[每日信息流] 2024-09-11

[ruohong2018]

每日安全资讯（2024-09-11）

• Recent Commits to cve:main
  • Update Tue Sep 10 22:27:26 UTC 2024
  • Update Tue Sep 10 14:37:08 UTC 2024
  • Update Tue Sep 10 06:36:14 UTC 2024
• Twitter @Nicolas Krassas
  • RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software https://www.bleepingcomputer.com/news/security/ransomhub-ransomware-abuses-ka...
  • Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2024-patch-tues...
  • 4 CVE exploited in the wild, on Microsoft's Patch CVE-2024-43491 - 9.8 - Microsoft Windows Update Remote Code Execution Vulnerability CVE-2024-38014 -...
  • Wix to block Russian users starting September 12 https://www.bleepingcomputer.com/news/legal/wix-to-block-russian-users-starting-september-12/
  • Mustang Panda Feeds Worm-Driven USB Attack Strategy https://www.darkreading.com/cyberattacks-data-breaches/mustang-panda-worm-driven-usb-attack
  • Russia's Top Secret Military Unit Reportedly Plots Undersea Cable Sabotage https://packetstormsecurity.com/news/view/36315/Russias-Top-Secret-Military...
  • Flipper Zero releases Firmware 1.0 after three years of development https://www.bleepingcomputer.com/news/hardware/flipper-zero-releases-firmware-10-a...
  • CISA Breaks Silence On Controversial Airport Security Bypass Vulnerability https://packetstormsecurity.com/news/view/36316/CISA-Breaks-Silence-On-Cont...
  • Getting code execution on Veeam through CVE-2023-27532 https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/
  • Re @sch_cor https://www.youtube.com/watch?v=Vh2-Oa1x7xM&t=61s
  • Ivanti Issues Patch for Critical Vulnerabilities in Endpoint Manager, Including CVE-2024-29847 (CVSS 10.0) https://securityonline.info/ivanti-issues-p...
  • Crypto scams rake in $5.6B a year for cyberscum lowlifes, FBI says https://go.theregister.com/feed/www.theregister.com/2024/09/10/crypto_scams_rake_in...
  • Quad7 botnet operation expands targeting, infrastructure https://www.scmagazine.com/brief/quad7-botnet-operation-expands-targeting-infrastructure
  • UltraAV acquires almost 1M US Kaspersky clients https://www.scmagazine.com/brief/ultraav-acquires-almost-1m-us-kaspersky-clients
  • Browser Stored Credentials https://ipurple.team/2024/09/10/browser-stored-credentials/
  • SAP Security Patch Day – September 2024 https://www.reddit.com/r/netsec/comments/1fdeno6/sap_security_patch_day_september_2024/
  • Man Faces 20 Years in Prison for First-Ever AI Music Streaming Scam https://hackread.com/man-faces-prison-first-ever-ai-music-streaming-scam/
  • CloudGoat Official Walkthrough Series: ‘glue_privesc’ https://rhinosecuritylabs.com/cloud-security/cloudgoat-walkthrough-glue_privesc/
  • Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia https://thehackernews.com/2024/09/experts-identify-3-chinese-linked.h...
  • National Public Data breach underscores the need for stronger digital identities https://www.scmagazine.com/perspective/national-public-data-breach-un...
