Aggregator

本文转载自“华东师范大学密码学院”公众号，欢迎关注在人文社科领域，有一种叫做“Fieldwork”的研究方法

Microsoft credited controversial actor EncryptHub, a lone actor with ties to cybercrime, for reporting two Windows flaws. Microsoft credited the likely lone actor behind the EncryptHub alias (also known as SkorikARI) for reporting two Windows security flaws, highlighting a “conflicted” figure balancing ethical cybersecurity work with cybercriminal activity. Outpost24 KrakenLabs published a detailed analysis of […]

Cloudflare delivers toolkit for AI agents with new Agents SDK support for MCP (Model Context Protocol) clients, authentication/authorization/hibernation for MCP servers and Durable Objects free tier.

Xanthorox AI, a self-contained system for offensive cyber operations, has emerged on darknet forums

Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we explore the five steps to take on your journey to exposure management. You can read the entire Exposure Management Academy series here.

Chances are, you’re buried in vulnerabilities and other cyber risks and there’s simply no way to address them all. But they keep on coming. You could work day and night and never hope to close them all. Of course, hope is not a strategy — especially with breaches like those that impacted SolarWinds and Colonial Pipeline, which cost millions to mitigate. And even after those companies cleaned up their issues, the damage was done — to their brands, to customer loyalty and to stakeholder confidence. 

So, faced with building threats, what can you do? 

In the cyber world, the key to getting ahead of your exposures is focus. That doesn’t mean trying to boil the ocean of threats you face. In fact, it might mean doing less. Pour that ocean into a paper cup. 

Economist Michael E. Porter wrote in a seminal Harvard Business Review article: "The essence of strategy is choosing what not to do." The upshot here: How can you be strategic if you have to do everything? Or, as the great philosopher Bob Seger once sang in “Against The Wind”: 

Deadlines and commitments
What to leave in, what to leave out

So, what should you leave in and what should you leave out? 

Let’s think about it: Many organizations have to address hundreds of new vulnerabilities across thousands of assets each week. Then there are the daily software vulnerabilities that application development introduces, myriad cloud misconfigurations and vast amounts of overprivileged service accounts that often lead to breaches.

An exposure management program can help you move beyond noisy findings like misconfigurations, CVEs and excessive permissions so you can focus on your organization’s riskiest exposures. To help you start your journey, we’ve crafted five steps that will get you moving from vulnerability management toward exposure management. You may have noticed a mention of these steps in a recent post, What Is Exposure Management and Why Does It Matter? We expand on them here. 

Start your exposure management journey with five steps

If you think about risk-based exposure management as a journey, with steps and mileposts along the way, you’ll be in good shape for the coming months and years. Let’s get started. 

Step 1: Know your attack surface

Attackers usually gain an initial foothold by compromising an asset or identity that gives them machine or human privileges. 

With cloud, IoT and remote work proliferating in recent years, perimeters are a relic of that past. So the attack surface, which used to be a fixed IT infrastructure footprint, is now amorphous and expanding constantly. Alongside that expansion, the number of potential entry points for attackers grows in lockstep. 

But there are always gaps. And a single unsecured device, unpatched laptop, misconfigured cloud storage bucket or weak password can provide sufficient privileges to serve as a launchpad for a successful attack. 

So the first step in the exposure management journey has to focus on attack surface management, which gives you comprehensive visibility into your entire attack surface — both external and internal. This requires bringing together asset and identity information distributed over multiple tools. 

Must have: An exposure management platform will enable the discovery and aggregation of asset data across your entire external and internal attack surface. Seemingly elusive assets in cloud, IT, operational technology (OT), internet of things (IoT), identities and applications will show up in a holistic view of the attack surface. 

Step 2: Identify preventable risk

Just about every attack aims to exploit weaknesses to escalate privileges and move laterally. Figuring out all preventable risks can be a challenge because it requires a mix of techniques and tools across network scanners, agents, passive monitoring and agentless approaches. 

Even if you manage to bring all of that together, the findings are usually locked in individual tools — each with unique risk prioritization scores. 

To effectively measure and manage risk requires a complete and normalized view of all preventable risk, including an inventory of misconfigurations, vulnerabilities and excessive privileges for each asset or identity. This is essential to understanding total exposure. 

Must have: An exposure management platform will detect the three preventable forms of risk attackers use to gain initial access and move laterally: vulnerabilities, misconfiguration and excessive privileges. The platform will aggregate findings by asset then normalize them to calculate an overall risk score that enables security teams to quickly identify the assets that pose the greatest potential risk to your organization. 

Step 3: Align with business context

News Flash: Most security teams are understaffed. Why is that? Although there’s a limited talent pool, the primary reason stems from limited budgets. So, it’s no surprise that, with an overwhelming number of assets and findings streaming in every day, many security teams struggle to keep pace. The result is alert fatigue.

