[每日信息流] 2024-10-25

[chainreactorbot]

每日安全资讯（2024-10-25）

• 安全客-有思想的安全新媒体
  • [ ] AI 和 deepfakes 助长了网络钓鱼诈骗，使检测变得更加困难
  • [ ] CVE-2024-20424 (CVSS 9.9)： 思科 FMC 软件漏洞为攻击者提供 Root 访问权限
  • [ ] 日本电产精密公司披露安全事件和数据泄露情况
  • [ ] Perfctl 恶意软件再度来袭，加密骗子瞄准 Docker 远程 API 服务器
  • [ ] 新的 Grandoreiro 银行恶意软件变种出现，采用先进策略躲避检测
  • [ ] 谷歌警告：三星手机用户受到攻击
  • [ ] 威胁行为者利用漏洞的速度比以往任何时候都要快
  • [ ] Fortinet 警告 FortiManager 中存在被积极利用的缺陷：CVE-2024-47575 （CVSS 9.8）
  • [ ] 宾夕法尼亚州立大学向司法部支付 125 万美元和解网络安全合规案
  • [ ] 仿冒乱象泛滥，媒体、政府官网也能“套牌”？
  • [ ] 思科披露其ASA和FTD软件中存在被主动利用的漏洞 CVE - 2024 - 20481
• Files ≈ Packet Storm
  • [ ] ABB Cylon Aspect 3.08.02 logYumLookup.php Authenticated File Disclosure
  • [ ] Vendure Arbitrary File Read / Denial Of Service
  • [ ] Helakuru 1.1 DLL Hijacking
  • [ ] Grafana Remote Code Execution
  • [ ] Roundcube Webmail Cross Site Scripting
  • [ ] pfSense 2.5.2 Cross Site Scripting
  • [ ] Red Hat Security Advisory 2024-8374-03
  • [ ] Red Hat Security Advisory 2024-8365-03
  • [ ] Red Hat Security Advisory 2024-8238-03
• Trustwave Blog
  • [ ] Trustwave Again Named as an MSSP Alert Top 10 Managed Security Services Provider
• SecWiki News
  • [ ] SecWiki News 2024-10-24 Review
• 奇安信攻防社区
  • [ ] 【2024补天白帽黑客大会】JNDI新攻击面探索
  • [ ] 【2024补天白帽黑客大会】以魔法打败魔法：利用ALPC安全特性攻陷RPC服务
  • [ ] 【2024补天白帽黑客大会】变废为宝-被忽视的风险点
  • [ ] FRP源码深度刨析
• Security Boulevard
  • [ ] 5 Security Considerations for Managing AI Agents and Their Identities
  • [ ] White House Memo Puts the Focus of AI on National Security
  • [ ] How is AI Used in Cybersecurity? 7 AI Use Cases
  • [ ] How we managed Aurora Serverless V2 Idle connections in RDS Proxy and saved RDS costs by 50%
  • [ ] The extent of Hardcoded Secrets: From Development to Production
  • [ ] Blackwire Labs AI Cybersecurity Platform Incorporates Blockchain to Validate Data
  • [ ] Randall Munroe’s XKCD ‘RNAWorld’
  • [ ] DEF CON 32 – AppSec Village – Securing Frontends at Scale;Paving our Way to Post XSS World
  • [ ] Embracing Innovation: Seceon’s Journey at GITEX 2024
  • [ ] How Data Security Can Drive an AI Revolution in Retail
• Private Feed for M09Ic
  • [ ] HuYlllc pushed to dev in chainreactors/malice-network
  • [ ] evilc0deooo started following M09Ic
  • [ ] killeven starred LANDrop/LANDrop
  • [ ] 4ra1n starred SpringKill-team/SecurityInspector
  • [ ] gh0stkey starred SpringKill-team/SecurityInspector
  • [ ] niudaii starred wjlin0/riverPass
  • [ ] 4ra1n starred aliyun/oss-browser
