每日安全动态推送(04-27)
Tencent Security Xuanwu Lab Daily News• 滥用具备RWX-S权限且有签名的dll进行无感知的shellcode注入:https://tttang.com/archive/1565/ &n...
浅谈云上攻防——Etcd风险剖析
Etcd简介Etcd是CoreOS团队于2013年6月发起的开源项目,它的目标是构建一个高可用的分布式键值(key-value)数据库, 用于服务发现、共享配置以及一致性保障等。...
从源代码的控制流图中学习特性以定位缺陷
原文标题:The fowing nature matters: feature learning from the control fow graph of source code for bug localization原文作者:Yi-Fan Ma, Ming Li发...
Remote Code Execution via VirusTotal Platform
After a deep security research by Cysource research team led by Shai Alfasi & Marlon Fabiano da Silva, we found a way to execute commands remot...
INDUSTROYER.V2: Old Malware Learns New Tricks
On April 12, 2022, CERT-UA and ESET reported that a cyber physical attack impacted operational technology (OT) supporting power grid operations in ...
Expanding Apple Ecosystem Access with Open Source, Multi Platform Code Signing
A little over one year ago, I announced a project to implement Apple code signing in pure Rust. There have been quite a number of developments sinc...
Check Point Research detects vulnerability in the Everscale blockchain wallet, preventing cryptocurrency theft
Highlights Check Point Research (CPR) discovered a vulnerability in the web version of Ever Surf wallet, part of the Everscale blockchain ecosys...
Exploiting remote code execution within VirusTotal platform in order to gain access to its various scans capabilities.
After a deep security research by Cysource research team led by Shai Alfasi & Marlon Fabiano da Silva, we found a way to execute commands remot...
APT-C-36(盲眼鹰)针对哥伦比亚国家攻击简报
APT-C-36 盲眼鹰APT-C-36(盲眼鹰),是一个疑似来自南美洲的、主要针对哥伦比亚的APT组织,该组织自2018年持续发起针对哥伦比亚的攻击活动。近期,360...
工业“军刀”出鞘 警惕“软战争”外挂
一、背景 2022年4月13日,美国CISA、DOE、NSA和FBI多个机构发布了一份联合安全公告,披露了一个专门针对工业控制系统的攻击工具。Mandiant公司将其命名为“INC...