Aggregator

The new vulnerability was named “FortiJump Higher” due to its similarity with the “FortiJump” vulnerability discovered in October

HomeChrome脚本猫 – 开源用户脚本管理扩展，支持后台、定时脚本运行[Chrome/Firefox]

Stuart Schechter makes some good points on the history of bad password policies:

Morris and Thompson’s work brought much-needed data to highlight a problem that lots of people suspected was bad, but that had not been studied scientifically. Their work was a big step forward, if not for two mistakes that would impede future progress in improving passwords for decades.

First, was Morris and Thompson’s confidence that their solution, a password policy, would fix the underlying problem of weak passwords. They incorrectly assumed that if they prevented the specific categories of weakness that they had noted, that the result would be something strong. After implementing a requirement that password have multiple characters sets or more total characters, they wrote:...

The post Good Essay on the History of Bad Password Policies appeared first on Security Boulevard.

魅族外表下的「星纪花瓶」——再谈魅族 20 INFINITYMatrix 首页推荐 Matrix 是少数派的写作社区，我们主张分享真实的产品体验，有实用价值的经验与思考。我们会不定期挑选 Matrix

Australian Government Warns of Nation-State Actors' Plans to Weaponize Malware
The Australian government is alerting critical infrastructure providers that state-sponsored actors are positioning malware in their networks that can be weaponized to disrupt operations during major crises or a military conflict. The hackers employ living-off-the-land technique to avoid detection.

Comprehensive Identity Security Platform Expands Protection to Cloud, On-Premises
Silverfort has acquired Rezonate, a cloud-focused identity protection startup. This acquisition accelerates Silverfort’s vision for an integrated platform that secures identities across both on-premises and cloud environments, cutting complexity and boosting threat visibility for enterprise clients.

Tehran Baits Aerospace Sector Into Downloading Malware With Fake Job Offers
Iranian state hackers are taking a page out of North Korean tactics to entice job seekers into downloading malware, with security researchers spotting a Tehran campaign directed against the aerospace industry. It's possible that Pyongyang shared its attack methods and tools.

Vaccine Skeptic's Views on Health Privacy Not Well-Known
President elect Donald Trump said Thursday he will nominate prominent vaccine skeptic Robert F. Kennedy Jr. as secretary to head up the U.S. Department of Health and Human Services. His stances on health information privacy, security and healthcare sector cyber matters are not well known.

如果想在当前的Nmap版本下不使用脚本来识别MongoDB 6.0以上版本，唯一的办法是使用Nmap内置的服务指纹将MongoDB 6.0服务版本识别出来。

胡金鱼

我们精选了本周知识大陆公开发布的10条优质资源，让我们一起看看吧。

In the fast-paced digital world, trust is everything—but what happens when that trust is disrupted? Certificate revocations, though rare, can send shockwaves through your operations, impacting security, customer confidence, and business continuity. Are you prepared to act swiftly when the unexpected happens? Join DigiCert’s exclusive webinar, "When Shift Happens: Are You Ready for Rapid

Кто они – китайские хакеры, которые ведут двойную игру в киберпространстве по всему миру?

Как SilkSpecter столь правдоподобно маскирует мошеннические сайты?

error code: 521

Join top industry experts at API Security Day, a focused event at APIDays Paris, to explore in-depth strategies and insights for protecting APIs.

The post API Security Day – powered by APIDays & Escape appeared first on Security Boulevard.