漏洞 Vulnerability SolarWinds 供应链攻击通告 https://cert.360.cn/warning/detail?id=df9b6fe4d1d0dd3c44b80ec64e3b595a CVE-2020-26258/26259: XStream 反序列化漏洞通告 https://mp.weixin.qq.com/s/DkSt4U_C9ZnMxPd5y8aBtg 最新的苹果 macOS Catalina，Mojave的安全更新 https://support.apple.com/en-us/HT212011 安全研究 Security Research AMNESIA33：开源TCP/IP协议栈系列漏洞分析与验证 https://mp.weixin.qq.com/s/UWeFBK3E1Zs4cTcMl4UU3A 利用SSL VPN，发送特定的HTTP请求泄漏FortiOS系统文件Poc https://github.com/Zeop-CyberSec/fortios_vpnssl_traversal_leak 虚拟机中的页错误注入：从HVMI进入Swapped-Out页 https://hvmi.github.io/blog/2020/12/14/pfinjection.html 使用Defensics SDK构建串行端口fuzzer https://securityboulevard.com/2020/12/how-to-build-a-serial-port-fuzzer-with-defensics-sdk/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29 利用JARM指纹进行TLS服务端标记 https://mp.weixin.qq.com/s/CTBO22SuQft1dBoHv2WRQg express-validator 6.6.0 原型链污染分析 https://paper.seebug.org/1426/ PS4 上的webkit 漏洞利用 https://www.synacktiv.com/publications/this-is-for-the-pwners-exploiting-a-webkit-0-day-in-playstation-4.html angelboy关于windows内核堆的研究——Slide https://speakerdeck.com/scwuaptx/windows-kernel-heap-segment-heap-in-windows-kernel-part-1 恶意软件 Malware Adrozek的新恶意软件分析 https://www.microsoft.com/security/blog/2020/12/10/widespread-malware-campaign-seeks-to-silently-inject-ads-into-search-results-affects-multiple-browsers/ Russian APT28 利用新冠疫情进行攻击 https://www.intezer.com/blog/research/russian-apt-uses-covid-19-lures-to-deliver-zebrocy/