漏洞 Vulnerability 通达OA远程命令执行漏洞通告 https://cert.360.cn/warning/detail?id=33cdea70fb8b9ac5d608333f73e85fbe VMware产品中的多个漏洞 https://www1.crisp.govcert.gov.hk/portal/govcert/en/alerts_detail.xhtml?id=460 Nginx反向代理的LUA引擎OpenResty本地文件读取漏洞和CRLF注入漏洞 https://www.openwall.com/lists/oss-security/2020/03/18/1 安全工具 Security Tools RedTeam利器，进程分析，过程监控 https://github.com/outflanknl/Ps-Tools windows10相关漏洞EXP&POC https://github.com/nu11secur1ty/Windows10Exploits 安全资讯 Security Information 英国电信运营商O2的英国合作伙伴Aero Direct遭遇数据泄露 https://www.aerial-direct.co.uk/di-update/ 安全研究 Security Research APT10 木马和编译工具分析 https://www.virusbulletin.com/blog/2020/03/vb2019-paper-defeating-apt10-compiler-level-obfuscations/ Operation Overtrap攻击活动，攻击者通过Bottle Exploit Kit和Cinobi Banking Trojan攻击日本在线银行用户 https://blog.trendmicro.com/trendlabs-security-intelligence/operation-overtrap-targets-japanese-online-banking-users-via-bottle-exploit-kit-and-brand-new-cinobi-banking-trojan/ MonitorMinor：恶意的跟踪软件分析 https://securelist.com/monitorminor-vicious-stalkerware/95575/ 微软发布：从内核漏洞安全分析特种木马，到企业防御 https://www.microsoft.com/security/blog/2020/03/17/secured-core-pcs-a-brief-showcase-of-chip-to-cloud-security-against-kernel-attacks/ Check Point ZoneAlarm 防火墙本地提权漏洞分析 https://www.securify.nl/advisory/SFY20200317/zonealarm-truevector-internet-monitor-service-insecure-ntfs-permissions-vulnerability.html 巧用匿名函数绕过D盾 https://www.freebuf.com/articles/web/229649.html 恶意软件 Malware winnti 针对越南的攻击分析 https://medium.com/@Sebdraven/winnti-uses-the-rtf-exploit-8-t-too-targets-vietnam-13300d432272 Trickbot银行木马分析，新的木马分发方式和持久化方式。 https://isc.sans.edu/diary/25918