chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

111 stars 19 forks source link

[每日信息流] 2024-10-05 #670

Closed chainreactorbot closed 2 weeks ago

chainreactorbot commented 1 month ago

每日安全资讯（2024-10-05）

SecWiki News
- [ ] SecWiki News 2024-10-04 Review
Security Boulevard
- [ ] USENIX NSDI ’24 – Gemino: Practical and Robust Neural Compression for Video Conferencing
- [ ] Why is asset deduplication a hard problem?
- [ ] Randall Munroe’s XKCD ‘Ingredientsl’
- [ ] Biggest Ever DDoS is Threat to OT Critical Infrastructure
- [ ] How to Build Cross-Departmental Alliances to Tackle Insider Risk
- [ ] Fake Trading Apps for Android, iOS Lead to Pig Butchering Scam
- [ ] Defeating Ransomware: Lessons from the Frontlines with Logically’s Roger Newton
- [ ] USENIX NSDI ’24 – MadEye: Boosting Live Video Analytics Accuracy with Adaptive Camera Configurations
- [ ] Latest product updates
- [ ] DOJ, Microsoft Take Down Domains Used by Russian-Backed Group
Tenable Blog
- [ ] Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
Recent Commits to cve:main
- [ ] Update Fri Oct 4 22:32:44 UTC 2024
- [ ] Update Fri Oct 4 14:31:54 UTC 2024
- [ ] Update Fri Oct 4 06:24:59 UTC 2024
Files ≈ Packet Storm
- [ ] Zeek 6.0.8
- [ ] ABB Cylon Aspect 3.07.02 Authenticated File Disclosure
- [ ] Debian Security Advisory 5784-1
- [ ] Debian Security Advisory 5783-1
- [ ] TeamViewer Privilege Escalation
- [ ] Ubuntu Security Notice USN-7053-1
- [ ] Debian Security Advisory 5782-1
- [ ] Ubuntu Security Notice USN-7055-1
- [ ] MD-Pro 1.0.76 Shell Upload / SQL Injection
- [ ] Computer Laboratory Management System 2024 1.0 Cross Site Scripting
- [ ] Ubuntu Security Notice USN-7054-1
- [ ] Acronis Cyber Infrastructure 5.0.1-61 Cross Site Request Forgery
- [ ] Vehicle Service Management System 1.0 WYSIWYG Code Injection
- [ ] Vehicle Service Management System 1.0 Code Injection
- [ ] Transport Management System 1.0 Arbitrary File Upload
- [ ] Transport Management System 1.0 Code Injection
- [ ] ManageEngine ADManager 7183 Password Hash Disclosure
- [ ] fastrpc_mmap_create Use-After-Free
- [ ] fastrpc_mmap_find Information Leak
- [ ] Android qrtr_bpf_filter_detach Double-Free / Use-After-Free
Doonsec's feed
- [ ] 微软和美国破坏俄罗斯网络间谍基础设施
- [ ] 老烦读《网络数据安全管理条例》之四
- [ ] 速速转发 | 国家专项扶贫资金？假假假！
- [ ] 安全行动，只为中国（二）—— 勒索攻击等黑产活动分析响应处置篇
- [ ] 大屏，无处不在！问题，也是无处不在！
- [ ] 动态路由四大天王：OSPF、RIP、IS-IS、BGP，收藏这篇文章足以！
- [ ] 反弹Shell流量加密
- [ ] Wireshark 抓包过滤命令大全，不会抓包的网工不是好网工！
- [ ] 【商密测评】第三级商密测评—物理和环境安全
- [ ] 网络钓鱼的欺骗性极强：不要上当！
- [ ] 慢讯
- [ ] 一次解决Go编译问题的经过
- [ ] 一根网线牵出三个犯罪集团
- [ ] 索尼PS5和微软Xbox网络双双崩溃中断影响全球玩家
- [ ] 毕业设计 | ESP32 开源，稚晖君点赞，骑行圈必备的百元级智能GPS码表
- [ ] 面试官：什么是终端复用技术（tmux）？
- [ ] 科技创新作为发展新质生产力的核心要素：理论基础、历史规律与现实路径
- [ ] 数据产品资讯-长沙发布数据产品
