chainreactors / picker

将你的repo变为讨论社区

GNU General Public License v3.0

104 stars 19 forks source link

[每日信息流] 2024-09-04 #638

Open chainreactorbot opened 3 weeks ago

chainreactorbot commented 3 weeks ago

每日安全资讯（2024-09-04）

SecWiki News
- [ ] SecWiki News 2024-09-03 Review
Trustwave Blog
- [ ] CMMC 2.0: A New Era of Cybersecurity for the Defense Industrial Base
Doonsec's feed
- [ ] 从广场舞到Win10录音机内录
- [ ] FastBee开源物联网平台download接口存在任意文件读取漏洞附POC
- [ ] 紫光档案管理系统selectFileRemote接口存在SQL注入漏洞附POC
- [ ] 俄罗斯黑客爆锤日本游戏公司|吃瓜网友挤爆黑客服务器
- [ ] 秦安：新时代“炮轰金门”或南海上演，解放军忍耐有限，剑指美军
- [ ] 秦安：战争还是赖账？马斯克称美国可能很快面临破产，有多重信号
- [ ] 王常胜：盖茨要释放基因蚊子猎杀世界上所有蚊子，想想也让人恐惧
- [ ] [24HW总结] 400+漏洞POC汇总
- [ ] 加密货币量化回测工具开发记录
- [ ] @商用密码企业，免费试用！国内首枚可商用的量子安全芯片有了（附检测报告）
- [ ] 通知 | 工信部就《电子认证服务管理办法（征求意见稿）》公开征求意见
- [ ] 外滩大会开幕主论坛议程来了！王坚、Michael I. Jordan等中外院士同台，凯文·凯利带来最新预测
- [ ] 基于密码的大模型安全治理的思考
- [ ] 系统被黑致使客户摄像头遭未授权访问，这家安防公司被罚超2000万元
- [ ] 针对中国用户的SLOW#TEMPEST 行动中DLL劫持分析
- [ ] sign加密小程序漏洞挖掘
- [ ] 9.3hvv情报
- [ ] 【漏洞预警】vim代码执行漏洞(CVE-2024-45306)
- [ ] “免费培训”的那些事
- [ ] GrayLog对接DLP并实现数据安全告警单独发送给员工主管
- [ ] Adobe ColdFusion （CVE-2023-26360 入侵了美国联邦民事执行局）漏洞分析，实现反弹思路，
- [ ] 中秋福利，速来参与！
- [ ] 某黑产最新远控服务端加载器详细分析
- [ ] 【CNVD证书get】某集团信息系统存在未授权漏洞
- [ ] Microsoft macOS 应用程序中的新缺陷可能允许黑客获得不受限制的访问权限
- [ ] GPS欺骗下基于多传感器融合的高级自动驾驶定位安全性
- [ ] SOA软件架构设计与开发-自动驾驶系统架构师在线证书培训课程（高级班）
- [ ] 重新定义汽车和智能出行物联网网络风险
- [ ] Telegram 真的是一个加密消息应用程序吗？
- [ ] 美国陆军程序平台简介
- [ ] 2024 年加密犯罪：杀猪和浪漫骗局
- [ ] 陆军对搭载尖端技术的新部队进行测试
- [ ] 强大的间谍软件漏洞引发新一轮“水坑”攻击
- [ ] 「POC」用友U8-Cloud系统接口RepAddToTaskAction存在SQL注入漏洞
- [ ] 从奥运会到TG创始人被捕：法国深陷DDoS漩涡
- [ ] 杀软识别工具 - Antivirus-Scan
- [ ] 倒计时1天 | CertiK韩国区块链周活动即将开始！
- [ ] 【要闻】习近平：培养德智体美劳全面发展的社会主义建设者和接班人
- [ ] 【资讯】工信部消费品工业司就《轻工业数字化转型实施方案（征求意见稿）》公开征求意见
- [ ] 【资讯】全国网安标委就国家标准《数据安全技术二手电子产品信息清除技术要求》征求意见稿公开征求意见
- [ ] 【资讯】呼和浩特市政府印发《加快推进“人工智能+”深度应用行动方案（2024—2026年）》
- [ ] 红队武器库漏洞利用工具合集整理-附地址
- [ ] 2024年“羊城杯”粤港澳大湾区网络安全大赛Misc 部分解析
- [ ] 影响WPS Office的两个任意代码执行漏洞分析
- [ ] 装x
- [ ] 我从开发转岗做网安的这一年
- [ ] 潜藏系统2个月未被发现，新型网络攻击瞄准中国高价值目标
- [ ] 因与媒体共享勒索事件实情，美国一研究人员被政府起诉
- [ ] MAT：一款针对MSSQL服务器的安全检测与审计工具
- [ ] 金和OA C6 jQueryUploadify SQL注入漏洞复现及POC
- [ ] 逻辑漏洞——验证码篇
- [ ] 【安全圈】发布3年后Windows 11终于超越Windows 10成为最受欢迎的PC游戏操作系统
- [ ] 【安全圈】马来西亚国家基建遭勒索攻击疑泄露超300GB数据
