chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

111 stars 19 forks source link

[每日信息流] 2024-10-08 #673

Closed chainreactorbot closed 2 weeks ago

chainreactorbot commented 1 month ago

每日安全资讯（2024-10-08）

SecWiki News
- [ ] SecWiki News 2024-10-07 Review
Security Boulevard
- [ ] A Modern Playbook for Ransomware
- [ ] USENIX NSDI ’24 – Reverie: Low Pass Filter-Based Switch Buffer Sharing for Datacenters with RDMA and TCP Traffic
- [ ] Applying the Intelligence Cycle in our New Days of Rage
- [ ] DOJ Wants to Claw Back $2.67 Million Stolen by Lazarus Group
- [ ] Randall Munroe’s XKCD ‘Númenor Margaritaville’
- [ ] The Past Month in Stolen Data
- [ ] Your Headaches, Our Solutions: Student Safety Alerts & Reporting using Content Filter by ManagedMethods
- [ ] Simplifying SBOM compliance with Sonatype under India’s cybersecurity framework
Recent Commits to cve:main
- [ ] Update Mon Oct 7 22:27:35 UTC 2024
- [ ] Update Mon Oct 7 14:37:03 UTC 2024
- [ ] Update Mon Oct 7 06:21:00 UTC 2024
Tenable Blog
- [ ] Managing OT and IT Risk: What Cybersecurity Leaders Need to Know
Files ≈ Packet Storm
- [ ] Grav CMS 1.7.44 Server-Side Template Injection
- [ ] Ruby-SAML / GitLab Authentication Bypass
- [ ] iTunes For Windows 12.13.2.3 Local Privilege Escalation
- [ ] ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution
- [ ] ABB Cylon Aspect 3.08.01 caldavUtil.php Remote Code Execution
- [ ] ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution
- [ ] ABB Cylon Aspect 3.08.01 logYumLookup.php Unauthenticated File Disclosure
- [ ] Ubuntu Security Notice USN-7056-1
- [ ] ManageEngine ADManager Plus Privilege Escalation
- [ ] Book Recording App 2024-09-24 Cross Site Scripting
- [ ] Debian Security Advisory 5786-1
- [ ] Debian Security Advisory 5785-1
- [ ] OpenMediaVault 7.4.2-2 Code Injection
- [ ] Netis MW5360 Code Injection
- [ ] Hikvision IP Camera Cross Site Request Forgery
- [ ] GeoServer 2.25.1 Code Injection
- [ ] Gambio Online Webshop 4.9.2.0 Code Injection
Doonsec's feed
- [ ] Express 3.x 存在开放重定向漏洞！立即更新以避免潜在风险（CVE-2024-9266）
- [ ] 行业内卷下的数据安全何去何从？
- [ ] 安全行动，只为中国（五）—— APT捕获分析溯源篇
- [ ] 应急响应——全类型JAVA内存马排查
- [ ] 第一届网络空间安全学术会议会议通知（第二轮）
- [ ] 网络工程师：购买工业 PoE 交换机时要注意什么？
- [ ] AI应用落地关键AI Agent
- [ ] 如何获取全球某个手机号码的状态信息
- [ ] xx学院漏洞挖掘
- [ ] SRC安全知识库，发车！
- [ ] 实战中的高版本JDK的JNDI注入
- [ ] 通用CSRF绕过的6种方法
- [ ] 运营商“内鬼”违规提供短信接口，为397万个未实名手机号注册微信
- [ ] 一款基于Go语言编写，针对赛蓝企业管理系统的漏洞检测工具
- [ ] 《云原生安全攻防》-- K8s攻击案例：从Pod容器逃逸到K8s权限提升
- [ ] 对微信PC端解密的学习
- [ ] Js逆向入门：AST技术解混淆（上篇）
- [ ] 中行、数研所专利授权：基于量子加密，防止支付二维码被替换
- [ ] 联播 | 我国加快推动数据产业高质量发展
- [ ] 专家解读 | 杨建军：加快构建网络数据安全法规制度体系全面提升治理监管能力
- [ ] 操纵“网络水军”实施传播网络虚假信息行为的司法认定
- [ ] 直播间“砸蛋”可以赚钱？当心，涉嫌赌博！
- [ ] 毕业设计 | Ruff开发板 + 华为云IoT物联网平台，实现家中温度、湿度、二氧化碳、PM2.5、甲醛监控分析
- [ ] 【安全圈】南昌市某学校暴露超4000条学生个人信息被行政处罚
- [ ] 【安全圈】黑客从亚洲加密平台BingX 窃取了超过4400 万美元
- [ ] 【安全圈】乐高官网遭黑客入侵宣传加密货币，回应称没有用户账户受到损害
