Aggregator

在当今数字化的环境中，漏洞管理是网络安全的一大挑战。要有效地进行漏洞管理，必须综合考虑漏洞的复杂性、多样性、不断演变的特点以及修复可能产生的影响等因素。

专家分析师团队支撑IOC问题反馈！

拓界科技—具备侦察思维的综合电子数据取证厂商

Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January. Industrial cybersecurity firm Dragos has dubbed the malware FrostyGoop, describing it as the first malware strain to directly use Modbus TCP

实时掌握，安全有我

The initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the practice of sharing temporary first-day passwords, which can expose organizations to security risks. Traditionally, IT departments have been cornered into either sharing passwords in plain text via email or SMS, or arranging in-person meetings to verbally communicate these

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento e-commerce site's checkout page, allowed the malware to survive multiple cleanup attempts, the company said. The skimmer is designed to capture all the data into the credit card form on the

速修复

15年前的一项协议成了背锅侠

利用该漏洞需要多步交互和授权

译者：知道创宇404实验室翻译组 原文链接：Weaponizing Chrome CVE-2023-2033 for RCE in Electron: Some Assembly Required 1 背景 我在一个应用程序的核心功能中，发现了一基于 React createElement 的 XSS 漏洞。该应用程序是一个包含桌面应用程序的漏洞赏金项目，我希望将此漏洞升级为在桌面应用...

介绍数据流通安全发展现状，提出数据流通安全标准体系框架。

如果攻击方已经进入内网，终端失陷，防守方还能怎么办？

Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its "pay or consent" advertising model or risk-facing enforcement measures, including sanctions. The European Commission said the Consumer Protection Cooperation (CPC) Network has notified the social media giant that the model adopted for Facebook and Instagram might potentially violate

以下内容，均摘自于互联网，由于传播，利用此文所提供的信息而造成的任何直接或间接的后果和损失，均由使用者本人负责，雷神众测以及文章作者不承担任何责任。

The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign that targeted a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which was previously observed targeting various government entities to gather sensitive information using

ESET researchers have discovered threats abusing the success of the Hamster Kombat clicker game