[每日信息流] 2024-08-22

[ruohong2018]

每日安全资讯（2024-08-22）

• Recent Commits to cve:main
  • Update Wed Aug 21 22:21:48 UTC 2024
  • Update Wed Aug 21 14:35:20 UTC 2024
  • Update Wed Aug 21 06:32:46 UTC 2024
• Files ≈ Packet Storm
  • Debian Security Advisory 5756-1
  • Debian Security Advisory 5755-1
  • Debian Security Advisory 5754-1
  • Debian Security Advisory 5753-1
  • Debian Security Advisory 5752-1
  • Ubuntu Security Notice USN-6965-1
  • Ubuntu Security Notice USN-6966-2
  • Ubuntu Security Notice USN-6944-2
  • Online Diagnostic Lab Management System 1.0 Arbitrary File Upload
  • Online Banking System 1.0 Cross Site Request Forgery
  • Music Gallery Site 1.0 Cross Site Request Forgery
  • Multi-Vendor Online Groceries Management System 1.0 Cross Site Request Forgery
  • Medical Center Portal 1.0 Cross Site Request Forgery
  • Ubuntu Security Notice USN-6970-1
  • Event Registration and Attendance System 1.0 Cross Site Request Forgery
  • Cab Management System 1.0 Cross Site Request Forgery
  • Alphaware E-Commerce System 1.0 Code Injection
  • Red Hat Security Advisory 2024-5696-03
  • Red Hat Security Advisory 2024-5695-03
  • Red Hat Security Advisory 2024-5694-03
  • Red Hat Security Advisory 2024-5693-03
  • Red Hat Security Advisory 2024-5692-03
  • Red Hat Security Advisory 2024-5690-03
  • Red Hat Security Advisory 2024-5689-03
  • Red Hat Security Advisory 2024-5662-03
• Flanker Sky
  • 魔形女再袭？最新Android通杀漏洞CVE-2024-31317分析与利用研究
• Trustwave Blog
  • Trustwave Earns Dual Honors in ISG’s 2024 Provider Lens™ Quadrant Reports
• 安全客-有思想的安全新媒体
  • 区块链分析公司 Chainalysis 发布报告分析勒索软件支付趋势
  • AWS CloudTrail在检测潜在安全威胁中的应用及最佳实践
  • 针对 Android 和 iPhone 用户的新网络钓鱼方法
  • 博通赛门铁克的研究人员发现了一个名为 Msupedge 的以前未被发现的后门
  • 报告发现，四分之三的公司保留了越来越多的敏感数据
  • 微软的托管 Azure Kubernetes Service（AKS）存在严重的特权升级漏洞
  • 黑客利用PHP漏洞部署隐蔽的Msupedge后门
  • Oracle NetSuite 配置漏洞可能导致数据泄露
  • “源”聚创新力量，“洞”见安全未来：360漏洞云亮相GOGC，共促开源漏洞安全发展
  • 捷克移动用户成为新银行凭证盗窃计划的目标
• Security Boulevard
  • Backdoor in RFID Cards for Offices, Hotels Can Lead to Instant Cloning
  • 2024 Identity Breach Report: Navigating the GenAI Attack Revolution
  • Gartner Report: Implement a Continuous Threat Exposure Management (CTEM) Program
  • How CTI Analysts Use Threat-Informed Defense to Overcome Top Challenges
  • Enhance Your Identity Governance and Administration Strategy
  • Randall Munroe’s XKCD ‘Ferris Wheels’
  • What’s New in CodeSonar 8.2
  • How Pen Testing is Evolving and Where it’s Headed Next
  • USENIX Security ’23 – ICSPatch: Automated Vulnerability Localization And Non-Intrusive Hotpatching In Industrial Control Systems Using Data Dependence Graphs
  • Patch Tuesday not Done ’til LINUX Won’t Run?
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • XCon2024完整版参会攻略，速速来看，果断收藏~~
  • 丰田网络后台遭黑客入侵 大量数据被泄露
  • 2024 年 7 月头号恶意软件：Remcos 和 RansomHub 大行其道
• obaby@mars
  • Centos 7 安装PyMuPDF
• CXSECURITY Database RSS Feed - CXSecurity.com
  • SourceCodester Computer Laboratory Management System 1.0 (manage_item.php) - SQL Injection
  • used_car_showroom-1.0-2024 Multiple-SQLi
• SecWiki News
  • SecWiki News 2024-08-21 Review
• Filippo Valsorda
  • Let’s All Agree to Use Seeds as ML-KEM Keys
• Armin Ronacher's Thoughts and Writings
  • Rye and uv: August is Harvest Season for Python Packaging
• cloud world
  • Notion 如何处理 2000 亿个数据实体？
• Flanker Sky
  • 魔形女再袭？最新Android通杀漏洞CVE-2024-31317分析与利用研究
• Trail of Bits Blog
  • “YOLO” is not a valid hash construction
• Toooold
  • Agentic Systems: Snake Oil or the Future of AI?
