[每日信息流] 2024-06-28

[chainreactorbot]

每日安全资讯（2024-06-28）

• Twitter @Nicolas Krassas
  • [ ] WhisperGate Suspect Indicted As US Offers A $10 Million Bounty https://packetstormsecurity.com/news/view/36038/WhisperGate-Suspect-Indicted-As-US-Offe...
  • [ ] US firms claimed to be attacked by BianLian ransomware gang https://www.scmagazine.com/brief/us-firms-claimed-to-be-attacked-by-bianlian-ransomware-ga...
  • [ ] Introducing SlackEnum: A User Enumeration Tool for Slack https://www.blackhillsinfosec.com/introducing-slackenum/
  • [ ] Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more https://www.malwarebytes.com/blog/new...
  • [ ] Your Phone's 5G Connection is Vulnerable to Bypass, DoS Attacks https://www.darkreading.com/mobile-security/your-phone-s-5g-connection-is-exposed-to-b...
  • [ ] A Pwn2Own SpiderMonkey JIT Bug: From Integer Range Inconsistency to Bound Check Elimination then RCE https://github.com/bjrjk/CVE-2024-29943/tree/main
  • [ ] Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads https://thehackernews.com/2024/06/rust-based-p2pinfect-botnet-evolves.html
  • [ ] China-Sponsored Attackers Target 40K Corporate Users in 90 Days https://www.darkreading.com/threat-intelligence/china-sponsored-attackers-40k-corporat...
  • [ ] Critical GitLab bug lets attackers run pipelines as any user https://www.bleepingcomputer.com/news/security/critical-gitlab-bug-lets-attackers-run-pip...
  • [ ] US lawmakers wave red flags over Chinese drone dominance https://go.theregister.com/feed/www.theregister.com/2024/06/27/congress_china_drones/
  • [ ] ‘Poseidon’ Mac stealer distributed via Google ads https://www.malwarebytes.com/blog/cybercrime/2024/06/poseidon-mac-stealer-distributed-via-google-a...
  • [ ] GitHub Actions exploitation: introduction https://www.synacktiv.com/publications/github-actions-exploitation-introduction.html
  • [ ] RT Dark Web Informer: 🚨🚨#RANSOMWARE🚨🚨Coca-Cola Myanmar Office has been breached by RansomHub. 800GB of exfiltrated data.
  • [ ] Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks https://thehackernews.com/2024/06/prompt-injection-flaw-in-vanna-ai.html
  • [ ] Security Analysis of the EU’s Digital Wallet https://www.schneier.com/blog/archives/2024/06/security-analysis-of-the-eus-digital-wallet.html
  • [ ] Russian National Indicted for Cyber Attacks on Ukraine Before 2022 Invasion https://thehackernews.com/2024/06/russian-national-indicted-for-cyber.html
  • [ ] New “Snowblind” Android Malware Steals Logins, Bypasses Security Features https://hackread.com/snowblind-android-malware-steals-bypasses-security/
  • [ ] Dangerous AI Workaround: 'Skeleton Key' Unlocks Malicious Content https://www.darkreading.com/application-security/dangerous-ai-workaround-skeleton-ke...
  • [ ] Chinese Espionage Group “ChamelGang” Uses Attacks for Disruption and Data Theft https://hackread.com/chinese-espionage-group-chamelgang-data-theft/
  • [ ] WhisperGate suspect indicted as US offers a $10M bounty for his capture https://go.theregister.com/feed/www.theregister.com/2024/06/27/whispergate_mal...
