chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

110 stars 19 forks source link

[每日信息流] 2024-09-13 #647

Closed chainreactorbot closed 1 month ago

chainreactorbot commented 2 months ago

每日安全资讯（2024-09-13）

Hacking Articles
- [ ] A Detailed Guide on Feroxbuster
安全客-有思想的安全新媒体
- [ ] CosmicBeetle 与 RansomHub 合作部署定制 ScRansom 勒索软件
- [ ] Zyxel 修复了 EOL NAS 设备中的关键命令注入漏洞（CVE-2024-6342）
- [ ] 人工智能和零信任如何改变弹性策略
- [ ] Slim CD 数据泄露导致近 170 万人的财务数据外泄
- [ ] 新加坡警方逮捕了六名与全球网络犯罪集团有关的黑客
- [ ] 勒索软件团伙 RansomHub 依赖于卡巴斯基 TDSKiller 工具来禁用 EDR
- [ ] Google 推出云备份与灾难恢复新功能，强化数据保护与管理便捷性
- [ ] DragonRank 黑帽 SEO 活动针对亚洲和欧洲的 IIS 服务器
- [ ] Quad7 僵尸网络扩展至 SOHO 路由器和 VPN 设备
- [ ] 2024网安周｜360荣获国家级机构五大奖项！彰显网络安全实力
Recent Commits to cve:main
- [ ] Update Thu Sep 12 22:27:22 UTC 2024
- [ ] Update Thu Sep 12 14:35:49 UTC 2024
- [ ] Update Thu Sep 12 06:22:24 UTC 2024
Twitter @Nicolas Krassas
- [ ] Singapore Police arrest six men allegedly involved in a cybercrime syndicate https://securityaffairs.com/168320/uncategorized/singapore-police-arreste...
- [ ] EU kicks off an inquiry into Google's AI model https://go.theregister.com/feed/www.theregister.com/2024/09/12/google_ai_model_inquiry_eu/
- [ ] Reversing iOS System Libraries Using Radare2: A Deep Dive into Dyld Cache (Part 2) https://www.nowsecure.com/blog/2024/09/12/reversing-ios-system-libr...
- [ ] About that Windows Installer 'make me admin' security hole. Here's how it's exploited https://go.theregister.com/feed/www.theregister.com/2024/09/12/w...
- [ ] Fortinet suffers third-party data breach affecting Asia-Pacific customers https://www.cyberdaily.au/security/11098-fortinet-suffers-third-party-data-b...
- [ ] Hackers Proxyjack & Cryptomine Selenium Grid Servers https://www.darkreading.com/application-security/hackers-proxyjack-and-cryptomine-selenium-gr...
- [ ] Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe https://thehackernews.com/2024/09/irelands-watchdog-launches-inquiry-int...
- [ ] Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack https://thehackernews.com/2024/09/iranian-cyber-group-oilrig-targe...
- [ ] WhatsUp Gold Under Attack: New RCE Vulnerabilities Exploited https://securityonline.info/whatsup-gold-under-attack-new-rce-vulnerabilities-exploited/
- [ ] Living off the land, GPO style https://www.pentestpartners.com/security-blog/living-off-the-land-gpo-style/
- [ ] Pokémon GO was an intelligence tool, claims Belarus military official https://go.theregister.com/feed/www.theregister.com/2024/09/12/pokemon_go_spyin...
- [ ] If HDMI screen rips aren't good enough for you pirates, DeCENC is another way to beat web video DRM https://go.theregister.com/feed/www.theregister.co...
- [ ] Critical Vulnerabilities in Kakadu JPEG 2000 Library Expose Systems to Remote Attacks https://securityonline.info/critical-vulnerabilities-in-kakadu-j...
- [ ] Re @theJoshMeister https://x.com/EXPMON_/status/1825957394985455966
- [ ] Re @KohlerAc
- [ ] Teach you how to audit SQL injection code from thinkphp (full) https://xz.aliyun.com/t/15529
- [ ] CVE-2024-8522 (CVSS 10): LearnPress SQLi Flaw Leaves 90K+ WordPress Sites at Risk https://securityonline.info/cve-2024-8522-cvss-10-learnpress-sqli-fl...
