BruceFeIix / picker

GNU General Public License v3.0

50 stars 6 forks source link

[每日信息流] 2024-10-09 #1273

Open BruceFeIix opened 1 month ago

BruceFeIix commented 1 month ago

每日安全资讯（2024-10-09）

CXSECURITY Database RSS Feed - CXSecurity.com
- [ ] PHP-Nuke Top Module SQL Injection
SecWiki News
- [ ] SecWiki News 2024-10-08 Review
安全客-有思想的安全新媒体
- [ ] 坚持创新驱动三六零荣获2024北京民营企业科技创新榜单第二名
- [ ] 数千个 Linux 系统可能已感染 “perfctl”（或 “perfcc”）加密挖矿恶意软件
- [ ] 您的机器人吸尘器可能正在监视您
- [ ]
- [ ] Okta修复了允许登录政策绕过的关键漏洞
- [ ] 法官批准FTX 加密货币交易所破产计划，客户将很快拿回资金
- [ ] 人工智能生成和人为制造的错误信息扭曲气象灾害真实情况
- [ ] 美国最大的上市水务公司 American Water 遭遇网络攻击，门户和计费业务受到干扰
- [ ] 怎么正确安装vgcore.dll以解决程序崩溃？vgcore.dll安装步骤详解
- [ ] Java 代码审计工具推荐
- [ ] 网星安全AWS攻防方案，重磅发布！
- [ ] 手搓一个16进制编辑器
- [ ] EASM外部攻击面管理平台
- [ ] 集权系列科普 | Exchange server的“高光”，就在这一篇②
- [ ] IP定位：广告流量监测的新利器
- [ ] 抖音集团携手中国银联成立数据隐私保护创新技术联合实验室，加快助力金融科技高质量发展
- [ ] LemonDuck利用EternalBlue漏洞进行加密挖掘攻击
- [ ] 研究人员发布针对CVE-2024-47176 CUPS漏洞的开源扫描器
Trustwave Blog
- [ ] Analyzing Latrodectus: The New Face of Malware Loaders
奇安信攻防社区
- [ ] 应急响应——让Linux下的隐藏手段(Rootkit)无所遁形
Tenable Blog
- [ ] Microsoft’s October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
- [ ] CISA and NSA Cloud Security Best Practices: Deep Dive
Security Boulevard
- [ ] Protecting America’s Water Systems: A Cybersecurity Imperative
- [ ] Best practices for authentication and authorization: Yoshiyuki Tabata’s keynote at ADDO
- [ ] Transforming enterprises with generative AI: Pallavi Nargund’s keynote at ADDO
- [ ] Unveiling the trillion dollar engine of innovation: Manuel Hoffmann’s keynote at ADDO
- [ ] Patch Tuesday Update – October 2024
- [ ] A decade of transformation: ADDO and the State of the Software Supply Chain
- [ ] GoldenJackal Targets Embassies, Steals Data from Air-Gapped Systems
- [ ] Revolutionizing software development: Frank Roe’s keynote at ADDO
- [ ] Unmasking the invisible threat: Ilkka Turunen’s keynote at ADDO
- [ ] USENIX NSDI ’24 – Multitenant In-Network Acceleration with SwitchVM
Recent Commits to cve:main
- [ ] Update Tue Oct 8 22:29:43 UTC 2024
- [ ] Update Tue Oct 8 14:29:49 UTC 2024
- [ ] Update Tue Oct 8 06:20:20 UTC 2024
Der Flounder
- [ ] Session videos and slides available from MacSysAdmin 2024
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- [ ] WPS Office从路径穿越到远程代码执行漏洞(CVE-2024-7262)分析与复现
- [ ] 业界之声｜权小文：卫星互联网安全需坚持“长期主义”
- [ ] 经纬信安，湖北地区影响力持续扩大中
