issues
search
ruohong2018
/
ruohong2018.github.io
GNU General Public License v3.0
29
stars
3
forks
source link
[每日信息流] 2024-08-27
#563
Open
ruohong2018
opened
3 weeks ago
ruohong2018
commented
3 weeks ago
每日安全资讯(2024-08-27)
Files ≈ Packet Storm
Debian Security Advisory 5758-1
Das U-Boot Buffer Overread
Invesalius 3.1 Remote Code Execution
Faraday 5.6.0
Calibre Web 0.6.21 Cross Site Scripting
Ubuntu Security Notice USN-6974-2
Helpdeskz 2.0.2 Cross Site Scripting
Debian Security Advisory 5757-1
SPIP 4.2.11 Code Execution
Loan Management System 1.0 SQL Injection
Ubuntu Security Notice USN-6973-2
Jobs Finder System 1.0 Cross Site Scripting
Ubuntu Security Notice USN-6972-3
HughesNet HT2000W Satellite Modem Password Reset
Human Resource Management System 2024 1.0 Cross Site Scripting
Employee Record Management System 1.0 SQL Injection
DETS Project 1.0 SQL Injection
Aruba 501 CN12G5W0XX Remote Command Execution
Bang Resto 1.0 Information Disclosure
School Log Management System 1.0 SQL Injection / Code Execution
Simple College Website 1.0 SQL Injection / Code Execution
Security Boulevard
Axiad Takes a Leading Role in Microsoft’s FIDO Provisioning API Upgrade
Cyber Lingo: What is a firewall?
USENIX Security ’23 – ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions
Navigating PCI DSS 4.0: Insights from Industry Experts on Client-Side Security
Randall Munroe’s XKCD ‘Time Traveler Causes of Death’
Getting Started With SPIFFE For Multi-Cloud Secure Workload Authentication
USENIX Security ’23 – Jinn: Hijacking Safe Programs with Trojans
DoJ Files Complaint Against Georgia Tech Under False Claims Act
Enhanced User Access: More Control, More Security with Strobes
Miggo Uncovers AWS Load Balancer Security Flaw
CXSECURITY Database RSS Feed - CXSecurity.com
OX App Suite Frontend 7.10.6-rev44 Cross Site Scripting
NDTaskmatic-1.0-2024-by Mayuri.K Multiple-SQLi
Invesalius 3.1 Remote Code Execution
HughesNet HT2000W Satellite Modem Password Reset
Calibre Web 0.6.21 Cross Site Scripting
Aruba 501 CN12G5W0XX Remote Command Execution
Tenable Blog
CISA Finding: 90% of Initial Access to Critical Infrastructure Is Gained Via Identity Compromise. What Can You Do About It?
Recent Commits to cve:main
Update Mon Aug 26 22:31:08 UTC 2024
Update Mon Aug 26 14:39:58 UTC 2024
Update Mon Aug 26 06:34:06 UTC 2024
安全客-有思想的安全新媒体
Telegram 首席执行官 Pavel Durov在法国因涉嫌内容监管不力被捕
美国 CISA 将 Versa Director 漏洞添加到其已知利用漏洞目录中
新型 Linux 恶意软件 ”sedexp” 利用 udev 规则隐藏信用卡盗刷器
黑客可以接管 Ecovacs 家用机器人来监视它们的主人
网络犯罪分子部署新的恶意软件,通过 Android 的近场通信 (NFC) 窃取数据
网络钓鱼攻击通过渐进式网页应用(PWA)针对移动用户
新型投递器PEAKLIGHT Downloader 部署在针对 Windows 的恶意电影下载攻击中
新恶意软件 Cthulhu Stealer 以 Apple macOS 用户为目标
谷歌 Chrome 浏览器更新修复了被恶意利用的漏洞(CVE-2024-7971)
职场黑神话:TA竟让天命打工人秒变苦命猴子
Trustwave Blog
Trustwave Data Reveals HTML Attachments, QR Codes, and BEC as Top Email Attack Vectors
Twitter @Nicolas Krassas
Microsoft: Exchange Online mistakenly tags emails as malware https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-mistakenly-tags...
Versa fixes Director zero-day vulnerability exploited in attacks https://www.bleepingcomputer.com/news/security/versa-fixes-director-zero-day-vulnerab...
SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access https://thehackernews.com/2024/08/sonicwall-issues-critical-pa...
Seattle-Tacoma Airport Suffers System Outages Due to Possible Cyberattack https://www.darkreading.com/cyberattacks-data-breaches/seattle-tacoma-airpor...
AMD internal data reportedly offered for sale https://go.theregister.com/feed/www.theregister.com/2024/08/26/amd_internal_data_intelbroker/
Uber fined $325 million for moving driver data from Europe to US https://www.bleepingcomputer.com/news/legal/uber-fined-325-million-for-moving-driver-...
Styx Stealer Creator's OPSEC Fail Leaks Client List and Profit Details https://thehackernews.com/2024/08/styx-stealer-creators-opsec-fail-leaks.html
SonicWall warns of critical access control flaw in SonicOS https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-access-control-f...
US Sues Georgia Tech Over Alleged Cybersecurity Failings https://packetstormsecurity.com/news/view/36253/US-Sues-Georgia-Tech-Over-Alleged-Cybersecuri...
Microsoft To Host Security Summit After CrowdStrike Disaster https://packetstormsecurity.com/news/view/36254/Microsoft-To-Host-Security-Summit-After-C...
Major Backdoor In Millions Of RFID Cards Allows Instant Cloning https://packetstormsecurity.com/news/view/36255/Major-Backdoor-In-Millions-Of-RFID-Car...
Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware https://unit42.paloaltonetworks.com/shinyhunters-ransomware-e...
smbclient-ng, a fast and user friendly way to interact with SMB shares. https://github.com/p0dalirius/smbclient-ng
.NET assembly loader with patchless AMSI and ETW bypass https://github.com/VoldeSec/PatchlessCLRLoader
Tenzir is the data pipeline engine for security teams. https://github.com/tenzir/tenzir
Modular cross-platform Microsoft Graph API (Entra, o365, and Intune) enumeration and exploitation toolkit https://github.com/mlcsec/Graphpython
Kernel exploit for Xbox SystemOS using CVE-2024-30088 https://github.com/exploits-forsale/collateral-damage
Another shellcode runner https://github.com/b1tg/rs-shellcode
Multi-sandwich attack with MongoDB Object ID or the scenario for real-time monitoring of web application invitations: a new use case for the sandwich ...
gpu poisoning; hide the payload inside the gpu memory. https://github.com/H1d3r/GPU_ShellCode
The DFIR Report
BlackSuit Ransomware
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
KCon 2024大会:同道携手并进 技术引领行业变革
安全动态回顾|北京市国家网络安全宣传周网络安全作品征集活动开始 石油巨头Halliburton遭受网络攻击导致系统关闭
客观看,有序防,拒绝漏洞PUA
基于邮箱的域名欺骗攻击(利用解析器绕过访问控制)
SecWiki News
SecWiki News 2024-08-26 Review
obaby@mars
PIP Chill–更精简的依赖包导出工具
Bug Bounty in InfoSec Write-ups on Medium
Solving the Prompt Airlines CTF
How I Got an Appreciation Letter from NASA for Finding a Simple Bug
Finding SSRF BY Full Automation
SpiderLabs Blog
The Willy Wonka World of Application Security Defenses
Malwarebytes
PSA: These ‘Microsoft Support’ ploys may just fool you
Move over malware: Why one teen is more worried about AI (re-air) (Lock and Code S05E18)
A week in security (August 19 – August 25)
Reverse Engineering
/r/ReverseEngineering's Weekly Questions Thread
How To Reverse Engineer / Patch Android Applications (FULL GUIDE 2024)
Automated Bug Hunting With Semgrep (Ghidra Example Included)
Reversed API of TikTok to make a TTY / CLI open source client 🤣
安全牛
COBIT框架下的AI安全治理与优化
《黑神话:悟空》火爆导致Steam崩溃?官方回应:受到DDoS攻击 ;新型安卓恶意软件可利用NFC技术窃取银行卡信息 | 牛览
KCon 2024大会:同道携手并进 技术引领行业变革
海云安受邀出席第五期移动互联网App产品安全漏洞技术沙龙并发表主题演讲
大模型在应用开发安全左移实践
FreeBuf网络安全行业门户
FreeBuf早报 | Telegram 回应CEO在法被捕;澳大利亚成立新的网络司令部
专访樊正懿 | 从IT到外企DPO,历经九次跳槽,因降本增效险遭职业生涯“滑铁卢”?