- [ ] Healthcare giant to pay $65M settlement after crooks stole and leaked nude patient pics https://go.theregister.com/feed/www.theregister.com/2024/09/12...
奇安信攻防社区
- [ ] 内核文件管理技术：构建IRP
- [ ] Web-pwn的栈溢出和堆机制详细入门
Security Boulevard
- [ ] Navigating the Shared Responsibility Model: Lessons Learned from the Snowflake Cybersecurity Incident
- [ ] USENIX Security ’23 – Downgrading DNSSEC: How to Exploit Crypto Agility for Hijacking Signed Zones
- [ ] Emulating the Persistent and Stealthy Ebury Linux Malware
- [ ] Microsoft’s September 2024 Patch Tuesday Addresses 4 Zero-Days, 79 Vulnerabilities
- [ ] Proofpoint Adds Ability to Dynamically Apply Granular Security Controls
- [ ] Randall Munroe’s XKCD ‘Water Filtration’
- [ ] Defensive Stack Optimization: A Threat-Informed Defense Use Case
- [ ] A proactive defense: Utilize SBOMs and continuous monitoring
- [ ] 4 Best Practices for Using Cloud-Native Infrastructure for AI Workloads
- [ ] Microsoft Is Adding New Cryptography Algorithms
C-skills
- [ ] More censorship trickery
Trustwave Blog
- [ ] How Phishing-as-a-Service Exposes Financial Services to Extensive Threats
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- [ ] 2024 年第二季度 APT 趋势报告
- [ ] 热烈欢迎中关村网络安全与信息化产业联盟专家团莅临交流，打造联企合作新模式
- [ ] 明天万物安全精品发布会，可预约直播
- [ ] 梆梆安全亮相多省国家网络安全宣传周，构筑全国网络安全防线
- [ ] 开启AI赋能新纪元，共绘网络安全新篇章，CCS2024成都网络安全系列活动盛大开幕！
Private Feed for M09Ic
- [ ] HuYlllc pushed to mal in chainreactors/malice-network
- [ ] zer0yu starred wechatferry/wechatferry
- [ ] zer0yu starred spacedriveapp/spacedrive
- [ ] uknowsec starred cycyup/crack_geetest
- [ ] evilashz started following dobin
- [ ] Ak74-577 starred CICADA8-Research/COMThanasia
- [ ] CCob made CCob/DGPOEdit public
- [ ] niudaii starred nemesida-waf/waf-bypass
- [ ] boy-hack starred RiskySignal/record_what_i_read
- [ ] gh0stkey starred shaddy43/BrowserSnatch
- [ ] kpcyrd starred CrzPhil/SSHniff
- [ ] zer0yu starred CBLabresearch/PhantomExecution
- [ ] gh0stkey starred GitPhoenix/OpenSSL
- [ ] gh0stkey starred sherdencooper/GPTFuzz
- [ ] gh0stkey starred wh1t3zer/SpringBootVul-GUI
- [ ] gh0stkey starred DaoCloud/public-binary-files-mirror
- [ ] gh0stkey starred DaoCloud/public-image-mirror
