Aggregator

NCSC briefs IPAC representatives on response to malicious cyber activity

Government Communications Security Bureau

8 months 2 weeks ago

Representatives from the GCSB’s National Cyber Security Centre (NCSC) have spoken with current and former New Zealand members of Inter-Parliamentary Alliance on China (IPAC) regarding reports of malicious cyber activity targeting members of IPAC in 2021.

数字化转型时代下，证券行业Web应用安全走向新路线｜证券行业专刊2·安全村

安全村SecUN

8 months 2 weeks ago

常见问题梳理

执行命令绕 WAF 的 3 个小技巧

信安之路

8 months 2 weeks ago

英国ICO针对生成式AI的公开证据征询（第1-3次）

网安寻路人

8 months 2 weeks ago

给出了数据保护的初步意见

针对SugarGh0st组织最新攻击样本的分析

安全分析与研究

8 months 2 weeks ago

针对SugarGh0st组织最新攻击样本的分析

NetNoiseCon - Recapping our Debut Event

Grey Noise

8 months 2 weeks ago

From incredible technical talks to insightful career advice from industry leaders, there was something for everyone. We strongly encourage you to watch each of the talks and soak in the wisdom shared by our stellar lineup of speakers.

我对AI大模型安全的一些探索

darkless

8 months 2 weeks ago

首发于先知社区：https://xz.aliyun.com/t/14496

darkless

[webapps] Clinic Queuing System 1.0 - RCE

Exploit-DB.com

8 months 2 weeks ago

Clinic Queuing System 1.0 - RCE

[webapps] iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)

Exploit-DB.com

8 months 2 weeks ago

iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)

Where did my VMware Security Advisories go?

VMWare Security Blog

8 months 2 weeks ago

Wednesday May 8, 2024 Updates I) Today, we’ve learned that it is NOT needed to login into the Broadcom Support Portal to see a list of VMware Security Advisories. The following URLs show the list of security advisories by VMware division without the need to login: VMware Division URL to list of VMware Security Advisories … Continued

The post Where did my VMware Security Advisories go? appeared first on VMware Security Blog.

Monty Ijzerman

Defenders assemble: Time to get in the game

Sophos Threat Research

8 months 2 weeks ago

Recent research finds signs of progress in the public-private alliance against ransomware

Chester Wisniewski

CIS Benchmarks May 2024 Update

Blog Feed - Center for Internet Security

8 months 2 weeks ago

Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for May 2024.

[译文] 恶意代码分析：1.您记事本中的内容是什么？受感染的文本编辑器notepad++

娜璋AI安全之家

8 months 2 weeks ago

本文介绍了文本编辑器notepad++如何被感染，以及如何开展逆向分析。

Inspiring the next generation of scientists | Unlocked 403 cybersecurity podcast (ep. 3)

WeLiveSecurity

8 months 2 weeks ago

As Starmus Earth draws near, we caught up with Dr. Garik Israelian to celebrate the fusion of science and creativity and venture where imagination flourishes and groundbreaking ideas take flight

SDL 29/100问：白盒检测工具存在局限性，如何进行补偿？

我的安全视界观

8 months 2 weeks ago

白盒检测工具的常见问题主要是误报和漏报，为了推广应用及实现自动化需求，误报是最开始被关注的。但从最终效果来看漏报也很重要，应该重点想办法解决： 1、工具本身的局限性：基于正则模式匹配或数据流污点跟踪等均是静态检测方法，动态数据处理、数据流中断等场景均无法检测。 2、工具能力之外漏洞：业务逻辑类（如越权）、数据安全类（如接口返回过多的敏感信息）及环境配置类漏洞，并非SAST本身的能力，均无法检测。不过从整体SDL来看，白盒检测是产出最高的、也被寄予非常高的期望，以至于会误导领导以为能检测所有代码层面的漏洞。实则需要引入人工专项代码审计，重点review如认证处的逻辑关系、yii等SAST工具支持不友好的开发框架；在测试阶段使用DAST和IAST覆盖部分SAST检测不到的场景，如基础运行环境的安全、数据流中断的场景。更多软件安全内容，可以访问： 1、SDL100问：我与SDL的故事 SDL与DevSecOps有何异同？如何在不同企业实施SDL？ SAST误报太高，如何解决？ SDL需要哪些人参与？在devops中做开发安全，会遇到哪些问题？如何实施安全需求？安全需求，有哪些来源？安全需求怎么实现自动化？实施安全需求，会遇到哪些难题？安全需求和安全设计有何异同及关联？设计阶段应开展哪些安全活动？有哪些不错的安全设计参考资料？安全设计要求怎么做才能落地？有哪些威胁建模方法论？有哪些威胁建模工具？如何开始或实施威胁建模？威胁建模和架构安全评审，有何异同？编码阶段，开展哪些安全活动？如何选择静态代码扫描(SAST)工具？如何选择开源组件安全扫描(SCA)工具？ SCA工具扫描出很多漏洞，如何处理？ SCA工具识别出高风险协议，如何处理？如何制定一份有用的开发安全规范？如何做到开发安全规范的有效实施？应该如何选型代码安全扫描工具？代码安全扫描应该设置哪些指标？如何提升开发人员的安全意识？ SDL 28/100问：在编码阶段加入安全检查后，如何处理带来的时间压力？ 2、SDL最初实践系列开篇安全需求安全设计安全开发安全测试安全审核安全响应

CIS Benchmarks Community Volunteer Spotlight: Bruce Bading

Blog Feed - Center for Internet Security

8 months 2 weeks ago

CIS relies on a global community of IT security professionals to ensure that the CIS Benchmarks provide independent, vendor-agnostic security guidance. These volunteers provide their expertise for the benefit of all those who seek to use the internet to interact with the world safely and securely online. Bruce F. Bading, President, BFB Consulting, Inc., has […]

How Effectively Are You Deploying Segmentation to Mitigate Cyberattack Risks?

The Akamai Blog

8 months 2 weeks ago

Carley Thornell, Cheryl Chiodi, Susan McReynolds & Helder Ferr�o

Accelerating Zero Trust Outcomes with Generative AI, Part 2: Guardicore AI

The Akamai Blog

8 months 2 weeks ago

Jacob Abrams

Aggregator

对网空测绘数据的一点思考

世间美好，接“粽”而至｜雷神众测端午福利来袭！

NCSC briefs IPAC representatives on response to malicious cyber activity

数字化转型时代下，证券行业Web应用安全走向新路线｜证券行业专刊2·安全村

执行命令绕 WAF 的 3 个小技巧

英国ICO针对生成式AI的公开证据征询（第1-3次）

针对SugarGh0st组织最新攻击样本的分析

NetNoiseCon - Recapping our Debut Event

我对AI大模型安全的一些探索

[webapps] Clinic Queuing System 1.0 - RCE

[webapps] iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)

Where did my VMware Security Advisories go?

Defenders assemble: Time to get in the game

CIS Benchmarks May 2024 Update

[译文] 恶意代码分析：1.您记事本中的内容是什么？受感染的文本编辑器notepad++

Inspiring the next generation of scientists | Unlocked 403 cybersecurity podcast (ep. 3)

SDL 29/100问：白盒检测工具存在局限性，如何进行补偿？

CIS Benchmarks Community Volunteer Spotlight: Bruce Bading

How Effectively Are You Deploying Segmentation to Mitigate Cyberattack Risks?

Accelerating Zero Trust Outcomes with Generative AI, Part 2: Guardicore AI

Aggregator

Managed ad