[每日信息流] 2024-08-24

[chainreactorbot]

每日安全资讯（2024-08-24）

• 奇安信攻防社区
  • [ ] 内网渗透横向移动技巧
• Doonsec's feed
  • [ ] 为人处世22条铁律没人会教你
  • [ ] 【漏洞复现】华夏ERP信息泄露漏洞 (附批量验证脚本)
  • [ ] [内网工具] searchall账密查找工具
  • [ ] 【漏洞复现】百易云资产管理运营系统 comfileup.php 任意文件上传漏洞 (附批量验证脚本)
  • [ ] 【漏洞复现】用友NC-Cloud接口blobRefClassSearch存在FastJson反序列化漏洞 (附批量验证脚本)
  • [ ] edu漏洞平台挖掘-7月总结
  • [ ] 2024年CCF-绿盟科技“鲲鹏”科研基金项目申报指南
  • [ ] 中国密码学会2024年密码芯片学术会议在成都顺利召开
  • [ ] 行业动态 | 上海市长龚正调研上海市数据局：更好发挥数据要素乘数效应 推进城市数字化转型
  • [ ] 辽宁省商用密码协会第一届六次理事会顺利召开
  • [ ] 观点 | 人工智能的意识形态风险审视
  • [ ] 美国知名军工芯片厂商因网络攻击生产能力受损
  • [ ] 自动解密被加密的报文工具 - Galaxy
  • [ ] 秦安：都很着急，为何普京不迅速赶走乌军，伊朗也不着急报复？
  • [ ] 牟林：对金砖国家支付系统表示谨慎乐观
  • [ ] 《诗词游记》第366期：大风起兮过徐州
  • [ ] 通过发现隐藏的参数值实现任意用户登录
  • [ ] 记一次实战中信息收集溯源案例分享
  • [ ] 长亭科技朱文雷：为梦想重燃创业引擎，以实战打造智能安全
  • [ ] 开源情报调查中的三大利器：地图、行程追踪和网络摄像头工具
  • [ ] 小米在 Pwn2Own Toronto 2023 大赛前修补了 RCE 漏洞，并在大赛结束后删除了补丁
  • [ ] 漏洞预警｜微信内置 chrome 浏览器 RCE
  • [ ] 美国民主党大会名人阵容大曝光
  • [ ] 记一次edu系统通杀漏洞审计(内附0day)
  • [ ] 【要闻】习近平：在纪念邓小平同志诞辰120周年座谈会上的讲话
  • [ ] 【资讯】辽宁省政府、国知局联合印发《共建全面振兴新突破知识产权强省实施方案》
  • [ ] 【资讯】安徽省人社厅等九部门联合印发《安徽省数字经济人才培育方案（2024—2027年）》
  • [ ] 【资讯】珠海市工信局印发《珠海市中小企业数字化转型城市试点工作方案》
  • [ ] Lear 云的汽车异常监控和威胁分析
  • [ ] 再看云虚拟化安全.QEMU通用漏洞挖掘新思路
  • [ ] 华为云：2024华为云隐私保护白皮书2.2
  • [ ] 应用程序的安全漏洞会造成什么后果？
  • [ ] 恒安嘉新中标千万级5G+工业互联网安全态势感知平台总集项目
  • [ ] 专注于最重要的事情：风险暴露管理和攻击面
  • [ ] CISO视角下的混合云安全
  • [ ] 8.23hvv情报
  • [ ] 【漏洞复现】SeaCMS海洋影视管理系统index.php存在SQL注入漏洞
  • [ ] 【漏洞复现】南京星源图科技SparkShop存在任意文件上传漏洞
  • [ ] G.O.S.S.I.P 阅读推荐 2024-08-23 All Your Tokens are Belong to Us
  • [ ] 在野漏洞的应急响应流程
  • [ ] 今年的第一篇文章，献给我们的“友商”
  • [ ] 抢先一步｜GEEKCON 2024 中国站早鸟票限时抢购中！
  • [ ] 08-23-攻防演练之请防守方重点关注威胁情报样本信息
  • [ ] 浅谈基层安全运维人员日常工作做些什么（之五安全运维）
  • [ ] 抽象
  • [ ] 倒计时1天｜“同道”守护未来数字边疆！
  • [ ] 直播预告 | 10篇顶会论文分享，提前开启小红书校招内推！
  • [ ] SMP 2024大模型图分析挑战赛在线评测已开放
  • [ ] 直面天命！API安全治理重磅升级打通“四可”神通
  • [ ] 红色盾牌 | 盛邦安全携手上地街道，共启2024年第三期“红领上地”支部书记主题沙龙
  • [ ] 帮你试过了，这是微信上资料管理的最佳工具
  • [ ] NGate安卓恶意软件可利用NFC窃取ATM内资金
  • [ ] 单个像素的威胁：微小的变化如何欺骗深度学习系统
