Aggregator

Summary VMWare published a security advisory, VMSA-2021-0005, that addresses an authentication bypass vulnerability in the VMware Carbon Black Cloud Workload appliance. Threat Type Vulnerability Overview VMWare published a security advisory, VMSA-2021-0005, that addresses a vulnerability (CVE-2021-21982) in the VMware Carbon Black Cloud Workload appliance. The vulnerability is an authentication bypass issue which could potentially allow a remote attacker to obtain administrative access to an affected device

Summary The Federal Bureau of Investigations (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint cybersecurity advisory on APT actors exploiting vulnerabilities in FortiOS to gain initial access to commercial, government, and technology services networks. Threat Type Vulnerability Overview APT actors have been observed scanning devices on certain ports which are associated with the FortiOS vulnerability, CVE-2018-13379. The actors have also been enumerating devices that

原理

当获得root权限之后，可对fakesh设置suid标志位

之后就可以用fakesh在低权限下获得root权限

Recently I’m confused by my research. I need to p […]

Summary The ICS-CERT has published an advisory that affects Rockwell Automation's FactoryTalk AssetCentre. Threat Type Vulnerability Overview The ICS-CERT has published an advisory that affects Rockwell Automation's FactoryTalk AssetCentre. Further information is available from the advisory which is summarized below. ICS Advisory ICSA-21-091-01 - Rockwell Automation FactoryTalk AssetCentre CVE-2021-27462 - A deserialization vulnerability exists in how the AosService.rem service in FactoryTalk AssetCentre ve

Criminals love tax season. The stress and urgency surrounding this time of year makes the victim pool highly vulnerable to various types of schemes.

钓鱼演练踩坑笔记

Summary Proofpoint Threat Research discovered in late 2020 a new credential phishing campaign named BadBlood, carried out by threat group TA453, aka Charming Kitten. The campaign targets senior medical professionals who specialize in genetic, neurology, and oncology research in the United States and Israel. These targets are not the traditional targets for TA453, however, the tactics and techniques observed in BadBlood continue to mirror those used in historic TA453 campaigns. Threat Type Malware, Phishing,

antSword 后渗透模块，一个你不能错过的插件。本文将介绍 v1.2 更新内容，并介绍该插件目前已有的功能。

黑客已在可公开访问的网络犯罪论坛上发布了估计5.33亿Facebook用户的电话号码和帐户详细信息，约占整个

Java Agent 从入门到内存马（下）

得补 java 基础。很多 java 特性之前没有碰到过的。

利用 WebRTC 这碗老剩饭，貌似大家都忘关这功能了，拿出来再热一热

从“误入歧途的人生”“来自内部的敌人”“包藏祸心的教材”“互联网中的威胁”四个部分，充分揭示新疆虽连续4年多未发生暴恐案事件，但仍面临来自恐怖主义和极端主义的威胁和挑战。

Metasploit最新资讯！！新模块*7，功能更新*5，BUG修复*10~

Even with 99.95% efficacy of network security controls, bad actors can still monetize fraud. Security convergence is the way forward in surviving digital fraud.

逛 B 站的时候，突然想到可以用 PHP 接入直播弹幕，然后在命令行显示弹幕消息。 经过搜索发现了一篇讲解 Bilibili 直播弹幕协议的文章（链接在文末），通过这篇文章了解到了弹

通过之前几篇对智能门锁的分析和讨论，是不是有种渐入佳境的感觉？从本篇开始，我们再换一个门锁品牌进行研究