chainreactors / picker

将你的repo变为讨论社区

GNU General Public License v3.0

104 stars 19 forks source link

[每日信息流] 2024-09-24 #658

Open chainreactorbot opened 4 days ago

chainreactorbot commented 4 days ago

每日安全资讯（2024-09-24）

SecWiki News
- [ ] SecWiki News 2024-09-23 Review
Files ≈ Packet Storm
- [ ] Invesalius 3.1 Arbitrary File Write / Directory Traversal
- [ ] Faraday 5.7.0
- [ ] nullcon Goa 2025 Call For Papers
- [ ] Ubuntu Security Notice USN-7028-1
- [ ] Ubuntu Security Notice USN-7020-2
- [ ] Ubuntu Security Notice USN-7007-2
- [ ] Gentoo Linux Security Advisory 202409-20
- [ ] Gentoo Linux Security Advisory 202409-19
- [ ] Gentoo Linux Security Advisory 202409-18
- [ ] Gentoo Linux Security Advisory 202409-17
- [ ] Gentoo Linux Security Advisory 202409-16
- [ ] Gentoo Linux Security Advisory 202409-15
- [ ] Debian Security Advisory 5774-1
- [ ] Linux i915 PTE Use-After-Free
- [ ] Gentoo Linux Security Advisory 202409-14
- [ ] Gentoo Linux Security Advisory 202409-13
- [ ] Registration And Login System 1.0 SQL Injection
- [ ] Ubuntu Security Notice USN-6992-2
- [ ] Gentoo Linux Security Advisory 202409-12
- [ ] Gentoo Linux Security Advisory 202409-11
- [ ] SPIP BigUp 4.3.1 Code Injection
- [ ] Gentoo Linux Security Advisory 202409-10
- [ ] Gentoo Linux Security Advisory 202409-09
- [ ] Gentoo Linux Security Advisory 202409-08
- [ ] RecipePoint 1.9 Insecure Settings
Security Boulevard
- [ ] What Is Noise-Down Automation?
- [ ] USENIX NSDI ’24 – Towards Intelligent Automobile Cockpit via A New Container Architecture
- [ ] Podcast Episode 19: Interview with Bill McInnis from Nucleus Security
- [ ] Randall Munroe’s XKCD ‘Tectonic Surfing’
- [ ] 2024 NIST Password Guidelines: Enhancing Security Practices
- [ ] USENIX NSDI ’24 – Can’t Be Late: Optimizing Spot Instance Savings under Deadlines
- [ ] Exploring the foundations of lattice-based cryptography
- [ ] Freemium Model Optimization for B2B SaaS: A Strategic Growth Approach
- [ ] A Fresh Approach to Cybersecurity: Unifying Intelligence, Technology and Human Expertise
- [ ] Unmasking Malware Through IP Tracking: How Attackers Exploit IP and Geo-Location Data to Target Your Network
安全客-有思想的安全新媒体
- [ ] Chainalysis CEO 认为政府可能会使用人工智能代理来追踪链上加密货币违法者
