Good Monday everyone, we have summarized and recommended the latest hot news and security incidents to ensure that you do not miss every key point this week!
Hot info
1. Iranian hackers exploited critical Zoho and Fortinet vulnerabilities to invade US aviation organizations
A joint report released by CISA, FBI and U.S. Cyber Command (USCYBERCOM) on Thursday (September 7) showed that a state-sponsored hacker group exploited critical vulnerabilities in Zoho and Fortinet to attack a U.S. aviation organization.
2. Cisco BroadWorks platform now has a “full grade” vulnerability
According to BleepingComputer, serious vulnerabilities have appeared in the Cisco BroadWorks application delivery platform and Cisco BroadWorks Xtended service platform, which may allow remote attackers to forge credentials and bypass authentication.
3. Atlas VPN exposes zero-day vulnerability, allowing user’s real IP address to be viewed
Atlas VPN has confirmed the existence of a zero-day vulnerability that allows website owners to view the real IP addresses of Linux users. Not long ago, the person who discovered the vulnerability publicly posted details about the zero-day vulnerability and the exploit code on Reddit.
4. The website of the German financial regulator was “paralyzed” after suffering a large-scale DDoS attack
BaFin is the financial regulator responsible for supervising and supervising German financial institutions and markets. Its responsibility is to ensure the stability, integrity and transparency of the German financial system.
5. Facebook has deleted 27.67 billion fake accounts, and a large number of real users have been “accidentally injured”
According to Cyber News, thousands of users are expressing their dissatisfaction with Facebook on X (Twitter) and other platforms because the platform "accidentally injured" their normal accounts when cracking down on fake accounts.
security incident
1. A big departure! Toyota plant shuts down due to lack of data storage space
Toyota said recent operational disruptions at its Japanese production plants were due to a lack of storage space on its database servers.
2. New Python variant of Chaes malware targets banking and logistics industries
In a new detailed technical report shared with The Hacker News, Morphisec said: "Chaes" has undergone a major revamp, from being completely rewritten in Python to an overall redesign and enhancement of the communication protocol, leading to the detection of legacy defense systems. rate decreases. .
3. The 28-year-old WordPad will be officially removed from Windows systems
I believe that users who are familiar with the Windows system are more or less familiar with the built-in WordPad function, but Microsoft recently stated that it will officially remove the WordPad in a future Windows version update.
4. Freecycle suffered a large-scale data breach, affecting 7 million users
Freecycle is an online forum dedicated to exchanging second-hand items, with nearly 11 million users from more than 5,300 local towns and cities around the world. The forum recently suffered a large-scale data breach, affecting more than 7 million users.
5. Be alert! A large number of hackers launched social engineering attacks targeting Okta's excessive management rights
Identity service provider Okta warned on Friday (September 1) that a threat actor conducted a social engineering attack against the company to gain administrator privileges.
As long as you like my article today, my private network security learning materials will be shared with you for free. Come and see what is available.
Network security learning resource sharing:
Finally, I would like to share with you a complete set of network security learning materials that I have studied myself. I hope it will be helpful to friends who want to learn network security!
Getting Started with Zero Basics
For students who have never been exposed to network security, we have prepared a detailed learning and growth roadmap for you. It can be said to be the most scientific and systematic learning route. It will be no problem for everyone to follow this general direction.
1. Learning roadmap
There are a lot of things to learn about attack and defense. I have written down the specific things you need to learn in the road map above. If you can learn them all, you will have no problem taking on private work.
2. Video tutorial
Although there are many learning resources on the Internet, they are basically incomplete. This is a video tutorial on network security that I recorded myself. I have accompanying video explanations for every knowledge point in the roadmap above. [Click to receive the video tutorial]
I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF and digging SRC vulnerabilities. There are also more than 200 e-books[Click to receive it Technical Documentation]
(They are all packaged into one piece and cannot be expanded one by one. There are more than 300 episodes in total)
3. Technical documents and e-books
I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF and digging SRC vulnerabilities. There are also more than 200 e-books[Click to receive it Books]
4. Toolkit, interview questions and source code
"If you want to do your job well, you must first sharpen your tools." I have summarized dozens of the most popular hacking tools for everyone. The scope of coverage mainly focuses on information collection, Android hacking tools, automation tools, phishing, etc. Interested students should not miss it.
Finally, here are the interview questions about network security that I have compiled over the past few years. If you are looking for a job in network security, they will definitely help you a lot.
These questions are often encountered when interviewing Sangfor, Qi Anxin, Tencent or other major companies. If you have good questions or good insights, please share them.
Reference analysis: Sangfor official website, Qi’anxin official website, Freebuf, csdn, etc.
Content features: Clear organization and graphical representation to make it easier to understand.
Summary of content: Including intranet, operating system, protocol, penetration testing, security service, vulnerability, injection, XSS, CSRF, SSRF, file upload, file download, file inclusion, XXE, logical vulnerability, tools, SQLmap, NMAP, BP, MSF…
Due to limited space, only part of the information is displayed. You need to click the link below to obtain it
CSDN gift package: "Hacker & Network Security Introduction & Advanced Learning Resource Package" Share for free