chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

110 stars 19 forks source link

[每日信息流] 2024-09-12 #646

Closed chainreactorbot closed 1 month ago

chainreactorbot commented 2 months ago

每日安全资讯（2024-09-12）

Security Boulevard
- [ ] Vulnerability handling requirements for NIS2 compliance
- [ ] FFIEC Will Sunset the Cybersecurity Assessment Tool: Everything You Need to be Prepared
- [ ] USENIX Security ’23 – Differential Testing of Cross Deep Learning Framework APIs: Revealing Inconsistencies and Vulnerabilities
- [ ] Customer Story | Protecting Students and Data in Google Workspace at Santa Rita Union School District
- [ ] New Findings on the National Public Data Breach: Poor Security Measures and the Role of Infostealer Malware as a Possible Vector of Attack
- [ ] Microsoft Fixes Four 0-Days — One Exploited for SIX YEARS
- [ ] In Memoriam: 9/11 Victims
- [ ] Understand Blocked Requests Faster with Rule Tracing | Impart Security
- [ ] Can AI Help Fix Security Vulnerabilities?
- [ ] How to Handle Secrets in Go
Private Feed for M09Ic
- [ ] FunnyWolf starred gusye1234/nano-graphrag
- [ ] HuYlllc pushed to mal in chainreactors/malice-network
- [ ] CHYbeta starred steve-community/steve
- [ ] 4ra1n released 0.1.1 at 4ra1n/poc-runner
- [ ] mgeeky starred mnpg/Reolink_api_documentations
- [ ] CHYbeta starred tryretool/retool-onpremise
- [ ] mgeeky starred starkillerOG/reolink_aio
- [ ] timwhitez starred CBLabresearch/PhantomExecution
- [ ] zer0yu started following 7h30th3r0n3
- [ ] 4ra1n started following honmashironeko
- [ ] zer0yu starred wh1t3zer/SpringBootVul-GUI
- [ ] zer0yu started following hzysvilla
- [ ] zer0yu starred hzysvilla/Academic_LLM_Sec_Papers
- [ ] gh0stkey starred keystone-engine/keystone
- [ ] gh0stkey starred capstone-engine/capstone
- [ ] zer0yu starred stanfordnlp/dspy
- [ ] zer0yu starred QwenLM/Qwen-Agent
- [ ] pmiaowu starred alipay/ant-application-security-testing-benchmark
- [ ] zer0yu starred ProbiusOfficial/RCE-labs
- [ ] zer0yu started following ProbiusOfficial
- [ ] niudaii starred praetorian-inc/goffloader
- [ ] L-codes starred noraj/unisec
- [ ] gh0stkey starred rwu823/afloat
- [ ] gh0stkey starred fikovnik/ShiftIt
- [ ] gh0stkey starred Bluegrams/PinWin
- [ ] gh0stkey starred eczarny/spectacle
