漏洞 Vulnerability Adobe ColdFusion 任意文件读取和任意文件包含漏洞通告 https://mp.weixin.qq.com/s/FxCV6zqj8V35lOe4ItsIyQ AquaForest Tiff Server 中多个漏洞 https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/ Nginx/OpenResty内存泄漏/目录穿越漏洞通告 https://cert.360.cn/warning/detail?id=2fa61b8f64ebe5e0d74b62082ce2d12f 恶意软件 Malware 网络钓鱼活动冒充WHO邮件传播HawkEye恶意软件 https://www.bleepingcomputer.com/news/security/who-chief-impersonated-in-phishing-to-deliver-hawkeye-malware/ 安全事件 Security Incident 总部位于英国的安全公司 Elasicsearch配置错误泄露了包括 邮箱密码在内的50亿条数据 https://securitydiscovery.com/data-breach-database-data-breach/ 安全资讯 Security Information 分析网络空间日光浴室委员会针对网络安全国家的蓝图 https://www.securityweek.com/analyzing-cyberspace-solarium-commissions-blueprint-cybersecure-nation?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29 美国国家标准技术研究所（NIST）发布 SP 800-53 修订草案 https://www.securityweek.com/nist-updates-flagship-sp-800-53-security-and-privacy-controls?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5-draft.pdf 隐私一览无余！微博泄露事件卧底调查报告 https://www.freebuf.com/news/230960.html 随着在家办公的开展，网络攻击逐步增多 https://threatpost.com/coronavirus-poll-cyberattacks-work-from-home/153958/?utm_source=rss&utm_medium=rss&utm_campaign=coronavirus-poll-cyberattacks-work-from-home 安全研究 Security Research 在Go运行时托管CLR并执行.NET程序集 https://www.anquanke.com/post/id/201221 挖洞经验 | 不被PayPal待见的6个安全漏洞 https://www.freebuf.com/vuls/228755.html 攻击者利用通达OA漏洞释放勒索病毒，用户数据遭到加密 https://www.secpulse.com/archives/125954.html