chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

110 stars 19 forks source link

[每日信息流] 2024-08-29 #632

Closed chainreactorbot closed 1 month ago

chainreactorbot commented 2 months ago

每日安全资讯（2024-08-29）

SecWiki News
- [ ] SecWiki News 2024-08-28 Review
安全客-有思想的安全新媒体
- [ ] 黑客使用鲜为人知的隐秘技术攻击东南亚高级别组织
- [ ] Halliburton 遭受攻击，对全球能源行业产生影响
- [ ] WPML WordPress 插件中的严重漏洞影响了超 100 万个网站
- [ ] Versa Director 零日漏洞被利用来破坏 ISP 和 MSP （CVE-2024-39717）
- [ ] 研究人员揭露了臭名昭著的威胁行为者 USDoD
- [ ] Microsoft 365 Copilot 中漏洞允许攻击者窃取用户敏感信息
- [ ] HZ RAT后门软件 macOS 版本瞄准中国消息应用用户
- [ ] 网络攻击扰乱了西雅图-塔科马机场的运营
- [ ] 360告警：全球知名大模型框架被曝漏洞！或致AI设备集体失控
- [ ] 去年近 1/3 的公司遭受了 SaaS 数据泄露
奇安信攻防社区
- [ ] 初探UE4引擎逆向
Doonsec's feed
- [ ] 未来20多年可能减少2亿多人
- [ ] ISRC-2024中秋活动开启，师傅们“回家”了！！！
- [ ] AI大模型安全治理化繁为简的“道与术”
- [ ] 涉密人员的保密义务及工作中的具体要求（二）
- [ ] 内部分享平台视频课程更新通知
- [ ] 秦安：沙利文将访华，两党都放软话，继续金融围剿，还是刀兵相见
- [ ] 8.28hvv情报
- [ ] 【通知】第二届全国大学生开源情报数据采集与分析大赛
- [ ] 通过敏感参数所实现的CRLF注入
- [ ] 「漏洞复现」方天云智慧平台系统 setImg.ashx 文件上传漏洞
- [ ] 聚焦 | 2024中国国际大数据产业博览会在贵州贵阳开幕
- [ ] 聚焦 | 2024年中国网络文明大会在成都举行
- [ ] 关注 | 中欧数据跨境流动交流机制正式建立并举行第一次会议
- [ ] 以文明之光照亮网络家园——我国网络文明建设取得积极成效
- [ ] 专家观点 | 积极探索建立我国人工智能治理与应用指南制度
- [ ] 公安部：近年来累计抓获缅北涉诈嫌疑人5万余名
- [ ] 前沿 | AI赋能，助力电信网络诈骗的全链路识别
- [ ] 数据泄漏、被薅羊毛……小程序数据安全如何保障？
- [ ] 【HVV情报】2024-08-28
- [ ] 万字总结信息收集(全网最全)
- [ ] Windows TCP/IP IPv6 RCE POC复现(CVE-2024-38063)
- [ ] 12个高级端点安全关键特性防护方案
- [ ] 同道｜KCon 2024
- [ ] 记一次蓝队入侵检测-包括流量分析-主机入侵排查
- [ ] 全网首发_iOS逆向助手
- [ ] WPF 用户控件翻转与内部的内容控件反翻转
- [ ] 强推！4个游戏玩着玩着就会编程了
- [ ] 360胡振泉出席2024数博会：应对大模型数据安全风险要“以模制模”
- [ ] 全国政协、国家数据局等一行领导莅临360展位 “点赞”数据安全创新成果
- [ ] 360渠道精英成长训练营启航，携手共筑技术交付新高地！
- [ ] G.O.S.S.I.P 阅读推荐 2024-08-28 学点C++（C++ Insights）
- [ ] 2024半年报速览：科创攻坚焕活力韧性增长高质量
- [ ] 关于举办2024年《北京DCMM数据管理师认证培训与考试》的通知
- [ ] 中国软件评测中心牵头编制的四项团体标准送审稿审查会顺利召开
- [ ] 国家数据局重磅！刘烈宏发声
- [ ] 断网、崩溃！电信紧急回应
- [ ] 关于举办2024年中国网络安全创新创业大赛总决赛的通知
- [ ] 工信部通报21款侵害用户权益行为的APP（SDK）
- [ ] 存在严重供应链安全风险，MLOps平台曝20多个漏洞
- [ ] 实战 | 内存马分析查杀
- [ ] 论持续攻击面渗透测试的重要性
- [ ] 全程云OA UploadEditorFile接口存在任意文件上传漏洞附POC
- [ ] 朝鲜APT MuddyWater新变种恶意软件瞄准以色列网络安全
- [ ] 绿盟科技2024半年报：营收8亿，亏损2.55亿
- [ ] 十年前的今天，你预测到了未来 | FCIS2024大会十周年
- [ ] 微软Sway在大规模二维码钓鱼活动中被滥用
- [ ] 如何使用poutine检测代码库构建管道中的安全缺陷
- [ ] CVE-2024-38063(Windows TCP/IP IPv6远程拒绝服务/代码执行漏洞)复现（附POC）
- [ ] 【安全圈】美国哈利伯顿公司（Halliburton）遭受攻击，对全球能源行业产生影响
- [ ] 【安全圈】黑客使用鲜为人知的隐秘技术攻击东南亚高级别组织
- [ ] 【安全圈】微软Sway在大规模二维码钓鱼活动中被滥用
