Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
shostack.org
Reflecting on Threats: The Frame
Shostack + Associates > Blog > Reflecting on Threats: The Frame Shostack + Friends Blog Now that the Threats book is out and the first reviews are in (thank you!), I want to talk more about the frame ... Read more
-
shostack.org
Application Security Roundup - March
Shostack + Associates > Blog > Application Security Roundup - March Shostack + Friends Blog The March appsec roundup includes few tools, some thoughts on injection, some standards, and some of my own ... Read more
-
360 Netlab Blog - Network Security Research Lab at 360
快讯:使用21个漏洞传播的DDoS家族WSzero已经发展到第4个版本
概述 近期,我们的BotMon系统连续捕获到一个由Go编写的DDoS类型的僵尸网络家族,它用于DDoS攻击,使用了包括SSH/Telnet弱口令在内的多达22种传播方式。短时间内出现了4个不同的版本,有鉴于此,我们觉得该家族未来很可能继续活跃,值得警惕。下面从传播、样本和跟踪角度分别介绍。 传播分析 除了Telnet/SSH弱口令,我们观察到wszero还使用了如下21个漏洞进行传播: VULNE ... Read more
-
malwaretech.com
Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)
Discussion thread: https://updatedsecurity.com/topic/9-openssl-vulnerability-cve-2022-3602-cve-2022-3786/ Vulnerability Details From https://www.openssl.org/news/secadv/20221101.txt X.509 Email Addres ... Read more
-
360 Netlab Blog - Network Security Research Lab at 360
公有云网络安全威胁情报(202204)
概述 本文聚焦于云上重点资产的扫描攻击、云服务器总体攻击情况分析、热门漏洞及恶意程序的攻击威胁。 360高级威胁狩猎蜜罐系统发现全球9.2万个云服务器IP进行网络扫描、漏洞攻击、传播恶意软件等行为。其中包括国内39家单位所属的云服务资产IP,这些单位涉及政府、医疗、建筑、军工等多个行业。 2022年4月,WSO2多个产品和Apache Struts2爆出高危漏洞,两个漏洞技术细节已经公开,并且我们 ... Read more
-
malwaretech.com
[Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis
Walking through my process of how I use patch analysis and reverse engineering to find vulnerabilities, then evaluate the risk and exploitability of bugs. ... Read more
-
360 Netlab Blog - Network Security Research Lab at 360
公有云网络安全威胁情报(202203)
概述本文聚焦于云上重点资产的扫描攻击、云服务器总体攻击情况分析、热门漏洞及恶意程序的攻击威胁。360高级威胁狩猎蜜罐系统发现全球12万个云服务器IP,进行网络扫描、漏洞攻击、传播恶意软件等行为。其中包括国内156家单位的服务器IP,涉及大型央企、政府机关等行业。Spring厂商连续公开3个关键漏洞,CVE-2022-22947、CVE-2022-22963、CVE-2022-22965,本文将对前 ... Read more
-
360 Netlab Blog - Network Security Research Lab at 360
Fodcha, a new DDos botnet
OverviewRecently, CNCERT and 360netlab worked together and discovered a rapidly spreading DDoS botnet on the Internet. The global infection looks fairly big as just in China there are more than 10,000 ... Read more
-
imperialviolet.org
Picking parameters
When taking something from cryptographic theory into practice, it's very important to pick parameters. I don't mean picking the right parameters — although that certainly helps. I mean picking paramet ... Read more
-
curatedintel.org
Hacktivist group shares details related to Belarusian Railways hack
On Monday 24 January 2022, a Belarusian hacktivist group going by the name Belarusian Cyber-Partisans claimed responsibility for a limited attack against the national railway company. A primary object ... Read more