漏洞 Vulnerability ManageEngine Desktop Central 远程桌面管理控制台RCE漏洞 https://www.exploit-db.com/exploits/48176 CVE-2019-0090:英特尔CSME和SPS漏洞 https://www.intel.com/content/www/us/en/support/articles/000033416/technologies.html CVE-2020-3843:AWDL边界检查不足，导致远程iOS/MacOS内核堆损坏 https://bugs.chromium.org/p/project-zero/issues/detail?id=1982 CVE-2020-5405:spring-cloud-config-server 目录遍历漏洞 https://pivotal.io/security/cve-2020-5405 CVE-2020-2555: Oracle Coherence&WebLogic反序列化远程代码执行漏洞通告 https://cert.360.cn/warning/detail?id=f52f5ba5e84b7577d4157fdac85d8208 CVE-2020-8597: PPPD 远程代码执行漏洞通告 https://cert.360.cn/warning/detail?id=b41ffdb8a90a58c0c263b84a03ed22fa 安全工具 Security Tools Apfell 一个多人协作的多平台的红队框架 https://github.com/its-a-feature/Apfell 安全事件 Security Incident 超过2亿条美国人口数据泄露 https://thehackernews.com/2020/03/us-property-records-database.html 安全资讯 Security Information 删库背后，是权限管控的缺失 https://www.freebuf.com/articles/security-management/229084.html 安全研究 Security Research 开源威胁仿真器(模拟网络攻击或恶意行为)概述 https://arxiv.org/pdf/2003.01518.pdf Microsoft的670多个子域很容易被接管 https://vullnerability.com/blog/microsoft-subdomain-account-takeover SMS身份验证的常见缺陷 https://blog.deteact.com/common-flaws-of-sms-auth/