issues
search
ruohong2018
/
ruohong2018.github.io
GNU General Public License v3.0
29
stars
3
forks
source link
[每日信息流] 2024-09-20
#587
Open
ruohong2018
opened
2 days ago
ruohong2018
commented
2 days ago
每日安全资讯(2024-09-20)
Security Boulevard
Tackle Cyber Resilience Act requirements with our CRA checklist
What is Network Security Automation?
Sonatype can help you navigate DORA compliance
USENIX NSDI ’24 – Flow Scheduling With Imprecise Knowledge
Countering the Codex: The Rise of LLM Platform Abuse
Training Your Team on the Security of CPS & IoT Systems
Compliance webinar series: Understanding the Cyber Resilience Act
Product Updates: Escape’s Advanced Jira Integration – Send Remediation Details to Your Developers
Randall Munroe’s XKCD ‘Every Scientific Field’
Century-Long Innovation: A Legacy of Outpacing Cyber Threats
Trustwave Blog
Industry Analysts Call Trustwave Security Colony a Vital Tool for Enhanced Cybersecurity
Files ≈ Packet Storm
Ubuntu Security Notice USN-7025-1
htmly 2.9.9 Cross Site Scripting
WordPress LMS 4.2.7 SQL Injection
Nexus Repository Manager 3 Path Traversal
Check Point Security Gateways Information Disclosure
Telerik Report Server 2024 Q1 Authentication Bypass
CVE-2024-26581 Checker
Red Hat Security Advisory 2024-6850-03
Red Hat Security Advisory 2024-6843-03
Red Hat Security Advisory 2024-6842-03
Red Hat Security Advisory 2024-6840-03
Red Hat Security Advisory 2024-6839-03
Red Hat Security Advisory 2024-6838-03
Red Hat Security Advisory 2024-6837-03
Red Hat Security Advisory 2024-6816-03
Red Hat Security Advisory 2024-6786-03
Red Hat Security Advisory 2024-6785-03
Red Hat Security Advisory 2024-6784-03
Red Hat Security Advisory 2024-6783-03
Red Hat Security Advisory 2024-6782-03
Red Hat Security Advisory 2024-6779-03
Red Hat Security Advisory 2024-6765-03
Red Hat Security Advisory 2024-6757-03
Red Hat Security Advisory 2024-6755-03
Red Hat Security Advisory 2024-6754-03
SecWiki News
SecWiki News 2024-09-19 Review
Recent Commits to cve:main
Update Thu Sep 19 22:28:25 UTC 2024
Update Thu Sep 19 14:35:12 UTC 2024
Update Thu Sep 19 06:39:30 UTC 2024
Tenable Blog
An Analyst’s Guide to Cloud-Native Vulnerability Management: Where to Start and How to Scale
Armin Ronacher's Thoughts and Writings
Accidental Spending: A Case For an Open Source Tax?
安全客-有思想的安全新媒体
Broadcom 修复了关键 VMware vCenter Server 漏洞 CVE-2024-38812
Chrome 推出一次性权限和增强的安全检查功能,以实现更安全的浏览
建筑行业会计软件Foundation遭受攻击,威胁行为者利用MSSQL漏洞进行入侵
Ethena 域名注册商被黑客入侵,Ethena Labs 警告用户远离
随着欧洲刑警组织关闭加密聊天应用程序 Ghost ,全球犯罪受到打击
Chainlink 的 Sergey Nazarov 预测资产代币化将改变 Web3
CISA 警告称Apache、Microsoft 和 Oracle 漏洞正在被积极利用
GitLab 修补了 CE 和 EE 版本中的关键 SAML 身份验证绕过漏洞
“Marko Polo”打造全球网络犯罪巨头
全球首起通信设备武器化事件!黎巴嫩BP机爆炸致数千人死伤
先知安全技术社区
针对spring二次开发的BladeX站点的渗透测试
嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
再获殊荣!梆梆安全荣获第九届“创客中国”网络安全中小企业创新创业大赛“卓越奖”
黎巴嫩寻呼机(BP机)爆炸事件研判分析
专家解读 | 框架重磅发布,加快构建我国人工智能安全治理格局
助力移动政务应用安全防御 | 梆梆安全亮相关基安全防护专家认证培训,共话安全之道
新的 Linux 恶意软件 Hadooken 针对 Oracle WebLogic 服务器
Check Point 软件技术公司在《GigaOm 安全策略即代码探测报告》中被评为领导者
先知安全技术社区
针对spring二次开发的BladeX站点的渗透测试
一个被知识诅咒的人
Go 并发模式:扩展与聚合的高效并行
Go 并发模式:管道的妙用
bunnie's blog
Turning Everyday Gadgets into Bombs is a Bad Idea
GuidePoint Security
Risky Recovery: Ransomware “Decryption” Scams Remain in 2024
Horizon3.ai
Century-Long Innovation: A Legacy of Outpacing Cyber Threats
Nicholas Warner Joins Horizon3.ai as Independent Board Director, Bringing Over Two Decades of Cybersecurity Expertise
blog.avast.com EN
The time I almost got scammed from my college email
Malwarebytes
Tor anonymity compromised by law enforcement. Is it still safe to use?
