Facebook two-factor authentication bypass issue patched
Security vulnerability was one of Meta’s top bugs of 2022
Aggregator
恶意代码分析实战 – Lab 5
3 years 4 months ago
0x00 前言 因为工作中遇到僵木蠕比较多,所以打算学习一下恶意代码、样本分析。最近在看《恶意代码分析实战 […]
KpLi0rn
Python原型链污染变体(prototype-pollution-in-python)
3 years 4 months ago
前些时间看了idekctf 2022*的task manager,出题人参考了另一位博主Python原型链污染变体的博文,于是打算写一篇文章简单学习下这种攻击方式和题目中的一些解题技巧等内容等
Article_kelp
Ruby on Rails apps vulnerable to data theft through Ransack search
3 years 4 months ago
Several applications were vulnerable to brute-force attacks; hundreds more could be at risk
Beyond CWV: 11 More Performance Metrics to Monitor, Part 3 of 5
3 years 4 months ago
Learn the differences between synthetic tests and real user monitoring, and discover 11 web performance metrics beyond the Core Web Vitals — and how to use them.
Akamai Edge Delivery Product Marketing
Trellix automates tackling open source vulnerabilities at scale
3 years 4 months ago
More than 61,000 vulnerabilities patched and counting
WatchTower 脅威インテリジェンスサービス |2022 年のサイバーセキュリティのトレンドと重要ポイント
3 years 4 months ago
Curating raw data into original insights, WatchTower's 2022 Review reflects on the previous year's top threats and trends.
The post WatchTower 脅威インテリジェンスサービス |2022 年のサイバーセキュリティのトレンドと重要ポイント appeared first on SentinelOne JP.
SentinelOne
Video Tutorial: Hijacking SSH Agent
3 years 4 months ago
Recently I got the feedback to create more tutorials and videos, and I thought SSH Agent Hijacking on Linux and macOS (which I wrote about before here) would make a good one.
The video tutorial is here.
If you like this kind of content, then comment or like the video on YouTube and I’ll create more.
Hope it’s useful to get a good basic understanding of this TTP, and help build detections for it.
Critical Vulnerabilities in VMware Aria Operations for Logs
3 years 4 months ago
Summary
VMware has released a fix for two critical vulnerabilities in VMware Aria Operations for Logs. The vulnerabilities both have a CVSS score of 9.8.
Threat Type
Vulnerability
Overview
On Tuesday, January 25, VMware released updates/upgrades for two critical vulnerabilities in its vRealize Log Insight (now VMware Aria Operations for Logs) software that could allow attackers to gain remote access via non-upgraded appliances. Both CVE-2022-31704 and CVE-2022-31706 have CVSS scores of 9.8 indicating a high
Yellowfin tackles auth bypass bug trio that opened door to RCE
3 years 4 months ago
Pre- and post-auth path to pwnage
Bitwarden responds to encryption design flaw criticism
3 years 4 months ago
Password vault vendor accused of making a hash of encryption
Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI
3 years 4 months ago
Akamai researchers have analyzed a critical vulnerability in Microsoft's CryptoAPI that would allow an attacker to masquerade as a legitimate entity.
Tomer Peled & Yoni Rozenshein
追寻老米足迹
3 years 4 months ago
旅行中的碎片记忆
追寻老米足迹
3 years 4 months ago
旅行中的碎片记忆
追寻老米足迹
3 years 4 months ago
旅行中的碎片记忆
追寻老米足迹
3 years 4 months ago
旅行中的碎片记忆
追寻老米足迹
3 years 4 months ago
旅行中的碎片记忆
追寻老米足迹
3 years 4 months ago
旅行中的碎片记忆
IoT vendors faulted for slow progress in setting up vulnerability disclosure programs
3 years 4 months ago
Manufacturer complacency ‘translates into an unacceptable risk for consumers’, warns security expert
The PayPal Breach – Who Was Affected and How You Can Protect Yourself
3 years 4 months ago
PayPal recently notified thousands of its customers that their accounts were breached by hackers, leaving their Social Security Numbers and...
The post The PayPal Breach – Who Was Affected and How You Can Protect Yourself appeared first on McAfee Blog.
McAfee