資安事件新聞週報 2020/3/16 ~ 2020/3/20
1.重大弱點漏洞/後門/Exploit/Zero Day
協作通訊平台 Slack 被發現重大漏洞,可能導致大量帳號遭盜
https://www.twcert.org.tw/tw/cp-104-3439-869ef-1.html
Joomla! 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2020.0900/
多家路由器潛藏Kr00k漏洞
https://www.ptt.cc/bbs/PC_Shopping/M.1584079855.A.12C.html
Fortinet FortiClient安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9287
McAfee Web Gateway漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3635
VMware 發布多個產品安全更新
https://www.vmware.com/security/advisories/VMSA-2020-0004.html
VMware修復了Workstation和Fusion中的嚴重漏洞
https://nosec.org/home/detail/4325.html
Oracle Fusion Middleware Reports Developer漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2534
Aruba Networks ClearPass Policy Manager存在未明漏洞
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-010.txt
WordPress外掛Popup Builder含有可被接管的安全漏洞,影響逾10萬網站
https://www.ithome.com.tw/news/136375
WordPress to add auto-update feature for themes and plugins
https://www.zdnet.com/article/wordpress-to-add-auto-update-feature-for-themes-and-plugins/#ftag=RSSbaffb68
微軟緊急修補SMB蠕蟲漏洞
https://www.ithome.com.tw/news/136330
Windows 被發現全新漏洞,利用此漏洞的惡意程式感染率高,請立即進行更新
https://www.twcert.org.tw/tw/cp-104-3429-85df7-1.html
Critical Patch Released for 'Wormable' SMBv3 Vulnerability — Install It ASAP
https://thehackernews.com/2020/03/patch-wormable-smb-vulnerability.html
Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed
https://thehackernews.com/2020/03/smbv3-wormable-vulnerability.html
Microsoft Exchange伺服器存有資安漏洞,建議立即更新至最新版本
https://www.twcert.org.tw/tw/cp-104-3430-72cee-1.html
自家遠端桌面連線工具RDCMan爆資訊外洩漏洞,微軟直接宣布除役
https://www.ithome.com.tw/news/136345
微軟Windows 10 版本1909 Build 18363.720 推送,修復SMBv3 協議漏洞
https://tech.sina.com.cn/digi/2020-03-13/doc-iimxyqwa0044350.shtml
OpenSMTPD Vulnerability (CVE-2020-8794) Can Lead to Root Privilege Escalation and Remote Code Execution
https://newsroom.trendmicro.com/blog/security-intelligence/opensmtpd-vulnerability-cve-2020-8794-can-lead-root-privilege-escalatio-1
中華資安國際Red Team團隊發現國內知名保全門禁與差勤系統具有多項弱點
https://www.chtsecurity.com/news/b5545791-9f16-4e55-8d19-c97d9c2a2cd6
IBM MQ和IBM MQ Appliance漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4719
ArmorX LisoMail電子郵件協同作業 - SQL Injection
https://www.twcert.org.tw/tw/cp-132-3437-17241-1.html
Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion
https://thehackernews.com/2020/03/adobe-software-update.html
【AMD 笑了】Intel CPU 發現「LVI」新漏洞 Xeon 都變 Atom ?? 修復後性能大跌 77%
https://www.hkepc.com/19146
MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation
https://www.exploit-db.com/exploits/48079
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
金融外商員工確診武漢肺炎 金融圈高度警戒
https://news.pts.org.tw/article/470629
菲律賓開第一槍 憂新冠肺炎致金融動盪全面關閉金融交易
http://www.bcc.com.tw/newsView.4065755
信用卡Google Pay啟用異常
https://www.ptt.cc/bbs/creditcard/M.1584449182.A.31E.html
國泰產險官網 全新升級改版
https://money.udn.com/money/story/5636/4425546
快速揪出詐欺業務員!新光人壽正式啟動關聯網路分析AI,數十件個案調查中
https://www.ithome.com.tw/news/136434?
