chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

110 stars 19 forks source link

[每日信息流] 2024-07-19 #597

Closed chainreactorbot closed 2 months ago

chainreactorbot commented 4 months ago

每日安全资讯（2024-07-19）

SecWiki News
- [ ] SecWiki News 2024-07-18 Review
Files ≈ Packet Storm
- [ ] PowerVR Dangling Page Table Entry
- [ ] Red Hat Security Advisory 2024-4597-03
- [ ] Red Hat Security Advisory 2024-4568-03
- [ ] Red Hat Security Advisory 2024-4563-03
- [ ] Ubuntu Security Notice USN-6901-1
- [ ] Debian Security Advisory 5732-1
Doonsec's feed
- [ ] 【AI速读】精通Kali Linux进行高级渗透测试
- [ ] SharpWeb - 一个浏览器数据（密码|历史记录|Cookie|书签|下载记录）的导出工具
- [ ] 分享图片
- [ ] 美国最高法院阻碍美国网络战略
- [ ] 记一次小程序逆向
- [ ] 秦安：安防“三大漏洞”告诉枪击真相，特朗普将更加危险，利东方
- [ ] 牟林：与美国的代理人纠缠——俄罗斯的教训不得不吸取
- [ ] 王常胜：“萝卜快跑”跑不快，速度、安全是硬伤，堵塞交通是恶果
- [ ] 牟林：北约峰会是美国在亚太复制“乌克兰模式”的开始？
- [ ] 牟林：罐车运输食用油这样的乱象不管行吗？
- [ ] 美国国防部的零信任，比我想象中的大大大许多
- [ ] 工具 | Jeecg-Boot综合漏洞利用GUI
- [ ] 干货 | 应急响应场景及排查思路
- [ ] 【1day】微信公众平台回调系统 ajax SQL注入漏洞【附poc】
- [ ] 听说HW要开了？2024 年最佳网络安全 Python 库
- [ ] 第六课-系统学习代码审计：表达式注入之SpEL(Spring表达式)注入
- [ ] python写一个小米rom下载直链获取器（卡刷包）
- [ ] 逆向学习汇编篇 -- 程序还原与分析技巧
- [ ] 玄机靶场应急响应系列（第一章）
- [ ] 思科 SSM 本地漏洞可用于修改任意用户的密码
- [ ] Atlassian 修复Confluence等产品中的多个高危漏洞
- [ ] 0016. WPA-WPA2 Wi-Fi 黑客攻击：分步指南【转载】
- [ ] ISC.AI 2024即将召开！大会四大精彩看点速览
- [ ] Docker术语大全，建议收藏！
- [ ] 新课-linux文件系统存储与文件过滤安全开发视频教程更新到37节啦
- [ ] 安全纵深防御五道防线的思考与网络实践
- [ ] 报告发布 | 数世咨询：市场洞察力报告—数据安全检查工具箱（附下载）
- [ ] 聚合共创｜神州新桥走进山石网科，共筑网络安全发展新高地
- [ ] 集结！蓝队情报共享、聊天交流群
- [ ] 专题·漏洞治理 | 建设全流程漏洞闭环管理机制，筑牢关基安全屏障
- [ ] 专题·漏洞治理 | 对漏洞治理体系革新发展的思考与建议
- [ ] CNNVD关于Oracle多个安全漏洞的通报
- [ ] 那什么样的简历和学校才配得上18-22K ? ? ?