- [ ] DVKunion starred MarSeventh/CloudFlare-ImgBed
- [ ] Rvn0xsy starred LibraHp/GetQzonehistory
安全客-有思想的安全新媒体
- [ ] 联邦调查局起诉了两名涉嫌 WWH Club 暗网市场的管理员
- [ ] Predator 间谍软件更新了危险新功能，升级版更加难以追踪
- [ ] 美国 CISA 将 SonicWall SonicOS、ImageMagick 和 Linux 内核漏洞添加到其已知已利用漏洞目录中
- [ ] 美国联邦调查局称，加密货币诈骗每年为网络犯罪分子敛财 56 亿美元
- [ ] 新型 PIXHELL 攻击利用屏幕噪音从气隙计算机中窃取数据
- [ ] 网络人员短缺仍然是 CISO 面临的最大挑战
- [ ] CISA 确认 SonicWall 漏洞正在被利用（CVE-2024-40766）
- [ ] 微软在 Office 2024 中禁用默认 ActiveX 控件以提高安全性
- [ ] 微软修复了 4 个被利用的零日漏洞和一个导致早期安全修复失效的代码漏洞
- [ ] 在大湾区，探索“数据跨境”的安全密码
Trustwave Blog
- [ ] Insider Threats: The Hidden Enemy Within Financial Services
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- [ ] 新的 PIXHELL 声学攻击泄露液晶屏幕噪音机密
- [ ] 丈八网安获5000万元B轮融资加速网络仿真技术创新及应用实践
Doonsec's feed
- [ ] 2024年教师节的朋友圈
- [ ] 用友NC Cloud queryStaffByName接口存在SQL注入漏洞附POC
- [ ] 9.11hvv情报
- [ ] 【漏洞预警】Ivanti Endpoint Manager 未授权反序列化漏洞可导致远程代码执行
- [ ] 【版本更新】ProxyCat - 如猫咪般灵活的代理池中间件 v1.4 Release！
- [ ] 南方都市报：15家单位共同发出“促进网络数据安全与个人信息保护”倡议
- [ ] CCS 2024 | 国家漏洞库网络安全漏洞治理产业协同创新研讨活动成功举办
- [ ] 让互联网更好造福世界各国人民——世界互联网大会推动构建网络空间命运共同体迈向新阶段理论研讨会发言摘编
- [ ] 2024网安周 | 人工智能赋能数字安全座谈会在广州南沙召开
- [ ] 2024网安周 | 青少年网络保护分论坛在广州举办
- [ ] 2024网安周 | 以法治防范人工智能安全风险
- [ ] 通知 | 市场监管总局就《关于推动网络交易平台企业落实合规管理主体责任的指导意见（征求意见稿）》公开征求意见（附全文）
- [ ] 专家解读 | 建立规范与创新并重的电子认证服务框架——浅谈《电子认证服务管理办法（征求意见稿）》
- [ ] 盘点 | 中国互联网联合辟谣平台2024年8月辟谣榜
- [ ] 巧用文件名绕过白名单？
- [ ] 秦安：继续论持久战！乌部队这月难发工资，乌总统要秋末结束战争
- [ ] 王常胜：培养“接班人”战略是社会主义事业一切战略成败的根本！
- [ ] 语言特性 | JAVA IO类结构
- [ ] CCS2024 | 国家漏洞库网络安全漏洞治理产业协同创新研讨活动成功举办
- [ ] CCS 2024成都网络安全系列活动开幕
- [ ] CCS 2024系列活动之港澳蓉网络安全技术交流活动同步开启
- [ ] 丈八网安获5000万元B轮融资将加速网络仿真技术创新及应用实践
- [ ] 河南省数据要素赋能新型工业化城市行首场活动在信阳拉开帷幕
- [ ] 国家网信办等三部门发布《粤港澳大湾区（内地、澳门）个人信息跨境流动标准合同实施指引》
- [ ] 工信部发布《中小企业数字化水平评测指标（2024年版）》
- [ ] 市场监管总局发布《关于推动网络交易平台企业落实合规管理主体责任的指导意见（征求意见稿）》
- [ ] 天津市数据局发布《天津市深化数据要素市场化配置改革实施方案（征求意见稿）》
- [ ] 原创-人生哲学之处世经
- [ ] 探索软件定义汽车的安全攻击面
- [ ] 从应用软件安全角度看待互联网汽车安全
- [ ] 中国汽车基础软件信息安全研究报告 1.0
- [ ] 【资讯】民政部等部门发布《个人求助网络服务平台管理办法》
- [ ] 【资讯】发改委办公厅等部门发布《关于推动车网互动规模化应用试点工作的通知》
- [ ] 【资讯】长春市政数管理局印发《长春市数据产权登记管理办法》
- [ ] 【资讯】北京市经信局发布《关于组织开展2024年工业领域数据要素应用场景征集工作的通知》
- [ ] 2024金砖国家新工业革命伙伴关系论坛在厦门召开
- [ ] 安天智甲终端防御系统通过首批网络安全产品互联互通检测
- [ ] 欢迎报名!9月14日，工业互联网标识解析专题论坛不见不散 | 2024全球工业互联网大会
- [ ] Http2.0 请求头解压缩
- [ ] 2024蝰蛇信息安全实验室招新啦！
- [ ] 关于让钓鱼攻击无所遁形的浅谈