• Tenable Blog
  • Microsoft’s September 2024 Patch Tuesday Addresses 79 CVEs (CVE-2024-43491)
• paper - Last paper
  • DarkHotel APT 组织 Observer 木马攻击分析
• Files ≈ Packet Storm
  • GitHub sqlpad/sqlpad Template Injection / Remote Code Execution
  • Spring Cloud Data Flow Remote Code Execution
  • PowerVR DEVMEMXINT_RESERVATION::ppsPMR Use-After-Free
  • Ubuntu Security Notice USN-6997-1
  • OX App Suite Backend 7.10.6-rev66 / 8.24.7 Open Redirect
  • Ubuntu Security Notice USN-6996-1
  • Proxmark3 4.18994 Custom Firmware
  • Ubuntu Security Notice USN-6841-2
  • Red Hat Security Advisory 2024-6510-03
  • Red Hat Security Advisory 2024-6508-03
  • Ubuntu Security Notice USN-6994-1
  • Red Hat Security Advisory 2024-6503-03
  • Red Hat Security Advisory 2024-6502-03
  • Red Hat Security Advisory 2024-6501-03
  • Prison Management System 1.0 Add Administrator
  • Red Hat Security Advisory 2024-6500-03
  • Red Hat Security Advisory 2024-6499-03
  • Red Hat Security Advisory 2024-6497-03
  • Red Hat Security Advisory 2024-6495-03
  • Online Survey System 1.0 Remote File Inclusion
  • Red Hat Security Advisory 2024-6494-03
  • Red Hat Security Advisory 2024-6493-03
  • Online Student Grading System 1.0 SQL Injection
  • Red Hat Security Advisory 2024-6488-03
  • Online Marriage Registration System 1.0 Shell Upload
• CXSECURITY Database RSS Feed - CXSecurity.com
  • C-MOR Video Surveillance 5.2401 Path Traversal
  • C-MOR Video Surveillance 5.2401 / 6.00PL01 SQL Injection
  • SerComm Network Device Backdoor Detection
• Security Boulevard
  • How SOAR Automation is Boosting MSSP Revenue Without Replacing Human Workers
  • Manufacturing, Industrial Sectors Are Under Siege
  • USENIX Security ’23 – Decompiling x86 Deep Neural Network Executables
  • Delinea Survey Surfaces Spike in Cybersecurity Insurance Claims
  • Daniel Stori’s Turnoff.US: ‘Who Killed MySQL? – Epilogue’
  • How One Consultancy Behemoth Uses HYAS for Unrivaled Cybersecurity
  • How Effective Threat Hunting Programs are Shaping Cybersecurity
  • The First Set of Post-Quantum Cryptography Standards Are Out. What Should You Do Next?
  • USENIX Security ’23 – Can a Deep Learning Model for One Architecture Be Used for Others? Retargeted-Architecture Binary Code Analysis
  • Phishing Via Typosquatting and Brand Impersonation: Trends and Tactics
• SecWiki News
  • SecWiki News 2024-09-10 Review
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • 2024网安周 | 中国网络安全创新创业大赛，梆梆安全荣获解决方案二等奖
  • 梆梆安全首批入驻海淀网信办网络安全公共服务平台，实力推助产业融合发展新生态
  • 再度登榜 | 梆梆安全入选CCIA2024年中国网安产业竞争力50强
  • 《人工智能安全治理框架》1.0版发布
  • 新的 RAMBO 攻击利用隔离计算机中的 RAM 窃取数据
• Trustwave Blog
  • Trustwave SpiderLabs Research: Phishing Behind 49% Attacks Against Financial Institutions
• 一个被知识诅咒的人
  • 深入解析Go语言的容器包
  • Go语言中的队列与栈：基础与实践
• contagio mobile
  • 2024-09-05 SPYAGENT Android Malware Stealing Crypto Credentials via Image Recognition / OCR Samples
• 安全客-有思想的安全新媒体
  • 黑客利用 GeoServer 漏洞植入后门和僵尸网络恶意软件
  • 北卡罗来纳州男子因涉嫌AI生成音乐欺诈在流媒体平台窃取版税面临刑事指控
  • Progress Software 修复了 LoadMaster 中的一个严重漏洞（CVE-2024-7591）
  • 新的 Android SpyAgent 恶意软件使用 OCR 窃取加密钱包恢复密钥
  • 支付网关遭到网络攻击，170 万张信用卡信息泄露
  • Veeam Backup & Replication 的远程代码执行漏洞可能很快会被勒索软件团伙利用
  • Blind Eagle 威胁组织利用定制 Quasar RAT 攻击哥伦比亚保险业
  • Akira 勒索软件行为者利用 SonicWall 漏洞实现远程代码执行
  • 新型RAMBO攻击利用RAM无线电信号从物理隔离网络中窃取数据
• SpiderLabs Blog
  • Trustwave SpiderLabs Research: 20% of Ransomware Attacks in Financial Services Target Banking Institutions
• GuidePoint Security
  • Hazard Ransomware – A Successful Broken Encryptor Story
• Trail of Bits Blog
  • Sanitize your C++ containers: ASan annotations step-by-step
• blog.avast.com EN
  • Are you having the right conversations about online safety with your kids?