- [ ] 严重Ivanti 云设备漏洞在主动网络攻击中被利用
- [ ] 揭露“Marko Polo”：一个以数千人为目标的信息窃取团伙
- [ ] BianLian 和 Rhysida 使用 Azure 进行勒索软件攻击
- [ ] CISA发布协调联邦机构网络安全的计划
- [ ] Versa Networks 在 Versa Director 中暴露了关键 API 漏洞（CVE-2024-45229）
- [ ] Apple 的 macOS Sequoia 更新引发了与流行安全工具的重大兼容性问题
- [ ] CVE-2024-8698：Keycloak 漏洞使 SAML 身份验证面临风险
- [ ] Citrine Sleet用Mac Linux恶意软件毒害PyPI包
- [ ] 攻击面管理“六边形战士”！360获权威报告满分评价
Doonsec's feed
- [ ] 微软宣布弃用 Windows Server 更新服务 (WSUS)
- [ ] 暗网上的国际象棋游戏
- [ ] 信息窃取者对抗 Chrome：谁会赢得这场战斗？
- [ ] 破解“黑神话：悟空”传播 Lumma 窃取恶意软件
- [ ] 付费开源维护者在安全方面花费更多时间
- [ ] 围绕人工智能的全球规则初具规模，但仍有些模糊
- [ ] Necro 恶意软件加载器通过 Google Play 感染了 1100 万台 Android 设备
- [ ] 【情报实战】黎巴嫩爆炸寻呼机背后的公司和人
- [ ] 【资讯】内蒙古自治区政府办公厅印发《自治区低空经济高质量发展实施方案（2024—2027年）》
- [ ] 【资讯】浙江省政府办公厅印发《浙江省加力推动跨境电商高质量发展行动计划（2024—2027年）》
- [ ] 【资讯】济南市政府公布《济南市公共数据开放利用管理办法》
- [ ] 【资讯】厦门市政府办公厅印发《厦门市支持专精特新企业高质量发展的若干措施》
- [ ] 寻找IDOR漏洞：Key Endpoints and Resources
- [ ] 美军特战部队军演中展现WiFi“网络爆破”新技能
- [ ] 【漏洞预警】Ivanti CloudServiceAppliance 未授权路径遍历漏洞CVE-2024-8963
- [ ] G.O.S.S.I.P 阅读推荐 2024-09-23 大模型越狱，攻防战谁更胜一筹
- [ ] 美政府打击勒索软件重心拟转向：从抓捕起诉到破坏犯罪生态
- [ ] 【干货原创】实网攻防演习常态化，会带来什么变化01
- [ ] 【干货】笑傲职场的独家经验（1）
- [ ] 【干货原创】K12教育，鲜为人知的模式秘密
- [ ] 原创文章目录
- [ ] 灵当CRM multipleUpload.php接口处存在文件上传漏洞附POC
- [ ] 【SRC】实战中获取JS文件的各种场景
- [ ] 建了个SRC专项漏洞知识库
- [ ] 【相关分享】记一次某985高校的漏洞挖掘
- [ ] 一个命令扫遍天下无敌手:端口扫描从入门到精通
- [ ] 菜狗安全公开课第一期《JAVA代码审计实战》
- [ ] 金壮龙：深入学习贯彻习近平总书记重要论述奋力开创推进新型工业化新局面
- [ ] 《智能网联汽车领域AI大模型发展技术路线图1.0》研讨会顺利召开
- [ ] 电子招标投标系统检测认证服务助力中央企业采购管理规范化建设
- [ ] Android活动（Activities）Exploiting 技术
- [ ] 漏洞推送|数字通云平台智慧政务存在登录绕过漏洞
- [ ] 烽火狼烟丨暗网数据及攻击威胁情报分析周报（09/16-09/20）
- [ ] 2024 | ZAC首届线下闭门沙龙会议完美落幕
- [ ] ScopeSentry-V1.4-端口扫描更新
- [ ] 倒计时2天 | 嘉宾阵容揭晓！邀你共聚工业智能边缘计算2024年会
- [ ] 荐读丨超过1000个ServiceNow实例被发现泄露企业知识库数据
- [ ] 2024年第四届“长城杯”网络安全大赛（初赛）Writeup
- [ ] 隐藏在 Python 包中的新 PondRAT 恶意软件以软件开发人员为目标
- [ ] 2024信息学奥赛CSP-J/S第一轮认证题目涉嫌泄露！
- [ ] 破解并使用手表解锁带NFC功能的电动车
- [ ] 带你认识微信多模态大模型 POINTS
- [ ] 整车渗透测试，网络安全车辆型式认证的灵丹妙药
- [ ] 智能网联汽车安全渗透白皮书3.0
- [ ] 车辆渗透测试概述
- [ ] 第12章安全通信与网络攻击
- [ ] 第13章管理身份和认证
- [ ] Patriot CTF · 2024 WriteUp
- [ ] 乌克兰因安全风险首次禁用Telegram
- [ ] 年度安全品牌影响力&年度热门安全产品花落谁家 | WitAwards 2024 评选
- [ ] @所有人，我们更名了文末有福利！
- [ ] PatrOwl：一款开源可扩展的安全协调运营平台
- [ ] 红队笑传之穿穿部-记一次攻防演练被某部委安全团队拷打全过程【补档】
- [ ] AntSword新增类型：JSPRAW的一些玩法