  • [ ] gh0stkey starred clap-rs/clap
  • [ ] h3zh1 pushed to dev in chainreactors/malice-network
  • [ ] lz520520 starred Florian-Hoth/CVE-2024-38100-RCE-POC
  • [ ] nightRainy starred aahmad097/AlternativeShellcodeExec
  • [ ] phith0n starred zq1997/deepin-wine
  • [ ] DVKunion starred dair-ai/Prompt-Engineering-Guide
  • [ ] whwlsfb starred joaoviictorti/RustRedOps
  • [ ] INotGreen forked INotGreen/Rat-winos4.0-gh0st from Logkiss/Rat-winos4.0-gh0st
  • [ ] INotGreen starred Logkiss/Rat-winos4.0-gh0st
  • [ ] yzddmr6 forked yzddmr6/RAG_tutorial from leo038/RAG_tutorial
  • [ ] yzddmr6 starred leo038/RAG_tutorial
  • [ ] L-codes started following Lotus6
  • [ ] wabzsy starred coocood/freecache
  • [ ] WAY29 starred zellij-org/zellij
• Tenable Blog
  • [ ] How To Protect Your Cloud Environments and Prevent Data Breaches
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • [ ] 2024中韩互联网合作论坛 | 梆梆安全受邀探讨个人信息保护合规建设
  • [ ] 2024年网络安全“金帽子”年度评选投票通道正式开启
  • [ ] Check Point：科技与时尚交融，可穿戴设备安全性亟待提升
• Doonsec's feed
  • [ ] 深入分析自己曾经挖掘到的有趣的XSS漏洞
  • [ ] AI 真的可以赋能网络安全吗？
  • [ ] 白泽ers Happy 1024 Day！程序员专属节日，代码改变世界！
  • [ ] 企业SRC简单漏洞挖掘
  • [ ] 「漏洞复现」东胜物流软件 GetProParentModuTreeList SQL注入漏洞
  • [ ] IDEA代审辅助插件|吊炸天！开源插件SecurityInspector-预览版
  • [ ] 1024精彩回顾：智绘技术蓝图，“程”风快意共前进
  • [ ] 只要能画出SAFE业务流能力图，给客户的解决方案就完成了一半
  • [ ] 秦安：聚焦无人机！俄突遭袭击、台军备战、以军暗杀到其总理被攻
  • [ ] 网安自学就业指导1.1
  • [ ] 【年会】网络与信息法学研究会2024年年会精彩观点回顾（分论坛八）
  • [ ] 【资讯】工信部印发《电力装备制造业数字化转型实施方案》
  • [ ] 【资讯】浙江省经信厅发布《关于组织遴选智能网联汽车典型应用场景的通知》
  • [ ] IDEA代审辅助插件|吊炸天！SpringKill安全研究团队开源插件SecurityInspector-预览版
  • [ ] G.O.S.S.I.P 阅读推荐 2024-10-24 To Write & To Execute
  • [ ] 黑客眼中的IP地址：一个不容忽视的安全隐患
  • [ ] rpc 总是被嫌弃的
  • [ ] 重庆市九部门联合出台工业互联网标识解析“贯通山城”行动计划
  • [ ] 活动预告｜星火燎“源”·2024星火技术生态交流会将于10月25日举办，共探开源未来
  • [ ] JAVA代审-JPress_V4.2
  • [ ] 【应急响应】记一次监测发现webshell告警的应急响应过程
  • [ ] 【漏洞预警】Fortinet FortiManager身份验证缺陷漏洞CVE-2024-47575
  • [ ] 2024年AI防伪与反诈高峰论坛丨知道创宇分享全球大模型底层价值观评测成果
  • [ ] 安全的岗位薪资的构成
  • [ ] 数通365案例 | 零售多分支新标杆！华为星河AI融合SASE助力Personal Collection分支安全互联全面升级
  • [ ] Cisco Adaptive Security Appliance 软件 SSH 远程命令注入漏洞
  • [ ] 江西省工信厅和高安市工信局一行莅临绿盟科技总部考察调研
  • [ ] 再获认可｜绿盟科技揽获数据安全多项荣誉
  • [ ] 开启奇妙之旅 | “绿盟总部大楼开放日”来啦
  • [ ] 系统瘫痪、交付延迟、财报推迟，知名企业遭遇灾难式勒索攻击
  • [ ] 每一次采购安全产品，都是一场与风险利弊的博弈
  • [ ] 安全领域的智慧盛宴！看雪·第八届安全开发者峰会圆满收官
  • [ ] Code for Passion @小红书程序员
  • [ ] 今年这个机会，真让我大开眼界！
  • [ ] Java反序列化之CC6分析
  • [ ] 【工具自研】Trivy 报告生成插件：trivy-plugin-report
  • [ ] 落魄黑客甜品站