- [ ] 【干货】笑傲职场的独家经验（1）
- [ ] 【干货原创】实网攻防演习常态化，会带来什么变化01
- [ ] 【干货原创】K12教育，鲜为人知的模式秘密
- [ ] 原创文章目录
- [ ] C/C++逆向：函数逆向分析-调用约定分析
- [ ] 【安全圈】新规解读：《网络数据安全管理条例》
- [ ] 【安全圈】用友U8CRM存在SQL注入漏洞
- [ ] 【安全圈】警惕！FIN7通过假AI裸体生成网站传播信息窃取恶意软件
- [ ] 【安全圈】Zimbra高危漏洞已被大规模利用：无需身份验证即可控制服务器
- [ ] 面向车路云一体化的数据安全 2023.11 中国汽车工程学会、CAICV 63页
- [ ] YDT6014-2024车路协同通信密码应用技术要求(报批稿) 工信部发布
- [ ] T_ITS 0127-2020 面向车路协同的通信证书管理技术规范
- [ ] Windows NTLM中继攻击（PortBender二进制可执行文件)
- [ ] 「漏洞复现」EDU 某智慧平台 ExpDownloadService.aspx 任意文件读取漏洞
- [ ] 俄罗斯网络攻击重点转向乌克兰军事基础设施，网络安全在基础设施上的投入必要性。
- [ ] 整车下线检测 --- ADAS标定
- [ ] 智能汽车如何进行横向跟踪控制？
- [ ] AI时代安全护航 | 京东安全，助力第八届安全开发者峰会（SDC2024）
- [ ] IDA python脚本一键生成libhasp_android_x补丁文件加载自己的so
- [ ] 面试题：SDL与DevSecops的区别
- [ ] 如何使用ECharts辅助开展数据可视化分析？
- [ ] 1—8月我国软件业务收入85492亿元同比增长11.2%
- [ ] 堪称安卓手机杀手，1100 万台设备被植入恶意软件
- [ ] 安徽金融监管局发提示函，加大保险公司侵犯公民信息行为打击力度u200b
- [ ] 1—8月我国软件业务收入85492亿元，信息安全收入增长持续放缓
- [ ] 每日扩展 | 密码学
- [ ] 工具｜CSDN付费、登录、关注限制绕过
- [ ] 自己在家开运营商 Part.1 - 注册一个 ASN
- [ ] 2024微软免费0基础网络安全视频课程（可在线参加考试获取微软安全认证）
- [ ] Linux提权-通配符提权总结
- [ ] 初中级渗透测试 | 南昌
- [ ] 重磅消息 | 赏金猎人板块
- [ ] [1004] 一周重点威胁情报｜天际友盟情报站
- [ ] 秦安：谁扛不住！以总理被炸？哈梅内伊开会，伊外长称一切皆可能
- [ ] 张志坤：美国再次大规模对台军售，中国仍将保持战略定力
- [ ] 《诗词游记》第367期：扬州八月彩霞红
- [ ] 使用 Joern 查找用于利用 Java 中 Unsafe Reflection 漏洞的类
- [ ] 通过注入 Smali 小工具进行 Android 恶意软件动态分析技术
- [ ] 现代 iOS 渗透测试：无需越狱 - My Framer Site
- [ ] Java 安全 | ClassLoader 理解与利用一篇就够了
- [ ] 证书自动续期就它了！
- [ ] 朝鲜黑客卷土重来：APT37重启间谍行动
- [ ] Telegram终究还是没抗住！！
- [ ] 国庆福利 | 星球免费名额赠送＋知识星球优惠券放送
- [ ] 微信公众号小说漫画系统存在前台SQL注入漏洞
- [ ] 网安原创文章推荐【2024/10/3】
- [ ] 一文读懂！科技成果转化：“转什么”“谁来转”“怎么转”全解析
- [ ] 【海外SRC赏金挖掘】诺基亚漏洞！！ 403ByPass (三) -- 修改请求方式实现403绕过
- [ ] 卫星星座天基测控守护卫星的“天眼”其建设应用及启示
- [ ] 低轨遥感卫星全时在线测控技术综述
- [ ] 【情报资料】美军围堵中国的行动之：行动路径
- [ ] 称安卓手机杀手，1100 万台设备被植入恶意软件；|索尼PS5和微软Xbox网络双双崩溃中断影响全球玩家
- [ ] “定期更换密码”是最愚蠢的密码规则？
- [ ] 一文搞懂windowsUAC机制逻辑及提权原理
- [ ] 推荐一款功能牛X的自动解密被加密的报文工具
- [ ] 700+页网安笔记免费下载
- [ ] 【工具分享】轻量级代码审计扫描工具
- [ ] SRC通过越权拿下高危漏洞
- [ ] 机关、单位工作人员网络安全保密须知
- [ ] 【2024-10-04】每日安全资讯
- [ ] Telegram 披露与执法部门共享美国用户数据
- [ ] 引领威胁情报市场的十大公司
- [ ] 美国银行发生中断，导致很多账户余额为零
- [ ] Jenkins 中发布安全公告，修复多个安全漏洞
- [ ] Chrome修复任意代码执行漏洞，字节跳动无恒实验室上大分
- [ ] NASA 在深空测试高速互联网
- [ ] 黑客入侵死亡登录系统假死被发现
- [ ] “Perfctl”恶意软件通过模仿系统文件在Linux上潜伏多年
- [ ] 一款红队执行命令回显的白名单工具
- [ ] 如何使用大型语言模型（LLMs）自动检测BOLA漏洞
- [ ] 滥用云服务进行传播的恶意软件越来越多
- [ ] BotKube：一款针对Kubernetes集群的安全监控与调试部署工具
- [ ] 网络安全宣传片-\"两高一弱\"专题（二）
- [ ] 服务器挖矿病毒入侵案例分析：排查与解构
- [ ] 微软和美国司法部拆除俄罗斯黑客组织使用的域名
- [ ] 研究人员披露微软 Office 漏洞（CVE-2024-38200）技术细节，发布PoC代码
- [ ] 14个新漏洞使超过70万台台湾产 DrayTek 路由器面临黑客攻击
- [ ] Docker跑黑苹果sonoma14
- [ ] 警惕，Linux 黑客新的强力工具
- [ ] 2024年最新Win10/Win11系统永久激活教程（免费、无需密钥、支持离线激活）
- [ ] 直捣黄龙：/dev/mem如何成为Linux系统的安全软肋
- [ ] uniapp原生Android插件定制开发方法
- [ ] Android系统定制/鸿蒙APP开发课程(优惠券)
