[每日信息流] 2024-07-27

[chainreactorbot]

每日安全资讯（2024-07-27）

• Verne in GitHub
  • [ ] Dinox 又一款 AI 语音实时转录工具
• SecWiki News
  • [ ] SecWiki News 2024-07-26 Review
• 奇安信攻防社区
  • [ ] HW 中如何利用 WAF 缺陷进行绕过
  • [ ] 记一次某src挖掘
• Private Feed for M09Ic
  • [ ] LoRexxar starred aby-ui/aby-ui-client
  • [ ] Y4er starred joernio/joern
  • [ ] INotGreen started following InfosecMatter
  • [ ] INotGreen starred InfosecMatter/Minimalistic-offensive-security-tools
  • [ ] mgeeky starred delivr-to/MailCollector
  • [ ] zema1 starred jorhelp/Ingram
  • [ ] DVKunion forked DVKunion/VCAMSX from iiheng/VCAMSX
  • [ ] glzjin starred jiguangsdf/netcat
  • [ ] CHYbeta starred DiogoMRSilva/websitesVulnerableToSSTI
  • [ ] XTLS made XTLS/Xray-tun public
  • [ ] zer0yu starred Funsiooo/chunsou
  • [ ] gh0stkey starred metowolf/iplist
  • [ ] gh0stkey starred mayaxcn/china-ip-list
  • [ ] gh0stkey starred akkuman/action-bw-backup
  • [ ] gh0stkey starred jgraph/drawio
  • [ ] timwhitez started following nick-frischkorn
  • [ ] WAY29 starred felixge/fgprof
  • [ ] timwhitez starred nick-frischkorn/lark_poseidon
  • [ ] gh0stkey starred bitwarden/clients
  • [ ] gh0stkey starred dani-garcia/vaultwarden
  • [ ] gh0stkey starred yanyiwu/cppjieba
  • [ ] Safe3 released 南墙 社区版 v5.1.0 at Safe3/uuWAF
  • [ ] zer0yu started following sule01u
  • [ ] zer0yu starred sule01u/SBSCAN
  • [ ] zema1 starred yzddmr6/As-Exploits
  • [ ] CHYbeta starred ynsmroztas/SQL_Injection-Techniques
• Doonsec's feed
  • [ ] 每周文章分享-170
  • [ ] 秦安：特朗普更加危险！拜登退选预料之中，民主党只有这种办法赢
  • [ ] 秦安：加大不适宜现职干部调整力度，要抓现行，跨军地改革可突破
  • [ ] 秦安：两大人间悲剧齐解决？北京宣言与中国互不首先使用核武承诺
  • [ ] 秦安：2年骚扰，24小时解决，“人大速度”让我们更珍惜网络家园
  • [ ] 牟林：是谁在纵容北约峰会官员公开抢劫的流氓行径？
  • [ ] 牟林：日本已经进入“代理人”的角色了？
  • [ ] 牟林：看来特朗普需要再被枪击一次，才有获胜的绝对把握
  • [ ] 7月26日hvv情报推送
  • [ ] [原创工具] github数据和cnnvd爬取