- [ ] 【安全圈】乌克兰因安全风险首次禁用Telegram
- [ ] 【安全圈】不要赎金只破坏基础设施，Twelve 黑客大肆攻击俄罗斯实体
- [ ] 【安全圈】Chainalysis CEO 认为政府可能会使用人工智能代理来追踪链上加密货币违法者
- [ ] 【安全圈】啊这？钓鱼网站忽悠用户打开Windows运行执行恶意命令来完成人机验证
- [ ] 记一次基于Union的sqlmap自定义payload
- [ ] 2024网络安全行业证书推荐
- [ ] 一键Windows应急响应检测脚本 - Winscan
- [ ] 活动预告 | “人工智能对网络空间安全带来的新机遇和新挑战”工程科技学术研讨会
Recent Commits to cve:main
- [ ] Update Mon Sep 23 22:34:45 UTC 2024
- [ ] Update Mon Sep 23 14:30:17 UTC 2024
- [ ] Update Mon Sep 23 06:37:03 UTC 2024
Private Feed for M09Ic
- [ ] SpecterOps forked SpecterOps/terminal_sync from breakid/terminal_sync
- [ ] h3zh1 pushed to master in chainreactors/malefic
- [ ] CHYbeta starred PhonePe/mantis
- [ ] INotGreen forked INotGreen/v2rayNvpn from githubvpn007/v2rayNvpn
- [ ] INotGreen starred githubvpn007/v2rayNvpn
- [ ] pmiaowu starred alibaba/arthas
- [ ] pmiaowu starred c0ny1/java-memshell-scanner
- [ ] uknowsec starred rweijnen/createdump
- [ ] nightRainy pushed to master in chainreactors/malefic
- [ ] HuYlllc pushed to dev in chainreactors/malice-network
- [ ] mgeeky starred YS-L/csvlens
- [ ] Ascotbe starred caorushizi/mediago
- [ ] Rvn0xsy starred yudai/gotty
- [ ] Rvn0xsy starred jimmy201602/webterminal
- [ ] gh0stkey starred lencx/tauri-tutorial
- [ ] phith0n starred caorushizi/mediago
- [ ] gh0stkey created a repository gh0stkey/DSK
- [ ] gh0stkey started following Ackites
- [ ] zer0yu starred outlaws-bai/Galaxy
- [ ] zer0yu starred sleeepeer/PoisonedRAG
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- [ ] 客户案例：CACTER硬件网关精准防护，助力互联网企业安全升级
- [ ] 标准应用 | 敏感个人信息的界定与告知同意
- [ ] 安全动态回顾|《网络安全人才实战能力白皮书-安全测试评估篇》发布 X黑客狂潮使“$HACKED”加密代币遭哄抬
- [ ] Windows 漏洞利用盲文“空格”进行零日攻击
- [ ] 威努特与华为正式签约，共建繁荣生态
- [ ] 蚂蚁安全开放基于“函数级”SBOM的新一代软件供应链安全技术【源蜥】
一个被知识诅咒的人
- [ ] 深入理解华为仓颉语言的数值类型
- [ ] Go语言中的Mutex实现探讨
Armin Ronacher's Thoughts and Writings
- [ ] FSL: A Better Business/Open Source Balance Than AGPL
奇安信攻防社区
- [ ] JDK高版本的模块化以及反射类加载限制绕过
- [ ] JasperReports 命令执行问题
- [ ] 对抗样本生成技术分析与实现2
Perception Point
- [ ] Quishing 2.0: QR Code Phishing Evolves with Two-Step Attacks and SharePoint Abuse
Der Flounder
- [ ] spctl command line tool no longer able to manage Gatekeeper on macOS Sequoia
SpiderLabs Blog
- [ ] Why Do Criminals Love Phishing-as-a-Service Platforms?
