BruceFeIix / picker

GNU General Public License v3.0

49 stars 6 forks source link

[每日信息流] 2024-11-01 #1318

Open BruceFeIix opened 3 weeks ago

BruceFeIix commented 3 weeks ago

每日安全资讯（2024-11-01）

SecWiki News
- [ ] SecWiki News 2024-10-31 Review
奇安信攻防社区
- [ ] c++异常处理-漏洞利用
- [ ] 记一次实战小程序漏洞测试到严重漏洞
Security Boulevard
- [ ] Maestro
- [ ] UnitedHealth Hires Longtime Cybersecurity Executive as CISO
- [ ] Why Data Discovery and Classification are Important
- [ ] Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #311 – Come to the Office
- [ ] How SSO and MFA Improves Identity Access Management (IAM)
- [ ] Shedding AI Light on Bank Wire Transfer Fraud
- [ ] Terrifying Trends in the 2024 Cyber Threat Landscape
- [ ] Safeguarding Cyber Insurance Policies With Security Awareness Training
- [ ] Roger Grimes on Prioritizing Cybersecurity Advice
- [ ] Application Detection and Response (ADR): A Game-changing SOC Analyst Tool | Contrast Security
Trustwave Blog
- [ ] Cyber Retail Fraud: A New Twist on an Old Game
Tenable Blog
- [ ] FY 2024 State and Local Cybersecurity Grant Program Adds CISA KEV as a Performance Measure
安全客-有思想的安全新媒体
- [ ] 360漏洞云亮相看雪峰会，携手行业精英共话安全创新
- [ ] Atlassian Confluence漏洞CVE-2023-22527被用于加密货币挖掘
- [ ] 谷歌修复了 Chrome 浏览器中的一个关键漏洞
- [ ] Opera 浏览器修复了可能暴露您信息的重大安全漏洞
- [ ] Change Healthcare漏洞影响 1 亿美国人
- [ ] CVE-2024-50387：黑客大赛中QNAP严重漏洞被利用，立即修补！
- [ ] 新型 “可怕 ”的 FakeCall 恶意软件在安卓系统上捕获照片和 OTP
- [ ] ATPC网络论坛将重点关注下一代网络安全和人工智能问题
- [ ] 黑客使用 Microsoft、AWS 诱饵对关键部门进行网络钓鱼
- [ ] 虚假 Meta 广告劫持 Facebook 帐户以传播 SYS01 信息窃取程序
Recent Commits to cve:main
- [ ] Update Thu Oct 31 22:33:36 UTC 2024
- [ ] Update Thu Oct 31 14:35:57 UTC 2024
- [ ] Update Thu Oct 31 06:28:59 UTC 2024
Der Flounder
- [ ] Managing user notifications for apps which request screen access on macOS Sequoia 15.1
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- [ ] 创启安全+AI聚变，ISC.AI 2024第五届数字安全创新百强评选开启招募
- [ ] Check Point: 2025 年网络安全形势预测
- [ ] 国家网络安全通报中心：重点防范境外恶意网址和恶意IP
- [ ] 2024 年预防网络攻击的 12 项网络安全最佳实践措施
- [ ] Check Point：加强云安全的关键策略
Microsoft Security Blog
- [ ] Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
- [ ] Microsoft now a Leader in three major analyst reports for SIEM
- [ ] 7 cybersecurity trends and tips for small and medium businesses to stay protected
Sucuri Blog
- [ ] Rogue Ads Redirect Visitors
一个被知识诅咒的人
- [ ] 【Python】深入理解Python中的装饰器：从零开始编写和应用高效的函数装饰器
- [ ] C++中的移动语义：深入理解std::move和移动构造函数，释放性能潜力
- [ ] 【C++】掌握C++异常处理机制：从try-catch到noexcept
Files ≈ Packet Storm
- [ ] WordPress Automatic 3.92.0 Path Traversal / Server-Side Request Forgery
- [ ] Qualitor 8.24 Server-Side Request Forgery
- [ ] CyberPanel Command Injection
- [ ] Skyhigh Client Proxy Policy Bypass
- [ ] Ubuntu Security Notice USN-7076-2
- [ ] Ubuntu Security Notice USN-7021-5
- [ ] Ubuntu Security Notice USN-7086-1
