issues
search
ruohong2018
/
ruohong2018.github.io
GNU General Public License v3.0
29
stars
3
forks
source link
[每日信息流] 2024-08-06
#542
Open
ruohong2018
opened
1 month ago
ruohong2018
commented
1 month ago
每日安全资讯(2024-08-06)
Twitter @Nicolas Krassas
Announcing http://SecTemplates.com release #4: Vulnerability Management Program Release Pack 1.0 https://www.cgisecurity.com/2024/08/sectemplatescom-r...
Keytronic reports losses of over $17 million after ransomware attack https://www.bleepingcomputer.com/news/security/keytronic-reports-losses-of-over-1...
North Korean hackers exploit VPN update flaw to install malware https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-vpn-update...
332 Million Email Addresses Scraped from http://SOCRadar.io Published Online https://hackread.com/332-million-email-addresses-scraped-from-socradar-io...
Researchers warn of a new critical Apache OFBiz flaw https://securityaffairs.com/166612/hacking/critical-apache-ofbiz-flaw.html
Home users increasingly targeted by global Magniber ransomware campaign https://www.scmagazine.com/brief/home-users-increasingly-targeted-by-global-ma...
Misconfigured databases leak 4.6M Illinois election records https://www.scmagazine.com/brief/misconfigured-databases-leak-4-6m-illinois-election-recor...
BianLian contacts Sable International customers following attack https://www.scmagazine.com/brief/bianlian-contacts-sable-international-customers-foll...
5th August – Threat Intelligence Report https://research.checkpoint.com/2024/5th-august-threat-intelligence-report/
New LianSpy malware hides by blocking Android security feature https://www.bleepingcomputer.com/news/security/new-lianspy-malware-hides-by-blocking-an...
Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets https://go.theregister.com/feed/www.theregister.com/2024/08/05/snakekey...
Extracting Managed Identity Certificates from the Azure Arc Service https://www.netspi.com/blog/technical-blog/cloud-pentesting/extracting-managed-ide...
Apple Unveils Homomorphic Encryption Package for Secure Cloud Computing https://hackread.com/apple-homomorphic-encryption-secure-cloud-computing/
Kazakh Organizations Targeted by 'Bloody Wolf' Cyber Attacks https://thehackernews.com/2024/08/kazakh-organizations-targeted-by-bloody.html
Researchers Uncover Flaws in Windows Smart App Control and SmartScreen https://thehackernews.com/2024/08/researchers-uncover-flaws-in-windows.html
Cloud cryptography demystified: Google Cloud Platform https://blog.trailofbits.com/2024/08/05/cloud-cryptography-demystified-google-cloud-platform/
Keytronic incurred approximately $17 million of expenses following ransomware attack https://securityaffairs.com/166595/data-breach/keytronic-lost-rev...
CrowdStrike unhappy about Delta's 'litigation threat,' claims airline refused 'free on-site help' https://go.theregister.com/feed/www.theregister.com/...
Russia's 'Fighting Ursa' APT Uses Car Ads to Install HeadLace Malware https://www.darkreading.com/threat-intelligence/russia-fighting-ursa-apt-car-ads...
RT 0xBB: Just a brief article showing how easy it is to figure out where the canary files are kept on systems using Cortex XDR and how to avoid them. ...
