[每日信息流] 2024-09-14

[ruohong2018]

每日安全资讯（2024-09-14）

• Recent Commits to cve:main
  • Update Fri Sep 13 22:27:51 UTC 2024
  • Update Fri Sep 13 14:25:31 UTC 2024
  • Update Fri Sep 13 06:36:10 UTC 2024
• Files ≈ Packet Storm
  • Ivanti EPM Remote Code Execution
  • GeoServer Remote Code Execution
  • Mandos Encrypted File System Unattended Reboot Utility 1.8.17
  • Ubuntu Security Notice USN-7009-1
  • Ubuntu Security Notice USN-7005-2
  • Ubuntu Security Notice USN-7008-1
  • Ubuntu Security Notice USN-7007-1
  • Ubuntu Security Notice USN-7003-3
  • Webpay E-Commerce 1.0 Cross Site Scripting
  • Men Salon Management System 2.0 PHP Code Injection
  • Emergency Ambulance Hiring Portal 1.0 Insecure Settings
  • Car Washing Management System 1.0 Insecure Settings
  • Bus Pass Management System 1.0 Insecure Settings
  • BP Monitoring Management System 1.0 Insecure Settings
  • Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling
  • Auto/Taxi Stand Management System 1.0 PHP Code Injection
  • Art Gallery Management System 1.0 Insecure Settings
  • Red Hat Security Advisory 2024-6657-03
• SecWiki News
  • SecWiki News 2024-09-13 Review
• Tenable Blog
  • Cybersecurity Snapshot: Russia-backed Hackers Aim at Critical Infrastructure Orgs, as Crypto Fraud Balloons
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • 新型 Vo1d 恶意软件感染了 130 万个 Android 流媒体盒
  • 伪装“黑神话悟空修改器”传播木马的活动分析
  • 活跃的RansomHub勒索攻击组织情况分析
• 一个被知识诅咒的人
  • 深入理解Go语言的面向对象编程、Git与GitHub的使用
  • 深入解析Go语言的类型方法、接口与反射
• 安全客-有思想的安全新媒体
  • 网络安全巨头 Fortinet 披露数据泄露事件
  • 爱尔兰数据保护监管机构将调查谷歌人工智能
  • 远程代码执行漏洞：Veeam与SonicWall发布重要安全公告
  • Selenium Grid 配置不当引发加密货币挖矿与代理劫持
  • “Hadooken”恶意软件以 Oracle 的 WebLogic 服务器为目标
  • DeFi 协议 DittoETH 补丁中发现大规模折扣费漏洞
  • 新型Vo1d恶意软件感染全球197个国家的130万台安卓电视盒
  • GitLab 修补了允许未经授权执行流水线作业的关键漏洞
  • 新型安卓恶意软件 “Ajina.Banker ”利用Telegram渠道传播钓鱼页面与窃取2FA信息
  • 全国政协主席会议成员调研360集团 鼓励企业加强“卡脖子”技术攻关
• Trustwave Blog
  • Identity, Endpoints, and the Cloud Drive the Microsoft Security Product E5 Decision
• 先知安全技术社区
  • .NET 通过Fsharp执行命令绕过安全防护
  • 如何绕过Golang木马的HTTPS证书验证
  • 基于flask常见trick——unicode&进制编码绕过
  • 探秘argv[0]：程序参数中的安全隐忧
  • Hikvision综合安防管理平台isecure center文件读取深度利用
  • 2024年“羊城杯”粤港澳大湾区网络安全大赛决赛靶标Writeup
• Security Boulevard
  • CVE-2024-28986 – SolarWinds Web Help Desk Security Vulnerability – August 2024
  • USENIX Security ’23 – All Cops Are Broadcasting: TETRA Under Scrutiny
  • Fundamentals of GraphQL-specific attacks
  • New Office of the CISO Paper: Organizing Security for Digital Transformation
  • Randall Munroe’s XKCD ‘Monocaster’
  • USENIX Security ’23 – Security Analysis of MongoDB Queryable Encryption
  • CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability
  • AI in Cybersecurity: Experts Discuss Opportunities, Misconceptions and the Path Forward
  • Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid)
  • Friends don’t let friends reuse nonces
• 先知安全技术社区
  • .NET 通过Fsharp执行命令绕过安全防护
  • 如何绕过Golang木马的HTTPS证书验证
  • 基于flask常见trick——unicode&进制编码绕过
  • 探秘argv[0]：程序参数中的安全隐忧
  • Hikvision综合安防管理平台isecure center文件读取深度利用
  • 2024年“羊城杯”粤港澳大湾区网络安全大赛决赛靶标Writeup
• SpiderLabs Blog
  • Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media
• Horizon3.ai
  • CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability
• Binary Ninja
  • Binary Ninja Ultimate
• Malware-Traffic-Analysis.net - Blog Entries
  • 2024-09-12 - Approximately 11 days of server scans and probes
• SentinelOne
  • The Good, the Bad and the Ugly in Cybersecurity – Week 37
• Trail of Bits Blog
  • Friends don’t let friends reuse nonces
• blog.avast.com EN
  • Your data is under siege. How to protect your data and privacy.
