[每日信息流] 2024-09-11

[chainreactorbot]

每日安全资讯（2024-09-11）

• SecWiki News
  • [ ] SecWiki News 2024-09-10 Review
• Doonsec's feed
  • [ ] 马斯克控制着全球互联网接入的未来：权力大于政府？
  • [ ] 网络弹性法案：软件安全时代已经开始
  • [ ] 僵尸网络开发了新的攻击技术和基础设施
  • [ ] NoiseAttack：挑战人工智能防御的新型多目标后门攻击
  • [ ] 多重身份验证 (MFA)已被黑客突破了其防御
  • [ ] 作个骑行人
  • [ ] 推荐：图说安全年度打卡活动
  • [ ] 9.10hvv情报
  • [ ] 【漏洞预警】Apache Airflow<2.10.1 远程代码执行漏洞CVE-2024-45034
  • [ ] 黑龙江网络安全宣传周 | 安天以强大的系统安全能力守好北向高地
  • [ ] 俄罗斯军方王牌黑客部队近日遭美国曝光！
  • [ ] 你敢干 我就敢发
  • [ ] 一个在线快速搜集子域名的方法
  • [ ] 大学刚毕业，你的就业该如何选择.....
  • [ ] 秦安：特朗普还有戏吗？普京与美“预测帝”都看好哈里斯
  • [ ] 苏州 渗透 能打红队的优先
  • [ ] 盛邦安全权小文：多源异构数据融合技术在威胁情报实战化趋势下将“大有可为”
  • [ ] 记一次实战中解密JVMTI加密过的jar包
  • [ ] CVE-2024-43044 漏洞分析
  • [ ] 团队知识星球安利
  • [ ] 人民教师issy今天过节
  • [ ] 第40个教师节！白泽们祝系统软件与安全实验室全体老师教师节快乐！
  • [ ] 薪火相传启新程——电信安全启动2024届新员工导师辅导工作
  • [ ] 2024网安周 | 流量预警，多图来袭！一文看遍2024年网络安全博览会
  • [ ] 2024网安周 | 《网络安全人才实战能力白皮书-安全测试评估篇》正式发布
  • [ ] 2024网安周 | 2024年国家网络安全宣传周“网络安全技术高峰论坛主论坛暨粤港澳大湾区网络安全大会”在广州市举行
  • [ ] 发布 | 国家密码管理局发布《电子政务电子认证服务管理办法》全文
  • [ ] 2024网安周 | 2024年人工智能技术赋能网络安全应用测试结果公布
  • [ ] 发布 | 《粤港澳大湾区（内地、澳门）个人信息跨境流动标准合同实施指引》全文
  • [ ] 权威解读 | 《电子政务电子认证服务管理办法》
  • [ ] 发布 | 中国网络空间安全协会发布完成个人信息收集使用合规整改App清单
  • [ ] 【AI速读】以色列是如何影响美国政策的
  • [ ] 网络安全态势周报（9月2日-9月8日）2024年第35期
  • [ ] 【Nday】某户-ezOFFICE filesendcheck_gd SQL注入漏洞【附poc】
  • [ ] 天然益生菌存在于出生后不久的肠道
  • [ ] 通天星CMSV6车载定位监控平台 getAlarmAppealByGuid SQL注入漏洞复现及POC
  • [ ] 2024网安周 | 启明星辰基于智能体的安全防护体系实践
  • [ ] 实战技巧｜通过内存读取todesk连接密码
  • [ ] 实战｜记一次某系统的渗透测试
  • [ ] 一文学会DNS隧道搭建
  • [ ] 祝山石安研院全体安全讲师们教师节快乐！
  • [ ] 国内首个终端能力联盟成立 他们想做个啥？
  • [ ] 第六批专精特新“小巨人”企业名单发布 网络安全企业入榜
  • [ ] BRICKS&IT厂商渠道伙伴生态联谊城市沙龙/杭州站即将开启
  • [ ] 查找和利用泄露的代码签名证书
  • [ ] 【司令5w！报名开启】OSRC与13家SRC邀您加入双11安全保卫战
  • [ ] 慢雾出品 | Web3 项目安全手册
  • [ ] 热搜第一！韩国N号房2.0事件大爆发，Deepfake究竟有多“邪恶”？
  • [ ] SonicWall SSL VPN曝出高危漏洞，可能导致防火墙崩溃
  • [ ] AI大模型新型噪声攻击曝光，可绕过最先进的后门检测
  • [ ] 如何使用VeilTransfer评估和提升组织的数据安全态势
  • [ ] 技术详解 | Divide and Conquer：ZK除法中隐藏的漏洞
  • [ ] 【安全圈】全国首例！三名程序员在虚拟币钱包中植入“后门”，窃取上万条用户密码
  • [ ] 【安全圈】美国一 AI 公司因非法收集面部数据被罚超 3000 万欧元
  • [ ] 【安全圈】McAfee 识别出 280 多个虚假安卓应用，可能会窃取加密货币钱包
  • [ ] 【安全圈】黑客背刺同行，向对方发送信息窃取软件
  • [ ] 2024年网安周｜协同共建，绿盟科技深度参与网安周活动
  • [ ] 绿盟亮点追踪・网安周第二日精彩速递
  • [ ] 2024网安周特辑 | 网安人的隐藏身份：平凡瞬间的超能力
  • [ ] 网安小侦探（三）xa0|xa0隐私逃脱大作战：究竟谁动了我的信息？
  • [ ] 教师节u2002|u2002师恩深似海，鲲鹏志向高
  • [ ] 实战 | 某外汇常用CMS通用未授权RCE
  • [ ] FTPBruter：一个FTP服务器暴力破解脚本
  • [ ] HW防守 | 记一次供应链钓鱼事件的分析
  • [ ] 央视揭秘：勒索病毒攻击频发 如何防范？
  • [ ] 2024网安周：助力粤港澳大湾区网络安全产业高质量发展
  • [ ] u200b奇安信中标知名财险公司安全软硬件维保项目
  • [ ] 国家密码管理局 | 电子政务电子认证服务管理办法
  • [ ] 《电子政务电子认证服务管理办法》解读
  • [ ] 美军特战部队首次展示WiFi“网络爆破”新技能
  • [ ] 全球瞭望｜网络安全重大事件精选（137期）
  • [ ] 美国网络安全漏洞披露管理情况研究
  • [ ] 周鸿祎出席中国产业转移发展对接活动（云南） 以人工智能赋能云南承接产业转移
  • [ ] 在大湾区，探索“数据跨境”的安全密码
  • [ ] 个人版6.0功能升级 | 新增DHCP检测和ARP防护两大工具
  • [ ] 高级持续性威胁 (APT) 攻击指南
  • [ ] 贝壳SRC助力｜司令5w！14家SRC邀您加入双11安全保卫战
• 安全客-有思想的安全新媒体
  • [ ] 黑客利用 GeoServer 漏洞植入后门和僵尸网络恶意软件
  • [ ] 北卡罗来纳州男子因涉嫌AI生成音乐欺诈在流媒体平台窃取版税面临刑事指控
  • [ ] Progress Software 修复了 LoadMaster 中的一个严重漏洞（CVE-2024-7591）
  • [ ] 新的 Android SpyAgent 恶意软件使用 OCR 窃取加密钱包恢复密钥
  • [ ] 支付网关遭到网络攻击，170 万张信用卡信息泄露
  • [ ] Veeam Backup & Replication 的远程代码执行漏洞可能很快会被勒索软件团伙利用
  • [ ] Blind Eagle 威胁组织利用定制 Quasar RAT 攻击哥伦比亚保险业
  • [ ] Akira 勒索软件行为者利用 SonicWall 漏洞实现远程代码执行
  • [ ] 新型RAMBO攻击利用RAM无线电信号从物理隔离网络中窃取数据
  • [ ] 吹响开学第一哨，北京邮电大学&360专业实习实训项目开班
• Files ≈ Packet Storm
  • [ ] GitHub sqlpad/sqlpad Template Injection / Remote Code Execution
  • [ ] Spring Cloud Data Flow Remote Code Execution
  • [ ] PowerVR DEVMEMXINT_RESERVATION::ppsPMR Use-After-Free
  • [ ] Ubuntu Security Notice USN-6997-1
  • [ ] OX App Suite Backend 7.10.6-rev66 / 8.24.7 Open Redirect
  • [ ] Ubuntu Security Notice USN-6996-1
  • [ ] Proxmark3 4.18994 Custom Firmware
  • [ ] Ubuntu Security Notice USN-6841-2
  • [ ] Red Hat Security Advisory 2024-6510-03
  • [ ] Red Hat Security Advisory 2024-6508-03
  • [ ] Ubuntu Security Notice USN-6994-1
  • [ ] Red Hat Security Advisory 2024-6503-03
  • [ ] Red Hat Security Advisory 2024-6502-03
  • [ ] Red Hat Security Advisory 2024-6501-03
  • [ ] Prison Management System 1.0 Add Administrator
  • [ ] Red Hat Security Advisory 2024-6500-03
  • [ ] Red Hat Security Advisory 2024-6499-03
  • [ ] Red Hat Security Advisory 2024-6497-03
  • [ ] Red Hat Security Advisory 2024-6495-03
  • [ ] Online Survey System 1.0 Remote File Inclusion
  • [ ] Red Hat Security Advisory 2024-6494-03
  • [ ] Red Hat Security Advisory 2024-6493-03
  • [ ] Online Student Grading System 1.0 SQL Injection
  • [ ] Red Hat Security Advisory 2024-6488-03
  • [ ] Online Marriage Registration System 1.0 Shell Upload
• Trustwave Blog
  • [ ] Trustwave SpiderLabs Research: Phishing Behind 49% Attacks Against Financial Institutions
• paper - Last paper
  • [ ] DarkHotel APT 组织 Observer 木马攻击分析
• 奇安信攻防社区
  • [ ] 2024 SEKAI-CTF（nolibc speedpwn life_simulator_2）
  • [ ] 浅谈如何让钓鱼攻击无所遁形
• Twitter @Nicolas Krassas
  • [ ] RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software https://www.bleepingcomputer.com/news/security/ransomhub-ransomware-abuses-ka...
  • [ ] Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2024-patch-tues...
  • [ ] 4 CVE exploited in the wild, on Microsoft's Patch CVE-2024-43491 - 9.8 - Microsoft Windows Update Remote Code Execution Vulnerability CVE-2024-38014 -...
  • [ ] Wix to block Russian users starting September 12 https://www.bleepingcomputer.com/news/legal/wix-to-block-russian-users-starting-september-12/
  • [ ] Mustang Panda Feeds Worm-Driven USB Attack Strategy https://www.darkreading.com/cyberattacks-data-breaches/mustang-panda-worm-driven-usb-attack
  • [ ] Russia's Top Secret Military Unit Reportedly Plots Undersea Cable Sabotage https://packetstormsecurity.com/news/view/36315/Russias-Top-Secret-Military...
  • [ ] Flipper Zero releases Firmware 1.0 after three years of development https://www.bleepingcomputer.com/news/hardware/flipper-zero-releases-firmware-10-a...
  • [ ] CISA Breaks Silence On Controversial Airport Security Bypass Vulnerability https://packetstormsecurity.com/news/view/36316/CISA-Breaks-Silence-On-Cont...
  • [ ] Getting code execution on Veeam through CVE-2023-27532 https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/
  • [ ] Re @sch_cor https://www.youtube.com/watch?v=Vh2-Oa1x7xM&t=61s
  • [ ] Ivanti Issues Patch for Critical Vulnerabilities in Endpoint Manager, Including CVE-2024-29847 (CVSS 10.0) https://securityonline.info/ivanti-issues-p...
  • [ ] Crypto scams rake in $5.6B a year for cyberscum lowlifes, FBI says https://go.theregister.com/feed/www.theregister.com/2024/09/10/crypto_scams_rake_in...
  • [ ] Quad7 botnet operation expands targeting, infrastructure https://www.scmagazine.com/brief/quad7-botnet-operation-expands-targeting-infrastructure
  • [ ] UltraAV acquires almost 1M US Kaspersky clients https://www.scmagazine.com/brief/ultraav-acquires-almost-1m-us-kaspersky-clients
  • [ ] Browser Stored Credentials https://ipurple.team/2024/09/10/browser-stored-credentials/
  • [ ] SAP Security Patch Day – September 2024 https://www.reddit.com/r/netsec/comments/1fdeno6/sap_security_patch_day_september_2024/
  • [ ] Man Faces 20 Years in Prison for First-Ever AI Music Streaming Scam https://hackread.com/man-faces-prison-first-ever-ai-music-streaming-scam/
  • [ ] CloudGoat Official Walkthrough Series: ‘glue_privesc’ https://rhinosecuritylabs.com/cloud-security/cloudgoat-walkthrough-glue_privesc/
  • [ ] Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia https://thehackernews.com/2024/09/experts-identify-3-chinese-linked.h...
  • [ ] National Public Data breach underscores the need for stronger digital identities https://www.scmagazine.com/perspective/national-public-data-breach-un...
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • [ ] 2024网安周 | 中国网络安全创新创业大赛，梆梆安全荣获解决方案二等奖
  • [ ] 梆梆安全首批入驻海淀网信办网络安全公共服务平台，实力推助产业融合发展新生态
  • [ ] 再度登榜 | 梆梆安全入选CCIA2024年中国网安产业竞争力50强
  • [ ] 《人工智能安全治理框架》1.0版发布
  • [ ] 新的 RAMBO 攻击利用隔离计算机中的 RAM 窃取数据
• Security Boulevard
  • [ ] How SOAR Automation is Boosting MSSP Revenue Without Replacing Human Workers
  • [ ] Manufacturing, Industrial Sectors Are Under Siege
  • [ ] USENIX Security ’23 – Decompiling x86 Deep Neural Network Executables
  • [ ] Delinea Survey Surfaces Spike in Cybersecurity Insurance Claims
  • [ ] Daniel Stori’s Turnoff.US: ‘Who Killed MySQL? – Epilogue’
  • [ ] How One Consultancy Behemoth Uses HYAS for Unrivaled Cybersecurity
  • [ ] How Effective Threat Hunting Programs are Shaping Cybersecurity
  • [ ] The First Set of Post-Quantum Cryptography Standards Are Out. What Should You Do Next?
  • [ ] USENIX Security ’23 – Can a Deep Learning Model for One Architecture Be Used for Others? Retargeted-Architecture Binary Code Analysis
  • [ ] Phishing Via Typosquatting and Brand Impersonation: Trends and Tactics
• Private Feed for M09Ic
  • [ ] BishopFox made BishopFox/local-llm-ctf public
  • [ ] mgeeky starred tijme/conferences
  • [ ] 4ra1n released 0.1.0 at 4ra1n/poc-runner
  • [ ] Rvn0xsy starred chen08209/FlClash
  • [ ] b1nhack starred google/syzkaller
  • [ ] kpcyrd starred memorysafety/zlib-rs
  • [ ] zer0yu starred ystyle/jvms
  • [ ] TideSec released v2.4.1 修复Bug at TideSec/TscanPlus
  • [ ] zer0yu started following unam4
  • [ ] 4ra1n started following Passer6y
  • [ ] zer0yu starred unam4/fineldapc
  • [ ] zer0yu starred pyenv-win/pyenv-win
  • [ ] glzjin starred qemus/qemu-docker
  • [ ] evilashz starred CBLabresearch/PhantomExecution
  • [ ] zer0yu started following Ape1ron
  • [ ] zer0yu starred Ape1ron/davinci
  • [ ] zema1 started following Passer6y
  • [ ] glzjin starred newsnowlabs/runcvm
  • [ ] FunnyWolf starred praetorian-inc/goffloader
  • [ ] timwhitez made timwhitez/Doge-DNSptr public
  • [ ] wabzsy starred pomerium/pomerium
  • [ ] timwhitez starred timwhitez/ProxyVerifier
  • [ ] zer0yu starred Rvn0xsy/Qpipe
  • [ ] INotGreen starred INT2ECALL/CloudAuditTool
  • [ ] INotGreen started following INT2ECALL
  • [ ] timwhitez created a repository timwhitez/unlock
  • [ ] niudaii starred Rvn0xsy/Qpipe
  • [ ] gh0stkey starred rpm-software-management/dnf
  • [ ] yuligesec starred Ape1ron/davinci
  • [ ] 1n7erface started following Whoopsunix
• Recent Commits to cve:main
  • [ ] Update Tue Sep 10 22:27:26 UTC 2024
  • [ ] Update Tue Sep 10 14:37:08 UTC 2024
  • [ ] Update Tue Sep 10 06:36:14 UTC 2024
• 一个被知识诅咒的人
  • [ ] 深入解析Go语言的容器包
  • [ ] Go语言中的队列与栈：基础与实践
• CXSECURITY Database RSS Feed - CXSecurity.com
  • [ ] C-MOR Video Surveillance 5.2401 Path Traversal
  • [ ] C-MOR Video Surveillance 5.2401 / 6.00PL01 SQL Injection
  • [ ] SerComm Network Device Backdoor Detection
• contagio mobile
  • [ ] 2024-09-05 SPYAGENT Android Malware Stealing Crypto Credentials via Image Recognition / OCR Samples
• Tenable Blog
  • [ ] Microsoft’s September 2024 Patch Tuesday Addresses 79 CVEs (CVE-2024-43491)
• Bug Bounty in InfoSec Write-ups on Medium
  • [ ] Optimal Ethical Hacker Setup for Penetration Testing
  • [ ] Mastering Reconnaissance with Nmap: Unveiling Your Target’s Secrets
  • [ ] Would you mind to tell me what your bank balance is? No? Okay, I’ll hack it.
  • [ ] My recon methodology for hunting CVE-2021–42063 led to discovering an RXSS vulnerability in the…
  • [ ] Unauthorized Deletion of Forms by Low-Level Unlicensed Users: A 500$ Access Control Bug
  • [ ] What is WAF? & Secret Techniques to Bypass It
  • [ ] 850$ IDOR:Unauthorized Session Revokation of any user
  • [ ] Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
  • [ ] A Story About How i Found CVE-2020–27838 in TVH responsible disclosure
• Horizon3.ai
  • [ ] Stay Ahead of Cyber Threats with Autonomous Penetration Testing
  • [ ] Unveiling NodeZero Tripwires™: Horizon3.ai Enhances Penetration Testing with Integrated Threat Detection
• Trail of Bits Blog
  • [ ] Sanitize your C++ containers: ASan annotations step-by-step
• blog.avast.com EN
  • [ ] Are you having the right conversations about online safety with your kids?
• SpiderLabs Blog
  • [ ] Trustwave SpiderLabs Research: 20% of Ransomware Attacks in Financial Services Target Banking Institutions
• GuidePoint Security
  • [ ] Hazard Ransomware – A Successful Broken Encryptor Story
• Reverse Engineering
  • [ ] Reverse Engineering SIP based door intercom/control system
  • [ ] Reverse Engineering a Kernel Driver challenge
• FreeBuf网络安全行业门户
  • [ ] FreeBuf早报 | Wifi路由器成为僵尸网络Quad7目标；去年美国加密货币诈骗超56亿
  • [ ] WhatsApp“阅后即焚”功能曝漏洞，黑客可反复查看
  • [ ] 热搜第一！韩国N号房2.0事件大爆发，Deepfake究竟有多“邪恶”？
  • [ ] SonicWall SSL VPN曝出高危漏洞，可能导致防火墙崩溃
• 安全牛
  • [ ] 《电子政务电子认证服务管理办法》发布；京东、淘宝等62款APP完成个人信息收集使用合规整改 | 牛览
  • [ ] AI风险审计方法论
• 奇客Solidot–传递最新科技情报
  • [ ] CrowdStrike 称尚未有客户正式提起诉讼
  • [ ] 欧盟裁决 Google 违反反垄断法，苹果需补缴 130 亿欧元税款
  • [ ] 全国人大审议延迟退休草案
  • [ ] Apple Watch 引入睡眠呼吸暂停检测功能
  • [ ] 首例脸部和眼睛移植手术一年后
  • [ ] 英伟达 AI 芯片在中国的租赁费用比美国便宜
  • [ ] 实体版《星鸣特攻》成为热门收藏品
  • [ ] 年轻卵泡能恢复衰老卵母细胞发育潜力
  • [ ] Redox OS 0.9.0 释出
  • [ ] 巴基斯坦科技行业对本国的防火墙忧心忡忡
  • [ ] AMD 宣布统一 GPU 架构为 UDNA
  • [ ] 达斯·维德配音演员 James Earl Jones 去世，享年 93 岁
  • [ ] 苹果发布 iPhone 16 和 iPhone 16 Plus
• Dhole Moments
  • [ ] Invisible Salamanders Are Not What You Think
• 奇安信 CERT
  • [ ] FreeBSD umtx释放后重用漏洞(CVE-2024-43102)安全风险通告
  • [ ] 【已复现】Apache OFBiz 服务端请求伪造漏洞(CVE-2024-45507)安全风险通告第二次更新
• 代码卫士
  • [ ] 越制裁越猖狂？商业间谍软件使用激增
  • [ ] FreeBSD紧急提醒注意严重漏洞CVE-2024-43102
• 安全内参
  • [ ] 网络攻击影响学区运行，美国西雅图上万学生被迫停课2天
  • [ ] 淘宝京东等62款知名App完成个人信息收集使用合规整改
• 知道创宇404实验室
