chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

110 stars 19 forks source link

[每日信息流] 2024-07-26 #603

Closed chainreactorbot closed 2 months ago

chainreactorbot commented 3 months ago

每日安全资讯（2024-07-26）

SecWiki News
- [ ] SecWiki News 2024-07-25 Review
奇安信攻防社区
- [ ] 挖矿木马+隐藏后门应急分析
Files ≈ Packet Storm
- [ ] Faraday 5.4.1
- [ ] Ubuntu Security Notice USN-6914-1
- [ ] Ubuntu Security Notice USN-6913-1
- [ ] Ubuntu Security Notice USN-6915-1
- [ ] Prison Management System 1.0 Shell Upload
- [ ] Red Hat Security Advisory 2024-4836-03
- [ ] Red Hat Security Advisory 2024-4831-03
- [ ] Red Hat Security Advisory 2024-4830-03
- [ ] Red Hat Security Advisory 2024-4829-03
- [ ] Red Hat Security Advisory 2024-4828-03
- [ ] Red Hat Security Advisory 2024-4827-03
- [ ] Red Hat Security Advisory 2024-4826-03
- [ ] Red Hat Security Advisory 2024-4825-03
- [ ] Red Hat Security Advisory 2024-4824-03
- [ ] Red Hat Security Advisory 2024-4823-03
- [ ] Red Hat Security Advisory 2024-4820-03
- [ ] Red Hat Security Advisory 2024-4746-03
- [ ] Red Hat Security Advisory 2024-4744-03
- [ ] Red Hat Security Advisory 2024-4730-03
- [ ] Red Hat Security Advisory 2024-4715-03
- [ ] Red Hat Security Advisory 2024-4677-03
- [ ] Red Hat Security Advisory 2024-4616-03
- [ ] Red Hat Security Advisory 2024-4613-03
- [ ] Red Hat Security Advisory 2024-4336-03
- [ ] Multi Store Inventory Management System 1.0 Insecure Direct Object Reference
Security Boulevard
- [ ] A Guide to Open Source Software
- [ ] Learning from CrowdStrike’s Quality Assurance Failures
- [ ] Join Our Webinar: Zero Trust and IAM – Building a Secure Future
- [ ] Google, Microsoft, Others Support U.S.-Based Spyware Lawsuits
- [ ] USENIX Security ’23 – Auditing Framework APIs via Inferred App-side Security Specifications
- [ ] Emulating the Prickly Cactus Ransomware
- [ ] Randall Munroe’s XKCD ‘Organ Meanings’
- [ ] Executive Cybersecurity Accountability: A Rising Trend?
- [ ] Cyber travel scams: The biggest scams to be aware of when planning your next trip
- [ ] Partner Spotlight: The Power of Axiad and Yubico
安全客-有思想的安全新媒体
- [ ] GitGuardian 工具可以帮助公司发现开发者在GitHub上泄露的信息
- [ ] 微软 Defender 漏洞被利用来提供 ACR、Lumma 和 Meduza 窃取程序
- [ ] CISA将Twilio Authy和IE漏洞添加到已利用漏洞列表中
- [ ] Telegram Android 版本发现 0day 漏洞允许将恶意文件伪装成视频
- [ ] Vanta筹集1.5亿美元，加速其AI产品创新
- [ ] 密歇根医学中心数据泄露影响了56953名患者
- [ ] 苹果在抨击谷歌 Chrome 浏览器的 Topics 广告技术时使用了错误的代码
- [ ] 网络攻击者在窃取活动中利用 Microsoft SmartScreen 漏洞
- [ ] ISC.AI 2024高级威胁狩猎分析论坛议程“剧透”
- [ ] OpenAI 今年可能亏损 50 亿美元并可能在 12 个月内耗尽现金
- [ ] 全网关注量200W+！ISC.AI 2024创新独角兽沙盒大赛热度持续走高
Trustwave Blog
- [ ] Trustwave Named as a Representative Vendor in the 2024 Gartner®️ Market Guide for Digital Forensics and Incident Response Retainer Services
Y4tacker:Hacking The World!
