漏洞 Vulnerability GHSL-2020-122：git-diff-apply命令注入漏洞 https://securitylab.github.com/advisories/GHSL-2020-122-rce-git-diff-apply Chrome v8引擎 RCE 0day https://twitter.com/dmxcsnsbh/status/1275853809336700931 CVE-2020-9480: Apache Spark 远程代码执行漏洞通告 https://cert.360.cn/warning/detail?id=fddb243e00ab6b9e191e686857e24685 CVE-2020-14993：DrayTek Vigor2960，Vigor3900和Vigor300B设备缓冲区溢出漏洞，可使未经授权的攻击者远程执行代码 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14993 安全工具 Security Tools 进攻性的OSINT–使用LeakLooker进行进攻性信息泄漏搜集 https://www.offensiveosint.io/offensive-osint-so1e07-offensive-leak-hunt-with-leaklooker/ 安全报告 Security Report 全网约80000台打印机对外暴露了IPP协议端口 https://www.shadowserver.org/news/open-ipp-report-exposed-printer-devices-on-the-internet/ 安全事件 Security Incident 4000万telegram 账户数据泄漏 https://twitter.com/ddd1ms/status/1275411962466390016 安全资讯 Security Information WikiLeaks创始人阿桑奇被指控与“Anonymous”有密谋 https://www.justice.gov/opa/press-release/file/1289641/download 安全研究 Security Research 通过.net垃圾回收机制进行DLL注入 https://ired.team/offensive-security/code-injection-process-injection/injecting-dll-via-custom-.net-garbage-collector-environment-variable-complus_gcname CVE-2020-5825: Symantec Endpoint Protection 任意文件移动漏洞分析利用 https://www.accenture.com/us-en/blogs/cyber-defense/exploiting-arbitrary-file-move-in-symantec-endpoint-protection Exchange服务器的防御手段 https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-servers-under-attack/ 使用Shell Link作为无接触下载器 https://isc.sans.edu/forums/diary/Using+Shell+Links+as+zerotouch+downloaders+and+to+initiate+network+connections/26276/