[每日信息流] 2024-08-27

[ruohong2018]

每日安全资讯（2024-08-27）

• Files ≈ Packet Storm
  • Debian Security Advisory 5758-1
  • Das U-Boot Buffer Overread
  • Invesalius 3.1 Remote Code Execution
  • Faraday 5.6.0
  • Calibre Web 0.6.21 Cross Site Scripting
  • Ubuntu Security Notice USN-6974-2
  • Helpdeskz 2.0.2 Cross Site Scripting
  • Debian Security Advisory 5757-1
  • SPIP 4.2.11 Code Execution
  • Loan Management System 1.0 SQL Injection
  • Ubuntu Security Notice USN-6973-2
  • Jobs Finder System 1.0 Cross Site Scripting
  • Ubuntu Security Notice USN-6972-3
  • HughesNet HT2000W Satellite Modem Password Reset
  • Human Resource Management System 2024 1.0 Cross Site Scripting
  • Employee Record Management System 1.0 SQL Injection
  • DETS Project 1.0 SQL Injection
  • Aruba 501 CN12G5W0XX Remote Command Execution
  • Bang Resto 1.0 Information Disclosure
  • School Log Management System 1.0 SQL Injection / Code Execution
  • Simple College Website 1.0 SQL Injection / Code Execution
• Security Boulevard
  • Axiad Takes a Leading Role in Microsoft’s FIDO Provisioning API Upgrade
  • Cyber Lingo: What is a firewall?
  • USENIX Security ’23 – ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions
  • Navigating PCI DSS 4.0: Insights from Industry Experts on Client-Side Security
  • Randall Munroe’s XKCD ‘Time Traveler Causes of Death’
  • Getting Started With SPIFFE For Multi-Cloud Secure Workload Authentication
  • USENIX Security ’23 – Jinn: Hijacking Safe Programs with Trojans
  • DoJ Files Complaint Against Georgia Tech Under False Claims Act
  • Enhanced User Access: More Control, More Security with Strobes
  • Miggo Uncovers AWS Load Balancer Security Flaw
• CXSECURITY Database RSS Feed - CXSecurity.com
  • OX App Suite Frontend 7.10.6-rev44 Cross Site Scripting
  • NDTaskmatic-1.0-2024-by Mayuri.K Multiple-SQLi
  • Invesalius 3.1 Remote Code Execution
  • HughesNet HT2000W Satellite Modem Password Reset
  • Calibre Web 0.6.21 Cross Site Scripting
  • Aruba 501 CN12G5W0XX Remote Command Execution
• Tenable Blog
  • CISA Finding: 90% of Initial Access to Critical Infrastructure Is Gained Via Identity Compromise. What Can You Do About It?
• Recent Commits to cve:main
  • Update Mon Aug 26 22:31:08 UTC 2024
  • Update Mon Aug 26 14:39:58 UTC 2024
  • Update Mon Aug 26 06:34:06 UTC 2024
• 安全客-有思想的安全新媒体
  • Telegram 首席执行官 Pavel Durov在法国因涉嫌内容监管不力被捕
  • 美国 CISA 将 Versa Director 漏洞添加到其已知利用漏洞目录中
  • 新型 Linux 恶意软件 ”sedexp” 利用 udev 规则隐藏信用卡盗刷器
  • 黑客可以接管 Ecovacs 家用机器人来监视它们的主人
  • 网络犯罪分子部署新的恶意软件，通过 Android 的近场通信 （NFC） 窃取数据
  • 网络钓鱼攻击通过渐进式网页应用（PWA）针对移动用户
  • 新型投递器PEAKLIGHT Downloader 部署在针对 Windows 的恶意电影下载攻击中
  • 新恶意软件 Cthulhu Stealer 以 Apple macOS 用户为目标
  • 谷歌 Chrome 浏览器更新修复了被恶意利用的漏洞（CVE-2024-7971）
  • 职场黑神话：TA竟让天命打工人秒变苦命猴子
• Trustwave Blog
  • Trustwave Data Reveals HTML Attachments, QR Codes, and BEC as Top Email Attack Vectors
• Twitter @Nicolas Krassas
  • Microsoft: Exchange Online mistakenly tags emails as malware https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-mistakenly-tags...
  • Versa fixes Director zero-day vulnerability exploited in attacks https://www.bleepingcomputer.com/news/security/versa-fixes-director-zero-day-vulnerab...
  • SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access https://thehackernews.com/2024/08/sonicwall-issues-critical-pa...
  • Seattle-Tacoma Airport Suffers System Outages Due to Possible Cyberattack https://www.darkreading.com/cyberattacks-data-breaches/seattle-tacoma-airpor...
