Aggregator

Summary The ICS-CERT has published two advisories that affect the Schneider Electric C-Bus Toolkit, and the EIPStackGroup OpENer Ethernet/IP. Threat Type Vulnerability Overview The ICS-CERT has published two advisories that affect the Schneider Electric C-Bus Toolkit, and the EIPStackGroup OpENer Ethernet/IP. Further information is available from the advisories which are summarized below. ICS Advisory ICSA-21-105-01 - Schneider Electric C-Bus Toolkit CVE-2021-22716 - The affected product is vulnerable to Im

数据显示，到2022年，30%的5人以上的安全团队将会采用SOAR（安全编排与自动化响应）。你是那30%吗？

Summary Google has released an update to its Chrome web browser for Windows, Mac, and Linux that provides fixes for thirty-seven vulnerabilities. Of the nineteen CVE-numbered vulnerabilities noted in the advisory, Google has six of them rated as High, ten as Moderate, and three as Low. Threat Type Vulnerability Overview Google has released an update, version 90.0.4430.72, to its Chrome web browser for Windows, Mac, and Linux that provides fixes for thirty-seven vulnerabilities. Of the nineteen CVE-numbered

当年的微博

同一条命令运行一个游戏

strace

利用strace记录进程的syscall,需要root权限

• -e tr

谈谈 Kubernetes 在多集群管理和一些应用场景中的局限性，大集群、联邦集群、应用分发、批处理调度和多租户等

展望RSA Conference 2021创新沙盒竞赛，在应用安全开发领域有Apiiro和WABBI两家公司入选，本文主要介绍这两家公司的特点。

Akamai has been named a Gartner Peer Insights Customers' Choice for Web Application Firewalls (for the second time).

在基础安全领域中，通过实体画像技术可以从多维度对检测对象进行描绘。这些描绘的成果将成为复杂安全检测，与复杂网络攻击调研的数据基础。

A nifty way for adversaries to acquire passwords during post-exploitation is to spoof credential dialogs and perform a local phishing attack. This means tricking a user on a compromised computer to enter their password. Unfortunately, users are conditioned to enter their credentials frequently and therefore don’t question random passwords prompts too much. Long, long time ago… but nothing has changed The idea to spoof a credential dialog is one of the most simple ideas one might come up with.

先粘一段来自 MDN 的解释： HTTP 消息是服务器和客户端之间交换数据的方式。有两种类型的消息︰ 请求（requests）--由客户端发送用来触发一个服务器上的动作；

最近 Google Chrome 浏览器被爆出存在远程代码执行漏洞（CNVD-2021-27989），攻击者只需要构造一个恶意的 html 页面诱导用户点击访问，就能实现对浏览器的远程代码执行攻击。

When paired with our new EdgeKV distributed key-value database, the Akamai EdgeWorkers serverless platform gives you the ability to do powerful things at the CDN level.

Summary Zscaler has identified a threat actor spreading malicious android apps via WhatsApp and SMS. The apps are specifically targeting JIO telecom users in India. Those targeted are tricked into thinking that TikTok is available again in India or that they are installing an app to register to receive a free Lenovo laptop, courtesy of the Government of India. Threat Type Malware, Phishing, Smishing Overview An unnamed threat actor has been identified as actively operating since as early as March 20, 2020.

Metasploit最新资讯！！新模块*4，功能更新*1，BUG修复*7~

Summary In its April 2021 security updates, Microsoft list 108 CVE numbered vulnerabilities in various Microsoft products. Of those, nineteen are rated as Critical, eighty-eight rated as Important, and one as Moderate. One of the vulnerabilities is reported to have been exploited in the wild. Six vulnerabilities in Microsoft's Chromium based browser, Edge, were addressed in a prior update. Microsoft rated these vulnerabilities as Unknown. Threat Type Vulnerability Overview In its April 2021 security updates

InScan 内网自动化横向渗透工具使用教程

Summary Adobe has released four security updates. The updates are for Photoshop, Digital Editions, Bridge, and RoboHelp. Three of the updates address at least one vulnerability rated by Adobe as Critical and one is rated Important. Threat Type Vulnerability Overview Adobe has released four security updates. The updates are for Photoshop, Digital Editions, Bridge, and RoboHelp. Three of the updates address at least one vulnerability rated by Adobe as Critical and one is rated Important. The potential impact

SolarWinds供应链攻击事件对美国造成非常大的影响，抛开多家科技巨头被入侵不说，就连美国国土安全部门的

这世界也许本来就是一个F(x)