- [ ] 2024年国家网络安全宣传周“商用密码应用与创新发展研讨会”成功举办
- [ ] 探索网络安全新边界打造更具韧性的数字经济“生命线”
- [ ] 2024网安周 | 《网络安全人才实战能力白皮书-安全测试评估篇》正式发布
- [ ] 发布 | 《粤港澳大湾区（内地、澳门）个人信息跨境流动标准合同实施指引》全文
奇安信攻防社区
- [ ] Bypass WAF （小白食用）
- [ ] 初探内核下的文件管理技术：内核API
一个被知识诅咒的人
- [ ] 深入探索Go语言中的函数：匿名函数、指针参数与函数返回
- [ ] 探索Go语言中的随机数生成、矩阵运算与数独验证
SecWiki News
- [ ] SecWiki News 2024-09-11 Review
Recent Commits to cve:main
- [ ] Update Wed Sep 11 22:31:15 UTC 2024
- [ ] Update Wed Sep 11 14:36:49 UTC 2024
- [ ] Update Wed Sep 11 06:25:08 UTC 2024
Files ≈ Packet Storm
- [ ] VICIdial 2.14-917a Remote Code Execution
- [ ] VICIdial 2.14-917a SQL Injection
- [ ] Ubuntu Security Notice USN-6998-1
- [ ] Red Hat Security Advisory 2024-6576-03
- [ ] Red Hat Security Advisory 2024-6569-03
- [ ] Red Hat Security Advisory 2024-6568-03
- [ ] Red Hat Security Advisory 2024-6567-03
- [ ] Red Hat Security Advisory 2024-6560-03
- [ ] Red Hat Security Advisory 2024-6559-03
- [ ] Red Hat Security Advisory 2024-6558-03
- [ ] Red Hat Security Advisory 2024-6557-03
- [ ] Red Hat Security Advisory 2024-6536-03
- [ ] Red Hat Security Advisory 2024-6529-03
- [ ] Queuing Simple Chatbot 1.0 Shell Upload
- [ ] Profiling System 1.0 Shell Upload
- [ ] Passion Responsive Blogging 1.0 Cross Site Scripting
- [ ] Online Survey System 1.0 Cross Site Scripting / Remote File Inclusion
- [ ] Online Birth Certificate System 1.0 Insecure Settings
- [ ] Medical Card Generations System 1.0 Insecure Settings
- [ ] Emergency Ambulance Hiring Portal 1.0 WYSIWYG Code Injection
- [ ] Printable Staff ID Card Creator System 1.0 Insecure Direct Object Reference
cloud world
- [ ] 探索 Goja：Golang 中的 JavaScript 运行时
Bug Bounty in InfoSec Write-ups on Medium
- [ ] Google Safe Browsing Blacklisting Due to Website Compromise
Sandfly Security Blog RSS Feed
- [ ] Free Sandfly Linux Incident Response License
Hexacorn
- [ ] Rundll32.exe bomb
VMRay
- [ ] Why Best-in-Class Security Solutions Outmatch Product Suites
Inside Stormshield
- [ ] A la rencontre des collaborateurs de Stormshield
Reverse Engineering
- [ ] How windows executables work inside
- [ ] We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
- [ ] Still seeing people use HxD, checkout ImHex instead
- [ ] Backtraces in the Mirror: Stealing the Secrets of Elves and Dwarves to Perform Mad Science!!