- [ ] 网络工程师干货：如何定位和解决二层环路问题，这四种方法要熟记于心！
- [ ] 蓝队值守利器：一款IP溯源工具
- [ ] 渗透测试之AES加密参数与踩坑记录
- [ ] 红队安全攻防知识库
- [ ] 思科紧急通告：本地智能软件管理器曝出高危漏洞，安全升级刻不容缓！
- [ ] 基本功 | 一文讲清多线程和多线程同步
- [ ] 一个有点好用的信息收集工具
- [ ] 堆栈金丝雀 / 堆栈 Cookie （SC）
- [ ] AI赋能金融，掘金未来科技新机遇
- [ ] 车企R155与R156合规的持续挑战
- [ ] 法规解读丨UN/WP.29 R156《汽车软件升级》法规解读
- [ ] 自动驾驶系统架构师在线证书培训课程（高级班）
- [ ] CVPR2024论文解读｜对齐人类审美！MPS让图像生成评估更“懂你”
- [ ] 2023网络金融黑产研究报告
- [ ] 2024-07 Oracle补丁日｜漏洞预警
- [ ] fscan：内网信息探测利器，你用过吗？
- [ ] 记一次红队攻防中.Net代码审计与防守方的对抗过程
- [ ] 驱动人生植入Matrix勒索病毒应急响应处置实战分享
- [ ] 微众银行因个人信息保护纠纷被告
- [ ] 黑龙江省网络安全标准化技术委员会正式成立
- [ ] 科技安全快讯 | 美国国际开发署与IBM公司签署合同，旨在加强网络安全
- [ ] 行业动态 | 人工智能产业标准化建设最新指南发布多项新产业标准化制定工作提速
- [ ] 【漏洞复现】JumpServer文件写入代码执行漏洞（CVE-2024-40629）
- [ ] 【漏洞通告】Cisco Smart Software Manager On-Prem密码更改漏洞（CVE-2024-20419）
- [ ] 安全简讯（2024.07.18）
- [ ] 网络安全“大标”将花落谁家？
- [ ] 【复现】JumpServer 后台文件写入漏洞(CVE-2024-40629)的风险通告
- [ ] 《安全地让AI成为我们的助手》| 沈勇 / 安全经理 / 某跨国支付
- [ ] 【安全圈】Cisco 再曝超严重漏洞，黑客可修改管理员密码
- [ ] 【安全圈】FIN7 黑客组织在暗网上大肆推广反EDR系统工具
- [ ] 【安全圈】新加坡要求银行三个月内淘汰一次性密码
- [ ] 【安全圈】科技巨头被曝未经授权用 YouTube 内容训练 AI，苹果、英伟达在列
- [ ] 内网渗透-域环境搭建
- [ ] Cisco曝超严重漏洞，黑客可修改管理员密码
- [ ] 红蓝对抗思想应用与大模型安全 | FreeBuf 北京站议题前瞻
Security Boulevard
- [ ] Google Cloud Security Threat Horizons Report #10 Is Out!
- [ ] Nation-States and Zero-days Cranking Up the Heat
- [ ] SAST – All About Static Application Security Testing
- [ ] Capturing Exposed AWS Keys During Dynamic Web Application Tests
- [ ] USENIX Security ’23 – The Impostor Among US(B): Off-Path Injection Attacks On USB Communications
- [ ] Survey: Nearly Half of SMEs Fell Victim to Cyberattack in Last Six Months
- [ ] Future of Hybrid Cloud Security: New Approaches and Innovations
- [ ] CDK Global cyber attack: What businesses can learn & implement
- [ ] BTS #34 – EPSS – The Exploit Prediction Scoring System – Jay Jacobs, Wade Baker
- [ ] Randall Munroe’s XKCD ‘Hatchery’
Tenable Blog
- [ ] Tenable Announces Former Senior Administration Officials to Inaugural Public Sector Advisory Board
paper - Last paper
- [ ] The Patchwork group has updated its arsenal, launching attacks for the first time using Brute Ratel C4 and an enhanced version of PGoShell
Private Feed for M09Ic
- [ ] kpcyrd released v0.3.2 at spytrap-org/spytrap-adb
- [ ] gh0stkey starred LLM-Red-Team/qwen-free-api
- [ ] gh0stkey starred LLM-Red-Team/kimi-free-api
- [ ] gh0stkey starred NixOS/nix
- [ ] Safe3 released v4.1 at Safe3/firefly
- [ ] Ak74-577 starred CICADA8-Research/IHxExec
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- [ ] 盛邦安全权小文：卫星互联网不是卫星网的简单升级，而是通信技术的全面革新
- [ ] “去NAT44”时代的关键挑战——IPv6应用安全防护
- [ ] ISC.AI 2024即将召开！大会四大精彩看点速览
- [ ] XCon2024议题||影子缓存：新型隐蔽域名劫持攻击
- [ ] 以网络法治高质量发展服务保障网络强国建设
- [ ] 卡巴斯基发布2024年中小企业网络威胁分析
安全客-有思想的安全新媒体
- [ ] 思科SSM On-Prem 存在高危漏洞，允许攻击者更改任何用户的密码
