香港頭條 - HongKong News pinned «360 Total Security Android Malware RottenSys has infected 5 million smartphones Recently, an Android malware called “RottenSys” was discovered by a security company, Check Point. It is an Adware that disguises itself as a Wi-Fi management tool, and gains…»
Shadowrocket账号:
shaynelegend2@outlook.com
密码:gongzhonghao2:SCDXCPY
这个账号可以下载汤不热和小火箭
shaynelegend2@outlook.com
密码:gongzhonghao2:SCDXCPY
这个账号可以下载汤不热和小火箭
香港頭條 - HongKong News pinned «Shadowrocket账号: shaynelegend2@outlook.com 密码:gongzhonghao2:SCDXCPY 这个账号可以下载汤不热和小火箭»
给开发者的一点小提示
Google在国内为部分面向开发者的网站建立了镜像,方便大家在不翻墙的情况下也能下载到相应资源。
例如,可以在这里下载到Android Studio SDK:https://developer.android.google.cn/studio/index.html?hl=zh-cn
dl.google.com 目前在国内的DNS解析是指向Google在北京的服务器的,如果无法下载,请检查hosts条目以及代理自动切换规则设置;仍然无法下载,请考虑更换DNS。
更多开发者网站镜像列表请参阅:https://github.com/chenzhuo914/google-cn-devsites-extension/blob/master/README.md
Google在国内为部分面向开发者的网站建立了镜像,方便大家在不翻墙的情况下也能下载到相应资源。
例如,可以在这里下载到Android Studio SDK:https://developer.android.google.cn/studio/index.html?hl=zh-cn
dl.google.com 目前在国内的DNS解析是指向Google在北京的服务器的,如果无法下载,请检查hosts条目以及代理自动切换规则设置;仍然无法下载,请考虑更换DNS。
更多开发者网站镜像列表请参阅:https://github.com/chenzhuo914/google-cn-devsites-extension/blob/master/README.md
Android Developers
Download Android Studio and SDK Tools | Android Developers
Download the official Android IDE and developer tools to build apps for Android phones, tablets, wearables, TVs, and more.
思科本周发布安全公告,修补22项软件漏洞,包括1项可能导致阻断攻击或远端代码执行的交换器软件漏洞。
思科3月28日发布半年一次的Cisco IOS及IOS XE软件安全公告,包含20项安全更新,修补22项IOS及IOS XE软件漏洞,其中3项为重大风险,19项为高度风险,能让攻击者非授权存取网络装置、取得管理员权限、执行任意代码等。
其中最严重的是编号CVE-2018-0171的堆叠式缓冲溢位漏洞,它位于IOS及IOS XE中的Smart Install功能中。Smart Install是方便新交换机部署的组态及镜像档管理功能,它可以自动化首次组态,加载现有作业系统镜像档到网络交换机中,加速新机部署的速度,此外也具备组态备份功能。本漏洞由安全公司Embedi发现并通报思科。
漏洞发生于Smart Install Client的代码中,使其未能对封包数据做必要验证。攻击者可以发送含有恶意代码的Smart Install信息给思科交换器上的TCP port 4786,在Smart Install Client启动下,引发SMI IBC Server对恶意信息处理,进而导致堆叠式缓冲溢位攻击。
思科表示,成功的攻击可能导致未经验证的远端攻击者驱动装置重新加载,而造成阻断服务(denial of service,DoS)或是任意代码执行攻击。
凡是执行问题版本的IOS或IOS XE软件,并启动Smart Install的思科产品都会受到影响。Embedi扫描侦测到网络上有25万台有漏洞的交换器装置,并有850万台装置开启有漏洞的传输端口。曝险装置数目如此之多,安全人员认为可能是因为Smart Install客户端的TCP 4786预设为开启,却未被网管人员发现。
思科同时警告本项漏洞并没有权宜方式可以避免,必须立即安装修补程序。
思科3月28日发布半年一次的Cisco IOS及IOS XE软件安全公告,包含20项安全更新,修补22项IOS及IOS XE软件漏洞,其中3项为重大风险,19项为高度风险,能让攻击者非授权存取网络装置、取得管理员权限、执行任意代码等。
其中最严重的是编号CVE-2018-0171的堆叠式缓冲溢位漏洞,它位于IOS及IOS XE中的Smart Install功能中。Smart Install是方便新交换机部署的组态及镜像档管理功能,它可以自动化首次组态,加载现有作业系统镜像档到网络交换机中,加速新机部署的速度,此外也具备组态备份功能。本漏洞由安全公司Embedi发现并通报思科。