Malware-Traffic-Analysis.net - Blog Entries
- [ ] 2024-09-11 - Data dump: Remcos RAT and XLoader (Formbook)
Sucuri Blog
- [ ] SiteCheck Remote Website Scanner — Mid-Year 2024 Report
PortSwigger Blog
- [ ] Burp Suite Performance Improvements
Security Café
- [ ] Red Team Finds A Way – (IN)Secure By Design
bishopfox.com
- [ ] Exploring Large Language Models: Local LLM CTF & Lab
daniel.haxx.se
- [ ] curl 8.10.0
FreeBuf网络安全行业门户
- [ ] 新型 PIXHELL 声音攻击能从 LCD 屏幕噪音中泄露信息
- [ ] FreeBuf早报 | 这个国家或将保护白帽黑客；新加坡拟立法禁止使用Deepfake
- [ ] 卡巴斯基发布的 EDR 防护杀手，被勒索组织广泛使用
奇客Solidot–传递最新科技情报
- [ ] 新加坡通过平台人员法案
- [ ] 在 AI 虚假信息之后 Taylor Swift 公开支持 Kamala Harris
- [ ] 你可以花 20 万美元在阿里巴巴上购买人工金刚石机器
- [ ] SpaceX 执行首次商业太空行走任务
- [ ] Firefox 115 ESR 将支持 Windows 7/8/8.1 到 2025 年 3 月
- [ ] 中国农业碳排放在新冠三年期间增加
- [ ] 色盲者不挑食
- [ ] Tor 节点运营者遭德国警方突击搜查
- [ ] 俄罗斯计划投入 590 亿卢布封堵 VPN
- [ ] 微软警告正在利用的 0day 会回滚安全补丁
- [ ] 索尼宣布售价 700 美元的 PS5 Pro
安全牛
- [ ] 美国华盛顿州34所公立学校因网络攻击紧急停课两天；“阅后即焚”策略可被轻松绕过，Meta紧急修复WhatsApp隐私缺陷 |牛览
- [ ] 活动预告 | 《勒索攻击防护技术应用指南（2024版）》线上发布会即将举办
黑海洋 - WIKI
- [ ] 利用CloudFlare Pages和R2实现的免费图床
- [ ] discord-image：基于Discord的开源免费图床
安全客
- [ ] 涉及微软多款产品，4个被利用的0 Day漏洞亟待修复
知道创宇404实验室
- [ ] 404星链计划 | 一大波项目版本更新
看雪学苑
- [ ] 2024 KCTF大赛圆满收官！见证加冕时刻，排名公布
- [ ] 司令5w！报名开启｜14家SRC邀您加入双11安全保卫战
- [ ] 混淆 Pass 分析 - Flattening
- [ ] 全国首例非法获取数字钱包私钥案，三名程序员在钱包App中植入后门窃取上万私钥
锦行科技
- [ ] 锦行科技入选《2024年中国网络安全市场100强》！
奇安信 CERT
- [ ] 微软9月补丁日多个产品安全漏洞风险通告：4个在野利用、7个紧急漏洞
代码卫士
- [ ] 微软9月补丁星期二到底修复了4个还是5个0day？
- [ ] Ivanti 修复Endpoint Management 软件中的严重RCE漏洞
安全内参
- [ ] 英国首都一学校遭勒索攻击停课近一周，学生回家等待通知
- [ ] 打破物理隔离：RAMBO侧信道攻击令人防不胜防
天御攻防实验室
- [ ] 微软计划将网络安全厂商踢出Windows内核？
青藤云安全
- [ ] 2024网安周 | 程度：关键信息基础设施主动防御实践
dotNet安全矩阵
- [ ] .NET攻防 | 一个永久的工具和知识仓库
- [ ] .NET 一款免杀的白名单工具可执行系统命令
- [ ] 35套.NET系统漏洞威胁情报(09.11更新)
复旦白泽战队
- [ ] 白泽迎新 | 学术扬帆时，共踏新征程！
数世咨询
- [ ] 第九届“创客中国”网络安全中小企业创新创业大赛决赛暨颁奖典礼即将启幕
- [ ] 丈八网安获5000万元B轮融资加速网络仿真技术创新及应用实践
火绒安全
- [ ] 2024-09微软漏洞通告
情报分析师
- [ ] 鲜为人知的 X/Twitter 高级精准搜索技能
- [ ] 【实战】使用开源情报破解谋杀案（二）
补天平台
- [ ] 9月“星推厂商”上线 | 奖金翻倍积分可达6倍！
- [ ] 专属SRC年度“积分挑战赛”上线 | 多重大奖等你来领
国家互联网应急中心CNCERT
- [ ] 网络安全信息与动态周报2024年第36期（9月2日-9月8日）
嘶吼专业版
- [ ] 丈八网安获5000万元B轮融资加速网络仿真技术创新及应用实践
- [ ] 新的 PIXHELL 声学攻击泄露液晶屏幕噪音机密
山石网科安全技术研究院
- [ ] 微软2024年9月补丁日重点漏洞安全预警
360数字安全
- [ ] 2024网安周｜360荣获国家级机构五大奖项！彰显网络安全实力
- [ ] 定了！360粤港澳大湾区数字安全科技创新总部将落地“湾心”南沙
极客公园
- [ ] 华为 Mate XT 发布，19999元起；阿里 25 周年马云内网发声；SpaceX 尝试首次私人太空行走 | 极客早知道
安全圈
- [ ] 【安全圈】卡巴斯基发布的 EDR 防护杀手，被勒索组织广泛使用
- [ ] 【安全圈】WhatsApp“阅后即焚”功能曝漏洞，黑客可反复查看
- [ ] 【安全圈】SonicWall SSL VPN曝出高危漏洞，可能导致防火墙崩溃
- [ ] 【安全圈】新型 PIXHELL 声音攻击能从 LCD 屏幕噪音中泄露信息
深信服千里目安全技术中心
- [ ] 【漏洞通告】SonicWALL SonicOS 访问控制错误漏洞(CVE-2024-40766)
