BruceFeIix / picker

GNU General Public License v3.0

49 stars 6 forks source link

[每日信息流] 2024-10-30 #1315

Open BruceFeIix opened 3 weeks ago

BruceFeIix commented 3 weeks ago

每日安全资讯（2024-10-30）

SecWiki News
- [ ] SecWiki News 2024-10-29 Review
奇安信攻防社区
- [ ] Flowable漏洞攻防战：深入流程引擎的利用
CXSECURITY Database RSS Feed - CXSecurity.com
- [ ] Booked Scheduler 2.8.5 Cross Site Scripting / Open Redirection
Trustwave Blog
- [ ] Trustwave SpiderLabs 2024 Trustwave Risk Radar Report: Defining the Cyber Assault on the Retail Sector
安全客-有思想的安全新媒体
- [ ] 运营商信创安全体系标杆！360中标中国移动终端安全软件产品集采项目
- [ ] 研究人员发现 Wi-Fi 联盟测试套件中的命令注入漏洞
- [ ] 研究人员详述 CVE-2024-38812 (CVSS 9.8)：VMware vCenter 中的严重 RCE 漏洞
- [ ] CVE-2023-32197 (CVSS 9.1)：严重的 RKE2 漏洞使 Windows 节点面临权限升级风险
- [ ] 网络犯罪分子利用 Webflow 欺骗用户共享敏感登录凭证
- [ ] 摩根大通在病毒式“无限金钱故障”后起诉诈骗者
- [ ] BeaverTail 恶意软件在针对开发人员的恶意 npm 包中重新出现
- [ ] Black Basta 通过 Microsoft Teams 对员工进行网络钓鱼操作
- [ ] 苹果推出“Apple Intelligence”并提供100万美元安全漏洞悬赏金
- [ ] 法国第二大电信运营商 Free 遭受网络攻击
Files ≈ Packet Storm
- [ ] GNU Privacy Guard 2.4.6
- [ ] Xerox Printers Authenticated Remote Code Execution
- [ ] ABB Cylon Aspect 3.08.01 Active Debug Data Exposure
- [ ] Booked Scheduler 2.8.5 Cross Site Scripting / Open Redirection
- [ ] Ubuntu Security Notice USN-7064-2
- [ ] Apple Security Advisory 10-28-2024-8
- [ ] Apple Security Advisory 10-28-2024-7
- [ ] Apple Security Advisory 10-28-2024-6
- [ ] Apple Security Advisory 10-28-2024-5
- [ ] Apple Security Advisory 10-28-2024-4
- [ ] Apple Security Advisory 10-28-2024-3
- [ ] Apple Security Advisory 10-28-2024-2
- [ ] Apple Security Advisory 10-28-2024-1
- [ ] UP-RESULT PRO 1.0 SQL Injection
- [ ] Red Hat Security Advisory 2024-8317-03
- [ ] Red Hat Security Advisory 2024-8315-03
- [ ] Red Hat Security Advisory 2024-8314-03
Recent Commits to cve:main
- [ ] Update Tue Oct 29 22:28:08 UTC 2024
- [ ] Update Tue Oct 29 14:33:14 UTC 2024
- [ ] Update Tue Oct 29 06:32:56 UTC 2024
