[每日信息流] 2024-06-20

[chainreactorbot]

每日安全资讯（2024-06-20）

• SecWiki News
  • [ ] SecWiki News 2024-06-19 Review
• Files ≈ Packet Storm
  • [ ] Falco 0.38.1
  • [ ] Debian Security Advisory 5715-1
  • [ ] Bagisto 2.1.2 Client-Side Template Injection
  • [ ] Ubuntu Security Notice USN-6840-1
  • [ ] Ubuntu Security Notice USN-6839-1
  • [ ] Debian Security Advisory 5714-1
  • [ ] Ubuntu Security Notice USN-6818-4
  • [ ] Ubuntu Security Notice USN-6793-2
  • [ ] User Registration And Management System 3.2 SQL Injection
  • [ ] Red Hat Security Advisory 2024-3980-03
  • [ ] Red Hat Security Advisory 2024-3979-03
  • [ ] Red Hat Security Advisory 2024-3889-03
  • [ ] Red Hat Security Advisory 2024-3885-03
  • [ ] Red Hat Security Advisory 2024-1482-03
  • [ ] Red Hat Security Advisory 2024-1481-03
• paper - Last paper
  • [ ] N-days Chaining 漏洞利用分析 Part 4： VMware Workstation 信息泄露
• Trustwave Blog
  • [ ] Comparably Honors Trustwave with Leadership and Career Growth Awards
  • [ ] Why Removing Phishing Emails from Inboxes is Crucial for Healthcare Security
• 安全通告
  • [ ] 安全通告 - 华为全屋音乐系统路径穿越漏洞
  • [ ] 安全通告 - 涉及部分华为家庭路由器的连接劫持漏洞
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • [ ] ISC.AI 2024创新独角兽沙盒大赛开启，招募AI&安全双域创新力量
  • [ ] 2024 年 5 月头号恶意软件：Phorpiex 僵尸网络掀起网络钓鱼狂潮
  • [ ] 国家计算机病毒应急处理中心监测发现15款违规移动应用
  • [ ] CISA 称 Windows 漏洞可能被利用于勒索软件攻击
• Security Boulevard
  • [ ] Obtaining Security Budgets You Need (Not Deserve): Ira Winkler’s Cybersecurity Playbook for Executives
  • [ ] Managing Transitive Vulnerabilities
  • [ ] New Blog Moderation Policy
  • [ ] The Fundamental Issues with Email and How PreVeil Addresses Them
  • [ ] IRONSCALES Applies Generative AI to Phishing Simulation
  • [ ] Next-Generation VPN Security Needs To Be Quantum Safe
  • [ ] DNS and Your Privacy: Should you use encrypted DNS?
  • [ ] Juneteenth National Independence Day 2024
  • [ ] Implementing AI in Startups: Key Strategies for Success
  • [ ] The Distributed Workforce: Why Flexibility and Trust are Essential in Cybersecurity
• Private Feed for M09Ic
  • [ ] Mr-xn forked Mr-xn/cloudflare-docker-proxy from ciiiii/cloudflare-docker-proxy
  • [ ] 4ra1n forked 4ra1n/RouteCheck-Alpha from ax1sX/RouteCheck-Alpha
  • [ ] 4ra1n starred ax1sX/RouteCheck-Alpha
  • [ ] 4ra1n started following ax1sX
  • [ ] 4ra1n forked 4ra1n/xssfinder from ac0d3r/xssfinder
  • [ ] 4ra1n starred ac0d3r/xssfinder
  • [ ] gh0stkey released HaE 3.2.2 at gh0stkey/HaE
  • [ ] FunnyWolf starred AbstractEngine/pentest-muse-cli
  • [ ] M0untainShley started following M09Ic
  • [ ] Wh0ale starred wgpsec/ENScan_GO
  • [ ] esrrhs starred jrfonseca/gprof2dot
  • [ ] DVKunion starred g1879/DrissionPage
  • [ ] Ak74-577 starred login-securite/conpass
  • [ ] Ak74-577 started following MayerDaniel
  • [ ] Ak74-577 starred MayerDaniel/profiler-lateral-movement
  • [ ] uknowsec starred 0xEr3bus/RdpStrike
  • [ ] Ak74-577 starred ricardojoserf/NativeDump
  • [ ] Ak74-577 starred NVISOsecurity/CVE-2024-26229-BOF
  • [ ] Ak74-577 starred vxCrypt0r/AMSI_VEH
  • [ ] Ak74-577 started following vxCrypt0r
  • [ ] Ak74-577 started following 0xEr3bus
  • [ ] Ak74-577 starred 0xEr3bus/RdpStrike
  • [ ] Ak74-577 starred Leo4j/Invoke-ADEnum
  • [ ] Ak74-577 starred vxCrypt0r/Voidgate
  • [ ] gh0stkey starred secretsquirrel/SigThief
  • [ ] gh0stkey starred chroblert/JSigThief
  • [ ] lijiejie released v3.0 at lijiejie/BBScan
  • [ ] phra starred leondz/garak
• Twitter @Nicolas Krassas
  • [ ] 'ONNX' MFA Bypass Targets Microsoft 365 Accounts https://www.darkreading.com/remote-workforce/onnx-microsoft-365-accounts-mfa-bypass
  • [ ] CDK Global cyberattack impacts thousands of US car dealerships https://www.bleepingcomputer.com/news/security/cdk-global-cyberattack-impacts-thousands...
