chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

111 stars 19 forks source link

[每日信息流] 2024-10-31 #696

Open chainreactorbot opened 3 weeks ago

chainreactorbot commented 3 weeks ago

每日安全资讯（2024-10-31）

Private Feed for M09Ic
- [ ] mgeeky starred zimawhit3/Bitmancer
- [ ] localurk started following M09Ic
- [ ] kpcyrd released v0.5.2 at kpcyrd/rshijack
- [ ] zema1 released Watchvuln v2.1.1 发布 at zema1/watchvuln
- [ ] INotGreen starred Lifailon/froxy
- [ ] zema1 starred elastic/elasticsearch
- [ ] zer0yu starred mez-0/offensive-groovy
- [ ] ZeddYu starred abi/screenshot-to-code
- [ ] zer0yu starred daisixuan/r0chrome
- [ ] HuYlllc pushed to dev in chainreactors/malice-network
- [ ] Rvn0xsy starred microsoft/krabsetw
- [ ] 4ra1n starred Symph0nia/Coda
- [ ] Rvn0xsy starred xuanxuan0/TiEtwAgent
- [ ] I4Yoavv started following M09Ic
- [ ] INotGreen made INotGreen/ShellCodeTemper public
- [ ] 4ra1n started following qwqdanchun
- [ ] Khazing started following M09Ic
- [ ] 4ra1n starred hengyunabc/dumpclass
- [ ] INotGreen starred INotGreen/ShellCodeTemper
- [ ] uknowsec starred CICADA8-Research/TypeLibWalker
- [ ] zer0yu starred wy876/JavaCode
- [ ] zer0yu started following sylwia-budzynska
- [ ] zer0yu starred ImCoriander/ZeroEye
- [ ] zer0yu starred yiiyahui/Neptune-Firefox
- [ ] zer0yu started following harlamism
- [ ] zer0yu started following 7h3w4lk3r
- [ ] niudaii starred corazawaf/coraza
- [ ] niudaii starred chaitin/SafeLine
- [ ] uknowsec starred Maldev-Academy/ExecutePeFromPngViaLNK
- [ ] CHYbeta starred woodruffw/zizmor
Files ≈ Packet Storm
- [ ] Debian Security Advisory 5800-1
- [ ] Ubuntu Security Notice USN-7085-1
- [ ] Ubuntu Security Notice USN-7084-1
- [ ] WordPress WP-Automatic SQL Injection
- [ ] ABB Cylon Aspect 3.08.01 jsonProxy.php Username Enumeration
- [ ] ABB Cylon Aspect 3.08.01 jsonProxy.php Information Disclosure
- [ ] ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Remote SSH Service Control
- [ ] ABB Cylon Aspect 3.08.01 jsonProxy.php Denial Of Service
- [ ] ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Project Download
- [ ] ABB Cylon Aspect 3.08.01 jsonProxy.php Servlet Inclusion Authentication Bypass
- [ ] ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Credential Disclosure
- [ ] ABB Cylon Aspect 3.08.01 jsonProxy.php Cross Site Scripting
- [ ] Red Hat Security Advisory 2024-8617-03
