# 每日安全资讯(2023-05-07) - Zgao's blog - [ ] [实战中一处有趣的MySQL正则盲注](https://zgao.top/%e5%ae%9e%e6%88%98%e4%b8%ad%e4%b8%80%e5%a4%84%e6%9c%89%e8%b6%a3%e7%9a%84mysql%e6%ad%a3%e5%88%99%e7%9b%b2%e6%b3%a8/) - Verne in GitHub - [ ] [EV Hosting 域名注册服务](https://einverne.github.io/post/2023/05/ev-hosting-domain-registrar.html) - Sploitus.com Exploits RSS Feed - [ ] [Exploit for CVE-2023-0386 exploit](https://sploitus.com/exploit?id=666683FB-F4CF-57E5-9C10-531F72666B60&utm_source=rss&utm_medium=rss) - [ ] [Exploit for Vulnerability in Microsoft exploit](https://sploitus.com/exploit?id=1098B729-0046-5E17-9495-BD790BED072B&utm_source=rss&utm_medium=rss) - [ ] [Exploit for Injection in Git-Scm Git exploit](https://sploitus.com/exploit?id=A3AD1991-789B-5435-9D3C-91B873D4547D&utm_source=rss&utm_medium=rss) - 安全客-有思想的安全新媒体 - [ ] [法国参议院网站遭遇黑客攻击被迫关闭](https://www.anquanke.com/post/id/288588) - [ ] [美国网络司令部开始研究下一代武器平台](https://www.anquanke.com/post/id/288584) - [ ] [微软和AMD合作打造Nvidia的AI替代品](https://www.anquanke.com/post/id/288580) - [ ] [严重的西门子RTU漏洞可能允许黑客破坏电网稳定](https://www.anquanke.com/post/id/288576) - [ ] [拜登政府1.4亿的AI研究基金将专注于6个领域](https://www.anquanke.com/post/id/288572) - [ ] [《关基保护要求》实施!360以“看见”为核心构筑关基安全底座](https://www.anquanke.com/post/id/288562) - [ ] [360揭披美国CIA全球网络攻击行为,外交部:值得高度警惕](https://www.anquanke.com/post/id/288555) - Twitter @Nicolas Krassas - [ ] [Twitter says 'security incident' exposed private Circle tweets https://www.bleepingcomputer.com/news/security/twitter-says-security-incident-exposed-p...](https://twitter.com/Dinosn/status/1654953221335416833) - [ ] [RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credentials. This too...](https://twitter.com/Dinosn/status/1654878364606365697) - [ ] [HTB: Flight https://0xdf.gitlab.io/2023/05/06/htb-flight.html](https://twitter.com/Dinosn/status/1654872791903002624) - [ ] [Researcher releases PoC exploit for Parallels Desktop privilege escalation (CVE-2023-27326) flaw https://securityonline.info/researcher-releases-poc-e...](https://twitter.com/Dinosn/status/1654860599002537984) - [ ] [Cookie Bugs - Smuggling & Injection https://www.reddit.com/r/netsec/comments/139h4hd/cookie_bugs_smuggling_injection/](https://twitter.com/Dinosn/status/1654860569256644608) - [ ] [Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry https://thehackernews.com/2023/05/dragon-breath-apt-group-using-d...](https://twitter.com/Dinosn/status/1654860477825007623) - [ ] [Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security https://securityonline.info/intel-oem-private-key-leak-a-blow-to-uefi-secure-boot-secu...](https://twitter.com/Dinosn/status/1654782647581671435) - [ ] [RT James Kettle: Re @ankursundara Nice work! If a cache includes a specific cookie in the cache key, you might be able to use these techniques for web...](https://twitter.com/albinowax/status/1654767919690031106) - [ ] [New Android FluHorse malware steals your passwords, 2FA codes https://www.bleepingcomputer.com/news/security/new-android-fluhorse-malware-steals-your-...](https://twitter.com/Dinosn/status/1654709479680667649) - [ ] [A right Royal pain in the Dallas: City IT systems crippled by ransomware https://go.theregister.com/feed/www.theregister.com/2023/05/05/dallas_royal_r...](https://twitter.com/Dinosn/status/1654688920565690368) - [ ] [Dump these insecure phone adapters because we're not fixing them, says Cisco https://go.theregister.com/feed/www.theregister.com/2023/05/05/cisco_phon...](https://twitter.com/Dinosn/status/1654688845470810114) - [ ] [Apple Patches Bluetooth Flaw in AirPods, Beats https://www.darkreading.com/application-security/apple-patches-bluetooth-flaw-in-airpods-beats](https://twitter.com/Dinosn/status/1654688802521202689) - [ ] [Newspaper evades Russian censors, hides news in Counter-Strike map https://www.malwarebytes.com/blog/news/2023/05/evading-russian-media-restrictions-w...](https://twitter.com/Dinosn/status/1654688770904530944) - 先知安全技术社区 - [ ] [关于文件包含漏洞的一些知识点](https://xz.aliyun.com/t/12506) - 安全脉搏 - [ ] [SQL注入系列篇 | 报错注入](https://www.secpulse.com/archives/199935.html) - CXSECURITY Database RSS Feed - CXSecurity.com - [ ] [Oracle RMAN Missing Auditing](https://cxsecurity.com/issue/WLB-2023050017) - [ ] [wfc-pkt-router Incorrect Bind](https://cxsecurity.com/issue/WLB-2023050016) - [ ] [UliCMS 2023-1 Sniffing-Vicuna Cross Site Scripting](https://cxsecurity.com/issue/WLB-2023050015) - [ ] [Wolf CMS 0.8.3.1 Shell Upload](https://cxsecurity.com/issue/WLB-2023050014) - [ ] [Pluck CMS 4.7.18 Cross Site Scripting](https://cxsecurity.com/issue/WLB-2023050013) - [ ] [Rollout::UI Cross site scripting exploit](https://cxsecurity.com/issue/WLB-2023050012) - Security Boulevard - [ ] [USENIX Enigma 2023 – Justin Brookman – ‘What Public Interest AI Auditors Can Learn From Security Testing: Legislative And Practical Wins’](https://securityboulevard.com/2023/05/usenix-enigma-2023-justin-brookman-what-public-interest-ai-auditors-can-learn-from-security-testing-legislative-and-practical-wins/) - unSafe.sh - 不安全 - [ ] [Getimg Ai生成图像工具.29个模型](https://buaq.net/go-162073.html) - [ ] [Catbird AI文字生成图像工具.AI图像生成](https://buaq.net/go-162074.html) - [ ] [timwhitez starred ETWHash](https://buaq.net/go-162068.html) - [ ] [timwhitez starred fingerprintx](https://buaq.net/go-162069.html) - [ ] [WaniCTF 2023のWriteup](https://buaq.net/go-162076.html) - [ ] [CVE-2023-0179-PoC](https://buaq.net/go-162053.html) - [ ] [CVE-2023-0386](https://buaq.net/go-162054.html) - [ ] [性能秒杀旗舰!小米 WiFi 7 路由器 7000 开售!价格远低预期](https://buaq.net/go-162051.html) - [ ] [Fuzztruction - Prototype Of A Fuzzer That Does Not Directly Mutate Inputs (As Most Fuzzers Do) But Instead Uses A So-Called Generator Application To Produce An Input For Our Fuzzing Target](https://buaq.net/go-162052.html) - [ ] [Leveraging XFG to help with reverse engineering](https://buaq.net/go-162048.html) - [ ] [Selenium安装教程](https://buaq.net/go-162035.html) - [ ] [《塞尔达传说:王国之泪》模拟器整合版](https://buaq.net/go-162036.html) - [ ] [权威|悬镜安全正式当选北京信创工委会副理事长单位](https://buaq.net/go-162037.html) - [ ] [处理器简史|PowerPC 05:大厦将倾 力挽狂澜(上)](https://buaq.net/go-162033.html) - [ ] [Hugging Face 和 ServiceNow 发布免费代码生成模型 StarCoder](https://buaq.net/go-162038.html) - [ ] [绿盟科技威胁周报(2023.04.24-2023.04.30)](https://buaq.net/go-162009.html) - 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com - [ ] [警惕!这种危险的安卓恶意软件可以挟持你的手机](https://www.4hou.com/posts/BXNn) - [ ] [WinRAR SFX 压缩包可以在不被发现的情况下运行 PowerShell](https://www.4hou.com/posts/gDJ9) - [ ] [2022年俄乌冲突战场动态测绘年度报告](https://www.4hou.com/posts/K71z) - CTFするぞ - [ ] [WaniCTF 2023のWriteup](https://ptr-yudai.hatenablog.com/entry/2023/05/07/004235) - Recent Commits to cve:main - [ ] [Update Sat May 6 00:10:42 UTC 2023](https://github.com/trickest/cve/commit/657700f6f6038b5e89eaabe8e158e8e134a87ecc) - Malwarebytes Labs - [ ] [Microsoft vs Google spat sees users rolling back security updates to fix browser issues](https://www.malwarebytes.com/blog/news/2023/05/chrome-options-under-fire-after-controversial-windows-update) - [ ] [Google and Apple cooperate to address unwanted tracking](https://www.malwarebytes.com/blog/news/2023/05/google-and-apple-take-initiative-to-address-unwanted-tracking) - SAP Blogs - [ ] [Extending SAP Business Network for Logistics to estimate Green House Gas Emissions](https://blogs.sap.com/2023/05/06/extending-sap-business-network-for-logistics-to-estimate-green-house-gas-emissions/) - [ ] [SAP BTP Integration Suite migration: don’t do lift&shift!](https://blogs.sap.com/2023/05/06/sap-btp-integration-suite-migration-dont-do-liftshift/) - [ ] [SAP BTP – Usage Analytics for your Sub-Account 🚩](https://blogs.sap.com/2023/05/06/sap-btp-usage-analytics-for-your-sub-account/) - 安全牛 - [ ] [如何编写一份高质量的渗透测试报告?](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651123819&idx=1&sn=db0027f5334613c87904331a465c455a&chksm=bd1440b88a63c9aeadb45a5fbc89cc18868370e6c4e3a4d6b9a6c5151f06f731ede7bf47d020&scene=58&subscene=0#rd) - [ ] [《汽车整车信息安全技术要求》等四项强制性国家标准公开征求意见](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651123819&idx=2&sn=e38500a80fb0a3bd4526cf5a3b28aebb&chksm=bd1440b88a63c9ae90928213aee323c68f12f867cb62961e941df6ae7c2e6bd90155709d7f73&scene=58&subscene=0#rd) - [ ] [《信息安全技术 终端计算机通用安全技术规范》等3项国家标准公开征求意见](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651123819&idx=3&sn=d48d01d0fe6d3a8b498a2dd824cbe477&chksm=bd1440b88a63c9aeb3bb5e3660a72097726eef9ad883cc0352df5057dbbf684d7dc5eb5cd5a4&scene=58&subscene=0#rd) - Reverse Engineering - [ ] [Leveraging XFG to help with reverse engineering](https://www.reddit.com/r/ReverseEngineering/comments/139ks8n/leveraging_xfg_to_help_with_reverse_engineering/) - FreeBuf网络安全行业门户 - [ ] [FreeBuf周报 | 盘点美国八大轰动全球的监听事件;三星禁止员工使用生成式AI](https://www.freebuf.com/news/365706.html) - [ ] [意大利企业银行客户遭黑客攻击,利用drIBAN实施金融欺诈](https://www.freebuf.com/articles/365703.html) - [ ] [黑客攻击 Packagist PHP 包,“劫持”数亿软件包](https://www.freebuf.com/news/365695.html) - [ ] [新的安卓恶意软件 "FluHorse "瞄准东亚市场](https://www.freebuf.com/articles/365691.html) - [ ] [微星固件密钥遭泄露,上百款产品受影响](https://www.freebuf.com/news/365686.html) - 体验盒子 - [ ] [Mac 上的菜单中显示的那些符号表示什么?](https://www.uedbox.com/post/68832/) - 黑海洋 - WIKI - [ ] [MST提供免费AI图像生成(推荐)](https://blog.upx8.com/3517) - [ ] [流程图绘制工具Drawio v21.2.8单文件版.无限制、支持跨平台使用](https://blog.upx8.com/3516) - [ ] [Openart AI艺术和AI图像生成器1000万图像](https://blog.upx8.com/3515) - [ ] [Getimg Ai生成图像工具.29个模型](https://blog.upx8.com/3514) - [ ] [Catbird AI文字生成图像工具.AI图像生成](https://blog.upx8.com/3513) - [ ] [Selenium安装教程](https://blog.upx8.com/3512) - [ ] [《塞尔达传说:王国之泪》模拟器整合版](https://blog.upx8.com/3509) - KitPloit - PenTest & Hacking Tools - [ ] [Fuzztruction - Prototype Of A Fuzzer That Does Not Directly Mutate Inputs (As Most Fuzzers Do) But Instead Uses A So-Called Generator Application To Produce An Input For Our Fuzzing Target](http://www.kitploit.com/2023/05/fuzztruction-prototype-of-fuzzer-that.html) - 看雪学苑 - [ ] [AI带来的诈骗技术革新,近八成当事人上当受骗](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458503921&idx=1&sn=63b86e4868427b9c956250132b75f58b&chksm=b18efa7b86f9736d6ec4b148361f225263f1e5bb41aab2cc725311d645f23bc3cf1c2ab95b74&scene=58&subscene=0#rd) - [ ] [X-Bogus vmp分析](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458503921&idx=2&sn=cbd5b0ce9edbc4fc74e39d77c3987616&chksm=b18efa7b86f9736dfc5ea8a901efc7c23506d36683ce3fa7f37e53849ea19a7939404e512e99&scene=58&subscene=0#rd) - [ ] [赋能企业安全!系统0day安全-二进制漏洞攻防](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458503921&idx=3&sn=ffc8785e954686794f023f73e7bb7f4c&chksm=b18efa7b86f9736d4aebb186d947a0c46e9bf2f0bc3cd01e844b786c2496df35e236504859bb&scene=58&subscene=0#rd) - 信息时代的犯罪侦查 - [ ] [“帮信”——治罪,还是治理?](https://mp.weixin.qq.com/s?__biz=MzAxNTA4NDAwOQ==&mid=2650736780&idx=1&sn=91ae7fde28ec5d4b9b05c1f00271ecf7&chksm=8382d80ab4f5511c4b457815429963a68dbdd028e659dd0c63f4a2cfdf334b70b1578819a0f6&scene=58&subscene=0#rd) - 博客园 - 郑瀚Andrew - [ ] [关于敏感数据识别的一些思考 - 郑瀚Andrew](https://www.cnblogs.com/LittleHann/p/17374136.html) - 绿盟科技技术博客 - [ ] [绿盟科技威胁周报(2023.04.24-2023.04.30)](http://blog.nsfocus.net/weeklyreport202318/) - [ ] [洞见RSA 2023:合作是强化对抗实力的终途](http://blog.nsfocus.net/rsa-2023strongertogether/) - [ ] [Linux OverlayFS权限提升漏洞(CVE-2023-0386)通告](http://blog.nsfocus.net/linux-overlayfscve-2023-0386/) - HackerNews - [ ] [新的安卓恶意软件 “FluHorse”瞄准东亚市场](https://hackernews.cc/archives/43859) - [ ] [微星固件密钥遭泄露,上百款产品受影响](https://hackernews.cc/archives/43857) - [ ] [知名冷链物流企业遭网络攻击:配送中断 临期产品可紧急配送](https://hackernews.cc/archives/43854) - [ ] [朝鲜黑客用新版侦察软件布局全球网络间谍](https://hackernews.cc/archives/43848) - Private Feed for M09Ic - [ ] [Rvn0xsy starred orangetw/tsh](https://github.com/orangetw/tsh) - [ ] [wabzsy starred Ne0nd0g/go-clr](https://github.com/Ne0nd0g/go-clr) - [ ] [0nise started following yzddmr6](https://github.com/yzddmr6) - [ ] [phith0n starred xiaomlove/nexusphp](https://github.com/xiaomlove/nexusphp) - [ ] [zema1 started following evilpan](https://github.com/evilpan) - [ ] [zema1 starred andrew-d/static-binaries](https://github.com/andrew-d/static-binaries) - [ ] [timwhitez