- [ ] 【安全圈】纬创遭受网络攻击：网站已恢复正常，运营无重大影响
- [ ] 【工具】几个可以查全球手机归属地、运营商和手机状态的网站
- [ ] 【情报】摩萨德如何策划爆炸性传呼机行动：以色列对真主党的渗透
- [ ] 汽车供应链中的网络安全
- [ ] 智能网联汽车数据分类分级实践指南
- [ ] 中国汽车基础软件信息安全研究报告 1.0
- [ ] SDC2024议题聚焦 | 探秘语法树：反编译引擎驱动自动化漏洞挖掘
- [ ] Fuzzer开发4：快照、代码覆盖率与模糊测试
- [ ] 五年归期已到
- [ ] CVE-2024-9014
- [ ] CVE-2024-45519 poc exp
- [ ] 太突然，她被曝离职！知情人：飞书已无法搜到
- [ ] 汽车ECU的软硬件架构及工作原理详解
- [ ] 文件里的\"隐形人\"：揭秘Windows不为人知的ADS技术
- [ ] 网络安全等级保护怎么做
- [ ] 蓝队研判技巧（一）-- 基础篇&WireShark篇
- [ ] 某金融src的一次较复杂攻击链进入后台
- [ ] 多位专家解读《网络数据安全管理条例》
- [ ] 中行基于量子通讯的安全认证专利取得授权！多家银行透露量子技术进展
- [ ] 一款开源轻量级的网站应用防火墙-SamWaf
- [ ] 带你体验一款主流且开源的Web漏洞扫描工具
- [ ] 国内文章不好看？想找老外的文章？点进来我教你
- [ ] 专家解读 | 凝聚安全风险治理共识促进人工智能创新发展
- [ ] 观点 | 构建符合数实融合的数据基础制度体系
- [ ] 2024年国庆假期余额不足，PT站开放注册所剩时间亦不多
- [ ] 最后一天|迎接V2024-11小迪安全培训
- [ ] 漏洞挖掘 | 某平台存储型XSS
- [ ] [安全开发]国庆优惠最后一天！统一85折！仅需313！
- [ ] SFeather::CTF官方WP汇总
- [ ] 数据暴露面管理：数据安全和合规的基础与起点
- [ ] 了解文件扩展名：Linux 综合指南
- [ ] 美国网络司令部警告朝鲜APT拉撒路集团恶意软件攻击
- [ ] 一文区分SSTI 和 CSTI
- [ ] 初中级渗透测试 | 南昌
- [ ] 「漏洞复现」魅思-视频管理系统 getOrderStatus SQL注入漏洞
- [ ] 网安原创文章推荐【2024/10/6】
- [ ] GrayLog6.0.X通过yum方式升级到最新版本
- [ ] 微信公众号小说漫画系统存在前台任意文件上传漏洞(RCE)
- [ ] 独家披露：以色列摩萨德传呼机行动成功的细节
Trustwave Blog
- [ ] Cybersecurity Awareness Month: Adding Seasonal Spice to Managed Detection and Response (MDR)
Light Cube
- [ ] 我还是放弃了 WordPress · LightCube 九周年总结
CXSECURITY Database RSS Feed - CXSecurity.com
- [ ] Acronis Cyber Infrastructure Default Password Remote Code Execution
- [ ] Online Complete - Blind Sql Injection Vulnerability
- [ ] MSI RTCore64.sys Privilege escalation
- [ ] SCRMS 2024-10-07 Multiple-SQLi
- [ ] Book Recording App 2024-09-24 Cross Site Scripting
- [ ] ManageEngine ADManager Plus Privilege Escalation
一个被知识诅咒的人
- [ ] 用Python制作数据可视化仪表盘：使用Dash与Plotly构建实时交互式仪表盘
- [ ] 探索Python中的神经网络：从零构建一个简单的深度学习模型
JEB in Action
- [ ] Deobfuscation ratings, inlining “fat” functions, and breaking opaque predicates
Private Feed for M09Ic
- [ ] SpecterOps made SpecterOps/cred1py public
- [ ] mgeeky starred SpecterOps/cred1py
- [ ] 4ra1n released 3.2 at jar-analyzer/jar-analyzer
- [ ] tennc starred zer0yu/CyberSecurityRSS
- [ ] ourren starred PKU-GeekGame/geekgame-3rd
- [ ] LloydLabs starred projectdiscovery/subfinder
Securelist
- [ ] Awaken Likho is awake: new techniques of an APT group
Sandfly Security Blog RSS Feed
- [ ] Sandfly 5.2 - Linux Stealth Rootkit File and Directory De-Cloaking
Malware-Traffic-Analysis.net - Blog Entries
- [ ] 2024-10-07 - Data dump (Formbook, possible Astaroth/Guildma, Redline Stealer, unidentified malware)
Reverse Engineering
- [ ] /r/ReverseEngineering's Weekly Questions Thread
- [ ] Can You Get Root With Only a Cigarette Lighter? | Blog
Malwarebytes
- [ ] Comcast and Truist Bank customers impacted by debt collector’s breach
- [ ] Large scale Google Ads campaign targets utility software
- [ ] iPhone flaw could read your saved passwords out loud. Update now!
