[每日信息流] 2024-10-16

[BruceFeIix]

每日安全资讯（2024-10-16）

• 安全客-有思想的安全新媒体
  • [ ] Kubernetes RBAC 最佳安全实践
  • [ ] Plane 项目管理工具修补关键 SSRF 漏洞 - CVE-2024-47830 (CVSS 9.3)
  • [ ] Apache Roller 在最新更新中修补了 CSRF 漏洞 CVE-2024-46911
  • [ ] Splunk 修补关键漏洞，包括远程代码执行漏洞
  • [ ] GitHub企业服务器修复关键安全漏洞-CVE-2024-9487
  • [ ] 比特币核心漏洞（CVE-2024-35202）导致远程节点崩溃
  • [ ] 50，000美元赏金：研究人员揭露严重的Zendesk电子邮件欺骗缺陷（CVE-2024-49193）
  • [ ] CISSP和CompRIA Security+成为最受欢迎的安全证书
  • [ ] 流行的Java安全框架“pac 4j”易受RCE攻击（CVE-2023-25581）
  • [ ] 富达投资今年遭遇第二次数据泄露
  • [ ] 谷歌在Android上启用Linux终端，在虚拟机中运行Debian
  • [ ] Gmail诈骗警报：黑客恶搞谷歌窃取凭据
  • [ ] GitGuardian Visual Studio Code 扩展帮助开发人员保护其敏感信息
  • [ ] 分析最新的APWG网络钓鱼活动趋势报告：主要发现和见解
  • [ ] 利用 Veeam 的关键漏洞传播 Akira 和 Fog 勒索软件
• Recent Commits to cve:main
  • [ ] Update Tue Oct 15 22:34:13 UTC 2024
  • [ ] Update Tue Oct 15 14:42:29 UTC 2024
  • [ ] Update Tue Oct 15 06:42:07 UTC 2024
• 奇安信攻防社区
  • [ ] Windows内核：虚拟内存分页系统与自我引用技术
• Trustwave Blog
  • [ ] Combating Misinformation and Cyber Threats to Secure the 2024 US Election
• Tenable Blog
  • [ ] Oracle October 2024 Critical Patch Update Addresses 198 CVEs
  • [ ] Harden Your Cloud Security Posture by Protecting Your Cloud Data and AI Resources
• obaby@mars
  • [ ] 哪有什么岁月静好
• Google Online Security Blog
  • [ ] Safer with Google: Advancing Memory Safety
  • [ ] Bringing new theft protection features to Android users around the world
• Security Boulevard
  • [ ] Nation-State Cyber Threats: The Hidden War on Infrastructure
  • [ ] Simplifying NIS2 Compliance with Eclypsium
  • [ ] USENIX NSDI ’24 – Sprinter: Speeding Up High-Fidelity Crawling of the Modern Web
  • [ ] How CyberWinter Studios Empowers Warfighters with Automation
  • [ ] The Value of Breadth and Depth in SaaS Security
  • [ ] Randall Munroe’s XKCD ‘Ravioli-Shaped Objects’
  • [ ] Vital Signs of Software Dependencies: Understanding Package Health
  • [ ] Closing Security Gaps with AppOmni and Okta’s Integrated SaaS and Identity Protection
  • [ ] Enhance Your Insider Risk Program with These 6 Systems Integrations
  • [ ] Navigating the Cybersecurity Risks of Shadow & Open-Source GenAI
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • [ ] 中国网络安全发展蓝皮书蝉联两年收录经纬信安，卓越成就再创辉煌
  • [ ] “秘密入侵”几乎涉所有中国主要城市！重磅报告揭露美国网络攻击
  • [ ] 勒索软件攻击事件为何不断增加
  • [ ] 邀请函 | 2024金融科技大会，梆梆安全邀您共话移动应用安全建设新态势
• SecWiki News
  • [ ] SecWiki News 2024-10-15 Review
• ElcomSoft blog
  • [ ] Outlook Forensic Toolbox Helps Access Deleted Messages
• 一个被知识诅咒的人
  • [ ] 用AI自动生成编程题目并评估答案：构建智能编程学习平台
  • [ ] 用AI和Python创作电子音乐：探索Magenta与音乐生成算法
  • [ ] 高效异步任务处理：深入探讨Java中的消息队列 —— 使用RabbitMQ和Kafka的实践