  • [ ] SecretPixel：一款整合了多种技术的高级图像隐写工具
  • [ ] 烽火狼烟丨暗网数据及攻击威胁情报分析周报（08/19-08/23）
  • [ ] 浅析日本太空和网络空间威慑战略
  • [ ] AI让检测防护更有效，天融信「九合一探针」全新升级！
  • [ ] 《旅游大数据安全与隐私保护要求（征求意见稿）》公开征求意见（附全文）
  • [ ] Kali Linux 使用TheSpeedX / TBomb的呼叫和短信轰炸机
  • [ ] 情暖光爱 同绘未来｜北京绿盟公益基金会慰问光爱学校
  • [ ] 绿盟科技受邀出席BIRTV 2024智慧监管论坛
  • [ ] 遇见 · 绿盟人｜漫随山外云卷云舒
  • [ ] BurpSuitePro_v2024.7.4破解教程（超详细教程）附注册机与汉化包
  • [ ] 【0823】重保演习每日情报汇总
  • [ ] 思科修复由NSA报送的两个高危漏洞
  • [ ] SolarWinds 修复 Web Help Desk 中的硬编码凭据漏洞
  • [ ] 《黑悟空》背后的男人，一个是网瘾学霸、一个是美术天才
  • [ ] 《黑神话：悟空》制作人冯骥2007年旧文：《谁谋杀了我们的游戏》
  • [ ] 这家民营银行被罚，涉信息科技风险管理问题
  • [ ] 重庆银行漏洞扫描与基线核查系统项目招标
  • [ ] 关注丨网络关键设备安全检测结果（第17批）
  • [ ] 荐读丨“十五五”时期未来产业十大趋势研判
  • [ ] 安全简讯（2024.08.23）
  • [ ] 【漏洞通告】WordPress LiteSpeed Cache权限提升漏洞（CVE-2024-28000）
  • [ ] 【8/23特辑】今日热点漏洞，你排查了没？
  • [ ] 网络安全信息与动态周报2024年第33期（8月12日-8月18日）
  • [ ] 【火绒安全周报】男子伪造死亡证明逃避子女抚养费/丰田再次出现数据泄露
  • [ ] 2024国家网络安全周 | 华为邀请您相聚金秋广州，共同守护美好的智能世界
  • [ ] DouPHP（CVE-2024-7917、代码分析xss）漏洞复现
  • [ ] 每周蓝军技术推送（2024.8.17-8.23）
  • [ ] 浅谈红队攻防之道-CobaltStrike钓鱼攻击集锦
  • [ ] AI时代 安全护航 | 三六零天御助力 SDC 2024
  • [ ] 加壳脱壳知识点总结——类加载、方法执行流程以及脱壳实战
  • [ ] 蚂蚁集团安全岗位招人
  • [ ] 循万变·见未来——XCon2024安全焦点信息安全技术峰会在京成功举办
  • [ ] 模糊测试平台SFUZZ V3.4惊喜升级 | 测试协议数突破200+，漏洞挖掘更全面
  • [ ] 研究揭示了阿尔茨海默病、脂质代谢和冠状动脉疾病之间的遗传联系
  • [ ] 漏洞预警 点企来 客服系统 getwaitnum sql注入漏洞
  • [ ] 网络安全的五大误区，你了解吗？
  • [ ] linux的TCP连接数量最大不能超过65535个，那服务器是如何应对百万千万的并发的？
  • [ ] 【训练营】强制跳转，我的网站怎么回事？
  • [ ] 家人们，咱安全圈可不兴“没苦硬吃”！
  • [ ] 职场黑神话：TA竟让天命打工人秒变苦命猴子
  • [ ] 【HVV情报】2024-08-23
  • [ ] 每日安全动态推送(8-23)
  • [ ] 【聚焦】中国软件评测中心与中国兵器装备集团自动化研究所有限公司签署战略合作协议
  • [ ] 行业聚焦|新零售新问题
  • [ ] 自动识别Web蜜罐Chrome插件
  • [ ] 2024年游戏笔记本性价比推荐
  • [ ] 【LSP专享】助眠视频MY雪寒高清视频1V
  • [ ] 研究生课程《高等计算机网络》欢迎选课！
  • [ ] 一周网络安全速递
  • [ ] 美科学三院报告：《美国高磁场科学技术现状与未来发展方向》
  • [ ] 美国国防部与印度国防部达成供应链安全安排
  • [ ] 错误展示《黑神话悟空》客服电话，必应被曝AI信息抓取与处理存在缺陷；F5官方通告可导致会话固定与资源耗尽的高危安全漏洞
  • [ ] 原创丨 近期观察 全球网络安全动态
  • [ ] 原创丨F5报告显示：AI/ML及API网关成为应对中国市场API安全风险的关键
  • [ ] 关于Windows远程桌面许可服务存在远程代码执行漏洞的安全公告