金管會同意保險業運用區塊鏈技術申請試辦「保全/理賠聯盟鏈」服務
https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath
中國銀行(香港) 提醒客戶及公眾人士,慎防偽冒由中銀香港發出的虛假電子郵件
https://www.bochk.com/dam/bochk/desktop/top/aboutus/pressrelease2/2020/20200318_01_Press_Release_TC.pdf
Possible Spoofing of the BNL Bank in Italy
https://spamcion.com/2020/03/14/bnl/
In Kiev, a hacker group who used the vulnerability of banks to steal their clients' money was caught
https://www.ehackingnews.com/2020/03/in-kiev-hacker-group-who-used.html
For Sale: Card Data From Online Stores Using Volusion
https://www.bankinfosecurity.com/for-sale-card-data-from-online-stores-using-volusion-a-13937
Breached Volusion Card Data Surfaces in Dark Web
https://geminiadvisory.io/breached-volusion-card-data-surfaces-in-dark-web/
Regulators, banks plan for contingencies as customers rush for cash amid COVID-19
https://www.atmmarketplace.com/news/regulators-banks-plan-for-contingencies-as-customers-rush-for-cash-amid-covid-19/
Financial companies leak 425GB in company, client data through open database
https://www.zdnet.com/article/financial-apps-leak-425gb-in-company-data-through-open-database/
Report: Two Corporate Finance Companies Leak Half a Million Legal and Financial Documents Online
https://www.vpnmentor.com/blog/report-mca-wizard-leak/
How financial services firms are handling data privacy
https://www.helpnetsecurity.com/2020/03/18/financial-services-data-privacy/
TrueFire Guitar Tutoring Website Suffers Magecart-style Credit Card Breach
https://thehackernews.com/2020/03/truefire-guitar-tutoring-data-breach.html
Skimming code battle on NutriBullet website may have risked customer credit card data
https://www.zdnet.com/article/skimming-code-lurking-on-nutribullet-website-puts-customer-credit-card-data-at-risk/
Unsecured Database Exposes Financial Records: Report
https://www.bankinfosecurity.com/unsecured-database-exposes-financial-records-report-a-13969
Magecart Group 8 Blends into NutriBullet.com Adding To Their Growing List of Victims
https://www.riskiq.com/blog/labs/magecart-nutribullet/
3.電子支付/電子票證/行動支付/ pay/新聞及資安
中國行乞用支付寶、瑞典ATM難尋!無現金交易漸成世界主流
https://www.ftvnews.com.tw/news/detail/2020314W0053
Samsung Pay悠遊卡搶攻行動支付 首波6家信用卡支援加值
https://news.cnyes.com/news/id/4453675
KIA「超質感」Sorento南韓上市 內建行動支付讓你加油免掏信用卡
https://speed.ettoday.net/news/1670724?redirect=1
速食業打電子支付戰 麥當勞結合LINE Pay
https://www.cna.com.tw/news/ahel/202003190340.aspx
毋須八達通!龍運巴士試用新電子支付 Apple Pay、Alipay都得
https://bit.ly/2Wwz6og
電子支付使用人數首破700萬 一卡通、街口最多人用市占逾5成
https://www.ettoday.net/news/20200306/1661154.htm
三月底手機確定就可當悠遊卡…但唯一遺憾卻是iPhone還不支援搭交通工具
https://cnews.com.tw/134200304a05/
金管會擴大電支機構合作帳戶 民眾可省15元手續費
https://news.cnyes.com/news/id/4444887
4.虛擬貨幣/區塊鍊相關新聞及資安
大戶遭駭損失13.5億 「防盜金鑰」紅透虛擬幣圈
http://bit.ly/2QifaBF
高嘉瑜質疑數位貨幣政策「曖昧不清」 楊金龍:央行還在「觀察」階段
https://www.storm.mg/article/2393930
日本警視廳拘捕了兩位與 Coincheck「 $5.3 億美元黑客攻擊事件」有關的男子
http://bit.ly/2TRbvwQ
The issue and circulation of cryptocurrencies will be banned in Russia
https://www.ehackingnews.com/2020/03/the-issue-and-circulation-of.html?utm_source=dlvr.it&utm_medium=twitter
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
“My love(我的愛)” 勒索病毒寄給你的情書
https://blog.trendmicro.com.tw/?p=63675
趨勢科技 2019 年攔截了近 1,300 萬次高風險的電子郵件威脅
https://blog.trendmicro.com.tw/?p=63691
FireEye:76%的勒索軟體攻擊發生在非上班時間
https://www.ithome.com.tw/news/136435
電腦病毒也叫corona 偽裝成防疫郵件點進去秒騙錢
https://www.setn.com/News.aspx?NewsID=706299
新冠電腦病毒也猖狂 假網站賣口罩騙個資
https://www.cardu.com.tw/news/detail.php?40242
New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts
https://thehackernews.com/2020/03/android-cookies-malware-hacking.html
小心!約翰霍普金斯大學新冠病毒疫情地圖淪為駭客散播 AZORult 病毒新途徑
http://bit.ly/39PXtRG
有駭客以假的武漢肺炎疫情儀表板供下載,藉機散布惡意程式以竊取敏感資訊
https://ithome.com.tw/news/136339
勒索病毒現身大賺「疫情財」!不讓手機解鎖還會公開私密照