  • [ ] 更加严格！美国 CISA 提出新的数据安全规定
  • [ ] 研究 | “二开”火绒遮天专版，专属于你
  • [ ] 卫星圈里最懂安全，安全圈里最懂卫星丨盛邦安全亮相中国卫星应用大会，展示卫星互联网安全创新方案
  • [ ] 第八届“强网杯”全国网络安全挑战赛正在报名中
  • [ ] 数据安全合规神器 | 应用腾讯云数据安全审计，构建全面、深度的数据安全防护体系
  • [ ] 【安全圈】苹果、特斯拉均受影响，新型漏洞迫使GPU无限循环，直至系统崩溃
  • [ ] 【安全圈】苹果在iOS 18.2版中允许欧盟用户删除AppStore和照片等核心应用
  • [ ] 【安全圈】假冒LockBit，勒索软件滥用 AWS S3窃取数据
  • [ ] 【安全圈】攻击者正滥用Gophish传播远程访问木马程序
  • [ ] 1024，与滴滴一起
  • [ ] 文件上传攻击面&案例
  • [ ] 【国内网安政策快评】u200b《网络数据条例》发布，以五大修改、四项新规健全网络数据管理机制和制度体系
  • [ ] 苹果、特斯拉均受影响，新型漏洞迫使GPU无限循环，直至系统崩溃
  • [ ] 天命人，『猿』来是你！
  • [ ] 促进企业All-In-One的边界防护服务化 | FCIS 2024大会议题前瞻
  • [ ] logdata-anomaly-miner：一款安全日志解析与异常检测工具
  • [ ] 【知道创宇404实验室】警惕CVE-2024-47575针对Fortinet FortiManager的认证绕过漏洞
  • [ ] 天融信摘金夺银，并荣获大模型安全实践优秀案例
  • [ ] 天融信列入中国网络安全软件技术发展路线图推荐厂商
  • [ ] 刘烈宏：奋力谱写数字经济高质量发展新篇章
  • [ ] 中国密码学会2024密码创新奖评审结果公示
  • [ ] 观点 | 以“隐私设计”理念指引数据隐私保护
  • [ ] 美国四家上市公司因网络安全信披违规被罚5000万元
  • [ ] 9.DataContractJsonSerializer反序列化点
  • [ ] 石家庄市政府与360达成战略合作 树立全国数字经济创新发展标杆
  • [ ] 优秀创新成果！360安全大模型再获权威肯定
  • [ ] 全国总决赛|第二届企业信息系统安全赛项
  • [ ] 东部赛区|第二届企业信息系统安全赛项选拔赛
  • [ ] 0day 挖到手软，403 到 getshell
  • [ ] 1024程序员节：致敬每一位代码背后的英雄！
  • [ ] 中国网络安全市场营收攀升背后的驱动力与待解难题
  • [ ] 流程速览 | “工业征途 安全守护”工业领域数据安全实践与创新论坛
  • [ ] 车辆被攻击和威胁到发展趋势 AUTO - ISAC
  • [ ] SOA软件架构设计与开发, 方法论、设计原则、设计过程、灵活变通、治理与监控、工工具链支持
  • [ ] 下一代车辆的基于硬件的网络安全
  • [ ] 漏洞复现｜用友畅捷通-TPlus FileUploadHandler.ashx 任意文件上传漏洞
  • [ ] 骚手法 | 手把手构建攻防\"白环境\"！
  • [ ] 全国信标委发布《软件技术十大发展趋势》，软件安全再成焦点
  • [ ] 安全通告丨网络安全漏洞通告（2024年10月）
  • [ ] 议题征集 | 2024 OWASP中国安全技术论坛（北京）
  • [ ] 安世加为出海企业提供SOC 2、ISO27001、PCI DSS、TrustE认证咨询服务
  • [ ] 4款App侵害用户权益，被通报
  • [ ] 数智世界 全域安全 | 启明星辰集团精彩亮相2024安博会
  • [ ] 强网S8，重磅启动丨第八届“强网杯”全国网络安全挑战赛火热报名中
  • [ ] 张格：关键信息基础设施安全保护能力建设与实践
  • [ ] 1024程序员节 | 渗透测试精准狙击目标内网服务-何为端口转发技术？
  • [ ] 丸辣！智能汽车被黑客控制啦！
  • [ ] 奇安信霸榜三甲，蝉联终端、数据、分析情报市场冠军
  • [ ] 卡西欧遭遇灾难式勒索攻击：系统瘫痪、交付延迟、财报推迟
  • [ ] 豆包MarsCode Agent 登顶 SWE-bench Lite 评测集
  • [ ] C/C++组新手备赛规划来了！教你无痛备赛蓝桥杯！
• Recent Commits to cve:main
  • [ ] Update Thu Oct 24 22:33:05 UTC 2024
  • [ ] Update Thu Oct 24 14:32:23 UTC 2024
  • [ ] Update Thu Oct 24 06:29:04 UTC 2024
• 一个被知识诅咒的人
  • [ ] 【C++】探索C++中的表达式模板：提高计算效率的高级技巧
  • [ ] 【C++】动态探索：在C++中实现一个简单的反射系统
• GuidePoint Security
  • [ ] Cybersecurity Awareness Month: Tackling the Unsustainable Skills Challenge in Cybersecurity and Observability
• Malwarebytes
  • [ ] Pinterest tracks users without consent, alleges complaint
• Malware-Traffic-Analysis.net - Blog Entries
