[每日信息流] 2024-07-30

[chainreactorbot]

每日安全资讯（2024-07-30）

• SecWiki News
  • [ ] SecWiki News 2024-07-29 Review
• 奇安信攻防社区
  • [ ] 记edusrc挖掘的骚技巧
• Files ≈ Packet Storm
  • [ ] mySCADA MyPRO Authenticated Command Injection
  • [ ] Ubuntu Security Notice USN-6926-1
  • [ ] Ubuntu Security Notice USN-6925-1
  • [ ] Blog Site 1.0 SQL Injection
  • [ ] Debian Security Advisory 5734-2
  • [ ] QuickJob 6.1 Insecure Settings
  • [ ] Prison Management System version 1.0 Insecure Settings
  • [ ] Ubuntu Security Notice USN-6924-1
  • [ ] Ubuntu Security Notice USN-6921-1
  • [ ] Ubuntu Security Notice USN-6923-1
  • [ ] Telegram For Android Connection::onReceivedData Use-After-Free
  • [ ] PowerVR _DevmemXReservationPageAddress() Wrapping Addition Error
  • [ ] PowerVR DevmemXIntMapPages() / DevmemXIntUnmapPages() Integer Overflows
  • [ ] PowerVR PMR Physical Memory Handling Flaw
  • [ ] Ubuntu Security Notice USN-6922-1
  • [ ] Ubuntu Security Notice USN-6920-1
  • [ ] Ubuntu Security Notice USN-6916-1
  • [ ] Pharmacy Management System 1.0 Insecure Settings
  • [ ] Online Payment Hub System 1.0 Insecure Settings
  • [ ] Ubuntu Security Notice USN-6918-1
  • [ ] Ubuntu Security Notice USN-6919-1
  • [ ] Ubuntu Security Notice USN-6917-1
  • [ ] Innue Business Live Chat 2.5 Insecure Settings
  • [ ] Red Hat Security Advisory 2024-4902-03
  • [ ] Red Hat Security Advisory 2024-4896-03
• Doonsec's feed
  • [ ] 互联网大厂历年薪资变化
  • [ ] 秦安：事关退役军人“五好”重大事项，国家最高层面的定位和要求，将激励我们化解风险、再立新功
  • [ ] 秦安：美上将妄言与中国开战信心足，我国防部不信邪有三大杀手锏
  • [ ] 牟林：果然哈里斯和特朗普扯平，好戏还在后头
  • [ ] SecWiki周刊（第543期）
  • [ ] 某系统漏洞挖掘小记
  • [ ] 学习干货|万字总结-速看！当CTF与实战结合，一篇成为CTFer
  • [ ] 内网＋域渗透知识速览
  • [ ] 【信息泄露】美国国防部把 SOCRadar.io 的 3.3 亿封电子邮件信息被非法出售？（其实就是黑客的名字相似被媒体误报）
  • [ ] 北京交通大学 | 面向个性化联邦学习的系统化后门攻击：方法与对抗（USENIX Security \'24）
  • [ ] 使用VMClarity提升虚拟机的安全性
  • [ ] 7.27-7.29hvv情报
  • [ ] 安全团队纳新，缺你不可！
  • [ ] 安卓逆向系列补充(三)
  • [ ] 特洛伊木马通过虚假 Chrome 网站针对中国 Windows 用户
  • [ ] 计划开讲dlp(终端数据防泄密)产品开发，有兴趣的可以加作者进群
  • [ ] 最高人民法院 最高人民检察院 公安部 |《关于办理跨境电信网络诈骗等刑事案件适用法律若干问题的意见》
  • [ ] 关于2024年“数据要素×”大赛全国总决赛推荐资格审核结果的公告
  • [ ] 自然资源部 | 加强智能网联汽车有关测绘地理信息安全管理的通知
  • [ ] 使用“AI换脸”技术篡改系统数据牟取暴利，多个团伙被判刑
  • [ ] 推动美国联邦政府加速安全上云，这份关键文件发布
  • [ ] 【HVV情报】2024-07-29
  • [ ] 倒计时2天！天帷信息首期数据合规沙龙期待您的参与
  • [ ] 微软大范围宕机事件为全球信息技术安全敲响警钟
