chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

110 stars 19 forks source link

[每日信息流] 2024-08-01 #609

Closed chainreactorbot closed 2 months ago

chainreactorbot commented 3 months ago

每日安全资讯（2024-08-01）

奇安信攻防社区
- [ ] 使用自动化工具寻找sql注入漏洞
bunnie's blog
- [ ] Name that Ware, July 2024
- [ ] Winner, Name that Ware June 2024
Private Feed for M09Ic
- [ ] 4ra1n released 2.24 at jar-analyzer/jar-analyzer
- [ ] INotGreen starred ELMERIKH/TelecordC2
- [ ] timwhitez created a repository timwhitez/BinHol
- [ ] INotGreen started following orangetw
- [ ] gh0stkey starred shadowsocks/shadowsocks-rust
- [ ] kpcyrd starred signalapp/Signal-Calling-Service
- [ ] glzjin starred theajack/disable-devtool
- [ ] Rvn0xsy starred ferion11/ttf-wps-fonts
- [ ] Rvn0xsy starred jayknoxqu/wps-symbol-fonts
- [ ] nightRainy starred reactos/reactos
- [ ] esrrhs starred shazow/ssh-chat
- [ ] gh0stkey starred miss-mumu/developer2gwy
- [ ] CHYbeta starred miss-mumu/developer2gwy
- [ ] yzddmr6 starred lintstar/CS-AutoPostChain
- [ ] panjf2000 starred drawdb-io/drawdb
安全客-有思想的安全新媒体
- [ ] 打造安全大模型，引领安全行业革命
- [ ] 苹果加入美国政府对人工智能安全的自愿承诺
- [ ] 新型 SideWinder 网络攻击以多国海事设施为目标
- [ ] OneDrive 网络钓鱼诱使用户执行恶意 PowerShell 脚本
- [ ] Google Workspace 认证漏洞导致数千封电子邮件被泄露
- [ ] 全球数据泄露成本创历史新高
- [ ] 两年后在Google Play商店应用程序中发现新的曼德拉间谍软件
- [ ] 网络犯罪分子利用Tesla代理和Formbook恶意软件瞄准波兰企业
- [ ] 勒索软件团伙利用 ESXi 漏洞对虚拟机进行即时、大规模加密
- [ ] 针对Microsoft OneDrive用户的网络钓鱼活动
CXSECURITY Database RSS Feed - CXSecurity.com
- [ ] Alecto IVM-100 2019-11-12 Missing Authentication
- [ ] Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 Denial Of Service
- [ ] One2Track 2019-12-08 Missing PIN
- [ ] Epson Expression Home XP255 20.08.FM10I8 Missing Authentication
- [ ] Brother MFC-J491DW C1806180757 Password Hash Disclosure
Files ≈ Packet Storm
- [ ] OpenMediaVault rpc.php Authenticated Cron Remote Code Execution
- [ ] Readymade Real Estate Script SQL Injection / Cross Site Scripting
- [ ] Ubuntu Security Notice USN-6934-1
- [ ] Ubuntu Security Notice USN-6932-1
- [ ] Ubuntu Security Notice USN-6931-1
- [ ] Ubuntu Security Notice USN-6930-1
- [ ] AMPLE BILLS 1.0 Cross Site Scripting
- [ ] Ubuntu Security Notice USN-6929-1
- [ ] Aero CMS 0.0.1 Cross Site Request Forgery
- [ ] Ubuntu Security Notice USN-6928-1
- [ ] SchoolPlus LMS 1.0 SQL Injection
- [ ] AccPack Khanepani 1.0 Insecure Direct Object Reference
- [ ] Red Hat Security Advisory 2024-4938-03
- [ ] Red Hat Security Advisory 2024-4937-03
- [ ] Red Hat Security Advisory 2024-4936-03
- [ ] Red Hat Security Advisory 2024-4935-03
- [ ] Red Hat Security Advisory 2024-4934-03
- [ ] Red Hat Security Advisory 2024-4933-03
- [ ] AccPack Cop 1.0 SQL Injection
- [ ] Red Hat Security Advisory 2024-4928-03
- [ ] Red Hat Security Advisory 2024-4922-03
- [ ] Red Hat Security Advisory 2024-4913-03
- [ ] Red Hat Security Advisory 2024-4912-03
- [ ] AccPack Buzz 1.0 Arbitrary File Upload
- [ ] Red Hat Security Advisory 2024-4911-03