https://3c.ltn.com.tw/news/39816
Beware of 'Coronavirus Maps' – It's a malware infecting PCs to steal passwords
https://thehackernews.com/2020/03/coronavirus-maps-covid-19.html
Necurs未日!最大殭屍網絡瓦解
http://bit.ly/2QhHXWX
安全憑證「不安全」?駭客用來掩飾惡意程式 遇到新版本瀏覽器要小心
https://news.sina.com.tw/article/20200315/34531384.html
駭客大賺災難財!追蹤疫情APP內竟含勒索病毒
http://m.match.net.tw/pc/news/technology/20200317/5238639
2 月頭號惡意軟件Mirai 殭屍網絡,傳播的漏洞利用率大幅增加
http://www.ccidnet.com/2020/0318/10517022.shtml
COVID-19時代惡意軟件躥行,該國COVID-19測試中心慘遭攻擊
https://www.freebuf.com/news/230479.html
盜亦有道,勒索軟體於武漢肺炎期間暫停攻擊醫療機構
https://www.ithome.com.tw/news/136444
資安業者免費服務受到勒索軟體攻擊的醫療院所
https://www.ithome.com.tw/news/136459
謹防新型跟踪惡意軟件:Monitor Minor
https://www.freebuf.com/news/230619.html
MacOS惡意軟件Shlayer分析
https://www.freebuf.com/articles/network/227482.html
Security News This Week: Elite Hackers Are Using Coronavirus Emails to Set Traps
https://www.wired.com/story/coronavirus-phishing-ad-fraud-clearview-security-news/
Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan
https://newsroom.trendmicro.com/blog/security-intelligence/operation-overtrap-targets-japanese-online-banking-users-bottle-exploit-2
Czech hospital hit by cyberattack while in the midst of a COVID-19 outbreak
https://www.zdnet.com/article/czech-hospital-hit-by-cyber-attack-while-in-the-midst-of-a-covid-19-outbreak/
Coronavirus-Themed APT Attack Spreads Malware
https://threatpost.com/coronavirus-apt-attack-malware/153697/
Vicious Panda: The COVID Campaign
https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign/
New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts
https://thehackernews.com/2020/03/android-cookies-malware-hacking.html
APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT
https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/
MonitorMinor: vicious stalkerware
https://securelist.com/monitorminor-vicious-stalkerware/95575/
New PXJ Ransomware Delete’s Backup Copies and Disable’s User Ability to Recover any Files
https://gbhackers.com/new-pxj-ransomware/
Fake WiseCleaner website spreading CoronaVirus ransomware
https://www.hackread.com/fake-wisecleaner-website-coronavirus-ransomware/
Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait
https://thehackernews.com/2020/03/covid-19-coronavirus-hacker-malware.html
TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks
https://thehackernews.com/2020/03/trickbot-malware-rdp-bruteforce.html
Thousands of COVID-19 scam and malware sites are being created on a daily basis
https://www.zdnet.com/article/thousands-of-covid-19-scam-and-malware-sites-are-being-created-on-a-daily-basis/
New TrickBot Variant Targets Telecoms in US, Asia: Report
https://www.bankinfosecurity.com/new-trickbot-variant-targets-telecoms-in-us-asia-report-a-13973
Fighting Coronavirus-Themed Ransomware and Malware
https://www.bankinfosecurity.com/fighting-coronavirus-themed-ransomware-malware-a-13966
Cybercriminals impersonate World Health Organization to distribute fake coronavirus e-book
https://bit.ly/3a7q8lh
COVID-19-Themed Malware Goes Mobile
https://www.bankinfosecurity.com/covid-19-themed-malware-goes-mobile-a-13981
2020-03-16 - QUICK POST: MALSPAM KNOWN FOR URSNIF SWITCHES TO ICEDID
https://www.malware-traffic-analysis.net/2020/03/16/index2.html
B.行動安全 / iPhone / Android /穿戴裝置 /App
iOS 13再曝資安漏洞!逾50多款應用程式會暗中偷看 iPhone 剪貼版內容
https://3c.ltn.com.tw/news/39812
蘋果iOS有漏洞!恐導致帳戶密碼或信用卡號外洩
https://newtalk.tw/news/view/2020-03-17/376503
「抖音」等50多款熱門APP 遭爆利用iPhone資安漏洞偷看「複製貼上」內容
https://udn.com/news/story/7098/4420272
你的手機竊聽準確率可達90%,這個安全漏洞如何堵
http://bit.ly/2TQGQ2S
安卓用戶小心!駭客利用疫情肆虐恐慌 散佈勒索軟體
https://udn.com/news/story/11017/4420194?from=udn-catebreaknews_ch2
FBI warns of human traffickers luring victims on dating apps