  • [ ] Chinese Cyber Espionage Group Exploits Fortinet, Ivanti and VMware Zero-Days https://thehackernews.com/2024/06/chinese-cyber-espionage-group-exploits....
  • [ ] "Researchers" exploit Kraken exchange bug, steal $3 million in crypto https://www.bleepingcomputer.com/news/security/researchers-exploit-kraken-exchan...
  • [ ] Snowflake breach impact probed by LendingTree, confirmed by LAUSD https://www.scmagazine.com/brief/snowflake-breach-impact-probed-by-lendingtree-confi...
  • [ ] Volana - Shell Command Obfuscation To Avoid Detection Systems http://www.kitploit.com/2024/06/volana-shell-command-obfuscation-to.html
  • [ ] Synnovis demanded to pay $50M ransom after debilitating attack https://www.scmagazine.com/brief/synnovis-demanded-to-pay-50m-ransom-after-debilitating...
  • [ ] Medibank hack attributed to cybersecurity failings https://www.scmagazine.com/brief/medibank-hack-attributed-to-cybersecurity-failings
  • [ ] Vidar infostealer spread via trojanized Cisco Webex app https://www.scmagazine.com/brief/vidar-infostealer-spread-via-trojanized-cisco-webex-app
  • [ ] Chip maker giant AMD investigates a data breach https://securityaffairs.com/164676/data-breach/amd-investigates-data-breach.html
  • [ ] Amtrak confirms crooks are breaking into user accounts, derailing email addresses https://go.theregister.com/feed/www.theregister.com/2024/06/19/amtra...
  • [ ] Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software https://thehackernews.com/2024/06/warning-markopolos-scam-targeting.html
  • [ ] AMD Investigating Breach Claims After Hacker Offers To Sell Data https://packetstormsecurity.com/news/view/36013/AMD-Investigating-Breach-Claims-After...
  • [ ] AI Makes Nvidia The World's Most Valuable Company https://packetstormsecurity.com/news/view/36014/AI-Makes-Nvidia-The-Worlds-Most-Valuable-Company.htm...
  • [ ] F5 Big-IP Appliances Exploited For 3 Years By China Linked Group https://packetstormsecurity.com/news/view/36015/F5-Big-IP-Appliances-Exploited-For-3-...
  • [ ] Void Arachne Uses Deepfakes and AI to Deliver Malicious VPNs to Chinese Users https://thehackernews.com/2024/06/void-arachne-uses-deepfakes-and-ai-to....
  • [ ] RT zhiniang peng: Preauth RCE on NVIDIA Triton Server, the current security state of AI infrastructure is fragile https://sites.google.com/site/zhinia...
  • [ ] Active Directory Methodology in Pentesting: A (nearly) Comprehensive Guide https://medium.com/@verylazytech/active-directory-methodology-in-pentesting...
