issues
search
ruohong2018
/
ruohong2018.github.io
GNU General Public License v3.0
29
stars
3
forks
source link
[每日信息流] 2024-09-05
#572
Open
ruohong2018
opened
2 weeks ago
ruohong2018
commented
2 weeks ago
每日安全资讯(2024-09-05)
SecWiki News
SecWiki News 2024-09-04 Review
安全客-有思想的安全新媒体
荣耀巅峰,时代铭记!城市守护者计划正式发布!以青春之名,共筑安全防线,共守网络疆域!
多年来,不断发展的 npm 包活动瞄准 Roblox 开发人员
Halliburton公司数据在石油行业网络攻击中被盗
Zyxel 安全路由器中的严重漏洞允许通过 cookie 执行操作系统命令 (CVE-2024-7261)
基于 Rust 的新型勒索软件 Cicada3301 以 Windows 和 Linux 系统为目标
朝鲜 APT 利用新型 Chromium、Windows 漏洞窃取加密货币
Veeam 软件公司扩大对 Microsoft 365 的保护范围
入选领域最多、影响力最广泛!360上榜《2024网络安全十大创新方向》
VMware 修复了 Fusion 虚拟机管理程序中的代码执行漏洞
谷歌下架Play商店中的劣质安卓应用,以提高用户体验
EDR与杀毒软件:有何区别?
Rocinante 木马伪装成银行应用程序,从巴西 Android 用户那里窃取敏感数据
记一次某src挖掘
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
追寻红色足迹 感受革命历史 | 以高质量理论实践学习推进党员教育培训高质量发展
三项智能网联汽车强制性国家标准正式发布(附图解)
Cicada3301 勒索软件的 Linux 加密器针对 VMware ESXi 系统
一图速览 | CCS2024 日程新鲜出炉 赶紧收藏!
Check Point 软件技术公司收购 Cyberint,旨在革新安全运维并扩展托管威胁情报解决方案
Google Online Security Blog
Deploying Rust in Existing Firmware Codebases
Recent Commits to cve:main
Update Wed Sep 4 22:38:26 UTC 2024
Update Wed Sep 4 14:23:23 UTC 2024
Update Wed Sep 4 06:32:51 UTC 2024
Security Boulevard
News alert: AI SPERA attains PCI DSS certification for its search engine solution ‘Criminal IP’
News alert: INE Security releases a strategies guide for cyber threat preparedness, response capabilities
News alert: Blackwired launches ‘ThirdWatch?’ — an advanced third-party risk management platform
White House Wants to Tighten Internet Routing Security
August Recap: New AWS Sensitive Permissions and Services
FBI Warns of North Korea Attacks Against the Crypto Industry
How Bots and AI Are Fueling Disinformation
Daniel Stori’s Turnoff.US: ‘pid 1’
Regulation and Compliance Updates Every IT Professional Needs to Know
The Malware Chronicles: Urelas, Sality, LockBit and StealC Examined
Trustwave Blog
Phishing and Ransomware: How Threat Actors Attack the Financial Services Sector
一个被知识诅咒的人
解锁Python编程的无限可能:《奇妙的Python》带你漫游代码世界!
