漏洞 Vulnerability CVE-2019–19681：PandoraFMS 7.x 的远程代码执行漏洞 https://medium.com/@k4m1ll0/remote-code-execution-vulnerability-in-pandorafms-7-x-8ce55d4b1d5a 恶意软件 Malware 挖矿僵尸网络使用Taylor Swift（人名）图像隐藏有效载荷 https://www.zdnet.com/article/cryptocurrency-mining-botnet-uses-a-taylor-swift-image-to-hide-malware-payloads/ 安全工具 Security Tools ida 插件：寻找文件中可能存在的加密常量 https://github.com/polymorf/findcrypt-yara BinDiff 6 Beta 版本 https://docs.google.com/forms/d/e/1FAIpQLSepe2TtvckQsDxYTaiD3wv2EtikHLBTilnFjBM_Es6f1DLZuw/viewform?usp=send_form automatic-api-attack-tool：自动化 API 安全测试工具 http://feedproxy.google.com/~r/PentestTools/~3/NqlqeAZtRY4/automatic-api-attack-tool-customizable.html 安全报告 Security Report 对被水破坏的移动设备进行取证分析 https://www.sciencedirect.com/science/article/pii/S1742287619301586 安全事件 Security Incident 命名为 “Wocao” 组织的黑客行为分析 https://www.fox-it.com/nl/actueel/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/ 蔓灵花（APT-C-08）移动平台攻击活动揭露 https://www.anquanke.com/post/id/195378 针对韩国数百家工业系统的APT攻击正波及全球 https://www.anquanke.com/post/id/195346 2019年度APT攻击回顾 https://www.anquanke.com/post/id/195311 安全资讯 Security Information 本田泄漏2.6万北美客户的数据 https://threatpost.com/honda-leaks-data-26k-north-american-customers/151283/ 超过 3000 个 Ring 摄像头的用户信息及登录凭证被泄露 https://www.buzzfeednews.com/article/carolinehaskins1/data-leak-exposes-personal-data-over-3000-ring-camera-users 由于 Emotet 恶意软件感染，法兰克福关闭了当地网络 https://www.zdnet.com/article/frankfurt-shuts-down-it-network-following-emotet-infection/ 安全研究 Security Research 通过 CHROMIUM 正则表达式对特斯拉的渗透攻击 https://www.zerodayinitiative.com/blog/2019/12/18/regular-exploitation-of-a-tesla-model-3-through-chromium-regexp 用Unicode的“ i”入侵GitHub https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/ 检查 TLS WEB 流量 -Part2 https://blogs.akamai.com/2019/12/inspecting-tls-web-traffic—part-2.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheAkamaiBlog+%28The+Akamai+Blog%29 检查TLS WEB流量-第1部分 https://blogs.akamai.com/2019/12/inspecting-tls-web-traffic—part-1.html Javascript反调试-使用SourceMappingURL https://www.perimeterx.com/blog/javascript-anti-debugging-1/ Firefox Web浏览器逻辑沙箱逃逸漏洞 https://www.zerodayinitiative.com/blog/2019/12/16/local-privilege-escalation-in-win32ksys-through-indexed-color-palettes Windows内核模式驱动程序中的本地特权升级 https://www.zerodayinitiative.com/blog/2019/12/16/local-privilege-escalation-in-win32ksys-through-indexed-color-palettes 回顾 SHAREPOINT（CVE-2019-0604） 远程代码执行漏洞的影响 https://www.zerodayinitiative.com/blog/2019/12/18/looking-back-at-the-impact-of-cve-2019-0604-a-sharepoint-rce