issues
search
ruohong2018
/
ruohong2018.github.io
GNU General Public License v3.0
29
stars
3
forks
source link
[每日信息流] 2024-09-19
#586
Open
ruohong2018
opened
3 days ago
ruohong2018
commented
3 days ago
每日安全资讯(2024-09-19)
Security Boulevard
AT&T to Pay $13 Million to Settle FCC Case of 2023 Data Breach
FBI Disrupts Another Massive Chinese-Linked Botnet
USENIX NSDI ’24 – Making Kernel Bypass Practical for the Cloud with Junction
Betting, Gambling, and Sports Betting Sites: The Costs of ATO
Pulumi Adds Cloud Security Intelligence Tool to Portfolio
Daniel Stori’s Turnoff.US: ‘Chat GPT Code Smell’
E2EE is MIA in iPhone/Android Chat — GSMA Gonna Fix it
Honeytokens [Security Zines]
New CJIS Security Policy Changes the Game for MFA for Criminal Justice Organizations
USENIX NSDI ’24 – LoLKV: The Logless, Linearizable, RDMA-Based Key-Value Storage System
CXSECURITY Database RSS Feed - CXSecurity.com
Microsoft Windows TOCTOU Local Privilege Escalation
OVAS - PHP (by: oretnom23 ) v1.0 Multiple-SQLi
Microsoft SQL Server Masked Data Exposure
Cab Management System-1.0 Multiple-SQLi
Backdoor.Win32.CCInvader.10 / Authentication Bypass
Backdoor.Win32.BlackAngel.13 / Unauthenticated Remote Command Execution
Backdoor.Win32.Delf.yj / Information Disclosure
SecWiki News
SecWiki News 2024-09-18 Review
安全客-有思想的安全新媒体
Binance 警告针对加密货币用户的 Clipper 恶意软件攻击不断增加
配置错误的 ServiceNow 知识库会暴露机密信息
美国 CISA 将 Microsoft Windows MSHTML Platform 和 Progress WhatsUp Gold 漏洞添加到其已知已利用漏洞目录中
如何调查 Google Workspace 中的 ChatGPT 活动
谷歌云文档AI漏洞即使在支付了漏洞赏金后仍允许数据盗窃
Google Chrome 改用 ML-KEM 进行后量子密码学防御
macOS 日历中的零点击 RCE 漏洞暴露了 iCloud 数据
PayPal 和 Venmo 的 ENS 集成可能会促进主流加密货币的采用
揭秘一种针对 WooCommerce 商店的新型复杂信用卡窃取技术
360:让安全运营“自动驾驶”照进现实
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
2024网安周 | 梆梆安全党支部让网络安全宣传“零距离”
2024网安周 | 梆梆安全多元视角解读移动应用安全新路径
再获认可!梆梆安全入选GoUpSec《邮件安全产品及服务购买决策参考》
2024 年 8 月头号恶意软件:RansomHub 霸榜,Meow 勒索软件肆虐
安全动态回顾|《人工智能安全治理框架》发布 网络安全巨头Fortinet证实遭遇数据泄露
Trustwave Blog
The First Step in Creating an Offensive Security Program: Managed Vulnerability Scanning
Recent Commits to cve:main
Update Wed Sep 18 22:29:02 UTC 2024
Update Wed Sep 18 14:29:37 UTC 2024
Update Wed Sep 18 06:27:37 UTC 2024
Files ≈ Packet Storm
Ubuntu Security Notice USN-6885-3
Ubuntu Security Notice USN-7021-1
Ubuntu Security Notice USN-7020-1
Online Traffic Offense 1.0 CSRF / Arbitrary File Upload
Ubuntu Security Notice USN-7019-1
Debian Security Advisory 5772-1
Backdoor.Win32.CCInvader.10 MVID-2024-0694 Authentication Bypass
Backdoor.Win32.BlackAngel.13 MVID-2024-0695 Code Execution
Backdoor.Win32.Delf.yj MVID-2024-0693 Information Disclosure
Ubuntu Security Notice USN-7018-1
Debian Security Advisory 5771-1
Debian Security Advisory 5770-1
Ubuntu Security Notice USN-7000-2
Online Exam System 1.0 Insecure Settings
Online Bus Ticket Booking Website 1.0 SQL Injection