- [ ] wuhan005 starred jujumilk3/leaked-system-prompts
- [ ] wabzsy starred traefik/traefik
- [ ] Rvn0xsy starred DaoCloud/public-image-mirror
- [ ] Rvn0xsy starred DaoCloud/public-binary-files-mirror
- [ ] lz520520 starred uiwjs/react-markdown-editor
- [ ] wabzsy starred ory/hydra
- [ ] wabzsy starred casbin/casbin
- [ ] uknowsec starred wh1t3zer/SpringBootVul-GUI
- [ ] wabzsy starred lestrrat-go/jwx
- [ ] wabzsy starred go-jose/go-jose
- [ ] timwhitez starred alwaystest18/hostCollision
- [ ] timwhitez starred wh1t3zer/SpringBootVul-GUI
先知安全技术社区
- [ ] Nanocore恶意脚本分析
- [ ] BaseCTF新生赛Reverse week1解题wp
- [ ] thinkphp8 通过baseQuery方法的rce
- [ ] 主动防御大模型图像篡改
paper - Last paper
- [ ] Apache OFBiz SSRF to RCE(CVE-2024-45507) 漏洞分析
美团技术团队
- [ ] KDD 2024 OAG-Challenge Cup赛道三项冠军技术方案解读
SecWiki News
- [ ] SecWiki News 2024-09-12 Review
Files ≈ Packet Storm
- [ ] 3DSecure 2.0 3DS Authorization Method Cross Site Request Forgery
- [ ] 3DSecure 2.0 3DS Method Authentication Cross Site Scripting
- [ ] 3DSecure 2.0 3DS Authorization Method Cross Site Scripting
- [ ] 3DSecure 2.0 3DS Authorization Challenge Cross Site Scripting
- [ ] Debian Security Advisory 5768-1
- [ ] Ubuntu Security Notice USN-7006-1
- [ ] Ubuntu Security Notice USN-7005-1
- [ ] Ubuntu Security Notice USN-7004-1
- [ ] Ubuntu Security Notice USN-7001-1
- [ ] Ubuntu Security Notice USN-7000-1
- [ ] Ubuntu Security Notice USN-7002-1
- [ ] Ubuntu Security Notice USN-7003-2
- [ ] Ubuntu Security Notice USN-7003-1
- [ ] Ubuntu Security Notice USN-6997-2
- [ ] Ubuntu Security Notice USN-6999-1
- [ ] Red Hat Security Advisory 2024-6612-03
- [ ] Nipah Virus Testing Management System 1.0 PHP Code Injection
- [ ] Red Hat Security Advisory 2024-6611-03
- [ ] Red Hat Security Advisory 2024-6610-03
- [ ] Medical Card Generations System 1.0 SQL Injection
- [ ] Maid Hiring Management System 1.0 Insecure Settings
- [ ] Red Hat Security Advisory 2024-6595-03
- [ ] Red Hat Security Advisory 2024-6584-03
- [ ] Emergency Ambulance Hiring Portal 1.0 PHP Code Injection
CXSECURITY Database RSS Feed - CXSecurity.com
- [ ] TENANT-LIMITED-1.0-©-2024-Tenant-Management-System-Software Multiple-SQLi
ArthurChiao's Blog
- [ ] JuiceFS 元数据引擎再探：开箱解读 TiKV 中的 JuiceFS 元数据（2024）