- [ ] 【安全圈】ServiceBridge泄露 3200万份文件，大量企业数据被曝光
- [ ] 每日安全动态推送(8-28)
- [ ] 技术详解 | CertiK揭示秘密修复的Solana核心漏洞
- [ ] 分享图片
- [ ] 网络攻击迫使美国超级机场IT系统瘫痪、航班延误
- [ ] 俄乌战争导致俄罗斯漏洞赏金计划蓬勃发展
- [ ] 【论文速读】| 基于大语言模型智能体对文本到图像模型进行越狱
- [ ] 【暗网数据泄露情报】 - 240828日报
- [ ] 薛定谔的「铁头」，终于这次被蜀黍锤爆了......
- [ ] 通过修复功能禁用 Cortex XDR
- [ ] 【0828】重保演习每日情报汇总
- [ ] 罚单 | 因数据问题某银行被罚90万
- [ ] 国家数据局：数据产业和企业数据资源开发利用政策即将出台
- [ ] 2024中国国际大数据产业博览会在贵阳开幕
- [ ] 财政部等六部门：加快实现市政基础设施数据的汇集、融合、服务和开放
- [ ] 工信部、国家标准委联合印发《物联网标准体系建设指南（2024版）》
- [ ] 一图读懂 | 物联网标准体系建设指南（2024版）
Security Boulevard
- [ ] Are Java Users Making Bad Oracle Java Migration Decisions?
- [ ] 3CX Phone System Local Privilege Escalation Vulnerability
- [ ] Exploits, Vulnerabilities and Payloads – Who Knew?
- [ ] Product Release: Selective Sync + Account Recovery
- [ ] Mythic 3.3 — Out of Beta
- [ ] Choosing the Right DSPM Vendor: The Map is Not the Territory
- [ ] Data Masking Challenges in Complex Data Environments and How to Tackle them
- [ ] DataDome Releases Fastly Compute Server-Side Integration
- [ ] Special Bulletin: US Election Phishing Alert
- [ ] China Cyberwar Coming? Versa’s Vice: Volt Typhoon’s Target
Tenable Blog
- [ ] AA24-241A : Joint Cybersecurity Advisory on Iran-based Cyber Actors Targeting US Organizations
- [ ] The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy
Files ≈ Packet Storm
- [ ] WordPress LiteSpeed Cache 6.3.0.1 Privilege Escalation
- [ ] Microsoft Windows IPv6 Memory Corruption
- [ ] WordPress GiveWP Donation / Fundraising Platform 3.14.1 File Deletion / Command Execution
- [ ] Qualcomm KGSL Mapping Issue
- [ ] Red Hat Security Advisory 2024-5930-03
- [ ] Red Hat Security Advisory 2024-5929-03
- [ ] Red Hat Security Advisory 2024-5908-03
- [ ] Red Hat Security Advisory 2024-5907-03
- [ ] Ubuntu Security Notice USN-6981-1
- [ ] MSMS-PHP 1.0 Insecure Settings
- [ ] Red Hat Security Advisory 2024-5906-03
- [ ] Mount Carmel School 6.4.1 Insecure Settings
- [ ] Laundry Management System 1.0 Remote File Inclusion
- [ ] File Management System 1.0 Arbitrary File Upload
- [ ] SPIP 4.2.2 Code Execution
Trustwave Blog
- [ ] Trustwave Named the Innovation Leader by Frost & Sullivan for the Americas and Europe
Twitter @Nicolas Krassas
- [ ] BlackSuit ransomware stole data of 950,000 from software vendor https://www.bleepingcomputer.com/news/security/blacksuit-ransomware-stole-data-of-950-...