Security Boulevard
- [ ] Understanding the Impact of the CrowdStrike Event
- [ ] New Jack Henry Banno Integration from Allure Security Strengthens Security Against Phishing and Online Impersonations
- [ ] Taylor Swift Ticket Leak: A Potential Threat from the Recent TicketMaster Breach
- [ ] USENIX Security ’23 – Oops..! I Glitched It Again! How to Multi-Glitch the Glitching-Protections on ARM TrustZone-M
- [ ] Microsoft: DDoS Attack on Azure Services Exacerbated by Defense Error
- [ ] Less is More…|more or |less
- [ ] State of SaaS Security Report 2024: Key Findings & Tips from Deployments at Scale
- [ ] TrustCloud Product Updates: July 2024
- [ ] Emulating the Politically Motivated North Korean Adversary Andariel – Part 2
- [ ] The big cybersecurity themes at Black Hat 2024 — and why they matter
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- [ ] Android 间谍软件“Mandrake”自 2022 年以来就隐藏在 Google Play 中
obaby@mars
- [ ] 也谈 cf 的 npm 代理以及 uniapp vendor.js 压缩
Tenable Blog
- [ ] Tenable Cloud Security To Help Fed Agencies Tackle Cloud Challenges as It Nears FedRAMP Authorization
Recent Commits to cve:main
- [ ] Update Wed Jul 31 22:29:12 UTC 2024
- [ ] Update Wed Jul 31 14:35:44 UTC 2024
- [ ] Update Wed Jul 31 06:37:57 UTC 2024
Trustwave Blog
- [ ] Trustwave SpiderLabs: SYS01 and Rilide Linked to Same Actor
Twitter @Nicolas Krassas
- [ ] MITMing the Xbox 360 Dashboard for Fun and RCE https://www.reddit.com/r/netsec/comments/1egs8rn/mitming_the_xbox_360_dashboard_for_fun_and_rce/
- [ ] Create your own custom implant for Initial Access - Blog https://www.reddit.com/r/netsec/comments/1egu4cb/create_your_own_custom_implant_for_initial_a...
- [ ] CVE-2024-7205 in eWeLink Cloud Service Exposes Devices to Takeover https://securityonline.info/cve-2024-7205-in-ewelink-cloud-service-exposes-devices-...
- [ ] World leading silver producer Fresnillo discloses cyberattack https://www.bleepingcomputer.com/news/security/world-leading-silver-producer-fresnillo-d...
- [ ] Fraud ring pushes 600+ fake web shops via Facebook ads https://www.bleepingcomputer.com/news/security/fraud-ring-pushes-600-plus-fake-web-shops-via-fa...
- [ ] OneBlood's virtual machines encrypted in ransomware attack https://www.bleepingcomputer.com/news/security/onebloods-virtual-machines-encrypted-in-rans...
- [ ] New Android malware wipes your device after draining bank accounts https://www.bleepingcomputer.com/news/security/new-android-malware-wipes-your-devic...
- [ ] City Of Columbus Says Data Compromised In Ransomware Attack https://packetstormsecurity.com/news/view/36161/City-Of-Columbus-Says-Data-Compromised-In-...
- [ ] CrowdStrike Faces Lawsuits From Customers, Investors https://packetstormsecurity.com/news/view/36162/CrowdStrike-Faces-Lawsuits-From-Customers-Investo...
- [ ] Mysterious Family Of Malware Hid In Google Play For Years https://packetstormsecurity.com/news/view/36163/Mysterious-Family-Of-Malware-Hid-In-Google-P...
