chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

110 stars 19 forks source link

[每日信息流] 2024-07-06 #584

Closed chainreactorbot closed 3 months ago

chainreactorbot commented 4 months ago

每日安全资讯（2024-07-06）

paper - Last paper
- [ ] 关于 CVE-2024-2961 glibc iconv exploitation (part 2) 注解
- [ ] 不只是黑产？疑似筹划 APT 攻击的”银狐”团伙攻击活动分析
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- [ ] 我国牵头提出的国际标准《网络安全物联网安全与隐私家庭物联网指南》正式发布
- [ ] 勒索软件攻击下的利益链分析
Recent Commits to cve:main
- [ ] Update Fri Jul 5 22:33:40 UTC 2024
- [ ] Update Fri Jul 5 14:29:05 UTC 2024
- [ ] Update Fri Jul 5 06:31:37 UTC 2024
Doonsec's feed
- [ ] 每周文章分享-167
- [ ] 中非共和国6月份陷入新一轮严重冲突
- [ ] 吉林密码专家向新行——全省密码应用与创新发展巡回宣讲活动圆满结束
- [ ] 国家数据局张慧星：公共数据开放和授权运营制度政策即将出台企业及个人数据利用政策正加紧研制
- [ ] 中国密码学会2024年密码测评理论与关键技术前沿论坛在成都顺利召开
- [ ] 关注 | 国家标准化管理委员会下达1项强制性网络安全国家标准计划
- [ ] 某校因网络运行安全被罚
- [ ] u200bCTF入门知识点
- [ ] 秦安：台湾宫庙预屯弹药与美航空航天局做“怨妇”，极端化正加速
- [ ] 王常胜：战略间谍的任务是布设战略陷阱，阴险地从根本上消灭对手
- [ ] 牟林：不要自以为是地渲染，美以矛盾其实并非对抗性矛盾
- [ ] 牟林：拿民营说事挑起矛盾要警惕，国家发展民营经济的决心若磐石
- [ ] Windows上搭建黑苹果（非从头开始）以及一些心得
- [ ] 网安短期项目推送
- [ ] 中国信通院池程：工业互联网赋能数字园区创新发展
- [ ] 中德工业互联网领域人才培养与产教融合推进计划正式启动 | 2024全球数字经济大会
- [ ] 渗透测试目录扫描字典 -- DirectoryFuzz（7月5日更新）
- [ ] 网络安全学习资料 -- 应急响应
- [ ] 终端信息自动收集专家 -- Eagle_Eye（7月4日更新）
- [ ] 红队实战教学 -- 反溯
- [ ] 在DevSecOps CI/CD Pipelines中集成软件供应链安全战略
- [ ] OpenWrt上网行为管理固件分享，可以控制视频、游戏联网
- [ ] 逆向学习汇编篇 -- 从特定内存地址读写数据
- [ ] 逆向学习汇编篇 -- Windows提供的调试框架
- [ ] 扫描器开发系列之敏感信息提取
- [ ] 对抗小技巧: IOS环境下支付宝小程序源码的提取
- [ ] 第二节：Java代码审计零点五基础系统学习之JavaWeb快速入门-1
- [ ] 历时9个月开发，“嵌入式实战”公开课已全部上线
- [ ] 检测本机操作还是有攻击行为
- [ ] 第一次的pentest show总结
- [ ] 史上最大密码泄露下载，泄露近 100 亿条！
- [ ] G.O.S.S.I.P 阅读推荐 2024-07-05 ARM Cortex-M 安全大揭秘
- [ ] CISSP干货备考资源
- [ ] 新的基于 Golang 的 Zergeca 僵尸网络能够进行强大的 DDoS 攻击
- [ ] 中国通信学会科学技术奖奖励政策宣讲会成功召开
- [ ] 护航端侧大模型平稳健康发展，百度大模型内容安全Lite版正式发布
- [ ] ARL联动AWVS实现自动化漏洞扫描
- [ ] 现场观察 | 2024世界人工智能大会安全治理护航未来智能时代
- [ ] 专家解读 | 顺应互联网发展趋势共绘网络法治新篇章
- [ ] 前沿 | 数据跨境流动规制的域外立法与实践
- [ ] 评论 | 挥法治利剑斩网暴毒瘤
- [ ] “2024政法装备展”报名通道正式开启！
- [ ] 前沿 | 机密计算在金融数据安全存储中的应用探索
- [ ] 注意丨暑假想找兼职、看演唱会的同学看过来，明白这些套路不上当！
- [ ] 数说安全发布2024全景图，盛邦安全上榜WAF、漏扫、资产测绘等16大领域见证实力
- [ ] 内存马如何查杀；项目中如何施行安全三同步 | FB甲方群话题讨论（文末电台有惊喜）
- [ ] PowerShell 技术在网络安全测试中的应用
- [ ] 详解 RisePro 信息窃密木马
- [ ] Chiasmodon：一款针对域名安全的公开资源情报OSINT工具
- [ ] 100+大屏模板，基于Vue 国产开源 IoT 物联网 Web 组态可视化 BI 数据分析工具
- [ ] VSRC，邀你加入暑期计划！
- [ ] 红客社区助阵矩阵杯，巅峰技术盛宴狂欢落幕！
- [ ] 【安全圈】日本动漫游戏巨头Kadokawa遭勒索软件攻击，数据泄露多达 1.5TB
- [ ] 【安全圈】国际行动关闭了 593 台恶意 Cobalt Strike 服务器
- [ ] 【安全圈】黑客滥用 API 端点验证了数百万个Authy MFA 电话号码
- [ ] 【安全圈】已发布补丁！微软披露 Rockwell PanelView Plus 两大漏洞