- [ ] Red Hat Security Advisory 2024-8616-03
- [ ] Red Hat Security Advisory 2024-8614-03
- [ ] Red Hat Security Advisory 2024-8613-03
- [ ] Red Hat Security Advisory 2024-8577-03
- [ ] Red Hat Security Advisory 2024-8572-03
- [ ] Red Hat Security Advisory 2024-8567-03
- [ ] Red Hat Security Advisory 2024-8563-03
- [ ] Red Hat Security Advisory 2024-8546-03
- [ ] Red Hat Security Advisory 2024-8543-03
- [ ] Red Hat Security Advisory 2024-8534-03
- [ ] Red Hat Security Advisory 2024-8533-03
- [ ] Red Hat Security Advisory 2024-8528-03
Trustwave Blog
- [ ] E-Commerce Security Woes: Millions of Stolen User Sessions Found for Sale
SecWiki News
- [ ] SecWiki News 2024-10-30 Review
Armin Ronacher's Thoughts and Writings
- [ ] Make It Ephemeral: Software Should Decay and Lose Data
bunnie's blog
- [ ] Name that Ware, October 2024
- [ ] Winner, Name that Ware September 2024
奇安信攻防社区
- [ ] 在 EDR 时代恶意软件通过虚拟化逃避终端检测
Doonsec's feed
- [ ] CORS
- [ ] 微软：俄罗斯黑客利用 RDP 窃取政府数据
- [ ] 【工具更新】BurpSuite最新2024.9版Windows/Linux/Mac（附下载）
- [ ] 一次代码审计项目案例
- [ ] 商业奇迹！某电商APP成功的背后是一群黑客团队？
- [ ] 《人才库》
- [ ] 《突发》仿冒FB社区域名群发钓鱼信息？
- [ ] 【资料】在反恐中利用开源情报
- [ ] 总统去哪儿了？社交APP开源情报让你一探究竟！
- [ ] 【干货】笑傲职场的独家经验（1）
- [ ] 【干货原创】实网攻防演习常态化，会带来什么变化01
- [ ] 【干货原创】K12教育，鲜为人知的模式秘密
- [ ] 原创文章目录
- [ ] 第八届“强网杯”全国网络安全挑战赛竞赛规程
- [ ] 第八届“强网杯”全国网络安全挑战赛声明
- [ ] 倒计时3天丨第八届“强网杯”线上赛一触即发
- [ ] 秦安：必须拦截了，美宣布对台军售20亿美元，“包括一种新武器”
- [ ] 秦安：警惕唱空中国股市的逆流，不是蠢就是坏，三大背景不容置疑
- [ ] 王常胜：以色列本次袭击是多方斡旋的结果，不会引发中东大战
- [ ] 【漏洞复现】Apache Solr路径身份验证绕过漏洞CVE-2024-45216
- [ ] MySQL分层结构由哪些组成？
- [ ] Rust beacon
- [ ] G.O.S.S.I.P 阅读推荐 2024-10-30 SmartAxe
- [ ] 自动驾驶汽车时代的网络安全和合规性
- [ ] 自动驾驶系统架构师在线培训课程(中级班）
- [ ] 掌握模糊测试-如何在法规遵从中克服网络安全挑战
- [ ] 攻防教程3==》社会工程学(上)
- [ ] 西安旅游小攻略
- [ ] 记一些SRC挖掘奇特思路案例
- [ ] 建了个SRC专项漏洞知识库
- [ ] 2025年毕业生简历，我腆着老脸问了一圈没人要。为什么？
- [ ] 9月涉及国内的数据泄露
- [ ] 伊朗黑客充当贩卖美国、加拿大和澳大利亚等国家关键基础设施访问权的经纪人
- [ ] 议题征集｜“智效融合，安全护航”第七期「度安讲」技术沙龙议题报名！
- [ ] 【资讯】工信部就《工业和信息化部通信工程建设领域行政处罚事项裁量权基准》公开征求意见
- [ ] 【资讯】福建省工信厅发布《关于开展2024年工业机器人行业规范公告申报工作的通知》
- [ ] 【资讯】黑龙江省网信办公布《“清朗”系列专项行动典型案例》
- [ ] 震惊安全圈！真香定律不看后悔！
- [ ] 【直播预告】：阿加犀基于SiRider S1芯擎开发板的机器人应用分享
- [ ] Linux应急响应：查看文件的创建时间
- [ ] 这个健身App意外泄露多位总统的位置信息
- [ ] 倒计时10天 | FCIS 2024网络安全创新大会
- [ ] AIGC场景的内生安全防御体系构建 | FCIS 2024大会议题前瞻
- [ ] PsMapExec：一款针对活动目录AD的安全检测工具
- [ ] 安全从业者看过来！HTTP请求与响应结构全解析！
- [ ] 你的床头灯，可能正在“偷听”！警方提醒
- [ ] 12321：2024年9月被投诉钓鱼网站TOP10
- [ ] 第二期圆满结束！ | “浦江护航”2024 年上海市电信和互联网行业数据安全专项行动公益培训
