Aggregator

Hacking glibc for fun and profit!

最近表达式注入的漏洞较多，jrasp 目前已经支持spel/ognl 表达式的检测。

纲举目张，架构是纲，开发、运维、安全是目。心中随时有纲，就能不迷失方向。

Summary ***Updated July 29, 2022*** IBM X-Force is monitoring the disclosure of a vulnerability disclosed by Atlassian in its Questions for Confluence app that could allow a remote attacker to use known, hardcoded credentials to gain access and, possibly, control over the application. Other vulnerabilities were disclosed however, this is the most critical issue. Threat Type Vulnerability Overview ***Update #2, July 29, 2022*** Rapid7 has published a report detailing active exploitation of the aforementioned

2022年了，还有多少人在用 Win7？

1.热点事件：《美国托管服务提供商NetStandard遭黑客攻击》;2.勒索软件：《Lockbit勒索软件团伙攻击意大利税务局》;3.高级威胁：《透明部落以“清洁运动”为主题对印度国防部下属企业发起钓鱼攻击》

因为想玩游戏，开发了个系统

精彩内容即将开启

Ransomware actors became more fluid in Q2 2022 as attribution becomes harder, and fewer victims succumb to paying cyber criminals.

An increased adoption of APIs also increases the risk of API attacks. Read about how India has become a top global target for API attacks in 2022.

How password deny lists can help your users to make sensible password choices.

Why striving for better (rather than perfect) security will help more people stay safer online.

In a perfect world we'd use unique passwords for every online service. But the world isn't perfect...

Emma W on why supporting users to do the right things is better then telling them what to do.

Emma W discusses the question everyone keeps asking us.

Allow your website to accept pasted passwords - it makes your site more secure, not less.

Ian M discusses what makes a good password

Why the NCSC decided to advise against this long-established security guideline.