- [ ] 【成功复现】D-Link GO-RT-AC750 安全漏洞(CVE-2024-22853)
- [ ] 抓取微信小程序流量数据的方法（超简单）
- [ ] 学术前沿 | 复旦大学张新鹏教授团队：人工智能生成内容模型的数字水印技术研究进展
- [ ] 会议预告 | NCCA2024：大模型的安全风险与应对研讨会
- [ ] 创信华通荣获2024年四川电力行业“安全生产”知识竞赛一等奖
- [ ] 命令执行无回显利用总结附工具
- [ ] 1+1>2 | 蜜罐+WAF联合方案
- [ ] 核心技术认可！华顺信安上榜数说安全《2024年中国网络安全市场全景图》
- [ ] 再获认可｜魔方安全荣登《2024年中国网络安全市场全景图》
- [ ] XXL-JOB默认accessToken身份认证绕过RCE
- [ ] TimelineSec助力抖音电商反爬专测活动，奖金提升创新高！
- [ ] 富源警方破获特大电诈“跑分”案 | 诸暨警方破获套现洗钱案——涉网犯罪每日情报
- [ ] 陕西洞鉴云侦司法鉴定资质获批准
- [ ] 波及210家政府机构，赎金5800万，勒索攻击竟瞄准某国家数据中心
- [ ] 超十亿规模！2024年上半年全球重大数据泄露事件盘点
- [ ] 360与翰林汇达成战略合作，以SaaS化服务护航企业数字化发展
- [ ] 360与网藤科技达成战略合作共筑工业互联网安全基座
- [ ] 创新防御 | 赛宁网安以数字孪生技术构筑网络安全新防线
- [ ] 贵就是好？大厂专家或许只会毁掉初创企业
- [ ] 直播回放 | 百家说事第二场：热度不减DLP，智慧之树开新花？
- [ ] 诸子云｜甲方：满足等保应该如何采购产品？如何看待美联储被勒索？
- [ ] 荣耀加冕 │ 梆梆安全荣膺NVDB「2023年度漏洞报送最具贡献单位」
- [ ] 期待满满！首届“金灵光杯”大赛梆梆安全斩获大奖
- [ ] 热力四射！7月赛事速递
- [ ] 铁路网络安全等级保护定级指南
- [ ] 四部门出台规定《网络暴力信息治理规定》自2024年8月1日起施行
- [ ] 全新基于Golang的Zergeca僵尸网络震撼登场
- [ ] GootLoader恶意软件仍然活跃，部署新版本以增强攻击
- [ ] 比利时不止有巧克力还有EthCC
- [ ] 基于深度强化学习的通信抗干扰系统
- [ ] 李强出席2024世界人工智能大会暨人工智能全球治理高级别会议开幕式并致辞
- [ ] 2024世界人工智能大会在沪开幕
- [ ] 敏感信息扫描工具推荐 SecretScraper
- [ ] 河北：17项人才措施助力数字经济高质量发展
- [ ] 最新警情
- [ ] 对抗攻击的防御技术
- [ ] 【火绒安全周报】男子伪造WIFI盗隐私/美国知名寿险公司250万用户数据外泄
- [ ] 每周蓝军技术推送（2024.6.29-7.5）
- [ ] 青藤“镜像可信安全管理方案”荣获2024安全守卫者计划优秀案例
- [ ] htb靶场初探
- [ ] 【国际视野】美国发布《空军零信任战略》
- [ ] 珞安科技实力入选《2024年中国网络安全市场全景图》多个细分领域
- [ ] 【青年论坛】回顾 | 第二届“数字法治青年论坛”分论坛一“数据确权”
- [ ] 【青年论坛】回顾 | 第二届“数字法治青年论坛”分论坛二“人工智能治理创新”
- [ ] 【青年论坛】回顾 | 第二届“数字法治青年论坛”分论坛三“数字司法创新”
- [ ] 【青年论坛】回顾 | 第二届“数字法治青年论坛”研究生论坛
- [ ] Cython逆向-语言特性分析
- [ ] 职场抉择：工作还是创业？《即刻说》第7期片段抢先看
- [ ] 免费Wi-Fi暗藏风险，一男子因在飞机上开放虚假Wi-Fi 被捕
- [ ] 着急就业找工作？海量职位供你选
- [ ] 金融监管总局等：银行要加强内部金融数据与外部信用信息结合
- [ ] 32款App被通报，违法违规收集使用个人信息
Files ≈ Packet Storm
- [ ] WordPress Video Gallery - YouTube Gallery And Vimeo Gallery 2.3.6 SQL Injection
- [ ] Cinema Booking System 1.0 SQL Injection / Cross Site Request Forgery
- [ ] Gentoo Linux Security Advisory 202407-17
- [ ] Gentoo Linux Security Advisory 202407-16
- [ ] Ubuntu Security Notice USN-6879-1
- [ ] Ubuntu Security Notice USN-6873-2
- [ ] Gentoo Linux Security Advisory 202407-15
- [ ] Gentoo Linux Security Advisory 202407-14
- [ ] Ubuntu Security Notice USN-6872-2
- [ ] Ubuntu Security Notice USN-6870-2
- [ ] Gentoo Linux Security Advisory 202407-13
- [ ] Gentoo Linux Security Advisory 202407-12
- [ ] Ubuntu Security Notice USN-6866-2
- [ ] Ubuntu Security Notice USN-6864-2
- [ ] Gentoo Linux Security Advisory 202407-11
- [ ] Gentoo Linux Security Advisory 202407-10
- [ ] Ubuntu Security Notice USN-6878-1