漏洞发生于Smart Install Client的代码中,使其未能对封包数据做必要验证。攻击者可以发送含有恶意代码的Smart Install信息给思科交换器上的TCP port 4786,在Smart Install Client启动下,引发SMI IBC Server对恶意信息处理,进而导致堆叠式缓冲溢位攻击。
思科表示,成功的攻击可能导致未经验证的远端攻击者驱动装置重新加载,而造成阻断服务(denial of service,DoS)或是任意代码执行攻击。
凡是执行问题版本的IOS或IOS XE软件,并启动Smart Install的思科产品都会受到影响。Embedi扫描侦测到网络上有25万台有漏洞的交换器装置,并有850万台装置开启有漏洞的传输端口。曝险装置数目如此之多,安全人员认为可能是因为Smart Install客户端的TCP 4786预设为开启,却未被网管人员发现。
思科同时警告本项漏洞并没有权宜方式可以避免,必须立即安装修补程序。
3月29日,一份提交给美国证券交易委员会(SEC)的最新文件显示,Telegram完成了第二轮ICO募资,募资总额8.5亿美元。加上2月募集到的第一笔8.5亿美元,Telegram的区块链平台 “Telegram Open Network” (TON)和加密货币“Gram”尚未上线,已经募集到了17亿美元,远远超出年初预定的12亿美元目标。
Cloudflare 宣布隐私优先的 DNS 解析服务 1.1.1.1
云服务商 Cloudflare 在 4 月 1 日宣布了一个隐私优先的 DNS 解析服务 1.1.1.1。我们访问任何网站或任何网络服务时都需要通过 DNS 解析,默认使用的 DNS 解析服务由你连接的网络提供,如 ISP 或 WIFI 服务提供商,这些 DNS 解析服务是没有任何隐私的,会记录你访问的任何网站。此外 DNS 污染也是最常用的审查策略。1.1.1.1 这个 IP 由 APNIC 的研究组控制,Cloudflare 与 APNIC 讨论使用 1.1.1.1 创建一个快速而且隐私优先的 DNS 解析服务。Cloudflare 承诺它不会出售任何用户数据,也不会记录用户的 IP。Media
云服务商 Cloudflare 在 4 月 1 日宣布了一个隐私优先的 DNS 解析服务 1.1.1.1。我们访问任何网站或任何网络服务时都需要通过 DNS 解析,默认使用的 DNS 解析服务由你连接的网络提供,如 ISP 或 WIFI 服务提供商,这些 DNS 解析服务是没有任何隐私的,会记录你访问的任何网站。此外 DNS 污染也是最常用的审查策略。1.1.1.1 这个 IP 由 APNIC 的研究组控制,Cloudflare 与 APNIC 讨论使用 1.1.1.1 创建一个快速而且隐私优先的 DNS 解析服务。Cloudflare 承诺它不会出售任何用户数据,也不会记录用户的 IP。Media
Microsoft recently issued a security update for Windows 7 and Windows Server 2008 R2 to fix the security issue within the Meltdown Patch of Microsoft released on January and February.
This flaw, named Total Meltdown, in Microsoft’s Meltdown patch was exposed by a Swedish security expert earlier this week and allows attackers to arbitrarily access kernel memory.
What’s Meltdown
Earlier this year, the Meltdown and Spectre were found the most severe vulnerability that exists on almost every CPU on earth. By abusing the speculative execution feature of modern CPU design, these exploits allow attackers to read memory where most critical user data, such as your document and account passwords, resides.
On 2018-01-03 and 2018-02-13, Microsoft released KB4056897 and KB4074587 to mitigate the CPU vulnerabilities via Windows Operating System and 360 Center also released the first CPU vulnerability assessment tool.
How Total Meltdown affects your computer
According the research who found the flaw, the patch which was supposed to block the CPU security holes implanted another security hole to 64bit of windows 7 and Windows Server 2008 R2.