- [ ] 【安全圈】Durex India 的安全漏洞泄露了客户的个人数据
- [ ] 【安全圈】美国媒体巨头考克斯媒体集团宣称通过监听用户手机麦克风收集信息投放广告
- [ ] 动态 | 第四十五期安世加沙龙之企业出海合规与网络安全成功举办（线上）
- [ ] 安世加第四十五期沙龙视频及PPT | 李广林 / 安全总监 / 陌陌《互联网企业出海的数据安全实践》
- [ ] 安世加第四十五期沙龙视频及PPT | Alex Zhang / 新加坡某企业Tech Risk《新加坡企业风险评估实践》
- [ ] 入选领域最多、影响力最广泛！360上榜《2024网络安全十大创新方向》
- [ ] 渠道精英训练营——技术大比武荣誉榜
- [ ] 倒计时5天！与亚信安全相约第二十四届中国国际投资贸易洽谈会
- [ ] JavaWeb之Request请求和Response响应
- [ ] 九天之上安全之星
- [ ] 报名开启 | CCS 2024成都网络安全系列活动——“AI+网信安全”技术交流活动
- [ ] 关注 | 2024年国家网络安全宣传周将于9月9日至15日举办
- [ ] 专家解读 | 跨境数据传输政策的三大创新为北京自由贸易试验区注入发展新动能
- [ ] 预告 | 2024年度关键信息基础设施安全保护论坛将于9月21日在京举行
- [ ] 关注 | 网络安全知识手册正式发布！
- [ ] 一图读懂 | 强制性国家标准GB 44495－2024《汽车整车信息安全技术要求》
- [ ] 美国FTC宣布与Verkada达成295万美元和解协议
- [ ] 关于邀请参加2024年度关键信息基础设施安全保护论坛的函
- [ ] 公安部公布8种广告推广型网络黑灰产犯罪典型案例
- [ ] 航空安全系统曝严重漏洞，黑客可绕过安检进入驾驶舱
- [ ] 【Nday】FastBee开源物联网平台 download 任意文件下载漏洞【附poc】
Security Boulevard
- [ ] Award Finalist: Contrast Security Application Detection and Response
- [ ] Application Detection and Response: Understanding ADR’s Detection and Response Layers | Contrast Security
- [ ] Columbus Sues Expert, Fueling Debate About Ransomware Attack
- [ ] USENIX Security ’23 – Speculation At Fault: Modeling And Testing Microarchitectural Leakage Of CPU Exceptions
- [ ] Randall Munroe’s XKCD ‘Sky Alarm’
- [ ] Multicloud Security Architecture
- [ ] Iran Cyber Threat Resource Center: How to Navigate Amid Geopolitical Conflicts and Tensions
- [ ] USENIX Security ’23 – Ultimate SLH: Taking Speculative Load Hardening To The Next Level
paper - Last paper
- [ ] 魔形女再袭？最新 Android 通杀漏洞 CVE-2024-31317 分析与利用研究
安全客-有思想的安全新媒体
- [ ] 记某研究院多处漏洞复盘
- [ ] SAST｜UtopianCode从检测到治理：AI 助力代码漏洞修复
- [ ] 那些年奥运背后不可“松弛”的数据安全
- [ ] EDU拿敏感信息的骚思路
- [ ] 集权系列科普 | 想了解AD&攻击面？独家干货放送（上）
- [ ] 记一所中学的的SQL报错注入
- [ ] RansomHub 勒索软件集团在多个关键领域攻击 210 名受害者
- [ ] Lockbit 团伙声称对多伦多地区教育局（TDSB）发动袭击
- [ ] IT 员工因针对前雇主的 75 万美元网络勒索阴谋而被起诉
- [ ] 美国当局发布 RansomHub 勒索软件警报
- [ ] Cicada 勒索软件的新变体以 VMware ESXi 系统为目标
- [ ] 朝鲜黑客通过 Chrome 零日漏洞部署 FudModule Rootkit
- [ ] Verkada 在黑客查看敏感视频片段后面临300万美元的罚款
- [ ] 俄罗斯部长称 Telegram 首席执行官在内容审核方面“太自由”
- [ ] 数字政府新标杆！朝阳“City不City啊”？
- [ ] FBI 和 CISA 发布关于新威胁以及如何阻止勒索软件的联合建议
Files ≈ Packet Storm
- [ ] THC Tips, Tricks, And Hacks Cheat Sheet 20240903