  • [ ] Recovering an ECU firmware using disassembler and branches http://blog.quarkslab.com/recovering-an-ecu-firmware-using-disassembler-and-branches.html
  • [ ] Feeding the Phishes https://posts.specterops.io/feeding-the-phishes-276c3579bba7?source=rss----f05f8696e3cc---4
• Doonsec's feed
  • [ ] 期待是一种暴力
  • [ ] 长平之战，赵国没有东方某神秘大国
  • [ ] Nginx日志分析实战：揭露4种CVE-2023-1389攻击手法，加固网站安全屏障
  • [ ] 有趣的混合编程：WebAssembly
  • [ ] Fastadmin 前台任意文件读取漏洞
  • [ ] CRMEB电商系统api/products存在SQL注入漏洞CVE-2024-36837 附POC
  • [ ] 西安电子科技大学 | 基于双向深度学习的攻击图构建和威胁预测
  • [ ] 中国密码学会2024年密码算法学术会议顺利召开
  • [ ] “数据要素×”典型案例之十 | 数据资源融合应用 助力文物传承保护和价值增值
  • [ ] 移动边缘计算场景下基于身份的安全认证密钥协商协议
  • [ ] 承包政府系统上线前未做安全测试，美国两家知名企业被罚8200万元
  • [ ] 大语言模型利用零日漏洞取得重大突破
  • [ ] 通报 | 22款APP（SDK）存在侵害用户权益行为
  • [ ] 秦安：七国集团对俄下通牒，普京释放和谈条件，中国要加紧防抢劫
  • [ ] 王常胜：历史惊人相似，古巴导弹危机再现，战略机遇重现，要抓住
  • [ ] 张志坤：俄乌战争什么时候才能迎来和平？
  • [ ] G.O.S.S.I.P 阅读推荐 2024-06-19 基辅危急之电网毁灭者！
  • [ ] 白帽黑客从零入门，最新实战挖洞教程（附工具下载）限时删除！
  • [ ] 新一代欺诈威胁防护的理念与关键能力特征
  • [ ] [安全问答] 01.AI双非研0如何从事AI安全研究
  • [ ] 2024年第五期CCSC-DF电子数据取证方向认证培训开启报名！暑期特惠
  • [ ] 2024HW面试真题（三）之看完蓝初变蓝高
  • [ ] [统计学]韦布尔分布Weibull及开发
  • [ ] 逆向学习Windows篇 -- 静态库和动态库的相关知识以及编译链接的过程
  • [ ] 逆向学习Windows篇 -- C++的编译过程和静态库的使用
  • [ ] 逆向学习Windows篇 -- 在程序中添加静态库和使用全局变量的方法
  • [ ] 逆向学习Windows篇 -- lab的使用和生成过程，以及“dell”的导出函数和作用
  • [ ] 逆向学习Windows篇 -- 动态加载和def导出的相关内容
  • [ ] 逆向学习Windows篇 -- C++中构造函数的调用方式和函数导出
  • [ ] 逆向学习Windows篇 -- 如何设计一个启动进程的API，以及与之相关的参数和命令行参数
  • [ ] 逆向学习MFC篇 -- 修改过程函数来拦截消息，以及如何使用反射机制来处理消息
  • [ ] 北京智源大会发布北京人工智能数据运营平台
  • [ ] 【渗透实战】从管理协同软件到堡垒机的实战案例
  • [ ] 红队安全攻防知识库
  • [ ] Asp.net内存马检工具
  • [ ] HFish：一款企业安全主动攻击型蜜罐网络钓鱼框架系统
  • [ ] 无需返场，因为优惠一直在！618 软件折扣继续享！
  • [ ] ssrf攻击链
  • [ ] CRMEB开源电商系统products SQL注入漏洞-CVE-2024-36837
  • [ ] 技术厮杀！编程实战！不分语言！聪明人的游戏又来了
  • [ ] 【每日一题】蓝桥杯大学组历年真题及题解 - 机房
  • [ ] 【资讯】中央网信办公示《第二批国家数字乡村试点入选名单》
  • [ ] 【资讯】深圳市财政局发布《关于加强企业数据资源相关会计处理的通知》
  • [ ] 【车联网】现代汽车Ioniq SEL渗透测试（4）
