魔形女再袭?最新Android通杀漏洞CVE-2024-31317分析与利用研究
摘要本文分析了CVE-2024-31317这个Android用户态通杀漏洞的起因,并分享了笔者的利用研究和方法
Aggregator
重保战报20240822|SQL注入漏洞和RCE漏洞占据目前漏洞主流
8 months ago
回复口令[加油]:“水波不兴”,获取今日最新情报!
tips强烈推荐[啤酒]:https://tix.qq.com
- 高阶版免费体验:查询额度权益
- 每日最新封禁IOC获取
- 专家IP鉴定分析权限
Каждый четвертый рискует стать жертвой киберсталкинга к 2025 году
8 months ago
VPNRanks предупреждает: цифровое насилие выходит из-под контроля.
CVE-2024-35151 | IBM OpenPages with Watson 8.3/9.0 API authentication bypass
8 months ago
A vulnerability classified as critical has been found in IBM OpenPages with Watson 8.3/9.0. This affects an unknown part of the component API. The manipulation leads to authentication bypass using alternate channel.
This vulnerability is uniquely identified as CVE-2024-35151. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Qilin ransomware caught stealing credentials stored in Google Chrome
8 months ago
Familiar ransomware develops an appetite for passwords to third-party sites
Angela Gunn
CVE-2024-39746 | IBM Sterling Connect Direct Web Services 6.0/6.1/6.2/6.3 cleartext transmission
8 months ago
A vulnerability was found in IBM Sterling Connect Direct Web Services 6.0/6.1/6.2/6.3. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cleartext transmission of sensitive information.
This vulnerability is handled as CVE-2024-39746. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
沃尔玛出售所持京东股份
8 months ago
沃尔玛在递交到 SEC 的文件中披露,它出售了所持的全部京东股份。沃尔玛和京东 2016 年 6 月展开全面合作,沃尔玛将其的中国网络销售业务出售给京东,作为回报获得了京东股权。后来沃尔玛提高了持股比例,截至 2024年 3 月底,包括间接持股在内,沃尔玛共持有约 2.9 亿股京东股票,是京东的大股东。在出售股份之后,沃尔玛表示会继续与京东合作。在中国经济减速的情况下,消费者的节约意识增强,它的山姆会员店凭借实惠的价格赢得了消费者的青睐。京东 APP 用户可直接在应用上购买山姆商品。
Cisco: договор ООН угрожает свободе интернета
8 months ago
Компания выступила против методов ООН по борьбе с киберпреступностью.
从CFG图中分析ollvm控制流平坦化混淆源码
8 months ago
本文中的代码是将ollvm的flatten以插件形式移植到了llvm18 new pass中, 代码会略有不同, 但逻辑是一样的。
Security Flaws in UK Political Party Donation Platforms Exposed
8 months ago
The donation websites of the UK’s seven major political parties are missing critical security features to protect the accounts of donors, according to DataDome
奇安信:APT攻击、勒索软件已成2024年最大网络威胁
8 months ago
《网络安全威胁2024年中报告》分析总结了目前各类主流网络威胁。
Gartner发布2024中国安全技术成熟度曲线 AI安全助手首次入选
8 months ago
用AI升级安全,把握网安产业的重大技术机遇。
近期值得关注的IOC(2024-08-22)
8 months ago
分享近期值得关注的IOC
云鲸 J5 的「科学清洁」,让我看到了扫拖一体机器人的下一场变革
8 months ago
只有同时做到「省心」与「省力」,才称得上是无感。
Novel Android Malware Steals Card NFC Data For ATM Withdrawals
8 months ago
ESET claims new NGate Android malware relays NFC data to steal card details for ATM cash-out
钓鱼特辑(一)真假PPT?现实版“狼人杀”钓鱼
8 months ago
亿格云
Мем-койн Grimace взорвал крипторынок после взлома аккаунта McDonald's
8 months ago
Как хакеры подняли $700 000 благодаря неожиданной рекламной кампании в Instagram.
欧空局木星冰月探测器重返地球进行引力加速 还顺手拍了月球高清照片
8 months ago
The Facts About Continuous Penetration Testing and Why It’s Important
8 months ago
What is Continuous Attack Surface Penetration Testing or CASPT?
Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization's digital assets to identify and mitigate security vulnerabilities. CASPT is designed for enterprises with an
The Hacker News
The Facts About Continuous Penetration Testing and Why It’s Important
8 months ago
What is Continuous Attack Surface Penetration Testing or CASPT?Continuous Penetration Testing or C