- [ ] Spamhaus Is Disappointed With CloudFlare https://packetstormsecurity.com/news/view/36164/Spamhaus-Is-Disappointed-With-CloudFlare.html
- [ ] Escalating Privileges in Google Cloud via Open Groups https://www.netspi.com/blog/technical-blog/cloud-pentesting/escalating-privileges-in-google-clou...
- [ ] Teaching the Old .NET Remoting New Exploitation Tricks https://code-white.com/blog/teaching-the-old-net-remoting-new-exploitation-tricks/
- [ ] Google ads push fake Google Authenticator site installing malware https://www.bleepingcomputer.com/news/security/google-ads-push-fake-google-authentic...
- [ ] Five months after takedown, LockBit is a shadow of its former self https://go.theregister.com/feed/www.theregister.com/2024/07/31/five_months_after_lo...
- [ ] Malicious PowerShell script executed in OneDrive phishing campaign https://www.scmagazine.com/brief/malicious-powershell-script-executed-in-onedrive-p...
- [ ] DBatLoader leveraged in widespread phishing campaign https://www.scmagazine.com/brief/dbatloader-leveraged-in-widespread-phishing-campaign
- [ ] Nearly 10-hour Azure outage caused by DDoS attack, says Microsoft https://www.scmagazine.com/news/nearly-10-hour-azure-outage-caused-by-ddos-attack-sa...
- [ ] Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR Malware https://thehackernews.com/2024/07/chinese-hackers-target-japanese-firms.html
- [ ] Microsoft's blame of EU regs for the CrowdStrike outage doesn’t make sense https://www.scmagazine.com/perspective/microsofts-blame-of-eu-regs-for-the...
SecWiki News
- [ ] SecWiki News 2024-07-31 Review
Doonsec's feed
- [ ] 【hw】2024护网漏洞情报-第六弹
- [ ] 2024HW漏洞梭哈工具上线
- [ ] 北极星携手威零实验室
- [ ] 7.31hvv情报
- [ ] 未来5年如何活下去
- [ ] 秦安：美国债务警告！突破35万亿美元大关，英国评估已破产，看看数据，竟然有一个共同的原因
- [ ] 秦安：突发！韩国海军称误射火箭弹，会引发朝鲜反制吗？
- [ ] 秦安：非常让人震惊，哈马斯政治局领导人在伊朗被暗杀，怎么了？
- [ ] 网安学术 | 一种智能弹性的 3 层网络安全防御架构
- [ ] 行业动态｜ISC.AI 2024在京开幕：院士专家共议“安全+AI”发展新路径
- [ ] 行业•政策｜国家数据局最新发声！发布一批数据领域政策措施
- [ ] IT环境多样性：供应链安全和网络弹性之源！
- [ ] Trap 后门 | Linux 后门系列
- [ ] 天帷信息携手兰迪（合肥）律所成功举办首期数据合规沙龙
- [ ] 培训动态丨天帷网络安全课堂8月开班计划
- [ ] HVV-蓝队娱乐骚操作