  • [ ] 2024-10-23 - Redline Stealer infection
  • [ ] 2024-10-17 - Two days of server scans and probes and web traffic
• Reverse Engineering
  • [ ] Exception Junction - Where All Exceptions Meet Their Handler [internals of Windows’ VEH]
• Wallarm
  • [ ] How Security Edge Revolutionizes API Security
• 安全牛
  • [ ] 被Gartner排在首位的技术趋势，将如何深刻影响网络安全？
  • [ ] 网络安全信息披露不力，Check Point等多家上市科技公司被美国证交会调查处罚；Bumblebee恶意软件重现江湖 | 牛览
• 奇客Solidot–传递最新科技情报
  • [ ] Google 开源其 AI 水印系统 SynthID
  • [ ] JetBrains Rider 和 WebStorm 允许非商业用户免费使用
  • [ ] 挪威将青少年使用社交网络的最低年龄提高到 15 岁
  • [ ] LinkedIn 被爱尔兰数据保护机构罚款 3.1 亿欧元
  • [ ] 香港首次发现恐龙化石
  • [ ] 制造一个婴儿需要多少能量？
  • [ ] 《辐射：伦敦》玩家数量突破 100 万
  • [ ] 科学家在阿秒尺度上调查量子纠缠有多快
  • [ ] 不受约束的私营企业如何破坏民主
  • [ ] 在发现芯片流入华为后台积电停止供货
  • [ ] Linus Torvalds 称他是芬兰人不会支持俄罗斯的侵略行径
• FreeBuf网络安全行业门户
  • [ ] 美国颁布史上最严数据安全规定
  • [ ] FreeBuf早报 | 美国CISA颁布史上最严数据安全规定；卡西欧遭遇灾难式勒索攻击
  • [ ] 苹果、特斯拉均受影响，新型漏洞迫使GPU无限循环，直至系统崩溃
  • [ ] 促进企业All-In-One的边界防护服务化 | FCIS 2024大会议题前瞻
• rtl-sdr.com
  • [ ] Building an “HF Helper” for Improving RTL-SDR HF Reception
• 奇安信 CERT
  • [ ] 【在野利用】Fortinet FortiManager 身份认证绕过漏洞(CVE-2024-47575)安全风险通告
• 威努特安全网络
  • [ ] 威努特态势感知：制药行业智能化转型的安全支撑
• 看雪学苑
  • [ ] SDC2024现场直击：精彩花絮与展区活动大揭秘
  • [ ] 2024年KCTF水泊梁山-反混淆
• Black Hills Information Security
  • [ ] QEMU, MSYS2, and Emacs: Open-Source Solutions to Run Virtual Machines on Windows
• 君哥的体历
  • [ ] 关于SCA的使用探讨，以及开发、运维人员访问生产服务器如何进行安全管控？｜总第269周
• 数世咨询
  • [ ] 调查发现：20%的CISO直接向CEO汇报，突显角色重要性
• 微步在线研究响应中心
  • [ ] 已知利用！Fortinet FortiManager远程代码执行漏洞（CVE-2024-47575）
• 安全圈
  • [ ] 【安全圈】苹果、特斯拉均受影响，新型漏洞迫使GPU无限循环，直至系统崩溃
  • [ ] 【安全圈】苹果在iOS 18.2版中允许欧盟用户删除AppStore和照片等核心应用
  • [ ] 【安全圈】假冒LockBit，勒索软件滥用 AWS S3窃取数据
  • [ ] 【安全圈】攻击者正滥用Gophish传播远程访问木马程序
• 微步在线
  • [ ] 为什么加密流量没法解？
• 慢雾科技
  • [ ] 慢雾(SlowMist) 将出席「香港金融科技周 2024」，共探 Web3 安全与反洗钱
• dotNet安全矩阵
  • [ ] .NET 一款免杀的Windows权限提升工具
  • [ ] .NET 内网攻防实战电子报刊
  • [ ] .NET 一款通过API实现的免杀WebShell
• 极客公园
  • [ ] 大涨 800 亿美元，马斯克甩了三张「王炸」
  • [ ] 滴滴自动驾驶融资3亿美元，Uber、Lyft 大涨，网约车有了新故事
  • [ ] 地平线上市，终于可以说说余凯的故事了
  • [ ] VisionPro 或明年年底停产；福特 CEO 法利爱上小米SU7 ；马斯克：明年特斯拉销量增长20%-30% | 极客早知道
  • [ ] VisionPro 或今年年底停产；福特 CEO 法利爱上小米SU7 ；马斯克：明年特斯拉销量增长20%-30% | 极客早知道
• 丁爸 情报分析师的工具箱
  • [ ] 【情报挖掘练习】美军运输机是否降落老挝机场？
• 情报分析师
  • [ ] 苏联情报机构培训与实战技巧
  • [ ] 开源情报信息，一网打尽！
• CNVD漏洞平台
  • [ ] 关于VMware vCenter Server存在堆溢出漏洞的安全公告
• 代码卫士
  • [ ] CISA 提出安全新要求，保护政府和个人数据安全
  • [ ] 关于VMware vCenter Server存在堆溢出漏洞的安全公告
  • [ ] 谷歌：三星0day漏洞已遭活跃利用
• 威胁猎人Threat Hunter