- [ ] Vivavis HIGH-LEIT 4 / 5 Privilege Escalation
- [ ] Texas Instruments Fusion Digital Power Designer 7.10.1 Credential Disclosure
- [ ] No cON Name 2024 Call For Papers
- [ ] Ubuntu Security Notice USN-6973-4
- [ ] Taskhub 2.8.8 Insecure Settings
- [ ] Webpay E-Commerce 1.0 SQL Injection
- [ ] SPIP 4.2.9 Code Execution
- [ ] Ubuntu Security Notice USN-6984-1
- [ ] Ubuntu Security Notice USN-6983-1
- [ ] Online Traffic Offense 1.0 Cross Site Request Forgery
- [ ] Penglead 2.0 Cross Site Scripting
- [ ] PPDB 2.4-update 6118-1 Cross Site Request Forgery
- [ ] Online Travel Agency System 1.0 Arbitrary File Upload
- [ ] Red Hat Security Advisory 2024-6211-03
- [ ] Red Hat Security Advisory 2024-6210-03
- [ ] Red Hat Security Advisory 2024-6209-03
- [ ] Red Hat Security Advisory 2024-6195-03
- [ ] Red Hat Security Advisory 2024-6189-03
- [ ] Red Hat Security Advisory 2024-6187-03
- [ ] Red Hat Security Advisory 2024-6184-03
- [ ] Red Hat Security Advisory 2024-6162-03
- [ ] Red Hat Security Advisory 2024-6160-03
- [ ] Red Hat Security Advisory 2024-6159-03
- [ ] Red Hat Security Advisory 2024-6156-03
CXSECURITY Database RSS Feed - CXSecurity.com
- [ ] VICIdial Multiple Authenticated SQL Injection
- [ ] TVT NVMS-1000 Directory Traversal
- [ ] IntelliNet 2.0 Remote Root
- [ ] Vivavis HIGH-LEIT 4 / 5 Privilege Escalation
- [ ] Microsoft Exchange Privilege Escalation
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- [ ] 网络安全知识手册正式发布
- [ ] 恶意软件利用零日漏洞感染报废的AVTECH IP 摄像机
- [ ] 梆梆安全汽车信息安全测试平台荣获“2024年网络安全优秀创新成果大赛”优胜奖
- [ ] 实力认证 | 梆梆安全荣登“2024中国网络安全市场100强”榜单
- [ ] “粤盾-2024”广东省数字政府网络安全攻防演练开幕，梆梆安全以攻促防筑牢安全底线
- [ ] 最终议程 | EISS-2024企业信息安全峰会之深圳站（09.20/周五）
Recent Commits to cve:main
- [ ] Update Tue Sep 3 22:23:48 UTC 2024
- [ ] Update Tue Sep 3 14:40:57 UTC 2024
- [ ] Update Tue Sep 3 06:42:22 UTC 2024
Private Feed for M09Ic
- [ ] phith0n starred mpetazzoni/sseclient
- [ ] 4ra1n created a repository jar-analyzer/jar-analyzer.github.io
- [ ] zer0yu starred Pizz33/JoJoLoader
- [ ] evilashz starred TianNaYa/Linker-Beta
- [ ] evilashz starred TianNaYa/ProxyDll
- [ ] evilashz started following hasherezade
- [ ] 4ra1n started following zcgonvh
- [ ] killeven starred ufrisk/MemProcFS
