Aggregator

近日，绿盟科技监测到curl官方发布安全公告，修复了SOCKS5堆缓冲区溢出漏洞（CVE-2023-38545）和cookie注入漏洞（CVE-2023-38546）。漏洞细节已公开，请受影响用户尽快升级版本进行防护。

2023年10月11日，阿里云应急响应中心监测到 curl SOCKS5 堆溢出漏洞(CVE-2023-38545)。

关于星阑星阑科技基于大数据分析及AI智能化技术体系，助力企业应对数字世界的安全风险。

欢迎来到RC2深圳实验室~

Summary curl version 8.4.0 has been released. According to the developers of curl, this version mitigates a vulnerability that has been present in curl for over 10 years and has not, to this point, been exploited. This vulnerability has been disclosed as a SOCKS5 heap buffer overflow and is currently rated HIGH. Threat Type Vulnerability Overview The developers of curl have released version 8.4.0 of the software. This update was designed to mitigate at least two previously undisclosed vulnerabilities, one o

Why macros are a threat, and the approaches you can take to protect your systems.

清华大学网络与信息安全实验室学术论文分享活动

On October 11th, 2023, a heap-based buffer overflow in curl was disclosed under the identifier CVE-2023-38545. The vulnerability affects libcurl 7.69.0 to and including 8.3.0. Vulnerable versions of libcurl may be embedded in existing applications. However, to reach the vulnerable code path, the application must be configured to utilize one of the SOCKS5 proxy modes and attempt to resolve a hostname with extraneous length.

做人嘛，最重要的是开心，我在尖沙咀等你，不见不散~

Cobalt Strike 4.9.1 is now available. This is an out of band update to fix an issue that was discovered in the 4.9 release that we felt would negatively impact customers as they start to roll out the release and for which there is no straightforward workaround. We also took the opportunity to address a [...]

Read More... from Out of Band Update: Cobalt Strike 4.9.1

The post Out of Band Update: Cobalt Strike 4.9.1 appeared first on Cobalt Strike.

Today’s blog is the second one in our 2023 Cybersecurity Awareness Month series and examines different factors associated with using strong passwords and a password manager. We interviewed NIST’s Yee-Yin Choong and Meghan Anderson to get their unique thoughts and insights. This week’s Cybersecurity Awareness Month theme is ‘ using strong passwords and a password manager .’ How does your work/specialty area at NIST tie into this behavior? Yee-Yin: At NIST, I’ve been conducting research on human factors and the usability aspects of human-technology interactions. One research area is human

带你看世界，也找自己！

随着科技的迅猛发展，汽车行业正在经历一个前所未有的变革。作为这一变革的核心驱动力，智能车联网技术正在打破传统驾驶体验的界限，改变着汽车行业的格局。近期，作为深耕网络安全领域的垂直媒体嘶吼，采访了星阑科技CTO徐越，深入探讨智能车联网安全。

A critical zero-day vulnerability has recently been discovered in the Confluence Data Center and Server. The vulnerability, known as CVE-2023-22515 and scored a CVSS 10 out of 10, is a privilege escalation vulnerability that allows external attackers to exploit the system and create administrator accounts that can be used to access Confluence instances. Check out this blog for all the details GreyNoise has compiled on this vulnerability.