- [ ] Ubuntu Security Notice USN-6876-1
先知安全技术社区
- [ ] 魔法打败魔法：利用AI检测基于prompt的AI攻击
美团技术团队
- [ ] 搜索广告召回技术在美团的实践
Security Boulevard
- [ ] Simplifying Infrastructure Management with Imperva’s Terraform Module for Cloud WAF
- [ ] The five most common pitfalls of cyber security awareness training
- [ ] USENIX Security ’23 – Eye-Shield: Real-Time Protection of Mobile Device Screen Information from Shoulder Surfing
- [ ] How DataDome Detects Puppeteer Extra Stealth
- [ ] Randall Munroe’s XKCD ‘Routine Maintenance’
- [ ] ‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought
- [ ] Protecting People, Not Just Data
- [ ] USENIX Security ’23 – Powering Privacy: On the Energy Demand and Feasibility of Anonymity Networks on Smartphones
- [ ] How to Prepare for the EU’s NIS2 Directive
- [ ] Why API Discovery is Important for Financial Companies
Private Feed for M09Ic
- [ ] mgeeky starred Y2Z/monolith
- [ ] boy-hack forked boy-hack/nuclei from projectdiscovery/nuclei
- [ ] threedr3am created a repository threedr3am/jar-compatibility-detector
- [ ] mitre forked mitre/ScubaGear from cisagov/ScubaGear
- [ ] mozhu1024 forked mozhu1024/yakit from yaklang/yakit
- [ ] INotGreen starred soybeanjs/soybean-admin
- [ ] xxxxbxxxxx started following satan1a
- [ ] zema1 started following whwlsfb
- [ ] wabzsy starred neargle/my-re0-k8s-security
- [ ] 4ra1n released 2.19 at jar-analyzer/jar-analyzer
- [ ] 0xbug starred splunk/attack_data
- [ ] timwhitez starred m-sec-org/EZ
- [ ] timwhitez starred b1tg/cobaltstrike-beacon-rust
- [ ] niudaii started following godspeedcurry
- [ ] theLSA started following janoglezcampos
- [ ] theLSA starred myshell-ai/MeloTTS
- [ ] theLSA starred tjunlp-lab/Awesome-LLMs-Evaluation-Papers
- [ ] theLSA starred R3DRUN3/sploitcraft
- [ ] theLSA starred Pizz33/GoThief
- [ ] theLSA starred Safe3/CVS
- [ ] theLSA started following JaveleyQAQ
- [ ] theLSA started following saucesteals
- [ ] theLSA starred lich0821/WeChatRobot
- [ ] theLSA started following SebastianZimmeck
- [ ] theLSA starred xuchengsheng/wx-dump-4j
- [ ] theLSA starred l0n3m4n/CVE-2024-6387
- [ ] theLSA starred ProbiusOfficial/PHPSerialize-labs
- [ ] theLSA starred HadessCS/Red-team-Interview-Questions
Sucuri Blog
- [ ] New Variation of WordFence Evasion Malware
obaby@mars
- [ ] 货卖袈裟
Tenable Blog
- [ ] How the regreSSHion Vulnerability Could Impact Your Cloud Environment
- [ ] Cybersecurity Snapshot: Malicious Versions of Cobalt Strike Taken Down, While Microsoft Notifies More Orgs About Midnight Blizzard Email Breach
