What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-11-15 22:52:24 | Lolbins pour les connaisseurs… partie 3 Lolbins for connoisseurs… Part 3 (lien direct) |
J'adore explorer des chemins logiciels inexplorés.Et pas nécessairement au niveau de l'assemblage & # 8211;et cela parce que souvent & # 8230;Ce n'est même pas nécessaire.Ils me conduisent souvent à des endroits vraiment étranges f.ex.Découvrir un logiciel qui lit une adresse mémoire & # 8230; | Technical | ★★★ | |
 |
2023-11-15 03:12:53 | Les institutions financières à New York sont confrontées à des règles plus strictes de cybersécurité Financial Institutions in New York Face Stricter Cybersecurity Rules (lien direct) |
Les conseils d'administration doivent maintenir un niveau approprié d'expertise en cyber, des incidents doivent être signalés dans les 72 heures suivant la détermination et tous les paiements de rançon effectués doivent être signalés dans une journée.Ce ne sont que quelques-uns des modifications apportées par le Département des services financiers de l'État de New York à ses exigences de cybersécurité pour les services financiers (23 NYCRR 500), à compter du 1er novembre 2023. Ce resserrement des règnes tiendra les entreprises à un examen supérieur de la sécurité et à faireLes parties prenantes techniques et non techniques comme plus responsables.Bien que cela puisse sembler bénin, le mouvement est plus ...
Boards of directors need to maintain an appropriate level of cyber expertise, incidents must be reported within 72 hours after determination, and all ransom payments made must be reported within a day. Those are just some of the changes made by The New York State Department of Financial Services to its Cybersecurity Requirements for Financial Services (23 NYCRR 500) , effective November 1, 2023. This tightening of the reigns will hold businesses to higher security scrutiny and make technical and non-technical stakeholders alike more accountable. While this may seem benign, the move is more... |
Technical | ★★ | |
 |
2023-11-14 14:00:23 | Livre blanc technique de Socradar: \\ 'un 100m + USD négociateur \\'s Guide pour survivre les ransomwares \\' SOCRadar Technical Whitepaper: \\'A 100M+ USD Negotiator\\'s Guide to Surviving Ransomware\\' (lien direct) |
À une époque où les menaces numériques évoluent constamment, les attaques de ransomwares sont apparues comme un formidable ...
In an era where digital threats constantly evolve, ransomware attacks have emerged as a formidable... |
Ransomware Technical | ★★ | |
 |
2023-11-14 00:00:00 | Les évaluations de la cybersécurité et la fortification des défenses numériques avec CRQ évaluant les cyber-risques sont essentielles pour développer des plans d'action basés sur les données pour stimuler les défenses numériques.Découvrez quelle évaluation vous soutient le mieux pour atteindre les objectifs de cybersécurité.En savoir plus Cybersecurity Assessments and Fortifying Digital Defenses With CRQ Assessing cyber risk is critical for developing data-driven action plans to boost digital defenses. Discover which assessment best supports you in reaching cybersecurity goals. Read More (lien direct) |
The Vital Role of Cyber Assessments and Fortifying Digital Defenses âAs cyber attacks become more sophisticated and complex and regulatory bodies impose stricter cybersecurity requirements, organizations worldwide are facing mounting pressure to adopt security solutions. Understandably, many executives have reacted by implementing a multitude of security tools that supposedly complement one another and better protect organization systems.  âHowever, this strategy often falls short, preventing stakeholders from comprehensively understanding their unique cyber environments. Instead of developing an intimate knowledge of the business units most vulnerable to threats, organizations risk exposing their assets due to their adopt-as-many-tools-as-possible approach. âAfter all, providing effective protection against what remains relatively unknown is impossible.âThis widespread ignorance about the cyber environment is precisely why cyber assessments are so crucial. These evaluations offer a structured approach to identifying, analyzing, and mitigating digital vulnerabilities and provide organizations with a detailed blueprint of their most susceptible business units.âNot All Assessments Are Created Equal âWhile all cyber assessments help businesses become more aware of their cyber risk levels, itâs essential to note that not all reveal the same insights. There are various types of assessments, each tailored to meet specific goals. Some analyze overall cybersecurity posture, while others dive deeper into specific areas, such as compliance and incident response planning. âEach of the available assessments offers organizations valuable data, security leaders can leverage to make informed decisions. Before choosing which IT environment evaluation to invest in, itâs important to discuss with key stakeholders and executives what youâd like to achieve with the new information youâll discover. âDefining a Goal: Risk, Governance, or Compliance âA great place to start when determining organizational goals for the assessment is cybersecurity risk, governance, and compliance (GRC). Cyber GRC is a commonly used industry framework and set of practices that businesses of all sizes harness to manage and secure their information systems, data, and assets. Each of these components serves a specific purpose.  âRisk âA cyber risk assessment aims to identify the factors that make a company vulnerable, generate conclusions regarding the vectors most likely to be the origin of an attack (due to those vulnerabilities), and offer insights about the level of damage a cyber event would cause. âCompanies can proactively address the relevant business units by revealing threat likelihood levels. This information also helps cyber teams determine which areas they want to devote the most resources to. It\'s important to note that both qualitative and quantitative risk assessments exist. âGovernance âThe role of cyber governance is to establish a framework of policies, procedures, and decision-making processes to ensure that cybersecurity efforts are embedded within the broader company culture and align with business goals. It likewise evaluates how well cyber strategies match overall objectives, offering cyber teams an opportunity to better coordinate with other executives and teams. âAn assessment focused on governance also determines if cybersecurity responsibilities are appropriately distributed throughout the organization, such as whether employees are required to use multi-factor authentication (MFA). Other included evaluation points are training programs, incident reporting mechanisms, and event response planning, all of which directly impact an organizationâs risk level. âCompliance âOne would conduct a compliance assessment to ensure an organization | Data Breach Tool Vulnerability Threat Technical | ★★★ | |
 |
2023-11-13 06:18:08 | Permettre des mises à jour de signature de spam en temps réel sans ralentir les performances Enabling Real-Time Spam Signature Updates without Slowing Down Performance (lien direct) |
