chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

110 stars 19 forks source link

[每日信息流] 2024-08-11 #617

Closed chainreactorbot closed 2 months ago

chainreactorbot commented 3 months ago

每日安全资讯（2024-08-11）

攻城肾透shi | sv3nbeast
- [ ] Java工具 | JMG添加自定义内存马
Private Feed for M09Ic
- [ ] projectdiscovery made projectdiscovery/defcon32 public
- [ ] LloydLabs starred isginf/pcap-diff
- [ ] phith0n starred glauth/glauth
- [ ] zer0yu starred AabyssZG/SpringBoot-Scan
- [ ] zer0yu started following coffinsp
- [ ] zer0yu starred 360quake/quake_rs
- [ ] CHYbeta starred pingc0y/URLFinder
- [ ] theLSA started following yj94
- [ ] theLSA started following prashant3535
- [ ] theLSA starred facefusion/facefusion
- [ ] theLSA starred hackgnar/ble_ctf
- [ ] theLSA starred gcarmix/HexWalk
- [ ] theLSA starred Lotuhu/Page-UAF
- [ ] theLSA starred hacksider/Deep-Live-Cam
- [ ] theLSA starred NetHack/NetHack
- [ ] theLSA starred happycakefriends/certainly
- [ ] LloydLabs starred wyattearp/ghidra_uf2loader
- [ ] LloydLabs starred CCob/Shwmae
- [ ] CCob made CCob/Shwmae public
- [ ] Safe3 released Firefly v4.3 at Safe3/firefly
Doonsec's feed
- [ ] 【资讯】网传乌克兰控制了俄罗斯库尔斯克地区数百平方公里
- [ ] RustScan：开源端口扫描器，3秒内扫描所有65,000个端口，专为速度和多功能性而设计。
- [ ] 论报文加密加签场景下如何高效的进行渗透测试
- [ ] SpringBoot 漏洞扫描利用工具（8月7日更新）
- [ ] iPhone15、iPhone14和iPhone13怎么选？苹果手机推荐和选购指南
- [ ] 【LSP专享】助眠视频清清睡不醒高清视频1V，含3个小剧场女上司上、下集、妻子的报F
- [ ] 【0day】用友U8 CRM import.php文件上传致RCE漏洞
- [ ] 秦安：宣称向中东投送多到可怕的力量，三种伎俩，美国和伊朗到底谁怕谁？
- [ ] 《诗词游记》第358期：古坡草原触云端
- [ ] 《诗词游记》第359期：登高诸葛栈
- [ ] 漏洞复现 || Apache OFBiz代码执行(CVE-2024-38856)
- [ ] 开源日志平台GrayLog最新稳定版本6.0.5的一键安装脚本
- [ ] Hack The Box - BoardLight
- [ ] 一张图带你了解HTTP 9个请求方法，收藏！
- [ ] moectf2024
- [ ] “智爱七夕，书香满溢《七夕节送一些书籍》
- [ ] 美空军部战斗网络发展研究
- [ ] Hvv 故事吃瓜 18（我不是针对在做各位）
- [ ] 停更两年，我回来了
- [ ] Hvv 日记威胁情报 8.9 （0day Windows 远程桌面远程代码执行 CVE-2024-38077）
