issues
search
ruohong2018
/
ruohong2018.github.io
GNU General Public License v3.0
29
stars
3
forks
source link
[每日信息流] 2024-09-12
#579
Open
ruohong2018
opened
1 week ago
ruohong2018
commented
1 week ago
每日安全资讯(2024-09-12)
Security Boulevard
Vulnerability handling requirements for NIS2 compliance
FFIEC Will Sunset the Cybersecurity Assessment Tool: Everything You Need to be Prepared
USENIX Security ’23 – Differential Testing of Cross Deep Learning Framework APIs: Revealing Inconsistencies and Vulnerabilities
Customer Story | Protecting Students and Data in Google Workspace at Santa Rita Union School District
New Findings on the National Public Data Breach: Poor Security Measures and the Role of Infostealer Malware as a Possible Vector of Attack
Microsoft Fixes Four 0-Days — One Exploited for SIX YEARS
In Memoriam: 9/11 Victims
Understand Blocked Requests Faster with Rule Tracing | Impart Security
Can AI Help Fix Security Vulnerabilities?
How to Handle Secrets in Go
Files ≈ Packet Storm
VICIdial 2.14-917a Remote Code Execution
VICIdial 2.14-917a SQL Injection
Ubuntu Security Notice USN-6998-1
Red Hat Security Advisory 2024-6576-03
Red Hat Security Advisory 2024-6569-03
Red Hat Security Advisory 2024-6568-03
Red Hat Security Advisory 2024-6567-03
Red Hat Security Advisory 2024-6560-03
Red Hat Security Advisory 2024-6559-03
Red Hat Security Advisory 2024-6558-03
Red Hat Security Advisory 2024-6557-03
Red Hat Security Advisory 2024-6536-03
Red Hat Security Advisory 2024-6529-03
Queuing Simple Chatbot 1.0 Shell Upload
Profiling System 1.0 Shell Upload
Passion Responsive Blogging 1.0 Cross Site Scripting
Online Survey System 1.0 Cross Site Scripting / Remote File Inclusion
Online Birth Certificate System 1.0 Insecure Settings
Medical Card Generations System 1.0 Insecure Settings
Emergency Ambulance Hiring Portal 1.0 WYSIWYG Code Injection
Printable Staff ID Card Creator System 1.0 Insecure Direct Object Reference
Trustwave Blog
Insider Threats: The Hidden Enemy Within Financial Services
Recent Commits to cve:main
Update Wed Sep 11 22:31:15 UTC 2024
Update Wed Sep 11 14:36:49 UTC 2024
Update Wed Sep 11 06:25:08 UTC 2024
安全客-有思想的安全新媒体
联邦调查局起诉了两名涉嫌 WWH Club 暗网市场的管理员
Predator 间谍软件更新了危险新功能,升级版更加难以追踪
美国 CISA 将 SonicWall SonicOS、ImageMagick 和 Linux 内核漏洞添加到其已知已利用漏洞目录中
美国联邦调查局称,加密货币诈骗每年为网络犯罪分子敛财 56 亿美元
新型 PIXHELL 攻击利用屏幕噪音从气隙计算机中窃取数据
网络人员短缺仍然是 CISO 面临的最大挑战
CISA 确认 SonicWall 漏洞正在被利用 (CVE-2024-40766)
微软在 Office 2024 中禁用默认 ActiveX 控件以提高安全性
微软修复了 4 个被利用的零日漏洞和一个导致早期安全修复失效的代码漏洞
在大湾区,探索“数据跨境”的安全密码
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
新的 PIXHELL 声学攻击泄露液晶屏幕噪音机密
丈八网安获5000万元B轮融资 加速网络仿真技术创新及应用实践
一个被知识诅咒的人
深入探索Go语言中的函数:匿名函数、指针参数与函数返回
探索Go语言中的随机数生成、矩阵运算与数独验证
Sucuri Blog
SiteCheck Remote Website Scanner — Mid-Year 2024 Report
SecWiki News
SecWiki News 2024-09-11 Review
Bug Bounty in InfoSec Write-ups on Medium
Google Safe Browsing Blacklisting Due to Website Compromise
cloud world
探索 Goja:Golang 中的 JavaScript 运行时
Hexacorn
Rundll32.exe bomb
VMRay
Why Best-in-Class Security Solutions Outmatch Product Suites
Inside Stormshield
A la rencontre des collaborateurs de Stormshield
Sandfly Security Blog RSS Feed
Free Sandfly Linux Incident Response License
Reverse Engineering
How windows executables work inside
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
Still seeing people use HxD, checkout ImHex instead
Backtraces in the Mirror: Stealing the Secrets of Elves and Dwarves to Perform Mad Science!!