  • AMD internal data reportedly offered for sale https://go.theregister.com/feed/www.theregister.com/2024/08/26/amd_internal_data_intelbroker/
  • Uber fined $325 million for moving driver data from Europe to US https://www.bleepingcomputer.com/news/legal/uber-fined-325-million-for-moving-driver-...
  • Styx Stealer Creator's OPSEC Fail Leaks Client List and Profit Details https://thehackernews.com/2024/08/styx-stealer-creators-opsec-fail-leaks.html
  • SonicWall warns of critical access control flaw in SonicOS https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-access-control-f...
  • US Sues Georgia Tech Over Alleged Cybersecurity Failings https://packetstormsecurity.com/news/view/36253/US-Sues-Georgia-Tech-Over-Alleged-Cybersecuri...
  • Microsoft To Host Security Summit After CrowdStrike Disaster https://packetstormsecurity.com/news/view/36254/Microsoft-To-Host-Security-Summit-After-C...
  • Major Backdoor In Millions Of RFID Cards Allows Instant Cloning https://packetstormsecurity.com/news/view/36255/Major-Backdoor-In-Millions-Of-RFID-Car...
  • Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware https://unit42.paloaltonetworks.com/shinyhunters-ransomware-e...
  • smbclient-ng, a fast and user friendly way to interact with SMB shares. https://github.com/p0dalirius/smbclient-ng
  • .NET assembly loader with patchless AMSI and ETW bypass https://github.com/VoldeSec/PatchlessCLRLoader
  • Tenzir is the data pipeline engine for security teams. https://github.com/tenzir/tenzir
  • Modular cross-platform Microsoft Graph API (Entra, o365, and Intune) enumeration and exploitation toolkit https://github.com/mlcsec/Graphpython
  • Kernel exploit for Xbox SystemOS using CVE-2024-30088 https://github.com/exploits-forsale/collateral-damage
  • Another shellcode runner https://github.com/b1tg/rs-shellcode
  • Multi-sandwich attack with MongoDB Object ID or the scenario for real-time monitoring of web application invitations: a new use case for the sandwich ...
  • gpu poisoning; hide the payload inside the gpu memory. https://github.com/H1d3r/GPU_ShellCode
• The DFIR Report
  • BlackSuit Ransomware
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • KCon 2024大会：同道携手并进 技术引领行业变革
  • 安全动态回顾|北京市国家网络安全宣传周网络安全作品征集活动开始 石油巨头Halliburton遭受网络攻击导致系统关闭
  • 客观看，有序防，拒绝漏洞PUA
  • 基于邮箱的域名欺骗攻击（利用解析器绕过访问控制）
• SecWiki News
  • SecWiki News 2024-08-26 Review
• obaby@mars
  • PIP Chill–更精简的依赖包导出工具
• Bug Bounty in InfoSec Write-ups on Medium
  • Solving the Prompt Airlines CTF
  • How I Got an Appreciation Letter from NASA for Finding a Simple Bug
  • Finding SSRF BY Full Automation
• SpiderLabs Blog
  • The Willy Wonka World of Application Security Defenses
• Malwarebytes
  • PSA: These ‘Microsoft Support’ ploys may just fool you
  • Move over malware: Why one teen is more worried about AI (re-air) (Lock and Code S05E18)
  • A week in security (August 19 – August 25)
• Reverse Engineering
