创新实践:基于边缘智能+扣子的智能取物机器人解决方案
本文聚焦于机器人领域,详细介绍“少年先疯”队伍,基于火山引擎边缘智能及扣子,打造的家庭助老助残智能取物机器人解决方案。
Aggregator
弗吉尼亚大学 | FLASH:基于可信度图的证明式学习的综合入侵检测方法
9 months 2 weeks ago
该系统在节点级对APT攻击进行检测溯源
New Google Pixel AI feature analyzes phone conversations for scams
9 months 2 weeks ago
error code: 1106
N1CTF24 PHP Master Writeup
9 months 2 weeks ago
作者:m4p1e
原文链接:https://m4p1e.com/2024/11/12/n1ctf24-php-master/
0x01 介绍
在刚刚过去的N1CTF24上,我出了一道关于PHP的pwn题,其中涉及到的漏洞[1]是真实存在的,并且目前依然没有被修复。非常遗憾,期待的PHP master并没有出现在这次的比赛中,让我们期待下次的PHP rising star xd。在这篇文章中我...
Cybersecurity Education Needs a Team: Better Partner Up!
9 months 2 weeks ago
Here's How Schools, Certification Bodies, Boot Camps and Leaders Can Lend a Hand
Across the security landscape, partnerships are becoming a cornerstone in developing agile, prepared professionals who can not only react to threats but anticipate and neutralize them. Here's how universities, certification bodies, boot camps and industry leaders can drive the industry forward.
Across the security landscape, partnerships are becoming a cornerstone in developing agile, prepared professionals who can not only react to threats but anticipate and neutralize them. Here's how universities, certification bodies, boot camps and industry leaders can drive the industry forward.
Feds Warn of Godzilla Webshell Threats to Health Sector
9 months 2 weeks ago
Stealthy Backdoor Publicly Available on GitHub Can Be Weaponized for Larger Attacks
Godzilla webshell, a Chinese-language backdoor known for its stealth and ability to execute commands and manipulate files, is publicly available on GitHub, and federal authorities have issued a stern warning to the healthcare sector to prepare for this threat and inevitable cyberattacks.
Godzilla webshell, a Chinese-language backdoor known for its stealth and ability to execute commands and manipulate files, is publicly available on GitHub, and federal authorities have issued a stern warning to the healthcare sector to prepare for this threat and inevitable cyberattacks.
Schneider Electric Warns of Critical Modicon Flaws
9 months 2 weeks ago
Multiple Critical Vulnerabilities Expose Industrial Control Risks
French multinational Schneider Electric disclosed critical vulnerabilities in its Modicon M340, Momentum and MC80 programmable automation controllers. The vulnerabilities could allow unauthorized access, data manipulation and system interruptions.
French multinational Schneider Electric disclosed critical vulnerabilities in its Modicon M340, Momentum and MC80 programmable automation controllers. The vulnerabilities could allow unauthorized access, data manipulation and system interruptions.
US Prosecutors Charge Hackers in Snowflake Data Theft
9 months 2 weeks ago
DOJ Accuses Alleged Hackers of Stealing Terabytes of Data From Snowflake Victims
The Justice Department unsealed an indictment against alleged hackers Connor Moucka and John Binns, accusing them of stealing data from the cloud platform Snowflake, extorting millions in bitcoin and stealing sensitive personal information from over 165 organizations and millions of individuals.
The Justice Department unsealed an indictment against alleged hackers Connor Moucka and John Binns, accusing them of stealing data from the cloud platform Snowflake, extorting millions in bitcoin and stealing sensitive personal information from over 165 organizations and millions of individuals.
1Password’s New Co-CEO Model to Drive Growth, Security Focus
9 months 2 weeks ago
CEOs Jeff Shiner, David Faugno Eye Extended Access Management, Enterprise Scale
With a new co-CEO model, 1Password's Jeff Shiner and David Faugno align product and operational leadership to build on the extended access management platform. Focusing on global partnerships and expansion, the company targets enhanced security for diverse workplace environments.
With a new co-CEO model, 1Password's Jeff Shiner and David Faugno align product and operational leadership to build on the extended access management platform. Focusing on global partnerships and expansion, the company targets enhanced security for diverse workplace environments.