https://www.welivesecurity.com/2020/03/17/fbi-warns-human-traffickers-luring-victims-dating-apps/
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
知名科技 YouTuber 展示在 Nintendo Switch 運行 Android 有多讚,堪稱遊戲迷最佳行動裝置
https://www.kocpc.com.tw/archives/311802
從移花接木的 Deepfake 影音,看機器學習與網路攻擊
https://blog.trendmicro.com.tw/?p=63517
【專家剖析】效法台積電分組辦公模式,作業分流應注意的資訊與網路風險
https://www.ithome.com.tw/news/136456
武漢肺炎帶動遠距工作 駭客入侵機會也來了
https://www.cna.com.tw/news/aopl/202003190452.aspx
Hahow好學校試行「全公司遠端上班」政策!個人到團體遵守這6大準則就對了
https://meet.bnext.com.tw/articles/view/46221
中國最小駭客,8歲開始寫代碼,13歲向360公司報告漏洞
https://ek21.com/news/tech/185127/
打機捍衛真相?無國界記者用Minecraft建虛擬圖書館 瀏覽被審查封鎖的新聞
http://bit.ly/39UpNCv
疫情當前,企業部署異地工作,員工需強化遠端溝通能力
http://bit.ly/2IPgOGI
疫情升溫遠距工作夯 專家:小心駭客趁機入侵
https://ec.ltn.com.tw/article/breakingnews/3103192
落實「遠距工作」防護SOP 資安監控零死角
http://bit.ly/39UA9Cy
建立敏捷式異地安全辦公環境 闢建「資安戰備跑道」 部署臨時遠端辦公室利器
https://ithome.com.tw/pr/136430
各機關警告駭客利用新冠疫情牟利
http://bit.ly/2Qn5eH2
駭客攻擊美衛生部網站 阻止澄清「全國隔離」假消息
https://news.ltn.com.tw/news/world/breakingnews/3102223
美國衛服部遭到分散式服務阻斷攻擊
https://www.ithome.com.tw/news/136407
駭客攻擊美衛生部 試圖延遲美國應對疫情
http://bit.ly/2IXKwcW
捷克武漢肺炎篩檢中心遭駭客攻擊
https://www.ithome.com.tw/news/136372
CIA遭爆密碼用123ABCdef!使用易破解組合 情報機構卻疏於防護
https://cnews.com.tw/137200314a01/
美國正式禁止電信業者使用補助資金採購華為、中興網通設備
https://www.cool3c.com/article/152434
川普再出招,鄉村電信商汰換華為設備
http://bit.ly/2U6lTzL
美國指控中國公民為朝鮮洗錢
http://bitfunance.com/article/983
新黨共諜案鑑識報告漏洞百出?王炳忠竊笑!證據能力恐遭挑戰
https://www.ettoday.net/news/20200318/1670149.htm
中國大陸學者:網路軟入侵 如誅心戰
https://turnnewsapp.com/global/politics/172048.html
美官員:中共真有全球統治計劃 間諜戰術威脅不斷
http://bit.ly/2w7kZLp
美國總統川普公開譴責中共抹黑美軍
http://bit.ly/2x3c1Pr
DHS警告:Microsoft Exchange服務器漏洞正被APT黑客利用
https://www.4hou.com/posts/qMg0
外媒:中國設新警種 全力解決「提出問題的人」
https://news.ltn.com.tw/news/world/breakingnews/3103489
中國賦予網警更大權力,壓制有關疫情應對的憤怒和批評
https://cn.nytimes.com/china/20200317/china-coronavirus-internet-police/zh-hant/
中國大陸信安標委發布《網絡安全標準實踐指南—遠程辦公安全防護》,重點防護設備、數據、環境等方面
https://www.freebuf.com/news/230540.html
中國網信辦官員發文質疑微博違法 被禁言30天
https://www.cna.com.tw/news/firstnews/202003200070.aspx
9 Cybersecurity Takeaways as COVID-19 Outbreak Grows
https://www.bankinfosecurity.com/9-cybersecurity-takeaways-as-covid-19-outbreak-grows-a-13968
COVID-19: With everyone working from home, VPN security has now become paramount
https://www.zdnet.com/article/covid-19-with-everyone-working-from-home-vpn-security-has-now-become-paramount/#ftag=RSSbaffb68
Suspicious cyberactivity targeting HHS tied to coronavirus response, sources say
https://news.yahoo.com/cyberattack-hhs-meant-slow-coronavirus-response-sources-134400639--abc-news-topstories.html
COVID‑19 and the forced workplace exodus
https://www.welivesecurity.com/2020/03/16/covid19-forced-workplace-exodus/
European power grid organization hit by cyberattack
https://www.welivesecurity.com/2020/03/12/european-power-grid-organization-entsoe-cyberattack/
Hackers find new target as Americans work from home during outbreak
https://thehill.com/policy/cybersecurity/487542-hackers-find-new-target-as-americans-work-from-home-during-outbreak
Researchers Uncover a Nigerian Hacker's Pursuit of his Million Dollar Dream
https://thehackernews.com/2020/03/nigerian-hacker-million-dollars.html
The Inside Scoop on a Six-Figure Nigerian Fraud Campaign
https://research.checkpoint.com/2020/the-inside-scoop-on-a-six-figure-nigerian-fraud-campaign/
Work from home: How to set up a VPN
https://www.welivesecurity.com/2020/03/18/work-home-how-set-up-vpn/
How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats
https://thehackernews.com/2020/03/coronavirus-cybersecurity-ciso.html
DHS Warns APT Attackers Exploiting Microsoft Exchange Server Flaw
https://healthitsecurity.com/news/dhs-warns-apt-attackers-exploiting-microsoft-exchange-server-flaw
[台北] 台大資安中心計畫專任助理