Tenable Blog
Your Exposure Ends Here: Introducing the New Tenable Brand
Turning Data into Action: Intelligence-Driven Vulnerability Management
Files ≈ Packet Storm
Debian Security Advisory 5737-1
Ubuntu Security Notice USN-6944-1
Linux DRM drm_file_update_pid() Race Condition / Use-After-Free
Online Shopping Portal Project 2.0 SQL Injection
Dolphin 7.4.2 Blind SQL Injection
Ivanti ADC 9.9 Authentication Bypass
Genexus Protection Server 9.7.2.10 Unquoted Service Path
Devika 1 Path Traversal
Debian Security Advisory 5736-1
e107 2.3.3 Cross Site Scripting
Codeprojects E-Commerce 1.0 Insecure Settings
Ubuntu Security Notice USN-6895-4
Blog Site 1.0 SQL Injection
Best Courier Management System 1.0 SQL Injection
Appointment Scheduler 4.0 Insecure Direct Object Reference
Recent Commits to cve:main
Update Mon Aug 5 14:33:11 UTC 2024
Update Mon Aug 5 06:16:32 UTC 2024
ElcomSoft blog
Maximizing Disk Imaging Speeds
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
球队的暗战:揭露美国职业体育运动的间谍黑幕
身边的窃听门 | 生活会欺骗你,录音笔也会
产学研集聚ISC人工智能安全趋势发展论坛,共探大模型安全生态
ISC.AI 2024:360携手共青团发布数字安全科技人才激励计划
安全动态回顾 | ISC.AI2024第十二届互联网安全大会在京开幕 DigiCert将推迟关键基础设施证书撤销
安全客-有思想的安全新媒体
黑客用《我的世界》DDoS工具攻击未正确配置的Jupyter笔记本服务器
CISA 警告:Avtech 摄像机漏洞在野外被积极利用
Mirai 僵尸网络利用 OFBiz 服务器中存在的路径遍历漏洞进行传播
新型 Windows 后门 BITSLOTH 利用 BITS 进行隐蔽通信
网络犯罪分子滥用Cloudflare隧道以逃避检测并传播恶意软件
财富50强公司支付创纪录的7500万美元勒索软件要求
迪士尼、耐克、IBM 签名每天锚定 300万封假电子邮件
利用 NIST 网络安全框架实现身份连续性
黑客试图出售 4 月份数据泄露的 30 亿人的个人数据
ISC.AI创新沙盒大赛:数字安全、AI应用、高校新星创新赛道百花齐放
Security Boulevard
MSN: Russia takes aim at Sitting Ducks domains, bags 30,000+
Human vs AI Agents in Cybersecurity: Who Should Guard Your Data?
USENIX Security ’23 – Gradient Obfuscation Gives a False Sense of Security in Federated Learning
How Using a VPN May Benefit Your Privacy
Randall Munroe’s XKCD ‘Exam Numbers’
TikTok Abuses Kids, say DoJ and FTC
Black Hat Fireside Chat: Token’s wearable MFA solution combines PKI, biometrics — in a ring
National Public Data Sued for Hack that Exposed Data of 2.9 Billion People
USENIX Security ’23 – FedVal: Different Good Or Different Bad In Federated Learning
Forcepoint
Keep Your Data Safe with This PII Compliance Checklist
SpiderLabs Blog
Sentinels of Ex Machina: Defending AI Architectures
Reverse Engineering
/r/ReverseEngineering's Weekly Questions Thread
VMRay
Malware goes undetected by hiding malicious code in uncommon MS Access format
Blogs dade
Weekly Retro 2024-W31
梧桐雨blog
密码保护:广东通信杯的一些记录
SentinelOne
PinnacleOne ExecBrief | The Escalation of Nation-State Sabotage and Its Implications for the Private Sector
Reusable Security
Tutorial for CMIYC2024: Registering a Team and Cracking Test Hashes
Microsoft Security Response Center
Microsoft Bounty Program Year in Review: $16.6M in Rewards
Trail of Bits Blog
Cloud cryptography demystified: Google Cloud Platform
FreeBuf网络安全行业门户
FreeBuf知识大陆APP入驻华为应用市场
FreeBuf早报 | CrowdStrike拒为企业损失买单;黑客可用HDMI线捕获用户密码
俄APT组织利用虚假汽车销售广告传播HeadLace后门
攻击者正滥用Cloudflare隧道传播恶意软件并逃避检测
因办公应用程序导致大规模数据泄露!涉及戴尔、AT&T、大通银行等900家公司
2024年攻防演练:您有一封《高温补贴》邮件待查收…
rtl-sdr.com
Using the RTL-SDR Blog V3 as a DVB-T Receiver in OpenPli Enigma2
Tech Minds: A Beginners Guide to the Radioberry HF SDR Transceiver Pi Hat
安全牛
荣耀时刻!海云安斩获ISC.AI 2024创新独角兽沙盒大赛AI应用创新赛道十强奖
HackerNews