在Go语言中调用C代码的技巧
深入探索 Go 语言的编译器与垃圾回收机制
Perception Point
From Threats to Trends: Highlights from Perception Point’s H1 2024 Report
paper - Last paper
Analysing Windows protection mechanisms with the antivirus avast and no-defender tools
通过杀软 avast 及 no-defender 工具分析 Windows 防护机制
Files ≈ Packet Storm
Linux Kernel 5.6.13 Use-After-Free
Mali GPU Kernel Local Privilege Escalation
Zeek 6.0.6
Ubuntu Security Notice USN-6985-1
Debian Security Advisory 5765-1
OpenSSL Toolkit 3.3.2
OpenSSL Toolkit 3.2.3
OpenSSL Toolkit 3.1.7
OpenSSL Toolkit 3.0.15
Ubuntu Security Notice USN-6988-1
Backdoor.Win32.Symmi.qua MVID-2024-0692 Buffer Overflow
HackTool.Win32.Freezer.br (WinSpy) MVID-2024-0691 Insecure Credential Storage
Debian Security Advisory 5764-1
Backdoor.Win32.Optix.02.b MVID-2024-0690 Hardcoded Credential
Ubuntu Security Notice USN-6986-1
Backdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) MVID-2024-0689 Code Execution
Backdoor.Win32.PoisonIvy.ymw MVID-2024-0688 Insecure Credential Storage
Ubuntu Security Notice USN-6981-2
Ubuntu Security Notice USN-6987-1
Online Travel Agency System 1.0 Shell Upload
Red Hat Security Advisory 2024-6297-03
Red Hat Security Advisory 2024-6274-03
Tourism Management System 1.0 SQL Injection
Red Hat Security Advisory 2024-6268-03
Red Hat Security Advisory 2024-6267-03
NVISO Labs
MEGAsync Forensics and Intrusion Attribution
blog.avast.com EN
Ransomware attacks continue to increase in the US, UK, and Canada
Embedded in Academia
Looking for Missed Alarm Bugs in a Formal Verification Tool
Reverse Engineering
Announcing Fibratus 2.2.0 - adversary tradecraft detection, protection, and hunting
24.onward.abs-debug
Hexacorn
Rundll32 and Phantom DLL lolbins, 32-bit version
HackerNews
Zyxel 路由器曝出 OS 命令注入漏洞,影响多个版本
美国一 AI 公司因非法收集面部数据被罚超 3000 万欧元
微软 macOS 应用程序中的新漏洞可能允许黑客获得不受限制的访问权限
俄罗斯社交网络服务商 VK 再遭入侵,3.9 亿用户受影响
德国、英国交通部门确认遭受网络攻击,均表示运营未受影响
卡巴斯基报告:黑客利用 WinRAR 漏洞对俄罗斯和白俄罗斯发起攻击
奇客Solidot–传递最新科技情报
苹果开始在印度生产新款 iPhone 高端机型
Halliburton 称黑客从其系统中删除了数据
索尼下架刚刚上线的游戏《星鸣特攻》
40 亿年前木星卫星 Ganymede 遭撞击导致其轴心偏移
英特尔面临被剔除出道琼斯指数
在巴西屏蔽 X 之后 Bluesky 四天增加了 200 万新用户
Firefox 130 释出
FreeBuf网络安全行业门户
FreeBuf早报 | 智能网联汽车国家标准发布;黑客利用WinRAR漏洞攻击俄罗斯
美国一AI公司因非法收集面部数据被罚超3000万欧元
俄罗斯版“微信”遭黑客入侵,泄露3.9亿条用户数据
尽快更新!Zyxel 路由器曝出 OS 命令注入漏洞,影响多个版本
黑海洋 - WIKI
一键开启BBRv3 ARM架构 基于最新liunx内核编译
体验盒子
解决Xcode:Unable to boot device because it cannot be located on disk.
看雪学苑
2024 KCTF 大赛 | 第九题《第一次接触》设计思路及解析
因公开被盗数据,一安全研究员被起诉涉嫌非法泄露数据
看雪安卓1w班更新【第十章】静态分析——常用工具介绍
代码卫士
D-Link 不打算修复 DIR-846W 路由器中的这四个RCE漏洞
合勤提醒注意路由器中的严重OS命令注入漏洞
VMware 修复Fusion中的高危代码执行漏洞
奇安信病毒响应中心
窥伺暗藏:Cobalt Strike隐秘攻击活动探析
安全内参
战略转向!勒索软件正在肆虐东南亚地区
智能网联汽车安全强制性国家标准正式发布
腾讯玄武实验室
每日安全动态推送(9-4)
dotNet安全矩阵
.NET 一款免安装运行Python的渗透工具
34套.NET系统漏洞威胁情报(09.04更新)
.NET 内网攻防实战电子报刊 (09.04更新)
安全客
警惕新型木马Rocinante!通过伪装银行应用程序窃取账号密码等敏感数据
安全牛
OT安全零死角!Fortinet OT安全平台再升级
安全圈
【安全圈】尽快更新!Zyxel 路由器曝出 OS 命令注入漏洞,影响多个版本
【安全圈】俄罗斯版“微信”遭黑客入侵,泄露3.9亿条用户数据
【安全圈】美国一AI公司因非法收集面部数据被罚超3000万欧元
【安全圈】因与媒体共享勒索事件实情,美国一研究人员被政府起诉
关键基础设施安全应急响应中心
针对中国公务人员的大规模网络钓鱼活动
系统被黑致使客户摄像头遭未授权访问,这家安防公司被罚超2000万元
恶意软件利用零日漏洞感染报废的AVTECH IP 摄像机
航空安全系统曝严重漏洞,黑客可绕过安检进入驾驶舱
极客公园
华为三折叠手机定名 Mate XT;ChatGPT 新增 8 种语音,狗叫更自然;暴跌六成,英特尔或被踢出道琼斯指数|极客早知道
中国信息安全
通知 | 工信部等十一部门联合发文 推动新型信息基础设施协调发展(附全文)
专家观点 | 法律如何应对人工智能的发展
专家观点 | 抗量子密码:为全球网络安全筑起新防线
发布 | 中国信通院发布《大模型落地路线图研究报告(2024年)》(附下载)
4问+1图 | 读懂《关于推动新型信息基础设施协调发展有关事项的通知》
评论 | 整治“指尖上的形式主义”
CNCERT国家工程研究中心
针对中国公务人员的大规模网络钓鱼活动