  • [ ] 北京印发《北京市推动“人工智能+”行动计划(2024-2025年)》的通知
  • [ ] 中国最著名八大富婆
  • [ ] 用双缝干涉实验辩证奇门遁甲
  • [ ] G.O.S.S.I.P 阅读推荐 2024-07-29 欢迎观看DH秀！
  • [ ] 开源下一代Web应用程序防火墙(WAF)
  • [ ] 【资讯】上海市政府办公厅印发《上海市促进工业服务业赋能产业升级行动方案（2024-2027年）》
  • [ ] 【资讯】湖北省政府办公厅印发《湖北省加快未来产业发展实施方案（2024—2026年）》
  • [ ] 【资讯】山东省通管局等部门印发《山东省“5G蓝海 宽带海疆”建设实施方案》
  • [ ] 【资讯】大连市通管局就《大连市通信基础设施建设与保护条例（草案征求意见稿）》公开征求意见
  • [ ] 第二周开始了，这些新套路你见过没
  • [ ] 2024hvv最新漏洞威胁情报7.29
  • [ ] 今日热点
  • [ ] 【收藏篇】10个AI网站，工具多多（2024.7.29版）
  • [ ] 违反数据安全法的行政处罚案例合集
  • [ ] Windows 程序隐藏启动黑窗口总结
  • [ ] 绕过 defender、360 导出 Lsass.exe 内存工具
  • [ ] 干货 | 实战中通过AccessKey与AccessSecret接管文件存储服务的攻击场景
  • [ ] 人物 | 徐俊超：十年“东吴经验”，愿诸位共勉
  • [ ] 权威影响力 | 悬镜安全连续四年DevSecOps产品市场应用率第一
  • [ ] 2024最新最全的攻防情报库
  • [ ] 【今日焦点】2024年7月29日软件热点汇总
  • [ ] 安全热点周报：黑客利用 Twilio Authy 漏洞窃取数百万用户信息
  • [ ] 【7/29特辑，周一！五个！】用了恒脑，瞬间就不想努力了
  • [ ] 破解邀请码实现未授权访问和账户接管
  • [ ] 2024年奥运会安全威胁评估
  • [ ] 【Nday】Raisecom智能网关 list_base_config 远程命令执行漏洞【附poc】
  • [ ] 500+网络安全相关的面试题
  • [ ] 全方位、专业化、定制化比武竞赛方案——走进国投智能（美亚柏科）培训基地（二）
  • [ ] 渴望突破技术瓶颈？快来参加电子数据调查分析技术（中级）线上培训！
  • [ ] 专题·漏洞治理 | 漏洞全链路治理与运营管理建设
  • [ ] 网安圈兴起了「总裁文学」风
  • [ ] 邀请函|第五期移动互联网APP产品安全漏洞技术沙龙
  • [ ] Cookie-Monster：一款针对Web浏览器的安全分析与数据提取工具
  • [ ] Hvv-day6威胁情报日记
  • [ ] 【安全圈】微软仍然是网络钓鱼的头号目标，阿迪达斯和WhatsApp位列前10
  • [ ] 【安全圈】恶意PyPI包瞄准macOS窃取Google云凭据
  • [ ] 【安全圈】ATM机无法取钱，俄银行遭乌克兰大规模网络攻击
  • [ ] 【安全圈】法国当局启动行动，从受感染的系统中删除PlugX恶意软件
  • [ ] 近期值得关注的IOC（2024-07-29）
  • [ ] 【获奖周榜】以下网络安全专家已免费获赠阿瑞斯武器库批量查询工具
  • [ ] ISC·AI 2024 开幕倒计时2天！
  • [ ] ISC.AI 2024 安全融新 生态共赢 360数字安全生态大会议程“剧透”
  • [ ] ISC.AI 2024 全面融入·赋能未来 人工智能联合峰会议程“剧透”
  • [ ] ISC.AI 2024 新型涉网犯罪打击与治理论坛议程“剧透”
  • [ ] 携手共进，智领未来：陕西省电子数据司法鉴定应用研讨会圆满落幕！
  • [ ] 第61期|GPTSecurity周报
  • [ ] 黑客组织涉嫌泄露 Crowdstrike 威胁行为者名单及 2.5 亿 IOC 数据
• Twitter @Nicolas Krassas
  • [ ] Nearly 14K hit by BMW Hong Kong breach https://www.scmagazine.com/brief/nearly-14k-hit-by-bmw-hong-kong-breach
  • [ ] CVE-2023-41111: Samsung Baseband RLC Data Re-Assembly Buffer Overflow https://labs.taszk.io/blog/post/93_rlc_bof/
  • [ ] An Introduction to GCPwn – Part 1 https://www.netspi.com/blog/technical-blog/cloud-pentesting/introduction-to-gcpwn-part-1/
  • [ ] HealthEquity says data breach impacts 4.3 million people https://www.bleepingcomputer.com/news/security/healthequity-says-data-breach-impacts-43-milli...
