漏洞 Vulnerability CVE-2020-0069：安卓超级漏洞影响 mediatek 设备，本地攻击者可利用进行任意内存地址读写 https://blog.quarkslab.com/cve-2020-0069-autopsy-of-the-most-stable-mediatek-rootkit.html CVE-2020-0863：Windows Diagnostic Tracking 服务任意文件读漏洞分析 https://itm4n.github.io/cve-2020-0863-windows-diagtrack-info-disclo/ 安全报告 Security Report 独家：关于俄罗斯联邦安全局FSB承包商0day公司的秘辛 https://mp.weixin.qq.com/s/z1YDwXp0vsHzEWsVHt_yng 通过本地新闻链接针对香港移动用户攻击的技术简报 https://documents.trendmicro.com/assets/Tech-Brief-Operation-Poisoned-News-Hong-Kong-Users-Targeted-with-Mobile-Malware-via-Local-News-Links.pdf 安全事件 Security Incident 针对 PHPUnit RCE 漏洞（CVE-2017-9841）的攻击卷土重来 https://www.imperva.com/blog/the-resurrection-of-phpunit-rce-vulnerability/ 恶意软件 Malware Kimsuky APT 组织利用疫情话题针对南韩进行双平台的攻击活动的分析 https://mp.weixin.qq.com/s/MDYFd699cwkiBD9YD-uTcw WildPressure: 卡巴斯基发现了针对中东工业的 APT 攻击 https://securelist.com/wildpressure-targets-industrial-in-the-middle-east/96360/?utm_source=rss&utm_medium=rss&utm_campaign=wildpressure-targets-industrial-in-the-middle-east 攻击者利用美国公共健康网站 HHS.gov 域名重定向恶意地址推送恶意软件 https://www.bleepingcomputer.com/news/security/hhsgov-open-redirect-used-by-coronavirus-phishing-to-spread-malware/?__cf_chl_jschl_tk__=7170ee3e7fa802a920ea29658c091461ba9e75f5-1585099871-0-AWZGCoOySxwvDDpqa6pSZlyBHKd4a0yDTA-jFVGynBgWKfxdFsWdqDjbO6uVUj3mofqli67wsZx2Xj2t5cPdVZvuEdkF2Wo3tq6iK4u4Zi_g8xY1-G4VMqGVMhCjUF3xsFrEAMsDsDukbsr-MKDiNJ8EbmoIhQ0RDn8qzoDENNVfsowT82DXapDrF2adKmNPQnzZG9qkYbi55YYGqtxpOiLsSSfQfvLIjGSCWcO-Bxav6jTs0N4jmL0spFRrtEQ36cgDoSfbww2rZTJFo2fe9jcH1euyGBhuL4-ALnayV2CowE60Pq37gxAZqHD6QyRK8MllsLhsfvVDMeYiu4Ut-kVPo40TmPlRQ3nOzrM0tI0JCxT8ei22F017yleH2APQxw 新 Mirai 变种针对 Zyxel 网络存储设备分析报告 https://unit42.paloaltonetworks.com/new-mirai-variant-mukashi/ TrickBot 针对性向德国银行受害者投递能够绕过”双因子认证”移动木马 https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/ 俄罗斯 APT28 组织行为追踪：持续扫描并攻击邮件服务器 https://www.zdnet.com/article/apt28-has-been-scanning-and-exploiting-vulnerable-email-servers-for-more-than-a-year/ 安全研究 Security Research Linux 内核内存管理与漏洞利用 https://mp.weixin.qq.com/s/giV6FcKK5wm2KnbYQxtvLA JNDI 实现回显研究 https://www.anquanke.com/post/id/200892 内存标签技术的安全性分析 https://github.com/microsoft/MSRC-Security-Research/blob/master/papers/2020/Security%20analysis%20of%20memory%20tagging.pdf 蓝牙安全之 Active Scanning vs. Passive Scanning 研究 https://www.anquanke.com/post/id/201599 相似样本查找引擎研究 http://blog.topsec.com.cn/%e7%9b%b8%e4%bc%bc%e6%a0%b7%e6%9c%ac%e6%9f%a5%e6%89%be%e5%bc%95%e6%93%8e%e7%a0%94%e7%a9%b6/