漏洞 Vulnerability USN-4148-1: 影响Ubuntu的OpenEXR漏洞 https://usn.ubuntu.com/4148-1/ 安全工具 Security Tools Penta:开源的用于自动化渗透测试的一体式CLI工具 https://www.kitploit.com/2019/10/penta-open-source-all-in-one-cli-tool.html 安全报告 Security Report 供应链攻击的演变和未来 https://www.brighttalk.com/webcast/15591/365528 安全资讯 Security Information 美英两国签署犯罪数据共享协议 https://www.infosecurity-magazine.com/news/us-uk-crime-data-sharing/ 未打补丁的VPN服务器遭到具有国家背景的网络攻击 https://www.healthcareinfosecurity.com/unpatched-vpn-servers-targeted-by-nation-state-attackers-a-13202 美英澳政府敦促Facebook终止其端到端加密计划 https://nakedsecurity.sophos.com/2019/10/07/governments-urge-facebook-to-hit-pause-on-end-to-end-encryption/ 社交媒体平台可能被迫在全球范围内删除非法内容 https://nakedsecurity.sophos.com/2019/10/07/social-media-platforms-can-be-forced-to-delete-illegal-content-worldwide/ 安全研究 Security Research 在快速变化的威胁环境中重新思考网络风险 https://www.scmagazine.com/home/opinion/executive-insight/rethinking-cyberisks-amid-a-rapidly-evolving-threat-environment/ 如何定义有效的云安全–第3部分：应用于Microsoft Azure https://www.peerlyst.com/posts/how-to-define-effective-cloud-security-baselines-part-3-application-to-microsoft-azure-guy-bertrand-kamga Wi-Fi信号使研究人员透过墙壁通过步态识别人员身份 https://nakedsecurity.sophos.com/2019/10/07/wi-fi-signals-let-researchers-id-people-through-walls-from-their-gait WhatsApp中从UAF到RCE https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/ 恶意软件 Malware 6种常见的网络钓鱼攻击及其防范方式 https://www.tripwire.com/state-of-security/security-awareness/6-common-phishing-attacks-and-how-to-protect-against-them/