資安事件新聞週報 2020/4/6 ~ 2020/4/10
1.重大弱點漏洞/後門/Exploit/Zero Day
Safari漏洞讓惡意網站冒充Zoom、Skype存取iPhone或Mac電腦相機
https://www.ithome.com.tw/news/136767
Palo Alto PAN-OS 多個漏洞
https://security.paloaltonetworks.com/PAN-SA-2020-0002
https://security.paloaltonetworks.com/CVE-2020-1990
https://security.paloaltonetworks.com/CVE-2020-1992
Mozilla緊急修補兩個已被開採的Firefox零時差漏洞
https://www.ithome.com.tw/news/136796
Mozilla Firefox 修復可能遭遠端執行任意程式碼之 0-day 漏洞
https://www.twcert.org.tw/tw/cp-104-3503-c4955-1.html
全球仍有35萬個Exchange伺服器尚未修補CVE-2020-0688漏洞
https://www.ithome.com.tw/news/136800
時間緊迫,公網上存在35萬台Microsoft Exchange 服務器還未修復早在2月披露的漏洞(CVE-2020-0688)
https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/
HP電腦使用8年的技術支援軟體含有多項安全漏洞,即使新版也仍有漏洞未補完
https://www.ithome.com.tw/news/136770
agios XI 多個安全漏洞
https://nosec.org/home/detail/4432.html
Tomcat 爆出高危漏洞
https://segmentfault.com/a/1190000022268969
8000餘未受保護的Redis 伺服器可遭任意訪問
https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-8000-unsecured-redis-instances-found-in-the-cloud/
Zoom Client for Meetings CVE-2020-11469
https://nvd.nist.gov/vuln/detail/CVE-2020-11469
Zoom Rushes Patches for Zero-Day Vulnerabilities
https://www.bankinfosecurity.com/zoom-rushes-patches-for-zero-day-vulnerabilities-a-14049
Apache HTTP Server CVE-2020-1934
https://nvd.nist.gov/vuln/detail/CVE-2020-1934
Apache HTTP Server 2.4 vulnerabilities
https://httpd.apache.org/security/vulnerabilities_24.html
MISP 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11458
Nexus Repository Manager遠程代碼執行漏洞
https://nosec.org/home/detail/4427.html
Nexus Repository CVE-2020-10199
https://nvd.nist.gov/vuln/detail/CVE-2020-10199
CVE-2020-10199 Nexus Repository Manager 3 - Remote Code Execution - 2020-03-31
https://support.sonatype.com/hc/en-us/articles/360044882533
CVE-2020-11444 Nexus Repository Manager 3 - Improper Access Controls - 2020-04-02
https://support.sonatype.com/hc/en-us/articles/360046133553
Nexus Repository Manager(CVE-2020-10199/10204)漏洞分析及回顯利用方法的簡單討論
https://www.cnblogs.com/magic-zero/p/12641068.html
C 語言漏洞最嚴重,PHP 最易受攻擊,程序員該怎麼寫代碼
https://www.chainnews.com/zh-hant/articles/470489068306.htm
US Government Advises Everyone to Upgrade Google Chrome as Soon as Possible
https://bit.ly/2JI5AUW
Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop
https://www.fortinet.com/blog/threat-research/fortinet-security-researcher-discovers-multiple-critical-vulnerabilities-in-adobe-photoshop.html
JVNVU#91401524 Periscope 製 BuySpeed におけるクロスサイトスクリプティングの脆弱性
https://jvn.jp/vu/JVNVU91401524/
JVN#56890693 Joomla! 用プラグイン「AcyMailing」における任意のファイルをアップロードされる脆弱性
https://jvn.jp/jp/JVN56890693/
JVNVU#96870150 B&R Industrial Automation GmbH. が提供する Automation Studio 製品に複数の脆弱性
https://jvn.jp/vu/JVNVU96870150/
JVNVU#93266623 トレンドマイクロ製パスワードマネージャーにおける DLL 読み込みに関する脆弱性
https://jvn.jp/vu/JVNVU93266623/
JVNVU#99911229 トレンドマイクロ株式会社製の複数製品のインストーラにおける DLL 読み込みに関する脆弱性
https://jvn.jp/vu/JVNVU99911229/