因办公应用程序导致大规模数据泄露!涉及戴尔、AT&T、大通银行等 900 家公司
攻击者正滥用 Cloudflare 隧道传播恶意软件并逃避检测
俄 APT 组织利用虚假汽车销售广告传播 HeadLace 后门
Sitting Ducks 攻击,超过 35000 个域名被劫持
新的 Windows 后门 BITSLOTH 利用 BITS 进行隐秘通信
以色列黑客组织 WeRedEvils 宣称其摧毁了伊朗互联网
Linux 内核受到新的 SLUBStick 跨缓存攻击的影响
黑客入侵 ISP 并利用恶意软件攻击软件更新
30 亿人信息遭泄露,黑客定价为 350 万美元
奇客Solidot–传递最新科技情报
CrowdStrike 称达美取消航班不应该怪罪于它
MySpace 诞生 21 年
孟加拉国再次断网
科学家识别太空肌肉萎缩症相关的基因
物理学家称流言像核裂变一样传播
Stack Overflow 的调查显示程序员并不担心 AI
雷神众测
雷神众测漏洞周报2024.07.29-2024.08.04
dotNet安全矩阵
.NET 一款解密CryptoObfuscator混淆的工具
2024hvv | 18套.NET系统漏洞威胁情报(08.06更新)
.NET 内网攻防实战电子报刊
.NET 反序列化加载哥斯拉内存马的工具
2024hvv | 17套.NET系统漏洞威胁情报(08.05更新)
.NET内网实战:模拟Installer关闭Defender
安全内参
近30亿人个人数据遭暗网售卖,这家公司被起诉
印度银行业发生重大勒索事件,近300家银行业务瘫痪
安全分析与研究
某黑产最新免杀攻击样本详细分析
慢雾科技
「区块链黑暗森林自救手册」印尼文版正式发布
代码卫士
Linux 内核受新的SLUBStick 跨缓存攻击影响
【已复现】Apache OFBiz 授权不当致代码执行漏洞(CVE-2024-38856)安全风险通告
代码审计SDL
MinerU 介绍
关键基础设施安全应急响应中心
关键基础设施安全资讯周报20240805期
再创新高!美国医疗IT巨头因勒索攻击预计损失超170亿元
全球最大白银生产商Fresnillo遭遇网络攻击
黑奇士
松绑“仅退款”,疏远用户,淘天真和商家站在一起了吗?
补天平台
【六六大顺】专属SRC联合活动
极客公园
当全世界都说要造机器人,迪士尼笑了
马斯克:完成第二例脑机芯片植入;OpenAI 正研发文本水印工具;苹果 AI 延迟不会影响 iPhone 16 发布|极客早知道
情报分析师
不只是信息,更是深度分析
S.A.L.U.T.E 情报报告法在情报行动中的重要性
中国信息安全
全球视野 | 国际网安快讯(第22期)
前沿 | 智能网联汽车网络安全事件分析溯源挑战与思考
评论 | 铸造保护个人隐私新利器
国际 | 美欧加快人工智能监管合作
评论 | 清朗网络也是优化营商环境
盘点 | 中国互联网联合辟谣平台2024年7月辟谣榜
关注 | 2024年7月全国受理网络违法和不良信息举报1904.1万件
数世咨询
揭秘软件开发中的安全盲点:三分之一开发者对安全实践知之甚少
CNCERT国家工程研究中心
CNCERT国家工程研究中心安全资讯周报20240805期
打破纪录!某财富50强公司向勒索组织支付5.4亿元赎金
Sitting Ducks攻击,超过35000个域名被劫持!
嘶吼专业版
新的 Specula 工具利用 Outlook 在 Windows 中执行远程代码
安全动态回顾 | ISC.AI2024第十二届互联网安全大会在京开幕 DigiCert将推迟关键基础设施证书撤销
CNVD漏洞平台
CNVD漏洞周报2024年第31期
上周关注度较高的产品安全漏洞(20240729-20240804)
安全牛
2项网络/数据安全国家标准公开征求意见;三六零控股股东解散清算,周鸿祎成为第一大股东 | 牛览
安全红队和MDR之间的关键联系
Over Security - Cybersecurity news aggregator
Google fixes Android kernel zero-day exploited in targeted attacks
Microsoft Azure outage takes down services across North America
Ransomware gang targets IT workers with new SharpRhino malware
CrowdStrike vows to ‘respond aggressively’ to Delta litigation
Singapore police wrest back $41 million stolen from commodities firm in BEC scam
Cyber training organization pledges $15 million in education programs
Crowdstrike: Delta Air Lines refused free help to resolve IT outage
Low-Drama ‘Dark Angels’ Reap Record Ransoms
Windows Smart App Control, SmartScreen bypass exploited since 2018
New Android spyware is tracking Russian victims, researchers say
North Korean hackers exploit VPN update flaw to install malware
Keytronic reports losses of over $17 million after ransomware attack
Cyberattack cost more than $17 million, Key Tronic tells regulators
New LianSpy malware hides by blocking Android security feature
European Commission forces TikTok rewards program to shut down on the continent
Ukrainian police detain man who offered services to Russian intelligence on darknet
Countdown is on: Last chance for discount registration at Mandiant’s mWISE 2024
Chameleon is now targeting employees: Masquerading as a CRM app
Replacement for Action Fraud, UK’s cybercrime reporting service, delayed again until 2025
Le telecomunicazioni sono i bersagli principali dei cyberattacchi
Ryan Pentney reflects on 10 years of Talos and his many roles from the Sourcefire days
SaferCheckout: Fraud prevention plugin for WooCommerce stores.
