chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

110 stars 19 forks source link

[每日信息流] 2024-06-24 #572

Closed chainreactorbot closed 3 months ago

chainreactorbot commented 4 months ago

每日安全资讯（2024-06-24）

白袍的小行星
- [ ] 玩转Flipper Zero之Bluetooth篇
Twitter @Nicolas Krassas
- [ ] Inside the tiny chip that powers Montreal subway tickets http://www.righto.com/2024/06/montreal-mifare-ultralight-nfc.html
- [ ] Zip Slip meets Artifactory: A Bug Bounty Story https://karmainsecurity.com/zip-slip-meets-artifactory-a-bug-bounty-story
- [ ] Risk of getting malicious extension from Chrome store way worse than Google's letting on, study suggests https://go.theregister.com/feed/www.theregist...
- [ ] VulnNodeApp - A Vulnerable Node.Js Application http://www.kitploit.com/2024/06/vulnnodeapp-vulnerable-nodejs.html
- [ ] RT D. Schmidt: I found a 1-click exploit in South Korea's biggest mobile chat app. This would have allowed to steal all user's chat messages. Full wri...
- [ ] New Fickle Stealer Exploits Software Flaws to Steal Crypto, Browser Data https://hackread.com/fickle-stealer-software-flaw-steal-crypto-browser-data/
- [ ] UK Health Club Chain ‘Total Fitness’ Data Leak Exposes KYC and Card Data https://hackread.com/uk-health-club-chain-total-fitness-data-leak/
- [ ] Qilin Ransomware Leaks 400GB of NHS and Patient Data on Telegram https://hackread.com/qilin-ransomware-attack-nhs-patient-data-leak-telegram/
- [ ] AdsExhaust Adware Distributed in Fake Oculus Installer via Google Search https://hackread.com/adsexhaust-adware-fake-oculus-installer-google-search/
- [ ] LAUSD Data Breach: Hackers Leak 25M Records, Including Student Locations https://hackread.com/lausd-data-breach-hackers-leak-data-student-locations/
- [ ] Someone apparently hacked 50 Cent’s accounts to peddle a memecoin and made off with millions https://www.engadget.com/someone-apparently-hacked-50-ce...
- [ ] HTB: Office https://0xdf.gitlab.io/2024/06/22/htb-office.html
- [ ] CDK Global outage caused by BlackSuit ransomware attack https://www.bleepingcomputer.com/news/security/cdk-global-outage-caused-by-blacksuit-ransomwar...
- [ ] SneakyChef Espionage Campaign Targets Governments Across the Globe https://securityonline.info/sneakychef-espionage-campaign-targets-governments-acros...
- [ ] reconftw: automates the entire process of reconnaissance https://meterpreter.org/reconftw-automates-the-entire-process-of-reconnaissance/
- [ ] FalconHound: A blue team multi-tool https://meterpreter.org/falconhound-a-blue-team-multi-tool/
- [ ] ESET Issues Security Patch for Privilege Escalation Flaw in Windows Products https://securityonline.info/eset-issues-security-patch-for-privilege-esca...
- [ ] Cloaked and Covert: Uncovering UNC3886 Espionage Operations https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-oper...
unSafe.sh - 不安全
- [ ] 大部分仍然不认同 AI 制作的新闻
- [ ] USENIX Security ’23 – Educators’ Perspectives of Using (or Not Using) Online Exam Proctoring
- [ ] IBM 前高管起诉年龄歧视
- [ ] 【AI速读】美国研究中国人工智能
- [ ] Weekly Update 405
- [ ] Timeline and Details of the Change Healthcare Breach
- [ ] A Hitchhiker's Guide to Restaking and Its Risks
