漏洞 Vulnerability CNVD-2020-26235: Palo Alto Networks Secdo输入验证错误漏洞 https://www.cnvd.org.cn/flaw/show/CNVD-2020-26235 CNVD-2020-26234: 多款Mozilla产品存在未明漏洞 https://www.cnvd.org.cn/flaw/show/CNVD-2020-26234 SaltStack 多个严重漏洞通告 – 360CERT https://cert.360.cn/warning/detail?id=f31be92efc1ab6e8a09b987411a9759a CVE-2020-12111: TP-LINK 网络摄像头 NC系列命令注入漏洞 https://seclists.org/fulldisclosure/2020/May/4 安全资讯 Security Information 安卓第三方 ROM LineageOS 服务器遭到 SaltStack 漏洞攻击 https://securityaffairs.co/wordpress/102708/hacking/lineageos-hacked.html 黑客试图窃取英国大学冠状病毒研究 https://www.zdnet.com/article/hackers-are-targeting-uk-universities-to-steal-coronavirus-research-ncsc-warns/ CursedChrome 使 Chrome 成为代理跳板 https://www.zdnet.com/article/cursedchrome-turns-your-browser-into-a-hackers-proxy/ 安全工具 Security Tools Authelia – 开源身份验证和授权中枢服务器 https://www.kitploit.com/2020/05/authelia-single-sign-on-multi-factor.html hxnoyd/ossem-power-up: 基于 OSSEM 模型整合 ATT&CK 的评估工具 https://github.com/hxnoyd/ossem-power-up 网络威胁趋势-在线图表分析 https://marcoramilli.com/cyber-threat-trends/ 安全事件 Security Incident 从乌克兰电网事件看工控安全态势 – FreeBuf互联网安全新媒体平台 https://www.freebuf.com/articles/ics-articles/233680.html 安全研究 Security Research irsl/CVE-2020-1967: openssl DoS 漏洞 PoC https://github.com/irsl/CVE-2020-1967 红队技巧：绕过Sysmon检测 – FreeBuf互联网安全新媒体平台 https://www.freebuf.com/articles/system/233015.html 使用Miasm分析Shellcode – FreeBuf互联网安全新媒体平台 https://www.freebuf.com/articles/terminal/232540.html TP-Link Archer路由器LAN RCE https://mp.weixin.qq.com/s/Bfr1BfiVyrQ6BoreP_qcUg 卡巴斯基对 ATT&CK 模拟数据评估 https://securelist.com/attck-evaluation-results/96849/