漏洞 Vulnerability CVE-2019-6188：联想个别版本BIOS篡改检测机制未触发导致可能未经授权访问 https://twitter.com/CVEnew/status/1194370736997228545 CVE-2019-3648：McAfee反病毒软件漏洞 https://go.theregister.co.uk/feed/www.theregister.co.uk/2019/11/12/mcafee_av_vulnerability/ CVE-2019-15815：ZyXEL P-1302-T10D v3未授权访问漏洞 https://twitter.com/CVEnew/status/1194310326638055424 安全工具 Security Tools 记一次编写域账号弱口令审计工具 https://www.freebuf.com/sectool/219636.html ThreatIngestor：一款功能强大的威胁情报提取和聚合工具 https://www.freebuf.com/sectool/218725.html 恶意软件 Malware 深入分析近期活跃Emotet家族木马 https://www.anquanke.com/post/id/190180 安全事件 Security Incident telegram软件MTProxy服务器用于DDoS伊朗云提供商 https://www.bleepingcomputer.com/news/security/telegram-mtproxy-servers-used-to-ddos-iranian-cloud-provider/ 安全资讯 Security Information 2020 ICS大会Singapore会议启动 http://feedproxy.google.com/~r/Securityweek/~3/vibXWlpLfnU/call-papers-securityweeks-2020-singapore-ics-cyber-security-conference 墨西哥Pemex石油公司遭受勒索攻击490万美元 https://www.bleepingcomputer.com/news/security/mexicos-pemex-oil-suffers-ransomware-attack-49-million-demanded/ 安全研究 Security Research APT组织Lazarus2019年行动回顾 https://otx.alienvault.com/pulse/5dcad59a712e041c70ca7fcb 威胁捕获效率与EDR的选择 https://securingtomorrow.mcafee.com/business/endpoint-security/threat-hunting-or-efficiency-pick-your-edr-path/ Java反序列化利用链分析之CommonsCollections3 https://www.anquanke.com/post/id/190461