- [ ] Vtiger CRM (<= 8.1.0) SQL Injection in MailManager module - Shielder https://www.reddit.com/r/netsec/comments/1f36k32/vtiger_crm_810_sql_injectionin...
- [ ] Building Forensic Expertise: A Two-Part Guide to Investigating a Malicious USB Device (Part 1) https://labs.jumpsec.com/building-forensic-expertise-a-...
- [ ] Iran's Pioneer Kitten hits US networks via buggy Check Point, Palo Alto gear https://go.theregister.com/feed/www.theregister.com/2024/08/28/iran_pione...
- [ ] Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking https://www.darkreading.com/threat-intelligence/attackers-exploit-critical-atla...
- [ ] New Tickler malware used to backdoor US govt, defense orgs https://www.bleepingcomputer.com/news/security/new-tickler-malware-used-to-backdoor-us-govt...
- [ ] Iranian hackers work with ransomware gangs to extort breached orgs https://www.bleepingcomputer.com/news/security/iranian-hackers-work-with-ransomware...
- [ ] Google increases Chrome bug bounty rewards up to $250,000 https://www.bleepingcomputer.com/news/google/google-increases-chrome-bug-bounty-rewards-up-t...
- [ ] Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability https://thehackernews.com/2024/08/fortra-issues-patch-for-high-risk.htm...
- [ ] Matthew Green on Telegram’s Encryption https://www.schneier.com/blog/archives/2024/08/matthew-green-on-telegrams-encryption.html
- [ ] Cybercrime And Sabotage Cost German Firms $300 Billion In Past Year https://packetstormsecurity.com/news/view/36267/Cybercrime-And-Sabotage-Cost-Germa...
- [ ] Hitachi Energy Vulnerabilities Plague SCADA Power Systems https://www.darkreading.com/ics-ot-security/hitachi-energy-vulnerabilities-plague-scada-powe...
- [ ] How AI Is Deciphering Lost Scrolls From The Roman Empire https://packetstormsecurity.com/news/view/36269/How-AI-Is-Deciphering-Lost-Scrolls-From-The-R...
- [ ] APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor https://thehackernews.com/2024/08/apt-c-60-group-exploit-wps-office-flaw.html
- [ ] Hunters International ransomware gang threatens to leak US Marshals data https://www.scmagazine.com/news/hunters-international-ransomware-gang-threate...
- [ ] Widespread QR code phishing targeted Microsoft 365 credentials https://www.scmagazine.com/brief/widespread-qr-code-phishing-targeted-microsoft-365-cre...
- [ ] Over 950K compromised in BlackSuit ransomware attack against Connexure https://www.scmagazine.com/brief/over-950k-compromised-in-blacksuit-ransomware-...
- [ ] Park'N Fly breach impacts nearly 1M https://www.scmagazine.com/brief/parkn-fly-breach-impacts-nearly-1m
- [ ] Guilty plea entered by ex-Verizon employee for spying for China https://www.scmagazine.com/brief/guilty-plea-entered-by-ex-verizon-employee-for-spying...
- [ ] RT Alisa Esage Шевченко: There is no RCE POC for CVE-2024-38063 currently, and the consensus of security researchers is that it would be ver...