• Horizon3.ai
  • Mastering Cloud Security: Uncovering Hidden Vulnerabilities with NodeZero™
• rtl-sdr.com
  • Moving on from WXtoIMG for NOAA APT Weather Satellite Decoding
  • Exploring Russian and International Analog TV From Leaky Cable TV Networks via the Airspy Server Network
• FreeBuf网络安全行业门户
  • 安恒信息总裁离职，转头创业开起了大排档，你怎么看？
  • WPS今天突然崩了，补偿15天会员
  • FreeBuf早报 | 伊朗黑客对特朗普竞选进行攻击；印度国家支付系统部分中断
  • CannonDesign遭勒索软件攻击，导致客户数据泄露
  • 攻击手法罕见！ESET披露最新网络钓鱼活动，专门针对Android、iPhone用户
• HackerNews
  • 一大学遭遇 Msupedge 后门攻击
  • 印度国家支付系统部分中断：因供应商高风险漏洞迟迟不修后被黑
  • 攻击手法罕见！ESET 披露最新网络钓鱼活动，专门针对 Android、iPhone 用户
  • 乌克兰银行军事捐款服务遭“大规模” DDoS 攻击
  • 伊朗黑客组织 TA453 利用新型 AnvilEcho 恶意软件攻击犹太知名人物
  • 美国某知名建筑公司遭勒索软件攻击，1.3 万名客户数据被泄露
• 黑海洋 - WIKI
  • EdrawMind Pro 思维导图.安装版绿色版（持续更新）
  • Kazumi：动漫追番神器，无广告清爽免费看动画
• 奇客Solidot–传递最新科技情报
  • 2023 年美国出生率再创新低
  • 丰田证实遭黑客入侵
  • 适度游戏有益身心健康
  • GIMP 3.0 接近发布
  • 美国法官阻止 FTC 的竞业禁止协议禁令
  • 迪士尼撤回受争议的强制仲裁动议
  • 大脑为一个记忆创建三个副本
  • 英伟达放弃专用的 G-Sync 模块
  • 微软上周释出的更新影响双系统用户
• 李三的剑谱
  • Python协程的原理与I/O多路复用
• 吾爱破解论坛
  • 【Android 原创】Fake Location 1.3.2.2专业版破解教程(虚拟定位软件)
• 安全牛
  • 9款软件敏感信息检测工具特点分析
  • 2024年上半年勒索攻击赎金支付再创新高，总额超32亿元；半数智利国民隐私信息因社保基金数据库配置不当泄露 | 牛览
  • 用户深度分享：深信服安全托管服务MSS带来的效果革新
  • 中东地区最受关注的100位网络安全领导者
  • 网络安全实战化人才培养之道
• 黑奇士
  • CEO吴泳铭居然不是阿里这季财报的最大功臣？
• 安全内参
  • 网安巨头Palo Alto市值逼近万亿规模：平台化战略成关键抓手
  • 覆盖700余种风险，MIT发布最全AI风险数据库
• 代码卫士
  • Atlassian Bamboo Data Center and Server中存在RCE漏洞
  • CISA：严重的 Jenkins 漏洞已被用于勒索攻击
• 丁爸 情报分析师的工具箱
  • 【视频解读】摩萨德间谍和波兰特工如何获取机密情报
• dotNet安全矩阵
  • .NET 一款内网收集本地用户哈希的工具
  • 2024hvv | 29套.NET系统漏洞威胁情报(08.21更新)
  • .NET 安全基础入门学习知识库
• 奇安信威胁情报中心
  • 补贴钓鱼花样多，请看好个人”钱包”
• 安全研究GoSSIP
  • G.O.S.S.I.P 阅读推荐 2024-08-21 击败波加查？
• 关键基础设施安全应急响应中心
  • 大模型的安全风险及应对建议
  • 黑客利用Xeon Sender发起大规模短信钓鱼攻击
  • 印度国家支付系统部分中断：因供应商高风险漏洞迟迟不修后被黑
• 中国信息安全
  • 通知 | 中央网信办 工信部联合印发《全国重点城市IPv6流量提升专项行动工作方案》（附全文）
  • 权威解读 | 《全国重点城市IPv6流量提升专项行动工作方案》解读
  • 前沿 | 软法视域下人工智能的标准化治理
  • 关注 | 反网暴新规落地，平台如何构建预警机制？“吃瓜群众”如何避免成为“帮凶”？