• Files ≈ Packet Storm
  • [ ] Debian Security Advisory 5792-1
  • [ ] ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Command Execution
  • [ ] Ubuntu Security Notice USN-7068-1
  • [ ] Ubuntu Security Notice USN-7014-3
  • [ ] Ubuntu Security Notice USN-7040-2
  • [ ] Dolibarr 20.0.1 SQL Injection
  • [ ] Ubuntu Security Notice USN-6968-3
  • [ ] Ubuntu Security Notice USN-7067-1
  • [ ] WatchGuard XTM Firebox 12.5.x Buffer Overflow
  • [ ] Red Hat Security Advisory 2024-8131-03
  • [ ] Red Hat Security Advisory 2024-8130-03
  • [ ] Red Hat Security Advisory 2024-8113-03
  • [ ] Red Hat Security Advisory 2024-8111-03
  • [ ] Red Hat Security Advisory 2024-8110-03
  • [ ] Red Hat Security Advisory 2024-8107-03
  • [ ] Red Hat Security Advisory 2024-8105-03
  • [ ] Red Hat Security Advisory 2024-8104-03
  • [ ] Red Hat Security Advisory 2024-8103-03
  • [ ] Red Hat Security Advisory 2024-8102-03
  • [ ] Red Hat Security Advisory 2024-8093-03
  • [ ] Red Hat Security Advisory 2024-8083-03
  • [ ] Red Hat Security Advisory 2024-8082-03
  • [ ] Red Hat Security Advisory 2024-8081-03
  • [ ] Red Hat Security Advisory 2024-8080-03
  • [ ] Red Hat Security Advisory 2024-8077-03
• Doonsec's feed
  • [ ] 特朗普手机和电脑是否无懈可击
  • [ ] 三菱汽车的源代码已被黑客泄露
  • [ ] FIDO 联盟公布安全密钥传输新标准
  • [ ] 泛微e-cology CptInstock1Ajax.jsp接口存在SQL注入漏洞 附POC
  • [ ] 秦安：股市猛跌、半岛局势紧张、俄伊总统会面，需要四种观念救命
  • [ ] 王常胜：股市的健康发展，要靠公正公平公开的制度，而不是强刺激
  • [ ] 公交车系统多处RCE漏洞【我最近跟公交车杠上了】
  • [ ] 如何写隐私政策协议
  • [ ] 游魂 - 新一代Webshell管理器
  • [ ] 国内外AI安全分析
  • [ ] 国外大牛都在用，助你高效获得漏洞赏金
  • [ ] 【漏洞预警】Apache ActiveMQ Artemis需授权,权限管理不当漏洞可导致远程代码执行
  • [ ] 【漏洞预警】Splunk Enterprise需授权路径遍历漏洞可导致远程代码执行
  • [ ] 当前和未来微控制器的长期网络安全的检查清单
  • [ ] 在早期车辆开发中主动解决网络安全漏洞的方法
  • [ ] 强制性国家标准 GB 44495 - 2024《汽车整车信息安全技术要求》
  • [ ] 图形化界面的cms漏洞检测框架 - FrameScan-GUI
  • [ ] 深圳急招人 需要工作的dd
  • [ ] 【工具】情报分析师必备工具之：临时邮箱
  • [ ] 【通知】11月3日-8日第11期开源情报能力提升班成都开班
  • [ ] 防范DDOS，保卫数字边疆
  • [ ] 10.30-31上汽集团技术创新峰会集团嘉宾演讲主题信息。
  • [ ] 【重磅首发】失活、对抗，特殊APP的动态分析技术揭秘
  • [ ] 用友U8 Cloud ExportUfoFormatAction SQL注入漏洞(XVE-2024-4626)
  • [ ] Fortinet ！！允许未经身份验证的远程攻击者通过特制的请求执行任意代码或命令
  • [ ] 2024年世界互联网大会乌镇峰会 “互联网之光”博览会“网络安全主题展”限时招募参展单位
  • [ ] 记一次度某满SRC挖掘之曲线救国
  • [ ] 红队安全攻防知识库
  • [ ] “震惊！美国‘大理石’技术翻车，中国直接曝光，全球吃瓜”
  • [ ] api漏洞系列-API权限升级
  • [ ] WordPress 插件 Jetpack 修补影响 2700 万个站点的主要漏洞
  • [ ] 我是如何利用Typora写网络安全技术文章的，公众号格子背景又是如何做到的？
  • [ ] 目标网络限制严格CS拿不到权限怎么办？试试这个高级玩法—隧道上线
  • [ ] 华为坤灵安全，扫码激活，积分大奖等你赢！
  • [ ] 2024·QAXSRC年度白帽颁奖
  • [ ] 倒计时2天！2024补天白帽大会全议程发布！
  • [ ] 数据泄露代价高涨 国内市场百家争鸣共筑安全防线
  • [ ] BRICKS&IT厂商合作伙伴生态联谊系列沙龙/重庆站即将开启
  • [ ] DataCon 2024来了！报名开启！
  • [ ] 一名红队人员的自我修炼