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- [ ] Fortinet 发现零日攻击中使用了新的严重 FortiManager 漏洞
Security Boulevard
- [ ] PCI DSS Self-Assessment Questionnaires: Choosing the Right Type
- [ ] PCI DSS Compliance Levels and Requirements: A Complete Guide
- [ ] An Introduction to Operational Relay Box (ORB) Networks – Unpatched, Forgotten, and Obscured
- [ ] What Is Secrets Management? Best Practices and Challenges
- [ ] Aembit Introduces Google Workload Identity Federation Support
- [ ] Test Data Management Best Practices: Handling Sensitive Data Across Multiple Databases
- [ ] DEF CON 32 – AppSec Village – Got 99 Problems But Prompt Injection Ain’t Watermelon
- [ ] Daniel Stori’s Turnoff.US: ‘Security Engineer Interview’
- [ ] Lessons from the Cisco Data Breach—The Importance of Comprehensive API Security
- [ ] What is Datagram Transport Layer Security (DTLS): Benefits & Challenges
一个被知识诅咒的人
- [ ] C++中的RAII模式：确保资源管理的正确性
- [ ] 【C++】深入C++的STL：如何编写高效的自定义容器
Doonsec's feed
- [ ] 2024网鼎杯青龙组WriteUP
- [ ] 接口文档下的渗透测试
- [ ] 马格努斯行动更新宣布逮捕 RedLine 恶意软件创建者
- [ ] 面对人工智能的发展，美国选择了害怕
- [ ] 部署PaddleOCR到阿里云函数计算
- [ ] 我回来了,分享一些精华
- [ ] 【漏洞预警】CyberPanel upgrademysqlstatus未授权命令注入漏洞
- [ ] 网安自学就业指导1.2【继续更新资料】
- [ ] 本工具为jeecg框架漏洞利用工具非jeecg-boot！
- [ ] 微信怎么隐藏好友？单独隐藏某个微信好友，分享5个小技巧
- [ ] 小米、红米手机选购指南推荐
- [ ] 【LSP专享】更新至663位女主播直播录屏，助眠视频温北北高清视频1V
- [ ] FOFA-X 全新查询工具
- [ ] 2024-geekcon参会体验
- [ ] 【美亚杯】第四届“美亚杯”电子数据取证竞赛资格赛手工版WP
- [ ] 【祝贺】新华社也报道了第四届全国开源情报技术大会在武汉召开
- [ ] 【情报实战】你的随手一拍，就暴露了军事机密
- [ ] 车辆被攻击和威胁到发展趋势 AUTO - ISAC
- [ ] 自动驾驶系统架构师在线培训课程(中级班）
- [ ] 中国一汽：汽车软件标准体系研究
- [ ] 精彩复现｜JeecgBoot 权限绕过漏洞：AviatorScript 表达式注入问题剖析
- [ ] 关于普渡大学李宁辉教授《净化安全圈学术环境》的一些看法
- [ ] 《家里死人了，先臭着》｜职场奇葩
- [ ] 世界电信标准化全会 | 中国信通院工业互联网与物联网研究所牵头修订第98号决议
- [ ] 星火世界APP全新升级上线，赋能生态多方多维度价值连接｜2024星火技术生态系列活动
- [ ] 记一次离谱的内存马 GetShell
- [ ] 红队安全攻防知识库
- [ ] 「漏洞复现」Cyberu200bu200bPanel upgrademysqlstatus 远程命令执行漏洞(QVD-2024-44346)
- [ ] 从目录浏览分析幽盾攻击组织
- [ ] 【要闻】习近平在省部级主要领导干部学习贯彻党的二十届三中全会精神专题研讨班开班式上发表重要讲话
- [ ] 【资讯】工信部办公厅等六部门发布《关于开展2024年度智能工厂梯度培育行动的通知》