  • [ ] 代码审计｜NginxWebUI多处漏洞
  • [ ] 阿里巴巴集团安全部招聘
  • [ ] 信息安全保障人员认证（CISAW）2024年9月线上考试安排
  • [ ] [7.26总结]今日讨论：作为开发商，甲方被入侵应该付多大的责任？
  • [ ] 7.26hvv情报
  • [ ] 【HVV情报】2024-07-26
  • [ ] 任意文件读取rce
  • [ ] 延迟到65岁退休？程序员：没~事~哒！35岁就被“优化”了！
  • [ ] 有野心的大学生！如果有电脑，明晚在家请一定要做这件事→
  • [ ] Suricata检测Nacos默认密钥攻击
  • [ ] 第八课-系统学习代码审计：XXE和XSS(VUE中可能存在的漏洞)翻车讲解
  • [ ] 帆软报表最新前台SQL漏洞复现
  • [ ] 黑暗森林之狡诈的网络钓鱼
  • [ ] HVV-7-26 情报日记
  • [ ] 专题·漏洞治理 | 实战导向的漏洞运营实践
  • [ ] 专题·漏洞治理 | 漏洞全链路治理与运营管理建设
  • [ ] 百年黄埔情，党员初心行
  • [ ] 《脚本》
  • [ ] 2024hvv最新漏洞威胁情报
  • [ ] 今日热点
  • [ ] 【赠书】《终端安全运营》深度解读与实战应用
  • [ ] ⼤模型在⽹络安全⽅⾯的应⽤汇总
  • [ ] 23年的钱到底何时能给🐒
  • [ ] 智库视点｜论个人信息保护法的权衡体系及其实践展开
  • [ ] 国家发改委就《电力监控系统安全防护规定》（征求意见稿）公开征求意见
  • [ ] 400余条业主个人信息管理不善，一物业服务公司被处罚
  • [ ] 第四届CTF夏令营暨联合战队招新赛开始报名
  • [ ] ISC.AI 2024大型企业数字化转型安全发展论坛议程“剧透”
  • [ ] ISC.AI 2024 守护数据价值：数据安全与创新应用论坛议程“剧透”
  • [ ] Hvv-day5威胁情报日记
  • [ ] 【资讯】u200b公安部 国家网信办就《国家网络身份认证公共服务管理办法》公开征求意见
  • [ ] 【资讯】最高人民法院等三部门联合印发《关于办理跨境电信网络诈骗等刑事案件适用法律若干问题的意见》
  • [ ] 【资讯】湖南省政府办公厅印发《湖南省省级政务云管理暂行办法》
  • [ ] 【资讯】北京市通管局等两部门联合印发《北京市2024年工业互联网安全深度行活动实施方案》
  • [ ] hvv最近的一些漏洞脚本（only xray）
  • [ ] 重磅！《国家网络身份认证公共服务管理办法》对外征求意见（全文）
  • [ ] 关于征集密码应用技术创新与测试验证工业和信息化部重点实验室2024年度创新研究课题的通知
  • [ ] 西安市商用密码领域公众投诉举报渠道
  • [ ] 长达50年！巴西总统遭美监视 “监控帝国”劣迹斑斑
  • [ ] 俄罗斯调整对乌网络战策略：从民用关基设施转向军事目标
  • [ ] 招展通知 | 2024年国家网络安全宣传周网络安全博览会暨网络安全产品和服务供需治谈会招展通知重磅发布！
  • [ ] 长图速览，这个纲领性文件是如何诞生的
  • [ ] 全面梳理！《决定》中信息通信业相关内容都在这儿
  • [ ] 2024HW之《向日葵远程RCE》
  • [ ] 热议红蓝对抗，探索数据安全新路径
  • [ ] 初学漏洞挖掘，很多师傅都在走弯路
  • [ ] 香港即将出台首部网络安全法
  • [ ] NimScan：一款运行效率极高的端口扫描工具
  • [ ] 演讲议题巡展 | 云原生攻防对抗—从只读Pod到集群管理员的晋级之路
  • [ ] 诚邀漏洞猎手！KCon白帽赏金大赛即将开启，OPPO企业专场率先来袭，现金大奖等你来战
  • [ ] 通知 | 公安部 国家网信办就《国家网络身份认证公共服务管理办法（征求意见稿）》公开征求意见（附全文）
  • [ ] 发布 | “两高一部”印发《关于办理跨境电信网络诈骗等刑事案件适用法律若干问题的意见》（附全文）
  • [ ] 通知 | 国家发改委就《电力监控系统安全防护规定（公开征求意见稿）》向社会公开征求意见（附全文）