  • [ ] 【资讯】工信部办公厅印发《工业互联网与电力行业融合应用参考指南（2024年）》
  • [ ] 【资讯】山东省政府办公厅印发《关于加快推进数据要素市场化配置改革的实施意见》
  • [ ] 【资讯】江西省工信厅、财政厅发布《关于开展制造业数字化转型入企诊断和数字化改造专项项目申报工作的通知》
  • [ ] 【资讯】广州市人大常委会通过《广州经济技术开发区条例》
• Perception Point
  • [ ] NIS 2 Directive: Key Facts Every Organization Needs to Know
• Publications | Outflank
  • [ ] Introducing Early Cascade Injection: From Windows Process Creation to Stealthy Injection
• Securelist
  • [ ] Beyond the Surface: the evolution and expansion of the SideWinder APT group
• Sandfly Security Blog RSS Feed
  • [ ] Rob Joyce Interview - Linux Critical Infrastructure Threats
• GuidePoint Security
  • [ ] Cybersecurity Awareness Month: How CISOs can engage, educate, and empower
• SentinelOne
  • [ ] Quantifying Vulnerability Risk | Identify & Remediate CVEs with Exploit-Driven Prioritization
• Reverse Engineering
  • [ ] ReverseEngineering BLE Commands for Lamp
  • [ ] Building a map extractor for Pool of Radiance: Ruins of Myth Drannor.
• Malwarebytes
  • [ ] AI scammers target Gmail accounts, say they have your death certificate
  • [ ] Election season raises fears for nearly a third of people who worry their vote could be leaked
• Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
  • [ ] A Video of How Cybercriminals Configure Firefox to Access NAB's E-Banking System
  • [ ] A Video of How Cybercriminals Use InsuranceOnline to Gather Personal Information Intelligence
  • [ ] A Video of How Cybercriminals Bypass GMail's Valid Mobile Number Requirement Registration Process
  • [ ] A Video of Using the Che Anti-Browser Fingerprinting Browser and BeenVerified To Commit Online Fraud - Part Three
  • [ ] A Video of Using the Che Anti-Browser Fingerprinting Browser and BeenVerified To Commit Online Fraud - Part Two
  • [ ] A Video of Using the Che Anti-Browser Fingerprinting Browser and BeenVerified To Commit Online Fraud
• Security Blog | Praetorian
  • [ ] Identifying SQL Injections in a GraphQL API
• FreeBuf网络安全行业门户
  • [ ] FreeBuf早报 | 宝可梦开发商未公开游戏信息泄露；世界最大数字图书馆遭网络攻击
  • [ ] 思科再遭数据泄露，数家大厂跟着遭殃
  • [ ] TrickMo 安卓银行木马新变种利用虚假锁屏窃取密码
• 安全牛
  • [ ] 《API安全技术应用指南（2024版）》报告暨代表性厂商评估调研启动
  • [ ] AI vs. AI： 人工智能时代的网络安全攻防战
• 奇客Solidot–传递最新科技情报
  • [ ] 硅谷高管 Bob Lee 遇刺案本周开始审讯
  • [ ] 将 Android 手机变成监听工具
  • [ ] 英国考虑将 USB-C 作为通用充电端口
  • [ ] BBS 共同发明人 Ward Christensen 去世，享年 78 岁
  • [ ] Windows 10 将在一年后终止支持
  • [ ] WordPress 禁止 WP Engine 赞助和参与 WordPress 用户活动
  • [ ] 赞比亚面临气候引起的能源危机
  • [ ] 国家计算机病毒应急处理中心反驳伏特台风
  • [ ] Inkscape 1.4 释出
  • [ ] 特斯拉 Optimus 机器人在活动上由人类远程控制
  • [ ] 互联网档案馆以只读模式恢复上线
• HackerNews
  • [ ] GitGuardian Visual Studio Code 扩展帮助开发人员保护其敏感信息