• Malwarebytes
  • Payment provider data breach exposes credit card information of 1.7 million customers
  • Your partner “is cheating on you” scam asks you to pay to see proof
• Reverse Engineering
  • Reverse Engineering SIP based door intercom/control system
  • Reverse Engineering a Kernel Driver challenge
• Dhole Moments
  • Invisible Salamanders Are Not What You Think
• FreeBuf网络安全行业门户
  • FreeBuf早报 | Wifi路由器成为僵尸网络Quad7目标；去年美国加密货币诈骗超56亿
  • WhatsApp“阅后即焚”功能曝漏洞，黑客可反复查看
  • 热搜第一！韩国N号房2.0事件大爆发，Deepfake究竟有多“邪恶”？
  • SonicWall SSL VPN曝出高危漏洞，可能导致防火墙崩溃
• 安全牛
  • 梆梆安全首批入驻海淀网信办网络安全公共服务平台，实力推助产业融合发展新生态
  • 2024网安周 | 中国网络安全创新创业大赛，梆梆安全荣获解决方案二等奖
  • 再度登榜 | 梆梆安全入选CCIA2024年中国网安产业竞争力50强
  • 梆梆安全走进南京福特工程研究中心，共守智能网联汽车安全测试基线
  • 追寻红色足迹 感受革命历史 | 以高质量理论实践学习推进党员教育培训高质量发展
• 看雪学苑
  • 新课来袭 | WMBa0带你领略Android逆向的魅力！在CTF赛场上所向披靡
  • 2024年网安周｜绿盟科技：网安新十年，持续释放网安赋能关键力
  • URLDNS反序列化利用链
  • WhatsApp“阅后即焚”功能可被绕过
• HackerNews
  • 美国 AI 医疗公司服务器配置错误，5.3TB 心理健康记录遭泄露
  • 美国全面禁止卡巴斯基后，上百万用户由 Pango 公司接盘
  • 趋势科技披露针对无人机制造商的黑客活动
  • 以色列 Predator 间谍软件更新，具有危险的新功能，更难追踪
  • 以色列科研人员设计了一种新方法，利用来自内存总线的无线电信号从隔离系统中窃取数据
• dotNet安全矩阵
  • .NET 一款白名单编译器执行负载的工具
  • .NET内网实战：通过命令行解密Web.config
  • .NET 一款无Python环境下支持运行脚本的渗透工具
• 知道创宇404实验室
  • 威胁情报 | DarkHotel APT 组织 Observer 木马攻击分析
• 我的安全视界观
  • 推荐：图说安全年度打卡活动
• 安全内参
  • 网络攻击影响学区运行，美国西雅图上万学生被迫停课2天
  • 淘宝京东等62款知名App完成个人信息收集使用合规整改
• DataCon大数据安全分析竞赛
  • 知识之光，照亮一生！致敬每一位师者（评论有奖）
• 慢雾科技
  • 慢雾出品 | Web3 项目安全手册
• 中国信息安全
  • 2024网安周 | 流量预警，多图来袭！一文看遍2024年网络安全博览会
  • 2024网安周 | 《网络安全人才实战能力白皮书-安全测试评估篇》正式发布
  • 2024网安周 | 2024年国家网络安全宣传周“网络安全技术高峰论坛主论坛暨粤港澳大湾区网络安全大会”在广州市举行
  • 发布 | 国家密码管理局发布《电子政务电子认证服务管理办法》全文
  • 2024网安周 | 2024年人工智能技术赋能网络安全应用测试结果公布
  • 发布 | 《粤港澳大湾区（内地、澳门）个人信息跨境流动标准合同实施指引》全文
  • 权威解读 | 《电子政务电子认证服务管理办法》
  • 发布 | 中国网络空间安全协会发布完成个人信息收集使用合规整改App清单
• 代码卫士
  • 越制裁越猖狂？商业间谍软件使用激增
  • FreeBSD紧急提醒注意严重漏洞CVE-2024-43102
• ChaMd5安全团队
  • 第四届“长城杯”网络安全大赛暨京津冀网络安全技能竞赛（初赛）by Mini-Venom
• 安全圈
  • 【安全圈】全国首例！三名程序员在虚拟币钱包中植入“后门”，窃取上万条用户密码
  • 【安全圈】美国一 AI 公司因非法收集面部数据被罚超 3000 万欧元
  • 【安全圈】McAfee 识别出 280 多个虚假安卓应用，可能会窃取加密货币钱包
  • 【安全圈】黑客背刺同行，向对方发送信息窃取软件
• 国家互联网应急中心CNCERT
  • CNVD漏洞周报2024年第36期
  • 上周关注度较高的产品安全漏洞(20240902-20240908)
  • 2024年人工智能技术赋能网络安全应用测试结果公布
• 极客公园
  • 售价 20000 的三折叠，居然真是当下手机的「最优解」？
  • iPhone 16 系列发布，AI 功能明年进中国；百度辟谣放弃通用大模型研发；快手贾樟柯共创 AI 电影 | 极客早知道
  • AI 时代首款 iPhone 发布，意味着 AiPhone 时代到来了吗？
• 数世咨询
  • 攻击者正在以创纪录的速度利用漏洞——以下是应对措施
  • 聚焦实战型安全测评人才培养 《网络安全人才实战能力白皮书-安全测试评估篇》在国家网安周正式发布
• 嘶吼专业版
  • 新的 RAMBO 攻击利用隔离计算机中的 RAM 窃取数据
  • 《人工智能安全治理框架》1.0版发布
• 丁爸 情报分析师的工具箱
  • 【AI速读】以色列是如何影响美国政策的
• 奇客Solidot–传递最新科技情报
  • CrowdStrike 称尚未有客户正式提起诉讼
  • 欧盟裁决 Google 违反反垄断法，苹果需补缴 130 亿欧元税款
  • 全国人大审议延迟退休草案
  • Apple Watch 引入睡眠呼吸暂停检测功能
  • 首例脸部和眼睛移植手术一年后
  • 英伟达 AI 芯片在中国的租赁费用比美国便宜
  • 实体版《星鸣特攻》成为热门收藏品
  • 年轻卵泡能恢复衰老卵母细胞发育潜力
  • Redox OS 0.9.0 释出
  • 巴基斯坦科技行业对本国的防火墙忧心忡忡
  • AMD 宣布统一 GPU 架构为 UDNA
  • 达斯·维德配音演员 James Earl Jones 去世，享年 93 岁
  • 苹果发布 iPhone 16 和 iPhone 16 Plus
• 安全牛
  • 《电子政务电子认证服务管理办法》发布；京东、淘宝等62款APP完成个人信息收集使用合规整改 | 牛览
  • AI风险审计方法论
• Horizon3.ai
  • Stay Ahead of Cyber Threats with Autonomous Penetration Testing
  • Unveiling NodeZero Tripwires™: Horizon3.ai Enhances Penetration Testing with Integrated Threat Detection
• 情报分析师
  • 【实战】使用开源情报破解谋杀案（一）
  • 幕后操控者：美国情报界合同授予专报分析
• 中通安全应急响应中心
  • 关于中通SRC恢复漏洞测试的通知
