2020年3月27日 星期五

資安事件新聞週報 2020/3/23 ~ 2020/3/27

資安事件新聞週報 2020/3/23 ~ 2020/3/27
1.重大弱點漏洞/後門/Exploit/Zero Day
PHP 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066
Dr.ID門禁考勤系統,門禁Ver 3.3.2版本 資安訊息說明
http://www.secom.com.tw/news/news_detail.aspx?sn=2020030001&cid=2013060066
HPE Warns of New Bug That Kills SSD Drives After 40,000 Hours
https://www.bleepingcomputer.com/news/security/hpe-warns-of-new-bug-that-kills-ssd-drives-after-40-000-hours/
Cisco Addressed Multiple High-Risk Vulnerabilities In SD-WAN Solution
https://latesthackingnews.com/2020/03/22/cisco-addressed-multiple-high-risk-vulnerabilities-in-sd-wan-solution/
Trend Micro Patched Zero-Day Vulnerabilities Under Active Exploit
https://latesthackingnews.com/2020/03/22/trend-micro-patched-zero-day-vulnerabilities-under-active-exploit/
Critical RCE Bug Affects Millions of OpenWrt-based Network Devices
https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html
Adobe 發布2020年三月資安修補包,共修補九個嚴重漏洞
https://www.twcert.org.tw/tw/cp-104-3440-35f59-1.html
PrivEsc in Lenovo Vantage. Two minutes later
https://www.pentestpartners.com/security-blog/privesc-in-lenovo-vantage-two-minutes-later/
微軟警告:Windows RCE重大漏洞已有攻擊出現,但4月才會修補
https://www.ithome.com.tw/news/136527
微軟 Windows 10 最新 0-day 漏洞已遭駭侵者利用
https://www.twcert.org.tw/tw/cp-104-3447-f0ac1-1.html
Windows用戶面臨安全漏洞攻擊 微軟預計4月14日才能更新補丁
https://kknews.cc/tech/6rmza83.html
趕快更新!微軟連續公布兩項「重大」Windows 10 漏洞
https://3c.ltn.com.tw/news/39906
Microsoft warns of two Windows zero day flaws
https://www.welivesecurity.com/2020/03/24/microsoft-warns-two-windows-zero-day-flaws/
Windows 10 upgrade failed? Use these 5 tools to find the problem and fix it fast
https://www.zdnet.com/article/windows-10-upgrade-failed-use-these-5-tools-to-find-the-problem-and-fix-it-fast/
Microsoft pauses Edge releases amid coronavirus outbreak
https://www.zdnet.com/article/microsoft-pauses-edge-releases-amid-coronavirus-outbreak/
Microsoft warns of Windows zero-day exploited in the wild
https://www.zdnet.com/article/microsoft-warns-of-windows-zero-day-exploited-in-the-wild/
防用戶更新出包,微軟也暫停推出Edge新版
https://www.ithome.com.tw/news/136476
Nagios XI 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10819
聯想電腦預裝軟件Lenovo Vantage的提權漏洞
https://nosec.org/home/detail/4367.html
360安全大腦發現MacOS藍牙漏洞 可實現零點擊無接觸遠程利用
http://tj.people.com.cn/n2/2020/0326/c375799-33906367.html
Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns
https://blog.talosintelligence.com/2020/03/vuln-spotlight-videolabs-microdns.html
Vulnerability Spotlight: Denial-of-service vulnerability in GStreamer
https://blog.talosintelligence.com/2020/03/vuln-spotlight-Gstreamer-DoS-March-2020.html
Vulnerability Spotlight: Intel Raid Web Console 3 denial-of-service bugs
https://blog.talosintelligence.com/2020/03/vulnerability-spotlight-intel-raid-web-march-2020.html
Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop
https://www.fortinet.com/blog/threat-research/fortinet-security-researcher-discovers-multiple-critical-vulnerabilities-in-adobe-photoshop.html
Organizations struggle with patching endpoints against critical vulnerabilities
https://www.helpnetsecurity.com/2020/03/26/patching-endpoints/
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
吸金30億元 國泰網路資安30日掛牌上市
https://money.udn.com/money/story/5607/4436324
開放銀行五大應用 吸睛
https://money.udn.com/money/story/9740/4431370
3券商看盤系統爆災情 投資人怨「下不了單」
https://tw.appledaily.com/property/20200323/LZDKKXLTS6YGL4OQJV3QFNQNU4/
逐筆交易首日 安全接軌
https://times.hinet.net/news/22836820
隨撮隨合!逐筆交易上路 券商傳當機狀況
https://www.ustv.com.tw/UstvMedia/news/103/20200323A099
武漢肺炎紓困 政府號召銀行公會組金融國家隊
https://www.cna.com.tw/news/aipl/202003240155.aspx
產險公會:國泰富邦南山明台已啟動異地辦公
https://www.cna.com.tw/news/afe/202003040320.aspx
Fintech company Finastra hit by ransomware
https://www.zdnet.com/article/fintech-company-finastra-hit-by-ransomware/
Russian payment systems will switch to using domestic cryptographic information security tools by 2031
https://www.ehackingnews.com/2020/03/russian-payment-systems-will-switch-to.html