- [ ] 红队视角下的 Java 安全策略与实践
- [ ] 由sqli所引起的RCE
- [ ] SSRF到本地文件包含，再到RCE - Include
- [ ] 如何用一种SQL注入姿势在src斩获30w+赏金？
- [ ] Spring Boot Actuator信息泄露漏洞三种利用方式总结
- [ ] 【资讯】工信部发布《国家重点研发计划“高性能制造技术与重大装备”等16个重点专项2024年度项目申报指南的通知》
- [ ] 【资讯】国家知识产权局办公室印发《“新三样”相关技术专利分类体系（2024）》
- [ ] 某企业网络设备远程命令执行
- [ ] 如何使用公开免费的数据查询服务？
- [ ] 【安全圈】派出所义警滥用职权出售公民隐私数据，非法获利终获刑罚
- [ ] 【安全圈】5G 基带安全堡垒被突破，黑客可利用漏洞静默监视手机用户
- [ ] 【安全圈】酒泉公安：网安部门查处一起擅自改变计算机信息网络数据案
- [ ] 【安全圈】巴黎奥运会场馆遭受网络攻击，黑客要求以加密货币支付赎金
- [ ] Mac抓取app数据包的两种模拟器方案(文末之七夕抽奖)
- [ ] 「漏洞复现」驰骋BPM RunSQL_Init SQL注入漏洞
- [ ] 今年七夕和谁过？
- [ ] SOA架构概述
- [ ] 汽车ECU的内部构成与功能模块
- [ ] Android系统启动源码分析
- [ ] 30小时学CTF：从零基础到比赛高手的快速通道
- [ ] 近期值得关注的IOC（2024-08-10）
- [ ] 【车联网】逆向工程一个电动汽车充电器
- [ ] 七夕快乐！新的需求，高级hw
- [ ] 【下期预告】360实体机晶核qvm鲲鹏引擎绕过上线CS
- [ ] 【漏洞预警 | 已复现】Windows 远程桌面授权服务远程代码执行漏洞（CVE-2024-38077）附POC
- [ ] 建行数据处理专利：提高系统安全性同时，降低加密带来的影响
- [ ] 广东华兴银行总行信息科技部招募数据分析师、数据架构师等人员
- [ ] 七夕节快乐！233sec安全团队助力玲珑安全培训，（内含抽奖包满意的）
- [ ] django快速实现个人博客(附源码)
- [ ] 漏洞响应（CVE-2024-38077）
- [ ] 广州出台公共数据授权运营管理暂行办法，公开征求意见
- [ ] 发布 | 北数所发布《个人信息授权运营管理办法（试行）》（附全文）
- [ ] 观点 | 提高人工智能安全治理水平
- [ ] 这家银行未经同意查询个人信用信息被罚，5人对此负责
- [ ] 史上最荒谬 BUG 诞生了！零测试、直接将正则表达式扔进内核，CrowdStrike 卖惨不成反被喷
- [ ] 微软超高危漏洞「狂躁许可」波及全球？
- [ ] 肯大家一直想知道的问题，微信聊天记录会被监控吗？今天就给大家说的明明白白
- [ ] 微信聊天记录监管有多重要？和我们每个人有关系吗，看完这篇文章就明白了
- [ ] 手机卡流量越来越贵，但是你用过29元无限量的吗，流量无限，畅行无忧；冰爽体验，一触即发。
- [ ] 【网络安全】攻防演练中红队如何识别蜜罐保护自己
- [ ] 【2024-08-10】每日安全资讯摘要
- [ ] 在看 | 周报：7名犯罪嫌弃人因非法破坏计算机信息系统案被抓获；知名黑客公开30亿条国家公共数据；巴黎奥运会场馆遭勒索软件攻击
- [ ] 在看|厂商：本周热门网络安全产业动态
- [ ] 哈萨克斯坦：2024年7月至8月的反恐行动
- [ ] 微软RDL远程代码执行（RCE）漏洞（CVE-2024-38077）修复手册（SOP）
- [ ] 【已复现，尽快排查修复】Windows RDL存在远程代码执行漏洞（CVE-2024-38077）
- [ ] 论道三·恒远
- [ ] 开源XDR威胁检测响应平台
- [ ] 【七夕也得卷啊】| 小迪安全培训
- [ ] 0day-亿赛通电子文档安全管理系统SQL注入漏洞复现
- [ ] [EN] 混淆攻击：利用 Apache HTTP 服务器中隐藏的语义歧义！
- [ ] 受到攻击：发现可导致 RCE 和 LPE 的 OpenVPN 漏洞
