[每日信息流] 2024-08-07

[ruohong2018]

每日安全资讯（2024-08-07）

• Twitter @Nicolas Krassas
  • Sonic Automotive says ransomware-linked CDK software outage cost it $30M https://go.theregister.com/feed/www.theregister.com/2024/08/06/sonic_automoti...
  • Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault https://www.bleepingcomputer.com/news/security/samsung-to-pay-1-000-000-for-rces-on-galax...
  • Hunters International Disguises SharpRhino RAT as Legitimate Network Admin Tool https://www.darkreading.com/cyberattacks-data-breaches/hunters-interna...
  • INTERPOL Recovers $41 Million in Largest Ever BEC Scam in Singapore https://thehackernews.com/2024/08/interpol-recovers-41-million-in-largest.html
  • Hacker wipes 13,000 devices after breaching classroom management platform https://www.bleepingcomputer.com/news/security/hacker-wipes-13-000-devices-a...
  • Over 300M scraped http://SOCRadar.io emails exposed https://www.scmagazine.com/brief/over-300m-scraped-socradar-io-emails-exposed
  • Key Tronic's ransomware-related losses exceed $17M https://www.scmagazine.com/brief/key-tronics-ransomware-related-losses-exceed-17m
  • France's Grand Palais discloses cyberattack during Olympic games https://www.bleepingcomputer.com/news/security/frances-grand-palais-discloses-cyberat...
  • Bad apps bypass Windows security alerts for six years using newly unveiled trick https://go.theregister.com/feed/www.theregister.com/2024/08/06/bad_ap...
  • Vestaboard: Exploring Broken Access Controls and Privilege Escalation https://rhinosecuritylabs.com/research/vestaboard-vulnerabilities/
  • Proton Ransomware Evolves With Latest Zola Variant https://packetstormsecurity.com/news/view/36181/Proton-Ransomware-Evolves-With-Latest-Zola-Variant....
  • Thousands Of Devices Wiped Remotely Following Mobile Guardian Hack https://packetstormsecurity.com/news/view/36182/Thousands-Of-Devices-Wiped-Remotely...
  • Rockwell PLC Security Bypass Threatens Manufacturing Processes https://www.darkreading.com/ics-ot-security/rockwell-plc-security-bypass-threatens-manu...
  • North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry https://thehackernews.com/2024/08/north-korean-hackers-moonstone-sleet...
  • Samsung Boosts Bug Bounty Program: $1 Million Top Prize for Mobile Vulnerabilities https://securityonline.info/samsung-boosts-bug-bounty-program-1-mil...
  • CVE-2024-22169: Western Digital’s WD Discovery App Exposed to Code Execution Vulnerability https://securityonline.info/cve-2024-22169-western-digital...
  • New Android Spyware LianSpy Evades Detection Using Yandex Cloud https://thehackernews.com/2024/08/new-android-spyware-lianspy-evades.html
  • Medusa Ransomware Group’s OPSEC Failure: Infiltrating Their Cloud Storage https://darkatlas.io/blog/medusa-ransomware-group-opsec-failure
  • Billion-dollar bust as international op shutters Cryptonator wallet https://go.theregister.com/feed/www.theregister.com/2024/08/06/cryptonator_closure...
