漏洞 Vulnerability WordPress热门插件爆严重漏洞! 影响超过350000个站点!! https://mp.weixin.qq.com/s/oxrjVw2T0S0w1ff9NkkaDA CVE-2020-3495：Cisco Jabber的Windows版本中存在远程代码执行漏洞 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-UyTKCPGg 安全工具 Security Tools unimap：一款优化 Nmap 扫描策略的攻击 https://securityonline.info/unimap-reduce-scan-times-with-nmap-for-large-amounts-of-data/ 安全报告 Security Report 五眼联盟发布”恶意软件检测和缓解技术方法”报告 https://us-cert.cisa.gov/sites/default/files/publications/AA20-245A-Joint_CSA-Technical_Approaches_to_Uncovering_Malicious_Activity_508.pdf 安全资讯 Security Information 阿根廷的官方移民局网络系统遭受 Netwalker 勒索软件攻击，被迫停止 4 小时服务 https://www.bleepingcomputer.com/news/security/ransomware-attack-halts-argentinian-border-crossing-for-four-hours/ 安全研究 Security Research 一个有关 V8 漏洞的细节分析 https://www.elttam.com/blog/simple-bugs-with-complex-exploits/ Javascript fuzzing 引擎和利用方式开发的阅读列表 https://zon8.re/posts/javascript-engine-fuzzing-and-exploitation-reading-list/ Windows Server Update Services（WSUS）攻击：PyWSUS简介-第一部分 https://www.gosecure.net/blog/2020/09/03/wsus-attacks-part-1-introducing-pywsus/ DataCon 2020 网络黑产分析方向亚军writeup https://mp.weixin.qq.com/s/Ots4JVLacoaySqCNwUvzQg 崩溃回溯分析 https://mp.weixin.qq.com/s/iMSXvWdn7RhS97bkYufymQ 恶意软件 Malware apt32 混淆工具包介绍 https://blog.viettelcybersecurity.com/apt32-deobfuscation-arsenal-deobfuscating-mot-vai-loai-obfucation-toolkit-cua-apt32-phan-1/ TA2719近期活动特征分析 https://mp.weixin.qq.com/s/5GWjGzLLHgRVrVbcRE7cNg Cofense 发现新的钓鱼策略：伪装成“邮件隔离”通知的钓鱼邮件 https://cofense.com/message-quarantine-campaign-overlying-potential/ 攻击者通过 HTTPS 滥用 Google DNS 下载恶意软件 https://www.bleepingcomputer.com/news/security/attackers-abuse-google-dns-over-https-to-download-malware/