issues
search
ruohong2018
/
ruohong2018.github.io
GNU General Public License v3.0
29
stars
3
forks
source link
[每日信息流] 2024-09-04
#571
Open
ruohong2018
opened
2 weeks ago
ruohong2018
commented
2 weeks ago
每日安全资讯(2024-09-04)
CXSECURITY Database RSS Feed - CXSecurity.com
VICIdial Multiple Authenticated SQL Injection
TVT NVMS-1000 Directory Traversal
IntelliNet 2.0 Remote Root
Vivavis HIGH-LEIT 4 / 5 Privilege Escalation
Microsoft Exchange Privilege Escalation
Security Boulevard
Award Finalist: Contrast Security Application Detection and Response
Application Detection and Response: Understanding ADR’s Detection and Response Layers | Contrast Security
Columbus Sues Expert, Fueling Debate About Ransomware Attack
USENIX Security ’23 – Speculation At Fault: Modeling And Testing Microarchitectural Leakage Of CPU Exceptions
Randall Munroe’s XKCD ‘Sky Alarm’
Multicloud Security Architecture
Iran Cyber Threat Resource Center: How to Navigate Amid Geopolitical Conflicts and Tensions
USENIX Security ’23 – Ultimate SLH: Taking Speculative Load Hardening To The Next Level
Twitter @Nicolas Krassas
Test your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, ...
Spamouflage trolls pretend to be American patriots on X, TikTok ahead of US presidential election https://go.theregister.com/feed/www.theregister.com/...
Evolving NPM Package Campaign Targets Roblox Devs, For Years https://www.darkreading.com/threat-intelligence/evolving-npm-package-campaign-roblox-devs
The official Python library for the OpenAI API https://github.com/openai/openai-python/tree/main
Cryptojacking facilitated by critical Atlassian Confluence exploit https://www.scmagazine.com/brief/cryptojacking-facilitated-by-critical-atlassian-co...
Toronto District School Board admits breach amid LockBit claim https://www.scmagazine.com/brief/toronto-district-school-board-admits-breach-amid-lockb...
Data breach hits CBIZ Benefits & Insurance Services https://www.scmagazine.com/brief/data-breach-hits-cbiz-benefits-insurance-services
Suspected APT28 cyberattack impacts German air traffic control agency https://www.scmagazine.com/brief/suspected-apt28-cyberattack-impacts-german-air-...
Verkada to pay $2.95 million for alleged CAN-SPAM Act violations https://www.bleepingcomputer.com/news/security/verkada-to-pay-295-million-for-alleged...
D-Link says it is not fixing four RCE flaws in DIR-846W routers https://www.bleepingcomputer.com/news/security/d-link-says-it-is-not-fixing-four-rce-f...
City of Columbus tries to silence security researcher https://www.malwarebytes.com/blog/news/2024/09/city-of-columbus-tries-to-silence-security-resear...
Data watchdog fines Clearview AI $33M for 'illegal' data collection https://go.theregister.com/feed/www.theregister.com/2024/09/03/clearview_ai
dutch
...
RTX fined $200 million for exports to China and others, US says https://www.reuters.com/business/aerospace-defense/rtx-pay-200-million-fine-export-mis...
Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus https://thehackernews.com/2024/09/hacktivists-exploits-winrar.html
Hacker Leaks Data Of 390 Million Users From VK, A Russian Social Network https://packetstormsecurity.com/news/view/36286/Hacker-Leaks-Data-Of-390-Mill...
Halliburton Says Hackers Removed Data In Cyberattack https://packetstormsecurity.com/news/view/36287/Halliburton-Says-Hackers-Removed-Data-In-Cyberatt...
