安全工具 Security Tools UEFI_RETool-用于UEFI固件逆向工程的工具 https://www.kitploit.com/2020/08/uefiretool-tool-for-uefi-firmware.html FestIn – 一款S3 Bucket 弱点发现工具 https://www.kitploit.com/2020/08/festin-s3-bucket-weakness-discovery.html 安全事件 Security Incident 英特尔20GB机密数据泄漏，含有BIOS和专有技术源代码等 https://www.anquanke.com/post/id/213293 佳能遭Maze勒索软件攻击并疑似数据泄露 https://www.bleepingcomputer.com/news/security/canon-confirms-ransomware-attack-in-internal-memo/ 安全资讯 Security Information 数百个Uber Eats用户记录在Dark Web上泄露 https://www.hackread.com/uber-eats-user-records-leaked-dark-web/ 安全研究 Security Research CVE-2020-4450: WebSphere远程代码执行漏洞分析 https://cert.360.cn/report/detail?id=3d016bdef66b8e29936f8cb364f265c8 php源码分析 require_once 绕过不能重复包含文件的限制 https://www.anquanke.com/post/id/213235 如何使用Swift从命令行读取密码和敏感数据 https://rderik.com/blog/how-to-read-passwords-and-sensitive-data-from-the-command-line-using-swift/ 针对SETUID根程序的ARM堆栈溢出攻击教程 https://www.fortinet.com/blog/threat-research/tutorial-arm-stack-overflow-exploit-against-setuid-root-program 安全报告 Security Report 绕过MassLogger的反分析手段-一个中间人的方法 https://www.fireeye.com/blog/threat-research/2020/08/bypassing-masslogger-anti-analysis-man-in-the-middle-approach.html Water Nue网络钓鱼活动针对C-Suite的Office 365帐户的分析报告 https://blog.trendmicro.com/trendlabs-security-intelligence/water-nue-campaign-targets-c-suites-office-365-accounts/