issues
search
ruohong2018
/
ruohong2018.github.io
GNU General Public License v3.0
33
stars
3
forks
source link
[每日信息流] 2024-09-14
#581
Open
ruohong2018
opened
2 months ago
ruohong2018
commented
2 months ago
每日安全资讯(2024-09-14)
Recent Commits to cve:main
Update Fri Sep 13 22:27:51 UTC 2024
Update Fri Sep 13 14:25:31 UTC 2024
Update Fri Sep 13 06:36:10 UTC 2024
Files ≈ Packet Storm
Ivanti EPM Remote Code Execution
GeoServer Remote Code Execution
Mandos Encrypted File System Unattended Reboot Utility 1.8.17
Ubuntu Security Notice USN-7009-1
Ubuntu Security Notice USN-7005-2
Ubuntu Security Notice USN-7008-1
Ubuntu Security Notice USN-7007-1
Ubuntu Security Notice USN-7003-3
Webpay E-Commerce 1.0 Cross Site Scripting
Men Salon Management System 2.0 PHP Code Injection
Emergency Ambulance Hiring Portal 1.0 Insecure Settings
Car Washing Management System 1.0 Insecure Settings
Bus Pass Management System 1.0 Insecure Settings
BP Monitoring Management System 1.0 Insecure Settings
Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling
Auto/Taxi Stand Management System 1.0 PHP Code Injection
Art Gallery Management System 1.0 Insecure Settings
Red Hat Security Advisory 2024-6657-03
SecWiki News
SecWiki News 2024-09-13 Review
Tenable Blog
Cybersecurity Snapshot: Russia-backed Hackers Aim at Critical Infrastructure Orgs, as Crypto Fraud Balloons
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
新型 Vo1d 恶意软件感染了 130 万个 Android 流媒体盒
伪装“黑神话悟空修改器”传播木马的活动分析
活跃的RansomHub勒索攻击组织情况分析
一个被知识诅咒的人
深入理解Go语言的面向对象编程、Git与GitHub的使用
深入解析Go语言的类型方法、接口与反射
安全客-有思想的安全新媒体
网络安全巨头 Fortinet 披露数据泄露事件
爱尔兰数据保护监管机构将调查谷歌人工智能
远程代码执行漏洞:Veeam与SonicWall发布重要安全公告
Selenium Grid 配置不当引发加密货币挖矿与代理劫持
“Hadooken”恶意软件以 Oracle 的 WebLogic 服务器为目标
DeFi 协议 DittoETH 补丁中发现大规模折扣费漏洞
新型Vo1d恶意软件感染全球197个国家的130万台安卓电视盒
GitLab 修补了允许未经授权执行流水线作业的关键漏洞
新型安卓恶意软件 “Ajina.Banker ”利用Telegram渠道传播钓鱼页面与窃取2FA信息
全国政协主席会议成员调研360集团 鼓励企业加强“卡脖子”技术攻关
Trustwave Blog
Identity, Endpoints, and the Cloud Drive the Microsoft Security Product E5 Decision
先知安全技术社区
.NET 通过Fsharp执行命令绕过安全防护
如何绕过Golang木马的HTTPS证书验证
基于flask常见trick——unicode&进制编码绕过
探秘argv[0]:程序参数中的安全隐忧
Hikvision综合安防管理平台isecure center文件读取深度利用
2024年“羊城杯”粤港澳大湾区网络安全大赛决赛靶标Writeup
Security Boulevard
CVE-2024-28986 – SolarWinds Web Help Desk Security Vulnerability – August 2024
USENIX Security ’23 – All Cops Are Broadcasting: TETRA Under Scrutiny
Fundamentals of GraphQL-specific attacks
New Office of the CISO Paper: Organizing Security for Digital Transformation
Randall Munroe’s XKCD ‘Monocaster’
USENIX Security ’23 – Security Analysis of MongoDB Queryable Encryption
CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability
AI in Cybersecurity: Experts Discuss Opportunities, Misconceptions and the Path Forward
Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid)
Friends don’t let friends reuse nonces
先知安全技术社区
.NET 通过Fsharp执行命令绕过安全防护
如何绕过Golang木马的HTTPS证书验证
基于flask常见trick——unicode&进制编码绕过
探秘argv[0]:程序参数中的安全隐忧
Hikvision综合安防管理平台isecure center文件读取深度利用
2024年“羊城杯”粤港澳大湾区网络安全大赛决赛靶标Writeup
SpiderLabs Blog
Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media
Horizon3.ai
CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability
Binary Ninja
Binary Ninja Ultimate
Malware-Traffic-Analysis.net - Blog Entries
2024-09-12 - Approximately 11 days of server scans and probes
SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 37
Trail of Bits Blog
Friends don’t let friends reuse nonces
blog.avast.com EN
Your data is under siege. How to protect your data and privacy.