- [ ] 你的 BOF 太恶心了，戴上面具：如何在 BOF 执行期间隐藏信标
- [ ] 实时位置追踪：美国警力部署和预防策略
- [ ] 《每日开源》获取每日开源信息！
- [ ] 【已复现】微软RDL服务远程代码执行漏洞(CVE-2024-38077)安全风险通告
- [ ] 某TP6对接U支付系统RCE漏洞审计
- [ ] 专家发现AWS存在 RCE、数据窃取和全服务接管的严重漏洞
- [ ] OpenVPN存在RCE 和 LPE 漏洞
- [ ] CVE-2024-38200 微软披露 Office 2016及更高版本 0day，仍在开发补丁中
- [ ] 【硬件安全】激光故障注入 (LFI)走入民间
- [ ] SSH 配置不正确会使 WiFi 热点面临风险
- [ ] Nexera 遭黑客攻击：代币化巨头被盗 180 万美元
- [ ] 联合国通过了一项全球网络安全条约
- [ ] 大多数网络钓鱼电子邮件仍能绕过安全保护
- [ ] 祝各位吗喽七夕节快乐！
- [ ] 国内外网络安全热点情报（2024年第30期）
- [ ] 《电力监控系统安全防护规定》公开征求意见稿及修订说明-2024.7.25
- [ ] 密码学在车辆安全中的重要作用
- [ ] 8月17日！自动驾驶系统架构师在线证书培训课程（高级班）
- [ ] 打零工合作社招募会员
- [ ] 中网信安圆满承办新一轮CISP与NISP二级认证考试
- [ ] Windows高危零点击漏洞风暴来袭！附POC
- [ ] 小小年薪30万，拿捏！
- [ ] 针对thinkphp站点的漏洞挖掘和经验分享
- [ ] 招聘 | 粤盾
- [ ] 招聘 | 初级渗透
- [ ] 招聘 | 代码审计值守
- [ ] HVV技战法|全面自查辅助全方位监测
- [ ] Cvemap 到Nuclei模板映射
- [ ] Windows高危漏洞来袭？已有补丁不需惊慌！
- [ ] FreeBuf 周报 | CrowdStrike发布蓝屏事件调查报告；办公应用导致大规模数据泄露
- [ ] 迄今为止最大BEC骗局被侦破！国际刑警组织为企业追回4100万美元
- [ ] VulnNodeApp：一款包含大量安全漏洞的Node.js安全练习平台
- [ ] 第十七课分析大规模入侵二
- [ ] CVE-2024-38077｜Windows 远程桌面授权服务（RDL）远程代码执行漏洞（POC）
- [ ] CVE-2024-42009｜Roundcube Webmail跨站脚本漏洞
- [ ] CVE-2024-42005｜Django SQL注入漏洞
- [ ] 来事了——微软RDL服务远程代码执行漏洞
- [ ] 万径安全祝大家七夕快乐
- [ ] 【七夕活动】一个永久的HW漏洞情报、渗透知识库
- [ ] 泰晓资讯 : 2024 年 8 月第一期
- [ ] OSDT Weekly 2024-08-07 第266期
- [ ] 【漏洞通告】Windows远程桌面授权服务远程代码执行漏洞（CVE-2024-38077）
- [ ] docker挂代理拉去镜像：亲测好使
- [ ] 实现Web版本远程下载马子的工具
- [ ] 中国科学院院士周成虎：时空大数据成为国家数字经济产业新引擎
- [ ] 工业和信息化部发布国家重点研发计划“高性能制造技术与重大装备”等16个重点专项2024年度项目申报指南
- [ ] 七夕活动|北极星安全抽奖啦
- [ ] 【Linux取证篇】Linux版本FTK Imager下载与镜像方法
SecWiki News
- [ ] SecWiki News 2024-08-10 Review
Twitter @Nicolas Krassas
- [ ] HTB: Usage https://0xdf.gitlab.io/2024/08/10/htb-usage.html
- [ ] Microsoft discloses unpatched Office flaw that exposes NTLM hashes https://www.bleepingcomputer.com/news/security/microsoft-discloses-unpatched-office...
