2020年3月6日 星期五
資安事件新聞週報 2020/3/2 ~ 2020/3/6
資安事件新聞週報 2020/3/2 ~ 2020/3/6
1.重大弱點漏洞/後門/Exploit/Zero Day
Android爆嚴重保安漏洞!聯發科晶片出事!即看中招型號及解決法
http://bit.ly/38nKpkU
聯發科晶片漏洞CVE-2020-0069允許駭客取得裝置根權限,影響數百萬Android裝置
https://www.ithome.com.tw/news/136151
Netgear 部份路由器產品新發現多個嚴重資安漏洞
https://www.twcert.org.tw/tw/cp-104-3406-75dff-1.html
Ghostcat 漏洞曝光,Apache Tomcat 服務器受影響
https://www.chainnews.com/zh-hant/articles/623287993990.htm
GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat
https://thehackernews.com/2020/02/ghostcat-new-high-risk-vulnerability.html
Ghostcat is a high-risk file read / include vulnerability in Tomcat 【 CVE-2020-1938 】
https://www.chaitin.cn/en/ghostcat
CVE-2020-1938-Tomact-file_include-file_read
https://github.com/sv3nbeast/CVE-2020-1938-Tomact-file_include-file_read
JVNVU#97748968 複数の ZyXEL 製品に含まれる weblogin.cgi にコマンドインジェクションの脆弱性
https://jvn.jp/vu/JVNVU97748968/
Cisco Email Security Appliance拒絕服務漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-shrt-dos-wM54R8qA
Cisco patches incoming to address Kr00k vulnerability impacting routers, firewall products
https://www.zdnet.com/article/cisco-says-patches-incoming-to-address-new-kr00k-vulnerability-impacting-routers-firewall-products/
多項合勤防火牆、NAS產品爆指令注入漏洞可執行任意程式碼
https://www.ithome.com.tw/news/136038
Kr00k漏洞可造成Wi-Fi網路封包解密,影響搭載Broadcom、Cypress晶片的產品
https://www.ithome.com.tw/news/136066
超級WiFi漏洞影響10億設備,小米華為全中招
https://www.aqniu.com/threat-alert/64547.html
KrØØk: Serious vulnerability affected encryption of billion+ WiFi devices
https://www.welivesecurity.com/2020/02/26/krook-serious-vulnerability-affected-encryption-billion-wifi-devices/
KR00K - CVE-2019-15126 SERIOUS VULNERABILITY DEEP INSIDE YOUR WI-FI ENCRYPTION
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf
New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices
https://thehackernews.com/2020/02/kr00k-wifi-encryption-flaw.html
Flaw in billions of Wi-Fi devices left communications open to eavesdropping
https://arstechnica.com/information-technology/2020/02/flaw-in-billions-of-wi-fi-devices-left-communications-open-to-eavesdroppng/
Wi-Fi 晶片發現資安漏洞,駭客可攔截用戶發送的訊息
https://buzzorange.com/techorange/2020/03/02/wifi-chip-flaw/
駭客正在掃描微軟Exchange伺服器漏洞,還沒修補的請儘快
https://www.ithome.com.tw/news/136043
GOOGLE CHROME瀏覽器存在安全漏洞(CVE-2020-6407與CVE-2020-6418)
https://www.isda.org.tw/2020/02/d8bdcacec23662f921c42a2f010b0de4/
號召60萬黑客鑽研漏洞 HackerOne去年獎金破3億
http://startupbeat.hkej.com/?p=84449
掃地機械人爆安全漏洞 黑客可遙控及遠程偷窺
http://bit.ly/2x1yxbv
The Long Path out of the Vulnerability Disclosure Dark Ages
https://www.wired.com/story/vulnerability-disclosure-bug-bounties/
Hackers are actively exploiting zero-days in several WordPress plugins
https://www.zdnet.com/article/hackers-are-actively-exploiting-zero-days-in-several-wordpress-plugins/#ftag=RSSbaffb68
Jackson-databind再修復兩個RCE漏洞
https://nosec.org/home/detail/4181.html
Windows 10 Y3K Bug: Won't Install After January 18, 3001
https://www.bleepingcomputer.com/news/microsoft/windows-10-y3k-bug-wont-install-after-january-18-3001/
Adobe Patches Critical Bugs Affecting Media Encoder and After Effects
https://thehackernews.com/2020/02/adobe-software-updates.html
GitLab訪問控制錯誤漏洞
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
API...讓監理機關場外監控更及時
https://money.udn.com/money/story/5613/4381904
迎戰數位金融 業者去年砸逾200億
https://udn.com/news/story/7239/4381683?from=udn-catebreaknews_ch2
偽造連鎖零售商會員卡條碼,盜刷偷來的信用卡
https://blog.trendmicro.com.tw/?p=63549
擁抱金飯碗!合庫銀畢業季徵才360人 儲備菁英年薪百萬
https://udn.com/news/story/7239/4390933
合庫銀下月徵才360人
https://money.udn.com/money/story/5613/4392780
武漢肺炎疫情拖累樂天銀 樂天銀行首次董事會延至3月
https://ec.ltn.com.tw/article/breakingnews/3088875
偽造連鎖零售商會員卡條碼,盜刷偷來的信用卡
https://blog.trendmicro.com.tw/?p=63549
The hacker explained why in Russia cards will become more often blocked
https://www.ehackingnews.com/2020/03/the-hacker-explained-why-in-russia.html
Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server
https://blog.malwarebytes.com/threat-analysis/2020/02/fraudsters-cloak-credit-card-skimmer-with-fake-content-delivery-network-ngrok-server/
NEW INITIATIVE BRINGS TOGETHER LAW ENFORCEMENT AND EUROPE’S LARGEST FINANCIAL INFRASTRUCTURES
https://www.europol.europa.eu/newsroom/news/new-initiative-brings-together-law-enforcement-and-europe%E2%80%99s-largest-financial-infrastructures
TA505 hacking crew spent much of 2019 trying to breach South Korea's financial sector
https://www.cyberscoop.com/ta505-south-korea-bank-phishing/
The Central Bank of Russia warned about the new scheme of fraud "taxi from the Bank"
https://www.ehackingnews.com/2020/02/the-central-bank-of-russia-warned-about.html
Hackers launch DDoS Attacks to Target Australian Banks