- [ ] 全国数据标准化技术委员会2024-2025年拟制修订的重点标准项目清单
- [ ] 【安全圈】2024年9月涉及国内的数据泄露
- [ ] 【安全圈】互联网大厂主页疑似遭到篡改？
- [ ] 【安全圈】非法获取上亿条公民个人信息，一科技公司员工获刑
- [ ] 【安全圈】因健身应用轨迹，贴身保镖恐泄露美国总统位置信息
- [ ] 论坛·原创 | 《联合国打击网络犯罪公约》开启网络空间国际规则新篇章
- [ ] 发布 | 全国数据标准化技术委员会2024-2025年拟制修订的重点标准项目清单
- [ ] 专家解读 | 孟庆国：加快公共数据资源开发利用，推进数据要素市场化配置改革
安全客-有思想的安全新媒体
- [ ] 原生鸿蒙正式发布，国产操作系统进入自主可控时代
- [ ] 爱尔兰数据保护委员会因侵犯GDPR而对LinkedIn罚款3100万欧元
- [ ] Black Basta附属机构在最近的攻击中使用了Microsoft Teams
- [ ] 一个犯罪团伙入侵了意大利国家数据库，倒卖被盗信息
- [ ] 新研究揭示最新的AMD和英特尔处理器中仍然存在Spectre漏洞
- [ ] 网络钓鱼者通过Eventbrite服务接触目标
- [ ] 反复出现的 Windows 漏洞可能暴露用户凭据
- [ ] Hacker Halted 2024：探讨Deepfakes与网络安全，共筑网络乌托邦
- [ ] 从目录浏览分析幽盾攻击组织
- [ ] PSAUX 勒索软件正在利用 CyberPanel 中的两个最大严重性漏洞 (CVE-2024-51567、CVE-2024-51568)
Security Boulevard
- [ ] Cloud Security Alliance Advocates Zero Trust for Critical Infrastructure
- [ ] DEF CON 32 – AppSec Village – Maturing Your Application Security Program – SheHacksPurple
- [ ] Citrix Boosts Security for Remote Application Accesses With “More Security Layers”
- [ ] Survey Surfaces Fundamental Weaknesses in API Security
- [ ] ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues
- [ ] Baby Reindeer—The dangers of real-life stalkers
- [ ] DEF CON 32 – AppSec Village – Navigating The Cyber Security Labyrinth Choose Your Own Security Adventure
- [ ] Salt Security and Dazz: A Powerful Partnership for API Security
- [ ] BOFHound: AD CS Integration
- [ ] AI Cyberattacks Rise but Businesses Still Lack Insurance
obaby@mars
- [ ] 运动相机初体验
- [ ] Python 解析 DLT645 协议数据
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- [ ] 卫星互联网产业化提速
- [ ] 盛邦安全权小文：卫星互联网“落入凡间” 加密是安全防御唯一手段
- [ ] GEEKCON2024上海站收官：时刻好奇，保持乐观
- [ ] 谷歌：2023年披露的被利用漏洞中有70%是零日漏洞
- [ ] 2024第三届SCIC网络安全合规创新大会精彩回顾
- [ ] 360 NDR获IDC首推树立网络威胁检测与响应领域新标杆
- [ ] 数字化时代的邮件安全守护者：CACTER邮件安全网关解决方案
Sucuri Blog
- [ ] Indonesian Gambling Redirect Hiding in Plain Sight
一个被知识诅咒的人
- [ ] 【Python】深入理解Python中的上下文管理器：揭秘with语句的高级用法
- [ ] 【C++】智能指针的奥秘：深度解析std::unique_ptr与std::shared_ptr
- [ ] 【C++】掌握C++中的constexpr：编译时计算的奥秘与性能优化
Recent Commits to cve:main
- [ ] Update Wed Oct 30 22:29:32 UTC 2024
- [ ] Update Wed Oct 30 14:35:42 UTC 2024
- [ ] Update Wed Oct 30 06:37:25 UTC 2024
NVISO Labs
- [ ] How AI forces us to expand our thinking about basic cybersecurity concepts: Part 1 – Introduction
Horizon3.ai
- [ ] 2025 Fortune Cyber 60