Singapore consumers will move to digital non-banks for service innovation
https://www.zdnet.com/article/singapore-consumers-will-move-to-digital-non-banks-for-service-innovation/
Tupperware website hacked and infected with payment card skimmer
https://www.zdnet.com/article/tupperware-website-hacked-and-infected-with-payment-card-skimmer/
Criminals hack Tupperware website with credit card skimmer
https://blog.malwarebytes.com/hacking-2/2020/03/criminals-hack-tupperware-website-with-credit-card-skimmer/
3.電子支付/電子票證/行動支付/ pay/新聞及資安
悠遊付全面開放註冊!安卓手機「嗶一聲」可乘車
https://newtalk.tw/news/view/2020-03-23/379468
悠遊付
http://easywallet.easycard.com.tw/
悠遊付今上線 悠遊卡公司發豪語:2年內趕上一卡通
https://udn.com/news/story/7266/4436395
「悠遊付」開放註冊!QR Code 掃碼付款、Android 手機感應搭車,使用教學看這裡
https://technews.tw/2020/03/24/update-your-easy-wallet-app/
一加支付系統OnePlus Pay 來了
https://tech.sina.com.cn/digi/2020-03-24/doc-iimxxsth1391803.shtml
哈薩克斯坦將建立推廣實時支付系統
https://finance.sina.com.cn/roll/2020-03-19/doc-iimxyqwa1508558.shtml
悠遊卡加入電支戰局!悠遊付今開通 首波8銀行支援
https://ec.ltn.com.tw/article/breakingnews/3109489
擴大「OPEN錢包」支付場域,統一集團打造OPEN POINT熟客生態圈
https://www.foodnext.net/news/industry/paper/5357428199
e化繳納服務費 行動支付輕鬆pay
https://www.mof.gov.tw/singlehtml/384fb3077bb349ea973e7fc6f13b6974?cntId=2c264a73633b41e3bc10c168132a2274
無卡新體驗 嗶手機搭車購物更easy
https://news.cts.com.tw/cts/life/202003/202003241994680.html
4.虛擬貨幣/區塊鍊相關新聞及資安
已向臺北地方法院提交刑事自訴提告...三分鐘回顧幣寶整起被駭事件
https://bit.ly/3ae9EYJ
黑天鵝事件(二):如何應對區塊鏈與加密貨幣市場結構崩潰
https://www.blocktempo.com/march-12-the-day-crypto-market-structure-broke-part-2/
中國央行特製長圖宣導:不要被「虛擬貨幣交易平台」騙了。比特幣隨即跌破 6000 美元
https://www.blocktempo.com/china-cryptoexchanges-binance-laundering-fraud-bitcoin/
Cryptocurrency mining PC army joins coronavirus research project
https://www.zdnet.com/article/cryptocurrency-mining-pc-army-joins-coronavirus-research-project/
Baidu Employee Jailed for Using Baidu Servers to Mine Cryptocurrencies
https://cybersecuritynews.com/baidu-employee/
安邦非法控制計算機信息系統二審刑事裁定書
http://wenshu.court.gov.cn/website/wenshu/181107ANFZ0BXSK4/index.html?docId=94ffc9c9a4c4431a9240ab74000c2f13
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
停班停課通知有「詭」 點網址恐中毒
https://news.cts.com.tw/cts/life/202003/202003201994393.html
勒索病毒疫起來賺黑心財!不僅讓手機變磚塊,還威脅公開社群私密影像
https://blog.trendmicro.com.tw/?p=63743
偽裝成武漢病毒相關應用的勒索應用《COVID19 Tracker》現身
https://www.kocpc.com.tw/archives/313382
美國與香港電信業者遭全新僵屍模組的暴力 RDP 連線攻擊
https://www.twcert.org.tw/tw/cp-104-3441-410f1-1.html
駭客利用疫情主題散布惡意程式,接獲不明郵件應保持警覺以免受駭
https://www.twcert.org.tw/tw/cp-104-3443-c911d-1.html
六個新冠病毒常用網路釣魚主旨
https://blog.trendmicro.com.tw/?p=63784#more-63784
小心!Corona防毒軟體其實是隻木馬
https://www.ithome.com.tw/news/136545
Thousands of COVID-19 scam and malware sites are being created on a daily basis
https://www.zdnet.com/article/thousands-of-covid-19-scam-and-malware-sites-are-being-created-on-a-daily-basis/
More than one billion Android devices at risk of malware threats
https://www.which.co.uk/news/2020/03/more-than-one-billion-android-devices-at-risk-of-malware-threats/
Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices
https://thehackernews.com/2020/03/zyxel-mukashi-mirai-iot-botnet.html
New Mirai Variant Targets Zyxel Network-Attached Storage Devices
https://unit42.paloaltonetworks.com/new-mirai-variant-mukashi/
DDoS botnets have abused three zero-days in LILIN video recorders for months
https://www.zdnet.com/article/ddos-botnets-have-abused-three-zero-days-in-lilin-video-recorders-for-months/
Fake Corona Antivirus Software Used to Install Backdoor Malware
https://www.bleepingcomputer.com/news/security/fake-corona-antivirus-software-used-to-install-backdoor-malware/
2020-03-26 - INFORMATION_03_26.DOC PUSHES ZLOADER
https://www.malware-traffic-analysis.net/2020/03/26/index.html
2020-03-25 - QUICK POST: TWO PCAPS WITH GULOADER & NETWIRE RAT INFECTION TRAFFIC
https://www.malware-traffic-analysis.net/2020/03/25/index.html
2020-03-23 - INFO_03_23.DOC PUSHES MALWARE (VALAK, MAYBE?)