- [ ] Ubuntu Security Notice USN-7087-1
- [ ] Ubuntu Security Notice USN-7085-2
- [ ] Ubuntu Security Notice USN-7084-2
- [ ] Red Hat Security Advisory 2024-8680-03
- [ ] Red Hat Security Advisory 2024-8679-03
- [ ] Red Hat Security Advisory 2024-8678-03
- [ ] Red Hat Security Advisory 2024-8676-03
- [ ] Red Hat Security Advisory 2024-8675-03
- [ ] Red Hat Security Advisory 2024-8428-03
- [ ] Red Hat Security Advisory 2024-8337-03
Doonsec's feed
- [ ] 2024美亚杯案例背景解读（非官方-附官方建议小工具下载（文末粉丝福利））
- [ ] 网安自学就业指导1.3【更新红队资料+免杀视频+安全销售+安全售前+密评】
- [ ] WIZ prompt airlines 挑战赛
- [ ] 自动化漏洞检测平台-解放劳动力
- [ ] 新型网络犯罪之PHP网站后台密码绕过的几种姿势
- [ ] 推荐一个靠谱的无线随身wifi
- [ ] 辛瓦尔的荆棘和康乃馨中文版：第4章·处决叛徒
- [ ] 秦安：美国大选最后疯狂，谁当选更能促进两岸统一，人选已经确定
- [ ] 张志坤：炒作渲染下一届美国总统是谁，其实没有什么意义
- [ ] 《网络空间安全科学学报》2024年网络空间安全学术会议顺利召开
- [ ] CNCC2024—卫星互联网安全专题会议顺利举行
- [ ] 五种用来挖掘API端点的方法
- [ ] 新型 Fog 勒索软件威胁网络空间
- [ ] IBM 被黑威胁行为者“888”揭露数千名员工的数据泄露！
- [ ] Opera 浏览器易受通过恶意扩展程序发起的跨浏览器攻击
- [ ] 新型“FakeCall”变种劫持 Android 外拨电话进行网络钓鱼
- [ ] 应对人为错误：如何保护您的企业免遭代价高昂的数据泄露
- [ ] AI 代码编程助手真的有用吗
- [ ] 万圣节，一起 Cozeplay ！ iPhone 16 Pro Max、Switch、扣子周边等500份“糖果”掉落！
- [ ] 如何从IIS欢迎页面中快速挖掘漏洞
- [ ] 2024年10月星球内容汇总
- [ ] 用SAFE架构实现的解决方案的另一半
- [ ] “荣耀”时刻~ 启明星辰获2024年度杰出团队奖
- [ ] 【漏洞预警】DrayTek Vigor2960 Router命令注入漏洞
- [ ] 【漏洞预警】ServiceNow Now Platform未授权代码注入漏洞CVE-2024-8923
- [ ] 【漏洞预警】QNAP SMB Service安全缺陷漏洞可致远程代码执行
- [ ] 【漏洞情报】Vmware Spring Security访问控制不当漏洞
- [ ] 生成式AI威胁与安全应用——微软年度情报报告
- [ ] 喝酒歌-非安全专业领域内容，可忽视
- [ ] 组织流程丨第八届“强网杯”全国网络安全挑战赛线上赛即将打响
- [ ] 参赛须知丨第八届“强网杯”线上赛参赛手册及注意事项
- [ ] 倒计时2天丨第八届“强网杯”线上赛即将开赛
- [ ] 申报企业介绍（七）| 2024 年度“金智奖”评选投票正在火热进行中
- [ ] 中国中检战略重组天帷信息签约仪式在京举行，布局网络安全合规治理战略性新兴领域
- [ ] 9.8 小于 9.11？真相居然与圣经相关～
- [ ] 如何在没有硬件的情况下测试AUTOSAR应用程序的安全问题和错误
- [ ] 掌握模糊测试-如何在法规遵从中克服网络安全挑战
- [ ] 下一代车辆的基于硬件的网络安全
- [ ] 关于“刀郎”那些事，一步到位全清楚。
- [ ] 「漏洞复现」瑞格智慧心理服务平台 NPreenSMSList.asmx SQL注入漏洞
- [ ] 漏洞复现｜高校人力资源管理服务平台系统ReportServer接口存在敏感信息泄露漏洞
- [ ] 密探工具
- [ ] 人工智能与混合战争：技术强国的新战场
- [ ] 北京电子科技学院师生走进奇安信集团共筑网络安全新未来
- [ ] 近期网安资讯动态盘点(2024-10下)
- [ ] GEEKCON 2024上海站收官，“真实黑客说”揭秘安全行业真相
- [ ] 新闻｜俄法院对谷歌罚款20000000000000000000000000000000000美元
- [ ] 双11安全狂欢节：新人豪礼，双倍惊喜！
GuidePoint Security
- [ ] Cybersecurity Awareness Month: AI vs. AI: Redefining Zero Trust
Trail of Bits Blog
- [ ] Fuzzing between the lines in popular barcode software
NVISO Labs
- [ ] How AI forces us to expand our thinking about basic cybersecurity concepts: Part 2 – Confidentiality
Securelist
- [ ] Loose-lipped neural networks and lazy scammers
Horizon3.ai
- [ ] Revolutionize Your Security with Autonomous Pentesting—Join Horizon3.ai & Foresite Cybersecurity
- [ ] Publisher’s Choice Autonomous Pentesting
Binary Ninja
- [ ] Introducing VxWorks Support for Binary Ninja Ultimate
Reverse Engineering
- [ ] How do i workaround ASLR and get constant and offset values for game hacking?
