[每日信息流] 2024-09-04

[ruohong2018]

每日安全资讯（2024-09-04）

• CXSECURITY Database RSS Feed - CXSecurity.com
  • VICIdial Multiple Authenticated SQL Injection
  • TVT NVMS-1000 Directory Traversal
  • IntelliNet 2.0 Remote Root
  • Vivavis HIGH-LEIT 4 / 5 Privilege Escalation
  • Microsoft Exchange Privilege Escalation
• Security Boulevard
  • Award Finalist: Contrast Security Application Detection and Response
  • Application Detection and Response: Understanding ADR’s Detection and Response Layers | Contrast Security
  • Columbus Sues Expert, Fueling Debate About Ransomware Attack
  • USENIX Security ’23 – Speculation At Fault: Modeling And Testing Microarchitectural Leakage Of CPU Exceptions
  • Randall Munroe’s XKCD ‘Sky Alarm’
  • Multicloud Security Architecture
  • Iran Cyber Threat Resource Center: How to Navigate Amid Geopolitical Conflicts and Tensions
  • USENIX Security ’23 – Ultimate SLH: Taking Speculative Load Hardening To The Next Level
• Twitter @Nicolas Krassas
  • Test your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, ...
  • Spamouflage trolls pretend to be American patriots on X, TikTok ahead of US presidential election https://go.theregister.com/feed/www.theregister.com/...
  • Evolving NPM Package Campaign Targets Roblox Devs, For Years https://www.darkreading.com/threat-intelligence/evolving-npm-package-campaign-roblox-devs
  • The official Python library for the OpenAI API https://github.com/openai/openai-python/tree/main
  • Cryptojacking facilitated by critical Atlassian Confluence exploit https://www.scmagazine.com/brief/cryptojacking-facilitated-by-critical-atlassian-co...
  • Toronto District School Board admits breach amid LockBit claim https://www.scmagazine.com/brief/toronto-district-school-board-admits-breach-amid-lockb...
  • Data breach hits CBIZ Benefits & Insurance Services https://www.scmagazine.com/brief/data-breach-hits-cbiz-benefits-insurance-services
  • Suspected APT28 cyberattack impacts German air traffic control agency https://www.scmagazine.com/brief/suspected-apt28-cyberattack-impacts-german-air-...
  • Verkada to pay $2.95 million for alleged CAN-SPAM Act violations https://www.bleepingcomputer.com/news/security/verkada-to-pay-295-million-for-alleged...
  • D-Link says it is not fixing four RCE flaws in DIR-846W routers https://www.bleepingcomputer.com/news/security/d-link-says-it-is-not-fixing-four-rce-f...
  • City of Columbus tries to silence security researcher https://www.malwarebytes.com/blog/news/2024/09/city-of-columbus-tries-to-silence-security-resear...
  • Data watchdog fines Clearview AI $33M for 'illegal' data collection https://go.theregister.com/feed/www.theregister.com/2024/09/03/clearview_aidutch...
  • RTX fined $200 million for exports to China and others, US says https://www.reuters.com/business/aerospace-defense/rtx-pay-200-million-fine-export-mis...
  • Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus https://thehackernews.com/2024/09/hacktivists-exploits-winrar.html
  • Hacker Leaks Data Of 390 Million Users From VK, A Russian Social Network https://packetstormsecurity.com/news/view/36286/Hacker-Leaks-Data-Of-390-Mill...
  • Halliburton Says Hackers Removed Data In Cyberattack https://packetstormsecurity.com/news/view/36287/Halliburton-Says-Hackers-Removed-Data-In-Cyberatt...