https://www.malware-traffic-analysis.net/2020/03/23/index2.html
2020-03-23 - POLISH MALSPAM WITH XLS ATTACHMENT PUSHES URSNIF (GOZI/IFSB/DREAMBOT)
https://www.malware-traffic-analysis.net/2020/03/23/index.html
2020-03-20 - ICEDID FROM INFO_03_20.DOC
https://www.malware-traffic-analysis.net/2020/03/20/index.html
2020-03-19 - ENGLISH MALSPAM PUSHES URSNIF (GOZI/IFSB)
https://www.malware-traffic-analysis.net/2020/03/19/index.html
BEC Campaign Targets HR Departments: Report
https://www.bankinfosecurity.com/bec-campaign-targets-hr-departments-report-a-13997
The Curious Case of the Criminal Curriculum Vitae
https://blog.prevailion.com/
Cerberus trojan flies under the COVID-19 flag
https://blog.avira.com/cerberus-flies-under-covid-19-flag/
Ave Maria RAT – .xls, ADS, and EQNEDT32!
https://clickallthethings.wordpress.com/2020/03/23/avemaria-rat-xls-ads-and-eqnedt32/
New Mirai Variant Exploits NAS Device Vulnerability
https://www.bankinfosecurity.com/new-mirai-variant-exploits-nas-device-vulnerability-a-14004
Evasion Techniques Dissected: A Mirai Case Study
https://intezer.com/blog-evasion-techniques-dissected-mirai-case-study/
AZORult++: Rewriting history
https://securelist.com/azorult-analysis-history/89922/#comment-3026930
New attack on home routers sends users to spoofed sites that push malware
https://arstechnica.com/information-technology/2020/03/new-attack-on-home-routers-sends-users-to-spoofed-sites-that-push-malware/
新銀行木馬“Eventbot”,影響234個金融應用
https://bit.ly/33QOmhE
Watch Out: Android Apps in Google Play Store Capitalizing on Coronavirus Outbreak
https://thehackernews.com/2020/03/coronavirus-covid-apps-android.html
Android Apps and Malware Capitalize on Coronavirus
https://labs.bitdefender.com/2020/03/android-apps-and-malware-capitalize-on-coronavirus/
TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services
https://thehackernews.com/2020/03/trickbot-two-factor-mobile-malware.html
Apple iOS users served mobile malware in Poisoned News campaign
https://www.zdnet.com/article/apple-ios-users-served-mobile-malware-in-operation-poisoned-news-campaign/
Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/
iOS exploit chain deploys LightSpy feature-rich malware
https://securelist.com/ios-exploit-chain-deploys-lightspy-malware/96407/
Operation Poisoned News:Hong Kong Users Targeted with Mobile Malware via Local News Links IOC
https://documents.trendmicro.com/assets/Tech-Brief-Operation-Poisoned-News-Hong-Kong-Users-Targeted-with-Mobile-Malware-via-Local-News-Links.pdf
D-Link and Linksys routers hacked to point users to coronavirus-themed malware
https://www.zdnet.com/article/d-link-and-linksys-routers-hacked-to-point-users-to-coronavirus-themed-malware/#ftag=RSSbaffb68
Malware sfrutta pandemia per chiedere soldi
http://www.ansa.it/sito/notizie/tecnologia/hitech/2020/03/25/malware-sfrutta-pandemia-per-chiedere-soldi_969609e8-9a00-4dc6-bdba-ba8c41271744.html
B.行動安全 / iPhone / Android /穿戴裝置 /App
LINE近午一度當機! 官方:正在釐清狀況中 
https://tw.appledaily.com/gadget/20200323/23YAYIJZ4RXU5GUT4ZLCX2A2CY/
LINE大當機!官方回覆:異常用戶為中華網路
https://tw.appledaily.com/gadget/20200323/23YAYIJZ4RXU5GUT4ZLCX2A2CY/
LINE中華電信用戶傳大當機 官方回應了
https://bit.ly/2JkAwL3
手機SIM卡遭劫 他被駭走百萬元
https://bit.ly/2Uok7tZ
視訊會議軟體 Zoom 曾爆資安危機,會偷偷自動開啟 Mac 用戶鏡頭
https://buzzorange.com/techorange/2020/03/25/zoom-hijack-mac-cameras/
iOS 13曝「個人熱點」連線異常Bug!蘋果官方公佈應變解法
https://3c.ltn.com.tw/news/39876
LINE預告 將終止FB註冊新LINE帳號
https://tw.appledaily.com/gadget/20200326/XFTWWDQ47R6U3QKN5ZSTGAGKHU/
Google Play 56 款應用程式含 Tekya 惡意軟體被下架,但已累計百萬次下載
https://m.eprice.com.tw/smartos/talk/124/5497983/1/
First look: Trackpads on iPadOS 13.4
https://www.zdnet.com/article/first-look-trackpads-on-ipados-13-4
How to prevent your Zoom meetings bein
https://www.zdnet.com/article/how-to-prevent-your-zoom-meetings-being-zoom-bombed-gate-crashed-by-trolls/
How to Keep the Party Crashers from Crashing Your Zoom Event
https://blog.zoom.us/wordpress/2020/03/20/keep-the-party-crashers-from-crashing-your-zoom-event/
