Aggregator

The FBI has released a flash warning that thousands of organizations around the world, and across multiple industries, have been threatened with DDoS attacks unless they pay a bitcoin ransom. This ransom DDoS, or RDoS, threat was covered by Akamai's Security Intelligence Response Team (SIRT) in a Security Alert released on August 17, 2020.

As JavaScript-based client-side attacks continue to evolve, we see how attackers are getting more sophisticated and employing more advanced techniques. Unfortunately, it has been proven many times that any website partner can be exploited to carry out an attack. In the past month, we witnessed one of the most popular and trusted vendors being used as a credit card data exfiltration vector -- Google Analytics.

As COVID-19 shrinks IT security budgets, security teams must shift their spending and update operations plans to support this new normal.

This post is part of a series about machine learning and artificial intelligence. Click on the blog tag “huskyai” to see related posts. The previous four posts explained the architecture and how Husky AI was built, threat modeled and deployed. Now it’s time to start the attacks and build mitigations. The appendix in this post shows all the attacks I want to research and perform in this series over the next few weeks/months.

华山论剑·2020网络安全大会（第三届全国信息安全企业家高峰论坛暨第五届SSC安全峰会）将于10月14至15

SQL injections were first discovered in 1998, and over 20 years later, they remain an unsolved challenge and an ongoing threat for every web application and API. The Open Web Application Security Project (OWASP) highlighted injection flaws in its Top 10 lists for both web application security risks and API security threats.

推荐基本和谷歌有关的书籍，以及几个前谷歌技术人的公众号。

本报告部分引自Week in OSINT栏目，每周推荐好玩实用的工具，站点，技巧，文章等，适用于任何领域的研究人员，分析测试人员。

It's no secret that security threats continue to expand in volume and variety, making headlines on virtually a daily basis. From nation-state attacks, corporate espionage, and data exfiltration campaigns to all-in-one and sneaker bot campaigns, businesses across the globe find themselves dealing with a deluge of inbound threats. The increased amount and variation of threats, and the proliferation of apps being deployed and managed by teams and individuals across the enterprise, can make securing apps and data feel like trying to keep water out of a submerged sieve.

近几年，系统安全方面的体系建设日渐完善。但数据安全方面，并没有看到一个完善的体系出来，它就是阿喀琉斯的脚后跟，稍微干一下，就跪了。

CVE-2020-2555、CVE-2020-2883、CVE-2020-14645，WebLogic 同一个反序列化利用链的补丁绕过攻防战。

This post is part of a series about machine learning and artificial intelligence. Click on the blog tag “huskyai” to see all the posts, or visit the machine learning attack series overview section. In the previous post we walked through the steps required to gather training data, build and test a model to build “Husky AI”. This post is all about threat modeling the system to identify scenarios for attacks which we will perform in the upcoming posts.

This post is part of a series about machine learning and artificial intelligence. In the previous post we walked through the steps required to gather training data, build and test a model. In this post we dive into “Operationalizing” the model. The scenario is the creation of Husky AI and my experiences and learnings from that. Part 3 - Operationalizing the Husky AI model This actually took much longer than planned.

This post is part of a series about machine learning and artificial intelligence. In the previous post we described the overall machine learning pipeline. In this post we dive into the technical details on how I built and trained the machine learning model for Husky AI. After reading this you should have a good understanding around the technical steps involved in building a machine learning system, and also some thoughts around what can be attacked.

如果按照「黑苹果」的定义 —— 在一台没有苹果 Logo 的电脑上运行苹果公司开发的操作系统，那么全世界第一台「黑苹果」应该诞生于 24 年前；如果谈现代的黑苹果，那么一定不能无视苹果迈向 Intel 和 x86 的道路...

This post is part of a series about machine learning and artificial intelligence. In the previous post I talked about good resources for learning more about artificial intelligence and machine learning in general, and how I started my journey in this space. The next few posts will be about Husky AI. What is Husky AI? Husky AI allows a user to upload an image, and get an answer back if the image contains a husky or not.