Malwarebytes
- [ ] Android malware FakeCall intercepts your calls to the bank
SentinelOne
- [ ] Driving Advancement in Cybersecurity | Top 5 Takeaways from OneCon24
- [ ] Climbing The Ladder | Kubernetes Privilege Escalation (Part 2)
Webroot Blog
- [ ] Nastiest Malware 2024
daniel.haxx.se
- [ ] curl source code age
Depy's docs
- [ ] AOSP13 编译刷机
Checkmarx
- [ ] With 2FA Enabled: NPM Package lottie-player Taken Over by Attackers
- [ ] Getting to DevSecOps: How to Change Culture
FreeBuf网络安全行业门户
- [ ] FreeBuf早报 | 本月13项网络安全国家标准开始实施；CrowdStrike 反诉达美航空
- [ ] 遭勒索攻击后，秘鲁国际银行承认数据泄露
- [ ] 能伪造通话界面，FakeCall恶意软件变种在安卓手机中传播
奇客Solidot–传递最新科技情报
- [ ] 龙芯新处理器据报道性能超过了英特尔的 Raptor Lake
- [ ] AMD 宣布 Ryzen 7 9800X3D，售价 479 美元
- [ ] 俄罗斯表示计划建立替代 Linux 社区
- [ ] 瑞典和挪威重新考虑无现金社会计划
- [ ] 2023 年温室气体浓度创新高
- [ ] 俄罗斯情报机构利用 RDP 发动大规模钓鱼攻击
- [ ] Thunderbird for Android 发布首个正式版
- [ ] 前员工入侵迪士尼乐园餐厅的菜单软件修改过敏信息
- [ ] 印度对维基百科的诉讼可能产生深远影响
- [ ] Valve 要求游戏开发商披露是否使用了内核级反作弊技术
- [ ] Google 称其逾四分之一新代码是由 AI 生成的
- [ ] Google 搜索排名对独立网站愈来愈不友好
黑海洋 - WIKI
- [ ] 安卓防止屏幕休眠命令
Black Hills Information Security
- [ ] Pentesting, Threat Hunting, and SOC: An Overview
安全分析与研究
- [ ] 针对黑产团伙使用AsyncRAT和XWorm远控木马最新攻击样本分析
奇安信 CERT
- [ ] 【已复现】Spring Security 静态资源权限绕过漏洞(CVE-2024-38821)安全风险通告
看雪学苑
- [ ] 野蛮fuzz：尝试理解代码覆盖率
- [ ] 新型“恐怖”FakeCall恶意软件在Android设备上捕获照片和一次性密码
- [ ] 安全工具开发实战，助你轻松打造实用工具系统
信安之路
- [ ] 想进步，但是又迷茫、懒惰、自制力差，我该怎么办?