By wrongly setting of the privilege of kernel memory, PML4, to User-Mode-Readable, any user mode application, including malicious ones, can gain free access to the kernel memory.
Kernel memories are where high privilege tasks of the system are running and tasks running on it can access the memories of all applications, which means most users’ data can be stolen once compromised.
Apply Patch Soon
On 2018-03-13, Microsoft has issued KB4088878 to address the issue. 360 Security Center urges user to apply the fix as soon as possible:
Users of 360 Total Security can get the update via PatchUp feature. Download 360 Total Security
Or user can download the patch from Microsoft.com. Download KB4088878
This flaw, named Total Meltdown, in Microsoft’s Meltdown patch was exposed by a Swedish security expert earlier this week and allows attackers to arbitrarily access kernel memory.
What’s Meltdown
Earlier this year, the Meltdown and Spectre were found the most severe vulnerability that exists on almost every CPU on earth. By abusing the speculative execution feature of modern CPU design, these exploits allow attackers to read memory where most critical user data, such as your document and account passwords, resides.
On 2018-01-03 and 2018-02-13, Microsoft released KB4056897 and KB4074587 to mitigate the CPU vulnerabilities via Windows Operating System and 360 Center also released the first CPU vulnerability assessment tool.
How Total Meltdown affects your computer
According the research who found the flaw, the patch which was supposed to block the CPU security holes implanted another security hole to 64bit of windows 7 and Windows Server 2008 R2.
By wrongly setting of the privilege of kernel memory, PML4, to User-Mode-Readable, any user mode application, including malicious ones, can gain free access to the kernel memory.
Kernel memories are where high privilege tasks of the system are running and tasks running on it can access the memories of all applications, which means most users’ data can be stolen once compromised.
Apply Patch Soon
On 2018-03-13, Microsoft has issued KB4088878 to address the issue. 360 Security Center urges user to apply the fix as soon as possible:
Users of 360 Total Security can get the update via PatchUp feature. Download 360 Total Security
Or user can download the patch from Microsoft.com. Download KB4088878
关于“蹭网”类移动应用程序的通报
发布时间:04-02 来源:网络安全管理局
近日据有关媒体报道,移动应用程序“WiFi万能钥匙”和“WiFi钥匙”具有免费向用户提供使用他人WiFi网络的功能,涉嫌入侵他人WiFi网络和窃取用户个人信息。工业和信息化部网络安全管理局对此高度重视,立即组织网络安全专业机构对上述两款移动应用程序进行技术分析,发现两款移动应用程序具有共享用户所登录WiFi网络密码等信息的功能。目前,工业和信息化部网络安全管理局已要求上海市、福建省通信管理局开展调查工作,将在核查的基础上,依据《网络安全法》等法律法规进行处理,维护广大网民的合法权益。
针对“蹭网”类移动应用程序可能存在的风险,在此提醒:WiFi网络提供者应谨慎共享自己的WiFi网络,并定期更换WiFi网络密码;WiFi网络使用者应增强安全上网意识,谨慎使用WiFi“蹭网”类移动应用程序。
发布时间:04-02 来源:网络安全管理局
近日据有关媒体报道,移动应用程序“WiFi万能钥匙”和“WiFi钥匙”具有免费向用户提供使用他人WiFi网络的功能,涉嫌入侵他人WiFi网络和窃取用户个人信息。工业和信息化部网络安全管理局对此高度重视,立即组织网络安全专业机构对上述两款移动应用程序进行技术分析,发现两款移动应用程序具有共享用户所登录WiFi网络密码等信息的功能。目前,工业和信息化部网络安全管理局已要求上海市、福建省通信管理局开展调查工作,将在核查的基础上,依据《网络安全法》等法律法规进行处理,维护广大网民的合法权益。
针对“蹭网”类移动应用程序可能存在的风险,在此提醒:WiFi网络提供者应谨慎共享自己的WiFi网络,并定期更换WiFi网络密码;WiFi网络使用者应增强安全上网意识,谨慎使用WiFi“蹭网”类移动应用程序。
北京的天气~
4月1日还是三生三世十里桃花;
4月2日成了你是风儿、我是沙,灰头土脸闯天涯;
4月3日是情深深,雨蒙蒙,多少楼台烟雨中;
4月4日开始就是众里寻他千百度,蓦然回首,那人却在找秋裤
[呲牙][呲牙][呲牙][捂脸][捂脸]
4月1日还是三生三世十里桃花;
4月2日成了你是风儿、我是沙,灰头土脸闯天涯;
4月3日是情深深,雨蒙蒙,多少楼台烟雨中;
4月4日开始就是众里寻他千百度,蓦然回首,那人却在找秋裤
[呲牙][呲牙][呲牙][捂脸][捂脸]
360 Ransomware Tool Decrypts Rising WannaCry Copycat
Last year, the notorious WannaCry ransomware affected over 150 countries and caused huge loss among numerous organizations, companies and personal computers. Recently, a delicate counterfeit named Bansomqare Wanna has emerged with a similar appearance to WannaCry.
