漏洞 Vulnerability iOS 13错误使第三方键盘具有“完全访问”权限 https://techcrunch.com/2019/09/24/apple-bug-full-access-keyboards/ 安全工具 Security Tools 学习使用OSINT工具 https://www.peerlyst.com/posts/resource-osint-tools-and-how-you-learn-how-to-use-them-guurhart?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post Emsisoft为WannaCryFake勒索软件发布了免费的解密程序 https://securityaffairs.co/wordpress/91715/malware/wannacryfake-ransomware-decryptor.html 安全报告 Security Report 某APT组织使用PcShare后门攻击东南亚的科技公司 https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html 安全事件 Security Incident 朝鲜黑客组织利用“人权”文档攻击美国政府官员 https://www.nknews.org/2019/09/north-korea-watcher-community-targeted-with-ongoing-phishing-campaign/ 捷克情报局称去年中国入侵了捷克某政府机构 https://malaysia.news.yahoo.com/czech-intelligence-blames-china-major-cyber-attack-145121984.html 美国doordash送餐服务数据泄露，490万数据 https://gbhackers.com/doordash-data-breach/ 安全资讯 Security Information 国土安全部成立特别工作组向联邦政府提供有关评估和管理与ICT供应链相关的风险的建议。 https://www.nextgov.com/cybersecurity/2019/09/cisa-task-force-catalogs-190-supply-chain-security-threats/160084/ 俄罗斯开始安装用于隔离俄罗斯互联网（Runet）的设备 https://www.ehackingnews.com/2019/09/roskomnadzor-began-installation-of.html 厄瓜多尔2000万的个人数据再次泄露 https://www.bloomberg.com/news/articles/2019-09-24/ecuadorians-personal-data-found-on-unsecured-database-again?srnd=technology-vp 安全研究 Security Research Magecart组织通过L7路由器攻击Wi-Fi用户 https://securityintelligence.com/posts/leading-magecart-group-targeting-captive-wi-fi-users-via-l7-routers/ 使用Google重定向规避检测的鱼叉钓鱼邮件攻击 https://www.bleepingcomputer.com/news/security/microsoft-phishing-attack-uses-google-redirects-to-evade-detection/ CVE-2019-1257：通过BDC反序列化在Microsoft SharePoint上执行代码 https://www.anquanke.com/post/id/187377 RDP 登录日志取证与清除 https://paper.seebug.org/1043/ Covenant：针对红队设计的.NET命令行控制框架 https://www.freebuf.com/articles/system/213672.html CVE-2019-0801：Office URI超链接劫持漏洞分析 https://www.anquanke.com/post/id/187397