  • [ ] 【黑产大数据】汽车贷款欺诈产业链解构
• 安全内参
  • [ ] 四家上市公司因网络安全信披违规被罚5000万元
  • [ ] CNCERT：关于VMware vCenter Server存在堆溢出漏洞的安全公告
• 深信服千里目安全技术中心
  • [ ] 【漏洞通告】Fortinet FortiManager 身份验证漏洞(CVE-2024-47575)
• 嘶吼专业版
  • [ ] 2024年网络安全“金帽子”年度评选投票通道正式开启
  • [ ] 开启云网安新征程，云科安信与白山云达成深度战略合作
• Yak Project
  • [ ] Yakit，我从小用到大 | 1024程序员节快乐！
• Viola后花园
  • [ ] 我的妈妈
• 迪哥讲事
  • [ ] 深入分析自己曾经挖掘到的有趣的XSS漏洞
• 360数字安全
  • [ ] 石家庄市政府与360达成战略合作 树立全国数字经济创新发展标杆
  • [ ] 优秀创新成果！360安全大模型再获权威肯定
• 希潭实验室
  • [ ] 第106篇：深入分析自己曾经挖掘到的有趣的XSS漏洞
• 中国信息安全
  • [ ] 专题·勒索软件治理 | 工业领域网络勒索攻击防范应对的挑战与对策
  • [ ] CNNVD | 关于Fortinet FortiManager访问控制错误漏洞的通报
  • [ ] 专家解读 | 赵刚：公共数据资源开发利用——深化数据要素市场化配置改革的关键举措
  • [ ] 前沿 | 携手“全球南方”构建网络空间命运共同体
  • [ ] 观点 | 以“隐私设计”理念指引数据隐私保护
  • [ ] 评论 | 让网络语言更规范又不失活力
• 美团技术团队
  • [ ] 密码：1024（请勿外传）
• Over Security - Cybersecurity news aggregator
  • [ ] Apple creates Private Cloud Compute VM to let researchers find bugs
  • [ ] Henry Schein discloses data breach a year after ransomware attack
  • [ ] Windows 11 24H2 KB5044384 update fixes sfc /scannow corrupt file errors
  • [ ] Senator questions internet domain companies over Russian disinformation charges
  • [ ] CFPB warns industry against ‘deeply invasive’ workplace digital surveillance
  • [ ] Commerce Department IoT panel says car dealers should display privacy labels on vehicles
  • [ ] Insurance admin Landmark says data breach impacts 800,000 people
  • [ ] Landmark, an administrator for insurance firms, says 800,000 affected by data breach
  • [ ] Ireland fines LinkedIn €310 million over targeted advertising
  • [ ] Cisco fixes VPN DoS flaw discovered in password spray attacks
  • [ ] LinkedIn hit with $335 million fine for using member data for ad targeting without consent
  • [ ] New Qilin ransomware encryptor features stronger encryption, evasion
  • [ ] Come scegliere il servizio MDR migliore per la tua azienda
  • [ ] MDR - Come scegliere il servizio migliore per la tua azienda
  • [ ] Georgian authorities raid homes of disinformation researchers ahead of elections
  • [ ] Mandiant says new Fortinet flaw has been exploited since June
  • [ ] Samsung Galaxy S24 and Sonos Era hacked on Pwn2Own Ireland Day 2
  • [ ] Relativamente pochi dati di politici spagnoli e italiani esposti online | Proton
  • [ ] CISA Flags Critical Vulnerability (CVE-2024-47575) in Fortinet’s FortiManager
  • [ ] Weekly Industrial Control System (ICS) Vulnerability Intelligence Report: New Flaws Affecting Siemens, Schneider Electric, and More
