issues
search
ruohong2018
/
ruohong2018.github.io
GNU General Public License v3.0
29
stars
3
forks
source link
[每日信息流] 2024-08-23
#559
Open
ruohong2018
opened
1 month ago
ruohong2018
commented
1 month ago
每日安全资讯(2024-08-23)
Trustwave Blog
The Power of Multifactor Authentication and a Strong Security Culture
SecWiki News
SecWiki News 2024-08-22 Review
Sucuri Blog
WordPress Websites Used to Distribute ClearFake Trojan Malware
安全客-有思想的安全新媒体
钓鱼特辑(一)真假PPT?现实版“狼人杀”钓鱼
直面天命!丨棱堡计划2024启动
Android/iOS 金融欺诈活动中使用新型网络钓鱼方法
俄勒冈动物园警告超过10万名顾客其支付卡信息可能已被泄露
使用 PoW 诱饵的新型 Vermin 链接网络钓鱼攻击
Styx Stealer Creator 的 OPSEC 失败泄漏客户名单和利润明细
黑客在网络活动中部署新的 MoonPeak 特洛伊木马
调查显示,超过四分之三的技术领导者担心SaaS安全威胁
微软修补暴露敏感数据的 Copilot Studio 漏洞
调查显示多数网络安全专家对GenAI安全措施缺乏信心
新恶意软件PG_MEM针对PostgreSQL数据库进行加密货币挖矿
ISC数字安全生态联盟助力普陀扩大“朋友圈”,打造网安产业发展热土
Recent Commits to cve:main
Update Thu Aug 22 22:25:55 UTC 2024
Update Thu Aug 22 14:37:41 UTC 2024
Update Thu Aug 22 06:30:49 UTC 2024
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
GitHub Actions 工件在热门项目中被发现泄露身份验证令牌
行业首发,私域部署,高效执法!Qiko大模型智能本,打造您的专属业务大模型
Files ≈ Packet Storm
DIAEnergie 1.10 SQL Injection
SPIP 4.2.12 Remote Code Execution
Ubuntu Security Notice USN-6972-2
Ubuntu Security Notice USN-6979-1
Ubuntu Security Notice USN-6977-1
Ubuntu Security Notice USN-6976-1
AVMS Project 1.0 SQL Injection
Online Survey System 1.0 Cross Site Request Forgery
Ubuntu Security Notice USN-6975-1
Online Shopping System Master 1.0 Cross Site Request Forgery
Ubuntu Security Notice USN-6974-1
Ubuntu Security Notice USN-6973-1
Ubuntu Security Notice USN-6972-1
Ubuntu Security Notice USN-6971-1
Ubuntu Security Notice USN-6951-4
Ubuntu Security Notice USN-6950-4
Online Banking System 1.0 Arbitrary File Upload
Online ID Generator 1.0 Cross Site Request Forgery
Red Hat Security Advisory 2024-5749-03
Red Hat Security Advisory 2024-5745-03
Red Hat Security Advisory 2024-5444-03
Red Hat Security Advisory 2024-5442-03
Red Hat Security Advisory 2024-5439-03
Red Hat Security Advisory 2024-5436-03
Red Hat Security Advisory 2024-5433-03
Security Boulevard
How Swimlane Can Help SOC Management
What is Application Security Posture Management (ASPM)
USENIX Security ’23 – ZBCAN: A Zero-Byte CAN Defense System
Report: Manufacturing Remains Atop Cyberattack Leader Board
Unveiling the Power of Clean Data: Informed Decisions Drive Success
The countdown to NIS2 is on: Understand its scope and requirements
INE Security Launches Initiatives to Invest in the Education of Aspiring Cybersecurity Professionals
Randall Munroe’s XKCD ‘Storage Tanks’
‘Netfetcher’ package drops illicit ‘node’ binary on Windows
How Financial Institutions Can Manage Mounting Digital Sovereignty Requirements
Blog - Möbius Strip Reverse Engineering
C++ Unwind Exception Metadata: A Hidden Reverse Engineering Bonanza
obaby@mars
linux 如何定位进程二进制文件路径
PDF 进阶之印章识别
Bug Bounty in InfoSec Write-ups on Medium
Boost Your Bug Bounty Game: Get Started with Free VPS on Krutrim Cloud
Another 1500$: CR/LF Injection
Exposing Database Creds via SVN: A $400 Discovery
Twitter @bytehx
Re @h4x0r_dz Congrats bro 🎉
RT ed: If you aren't using this, you should be https://github.com/p0dalirius/smbclient-ng
GuidePoint Security
The Critical Role of Governance, Risk Management, and Compliance in Operational Technology (OT) in Critical Infrastructure Organizations
SentinelOne
The Strategic CISO | How Risk Management Fundamentals Lead to Success
Sucuri Blog
WordPress Websites Used to Distribute ClearFake Trojan Malware
Malwarebytes
Hundreds of online stores hacked in new campaign
Google patches actively exploited zero-day in Chrome. Update now!