  • Google’s Billion-Dollar Apple Search Deal Deemed Illegal https://securityonline.info/googles-billion-dollar-apple-search-deal-deemed-illegal/
• Recent Commits to cve:main
  • Update Tue Aug 6 22:31:01 UTC 2024
  • Update Tue Aug 6 14:39:50 UTC 2024
• Tenable Blog
  • Do You Think You Have No AI Exposures? Think Again
  • Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach
• 安全客-有思想的安全新媒体
  • 生成式人工智能的伦理治理与风险防控——破解科林格里奇困境的新路径
  • 中国视角下的网络信息安全监管法治化建设与体系化发展
  • 危害严重的 Apache OFBiz 未授权远程代码执行漏洞需立即修复
  • 研究人员发现 Windows 智能应用控制和 SmartScreen 中的漏洞
  • 数以万计的Ubiquiti物联网摄像头与路由器成为黑客的攻击目标
  • Rockwell Automation ControlLogix 1756 中存在一个未经授权的访问漏洞
  • SnakeKeylogger潜入Windows 收件箱以窃取敏感机密
  • 新的Android木马“BlankBot”针对土耳其用户的财务数据
  • 白宫和欧盟委员会启动1500万美元的网络安全奖学金计划
  • APT 组织 StormBamboo 通过 DNS 欺骗攻击 ISP 客户
  • 骗子利用谷歌广告系统诱导用户下载有问题的软件
  • 弘扬数字时代青年力量，ISC.AI 2024漏洞生态与实战人才发展论坛召开
• Files ≈ Packet Storm
  • Korenix JetPort Series 1.2 Command Injection / Insufficient Authentication
  • Microweber 2.0.15 Cross Site Scripting
  • Gentoo Linux Security Advisory 202408-02
  • eduAuthorities 1.0 SQL Injection
  • Gentoo Linux Security Advisory 202408-01
  • Concert Ticket Reservation System 1.0 SQL Injection
  • Computer Laboratory Management System 1.0 Insecure Settings
  • Ubuntu Security Notice USN-6200-2
  • Codeprojects E-Commerce 1.0 Cross Site Scripting
  • Blog Site 1.0 Cross Site Scripting
  • Red Hat Security Advisory 2024-5001-03
• Security Boulevard
  • How AHEAD Enhanced SecOps Efficiency with Low-code Security Automation
  • USENIX Security ’23 – Prime Match: A Privacy-Preserving Inventory Matching System
  • Joint Certification Program (DD 2345)
  • Daniel Stori’s ‘The chroot Case’
  • Breach Debrief Series: EchoSpoofing Phishing Campaign Exploiting Proofpoint’s Email Protection
  • Why API Security Testing Matters – Learning from Tracfone
  • DataDome Now Protects Keycloak IAM
  • The Prevalence of DarkComet in Dynamic DNS
  • USENIX Security ’23 – FreeEagle: Detecting Complex Neural Trojans in Data-Free Cases
  • Understanding the Dark Web: A Hidden Realm
• Trustwave Blog
  • Trustwave Managed Vulnerability Scanning Shines a Light on Vulnerabilities
• CXSECURITY Database RSS Feed - CXSecurity.com
  • Genexus Protection Server 9.7.2.10 Unquoted Service Path
  • Linux DRM drm_file_update_pid() Race Condition / Use-After-Free
  • Ivanti ADC 9.9 Authentication Bypass
  • Korenix JetPort Series 1.2 Command Injection / Insufficient Authentication
  • eduAuthorities-1.0 Multiple-SQLi
• obaby@mars
  • Delphi7 idhttpserver Post Json
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • “职”属于你的Offer | 中电安科多个岗位热招
  • XCon2024议题：LLM Infra Security：大模型供应链的阿喀琉斯之踵
  • 当鱼叉式网络钓鱼遇到大规模网络钓鱼
• Horizon3.ai
  • Tech Ascension 2024 Best Cloud Security Solution
