issues
search
ruohong2018
/
ruohong2018.github.io
GNU General Public License v3.0
29
stars
3
forks
source link
[每日信息流] 2024-09-10
#577
Open
ruohong2018
opened
1 week ago
ruohong2018
commented
1 week ago
每日安全资讯(2024-09-10)
Files ≈ Packet Storm
Microsoft Windows DWM Core Library Privilege Escalation
Stegano 0.11.4
Packet Fence 14.0.0
Ubuntu Security Notice USN-6995-1
Breaking Oracle Database VPD Through DDL Permissions In 19c
Debian Security Advisory 5767-1
PPDB 2.4-update 6118-1 SQL Injection
POMS 1.0 Insecure Settings
Pharmacy Management System version 1.0 Insecure Settings
PDF Generator Web Application 1.0 Insecure Settings
Park Ticketing Project 1.0 SQL Injection
Online Travel Agency System 1.0 Insecure Settings
Online Tours and Travels Management System 1.0 Insecure Settings
Online Survey System 1.0 SQL Injection
Red Hat Security Advisory 2024-6428-03
Red Hat Security Advisory 2024-6421-03
Recent Commits to cve:main
Update Mon Sep 9 22:33:44 UTC 2024
Update Mon Sep 9 14:33:59 UTC 2024
Update Mon Sep 9 06:32:26 UTC 2024
paper - Last paper
网络空间的“边水往事”?针对华语黑产及用户进行攻击的 APT-K-UN3 活动分析
SecWiki News
SecWiki News 2024-09-09 Review
美团技术团队
新一代实验分析引擎:驱动履约平台的数据决策
Armin Ronacher's Thoughts and Writings
Multiversion Python Thoughts
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
客户案例:安全海外中继助力知名家电企业化解海外通邮困境
安全动态回顾|网络安全知识手册正式发布 谷歌将Pixel EoP漏洞修复程序反向移植到其他Android设备
新的 Voldemort 恶意软件滥用 Google Sheets 来存储被盗数据
安全客-有思想的安全新媒体
IBM 高管谈未来网络安全: 密码、深度伪造和量子计算
83% 的组织在过去一年中至少经历过一次勒索软件攻击
人工防火墙对于保持 SaaS 环境安全至关重要
Apache OFBiz 更新修复了导致远程代码执行的高严重性漏洞
间谍软件供应商庞大的生态系统帮助他们逃避制裁
GitHub Actions易受拼写攻击,使开发者暴露于隐藏的恶意代码风险之中
WordPress LiteSpeed 缓存插件中的一个漏洞允许账户被接管
美国 CISA 将 Draytek VigorConnect 和 Kingsoft WPS Office 错误添加到其已知利用漏洞目录中
利用大型语言模型(LLM)进行恶意攻击的手段与防范
2024网安周|广东省委书记黄坤明、中央网信办主任庄荣文一行莅临360展位
一个被知识诅咒的人
Go语言中的链表与双向链表实现
用go语言实现树和哈希表算法
Security Boulevard
Eclypsium Product Roadmap
Why Investing in Quality Analysts is Investing in Your Future
USENIX Security ’23 – BunnyHop: Exploiting the Instruction Prefetcher
FIPPA: Understanding Canada’s Information and Protection Privacy Law
Randall Munroe’s XKCD ‘Slingshots’
Introducing the Nuspire Cybersecurity Experience: A New Era of Intelligent Unification
Redefining Cyber Defense: Introducing the Nuspire Cybersecurity Experience
Meet Nutron: Your AI-Driven Ally in Proactive Cyber Defense
Achieving Cyber Clarity: myNuspire for Unified Cybersecurity Management
Empowering Cybersecurity on the Go: Nuspire’s Revolutionary Mobile App
Insinuator.net
Announcement: Progress / Kemp LoadMaster CVE-2024-7591
SpiderLabs Blog
Exploring an Experimental Windows Kernel Rootkit in Rust
Twitter @bytehx
Re @Jhaddix fine tune* btw
Re @Jhaddix I prefer RAG as well. It seems to be the best. I always try to find tune some of the models and ended up being made them worse. Yes I agre...
