issues
search
ruohong2018
/
ruohong2018.github.io
GNU General Public License v3.0
29
stars
3
forks
source link
[每日信息流] 2024-08-24
#560
Open
ruohong2018
opened
4 weeks ago
ruohong2018
commented
4 weeks ago
每日安全资讯(2024-08-24)
Tenable Blog
Cybersecurity Snapshot: Guide Unpacks Event-Logging Best Practices, as FAA Proposes Stronger Cyber Rules for Airplanes
Security Boulevard
Enhancing School Safety with Cloud Monitor: A Powerful Cyber Safety Protection Tool
Audit: FBI is Losing Track of Storage Devices Holding Sensitive Data
Identities Aren’t for Sale: TSA Biometrics Technology and the Need for Consumer Consent
Pool Your Cybersecurity Resources to Build the Perfect Security Ecosystem
Pig Butchering at Heart of Bank Failure — CEO Gets 24 Years in Jail
CVE-2024-38178 Vulnerability within Microsoft Edge
CNAPP found identity problems. How are you fixing them?
The Hidden Dangers of Zombie and Shadow APIs—and Why Only Salt Security Can Tackle Them
Introducing Azure Boards Integration in Strobes
NTLM Credential Theft in Python Windows Applications
SecWiki News
SecWiki News 2024-08-23 Review
Files ≈ Packet Storm
Ray cpu_profile Command Injection
Ray Agent Job Remote Code Execution
DiCal-RED 4009 Information Disclosure
DiCal-RED 4009 Outdated Third Party Components
DiCal-RED 4009 Log Disclosure
DiCal-RED 4009 Path Traversal
DiCal-RED 4009 Cryptography Failure
DiCal-RED 4009 Weak Hashing
DiCal-RED 4009 Missing Authentication
OX App Suite Cross Site Scripting / Denial Of Service
OX App Suite Frontend 7.10.6-rev44 Cross Site Scripting
UFONet 1.9
Ubuntu Security Notice USN-6980-1
Ubuntu Security Notice USN-6978-1
PlantUML 1.2024.6 Cross Site Scripting
Crime Complaints Reporting Management System 1.0 Shell Upload
Courier Management System 1.0 Cross Site Request Forgery
Company Visitor Management 1.0 SQL Injection
CMSsite 1.0 Shell Upload
Red Hat Security Advisory 2024-5446-03
CMS RIMI 1.3 Cross Site Request Forgery / File Upload
Client Management System 1.0 SQL Injection
CCMS Project 1.0 SQL Injection
Biobook Social Networking Site 1.0 SQL Injection
安全客-有思想的安全新媒体
CISA 将大华 IP 摄像头、Linux 内核和 Microsoft Exchange Server 漏洞添加到已知利用漏洞目录中
SolarWinds解决了Web Help Desk中的硬编码凭证问题
新的“ALBeast”漏洞暴露了AWS应用负载均衡器中的弱点
CrowdStrike再次遇到“性能问题”,导致系统运行缓慢
Android 恶意软件使用 NFC 在 ATM 机上窃取资金
网络攻击扰乱了美国芯片制造商Microchip Technology的运营
信息窃取恶意软件在macOS中窃取加密钱包和浏览器凭证
在全球酒店和办公室使用的 RFID 卡中发现了硬件后门
《黑神话:悟空》疯狂24小时:爆火下的网络安全陷阱
严重 GitHub Enterprise Server 身份验证绕过缺漏洞(CVE-2024-6800)已修复
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
循万变·见未来——XCon2024安全焦点信息安全技术峰会在京成功举办
数据勒索团伙利用虚假 Windows 更新屏幕隐藏数据窃取行为
Recent Commits to cve:main
Update Fri Aug 23 22:28:30 UTC 2024
Update Fri Aug 23 14:27:29 UTC 2024
Update Fri Aug 23 06:36:18 UTC 2024
obaby@mars
姐姐,你也不想让别人知道你的秘密吧? — 浅谈 Python 代码加密
cloud world
[译] Range Over Function Types
Horizon3.ai
NTLM Credential Theft in Python Windows Applications
Traccar 5 Remote Code Execution Vulnerabilities
Binary Ninja
Advanced UEFI Analysis with Binary Ninja
ly0n.me
Understanding HTTP Error 500: Internal Server Error
PortSwigger Blog
Try it for yourself: the latest PortSwigger Research from Black Hat USA
SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 34
Reverse Engineering
Just built a simple JavaScript minification and obfuscation tool. Feedback welcome!
