漏洞 Vulnerability CVE-2020-0618: 微软 SQL Server 远程代码执行漏洞通告 https://cert.360.cn/warning/detail?id=eb57a4ea32131f58ad40b6d92168a74c 安全工具 Security Tools ATT&CK工具 https://github.com/nshalabi/ATTACK-Tools Fuzzowski：网络协议fuzzer https://www.kitploit.com/2020/02/fuzzowski-network-protocol-fuzzer-that.html 安全事件 Security Incident IOTA加密货币在钱包被黑后其基金会关闭了整个网络 https://www.zdnet.com/article/iota-cryptocurrency-shuts-down-entire-network-after-wallet-hack/ PhotoSquared应用程序泄露了十万个用户的照片和家庭住址 https://www.hackread.com/photosquared-leaks-photos-home-addresses-of-users/ 安全资讯 Security Information 500个Chrome扩展程序窃取了170万用户隐私 https://thehackernews.com/2020/02/chrome-extension-malware.html OpenSSH添加了对FIDO / U2F安全密钥的支持 https://www.zdnet.com/article/openssh-adds-support-for-fidou2f-security-keys/ 美国网络司令部在VT上分享来自朝鲜的恶意软件样本 https://www.securityweek.com/uscybercom-shares-more-north-korean-malware-samples 安全研究 Security Research Azure安全知识 https://michaelhowardsecure.blog/2020/02/14/so-you-want-to-learn-azure-security/ 武器化XSS的乐趣 https://www.trustedsec.com/events/webinar-popping-shells-instead-of-alert-boxes-weaponizing-xss-for-fun-and-profit/ 2020年网络安全趋势预测 https://www.trustedsec.com/events/webinar-2020-security-trends-from-trustedsec-whats-happening-today-tomorrow-and-far-out/ DNS隧道第3部分：RogueRobin https://ironnet.com/blog/dns-tunneling-series-part-3-the-siren-song-of-roguerobin/ 静态逆向Shellcode技术：第1阶段 https://0ffset.net/reverse-engineering/malware-analysis/common-shellcode-techniques/ 修补MacOS Sketch.App在Ghidra中的无限试用 https://duraki.github.io/posts/o/20200214-sketch.app-patch-in-ghidra.html