- [ ] Mac渗透工具箱Spear V3：简化操作，优化体验
- [ ] 7月31日hvv情报推送
- [ ] 学习干货|实战某次行业攻防应急响应(附环境)
- [ ] src挖掘-记一次付费资源的sign绕过
- [ ] 【HVV情报】2024-07-31
- [ ] 第二届切面联盟会议成功举办，解锁安全生态发展新视角
- [ ] 诸子云 | 活动：7.27北京「金融&互联网」私董会
- [ ] 攻防演练丨超级SIM安全方案筑牢网络安全“铜墙铁壁”，攻击轻松拿捏
- [ ] 碳足迹评价结果实现国内外互认！赛迪认证携手Intertek为洲明UpanelⅡ系列产品颁发碳足迹评价证书
- [ ] 中国软件评测中心高分通过源代码安全检测测量审核
- [ ] 悄悄绕过基于TLS指纹的机器人检测
- [ ] 典型案例丨贵州习酒股份有限公司工业控制安全项目
- [ ] 荐读丨以威胁假设和压力测试构建面向未来的安全能力
- [ ] 内容排版风格改变。
- [ ] 【漏洞预警】Apache SeaTunnel Web 身份验证漏洞（CVE-2023-48396）
- [ ] 爱奇艺SRC延长暂停漏洞测试时间公告
- [ ] G.O.S.S.I.P 阅读推荐 2024-07-31 开发一个链接器
- [ ] 人行征求意见！征信信息安全管理规定修改
- [ ] GEEKCON 中国站 | 报名开启 10.24上海见
- [ ] 安徽省发布“加快推进数字经济高质量发展”三年行动方案
- [ ] 专家观点 | 人工智能时代，从法律层面保护好数据主权
- [ ] 办公电脑遭病毒远程控制！公安部发布多起财会人员被黑典型案例
- [ ] Meta因未经用户许可使用面部识别技术向德州支付14亿美元
- [ ] 聚焦ISC.AI 2024 | 吴世忠院士：对生成式AI安全研究的九点观察
- [ ] 聚焦ISC.AI 2024 | 周鸿祎发布国内首个免费安全大模型安全能力超越GPT-4
- [ ] 聚焦ISC.AI 2024 | 共建安全+AI新生态，ISC.AI 2024第十二届互联网安全大会在京开幕
- [ ] 关注 | 网络安全等级保护测评师、生成式人工智能系统应用员等19个职业正式“入编”！
- [ ] 8月1日正式施行！一图读懂《网络暴力信息治理规定》
- [ ] 评论 | 依法严惩跨境电信网络诈骗犯罪
- [ ] 专家观点 | 积极稳妥推进金融大模型发展与应用
gynvael.coldwind//vx.log (pl)
- [ ] Darmowe mini-szkolenie: Pliki okiem hackera
Real-time communications security on Communication Breakdown - VoIP & WebRTC Security
- [ ] July 2024: WebRTC flaws that suddenly appear out of nowhere, hardphone security and more!
Twitter @bytehx
- [ ] Re @anass_3lbacha @yeswehack Congrast!
Forcepoint
- [ ] Unseen Dangers Lurking Behind Evasive Secureserver.net URLs
SpiderLabs Blog
- [ ] SYS01 Infostealer and Rilide Malware Likely Developed by the Same Threat Actor
SentinelOne
- [ ] Singularity Cloud Native Security | Eliminate False Positives and Focus On What Matters
Reverse Engineering
- [ ] Hardwear.io USA 2024: Breaking Into Chips By Reading The Datasheet
- [ ] Top 7 Web Application Security Best Practices to Safeguard Your Sensitive Data
PortSwigger Blog
- [ ] Unlock enhanced API scanning with Burp Suite
daniel.haxx.se
- [ ] curl 8.9.1
Microsoft Security Response Center
- [ ] Introducing the MSRC Researcher Resource Center
Dhole Moments
- [ ] What Does It Mean To Be A Signal Competitor?