• Doonsec's feed
  • [ ] 记一次因API接口问题导致目标内网沦陷
  • [ ] 资产太多，不知如何下手？看红队如何快速打点
  • [ ] 【资讯】中德签署《关于中德数据跨境流动合作的谅解备忘录》
  • [ ] 【资讯】《互联网政务应用安全管理规定》解读
  • [ ] 【资讯】北京市经信局印发《北京市未来产业育新基地建设方案》
  • [ ] 【资讯】安徽省信管局印发《关于开展2024年电信和互联网行业“江淮护航”网络和数据安全专项行动的通知》
  • [ ] 说句真话，可能会得罪非常多的人
  • [ ] 玄机-等保-Linux等保测评
  • [ ] 多个 WordPress 插件在持续的供应链攻击中被植入后门
  • [ ] CSDN的gitcode正在批量搬运github
  • [ ] G.O.S.S.I.P 阅读推荐 2024-06-27 Why I attack
  • [ ] 逆向学习汇编篇 -- 数据的存储和读取
  • [ ] 逆向学习汇编篇 -- 移位操作和中断处理机制
  • [ ] 网络安全学习笔记 -- Linux系统安装+基本命令（三）
  • [ ] 网络安全学习笔记 -- Linux系统安装+基本命令（四）
  • [ ] 对话 Top Seed 导师｜我们为什么如此重视年轻人
  • [ ] 网络安全缩略语汇编-B
  • [ ] 江湖又现整活 护网需要严谨
  • [ ] Web LLM 攻击技术
  • [ ] 红队安全攻防知识库
  • [ ] 一些APP渗透测试时的小tips
  • [ ] 看过来！美亚柏科面向全国招募智慧安防代理商合作伙伴
  • [ ] 技能通行证！电子数据调查分析技术初级培训即刻开启
  • [ ] 【重磅突破】安卓12/13全机型提权提取
  • [ ] \"6月警报！HVV常态化来袭，网络安全人，你准备好了吗？\"
  • [ ] 【红蓝/演练】-战后收尾(3)之不再临阵磨枪
  • [ ] 【电子取证篇】电子数据行政文书模板下载
  • [ ] 360周鸿祎：人工智能安全是下一个皇冠上的明珠
  • [ ] 喜讯！雄安网络安全技术应用大赛：360数据安全管理平台勇夺全国第一
  • [ ] 尽快修补！新的 MOVEit 传输漏洞记录的漏洞正在被利用
  • [ ] 【车联网】现代汽车Ioniq SEL渗透测试（8）
  • [ ] 记一次渗透测试综合靶场dc-1
  • [ ] 浅谈内网攻防渗透之道-RDP远程登陆攻防
  • [ ] 小程序可测性能力建设与实践
  • [ ] SIGIR 2024 | 美团技术团队精选论文解读 & 论文分享会预告
  • [ ] 关于举办“2024工业互联网标识解析产教融合暑期师资研修班”的通知
  • [ ] 2022年第二届“网鼎杯”网络安全大赛—青龙组—我就是来划水的-Writeup
  • [ ] InForSec2024夏令营报名中，大咖开讲，快来围观课程表！
  • [ ] “00后”离职删软件被公司威胁起诉？删除公司电脑软件违法吗？
  • [ ] 在过去3年中，有2.8亿人安装了危险的Chrome浏览器扩展程序
  • [ ] 天融信6大项目登榜雄安未来之城场景汇系列大赛，IPv6技术赛道拔得头筹！
  • [ ] 密评“模拟”一次考，来看看你能答多少分→
  • [ ] AI工具推荐 | 马上HVV了，各处流传的信息资料你应该统一管理
  • [ ] 私域涨粉1000+，超好用的帮会新功能上线啦
  • [ ] LockBit造谣，美联储数据并未遭窃
  • [ ] SherlockChain：基于高级AI实现的智能合约安全分析框架
  • [ ] 洞悉安全发展新方向 矩阵杯“安全+AI”数智创新大会成功召开
  • [ ] 四叶草安全助力2024年“数智创新”高端论坛
  • [ ] 【安全圈】现已修复！AirPods 最新固件曝出蓝牙漏洞，可能导致设备被窃听
  • [ ] 【安全圈】售价 15 万美元，影响 Linux 内核的 UAF 零日漏洞在暗网出售
  • [ ] 【安全圈】在过去 3 年中，有 2.8 亿人安装了危险的 Chrome 浏览器扩展程序
  • [ ] 【安全圈】曾针对七国安卓用户发起攻击，Medusa 银行木马变种“卷土重来”
  • [ ] 同程、飞猪遭黑客攻击瘫痪？官方：系统正常运行
  • [ ] 大赛唯一卫星应用获奖项目：盛邦安全卫星互联网产品解决方案闪耀雄安
