Aggregator

如果开发人员点击嵌入的“转到策略”按钮来了解他们违反了哪些规则，他们就会被带到 Google 域上的恶意 OAuth 应用程序的合法登录页面。

有关针对 Chrome 浏览器扩展程序开发人员的网络钓鱼活动的新细节近期被披露，该活动导致至少 35 个扩展程序被入侵，以注入数据窃取代码，其中包括来自网络安全公司 Cyberhaven 的扩展程序。

即使安全启动保护处于活动状态，也可能会利用一个新的 UEFI 安全启动绕过漏洞（编号为 CVE-2024-7344）影响 Microsoft 签名的应用程序来部署 bootkit，多个第三方软件开发商

Поддельный мемкоин достиг капитализации $80 миллионов.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The medium-severity vulnerability is CVE-2020-11023 (CVSS score: 6.1/6.9), a nearly five-year-old cross-site scripting (XSS) bug that could be

Vulnerability / JavaScriptThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thur

The CISO’s rise to the C-suite comes with more engagement with the boardroom, an audience with the CEO, and the power to make strategic decisions for the business, according to Splunk. CISOs report to the C-suite (Source: Splunk) 82% of surveyed CISOs now report directly to the CEO, a significant increase from 47% in 2023. In addition, 83% of CISOs participate in board meetings somewhat often or most of the time. While 60% acknowledge that … More →

The post Nearly half of CISOs now report to CEOs, showing their rising influence appeared first on Help Net Security.

相比前十年的大跨步发展，2024年的网安产业整体表现只能用“平淡”来形容，但在一些领域仍有可圈可点的成绩。

Debian 项目在宣布 13.0 Trixie 的冻结日期之后，下一代代号为 Forky 的 Debian 14 开始进入开发阶段。Debian 发行版大约每两年发布一个大版本，Debi

Debian 项目在宣布 13.0 Trixie 的冻结日期之后，下一代代号为 Forky 的 Debian 14 开始进入开发阶段。Debian 发行版大约每两年发布一个大版本，Debian 13.0 预计 2025 年 8 月发布，那么 Debian 14 大约是 2027 年，Debian 15 大约为 2029 年。Debian 项目宣布 Debian 15 的代号为 Duke。Debian 项目的代号都来自于皮克斯动画《玩具总动员》系列中的角色，Duke 的名字出自《玩具总动员4》中的 Duke Caboom，在电影中它由基努·里维斯配音，是一个能做特技表演的加拿大玩具。

GnuPG is a free and comprehensive implementation of the OpenPGP standard. It enables encryption and signing of data and communications, featuring a key management system and support for public key directories. While primarily a command-line tool, GnuPG is designed for integration with other applications. It also supports S/MIME and SSH. Here are some excellent frontend tools compatible with GnuPG: GpgFrontend GpgFrontend intuitively streamlines encryption, decryption, and digital signing. Rooted in the trusted gpg4usb project, GpgFrontend … More →

The post GUI frontends for GnuPG, the free implementation of the OpenPGP standard appeared first on Help Net Security.

主站 分类 漏洞 工具 极客

Tyrant 是一个 SUID 二进制特权升级工具，权限提升或进行横向移动。

一款专为个人需求设计的高效图床解决方案，集成了强大的图片压缩功能与优雅的前台后台管理界面。项目结构精简高效，提供自定义图片压缩率与尺寸设置，有效降低存储与带宽成本。支

一款专为个人需求设计的高效图床解决方案，集成了强大的图片压缩功能与优雅的前台后台管理界面。项目结构精简高效，提供自定义图片压缩率与尺寸设置，有效降低存储与带宽成本。支持本地储存，阿里云OSS储存...

The rise in identity fraud over the past two years has significantly impacted all industries, especially finance, banking, fintech, and crypto, according to Regula. With deepfakes threatening every second company around the world, businesses won’t be able to stand out without liveness checks, both for biometrics and documents. However, organizations can’t blindly rely on this method as-is. They will have to introduce signal source control via hardware-enabled solutions. With deepfakes being so deeply realistic now, … More →

The post Deepfakes force a new era in fraud detection, identity verification appeared first on Help Net Security.

36岁本命年，再学一次安全，365天src实战，所有文章更新到星球

36岁本命年，再学一次安全，365天src实战，所有文章更新到星球