Aggregator

议题PPT可在先知社区官网查看～

第三届京麒CTF挑战赛已开启，5 月 24 日，我们在代码与攻防的战场等你，用技术证明：下一个网络安全之星，就是你！

第三届京麒CTF挑战赛已开启，5 月 24 日，我们在代码与攻防的战场等你，用技术证明：下一个网络安全之星，就是你！

快速浏览！2025.4.14—4.20安全动态周回顾。

生成式AI正以每分钟数万封AI生成的恶意邮件突破传统邮件防御体系。

APT29的战术和工具集不断发展，变得更加隐蔽和先进，需要多层防御和提高警惕来发现和阻止。

A vulnerability was found in RobotStats 1.0 and classified as critical. This issue affects the function formulaireRobot in the library admin/robots.lib.php. The manipulation of the argument robot leads to sql injection. The identification of this vulnerability is CVE-2014-9348. The attack may be initiated remotely. Furthermore, there is an exploit available.

Obfuscation Detection Obfuscation Detection is a Binary Ninja plugin to detect obfuscated code and interesting code constructs (e.g., state machines) in binaries. Given a binary, the plugin eases analysis by identifying code locations which might...

The post Obfuscation Detection: Detect obfuscated code and interesting code constructs appeared first on Penetration Testing Tools.

Хакер продавал пароли за копейки — светит ли ему теперь «скидка» на тюремный срок?

PSGumshoe PSGumshoe is a Windows PowerShell module for the collection of OS and domain artifacts for the purposes of performing live response, hunt, and forensics. The module focuses on being as forensically sound as...

The post PSGumshoe: Windows PowerShell module for the collection of OS and domain artifacts appeared first on Penetration Testing Tools.

燃烧化石燃料或森林产生的黑碳会加速世界各地冰层的融化。巴西前总统 Jair Bolsonaro 在 2019-2023 年任期内鼓励当地农民焚烧雨林，将森林变成耕地。根据巴西国家太空研究院的数据，2019 年亚马逊地区的森林砍伐率创 2008 年以来的最高水平，火灾热点超过 8.9 万个。研究人员通过分析卫星数据发现，焚烧亚马逊雨林产生的黑炭通过大气走廊降落南极，黑炭会吸收热量，因此会加剧冰的融化。由于焚烧森林，2019-2020 年期间输送的黑炭气溶胶两倍于 2018-2019 年，南极韦德尔海（Weddell Sea）的海冰融化面积同期从 1.3 万平方公里增加到 3.3 万平方公里。

Hawk Eye is an open-source tool that helps find sensitive data before it leaks. It runs from the command line and checks many types of storage for PII and secrets: passwords, API keys, and personal information. “Unlike most open-source tools that only scan cloud buckets for PII, this solution is designed for deep integration across your entire ecosystem. It supports 350+ file types (including videos, images, and documents), uses advanced OCR, and ensures complete data … More →

The post Hawk Eye: Open-source scanner uncovers secrets and PII across platforms appeared first on Help Net Security.

Случайный сбой обернулся глобальным IT-хаосом.

在当今世界政坛，俄罗斯总统普老板的安保体系堪称是各国元首安保中的佼佼者。这个由联邦保护局（FSO）及其下属总

2025年4月初，一位西装革履的俄罗斯商人悄然现身华盛顿，与特朗普政府要员密会。

A vulnerability classified as problematic has been found in OpenBB up to 1.0.6. This affects an unknown part. The manipulation leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2004-1965. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

29 мая в Москве состоится одна из крупнейших в России конференций, посвящённых СУБД Firebird.

Attackers are focusing more on stealing identities. Because of this, companies need to use zero trust principles. They should also verify user identities more carefully, says DirectDefense. Researchers analyzed thousands of alerts, mapping them to the MITRE ATT&CK framework, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Top five attack tactics Initial access: Initial access remains the most frequently-observed adversarial tactic, representing more than 27% of escalated alerts. In 2024, … More →

The post Cybercriminals blend AI and social engineering to bypass detection appeared first on Help Net Security.

Даже ИБ-специалисты сначала не поверили, что такое возможно.

A vulnerability classified as problematic was found in Original Texts Yandex WebMaster Plugin up to 1.18 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2023-46775. The attack can be initiated remotely. There is no exploit available.