  • [ ] 火绒企业版V2.0常见问题
  • [ ] 数实共生 智连未来 | 启明星辰亮相2024MWC上海
  • [ ] 魔方安全亮相“2024网络安全论坛”，携手共筑香港网络安全防线
  • [ ] 奇安信上榜Gartner® 安全信息与事件管理魔力象限
  • [ ] 奇安信荣获“长城杯”优秀技术支撑单位 助推高校实战型人才培养
  • [ ] 印尼国家数据中心遭勒索攻击：边检等服务中断数天 超210个政府机构被波及
  • [ ] 金榜题名 | 承制科技3月、4月攻防领域认证考试通过名单
  • [ ] 「漏洞复现」易天智能eHR管理平台 CreateUser 任意用户添加漏洞
• Private Feed for M09Ic
  • [ ] zer0yu started following h888t
  • [ ] zer0yu starred watchtowrlabs/watchTowr-vs-progress-moveit_CVE-2024-5806
  • [ ] DVKunion started following iSafeBlue
  • [ ] Ridter forked Ridter/RemoteKrbRelay from CICADA8-Research/RemoteKrbRelay
  • [ ] Ridter starred CICADA8-Research/RemoteKrbRelay
  • [ ] Ridter starred breakpointHQ/TCC-ClickJacking
  • [ ] Ridter starred alienator88/Pearcleaner
  • [ ] Ridter forked Ridter/DefenderYara from roadwy/DefenderYara
  • [ ] Ridter starred roadwy/DefenderYara
  • [ ] wabzsy starred go-chi/chi
  • [ ] Ridter starred Getshell/C2
  • [ ] Ridter starred whocansee/FilelessAgentMemShell
  • [ ] 4ra1n starred Clouditera/SecGPT
  • [ ] yzddmr6 starred hahwul/dalfox
  • [ ] DVKunion starred NUS-Curiosity/KernJC
  • [ ] DVKunion started following BaiMeow
  • [ ] DVKunion starred wINfOG/My_Reverse_Book
  • [ ] shmilylty started following 1oid
  • [ ] shmilylty starred m-sec-org/EZ
  • [ ] panjf2000 starred LazyVim/LazyVim
  • [ ] ourren starred awsm-research/LineVul
  • [ ] Y4er starred shiyanhui/dht
  • [ ] veo starred Getshell/C2
  • [ ] yzddmr6 starred whocansee/FilelessAgentMemShell
• Security Boulevard
  • [ ] Webinar: How to secure Microsoft Copilot & Gen AI
  • [ ] Container Security Scanning: Vulnerabilities, Risks and Tooling
  • [ ] USENIX Security ’23 – In the Quest to Protect Users from Side-Channel Attacks — A User-Centred Design Space to Mitigate Thermal Attacks on Public Payment Terminals
  • [ ] Third-Party Trust Issues: AppSec Learns from Polyfill
  • [ ] Daniel Stori’s ‘Java Attacks!’
