漏洞 Vulnerability [EXP公开] CVE-2020-13935: Tomcat WebSocket 拒绝服务漏洞通告 https://cert.360.cn/warning/detail?id=c01c205c79fc1a9740f6ca9b133fb6f7 CVE-2020-27955：Gita <= 2.29.2 – 远程代码执行 via git-lfs https://cxsecurity.com/issue/WLB-2020110033 恶意软件 Malware 勒索软件告警: Pay2Key https://research.checkpoint.com/2020/ransomware-alert-pay2key/ 安全事件 Security Incident GitHub企业服务端源码泄漏 https://www.de24.news/2020/11/githubs-source-code-leaked-on-github-last-night-kind-of.html 安全资讯 Security Information RansomExx恶意软件现在也将目标对准了linux系统 https://securityaffairs.co/wordpress/110491/malware/linux-version-ransomexx-ransowmare.html 苹果对产品线的24个漏洞进行了修补 https://www.darkreading.com/vulnerabilities—threats/apple-patches-24-vulnerabilities-across-product-lines/d/d-id/1339399 Pwn2Own东京第一天:NETGEAR路由器、NAS设备被攻破 https://securityaffairs.co/wordpress/110509/hacking/pwn2own-tokyo-2020-day1.html 安全研究 Security Research 关于 Trickbot 恶意软件新增的 Anchor 模块分析 https://paper.seebug.org/1392/ CVE-2020-15999：Chrome FreeType字体库堆溢出原理分析 https://www.anquanke.com/post/id/221878 渗透技巧——通过Exchange ActiveSync访问内部文件共享 https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-%E9%80%9A%E8%BF%87Exchange-ActiveSync%E8%AE%BF%E9%97%AE%E5%86%85%E9%83%A8%E6%96%87%E4%BB%B6%E5%85%B1%E4%BA%AB/