  • [ ] Hook’d: How HookBot Malware Impersonates Known Brands to Steal Customer Data
  • [ ] UK proposes new data protection regime, hopes for £10 billion economic boost
  • [ ] White House unveils plan for US government to keep its edge on AI development
  • [ ] Trovate credenziali cloud hardcoded e in chiaro in numerose applicazioni
  • [ ] Notifications in Threat Intelligence Lookup
  • [ ] The end of the i386 kernel and images
  • [ ] Talos IR trends Q3 2024: Identity-based operations loom large
  • [ ] Attacchi ibridi alle password, cosa sono e come difendersi
  • [ ] Guerre di Rete - Sistemi Giustizia, abbiamo un problema
• 字节跳动技术团队
  • [ ] 豆包MarsCode Agent 登顶 SWE-bench Lite 评测集
• LuxSci
  • [ ] HIPAA-Compliant Email Marketing FAQs
• 安全419
  • [ ] 中国网络安全市场营收攀升背后的驱动力与待解难题
  • [ ] 流程速览 | “工业征途 安全守护”工业领域数据安全实践与创新论坛
• IT Service Management News
  • [ ] Regolamento di esecuzione della NIS2: mio articolo
  • [ ] DoD (USA) Cybersecurity Maturity Model Certification (CMMC) Program Final Rule
• Securityinfo.it
  • [ ] Trovate credenziali cloud hardcoded e in chiaro in numerose applicazioni
  • [ ] Attacchi ibridi alle password, cosa sono e come difendersi
• HACKMAGEDDON
  • [ ] 16-31 July 2024 Cyber Attacks Timeline
• SANS Internet Storm Center, InfoCON: green
  • [ ] Development Features Enabled in Prodcution, (Thu, Oct 24th)
  • [ ] ISC Stormcast For Thursday, October 24th, 2024 https://isc.sans.edu/podcastdetail/9194, (Thu, Oct 24th)
• 锦行科技
  • [ ] 爱码士们，过节啦！
• 安全研究GoSSIP
  • [ ] G.O.S.S.I.P 阅读推荐 2024-10-24 To Write & To Execute
• LockBoxx
  • [ ] Book Review: "Wicked Plants"
• The Hacker News
  • [ ] New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics
  • [ ] AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks
  • [ ] Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack
  • [ ] Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA
  • [ ] Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices
  • [ ] Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation
• TorrentFreak
  • [ ] nHentai Fights Back in Piracy Lawsuit: ‘Rightsholder Gave Permission’
  • [ ] CreativeFuture Celebrates Kim Dotcom’s Extradition Via Interactive Quiz
• Deep Web
  • [ ] Harvard Business Review: Case Studies and Articles
  • [ ] What is a session and how do I join.
  • [ ] What were little cyber crimes you did when you were young?
• NetSPI
