漏洞 Vulnerability CVE-2019-11043: PHP-FPM在Nginx特定配置下任意代码执行漏洞预警 https://cert.360.cn/warning/detail?id=62906fc8ae4629c32223ac7258e12555 CVE-2019-10462 Jenkins Dynatrace应用监控插件2.1.3 CSRF漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10462 安全工具 Security Tools LetsMapYourNetwork：一款物理网络可视化工具 https://www.freebuf.com/sectool/215127.html BlackHat 2019工具库-BLACKPHENIX-恶意软件分析自动化框架 http://feedproxy.google.com/~r/fortinet/blog/threat-research/~3/xj_HnX4lnuw/blackhat-black-phenix-framework.html 安全事件 Security Incident Avast安全分析：导致CCleaner失窃的VPN凭证 https://www.databreachtoday.com/avast-stolen-vpn-credentials-led-to-ccleaner-attack-redux-a-13283 美国某保健医院遭受钓鱼攻击12.9万病人信息泄露 https://securityboulevard.com/2019/10/hospital-leaks-129k-patient-records-in-sophisticated-phishing-scam/ 安全资讯 Security Information Office 365将恶意软件ZAP添加到安全监测中心 https://www.bleepingcomputer.com/news/security/office-365-adds-malware-zap-toggle-to-security-and-compliance-center/ 美国FBI发布有关抵制电子盗版的文章 https://www.us-cert.gov/ncas/current-activity/2019/10/23/fbi-releases-article-defending-against-e-skimming 美国联邦委员发布Retina-X应用禁令严厉打击“跟踪软件” https://www.freebuf.com/news/217716.html 安全研究 Security Research 探索CND上的DDoS攻击: 缓存投毒导致拒绝服务 https://securityaffairs.co/wordpress/92859/hacking/cpdos-attack-cdns.html NukeSped RATs恶意工具深度分析 http://feedproxy.google.com/~r/fortinet/blog/threat-research/~3/QqmLFUy4jXo/deep-analysis-nukesped-rat.html