  • [ ] 比ChatGPT更智能！AI代理能否重塑网络安全防御的未来？
  • [ ] 《数据安全治理白皮书6.0》政策篇： 数据出境安全管理
  • [ ] 全球人工智能治理倡议的世界意义
  • [ ] 【论文速读】|对BusyBox进行模糊测试：利用大语言模型和崩溃重用挖掘嵌入式系统中的漏洞
  • [ ] 忘记了就看看 逆向分析原理剖析
  • [ ] Pentest Muse：一款专为网络安全人员设计的AI助手
  • [ ] 2024年央国企网络安全沙龙在沪举行，盛邦安全揭秘攻防实战“新利器”
  • [ ] 【安全圈】VMware 关键漏洞修复程序已发布，请立即更新
  • [ ] 【安全圈】AMD多项内部数据被黑客挂到暗网出售
  • [ ] 【安全圈】虚假的谷歌浏览器错误正诱导用户运行恶意 PowerShell 脚本
  • [ ] 【安全圈】Barracuda最新报告显示：有 92% 的企业曾遭遇社工攻击
  • [ ] AMD源代码、固件等数据被盗 黑客寻求出售
  • [ ] 典型案例丨工业互联网数据资产安全管理平台
  • [ ] 荐读丨建设5G工厂，需做好网络安全防护
  • [ ] 360SRC RCE专项活动
  • [ ] 微众银行专利：解决大模型推理过程中隐私泄露风险较高的问题
  • [ ] 欧洲多个组织“联名上书”：欧盟网络安全标签不应区别对待美国云巨头
  • [ ] 关注 | 严打！男子用AI伪造学生同事近7000张裸照
  • [ ] 渗透测试实战-靶机入侵
  • [ ] 华顺信安获评CNNVD“年度漏洞消控优秀贡献奖”、“年度优秀技术支撑单位”
  • [ ] 《信息安全技术 关键信息基础设施安全监测预警产品技术要求》发布 边界无限参编
  • [ ] 【明晚直播】揭秘！一条诈骗短信诞生背后的黑灰产业链
  • [ ] 安宁警方破获网络盲盒赌博案 | 徽县警方破获“4•27”电信网络诈骗案——涉网犯罪每日情报
  • [ ] 公司邮箱遭入侵险失1700余万元，上海警方32小时内追回
  • [ ] 国家网信办网络法治局：通过法律手段推进数据跨境流动
  • [ ] LLSRC 新增漏洞收录范围啦，还有翻倍奖励等你来！
  • [ ] 奇安信集团与中国电信陕西公司达成战略合作
  • [ ] 奇安信集团与中保车服签署战略合作协议
  • [ ] 燃爆攻防演练！这招让安全设备防御力满格
  • [ ] CCF网络安全科普活动走进校园
  • [ ] CVPR 2024 | OPPO精选论文解读
  • [ ] 典型精细化工企业网络安全建设规划
  • [ ] 【国际视野】美国参议院小组批准《2025财年国防授权法案》
  • [ ] 初窥ARM平坦化还原
  • [ ] 6月白帽集结令！挖洞赢奖金，一起燥起来！
  • [ ] 前法拉第未来全球CEO陈雪峰加盟新亚科技，负责公司全球业务
  • [ ] 智能汽车域控制器知识全解
  • [ ] CAN FD，正在被取代？
  • [ ] 重磅发布！2024济南城市人才系列宣传片
  • [ ] 亚信安全信舱 ForCloud“全栈安全”，为云而生
  • [ ] 承包政府系统上线前未做安全测试，两家知名企业被罚8200万元
  • [ ] 国家网信办 | 中国制定出台网络领域立法150多部
  • [ ] 中国互联网协会发布《数据跨境流通安全技术要求》等４项数据安全相关团体标准
  • [ ] 北京市首届电子数据取证分析师职业技能大赛由奇安信承办
  • [ ] 综合排名第一！奇安信揽获8项CNNVD重磅大奖
  • [ ] Mailcow Mail Server 在多个漏洞，可导致RCE攻击
  • [ ] 新型恶意软件利用被暴露的 Docker API 挖矿
  • [ ] 四叶草安全入选《数据安全产品及服务购买决策参考》
  • [ ] Q2冲榜，快来领取你的新周边！
  • [ ] 信息安全漏洞周报（2024年第25期）
  • [ ] 三大厂商对象存储安全性及差异性比较
  • [ ] 赏金猎人特训营-找对思路豪取赏金
  • [ ] 讨论：这算不算逻辑漏洞？
  • [ ] 佛蒙特州里程碑式的隐私法案因立法机构未能推翻否决而被否决
  • [ ] 135个！2024年新型数字服务优秀案例名单公布
  • [ ] i春秋助力 | 字节跳动安全范儿沙龙「漏洞挖掘」专场