安全内参
- [ ] 美国联邦政府2024财年采购超1200亿元网络安全产品服务
- [ ] 美国空军将部署新的“综合防御性网络空间系统”
腾讯玄武实验室
- [ ] 每日安全动态推送(24/10/31)
代码卫士
- [ ] 谷歌修复由苹果报送的严重 Chrome 漏洞
- [ ] Opera 浏览器修复严重漏洞，可泄露用户信息
丁爸情报分析师的工具箱
- [ ] 【资料】美国《下一代情报》系列文档1
绿盟科技研究通讯
- [ ] 全球云上数据泄露风险分析简报（第一期）：1.8亿数据泄露，娱乐业成为“重灾区”
ChaMd5安全团队
- [ ] 2024第四届“网鼎杯”青龙组 writeup
黑哥虾撩
- [ ] 9.8 小于 9.11？真相居然与圣经相关～
数世咨询
- [ ] 5亿索赔战打响！达美航空怒告CrowdStrike，网络安全的代价有多高？
- [ ] 2024TechWorld 绿盟科技智慧安全大会
dotNet安全矩阵
- [ ] .NET 一款通过rundll32执行PowerShell的工具
- [ ] .NET 安全基础入门学习知识库
- [ ] .NET 一款内网渗透中用于权限维持的工具
极客公园
- [ ] 电商西行普惠偏远地区，拼多多先走了一小步
- [ ] 我跟万圣节的AI次元壁，看起来要被 PixVerse V3 打破了
- [ ] 传比亚迪季营收首次超特斯拉；苹果新 M4 MacBook Pro曝光；曝小红书测试引流至微信 | 极客早知道
情报分析师
- [ ] 美国总统大选：重点亚太国家战略考量与内战风险评估
- [ ] 情报分析师必备：AI图像识别技术的核心技能
威努特安全网络
- [ ] 护航智慧水利，威努特构建数字孪生流域“四预”工控安全体系
复旦白泽战队
- [ ] 成果分享｜【NDSS 25】复旦大学系统软件与安全实验室在移动生态安全研究取得新进展
OPPO安全中心
- [ ] 【众测挑战赛2404】丰厚额外奖励！特别新人加成！海外电商业务返场咯！
安全圈
- [ ] 【安全圈】Elasticsearch开源仓库被员工误操作导致404，star数降至200
- [ ] 【安全圈】俄罗斯对谷歌罚款达35位数美元
- [ ] 【安全圈】能伪造通话界面，FakeCall恶意软件变种在安卓手机中传播
- [ ] 【安全圈】遭勒索攻击后，秘鲁国际银行承认数据泄露
嘶吼专业版
- [ ] 2024 年预防网络攻击的 12 项网络安全最佳实践措施
- [ ] 国家网络安全通报中心：重点防范境外恶意网址和恶意IP
深信服千里目安全技术中心
- [ ] 【漏洞通告】Spring Security 静态资源未授权访问漏洞(CVE-2024-38821)
IT Service Management News
- [ ] Garante privacy e conservazione email e metadati 04
迪哥讲事
- [ ] 五种用来挖掘API端点的方法
吴鲁加
- [ ] 知识星球推荐 #2：不止读书营·第二季
表图
- [ ] 三季度财报显示，网络安全行业继续第五个季度收入下滑，市场同比萎缩8.5%
Over Security - Cybersecurity news aggregator
- [ ] Sophos reveals 5-year battle with Chinese hackers attacking network devices
- [ ] Stalker Online - 1,385,472 breached accounts
- [ ] October 2024 Web Server Survey
- [ ] FBI: Iranian cyber group targeted Summer Olympics with attack on French display provider
- [ ] Microsoft: Chinese hackers use Quad7 botnet to steal credentials
- [ ] Microsoft delays Windows Recall again, now by December
- [ ] Windows 11 Task Manager bug shows wrong number of running processes
- [ ] Hackers target critical zero-day vulnerability in PTZ cameras
- [ ] Microsoft wants $30 if you want to delay Windows 11 switch
- [ ] Cyble Sensors Detect New Attacks on LightSpeed, GutenKit WordPress Plugins
- [ ] LiteSpeed Cache WordPress plugin bug lets hackers get admin access
- [ ] Windows 11 Task Manager says no apps are active after preview update
- [ ] SecjuiceCON 2025
- [ ] Shopping scam sprawled across thousands of websites, bilked ‘tens of millions of dollars’
- [ ] Attack of the Christmas Clones
- [ ] Intelligenza artificiale, pilastro della sicurezza nazionale degli Stati Uniti: quali obiettivi
- [ ] Eurojust chiude la maggiore piattaforma di furto dati: contro i malware vince la cooperazione
- [ ] Come diventare Security consultant: guida a una delle professioni del futuro
- [ ] Windows Downdate, la vulnerabilità che “cancella” gli aggiornamenti di sistema
- [ ] Data scraping, dalle Autorità privacy le linee guida “globali” per la protezione dei dati
- [ ] Veterinaria e mondo animale, tra privacy e riservatezza: adempimenti e regole operative
- [ ] Telegram sfruttato per distribuire trojan: ecco come ci spiano e come proteggersi
- [ ] La cyber security oltre il perimetro aziendale: il ruolo di partner e fornitori
- [ ] Disinformazione russa in Moldavia: così le fake news diventano temibili cyber armi
- [ ] Machine unlearning: metodi per rimuovere i dati errati dai modelli AI
- [ ] Russia to ban cryptocurrency mining in some regions due to electricity shortages