- [ ] 【资讯】中央网信办发布《违法违规涉军自媒体账号典型案例》
- [ ] 【资讯】河南省政府办公厅印发《河南省推动“人工智能+”行动计划（2024—2026年）》
- [ ] 免杀对抗从0开始（三）
- [ ] 网络安全没有100%的安全，只有100%的努力
- [ ] 金融市场的暗面：揭秘Web3.0中的市场操纵
- [ ] 【域攻防】超级黄金票据食用指南
- [ ] 网安从业者获取证书的方式！
- [ ] 情况说明 | 非官方火绒剑存在后门风险，请用户谨慎下载使用
- [ ] 13.Fastjson（.NET）反序列化点后篇
- [ ] 权威机构力荐！大模型加持下的360 NDR已到Next Level！
- [ ] 中海油网安大单，8624万！奇安信中。
- [ ] 绿盟科技发布三季度报告，收入略增，亏损收窄，经营性净现金流同比翻倍
- [ ] 智慧安防产品精选推荐，看看哪款适合您？
- [ ] 商用密码检测机构（商用密码应用安全性评估业务）资质申请通过技术评审的机构名单公示
- [ ] 关于2024年“数据要素×”大赛全国总决赛获奖项目名单的公示
- [ ] 法国第二大互联网服务商遭遇数据泄露，波及1900万用户
- [ ] App-Bound新工具可绕过谷歌浏览器的 Cookie 加密系统
- [ ] 废弃 QEMU 的 ignore_memory_transaction_failures，以 xilinx_zynq 板卡为例
- [ ] 【安全圈】法国第二大互联网服务商遭遇数据泄露，波及1900万用户
- [ ] 【安全圈】2024零售行业最大泄露事件，3.5亿数据被挂暗网
- [ ] 【安全圈】App-Bound新工具可绕过谷歌浏览器的 Cookie 加密系统
- [ ] 【安全圈】日本电产精密公司披露安全事件和数据泄露情况
- [ ] 精确检查IP是否为CDN节点的工具 - CheckCdn
- [ ] 【成功复现】Palo Alto Networks Expedition 远程命令执行漏洞(CVE-2024-9463)
- [ ] ChatGPT倒数第一！海内外大模型在自杀诱导与谣言辨识上频“触礁”
- [ ] 一图速览启明星辰集团2024年三季度报
- [ ] [安全专业分享] 一.《信息系统安全》初识及研究生学术初探
- [ ] 安全简讯（2024.10.29）
Securelist
- [ ] Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses
- [ ] Lumma/Amadey: fake CAPTCHAs want to know if you’re human
hasherezade's 1001 nights
- [ ] Protected: FlareOn 11 – Task 9
SpiderLabs Blog
- [ ] 2024 Trustwave Risk Radar Report: Cyber Threats to the Retail Sector
CCC Event Blog
- [ ] Azubi-Hacker*innen-Tag 38C3
Malwarebytes
- [ ] Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities
Reverse Engineering
- [ ] Archon C64 version reverse engineering project with extensive comments by Mark Beljaars
PortSwigger Research
- [ ] New crazy payloads in the URL Validation Bypass Cheat Sheet
FreeBuf网络安全行业门户
- [ ] 议题全公布 | FCIS 2024网络安全创新大会
- [ ] 法国第二大互联网服务商遭遇数据泄露，波及1900万用户
- [ ] FreeBuf早报 | OpenAI语音转录工具被曝严重幻觉；法国第二大电信运营商遭网络攻击
- [ ] App-Bound新工具可绕过谷歌浏览器的 Cookie 加密系统
rtl-sdr.com
- [ ] Turning an Elecrow Pi Terminal into a Standalone SDR Radio with an RTL-SDR Blog V4
安全牛
- [ ] 沦为网络欺诈的帮凶，警方强烈建议关闭苹果手机这项功能；新型Qilin.B勒索软件展现多重高级特性，加密能力大幅提升 | 牛览