Twitter @Nicolas Krassas
- [ ] Crypto Hacking Thefts Double To 1.4 Billion In First Half Of 2024 https://packetstormsecurity.com/news/view/36070/Crypto-Hacking-Thefts-Double-To-1.4-...
- [ ] OpenAI breach in 2023 raises national security concerns https://www.scmagazine.com/news/openai-breach-in-2023-raises-national-security-concerns
- [ ] BADUnboxing: Automated Android app unpacker https://www.reddit.com/r/netsec/comments/1dsm1ym/badunboxing_automated_android_app_unpacker/
- [ ] New Eldorado ransomware targets Windows, VMware ESXi VMs https://www.bleepingcomputer.com/news/security/new-eldorado-ransomware-targets-windows-vmware...
- [ ] Latest Ghostscript vulnerability haunts experts as the next big breach enabler https://go.theregister.com/feed/www.theregister.com/2024/07/05/ghostscr...
- [ ] Cancer patient forced to make terrible decision after Qilin attack on London hospitals https://go.theregister.com/feed/www.theregister.com/2024/07/05/...
- [ ] Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes https://securityaffairs.com/165328/data-breach/hackers-leak-170k-taylor-swift-eras-tour-barcodes....
- [ ] Boeing and the perils of outsourcing mission-critical work https://www.computerworld.com/article/2513787/boeing-and-the-perils-of-outsourcing-mission-...
- [ ] OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers https://thehackernews.com/2024/07/ovhcloud-hit-with-record-840-million.htm...
- [ ] RockYou2024: 10 billion passwords leaked in the largest compilation of all time https://cybernews.com/security/rockyou2024-largest-password-compilatio...
- [ ] RT ap: Cool finding from my colleague @cj_berlin detailed here: https://it-pro-berlin.de/2024/07/use-ssh-on-windows-they-said/. PS remoting and SSH ig...
- [ ] RT HackManac: Airtel #DataBreach Update Airtel has published an official statement regarding the alleged breach. "We have conducted a thorough investi...
- [ ] Europol says mobile roaming tech is making its job too hard https://go.theregister.com/feed/www.theregister.com/2024/07/05/europol_home_routing_compla...
- [ ] Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus https://securityaffairs.com/165276/ics-scada/rockwell-automation-panelview-plus-flaw...
- [ ] Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective https://www.trendmicro.com/en_us/research/24/g/turning-jenkins-into-a-crypt...
- [ ] Hackers compromised Ethereum mailing list and launched a crypto draining attack https://securityaffairs.com/165254/hacking/hackers-compromised-ethereu...