  • 观点 | 个人信息保护与数据有序使用要平衡发展
  • 法治 | 整治利用“网红儿童”牟利乱象，平台如何做好“把关人”？
  • 一图读懂 | 《全国重点城市IPv6流量提升专项行动工作方案》
• 数世咨询
  • NIST最终确定量子加密新标准
• 安全牛
  • 2024年上半年勒索攻击赎金支付再创新高，总额超32亿元；半数智利国民隐私信息因社保基金数据库配置不当泄露 | 牛览
  • 9款软件敏感信息检测工具特点分析
• 情报分析师
  • 全球最全武器装备资源大公开
  • 【连载】美国正在为即将到来的高科技战争做准备(五）
• 补天平台
  • 2024补天定制中秋礼盒来啦！精美周边+美味月饼
• 字节跳动安全中心
  • 【爆！0元购】师傅速来 字节中秋礼盒0元购
• 奇安信病毒响应中心
  • Rhysida勒索家族分析报告
• 极客公园
  • 小米 SU7 Ultra，让比亚迪腾势给造出来了，只要 33 万
  • 后·移动互联网时代，谁是第一个 DAU 破亿的产品？
  • 黑神话上线首日在线超两百万，破 Steam 记录；特斯拉 Semi 发生严重火灾致高速封闭；淘特已接入微信支付 | 极客早知道
• 嘶吼专业版
  • XCon2024完整版参会攻略，速速来看，果断收藏~~
  • 丰田网络后台遭黑客入侵 大量数据被泄露
• Beacon Tower Lab
  • 【0821】重保演习每日情报汇总
• 国家互联网应急中心CNCERT
  • 网络安全信息与动态周报2024年第33期（8月12日-8月18日）
• CNCERT国家工程研究中心
  • 丰田再发数据泄露事件，涉及240GB员工和客户信息
  • 微软禁用 BitLocker 安全修复程序，建议手动缓解
  • 某A股上市公司疑似泄漏2.3TB数据
• Flanker Sky
  • 魔形女再袭？最新Android通杀漏洞CVE-2024-31317分析与利用研究
• 字节跳动技术团队
  • Kitex Thrift Streaming 在字节跳动 Prompt 平台的实践
  • 【线下席位最后30个！】掘金AI Talk沙龙-深圳站《AOP 框架在永劫无间手游 Copilot 的应用实践》分享内容提前享！
• Securityinfo.it
  • Phishing laterale: una minaccia crescente per le aziende
• SANS Internet Storm Center, InfoCON: green
  • ISC Stormcast For Wednesday, August 21st, 2024 https://isc.sans.edu/podcastdetail/9106, (Wed, Aug 21st)
  • Mapping Threats with DNSTwist and the Internet Storm Center [Guest Diary], (Tue, Aug 20th)
• Instapaper: Unread
  • NIST Releases First Post-Quantum Encryption Algorithms
  • Digital Detectives vs. Android 14 overcoming new forensic challenges
  • The State of Ransomware
  • Secure by Design iOS 18”s privacy evolution and its impact on the DFIR
  • Hacking Wireless Bicycle Shifters
  • Data breach The StormouS group exfiltrates 100GB from the servers of the Italian company Teleco srl
  • Gli hack-tivisti pro Palestina “bucano” la Ferrari
• HACKMAGEDDON
  • 1-15 May 2024 Cyber Attacks Timeline
• Graham Cluley
  • The AI Fix #12: AI made from human brain cells, and is there life after death?