  • [ ] 典型案例 | “两高一部”发布依法惩治跨境电信网络诈骗及其关联犯罪典型案例
  • [ ] 全球都在放“微软蓝屏”假，中国为何能独善其身？
  • [ ] 【安全圈】夏季行动丨涉案金额300余万元，琼海公安打掉一个“跑分”洗钱团伙，6人被抓
  • [ ] 【安全圈】LangChain曝关键漏洞，数百万AI应用面临攻击风险
  • [ ] 【安全圈】实施单独立法！香港即将出台首部网络安全法
  • [ ] 【安全圈】某些版本的 Docker Engine 存在一个关键漏洞，在特定情况下可被利用来绕过授权插件 (AuthZ)。
  • [ ] 360SRC丨黑客，你AI了吗？
  • [ ] 2024攻防演练丨DayDayMap重保情报模块又更新啦，IP画像查询功能上线
  • [ ] 8月14-16日，盛邦安全与您相约2024年电力信息通信新技术大会
  • [ ] 近期值得关注的IOC（2024-07-26）
  • [ ] 每周高级威胁情报解读(2024.07.19~07.25)
  • [ ] 烽火狼烟丨暗网数据及攻击威胁情报分析周报（07/22-07/26）
  • [ ] 国家发改委发布《电力监控系统安全防护规定》（公开征求意见稿）
  • [ ] 北京市通信管理局等两部门印发《北京车联网安全筑基工作方案》
  • [ ] 金融监管总局 | 关于防范新型电信网络诈骗的风险提示
  • [ ] 巴黎奥运会首席信息安全官披露赛事网络安保计划
  • [ ] 【0726】重保演习每日情报汇总
  • [ ] 攻防激战正酣，看长亭今年出了什么新东西？
  • [ ] 专题·漏洞治理 | 防微杜渐，加强漏洞治理的应急响应环节
  • [ ] 【资讯速看】 美国比特币 ETF 资金流入激增 4451 万美元，GBTC 迎来又一轮资金流出
  • [ ] 一文带你了解路由器7个端口：RJ-45、AUI 、高速同步串口、ISDN BRI、异步串口、Console、AUX
  • [ ] 【2024HW情报】0722-0726漏洞
  • [ ] 【天穹】HVV专题：火眼金睛-伪装为灰黑产软件的反沙箱木马
  • [ ] 捷报 | 边界无限成功中标某头部能源央企RASP项目
  • [ ] 2022年美亚杯资格赛林俊熙服务器题解
  • [ ] 【蛇矛众测嘉年华】重磅来袭！报名火热进行中
  • [ ] 云安全攻防与运营怎么做？结尾福利
  • [ ] 巴黎奥运会开幕在即，网络安全挑战不可忽视，需警惕的潜在威胁有哪些？
  • [ ] OpenStack 云数据中心可能发生的攻击
  • [ ] 安全聘 | 途虎养车招高级安全开发工程师
  • [ ] 一键还原攻击现场，看XDR如何智斗勒索
  • [ ] 每周蓝军技术推送（2024.7.20-7.26）
  • [ ] 应急响应--windows入侵检查思路及流程
  • [ ] IOT漏洞复现----RWCTF 6th - Let’s party in the house
  • [ ] 安全研究员强调，已删除的GitHub数据仍可被访问
  • [ ] 懂你野心，许你高薪！
  • [ ] 性价比极高！解锁Chrome V8引擎攻击方法
  • [ ] 网安周讯 | 阿里因泄露用户数据被罚19.8亿韩元！（七月第4期xa0）
• Tenable Blog
  • [ ] Cybersecurity Snapshot: North Korea’s Cyber Spies Hunt for Nuclear Secrets, as Online Criminals Ramp Up AI Use in the EU
• CXSECURITY Database RSS Feed - CXSecurity.com
  • [ ] Prison Management System 1.0 Shell Upload
• 美团技术团队
  • [ ] KDD 2024 | 美团技术团队精选论文解读
• Security Boulevard
  • [ ] FAQ: How Are STIGs, SRGs, SCAP, and CCIs Related?