Blogs dade
- [ ] Weekly Retro 2024-W38
SentinelOne
- [ ] PinnacleOne ExecBrief | State and Local Election Security Advisory
Malwarebytes
- [ ] 100 million+ US citizens have records leaked by background check service
- [ ] San Francisco’s fight against deepfake porn, with City Attorney David Chiu (Lock and Code S05E20)
- [ ] Relationship broken up? Here’s how to separate your online accounts
- [ ] SpaceX, CNN, and The White House internal data allegedly published online. Is it real?
- [ ] A week in security (September 16 – September 22)
Reverse Engineering
- [ ] /r/ReverseEngineering's Weekly Questions Thread
- [ ] Inside a ferroelectric RAM chip
- [ ] GitHub - ReFirmLabs/binwalk at binwalkv3
FreeBuf网络安全行业门户
- [ ] FreeBuf早报 | 国安部起底台独黑客组织；韩欲打造网络安全演习国际枢纽
- [ ] @所有人邀请函已送达！等一个靓仔slay全场~| FCIS 2024「白帽大会」议题征集
- [ ] 乌克兰因安全风险首次禁用Telegram
- [ ] 不要赎金只破坏基础设施，Twelve 黑客大肆攻击俄罗斯实体
KitPloit - PenTest & Hacking Tools
- [ ] PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
安全牛
- [ ] 警惕风险突出的100个高危漏洞
- [ ] 锁定3人！国家安全部门立案侦察“台独”网军“匿名者64”；中证协发布《证券公司网络安全事件舆情处置示范案例》 | 牛览
HackerNews
- [ ] 不要赎金只破坏基础设施，Twelve 黑客大肆攻击俄罗斯实体
- [ ] 美政府打击勒索软件重心拟转向：从抓捕起诉到破坏犯罪生态
安全客
- [ ] ZeroLogon 到 NoPac 漏洞：Black Basta的漏洞利用武器库
奇安信 CERT
- [ ] 安全热点周报：时隔一周，Ivanti 又公开一云服务设备漏洞正面临在野利用
Huli's blog
- [ ] HITCON CTF & corCTF & sekaiCTF 2024 筆記
微步在线研究响应中心
- [ ] 漏洞通告 | Ivanti Cloud Service Appliance 路径穿越漏洞
安全内参
- [ ] 美政府打击勒索软件重心拟转向：从抓捕起诉到破坏犯罪生态
- [ ] “蓝屏事件”后大量德国企业抛弃CrowdStrike
奇客Solidot–传递最新科技情报
- [ ] 日本科学家用猫制作 iPS 细胞
- [ ] 数学家发现一种新形状
- [ ] Bruce Schneier 认为以色列的袭击改变了世界
- [ ] 愈来愈多的大学研究生人数超过本科生
- [ ] 1951 年被拐走的加州男孩还活着
- [ ] 地球曾经也有星环
腾讯玄武实验室
- [ ] 每日安全动态推送(9-23)
代码卫士
- [ ] CISA 提醒注意已遭利用的 Apache HugeGraph-Server 漏洞
- [ ] 速修复！FreeBSD 中存在严重漏洞
雷神众测
- [ ] 雷神众测漏洞周报2024.09.18-2024.09.22
白帽100安全攻防实验室
- [ ] 五冠王！ByteCTF 2024 初赛WriteUp By W&M
dotNet安全矩阵
- [ ] .NET 一款通过虚拟键盘绕过UAC的工具
- [ ] .NET内网实战：白名单文件反序列化执行命令
- [ ] SoapShell 更新 | 新增站点根目录下适配某版本哥斯拉的WebShell
学蚁致用
- [ ] AntSword新增类型：JSPRAW的一些玩法
默安科技
- [ ] 卓越攻击团队｜默安科技信息通信领域再获佳绩
安全分析与研究
- [ ] Lazarus APT组织针对海事研究组织进行网络攻击活动
威胁猎人Threat Hunter
- [ ] 2024互联网黑灰产攻防技术沙龙·北京站，10月17日等你来！
字节跳动安全中心
- [ ] 积分翻倍、奖金再加码，推荐好礼送不停
情报分析师
- [ ] 揭开美国情报界的神秘面孔
- [ ] 克格勃秘密实验室：特异功能与心理操控
CNVD漏洞平台
- [ ] CNVD漏洞周报2024年第38期
- [ ] 上周关注度较高的产品安全漏洞(20240916-20240922)
中国信息安全
- [ ] 全球视野 | 国际网安快讯（第29期）
- [ ] 专家解读 | 推进本土治理系统工程，技管结合引导安全开发人工智能安全治理的中国认知与方案
- [ ] 关注 | 起底“台独”网军“匿名者64”
- [ ] 观点 | AI产业如何实现向善发展
- [ ] 观点 | 构建公共数据授权运营的生态体系
- [ ] 关注 | 欧盟建立人工智能工厂提升创新竞争力
- [ ] 国际 | 韩欲打造网络安全演习国际枢纽
安全圈
- [ ] 【安全圈】乌克兰因安全风险首次禁用Telegram
- [ ] 【安全圈】不要赎金只破坏基础设施，Twelve 黑客大肆攻击俄罗斯实体
- [ ] 【安全圈】Chainalysis CEO 认为政府可能会使用人工智能代理来追踪链上加密货币违法者
- [ ] 【安全圈】啊这？钓鱼网站忽悠用户打开Windows运行执行恶意命令来完成人机验证
数世咨询
- [ ] 百密一疏！你是否败给了“最土”的攻击方式（ATO）？
阿里安全响应中心
- [ ] 阿里云边缘安全加速(ESA)产品功能众测 - WAF功能挑战赛
极客公园
- [ ] 对话地瓜机器人 CEO 王丛：500 元的机器人「心脏」，是怎么炼成的？
- [ ] 预训练的 Scaling Law 正在走入死胡同，o1 让更多创业公司重新复活
- [ ] 卖出 68 亿，「黑神话」成 Steam 最畅销游戏；魅族产「红旗手机」曝光；「AI Siri」明年 1 月到来｜极客早知道
Tails - News
- [ ] Tails report for August 2024