JVNVU#94751438 HMS Networks 製 eWON Flexy および eWON Cosy におけるクロスサイトスクリプティングの脆弱性
https://jvn.jp/vu/JVNVU94751438/
Google 修復 Chrome 多個嚴重資安漏洞
https://www.twcert.org.tw/tw/cp-104-3487-99440-1.html
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
糗!安達保險賣資安險 卻反被駭客集團勒索
https://www.phew.tw/article/cont/phewpoint/current/topic/8903/202004078903
富邦金下令 連假去熱門景點者明起居家辦公
https://news.tvbs.com.tw/life/1304301
國泰金緊急清查 6日起1,200人居家辦公
https://ctee.com.tw/news/finance/247477.html
跟進富邦 中信金新光金緊急調查連假旅遊史
https://ctee.com.tw/news/finance/247401.html
因應信用卡詐欺,VISA 強推支付安全藍圖
https://koin.kcg.gov.tw/?p=4056
好爽!銀行局證實 這家銀行本周全員居家上班
https://www.chinatimes.com/realtimenews/20200407005127-260410
請於2020年4月14日前更新行動銀行版本,以獲得更優質服務
https://bit.ly/39Yzf7j
金融業居家辦公有資安漏洞?金管會:需錄影等替代措施
https://money.udn.com/money/story/5613/4479604
金融業「居家辦公」 立委要求金管會防範資安漏洞
https://ec.ltn.com.tw/article/breakingnews/3128754
金管會:證券期貨業啟動居家辦公須達4條件
https://money.udn.com/money/story/5613/4480524
金融業居家辦公 這2種人例外
https://www.chinatimes.com/realtimenews/20200409002239-260410?chdtv
華為推出的 HUAWEI Card 實體信用卡,功能跟外型都和 Apple Card 激似
https://buzzorange.com/techorange/2020/04/10/huawei-launch-credit-card/
Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data
https://thehackernews.com/2020/04/magecart-digital-skimmer.html
MakeFrame: Magecart Group 7’s Latest Skimmer Has Claimed 19 Victim Sites
https://www.riskiq.com/blog/labs/magecart-makeframe/
Magecart Group Hits Small Businesses With Updated Skimmer
https://www.bankinfosecurity.com/magecart-group-hits-small-businesses-updated-skimmer-a-14055
Online Credit Card Skimmers Are Thriving During the Pandemic
https://www.wired.com/story/magecart-credit-card-skimmers-coronavirus-pandemic/
Criminals hack Tupperware website with credit card skimmer
https://blog.malwarebytes.com/hacking-2/2020/03/criminals-hack-tupperware-website-with-credit-card-skimmer/
Travelex Reportedly Paid $2.3M Ransom To Hackers
https://www.pymnts.com/news/security-and-risk/2020/travelex-reportedly-paid-ransom-to-hackers/
3.電子支付/電子票證/行動支付/ pay/新聞及資安
電子支付躲不過疫情 2月交易金額年減逾16%
https://www.cardu.com.tw/news/detail.php?40419
「鈔票銅板」恐成新冠病毒傳染源,行動支付成新寵!快來看哪個平台回饋最多
https://www.storm.mg/lifestyle/2498142
壯大行動支付 LINE Pay攜手一卡通拚內需
https://www.setn.com/News.aspx?NewsID=723323
4.虛擬貨幣/區塊鍊相關新聞及資安
區塊鏈你Try了沒? 開放、資安不必選邊站 區塊鏈打造顧客共享社群
https://times.hinet.net/magazine/cp105/22850999
去中心化交易所 Bisq 爆發駭客攻擊!25 萬美元加密貨幣遭竊
https://blockcast.it/2020/04/09/hacker-exploited-software-flaw-and-stole-more-than-250k-worth-of-cryptocurrency-from-dex-bisq-users/
天王劉德華否認教人投資比特幣!過去還曾有過這3起假借名人名義的加密貨幣騙局
https://bit.ly/2UU9D6X
Bitcoin thieves use malicious QR code readers to steal $45,000 this month
https://hotforsecurity.bitdefender.com/blog/bitcoin-thieves-use-malicious-qr-code-readers-to-steal-45000-this-month-22778.html
Bisq Bitcoin exchange slams on the brakes after exploit of critical security flaw, crypto theft