  • Tech Mahindra and Horizon3.ai Partner to Enhance AI-based Cyber Resilience for Global Customers
• GuidePoint Security
  • White House Memo Pushes Federal Agencies on Cybersecurity
• Reverse Engineering
  • Master Your Craft - Tavis Ormandy Analysis on The CrowdStrike Incident
• Webroot Blog
  • AI in Education: Balancing Innovation with Security
• daniel.haxx.se
  • libcurl is 24 years old
• FreeBuf网络安全行业门户
  • FreeBuf早报 | secureserver.net域被滥用；朝鲜黑客攻击韩国建筑和机械行业
  • 市值暴跌、巨额诉讼，网安一哥走下神坛
  • 自2018年一直被黑客利用，Windows又一“后门”揭秘
  • Gartner安全运营成熟度曲线：XDR、SOAR 泡沫破裂；EDR、SIEM 进入生产成熟期
  • Apache OFBiz 曝出严重漏洞，允许预身份验证 RCE
• 奇客Solidot–传递最新科技情报
  • OpenAI 联合创始人 John Schulman 加盟 Anthropic
  • 三星电子工会调整罢工策略恢复工作
  • 美国航空公司耗尽四位数航班号
  • 美国法官裁决 Google 付费成为默认搜索引擎违反了反垄断法
  • Windows 11 市场份额突破三成
  • 马斯克重启对 OpenAI 和 Sam Altman 的诉讼
  • 印尼以赌博色情理由封锁 DuckDuckGo
• rtl-sdr.com
  • RadioWorld Magazine Article about Software Defined Radios for Shortwave Listening
  • SignalsEverywhere: Using HackTV to Transmit Analog Television with a HackRF
• HackerNews
  • Gartner 安全运营成熟度曲线：XDR、SOAR 泡沫破裂；EDR、SIEM 进入生产成熟期
  • CrowdStrike 与达美航空互撕，拒付 5 亿美元赔偿
  • Apache OFBiz 用户被警告存在新的和被利用的漏洞
  • 朝鲜黑客利用 VPN 更新漏洞安装恶意软件，试图窃取商业情报
  • 因受勒索软件攻击，某电子制造服务公司损失超过 1700 万美元
• 杨龙
  • CSS防止顶部和底部margin溢出影响父元素
• 安全牛
  • AI大模型赋能开发者|海云安创始人谢朝海受邀在ISC.AI 2024大会就“大模型在软件开发&安全领域的应用”主题发表演讲
• 微步在线研究响应中心
  • 微步协助H3C修复iMC智能管理中心远程代码执行漏洞
• 腾讯玄武实验室
  • 每日安全动态推送(8-6)
• 安全内参
  • 知名电子大厂因勒索攻击损失超1.2亿元，此前曾停运两周
  • 智能网联汽车网络安全事件分析溯源挑战与思考
• 奇安信威胁情报中心
  • 近期值得关注的IOC（2024-08-06）
  • 【8月5日获奖榜】以下网络安全专家已免费获赠阿瑞斯武器库批量查询工具
• Microsoft Security Response Center
  • Congratulations to the MSRC 2024 Most Valuable Security Researchers!
• 数世咨询
  • 攻击者是如何绕过EDR/XDR的——对此我们又该怎么做？
• 奇安信 CERT
  • Roundcube Webmail 多个XSS高危漏洞安全风险通告
• 丁爸 情报分析师的工具箱
  • 【资源】查询NGO信息网站汇总
• 安全牛
  • 借口国家安全，美国商务部要求在自动驾驶汽车中禁用我国软件；Linux内存分配错误或可导致对内核内存的任意读写 | 牛­览
  • 加大预算投入来对抗AI驱动的网络攻击已经势在必行
• 关键基础设施安全应急响应中心
  • 进一步推进国家安全法治体系建设
  • 香港网络安全法案：保护关键基础设施，而非侵犯个人隐私
  • 近30亿人个人数据遭暗网售卖，这家公司被起诉
• dotNet安全矩阵
  • .NET 一款提权工具：Sharp4PetitPotato
  • 2024hvv | 19套.NET系统漏洞威胁情报(08.07更新)
  • .NET 内网攻防实战电子报刊
• KCon 黑客大会
  • 演讲议题巡展 | 新视角关注Windows漏洞挖掘-从USB设备到操作系统内核
  • 【高端培训招募】KCon大会培训日，正式回归啦！
• 代码卫士
  • 再创新高：财富50强公司支付勒索赎金7500万美元
  • 谷歌修复已遭利用的安卓内核0day漏洞
• CNCERT国家工程研究中心
  • 新的 Specula 工具利用 Outlook 在 Windows 中执行远程代码
  • 因办公应用程序导致大规模数据泄露，涉及900家公司
  • 比肩“飞马”:专攻Android的新型间谍软件LianSpy曝光
• 极客公园
  • 为什么消费者需要「仅退款」？
  • 木卫四发布大模型智能体群，蝴蝶 AI 2.0 开启汽车安全新篇章
  • 美科技七巨头一夜蒸发 6500 亿；荣耀回应 IPO 传闻；微信订阅号灰度测试「快讯」| 极客早知道
• 火绒安全
  • 火绒安全终端防护数据月报（2024-07）
• 国家互联网应急中心CNCERT
  • CNVD漏洞周报2024年第31期
  • 上周关注度较高的产品安全漏洞(20240729-20240804)
• Beacon Tower Lab
  • 【0806】重保演习每日情报汇总
• 山石网科安全技术研究院
  • 第四届山石CTF夏令营入营名单来啦！
• Securityinfo.it
  • Rockwell Automation, una vulnerabilità consente l’accesso non autorizzato ai dispositivi
  • Nathan Howe: “ecco come Zscaler protegge i dispositivi IoT/OT”