Reverse Engineering
C++ Unwind Metadata: A Hidden Reverse Engineering Bonanza
安全牛
权威认可 | 悬镜源鉴SCA和灵脉SAST首家通过国家工程研究中心与公安部三所等保中心“增强级能力”双认证
行业首发,私域部署,高效执法!Qiko大模型智能本,打造您的专属业务大模型
国家安全机关特别提示:弱口令,高风险,速修改!
错误展示《黑神话悟空》客服电话,必应被曝AI信息抓取与处理存在缺陷;F5官方通告可导致会话固定与资源耗尽的高危安全漏洞 | 牛览
FreeBuf网络安全行业门户
FreeBuf早报 | MIT发布最全AI风险数据库;网安巨头Palo Alto市值逼近万亿规模
为逃避赡养子女义务,美国一男子黑进系统让自己”去世“
Litespeed 曝出高速缓存漏洞,数百万 WordPress 网站面临安全威胁
Dhole Moments
Federated Key Transparency Project Update
奇客Solidot–传递最新科技情报
硅谷 AI 泡沫逐渐消退
在中国出售的游戏机缺乏游戏
微塑料在大脑等人体重要器官里积累
沃尔玛出售所持京东股份
被控欺诈的英国软件公司 Autonomy 创始人 Mike Lynch 死亡
AMD 回应 Zen5 处理器游戏性能未达到承诺的问题
美国油服巨头 Halliburton 遭网络攻击
C 罗成为最快达到千万订阅量的 YouTube 主播
生活在珠峰地区的夏尔巴人担心洪水冲毁家园
X/Twitter 被要求披露股东身份
看雪学苑
2024 KCTF 大赛 | 第四题《神秘信号》设计思路及解析
苹果新Bug:输入四个字符让iPhone崩溃
零基础入门Android漏洞挖掘
奇安信威胁情报中心
近期值得关注的IOC(2024-08-22)
CT Stack 安全社区
【中秋团圆,安全相伴】Xray社区PoC悬赏活动邀您共赏月圆之夜!
代码卫士
谷歌紧急修复今年第9个已遭利用0day
GitHub Enterprise Server 中存在严重的认证漏洞
吾爱破解论坛
【PC样本分析】记录自己的第一次红队钓鱼样本分析
丁爸 情报分析师的工具箱
【资料】印度国防部关注的73个AI项目
【转载】全球独家——美B-21隐形战略轰炸机卫星影像首度曝光
安全内参
巴黎奥运会如何成功保障网络安全?
中科院专家:大模型的安全风险及应对建议
奇安信 CERT
【在野利用】Google Chrome V8 类型混淆漏洞(CVE-2024-7971)安全风险通告
微步在线研究响应中心
知名WAF爆高危RCE,无需交互即可触发
HackerNews
Arden Claims Service 透露数据被盗,139000 人受到影响
Oracle NetSuite 配置错误可能导致数据泄露
为逃避赡养子女义务,美国一男子黑进政府系统伪造死亡证明
覆盖 700 余种风险,MIT 发布最全 AI 风险数据库
“蓝屏事件”阴魂不散,微软安全更新导致 Linux 系统无法启动
石油巨头 Halliburton 遭受大规模网络攻击
GitHub 修补 GitHub Enterprise Server 中的三个漏洞,并建议企业用户紧急修补
乌克兰 CERT-UA 警告:警惕以 PoW 为诱饵的新型 Vermin 相关网络钓鱼攻击
朝鲜黑客在网络活动中部署新型 MoonPeak 木马病毒
Litespeed Cache 漏洞导致数百万 WordPress 网站遭受接管攻击
Flanker论安全
魔形女再袭?最新Android通杀漏洞CVE-2024-31317分析与利用研究
黑海洋 - WIKI
免费白嫖10年VPS-serv00服务器,注册与自动化保号
免费共享Apple ID帐号 小火箭帐号:小优免费ID共享站
黑神话悟空离线完整版+修改器(免安装版)(100G)
UniGetUI带图形界面的Windows包管理器
数世咨询
【干货分享】数世咨询李少鹏:数据(安全)流通的核心逻辑与价值实现
微步在线
攻防过半:最能打的竟然不是0day?