https://www.ehackingnews.com/2020/02/hackers-launch-ddos-attacks-to-target.html
How to do your banking online without putting your security at risk
https://www.komando.com/money-tips/safe-online-banking-security/707655/
3.電子支付/電子票證/行動支付/ pay/新聞及資安
電子支付使用人數首破700萬 一卡通、街口最多人用市占逾5成
https://www.ettoday.net/news/20200306/1661154.htm
4.虛擬貨幣/區塊鍊相關新聞及資安
首個「區塊鏈版第三方登入」落地! Maxonrow 攜手全新資產平台,拓展實名生態圈
https://news.knowing.asia/news/ab9a4a5c-9a81-4d06-aad6-950ba7bbbd10
實體貨幣掰掰?瑞典進行國家級數位貨幣實驗 看不到的「克朗」將便於民眾消費
https://cnews.com.tw/134200229a01/
LINE美國成立電子貨幣交易所 BITFRONT投入服務
http://bit.ly/3ahkIUt
他將價值18億比特幣密碼藏在鋁盒中 竟被房東當垃圾全丟了
https://udn.com/news/story/6810/4386516
PeckShield 資安報告:2月共發生11起安全、駭客事件,損失4,823萬美元
https://www.blocktempo.com/there-are-48-million-assets-lost-in-february/
實名區塊鏈版圖全面擴張!Maxonrow即將上架GRXTrade交易所
http://bit.ly/3cAdX27
確保資產安全!英國保險巨頭勞合社將為加密貨幣持有者提供保險服務
https://bitnance.vip/news/326d3708-03a1-4f99-88b6-4e3f906e293f
ProgPoW算法被曝漏洞,以太坊ASIC挖礦已不可阻擋
https://kknews.cc/tech/bz99ggo.html
Blockstack anchors to Bitcoin network with new mining algorithm
https://www.zdnet.com/article/blockstack-anchors-to-bitcoin-network-with-new-mining-algorithm/#ftag=RSSbaffb68
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
新版金融木馬Cerberus可竊取Google Authenticator所產生的一次性密碼
https://ithome.com.tw/news/136064
Gmail 近期來者不善的附件 超過一半偽裝成微軟 Office 文件
https://saydigi-tech.com/2020/02/19003.html
可惡!惡意軟體以「新型冠狀病毒」為主題傳播
https://ec.ltn.com.tw/article/breakingnews/3083428
FBI:勒索軟體受害者過去6年來已支付價值1.4億美元的比特幣
https://www.ithome.com.tw/news/136075
駭客專挑尚未更新系統的企業,更新工具套件,清除舊版挖礦程式並攻擊更多系統
https://blog.trendmicro.com.tw/?p=63456
研究人員把國家級macOS惡意程式納為己用
https://www.ithome.com.tw/news/136126
無檔案式挖礦程式 PowerGhost 跳脫 Windows,現身 Linux 系統
https://blog.trendmicro.com.tw/?p=63564
McAfee:有接近一半的Android惡意程式屬於隱藏程式
https://www.ithome.com.tw/news/136187
McAfee Mobile Threat Report
https://www.mcafee.com/content/dam/consumer/en-us/docs/2020-Mobile-Threat-Report.pdf
US government authorities fail to train employees on ransomware detection, prevention
https://www.zdnet.com/article/government-authorities-fail-to-train-employees-on-ransomware-detection-prevention/#ftag=RSSbaffb68
Emotet Resurfaces to Drive 145% of Threats in Q4 2019
https://www.darkreading.com/attacks-breaches/emotet-resurfaces-to-drive-145--of-threats-in-q4-2019/d/d-id/1337147
DoppelPaymer Hacked Bretagne Télécom Using the Citrix ADC Flaw
https://www.bleepingcomputer.com/news/security/doppelpaymer-hacked-bretagne-t-l-com-using-the-citrix-adc-flaw/
Nemty Ransomware Actively Distributed via 'Love Letter' Spam
https://www.bleepingcomputer.com/news/security/nemty-ransomware-actively-distributed-via-love-letter-spam/
Roaming Mantis, part V Distributed in 2019 using SMiShing and enhanced anti-researcher techniques
https://securelist.com/roaming-mantis-part-v/96250/
New Evasion Encyclopedia Shows How Malware Detects Virtual Machines
https://www.bleepingcomputer.com/news/security/new-evasion-encyclopedia-shows-how-malware-detects-virtual-machines/
RiskIQ’s 2019 Mobile App Threat Landscape Report: The Mobile Ecosystem Swells, but Google Leads a Decline in Malicious Apps
https://www.riskiq.com/blog/external-threat-management/2019-mobile-app-threat-landscape-report/
Android malware can steal Google Authenticator 2FA codes
https://www.zdnet.com/article/android-malware-can-steal-google-authenticator-2fa-codes/#ftag=RSSbaffb68
2020 - Year of the RAT
https://www.threatfabric.com/blogs/2020_year_of_the_rat.html
Raccoon malware targets massive range of browsers to steal your data and cryptocurrency
https://www.zdnet.com/article/raccoon-malware-targets-massive-browser-range-to-steal-your-data-and-cryptocurrency/
Raccoon: The Story of a Typical Infostealer
https://www.cyberark.com/threat-research-blog/raccoon-the-story-of-a-typical-infostealer/
NICTに届いたEmotetへの感染を狙ったメール(2019年9月~2020年2月)
https://blog.nicter.jp/2020/03/emotet-mail-201909-202002/
Script Kiddie Nightmare: IoT Attack Code Embedded with Backdoor by Ankit Anubhav
https://hakin9.org/script-kiddie-nightmare-iot-attack-code-embedded-with-backdoor/
New PwndLocker Ransomware Targeting U.S. Cities, Enterprises
https://www.bleepingcomputer.com/news/security/new-pwndlocker-ransomware-targeting-us-cities-enterprises/
Domen toolkit gets back to work with new malvertising campaign
https://blog.malwarebytes.com/threat-analysis/2020/02/domen-toolkit-gets-back-to-work-with-new-malvertising-campaign/
2020-02-25 - TRICKBOT GTAG RED4 DISTRIBUTED AS DLL FILE
https://www.malware-traffic-analysis.net/2020/02/25/index.html
MMD-0066-2020 - Linux/Mirai-Fbot - A re-emerged IoT threat
https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html
CyaX DotNet Packer Analysis
https://rvsec0n.wordpress.com/2020/01/24/cyax-dotnet-packer/
