漏洞 Vulnerability 谷歌浏览器有5个新缺陷，称为Magellan 2.0 https://securityaffairs.co/wordpress/95633/hacking/chrome-magellan-2-0-flaws.html D-Link DIR-601 B1 2.00NA设备身份验证绕过 https://cve.circl.lu/cve/CVE-2019-16327 安全工具 Security Tools nmapAutomator-自动化所有侦察/枚举的工具 https://www.kitploit.com/2019/12/nmapautomator-tool-to-automate-all-of.html Haaukins：一款高度自动化和可访问的安全教育虚拟化平台 https://www.freebuf.com/articles/terminal/223184.html sherlock：通过社交网络上的用户名搜寻社交媒体帐户 https://github.com/sherlock-project/sherlock shelly基于python 的后门管理工具 https://www.kitploit.com/2019/12/shelly-simple-backdoor-manager-with.html 安全报告 Security Report 2019年数据泄露报告 https://pages.riskbasedsecurity.com/2019-midyear-data-breach-quickview-report 2020年网络预测 https://resources.infosecinstitute.com/top-cybersecurity-predictions-for-2020/ 安全资讯 Security Information 世界著名恶意软件汇总 https://www.cybersecurity-insiders.com/worlds-most-dreaded-state-developed-malware-strains/ 新方向：黑客利用AI创建高级威胁 https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/foreseeing-a-new-era-cybercriminals-using-machine-learning-to-create-highly-advanced-threats?utm_source=trendmicroresearch&utm_medium=smk&utm_campaign=1219_New-Era-Cybercriminals 浅谈ATT&CK对提升主机EDR检测能力的探索 https://www.anquanke.com/post/id/195933 年终盘点：南亚APT组织“群魔乱舞”，链条化攻击“环环相扣” https://www.anquanke.com/post/id/195989 安全研究 Security Research 利用树莓派来监视任务目标 https://www.secpulse.com/archives/121288.html ATT&CK框架：攻击者最常用的TOP7攻击技术及其检测策略 https://www.freebuf.com/articles/network/223122.html 恶意软件 Malware FIN7 攻击组织样本分析 https://www.fortinet.com/blog/threat-research/bioload-fin7-boostwrite-lost-twin.html