Private Feed for M09Ic
- [ ] spf13 starred tnn1t1s/rodeo
- [ ] phra started following subat0mik
- [ ] phra starred subat0mik/Misconfiguration-Manager
- [ ] theLSA starred RubyMetric/chsrc
- [ ] theLSA starred seekbytes/IPA
- [ ] theLSA starred feder-cr/linkedIn_auto_jobs_applier_with_AI
- [ ] theLSA started following ynwarcs
- [ ] theLSA started following Elsfa7-110
- [ ] theLSA starred daVinci13/Exe2shell
- [ ] theLSA starred CyberAlbSecOP/Awesome_GPT_Super_Prompting
- [ ] theLSA starred nakst/gf
- [ ] theLSA starred waderwu/javaDeserializeLabs
- [ ] theLSA starred Raphire/Win11Debloat
- [ ] theLSA starred zeze-zeze/NamedPipeMaster
- [ ] theLSA starred XIU2/TrackersListCollection
- [ ] theLSA started following 0xmachos
- [ ] theLSA started following zhanghang1989
- [ ] theLSA starred guyrleech/Microsoft
- [ ] theLSA starred Esonhugh/KubernetesCS
- [ ] theLSA starred Kedreamix/Linly-Dubbing
- [ ] theLSA starred ynwarcs/CVE-2024-38063
- [ ] theLSA starred CykuTW/tsh-go
- [ ] theLSA starred SirAppSec/vuln-node.js-express.js-app
- [ ] theLSA starred dyang886/Game-Cheats-Manager
- [ ] theLSA starred Cyber-Dioxide/CyberPhish
- [ ] theLSA starred SafeBreach-Labs/WindowsDowndate
- [ ] theLSA starred c0r0n3r/dheater
Recent Commits to cve:main
- [ ] Update Wed Aug 28 22:31:38 UTC 2024
- [ ] Update Wed Aug 28 14:36:59 UTC 2024
- [ ] Update Wed Aug 28 06:34:57 UTC 2024
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- [ ] 电竞申奥成功，网络威胁日益凸显，安全防护至关重要
- [ ] 工信部通报17款涉嫌侵害用户权益的APP
- [ ] 新型 Styx 窃取程序攻击用户窃取登录密码
ongoing by Tim Bray
- [ ] Q Numbers Redux
obaby@mars
- [ ] 暴打渣男，耶✌️ — 《黑神话悟空》
Twitter @bytehx
- [ ] Re @joaxcar Congrats johan 🎉🎉🎉
Malwarebytes
- [ ] CODAC Behavioral Healthcare, US Marshalls are latest ransomware targets
Exploit-DB.com RSS Feed
- [ ] [webapps] NoteMark < 0.13.0 - Stored XSS
- [ ] [webapps] Gitea 1.22.0 - Stored XSS
- [ ] [webapps] Invesalius3 - Remote Code Execution
- [ ] [dos] Windows TCP/IP - RCE Checker and Denial of Service
Reverse Engineering
- [ ] Reverse engineering a Windows HDD firmware updater
- [ ] How to remove epoxy
Security Blog | Praetorian
- [ ] 3CX Phone System Local Privilege Escalation Vulnerability
FreeBuf网络安全行业门户
- [ ] 绿盟科技2024半年报：营收8亿，亏损2.55亿
- [ ] 蓝队面试，进阶
- [ ] 2024年第二季度漏洞利用和漏洞现状
- [ ] ServiceBridge泄露 3200万份文件，大量企业数据被曝光
- [ ] FreeBuf早报 | 全球石油巨头因网络攻击被迫关闭系统；ParkN Fly 100 万客户数据泄露