- [ ] JuiceFS 元数据引擎初探：高层架构、引擎选型、读写工作流（2024）
一个被知识诅咒的人
- [ ] 深入解析Go语言中的代码扫描与语法解析——go/scanner、go/parser与go/token包的应用
- [ ] 深入解析Go语言包与模块管理的高级技巧
Doonsec's feed
- [ ] ClickHouse数据库安全问题初探
- [ ] 用友NC Cloud blobRefClassSearch接口存在反序列化漏洞附POC
- [ ] 一款bp神器
- [ ] 网络安全从业人员何去何从
- [ ] 9.12hvv情报
- [ ] 【漏洞预警】GitLab CE和EE 权限管理不当漏洞
- [ ] 【漏洞预警】Adobe ColdFusion未授权反序列化漏洞可导致代码执行
- [ ] 小程序任意用户登录
- [ ] 总结一下搞网安的
- [ ] CCS 2024 | “AI+网信安全”技术交流活动在成都成功举办
- [ ] 发布 | 工信部印发《关于推进移动物联网“万物智联”发展的通知》
- [ ] 2024网安周 | “2024年国家网络安全宣传周—网络安全标准与产业促进座谈会”在广州成功召开
- [ ] 5问+1图 | 读懂《关于推进移动物联网“万物智联”发展的通知》
- [ ] 早有自防御网络，为啥还要手搓零信任？
- [ ] 四川省密码科普教育基地授牌暨四川省密码科创产业园开园仪式在成都举行
- [ ] “贯彻实施密码法，共筑数字安全防线”2024重庆网络安全宣传周密码安全主题宣传活动圆满举行
- [ ] 阿里云机房着火超30个小时，云服务宕机，AWS趁火打劫？
- [ ] 城市全域数字化转型现场推进会在重庆市召开
- [ ] 2024网安周 | 人工智能赋能数字安全座谈会在广州南沙召开
- [ ] Y姐的困境——安全服务项目的扯皮事宜
- [ ] 据传某银行遭到了代号为HuntersInternational的网络响马勒索攻击
- [ ] G.O.S.S.I.P 阅读推荐 2024-09-12 推荐两本书
- [ ] 一个网站卖你100,挣钱真是太简单啦
- [ ] 网络安全的未来？
- [ ] 首次分享！滴滴国际化出行的建站实战经验
- [ ] 记某src通过越权拿下高危漏洞
- [ ] 建了个SRC专项漏洞知识库
- [ ] 【资讯】工信部办公厅发布《关于推进移动物联网“万物智联”发展的通知》（附解读）
- [ ] Hunters International 勒索团伙究竟何许人？
- [ ] 【安全圈】“外防”+“内控” 曙光网络构建基础工控安全软件定义工控安全才是全面安全
- [ ] 【安全圈】针对程序猿的新型骗局，黑客借招聘Python传播恶意软件
- [ ] 【安全圈】为推送定制化广告，福特汽车新专利拟广泛采集驾驶员数据
- [ ] 【安全圈】微软在最新更新中修复Windows Server服务器系统启动/卡死/性能问题
- [ ] 暗网惊现我国某企业内部敏感数据，安全漏洞成主因!
- [ ] “一带一路”刑科协会“走出去”新思路座谈会在美亚柏科举办
- [ ] 人社部能建中心大数据分析技术线上培训预约报名启动
- [ ] Quad7 僵尸网络扩展至以 SOHO 路由器和 VPN 设备为目标
- [ ] Bypass WAF （小白食用）
- [ ] 有人喜欢你
- [ ] CCSxa02024xa0安全419带你线上逛展
- [ ] 聚焦数据安全威努特重磅亮相CCS 2024
- [ ] CCS 2024系列活动之“AI+网信安全”技术交流活动同步开启
- [ ] 聚焦AI与网络安全漏洞治理推动国家漏洞库产业协同创新
- [ ] 阿里云新加坡数据中心突发火灾，影响评估仍在进行中中关村储能产业技术联盟
- [ ] 高通 410 棒子折腾记
- [ ] 【c/c++ 】Windows 开发笔记[三]
- [ ] 网络安全应该回归现实，摒弃炒作
- [ ] 张杰演唱会自爆手机号？号主遭受无妄之灾
- [ ] 报名火热进行中 | WitAwards 2024网安年度评选
- [ ] 云端安全 | 泄露的环境变量如何导致云环境遭受大规模勒索软件威胁
- [ ] Invoke-Maldaptive：一款针对LDAP SearchFilter的安全分析工具
- [ ] 网安行业还能吸纳626所高校的网安专业？
- [ ] 数据赋能，乘数而上！盛邦安全斩获2024年“数据要素×”大赛青海分赛一等奖
- [ ] 业界之声｜权小文：卫星互联网安全需坚持“长期主义”
- [ ] 华顺信安创始人赵武出席CCS2024
- [ ] 全国政协主席会议成员调研360集团鼓励企业加强“卡脖子”技术攻关
- [ ] CNNVD认证！360获评“核心技术支撑试点单位”等三项荣誉
- [ ] 国家网络安全宣传周 | 首个AI安全产业图谱重磅发布
- [ ] 实力加冕启明星辰揽获多项荣誉→→
- [ ] 安全聘 | 满帮集团诚招数据安全专家
- [ ] AV终结者，使用驱动终止杀软进程
- [ ] 用过豆包MarsCode后，他们这么说...