- [ ] Horizon3.ai Named to the 2025 Fortune Cyber 60 for the Second Consecutive Year
blog.avast.com EN
- [ ] Baby Reindeer—The dangers of real-life stalkers
Reusable Security
- [ ] Running JtR's Tokenizer Attack
PortSwigger Blog
- [ ] Take control of your security posture: The Burp Suite Enterprise Edition winter update
Reverse Engineering
- [ ] Ancient Monkey: Pwning a 17-Year-Old Version of SpiderMonkey
Webroot Blog
- [ ] The new Webroot PC Optimizer boosts computer performance
hn security
- [ ] An analysis of the Keycloak authentication system
Malwarebytes
- [ ] Patch now! New Chrome update for two critical vulnerabilities
Wallarm
- [ ] How to Mitigate the Latest API Vulnerability in FortiManager
daniel.haxx.se
- [ ] Eighteen years of ABI stability
rtl-sdr.com
- [ ] SatDump 1.2.1 Released
奇客Solidot–传递最新科技情报
- [ ] 苹果将 M4 Mac Mini 电源按钮移至底部
- [ ] Dropbox 裁员五分之一
- [ ] OpenAI 与博通和台积电合作设计 AI 芯片
- [ ] X.Org Server 的一个本地提权漏洞存在了 18 年之久
- [ ] 索尼关闭《星鸣特攻》开发商 Firewalk Studio
- [ ] 中国三季度智能手机出货量增长 3.2%
- [ ] GitHub Copilot 将支持 Claude 3.5 和 Gemini 模型
- [ ] Open Source Initiative 宣布 Open Source AI Definition 1.0
- [ ] Fedora 41 释出
- [ ] Firefox v132.0 释出
安全牛
- [ ] MFA不再万能，如何守护网安第一道防线？
- [ ] 法国电信巨头遭黑客入侵，近2000万用户数据现身暗网；AI安全新挑战：研究揭示ChatGPT可被十六进制代码操纵 | 牛览
FreeBuf网络安全行业门户
- [ ] 因健身应用轨迹，贴身保镖恐泄露美国总统位置信息
- [ ] FreeBuf早报 | 墨西哥大型机场集团疑遭勒索攻击；开源AI/ML模型曝出30余个漏洞
- [ ] 开源AI/ML模型曝出30余个漏洞，可能导致远程代码执行与信息窃取风险
Checkmarx
- [ ] Cryptocurrency Enthusiasts Targeted in Multi-Vector Supply Chain Attack
腾讯玄武实验室
- [ ] 每日安全动态推送(24/10/30)
安全分析与研究
- [ ] DarkGate最新攻击样本攻击链详细分析
微步在线研究响应中心
- [ ] 可任意文件读取，警惕Solr身份绕过形成的漏洞利用链
威努特安全网络
- [ ] 万物互联新时代，威努特助力企业一站式安全用网
安全内参
- [ ] 开源情报显威！利用社交APP实时跟踪美俄法等国总统行踪
- [ ] 苹果悬赏百万美元查找“苹果智能”安全漏洞
代码卫士
- [ ] 研究员在开源AI和ML模型中发现30多个漏洞
- [ ] 这个已存在18年的提权漏洞影响 X.Org 服务器
黑海洋 - WIKI
- [ ] 利用Cloudflare搭建临时域名邮箱
青衣十三楼飞花堂
- [ ] 电子书解压密码(更新)
看雪学苑
- [ ] SDC2024 议题回顾 | Rust 的安全幻影：语言层面的约束及其局限性
- [ ] 行踪被保镖泄露？健身APP威胁全球政要和军方机密
- [ ] 更新2节：动态分析 | 看雪安卓高级研修班（月薪一万计划）
天御攻防实验室
- [ ] 北约多国网络指挥官谈网络空间中的军事角色
安全研究GoSSIP
- [ ] G.O.S.S.I.P 阅读推荐 2024-10-30 SmartAxe
M01N Team
- [ ] 绿盟英雄帖｜M01N战队研究员直聘，英雄请留步！
vivo千镜
- [ ] VDC安全与隐私会场专题解读五：AIGC新技术下安全工具的探索实践
dotNet安全矩阵
- [ ] .NET 一款内网渗透中用于权限维持的工具
- [ ] .NET 内网攻防实战电子报刊
- [ ] .NET 一款内存加载绕过ASMI和ETW的工具
君哥的体历
- [ ] 开源安全检测的漏洞，从哪些维度考虑整改标准？两种场景下（供应链软件入库，应用投产上线）针对检测的漏洞需要强制修复吗｜总第270周
吾爱破解论坛
- [ ] 【清理未活跃会员】清理2024年暑假开放注册未活跃会员公告
网安杂谈
- [ ] 书生大模型实战营闯关第二关：Python 基础知识
- [ ] 书生大模型实战营闯关第三关：Git基础知识
