The article explains how to enable Kubernetes audit logging and use its detailed fields—such as userAgent, responseStatus, requestURI, and object references—to detect CDK‑generated attacks and other threats like CVE‑2022‑3172, privilege escalation, and backdoor deployment, offering practical detection examples and security recommendations.
This article explains how phishing exploits human psychology, outlines common phishing variants such as email, spear, whaling, business email compromise, smishing, vishing, social‑media, pharming and evil‑twin attacks, and provides practical measures to recognize and defend against them.
The article details China Postal Savings Bank's successful DevSecOps assessment at the 2023 GOPS Global Operations Conference, sharing the bank's project background, interview insights on culture, processes, and tooling, and outlining the benefits and future plans of adopting standardized DevSecOps practices.
In 2022, Ant Group and leading cybersecurity firms launched a five‑year funding program to support 1,200 students in open‑source security projects, linking academic research with real‑world industry needs and achieving high academic performance across the first reporting phase.
The article explains the nationwide "Huwang" cybersecurity red‑blue exercise, its purpose, rules, team roles, scheduling, and the lucrative daily earnings (1.5K‑3K ¥) for participants, while also showing how alumni can get internal referrals through the training institute.
This article explains how attackers can exploit Linux file timestamps using shell commands and a custom Bash script to hide their activities, covering tools like touch, stat, ls, and detailed script steps for saving, modifying, and restoring timestamps to evade forensic detection.
The article recounts real-world examples of hidden backdoors in software—from an Android ROM project and Ken Thompson’s compiler-level exploit—to discuss their legal ambiguity in China, highlight the challenges of detection, and conclude with a call for developers to share their own experiences, alongside a promotional Python course.
A recent bug in the open‑source redis‑py library caused ChatGPT to leak personal data of about 1.2 % of Plus users, allowing some users to see others' names, emails, and partial credit‑card details; OpenAI issued an apology, published a post‑mortem, and deployed a patch to fix the Redis Cluster async client issue.
Twitter filed a DMCA request to force GitHub to remove a repository exposing proprietary code, while also seeking a court order to identify the leaker, highlighting the security risks and legal complexities of source‑code leaks in the era of high‑profile tech acquisitions.
This article introduces ten open‑source cloud security solutions—including Wazuh, Osquery, GoAudit, Grapl, OSSEC, Suricata, Zeek, Panther, Kali Linux, and PacBot—explaining their key features, deployment options, and how they help enterprises protect SaaS, PaaS, and IaaS environments.
This article explains the concept, background, and definition of Single Sign‑On (SSO), outlines three SSO deployment types, introduces the Central Authentication Service (CAS) with detailed ticket mechanisms, and provides step‑by‑step SSO and Single Logout (SLO) processes for multiple applications.
Starting March 13, 2023, GitHub will enforce two‑factor authentication for all contributors, rolling out the requirement gradually based on activity and project impact, to strengthen the global software supply chain against account takeover attacks and align with broader cybersecurity policies.
The article outlines a large commercial bank’s understanding of data security, shares its comprehensive management practices—including governance, lifecycle protection, technical support, and industry collaboration—and presents a forward‑looking perspective on future challenges and enhancements in data security.
A stored XSS vulnerability (CVE-2023-0050) in affected GitLab CE/EE versions allows attackers to execute arbitrary JavaScript via crafted Kroki diagrams, with a broad impact and remediation requiring upgrades to version 15.7.8 or later.
This guide reviews the ten leading vulnerability scanning solutions, detailing each tool's key features, deployment options, and how they help organizations detect and remediate security weaknesses across networks, servers, cloud and container environments.
The article investigates how certain illicit mobile applications use phone‑bill and electricity‑bill recharge interfaces to launder money, describing the hidden industry chain, the roles of unsuspecting users, the various payment methods involved, and the challenges of tracing the illicit funds.
This article examines the ten most common website security attacks—from XSS and SQL injection to DDoS and phishing—explaining their motivations, mechanisms, and practical mitigation strategies such as WAF deployment, input sanitization, SSL encryption, and regular updates to help protect any online presence.