starred nettitude/ETWHash](https://github.com/nettitude/ETWHash) - [ ] [timwhitez starred praetorian-inc/fingerprintx](https://github.com/praetorian-inc/fingerprintx) - [ ] [Ridter starred CodeXTF2/Burp2Malleable](https://github.com/CodeXTF2/Burp2Malleable) - [ ] [Ridter starred jmpews/Dobby](https://github.com/jmpews/Dobby) - [ ] [4ra1n starred xkaneiki/CVE-2023-0386](https://github.com/xkaneiki/CVE-2023-0386) - [ ] [L-codes starred oblique/create_ap](https://github.com/oblique/create_ap) - [ ] [FunnyWolf released v1.5.28 20230506 at FunnyWolf/Viper](https://github.com/FunnyWolf/Viper/releases/tag/v1.5.28) - [ ] [zema1 started following rebeyond](https://github.com/rebeyond) - [ ] [LoRexxar starred SnapdragonLee/ChatGPT-weBot](https://github.com/SnapdragonLee/ChatGPT-weBot) - [ ] [4ra1n started following bitterzzZZ](https://github.com/bitterzzZZ) - [ ] [gh0stkey starred Potato-py/ipInfoSearch](https://github.com/Potato-py/ipInfoSearch) - [ ] [Ridter starred trustedsec/CS-Remote-OPs-BOF](https://github.com/trustedsec/CS-Remote-OPs-BOF) - [ ] [mozhu1024 starred yaklang/yaklang](https://github.com/yaklang/yaklang) - [ ] [mozhu1024 forked mozhu1024/yaklang from yaklang/yaklang](https://github.com/mozhu1024/yaklang) - [ ] [0nise starred Y4er/ysoserial](https://github.com/Y4er/ysoserial) - [ ] [projectdiscovery forked projectdiscovery/sqlc-builder from yiplee/sqlc](https://github.com/projectdiscovery/sqlc-builder) - [ ] [timwhitez starred M0nster3/RpcsDemo](https://github.com/M0nster3/RpcsDemo) - [ ] [timwhitez starred RixedLabs/IDLE-Abuse](https://github.com/RixedLabs/IDLE-Abuse) - [ ] [timwhitez starred f1zm0/acheron](https://github.com/f1zm0/acheron) - [ ] [whwlsfb starred ZhuriLab/Yi](https://github.com/ZhuriLab/Yi) - [ ] [4ra1n forked 4ra1n/exec2shell from Binject/exec2shell](https://github.com/4ra1n/exec2shell) - [ ] [timwhitez starred Binject/exec2shell](https://github.com/Binject/exec2shell) - [ ] [LoRexxar starred WecomTeam/InnerAppCodeSample](https://github.com/WecomTeam/InnerAppCodeSample) - 奇安信病毒响应中心 - [ ] [每周勒索威胁摘要](https://mp.weixin.qq.com/s?__biz=MzI5Mzg5MDM3NQ==&mid=2247492830&idx=1&sn=9030f0d452caaf9cc330673381df98bd&chksm=ec6994f6db1e1de0d64cb38f0226306338ff4ecaaac12b17f924a7b19ca39dffdc39bcc30bcf&scene=58&subscene=0#rd) - 安全客 - [ ] [谷歌推出新的网络安全职业证书计划](https://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&mid=2649784753&idx=1&sn=4e90692b973a6e5495a3683f29a578db&chksm=8893b1debfe438c88901cde1d3da2d8874dd662b04ee5604fd2f5bdfb91a4a2ee6745f401426&scene=58&subscene=0#rd) - [ ] [美国网络司令部开始研究下一代武器平台](https://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&mid=2649784753&idx=2&sn=b3be36eac08aa3807ec9c1086dbd7c87&chksm=8893b1debfe438c8bb999762081936d69c993219cb322deec2db7b51d26fc898d80b89736c6a&scene=58&subscene=0#rd) - 长亭技术沙盒 - [ ] [漏洞风险提示 | Linux 本地提权漏洞 CVE-2023-0386](https://mp.weixin.qq.com/s?__biz=MzIwMDk1MjMyMg==&mid=2247491430&idx=1&sn=53bea7b2cea5eb21146f06dc64a6e58c&chksm=96f4000ba183891d98d9d66711bc5f5d017cc1195e6d64c2e83dde184fb45d4d4afdd582d8eb&scene=58&subscene=0#rd) - 奇客Solidot–传递最新科技情报 - [ ] [Hugging Face 和 ServiceNow 发布免费代码生成模型 StarCoder](https://www.solidot.org/story?sid=74882) - [ ] [OpenAI 不再使用 API 客户数据训练 ChatGPT](https://www.solidot.org/story?sid=74881) - [ ] [Vice Media 准备申请破产以 4 亿美元出售](https://www.solidot.org/story?sid=74880) - [ ] [白宫提议对加密货币挖矿使用的电力征 30% 的税](https://www.solidot.org/story?sid=74879) - [ ] [微星固件签名密钥泄露](https://www.solidot.org/story?sid=74878) - [ ] [美国连续五个季度生产率下降](https://www.solidot.org/story?sid=74877) - [ ] [TikTok 曾跟踪观看 LGBT 内容的用户](https://www.solidot.org/story?sid=74876) - 奶牛安全 - [ ] [云安全案例9:黑客利用CI/CD进行云供应链攻击](https://mp.weixin.qq.com/s?