Randall Munroe’s XKCD ‘Number Shortage’
9 months 2 weeks ago
via the c
Safer with Google: New intelligent, real-time protections on Android to keep you safe
9 months 2 weeks ago
Security Blog The latest news and insights from Google on security a
Go — ing Rogue: The Malware Development Odyssey (Part III)
9 months 2 weeks ago
Privilege Escalation Techniques for Ethical Hackers
9 months 2 weeks ago
Mend.io is a Strong Performer in the Forrester Wave™ Software Composition Analysis, Q4 2024
9 months 2 weeks ago
It should be no surprise that the world runs on open source software. According to the latest Fo
Mobile Application Penetration Testing Checklist
9 months 2 weeks ago
五眼联盟警告,零日漏洞利用正在成为“新常态”
9 months 2 weeks ago
11月12日,五眼联盟(美国、英国、澳大利亚、加拿大和新西兰)网络安全机构报告称,黑客越来越多地利用零日漏洞访问目标网络。 与过去相比,当前的安全威胁或关注点可能已经发生了变化。2022年和2021年发布的类似警告称,恶意网络行为者更频繁地利用旧软件漏洞,现在可能更关注新披露的漏洞。 在联合咨询报告中,机构列出了2023年最常被利用的15个漏洞,其中CVE-2023-3519(影响Citrix网络产品NetScalers的问题)被最广泛地使用。 NetScalers漏洞被修补时的报告称,攻击者利用漏洞,以自动化的方式破坏了数千个设备,放置了webshells以获得持续访问权限。 其他被广泛利用的漏洞包括影响思科路由器的关键漏洞,影响Fortinet VPN设备的漏洞,以及一个影响MOVEit文件传输工具的漏洞,该漏洞被Clop勒索软件团伙广泛利用。 报告指出,自美国网络安全和基础设施安全局(CISA)及其合作伙伴开始共享这份年度列表以来,其中大多数漏洞最初都是作为零日漏洞被利用。 尽管咨询报告只涵盖了去年的情况,但根据英国国家网络安全中心(NCSC)的说法,零日漏洞利用的趋势已经延续到2024年,标志着“与2022年相比发生了转变,当时列表只有不到一半作为零日漏洞被利用。” NCSC首席技术官Ollie Whitehouse警告说:“常规化的零日漏洞初始利用代表了新常态,恶意行为者寻求渗透网络,这应该引起最终用户组织和供应商的关注,。” “为了降低被入侵的风险,所有组织都必须通过及时应用补丁,并在技术市场上使用安全设计产品来保持领先地位。”Whitehouse说。 转自E安全,原文链接:https://mp.weixin.qq.com/s/sZGhRNMcdMxRXisqxWnlFg 封面来源于网络,如有侵权请联系删除
内容转载
黑客声称近 5 亿 Instagram 用户的数据被抓取
9 months 2 weeks ago
据Cyber News消息,11 月 10 日,一名黑客在某黑客论坛上列出了一个待售数据集,声称它包含 4.89 亿 Instagram 用户数据。 Instagram 每月有超过 20 亿活跃用户,意味着如果这些数据被证明是真实的,将影响将近四分之一的用户。 黑客分享了 100 多条数据样本,包括用户名、姓名 、电子邮件等。虽然黑客者声称这些数据是 “新收集的”,但在黑客论坛上分享的数据的有效性通常值得怀疑。 据 Cybernews 研究人员称,数据样本中共享的 Instagram 配置文件似乎是真实的。 抓取的数据样本 数据集样本中的电子邮件地址并不存在于以前泄露事件的数据集中,可能意味着数据确实是新的,但也可能是故意伪造的。 至于这些数据是通过何种方式获取,研究人员称如果黑客的行为可信,并且通过抓取公共 API 获取数据,则意味着私有 Instagram API 已向公众暴露,或者其公共 API 受到了对象属性级授权(Broken Object Property Level Authorization)的攻击。 Cybernews 已联系 Instagram 的母公司 Meta 寻求置评,但尚未收到回复。 虽然数据抓取处于法律灰色地带,但根据 Meta 的政策,未经公司许可,使用自动化获取数据违反了其条款。Meta 的网站声称有一个专门的外部数据滥用 (EDM) 团队,专注于检测和阻止抓取。 据说该团队还通过与威胁情报研究人员合作,并与有实力的托管供应商一起防止抓取的数据集在在线论坛上共享。 转自Freebuf,原文链接:https://www.freebuf.com/news/415153.html 封面来源于网络,如有侵权请联系删除
内容转载
MSI Analyzer: Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers
9 months 2 weeks ago
MSI Analyzer This Python script for Linux can analyze Microsoft Windows *.msi Installer files and point out potential vulnerabilities. It was developed by Michael Baer (@derbaer0) in the SEC Consult Vulnerability Lab. Currently, it...
The post MSI Analyzer: Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers appeared first on Penetration Testing Tools.
ddos
volatility 3: The volatile memory extraction framework
9 months 2 weeks ago
Volatility 3: The volatile memory extraction framework Volatility is the world’s most widely used framework for extracting digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system...
The post volatility 3: The volatile memory extraction framework appeared first on Penetration Testing Tools.
ddos
OWASP Nettacker: Automated Penetration Testing Framework
9 months 2 weeks ago
OWASP Nettacker project is created to automate information gathering, vulnerability scanning, and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP,...
The post OWASP Nettacker: Automated Penetration Testing Framework appeared first on Penetration Testing Tools.
ddos