  • [ ] The True Cost of Bad Code in Software Development
  • [ ] Boost Hybrid Cloud Strategy with Cloudera and comforte’s Data-Centric Security
  • [ ] VMware vCenter RCE Vulnerability: What You Need to Know
  • [ ] Polyfill – Additional Analysis and Discovery: Signs of PII and Credential Harvesting, Broad Exposure through Digital Supply Chain
  • [ ] The Evolving SSL/TLS Certificate Lifecycle & How to Manage the Changes
• Recent Commits to cve:main
  • [ ] Update Thu Jun 27 22:31:45 UTC 2024
  • [ ] Update Thu Jun 27 14:29:29 UTC 2024
  • [ ] Update Thu Jun 27 06:29:15 UTC 2024
• Trustwave Blog
  • [ ] CDK Global Cyber Incident Shows the Need for Better Supply Chain Security
• obaby@mars
  • [ ] 地域黑
• Files ≈ Packet Storm
  • [ ] Suricata IDPE 7.0.6
  • [ ] GRR 3.4.7.5
  • [ ] Debian Security Advisory 5722-1
  • [ ] Debian Security Advisory 5721-1
  • [ ] Red Hat Security Advisory 2024-4160-03
  • [ ] Red Hat Security Advisory 2024-4146-03
  • [ ] Red Hat Security Advisory 2024-4144-03
  • [ ] Red Hat Security Advisory 2024-4126-03
  • [ ] Red Hat Security Advisory 2024-4119-03
  • [ ] Red Hat Security Advisory 2024-4118-03
  • [ ] Red Hat Security Advisory 2024-4108-03
  • [ ] Red Hat Security Advisory 2024-4107-03
  • [ ] Red Hat Security Advisory 2024-4106-03
  • [ ] Red Hat Security Advisory 2024-4101-03
  • [ ] Red Hat Security Advisory 2024-4098-03
  • [ ] Red Hat Security Advisory 2024-4092-03
  • [ ] Red Hat Security Advisory 2024-4084-03
  • [ ] Red Hat Security Advisory 2024-4083-03
  • [ ] Red Hat Security Advisory 2024-4081-03
  • [ ] Red Hat Security Advisory 2024-4079-03
  • [ ] Red Hat Security Advisory 2024-4078-03
  • [ ] Red Hat Security Advisory 2024-4077-03
  • [ ] Red Hat Security Advisory 2024-4075-03
  • [ ] Red Hat Security Advisory 2024-4074-03
  • [ ] Red Hat Security Advisory 2024-4073-03
• jbp.io
  • [ ] CVE-2024-5535: SSL_select_next_proto buffer overread
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • [ ] Scattered Spider 黑客组织将重点转向云应用程序以窃取数据
  • [ ] “矩阵杯”网络安全大赛开幕，东半球顶赛助力实战人才培养
• Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
  • [ ] Exposing Bulgaria's Ruja Ignatova's OneCoin Cryptocurrency Internet-Connected Infrastructure - An Analysis
• GuidePoint Security
  • [ ] WWDMD – What Would Dade Murphy Do? – Reconnaissance & Intelligence Collection for External Penetration Tests
• Inside Stormshield
  • [ ] Fest’Num Lille – Stormshield accompagne les jeunes
• Malware-Traffic-Analysis.net - Blog Entries
  • [ ] 2024-06-25 - Latrodectus infection with BackConnect and Keyhole VNC
• Malwarebytes
  • [ ] Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more
  • [ ] ‘Poseidon’ Mac stealer distributed via Google ads
• Project Zero
  • [ ] The Windows Registry Adventure #3: Learning resources
• PortSwigger Blog
  • [ ] Investing to deliver more
• daniel.haxx.se
  • [ ] long term curl versions
• Microsoft Security Response Center
  • [ ] Toward greater transparency: Unveiling Cloud Service CVEs
• rtl-sdr.com
  • [ ] An Inspiring Video about Getting Hooked on SDRs
  • [ ] SDR# Big Guide Book: 2024 Edition Released
  • [ ] Tech Minds: Testing the NooElec FlyCatcher RTL-SDR ADS-B+UAT Raspberry Pi Hat
  • [ ] Tech Minds: Using the RK888 MK2 to Receive the Entire HF Band
• HackerNews
  • [ ] 新型信用卡盗刷软件瞄准 WordPress、Magento 和 OpenCart 网站
  • [ ] LockBit 造谣，美联储数据并未遭窃
  • [ ] 售价 15 万美元，影响 Linux 内核的 UAF 零日漏洞在暗网出售
  • [ ] 现已修复！AirPods 最新固件曝出蓝牙漏洞，可能导致设备被窃听
  • [ ] 新的攻击技术利用 Microsoft 管理控制台文件
  • [ ] 新的 MOVEit Transfer 文件传输漏洞正在被积极利用
• FreeBuf网络安全行业门户
  • [ ] FreeBuf早报 | 美联储数据并未遭窃；AirPods 最新固件曝出蓝牙漏洞
  • [ ] MOVEit 又曝出高危漏洞，又要来一次供应链大事件？
  • [ ] LockBit造谣，美联储数据并未遭窃
  • [ ] 售价 15 万美元，影响 Linux 内核的 UAF 零日漏洞在暗网出售
  • [ ] 现已修复！AirPods 最新固件曝出蓝牙漏洞，可能导致设备被窃听
• Intigriti
  • [ ] How to build a top-class cybersecurity team—and when to outsource
• 安全牛
  • [ ] 如何成为网络安全架构师？
  • [ ] 国务院审议通过《中华人民共和国保守国家秘密法实施条例（修订草案）》；LockBit对美联储的攻击声明或只是在虚张声势 | 牛览
• Webroot Blog
  • [ ] What to do if you’re using Kaspersky security software that is now banned in the U.S.