Malwarebytes
What the arrest of Telegram’s CEO means, with Eva Galperin (Lock and Code S05E19)
A week in security (September 2 – September 8)
Blogs dade
Weekly Retro 2024-W36
VMRay
Detection Highlights – August 2024: Bash Reverse Shells VTI Detections, Enhanced Phishing SLDs, and 4 New YARA Rules
Malware-Traffic-Analysis.net - Blog Entries
2024-09-04 - Traffic Analysis Exercise: Big Fish in a Little Pond
Offensive OSINT
Offensive OSINT s05e08 - OS Surveillance 2.0
Reverse Engineering
/r/ReverseEngineering's Weekly Questions Thread
“Unstripping” binaries: Restoring debugging information in GDB with Pwndbg
BinSub: The Simple Essence of Polymorphic Type Inference for Machine Code
SentinelOne
PinnacleOne ExecBrief | Volt Typhoon’s Winds Pick Up Speed
Dhole Moments
Doesn’t Matter
安全牛
CACTER客户案例:安全海外中继助力知名家电企业化解海外通邮困境
黑海洋 - WIKI
超轻量Prain清雨博客系统
文颜:全自动的Markdown文章排版美化工具
Real US Address Generator-真实美国地址
国行版本iOS设备开启Apple Intelligence:misakaX
解决兰奏网盘分享apk等文件需要会员问题
FreeBuf网络安全行业门户
FreeBuf早报 | 世界首个有法律约束力的AI公约出炉;伦敦交通局系统遭攻击
AI大模型新型噪声攻击曝光,可绕过最先进的后门检测
利用屏幕截图窃取秘钥,这个恶意软件受黑客追捧
HackerNews
AI 大模型新型噪声攻击曝光,可绕过最先进的后门检测
美军特战部队首次展示 WiFi“网络爆破”新技能
朝鲜黑客通过 LinkedIn 求职诈骗部署 COVERTCATCH 恶意软件
CISA 打破沉默,回应备受争议的“机场安检绕过”漏洞
乌克兰士兵遭恶意软件攻击,黑客窃取 GPS 坐标
知道创宇404实验室
威胁情报 | 网络空间的“边水往事”?针对华语黑产及用户进行攻击的 APT-K-UN3 活动分析
代码卫士
Progress 紧急修复影响 LoadMaster 的超危RCE漏洞
CISA提醒注意百特、三菱产品中的多个ICS 漏洞
安全客
或致防火墙崩溃!SonicWall SonicOS 管理访问和 SSLVPN 中存在访问控制不当漏洞
网络安全研究宅基地
2024年人工智能技术赋能网络安全应用测试结果重磅发布!
腾讯玄武实验室
每日安全动态推送(9-9)
dotNet安全矩阵
.NET攻防新突破,开源3个强大的SoapShell
ChaMd5安全团队
论文解读:《函数调用的阴暗面:破解大型语言模型的途径》
安全研究GoSSIP
G.O.S.S.I.P 阅读推荐 2024-09-09 The Horton Principle及其它
关键基础设施安全应急响应中心
关键基础设施安全资讯周报20240909期
从部署到运维:全球安全机构联手打造AI安全部署指南 | 英美安全机构《AI系统安全部署指南》全文翻译
加强网络安全体制建设 以网络安全体系和能力现代化保障中国式现代化
黑客通过 PWA 应用窃取 iOS、Android 用户的银行凭证
慢雾科技
Web3 安全入门避坑指南|貔貅盘骗局
奇客Solidot–传递最新科技情报
数十亿年前掠过太阳系的恒星改变了太阳系生态
抑郁症患者脑部特定神经网络较大
AI 不太可能取代人类的工作
Google 称用 Rust 开发 Android 固件不难
马斯克称将在 2026 年发射 Starships 火星飞船
Telegram 是犯罪活动的乐园
长播客的兴起
中国计划在 2028 年实施天问三号火星任务
触电的鸟引发野火
爱好类应用成为新的社交网络
中国信息安全
全球视野 | 国际网安快讯(第27期)
2024网安周 | 《人工智能安全治理框架》1.0版发布(附全文及下载)
2024网安周 | 以“有界安全”守护“无边网络”
专家观点 | 人工智能赋能国家治理现代化——AI治理的潜力、限度与未来
好书推荐 | 关键信息基础设施保护系列丛书
纯干货 | 大学生注意!开学反诈第一课来了
关注 | 2024年8月全国受理网络违法和不良信息举报1983.3万件
数世咨询
保险服务巨头倡议政府解决9000亿美元的网安风险
安全圈
【安全圈】安卓恶意软件SpyAgent可利用屏幕截图窃取加密货币备份密钥
【安全圈】AI大模型新型噪声攻击曝光,可绕过最先进的后门检测
【安全圈】马来西亚监管机构决定放弃ISP&DNS拦截策略 不再利用DNS屏蔽网站
【安全圈】Firefox v115 ESR版延长支持到明年3月 为Win7/8.1用户提供安全更新
信息安全国家工程研究中心
2024 国家网络安全宣传周 | 收藏学习!网络安全知识宣传手册请查收!
