MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions such as analyzing threats to network security and malware analysis. MISP has a security vulnerability tha...

Secure Quantum Communication: Simulation and Analysis of Quantum Key Distribution Protocols

Quantum computing poses significant threats to conventional cryptographic techniques such as RSA and AES, motivating the need for quantum secure communication methods. Quantum Key Distribution QKD offers information theoretic security based on fundamental quantum principles. This paper presents a...

Red Teaming Methodology for Design Obfuscation

The main goal of design obfuscation schemes is to protect sensitive design details from untrusted parties in the VLSI supply chain, including but not limited to off-shore foundries and untrusted end users. In this work, we provide a systematic red teaming approach to evaluate the security of desi...

The Shift from Vulnerability Management to Exposure Management

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Your vulnerability management program is optimized for the wrong war. You're counting patches whil...

Exposing Hidden Backdoors in NFT Smart Contracts: a Static Security Analysis of Rug Pull Patterns

The explosive growth of Non-Fungible Tokens NFTs has revolutionized digital ownership by enabling the creation, exchange, and monetization of unique assets on blockchain networks. However, this surge in popularity has also given rise to a disturbing trend: the emergence of rug pulls - fraudulent...

Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation

Security teams face growing demands with more tools, more data, and higher expectations than ever. Boards approve large security budgets, yet still ask the same question: what is the business getting in return? CISOs respond with reports on controls and vulnerability counts – but executives want ...

Security-First AI: Foundations for Robust and Trustworthy Systems

The conversation around artificial intelligence AI often focuses on safety, transparency, accountability, alignment, and responsibility. However, AI security i.e., the safeguarding of data, models, and pipelines from adversarial manipulation underpins all of these efforts. This manuscript posits...

​​Transforming security​ with Microsoft Security Exposure Management initiatives​

Just as nature sheds its winter coat, it's time to prune outdated security measures and plant the seeds of a more robust defense. For years, Microsoft Secure Score has served as a foundational tool for organizations to assess their security posture. By providing a numerical representation of...

Do we still have to keep doing it like this?

Welcome to the first edition of the Threat Source newsletter for 2025. Upon returning to work this week from my Lindt chocolate reindeer coma, my first task was to write this newsletter. As I stared at a blank template hoping for inspiration to suddenly strike, I did what any security professiona...

Three Recommendations for Creating a Risk-Based Detection and Response Program

It should come as little surprise to most security professionals that keeping pace with the evolution of threat actors has become harder and harder. Maintaining visibility into the threat landscape and on top of external risk vectors is more than a matter of incorporating more point solutions. It...

CVSS v4.0 Released with New Supplemental Metrics, and OT/ICS/IoT Support

By Deeba Ahmed IN SUMMARY The non-profit collective Forum of Incident Response and Security Teams FIRST, has released the new version… This is a post from HackRead.com Read the original post: CVSS v4.0 Released with New Supplemental Metrics, and OT/ICS/IoT Support...

Part I: Implementing Effective Cyber Security Metrics That Reduce Risk Realistically

As a CISO or business leader, some burning questions that often come to your mind are: How vulnerable is our cybersecurity posture? Are we better protected than we were three months or a year ago? Have our investments improved the cybersecurity posture and yielded any tangible benefits? Are my...

Wiz integrates with Amazon Security Lake to improve cloud security through cloud security data sharing

New integration enables customers to consolidate security logs, run investigations and analyze security metrics in their customer-owned data lake...

MISP Cross-Site Scripting Vulnerability (CNVD-2022-64092)

MISP is an open source software solution. The product is used to collect, store, distribute, and share network security metrics and has features such as threat network security event analysis and malware analysis. cross-site scripting vulnerability exists in versions prior to MISP 2.4.158, which...

Getting Hosts from Microsoft Intune MDM using Python

Today I want to talk about Microsoft Intune. It is a Mobile Device Management platform. Well, I think that the importance of MDM systems has become much higher than it was before the days of covid-19. Simply because a lot more people now work remotely using corporate laptops. And if these people...

Steal Facebook user information: using Android same origin policy vulnerability a malicious application is found-vulnerability warning-the black bar safety net

A few months ago we studied the Android same origin policy（SOP）of vulnerability, however recently there has been a use of this vulnerability to Facebook user attack a malicious application, which utilizes code based on the disclosed Metasploit test code. myhack58 science: the same-origin policy...

How I Got Here: Andrew Jaquith

Dennis Fisher talks with Andrew Jaquith of SilverSky about his days running networks in the transportation industry, being there at the birth of @stake during his time at Cambridge Technology Partners, helping to kickstart the security metrics movement and what’s next for him. Download:...

New Research Refines Security Vulnerability Metrics

Adequate security metrics have seemingly been an unattainable goal, especially when it comes to software security. Too often, organizations simply rely on vulnerability counts for flaws disclosed in an operating system or popular application as a measure of its security. But too often, variables...

10 Tips for Getting Started With Security Metrics

It’s becoming evident that security practitioners have to take on a metrics mentality to improve security operations, reduce risks and better advise their critical decisions. There are several steps an organization can take to ensure that they are on the right path. There are some must-haves that...

Errors, Outliers Obscure Cybercrime Losses

Estimates of the extent of cyber crime are hopelessly overblown, two computer security researchers argue in an editorial from Sunday’s New York Times. Arguing counter to the prevailing opinion that online crime is a modern day Yukon Gold Rush for entrepreneurial hackers, the two Microsoft...