漏洞 Vulnerability CVE-2019-1491： Microsoft SharePoint Server 信息泄露漏洞风险提示 https://www.anquanke.com/post/id/195489 安全通告: Mozzila Firefox多处漏洞 (低于 Firefox 68.2.0 ESR) https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozzila-firefox-less-than-firefox-68-2-0-esr-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if09-icam-synthetic-3-0/ CVE-2019-19340：Ansible Tower 的组件 RabbitMQ存在暴露漏洞 https://twitter.com/CVEnew/status/1207778921833533441 恶意软件 Malware 新SophsLabs报告：隐藏恶代通过Taylor Switft图片下载 https://nakedsecurity.sophos.com/2019/12/19/hiding-malware-downloads-in-taylor-swift-pics-new-sophoslabs-report/ 安全工具 Security Tools 逆向工程资源收集：3000+开源工具，～600篇博客 https://twitter.com/Dinosn/status/1208263736999514117 Lazyrecon – 自动化你的侦查流程 http://feedproxy.google.com/~r/PentestTools/~3/gnQbJyIw6iA/lazyrecon-script-to-automate-your.html 一个XSS scanner https://0x00sec.org/t/a-great-xss-scanner-and-some-example-open/18176/1 自动化API攻击工具 http://feedproxy.google.com/~r/PentestTools/~3/NqlqeAZtRY4/automatic-api-attack-tool-customizable.html 安全报告 Security Report 漏洞披露的双刃剑效应 https://www.anquanke.com/post/id/195385 思科威胁周报 (12. 19, 2019) http://feedproxy.google.com/~r/feedburner/Talos/~3/5OS1dv4SmfQ/threat-source-newsletter-dec-19-2019.html 安全事件 Security Incident Zeppelin 回来了！勒索软件通过远程管理软件窃取数据 https://www.ehackingnews.com/2019/12/zeppelin-is-back-ransomware-stealing.html OilRig组织在思科VPN软件安装毒蛙后门 https://gbhackers.com/poison-frog-backdoor/ 本周勒索趋势- 12 20th 2019 – 攻击到处都是 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-20th-2019-attacks-everywhere/ Cisco ASA DoS 漏洞在野利用 http://feedproxy.google.com/~r/feedburner/Talos/~3/-OXf8NpGtss/ASA-Bug-Attacked-In-The-Wild.html 黑客通过滥用RDP服务来提取数据和下放攻击Payload https://gbhackers.com/rdp-service/ 黑客从700个Wawa店面窃取大量信用卡 https://twitter.com/Dinosn/status/1207988809192923136 金融服务提供商Frankfurt因为Emotet攻击而暂停IT网络 https://www.zdnet.com/article/frankfurt-shuts-down-it-network-following-emotet-infection/ 安全资讯 Security Information 美国Navy禁用TikTok只因其存在风险 https://www.theguardian.com/technology/2019/dec/21/us-navy-bans-tiktok-from-mobile-devices-saying-its-a-cybersecurity-threat 生物认证数据安全威胁分析 https://www.freebuf.com/articles/network/221796.html 苹果高级漏洞奖励计划增至100万美金 https://threatpost.com/apples-bug-bounty-opens-1m-payout/151334/ 360网络安全周报第229期 https://www.anquanke.com/post/id/195494 安全研究 Security Research 挖洞经验 | 利用捐款功能形成重放攻击实现Facebook身份认证绕过分析 https://www.freebuf.com/vuls/222545.html 如何通过.NET调用Windows本地RPC服务器 https://www.anquanke.com/post/id/195430