Engineering Insights est une série de blogs en cours qui donne à des coulisses sur les défis techniques, les leçons et les avancées qui aident nos clients à protéger les personnes et à défendre les données chaque jour.Chaque message est un compte de première main de l'un de nos ingénieurs sur le processus qui a conduit à une innovation de preuves. ProofPoint Conformité intelligente classe le contenu texte qui provient du contenu des médias sociaux partout aux demandes fournies par le client.Une partie de notre système détecte le contenu du spam, généralement à partir de sources basées sur les médias sociaux. Un défi commun pour les systèmes de détection de spam est que les adversaires modifient leur contenu pour échapper à la détection.Nous avons un algorithme qui résout ce problème. Parfois, les faux positifs doivent également être corrigés.Nous gérons cela en maintenant une liste d'exclusion et une liste positive de signatures de spam.Dans cet article de blog, nous expliquons comment nous mettons à jour les signatures de spam en temps réel sans avoir un impact négatif sur les performances. Une nécessité d'évoluer sans compromettre les performances Au fur et à mesure que la clientèle de Proofpoint Patrol a augmenté, nous avons dû la mettre à l'échelle afin de continuer à fournir des services rapides et fiables.À l'origine, le service de catégorisation de texte était intégré à notre service de classificateur de base et n'a pas pu être mis à l'échelle indépendamment.Nous avons décidé de le séparer en son propre service afin que nous puissions le développer et l'étendre indépendamment de notre service de classificateur. Notre première libération de ce nouveau système nous a permis d'évoluer plus efficacement et a entraîné une forte diminution de la latence.Une partie de l'amélioration des performances est venue du chargement de l'ensemble de signature de spam dans la mémoire au démarrage du service. Cependant, cela a conduit à une limitation où nous ne pouvions pas facilement mettre à jour nos ensembles de signature positive ou d'exclusion sans reconstruire et redéployer notre application.Cela signifiait que notre système de spam n'apprendrait pas de nouvelles signatures de spam au fil du temps, ce qui entraînerait également une augmentation des faux négatifs. Une solution de stockage de données en mémoire: redis Peu de temps après avoir rejoint Proofpoint, j'ai été chargé d'améliorer le système de détection des spams pour apprendre au fil du temps, tout en conservant les avantages sociaux.Nous avions besoin d'une solution avec une latence à faible lecture, et idéalement une latence d'écriture faible, car notre rapport lecture / écriture était assis vers 80/20. Une solution potentielle était Redis, une solution de stockage de données en mémoire open source.Amazon propose une implémentation de Redis-MemoryDB-qui peut fournir une persistance de données au-delà de ce qu'une solution de cache typique peut offrir. Présentation d'une solution de stockage de signature en mémoire. À la fin des performances, Amazon possède une latence de lecture microseconde et une latence d'écriture à un chiffre.Tout en étudiant des solutions potentielles, nous avons remarqué des latences similaires avec notre charge de travail. Nous avons généralement plus de requêtes de lecture que l'écriture;Cependant, nous avons des pics occasionnels dans les requêtes d'écriture. Un graphique montrant les commandes de lecture au fil du temps. Un graphique montrant des commandes d'écriture au fil du temps. Le fait que MemoryDB persiste nos signatures de spam et notre liste d'exclusion permettrait à notre système de stocker de nouvelles signatures de spam lors de l'exécution.Cela permettrait également à notre système de s'améliorer avec le temps.Nous serions également en mesure de répondre rapidement aux rapports faux positifs en mettant à jour la liste en temps réel. Nos résultats Après avoir terminé notre | Spam Cloud Technical | ★★★ | |
 |
2023-11-09 16:20:00 | MUDDYC2GO: Nouveau cadre C2 Iranian Hackers Utilisation contre Israël MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel (lien direct) |
Des acteurs iraniens de l'État-nation ont été observés en utilisant un cadre de commandement et de contrôle (C2) sans papiers précédemment appelé Muddyc2go dans le cadre d'attaques ciblant Israël.
"Le composant Web du Framework \\ est rédigé dans le langage de programmation Go", a déclaré Simon Kenin, chercheur en sécurité de Deep Instinct, dans un rapport technique publié mercredi.
L'outil a été attribué à Muddywater, un iranien
Iranian nation-state actors have been observed using a previously undocumented command-and-control (C2) framework called MuddyC2Go as part of attacks targeting Israel. "The framework\'s web component is written in the Go programming language," Deep Instinct security researcher Simon Kenin said in a technical report published Wednesday. The tool has been attributed to MuddyWater, an Iranian |
Tool Technical | ★★★ | |
 |
2023-11-09 00:00:00 | Épisode 7: Si les données sont la nouvelle huile, comment empêcher les déversements de données? EPISODE 7: If Data is the new oil, how do we prevent data spills? (lien direct) |
Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats with your hosts Lianne Potter and Jeff Watkins! This week we have a very special guest, Reema Vadoliya. Reema is the passionate business founder of data consultancy, People of Data, a gifted storyteller, and a professional problem-solver. In this episode, Reema shares her insights on how to collaborate more effectively between cybersecurity and data professionals. She emphasizes the importance of empathetic communication, how sometimes quantifying risks is about gut feeling, not just metrics… We look at how we can use data-driven storytelling to engage and educate people about cybersecurity, including how to make our phishing simulation stats not only more interesting to non-cybersecurity people but also how to make it actually drive meaningful behavioural changes.Top 5 Takeaways for Building a Strong Data Culture and Cybersecurity:1. Collaboration is key: The best way to ensure data security is by fostering good relationships between cybersecurity and data teams. Encourage open communication and explain the importance of keeping data safe.2. Empathy is crucial: To solve problems effectively, it\'s important to understand the actual problem. Avoid closed questions and focus on the "why" behind the issue.3. Checklists can help: Consistent, repeatable, and reusable rules of engagement can prevent insecure practices and reduce the need for constant consultation with the security team.4. Quantifying risks is complex: Sometimes, you need to rely on gut feeling to balance a complex risk landscape. Business analysts can help identify potential risks that may have been overlooked.5. Start small: Building a strong data culture takes time. Start by removing barriers that make data feel unobtainable and use storytelling to help people understand complex concepts. Make better use of phishing data to tell better stories and improve outcomes.Links to everything we discuss in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our youtube channel, and don\'t forget to share on LinkedIin and in your teams. It really helps us spread the word and get high-quality guests, like Reema, on future episodes. We hope you enjoyed episode 7, If Data is the new oil, how do we prevent data spills? - See you next time, keep secure, and don\'t forget to ask yourself, \'Am I the compromising position here?\' Show NotesThe phrase \'Data is the new oil\' was coined by Clive Humby in 2006. In this, he meant that data, like oil, needs refinement and processing to turn it into something useful. We couldn\'t find the original conference in which Humby said this, but I did find an interesting ar | Conference Technical | Uber | ★★★ |
|
2023-11-08 16:30:00 | Guide: comment VCISOS, MSPS et MSSP peuvent protéger leurs clients des risques Gen AI Guide: How vCISOs, MSPs and MSSPs Can Keep their Customers Safe from Gen AI Risks (lien direct) |
Téléchargez le guide gratuit, "C'est un monde d'IA génératif: comment VCISO, MSPS et MSSPS peuvent protéger leurs clients des risques Gen Gen AI."