Turla_IOC
https://github.com/StrangerealIntel/DailyIOC/blob/master/2020-03-01/Turla_IOC.csv
New Iranian Campaign Tailored to US Companies Utilizes an Updated Toolset
https://intezer.com/blog-new-iranian-campaign-tailored-to-us-companies-uses-updated-toolset/?utm_source=wadi&utm_medium=influencer_platform
Weaponizing a Lazarus Group Implant
https://objective-see.com/blog/blog_0x54.html
Golang wrapper on an old obscene malware
https://sysopfb.github.io/malware/2020/02/28/Golang-Wrapper-on-an-old-malware.html
MEETING POWERBAND: THE APT33 .NET POWERTON VARIANT
https://blog.telsy.com/meeting-powerband-the-apt33-net-powerton-variant/
Revealing the Trick | A Deep Dive into TrickLoader Obfuscation
https://labs.sentinelone.com/revealing-the-trick-a-deep-dive-into-trickloader-obfuscation/
Ransomware Attack in Florida Forces Prosecutor to Drop Charges in Drug Cases
https://hotforsecurity.bitdefender.com/blog/ransomware-attack-in-florida-forces-prosecutor-to-drop-charges-in-drug-cases-22383.html
Mitigating malware and ransomware attacks
https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
Nemty Ransomware Punishes Victims by Posting Their Stolen Data
https://www.bleepingcomputer.com/news/security/nemty-ransomware-punishes-victims-by-posting-their-stolen-data/
Android malware is running rampant but Microsoft could have the perfect solution
https://www.express.co.uk/life-style/science-technology/1248287/Android-malware-Microsoft-Defender-antivirus-app-release
TrickBot Adds ActiveX Control, Hides Dropper in Images
https://threatpost.com/trickbot-activex-control-dropper/153370/
TRICKBOT 使用新的 win 10 UAC 繞過
https://www.chainnews.com/zh-hant/articles/863015758407.htm
TRICKBOT DELIVERY METHOD GETS A NEW UPGRADE FOCUSING ON WINDOWS 10
https://blog.morphisec.com/trickbot-delivery-method-gets-a-new-upgrade-focusing-on-windows
NCSC Updates its Ransomware Guidance in Light of High-Profile Attacks
https://cyware.com/news/ncsc-updates-its-ransomware-guidance-in-light-of-high-profile-attacks-5696f019
Mitigating malware and ransomware attacks
https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
Legal services giant Epiq Global offline after ransomware attack
https://techcrunch.com/2020/03/02/epiq-global-ransomware/
NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs
https://threatpost.com/netsupport-manager-rat-nortonlifelock-docs/153387/
Cortex XDR™ Detects New Phishing Campaign Installing NetSupport Manager RAT
https://unit42.paloaltonetworks.com/cortex-xdr-detects-netsupport-manager-rat-campaign/
Malware Trends Tracker
https://any.run/malware-trends/
Cobalt Ulster Strikes Again With New ForeLord Malware
https://threatpost.com/cobalt-ulster-strikes-again-with-new-forelord-malware/153418/
2020-03-02 - QUICK POST: 4 EXAMPLES OF MAGNITUDE EK
https://www.malware-traffic-analysis.net/2020/03/02/index.html
Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations
https://unit42.paloaltonetworks.com/molerats-delivers-spark-backdoor/
New Perl Botnet (Tuyul) Found with Possible Indonesian Attribution
https://www.f5.com/labs/articles/threat-intelligence/new-perl-botnet--tuyul--found-with-possible-indonesian-attributi
Ransomware Attackers Use Your Cloud Backups Against You
https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/?&web_view=true
The North Korean Kimsuky APT keeps threatening South Korea evolving its TTPs
https://blog.yoroi.company/research/the-north-korean-kimsuky-apt-keeps-threatening-south-korea-evolving-its-ttps/
김수키(Kimsuky) 조직, 실제 주민등록등본 파일로 둔갑한 '블루 에스티메이트 Part3' APT 공격 주의
https://blog.alyac.co.kr/2737
Guildma: The Devil drives electric
https://www.welivesecurity.com/2020/03/05/guildma-devil-drives-electric/
Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks
https://blog.trendmicro.com/trendlabs-security-intelligence/dissecting-geost-exposing-the-anatomy-of-the-android-trojan-targeting-russian-banks/
B.行動安全 / iPhone / Android /穿戴裝置 /App
iPhone Android都中招!手機WiFi零件現保安漏洞 即睇邊部機出事
http://bit.ly/39hirc6
小心手機充滿「毒」!程式商店藏6萬惡意軟體 其中最安全的就是「它」
https://cnews.com.tw/137200304a05/
史上最開放的 iPhone 問世?竟可以搭載 Android 10 系統
https://3c.ltn.com.tw/news/39715
Report identifies the most dangerous mobile app store on the internet
https://www.zdnet.com/article/report-identifies-the-most-dangerous-mobile-app-store-on-the-internet/
SurfingAttack – hacking phones via ultrasonic waves
https://securityaffairs.co/wordpress/98785/hacking/surfingattack-technique.html
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
聰明企業的資安準則叫做零信任
https://ithome.com.tw/article/136121
遠距工作的資安注意事項
https://devco.re/blog/2020/03/04/telework-security/
2020年2月十大資安新聞
https://www.ithome.com.tw/news/136129
因韓國中學生的憤怒?新天地的官方網站被駭!
