unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
Cybersecurity Snapshot: SANS Recommends Six Controls To Secure AI Systems, While NCSC Warns About Outdated API Security Methods
SANS提出六项关键AI安全控制措施;NCSC建议更新API安全实践;CISA警告“快 flux”技术被用于隐藏攻击;专家强调地方及关键基础设施网络安全的重要性。...
2025-4-4 13:0:0 | 阅读: 33 |
收藏
|
Tenable Blog - www.tenable.com
security
flux
tenable
governments
How To Harden GitLab Permissions with Tenable
文章探讨了GitLab权限配置不当可能导致的安全风险,并介绍了Tenable新开发的插件如何帮助检测和修复这些问题。GitLab作为流行的SCM和CI/CD平台,其权限模型涉及项目、组和个人命名空间。过度开放的设置可能暴露源代码和敏感数据。Tenable插件通过检测公开项目和代码片段等潜在风险,帮助企业提升GitLab环境的安全性。...
2025-4-3 14:0:0 | 阅读: 6 |
收藏
|
Tenable Blog - www.tenable.com
gitlab
security
development
tenable
fetched
ImageRunner: A Privilege Escalation Vulnerability Impacting GCP Cloud Run
Tenable Research发现Google Cloud Platform(GCP)中的ImageRunner漏洞,允许拥有特定权限的攻击者滥用Cloud Run服务权限,访问私有容器镜像并提取敏感数据。该漏洞已修复,需确保部署者具有访问镜像的权限。...
2025-4-1 14:0:0 | 阅读: 11 |
收藏
|
Tenable Blog - www.tenable.com
cloud
artifact
ncat
attacker
revision
Cybersecurity Leaders Share Three Challenges Exposure Management Helps Them Solve
Tenable的Exposure Management Academy每周一提供指导,帮助网络安全领导者从传统漏洞管理转向更全面的暴露管理。文章指出,暴露管理解决了三个关键挑战:缺乏攻击面可见性、难以优先处理修复以及停留在被动响应模式。通过整合多环境数据、基于风险的优先级划分和主动安全措施,企业能够更好地应对复杂威胁并提升整体安全性。...
2025-3-31 13:0:0 | 阅读: 4 |
收藏
|
Tenable Blog - www.tenable.com
exposure
security
reactive
Cybersecurity Snapshot: NIST Details Attacks Against AI, Recommends Defenses, While ETSI Issues Quantum-Resistant Crypto Standard
文章概述了五项关键网络安全议题:NIST发布AI系统攻击分类及缓解建议;ETSI推出Covercrypt后量子加密标准;英国NCSC敦促域名注册商加强安全;ENISA建议商业卫星提升网络安全;修复IngressNightmare漏洞以保障Kubernetes集群安全。...
2025-3-28 13:0:0 | 阅读: 13 |
收藏
|
Tenable Blog - www.tenable.com
security
satellites
ncsc
registrars
Who's Afraid of AI Risk in Cloud Environments?
Tenable 2025年云AI风险报告显示,70%的AI云工作负载存在未修复的关键漏洞,且AI服务默认权限设置不安全。敏感数据和过度授权增加了被攻击风险。建议优先修复高危漏洞、减少过度权限,并将AI组件标记为敏感资产以降低风险。...
2025-3-26 13:0:0 | 阅读: 13 |
收藏
|
Tenable Blog - www.tenable.com
cloud
security
tenable
workloads
risky
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
IngressNightmare 是针对 Kubernetes 的 Ingress NGINX Controller 的五个漏洞集合,包括配置注入、代码执行和路径遍历等高危风险。这些漏洞可能被链式利用导致集群接管。Kubernetes 已发布修复版本 1.12.1 和 1.11.5。...
2025-3-25 01:42:28 | 阅读: 164 |
收藏
|
Tenable Blog - www.tenable.com
kubernetes
ingress
tenable
What it Takes to Start the Exposure Management Journey
Tenable从传统漏洞管理转向暴露管理,涉及政策调整、工具整合和项目规划。团队通过自动化和协调应对复杂操作挑战,提升风险可见性和安全效果。...
2025-3-24 13:0:0 | 阅读: 7 |
收藏
|
Tenable Blog - www.tenable.com
exposure
security
tenable
exposures
broader
Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption
文章探讨了云AI安全风险、抗量子密码迁移指南、AI在犯罪中的应用、物联网设备生命周期披露法案、开源软件对欧盟《网络弹性法案》的准备情况以及恶意文件转换工具的威胁。...
2025-3-21 13:0:0 | 阅读: 6 |
收藏
|
Tenable Blog - www.tenable.com
cloud
security
software
migration
cra
Choosing the Right Cloud Security Provider: Five Non-Negotiables for Protecting Your Cloud
文章强调选择与企业需求优先级一致的云安全合作伙伴的重要性,并提出了五个关键考虑因素:独立性、透明度、优先级对齐、可移植性和全面的安全覆盖。...
2025-3-20 15:55:0 | 阅读: 2 |
收藏
|
Tenable Blog - www.tenable.com
tenable
cloud
security
nessus
enjoy
What Is Exposure Management and Why Does It Matter?
文章探讨了从传统漏洞管理向暴露管理转变的重要性。暴露管理通过整合资产、身份和风险关系,提供全面的攻击面视图,并结合业务上下文优先处理关键风险。这种方法帮助组织更高效地应对复杂威胁环境,并为不同层级的安全团队提供统一的视角和行动指南。...
