漏洞 Vulnerability CVE-2019-15164: rpcapd SSRF漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-15164 CVE-2019-15163: rpcapd 空指针漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-15163 CVE-2019-11779: Eclipse Mosquitto栈溢出漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11779 安全研究 Security Research 深入了解子域名挖掘tricks https://xz.aliyun.com/t/6617 qemu pwn-Blizzard CTF 2017 Strng writeup https://xz.aliyun.com/t/6618 基于开源蜜罐的实践与功能扩展 https://www.freebuf.com/sectool/217256.html 挖洞经验 | Jira服务工作台路径遍历导致的敏感信息泄露漏洞（CVE-2019-14994） https://www.freebuf.com/vuls/216267.html mysql报错注入的脑回路 https://xz.aliyun.com/t/6615 同源策略那些事 https://xz.aliyun.com/t/6614 安全工具 Security Tools ATTACKdatamap: 一款自动映射数据的ATT&CK 框架 https://www.kitploit.com/2019/10/attackdatamap-datasource-assessment-on.html Tails 4.0 针对隐私和匿名性的保护软件 https://www.kitploit.com/2019/10/tails-40-live-system-to-preserve-your.html Tarnish：一款针对Chrome扩展的静态安全分析平台 https://www.freebuf.com/articles/web/216063.html 安全资讯 Security Information Verizon, AT&T, Sprint 和 T-Mobile 将使用RCS代替 SMS https://sec.today/pulses/41373cc2-832c-4103-9d9a-ad874b73e3e8/ 安全报告 Security Report 2019第三季度APT分析报告 https://www.freebuf.com/articles/network/217990.html NCSC 报告: U.K. 今年的网络攻击 https://securityaffairs.co/wordpress/93015/intelligence/ncsc-report-cyber-attacks.html 恶意软件 Malware Apple Store 中存在的点击劫持应用 https://securityaffairs.co/wordpress/93005/malware/clicker-trojan-apps-app-store.html