Aggregator

Threat actors wasted no time jumping on this new exploit to launch new campaigns for reconnaissance, uploading back doors, and deploying variants of the Mirai botnet.

So, what was 2018 like for you? Just another year, a whirlwind of happiness and heartbreaks, or a momentous one...

The post The Year That Was – Cybersecurity Takeaways From 2018 appeared first on McAfee Blog.

First detected in May 2018, DanaBot is a fraud trojan that has since shifted its targets from banks in Australia to banks in Europe, as well as global email providers such as Google, Microsoft and Yahoo for the holiday phishing season.

Web Applications and Services use cookies to authenticate sessions and users. An adversary can pivot from a compromised host to Web Applications and Internet Services by stealing authentication cookies from browsers and related processes. At the same time this technique bypasses most multi-factor authentication protocols. The reason for this is that the final authentication token that the attacker steals is issued after all factors have been validated. Many users persist cookies that are valid for an extended period of time, even if the web application is not actively used.

[TOC] ### 1.关于此系列文章 >WordPress插件漏洞挖掘系列文章流程大概为：简单了解插件结构-》尝试开发第一个插件-》插件漏洞的一次复现-》插件漏洞挖掘首尝试，在这系列文中...

Google 牛！

Over the past year, Akamai Enterprise Threat Research team monitored the usage of one particular phishing toolkit in the wild. We previously wrote about this phishing toolkit as "Three Questions Quiz". The "Quiz" toolkit is not new to the threat landscape, as its been used in many phishing campaigns in recent years. Our goal here is to present new insights on the evolution and scale of usage of the toolkit in the wild. The most surprising insight was the variety of commercial brands being abused as part of these phishing scams that were all using the same toolkit, but wearing a different face.

代码即脸面

最近有一部电视剧《大江大河》，里面有个小女孩叫梁思申（男主的第二任妻子），把会的知识点故意答错，只求试卷考个

You’re scrolling through Facebook and receive a message notification. You open it and see it’s from Volkswagen, claiming that the...

The post How to Stay Secure from the Latest Volkswagen Giveaway Scam appeared first on McAfee Blog.

No CISO is an island. The success of CISOs hinges on their ability to listen, build consensus, and communicate in a wide range of registers.

漏洞影响版本: ThinkPHP 5.0.5-5.0.22 ThinkPHP 5.1.0-5.1.30 漏洞复现: 一.mac的debug环境搭建。 一键化环境搭建工具: mamp pro ,调试工具 PHPstorm 打开mamp pro，设置左上角的file->Edit Template, 设置

Misc 0x01 签到

base64 解码一下就行, 不懂的同学可以看一下这个

1$ base64 -d 2QzFDVEZ7dzNsZWMwbWVfdE9fQzFDVEZ9 3C1CTF{w3lec0me_tO_C1CTF}

Threat hunting 是近几年业内的热词之一，出现了很多代表性的厂商和产品。在此分享2 周多以前Richard Bejtlich 和 Robert M. Lee 关于hunting 的一场精彩辩论。

晚

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide.

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide.