[威胁情报CTI]
十大最常见攻击方式。
9月份新增43个勒索软件。
勒索软件组织RANSOMED.VC再次修改网站页面,目前有23位受害者。
一用户以600$价格出售巴西市政税务秘书处访问权限。
土耳其黑客组织Cyb3r Drag0nz发布Türkiye Scholarships学生数据。
勒索软件组织PLAY新增6名新受害者,分别是:
- Roof Management
- Security Instrument Corp
- Filtration Control Ltd
- Cinépolis Cinemas
- CHARMANT Group
- Stavanger municipality
[安全简报]
HackerOne
[LinkedIn]
管理页面存在IDOR漏洞
https://hackerone.com/reports/1538177
[Informatica]
mysupport.informatica.com存在反射XSS
https://hackerone.com/reports/39069
PacketStorm
Chrome ReduceJSLoadPropertyWithEnumeratedKey Out-Of-Bounds Access
https://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html
Chrome Dangling FixedArray Pointers / Memory Corruption
https://packetstormsecurity.com/files/174950/Chrome-Dangling-FixedArray-Pointers-Memory-Corruption.html
Chrome SKIA Integer Overflow
https://packetstormsecurity.com/files/174949/Chrome-SKIA-Integer-Overflow.html
edgetpu_pin_user_pages Race Condition
https://packetstormsecurity.com/files/174948/edgetpu_pin_user_pages-Race-Condition.html
Humansecurity
一路深入木马: BADBOX 和 PEACHPIT
https://www.humansecurity.com/hubfs/HUMAN_Report_BADBOX-and-PEACHPIT.pdf
TheRegister
韩国指责朝鲜进行网络钓鱼和船只攻击
https://www.theregister.com/2023/10/05/north_korea_phishing_attack_on_south/
SecurityWeek
索尼确认数据在最近的两次黑客攻击中被盗
https://www.securityweek.com/sony-confirms-data-stolen-in-two-recent-hacker-attacks/
Linux基金会宣布OpenPubkey开源加密协议
https://www.securityweek.com/linux-foundation-announces-openpubkey-open-source-cryptographic-protocol/
GitHub 通过扩展令牌有效性检查改进了机密扫描功能
https://www.securityweek.com/github-improves-secret-scanning-feature-with-expanded-token-validity-checks/
加拿大科技巨头黑莓宣布计划拆分其网络安全和IOT物联网业务
https://www.securityweek.com/blackberry-to-split-cybersecurity-iot-business-units/
HackRead
在线约会: 网络犯罪危险信号
https://www.hackread.com/online-dating-cybercrime-red-flags/
美国警方追回被巴基斯坦加密诈骗者窃取的3万美元
https://www.hackread.com/us-police-recover-3m-pakistani-crypto-scammers/
Major CRM的Really Simple Systems泄漏3万条客户记录
https://www.hackread.com/crm-provider-really-simple-systems-data-leak/
NPM 域名仿冒攻击通过合法软件包部署 r77 Rootkit
https://www.hackread.com/npm-typosquatting-attack-deliver-r77-rootkit/
BleepingComputer
Microsoft正式删除Windows 11 Insiders的Cortana
https://www.bleepingcomputer.com/news/microsoft/microsoft-officially-removes-cortana-for-windows-11-insiders/
NSA和CISA揭示了十大网络安全错误配置
https://www.bleepingcomputer.com/news/security/nsa-and-cisa-reveal-top-10-cybersecurity-misconfigurations/
Lyca Mobile调查网络攻击后的客户数据泄露
https://www.bleepingcomputer.com/news/security/lyca-mobile-investigates-customer-data-leak-after-cyberattack/
DataBreaches
在泄漏站点上命名的勒索软件受害者数量创纪录
https://www.databreaches.net/record-numbers-of-ransomware-victims-named-on-leak-sites/
黑客入侵社会服务和学校的WhatsApp帐户后,900名香港人的数据被曝光
https://www.databreaches.net/data-of-900-hongkongers-exposed-after-hackers-breach-whatsapp-accounts-of-social-services-and-schools/
Blackbaud以近50万美元的价格解决了各州的数据泄露调查
https://www.databreaches.net/blackbaud-settles-breach-probe-by-states-for-nearly-50m/
MOVEit 数据泄露诉讼送交马萨诸塞州联邦法院
https://www.databreaches.net/moveit-data-breach-lawsuits-sent-to-massachusetts-federal-court/
SANS
新工具: le-hex-to-ip.py
https://isc.sans.edu/diary/rss/30284
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...