• CNVD漏洞平台
  • 2023年度CNVD优秀单位（个人）表彰名单
• 默安科技
  • 谈谈俄乌战场攻防欺骗之道
• 安全研究GoSSIP
  • G.O.S.S.I.P 阅读推荐 2024-09-10 名师教你学之《后量子密码算法标准介绍》
• 青藤云安全
  • 青藤获评CNVD年度最具价值漏洞报送单位
• 奇安信 CERT
  • FreeBSD umtx释放后重用漏洞(CVE-2024-43102)安全风险通告
  • 【已复现】Apache OFBiz 服务端请求伪造漏洞(CVE-2024-45507)安全风险通告第二次更新
• 火绒安全
  • 个人版6.0功能升级 | 新增DHCP检测和ARP防护两大工具
• 字节跳动技术团队
  • 字节跳动开放计算最佳实践，亮相2024开放计算中国峰会
  • 运维效率大幅提升，字节跳动在OpenBMC可观测上的创新实践
• Qualys Security Blog
  • Microsoft and Adobe Patch Tuesday, September 2024 Security Update Review
• IT Service Management News
  • Cyber-attacco in Svizzera, muore una mucca. Lezioni sulla digitalizzazione
• Over Security - Cybersecurity news aggregator
  • Bug Left Some Windows PCs Dangerously Unpatched
  • Chinese ‘Crimson Palace’ espionage campaign keeps hacking Southeast Asian governments
  • Microsoft fixes Windows Server performance issues from August updates
  • Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score
  • New PIXHELL acoustic attack leaks secrets from LCD screen noise
  • Ivanti fixes maximum severity RCE bug in Endpoint Management software
  • Windows 10 KB5043064 update released with 6 fixes, security updates
  • RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software
  • Microsoft fixes Windows Smart App Control zero-day exploited since 2018
  • Windows 11 KB5043076 cumulative update released with 19 changes
  • Feds say ‘Terrorgram’ white supremacists used Telegram to incite attacks
  • Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
  • Wix to block Russian users starting September 12
  • Firmware 1.0 Released
  • Wix.com to block Russian users starting September 12
  • CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog
  • Flipper Zero releases Firmware 1.0 after three years of development
  • Navigating Endpoint Privilege Management: Insights for CISOs and Admins
  • Microsoft to start force-upgrading Windows 22H2 systems next month
  • The Re-Emergence of CVE-2024-32113: How CVE-2024-45195 has amplified Exploitation Risks
  • Ukrainian detained for allegedly installing CCTV cameras to aid Russian attacks
  • Washington state school district closed for second day after cyberattack
  • Russian pro-democracy nonprofit investigates alleged data breach by Kremlin-backed hackers
  • NoName ransomware gang deploying RansomHub malware in recent attacks
  • Security Training Lab: Educational Program for Universities
  • A new TrickMo saga: from Banking Trojan to Victim's Data Leak
  • ESET scopre NGate, malware per Android che sfrutta l’NFC per clonare le carte di pagamento
  • Threat Intelligence - Vulnerability insights
  • Weekly IT Vulnerability Report for August 28, 2024 – September 03, 2024
• Tails - News
  • Tails 6.7
• Securityinfo.it
  • ESET scopre NGate, malware per Android che sfrutta l’NFC per clonare le carte di pagamento
• SANS Internet Storm Center, InfoCON: green
  • Microsoft September 2024 Patch Tuesday, (Tue, Sep 10th)
  • ISC Stormcast For Tuesday, September 10th, 2024 https://isc.sans.edu/podcastdetail/9132, (Tue, Sep 10th)
• Tor Project blog
  • New Release: Tails 6.7
• Schneier on Security
  • New Chrome Zero-Day
• Full Disclosure
  • KL-001-2024-012: VICIdial Authenticated Remote Code Execution