虎符智库
- [ ] 《政务大模型安全治理框架》: 揭示七大安全风险、提供治理路径
网络空间安全科学学报
- [ ] 喜报 |《网络空间安全科学学报》被哥白尼索引期刊数据库（ICI World of Journals）收录
百度安全实验室
- [ ] 议题征集｜“智效融合，安全护航”第七期「度安讲」技术沙龙议题报名！
信安之路
- [ ] 听劝！近期不要随意报培训！
嘶吼专业版
- [ ] GEEKCON2024上海站收官：时刻好奇，保持乐观
- [ ] 谷歌：2023年披露的被利用漏洞中有70%是零日漏洞
数世咨询
- [ ] 这谁防得住？Wi-Fi 联盟官方测试套件中存在命令注入漏洞
情报分析师
- [ ] 【秘密细节】俄罗斯与印度之间的武器合同
- [ ] 开源情报信息，一网打尽！
国家互联网应急中心CNCERT
- [ ] 网络安全信息与动态周报2024年第43期（10月21日-10月27日）
百度安全应急响应中心
- [ ] 议题征集｜“智效融合，安全护航”第七期「度安讲」技术沙龙议题报名！
安全圈
- [ ] 【安全圈】2024年9月涉及国内的数据泄露
- [ ] 【安全圈】互联网大厂主页疑似遭到篡改？
- [ ] 【安全圈】非法获取上亿条公民个人信息，一科技公司员工获刑
- [ ] 【安全圈】因健身应用轨迹，贴身保镖恐泄露美国总统位置信息
复旦白泽战队
- [ ] 盐湖城特辑｜CCS'24参会记录
极客公园
- [ ] 对话小宇宙 Kyth：AI 时代，如何重新理解播客的价值
- [ ] 81 万小米 SU7 Ultra，小订破 3680 ；苹果上新 Mac mini；比特币冲破 72000 美元 | 极客早知道
腾讯科恩实验室
- [ ] BinaryAI更新布告｜漏洞存在性分析功能上线
迪哥讲事
- [ ] CORS
LuxSci
- [ ] 12 Key Questions to Ask Before Sending HIPAA-Compliant Marketing Emails
吴鲁加
- [ ] 如果你光想，不写，那你只是“以为自己想了”
白泽安全实验室
- [ ] 美国政府悬赏1000万美元追踪黑客组织成员
安全419
- [ ] 会议观察：“可观测性+应用安全”正在加速融合
- [ ] 资料下载 | 江西“数据要素×”、自治区数据要素市场化配置改革、网络安全产业分析报告、车路云一体化...
360数字安全
- [ ] 全球头号威胁RansomHub勒索团伙再作案，墨西哥13个机场受影响
BackBox.org Blog
- [ ] BackBox Linux 9 released!
360威胁情报中心
- [ ] Confucius组织利用ADS隐藏技术的攻击活动分析
Have I Been Pwned latest breaches
- [ ] TNAFlix - 1,374,344 breached accounts
- [ ] VimeWorld - 3,118,964 breached accounts
赛博昆仑CERT
- [ ] 【复现】 Apache Solr身份认证绕过漏洞（CVE-2024-45216）风险通告
Over Security - Cybersecurity news aggregator
- [ ] Interbank confirms data breach following failed extortion, data leak
- [ ] Cyber Threat Intelligence for Autodidacts
- [ ] Circola una nuova versione di Qilin, ancora più potente
- [ ] Dossieraggio, dipendenti infedeli e mercato nero dei dati. Coinvolte anche figure dell’ACN
- [ ] Microsoft Entra "security defaults" to make MFA setup mandatory
- [ ] Chinese state-backed hackers breached 20 Canadian government networks over four years, agency warns
- [ ] Election systems remain safe from foreign meddling, CISA chief says
- [ ] UnitedHealth hires cybersecurity veteran as new CISO
- [ ] QNAP patches second zero-day exploited at Pwn2Own to get root
- [ ] The FCC’s top privacy cop on how the agency views its data protection mission
- [ ] The Cybersecurity and Infrastructure Security Agency (CISA) Reports Urgent Security Updates for Apple Products
- [ ] North Korean govt hackers linked to Play ransomware attack
- [ ] BackBox Linux 9 released!