https://www.koreastardaily.com/tc/news/124791
Tesla 與 SpaceX 零組件供應商遭駭侵攻擊
https://www.twcert.org.tw/tw/cp-104-3405-83b71-1.html
駭客逃亡中國13年 因武漢肺炎奔回台投案
https://tw.appledaily.com/local/20200229/3YPWJEHOJ6GEV4X6DWJAQTOQ5Y/
先斬後奏:一個靠入侵社交帳號打商業廣告的駭客組織
https://ek21.com/news/tech/181709/
擁有30億人臉資料庫的AI公司被駭!擁有資料量超越美國聯邦政府,客戶包含美國移民局、司法部、FBI
http://bit.ly/2TFIWkS
擁有 30 億張圖片的臉部辨識新創遭駭客入侵
http://bit.ly/2wuOqH8
兩岸網軍「終局大戰」 國防院:陸可攻擊海纜「讓台灣斷網!」
https://www.ettoday.net/news/20200303/1658448.htm
中資公司被曝網安措施不足 客戶隱私恐泄露
https://www.epochtimes.com/b5/20/3/2/n11909393.htm
星國擬成立網路部隊 反制駭客
http://bit.ly/2wsmqUn
美國起訴兩名被指幫助北韓比特幣駭客洗錢的中國人
https://on.wsj.com/2TgI8DR
中共5次網攻 偷了美國什麼
http://bit.ly/39kEAGj
美國司法部指稱,北韓駭客盜取 2.5 億美元虛擬貨幣,再交由兩名中國人協助洗錢
https://www.techbang.com/posts/76605-chinese-bitcoin-cryptocurrency-north-korea-hacking
美國財政部制裁中國公民!其涉嫌助北韓駭客「Lazarus Group」洗錢 27 億虛擬貨幣
http://bit.ly/3czAigm
美CIA連續11年攻擊大陸網站 陸網安企業公布證據
https://www.chinatimes.com/realtimenews/20200303005831-260409?chdtv
奇虎360:美國CIA自2008年就開始攻擊中國
https://www.ithome.com.tw/news/136154
披露美國中央情報局CIA攻擊組織(APT-C-39)對中國關鍵領域長達十一年的網絡滲透攻擊
http://www.xinhuanet.com/world/2020-03/03/c_1210499250.htm
陸外交部:美國才是名副其實的「駭客帝國」
https://money.udn.com/money/story/5603/4389598
The CIA Hacking Group (APT-C-39) Conducts Cyber-Espionage Operation on China's Critical Industries for 11 Years
http://blogs.360.cn/post/APT-C-39_CIA_EN.html
Researchers Claim CIA Was Behind 11-Year-Long Hacking Attacks Against China
https://thehackernews.com/2020/03/china-cia-hackers.html
Windows 10 Users Warned As Hackers Target Newly Updated Computers
https://www.forbes.com/sites/daveywinder/2020/02/29/windows-10-users-warned-as-hackers-target-newly-updated-computers/
US Charges Two With Laundering $100M for North Korean Hackers
https://www.bleepingcomputer.com/news/security/us-charges-two-with-laundering-100m-for-north-korean-hackers/
Coronavirus: Effective strategies and tools for remote work during a pandemic
https://www.zdnet.com/article/effective-strategies-and-tools-for-remote-work-during-coronavirus/#ftag=RSSbaffb68
Let's Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years
https://thehackernews.com/2020/02/lets-encrypt-ssl-certificate.html
How a Hacker's Mom Broke Into a Prison—and the Warden's Computer
https://www.wired.com/story/hackers-mom-broke-into-prison-wardens-computer/
Australia's surveillance laws are hitting the social license problem
https://www.zdnet.com/article/australias-surveillance-laws-are-hitting-the-social-license-problem/#ftag=RSSbaffb68
Hackers Can Use Ultrasonic Waves to Secretly Control Voice Assistant Devices
https://thehackernews.com/2020/03/voice-assistants-ultrasonic-waves.html
Chinese Hackers Target Asian Betting Firms
https://www.infosecurity-magazine.com/news/chinese-hackers-target-asian/#.Xk6ERs2ir3Q.twitter
US Treasury sanctions two Chinese nationals for laundering cryptocurrency for North Korean hackers
https://www.zdnet.com/article/us-treasury-sanctions-two-chinese-nationals-for-laundering-cryptocurrency-for-north-korean-hackers/
Let's Encrypt? Let's revoke 3 million HTTPS certificates on Wednesday, more like: Check code loop blunder strikes
https://www.theregister.co.uk/2020/03/03/lets_encrypt_cert_revocation/
熟悉php資深工程師、資安維護
https://www.tasker.com.tw/casepage-detail-159155.html
資安_資訊安全工程師(SOC)
https://www.yes123.com.tw/admin/job_refer_comp_job_detail2.asp?p_id=45210_03077208&job_id=20200302134136_4839183
趨勢科技校園徵才開跑 開放200個職缺
https://tw.appledaily.com/property/20200304/3OAFKZAIMFLYKA26GHFHIC7ZE4/
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
駭客用你的信箱要求匯款!神鬼不知的電匯詐騙讓美國年損逾500億元
https://www.storm.mg/article/2343379
以色列行銷公司Straffic外洩4,900萬筆通訊錄
https://ithome.com.tw/news/136095
以色列行銷業者未正確保護資料庫,近五千萬個 Email 等多項個資在網上曝光
https://www.twcert.org.tw/tw/cp-104-3403-ff638-1.html
Line、簡訊別亂點連結 避免受騙
https://times.hinet.net/topic/22808789
電郵被駭 助理上當匯錢 董事長損失45萬元
http://bit.ly/2VOJasi
【詐騙】包裹因電話無人接聽送貨失敗下載APP查詢簡訊?惡意軟體
https://www.mygopen.com/2020/02/fake-link.html
個資隱私受威脅 網路潛藏危機
https://www.peopo.org/news/444149
國台辦稱陸網友散播假訊息是謊言 徐國勇:這句就是假訊息
https://www.setn.com/News.aspx?NewsID=700905
Israeli Marketing Company Exposes Contacts Database
https://www.bankinfosecurity.com/israeli-marketing-company-exposes-contacts-database-a-13785
Security News This Week: Clearview AI's Massive Client List Got Hacked