  • [ ] Response to CISA Advisory (AA24-207A): North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
  • [ ] Negotiate Your Next Cyber Insurance Policy With This 6-Step Playbook
  • [ ] USENIX Security ’23 – SQIRL: Grey-Box Detection of SQL Injection Vulnerabilities Using Reinforcement Learning
  • [ ] PKfail: 800+ Major PC Models have Insecure ‘Secure Boot’
  • [ ] Randall Munroe’s XKCD ‘President Venn Diagram’
  • [ ] Your Headaches, Our Solutions: How To Find & Manage Compromised Accounts in Google Workspace/Microsoft 365
  • [ ] Effortless certificate management with automated CNAME validation
  • [ ] Making Sense of Open-Source Vulnerability Databases: NVD, OSV, and more
  • [ ] USENIX Security ’23 – WHIP: Improving Static Vulnerability Detection in Web Application by Forcing tools to Collaborate
• Trustwave Blog
  • [ ] Is it Time to Rethink Your Security Stack?
• Twitter @Nicolas Krassas
  • [ ] US Offers $10M Reward for Information on North Korean Hacker https://www.darkreading.com/threat-intelligence/us-offers-10m-reward-for-information-on-n...
  • [ ] Microsoft calls for Windows changes and resilience after CrowdStrike outage https://www.theverge.com/2024/7/26/24206719/microsoft-windows-changes-crow...
  • [ ] July Windows Server updates break Remote Desktop connections https://www.bleepingcomputer.com/news/microsoft/july-windows-server-updates-break-remote-...
  • [ ] Hackers Leak Sensitive Documents from Major Pentagon IT Contractor, Leidos https://securityonline.info/hackers-leak-sensitive-documents-from-major-pen...
  • [ ] Spytech Hacked: Thousands of Devices Exposed in Spyware Maker Breach https://securityonline.info/spytech-hacked-thousands-of-devices-exposed-in-spywar...
  • [ ] France Leads International Effort to Eradicate PlugX Trojan from 3,000 Systems https://securityonline.info/france-leads-international-effort-to-eradic...
  • [ ] CVE-2024-39676: Apache Pinot Flaw Exposes Sensitive Data, Urgent Upgrade Needed https://securityonline.info/cve-2024-39676-apache-pinot-flaw-exposes-s...
  • [ ] Compromising the Secure Boot Process https://www.schneier.com/blog/archives/2024/07/compromising-the-secure-boot-process.html
  • [ ] Acronis warns of Cyber Infrastructure default password abused in attacks https://www.bleepingcomputer.com/news/security/acronis-warns-of-cyber-infrast...
  • [ ] Extensive spyware compromise revealed by Spytech breach https://www.scmagazine.com/brief/extensive-spyware-compromise-revealed-by-spytech-breach
  • [ ] HTB Sherlock: Campfire-2 https://0xdf.gitlab.io/2024/07/26/htb-sherlock-campfire-2.html
  • [ ] Russian ransomware gangs account for 69% of all ransom proceeds https://www.bleepingcomputer.com/news/security/russian-ransomware-gangs-account-for-69...
  • [ ] This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps https://thehackernews.com/2024/07/spanish-hackers-bundle-phishing...
  • [ ] 10 Million Users Compromised in Z-Library Phishing Site Hack https://securityonline.info/10-million-users-compromised-in-z-library-phishing-site-hack/
  • [ ] BIND updates fix four high-severity DoS bugs in the DNS software suite https://securityaffairs.com/166190/security/bind-updates-high-severity-dos-bugs...
  • [ ] U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals https://thehackernews.com/2024/07/us-doj-indicts-north-korean-hacker-for.html
  • [ ] Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining https://thehackernews.com/2024/07/ongoing-cyberattack-targets-exposed.htm...
  • [ ] Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk https://thehackernews.com/2024/07/critical-flaw-in-telerik-report-server.html
  • [ ] North Korean chap charged for attacks on US hospitals, NASA – and even China https://go.theregister.com/feed/www.theregister.com/2024/07/26/andariel_...
  • [ ] Critical ServiceNow RCE flaws actively exploited to steal credentials https://www.bleepingcomputer.com/news/security/critical-servicenow-rce-flaws-act...