- [ ] 泛微云桥文件上传与JFinal Bypass
- [ ] EMobile4.0-EMobile6.6 FROM SSRF to RCE
Private Feed for M09Ic
- [ ] liamg starred charmbracelet/huh
- [ ] Ak74-577 starred pwntester/ysoserial.net
- [ ] mozhu1024 starred phodal/skilltree
- [ ] yqcs released 棱镜 X 1.3.1 发布 at yqcs/prismx
- [ ] timwhitez starred hellman/xortool
- [ ] timwhitez forked timwhitez/lark_c2 from nick-frischkorn/lark_c2
- [ ] gh0stkey starred junron/auto-enum
- [ ] gh0stkey starred RSSNext/follow
- [ ] niudaii starred outlaws-bai/Galaxy
- [ ] glzjin starred cybermetric/CyberMetric
- [ ] zrquan started following M09Ic
- [ ] CHYbeta starred HerbertHe/iptv-sources
Doonsec's feed
- [ ] 2024hvv day1-4漏洞威胁情报
- [ ] 逆向工具篇 | IDA Pro
- [ ] 你了解哪些光纤的应用领域？
- [ ] 第七课-系统学习代码审计：SSTI模板注入
- [ ] [7.25总结]又是枯燥无味的一天，评论区评价下今天的零食？
- [ ] 7.25hvv情报
- [ ] 蓝星全球大规模蓝屏,EDR 如何正确绕过？
- [ ] 7月25日hvv情报推送
- [ ] 最近的一些高危rce漏洞附poc
- [ ] 昨晚正在做美滋滋的梦，突然画风一转，我竟然在代码审计
- [ ] 安全认证相关漏洞挖掘 | 高级攻防01
- [ ] 数字化转型，是所有企业都要做好工作，找对切入点是关键！
- [ ] 用这两个面来描述零信任，沟通效果翻倍！
- [ ] 企业必须了解的有关企业浏览器安全性的知识
- [ ] 云原生环境安全攻防揭秘，一书速通云安全攻防（文末不送书）
- [ ] 白泽解读《互联网政务应用安全管理规定》（下）
- [ ] OneTS团队交流群
- [ ] 实战 | 登录处前台绕过getshell
- [ ] RISC-V SMP CPU 拓扑
- [ ] 权威培训认证资质全面概览——走进国投智能（美亚柏科）培训基地（一）
- [ ] 【免杀】文件隐藏之反溯源
- [ ] 【HVV情报】2024-07-25
- [ ] 攻防演练开始，黑产趁机浑水摸鱼，下场收割
- [ ] 中国船级社CCS：船舶网络安全指南2024
- [ ] 防范无人机系统（UAS）的威胁
- [ ] 2024无人机安全报告-绿盟科技
- [ ] day3-HVV 再添新成员，八贱客登场：xx康、xx达、锐xx、科xx
- [ ] nginx deny限制路径绕过
- [ ] 安全小报
- [ ] Web3 安全入门避坑指南｜钱包被恶意多签风险
- [ ] 用PDFXEdit+CEP处理PDF
- [ ] 离大谱，这家网络公司开始招聘黑客？
- [ ] 北山学院直播：常年霸榜企业SRC，提升挖洞效率的秘诀是什么
- [ ] 蓝屏之囿-终端安全软件开发的困局与破局
- [ ] JAW：一款针对客户端JavaScript的图形化安全分析框架
- [ ] 近期值得关注的IOC（2024-07-25）
- [ ] 【资讯】北京市通管局等两部门印发《北京车联网安全筑基工作方案》
- [ ] 【资讯】广西壮族自治区工信厅印发《广西促进工业领域数据安全能力提升实施方案（2024—2026年）》
- [ ] ISC.AI 2024 前瞻：打造安全大模型，引领安全行业新革命
- [ ] ISC.AI 2024第二届全国信息安全产教融合发展大会暨全国信息安全行业产教融合共同体年会议程“剧透”
- [ ] ISC.AI 2024企业安全运营与策略实践论坛议程“剧透”
- [ ] ISC.AI 2024 数转智改驱动行业创新变革论坛议程“剧透”
- [ ] ISC.AI 2024 大模型重塑安全运营论坛议程“剧透”
- [ ] 美团外卖AIGC视觉创意的探索与实践
- [ ] KDD 2024 | 美团技术团队精选论文解读 & 论文分享会预告
- [ ] 即将启动｜第二届低空经济智能飞行管理挑战赛
- [ ] 原厂驻场，北京
- [ ] CrowdStrike：测试软件中的bug导致Windows蓝屏死机
- [ ] Docker紧急修复已存在6年且可导致系统接管的CVSS满分严重漏洞
- [ ] Hvv-day4威胁情报日记
- [ ] 专题·漏洞治理 | 基于漏洞情报构建高效漏洞运营体系实践