• 奇安信 CERT
  • [ ] 【已复现】Ollama 远程代码执行漏洞(CVE-2024-37032)安全风险通告第二次更新
• 奇客Solidot–传递最新科技情报
  • [ ] AI 需求推动半导体市场急剧扩张
  • [ ] AI 在大学考试中击败了大学生
  • [ ] 美国主要流媒体巨头减少了原创剧产量
  • [ ] 雄性雌性线粒体的细胞活性存在显著差异
• 看雪学苑
  • [ ] RWhackA远程线程注入式病毒分析（H&NCTF2024）
  • [ ] 研究人员破解Arm的内存安全机制，绕过率接近100%
  • [ ] 浏览器Pwn技术实战，解锁Chrome V8引擎攻击方法
• Black Hills Information Security
  • [ ] Introducing SlackEnum: A User Enumeration Tool for Slack
• 代码卫士
  • [ ] CISA：多数重要的开源项目未使用内存安全代码
  • [ ] 苹果修复可导致窃听的 AirPods 蓝牙漏洞
• 腾讯玄武实验室
  • [ ] 每日安全动态推送(6-27)
• 安全内参
  • [ ] 美国拟立法评估：极端网络攻击下关基设施能否切换手动操作
  • [ ] 美国拟投资3.6亿元，研发医疗设备漏洞管理方案
• 微步在线研究响应中心
  • [ ] 收洞！收你手上攒着想放大招的洞！
• 数世咨询
  • [ ] 何为非人类身份以及其重要性所在？
  • [ ] 重保季来袭，什么样的神器能帮助企业高枕无忧？
• 关键基础设施安全应急响应中心
  • [ ] 《数据安全治理白皮书6.0》卫生健康行业实践——分类分级、评估、场景化治理的思路和实践
  • [ ] Rafel RAT恶意软件可能影响39亿台旧安卓手机
  • [ ] 新的 Linux 恶意软件通过 Discord 发送的表情符号进行控制
  • [ ] 新的攻击技术利用 Microsoft 管理控制台文件
• dotNet安全矩阵
  • [ ] .NET 一款利用内核驱动关闭AV/EDR的工具
  • [ ] 两个国内最专业的.NET安全知识库
• 中国信息安全
  • [ ] 论坛·全球人工智能治理 | 美国人工智能治理体系的底层逻辑浅析
  • [ ] 关注 | 庄荣文会见德国数字化和交通部部长维辛 双方共同签署《关于中德数据跨境流动合作的谅解备忘录》
  • [ ] 专家解读 | 朱巍：中国网络法治三十年，网络法治保障高质量发展
  • [ ] 聚焦 | “矩阵杯”网络安全大赛开幕！国际顶尖战队线下鏖战
  • [ ] 评论 | 攥指成拳，严惩网暴
  • [ ] 关注 | 19名在越南实施跨境电信网络诈骗的犯罪嫌疑人被移交我方
  • [ ] 一图速览 | 我国网络法治建设30年实践成就
• 青藤云安全
  • [ ] 【大咖说】第2期 | 专访中国电信集团网信安部总经理 谷红勋
• OPPO安全中心
  • [ ] 2024年5月奖励公告
• 黑伞安全
  • [ ] 安全项目群满！Hvv 2群，还没项目的速来
• CNCERT国家工程研究中心
  • [ ] 《数据安全治理白皮书6.0》卫生健康行业实践——分类分级、评估、场景化治理的思路和实践
  • [ ] 我国数据权属相关问题的最新进展、挑战及应对
  • [ ] 美以间谍不敌也门胡塞！胡塞武装摧毁美国、以色列大型间谍网络
  • [ ] 猴痘病毒爆发期，南非国家卫生实验室因勒索攻击中断服务
• 极客公园
  • [ ] 「橙篇」背后的百度文库，如何做好「AI 原生化」？
  • [ ] AGI 时代序章，4 个有关创业的关键问题
  • [ ] 微信输入法上线「一键AI问答」；SpaceX获NASA 8.43亿美元合同；LV母集团成巴黎奥运最大赞助商 | 极客早知道
• 360数字安全
  • [ ] 360周鸿祎：人工智能安全是下一个皇冠上的明珠
  • [ ] 喜讯！雄安网络安全技术应用大赛：360数据安全管理平台勇夺全国第一
• Qualys Security Blog
  • [ ] Decoding OWASP – A Security Engineer’s Roadmap to Application Security
• IT Service Management News
  • [ ] Mio articolo sulle figure professionali per l'IA
• ICT Security Magazine
  • [ ] Affrontare i Rischi Informatici nel Pubblico: Normative, Rivoluzioni e Strategie di Mitigazione – Tavola Rotonda
  • [ ] La catena di custodia della digital evidence
• Over Security - Cybersecurity news aggregator
  • [ ] BlackSuit ransomware gang claims attack on KADOKAWA corporation
  • [ ] Black Suit ransomware gang claims attack on KADOKAWA corporation
  • [ ] New Unfurling Hemlock threat actor floods systems with malware
  • [ ] Polyfill, Cloudflare trade barbs after reports of supply chain attack threatening 100k websites
  • [ ] U.S. indicts Russian GRU hacker, offers $10 million reward
