漏洞 Vulnerability HTMLFrameElementBase::isURLAllowed 函数漏洞导致 uxss https://bugs.chromium.org/p/project-zero/issues/detail?id=1916 BitBucket服务器参数注入漏洞安全预警 https://mp.weixin.qq.com/s/3J-lA0CQylrq2ZY3ZEESiQ 安全工具 Security Tools CloudUnflare：绕过 Cloudflare 侦察真实ip http://feedproxy.google.com/~r/PentestTools/~3/uOiN58lJSW0/cloudunflare-reconnaissance-real-ip.html 使用 scdbg 搜索 Shellcode https://isc.sans.edu/diary/Using+scdbg+to+Find+Shellcode/25460 恶意软件 Malware Raccoon 信息窃取恶意软件感染了全球100,000多名用户 https://securityaffairs.co/wordpress/93028/malware/raccoon-info-stealer-maas.html 安全事件 Security Incident 格鲁吉亚遭受了大规模的网络攻击，影响了15000+个网站 https://www.zdnet.com/article/largest-cyber-attack-in-georgias-history-linked-to-hacked-web-hosting-provider/ 微软：APT28 在东京奥运会之前将目标对准体育组织 https://www.zdnet.com/article/microsoft-russian-hackers-are-targeting-sporting-organizations-ahead-of-tokyo-olympics/ 安全资讯 Security Information Pwn2Own hacking 竞赛扩大至工业控制系统 https://www.cyberscoop.com/pwn2own-miami-industrial-control-systems/ 冒充 APT 组织 Fancy Bear 进行 DDOS 攻击的犯罪组织 https://threatpost.com/cybercriminals-impersonate-russian-apt-fancy-bear-to-launch-ddos-attacks/149578/ 安全研究 Security Research 堆快照：跟踪所有堆分配 https://randomascii.wordpress.com/2019/10/27/heap-snapshots-tracing-all-heap-allocations/ 寻找网络安全工具中的漏洞 Prat 1 https://blog.vastart.dev/2019/10/attacking-networks-security-core.html 寻找网络安全工具中的漏洞 Part 2：CVE-2019-17424 研究和RCE漏洞利用 https://blog.vastart.dev/2019/10/stack-overflow-cve-2019-17424.html 使用 DAST、RASP 来测试和监控应用程序安全 https://blog.rapid7.com/2019/10/28/application-security-testing-monitoring-with-dast-and-rasp-a-two-pronged-approach/ 从安全的文件共享服务中窃取私钥 https://timvisee.com/blog/stealing-private-keys-from-secure-file-sharing-service/