https://pttcareer.com/job/M.1584087666.A.2D7.html
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
網路釣魚在去年高風險電子郵件中 占比達89%
https://udn.com/news/story/7240/4409545
新冠肺炎假訊息流竄 屏警接獲6起報案
https://www.chinatimes.com/realtimenews/20200313004192-260402?chdtv
iPhone 收到「Apple ID 被鎖」信息?三招分辨出是否釣魚郵件
http://bit.ly/2WejTs0
軟體更新邀請竟是釣魚郵件?小心駭客這樣偷走你個資
https://cnews.com.tw/37200315a02/
超譯印尼文散布假疫情 刑事局查辦新住民首案
https://www.epochtimes.com/b5/20/3/13/n11938118.htm
歐洲刑警組織破獲兩個SIM卡偷換詐騙集團
https://www.ithome.com.tw/news/136373
軟體更新邀請竟是釣魚郵件?小心駭客這樣偷走你個資
http://bit.ly/3db3oTJ
搭火車滑手機,會導致個資外洩
https://blog.trendmicro.com.tw/?p=63658
八百萬筆歐洲區 Amazon 和 eBay 等大型電商顧客交易資料遭曝光
https://www.twcert.org.tw/tw/cp-104-3433-be3ff-1.html
迪士尼音樂原來有隱藏功能? 網民利用網絡漏洞防止性愛影片流出
http://bit.ly/2TZy2aY
網路釣魚利用武漢肺炎 小心「在家工作」郵件真偽
https://www.rti.org.tw/news/view/id/2055986
玻璃心!買不到台灣口罩 中國網軍崩潰狂發假訊息
https://news.ltn.com.tw/news/society/breakingnews/3104358
Outlook疑似被駭,一直無法寄信和收信
https://answers.microsoft.com/zh-hant/outlook_com/forum/all/outlook%E7%96%91%E4%BC%BC%E8%A2%AB%E9%A7%AD/11acc433-f7b2-4c14-aaa6-06c8ceb5f31c
境外黑產團伙也復工,針對國內相關單位發起釣魚攻擊
https://www.freebuf.com/articles/system/229983.html
Beware scams exploiting coronavirus fears
https://www.welivesecurity.com/2020/03/13/beware-scams-exploiting-coronavirus-fears/
Europol Arrests 26 SIM Swapping Fraudsters For Stealing Over $3 Million
https://thehackernews.com/2020/03/sim-swapping-fraud-hacking.html
Europol takes down SIM-swap hacking rings responsible for theft of millions of euros
https://www.zdnet.com/article/europol-tackles-massive-sim-swap-hacking-rings/#ftag=RSSbaffb68
How to Stay Safe as Online Coronavirus Scams Spread
https://blog.trendmicro.com/how-to-stay-safe-as-online-coronavirus-scams-spread/
Coronavirus Phishing Scams Exploit Misinformation
https://hotforsecurity.bitdefender.com/blog/coronavirus-phishing-scams-exploit-misinformation-22599.html
【2020/3/20 11:20】Amazonを騙る詐欺メールに関する注意喚起
https://www.cc.uec.ac.jp/blogs/news/2020/03/20200320amazonphishing.html
Going Phishing in the African Banking Sector
https://cofense.com/going-phishing-african-banking-sector/
E.研究報告
針對東南亞博弈公司的網路間諜活動
https://blog.trendmicro.com.tw/?p=63532
WordPress站點惡意JS注入漏洞分析
https://www.4hou.com/index.php/posts/0Xk3
網絡版“黑吃黑”?神秘黑客組織每天分發受感染的黑客工具
https://www.freebuf.com/news/230004.html
Roaming Mantis惡意活動分析報告
https://www.freebuf.com/articles/network/228769.html
利用Jira的郵件服務器連通測試功能發現其CSRF漏洞
https://www.freebuf.com/vuls/227971.html
每日獲取變更的CVE漏洞
https://www.freebuf.com/articles/es/228571.html
RobbinHood勒索軟件另闢渠道,通過驅動漏洞幹翻殺毒軟件
https://www.freebuf.com/articles/system/228338.html
挖洞經驗| 不被PayPal待見的6個安全漏洞
https://www.freebuf.com/vuls/228755.html
v8利用入門-從越界訪問到rce
https://paper.seebug.org/1145/
這是一篇“不一樣”的真實滲透測試案例分析文章
https://paper.seebug.org/1144/
淺談DDoS攻防對抗中的AI實踐
https://security.tencent.com/index.php/blog/msg/144
Cobalt Strike 4.0 手冊——獻給滲透測試人員的先進威脅戰術
https://paper.seebug.org/1143/
Apache Tomcat 遠程文件包含漏洞深入分析
https://paper.seebug.org/1142/
全球高級持續性威脅(APT) 2019年上半年研究報告
https://paper.seebug.org/1140/
Netgear R6400 upnp棧重疊冗餘分析
https://www.freebuf.com/vuls/228293.html
乾貨!CVE-2020-0796漏洞技術分析
https://s.tencent.com/research/bsafe/912.html
從網絡側分析蟻劍交互流量
https://www.freebuf.com/articles/network/229193.html
jackson-databind-2653: JNDI注入導致遠程代碼執行漏洞通告
https://cert.360.cn/warning/detail?id=784f7badbb98574e17a1786d12c78675
CVE-2020-0796漏洞DoS測試腳本公開
https://nosec.org/home/detail/4331.html
黑客可利用Slack漏洞控制用戶賬戶
https://www.freebuf.com/column/230522.html
VMware Workstation和Fusion存在安全漏洞,攻擊者可在主機上執行任意代碼
https://www.freebuf.com/column/230523.html
Netgear R6400 upnp漏洞分析
https://www.freebuf.com/vuls/228293.html
JudasDNS:域名服务器DNS投毒测试工具
https://www.freebuf.com/articles/network/227984.html
挖礦應急響應小結
https://mp.weixin.qq.com/s/Lhf_aE2gLclVt_28bCjEkQ
慘遭刪庫,這筆賬應該怎麼算