基于密码的大模型安全治理的思考
俄罗斯最大社交网站VK数据泄露 ,涉及3.9亿用户信息
勒索软件攻击后快速恢复的八个关键步骤
安全学术圈
中科院软件所 | 一种针对非回溯正则引擎ReDoS漏洞的有效检测方法
知道创宇404实验室
原创 Paper | 通过杀软 avast 及 no-defender 工具分析 Windows 防护机制
奇安信 CERT
Apache OFBiz 服务端请求伪造漏洞(CVE-2024-45507)安全风险通告
嘶吼专业版
Cicada3301 勒索软件的 Linux 加密器针对 VMware ESXi 系统
三项智能网联汽车强制性国家标准正式发布(附图解)
山石网科安全技术研究院
2024年羊城杯粤港澳大湾区网络安全大赛WP-MISC篇
OPPO安全中心
【中秋献礼】OSRC中秋礼盒免费兑换!
美团安全应急响应中心
美团安全亮相KCon 2024,分享RDI技术新视角
国家互联网应急中心CNCERT
网络安全信息与动态周报2024年第35期(8月26日-9月1日)
威胁猎人Threat Hunter
短短20分钟被薅7000万!背后是专业的营销欺诈产业链
Google Online Security Blog
Deploying Rust in Existing Firmware Codebases
Securityinfo.it
Cybercriminali usano software GlobalProtect falsi per distribuire il malware WikiLoader
Da Trend Micro nuove funzionalità per contrastare i deepfake
Una vecchia vulnerabilità nelle telecamere AVTECH è stata sfruttata per attacchi botnet
SANS Internet Storm Center, InfoCON: green
Scans for Moodle Learning Platform Following Recent Update, (Wed, Sep 4th)
ISC Stormcast For Wednesday, September 4th, 2024 https://isc.sans.edu/podcastdetail/9124, (Wed, Sep 4th)
Schneier on Security
Security Researcher Sued for Disproving Government Statements
bellingcat
Barsalogho Massacre: How Defensive Trenches Became a Mass Grave
Over Security - Cybersecurity news aggregator
Red team tool ‘MacroPack’ abused in attacks to deploy Brute Ratel
Microchip Technology confirms data was stolen in cyberattack
US indicts two RT employees for alleged Russian disinformation effort
DOJ seizes dozens of domains used in Russian influence campaigns targeting swing states
US cracks down on Russian disinformation before 2024 election
X is hiring staff for security and safety after two years of layoffs
Cisco fixes root escalation vulnerability with public exploit code
New Eucleak attack lets threat actors clone YubiKey FIDO keys
Cisco warns of backdoor admin account in Smart Licensing Utility
Hackers inject malicious JS in Cisco store to steal credit cards, credentials
Google backports fix for Pixel EoP flaw to other Android devices
Riduzione dei Falsi Positivi
Cybercriminali usano software GlobalProtect falsi per distribuire il malware WikiLoader
Criminal IP Earns PCI DSS v4.0 Certification for Top-Level Security
European data privacy watchdog closes case against X over its Grok AI bot
The Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government
FudModule Rootkit Targets Crypto, Linked to North Korean Citrine Sleet Group
Revival Hijack supply-chain attack threatens 22,000 PyPI packages
Hackers linked to Russia and Belarus increasingly target Latvian websites, officials say
Sami Khoury, head of Canada’s cyber agency, starts new role in government
Da Trend Micro nuove funzionalità per contrastare i deepfake
What is a spoofing attack? What Financial Institutions Need to Know
Mallox ransomware: in-depth analysis and evolution
TA-FudModule Rootkit Targets Crypto, Linked to North Korean Citrine Sleet Group
CISA Warns of Critical ICS Vulnerabilities in Rockwell and Delta Electronics
Una vecchia vulnerabilità nelle telecamere AVTECH è stata sfruttata per attacchi botnet
AZORult Malware: Technical Analysis
Tor Project blog
New Release: Tor Browser 13.5.3
Arti 1.2.7 is released: onion services, RPC, and more
Securelist
Mallox ransomware: in-depth analysis and evolution
Instapaper: Unread
Where The Wild Tags Are & Other AirTag Stories.
