Aggregator

利用该漏洞需要多步交互和授权

译者：知道创宇404实验室翻译组 原文链接：Weaponizing Chrome CVE-2023-2033 for RCE in Electron: Some Assembly Required 1 背景 我在一个应用程序的核心功能中，发现了一基于 React createElement 的 XSS 漏洞。该应用程序是一个包含桌面应用程序的漏洞赏金项目，我希望将此漏洞升级为在桌面应用...

介绍数据流通安全发展现状，提出数据流通安全标准体系框架。

如果攻击方已经进入内网，终端失陷，防守方还能怎么办？

Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its "pay or consent" advertising model or risk-facing enforcement measures, including sanctions. The European Commission said the Consumer Protection Cooperation (CPC) Network has notified the social media giant that the model adopted for Facebook and Instagram might potentially violate

以下内容，均摘自于互联网，由于传播，利用此文所提供的信息而造成的任何直接或间接的后果和损失，均由使用者本人负责，雷神众测以及文章作者不承担任何责任。

The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign that targeted a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which was previously observed targeting various government entities to gather sensitive information using

ESET researchers have discovered threats abusing the success of the Hamster Kombat clicker game

Newly discovered "FrostyGoop" is the first ICS malware that can communicate directly with operational technology systems via the Modbus protocol.

近日，山石网科情报中心利用部署在海外的沙箱和威胁探针，捕获到使用NSIS包装器伪装的CrowdStrike升级程序，该程序携带合法的CS升级程序，以及窃取的第三方企业证书进行签名来规避杀软检测。

Research by Dikla Barda, Roman Ziakin and Oded Vanunu Check Point’s Threat Intel blockchain system identified and alerted that in recent times, fraudsters have evolved to become increasingly sophisticated, exploiting legitimate blockchain protocols to conduct their scams. The Uniswap Protocol, launched in 2018, is the largest and most popular decentralized exchange for swapping cryptocurrency tokens […]

The post Unveiling the Scam: How Fraudsters Abuse Legitimate Blockchain Protocols to Steal Your Cryptocurrency Wallet appeared first on Check Point Research.

📢内含福利，快来参与呀！

Long story short — it is possible to phish the phishing resistant authentication method: Windows Hello for Business by downgrading the authentication, here’s how you can defend from it

2024 年 8 月 26 至 30 日，VLDB 2024 将在中国广州举行。字节跳动基础架构云原生中间件团队、批式计算团队、应用研究中心研究成果分别被 VLDB 2024 接收，并受邀进行现场报告。

诚邀众安全研究员携「神兵利器」前往 KCon 现场。

KCon大会议题巡展正式开启

Your third rift has brought you some sense of normalcy. But don’t get too comfy, there’s work to be done.