[每日信息流] 2024-08-05

[ruohong2018]

每日安全资讯（2024-08-05）

• Security Boulevard
  • USENIX Security ’23 – NeuroPots: Realtime Proactive Defense against Bit-Flip Attacks in Neural Networks
• CXSECURITY Database RSS Feed - CXSecurity.com
  • Devika v1 Path Traversal via snapshot_path
  • Tourism Management System v2.0 - Cross Site Scripting (XSS)
  • Computer Laboratory Management System v1.0 - Incorrect access control
• Twitter @Nicolas Krassas
  • Surge in Magniber ransomware attacks impact home users worldwide https://www.bleepingcomputer.com/news/security/surge-in-magniber-ransomware-attacks-i...
  • Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach https://securityaffairs.com/166539/data-breach/perso...
  • DataComp-LM (DCLM) is a comprehensive framework designed for building and training large language models (LLMs) with diverse datasets https://github.c...
  • Repo Jacking against Composer and Terraform Registries https://www.reddit.com/r/netsec/comments/1egj1dx/repo_jacking_against_composer_and_terraform/
  • HTB: IClean https://0xdf.gitlab.io/2024/08/03/htb-iclean.html
  • Linux kernel impacted by new SLUBStick cross-cache attack https://www.bleepingcomputer.com/news/security/linux-kernel-impacted-by-new-slubstick-cross-...
  • Reverse engineering the 59-pound printer onboard the Space Shuttle http://www.righto.com/2024/08/space-shuttle-interim-teleprinter.html
  • Hackers breach ISP to poison software updates with malware https://www.bleepingcomputer.com/news/security/hackers-breach-isp-to-poison-software-update...
  • teler-waf: comprehensive security solution for Go-based web applications https://meterpreter.org/teler-waf-comprehensive-security-solution-for-go-base...
  • Storm-1152’s CAPTCHA Bypass Operation Foiled by Microsoft https://securityonline.info/storm-1152s-captcha-bypass-operation-foiled-by-microsoft/
  • Secret Magpie: scan for leaked secrets in ALL of their repos https://meterpreter.org/secret-magpie-scan-for-leaked-secrets-in-all-of-their-repos/
• SecWiki News
  • SecWiki News 2024-08-04 Review
• ArthurChiao's Blog
  • 大模型 RAG 基础：信息检索、文本向量化及 BGE-M3 embedding 实践（2024）
• unSafe.sh - 不安全
  • Chinese StormBamboo APT compromised ISP to deliver malware
  • Surge in Magniber ransomware attacks impact home users worldwide
  • The Ethics of Local LLMs: Responding to Zuckerberg's "Open Source AI Manifesto"
  • USENIX Security ’23 – NeuroPots: Realtime Proactive Defense against Bit-Flip Attacks in Neural Networks
  • Cypherpunks Write Code: Pertsev, Semenov, Storm, and Tornado Cash
  • A Simplified Guide for the"Dockerazition" of Ruby and Rails With React Front-End App
  • Obs163｜Yanki外掛製作Anki 克漏字(Cloze)閃卡技巧，同場加映翏央填空模板
  • 七月 Notion 动态：中文版或将上线、AI 功能迎来更新
  • Step-by-Step Guide to Publishing Your First Python Package on PyPI Using Poetry: Lessons Learned
• Recent Commits to cve:main
  • Update Sun Aug 4 22:38:50 UTC 2024
  • Update Sun Aug 4 14:33:37 UTC 2024
  • Update Sun Aug 4 06:31:18 UTC 2024
• MaskRay
  • lld 19 ELF changes
• Exploit-DB.com RSS Feed
  • [webapps] Devika v1 - Path Traversal via 'snapshot_path'
  • [local] Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path
  • [local] SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path
  • [local] Oracle Database 12c Release 1 - Unquoted Service Path
  • [webapps] Ivanti vADC 9.9 - Authentication Bypass
• Dhole Moments
  • Against XMPP+OMEMO
• 黑海洋 - WIKI
  • 应急响应--Linux入侵检查思路及防御
• dotNet安全矩阵
  • .NET内网实战：模拟Installer关闭Defender
  • .NET 安全攻防知识交流社区
  • .NET 安全代码审计电子专刊
  • .NET 内网攻防实战电子报刊
• 奇客Solidot–传递最新科技情报
  • 洛杉矶基本收入实验公布结果
  • 黑客入侵 ISP 发动中间人攻击
• 奇安信威胁情报中心
  • 近期值得关注的IOC（2024-08-04）
• 丁爸 情报分析师的工具箱
  • 【论文】反射控制———一个信息操纵理论的形成、发展与应用研究
  • 【反恐】2024年7月全球恐怖主义事件汇总
• 情报分析师
  • 美国正在为即将到来的高科技战争做准备（第一部分）
  • 美国正在为即将到来的高科技战争做准备（第二部分）
  • 美国正在为即将到来的高科技战争做准备（第三部分）
• 极客公园
  • 谷歌+始祖鸟，造出世界上第一条动力裤，3万块还卖爆了？
  • 苹果发布会或定档 9 月 10 日；巴菲特狂卖 880 亿美元苹果股票；吉利银河 E5 上市，10.98 万元起 | 极客早知道
• Over Security - Cybersecurity news aggregator
  • Surge in Magniber ransomware attacks impact home users worldwide
• SANS Internet Storm Center, InfoCON: green
  • OOXML Spreadsheets Protected By Verifier Hashes, (Sat, Aug 3rd)
• DEF CON Announcements!
  • DEF CON Hotline!
• Full Disclosure
  • Blind SQL Injection - dolphinv7.4.2.
• Instapaper: Unread
  • Loss of popular 2FA tool puts security-minded GrapheneOS in a paradox
  • Hackers breach ISP to poison software updates with malware
  • BunkerWeb The Next-Generation Open-Source Web Application Firewall
  • Cybercrime hai ricevuto un MMS Forse è già troppo tardi
• Trend Micro Research, News and Perspectives
  • Bringing Security Back into Balance
• Deep Web
  • What crosses the line as illegal on the deep web
• Security Affairs
  • Chinese StormBamboo APT compromised ISP to deliver malware
  • Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach
  • Security Affairs Malware Newsletter – Round 5
  • Security Affairs newsletter Round 483 by Pierluigi Paganini – INTERNATIONAL EDITION
• Information Security
  • Entry-level Job opportunities in Cybersecurity (GRC)
• Blackhat Library: Hacking techniques and research
  • In Need of mentor
  • Can you extrapolate the code from a device and
• 吴鲁加
  • Duolingo 如何重新点燃用户增长
• Your Open Hacker Community
  • Can't get disassembled code to look right
  • Sql Injection - reflective value(s) found and filtering out
  • How do I bypass mobile network throttling (read desc)
  • Is it possible to hack some apps?
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • So you want to make a career in low-level exploitation? The tragedy of low-level exploitation
  • Help with ISO27005/risk assessment..?
  • Getting knowledge to get into cybersecurity
• Computer Forensics
  • Computer Archeology: Exploring the Anatomy of an MS-DOS Virus
• TorrentFreak
  • Taking Pirated Copies Offline Can Benefit Book Sales, Research Finds
• 航行笔记
  • 21岁郑钦文奥运夺冠的一些启发
• 迪哥讲事
  • 接口文档下的渗透测试