  • Intel Responds To SGX Hacking Research https://packetstormsecurity.com/news/view/36288/Intel-Responds-To-SGX-Hacking-Research.html
  • New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems https://thehackernews.com/2024/09/new-rust-based-ransomware-cicada3301.html
  • Ghost in the PPL Part 3: LSASS Memory Dump https://blog.scrt.ch/2024/09/02/ghost-in-the-ppl-part-3-lsass-memory-dump/
  • CVE-2024-37084: Spring Cloud Remote Code Execution https://blog.securelayer7.net/spring-cloud-skipper-vulnerability/
• Trustwave Blog
  • CMMC 2.0: A New Era of Cybersecurity for the Defense Industrial Base
• SecWiki News
  • SecWiki News 2024-09-03 Review
• Recent Commits to cve:main
  • Update Tue Sep 3 22:23:48 UTC 2024
  • Update Tue Sep 3 14:40:57 UTC 2024
  • Update Tue Sep 3 06:42:22 UTC 2024
• Files ≈ Packet Storm
  • THC Tips, Tricks, And Hacks Cheat Sheet 20240903
  • Vivavis HIGH-LEIT 4 / 5 Privilege Escalation
  • Texas Instruments Fusion Digital Power Designer 7.10.1 Credential Disclosure
  • No cON Name 2024 Call For Papers
  • Ubuntu Security Notice USN-6973-4
  • Taskhub 2.8.8 Insecure Settings
  • Webpay E-Commerce 1.0 SQL Injection
  • SPIP 4.2.9 Code Execution
  • Ubuntu Security Notice USN-6984-1
  • Ubuntu Security Notice USN-6983-1
  • Online Traffic Offense 1.0 Cross Site Request Forgery
  • Penglead 2.0 Cross Site Scripting
  • PPDB 2.4-update 6118-1 Cross Site Request Forgery
  • Online Travel Agency System 1.0 Arbitrary File Upload
  • Red Hat Security Advisory 2024-6211-03
  • Red Hat Security Advisory 2024-6210-03
  • Red Hat Security Advisory 2024-6209-03
  • Red Hat Security Advisory 2024-6195-03
  • Red Hat Security Advisory 2024-6189-03
  • Red Hat Security Advisory 2024-6187-03
  • Red Hat Security Advisory 2024-6184-03
  • Red Hat Security Advisory 2024-6162-03
  • Red Hat Security Advisory 2024-6160-03
  • Red Hat Security Advisory 2024-6159-03
  • Red Hat Security Advisory 2024-6156-03
• paper - Last paper
  • 魔形女再袭？最新 Android 通杀漏洞 CVE-2024-31317 分析与利用研究
• 安全客-有思想的安全新媒体
  • 记某研究院多处漏洞复盘
  • SAST｜UtopianCode从检测到治理：AI 助力代码漏洞修复
  • 那些年奥运背后不可“松弛”的数据安全
  • EDU拿敏感信息的骚思路
  • 集权系列科普 | 想了解AD&攻击面？独家干货放送（上）
  • 记一所中学的的SQL报错注入