- [ ] 【漏洞复现】泛微OA E-Cology ifNewsCheckOutByCurrentUser.dwr Sql注入
- [ ] 银行招聘资深网络安全攻防专家
- [ ] 每天发布最新网络安全实用资源
- [ ] .NET 回顾 | 一款反序列化漏洞的白名单工具
- [ ] .NET 一款提权工具：Sharp4PetitPotato
- [ ] .NET 一款通过管道模拟传递哈希的工具
- [ ] .NET 一款体积极小用于规避WAF的Shell
- [ ] GitGot – 半自动化搜索GitHub公共数据
- [ ] 持久图像成为未来情报侦察的关键：100颗间谍卫星让你无处遁形
- [ ] 5th域安全微讯早报【20241004】239期
- [ ] 智汇长安 | 跟着小鹰City Walk Day 7
- [ ] Proving Grounds-Crane
- [ ] 快速等保核查、资产扫描工具
- [ ] 国庆特辑 | 纪录片《锻造雄师向复兴》
- [ ] 网络安全监测系统技术要求
- [ ] 中央网信办部署开展“清朗·整治违规开展互联网新闻信息服务”专项行动
- [ ] 法新社向法国当局通报可能存在数据泄露
- [ ] 《逃生》开发商遭遇重大网络攻击内部数据泄露
- [ ] 命令注入的终极笔测试指南
- [ ] 警惕 | 针对中国公务员的网络钓鱼活动
- [ ] AlterX 子域名生成器使用指南：快速生成、定制化设置，轻松掌握
- [ ] 老烦读《网络数据安全管理条例》之二
- [ ] XWorm新变种通过Windows脚本文件传播
- [ ] 网络安全知识：什么是自治系统？
- [ ] 又到国庆旅游日，网警小贴士
- [ ] 分享图片
- [ ] imagickd写shell的技术学习
- [ ] 一图看懂《密码法》前沿典藏版
Private Feed for M09Ic
- [ ] 1n7erface started following M09Ic
- [ ] xxDark starred mstorsjo/msvc-wine
- [ ] phith0n starred GoogleContainerTools/kaniko
- [ ] geohot created a repository tinygrad/toonygrad
- [ ] glzjin starred vnt-dev/vnts
Trustwave Blog
- [ ] Protecting the US Election by Adopting Basic Cybersecurity Protocols
Sucuri Blog
- [ ] Unraveling Authentication and Authorization in Web Security
一个被知识诅咒的人
- [ ] 打造现代化网页：JavaScript网页设计全攻略
- [ ] 深入浅出Vue.js组件开发：从基础到高级技巧
- [ ] 全方位掌握 Python 字典遍历：实用技巧与代码详解
- [ ] 用Python制作自己的聊天机器人：从零开始构建智能对话助手
- [ ] 用Python和OpenCV实现人脸识别：构建智能识别系统
- [ ] Python自动化办公：从Excel到PDF生成的全流程
- [ ] Python中的奇技淫巧：理解迭代器、生成器和装饰器
- [ ] 从API获取实时数据：用Python构建天气预报应用
- [ ] Python的多线程与多进程：并发编程基础与实战
- [ ] Java高效编程（16）：在公共类中使用访问器方法，而不是公共字段
- [ ] 华为仓颉语言入门（9）：for-in表达式
- [ ] Java高效编程（17）：减少类的可变性以提高安全性和线程安全
- [ ] Java高效编程（18）：优先使用组合而非继承
- [ ] Java高效编程（15）：最小化类与成员的可见性
- [ ] Java高效编程（15）：尽量减少类和成员的可访问性
- [ ] Java高效编程（14）：考虑实现 Comparable
Securelist
- [ ] Scam Information and Event Management
SentinelOne
- [ ] The Good, the Bad and the Ugly in Cybersecurity – Week 40
Webroot Blog
- [ ] 8 Tips to protect your devices from malware attacks
VMRay
- [ ] Detection Highlights – September 2024: Config Extractor for Latrodectus, Detecting Disablement of Windows Defender & Security Center Notifications, and PhishKit
博客园 - 渗透测试中心
- [ ] 2024 ciscn WP - 渗透测试中心
- [ ] 第八届2024御网杯WP - 渗透测试中心
- [ ] 羊城杯2024WP - 渗透测试中心
奇客Solidot–传递最新科技情报
- [ ] 三星最新软件更新导致部分旧型号手机变砖
- [ ] 腾讯和 Guillemot 家族有意私有化育碧
- [ ] Automattic 与 WP Engine 之间的诉讼愈演愈烈 159 名雇员辞职
- [ ] 两大 X 级耀斑先后抵达地球将引发强烈极光
- [ ] 新 HBO 纪录片声称识别了中本聪的身份
信息时代的犯罪侦查
- [ ] 如何使用ECharts辅助开展数据可视化分析？
丁爸情报分析师的工具箱
- [ ] 【情报资料】美军围堵中国的行动之：行动路径
NETRESEC Network Security Blog
- [ ] VoIP tab in NetworkMiner Professional
Over Security - Cybersecurity news aggregator
- [ ] Unraveling Authentication and Authorization in Web Security
- [ ] FSB-Linked Star Blizzard Campaign Disrupted: What You Need to Know