  • [ ] 分析最新的 APWG 网络钓鱼活动趋势报告：主要发现和见解
  • [ ] 利用 Veeam 的关键漏洞传播 Akira 和 Fog 勒索软件
  • [ ] TrickMo 安卓银行木马新变种利用虚假锁屏窃取密码
  • [ ] 思科再遭数据泄露，数家大厂跟着遭殃
  • [ ] 上市公司科沃斯旗下扫地机被黑并发出骚扰声：用户受惊 官方回应
  • [ ] 量子计算机竟破解了“军用级”加密？
  • [ ] 宝可梦游戏开发商（Game Freak）遭遇数据泄露
• Kevin Cui's Blog
  • [ ] View and analyze Electron crashes on macOS
• 微步在线研究响应中心
  • [ ] Lazarus窃密币动作活跃，大量资产仍存活
• 绿盟科技技术博客
  • [ ] 绿盟科技威胁周报（2024.10.07-2024.10.13）
• Depy's docs
  • [ ] QN - enbella算法分析
  • [ ] 【旅游计划】日本东京
  • [ ] 【旅行计划】泰国曼谷
• 腾讯玄武实验室
  • [ ] 每日安全动态推送(10-15)
• 雷神众测
  • [ ] 雷神众测漏洞周报2024.10.08-2024.10.13
• 代码卫士
  • [ ] Python、npm和开源生态系统中的入口点可用于发动供应链攻击
  • [ ] 2016年就已存在，Jetpack 中的这个严重漏洞终于被修复了
• 安全内参
  • [ ] 中国首发！量子计算机破解RSA加密已具备现实攻击能力
  • [ ] 天算不如人算？通灵占卜平台因违反数据保护法被处罚
• 黑奇士
  • [ ] 讲讲我对公众号的两个认知，以及未来的转型打算
• 威努特安全网络
  • [ ] 护航电力安全：威努特日志审计与分析系统独有特性揭秘
• DataCon大数据安全分析竞赛
  • [ ] 真实·黑客说｜GEEKCON 2024 上海站赛程议题公布
• 电子物证
  • [ ] 【两种常见加密技术的破解办法】
  • [ ] 【对弹窗类型网页取证的深入探索】
• 安全分析与研究
  • [ ] 小心你的加密货币，针对加密货币的窃密样本详细分析
• 中国信息安全
  • [ ] 专题·“微软蓝屏”事件 | 从终端安全产品可信设计角度谈“微软蓝屏”事件带来的启示
  • [ ] AI智·汇，开元拔萃，智汇争先 | 中国石油成功举办第四届网络安全攻防大赛
  • [ ] 沈逸：美国“假旗行动”污染全球网络空间
  • [ ] 专家解读 | 促进网络数据依法合理有效利用——浅谈《网络数据安全管理条例》内容特色及创新
  • [ ] 关注 | “指尖上的形式主义”全国整治工作会议在京召开
  • [ ] 前沿 | 人工智能对个人信息保护的挑战及其应对
  • [ ] 警惕 | 擦亮眼，辨清这些涉诈高风险APP！
• 数世咨询
  • [ ] 揭秘：黑客如何利用SharePoint、OneDrive和Dropbox发起电子邮件攻击
• XCTF联赛
  • [ ] DataCon2024来了！今日开启报名
• dotNet安全矩阵
  • [ ] SoapShell 更新 | 增强免杀版适配冰蝎4.0客户端的WebShell
  • [ ] 41套.NET系统漏洞威胁情报(10.15更新)
  • [ ] .NET 内网攻防实战电子报刊
• 极客公园
  • [ ] 记录生生不息的创新力量｜2024 年度「InnoForce 50」启动
  • [ ] 好产品就是与时代和生活共振｜2024 年度极客最爱好物启动
  • [ ] 游戏科学跃居Steam发行商收入榜前列；Adobe推出AI视频生成器；小鹏P7+预售价20.98万元起，订单已超3万｜极客早知道
• 国家互联网应急中心CNCERT
  • [ ] CNVD漏洞周报2024年第40、41期
  • [ ] 上周关注度较高的产品安全漏洞(20240930-20241013)
• 安全学术圈
  • [ ] 第七届“纵横”网络空间安全创新论坛征文
• 补天平台
  • [ ] 倒计时3天！2024补天白帽大会，实网攻防演练分论坛议题详情抢先看！
  • [ ] DataCon2024漏洞分析赛道 | 快来“挖洞”了，46万赏金等你拿！
• 知道创宇404实验室
  • [ ] 知道创宇404实验室：安全研究实习生持续招募中！
• 安全研究GoSSIP
  • [ ] DataCon 2024来了！报名开启！
• 威胁猎人Threat Hunter
  • [ ] 10.31 深圳见！2024互联网黑灰产攻防技术沙龙·深圳站启动
• 安全圈
  • [ ] 【安全圈】揭秘美国政府机构实施的网络间谍和虚假信息行动
  • [ ] 【安全圈】乡镇公交车系统信息泄露漏洞复现
  • [ ] 【安全圈】TrickMo 安卓银行木马新变种利用虚假锁屏窃取密码
  • [ ] 【安全圈】思科再遭数据泄露，数家大厂跟着遭殃
• 复旦白泽战队
  • [ ] 参会预告 | 白泽又双叒要去参加CCS啦，咱们盐湖城见！
• 迪哥讲事
  • [ ] api漏洞系列-API权限升级
• 情报分析师
  • [ ] 美国新成立的社交网络全面控制机构
  • [ ] 地缘信息知识星球（10月15日更新明细）
• 嘶吼专业版
  • [ ] 勒索软件攻击事件为何不断增加
  • [ ] “秘密入侵”几乎涉所有中国主要城市！重磅报告揭露美国网络攻击
• Over Security - Cybersecurity news aggregator
  • [ ] Calgary Public Library forced to limit services after cyberattack
  • [ ] Amazon says 175 million customer now use passkeys to log in
  • [ ] Nearly 400 US healthcare institutions hit with ransomware over last year, Microsoft says