  • RansomHub 勒索软件集团在多个关键领域攻击 210 名受害者
  • Lockbit 团伙声称对多伦多地区教育局 （TDSB） 发动袭击
  • IT 员工因针对前雇主的 75 万美元网络勒索阴谋而被起诉
  • 美国当局发布 RansomHub 勒索软件警报
  • Cicada 勒索软件的新变体以 VMware ESXi 系统为目标
  • 朝鲜黑客通过 Chrome 零日漏洞部署 FudModule Rootkit
  • Verkada 在黑客查看敏感视频片段后面临300万美元的罚款
  • 俄罗斯部长称 Telegram 首席执行官在内容审核方面“太自由”
  • 数字政府新标杆！朝阳“City不City啊”？
  • FBI 和 CISA 发布关于新威胁以及如何阻止勒索软件的联合建议
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • 网络安全知识手册正式发布
  • 恶意软件利用零日漏洞感染报废的AVTECH IP 摄像机
  • 梆梆安全汽车信息安全测试平台荣获“2024年网络安全优秀创新成果大赛”优胜奖
  • 实力认证 | 梆梆安全荣登“2024中国网络安全市场100强”榜单
  • “粤盾-2024”广东省数字政府网络安全攻防演练开幕，梆梆安全以攻促防筑牢安全底线
  • 最终议程 | EISS-2024企业信息安全峰会之深圳站（09.20/周五）
• Armin Ronacher's Thoughts and Writings
  • Progress
• Insinuator.net
  • Disclosure: Potential Limitations of Apple ADE in Corporate Usage Scenarios
• hn security
  • Learning Rust for fun and backdoo-rs
• Hexacorn
  • Rundll32 and Phantom DLL lolbins
• Reverse Engineering
  • GitHub - erfur/jadx-eval-method: PoC plugin for jadx-gui to evaluate methods and update decompiler output
  • Desoldering ICs - NES and Gameboy (DMG)
• SentinelOne
  • PinnacleOne ExecBrief | North Korean IT Worker Threat
• blog.avast.com EN
  • Ransomware attacks continue to increase in the US, UK, and Canada
• PortSwigger Research
  • Introducing the URL validation bypass cheat sheet
• Security Café
  • AWS vs Azure: A “Secure by default” comparison
• 安全牛
  • 2024年国家网络安全宣传周将于9月9日至15日举办；工信部就《电子认证服务管理办法（征求意见稿）》公开征求意见 | 牛览
  • 公安部公布8种广告推广型网络黑灰产犯罪典型案例
  • “粤盾-2024”广东省数字政府网络安全攻防演练开幕，梆梆安全以攻促防筑牢安全底线
  • 梆梆安全汽车信息安全测试平台荣获“2024年网络安全优秀创新成果大赛”优胜奖
• rtl-sdr.com
  • TechMinds: A Review of the RigExpert FobosSDR
• FreeBuf网络安全行业门户
  • FreeBuf早报 | 伊朗APT组织攻击卫星设备；系统被黑导致安防公司被罚2000万
  • 潜藏系统2个月未被发现，新型网络攻击瞄准中国高价值目标
  • 因与媒体共享勒索事件实情，美国一研究人员被政府起诉
  • ACSC 发布紧急网络安全警告：信息窃取恶意软件数量激增，威胁全面升级
• Wallarm
  • API Attack Surface: How to secure it and why it matters
• 奇客Solidot–传递最新科技情报
  • HPE 将继续向已故亿万富翁 Mike Lynch 追债
  • 《雨中冒险》游戏开发者加入 Valve
  • 面向掌机和游戏 PC 的发行版 PlaytronOS 释出首个 Alpha 版本
  • 瑞典对儿童和青少年的屏幕使用时间设限
  • 苹果与腾讯爆出微信佣金纠纷
  • 国产 GPU 开发商象帝先大规模裁员
  • 糖尿病会加速大脑衰老
  • Google 高管警告 AI 未必能影响生产力
  • Windows 11 超过 Windows 10 成为最流行的 PC 游戏操作系统
  • 京都大学将启动用 iPS 细胞治疗糖尿病的临床试验
