2019年11月23日 星期六

資安事件新聞週報 2019/11/18 ~ 2019/11/22

資安事件新聞週報  2019/11/18  ~  2019/11/22
1.重大弱點漏洞/後門/Exploit/Zero Day
中彈!高通晶片有漏洞 手機個資不保
https://www.chinatimes.com/realtimenews/20191118003422-260410?chdtv
透過智慧門鈴就可攻擊整個房子聯網設備!Amazon 已修補Ring Video Doorbell Pro 漏洞
https://blog.trendmicro.com.tw/?p=62657
Grin核心開發者解析Mimblewimble「漏洞」:非根本性缺陷,Grin很安全
https://news.knowing.asia/news/0cc8c2e7-222c-40e0-a7c8-5c010ede7023
Grin 隱私模型漏洞!駭客每週花費60美元的AWS服務,就能追蹤 96% 金流地址
https://www.blocktempo.com/former-google-engineer-uncovers-96-of-privacy-altcoin-addresses/
Fortinet FortOS 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19111802
Fortinet FortiClient 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19111901
Google動態郵件功能出現XSS漏洞,可讓駭客透過Gmail發動攻擊
https://www.ithome.com.tw/news/134279
IBM WebSphere Application 遠端執行任意程式碼漏洞
https://www.hkcert.org/my_url/zh/alert/19111801
HKCERT 呼籲關注Windows 7、Windows伺服器2008 及 2008 R2 終止支援服務
https://www.hkcert.org/my_url/zh/blog/19112201
引發 BSoD 的BlueKeep漏洞攻擊,造成系統崩潰的原因
https://blog.trendmicro.com.tw/?p=62621
High-Severity Windows UAC Flaw Enables Privilege Escalation
https://threatpost.com/windows-uac-flaw-privilege-escalation/150463/
THANKSGIVING TREAT: EASY-AS-PIE WINDOWS 7 SECURE DESKTOP ESCALATION OF PRIVILEGE
https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege
Microsoft issues patch for Internet Explorer zero‑day
https://www.welivesecurity.com/2019/11/14/microsoft-patch-internet-explorer-zero-day/
Windows操作系統的74個漏洞用戶如何保護設備
https://chinese.aljazeera.net/technology/2019/11/19/microsoft-fixes-74-vulnerabilities-windows-operating-system
CVE-2019-1388
https://nvd.nist.gov/vuln/detail/CVE-2019-1388
New Windows 10 20H1 test build brings more fixes
https://www.zdnet.com/article/new-windows-10-20h1-test-build-brings-more-fixes/#ftag=RSSbaffb68
Symantec Endpoint Protection遭爆有本地端權限漏洞
https://www.ithome.com.tw/news/134228
Symantec 產品多個漏洞
https://www.hkcert.org/my_url/zh/alert/19111501
英特爾被曝漏洞Zombieload2 jQuery 跨站腳本漏洞影響大量網站
https://www.huorong.cn/info/1573813322393.html
McAfee殺毒軟件代碼執行漏洞(CVE-2019-3648)
https://www.venustech.com.cn/article/1/10574.html
Serious Security Vulnerability Found In All McAfee Antivirus Editions
https://latesthackingnews.com/2019/11/14/serious-security-vulnerability-found-in-all-mcafee-antivirus-editions/
RHEL和CentOS再獲重要內核安全更新:緩解英特爾處理器漏洞影響
https://www.cnbeta.com/articles/tech/911581.htm
美國研究員發現 11 個 5G 新漏洞:會被駭客降成 4G,還會被發虛假警報
https://buzzorange.com/techorange/2019/11/19/new-5g-security-threats/
Chrome 瀏覽器書籤不見了,原來是 Google 在測試新功能出了差錯
https://technews.tw/2019/11/19/chrome-browser-fake/
思科VoIP適配器具有嚴重的安全漏洞
http://bit.ly/334EzT4
THANKSGIVING TREAT: EASY-AS-PIE WINDOWS 7 SECURE DESKTOP ESCALATION OF PRIVILEGE
https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege
Openfind MAIL2000 Webmail Pre-Auth Cross-Site Scripting and Open Redirect
http://net.nthu.edu.tw/2009/mailing:announcement:20191121_01
Openfind MAIL2000 Webmail Post-Auth Cross-Site Scripting
https://tvn.twcert.org.tw/taiwanvn/TVN-201909002
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
內線交易難定罪 陳冲:改內部人要買賣先公告
https://www.chinatimes.com/realtimenews/20191116002687-260410?chdtv
純網銀的思辨(下):三國鼎立的年代,究竟誰能勝出獨領風騷
https://www.bnext.com.tw/article/55502/internet-only-bank-open-banking-2
數位時代 給證交法新生命
http://bit.ly/35cswEK
大量印度信用卡資料出現在暗網,金融卡資料首度喊到每筆100美元,創黑市新高
https://www.ithome.com.tw/news/134217
2019台北金融科技展拚創意 五家FinTech獨角獸現身
https://money.udn.com/money/story/5636/4171711
緊急聲明:近日出現疑似冒充本公司「ANUE 鉅亨」網站 提醒用戶慎防
https://news.cnyes.com/news/id/4413249?exp=b
星展銀行開出第一槍!顧立雄提銀行裁撤ATM的3大原則
http://bit.ly/2CUDoe2
ATM顯示「偵測鈔券放入異常」 他撬開吐鈔口驚見4.4萬...直接入袋
https://www.ettoday.net/news/20191119/1583351.htm
證交所持續推廣台股盤中逐筆交易 擬真平台使用人次成長近7成
https://www.ettoday.net/news/20191119/1583478.htm
財金公司建議 保資安險護身
http://bit.ly/2XwFLgV
跨入第二階段 開放API 財金訂TSP篩選標準
http://bit.ly/37rhP32
Web payment card skimmers add anti-forensics capabilities