- [ ] RT airtel India:
- [ ] RT pyn3rd: #CVE-2024-21007 Weblogic Server Remote Code Execution
- [ ] RT Baklava Monster: The second @hackthebox_eu Meetup Zurich is schedulded for July. We'll meet in person at the Sphères bar for another hacking night...
Forcepoint
- [ ] Police shut down 600 Cobalt Strike servers, Cloudflare tool to stop AI bots, Infostealer malware logs used to identify CSAM website members and more
Twitter @bytehx
- [ ] RT Hussein Daher: Following the recent Client Side Path traversal Hype, here is an interesting vulnerability I found back in 2020 ;) Enjoy! 🔥
Trail of Bits Blog
- [ ] Auditing the Ask Astro LLM Q&A app
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
- [ ] MP3 Training Audio Compilation
- [ ] How I Tracked Down the Conti Ransomware Gang? - Video Demonstration
VMRay
- [ ] Malicious batch file reveals its full behavior ONLY WHEN IT WAS STARTED BY A DOUBLE-CLICK
- [ ] Detection Highlights – June 2024: Detecting Windows Defender Tampering and YARA rule for EDR Silencer
Reverse Engineering
- [ ] Access to REcon24 conference slides, individually and together
SentinelOne
- [ ] The Good, the Bad and the Ugly in Cybersecurity – Week 27
daniel.haxx.se
- [ ] curl for QNX
奇客Solidot–传递最新科技情报
- [ ] 国际热核聚变实验反应堆将运行时间推迟至少八年
- [ ] Mt. Gox 客户在 10 年后开始拿回资金
- [ ] 印尼发现世界最古老的具象洞穴艺术
- [ ] FDA 禁止在食品和汽水中使用溴化植物油
- [ ] 去年中国 AI 顶级论文数量和专利授权高于美国
- [ ] 微软新开始菜单向用户推销它的产品和服务
- [ ] 英伟达将向中国公司交付逾百万 H20 芯片
- [ ] NASA JPL 用雷达跟踪了两颗最近掠过地球的小行星
- [ ] AI 模糊真实与欺骗是特性不是 bug
- [ ] 亚马逊 Kindle 系统宕机导致电子书无法下载
安全牛
- [ ] 零信任案例研究 | 零信任安全访问助力能源企业新型数字化体系建设
- [ ] 1项新的强制性网络安全国家标准计划下达；多国执法机构联合发起Morpheus网络执法行动 | 牛览
FreeBuf网络安全行业门户
- [ ] FreeBuf 周报 | 谷歌拟允许Web应用访问敏感USB设备；GitLab曝严重漏洞
- [ ] 内存马如何查杀；项目中如何施行安全三同步 | FB甲方群话题讨论（文末电台有惊喜）
- [ ] CocoaPods 曝关键漏洞，数百万 macOS 和 iOS 应用程序面临供应链攻击风险
- [ ] 100 亿条密码汇编集合 RockYou2024 泄露，酿成史上最大密码泄露事件
黑海洋 - WIKI
- [ ] 搭建web网页版ssh（tabby-web）
HackerNews
- [ ] 史上最大密码泄露事件：RockYou2024 密码汇编泄露近 100 亿条
- [ ] 苹果与安卓展开 AI 手机隐私保护大战
- [ ] 仍有 38 万个网站链接到 Polyfill 恶意站点
- [ ] 黑客滥用 API 端点验证了数百万个 Authy MFA 电话号码
- [ ] 巴西因隐私问题暂停 Meta 的 AI 数据处理