Reverse Engineering
A new vault of Reverse Engineering Resources
Looking for Reverse Engineering to help mod meta quest / vr games / apks.
Remote full time
Wallarm
Fundamentals of GraphQL-specific attacks
绿盟科技技术博客
绿盟威胁情报月报-2024年7月
绿盟科技威胁周报(2024.08.12-2024.08.18)
绿盟科技威胁周报(2024.08.05-2024.08.11)
绿盟科技威胁周报(2024.07.29-2024.08.04)
绿盟科技威胁周报(2024.07.22-2024.07.28)
Dhole Moments
E2EE for the Fediverse Update – We’re Going Post-Quantum
博客园 - 渗透测试中心
快速编写一款python漏洞批量检测工具 - 渗透测试中心
FreeBuf网络安全行业门户
只针对Linux,甲骨文Weblogic服务器被黑客入侵
FreeBuf早报 | 澳大利亚媒体炒作中国黑客;恶意软件瞄准甲骨文Weblogic服务器
新型 Vo1d 恶意软件曝光,超130万台安卓电视设备已中招
安全牛
AI引领未来,深信服携手4家用户获2024 IDC年度大奖!
《网络安全技术 网络身份认证公共服务应用接入规范》等4项国家标准公开征求意见;福特车载广告专利涉嫌过度采集信息引发隐私争议|牛览
我国勒索攻击防护技术应用代表性厂商推荐及特点分析(2024版)
奇客Solidot–传递最新科技情报
澳大利亚提议对打击虚假信息不力的社交媒体罚款,马斯克抨击这是法西斯
2024 年 Ig 诺贝尔奖公布结果
与 AI 对话有助于减少阴谋论信仰
全国人大常委会通过延迟退休决定
三千年前刮到日本的沙尘比现在少一半
英伟达向 AI 初创公司投资逾百亿美元
OpenAI 发布新 AI 模型 o1
十年前的现象级手游 Flappy Bird 将重新上线
Unity 取消受争议的根据安装量收费
中国 VC 支持的初创公司数量大幅下降
微软更新核心加密库加入后量子加密算法
AMD 宣布笔记本可变显存允许将更多内存分配给游戏
rtl-sdr.com
WarDragon: Real-Time Drone Remote ID Tracking with Snifflee, TAR1090 and ATAK
DeepRad – Modular RTL-SDR System Now Crowdfunding on Crowd Supply
TechMinds: RigExpert Responds to TechMinds’ Review of the FobosSDR
HackerNews
新型 Vo1d 恶意软件曝光,超 130 万台安卓电视设备已中招
摄像头攻防战:俄乌战争前线正在进行的情报对抗隐蔽战线
网络安全巨头 Fortinet 发生大规模数据泄露
GitLab 修补允许未经授权的管道作业执行的严重缺陷
代表伊朗政府行动的黑客已向伊拉克政府网络部署了恶意软件
360漏洞云
中秋元月特设百万奖金池!增设10%额外奖金激励和豪华礼品!以洞会友,360漏洞云邀您共赏明月下的安全之美!