  • [ ] 开启学习模式！7月开班计划，让你技能满分
  • [ ] 电子政务网关键信息基础设施安全保护的研究
  • [ ] 专家提醒：警惕AI悄悄“偷”走你的声音
  • [ ] 工信部移动应用创新与治理技术重点实验室启动2024年度开放课题征集
  • [ ] 内网靶场月挑战WP公开
  • [ ] 利用MSSQL模拟提权
  • [ ] JAVA代码审计第八期抓紧时间上车
  • [ ] 启明星辰集团荣获CNNVD两项大奖，彰显技术支撑与漏洞贡献实力
• obaby@mars
  • [ ] Uniapp 下安卓的权限申请
• cloud world
  • [ ] Robust generic functions on slices
• Binary Ninja
  • [ ] Restructuring the Binary Ninja Decompiler
• hn security
  • [ ] Extending Burp Suite for fun and profit – The Montoya way – Part 5
• KitPloit - PenTest & Hacking Tools
  • [ ] Volana - Shell Command Obfuscation To Avoid Detection Systems
• 绿盟科技技术博客
  • [ ] 绿盟科技威胁周报（2024.06.10-2024.06.16）
• 安全牛
  • [ ] 直播预告 | 网络安全平台化浅析
  • [ ] 多家银行机构因数据治理问题被处罚；2024年一季度全球SASE市场收入增长23%；暗网交易平台”帝国市场”运营者被起诉 | 牛览
  • [ ] 《数据安全实践》出版发行｜闪捷信息倾力奉献
  • [ ] 简析数字风险管理的常用方法和关键能力
  • [ ] 做专做实，长扬科技关于工业互联网安全实训基地建设难点与对策分析
• HackerNews
  • [ ] 生成式人工智能技术的快速应用，引发企业内部担忧
  • [ ] VMware 关键漏洞修复程序已发布，请立即更新
  • [ ] Barracuda 最新报告显示：有 92% 的企业曾遭遇社工攻击
  • [ ] 半导体公司 AMD 遭数据泄露，内部文件于暗网出售
  • [ ] 大语言模型利用零日漏洞取得重大突破
  • [ ] 美国第二大市政卫生系统—洛杉矶县卫生服务部：超20万人个人信息被泄露
  • [ ] 美国与印尼举行以港口为重点的网络安全演习
  • [ ] 黑客利用旧版 F5 BIG-IP 设备实现持久性
• FreeBuf网络安全行业门户
  • [ ] 马上报名 | 红蓝军攻防与数据安全主题研讨会·北京站启动
  • [ ] FreeBuf早报 | 近五分之一SQL已终止支持；加密劫持活动正针对公开的Docker API
  • [ ] 云计算环境商用密码应用安全建设体系框架研究与思考
  • [ ] 生成式人工智能技术的快速应用，引发企业内部担忧
  • [ ] CTF-内存取证详解
  • [ ] AMD多项内部数据被黑客挂到暗网出售
  • [ ] VMware 关键漏洞修复程序已发布，请立即更新
  • [ ] Barracuda最新报告显示：有 92% 的企业曾遭遇社工攻击
• 安全客
  • [ ] 小心！中国公民正在成为二维码网络钓鱼攻击目标！
• 奇安信 CERT
  • [ ] 综合排名第一！奇安信揽获8项CNNVD重磅大奖
• 安全内参
  • [ ] 承包政府系统上线前未做安全测试，两家知名企业被罚8200万元
  • [ ] 大语言模型利用零日漏洞取得重大突破
• 代码卫士
  • [ ] 综合排名第一！奇安信揽获8项CNNVD重磅大奖
  • [ ] Mailcow Mail Server 在多个漏洞，可导致RCE攻击
  • [ ] 新型恶意软件利用被暴露的 Docker API 挖矿
• 奇客Solidot–传递最新科技情报
  • [ ] 高脂肪食物可能会加剧焦虑
  • [ ] 全国高温天气持续近半个月
  • [ ] 法国电价降至负值
  • [ ] TDK株式会社称在电池技术上取得突破
  • [ ] 马斯克致力于年底在 X 上推出支付功能
  • [ ] 微软通过 Copilot+ PC 向用户释出 Windows 11 24H2
