chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

110 stars 19 forks source link

[每日信息流] 2024-08-12 #618

Closed chainreactorbot closed 2 months ago

chainreactorbot commented 3 months ago

每日安全资讯（2024-08-12）

Security Boulevard
- [ ] USENIX Security ’23 – VulChecker: Graph-based Vulnerability Localization in Source Code
- [ ] Book Review: ‘Why Cybersecurity Fails in America’
Private Feed for M09Ic
- [ ] phith0n created a repository phith0n/conote-website
- [ ] DVKunion starred OnePlusOSS/android_kernel_oneplus_sm8250
- [ ] phith0n starred lukeed/clsx
- [ ] CHYbeta started following rhysd
- [ ] whwlsfb starred dushixiang/meteor
- [ ] whwlsfb starred bytedance/netcap
- [ ] ourren starred traffic-analysis/deepcoffea
- [ ] Rvn0xsy starred zhangguanzhang/simple-container-network-book
- [ ] ring04h starred qishibo/AnotherRedisDesktopManager
- [ ] FunnyWolf starred dark-kingA/cloudTools
- [ ] Ph0rse starred PKU-Alignment/align-anything
- [ ] phith0n starred chrissimpkins/cinder
- [ ] phith0n starred mkdocs/catalog
- [ ] zema1 starred dark-kingA/cloudTools
- [ ] LloydLabs starred rootabeta/BSoDEFCON
- [ ] ring04h starred go-yaml/yaml
- [ ] geohot starred official-stockfish/Stockfish
SecWiki News
- [ ] SecWiki News 2024-08-11 Review
Recent Commits to cve:main
- [ ] Update Sun Aug 11 22:35:42 UTC 2024
- [ ] Update Sun Aug 11 14:26:38 UTC 2024
- [ ] Update Sun Aug 11 06:24:45 UTC 2024
Doonsec's feed
- [ ] 数以万计的公司机密曝光被这个人发现了
- [ ] 远程访问木马 StrRat 重返意大利
- [ ] RipperSec 声称对法拉利发起 DDoS 攻击
- [ ] 【摸鱼神器】蓝队防守日报快速编写工具
- [ ] 微软Windows 远程桌面许可服务RCE漏洞(CVE-2024-38077)的相关说明
- [ ] 定制吧，没有别的出路了！
- [ ] 【AI速读】以色列的种族灭绝
- [ ] 秦安：刚刚南部战区发声，事关黄岩岛空域，有两个重要信号
- [ ] 《诗词游记》第360期：乌龟驮着太阳跑
- [ ] 《诗词游记》第361期：天似穹庐罩土地
- [ ] 从0到1，一篇搞定帮你挖到人生第一个漏洞
- [ ] Fastjson姿势技巧集合
- [ ] 梨花女子大学 | DeepCoFFEA：通过度量学习和放大改进对Tor的流关联攻击
- [ ] 威胁情报周报（8.5~8.11）
- [ ] 详解：L4LB四层负载均衡IP伪造漏洞
- [ ] 使用RR(Redpill Recovery)引导安装最新群晖NAS系统DSM7.2.1
- [ ] 记一次SQL注入新用法
- [ ] 0810~0811-攻防演练之请防守方重点关注威胁情报样本信息
- [ ] 十二期梦想班
- [ ] 郭启全：网络安全实战化人才培养之道
- [ ] Cisco ASA 11条非常有用的命令，值得收藏！
- [ ] 【漏洞预警】用友U8 Cloud SQL注入漏洞（CNVD-2024-33023）
- [ ] 警惕量子计算基础设施成为网络攻击的目标
- [ ] 光伏电网曝出高危漏洞，可导致全球停电
- [ ] 【资讯】山西省通管局印发《山西省工业互联网标识解析体系“贯通三晋”实施方案（2024—2026年）》
- [ ] 【资讯】甘肃省通管局印发《甘肃省信息通信业网络安全三年行动方案（2024-2026年）》
- [ ] 【资讯】安徽省财政厅发布《关于规范和加强行政事业单位数据资产管理的通知》
- [ ] 【资讯】全国网安标委就国家标准《数据安全技术数据接口安全风险监测方法》征求意见稿公开征求意见
- [ ] 【资讯】广州市人大常委会就《广州市智能网联汽车创新发展条例（草案修改稿·征求意见稿）》向社会各界公开征求意见
- [ ] 某路由器远程命令执行
- [ ] 二层网络扩展能力：为什么 EVPN 比 VPLS 更好？
- [ ] 数据泄露的隐患：解析XXE攻击的隐藏威胁
- [ ] 七夕夜，我忙活了一宿... 出了一款红队重点资产指纹识别工具 - P1finger.exe
- [ ] 【安全圈】黑客入侵了MDM公司Mobile Guardian并清除了数千台设备的数据
- [ ] 【安全圈】研究人员发现新的Linux内核漏洞利用技术“SLUBStick”
- [ ] 【安全圈】Chameleon 银行木马以 CRM 应用程序的名义卷土重来
- [ ] 【安全圈】StormCloud 黑客入侵 ISP，冒充软件更新传播恶意软件
- [ ] Conpot开源的工控系统蜜罐
- [ ] 快捷搜索PoC、一键运行Nuclei工具
- [ ] 2024年OPPO手机哪一款性价比高？OPPO|一加|realme手机推荐大全