安全牛
《人工智能安全治理框架》1.0版公开发布
2024年国家网络安全宣传周盛大开幕;快手核心数据和战略规划信息被内部泄露,导致公司股价下跌 | 牛览
君哥的体历
探讨企业 guest-Wi-Fi 下限制网页微信传数据的方法与难题| 总第260周
安全内参
白帽黑客行为应受保护!这个国家总理宣布将修改法律
美军特战部队首次展示WiFi“网络爆破”新技能
看雪学苑
仅剩1天!SDC 2024议题征集9月10日截止
CVE-2023-2008复现笔记
网络空间的黑吃黑:黑客伪造OnlyFans工具盗取网络犯罪分子密码
【零基础】系统学习移动端漏洞挖掘
雷神众测
雷神众测漏洞周报2024.09.02-2024.09.08
情报分析师
如何评估信息来源的真实性
美国政府电话通讯录曝光(最新版|附下载)
我的安全视界观
DevSecOps实施关键:研发安全规范
锦行科技
锦行科技作为安全平行切面联盟成员单位受邀参加“2024 Inclusion·外滩大会”!
CNVD漏洞平台
CNVD漏洞周报2024年第36期
上周关注度较高的产品安全漏洞(20240902-20240908)
字节跳动技术团队
字节跳动容灾实践:同城容灾+异地多活是最好的模式吗?
您有一封「 MarsCode 中秋晚宴邀请函」待查收!
极客公园
智能汽车,进入「红米时刻」
对话钉钉总裁叶军:为 AI 狂奔 18 个月,到底值不值?
马斯克回应中国消费者冷落特斯拉;华为三折叠手机预约超两百万;恒驰汽车被申请破产清算|极客早知道
电子物证
一张图带你了解Linux 文件目录结构,很详细!
电子证据保全公证要注重强化清洁性检查
Over Security - Cybersecurity news aggregator
Critical SonicWall SSLVPN bug exploited in ransomware attacks
Chinese hackers use new data theft malware in govt attacks
Quad7 botnet targets more SOHO and VPN routers, media servers
L’ascesa delle intrusioni interattive: cosa rivelano i dati del Report Threat Hunting 2024 di CrowdStrike
CISA says SonicWall bug being exploited as experts warn of ransomware gang use
Ford seeks patent for tech that listens to driver conversations to serve ads
Highline Public Schools closes schools following cyberattack
Meta fixes easily bypassed WhatsApp ‘View Once’ privacy feature
Data of nearly 300,000 exposed in Avis cyberattack
Kimsuky-linked hackers use similar tactics to attack Russia and South Korea, researchers say
Official: DHS cyber review board will announce next investigation ‘soon’
Payment gateway data breach affects 1.7 million credit card owners
Bug lets anyone bypass WhatsApp’s ‘View Once’ privacy feature
Poland dismantles cyber sabotage group linked to Russia, Belarus
Sextortion scams now use your "cheating" spouse’s name as a lure
How to defend against brute force and password spray attacks
Ransomware attack forces high school in London to close and send students home
A glimpse into the Quad7 operators’ next moves and associated botnets
UK National Crime Agency, responsible for fighting cybercrime, ‘on its knees,’ warns report
Reputation Hijacking with JamPlus: A Maneuver to Bypass Smart App Control (SAC)
Car rental giant Avis data breach impacts over 299,000 customers
Reputational Hijacking with JamPlus: A Maneuver to Bypass Smart App Control (SAC)
Una vulnerabilità di LiteSpeed Cache di WordPress permette il furto di account
Loki: a new private agent for the popular Mythic framework
CERT-AGID 31 agosto – 6 settembre: arriva la terza campagna in un mese che diffonde il malware Vidar
Progress LoadMaster vulnerable to 10/10 severity RCE flaw
火绒安全
火绒安全终端防护数据月报(2024-08)
山石网科安全技术研究院
探讨Windows SeRelabelPrivilege特权滥用的危害
0x00sec - The Home of the Hacker - Top topics
0x00sec Hack - Profile Icon
默安科技
全国三等奖!默安科技推动软件供应链安全创新发展
Securityinfo.it
Una vulnerabilità di LiteSpeed Cache di WordPress permette il furto di account
CERT-AGID 31 agosto – 6 settembre: arriva la terza campagna in un mese che diffonde il malware Vidar
嘶吼专业版
新的 Voldemort 恶意软件滥用 Google Sheets 来存储被盗数据
安全动态回顾|网络安全知识手册正式发布 谷歌将Pixel EoP漏洞修复程序反向移植到其他Android设备
Schneier on Security
Australia Threatens to Force Companies to Break Encryption
ICT Security Magazine