- [ ] 活动预告 | 《软件供应链安全能力建设指南》线上发布会即将举办
绿盟科技技术博客
- [ ] 《网络数据条例》发布，以五大修改、四项新规健全网络数据管理机制和制度体系
博客园 - 渗透测试中心
- [ ] 强网拟态2024 wp - 渗透测试中心
- [ ] 玄机应急响应靶场集合WP - 渗透测试中心
奇客Solidot–传递最新科技情报
- [ ] 南非发现最古老的岩石微生物
- [ ] Meta 开发 AI 搜索引擎
- [ ] 俄罗斯从马来西亚借道印度购买英伟达芯片
- [ ] 美国从明年 1 月起限制半导体和 AI 领域的对华投资
- [ ] X 认证用户助长极化
- [ ] 苹果将教育游戏《俄勒冈小径》改编为电影
- [ ] 随着年龄增长鸟儿的朋友也会越来越少
- [ ] Linus Torvalds 认为 AI 九成是营销一成才是现实
- [ ] 使用 AI 创建儿童色情的英国男子被判 18 年
- [ ] 联邦宇宙平台有了自己的短视频应用 Loops
- [ ] 在贝佐斯拒绝华盛顿邮报为贺锦丽背书之后愈 20 万订户取消订阅
黑海洋 - WIKI
- [ ] codebox：免登录一键复制代码，支持CSDN/知乎/脚本之家等网站
腾讯玄武实验室
- [ ] 每日安全动态推送(24/10/29)
雷神众测
- [ ] 雷神众测漏洞周报2024.10.21-2024.10.27
威努特安全网络
- [ ] 安全强基：“等保”到“关保”升级之旅
奇安信 CERT
- [ ] 【已复现】Apache Solr 身份认证绕过漏洞(CVE-2024-45216)安全风险通告第二次更新
代码卫士
- [ ] Mozilla：十六进制代码可用于操纵 ChatGPT 写 exp
- [ ] 美澳联合发布软件安全部署指南
安全客
- [ ] 安全KER社区亮相看雪峰会，携手行业精英共话安全未来
安全分析与研究
- [ ] 利用Python程序库加载的窃密木马脚本详细分析
看雪学苑
- [ ] 真实黑客说：GEEKCON 2024上海站收官
- [ ] PWN入门-SROP拜师
- [ ] 研究者揭露微软 Windows 内核的操作系统降级漏洞
信安之路
- [ ] 永久激活GPT4.0！有效期至2296年！我上车了！！
长亭安全应急响应中心
- [ ] 【已复现】CyberPanel upgrademysqlstatus 远程命令执行漏洞
安全内参
- [ ] 一机场集团疑似勒索攻击，旗下13个机场紧急切换备用系统
- [ ] Pwn2Own 2024爱尔兰黑客大赛：共发放超106万美元奖金
知道创宇404实验室
- [ ] 【知道创宇404实验室】警惕CVE-2024-38812 VMware vCenter Server远程代码执行漏洞
360漏洞云
- [ ] 360漏洞云亮相看雪峰会，携手行业精英共话安全创新
数世咨询
- [ ] 微软CEO纳德拉自降薪酬，员工工资与安全直接挂钩
安全学术圈
- [ ] 乔治华盛顿大学｜周杰课题组招生
DataCon大数据安全分析竞赛
- [ ] 网络黑产分析赛道 | 打击黄牛，请出拳！新型Black SEO，请挑战！(转发抽奖)
dotNet安全矩阵
- [ ] .NET 一款内存加载绕过ASMI和ETW的工具
- [ ] .NET内网实战：通过调用系统的API接口模拟实现PowerShell
- [ ] .NET 一款二进制文件转换Shellcode的工具
微步在线
- [ ] 要不是中招，这些钓鱼手法肯定想不到
网安杂谈
- [ ] 书生大模型实战营闯关第一关：Linux 基础知识
情报分析师
- [ ] 揭秘：莫斯科军官名单曝光于防空导弹防御系统文件
- [ ] 开源情报信息，一网打尽！
默安科技
- [ ] 案例分享：D证券的云上安全治理之路
极客公园
- [ ] 4499 的小米 15 和 81 万的 SU7 Ultra，雷军又打出「极致」牌
- [ ] 这届双 11，美妆品牌在天猫为什么这么「能打」？
- [ ] 美团低调尝试新功能：「小红书」的皮，「点评」的魂
- [ ] 苹果 AI 正式上线，iMac 焕新 M4；319亿！腾讯「企鹅岛」一期将竣工；销量大涨，华为跻身手机市场亚军｜极客早知道
安全圈
- [ ] 【安全圈】法国第二大互联网服务商遭遇数据泄露，波及1900万用户
- [ ] 【安全圈】2024零售行业最大泄露事件，3.5亿数据被挂暗网
- [ ] 【安全圈】App-Bound新工具可绕过谷歌浏览器的 Cookie 加密系统
- [ ] 【安全圈】日本电产精密公司披露安全事件和数据泄露情况