Chatgpt se vante désormais de 1,5 à 2 milliards de visites par mois.D'innombrables ventes, marketing, RH, exécutif informatique, soutien technique, opérations, finances et autres fonctions alimentent les invites de données et les requêtes dans les moteurs d'IA génératifs.Ils utilisent ces outils pour écrire
Download the free guide, "It\'s a Generative AI World: How vCISOs, MSPs and MSSPs Can Keep their Customers Safe from Gen AI Risks." ChatGPT now boasts anywhere from 1.5 to 2 billion visits per month. Countless sales, marketing, HR, IT executive, technical support, operations, finance and other functions are feeding data prompts and queries into generative AI engines. They use these tools to write |
Tool Technical | ChatGPT | ★★ |
 |
2023-11-08 07:33:45 | AVERTISSEMENT contre Phobos Ransomware distribué via RDP vulnérable Warning Against Phobos Ransomware Distributed via Vulnerable RDP (lien direct) |
Ahnlab Security Emergency Response Center (ASEC) a récemment découvert la distribution active des ransomwares de phobos.Phobos est une variante connue pour partager des similitudes techniques et opérationnelles avec les ransomwares Dharma et Crysis.Ces souches de ransomware ciblent généralement les services de protocole de bureau à distance externe en externe (RDP) avec des titres vulnérables en tant que vecteurs d'attaque.Compte tenu de la présence fréquente de la distribution des ransomwares qui exploite ces RDP vulnérables comme points d'accès initiaux, il est conseillé aux administrateurs d'être prudents.[1] [2] [3] 1. Présentation du ransomware phobos Phobos Ransomware ...
AhnLab Security Emergency response Center (ASEC) has recently discovered the active distribution of the Phobos ransomware. Phobos is a variant known for sharing technical and operational similarities with the Dharma and CrySis ransomware. These ransomware strains typically target externally exposed Remote Desktop Protocol (RDP) services with vulnerable securities as attack vectors. Given the frequent occurrence of ransomware distribution that leverages these vulnerable RDPs as initial access points, administrators are advised to be cautious. [1] [2] [3] 1. Phobos Ransomware Overview Phobos ransomware... |
Ransomware Technical | ★★★ | |
 |
2023-11-06 21:23:00 | Nouvel Google Cloud Rat utilise des événements de calendrier pour C2 Novel Google Cloud RAT Uses Calendar Events for C2 (lien direct) |
Les cybercriminels abusent des fonctions légitimes au sein des services cloud, et les fournisseurs ne peuvent pas les arrêter totalement, en particulier en ce qui concerne des approches innovantes comme celle-ci.
Cybercriminals are abusing legitimate functions within cloud services, and providers can\'t totally stop them, especially when it comes to innovative approaches like this. |
Cloud Technical | ★★★★★ | |
|
2023-11-06 03:00:54 | Ce que nous avons appris du rapport "le Cyber-Resilient CEO" What We Learned From "The Cyber-Resilient CEO" Report (lien direct) |
Dans le paysage numérique d'aujourd'hui, la cybersécurité n'est pas seulement une préoccupation technique;C'est un impératif stratégique.Alors que nous nous plongeons dans les idées d'un récent rapport d'Accenture intitulé «Le PDG du cyber-résilient», nous découvrirons le rôle essentiel des PDG dans la sauvegarde de leurs organisations contre les cyber-menaces.Découvrez comment un groupe sélectionné de dirigeants navigue sur le terrain complexe des cyber-vulnérabilités, faisant de la cybersécurité une pierre angulaire de la résilience commerciale.Les PDG des complexités de cyber-menace reconnaissent que le monde des affaires est en proie à des cyber-vulnérabilités.Ce rapport révèle ce perturbateur ...
In today\'s digital landscape, cybersecurity is not just a technical concern; it\'s a strategic imperative. As we delve into the insights from a recent report from Accenture titled " The Cyber-Resilient CEO ," we\'ll uncover CEOs\' critical role in safeguarding their organizations against cyber threats. Discover how a select group of leaders navigates the complex terrain of cyber vulnerabilities, making cybersecurity a cornerstone of business resilience. The Cyber-Threat Complexities CEOs recognize that the business world is rife with cyber vulnerabilities. This report reveals that disruptive... |
Vulnerability Guideline Technical | ★★★ | |
 |
2023-11-05 17:45:05 | Alors, avez-vous entendu parler de Havoc, le nouvel outil du cyber arsenal? So, have you heard about Havoc, the new tool in the cyber arsenal? (lien direct) |
Permettez-moi de vous donner la baisse de ce que le brassage dans le métro numérique avec ce nouveau logiciel appelé Havoc.Maintenant, vous pourriez être [Plus ...]
Let me give you the lowdown on what’s brewing in the digital underground with this fresh piece of software called Havoc. Now, you might be [more...] |
Tool Tool Technical | ★★★★ | |
 |
2023-11-02 12:00:24 | Plus de moyens pour les utilisateurs d'identifier les applications testées sur la sécurité indépendante sur Google Play More ways for users to identify independently security tested apps on Google Play (lien direct) |
Posted by Nataliya Stanetsky, Android Security and Privacy Team
Keeping Google Play safe for users and developers remains a top priority for Google. As users increasingly prioritize their digital privacy and security, we continue to invest in our Data Safety section and transparency labeling efforts to help users make more informed choices about the apps they use.
Research shows that transparent security labeling plays a crucial role in consumer risk perception, building trust, and influencing product purchasing decisions. We believe the same principles apply for labeling and badging in the Google Play store. The transparency of an app\'s data security and privacy play a key role in a user\'s decision to download, trust, and use an app.
Highlighting Independently Security Tested VPN Apps
Last year, App Defense Alliance (ADA) introduced MASA (Mobile App Security Assessment), which allows developers to have their apps independently validated against a global security standard. This signals to users that an independent third-party has validated that the developers designed their apps to meet these industry mobile security and privacy minimum best practices and the developers are going the extra mile to identify and mitigate vulnerabilities. This, in turn, makes it harder for attackers to reach users\' devices and improves app quality across the ecosystem. Upon completion of the successful validation, Google Play gives developers the option to declare an “Independent security review” badge in its Data Safety section, as shown in the image below. While certification to baseline security standards does not imply that a product is free of vulnerabilities, the badge associated with these validated apps helps users see at-a-glance that a developer has prioritized security and privacy practices and committed to user safety.