- [ ] Addressing the General Problem of Studying Linear Stability and Bifurcations of Periodic Orbits
- [ ] VulnNodeApp - A Vulnerable Node.Js Application
- [ ] 重生之我在复旦拍摄毕业大片
Private Feed for M09Ic
- [ ] gh0stkey starred LagrangeDev/Lagrange.Core
- [ ] gh0stkey starred NapNeko/NapCatQQ
- [ ] gh0stkey starred KimJun1010/inspector
- [ ] gh0stkey starred CleverRaven/Cataclysm-DDA
- [ ] gh0stkey starred floooh/sokol-samples
- [ ] gh0stkey starred floooh/sokol
- [ ] gh0stkey starred niedev/RTranslator
- [ ] gh0stkey starred devploit/nomore403
- [ ] gh0stkey starred varwara/CVE-2024-26229
- [ ] mozhu1024 starred launchbadge/sqlx
- [ ] mozhu1024 starred gchq/CyberChef
- [ ] mozhu1024 starred jaywcjlove/linux-command
- [ ] mozhu1024 starred alibaba/higress
- [ ] mozhu1024 starred go-mysql-org/go-mysql
- [ ] kpcyrd starred ratatui-org/ratatui
- [ ] mozhu1024 starred gocarina/gocsv
- [ ] mozhu1024 starred fsgo/proxydump
- [ ] mozhu1024 starred youki992/VscanPlus
- [ ] INotGreen starred zxwk1998/vue-admin-arco
- [ ] 4ra1n released 8.5.100.Y4.01 at 4ra1n/tomcat
- [ ] zer0yu started following uf0o
- [ ] zer0yu starred Naezr/ShyFox
- [ ] zer0yu starred Upinel/BetterRDP
SecWiki News
- [ ] SecWiki News 2024-06-23 Review
Security Boulevard
- [ ] USENIX Security ’23 – Educators’ Perspectives of Using (or Not Using) Online Exam Proctoring
- [ ] Navigating the CISO Role: Common Pitfalls for New Leaders
美团技术团队
- [ ] Spark向量化计算在美团生产环境的实践
Doonsec's feed
- [ ] 红队钓鱼话术总结
- [ ] Zyxel NAS系统setCookie接口存在远程命令执行漏洞CVE-2024-29973 附POC
- [ ] src | 奇怪的任意用户重置密码组合拳漏洞
- [ ] 实战 | 记一次SQL到接口的SSRF
- [ ] 《诗词游记》第339期：三十三年弹指间
- [ ] 【电子取证篇】电子数据网络在线提取和远程勘验的区别与联系（附模板下载）
- [ ] 漏洞预警 | Triton Inference Server for Linux远程代码执行漏洞（CVE-2024-0087）
- [ ] 【AI速读】美国研究中国人工智能
- [ ] 极客的巅峰对决 | 第八届XCTF国际网络攻防联赛总决赛圆满落幕
- [ ] 民政部就《个人求助网络服务平台管理办法（征求意见稿）》公开征求意见（附全文）
- [ ] 【相关分享】关于java_swing的组件位置自适配
- [ ] 这是谁的部将？
- [ ] 网络安全常见的三层架构
- [ ] 分享的图片、视频、链接
- [ ] 重生之我在复旦拍摄毕业大片
- [ ] 浅谈红队攻防之道-自动化免杀钓鱼
- [ ] 原创-“打狗还的看主人”引发的思考，大家果真理解这句话了吗
- [ ] 【安全圈】继禁用俄卡巴斯基后，美财政部制裁其高管、冻结资产
- [ ] 【安全圈】微软发布紧急更新，修复Windows系统重大Wi-Fi漏洞
- [ ] 【安全圈】小心！RansomHub 勒索软件对 VMware ESXi 虚拟机虎视眈眈
- [ ] 护网即将来临！几个攻防演练模板文件分享
- [ ] NPS内网穿透搭建
- [ ] xwiki-CVE-2024-31982漏洞深入复现
- [ ] 新课linux高级usb安全开发与源码分析视频教程更新到101节啦
- [ ] OLLVM混淆源码解读
- [ ] 科锐软件逆向50期预科班报名即将截止，速来！ 50期正式班报名火爆招生中
- [ ] 背景调查？真相你知道一半就够了…
- [ ] 实锤！日产汽车宣布关闭中国常州工厂！
- [ ] 电子电器架构 --- 什么是域控制器？
- [ ] 自动驾驶汽车中午开才安全？
- [ ] 知识星球 | 如何看待国内网安监管？攻防演练必修高危漏洞都有哪些？
- [ ] 在Z｜翼支付高薪诚招安全架构师、数据安全专家、应用安全专家、基础安全工程师
- [ ] 透过现象看本质
- [ ] 打破“无文件落地”的神话
- [ ] 因数据治理问题，农行、浦发银行、徽商银行同时被罚
- [ ] 中共乐山市委网络安全和信息化委员会办公室乐山市网络和信息安全监管运营服务项目招标
- [ ] 干货 | 代码执行高级方式--APC注入回调函数映射注入函数踩踏
- [ ] 《美国情报界2024年度威胁评估》评析
- [ ] 杀软稻草人：伪装成多款杀软的小工具
- [ ] 【漏洞复现】天喻软件数据安全平台 deviceid 存在SQL注入
- [ ] 妙啊
- [ ] 全球网络战市场规模未来十年将超过万亿元
- [ ] 网络强国战略视域下的网络空间国际治理参与路径探析
- [ ] 人工智能对国家文化安全的影响与对策
- [ ] 逆向破解工具介绍及断点
- [ ] 多名年轻干部泄密被查！
- [ ] 一图读懂国家标准《网络安全技术软件产品开源代码安全评价方法》
- [ ] “数据要素×”典型案例之十四 | “一网统管”风险防控与应急指挥体系——以高质量数据要素推动应急管理能力提升
- [ ] 前沿 | 人工智能对国家文化安全的影响与对策
- [ ] 拜登下令「封杀」卡巴斯基软件
- [ ] 微信的整人代码，估计有90%的人都不知道。
- [ ] 远程控制手机方法只要5个步骤，根本不用Root！_通过usb控制手机
- [ ] 手机上最好用的远程控制软件排名
- [ ] 借助大模型提升甲方安全漏洞发现和修复效率