- [ ] 微软Sway在大规模二维码钓鱼活动中被滥用
奇客Solidot–传递最新科技情报
- [ ] 芬兰大批松树死亡令专家迷惑不解
- [ ] 研究发现经历极端高温能削弱气候变化阴谋论的可信度
- [ ] Z 世代和千禧一代很少接电话
- [ ] 加州理工新生女性首次超半数
- [ ] 为什么儿童不够专注
- [ ] 不同类型的爱激活大脑的不同部位
- [ ] 越来越多的大学生在 AI 帮助下写论文
- [ ] 韩国调查通过 Telegram 传播的深度伪造换脸淫秽影像案
- [ ] 微软将 Mono 项目捐赠给 Wine
rtl-sdr.com
- [ ] HackRF and Portapack Featured in Recent Linus Tech Tips Video
安全牛
- [ ] 【HVV前沿】积木报表组件（Jeecg-Boot）权限绕过漏洞分析
HackerNews
- [ ] 工信部：关于防范 SharpRhino 恶意软件的风险提示
- [ ] Mirai 僵尸网络发现新漏洞，能同时被攻守双方利用
- [ ] 微软 Sway 在大规模二维码钓鱼活动中被滥用
- [ ] erviceBridge 泄露 3200 万份文件，大量企业数据被曝光
- [ ] 开源 GPS 系统曝出两个高危漏洞
- [ ] PWA 网络钓鱼，针对 Android、iOS 金融欺诈活动
- [ ] Windows Downdate 工具“解除”Windows 系统的补丁，已修复漏洞变 0day
- [ ] 俄罗斯空袭关键基础设施后，乌克兰全境互联网中断
- [ ] 卡巴斯基发现 macOS 版 HZ RAT 后门瞄准中国消息应用程序用户
黑海洋 - WIKI
- [ ] Linux 设置全局代理
- [ ] 字节跳动.AI编程助手 - 火星活动（100%获得奖励）
鱼凫游民随笔
- [ ] 心经、黑客、我
Dhole Moments
- [ ] Introducing Alacrity to Federated Cryptography
看雪学苑
- [ ] 2024 KCTF 大赛 | 第六题《异星文明》设计思路及解析
- [ ] Uber因违反GDPR被罚款2.9亿欧元，全球科技巨头面临合规挑战
- [ ] 2024 KCTF赛况 | Nepnep 战队用时1小时22分45秒最快拿下第七题
- [ ] 零基础入门Android漏洞挖掘
奇安信威胁情报中心
- [ ] 近期值得关注的IOC（2024-08-28）
绿盟科技研究通讯
- [ ] 绿盟虚拟汽车及其优势
安全内参
- [ ] 网络攻击迫使美国超级机场IT系统瘫痪、航班延误
- [ ] 俄乌战争导致俄罗斯漏洞赏金计划蓬勃发展
安全研究GoSSIP
- [ ] G.O.S.S.I.P 阅读推荐 2024-08-28 学点C++（C++ Insights）
关键基础设施安全应急响应中心
- [ ] 全球石油巨头因网络攻击被迫关闭系统
- [ ] 开源GPS系统曝出两个高危漏洞
- [ ] 美国情报机构将扩大与私营部门合作建立更紧密的伙伴关系
慢雾科技
- [ ] 慢雾(SlowMist) 创始人受邀出席 2024 外滩大会，共探 Web3 新发展
天御攻防实验室
- [ ] 我们为什么没有抓到高端APT领导者的荷兰AIVD
安全喷子
- [ ] 软件供应链安全的部分理解
dotNet安全矩阵
- [ ] .NET 一款具备签名用于绕过防护的工具
- [ ] .NET 一款内网收集本地用户哈希的工具
- [ ] .NET 内网攻防实战电子报刊
代码卫士
- [ ] SonicWall 提醒注意严重的SonicOS 访问控制漏洞
- [ ] 英特尔的SGX 崩溃了？别慌！
黑哥虾撩
- [ ] 同道｜KCon 2024
字节跳动技术团队
- [ ] 有奖征集｜人人都是豆包MarsCode测评官！AirPods Pro！机械键盘、音响等你来拿
- [ ] Karpathy 都看呆了！8 岁女孩玩转 AI 编程，45 分钟打造聊天机器人｜AGI 掘金资讯
Beacon Tower Lab
- [ ] 【0828】重保演习每日情报汇总
嘶吼专业版
- [ ] 新型 Styx 窃取程序攻击用户登录密码
- [ ] 工信部通报17款涉嫌侵害用户权益的APP
情报分析师
- [ ] 2024年8月美国高科技企业人事任命动态
b1ngz的笔记本
- [ ] SaaS多租户自动化渗透平台-架构笔记
信息安全国家工程研究中心
- [ ] 2024第四届全国密码科普竞赛圆满落幕，工程中心荣获三等奖
- [ ] 国家安全机关特别提示：弱口令，高风险，速修改！
极客公园
- [ ] 游戏与实体业态共振，iQOO 在「宇宙电竞中心」打了个样
- [ ] 在 DAU 近 4 亿的快手上，创作者还能怎么玩？
- [ ] 在电商围剿战中，拼多多拿出了 100 亿元的弹药
- [ ] 传字节做「大模型研究院」，四处招人；小鹏 MONA M03 上市，11.98 万元起；美国大举「清洗」印度裔高管 | 极客早知道
美团安全应急响应中心
- [ ] 美团安全25届秋招启动，心动offer等你拿！
CNCERT国家工程研究中心
- [ ] 存在严重供应链安全风险，MLOps平台曝20多个漏洞
- [ ] Litespeed Cache 漏洞导致数百万 WordPress 网站遭受接管攻击
- [ ] Uber被罚3.25亿美元，因违反欧盟-美国数据传输相关条例
国家互联网应急中心CNCERT
- [ ] 网络安全信息与动态周报2024年第34期（8月19日-8月25日）