• Reverse Engineering
  • A new vault of Reverse Engineering Resources
  • Looking for Reverse Engineering to help mod meta quest / vr games / apks.
  • Remote full time
• Wallarm
  • Fundamentals of GraphQL-specific attacks
• 绿盟科技技术博客
  • 绿盟威胁情报月报-2024年7月
  • 绿盟科技威胁周报（2024.08.12-2024.08.18）
  • 绿盟科技威胁周报（2024.08.05-2024.08.11）
  • 绿盟科技威胁周报（2024.07.29-2024.08.04）
  • 绿盟科技威胁周报（2024.07.22-2024.07.28）
• Dhole Moments
  • E2EE for the Fediverse Update – We’re Going Post-Quantum
• 博客园 - 渗透测试中心
  • 快速编写一款python漏洞批量检测工具 - 渗透测试中心
• FreeBuf网络安全行业门户
  • 只针对Linux，甲骨文Weblogic服务器被黑客入侵
  • FreeBuf早报 | 澳大利亚媒体炒作中国黑客；恶意软件瞄准甲骨文Weblogic服务器
  • 新型 Vo1d 恶意软件曝光，超130万台安卓电视设备已中招
• 安全牛
  • AI引领未来，深信服携手4家用户获2024 IDC年度大奖！
  • 《网络安全技术 网络身份认证公共服务应用接入规范》等4项国家标准公开征求意见；福特车载广告专利涉嫌过度采集信息引发隐私争议|牛览
  • 我国勒索攻击防护技术应用代表性厂商推荐及特点分析（2024版）
• 奇客Solidot–传递最新科技情报
  • 澳大利亚提议对打击虚假信息不力的社交媒体罚款，马斯克抨击这是法西斯
  • 2024 年 Ig 诺贝尔奖公布结果
  • 与 AI 对话有助于减少阴谋论信仰
  • 全国人大常委会通过延迟退休决定
  • 三千年前刮到日本的沙尘比现在少一半
  • 英伟达向 AI 初创公司投资逾百亿美元
  • OpenAI 发布新 AI 模型 o1
  • 十年前的现象级手游 Flappy Bird 将重新上线
  • Unity 取消受争议的根据安装量收费
  • 中国 VC 支持的初创公司数量大幅下降
  • 微软更新核心加密库加入后量子加密算法
  • AMD 宣布笔记本可变显存允许将更多内存分配给游戏
• rtl-sdr.com
  • WarDragon: Real-Time Drone Remote ID Tracking with Snifflee, TAR1090 and ATAK
  • DeepRad – Modular RTL-SDR System Now Crowdfunding on Crowd Supply
  • TechMinds: RigExpert Responds to TechMinds’ Review of the FobosSDR
• HackerNews
  • 新型 Vo1d 恶意软件曝光，超 130 万台安卓电视设备已中招
  • 摄像头攻防战：俄乌战争前线正在进行的情报对抗隐蔽战线
  • 网络安全巨头 Fortinet 发生大规模数据泄露
  • GitLab 修补允许未经授权的管道作业执行的严重缺陷
  • 代表伊朗政府行动的黑客已向伊拉克政府网络部署了恶意软件
• 360漏洞云
  • 中秋元月特设百万奖金池！增设10%额外奖金激励和豪华礼品！以洞会友，360漏洞云邀您共赏明月下的安全之美！
• 腾讯玄武实验室
  • 每日安全动态推送(9-13)
• 代码卫士
  • GitLab 提醒注意严重的管道执行漏洞
  • 黑客称窃取 440GB 文件，Fortinet 证实数据遭泄露
• 安全内参
  • 因勒索攻击泄露患者敏感数据，这家医疗巨头赔偿超4.6亿元
  • 近200亿元！知名威胁情报厂商Recorded Future卖身金融巨头
• dotNet安全矩阵
  • .NET 一款执行F#代码的免杀白名单工具
  • .NET 安全基础入门学习知识库
  • .NET攻防实战 | 一键开启Python运行环境的工具
• 腾讯安全威胁情报中心
  • 腾讯安全攻击面管理多项能力获权威报告五星评价
• 绿盟科技研究通讯
  • 《IBM2024年数据泄露成本报告解读：全球数据泄露事件平均成本仍在持续增加》
• 天御攻防实验室
  • 一起由商业竞争引发的恶意黑客入侵事件
• 奇安信威胁情报中心
  • 每周高级威胁情报解读(2024.09.06~09.12)
• 安全圈
  • 【安全圈】新型 Vo1d 恶意软件曝光，超130万台安卓电视设备已中招
  • 【安全圈】天翼云盘主域名遭微软报毒拉黑 目前Microsoft Edge会自动拦截访问
  • 【安全圈】网络安全软硬件开发商飞塔(Fortinet)泄露约440GB客户相关的数据
  • 【安全圈】Windows 11 22H2版将在下月结束支持 微软从10月8日起开始强制更新
• 慢雾科技
  • 慢雾中秋献礼
• 安全学术圈
  • 2024年数据与智能系统安全教育部重点实验室开放课题
• 字节跳动安全中心
  • ByteCTF大师赛｜全明星阵容巅峰对决！
• 青藤云安全
  • 2024网安周 | 青藤加入广东省信息安全产业生态创新联合体
• 阿里安全响应中心
  • 阿里云亮相2024国家网安周 | AI驱动的云上新质安全成亮点
• 情报分析师
  • 双重间谍：密谋与背叛的策略高手
  • 《军武专刊》——锐化您的军武视角，掌握全球防务动态
• 奇安信 CERT
  • 从近期肆虐的Hunters International团伙，一瞥全球勒索软件攻击
  • Ivanti Endpoint Manager反序列化远程代码执行漏洞(CVE-2024-29847)安全风险通告
• 火绒安全
  • 【火绒安全周报】00后为首的犯罪团伙落网/新型网络诈骗瞄准Python开发者
• 中国信息安全
  • CCS 2024 | 《关键信息基础设施网络及信息系统作业可信与安全白皮书》重磅发布，共筑安全可信的网络空间
  • CCS 2024 | 科蓝软件——底线思维扫除隐患，国产数据库捍卫金融数据安全
  • CCS 2024 | 金钻芯科技发布《高效安全管理体系白皮书》
  • 2024网安周 | 让网络安全“防火墙”愈筑愈牢、“保护网”越织越密
  • 国际 | 部分国家对网络犯罪的规制
  • 一图读懂 | 如何更好的保护你的个人信息
  • 纯干货 | 开学反诈第一课！大学生警惕成为电诈“工具人”
• 字节跳动技术团队