  • [ ] 护网吃瓜：最全分析中介与蓝队的纠纷，相关人员已报警。
  • [ ] 美国防部发布2023财年“网络评估计划”开展情况（上篇）
  • [ ] 联合主办| 外滩大会：以AI守护AI，大模型时代的攻守之道
  • [ ] VMware替换需重点关注这件事，可能直接影响迁移的成败
  • [ ] 深信服零信任已率先完成鸿蒙Next适配
  • [ ] 国内外网络安全热点情报（2024年第32期）
  • [ ] 多国网络安全机构联合发布新的事件记录日志和威胁检测指南
  • [ ] 高可用平台来了！产品可用性、稳定性及可靠性再次提升！
  • [ ] 再获鸿蒙认可，爱加密力保信创产业平稳发展！
  • [ ] 爱加密正式成为统信UOS主动安全防护计划（UAPP）成员单位！
  • [ ] Litespeed曝高速缓存漏洞，威胁数百万WordPress网站
  • [ ] GitHub Actions 工件在热门项目中被发现泄露身份验证令牌
  • [ ] “蓝屏事件”阴魂不散，微软安全更新导致Linux系统无法启动
  • [ ] 大模型安全风险、防护治理与法治建设
  • [ ] 五眼+日韩等多国网络安全机构发布新的事件日志记录和威胁检测最佳实践指南
  • [ ] 好消息|CISP-DSO数据安全官不再要求前置证书，可直接报考！
  • [ ] CVE-2024-38856：Apache OFBiz远程代码执行漏洞
  • [ ] 北京市卫生健康大数据与政策研究中心《互联网诊疗电子病历管理技术规范（试行）》
  • [ ] 深入解析：10大身份认证技术的关键特点
  • [ ] 为什么高管层是首要网络攻击目标
  • [ ] 奇安信：APT攻击、勒索软件已成2024年最大网络威胁
• 安全客-有思想的安全新媒体
  • [ ] CISA 将大华 IP 摄像头、Linux 内核和 Microsoft Exchange Server 漏洞添加到已知利用漏洞目录中
  • [ ] SolarWinds解决了Web Help Desk中的硬编码凭证问题
  • [ ] 新的“ALBeast”漏洞暴露了AWS应用负载均衡器中的弱点
  • [ ] CrowdStrike再次遇到“性能问题”，导致系统运行缓慢
  • [ ] Android 恶意软件使用 NFC 在 ATM 机上窃取资金
  • [ ] 网络攻击扰乱了美国芯片制造商Microchip Technology的运营
  • [ ] 信息窃取恶意软件在macOS中窃取加密钱包和浏览器凭证
  • [ ] 在全球酒店和办公室使用的 RFID 卡中发现了硬件后门
  • [ ] 《黑神话：悟空》疯狂24小时：爆火下的网络安全陷阱
  • [ ] 严重 GitHub Enterprise Server 身份验证绕过缺漏洞（CVE-2024-6800）已修复
• Recent Commits to cve:main
  • [ ] Update Fri Aug 23 22:28:30 UTC 2024
  • [ ] Update Fri Aug 23 14:27:29 UTC 2024
  • [ ] Update Fri Aug 23 06:36:18 UTC 2024
• Security Boulevard
  • [ ] Enhancing School Safety with Cloud Monitor: A Powerful Cyber Safety Protection Tool
  • [ ] Audit: FBI is Losing Track of Storage Devices Holding Sensitive Data
  • [ ] Identities Aren’t for Sale: TSA Biometrics Technology and the Need for Consumer Consent
  • [ ] Pool Your Cybersecurity Resources to Build the Perfect Security Ecosystem
  • [ ] Pig Butchering at Heart of Bank Failure — CEO Gets 24 Years in Jail
  • [ ] CVE-2024-38178 Vulnerability within Microsoft Edge
  • [ ] CNAPP found identity problems. How are you fixing them?
