Aggregator

华硕路由器远程代码执行漏洞通告

One of the joys of online shopping is instant gratification – your purchases arrive on your doorstep in just a few...

The post Special Delivery: Criminals Posing as Amazon Are Out to Steal User’s Data appeared first on McAfee Blog.

起码现在是季更博主了呢

无意之中发现博客会间歇性无法访问，具体表现为部分请求长时间被 pengding ，一直处于 stalled 状态，复现条件不明确，时而出现时而正常。一开始还以为是这个评论中描述的因为OCSP 封...

Throughout my career I have been fascinated with quality assurance and testing, especially security testing and red teaming. One discussion that comes up frequently is how to measure the maturity of such programs and processes. My answer is straight forward as there are already existing frameworks that can be leveraged, adjusted and borrowed from to fit the needs of offensive security programs. You are likely familiar or have at least heard of the Capability Maturity Model Integration from Carnegie Mellon University.

Securing APIs demands a new approach. See what we can learn from API incidents and where to begin.

有相同经历的小伙伴来举个爪。

最近在研究扫描器任务调度相关的东西，几番折腾后有些个人心得，心想需记录下来，避免遗忘，也当作是

Over a year ago, Akamai?s threat research team published research regarding a widely-used phishing toolkit we referred to as the ?Three Question Quiz?. It?s now time to review the evolution of the toolkit, the associated campaigns that we tracked in the wild, and the potential damage caused by those campaigns in the past year.

平安经之网络安全篇

本篇文章开始介绍海康萤石智能门锁的分析。从本篇文章开始，我们不再将目光聚焦在BLE通信方面，而是更多地关注门锁及配套网关的安全分析。

As users, we’ll do just about anything to ensure that our devices run as efficiently as possible. This includes renewing...

The post How to Keep Your Data Safe From the Latest Phishing Scam appeared first on McAfee Blog.

今日公布抽奖结果

While we've highlighted both record PPS and BPS attacks mitigated on the Akamai Prolexic Platform over the past few weeks, these attacks are part of a broader trend of increasingly large and complex DDoS activity. We have seen clear indications across the industry of high-water mark DDoS attacks being publicized by multiple vendors. The sheer number of large attacks has been unprecedented. The attacks are also noteworthy for their increasing complexity, illustrated in the number and combinations of different attack vectors. The tenacity of attackers is also increasing -- one Akamai customer experienced 14 separate 100+ Gbps attacks in just the first half of 2020. "What's new is the concept of campaigns. We go back a couple of years, and 'attack' was the right word to use. There were many attacks every single day, but they weren't, in my opinion, campaign-oriented. Some of our more recent ones are campaign-oriented, where the attacker is working in a coordinated way over an extended period of time." -- Roger Barranco, Vice President, Global Security Operations, Akamai Some likely reasons for the rise in attacks are a combination of: The proliferation of DDoS-for-hire tools Emerging botnets (enterprise DVRs, IoT, etc.) entering the scene Plenty of motivating factors across social, geopolitical, and online unrest Quarantine and boredom -- what's a malicious actor supposed to do? Whatever the unique reason of each attack, the result is the same: a security and IT team needs an effective defense.

从一条告警里发现了不少新的知识点

前言

Linux-PAM是可插入认证模块(Pluggable Authentication Modules)，PAM使用配置/etc/pam.d/下的文件，来管理对程序的认证方式。

根据/etc/pam.d/下的各种服务配置文件，调用/lib