Malware-Traffic-Analysis.net - Blog Entries
2024-09-11 - Data dump: Remcos RAT and XLoader (Formbook)
Sucuri Blog
SiteCheck Remote Website Scanner — Mid-Year 2024 Report
PortSwigger Blog
Burp Suite Performance Improvements
PortSwigger Blog
Burp Suite Performance Improvements
bishopfox.com
Exploring Large Language Models: Local LLM CTF & Lab
Security Café
Red Team Finds A Way – (IN)Secure By Design
daniel.haxx.se
curl 8.10.0
FreeBuf网络安全行业门户
新型 PIXHELL 声音攻击能从 LCD 屏幕噪音中泄露信息
FreeBuf早报 | 这个国家或将保护白帽黑客;新加坡拟立法禁止使用Deepfake
卡巴斯基发布的 EDR 防护杀手,被勒索组织广泛使用
奇客Solidot–传递最新科技情报
新加坡通过平台人员法案
在 AI 虚假信息之后 Taylor Swift 公开支持 Kamala Harris
你可以花 20 万美元在阿里巴巴上购买人工金刚石机器
SpaceX 执行首次商业太空行走任务
Firefox 115 ESR 将支持 Windows 7/8/8.1 到 2025 年 3 月
色盲者不挑食
Tor 节点运营者遭德国警方突击搜查
俄罗斯计划投入 590 亿卢布封堵 VPN
微软警告正在利用的 0day 会回滚安全补丁
索尼宣布售价 700 美元的 PS5 Pro
黑海洋 - WIKI
利用CloudFlare Pages和R2实现的免费图床
discord-image:基于Discord的开源免费图床
安全牛
活动预告 | 《勒索攻击防护技术应用指南(2024版)》线上发布会即将举办
美国华盛顿州34所公立学校因网络攻击紧急停课两天;“阅后即焚”策略可被轻松绕过,Meta紧急修复WhatsApp隐私缺陷 |牛览
AI风险审计方法论
《电子政务电子认证服务管理办法》发布;京东、淘宝等62款APP完成个人信息收集使用合规整改 | 牛览
安全客
涉及微软多款产品,4个被利用的0 Day漏洞亟待修复
看雪学苑
混淆 Pass 分析 - Flattening
全国首例非法获取数字钱包私钥案,三名程序员在钱包App中植入后门窃取上万私钥
锦行科技
锦行科技入选《2024年中国网络安全市场100强》!
代码卫士
微软9月补丁星期二到底修复了4个还是5个0day?
Ivanti 修复Endpoint Management 软件中的严重RCE漏洞
安全内参
英国首都一学校遭勒索攻击停课近一周,学生回家等待通知
打破物理隔离:RAMBO侧信道攻击令人防不胜防
天御攻防实验室
微软计划将网络安全厂商踢出Windows内核?