国家互联网应急中心CNCERT
- [ ] CNVD漏洞周报2024年第43期
- [ ] 上周关注度较高的产品安全漏洞(20241021-20241027)
火绒安全
- [ ] 情况说明 | 非官方火绒剑存在后门风险，请用户谨慎下载使用
威胁猎人Threat Hunter
- [ ] “商户洗钱”成为趋势，威胁猎人反洗钱情报助力金融机构洗钱风险治理
字节跳动技术团队
- [ ] 【万字干货】保姆级AI编程基础入门，看这篇就够了！
黑伞安全
- [ ] 谷安说很便宜，我从来没信过（广子）
天御攻防实验室
- [ ] 手机防黑指南
娜璋AI安全之家
- [ ] [安全专业分享] 一.《信息系统安全》初识及研究生学术初探
360数字安全
- [ ] 权威机构力荐！大模型加持下的360 NDR已到Next Level！
斗象智能安全
- [ ] 漏洞盒子SRC：「基因」优势打赢漏洞收集持久战
谛听ditecting
- [ ] 谛听 | “谛听”团队牵头编制的《工业网络安全态势感知技术规范》标准正式发布
NetSPI
- [ ] Bytes, Books, and Blockbusters: The NetSPI Agents’ Top Cybersecurity Fiction Picks
Over Security - Cybersecurity news aggregator
- [ ] New Windows Themes zero-day gets free, unofficial patches
- [ ] U.S. Joins International Action Against RedLine and META Infostealers
- [ ] Massive PSAUX ransomware attack targets 22,000 CyberPanel instances
- [ ] QNAP fixes NAS backup software zero-day exploited at Pwn2Own
- [ ] Six senators tell Biden administration UN cybercrime treaty must be changed
- [ ] Russia and China-linked state hackers intensify attacks on Netherlands, security officials warn
- [ ] Infostealer e quishing, la minaccia del phishing più evoluto
- [ ] US names and charges Maxim Rudometov with developing the Redline infostealer
- [ ] Russia arrests hacker accused of preventing electronic voting during local election
- [ ] Ransomware Vulnerability Matrix: A Comprehensive Resource for Cybersecurity Analysts
- [ ] Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses
- [ ] Russian charged by U.S. for creating RedLine infostealer malware
- [ ] Russia says it might build its own Linux community after removal of several kernel maintainers
- [ ] Phishing Campaign Targeting Ukraine: UAC-0215 Threatens National Security
- [ ] July 2024 Cyber Attacks Statistics
- [ ] Lumma/Amadey: fake CAPTCHAs want to know if you’re human
- [ ] LightSpy: Implant for iOS
- [ ] How TI Feeds Support Organizational Performance
- [ ] Email, Email on the Wall, Who Sent You, After All?