  • [ ] 威胁情报 | DarkHotel APT 组织 Observer 木马攻击分析
• 看雪学苑
  • [ ] 新课来袭 | WMBa0带你领略Android逆向的魅力！在CTF赛场上所向披靡
  • [ ] 2024年网安周｜绿盟科技：网安新十年，持续释放网安赋能关键力
  • [ ] URLDNS反序列化利用链
  • [ ] WhatsApp“阅后即焚”功能可被绕过
• 丁爸 情报分析师的工具箱
  • [ ] 【AI速读】以色列是如何影响美国政策的
• 我的安全视界观
  • [ ] 推荐：图说安全年度打卡活动
• ChaMd5安全团队
  • [ ] 第四届“长城杯”网络安全大赛暨京津冀网络安全技能竞赛（初赛）by Mini-Venom
• dotNet安全矩阵
  • [ ] .NET 一款白名单编译器执行负载的工具
  • [ ] .NET内网实战：通过命令行解密Web.config
  • [ ] .NET 一款无Python环境下支持运行脚本的渗透工具
• 青藤云安全
  • [ ] 青藤获评CNVD年度最具价值漏洞报送单位
• 安全研究GoSSIP
  • [ ] G.O.S.S.I.P 阅读推荐 2024-09-10 名师教你学之《后量子密码算法标准介绍》
• 中国信息安全
  • [ ] 2024网安周 | 流量预警，多图来袭！一文看遍2024年网络安全博览会
  • [ ] 2024网安周 | 《网络安全人才实战能力白皮书-安全测试评估篇》正式发布
  • [ ] 2024网安周 | 2024年国家网络安全宣传周“网络安全技术高峰论坛主论坛暨粤港澳大湾区网络安全大会”在广州市举行
  • [ ] 发布 | 国家密码管理局发布《电子政务电子认证服务管理办法》全文
  • [ ] 2024网安周 | 2024年人工智能技术赋能网络安全应用测试结果公布
  • [ ] 发布 | 《粤港澳大湾区（内地、澳门）个人信息跨境流动标准合同实施指引》全文
  • [ ] 权威解读 | 《电子政务电子认证服务管理办法》
  • [ ] 发布 | 中国网络空间安全协会发布完成个人信息收集使用合规整改App清单
• 情报分析师
  • [ ] 【实战】使用开源情报破解谋杀案（一）
  • [ ] 幕后操控者：美国情报界合同授予专报分析
• 安全圈
  • [ ] 【安全圈】全国首例！三名程序员在虚拟币钱包中植入“后门”，窃取上万条用户密码
  • [ ] 【安全圈】美国一 AI 公司因非法收集面部数据被罚超 3000 万欧元
  • [ ] 【安全圈】McAfee 识别出 280 多个虚假安卓应用，可能会窃取加密货币钱包
  • [ ] 【安全圈】黑客背刺同行，向对方发送信息窃取软件
• 中通安全应急响应中心
  • [ ] 关于中通SRC恢复漏洞测试的通知
• 网络空间安全科学学报
  • [ ] 《网络空间安全科学学报》编辑部恭祝各位教育工作者教师节快乐！
• 极客公园
  • [ ] 售价 20000 的三折叠，居然真是当下手机的「最优解」？
  • [ ] iPhone 16 系列发布，AI 功能明年进中国；百度辟谣放弃通用大模型研发；快手贾樟柯共创 AI 电影 | 极客早知道
  • [ ] AI 时代首款 iPhone 发布，意味着 AiPhone 时代到来了吗？
• 火绒安全
  • [ ] 个人版6.0功能升级 | 新增DHCP检测和ARP防护两大工具
• 阿里安全响应中心
  • [ ] 司令5w！报名开启｜14家SRC邀您加入双11安全保卫战
• DataCon大数据安全分析竞赛
  • [ ] 知识之光，照亮一生！致敬每一位师者（评论有奖）
• 慢雾科技
  • [ ] 慢雾出品 | Web3 项目安全手册
• 数世咨询
  • [ ] 攻击者正在以创纪录的速度利用漏洞——以下是应对措施
  • [ ] 聚焦实战型安全测评人才培养 《网络安全人才实战能力白皮书-安全测试评估篇》在国家网安周正式发布
• 嘶吼专业版
  • [ ] 新的 RAMBO 攻击利用隔离计算机中的 RAM 窃取数据
  • [ ] 《人工智能安全治理框架》1.0版发布
• 默安科技
  • [ ] 谈谈俄乌战场攻防欺骗之道
• 网安国际
  • [ ] InForSec祝各位老师节日快乐！
• 360数字安全
  • [ ] 周鸿祎出席中国产业转移发展对接活动（云南） 以人工智能赋能云南承接产业转移
  • [ ] 在大湾区，探索“数据跨境”的安全密码
• 字节跳动技术团队
  • [ ] 字节跳动开放计算最佳实践，亮相2024开放计算中国峰会
  • [ ] 运维效率大幅提升，字节跳动在OpenBMC可观测上的创新实践
• 国家互联网应急中心CNCERT
  • [ ] CNVD漏洞周报2024年第36期
  • [ ] 上周关注度较高的产品安全漏洞(20240902-20240908)
  • [ ] 2024年人工智能技术赋能网络安全应用测试结果公布
• CNVD漏洞平台
  • [ ] 2023年度CNVD优秀单位（个人）表彰名单
• 纽创信安
  • [ ] 喜报 | 纽创信安荣获国家级专精特新“小巨人”企业称号
• Securityinfo.it