奇客Solidot–传递最新科技情报
- [ ] 在产品描述中使用术语 AI 会降低购买意愿
- [ ] 澳大利亚率先开始为婴儿治疗花生过敏症
- [ ] 美国军方发射了最后一枚使用俄罗斯引擎的火箭
- [ ] 苹果仍然嫌恶英伟达，使用 Google 硬件训练 AI
- [ ] Dark Angels 勒索软件组织收到了创纪录的 7500 万美元赎金
- [ ] 特斯拉召回 180 万辆引擎盖能在驾驶过程中打开的汽车
- [ ] 亚马逊被要求召回其平台销售的 40 万件能导致死亡和触电的商品
- [ ] 低糖饮食与更年轻生物年龄相关
- [ ] 脸和名字之间的相似性是一种自我实现的预言
- [ ] 俄罗斯允许在国际贸易中使用加密货币
- [ ] W3C 批评 Google 放弃淘汰第三方 Cookie 的计划
- [ ] 稀土价格持续下跌
- [ ] 罗技讨论订阅制鼠标
黑海洋 - WIKI
- [ ] Mac 开源软件卸载工具
- [ ] 小米路由器解锁脚本
- [ ] 蜜雪冰城抢新品免单脚本
- [ ] 国行 Macbook 开通 Apple intelligence 方法
FreeBuf网络安全行业门户
- [ ] CCSIP 2024中国网络安全行业全景册（第七版）调研启动
- [ ] GenAI账户凭证被盗，暗网每日交易量达400条
- [ ] FreeBuf早报 | 2024年巴黎奥运会应用正在窃听用户；GenAI账户凭证被盗
- [ ] 打破纪录！某财富 50 强公司向勒索组织支付 7500 万美元赎金
HackerNews
- [ ] GenAI 账户凭证被盗，暗网每日交易量达 400 条
- [ ] 新版复杂间谍软件在谷歌应用商店中存在两年未被发现
- [ ] 印度 SideWinder（响尾蛇）APT 组织攻击地中海港口和海事设施
- [ ] CrowdStrike 再爆雷，2.5 亿条 IoC 指标数据被黑客连锅端
- [ ] 微软蓝屏事件“致死率”高达 3%
- [ ] 推动美国联邦政府加速安全上云，白宫发布关键文件
- [ ] IDC：巴黎奥运是网络安全风险最高的一届奥运会
- [ ] 巴黎奥运期间，法国境内光纤电缆遭到“重大破坏”
- [ ] 创纪录！Dark Angels 勒索软件组织收到 7500 万美元赎金
- [ ] Auth+XSS 组合拳，数百万 Web 账户或将易主
腾讯玄武实验室
- [ ] 每日安全动态推送(7-31)
黑奇士
- [ ] 八十三年前，张君秋与马连良裂穴，已经预示了董宇辉出走新东方的结局
dotNet安全矩阵
- [ ] .NET 一款hvv实战中免杀的WebShell
- [ ] 2024hvv | 13套.NET系统漏洞威胁情报(07.31更新)
- [ ] .NET 通过COM劫持实现权限维持
奇安信威胁情报中心
- [ ] 近期值得关注的IOC（2024-07-31）
- [ ] 【7月30日获奖榜】以下网络安全专家已免费获赠阿瑞斯武器库批量查询工具
代码卫士
- [ ] 数百万设备易受 “PKFail” 安全启动绕过问题影响
- [ ] 大规模SMS窃取器活动感染113个国家的安卓设备
安全研究GoSSIP
- [ ] G.O.S.S.I.P 阅读推荐 2024-07-31 开发一个链接器
安全学术圈
- [ ] 2024年先进密码技术与系统安全四川省重点实验室开放课题申请指南
关键基础设施安全应急响应中心
- [ ] 深入贯彻总体国家安全观推动网络安全保密工作实现高质量发展
- [ ] 微软：VMware身份验证绕过漏洞正在被勒索团伙利用
- [ ] Windows 版 WhatsApp 允许 Python、PHP 脚本在没有任何提示下执行
安全内参
- [ ] 史上最高！这家企业向勒索软件支付了超5.4亿元赎金
- [ ] 办公电脑遭病毒远程控制！公安部发布多起财会人员被黑典型案例
安全圈
- [ ] 【安全圈】打破纪录！某财富 50 强公司向勒索组织支付 7500 万美元赎金
- [ ] 【安全圈】微软：警惕利用VMware ESXi进行身份验证绕过攻击
- [ ] 【安全圈】OAuth+XSS组合拳，数百万Web账户或将易主
- [ ] 【安全圈】GenAI账户凭证被盗，暗网每日交易量达400条
KCon 黑客大会
- [ ] 现金大奖等你！KCon白帽赏金大赛明日开启，字节跳动企业专场来袭！是时候展现真正的技术了
- [ ] 【高端培训招募】KCon大会培训日，正式回归啦！
数世咨询
- [ ] 从DevOps的角度看容器安全
- [ ] 报告解读：《2023年互联网安全报告》
- [ ] 直播预告 | ISC.AI 2024 数转智改驱动行业创新变革论坛
安全牛
- [ ] 央行就《修改〈中国人民银行关于进一步加强征信信息安全管理的通知〉有关公告》公开征求意见；微软Azure服务突发全球性故障 |牛览
- [ ] AI时代数据投毒攻击的防范策略与应对措施
看雪学苑
- [ ] 修补微信Windows隐藏的深色模式
- [ ] 五款恶意软件在Google Play中潜伏两年，已感染32000台设备
- [ ] 内核班直播更新-内核文件过滤驱动：Minifilter框架原理
中国信息安全
- [ ] 聚焦ISC.AI 2024 | 吴世忠院士：对生成式AI安全研究的九点观察
- [ ] 聚焦ISC.AI 2024 | 周鸿祎发布国内首个免费安全大模型安全能力超越GPT-4
- [ ] 聚焦ISC.AI 2024 | 共建安全+AI新生态，ISC.AI 2024第十二届互联网安全大会在京开幕
- [ ] 关注 | 网络安全等级保护测评师、生成式人工智能系统应用员等19个职业正式“入编”！
- [ ] 8月1日正式施行！一图读懂《网络暴力信息治理规定》
- [ ] 评论 | 依法严惩跨境电信网络诈骗犯罪
- [ ] 专家观点 | 积极稳妥推进金融大模型发展与应用
慢雾科技
- [ ] 慢雾：X 账号安全排查加固指南
信息安全国家工程研究中心
- [ ] 近期网安资讯动态盘点(2024-7下)
- [ ] 深度释放数据红利加快发展新质生产力
