漏洞 Vulnerability 苹果爆发不可修补的bootrom漏洞，数亿IOS设备受影响 http://go.theregister.com/feed/www.theregister.co.uk/2019/09/27/unpatchable_exploit_for_ios/ CVE-2019-16935: Python XML-RPC server 中server_title字段存在XSS漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935 CVE-2019-16253: Samsung 语音转换引擎(SamsungTTS)组件中存在提权漏洞 https://seclists.org/fulldisclosure/2019/Sep/32 CVE-2019-16930: Zcash IP元数据泄漏漏洞 http://feedproxy.google.com/~r/GoogleChromeReleases/~3/I2GH3a_S9vE/stable-channel-update-for-chrome-os_27.html 安全工具 Security Tools Kube-Alien: 从内部对K8s群集发起攻击的工具 http://feedproxy.google.com/~r/PentestTools/~3/126-Y9dJKbU/kube-alien-tool-to-launches-attack-on.html 安全报告 Security Report 2019上半年移动安全报告 https://www.freebuf.com/articles/network/213648.html IoT：过去5年中，流行的IoT设备的安全问题和漏洞几乎翻了一番 https://cyware.com/news/security-issues-and-vulnerabilities-across-popular-iot-devices-have-almost-doubled-in-last-5-years-5eee3483 安全事件 Security Incident TrickBot: 针对物流供应商的新的网络钓鱼活动正在分发TrickBot木马的新变种 https://www.fortinet.com/blog/threat-research/trickbot-or-treat-threat-analysis.html 恶意软件 Malware Sodinokibi：伪装成DHL电子邮件，诱使中国用户安装Sodinokibi勒索软件 https://www.bleepingcomputer.com/news/security/revil-sodinokibi-ransomware-targets-chinese-users-with-dhl-spam/ Whiteshadow: 一个名为Whiteshadow的新恶意软件下载程序已在多个广告系列中投放 https://www.zdnet.com/article/whiteshadow-malware-uses-microsoft-sql-queries-to-deliver-malicious-payloads/ 安全资讯 Security Information 思科发布安全更新，解决影响Cisco IOS和IOS XE网络自动化软件的十二个严重级别的漏洞。 https://www.zdnet.com/article/cisco-warning-these-routers-running-ios-have-9-910-severity-security-flaw/