  • [ ] Finland seizes servers of 'Sipultie' dark web drugs market
  • [ ] Hong Kong police bust fraud ring that used face-swapping tech for romance scams
  • [ ] EDRSilencer red team tool used in attacks to bypass security
  • [ ] Sweden, Finland partner to take down Sipulitie criminal marketplace
  • [ ] Some Americans are still using Kaspersky’s antivirus despite U.S. government ban
  • [ ] New FIDO proposal lets you securely move passkeys across platforms
  • [ ] Google’s Heather Adkins on infostealers, two-factor authentication and fixing the security ‘mess’ for future generations
  • [ ] Rilasciato il fix per una vulnerabilità critica di Jetpack per WordPress
  • [ ] Over 200 malicious apps on Google Play downloaded millions of times
  • [ ] WordPress plugin Jetpack fixes nearly decade-old critical security flaw
  • [ ] Predictive Security Company BforeAI Announces Feature-Rich PreCrime™ 3.0 Release
  • [ ] Clarity on Australian Scam Regulations
  • [ ] British intelligence services to protect all UK schools from ransomware attacks
  • [ ] Active Exploitation of SAML Vulnerability CVE-2024-45409 Detected by Cyble Sensors
  • [ ] H1 2024 Cyber Attacks Statistics
  • [ ] Beyond the Surface: the evolution and expansion of the SideWinder APT group
  • [ ] Weekly IT Vulnerability Report: Cyble Urges Fixes for Ivanti, Microsoft Dark Web Exploits
  • [ ] ANY.RUN’s Upgraded Linux Sandbox for Fast and Secure Malware Analysis
  • [ ] Cisco investigates breach after stolen data for sale on hacking forum
• IT Service Management News
  • [ ] "Piracy shield" - Aggiornamento
• 字节跳动安全中心
  • [ ] ByteSRC活动｜生活服务漏洞奖金提升！双倍积分专测来袭～
• SANS Internet Storm Center, InfoCON: green
  • [ ] Angular-base64-update Demo Script Exploited (CVE-2024-42640), (Tue, Oct 15th)
  • [ ] ISC Stormcast For Tuesday, October 15th, 2024 https://isc.sans.edu/podcastdetail/9180, (Tue, Oct 15th)
• Securityinfo.it
  • [ ] Rilasciato il fix per una vulnerabilità critica di Jetpack per WordPress
• ICT Security Magazine
  • [ ] Threat actor, la Cyber Threat Intelligence e i principali framework di analisi
• TrustedSec
  • [ ] Let’s Clone a Cloner - Part 2: You Have No Power Here
• bellingcat
  • [ ] What’s in a Name? Discovering Clues Hidden in Google Maps Image Filenames
• Deeplinks
  • [ ] Civil Rights Commission Pans Face Recognition Technology
  • [ ] New EFF Report Provides Guidance to Ensure Human Rights are Protected Amid Government Use of AI in Latin America
  • [ ] EFF to New York: Age Verification Threatens Everyone's Speech and Privacy
• Schneier on Security