https://www.csoonline.com/article/3453940/web-payment-card-skimmers-add-anti-forensics-capabilities.html
New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks
https://thehackernews.com/2019/11/financial-cyberattacks.html
Massive Hack Strikes Offshore Cayman National Bank and Trust
https://unicornriot.ninja/2019/massive-hack-strikes-offshore-cayman-national-bank-and-trust/
New JavaScript Skimmer Found on Ecommerce Sites
https://www.bankinfosecurity.com/new-javascript-skimmer-found-on-ecommerce-sites-a-13411
Cases of ATM skimming decline, explosive attacks increase in Europe
https://www.atmmarketplace.com/news/cases-of-atm-skimming-decline-explosive-attacks-increase-in-europe/
All commercial banks switch to chip-based cards
https://thehimalayantimes.com/business/all-commercial-banks-switch-to-chip-based-cards/
Turkish cybercriminals hack ATMs in Tripura, steal huge cash
https://www.thehindu.com/news/national/other-states/turkish-cybercriminals-hack-atms-in-tripura-steal-huge-cash/article30010268.ece
Macy’s suffers online Magecart card-skimming attack, data breach
https://www.zdnet.com/article/macys-suffers-online-magecart-card-skimming-attack/#ftag=RSSbaffb68
3.電子支付/電子票證/行動支付/ pay/新聞及資安
行動支付快速發展 陳美伶估年底消費金額突破千億大關
https://www.rti.org.tw/news/view/id/2042386
4.虛擬貨幣/區塊鍊相關新聞及資安
Maker中的漏洞:預言機治理攻擊、攻擊DAOs和去中心化
https://www.lianshijie.com/news/180394
第一人稱射擊遊戲「比特幣賞金獵人」,擊殺玩家賺取比特幣
https://zombit.info/first-person-shooter-bitcoin-bounty-hunter-kill-players-to-earn-bitcoin
加密貨幣錢包GateHub數據遭洩露,140萬帳戶資訊被盜
https://news.knowing.asia/news/81a31bc4-afcb-4d8e-b771-36d8ea146d79
勤業眾信:企業區塊鏈市場逐漸成熟了,金融、物流應用型態開始更多元
https://www.ithome.com.tw/news/134324
從加密貨幣交易所的故事,來瞭解整個加密貨幣產業
https://news.knowing.asia/news/209b877a-1f72-430d-8a41-ecb1a352eab7
比特幣日漸稀缺,丟失的比特幣都到哪裡去了
https://news.knowing.asia/news/523788b7-d496-4195-ad93-b3cb96411837
US charges men with cryptocurrency theft, SIM-swapping attacks
https://www.zdnet.com/article/us-charges-men-with-cryptocurrency-theft-sim-swapping-attacks/#ftag=RSSbaffb68
DOJ: Pair Used SIM Swapping Scam to Steal Cryptocurrency
https://www.bankinfosecurity.com/doj-pair-used-sim-swapping-scam-to-steal-cryptocurrency-a-13405
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
小心公共USB充電站讓惡意程式上身,美政府籲勿使用
https://ithome.com.tw/news/134225
使用公共 USB 充電站,恐被駭客植入惡意程式!美府:最好用行動電源
https://buzzorange.com/techorange/2019/11/18/us-usb-charging-station-malware/
盤點近幾年勒索病毒使用過的工具和漏洞
https://mlog.club/article/1859512
路易斯安那州遭勒索軟體攻擊,部份伺服器停擺
https://www.ithome.com.tw/news/134285
Sophos揭露WannaCry 由獵食者演變成危險疫苗
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000572853_NZA9DAHL48LZ6E4HEVU2C
駭客在臉書上刊登惡意的麥當勞廣告散佈金融木馬
https://www.ithome.com.tw/news/134315
小心別亂點!假冒微軟 Windows 更新通知信,暗藏新型勒索軟體
https://3c.ltn.com.tw/news/38709
是更新還是病毒?資安業者提醒 小心以微軟更新版為名的假信件
https://newtalk.tw/news/view/2019-11-22/330307
YouTube 出現「比特幣錢包金鑰產生器 」,實為竊個資木馬
https://blog.trendmicro.com.tw/?p=62693
Ransomware Revival: Troldesh becomes a leader by the number of attacks
https://securityaffairs.co/wordpress/94111/malware/ransomware-troldesh-top-malwar.html
When one isn’t enough: This shady malware will infect your PC with dual Trojans
https://www.zdnet.com/article/when-one-isnt-enough-this-shady-malware-will-infect-your-pc-with-two-trojans/#ftag=RSSbaffb68
Double Vision: Stealthy Malware Dropper Delivers Dual RATs
https://threatpost.com/malware-dropper-dual-rats/150271/
When one isn’t enough: This shady malware will infect your PC with dual Trojans
https://www.zdnet.com/article/when-one-isnt-enough-this-shady-malware-will-infect-your-pc-with-two-trojans/#ftag=RSSbaffb68
Double Trouble: RevengeRAT and WSHRAT
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample.html
Weeding out WannaMine v4.0: Analyzing and Remediating This Mineware Nightmare
https://www.crowdstrike.com/blog/weeding-out-wannamine-v4-0-analyzing-and-remediating-this-mineware-nightmare/