审计发现 FBI 的数据存储管理存在重大漏洞
网络身份证是强制,会影响正常上网?公安部详细回应
FreeBuf 全球网络安全产业投融资观察(7月)
新型 Linux 恶意软件 “sedexp ”利用 Udev 规则隐藏信用卡盗刷器
又一全新恶意软件曝光!专门针对Windows、Linux 和 macOS 用户
奇客Solidot–传递最新科技情报
马克龙表示对 Pavel Durov 的逮捕与政治动机无关
中国科技巨头的 AI 支出增加了一倍
复旦微电子的 RFID 芯片被发现使用相同密钥
拯救被遗忘的音乐
后门通过 DNS 流量与 CC 服务器通信
台湾执法部门突击搜查盗版 IPTV 运营者
IBM 关闭中国研发部门
澳大利亚工人下班后有权拒绝工作邮件和工作电话
Threads 测试允许帖子在 24 小时后消失
黑海洋 - WIKI
黑群晖那么多型号 我应该选哪一个 ?黑群晖型号选择教程
免费文本转图像生成器,无限次数:Free AI FLUX Image Generator
奇安信威胁情报中心
Operation DevilTiger:APT-Q-12 使用 0day 漏洞技战术披露
安全内参
意大利对东风汽车设厂提出网络安全与数据保护要求
澳大利亚成立新网络司令部
技可达工作室
加密货币量化分析学习记录一
虎符智库
一体化vs.模块化,谁才是SOC的未来?
安全研究GoSSIP
RISC-V is Inevitable —— RISC-V 中国峰会 2024 参会小记
安全牛
《黑神话:悟空》火爆导致Steam崩溃?官方回应:受到DDoS攻击 ;新型安卓恶意软件可利用NFC技术窃取银行卡信息 | 牛览
COBIT框架下的AI安全治理与优化
补天平台
与补天众测一起共创团圆时刻!
极客公园
逛遍世界机器人大会,「人形机器人」离我们还有多远?
OpenAI、Perplexity 都在用的 AI 编辑器,成了硅谷码农最爱
「黑悟空」崩溃内幕:网络攻击暴增2万倍;微软AI码农平均薪酬高达270万;卡戴珊版Beats耳机开卖|极客早知道
dotNet安全矩阵
.NET 一款通过白名单程序执行命令的工具
2024hvv | 32套.NET系统漏洞威胁情报(08.26更新)
.NET内网实战:通过回调函数执行Shellcode
山石网科安全技术研究院
山石网科安研院第一季度原创技术文章合辑
嘶吼专业版
数据勒索团伙利用虚假 Windows 更新屏幕隐藏数据窃取行为
北京市国家网络安全宣传周网络安全作品征集活动开始 石油巨头Halliburton遭受网络攻击导致系统关闭
微步在线
又捕获一起0day!这次是禅道RCE
中国信息安全
全球视野 | 国际网安快讯(第25期)
关注 | 天融信携手山东大学成立网络空间安全实战人才实践基地,李雪莹博士受聘为山东大学兼职特聘教授
专家观点 | 人工智能的意识形态风险审视
评论 | 反网暴有法可依
聚焦 | 第十三届KCon大会携手“同道”探讨应对之道
聚焦 | XCon2024安全焦点信息安全技术峰会在京成功举办
国际 | 澳成立新网络司令部
情报分析师
英美情报机构社交媒体布局:公众互动与信息传播策略分析
【分析报告】库尔斯克之后的北约行动能力
代码卫士
LiteSpeed Cache 插件中的严重漏洞正遭利用
Telegram 创始人 Pavel Durov 因缺乏内容审核被捕
关键基础设施安全应急响应中心
关键基础设施安全资讯周报20240826期
大模型的安全发展与治理思考
筑牢安全防线 加强跨境数据流动治理
CNCERT国家工程研究中心
CNCERT国家工程研究中心安全资讯周报20240826期
PWA网络钓鱼,针对Android、iOS金融欺诈活动
黑客现形记!著名黑客USDoD真实身份确定!
Beacon Tower Lab
【0826】重保演习每日情报汇总
NOVASEC
配置afrog的RevSuit
CNVD漏洞平台
CNVD漏洞周报2024年第34期
上周关注度较高的产品安全漏洞(20240819-20240825)
娜璋AI安全之家
[漏洞挖掘与防护] 03.漏洞利用之WinRAR安全缺陷复现(CVE-2018-20250)及软件自启动分析
Securityinfo.it
Aumentano gli attacchi che sfruttano le vulnerabilità dei driver Windows
CERT-AGID 17 luglio – 23 agosto: INPS e pubblica amministrazione nel mirino
复旦白泽战队
复旦白泽天梯核心价值观专项天梯结果出炉
Over Security - Cybersecurity news aggregator
First Commonwealth Federal Credit Union: What Is the Situation Two Months After the Data Breach?
