chainreactors / picker

将repo变成RSS订阅,文章整理归档, 讨论的社区

GNU General Public License v3.0

111 stars 18 forks source link

[每日信息流] 2024-11-07 #702

Open chainreactorbot opened 2 weeks ago

chainreactorbot commented 2 weeks ago

每日安全资讯（2024-11-07）

SecWiki News
- [ ] SecWiki News 2024-11-06 Review
安全客-有思想的安全新媒体
- [ ] 5亿美元索赔！达美航空怒告Crowd Strike，网安故障谁来买单？
- [ ] 黑客攻击意大利政府核心部门
- [ ] Synology敦促修复影响数百万台NAS设备的严重零点击RCE漏洞
- [ ] 警告：LastPass 提醒用户注意在 Chrome Web Store 上使用虚假支持评论的网络钓鱼诈骗
- [ ] 黑客部署CRON#TRAP用于持久Linux系统后门
- [ ] 谨防发送有后门的 Linux 虚拟机的钓鱼电子邮件！
- [ ] 新的 Android 银行恶意软件“ToxicPanda”以欺诈性汇款为目标用户
- [ ] 德国大型药品批发商遭勒索攻击，欲扰乱超6000家药房供应
- [ ] 谷歌警告安卓系统中存在被主动利用的 CVE-2024-43093 漏洞
- [ ] 黑客泄露 30 万份《麻省理工科技评论》杂志用户记录
CXSECURITY Database RSS Feed - CXSecurity.com
- [ ] WebSenor InfoTech Sql Injection
- [ ] Vibgyor Media Info Solutions - Blind Sql Injection Vulnerability
- [ ] Vibgyor Media Info Solutions Sql Injection
- [ ] IBM Security Verify Access Appliance Insecure Transit / Hardcoded Passwords
- [ ] ESET NOD32 Antivirus 18.0.12.0 Unquoted Service Path
- [ ] SQLite3 generate_series Stack Buffer Underflow
- [ ] ABB Cylon Aspect 3.08.00 Off-By-One
Private Feed for M09Ic
- [ ] killeven starred theori-io/v8-sbx-bypass-wasm
- [ ] killeven starred hd3s5aa/CVE-2023-21674
- [ ] h3zh1 pushed to dev in chainreactors/malice-network
- [ ] wh0amitz created a repository wh0amitz/ADStrike
- [ ] mgeeky starred Mazars-Tech/AD_Miner
Doonsec's feed
- [ ] 网安众生相【三十九】安服竞争力思考，找到工作和不失业+高薪的关键是？
- [ ] 浅析Active Directory 攻击十强
- [ ] Exp-ToolsV1.3.1更新
- [ ] 【招聘】天翼云安全（国企编制）招人啦～
- [ ] 深度｜2024依赖性管理状态报告
- [ ] 语音网络钓鱼技术--FakeCall恶意软件最新功能进化
- [ ] 祝福我的“天”U0001faf0U0001faf6U0001f9e1天融信29岁生日快乐U0001f9e8U0001f9c1🥂
- [ ] 0day 挖到手软，403 到 getshell
- [ ] CISSP考试经验分享（全流程详解）
- [ ] 【数据加解密篇】利用NTFS数据流（ADS）隐写加密取证分析
- [ ] 川普当选美国总统，对中国经济的猜想
- [ ] 开源情报|国际动态|浅析特朗普当选后共和党对华政策的趋向
- [ ] “构建坚不可摧的网络防线：核心网络安全专用产品概览
- [ ] 儿童网络安全：构建安全防线
- [ ] 云安全-ECS服务攻防
- [ ] 守护密码安全
- [ ] Meta在韩国非法收集个人信息被罚216亿韩元
- [ ] 施耐德电气遭遇网络攻击，黑客竟索要 40 万根法式长棍面包
- [ ] 关注 | 事关人工智能产业发展！科技部发布2份提案答复函
- [ ] 实战 | 利用SSRF渗透内网主机-上
- [ ] 网安面试|网络安全经典题目细讲
- [ ] 建了个SRC专项漏洞知识库
- [ ] 设计安全: 安全在汽车软件开发中的重要性
- [ ] 自动驾驶汽车时代的网络安全和合规性
- [ ] 车辆被攻击和威胁到发展趋势 AUTO - ISAC
- [ ] 这实习生就离谱
- [ ] 【漏洞预警】Google Chrome Serial释放后重用漏洞（CVE-2024-10827）
- [ ] 喜讯 | 全国首个！中国信息通信研究院在江苏启动“电池产品数字护照（B-DPP）建设工程”项目
- [ ] 江苏省工业互联网一体化进园区“百城千园行”活动在无锡举办
- [ ] 首批大模型系统安全能力验证结果发布
- [ ] 【竞赛】2024Dozer新生赛考核
- [ ] 记一次应急记录
- [ ] 论坛·原创 | 打击网络犯罪国际刑事司法协助基本原则的传承与发展
- [ ] 专题·勒索软件治理 | 2023年国内企业勒索病毒攻击态势分析
- [ ] 聚焦 | 无界BOUNDLESS·数织未来AI同行——2024 TechWorld绿盟科技智慧安全大会圆满召开