https://www.zdnet.com/article/bisq-bitcoin-exchange-slams-on-the-breaks-following-exploit-of-critical-security-flaw/#ftag=RSSbaffb68
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
群創傳遭勒索病毒攻擊 生產未受影響
https://money.udn.com/money/story/5612/4478836
傳群創遭病毒勒索,稱不會影響生產
https://technews.tw/2020/04/09/it-is-said-that-innolux-was-blackmailed-by-the-virus-saying-it-will-not-affect-production/
他來了!WannaRen勒索病毒作者主動提供解密密鑰
https://www.huorong.cn/info/1586414080453.html?bsh_bid=5499278856&from=timeline
卡巴斯基:無法清除的xhelper 木馬
https://securelist.com/unkillable-xhelper-and-a-trojan-matryoshka/96487/
APT 攻擊者濫用微軟crypto api 釋放後門程序
https://gbhackers.com/apt-hackers-abusing-microsoft-crypto-api/
Clicker木馬新家族:Haken木馬
https://www.freebuf.com/articles/terminal/230524.html
SideWinder APT 組織4月活動情報
https://twitter.com/timele9527/status/1247325070520750080
Hoaxcalls DDoS 殭屍網絡利用Grandstream 和DrayTek 設備漏洞
https://unit42.paloaltonetworks.com/new-hoaxcalls-ddos-botnet/
Hoaxcalls 僵屍網絡:利用 CVE-2020-8515/5722 漏洞
https://www.chainnews.com/zh-hant/articles/194643303233.htm
難移除的 Android 惡意軟體,透過非官方 App Store 大量擴散
https://www.twcert.org.tw/tw/cp-104-3521-4178a-1.html
APTs and COVID-19: How advanced persistent threats use the coronavirus as a lure
https://blog.malwarebytes.com/threat-analysis/2020/04/apts-and-covid-19-how-advanced-persistent-threats-use-the-coronavirus-as-a-lure/
Ransomware in the Health Sector 2020 – A Perfect Storm of New Targets and Methods
https://www.riskiq.com/blog/external-threat-management/ransomware-in-health-sector-2020/
Breaking the Ice: A Deep Dive Into the IcedID Banking Trojan’s New Major Version Release
https://securityintelligence.com/posts/breaking-the-ice-a-deep-dive-into-the-icedid-banking-trojans-new-major-version-release/
Trickbot: A primer
https://blog.talosintelligence.com/2020/03/trickbot-primer.html
AZORult brings friends to the party
https://blog.talosintelligence.com/2020/04/azorult-brings-friends-to-party.html
CORONAVIRUS AS A DOUBLE-EDGED SWORD FOR CYBERCRIMINALS: DESPERATION OR OPPORTUNITY
https://www.digitalshadows.com/blog-and-research/coronavirus-as-a-double-edged-sword-for-cybercriminals/
CORONAVIRUS TROJAN OVERWRITING THE MBR
https://securitynews.sonicwall.com/xmlpost/coronavirus-trojan-overwriting-the-mbr/
GULOADER: THE RAT DOWNLOADER
https://blog.morphisec.com/guloader-the-rat-downloader
Zoomed In: A Look into a Coinminer Bundled with Zoom Installer
https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/
Obfuscated with a Simple 0x0A
https://isc.sans.edu/forums/diary/Obfuscated+with+a+Simple+0x0A/25982/
TPOT's Cowrie to ISC Logs
https://isc.sans.edu/diary/rss/25976
‘Zombie’ Windows win32k bug reanimated by researcher
https://nakedsecurity.sophos.com/2020/04/03/zombie-windows-win32k-bug-reanimated-by-researcher/
2020-04-02 - VBS-BASED MALWARE INFECTION
https://www.malware-traffic-analysis.net/2020/04/02/index.html
