11°C
ciel dégagé
All it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled âThe best tech journalists at eating hot dogs.â Every word is a lie. I claimed (without evidence) that competitive...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
In 2010, OWASP added "Unvalidated Redirects and Forwards" to its Top 10 list and merged it into "Sensitive Data Exposure" in 2013. Open redirects are often overlooked, and their impact is not always well understood. At first, it does not look...
Politicians fixate on the global race for technological supremacy between US and China. They debate geopolitical implications of chip exports, latest model releases from each country, and military applications of AI. Someday, they believe, we...
Bruno is a Windows Active Directory box. Iâll start by finding a .NET sample scanning application on FTP, and after reverse engineering it, discover a ZipSlip vulnerability in how it handles zip archives. Combining that with a DLL hijack, Iâll...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Je colle ci-dessous mes notes que je commenterai ensuite Mardi 17 février vers 10h15Bus [xxx]Un homme taille moyenne blanc lunettes noires bonnet barbe courte.Il agresse verbalement le chauffeur en haussant la voix et en le traitant de connard.Le...
In his last two diaries, Xavier discussed recent malware campaigns that download JPEG files with embedded malicious payload[1,2]. At that point in time, Iâve not come across the malicious âMSI imageâ myself, but while I was going over malware...
Good article on password managers that secretly have a backdoor. New research shows that these claims arenât true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Giveback starts with a WordPress website with a donation plugin thatâs vulnerable to a RCE exploit. Iâll get a shell in a Kubernetes pod, and use it to scan an internal legacy app running PHP-CGI. Iâll abuse a vulnerability in that application to...
Introduction For at least the past year or so, I've been receiving Japanese-language phishing emails to my blog email addresses at @malware-traffic-analysis.net. I'm not Japanese, but I suppose my blog's email addresses ended up on a list used by...
This is a fix for option âyarastrings. rtfdump_V0_0_15.zip (http)MD5: C70F327DDC11B549A399B2F85B2B9607SHA256: 9EFDEB5978372BD93065BCDAB6486DAECA4CB7E2EDA15DD5BD4C98AF69FB19A7
I like this one. As usual, you can also use this squid post to talk about the security stories in the news that I havenât covered. Blog moderation policy.
Itâs a demonstration of how toxic the surveillance-tech company Flock has become when Amazonâs Ring cancels the partnership between the two companies. As Hamilton Nolan advises, remove your Ring doorbell.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
This update adds option -C (âcombinations). When this option is used together with -j (âjsonoutput), 2 extra versions of each stream are added. One with option -H enabled, and one with option -H and -S enabled. rtfdump_V0_0_14.zip (http)MD5:...
[This is a Guest Diary contributed by John Moutos] Overview In this post, I'm going over my analysis of DynoWiper, a wiper family that was discovered during attacks against Polish energy companies in late December of 2025. ESET Research [1] and...
Interesting: Summary: An AI agent of unknown ownership autonomously wrote and published a personalized hit piece about me after I rejected its code, attempting to damage my reputation and shame me into accepting its changes into a mainstream...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Aucun article de sécurité disponible