__biz=MzU4NjY0NTExNA==&mid=2247489394&idx=1&sn=2cf4c78d8ecabe0823da50d0efcc1d7e&chksm=fdf97c67ca8ef5712fc2428b38fe4c94f9cca5b73f445db41a4c75a9d3f04bfd4c00f622dd1f&scene=58&subscene=0#rd) - 代码卫士 - [ ] [OpenAI 账户验证流程存在漏洞,可导致用户无限薅羊毛](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247516406&idx=1&sn=c826fb7f5e9179a2dd41fd8fe00141de&chksm=ea94b19cdde3388ab79dce0421053447244374dcf510572bc9b52942e7f1d77fea731786465d&scene=58&subscene=0#rd) - [ ] [【已复现】Linux Kernel 权限提升漏洞安全风险通告](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247516406&idx=2&sn=b0ac9c5e379181f6de71e5f0afdecc23&chksm=ea94b19cdde3388ae47cb6b4ff1e53afb3905e4b6e68d53559b0769ef5360da2cb7152a72bae&scene=58&subscene=0#rd) - [ ] [Fortinet 修复FortiADC 和 FortiOS 中的多个高危漏洞](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247516406&idx=3&sn=f6d52c7913cb9a7127079a424f287d22&chksm=ea94b19cdde3388a41d9382c14e8649d4db7f27382de8b638a8c2430d9fb7a6e3125a60ceed6&scene=58&subscene=0#rd) - 关键基础设施安全应急响应中心 - [ ] [全球数据跨境流动合规 半月观察(第八期)](https://mp.weixin.qq.com/s?__biz=MzkyMzAwMDEyNg==&mid=2247536592&idx=1&sn=bc4ac51bd3118cbad8b12119d7f008f1&chksm=c1e9c381f69e4a97702fabf422faf2a443d3262ec3fd3385810349e09831452aa26026fb0862&scene=58&subscene=0#rd) - [ ] [独家:Illumina测序仪再次爆出安全漏洞,可能导致结果篡改、泄露](https://mp.weixin.qq.com/s?__biz=MzkyMzAwMDEyNg==&mid=2247536592&idx=2&sn=e54515133fe7c305b9b14808236628bb&chksm=c1e9c381f69e4a9797c5813053d992f241c78189e7fe0b1acd8deaba1f8f4c9d53b5659e0576&scene=58&subscene=0#rd) - [ ] [充分发挥政府在数据治理中的主导作用](https://mp.weixin.qq.com/s?__biz=MzkyMzAwMDEyNg==&mid=2247536592&idx=3&sn=3730a504210b9d4b57286b63106045a0&chksm=c1e9c381f69e4a97aaa0f3763d9255ac47c541b33233ed63e548bae4d640a38cccf1ea2f47fa&scene=58&subscene=0#rd) - [ ] [知名冷链物流企业遭网络攻击:配送中断 临期产品可紧急配送](https://mp.weixin.qq.com/s?__biz=MzkyMzAwMDEyNg==&mid=2247536592&idx=4&sn=42bea195344490c8835a4baca38b1fee&chksm=c1e9c381f69e4a97ea746f69c3758f2c66e069044cf54b77463553106a7a806afa1c014cc8f7&scene=58&subscene=0#rd) - [ ] [达拉斯市遭勒索软件攻击,市政服务瘫痪](https://mp.weixin.qq.com/s?__biz=MzkyMzAwMDEyNg==&mid=2247536592&idx=5&sn=e0be2479b5b2615a4e05583e8752086c&chksm=c1e9c381f69e4a9799850ee401376b994055af3663ad14ac27c86ba5d488e67304e68bdb0170&scene=58&subscene=0#rd) - 安全内参 - [ ] [美国防部零信任架构试点成功,将在2个月内全面投产](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247508567&idx=1&sn=d3a9053bc22310eb324d50448138693c&chksm=ebfae577dc8d6c61e6da92d25aa53c30b5dd4aa300ea9719af27666ad12f08c79b1167030204&scene=58&subscene=0#rd) - [ ] [因掩盖数据泄露,Uber前首席安全官被判三年缓刑](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247508567&idx=2&sn=c3b151bf0987fc0af0e8224442602b9f&chksm=ebfae577dc8d6c61c69fd529f52b933e0de6aaa33d32b6467f9e121f34cc3b827b63a0d2a236&scene=58&subscene=0#rd) - 中国信息安全 - [ ] [专题·网安人才培养 | 陈钟:我国网络安全人才培养实践与建议](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664183265&idx=1&sn=a6b615797b7965c15233061cef3810e3&chksm=8b593718bc2ebe0e80a1dce38cb6d86f646d8dbd544ec8061a181706dcf69554a424baba0a6e&scene=58&subscene=0#rd) - [ ] [通知 | 《汽车整车信息安全技术要求》等4项强制性国家标准公开征求意见](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664183265&idx=2&sn=4bb22dc94e291f14e3d358eec974981f&chksm=8b593718bc2ebe0e873d953b30ef549ddd51e8033b1221566f83c9c6e12b65dd7efac4a8f7ec&scene=58&subscene=0#rd) - [ ] [通知 | 《信息安全技术 终端计算机通用安全技术规范》等3项国家标准公开征求意见](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664183265&idx=3&sn=d088bd000ad78ea99e86e3abb11f3fd4&chksm=8b593718bc2ebe0eafcf01b5907001d6947662a7a2b0154e8223dce42e408d9fb50ea622d168&scene=58&subscene=0#rd) - [ ] [观点 | 有力有序推进我国人工智能发展](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664183265&idx=4&sn=3a5678fa20f62d5a719c8052fef31aec&chksm=8b593718bc2ebe0e19bcbb703fc65f38509615ee4957c2322554eae53c5c00cdce43a0af4698&scene=58&subscene=0#rd) - [ ] [前沿 | 零信任在金融业的应用与思考](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664183265&idx=5&sn=8b47becd22c460c56d273533ecaa9c44&chksm=8b593718bc2ebe0e97bbabed71677c6885bf74b9122a32847a7d1fa10494d09e7c3c9b80fcd3&scene=58&subscene=0#rd) - [ ] [注意 | 警惕网络谣言智能化](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664183265&idx=6&sn=214c0c9283010c4eb726cdd89afdfe0b&chksm=8b593718bc2ebe0e5ecd1f506bf8bb5d332f7d641dfe667107f010350b9549a008635efa3070&scene=58&subscene=0#rd) - 火线Zone - [ ] [是什么让人连夜上库存? | 听火沙龙23期回顾](https://mp.weixin.qq.com/s?