dotNet安全矩阵
.NET攻防 | 一个永久的工具和知识仓库
.NET 一款免杀的白名单工具可执行系统命令
35套.NET系统漏洞威胁情报(09.11更新)
知道创宇404实验室
404星链计划 | 一大波项目版本更新
安全圈
【安全圈】卡巴斯基发布的 EDR 防护杀手,被勒索组织广泛使用
【安全圈】WhatsApp“阅后即焚”功能曝漏洞,黑客可反复查看
【安全圈】SonicWall SSL VPN曝出高危漏洞,可能导致防火墙崩溃
【安全圈】新型 PIXHELL 声音攻击能从 LCD 屏幕噪音中泄露信息
情报分析师
鲜为人知的 X/Twitter 高级精准搜索技能
【实战】使用开源情报破解谋杀案(二)
奇安信 CERT
微软9月补丁日多个产品安全漏洞风险通告:4个在野利用、7个紧急漏洞
嘶吼专业版
丈八网安获5000万元B轮融资 加速网络仿真技术创新及应用实践
新的 PIXHELL 声学攻击泄露液晶屏幕噪音机密
数世咨询
第九届“创客中国”网络安全中小企业创新创业大赛决赛暨颁奖典礼即将启幕
丈八网安获5000万元B轮融资 加速网络仿真技术创新及应用实践
安全牛
美国华盛顿州34所公立学校因网络攻击紧急停课两天;“阅后即焚”策略可被轻松绕过,Meta紧急修复WhatsApp隐私缺陷 |牛览
活动预告 | 《勒索攻击防护技术应用指南(2024版)》线上发布会即将举办
极客公园
华为 Mate XT 发布,19999元起;阿里 25 周年马云内网发声;SpaceX 尝试首次私人太空行走 | 极客早知道
火绒安全
2024-09微软漏洞通告
国家互联网应急中心CNCERT
网络安全信息与动态周报2024年第36期(9月2日-9月8日)
补天平台
9月“星推厂商”上线 | 奖金翻倍积分可达6倍!
专属SRC年度“积分挑战赛”上线 | 多重大奖等你来领
青藤云安全
2024网安周 | 程度:关键信息基础设施主动防御实践
天融信阿尔法实验室
【风险提示】天融信关于微软2024年9月安全更新的风险提示
复旦白泽战队
白泽迎新 | 学术扬帆时,共踏新征程!
深信服千里目安全技术中心
【漏洞通告】SonicWALL SonicOS 访问控制错误漏洞(CVE-2024-40766)
CNVD漏洞周报2024年第36期
山石网科安全技术研究院
微软2024年9月补丁日重点漏洞安全预警
ICT Security Magazine
Cos’è la Mobile Security?
La versione di Durov: come cambierà Telegram alla luce delle indagini sul suo CEO
IT Service Management News
CIS Critical Security Controls Version 8.1
Over Security - Cybersecurity news aggregator
UK designates the data center sector part of its ‘Critical National Infrastructure’
Fake password manager coding test used to hack Python developers
SiteCheck Remote Website Scanner — Mid-Year 2024 Report
TD Bank fined $28 million for sharing inaccurate and negative data on customers
Hackers have sights set on four Microsoft vulnerabilities, CISA warns
WordPress.org to require 2FA for plugin developers by October
Adobe fixes Acrobat Reader zero-day with public PoC exploit
Popular French retailers confirm hackers stole customer data
Major ICS Security Flaws Disclosed in LOYTEC, Hughes, and Baxter Products
Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API
Kali Linux 2024.3 Release (Multiple transitions)
Japanese media giant investigating another reported data leak by BlackSuit hackers
Criminal IP and IPLocation.io Join Forces for Enhanced IP Analysis
Payment-processing company says data breach potentially affected 1.7 million people
Chinese hackers linked to cybercrime syndicate arrested in Singapore
CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog
How to Analyze Malware in ANY.RUN Sandbox: Eric Parker’s Guide
DragonRank, a Chinese-speaking SEO manipulator service provider
Vulnerabilità di Commad Injection in Rust
Vulnerabilità critica su PaloAlto OS
Vulnerabilità critica su PuTTY
CVE Advisory - Oracle BI Publisher - Unauthenticated Remote Code Execution
Vulnerabilità risolte in GOlang
Uncovering an undetected KeyPlug implant attacking industries in Italy
Vulnerabilità critica in Zabbix
Vulnerabilità su Checkpoint VPN sfruttata in the wild
Vulnerabilità critica in PHP sfruttata in the wild
Polyfill Supply Chain Attack
Vulnerabilità regreSSHion in OpenSSH server
Gravi vulnerabilità in MOVEit
Nuovi attacchi prendono di mira l’industria militare di Taiwan
Securing Gold : Hunting typosquatted domains during the Olympics
Kali Linux
Kali Linux 2024.3 Release (Multiple transitions)
Securityinfo.it
Nuovi attacchi prendono di mira l’industria militare di Taiwan
SANS Internet Storm Center, InfoCON: green