Stealthy new Android malware poses as ad blocker, serves up ads instead
https://blog.malwarebytes.com/android/2019/11/stealthy-new-android-malware-poses-as-ad-blocker-serves-up-ads-instead/
Stealthy Malware Flies Under AV Radar with Advanced Obfuscation
https://threatpost.com/malware-steals-info-with-advanced-obfuscation/150280/
Custom dropper hide and seek
https://blog.talosintelligence.com/2019/11/custom-dropper-hide-and-seek.html
Android malware disguises as ad blocker, but then pesters users with ads
https://www.zdnet.com/article/android-malware-disguises-as-ad-blocker-but-then-pesters-users-with-ads/#ftag=RSSbaffb68
Hackers μολύνουν συστήματα χρησιμοποιώντας το Metasploit και κακόβουλα έγγραφα Word
https://www.secnews.gr/204461/hackers-word-emails/
Ανησυχητική η αύξηση των malware επιθέσεων σε νοσοκομεία
https://www.secnews.gr/204438/nosokomeia-trojan-dedomena-epitheseis/
Phishing Campaigns Spoof Government Agencies: Report
https://www.bankinfosecurity.com/phishing-campaigns-spoof-government-agencies-report-a-13408
Warnings Issued For Text, TV 'Smishing' Scams
https://dailyvoice.com/connecticut/shelton/news/warnings-issued-for-text-tv-smishing-scams/778936/
Attackers are staging tax-themed phishing attacks to target companies in Germany and Italy
https://renewsindustry.com/attackers-are-staging-tax-themed-phishing-attacks-to-target-companies-in-germany-and-italy/2196/
Malware developers are betting you’ll be fooled by ‘Donald Trump Screen of Death’
https://www.nny360.com/artsandlife/lifestyle/malware-developers-are-betting-you-ll-be-fooled-by-donald/article_6c01b7ea-7def-5213-8f2b-40b1bb0fc1d1.html
When one isn’t enough: This shady malware will infect your PC with dual Trojans
https://newsvire.com/when-one-isnt-enough-this-shady-malware-will-infect-your-pc-with-dual-trojans/
Koadic C3 COM Command & Control - JScript RAT
https://github.com/zerosum0x0/koadic
Symantec, ESET, McAfee rank first in Windows anti-malware market share
https://www.zdnet.com/article/symantec-eset-mcafee-rank-first-in-windows-anti-malware-market-share/#ftag=RSSbaffb68
Ransomware hits Louisiana state government systems
https://www.zdnet.com/article/ransomware-hits-louisiana-state-government-systems/#ftag=RSSbaffb68
Shade Ransomware Is the Most Actively Distributed Malware via Email
https://www.bleepingcomputer.com/news/security/shade-ransomware-is-the-most-actively-distributed-malware-via-email/
2019-11-19 - PCAP AND MALWARE FOR AN ISC DIARY (HANCITOR INFECTION)
https://www.malware-traffic-analysis.net/2019/11/19/index.html
Antivirus vendors and non-profits join to form 'Coalition Against Stalkerware'
https://www.zdnet.com/article/antivirus-vendors-and-non-profits-join-to-form-coalition-against-stalkerware/#ftag=RSSbaffb68
Emotet Trojan Campaigns Continue
https://www.cyber.nj.gov/alerts-and-advisories/20191112/emotet-trojan-campaigns-continue
Louisiana Government Recovering From Ransomware Attack
https://www.bankinfosecurity.com/louisiana-government-recovering-from-ransomware-attack-a-13419
Mac Backdoor Linked to Lazarus Targets Korean Users
https://blog.trendmicro.com/trendlabs-security-intelligence/mac-backdoor-linked-to-lazarus-targets-korean-users/
Threat Analysis Unit (TAU) Threat Intelligence Notification: Ramnit Banking Trojan
https://www.carbonblack.com/2019/11/18/threat-analysis-unit-tau-threat-intelligence-notification-ramnit-banking-trojan/
Russian Hacker Behind NeverQuest Banking Malware Gets 4 Years in U.S. Prison
https://thehackernews.com/2019/11/lisov-neverquest-russian-hacker.html
B.行動安全 / iPhone / Android /穿戴裝置 /App
iPhone 史上最大資安危機,強烈呼籲受影響的各界重要人士立即更換你的手機
https://technews.tw/2019/11/16/iphone-checkm8/
iPhone 資安亮紅燈!避免硬體漏洞被入侵,從「4 大防駭習慣」開始養成
https://buzzorange.com/techorange/2019/11/18/apple-iphone-bursts-a-major-hardware-vulnerability/
iPhone 驚傳史上最大漏洞!台灣開發者揭 14 款機型恐 3 分鐘被入侵
https://3c.ltn.com.tw/news/38652
蘋果手機爆資安漏洞 KPMG四招自保教學