  • [ ] TeamViewer's corporate network was breached in alleged APT hack
  • [ ] Law enforcement searches of Clearview AI facial recognition doubled in past year
  • [ ] We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there
  • [ ] Startups scramble to assess fallout from Evolve Bank data breach
  • [ ] Suspected Chinese gov’t hackers used ransomware as cover in attacks on Brazil presidency, Indian health org
  • [ ] Polyfill.io usato per infettare più di 100.000 siti
  • [ ] Microsoft pulls Windows 11 KB5039302 update causing reboot loops
  • [ ] As backlash mounts, data privacy bill markup is canceled moments before it was to start
  • [ ] Crimea warns of internet disruptions following DDoS attacks on local telecom operators
  • [ ] Critical GitLab bug lets attackers run pipelines as any user
  • [ ] Scoperto un grave attacco alla supply chain del servizio Polyfill.io: più di 100.000 i siti coinvolti
  • [ ] Snowflake isn’t an outlier, it’s the canary in the coal mine
  • [ ] Polyfill claims it has been 'defamed', returns after domain shut down
  • [ ] Too good to be true: Beware the temptation of recovery scams
  • [ ] Cloudflare: We never authorized polyfill.io to use our name
  • [ ] Fusion Fireside #1: Navigating the Payment Pathways with Daniel van Delft
  • [ ] #FIRSTCON24 Fukuoka
  • [ ] Crescono gli attacchi di compromissione delle e-mail aziendali
  • [ ] Chinese Cyberspies Employ Ransomware in Attacks for Diversion
• 安全419
  • [ ] 零信任落地的理想应用场景：身份管理
  • [ ] 重保季来袭，什么样的神器能帮助企业高枕无忧？
  • [ ] 2024年7月网络安全行业活动、赛事一览
• SANS Internet Storm Center, InfoCON: green
  • [ ] ISC Stormcast For Thursday, June 27th, 2024 https://isc.sans.edu/podcastdetail/9038, (Thu, Jun 27th)
• Deeplinks
  • [ ] Victory! Grand Jury Finds Sacramento Cops Illegally Shared Driver Data
  • [ ] Drone As First Responder Programs Are Swarming Across the United States
  • [ ] Government Has Extremely Heavy Burden to Justify TikTok Ban, EFF Tells Appeals Court
  • [ ] The Global Suppression of Online LGBTQ+ Speech Continues
• Schneier on Security
  • [ ] Security Analysis of the EU’s Digital Wallet
• Technical Information Security Content & Discussion
  • [ ] South Korean telecom company attacks customers with malware — over 600,000 torrent users report missing files, strange folders, and disabled PCs
  • [ ] Sustaining Digital Certificate Security - Entrust Certificate Distrust
  • [ ] 17 vulnerabilities in Sharp Multi-Function Printers
  • [ ] Fuzzing scripting languages' interpreters' native functions using AFL++ to find memory corruption and more