https://www.wired.com/story/clearview-ai-client-list-cerberus-malware-security-news/
Walgreens says mobile app leaked users' personal data
https://www.zdnet.com/article/walgreens-says-mobile-app-leaked-users-personal-data/#ftag=RSSbaffb68
Walgreens Official notice leaked users' personal data
https://oag.ca.gov/system/files/Walgreens%20Mobile%20Messaging%20letter%20v2%20%28WAG%20version%29-Final.pdf
One in four Americans won’t do business with data-breached companies
https://www.zdnet.com/article/one-in-four-americans-wont-do-business-with-data-breached-companies/#ftag=RSSbaffb68
弘前市が職員関与と判断したほぼ全ての職員情報流出についてまとめてみた
https://piyolog.hatenadiary.jp/entry/2020/01/10/071456
教員アドレスから迷惑メール 岡山大、外部から不正アクセス
https://www.sanyonews.jp/article/989879
Tesco sends security warning to 600,000 Clubcard holders
https://www.bbc.com/news/technology-51710687
Fresh phish! Stripe scam baked and delivered in under an hour
https://nakedsecurity.sophos.com/2020/03/02/the-stripe-account-phish-that-unfolded-in-under-an-hour/
Taking a GPS tracker off your car isn’t ‘theft,’ court rules
https://nakedsecurity.sophos.com/2020/02/26/taking-a-gps-tracker-off-your-car-isnt-theft-court-rules/
Do you have a data breach response plan
https://www.helpnetsecurity.com/2020/03/03/data-breach-response-plan/
A Massive U.S. Property and Demographic Database Exposes 200 Million Records
https://thehackernews.com/2020/03/us-property-records-database.html
US property and demographic database of 200 million records leaked on the web
https://www.comparitech.com/blog/vpn-privacy/200-million-us-database-leaked/
E.研究報告
淺談甲方企業資訊安全建設的方法論
https://www.freebuf.com/articles/es/228582.html
什麼是Deepfake(深偽技術)?A 片女主角也可能造假
https://blog.trendmicro.com.tw/?p=63452
業務穩定性遷移實驗
https://www.freebuf.com/articles/es/228354.html
Obfuscapk:一款針對Android應用程序的黑盒混淆工具
https://www.freebuf.com/sectool/226391.html
Pytm:一種Python風格的威脅建模框架
https://www.freebuf.com/sectool/226951.html
KBOT研究報告
https://www.freebuf.com/articles/network/226952.html
Github敏感數據分析
https://www.freebuf.com/articles/network/226672.html
2020年仍然有效的一些XSS Payload
https://www.freebuf.com/articles/web/226719.html
“冠狀病毒”引發的移動安全事件
https://www.freebuf.com/articles/terminal/227337.html
挖洞經驗| 跨站Websocket Hijacking漏洞導致的Facebook賬號劫持
https://www.freebuf.com/vuls/227050.html
挖洞經驗| Snapchat不當輸入驗證漏洞導致的任意構造短信發送
https://www.freebuf.com/vuls/227092.html
Weblogic IIOP反序列化漏洞(CVE-2020-2551) 漏洞分析
https://www.freebuf.com/vuls/227920.html
詳解64位靜態編譯程序的fini_array劫持及ROP攻擊
https://www.freebuf.com/articles/system/226003.html
Pikachu靶場系列之XSS釣魚攻擊與PHP中的HTTP認證
https://www.freebuf.com/articles/web/226365.html
jackson-2634 / jackson-databind JNDI注入導致遠程代碼執行/官方更新白名單機制
https://qiita.com/shimizukawasaki/items/f8a3d1aa8412d3a4343a
IPv6Tools:一款模塊化的IPv6安全審計框架
https://www.freebuf.com/articles/network/226953.html
F-Secure Internet Gatekeeper中的堆溢出漏洞分析
https://www.freebuf.com/vuls/226687.html
CSV文件注入漏洞簡析
https://www.cnblogs.com/Eleven-Liu/p/12397857.html
Windows漏洞利用之基於SEH異常處理機制的棧溢出攻擊及shell提取
https://blog.csdn.net/Eastmount/article/details/104593520
手把手教你如何將學校飯卡複製到小米手環NFC版上
https://www.freebuf.com/geek/227717.html
WebLogic CVE-2020-2551漏洞分析
http://bit.ly/2Iacdie
House of 系列堆漏洞詳解
https://xz.aliyun.com/t/7267
直接利用angr進行突破挖掘
https://xz.aliyun.com/t/7275
Dufflebag:一款針對亞馬遜EBS彈性塊存儲服務的安全檢測工具
https://www.freebuf.com/sectool/226681.html
Ctftool:一種功能強大的相互替代CTF擴展利用工具
https://www.freebuf.com/sectool/227330.html
Gitee遭受DDoS攻擊,官方建議不要在hosts裡綁定IP地址
https://www.freebuf.com/news/228942.html
Hershell:一款功能強大的跨平台反向Shell生成器
https://www.freebuf.com/articles/network/226491.html
擴大Android攻擊面:React Native Android應用程序分析
https://www.freebuf.com/articles/terminal/226947.html
遠控免殺從入門到實踐(1):基礎篇
https://www.freebuf.com/articles/system/227461.html
遠控免殺從入門到實踐(2)工具總結篇
https://www.freebuf.com/articles/system/227462.html
遠控免殺從入門到實踐(3)-代碼文章-C / C ++
https://www.freebuf.com/articles/system/227463.html
XSS掃描器成長記
https://www.freebuf.com/articles/web/227275.html
Apache AJP協議CVE-2020-1938突破分析
https://www.freebuf.com/vuls/228108.html
TAS:一種輕量級tty修改與代碼偽造框架
https://www.freebuf.com/articles/network/226575.html
Threat Alert: New Attack Vector Targeting Your Cloud Environment
https://blog.aquasec.com/threat-alert-cloud-computing-security
