Aggregator

Summary Apple has published security updates for iCloud for Windows, Xcode, Safari, iOS and iPadOS, watchOS, tvOS, and macOS: Big Sur, Catalina, and Mojave. One of the vulnerabilities (CVE-2021-30657) addressed in the updates for macOS Big Sur, and Catalina, has been reported independently as being exploited in the wild. Threat Type Vulnerability Overview Apple has published security updates for iCloud for Windows, Xcode, Safari, iOS and iPadOS, watchOS, tvOS, and macOS: Big Sur, Catalina, and Mojave. Colle

2021年4月26日有报道指出，美国情报部门正在考虑应美军大多数司令部的请求，在信息战的框架内解密并披露与俄

As with any standardization effort, development of 5G specifications accounted for numerous technology trends and new use cases.

On April 20, 2021, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) released an alert on the exploitation of Pulse Connect Secure Vulnerabilities with Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, as well as Emergency Directive (ED) 21-03, after a FireEye blog shed light on security incidents involving compromises of Pulse Secure VPN appliances.

Summary Cisco has published thirteen Security Advisories. Of the advisories, five are rated as High and eight are rated as Medium. Threat Type Vulnerability Overview Cisco has published thirteen Security Advisories. Of the advisories, five are rated as High and eight are rated as Medium. For all advisories listed below, it is noted that Cisco's Product Security Incident Response Team (PSIRT) is "not aware of any public announcements or malicious use of the vulnerabilities" that are described in the advisori

颜色家族再添一员

Latin America’s cyberattack landscape saw continued focus on port 5900 and the targeting of common web vulnerabilities.

介绍Xcheck团队如何在企业内部落地SAST应用，以及取得的效果

大家好，我是BaCde，上周临时组队参与了HackTheBox组织的Cyber Apocalyps 2021的CTF比赛。今天主要写一下Web的Artillery，这是一道3星题（最难为4星），这是一道关于XXE利用的题，做出来的人相对很少，也花了不少时间，有些收获，这里写出来与大家分享。本文不介绍基础知识，如果要学习基础可以查看后面的推荐文章。

收集信息

此次的CTF题大部分都提供源代码，并提供有Dockerfile文件，可通过docker build构建并运行。通过源码可知源代码为Java语言。openjdk 1.8.181版本，Web Server为Tomcat10。

4月25日在上海参加了ArchSummit全球架构师峰会，分享了一些我对计算的看法，演讲全文如下。各位嘉宾

Reflecting on the cybersecurity threat landscape in 2020, we can't overlook the massive changes that landed on us. Global security attacks increased at a significant pace between 2019 and 2020, and the COVID-19 pandemic only deepened these troubling conditions.

While those of us in places like the U.S. are experiencing some relief with access to the COVID-19 vaccine, it has been heartbreaking to see surges in infection, hospitalization, and death across the globe, including the dire situation in India.

目录: 一、背景与应用场景介绍 二、企业APP面临的问题 三、个人面临的问题 四、解决方案 五、未来展望与总结 一、背景与应用场景介绍 1.1、国家对个人隐私保护越来越重视 2019年初，中央网信办、工信部、公安部及市场监管总局四部门联合发布了《关于开展App违法违规收集使用个人信息专项治理的公告》

当地时间4月27日，美国华盛顿特区大都会警察局发布声明表示，其内部系统遭到黑客入侵，部分数据文件被窃，并且黑

Summary Google has released an update to its Chrome web browser for Windows, Mac, and Linux that provides fixes for nine vulnerabilities. Of the seven CVE-numbered vulnerabilities noted in the advisory, Google has three of them rated as High, three as Medium, and one as Low. Threat Type Vulnerability Overview Google has released an update, version 90.0.4430.93, to its Chrome web browser for Windows, Mac, and Linux that provides fixes for nine vulnerabilities. Of the seven CVE-numbered vulnerabilities noted

中央网信办、工信部、公安部及市场监管总局四部门联合发布了《关于开展App违法违规收集使用个人信息专项治理的公告》，预示着我国在APP隐私层面的治理进入了一个新的高度，期间部分APP采集隐私数据受到了严重处罚。用户权益保护越来越被重视。

Ransomware attacks continued to proliferate in Q1 2021 as several common but unpatched software vulnerabilities created a fresh supply of compromised network access to ransomware affiliates.