Intel Responds To SGX Hacking Research https://packetstormsecurity.com/news/view/36288/Intel-Responds-To-SGX-Hacking-Research.html
New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems https://thehackernews.com/2024/09/new-rust-based-ransomware-cicada3301.html
Ghost in the PPL Part 3: LSASS Memory Dump https://blog.scrt.ch/2024/09/02/ghost-in-the-ppl-part-3-lsass-memory-dump/
CVE-2024-37084: Spring Cloud Remote Code Execution https://blog.securelayer7.net/spring-cloud-skipper-vulnerability/
Trustwave Blog
CMMC 2.0: A New Era of Cybersecurity for the Defense Industrial Base
SecWiki News
SecWiki News 2024-09-03 Review
Recent Commits to cve:main
Update Tue Sep 3 22:23:48 UTC 2024
Update Tue Sep 3 14:40:57 UTC 2024
Update Tue Sep 3 06:42:22 UTC 2024
Files ≈ Packet Storm
THC Tips, Tricks, And Hacks Cheat Sheet 20240903
Vivavis HIGH-LEIT 4 / 5 Privilege Escalation
Texas Instruments Fusion Digital Power Designer 7.10.1 Credential Disclosure
No cON Name 2024 Call For Papers
Ubuntu Security Notice USN-6973-4
Taskhub 2.8.8 Insecure Settings
Webpay E-Commerce 1.0 SQL Injection
SPIP 4.2.9 Code Execution
Ubuntu Security Notice USN-6984-1
Ubuntu Security Notice USN-6983-1
Online Traffic Offense 1.0 Cross Site Request Forgery
Penglead 2.0 Cross Site Scripting
PPDB 2.4-update 6118-1 Cross Site Request Forgery
Online Travel Agency System 1.0 Arbitrary File Upload
Red Hat Security Advisory 2024-6211-03
Red Hat Security Advisory 2024-6210-03
Red Hat Security Advisory 2024-6209-03
Red Hat Security Advisory 2024-6195-03
Red Hat Security Advisory 2024-6189-03
Red Hat Security Advisory 2024-6187-03
Red Hat Security Advisory 2024-6184-03
Red Hat Security Advisory 2024-6162-03
Red Hat Security Advisory 2024-6160-03
Red Hat Security Advisory 2024-6159-03
Red Hat Security Advisory 2024-6156-03
paper - Last paper
魔形女再袭?最新 Android 通杀漏洞 CVE-2024-31317 分析与利用研究
安全客-有思想的安全新媒体
记某研究院多处漏洞复盘
SAST|UtopianCode从检测到治理:AI 助力代码漏洞修复
那些年奥运背后不可“松弛”的数据安全
EDU拿敏感信息的骚思路
集权系列科普 | 想了解AD&攻击面?独家干货放送(上)
记一所中学的的SQL报错注入
RansomHub 勒索软件集团在多个关键领域攻击 210 名受害者
Lockbit 团伙声称对多伦多地区教育局 (TDSB) 发动袭击
IT 员工因针对前雇主的 75 万美元网络勒索阴谋而被起诉
美国当局发布 RansomHub 勒索软件警报
Cicada 勒索软件的新变体以 VMware ESXi 系统为目标
朝鲜黑客通过 Chrome 零日漏洞部署 FudModule Rootkit
Verkada 在黑客查看敏感视频片段后面临300万美元的罚款
俄罗斯部长称 Telegram 首席执行官在内容审核方面“太自由”
数字政府新标杆!朝阳“City不City啊”?
FBI 和 CISA 发布关于新威胁以及如何阻止勒索软件的联合建议
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
网络安全知识手册正式发布
恶意软件利用零日漏洞感染报废的AVTECH IP 摄像机
梆梆安全汽车信息安全测试平台荣获“2024年网络安全优秀创新成果大赛”优胜奖
实力认证 | 梆梆安全荣登“2024中国网络安全市场100强”榜单
“粤盾-2024”广东省数字政府网络安全攻防演练开幕,梆梆安全以攻促防筑牢安全底线
最终议程 | EISS-2024企业信息安全峰会之深圳站(09.20/周五)
