[每日信息流] 2024-08-19

[ruohong2018]

每日安全资讯（2024-08-19）

• Verne in GitHub
  • Telegram DOGS 提现
• CXSECURITY Database RSS Feed - CXSecurity.com
  • SeTracker2 Excessive Permissions
  • Journyx 11.5.4 XML Injection
  • OpenMetadata 1.2.3 Authentication Bypass / SpEL Injection
  • Build Your Own Botnet 2.0.0 Remote Code Execution
• Recent Commits to cve:main
  • Update Sun Aug 18 22:32:29 UTC 2024
  • Update Sun Aug 18 14:34:42 UTC 2024
  • Update Sun Aug 18 06:36:19 UTC 2024
• unSafe.sh - 不安全
  • My impression of TDI 2024, BlackHat USA 2024 and DEFCON 32
• Security Boulevard
  • USENIX Security ’23 – NVLeak: Off-Chip Side-Channel Attacks via Non-Volatile Memory Systems
  • CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass – A Deep Dive
• Twitter @Nicolas Krassas
  • OpenAI dismantled an Iranian influence operation targeting the U.S. presidential election https://securityaffairs.com/167194/intelligence/openai-disma...
  • EDRKillShifter: A New EDR-Killing Tool in Ransomware Attack https://securityonline.info/edrkillshifter-a-new-edr-killing-tool-in-ransomware-attack/
  • cve-search: perform local searches for known vulnerabilities https://meterpreter.org/cve-search-perform-local-searches-for-known-vulnerabilities/
  • 10,000+ WordPress Sites at Risk: Critical File Deletion Flaw Found in InPost Plugins https://securityonline.info/10000-wordpress-sites-at-risk-critica...
• 安全客-有思想的安全新媒体
  • 集结｜安全KER协办的XCon × Hacking Group技术论坛落地北京，8月23日不见不散！
• SecWiki News
  • SecWiki News 2024-08-18 Review
• CTFするぞ
  • AlpacaHack Round 1 (Pwn)のWriteup
• Reverse Engineering
  • Writeup: Reverse Engineering the AM335x Boot ROM
• 体验盒子
  • 为您的 Flutter 应用程序设置主题：ThemeData 和 ColorScheme
• 奇客Solidot–传递最新科技情报
  • 研究发现大模型无法独立学习或获得新技能
  • 英国研究发现艺术和手工比上班更有助于提升幸福感
• Yang Hao's blog
  • Fastjson反序列化漏洞复现
• Over Security - Cybersecurity news aggregator
  • Windows 11 preview update adds new Power mode options
  • Chrome will redact credit cards, passwords when you share Android screen
• Unsupervised Learning
  • The Link Between Free Will and LLM Denial
• Max Kersten
  • My impression of TDI 2024, BlackHat USA 2024 and DEFCON 32
• TorrentFreak
  • Radiohead ‘Leaked’ Their Own Track in 2009, Now We’re Accused of Pirating It
• Full Disclosure
  • Authenticated Code Injection - smfv2.1.4
  • Improper Authentication (CWE-287) CVE-2024-33897
  • Execution with Unnecessary Privileges (CWE-250) CVE-2024-33894
  • Use of Hard-coded Cryptographic Key (CWE-321) CVE-2024-33895
  • Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) CVE-2024-33896
  • Cleartext Storage of Sensitive Information in a Cookie (CWE-315) CVE-2024-33892
  • Improper Neutralization of Input During Web Page Generation (CWE-79) CVE-2024-33893
  • Dovecot CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message
  • CVE-2024-23184: Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive
• Security Affairs
  • From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs
  • SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7
  • Security Affairs newsletter Round 485 by Pierluigi Paganini – INTERNATIONAL EDITION
  • Large-scale extortion campaign targets publicly accessible environment variable files (.env)
• Troy Hunt's Blog
  • Weekly Update 413
• Blackhat Library: Hacking techniques and research
  • AI like chatgpt but not censored
• Technical Information Security Content & Discussion
  • CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass
• Computer Forensics
  • SANS FOR500 (GCFE) vs 13Cubed Investigating Windows Endpoints
  • Recommend Offline forensic courses in india
• Your Open Hacker Community
  • Modify digital camera's firmware
  • FULL DECRYPED TRAFFIC