Aggregator

Critical Flaw in Sophos Web Appliance

1 year 8 months ago

Summary Sophos has released an update to mitigate three vulnerabilities in the Sophos Web Appliance (SWA). The most important of these three flaws is rated as critical and if exploited could lead to the execution of arbitrary code. Threat Type Vulnerability Overview **Update 04/25/2023** According to multiple sources, now that the patch for this vulnerability has been reverse engineered, functional Proof of Concept (POC) exploit code has been released. The POC code is available now to the public on Github

Our Journey with FlexBase Emissions

The Akamai Blog

1 year 8 months ago

Katie Robinson

Akamai Prolexic Now Comes With a Network Cloud Firewall

The Akamai Blog

1 year 8 months ago

Sven Dummer

监管政策一图概览：“深度伪造”技术的样态、场景和风险

天书奇坛TFT

1 year 8 months ago

深度伪造技术在近几年迅速兴起，这种技术可以利用人工智能和大数据生成虚假图片、视频、文本等，其逼真程度往往让人难辨真伪，给政治安全、经济安全、社会安全、国民安全等国家安全领域带来了诸多风险。

New Vulnerability: PaperCut MF/NG

Grey Noise

1 year 8 months ago

On Friday, April 21, 2023, CISA added CVE-2023-27350 (a critical unauthenticated remote code execution vulnerability) impacting PaperCut MF and PaperCut NG to the Known Exploited Vulnerabilities (KEV) list. PaperCut MF and PaperCut NG are both enterprise printer management software.

Active Exploitation Attempts (CVE-2023-1389) Against TP-Link Archer Gigabit Internet Routers

Grey Noise

1 year 8 months ago

GreyNoise, in conjunction with TrinityCyber, has observed active exploitation attempts using weaknesses found in CVE-2023-1389 against TP-Link Archer gigabit routers. This post provides information about a new GreyNoise tag for this activity as well as details on the exploit attempt and how organizations can keep themselves safe from harm.

密码保护：OSDA-LAB-Challenge10 笔记

glzjin 赵

1 year 8 months ago

无法提供摘要。这是一篇受保护的文章。

glzjin

修改itunes备份苹果手机默认路径

梧桐雨blog

1 year 8 months ago

最近手机空间越来越小，备份以后删除一些不必要的文件就显得很重要了。但是默认情况下itunes备份ios数据是 […]

梧桐雨

Akamai Brand Protector Solves the Growing Problem of Impersonation Attacks

The Akamai Blog

1 year 8 months ago

Danielle Walter

同程黑盒漏洞扫描系统 - 飞刃(nextscan)正式发布

同程旅行安全应急响应中心

1 year 8 months ago

Change in ENV Crawler Tags as Bots Continue to Target Environment Files

Grey Noise

1 year 8 months ago

GreyNoise is changing how we classify environment file crawlers from unknown intent to malicious intent. This change will result in the reclassification of over 11,000 IPs as malicious. Users who use GreyNoise’s malicious tag to block IPs based on malicious intent will see an increase in blocked IPs.

密码保护：OSDA-LAB-Challenge9 笔记

glzjin 赵

1 year 8 months ago

无法提供摘要。这是一篇受保护的文章。

glzjin

CTF | 2022 西湖论剑·中国杭州网络安全技能大赛 WriteUp

MiaoTony's小窝

1 year 8 months ago

农历兔年到来的第一场CTF比赛，和校队的小师傅佛系看了看题目，学习学习练练手写写writeup记录下好了。

MiaoTony

Weblogic T3 (IIOP)协议漏洞分析（三）

bluE0x00

1 year 8 months ago

内网渗透之横向移动基础总结（一）

跳跳糖 - 安全与分享社区

1 year 8 months ago

这篇文章介绍内网渗透种的横向移动。

uf9n1x

Break frida-objc-bridge

跳跳糖 - 安全与分享社区

1 year 9 months ago

回顾上上上…篇发布的文章《打造macOS下”最强”的微信取证工具》中使用 frida 工具从内存中获取到了关键数据，frida objc 的能力都来自于 frida-objc-bridge ，本着好奇探索心理想研究下原理，也没找到相关文章资料，倒是找到不少 frida-java-bridge 的文章。那么本文将从了解 Objective-C Runtime 开始，例如它的消息发送机制、Method Swizzling 等，再去探索 frida 中的 frida-objc-bridge 实现原理以及它最关键的 choose 方法的实现。

巴斯.zznQ

近源攻击方式总结

跳跳糖 - 安全与分享社区

1 year 9 months ago

前段时间身边的大佬去搞攻防，近源攻击挺有成效的，拿了上千的分数，之前自己也有搞过但是一直没用到攻防上面，整理下相关的方式，后续可以参考参考，近源攻击，顾名思义😏你走近点打他，攻击队通过靠近或者位于攻击目标内部，利用各类智能设备、通信技术、物理接口等方法进行突破，也就是说，攻防期间，除了待在小黑屋里面坐牢，还可以接近目标现场，通过现场的环境进行渗透突破，达到进入内网，获取数据的目的，比起在网上打点，近源攻击能够又快又准的进入目标内网，且方法多种多样，成功率很高，但是有点随缘，运气不好的话，可能你丢的Badusb被保洁阿姨丢掉了或者被保安抓了也不一定，关键还是运气和苟住🤔

OWASP API Security Top 10 (2023-RC更新)

乐枕迭代日志

1 year 9 months ago

进一步与Web攻击进行了区分，强调了API权限管理、资产管理、业务风控及供应链问题。

东软网络安全态势感知平台产品荣获“新一代信息技术创新产品奖”

东软网络安全

1 year 9 months ago

聚焦业务安全一体化防护方案，持续为客户的业务系统提供安全能力。

武汉绿盟-高级渗透攻防驻场工程师招聘(12k-18k)

漏洞推送

1 year 9 months ago

武汉绿盟-高级渗透攻防驻场工程师招聘(12k-18k)

Aggregator

Managed ad