Aggregator

样本能够完全绕过 EMET，故此深入分析下绕过的原理并改造 CVE-2017-0261 绕过 EMET

还原BuleHero挖矿蠕虫最新变种的发现过程并提供相应清除建议

Do you remember the first time you made an online purchase? Me neither. I?ve made so many online purchases over the years, and I?ve probably made more in the past 18 months than in the past 5 years combined.

Anyone running a business is likely familiar with the phrase ?building the plane as you?re flying it.? And through the craziness of the past 19 months, many of us lived the phrase, becoming pilots and engineers of our new realities overnight.

从流量和主机层入手，分析挖矿木马的防御之策。

Retail fraud, identity theft, account takeovers, stolen payment cards—it feels like digital fraud is everywhere. Understand it better to fight it more effectively.

Here?s what I know: My personal email has been ?pwned? or stolen at least 18 times. Here?s what I don?t know: if any of the times I have been unable to log in to one of my OTT subscription services was due to my kids sharing our credentials or because of an account takeover ? that kill chain that starts with harvesting stolen username/password combinations and then testing them via a credential stuffing attack.

It?s an exciting time to be starting a career in digital ? but even more so when it?s at a company like Akamai. An organization driven by a commitment to developing talent within the industry, Akamai is an intellectually rigorous, demanding, and rewarding environment to be in at any level. But for new starters, programs like the summer internship can provide a 10- to 12-week opportunity to meet people and learn new skills ? with real-world experiences, close working relationships, and access to subject matter experts.

Media giant RTL Nederland offers a weather app that gives users the ability to get a comprehensive overview of the weather in their location at the click of a button. Akamai is delighted that this exciting media brand has chosen us to deliver a rich and engaging web experience for its viewers while providing a sustainable infrastructure via our Akamai Intelligent Edge Platform.

Fast Flux is a DNS technique used by botnets to hide various types of malicious activities, such as phishing, web proxying, malware delivery, and malware communication, behind an ever-changing network of compromised hosts acting as proxies. The Fast Flux network concept was first introduced in 2006, with the emergence of Storm Worm malware variants. The Fast Flux network is typically used to make the communication between malware and its command and control (C2) server more resistant to discovery. Akamai?s research team has analyzed sophisticated botnet infrastructure that leverages Fast Flux techniques including domains, nameservers, and IP address changes. Figure 1 shows an overview of such a network, which can also be referred to as a form of bulletproof hosting, that hosts various malicious services. These networks empower threat actors to execute attack campaigns by utilizing network capabilities to host malware binaries, proxy communication to C2 servers, phishing websites, or proxy attacks on websites across the internet.

导语Apache ShenYu 是一个异步的，高性能的，跨语言的，响应式的 API 网关。近期发现其历史版本(2.3.0-2.4.0)中存在登录认证绕过的风险，CVE编号为CVE-2021-37...

导语Apache ShenYu 是一个异步的，高性能的，跨语言的，响应式的 API 网关。近期发现其历史版本(2.3.0-2.4.0)中存在登录认证绕过的风险，CVE编号为CVE-2021-37...

In our update to Guardicore Hunt see how you can enhance your ransomware protections as well as Zero Trust.

The increased use of smart devices, improved connectivity, and today?s hyper demanding customers are driving the need for digital transformation in the finance sector. Emerging technologies like open banking are creating new opportunities for both incumbent banks and fintechs.

本周仍旧精彩

本文介绍在Java Web开发过程中可能存在SQL注入的一些场景

默安科技巡哨于今年4月已支持SonarQube未授权访问漏洞的检测。

域环境以前搭过后，有好一段时间没自己搭了，总是记忆模糊，此文意在记录域环境搭建的配置，以便之后查看。

阿里云安全团伙在野捕获Hadoop Yarn RPC未授权访问漏洞。

自己内部分享的一篇对安全PM理解的小作文，去掉了一些承载描述~0x01 提笔漫谈产品经理我认为是一个偏能力型，而非技能型的职位，在职责划分上包含了战略规划、市场洞察、竞品研究、需求分析、产品推动...