漏洞 Vulnerability NVIDIA 发布了多个有关 GPU 驱动的安全修复更新 https://nvidia.custhelp.com/app/answers/detail/a_id/5031/~/security-bulletin%3A-nvidia-gpu-display-driver—june-2020 后门大开：GeoVision（台湾指纹扫描仪和监控技术制造商）产品中发现了关键漏洞 https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision 安全工具 Security Tools BSF： 一款僵尸网络模拟框架 https://www.kitploit.com/2020/06/bsf-botnet-simulation-framework.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29 恶意软件 Malware SYLKin 攻击：Avanan 安全工程师发现恶意活动使用 .slk 文件绕过 office 365 安全措施 https://www.avanan.com/blog/sylkin-attack-bypassing-microsoft-365-security-risking-users TA505研究报告 https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-006.pdf 鹰眼又回来了：APT30的新旧后门 https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/eagle-eye-is-back-apt30/ 研究使用基于文本的隐写术隐藏后门程序的PLATINUM APT组织 https://medium.com/@z3roTrust/platinum-apt-found-using-text-based-steganography-to-hide-backdoor-e54120fd6aed 跟踪基于云的端到端 HOLMIUM 攻击 https://www.microsoft.com/security/blog/2020/06/18/inside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint/ GoldenSpy：税务软件中的后门分析 https://trustwave.azureedge.net/media/16908/the-golden-tax-department-and-emergence-of-goldenspy-malware.pdf 针对缅甸的定向攻击 https://www.anomali.com/blog/unknown-china-based-apt-targeting-myanmarese-entities 安全事件 Security Incident WastedLocker：针对美国组织的攻击浪潮 https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us 安全资讯 Security Information 亚洲媒体公司 E27 遭受安全漏洞，黑客要求 “捐赠” https://securityaffairs.co/wordpress/105277/data-breach/e27-hacked.html 德克萨斯州遭受到针对政府机构和企业人为操纵的勒索软件的网络攻击 https://www.ehackingnews.com/2020/06/texas-hit-by-human-operated-ransomware.html 安全研究 Security Research 在Windows10(1909)中结合 DLL 劫持和 UAC 绕过 https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows 一种针对纸质投票的可扩展侧信道攻击 https://www.anquanke.com/post/id/209120 Tomcat 基于 Servlet 的无文件 webshell 的相关技术研究 https://mp.weixin.qq.com/s/gYGrdDtIldzrE7NHSxTDYQ Pwn2Own-Netgear-R6700-UPnP漏洞分析 https://www.anquanke.com/post/id/209232