issues
search
ruohong2018
/
ruohong2018.github.io
GNU General Public License v3.0
33
stars
3
forks
source link
[每日信息流] 2024-08-13
#549
Open
ruohong2018
opened
3 months ago
ruohong2018
commented
3 months ago
每日安全资讯(2024-08-13)
CXSECURITY Database RSS Feed - CXSecurity.com
Open WebUI 0.1.105 File Upload / Path Traversal
courier-management-system-2020-1.0 Multiple-SQLi
Backdoor.Win32.Nightmare.25 / Unauthenticated Remote Command Execution
Twitter @Nicolas Krassas
12th August – Threat Intelligence Report https://research.checkpoint.com/2024/12th-august-threat-intelligence-report/
Google Patches Critical Vulnerabilities in Quick Share After Researchers’ Warning https://hackread.com/google-patches-quick-share-vulnerabilities-war...
Tennessee Man Helped DPRK Workers Get Jobs at US Orgs, Fund WMDs https://www.darkreading.com/remote-workforce/tennessee-man-helped-dprk-workers-get-jo...
Over 35K impacted by CSC ServiceWorks breach https://www.scmagazine.com/brief/over-35k-impacted-by-csc-serviceworks-breach
Living off the land with Bluetooth PAN https://www.pentestpartners.com/security-blog/living-off-the-land-with-bluetooth-pan/
Russia Blocks Signal Messaging App https://packetstormsecurity.com/news/view/36206/Russia-Blocks-Signal-Messaging-App.html
200k Impacted By East Valley Institute Of Technology Data Breach https://packetstormsecurity.com/news/view/36207/200k-Impacted-By-East-Valley-Institut...
Attacker steals personal data of 200k+ people with links to Arizona tech school https://go.theregister.com/feed/www.theregister.com/2024/08/12/200k_wi...
Mega money, unfathomable violence pervade thriving underground doxxing scene https://go.theregister.com/feed/www.theregister.com/2024/08/12/mega_money...
Microsoft shares Outlook workaround for Gmail sign-in issues https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-outlook-workaround-for-g...
20-Year-Ol Hardware Flaw Found In AMD Chips https://packetstormsecurity.com/news/view/36208/20-Year-Ol-Hardware-Flaw-Found-In-AMD-Chips.html
Google deactivates Russian AdSense accounts, sends final payments https://www.bleepingcomputer.com/news/google/google-deactivates-russian-adsense-acco...
Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems https://thehackernews.com/2024/08/researchers-uncover-vulnerabilities-in.html
FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability https://thehackernews.com/2024/08/freebsd-releases-urgent-patch-for-high.html
GPS Spoofers Hack Time On Commercial Airlines https://packetstormsecurity.com/news/view/36205/GPS-Spoofers-Hack-Time-On-Commercial-Airlines.html
Trump Campaign Says It Has Been Hacked https://packetstormsecurity.com/news/view/36204/Trump-Campaign-Says-It-Has-Been-Hacked.html
Taxonomy of Generative AI Misuse https://www.schneier.com/blog/archives/2024/08/taxonomy-of-generative-ai-misuse.html
Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks https://thehackernews.com/2024/08/industrial-remote-access-tool-ewon-cosy.h...
Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths https://github.com/klezVirus/DriverJack
HAL: The Hardware Analyzer https://meterpreter.org/hal-the-hardware-analyzer/
Recent Commits to cve:main
Update Mon Aug 12 22:31:19 UTC 2024
Update Mon Aug 12 14:29:13 UTC 2024
Update Mon Aug 12 06:31:31 UTC 2024
Security Boulevard
Ransomware Attack Fetched A Record $75 Million
USENIX Security ’23 – Automated Security Analysis of Exposure Notification Systems
DOJ Shuts Down Another North Korean ‘Laptop Farm’
CVE-2024-38856: Pre-Auth RCE Vulnerability in Apache OFBiz
Randall Munroe’s XKCD ‘Vice President First Names’
Privacy Risks in Google’s New Play Store Personalization
News alert: Criminal IP and Maltego team up to broaden threat intelligence data search
