密盾安全机器人收集-每日安全新鲜资讯（2024-10-29）

公众号中部分链接无法跳转可点下面 “阅读原文” 查看

• SecWiki News
  • [ ] SecWiki News 2024-10-28 Review
• Recent Commits to cve:main
  • [ ] Update Mon Oct 28 22:32:31 UTC 2024
  • [ ] Update Mon Oct 28 14:36:14 UTC 2024
  • [ ] Update Mon Oct 28 06:22:46 UTC 2024
• Trustwave Blog
  • [ ] Cybersecurity Awareness Month: 7 Ways to Treat Yourself to a Safer Year
• Sploitus.com Exploits RSS Feed
  • [ ] ABB Cylon Aspect 3.08.01 getApplicationNamesJS.php Building/Project Name Exposure exploit
  • [ ] ABB Cylon Aspect 3.08.01 (getApplicationNamesJS.php) Building/Project Name Exposure exploit
  • [ ] ABB Cylon Aspect 3.08.01 (auth/) Active Debug Code Vulnerability exploit
• Files ≈ Packet Storm
  • [ ] Botan C++ Crypto Algorithms Library 3.6.1
  • [ ] Debian Security Advisory 5799-1
  • [ ] Debian Security Advisory 5798-1
  • [ ] Debian Security Advisory 5797-1
  • [ ] Debian Security Advisory 5796-1
  • [ ] ABB Cylon Aspect 3.08.01 getApplicationNamesJS.php Building/Project Name Exposure
  • [ ] Red Hat Security Advisory 2024-8235-03
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • [ ] 荣誉+1！“天擎”荣获2024中国国际数字经济博览会“优秀创新成果”奖
  • [ ] 北京·2024安博会｜国投智能精彩亮相，共筑智能安防新未来
  • [ ] 安全动态回顾|国家网络安全通报中心：重点防范境外恶意网址和恶意IP Pwn2Own黑客大赛举行，三星 Galaxy S24遭遇攻击
  • [ ] Linux 上的 Intel、AMD CPU 受到新披露的 Spectre 绕过的影响
  • [ ] 国投智能并购南京金鼎科技签约仪式在厦举行
• The DFIR Report
  • [ ] Inside the Open Directory of the “You Dun” Threat Group
• Der Flounder
  • [ ] Suppressing Apple Intelligence notifications on macOS Sequoia
  • [ ] Managing Apple Intelligence features on macOS Sequoia 15.1
  • [ ] Disabling iPhone mirroring on macOS Sequoia
• 一个被知识诅咒的人
  • [ ] 【人工智能】自然语言处理（NLP）：用Python和spaCy进行文本分析的全面指南
  • [ ] 【人工智能】使用Keras构建图像分类模型：从数据预处理到模型优化的全流程解析
• Perception Point
  • [ ] You’re Invited: Rampant Phishing Abuses Eventbrite
• 安全客-有思想的安全新媒体
  • [ ] 让中小企业『AI』上安全运营，360态势感知解决方案升级AI含量100%
  • [ ] 美国 CISA 在其已知漏洞目录中增加了思科 ASA 和 FTD 以及 RoundCube Webmail 漏洞
  • [ ] 苹果公司为研究人员开放 PCC 源代码，以找出云计算人工智能安全漏洞
  • [ ] Change Healthcare 数据泄露事件影响超过 1 亿人
  • [ ] cve-2024-10327： Okta Verify for iOS 漏洞可能允许未经授权的访问
  • [ ] 臭名昭著的黑客组织 TeamTNT 启动新的加密货币挖矿云攻击
  • [ ] 安全外联实验室公布 “Windows 降级” 新攻击方法
  • [ ] SolarSys： 新木马框架威胁巴西银行客户
  • [ ] CVE-2024-9488 (CVSS 9.8)： wpDiscuz 插件中的身份验证绕过漏洞，80,000 多个网站面临风险
  • [ ] 四名 REvil 勒索软件成员因黑客攻击和洗钱被判刑
• CCC Event Blog
  • [ ] 38C3 Turnhallen – die preisgünstige Übernachtungsalternative
• Malwarebytes
  • [ ] Europol warns about counterfeit goods and the criminals behind them
  • [ ] A week in security (October 21 – October 27)
• Inside Stormshield
  • [ ] Deuxième étoile obtenue !
