[每日信息流] 2024-09-02

[ruohong2018]

每日安全资讯（2024-09-02）

• Files ≈ Packet Storm
  • Cerberus FTP Server SFTP Username Enumeration
  • Libssh Authentication Bypass Scanner
  • Juniper SSH Backdoor Scanner
  • Apache Karaf Default Credentials Command Execution
  • Eaton Xpert Meter SSH Private Key Exposure Scanner
  • SSH Username Enumeration
  • Fortinet SSH Backdoor Scanner
  • MySQL Authentication Bypass Password Dump
  • DNS Amplification Scanner
  • Novell ZENworks Configuration Management Preboot Service Remote File Access
  • Ray Sharp DVR Password Retriever
  • Dahua DVR Authentication Bypass Scanner
  • Rosewill RXS-3211 IP Camera Password Retriever
  • EasyCafe Server Remote File Access
  • SerComm Network Device Backdoor Detection
  • IBM WebSphere MQ Channel Name Bruteforce
  • OKI Printer Default Login Credential Scanner
  • Multiple DVR Manufacturers Configuration Disclosure
  • Portmapper Amplification Scanner
  • VICIdial Multiple Authenticated SQL Injection
  • A10 Networks AX Loadbalancer Directory Traversal
  • Icingaweb Directory Traversal In Static Library File Requests
  • Microsoft Exchange Privilege Escalation
  • WordPress NextGEN Gallery Directory Read
  • SAP BusinessObjects Web User Bruteforcer
• Recent Commits to cve:main
  • Update Sun Sep 1 22:32:38 UTC 2024
  • Update Sun Sep 1 14:36:31 UTC 2024
  • Update Sun Sep 1 06:38:02 UTC 2024
• SecWiki News
  • SecWiki News 2024-09-01 Review
• CXSECURITY Database RSS Feed - CXSecurity.com
  • Cisco ASA Directory Traversal
  • D-Link User-Agent Backdoor Scanner
  • A10 Networks AX Loadbalancer Directory Traversal
  • WordPress NextGEN Gallery Directory Read
  • SAP BusinessObjects Web User Bruteforcer
• Twitter @Nicolas Krassas
  • The Pentium as a Navajo weaving http://www.righto.com/2024/08/pentium-navajo-fairchild-shiprock.html
  • Cicada3301 ransomware’s Linux encryptor targets VMware ESXi systems https://www.bleepingcomputer.com/news/security/cicada3301-ransomwares-linux-encry...
  • GitHub comments abused to push password stealing malware masked as fixes https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push...
  • An air transport security system flaw allowed to bypass airport security screenings https://securityaffairs.com/167862/hacking/air-transport-security-...
  • HTB: Skyfall https://0xdf.gitlab.io/2024/08/31/htb-skyfall.html
  • PC Floppy Copy Protection: Softguard Superlok https://martypc.blogspot.com/2024/08/pc-floppy-copy-protection-softguard.html
  • Check your IP cameras: There's a new Mirai botnet on the rise https://go.theregister.com/feed/www.theregister.com/2024/08/31/ip_cameras_mirai_botnet/
  • Evasive Phishing Campaign Delivers AsyncRAT and Infostealer https://securityonline.info/evasive-phishing-campaign-delivers-asyncrat-and-infostealer/
  • North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit https://thehackernews.com/2024/08/north-korean-hackers-deploy-fudmodule.html
  • Mobile Verification Toolkit: forensic tool to look for signs of infection in smartphone devices https://meterpreter.org/mobile-verification-toolkit-fo...
• 一个被知识诅咒的人
  • Go语言的编程规则和秘籍
  • Go语言的前世今生与未来展望
• Security Boulevard
  • Happy United States Labor Day 2024 / Feliz Fin de Semana del Día del Trabajo de Estados Unidos 2024 / Joyeux Fin de Semaine de la Fête du Travail aux États-Unis 2024
• modexp