- [ ] niudaii starred RhinoSecurityLabs/pacu
- [ ] wuhan005 released v0.0.4 at wuhan005/govalid
- [ ] zer0yu starred zero-peak/ZeroOmega
- [ ] niudaii starred TideSec/TscanPlus
- [ ] Ak74-577 started following 0xv1n
- [ ] Ak74-577 starred 0xv1n/RemoteSessionEnum
- [ ] gh0stkey starred agalwood/Motrix
- [ ] gh0stkey starred JJTech0130/TrollRestore
- [ ] niudaii starred securego/gosec
- [ ] niudaii started following damit5
- [ ] spf13 starred quasilyte/pathing
- [ ] spf13 starred LuigiVanacore/ebiten_extended
奇安信攻防社区
- [ ] EDR监测遭遇滑铁卢？无驱动技术让你轻松突破EDR！
- [ ] 远程访问木马Cybergate RAT的样本分析
Armin Ronacher's Thoughts and Writings
- [ ] Progress
Insinuator.net
- [ ] Disclosure: Potential Limitations of Apple ADE in Corporate Usage Scenarios
hn security
- [ ] Learning Rust for fun and backdoo-rs
Hexacorn
- [ ] Rundll32 and Phantom DLL lolbins
SentinelOne
- [ ] PinnacleOne ExecBrief | North Korean IT Worker Threat
Malwarebytes
- [ ] London’s city transport hit by cybersecurity incident
- [ ] City of Columbus tries to silence security researcher
Reverse Engineering
- [ ] GitHub - erfur/jadx-eval-method: PoC plugin for jadx-gui to evaluate methods and update decompiler output
- [ ] Desoldering ICs - NES and Gameboy (DMG)
blog.avast.com EN
- [ ] Ransomware attacks continue to increase in the US, UK, and Canada
PortSwigger Research
- [ ] Introducing the URL validation bypass cheat sheet
FreeBuf网络安全行业门户
- [ ] FreeBuf早报 | 伊朗APT组织攻击卫星设备；系统被黑导致安防公司被罚2000万
- [ ] 潜藏系统2个月未被发现，新型网络攻击瞄准中国高价值目标
- [ ] 因与媒体共享勒索事件实情，美国一研究人员被政府起诉
- [ ] ACSC 发布紧急网络安全警告：信息窃取恶意软件数量激增，威胁全面升级
rtl-sdr.com
- [ ] TechMinds: A Review of the RigExpert FobosSDR
Wallarm
- [ ] API Attack Surface: How to secure it and why it matters
安全牛
- [ ] 公安部公布8种广告推广型网络黑灰产犯罪典型案例
- [ ] 2024年国家网络安全宣传周将于9月9日至15日举办；工信部就《电子认证服务管理办法（征求意见稿）》公开征求意见 | 牛览
奇客Solidot–传递最新科技情报
- [ ] HPE 将继续向已故亿万富翁 Mike Lynch 追债
- [ ] 《雨中冒险》游戏开发者加入 Valve
- [ ] 面向掌机和游戏 PC 的发行版 PlaytronOS 释出首个 Alpha 版本
- [ ] 瑞典对儿童和青少年的屏幕使用时间设限
- [ ] 苹果与腾讯爆出微信佣金纠纷
- [ ] 国产 GPU 开发商象帝先大规模裁员
- [ ] 糖尿病会加速大脑衰老
- [ ] Google 高管警告 AI 未必能影响生产力
- [ ] Windows 11 超过 Windows 10 成为最流行的 PC 游戏操作系统
- [ ] 京都大学将启动用 iPS 细胞治疗糖尿病的临床试验
- [ ] 四天工作制在日本难以推广
- [ ] 微软称 Recall 的卸载选项是 Bug
Security Café