- [ ] WWH-Club credit card market admins arrested after cash spending spree https://www.bleepingcomputer.com/news/legal/wwh-club-credit-card-market-admins-a...
- [ ] Crooks took control of a cow milking robot causing the death of a cow https://securityaffairs.com/166839/cyber-crime/cow-milking-robot-hacked.html
- [ ] Russian Midnight Blizzard Breached UK Home Office via Microsoft https://hackread.com/russia-midnight-blizzard-breach-uk-home-office-microsoft/
- [ ] Persistent XSS Vulnerability on Microsoft Bing’s Video Indexing System https://infosecwriteups.com/persistent-xss-vulnerability-on-microsoft-bings-vi...
- [ ] Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure https://thehackernews.com/2024/08/microsoft-warns-of-unpatched-office.html
- [ ] At Home In Your Firmware: Got Any SMMacks? https://jjensn.com/at-home-in-your-firmware/
- [ ] Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE https://thehackernews.com/2024/08/microsoft-reveals-four-openvpn-flaws.html
- [ ] Russia blocks Signal for 'violating' anti-terrorism laws https://www.bleepingcomputer.com/news/security/russia-blocks-signal-for-violating-anti-terror...
- [ ] Rhysida ransomware hits Sumter County Sheriff, threatens data leak https://www.scmagazine.com/news/rhysida-ransomware-hits-sumter-county-sheriff-in-la...
- [ ] Team82 Unveils Research on Unitronics PLC/HMI Attacks Targeting Critical Infrastructure https://securityonline.info/team82-unveils-research-on-unitron...
- [ ] GoGra: New Go-Based Backdoor Targets South Asian Media https://securityonline.info/gogra-new-go-based-backdoor-targets-south-asian-media/
- [ ] Django Releases Security Updates to Address Critical Flaw (CVE-2024-42005, CVSS 9.8) https://securityonline.info/django-releases-security-updates-to-a...
- [ ] Quark Engine: automating analysis of suspicious Android application https://meterpreter.org/quark-engine-automating-analysis-of-suspicious-android-app...
- [ ] Nexera Hacked: $1.8 Million Stolen from Tokenization Giant https://securityonline.info/nexera-hacked-1-8-million-stolen-from-tokenization-giant/
- [ ] Experts Uncover Severe AWS Flaws Leading to RCE, Data Theft, and Full-Service Takeovers https://thehackernews.com/2024/08/experts-uncover-severe-aws-f...
Security Boulevard
- [ ] USENIX Security ’23 – V1SCAN: Discovering 1-day Vulnerabilities in Reused C/C++ Open-Source Software Components Using Code Classification Techniques
- [ ] Move From FedRAMP to DoD with Impact Level Assessment
arighi's blog
- [ ] Re-implementing my Linux Rust scheduler in eBPF
Recent Commits to cve:main
- [ ] Update Sat Aug 10 22:25:00 UTC 2024
- [ ] Update Sat Aug 10 14:30:47 UTC 2024
- [ ] Update Sat Aug 10 06:31:03 UTC 2024
Bug Bounty in InfoSec Write-ups on Medium
- [ ] How I got my first $13500 bounty through Parameter Polluting (HPP)
- [ ] SSRF: Blacklist and Whitelist-Based Input Filters
Robin Verton - developer, software engineer and red teamer
- [ ] Neovim Go Template Formatting
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
- [ ] Emulating Humans for Cybercrime Purposes
- [ ] Специални Поздрави За Всички Който "Го Правят" В България
- [ ] Представям Ви Двете "Пачаври" Който Ми Оkраха "Къщата"
CCC Event Blog
- [ ] Konferenz und Party von netzpolitik.org: Bildet Netze!