AppViewX Automated Certificate Management for PingAccess
USENIX Security ’23 – DISTDET: A Cost-Effective Distributed Cyber Threat Detection System
HYAS Investigates Threat Actors Hidden In Gaming Services
Files ≈ Packet Storm
Gentoo Linux Security Advisory 202408-33
Gentoo Linux Security Advisory 202408-32
Gentoo Linux Security Advisory 202408-31
Gentoo Linux Security Advisory 202408-30
Gentoo Linux Security Advisory 202408-29
Gentoo Linux Security Advisory 202408-28
Gentoo Linux Security Advisory 202408-27
Computer Laboratory Management 1.0 SQL Injection
Gentoo Linux Security Advisory 202408-26
Courier Management System 2020-1.0 SQL Injection
Gentoo Linux Security Advisory 202408-25
Backdoor.Win32.Nightmare.25 MVID-2024-0687 Code Execution
Ubuntu Security Notice USN-6926-3
Gentoo Linux Security Advisory 202408-24
Gas Agency Management 2022 Cross Site Request Forgery
Gentoo Linux Security Advisory 202408-23
Garden Gate 2.6 SQL Injection
Gentoo Linux Security Advisory 202408-22
Goati Track 1.0-2023 Insecure Settings
Gentoo Linux Security Advisory 202408-21
Red Hat Security Advisory 2024-5194-03
Farmacia Gama 1.0 Insecure Direct Object Reference
Employee Management System 1.0 Insecure Settings
Red Hat Security Advisory 2024-5193-03
Gentoo Linux Security Advisory 202408-20
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
新剧推荐 | 这部国产反谍剧,我给9.5分
谣言粉碎机 | 走近真实的测谎技术
18.98 Hz | 来自鬼魂的无线信号
ESD K9电子搜检汪汪队
采购欺诈预警 | 带你分辨DeltaV专业场强仪的高仿假货
安全动态回顾|国家计算机病毒应急处理中心通报15款违规移动应用 Critical Progress WhatsUp RCE漏洞正在被积极利用
自 2018 年以来,Windows 智能应用控制和 SmartScreen 绕过技术一直存在漏洞
国投智能牵头组建“厦门市警安科技创新联合体”,助推公安工作现代化
荣获国际顶级认可!国投智能荣获CMMI5级权威认证
2024年中盘点 | 美亚柏科电子数据取证技术实现重大突破
三星将为 Galaxy 安全保险库的 RCE 支付 100 万美元
安全客-有思想的安全新媒体
CISA 将 Apache OFBiz 和 Android 内核漏洞添加到已知漏洞目录中
CISA警告黑客利用传统的思科智能安装功能获取敏感数据
ADT 披露了一起影响了 30,000 多名客户的数据泄露事件
研究人员发现谷歌文件传输工具中的 10 个漏洞
新恶意软件利用流氓 Chrome 浏览器和 Edge 扩展程序攻击了超 30 万用户
专家揭露导致远程代码执行、数据窃取及服务全面接管的严重AWS漏洞
微软揭露了四个导致潜在 RCE 和 LPE 的 OpenVPN 漏洞
Sonos智能音箱存在允许窃听用户的漏洞
PyPI恶意包“solana-py”窃取Solana密钥
ISC.AI 2024 Palo Alto Networks黄强:以AI对抗AI,为人工智能转型之路保驾护航
SecWiki News
SecWiki News 2024-08-12 Review
Cerbero Blog
Cerbero Suite 7.8 Release
InnoSetup Format Package
IFPS Format Package
The DFIR Report
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
Trail of Bits Blog
Trail of Bits Advances to AIxCC Finals
Forcepoint
DSPM Ensures Regulatory Compliance in GenAI Deployments
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Tip of the Day - Part Two
Binary Ninja
Sidekick 2.0
Sidekick in Action: Analyzing Firmware
Sidekick in Action: Deobfuscating Strings in Amadey Malware
SentinelOne
PinnacleOne ExecBrief | Terrorism on the Horizon
Singularity MDR | A Scalable Solution for Broader Detection & Response Coverage
Reverse Engineering
/r/ReverseEngineering's Weekly Questions Thread
CREATE your own Windows DEVICE DRIVER with BUGS... then travel "behind the Blue Screen" into ring 0 with Windows Kernel Debugger!! 🖥️🪰🧑💻
Extending Chiplab IO
daniel.haxx.se
verbose, verboser, verbosest
Bug Bounty in InfoSec Write-ups on Medium
From Fries to Flaws : My Journey into Web App Security (Part V)
$800 Improper Authorization Flaw: Unauthorized Project Reclaiming Post Transfer
From Fries to Flaws : My Journey into Web App Security (Part IV)
Hacking OWASP Juice Shop: Part 5- Privilege Escalation via Manipulated User Registration
From Fries to Flaws : My Journey into Web App Security (Part III)
Unveiling Remote Code Execution in AI chatbot workflows
Learn Basic SQL Injection
Hacking OWASP Juice Shop: Part4 — Exploiting Payment and Input Validation Loopholes
Hacking OWASP Juice Shop: Part 3- Exploiting Insufficient Server-Side Checks:::Bypassing Input…
From Fries to Flaws : My Journey into Web App Security (Part II)
安全牛
SCA面面观 | SAST、IAST、DAST、SCA,企业该如何选择组件检测工具?
