问题 年前逛 GitHub 的时候，发现 Workerman 有一个 2017 年打开的 Issue：already r

目录: 一、APP加固背景 二、APP加固前世今生 三、整体框架 四、详细流程分析 五、总结 一、APP加固背景 1.1、概述 Android系统是基于Linux开发己具有其开放性、自由性的一种操作系统，现主要应用于移动设备，如手机、平板电脑和车载系统等。从2007年Google推出第一代Andro

Summary The FBI has issued a FLASH Alert (CP-000142-MW) regarding a recent increase of PYSA ransomware targeting education institutions in 12 U.S. states and the United Kingdom. Threat Type Malware, Phishing, Ransomware, Data-theft Overview The FBI has issued a FLASH (FBI Liaison Alert System) Alert (CP-000142-MW) regarding a recent increase of PYSA ransomware targeting education institutions in 12 U.S. states and the United Kingdom. The initial attack vector is often via phishing emails, but PYSA, also kno

3月14日，日本《朝日新闻》旗下电视台发布了一篇题为《地图上不存在的军用基地-逼近中国威胁“最前线”》独家视

移动APP越来越普及，大多业务己放到APP中完 成，带来的安全隐患也越来越突出，漏洞、APP破解、恶意代码植入、广告植入、病毒木马、支付篡改、数据爬取等安全问题。在发版前可通过对APP进行安全检测，加固APP可以提高安全性，解决大部分风险。

取证小知识102

记一次跌宕起伏的白盒审计到RCE~

There are many crypto mining malware variants infecting systems on the internet. On Friday, March 4, 2021, I noticed an interesting hit in my honeypot logs. The binary it captured stood out, as it was rather large at 4MB. I immediately thought it would be a crypto miner written in the Go language. I was correct. This one however, has some newer exploits it's using for proliferation.

The use of authentication factors, one of the most fundamental and well understood concepts in information security, enables secure access to applications, services, and networks. It can affect an enterprise's security posture, however, as the drastic increase in data breaches and system attacks are largely based on compromised authentication.

Today, Akamai announced Akamai MFA, a phish-proof multi-factor authentication (MFA) service for the workforce that delivers all of the security benefits of FIDO2 with the frictionless end-user experience of a mobile push on a smartphone. Why has Akamai introduced this new service?

On March 2, 2021, the Microsoft Security Response Center alerted its customers to several?critical security?updates to Microsoft Exchange Server, addressing vulnerabilities currently?under attack.

ok

It's been an interesting start to March in terms of public security incidents. This month kicked off with multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server. And, as if that wasn't enough, that attack was quickly followed by the news that a hacktivist

0x00 前言前段时间在看某个cms代码的时候，发现log4j组件版本存在漏洞，并且开启了端口，但web站点

Summary A new Linux backdoor has been discovered by Intezer and has been named RedXOR. It's likely to have been developed by Chinese nation-state actors. Threat Type Malware, Backdoor, RAT, APT Overview Intezer discovered a new, sophisticated backdoor targeting Linux systems. It's likely to have been developed by Chinese nation-state actors based on the TTPs observed. Intezer has named the backdoor RedXOR due to it's encoding scheme based on XOR. RedXOR masquerades itself as polkit daemon. Intezer compares

Summary SideWinder is an APT that targets South Asian government and military organizations with espionage campaigns, likely acting in Indian interests. DeepEnd Research reports on the most recent wave of activity from this threat group. Threat Type Malware, Phishing, Spyware, APT Overview DeepEnd Research published a blog post analyzing the most recent wave of SideWinder APT activity. This specific campaign appears to target government entities in Nepal. Their research began with the discovery of a server

Summary On March 8, 2021, all GitHub authenticated sessions were invalidated due to a rare security vulnerability. Microsoft-owned GitHub released a security update on its blog with information about the vulnerability and their subsequent actions taken. Threat Type Vulnerability Overview An extremely rare but serious vulnerability was found by GitHub on March 8 affected a small number of GitHub sessions. This comes on the heels of a March 2 incident in which anomalous traffic was observed for an authenticat

Summary Clast82 is a Android dropper spreading via the Google Play store and distributing the AlienBot banker and MRAT. Check Point reports on their analysis of this new dropper in a recent blog post. Threat Type Malware, Dropper, Banker, RAT Overview Check Point published a blog post analyzing a new dropper dubbed "Clast82." This dropper is bypassing the Google Play store defenses by ensuring that it does not drop any malicious payloads until after the Google Play Protect evaluation period is complete. Fir