美英将SolarWinds供应链事件归因于俄罗斯对外情报局SVR
SolarWinds供应链攻击事件对美国造成非常大的影响,抛开多家科技巨头被入侵不说,就连美国国土安全部门的
Aggregator
聊聊我在做的事情和思考(有删减)
4 years 5 months ago
这世界也许本来就是一个F(x)
聊聊我在做的事情和思考(有删减)
4 years 5 months ago
这世界也许本来就是一个F(x)
聊聊我在做的事情和思考(有删减)
4 years 5 months ago
这世界也许本来就是一个F(x)
Awesome-Forwarder开发实战
4 years 5 months ago
Awesome-Forwarder开发实战~
Awesome-Forwarder开发实战
4 years 5 months ago
Awesome-Forwarder开发实战~
Awesome-Forwarder开发实战
4 years 5 months ago
Awesome-Forwarder开发实战~
FBI“合法清除”被攻击的Exchange服务器WebShell
4 years 5 months ago
2021年1月到2月,有黑客组织使用Microsoft Exchange邮件服务器软件中的0day漏洞利用链
FBI“合法清除”被攻击的Exchange服务器WebShell
4 years 5 months ago
2021年1月到2月,有黑客组织使用Microsoft Exchange邮件服务器软件中的0day漏洞利用链
FBI“合法清除”被攻击的Exchange服务器WebShell
4 years 5 months ago
2021年1月到2月,有黑客组织使用Microsoft Exchange邮件服务器软件中的0day漏洞利用链
Collusion Fraud: The Art of Gaming the System with Complicity
4 years 5 months ago
How platform business models are at an increased risk of fraud when two or more separate parties collude.
Collusion Fraud: The Art of Gaming the System with Complicity
4 years 5 months ago
How platform business models are at an increased risk of fraud when two or more separate parties collude.
Zero-Day Vulnerability in Desktop Window Manager Used In-the-Wild
4 years 5 months ago
Summary
CVE-2021-28310 is a privilege escalation vulnerability in Windows' Desktop Window Manager. It was discovered by Kaspersky being used in-the-wild by BITTER APT.
Threat Type
Vulnerability, Exploit, APT
Overview
Kaspersky published a blog post detailing CVE-2021-28310, a zero-day vulnerability they discovered being exploited by BITTER APT. It is a privilege escalation vulnerability, and Kaspersky believes it was used in combination with other browser exploits. Since the full exploit chain wasn't captur
SAP Security Patch Day - April 2021
4 years 5 months ago
Summary
SAP has released its April 2021 security patches for a variety of products. Each product and a link to details on the vulnerability are listed below. In all, 14 security notes were released. Of these, 1 is rated critical, 4 are rated high, 9 are rated as medium, and 5 are updates to previously released patches. The potential impact from successful exploitation of the most serious vulnerability is remote code execution. In addition, privilege escalation, accessing sensitive files, and other nefarious
Spring Boot中关于%2e的Trick
4 years 5 months ago
分享一个Spring Boot中关于%2e的小Trick。先说结论,当Spring Boot版本在小于等于2. […]
Rui0
谷歌是如何做应急响应的
4 years 5 months ago
Google的应急响应流程在18年就有相关的材料介绍了,笔者集合了一些会议材料、Paper、官网文章进行较为完整的分享,希望大家可以借此比对同国内自家理念的异同。
谷歌是如何做应急响应的
4 years 5 months ago
Google的应急响应流程在18年就有相关的材料介绍了,笔者集合了一些会议材料、Paper、官网文章进行较为完整的分享,希望大家可以借此比对同国内自家理念的异同。
谷歌是如何做应急响应的
4 years 5 months ago
Google的应急响应流程在18年就有相关的材料介绍了,笔者集合了一些会议材料、Paper、官网文章进行较为完整的分享,希望大家可以借此比对同国内自家理念的异同。
Adapting Security to Work Anywhere
4 years 5 months ago
"Working from home 2021" was the title of my talk at The Cyber Security Summit in January, and the strikethrough is important.
Richard Meeus
ICS-CERT Advisories April 13 2021
4 years 5 months ago
Summary
The ICS-CERT has published fifteen advisories that affect Schneider Electric SoMachine Basic, Advantech WebAccessSCADA, JTEKT TOYOPUC products, the Siemens products Solid Edge File Parsing, Web Server of SCALANCE X200, SINEMA Remote Connect Server, LOGO! Soft Comfort, PKE Control Center Server, TIM 4R-IE Devices, Nucleus Products IPv6 Stack, Nucleus Products DNS Module, Tecnomatix RobotExpert, SIMOTICS CONNECT 400, Nucleus DNS, and the Siemens and Milestone Siveillance Video Open Network Bridge.
Thr