  • [ ] ESET scopre NGate, malware per Android che sfrutta l’NFC per clonare le carte di pagamento
• Qualys Security Blog
  • [ ] Microsoft and Adobe Patch Tuesday, September 2024 Security Update Review
• Tails - News
  • [ ] Tails 6.7
• IT Service Management News
  • [ ] Cyber-attacco in Svizzera, muore una mucca. Lezioni sulla digitalizzazione
• Unsupervised Learning
  • [ ] UL NO. 449: China Hits US ISPs, NIST CSF 2.0, Russian Intel Attacks, Stagnant Companies...
• SANS Internet Storm Center, InfoCON: green
  • [ ] Microsoft September 2024 Patch Tuesday, (Tue, Sep 10th)
  • [ ] ISC Stormcast For Tuesday, September 10th, 2024 https://isc.sans.edu/podcastdetail/9132, (Tue, Sep 10th)
• Schneier on Security
  • [ ] New Chrome Zero-Day
• The Hacker News
  • [ ] CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub
  • [ ] Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia
  • [ ] Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches
  • [ ] New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers
  • [ ] Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments
• The Register - Security
  • [ ] Crypto scams rake in $5.6B a year for cyberscum lowlifes, FBI says
  • [ ] Thanks, Edward Snowden: You propelled China to quantum networking leadership
• Graham Cluley
  • [ ] The AI Fix #15: AI robot butlers and gigawatt banana highways
• Full Disclosure
  • [ ] KL-001-2024-012: VICIdial Authenticated Remote Code Execution
  • [ ] KL-001-2024-011: VICIdial Unauthenticated SQL Injection
  • [ ] OXAS-ADV-2024-0005: OX App Suite Security Advisory
• Krebs on Security
  • [ ] Bug Left Some Windows PCs Dangerously Unpatched
• Security Current
  • [ ] Oren Koren, Co-founder & CPO, Veriti
• Instapaper: Unread
  • [ ] The Watermarking Paradox
  • [ ] Network Forensics With Wireshark
  • [ ] GMDSOFT Tech Letter How YouTube Cache Files Reveal User Behavior
  • [ ] TeamItaly, il 13 settembre la presentazione della squadra ufficiale che parteciperà all’European Cybersecurity Challenge 2024
  • [ ] Experts demonstrated how to bypass WhatsApp View Once feature
  • [ ] Guerre di Rete - Il caso Telegram
  • [ ] Il 57% dei contenuti presenti su internet è generato dall’AI, e questo non è un bene
• Social Engineering
  • [ ] How to get the truth about a male friend from girlfriend.
