Aggregator
Chrome Browser Update - May 10 2021
3 years 7 months ago
Summary
Google has released an update to its Chrome web browser for Windows, Mac, and Linux that provides fixes for nineteen vulnerabilities. Of the fifteen CVE-numbered vulnerabilities noted in the advisory, Google has rated thirteen of them as High, and two as Medium.
Threat Type
Vulnerability
Overview
Google has released an update, version 90.0.4430.212, to its Chrome web browser for Windows, Mac, and Linux that provides fixes for nineteen vulnerabilities. Of the fifteen CVE-numbered vulnerabilities note
Why Developers Are Writing Apps on Our Edge Platform
3 years 7 months ago
A lot of companies talk about edge computing today, but at Akamai, we've been doing it for more than 20 years.
Tom Leighton
DarkSide Malware Profile
3 years 7 months ago
The following report provides X-Force Threat Intelligence's analysis of the DarkSide ransomware family based on publicly available samples.
Summary
DarkSide, like other ransomware used in targeted attacks, encrypts user data in compromised computers. Recent variants of DarkSide ransomware enumerates various system properties of the victim and beacons them in an encoded POST request to its C2 address. DarkSide also executes an encoded PowerShell command to delete volume shadow copies. It deletes several s
Colonial Pipeline Falls Victim to Attack
3 years 7 months ago
Summary
A top U.S. fuel pipeline company has suffered a cyber attack that has forced them to halt operations. Several news sources and the company itself have confirmed the attack.
Threat Type
Cyber Attack
Overview
** Update May 10 - 8:50 AM**
The most recent reporting indicates that the attack likely involved DarkSide, a ransomware-as-a-service (RaaS) affiliate operation. DarkSide posted the following statement to their leak site following the attack:
We are apolitical, we do not participate in geopolitics
CodeQL学习——导航调用图 - bamb00
3 years 7 months ago
CodeQL具有用于标识调用其他代码,以及可以被任意位置调用的代码的类。通过这个类你可以找到从未使用过的方法。 调用图类 CodeQL的Java库提供了两个抽象类来表示程序的调用图:Callable和Call。前者是Method和Constructor的公共超类,后者是MethodAccess,Cl
bamb00
计算的未来30年:2050大会分享实录
3 years 7 months ago
4.24日,我在云栖小镇的「2050大会」上的meetup环节,和一些参与团聚的朋友重点分享了我对于「计算的未来」的观点。恰巧有参与团聚的朋友全程录像和录音了,也因此得以整理成这份文字。
Active Cyber Defence (ACD) - the fourth year
3 years 7 months ago
The year four report covers 2020 and aims to highlight the achievements and efforts made by the Active Cyber Defence programme.
开源信息收集周报#74
3 years 7 months ago
今天,你学习了吗~
连载:演化的高级威胁治理(一)
3 years 7 months ago
序言系统性地接触、思考、规划“高级威胁治理”始于2014年,我的老东家趋势科技在大洋彼岸和FireEye激战正酣,拼沙箱、0 Day、网络检测、邮件检测、威胁情报和安全专家,我开始负责中国区高级威胁治理战略规划,有幸接触和了解这部分新兴领域
Metasploit最新资讯
3 years 7 months ago
Metasploit最新资讯!!新模块*6,功能更新*6,BUG修复*4~
CodeQL学习——java程序抽象语法树 - bamb00
3 years 7 months ago
声明类 下述表格列出了所有Stmt的子类: Statement syntaxCodeQL classSuperclassesRemarks ; EmptyStmt Expr ; ExprStmt { Stmt ... } BlockStmt if ( Expr ) Stmt else Stmt If
bamb00
【Java 代码审计入门-05】RCE 漏洞原理与实际案例介绍
3 years 7 months ago
【Java 代码审计入门-05】RCE 漏洞原理与实际案例介绍
Workerman 源码分析:文件上传
3 years 7 months ago
前言 在 Nginx 中 HTTP 数据是一边接收一边进行解析的,如果解析过程中发现收到的数据有问题就会停止解析,并且停止接收数据。 而 Workerman 将解析协议这一步进行后置,当程序需要用
欢迎报名5.14 EISS 大会,提问题送书啦
3 years 7 months ago
欢迎大家扫码报名参加5.14日的eiss大会,提问题送书啦
DDoS Attack Trends for 2020
3 years 7 months ago
Denial-of-service attacks are increasing and becoming more complex. We look at how attackers are attempting to bring down services around the world.
Apple Security Update for Safari - Exploitation in the Wild Reported
3 years 7 months ago
Summary
Apple has published a security update for Safari. One vulnerability is addressed in the update, which is reported as being actively exploited in the wild.
Threat Type
Vulnerability
Overview
Apple has published a security update for Safari. One vulnerability is addressed in the update, which is reported as being actively exploited in the wild. If successfully exploited, the vulnerability could potentially allow a remote attacker to execute arbitrary code. We recommend updating to the latest version a
Mozilla Security Advisories - May 5 2021
3 years 7 months ago
Summary
The Mozilla Foundation has issued three security advisories that address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird.
Threat Type
Vulnerability
Overview
The Mozilla Foundation has released Firefox 88.0.1 and Firefox for Android 88.1.3. There are two vulnerabilities addressed in the update of which one is rated as Critical and one as High. The critical vulnerability only affects the Android version and potentially leaves the browser vulnerable to a universal cross-site scripting
AWS S3 subdomain takeover
3 years 7 months ago
TonghuaRoot
HTTP/2 Header Field Re-used Attack Trick
3 years 7 months ago
TonghuaRoot