- [ ] 【LSP专享】冯宝儿直播录制
- [ ] 我国数据分类分级研究进展与企业实施路径建议
- [ ] SoC芯片知识点整理
- [ ] aarch64架构的某so模拟执行和加密算法分析
- [ ] 系统0day安全-二进制漏洞攻防（第3期）
- [ ] 群里大厂失业的中年人在干啥？
- [ ] 近期值得关注的IOC（2024-08-11）
- [ ] 今日最佳笑点！
- [ ] 网络安全缩略语汇编手册-H
- [ ] 渗透测试工程师手册，全是干货，收藏必备
- [ ] [火热出炉] IDA Pro 9.0 beta Cracked
- [ ] 如何为漏洞赏金猎人找到您的第一个漏洞（分步指南）
- [ ] Rce！Apache OFBiz代码执行(CVE-2024-38856)
- [ ] 央行为加强征信信息安全管理发布征求意见稿
- [ ] 农行专利：传统算法和后量子密码算法相结合，抵御量子计算攻击
- [ ] 知识星球 | 近6年网安报告重新整合一键下载；更新AI安全、金融数据安全、CISO等专题资料
- [ ] 阿里高薪诚招webshell检测安全工程师、网络流量安全技术、安全工程师
- [ ] 【漏洞复现】某赛通电子文档安全管理系统 SecretKeyService SQL注入漏洞
- [ ] Redis7.x安装系列教程(三)哨兵部署&原理详解
- [ ] 攻防演练实战：如何快速应对0day漏洞攻击
Twitter @Nicolas Krassas
- [ ] Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE https://www.microsoft.com/en-us/security/blog/2024/08/08/chained-for-att...
- [ ] Chinese hacking groups target Russian government, IT firms https://www.bleepingcomputer.com/news/security/chinese-hacking-groups-target-russian-govern...
- [ ] Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys https://thehackernews.com/2024/08/rogue-pypi-library-solana-users-steals.html
- [ ] ADT disclosed a data breach that impacted more than 30,000 customers https://securityaffairs.com/166857/cyber-crime/adt-disclosed-a-data-breach.html
- [ ] Hackers leak 2.7 billion data records with Social Security numbers https://www.bleepingcomputer.com/news/security/hackers-leak-27-billion-data-records...
- [ ] Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-ope...
- [ ] Hourly updated database of exploit and exploitation reports https://github.com/gmatuz/inthewilddb
- [ ] Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share https://thehackernews.com/2024/08/researchers-uncover-10-flaws-in-googles.html
- [ ] GL-iNet Routers Exposed to Critical Vulnerabilities: Urgent Firmware Updates Required https://securityonline.info/gl-inet-routers-exposed-to-critical-...
- [ ] Vuls: A Comprehensive Vulnerability Management Solution for Modern IT Environments https://securityonline.info/vuls-a-comprehensive-vulnerability-mana...
- [ ] Shadow - 543,295 breached accounts https://haveibeenpwned.com/PwnedWebsites#Shadow
Twitter @bytehx
- [ ] Re @0xLupin @Rhynorater @defcon Awesome man!
unSafe.sh - 不安全
- [ ] 中国人 50 岁后还能健康工作多少年？
- [ ] Ladon CVE-2024-29973漏洞批量扫描教程
- [ ] 特朗普竞选团队声称遭黑客入侵
- [ ] 挤奶机器遭勒索软件攻击奶牛小牛死亡
- [ ] USENIX Security ’23 – VulChecker: Graph-based Vulnerability Localization in Source Code
- [ ] KillWxapkg-自动化反编译微信小程序工具
- [ ] Svizzera, falso sito del quotidiano “La Regione” promuove truffa sugli investimenti usando il nome della Presidente della Confederazione
- [ ] 详解：L4LB四层负载均衡IP伪造漏洞
- [ ] 梨花女子大学 | DeepCoFFEA：通过度量学习和放大改进对Tor的流关联攻击
- [ ] Caddy & Cloudflare & GitHub Pages SSL 证书自动续期
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