• 看雪学苑
  • 让创意闪耀：SDC 2024「极客市集」展商招募中
  • 记录一次秀动APP的逆向
  • 员工工资直接与安全挂钩，微软改革将安全视为首要任务
• TrustedSec
  • Execution Guardrails: No One Likes Unintentional Exposure
• Qualys Security Blog
  • 2024 Midyear Threat Landscape Review
• Over Security - Cybersecurity news aggregator
  • Venezuelan government ratchets up digital repression surrounding tainted election
  • Google Chrome will let you send money to your favourite website
  • INTERPOL recovers over $40 million stolen in a BEC attack
  • Google says Android zero-day was exploited in the wild
  • Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault
  • Hackers remotely wipe 13,000 students’ iPads and Chromebooks after breaching safety software
  • France's Grand Palais discloses cyberattack during Olympic games
  • Nearly 40 French museums reportedly affected by ransomware attack
  • Proton VPN adds ‘Discreet Icons’ to hide app on Android devices
  • Point of entry: Why hackers target stolen credentials for initial access
  • Hacker wipes 13,000 devices after breaching classroom management platform
  • Ritorna Vidar in Italia con una campagna di malspam tramite PEC
  • Rockwell Automation, una vulnerabilità consente l’accesso non autorizzato ai dispositivi
  • Nathan Howe: “ecco come Zscaler protegge i dispositivi IoT/OT”
  • From Weaponization to Victimization: Fallout from the ServiceNow Vulnerability
  • From Weaponization to Victimization: Fallout from ServiceNow Vulnerability
  • Shoe Zone - 46,140 breached accounts
• 信息安全国家工程研究中心
  • 加强网络安全体制建设，为高质量发展保驾护航
• 字节跳动技术团队
  • 豆包大模型视觉、语音能力升级！文生图更懂“国风”，TTS“拿捏”情绪
• Tails - News
  • Converting dangerous documents to safe PDFs using Dangerzone
• SANS Internet Storm Center, InfoCON: green
  • A Survey of Scans for GeoServer Vulnerabilities, (Tue, Aug 6th)
  • ISC Stormcast For Tuesday, August 6th, 2024 https://isc.sans.edu/podcastdetail/9084, (Tue, Aug 6th)
• Schneier on Security
  • On the Cyber Safety Review Board
• Palo Alto Networks Blog
  • Palo Alto Networks Zero Trust Platform Featured in New NIST Guidance
• Security Affairs
  • A ransomware attack hit French museum network
  • CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog
  • Google warns of an actively exploited Android kernel flaw
  • Should Organizations Pay Ransom Demands?
  • North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks
• 中国信息安全
  • 论坛·原创 | 新技术环境下保密工作面临的挑战和应对策略
  • 关注 | 从“蓝屏事件”说开来：“网络卫士”实为“黑客帝国”
  • 发布 | 工信部印发《关于创新信息通信行业管理 优化营商环境的意见》（附全文）
  • 前沿 | 欧盟《人工智能法案》生效 将完善监管规则
  • 法治 | 加强算法风险侵权法律规制
  • 专家观点 | 如何加强数据知识产权保护
  • 评论 | 针对网络传销新变化开展精准治理
• Blackhat Library: Hacking techniques and research
  • Booting up kali Linux from usb
  • Black hat 2024
• Your Open Hacker Community
  • jQuery UI 1.12.1
  • Is monitor mode a must have for pentesting ?