  • 四天工作制在日本难以推广
  • 微软称 Recall 的卸载选项是 Bug
• HackerNews
  • 商业服务巨头 CBIZ 披露近 36000 名客户数据遭泄露
  • 航空安全系统曝严重漏洞，黑客可绕过安检进入驾驶舱
  • 疑俄 GRU 出手！德国空中交通管制中心遭受网络攻击
  • 因与媒体共享勒索事件实情，美国一研究人员被政府起诉
  • ACSC 发布紧急网络安全警告：信息窃取恶意软件数量激增，威胁全面升级
  • 遭遇严重数据泄露事件后，这家公司宣布投入超 6 亿元升级安全系统
  • 研究人员称，柬埔寨诈骗巨头自 2021 年以来处理了 490 亿美元的加密货币交易
  • 微软观察到伊朗 APT 组织使用 Tickler 恶意软件攻击卫星设备
• 腾讯安全应急响应中心
  • 【中秋众测】TSRC新活动重磅来袭，诚邀您的参与！
• 雷神众测
  • 雷神众测漏洞周报2024.08.26-2024.09.01
• 代码卫士
  • 研究员因与媒体分享被勒索盗取的数据遭起诉
  • GitHub 评论被滥用于推送密码窃取恶意软件
• 安全内参
  • 系统被黑致使客户摄像头遭未授权访问，这家安防公司被罚超2000万元
  • 航空安全系统曝严重漏洞，黑客可绕过安检进入驾驶舱
• 安全学术圈
  • 2025年智能警务四川省重点实验室开放课题申请指南
• 360漏洞云
  • 荣耀巅峰，时代铭记！城市守护者计划正式发布！以青春之名，共筑安全防线，共守网络疆域！
• 慢雾科技
  • 探索 Sui：高性能背后的技术与合约安全
• 安全牛
  • 公安部公布8种广告推广型网络黑灰产犯罪典型案例
  • 2024年国家网络安全宣传周将于9月9日至15日举办；工信部就《电子认证服务管理办法（征求意见稿）》公开征求意见 | 牛览
• 关键基础设施安全应急响应中心
  • 保障人工智能健康发展 推进人工智能治理法治化
  • 人工智能应用的网络安全风险解读
  • 为什么所有账户（甚至测试账户）都需要强密码
• dotNet安全矩阵
  • .NET 一款支持NTLM实现横向移动的工具
  • .NET 内网攻防实战电子报刊
• 补天平台
  • 投稿 | 攻防社区投稿第四期，一起探讨HW实用指南
  • 与补天众测一起共创团圆时刻！
  • 补天校园GROW计划开学季，校园白帽的专属系列活动来啦！
• 奇安信 CERT
  • 【已复现】Jenkins Remoting 任意文件读取漏洞(CVE-2024-43044)安全风险通告
• 长亭科技
  • “清华系”网安力量共创智能安全，长亭科技-华清未央共建联合实验室
  • 多域联动、多维参与：长亭科技邀您共赴2024网安周！
• 中国信息安全
  • 九天之上 安全之星
  • 关注 | 2024年国家网络安全宣传周将于9月9日至15日举办
  • 通知 | 工信部就《电子认证服务管理办法（征求意见稿）》公开征求意见
  • 专家解读 | 跨境数据传输政策的三大创新为北京自由贸易试验区注入发展新动能
  • 预告 | 2024年度关键信息基础设施安全保护论坛将于9月21日在京举行
  • 关注 | 网络安全知识手册正式发布！
  • 一图读懂 | 强制性国家标准GB 44495－2024《汽车整车信息安全技术要求》
• 安全圈
  • 【安全圈】马来西亚国家基建遭勒索攻击疑泄露超300GB数据
  • 【安全圈】Durex India 的安全漏洞泄露了客户的个人数据
  • 【安全圈】美国媒体巨头考克斯媒体集团宣称通过监听用户手机麦克风收集信息投放广告
• 情报分析师
  • 情报共享与私营部门：美国情报机构的协作机制
  • 俄罗斯与蒙古国合作战略分析
• 小米安全中心
  • 小米中秋活动开始啦，礼盒兑换&漏洞翻倍在等你，冲鸭～
• 极客公园
  • 亲历者揭秘 OpenAI 崛起的关键：兴趣驱动的探索，而非目标导向的马拉松
  • 苹果中国回应「iPhone 16 不支持微信」；《黑神话》预估收入超 57 亿；俞敏洪卸任两公司法人｜极客早知道
• CNCERT国家工程研究中心
  • 面对智能设备安全隐患，5个有效的解决策略
  • 朝鲜黑客利用Chrome零日漏洞部署Rootkit
  • 遭遇严重数据泄露事件后，这家公司宣布投入超6亿元升级安全系统
• 国家互联网应急中心CNCERT
  • CNVD漏洞周报2024年第35期
  • 上周关注度较高的产品安全漏洞(20240826-20240901)
• 嘶吼专业版
  • 恶意软件利用零日漏洞感染报废的AVTECH IP 摄像机
  • 网络安全知识手册正式发布
• 山石网科安全技术研究院
  • 2024年羊城杯粤港澳大湾区网络安全大赛WP-PWN AK篇
• 字节跳动技术团队
  • 数据库顶会 VLDB 2024 论文解读｜ResLake: 字节跳动多机房资源统一管理系统解析
• LuxSci
  • LuxSci Establishes New Headquarters Offices in Cambridge, Mass.