- [ ] 2024年网络安全“金帽子”年度评选活动正式启动！
- [ ] 0ktapus威胁组织对130多家企业发起网络攻击
obaby@mars
- [ ] 哇，好黄的水吖
一个被知识诅咒的人
- [ ] 用Python实现AI生成音乐：通过Magenta与MIDIUtil开启音乐与AI的创作之旅
- [ ] Python与虚拟现实：使用Python构建简单的VR场景
- [ ] 通过Python构建自动化股票分析工具：从数据抓取到技术分析与买卖信号生成
- [ ] Python中的“黑魔法”：探索元编程与元类
Files ≈ Packet Storm
- [ ] NIELD (Network Interface Events Logging Daemon) 0.6.2
- [ ] ABB Cylon Aspect 3.08.01 calendarFileDelete.php Arbitrary File Deletion
- [ ] Ubuntu Security Notice USN-7057-1
- [ ] Ubuntu Security Notice USN-7043-3
- [ ] Ubuntu Security Notice USN-7041-3
- [ ] Apple Security Advisory 10-03-2024-1
- [ ] PHP-Nuke Top Module SQL Injection
- [ ] Red Hat Security Advisory 2024-7794-03
- [ ] Red Hat Security Advisory 2024-7793-03
- [ ] Red Hat Security Advisory 2024-7792-03
- [ ] Red Hat Security Advisory 2024-7791-03
- [ ] Red Hat Security Advisory 2024-7785-03
- [ ] Red Hat Security Advisory 2024-7769-03
- [ ] Red Hat Security Advisory 2024-7744-03
- [ ] Red Hat Security Advisory 2024-7736-03
- [ ] Red Hat Security Advisory 2024-7735-03
- [ ] Red Hat Security Advisory 2024-7726-03
- [ ] Red Hat Security Advisory 2024-7725-03
- [ ] Red Hat Security Advisory 2024-7724-03
- [ ] Red Hat Security Advisory 2024-7706-03
- [ ] Red Hat Security Advisory 2024-7705-03
- [ ] Red Hat Security Advisory 2024-7704-03
- [ ] Red Hat Security Advisory 2024-7703-03
- [ ] Red Hat Security Advisory 2024-7702-03
- [ ] Red Hat Security Advisory 2024-7701-03
Doonsec's feed
- [ ] |0day|通过 iTunes 入侵 Windows - 本地权限提升
- [ ] 通过分析JavaScript文件寻找漏洞
- [ ] 国家发展改革委等部门关于印发《国家数据标准体系建设指南》的通知
- [ ] 推动人工智能机器学习技术“爆炸式”发展！解读2024年诺贝尔物理学奖
- [ ] 北京金融信息化研究所发布《金融业商用密码技术应用发展报告（2023-2024）》与相关技术金融应用图谱
- [ ] 美国水务巨头遭网络攻击：水计费系统瘫痪，上千万人无法处理账单
- [ ] 又一数据交易所揭牌，交易额已超6000万！
- [ ] 【干货】笑傲职场的独家经验（1）
- [ ] 【干货原创】实网攻防演习常态化，会带来什么变化01
- [ ] 【干货原创】K12教育，鲜为人知的模式秘密
- [ ] 原创文章目录
- [ ] 黑客库尔塔杰的故事：天才与自闭症
- [ ] 数据安全防护中的常见数据泄露途径
- [ ] 【漏洞预警】Redis缓冲区溢出漏洞可致远程代码执行
- [ ] 【漏洞预警】Jenkins OpenId Connect Authentication Plugin 身份验证缺陷漏洞
- [ ] 某金融src的一次较复杂攻击链进入后台
- [ ] 建了个SRC专项漏洞知识库
- [ ] 上汽大众出席“上汽集团技术创新峰会
- [ ] A股爆涨背后：你看到白花的钱，我看到血色的命
- [ ] 加快推进新型工业化——访工业和信息化部党组书记、部长金壮龙
- [ ] 通过追求卓越的执行创造价值
- [ ] 2024御网杯初赛 WP
- [ ] 利用XSS、OAuth配置错误实现token窃取及账户接管 (ATO)
- [ ] 家庭摄像头被远控，打印机疯狂打印，谁来对家庭网络安全负责？
- [ ] 变形金刚：让你的SSH流量秒变HTTPS，谁也拦不住
- [ ] 金和OA C6 SignUpload.ashx SQL注入漏洞
- [ ] JWT基础知识及攻击方式详析
- [ ] SRC安全知识库，发车！
- [ ] NewStarCTF2024第一周WP