JSQL Injection Java Based Application For Automatic SQL Database Injection
https://hackersonlineclub.com/jsql-injection-java-based-application-for-automatic-sql-database-injection/
2019年度網站攻擊技法公布,臺灣資安專家研究連三年獲肯定,再以兩項名列10大
https://www.ithome.com.tw/news/136109
Top 10 web hacking techniques of 2019 - nominations open
https://portswigger.net/research/top-10-web-hacking-techniques-of-2019-nominations-open
Evidence of VBA Purging Found in Malicious Documents
https://blog.nviso.eu/2020/02/25/evidence-of-vba-purging-found-in-malicious-documents/amp/
E-COMMERCE MERCHANTS: A HOT COMMODITY IN THE DARK WEB
https://q6cyber.com/blog/E-Commerce_Merchants_A_Hot_Commodity_in_the_Dark_Web/
Profiling of TA505 Threat Group That Continues to Attack the Financial Sector
https://www.fsec.or.kr/common/proc/fsec/bbs/163/fileDownLoad/2297.do
TA505 Group Profiling Follow the trail of TA505 (Abridged Version)
https://www.fsec.or.kr/common/proc/fsec/bbs/163/fileDownLoad/2298.do
New Evasion Encyclopedia Shows How Malware Detects Virtual Machines
https://www.bleepingcomputer.com/news/security/new-evasion-encyclopedia-shows-how-malware-detects-virtual-machines/
Evasion techniques
https://evasions.checkpoint.com/
建築業界を狙ったサイバー攻撃オペレーション「kiya」について
https://insight-jp.nttsecurity.com/post/102fz2k/kiya
建築業界を狙ったサイバー攻撃オペレーション「kiya」について(続編)
https://insight-jp.nttsecurity.com/post/102g03d/kiya
New Research Paper: Prevalence and impact of low-entropy packing schemes in the malware ecosystem
https://blog.talosintelligence.com/2020/02/new-research-paper-prevalence-and.html
Heimdal™ Security Discovers Gangs Hiding Behind Multiple Domains to Avoid TTPC Detection
https://heimdalsecurity.com/blog/gangs-hiding-behind-multiple-domains-to-avoid-ttpc-detection/
SECURITY ALERT: US Users Targeted with Corona Virus Phishing Attacks
https://heimdalsecurity.com/blog/security-alert-corona-virus-phishing/
4 THINGS THAT CAN HAPPEN IN THE ABSENCE OF A DISASTER RECOVERY PLAN
https://blog.eccouncil.org/4-things-that-can-happen-in-the-absence-of-a-disaster-recovery-plan/
Group-IB’s digital forensic experts presented the analysis of documents on the case involving Russian biathletes
https://www.group-ib.com/media/biathlon-docs-analysis/
Red_Team
https://github.com/BankSecurity/Red_Team
Payloads All The Things
https://github.com/swisskyrepo/PayloadsAllTheThings
Эксперты-криминалисты Group-IB представили анализ документов по делу российских биатлонисток
https://www.group-ib.ru/media/biathlon-docs-analysis/
Polyshell : A Bash/Batch/PowerShell Polyglot
https://kalilinuxtutorials.com/polyshell/
pentestmindmap
https://github.com/5bhuv4n35h/pentestmindmap
Critical MediaTek rootkit affecting millions of Android devices has been out in the open for months
https://www.xda-developers.com/mediatek-su-rootkit-exploit/
Extracting Embedded Payloads From Malware
https://medium.com/@ryancor/extracting-embedded-payloads-from-malware-aaca8e9aa1a9
Top 10 Open Source Security Testing Tools for Web Applications For 2020
https://teletype.in/@sravancynixit/iadvWWwi
‘Cloud Snooper’ Attack Bypasses Firewall Security Measures
https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/
Academics find 30 file upload vulnerabilities in 23 web apps, CMSes, and forums
https://www.zdnet.com/article/academics-find-30-file-upload-vulnerabilities-in-23-web-apps-cmses-and-forums/#ftag=RSSbaffb68
FUSE: Finding File Upload Bugs via Penetration Testing
https://www.ndss-symposium.org/wp-content/uploads/2020/02/23126.pdf
ELF_TSCookie - Linux Malware Used by BlackTech
https://blogs.jpcert.or.jp/en/2020/03/elf-tscookie.html
令和元年におけるサイバー空間をめぐる脅威の情勢等について
https://www.npa.go.jp/publications/statistics/cybersecurity/data/R01_cyber_jousei.pdf
Security Risks in Online Coding Platforms
https://blog.trendmicro.com/trendlabs-security-intelligence/security-risks-in-online-coding-platforms/
Security Risks in Online Coding Platforms
https://newsroom.trendmicro.com/blog/security-intelligence/security-risks-online-coding-platforms
Mokes and Buerak distributed under the guise of security certificates
https://securelist.com/mokes-and-buerak-distributed-under-the-guise-of-security-certificates/96324/
Bisonal: 10 years of play
https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html
Ryuk Revisited - Analysis of Recent Ryuk Attack