  • [ ] 'Zeus' Hacker Group Strikes Israeli Olympic Athletes in Data Leak https://www.darkreading.com/threat-intelligence/zeus-hacker-group-strikes-israeli-ol...
  • [ ] Turning Outlook into a C2 client with a single registry value and the release of a new C2 framework https://www.reddit.com/r/netsec/comments/1ef6wm1/t...
  • [ ] OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover https://www.darkreading.com/endpoint-security/oauth-xss-attack-millions-web-use...
  • [ ] Former Avaya employee gets 4 years for $88M license piracy scheme https://www.bleepingcomputer.com/news/legal/former-avaya-employee-gets-4-years-for-8...
  • [ ] Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks https://www.bleepingcomputer.com/news/microsoft/microsoft-ransomware-gangs-expl...
  • [ ] Critical Flaw in Acronis Cyber Infrastructure Exploited in the Wild https://thehackernews.com/2024/07/critical-flaw-in-acronis-cyber.html
  • [ ] Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update https://go.theregister.com/feed/www.theregister....
  • [ ] Intruders at HealthEquity rifled through storage, stole 4.3M people's data https://go.theregister.com/feed/www.theregister.com/2024/07/29/healthequity...
  • [ ] Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails https://thehackernews.com/2024/07/proofpoint-email-routing-flaw-ex...
  • [ ] New Research in Detecting AI-Generated Videos https://www.schneier.com/blog/archives/2024/07/new-research-in-detecting-ai-generated-videos.html
  • [ ] Ukraine Claims Cyber Attack Disrupted Russian ATMs and Banking System https://hackread.com/ukraine-cyber-attack-disrupted-russian-atm-banking/
  • [ ] ImageMagick AppImage Vulnerability Opens Door to Arbitrary Code Execution https://securityonline.info/imagemagick-appimage-vulnerability-opens-door-to...
  • [ ] 32,000 Downloads: Kaspersky Exposes Mandrake Spyware’s Google Play Infiltration https://securityonline.info/mandrake-android-spyware-resurfaces-on-go...
  • [ ] Google Patches Chrome Password Manager Bug After Mass Outage https://securityonline.info/google-patches-chrome-password-manager-bug-after-mass-outage/
  • [ ] Google Patches Workspace Authentication Flaw, Thwarting Account Takeover Attempts https://securityonline.info/google-patches-workspace-authentication-...
  • [ ] Microsoft admits 8.5 million CrowdStruck machines estimate was lowballed https://go.theregister.com/feed/www.theregister.com/2024/07/29/microsoft_crow...