  • [ ] The Hidden Dangers of Zombie and Shadow APIs—and Why Only Salt Security Can Tackle Them
  • [ ] Introducing Azure Boards Integration in Strobes
  • [ ] NTLM Credential Theft in Python Windows Applications
• Files ≈ Packet Storm
  • [ ] Ray cpu_profile Command Injection
  • [ ] Ray Agent Job Remote Code Execution
  • [ ] DiCal-RED 4009 Information Disclosure
  • [ ] DiCal-RED 4009 Outdated Third Party Components
  • [ ] DiCal-RED 4009 Log Disclosure
  • [ ] DiCal-RED 4009 Path Traversal
  • [ ] DiCal-RED 4009 Cryptography Failure
  • [ ] DiCal-RED 4009 Weak Hashing
  • [ ] DiCal-RED 4009 Missing Authentication
  • [ ] OX App Suite Cross Site Scripting / Denial Of Service
  • [ ] OX App Suite Frontend 7.10.6-rev44 Cross Site Scripting
  • [ ] UFONet 1.9
  • [ ] Ubuntu Security Notice USN-6980-1
  • [ ] Ubuntu Security Notice USN-6978-1
  • [ ] PlantUML 1.2024.6 Cross Site Scripting
  • [ ] Crime Complaints Reporting Management System 1.0 Shell Upload
  • [ ] Courier Management System 1.0 Cross Site Request Forgery
  • [ ] Company Visitor Management 1.0 SQL Injection
  • [ ] CMSsite 1.0 Shell Upload
  • [ ] Red Hat Security Advisory 2024-5446-03
  • [ ] CMS RIMI 1.3 Cross Site Request Forgery / File Upload
  • [ ] Client Management System 1.0 SQL Injection
  • [ ] CCMS Project 1.0 SQL Injection
  • [ ] Biobook Social Networking Site 1.0 SQL Injection
• Twitter @Nicolas Krassas
  • [ ] USDoD Hacker Behind $3 Billion SSN Leak Reveals Himself as Brazilian Citizen https://hackread.com/usdod-hacker-ssn-leak-reveals-brazilian-citizen/
  • [ ] LAPSUS$ is dead, long live HexaLocker? https://www.synacktiv.com/publications/lapsus-is-dead-long-live-hexalocker.html
  • [ ] How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System https://www.reddit.com/r/netsec/comments/1ezfx83/how_1_exposed_honeywe...
  • [ ] New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads https://thehackernews.com/2024/08/new-peaklight-dropper-dep...
  • [ ] Hackers now use AppDomain Injection to drop CobaltStrike beacons https://www.bleepingcomputer.com/news/security/hackers-now-use-appdomain-injection-to...
  • [ ] US oil giant Halliburton confirms cyberattack behind systems shutdown https://www.bleepingcomputer.com/news/security/us-oil-giant-halliburton-confirms...