• Posts By SpecterOps Team Members - Medium
  • BloodHound Operator — Dog Whispering Reloaded
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • Network Devices Configuration Manager
• Information Security
  • Why don’t more cybersecurity internships include internal ethical hacking challenges?
  • What’s the buzz at BlackHat 2024 so far?
• 360数字安全
  • 360安全大模型为什么是“非卖品”？
  • 连续11年亮相BlackHat大会，360发布重磅漏洞研究成果
  • ISC.AI 2024｜数据安全与创新应用论坛召开 助推数据安全高质量发展
• The Hacker News
  • INTERPOL Recovers $41 Million in Largest Ever BEC Scam in Singapore
  • North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry
  • Suspicious Minds: Insider Threats in The SaaS World
  • New Android Spyware LianSpy Evades Detection Using Yandex Cloud
  • Google Patches New Android Kernel Vulnerability Exploited in the Wild
  • New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution
• Tor Project blog
  • New Release: Tor Browser 13.5.2
• 不忘初心px1624
  • 看漫画学越权 5
• 迪哥讲事
  • Web API 渗透测试指南
• TorrentFreak
  • Pirate Site Blocking Can’t Prevent Pay TV Subscriber Decline in Uruguay
  • Record Labels Ask Court to Deny Cox’s Challenge of ‘$1 Billion’ Piracy Verdict
• Social Engineering
  • Meta launches AI chatbots for Instagram
  • Good brands are social engineering and it makes me sick
  • Tim Walz providing free school meals to kids vs. Sarah H. Sanders loosening child labor protections.
• Full Disclosure
  • CyberDanube Security Research 20240805-0 | Multiple Vulnerabilities in JetPort Series
  • CVE-2024-40101 exploit: Reflected Cross-Site Scripting (XSS) on Microweber
• The Register - Security
  • Google splats device-hijacking exploited-in-the-wild Android kernel bug among others
  • Sonic Automotive says ransomware-linked CDK software outage cost it $30M
  • Bad apps bypass Windows security alerts for six years using newly unveiled trick
  • Users call on Microsoft to update Outlook's friendly name feature
  • Billion-dollar bust as international op shutters Cryptonator wallet
  • MDM vendor Mobile Guardian attacked, leading to remote wiping of 13,000 devices
  • Illinois relaxes biometric privacy law so snafus won't cost businesses billions
  • NFL to begin using face scanning tech across all of its stadiums
• Graham Cluley
  • FTC warns consumers of scammers offering to remove all negative information from credit reports
  • The AI Fix #10: An AI cookery dumpster fire, the ARC prize, and a creepy new AI friend
• Technical Information Security Content & Discussion
  • Announcing the Vulnerability Management program pack 1.0
  • Unveiling the Power Duo: osquery and osctrl
  • Vestaboard: Exploring Broken Access Controls and Privilege Escalation
  • Homebrew Security Audit 2023
  • Master Your Craft - Tavis Ormandy Analysis on The CrowdStrike Incident
• Computer Forensics
  • Why when I do the forensic acquisition I get all the 830GB? I am using FTK and I do select logical drive, I want only the 85GB, but my E01 File always ends up being 830GB... Is there a way for me to only get the 85GB worth of memory?
  • Free Digital Forensic Policies & Documents
  • Digital Forensics Interview - FBI
  • DIGITAL TREASURE HUNT
• Deeplinks
  • Support Justice for Digital Creators and Tech Users
  • EFF at the Las Vegas Hacker Conferences
• Security Weekly Podcast Network (Audio)
  • Fake IDS, Storm Bamboo, uBlock, Rhysida, Snake, Delta, TikTok, Josh Marpet... - SWN #404
  • Building Successful Security Champions Programs - Marisa Fagan - ASW #294
• Dark Space Blogspot
  • Cosa è Successo ai Mercati Azionari e Cripto? Crollo del 4-5 Agosto 2024
  • Cos'è Il Carry Trade Nei Mercati Finanziari?