- [ ] CNVD漏洞周报2024年第36期
天融信阿尔法实验室
- [ ] 【风险提示】天融信关于微软2024年9月安全更新的风险提示
Over Security - Cybersecurity news aggregator
- [ ] UK designates the data center sector part of its ‘Critical National Infrastructure’
- [ ] Fake password manager coding test used to hack Python developers
- [ ] SiteCheck Remote Website Scanner — Mid-Year 2024 Report
- [ ] TD Bank fined $28 million for sharing inaccurate and negative data on customers
- [ ] Hackers have sights set on four Microsoft vulnerabilities, CISA warns
- [ ] WordPress.org to require 2FA for plugin developers by October
- [ ] Adobe fixes Acrobat Reader zero-day with public PoC exploit
- [ ] Popular French retailers confirm hackers stole customer data
- [ ] Major ICS Security Flaws Disclosed in LOYTEC, Hughes, and Baxter Products
- [ ] Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API
- [ ] Kali Linux 2024.3 Release (Multiple transitions)
- [ ] Japanese media giant investigating another reported data leak by BlackSuit hackers
- [ ] Criminal IP and IPLocation.io Join Forces for Enhanced IP Analysis
- [ ] Payment-processing company says data breach potentially affected 1.7 million people
- [ ] Chinese hackers linked to cybercrime syndicate arrested in Singapore
- [ ] CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog
- [ ] How to Analyze Malware in ANY.RUN Sandbox: Eric Parker’s Guide
- [ ] DragonRank, a Chinese-speaking SEO manipulator service provider
- [ ] Vulnerabilità di Commad Injection in Rust
- [ ] Vulnerabilità critica su PaloAlto OS
- [ ] Vulnerabilità critica su PuTTY
- [ ] CVE Advisory - Oracle BI Publisher - Unauthenticated Remote Code Execution
- [ ] Vulnerabilità risolte in GOlang
- [ ] Uncovering an undetected KeyPlug implant attacking industries in Italy
- [ ] Vulnerabilità critica in Zabbix
- [ ] Vulnerabilità su Checkpoint VPN sfruttata in the wild
- [ ] Vulnerabilità critica in PHP sfruttata in the wild
- [ ] Polyfill Supply Chain Attack
- [ ] Vulnerabilità regreSSHion in OpenSSH server
- [ ] Gravi vulnerabilità in MOVEit
- [ ] Nuovi attacchi prendono di mira l’industria militare di Taiwan
- [ ] Securing Gold : Hunting typosquatted domains during the Olympics
IT Service Management News
- [ ] CIS Critical Security Controls Version 8.1
SANS Internet Storm Center, InfoCON: green
- [ ] Python Libraries Used for Malicious Purposes, (Wed, Sep 11th)
- [ ] ISC Stormcast For Wednesday, September 11th, 2024 https://isc.sans.edu/podcastdetail/9134, (Wed, Sep 11th)
ICT Security Magazine
- [ ] Cos’è la Mobile Security?