极客公园
- [ ] 微信最火小程序榜单曝光，没想到第一名是它；大疆迷你无人机Neo曝光，比iPhone还轻；周鸿祎试国产车惨遭车门夹手|极客早知道
- [ ] OpenAI 的 Q没见过，一众创业公司的 Q来了
腾讯安全威胁情报中心
- [ ] 重保战报20240731 ｜ OA类型组件、签名类型软件建议着重防护
补天平台
- [ ] 联合礼包！翻倍奖励！补天专属SRC携手OSRC等5家SRC联合活动！
情报分析师
- [ ] 哈马斯领导人伊斯梅尔·哈尼亚暗杀初步情报报告
OPPO安全中心
- [ ] 【六周年庆】联合礼包！翻倍奖励！OSRC携手5家SRC欢庆生日！
青藤云安全
- [ ] 青藤入选第二届湖北省网络安全应急技术支撑单位
360数字安全
- [ ] ISC.AI2024开幕周鸿祎发布国内首个免费安全大模型
- [ ] ISC.AI 2024在京开幕：院士专家共议“安全+AI”发展新路径
- [ ] 安全大模型引领安全革命，ISC.AI 2024数字安全峰会顺利召开
网安国际
- [ ] 【活动预告】“AI+Security”系列第2期：对抗！大模型自身安全的攻防博弈线上活动即将开始
字节跳动技术团队
- [ ] 豆包招聘速递｜豆包大模型 Foundation 团队热招中
火绒安全
- [ ] Windows预览补丁影响火绒驱动加载的问题说明（二）
安全419
- [ ] 史上最难攻防季值得关注的攻击趋势及应对姿势
- [ ] 网宿安全发布《2023年互联网安全报告》主张建设体系化主动安全
- [ ] ISC.AI2024开幕周鸿祎发布国内首个免费安全大模型
- [ ] 2024年8月网络安全行业活动、赛事一览
迪哥讲事
- [ ] 通过DNS外带实现的命令注入
- [ ] 看漫画学注入
CNCERT国家工程研究中心
- [ ] 巴黎奥运期间，法国境内光纤电缆遭到“重大破坏”
- [ ] 警惕：OTP被绕过！大规模短信窃取活动感染了113个国家的Android设备
- [ ] 微软蓝屏事件“致死率”高达3%
bellingcat
- [ ] A Beginner’s Guide to Identifying Explosive Ordnance in Social Media Imagery
Beacon Tower Lab
- [ ] 【0731】重保演习每日情报汇总
Securityinfo.it
- [ ] Scoperta una massiccia campagna malware contro Android in più di 113 Paesi
- [ ] Outlook può essere usato per l’esecuzione di codice da remoto
Over Security - Cybersecurity news aggregator
- [ ] Pharma giant Cencora says personal health data leaked during February cyber incident
- [ ] Credit card users get mysterious shopify-charge.com charges
- [ ] CISA, FBI warn of potential DDoS attacks on 2024 elections
- [ ] DigiCert to delay cert revocations for critical infrastructure
- [ ] OneBlood's virtual machines encrypted in ransomware attack
- [ ] Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues
- [ ] Russia legalizes cryptocurrency mining as global sanctions rattle traditional finances
- [ ] Google ads push fake Google Authenticator site installing malware
- [ ] CISA and FBI: DDoS attacks won’t impact US election integrity
- [ ] La Commissione UE fa il tagliando al GDPR: focus su imprese e DPO
- [ ] Pay or consent: Meta di nuovo nel mirino dell’UE, anche per tutelare i consumatori
- [ ] Programma DIANA: la NATO a sostegno delle startup, contro la minaccia cyber
- [ ] Guida ACN sulle notifiche degli incidenti al CSIRT, per rendere resiliente l’ecosistema cyber
- [ ] La capacità di ripristino è fondamentale per la continuità aziendale: sfide e soluzioni
- [ ] Threat Actors Exploit Sora AI-themed Branding to Spread Malware
- [ ] World leading silver producer Fresnillo discloses cyberattack
- [ ] New Android malware wipes your device after draining bank accounts
- [ ] Azza Ransom Report - azzasec-ransomware-technical-malware-analysis-report.pdf
