Aggregator

Evernote 应用中PDF.js字体注入导致跨平台远程代码执行漏洞

甲方安全建设

1 year 11 months ago

在Evernote应用中发现的关键性漏洞，该漏洞可以通过嵌入恶意PDF文件到笔记中，利用PDF.js的字体注入进行JavaScript代码执行，进而通过ipcRenderer和BrokerBridge实现跨进程通信，最终达到远程代码执行

Evernote 应用中PDF.js字体注入导致跨平台远程代码执行漏洞

甲方安全建设

1 year 11 months ago

An In-Depth Look at Crypto-Crime in 2023 Part 2

Trend Micro Research, News and Perspectives

1 year 11 months ago

In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise.

Страхование ответственности [от] действий CISO

Securitylab.ru

1 year 11 months ago

CVE-2024-4577 Exploits in the Wild One Day After Disclosure

The Akamai Blog

1 year 11 months ago

Akamai researchers have observed numerous exploit attempts for the PHP vulnerability CVE-2024-4577 as early as one day after disclosure.

Kyle Lefton, Allen West & Sam Tinklenberg

The Stark Truth Behind the Resurgence of Russia’s Fin7

Krebs on Security

1 year 11 months ago

The Russia-based cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 -- setting up thousands of websites mimicking a range of media and technology companies -- with the help of Stark Industries Solutions, a sprawling hosting provider is a persistent source of cyberattacks against enemies of Russia.

BrianKrebs

The Stark Truth Behind the Resurgence of Russia’s Fin7

Ransomware – Krebs on Security

1 year 11 months ago

BrianKrebs

Malware Wormed Its Way Through Fujitsu Japan's Systems

Malware News > Packet Storm

1 year 11 months ago

[漏洞挖掘与防护] 01.漏洞利用之CVE-2019-0708复现及防御详解（含学习路线）

娜璋AI安全之家

1 year 11 months ago

漏洞挖掘第一篇文章复现CVE-2019-0708，含学习路线推荐，希望您喜欢！

出海沙特｜CyberME Studios与繁星创投及斯元达成战略合作，推动中国网安科技在沙特阿拉伯的发展

安全村SecUN

1 year 11 months ago

携手斯元，共同出海。

30余位知名教授及博士生传道授业解惑，2024InForSec大学生夏令营等你来！速来报名！

网安国际

1 year 11 months ago

7月15-16日，合肥中科大，InForSec网络安全大学生夏令营导师面对面活动即将盛大开幕。

Cloudflare Zaraz adds support for server-side rendering of X and Instagram embeds

The Cloudflare Blog

1 year 11 months ago

We are thrilled to announce Cloudflare Zaraz support for server-side rendering of embeds from X and Instagram. This allows for secure, privacy-preserving, and performant embedding without third-party JavaScript or cookies, enhancing security, privacy, and performance on your website

Yair Dovrat

2024 Let's GoSSIP 暑期学校活动日程公布！

安全研究GoSSIP

1 year 11 months ago

大家望眼欲穿地等待的2024 Let's GoSSIP 暑期学校活动日程发布了！

Github获8k Star！入选苹果CoreML模型库的Depth Anything是怎么做出来的？

字节跳动技术团队

1 year 11 months ago

成果一作为团队实习生。

Sygnia Recognized for the Third Consecutive Year in The Gartner 2024 Market Guide for Digital Forensics and Incident Response Retainer Services

Sygnia

1 year 11 months ago

In June, Sygnia, was named a Representative Vendor in the 2024 Gartner® Market Guide for Digital Forensics and Incident Response Retainer Services (DFIR).

The post Sygnia Recognized for the Third Consecutive Year in The Gartner 2024 Market Guide for Digital Forensics and Incident Response Retainer Services appeared first on Sygnia.

Sygnia