2020-03-31 - MATERIAL FOR AN ISC DIARY (QAKBOT MALSPAM)
https://www.malware-traffic-analysis.net/2020/03/31/index2.html
2020-03-31 - URSNIF (GOZI/IFSB) INFECTION
https://www.malware-traffic-analysis.net/2020/03/31/index.html
Pekraut - German RAT starts gnawing
https://www.gdatasoftware.com/blog/2020/04/35849-pekraut-german-rat-starts-gnawing
A New Look at Old Dragonfly Malware (Goodor)
https://norfolkinfosec.com/a-new-look-at-old-dragonfly-malware-goodor/
An old enemy – Diving into QBot part 1
https://malwareandstuff.com/an-old-enemy-diving-into-qbot-part-1/
PASSWORD STEALER TROJAN – MALWARE ANALYSIS
https://malwr-analysis.com/2020/03/28/password-stealer-trojan-malware-analysis/
Docker servers targeted by new Kinsing malware campaign
https://www.zdnet.com/article/docker-servers-targeted-by-new-kinsing-malware-campaign/
COVID-19 Outbreak Prompts Opportunistic Wave of Malicious Email Campaigns
https://symantec-blogs.broadcom.com/blogs/threat-intelligence/covid-19-outbreak-prompts-opportunistic-wave-malicious-email-campaigns
Malicious Android Apps Exploit Coronavirus Panic
https://symantec-blogs.broadcom.com/blogs/threat-intelligence/android-apps-coronavirus-covid19-malicious
Possible link between Magecart group & Cerberus Banking Trojan C2
https://medium.com/@Bank_Security/possible-link-between-magecart-group-cerberus-banking-trojan-c2-3d41ea8749ee
Loncom packer: from backdoors to Cobalt Strike
https://securelist.com/loncom-packer-from-backdoors-to-cobalt-strike/96465/
Latest Global COVID-19/Coronavirus Spearphishing Campaign Drops Infostealer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html
New Agent Tesla Variant Spreading by Phishing
https://www.fortinet.com/blog/threat-research/new-agent-tesla-variant-spreading-by-phishing.html
DoppelPaymer Ransomware Operators Breached Commercial Development, Inc.
https://medium.com/@cyble/doppelpaymer-ransomware-operators-breached-commercial-development-inc-a43a6840a0e3
2020-04-02 - VBS-BASED MALWARE INFECTION
https://www.malware-traffic-analysis.net/2020/04/02/index.html
Unveiled: How xHelper Android Malware Re-Installs Even After Factory Reset
https://thehackernews.com/2020/04/how-to-remove-xhelper-malware.html
2020-04-07 - PCAP AND MALWARE FOR AN ISC DIARY (ZLOADER)
https://www.malware-traffic-analysis.net/2020/04/07/index.html
Trickbot, Emotet Malware Use Coronavirus News to Evade Detection
https://www.bleepingcomputer.com/news/security/trickbot-emotet-malware-use-coronavirus-news-to-evade-detection/
Phishing and Malware Attacks Against NASA Employees Have Doubled
https://hotforsecurity.bitdefender.com/blog/phishing-and-malware-attacks-against-nasa-employees-have-doubled-22891.html
B.行動安全 / iPhone / Android /穿戴裝置 /App
視訊聊天軟體Houseparty驚傳用戶個資遭駭,但官方表示是同行惡性競爭所致
https://www.ithome.com.tw/news/136763
視訊軟體 Zoom 爆紅!卻狂傳資安漏洞、電腦密碼也有遭竊風險
https://3c.ltn.com.tw/news/39998
【恐怖Zoom】地理課遭駭 39女學生被迫色情視訊