__biz=MzI2NDQ5NTQzOQ==&mid=2247498189&idx=1&sn=32acde1e5f7cd625c271f39f7c0d5d53&chksm=eaa971eddddef8fbac89afe66d5ca02cb8815760ff20482fd5ced9e63e6aea0af247b8168954&scene=58&subscene=0#rd) - 安全学术圈 - [ ] [APTSHIELD:一个稳定、高效、实时的Linux主机APT检测系统](https://mp.weixin.qq.com/s?__biz=MzU5MTM5MTQ2MA==&mid=2247488958&idx=1&sn=602c66fdd7719c26ae513d746c08c8eb&chksm=fe2eea35c9596323f872bae98310ac6ba0fb17b0046d12baaee7e69f1f43eb587f128fde5878&scene=58&subscene=0#rd) - 三六零CERT - [ ] [CVE-2023-0386:Linux Kernel 权限提升漏洞通告](https://mp.weixin.qq.com/s?__biz=MzU5MjEzOTM3NA==&mid=2247492101&idx=1&sn=353c4f8cf7f3e304eabbb942110989c8&chksm=fe26e704c9516e12ba04afa132fb69c926c129f1a2c5c8282324f0427e18b3bc17efa236b0bb&scene=58&subscene=0#rd) - [ ] [安全日报(2023.05.06)](https://mp.weixin.qq.com/s?__biz=MzU5MjEzOTM3NA==&mid=2247492101&idx=2&sn=0ad4e19a8298644b89a3b16e9c135567&chksm=fe26e704c9516e1201b2a12123b5ae8ed650c2f2b43d3fcb56156f0c02dfdf326dabbfaab18d&scene=58&subscene=0#rd) - 安全圈 - [ ] [【安全圈】智能家居设备侵犯个人隐私了吗?](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652033800&idx=1&sn=a22d5d2f6e78136080acbde24a132e08&chksm=f36fff48c418765e620f693176f4a6437af20a22daf24a24868fa5a28a0b4e4fdc541fd11de5&scene=58&subscene=0#rd) - [ ] [【安全圈】实现95%模拟人声,AI语音诈骗日益猖獗](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652033800&idx=2&sn=05a2d2fcebe9429fdd2c7d9f12a1d66b&chksm=f36fff48c418765e262631705552ed5b2e3a82305a275080d10349b64d2b5b3138fa647478bd&scene=58&subscene=0#rd) - [ ] [【安全圈】新的安卓恶意软件 "FluHorse "瞄准东亚市场](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652033800&idx=3&sn=2547c15e25cd36d549cc488757c1f94b&chksm=f36fff48c418765eb8af2786b4890a67d4a8693f54f932c0b801db02eae6066309d9f91929e8&scene=58&subscene=0#rd) - [ ] [【安全圈】因掩盖数据泄露,Uber前首席安全官被判三年缓刑](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652033800&idx=4&sn=54ef469c94d7ea39f68575c10c3b830d&chksm=f36fff48c418765eee46a94185aadc890d07f10b6d9e0e98020350b9f633b0780f7382af4c30&scene=58&subscene=0#rd) - 长亭科技 - [ ] [五年20倍增长|长亭和他的伙伴们](https://mp.weixin.qq.com/s?__biz=MzIwNDA2NDk5OQ==&mid=2651384199&idx=1&sn=b2168492ecfea45a8b6a9912056a160f&chksm=8d39980fba4e11198c9a36e9a4763390acf4a17cd80b4c8b303efdf7c9cf08b62176eb8021c9&scene=58&subscene=0#rd) - CNCERT国家工程研究中心 - [ ] [独家:Illumina测序仪再次爆出安全漏洞,可能导致结果篡改、泄露](https://mp.weixin.qq.com/s?__biz=MzUzNDYxOTA1NA==&mid=2247536716&idx=1&sn=f6fe40eee492fbd478ace619a08ae18b&chksm=fa93e68dcde46f9bdb678ec24191f5c50ae5033ed0de6eea9296b232bda37188364fcfe42a89&scene=58&subscene=0#rd) - [ ] [全球数据跨境流动合规 半月观察(第八期)](https://mp.weixin.qq.com/s?__biz=MzUzNDYxOTA1NA==&mid=2247536716&idx=2&sn=bca374af3f3a2c80cf80e7992345c3a6&chksm=fa93e68dcde46f9b16da5ccf2eaf979f08fee4a4c46db66b08fa86ef0821b6015a9e34f6c94e&scene=58&subscene=0#rd) - [ ] [针对ChatGPT的隐私提取攻击:多步骤越狱漏洞](https://mp.weixin.qq.com/s?__biz=MzUzNDYxOTA1NA==&mid=2247536716&idx=3&sn=9dccf30b49a6ea0f764103f16bf37681&chksm=fa93e68dcde46f9b0f0868278ad3047a8cdba326e875f0f186004c47ca35c044c08d42878c14&scene=58&subscene=0#rd) - [ ] [朝鲜黑客用新版侦察软件布局全球网络间谍](https://mp.weixin.qq.com/s?__biz=MzUzNDYxOTA1NA==&mid=2247536716&idx=4&sn=1b0883ca156d84b4697f56bf79f8837a&chksm=fa93e68dcde46f9bb7be1e698496b564696e9c265222522678ea30c3eb24278ec83d35de0926&scene=58&subscene=0#rd) - [ ] [Meta 从 Facebook、Instagram 删除多个 APT、网络犯罪组织](https://mp.weixin.qq.com/s?__biz=MzUzNDYxOTA1NA==&mid=2247536716&idx=5&sn=61d508c02f88a58d8f8b67c66ce69199&chksm=fa93e68dcde46f9bd8e26effb0bdd70f4d9b6f3120d5862e6d25e24d52554008196705baf69f&scene=58&subscene=0#rd) - 火绒安全 - [ ] [【火绒安全周报】Edge被曝泄露用户记录给必应/男子雇佣“黑客”恢复聊天记录](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247514356&idx=1&sn=36b7b6e7f5d3dc6a0b2601e9dcbf78a8&chksm=eb7066cbdc07efddf1313578f899662d2494364b8921f3ce1c3561a4967806770b134ba804cd&scene=58&subscene=0#rd) - 国家互联网应急中心CNCERT - [ ] [网络安全信息与动态周报2023年第18期(4月24日-4月30日)](https://mp.weixin.qq.com/s?