[每日信息流] 2024-09-18

[ruohong2018]

每日安全资讯（2024-09-18）

• Trustwave Blog
  • ALPHV BlackCat Ransomware: A Technical Deep Dive and Mitigation Strategies
• Recent Commits to cve:main
  • Update Tue Sep 17 22:30:34 UTC 2024
  • Update Tue Sep 17 14:35:51 UTC 2024
  • Update Tue Sep 17 06:22:35 UTC 2024
• Tenable Blog
  • Mastering Containerization: Key Strategies and Best Practices
• Security Boulevard
  • Data Detection & Response (DDR): Not the Dance Revolution It Claims
  • How to Modernize Security Operations Centers
  • Fortinet Mid-September Data Breach Advisory
  • USENIX NSDI ’24 – Fast Vector Query Processing for Large Datasets Beyond GPU Memory with Reordered Pipelining
  • Tackling the Visibility Challenges in the SOC
  • Randall Munroe’s XKCD ‘Craters’
  • Part 2: Can Just Anyone Access Your ServiceNow Articles?
  • Top 4 Application Attacks Detected and Blocked by Contrast ADR | XSS, Method Tampering, Path Traversal and JNDI Injection | Contrast Security
  • Hacking Modern Android Mobile Apps & APIs with Burp Suite
  • Part 1: Can Just Anyone Access Your ServiceNow Articles?
• Files ≈ Packet Storm
  • Microsoft Windows TOCTOU Local Privilege Escalation
  • WordPress LiteSpeed Cache Cookie Theft
  • GibbonEdu Core 26.0.00 Cross Site Scripting
  • TP-Link Archer AX50 Cross Site Scripting
  • HTMLy 2.9.9 Cross Site Scripting
  • Dockwatch Remote Command Execution
  • Ubuntu Security Notice USN-7001-2
  • Apple Security Advisory 09-16-2024-10
  • MSI Analyzer
  • Red Hat Security Advisory 2024-6726-03
  • Apple Security Advisory 09-16-2024-9
  • Ubuntu Security Notice USN-7011-2
  • Red Hat Security Advisory 2024-6723-03
  • Red Hat Security Advisory 2024-6722-03
  • Red Hat Security Advisory 2024-6721-03
  • Ubuntu Security Notice USN-7015-1
  • Ubuntu Security Notice USN-7010-1
  • Apple Security Advisory 09-16-2024-8
  • Microsoft SQL Server Masked Data Exposure
  • Ubuntu Security Notice USN-7014-1
  • Apple Security Advisory 09-16-2024-7
  • Red Hat Security Advisory 2024-6720-03
  • Red Hat Security Advisory 2024-6719-03
  • Apple Security Advisory 09-16-2024-6
  • Ubuntu Security Notice USN-7013-1
• SecWiki News
  • SecWiki News 2024-09-17 Review
• Sucuri Blog
  • 7 Steps to Remove Malware from WordPress
• 一个被知识诅咒的人
  • Go语言并发编程之select语句详解
  • Go语言并发编程之Channels详解
  • Go语言并发编程之sync包详解
• Blogs dade
  • Weekly Retro 2024-W37
• NVISO Labs
  • Emergency Accounts: Last Call!
• SpiderLabs Blog
  • Spam With A Political Twist: Fraudsters Are Exploiting The Election Season
• Sucuri Blog
  • 7 Steps to Remove Malware from WordPress
• Reverse Engineering
  • A vulnerability in LANCOM LCOS web interface (usually listening on port 443) allows a remote attacker to trigger a heap overflow in the service listening on this port.
• Malware-Traffic-Analysis.net - Blog Entries
  • 2024-09-17 - Snake KeyLogger (VIP Recovery) infection, FTP exfil
  • 2024-09-16 - Snake KeyLogger (VIP Recovery) infection, SMTP exfil
• Trail of Bits Blog
  • Inside DEF CON: Michael Brown on how AI/ML is revolutionizing cybersecurity
• SentinelOne
  • macOS Sequoia | What’s New in Privacy and Security for Enterprise?