2025-3-17 13:0:0 | 阅读: 2 |
收藏
|
Tenable Blog - www.tenable.com
security
exposure
leaders
exposures
Cybersecurity Snapshot: Medusa Ransomware Impacting Critical Infrastructure, CISA Warns, While NIST Selects New Quantum-Resistant Algorithm
文章概述了六个关键网络安全议题:Medusa勒索软件攻击、抗量子加密算法标准化、Tenable对DeepSeek生成恶意软件能力的研究、开源软件风险管理报告、漏洞优先级调查结果以及CIS基准更新。...
2025-3-14 13:0:0 | 阅读: 15 |
收藏
|
Tenable Blog - www.tenable.com
software
security
tenable
benchmarks
ransomware
DeepSeek Deep Dive Part 1: Creating Malware, Including Keyloggers and Ransomware
DeepSeek R1 can be utilized to generate code for both keyloggers and ransomware with some manual adjustments. Here's a concise summary: ### Keylogger Development: - **Methodology**: Utilizes `SetWindowsHookEx` for global keystroke capture. - **Stealth Techniques**: Hides the application window using `WS_EX_TOOLWINDOW` and `ShowWindow(g_hwnd, SW_HIDE);`. - **Log File Obfuscation**: Sets file attributes to hidden and system (`FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM`). - **Encryption**: Employs simple XOR encryption for basic obfuscation. ### Ransomware Development: - **Persistence**: Adds registry entry for startup persistence. - **User Interaction**: Displays a ransom message via `MessageBox`. - **File Handling**: Enumerates files using `EnumFileAPI` and encrypts them with AES128-CBC. - **Key Management**: Generates random keys for encryption. ### Challenges: - **Manual Fixes**: Initial code from DeepSeek requires corrections for errors like incorrect API usage. - **Ethical Considerations**: Highlighted legal and ethical implications of developing such tools. In conclusion, while DeepSeek provides foundational code structures for malicious software development, achieving fully functional and stealthy implementations demands significant manual effort and understanding of underlying principles....
2025-3-13 13:0:0 | 阅读: 35 |
收藏
|
Tenable Blog - www.tenable.com
deepseek
ransomware
hhook
pfile
cot
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993)
微软在2025年3月的补丁更新中修复了56个安全漏洞,包括7个零日漏洞(其中6个已被野外利用),涉及远程代码执行、权限提升等高风险问题,并影响多个产品组件如Windows、Office及Azure服务等。...
2025-3-11 17:33:45 | 阅读: 137 |
收藏
|
Tenable Blog - www.tenable.com
microsoft
windows
exploited
attacker
Cybersecurity Snapshot: CSA Outlines Data Security Challenges and Best Practices, While ISACA Offers Tips To Retain IT Pros
Check out best practices for shoring up data security and reducing cyber risk. Plus, get tips on how...
2025-3-7 14:0:0 | 阅读: 10 |
收藏
|
Tenable Blog - www.tenable.com
security
cloud
tenable
CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited
Broadcom披露VMware多款产品存在三个零日漏洞(CVE-2025-22224/22225/22226),涉及堆溢出、任意写入和信息泄露风险。微软威胁情报中心发现这些漏洞被野外利用。VMware已发布补丁修复问题,建议用户尽快更新以防范潜在攻击。...
2025-3-4 20:15:40 | 阅读: 33 |
收藏
|
Tenable Blog - www.tenable.com
tenable
workstation
22224
broadcom
Creating Elegant Azure Custom Roles: Putting NotActions into Action!
文章探讨了在 Azure 中创建自定义角色的复杂性,并介绍了如何通过 `NotActions` 和 `NotDataActions` 属性简化流程。Tenable Cloud Security 利用这些属性生成高效、易管理的最小权限角色,显著减少配置文件大小并提高安全性。...
2025-3-4 14:0:0 | 阅读: 17 |
收藏
|
Tenable Blog - www.tenable.com
notactions
security
cloud
microsoft
tenable
Cybersecurity Snapshot: OpenSSF Unveils Framework for Securing Open Source Projects, While IT-ISAC Says AI Makes Ransomware Stealthier
文章介绍了新的开源项目安全框架、AI在勒索软件中的应用、负责任AI的挑战、安全工具泛滥、勒索软件攻击激增及朝鲜政府参与加密货币盗窃等网络安全议题。...
2025-2-28 14:0:0 | 阅读: 18 |
收藏
|
Tenable Blog - www.tenable.com
ransomware
security
software
tenable
Identity Security Is the Missing Link To Combatting Advanced OT Threats
日益复杂的网络威胁尤其是"living-off-the-land"(LotL)攻击正利用身份漏洞入侵关键基础设施。这些攻击利用现有工具而非恶意软件以规避检测,在OT环境中尤其危险因 legacy系统缺乏监控且常与IT共享资源。强化身份安全与统一暴露管理可帮助检测、优先处理及缓解跨IT与OT环境的风险。...
2025-2-26 14:0:0 | 阅读: 16 |
收藏
|
Tenable Blog - www.tenable.com
security
attackers
exposure
tenable
identify
Identity Is the New Battleground: Why Proactive Security Is the Way Forward
文章指出身份安全面临多重挑战:身份蔓延导致盲点增加攻击面;传统安全措施难以应对AI驱动的复杂攻击;需采取主动策略并借助工具如Tenable Identity 360进行风险评估和管理以加强防护。...
2025-2-24 14:0:0 | 阅读: 10 |
收藏
|
Tenable Blog - www.tenable.com
security
attackers
identities
exposure
proactive
Previous
5
6
7
8
9
10
11
12
Next