To help give users a simplified view of which apps have undergone an independent security validation, we\'re introducing a new Google Play store banner for specific app types, starting with VPN apps. We\'ve launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle. When a user searches for VPN apps, they will now see a banner at the top of Google Play that educates them about the “Independent security review” badge in the Data Safety Section. Users also have the ability to “Learn More”, which redirects them to the App Validation Directory, a centralized place to view all VPN apps that have been independently security reviewed. Users can also discover additional technical assessment details in the App Validation Directory, helping them to make more informed decisions about what VPN apps to download, use, and trust with their data.
|
Tool Vulnerability Mobile Technical | ★★ | |
 |
2023-11-02 11:30:00 | Bugy octets # 216 & # 8211;Injections SQL, Android XSS et rédaction de rapports de qualité Bug Bytes #216 – SQL injections, Android XSS and Writing Quality Reports (lien direct) |
> Bug Bytes est une newsletter hebdomadaire organisée par les membres de la communauté Bug Bounty.La deuxième série est organisée par InsiderPhd.Chaque semaine, elle nous tient à jour avec une liste complète des articles, des outils, des tutoriels et des ressources.Ce numéro couvre la semaine du 23 octobre au 29 octobre Intigriti News de mon cahier
>Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources. This issue covers the week from October 23rd to October 29th Intigriti News From my notebook |
Tool Mobile Technical | ★★★ | |
 |
2023-11-01 16:25:55 | Pouses de bibliothèque publique de Toronto causées par une attaque de ransomware Black Basta Toronto Public Library outages caused by Black Basta ransomware attack (lien direct) |
La bibliothèque publique de Toronto connaît des pannes techniques en cours en raison d'une attaque noire de ransomware de Basta.[...]
The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. [...] |
Ransomware Technical | ★★ | |
|
2023-10-29 23:17:07 | Enquêtes Telegram et Osint Telegram and OSINT Investigations (lien direct) |
Telegram en tant que l'une de vos sources OSINT alors que la répression de la désinformation s'intensifie sur les plateformes de médias sociaux traditionnelles, Telegram est devenu un nouveau sanctuaire [plus ...]
Telegram as one of your OSINT sources As the crackdown on misinformation intensifies on traditional social media platforms, Telegram has emerged as a new sanctuary [more...] |
Technical | ★★★★ | |
|
2023-10-28 21:15:23 | Au-delà du bon ol \\ '.Bashrc Entrée… Partie 3 Beyond the good ol\\' .bashrc entry… Part 3 (lien direct) |
Mise à jour après l'avoir publié, @netspooky m'a fait un ping avec quelques informations supplémentaires.Apparemment, cette technique est connue depuis au moins 2019 et a été démo par @ zer0pwn en premier.Ce billet de blog de MCG le décrit.Old Post Cette entrée est A & # 8230; Continuer la lecture & # 8594;
Update After I posted it, @netspooky pinged me with some additional info. Apparently, this technique is known since at least 2019 and was demoed by @zer0pwn first. This blog post from MCG describes it. Old Post This entry is a … Continue reading → |
Technical | ★★★ | |
 |
2023-10-26 13:08:32 | Anatomie d'un cheval de Troie zéro-jour capturé par notre appliance Darktrace Anatomy of a zero-day trojan caught by our Darktrace appliance (lien direct) |
Keith Siepel, responsable informatique chez Hydrotech, Inc., examine une cyber-menace avancée découverte par DarkTrace sur un réseau de client \\.
Keith Siepel, IT Manager at Hydrotech, Inc., examines an advanced cyber-threat discovered by Darktrace on a customer\'s network. |
Technical | ★★★ | |
|
2023-10-26 13:08:32 | Anatomie d'une violation d'initiés provenant de l'ordinateur portable d'un entrepreneur \\ Anatomy of an insider breach originating from a contractor\\'s laptop (lien direct) |
Keith Siepel, responsable informatique chez Hydrotech, Inc., examine une cyber-menace avancée découverte par DarkTrace sur un réseau de client \\.
Keith Siepel, IT Manager at Hydrotech, Inc., examines an advanced cyber-threat discovered by Darktrace on a customer\'s network. |
Technical | ★★★ | |
|
2023-10-18 23:00:00 | Épisode 4: Code Red - Autonomiser les ingénieurs pour sécuriser nos pipelines CI / CD Episode 4 : CODE RED - Empowering engineers to secure our ci/cd pipelines (lien direct) |
Dans cet épisode, notre invité Josh Nesbitt, CTO de Glean A Leeds Edtech Startup, partage ses idées sur la sécurisation des données des personnes vulnérables, l'importance deAccessibilité et conformité dans les produits prêts pour la production, et les défis de la réalisation de l'utilisabilité, des fonctionnalités et de la sécurité de concert. & nbsp; & nbsp; Rejoignez-nous alors que nous démysrions les idées fausses courantes autour de l'agile et explorons comment les équipes de sécurité peuvent être plus créatives dans leur approche.Nous parlerons de la façon d'utiliser des outils et de l'engagement pour obtenir des ingénieurs et des équipes de sécurité sur la même page. & Nbsp; Les liens vers tout ce que Josh a discuté dans cet épisode se trouve dans les notes de l'émission et si vous avez aimé le spectacle, veuillez nous laisser un avis et partager sur Linkediin ou dans vos équipes, cela nous aide vraiment à faire passer le motet obtenir des invités de haute qualité, comme Josh, sur les épisodes futurs. & nbsp; Nous espérons que vous avez appréciéCet épisode - à la prochaine fois, restez en sécurité, et n'oubliez pas de vous demander: \\ 'suis-je une position compromettante ici? \' & nbsp; Show Notes | Tool Conference Technical | ★★ | |
|
2023-10-03 00:39:56 | Master Intelligence Virustotal: un guide complet de la feuille de triche VTI Mastering VirusTotal Intelligence: A Comprehensive Guide to VTI Cheat Sheet (lien direct) |
À quelle fréquence vous êtes-vous retrouvé perdu dans le dédale des fonctionnalités et des options que Virustotal Intelligence (VTI) offre?Si
How often have you found yourself lost in the maze of features and options that VirusTotal Intelligence (VTI) offers? If |
Technical | ★★★★ | |
|
2023-10-02 20:16:45 | Rester en avance sur les ransomwares: un guide complet pour la sécurité des e-mails et la détection gérée Staying Ahead of Ransomware: A Comprehensive Guide to Email Security and Managed Detection (lien direct) |
Introduction aux attaques de ransomware de protection des ransomwares MD
Introduction to MDR Ransomware protection Ransomware attacks are on the rise, costing businesses millions and putting immense pressure on internal |
Ransomware Technical | ★★★ | |
|
2023-10-02 19:27:46 | Déballage du pouvoir d'Osint dans les enquêtes sur la criminalité financière Unpacking the Power of OSINT in Financial Crime Investigations (lien direct) |
OSINT est-il le lien manquant dans vos enquêtes sur la criminalité financière?À une époque où les crimes financiers deviennent de plus en plus sophistiqués,
Is OSINT the Missing Link in Your Financial Crime Investigations? In an era where financial crimes are becoming increasingly sophisticated, |
Technical | ★★★★ | |
|
2023-10-02 19:01:31 | 18 requêtes Shodan pour webcam osint (2023) 18 Shodan Queries for Webcam OSINT (2023) (lien direct) |
Vous êtes-vous déjà demandé comment découvrir le monde caché des webcams à l'aide de Shodan?Vous & # 8217; n'est pas seul.Avec la montée
Have you ever wondered how to uncover the hidden world of webcams using Shodan? You’re not alone. With the rise |
Technical | ★★★ | |
|
2023-10-02 17:11:01 | Comment construire une solide équipe OSINT pour détecter les attaques de phishing et de fraude How to Build a Strong OSINT Team to Detect Phishing and Fraud Attacks (lien direct) |
Introduction Don & # 8217; ne vous détestez-vous que lorsque vous entendez parler d'une autre entreprise victime de phishing ou d'attaques de fraude?
