Aggregator
回看2018 | 区块链的安全与是非
6 years ago
再见,2018
Cyber threat report for 2017/18 released
6 years ago
Fake Apps & Banking Trojans Are Cybercriminal Favorites
6 years ago
Today, we are all pretty reliant on our mobile technology. From texting, to voice messaging, to mobile banking, we have...
The post Fake Apps & Banking Trojans Are Cybercriminal Favorites appeared first on McAfee Blog.
McAfee
Threat Actors Rapidly Adopt New ThinkPHP RCE Exploit to Spread IoT Malware and Deploy Remote Shells
6 years ago
Threat actors wasted no time jumping on this new exploit to launch new campaigns for reconnaissance, uploading back doors, and deploying variants of the Mirai botnet.
December 2018 New Zealand Information Security Manual
6 years ago
The Year That Was – Cybersecurity Takeaways From 2018
6 years ago
So, what was 2018 like for you? Just another year, a whirlwind of happiness and heartbreaks, or a momentous one...
The post The Year That Was – Cybersecurity Takeaways From 2018 appeared first on McAfee Blog.
McAfee
DanaBot November Campaigns Target European Banks and Email Providers
6 years ago
First detected in May 2018, DanaBot is a fraud trojan that has since shifted its targets from banks in Australia to banks in Europe, as well as global email providers such as Google, Microsoft and Yahoo for the holiday phishing season.
Inquiry into the use of external security consultants
6 years ago
Pass the Cookie and Pivot to the Clouds
6 years ago
Web Applications and Services use cookies to authenticate sessions and users. An adversary can pivot from a compromised host to Web Applications and Internet Services by stealing authentication cookies from browsers and related processes. At the same time this technique bypasses most multi-factor authentication protocols.
The reason for this is that the final authentication token that the attacker steals is issued after all factors have been validated. Many users persist cookies that are valid for an extended period of time, even if the web application is not actively used.
WordPress插件挖洞系列--简单了解插件结构[一]
6 years ago
[TOC]
### 1.关于此系列文章
>WordPress插件漏洞挖掘系列文章流程大概为:简单了解插件结构-》尝试开发第一个插件-》插件漏洞的一次复现-》插件漏洞挖掘首尝试,在这系列文中...
Poacher
「日记」单元测试
6 years ago
Google 牛!
Quiz Phishing: One Scam, 78 Variations
6 years ago
Over the past year, Akamai Enterprise Threat Research team monitored the usage of one particular phishing toolkit in the wild. We previously wrote about this phishing toolkit as "Three Questions Quiz". The "Quiz" toolkit is not new to the threat landscape, as its been used in many phishing campaigns in recent years. Our goal here is to present new insights on the evolution and scale of usage of the toolkit in the wild. The most surprising insight was the variety of commercial brands being abused as part of these phishing scams that were all using the same toolkit, but wearing a different face.
Or Katz
「日记」代码规范
6 years ago
代码即脸面
恶意软件作者也长得像高晓松?
6 years ago
最近有一部电视剧《大江大河》,里面有个小女孩叫梁思申(男主的第二任妻子),把会的知识点故意答错,只求试卷考个
How to Stay Secure from the Latest Volkswagen Giveaway Scam
6 years ago
You’re scrolling through Facebook and receive a message notification. You open it and see it’s from Volkswagen, claiming that the...
The post How to Stay Secure from the Latest Volkswagen Giveaway Scam appeared first on McAfee Blog.
McAfee
Nine Types of Meetings Every CISO Should Master
6 years ago
No CISO is an island. The success of CISOs hinges on their ability to listen, build consensus, and communicate in a wide range of registers.
ThinkPHP5代码执行的简单分析 - 羊小弟
6 years ago
漏洞影响版本: ThinkPHP 5.0.5-5.0.22 ThinkPHP 5.1.0-5.1.30 漏洞复现: 一.mac的debug环境搭建。 一键化环境搭建工具: mamp pro ,调试工具 PHPstorm 打开mamp pro,设置左上角的file->Edit Template, 设置
羊小弟
C1CTF 2018 Writeup
6 years ago
Misc
0x01 签到
base64 解码一下就行, 不懂的同学可以看一下这个
1$ base64 -d 2QzFDVEZ7dzNsZWMwbWVfdE9fQzFDVEZ9 3C1CTF{w3lec0me_tO_C1CTF}GCSB welcomes report on warrants
6 years ago
The Director-General of the Government Communications Security Bureau (GCSB), Andrew Hampton, has welcomed the release of the Inspector-General of Intelligence and Security’s report on warrants issued under the Intelligence and Security Act 2017.