- [ ] Android malware "FakeCall" now reroutes bank calls to attackers
- [ ] Le aziende che chiedevano a Equalize di spiare i loro dipendenti - Il Post
- [ ] Hackers steal 15,000 cloud credentials from exposed Git config files
- [ ] FBI: Upcoming U.S. general election fuel multiple fraud schemes
- [ ] Change Healthcare Breach Hits 100M Americans
- [ ] An analysis of the Keycloak authentication system
- [ ] Enhancing Cryptocurrency Investigations: Flashpoint Partners with TRM Labs
- [ ] The Karma connection in Chrome Web Store
- [ ] “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack
- [ ] North Korean hackers seen collaborating with Play ransomware group, researchers say
- [ ] Malware campaign expands its use of fake CAPTCHAs
- [ ] Strela Stealer targets Central and Southwestern Europe through Stealthy Execution via WebDAV
- [ ] Packers and Crypters in Malware and How to Remove Them
- [ ] Writing a BugSleep C2 server and detecting its traffic with Snort
- [ ] Spectre è ancora presente nei nuovi processori Intel e AMD
- [ ] VimeWorld - 3,118,964 breached accounts
- [ ] Russia’s ‘Midnight Blizzard’ hackers target government workers in novel info-stealing campaign
Securityinfo.it
- [ ] Circola una nuova versione di Qilin, ancora più potente
- [ ] Spectre è ancora presente nei nuovi processori Intel e AMD
SANS Internet Storm Center, InfoCON: green
- [ ] Scans for RDP Gateways, (Wed, Oct 30th)
- [ ] ISC Stormcast For Wednesday, October 30th, 2024 https://isc.sans.edu/podcastdetail/9202, (Wed, Oct 30th)
深信服千里目安全技术中心
- [ ] 【漏洞通告】Apache Solr 认证绕过漏洞(CVE-2024-45216)
- [ ] 【漏洞通告】CyberPanel upgrademysqlstatus接口命令执行漏洞
Posts By SpecterOps Team Members - Medium
- [ ] BOFHound: AD CS Integration
安全产品人的赛博空间
- [ ] 《2024网安市场年报》数据中有意思的地方
The Hacker News
- [ ] North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
- [ ] Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information
- [ ] Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware
- [ ] Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code
- [ ] Embarking on a Compliance Journey? Here’s How Intruder Can Help
Schneier on Security
- [ ] Simson Garfinkel on Spooky Cryptographic Action at a Distance
Security Affairs
- [ ] Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files
- [ ] Google fixed a critical vulnerability in Chrome browser
- [ ] QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024
Palo Alto Networks Blog
- [ ] Securing AI Infrastructure for a More Resilient Future
TorrentFreak
- [ ] Livehd7 Sports Piracy Network Shut Down By ACE, But Not For the First Time
- [ ] Tech Companies Flag Piracy Blocking as Threat to the Open Internet & Digital Trade
Your Open Hacker Community
- [ ] I wanna hack the audio of a prerecorded toy speaker
- [ ] Can I Capture a WPA2 Handshake with an Incorrect Password Attempt?
Computer Forensics
- [ ] Tool to determine when a PDF was created
- [ ] Arsenal: Mounting Read Only Drives
Social Engineering
- [ ] what kind of stories work well where you don't reveal the outcome, where the other person must imagine how it ends themselves?
Trend Micro Research, News and Perspectives
- [ ] Attacker Abuses Victim Resources to Reap Rewards from Titan Network
The Register - Security
- [ ] Windows Themes zero-day bug exposes users to NTLM credential theft
- [ ] Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info
- [ ] Russian spies use remote desktop protocol files in unusual mass phishing drive
- [ ] Beijing claims it's found 'underwater lighthouses' that its foes use for espionage
Deeplinks
- [ ] Sorry, Gas Companies - Parody Isn't Infringement (Even If It Creeps You Out)
- [ ] The Frightening Stakes of this Halloween’s Net Neutrality Hearing
- [ ] Triumphs, Trials, and Tangles From California's 2024 Legislative Session
- [ ] No Matter What the Bank Says, It's YOUR Money, YOUR Data, and YOUR Choice
Blackhat Library: Hacking techniques and research
- [ ] Best Ad Network for Movie Streaming Site?
Krebs on Security
- [ ] Change Healthcare Breach Hits 100M Americans
Technical Information Security Content & Discussion
- [ ] Exploiting a Blind Format String Vulnerability in Modern Binaries: A Case Study from Pwn2Own Ireland 2024
- [ ] An analysis of the Keycloak authentication system
- [ ] Paranoids’ Vulnerability Research: NetIQ iManager Security Alerts | Paranoids | Yahoo Inc.
- [ ] Using AFL++ on bug bounty programs: an example with Gnome libsoup
- [ ] Give Me the Green Light Part 2: Dirty Little Secrets
Security Weekly Podcast Network (Audio)
- [ ] Halloween, TikTok, Telcos, Win 11, Five Eyes, AWS, France, ChatGPT, and more... - SWN #426