中国信息安全
专题·大模型安全 | 大模型安全风险、防护治理与法治建设
市场监管总局:国家网络交易监管平台建设提速
通知 | 《旅游大数据安全与隐私保护要求(征求意见稿)》公开征求意见(附全文)
专家观点 | 加快推进网络安全创新发展
评论 | 挥法治利剑 斩网暴毒瘤
观点 | 警惕政务数据资产化诱发“数据财政”冲动
关注 | 307名跨境电诈犯罪嫌疑人被移交我方
安全分析与研究
针对一个JAVA套CS马的详细分析
Beacon Tower Lab
【0822】重保演习每日情报汇总
TrustedSec
The Hunter’s Workshop: Mastering the Essentials of Threat Hunting
极客公园
云鲸 J5 的「科学清洁」,让我看到了扫拖一体机器人的下一场变革
日均 Tokens 使用量超 5000 亿,豆包大模型怎么抓住千行百业
给《黑神话:悟空》打一星的外国人,脑子里是怎么想的?
欧盟披露对华电动车反补贴税草案;小米汽车二季度收入同比增长 32%;高盛预测《黑神话:悟空》收入可达 30 亿元
JUMPSEC
Red Teaming vs Penetration Testing: Understanding the Differences
Qualys Security Blog
TotalCloud Insights: When Multi-Factor Authentication Turns Into Single-Factor Authentication
Over Security - Cybersecurity news aggregator
Qilin ransomware now steals credentials from Chrome browsers
WordPress Websites Used to Distribute ClearFake Trojan Malware
Android malware used to steal ATM info from customers at three European banks
No, not every Social Security number in the U.S. was stolen
Ecovacs says it will fix bugs that can be abused to spy on robot owners
New NGate Android malware uses NFC chip to steal credit card data
Microsoft: August updates cause Windows Server boot issues, freezes
New Cheana Stealer Targets VPN Users Across Multiple Operating Systems
Microsoft confirms August updates break Linux boot in dual-boot systems
US charges alleged member of Russian Karakurt ransomware group
Telecom company hit with $1 million penalty over AI-generated fake Biden robocalls
Comprehensive Analysis of Critical Vulnerabilities in Atlassian Products
Google fixes ninth Chrome zero-day exploited in attacks this year
Building a Bulletproof External Financial Fraud Intelligence Program
SolarWinds fixes hardcoded credentials flaw in Web Help Desk
Oil industry giant Halliburton confirms 'issue' following reported cyberattack
Russia calls for restrictions on surveillance cameras, dating apps in cities under attack from Ukraine
U.S. charges Karakurt extortion gang’s “cold case” negotiator
Kremlin blames widespread website disruptions on DDoS attack; digital experts disagree
Nuovo smishing INPS sfrutta un Bot Telegram come C2
Memory corruption vulnerabilities in Suricata and FreeRDP
Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials
网安杂谈
【赠书2本】APP安全实战指南:Android/iosApp安全攻防与合规
DataCon大数据安全分析竞赛
谁还没收到“猴子”呀?《黑神话:悟空》DataCon免费送!
DEF CON Announcements!
Get a DEF CON 32 Badge!
嘶吼专业版
GitHub Actions 工件在热门项目中被发现泄露身份验证令牌
2024年北京市国家网络安全宣传周网络安全作品征集活动开始
bellingcat
Chasing Shadows: Geolocate Images with Bellingcat’s Shadow Finder Tool
情报分析师
声音里隐藏的线索:人工智能只听声音6秒就能描绘你的长相
美国中情局对俄罗斯间谍的招募:策略与技巧
Il Disinformatico
ANTEPRIMA Podcast RSI - Google blocca l’adblocker che blocca gli spot; iPhone, arrivano gli app store alternativi, ma solo in UE
SANS Internet Storm Center, InfoCON: green
OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?, (Thu, Aug 22nd)
ISC Stormcast For Thursday, August 22nd, 2024 https://isc.sans.edu/podcastdetail/9108, (Thu, Aug 22nd)
dotNet安全矩阵
.NET 一款免杀的白名单Shellcode加载器
2024hvv | 30套.NET系统漏洞威胁情报(08.22更新)
.NET 内网攻防实战电子报刊
安全牛
错误展示《黑神话悟空》客服电话,必应被曝AI信息抓取与处理存在缺陷;F5官方通告可导致会话固定与资源耗尽的高危安全漏洞 | 牛览
国家安全机关特别提示:弱口令,高风险,速修改!