Diffamazione, norme invecchiate male perché serve un restyling
Italy, exposed database puts dental clinic patients’ data at risk
Hacktivist Group Exploit WinRAR Vulnerability to Encrypt Windows & Linux
SQL Injection Attack on Airport Security
YubiKeys cryptographic Flaw Let Attackers Clone Devices by Extracting Private Key
Trend Micro Research, News and Perspectives
Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion
TorrentFreak
UFC & MLB Join Pirate IPTV Blocking as Broadcasters Collaborate to Cut Costs
TorrentGalaxy is Back Online & Uploads Resume
The Register - Security
Palo Alto takes a big $500M bite out of IBM QRadar
Copilot for Microsoft 365 might boost productivity if you survive the compliance minefield
Planned Parenthood confirms cyber-attack as RansomHub threatens to leak data
Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade
Telegram apologizes to South Korea and takes down smutty deepfakes
Ex-senior New York State staffer charged in cash-for-favors scandal with China
Deeplinks
U.S. Federal Employees: Plant Your Flag for Digital Freedoms Today!
EFF Calls For Release of Alexey Soldatov, "Father of the Russian Internet"
TG Soft Software House - News
Phishing
: i tentativi di furto credenziali e/o dati maggiormente diffusi nel mese di
SETTEMBRE 2024
...
Technical Information Security Content & Discussion
EUCLEAK Impact on Hardware Wallet Security
Revival Hijack - PyPI hijack technique exploited in the wild, puts 22K packages at risk
Social Engineering
If you said "i'm holding you up here/ i'm a nuisance" what form of persuasion is this?
HOW TO GAUGE OTHERS INTERNAL STATES
吴鲁加
好设计的十条要求
Computer Forensics
A great rant by Brett Shavers on DFIR
Can you tell if a laptop is formatted.
Transitioning to Computer Forensics
Accessing a forensic disk image using Python
Your Open Hacker Community
Software that pass basic card protection
I've been learning and building on my skills but I've encountered something beyond my current capabilities that I'd like to deal with.
The Hacker News
North Korean Hackers Targets Job Seekers with Fake FreeConference App
Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw
Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack
Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers
The New Effective Way to Prevent Account Takeovers
Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database
Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack
Deep Web
Anybody that can find out information about a certain person?
NVISO Labs
MEGAsync Forensics and Intrusion Attribution
Graham Cluley
Smashing Security podcast #383: The Godfather club, and AirTags to the rescue
Palo Alto Networks Blog
Crush It, Don’t Get Crushed — Combat SOC Analyst Burnout with AI
Security Affairs
Google fixed actively exploited Android flaw CVE-2024-32896
Discontinued D-Link DIR-846 routers are affected by code execution flaws. Replace them!
Head Mare hacktivist group targets Russia and Belarus
Zyxel fixed critical OS command injection flaw in multiple routers
Security Weekly Podcast Network (Audio)
Hacker Heroes - Mark Loveless - PSW Vault
Dark Space Blogspot
Quali Differenze Ci Sono Tra Ethereum e Solana? Decentralizzazione, Sicurezza, Issuance
每日安全资讯(2024-09-05)