• Schneier on Security
  • Story of an Undercover CIA Agent who Penetrated Al Qaeda
• Security Affairs
  • Experts disclosed a critical information-disclosure flaw in Microsoft Copilot Studio
  • North Korea-linked APT used a new RAT called MoonPeak
  • Pro-Russia group Vermin targets Ukraine with a new malware family
  • A backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows cloning
• Over Security - Cybersecurity news aggregator
  • Man sentenced for hacking state registry to fake his own death
  • Google fixes ninth Chrome zero-day exploited in attacks this year
  • FAA proposes new cybersecurity rules for airplanes
  • Hackers steal banking creds from iOS, Android users via PWA apps
  • Microsoft to roll out Windows Recall to Insiders in October
  • Microsoft to rollout Windows Recall to Insiders in October
  • Financial firm fined $850k for violating SEC cyber rules
  • QNAP adds NAS ransomware protection to latest QTS version
  • Typing these four characters could crash your iPhone
  • Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
  • Phrack hacker zine publishes new edition after three years
  • What is Malware? Understanding, Prevention, and Protection
  • Microchip Technology says operations disrupted by cyberattack
  • August Windows security update breaks dual boot on Linux systems
  • Threat Thursday: STRRat Malware
  • GitHub Enterprise Server vulnerable to critical auth bypass flaw
  • Contrastata nuova campagna Vidar diffusa via PEC
  • Moscow detains scientist suspected of carrying out DDoS attacks on Russia
  • Euro forger who produced EUR 11 million in fake bills arrested in Italy | Europol
  • Rewriting Hysteria: Rising Abuse of URL Rewriting in Phishing - Perception Point
  • ‘Pro-Palestine’ hacking group banned on X as US criticizes Iran over cyberattacks
  • 1-15 May 2024 Cyber Attacks Timeline
  • Phishing laterale: una minaccia crescente per le aziende
  • Exploits and vulnerabilities in Q2 2024
  • MoonPeak malware from North Korean actors unveils new details on attacker infrastructure
  • ~/redTeam/comsvcs-lsass.dump
• Deeplinks
  • Geofence Warrants Are 'Categorically' Unconstitutional | EFFector 36.11
• Securelist
  • Exploits and vulnerabilities in Q2 2024
• The Hacker News
  • Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data
  • North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign
  • It's Time To Untangle the SaaS Ball of Yarn
  • Styx Stealer Creator's OPSEC Fail Leaks Client List and Profit Details
  • New macOS Malware TodoSwift Linked to North Korean Hacking Groups
  • CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait
  • GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk
• Blackhat Library: Hacking techniques and research
  • A curated and opinionated list of hacking with JavaScript resources
  • Is there a DIY/open source version of a Wifi Pineapple?
• Palo Alto Networks Blog
  • AI in OT Security — Balancing Industrial Innovation and Cyber Risk
• TorrentFreak
  • Webtoon Targets 170+ Pirate Domains Through DMCA Subpoena
  • Kakao Reveals Anti-Piracy Successes, Legal Action Against Major Manga Sites
• NetSPI
  • An Introduction to GCPwn – Parts 2 and 3
• The Register - Security
  • You probably want to patch this critical GitHub Enterprise Server bug now
  • 110K domains targeted in 'sophisticated' AWS cloud extortion campaign
  • Russia tells citizens to switch off home surveillance because the Ukrainians are coming
  • Deadbeat dad faked his own death by hacking government databases
  • Chipmaker Microchip reveals cyber attack whacked manufacturing capacity
• 迪哥讲事
  • 让XSS漏洞无处遁形！0x1
• Computer Forensics
  • iCloud collection - especially backups
  • Call For Papers - Hackfest 2024 - Quebec City, Canada
• Technical Information Security Content & Discussion
  • BLUUID: Firewallas, Diabetics, And… Bluetooth
  • Call For Papers - Hackfest 2024 - Quebec City, Canada
• Your Open Hacker Community
  • John the ripper help
  • Get access to a computer
• Deep Web
  • DoingFedTime
  • Looking for a deepweb ai named whispering with the beast
  • I'm finding a person that can do some quick searches for me on deep/dark web, I'm trying to gain information on a particular scientific topic, and I'm checking its legitimacy. I very highly think there's a good amount of info present there about this topic.
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • Understanding Game Theory for Cybersecurity
  • New PG_MEM Malware Targets PostgreSQL Databases to Mine Cryptocurrency Night Sky
  • Understanding Software Exploitation beyond Buffer Overflow
  • learning web pentesting
• Information Security
  • The Inductees May 2024
  • Cyber Briefing 21-08-2024
• Social Engineering
  • How does one get through to people?
• Posts By SpecterOps Team Members - Medium
  • Life at SpecterOps: The Red Team Dream
  • Teach a Man to Phish