- [ ] AWS vs Azure: A “Secure by default” comparison
HackerNews
- [ ] 商业服务巨头 CBIZ 披露近 36000 名客户数据遭泄露
- [ ] 航空安全系统曝严重漏洞，黑客可绕过安检进入驾驶舱
- [ ] 疑俄 GRU 出手！德国空中交通管制中心遭受网络攻击
- [ ] 因与媒体共享勒索事件实情，美国一研究人员被政府起诉
- [ ] ACSC 发布紧急网络安全警告：信息窃取恶意软件数量激增，威胁全面升级
- [ ] 遭遇严重数据泄露事件后，这家公司宣布投入超 6 亿元升级安全系统
- [ ] 研究人员称，柬埔寨诈骗巨头自 2021 年以来处理了 490 亿美元的加密货币交易
- [ ] 微软观察到伊朗 APT 组织使用 Tickler 恶意软件攻击卫星设备
腾讯安全应急响应中心
- [ ] 【中秋众测】TSRC新活动重磅来袭，诚邀您的参与！
奇安信 CERT
- [ ] 【已复现】Jenkins Remoting 任意文件读取漏洞(CVE-2024-43044)安全风险通告
360漏洞云
- [ ] 荣耀巅峰，时代铭记！城市守护者计划正式发布！以青春之名，共筑安全防线，共守网络疆域！
代码卫士
- [ ] 研究员因与媒体分享被勒索盗取的数据遭起诉
- [ ] GitHub 评论被滥用于推送密码窃取恶意软件
关键基础设施安全应急响应中心
- [ ] 保障人工智能健康发展推进人工智能治理法治化
- [ ] 人工智能应用的网络安全风险解读
- [ ] 为什么所有账户（甚至测试账户）都需要强密码
雷神众测
- [ ] 雷神众测漏洞周报2024.08.26-2024.09.01
安全学术圈
- [ ] 2025年智能警务四川省重点实验室开放课题申请指南
安全内参
- [ ] 系统被黑致使客户摄像头遭未授权访问，这家安防公司被罚超2000万元
- [ ] 航空安全系统曝严重漏洞，黑客可绕过安检进入驾驶舱
dotNet安全矩阵
- [ ] .NET 一款支持NTLM实现横向移动的工具
- [ ] .NET 内网攻防实战电子报刊
慢雾科技
- [ ] 探索 Sui：高性能背后的技术与合约安全
中国信息安全
- [ ] 九天之上安全之星
- [ ] 报名开启 | CCS 2024成都网络安全系列活动——“AI+网信安全”技术交流活动
- [ ] 关注 | 2024年国家网络安全宣传周将于9月9日至15日举办
- [ ] 通知 | 工信部就《电子认证服务管理办法（征求意见稿）》公开征求意见
- [ ] 专家解读 | 跨境数据传输政策的三大创新为北京自由贸易试验区注入发展新动能
- [ ] 预告 | 2024年度关键信息基础设施安全保护论坛将于9月21日在京举行
- [ ] 关注 | 网络安全知识手册正式发布！
- [ ] 一图读懂 | 强制性国家标准GB 44495－2024《汽车整车信息安全技术要求》
安全圈
- [ ] 【安全圈】发布3年后Windows 11终于超越Windows 10成为最受欢迎的PC游戏操作系统
- [ ] 【安全圈】马来西亚国家基建遭勒索攻击疑泄露超300GB数据
- [ ] 【安全圈】Durex India 的安全漏洞泄露了客户的个人数据
- [ ] 【安全圈】美国媒体巨头考克斯媒体集团宣称通过监听用户手机麦克风收集信息投放广告
长亭科技
- [ ] “清华系”网安力量共创智能安全，长亭科技-华清未央共建联合实验室
- [ ] 多域联动、多维参与：长亭科技邀您共赴2024网安周！
补天平台
- [ ] 投稿 | 攻防社区投稿第四期，一起探讨HW实用指南
- [ ] 与补天众测一起共创团圆时刻！
- [ ] 补天校园GROW计划开学季，校园白帽的专属系列活动来啦！
情报分析师
- [ ] 情报共享与私营部门：美国情报机构的协作机制
- [ ] 俄罗斯与蒙古国合作战略分析
字节跳动技术团队
- [ ] 数据库顶会 VLDB 2024 论文解读｜ResLake: 字节跳动多机房资源统一管理系统解析
嘶吼专业版
- [ ] 恶意软件利用零日漏洞感染报废的AVTECH IP 摄像机
- [ ] 网络安全知识手册正式发布
国家互联网应急中心CNCERT
- [ ] CNVD漏洞周报2024年第35期
- [ ] 上周关注度较高的产品安全漏洞(20240826-20240901)
小米安全中心
- [ ] 小米中秋活动开始啦，礼盒兑换&漏洞翻倍在等你，冲鸭～
山石网科安全技术研究院
- [ ] 2024年羊城杯粤港澳大湾区网络安全大赛WP-PWN AK篇
360数字安全
- [ ] 入选领域最多、影响力最广泛！360上榜《2024网络安全十大创新方向》
- [ ] 渠道精英训练营——技术大比武荣誉榜
CNCERT国家工程研究中心
- [ ] 面对智能设备安全隐患，5个有效的解决策略
- [ ] 朝鲜黑客利用Chrome零日漏洞部署Rootkit
- [ ] 遭遇严重数据泄露事件后，这家公司宣布投入超6亿元升级安全系统
LuxSci
- [ ] LuxSci Establishes New Headquarters Offices in Cambridge, Mass.
