Aggregator

该文章是业界最准确的SCA介绍，阅读后可以收获理解这个领域和白盒扫描的区别。 第三方组件安全问题是本质是软件工程，源代码控制问题而不是依赖项管理的安全问题，建立“持续”的信任关系的复杂性具有挑战性。

该文章是业界最准确的SCA介绍，阅读后可以收获理解这个领域和白盒扫描的区别。 第三方组件安全问题是本质是软件工程，源代码控制问题而不是依赖项管理的安全问题，建立“持续”的信任关系的复杂性具有挑战性。

该文章是业界最准确的SCA介绍，阅读后可以收获理解这个领域和白盒扫描的区别。 第三方组件安全问题是本质是软件工程，源代码控制问题而不是依赖项管理的安全问题，建立“持续”的信任关系的复杂性具有挑战性。

起因之前有谈到过 Go 语言的交叉编译，虽然七七八八写了一堆，但是实际上的可操作性还是比较差的，当时使用go-ui-crossbuild项目也已经超过3年没有维护了。最近从各个方面感受到了 do...

Credential stuffing is a multifaceted and enduring risk to organizations of all types and sizes. This report is a comprehensive examination of the entire life cycle of stolen credentials—from their theft, to their resale, and their repeated use in credential stuffing attacks.

Credential stuffing is a multifaceted and enduring risk to organizations of all types and sizes. This report is a comprehensive examination of the entire life cycle of stolen credentials—from their theft, to their resale, and their repeated use in credential stuffing attacks.

Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term.

Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term.

腾讯御见UEBA（用户实体行为分析）面向政务、金融、能源等行业的办公安全、数据安全、员工行为管理，使用一系列

腾讯御见UEBA（用户实体行为分析）面向政务、金融、能源等行业的办公安全、数据安全、员工行为管理，使用一系列

腾讯御见UEBA（用户实体行为分析）面向政务、金融、能源等行业的办公安全、数据安全、员工行为管理，使用一系列

腾讯御见UEBA（用户实体行为分析）面向政务、金融、能源等行业的办公安全、数据安全、员工行为管理，使用一系列

腾讯御见UEBA（用户实体行为分析）面向政务、金融、能源等行业的办公安全、数据安全、员工行为管理，使用一系列

During the COVID-19 pandemic, I wanted to extend the local WiFi in my home to reach all the floors. The goal was to have full connectivity from every location in the house.

Phishing continues to be a major attack vector, and it's surprising just how many security incidents and breaches start with an employee clicking on a link in a carefully crafted phishing email (and sometimes doing the same with a not-so-well crafted phishing email -- see this example).

The beginning of a new year is a time to look back and reflect on the previous one. December 31st is also the end date of our annual Krakow Internship Program.

Over the halfway point! (I appreciate week 6 was a while ago, I haven’t had a chance to clean up my write up for this until now). This week we’re looking at email authentication again, trying to identify the actual date of an email. I scraped this one by with only hours to spare, and […]

The other day I read this blog post about “The Death of Manual Red Teams” and I thought I’d take a moment to comment on it to provide an alternative perspective.

In my opinion the premise of the blog post is backwards, highlighting a lack of understanding of what red teaming is about.

For instance the following sentence in the post seems quite incorrect: “Red teaming is the process of using existing, already known security bugs and vulnerabilities to hack a system.”.

近日，VIPKID受北京朝阳公安分局网络安全保卫大队邀请，参加2020年度网络安全总结会议并荣获网络安全支持

近日，VIPKID受北京朝阳公安分局网络安全保卫大队邀请，参加2020年度网络安全总结会议并荣获网络安全支持