- [ ] 2024年四川省“5G+工业互联网”一体化进园区暨工业互联网标识大会将于10月9—10日在成都召开！
- [ ] 警惕“银狐”变种木马，样本实例分析！
- [ ] 【资讯】国家发改委等部门联合印发《国家数据标准体系建设指南》
- [ ] 寒露起源！
- [ ] 面向未来的软件定义汽车网络安全策略
- [ ] 汽车出海全产业数据安全合规发展白皮书
- [ ] 自动驾驶数据闭环与数据合规白皮书（2024）
- [ ] 赋予数据灵魂？有关网络空间数据如何解读的个人看法~
- [ ] 教育EDU证书站挖掘(转战供应链思路篇)
- [ ] Rust红队开发公开课直播预告！~
- [ ] 硬核实战 | 带你开发一个 AIoT 物联网智能家居项目
- [ ] 【安全圈】来自一个“黑客”青年的自述：我失败的“创业”之路
- [ ] 【安全圈】损失高达1860亿美元，API风险防不胜防
- [ ] 【安全圈】以明文形式存储数亿个密码，Meta 被罚 1 亿美元
- [ ] 解决方案丨云南锡业股份有限公司大屯锡矿安全生产信息化系统解决方案
Blogs dade
- [ ] Weekly Retro 2024-W40
Cerbero Blog
- [ ] AbuseCh Intelligence For Personal Licenses
SpiderLabs Blog
- [ ] Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader
GuidePoint Security
- [ ] NIST CSF 2.0 Is Here: How Will You Adapt?
Malwarebytes
- [ ] MoneyGram confirms customer data breach
- [ ] Exposing the Facebook funeral livestream scam (Lock and Code S05E21)
Reverse Engineering
- [ ] Reversing Tips: (Almost) Automatically renaming functions with Ghidra
Didier Stevens
- [ ] Quickpost: The Electric Energy Consumption Of LLMs – No GPU
FreeBuf网络安全行业门户
- [ ] FreeBuf早报 | 美国政府窃听系统遭反窃听；乐高网站被黑客入侵以推送加密货币骗局
- [ ] Apache Avro SDK曝关键漏洞，可在Java中执行任意代码
- [ ] 损失高达1860亿美元，API风险防不胜防
- [ ] 新型僵尸网络针对 100 个国家发起 30 万次 DDoS 攻击
Checkmarx
- [ ] DevSecOps: What DevOps NEEDS to Be When It Grows Up
- [ ] We’re On a Roll! Checkmarx Has Once Again Been Recognized as a 2024 Customers’ Choice for Application Security Testing by Gartner® Peer Insights™
奇客Solidot–传递最新科技情报
- [ ] 智能电视是家庭中的数字木马
- [ ] 《荒野大镖客：救赎》于 10 月 29 日登陆 PC
- [ ] 科沃斯的 Deebot 扫地机器人收集客户的照片和声音训练 AI
- [ ] 机器学习先驱获得 2024 年诺贝尔物理学奖
- [ ] Google 开始向 Android 手机推送防盗锁定功能
- [ ] 全球半导体销售额在八月同比增长 20.6%
- [ ] 美国自 1958 年起获得诺奖的总人数高居世界第一
- [ ] Google 对搜索广告市场的控制在削弱
- [ ] 为什么珠穆朗玛峰会升高？
- [ ] COVID-19 影响到了月球
- [ ] Google 测试支持扩展的 Chrome for Android
- [ ] 官方建议国内 AI 公司不要依赖英伟达芯片
博客园 - 渗透测试中心
- [ ] 2024第四届FIC初赛Writeu - 渗透测试中心
- [ ] 2024长城杯WP - 渗透测试中心
- [ ] 第三届广东省大学生网络攻防竞赛wp - 渗透测试中心
- [ ] 2024 第七届“巅峰极客”网络安全技能挑战赛初赛 wp - 渗透测试中心
- [ ] 2024 闽盾杯-黑盾赛道WP - 渗透测试中心
rtl-sdr.com
- [ ] mmng-ui: A Text User Interface for Multimon-NG
- [ ] hackrf_sweeper: A Reimplementation of hackrf_sweep as a Library
- [ ] Updates to the Lego Pi Radio Project
奇安信 CERT
- [ ] 安全热点周报：研究人员警告称，利用 Zimbra Collaboration 关键漏洞发起的攻击正在持续发生
VAADATA – Ethical Hacking Services
- [ ] What is Kerberos? Kerberos Authentication Explained
- [ ] Cloudflare: How to Secure Your Origin Server?