  • [ ] SolarWinds Leaks Credentials In Hotfix https://packetstormsecurity.com/news/view/36250/SolarWinds-Leaks-Credentials-In-Hotfix.html
  • [ ] Google Patches Ninth Chrome Zero Day Of 2024 https://packetstormsecurity.com/news/view/36252/Google-Patches-Ninth-Chrome-Zero-Day-Of-2024.html
  • [ ] Over 83,000 customer data compromised in Alice's Table cloud breach https://www.scmagazine.com/brief/over-83000-customer-data-compromised-in-alices-ta...
  • [ ] Telecom to pay $1M over Biden deepfake robocalls https://www.scmagazine.com/brief/telecom-to-pay-1m-over-biden-deepfake-robocalls
  • [ ] US sues Georgia Tech over alleged cybersecurity failings as a Pentagon contractor https://go.theregister.com/feed/www.theregister.com/2024/08/23/us_ge...
  • [ ] Streaming vulnerabilities from Windows Kernel - Proxying to Kernel - Part I https://devco.re/blog/2024/08/23/streaming-vulnerabilities-from-windows-ke...
  • [ ] NTLM Credential Theft in Python Windows Applications https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-appli...
  • [ ] Greasy Opal's CAPTCHA solver still serving cybercrime after 16 years https://www.bleepingcomputer.com/news/security/greasy-opals-captcha-solver-still-...
  • [ ] Russian laundering millions for Lazarus hackers arrested in Argentina https://www.bleepingcomputer.com/news/legal/russian-laundering-millions-for-laza...
  • [ ] Defenders get a MoonPeak at North Korea’s malware backbone https://www.scmagazine.com/news/defenders-get-a-moonpeak-at-north-koreas-malware-backbone
  • [ ] Take a Selfie Using a NY Surveillance Camera https://www.schneier.com/blog/archives/2024/08/take-a-selfie-using-a-ny-surveillance-camera.html
  • [ ] Your iPhone isn’t safe from these four characters https://indianexpress.com/article/technology/tech-news-technology/iphone-ios-bug-spotlight-app-libr...
  • [ ] New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data https://thehackernews.com/2024/08/new-qilin-ransomware-attack-uses-vpn.html
  • [ ] Urgent Edge Security Update: Microsoft Patches Zero-day & RCE Vulnerabilities https://securityonline.info/urgent-edge-security-update-microsoft-patche...
• Tenable Blog
  • [ ] Cybersecurity Snapshot: Guide Unpacks Event-Logging Best Practices, as FAA Proposes Stronger Cyber Rules for Airplanes
• Private Feed for M09Ic
  • [ ] LloydLabs starred Dump-GUY/IDA_PHNT_TYPES
  • [ ] mitre made mitre/canonical-ubuntu-22.04-lts-stig-baseline public
  • [ ] gh0stkey released CaA 1.0 at gh0stkey/CaA
  • [ ] gh0stkey released HaE 3.3.2 at gh0stkey/HaE
  • [ ] INotGreen starred M0nster3/Beacon
  • [ ] nightRainy starred 0xrawsec/whids
  • [ ] Ak74-577 starred helviojunior/hookchain
  • [ ] yzddmr6 starred sgl-project/sglang
  • [ ] Ak74-577 starred lypd0/DeadPotato
  • [ ] Ak74-577 started following matthieu-hackwitharts
  • [ ] Ak74-577 started following 7etsuo
  • [ ] Ak74-577 starred 7etsuo/windows-api-function-cheatsheets
  • [ ] su18 starred Return-Log/Drive-Icon-Manager
  • [ ] phith0n starred httptoolkit/frida-interception-and-unpinning
  • [ ] 4ra1n started following sensensen404
  • [ ] Rvn0xsy starred InternLM/HuixiangDou
  • [ ] ourren starred poloclub/transformer-explainer
  • [ ] Rvn0xsy starred polywock/globalSpeed
  • [ ] esrrhs starred shadps4-emu/shadPS4
  • [ ] DVKunion starred fltenwall/web3-awesome
  • [ ] 4ra1n starred xinntao/Real-ESRGAN
  • [ ] spf13 forked spf13/asebiten from Frabjous-Studios/asebiten
  • [ ] evilashz started following passthehashbrowns
  • [ ] evilashz starred KiFilterFiberContext/warbird-obfuscator
  • [ ] INotGreen starred DamonMohammadbagher/NativePayload_RefPtr1
  • [ ] lz520520 starred DeEpinGh0st/MDUT-Extend-Release
  • [ ] Rvn0xsy starred netptop/siteproxy
  • [ ] INotGreen starred lampo1024/DncZeus
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • [ ] 循万变·见未来——XCon2024安全焦点信息安全技术峰会在京成功举办
  • [ ] 数据勒索团伙利用虚假 Windows 更新屏幕隐藏数据窃取行为
• Horizon3.ai
  • [ ] NTLM Credential Theft in Python Windows Applications
  • [ ] Traccar 5 Remote Code Execution Vulnerabilities
• ly0n.me
  • [ ] Understanding HTTP Error 500: Internal Server Error
• cloud world
  • [ ] [译] Range Over Function Types
• Reverse Engineering
  • [ ] Just built a simple JavaScript minification and obfuscation tool. Feedback welcome!