- [ ] Oracle的Java变更，导致亚太地区企业探索Azul等替代方案
- [ ] MarineMax数据泄露影响了超过12.3万人
- [ ] 黑客更新BeaverTail恶意软件，以攻击MacOS用户
- [ ] 量子风暴前夕：后量子时代的密码安全革命
- [ ] 关于 HardBit 勒索软件的一些细节
- [ ] AT&T 数据泄露事件泄露了 1.09 亿客户的信息
- [ ] Apache HugeGraph漏洞正频繁遭攻击，请尽快修补
- [ ] 嗅探犬或将成数据中心安全新防线：应对植入物攻击的未来策略
- [ ] 360斩获NVDB两大年度奖项漏洞治理能力再获国家级认定！
Recent Commits to cve:main
- [ ] Update Thu Jul 18 22:28:56 UTC 2024
- [ ] Update Thu Jul 18 14:34:34 UTC 2024
- [ ] Update Thu Jul 18 06:27:25 UTC 2024
NVISO Labs
- [ ] Hunting for Remote Management Tools
Horizon3.ai
- [ ] Fireside Chat: Horizon3.ai and Komori
Forcepoint
- [ ] Safeguarding a new era of AI Transformation with Forcepoint GenAI Security
Payatu
- [ ] Breaking Down Barriers: Exploiting Authenticated IPC Clients
GuidePoint Security
- [ ] Fraudster’s Fumble: From Phish to Failure
rtl-sdr.com
- [ ] An Initial Review of the RFNM Software Defined Radio
奇客Solidot–传递最新科技情报
- [ ] 印度交易所价值约 2.3 亿美元的加密货币被盗
- [ ] 逾四成日本公司没有使用 AI 的计划
- [ ] 狗和宠物猪能对人类哭泣和哼哼声做出反应
- [ ] Cloudflare 报告 6.8% 的互联网流量是恶意的
- [ ] 京都动画纵火案发生五周年
- [ ] Meta 未来的多模 AI 模型将不提供给欧盟客户
- [ ] 英伟达全面转向开源 GPU 内核模块
- [ ] 调查显示 84% 的 PC 用户不愿意为 AI 硬件支付溢价
- [ ] GitLab 探索出售
- [ ] Google Docs 加入 Markdown 支持
- [ ] 药物让动物寿命延长四分之一
- [ ] 为何三星电子的罢工主力是女性？
HackerNews
- [ ] 勒索攻击迫使英国首都近 8000 名患者手术被暂停
- [ ] 已修复！Cisco 曝关键漏洞，允许攻击者更改用户密码
- [ ] 游艇巨头 MarineMax 数据泄露事件影响超过 12.3 万人
- [ ] FCC 主席提出规范人工智能外呼机器人的新策略
- [ ] FIN7 APT 组织在地下论坛发广告推销反 EDR 系统的黑客工具
- [ ] Atlassian 修补 Bamboo、Confluence 和 Jira 中的高危漏洞
- [ ] Oracle 于 2024 年 7 月修复了 240 个漏洞
黑海洋 - WIKI
- [ ] CVE-2024-26229 Windows CSC提权漏洞 exp
- [ ] Z-Godzilla_ekp 哥斯拉webshell管理工具二开bypass waf
- [ ] oneshell 加密反弹shell生成器仅使用echo和chmod命令
- [ ] Tiny XSS Payloads 微型XSS代码
- [ ] Houdini 渗透测试常用工具Docker镜像
- [ ] APKDeepLens APK/APP漏洞扫描器
- [ ] Cloudflare Radar Scan 网站框架技术在线检测工具
- [ ] TongdaOATool 通达OA漏洞利用工具 V1.6
- [ ] Kspider-在线可视化爬虫平台无需编写后端代码
FreeBuf网络安全行业门户
- [ ] FreeBuf早报 | 中国政务云市场规模达794.5亿；代码托管平台 GitLab 正考虑出售
- [ ] Cisco曝超严重漏洞，黑客可修改管理员密码
- [ ] FIN7 黑客组织在暗网上大肆推广反EDR系统工具
Black Hills Information Security
- [ ] Auditing GitLab: Public Gitlab Projects on Internal Networks
Security Blog | Praetorian
- [ ] Capturing Exposed AWS Keys During Dynamic Web Application Tests
黑奇士
- [ ] 网传：宗馥莉辞职，哇哈哈疑似内斗
安全内参
- [ ] 美国家具巨头遭勒索攻击：被迫关闭工厂业务受到严重影响
- [ ] 美澳日海军联合举行“蓝色光谱”三边网络防御演习
关键基础设施安全应急响应中心
- [ ] 对漏洞治理体系革新发展的思考与建议
- [ ] 勒索攻击迫使英国首都近8000名患者手术被暂停
- [ ] VPN、防火墙等正在被黑客「爆雷」
dotNet安全矩阵
- [ ] .NET 分享一款突破WAF免杀的WebShell
- [ ] 三个国内最专业的.NET安全知识库
吾爱破解论坛
- [ ] 暑假开放注册微信抽奖活动，再送40个账号注册码或300论坛币，周六下午两点开奖，详见：【开放注册公告】吾爱破解论坛2024年7月21日暑假开放注册公告。
网安杂谈
- [ ] 【2025合作伙伴巡礼】弘连网络—互联网取证专家，与您共筑网络安全防线！
KCon 黑客大会
- [ ] 演讲议题巡展 | A Post Exploitation Toolkit for High Value Systems
锦行科技
- [ ] 【网络靶场TOP10】锦行科技上榜《嘶吼2024网络安全产业图谱》16项细分领域
字节跳动安全中心
- [ ] 抖音漏洞奖金提升至20万元/个！
红日安全
- [ ] 北京租房攻略
火绒安全
- [ ] 成熟后门身披商业外衣，对抗杀软实现远控