  • “码”上中秋，共话精彩——豆包MarsCode 放“码”过来！
• 数世咨询
  • 为什么说不断增长的AI投资增加了网络安全风险？
  • 四大板块明确AI治理，一图读懂《人工智能安全治理框架》1.0版
• Over Security - Cybersecurity news aggregator
  • Port of Seattle hit by Rhysida ransomware in August attack
  • 23andMe pledges $30 million to the 6.4 million people affected by data breach
  • TfL requires in-person password resets for 30,000 employees after hack
  • Port of Seattle refuses to pay Rhysida ransom, warns of data leak
  • Tennessee school district loses $3.4 million to a fake curriculum vendor
  • Russia’s RT news agency has ‘cyber operational capabilities,’ assists in military procurement, State Dept says
  • Stolen account info still chief risk for federal agencies, annual CISA audit finds
  • Meta to resume plans to harness UK users’ social media posts for AI model training
  • 23andMe to pay $30 million in genetics data breach settlement
  • Ivanti warns high severity CSA flaw is now exploited in attacks
  • Apple seeks dismissal of its NSO Group lawsuit, citing risk of exposing ‘vital security information’
  • Kawasaki’s European arm restores operation after cyberattack claimed by Ransomhub
  • New Linux malware Hadooken targets Oracle WebLogic servers
  • Campagna di Phishing ai danni di tNotice
  • Fortinet confirms customer data breach
  • RansomHub claims Kawasaki cyberattack, threatens to leak stolen data
  • New Android malware targets bank customers in Central Asia
  • Sintesi riepilogativa delle campagne malevole nella settimana del 7 – 13 settembre
  • Un malware Linux colpisce Weblogic Server per eseguire un cryptominer
  • Largest crypto exchange in Indonesia pledges to reimburse users after $22 million theft
  • The Dark Nexus Between Harm Groups and ‘The Com’
  • Introducing Bettercap 2.4.0: CAN-Bus Hacking, WiFi Bruteforcing and Builtin Web UI
  • ScriptBlock Smuggling
  • Come funziona l’exploit di Windows Installer che permette di ottenere i privilegi di admin
  • Stealthy Fileless Attack Targets Attendees of Upcoming US-Taiwan Defense Industry Event
  • Woo Skimmer Uses Style Tags and Image Extension to Steal Card Details
  • New Vo1d malware infects 1.3 million Android streaming boxes
• CNVD漏洞平台
  • Microsoft发布2024年9月安全更新
• ICT Security Magazine
  • CSQA: Certificazioni e Formazione per la Sicurezza e la Resilienza Aziendale
  • Cloud computing forensics: peculiarità e indicazioni metodologiche
• 山石网科安全技术研究院
  • 山石荣获国家信息安全漏洞库CNNVD多项年度大奖
• Securityinfo.it
  • Un malware Linux colpisce Weblogic Server per eseguire un cryptominer
  • Come funziona l’exploit di Windows Installer che permette di ottenere i privilegi di admin
• D3Lab
  • Campagna di Phishing ai danni di tNotice
• 极客公园
  • 国产大模型，应该避免走入加拉帕戈斯时刻
  • 一年卖出 30 亿，AI 硬件开启猿辅导的「第二曲线」
  • OpenAI 发最强新模型 o1，推理能力大幅增强；网友晒辛巴赔付收款截图；人类实现首次商业太空行走 | 极客早知道
• Il Disinformatico
  • Podcast RSI - Telegram cambia le proprie regole, terremoto di sicurezza
• contagio
