漏洞 Vulnerability IBM DB2任意代码执行漏洞 https://www.cnvd.org.cn/flaw/show/CNVD-2020-68350 CVE-2020-13530: EIP OpENer拒绝服务漏洞 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1143 CVE-2020-13556：EIP OpENer越界写漏洞 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1170 安全研究 Security Research Project Zero: iOS 无交互无线电攻击 https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html 邮件持久化攻击的新前景 https://www.mdsec.co.uk/2020/11/a-fresh-outlook-on-mail-based-persistence/ 安全事件 Security Incident K12 教育机构遭受Ryuk勒索软件攻击 https://securityaffairs.co/wordpress/111824/malware/k12-ryuk-ransomware.html BlackShadow组织攻击了以色列保险公司Shirbit https://www.hackread.com/hackers-steal-israel-insurance-firm-client-data-breach/ 恶意软件 Malware 通过SSH进行横向移动的挖矿僵尸网络 https://tolisec.com/multi-vector-minertsunami-botnet-with-ssh-lateral-movement/ 安全资讯 Security Information Turla APT组织使用了工具集Crutch实施攻击 https://securityaffairs.co/wordpress/111813/apt/turla-crutch-malware-platform.html 新型网络攻击可影响生物学研究DNA合成过程 https://www.hackread.com/malware-attack-trick-biologists-dangerous-toxins/