- [ ] RockYou2024：史上最大的已泄露密码汇编收集近 100 亿个密码
腾讯玄武实验室
- [ ] 每日安全动态推送(7-5)
安全内参
- [ ] 谷歌长文批判网络钓鱼演习：没有任何效果，应效仿消防演习改革
- [ ] 美国和斯洛文尼亚联合举行亚得里亚海区域安全网络合作演习
奇安信 CERT
- [ ] Apache Tomcat 拒绝服务漏洞(CVE-2024-34750)安全风险通告
奇安信威胁情报中心
- [ ] 每周高级威胁情报解读(2024.06.28~07.04)
- [ ] 挖矿加DDoS：奇安信X实验室发现 “8220”挖矿团伙推出新型攻击工具
看雪学苑
- [ ] Cython逆向-语言特性分析
- [ ] 职场抉择：工作还是创业？《即刻说》第7期片段抢先看
- [ ] 免费Wi-Fi暗藏风险，一男子因在飞机上开放虚假Wi-Fi 被捕
- [ ] 着急就业找工作？海量职位供你选
知道创宇404实验室
- [ ] 威胁情报 | 不只是黑产？疑似筹划 APT 攻击的“银狐”团伙攻击活动分析
数世咨询
- [ ] AI驱动安全闭门会议精华，必看！
- [ ] 【十佳案例】山东某政府数据中心密码资源池建设案例
吾爱破解论坛
- [ ] 【Web逆向】某OF网站的OB解密及DRM过校验思路(上)
信息安全国家工程研究中心
- [ ] 超十亿规模！2024年上半年全球重大数据泄露事件盘点
安全研究GoSSIP
- [ ] G.O.S.S.I.P 阅读推荐 2024-07-05 ARM Cortex-M 安全大揭秘
长亭科技
- [ ] 打赢攻防持久战，请看大模型X蜜罐实用锦囊
- [ ] 长亭科技亮相北京数字经济大会展示AI智能攻防新篇章
唯品会安全应急响应中心
- [ ] VSRC，邀你加入暑期计划！
青藤云安全
- [ ] 青藤“镜像可信安全管理方案”荣获2024安全守卫者计划优秀案例
关键基础设施安全应急响应中心
- [ ] 2024 年第一季度工业自动化系统的威胁形势
- [ ] 国际行动关闭了 593 台恶意 Cobalt Strike 服务器
- [ ] 这家大型银行因勒索攻击关闭系统多天，客户无法访问账户或交易
情报分析师
- [ ] 情报研究工作的分级体系——情报分析的五个级别
- [ ] 地缘信息知识星球（7月5日更新明细）
火绒安全
- [ ] 【火绒安全周报】男子伪造WIFI盗隐私/美国知名寿险公司250万用户数据外泄
CNCERT国家工程研究中心
- [ ] 大多数Passkey容易受到AitM攻击
- [ ] ANSSI警报！法国外交官员成为俄罗斯网络攻击目标
- [ ] 巴西因隐私问题暂停 Meta 的 AI 数据处理
斗象智能安全
- [ ] 2024年了，谁还不知道XTI扩展威胁情报啊？
极客公园
- [ ] AI 入侵还是协助？知乎创作圈怎么用 AI
- [ ] 李彦宏再谈 AI 应用：最看好「智能体」
- [ ] 2024 世界人工智能大会开幕；特斯拉入选江苏政府采购名单；比亚迪下线第 800 万辆新能源汽车 | 极客早知道
嘶吼专业版
- [ ] 勒索软件攻击下的利益链分析
- [ ] 我国牵头提出的国际标准《网络安全物联网安全与隐私家庭物联网指南》正式发布
网络空间安全科学学报
- [ ] 学术前沿 | 复旦大学张新鹏教授团队：人工智能生成内容模型的数字水印技术研究进展
- [ ] 会议预告 | NCCA2024：大模型的安全风险与应对研讨会
百度安全实验室
- [ ] 护航端侧大模型平稳健康发展，百度大模型内容安全Lite版正式发布
奇安信病毒响应中心
- [ ] 每周勒索威胁摘要
M01N Team
- [ ] 每周蓝军技术推送（2024.6.29-7.5）
黑伞安全
- [ ] 抓取微信小程序流量数据的方法（超简单）
小米安全中心
- [ ] 持续增强员工安全隐私保护意识小米第五届安全与隐私宣传月圆满落幕
360数字安全
- [ ] 360与翰林汇达成战略合作，以SaaS化服务护航企业数字化发展
- [ ] 360与网藤科技达成战略合作共筑工业互联网安全基座
Medi0cr1ty
- [ ] 扫描器开发系列之敏感信息提取
- [ ] 对抗小技巧: IOS环境下支付宝小程序源码的提取
复旦白泽战队
- [ ] 讲座回顾 | 加州大学河滨分校钱志云教授：静态分析在安全领域的机会与技术
Over Security - Cybersecurity news aggregator
- [ ] New Variation of WordFence Evasion Malware
- [ ] There's a new government in the UK. What can we expect from it on cyber?