安全419
- [ ] 关键领域数据安全建设观察——智能网联汽车领域
- [ ] 威努特与华为正式达成合作
- [ ] 2024年度关键信息基础设施安全保护论坛召开
- [ ] 万径安全完成数千万元融资深创投独家投资
补天平台
- [ ] 仅需9.9元，提升技能，赢得荣誉，来补天训练“赢”开启白帽之路！
IT Service Management News
- [ ] Sui cercapersone esplosi in Libano
Over Security - Cybersecurity news aggregator
- [ ] US proposes ban on connected vehicle tech from China, Russia
- [ ] US intelligence agencies confirm Russia is pushing fake videos of Kamala Harris
- [ ] Dozens of Fortune 100 companies have unwittingly hired North Korean IT workers, according to report
- [ ] Some Kaspersky customers receive surprise forced-update to new antivirus software
- [ ] Legislation to mandate universal data privacy opt-outs vetoed in California
- [ ] Telegram now shares users’ IP and phone number on legal requests
- [ ] New Mallox ransomware Linux variant based on leaked Kryptina code
- [ ] Ransomware attack on Kansas county exposed sensitive info of nearly 30,000 residents
- [ ] Kaspersky deletes itself, installs UltraAV antivirus without warning
- [ ] Biden administration proposes rule banning Chinese, Russian connected vehicles and parts
- [ ] Telegram says it will share phone numbers and IP addresses of ‘bad actors’ to authorities
- [ ] Android malware 'Necro' infects 11 million devices via Google Play
- [ ] Russian hackers have shifted tactics in third year of war, Ukraine cyber agency says
- [ ] New Google Chrome feature will translate complex pages in real time
- [ ] How to manage shadow IT and reduce your attack surface
- [ ] D-Link risolve tre vulnerabilità critiche nei suoi router Wi-Fi
- [ ] Kransom Ransomware: New Threat Using DLL-Sideloading to Hijack Popular RPG
- [ ] How the Necro Trojan infiltrated Google Play, again
- [ ] Undetected Android Spyware Targeting Individuals In South Korea
- [ ] CERT-AGID 14 – 20 settembre: 778 IoC e una campagna di phishing che sfrutta lo SPID
- [ ] GameVN - 1,369,485 breached accounts
360威胁情报中心
- [ ] APT-C-00（海莲花）双重加载器及同源VMP加载器分析
Securityinfo.it
- [ ] D-Link risolve tre vulnerabilità critiche nei suoi router Wi-Fi
- [ ] CERT-AGID 14 – 20 settembre: 778 IoC e una campagna di phishing che sfrutta lo SPID
Have I Been Pwned latest breaches
- [ ] GameVN - 1,369,485 breached accounts
ICT Security Magazine
- [ ] Il ciclo di vita dei dati rubati: dal furto al profitto
- [ ] Sicurezza del sistema operativo Android
安天AVL威胁情报中心
- [ ] 盘点：2024年7月移动设备威胁态势
- [ ] 安天移动近期威胁情报盘点（9月6日-9月23日）
SANS Internet Storm Center, InfoCON: green
- [ ] Phishing links with @ sign and the need for effective security awareness building, (Mon, Sep 23rd)
- [ ] ISC Stormcast For Monday, September 23rd, 2024 https://isc.sans.edu/podcastdetail/9148, (Mon, Sep 23rd)
Il Disinformatico
- [ ] Niente Panico RSI - Puntata del 2024/09/23
Posts By SpecterOps Team Members - Medium
- [ ] Ghostwriter v4.3: SSO, JSON Fields, and Reporting with BloodHound
Schneier on Security
- [ ] Hacking the “Bike Angels” System for Moving Bikeshares
