Aggregator

基于深度学习（TextCNN&XGBoost stacking融合）对恶意软件的检测算法设计与实现

SpringMVC的URI解析和权限绕过

某web应用远程代码执行漏洞-反序列化分析

基于JavaSecLab 一款综合Java漏洞平台的学习思考（一）

Provision Emphasizes Existing Medicare Regs for Equitable Access to Health Services
The Centers for Medicare and Medicaid Services has issued proposed "guard rails" to help ensure that the use of artificial intelligence for Medicare Advantage insurance plans does not result in inequitable access to healthcare-related services. The proposed rule will go into effect in 2026.

Threat Actor Uses the Trojan as an Infostealer
A threat actor is targeting Taiwanese companies using phishing emails and long-standing vulnerabilities to deliver SmokeLoader malware. The threat actor uses plugins for the infamous malware to directly attack systems rather than using SmokeLoader, as its name suggests, as a loader for other malware.

Experts Warn China's Tech Rise Could Reshape Global Cybersecurity and Warfare
China has surged past the United States in critical technology research, according to a recent report published by the Australian Strategic Policy Institute, as experts warn the shift could have profound global implications, including risks to U.S. cybersecurity, innovation and global leadership.

Firm Focuses on Runtime Context, AI Enhancements to Counter Evolving Cloud Threats
With $100 million in Series A funding, Upwind plans to enhance its runtime and AI-powered cloud security platform. CEO Amiram Shachar outlines the company's investments in engineering, customer engagement and scaling solutions to address vulnerabilities such as misconfigurations and insecure APIs.

In this Help Net Security video, Sean Tufts, managing partner for critical infrastructure and operational technology at Optiv, discusses best practices for keeping businesses secure amidst a barrage of threats during the holiday season. Pause large changes in your security stack: IT and security changes that may not have been fully tested can create vulnerabilities. So, while it might be tempting to rush things out the door to achieve a clean slate going into the … More →

The post Best practices for staying cyber secure during the holidays appeared first on Help Net Security.

<p>Like most red teamers, I spend quite a lot of time looking for novel vulnerabilities that could be used for initial access or lateral movement. Recently, my focus has been on deserialization vulnerabilities in .NET…</p>

Breaking Down Adversarial Machine Learning Attacks Through Red Team Challenges

A vulnerability, which was classified as critical, was found in Python up to 3.2.2149. Affected is the function socket.recvfrom_into. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2014-1912. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Former Polish spy chief arrested to testify before parliament in spyware probe

Application Security Engineer TE Connectivity | USA | Remote – View job details As an Application Security Engineer, you will design, develop, and implement a robust Application Security program. Create and maintain application security policies, standards, and procedures. Participate in the incident response process, focusing on application-related security incidents. Investigate and analyze security breaches and provide actionable recommendations to prevent recurrence. Cryptography engineer Leonar | France | On-site – View job details As a Cryptography … More →

The post Cybersecurity jobs available right now: December 3, 2024 appeared first on Help Net Security.

UL NO. 460: CISA Exploded, The Chinese Telco Hack, Two Meta-skills

Mozilla really wants you to set Firefox as default Windows browser

Bridging Geometry and Deep Learning: Key Developments in SPD and Grassmann Networks

如何打造爆款 AI 硬件？看创新大会 2025 就够了！

看懂 2025 年科技趋势，就在极客公园创新大会！12.14-12.15，不见不散！

Clutch Security的研究人员进行了一项测试，以查看这种情况发生的速度有多快。