• Qualys Security Blog
  • Secure Your Business with Qualys’ New Cloud Agent Deployment using Qualys Scanner
• Securityinfo.it
  • Gli italiani si preoccupano dell’eredità digitale dei defunti
  • Hacker russi sfruttano falle in Safari e Chrome: colpiti i dispositivi non aggiornati
• DEF CON Announcements!
  • Contest Results from DEF CON 32!
• TrustedSec
  • When on Workstation, Do as the Local Browsers Do!
• Over Security - Cybersecurity news aggregator
  • FTC: Over $110 million lost to Bitcoin ATM scams in 2023
  • Cryptocurrency industry faces ‘difficult to detect’ North Korean social engineering scams, FBI says
  • Zyxel warns of critical OS command injection flaw in routers
  • Chinese 'Spamouflage' operatives are mimicking disillusioned Americans online
  • The government isn’t ready for cyber chaos in the food and agriculture sector
  • New Windows PowerToy launches, repositions apps to saved layouts
  • Indicted pair of foreign nationals were behind swatting attack on CISA director
  • FBI warns crypto firms of aggressive social engineering attacks
  • Clearview AI fined €30.5 million for unlawful data collection
  • Dutch privacy watchdog fines Clearview AI $34 million for ‘illegal’ database of faces
  • White House calls attention to ‘hard problem’ of securing internet traffic routing
  • D-Link says it is not fixing four RCE flaws in DIR-846W routers
  • Sextortion Scams Now Include Photos of Your Home
  • CERT-In Advisory and WikiLoader Campaign: Comprehensive Overview of Recent Security Threats
  • Verkada to pay $2.95 million for alleged CAN-SPAM Act violations
  • Oil titan Halliburton confirms data was stolen in cyberattack
  • FTC issues $3 million fine for security camera firm, issuing penalties for a range of violations
  • Halliburton confirms data stolen in recent cyberattack
  • Gli italiani si preoccupano dell’eredità digitale dei defunti
  • Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads
  • Cyberattack hits agency responsible for London’s transport network
  • A deep dive into the most interesting incident response cases of last year
  • Release Notes: New YARA Rules, Signatures, Config Extractors, and More
  • Vidar insiste in Italia con campagne via PEC
  • Nuova Campagna di Phishing diffonde malware Android EagleSpy
  • IT threat evolution Q2 2024
  • IT threat evolution in Q2 2024. Mobile statistics
  • IT threat evolution in Q2 2024. Non-mobile statistics
  • Blooms Today - 3,184,010 breached accounts
  • Hacker russi sfruttano falle in Safari e Chrome: colpiti i dispositivi non aggiornati
  • Learning Rust for fun and backdoo-rs
  • Telemetry on Linux vs. Windows: A Comparative Analysis
• D3Lab
  • Nuova Campagna di Phishing diffonde malware Android EagleSpy
• Have I Been Pwned latest breaches
  • Blooms Today - 3,184,010 breached accounts
• SANS Internet Storm Center, InfoCON: green
  • ISC Stormcast For Tuesday, September 3rd, 2024 https://isc.sans.edu/podcastdetail/9122, (Tue, Sep 3rd)
• Javvad Malik
  • 200 Episodes of the Host Unknown Podcast
• Securelist
  • A deep dive into the most interesting incident response cases of last year
  • IT threat evolution in Q2 2024. Non-mobile statistics
  • IT threat evolution in Q2 2024. Mobile statistics
  • IT threat evolution Q2 2024
• Schneier on Security
  • List of Old NSA Training Videos
• Full Disclosure
  • CFP No cON Name 2024 - Barcelona
  • Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1
  • SCHUTZWERK-SA-2024-001: Privilege Escalation via Service Binary Hijacking in Vivavis HIGH-LEIT (CVE-2024-38456)
• contagio
  • 2024-09-02 ABYSS Ransomware Windows and Linux Samples
• Unsupervised Learning
  • UL NO. 448: TSA SQLi, NYT Github, NK RPM, NVIDIA Mystery...