Nipah Virus Testing Management System 1.0 SQL Injection
Ubuntu Security Notice USN-7017-1
Ubuntu Security Notice USN-7016-1
Membership Management System 1.1 SQL Injection
HYSCALE System 1.9 Add Administrator / Cross Site Request Forgery
Furniture Master 2 SQL Injection
Food Ordering And Table Reservation System For Restaurants 1.0 Insecure Settings
Beauty Parlour And Saloon Management System 1.1 Insecure Settings
obaby@mars
月上柳梢头 举杯邀明月
一个被知识诅咒的人
深入理解Go并发编程:避免Goroutine泄漏与错误处理
深入理解Go语言中的并发封闭与for-select循环模式
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Spamvertized Github Powershell Malicious Software Executing Campaign Spotted in the Wild
An OSINT Profile of U.S Secret Service's Most Wanted Cybercriminal Danil Potekhin
Dynamic DNS Service Providers for APT Command and Control (C&C) - An Analysis
SentinelOne
LABScon 2024 | Security Research in Real Time – Talks Not to Miss
daniel.haxx.se
curl 8.10.1
Hex Rays
Unveiling IDA Pro 9.0: The New RISC-V Decompiler and Enhanced Disassembler Extensions
KitPloit - PenTest & Hacking Tools
Imperius - Make An Linux Kernel Rootkit Visible Again
Dhole Moments
The Continued Trajectory of Idiocy in the Tech Industry
FreeBuf网络安全行业门户
对BP机发起网络攻击,竟可以制造全国性大爆炸?
FreeBuf早报 | Temu否认黑客窃取8700万用户数据;黎多地发生寻呼机爆炸事件
VMware vCenter Server 漏洞让攻击者能够执行远程代码
安全牛
史无前例!黎巴嫩突发寻呼机大规模群体爆炸,已致数千人伤亡;拼多多旗下跨境电商平台Temu回应8700万条数据泄露:系谣言| 牛览
活动预告 | 网络空间地理学的理论、技术与实战论坛即将举办
奇客Solidot–传递最新科技情报
Google 将开始在搜索结果中标记 AI 生成图像
台积电美国工厂开始制造苹果移动芯片
Linus Torvalds 谈内核维护者年纪渐长和未来的项目负责人
到 2050 年抗生素耐药性可能导致 3900 万人死亡
Mozilla 退出联邦宇宙
TCL 的量子点电视机被指不含有量子点
网信办要求标记 AI 生成内容
黎巴嫩发生一系列寻呼机爆炸事件
腾讯玄武实验室
每日安全动态推送(9-18)
雷神众测
雷神众测漏洞周报2024.09.09-2024.09.17
君哥的体历
探讨防止终端信息泄漏的主流方式以及基础架构部存在的必要性| 总第261周
安全内参
首次!黎巴嫩寻呼机遭远程攻击大规模爆炸,致使9人死亡数千人受伤
韩国与北约合作举办国际性“2024年联盟力量”网络演习
安全客
澳大利亚IT支出将在2025年激增:网络安全和人工智能成重点
微步在线研究响应中心
漏洞通告 | Ivanti Cloud Service Appliance 命令注入漏洞(CVE-2024-8190)
代码卫士
黎巴嫩BP机远程同时爆炸致数千伤亡:你需要知道的都在这里
博通修复 VMware vCenter Server 中的严重RCE漏洞
CrowdStrike 宕机后,微软拟让EDR厂商在内核模式外”运行
Google Cloud 依赖混淆漏洞影响数百万台服务器
安全学术圈
法国EURECOM | X-Ray-TLS : 通过从内存中提取会话密钥对TLS会话进行透明解密
安全研究GoSSIP
G.O.S.S.I.P 阅读推荐 2024-09-18 攻击eBPF解释流
奇安信威胁情报中心
大规模准定向攻击,针对黎巴嫩真主党的寻呼机爆炸事件
中国信息安全
全球视野 | 国际网安快讯(第28期)
专题·大模型安全 | 生成式人工智能的内容安全风险与应对策略
专家解读 | 框架重磅发布,加快构建我国人工智能安全治理格局
通知 | 网安标委发布《网络安全标准实践指南——敏感个人信息识别指南》(附全文)
关注 | 黎政府指认“以色列网络攻击”,传呼机爆炸致近3000人受伤
观点 | 提升军事数据管理与运用能力
评论 | 打击AI换脸诈骗 技术力量当有更大作为
黑哥虾撩
跟ChatGPT o1探讨黎巴嫩突发寻呼机(BP机)爆炸事件技术可行性
dotNet安全矩阵
.NET 一款新的内网对抗综合利用工具
.NET内网实战:通过FSharp白名单执行命令
SoapShell 更新 | 新增调用cmd执行系统命令
专注安管平台
SOAR的未来
信息安全国家工程研究中心
近期网安资讯动态盘点(2024-9上)
数世咨询
《数据泄露态势月度报告》(2024年9月)| 附下载地址
领信数科战略版图2.0:重塑数字安全新生态
安全牛
史无前例!黎巴嫩突发寻呼机大规模群体爆炸,已致数千人伤亡;拼多多旗下跨境电商平台Temu回应8700万条数据泄露:系谣言| 牛览
活动预告 | 网络空间地理学的理论、技术与实战论坛即将举办
极客公园
这款 AI 相机,让你「读懂」自己毛孩子的心
抖音电商:用「标准化」直面「不确定」
新 iPhone 预售不及预期,苹果市值蒸发千亿美元;国产特斯拉现 FSD 按钮;三只羊被立案调查,小杨哥掉粉两百万|极客早知道
CNVD漏洞平台
CNVD漏洞周报2024年第37期
上周关注度较高的产品安全漏洞(20240909-20240915)
安全圈
【安全圈】对BP机发起网络攻击,竟可以制造全国性大爆炸?