AIIA, lo strumento per una governance responsabile dell’Intelligenza Artificiale
银针安全
多组件客户端
Securelist
Loki: a new private agent for the popular Mythic framework
Qualys Security Blog
Partnering for Security: Qualys Solutions for Microsoft Azure Linux in AKS
Trend Micro Research, News and Perspectives
Earth Preta Evolves its Attacks with New Malware and Strategies
TorrentFreak
Hollywood and Netflix Report Piracy Threats to the EU, Call for ‘Intermediary’ Action
Pirate IPTV Arrests in Sweden Should Include Users, Rightsholders Tell Govt.
The Register - Security
WhatsApp's 'View Once' could be 'View Whenever' due to a flaw
Russia's top-secret military unit reportedly plots undersea cable 'sabotage'
Avis alerts nearly 300k car renters that crooks stole their info
1.7M potentially pwned after payment services provider takes a year to notice break-in
Strengthening enterprise storage against cyber threats
Kremlin-linked COLDRIVER crooks take pro-democracy NGOs for phishy ride
Cybersecurity regulation stepping up
Predator spyware updated with dangerous new features, also now harder to track
The Hacker News
New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks
One More Tool Will Do It? Reflecting on the CrowdStrike Fallout
Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT
Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks
Webinar: How to Protect Your Company from GenAI Data Leakage Without Losing It’s Productivity Benefits
Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free
Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor
New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys
TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign
U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks
Information Security
MFA Question
Using ABAC to improve security of personal data
Blueprint for Building Secure Systems: Master the Framework to Protect Your Data
Social Engineering
What do people think of Dale Carnegie here?
Give your best pitch for blood donation drive
netsecstudents: Subreddit for students studying Network Security and its related subjects
Practice Test Resource for CCNA 200-301 Certification Exam
Need Help with Game Idea
360数字安全
攻防0失分,就是Happy Ending?
Computer Forensics
File Carving in relation to Cfce amd Gcfe
Technical Information Security Content & Discussion
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
When Certificates Fail: A Story of Bypassed MFA in Remote Access
How EDR works: the (Anti-)EDR Compendium
Analysis of GitHub Enterprise vulnerabilities (CVE-2024-0507/CVE-2024-0200)
Companion scanner for mockingjay injection - My approach to DLL scanning in search for RWX regions
Security Affairs
Experts demonstrated how to bypass WhatsApp View Once feature
Predator spyware operation is back with a new infrastructure
TIDRONE APT targets drone manufacturers in Taiwan
Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401
Progress Software fixed a maximum severity flaw in LoadMaster
SANS Internet Storm Center, InfoCON: green
Wireshark 4.4's IP Address Functions, (Mon, Sep 9th)
ISC Stormcast For Monday, September 9th, 2024 https://isc.sans.edu/podcastdetail/9130, (Mon, Sep 9th)
Blackhat Library: Hacking techniques and research
I need Android to Android rat app
每日安全资讯(2024-09-10)