• Over Security - Cybersecurity news aggregator
  • [ ] Bug Left Some Windows PCs Dangerously Unpatched
  • [ ] Chinese ‘Crimson Palace’ espionage campaign keeps hacking Southeast Asian governments
  • [ ] Microsoft fixes Windows Server performance issues from August updates
  • [ ] Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score
  • [ ] New PIXHELL acoustic attack leaks secrets from LCD screen noise
  • [ ] Ivanti fixes maximum severity RCE bug in Endpoint Management software
  • [ ] Windows 10 KB5043064 update released with 6 fixes, security updates
  • [ ] RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software
  • [ ] Microsoft fixes Windows Smart App Control zero-day exploited since 2018
  • [ ] Windows 11 KB5043076 cumulative update released with 19 changes
  • [ ] Feds say ‘Terrorgram’ white supremacists used Telegram to incite attacks
  • [ ] Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
  • [ ] Wix to block Russian users starting September 12
  • [ ] Firmware 1.0 Released
  • [ ] Wix.com to block Russian users starting September 12
  • [ ] CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog
  • [ ] Flipper Zero releases Firmware 1.0 after three years of development
  • [ ] Navigating Endpoint Privilege Management: Insights for CISOs and Admins
  • [ ] Microsoft to start force-upgrading Windows 22H2 systems next month
  • [ ] The Re-Emergence of CVE-2024-32113: How CVE-2024-45195 has amplified Exploitation Risks
  • [ ] Ukrainian detained for allegedly installing CCTV cameras to aid Russian attacks
  • [ ] Washington state school district closed for second day after cyberattack
  • [ ] Russian pro-democracy nonprofit investigates alleged data breach by Kremlin-backed hackers
  • [ ] NoName ransomware gang deploying RansomHub malware in recent attacks
  • [ ] Security Training Lab: Educational Program for Universities
  • [ ] A new TrickMo saga: from Banking Trojan to Victim's Data Leak
  • [ ] ESET scopre NGate, malware per Android che sfrutta l’NFC per clonare le carte di pagamento
  • [ ] Threat Intelligence - Vulnerability insights
  • [ ] Weekly IT Vulnerability Report for August 28, 2024 – September 03, 2024
• Tor Project blog
  • [ ] New Release: Tails 6.7
• Security Affairs
  • [ ] Quad7 botnet evolves to more stealthy tactics to evade detection
  • [ ] Poland thwarted cyberattacks that were carried out by Russia and Belarus
  • [ ] U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog
  • [ ] Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals
• Deep Web
  • [ ] does goru anime's and these kinda stuff exists in deep web?
• Technical Information Security Content & Discussion
  • [ ] Browser Stored Credentials
  • [ ] Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
  • [ ] CloudGoat Official Walkthrough Series: ‘glue_privesc’
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • [ ] Ethical hacking
  • [ ] Best way for me to pivot into web app security?
  • [ ] Seeking Guidance on SecOps Certified AppSec Practitioner (SCAP) - Advice for Preparation
  • [ ] Temporary Mail Recovery
• Information Security
  • [ ] My entire ISO 27001 Information Security Toolkit+ ITIL & Project Management Templates - Free
  • [ ] Thought I’d seen everything.
  • [ ] Sality malware execution process
  • [ ] Risk Discussion: TOTP's in PW Managers
  • [ ] Digital Identity
• Computer Forensics
  • [ ] Anyone got Sumuri Recon Lab or Axiom to parse Unified Logs?
• NetSPI
  • [ ] Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
• Palo Alto Networks Blog
  • [ ] Using Time in Your Favor During a Ransomware Attack
• TorrentFreak
  • [ ] Sky Calls Out IPTV Piracy Facilitators, Including Cloudflare & Facebook
  • [ ] Verizon Asks Court to Dismiss Music Labels’ Piracy Liability Lawsuit
• Security Weekly Podcast Network (Audio)
  • [ ] AI Trucks, Solid Concrete, Sonicwall, Progress, Rust, Apple, and more... - SWN #412
  • [ ] Paying Down Tech Debt, Rust in Firmware, EUCLEAK, Deploying SSO - ASW #298
  • [ ] Cybersecurity and the Business - Theresa Lanowitz - BSW #363