CNCERT国家工程研究中心
- [ ] X-Files 窃取程序攻击 Windows 用户进行密码窃取
- [ ] 迪士尼泄露1TB敏感数据，黑客称为艺术复仇
- [ ] EDR形同虚设！FIN7黑客组织最新武器和技战术曝光
中国信息安全
- [ ] 专题·漏洞治理 | 建设全流程漏洞闭环管理机制，筑牢关基安全屏障
- [ ] 专家解读 | 胡坚波：数字中国建设三大抓手为发展新质生产力蓄势赋能
- [ ] 前沿 | 探索生成式人工智能的治理新境
- [ ] 观点 | 在网络空间内铸牢中华民族共同体意识
- [ ] 评论 | 健全网络竞争行为“红绿灯”规则
- [ ] 国际 | 英国司法人员人工智能使用规范考察
- [ ] 起底电诈丨邮寄黄金去“投资”？骗你钱，还骗你帮他洗钱！
斗象智能安全
- [ ] 「人机结合」理念，科学推高SRC漏洞收敛水位线
CNVD漏洞平台
- [ ] Oracle发布2024年7月的安全公告
极客公园
- [ ] 50 万跨境商家，正在用阿里国际的 AI 产品赚钱
- [ ] 传美团外卖测试「省钱版」；《死侍》新片将映，Xbox推「小贱贱屁股」手柄；华为车BU半年收入近百亿，超过去两年总和|极客早知道
威胁猎人Threat Hunter
- [ ] 【黑产大数据】2024年上半年互联网黑灰产研究报告
字节跳动技术团队
- [ ] 直播预约｜ByteDance AI Luminary Talks：世界模型探索
NOVASEC
- [ ] 蓝队值守利器：一款IP溯源工具
甲方安全建设
- [ ] 「推安早报」0718 | elf加密反向shell、红蓝工具推荐
Over Security - Cybersecurity news aggregator
- [ ] Microsoft fixes bug blocking Windows 11 Photos from starting
- [ ] How a little-known tool is sweeping the real estate industry by giving instant access to vast amounts of homebuyer data
- [ ] Hackers could create traffic jams thanks to flaw in traffic light controller, researcher says
- [ ] Mobile internet and social media disrupted in Bangladesh amid student protests
- [ ] Critical Cisco bug lets hackers add root users on SEG devices
- [ ] New hacker group uses open-source tools to spy on entities in Asia-Pacific region
- [ ] Campagne di phishing ai danni del Ministero degli Affari Esteri e della Cooperazione Internazionale
- [ ] UK national blood stocks in 'very fragile' state following ransomware attack
- [ ] Apache HugeGraph-Server è sotto attacco: scoperta una vulnerabilità critica
- [ ] Microsoft: Windows 11 23H2 now available for all eligible devices
- [ ] Von der Leyen pledges to tackle ransomware attacks against EU hospitals
- [ ] Sophisticated AI-generated Gitbook lures phishing the crypto industry
- [ ] Enti governativi ed aziende italiane nel mirino di un APT cinese
- [ ] Technological Evolution and the Rise of Advanced Security Solutions for SMEs
- [ ] Un APT cinese ha colpito entità governative in Italia
- [ ] Windows Installer, exploiting Common Actions
- [ ] TicWatch Pro as a Keystroke Injector
娜璋AI安全之家
- [ ] [译文] 恶意代码分析：4.ViperSoftX机制-利用AutoIt和CLR隐蔽执行PowerShell
IT Service Management News
- [ ] Legge 90 del 2024 sulla cybersicurezza nazionale
- [ ] Nuovo Regolamento Cloud per la PA di ACN
SANS Internet Storm Center, InfoCON: green
- [ ] ISC Stormcast For Thursday, July 18th, 2024 https://isc.sans.edu/podcastdetail/9058, (Thu, Jul 18th)
Securityinfo.it
- [ ] Apache HugeGraph-Server è sotto attacco: scoperta una vulnerabilità critica
- [ ] Un APT cinese ha colpito entità governative in Italia
ICT Security Magazine
- [ ] Email Security: Tipologie di attacchi veicolati tramite email e pratiche di sicurezza
TrustedSec
- [ ] What is Your Compliance Kryptonite?
