Aggregator

As the Internet of Things works its way into almost every facet of our daily lives, it becomes more important...

The post Rogue Drones Cause Gatwick Airport to Close for Over 30 Hours: More on This Threat appeared first on McAfee Blog.

android安全测试环境

美丽联合集团SRC邀请你来新年白帽大趴体！

巧用EvilUSB攻击智能路由器

Expect a breach If you have basic, vendor default SSH credentials active on any system.

再见，2018

Today, we are all pretty reliant on our mobile technology. From texting, to voice messaging, to mobile banking, we have...

The post Fake Apps & Banking Trojans Are Cybercriminal Favorites appeared first on McAfee Blog.

Threat actors wasted no time jumping on this new exploit to launch new campaigns for reconnaissance, uploading back doors, and deploying variants of the Mirai botnet.

So, what was 2018 like for you? Just another year, a whirlwind of happiness and heartbreaks, or a momentous one...

The post The Year That Was – Cybersecurity Takeaways From 2018 appeared first on McAfee Blog.

First detected in May 2018, DanaBot is a fraud trojan that has since shifted its targets from banks in Australia to banks in Europe, as well as global email providers such as Google, Microsoft and Yahoo for the holiday phishing season.

Web Applications and Services use cookies to authenticate sessions and users. An adversary can pivot from a compromised host to Web Applications and Internet Services by stealing authentication cookies from browsers and related processes. At the same time this technique bypasses most multi-factor authentication protocols. The reason for this is that the final authentication token that the attacker steals is issued after all factors have been validated. Many users persist cookies that are valid for an extended period of time, even if the web application is not actively used.

[TOC] ### 1.关于此系列文章 >WordPress插件漏洞挖掘系列文章流程大概为：简单了解插件结构-》尝试开发第一个插件-》插件漏洞的一次复现-》插件漏洞挖掘首尝试，在这系列文中...

Google 牛！

Over the past year, Akamai Enterprise Threat Research team monitored the usage of one particular phishing toolkit in the wild. We previously wrote about this phishing toolkit as "Three Questions Quiz". The "Quiz" toolkit is not new to the threat landscape, as its been used in many phishing campaigns in recent years. Our goal here is to present new insights on the evolution and scale of usage of the toolkit in the wild. The most surprising insight was the variety of commercial brands being abused as part of these phishing scams that were all using the same toolkit, but wearing a different face.

代码即脸面