• 安全客-有思想的安全新媒体
  • [ ] 网络罪犯操纵 GitHub 平台传播恶意程序
  • [ ] Progress Software修复了teleerik报表服务器中的关键RCE CVE-2024-6327
  • [ ] 某些版本的 Docker Engine 存在一个关键漏洞，在特定情况下可被利用来绕过授权插件 (AuthZ)。
  • [ ] 警惕假冒 CrowdStrike 域名发布 Lumma 信息窃取恶意软件
  • [ ] 微软重振ie浏览器以吸引Windows用户
  • [ ] CrowdStrike-Microsoft 故障将导致每家财富 500 强公司损失 4,400 万美元
  • [ ] 勒索软件和BEC构成了60%的网络事件
  • [ ] F5称人工智能应用将使澳大利亚的混合多云环境更加复杂
  • [ ] CISA 警告流行的 BIND 9 DNS 软件中存在可利用的漏洞
  • [ ] Meta 删除了 6.3万个与尼日利亚性勒索诈骗相关的 Instagram 帐户
  • [ ] ISC.AI 2024第二届全国信息安全产教融合发展大会暨全国信息安全行业产教融合共同体年会议程“剧透”
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • [ ] 2024年Q2企业邮箱安全性研究报告：垃圾邮件同比上升40.6%
  • [ ] 国家金融监管总局：防范“AI换脸拟声”类新型电信网络诈骗
  • [ ] Ghostscript 库中存在 RCE 漏洞，现已被积极利用
  • [ ] ISC.AI 2024前瞻：打造安全大模型，引领安全行业革命
• Y4tacker:Hacking The World!
  • [ ] 浅析帆软FineVis默认插件前台RCE
• Real-time communications security on Communication Breakdown - VoIP & WebRTC Security
  • [ ] TADSummit Innovators Podcast reviews the Last 6 Months of RTC Security Trends with Sandro Gauci
• blog.avast.com EN
  • [ ] Scams to steer clear of as a college student, from a college student
• GuidePoint Security
  • [ ] How to Make Adversaries Cry: Part 1
• SentinelOne
  • [ ] The Good, the Bad and the Ugly in Cybersecurity – Week 30
• CCC Event Blog
  • [ ] Datenspuren 2024: Was nun? Was tun! – Wir suchen noch Einreichungen!
• Reverse Engineering
  • [ ] New OpenSecurityTraining2 mini-class: "Debuggers 1102: Introductory Ghidra"
  • [ ] Binary Ninja - 4.1 Elysium
• FreeBuf网络安全行业门户
  • [ ] 初学漏洞挖掘，很多师傅都在走弯路
  • [ ] 热议红蓝对抗，探索数据安全新路径
  • [ ] FreeBuf 周报 | Wiz拒绝谷歌230亿美元收购；新型欺诈计划波及1.1亿用户
  • [ ] 记一次供应链+社工通关某演练单位
  • [ ] LangChain曝关键漏洞，数百万AI应用面临攻击风险
  • [ ] 北山学院直播：常年霸榜企业SRC，提升挖洞效率的秘诀是什么
  • [ ] 香港即将出台首部网络安全法
• 安全牛
  • [ ] 国家发改委就《电力监控系统安全防护规定》（征求意见稿）公开征求意见
  • [ ] 黑客组织假冒IT员工攻击美国网络安全公司 ；攻击者利用幽灵GitHub账户网络分发恶意软件 | 牛览
• HackerNews
  • [ ] 城市供暖系统遭网络攻击被关闭，大量居民在寒冬下停暖近2天
  • [ ] 墨西哥 ERP 软件巨头云泄露超 7 亿条记录，内含密钥等敏感信息
  • [ ] 法国开展全国 U 盘病毒“消杀”行动
  • [ ] LangChain 曝关键漏洞，数百万AI应用面临攻击风险
  • [ ] 一名朝鲜黑客因对美国医院发动勒索软件攻击被指控
  • [ ] 卡巴斯基称，巴黎 25% 的公共 Wi-Fi 热点不安全
  • [ ] Mandiant 报告：朝鲜黑客组织 APT45 瞄准武器设计、核设施，并针对医疗机构进行勒索软件攻击
• 黑海洋 - WIKI
  • [ ] 在线手写模拟器-手写体文稿生成器
• rtl-sdr.com
  • [ ] KrakenSDR: Kraken Pro Cloud Mapper and Other Updates
• 奇客Solidot–传递最新科技情报
  • [ ] Linux Mint 22 释出
  • [ ] 苹果 iPhone 在华市场份额落在五名之外
  • [ ] 游戏表演者对游戏公司举行大罢工
  • [ ] Google DeepMind 新 AI 系统能在数学奥林匹克竞赛中取得银牌
  • [ ] OpenAI 推出 SearchGPT 与 Google 直接竞争
  • [ ] 联合国秘书长呼吁对极端炎热采取行动
  • [ ] 用 AI 生成的数据集训练模型可能导致模型崩溃
• 看雪学苑
  • [ ] IOT漏洞复现----RWCTF 6th - Let’s party in the house
  • [ ] 安全研究员强调，已删除的GitHub数据仍可被访问
  • [ ] 懂你野心，许你高薪！
  • [ ] 性价比极高！解锁Chrome V8引擎攻击方法
• 安全分析与研究
  • [ ] 银狐样本母体加载过程详细分析
• 代码卫士
  • [ ] Progress 提醒注意Telerik Report Server中的严重RCE漏洞
