Aggregator

安天CERT监测到多起Outlaw挖矿僵尸网络攻击事件，该挖矿僵尸网络最早于2018年被发现，主要针对云服务器从事挖矿活动

Some of the state’s new child safety law can be easily circumvented. Should it have gone further?

引言ATT&CK除了版本更新的常规内容外，研究机构、学术界和产业界都有更深入的实践，检测方面的内容有了更多深入的实践和检验，从实际情况“祛魅”了ATT&CK覆盖率这个数字。除了检测工程之外，在威胁预测

Jan 14, 2025There's a pernicious myth that developers don't care aboutsecurity. In practice, they c

该漏洞评分高达10分，攻击者借此植入恶意软件

看雪论坛作者ID：stonectf

✦1、打pwn需要准备的武器库✦✦2、副武器✦◆file 程序名：可查看文件类型以及一些大致信息◆readelf -a 程序名：查看elf文件所有节、符号表等信息◆hexdump 程序名：把指令数据等

如今，无人机已经成为各行各业的重要工具，其应用场景日益广泛。例如从军事侦察到物流配送，从影视拍摄到农业监测。随着无人机技术的普及，其安全问题也逐渐凸显。例如无人机遭受黑客攻击、数据泄露、飞行失控等安全

2025年1月14日，网络安全研究人员发现，云攻击者正在利用一个名为Max-Critical Aviatrix RCE的漏洞（编号CVE-2024-50603），该漏洞在CVSS评分中高达10分（满分

A critical flaw in Google’s “Sign in with Google” authentication system has left millions of Americans vulnerable to potential data theft. This vulnerability mainly affects former employees of startups, especially those that have ceased operations. According to Truffle Security, the root cause stems from how Google’s OAuth login interacts with domain ownership changes. When a […]

The post Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Sun Solaris 2.6/7.0. It has been classified as critical. Affected is an unknown function of the component lpset Command. The manipulation of the argument -r leads to memory corruption. This vulnerability is traded as CVE-2000-0317. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Intro