Aggregator

当地时间4月27日，美国华盛顿特区大都会警察局发布声明表示，其内部系统遭到黑客入侵，部分数据文件被窃，并且黑

Summary Google has released an update to its Chrome web browser for Windows, Mac, and Linux that provides fixes for nine vulnerabilities. Of the seven CVE-numbered vulnerabilities noted in the advisory, Google has three of them rated as High, three as Medium, and one as Low. Threat Type Vulnerability Overview Google has released an update, version 90.0.4430.93, to its Chrome web browser for Windows, Mac, and Linux that provides fixes for nine vulnerabilities. Of the seven CVE-numbered vulnerabilities noted

中央网信办、工信部、公安部及市场监管总局四部门联合发布了《关于开展App违法违规收集使用个人信息专项治理的公告》，预示着我国在APP隐私层面的治理进入了一个新的高度，期间部分APP采集隐私数据受到了严重处罚。用户权益保护越来越被重视。

Ransomware attacks continued to proliferate in Q1 2021 as several common but unpatched software vulnerabilities created a fresh supply of compromised network access to ransomware affiliates.

本篇文章将分享如何通过MCU的调试接口提取固件

据华盛顿邮报和美联社报道，隶属于美国国防部的一个部门Defense Digita

reference: https://ray-cp.github.io/archivers/qemu-pwn- […]

背景软件供应链（Software Supply Chain）指的是软件从软件供应商到用户使用的整个过程中，从设计软件、编写代码到生成软件的开发环节，再到分发软件和用户下载的交付环节，最终到用户使...

（本文比较偏产品，不涉及技术细节）上一篇文章说到，企业安全建设后期都会有各种各样的平台，比如 WAF、HIDS、SOC、SIEM、SOAR、SDL 等，在大部分互联网公司里，这些平台都是独立的，...

开个新坑，写一些企业安全建设的经验和想法。网络上安全相关的文章，最多的是攻防类的，涉及企业安全建设的基本都是《一个人的安全部》系列，里面往往列举一堆安全工具和服务。对于处于安全建设初期的企业来说...

Summary A Security Advisory for Drupal, SA-CORE-2021-002, addresses a vulnerability rated by Drupal as Critical. Threat Type Vulnerability Overview The Drupal security advisory, SA-CORE-2021-002, addresses a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. The vulnerability is caused by a failure to properly sanitize input. The vulnerability has been rated as Critical by Drupal. No CVE number has been provided for the vulnerability. The vulnerabili

Summary The ICS-CERT has published two advisories that affect Horner Automation Cscape and Mitsubishi Electric GOT. Threat Type Vulnerability Overview The ICS-CERT has published two advisories that affect Horner Automation Cscape and Mitsubishi Electric GOT. Further information is available from the advisories which are summarized below. ICS Advisory ICSA-21-112-01 - Horner Automation Cscape CVE-2021-22678 - The affected application lacks proper validation of user-supplied data when parsing project files. T

水一下，嫖了西湖论剑的一个展位，讲解什么的，Mr6是主力，我打打杂。本来想做一批贴纸的，月亮师傅加班加点都设计出来了，可惜时间太紧了，没印，所以提前发出来让大伙瞅瞅。以后有机会再着手印一批周边。

该文被密码保护。

Summary Cisco has published five Security Advisories, all of which apply to Cisco's SD-WAN vManage software. The advisories are rated as Medium. Threat Type Vulnerability Overview Cisco has published five Security Advisories, all of which apply to Cisco's SD-WAN vManage software. The advisories are rated as Medium. For all advisories listed below, it is noted that Cisco's Product Security Incident Response Team (PSIRT) is "not aware of any public announcements or malicious use of the vulnerabilities" that a

Summary The ICS-CERT has published seven advisories that affect Hitachi ABB Power Grids Ellipse APM, Rockwell Automation Stratix Switches, Delta Industrial Automation COMMGR, Delta Electronics CNCSoft ScreenEditor and CNCSoft-B, Eaton Intelligent Power Manager, and Siemens Mendix. Threat Type Vulnerability Overview The ICS-CERT has published seven advisories that affect Hitachi ABB Power Grids Ellipse APM, Rockwell Automation Stratix Switches, Delta Industrial Automation COMMGR, Delta Electronics CNCSoft Sc

0x00 前言

CVE-2020-0796(Windows SMBv3 Client/Server Remote