Introduction Don’t you just hate it when you hear about yet another company falling victim to phishing or fraud attacks? |
Guideline Technical | ★★★ | |
|
2023-10-02 16:45:20 | NetworkMiner 2.8.1: dévoiler de nouvelles capacités en médecine légale du réseau NetworkMiner 2.8.1: Unveiling New Capabilities in Network Forensics (lien direct) |
Introduction excitée pour le réseau médico-légal?Tu devrais être!Aujourd'hui marque la sortie de NetworkMiner 2.8.1, et il est rempli de nouveaux
Introduction Excited about network forensics? You should be! Today marks the release of NetworkMiner 2.8.1, and it’s packed with new |
Tool Technical | ★★★ | |
|
2023-10-02 15:51:46 | Intégration d'Osint dans le centre d'opérations de sécurité: augmentation de l'efficacité, services innovants et améliorant les marges bénéficiaires Integrating OSINT in the Security Operations Center: Boosting Efficiency, Innovating Services, and Enhancing Profit Margins (lien direct) |
Dans un monde à mondialiser rapidement, les frontières entre les cyber opérations et les implications réelles se brouillants.C'est une réalité que chaque
In a rapidly globalizing world, the lines between cyber operations and real-world implications are blurring. It’s a reality that every |
Technical | ★★★ | |
 |
2023-10-02 15:06:17 | Éclairage actif de l'infrastructure de Lycantrox Active Lycantrox infrastructure illumination (lien direct) |
> Sekoia.io surveille activement des centaines de clusters d'infrastructures malveillants pour protéger ses clients.À la lumière du récent CitizenLab Blogspot et en solidarité avec les efforts contre les cyber-mercenaires, nous avons choisi de faire la lumière sur l'un des grappes d'infrastructure employées parLycantrox, potentiellement pour compromettre leurs cibles.
la publication Suivante illumination de l'infrastructure de lycantrox active href = "https://blog.sekoia.io" rel = "nofollow"> sekoia.io blog .
>SEKOIA.IO is actively monitoring hundreds of malicious infrastructure clusters to protect its customers. In light of the recent Citizenlab blogspot and in solidarity with the efforts against cyber mercenaries, we have chosen to shed light on one of the infrastructure clusters employed by Lycantrox, potentially for compromising their targets. La publication suivante Active Lycantrox infrastructure illumination est un article de Sekoia.io Blog. |
Technical | ★★★★ | |
|
2023-10-02 02:34:30 | Top outils de médecine légale numérique (2023) Top Digital Forensics Tools (2023) (lien direct) |
Vous vous demandez quels outils de médecine légale numérique font des vagues dans le paysage de la cybersécurité?Vous êtes au bon endroit.Dans ce
Wondering which digital forensics tools are making waves in the cybersecurity landscape? You’ve come to the right place. In this |
Tool Technical | ★★★★ | |
|
2023-09-29 23:18:54 | Au-delà du bon ol \\ '.Bashrc Entrée… Partie 1 Beyond the good ol\\' .bashrc entry… Part 1 (lien direct) |
Je ne sais vraiment pas si c'est le premier post de la série, ou juste un seul-off aussi, le dernier.Il existe de nombreux articles de blog fantastiques qui traitent des astuces de persistance les plus populaires, F.Ex.& # 8230; Continuer la lecture & # 8594;
I really don’t know if this is the first post in the series, or just a one-off that is also, the last. There are many fantastic blog posts out there that deal with the most popular Linux persistence tricks, f.ex. … Continue reading → |
Technical | ★★★ | |
|
2023-09-27 22:38:17 | Zydisinfo & # 8211;le démontbler qui rompt le code, deux fois ZydisInfo – the disassembler that breaks the code, twice (lien direct) |
Le moment où j'ai entendu parler du code machine et de ses opcodes & # 8230;Je suis tombé amoureux.Être capable de comprendre le code machine en regardant simplement le binaire (d'accord, surtout sa représentation hexadécimale) était comme de la magie.Et depuis de nombreux assemblages X86 simples & # 8230; Continuer la lecture & # 8594;
The moment I heard of machine code and its opcodes… I fell in love. Being able to understand machine code from just looking at the binary (okay, mostly its hexadecimal representation) felt like magic. And since many simple x86 assembly … Continue reading → |
Technical | ★★★ | |
 |
2023-09-27 10:57:35 | Rapport SOTI Akamai : le nombre de cyberattaques contre les services financiers européens a plus que doublé en 2023 (lien direct) | Rapport SOTI Akamai : le nombre de cyberattaques contre les services financiers européens a plus que doublé en 2023 Le segment de marché des services financiers est devenu la principale cible des attaques DDoS, devant celui des jeux vidéo - Investigations | Technical | ★★★ | |
|
2023-09-25 19:03:31 | Comment prouver qu'un iPhone a été essuyé: un guide étape par étape How to Prove an iPhone Was Wiped: A Step-By-Step Guide (lien direct) |
Vous êtes-vous déjà demandé comment confirmer qu'un iPhone a été effectivement épuisé?Vous & # 8217; n'est pas seul.S'assurer qu'un appareil
Ever wondered how to confirm that an iPhone has actually been wiped clean? You’re not alone. Ensuring that a device |
Technical | ★★★ | |
|
2023-09-22 22:48:48 | Utiliser les compétences OSINT pour votre propre protection… Using OSINT skills for your own protection… (lien direct) |
C'est probablement le blog le plus inhabituel que j'ai jamais écrit ici & # 8230;Oh, bien & # 8230;& # 8212;Tl; dr;Ma femme et moi avons récemment séjourné dans un hôtel assez cher.J'ai remporté le nom et la honte, mais il est juste de dire qu'ils n'ont pas fait & # 8217; t & # 8230; Continuer la lecture & # 8594;