- [ ] 专题·漏洞治理 | 美国工控安全漏洞管理政策研究与思考
- [ ] CVE-2024-41107 POC
- [ ] CVE-2024-41110 POC
- [ ] CrowdStrike蓝屏事件解析：原因、影响及启示
- [ ] 近期某Rust钓鱼样本分析
- [ ] Delphinus Lab和CertiK达成战略合作，共同推进zkWasm生态安全和应用发展
- [ ] 大牛书单 |AI应用&大模型方向好书推荐
- [ ] 安全聘 | 百度招安全运营实习生
- [ ] 【安全圈】这家网络公司开始聘用黑客？
- [ ] 【安全圈】Crowdstrike蓝屏事件自查结果：错在流程而非人
- [ ] 【安全圈】史上最大规模的数字盗版泄密事件：1000万用户因虚假Z-Library导致机密信息泄露
- [ ] 【安全圈】R0bl0ch0n TDS——新型附属欺诈计划波及1.1亿用户
- [ ] AI机器人本地免费部署（部署Llama 3.1详细教程）
- [ ] HyBench正式提供市场服务，OceanBase率先完成
- [ ] 携手火绒，共享共赢|火绒安全核心伙伴闭门会议圆满收官
- [ ] 奇安信中标证监行业某核心机构2024年重保服务
- [ ] 两部门发布“网络去NAT”通知，专家：IPv6存三大安全风险亟待重视
- [ ] 2024 HVV情报 0725
- [ ] HVV精英课5000+分钟限时领取
- [ ] ForCloud赢战攻防 | 无惧突发0day漏洞 ForCloud虚实结合快速处置
- [ ] 国际ERP软件大厂云泄露超7亿条记录，内含密钥等敏感信息
- [ ] 现场整改！广西一物业公司不履行个人信息保护义务被处罚
- [ ] 北京知道创宇党支部顺利召开党员大会暨党总支表彰大会
- [ ] 2024年HW漏洞专项
- [ ] 【0725】重保演习每日情报汇总
- [ ] BSRC 2024 年中总结报告
- [ ] 微步云沙箱送上一大波高频IOC
- [ ] Telegram零日漏洞被售卖数周：恶意APK文件可伪装成视频消息
- [ ] 国际 | 北约新建综合网络防御中心
- [ ] Hakuin：一款自动化SQL盲注（BSQLI）安全检测工具
- [ ] 智库视点｜高度警惕网络霸权带来的风险
- [ ] 行业动态｜主打一个“铁面无私”！天融信第四次列入Gartner®报告零信任代表性厂商
- [ ] 网安智库｜基于 VC-4 的 SDH 信道加密技术研究与实现
- [ ] 电子电器架构 --- 智能汽车的大脑（域控制器）
- [ ] 护航低空经济 | 云驰未来inTARA助力小鹏汇天飞行汽车构建网络安全新防线
- [ ] HVV漏洞PoC分享第二弹
- [ ] 读帛书道德经闻道篇有感
- [ ] “微软蓝屏”事件引发对我国关键信息基础设施安全保护的思考
- [ ] KubeAdmiral v1.0.0 发布！
- [ ] 行业 | 梆梆安全荣获华为开发者联盟生态市场服务商认证
- [ ] 关注 | 巴黎奥运会开幕在即面临网络安全挑战
- [ ] “微软蓝屏”事件最新回应！美国“众击”公司将宕机事件归咎于内容更新漏洞
Planet Classpath
- [ ] Gary Benson: Python atomic counter
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- [ ] XCon2024议题||从YakSSA到SyntaxFlow：静态代码分析技术的创新与实践
obaby@mars
- [ ] 华为 Pura 70 Pro — 不完美的 GMS 体验
Exodus Intelligence
- [ ] Softaculous Webuzo Authentication Bypass
- [ ] Softaculous Webuzo FTP Management Command Injection
- [ ] Softaculous Webuzo Password Reset Command Injection
cloud world
- [ ] 在 Confluent Cloud 上使用 Databend Kafka Connect 构建实时数据流同步
Forcepoint
- [ ] DSPM Operating at the Speed of GenAI
Trail of Bits Blog
- [ ] Our crypto experts answer 10 key questions
Reverse Engineering
- [ ] Reverse Engineering for Everyone
SentinelOne
- [ ] Transforming the Cybersecurity Insurance Market with SentinelOne’s New Risk Assurance Initiative
ly0n.me