腾讯玄武实验室
每日安全动态推送(9-13)
代码卫士
GitLab 提醒注意严重的管道执行漏洞
黑客称窃取 440GB 文件,Fortinet 证实数据遭泄露
安全内参
因勒索攻击泄露患者敏感数据,这家医疗巨头赔偿超4.6亿元
近200亿元!知名威胁情报厂商Recorded Future卖身金融巨头
dotNet安全矩阵
.NET 一款执行F#代码的免杀白名单工具
.NET 安全基础入门学习知识库
.NET攻防实战 | 一键开启Python运行环境的工具
腾讯安全威胁情报中心
腾讯安全攻击面管理多项能力获权威报告五星评价
绿盟科技研究通讯
《IBM2024年数据泄露成本报告解读:全球数据泄露事件平均成本仍在持续增加》
天御攻防实验室
一起由商业竞争引发的恶意黑客入侵事件
奇安信威胁情报中心
每周高级威胁情报解读(2024.09.06~09.12)
安全圈
【安全圈】新型 Vo1d 恶意软件曝光,超130万台安卓电视设备已中招
【安全圈】天翼云盘主域名遭微软报毒拉黑 目前Microsoft Edge会自动拦截访问
【安全圈】网络安全软硬件开发商飞塔(Fortinet)泄露约440GB客户相关的数据
【安全圈】Windows 11 22H2版将在下月结束支持 微软从10月8日起开始强制更新
慢雾科技
慢雾中秋献礼
安全学术圈
2024年数据与智能系统安全教育部重点实验室开放课题
字节跳动安全中心
ByteCTF大师赛|全明星阵容巅峰对决!
青藤云安全
2024网安周 | 青藤加入广东省信息安全产业生态创新联合体
阿里安全响应中心
阿里云亮相2024国家网安周 | AI驱动的云上新质安全成亮点
情报分析师
双重间谍:密谋与背叛的策略高手
《军武专刊》——锐化您的军武视角,掌握全球防务动态
奇安信 CERT
从近期肆虐的Hunters International团伙,一瞥全球勒索软件攻击
Ivanti Endpoint Manager反序列化远程代码执行漏洞(CVE-2024-29847)安全风险通告
火绒安全
【火绒安全周报】00后为首的犯罪团伙落网/新型网络诈骗瞄准Python开发者
中国信息安全
CCS 2024 | 《关键信息基础设施网络及信息系统作业可信与安全白皮书》重磅发布,共筑安全可信的网络空间
CCS 2024 | 科蓝软件——底线思维扫除隐患,国产数据库捍卫金融数据安全
CCS 2024 | 金钻芯科技发布《高效安全管理体系白皮书》
2024网安周 | 让网络安全“防火墙”愈筑愈牢、“保护网”越织越密
国际 | 部分国家对网络犯罪的规制
一图读懂 | 如何更好的保护你的个人信息
纯干货 | 开学反诈第一课!大学生警惕成为电诈“工具人”
字节跳动技术团队
“码”上中秋,共话精彩——豆包MarsCode 放“码”过来!
数世咨询
为什么说不断增长的AI投资增加了网络安全风险?
四大板块明确AI治理,一图读懂《人工智能安全治理框架》1.0版
Over Security - Cybersecurity news aggregator
Port of Seattle hit by Rhysida ransomware in August attack
23andMe pledges $30 million to the 6.4 million people affected by data breach
TfL requires in-person password resets for 30,000 employees after hack
Port of Seattle refuses to pay Rhysida ransom, warns of data leak
Tennessee school district loses $3.4 million to a fake curriculum vendor
Russia’s RT news agency has ‘cyber operational capabilities,’ assists in military procurement, State Dept says
Stolen account info still chief risk for federal agencies, annual CISA audit finds
Meta to resume plans to harness UK users’ social media posts for AI model training
23andMe to pay $30 million in genetics data breach settlement
Ivanti warns high severity CSA flaw is now exploited in attacks
Apple seeks dismissal of its NSO Group lawsuit, citing risk of exposing ‘vital security information’
Kawasaki’s European arm restores operation after cyberattack claimed by Ransomhub
New Linux malware Hadooken targets Oracle WebLogic servers
Campagna di Phishing ai danni di tNotice
Fortinet confirms customer data breach
RansomHub claims Kawasaki cyberattack, threatens to leak stolen data
New Android malware targets bank customers in Central Asia
Sintesi riepilogativa delle campagne malevole nella settimana del 7 – 13 settembre
Un malware Linux colpisce Weblogic Server per eseguire un cryptominer
Largest crypto exchange in Indonesia pledges to reimburse users after $22 million theft
The Dark Nexus Between Harm Groups and ‘The Com’
Introducing Bettercap 2.4.0: CAN-Bus Hacking, WiFi Bruteforcing and Builtin Web UI
ScriptBlock Smuggling
Come funziona l’exploit di Windows Installer che permette di ottenere i privilegi di admin
Stealthy Fileless Attack Targets Attendees of Upcoming US-Taiwan Defense Industry Event
Woo Skimmer Uses Style Tags and Image Extension to Steal Card Details
New Vo1d malware infects 1.3 million Android streaming boxes
CNVD漏洞平台
Microsoft发布2024年9月安全更新
ICT Security Magazine
CSQA: Certificazioni e Formazione per la Sicurezza e la Resilienza Aziendale