This is probably the most unusual blog post I have ever written here… Oh, well… — TL;DR; My wife and I recently stayed at a pretty expensive hotel. I won’t name and shame, but it’s fair to say they didn’t … Continue reading → |
Technical | ★★★ | |
 |
2023-09-22 16:08:06 | EvilBamboo cible les appareils mobiles dans une campagne pluriannuelle EvilBamboo Targets Mobile Devices in Multi-year Campaign (lien direct) |
> La volexité a identifié plusieurs campagnes de longue durée et actuellement actives entrepris par les pistes de volexité de la menace comme le maléfique (anciennement Evil Eye) ciblant les individus et les organisations taiwanais, ouïghour et taïwanais.Ces objectifs représentent trois des cinq groupes toxiques du Parti communiste chinois (PCC).La volexité a suivi les activités de EvilBamboo depuis plus de cinq ans et continue d'observer de nouvelles campagnes de cet acteur de menace.En septembre 2019, la volexité a décrit le déploiement d'un cadre de reconnaissance et de logiciels malveillants Android personnalisés ciblant les communautés ouïghour et tibétaine.En avril 2020, les attaques détaillées par volexité par cet acteur de menace contre les appareils iOS, en utilisant un exploit de safari pour infecter les utilisateurs ouïghour avec des logiciels malveillants iOS personnalisés.Les principaux faits saillants des enquêtes récentes de Volexity \\ incluent les éléments suivants: Ciblage Android: Développement de trois familles de logiciels malveillants Android personnalisés, Badbazaar, Badsignal et Badsolar, pour infecter les adversaires du CCP est en cours.Faux sites Web et profils de médias sociaux: l'attaquant a [& # 8230;]
>Volexity has identified several long-running and currently active campaigns undertaken by the threat actor Volexity tracks as EvilBamboo (formerly named Evil Eye) targeting Tibetan, Uyghur, and Taiwanese individuals and organizations. These targets represent three of the Five Poisonous Groups of Chinese Communist Party (CCP). Volexity has tracked the activities of EvilBamboo for more than five years and continues to observe new campaigns from this threat actor. In September 2019, Volexity described the deployment of a reconnaissance framework and custom Android malware targeting both the Uyghur and Tibetan communities. In April 2020, Volexity detailed attacks by this threat actor against iOS devices, using a Safari exploit to infect Uyghur users with custom iOS malware. Key highlights from Volexity\'s recent investigations include the following: Android targeting: Development of three custom Android malware families, BADBAZAAR, BADSIGNAL, and BADSOLAR, to infect CCP adversaries is ongoing. Fake websites and social media profiles: The attacker has […] |
Malware Threat Technical | ★★★ | |
|
2023-09-21 22:37:46 | Documenter les sans-papiers & # 8211;La méthode Saveas de Excel \\… Documenting the undocumented – Excel\\'s SaveAs method… (lien direct) |
Il y a quelques jours, Kernelv0id a posé des questions sur un format Excel sans papiers qu'il a observé utilisé par l'une des charges utiles qu'il analysait.Il a vu un fichier .xlsb malveillant supprimer un fichier qui était enregistré avec un fichier & # 8230; Continuer la lecture &# 8594;
A few days ago kernelv0id asked about an undocumented Excel format that he observed being used by one of the payloads he was analysing. He saw a malicious .xlsb file dropping a file that was being saved with a file … Continue reading → |
Technical | ★★★★ | |
 |
2023-09-19 09:01:22 | Analyse d'un exploit Android in-the-wild moderne Analyzing a Modern In-the-wild Android Exploit (lien direct) |
By Seth Jenkins, Project ZeroIntroductionIn December 2022, Google\'s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG\'s blog post covers the targeting and the actor behind the campaign. This is a technical analysis of the final stage of one of the exploit chains, specifically CVE-2023-0266 (a 0-day in the ALSA compatibility layer) and CVE-2023-26083 (a 0-day in the Mali GPU driver) as well as the techniques used by the attacker to gain kernel arbitrary read/write access.Notably, all of the previous stages of the exploit chain used n-day vulnerabilities:CVE-2022-4262, a vulnerability patched in Chrome that was unpatched in the Samsung browser (i.e. a "Chrome n-day"), was used to achieve RCE.CVE-2022-3038, another Chrome n-day, was used to escape the Samsung browser sandbox. CVE-2022-22706, a Mali n-day, was used to achieve higher-level userland privileges. While that bug had been patched by Arm in January of 2022, the patch had not been downstreamed into Samsung devices at the point that the exploit chain was discovered.We now pick up the thread after the attacker has achieved execution as system_server.Bug #1: Compatibility Layers Have Bugs Too (CVE-2023-0266)The exploit continues with a race condition in the kern | Vulnerability Threat Technical | ★★ | |
 |
2023-09-14 19:03:55 | Une approche proactive de la chasse aux menaces dans la sécurité des entreprises A proactive approach to threat hunting in enterprise security (lien direct) |
L'un des chasseurs de menaces experts de Red Canary \\ a récemment rejoint le podcast «attendre juste un infosec» pour discuter de la chasse aux menaces dans un SOC de classe mondiale.