• 安全客-有思想的安全新媒体
  • [ ] 法国当局启动行动，从受感染的系统中删除PlugX恶意软件
  • [ ] 恶意PyPI包瞄准macOS窃取Google云凭据
  • [ ] 人工智能驱动的网络犯罪服务将钓鱼工具包与恶意安卓应用程序捆绑在一起
  • [ ] Lakera筹集了2000万美元用于确保GenAI应用程序的安全
  • [ ] 正在进行的网络攻击目标暴露了用于加密挖掘的Selenium网格服务
  • [ ] 零信任架构：重新定义现代IT环境中的网络安全
  • [ ] 威胁行为者积极利用 ServiceNow RCE 漏洞来窃取凭证
  • [ ] Telerik 报告服务器中的严重漏洞存在远程代码执行风险
  • [ ] BIND 更新修复了 DNS 软件套件中的四个严重 DoS 错误
  • [ ] ISC.AI 2024大型企业数字化转型安全发展论坛议程“剧透”
  • [ ] ISC.AI 2024 前瞻：打造安全大模型，引领安全行业革命
• Recent Commits to cve:main
  • [ ] Update Mon Jul 29 22:28:31 UTC 2024
  • [ ] Update Mon Jul 29 13:33:58 UTC 2024
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • [ ] 新增奖励规则！2024年恶意样本提交激励活动规则更新
  • [ ] 2024恶意样本提交激励计划：年中特别回馈惊喜来袭
  • [ ] 安全动态回顾 | 关于下达5项网络安全推荐性国家标准计划的通知 Docker修复了存在5年之久的关键身份验证绕过漏洞
  • [ ] 黑客攻击 HFS 服务器以投放恶意软件和 Monero 矿工
  • [ ] 假冒 CrowdStrike 使用恶意软件和数据擦除程序修复目标公司
• Private Feed for M09Ic
  • [ ] projectdiscovery forked projectdiscovery/goleak from uber-go/goleak
  • [ ] 4ra1n starred JoyChou93/trident
  • [ ] mgeeky starred pushsecurity/saas-attacks
  • [ ] WAY29 starred CUCyber/ja3transport
  • [ ] 4ra1n released 2.23 at jar-analyzer/jar-analyzer
  • [ ] 4ra1n started following JoyChou93
  • [ ] mgeeky starred GyulyVGC/sniffnet
  • [ ] mgeeky starred sehno/Bug-bounty
  • [ ] mgeeky starred Whitecat18/Rust-for-Malware-Development
  • [ ] 4ra1n starred Ciphey/Ciphey
  • [ ] ManassehZhou starred hupe1980/node-rasp
  • [ ] LloydLabs starred PwCUK-CTO/BinaryNinja_shellcodehashes
  • [ ] yqcs released 棱镜 X Download at yqcs/prismx
  • [ ] gh0stkey starred orbstack/orbstack
  • [ ] Rvn0xsy starred yj94/BinarySpy
  • [ ] timwhitez starred CognisysGroup/SweetDreams
  • [ ] timwhitez starred chainreactors/fingers
  • [ ] timwhitez starred zer0yu/xrecon
  • [ ] zer0yu made zer0yu/xrecon public
  • [ ] zer0yu started following shuanx
  • [ ] zer0yu starred Ackites/KillWxapkg
  • [ ] zer0yu starred lcark/Tai-e-demo
  • [ ] zer0yu starred zer0yu/xrecon
  • [ ] yzddmr6 starred Col-E/Recaf
  • [ ] INotGreen started following yj94
  • [ ] zer0yu starred crowdsecurity/crowdsec
  • [ ] zer0yu starred nneeoo/PSStopBruteforce
• obaby@mars
  • [ ] ｜
• Sucuri Blog
  • [ ] WordPress Vulnerability & Patch Roundup July 2024
• Trustwave Blog
  • [ ] CISO Webinar Outlines Trustwave's Journey to Adopting Microsoft E5 Security Offerings
• Security Boulevard
  • [ ] Ostrich Cyber-Risk Recognized in 2024 Gartner® Hype Cycle™ for Cyber-Risk Management
  • [ ] USENIX Security ’23 – Device Tracking via Linux’s New TCP Source Port Selection Algorithm
  • [ ] Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #299 — Motivation and Reality
  • [ ] HealthEquity: 4.3 Million People Affected by Data Breach
  • [ ] AI-Powered Cybersecurity: How Artificial Intelligence is Transforming the OSI Model
  • [ ] WTH? Google Auth Bug Lets Hackers Login as You
  • [ ] USENIX Security ’23 – Did the Shark Eat The Watchdog In The NTP Pool? Deceiving The NTP Pool’s Monitoring System
  • [ ] Crowdstrike outage: Growing scams amid global outage
  • [ ] The NIS2 Directive: Implications for Your Organization
  • [ ] API Posture Management – Common Topics We’re Asked About
• Misc
  • [ ] Analyzing XFS API Calls
• paper - Last paper
  • [ ] 老树开新花：大模型时代的代码执行沙箱
• Horizon3.ai
  • [ ] NodeZero Cloud Pentesting
  • [ ] NodeZero Tripwires
  • [ ] NodeZero Fact Sheet
  • [ ] NodeZero Capability Statement
• SpiderLabs Blog
  • [ ] Knowing your Enemy: Situational Awareness in Cyber Defenses
• Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
  • [ ] DNC (Democratic National Committee) Domains C&C Portfolio
  • [ ] Domains Portfolio Operated by Cytrox Spyware
  • [ ] Domains Portfolio Operated by EncroChat
• Binary Ninja
  • [ ] The Fallback Type Library
• SentinelOne
  • [ ] PinnacleOne ExecBrief | This Is Not A Drill – Risks In Modern Digital Infrastructures
  • [ ] Going For Gold | Russian Threats to the Olympic Games
• HAHWUL
  • [ ] Hidden XSS? No User Interaction!