https://www.freebuf.com/articles/database/230698.html
騰訊安全威脅情報中心“明爐亮灶”工程:自動化惡意域名檢測揭秘
https://mp.weixin.qq.com/s/QV8ErKHow3b-AMp6HMzKQg
威脅狩獵101文檔
https://mp.weixin.qq.com/s/8F_X46NGte2LQ4DS-0k-rg
奇安信CERT 2月安全監測報告:高危漏洞數量持續上升
https://www.secrss.com/articles/17919
SMBGhost漏洞技術分析與防禦方案
https://zhuanlan.zhihu.com/p/114010748
Check Point防火牆的提權漏洞
https://nosec.org/home/detail/4347.html
ExchangeServer漏洞CVE-2020-0688復現
https://www.freebuf.com/vuls/228681.html
記錄並淺析一次服務器被黑事件
https://www.freebuf.com/articles/web/229518.html
隱私一覽無餘!微博洩露事件臥底調查報告
https://www.freebuf.com/news/230960.html
紅隊基本操作:通用Shellcode加載器
https://www.freebuf.com/articles/network/228795.html
APT攻防之紅隊入侵:DLL劫持與白利用
https://www.freebuf.com/articles/system/227824.html
內網滲透之域關係探測神器:Bloodhound
https://www.freebuf.com/sectool/228329.html
從OilRig APT攻擊分析惡意DNS流量阻斷在企業安全建設中的必要性
https://www.freebuf.com/articles/others-articles/228700.html
基於USB的攻擊向量總結
https://www.freebuf.com/articles/terminal/229042.html
Getting Started in Android apps Pen-testing (PART-1)
https://blog.securitybreached.org/2020/03/17/getting-started-in-android-apps-pentesting/
A Fundamental Tool in the Toolkit: Evasive Shellcode Launchers – Part 1
https://www.nagarrosecurity.com/blog/evasive-shellcode-launchers
Windows 10 Mail App Forensics
https://medium.com/@melanijan93/windows-10-mail-app-forensics-39025f5418d2
Maryam : Open-source Intelligence(OSINT) Framework
https://github.com/saeeddhqan/Maryam
AFLNet: A Greybox Fuzzer for Network Protocols
https://github.com/aflnet/aflnet/blob/master/README.md
Table of Contents
https://github.com/renzu0/nw-tips
Reverse Engineering for Beginners
https://www.begin.re/
Tracking Turla: New backdoor delivered via Armenian watering holes
https://www.welivesecurity.com/2020/03/12/tracking-turla-new-backdoor-armenian-watering-holes/
VB2019 paper: Defeating APT10 compiler-level obfuscations
https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-defeating-apt10-compiler-level-obfuscations/
Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers
https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-attribution-object-using-rtf-object-dimensions-track-apt-phishing-weaponizers/
Kimsuky group: tracking the king of the spear phishing
https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-kimsuky-group-tracking-king-spearphishing/
Binary Ninja Deep Thoughts
https://binary.ninja/2020/03/11/signature-libraries.html
普段の調査で利用するOSINTまとめ
https://qiita.com/00001B1A/items/4d8ceb53993d3217307e
安全技能樹簡版
https://evilcos.me/security_skill_tree_basic/
Crafty Web Skimming Domain Spoofs “https”
https://krebsonsecurity.com/2020/03/crafty-web-skimming-domain-spoofs-https/
Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldn't
https://www.zdnet.com/article/tor-team-warns-of-tor-browser-bug-that-runs-javascript-on-sites-it-shouldnt/#ftag=RSSbaffb68
Avast Antivirus JavaScript Interpreter
https://github.com/taviso/avscript
Firmware Analysis for IoT Devices
https://www.peerlyst.com/posts/firmware-analysis-for-iot-devices-aditya-gupta
Shadows in the Rain
https://medium.com/insomniacs/shadows-in-the-rain-a16efaf21aae
Proton Framework
https://github.com/entynetproject/proton
Loki - Simple IOC and Incident Response Scanner
https://github.com/Neo23x0/Loki
Using OSINT Techniques to Land that Dream Job
https://www.peerlyst.com/posts/using-osint-techniques-to-land-that-dream-job-raf-borges
Crafty Web Skimming Domain Spoofs “https”
https://krebsonsecurity.com/2020/03/crafty-web-skimming-domain-spoofs-https/
UPGRADE YOUR WORKFLOW, PART 1: BUILDING OSINT CHECKLISTS
https://www.trustedsec.com/blog/upgrade-your-workflow-part-1-building-osint-checklists/
Open Cyber Threat Intelligence Platform
https://github.com/OpenCTI-Platform/opencti
PowerShell for Hackers (W41) by Atul Tiwari for Hakin9 (Review)