- [ ] La versione di Durov: come cambierà Telegram alla luce delle indagini sul suo CEO
Schneier on Security
- [ ] Evaluating the Effectiveness of Reward Modeling of Generative AI Systems
赛博昆仑CERT
- [ ] 【补丁日速递】2024年9月微软补丁日安全风险通告
Securityinfo.it
- [ ] Nuovi attacchi prendono di mira l’industria militare di Taiwan
The Register - Security
- [ ] Cyber crooks shut down UK, US schools, thousands of kids affected
- [ ] Major sales and ops overhaul leads to much more activity ... for Meow ransomware gang
- [ ] Hunters International cyber-gang extorts Chinese mega-bank's London HQ
- [ ] So you paid a ransom demand … and now the decryptor doesn't work
- [ ] How $20 and a lapsed domain allowed security pros to undermine internet integrity
- [ ] Mind the talent gap: Infosec vacancies abound, but hiring is flat
- [ ] India to train 5,000 'Cyber Commandos'
- [ ] Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack
Deeplinks
- [ ] Stopping the Harms of Automated Decision Making | EFFector 36.12
- [ ] Britain Must Call for Release of British-Egyptian Activist and Coder Alaa Abd El Fattah
Computer Forensics
- [ ] Google admin console
- [ ] Cellebrite Reseller
Your Open Hacker Community
- [ ] sql injection
- [ ] How to hack ezviz camera
- [ ] Overclock ex beam electric scooter
Information Security
- [ ] How ABAC Makes Access Management Smarter
- [ ] End-to-End AWS KMS Data Encryption and Decryption Tutorial
Posts By SpecterOps Team Members - Medium
- [ ] ADCS Attack Paths in BloodHound — Part 3
Blackhat Library: Hacking techniques and research
- [ ] Question about web browser extensions and vulnerabilities.
Technical Information Security Content & Discussion
- [ ] Feeld dating app - Your nudes and data were publicly available
- [ ] We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI - watchTowr Labs
- [ ] SSH Keystroke Obfuscation Bypass
- [ ] The Security Canary Maturity Model
- [ ] Blog Series on Android Bytecode Exploitation
- [ ] A new TrickMo saga: from Banking Trojan to Victim's Data Leak | Cleafy Labs
- [ ] Why Django’s [DEBUG=True] is a Goldmine for Hackers
Deep Web
- [ ] Would anyone be interested in free VPS hosting?
The Hacker News
- [ ] Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances
- [ ] DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe
- [ ] Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate
- [ ] Why Is It So Challenging to Go Passwordless?
- [ ] Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware
- [ ] Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws
- [ ] Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities
Graham Cluley
- [ ] Hacker pleads guilty after arriving on plane from Ukraine with a laptop crammed full of stolen credit card details
Social Engineering
- [ ] How society programs you: Algorithms
Security Affairs
- [ ] Highline Public Schools school district suspended its activities following a cyberattack
- [ ] RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR
- [ ] Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)
- [ ] Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] Exalumnos del máster de CiberSeguridad de Evolve Academy
TorrentFreak
- [ ] Namecheap Flagged for EU ‘Piracy Watchlist’ After Failing to Block Infringing Sites
contagio
- [ ] 2024-09-10 KIMSUKY (North Korean APT) Sample (Sakai @sakaijjan - Terms and Conditions.msc)
- [ ] 2024-09-03 LUXY Ransomware / Stealer Sample
Kali Linux
- [ ] Kali Linux 2024.3 Release (Multiple transitions)