Aggregator

谈谈 Kubernetes 在多集群管理和一些应用场景中的局限性，大集群、联邦集群、应用分发、批处理调度和多租户等

展望RSA Conference 2021创新沙盒竞赛，在应用安全开发领域有Apiiro和WABBI两家公司入选，本文主要介绍这两家公司的特点。

Akamai has been named a Gartner Peer Insights Customers' Choice for Web Application Firewalls (for the second time).

在基础安全领域中，通过实体画像技术可以从多维度对检测对象进行描绘。这些描绘的成果将成为复杂安全检测，与复杂网络攻击调研的数据基础。

A nifty way for adversaries to acquire passwords during post-exploitation is to spoof credential dialogs and perform a local phishing attack. This means tricking a user on a compromised computer to enter their password. Unfortunately, users are conditioned to enter their credentials frequently and therefore don’t question random passwords prompts too much. Long, long time ago… but nothing has changed The idea to spoof a credential dialog is one of the most simple ideas one might come up with.

先粘一段来自 MDN 的解释： HTTP 消息是服务器和客户端之间交换数据的方式。有两种类型的消息︰ 请求（requests）--由客户端发送用来触发一个服务器上的动作；

最近 Google Chrome 浏览器被爆出存在远程代码执行漏洞（CNVD-2021-27989），攻击者只需要构造一个恶意的 html 页面诱导用户点击访问，就能实现对浏览器的远程代码执行攻击。

When paired with our new EdgeKV distributed key-value database, the Akamai EdgeWorkers serverless platform gives you the ability to do powerful things at the CDN level.

Summary Zscaler has identified a threat actor spreading malicious android apps via WhatsApp and SMS. The apps are specifically targeting JIO telecom users in India. Those targeted are tricked into thinking that TikTok is available again in India or that they are installing an app to register to receive a free Lenovo laptop, courtesy of the Government of India. Threat Type Malware, Phishing, Smishing Overview An unnamed threat actor has been identified as actively operating since as early as March 20, 2020.

Metasploit最新资讯！！新模块*4，功能更新*1，BUG修复*7~

Summary In its April 2021 security updates, Microsoft list 108 CVE numbered vulnerabilities in various Microsoft products. Of those, nineteen are rated as Critical, eighty-eight rated as Important, and one as Moderate. One of the vulnerabilities is reported to have been exploited in the wild. Six vulnerabilities in Microsoft's Chromium based browser, Edge, were addressed in a prior update. Microsoft rated these vulnerabilities as Unknown. Threat Type Vulnerability Overview In its April 2021 security updates

InScan 内网自动化横向渗透工具使用教程

Summary Adobe has released four security updates. The updates are for Photoshop, Digital Editions, Bridge, and RoboHelp. Three of the updates address at least one vulnerability rated by Adobe as Critical and one is rated Important. Threat Type Vulnerability Overview Adobe has released four security updates. The updates are for Photoshop, Digital Editions, Bridge, and RoboHelp. Three of the updates address at least one vulnerability rated by Adobe as Critical and one is rated Important. The potential impact

SolarWinds供应链攻击事件对美国造成非常大的影响，抛开多家科技巨头被入侵不说，就连美国国土安全部门的

这世界也许本来就是一个F(x)

Awesome-Forwarder开发实战~

2021年1月到2月，有黑客组织使用Microsoft Exchange邮件服务器软件中的0day漏洞利用链

How platform business models are at an increased risk of fraud when two or more separate parties collude.

Summary CVE-2021-28310 is a privilege escalation vulnerability in Windows' Desktop Window Manager. It was discovered by Kaspersky being used in-the-wild by BITTER APT. Threat Type Vulnerability, Exploit, APT Overview Kaspersky published a blog post detailing CVE-2021-28310, a zero-day vulnerability they discovered being exploited by BITTER APT. It is a privilege escalation vulnerability, and Kaspersky believes it was used in combination with other browser exploits. Since the full exploit chain wasn't captur

Summary SAP has released its April 2021 security patches for a variety of products. Each product and a link to details on the vulnerability are listed below. In all, 14 security notes were released. Of these, 1 is rated critical, 4 are rated high, 9 are rated as medium, and 5 are updates to previously released patches. The potential impact from successful exploitation of the most serious vulnerability is remote code execution. In addition, privilege escalation, accessing sensitive files, and other nefarious