Trail of Bits Blog
Announcing the Trail of Bits and Semgrep partnership
Reverse Engineering
Setting up Lumen for IDA PRO 9
Connecting HQD Screen to Raspberry and arduino
KitPloit - PenTest & Hacking Tools
Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
daniel.haxx.se
trurl 0.16
安全牛
实力再证|海云安连续三年荣登中国网络安全产业联盟(CCIA)榜单,蝉联两届“中国网安产业成长之星”
【国家级认定】海云安获评国家级专精特新“小巨人”企业
2024国家网络安全周 | 海云安凭借AI大模型在软件开发安全领域的创新实践,跻身创新创业投资专场活动决赛圈
这次是对讲机!黎巴嫩再次发生移动通讯设备群体爆炸事件;CSTIS就防范新型勒索病毒Cicada3301发布风险提示 | 牛览
7款流行的用户行为分析(UEBA)工具及特点分析
奇客Solidot–传递最新科技情报
W玻色子质量测量结果与标准模型预测一致
CERN 准备于 11 月 30 日驱逐俄罗斯科学家但不完全切断与俄的联系
地球七成人口可能会在未来二十年经历极端气候
FBI 接管了一个中国黑客组织控制的僵尸网络
X 通过 Cloudflare 代理绕过巴西的屏蔽
Real-Time Linux 合并到内核主线
任天堂和宝可梦公司起诉《幻兽帕鲁》开发商
《魔兽世界》允许玩家独自完成故事
以色列对黎巴嫩的无差别攻击导致 至少 32 人死亡数千人受伤
FreeBuf网络安全行业门户
BP机爆炸后,对讲机也爆炸了 | 网络+供应链攻击之迷
FreeBuf早报 | 黎巴嫩再发生爆炸事件;谷歌宣布启用NIST抗量子加密最新标准
黎巴嫩再发生爆炸事件,这次是对讲机
苹果试图保护你的隐私,OpenAI可能做不到
Discord 推出端到端音频、视频加密通话功能
HackerNews
PKfail 漏洞曝光:全球近千种设备安全启动机制失效
Discord 推出端到端音频、视频加密通话功能
黎巴嫩再发生爆炸事件,这次是对讲机
俄罗斯安全公司 Doctor Web 遭黑客攻击
GitLab 发布针对严重 SAML 身份验证绕过漏洞的修复程序
朝鲜黑客利用虚假职位诱骗关键基础设施员工
安全客
全球首起通信设备武器化事件!黎巴嫩BP机爆炸致数千人死伤
黑海洋 - WIKI
法定社保退休年龄计算器
免费文档下载工具 能看见多少我能下载多少 百度文库豆丁等等:kill-doc
监控Android手机短信、来电、APP通知(短信转发器)
安全分析与研究
伪装成京东金融候选人登记表的钓鱼样本详细分析
腾讯玄武实验室
每日安全动态推送(9-19)
安全内参
供应商泄露用户信息,甲方被罚近一亿元
谷歌云被曝重大漏洞:或影响数百万台服务器
Black Hills Information Security
Enable Auditing of Changes to msDS-KeyCredentialLink
代码卫士
GitLab修复严重的 SAML 认证绕过漏洞
CISA、FBI督促消除XSS漏洞
奇安信 CERT
GitLab SAML 认证绕过漏洞(QVD-2024-40180)安全风险通告
【在野利用】Ivanti Cloud Service Appliance 命令注入漏洞(CVE-2024-8190)安全风险通告
数世咨询
SOAR永垂不朽
中国信息安全
专题·大模型安全 | 大模型安全风险评估与防御技术综述
专家解读 | 从中欧美比较的角度理解我国《人工智能安全治理框架》的特点
专家观点 | 为什么要加装抗量子攻击护盾?
前沿 | 数字经济法治保障机制的挑战与应对
观点 | 辩证看待数据共享与隐私保护
评论 | 使用AI技术当守住法律边界
安全圈
【安全圈】黎巴嫩再发生爆炸事件,这次是对讲机
【安全圈】随着欧洲刑警组织关闭加密聊天应用程序 Ghost ,全球犯罪受到打击
【安全圈】建筑行业会计软件Foundation遭受攻击,威胁行为者利用MSSQL漏洞进行入侵
青藤云安全
第一!青藤在《云原生安全能力指南》报告中取得双维度第一
丁爸 情报分析师的工具箱
【情报资料】猜猜美军到中国来出差,每天差旅补助是多少?