Armin Ronacher's Thoughts and Writings
Progress
Insinuator.net
Disclosure: Potential Limitations of Apple ADE in Corporate Usage Scenarios
hn security
Learning Rust for fun and backdoo-rs
Hexacorn
Rundll32 and Phantom DLL lolbins
Reverse Engineering
GitHub - erfur/jadx-eval-method: PoC plugin for jadx-gui to evaluate methods and update decompiler output
Desoldering ICs - NES and Gameboy (DMG)
SentinelOne
PinnacleOne ExecBrief | North Korean IT Worker Threat
blog.avast.com EN
Ransomware attacks continue to increase in the US, UK, and Canada
PortSwigger Research
Introducing the URL validation bypass cheat sheet
Security Café
AWS vs Azure: A “Secure by default” comparison
安全牛
2024年国家网络安全宣传周将于9月9日至15日举办;工信部就《电子认证服务管理办法(征求意见稿)》公开征求意见 | 牛览
公安部公布8种广告推广型网络黑灰产犯罪典型案例
“粤盾-2024”广东省数字政府网络安全攻防演练开幕,梆梆安全以攻促防筑牢安全底线
梆梆安全汽车信息安全测试平台荣获“2024年网络安全优秀创新成果大赛”优胜奖
rtl-sdr.com
TechMinds: A Review of the RigExpert FobosSDR
FreeBuf网络安全行业门户
FreeBuf早报 | 伊朗APT组织攻击卫星设备;系统被黑导致安防公司被罚2000万
潜藏系统2个月未被发现,新型网络攻击瞄准中国高价值目标
因与媒体共享勒索事件实情,美国一研究人员被政府起诉
ACSC 发布紧急网络安全警告:信息窃取恶意软件数量激增,威胁全面升级
Wallarm
API Attack Surface: How to secure it and why it matters
奇客Solidot–传递最新科技情报
HPE 将继续向已故亿万富翁 Mike Lynch 追债
《雨中冒险》游戏开发者加入 Valve
面向掌机和游戏 PC 的发行版 PlaytronOS 释出首个 Alpha 版本
瑞典对儿童和青少年的屏幕使用时间设限
苹果与腾讯爆出微信佣金纠纷
国产 GPU 开发商象帝先大规模裁员
糖尿病会加速大脑衰老
Google 高管警告 AI 未必能影响生产力
Windows 11 超过 Windows 10 成为最流行的 PC 游戏操作系统
京都大学将启动用 iPS 细胞治疗糖尿病的临床试验
四天工作制在日本难以推广
微软称 Recall 的卸载选项是 Bug
HackerNews
商业服务巨头 CBIZ 披露近 36000 名客户数据遭泄露
航空安全系统曝严重漏洞,黑客可绕过安检进入驾驶舱
疑俄 GRU 出手!德国空中交通管制中心遭受网络攻击
因与媒体共享勒索事件实情,美国一研究人员被政府起诉
ACSC 发布紧急网络安全警告:信息窃取恶意软件数量激增,威胁全面升级
遭遇严重数据泄露事件后,这家公司宣布投入超 6 亿元升级安全系统
研究人员称,柬埔寨诈骗巨头自 2021 年以来处理了 490 亿美元的加密货币交易
微软观察到伊朗 APT 组织使用 Tickler 恶意软件攻击卫星设备
腾讯安全应急响应中心
【中秋众测】TSRC新活动重磅来袭,诚邀您的参与!
雷神众测
雷神众测漏洞周报2024.08.26-2024.09.01
代码卫士
研究员因与媒体分享被勒索盗取的数据遭起诉
GitHub 评论被滥用于推送密码窃取恶意软件
安全内参
系统被黑致使客户摄像头遭未授权访问,这家安防公司被罚超2000万元
航空安全系统曝严重漏洞,黑客可绕过安检进入驾驶舱
安全学术圈
2025年智能警务四川省重点实验室开放课题申请指南
360漏洞云
荣耀巅峰,时代铭记!城市守护者计划正式发布!以青春之名,共筑安全防线,共守网络疆域!
慢雾科技
探索 Sui:高性能背后的技术与合约安全
安全牛
公安部公布8种广告推广型网络黑灰产犯罪典型案例
2024年国家网络安全宣传周将于9月9日至15日举办;工信部就《电子认证服务管理办法(征求意见稿)》公开征求意见 | 牛览
关键基础设施安全应急响应中心
保障人工智能健康发展 推进人工智能治理法治化
人工智能应用的网络安全风险解读
为什么所有账户(甚至测试账户)都需要强密码
dotNet安全矩阵
.NET 一款支持NTLM实现横向移动的工具
.NET 内网攻防实战电子报刊
补天平台
投稿 | 攻防社区投稿第四期,一起探讨HW实用指南
与补天众测一起共创团圆时刻!
补天校园GROW计划开学季,校园白帽的专属系列活动来啦!
奇安信 CERT
【已复现】Jenkins Remoting 任意文件读取漏洞(CVE-2024-43044)安全风险通告
长亭科技
“清华系”网安力量共创智能安全,长亭科技-华清未央共建联合实验室
多域联动、多维参与:长亭科技邀您共赴2024网安周!
中国信息安全
九天之上 安全之星
关注 | 2024年国家网络安全宣传周将于9月9日至15日举办
通知 | 工信部就《电子认证服务管理办法(征求意见稿)》公开征求意见
专家解读 | 跨境数据传输政策的三大创新为北京自由贸易试验区注入发展新动能
预告 | 2024年度关键信息基础设施安全保护论坛将于9月21日在京举行
关注 | 网络安全知识手册正式发布!