极客公园
- [ ] 亲历者揭秘 OpenAI 崛起的关键：兴趣驱动的探索，而非目标导向的马拉松
- [ ] 苹果中国回应「iPhone 16 不支持微信」；《黑神话》预估收入超 57 亿；俞敏洪卸任两公司法人｜极客早知道
安全419
- [ ] 安全改造不是非要伤筋动骨 “免改造”或为数据安全升级新解法
- [ ] 新一批十家人工智能服务软件通过备案一家网安企业入选
希潭实验室
- [ ] 第103篇：对一个加密混淆的java内存马的反混淆实战分析
D3Lab
- [ ] Nuova Campagna di Phishing diffonde malware Android EagleSpy
Over Security - Cybersecurity news aggregator
- [ ] FTC: Over $110 million lost to Bitcoin ATM scams in 2023
- [ ] Cryptocurrency industry faces ‘difficult to detect’ North Korean social engineering scams, FBI says
- [ ] Zyxel warns of critical OS command injection flaw in routers
- [ ] Chinese 'Spamouflage' operatives are mimicking disillusioned Americans online
- [ ] The government isn’t ready for cyber chaos in the food and agriculture sector
- [ ] New Windows PowerToy launches, repositions apps to saved layouts
- [ ] Indicted pair of foreign nationals were behind swatting attack on CISA director
- [ ] FBI warns crypto firms of aggressive social engineering attacks
- [ ] Clearview AI fined €30.5 million for unlawful data collection
- [ ] Dutch privacy watchdog fines Clearview AI $34 million for ‘illegal’ database of faces
- [ ] White House calls attention to ‘hard problem’ of securing internet traffic routing
- [ ] D-Link says it is not fixing four RCE flaws in DIR-846W routers
- [ ] Sextortion Scams Now Include Photos of Your Home
- [ ] CERT-In Advisory and WikiLoader Campaign: Comprehensive Overview of Recent Security Threats
- [ ] Verkada to pay $2.95 million for alleged CAN-SPAM Act violations
- [ ] Oil titan Halliburton confirms data was stolen in cyberattack
- [ ] FTC issues $3 million fine for security camera firm, issuing penalties for a range of violations
- [ ] Halliburton confirms data stolen in recent cyberattack
- [ ] Gli italiani si preoccupano dell’eredità digitale dei defunti
- [ ] Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads
- [ ] Cyberattack hits agency responsible for London’s transport network
- [ ] A deep dive into the most interesting incident response cases of last year
- [ ] Release Notes: New YARA Rules, Signatures, Config Extractors, and More
- [ ] Vidar insiste in Italia con campagne via PEC
- [ ] Nuova Campagna di Phishing diffonde malware Android EagleSpy
- [ ] IT threat evolution Q2 2024
- [ ] IT threat evolution in Q2 2024. Mobile statistics
- [ ] IT threat evolution in Q2 2024. Non-mobile statistics
- [ ] Blooms Today - 3,184,010 breached accounts
- [ ] Hacker russi sfruttano falle in Safari e Chrome: colpiti i dispositivi non aggiornati
- [ ] Learning Rust for fun and backdoo-rs
- [ ] Telemetry on Linux vs. Windows: A Comparative Analysis
DEF CON Announcements!
- [ ] Contest Results from DEF CON 32!
Have I Been Pwned latest breaches
- [ ] Blooms Today - 3,184,010 breached accounts
TrustedSec
- [ ] When on Workstation, Do as the Local Browsers Do!