• KitPloit - PenTest & Hacking Tools
  • BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
• Malwarebytes
  • iOS 18 is out. Here are the new privacy and security features
• FreeBuf网络安全行业门户
  • FreeBuf早报 | 115 网盘回应故障；阿里云盘Bug致用户私密照片泄露
• 奇客Solidot–传递最新科技情报
  • 诺贝尔奖得主 Gregg Semenza 撤回了多达 13 篇论文
  • PS1 模拟器 DuckStation 修改许可证不再是开源软件
• 锦行科技
  • 中秋团圆
• 全频带阻塞干扰
  • 中秋祝福 | 2024 Q4活动预告
• dotNet安全矩阵
  • .NET 一款通过白名单程序执行命令的工具
  • .NET 反序列化加载哥斯拉内存马的工具
• 安全客
  • 分享图片
• DataCon大数据安全分析竞赛
  • 最是良辰美景时，人人共此团圆夜
• 中国信息安全
  • 月满中秋 阖家团圆
• 黑奇士
  • 大快人心：三只羊被官方立案调查，小杨哥这回真的要栽了
• 极客公园
  • 苹果正式发布 iOS 18 等全系统更新；马化腾重回中国首富位置；奔驰退出，比亚迪 100% 控股腾势汽车| 极客早知道
• 安全圈
  • 【安全圈】小米摄像头里惊现陌生男子说话!小米回应来了
  • 【安全圈】115 网盘回应故障：服务器遭遇恶意网络攻击，“终止服务”系谣言
  • 【安全圈】表弟遭“表哥”诈骗 1.5 万元，宁夏一起 AI 换脸诈骗案细节曝光
  • 【安全圈】虚拟货币交易发生纠纷，买家起诉后，法院判了
• 娜璋AI安全之家
  • [转]《网络安全应急管理与技术实践》 网络安全应急技术与实践（入侵技术）
• Over Security - Cybersecurity news aggregator
  • 7 Steps to Remove Malware from WordPress
  • Temu denies breach after hacker claims theft of 87 million data records
  • Russia targets Harris campaign with wave of fake videos
  • Discord launches end-to-end encrypted voice and video chats
  • Broadcom fixes critical RCE bug in VMware vCenter Server
  • Construction firms breached in brute force attacks on accounting software
  • CISA Adds Progress WhatsUp Gold and MSHTML Vulnerabilities to Known Exploited Vulnerabilities Catalog
  • Cloudflare outage cuts off access to websites in some regions
  • AT&T to pay $13 million FCC settlement for 2023 data breach
  • Construction companies potentially vulnerable through accounting software, report says
  • AT&T pays $13 million FCC settlement over 2023 data breach
  • 5 former Trump officials on what cyber policy would look like if he wins the White House
  • CISA urges software devs to weed out XSS vulnerabilities
  • CERT India reports vulnerabilities in multiple QNAP products
  • Ransomware gangs now abuse Microsoft Azure tool for data theft
  • Instagram to bolster privacy and safety features for millions of teen users
  • Marko Polo cybercrime gang targets cryptocurrency users, influencers with scams
  • Over 1,000 ServiceNow instances found leaking corporate KB data
  • PKfail Secure Boot bypass remains a significant risk two months later
  • Three-Headed Potato Dog
  • Meta blocks RT and other Russian state media; Kremlin says it's 'unacceptable'
  • Pro-Ukraine hackers claim attack on agency that certifies digital signatures in Russia
  • September 2024 Web Server Survey
  • Vidar compare ancora in una nuova campagna malspam che sfrutta le caselle PEC
  • Port of Seattle conferma l’attacco da parte del ransomware Rhysida
  • DOJ indicts Chinese national for spear phishing campaign against NASA, FAA, Air Force
• Securityinfo.it
  • Port of Seattle conferma l’attacco da parte del ransomware Rhysida
• Schneier on Security
  • Remotely Exploding Pagers
  • Python Developers Targeted with Malware During Fake Job Interviews
• TrustedSec
  • How to Get the Most Out of a Pentest
• ICT Security Magazine
  • NinjaOne annuncia la promozione di Andre Schindler a Vicepresidente Senior delle Vendite Globali
  • Sovranità Digitale e NIS2: La Nuova Frontiera per la Sicurezza e l’Indipendenza delle Aziende Italiane
• Unsupervised Learning
  • UL NO. 450: Thoughts on o1-preview and the Path to AGI (1)
• LuxSci
  • LuxSci Expands Executive Team to Scale Enterprise Growth and Operations
• Tor Project blog
  • New Release: Tor Browser 13.5.4
• Deeplinks
  • KOSA’s Online Censorship Threatens Abortion Access
• The Register - Security
  • VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation
  • Google Cloud Document AI flaw (still) allows data theft despite bounty payout
  • Lebanon: At least nine dead, thousands hurt after Hezbollah pagers explode
  • Rhysida ransomware gang ships off Port of Seattle data for $6M
  • Secure your organization
  • Predator spyware kingpins added to US sanctions list
  • China claims Starlink signals can reveal stealth aircraft – and what that really means
  • Chinese national accused by Feds of spear-phishing for NASA, military source code
  • Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day
• TorrentFreak
  • ISPs Back Cox’s Supreme Court Petition to Counter “Extortionate” Piracy Liability Pressure
  • Fake Streams ‘Save’ Premier League Pirates, Security Tips Can Save More
• KitPloit - PenTest Tools!
  • BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
• Graham Cluley
  • The AI Fix #16: GPT-4o1, AI time travelers, and where’s my driverless car?
  • Ticketmaster boss who repeatedly hacked rival firm sentenced
• NetSPI
  • The Rapid Evolution of AI Voice Cloning and its Implications for Cybersecurity
• Blackhat Library: Hacking techniques and research
  • Cybersecurity Researcher Loses £10,000 in Infostealer Financial DDoS Attack
  • Looking for Feedback and Ideas for My Ethical Hacking Blog with Tutorials
• Your Open Hacker Community
  • My Wifi Key
• NVISO Labs
  • Emergency Accounts: Last Call!
• Technical Information Security Content & Discussion
  • Direct Memory Access Attacks - An easy way to hack into memory, bypass logon screens and ignore device encryption
  • A vulnerability in LANCOM LCOS web interface (usually listening on port 443) allows a remote attacker to trigger a heap overflow in the service listening on this port
  • Taking over Train infrastructure / Traction power substation and lighting systems in Europe
• Security Affairs
  • Remote attack on pagers used by Hezbollah caused 9 deaths and thousands of injuries
  • Chinese man charged for spear-phishing against NASA and US Government
  • U.S. CISA adds Microsoft Windows MSHTML Platform and Progress WhatsUp Gold bugs to its Known Exploited Vulnerabilities catalog
  • Taking Control Online: Ensuring Awareness of Data Usage and Consent
  • Qilin ransomware attack on Synnovis impacted over 900,000 patients
• Computer Forensics
  • How to obtain all users created on a Domain Controller?
• Instapaper: Unread
  • Quishing, come funziona la truffa del QR code. Il caso delle colonnine di ricarica
  • Say Goodbye to Stolen iPhone Parts Activation Lock Gets an Upgrade
  • What is Brute Force Attacks
  • Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure
  • Remotely Exploding Pagers
  • A first look at iOS 18 forensics
  • Triple Trouble. iOS 16, Android 14, and iOS 17 Images Now Available!
  • Apple, come funziona la nuova app Password
  • Apple’s New Passwords App May Solve Your Login Nightmares
  • US hits Intellexa spyware maker with more sanctions
• SANS Internet Storm Center, InfoCON: green
  • 23:59, Time to Exfiltrate!, (Tue, Sep 17th)
  • ISC Stormcast For Tuesday, September 17th, 2024 https://isc.sans.edu/podcastdetail/9140, (Tue, Sep 17th)
• Full Disclosure
  • SEC Consult blog :: Microsoft Windows MSI Installer - Repair to SYSTEM - A detailed journey (CVE-2024-38014) + msiscan tool release
  • Stored XSS to Account Takeover - htmlyv2.9.9
  • APPLE-SA-09-16-2024-10 macOS Ventura 13.7
  • APPLE-SA-09-16-2024-9 macOS Sonoma 14.7
  • APPLE-SA-09-16-2024-8 iOS 17.7 and iPadOS 17.7
  • APPLE-SA-09-16-2024-7 Xcode 16
  • APPLE-SA-09-16-2024-6 Safari 18
  • APPLE-SA-09-16-2024-5 visionOS 2
  • APPLE-SA-09-16-2024-4 watchOS 11
  • APPLE-SA-09-16-2024-3 tvOS 18
  • APPLE-SA-09-16-2024-2 macOS Sequoia 15
  • APPLE-SA-09-16-2024-1 iOS 18 and iPadOS 18
• Information Security
  • Need assistance with Security Control Assurance - Standard and Program.
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • Illumio Certification.
• The Hacker News
  • Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense
  • U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation
  • How to Investigate ChatGPT activity in Google Workspace
  • Meta to Train AI Models Using Public U.K. Facebook and Instagram Posts
  • Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users
  • SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks
• Security Weekly Podcast Network (Audio)
  • Bringing Secure Coding Concepts to Developers - Dustin Lehr - ASW #299
  • Back to the office, Void Banshee, ServiceNow, Taiwan, Dlink, C++, Aaran Leyland... - SWN #414
  • Solving the Cybersecurity Data Problem - Padraic O'Reilly - BSW #364