https://news.wearn.com/c377476.html
安卓曝高危漏洞:華為小米等18款設備中招
https://www.twoeggz.com/news/15733572.html
從 Android 手機有許多資安漏洞說起
https://softnshare.com/kryptowire-android-cve-mobile-security/
蘋果 Apple MacBook 硬碟容量不足效能緩慢,其他資料佔用近百 GB 空間
https://www.vedfolnir.com/apple-macos-hard-disk-capacity-is-slow-35339.html
華為踢鐵板 手機標中國台灣 NCC要求禁賣
http://m.secretchina.com/news/b5/2019/11/15/913720.html
系統更新 竟標「中國台灣」NCC出手 五大電信 禁售華為3款手機
https://tw.appledaily.com/highlight/20191115/WVQEM3IDMMVWOPYYGI57GKURUI/
Android 遭爆「預載漏洞」多達 146 個! 三星、華碩也被點名
https://3c.ltn.com.tw/news/38657
Android 手機預裝軟體藏大量漏洞,導致 29 廠商中招
http://technews.tw/2019/11/20/pre-installed-apps-on-low-end-android-phones-are-full-of-security-holes/
華碩、三星都中標! Android手機被爆「預載」146款惡意軟體
https://newtalk.tw/news/view/2019-11-18/328259
德國擬禁止Apple Pay壟斷NFC 蘋果:開放恐危及用戶資安
https://www.ettoday.net/news/20191116/1581363.htm
華為邀請全球駭客找系統漏洞:或為鴻蒙手機鋪路
https://sina.com.hk/news/article/20191116/0/0/2/-10848832.html
Facebook 陳澍:大規模違反《社群守則》已排除,是內部技術問題
https://www.inside.com.tw/article/18122-facebook-community-standards-2
政治貼文一PO就被砍 臉書公布原因了
https://www.chinatimes.com/realtimenews/20191115004881-260405?chdtv
追蹤位置是小事,5G 漏洞可能用於軍事打擊
https://www.chainnews.com/zh-hant/articles/310410144352.htm
5G漏洞使用戶位置被追踪TPM漏洞影響數十億設備
https://zhuanlan.zhihu.com/p/91839862
【兩岸論壇】中共力推「學習強國」 全面監控民眾
https://www.ydn.com.tw/News/360548
香港反送中通訊利器Telegram 資安專家擔憂漏洞洩密
https://ec.ltn.com.tw/article/breakingnews/2978749
華為發布關於網絡安全的立場聲明:我們從未經歷過任何嚴重的網絡安全漏洞
https://www.leiphone.com/news/201911/xKZ9aisIKkeTYIUD.html
最新的WhatsApp漏洞已經存在:Android和iOS用戶注意麵臨惡意風險
https://news.guo.media/zh/13576/
平價 Android 手機藏陷阱?調查報告指預載軟體含大量漏洞
https://www.eprice.com.tw/mobile/talk/102/5439921/1/
安卓遭爆「預載」惡意軟體 個資恐洩
http://bit.ly/2r9t2UY
WhatsApp 發現全新漏洞!接收影片即中招
http://bit.ly/2XsIsQD
Android 平價機預載 Apps 現大量漏洞 美國國土安全部爆大鑊
http://bit.ly/2KAsajh
Apple Pay涉壟斷!德立法要求開放iPhone NFC晶片 蘋果憂危及用戶資安
https://www.ettoday.net/news/20191119/1583440.htm
抖音全力洗白!就算習近平下令也「照樣拒絕」
https://ec.ltn.com.tw/article/breakingnews/2982869
六個簡單避免手機被入侵的方法
http://bit.ly/37nutzS
你的手機會偷拍?資安公司踢爆Android漏洞 Google、三星都中招
https://newtalk.tw/news/view/2019-11-20/329212
WhatsApp新突破:駭客可通過傳送MP4攻擊,能監控設備+竊取聊天記錄
https://zinggadget.com/2019/11/19/whatsapp-warning-hacker-may-sentmp4-hack-user-phone/
臉書修補WhatsApp的遠端程式執行漏洞
https://ithome.com.tw/news/134306
Google 修復 Android 相機 App 嚴重安全漏洞,用戶應盡速更新
http://technews.tw/2019/11/21/google-android-camera-app-bug/
愛瘋嚴重資安漏洞!他1分鐘破解
http://bit.ly/2qlsAmR
Android 相機 App 新漏洞   惡意取用相機 + 錄製通話內容
https://unwire.hk/2019/11/20/android-flaw/software/android-app/
Android相機App爆資安漏洞 偷拍錄影+錄製通話內容
http://bit.ly/2KLuLHg
安卓被曝嚴重漏洞:惡意應用能秘密錄製視頻監聽通話
https://finance.sina.com.cn/chanjing/cyxw/2019-11-21/doc-iihnzhfz0759766.shtml
成功攻破Amazon Echo 網絡駭客獲6萬美金獎金
https://hk.epochtimes.com/news/2019-11-21/50760505
更新愛瘋爆災情!LINE中標這樣解
http://bit.ly/2QDLaRT
想成為LINE工程師?3大團隊精神,看跨國公司的開發文化
https://www.bnext.com.tw/article/55579/line-developer-culture
Telegram 執行長大吐槽 Facebook 以及 Whatsapp 後門事件
https://www.inside.com.tw/article/18174-WhatsApp-will-never-be-secure
史上成長最快通訊軟體!微軟Teams突破2千萬用戶,Slack嗆數據膨風
https://www.bnext.com.tw/article/55577/microsoft-teams-slack-competition
由機器學習與隱私優先原則 看 LINE 如何有感減少垃圾訊息並為個資把關
https://www.techbang.com/posts/74420-line-security-privacy
資安風險高! 推特將取消以電話啟用雙因素驗證
https://www.ithome.com.tw/news/134350
Google 修復 Android 相機 App 嚴重安全漏洞,用戶應盡速更新
http://technews.tw/2019/11/21/google-android-camera-app-bug/
Google、三星相機程式被曝高風險漏洞,可被黑客偷拍照、錄像
https://kknews.cc/tech/k46m4j8.html
IG上買女傭?中東奴隸線上交易鑽漏洞 連警都參一咖
https://www.setn.com/News.aspx?NewsID=640452
Two Arrested for Stealing $550,000 in Cryptocurrency Using Sim Swapping
https://thehackernews.com/2019/11/hacking-with-sim-swapping.html
Qualcomm Chip Flaws Let Hackers Steal Private Data From Android Devices
https://thehackernews.com/2019/11/qualcomm-android-hacking.html
Threat Landscape Report for Q3 2019
http://www.manilastandard.net/index.php/tech/tech-news/310151/threat-landscape-report-for-q3-2019.html