  • /r/ReverseEngineering's Weekly Questions Thread
  • How To Reverse Engineer / Patch Android Applications (FULL GUIDE 2024)
  • Automated Bug Hunting With Semgrep (Ghidra Example Included)
  • Reversed API of TikTok to make a TTY / CLI open source client 🤣
• 安全牛
  • COBIT框架下的AI安全治理与优化
  • 《黑神话：悟空》火爆导致Steam崩溃？官方回应：受到DDoS攻击 ；新型安卓恶意软件可利用NFC技术窃取银行卡信息 | 牛览
  • KCon 2024大会：同道携手并进 技术引领行业变革
  • 海云安受邀出席第五期移动互联网App产品安全漏洞技术沙龙并发表主题演讲
  • 大模型在应用开发安全左移实践
• FreeBuf网络安全行业门户
  • FreeBuf早报 | Telegram 回应CEO在法被捕；澳大利亚成立新的网络司令部
  • 专访樊正懿 | 从IT到外企DPO，历经九次跳槽，因降本增效险遭职业生涯“滑铁卢”？
  • 审计发现 FBI 的数据存储管理存在重大漏洞
  • 网络身份证是强制，会影响正常上网？公安部详细回应
  • FreeBuf 全球网络安全产业投融资观察（7月）
  • 新型 Linux 恶意软件 “sedexp ”利用 Udev 规则隐藏信用卡盗刷器
  • 又一全新恶意软件曝光！专门针对Windows、Linux 和 macOS 用户
• 奇客Solidot–传递最新科技情报
  • 马克龙表示对 Pavel Durov 的逮捕与政治动机无关
  • 中国科技巨头的 AI 支出增加了一倍
  • 复旦微电子的 RFID 芯片被发现使用相同密钥
  • 拯救被遗忘的音乐
  • 后门通过 DNS 流量与 CC 服务器通信
  • 台湾执法部门突击搜查盗版 IPTV 运营者
  • IBM 关闭中国研发部门
  • 澳大利亚工人下班后有权拒绝工作邮件和工作电话
  • Threads 测试允许帖子在 24 小时后消失
• 黑海洋 - WIKI
  • 黑群晖那么多型号 我应该选哪一个 ？黑群晖型号选择教程
  • 免费文本转图像生成器，无限次数：Free AI FLUX Image Generator
• 奇安信威胁情报中心
  • Operation DevilTiger：APT-Q-12 使用 0day 漏洞技战术披露
• 安全内参
  • 意大利对东风汽车设厂提出网络安全与数据保护要求
  • 澳大利亚成立新网络司令部
• 技可达工作室
  • 加密货币量化分析学习记录一
• 虎符智库
  • 一体化vs.模块化，谁才是SOC的未来？
• 安全研究GoSSIP
  • RISC-V is Inevitable —— RISC-V 中国峰会 2024 参会小记
• 安全牛
  • 《黑神话：悟空》火爆导致Steam崩溃？官方回应：受到DDoS攻击 ；新型安卓恶意软件可利用NFC技术窃取银行卡信息 | 牛览
  • COBIT框架下的AI安全治理与优化
• 补天平台
  • 与补天众测一起共创团圆时刻！
• 极客公园
  • 逛遍世界机器人大会，「人形机器人」离我们还有多远？
  • OpenAI、Perplexity 都在用的 AI 编辑器，成了硅谷码农最爱
  • 「黑悟空」崩溃内幕：网络攻击暴增2万倍；微软AI码农平均薪酬高达270万；卡戴珊版Beats耳机开卖｜极客早知道
• dotNet安全矩阵
  • .NET 一款通过白名单程序执行命令的工具
  • 2024hvv | 32套.NET系统漏洞威胁情报(08.26更新)
  • .NET内网实战：通过回调函数执行Shellcode
• 山石网科安全技术研究院
  • 山石网科安研院第一季度原创技术文章合辑
• 嘶吼专业版
  • 数据勒索团伙利用虚假 Windows 更新屏幕隐藏数据窃取行为
  • 北京市国家网络安全宣传周网络安全作品征集活动开始 石油巨头Halliburton遭受网络攻击导致系统关闭
• 微步在线
  • 又捕获一起0day！这次是禅道RCE
• 中国信息安全
  • 全球视野 | 国际网安快讯（第25期）
  • 关注 | 天融信携手山东大学成立网络空间安全实战人才实践基地，李雪莹博士受聘为山东大学兼职特聘教授
  • 专家观点 | 人工智能的意识形态风险审视
  • 评论 | 反网暴有法可依
  • 聚焦 | 第十三届KCon大会携手“同道”探讨应对之道
  • 聚焦 | XCon2024安全焦点信息安全技术峰会在京成功举办
  • 国际 | 澳成立新网络司令部
• 情报分析师
  • 英美情报机构社交媒体布局：公众互动与信息传播策略分析
  • 【分析报告】库尔斯克之后的北约行动能力
• 代码卫士
  • LiteSpeed Cache 插件中的严重漏洞正遭利用
  • Telegram 创始人 Pavel Durov 因缺乏内容审核被捕
• 关键基础设施安全应急响应中心
  • 关键基础设施安全资讯周报20240826期
  • 大模型的安全发展与治理思考
  • 筑牢安全防线 加强跨境数据流动治理
• CNCERT国家工程研究中心
  • CNCERT国家工程研究中心安全资讯周报20240826期
  • PWA网络钓鱼，针对Android、iOS金融欺诈活动
  • 黑客现形记！著名黑客USDoD真实身份确定！
• Beacon Tower Lab
  • 【0826】重保演习每日情报汇总
• NOVASEC
  • 配置afrog的RevSuit
• CNVD漏洞平台
  • CNVD漏洞周报2024年第34期
  • 上周关注度较高的产品安全漏洞(20240819-20240825)
• 娜璋AI安全之家
  • [漏洞挖掘与防护] 03.漏洞利用之WinRAR安全缺陷复现（CVE-2018-20250）及软件自启动分析
• Securityinfo.it
  • Aumentano gli attacchi che sfruttano le vulnerabilità dei driver Windows
  • CERT-AGID 17 luglio – 23 agosto: INPS e pubblica amministrazione nel mirino
• 复旦白泽战队
  • 复旦白泽天梯核心价值观专项天梯结果出炉
• Over Security - Cybersecurity news aggregator
  • First Commonwealth Federal Credit Union: What Is the Situation Two Months After the Data Breach?
