漏洞 Vulnerability Testlink 文件上传和SQL注入漏洞 https://ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection/ 安全报告 Security Report Windows win32k组件 新的漏洞类型和利用技术 https://www.ragestorm.net/Win32k%20Smash%20the%20Ref.pdf 安全事件 Security Incident 1400万个Key Ring用户的付款和医疗卡信息遭泄露 https://www.scmagazine.com/home/security-news/data-breach/14-million-key-ring-users-exposed-in-open-database/ 安全资讯 Security Information 黑客论坛OGUsers被入侵，超过20万用户信息被窃取 https://www.hackread.com/ogusers-hacking-forum-hacked-database-dumped/ Elasticsearch未授权访问，15000多台ES服务器数据被删除 https://www.zdnet.com/article/a-hacker-has-wiped-defaced-more-than-15000-elasticsearch-servers/ 新型DDoS僵尸网络Hoaxcalls利用Grandstream UCM6200(CVE-2020-5722)和Draytek Vigor(CVE-2020-8515)漏洞进行传播 https://unit42.paloaltonetworks.com/new-hoaxcalls-ddos-botnet/?web_view=true 安全研究 Security Research 使用Miasm分析Shellcode https://www.randhome.io/blog/2020/04/04/analyzing-shellcodes-with-miasm-for-fun-and-profit/ JMX远程代码漏洞研究 https://www.freebuf.com/vuls/231132.html CVE-2019-1458: Win32k特权提升漏洞分析 https://googleprojectzero.blogspot.com/2020/04/tfw-you-get-really-excited-you-patch.html Android Cerberus恶意样本分析 https://www.freebuf.com/articles/terminal/230628.html 如何在iOS和macOS上未经授权的情况下开启相机访问权限 https://www.ryanpickren.com/webcam-hacking