  • KL-001-2024-011: VICIdial Unauthenticated SQL Injection
  • OXAS-ADV-2024-0005: OX App Suite Security Advisory
• Instapaper: Unread
  • The Watermarking Paradox
  • Network Forensics With Wireshark
  • GMDSOFT Tech Letter How YouTube Cache Files Reveal User Behavior
  • TeamItaly, il 13 settembre la presentazione della squadra ufficiale che parteciperà all’European Cybersecurity Challenge 2024
  • Experts demonstrated how to bypass WhatsApp View Once feature
  • Guerre di Rete - Il caso Telegram
  • Il 57% dei contenuti presenti su internet è generato dall’AI, e questo non è un bene
• The Hacker News
  • CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub
  • Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia
  • Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches
  • New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers
  • Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments
• NetSPI
  • Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
• Graham Cluley
  • The AI Fix #15: AI robot butlers and gigawatt banana highways
• The Register - Security
  • Crypto scams rake in $5.6B a year for cyberscum lowlifes, FBI says
  • Thanks, Edward Snowden: You propelled China to quantum networking leadership
• Security Affairs
  • Quad7 botnet evolves to more stealthy tactics to evade detection
  • Poland thwarted cyberattacks that were carried out by Russia and Belarus
  • U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog
  • Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals
• TorrentFreak
  • Sky Calls Out IPTV Piracy Facilitators, Including Cloudflare & Facebook
  • Verizon Asks Court to Dismiss Music Labels’ Piracy Liability Lawsuit
• Palo Alto Networks Blog
  • Using Time in Your Favor During a Ransomware Attack
• Unsupervised Learning
  • UL NO. 449: China Hits US ISPs, NIST CSF 2.0, Russian Intel Attacks, Stagnant Companies...
• Krebs on Security
  • Bug Left Some Windows PCs Dangerously Unpatched
• Deep Web
  • does goru anime's and these kinda stuff exists in deep web?
• Computer Forensics
  • Anyone got Sumuri Recon Lab or Axiom to parse Unified Logs?
• Social Engineering
  • How to get the truth about a male friend from girlfriend.
• Technical Information Security Content & Discussion
  • Browser Stored Credentials
  • Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
  • CloudGoat Official Walkthrough Series: ‘glue_privesc’
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • Ethical hacking
  • Best way for me to pivot into web app security?
  • Seeking Guidance on SecOps Certified AppSec Practitioner (SCAP) - Advice for Preparation
  • Temporary Mail Recovery
• Information Security
  • My entire ISO 27001 Information Security Toolkit+ ITIL & Project Management Templates - Free
  • Thought I’d seen everything.
  • Sality malware execution process
  • Risk Discussion: TOTP's in PW Managers
  • Digital Identity
• 360数字安全
  • 周鸿祎出席中国产业转移发展对接活动（云南） 以人工智能赋能云南承接产业转移
  • 在大湾区，探索“数据跨境”的安全密码
• Security Weekly Podcast Network (Audio)
  • AI Trucks, Solid Concrete, Sonicwall, Progress, Rust, Apple, and more... - SWN #412
  • Paying Down Tech Debt, Rust in Firmware, EUCLEAK, Deploying SSO - ASW #298
  • Cybersecurity and the Business - Theresa Lanowitz - BSW #363