- [ ] Ticketmaster discredits dark web claims of stolen barcodes for Taylor Swift concerts
- [ ] Cloudflare blames recent outage on BGP hijacking incident
- [ ] Alabama Department of Education stops ransomware attack but confirms data stolen
- [ ] Sintesi riepilogativa delle campagne malevole nella settimana del 29 Giugno – 05 Luglio 2024
- [ ] Hackers leak alleged Taylor Swift tickets, amp up Ticketmaster extortion
- [ ] New Eldorado ransomware targets Windows, VMware ESXi VMs
- [ ] Increase in the exploitation of Microsoft SmartScreen vulnerability CVE-2024-21412
- [ ] Da ACN e DIE una campagna per diffondere la cultura di cybersecurity
- [ ] Botnet in vendita a partire da soli 99 dollari
360威胁情报中心
- [ ] 揭秘APT-C-26（Lazarus）组织利用PyPI对Windows、Linux和macOS平台的攻击行动
Javvad Malik
- [ ] Protecting People, Not Just Data
Securityinfo.it
- [ ] Da ACN e DIE una campagna per diffondere la cultura di cybersecurity
- [ ] Botnet in vendita a partire da soli 99 dollari
SANS Internet Storm Center, InfoCON: green
- [ ] Overlooked Domain Name Resiliency Issues: Registrar Communications, (Fri, Jul 5th)
Arturo Di Corinto
- [ ] Campagna ACN per le PMI
ICT Security Magazine
- [ ] Industrial Cybersecurity: Gli attacchi più diffusi e le contromisure
Schneier on Security
- [ ] Friday Squid Blogging: Newly Discovered Vampire Squid
悬镜安全
- [ ] 顶流 | 悬镜安全连续四年霸榜《2024年中国网络安全市场全景图》开发安全赛道
- [ ] 权威认证 | 灵脉SAST独家通过中国信通院2024最新SAST工具能力评估
The Hacker News
- [ ] Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks
- [ ] OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers
- [ ] Blueprint for Success: Implementing a CTEM Operation
- [ ] GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks
- [ ] Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies
- [ ] New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks
Your Open Hacker Community
- [ ] Code injection help
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] Studying netsec
- [ ] Ethical hacking: where to begin?
Social Engineering
- [ ] Other ideas for locating person by phone number?
TorrentFreak
- [ ] Sony’s Ancient Lawsuit vs. Cheat Device Heads in Right Direction – Sony’s Defeat
- [ ] Popular Pirate Site Animeflix Shuts Down ‘Voluntarily’
Blackhat Library: Hacking techniques and research
- [ ] 170,000 Taylor Swift barcodes for future events leaked as part of Ticketmaster blackmailing attempt
- [ ] How do people copy harddrives through USB, assuming you have access to the device?
- [ ] Is there a file transfer tool like that in TeamViewer, but one that is made to work in secret?
- [ ] Tips to hack arcade machines.
- [ ] phone hacking
The Register - Security
- [ ] Devs claim Apple is banning VPNs in Russia 'more effectively' than Putin
- [ ] Cancer patient forced to make terrible decision after Qilin attack on London hospitals
- [ ] Latest Ghostscript vulnerability haunts experts as the next big breach enabler
- [ ] Europol says mobile roaming tech is making its job too hard
Computer Forensics
- [ ] Best way to learn/train
- [ ] Transition from lawyer to digital forensics analyst?
- [ ] One doubt
Security Affairs
- [ ] Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes
- [ ] Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain
- [ ] New Golang-based Zergeca Botnet appeared in the threat landscape
- [ ] Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus
- [ ] Hackers compromised Ethereum mailing list and launched a crypto draining attack
Information Security
- [ ] Reverse Engineering the Verification QR Code on my Diploma
Technical Information Security Content & Discussion
- [ ] Making & Cracking a PRNG in Go | Any feedback welcome :)
- [ ] Exploiting Cloud Secrets Management Repositories: Adversary Tactics and Mitigation Strategies
Trend Micro Research, News and Perspectives
- [ ] Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective
Dark Space Blogspot
- [ ] Da Dove Derivano I Guadagni Di Tether e Circle?
Security Weekly Podcast Network (Audio)
- [ ] Binary - SWN Vault