• Reverse Engineering
  • [ ] /r/ReverseEngineering's Weekly Questions Thread
  • [ ] Very Nice Hex Editor with plugins. IMHEX. Linux/Win/Mac Open Source.
  • [ ] Did you think XSS is dead? over 1 million websites are at risk of sensitive information leakage
• Malwarebytes
  • [ ] SIEM is not storage, with Jess Dodson (Lock and Code S05E16)
  • [ ] US senators ask FTC to investigate car makers’ privacy practices
  • [ ] A week in security (July 22 – July 28)
• Security Café
  • [ ] An ex psychologist’s journey into Cyber Security
• 安全牛
  • [ ] 揭秘攻击者规避XDR检测的惯用手法及应对建议
  • [ ] 代码删除仍可访问？GitHub称是特别设计; 两部门就《国家网络身份认证公共服务管理办法（征求意见稿）》公开征求意见 | 牛­览
• FreeBuf网络安全行业门户
  • [ ] USRC挖洞夏令营 | 青春激荡，安全护航
  • [ ] 《国家网络身份认证公共服务管理办法（征求意见稿）》发布
  • [ ] “PKFail”漏洞威胁：数百万设备安全启动机制遭绕过风险
  • [ ] 微软仍然是网络钓鱼的头号目标，阿迪达斯和WhatsApp位列前10
  • [ ] FreeBuf早报 | 黑客操纵 GitHub 传播恶意程序；FBCS 数据泄露影响 420 万人
  • [ ] 专题·漏洞治理 | 漏洞全链路治理与运营管理建设
  • [ ] ATM机无法取钱，俄银行遭乌克兰大规模网络攻击
• 黑海洋 - WIKI
  • [ ] 搭建Docker compose管理面板dockge
  • [ ] 搭建NPS内网穿透,搭配openwrt软路由
  • [ ] 如何构建属于自己的docker镜像
  • [ ] 免手机验证注册Gmail邮箱
  • [ ] 智谱AI刚发布的视频生成工具
  • [ ] 将思维转化为清晰的文本笔记 - AI语音转文本工具
• Security Blog | Praetorian
  • [ ] Drop the Mic (CVE-2019-1166)
  • [ ] Amazon Cloud Integration Capability with Chariot
  • [ ] Adjacent Discovery Capability with Chariot
• HackerNews
  • [ ] 微软仍然是网络钓鱼的头号目标，阿迪达斯和 WhatsApp 位列前 10
  • [ ] ATM 机无法取钱，俄银行遭乌克兰大规模网络攻击
  • [ ] 黎巴嫩卫生部 55GB 数据泄露于暗网
  • [ ] 抢占标准制高点，NIST 发布 AI 模型风险测试工具
  • [ ] 俄罗斯调整对乌网络战策略：从民用关基设施转向军事目标
  • [ ] 数百万台设备易受“PKFail”安全启动绕过漏洞影响
  • [ ] 恶意 PyPI 软件包瞄准 macOS 以窃取 Google Cloud 凭证
  • [ ] 法国在奥运会前展开大规模行动打击网络间谍活动
• 奇客Solidot–传递最新科技情报
  • [ ] Chrome 服务故障导致部分用户无法访问保存的密码
  • [ ] MMFA 主张持有特斯拉股票的法官不应审理马斯克 vs MMFA 的诉讼
  • [ ] 音乐的记忆不会随着年龄而逐渐消失
  • [ ] 一种致命病毒如何演化出不感染人类
  • [ ] X 平台因 AI 数据使用问题面临监管机构质询
  • [ ] 盗窃者利用干扰设备干扰 Wi-Fi 安全摄像头
  • [ ] 网信办发布《国家网络身份认证公共服务管理办法（征求意见稿）》
  • [ ] 数百款 PC 的 Secure Boot 使用了泄露的密钥
  • [ ] Linux 6.11-rc1 释出
  • [ ] 在 2024 年用 Windows XP 上网会发生什么
• 腾讯玄武实验室
  • [ ] 每日安全动态推送(7-29)
• 暗影安全
  • [ ] 网络攻防，一触即发！企业安全防护的必读宝典来了...