- [ ] What is Backup DNS and How to Restore DNS Zones?
安全牛
- [ ] 国家金融监督管理总局发布新型电信网络诈骗风险提示；TikTok被英国监管机构罚款1762万元 | 牛览
- [ ] 5种不可或缺的基础性IT管理制度
Malwarebytes
- [ ] Windows update may present users with a BitLocker recovery screen
FreeBuf网络安全行业门户
- [ ] 北山学院直播：常年霸榜企业SRC，提升挖洞效率的秘诀是什么
- [ ] FreeBuf早报 | 《工业领域云安全实践指南》正式发布；Red Art游戏遭遇重大网络攻击
- [ ] 离大谱，这家网络公司开始招聘黑客？
- [ ] Crowdstrike蓝屏事件自查结果：错在流程而非人
- [ ] 史上最大规模的数字盗版泄密事件：1000万用户因虚假Z-Library导致机密信息泄露
- [ ] 原来，甲方们都在这里聊「攻防演练」
HackerNews
- [ ] 史上最大规模的数字盗版泄密事件：1000 万用户因虚假 Z-Library 导致机密信息泄露
- [ ] 美国政府最大 IT 服务商发生严重数据泄漏
- [ ] CrowdStrike 解释为何错误更新未经过适当测试
- [ ] 美安全公司 KnowBe4 险些雇佣朝鲜黑客，该黑客运行恶意软件时被发现
- [ ] Patchwork 黑客利用 Ratel C4 暴力攻击工具瞄准不丹
- [ ] Check Point 警告：3000 多个 GitHub 幽灵帐户用于分发恶意软件
- [ ] 黑客论坛 Breach Forums 遭数据泄露，超 20 万会员信息曝光
黑海洋 - WIKI
- [ ] Amazon Linux安装 Docker方法
看雪学苑
- [ ] 一次诈骗APP的逆向分析
- [ ] CrowdStrike将微软蓝屏故障归咎于验证不足，承诺改进
- [ ] 一步步斩获大厂offer！内核驱动高级班：算法+内核+安全
安全内参
- [ ] 国际ERP软件大厂云泄露超7亿条记录，内含密钥等敏感信息
- [ ] 现场整改！广西一物业公司不履行个人信息保护义务被处罚
奇客Solidot–传递最新科技情报
- [ ] AMD 推迟 Zen5 处理器上市 1-2 两周
- [ ] 在日外国人数量首次突破 300 万
- [ ] OpenAI 今年可能亏损 50 亿美元
- [ ] 加拿大为用无人机监视新西兰女足训练道歉
- [ ] .Top 域名注册商江苏邦宁科技收到 ICANN 警告
- [ ] 马来西亚要求微软和 CrowdStrike 为全球 IT 系统崩溃赔偿损失
- [ ] 大脑对时间的感知并非是线性增量的
- [ ] 网络罪犯操纵 GitHub 平台传播恶意程序
- [ ] Reddit 限制除 Google 之外的搜索引擎抓取其内容
中国信息安全
- [ ] 专题·漏洞治理 | 美国工控安全漏洞管理政策研究与思考
- [ ] 行业 | 梆梆安全荣获华为开发者联盟生态市场服务商认证
- [ ] 专题·漏洞治理 | 基于漏洞情报构建高效漏洞运营体系实践
- [ ] 关注 | 巴黎奥运会开幕在即面临网络安全挑战
- [ ] “微软蓝屏”事件最新回应！美国“众击”公司将宕机事件归咎于内容更新漏洞
- [ ] 关注 | 金融监管总局发布防范新型电信网络诈骗的风险提示
- [ ] 国际 | 美英欧监管机构签署关于人工智能竞争的联合声明
- [ ] 通知 | 北京市通信管理局北京市经济和信息化局印发《北京车联网安全筑基工作方案》
慢雾科技
- [ ] Web3 安全入门避坑指南｜钱包被恶意多签风险
数世咨询
- [ ] 报告发布 | 数世咨询：信创安全市场指南（附下载）
dotNet安全矩阵
- [ ] .NET 一款利用打印服务漏洞提权的工具
- [ ] 2024hvv | 第3天.NET漏洞威胁情报
信息安全国家工程研究中心
- [ ] “微软蓝屏”事件引发对我国关键信息基础设施安全保护的思考
关键基础设施安全应急响应中心
- [ ] 软件安全研发成熟度模型研究与实践
- [ ] 城市供暖系统遭网络攻击被关闭，大量居民在寒冬下停暖近2天
- [ ] 充电桩助攻黑客：电动汽车对新型攻击毫无防御能力
KCon 黑客大会
- [ ] 演讲议题巡展 | Windows远程文件协议漏洞挖掘之旅
天御攻防实验室
- [ ] CrowdStrike为宕机事件道歉，提供10美元礼品卡表歉意
CNCERT国家工程研究中心
- [ ] 多无人系统协同中的人工智能安全探索
- [ ] 谷歌放弃淘汰第三方Cookie计划，将选择权交给用户
- [ ] 安全人士可以从CrowdStrike事件中汲取的五点教训
默安科技
- [ ] 从Google收购Wiz风波，聊聊云安全态势管理（CSPM）的发展
极客公园
- [ ] 提前曝光 Llama 3.1，Meta 为什么想做「大模型界 Linux」？