https://thesecuritynoob.com/course/powershell-for-hackers-w41-by-atul-tiwari-for-hakin9-review/
Hunting APTs with YARA
https://securelist.com/hunting-apts-with-yara/96386/?utm_source=rss&utm_medium=rss&utm_campaign=hunting-apts-with-yara
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory
https://hakin9.org/unicorn-is-a-simple-tool-for-using-a-powershell-downgrade-attack-and-inject-shellcode-straight-into-memory/
Finding McAfee: A Case Study on Geoprofiling and Imagery Analysis
https://blog.usejournal.com/finding-mcafee-a-case-study-on-geoprofiling-and-imagery-analysis-6f16bbd5c219
OSINT Search Links
https://www.peerlyst.com/posts/osint-search-links-tawhidur-rahman
sherlock Hunt down social media accounts by username across social networks
https://github.com/sherlock-project/sherlock
XSpear - Powerfull XSS Scanning and Parameter analysis tool and gem
https://hakin9.org/xspear-powerfull-xss-scanning-and-parameter-analysis-tool-and-gem/
Creating CyberRange assets w/ Vagrant
https://medium.com/aws-cyber-range/creating-cyberrange-assets-w-vagrant-1cf7636da049
OWASP Mobile Top 10
https://owasp.org/www-project-mobile-top-10/
Universal Radio Hacker: Investigate Wireless Protocols like a Boss
https://hakin9.org/universal-radio-hacker-investigate-wireless-protocols-like-a-boss/
E-mails, subdomains and names Harvester - OSINT
https://github.com/laramies/theHarvester
Repository of sentinel alerts and hunting queries leveraging sysmon and the MITRE ATT&CK framework
https://hakin9.org/repository-of-sentinel-alerts-and-hunting-queries-leveraging-sysmon-and-the-mitre-attck-framework/
Nginx-Lua-Anti-DDoS
https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS
sherlock
https://github.com/sherlock-project/sherlock
IOS Penetration Testing- App Decryption And Jailbreaking- Part 1
https://hackersonlineclub.com/ios-penetration-testing-app-decryption-and-jailbreaking/
Analyzing SUID Binaries
https://blog.grimm-co.com/post/analyzing-suid-binaries/
MalwareBazaar Database
https://bazaar.abuse.ch/browse/
Threat Research Six Facts about Address Space Layout Randomization on Windows
https://www.fireeye.com/blog/threat-research/2020/03/six-facts-about-address-space-layout-randomization-on-windows.html
F.商業
遠距工作成趨勢 微軟提出五大智慧資安防護觀察
https://money.udn.com/money/story/5612/4409888
Windows 10 變身開發者利器:內建 Linux 核心,像安裝驅動程式一樣方便
https://technews.tw/2020/03/17/wsl2-will-be-generally-available-in-windows-10-version-2004/
Nokia成中華電5G設備供應商 資安疑慮反成焦點
https://tw.appledaily.com/property/20200319/YX3L4UIEHOQ4B4FX7FJPU4VWH4/
BitDefender強化端點防護的進階威脅攻擊偵測能力,並提供電腦配置的風險評估
https://www.ithome.com.tw/review/136242
Google Nest 網路攝影機影像中斷,雲端服務受考驗
http://technews.tw/2020/03/20/google-nest-ip-camera-cloud-services-tested/
Microsoft Bing team launches COVID-19 tracker
https://www.zdnet.com/article/microsoft-bing-team-launches-covid-19-tracker/#ftag=RSSbaffb68
A message from our COO regarding Trend Micro’s Customer commitment during the global Coronavirus Pandemic (COVID-19)
https://blog.trendmicro.com/letter-from-our-coo/
Ansible DevOps comes to the mainframe
https://www.zdnet.com/article/ansible-devops-comes-to-the-mainframe/#ftag=RSSbaffb68
SANS Offers Free Kit to Secure Home Workers
https://www.infosecurity-magazine.com/news/sans-offers-free-kit-to-secure/
Let Us Help Secure Your Teleworkers
https://resources.trendmicro.com/Work-From-Home-Assistance-Program.html
Free SentinelOne Platform Access
https://www.sentinelone.com/lp/covid-19/
The Elsatic Guide to Threat Hunting
https://www.elastic.co/pdf/elastic-guide-to-threat-hunting
Real-time file monitoring on Windows with osquery
https://blog.trailofbits.com/2020/03/16/real-time-file-monitoring-on-windows-with-osquery/
Trace APIs declaratively through Frida.