This copycat mimics a popular IM software, WhatsApp, to lure victims into installing it. After infection, a similar popup to WannaCry’s comes up and frightens the victims.
Though it looks like WannaCry, its encryption algorithm can be cracked. 360 Ransomware Decryption Tool has been the first security vendor to support the decryption. Those who were affected can download our tool to save their documents.
The Lord of Ransomware
As WannaCry hit almost every country on earth, it has become a legend in the history of malware. According to a survey, at least 300 thousands victims were infected, causing 8 billion dollars of financial loss. Various industries were affected, including finance, energy and even the medical field.
Knowing that the scales are huge and returns are tremendous, the pupil malware writers are trying to replicate the “successful” story of WannaCry to make a fortune.
A Good Looking but Mediocre Copycat
With limited technology advantage, this counterfeit featured its perfect visual design. It camouflaged itself in a fake WhatApp installer and distributed itself via download websites.
After running the installer, all the common documents will be encrypted and a popup with a ransom note will show, asking for 100 US dollar worth of Bitcoin. The appearance and text on the popup are highly similar to WannaCry’s, making naive victims believe it’s WannaCry.
But with cautious observation, users will notice that all the encrypted files are appended with “.bitcoin” suffix instead of WannaCry’s “.WNCRY”.
Get 360 Ransomware Decryption Tool to Save Your Files
After the in-depth analysis, experts of 360 Security Center found that the decryption key is embedded within the application, making the decryption possible without paying the ransom.
360 ransomware decryption tool has integrated the solution in the first place to help victims save their files.
Download 360 Ransomware Decryption Tool or share it with friends in need.
Last year, the notorious WannaCry ransomware affected over 150 countries and caused huge loss among numerous organizations, companies and personal computers. Recently, a delicate counterfeit named Bansomqare Wanna has emerged with a similar appearance to WannaCry.
This copycat mimics a popular IM software, WhatsApp, to lure victims into installing it. After infection, a similar popup to WannaCry’s comes up and frightens the victims.
Though it looks like WannaCry, its encryption algorithm can be cracked. 360 Ransomware Decryption Tool has been the first security vendor to support the decryption. Those who were affected can download our tool to save their documents.
The Lord of Ransomware
As WannaCry hit almost every country on earth, it has become a legend in the history of malware. According to a survey, at least 300 thousands victims were infected, causing 8 billion dollars of financial loss. Various industries were affected, including finance, energy and even the medical field.
Knowing that the scales are huge and returns are tremendous, the pupil malware writers are trying to replicate the “successful” story of WannaCry to make a fortune.
A Good Looking but Mediocre Copycat
With limited technology advantage, this counterfeit featured its perfect visual design. It camouflaged itself in a fake WhatApp installer and distributed itself via download websites.
After running the installer, all the common documents will be encrypted and a popup with a ransom note will show, asking for 100 US dollar worth of Bitcoin. The appearance and text on the popup are highly similar to WannaCry’s, making naive victims believe it’s WannaCry.
But with cautious observation, users will notice that all the encrypted files are appended with “.bitcoin” suffix instead of WannaCry’s “.WNCRY”.
Get 360 Ransomware Decryption Tool to Save Your Files
After the in-depth analysis, experts of 360 Security Center found that the decryption key is embedded within the application, making the decryption possible without paying the ransom.
360 ransomware decryption tool has integrated the solution in the first place to help victims save their files.
Download 360 Ransomware Decryption Tool or share it with friends in need.