Aggregator

0x00 前言

最近有这样一个需求，需要对某病毒写一个专杀工具，针对这款病毒进行查杀。这个病毒样本是今年2月份发现的，该病毒相对来说比较友好，没有采用加密，也没有删除原文件，也没有网络传播行为。只是会感染可执行文件，会将原文件修改名字，生成一个与原文件同名的感染文件，运行后可继续感染其他文件。接下来首先从非专业的角度来简单看一下该病毒是如何运行的。

我把它叫做"微电脑"

Chrome is rolling out changes to the browser?s User-Agent string that will affect how web servers, applications, and CDNs like Akamai gather information about the current user agent (such as the browser?s version, device, and platform information).

第八届全国取证赛马上就要开始了，不少人都在摩拳擦掌积极备赛。今天突然有人问我Linux 软RAID的相关问题

如何从零写一款病毒专杀工具

这是最坏的的时代，也是最好的时代

Amongst an uptick in attacks on the cloud surface, enterprises can learn how to safeguard their cloud environment through open XDR solutions.

The post クラウド コンピューティングは決して新しい技術ではありません｜今、どうしてセキュリティが求められているのか？ appeared first on SentinelOne JP.

2022年v2版，新增3.2小节，增加了对FISMA报告的引用

背景

2022年4月13日，360Netlab首次向社区披露了Fodcha僵尸网络，在我们的文章发表之后，Fodcha遭受到相关部门的打击，其作者

Summary VMWare has released advisory VMSA-2022-0027 in order to remedy a critical remote code execution vulnerability in VMWare Cloud Foundation. This vulnerability is being tracked as CVE-2021-39144 and only affects VMware Cloud Foundation (NSX-V) version 3.11. Threat Type Vulnerability Overview X-Force is tracking the release of a patch for a critical remote code execution vulnerability in VMWare Cloud Foundation. VMWare has released advisory VMSA-2022-0027 to remedy this vulnerability tracked as CVE-202

The conviction of a high profile security executive who paid to suppress a data leak has created a new dimension of risk for security executives.

RPC（远程过程调用）并不是Windows独有的概念，RPC的第一个实现是在unix上；RPC在Windows上的设计是一种强大、健壮、高效且“安全”的进程间通信 (IPC) 机制，它支持数据交换和调用驻留在不同进程中的功能。不同的进程可以在同一台机器上、局域网上或互联网上。简单说它允许请求操作另一台计算机上的服务，而无需了解背后的详细信息。

Akamai Researchers have uncovered a long-running attack campaign attack targeting Linux SSH servers that has been running a monero cryptominer.

1、面向业务守护的移动安全对抗实践2、从应用场景看金融安全 —— 逻辑为王3、Linux内核漏洞检测与防御4、从后门到漏洞——智能设备私有协议中的安全问题5、漫谈AOSP蓝牙漏洞挖掘技术

“黑公关”呈现隐蔽性强、调查取证难、维权成本高、损失难估算等特点，被害人或被害企业受限于财力或精力，不得已选择冷处理，助长“黑公关”气焰。网络”黑公关“已经快速形成产业链条，扰乱舆论环境。

最终还是成了砖家

Today, we are excited to announce a significant evolution of Akamai?s distributed denial-of-service (DDoS) protection solution, Prolexic.

There is a growing movement toward increasing the use of competency and skills-based education and hiring practices in both the public and private sectors. For example, the Executive Order on Modernizing and Reforming the Assessment and Hiring of Federal Job Candidates calls upon the Federal Government to “ensure that the individuals most capable of performing the roles and responsibilities required of a specific position are those hired for that position”—resulting in “merit-based reforms that will replace degree-based hiring with skills- and competency-based hiring.” Similarly, the