漏洞 Vulnerability CVE-2020-11651：运维管理框架 saltstack 权限绕过漏洞 https://labs.f-secure.com/advisories/saltstack-authorization-bypass CVE-2020-11029：WordPress（< 5.4.1） XSS漏洞 https://nvd.nist.gov/vuln/detail/CVE-2020-11029 CVE-2020-7351：Trixbox 命令注入漏洞 https://github.com/rapid7/metasploit-framework/pull/13353 CNVD-2020-23489：安全狗（Apache版）SQL注入绕过漏洞 https://www.cnvd.org.cn/flaw/show/CNVD-2020-23489 安全研究 Security Research CVE-2020-0932 Microsoft SharePoint RCE分析 https://www.zerodayinitiative.com/blog/2020/4/28/cve-2020-0932-remote-code-execution-on-microsoft-sharepoint-using-typeconverters 使用数据科学跟踪攻击活动 https://published-prd.lanyonevents.com/published/rsaus20/sessionsFiles/17855/2020_USA20_HTA-W02_01_The-Magic-of-Tracking-Attack-Campaigns-Using-Data-Science.pdf JAMF 的安全性研究 https://labs.f-secure.com/blog/jamfing-for-joy-attacking-macos-in-enterprise/ 逆向flutter应用 https://blog.tst.sh/reverse-engineering-flutter-apps-part-1/ 安全事件 Security Incident 法国日报 《费加罗报（Le Figaro）》 Elasticsearch 错误配置，74亿条记录被泄露。 https://www.bleepingcomputer.com/news/security/french-daily-le-figaro-database-exposes-users-personal-info/ 安全工具 Security Tools 针对Jamf macOS管理平台的安全工具 https://github.com/FSecureLABS/Jamf-Attack-Toolkit