漏洞 Vulnerability CVE-2019-19470：TinyWall防火墙本地提权漏洞分析 https://www.anquanke.com/post/id/197436 趋势科技CVE-2019-20357 持久性任意代码执行漏洞 https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx 安全工具 Security Tools 微软发布软件源代码分析工具 https://github.com/Microsoft/ApplicationInspector 安全报告 Security Report 金融行业研究报告–网络风险与美国金融体系 https://www.newyorkfed.org/medialibrary/media/research/staff_reports/sr909.pdf 安全资讯 Security Information 欧盟可能会禁止面部识别5年 https://www.ehackingnews.com/2020/01/european-union-likely-to-ban-facial.html 乌兹别克斯坦当局启动国家矿池 https://www.ehackingnews.com/2020/01/the-authorities-of-uzbekistan-to-launch.html TA428对于伊朗与美国之间最近的冲突的滥用 https://twitter.com/stevelord/status/1218801022363000833 未修补的IE浏览器零日漏洞影响数百万的Windows用户 https://gbhackers.com/ie-zero-day-vulnerability/ 自2019年10月以来，360安全中心已成功拦截了针对外贸，运输和几个重要海港的多次网络攻击 https://twitter.com/360TotalSec/status/1218816654097862657 安全研究 Security Research HTB-Craft 一次从git入手的渗透练习 https://www.anquanke.com/post/id/197432 Windows 10帮助文件chm格式漏洞挖掘 https://www.anquanke.com/post/id/197417 TrickBot使用Windows 10 UAC旁路进行逃避检测 https://www.bleepingcomputer.com/news/security/trickbot-now-uses-a-windows-10-uac-bypass-to-evade-detection/ Android VoIP组件中的8种网络安全风险 https://daoyuan14.github.io/papers/TR19_VoIPFuzzing.pdf 恶意软件 Malware 针对沙特的恶意软件ZeroCleare攻击活动。后续特马为：Dustman https://securityintelligence.com/posts/enter-dustman-new-wiper-takes-after-zerocleare-targets-organizations-in-saudi-arabia/