Exploit-DB.com RSS Feed
[webapps] Helpdeskz v2.0.2 - Stored XSS
[webapps] Calibre-web 0.6.21 - Stored XSS
Malwarebytes
Fake funeral “live stream” scams target grieving users on Facebook
secret club
Ring Around The Regex: Lessons learned from fuzzing regex libraries (Part 2)
奇客Solidot–传递最新科技情报
因致命蚊传病毒美国小镇建议居民晚上不要外出
研究发现美国政治立场相反的夫妇仅占 8%
全球海平面高度达到有记录以来最高点
Gartner 认为 AGI 至少需要 10 年,可能永远无法实现
微软工程师薪水泄露
狮门影业因捏造影评撤下《大都市》预告
也门军火商在 X 上出售军火
微软计划淘汰 Windows 控制面板
惠普新笔记本捆绑 Google 应用
饮用水含氟量超过推荐限制两倍与儿童 IQ 低相关
FreeBuf网络安全行业门户
FreeBuf 周报 | 网易云音乐崩上热搜;丰田再发数据泄露事件
抽3人送《黑神话:悟空》豪华版!
官方强烈建议更新,关键漏洞影响GitHub Enterprise Server 所有版本
NGate安卓恶意软件可利用 NFC 窃取 ATM 内资金
黑客炫耀世界上最大的ZIP炸弹,达到1148857344 Quettabytes
体验盒子
Flutter使用JsBridge方式处理Webview与H5通信
Black Hills Information Security
How to Perform and Combat Social Engineering
安全牛
信创&密评场景,用统一身份收敛“弱口令”问题
PortSwigger Blog
Try it for yourself: the latest PortSwigger Research from Black Hat USA
代码卫士
思科修复由NSA报送的两个高危漏洞
SolarWinds 修复 Web Help Desk 中的硬编码凭据漏洞
丁爸 情报分析师的工具箱
【AI速读】窥探谎言:一个内鬼分析模型
奇安信病毒响应中心
每周勒索威胁摘要
安全研究GoSSIP
G.O.S.S.I.P 阅读推荐 2024-08-23 All Your Tokens are Belong to Us
网络空间安全科学学报
网安要闻 | 工信部部长:发展卫星互联网,推进第六代移动通信(6G)网络技术研发
中国信息安全
专题·大模型安全 | 大模型的安全发展与治理思考
前沿 | 建设软件物料清单体系的国际经验和自主路径
专家观点 | 人工智能的意识形态风险审视
专家观点 | 筑牢安全防线 加强跨境数据流动治理
评论 | 反网暴有法可依
观点 | 把青少年模式打造成真正的网络安全阀
评论 | 全链条打击治理跨境赌博犯罪
情报分析师
间谍行动背后:美国最令人不安的十个秘密计划
开源情报信息,一网打尽!
数世咨询
深入解析:10大身份认证技术的关键特点
关键基础设施安全应急响应中心
大模型安全风险、防护治理与法治建设
五眼+日韩等多国网络安全机构发布新的事件日志记录和威胁检测最佳实践指南
美国知名军工芯片厂商因网络攻击生产能力受损
字节跳动技术团队
kitexcall:用 JSON 发起 RPC 请求的命令行神器
捏Bot挑战|瓜分30万现金,更有领克Z10一年使用权等你赢!
意念玩《黑神话》指日可待?马斯克脑机接口最新进展,脑后插管打 CS 拼抢三杀!|AGI 掘金资讯
火绒安全
【火绒安全周报】男子伪造死亡证明逃避子女抚养费/丰田再次出现数据泄露
长亭科技
长亭科技朱文雷:为梦想重燃创业引擎,以实战打造智能安全
网安培训|知道你需要,珂兰寺伙伴5期班就来了!