- [ ] 火热开赛 | ByteAI安全挑战赛开启大模型攻防之战
- [ ] 强网计划第七期B0806班圆满落幕
- [ ] 米好·云尚网络运维综合平台
- [ ] 米好·云尚竞技仿真实训平台
- [ ] 米好·云尚设备智能管理平台
- [ ] 摄像头攻防战：俄乌战争前线正在进行的情报对抗隐蔽战线
- [ ] 硬件密钥集体破防，英飞凌芯片暗藏14年高危漏洞
- [ ] 慢雾：Toncoin 智能合约安全最佳实践
- [ ] 2024网安周 | 政务应用与数据安全融合技术探讨
- [ ] 「漏洞复现」智联云采 SRM2.0 autologin 身份认证绕过漏洞
- [ ] AI时代安全护航 | 百度安全，助力第八届安全开发者峰会
- [ ] 听劝！SDC 2024 早鸟票即将截止
- [ ] 顶尖科创大会“S创上海2024”即将启幕！AI安全科创圆桌邀你共话！
- [ ] 高端访谈 • 绿盟科技陈珂｜u200b“AI+网络安全”：构建智能防御新防线
- [ ] 大湾区，大未来！天融信以「新质安全」助力粤港澳大湾区「新质发展」
- [ ] 5G在特殊行业应用的安全风险及防御措施
- [ ] 筑梦网安之路，易行网安学习平台——你的官方课程首选！
- [ ] 生白蒜有望促进心脏健康，降低疾病风险
- [ ] 中秋来微众SRC挖洞，获11.8万的现金奖励
- [ ] 威胁猎人发布《信贷欺诈虚假流水研究报告》
- [ ] 齐向东：用“数据三角”一体化安全体系打造工业互联网安全新模式
- [ ] 锦州市委书记刘克武会见奇安信集团董事长齐向东
Sucuri Blog
- [ ] Woo Skimmer Uses Style Tags and Image Extension to Steal Card Details
NVISO Labs
- [ ] Introduction to Third-Party Risk Management
GuidePoint Security
- [ ] GRIT Ransomware Report: August 2024
blog.avast.com EN
- [ ] White hat heroes—Your introduction to ethical hacking
Reverse Engineering
- [ ] Guide to learn assembly
PortSwigger Blog
- [ ] Introducing Burp Suite’s game-changing performance update ⚡🏎️
Malwarebytes
- [ ] Scammers advertise fake AppleCare+ service via GitHub repos
- [ ] Facebook scrapes photos of kids from Australian user profiles to train its AI
- [ ] PartnerLeak scam site promises victims full access to “cheating” partner’s stolen data
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
- [ ] Where Is Anton Nikolaevich Korotchenko (Антон Николаевич Коротченко) Also Known as Koobface Botnet Master KrotReal? - Part Four
- [ ] How Str0ke From Milw0rm Got Compromised?
daniel.haxx.se
- [ ] trurl 0.15.1
SentinelOne
- [ ] From Amos to Poseidon | A SOC Team’s Guide to Detecting macOS Atomic Stealers 2024
安全牛
- [ ] 网安护航“壹+1” 知识加倍未来可期
- [ ] 政策解读 | 长扬科技深度解读《网络数据安全管理条例（草案）》，助力我国数据安全建设管理工作迈向新高度
- [ ] 2024 Fortinet OT工业安全高峰论坛成功举办开启OT安全平台时代
奇客Solidot–传递最新科技情报
- [ ] NASA 工程师成功切换旅行者1号的推进器
- [ ] SpaceX Polaris Dawn 任务完成首次商业太空行走
- [ ] OpenAI 正以 1500 亿美元估值进行新一轮融资
- [ ] 泰达币驱动地下金融世界
- [ ] 人类司机持续追尾 Waymos 的无人驾驶出租车
- [ ] Google 联合创始人称他天天上班从事 AI 工作
- [ ] Google 在搜索结果中加入互联网档案馆的链接
- [ ] 美国人在 2023 年使用了逾 100 万亿 MB 无线数据
- [ ] Mistral AI 发布其首个多模模型 Pixtral 12B
- [ ] 解开火星水消失之谜
- [ ] 欧盟消协起诉主要游戏公司欺骗消费者
- [ ] Android 应用将能屏蔽侧载，强行通过 Google Play 下载
Black Hills Information Security
- [ ] Monitoring High Risk Azure Logins
锦行科技
- [ ] 喜讯 | 锦行科技入选广东省电信和互联网行业网络数据安全技术支撑单位！
FreeBuf网络安全行业门户
- [ ] FreeBuf早报 | 有赞支付被罚 2787 万元；流氓WHOIS服务器成黑客“核武器”
- [ ] 阿里云机房着火超30个小时，云服务宕机，AWS趁火打劫？
- [ ] 为推送定制化广告，福特汽车新专利拟广泛采集驾驶员数据
- [ ] 针对程序猿的新型骗局，黑客借招聘Python传播恶意软件
奇安信 CERT
- [ ] GitLab身份认证绕过漏洞(CVE-2024-6678)安全风险通告
白帽100安全攻防实验室
- [ ] 转发抽奖 | WMCTF2024 圆满落幕
- [ ] WMCTF 2024 官方WP
HackerNews
- [ ] 流氓 WHOIS 服务器成黑客“核武器”
- [ ] 英国首都一学校遭勒索攻击停课近一周，学生回家等待通知
- [ ] 针对程序猿的新型骗局，黑客借招聘 Python 传播恶意软件
- [ ] Quad7 僵尸网络扩展到 SOHO 路由器和 VPN 设备
- [ ] Lazarus Group 使用虚假编码测试传播恶意软件
- [ ] 一名乌克兰人因涉嫌安装闭路电视摄像机协助俄罗斯袭击而被拘留