__biz=MzIwNDk0MDgxMw==&mid=2247498306&idx=1&sn=08fcdc12d1a6b6566112f50f0b3df6e5&chksm=973ac920a04d40369c7ff86582fce728bd2aeba721e0355ae3850bcf198ab678a1712840b06b&scene=58&subscene=0#rd) - 极客公园 - [ ] [世卫:新冠「紧急状态」结束;OpenAI 亏损翻倍,要筹 1000 亿美元;抖音推出「抖多多」,试水低价电商 | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2652991685&idx=1&sn=ed69735668868935f14a500135d01d02&chksm=7e540d73492384650a2ec0bf2faafbfa1970b5972cfdd7836b78e8a51c24d0c9ef5c2a9fe098&scene=58&subscene=0#rd) - 网安国际 - [ ] [【InForSec2023 年会论坛回顾】李卷孺:发掘自定义内存管理函数的使用安全问题](https://mp.weixin.qq.com/s?__biz=MzA4ODYzMjU0NQ==&mid=2652313027&idx=1&sn=e5cbd9bdde1cd6cd3f35e44e3353d063&chksm=8bc4884dbcb3015b06958cb4274dcdef8be57fe582a180af848f15dc15bf8085f08c86bc5046&scene=58&subscene=0#rd) - 嘶吼专业版 - [ ] [警惕!这种危险的安卓恶意软件可以挟持你的手机](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247560919&idx=1&sn=8e4735908172fe299c4e3ade64fd5cf0&chksm=e9143eedde63b7fb5067e9375bc84bede7f33dc63eb6ee2fda01ab506b4c92b6d37308258015&scene=58&subscene=0#rd) - [ ] [WinRAR SFX 压缩包可以在不被发现的情况下运行 PowerShell](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247560919&idx=2&sn=4a18fbc09da9c29e58f3a42e70bfaa60&chksm=e9143eedde63b7fb2481eaac8c164b795f8b2b170f5e2d03ec0c6ff609bdc0248b71166a58fa&scene=58&subscene=0#rd) - IT Service Management News - [ ] [Sicurezza informatica e Codice degli appalti](http://blog.cesaregallotti.it/2023/05/sicurezza-informatica-e-codice-degli.html) - [ ] [Accreditamento UKAS non più valido per gli appalti pubblici](http://blog.cesaregallotti.it/2023/05/accreditamento-ukas-non-piu-valido-per.html) - 微步在线 - [ ] [可能是全年最干的安全大会| CSOP 2023北京站亮点抢先看](https://mp.weixin.qq.com/s?__biz=MzI5NjA0NjI5MQ==&mid=2650177041&idx=1&sn=53f21009a1eaf10918616ed72dd57780&chksm=f44885adc33f0cbb031d20c42161e007c2de0917e7af9576e8fa30cba4590381cfc66b452ff2&scene=58&subscene=0#rd) - Yak Project - [ ] [出大事了!CDSL-YAK全新开源计划](https://mp.weixin.qq.com/s?__biz=Mzk0MTM4NzIxMQ==&mid=2247496373&idx=1&sn=9bffadf48d3c33e3b331b839b442fa83&chksm=c2d18e11f5a60707b9bded37613b75412c95c8305c68e8214c577713c7dbfb8da8322acdbbca&scene=58&subscene=0#rd) - 奇安信 CERT - [ ] [【已复现】Linux Kernel 权限提升漏洞安全风险通告](https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247498491&idx=1&sn=98b9815801067ca7640f0bb5b75e3b10&chksm=fe79de63c90e577579bcda4179e189ae371dd054ae59fef374a4861d8cbd68b8cbf1968df337&scene=58&subscene=0#rd) - 绿盟科技CERT - [ ] [【漏洞通告】Linux OverlayFS权限提升漏洞(CVE-2023-0386)](https://mp.weixin.qq.com/s?__biz=Mzk0MjE3ODkxNg==&mid=2247488276&idx=1&sn=094e8b3eba2a20f5c460f8b80e448e97&chksm=c2c6441ff5b1cd09417d30595a84d2c0c92ca2ef4835a1f8abc23f52517cc22fb26f4e12e4fa&scene=58&subscene=0#rd) - Over Security - Cybersecurity news aggregator - [ ] [Twitter says 'security incident' exposed private Circle tweets](https://www.bleepingcomputer.com/news/security/twitter-says-security-incident-exposed-private-circle-tweets/) - [ ] [New PaperCut RCE exploit created that bypasses existing detections](https://www.bleepingcomputer.com/news/security/new-papercut-rce-exploit-created-that-bypasses-existing-detections/) - [ ] [Newspaper evades Russian censors, hides news in Counter-Strike map](https://www.malwarebytes.com/blog/news/2023/05/evading-russian-media-restrictions-with-custom-video-game-maps) - [ ] [Apple releases first Rapid Security Response update for iOS, iPadOS, and macOS users](https://www.malwarebytes.com/blog/news/2023/05/apple-releases-first-rapid-security-response-update-for-ios-ipados-and-macos-users) - 陌陌安全 - [ ] [APP合规开发指南](https://mp.weixin.qq.com/s?__biz=MzI2OTYzOTQzNw==&mid=2247487822&idx=1&sn=2a51d72f894e7824a57cd23a9eed3ee3&chksm=eadc1b2cddab923aae870cfdcc3e5cd4b8a51da8b5c67cfb59371d70f0a07461845fcb1ec723&scene=58&subscene=0#rd) - 情报分析师 - [ ] [【资料】美国海军战略与国家安全358页](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650528343&idx=1&sn=710110a473d9c998daaa781a72340973&chksm=8716f41cb0617d0a592415795e6dcb637c8d8b9eea11242d3ad5d75005b60185cc64097b1a8c&scene=58&subscene=0#rd) - [ ] [全球时事摄像头在线观看全球动态](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650528343&idx=2&sn=883410686e58f3114c38ccbb35803c62&chksm=8716f41cb0617d0ad8ca1bf6a7b17319ecb7ca41f5037cd5d09b07a03c9d6659dbb2ed40bc9b&scene=58&subscene=0#rd) - SANS Internet Storm Center, InfoCON: green - [ ] [Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 