漏洞 Vulnerability CVE-2019-9535：iTerm2远程代码执行漏洞预警 https://cert.360.cn/warning/detail?id=8816c5951dbb6359770f98254c8b15fa 泛微e-cology OA SQL注入漏洞预警 https://cert.360.cn/warning/detail?id=11ad26c582ffedabd0143939a6a5a188 CVE-2019-6971：TP-Link TL-WR1043ND 2认证绕过 https://www.exploit-db.com/exploits/47483 安全工具 Security Tools BoolSi：用于布尔网络的分布式仿真和分析工具 http://arxiv.org/abs/1910.03736 安全报告 Security Report Recorded Future发布威胁情报实践手册 https://www.grahamcluley.com/feed-sponsor-recorded-future/ 安全事件 Security Incident 通过模拟钓鱼攻击，暴露了6W患者的医疗和个人信息 https://www.bleepingcomputer.com/news/security/phishing-incident-exposes-medical-personal-info-of-60k-patients/ 黑客攻击Volusion基础设施，以窃取数千个站点中的支付信息 https://securityaffairs.co/wordpress/92294/hacking/volusion-security-breach.html 恶意软件 Malware APT28恶意软件Zebrocy新组件分析 https://www.freebuf.com/articles/network/215358.html 安全研究 Security Research 微软NTLM漏洞安全梳理 https://gbhackers.com/microsoft-ntlm/ CVE-2019-6333：HP触摸终端漏洞分析 https://safebreach.com/Post/HP-Touchpoint-Analytics-DLL-Search-Order-Hijacking-Potential-Abuses-CVE-2019-6333 红蓝对抗：使用Shellcode躲避安全检测 https://www.fireeye.com/blog/threat-research/2019/10/staying-hidden-on-the-endpoint-evading-detection-with-shellcode.html