极客公园
o1 发布后,信息量最大的圆桌对话:杨植麟、姜大昕、朱军探讨大模型技术路径
22 个月后,大模型现在在「卷」什么?
AI、社区、带货,YouTube 平台要「变天」了
云栖大会开幕,将推重磅发布;谷歌论文揭示o1模型原理;iPhone 16 首周销量下降 12.7% | 极客早知道
国家互联网应急中心CNCERT
CNVD漏洞周报2024年第37期
上周关注度较高的产品安全漏洞(20240909-20240915)
情报分析师
第二波来袭,黎巴嫩通讯设备爆炸事件升级
西方非政府组织在吉尔吉斯斯坦的操控分析
KCon 黑客大会
定义网安培训新风向,KCon有奖调研等你发声!
深信服千里目安全技术中心
【漏洞通告】VMware vCenter Server缓冲区溢出漏洞(CVE-2024-38812)
CNVD漏洞周报2024年第37期
阿里安全响应中心
活动正式开始|14家SRC邀您加入双11安全保卫战
默安科技
默安科技携手"M局" 护航边疆铁路软件供应链安全建设
TrustedSec
Console Cowboys: Navigating the Modern Terminal Frontier
Over Security - Cybersecurity news aggregator
Chipmaker Qualcomm lays off hundreds of workers in San Diego
CISA warns of actively exploited Apache HugeGraph-Server bug
Suspects behind $230 million cryptocurrency theft arrested in Miami
Federal civil rights watchdog sounds alarm over DOJ, DHS and HUD use of facial recognition technology
Microsoft Edge will flag extensions causing performance issues
HuntStand - 2,795,947 breached accounts
Unexplained ‘Noise Storms’ flood the Internet, puzzle experts
This Windows PowerShell Phish Has Scary Potential
Tor says it’s "still safe" amid reports of police deanonymizing users
Ivanti warns of another critical CSA flaw exploited in attacks
Iran backdoors planted across Middle East telecoms, government agencies, Google says
Apple’s new macOS Sequoia update is breaking some cybersecurity tools
Talk of election security is good, but we still need more money to solve the problem
Google Password Manager now automatically syncs your passkeys
FTC exposes massive surveillance of kids, teens by social media giants
17 arrested in takedown targeting phishing service with nearly 500,000 victims
UK spyware victims file criminal complaint against NSO Group
Nakasone on his new gig at Vanderbilt, deliberations at OpenAI, and nation-state threats
How to reduce cyber risk during employee onboarding
Germany seizes 47 crypto exchanges used by ransomware gangs
Police dismantles phone unlocking ring linked to 483,000 victims
Leverage Flashpoint Known Exploited Vulnerabilities (FP KEV) for Vulnerability Triage
Cyberspace Solarium’s successor points to 10 things Washington can do for US digital security
US agencies say Iran offered hacked Trump docs to Democrats but was ignored
'Iran vs. Trump, and Russia vs. Harris': Congress presses Silicon Valley giants on disinformation
FTC: Social media and video streaming companies violate user privacy on 'vast' scale
Hackers deliver popular crypto-miner through malicious email auto replies, researchers say
Mysterious "LOVE" packet storms flood the internet since 2020
Applying Security Engineering to Make Phishing Harder - A Case Study
Clever 'GitHub Scanner' campaign abusing repos to push malware
What is Spearphishing: Definition, Techniques, Real-world Example
Getting Ready for PSR in the UK: Why Fraud Fusion Experts Should Care
Il costo di un cyberattacco va oltre le perdite finanziarie dirette
WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution
CISA Adds Progress WhatsUp Gold and MSHTML Vulnerabilities to Known Exploited Vulnerabilities Catalog
Top ICS Vulnerabilities This Week: Critical Bugs in Rockwell Automation, Siemens, and Viessmann
安全牛
7款流行的用户行为分析(UEBA)工具及特点分析
这次是对讲机!黎巴嫩再次发生移动通讯设备群体爆炸事件;CSTIS就防范新型勒索病毒Cicada3301发布风险提示 | 牛览
Qualys Security Blog
Black Basta Ransomware: What You Need to Know
dotNet安全矩阵
.NET 一款执行命令回显的微软白名单工具
.NET 内网攻防实战电子报刊
36套.NET系统漏洞威胁情报(09.19更新)
SANS Internet Storm Center, InfoCON: green
Fake GitHub Site Targeting Developers, (Thu, Sep 19th)
ISC Stormcast For Thursday, September 19th, 2024 https://isc.sans.edu/podcastdetail/9144, (Thu, Sep 19th)
Time-to-Live Analysis of DShield Data with Vega-Lite, (Wed, Sep 18th)
Schneier on Security
FBI Shuts Down Chinese Botnet
ICT Security Magazine
Aumento dei Data Breach Globali: 7 attacchi su 10 in EMEA hanno rubato i tuoi dati. Attenzione anche alle minacce interne!