https://www.fortinet.com/blog/threat-research/ryuk-revisited-analysis-of-recent-ryuk-attack.html
Attackers Taking Advantage of the Coronavirus/COVID-19 Media Frenzy
https://www.fortinet.com/blog/threat-research/attackers-taking-advantage-of-the-coronavirus-covid-19-media-frenzy.html
制御システムセキュリティカンファレンス 2020開催レポート~前編~
https://blogs.jpcert.or.jp/ja/2020/03/ics-conference2020-1.html
制御システムセキュリティカンファレンス 2020開催レポート~後編~
https://blogs.jpcert.or.jp/ja/2020/03/ics-conference2020-2.html
F.商業
趨勢科技年度資安總評:去年攔截超過6100萬次勒索病毒攻擊
http://bit.ly/2I7plEI
區塊科技公司聯手數位鑑識國際權威 發表電子郵件防詐
https://ctee.com.tw/industrynews/technology/227045.html
電子郵件詐騙(BEC)猖獗 台區塊鏈新創出招抓鬼
https://ec.ltn.com.tw/article/breakingnews/3084170
電子郵件防詐方案 在台公開
https://www.chinatimes.com/newspapers/20200303000456-260210?chdtv
協助企業掌握網路攻擊源頭,查找潛在隱匿的資安威脅(如惡意程式、勒索病毒),完善資安防護之佈局
https://www.bnext.com.tw/article/56740/greycortex-mendel-nod32-protection
中華資安國際勇奪108度行政院資安服務廠商評鑑最高等級五項A級
https://times.hinet.net/news/22810595
華邦電子與Secure-IC結盟攜手強化嵌入式網路安全
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000579807_PSX7WGB81IA1NR693TK97
是德推全新安全作業平台 預防資安漏洞
https://www.chinatimes.com/realtimenews/20200304005399-260410?ctrack=mo_main_rtime_p04&chdtv
Akamai被獨立研究機構認定為網絡應用程式防火牆(WAF)領導者
https://times.hinet.net/news/22813196
零壹布局解決方案 子公司朔宇成Radware台灣授權代理商
https://udn.com/news/story/7240/4390879
關貿去年EPS、股利創高;今年續拓加值服務
http://bit.ly/331srnu
G.政府
科技預算 金管會要搶食
https://udn.com/news/story/7239/4381680?from=udn-catebreaknews_ch2
國防產業保護機密 業界︰資安更重要
https://m.ltn.com.tw/news/politics/paper/1356040
【健保署長李伯璋專訪】強化健保資料庫安全性 破解須面對32位元金鑰與多重人員驗證
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=70&id=0000579961_dy18ppg57qmy690dxs6v0
NCC:透過政策工具補貼 5G初期資費可望與4G開台相當
https://news.cnyes.com/news/id/4448478
數位身分證將在 10 月上路!3 個亮點:融合健保卡、駕照,讓你「一卡打天下」
https://buzzorange.com/techorange/2020/03/05/digital-identification-card/
107年至108年資訊安全能量登錄通過名單
https://www.acw.org.tw/News/Detail.aspx?id=119
NCC召集社群平台開會 嚴防惡意二改假新聞成防疫漏洞
http://bit.ly/32WbH0Y
金管會公布金融機構主要檢查缺失
http://bit.ly/2wArGW4
金管會公告金融機構最近五年度主要檢查缺失
https://www.feb.gov.tw/ch/home.jsp?id=300&parentpath=0,5,297
H.工控系統/SCADA/ICS
Leverage ATT&CK for ICS to Secure Industrial Control Systems
https://securityintelligence.com/posts/leverage-attck-for-ics-to-secure-industrial-control-systems/
工業乙太網路的崛起與趨勢
http://bit.ly/38rvjLy
JVNVU#91000130 オムロン製 PLC CJ シリーズにおけるサービス運用妨害 (DoS) の脆弱性
https://jvn.jp/vu/JVNVU91000130/
I.教育訓練
發生資安事件怎麼辦? 一定要學會的危機處理技巧
https://ithome.com.tw/pr/136077
資策會2020/4/11開辦「CompTIA Security+ 國際網路資安認證班」
https://times.hinet.net/news/22812544
滲透測試&漏洞掃描那些事-技術面試居然被一個簡單的問題刷下來了
https://www.ponews.net/tech/suw3x1ykst.html
漏洞掃描那些事
https://zhuanlan.zhihu.com/p/28700680
Pwn In Kernel(一):基礎知識
https://www.freebuf.com/articles/system/227357.html
ChaMd5安全團隊CTFHUB上線了
https://www.freebuf.com/news/228779.html
CTFHUB
https://www.ctfhub.com/#/index
CobaltStrike基礎到進階
https://www.freebuf.com/open/227850.html
Offense and Defense – A Tale of Two Sides: PowerShell
https://www.fortinet.com/blog/threat-research/offense-and-defense-a-tale-of-two-sides-powershell.html
Cyber Kill Chain (CKK) – APT Interception Methodologies and Advanced Malware Mitigation
https://heimdalsecurity.com/blog/cyber-kill-chain/
Windows Exploit Development – Part 1: The Basics
http://www.securitysift.com/windows-exploit-development-part-1-basics/
Windows Exploit Development – Part 2: Intro to Stack Based Overflows
http://www.securitysift.com/windows-exploit-development-part-2-intro-stack-overflow/
Windows Exploit Development – Part 3: Changing Offsets and Rebased Modules
http://www.securitysift.com/windows-exploit-development-part-3-changing-offsets-and-rebased-modules/
Windows Exploit Development – Part 4: Locating Shellcode With Jumps
http://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/
Windows Exploit Development – Part 5: Locating Shellcode With Egghunting
http://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting/
Windows Exploit Development – Part 6: SEH Exploits
http://www.securitysift.com/windows-exploit-development-part-6-seh-exploits/
Windows Exploit Development – Part 7: Unicode Buffer Overflows
http://www.securitysift.com/windows-exploit-development-part-7-unicode-buffer-overflows/
Windows Debugging & Exploiting Part 1 - Environment Setup
