安全工具 Security Tools Inhale：一款恶意软件分析跟分类工具 https://github.com/netspooky/inhale oregami:一款用于分析寄存器使用情况的IDA插件 https://github.com/shemesh999/oregami oculus-tls-extractor：从Oculus Runtime中提取TLS密钥 https://github.com/m1el/oculus-tls-extractor 安全资讯 Security Information 数千份Zoom凭据在暗网售卖 https://securityaffairs.co/wordpress/101475/deep-web/zoom-dark-web.html 利用特定T-short阻止人脸识别技术 https://arstechnica.com/features/2020/04/some-shirts-hide-you-from-cameras-but-will-anyone-wear-them/ 微软：每天少于2％的垃圾邮件使用COVID-19诱饵 https://www.zdnet.com/article/microsoft-under-2-of-all-daily-malspam-uses-covid-19-lures/ 东京2020年奥运会–提防机票诈骗，假冒商品和欺骗网站 https://tokyo2020.org/ja/news/notice-0006 安全研究 Security Research 探索云安全的常见威胁 https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/exploring-common-threats-to-cloud-security COVID-19大流行时期的网络攻击 https://www.brighttalk.com/webcast/15591/395083 从潜在威胁应用程序中提取TLS密钥 http://m1el.github.io/oculus-tls-extract/ 通过mysql jdbc 反序列化触发的 SpringBoot RCE 新利用方法 https://landgrey.me/blog/14/ 恶意软件 Malware 恶意软件跟踪 https://any.run/malware-trends/ 新的Wiper恶意软件冒充安全研究人员进行破坏活动 https://www.bleepingcomputer.com/news/security/new-wiper-malware-impersonates-security-researchers-as-prank/ 安全报告 Security Report APT29指南 https://go.attackiq.com/rs/041-FSQ-281/images/CISO_Guide_APT29.pdf ACE文件附件的恶意邮件活动 https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/threat-actors-deliver-courier-themed-spam-campaign-with-attached-ace-files