dotNet安全矩阵
.NET安全入门:免杀空间/类/标识符
.NET 一款支持收集6种浏览器数据的工具
2024hvv | 31套.NET系统漏洞威胁情报(08.23更新)
极客公园
车企招了一批「钢铁实习生」,它们是人形机器人进入现实的关键
卖一台 SU7 亏 6 万?小米汽车的账不是这么算的
网易:暴雪其他游戏将陆续回归;极越内部信通报「炮轰雷军亏钱卖车」一事;SpaceX将首次发射零重力薯片 | 极客早知道
Over Security - Cybersecurity news aggregator
DOJ joins suit against Georgia Tech over cybersecurity failures with Defense Department
American Radio Relay League confirms $1 million ransom payment
Microsoft shares temp fix for Linux boot issues on dual-boot systems
Halliburton forced to take systems offline to contain cyberattack
New Windows 10 22H2 beta fixes memory leaks and crashes
Russian arrested in Argentina for laundering money for hackers
Hackers now use AppDomain Injection to drop CobaltStrike beacons
US oil giant Halliburton confirms cyberattack behind systems shutdown
HomeLab #1: ovftool
Suspect in $14 billion cryptocurrency pyramid scheme extradited to China
Local Networks Go Global When Domain Names Collide
Sintesi riepilogativa delle campagne malevole nella settimana del 17 – 23 agosto
Greasy Opal's CAPTCHA solver still serving cybercrime after 16 years
Russian laundering millions for Lazarus hackers arrested in Argentina
Restare davvero anonimi sui social network è più difficile di quanto pensiate - Il Post
Hackers are exploiting critical bug in LiteSpeed Cache plugin
CNCERT国家工程研究中心
Litespeed曝高速缓存漏洞,威胁数百万WordPress网站
GitHub Actions 工件在热门项目中被发现泄露身份验证令牌
“蓝屏事件”阴魂不散,微软安全更新导致Linux系统无法启动
Troy Hunt's Blog
The Trouble with Procurement Departments, Resellers and Stripe
Schneier on Security
Friday Squid Blogging: Self-Healing Materials from Squid Teeth
Take a Selfie Using a NY Surveillance Camera
Surveillance Watch
微步在线
钓客服、打漏洞……钓鱼攻击或进入最后的疯狂
SANS Internet Storm Center, InfoCON: green
Pandas Errors: What encoding are my logs in?, (Fri, Aug 23rd)
ISC Stormcast For Friday, August 23rd, 2024 https://isc.sans.edu/podcastdetail/9110, (Fri, Aug 23rd)
Instapaper: Unread
Decoding Time Leveraging Timestamps in Digital Forensic Investigations
China-linked APT Velvet Ant exploited zero-day to compromise Cisco switches
Andrea Lazzarotto, Digital Forensics Consultant and Developer
Incident Response by the Numbers
Information Security
Browsers that don't use sync encryption present a global privacy issue. Sensitive data is stored on third-party servers and can be opened by service providers. Additionally, bookmarks are stored in plaintext leaving unrestricted access if a computer gets a virus, trojan, malware, or compromised, etc
Slack AI Could be tricked into leaking your Sensitive Data
The Hacker News
New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads
Webinar: Experience the Power of a Must-Have All-in-One Cybersecurity Platform
Focus on What Matters Most: Exposure Management and Your Attack Surface
New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data
New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data
Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group
The Register - Security
US sues Georgia Tech over alleged cybersecurity failings as a Pentagon contractor
Uniting the brightest minds in security, network and cloud
Your Open Hacker Community
I created a complex password by combining three different passwords from a list of 1500 passwords, but I forgot which three.
netsecstudents: Subreddit for students studying Network Security and its related subjects
American Radio Relay League confirms $1 million ransom payment
360数字安全
家人们,咱安全圈可不兴“没苦硬吃”!
职场黑神话:TA竟让天命打工人秒变苦命猴子
Social Engineering
Elicitation
Blackhat Library: Hacking techniques and research
Someone requested 2 factor authentication in SMS to my phone. How can I find out where it was requested from?
Educational series about a hacking syndicate with real-world engagements
Technical Information Security Content & Discussion
How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System
Splitting the email atom: exploiting parsers to bypass access controls
NTLM Credential Theft in Python Windows Applications – Horizon3.ai
Vulnerabilities in Homepage Dashboard - Anvil Secure
Beacon Tower Lab
【0823】重保演习每日情报汇总
Security Affairs
Qilin ransomware steals credentials stored in Google Chrome
Phishing attacks target mobile users via progressive web applications (PWA)
Member of cybercrime group Karakurt charged in the US
New malware Cthulhu Stealer targets Apple macOS users
China-linked APT Velvet Ant exploited zero-day to compromise Cisco switches
TorrentFreak
Pirate IPTV Raid: 150+ Encoders, STBs, and Servers Seized, Operators Arrested
Krebs on Security
Local Networks Go Global When Domain Names Collide
Security Weekly Podcast Network (Audio)
Faking your own death, Fake Reviews, Solar Winds, Recall, Winux, Kubernetes, and More - SWN #409
The end of the road for some cyber startups & making detection actually work! - Vivek Bhandari, Vivek Ramachandran, Mike Lyborg, Brandon Potter - ESW #373
每日安全资讯(2024-08-24)