This iOS bug could seriously affect your work from home plans
https://www.zdnet.com/article/this-ios-bug-could-seriously-affect-your-work-from-home-plans/
The never ending disappointment of targeted WhatsApp OSINT
https://medium.com/@nocommonsense/the-never-ending-disappointment-of-targeted-whatsapp-osint-4960904ebe29
Dozens of Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme
https://thehackernews.com/2020/03/android-apps-ad-fraud.html
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
TWCERT/CC參與2020 APCERT Cyber Drill演練,展現跨境資安通報與協處能量
https://www.twcert.org.tw/tw/cp-104-3444-f7e09-1.html
空軍學生手機熱點傳資料竟重懲 告贏學校撤2大過免退學
https://udn.com/news/story/10930/4436685?from=udn-catelistnews_ch2
軍校生「開手機熱點連筆電」遭記過退學 法官一句話讓他保住學籍
https://www.ettoday.net/news/20200324/1674949.htm
防疫期間,在家工作應注意的資訊與網路風險
https://www.ithome.com.tw/news/136470
遠距辦公不隨便 資策會:小心駭客三大手法
https://money.udn.com/money/story/5612/4444517
疫情帶動遠距視訊軟體夯 資安防範有3大撇步
https://www.cna.com.tw/news/firstnews/202003260073.aspx
武漢肺炎防疫作戰》實行員工在家工作,公司該注意哪些事,才能超前部署
https://bit.ly/2QHYWSz
在家上班,工作效率竟比辦公室還高!專家破解:掌握這幾個重要環節,必能事半功倍
https://www.storm.mg/lifestyle/2439436
居家辦公人口增 資安專家提9點保護機密資料
https://newtalk.tw/news/view/2020-03-23/379700
台積電非產線員工約3萬人將「在家上班」
https://ec.ltn.com.tw/article/breakingnews/3110275
疫情帶動居家辦公 資安業者提醒9大安全技巧
https://bit.ly/2wubeqR
駭客趁新冠肺炎疫情作亂 400網安高手組聯盟對抗
https://udn.com/news/story/7086/4444915
一名駭客竊取並洩漏了 Xbox Series X 及數款 AMD 顯卡的顯示源碼
https://chinese.engadget.com/chinese-2020-03-26-hacker-steals-source-code-for-xbox-series-x-graphics.html
路透:駭客猛攻世界衛生組織
https://news.cnyes.com/news/id/4456638
頂尖駭客試圖入侵 WHO頻遭網路攻擊
https://money.udn.com/money/story/5602/4440933
小心!駭客假好心真攻擊 武漢肺炎地圖也有假
https://bit.ly/2JdyRqd
Kaggle 發布新冠病毒數據分析挑戰賽,邀請全球工程師破解病毒資訊
https://buzzorange.com/techorange/2020/03/25/coronavirus-data-analysis/
網路空間秩序的加密攻防 (上)
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=8791
失業救濟領起來!澳洲政府網站「塞爆癱瘓」...大批人改現場排隊
https://www.ettoday.net/news/20200324/1674933.htm
美國情報人員使用的部分開源情報(OSINT)工具展示
https://mp.weixin.qq.com/s/xXvjRNGLGtTcRJMFVKEuRA
俄羅斯黑產界"淘寶"運營人被美國抓捕,靠收租進賬千萬美元
https://mp.weixin.qq.com/s/YIwsKwnTOHUx9wZ7VwRBCg
FireEye:無視疫情散布,中國駭客攻擊散布在逾20個國家的Citrix與Zoho漏洞
https://www.ithome.com.tw/news/136573
Hackers Targeted World Health Organization
https://www.bankinfosecurity.com/hackers-targeted-world-health-organization-a-14003
New York asks domain registrars to crack down on sites used for coronavirus scams
https://www.zdnet.com/article/new-york-asks-domain-registrars-to-crack-down-on-sites-used-for-coronavirus-scams/
FCC opens up more spectrum to keep mobile phones working during coronavirus pandemic
https://www.zdnet.com/article/fcc-open-up-more-spectrum-to-keep-mobile-phones-working-during-coronavirus-pandemic/
Hacker selling data of 538 million Weibo users
https://www.zdnet.com/article/hacker-selling-data-of-538-million-weibo-users/
Coronavirus-themed attacks March 15 – March 21, 2020
https://securityaffairs.co/wordpress/100187/cyber-crime/coronavirus-themed-attacks-2.html
Putin’s Secret Intelligence Agency Hacked: Dangerous New ‘Cyber Weapons’ Now Exposed
https://www.forbes.com/sites/zakdoffman/2020/03/21/putins-secret-intelligence-agency-hacked-dangerous-new-cyber-weapons-target-your-devices/
Hackers breach FSB contractor and leak details about IoT hacking project
https://www.zdnet.com/article/hackers-breach-fsb-contractor-and-leak-details-about-iot-hacking-project/#ftag=RSSbaffb68
Hackers Breach The FSB Contractor and leaked a Document of IoT Cyber Weapons Development
https://cybersecuritynews.com/hackers-leaked-a-document-of-iot-cyber-weapons-development/
Boots Advantage card hackers may be behind Tesco Clubcard cyber attack
https://www.mirror.co.uk/news/uk-news/boots-advantage-card-hackers-behind-21648152
A Perfect Way to Start and Strengthen Your Cyber Security Career
https://gbhackers.com/a-perfect-way-to-start-and-strengthen-your-cyber-security-career/
The people of Australia are a DDoS machine that the government cannot handle
https://www.zdnet.com/article/the-people-of-australia-are-a-ddos-machine-that-the-government-cannot-handle/