360数字安全
- [ ] 360胡振泉出席2024数博会：应对大模型数据安全风险要“以模制模”
- [ ] 全国政协、国家数据局等一行领导莅临360展位 “点赞”数据安全创新成果
- [ ] 360渠道精英成长训练营启航，携手共筑技术交付新高地！
bellingcat
- [ ] Footage Shows Kenyan Police Fired at Journalist Covering Protests
Have I Been Pwned latest breaches
- [ ] Sport 2000 - 3,189,643 breached accounts
KCon 黑客大会
- [ ] “同道”｜第十三届KCon大会后记（附公开PPT下载链接）
Security Current
- [ ] CISO Spotlight: Marcos Marrero, H.I.G. Capital CISO
SANS Internet Storm Center, InfoCON: green
- [ ] ISC Stormcast For Wednesday, August 28th, 2024 https://isc.sans.edu/podcastdetail/9116, (Wed, Aug 28th)
- [ ] Vega-Lite with Kibana to Parse and Display IP Activity over Time, (Tue, Aug 27th)
Posts By SpecterOps Team Members - Medium
- [ ] Mythic 3.3 — Out of Beta
Deeplinks
- [ ] Americans Are Uncomfortable with Automated Decision-Making
- [ ] Copyright Is Not a Tool to Silence Critics of Religious Education
Graham Cluley
- [ ] University criticised for using Ebola outbreak lure in phishing test
Trend Micro Research, News and Perspectives
- [ ] Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem
白泽安全实验室
- [ ] 警惕！黑客假冒Chrome或Firefox浏览器更新在全球范围内展开钓鱼攻击
The Register - Security
- [ ] Microsoft hosts a security summit but no press, public allowed
- [ ] Proof-of-concept code released for zero-click critical Windows vuln
- [ ] Iran's Pioneer Kitten hits US networks via buggy Check Point, Palo Alto gear
- [ ] Dick's Sporting Goods discloses cyberattack
- [ ] From Copilot to Copirate: How data thieves could hijack Microsoft's chatbot
- [ ] The ultimate dual-use tool for cybersecurity
- [ ] Woman uses AirTags to nab alleged parcel-pinching scum
- [ ] Chinese broadband satellites may be Beijing's flying spying censors, think tank warns
Cyber Security – Strategy and Innovation
- [ ] Leadership | Technology | Spirit
Over Security - Cybersecurity news aggregator
- [ ] South Korean hackers exploited WPS Office zero-day to deploy malware
- [ ] New Tickler malware used to backdoor US govt, defense orgs
- [ ] Employee arrested for locking Windows admins out of 254 servers in extortion plot
- [ ] US offers $2.5 million reward for hacker linked to Angler Exploit Kit
- [ ] Cisco: BlackByte ransomware gang only posting 20% to 30% of successful attacks
- [ ] Indagini francesi su Durov e problemi tra Israele e data leak scomodi su Telegram. Si tiene tutto, tranne Israele?