- [ ] A week in security (September 30 – October 6)
SentinelOne
- [ ] PinnacleOne ExecBrief | Are You Actuarially In Good Hands?
cloud world
- [ ] 担心你的 Golang 程序内存泄露？看这一篇就够了！
Security Café
- [ ] Mobile Pentesting 101: How to Install Split APKs
博客园 - 渗透测试中心
- [ ] 2024熵密杯wp - 渗透测试中心
- [ ] 2024高校网络安全管理运维赛 wp - 渗透测试中心
- [ ] DASCTF 2024暑期挑战赛wp - 渗透测试中心
- [ ] 江苏省第二届数据安全技术应用职业技能竞赛初赛WP - 渗透测试中心
体验盒子
- [ ] 解决WordPress上传svg/ico/webp，您无权上传此文件类型
奇客Solidot–传递最新科技情报
- [ ] 343 Industries 重组为 Halo Studios，将用虚幻引擎 5 开发新作
- [ ] 巴西最高法院称 X 向错误的银行缴纳罚款
- [ ] Android 版 Thunderbird 发布 Beta 版
- [ ] 两美科学家获得 2024 年诺贝尔生理学或医学奖
FreeBuf网络安全行业门户
- [ ] Palo Alto：网络安全并购之王
黑奇士
- [ ] 媒体称“希音赖以崛起的魔法将失灵”，创始人许仰天火速赴美灭火，高管撇清“希音不是中国公司”
安全内参
- [ ] 运营商“内鬼”违规提供短信接口，为397万个未实名手机号注册微信
青衣十三楼飞花堂
- [ ] 王平回忆录
丁爸情报分析师的工具箱
- [ ] 【工具】几个可以查全球手机归属地、运营商和手机状态的网站
- [ ] 【情报】摩萨德如何策划爆炸性传呼机行动：以色列对真主党的渗透
中国信息安全
- [ ] 专家解读 | 杨建军：加快构建网络数据安全法规制度体系全面提升治理监管能力
- [ ] 专家解读 | 凝聚安全风险治理共识促进人工智能创新发展
- [ ] 观点 | 构建符合数实融合的数据基础制度体系
dotNet安全矩阵
- [ ] 精华回顾 | .NET 一款免杀的Suo5隧道代理脚本
- [ ] .NET 内网攻防实战电子报刊
- [ ] 精华回顾 | .NET 一款利用内核驱动关闭AV/EDR的工具
极客公园
- [ ] 古尔曼：苹果AI将在28号推出；传英伟达4090显卡已停产；宋紫薇已从理想汽车离职 | 极客早知道
- [ ] 古尔曼：苹果AI将在18号推出；传英伟达4090显卡已停产；宋紫薇已从理想汽车离职 | 极客早知道
迪哥讲事
- [ ] 实战中的高版本JDK的JNDI注入
Qualys Security Blog
- [ ] Qualys VMDR Rated as the Only Leader and Outperformer by Independent Analyst Firm for the Second Consecutive Year
ICT Security Magazine
- [ ] 5 Strategie Chiave per la Cybersecurity Aziendale – Come Proteggere la Tua Azienda dalle minacce cyber
- [ ] Utilizzo dell’intelligenza artificiale nella cybersecurity dei sistemi industriali
Over Security - Cybersecurity news aggregator
- [ ] MoneyGram confirms hackers stole customer data in cyberattack
- [ ] ADT discloses second breach in 2 months, hacked via stolen credentials
- [ ] LEGO's website hacked to push cryptocurrency scam
- [ ] Ukrainian pleads guilty to operating Raccoon Stealer malware
- [ ] Microsoft: Word deletes some documents instead of saving them
- [ ] Recently spotted Trinity ransomware spurs federal warning to healthcare industry
- [ ] Qualcomm patches high-severity zero-day exploited in attacks
- [ ] Apple fixes bugs in macOS Sequoia that broke some cybersecurity tools
- [ ] American Water shuts down online services after cyberattack
- [ ] American Water Works believes no water, wastewater facilities affected by cyberattack
- [ ] Ukrainian anti-corruption agency reportedly finds no violations in disclosures of top cyber official
- [ ] Russian state media company operation disrupted by ‘unprecedented’ cyberattack
- [ ] Hybrid Analysis Bolstered by Criminal IP’s Comprehensive Domain Intelligence
- [ ] AT&T, Verizon reportedly hacked to target US govt wiretapping platform
- [ ] UN cybercrime treaty lead negotiator: US will suffer if it doesn’t vote yes
- [ ] Mamba 2FA: A new contender in the AiTM phishing ecosystem
- [ ] New PhantomLoader Malware Distributes SSLoad: Technical Analysis
- [ ] Acronis individua un sofisticato attacco contro produttori di droni di Taiwan
- [ ] Awaken Likho is awake: new techniques of an APT group
- [ ] CERT-AGID 28 settembre – 4 ottobre: 29 campagne malevole e un malware simile a uno spyware
Securityinfo.it
- [ ] Acronis individua un sofisticato attacco contro produttori di droni di Taiwan
- [ ] CERT-AGID 28 settembre – 4 ottobre: 29 campagne malevole e un malware simile a uno spyware
IT Service Management News