ISPs to continue blocking graphic violent content in Australia
https://www.zdnet.com/article/isps-to-continue-blocking-graphic-violent-content-in-australia/
400,000 new people have joined Folding@Home's fight against COVID-19
https://www.engadget.com/2020/03/23/folding-at-home-adds-400000-in-coronavirus-fight/
Russia-linked APT28 has been scanning vulnerable email servers in the last year
https://securityaffairs.co/wordpress/100072/apt/apt28-vulnerable-email-servers.html
Europol eradicates criminal gangs flogging fake coronavirus medicine, surgical masks
https://www.zdnet.com/article/europol-takes-down-coronavirus-fake-medicine-surgical-mask-criminal-gangs/
RISE OF FAKE ‘CORONA CURES’ REVEALED IN GLOBAL COUNTERFEIT MEDICINE OPERATION
https://www.europol.europa.eu/newsroom/news/rise-of-fake-%E2%80%98corona-cures%E2%80%99-revealed-in-global-counterfeit-medicine-operation
White House pushes for more telework as first DoD contractor dies because of COVID-19
https://www.zdnet.com/article/white-house-pushes-for-more-telework-as-first-dod-contractor-dies-because-of-covid-19/#ftag=RSSbaffb68
COVID-19 has made network servers hard to find
https://www.zdnet.com/article/covid-19-has-made-network-servers-hard-to-find/
How to Provide Remote Incident Response During the Coronavirus Times
https://thehackernews.com/2020/03/remote-incident-response.html
Dark web hosting provider hacked again -- 7,600 sites down
https://www.zdnet.com/article/dark-web-hosting-provider-hacked-again-7600-sites-down/
Chinese Cyber Espionage Continues Despite COVID-19
https://www.bankinfosecurity.com/chinese-cyber-espionage-continues-despite-covid-19-a-14019
This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html
Newly Discovered APT Group Targets Middle East Firms: Report
https://www.bankinfosecurity.com/newly-discovered-apt-group-targets-middle-east-firms-report-a-14018
Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics
https://www.zdnet.com/article/booz-allen-analyzed-200-russian-hacking-operations-to-better-understand-their-tactics/#ftag=RSSbaffb68
THE LOGIC BEHIND RUSSIAN MILITARY CYBER OPERATIONS
https://www.boozallen.com/c/insight/publication/the-logic-behind-russian-military-cyber-operations.html
香港資訊網絡安全人才炙手可熱
https://bit.ly/3aeXor1
中華電信公司109年第9次從業人員(具工作經驗)遴選簡章 (資安)
https://www.cht.com.tw/home/cht/recruit-and-training/recruit/recruit-information
中華電信公司109年第10次從業人員(具工作經驗)遴選簡章(5 G)
https://www.cht.com.tw/home/cht/recruit-and-training/recruit/recruit-information
[徵才] 財團法人台灣網路資訊中心 徵軟體工程師
https://pttcareer.com/soft_job/M.1584952012.A.0E9.html
【資安所】網駭科技研析中心-5G資安研發工程師
https://www.104.com.tw/job/6v9cz
【資安所】聯網安全發展中心-工控資安工程師
https://www.104.com.tw/job/6vne5
【資安所】創新通訊安全中心-通訊軟體開發工程師
https://www.104.com.tw/job/6k4p5
【資安所】網駭科技研析中心-晶片IC資安研發工程師
https://www.104.com.tw/job/6v9dd
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
謊稱可追回損失「165在線反詐騙聯盟」連續詐騙民眾
https://www.chinatimes.com/realtimenews/20200323004931-260402?chdtv
165在線反詐騙聯盟可「追回被騙資金」?刑事局:新詐騙手法
https://m.ltn.com.tw/news/society/breakingnews/3109572
武漢肺炎疫情發酵,鎖定特定國家的目標式網路釣魚攻擊大舉進攻
https://www.ithome.com.tw/news/136520
【謠言】行政院宣布9縣市因冠狀病毒放假兩星期?惡作劇連結
https://bit.ly/2QAKbAP
智慧助理成隱私漏洞?小心「同音詞」誤觸…個資、病例全外洩
https://cnews.com.tw/137200323a04/
口罩網路訂購「電話詐騙」 民眾不要上當
https://bit.ly/2vGUBaW
口罩2.0遭詐騙老哏利用 警籲防疫別忘反詐騙
https://taronews.tw/2020/03/23/643271/
傳駭客以僅1千美金網上兜售5億筆微博用戶個資
https://www.ithome.com.tw/news/136487
公布境外假訊息特徵 刑事局:留意簡體字、中國用語
https://bit.ly/2UhoSGU
疫情延燒謠言滿天飛 2月假消息數量暴增203%
https://udn.com/news/story/7314/4442838?from=udn-ch1_breaknews-1-cate1-news
【2020/3/23 1:50】ばらまき型脅迫詐欺メールに関する注意喚起
https://www.cc.uec.ac.jp/blogs/news/2020/03/20200323scammail.html
NewsGuard drops its paywall to combat coronavirus misinformation
https://www.zdnet.com/article/newsguard-drops-its-paywall-to-combat-coronavirus-information/
Hackers leak data from medical company set to carry out COVID-19 vaccine trials
https://siliconangle.com/2020/03/22/data-leaked-medical-company-set-carry-covid-19-vaccine-trials/