https://tw.appledaily.com/international/20200410/CQPP63OBU35KOLR4X7T7ISMT6E/
會議軟體Zoom涉隱私憂患 首席執行官承諾修補漏洞
https://newtalk.tw/news/view/2020-04-04/386056
爆紅視訊軟體Zoom連傳安全漏洞 創辦人致歉
https://www.rti.org.tw/news/view/id/2058252
Zoom中國研發引憂慮 NASA和SpaceX禁用
https://www.ntdtv.com/b5/2020/04/03/a102815094.html
Zoom一夕爆紅 客服招架不住
https://www.chinatimes.com/realtimenews/20200404002823-260410?ctrack=mo_main_rtime_p02&chdtv
視頻會議軟體Zoom引發安全憂慮 或向中共傳輸信息
https://www.secretchina.com/news/b5/2020/04/04/928592.html
Zoom 送中?非標準加密,可向中國傳送加密訊息、密鑰
https://www.inside.com.tw/article/19409-zoom-calls-routed-china
你的資料恐被「送中」..英國國防部、SpaceX、NASA都下令禁用Zoom
https://www.cmmedia.com.tw/home/articles/20689
Zoom又被抓包?宣稱用256位元的AES加密金鑰,但其實只有128位元
https://www.ithome.com.tw/news/136762
Zoom中國服務器發密鑰 釀安全風險
https://www.ntdtv.com/b5/2020/04/07/a102818078.html
Zoom 資安疑慮外,又被證實連線資料可能被送往中國
http://technews.tw/2020/04/05/zoom-it-is-confirmed-that-the-connection-information-may-be-sent-to-china/
Zoom官方證實將資料「誤傳」給中國!多國政府單位、知名企業都宣布禁用
https://www.storm.mg/lifestyle/2489547
視訊軟體Zoom承認傳輸數據到中國 每天2億場遠距會議爆資安漏洞
https://bit.ly/2Vc64rK
Zoom 資安問題再起!會議安全嗎?會不會被竊聽?發言人回應
https://www.managertoday.com.tw/articles/view/59528
Zoom被爆疑向北京傳輸加密訊息 中國創辦人道歉稱將改進
https://m.ltn.com.tw/news/world/breakingnews/3123301
認將用戶數據傳中國 Zoom稱失誤
https://bit.ly/3bY2Fnr
Zoom資安疑慮 爆加密訊息傳輸中國
https://gnews.org/zh-hant/163656/
Zoom資安再出包?資料「誤傳」往中國伺服器袁征這樣回 學者提醒:要小心
https://cnews.com.tw/137200406a02/
以為刪掉Zoom就沒事?PTT創世神開示:連密碼都改才安全
https://newtalk.tw/news/view/2020-04-09/388713
【武漢肺炎】Zoom涉保安漏洞及數據傳向中國 華裔創辦人:再有差池將完蛋
https://hk.appledaily.com/finance/20200405/MRVNWZPK6Y6MQHELGXDXDJSYFI/
部分數據「送中」被抓包 Zoom執行長:我搞砸了
https://tw.appledaily.com/headline/20200406/3ZRBQ2KZX4QAQUE27FGMVQOZ4I/
Zoom 認部分客戶數據曾分流中國處理 加拿大研究質疑 「擁有中國心的美國公司」
https://bit.ly/3aKV1MS
Zoom被爆加密訊息傳北京 林俊憲:對中國圍堵並非沒道理
https://news.ltn.com.tw/news/politics/breakingnews/3124875
Zoom 資安疑慮外,又被證實連線資料可能
https://www.ptt.cc/bbs/Stock/M.1586134477.A.9B4.html
Zoom漏洞不斷擴大 LinkedIn用戶慘受牽連
https://bit.ly/3aLu9w3
ZOOM掀波瀾 視訊軟體資安漏洞靠自己堵
https://www.chinatimes.com/realtimenews/20200405003038-260410?chdtv
存在資安隱憂 Zoom股東控告公司詐欺
https://news.cnyes.com/news/id/4461559
資安存在隱憂 Zoom遭股東控告證券詐欺
https://tw.appledaily.com/property/20200408/AYCL7FUMPAUGRXG2SGM27K36FA/
Zoom 保安漏洞被集體訴訟 疑誤導投資者違反美證券法
https://unwire.hk/2020/04/09/zoom-investors/tech-secure/
Zoom Was Mining Data and Matching Users with LinkedIn Info
https://hotforsecurity.bitdefender.com/blog/zoom-was-mining-data-and-matching-users-with-linkedin-info-22829.html
Zoom為安全漏洞道歉,承諾即刻凍結新功能的開發,專注安全及隱私的改善
https://ithome.com.tw/news/136742
曝出漏洞、企業禁用、緊急聲明:Zoom一周裡經歷了什麼
https://36kr.com/p/5308771
Zoom爆資安疑慮好可怕?台大電機系教授葉丙成揭真相
https://www.setn.com/News.aspx?NewsID=721197
會議視訊軟體Zoom遭爆資安疑慮 專家建議這樣做
https://bit.ly/34fEDSe
新的網路陰暗角落:認識因疫情興起的視訊攻擊手法,Zoombombing
https://www.inside.com.tw/article/19426-Zoombombing
Zoom為安全漏洞道歉發布“漏洞賞金”計劃
https://www.chinaz.com/2020/0403/1123139.shtml
ZOOM超夯遭爆開後門 科技界、學校掀退用潮