1, (Sat, May 6th)](https://isc.sans.edu/diary/rss/29816) - TorrentFreak - [ ] [UK Police Applaud Five-Year Jail Sentence for ‘Fugitive’ IPTV Reseller](https://torrentfreak.com/uk-police-applaud-5-year-jail-sentence-for-fugitive-iptv-reseller-230505/) - Blackhat Library: Hacking techniques and research - [ ] [Vulnerable WordPress (April 2023) - plugins:263 - Vuls: 324](https://www.reddit.com/r/blackhat/comments/139fo59/vulnerable_wordpress_april_2023_plugins263_vuls/) - [ ] [Can I send files through Web Whatsapp without my employer tracking it?](https://www.reddit.com/r/blackhat/comments/139j0tn/can_i_send_files_through_web_whatsapp_without_my/) - Your Hacking Tutorial by Zempirians - [ ] [Help with John the ripper plz](https://www.reddit.com/r/HowToHack/comments/139ym0v/help_with_john_the_ripper_plz/) - [ ] [Do I need to learn cabling ?](https://www.reddit.com/r/HowToHack/comments/139ol83/do_i_need_to_learn_cabling/) - Information Security - [ ] [The Myth of Individual Control: Mapping the Limitations of Privacy Self-management](https://www.reddit.com/r/Information_Security/comments/139vw81/the_myth_of_individual_control_mapping_the/) - Deep Web - [ ] [Stumbled onto this release by the JD](https://www.reddit.com/r/deepweb/comments/139nlvy/stumbled_onto_this_release_by_the_jd/) - Technical Information Security Content & Discussion - [ ] [I created a GitHub repo for learning application security from scratch. It's perfect for beginners and includes a comprehensive list of reference links. But it's not complete yet! Contributors are welcome to add more details.](https://www.reddit.com/r/netsec/comments/139xxiv/i_created_a_github_repo_for_learning_application/) - [ ] [Dependabot Confusion: Gaining Access to Private GitHub Repositories using Dependabot](https://www.reddit.com/r/netsec/comments/139zv0d/dependabot_confusion_gaining_access_to_private/) - [ ] [gowhois - Support for various whois servers](https://www.reddit.com/r/netsec/comments/139b23j/gowhois_support_for_various_whois_servers/) - [ ] [Cookie Bugs - Smuggling & Injection](https://www.reddit.com/r/netsec/comments/139h4hd/cookie_bugs_smuggling_injection/) - Social Engineering - [ ] [The Ben Franklin Effect: How You Can Make People Like You More](https://www.reddit.com/r/SocialEngineering/comments/139nj9u/the_ben_franklin_effect_how_you_can_make_people/) - [ ] [clever ways to compliment someone?](https://www.reddit.com/r/SocialEngineering/comments/13a3gem/clever_ways_to_compliment_someone/) - [ ] [What actions make you appear adventurous?](https://www.reddit.com/r/SocialEngineering/comments/13a2kra/what_actions_make_you_appear_adventurous/) - [ ] [How do you present info in a way that leads someone to interpret it in the way you want?](https://www.reddit.com/r/SocialEngineering/comments/139qclz/how_do_you_present_info_in_a_way_that_leads/) - The Hacker News - [ ] [Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry](https://thehackernews.com/2023/05/dragon-breath-apt-group-using-double.html) - [ ] [New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks](https://thehackernews.com/2023/05/new-vulnerability-in-popular-wordpress.html) - Security Affairs - [ ] [Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition](https://securityaffairs.com/145871/breaking-news/security-affairs-newsletter-round-418.html) - [ ] [Twitter confirmed that a security incident publicly exposed Circle tweets](https://securityaffairs.com/145865/social-networks/twitter-circle-security-incident.html) - [ ] [FBI seized other domains used by the shadow eBook library Z-Library](https://securityaffairs.com/145854/cyber-crime/z-library-domains-seized.html) - [ ] [WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks](https://securityaffairs.com/145847/hacking/wordpress-advanced-custom-fields-xss.html) - The Register - Security - [ ] [DEF CON to set thousands of hackers loose on LLMs](https://go.theregister.com/feed/www.theregister.com/2023/05/06/ai_hacking_defcon/)
每日安全资讯(2023-05-07)