Apple has released iOS, iPadOS, and macOS security updates that patch the critical WebKit zero‑day CVE‑2023‑23529, a type‑confusion flaw allowing unauthenticated remote code execution, while also noting related Apple kernel and macOS vulnerabilities and urging users to upgrade promptly.
The article outlines the five‑generation evolution of Ant Group's risk control platforms, the technical and operational challenges faced, the shift toward data‑driven and AI‑enabled security, and the organization’s comprehensive data and network protection measures alongside emerging technologies such as graph risk, blockchain, and privacy computing.
This article presents a comprehensive overview of digital watermarking, covering its history, evaluation metrics, various media implementations, challenges posed by AI, and practical applications—especially in e‑commerce—to protect data throughout its lifecycle and enable effective leakage tracing.
The paper surveys digital watermarking, detailing its definition, security features, embedding models, key algorithms across spatial, transform, and compression domains, and applications such as copyright protection, anti‑counterfeiting, tamper detection, and covert communication, while outlining future robustness challenges and prospects.
This article explains why HTTPS provides stronger security than HTTP by detailing symmetric and asymmetric encryption, integrity hashing, digital certificates, and the SSL/TLS handshake process, illustrating how each component protects data from eavesdropping, tampering, and impersonation.
In July 2022 a former Yandex employee stole 44.7 GB of the company's source code, exposing internal architecture across dozens of services, prompting security experts to warn that while no user data was leaked, the breach could enable future targeted attacks.
Anxin Securities' Financial Store system passed the level‑2 DevSecOps assessment by China CAICT, showcasing how cultural, process, and technical practices were integrated to enhance security, efficiency, and digital transformation in a large‑scale financial trading platform.
Zhongtai Securities shares how adopting DevSecOps standards, integrating security into every stage of its DevOps pipeline, and leveraging automated testing tools dramatically improved delivery speed, reduced vulnerabilities, and positioned the firm at an advanced domestic security level, as confirmed by the latest CAICT assessment.
Dongle is a lightweight, Go-based library offering extensive encoding/decoding and cryptographic functions—including various hash, HMAC, and symmetric/asymmetric algorithms—along with recent updates such as tea‑mode support, empty‑string padding, and code restructuring, and is featured in the awesome‑go collection.
This article reports on the China Academy of Information and Communications Technology's DevOps standard assessments, highlights Industrial and Commercial Bank of China's successful Level‑2 DevSecOps evaluation, and presents an in‑depth interview revealing the bank’s cultural, process, and technical practices that boosted its security risk management and digital transformation.
A PyTorch‑nightly supply‑chain attack introduced a malicious "torchtriton" package on PyPI that exfiltrated IP addresses, hostnames, usernames and SSH keys from Linux systems, prompting an urgent uninstall notice and a swift response from the PyTorch team.
The article explains why software supply chain security is increasingly critical, introduces the SLSA (Supply‑Chain Levels for Software Artifacts) framework and its three trust boundaries, outlines common risk points from code commit to package distribution, and discusses mitigation strategies such as mandatory code review, robot‑account controls, and automation.
An in‑depth guide explains the difference between symmetric and asymmetric encryption, why a public key can encrypt but not decrypt, and walks through the TLS 1.2 handshake that underpins HTTPS, covering certificates, random numbers, session key derivation, and the role of public‑private key pairs.
This article explains how Active Directory domains work, outlines over 220 attack techniques such as SPN scanning, password spraying, Kerberoasting, DCSync, and privilege‑escalation exploits, and then presents comprehensive defense measures including attack‑surface reduction, strict admin hygiene, network isolation, honeypots, and continuous monitoring.
Okta disclosed that attackers copied source code from its private GitHub repositories, yet the breach did not affect its services, customer data, or HIPAA, FedRAMP, and DoD customers, and the company took immediate remedial actions to secure its accounts.
This article explains the terminology, background, goals, technical choices, workflow, and API design of a token‑based authentication solution that leverages OAuth2 password grant and JWT to provide secure, stateless, cross‑platform access for enterprise applications.
Although Linux is widely regarded as secure, its dominance in web servers makes it a prime target for malware, so this guide reviews the ten most effective antivirus solutions for Linux, explaining their features, usage, and why they matter for protecting your systems.