- [ ] Ransomware attack on major US blood center prompts hundreds of hospitals to implement shortage protocols
- [ ] Greek prosecutor says government played no role in civil society spyware infections
- [ ] Germany summons Chinese ambassador over cyberattack on cartography agency
- [ ] Fraud ring pushes 600+ fake web shops via Facebook ads
- [ ] Microsoft says massive Azure outage was caused by DDoS attack
- [ ] Don’t Let Your Domain Name Become a “Sitting Duck”
- [ ] "There is no business school class that would ever sit down and design Talos"
- [ ] Scoperta una massiccia campagna malware contro Android in più di 113 Paesi
- [ ] AnimeLeague - 192,134 breached accounts
- [ ] Outlook può essere usato per l’esecuzione di codice da remoto
- [ ] Enabling new service models with SSDP
- [ ] Bumble and Hinge allowed stalkers to pinpoint users’ locations down to 2 meters, researchers say
- [ ] BingoMod: The new android RAT that steals money and wipes data
- [ ] Network outage
- [ ] Ubook - 699,908 breached accounts
丁爸情报分析师的工具箱
- [ ] 【AI读视频】图像挖掘技巧2
- [ ] 【大会】ISC.AI 2024 开幕
IT Service Management News
- [ ] Guida alla notifica degli incidenti informatici di ACN
- [ ] Studiare il IA Act
ICT Security Magazine
- [ ] Come determinare la Cybersecurity Posture: i security assessment
- [ ] La necessità di software di digital forensics direttamente gestiti e controllati dallo Stato
SANS Internet Storm Center, InfoCON: green
- [ ] Increased Activity Against Apache OFBiz CVE-2024-32113, (Wed, Jul 31st)
- [ ] ISC Stormcast For Wednesday, July 31st, 2024 https://isc.sans.edu/podcastdetail/9076, (Wed, Jul 31st)
Unsupervised Learning
- [ ] UL NO. 443: North Korean Co-workers, UBI Failure?, AI-Groupthink, GPS Spoofing…
FuzzWiki
- [ ] 技术进展 | Prompt-Fuzz：基于LLM的库模糊测试驱动自动化生成
Schneier on Security
- [ ] Nearly 7% of Internet Traffic Is Malicious
嘶吼专业版
- [ ] SOAR王者!雾帜智能夏季产品火热发布！
- [ ] 间谍软件“Mandrake”自 2022 年以来就隐藏在 Google Play 中
Security Current
- [ ] CISOs Connect™ Announces Three New Appointments to Meet Needs of Growing Cybersecurity Executive Community
Krebs on Security
- [ ] Don’t Let Your Domain Name Become a “Sitting Duck”
NetSPI
- [ ] Escalating Privileges in Google Cloud via Open Groups
- [ ] How to Navigate the Stiff-Arm When Protecting Your Generative AI Initiatives
Palo Alto Networks Blog
- [ ] The Procurement and Operational Benefits of a Cybersecurity Platform
Computer Forensics
- [ ] Remote Acquisitions
- [ ] GCFA Practices test
- [ ] Automating IR Investigation Reporting with LLM’s and BIRT
Your Open Hacker Community
- [ ] Finding hidden paths in a website URL