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
Real World CTF安全訓練營將啟動,四位一體聚焦網絡安全
http://news.tom.com/201911/4798310753.html
20歲美大學生幫ISIS客製開發Gentoo Linux、散佈訊息,最高恐判刑20年
https://ithome.com.tw/news/134331
假期購物季將至 零售業者須嚴防網路攻擊
https://money.udn.com/money/story/5599/4176567
DDoS服務商遭判刑13個月,經營者只有21歲
https://www.ithome.com.tw/news/134273
英國工黨網站遭DDoS攻擊
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16320
FBI 警告:駭侵組織正在鎖定美國汽車工業進行攻擊
https://www.twcert.org.tw/tw/cp-104-3093-cff7a-1.html
2019HITCON DEFENSE打造多元情境 S.H.I.E.L.D.奪冠
https://money.udn.com/money/story/5640/4175917
資安金盾獎 交大及鳳山永春南一中聯隊摘冠
https://money.udn.com/money/story/10860/4168414
Disney+系統遭駭客入侵? 官方:沒有證據顯示有安全漏洞
https://newtalk.tw/news/view/2019-11-22/330204
電腦全天上網未關機成「肉雞」 淪駭客盜刷「跳板」
https://news.ltn.com.tw/news/life/breakingnews/2984378
110名網絡技術精英演繹“虛擬空間”安全“攻防戰”
http://www.stdaily.com/index/kejixinwen/2019-11/17/content_815984.shtml
梅西百貨證實網站遭駭客攻擊,週二股價重挫11%
http://bit.ly/35fLVoa
梅西又被駭 未透露多少顧客資料被盜
http://bit.ly/2OAunMH
2K 粉絲團遭駭客入侵,貼文發「尼哥」粉絲全看傻
https://tw.esports.yahoo.com/201911153-050521478.html
又一家美國法院裁定警方無權強迫嫌疑人交出設備密碼
http://bit.ly/2OAmhnp
北市大校內電郵狂收對岸嘲諷信 教部:應為群組帳號外流
https://m.ltn.com.tw/news/life/breakingnews/2980240
學校公用電郵狂收垃圾信/北市大︰學生盜用信箱 非遭駭
https://m.ltn.com.tw/news/life/paper/1332503
北市大收「對岸」電子嘲諷信 教部:帳號外流
https://news.tvbs.com.tw/life/1235609
信箱驚見「我是翻牆過來的江蘇人」爆資安危機? 北市大︰校內生誤用
http://bit.ly/37byjvX
國際駭客組織 Anonymous 將捐贈7,500萬美元的比特幣
https://zombit.info/international-hacker-organization-anonymous-will-donate-75-million-in-bitcoin/
資安拉警報!北約秘書長:中國能從全球蒐集大量數據
https://newtalk.tw/news/view/2019-11-18/328591
關於港警圍攻香港中文大學,控制HKIX將導致香港斷網的傳言,聽聽香港專業IT人員怎麼說
https://ithome.com.tw/news/134232
中國自創天府杯駭客競賽,Chrome、Safari與Office 365全被攻陷
https://ithome.com.tw/news/134297
你,可能早就是中國政府「審查」的對象
https://www.cw.com.tw/article/article.action?id=5097806
大股東裝了監控系統 中國可能可遠端切斷菲國輸電網
https://news.ltn.com.tw/news/world/breakingnews/2985520
周鴻禕:超100國家成立網軍 網路戰將成未來戰爭首選
https://news.sina.com.tw/article/20191121/33396558.html
美資安專家稱 俄、「中」恐非首要威脅
https://www.ydn.com.tw/News/360507
美專家:網路威脅多來自中等國家
https://www.ydn.com.tw/news/360529
美司法部長:華為、中興具安全威脅
http://bit.ly/2Oiw6GA
華為囂張不久...美國出口管制終極武器還沒用
https://ec.ltn.com.tw/article/breakingnews/2982958
趕盡殺絕!美司法部長一句話 華為設備恐拆了
https://www.chinatimes.com/realtimenews/20191116000010-260408?chdtv
美國敗下陣來,印度以安全為由決定封殺臉書,中國成為最終大贏家
http://www.sohu.com/a/354177140_759851
駐烏克蘭代辦手機與特朗普通話 恐遭俄羅斯等多國截聽
https://hk.on.cc/hk/bkn/cnt/amenews/20191115/bkn-20191115220627958-1115_00972_001.html
伊朗全國大斷網 封鎖網絡能遏止示威嗎
http://bit.ly/35j12NE
Cybersecurity is heading into a recruitment crisis: Here's how we fix the problem
https://www.zdnet.com/article/cybersecurity-is-heading-into-a-recruitment-crisis-heres-how-we-fix-the-problem/#ftag=RSSbaffb68
More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/
Company Detected Years-Long Breach Only After Hacker Maxed Out Servers' Storage
https://thehackernews.com/2019/11/hacking-file-storage.html
Chrome, Edge, Safari hacked at elite Chinese hacking contest
https://www.zdnet.com/article/chrome-edge-safari-hacked-at-elite-chinese-hacking-contest/#ftag=RSSbaffb68
ProtonMail blocked in Belarus following wave of bomb threats across the country
https://www.zdnet.com/article/protonmail-blocked-in-belarus-following-wave-of-bomb-threats-across-the-country/#ftag=RSSbaffb68
Company discovered it was hacked after a server ran out of free space
https://www.zdnet.com/article/company-discovered-it-was-hacked-after-a-server-ran-out-of-free-space/
Official Monero website compromised with malware that steals funds
https://www.zdnet.com/article/official-monero-website-compromised-with-malware-that-steals-funds/#ftag=RSSbaffb68
The Russian Railways information system got hacked in 20 minutes
https://www.ehackingnews.com/2019/11/the-russian-railways-information-system.html?utm_source=dlvr.it&utm_medium=twitter