  • [ ] 塞尔达公主有了自己担任主角的动作冒险游戏
  • [ ] 苹果据报暂停下一代高端 Vision 的研发
  • [ ] 黑客在地下论坛出售窃取的 AMD 数据，AMD 表示正对此展开调查
• 安全研究GoSSIP
  • [ ] G.O.S.S.I.P 阅读推荐 2024-06-19 基辅危急之电网毁灭者！
• 腾讯玄武实验室
  • [ ] 每日安全动态推送(6-19)
• 阿里安全响应中心
  • [ ] 阿里集团安全部招聘多个安全岗位
• 青藤云安全
  • [ ] 邬江兴院士：云时代面临新安全风险，构建内生安全体系是关键
• 奇安盘古
  • [ ] 北京市首届电子数据取证分析师职业技能大赛由奇安信承办
• 安全学术圈
  • [ ] 西安电子科技大学 | 基于双向深度学习的攻击图构建和威胁预测
• 360数字安全
  • [ ] 连续上榜！360荣获中国国家信息安全漏洞库（CNNVD）多项荣誉
  • [ ] ISC.AI 2024创新独角兽沙盒大赛开启，招募AI&安全双域创新力量
• 看雪学苑
  • [ ] 初窥ARM平坦化还原
  • [ ] ISC训练营7月30日开课！报名即赠ISC.AI 2024峰会通票
  • [ ] 香港中文大学被黑客入侵，泄露两万师生信息
• 中国信息安全
  • [ ] 科蓝软件连续中标11个数字银行相关项目，专业实力撬动业绩增长飞轮
  • [ ] 通报 | 22款APP（SDK）存在侵害用户权益行为
  • [ ] 关注 | 建设清朗网络空间，维护网民合法权益——网络法治保障高质量发展
  • [ ] 专家解读 | 依法清除网暴信息 营造理性网络空间
  • [ ] 观点 | 全球人工智能治理倡议的世界意义
  • [ ] 关注 | 严打！男子用AI伪造学生同事近7000张裸照
• JUMPSEC
  • [ ] JUMPSEC named as a NCSC Assured Service Provider for the NCSC CIR scheme
• IT Service Management News
  • [ ] Mio articolo sull'uso del non digitale per la sicurezza
• 中孚安全技术研究
  • [ ] 攻防演练场景下的漏洞挖掘与治理 | 安全范儿沙龙开启
• Qualys Security Blog
  • [ ] TotalCloud Insights: Protect Your AWS Environment by Managing Access Keys Securely
• Securityinfo.it
  • [ ] Quasi la metà delle password può essere indovinata in meno di un minuto
  • [ ] Un malware Linux usa le emoji di Discord per eseguire comandi
• Schneier on Security
  • [ ] New Blog Moderation Policy
  • [ ] The Hacking of Culture and the Creation of Socio-Technical Debt
• Over Security - Cybersecurity news aggregator
  • [ ] Crown Equipment confirms a cyberattack disrupted manufacturing
  • [ ] Advance Auto Parts confirms data breach exposed employee information
  • [ ] CDK Global cyberattack impacts thousands of US car dealerships
  • [ ] Exiled Belarusian opposition figure on how ex-cops are helping to combat dictatorship
  • [ ] Road to redemption: GhostSec's hacktivists went to the dark side. Now they want to come back.