代码卫士
- [ ] Adobe 修复Acrobat Reader 0day漏洞
- [ ] Lazarus利用虚假密码管理器编程测试诱骗Python开发人员
360漏洞云
- [ ] 顶尖科创大会“S创上海2024”即将启幕！AI安全科创圆桌邀你共话！
腾讯科恩实验室
- [ ] BinaryAI更新布告｜摆脱特征码和特征工程束缚，语义化恶意文件检测功能上线
知道创宇404实验室
- [ ] 原创 Paper | Apache OFBiz SSRF to RCE(CVE-2024-45507) 漏洞分析
dotNet安全矩阵
- [ ] .NET 一款用于执行命令的免杀白名单工具
- [ ] .NET 内网攻防实战电子报刊
- [ ] .NET 一款支持NTLM实现横向移动的工具
数世咨询
- [ ] 报告发布| 数世咨询：云原生安全能力指南（附下载）
- [ ] 直播预约 | 第九届“创客中国”网络安全中小企业创新创业大赛决赛暨颁奖典礼
- [ ] 直播预约 | 万物安全精品发布会
极客公园
- [ ] 刚发布完 iPhone 16 的苹果，就要补交 1000 亿天价税款
- [ ] 罗永浩喊俞敏洪退一赔三：出来混迟早都要还；OpenAI 正商谈以 1500 亿美元估值筹集资金；三星电子开启海外裁员｜极客早知道
安全内参
- [ ] 摄像头攻防战：俄乌战争前线正在进行的情报对抗隐蔽战线
- [ ] 硬件密钥集体破防，英飞凌芯片暗藏14年高危漏洞
慢雾科技
- [ ] 慢雾：Toncoin 智能合约安全最佳实践
嘶吼专业版
- [ ] 2024 年第二季度 APT 趋势报告
安全研究GoSSIP
- [ ] G.O.S.S.I.P 阅读推荐 2024-09-12 推荐两本书
微步在线
- [ ] 微步荣膺2024《财富》中国最具社会影响力创业公司
青藤云安全
- [ ] 2024网安周 | 政务应用与数据安全融合技术探讨
火绒安全
- [ ] 探究窃密木马FormBook免杀手段——多变的加载器
长亭科技
- [ ] 长亭x趋境：一张4090让安全大模型进入千亿时代
阿里安全响应中心
- [ ] 双11安全保卫战｜淘天电商反爬专项众测活动
- [ ] 阿里巴巴控股集团网络安全中台招聘
国家互联网应急中心CNCERT
- [ ] 第21届中国网络安全年会暨国家网络安全宣传周网络安全协同治理分论坛在广州召开
Over Security - Cybersecurity news aggregator
- [ ] New Vo1d malware infects 1.3 million Android TV streaming boxes
- [ ] Fortinet says hackers accessed ‘limited’ number of customer files on third-party drive
- [ ] FBI: Reported cryptocurrency losses reached $5.6 billion in 2023
- [ ] This hardware router VPN bypasses geo-restrictions, now an extra $10 off
- [ ] Fortinet confirms data breach after hacker claims to steal 440GB of files
- [ ] We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders
- [ ] US sanctions Cambodian tycoon for alleged human trafficking to cyber scam centers
- [ ] Hackers targeting WhatsUp Gold with public exploit since August
- [ ] UK arrests teen linked to Transport for London cyber attack
- [ ] Court in Poland blocks inquiry into previous government’s spyware abuses
- [ ] Hospital system to pay $65 million for dark web data leak, including images of nude cancer patients
- [ ] Iran-linked hackers target Iraqi government in new campaign
- [ ] Transport for London confirms customer data stolen in cyberattack
- [ ] Chinese-made port cranes in US included 'backdoor' modems, House report says
- [ ] GitLab warns of critical pipeline execution vulnerability
- [ ] New but 'immature' ransomware group CosmicBeetle targets small businesses
- [ ] Hacker tricks ChatGPT into giving out detailed instructions for making homemade bombs
- [ ] Your Guide to Proactive Vulnerability Management
- [ ] Teenager in Britain arrested over cyberattack on London transport agency
- [ ] Finto password manager usato per distribuire malware tra gli sviluppatori
- [ ] Apache Server-Status: A Treasure Trove for Penetration Testers | ULTRA RED Blog
- [ ] 1-15 June 2024 Cyber Attacks Timeline
- [ ] The Top Four Things Bankers Should Know about Phishing
- [ ] ANY.RUN Now Integrates with Splunk!
