漏洞 Vulnerability CVE-2020-9850|CVE-2020-9856|CVE-2020-9801: Safari类型混淆/沙盒逃逸 https://cxsecurity.com/issue/WLB-2020100009 CVE-2020-25986|CVE-2020-25987: MonoCMS Blog 1.0文件删除/CSRF/硬编码凭证 https://cxsecurity.com/issue/WLB-2020100008 安全研究 Security Research 二维码:一种隐秘的安全威胁 https://threatpost.com/qr-codes-sneaky-security-threat/159757/ Cobalt Strike 绕过流量审计 https://paper.seebug.org/1349/ 安全报告 Security Report CISA和CNMF识别了一个新的恶意软件变种 https://us-cert.cisa.gov/ncas/current-activity/2020/10/01/cisa-and-cnmf-identify-new-malware-variant 安全工具 Security Tools WhatWeb Scanner 0.5.3 https://packetstormsecurity.com/files/159446/WhatWeb-0.5.3.tar.gz 安全事件 Security Incident 网络罪犯通过BEC攻击从150家公司窃取了1500万美元 https://www.securityweek.com/cybercriminals-stole-15-million-150-companies-bec-attacks Netwalker勒索软件操作员泄露了从K-Electric窃取的文件 https://securityaffairs.co/wordpress/109000/hacking/k-electric-netwalker-data-leak.html?utm_source=rss&utm_medium=rss&utm_campaign=k-electric-netwalker-data-leak 安全资讯 Security Information 新的恶意软件找到新目标物联网设备——Android电视 https://www.hackread.com/malware-targets-iot-devices-android-tv/ IPStorm僵尸网络从Windows扩展到Android、Mac和Linux https://www.zdnet.com/article/ipstorm-botnet-expands-from-windows-to-android-mac-and-linux/