Social Engineering's Role in Cyber Fraud - And What We Are Doing About It
https://www.bankinfosecurity.com/blogs/social-engineerings-role-in-cyber-fraud-what-we-are-doing-about-it-p-2887
E.研究報告
淺談內容欺騙漏洞
https://www.onebug.org/websafe/98492.html
相似樣本查找引擎研究
https://bit.ly/2Jax9pN
LILIN DVR 在野0-day 漏洞分析报告
https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day/
mysql資料庫漏洞利用及提權方式小結
https://xz.aliyun.com/t/7392
攻擊者利用通達OA漏洞釋放勒索病毒,用戶數據遭到加密
https://www.secpulse.com/archives/125954.html
Windows系統中的圖形設備接口漏洞
https://nosec.org/home/detail/4357.html
學校網課平台的XSS漏洞簡單分析
https://www.52pojie.cn/thread-1136478-1-1.html
xray 新功能使用體驗和Ghostcat 漏洞分析
https://zhuanlan.zhihu.com/p/114477783
漏洞分析學習之某ActiveX控件imageMan.dll棧溢出
https://xz.aliyun.com/t/7395
DLink RCE漏洞CVE-2019-17621分析
https://www.freebuf.com/vuls/228726.html
挖洞經驗| 密碼重置Token可預測性導致的賬號劫持漏洞
https://www.freebuf.com/vuls/227858.html
CSRF漏洞——原理及防禦
https://blog.csdn.net/cldimd/article/details/105007957
SSRF漏洞中使用到的其他協議
https://zhuanlan.zhihu.com/p/115222529
記一次電子表格文件轉換中的漏洞挖掘和利用
https://4hou.win/wordpress/?p=40786
AWS Client VPN with openSUSE leap 15.1 小記
https://sakananote2.blogspot.com/2020/03/aws-client-vpn-with-opensuse-leap-151.html
Mitigate Credential theft with Administrative Tier Model
https://windowssecurity.ca/2020/03/23/mitigate-credential-theft-with-administrative-tier-model/
VMware NSX-T Distributed Firewall can be bypassed by default
https://insinuator.net/2020/03/vmware-nsx-t-distributed-firewall-can-be-bypassed-by-default/
Android Security Resources.
https://github.com/alphaSeclab/android-security//
Blue Team Scripts
https://github.com/maldevel/blue-team
Resource: Exploit Development Tutorials and Guides
https://www.peerlyst.com/posts/resource-exploit-development-tutorials-and-guides-chiheb-chebbi
APT28 has been scanning vulnerable email servers for more than a year
https://www.zdnet.com/article/apt28-has-been-scanning-and-exploiting-vulnerable-email-servers-for-more-than-a-year/
Pawn Storm in 2019 A Year of Scanning and Credential Phishing on High-Profile Targets
https://documents.trendmicro.com/assets/white_papers/wp-pawn-storm-in-2019.pdf
Going Phishing in the African Banking Sector
https://cofense.com/going-phishing-african-banking-sector/
Threat Hunting Detecting Web Shells on Servers
https://thelinuxos.com/threat-hunting-detecting-web-shells-on-servers/
Red Teaming Series: Part 1 : Setting the environment, Running the C2 server on Docker and Bypassing latest security controls
https://br0h4ck3rs.blogspot.com/2020/03/red-teaming-series-part-1-setting_20.html
Penetration testing utility  invoker
https://github.com/ivan-sincek/invoker
Industry Perspectives Remote Work in an Age of COVID-19 — Threat Modeling the Risks
https://www.fireeye.com/blog/executive-perspective/2020/03/remote-work-in-an-age-of-covid-19-threat-modeling-the-risks.html
jeopardize
https://github.com/utkusen/jeopardize
Astra - Automated Security Testing For REST API's
https://www.kitploit.com/2020/03/astra-automated-security-testing-for.html
IT to Red Team: How to Make the Jump
https://www.peerlyst.com/posts/it-to-red-team-how-to-make-the-jump-matt-george
Peerlyst Community eBook: 32 Influential Malware Research Professionals
https://www.peerlyst.com/posts/peerlyst-community-ebook-32-influential-malware-research-professionals-peerlyst
XSHOCK Shellshock Exploit
https://github.com/capture0x/XSHOCK
[POC] Asynchronous reverse shell using the HTTP protocol
https://github.com/onSec-fr/Http-Asynchronous-Reverse-Shell
Authenticode certificates and checks from a KM driver
https://astralvx.com/index.php/2020/03/20/authenticode-certificates-and-checks-from-a-km-driver/
How Offensive Actors Use AppleScript For Attacking macOS
https://www.sentinelone.com/blog/how-offensive-actors-use-applescript-for-attacking-macos/
The car Hackers handbook [en]
https://drive.google.com/file/d/1vpC3OgRWZ4H-jVeAtY1VIGmuHpjXIYMn/edit
Pwn2Own首次遠端駭客競賽結果出爐,MacOS、Windows與Ubuntu三大作業系統全淪陷
https://www.ithome.com.tw/news/136494
PWN2OWN DAY TWO – RESULTS AND MASTER OF PWN
