漏洞 Vulnerability CVE-2019-18873 FUDForum 3.0.9易于通过User-Agent HTTP标头存储XSS，导致远程执行代码 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18873 台湾中华电信数据中心代码执行漏洞 https://blog.orange.tw/2019/11/HiNet-GPON-Modem-RCE.html Apache ActiveMQ漏洞CVE-2018-11775 https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-activemq-vulnerability-cve-2018-11775/ 安全工具 Security Tools Mimikatz维基百科 https://www.peerlyst.com/posts/the-mimikatz-wiki-chiheb-chebbi?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post SOC开源工具集合 http://prasannamundas.com/share/opensource-tools-for-security-operations/?preview=true&_thumbnail_id=220 安全报告 Security Report Lazarus组织2019年10月的活动情况 https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/North%20Korea/APT/Lazarus/23-10-19/analysis.md platinum APT组织亚太地区活动 https://securityintelligence.com/news/platinum-group-using-new-titanium-backdoor-to-target-apac-region/ 安全事件 Security Incident 黑客入侵以色列网络安全公司Check Point 旗下公司论坛 https://thehackernews.com/2019/11/zonealarm-forum-data-breach.html 安全资讯 Security Information Google将用户隐私健康数据存储系统转移到美国 https://www.theregister.co.uk/2019/11/12/google_brings_its_secret_health_data_stockpiling_systems_to_the_us/?utm_source=dlvr.it&utm_medium=twitter DDoS攻击亚马逊、SoftLayer和电信基础设施 https://threatpost.com/massive-ddos-amazon-telecom-infrastructure/150096/?utm_source=dlvr.it&utm_medium=twitter 安全研究 Security Research 浏览器和html解析机制的理解 https://www.secpulse.com/archives/118040.html VulnHub-DC-1靶机渗透测试 https://www.freebuf.com/articles/network/218073.html 攻击云基础架构的新方法 https://www.darkreading.com/cloud/researchers-find-new-approach-to-attacking-cloud-infrastructure/d/d-id/1336327a 通过Sandbox Escape和内核R / W导致RCE的iOS越狱 https://github.com/ssd-secure-disclosure/advisories/tree/master/SSD%20Advisory%20-%204066