【安全圈】VMware vCenter Server 漏洞让攻击者能够执行远程代码
【安全圈】适用于Mac的第三方防火墙Little Snitch存在缺陷 会让macOS系统绕过DNS加密
【安全圈】微软推出更新修复Outlook等多个应用在输入文本或拼写检查时崩溃的问题
山石网科安全技术研究院
FortiGate SSLVPN 堆溢出漏洞分析与利用
XCTF联赛
SCTF 2024|青春风暴 竞燃金秋
DEF CON Announcements!
Early Video from DEF CON 32: Cory Doctorow!
奇安信 CERT
VMware vCenter Server 堆溢出漏洞(CVE-2024-38812)安全风险通告
Troy Hunt's Blog
From Dreams to Reality: The Magic of 3D Printing, with Elle Hunt
Securityinfo.it
Google Cloud è esposto ad abusi “transitivi” di accesso: la ricerca di Vectra AI
Securelist
Exotic SambaSpy is now dancing with Italian users
SANS Internet Storm Center, InfoCON: green
Python Infostealer Patching Windows Exodus App, (Wed, Sep 18th)
ISC Stormcast For Wednesday, September 18th, 2024 https://isc.sans.edu/podcastdetail/9142, (Wed, Sep 18th)
嘶吼专业版
黑客自 8 月以来频繁利用公开漏洞攻击 WhatsUp Gold
安全动态回顾|《人工智能安全治理框架》发布 网络安全巨头Fortinet证实遭遇数据泄露
Krebs on Security
Scam ‘Funeral Streaming’ Groups Thrive on Facebook
Trend Micro Research, News and Perspectives
Vulnerabilities in Cellular Packet Cores Part IV: Authentication
KitPloit - PenTest Tools!
Imperius - Make An Linux Kernel Rootkit Visible Again
Over Security - Cybersecurity news aggregator
Discord rolls out end-to-end encryption for audio, video calls
Europol takes down "Ghost" encrypted messaging platform used for crime
Lumma Stealer diffuso tramite notifica di falsa vulnerabilità di sicurezza sul proprio progetto GitHub
Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware
Top ICS Vulnerabilities This Week: Critical Bugs in Rockwell Automation, Siemens, and Viessmann
Microsoft: Vanilla Tempest hit healthcare with INC ransomware
X hacking spree fuels "$HACKED" crypto token pump-and-dump
GitLab releases fix for critical SAML authentication bypass flaw
Microsoft may have revealed Windows 11 24H2 is coming this month
U.S. government ‘took control’ of a botnet run by Chinese government hackers, says FBI director
Apple pulls iPadOS 18 update bricking M4 iPad Pro devices
Chinese botnet infects 260,000 SOHO routers, IP cameras with malware
4 Top Security Automation Use Cases: A Detailed Guide
Russian security firm Dr.Web disconnects all servers after breach
Unified Security Operations Platform
Scam ‘Funeral Streaming’ Groups Thrive on Facebook
In atto una campagna di phishing bancario a tema SPID
Sen. Mark Warner hopes ‘a little bit of name-and-shame’ will make tech execs ‘up their game’ ahead of the election
DORA for Financial Institutions: What You Need to Know
How to Collect Threat Intelligence Using Search Parameters in TI Lookup
Exotic SambaSpy is now dancing with Italian users
Problems in the Parking Lot: Threat Actors Use IRL Quishing to Target Travelers
Google Cloud è esposto ad abusi “transitivi” di accesso: la ricerca di Vectra AI
Computer Forensics
The Role of DFIR and AI in Combating Child Sexual Abuse Material.