  • [ ] 攻防有道，云原生环境下的安全攻防与运营新视角！
• 代码卫士
  • [ ] 卡巴斯基：美国拒绝由第三方审计代码的提案
  • [ ] 恶意PyPI 包针对 macOS，窃取谷歌云凭据
• 安全内参
  • [ ] 推动美国联邦政府加速安全上云，这份关键文件发布
  • [ ] 使用“AI换脸”技术篡改系统数据牟取暴利，多个团伙被判刑
• 黑奇士
  • [ ] 一张图说明新东方内斗的根源
• 看雪学苑
  • [ ] Windows主机入侵检测与防御内核技术深入解析（9）
  • [ ] 浏览器所有内置密码消失不见，影响约1500万Chrome用户
  • [ ] 今日更新章节：条件跟踪！x64dbg入门实战
• dotNet安全矩阵
  • [ ] .NET 一款获取主流浏览器存储密码的工具
  • [ ] 2024hvv | 10套.NET系统漏洞威胁情报(持续更新)
  • [ ] .NET内网实战：通过傀儡进程执行Shellcode
• 全频带阻塞干扰
  • [ ] 柯南的武器库 | 探秘日本侦探器材店
• 数世咨询
  • [ ] CISA“安全设计”倡议一周年：一份成绩单
• 中国信息安全
  • [ ] 全球视野 | 国际网安快讯（第21期）
  • [ ] 发布 | 最高检发布检察机关依法惩治利用网络暴力侵犯企业合法权益典型案例
  • [ ] 评论 | 微软大范围宕机事件为全球信息技术安全敲响警钟
  • [ ] 关注 | 阳光高考网、升学指导网……正值升学高峰期，这17款APP被通报！
  • [ ] 前沿 | 推进人工智能治理国际合作
  • [ ] 国际 | 印度个人数据跨境传输规则
  • [ ] 关注 | 风靡一时的虹膜写真会泄露个人信息吗？
• 关键基础设施安全应急响应中心
  • [ ] 关键基础设施安全资讯周报20240729期
  • [ ] Telegram新型0Day漏洞曝光，将BUG藏在视频传播
  • [ ] 俄罗斯调整对乌网络战策略：从民用关基设施转向军事目标
• CNCERT国家工程研究中心
  • [ ] CNCERT国家工程研究中心安全资讯周报20240729期
  • [ ] Ghostscript 库中存在 RCE 漏洞，现已被积极利用
  • [ ] 疑朝鲜黑客出手！韩国国防情报司令部（KDIC）发生严重泄密事件
• 安全研究GoSSIP
  • [ ] G.O.S.S.I.P 阅读推荐 2024-07-29 欢迎观看DH秀！
• 安全学术圈
  • [ ] 北京交通大学 | 面向个性化联邦学习的系统化后门攻击：方法与对抗（USENIX Security '24）
• KCon 黑客大会
  • [ ] 演讲议题巡展 | 多角度看Konni组织的攻击升级
• 字节跳动安全中心
  • [ ] 3倍积分奖励！抖音敏感数据专测上线！
• 嘶吼专业版
  • [ ] 黑客攻击 HFS 服务器以投放恶意软件和 Monero 矿工
  • [ ] 安全动态回顾 | 关于下达5项网络安全推荐性国家标准计划的通知 Docker修复了存在5年之久的关键身份验证绕过漏洞
• 美团安全应急响应中心
  • [ ] 新机会，新挑战，新可能，美团信息安全部邀你加入~
• 字节跳动技术团队
  • [ ] PICO交互感知团队 - 可控3D版生成来袭：Coin3D实现三维可控的物体生成
• CNVD漏洞平台
  • [ ] CNVD漏洞周报2024年第30期
  • [ ] 上周关注度较高的产品安全漏洞(20240722-20240728)
• Beacon Tower Lab
  • [ ] 【0729】重保演习每日情报汇总
• 奇安盘古
  • [ ] 携手共进，智领未来：陕西省电子数据司法鉴定应用研讨会圆满落幕！
• 迪哥讲事
  • [ ] 干货 | 实战中通过AccessKey与AccessSecret接管文件存储服务的攻击场景
• Over Security - Cybersecurity news aggregator
  • [ ] Android spyware 'Mandrake' hidden in apps on Google Play since 2022
  • [ ] New Specula tool uses Outlook for remote code execution in Windows
  • [ ] Apple iOS 18.1 Beta previews Apple Intelligence for the first time
  • [ ] WordPress Vulnerability & Patch Roundup July 2024
  • [ ] Influence actors expected to adjust tactics amid chaotic election cycle, intel official says
  • [ ] Former Avaya employee gets 4 years for $88M license piracy scheme
  • [ ] State Department: UN cybercrime treaty must include human rights protections
  • [ ] Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks
  • [ ] Pro-Ukrainian hackers claim attack on Russian cyber company
  • [ ] July 2024 Web Server Survey
  • [ ] HealthEquity says data breach impacts 4.3 million people
  • [ ] UNetLab v3 development series
  • [ ] Ansible automation series
  • [ ] Una nuova campagna sfrutta Selenium Grid per il mining di Monero
  • [ ] Proofpoint settings exploited to send millions of phishing emails daily
  • [ ] LinkedIn e profili falsi
  • [ ] “EchoSpoofing” — A Massive Phishing Campaign Exploiting Proofpoint’s Email Protection to Dispatch…
  • [ ] French telecom infrastructure damaged in another sabotage attack