Google tags a tenth Chrome zero-day as exploited this year
California credit union confirms 726k affected by June ransomware attack
Patelco notifies 726,000 customers of ransomware data breach
Microsoft: Exchange Online mistakenly tags emails as malware
Telegram says arrested CEO has ‘nothing to hide’ as France reportedly extends his detention
Uber fined $325 million for moving driver data from Europe to US
Versa fixes Director zero-day vulnerability exploited in attacks
In a Kyiv hangar, Ukraine launches a cyber range for everyone
Dutch data privacy regulator fines Uber $324 million for failing to adhere to GDPR
Remote Work: A Ticking Time Bomb Waiting to be Exploited
SonicWall warns of critical access control flaw in SonicOS
Researchers warn of text scams that send drivers fake bills for highway tolls
Seattle's airport, seaport isolate systems after cyberattack
Seattle-Tacoma Airport IT systems down due to a cyberattack
Aumentano gli attacchi che sfruttano le vulnerabilità dei driver Windows
How to tell if your online accounts have been hacked
The SAML Exploit That Could Take Down GitHub: What You Need to Know About CVE-2024-6800
Weekly IT Vulnerability Report for August 20, 2024: Urgent Fixes Recommended for GitHub, PHP, Windows, and SAP
Unveiling the Top 4 Cyber Threats in 2024
SPHINCS+: firma digitale stateless basata sulle hash
CERT-AGID 17 luglio – 23 agosto: INPS e pubblica amministrazione nel mirino
BlackSuit Ransomware
Il Disinformatico
Terremoto su Telegram, arrestato in Francia Pavel Durov
ICT Security Magazine
Telegram, arrestato Pavel Durov
SANS Internet Storm Center, InfoCON: green
From Highly Obfuscated Batch File to XWorm and Redline, (Mon, Aug 26th)
ISC Stormcast For Monday, August 26th, 2024 https://isc.sans.edu/podcastdetail/9112, (Mon, Aug 26th)
字节跳动技术团队
魔方最新黑科技!全球首个语音指挥 FPS AI 队友 F.A.C.U.L. 亮相科隆|AGI 掘金资讯
TorrentFreak
Piracy Shield 2.0 in Doubt For 2024 , TV Manufacturers Urged to Ban VPN
Pssst… Want to Snitch on Sellers of Pirate Streaming Services?
The Register - Security
Microsoft mistake blows up admins' inboxes with fake malware alerts
Watchdog warns FBI is sloppy on secure data storage and destruction
Seattle airport 'possible cyberattack' snarls travel yet again
AMD internal data reportedly offered for sale
31.5M invoices, contracts, patient consent forms, and more exposed to the internet
Alleged Karakut ransomware scumbag charged in US
Tor Project blog
Wikileaks: A case study on journalism and encryption
Unsupervised Learning
From UL: World Model + Next Token Prediction = Answer Prediction
The Real Problem With the Job Market
Information Security
Hardware Backdoor in MIFARE Classic Cards: Implications for Access Control Systems
Computer Forensics
From SOC to DFIR
Volatility Vs MemProcFS
Detecting c2 plant in memory dump
FOR585 (GASF) Practice Test Request
Technical Information Security Content & Discussion
GNU/Linux Sandboxing - A Brief Review
Automated Bug Hunting With Semgrep
Schneier on Security
US Federal Court Rules Against Geofence Warrants
Security Affairs
Google addressed the tenth actively exploited Chrome zero-day this year
SonicWall addressed an improper access control issue in its firewalls
A cyberattack impacted operations at the Port of Seattle and Sea-Tac Airport
Linux malware sedexp uses udev rules for persistence and evasion
Deep Web
Where is this video from?
Did coinmam rip me off?
Out of the Loop
netsecstudents: Subreddit for students studying Network Security and its related subjects
Free Cybersecurity Training from Microsoft, Splunk, and Fortinet
The Hacker News
SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
Dutch Regulator Fines Uber €290 Million for GDPR Violations in Data Transfers to U.S.
Unpacking Slack Hacks: 6 Ways to Protect Sensitive Data with Secure Collaboration
Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms
Critical Flaws in Traccar GPS System Expose Users to Remote Attacks
New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards
Security Weekly Podcast Network (Audio)
The Changing Risk Landscape: CISO Liability - Darren Shou - BSW #362
每日安全资讯(2024-08-27)