Trellix automates tackling open source vulnerabilities at scale
More than 61,000 vulnerabilities patched and counting
Aggregator
WatchTower 脅威インテリジェンスサービス |2022 年のサイバーセキュリティのトレンドと重要ポイント
3 years 2 months ago
Curating raw data into original insights, WatchTower's 2022 Review reflects on the previous year's top threats and trends.
The post WatchTower 脅威インテリジェンスサービス |2022 年のサイバーセキュリティのトレンドと重要ポイント appeared first on SentinelOne JP.
SentinelOne
Video Tutorial: Hijacking SSH Agent
3 years 2 months ago
Recently I got the feedback to create more tutorials and videos, and I thought SSH Agent Hijacking on Linux and macOS (which I wrote about before here) would make a good one.
The video tutorial is here.
If you like this kind of content, then comment or like the video on YouTube and I’ll create more.
Hope it’s useful to get a good basic understanding of this TTP, and help build detections for it.
Critical Vulnerabilities in VMware Aria Operations for Logs
3 years 2 months ago
Summary
VMware has released a fix for two critical vulnerabilities in VMware Aria Operations for Logs. The vulnerabilities both have a CVSS score of 9.8.
Threat Type
Vulnerability
Overview
On Tuesday, January 25, VMware released updates/upgrades for two critical vulnerabilities in its vRealize Log Insight (now VMware Aria Operations for Logs) software that could allow attackers to gain remote access via non-upgraded appliances. Both CVE-2022-31704 and CVE-2022-31706 have CVSS scores of 9.8 indicating a high
Yellowfin tackles auth bypass bug trio that opened door to RCE
3 years 2 months ago
Pre- and post-auth path to pwnage
Bitwarden responds to encryption design flaw criticism
3 years 2 months ago
Password vault vendor accused of making a hash of encryption
Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI
3 years 2 months ago
Akamai researchers have analyzed a critical vulnerability in Microsoft's CryptoAPI that would allow an attacker to masquerade as a legitimate entity.
Tomer Peled & Yoni Rozenshein
追寻老米足迹
3 years 2 months ago
旅行中的碎片记忆
追寻老米足迹
3 years 2 months ago
旅行中的碎片记忆
追寻老米足迹
3 years 2 months ago
旅行中的碎片记忆
追寻老米足迹
3 years 2 months ago
旅行中的碎片记忆
追寻老米足迹
3 years 2 months ago
旅行中的碎片记忆
追寻老米足迹
3 years 2 months ago
旅行中的碎片记忆
IoT vendors faulted for slow progress in setting up vulnerability disclosure programs
3 years 2 months ago
Manufacturer complacency ‘translates into an unacceptable risk for consumers’, warns security expert
The PayPal Breach – Who Was Affected and How You Can Protect Yourself
3 years 2 months ago
PayPal recently notified thousands of its customers that their accounts were breached by hackers, leaving their Social Security Numbers and...
The post The PayPal Breach – Who Was Affected and How You Can Protect Yourself appeared first on McAfee Blog.
McAfee
Sensor Intel Series: Top CVEs in December 2022
3 years 2 months ago
See which vulnerabilities caught attackers’ eyes in December 2022.
Sensor Intel Series: Top CVEs in December 2022
3 years 2 months ago
See which vulnerabilities caught attackers’ eyes in December 2022.
Sensor Intel Series: Top CVEs in December 2022
3 years 2 months ago
See which vulnerabilities caught attackers’ eyes in December 2022.
AWS patches bypass bug in CloudTrail API monitoring tool
3 years 2 months ago
Threat actors poking around AWS environments and API calls could stay under the radar
[新年特刊-初二篇]CS插件开发
3 years 2 months ago