This article summarizes Jiang Zemin’s 2008 paper on China’s information technology industry, highlighting his 24‑character strategic guideline, the emphasis on autonomous innovation in microelectronics, software, cloud computing, and the enduring relevance of his insights for today’s tech development.
A massive Twitter data breach exposing over 5.4 million accounts—plus a larger, undisclosed dump—highlights a six‑month‑old API vulnerability, the delayed fix, and the heightened phishing risk for millions of users worldwide.
This guide walks you through Wireshark’s main interface, demonstrates simple packet captures, explains how to use capture and display filters with concrete examples, and details TCP three‑handshake analysis, providing practical tips for network engineers and security analysts.
This article details the evolution, architecture, and key technologies of Ant Group's anti‑intrusion platform, explaining how it handles trillion‑level data streams for intrusion detection, performs multi‑dimensional risk assessment and attribution, and enables rapid, automated security incident response across massive enterprise environments.
This article presents a comprehensive analysis of black‑gray market activities in the residential services sector, detailing industry service models, typical fraud scenarios, intelligence‑gathering architecture, traceability capabilities, and multi‑stage counter‑measure processes aimed at detection, investigation, and prosecution.
This article shares three Zhihu answers that explore a hidden backdoor in an Android ROM, the ambiguous legal status of software backdoors in China, and historic compiler‑level backdoors like Ken Thompson's, highlighting the technical and legal complexities of hidden vulnerabilities.
The National Internet Information Office's revised Internet Comment Service Management Regulations, effective December 15, 2022, mandate real‑name authentication, user tiering, blacklist of serious defaulters, stringent personal data protection, pre‑review of news comments, and comprehensive security measures for online comment platforms.
This article explains how Java source files are compiled into class files, how they can be decompiled, and provides a detailed, code‑rich tutorial on protecting a Spring Boot project by configuring ProGuard through a proguard.cfg file and Maven plugin to produce an obfuscated JAR.
In 2015‑2016, Twitter engineer Steve Krenzel reduced mobile bandwidth consumption by about 40% through gzip‑compressed request logging, only to confront an ethical clash when a telecom client demanded identifiable user location data, leading him to reject the request and eventually leave the company.
Zhejiang Government Procurement Cloud's CTO Liu Changyu presented at the Cloud Summit, detailing the company's comprehensive data security and compliance framework including 'three-in-one' certifications, 'four-in-one' data security construction, and intelligent data classification strategies.
The article introduces TECC, a privacy‑computing framework that balances security and performance by using trusted execution environments, data secret‑sharing, lightweight cryptographic protocols, and Rust‑based implementation to enable near‑plaintext speed for secure multi‑party machine learning and data analysis.
The Zephyr Project Manager plugin for WordPress versions prior to 3.2.55 suffers from an unauthenticated CSRF flaw that allows attackers to impersonate administrators and execute malicious actions, including stored XSS, due to missing authorization checks and insufficient input sanitization.
This article details the practical framework, policies, tools, and workflows that a major online medical service used to classify and grade its data assets, ensuring compliance with China's Data Security Law and Personal Information Protection Law while reducing business risk.
This article shares practical security best practices for operations teams, covering why security is often overlooked, real incident examples, and detailed guidelines on port hardening, system hardening (login management, vulnerability scanning, baseline checks), application, network, and data protection, emphasizing continuous investment and simple safeguards.
This article explains the concept of Single Sign‑On (SSO), compares its major protocols—SAML, OAuth2, and OpenID Connect—covers their workflows, benefits, terminology, and provides guidance on when to choose each protocol for different application scenarios.
Enterprise Information Security Architecture (EISA) provides a structured framework that links business drivers with technical guidance through three perspectives—business, information, and technology—detailing its documentation layers, strategic approaches, and the integration of security into overall enterprise architecture to enable effective, iterative security programs.
A misconfigured Azure Blob storage bucket exposed 2.4 TB of sensitive data from over 65,000 entities in 111 countries, prompting Microsoft to acknowledge the breach, dispute its scale, and outline best practices while highlighting cloud storage misconfigurations as a leading attack vector.