- [ ] 扎克伯格称「美国在AI领域领先中国数年」不现实；OpenAI今年可能亏损50亿美元；苹果2026将推出折叠手机 | 极客早知道
表图
- [ ] CrowdStrike蓝屏事件解析：原因、影响及启示
百度安全应急响应中心
- [ ] BSRC 2024 年中总结报告
微步在线
- [ ] 微步云沙箱送上一大波高频IOC
Beacon Tower Lab
- [ ] 【0725】重保演习每日情报汇总
火绒安全
- [ ] 携手火绒，共享共赢|火绒安全核心伙伴闭门会议圆满收官
Numen Cyber Labs
- [ ] CVE-2024-36401 JDK 11-22 通杀内存马
Black Hills Information Security
- [ ] Build a Home Lab: Equipment, Tools, and Tips
Qualys Security Blog
- [ ] Secure Your APIs and Reduce Your Attack Surface With Modern, AI-powered API Security in Qualys Web Application Scanning (WAS)
字节跳动技术团队
- [ ] 减少 95% 资源的向量搜索 | 使用云搜索的 DiskANN
情报分析师
- [ ] 在审讯过程中快速分裂一个人的 12 种方法
- [ ] 2024美国拥有多少核武器？
迪哥讲事
- [ ] 安全认证相关漏洞挖掘 | 高级攻防01
IT Service Management News
- [ ] Pubblicato l'IA Act
Have I Been Pwned latest breaches
- [ ] Condo.com - 1,481,555 breached accounts
- [ ] Explore Talent - 5,371,574 breached accounts
Over Security - Cybersecurity news aggregator
- [ ] PKfail Secure Boot bypass lets attackers install UEFI malware
- [ ] Israel tried to influence WhatsApp case against Pegasus spyware maker, rights group says
- [ ] Columbus reports cyber incident as multiple cities recover from ransomware attacks
- [ ] Daggerfly: evoluzione dell’arsenale cibernetico e nuove minacce per la sicurezza globale
- [ ] Critical ServiceNow RCE flaws actively exploited to steal credentials
- [ ] US indicts alleged North Korean state hacker for ransomware attacks on hospitals
- [ ] Windows 11 KB5040527 update fixes Windows Backup failures
- [ ] The massive computer outage over the weekend was not a cyber attack, and I’m not sure why we have to keep saying that
- [ ] US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks
- [ ] US election security official warns of ‘significant misinformation’ following Trump assassination attempt, Biden exit
- [ ] Meta nukes massive Instagram sextortion network of 63,000 accounts
- [ ] Russia to punish soldiers for using personal mobile phones in Ukraine
- [ ] Progress warns of critical RCE bug in Telerik Report Server
- [ ] French police push PlugX malware self-destruct payload to clean PCs
- [ ] Hacked, leaked, exposed: Why you should never use stalkerware apps
