Aggregator

A quick overview of the recently discovered vulnerability. Learn how you can practice exploiting (and defending against) the local privilege escalation attack on the HTB platform!

10月11日，绿盟科技CERT监测到微软发布10月安全更新补丁，修复了104个安全问题，本月微软月度更新修复的漏洞中，严重程度为关键（Critical）的漏洞有12个，重要（Important）漏洞有92个。其中包括3个存在在野利用的漏洞。

近日，绿盟科技监测到curl官方发布安全公告，修复了SOCKS5堆缓冲区溢出漏洞（CVE-2023-38545）和cookie注入漏洞（CVE-2023-38546）。漏洞细节已公开，请受影响用户尽快升级版本进行防护。

2023年10月11日，阿里云应急响应中心监测到 curl SOCKS5 堆溢出漏洞(CVE-2023-38545)。

关于星阑星阑科技基于大数据分析及AI智能化技术体系，助力企业应对数字世界的安全风险。

欢迎来到RC2深圳实验室~

Summary curl version 8.4.0 has been released. According to the developers of curl, this version mitigates a vulnerability that has been present in curl for over 10 years and has not, to this point, been exploited. This vulnerability has been disclosed as a SOCKS5 heap buffer overflow and is currently rated HIGH. Threat Type Vulnerability Overview The developers of curl have released version 8.4.0 of the software. This update was designed to mitigate at least two previously undisclosed vulnerabilities, one o

清华大学网络与信息安全实验室学术论文分享活动

随着科技的迅猛发展，汽车行业正在经历一个前所未有的变革。作为这一变革的核心驱动力，智能车联网技术正在打破传统驾驶体验的界限，改变着汽车行业的格局。近期，作为深耕网络安全领域的垂直媒体嘶吼，采访了星阑科技CTO徐越，深入探讨智能车联网安全。

随着科技的迅猛发展，汽车行业正在经历一个前所未有的变革。作为这一变革的核心驱动力，智能车联网技术正在打破传统驾驶体验的界限，改变着汽车行业的格局。近期，作为深耕网络安全领域的垂直媒体嘶吼，采访了星阑科技CTO徐越，深入探讨智能车联网安全。

On October 11th, 2023, a heap-based buffer overflow in curl was disclosed under the identifier CVE-2023-38545. The vulnerability affects libcurl 7.69.0 to and including 8.3.0. Vulnerable versions of libcurl may be embedded in existing applications. However, to reach the vulnerable code path, the application must be configured to utilize one of the SOCKS5 proxy modes and attempt to resolve a hostname with extraneous length.

做人嘛，最重要的是开心，我在尖沙咀等你，不见不散~

Cobalt Strike 4.9.1 is now available. This is an out of band update to fix an issue that was discovered in the 4.9 release that we felt would negatively impact customers as they start to roll out the release and for which there is no straightforward workaround. We also took the opportunity to address a [...]

Read More... from Out of Band Update: Cobalt Strike 4.9.1

The post Out of Band Update: Cobalt Strike 4.9.1 appeared first on Cobalt Strike.

Today’s blog is the second one in our 2023 Cybersecurity Awareness Month series and examines different factors associated with using strong passwords and a password manager. We interviewed NIST’s Yee-Yin Choong and Meghan Anderson to get their unique thoughts and insights. This week’s Cybersecurity Awareness Month theme is ‘ using strong passwords and a password manager .’ How does your work/specialty area at NIST tie into this behavior? Yee-Yin: At NIST, I’ve been conducting research on human factors and the usability aspects of human-technology interactions. One research area is human