• Malwarebytes
  • [ ] Fake funeral “live stream” scams target grieving users on Facebook
• PortSwigger Blog
  • [ ] Try it for yourself: the latest PortSwigger Research from Black Hat USA
• SentinelOne
  • [ ] The Good, the Bad and the Ugly in Cybersecurity – Week 34
• Binary Ninja
  • [ ] Advanced UEFI Analysis with Binary Ninja
• obaby@mars
  • [ ] 姐姐，你也不想让别人知道你的秘密吧？ — 浅谈 Python 代码加密
• Exploit-DB.com RSS Feed
  • [ ] [webapps] Helpdeskz v2.0.2 - Stored XSS
  • [ ] [webapps] Calibre-web 0.6.21 - Stored XSS
• 安全牛
  • [ ] 信创&密评场景，用统一身份收敛“弱口令”问题
• FreeBuf网络安全行业门户
  • [ ] FreeBuf 周报 | 网易云音乐崩上热搜；丰田再发数据泄露事件
  • [ ] 抽3人送《黑神话：悟空》豪华版！
  • [ ] 官方强烈建议更新，关键漏洞影响GitHub Enterprise Server 所有版本
  • [ ] NGate安卓恶意软件可利用 NFC 窃取 ATM 内资金
  • [ ] 黑客炫耀世界上最大的ZIP炸弹，达到1148857344 Quettabytes
• 奇客Solidot–传递最新科技情报
  • [ ] 因致命蚊传病毒美国小镇建议居民晚上不要外出
  • [ ] 研究发现美国政治立场相反的夫妇仅占 8%
  • [ ] 全球海平面高度达到有记录以来最高点
  • [ ] Gartner 认为 AGI 至少需要 10 年，可能永远无法实现
  • [ ] 微软工程师薪水泄露
  • [ ] 狮门影业因捏造影评撤下《大都市》预告
  • [ ] 也门军火商在 X 上出售军火
  • [ ] 微软计划淘汰 Windows 控制面板
  • [ ] 惠普新笔记本捆绑 Google 应用
  • [ ] 饮用水含氟量超过推荐限制两倍与儿童 IQ 低相关
• 体验盒子
  • [ ] Flutter使用JsBridge方式处理Webview与H5通信
• 丁爸 情报分析师的工具箱
  • [ ] 【AI速读】窥探谎言：一个内鬼分析模型
• 代码卫士
  • [ ] 思科修复由NSA报送的两个高危漏洞
  • [ ] SolarWinds 修复 Web Help Desk 中的硬编码凭据漏洞
• Black Hills Information Security
  • [ ] How to Perform and Combat Social Engineering
• 奇安信病毒响应中心
  • [ ] 每周勒索威胁摘要
• 数世咨询
  • [ ] 深入解析：10大身份认证技术的关键特点
• secret club
  • [ ] Ring Around The Regex: Lessons learned from fuzzing regex libraries (Part 2)
• 安全研究GoSSIP
  • [ ] G.O.S.S.I.P 阅读推荐 2024-08-23 All Your Tokens are Belong to Us
• 关键基础设施安全应急响应中心
  • [ ] 大模型安全风险、防护治理与法治建设
  • [ ] 五眼+日韩等多国网络安全机构发布新的事件日志记录和威胁检测最佳实践指南
  • [ ] 美国知名军工芯片厂商因网络攻击生产能力受损
• dotNet安全矩阵
  • [ ] .NET安全入门：免杀空间/类/标识符
  • [ ] .NET 一款支持收集6种浏览器数据的工具
  • [ ] 2024hvv | 31套.NET系统漏洞威胁情报(08.23更新)
• 中国信息安全
  • [ ] 专题·大模型安全 | 大模型的安全发展与治理思考
  • [ ] 前沿 | 建设软件物料清单体系的国际经验和自主路径
  • [ ] 专家观点 | 人工智能的意识形态风险审视
  • [ ] 专家观点 | 筑牢安全防线 加强跨境数据流动治理
  • [ ] 评论 | 反网暴有法可依
  • [ ] 观点 | 把青少年模式打造成真正的网络安全阀
  • [ ] 评论 | 全链条打击治理跨境赌博犯罪
• 微步在线
  • [ ] 钓客服、打漏洞……钓鱼攻击或进入最后的疯狂
• 长亭科技
  • [ ] 长亭科技朱文雷：为梦想重燃创业引擎，以实战打造智能安全
  • [ ] 网安培训｜知道你需要，珂兰寺伙伴5期班就来了！
• CNCERT国家工程研究中心
  • [ ] Litespeed曝高速缓存漏洞，威胁数百万WordPress网站
  • [ ] GitHub Actions 工件在热门项目中被发现泄露身份验证令牌
  • [ ] “蓝屏事件”阴魂不散，微软安全更新导致Linux系统无法启动
• 网络空间安全科学学报
  • [ ] 网安要闻 | 工信部部长：发展卫星互联网，推进第六代移动通信（6G）网络技术研发
• 百度安全应急响应中心
  • [ ] 【内含中秋福利】速冲！百度地图&大模型专项众测，定额奖励，惊喜不断～
• 字节跳动技术团队
  • [ ] kitexcall：用 JSON 发起 RPC 请求的命令行神器
  • [ ] 捏Bot挑战｜瓜分30万现金，更有领克Z10一年使用权等你赢！
  • [ ] 意念玩《黑神话》指日可待？马斯克脑机接口最新进展，脑后插管打 CS 拼抢三杀！｜AGI 掘金资讯
• Beacon Tower Lab
  • [ ] 【0823】重保演习每日情报汇总