  • [ ] 研究员披露谷歌云平台上的 ConfusedFunction 漏洞
• 君哥的体历
  • [ ] 探讨非 http 供应链产品漏洞防范与不停业务之策| 总第255周
• 安全内参
  • [ ] 俄罗斯调整对乌网络战策略：从民用关基设施转向军事目标
  • [ ] 巴黎奥运会首席信息安全官披露赛事网络安保计划
• 关键基础设施安全应急响应中心
  • [ ] 基于漏洞情报构建高效漏洞运营体系实践
  • [ ] 国际ERP软件大厂云泄露超7亿条记录，内含密钥等敏感信息
  • [ ] 全球蓝屏损失网络保险赔吗？财富500强损失逾390亿！
• dotNet安全矩阵
  • [ ] HVV | .NET 攻防工具库，值得您拥有！
  • [ ] .NET 一款利用打印服务漏洞提权的工具
  • [ ] .NET威胁情报 | 某水务系统堆叠注入可RCE
  • [ ] 三个国内最专业的.NET安全知识库
• 信息安全国家工程研究中心
  • [ ] 巴黎奥运会开幕在即，网络安全挑战不可忽视，需警惕的潜在威胁有哪些？
• 网络空间安全科学学报
  • [ ] “网络空间安全学科建设和人才培养” 专刊（增刊）征稿通知
  • [ ] 活动预告 | “网安拾光”学术沙龙（第五期）“大模型安全”专刊文章分享会
• DataCon大数据安全分析竞赛
  • [ ] 蝉鸣半夏，心向网安！2024InForSec夏令营圆满落幕
• 长亭科技
  • [ ] 攻防激战正酣，看长亭今年出了什么新东西？
  • [ ] 专题·漏洞治理 | 防微杜渐，加强漏洞治理的应急响应环节
• 奇安信病毒响应中心
  • [ ] 每周勒索威胁摘要
• 数世咨询
  • [ ] 小技巧！利用条码扫描器快速修复CrowdStrike引起的Windows蓝屏
• 暗影安全
  • [ ] 一些与HVV本意背道而驰的“生意”
• 字节跳动技术团队
  • [ ] 字节大模型同传智能体，一出手就是媲美人类的同声传译水平
  • [ ] Vue3.4+Element-plus+Vite通用后台管理系统
• 山石网科安全技术研究院
  • [ ] 第四届CTF夏令营暨联合战队招新赛开始报名
• 火绒安全
  • [ ] 【火绒安全周报】警方侦破非法售卖网约车外挂案件/黑客伪装工程师入职
• Beacon Tower Lab
  • [ ] 【0726】重保演习每日情报汇总
• 青藤智库
  • [ ] LockBit引领勒索软件进入下个时代
• CNCERT国家工程研究中心
  • [ ] 5种不可或缺的基础性IT管理制度
  • [ ] 网络安全公司Wiz拒绝了谷歌230亿美元收购，关注IPO之路
  • [ ] 美国政府最大IT服务商发生严重数据泄漏
• 甲方安全建设
  • [ ] 「推安早报」0726 | Selenium Grid Rce、红队新技术、spring Skipper组件rce
• 极客公园
  • [ ] OpenAI「补票」AI 搜索，SearchGPT 没有野心
  • [ ] 智谱加入 AI 视频竞赛：使用 DiT 架构，30 秒生成视频片段
  • [ ] 俞敏洪、董宇辉发长信回应分手；OpenAI 正式发布 SearchGPT；百川智能确认完成 50 亿元融资 | 极客早知道
• 迪哥讲事
  • [ ] 任意文件读取rce
• IT Service Management News
  • [ ] Gli uomini possono fare tutto (luglio 2024)
  • [ ] Check list EDPB per audit all'intelligenza artificiale
• Over Security - Cybersecurity news aggregator
  • [ ] Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
  • [ ] Senators to FTC: Car companies’ data privacy practices must be investigated
  • [ ] Crypto exchange Gemini discloses third-party data breach
  • [ ] Google fixes Chrome Password Manager bug that hides credentials
  • [ ] FBCS data breach impact now reaches 4.2 million people
  • [ ] Another European Parliament member says he's been targeted with commercial spyware
  • [ ] July Windows Server updates break Remote Desktop connections
  • [ ] Acronis warns of Cyber Infrastructure default password abused in attacks
  • [ ] Sintesi riepilogativa delle campagne malevole nella settimana del 20 – 26 luglio
  • [ ] Fake postal messages targeting Indian users is linked to China, researchers say
  • [ ] Russian ransomware gangs account for 69% of all ransom proceeds
  • [ ] Russia admits to slowing YouTube speeds for refusing to comply with ‘legislation’
  • [ ] Il futuro è connesso, ma è anche sicuro? Le sfide della cyber security OT e IoT