一图读懂 | 强制性国家标准GB 44495-2024《汽车整车信息安全技术要求》
安全圈
【安全圈】马来西亚国家基建遭勒索攻击疑泄露超300GB数据
【安全圈】Durex India 的安全漏洞泄露了客户的个人数据
【安全圈】美国媒体巨头考克斯媒体集团宣称通过监听用户手机麦克风收集信息投放广告
情报分析师
情报共享与私营部门:美国情报机构的协作机制
俄罗斯与蒙古国合作战略分析
小米安全中心
小米中秋活动开始啦,礼盒兑换&漏洞翻倍在等你,冲鸭~
极客公园
亲历者揭秘 OpenAI 崛起的关键:兴趣驱动的探索,而非目标导向的马拉松
苹果中国回应「iPhone 16 不支持微信」;《黑神话》预估收入超 57 亿;俞敏洪卸任两公司法人|极客早知道
CNCERT国家工程研究中心
面对智能设备安全隐患,5个有效的解决策略
朝鲜黑客利用Chrome零日漏洞部署Rootkit
遭遇严重数据泄露事件后,这家公司宣布投入超6亿元升级安全系统
国家互联网应急中心CNCERT
CNVD漏洞周报2024年第35期
上周关注度较高的产品安全漏洞(20240826-20240901)
嘶吼专业版
恶意软件利用零日漏洞感染报废的AVTECH IP 摄像机
网络安全知识手册正式发布
山石网科安全技术研究院
2024年羊城杯粤港澳大湾区网络安全大赛WP-PWN AK篇
字节跳动技术团队
数据库顶会 VLDB 2024 论文解读|ResLake: 字节跳动多机房资源统一管理系统解析
LuxSci
LuxSci Establishes New Headquarters Offices in Cambridge, Mass.
Qualys Security Blog
Secure Your Business with Qualys’ New Cloud Agent Deployment using Qualys Scanner
Securityinfo.it
Gli italiani si preoccupano dell’eredità digitale dei defunti
Hacker russi sfruttano falle in Safari e Chrome: colpiti i dispositivi non aggiornati
DEF CON Announcements!
Contest Results from DEF CON 32!
TrustedSec
When on Workstation, Do as the Local Browsers Do!
Over Security - Cybersecurity news aggregator
FTC: Over $110 million lost to Bitcoin ATM scams in 2023
Cryptocurrency industry faces ‘difficult to detect’ North Korean social engineering scams, FBI says
Zyxel warns of critical OS command injection flaw in routers
Chinese 'Spamouflage' operatives are mimicking disillusioned Americans online
The government isn’t ready for cyber chaos in the food and agriculture sector
New Windows PowerToy launches, repositions apps to saved layouts
Indicted pair of foreign nationals were behind swatting attack on CISA director
FBI warns crypto firms of aggressive social engineering attacks
Clearview AI fined €30.5 million for unlawful data collection
Dutch privacy watchdog fines Clearview AI $34 million for ‘illegal’ database of faces
White House calls attention to ‘hard problem’ of securing internet traffic routing
D-Link says it is not fixing four RCE flaws in DIR-846W routers
Sextortion Scams Now Include Photos of Your Home
CERT-In Advisory and WikiLoader Campaign: Comprehensive Overview of Recent Security Threats
Verkada to pay $2.95 million for alleged CAN-SPAM Act violations
Oil titan Halliburton confirms data was stolen in cyberattack
FTC issues $3 million fine for security camera firm, issuing penalties for a range of violations
Halliburton confirms data stolen in recent cyberattack
Gli italiani si preoccupano dell’eredità digitale dei defunti
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads
Cyberattack hits agency responsible for London’s transport network
A deep dive into the most interesting incident response cases of last year
Release Notes: New YARA Rules, Signatures, Config Extractors, and More
Vidar insiste in Italia con campagne via PEC
Nuova Campagna di Phishing diffonde malware Android EagleSpy
IT threat evolution Q2 2024
IT threat evolution in Q2 2024. Mobile statistics
IT threat evolution in Q2 2024. Non-mobile statistics
Blooms Today - 3,184,010 breached accounts
Hacker russi sfruttano falle in Safari e Chrome: colpiti i dispositivi non aggiornati
Learning Rust for fun and backdoo-rs
Telemetry on Linux vs. Windows: A Comparative Analysis
D3Lab
Nuova Campagna di Phishing diffonde malware Android EagleSpy
Have I Been Pwned latest breaches
Blooms Today - 3,184,010 breached accounts
SANS Internet Storm Center, InfoCON: green
ISC Stormcast For Tuesday, September 3rd, 2024 https://isc.sans.edu/podcastdetail/9122, (Tue, Sep 3rd)
Javvad Malik
200 Episodes of the Host Unknown Podcast
Securelist
A deep dive into the most interesting incident response cases of last year
IT threat evolution in Q2 2024. Non-mobile statistics
IT threat evolution in Q2 2024. Mobile statistics
IT threat evolution Q2 2024
Schneier on Security
List of Old NSA Training Videos
Full Disclosure
CFP No cON Name 2024 - Barcelona
Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1
SCHUTZWERK-SA-2024-001: Privilege Escalation via Service Binary Hijacking in Vivavis HIGH-LEIT (CVE-2024-38456)
contagio
2024-09-02 ABYSS Ransomware Windows and Linux Samples
Unsupervised Learning
UL NO. 448: TSA SQLi, NYT Github, NK RPM, NVIDIA Mystery...