Python Libraries Used for Malicious Purposes, (Wed, Sep 11th)
ISC Stormcast For Wednesday, September 11th, 2024 https://isc.sans.edu/podcastdetail/9134, (Wed, Sep 11th)
Schneier on Security
Evaluating the Effectiveness of Reward Modeling of Generative AI Systems
Posts By SpecterOps Team Members - Medium
ADCS Attack Paths in BloodHound — Part 3
contagio
2024-09-10 KIMSUKY (North Korean APT) Sample (Sakai @sakaijjan - Terms and Conditions.msc)
2024-09-03 LUXY Ransomware / Stealer Sample
The Hacker News
Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances
DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe
Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate
Why Is It So Challenging to Go Passwordless?
Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware
Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws
Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities
TorrentFreak
Namecheap Flagged for EU ‘Piracy Watchlist’ After Failing to Block Infringing Sites
Blackhat Library: Hacking techniques and research
Question about web browser extensions and vulnerabilities.
Deep Web
Would anyone be interested in free VPS hosting?
Information Security
How ABAC Makes Access Management Smarter
End-to-End AWS KMS Data Encryption and Decryption Tutorial
Social Engineering
How society programs you: Algorithms
Security Affairs
Highline Public Schools school district suspended its activities following a cyberattack
RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR
Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)
Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days
Deeplinks
Stopping the Harms of Automated Decision Making | EFFector 36.12
Britain Must Call for Release of British-Egyptian Activist and Coder Alaa Abd El Fattah
netsecstudents: Subreddit for students studying Network Security and its related subjects
Exalumnos del máster de CiberSeguridad de Evolve Academy
Your Open Hacker Community
sql injection
How to hack ezviz camera
Overclock ex beam electric scooter
Graham Cluley
Hacker pleads guilty after arriving on plane from Ukraine with a laptop crammed full of stolen credit card details
Computer Forensics
Google admin console
Cellebrite Reseller
360数字安全
2024网安周|360荣获国家级机构五大奖项!彰显网络安全实力
定了!360粤港澳大湾区数字安全科技创新总部将落地“湾心”南沙
Technical Information Security Content & Discussion
Feeld dating app - Your nudes and data were publicly available
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI - watchTowr Labs
SSH Keystroke Obfuscation Bypass
The Security Canary Maturity Model
Blog Series on Android Bytecode Exploitation
A new TrickMo saga: from Banking Trojan to Victim's Data Leak | Cleafy Labs
Why Django’s [DEBUG=True] is a Goldmine for Hackers
The Register - Security
Cyber crooks shut down UK, US schools, thousands of kids affected
Major sales and ops overhaul leads to much more activity ... for Meow ransomware gang
Hunters International cyber-gang extorts Chinese mega-bank's London HQ
So you paid a ransom demand … and now the decryptor doesn't work
How $20 and a lapsed domain allowed security pros to undermine internet integrity
Mind the talent gap: Infosec vacancies abound, but hiring is flat
India to train 5,000 'Cyber Commandos'
Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack
每日安全资讯(2024-09-12)