  • [ ] Google fa dietrofront sui cookie di terze parti: cosa non ha funzionato e cosa accadrà
  • [ ] Disastro CrowdStrike: perché Microsoft accusa la UE e quali le possibili conseguenze
  • [ ] Il caso CrowdStrike e le fragilità della rete interconnessa: i rischi dei single points of failure
  • [ ] Data Privacy Framework: nelle FAQ dell’EDPB gli obblighi delle organizzazioni europee
  • [ ] Proxy: cosa sono e come utilizzarli per difendersi dai malware
  • [ ] Huawei EU Seeds for the Future 2024: dopo Roma, si va in Cina
  • [ ] Chrome migliora la sicurezza online analizzando anche i file protetti da password
  • [ ] RAT 9002 ha preso di mira le aziende italiane (anche governative): come difendersi
  • [ ] Cyber sicurezza nella sanità: gli impatti del ransomware e i punti deboli da presidiare
  • [ ] France launches large-scale operation to fight cyber spying ahead of Olympics
  • [ ] Il 25% dei Wi-Fi pubblici di Parigi non è sicuro
  • [ ] EvolvedAim: infostealer nascosto nel cheat per Escape From Tarkov
• ICT Security Magazine
  • [ ] Il Ruolo dei Big Data nell’Evoluzione del Commercio Elettronico
• 嘶吼专业版
  • [ ] Ghostscript 库中存在 RCE 漏洞，现已被积极利用
  • [ ] 国家金融监管总局：防范“AI换脸拟声”类新型电信网络诈骗
• SANS Internet Storm Center, InfoCON: green
  • [ ] ExelaStealer Delivered "From Russia With Love", (Fri, Jul 26th)
  • [ ] ISC Stormcast For Friday, July 26th, 2024 https://isc.sans.edu/podcastdetail/9070, (Fri, Jul 26th)
• Il Disinformatico
  • [ ] Podcast RSI - CrowdStrike, cronaca e cause di un collasso mondiale
• Securityinfo.it
  • [ ] Il 25% dei Wi-Fi pubblici di Parigi non è sicuro
  • [ ] EvolvedAim: infostealer nascosto nel cheat per Escape From Tarkov
• Desync InfoSec
  • [ ] Suricata检测Nacos默认密钥攻击
• Instapaper: Unread
  • [ ] 10 Million Users Compromised in Z-Library Phishing Site Hack
  • [ ] Police infiltrates, takes down DigitalStress DDoS-for-hire service
  • [ ] Apple “clearly underreporting” child sex abuse, watchdogs say
  • [ ] BreachForums v1 hacking forum data leak exposes members’ info
  • [ ] Android System Artifacts Forensic Analysis of Application Usage
  • [ ] Comprehensive Guide to Android 15 Security and Privacy Improvements
  • [ ] DFIR Breakdown Using Certutil To Download Attack Tools
  • [ ] Event Recap Forensics Europe Expo (FEE) 2024
  • [ ] New Auto Blocker in Samsung OneUI 6.1.1 Blocking APK Sideloading for Enhanced Security
• Deeplinks
  • [ ] Digital Apartheid in Gaza: Unjust Content Moderation at the Request of Israel’s Cyber Unit
• Information Security
  • [ ] Info-Tech Names Its 2024 Gold Medal Winners for Cloud Access Security Broker: Microsoft Defender for Cloud Apps (MSFT), Plurilock AI (PLUR.v PLCKF) & Prisma Cloud