  • [ ] Hacking CICS: 7 Ways to Defeat Mainframe Applications
• Computer Forensics
  • [ ] Team Viewer Deleted Files Case
  • [ ] I'm doing a CTF challenge that had a memory dump that needs analyzed with redline or something for an IP address, is there anyone that wants to help, for fun?
  • [ ] Text Message Visualization
• Graham Cluley
  • [ ] NotLockBit: ransomware discovery serves as wake-up call for Mac users
• Information Security
  • [ ] Hiring Group Director of Operations & Resilience (Timeline to onboard about 1.5 months)
• Trend Micro Research, News and Perspectives
  • [ ] Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • [ ] App Sec Engineer Intern Preparation
• Social Engineering
  • [ ] Rethinking Phishing Testing
• The Register - Security
  • [ ] AWS Cloud Development Kit flaw exposed accounts to full takeover
  • [ ] Emergency patch: Cisco fixes bug under exploit in brute-force attacks
  • [ ] Bitwarden's FOSS halo slips as new SDK requirement locks down freedoms
  • [ ] Ransomware's ripple effect felt across ERs as patient care suffers
  • [ ] Voice-enabled AI agents can automate everything, even your phone scams
  • [ ] China's top messaging app WeChat banned from Hong Kong government computers
  • [ ] Anthropic's latest Claude model can interact with computers – what could go wrong?
  • [ ] Perfctl malware strikes again as crypto-crooks target Docker Remote API servers
  • [ ] Samsung phone users under attack, Google warns
• Deeplinks
  • [ ] Disability Rights Are Technology Rights
• Your Open Hacker Community
  • [ ] Copying MIFARE tags
  • [ ] Question on Blackeye v2
  • [ ] Sierra Wireless ALEOS root
  • [ ] Really off topic but i need justice for my sister.
  • [ ] Nmap Scan / recon
  • [ ] Help with a CTF
• Technical Information Security Content & Discussion
  • [ ] Sysdig 2024 Threat Report
  • [ ] Lazarus APT steals cryptocurrency and user data via a decoy MOBA game
  • [ ] AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover
• Security Affairs
  • [ ] Pwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung Galaxy S24
  • [ ] Cisco fixed tens of vulnerabilities, including an actively exploited one
  • [ ] FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024
  • [ ] U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog
• Security Weekly Podcast Network (Audio)
  • [ ] Secure By Default - How do we get there? - Andy Syrewicze - PSW #848