【安全事件】某综合安防管理平台勒索事件分析
绿盟科技CERT监测并处置了多起针对海康威视综合安防管理平台的勒索攻击事件,攻击者利用文件上传漏洞上传Webshell获取系统权限,并执行勒索病毒对文件进行加密,加密文件后缀为locked1,同时生成勒索信息文件README2.html。
Aggregator
启明星辰发现手机基础库高危漏洞,小米公开致谢
1 year 3 months ago
不断增强攻防核心技术投入,为用户提供更好的安全保障。
新挑战新实践!千镜可信生态技术专场沙龙成功举办
1 year 3 months ago
携手共创安全生态
电诈及关联犯罪惩戒办法公开征求意见,奇安盘古:重拳严惩诈骗活动
1 year 3 months ago
11月13日,公安部官网发布关于《电信网络诈骗及其关联违法犯罪联合惩戒办法(征求意见稿)》(下称:《办法》)
一次物联网设备app的渗透测试经历
1 year 3 months ago
起因因租房遇到门禁卡绑定,需要下载app才能实现开门禁,本着想试试遇到了不能放过的精神开展了测试,测试目的是
Joern In RealWorld (3) - 致远OA A8 SSRF2RCE
1 year 3 months ago
这篇文章的漏洞源于下面这篇文章,文章中提到该漏洞影响A8, A8+, A6等多个版本,下面我们尽可能的复现漏洞和探索Joern的可能性
InfectedSlurs Botnet Spreads Mirai via Zero-Days
1 year 3 months ago
Akamai SIRT
Joern In RealWorld (3) - 致远OA A8 SSRF2RCE
1 year 3 months ago
致远OA是国内最有名的OA系统之一,这个OA封闭商业售卖再加上纷繁复杂的版本号加持下,致远OA拥有大量无法准确判断的版本。
这篇文章的漏洞源于下面这篇文章,文章中提到该漏洞影响A8, A8+, A6等多个版本,但很多版本我都找不到对应的源码,光A8就有一万个版本,下面我们尽可能的复现漏洞和探索Joern的可能性
LoRexxar
基于langchain使用百度Wenxin自然语言处理MySQL - sevck
1 year 3 months ago
昨天下午同事刚好发来langchain使用OPENAI 来自然语言处理sqlite https://youtu.be/Tubl4scsXc4?si=Y_zOIrbkZVtndNoP 刚好有时间可以测一测玩玩 博主github:https://github.com/clairelovesgravy/l
sevck
软件供应链危机:勒索潮涌,安全治理当务之急
1 year 3 months ago
2023年,约有 78% 的公司使用开源软件,90%的云平台以及区块链项目使用了开源组件进行构建。随着开源软件的广泛使用以及软件供应链安全治理困难,勒索组织有针对性的攻击关键供应商,进而勒索软件供应链下游拥有敏感数据、能够支付高额赎金的组织
Reactor Netty HTTP Server 目录遍历漏洞(CVE-2023-34062)
1 year 3 months ago
The LLM Misinformation Problem I Was Not Expecting
1 year 3 months ago
Kathleen Moriarty discusses an unexpected LLM misinformation problem: students incorporating non-vetted AI results into their assignments.
NetSupport RAT: The RAT King Returns
1 year 3 months ago
Authors: Alex Murillo, Alan Ngo, Abe Schneider, Fae Carlisle Contributors: Nikki Benoit Executive Summary For years, threat actors have been using legitimate software for illegitimate or malicious purposes. One such software is NetSupport Manager – a remote control application used for remote systems management. In recent years, however, threat actors have repurposed this software as … Continued
The post NetSupport RAT: The RAT King Returns appeared first on VMware Security Blog.
Alan Ngo, Abe Schneider and Fae Carlisle
Akamai EdgeWorkers and Uniform: Personalize Web Pages at Scale Without Flicker
1 year 3 months ago
Alex Shyba
失踪人口回归,推荐一本书
1 year 3 months ago
没时间打理没落的公众号,大家随便逛逛吧
NIST’s International Cybersecurity and Privacy Engagement Update – Trade Missions, Workshops, and Translations
1 year 3 months ago
Our Cybersecurity Awareness Month may have come to a close at the end of October — but the importance of enhancing cybersecurity and engaging with our international partners to enhance cybersecurity is at the forefront of our minds all year long. Here are some updates on our international work: Conversations have continued with our partners throughout the world on the update to the NIST Cybersecurity Framework (CSF) 2.0 , and NIST hosted its final workshop on September 19 and 20 with in-person and hybrid attendance featuring international participation (via both speakers and panelists). While
Amy Mahn
云安全风险情报(11.13-11.19)
1 year 3 months ago
本周,云上攻击保持高度的活跃状态,Confluence、GitLab相关漏洞热度持续霸占榜单,"Metabase 远程代码执行"和"Weblogic 未授权命令执行"漏洞新上热榜;在受攻击行业方面,技术服务、游戏、电商等行业持续霸占榜单
腾讯安全威胁情报中心推出2023年10月必修安全漏洞清单
1 year 3 months ago
必修漏洞,就是必须修复、不可拖延的高危漏洞。
科技引领创新,密码护航发展|纽创信安亮相第二十五届高交会
1 year 3 months ago
以“激发创新活力、提升发展质量”为主题的第二十五届中国国际高新技术成果交易会在深圳会展中心举行,纽创信安随商用密码展团首次亮相高交会。
OSSEC文档阅读学习实践
1 year 3 months ago
giantbranch