Emergency Response Process and Compromised Binaries Post-Mortem Meeting: 22 November 23:00 UTC #413
https://github.com/monero-project/meta/issues/413
2020 年「サイバーセキュリティ月間」実施に伴う 関連行事の募集について
https://www.nisc.go.jp/active/kihon/pdf/csm2020kanren.pdf
4 Automated Password Policy Enforcers for NIST Password Guidelines
https://www.bankinfosecurity.com/blogs/4-automated-password-policy-enforcers-for-nist-password-guidelines-p-2803
THE LAZARUS’ GAZE TO THE WORLD: WHAT IS BEHIND THE SECOND STONE
https://blog.telsy.com/the-lazarus-gaze-to-the-world-what-is-behind-the-second-stone/
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
Disney+ app才推出,駭客論壇驚傳有上千帳號被兜售
https://www.ithome.com.tw/news/134256
Disney+開通後上千用戶被駭 帳號暗網最低價不到百元
https://ec.ltn.com.tw/article/breakingnews/2982721
Disney+才推出 數千帳號被駭 3元轉手賤賣
http://bit.ly/2XC1Tq9
蘋果中國新網域被Safari和Google視為釣魚網站,到底怎麼回事
https://mrmad.com.tw/apple-com-cn-safari-deceptive-site-ahead
假訊息資訊戰 將在大選總驗收
https://udn.com/news/story/11321/4173241
網路假訊息流傳 中原大學生盼科技遏止歪風
http://bit.ly/32W5qAJ
盤點2019年度五大資安詐騙類型
https://blog.trendmicro.com.tw/?p=62635
中科天齊:全球十大高危數據泄露事件影響30億用戶
https://news.sina.com.tw/article/20191119/33370842.html
按讚也會被騙!社群10大詐騙手法曝光 它居然只排第5
https://theme.udn.com/theme/story/6774/4178037
大選在即,台灣將成為假訊息病毒的培養皿
https://forum.ettoday.net/news/1584010
資安知識分享】經典詐騙: 分享給十位朋友即可領取免費Line貼圖?別再上當啦
https://ithelp.ithome.com.tw/articles/10229091?sc=rss.qu
歐洲最大級飯店訂房系統公司近 1TB 旅客資料於網路曝光
https://www.twcert.org.tw/tw/cp-104-3089-ffd48-1.html
韓粉轉傳陳菊貪污假訊息被判拘役 源頭竟來自港媒
https://m.ltn.com.tw/news/politics/breakingnews/2985229
陳菊貪污假訊息 調查局:最早出自於香港媒體
https://www.cna.com.tw/news/firstnews/201911210198.aspx
抵制資訊戰!Google不只停政治廣告 三大策略對抗假新聞
https://news.sina.com.tw/article/20191121/33398876.html
「無卡分期」是什麼? 小心別誤入門號換現金詐騙翻版!
https://www.kocpc.com.tw/archives/293321
網路詐欺犯入獄繼續騙「跨多國海撈3000萬」! 坐牢竟能買豪宅、爽上網
https://www.ettoday.net/news/20191121/1584561.htm
網絡職業打假灰產鏈調查:利用漏洞大量購買成職業索賠人
http://m.cnwest.com/tianxia/a/2019/11/22/18195493.html
這些臉書粉絲團都是假的,五招避免上當!(持續更新)
https://blog.trendmicro.com.tw/?p=60197
盤點2019年度五大資安詐騙類型
https://blog.trendmicro.com.tw/?p=62635
Thousands of hacked Disney+ accounts are already for sale on hacking forums
https://www.zdnet.com/article/thousands-of-hacked-disney-accounts-are-already-for-sale-on-hacking-forums/#ftag=RSSbaffb68
The banking scams criminals are using to target South Africans right now
https://businesstech.co.za/news/banking/354209/the-banking-scams-criminals-are-using-to-target-south-africans-right-now/
Parliament House hack report reveals poor password practices
https://www.zdnet.com/article/parliament-house-hack-report-reveals-poor-password-practices/#ftag=RSSbaffb68
Privacy and OSINT lessons from the IronMarch Leak
https://inteltechniques.com/blog/2019/11/18/privacy-and-osint-lessons-from-the-ironmarch-leak/
Disney+ fans without answers after thousands hacked
https://www.bbc.com/news/technology-50461171
Recently Discovered Phishing Campaign Found Targeting Office 365 Admins
http://passwordalert.com/recently-discovered-phishing-campaign-found-targeting-office-365-admins/
Boost Your Personal Security With These Killer 2019 Black Friday and Cyber Monday Deals
https://thehackernews.com/2019/11/cyber-monday-black-friday-deals.htm
T-Mobile Suffers Data Breach Affecting Prepaid Wireless Customers
https://thehackernews.com/2019/11/t-mobile-prepaid-data-breach.html
E.研究報告
GPO細部設定值取得
https://ithelp.ithome.com.tw/questions/10196144
CVE-2019-1405和CVE-2019-1322:通過組合漏洞進行權限提升
https://zhuanlan.zhihu.com/p/92017930
CVE-2019-3648漏洞分析
https://www.4hou.com/vulnerable/21561.html
WDS漏洞允許黑客通過不正確的TFTP數據包劫持Windows服務器
http://www.wanjiquan.com/zixun/201911/5528.html
iOS Jailbreak Principles - Sock Port 漏洞解析(一)UAF 与 Heap Spraying
https://juejin.im/post/5dd10660e51d453fac0a598d
事件識別碼 455,來源為 ESENT 的錯誤
https://dotblogs.com.tw/supershowwei/2019/11/18/222409
Kerberos KDC域權限提升漏洞總結
http://bit.ly/2KvqVSq
iOS checkra1n 越獄受影響裝置之惡意指令快速實作
