Aggregator

Summary CVE-2021-28310 is a privilege escalation vulnerability in Windows' Desktop Window Manager. It was discovered by Kaspersky being used in-the-wild by BITTER APT. Threat Type Vulnerability, Exploit, APT Overview Kaspersky published a blog post detailing CVE-2021-28310, a zero-day vulnerability they discovered being exploited by BITTER APT. It is a privilege escalation vulnerability, and Kaspersky believes it was used in combination with other browser exploits. Since the full exploit chain wasn't captur

Summary SAP has released its April 2021 security patches for a variety of products. Each product and a link to details on the vulnerability are listed below. In all, 14 security notes were released. Of these, 1 is rated critical, 4 are rated high, 9 are rated as medium, and 5 are updates to previously released patches. The potential impact from successful exploitation of the most serious vulnerability is remote code execution. In addition, privilege escalation, accessing sensitive files, and other nefarious

分享一个Spring Boot中关于%2e的小Trick。先说结论，当Spring Boot版本在小于等于2. […]

Google的应急响应流程在18年就有相关的材料介绍了，笔者集合了一些会议材料、Paper、官网文章进行较为完整的分享，希望大家可以借此比对同国内自家理念的异同。

Google的应急响应流程在18年就有相关的材料介绍了，笔者集合了一些会议材料、Paper、官网文章进行较为完整的分享，希望大家可以借此比对同国内自家理念的异同。

Google的应急响应流程在18年就有相关的材料介绍了，笔者集合了一些会议材料、Paper、官网文章进行较为完整的分享，希望大家可以借此比对同国内自家理念的异同。

"Working from home 2021" was the title of my talk at The Cyber Security Summit in January, and the strikethrough is important.

Summary The ICS-CERT has published fifteen advisories that affect Schneider Electric SoMachine Basic, Advantech WebAccessSCADA, JTEKT TOYOPUC products, the Siemens products Solid Edge File Parsing, Web Server of SCALANCE X200, SINEMA Remote Connect Server, LOGO! Soft Comfort, PKE Control Center Server, TIM 4R-IE Devices, Nucleus Products IPv6 Stack, Nucleus Products DNS Module, Tecnomatix RobotExpert, SIMOTICS CONNECT 400, Nucleus DNS, and the Siemens and Milestone Siveillance Video Open Network Bridge. Thr

Summary PAM update 4104.08194 contains 10 new events, 23 new moderate event responses, and 23 new aggressive event responses. Threat Type Vulnerability Overview This content update is compatible with IBM QRadar Network Security Firmware version 5.4 or later, IBM QRadar Network Security for VMware firmware version 5.4 or later, IBM Security Network IPS GV-Series Virtual Appliances, IBM Security Network IPS GX-Series Appliances Firmware version 4.5 or later, IBM Security Network Protection XGS Firmware versio

Summary The Mozilla Foundation has issued a Moderate-rated security advisory that addresses multiple vulnerabilities in Thunderbird. Threat Type Vulnerability Overview The Mozilla Foundation has released Thunderbird 78.9.1 to cover multiple vulnerabilities related to OpenPGP functions. The advisory has been rated as Moderate. The vulnerabilities could potentially result in a failure to send encrypted emails or allow a remote attacker to conduct a spoofing attack. For further details, please refer to the app