  • [ ] Poland points to Russian hackers in disruption of Euro 2024 broadcast
  • [ ] "Researchers" exploit Kraken exchange bug, steal $3 million in crypto
  • [ ] Hamster Kombat is dangerous, agree officials in Russia, Ukraine and beyond
  • [ ] Australian regulator blames lack of multi-factor authentication for Medibank hack
  • [ ] US intelligence 'not seen much' of Russia attempting to interfere in UK elections
  • [ ] Quasi la metà delle password può essere indovinata in meno di un minuto
  • [ ] Extending Burp Suite for fun and profit – The Montoya way – Part 5
  • [ ] Cyber security, dal G7 l’impegno per un cyberspazio aperto, resiliente e sicuro
  • [ ] NIS 2: come adottare una procedura per affrontare efficacemente le azioni di vigilanza
  • [ ] Vulnerabilità nei router Asus consente di prendere il controllo dei dispositivi: i dettagli
  • [ ] Bonifico errato, frode informatica e falso conto corrente: la verifica dell’identità da parte delle banche
  • [ ] TIKTAG, l’attacco che viola le funzioni di sicurezza delle CPU Arm: Chrome e Linux a rischio
  • [ ] Come diventare Security auditor, professione in piena evoluzione
  • [ ] Un malware Linux usa le emoji di Discord per eseguire comandi
• Malware Must Die!
  • [ ] MMD-0069-2024 - An old ELF Ransomware pivoted crypto (OpenSSL to PolarSSL) Linux/Encoder.1-2
• SANS Internet Storm Center, InfoCON: green
  • [ ] Handling BOM MIME Files, (Wed, Jun 19th)
• The Hacker News
  • [ ] Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw
  • [ ] UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying
  • [ ] New Case Study: Unmanaged GTM Tags Become a Security Nightmare
  • [ ] New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers
  • [ ] Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software
  • [ ] Mailcow Mail Server Flaws Expose Servers to Remote Code Execution
• ICT Security Magazine
  • [ ] Il 22° Forum ICT Security si terrà a Roma il 23 e 24 ottobre 2024
• TorrentFreak
  • [ ] Nintendo Takedown Wipes “Rhythm Heaven” Remix Tool & 250+ Forks Off GitHub
  • [ ] Police Make New Pirate IPTV Arrest as Public Criticism Over Priorities Persists
• Information Security
  • [ ] CVE-2024-5671 (CVSS Base Score : 9.8) -> Remote Code Execution in Trellix Intrusion Prevention System could lead to complete system compromise.
• Blackhat Library: Hacking techniques and research
  • [ ] Introducing RedFlag, a new tool that uses AI to identify high-risk code changes for security teams. Run it in batch mode to scope a pentest, or directly in CI pipelines to flag PRs for manual review.
  • [ ] What's the starter way to becoming a black hat?
  • [ ] bypassing security measures
  • [ ] why doesn’t anyone wanna mentor ??
• Technical Information Security Content & Discussion
  • [ ] Active Directory Methodology in Pentesting: A Comprehensive Guide
  • [ ] Extending Burp Suite for fun and profit - The Montoya way - Part 5
• Trend Micro Research, News and Perspectives
  • [ ] Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • [ ] Tips for Network Capturing
  • [ ] Red-Teaming-TTPs Logo Competition - the most creative hacker will win
• The Register - Security
  • [ ] Amtrak confirms crooks are breaking into user accounts, derailing email addresses
  • [ ] That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise
• KitPloit - PenTest Tools!
  • [ ] Volana - Shell Command Obfuscation To Avoid Detection Systems
• Social Engineering
  • [ ] Confidential John Nolan book
  • [ ] Something like this would be good no?
• Security Affairs
  • [ ] Alleged researchers stole $3 million from Kraken exchange
  • [ ] Google Chrome 126 update addresses multiple high-severity flaws
  • [ ] Chip maker giant AMD investigates a data breach
  • [ ] Cryptojacking campaign targets exposed Docker APIs
• Graham Cluley
  • [ ] Smashing Security podcast #377: An unhealthy data dump, railway surveillance, and a cheater sues Apple
• Computer Forensics
  • [ ] Resources on BlockChain Forensics?
  • [ ] Cellebrite not parsing Elcomsoft iCloud downloads
  • [ ] Memory Dumps for Practice
  • [ ] Memory Forensics on Windows and Linux
• Security Weekly Podcast Network (Audio)
  • [ ] Hacker Heroes - Dave Aitel - PSW Vault