安全牛
- [ ] 2024年我国新一代网络安全服务代表性厂商推荐及特点分析
- [ ] 《网络安全技术抗拒绝服务攻击产品技术规范》等15项网络安全国家标准公开征求意见；《网络数据安全管理条例》正式公布| 牛览
青衣十三楼飞花堂
- [ ] 耿飚回忆录(1909-1949)
绿盟科技研究通讯
- [ ] ITRC《2024年上半年数据泄露分析》报告解读｜复杂多变的网络攻击技术导致数据泄露事件频发
威努特安全网络
- [ ] 威努特100%国产化工业交换机助力构建车路云一体化神经网络
丁爸情报分析师的工具箱
- [ ] 【工具】60个AI对话和搜索引擎
腾讯玄武实验室
- [ ] 每日安全动态推送(10-8)
安全内参
- [ ] 美国水务巨头遭网络攻击：水计费系统瘫痪，上千万人无法处理账单
- [ ] 以色列黑入贝鲁特机场塔台，阻止伊朗飞机降落
dotNet安全矩阵
- [ ] .NET 一款读取Word文件敏感数据的工具
- [ ] .NET内网实战：不安全的系统令牌特权
代码卫士
- [ ] Apache Avro SDK 中存在严重漏洞，可导致在 Java 应用中实现RCE
- [ ] 高通修复已遭利用的高危0day漏洞
君哥的体历
- [ ] 蚂蚁国际信息安全部诚招安全人才！
数世咨询
- [ ] 安全联盟集结对抗勒索软件，但形势依然严峻
- [ ] 重磅｜2024年度（第八届）中国网络安全与信息产业“金智奖”即将启动
网络空间安全科学学报
- [ ] 会议预告 | 第一届网络空间安全学术会议通知（第二轮）
情报分析师
- [ ] 掌握搜索引擎技巧：快速获取信息的秘诀！
- [ ] 刚刚，美国国土安全部发布最新威胁评估（附下载）
补天平台
- [ ] 倒计时9天！2024补天白帽大会全议程发布！
奇安盘古
- [ ] 北京市第六届职业技能大赛电子数据取证分析师项目决赛考试成绩公示
中国信息安全
- [ ] 全球视野 | 国际网安快讯（第31期）
- [ ] 行业 | 安胜华信获第九届“创客中国”网络安全中小企业创新创业大赛一等奖
- [ ] 前沿 | 标识解析在油气储运行业“工业互联网+安全生产”中的应用
- [ ] 关注 | 国际电信联盟发布《全球网络安全指数2024年版》报告呼吁合力应对全球网络安全挑战
- [ ] 观点 | 如何加强对算法的治理
- [ ] 国际 | “深度伪造”肆虐韩国立法应对
嘶吼专业版
- [ ] 2024年网络安全“金帽子”年度评选活动正式启动！
- [ ] 0ktapus威胁组织对130多家企业发起网络攻击
极客公园
- [ ] 围剿 Model Y：「安卓包围 iOS」故事重写，这次谁是诺基亚？
- [ ] 戴了「Ray-Ban Meta」两个月，我开始相信 AI 眼镜的未来
- [ ] 纯血鸿蒙今日开启公测；苹果或将放弃硬件的一年一更的模式；2024 国庆档总票房破 20 亿元｜极客早知道
国家互联网应急中心CNCERT
- [ ] 网络安全信息与动态周报2024年第39期（9月23日-9月29日）
- [ ] CNVD漏洞周报2024年第39期
- [ ] 上周关注度较高的产品安全漏洞(20240923-20240929)
Beacon Tower Lab
- [ ] WPS Office从路径穿越到远程代码执行漏洞(CVE-2024-7262)分析与复现
迪哥讲事
- [ ] 通过分析JavaScript文件寻找漏洞
Over Security - Cybersecurity news aggregator
- [ ] Muah.AI - 1,910,261 breached accounts
- [ ] Patch Tuesday, October 2024 Edition
- [ ] New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks
- [ ] Microsoft: Windows 11 22H2 Home and Pro reached end of servicing
- [ ] New Mamba 2FA bypass service targets Microsoft 365 accounts
- [ ] Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities
- [ ] Microsoft fixes Remote Desktop issues caused by Windows Server update
- [ ] Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws
- [ ] Windows 11 KB5044284 and KB5044285 cumulative updates released
- [ ] Windows 10 KB5044273 update released with 9 fixes, security updates
- [ ] Financial Domain Spoofing Trends of 2024
- [ ] Kasperksy says it’s closing down its UK office and laying off dozens
- [ ] Ivanti warns of three more CSA zero-days exploited in attacks
- [ ] European govt air-gapped systems breached using custom malware
- [ ] State-backed ‘GoldenJackal’ hackers deploy new tools against government entities
- [ ] Casio says recent cyberattack 'caused system failure'
- [ ] Ukrainian pleads guilty to running Raccoon Infostealer malware, agrees to pay nearly $1 million
- [ ] Apple Issues Urgent Security Advisory for iOS and iPadOS Vulnerabilities
- [ ] Casio reports IT systems failure after weekend network breach
- [ ] Ukraine's defense ministry launches military CERT to counter Russian cyberattacks
