漏洞 Vulnerability 趋势科技安全客户端11 本地任意文件覆盖 https://www.exploit-db.com/exploits/47751 Integard Pro NoJs 远程缓冲区溢出 https://www.exploit-db.com/exploits/47750 安全工具 Security Tools Seeker v1.2.1 – 使用社会工程精确定位移动电话 http://feedproxy.google.com/~r/PentestTools/~3/7aDHg2h1Qd8/seeker-v121-accurately-locate.html 安全报告 Security Report McAfee实验室2020威胁预测报告 https://securingtomorrow.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-labs-2020-threats-predictions-report/ 安全资讯 Security Information VMware修复天府杯中披露的ESXi问题 https://securityaffairs.co/wordpress/94787/hacking/vmware-fixes-esxi-flaw.html 青藤云安全：用MITRE ATT&CK来规范化安全运行环境 https://www.secpulse.com/archives/119892.html SANS宣布第十三届黑客挑战和第二届KringleCon信息安全会议 https://go.theregister.co.uk/feed/www.theregister.co.uk/2019/12/06/sans_holiday_hack_challenge_kringlecon/ 安全研究 Security Research 利用计划任务进行权限维持的几种姿势 https://www.secpulse.com/archives/119936.html 为什么EDR识别威胁不足 https://securingtomorrow.mcafee.com/blogs/enterprise/endpoint-security/response-required-why-identifying-threats-with-your-edr-isnt-enough/ 使用安全性为中心的HTTP头防范漏洞 https://blog.rapid7.com/2019/12/06/hidden-helpers-security-focused-http-headers-to-protect-against-vulnerabilities/ 从 0 开始入门 Chrome Ext 安全（二） — 安全的 Chrome Ext https://paper.seebug.org/1092/ Web安全漏洞系列：2019 Google CTF题型讲解 https://www.freebuf.com/video/216237.html 恶意软件 Malware 朝鲜 MacOS 恶意软件采用内存执行 http://feedproxy.google.com/~r/Securityweek/~3/7HZo50Kb3NI/north-korean-macos-malware-adopts-memory-execution Lazarus 无文件木马攻击Mac 平台 https://nakedsecurity.sophos.com/2019/12/06/mac-users-targetted-by-lazarus-fileless-trojan/