ruohong2018 / ruohong2018.github.io

GNU General Public License v3.0

33 stars 3 forks source link

[每日信息流] 2024-08-11 #547

Open ruohong2018 opened 3 months ago

ruohong2018 commented 3 months ago

每日安全资讯（2024-08-11）

Security Boulevard
- USENIX Security ’23 – V1SCAN: Discovering 1-day Vulnerabilities in Reused C/C++ Open-Source Software Components Using Code Classification Techniques
- Move From FedRAMP to DoD with Impact Level Assessment
Twitter @Nicolas Krassas
- HTB: Usage https://0xdf.gitlab.io/2024/08/10/htb-usage.html
- Microsoft discloses unpatched Office flaw that exposes NTLM hashes https://www.bleepingcomputer.com/news/security/microsoft-discloses-unpatched-office...
- WWH-Club credit card market admins arrested after cash spending spree https://www.bleepingcomputer.com/news/legal/wwh-club-credit-card-market-admins-a...
- Crooks took control of a cow milking robot causing the death of a cow https://securityaffairs.com/166839/cyber-crime/cow-milking-robot-hacked.html
- Russian Midnight Blizzard Breached UK Home Office via Microsoft https://hackread.com/russia-midnight-blizzard-breach-uk-home-office-microsoft/
- Persistent XSS Vulnerability on Microsoft Bing’s Video Indexing System https://infosecwriteups.com/persistent-xss-vulnerability-on-microsoft-bings-vi...
- Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure https://thehackernews.com/2024/08/microsoft-warns-of-unpatched-office.html
- At Home In Your Firmware: Got Any SMMacks? https://jjensn.com/at-home-in-your-firmware/
- Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE https://thehackernews.com/2024/08/microsoft-reveals-four-openvpn-flaws.html
- Russia blocks Signal for 'violating' anti-terrorism laws https://www.bleepingcomputer.com/news/security/russia-blocks-signal-for-violating-anti-terror...
- Rhysida ransomware hits Sumter County Sheriff, threatens data leak https://www.scmagazine.com/news/rhysida-ransomware-hits-sumter-county-sheriff-in-la...
- Team82 Unveils Research on Unitronics PLC/HMI Attacks Targeting Critical Infrastructure https://securityonline.info/team82-unveils-research-on-unitron...
- GoGra: New Go-Based Backdoor Targets South Asian Media https://securityonline.info/gogra-new-go-based-backdoor-targets-south-asian-media/
- Django Releases Security Updates to Address Critical Flaw (CVE-2024-42005, CVSS 9.8) https://securityonline.info/django-releases-security-updates-to-a...
- Quark Engine: automating analysis of suspicious Android application https://meterpreter.org/quark-engine-automating-analysis-of-suspicious-android-app...
- Nexera Hacked: $1.8 Million Stolen from Tokenization Giant https://securityonline.info/nexera-hacked-1-8-million-stolen-from-tokenization-giant/
- Experts Uncover Severe AWS Flaws Leading to RCE, Data Theft, and Full-Service Takeovers https://thehackernews.com/2024/08/experts-uncover-severe-aws-f...
SecWiki News
- SecWiki News 2024-08-10 Review
Recent Commits to cve:main
- Update Sat Aug 10 22:25:00 UTC 2024
- Update Sat Aug 10 14:30:47 UTC 2024
- Update Sat Aug 10 06:31:03 UTC 2024
arighi's blog
- Re-implementing my Linux Rust scheduler in eBPF
Bug Bounty in InfoSec Write-ups on Medium
- How I got my first $13500 bounty through Parameter Polluting (HPP)
- SSRF: Blacklist and Whitelist-Based Input Filters
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
- Emulating Humans for Cybercrime Purposes
- Специални Поздрави За Всички Който "Го Правят" В България
- Представям Ви Двете "Пачаври" Който Ми Оkраха "Къщата"
Robin Verton - developer, software engineer and red teamer
- Neovim Go Template Formatting
CCC Event Blog
- Konferenz und Party von netzpolitik.org: Bildet Netze!
奇客Solidot–传递最新科技情报
- 俄罗斯封禁 Signal
黑海洋 - WIKI
- 略缩图打开变成另一张图
- 隐藏javascript代码
信息时代的犯罪侦查
- 如何使用公开免费的数据查询服务？
看雪学苑
- Android系统启动源码分析
- 30小时学CTF：从零基础到比赛高手的快速通道
奇安信威胁情报中心
- 近期值得关注的IOC（2024-08-10）
dotNet安全矩阵
- .NET 一款提权工具：Sharp4PetitPotato
- .NET 内网攻防实战电子报刊
奇安信 CERT
- 【已复现】微软RDL服务远程代码执行漏洞(CVE-2024-38077)安全风险通告
情报分析师
- 实时位置追踪：美国警力部署和预防策略
- 《每日开源》获取每日开源信息！
极客公园
- AI 换脸项目 Deep-Live-Cam 一夜爆火：只需一张照片，变身马斯克直播
- 美国司法部考虑强制将安卓从谷歌剥离；享界 S9 上市72小时大定突破 4800 台；拼多多创始人黄峥登顶中国首富 | 极客早知道
深信服千里目安全技术中心
- 【漏洞通告】Windows远程桌面授权服务远程代码执行漏洞（CVE-2024-38077）
NOVASEC
- 如何用一种SQL注入姿势在src斩获30w+赏金？
山石网科安全技术研究院
- Windows高危漏洞来袭？已有补丁不需惊慌！
Over Security - Cybersecurity news aggregator
- Local gov’ts in Texas, Florida hit with ransomware as cyber leaders question best path forward
- Microsoft discloses unpatched Office flaw that exposes NTLM hashes
- WWH-Club credit card market admins arrested after cash spending spree
- Microsoft: Windows 11 22H2 reaches end of support in 60 days
- EDR lab: piccolo self-test #1
- After global IT meltdown, CrowdStrike courts hackers with action figures and gratitude
DEF CON Announcements!
- DEF CON Response to Badge Controversy
Luca Mercatanti
- OpenRecall: l’alternativa Open Source a Microsoft Recall
Technical Information Security Content & Discussion
- Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server
Blackhat Library: Hacking techniques and research
- Grey hat hacking(minor)
- Instagram standalone accounts
Information Security
- It audit
- Step by Step Guide to Remediate Data Vulnerability
Your Open Hacker Community
- Unlocking a Windows Computer
The Hacker News
- Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share
- New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions
- Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure
吴鲁加
- 简单清晰地写
Security Affairs
- Is the INC ransomware gang behind the attack on McLaren hospitals?
- Crooks took control of a cow milking robot causing the death of a cow
- Sonos smart speakers flaw allowed to eavesdrop on users
TorrentFreak
- What’s the Safest & Most Trusted Site to Download Pirate Streaming Apps?
Computer Forensics
- Mnemonic for Linux Directories
迪哥讲事
- 由sqli所引起的RCE
Desync InfoSec
- 第十七课分析大规模入侵二
Dark Space Blogspot
- Cos'è La "Dead Internet Theory"? Internet è Morto Nel 2017?