Aggregator

Атомные трещины создают идеальный канал для электричества?

Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. [...]

via the inimitable Daniel Stori at Turnoff.US!

Permalink

The post Daniel Stori’s Turnoff.US: ‘mastering regexp’ appeared first on Security Boulevard.

Как атомные часы изменят навигацию, связь и безопасность миссий.

美国前国家安全顾问 Mike Waltz 使用的修改版 Signal 因可能遭到黑客入侵而暂停服务。TeleMessage 是一家以色列公司，2024 年被一家美国公司 Smarsh 收购。TeleMessage 能访问和存档 Signal 消息。Waltz 因 Signal 泄密事件而备受质疑，他在上周晚些时候被免职，特朗普提名他担任联合国大使。他在上周的内阁会议上被摄像机拍摄到使用 TeleMessage Signal 应用。该应用能捕捉和存档 Signal 通话、消息和已删除内容。匿名黑客声称入侵 TeleMessage 只花了 15 到 20 分钟，称它没有使用端对端加密。

本文是一份详尽的指南，专为对内核漏洞挖掘与调试感兴趣的初学者设计。文章以CVE-2022-0847（Dirty Pipe漏洞）为例，从零开始，逐步引导读者学习Linux内核调试、漏洞复现、原理分析及漏洞利用。Dirty Pipe漏洞因其严重的危害性和简单的概念而受到关注，无需复杂的前置知识即可理解和复现。文章内容包括环境搭建、内核源码阅读与调试技巧、深入理解Dirty Pipe漏洞原理、漏洞复现与

在当今的企业网络安全体系中，Active Directory（AD）扮演着至关重要的角色。它不仅是用户身份认证与权限控制的中枢神经，更是整个内网架构运作的基础。而其中最核心的组件——ntds.dit 数据库文件，则记录着整个域环境中的账号、组关系、密码哈希等关键数据。

The Legal Aid Agency (LAA), an executive agency of the UK's Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have accessed financial information. [...]

The response to our first LastWatchdog Strategic Reel has been energizing — and telling.

Related: What is a cyber kill chain?

The appetite for crisp, credible insight is alive and well. As the LinkedIn algo picked up steam and auto-captioning … (more…)

The post RSAC Strategic Reel: Cyber experts on the front lines unpack ‘Shadow AI,’ ‘Ground Truth’ first appeared on The Last Watchdog.

The post RSAC Strategic Reel: Cyber experts on the front lines unpack ‘Shadow AI,’ ‘Ground Truth’ appeared first on Security Boulevard.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. [...]

Машина пишет идеально, но читателю скучно — и это её провал.

Alleged Sale of WordPress Admin Access to a Spanish Website

Google's Phil Venables on How AI Creates Structural Advantage in Security
Amid rising cyberthreats, security leaders are using AI tools to drive business enablement and risk management across their organizations, creating unprecedented opportunities for team transformation and career advancement, said Phil Venables, strategic security advisor at Google.

RSA CEO Rohit Ghai on Security Amid Evolving Threats, Tech Disruption
AI, geopolitical instability and sophisticated cyberthreats are reshaping how organizations must think about risk, resilience and identity. RSA CEO Rohit Ghai discusses identity overhaul for enterprises, moving beyond passwords and an approach to AI-based threats.

AllegisCyber Capital's Bob Ackerman Examines Machine-Speed Defense Requirements
Traditional security analysts can no longer keep pace as attackers use AI to compress breach timelines from months to mere hours, fundamentally altering the cybersecurity landscape, said Bob Ackerman, founder and managing director at AllegisCyber Capital.

RSAC 2025见闻与思考 by ourren

更多最新文章，请访问SecWiki

SentinelOne protects users from local upgrade bypass techniques by implementing controls like the Local Upgrade Authorization feature.

The post Protection Against Local Upgrade Technique Described in Aon Research appeared first on SentinelOne.

Look, we all know cybersecurity is hard. Then you add budget pressures, talent gaps, and operational chaos — it gets even harder. I’ve lived it. I spent over 25 years at MD Anderson Cancer Center, the largest cancer center in the world. I retired recently as CTO. Our mission was clear: end cancer. But that […]

The post Strengthening Cyber Defense and Achieving Digital Operational Resilience in Healthcare appeared first on ColorTokens.

The post Strengthening Cyber Defense and Achieving Digital Operational Resilience in Healthcare appeared first on Security Boulevard.

The Alvin Independent School District in Texas has notified over 47,000 individuals affected by a data breach exposing sensitive personal information