- [ ] 专家观点 | 加快构建适应人工智能产业发展的制度环境
- [ ] 行业 | 宝兰德推出MCP中间件统一管理平台：赋能信创生态，引领高效运维新时代
- [ ] 评论 | 给刷脸支付戴上法治“紧箍咒”
- [ ] Ollama AI模型发现六大漏洞，能导致DoS攻击、模型中毒
- [ ] 企业src意外之喜系列第五集（小米src）
- [ ] 中国软件评测中心工会组织观看爱国主义教育片《志愿军》
- [ ] 乐享兴趣，悦享生活——赛迪研究院兴趣小组2024年度活动集锦
- [ ] iPhone 定位记录「重要地点」有多危险？
- [ ] 教你一招，1秒精准通过IP定位别人位置！
- [ ] 你的手机为什么定位误差很大，只需要设置一下几点
- [ ] 网鼎杯 2024 Writeup
- [ ] 房东直卖-北七家3居变4居,理想楼层朝向户型,精装修!
- [ ] 宣布了！特朗普赢得大选！会如何影响我们？
Security Boulevard
- [ ] Protecting privacy without hurting RAG performance
- [ ] Optimizing efficiency and reducing waste in open source software management
- [ ] Google Cloud: MFA Will Be Mandatory for All Users in 2025
- [ ] DEF CON 32 – Your AI Assistant Has A Big Mouth: A New Side Channel Attack
- [ ] MixMode Observes Increase in Threat Actor Activity Supporting CISA’s Heightened Election Security Concerns
- [ ] Beyond Secrets Managers: 5 Alternatives for Securing Non-Human Identities
- [ ] Daniel Stori’s Turnoff.US: ‘Stranger Things – In The Sysadmin’s World’
- [ ] BTS #41 – Pacific Rim
- [ ] Schneider Electric Confirms Ransom Hack — Hellcat Demands French Bread as ‘Joke’
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- [ ] Pwn2Own 上白帽黑客连续第四次突破百万美元奖金大关
- [ ] 诺基亚就黑客声称窃取源代码事件展开调查
- [ ] “廿”念不忘，“新”之所向｜“第二十届数字金融联合宣传年智享2024特别活动”正式启动
- [ ] 2024年Q3企业邮箱安全性研究报告：钓鱼邮件攻击同比上涨102.3%
- [ ] Check Point Research 揭露2024 年第三季度品牌网络钓鱼趋势
Files ≈ Packet Storm
- [ ] Gentoo Linux Security Advisory 202411-05
- [ ] Gentoo Linux Security Advisory 202411-04
- [ ] Gentoo Linux Security Advisory 202411-03
- [ ] Gentoo Linux Security Advisory 202411-02
- [ ] Ubuntu Security Notice USN-7088-3
- [ ] Gentoo Linux Security Advisory 202411-01
- [ ] Ubuntu Security Notice USN-7093-1
- [ ] Debian Security Advisory 5803-1
- [ ] Red Hat Security Advisory 2024-8935-03
- [ ] Red Hat Security Advisory 2024-8929-03
- [ ] Red Hat Security Advisory 2024-8928-03
- [ ] Red Hat Security Advisory 2024-8922-03
- [ ] Red Hat Security Advisory 2024-8914-03
- [ ] Red Hat Security Advisory 2024-8906-03
- [ ] Red Hat Security Advisory 2024-8686-03
- [ ] Red Hat Security Advisory 2024-8683-03
- [ ] Red Hat Security Advisory 2024-5013-03
- [ ] Ubuntu Security Notice USN-7092-1
Recent Commits to cve:main
- [ ] Update Wed Nov 6 22:30:11 UTC 2024
- [ ] Update Wed Nov 6 14:25:52 UTC 2024
- [ ] Update Wed Nov 6 06:33:42 UTC 2024
obaby@mars
- [ ] 半夜“机”叫
奇安信攻防社区
- [ ] CVE-2023-41362 mybb模板注入漏洞分析
Securelist
- [ ] New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency
Reverse Engineering
- [ ] Ghidra 11.2.1 has been released!