Securityinfo.it
- [ ] Gli italiani si preoccupano dell’eredità digitale dei defunti
- [ ] Hacker russi sfruttano falle in Safari e Chrome: colpiti i dispositivi non aggiornati
Schneier on Security
- [ ] List of Old NSA Training Videos
SANS Internet Storm Center, InfoCON: green
- [ ] ISC Stormcast For Tuesday, September 3rd, 2024 https://isc.sans.edu/podcastdetail/9122, (Tue, Sep 3rd)
Securelist
- [ ] A deep dive into the most interesting incident response cases of last year
- [ ] IT threat evolution in Q2 2024. Non-mobile statistics
- [ ] IT threat evolution in Q2 2024. Mobile statistics
- [ ] IT threat evolution Q2 2024
Javvad Malik
- [ ] 200 Episodes of the Host Unknown Podcast
The Register - Security
- [ ] White House thinks it's time to fix the insecure glue of the internet: Yup, BGP
- [ ] UK trio pleads guilty to operating $10M MFA bypass biz
- [ ] Spamouflage trolls pretend to be American patriots on X, TikTok ahead of US presidential election
- [ ] Data watchdog fines Clearview AI $33M for 'illegal' data collection
- [ ] Transport for London confirms cyberattack, assures us all is well
- [ ] Application builders get ready
TorrentFreak
- [ ] Bell, Rogers & MPA’s Pirate IPTV Lawsuit is a Slow-Motion Money Pit Nightmare
- [ ] ‘Pirate’ Site nHentai Sued in U.S. Court for Copyright Infringement
Security Affairs
- [ ] VMware fixed a code execution flaw in Fusion hypervisor
- [ ] U.S. oil giant Halliburton disclosed a data breach
- [ ] Vulnerabilities in Microsoft apps for macOS allow stealing permissions
- [ ] Three men plead guilty to running MFA bypass service OTP.Agency
Krebs on Security
- [ ] Sextortion Scams Now Include Photos of Your Home
Qualys Security Blog
- [ ] Secure Your Business with Qualys’ New Cloud Agent Deployment using Qualys Scanner
Information Security
- [ ] Secure Data Stack: Navigating Adoption Challenges of Data Encryption
- [ ] Threat Hunting Certification
- [ ] Understanding Community Profiles in the NIST Cybersecurity Framework 2.0
- [ ] 📱 𝐂𝐨𝐦𝐦𝐨𝐧 𝐌𝐨𝐛𝐢𝐥𝐞 𝐓𝐡𝐫𝐞𝐚𝐭𝐬 𝐘𝐨𝐮 𝐍𝐞𝐞𝐝 𝐭𝐨 𝐊𝐧𝐨𝐰 🛡️
Trend Micro Research, News and Perspectives
- [ ] How AI Goes Rogue
Blackhat Library: Hacking techniques and research
- [ ] Bulk Gmail creation?
Your Open Hacker Community
- [ ] F5 networks firewall
- [ ] Establish connection via ftp post-exploit
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] How to NOT connect an AP in public beach
- [ ] Rate This System for Cybersecurity Purposes
Unsupervised Learning
- [ ] UL NO. 448: TSA SQLi, NYT Github, NK RPM, NVIDIA Mystery...
The Hacker News
- [ ] Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus
- [ ] New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems
- [ ] Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users
- [ ] Secrets Exposed: Why Your CISO Should Worry About Slack
- [ ] New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access
- [ ] Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt
Graham Cluley
- [ ] The AI Fix #14: There are two Rs in “strawberry”, and an AI makes unsmellable smells
Deeplinks
- [ ] Victory! California Bill To Impose Mandatory Internet ID Checks Is Dead—It Should Stay That Way
- [ ] EFF to Tenth Circuit: Protest-Related Arrests Do Not Justify Dragnet Device and Digital Data Searches
- [ ] Americans Are Uncomfortable with Automated Decision-Making
Social Engineering
- [ ] HackFest SECTF offering $2500 first prize
Computer Forensics
- [ ] Kape subsecond
Technical Information Security Content & Discussion
- [ ] EUCLEAK is a side-channel vulnerability that requires physical access to a YubiKey 5 Series prior to version 5.7 and (other Infineon based microcontrollers) allowing private key extraction. YSA-2024-03
- [ ] Why bother with argv[0]? It can deceive, break and corrupt your defences
- [ ] Exploiting Misconfigured GitLab OIDC AWS IAM Roles
- [ ] Analysis of CVE-2024-37084: Spring Cloud Remote Code Execution
- [ ] Learning Rust for fun and backdoo-rs
- [ ] From a GLPI patch bypass to RCE.
Full Disclosure
- [ ] CFP No cON Name 2024 - Barcelona
- [ ] Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1
- [ ] SCHUTZWERK-SA-2024-001: Privilege Escalation via Service Binary Hijacking in Vivavis HIGH-LEIT (CVE-2024-38456)
contagio
- [ ] 2024-09-02 ABYSS Ransomware Windows and Linux Samples
Security Weekly Podcast Network (Audio)
- [ ] Encryption - SWN Vault