- [ ] ADT says hacker stole encrypted internal employee data after compromising business partner
- [ ] Hacker cinesi all’attacco dei provider internet USA: il nuovo fronte dello spionaggio cyber
- [ ] Data Governance Act, approvato il decreto di recepimento: tutte le novità
- [ ] NIS 2 e recepimento italiano: regole e adempimenti per le aziende
- [ ] Sicurezza dei pagamenti, la capacità di protezione cresce meno degli investimenti: i dati
- [ ] Valutazione del rischio e dell’impatto dei sistemi di IA: regole operative
- [ ] Cavi sottomarini: così Europa e USA garantiranno una maggiore sicurezza del traffico dati
- [ ] Phishing via WhatsApp, così rubano i dati di accesso a Facebook: come difendersi
- [ ] Dalla CGUE: commercio online sì, ma nel rispetto del GDPR altrimenti è concorrenza sleale
- [ ] Tra NIS 2 e decreto di recepimento: il ruolo centrale della governance
- [ ] AI e Deepfake, nuove frontiere del phishing: come difendersi
- [ ] EU condemns Russia after detecting ‘increasing number’ of hybrid activities
- [ ] MisterioLNK: The Open-Source Builder Behind Malicious Loaders
- [ ] MoneyGram says customer information stolen during September attack
- [ ] Streamlining NIS2 Compliance with Cyber Threat Intelligence
- [ ] Cyble Honeypot Sensors Detect D-Link, Cisco, QNAP and Linux Attacks
- [ ] 5 Characteristics of Good Threat Intelligence Feeds
- [ ] Microsoft Edge begins testing Copilot Vision
- [ ] ESET scopre CeranaKeeper, gruppo APT affiliato al governo cinese
- [ ] CISA Flags Multiple Critical Vulnerabilities Exposed Across Major Platforms
- [ ] Southeast Asian cyber-fraud industry ‘outpacing’ law enforcement with new tools: UN
Securityinfo.it
- [ ] ESET scopre CeranaKeeper, gruppo APT affiliato al governo cinese
TrustedSec
- [ ] EKUwu: Not just another AD CS ESC
Have I Been Pwned latest breaches
- [ ] Muah.AI - 1,910,261 breached accounts
ICT Security Magazine
- [ ] Sovranità digitale: certificazione Cyber di prodotti ed elementi di Rete
DARKNAVY
- [ ] 真实·黑客说｜GEEKCON 2024 上海站赛程议题公布
bellingcat
- [ ] Satellite Images Show Israeli Military Presence Near UN Base in Lebanon
SANS Internet Storm Center, InfoCON: green
- [ ] Microsoft Patch Tuesday - October 2024, (Tue, Oct 8th)
- [ ] ISC Stormcast For Tuesday, October 8th, 2024 https://isc.sans.edu/podcastdetail/9170, (Tue, Oct 8th)
Schneier on Security
- [ ] China Possibly Hacking US “Lawful Access” Backdoor
Full Disclosure
- [ ] APPLE-SA-10-03-2024-1 iOS 18.0.1 and iPadOS 18.0.1
IT Service Management News
- [ ] 4 novembre: Open Day DFA sull'intelligenza artificiale
- [ ] Gli uomini possono fare tutto (ottobre 2024)
NetSPI
- [ ] Part 1: Ready for Red Teaming? Intelligence-Driven Planning for Effective Scenarios
Unsupervised Learning
- [ ] UL NO. 453: A Deep-dive on Cyber Jobs
Graham Cluley
- [ ] The AI Fix #19: AI spy specs, robot dogs with ladders, and is it AI or the climate?