This tutorial walks through building a Python script that scans nearby Wi‑Fi networks and performs brute‑force password cracking, first using a command‑line approach and then enhancing it with a Tkinter graphical interface, while also discussing limitations and possible multithreading improvements.
This article explains the concept of in‑memory PHP trojans, provides simple obfuscated source code that deletes itself and persists in RAM, discusses their stealth characteristics, and offers a basic mitigation strategy of terminating the process and removing the generated files.
The article explains how vulnerabilities in version control systems and CI/CD pipelines can expose the software supply chain to attacks and provides best‑practice recommendations for hardening VCS configurations, branch protection, least‑privilege access, secure testing environments, and credential management.
Security firm Trellix warns that the 15-year-old CVE-2007-4559 directory-traversal flaw in Python’s built-in tarfile module remains unpatched, potentially allowing attackers to execute arbitrary code on any system using Python, and affecting an estimated 350,000 open-source projects across diverse domains.
This article examines various techniques for enabling fuzzy search on encrypted data, comparing naïve, conventional, and advanced algorithmic approaches, evaluating their security, performance, and storage trade‑offs, and provides practical implementation guidance and reference resources.
WebCrack is an open‑source tool that automates the discovery of weak or universal passwords across a wide range of web‑based CMS back‑ends by automatically identifying login parameters, evaluating login success, applying dynamic dictionaries, and supporting custom rule files, all while handling diverse response patterns and WAF interference.
The 2022 Vivo Qianjing Cup Cybersecurity Challenge, launched on September 15 under the “Assemble! Geek Youth” theme, invites nationwide security enthusiasts to uncover vulnerabilities in Vivo products through online puzzles and an offline final, offering a 200,000‑yuan prize pool plus uncapped bounty rewards and judging by experts from AWS, Ant Group and leading universities.
GameSentry, an open‑source tool from NetEase Yidun, streamlines game security testing by analyzing protocols, function logic, memory, and code hot‑updates, offering detailed risk categories, testing steps, and advantages that lower the barrier for developers to detect vulnerabilities before release.
This article explains the differences between hashing and encryption, demonstrates Java's built‑in hash implementations, discusses the insecurity of MD5 and rainbow‑table attacks, and provides a detailed guide on using BCrypt with Spring Security, including code examples and the PasswordEncoder interface.
A remote code execution vulnerability (CVE-2022-2992) affecting GitLab versions 11.10 through 15.3.2 allows authenticated users to execute arbitrary code via the GitHub import API, and can be mitigated by upgrading to patched releases or disabling the import feature.
This article explains why permission management is essential for data security, introduces various permission models including basic RBAC, role inheritance, constrained RBAC, and discusses user grouping, organization‑based roles, and detailed database schema designs for both standard and ideal RBAC systems.
This article examines why encrypted data is unfriendly to fuzzy search, categorizes three implementation strategies—naïve, conventional, and advanced—analyzes their advantages and drawbacks, and recommends practical solutions for secure yet searchable encrypted fields.
The 2022 CCF enterprise security seminar in Shenzhen gathered leading researchers and industry specialists to discuss challenges such as ASLR on IoT, millimeter‑wave voice attacks, data‑fusion privacy, mobile fraud, deep‑fake risks, while OPPO showcased ColorOS security innovations and multiple international certifications.
This article examines the challenges of fuzzy searching encrypted data and presents three categories of solutions—naïve, conventional, and advanced—detailing their implementation ideas, performance trade‑offs, and practical recommendations for secure and efficient query processing.
The article reviews the development background of the digital economy‑driven content risk control industry, examines current content moderation technologies and challenges, describes the establishment of a content technology promotion alliance, outlines its research directions and evaluation standards, and includes a Q&A on regulatory collaboration.
This article examines why encrypted data is unfriendly to fuzzy queries, categorizes three implementation approaches—naïve, conventional, and advanced—and evaluates their security, performance, and storage trade‑offs while providing practical code examples and reference resources.
The online Huolala Security Salon on August 19 featured eight expert sessions covering enterprise security foundations, purple‑team tactics, security training programs, data‑security compliance practices, LLSRC award recognitions, game vulnerability analysis, the evolution of code‑audit techniques, and the design of a flexible security operations platform.
