漏洞 Vulnerability 启动组件 GRUB2 被发现缓冲区溢出漏洞,可被利用 Bypass Secure Boot https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ 在NodeJS core中发现缓冲区溢出 https://medium.com/@social_62682/discovering-buffer-overflows-in-nodejs-core-b4af76c00bba 安全资讯 Security Information 多个Tor安全问题被纰漏 https://www.zdnet.com/article/multiple-tor-security-issues-disclosed-more-to-come/ 安全报告 Security Report 微软内部威胁防护案例：通过关联分析解决跨域安全事件 https://www.microsoft.com/security/blog/2020/07/29/inside-microsoft-threat-protection-solving-cross-domain-security-incidents-through-the-power-of-correlation-analytics/ 卡巴斯基发布的 2020 Q2 APT 趋势分析报告 https://securelist.com/apt-trends-report-q2-2020/97937/ Project Zero回顾了2019年被在野利用的0day https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html FireEye 发布的Ghostwriter行动分析报告 https://www.fireeye.com/blog/threat-research/2020/07/ghostwriter-influence-campaign.html 安全研究 Security Research 攻击MS Exchange Web界面 https://swarm.ptsecurity.com/attacking-ms-exchange-web-interfaces/ CVE-2020-1313:Windows Update Orchestrator特权提升漏洞poc https://github.com/irsl/CVE-2020-1313 CVE-2020-8558：Kubernetes 网络组件 kube-proxy漏洞分析 https://unit42.paloaltonetworks.com/cve-2020-8558/