- [ ] JS敏感信息泄露到任意账号登录
- [ ] Chrome 插件 - URL 中提取各种类型的数据
- [ ] CVE-2024-29973 Zyxel-NAS设备存在远程命令执行漏洞
- [ ] 最后几个小时真没了！
- [ ] ModHeader+ChunkJs+Sign逆向绕过风控-记录省护渗透银行接管全体用户的精彩瞬间
- [ ] “Find智能科技创新应用优秀案例” 发布活动在天津举办
- [ ] 【漏洞复现 | 含批量POC】Zyxel-NAS设备 setCookie 远程命令执行漏洞
- [ ] 最新一批邀请码X10
- [ ] 数世咨询：《新质·中国数字安全百强（2024）》正式发布
- [ ] 数世咨询：《2024年度数字安全十佳案例》正式发布
- [ ] Frida Hook（四）- 通用漏洞挖掘实战思路
- [ ] “人工智能安全”研讨沙龙活动预告
- [ ] 某裸聊诈骗站点渗透实战
- [ ] 模拟攻击手动构建真实HTTP数据集
- [ ] 法国面临高级持续威胁，俄罗斯幕后APT浮现
KitPloit - PenTest & Hacking Tools
- [ ] VulnNodeApp - A Vulnerable Node.Js Application
奇客Solidot–传递最新科技情报
- [ ] 黑客披露窃取 Ticketmaster 数据细节
- [ ] 大部分仍然不认同 AI 制作的新闻
- [ ] IBM 前高管起诉年龄歧视
看雪学苑
- [ ] OLLVM混淆源码解读
- [ ] 科锐软件逆向50期预科班报名即将截止，速来！ 50期正式班报名火爆招生中
丁爸情报分析师的工具箱
- [ ] 【AI速读】美国研究中国人工智能
数世咨询
- [ ] 数世咨询：《新质·中国数字安全百强（2024）》正式发布
- [ ] 数世咨询：《2024年度数字安全十佳案例》正式发布
复旦白泽战队
- [ ] 重生之我在复旦拍摄毕业大片
极客公园
- [ ] 传 618 购物节 GMV 首次下降；马斯克剧透下一代 FSD「AI5」；小米副董事长回应减持套现：做慈善公益 | 极客早知道
红日安全
- [ ] 哈喽HVV签约了嘛？
Medi0cr1ty
- [ ] SinkFinder - 闭源系统半自动漏洞挖掘的尝试
Over Security - Cybersecurity news aggregator
- [ ] Weekly update #4
- [ ] Facebook PrestaShop module exploited to steal credit cards
- [ ] Microsoft Photos update brings requested features to Windows 11
- [ ] Timeline and Details of the Change Healthcare Breach
Troy Hunt's Blog
- [ ] Weekly Update 405
The Register - Security
- [ ] Risk of getting malicious extension from Chrome store way worse than Google's letting on, study suggests
Deep Web
- [ ] Deep libraries and books
- [ ] Deep Libraries and Books
- [ ] i love the deep web
Your Open Hacker Community
- [ ] 🚩 CTF Challenge: Exploiting a Vulnerable Calculator Web App. Can you solve this challenge ?
- [ ] How to get into a Telegram account
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] XSSy: An XSS lab site
- [ ] With LFI how to find the path to the process code if it's being run with uvicorn using /proc technique?
- [ ] CR 1.7 point 1 (62443-4-2) not redundant?
- [ ] New Blog Post: Understanding Protected Management Frames
- [ ] Random Verification Text
TorrentFreak
- [ ] EU Invites Feedback from ‘Pirate Sites’ for Upcoming Watchlist
Social Engineering
- [ ] I want your help in turning around this situation
Information Security
- [ ] Ive made a discord server for people to express themselves, make friends and talk about life
Technical Information Security Content & Discussion
- [ ] Understanding Protected Management Frames
- [ ] Zip Slip meets Artifactory: A Bug Bounty Story
Computer Forensics
- [ ] Trying to parse MFT table entries using Python 3
- [ ] Is LE Computer forensics as dark as they say?
- [ ] How much malware analysis knowledge do DFIR consultants need to know?
- [ ] Trying to access Mac logs to see when a USB was last mounted.
- [ ] Question from a layperson: Waze location data, clocks, and forensic software
Security Affairs
- [ ] Threat actor attempts to sell 30 million customer records allegedly stolen from TEG
- [ ] Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
- [ ] Threat actors are actively exploiting SolarWinds Serv-U bug CVE-2024-28995
KitPloit - PenTest Tools!
- [ ] VulnNodeApp - A Vulnerable Node.Js Application