漏洞 Vulnerability CVE-2020-0796 POC https://blog.zecops.com/vulnerabilities/exploiting-smbghost-cve-2020-0796-for-a-local-privilege-escalation-writeup-and-poc/ ZOOM客户端的漏洞（UNC路径注入） https://www.bleepingcomputer.com/news/security/zoom-client-leaks-windows-login-credentials-to-attackers/ 恶意软件 Malware 利用office文档密码功能绕过防护 https://www.mimecast.com/blog/2020/03/velvetsweatshop-microsoft-excel-spreadsheet-encryption-rises-again-to-deliver-limerat-malware/ 恶意软件市场中的Raccoon利用各种传输途径分发给木马给用户 https://blog.trendmicro.com/trendlabs-security-intelligence/raccoon-stealers-abuse-of-google-cloud-services-and-multiple-delivery-techniques/ 深入研究IcedID Banking Trojan的新主要版本 https://securityintelligence.com/posts/breaking-the-ice-a-deep-dive-into-the-icedid-banking-trojans-new-major-version-release/ “新冠肺炎”勒索病毒出现，Anubis起死回生 https://www.freebuf.com/articles/terminal/230737.html 安全报告 Security Report 360诺亚实验室发布：HackingTeam新活动，Scout/Soldier重回视野 http://noahblog.360.cn/hackingteam_new_trace/ 黑客组织“重构”ZOOM视频会议软件，捆绑恶意程序 https://labs.bitdefender.com/2020/03/infected-zoom-apps-for-android-target-work-from-home-users/ 安全事件 Security Incident 伊朗Telegram4200万数据泄露 https://www.comparitech.com/blog/information-security/iranian-telegram-accounts-leaked/ 万豪酒店再次被黑，影响多达520万名客户 https://www.wired.com/story/marriott-hacked-yes-again-2020/ 美国象党共和党选民软件（拉票、联系）代码泄露 https://www.upguard.com/breaches/campaign-sidekick-git-data-leak 世界知名的在线备份数据库系统数据泄露，1.35亿用户数据泄露 https://www.infosecurity-magazine.com/news/secure-backup-company-leaks-135 安全资讯 Security Information FBI警告，Kwampirs恶意软件用于针对全球行业（包括医疗保健行业）的持续网络供应链攻击活动 https://www.aha.org/fbi-tlp-alert/2020-03-30-fbi-alert-tlp-white-kwampirs-malware-employed-ongoing-cyber-supply-chain 安全研究 Security Research 在anyrun沙箱中利用特殊字符串搜样本 https://intezer.com/blog/intezer-analyze/blog-search-for-revealing-strings-in-intezer-analyze/ OWASP固件安全测试方法 https://scriptingxss.gitbook.io/firmware-security-testing-methodology/ ATT＆CK标签框架&Playbook 结合 https://threatconnect.com/blog/playbook-fridays-attck-tag-framework/ 2019十大ATTCK技术合集 https://www.recordedfuture.com/mitre-attack-tactics/