- [ ] NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities
- [ ] HTB Pilgrimage Walkthrough
- [ ] Political Donations - OSINT
Securityinfo.it
- [ ] Malware mobile in aumento: trovate oltre 200 applicazioni dannose sul Google Play Store
DARKNAVY
- [ ] 「技术研报」以子之矛陷子之盾 · 用AI对AI漏洞的利用探索
Have I Been Pwned latest breaches
- [ ] Stalker Online - 1,385,472 breached accounts
360数字安全
- [ ] 这些企业用大模型加持数据安全防护，开启“开挂”模式！
Max Kersten
- [ ] Ghidra Tip 0x07: Iterating over all strings in a Program
SANS Internet Storm Center, InfoCON: green
- [ ] ISC Stormcast For Thursday, October 31st, 2024 https://isc.sans.edu/podcastdetail/9204, (Thu, Oct 31st)
- [ ] October 2024 Activity with Username chenzilong, (Thu, Oct 31st)
Desync InfoSec
- [ ] 从目录浏览分析幽盾攻击组织
Schneier on Security
- [ ] Roger Grimes on Prioritizing Cybersecurity Advice
- [ ] Tracking World Leaders Using Strava
Full Disclosure
- [ ] xlibre Xnest security advisory & bugfix releases
- [ ] APPLE-SA-10-29-2024-1 Safari 18.1
- [ ] SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
BorderGate
- [ ] GPS Signal Spoofing
Posts By SpecterOps Team Members - Medium
- [ ] Maestro
The Hacker News
- [ ] New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics
- [ ] LottieFiles Issues Warning About Compromised "lottie-player" npm Package
- [ ] Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities
- [ ] LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites
Tor Project blog
- [ ] Arti 1.3.0 is released: memory quota tracking, onion services, and more
- [ ] New Release: Tails 6.9
Graham Cluley
- [ ] Fraudsters exploit US General Election fever, FBI warns
- [ ] Smashing Security podcast #391: The secret Strava service, deepfakes, and crocodiles
Technical Information Security Content & Discussion
- [ ] Methodology for Leveraging LLMs for 0-day discovery (18+ vulns including on Netflix, Hulu, and Salesforce)
- [ ] Attackers hiding hostnames on Ethereum Blockchain; Target Puppeteer Users In Typosquat Campaign
- [ ] Multiple Vulnerabilities found in Portainer using CodeQL
- [ ] “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack
- [ ] Understanding RedLine Stealer: The Trojan Targeting Your Data
- [ ] Ollama internet facing servers | New Vulnerabilities in Ollama
- [ ] EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files
Security Affairs
- [ ] Threat actor says Interbank refused to pay the ransom after a two-week negotiation
- [ ] QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024
- [ ] New version of Android malware FakeCall redirects bank calls to scammers
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] Secretsnitch: A lightning-fast, modular secret scanner and endpoint extractor in Golang!
- [ ] CRTP after PNPT
Information Security
- [ ] Best way to get hands on experience in IT Auditing?
- [ ] 🎃 October's over, but cybersecurity shouldn't be!
Deeplinks
- [ ] "Is My Phone Listening To Me?"
- [ ] EFF Launches Digital Rights Bytes to Answer Tech Questions that Bug Us All
Your Open Hacker Community
- [ ] Is Bluetooth spoofing even possible?
- [ ] OllyDbg bits
- [ ] How do you hack
Computer Forensics
- [ ] Why is volatility3 so bad?
- [ ] Need help choosing between two Cloud DFIR training options
- [ ] I’m looking for a developer to help me with parsing windows logs like the .lnk etc?
- [ ] New Cellphone Machine
Security Weekly Podcast Network (Audio)
- [ ] Shadow IT and Security Debt - Dave Lewis - PSW #849