漏洞 Vulnerability Ubuntu nginx错误配置导致HTTP请求走私 http://vulhub.org.cn/vuln/VH-F155923 Microsoft Windows 10内部版本1809本地特权升级（UAC绕过） https://cxsecurity.com/issue/WLB-2020010101 Real Estate 7 WordPress v2.9.4多个漏洞 https://cxsecurity.com/issue/WLB-2020010103 安全工具 Security Tools laravelN00b-在受害者主机中自动扫描.env文件并检查调试模式 https://github.com/tismayil/laravelN00b LAVA-大规模自动漏洞添加工具 https://www.kitploit.com/2020/01/andriller-software-utility-with.html 安全报告 Security Report 印度最大的旅馆连锁Zostel的支付漏洞 https://medium.com/bugbountywriteup/payment-gateway-bypass-of-zostel-indias-biggest-hostel-chain-81c407454f0a 安全事件 Security Incident Scammers Dupe Texas School District损失$ 230万 https://threatpost.com/scammers-dupe-texas-school-district-out-of-2-3m/151773/ 恶意软件 Malware Play商店上的新Android恶意软件禁用了Play Protect来逃避检测 https://www.hackread.com/play-store-android-malware-disables-play-protect-evade-detection/ 安全研究 Security Research 从Mega到Giga：基于MegaCortex勒索软件修改的跨版本比较 https://securityintelligence.com/posts/from-mega-to-giga-cross-version-comparison-of-top-megacortex-modifications/ 深入研究Citrix ADC远程执行代码，CVE-2019-19781 https://www.mdsec.co.uk/2020/01/deep-dive-to-citrix-adc-remote-code-execution-cve-2019-19781/ 魔法才能打败魔法：关于获取csrf-token前端技巧思考 https://xz.aliyun.com/t/7084