https://github.com/nowsecure/frida-trace
G.政府
陳其邁與美學者分享大數據防疫經驗
http://bit.ly/33kELzg
嚴防新冠肺炎 北市居家、分區辦公順利完成演練
https://www.chinatimes.com/realtimenews/20200313005168-260405?chdtv
可重複登記!口罩實名制2.0「有漏洞」 陳時中:結算時會刪除
https://www.ettoday.net/news/20200313/1666814.htm
新黨案證據能力被挑戰? 調查官:鑑識流程沒寫成報告
https://udn.com/news/story/7321/4423970
NCC指定102家「關鍵基礎設施提供者」 須負起資安義務
https://www.rti.org.tw/news/view/id/2056015
因應武漢肺炎疫情 國發會強化遠距辦公整備作業
https://www.rti.org.tw/news/view/id/2056009
7千多民眾口罩預購輸入手機格式錯誤 今以電子郵件通知更正
http://bit.ly/38Y8n6F
警署超前部署演練異地辦公 全國警下週跟進
https://www.cna.com.tw/news/asoc/202003190309.aspx
【2019政府網路攻防演練結果大公開】新焦點是需重視使用相同軟體套件與委外廠商可能忽略的風險
https://www.ithome.com.tw/news/136455
H.工控系統/SCADA/ICS
多個Moxa AWK-3131A(工控無線網絡設備)漏洞可導致任意代碼執行
https://www.sohu.com/a/380526653_354899
美國Rockwell Automation公司的可編程邏輯控制器存在安全漏洞,可致敏感信息洩露
https://www.freebuf.com/column/230671.html
工程師不可不知的IEEE 802.3bt PoE技術
https://www.eettaiwan.com/news/article/20200319TA31-What-every-engineer-should-know-about-IEEE-802-point-3btPoE
工控安全| 西門子S7-300攻擊分析
https://www.freebuf.com/articles/ics-articles/228770.html
I.教育訓練
擁有一堆顧客資料該如何正確管理,降低資安風險
https://ithome.com.tw/pr/136340
考一張拿兩張證照? CEH駭客大師雙認證
https://ithome.com.tw/pr/136342
AgileWorks 持續整合與自動化測試
http://jenkins.readbook.tw/
白帽公開課|CTF之逆向分析技術| 冠軍選手幫你把CTF知識點各個擊破
https://www.freebuf.com/open/230321.html
Network Security Baseline
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/Baseline_Security/securebasebook/sec_chap1.html
Introduction to Bluetooth Low Energy
https://www.pentestpartners.com/security-blog/introduction-to-bluetooth-low-energy/
web漏洞之SSRF
https://www.cnblogs.com/bin1121/p/12522637.html
Create application-level event handlers in Excel
https://docs.microsoft.com/en-us/office/troubleshoot/excel/create-application-level-event-handler
How to Path Traversal with Burp Community Suite
https://blog.mindedsecurity.com/2020/03/how-to-path-traversal-with-burp.html
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
台灣大哥大利用700MHz頻段布局IoT 推出智慧物聯無線電
https://www.sogi.com.tw/articles/iot_sim/6254615
6.近期資安活動及研討會
數據分析與機器學習案例實務(一)以PM2.5為例 3/23
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3888&from_course_list_url=course_index
Taipei 暗号通貨 (Cryptocurrency) Meetup 3/25
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcfbhc/
Thinking Thursday 第七場 3/26
https://www.meetup.com/Thinking-Thursday/events/266911452/
Flutter Taipei 2020 暖開幕 | Warm Up Party 3/27
https://www.meetup.com/Flutter-Taipei/events/269033933/
交通大學駭客書院 - 緩衝區溢位攻擊與預防 3/28
https://hackercollege.nctu.edu.tw/?p=1141
black ASIA 2020 Singapore 3/31 ~ 4/3
https://www.blackhat.com/asia-20/briefings/schedule/
Kaspersky® Security Analyst Summit 4/6 ~ 4/9
https://thesascon.com/
QGIS地理資訊研習班 4/8 ~ 4/9
https://www.accupass.com/event/2002120936323517290110
邊緣計算系統之大數據與深度學習應用 4/10
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3883&from_course_list_url=course_index
第二屆ICANN APAC-TWNIC Engagement Forum 與第34屆TWNIC IP政策資源管理會議 4/16
https://forum.twnic.tw/2020/registration.htm
交通大學駭客書院 -入侵行為發覺與應變指南 4/18
https://hackercollege.nctu.edu.tw/?p=1144
VXCON 2020 - APAC 4/18 ~ 4/19
https://www.vxcon.hk/
2020全方位資訊安全人才培育計畫 4/21 ~ 6/16
http://service.tabf.org.tw/tw/user/409646/
2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore 4/21 ~ 4/23
https://www.icscybersecurityconference.com/singapore/
Taipei 暗号通貨 (Cryptocurrency) Meetup 4/22
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcgbdc/
亞太資訊安全論壇暨展覽會 4/22
https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html
交通大學駭客書院 - 基礎網頁安全與滲透測試 4/25
https://hackercollege.nctu.edu.tw/?p=1147
2020 LINE Taiwan Developers Recruitment Day 4/25
https://engineering.linecorp.com/zh-hant/blog/2020-line-taiwan-technical-recruitment-day/
交通大學駭客書院 - 基礎網站安全建構實務 5/16
https://hackercollege.nctu.edu.tw/?p=1151
交通大學駭客書院 - 電子郵件之偽造攻擊與防護措施 5/23
https://hackercollege.nctu.edu.tw/?p=1156
Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/
交通大學駭客書院 - 進階網頁滲透測試 5/30
https://hackercollege.nctu.edu.tw/?p=1159
邊緣計算系統之大數據與深度學習應用 6/5
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index
交通大學駭客書院 - 高階網頁滲透測試 6/13 6/20
https://hackercollege.nctu.edu.tw/?p=1161
交通大學駭客書院 - 企業網域控管-Active Directory攻擊與防禦 6/27
https://hackercollege.nctu.edu.tw/?p=1164
CYBERSEC 2020 臺灣資安大會 8/12
https://cyber.ithome.com.tw/
沒有留言:
張貼留言