https://www.thezdi.com/blog/2020/3/20/pwn2own-day-two-results-and-master-of-pwn
OSINT: Using Spiderfoot for OSINT Data Gathering
https://www.hackers-arise.com/post/osint-using-spiderfoot-for-osint-data-gathering
Beef Framework tutorial in Kali Linux
https://hackonology.com/blogs/beef-framework-tutorial-in-kali-linux/
Difference Between IDS, IPS, Anti-virus
https://www.studynotesandtheory.com/single-post/Difference-Between-IDS-IPS-Anti-virus
Stories of a CISSP: IPS Locks Out Firewall
https://www.studynotesandtheory.com/single-post/Stories-of-a-CISSP-IPS-Locks-Out-Firewall
TLS-Tester
https://github.com/Tomahawkd/TLS-Tester
Top 10 Dangerous DNS Attacks Types and The Prevention Measures
https://cybersecuritynews.com/dns-attacks/
Winnti uses the rtf exploit 8.t too targeting Vietnam
https://medium.com/@Sebdraven/winnti-uses-the-rtf-exploit-8-t-too-targets-vietnam-13300d432272
Http-Asynchronous-Reverse-Shell
https://github.com/onSec-fr/Http-Asynchronous-Reverse-Shell
Remote Image Upload Leads to RCE (Inject Malicious Code to PHP-GD Image)
https://medium.com/@asdqwedev/remote-image-upload-leads-to-rce-inject-malicious-code-to-php-gd-image-90e1e8b2aada
VB2019 paper: Defeating APT10 compiler-level obfuscations
https://www.virusbulletin.com/blog/2020/03/vb2019-paper-defeating-apt10-compiler-level-obfuscations/
Catalina上で保全してきたUnifiedLogを解析する -Analyze the acquired UnifiedLog on Catalina-
https://padawan-4n6.hatenablog.com/entry/2020/03/15/052607
How to become a cyber forensics expert
https://www.peerlyst.com/posts/how-to-become-a-cyber-forensics-expert-abhinav-singh
Real-time file monitoring on Windows with osquery
https://blog.trailofbits.com/2020/03/16/real-time-file-monitoring-on-windows-with-osquery/
API secret key Leakage leads to disclosure of Employee’s Information
https://medium.com/@spade.com/api-secret-key-leakage-leads-to-disclosure-of-employees-information-5ca4ce17e1ce
Address Resolution Protocol ARP Spoofing- Detection And Prevention
https://hackersonlineclub.com/address-resolution-protocol-arp-spoofing/
Mustang Panda joins the COVID-19 bandwagon
https://malwareandstuff.com/mustang-panda-joins-the-covid19-bandwagon/
Maryam : Open-source Intelligence(OSINT) Framework
https://kalilinuxtutorials.com/maryam/
Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/
Apache Tomcat Vulnerability “Ghostcat” Attracting Threat Actor Attention
https://www.flashpoint-intel.com/blog/ghostcat/
XSS-LOADER - XSS Payload Generator / XSS Scanner / XSS Dork Finder
https://www.kitploit.com/2020/03/xss-loader-xss-payload-generator-xss.html
security_w1k1
https://github.com/euphrat1ca/security_w1k1
I want to learn about exploitation! Where do I start
https://research.checkpoint.com/2020/i-want-to-learn-about-exploitation-where-do-i-start/
Astra : Automated Security Testing For REST API’s
https://kalilinuxtutorials.com/astra/
F.商業
台灣大推智慧物聯無線電 助攻警政醫療系統
https://bit.ly/2Qxq5aC
修改晶片面世 Switch全系列破解
https://bit.ly/2Uo1Uwv
UPAS實踐端點安全管理願景 助企業強化內網安控能力
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=8766
Microsoft Shares Sneak Peek of Upcoming Windows 10 Features
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-sneak-peek-of-upcoming-windows-10-features/
Mozilla將從Firefox 77起逐步移除對FTP的支援
https://www.ithome.com.tw/news/136481
Firefox to burn FTP out of its browser, starting slowly in version 77 due in April
https://www.theregister.co.uk/2020/03/20/firefox_deprecates_ftp/
遠距辦公資安風險增 遠傳為企業備戰
https://market.ltn.com.tw/article/7945
金融業戰疫堅守營運不中斷,永豐銀行率先使用微軟Windows虛擬桌面,為國內首家導入之金融業者
https://www.bnext.com.tw/article/57035/microsoft-taiwan-windows
Juniper rolls out new Mist service for network, location analytics
https://www.zdnet.com/article/juniper-rolls-out-new-mist-service-for-network-location-analytics/#ftag=RSSbaffb68
Riding another wave of success for our multi-layered detection and response approach
https://blog.trendmicro.com/riding-another-wave-of-success-for-our-multi-layered-detection-and-response-approach/
G.政府
新冠肺炎雲林3例確診 異地分區辦公準備妥當
https://times.hinet.net/news/22833830
