Deserialized web security roundup: ‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problems
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
Aggregator
Data Analytics for Small Businesses: How to Manage Privacy Risks
2 years 11 months ago
Perhaps you’ve been hearing about data analytics, which is being promoted as a way for even small businesses to analyze communications with customers, enhance customer experience, save money, and ultimately improve your brand. However, data analytics can have big privacy implications. You may think of managing privacy risk as protecting sensitive customer information, such as credit cards. As the Venn diagram to the right demonstrates, data security is certainly one aspect of privacy risk, but privacy risks can also arise by means unrelated to cybersecurity incidents. People can experience
Meghan Anderson
Facebook two-factor authentication bypass issue patched
2 years 11 months ago
Security vulnerability was one of Meta’s top bugs of 2022
恶意代码分析实战 – Lab 5
2 years 11 months ago
0x00 前言 因为工作中遇到僵木蠕比较多,所以打算学习一下恶意代码、样本分析。最近在看《恶意代码分析实战 […]
KpLi0rn
Python原型链污染变体(prototype-pollution-in-python)
2 years 11 months ago
前些时间看了idekctf 2022*的task manager,出题人参考了另一位博主Python原型链污染变体的博文,于是打算写一篇文章简单学习下这种攻击方式和题目中的一些解题技巧等内容等
Article_kelp
Ruby on Rails apps vulnerable to data theft through Ransack search
2 years 11 months ago
Several applications were vulnerable to brute-force attacks; hundreds more could be at risk
Beyond CWV: 11 More Performance Metrics to Monitor, Part 3 of 5
2 years 11 months ago
Learn the differences between synthetic tests and real user monitoring, and discover 11 web performance metrics beyond the Core Web Vitals — and how to use them.
Akamai Edge Delivery Product Marketing
Trellix automates tackling open source vulnerabilities at scale
2 years 11 months ago
More than 61,000 vulnerabilities patched and counting
WatchTower 脅威インテリジェンスサービス |2022 年のサイバーセキュリティのトレンドと重要ポイント
2 years 11 months ago
Curating raw data into original insights, WatchTower's 2022 Review reflects on the previous year's top threats and trends.
The post WatchTower 脅威インテリジェンスサービス |2022 年のサイバーセキュリティのトレンドと重要ポイント appeared first on SentinelOne JP.
SentinelOne
Video Tutorial: Hijacking SSH Agent
2 years 11 months ago
Recently I got the feedback to create more tutorials and videos, and I thought SSH Agent Hijacking on Linux and macOS (which I wrote about before here) would make a good one.
The video tutorial is here.
If you like this kind of content, then comment or like the video on YouTube and I’ll create more.
Hope it’s useful to get a good basic understanding of this TTP, and help build detections for it.
Critical Vulnerabilities in VMware Aria Operations for Logs
2 years 11 months ago
Summary
VMware has released a fix for two critical vulnerabilities in VMware Aria Operations for Logs. The vulnerabilities both have a CVSS score of 9.8.
Threat Type
Vulnerability
Overview
On Tuesday, January 25, VMware released updates/upgrades for two critical vulnerabilities in its vRealize Log Insight (now VMware Aria Operations for Logs) software that could allow attackers to gain remote access via non-upgraded appliances. Both CVE-2022-31704 and CVE-2022-31706 have CVSS scores of 9.8 indicating a high
Yellowfin tackles auth bypass bug trio that opened door to RCE
2 years 11 months ago
Pre- and post-auth path to pwnage
Bitwarden responds to encryption design flaw criticism
2 years 11 months ago
Password vault vendor accused of making a hash of encryption
Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI
2 years 11 months ago
Akamai researchers have analyzed a critical vulnerability in Microsoft's CryptoAPI that would allow an attacker to masquerade as a legitimate entity.
Tomer Peled & Yoni Rozenshein
追寻老米足迹
2 years 11 months ago
旅行中的碎片记忆
追寻老米足迹
2 years 11 months ago
旅行中的碎片记忆
追寻老米足迹
2 years 11 months ago
旅行中的碎片记忆
追寻老米足迹
2 years 11 months ago
旅行中的碎片记忆
追寻老米足迹
2 years 11 months ago
旅行中的碎片记忆
追寻老米足迹
2 years 11 months ago
旅行中的碎片记忆