Security Current
Emanuel Salmona, Co-founder and CEO, Nagomi Security
Full Disclosure
OXAS-ADV-2024-0003: OX App Suite Security Advisory
OXAS-ADV-2024-0004: OX App Suite Security Advisory
[SYSS-2024-042] DiCal-RED - Exposure of Sensitive Information to an Unauthorized Actor
[SYSS-2024-041] DiCal-RED - Use of Unmaintained Third Party Components
[SYSS-2024-040] DiCal-RED - Improper Authentication
[SYSS-2024-039] DiCal-RED - Path Traversal
[SYSS-2024-038] DiCal-RED - Use of Password Hash Instead of Password for Authentication
[SYSS-2024-037] DiCal-RED - Use of Password Hash With Insufficient Computational Effort
[SYSS-2024-035] DiCal-RED - Missing Authentication for Critical Function
[SYSS-2024-036] DiCal-RED - Missing Authentication for Critical Function
Re: Improper Authentication (CWE-287) CVE-2024-33897
Piano
The Hacker News
Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide
Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control
New 'ALBeast' Vulnerability Exposes Weakness in AWS Application Load Balancer
The Facts About Continuous Penetration Testing and Why It’s Important
Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild
Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access
GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges
New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining
字节跳动技术团队
豆包“听力”水平现场开箱!看Seed-ASR如何突破语音识别瓶颈
微软「小而美」系列三连发!视觉小钢炮 PK GPT-4o,MoE 新秀力压 Llama 3.1|AGI 掘金资讯
Graham Cluley
Hacker leaks upcoming episodes of Netflix shows online following security breach
Over 100,000 Oregon Zoo visitors warned that their payment card details were stolen in security breach
Palo Alto Networks Blog
Incident Response by the Numbers
Instapaper: Unread
Unmasking Fake Emails Essential Techniques for Email Analysis
Memory Forensics Tools Overview
prosch88UFADE Extract files from iOS devices on Linux and MacOS. Mostly a wrapper for pymobiledevice3. Creates iTunes-style backups and advanced logical backups
Russia tells citizens to switch off home surveillance because the Ukrainians are coming
Phrack hacker zine publishes new edition after three years
Telegram è rintracciabile dalla Polizia
Trend Micro Research, News and Perspectives
How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack
Confidence in GenAI: The Zero Trust Approach
Securing the Power of AI, Wherever You Need It
Computer Forensics
are there individual contracting jobs for forensics?
Artifacts for RDP copy and paste
Deep Web
Exchanging BTC for XMR anonymously
Security Affairs
A cyberattack hit US oil giant Halliburton
U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog
SolarWinds fixed a hardcoded credential issue in Web Help Desk
A cyberattack disrupted operations of US chipmaker Microchip Technology
Google addressed the ninth actively exploited Chrome zero-day this year
GitHub fixed a new critical flaw in the GitHub Enterprise Server
迪哥讲事
重定向跳转 -> XSS漏洞 -> 升级高危
Technical Information Security Content & Discussion
Gotta cache 'em all: bending the rules of web cache exploitation
Details about CVE-2024-22263: Spring Cloud Dataflow Arbitrary File Writing
The Register - Security
SolarWinds left critical hardcoded credentials in its Web Help Desk product
CrowdStrike deja vu as 'performance issue' leaves systems sluggish
Halliburton probes 'an issue' disrupting business ops
Ransomware batters critical industries, but takedowns hint at relief
This uni thought it would be a good idea to do a phishing test with a fake Ebola scare
Kick off early Octoberfest with an EUC-fest
Cisco calls for United Nations to revisit cyber crime Convention
Foiling bot attacks with AI-powered telemetry
Securelist
Memory corruption vulnerabilities in Suricata and FreeRDP
TorrentFreak
17-Year-old Student Exposes Germany’s ‘Secret’ Pirate Site Blocklist
Unofficial M3U8 Playlists For Pluto TV, Samsung & Plex, Shut Down By Warner
netsecstudents: Subreddit for students studying Network Security and its related subjects
Help
Security Weekly Podcast Network (Audio)
How do we patch the right things? - Josh Bressers - PSW #840
每日安全资讯(2024-08-23)
Piano