IntelTechniques Blog
- [ ] Major Books Update
360数字安全
- [ ] 全国政协主席会议成员调研360集团鼓励企业加强“卡脖子”技术攻关
- [ ] CNNVD认证！360获评“核心技术支撑试点单位”等三项荣誉
Qualys Security Blog
- [ ] TotalCloud Insights: Unmasking AWS Instance Metadata Service v1 (IMDSv1)-The Hidden Flaw in AWS Security
白泽安全实验室
- [ ] 新型SpyAgent恶意软件利用OCR技术针对加密货币钱包展开攻击
ICT Security Magazine
- [ ] Una Breve Guida ai Test di Sicurezza delle API by Equixly
- [ ] Cybersecurity 2024: Il 22° Forum ICT Security definirà il Futuro della Sicurezza Digitale
百度安全应急响应中心
- [ ] 司令5w！报名开启｜BSRC与13家SRC邀您加入双11安全保卫战
Il Disinformatico
- [ ] Venerdì 13 parlerò di balle spaziali a Lecco
SANS Internet Storm Center, InfoCON: green
- [ ] Hygiene, Hygiene, Hygiene! [Guest Diary], (Wed, Sep 11th)
Schneier on Security
- [ ] Microsoft Is Adding New Cryptography Algorithms
HACKMAGEDDON
- [ ] 1-15 June 2024 Cyber Attacks Timeline
TrustedSec
- [ ] Putting Our Hooks Into Windows
纽创信安
- [ ] SGS为纽创信安颁发ISO 26262:2018功能安全ASIL D流程认证证书及ASIL B产品认证证书
Instapaper: Unread
- [ ] macOS Sequoia and DFIR what investigators need to know
- [ ] Il collettivo RansomHub rivendica il cyberattacco all’Università di Genova. Si teme divulghi i dati
- [ ] Researchers Hacked EV Car Chargers To Execute Arbitrary Code
- [ ] PIXHELL Attack Allows Air-Gap Jumping via Noise From Screens
- [ ] What is Buffer Overflow
The Hacker News
- [ ] New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram
- [ ] Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution
- [ ] Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide
- [ ] Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking
- [ ] Top 3 Threat Report Insights for Q2 2024
- [ ] Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack
- [ ] Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe
- [ ] WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers
Trend Micro Research, News and Perspectives
- [ ] Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities
Security Current
- [ ] CISO Spotlight: Adam Fletcher, Blackstone Chief Security Officer
Security Affairs
- [ ] Cybersecurity giant Fortinet discloses a data breach
- [ ] UK NCA arrested a teenager linked to the attack on Transport for London
- [ ] Singapore Police arrest six men allegedly involved in a cybercrime syndicate
- [ ] Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products
Full Disclosure
- [ ] CVE-2024-25286 - RedSys - A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Authorization Method of 3DSecure 2.0
- [ ] CVE-2024-25285 - RedSys - 3DSecure 2.0 is vulnerable to form action hijacking
- [ ] CVE-2024-25284 - RedSys - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0
- [ ] CVE-2024-25283 - RedSys - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities exist in the 3DS Authorization Challenge of 3DSecure 2.0
- [ ] CVE-2024-25282 - RedSys - 3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its 3DSMethod Authentication