  • Google tags a tenth Chrome zero-day as exploited this year
  • California credit union confirms 726k affected by June ransomware attack
  • Patelco notifies 726,000 customers of ransomware data breach
  • Microsoft: Exchange Online mistakenly tags emails as malware
  • Telegram says arrested CEO has ‘nothing to hide’ as France reportedly extends his detention
  • Uber fined $325 million for moving driver data from Europe to US
  • Versa fixes Director zero-day vulnerability exploited in attacks
  • In a Kyiv hangar, Ukraine launches a cyber range for everyone
  • Dutch data privacy regulator fines Uber $324 million for failing to adhere to GDPR
  • Remote Work: A Ticking Time Bomb Waiting to be Exploited
  • SonicWall warns of critical access control flaw in SonicOS
  • Researchers warn of text scams that send drivers fake bills for highway tolls
  • Seattle's airport, seaport isolate systems after cyberattack
  • Seattle-Tacoma Airport IT systems down due to a cyberattack
  • Aumentano gli attacchi che sfruttano le vulnerabilità dei driver Windows
  • How to tell if your online accounts have been hacked
  • The SAML Exploit That Could Take Down GitHub: What You Need to Know About CVE-2024-6800
  • Weekly IT Vulnerability Report for August 20, 2024: Urgent Fixes Recommended for GitHub, PHP, Windows, and SAP
  • Unveiling the Top 4 Cyber Threats in 2024
  • SPHINCS+: firma digitale stateless basata sulle hash
  • CERT-AGID 17 luglio – 23 agosto: INPS e pubblica amministrazione nel mirino
  • BlackSuit Ransomware
• Il Disinformatico
  • Terremoto su Telegram, arrestato in Francia Pavel Durov
• ICT Security Magazine
  • Telegram, arrestato Pavel Durov
• SANS Internet Storm Center, InfoCON: green
  • From Highly Obfuscated Batch File to XWorm and Redline, (Mon, Aug 26th)
  • ISC Stormcast For Monday, August 26th, 2024 https://isc.sans.edu/podcastdetail/9112, (Mon, Aug 26th)
• 字节跳动技术团队
  • 魔方最新黑科技！全球首个语音指挥 FPS AI 队友 F.A.C.U.L. 亮相科隆｜AGI 掘金资讯
• TorrentFreak
  • Piracy Shield 2.0 in Doubt For 2024 , TV Manufacturers Urged to Ban VPN
  • Pssst… Want to Snitch on Sellers of Pirate Streaming Services?
• The Register - Security
  • Microsoft mistake blows up admins' inboxes with fake malware alerts
  • Watchdog warns FBI is sloppy on secure data storage and destruction
  • Seattle airport 'possible cyberattack' snarls travel yet again
  • AMD internal data reportedly offered for sale
  • 31.5M invoices, contracts, patient consent forms, and more exposed to the internet
  • Alleged Karakut ransomware scumbag charged in US
• Tor Project blog
  • Wikileaks: A case study on journalism and encryption
• Unsupervised Learning
  • From UL: World Model + Next Token Prediction = Answer Prediction
  • The Real Problem With the Job Market
• Information Security
  • Hardware Backdoor in MIFARE Classic Cards: Implications for Access Control Systems
• Computer Forensics
  • From SOC to DFIR
  • Volatility Vs MemProcFS
  • Detecting c2 plant in memory dump
  • FOR585 (GASF) Practice Test Request
• Technical Information Security Content & Discussion
  • GNU/Linux Sandboxing - A Brief Review
  • Automated Bug Hunting With Semgrep
• Schneier on Security
  • US Federal Court Rules Against Geofence Warrants
• Security Affairs
  • Google addressed the tenth actively exploited Chrome zero-day this year
  • SonicWall addressed an improper access control issue in its firewalls
  • A cyberattack impacted operations at the Port of Seattle and Sea-Tac Airport
  • Linux malware sedexp uses udev rules for persistence and evasion
• Deep Web
  • Where is this video from?
  • Did coinmam rip me off?
  • Out of the Loop
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • Free Cybersecurity Training from Microsoft, Splunk, and Fortinet
• The Hacker News
  • SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
  • Dutch Regulator Fines Uber €290 Million for GDPR Violations in Data Transfers to U.S.
  • Unpacking Slack Hacks: 6 Ways to Protect Sensitive Data with Secure Collaboration
  • Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms
  • Critical Flaws in Traccar GPS System Expose Users to Remote Attacks
  • New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards
• Security Weekly Podcast Network (Audio)
  • The Changing Risk Landscape: CISO Liability - Darren Shou - BSW #362