- [ ] Highline Public Schools confirms ransomware behind shutdown
- [ ] Russia arrests US-sanctioned Cryptex founder, 95 other linked suspects
- [ ] Tech platforms urged to tackle Hamas’ and Hezbollah’s online propaganda
- [ ] Google removes Kaspersky's antivirus software from Play Store
- [ ] Outlast game development delayed after Red Barrels cyberattack
- [ ] Dutch police blame ‘state actor’ for recent data breach
- [ ] Sintesi riepilogativa delle campagne malevole nella settimana del 28 settembre – 4 ottobre
- [ ] Weekly IT Vulnerability Report: Cyble Urges Fixes for NVIDIA, Adobe, CUPS
- [ ] So far, cybercriminals appear to be just shopping around for a Telegram alternative
- [ ] Four Critical Vulnerabilities Added to CISA’s Exploited Vulnerabilities Catalog
- [ ] UK nuclear site Sellafield fined $440,000 for cybersecurity shortfalls
- [ ] White House official says insurance companies must stop funding ransomware payments
- [ ] Campagna di Phishing ai danni di IP Gruppo API
- [ ] Scam Information and Event Management
- [ ] Getting started with Detection-as-Code and Sekoia Platform
- [ ] ChatGPT per macOS poteva essere usato per esfiltrare dati in modo persistente
- [ ] Portable Hacking Lab: Control The Smallest Kali Linux With a Smartphone
- [ ] Why your password policy should include a custom dictionary wordlist
D3Lab
- [ ] Campagna di Phishing ai danni di IP Gruppo API
Securityinfo.it
- [ ] ChatGPT per macOS poteva essere usato per esfiltrare dati in modo persistente
JUMPSEC
- [ ] The critical risk in DORA financial regulations
Il Disinformatico
- [ ] Podcast RSI – Auto connesse “hackerabili”, stavolta tocca a Kia. Ma a fin di bene
ICT Security Magazine
- [ ] Email Security: Red flag e best practice
Schneier on Security
- [ ] Friday Squid Blogging: Map of All Colossal Squid Sightings
SANS Internet Storm Center, InfoCON: green
- [ ] Survey of CUPS exploit attempts, (Fri, Oct 4th)
- [ ] ISC Stormcast For Friday, October 4th, 2024 https://isc.sans.edu/podcastdetail/9166, (Fri, Oct 4th)
The Register - Security
- [ ] About a quarter million Comcast subscribers had their data stolen from debt collector
- [ ] Visit CyberThreat 2024 to hone your cybersecurity skills
- [ ] Harvard duo hacks Meta Ray-Bans to dox strangers on sight in seconds
- [ ] Big brands among thousands infected by payment-card-stealing CosmicSting crooks
Full Disclosure
- [ ] Some SIM / USIM card security (and ecosystem) info
Technical Information Security Content & Discussion
- [ ] Exploiting Visual Studio via dump files - CVE-2024-30052
- [ ] Built your portable pentesting lab with Pi-Tail that is controlled only by your smartphone
- [ ] Pwning LLaMA.cpp RPC Server with CVE-2024-42478 and CVE-2024-42479
