Aggregator

The following report provides X-Force Threat Intelligence's analysis of the DarkSide ransomware family based on publicly available samples. Summary DarkSide, like other ransomware used in targeted attacks, encrypts user data in compromised computers. Recent variants of DarkSide ransomware enumerates various system properties of the victim and beacons them in an encoded POST request to its C2 address. DarkSide also executes an encoded PowerShell command to delete volume shadow copies. It deletes several s

Summary A top U.S. fuel pipeline company has suffered a cyber attack that has forced them to halt operations. Several news sources and the company itself have confirmed the attack. Threat Type Cyber Attack Overview ** Update May 10 - 8:50 AM** The most recent reporting indicates that the attack likely involved DarkSide, a ransomware-as-a-service (RaaS) affiliate operation. DarkSide posted the following statement to their leak site following the attack: We are apolitical, we do not participate in geopolitics

CodeQL具有用于标识调用其他代码，以及可以被任意位置调用的代码的类。通过这个类你可以找到从未使用过的方法。 调用图类 CodeQL的Java库提供了两个抽象类来表示程序的调用图：Callable和Call。前者是Method和Constructor的公共超类，后者是MethodAccess，Cl

4.24日，我在云栖小镇的「2050大会」上的meetup环节，和一些参与团聚的朋友重点分享了我对于「计算的未来」的观点。恰巧有参与团聚的朋友全程录像和录音了，也因此得以整理成这份文字。

今天，你学习了吗~

今天，你学习了吗~

序言系统性地接触、思考、规划“高级威胁治理”始于2014年，我的老东家趋势科技在大洋彼岸和FireEye激战正酣，拼沙箱、0 Day、网络检测、邮件检测、威胁情报和安全专家，我开始负责中国区高级威胁治理战略规划，有幸接触和了解这部分新兴领域

Metasploit最新资讯！！新模块*6，功能更新*6，BUG修复*4~

声明类 下述表格列出了所有Stmt的子类： Statement syntaxCodeQL classSuperclassesRemarks ; EmptyStmt Expr ; ExprStmt { Stmt ... } BlockStmt if ( Expr ) Stmt else Stmt If

【Java 代码审计入门-05】RCE 漏洞原理与实际案例介绍

前言 在 Nginx 中 HTTP 数据是一边接收一边进行解析的，如果解析过程中发现收到的数据有问题就会停止解析，并且停止接收数据。 而 Workerman 将解析协议这一步进行后置，当程序需要用

欢迎大家扫码报名参加5.14日的eiss大会，提问题送书啦

Denial-of-service attacks are increasing and becoming more complex. We look at how attackers are attempting to bring down services around the world.

Summary Apple has published a security update for Safari. One vulnerability is addressed in the update, which is reported as being actively exploited in the wild. Threat Type Vulnerability Overview Apple has published a security update for Safari. One vulnerability is addressed in the update, which is reported as being actively exploited in the wild. If successfully exploited, the vulnerability could potentially allow a remote attacker to execute arbitrary code. We recommend updating to the latest version a

Summary The Mozilla Foundation has issued three security advisories that address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Threat Type Vulnerability Overview The Mozilla Foundation has released Firefox 88.0.1 and Firefox for Android 88.1.3. There are two vulnerabilities addressed in the update of which one is rated as Critical and one as High. The critical vulnerability only affects the Android version and potentially leaves the browser vulnerable to a universal cross-site scripting

浅析 AWS S3 子域名接管漏洞

0x00 前言

哈喽，大家好，我是童话。

前段时间和

0x00 前言

哈喽，大家好，我是童话。

最近一段时间一直没更新博客[1]，一方面是自己懒了，另一方面

【Java 代码审计入门-04】SSRF 漏洞原理与实际案例介绍