Security Affairs
- [ ] A ransomware attack disrupted operations at OneBlood blood bank
- [ ] Apple fixed dozens of vulnerabilities in iOS and macOS
- [ ] Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple malware families
- [ ] A Fortune 50 company paid a record-breaking $75 million ransom
Deeplinks
- [ ] Texas Wins $1.4 Billion Biometric Settlement Against Meta. It Would Have Happened Sooner With Consumer Enforcement
- [ ] Our Last Chance to Stop KOSA | EFFector 36.10
- [ ] Security Researchers and Journalists at Risk: Why You Should Hate the Proposed UN Cybercrime Treaty
Social Engineering
- [ ] Pieces of information you might give away unintentionally. Or collect..
- [ ] "Baseline"... Is it actually a thing?
The Hacker News
- [ ] DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight
- [ ] North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS
- [ ] Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR Malware
- [ ] How To Get the Most From Your Security Team’s Email Alert Budget
- [ ] Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes
- [ ] Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova
- [ ] Meta Settles for $1.4 Billion with Texas Over Illegal Biometric Data Collection
Have I Been Pwned latest breaches
- [ ] AnimeLeague - 192,134 breached accounts
Information Security
- [ ] How Data Encryption Can Simplify Infrastructure Architecture
TorrentFreak
- [ ] IOC Sends Thousands of DMCA Notices to Deter ‘Olympics’ Piracy
- [ ] Pirate IPTV Ops See Damages Reduced By $7m, Admin Panel Evidence Fell Short
The Register - Security
- [ ] Ransomware infection cuts off blood supply to 250+ hospitals
- [ ] More than 83K certs from nearly 7K DigiCert customers must be swapped out now
- [ ] Russia takes aim at Sitting Ducks domains, bags 30,000+
- [ ] Chrome adopts app-bound encryption to stymie cookie-stealing malware
- [ ] Embedding AI security from the get go
- [ ] 'Error' in Microsoft's DDoS defenses amplified 8-hour Azure outage
- [ ] UK Electoral Commission slapped for basic cybersecurity fails
- [ ] DigiCert gives unlucky folks 24 hours to replace doomed certificates after code blunder
Technical Information Security Content & Discussion
- [ ] MITMing the Xbox 360 Dashboard for Fun and RCE
- [ ] Patching client-side React JS to gain admin access to a Siemens cloud application
- [ ] Create your own custom implant for Initial Access - Blog
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] Top 7 Web Application Security Best Practices to Safeguard Your Sensitive Data
网安寻路人
- [ ] OECD版的数据二十条——《关于加强数据的获取和共享的建议》全文翻译