- [ ] VEILDrive: How Attackers are Using Microsoft OneDrive & Teams for C2, Bypassing Top EDRs with Simple Java Malware
- [ ] Why were Inky and Sue's AI not updated for Ms. Pac-Man? [YouTube]
FreeBuf网络安全行业门户
- [ ] FreeBuf早报 | 攻击施耐德的黑客索要40万根法式长棍；德国计划将白帽黑客行为合法化
- [ ] Ollama AI模型发现六大漏洞，能导致DoS攻击、模型中毒
- [ ] 这家网络安全公司要背时！黑客300美元出手重大安全研究项目的访问权
rtl-sdr.com
- [ ] Using a HackRF and JavaScript Browser App to Perform Rolljam Replay Attacks on a Car
- [ ] Paper on Building a Low Cost RTL-SDR Based Hydrogen Line Radio Telescope
安全牛
- [ ] 供应链安全案例研究 | 金融行业安全开发场景的供应链安全建设
- [ ] 《终端计算机通用安全技术规范》等3项网络安全国家标准获批发布；施耐德电气开发平台遭入侵，40GB敏感数据恐遭泄露 | 牛览
Malwarebytes
- [ ] 8 security tips for small businesses
- [ ] Update your Android: Google patches two zero-day vulnerabilities
daniel.haxx.se
- [ ] curl 8.11.0
绿盟科技技术博客
- [ ] 绿盟科技威胁周报（2024.10.28-2024.11.03）
- [ ] 逆向工程中面对除法优化的经验结论
黑海洋 - WIKI
- [ ] 开源的文字修仙游戏
奇客Solidot–传递最新科技情报
- [ ] 猫脑的衰老与人类相似
- [ ] 早期黑洞吞噬物质速率超过理论上限的 40 倍
- [ ] 积极锻炼无法抵消久坐的不良后果
- [ ] GIMP 3.0 RC1 开始测试
- [ ] 世界第一颗木制卫星发射升空
- [ ] Google 收到了逾百亿 DMCA 删除请求
- [ ] Mozilla 基金会裁员 30%，关闭倡导和全球项目部门
- [ ] AMD 数据中心业务首次超过英特尔
安全客
- [ ] 警惕！新型安卓银行恶意软件正威胁你的银行账户！
威努特安全网络
- [ ] 筑牢高铁供电安全防线：威努特深度工控防护综合解决方案
代码卫士
- [ ] 谷歌修复已遭利用的两个安卓 0day 漏洞
- [ ] Synology：速修复零点击RCE漏洞，影响数百万 NAS 设备
吾爱破解论坛
- [ ] 【开放注册公告】吾爱破解论坛2024年11月11日光棍节开放注册公告
白帽100安全攻防实验室
- [ ] 强网杯 2024 By W&M
腾讯玄武实验室
- [ ] 每日安全动态推送(24/11/6)
看雪学苑
- [ ] SDC2024 议题回顾 | 工控系统供应链攻击大揭秘
- [ ] 全是干货！2024 vivo千镜安全实验室技术沙龙报名开启
- [ ] Ollama AI框架发现严重漏洞，可能导致 DoS、模型盗窃和中毒
- [ ] 预付全款！看雪课程讲师招募中
dotNet安全矩阵
- [ ] .NET 一款模拟 rundll32 执行DLL的工具
- [ ] .NET 内网攻防实战电子报刊
- [ ] .NET 10月红队武器库18款工具汇总
丁爸情报分析师的工具箱
- [ ] 【AI速读】应用建模技术和数据分析：分析方法和工具
- [ ] 【AI速读】达成共识：工具和技巧
安全内参
- [ ] 施耐德电气遭数据勒索：开发平台访问凭证暴露 40GB数据失窃
- [ ] 数据是安全新边界！美国政府发布《联邦零信任数据安全指南》
数世咨询
- [ ] 威胁狩猎工作原理分步指南
- [ ] 2024 TechWorld | 邬江兴院士：如何让AI应用系统安全向善
补天平台
- [ ] 第五期 | 冲刺年度榜单！补天校园GROW计划2024年最后一期~
代码审计SDL
- [ ] fortify sca rules分析
黑奇士
- [ ] 真实评测计划：入手红米turbo3，大强度试用一个月，告诉你真正的使用感受
信息安全国家工程研究中心
- [ ] 《终端计算机通用安全技术规范》等3项网络安全国家标准获批发布
安全圈
- [ ] 【安全圈】Ollama AI模型发现六大漏洞，能导致DoS攻击、模型中毒
- [ ] 【安全圈】德国大型药品批发商遭勒索攻击，欲扰乱超6000家药房供应
- [ ] 【安全圈】黑客攻击意大利政府核心部门
- [ ] 【安全圈】谷歌在Gemini对话AI机器人中增加盲文本水印可以用来检测内容由AI生成
字节跳动技术团队
- [ ] 字节最新单图视频驱动成果X-Portrait 2：一键生成相同表情神态，效果逼真
山石网科安全技术研究院
- [ ] 2024年第八届强网杯初赛 WP
绿盟科技研究通讯
- [ ] 【公益译文】对抗式机器学习攻击与缓解措施分类及术语（下）
国家互联网应急中心CNCERT
- [ ] 网络安全信息与动态周报2024年第44期（10月28日-11月3日）
ChaMd5安全团队
- [ ] 2024第四届“网鼎杯”朱雀组 writeup
迪哥讲事
- [ ] 实战 | 利用SSRF渗透内网主机-上
嘶吼专业版
- [ ] 诺基亚就黑客声称窃取源代码事件展开调查
- [ ] Pwn2Own 上白帽黑客连续第四次突破百万美元奖金大关
Over Security - Cybersecurity news aggregator
- [ ] Hackers increasingly use Winos4.0 post-exploitation kit in attacks
- [ ] Microsoft Notepad to get AI-powered rewriting tool on Windows 11