This article recounts the 2018 legal case in which a company's automated web crawler overloaded a municipal residence‑permit system, causing service disruption and data leakage, leading to the CTO and programmer’s conviction for damaging computer information systems.
This article explains Baidu’s custom bdtls security communication protocol for mini‑programs, detailing its TLS 1.3‑based architecture, DHE‑RSA key exchange, AES‑GCM encryption, implementation on both server and client sides, and the strategies used to achieve strong security, low latency, high availability, and extensibility.
Alibaba Cloud reports slowing internet demand but rising industrial digitalization, while Python hits a historic market‑share high and GitLab bans Windows and prunes idle projects, together highlighting evolving trends in cloud strategy, programming language popularity, and open‑source platform security.
Twitter’s tech team patched a major security flaw that exposed email addresses and phone numbers of over 5.4 million accounts, prompting a $30,000 data sale on Breached Forums and a $5,040 bug‑bounty reward for the researcher who reported it.
This article outlines the current state of network security in China, the government's strong emphasis on it, the legal framework, the necessity of incident response, detailed emergency‑response procedures, Ziru's own security program, and three illustrative case studies including Log4j2, a 2021 drill, and a FastJson vulnerability.
This comprehensive FAQ explains key information‑security concepts, covering white‑hat hacking, IP vs MAC addresses, common penetration‑testing tools, hacker types, footprinting methods, brute‑force, DoS, SQL injection, sniffing, ARP spoofing, MAC flooding, rogue DHCP, XSS, Burp Suite, pharming, defacement, website protection, keyloggers, enumeration, NTP, MIB, password‑cracking techniques, attack stages, and CSRF mitigation.
The article presents Ant Group's full‑graph risk control system, detailing emerging fraud trends, the need for graph‑based anti‑fraud infrastructure, and the multi‑layer architecture that combines data cleaning, graph modeling, multi‑modal computation, and real‑time detection to tackle sophisticated, organized financial crimes.
This article explains how integrating secure‑by‑design principles into DevSecOps accelerates software delivery while reducing risk, outlines key security architecture concepts such as the CIA triad and design principles, describes threat‑modeling methods, and showcases Huawei Cloud’s practical security design, data protection, and privacy solutions.
During a penetration testing exercise, the team discovered a cleverly disguised GitHub repository that leaked credentials, leading to a vulnerable admin interface, a malicious Python‑based VPN client which, after reverse‑engineering with PyInstaller extraction, revealed embedded shellcode hidden in images, allowing the attackers to trace the command‑and‑control server and pinpoint the origin of the intrusion.
This tutorial explains how to build a Windows keylogger in Python by importing Win32 DLLs with ctypes, registering a low‑level keyboard hook, defining the hook procedure and data structures, and handling installation, event processing, and cleanup, while providing full source code and usage notes.
The 2022 Trusted Privacy Computing Research Report, released by the Privacy Computing Alliance and Ant Group, defines trusted privacy computing, outlines its five core elements, discusses security verification methods, introduces the TECC technology, and highlights policy and market drivers shaping the data‑in‑cipher era.
GoodWill ransomware, discovered by CloudSEK in Mumbai, encrypts all files and demands victims complete three charitable acts and post a personal essay on social media before providing a decryption key, blending malware tactics with forced philanthropy while employing .NET, UPX packing, AES encryption, and location detection.
This article explains how enterprises can implement data governance to protect data throughout its lifecycle—collection, storage, processing, and deletion—especially in public and hybrid cloud settings, outlining SABSA categories, key questions, and practical considerations for secure data management.
This article details 58.com’s end‑to‑end approach to securing mobile, H5, and server SDKs—covering security fundamentals, the 5A methodology, the 金盾 architecture, integration steps, data‑flow encryption, comprehensive risk‑based testing, performance evaluation, and release decision making.
Despite no major attacks yet, the DHS Cybersecurity Review Board’s latest report warns that the Log4j “nuclear‑level” vulnerability will likely be exploited for years, highlighting low current exploitation, indirect dependency risks, and urging academic cybersecurity training to strengthen future defenses.
