在充满不确定性的大环境下,借用互联网前辈的话和朋友们一起共勉:“对现实保持隐忍,对未来怀有希望,在当下有所作为。” 加油,春天终究会回来。
在充满不确定性的大环境下,借用互联网前辈的话和朋友们一起共勉:“对现实保持隐忍,对未来怀有希望,在当下有所作为。”
加油,春天终究会回来。
Aggregator
SpringCloud Function SPEL漏洞分析 - admin-神风
2 years 9 months ago
一、漏洞概述 今早看到绿盟发的一条关于Spring Cloud的Function组件存在SPEL表达式漏洞,就借此机会深入分析一下Function组件漏洞的形成过程,从官网上看到的内容发现这是一个从请求头注入进SPEL表达式的RCE漏洞。 “由于Spring Cloud Function中Routi
admin-神风
【搬运】Momentum Cyber 2022 年网络安全年鉴中的主题
2 years 9 months ago
“期望您在安全战略上看到的大部分内容都是积极的和建设性的。在一个恐惧和消极情绪占主导地位的行业中,我们需要新的和不同的声音。任何批评都会有积极的意图。富有成效的话语推动行业向前发展。” by作者
云上攻防二三事(续)
2 years 9 months ago
本文是通过对近期国外TOP3云厂商已公开攻击方法的洞察分析后的阶段性总结提炼。
SpringCloud Function SPEL漏洞分析
2 years 9 months ago
昨日最新爆出的SpringCloud Function组件的Spel表达式注入漏洞。
containerd CVE-2022-23648: path traversal never die
2 years 9 months ago
Terenceli
Spring Cloud Function SpEL表达式注入
2 years 9 months ago
Spring Cloud Function SpEL表达式注入漏洞概述Spring Cloud Function 是基于Spring Boot 的函数计算框架(FaaS),该项目提供了一个通用的...
sky
Spring Cloud Function SpEL表达式注入
2 years 9 months ago
Spring Cloud Function SpEL表达式注入漏洞概述Spring Cloud Function 是基于Spring Boot 的函数计算框架(FaaS),该项目提供了一个通用的...
sky
How the Russian/Ukraine war may lead to an explosion in Ransomware attacks
2 years 9 months ago
The long term impact of sanctions on Russian unemployment has the potential
to increase the volume of future Ransomware attacks.
Bill Siegel
What?s New for Developers: March 2022
2 years 9 months ago
We have some excellent highlights this month. We?re excited to announce new videos, useful articles, an event recap, and much more.
Jessica Capuano Mora
Chrome Mojo组件的沙箱逃逸漏洞分析
2 years 9 months ago
该漏洞为chrom中存在的一个UAF漏洞,此漏洞存在于chromium的Mojo框架中,利用此漏洞可以导致chrome与基于chromium的浏览器沙箱逃逸
What's Driving Multi-Factor Authentication Adoption?
2 years 9 months ago
The need for businesses to deploy MFA for the protection of employee accounts has never been greater ? according to the latest Verizon Data Breach report, nearly 80% of data breaches involve the use of stolen or compromised employee credentials and brute force logins.
Jim Black
Zabbix与Jumpserver后渗透小记
2 years 9 months ago
来自两位友人的Zabbix与Jumpserver后渗透两则,送给大🔥。
Motivating developers to write secure code
2 years 9 months ago
The 'Motivating Jenny' project is helping to change the conversation about security in software development.
课程清单
2 years 9 months ago
完整的课程清单已附上,请查阅。
农夫安全开源计划
2 years 9 months ago
我们选择开源,希望给更多人一个平等的机会。
如何处理高并发工作状态
2 years 9 months ago
Social media: protecting what you publish
2 years 9 months ago
How to reduce the likelihood of unauthorised content appearing within your organisation's social media channels.
Multiple RCE Vulnerabilities in PTC Axeda Agent
2 years 9 months ago
Summary
Multiple vulnerabilities, seven in total and three of which are remotely exploitable to execute arbitrary code, have been reported in PTC's Axeda agent, and Axeda Desktop Server.
Threat Type
Vulnerability
Overview
Researchers from CyberMDX (now a Forescout company) have disclosed seven vulnerabilities in PTC's Axeda agent and Axeda Desktop Server. The Axeda products are used to remotely access and manage connected devices. They are used in the healthcare sector and other verticals such as financial
Multi-factor authentication for online services
2 years 9 months ago
Advice for organisations on implementing multi-factor authentication (or 2-step verification) to protect against password guessing and theft on online services.