contagio
- [ ] 2023-11-23 BEAVERTAIL and INVISIBLE_FERRET Lazarus Group Malware Samples
TorrentFreak
- [ ] ‘Parasitic’ IPTV Piracy is Killing Football, “It’s Them or Us” Says Serie A CEO
- [ ] ACE Helps Egypt to Dismantle the Region’s Largest Piracy Site
Social Engineering
- [ ] Reasons why someone puts words into somebody's mouth
Securityinfo.it
- [ ] Finto password manager usato per distribuire malware tra gli sviluppatori
NetSPI
- [ ] 5 Essential Cybersecurity Leadership Tips for Technologists
Information Security
- [ ] Job market issues
- [ ] Question on CRTP
- [ ] reddit
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] Advice for newbie
Graham Cluley
- [ ] WordPress plugin and theme developers told they must use 2FA
- [ ] Smashing Security podcast #384: A room with a view, AI music shenanigans, and a cocaine bear
Blackhat Library: Hacking techniques and research
- [ ] Infostealer Infections Shed Light on FBI’s Most Wanted Criminals
The Register - Security
- [ ] I stole 20GB of data from Capgemini – and now I'm leaking it, says cyber-crook
- [ ] Mastercard splurges $2.65B on another big cyber purchase – Recorded Future
- [ ] Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing
- [ ] Google Chrome gets a mind of its own for some security fixes
- [ ] Transport for London confirms 5,000 users' bank data exposed, pulls large chunks of IT infra offline
- [ ] EU kicks off an inquiry into Google's AI model
- [ ] About that Windows Installer 'make me admin' security hole. Here's how it's exploited
- [ ] Mind your header! There's nothing refreshing about phishers' latest tactic
- [ ] NIS2, DORA, and Tiber-EU expanding cybersecurity regulation
- [ ] If HDMI screen rips aren't good enough for you pirates, DeCENC is another way to beat web video DRM
- [ ] Pokémon GO was an intelligence tool, claims Belarus military official
- [ ] Healthcare giant to pay $65M settlement after crooks stole and leaked nude patient pics
Computer Forensics
- [ ] Trellix Endpoint (FireEye HX) Triage File
Deeplinks
- [ ] We Called on the Oversight Board to Stop Censoring “From the River to the Sea” — And They Listened
Technical Information Security Content & Discussion
- [ ] CVE-2024-38014 0-day - Microsoft Windows MSI Installer - Repair to SYSTEM + msiscan open-source detection tool
- [ ] AlcaWASM Challenge Writeup - Pwning an In-Browser Lua Interpreter
- [ ] Blog Post: Intelligent Adversary Emulation with the Bounty Hunter
Your Open Hacker Community
- [ ] Google dorking webcam, how to specify locations?
- [ ] Hacking Hikvision RTSP
- [ ] Kali + Bluetooth
- [ ] Dumb question: Would it be possible to intercept PS4-PS5 games from the router?
网安寻路人
- [ ] 欧盟委员会《<数据法>常见问题解答（1.0版本）》中译文
Security Weekly Podcast Network (Audio)
- [ ] Recent Cyber Security Laws & Regulations - Lee Kim - PSW #842