The article explains how WeChat aims to protect chat content through asymmetric key exchange and symmetric encryption, discusses why network monitoring alone cannot capture messages, and warns about other threats such as monitoring software, system vulnerabilities, and private‑key compromise that can expose communications.
The article introduces China’s newly launched OpenKylin desktop operating system developer platform, explains its open‑source community model, highlights the current landscape of domestic OSes, and underscores the security imperative of achieving autonomous control over core software amid foreign dominance.
A recent ransomware group called RansomHouse revealed that AMD suffered a massive data breach of over 450 GB due to employees using simple passwords like "admin" and "123456", highlighting the dangers of weak credentials and prompting urgent security awareness.
The article summarizes Wei Yadong’s 2022 GDevOps Global Agile Operations Summit talk, covering the escalating threat landscape, financial industry security requirements, practical DevSecOps strategies, ICBC’s security transformation, and future trends such as security mesh, privacy‑enhancing computation, and decision intelligence.
This article explains the need for a unified account management platform in enterprises, defines key authentication terms, compares session‑based and token‑based approaches, outlines a complete OAuth2 password‑grant flow with JWT tokens, and discusses technical choices, security features, and interface design for modern microservice architectures.
US BIS has finalized new export control rules that require entities collaborating with Chinese government‑linked organizations on cybersecurity projects to obtain prior approval, placing China in the restricted “D” category, while Microsoft opposes the measures, arguing they hinder legitimate vulnerability sharing and global security efforts.
This article introduces the SSL protocol, explains why encryption is needed for database communication, and provides step‑by‑step instructions for generating self‑signed certificates with OpenSSL, converting them for Java, and configuring both DBLE server and client to use SSL, including experimental verification of encrypted versus unencrypted connections.
This article examines the Capital One breach case and outlines a comprehensive six‑step framework for enterprises to develop, implement, and continuously improve security awareness training, covering legal foundations, project planning, material preparation, execution scheduling, performance tracking, and post‑training optimization.
This article examines the challenges of securing API interfaces—including authentication for third‑party services and protection against request hijacking—and proposes a comprehensive RPC encryption framework that uses asymmetric and symmetric keys, signed payloads, and HTTPS fallback, detailing both client‑side and server‑side workflows, data structures, and providing links to the full source code.
This article explains how Industrial and Commercial Bank of China integrates security into its DevOps pipeline through DevSecOps, detailing challenges, toolchain implementation, CI/CD security measures, and ongoing plans to strengthen software security in a fast‑changing financial environment.
This article explains symmetric encryption concepts, lists common algorithms, and demonstrates how to use PHP's mcrypt extension to perform DES and AES encryption and decryption in various modes with complete code examples.
This talk explains how to use semantic-driven captcha mechanisms to classify and manage trusted versus untrusted traffic, detailing anti‑fraud strategies, flow identification, countermeasures against simulator and protocol cracking, and proactive updates to stay ahead of black‑market attacks.
This tutorial walks you through using Frida to hook Android applications, covering API basics, method interception, constructor and field manipulation, overload handling, dynamic class loading, and practical code snippets for both static and instance methods, all while emphasizing safe, educational use.
A U.S. hacker known as "icloudripper4you" infiltrated thousands of iCloud accounts, stole massive amounts of nude photos and videos, and was sentenced to nine years in prison, highlighting the severe impact of cyber‑crime and the FBI's commitment to prosecuting such offenses.
This article examines the security challenges of mobile apps, outlines common threat scenarios such as flash‑sale abuse and fake device attacks, and proposes a layered detection‑and‑defense framework that combines app‑side identification, device fingerprinting, scenario verification, and cloud‑based policy enforcement.
This article demonstrates how to mask sensitive phone numbers and ID cards directly in MySQL, introduces a Java masking library, and provides a complete MyBatis‑Mate extension with custom strategies, configuration files, and sample Spring Boot code to protect personal data in applications.
This article explains the standard JWT claims, demonstrates how to generate a token with custom claims in Java, and compares single‑token and double‑token renewal schemes, including practical steps for handling expiration, refresh logic, and Redis‑based token storage.