Instapaper: Unread
- [ ] Tosint Open-source Telegram OSINT tool
- [ ] Trapelato materiale Guardia di Finanza su indagine Berlusconi Market - (in)sicurezza digitale
- [ ] Understand and check Time Machine backups to APFS
- [ ] Un criminal hacker di 24 anni è stato arrestato per aver messo a rischio la sicurezza nazionale. I dettagli dell’operazione “Dominio”
- [ ] License Plate Readers Are Creating a US-Wide Database of Political Lawn Signs and Bumper Stickers
- [ ] A Window into Your Photos Revealing How Sideloaded Apps Can Secretly Monitor Your Images
- [ ] YouTube, Snapchat, TikTok Ordered to Reveal Recommender System Details Amid DSA Crackdown
- [ ] Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks
- [ ] Dutch police breached by a state actor
Information Security
- [ ] Crypto Chaos: Malicious PyPI Packages Exploit Wallet Recovery Tools to Steal Millions
- [ ] Cloudflare Mitigates Largest DDoS Attack in Internet History, Peaking at 3.8 Tbps
Your Open Hacker Community
- [ ] Here's an image; I'm looking for the viability of a How To Hack game as well as its accuracy, please?
- [ ] Decompile APK to check for Spyware
极客公园
- [ ] ChatGPT 推出编程专用界面；特斯拉美国停售 Model 3 标续后驱版；问界针对 BBA 门店制定「特别计划」｜极客早知道
The Hacker News
- [ ] U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown
- [ ] How to Get Going with CTEM When You Don't Know Where to Start
- [ ] Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors
- [ ] WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
Graham Cluley
- [ ] Sellafield nuclear site hit with £332,500 fine after “significant cybersecurity shortfalls”
- [ ] Cybersecurity and compliance: The dynamic duo of 2024
TorrentFreak
- [ ] MPA Reports ‘Notorious’ Piracy Threats to U.S. Government
Social Engineering
- [ ] How scammers make money
Deeplinks
- [ ] EFF to Fifth Circuit: Age Verification Laws Will Hurt More Than They Help
- [ ] Digital Inclusion Week, Highlighting an EFA Members Digital Equity Work:
- [ ] Join the Movement for Public Broadband in PDX
Security Affairs
- [ ] Google removed Kaspersky’s security apps from the Play Store
- [ ] New Perfctl Malware targets Linux servers in cryptomining campaign
- [ ] Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group
Palo Alto Networks Blog
- [ ] Palo Alto Networks: 5x Leader in the Gartner Magic Quadrant for SD-WAN
Deep Web
- [ ] How can i search for an specific tophic
Security Weekly Podcast Network (Audio)
- [ ] Perfctl, Pig Butchering, Ivanti, Zimbra, BabyLockerKZ, AI gone Wild, Aaran Leyland... - SWN #419
- [ ] Cybersecurity Career Paths: from touring musician to purple teaming at Meta - Neko Papez, Brian Contos, Jayson Grace - ESW #378
- [ ] Analyzing Malware at Scale - John Hammond - PSW #845