漏洞 Vulnerability CVE-2020-0549：Intel处理器CacheOut漏洞通告 https://cert.360.cn/warning/detail?id=6319355ed77875884802263f270cdd78 CVE-2020-7247: OpenSMTPD 远程命令执行漏洞通告 https://cert.360.cn/warning/detail?id=b03e92c903678dd6497d1be040f761d5 安全工具 Security Tools AFLplusplus添加了CmpLog插桩功能 https://github.com/vanhauser-thc/AFLplusplus/blob/master/llvm_mode/README.cmplog.md S3Enum – Amazon S3 Bucket枚举工具 http://feedproxy.google.com/~r/PentestTools/~3/cRCWjBIgR3Q/s3enum-fast-amazon-s3-bucket.html 安全资讯 Security Information ZDI对2019年的回顾 https://www.zerodayinitiative.com/blog/2020/1/30/looking-back-at-the-zero-day-initiative-in-2019 MSRC宣布Xbox漏洞奖励计划 https://msrc-blog.microsoft.com/2020/01/30/announcing-the-xbox-bounty-program/ Android NDK开始支持HWAddress Sanitizer https://developer.android.com/ndk/guides/hwasan 安全研究 Security Research 对RTCore漏洞的研究 https://swapcontext.blogspot.com/2020/01/unwinding-rtcore.html macOS上Adobe Reader符号的故事 https://googleprojectzero.blogspot.com/2020/01/part-ii-returning-to-adobe-reader.html 使用苹果的终端安全框架检测内存执行 https://posts.specterops.io/detection-engineering-using-apples-endpoint-security-framework-affdbcb18b02 Azure云基础设施中的严重漏洞导致RCE https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-ii/ 恶意软件 Malware 伊朗针对美国公司的活动使用了新的工具集 https://intezer.com/blog-new-iranian-campaign-tailored-to-us-companies-uses-updated-toolset/