  • 2024-09-12 SUPERSHELL + 2023-03-13 SHELLBOT Targeting Linux SSH servers Samples
  • 2024-09-19 X-WORM RAT (Phishing) Samples
• Hacking Exposed Computer Forensics Blog
  • AWS Cloud Trail Downloader V2!
• SANS Internet Storm Center, InfoCON: green
  • Finding Honeypot Data Clusters Using DBSCAN: Part 2, (Fri, Sep 13th)
  • ISC Stormcast For Friday, September 13th, 2024 https://isc.sans.edu/podcastdetail/9136, (Fri, Sep 13th)
• Deeplinks
  • NextNav’s Callous Land-Grab to Privatize 900 MHz
• Technical Information Security Content & Discussion
  • CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability – Horizon3.ai
  • Exploring Deserialization Attacks and Their Effects
• Deep Web
  • asking for a virtual number
• Information Security
  • Password managers
• Social Engineering
  • How to fight back against someone trying to isolate you from a group?
• Security Affairs
  • New Linux malware called Hadooken targets Oracle WebLogic servers
  • Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach
  • Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries
• Krebs on Security
  • The Dark Nexus Between Harm Groups and ‘The Com’
• The Hacker News
  • Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
  • 17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
  • Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft
  • TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud
  • Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw
  • New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency
• TorrentFreak
  • French Pirate Site Blocking Order Targets Expired and Seized Z-Library Domains
• evilsocket
  • Introducing Bettercap 2.4.0: CAN-Bus Hacking, WiFi Bruteforcing and Builtin Web UI
• Your Open Hacker Community
  • Need Advice
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • Is Diffie Hellman Merkle key exchange this simple? I thought it was more complex
  • Suggestions for cloning Mobile Device to be used in Mobile app testing?
• Schneier on Security
  • Friday Squid Blogging: Squid as a Legislative Negotiating Tactic
  • My TedXBillings Talk
• The Register - Security
  • Feeld dating app's security too open-minded as private data swings into public view
  • Cambodian senator sanctioned by US over alleged forced labor cyber-scam camps
  • Australia’s government spent the week boxing Big Tech
  • Feds pull plug on domains linked to import of Chinese gun conversion devices
  • Fortinet admits miscreant got hold of customer data in the cloud
  • 'Hadooken' Linux malware targets Oracle WebLogic servers
• Tor Project blog
  • New Alpha Release: Tor Browser 14.0a5
• 360数字安全
  • 开挂神器能让企业管理有多轻松？这才是真正的职场爽文
  • 360获任国家“大模型测试基准研究组”联合组长单位
• Security Weekly Podcast Network (Audio)
  • Li-On, Lazarus, Whatsup, Scattered Spider, Hadooken, Dead People, Aaran Leyland... - SWN #413
  • Cybersecurity has too many distractions and can the White House fix BGP? - Harish Peri, Harry Wilson, Darren Guccione - ESW #375