One of Red Canary\'s expert threat hunters recently joined the “Wait Just an Infosec” podcast to discuss threat hunting in a world-class SOC. |
Threat Technical | ★★★ | |
 |
2023-09-14 00:00:00 | La petite idée avec un grand impact sur l'écart de talents de cybersécurité The Small Idea With a Big Impact on the Cybersecurity Talent Gap (lien direct) |
The cost of cybercrime is expected to reach $8 trillion globally this year, yet the scarcity of security talent is becoming more pronounced. With more than 750,000 cybersecurity positions unfilled in the U.S. and 3.5 million positions worldwide unfilled, the race is on to close the skills shortage that is estimated to contribute to 80% of all security breaches. In 2022, cyberattacks increased by 38%. The global average cost of a data breach reached $4.35 million, while the average cost of a data breach in the U.S. reached $9.44 million, according to a report by IBM and the U.S.-based Ponemon Institute. Bringing on more technical talent is central to companies in order to stop these threat actors. “Cybercrime can be very lucrative. And the reality is, talent is your best line of defense,” said Donna O\'Shea, chair of cybersecurity at Munster Technological University (MTU) in Cork, Ireland. Easing the Talent Crunch With Bite-Sized Learning As the digital economy evolves, more opportunities for malicious attacks are coming to the fore. Creative approaches aimed at increasing the pool of security professionals are emerging–and bringing down the barriers that once kept people from pursuing these lucrative roles. “There has been a lot of progress made in terms of the way that we deliver cybersecurity education,” O\'Shea said. Micro-credentials are small, accredited courses that allow candidates to pursue highly focused upskilling and reskilling that respond to niche labor market needs. Experts predict that lowering the time and costs involved in post-graduate studies will attract more learners and help address the cybersecurity talent scarcity. In 2020, the Irish Universities Association (IUA) was awarded €12.3 million through the country\'s Department of Further and Higher Education to become the first European country to establish a national framework for nationally accredited micro-credentials. “This is a real innovation in workforce development and lifelong learning,” says Aisling Soden, talent transformation & innovation manager for IDA Ireland. The cyberskills micro-credential programs are administered through academic institutes, co-designed by industry and, in time, will be transferrable across Europe. Because they are offered online, Soden also sees micro-credentials as a way to help companies upskill staff with specific cybersecurity skills to an international standard of education. These highly specific cybersecurity short courses will also benefit companies looking to upskill internal staff or access new talent in 25+ critical areas such as network systems, security standards & risk, security architecture, malware, reverse engineering and more. Soden envisions the micro-credential standards playing a bigger role on the global stage: “In the future, I can see these standards being recognized worldwide.” Underrepresented Communities: An Untapped Resource In 2022, Ireland was one of only a few countries to make headway in the quest to narrow cybersecurity talent shortages. Most regions around the world reported an increase in their cybersecurity workforce gap, according to a report by (ISC)², the world\'s leading cybersecurity professional organization. Last year, Ireland closed its cybersecurity skills gap by 19.5% while the global gap grew by 26.2%. O\'Shea stressed the need to do a “much better job globally of reaching underrepresented populations to fill these open positions.” Especially now, she says, as micro-credentials bring down the cost, time commitments and previously required masters-level studies for training for cybersecurity jobs, opportunities must increase for women, military veterans, minority groups and people from financially disadvantaged communities. There\'s also an untapped market of individuals displaced from hospitality and other service sectors during the pandemic. Society needs to do a better job of fostering cybersecurity talent across the entire hiring spectrum, said O\'Shea. This should start with thought-provoking conversa | Data Breach Malware Threat Studies Prediction Technical | ★★ | |
|
2023-09-09 00:09:28 | Lolbins pour les connaisseurs… partie 2 Lolbins for connoisseurs… Part 2 (lien direct) |
Cela peut sembler un peu contre-intuitif, mais certains lolbins très connus se rendent souvent dans des endroits que personne ne pensait jamais être possibles & # 8230;Poursuivant le sujet que j'ai commencé quelques jours plus tôt, aujourd'hui, je vais explorer quelques autres & # 8230; | Technical | ★★★ | |
|
2023-09-06 10:25:00 | Bugy octets # 210 & # 8211;Zenbleed, interview les questions, les pièces de défi et les injections SQL Bug Bytes #210 – Zenbleed, Interview Questions, Challenge Coins and SQL Injections (lien direct) |
> Bug Bytes est une newsletter hebdomadaire organisée par les membres de la communauté Bug Bounty.La deuxième série est organisée par InsiderPhd.Chaque semaine, elle nous tient à jour avec une liste complète des articles, des outils, des tutoriels et des ressources.Ce numéro couvre la semaine du 28 août & # 8211;3 septembre Intigriti News de mon cahier
>Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources. This issue covers the week from August 28th – September 3rd Intigriti News From my notebook |
Technical | ★★★ | |
|
2023-09-03 18:00:04 | Le secret du 961C151D2E87F2686A955A9BE24D316F1362BF21 The secret of 961c151d2e87f2686a955a9be24d316f1362bf21 (lien direct) |
Un récemment est tombé sur un échantillon qui comprenait la chaîne mystérieuse suivante: j'ai googlé et non seulement j'ai trouvé quelques occurrences supplémentaires de cette chaîne, mais j'ai également trouvé une règle Yara (avertissement PDF) qui l'a fait référence.J'ai dû & # 8230; continuer la lecture & # 8594;/ span>
A recently came across a sample that included the following, mysterious string: I googled around and not only found a few more occurrences of this string, but also found a yara rule (PDF warning) that referenced it. I had to … Continue reading → |
Technical | ★★★ | |
|
2023-08-25 23:05:18 | Des lolbins pour les connaisseurs… Lolbins for connoisseurs… (lien direct) |
Nous sommes tous assez obsédés par la pureté des lolbins.Mieux encore, s'il s'agit d'un comportement caché/non documenté/inattendu d'un binaire natif du système d'exploitation qui peut être abusé à des fins néfastes.Évidemment, je les aime le plus aussi.Cependant…Vivre …Continuer la lecture →
We are all quite fixated on a purity of lolbins. Best if it is a hidden/undocumented/unexpected behavior of a native OS binary that can be abused for some nefarious purposes. I, obviously, love these the most, too. However… Living Off … Continue reading → |
Technical | ★★★ | |
|
2023-08-16 00:00:00 | Réponses rapides aux questions rapides: Ivan Houlihan, SVP et chef de la côte ouest des États-Unis pour Ida Ireland Quick answers to Quick Questions: Ivan Houlihan, SVP & Head of West Coast U.S for IDA Ireland (lien direct) |