  • [ ] L’intervento di Israele nella causa WhatsApp contro NSO: un’analisi dettagliata
  • [ ] Mandrake spyware sneaks onto Google Play again, flying under the radar for two years
  • [ ] CERT-AGID 20 – 26 luglio: 39 campagne malevole e nuove combolist su Telegram
  • [ ] Misconfigured Selenium Grid servers abused for Monero mining
• 极客公园
  • [ ] 逛遍 ChinaJoy，发现 AI 对游戏产业的四个改变
  • [ ] 这款巴黎奥运会火了的跑鞋，全是科技与狠活
  • [ ] 月之暗面和 MiniMax 的投资人，联手投了 AI 图像赛道的最大笔融资
  • [ ] 罗永浩评董宇辉离职：忍不了烂人只能创业；小鹏飞行汽车曝光，六轮驱动；唐尼回归「复联」新片，钢铁侠变反派 | 极客早知道
• TrustedSec
  • [ ] Specula - Turning Outlook Into a C2 With One Registry Change
• SANS Internet Storm Center, InfoCON: green
  • [ ] ISC Stormcast For Monday, July 29th, 2024 https://isc.sans.edu/podcastdetail/9072, (Mon, Jul 29th)
  • [ ] CrowdStrike Outage Themed Maldoc, (Mon, Jul 29th)
• Securityinfo.it
  • [ ] Una nuova campagna sfrutta Selenium Grid per il mining di Monero
  • [ ] CERT-AGID 20 – 26 luglio: 39 campagne malevole e nuove combolist su Telegram
• T00ls安全
  • [ ] 记一次NginxWebUI 引发的渗透
• Full Disclosure
  • [ ] APPLE-SA-07-29-2024-9 visionOS 1.3
  • [ ] APPLE-SA-07-29-2024-8 tvOS 17.6
  • [ ] APPLE-SA-07-29-2024-7 watchOS 10.6
  • [ ] APPLE-SA-07-29-2024-6 macOS Monterey 12.7.6
  • [ ] APPLE-SA-07-29-2024-5 macOS Ventura 13.6.8
  • [ ] APPLE-SA-07-29-2024-4 macOS Sonoma 14.6
  • [ ] APPLE-SA-07-29-2024-3 iOS 16.7.9 and iPadOS 16.7.9
  • [ ] APPLE-SA-07-29-2024-2 iOS 17.6 and iPadOS 17.6
  • [ ] APPLE-SA-07-29-2024-1 Safari 17.6
  • [ ] Bunch of IoT CVEs
• Schneier on Security
  • [ ] New Research in Detecting AI-Generated Videos
• Taszk Labs on taszk.io labs
  • [ ] CVE-2023-41111: Samsung Baseband RLC Data Re-Assembly Buffer Overflow
  • [ ] CVE-2023-41112: Samsung Baseband RLC Data Re-Assembly Heap Buffer Overflow
  • [ ] Unburdened By What Has Been: Exploiting New Attack Surfaces in Radio Layer 2 for Baseband RCE on Samsung Exynos
• NetSPI
  • [ ] Media Alert: NetSPI Dominates Black Hat USA 2024 and DEF CON 32 with Five Can’t-Miss Speaking Sessions and Unveiling of CAASM
  • [ ] An Introduction to GCPwn – Part 1
• Graham Cluley
  • [ ] Hacking gang leaks documents stolen from Pentagon IT provider
• Trend Micro Research, News and Perspectives
  • [ ] How to Write a Generative AI Cybersecurity Policy
• TorrentFreak
  • [ ] ‘Indian Police Pinpoint Seat of Movie “Camming” Pirate by Analyzing the Film Angle’
  • [ ] Ad Blocking Infringes Copyright? Ancient Sony Cheat Lawsuit May Prove Pivotal
• Securelist
  • [ ] Mandrake spyware sneaks onto Google Play again, flying under the radar for two years
• The Register - Security
  • [ ] Meta's AI safety system defeated by the space bar
  • [ ] US border cops really must get a warrant in NY before searching your phones, devices
  • [ ] Intruders at HealthEquity rifled through storage, stole 4.3M people's data
  • [ ] Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update