• The Register - Security
  • [ ] US lawmakers wave red flags over Chinese drone dominance
  • [ ] Korean telco allegedly infected its P2P users with malware
  • [ ] WhisperGate suspect indicted as US offers a $10M bounty for his capture
• TorrentFreak
  • [ ] $8.1m Damages Agreed By YouTuber & Bungie For 96 Bogus DMCA Notices
  • [ ] LaLiga and UAE Launch ‘Anti-Piracy Laboratory’ to Block Pirate Sites
• Security Affairs
  • [ ] LockBit group falsely claimed the hack of the Federal Reserve
  • [ ] CISA adds GeoSolutionsGroup JAI-EXT, Linux Kernel, and Roundcube Webmail bugs to its Known Exploited Vulnerabilities catalog
  • [ ] New P2Pinfect version delivers miners and ransomware on Redis servers
• Securityinfo.it
  • [ ] Polyfill.io usato per infettare più di 100.000 siti
  • [ ] Crescono gli attacchi di compromissione delle e-mail aziendali
• Information Security
  • [ ] Proof-of-Concept available for CVE-2024-5276. No exploitation is has been reported yet. CVE-2024-5276 : CVSS 9.8 : SQL Injection vulnerability in Fortra's FileCatalyst Workflow.
• Tor Project blog
  • [ ] Arti 1.2.5 is released: onion services development, security fixes
• Trend Micro Research, News and Perspectives
  • [ ] ICO Scams Leverage 2024 Olympics to Lure Victims, Use AI for Fake Sites
• Graham Cluley
  • [ ] US charges four FIN9-linked hackers after $71 million cybercrime spree
• Palo Alto Networks Blog
  • [ ] Precision AI — Revolutionizing Cybersecurity with Our Latest Campaign
  • [ ] Palo Alto Networks Cybersecurity Academy Supports Future Cyber Leaders
• Yoroi Warning Archive Feed
  • [ ] Warning: Polyfill Supply Chain Attack
• The Hacker News
  • [ ] Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads
  • [ ] The Secrets of Hidden AI Training on Your Data
  • [ ] Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks
  • [ ] How to Use Python to Build Secure Blockchain Applications
  • [ ] Russian National Indicted for Cyber Attacks on Ukraine Before 2022 Invasion
  • [ ] Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application
• Blackhat Library: Hacking techniques and research
  • [ ] ID Verification Service for X & TikTok Breached due to an Infostealer Infection
  • [ ] black hat github ?
  • [ ] Have a list with 1000 emails - which mailing software allows me to send them emails without their approval?
• Security Weekly Podcast Network (Audio)
  • [ ] Do We Need Penetration Testing and Vulnerability Scanning? - Josh Bressers, Adrian Sanabria - PSW #833