- [ ] Telegram CEO's arrest sparks flurry of questions over motivation, privacy impact
- [ ] PoorTry Windows driver evolves into a full-featured EDR wiper
- [ ] DICK’s shuts down email, locks employee accounts after cyberattack
- [ ] Google increases Chrome bug bounty rewards up to $250,000
- [ ] Iranian hackers work with ransomware gangs to extort breached orgs
- [ ] Fortra fixes critical FileCatalyst Workflow hardcoded password issue
- [ ] Intel officials say they anticipate more hacking attempts as US election nears
- [ ] Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver
- [ ] Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
- [ ] Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case
- [ ] The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks
- [ ] FBI: Iran working with ransomware gangs for attacks in US, Azerbaijan, UAE and Israel
- [ ] It's down to the wire—but you don’t have to miss mWISE
- [ ] DICK’s Sporting Goods says confidential data exposed in cyberattack
- [ ] Play ransomware hackers claim attack on US manufacturer Microchip Technology
- [ ] ‘Store now, decrypt later’: US leaders prep for quantum cryptography concerns
- [ ] 'Malfunction' at Dutch defense ministry datacenter causing mass disruption
- [ ] CVE-2024-39717 Exposes Critical Vulnerability in Versa Director
- [ ] Productivity app Notion to exit Russia, citing US sanctions
- [ ] UK Labour Party reprimanded over cyberattack backlog by privacy regulator
- [ ] Cresce il Phishing: Google, Facebook e Amazon nel mirino dei cybercriminali nel 2024
- [ ] BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks
- [ ] Rocinante: The trojan horse that wanted to fly
- [ ] Sport 2000 - 3,189,643 breached accounts
- [ ] Scammers Use ScreenConnect to Defraud SSA Beneficiaries
- [ ] La transizione verso la crittografia post-quantistica: prepararsi al futuro digitale
Unsupervised Learning
- [ ] UL NO. 447: Sam Curry on Bug Bounty Careers, Slack Data Exfil, The Work Lie
Technical Information Security Content & Discussion
- [ ] Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information
- [ ] Vtiger CRM (<= 8.1.0) Broken Access Control in Migration module - Shielder
- [ ] Vtiger CRM (<= 8.1.0) SQL Injection in MailManager module - Shielder
The Hacker News
- [ ] Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability
- [ ] APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor
- [ ] BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave
- [ ] CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports
- [ ] New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials
- [ ] Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution
Securityinfo.it
- [ ] Cresce il Phishing: Google, Facebook e Amazon nel mirino dei cybercriminali nel 2024
- [ ] La transizione verso la crittografia post-quantistica: prepararsi al futuro digitale
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] CloudTrail integration logs
Social Engineering
- [ ] how to make someone break up with you and think it's their idea?
TorrentFreak
- [ ] Pirate Sites, Billions of Visits, Wiped Out in Hours: Sifting the Fmovies Wreckage
Blackhat Library: Hacking techniques and research
- [ ] Pomppmpurin Robin Hood hack
- [ ] Can you spoof GPS without enabling Mock GPS in dev settings on Android?
- [ ] Infostealer Malware Infections Shed Light on Sanctioned Entities & Reveals New Targets for Global Crackdown
Schneier on Security
- [ ] Matthew Green on Telegram’s Encryption
Tor Project blog
- [ ] New Alpha Release: Tor Browser 14.0a3
Krebs on Security
- [ ] When Get-Out-The-Vote Efforts Look Like Phishing
Your Open Hacker Community
- [ ] Looking for vulnerable security camera for university project
- [ ] Format String Vulnerability: %n write arbitrary data: Missing piece
- [ ] I want to do the expressway roadmap from the pinned post, is there any alternative to the TCM course?
Computer Forensics
- [ ] Introducing TRACE: Toolkit for Retrieval and Analysis of Cyber Evidence
Security Affairs
- [ ] U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog
- [ ] Young Consulting data breach impacts 954,177 individuals
- [ ] BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085
- [ ] US offers $2.5M reward for Belarusian man involved in mass malware distribution
- [ ] U.S. CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog
Deep Web
- [ ] Where did they go?
Dark Space Blogspot
- [ ] Cosa Sono i Boardgame e L'Influenza su RPG e Videogame