Overcoming alert fatigue and scaling security requires visibility into what matters most — the critical services, processes and data that support the mission of your organization. It could be a digital commerce service that generates revenue, client data that stores personally identifiable information or the processes that run a manufacturing line.

By aligning assets to these mission-critical functions, you can prioritize crown jewel assets, and push everything else to the back of the line. 

Must have: An exposure management solution features asset tagging that enables security staff to logically group assets across technology domains and align them with an important business function, service or process. 

Step 4: Remediate true exposure

If there’s one goal every attacker has it’s this: identifying viable attack paths. 

From those attack paths, they’ll try a few things, including exfiltrating data, disrupting operations or demanding ransom. 

Because even a single open port on an asset can provide an initial foothold that leads to any number of potential attack paths, understanding the relationships between assets, identities and risk is critical. If you look into these toxic relationships, you’ll see the attack paths that lead to crown jewels and you can prioritize remediation accordingly. 

Another benefit of attack path analysis is that you can see your choke points — the specific risks that enable multiple attack paths. As a result, when you remediate one issue, you can resolve dozens, if not hundreds, of attack paths to help close exposures fast. 

Must have: An exposure management system shares detailed asset, identity and risk relationship information it discovers and maintains in its asset inventory. You’ll be able to see high-risk assets, including crown jewels. But more importantly, you’ll be able to see all related attack paths that lead to that asset.

Step 5: Continuously optimize investments

Companies have made incalculable investments in security tools that produced trillions of data points and telemetry details about every potential risk. On the surface, that might seem impressive. But the reality is, even with all of that data (or maybe because of it), most security leaders struggle to answer a fundamental question: “How secure are we?” 

If you can’t answer that question, you’ll have trouble when your board of directors comes calling. Or maybe you’ll get tripped up when it’s time to report to the C-suite and lines of business. With tight budgets and staffing constraints, understanding where investments can make the biggest impact is vital. 

Measuring, managing and communicating exposure in multiple ways should be at the core of your responsibilities. That includes overall cyber exposure for an organization, exposure by business function or line of business, by technology domain, by administrator, or even compliance aligned to specific regulatory mandates. 

Must have: An exposure management software provides real-time and historical visibility into key performance and risk indicators, including trend, service-level agreement and remediation insights. This will help you understand where you are in relation to your peers. 

Takeaways

The frenetic nature of today’s threat landscape shows no signs of abating. As a result, siloed security is ill-equipped to address today's sophisticated threat attackers. 

There is a new way: a holistic exposure management program that provides comprehensive visibility into assets, identities and risks. Exposure management aligns security to the things that matter most, prioritizing remediation of true exposures that can have a material impact on your organization.

NSSCTF Round#28 WEB题解

sctf复现

通过ctfshow例题入门armpwn

环境搭建源码下载地址：https://github.com/rainrocka/xinhu下载后解压到本地网站根目录下，配置好数据库，然后安装即可默认密码是admin/123456，登录进去得更改一次密码路由分析这里用get方式会接收m，d，a，ajaxbool参数rock->jm->gettoken获取。当ajaxbool为false时，是对xxxAction.php的内容访问，当a

Currently trending CVE - Hype Score: 18 - YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.

Currently trending CVE - Hype Score: 2 - Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary ...

You have until April 27 at 11:59 p.m. PT to grab lifetime access to AdGuard's privacy and ad-blocking tools for just $15.97 (reg. $169)—remember to enter code FAMPLAN at checkout for this limited-time discount. [...]

Истории жертв и внутренняя кухня брокеров-аферистов.

For the latest discoveries in cyber research for the week of 7th April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The second-largest bar association in the US, The State Bar of Texas, has experienced a ransomware attack that resulted in unauthorized access to its network, exposing sensitive member information including full names […]

The post 7th April – Threat Intelligence Report appeared first on Check Point Research.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-31161 CrushFTP Authentication Bypass Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

NIST researchers have found special atomic patterns called quasicrystals in 3D-printed aluminum alloys.

WinRAR users, upgrade your software as soon as possible: a vulnerability (CVE-2025-31334) that could allow attackers to bypass Windows’ Mark of the Web (MotW) security warning and execute arbitrary code on your machine has been fixed in version 7.11. About CVE-2025-31334 WinRAR is an extremely popular file archiver utility for Windows. It can create and view archives in RAR or ZIP file formats, as well as “unpack” archive file in other formats (ISO, JAR, TAR, … More →

The post WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334) appeared first on Help Net Security.

Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the code we trust, and malware hides not just in shady apps — but in job offers, hardware, and cloud services we rely on every day. Hackers don’t need sophisticated exploits anymore. Sometimes, your credentials and a little social engineering are enough. This week,