Deeplinks
Victory! California Bill To Impose Mandatory Internet ID Checks Is Dead—It Should Stay That Way
EFF to Tenth Circuit: Protest-Related Arrests Do Not Justify Dragnet Device and Digital Data Searches
Americans Are Uncomfortable with Automated Decision-Making
The Hacker News
Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus
New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems
Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users
Secrets Exposed: Why Your CISO Should Worry About Slack
New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access
Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt
Graham Cluley
The AI Fix #14: There are two Rs in “strawberry”, and an AI makes unsmellable smells
Trend Micro Research, News and Perspectives
How AI Goes Rogue
Krebs on Security
Sextortion Scams Now Include Photos of Your Home
TorrentFreak
Bell, Rogers & MPA’s Pirate IPTV Lawsuit is a Slow-Motion Money Pit Nightmare
‘Pirate’ Site nHentai Sued in U.S. Court for Copyright Infringement
The Register - Security
White House thinks it's time to fix the insecure glue of the internet: Yup, BGP
UK trio pleads guilty to operating $10M MFA bypass biz
Spamouflage trolls pretend to be American patriots on X, TikTok ahead of US presidential election
Data watchdog fines Clearview AI $33M for 'illegal' data collection
Transport for London confirms cyberattack, assures us all is well
Application builders get ready
Security Affairs
VMware fixed a code execution flaw in Fusion hypervisor
U.S. oil giant Halliburton disclosed a data breach
Vulnerabilities in Microsoft apps for macOS allow stealing permissions
Three men plead guilty to running MFA bypass service OTP.Agency
Computer Forensics
Kape subsecond
Blackhat Library: Hacking techniques and research
Bulk Gmail creation?
Technical Information Security Content & Discussion
EUCLEAK is a side-channel vulnerability that requires physical access to a YubiKey 5 Series prior to version 5.7 and (other Infineon based microcontrollers) allowing private key extraction. YSA-2024-03
Why bother with argv[0]? It can deceive, break and corrupt your defences
Exploiting Misconfigured GitLab OIDC AWS IAM Roles
Analysis of CVE-2024-37084: Spring Cloud Remote Code Execution
Learning Rust for fun and backdoo-rs
From a GLPI patch bypass to RCE.
Your Open Hacker Community
F5 networks firewall
Establish connection via ftp post-exploit
Information Security
Secure Data Stack: Navigating Adoption Challenges of Data Encryption
Threat Hunting Certification
Understanding Community Profiles in the NIST Cybersecurity Framework 2.0
📱 𝐂𝐨𝐦𝐦𝐨𝐧 𝐌𝐨𝐛𝐢𝐥𝐞 𝐓𝐡𝐫𝐞𝐚𝐭𝐬 𝐘𝐨𝐮 𝐍𝐞𝐞𝐝 𝐭𝐨 𝐊𝐧𝐨𝐰 🛡️
Social Engineering
HackFest SECTF offering $2500 first prize
netsecstudents: Subreddit for students studying Network Security and its related subjects
How to NOT connect an AP in public beach
Rate This System for Cybersecurity Purposes
360数字安全
入选领域最多、影响力最广泛!360上榜《2024网络安全十大创新方向》
渠道精英训练营——技术大比武荣誉榜
Security Weekly Podcast Network (Audio)
Encryption - SWN Vault
每日安全资讯(2024-09-04)