• text/plain
  • [ ] Lenovo P1, Gen7
• FreeBuf网络安全行业门户
  • [ ] 如何在政企环境中主动发现入侵迹象？
  • [ ] 探索数智化转型时代的安全服务新业态与创新实践 | FCIS 2024大会议题前瞻
  • [ ] ADSpider：一款针对活动目录AD的实时安全监控工具
  • [ ] 利用Windows漏洞，攻击者能降级系统组件恢复漏洞
  • [ ] 美国超大型数据泄露事件曝光：超1亿人数据被盗
• 安全牛
  • [ ]
  • [ ]
• Blog
  • [ ] Bad Bots: 6 Common Bot Attacks and Why They Happen
• Panda | 热爱安全的理想少年
  • [ ] ByteCTF Guess Cookie 出题思路详解
  • [ ] spring 审计常见 tricks
• 腾讯玄武实验室
  • [ ]
• 锦行科技
  • [ ]
• 安全分析与研究
  • [ ]
• 威努特安全网络
  • [ ]
  • [ ]
• 信安之路
  • [ ]
• 黑奇士
  • [ ]
• 丁爸 情报分析师的工具箱
  • [ ]
  • [ ]
• 代码卫士
  • [ ]
  • [ ]
• 安全内参
  • [ ]
  • [ ]
• 微步在线研究响应中心
  • [ ]
• 奇安信 CERT
  • [ ]
  • [ ]
• 看雪学苑
  • [ ]
  • [ ]
  • [ ]
• ChaMd5安全团队
  • [ ]
• 安全学术圈
  • [ ]
• 安全研究GoSSIP
  • [ ]
• 威胁棱镜
  • [ ]
• 数世咨询
  • [ ]
  • [ ]
• dotNet安全矩阵
  • [ ]
  • [ ]
  • [ ]
• 电子物证
  • [ ]
  • [ ]
• 安全圈
  • [ ]
  • [ ]
  • [ ]
  • [ ]
• 复旦白泽战队
  • [ ]
• 情报分析师
  • [ ]
  • [ ]
• 极客公园
  • [ ]
  • [ ]
  • [ ]
• 网安国际
  • [ ]
• 阿里安全响应中心
  • [ ]
• 山石网科安全技术研究院
  • [ ]
• 安全419
  • [ ]
• 迪哥讲事
  • [ ]
• 白泽安全实验室
  • [ ]
• IT Service Management News
  • [ ] Privacy: sanzionato il backup delle e-mail dopo la cessazione del rapporto di lavoro
• Securityinfo.it
  • [ ] Nuove attività di Fog e Akira: i ransomware colpiscono i dispositivi SonicWall
  • [ ] Sophos acquisisce Secureworks per ampliare l’offerta MDR e XDR
  • [ ] CERT-AGID 5-11 ottobre: Intesa Sanpaolo e Fortinet sotto attacco
• Schneier on Security
  • [ ] Criminals Are Blowing up ATMs in Germany
• CodeWisdom
  • [ ]
• SANS Internet Storm Center, InfoCON: green
  • [ ] Apple Updates Everything, (Mon, Oct 28th)
  • [ ] Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials, (Mon, Oct 28th)
  • [ ] ISC Stormcast For Monday, October 28th, 2024 https://isc.sans.edu/podcastdetail/9198, (Mon, Oct 28th)
• Security Affairs
  • [ ] France’s second-largest telecoms provider Free suffered a cyber attack
  • [ ] A crime ring compromised Italian state databases reselling stolen info
  • [ ] Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain
  • [ ] Black Basta affiliates used Microsoft Teams in recent attacks
• The Hacker News
  • [ ] Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services
  • [ ] THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27)
  • [ ] Russian Espionage Group Targets Ukrainian Military with Malware via Telegram
  • [ ] BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers
  • [ ] Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials
  • [ ] Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes
  • [ ] Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel
• Over Security - Cybersecurity news aggregator
  • [ ] New tool bypasses Google Chrome’s new cookie encryption system
  • [ ] Texas county says 47,000 had SSNs, medical treatment info leaked during May cyberattack
  • [ ] Exchange Online adds Inbound DANE with DNSSEC for everyone
  • [ ] Wiz CEO explains why he turned down a $23 billion deal
  • [ ] Russia targets Ukrainian conscripts with Windows, Android malware
  • [ ] UK sanctions Russians over anti-Ukrainian disinformation campaigns
  • [ ] Free, France’s second largest ISP, confirms data breach after leak
  • [ ] EU president denounces Russian influence campaigns targeting Western Balkans
  • [ ] Da dove vengono questi dati rubati allo Stato - Il Post
  • [ ] U.S. Agencies Investigate China-Linked Telecom Hacks Targeting High-Profile Politicians
  • [ ] US says Chinese hackers breached multiple telecom providers
  • [ ] Sophos acquisisce Secureworks per ampliare l’offerta MDR e XDR
  • [ ] Nuove attività di Fog e Akira: i ransomware colpiscono i dispositivi SonicWall
  • [ ] Suspected Russian spies target devices of potential Ukrainian military recruits
  • [ ] New Vulnerabilities Identified in Philips Smart Lighting and Matrix Door Controller
  • [ ] ~/docs/faviconThreat-Hunting
  • [ ] Fortinet CVE-2024-21762
  • [ ] ./cve/CVE-2024-3094/xz.wtf
  • [ ] ~/docs/audit.d
  • [ ] MadLicense
  • [ ] ~/docs/ips-ids.security
  • [ ] ~/redTeam/comsvcs-lsass.dump
  • [ ] /usr/bin/touch nuovaera
  • [ ] ~/tips/fortigate_malware.feed
  • [ ] ~/news/blocklist.news
  • [ ] Redline, Meta infostealer malware operations seized by police
  • [ ] Dozens under investigation in Italy amid scandal over hacked government databases and illegal dossiers
  • [ ] Free, France’s second-largest telecoms company, confirms being hit by cyberattack
  • [ ] 'All servers' for Redline and Meta infostealers hacked by Dutch police and FBI
  • [ ] Recent Cyber Attacks Discovered by ANY.RUN: October 2024
  • [ ] Why text/plain is evil for Web Application Firewall and Input validation
  • [ ] Building Octofence WAAP Cache System & CDN: Lessons Learned and Best Practices
  • [ ] PWNPress: collect vulnerable WordPress websites over internet
  • [ ] Unleashing the Power of Data: Indexing Over 15 Million WordPress Websites with PWNPress
  • [ ] CERT-AGID 5-11 ottobre: Intesa Sanpaolo e Fortinet sotto attacco
  • [ ] Inside the Open Directory of the “You Dun” Threat Group
• Deeplinks
  • [ ] Cop Companies Want All Your Data and Other Takeaways from This Year’s IACP Conference
  • [ ] EU to Apple: “Let Users Choose Their Software”; Apple: “Nah”