- [ ] How Americans Can Stay Safe at the Paris Olympics Amid Global Threats, According to Top Security Experts
- [ ] Belarus-linked hackers target Ukrainian orgs with PicassoLoader malware
- [ ] Google Chrome now asks for passwords to scan protected archives
- [ ] Why Multivendor Cybersecurity Stacks Are Increasingly Obsolete
- [ ] Scoperto EvilVideo, una vulnerabilità zero-day di Telegram per Android
- [ ] North Korean hacking group targeted weapons blueprints, nuclear facilities in cyber campaigns
- [ ] IR Trends: Ransomware on the rise, while technology becomes most targeted sector
- [ ] How to install Kali NetHunter on TicWatch Pro 3
- [ ] Daggerfly sta usando una nuova versione di Macma, una backdoor per macOS
- [ ] Condo.com - 1,481,555 breached accounts
- [ ] Explore Talent - 5,371,574 breached accounts
Securityinfo.it
- [ ] Scoperto EvilVideo, una vulnerabilità zero-day di Telegram per Android
- [ ] Daggerfly sta usando una nuova versione di Macma, una backdoor per macOS
ICT Security Magazine
- [ ] Digital forensics e cyber security: caso Cellebrite Ufed vs Signal
SANS Internet Storm Center, InfoCON: green
- [ ] XWorm Hidden With Process Hollowing, (Thu, Jul 25th)
- [ ] ISC Stormcast For Thursday, July 25th, 2024 https://isc.sans.edu/podcastdetail/9068, (Thu, Jul 25th)
Schneier on Security
- [ ] The CrowdStrike Outage and Market-Driven Brittleness
- [ ] Data Wallets Using the Solid Protocol
Instapaper: Unread
- [ ] Telegram Zero-Day Vulnerability Exploited Using Malicious Video Files
- [ ] Europol pubblica l’edizione 2024 dell’Internet Organized Crime Threat Assessment (IOCTA). Cybercrime sempre più frammentato
- [ ] Robot Dog Internet Jammer
360威胁情报中心
- [ ] ISC.AI 2024高级威胁狩猎分析论坛议程“剧透”
TorrentFreak
- [ ] If Z-Library Scam Did Deceive Millions, Exploiting a Lack of Research Was Ironic
- [ ] New Site Blocking Push Aims to Curb Italy’s Growing Stream-Ripping Numbers
Blackhat Library: Hacking techniques and research
- [ ] Looking for Experienced/Intermediate CTF Players for an upcoming CTF
- [ ] Hacking servers on discord
Your Open Hacker Community
- [ ] How are zero days vulnerabilities found ?