  • [ ] CVE-2024-37084 :: CVSS Score 9.8 :: REMOTE CODE EXECUTION vulnerability in Spring Cloud Data Flow.
• The Hacker News
  • [ ] This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps
  • [ ] Offensive AI: The Sine Qua Non of Cybersecurity
  • [ ] U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals
  • [ ] Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining
  • [ ] CrowdStrike Warns of New Phishing Scam Targeting German Customers
  • [ ] Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk
• Technical Information Security Content & Discussion
  • [ ] New OpenSecurityTraining2 mini-class: "Debuggers 1102: Introductory Ghidra"
• Schneier on Security
  • [ ] Friday Squid Blogging: Sunscreen from Squid Pigments
  • [ ] Compromising the Secure Boot Process
• Social Engineering
  • [ ] Extroverts, please HELP!
  • [ ] Social engineering courses that are affordable that also cover actual SE?
  • [ ] Controlling a group vibe and age
  • [ ] Has anyone taken this SE course and what did you think?
  • [ ] Is Zaid Sabih’s social engineering course on Udemy any good?
  • [ ] How to stop taking things personally
• Computer Forensics
  • [ ] Fixing "Swap Error" When Using Volatility with VirtualBox
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • [ ] Amazon Security Engineering interview prep
• TorrentFreak
  • [ ] Music Industry Puts Pressure on ‘Parasitic’ Streaming App Musi
  • [ ] Major Labels Block 40 Pirate Domains, Search Deindexing More Concerning
• Your Open Hacker Community
  • [ ] How to do binary exploitation against a remote server
• Krebs on Security
  • [ ] Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
• Security Affairs
  • [ ] A bug in Chrome Password Manager caused user credentials to disappear
  • [ ] BIND updates fix four high-severity DoS bugs in the DNS software suite
  • [ ] Terrorist Activity is Accelerating in Cyberspace – Risk Precursor to Summer Olympics and Elections
• The Register - Security
  • [ ] CrowdStrike meets Murphy's Law: Anything that can go wrong will
  • [ ] Progress discloses second critical flaw in Telerik Report Server in as many months
  • [ ] North Korean chap charged for attacks on US hospitals, military, NASA – and even China
  • [ ] Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank
  • [ ] CrowdStrike update blunder may cost world billions – and insurance ain't covering it all
• Security Weekly Podcast Network (Audio)
  • [ ] Generative AI (as used by defenders AND attackers) will Drive SOC Evolution - Greg Notch, Edward Wu - ESW #369
  • [ ] Twitter, the DOJ, DarkSeoul, Fake Employees, PlugX, Stargazer Ghost, Aaran Leyland... - SWN #401