  • [ ] Post-CrowdStrike, Microsoft to discourage use of kernel drivers by security tools
  • [ ] China ponders creating a national 'cyberspace ID'
  • [ ] Secure Boot useless on hundreds of PCs from major vendors after key leak
• Deeplinks
  • [ ] Senators Expose Car Companies’ Terrible Data Privacy Practices
  • [ ] EFF’s Concerns About the UN Draft Cybercrime Convention
  • [ ] Why You Should Hate the Proposed UN Cybercrime Treaty
• 青藤智库
  • [ ] 勒索软件的防御手段和检测技术
• Technical Information Security Content & Discussion
  • [ ] “EchoSpoofing” — A Massive Phishing Campaign Exploiting Proofpoint’s Email Protection to Dispatch Millions of Perfectly Spoofed Emails
  • [ ] Turning Outlook into a C2 client with a single registry value and the release of a new C2 framework
  • [ ] Blind Trust and Broken Fixes: The Ongoing Battle with LogoFAIL Vulnerabilities
• Blackhat Library: Hacking techniques and research
  • [ ] WIX & WIX-Premium websites: Data practically Free
• Security Affairs
  • [ ] Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085
  • [ ] Acronis Cyber Infrastructure bug actively exploited in the wild
  • [ ] Fake Falcon crash reporter installer used to target German Crowdstrike users
  • [ ] Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • [ ] Week in Brief #62: North Korea Operative Infiltrates KnowBe4, SAP AI Core Flaws, CISO Challenges, Layoffs
  • [ ] Advanced Cybesecurity Projects
  • [ ] Advice on getting started
• Deep Web
  • [ ] Which OS are you guys using?
• Social Engineering
  • [ ] Do you think Elon Musk is manipulating media comments to sway public opinion?
  • [ ] what are a good list of ethical and legal flags from beginner to expert to look for?
• Your Open Hacker Community
  • [ ] IP verification in websites
  • [ ] Why doesn't John The Ripper show me the list of formats?
• Information Security
  • [ ] The Data Security Duo: Data Encryption and Vulnerability Scans
  • [ ] Week in Brief #62: North Korea Operative Infiltrates KnowBe4, SAP AI Core Flaws, CISO Challenges, Layoffs
  • [ ] What is Persistent File Protection?
• Computer Forensics
  • [ ] Forensic Machine Opinions
  • [ ] What happened to the nist portal with images?
  • [ ] 13 Cubed Review - Windows EndPoint
  • [ ] In 2011, my close family member was accused of using his phone to record a minor. Police took his phone and found no evidence of a recording. I just have a question regarding this please.
• The Hacker News
  • [ ] Critical Flaw in Acronis Cyber Infrastructure Exploited in the Wild
  • [ ] Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails
  • [ ] How Searchable Encryption Changes the Data Security Game
  • [ ] 'Stargazer Goblin' Creates 3,000 Fake GitHub Accounts for Malware Spread
  • [ ] Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site
• Security Weekly Podcast Network (Audio)
  • [ ] Identity Security Posture Management - Allan Alford, Dor Fledel - BSW #358