• 火绒安全
  • [ ] 【火绒安全周报】男子伪造死亡证明逃避子女抚养费/丰田再次出现数据泄露
• 极客公园
  • [ ] 车企招了一批「钢铁实习生」，它们是人形机器人进入现实的关键
  • [ ] 卖一台 SU7 亏 6 万？小米汽车的账不是这么算的
  • [ ] 网易：暴雪其他游戏将陆续回归；极越内部信通报「炮轰雷军亏钱卖车」一事；SpaceX将首次发射零重力薯片 | 极客早知道
• 情报分析师
  • [ ] 间谍行动背后：美国最令人不安的十个秘密计划
  • [ ] 开源情报信息，一网打尽！
• 360数字安全
  • [ ] 家人们，咱安全圈可不兴“没苦硬吃”！
  • [ ] 职场黑神话：TA竟让天命打工人秒变苦命猴子
• Over Security - Cybersecurity news aggregator
  • [ ] DOJ joins suit against Georgia Tech over cybersecurity failures with Defense Department
  • [ ] American Radio Relay League confirms $1 million ransom payment
  • [ ] Microsoft shares temp fix for Linux boot issues on dual-boot systems
  • [ ] Halliburton forced to take systems offline to contain cyberattack
  • [ ] New Windows 10 22H2 beta fixes memory leaks and crashes
  • [ ] Russian arrested in Argentina for laundering money for hackers
  • [ ] Hackers now use AppDomain Injection to drop CobaltStrike beacons
  • [ ] US oil giant Halliburton confirms cyberattack behind systems shutdown
  • [ ] HomeLab #1: ovftool
  • [ ] Suspect in $14 billion cryptocurrency pyramid scheme extradited to China
  • [ ] Local Networks Go Global When Domain Names Collide
  • [ ] Sintesi riepilogativa delle campagne malevole nella settimana del 17 – 23 agosto
  • [ ] Greasy Opal's CAPTCHA solver still serving cybercrime after 16 years
  • [ ] Russian laundering millions for Lazarus hackers arrested in Argentina
  • [ ] Restare davvero anonimi sui social network è più difficile di quanto pensiate - Il Post
  • [ ] Hackers are exploiting critical bug in LiteSpeed Cache plugin
• SANS Internet Storm Center, InfoCON: green
  • [ ] Pandas Errors: What encoding are my logs in?, (Fri, Aug 23rd)
  • [ ] ISC Stormcast For Friday, August 23rd, 2024 https://isc.sans.edu/podcastdetail/9110, (Fri, Aug 23rd)
• Schneier on Security
  • [ ] Friday Squid Blogging: Self-Healing Materials from Squid Teeth
  • [ ] Take a Selfie Using a NY Surveillance Camera
  • [ ] Surveillance Watch
• Instapaper: Unread
  • [ ] Decoding Time Leveraging Timestamps in Digital Forensic Investigations
  • [ ] China-linked APT Velvet Ant exploited zero-day to compromise Cisco switches
  • [ ] Andrea Lazzarotto, Digital Forensics Consultant and Developer
  • [ ] Incident Response by the Numbers
• The Hacker News
  • [ ] New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads
  • [ ] Webinar: Experience the Power of a Must-Have All-in-One Cybersecurity Platform
  • [ ] Focus on What Matters Most: Exposure Management and Your Attack Surface
  • [ ] New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data