Schneier on Security
- [ ] Criminal Gang Physically Assaulting People for Their Cryptocurrency
Instapaper: Unread
- [ ] Password Breaking A to Z
- [ ] Google Drive Forensics
- [ ] iOS 18 Preview Top Security and Privacy Updates
- [ ] 10,000 Victims a Day Infostealer Garden of Low-Hanging Fruit
- [ ] CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool
- [ ] Leaked Cellebrite Docs Reveal List of Phones That Can Be Unlocked
- [ ] New hacker group uses open-source tools to spy on entities in Asia-Pacific region
- [ ] Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums
- [ ] Cloudflare reports almost 7% of internet traffic is malicious
- [ ] Processo all’hacker difendersi dal cyberspionaggio non è reato
银针安全
- [ ] Nacos RCE漏洞分析、复现及不出网利用姿势
The Hacker News
- [ ] Alert: HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver
- [ ] AppSec Webinar: How to Turn Developers into Security Champions
- [ ] Automated Threats Pose Increasing Risk to the Travel Industry
- [ ] SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks
- [ ] TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks
- [ ] Meta Halts AI Use in Brazil Following Data Protection Authority's Ban
- [ ] Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager
Deeplinks
- [ ] EFF, International Partners Appeal to EU Delegates to Help Fix Flaws in Draft UN Cybercrime Treaty That Can Undermine EU's Data Protection Framework
Security Affairs
- [ ] SAPwned flaws in SAP AI core could expose customers’ data
- [ ] Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums
- [ ] How to Protect Privacy and Build Secure AI Products
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] Which Beginner Hardware
Technical Information Security Content & Discussion
- [ ] Windows Installer Custom Actions Privilege Escalation Vulnerability
- [ ] Attacking Connection Tracking Frameworks as used by VPN
The Register - Security
- [ ] Judge mostly drags SEC's lawsuit against SolarWinds into the recycling bin
- [ ] Kaspersky challenges US government to put up or shut up about Kremlin ties
- [ ] Russia’s FIN7 is peddling its EDR-nerfing malware to ransomware gangs
- [ ] Maximum-severity Cisco vulnerability allows attackers to change admin passwords
- [ ] Firms skip security reviews of major app updates about half the time
- [ ] Release the hounds! Securing datacenters may soon need sniffer dogs
TorrentFreak
- [ ] Russia Slams Google’s ‘Censorship’ Yet Deleting 5.6m VPN Links is Just Fine
- [ ] Anna’s Archive Loses .GS Domain Name But Remains Resilient
Palo Alto Networks Blog
- [ ] Announcing OpenAI ChatGPT Enterprise Compliance Integration
Blackhat Library: Hacking techniques and research
- [ ] cant find any blackhat and/or hacktivisits communities
Deep Web
- [ ] https://cryptoswapexchange.uk/
Computer Forensics
- [ ] Does iPhone Provide Light Sensor Data
- [ ] How to tell if a domain user is a local admin from image
- [ ] Record of activities on PC
Your Open Hacker Community
- [ ] Port:554 Open
Security Weekly Podcast Network (Audio)
- [ ] 3D Printing For Hackers - David Johnson - PSW #835