https://hiraku.tw/2019/11/5076/?utm_source=Facebook_PicSee
IIS-解析漏洞(下)
https://cloud.tencent.com/developer/article/1541087
潛伏者:Roboto殭屍網絡分析報告
https://blog.netlab.360.com/the-awaiting-roboto-botnet/
**級ABB發電信息管理系統漏洞曝光,或成網電作戰致命武器
https://www.freebuf.com/column/220831.html
賽門鐵克郵件網關重置密碼漏洞
https://cloud.tencent.com/developer/article/1541536
個案分析-假冒寄件者回信之網路釣魚攻擊事件分析報告_10811
https://cert.tanet.edu.tw/prog/opendoc.php?id=20191122031110101466188805578.pdf
PHOENIX: THE TALE OF THE RESURRECTED KEYLOGGER
https://www.cybereason.com/blog/phoenix-the-tale-of-the-resurrected-alpha-keylogger
Wrong hashes (from getmonero.org) #6151
https://github.com/monero-project/monero/issues/6151
Monero download site and binaries compromised
https://bartblaze.blogspot.com/2019/11/monero-project-compromised.html
Hunting for LoLBins
https://blog.talosintelligence.com/2019/11/hunting-for-lolbins.html
Custom dropper hide and seek
https://blog.talosintelligence.com/2019/11/custom-dropper-hide-and-seek.html
4 Best Free Online Security Tools for SMEs in 2020
https://thehackernews.com/2019/11/online-website-security-tools.html
ANDRAX
https://andrax.thecrackertechnology.com/download
Cyberattacks and How To Protect Your Computer and Data - Part 1 of 3
https://www.peerlyst.com/posts/cyberattacks-and-how-to-protect-your-computer-and-data-part-1-of-3-josh-moulin
Cyberattacks and How To Protect Your Computer and Data - Part 2 of 3
https://www.peerlyst.com/posts/cyberattacks-and-how-to-protect-your-computer-and-data-part-2-of-3-josh-moulin
Cyberattacks and How To Protect Your Computer and Data - Part 3 of 3
https://www.peerlyst.com/posts/cyberattacks-and-how-to-protect-your-computer-and-data-part-3-of-3-josh-moulin
F.商業
奧義攻資安自動化 召喚AI 向駭客宣戰
https://money.udn.com/money/story/8889/4169661
奧義不徵人才 只找夥伴
https://money.udn.com/money/story/8889/4169667
奧義執行長邱銘彰 幫企業打造防護罩
https://money.udn.com/money/story/8889/4169670
StackRox發布K8s安全平臺3.0,加入配置與漏洞管理功能
https://www.ithome.com.tw/news/134209
為開源程式碼安全把關,GitHub推Security Lab計畫
https://ithome.com.tw/news/134222
趨勢科技推出全方位資安防護服務平台
https://www.chinatimes.com/realtimenews/20191119002071-260412?chdtv
趨勢科技針對採應用程式開發在雲端的企業推出全方位資安防護服務平台
https://news.sina.com.tw/article/20191120/33377464.html
Fortinet安全織網全方位防護網際超連結資料鏈
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=13&id=0000572847_8oa9gb3a32pf3f8nmk3la
Kaspersky to launch transparency center in Brazil
https://www.zdnet.com/article/kaspersky-to-launch-transparency-center-in-brazil/#ftag=RSSbaffb68
Google offers up to $1.5 million bounty for remotely hacking Titan M chip
https://thehackernews.com/2019/11/google-pixel-titan-m-chip.html
G.政府
CODE鞏固台美戰略夥伴關係
https://talk.ltn.com.tw/article/paper/1332805
現行安全機制不足 國安局研商全新密碼防護作為
https://m.ltn.com.tw/news/politics/breakingnews/2984758
國安單位對駐外館處督考 赫見保密裝備遭亂用
https://m.ltn.com.tw/news/politics/breakingnews/2984939
否認外館保密漏洞百出 外交部:均依規定辦理
https://m.ltn.com.tw/news/politics/breakingnews/2985573
教育部資安與個資管理會設置要點
https://edu.law.moe.gov.tw/LawContent.aspx?id=GL001950
非政府組織籲政府暫停推動晶片身分證
http://bit.ly/33ealwO
新身分證程序有問題? 內政部:謹慎推動
https://www.chinatimes.com/realtimenews/20191122001787-260407?chdtv
公文電子交換系統資訊安全管理規範
https://www.archives.gov.tw/Publish.aspx?cnid=1636&p=2456
H.ICS/SCADA 工控系統
白帽駭客將有機會在 Pwn2Own 2020 大賽展現工業控制系統安全機制破解技巧
https://blog.trendmicro.com.tw/?p=62604
研究人員發現西門子工業控制器中的命令執行漏洞
https://nosec.org/home/detail/3183.html
I.教育訓練
政府組態基準(GCB)實作研習活動
http://bit.ly/2Ojnwr4
什麼是零時差漏洞?有哪些漏洞攻擊手法
https://blog.trendmicro.com.tw/?p=62238
CISSP 73: Intrusion Detection System (CISSP IT-Tutorial)
https://www.youtube.com/watch?v=6_6lBDloFH0&feature=
CISSP 74: Security Information and Event Management
https://www.youtube.com/watch?v=jFV9-BUYeBY&feature=
CISSP 75: Network Security from Hardware Devices (CISSP IT-Tutorial)
https://www.youtube.com/watch?v=8EkgyKbm2So&feature=
Ethical Hacking - Capture the Flag Walkthroughs #2 CTF - Easy Beginner Level