- [ ] Stato delle norme ISO/IEC 270xx - Ottobre 2024
- [ ] Stato delle norme ISO/IEC 270xx - Privacy - Ottobre 2024
SANS Internet Storm Center, InfoCON: green
- [ ] macOS Sequoia: System/Network Admins, Hold On!, (Mon, Oct 7th)
- [ ] ISC Stormcast For Monday, October 7th, 2024 https://isc.sans.edu/podcastdetail/9168, (Mon, Oct 7th)
Schneier on Security
- [ ] Largest Recorded DDoS Attack is 3.8 Tbps
Instapaper: Unread
- [ ] New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries
- [ ] Android blocca lo schermo in caso di smartphone rubato
- [ ] Disk Images Introduction
- [ ] Book Review Cloud Forensics Demystified
- [ ] Seminario ONIF sull’informatica forense ad Amelia
- [ ] The FBI Still Hasn’t Cracked NYC Mayor Eric Adams’ Phone
- [ ] Chinese Group Hacked US Court Wiretap Systems
- [ ] Portable Hacking Lab Control The Smallest Kali Linux With a Smartphone
The Hacker News
- [ ] New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries
- [ ] Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually
- [ ] Modernization of Authentication: Webinar on MFA, Passwords, and the Shift to Passwordless
- [ ] Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
- [ ] THN Cybersecurity Recap: Top Threats and Trends (Sep 30 - Oct 6)
- [ ] Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection
- [ ] E.U. Court Limits Meta's Use of Personal Facebook Data for Targeted Ads
Graham Cluley
- [ ] Your robot vacuum cleaner might be spying on you
The Register - Security
- [ ] American Water rinsed in cyberattack, turns off app
- [ ] Cops love facial recognition, and withholding info on its use from the courts
- [ ] Chinese cyberspies reportedly breached Verizon, AT&T, Lumen
- [ ] Embattled users worn down by privacy options? Let them eat code
Tor Project blog
- [ ] New Alpha Release: Tor Browser 14.0a8
TorrentFreak
- [ ] ‘Musi’ Sues Apple Over App Store Removal Following YouTube Complaint
- [ ] Premier League’s Priority IPTV Piracy Threats Reported to U.S. Government
Security Affairs
- [ ] Universal Music data breach impacted 680 individuals
- [ ] Kyiv’s hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin’s birthday
- [ ] FBCS data breach impacted 238,000 Comcast customers
- [ ] Critical Apache Avro SDK RCE flaw impacts Java applications
- [ ] Man pleads guilty to stealing over $37 Million worth of cryptocurrency
- [ ] U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog
Technical Information Security Content & Discussion
- [ ] Hacking Windows through iTunes - Local Privilege Escalation 0-day (CVE-2024–44193)
Your Open Hacker Community
- [ ] JohnTheRipper - multi-word password?
Deeplinks
- [ ] Germany Rushes to Expand Biometric Surveillance
LockBoxx
- [ ] Security Awarness Month: 5 Attack Trends in 2024!
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] Any good site or resources that have a list of acronyms and the acronyms definitions?
- [ ] What is SSPM? SaaS Security Posture Management
Blackhat Library: Hacking techniques and research
- [ ] SMS spamming service? 100s of Texts per day
Unsupervised Learning
- [ ] How My Projects Fit Together
Information Security
- [ ] Secrets Sprawl in Public Repos Reaches 12.8 Million, Driven by API Keys
- [ ] ISACA Cybersecurity Fundamentals Exam - ISACA website unclear if labs are required
Social Engineering
- [ ] When are bad times to use humor during a conversation?