Tor Project blog
Is Tor still safe to use?
360数字安全
全球首起通信设备武器化事件!黎巴嫩BP机爆炸致数千人死伤
Deeplinks
Human Rights Claims Against Cisco Can Move Forward (Again)
Senate Vote Tomorrow Could Give Helping Hand To Patent Trolls
Unveiling Venezuela’s Repression: A Legacy of State Surveillance and Control
The New U.S. House Version of KOSA Doesn’t Fix Its Biggest Problems
Social Engineering
The FBI Method to make anyone spill their secrets (without them knowing)
Graham Cluley
Smashing Security podcast #385: TFL security derailed, and is Trump the king of crypto?
Deep Web
Need help? Reply here
What's the difference between deep web and dark web???
How can I access the dark web?
Blackhat Library: Hacking techniques and research
Pdf books transfer from Company Laptop to personal laptop
What’s the general consensus about recent Israeli attacks? Did they weaponize the pagers or compromise the supply chain?
Technical Information Security Content & Discussion
Hertz leaks 60,000 insurance claim reports on their claims website
Vulnerabilities in Open Source C2 Frameworks
Solidity Static Analyzers: Reducing False Positives with CodeQL
Revisiting MiniFilter Abuse Techniques to Blind EDR
TorrentFreak
Germany Adds Sports Streaming Site ‘TotalSportek’ to Pirate Site Blocklist
Your Open Hacker Community
[How To] Hack POS Terminal Geo-Location (to remain static)?
Will this prepare me with prerequisites to learn WiFi hacking Udemy course?
The Register - Security
FBI boss says China 'burned down' 260,000-device botnet when confronted by Feds
Deja blues... LockBit boasts once again of ransoming IRS-authorized eFile.com
Putin really wants Trump back in the White House
Lebanon now hit with deadly walkie-talkie blasts as Israel declares ‘new phase’ of war
Chinese spies spent months inside aerospace engineering firm's network via legacy IT
Cops across the world arrest 51 in orchestrated takedown of Ghost crime platform
Despite Russia warnings, Western critical infrastructure remains unprepared
Australian Police conducted supply chain attack on criminal collaborationware
WhatsApp still working on making View Once chats actually disappear for all
ICT Security Magazine
Attacco Cyber-Fisico in Libano: Esplosione di cercapersone di Hezbollah, Israele nel mirino
Email Security e Intelligenza Artificiale
Instapaper: Unread
macOS 15 (Sequoia) What Forensic Examiners Need to Know
HackInBo® Forensic Games - Sala 2 - Polizia Scientifica - Spring 2024
Cracking OneDrive's Personal Vault
Cops lure pedophiles with AI pics of teen girl. Ethical triumph or new disaster
iOS Telegram Forensics. Part I Acquisition and Database Analysis
Introducing TRACE Toolkit for Retrieval and Analysis of Cyber Evidence
Analisi dell'attacco ad Hezbollah tramite i cercapersone
Australian Police conducted supply chain attack on criminal collaborationware
How to Jailbreak iOS 18 – Full Guide
Security Affairs
Experts warn of China-linked APT’s Raptor Train IoT Botnet
Credential Flusher, understanding the threat and how to protect your login data
U.S. Treasury issued fresh sanctions against entities linked to the Intellexa Consortium
Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812
The Hacker News
New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide
Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military
Why Pay A Pentester?
North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware
Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing
GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging
Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution
每日安全资讯(2024-09-19)