漏洞 Vulnerability Drupal发布安全更新 https://www.us-cert.gov/ncas/current-activity/2020/06/18/drupal-releases-security-updates Cisco Webex Meetings Desktop App for Mac更新功能代码执行漏洞 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-mac-X7vp65BL Cisco Webex Meetings Desktop App URL处理中导致任意程序执行漏洞 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-url-fcmpdfVY Cisco Webex Meetings and Cisco Webex Meetings Server Token未授权访问漏洞 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-token-zPvEjKN 安全研究 Security Research VM Pwn学习 https://www.anquanke.com/post/id/208450 Snapchat逆向分析 https://hot3eed.github.io/snap_part1_obfuscations.html 一些关于macos安全的文章 http://lockboxx.blogspot.com/2020/06/macos-post-summary.html 从云端到终端的攻击链映射 https://www.microsoft.com/security/blog/2020/06/18/inside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint/ 一文详解云上容器ATT&CK矩阵 https://www.freebuf.com/articles/container/240139.html FF Sandbox Escape (CVE-2020-12388) https://googleprojectzero.blogspot.com/2020/06/ff-sandbox-escape-cve-2020-12388.html 从SDL到DevSecOps：始终贯穿开发生命周期的安全 https://www.freebuf.com/vuls/240074.html 安全资讯 Security Information Google开源Tsunami安全扫描引擎 https://opensource.googleblog.com/2020/06/tsunami-extensible-network-scanning.html Zoom宣布为所有用户提供端到端加密 https://www.cyberscoop.com/zoom-end-to-end-encryption-free-paid/ 恶意软件 Malware 使用可变C2下发Cobalt Strike的APT攻击 https://blog.malwarebytes.com/threat-analysis/2020/06/multi-stage-apt-attack-drops-cobalt-strike-using-malleable-c2-feature/ AcidBox病毒使用virtualbox漏洞禁用DSE https://unit42.paloaltonetworks.com/acidbox-rare-malware/