  • Shellcode: API Hashing with Block Ciphers (Maru4)
• Blogs dade
  • Weekly Retro 2024-W35
• Bug Bounty in InfoSec Write-ups on Medium
  • A Story About How I Found XSS in ASUS
  • What is /etc/passwd group shadow file in Linux
  • How to Get Started in Bug Bounty Hunting: A Comprehensive Beginner’s Guide
  • The Discovery of CVE-2024–5947: Authentication Bypass in Deep Sea Electronics DSE855
  • The Hunt for XXE to LFI: How I Uncovered CVE-2019–9670 in a Bug Bounty Program
  • CSRF Bypass Using Domain Confusion Leads To ATO
• Reverse Engineering
  • /r/ReverseEngineering's Triannual Hiring Thread
• Didier Stevens
  • Overview of Content Published in August
• 奇客Solidot–传递最新科技情报
  • 苏丹面临四十年来最严重饥荒
  • 在气候变化的时代生孩子是否是不道德的？
• dotNet安全矩阵
  • .NET内网实战：通过XOML代码绕过防护
  • .NET 安全攻防知识交流社区
  • .NET 一款通过白名单程序执行命令的工具
• 看雪学苑
  • SDC 2024 | 议题投稿即将截止，仅剩10天！
  • 好心群友给的外挂大礼包——记一次远控马分析
  • 【即刻说】第8期 | 极客育儿经
• 安全研究GoSSIP
  • 2024年9月投稿指南
• 丁爸 情报分析师的工具箱
  • 【AI速读】基于OSINT技术的twitter和instagram定位:一个案例研究
• Over Security - Cybersecurity news aggregator
  • Cicada3301 ransomware’s Linux encryptor targets VMware ESXi systems
  • Docker-OSX image used for security research hit by Apple DMCA takedown
  • GitHub comments abused to push password stealing malware masked as fixes
  • Market Moveis - 28,220 breached accounts
  • Intelligenza Artificiale e politica, necessario recuperare gap di conoscenza. Attenzione al dato
• IntelTechniques Blog
  • Digital Guide Updates 2024.09.01
• Troy Hunt's Blog
  • Weekly Update 415
• 极客公园
  • 雷军赠员工「黑悟空」：最好的礼物；被传破产，蔚来：已报警；比亚迪收购德国经销商 | 极客早知道
• Have I Been Pwned latest breaches
  • Market Moveis - 28,220 breached accounts
• LockBoxx
  • Book Review: "The Art of Clear Thinking"
• SANS Internet Storm Center, InfoCON: green
  • Wireshark 4.4: Converting Display Filters to BPF Capture Filters, (Sun, Sep 1st)
• Technical Information Security Content & Discussion
  • WiFi auth with OsmoHLR/SIM cards
• Instapaper: Unread
  • What is an Access Control Lists (ACLs) – A Comprehensive Guide
  • Ethereum Reboots Crypto Investigation
  • Forensic acquisition of ChromeOS devices
  • Spyware, come una cybergang russa sfrutta gli strumenti di Nso group
  • Impronte digitali, perché possono scomparire
• 迪哥讲事
  • 一个$1600赏金奖励的漏洞
• Information Security
  • Command Injection 101: How to spot Command Injection vulnerabilities during Secure Code Review
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • Sec+ study materials??
• Blackhat Library: Hacking techniques and research
  • Command Injection 101: How to spot Command Injection vulnerabilities during Secure Code Review
  • I think i created a secure and private P2P chat app in javascript.
  • A question about the other stuff
• Computer Forensics
  • ASK ALL NON-FORENSIC DATA RECOVERY QUESTIONS HERE
• Your Open Hacker Community
  • john the ripper cracks (but not really?)
  • Kraken - All-in-One Toolkit for BruteForce Attacks
  • book recommendation
• TorrentFreak
  • Fmovies & Aniwave: Will The Masters of Pirate Resurrection Rise Again?
  • TorrentGalaxy Spooks Users with More ‘Downtime’
• Security Affairs
  • An air transport security system flaw allowed to bypass airport security screenings
  • SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 9
  • Security Affairs newsletter Round 487 by Pierluigi Paganini – INTERNATIONAL EDITION