  • [ ] More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies
• Your Open Hacker Community
  • [ ] Using Ettercap to run arp spoofing, but target immediately loses internet connection as soon as spoofing is enabled.
• Technical Information Security Content & Discussion
  • [ ] Turning AWS Documentation into Gold: AI-Assisted Security Research
  • [ ] Breaching the Data Perimeter: CloudTrail as a mechanism for Data Exfiltration
  • [ ] CloudGoat: New Scenario and Walkthrough (sns_secrets)
  • [ ] Container Hardening Process
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • [ ] Help! Can't Focus on One Thing as a Cybersecurity Student
  • [ ] Security+ android practice tests
  • [ ] Can I get a job without a degree?
• Security Affairs
  • [ ] A new Linux variant of FASTCash malware targets financial systems
  • [ ] WordPress Jetpack plugin critical flaw impacts 27 million sites
  • [ ] Pokemon dev Game Freak discloses data breach
• Blackhat Library: Hacking techniques and research
  • [ ] Let's say a hacker has complete access to a victims wifi, what can he do? How can he make money?
• Information Security
  • [ ] Sysadmins rage over Apple’s ‘nightmarish’ SSL/TLS cert lifespan cuts -- "Maximum validity down from 398 days to 45 by 2027"
  • [ ] Meduza Stealer
  • [ ] What are the top security concerns for CISOs to focus on when dealing with AI systems?
  • [ ] Open-Source Database Anonymization and Synthetic Data Generation
• Graham Cluley
  • [ ] The AI Fix #20: Elon’s androids, emotional support chickens, and an AI Fix super fan
• NetSPI
  • [ ] Ask These 10 Questions to Enhance Your Social Engineering Testing
• Computer Forensics
  • [ ] Looking for feedback on atrio
  • [ ] Salesforce collection
  • [ ] Crypto Malware XMRig in Windows
• The Hacker News
  • [ ] TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns
  • [ ] New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT
  • [ ] New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists
  • [ ] The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short
  • [ ] China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns
  • [ ] Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates
  • [ ] WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites
• Security Weekly Podcast Network (Audio)
  • [ ] Perl & PHP Vulns, Fuzzing & Parsers, Protecting Multi-Hosted Tenants, Secure Design - ASW #303
  • [ ] Stego, uBlock, PPTP, Log4J, Command Jacking, Windows 10, Feet, Josh Marpet, and More. - SWN #422
  • [ ] Budget Planning Guide 2025: Security And Risk - Jeff Pollard - BSW #368