漏洞 Vulnerability CVE-2020-1967: openssl 拒绝服务漏洞通告 https://cert.360.cn/warning/detail?id=83b4133611aba0131a5e18fb2ea46aba Foxit多个高危漏洞通告 https://cert.360.cn/warning/detail?id=7ca5e66697fb306bd2ea08b7d253c851 通达OA权限提升漏洞通告 https://cert.360.cn/warning/detail?id=d2689a877c01a9712d148317c2da21a2 安全工具 Security Tools Wifipumpkin3-强大的Rogue Wi-Fi接入点攻击框架 https://github.com/P0cL4bs/wifipumpkin3 安全报告 Security Report 云上暴露的Redis实例被滥用以进行加密货币挖掘相关分析报告 https://blog.trendmicro.com/trendlabs-security-intelligence/exposed-redis-instances-abused-for-remote-code-execution-cryptocurrency-mining/ 去中心化金融平台Lendf.Me黑客攻击事件分析报告 https://www.anquanke.com/post/id/203548 安全资讯 Security Information 苹果修补了两个被滥用多年的iOS 0day漏洞 https://threatpost.com/apple-patches-two-ios-zero-days-abused-for-years/155042/ 微软发布Office、Office 365 ProPlus和Paint 3D产品的重要安全更新 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200004?ranMID=24542&ranEAID=IokOf8qagZo&ranSiteID=IokOf8qagZo-nsDeHen9vYAKjPANFfMqGA&epi=IokOf8qagZo-nsDeHen9vYAKjPANFfMqGA&irgwc=1&OCID=AID2000142_aff_7593_1243925&tduid=(ir__y6n6ld9wagkftwwjkk0sohzz0e2xnhqpjxog0b0h00)(7593)(1243925)(IokOf8qagZo-nsDeHen9vYAKjPANFfMqGA)()&irclickid=_y6n6ld9wagkftwwjkk0sohzz0e2xnhqpjxog0b0h00 APT32使用 COVID-19 诱饵针对中国进行网络攻击 https://www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html ThreatConnect Playbook：自动导入RSS feed数据并标记与Covid-19相关的所有关键字 https://threatconnect.com/blog/playbook-fridays-automatically-import-and-tag-your-rss-feed-data-with-covid-19-tags/ 安全研究 Security Research MINDSHARE：使用LLDBINIT增强LLDB调试器 https://www.zerodayinitiative.com/blog/2020/4/20/mindshare-using-lldbinit-to-enhance-the-lldb-debugger 利用COVID-19主题解构逃避的Formbook广告活动 https://www.fortinet.com/blog/threat-research/deconstructing-an-evasive-formbook-campaign-leveraging-covid-19-themes.html Windows内核驱动程序静态逆向工程的方法论 https://www.anquanke.com/post/id/203237 WordPress Rank Math SEO插件任意元数据修改漏洞分析 https://xz.aliyun.com/t/7616