桃警異地辦公超前部署 確保警政工作運行順暢
https://udn.com/news/story/7320/4436432?from=udn-ch1_breaknews-1-cate2-news
臺東縣府資訊整備超前部署,力求縣政不停擺、教學不中斷
http://n.yam.com/Article/20200323860328
顧立雄今坐鎮機房 掌握新制狀況
https://money.udn.com/money/story/5607/4435511
資安服務機構能量登錄暨資通安全自主產品認定說明會
https://www.moeaidb.gov.tw/ctlr?PRO=indparknews.rwdIndparknewsView&id=19620
資通電軍新納情報機關 馬英漢明首赴立院業務報告
https://news.ltn.com.tw/news/politics/breakingnews/3110314
金管會要求營運不中斷 金融業啟動異地辦公
https://www.cardu.com.tw/news/detail.php?40174
方便遠距上班 Taipei Free 4月起免帳號密碼認證
https://udn.com/news/story/7323/4437872?from=udn-ch1_breaknews-1-cate3-news
部會積極防疫 原能會近期試辦異地辦公
https://money.udn.com/money/story/5612/4440129
台北市政府 4/1 起 Taipei Free 免帳號密碼登入
https://technews.tw/2020/03/25/taipei-free/
H.工控系統/SCADA/ICS
【宜特小學堂】晶片逆向去層:宜特用這招避免 Die 損壞,完整提出電路圖
http://technews.tw/2020/03/26/ist-how-delayer-die/
Monitoring ICS Cyber Operation Tools and Software Exploit Modules To Anticipate Future Threats
https://bit.ly/2JbFuJS
WildPressure targets industrial-related entities in the Middle East
https://securelist.com/wildpressure-targets-industrial-in-the-middle-east/96360/
Kaspersky finds new APT targeting the Middle East's industrial sector
https://www.zdnet.com/article/kaspersky-finds-new-apt-targeting-the-middle-easts-industrial-sector/
I.教育訓練
IPvS 學習手冊
https://www.hwchiu.com/ipvs-1.html
初識HTML和潛在漏洞(web安全入門篇)
https://zhuanlan.zhihu.com/p/115922546
SSRF服務器端請求偽造漏洞基礎
https://zhuanlan.zhihu.com/p/116039804
一次搞懂密碼學中的三兄弟 — Encode、Encrypt 跟 Hash
https://medium.com/starbugs/what-are-encoding-encrypt-and-hashing-4b03d40e7b0c
Import VirtualBox Images to GNS3
https://linuxsecurityblog.com/2019/11/01/import-virtualbox-images-to-gns3/
Shodan Command line A Step-by-Step walkthrough
https://hackingpassion.com/shodan-command-line-a-step-by-step-walkthrough/
Getting Started with Reverse Engineering using Ghidra
https://www.peerlyst.com/posts/getting-started-with-reverse-engineering-using-ghidra-chiheb-chebbi
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
車款Keyless免鑰匙系統漏洞,增加車輛遭竊風險
https://forum.u-car.com.tw/forum/thread/320067/?brand=&sortOrder=time&page=1
2020 年 Unit 42 物聯網威脅報告: 美國 83% 聯網醫療成像設備易受駭客攻擊
https://ek21.com/news/tech/185848/
6.近期資安活動及研討會
交通大學駭客書院 - 緩衝區溢位攻擊與預防 3/28
https://hackercollege.nctu.edu.tw/?p=1141
black ASIA 2020 Singapore 3/31 ~ 4/3
https://www.blackhat.com/asia-20/briefings/schedule/
Kaspersky® Security Analyst Summit  4/6 ~ 4/9
https://thesascon.com/
QGIS地理資訊研習班 4/8 ~ 4/9
https://www.accupass.com/event/2002120936323517290110
邊緣計算系統之大數據與深度學習應用 4/10
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3883&from_course_list_url=course_index
第二屆ICANN APAC-TWNIC Engagement Forum 與第34屆TWNIC IP政策資源管理會議 4/16
https://forum.twnic.tw/2020/registration.htm
交通大學駭客書院 -入侵行為發覺與應變指南 4/18
https://hackercollege.nctu.edu.tw/?p=1144
VXCON 2020 - APAC  4/18 ~ 4/19
https://www.vxcon.hk/
2020全方位資訊安全人才培育計畫 4/21 ~ 6/16
http://service.tabf.org.tw/tw/user/409646/
2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore  4/21 ~ 4/23
https://www.icscybersecurityconference.com/singapore/
Taipei 暗号通貨 (Cryptocurrency) Meetup 4/22
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcgbdc/
亞太資訊安全論壇暨展覽會 4/22
https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html
交通大學駭客書院 - 基礎網頁安全與滲透測試 4/25
https://hackercollege.nctu.edu.tw/?p=1147
2020 LINE Taiwan Developers Recruitment Day  4/25
https://engineering.linecorp.com/zh-hant/blog/2020-line-taiwan-technical-recruitment-day/
交通大學駭客書院 -  基礎網站安全建構實務 5/16
https://hackercollege.nctu.edu.tw/?p=1151
交通大學駭客書院 -  電子郵件之偽造攻擊與防護措施 5/23
https://hackercollege.nctu.edu.tw/?p=1156
Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/
交通大學駭客書院 -  進階網頁滲透測試 5/30
https://hackercollege.nctu.edu.tw/?p=1159
邊緣計算系統之大數據與深度學習應用 6/5
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index
交通大學駭客書院 -  高階網頁滲透測試 6/13 6/20
https://hackercollege.nctu.edu.tw/?p=1161
交通大學駭客書院 -  企業網域控管-Active Directory攻擊與防禦 6/27
https://hackercollege.nctu.edu.tw/?p=1164
CYBERSEC 2020 臺灣資安大會 8/12
https://cyber.ithome.com.tw/

沒有留言:

張貼留言