威胁情报[CTI]
-
一名论坛用户正在出售Tiên Phong (http://tienphongvietnam.vn)的数据库。声称拥有超过35万客户的数据。
-
一名论坛用户声称攻击和破坏位于巴黎的大型工业工程公司FIVES GROUP S.A.S.(fivesgroup.com)。声称窃取了53个数据库和公司的源代码。
-
NoName057(16)对加拿大多个政府网站发起DDOS攻击。
-
勒索软件组织ALPHV新增1名新受害者,分别是:
- M-extend (http://m-extend.com) 500GB
[安全简报]
-
HackerOne
[GitLab] 赏金: $100.00
信息泄露-Pvt Gitlab问题通过GitLab未经过滤的YouTube频道泄露
https://hackerone.com/reports/2097377
[TikTok] 赏金: $160.00
通过广告帐户名称存储XSS
https://hackerone.com/reports/1647248
[HackerOne]
IDOR:锁定中的授权绕过公共报告更改
https://hackerone.com/reports/2139190
[Tor] 赏金: $200
"请求英文版网页以增强隐私"会保留以前的(灰显)设置
https://hackerone.com/reports/2123957
[Revive Adserver]
Revive Adserver中存在多个跨站点脚本(XSS)漏洞
https://hackerone.com/reports/1694171
[curl]
HTTP header allocation DOS(CVE-2023-38039)
https://hackerone.com/reports/2072338
-
PacketStorm
Ivanti Sentry Authentication Bypass / Remote Code Execution
https://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html
PHP Shopping Cart 4.2 SQL Injection
https://packetstormsecurity.com/files/174641/PHP-Shopping-Cart-4.2-SQL-Injection.html
Fundraising Script 1.0 SQL Injection
https://packetstormsecurity.com/files/174640/Fundraising-Script-1.0-SQL-Injection.html
Blood Bank And Donor Management System 2.2 Cross Site Scripting
https://packetstormsecurity.com/files/174636/Blood-Bank-And-Donor-Management-System-2.2-Cross-Site-Scripting.html
Kleeja 1.5.4 Cross Site Scripting
https://packetstormsecurity.com/files/174631/Kleeja-1.5.4-Cross-Site-Scripting.html
K-LOANS 1.4.5 Insecure Settings
https://packetstormsecurity.com/files/174630/K-LOANS-1.4.5-Insecure-Settings.html
-
SecurityWeek
Airbus航空公司对黑客泄露数据事件展开调查
https://www.securityweek.com/airbus-launches-investigation-after-hacker-leaks-data/
-
BleepingComputer
Rollbar在黑客窃取访问令牌后披露数据泄露
https://www.bleepingcomputer.com/news/security/rollbar-discloses-data-breach-after-hackers-stole-access-tokens/
新的 Windows 11 功能可阻止基于NTLM的SMB攻击
https://www.bleepingcomputer.com/news/security/new-windows-11-feature-blocks-ntlm-based-attacks-over-smb/
法国要求苹果下架iPhone 12,因为射频辐射水平很高
https://www.bleepingcomputer.com/news/security/france-demands-apple-pull-iphone-12-due-to-high-rf-radiation-levels/
Microsoft Teams 宕机:消息故障、延迟导致持续中断
https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-down-ongoing-outage-behind-message-failures-delays/
黑客从CoinEx窃取了价值53万美元的加密货币
https://www.bleepingcomputer.com/news/security/hackers-steal-53-million-worth-of-cryptocurrency-from-coinex/
黑客使用新的勒索软件3AM来挽救失败的LockBit攻击
https://www.bleepingcomputer.com/news/security/hackers-use-new-3am-ransomware-to-save-failed-lockbit-attack/
-
Malwarebytes Labs
正在进行的Webex恶意广告活动将删除BatLoader
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/ongoing-webex-malvertising-drops-batloader
iPhone 15发布: Wonderlust开始带头诈骗
https://www.malwarebytes.com/blog/personal/2023/09/iphone-15-launch-wonderlust-scammers-rear-their-heads
-
TheHackerNews
警告:新的Kubernetes漏洞允许对Windows端点进行远程攻击
https://thehackernews.com/2023/09/alert-new-kubernetes-vulnerabilities.html
研究人员详细介绍了Azure HDInsight分析服务中的8个漏洞
https://thehackernews.com/2023/09/researchers-detail-8-vulnerabilities-in.html
网络研讨会:身份威胁检测与响应 (ITDR)
https://thehackernews.com/2023/09/webinar-identity-threat-detection.html
Rust编写的3AM勒索软件: 先睹为快的新恶意软件家族
https://thehackernews.com/2023/09/rust-written-3am-ransomware-sneak-peek.html
网络攻击如何改变战争
https://thehackernews.com/2023/09/how-cyberattacks-are-transforming.html
-
SecureList by Kaspersky
工业自动化系统的威胁形势-1年上半年统计数据
https://securelist.com/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2023/110605/
免费下载管理器后门-可能对Linux机器进行供应链攻击
https://securelist.com/backdoored-free-download-manager-linux-malware/110465/
-
DarkReading
铁路网络安全是一个复杂的环境
https://www.darkreading.com/edge-articles/rail-cybersecurity-is-a-complex-environment
NordVPN推出Sonar以防止网络钓鱼攻击
https://www.darkreading.com/endpoint/nordvpn-launches-sonar-to-prevent-phishing-attacks
联邦对医疗设备网络安全的要求变得严格
https://www.darkreading.com/iot/federal-mandates-on-medical-device-cybersecurity-mandate-get-serious
-
DataBreaches
凯撒娱乐公司(Caesars Entertainment Inc.)向黑客支付了数百万美元的赎金
https://www.databreaches.net/caesars-entertainment-paid-millions-to-hackers-in-attacks/
暂无评论内容