Cloud computing forensics: peculiarità e indicazioni metodologiche
山石网科安全技术研究院
山石荣获国家信息安全漏洞库CNNVD多项年度大奖
Securityinfo.it
Un malware Linux colpisce Weblogic Server per eseguire un cryptominer
Come funziona l’exploit di Windows Installer che permette di ottenere i privilegi di admin
D3Lab
Campagna di Phishing ai danni di tNotice
极客公园
国产大模型,应该避免走入加拉帕戈斯时刻
一年卖出 30 亿,AI 硬件开启猿辅导的「第二曲线」
OpenAI 发最强新模型 o1,推理能力大幅增强;网友晒辛巴赔付收款截图;人类实现首次商业太空行走 | 极客早知道
Il Disinformatico
Podcast RSI - Telegram cambia le proprie regole, terremoto di sicurezza
contagio
2024-09-12 SUPERSHELL + 2023-03-13 SHELLBOT Targeting Linux SSH servers Samples
2024-09-19 X-WORM RAT (Phishing) Samples
Hacking Exposed Computer Forensics Blog
AWS Cloud Trail Downloader V2!
SANS Internet Storm Center, InfoCON: green
Finding Honeypot Data Clusters Using DBSCAN: Part 2, (Fri, Sep 13th)
ISC Stormcast For Friday, September 13th, 2024 https://isc.sans.edu/podcastdetail/9136, (Fri, Sep 13th)
Deeplinks
NextNav’s Callous Land-Grab to Privatize 900 MHz
Technical Information Security Content & Discussion
CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability – Horizon3.ai
Exploring Deserialization Attacks and Their Effects
Deep Web
asking for a virtual number
Information Security
Password managers
Social Engineering
How to fight back against someone trying to isolate you from a group?
Security Affairs
New Linux malware called Hadooken targets Oracle WebLogic servers
Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach
Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries
Krebs on Security
The Dark Nexus Between Harm Groups and ‘The Com’
The Hacker News
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft
TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud
Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw
New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency
TorrentFreak
French Pirate Site Blocking Order Targets Expired and Seized Z-Library Domains
evilsocket
Introducing Bettercap 2.4.0: CAN-Bus Hacking, WiFi Bruteforcing and Builtin Web UI
Your Open Hacker Community
Need Advice
netsecstudents: Subreddit for students studying Network Security and its related subjects
Is Diffie Hellman Merkle key exchange this simple? I thought it was more complex
Suggestions for cloning Mobile Device to be used in Mobile app testing?
Schneier on Security
Friday Squid Blogging: Squid as a Legislative Negotiating Tactic
My TedXBillings Talk
The Register - Security
Feeld dating app's security too open-minded as private data swings into public view
Cambodian senator sanctioned by US over alleged forced labor cyber-scam camps
Australia’s government spent the week boxing Big Tech
Feds pull plug on domains linked to import of Chinese gun conversion devices
Fortinet admits miscreant got hold of customer data in the cloud
'Hadooken' Linux malware targets Oracle WebLogic servers
Tor Project blog
New Alpha Release: Tor Browser 14.0a5
360数字安全
开挂神器能让企业管理有多轻松?这才是真正的职场爽文
360获任国家“大模型测试基准研究组”联合组长单位
Security Weekly Podcast Network (Audio)
Li-On, Lazarus, Whatsup, Scattered Spider, Hadooken, Dead People, Aaran Leyland... - SWN #413
Cybersecurity has too many distractions and can the White House fix BGP? - Harish Peri, Harry Wilson, Darren Guccione - ESW #375
每日安全资讯(2024-09-14)