SiriSpy – iOS bug allowed apps to eavesdrop on your conversations with Siri
TL;DR: Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirP...
SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction
TL;DR A vulnerability in the Galaxy Store allows attackers through an XSS to cause the store to install and/or launch an application, allowing rem...
Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals
Web browsers, our extensive gateway to the internet. Browsers today play a vital role in modern organizations as more and more software application...
Missing Authentication in ZKTeco ZEM/ZMM Web Interface
The ZKTeco time attendance device does not require authentication to use the web interface, exposing the database of employees and their credential...
Windows 0 day漏洞利用可绕过JS文件安全告警
研究人员发现一个新的Windows 0day漏洞,攻击者利用该漏洞可以让恶意JS文件绕过mark-of-the-web安全告警。目前已有攻击者将该0day漏洞利用应用于勒索软件攻击...
Firecracker
Firecracker: Lightweight Virtualization for Serverless Applications今天和大家分享的论文是Firecracker: Lightweight Virtualization for Serverless App...
安全招聘汇总 | 第二十四期
360集团安全运营分析专家工作地点:北京联系方式:[email protected](注明来自ChaMd5)岗位详情:https://www.chamd5.org/jobdetail.aspx?id=1414安全分...
(八)合约的高级特性(完)
继承 继承的机制和 python 的非常相似,但是存在差异。一般而言使用过 C++, 基本已经掌握。 当合约继承其他的合约时,只会在区块链上生成一个合约,所有相关...
哲学家和程序员眼中的web3:密码学、分布式与博弈论
作者 | Fishylosopher编译 | Arena Wang来源 | TechFlow“本文将从意识形态的角度对web3进行“竖向”介绍,并阐述Web3的三大基础原则...
【论文分享】vSGX:Virtualizing SGX Enclaves on AMD SEV
今天要分享的文章是发表于2022 IEEE S&P上的《vSGX: Virtualizing SGX Enclaves on AMD SEV》简介近年来,由于对保护程序代码和隐私数据的需求,可...