SCA面面观 | SCA在软件开发全生命周期的应用
SCA面面观 | SCA关键技术深度解析
国投智能牵头组建“厦门市警安科技创新联合体”,助推公安工作现代化
荣获国际顶级认可!国投智能荣获CMMI5级权威认证
2024年中盘点 | 美亚柏科电子数据取证技术实现重大突破!
SpiderLabs Blog
The Art of Deception: Turning the Tables on Attackers with Active Defenses
FreeBuf网络安全行业门户
英国要发起一场“国家规模”的蜜罐计划
AWS多项服务存在漏洞,能让攻击者完全控制账户
新型Mac窃取程序"AMOS"冒充Loom,瞄准加密货币钱包
FreeBuf早报 | 微软2024财年发放1.2亿元漏洞赏金;《联合国打击网络犯罪公约》通过
微软披露Office最新零日漏洞,可能导致数据泄露
奇客Solidot–传递最新科技情报
惠普计划将至少五成 PC 生产转移出中国
OpenAI 创始团队成员只有 2 人留任
OnlyFans 成人明星外包聊天服务
中国受关注论文数高居第一
俄罗斯占领的乌克兰扎波罗热核电站发生火灾
三星新汽车固态电池续航里程高达 1000 公里
现代和起亚的防盗软件大幅降低了汽车被盗率
Ubuntu 将使用最新内核版本
奇安信威胁情报中心
近期值得关注的IOC(2024-08-12)
【活动最后一周】以下网络安全专家已免费获赠阿瑞斯武器库批量查询工具
腾讯玄武实验室
每日安全动态推送(8-12)
安全内参
特朗普竞选团队在大选期间被黑,部分敏感数据外泄
我国数据分类分级研究进展与企业实施路径建议
关键基础设施安全应急响应中心
关键基础设施安全资讯周报20240812期
GPS欺骗技术新威胁:黑客篡改飞机时间系统
思科预警,旧版IP电话存在严重RCE零日漏洞
数世咨询
报告发现:澳大利亚CFO越来越多地参与IT投资决策
代码卫士
奇安信《软件供应链安全报告》:七成国产软件有超危漏洞
安全研究GoSSIP
G.O.S.S.I.P 阅读推荐 2024-08-12 影子写手
雷神众测
雷神众测漏洞周报2024.08.05-2024.08.11
网络安全研究宅基地
韩国“伪猎者”APT组织利用多款国产化软件漏洞对中国的攻击活动
网安杂谈
蓄能作战力!成都链安“战法训练营”开课啦!
极客公园
阿里把十年后的超时空购物体验店,搬到了巴黎奥运会旁边
曝苹果 AI 功能 3 年不收费;巴黎奥运闭幕,中国队刷新金牌纪录;上海迪士尼打造「漫威主题」项目 | 极客早知道
山石网科安全技术研究院
第四届山石CTF夏令营结营赛暨SAINTSEC招新赛获奖名单
奇安信 CERT
安全热点周报:本周新增两个在野利用漏洞,系统安全不容小觑
KCon 黑客大会
演讲议题巡展 | The Dark Side of the Browser
嘶吼专业版
自 2018 年以来,Windows 智能应用控制和 SmartScreen 绕过技术一直存在漏洞
直播预告 | 直面勒索攻击:构建企业数字安全防线
安全动态回顾 | 谷歌修复了针对性攻击中利用的Android内核零日漏洞
CNVD漏洞平台
CNVD漏洞周报2024年第32期
上周关注度较高的产品安全漏洞(20240805-20240811)
安全学术圈
中科院信工所 | ET-BERT:用于加密流量分类的带有预训练Transformer的上下文数据报表征
补天平台
中秋第一趴 | 公益全体活动+专属SRC奖励升级!
Beacon Tower Lab
【0812】重保演习每日情报汇总
情报分析师
摩萨德间谍网如何渗透土耳其
支持特朗普背后的200名将军和海军上将名单明细
字节跳动技术团队
一个全新的 Go pprof 视角 - 对象引用分析
技术专题26期 | 鸿蒙的实践与探索
中国信息安全
全球视野 | 国际网安快讯(第23期)
通知 | 金融监管总局发文 加强和改进互联网财产保险业务监管(附全文)
观点 | 加快制定促进人工智能发展为主的法律
前沿 | 算法“武器化”及其对权力的塑造
发布 | 《2023互联网安全报告:“体系化主动安全”建设指南》正式发布
评论 | 严惩“按键伤人” 依法铸就清朗网络空间
关注 | 部分App未成年人模式形同虚设
DEF CON Announcements!
Thanks for a Great DEF CON!