- [ ] Cisco bug lets hackers run commands as root on UWRB access points
- [ ] Outages impact Washington state courts after ‘unauthorized activity’ detected on network
- [ ] New SteelFox malware hijacks Windows PCs using vulnerable driver
- [ ] Washington courts' systems offline following weekend cyberattack
- [ ] SelectBlinds says 200,000 customers impacted after hackers embed malware on site
- [ ] Google Fixes Critical Zero-Day Vulnerabilities in Latest Android Security Update
- [ ] Niente sospensione per Piracy Shield, il punto di vista di Giomi
- [ ] Germany drafts law to protect researchers who find security flaws
- [ ] 8 Reasons You Need Cyber Threat Intelligence for Your Organization
- [ ] UK orders Chinese owners to relinquish control of Scottish semiconductor business
- [ ] BforeAI Recognized in Gartner® Cool Vendors™ for AI and GenAI in Banking & Investment Services, 2024
- [ ] Major Ukrainian university bans Telegram to reduce cyberthreats
- [ ] Cyberattack disables tracking systems and panic alarms on British prison vans
- [ ] GodFather Malware Expands Its Reach, Targeting 500 Banking And Crypto Applications Worldwide
- [ ] New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency
- [ ] Jumpy Pisces sta collaborando col gruppo ransomware Play
- [ ] Release Notes: TI Lookup Notifications, Upgraded Linux Sandbox, STIX Reports, and More
- [ ] Top US cyber official says 'no evidence of malicious activity' impacting election
360数字安全
- [ ] 正式发布！360深度参编终端安全国家标准
ICT Security Magazine
- [ ] Dataspace e protezione delle infrastrutture critiche: come migliorare la resilienza dei sistemi energetici attraverso la condivisione dei dati
Schneier on Security
- [ ] IoT Devices in Password-Spraying Botnet
火绒安全
- [ ] 星火之势，绒聚成辰：火绒安全首次渠道拓展大会顺利收官
- [ ] 火绒安全终端防护数据月报（2024-10）
极客公园
- [ ] 特朗普胜出成定局，美国大选如何撕裂整个硅谷科技圈？
- [ ] 雷军透露考虑办驾校；特斯拉否认任命品牌大使；Meta AR 眼镜前负责人加入 OpenAI | 极客早知道
The Hacker News
- [ ] VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware
- [ ] Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps
- [ ] 9 Steps to Get CTEM on Your 2025 Budgetary Radar
- [ ] INTERPOL Disrupts Over 22,000 Malicious Servers in Global Crackdown on Cybercrime
- [ ] South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers
- [ ] Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users
The Register - Security
- [ ] Cybercrooks are targeting Bengal cat lovers in Australia for some reason
- [ ] Operation Synergia II sees Interpol swoop on global cyber crims
- [ ] Cyberattackers stole Microlise staff data following DHL, Serco disruption
- [ ] China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks
- [ ] Scumbag puts 'stolen' Nokia source code, SSH and RSA keys, more up for sale