黑海洋 - WIKI
- [ ] 略缩图打开变成另一张图
- [ ] 隐藏javascript代码
看雪学苑
- [ ] Android系统启动源码分析
- [ ] 30小时学CTF：从零基础到比赛高手的快速通道
奇安信 CERT
- [ ] 【已复现】微软RDL服务远程代码执行漏洞(CVE-2024-38077)安全风险通告
信息时代的犯罪侦查
- [ ] 如何使用公开免费的数据查询服务？
奇客Solidot–传递最新科技情报
- [ ] 俄罗斯封禁 Signal
复旦白泽战队
- [ ] 喜报！我实验室杨哲慜老师获新耀东方风采人物数据安全保障奖
山石网科安全技术研究院
- [ ] Windows高危漏洞来袭？已有补丁不需惊慌！
dotNet安全矩阵
- [ ] 七夕活动仅此一天，知识库老用户专享福利
- [ ] .NET 一款提权工具：Sharp4PetitPotato
- [ ] .NET 内网攻防实战电子报刊
奇安信威胁情报中心
- [ ] 近期值得关注的IOC（2024-08-10）
NOVASEC
- [ ] 如何用一种SQL注入姿势在src斩获30w+赏金？
深信服千里目安全技术中心
- [ ] 【漏洞通告】Windows远程桌面授权服务远程代码执行漏洞（CVE-2024-38077）
情报分析师
- [ ] 实时位置追踪：美国警力部署和预防策略
- [ ] 《每日开源》获取每日开源信息！
吴鲁加
- [ ] 简单清晰地写
Desync InfoSec
- [ ] 第十七课分析大规模入侵二
DEF CON Announcements!
- [ ] DEF CON Response to Badge Controversy
Over Security - Cybersecurity news aggregator
- [ ] Local gov’ts in Texas, Florida hit with ransomware as cyber leaders question best path forward
- [ ] Microsoft discloses unpatched Office flaw that exposes NTLM hashes
- [ ] WWH-Club credit card market admins arrested after cash spending spree
- [ ] Microsoft: Windows 11 22H2 reaches end of support in 60 days
- [ ] EDR lab: piccolo self-test #1
- [ ] After global IT meltdown, CrowdStrike courts hackers with action figures and gratitude
极客公园
- [ ] AI 换脸项目 Deep-Live-Cam 一夜爆火：只需一张照片，变身马斯克直播
- [ ] 美国司法部考虑强制将安卓从谷歌剥离；享界 S9 上市72小时大定突破 4800 台；拼多多创始人黄峥登顶中国首富 | 极客早知道
Luca Mercatanti
- [ ] OpenRecall: l’alternativa Open Source a Microsoft Recall
迪哥讲事
- [ ] 由sqli所引起的RCE
TorrentFreak
- [ ] What’s the Safest & Most Trusted Site to Download Pirate Streaming Apps?
Blackhat Library: Hacking techniques and research
- [ ] Grey hat hacking(minor)
- [ ] Instagram standalone accounts
Technical Information Security Content & Discussion
- [ ] Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server
Information Security
- [ ] It audit
- [ ] Step by Step Guide to Remediate Data Vulnerability
Computer Forensics
- [ ] Mnemonic for Linux Directories
Your Open Hacker Community
- [ ] Unlocking a Windows Computer
The Hacker News
- [ ] Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share
- [ ] New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions
- [ ] Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure
Security Affairs
- [ ] Is the INC ransomware gang behind the attack on McLaren hospitals?
- [ ] Crooks took control of a cow milking robot causing the death of a cow
- [ ] Sonos smart speakers flaw allowed to eavesdrop on users
Dark Space Blogspot
- [ ] Cos'è La "Dead Internet Theory"? Internet è Morto Nel 2017?