- [ ] Tip of the Day
程序人生
- [ ] Caddy & Cloudflare & GitHub Pages SSL 证书自动续期
奇安信威胁情报中心
- [ ] 近期值得关注的IOC（2024-08-11）
农夫安全团队
- [ ] 十二期梦想班
K8哥哥’s Blog
- [ ] Ladon CVE-2024-29973漏洞批量扫描教程
黑海洋 - WIKI
- [ ] KillWxapkg-自动化反编译微信小程序工具
奇客Solidot–传递最新科技情报
- [ ] 中国人 50 岁后还能健康工作多少年？
- [ ] 特朗普竞选团队声称遭黑客入侵
- [ ] 挤奶机器遭勒索软件攻击奶牛小牛死亡
安全学术圈
- [ ] 梨花女子大学 | DeepCoFFEA：通过度量学习和放大改进对Tor的流关联攻击
dotNet安全矩阵
- [ ] .NET内网实战：通过进程管道执行CMD命令
- [ ] .NET 安全攻防知识交流社区
- [ ] .NET 安全代码审计电子专刊
极客公园
- [ ] C.AI 卖身真相：好技术，好方向，「坏」产品
- [ ] 推特前董事长控告马斯克拖欠2000万美元股票；油管前CEO去世；《阿凡达 3》正式定档 | 极客早知道
情报分析师
- [ ] 特工的非语言策略：如何在无声中取胜
- [ ] 【在线寻人】搜索引擎与社交媒体的高级搜索技巧
迪哥讲事
- [ ] 记一次SQL注入新用法
Over Security - Cybersecurity news aggregator
- [ ] Hackers leak 2.7 billion data records with Social Security numbers
- [ ] Fake X content warnings on Ukraine war, earthquakes used as clickbait
- [ ] Chinese hacking groups target Russian government, IT firms
- [ ] Shadow - 543,295 breached accounts
Luca Mercatanti
- [ ] Telegram è rintracciabile dalla Polizia?
Have I Been Pwned latest breaches
- [ ] Shadow - 543,295 breached accounts
Troy Hunt's Blog
- [ ] Weekly Update 412
Full Disclosure
- [ ] Backdoor.Win32.Nightmare.25 / Unauthenticated Remote Command Execution
- [ ] Asterisk Security Release 21.4.2
- [ ] Asterisk Security Release 20.9.2
- [ ] Asterisk Security Release 18.24.2
- [ ] Certified Asterisk Security Release certified-20.7-cert2
- [ ] Certified Asterisk Security Release certified-18.9-cert11
The Hacker News
- [ ] Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys
TorrentFreak
- [ ] Warner Music is Looking for an Anti-Piracy Expert to Monitor Leaks
Security Affairs
- [ ] Foreign nation-state actors hacked Donald Trump’s campaign
- [ ] SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
- [ ] Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION
- [ ] ADT disclosed a data breach that impacted more than 30,000 customers
Technical Information Security Content & Discussion
- [ ] What’s the worst place to leave your secrets? – Research into what happens to AWS credentials that are left in public places
Computer Forensics
- [ ] Digital collector for Mac
Blackhat Library: Hacking techniques and research
- [ ] Tencent database leak potentially impacting 1,400,000,000 individuals
- [ ] How to get started at Secure Code Reviews as a Beginner
DEF CON Announcements!
- [ ] Get an Extra Human Badge!
Il Disinformatico
- [ ] Svizzera, falso sito del quotidiano “La Regione” promuove truffa sugli investimenti usando il nome della Presidente della Confederazione
Your Open Hacker Community
- [ ] Anyone know how to fix Evilginx phishlet?
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] Incident response knowledge, career development
Information Security
- [ ] How to get started at Secure Code Reviews as a Beginner