安全牛
《联合国打击网络犯罪公约》将提交联大表决,我国发挥关键作用;韩国“伪猎者”APT组织利用国产化软件漏洞对我国进行网络攻击 |牛览
网络安全实战化人才培养之道
Securityinfo.it
INTERPOL: I-GRIP contro le truffe BEC
丁爸 情报分析师的工具箱
【工具】强大的情报分析工具:Intelligence X
SANS Internet Storm Center, InfoCON: green
ISC Stormcast For Monday, August 12th, 2024 https://isc.sans.edu/podcastdetail/9092, (Mon, Aug 12th)
Video: Same Origin, CORS, DNS Rebinding and Localhost, (Mon, Aug 12th)
dotNet安全矩阵
.NET 一款通过泄露令牌实现提权的工具
2024hvv | 23套.NET系统漏洞威胁情报(08.13更新)
.NET 内网攻防实战电子报刊
.NET 一款反序列化注入天蝎内存马的工具
2024hvv | 22套.NET系统漏洞威胁情报(08.12更新)
.NET内网实战:通过进程管道执行CMD命令
Securelist
Indirect prompt injection in the real world: how people manipulate neural networks
Over Security - Cybersecurity news aggregator
X faces GDPR complaints for unauthorized use of data for AI training
FBI says it is investigating purported Trump campaign hack
Il pericolo silenzioso del Sitting Duck Attack
FBI seizes Radar/Dispossessor ransomware gang servers in US and Europe
FBI disrupts the Dispossessor ransomware operation, seizes servers
Swiss manufacturing giant investigating ransomware attack that shut down IT network
South Korea says DPRK hackers stole spy plane technical data
Microsoft is killing the Windows Paint 3D app after 8 years
Australian gold producer Evolution Mining hit by ransomware
Hackers posing as Ukraine’s Security Service infect 100 govt PCs
Microsoft shares Outlook workaround for Gmail sign-in issues
Google deactivates Russian AdSense accounts, sends final payments
As he retires after two decades at Homeland Security, Brandon Wales reflects on CISA’s future
Criminal IP and Maltego Join Forces for Enhanced Cyber Threat Search
Britain and France to discuss misuse of commercial cyber intrusion tools
Australian gold mining company Evolution Mining announces ransomware attack
Indirect prompt injection in the real world: how people manipulate neural networks
INTERPOL: I-GRIP contro le truffe BEC
Cyble Named a Sample Vendor for Digital Risk Protection Services in Gartner® Hype Cycle™ for Managed IT Services, 2024
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
Schneier on Security
Taxonomy of Generative AI Misuse
Graham Cluley
The BlackSuit ransomware gang has demanded over $500 million since 2022
TorrentFreak
‘MagisTV’ Piracy Blocking Efforts in Ecuador Expand, Trademark Application Denied
RuTube Embraces Piracy Then Vanishes From Apple’s App Store & Google Play
The Hacker News
How Phishing Attacks Adapt Quickly to Capitalize on Current Events
Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems
The AI Hangover is Here – The End of the Beginning
FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability
Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks
EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files
黑伞安全
红队武器更新:数据库杀器 MDUT增强版
Security Affairs
A FreeBSD flaw could allow remote code execution, patch it now!
EastWind campaign targets Russian organizations with sophisticated backdoors
Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE
Information Security
Coforge Faces $11 Million Heat After Alleged Data Breach
Your Open Hacker Community
Need Help With NGROK
Bypassing web login for internet access (Help)
Deeplinks
Federal Appeals Court Finds Geofence Warrants Are “Categorically” Unconstitutional
迪哥讲事
记两次非常规文件上传Getshell
Technical Information Security Content & Discussion
SQL Injection Isn't Dead - Smuggling Queries at the Protocol Level
All Security News | With allinfosecnews going down, I decided to keep the dream going. It was my favorite site to visit daily so I couldn't go without it.
Announcing the Bug Bounty program pack 1.0
Microprobing with ICEBite - A Definitive guide fo soldeless testing probes - Hello! Welcome to IoTSecurity101 by @iotsecurity101
Social Engineering
Let your own self have the initiative, not a manipulative social media algorithm. Do what you got to do in priority. Don't let social media algorithms have the initiative over your will, like someone messing with your plans.
Think Faster, Talk Smarter - Book Summary 📚
Looking to Brainstorm SaaS Ideas for Cybersecurity—What Problems Need Solving?
The Register - Security
Attacker steals personal data of 200K+ people with links to Arizona tech school
Mega money, unfathomable violence pervade thriving underground doxxing scene
Evolve your cloud security knowledge
Trump campaign cites Iran election phish claim as evidence leaked docs were stolen
The UN unanimously agrees that cybercrime is bad, mkay?
Deep Web
temporary email address
Palo Alto Networks Blog
The Missing Piece of SASE — Prisma Access Browser — Now Available
Security Weekly Podcast Network (Audio)
Security Money: Crowdstrike Crashes the Index - BSW #360
每日安全资讯(2024-08-13)