Security Current
- [ ] Congratulations to the 2024 CISOs Top 100 Accelerated CISOs Awards (A100) Winners
Deeplinks
- [ ] EFF to Supreme Court: Strike Down Texas’ Unconstitutional Age Verification Law
Securelist
- [ ] How the Necro Trojan infiltrated Google Play, again
The Register - Security
- [ ] Telegram will now hand over IP addresses, phone numbers of suspects to cops
- [ ] 'Cybersecurity issue' takes MoneyGram offline for three days – and counting
- [ ] Necro malware continues to haunt side-loaders of dodgy Android mods
- [ ] US proposes ban on Chinese, Russian connected car tech over security fears
- [ ] So how's Microsoft's Secure Future Initiative going?
- [ ] UPS supplier's password policy flip-flops from unlimited, to 32, then 64 characters
- [ ] Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town
- [ ] Apple's latest macOS release is breaking security software, network connections
Unsupervised Learning
- [ ] UL NO. 451: Altman Says ASI in "Thousands of Days"
Information Security
- [ ] Malware Abuses Browser Kiosk Mode to Steal Google Credentials: New Attack Vector
Blackhat Library: Hacking techniques and research
- [ ] Sextortion Is About to Get Much Worse with Infostealers – A Red Flag for Victims
- [ ] Telegram groups for blackhat SEO
TorrentFreak
- [ ] Telegram Removes Z-Library Posts ‘Due to Copyright Infringement’
- [ ] Court Orders Google to “Uninstall” Pirate IPTV App Sideloaded on Android Devices
TG Soft Software House - News
- [ ] Vir.IT eXplorer PRO supera, ottenendo il massimo risultato, l'ultimo test effettuato ad Agosto 2024 da AppEsteem per i prodotti AV DeceptorFighters
Security Affairs
- [ ] ESET fixed two privilege escalation flaws in its products
- [ ] North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages
- [ ] Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw
- [ ] Hacktivist group Twelve is back and targets Russian entities
KitPloit - PenTest Tools!
- [ ] PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
The Hacker News
- [ ] THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 16-22)
- [ ] Why 'Never Expire' Passwords Can Be a Risky Decision
- [ ] Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk
- [ ] Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls
- [ ] New PondRAT Malware Hidden in Python Packages Targets Software Developers
- [ ] Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware
Technical Information Security Content & Discussion
- [ ] Open to Exploitation: The Security Risks of Unauthenticated Pager Networks
Computer Forensics
- [ ] I wrote a blog to learn and get familiar with some Incident Response tools and techniques. Hope it will be a good read :)
Your Open Hacker Community
- [ ] When I put my Alfa adapter to monitor, it shows wlan0 wlan1 as well.
- [ ] Reverse shell question
Security Weekly Podcast Network (Audio)
- [ ] Authentication and Authorization in the AI Era - Shiven Ramji - BSW #365