Operazione Flax Typhoon: L’FBI neutralizza una sofisticata botnet cinese in un’epica battaglia cibernetica
Zero Trust e Smart Industry: mettere in sicurezza Cloud, OT, IIoT, e ambienti M2M attraverso strategie avanzate di Sicurezza Informatica con l’aiuto dell’Intelligenza Artificiale
Il Disinformatico
Due piccole novità
Security Current
CISO Spotlight: Oded Blatman, Fireblocks CIO & CISO
信息安全国家工程研究中心
处罚案例 | 不履行网络安全保护义务是违法行为!多家单位被通报!
contagio
2024-08-18 RAPTOR TRAIN NOSEDIVE - Mirai-type IoT Botnet Samples
Have I Been Pwned latest breaches
HuntStand - 2,795,947 breached accounts
Securityinfo.it
Il costo di un cyberattacco va oltre le perdite finanziarie dirette
Full Disclosure
Stored XSS in "Edit Profile" - htmlyv2.9.9
Stored XSS in "Menu Editor" - htmlyv2.9.9
Backdoor.Win32.BlackAngel.13 / Unauthenticated Remote Command Execution
Backdoor.Win32.CCInvader.10 / Authentication Bypass
Backdoor.Win32.Delf.yj / Information Disclosure
Instapaper: Unread
14 dead as Hezbollah walkie-talkies explode in second, deadlier attack
10 Ways to Detect Deepfakes Created by Text-to-image Services and GANs
Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military
SambaSpy, il malware che colpisce solo gli utenti italiani
Krebs on Security
This Windows PowerShell Phish Has Scary Potential
Security Affairs
Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw
International law enforcement operation dismantled criminal communication platform Ghost
U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog
SIEM for Small and Medium-Sized Enterprises: What you need to know
Antivirus firm Dr.Web disconnected all servers following a cyberattack
Palo Alto Networks Blog
The Hidden AI Risk Lurking In Your Business
Trend Micro Research, News and Perspectives
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC
Identifying Rogue AI
KitPloit - PenTest Tools!
Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
Computer Forensics
Looking for career advice for getting into digital forensics
eDiscovery Premium update
Information Security
Open source maintainers underpaid, swamped by security, going gray
Technical Information Security Content & Discussion
New free, open, online, practical security class from Czech Technical University.
An Elliptic Curve-based Secure Chat, written using Rust and Protobuf
Exploiting Android Client WebViews with Help from HSTS
SAP Hash Cracking Techniques
Seezo SDR – Automated security design reviews
Applying security engineering to make phishing harder
Stowaway -- Multi-hop Proxy Tool for pentesters
Blackhat Library: Hacking techniques and research
Opsec while Hacking
Intel
Your Open Hacker Community
Trouble with Hashcat and Kali Linux
diploma thesis - which password cracker tools?
Help Needed to Bypass Orange Social Media Pack Restrictions
netsecstudents: Subreddit for students studying Network Security and its related subjects
EAP-TLS: Breaking Into Secure TLS Deployments
Deeplinks
Prison Banned Books Week: Being in Jail Shouldn’t Mean Having Nothing to Read
Square Peg, Meet Round Hole: Previously Classified TikTok Briefing Shows Error of Ban
Strong End-to-End Encryption Comes to Discord Calls
Canada’s Leaders Must Reject Overbroad Age Verification Bill
TorrentFreak
Pirate Video Hosting Domain of Fmovies ‘Mothership’ Makes Surprise Comeback
Magis TV IPTV Crackdown Blocks 70 Domains, Hundreds Already Wiped Out
The Hacker News
Wherever There's Ransomware, There's Service Account Compromise. Are You Protected?
Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms
New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails
New TeamTNT Cryptojacking Campaign Targets CentOS Servers with Rootkit
Healthcare's Diagnosis is Critical: The Cure is Cybersecurity Hygiene
Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector
GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions
The Register - Security
Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims
No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom
Iran's cyber-goons emailed stolen Trump info to Team Biden – which ignored them
1 in 10 orgs dumping their security vendors after CrowdStrike outage
Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations
UK activists targeted with Pegasus spyware ask police to charge NSO Group
Tor insists its network is safe after German cops convict CSAM dark-web admin
360数字安全
独家!揭秘黎巴嫩传呼机、对讲机两轮爆炸背后的“供应链战争”
首批!360安全大模型获中国信通院基础网络安全能力评估认证
Security Weekly Podcast Network (Audio)
Exploding Pagers - Tod Beardsley - PSW #843
每日安全资讯(2024-09-20)