Social Engineering
- [ ] Actions to build rapport in a restaurant\cafe?
- [ ] 📚Book Summary- Never Split the Difference by Chris Voss
Graham Cluley
- [ ] Robot dog trained to jam wireless devices during police raids
- [ ] SEXi / APT Inc ransomware – what you need to know
Deeplinks
- [ ] Electronic Frontier Foundation to Present Annual EFF Awards to Carolina Botero, Connecting Humanity, and 404 Media
- [ ] Briefing: Negotiating States Must Address Human Rights Risks in the Proposed UN Surveillance Treaty
- [ ] Journalists Sue Massachusetts TV Corporation Over Bogus YouTube Takedown Demands
Troy Hunt's Blog
- [ ] MVP 14
Sector 7
- [ ] DoNex/DarkRace Ransomware Decryptor
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] Hacking My Way to an Infosec Career
Technical Information Security Content & Discussion
- [ ] PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem
- [ ] Unfashionably secure: why we use isolated VMs
- [ ] Think Twice Before Cheating: Escape From Tarkov Cheat Developer Steals User Data.
- [ ] go-exploit Goes Scanless
The Hacker News
- [ ] North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks
- [ ] 6 Types of Applications Security Testing You Must Know About
- [ ] Meta Removes 63,000 Instagram Accounts Linked to Nigerian Sextortion Scams
- [ ] Webinar: Securing the Modern Workspace: What Enterprises MUST Know about Enterprise Browser Security
- [ ] Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform
- [ ] Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins
- [ ] CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software
- [ ] New Chrome Feature Scans Password-Protected Files for Malicious Content
The Register - Security
- [ ] Beware of fake CrowdStrike domains pumping out Lumma infostealing malware
- [ ] FYI: Data from deleted GitHub repos may not actually be deleted
- [ ] Uncle Sam accuses telco IT pro of decade-long spying campaign for China
- [ ] You should probably fix this 5-year-old critical Docker vuln fairly sharpish
- [ ] Kaspersky says Uncle Sam snubbed proposal to open up its code for third-party review
- [ ] Patch management still seemingly abysmal because no one wants the job
- [ ] How a cheap barcode scanner helped fix CrowdStrike'd Windows PCs in a flash
- [ ] The months and days before and after CrowdStrike's fatal Friday
Deep Web
- [ ] Anyone Use the DW for Dating/Making New Friends
Information Security
- [ ] Announcing the Bug Bounty program pack 1.0
- [ ] SOC Metrics that Matter: MTTR, MTTI, False Negatives, and more
- [ ] SheepQL Injection Attack
- [ ] Week in Brief #61: Great CrowdStrike Meltdown, NSA AI security guide, dual-title CISOs, AppSec interviews
Security Affairs
- [ ] Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server
- [ ] Critical bug in Docker Engine allowed attackers to bypass authorization plugins
- [ ] Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers
- [ ] Michigan Medicine data breach impacted 56953 patients
Security Weekly Podcast Network (Audio)
- [ ] MS Patch Tuesday: Which Vulnerabilities Really Need Prioritizing. - Douglas McKee - PSW #836