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/windows-debugging-exploiting-part-1-environment-setup/
Windows Debugging & Exploiting Part 2 - WinDBG 101
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/windows-debugging-exploiting-part-2-windbg-101/
Windows Debugging & Exploiting Part 3: WinDBG Time Travel Debugging
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/windows-debugging-exploiting-part-3-windbg-time-travel-debugging/
Windows Debugging and Exploiting Part 4: NTQuerySystemInformation
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/windows-debugging-and-exploiting-part-4-ntquerysysteminformation/#.Xl9Ps8_ayAg.twitter
Phishing with Macros and Powershell
https://www.securitysift.com/phishing-with-macros-and-powershell/
How To Run Maltego – Cyber Intelligence And Forensics Software
https://hackersonlineclub.com/how-to-run-maltego-cyber-intelligence-and-forensics-software/
キーロガーとは?操作履歴を盗むマルウェアの感染原因・検出・対策
https://blogs.mcafee.jp/keystroke-logging-prevention
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
歐洲制定聯網汽車數據私隱和安全規則
https://on.wsj.com/32I2XeM
奔馳網聯車爆19漏洞,攜手360共商汽車安全解決方案
https://www.leiphone.com/news/202003/BoIwGqAr4BKCVHhM.html
IoT Security: How to Search for Vulnerable Connected Devices
https://pentestmag.com/iot-security-how-to-search-for-vulnerable-connected-devices/
6.近期資安活動及研討會
Multi-threaded programming in Python 3/11
https://www.meetup.com/pythonhug/events/268925062/
Android Code Club(Taipei) 3/11
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcfbpb/
GDG Hsinchu #05 - 如何應用ok Google結合物聯網打造智慧生活 3/12
https://www.meetup.com/GDG-Hsinchu/events/268976601/
人工智慧小聚 - 新竹 ◤從 RNN 到 Attention,自然語言處理的前世今生◢ ◤字型生成經驗分享◢ 3/18
https://www.meetup.com/AIA-Hsinchu/events/268649939/
Scala Taiwan #37 3/18
https://www.meetup.com/Scala-Taiwan-Meetup/events/267899692/
韓國國際安全博覽會 3/18
https://www.twcert.org.tw/tw/cp-105-3230-a3bd4-1.html
Taipei.py 2020 三月聚會 (March Monthly Meeting) 3/19
https://www.meetup.com/Taipei-py/events/268681120/
Study Group - Clean Coder 3/19
https://www.meetup.com/Women-Who-Code-Taipei/events/jlmfprybcfbzb/
數據分析與機器學習案例實務(一)以PM2.5為例 3/23
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3888&from_course_list_url=course_index
Taipei 暗号通貨 (Cryptocurrency) Meetup 3/25
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcfbhc/
Thinking Thursday 第七場 3/26
https://www.meetup.com/Thinking-Thursday/events/266911452/
Flutter Taipei 2020 暖開幕 | Warm Up Party 3/27
https://www.meetup.com/Flutter-Taipei/events/269033933/
交通大學駭客書院 - 緩衝區溢位攻擊與預防 3/28
https://hackercollege.nctu.edu.tw/?p=1141
black ASIA 2020 Singapore 3/31 ~ 4/3
https://www.blackhat.com/asia-20/briefings/schedule/
Kaspersky® Security Analyst Summit 4/6 ~ 4/9
https://thesascon.com/
QGIS地理資訊研習班 4/8 ~ 4/9
https://www.accupass.com/event/2002120936323517290110
邊緣計算系統之大數據與深度學習應用 4/10
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3883&from_course_list_url=course_index
第二屆ICANN APAC-TWNIC Engagement Forum 與第34屆TWNIC IP政策資源管理會議 4/16
https://forum.twnic.tw/2020/registration.htm
交通大學駭客書院 -入侵行為發覺與應變指南 4/18
https://hackercollege.nctu.edu.tw/?p=1144
VXCON 2020 - APAC 4/18 ~ 4/19
https://www.vxcon.hk/
2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore 4/21 ~ 4/23
https://www.icscybersecurityconference.com/singapore/
Taipei 暗号通貨 (Cryptocurrency) Meetup 4/22
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcgbdc/
亞太資訊安全論壇暨展覽會 4/22
https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html
交通大學駭客書院 - 基礎網頁安全與滲透測試 4/25
https://hackercollege.nctu.edu.tw/?p=1147
2020 LINE Taiwan Developers Recruitment Day 4/25
https://engineering.linecorp.com/zh-hant/blog/2020-line-taiwan-technical-recruitment-day/
交通大學駭客書院 - 基礎網站安全建構實務 5/16
https://hackercollege.nctu.edu.tw/?p=1151
交通大學駭客書院 - 電子郵件之偽造攻擊與防護措施 5/23
https://hackercollege.nctu.edu.tw/?p=1156
Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/
交通大學駭客書院 - 進階網頁滲透測試 5/30
https://hackercollege.nctu.edu.tw/?p=1159
邊緣計算系統之大數據與深度學習應用 6/5
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index
交通大學駭客書院 - 高階網頁滲透測試 6/13 6/20
https://hackercollege.nctu.edu.tw/?p=1161
交通大學駭客書院 - 企業網域控管-Active Directory攻擊與防禦 6/27
https://hackercollege.nctu.edu.tw/?p=1164
CYBERSEC 2020 臺灣資安大會 8/12
https://cyber.ithome.com.tw/
訂閱:
張貼留言 (Atom)
沒有留言:
張貼留言