TorrentFreak
- [ ] IPTV Piracy Blocking at the Internet’s Core Routers Undergoes Testing
Palo Alto Networks Blog
- [ ] Shaking Up Security — The Power of AI-Native SOCs
NetSPI
- [ ] Clarifying CAASM vs EASM and Related Security Solutions
- [ ] Filling up the DagBag: Privilege Escalation in Google Cloud Composer
Deeplinks
- [ ] The 2024 U.S. Election is Over. EFF is Ready for What's Next.
netsecstudents: Subreddit for students studying Network Security and its related subjects
- [ ] Exploiting CORS reflected origin when Auth token is set by another domain
- [ ] Fortinet FCP_FGT_AD-7.4: The Key to High-Paying Job Roles
Security Affairs
- [ ] INTERPOL: Operation Synergia II disrupted +22,000 malicious IPs
- [ ] Memorial Hospital and Manor suffered a ransomware attack
- [ ] South Korea fined Meta $15.67M for illegally collecting and sharing Facebook users
- [ ] Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices
Instapaper: Unread
- [ ] Scoperta a Milano una centrale di dossieraggio
- [ ] Securing the modern Mac an overview
- [ ] Interpol disrupts cybercrime activity on 22,000 IP addresses, arrests 41
- [ ] Decoding Anti-Virus Detection Names For Malware Analysts
- [ ] Hackers Created 100+ Fake Web Stores To Steal Millions Of Dollars
- [ ] Beyond VPNs and Botnets Understanding the Danger of ORB Networks
Technical Information Security Content & Discussion
- [ ] Hacking 700 Million Electronic Arts Accounts
- [ ] Breaking Down Multipart Parsers: File upload validation bypass
- [ ] Upcoming hardening in PHP
Deep Web
- [ ] como les ha ido?
- [ ] Anon VM
Securityinfo.it
- [ ] Niente sospensione per Piracy Shield, il punto di vista di Giomi
- [ ] Jumpy Pisces sta collaborando col gruppo ransomware Play
Social Engineering
- [ ] How do you deal with aggressive entitled narcissists who stop at nothing, and the law does nothing?
SANS Internet Storm Center, InfoCON: green
- [ ] [Guest Diary] Insights from August Web Traffic Surge, (Wed, Nov 6th)
- [ ] ISC Stormcast For Wednesday, November 6th, 2024 https://isc.sans.edu/podcastdetail/9210, (Wed, Nov 6th)
Information Security
- [ ] Open-Source Database anonymization tool release. Greenmask v0.2.1
- [ ] Where do I see myself in the future?
- [ ] Top 5 Industries Experiencing a Surge in Cybersecurity Technician Demand
- [ ] Think big cybersecurity is protecting you? Think again.
Computer Forensics
- [ ] Is there is a way to check if files from usb has been copied to other devices?
- [ ] Bitlocker on external hard drive
- [ ] CHFI v11 exam prep
Security Weekly Podcast Network (Audio)
- [ ] Tariffs, Pygmy Goat, Schneider, SQLite, Deepfakes, Military AI, Josh Marpet... - SWN #428