常态期讨口子1: Smartbi windowUnloading 绕过分析
这段常态化时期,每天都整理和学习历年能打穿的漏洞,本文转载自https://exp.ci/2023/07/03/Smartbi-windowUnloading%20%E7%BB%95%E8%BF%87%E5%88%86%E6%9E%90/
Aggregator
PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing
3 months 2 weeks ago
A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes.
"Serverless architectures are attractive to developers and enterprises for their flexibility, cost effectiveness, and ease of use," Google
The Hacker News
专题·漏洞治理 | 强化全闭环漏洞管理,让安全漏洞无处遁形
3 months 2 weeks ago
在当今数字化浪潮席卷全球的背景下,随着信息技术的迅猛发展,网络安全问题日益凸显。漏洞作为网络攻击的主要入口,成为一种潜在的安全隐患,一旦被恶意行为者利用,可能导致数据泄露、系统瘫痪等严重后果,对网络安全构成严重威胁。
From Pandemics to Pedicures: NIST Rebuilds World-Class UV Calibration System
3 months 2 weeks ago
UV detectors need to be carefully calibrated to ensure that the UV light used is both safe and effective.
Sarah Henderson
NIST Announces Funding Opportunity for AI-Focused Manufacturing USA Institute
3 months 2 weeks ago
The deadline for submitting concept papers during the first stage of the application process is Sept. 30, 2024.
Sarah Henderson
免费在线AI抠图大全,一键抠图去背景工具更新
3 months 2 weeks ago
以下均为免费、无需登录的抠图工具。 浏览器在线抠图 AI 抠图应用 https://kt.94xy.com 鲜艺 AI 抠图,基于 RMBG 的免费的桌面端 A […]
root
How to Set up an Automated SMS Analysis Service with AI in Tines
3 months 2 weeks ago
The opportunities to use AI in workflow automation are many and varied, but one of the simplest ways to use AI to save time and enhance your organization’s security posture is by building an automated SMS analysis service.
Workflow automation platform Tines provides a good example of how to do it. The vendor recently released their first native AI features, and security teams have already
The Hacker News
404星链计划 | 一大波项目版本更新
3 months 2 weeks ago
知道创宇404实验室星链计划月度更新。
MSPs & MSSPs: How to Increase Engagement with Your Cybersecurity Clients Through vCISO Reporting
3 months 2 weeks ago
As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, “Your First 100 Days as a vCISO – 5 Steps to Success”, which covers all the phases entailed in launching a successful vCISO engagement, along with recommended
The Hacker News
Falcon Sensor 在数周前导致 Linux 内核崩溃 恢复工具已推出
3 months 2 weeks ago
微软已推出恢复工具
Cellebrite在40分钟内破解特朗普枪手的三星手机
3 months 2 weeks ago
手机厂商和取证工具厂商之间的隐私博弈仍在持续
超越永恒之蓝!Crowdstrike“蓝屏风暴”瘫痪全球近千万台设备
3 months 2 weeks ago
神漏洞!远程篡改红绿灯时间,制造交通堵塞事故
3 months 2 weeks ago
研究员已发现数十个公网暴露的交通信号灯
2024年6月及Q2奖励公告
3 months 2 weeks ago
2024年6月及Q2奖励公告2024年6月共有19位白帽师傅来到OSRC挖出有效漏洞具体名单如下:注:根据OS
【手表众测招募啦!】单个漏洞最高奖励可达6w,还有机会免费赢得一加手表!
3 months 2 weeks ago
心动不如行动,文末有福利哦~
上周关注度较高的产品安全漏洞(20240715-20240721)
3 months 2 weeks ago
Microsoft Windows Secure Boot安全功能绕过漏洞(CNVD-2024-32545)
CNVD漏洞周报2024年第29期
3 months 2 weeks ago
2024年07月15日-2024年07月21日本周漏洞态势研判情况本周信息安全漏洞威胁整体评价级别为中。
安全热点周报:本周新增四个在野利用漏洞,Magento、SolarWinds等企业级应用受波及
3 months 2 weeks ago
安全资讯导视 • Crowdstrike更新导致全球近千万台Windows蓝屏死机• 重大事故!
搭建 FortiGate 调试环境 (二)
3 months 2 weeks ago
作者:CataLpa
原文链接:搭建 FortiGate 调试环境 (二)
1 新的验证逻辑
我们在之前的文章中介绍了如何向 FortiGate 中植入后门并获取 SHELL 方便调试,在新版本中,开发者添加了多种系统完整性验证逻辑,并且加密了 rootfs.gz 文件,旧的方法失效,在本篇文章中,提供一种相对简单的方法,实现向新版本 FortiGate 中添加后门并获取 SHELL 权...
资料下载 | 蓝屏死机事件分析报告、2024上半年互联网黑灰产报告
3 months 2 weeks ago
·政策
《北京市加快数字人才培育支撑数字经济发展实施方案(2024-2026年)》
·报告
《2024年上半年互联网黑灰产研究报告》
《CrowdStrike导致大规模系统崩溃事件的技术分析》