- [ ] Al Pwn2Own di ottobre sono state sfruttate oltre 70 vulnerabilità zero-day
CNVD漏洞平台
- [ ] CNVD漏洞周报2024年第43期
- [ ] 上周关注度较高的产品安全漏洞(20241021-20241027)
吴鲁加
- [ ] 知识星球推荐 #1：四海星球
Securityinfo.it
- [ ] Infostealer e quishing, la minaccia del phishing più evoluto
- [ ] Al Pwn2Own di ottobre sono state sfruttate oltre 70 vulnerabilità zero-day
contagio
- [ ] 2024-10-23 WarmCookie/BadSpace - APT TA866 - Samples
- [ ] 2024-10-25 HeptaX - Unauthorized RDP Connections. Nalicious LNK. > Powershell > Bat files Samples
ICT Security Magazine
- [ ] Forum ICT Security, insights dalla 22a Edizione
DARKNAVY
- [ ] GEEKCON 2024 上海站闭幕｜荣誉榜单·年度鲱鱼奖公布
迪哥讲事
- [ ] 接口文档下的渗透测试
Desync InfoSec
- [ ] 从目录浏览分析幽盾攻击组织
Schneier on Security
- [ ] Law Enforcement Deanonymizes Tor Users
Team Cymru
- [ ] An Introduction to Operational Relay Box (ORB) Networks - Unpatched, Forgotten, and Obscured
Unsupervised Learning
- [ ] UL NO. 456: A Deep-dive on Prompt Injection
Full Disclosure
- [ ] SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
- [ ] APPLE-SA-10-28-2024-8 visionOS 2.1
- [ ] APPLE-SA-10-28-2024-7 tvOS 18.1
- [ ] APPLE-SA-10-28-2024-6 watchOS 11.1
- [ ] APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
- [ ] APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
- [ ] APPLE-SA-10-28-2024-3 macOS Sequoia 15.1
- [ ] APPLE-SA-10-28-2024-2 iOS 17.7.1 and iPadOS 17.7.1
- [ ] APPLE-SA-10-28-2024-1 iOS 18.1 and iPadOS 18.1
- [ ] Open Redirect / Reflected XSS - booked-schedulerv2.8.5
Information Security
- [ ] Bitlocker question
- [ ] Recent Cyber Attacks
Blackhat Library: Hacking techniques and research
- [ ] How do I bypass Administrator privileges?
- [ ] Can you spoof a reaction in text?
Computer Forensics
- [ ] How important are certs like the GCFA?
- [ ] Samsung Galaxie Note 10+ SMS text extraction
- [ ] UK Law Enforcement DF to Private Incident Response
Deep Web
- [ ] Working for Indian Space Agency
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] Need to know good options for Online Master Degree in "Cybersecurity"
- [ ] How does one get better at learning how to fuzz things?
SANS Internet Storm Center, InfoCON: green
- [ ] ISC Stormcast For Tuesday, October 29th, 2024 https://isc.sans.edu/podcastdetail/9200, (Tue, Oct 29th)
Your Open Hacker Community
- [ ] Being Smart When Asking Questions
- [ ] I'm trying to extract images from a website but it gives me a security check error.
Graham Cluley
- [ ] The AI Fix #22: Probing AI tongues and ASCII smuggling attacks
Tor Project blog
- [ ] New Release: Tor Browser 14.0.1
Security Affairs
- [ ] International law enforcement operation dismantled RedLine and Meta infostealers
- [ ] Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766
- [ ] Russia-linked espionage group UNC5812 targets Ukraine’s military with malware
The Hacker News
- [ ] Researchers Uncover Vulnerabilities in Open-Source AI and ML Models
- [ ] A Sherlock Holmes Approach to Cybersecurity: Eliminate the Impossible with Exposure Validation
- [ ] Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus
- [ ] U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing
- [ ] New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors
Technical Information Security Content & Discussion
- [ ] Cracking into a Just Eat / Takeaway.com terminal with an NFC card
- [ ] What Are My OPTIONS? CyberPanel v2.3.6 pre-auth RCE
Deeplinks
- [ ] Court Orders Google (a Monopolist) To Knock It Off With the Monopoly Stuff
Security Weekly Podcast Network (Audio)
- [ ] The CISO Mindset, Top Strategies, and Mandating Office Presence Without Purpose - David Bradbury, Erin Baudo Felter - BSW #370
- [ ] Making TLS More Secure, Lessons from IPv6, LLMs Finding Vulns - Arnab Bose, Shiven Ramji - ASW #305