• Deeplinks
  • Victory! California Bill To Impose Mandatory Internet ID Checks Is Dead—It Should Stay That Way
  • EFF to Tenth Circuit: Protest-Related Arrests Do Not Justify Dragnet Device and Digital Data Searches
  • Americans Are Uncomfortable with Automated Decision-Making
• The Hacker News
  • Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus
  • New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems
  • Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users
  • Secrets Exposed: Why Your CISO Should Worry About Slack
  • New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access
  • Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt
• Graham Cluley
  • The AI Fix #14: There are two Rs in “strawberry”, and an AI makes unsmellable smells
• Trend Micro Research, News and Perspectives
  • How AI Goes Rogue
• Krebs on Security
  • Sextortion Scams Now Include Photos of Your Home
• TorrentFreak
  • Bell, Rogers & MPA’s Pirate IPTV Lawsuit is a Slow-Motion Money Pit Nightmare
  • ‘Pirate’ Site nHentai Sued in U.S. Court for Copyright Infringement
• The Register - Security
  • White House thinks it's time to fix the insecure glue of the internet: Yup, BGP
  • UK trio pleads guilty to operating $10M MFA bypass biz
  • Spamouflage trolls pretend to be American patriots on X, TikTok ahead of US presidential election
  • Data watchdog fines Clearview AI $33M for 'illegal' data collection
  • Transport for London confirms cyberattack, assures us all is well
  • Application builders get ready
• Security Affairs
  • VMware fixed a code execution flaw in Fusion hypervisor
  • U.S. oil giant Halliburton disclosed a data breach
  • Vulnerabilities in Microsoft apps for macOS allow stealing permissions
  • Three men plead guilty to running MFA bypass service OTP.Agency
• Computer Forensics
  • Kape subsecond
• Blackhat Library: Hacking techniques and research
  • Bulk Gmail creation?
• Technical Information Security Content & Discussion
  • EUCLEAK is a side-channel vulnerability that requires physical access to a YubiKey 5 Series prior to version 5.7 and (other Infineon based microcontrollers) allowing private key extraction. YSA-2024-03
  • Why bother with argv[0]? It can deceive, break and corrupt your defences
  • Exploiting Misconfigured GitLab OIDC AWS IAM Roles
  • Analysis of CVE-2024-37084: Spring Cloud Remote Code Execution
  • Learning Rust for fun and backdoo-rs
  • From a GLPI patch bypass to RCE.
• Your Open Hacker Community
  • F5 networks firewall
  • Establish connection via ftp post-exploit
• Information Security
  • Secure Data Stack: Navigating Adoption Challenges of Data Encryption
  • Threat Hunting Certification
  • Understanding Community Profiles in the NIST Cybersecurity Framework 2.0
  • 📱 𝐂𝐨𝐦𝐦𝐨𝐧 𝐌𝐨𝐛𝐢𝐥𝐞 𝐓𝐡𝐫𝐞𝐚𝐭𝐬 𝐘𝐨𝐮 𝐍𝐞𝐞𝐝 𝐭𝐨 𝐊𝐧𝐨𝐰 🛡️
• Social Engineering
  • HackFest SECTF offering $2500 first prize
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • How to NOT connect an AP in public beach
  • Rate This System for Cybersecurity Purposes
• 360数字安全
  • 入选领域最多、影响力最广泛！360上榜《2024网络安全十大创新方向》
  • 渠道精英训练营——技术大比武荣誉榜
• Security Weekly Podcast Network (Audio)
  • Encryption - SWN Vault