漏洞 Vulnerability Drupal core- SA-CORE-2019-011 – 访问控制权限绕过漏洞 https://www.drupal.org/sa-core-2019-011 Tomcat CVE-2019-12418 本地权限提升 http://markmail.org/message/c4cqiflefw2ox6kn?q=+list:org%2Eapache%2Etomcat%2Eannounce ArchLinux: libgit2: 任意代码执行漏洞 https://www.linuxsecurity.com/advisories/archlinux/archlinux-201912-5-libgit2-arbitrary-code-execution-17-37-48?rss macOS Kernel 条件竞争 / Use-After-Free 漏洞 http://vulhub.org.cn/vuln/VH-F155721 安全工具 Security Tools Secretx – 请求API列表获得api keys的自动化工具 http://feedproxy.google.com/~r/PentestTools/~3/g35SXE7Iy-E/secretx-extracting-api-keys-and-secrets.html ReconCobra – 用于信息收集的完全自动化框架 http://feedproxy.google.com/~r/PentestTools/~3/XxvnDoXhWac/reconcobra-complete-automated-pentest.html 安全报告 Security Report 趋势科技报告: 观察到僵尸网络相关联的恶意软件活动 https://securityaffairs.co/wordpress/95325/malware/momentum-botnet.html 安全事件 Security Incident 华硕/宏基预装软件中存在系统劫持问题 https://www.hackread.com/system-hijacking-flaws-pre-installed-acer-asus-software/ apache-commons-beanutils 安全更新 https://access.redhat.com/errata/RHSA-2019:4317 恶意软件 Malware MyKings僵尸网络正在缓慢但稳定的增长 https://otx.alienvault.com/pulse/5dfa53868beb2b5dae6335ec 安全研究 Security Research 企业安全建设之漏洞管理与运营 https://www.freebuf.com/articles/security-management/221508.html 无需解密即可识别HTTPS中的DNS流量 http://feedproxy.google.com/~r/Securityweek/~3/KiRjIzepiFE/identifying-dns-over-https-traffic-without-decryption-possible-researcher