LianSpy: new Android spyware targeting Russian users
Ransomware: i successi di Dark Angel incoraggiano il ‘Big Game Hunting’
CERT-AGID 27 luglio – 2 agosto: 47 campagne malevole e il databreach ai danni di Multiplayer.it
Securityinfo.it
Le telecomunicazioni sono i bersagli principali dei cyberattacchi
Ransomware: i successi di Dark Angel incoraggiano il ‘Big Game Hunting’
CERT-AGID 27 luglio – 2 agosto: 47 campagne malevole e il databreach ai danni di Multiplayer.it
Beacon Tower Lab
【0805】重保演习每日情报汇总
RainSec
Firefly-SRC资产探测平台新版更新
奇安信 CERT
【已复现】Apache OFBiz 授权不当致代码执行漏洞(CVE-2024-38856)安全风险通告
安全热点周报:本周新增四个在野利用漏洞,企业安全面临新威胁
Qualys Security Blog
De-risk Generative AI: Enterprise TruRisk Platform Advances to Secure AI and LLM Workloads
Schneier on Security
New Patent Application for Car-to-Car Surveillance
Unsupervised Learning
UL NO. 444: Pizza Meter Intelligence, China Bypasses Bans, Securing AWS Secrets…
Securelist
LianSpy: new Android spyware targeting Russian users
SANS Internet Storm Center, InfoCON: green
Script obfuscation using multiple instances of the same function, (Mon, Aug 5th)
ISC Stormcast For Monday, August 5th, 2024 https://isc.sans.edu/podcastdetail/9082, (Mon, Aug 5th)
The Hacker News
Researchers Uncover Flaws in Windows Smart App Control and SmartScreen
Kazakh Organizations Targeted by 'Bloody Wolf' Cyber Attacks
The Loper Bright Decision: How it Impacts Cybersecurity Law
Enhancing Incident Response Readiness with Wazuh
Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access
New Android Trojan "BlankBot" Targets Turkish Users' Financial Data
China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates
TorrentFreak
Mayor Shows Pirated Copy of “Inside Out 2” on Town Square Big Screen in Brazil
Google & Cloudflare Summoned to Explain Their Plans to Defeat Pirate IPTV
The Register - Security
That cyber-heist of 2.9B personal records? There's a class-action lawsuit looming for that
Your copilot for improved cyber protection
Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets
CrowdStrike unhappy about Delta's 'litigation threat,' claims airline refused 'free on-site help'
China starts testing national cyber-ID before consultation on the idea closes
Google gamed into advertising a malicious version of Authenticator
Blackhat Library: Hacking techniques and research
Flipper at Blackhat Las Vegas 2024
Have I Been Pwned latest breaches
Shoe Zone - 46,140 breached accounts
Technical Information Security Content & Discussion
CVE-2024-39877: Apache Airflow Arbitrary Code Execution
Kerberos OPSEC: Offense & Detection Strategies for Red and Blue Team - Part 2 : AS REP Roasting
Scaling Variant Analysis
Supply Chain Security Harm Reduction with 3TOFU
Deep Web
How to get the good stuff that was deleted off p*rnhub.
NetSPI
Extracting Managed Identity Certificates from the Azure Arc Service
Social Engineering
Forbidden Keys to Manipulation
hi can someone help recommend a TV show to understand normies?
Need a social media manager asap
Your Open Hacker Community
How do people stay anonymous
how to decode crypted data
What hacking tools i can use inside Termux?
Cain and Abel
Deeplinks
To Fight Surveillance Pricing, We Need Privacy First
Krebs on Security
Low-Drama ‘Dark Angels’ Reap Record Ransoms
Information Security
New Android Spyware 'LianSpy' Targets Russian Users - HackNews
Security Affairs
Researchers warn of a new critical Apache OFBiz flaw
Keytronic incurred approximately $17 million of expenses following ransomware attack
A flaw in Rockwell Automation ControlLogix 1756 could expose critical control systems to unauthorized access
China-linked APT41 breached Taiwanese research institute
360数字安全
ISC.AI 2024大型企业数字化转型安全发展论坛召开 为企业数转智改保驾护航
弘扬数字时代青年力量,ISC.AI 2024漏洞生态与实战人才发展论坛召开
Security Weekly Podcast Network (Audio)
Say Easy, Do Hard - Job Search Strategies for CISOs - Part 1 - Merlin Namuth, Brad Rager - BSW #359
Dark Space Blogspot
Cosa Sono I Token Extensions Su Solana
每日安全资讯(2024-08-06)