https://www.youtube.com/watch?v=x4nLpehOAdM
Getting Started with Shodan, “The scariest search engine”
https://www.peerlyst.com/posts/getting-starting-with-shodan-the-scariest-search-engine-princess-david
OpenVAS Network Vulnerability Scanning for Beginners: Step One, Installation
https://www.peerlyst.com/posts/openvas-network-vulnerability-scanning-for-beginners-step-one-installation-kimberly-crawley
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
水能載舟 亦能覆舟:如何防範物聯網資安風險
https://udn.com/news/story/6871/4167025
在車聯網時代實施安全解決方案
https://www.eettaiwan.com/news/article/20191115TA31-V2X-security
防止駭客攻擊 汽車安全需日新又新
https://www.mem.com.tw/arti.php?sn=1911150006
打造安全物聯網 系統層級檢測方法提對策
https://www.mem.com.tw/arti.php?sn=1911190001
管理、維運分散全球的邊緣裝置 物聯網佈署迎來三大挑戰
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000573305_h0r2jb4y1md8yp4wf46vq
聯網裝置暴增將人機管理比擴大至1:1000 人力吃緊促成智能設備走向遠端維運
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000573199_guq071qal6gse78pbd21s
研究:聲控設備易受駭客攻擊
http://www.epochtimes.com/b5/19/11/21/n11670292.htm
Australia releases draft IoT cybersecurity code of practice
https://www.zdnet.com/article/australia-releases-draft-iot-cybersecurity-code-of-practice/#ftag=RSSbaffb68
DRAFT Code of Practice Securing the Internet of Things for Consumers
https://www.homeaffairs.gov.au/reports-and-pubs/files/code-of-practice.pdf
6.近期資安活動及研討會
Trend Micro CTF 2019 // Raimund Genes Cup  FINAL / NOVEMBER 23–24, 2019
 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html
 資安檢核核心技術及進階技術研討會11月26日至11月28日
 http://bit.ly/2TN2UtD
 人資人員必修的職安法規定 11/26
 https://www.accupass.com/event/1909121441141977826554
 回國分享會:: COCONET 2019 東南亞數位權利營隊 11/27
 https://ocftw.kktix.cc/events/tw2019coconet-sharing
 印太戰略資安論壇:台灣的機會及隱憂 11/27
 https://www.accupass.com/event/1911150905322087822814
 模擬案例鑑識分析實務 (6hr)  11/28
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384543
 CCNS x SITCON 2020 台南投稿者小聚 11/28
 https://ccns.kktix.cc/events/ccns-sitcon-2020-meetup
 Global Cybersecurity Coference 11/28~11/29
 https://2019.group-ib.com/
 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/29
 https://signupcybersec101.ithome.com.tw/
 交通大學亥客書院-B015:惡意程式檢測 11/30
 https://hackercollege.nctu.edu.tw/?p=1098
 亞洲‧矽谷學院108年免費認證考試 11/30
 https://college.asvda.org.tw/
 Docker 容器技術實作(201911)  11/30
 https://buy.techbang.com/products/97b497fb?from=home_news
 The Dungeons of Hackers Conference 2019 - 駭客的地下城 11/30
 https://tdohackerparty.kktix.cc/events/tdoh-conf-2019
 5G x AI資安關鍵技術研討會 Cybersecurity 5G x AI Workshop 12/2
 https://ievents.iii.org.tw/EventS.aspx?t=0&id=763
 新竹網絡安全日 Cybersecurity Day Hsinchu 108年 邀请函 12/3
 https://www.accupass.com/event/1911080348403103587380
 Digital Summit Dallas  12/4
 https://infosec-conferences.com/events-in-2019/digital-summit-dallas/
 Kansas City Cyber Security Conference 12/5
 https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/
 CyberMaryland Conference 12/5 ~ 12/6
 https://infosec-conferences.com/events-in-2019/cybermaryland-conference/
 Vue.js 新手村,前端實戰入門 12/7
 https://hackersir.kktix.cc/events/20191112vuejs
 FutureCon Nashville Cyber Security Conference 12/11
 https://infosec-conferences.com/events-in-2019/futurecon-nashville/
 「Log管理 x 營業秘密」研討會 12/11
https://www.accupass.com/event/1911110922137590408650
 Utility Cyber Security Forum December 12/11
 https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/
 交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦  12/14
 https://hackercollege.nctu.edu.tw/?p=1094
 台灣駭客年會 HITCON Winter Training 2019 12/16
 https://hitcon.kktix.cc/events/hitcon-winter-training-2019
 台灣駭客年會 HITCON Winter Training 2019 - 學生報名 12/16
 https://hitcon.kktix.cc/events/hitcon-winter-training-2019-student
 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/
 PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
 https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world

沒有留言:

張貼留言