  • [ ] New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data
  • [ ] Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group
• Security Affairs
  • [ ] Qilin ransomware steals credentials stored in Google Chrome
  • [ ] Phishing attacks target mobile users via progressive web applications (PWA)
  • [ ] Member of cybercrime group Karakurt charged in the US
  • [ ] New malware Cthulhu Stealer targets Apple macOS users
  • [ ] China-linked APT Velvet Ant exploited zero-day to compromise Cisco switches
• Troy Hunt's Blog
  • [ ] The Trouble with Procurement Departments, Resellers and Stripe
• TorrentFreak
  • [ ] Pirate IPTV Raid: 150+ Encoders, STBs, and Servers Seized, Operators Arrested
• Krebs on Security
  • [ ] Local Networks Go Global When Domain Names Collide
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • [ ] American Radio Relay League confirms $1 million ransom payment
• Technical Information Security Content & Discussion
  • [ ] How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System
  • [ ] Splitting the email atom: exploiting parsers to bypass access controls
  • [ ] NTLM Credential Theft in Python Windows Applications – Horizon3.ai
  • [ ] Vulnerabilities in Homepage Dashboard - Anvil Secure
• Social Engineering
  • [ ] Elicitation
• Your Open Hacker Community
  • [ ] I created a complex password by combining three different passwords from a list of 1500 passwords, but I forgot which three.
• Blackhat Library: Hacking techniques and research
  • [ ] Someone requested 2 factor authentication in SMS to my phone. How can I find out where it was requested from?
  • [ ] Educational series about a hacking syndicate with real-world engagements
• The Register - Security
  • [ ] US sues Georgia Tech over alleged cybersecurity failings as a Pentagon contractor
  • [ ] Uniting the brightest minds in security, network and cloud
• Information Security
  • [ ] Browsers that don't use sync encryption present a global privacy issue. Sensitive data is stored on third-party servers and can be opened by service providers. Additionally, bookmarks are stored in plaintext leaving unrestricted access if a computer gets a virus, trojan, malware, or compromised, etc
  • [ ] Slack AI Could be tricked into leaking your Sensitive Data
• Security Weekly Podcast Network (Audio)
  • [ ] Faking your own death, Fake Reviews, Solar Winds, Recall, Winux, Kubernetes, and More - SWN #409
  • [ ] The end of the road for some cyber startups & making detection actually work! - Vivek Bhandari, Vivek Ramachandran, Mike Lyborg, Brandon Potter - ESW #373