漏洞 Vulnerability CVE-2019-16928：Exim4.92版本string.c中string_vformat堆溢出导致远程代码执行 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16928 CVE-2019-13376：phpBB3.2.7版本CSRF窃取会话ID漏洞 https://twitter.com/CVEnew/status/1177579940235137024 CVE-2019-16414：GFI Kerio Control防火墙v9.3.0版本DOMXSS漏洞 http://seclists.org/fulldisclosure/2019/Sep/35 安全工具 Security Tools Rebel-Framework – 一款先进易用的渗透测试框架 https://www.kitploit.com/2019/09/rebel-framework-advanced-and-easy-to.html Pyshark：使用了WirdShark的Python数据包解析工具（Tshark） https://www.freebuf.com/sectool/213642.html 恶意软件 Malware InnfiRAT : 一种针对加密货币窃取的RAT软件 https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more 新型恶意软件通过Telegram窃取加密钱包 https://www.bleepingcomputer.com/news/security/new-masad-stealer-malware-exfiltrates-crypto-wallets-via-telegram/ 安全事件 Security Incident 空中客车表示已经对网络攻击的采取应对措施 http://feedproxy.google.com/~r/Securityweek/~3/v6PvQ_aBM_8/airbus-says-taking-appropriate-measures-against-hackers 安全资讯 Security Information 微软正向Office 365 ATP中添加新的“自动事件响应”剧本 https://www.bleepingcomputer.com/news/microsoft/office-365-to-get-automated-incident-response-for-hacked-accounts/ 网络安全与供应链安全：加强薄弱环节防护 https://www.cyberdefensemagazine.com/cyber-security/?utm_source=rss&utm_medium=rss&utm_campaign=cyber-security 安全研究 Security Research Divergent恶意软件使用NodeJS和WinDivert进行无文件攻击 https://www.tripwire.com/state-of-security/security-data-protection/divergent-malware-using-nodejs-windivert-in-fileless-attacks/ 研究人员透露另一种SIM卡攻击可能会影响数百万手机 http://feedproxy.google.com/~r/Securityweek/~3/LvuoxzhdsTM/researchers-disclose-another-sim-card-attack-possibly-impacting-millions