A slightly different conversation this week as we speak to Ivan Houlihan, Senior Vice President and Head of the West Coast of the United States for IDA Ireland–the Investment and Development Agency of the Irish Government, which promotes foreign direct investment into Ireland. Based in California, Ivan leads the team that works closely with existing and potential clients in technology, financial services, life sciences and engineering throughout the Western US and Mexico. We hope you enjoy this week\'s angle about on Cybersecurity, cyber skills and microcredentials. M.R. Rangaswami: How Do Microcredentials Address the Cybersecurity Talent Scarcity Problem? Ivan Houlihan: While nations pass resolutions and laws that try to prevent cybercrime, the most widespread answer is increasing the supply of expert security talent to stay ahead of the criminals. Ivan Houlihan suggests an innovative approach, which involves the concept of microcredentials. These are small, accredited courses that allow candidates to pursue highly focused upskilling and reskilling that responds to specific market needs. Besides creating qualified new candidates to quickly come on board, this solution opens the door to workers that might otherwise not have pursued careers in cybersecurity. As the head of the West Coast U.S. for IDA Ireland, Houlihan has seen an increasing number of American technology firms with operations in Ireland employ this strategy to address their cybersecurity talent crunch. When it comes to microcredentials in cybersecurity, Houlihan believes that Ireland\'s innovative training programs can become a model for other nations seeking to address the serious issue of cybercrime, which is predicted to cost the world $10.5 trillion by 2025. In this quick Q&A, he explains the basics of setting up a microcredentials program in the cybersecurity space – although microcredentials can be earned in other technical areas, too. M.R. Rangaswami: What are some of the current issues impacting cybersecurity staffing and why are microcredential programs a reasonable solution? Ivan: Technology workers in general are often in short supply, but when it comes to qualified cybersecurity personnel, the problem is compounded by educational requirements along with needed specific skills that take time and money for those seeking to enter this field. Technical degrees, specialized training and often, often some graduate work, have discouraged many would-be candidates, particularly those put off by the prospect of student loans and related barriers. One of the biggest myths in the cybersecurity field is that it\'s just for people with high proficiency in math, men only or those with certain graduate degrees. People also assume they must go to renowned universities to study for the field in order to pursue such careers. All these factors have conspired to decrease the pool of qualified candidates. Microcredential programs short-circuit the time and cost of pursuing a lucrative cybersecurity career, although the field does require some technical training as a starting point. Fortunately, being male, having graduate degrees and other assumptions don\'t apply, however. Microcredentials bring down the cost and time commitments while increasing cybersecurity job opportunities for women, military veterans, minority groups, people from financially disadvantaged backgrounds, workers from other departments and others previously not often found in the profession. And since microcredential programs are typically online, they are of short duration and can be “stacked” or combined to form bigger accreditations – this makes it easier to get the right kind of training for a promising new career. The most successful microcredential programs demonstrate a collaborative effort between universities, governments, research institutions and industry, with the latter providing curriculum input based on what the candidates need to know to hit the ground running. M.R.: Describe the cybersecurity microcredential programs you\'re aware of, how t | Studies Technical | ★★ | |
|
2023-06-09 15:42:46 | Trouver et exploiter les conducteurs de tueurs de processus avec LOL pour 3000 $ Finding and exploiting process killer drivers with LOL for 3000$ (lien direct) |
Cet article décrit un moyen rapide de trouver des conducteurs de tueurs de processus exploitables faciles.Il existe de nombreuses façons d'identifier et d'exploiter les conducteurs de tueurs de processus.Cet article n'est pas exhaustif et ne présente qu'une seule méthode (facile).
Dernièrement, l'utilisation de la technique BYOVD pour tuer les agents AV et EDR semble tendance.Le projet Blackout ZeromeMoryEx, l'outil Terminator vendu (pour 3000 $) de Spyboy en est quelques exemples récents.
L'utilisation de conducteurs vulnérables pour tuer AV et EDR n'est pas neuf, il a été utilisé par APTS, Red Teamers et Ransomware Gangs depuis un certain temps.
This article describes a quick way to find easy exploitable process killer drivers. There are many ways to identify and exploit process killer drivers. This article is not exhaustive and presents only one (easy) method. Lately, the use of the BYOVD technique to kill AV and EDR agents seems trending. The ZeroMemoryEx Blackout project, the Terminator tool sold (for 3000$) by spyboy are some recent examples. Using vulnerable drivers to kill AV and EDR is not brand new, it’s been used by APTs, Red Teamers, and ransomware gangs for quite some time. |
Ransomware Tool Technical | ★★★★ | |
 |
2023-05-10 22:00:00 | Clean Code est-il la solution de la qualité du code du cahier Jupyter? Is Clean Code the solution to Jupyter notebook code quality? (lien direct) |
Clean Code est-il la solution de la qualité du code du cahier Jupyter?
Is Clean Code the solution to Jupyter notebook code quality? |
Technical | ★★★ | |
|
2023-05-10 08:00:00 | ES2023 introduit de nouvelles méthodes de copie du tableau à JavaScript ES2023 introduces new array copying methods to JavaScript (lien direct) |
Il existe de nouvelles méthodes de tableau en JavaScript et ils sont là pour rendre nos programmes plus prévisibles et maintenables.
There are new array methods in JavaScript and they are here to make our programs more predictable and maintainable. |
Technical | ★★★ | |
|
2023-05-01 22:00:00 | Python bizarre: 5 comportements inattendus dans l'interpréteur Python Weird Python: 5 Unexpected Behaviors in the Python Interpreter (lien direct) |
Cinq façons dont l'interprète de Python se comporte de manière à ce que vous ne vous attendez pas.
Five ways in which Python\'s interpreter behaves in ways that you wouldn\'t expect. |
Technical | ★★★ | |
|
2023-04-25 22:00:00 | Entretien avec Sonar Python Developers Part 2 Interview with Sonar Python Developers Part 2 (lien direct) |
Derniers développements Python.Entretien avec des développeurs Python de Sonar.
Latest Python developments. Interview with Python developers from Sonar. |
Technical | ★★★ | |
|
2023-04-24 22:00:00 | Odoo: obtenez votre type de contenu, ou bien! Odoo: Get your Content Type right, or else! (lien direct) |
Pour quoi avons-nous besoin de types de contenu de toute façon?Laissez \\ examiner comment un type de contenu incorrect a conduit à une vulnérabilité du monde réel dans Odoo, CVE-2023-1434.
What do we need content types for anyway? Let\'s look into how an incorrect content type led to a real-world vulnerability in Odoo, CVE-2023-1434. |
Vulnerability Technical | ★★★ |
To see everything:
Our RSS (filtrered)