The Hacker News
- [ ] Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited
- [ ] Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines
- [ ] Cyberattack Group 'Awaken Likho' Targets Russian Government with Advanced Tools
- [ ] GoldenJackal Target Embassies and Air-Gapped Systems Using Malware Toolsets
- [ ] New Case Study: The Evil Twin Checkout Page
- [ ] The Value of AI-Powered Identity
- [ ] Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday
- [ ] Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits
Krebs on Security
- [ ] Patch Tuesday, October 2024 Edition
Deeplinks
- [ ] FTC Findings on Commercial Surveillance Can Lead to Better Alternatives
- [ ] The X Corp. Shutdown in Brazil: What We Can Learn
Information Security
- [ ] New PhantomLoader Distributes SSLoad: Technical Analysis
- [ ] Secure File Sharing
Blackhat Library: Hacking techniques and research
- [ ] Noob question about the /p argument for system shutdown
Security Affairs
- [ ] Three new Ivanti CSA zero-day actively exploited in attacks
- [ ] Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer
- [ ] Qualcomm fixed a zero-day exploited limited, targeted attacks
- [ ] MoneyGram discloses data breach following September cyberattack
- [ ] American Water shut down some of its systems following a cyberattack
Social Engineering
- [ ] How To Convince My Sister To Move From A Manipulative Narcissist?
Deep Web
- [ ] Communities in the deep web
- [ ] The "Kill List" podcast is out - investigating darknet murder plots
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] Free Certified Ethical Hacker (CEH) v13 Practice Tests at Udemy
- [ ] Looking for some "difficult" exercises based on Computer Networking: a Top-Down Approach
Computer Forensics
- [ ] MacBook Forensics
- [ ] Question: is cybernetics-services.com a legit crypto recovery agency?
- [ ] Software enginner advice needed
Your Open Hacker Community
- [ ] Router config.bin reverse engineering and decryption
- [ ] any methods to prevent android app network info from being sniffed (hide http request + SNI)
- [ ] Help modifying speaker equalizer parameters or to inject new firmware via bluetooth
- [ ] Whatsapp
Technical Information Security Content & Discussion
- [ ] EKUwu: Not just another AD CS ESC
- [ ] How to turn a file write vulnerability in a Node.js application into RCE – even though the target's file system is read-only
- [ ] Docker Zombie Layers: Why Deleted Layers Can Still Haunt You
- [ ] Ivanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)
- [ ] Open Sourcing Venator – a kubernetes-native threat detection system
- [ ] Monocle on Chronicles - Talkback automated infosec aggregator with a newsletter
- [ ] Launched Today: The NHI Index
Security Weekly Podcast Network (Audio)
- [ ] The Future of Zed Attack Proxy - Simon Bennetts, Ori Bendet - ASW #302
- [ ] AI, American Water, Broadband, Claroty, Okta, Meta, Phishing, Robocop, Josh Marpet... - SWN #420
- [ ] Run Your Security Program Like an Election Campaign - Kush Sharma - BSW #367