https://www.chinatimes.com/realtimenews/20200403001894-260412?chdtv
Zoom安全漏洞未除 美多間學校機構停用
https://bit.ly/2V6tDSW
課堂屢遭黑客「轟炸」 保安私隱成疑 紐約市教育局籲停用Zoom
https://bit.ly/3dYlngl
別再惡作劇了!密西根州警告:亂入Zoom會議將會被判刑
https://www.ithome.com.tw/news/136764
Zoom遠距會議軟體受惠疫情竄紅 資安專家:小心被監看
https://tw.appledaily.com/property/20200405/FJD6EFBJQTKQFAWYM52ZLU4R4Y/
Zoom爆重大安全漏洞:數万視頻被公開圍觀CEO考慮開源
http://tech.sina.com.cn/csj/2020-04-05/doc-iimxxsth3729974.shtml
曝出漏洞、企業禁用、緊急聲明:因疫情爆紅的Zoom,一週之內如何跌下神壇
https://bit.ly/39PLbYY
Zoom爆資安漏洞疑慮 中華電宣布立即停售
https://tw.appledaily.com/property/20200406/TI5DOVWCCH6T6XCSJMHVYWEE4E/
基於安全考量 紐約學校將停用視訊軟體Zoom
https://money.udn.com/money/story/5599/4469852
Zoom資安問題多,中華電信要求代理商解釋並宣布即日起停售
https://bit.ly/3bXxYhW
遠端會議不是直播 會計師:使用ZOOM要提高警覺
https://udn.com/news/story/7240/4470615
Zoom被指有保安漏洞可追蹤你的行蹤?教你3招避免資料被偷
https://www.18hall.com/zoom-cybersecurity/
Zoom 等著名視訊會議軟體成為眾多駭侵者假冒對象
https://www.twcert.org.tw/tw/cp-104-3486-60968-1.html
小心監看! Check Point 提供 Zoom 安全使用四大招
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/E6426ACB0E9A45DEB701A68BD0A4F245
全球最大雲端會議軟體服務Zoom,被爆出嚴重隱私漏洞
https://news.knowing.asia/news/efb28f64-eba0-4399-9eae-87540db10273
因屢爆資安疑慮,美國紐約下令各學校全面禁用 Zoom 改投 Teams
https://www.inside.com.tw/article/19414-New-York-City-bans-Zoom-in-schools-citing-security-concerns
ZOOM爆資安疑雲股價挫 布局資安ETF防漏洞
https://udn.com/news/story/7239/4474185
New Zoom Hack Lets Hackers Compromise Windows and Its Login Password
https://thehackernews.com/2020/04/zoom-windows-password.html
Zoom’s privacy and security woes in the spotlight
https://www.welivesecurity.com/2020/04/03/zoom-privacy-security-spotlight/
Zoom for macOS Has a Couple of Dangerous Zero-Day Vulnerabilities
https://hotforsecurity.bitdefender.com/blog/zoom-for-macos-has-a-couple-of-dangerous-zero-day-vulnerabilities-22816.html
Prosecutors: 'Zoom-Bombing' Could Lead to Charges
https://www.bankinfosecurity.com/prosecutors-zoom-bombing-could-lead-to-charges-a-14062
Zoom-bombing: FBI warns of rise in teleconference hijacking amid stay-at-home order
https://hotforsecurity.bitdefender.com/blog/zoom-bombing-fbi-warns-of-rise-in-teleconference-hijacking-amid-stay-at-home-order-22803.html
Using Zoom? Here’s how to keep your business and employees safe
https://blog.trendmicro.com/using-zoom-heres-how-to-keep-your-business-and-employees-safe/
Zoom Caught in Cybersecurity Debate — Here's Everything You Need To Know
https://thehackernews.com/2020/04/zoom-cybersecurity-hacking.html
國際產經:Zoom創辦人稱資安漏洞導致特斯拉停用,計劃引入點對點加密技術
https://bit.ly/3e01cia
FBI警告:遠距工作或教學工具可能成為駭客攻擊的新目標
https://www.ithome.com.tw/news/136752
美國各級學校禁用 ZOOM !FBI警告:視訊會議恐遭駭客入侵
https://3c.ltn.com.tw/news/40017
Zoom資安漏洞超大?內行人揭「恐怖真相」:只刪除還不夠
https://bit.ly/2XqGu5j
Zoom宣布90天資安強化計畫,聘請臉書前安全長擔任外部顧問
https://www.ithome.com.tw/news/136860
安全標準不合格!Google 全面禁止員工使用 Zoom
https://3c.ltn.com.tw/news/40051
Zoom爆資安疑慮! 王定宇「3點警告」:調查間諜行為
https://www.setn.com/news.aspx?NewsID=721133
部分被盜取的 Zoom 用戶密碼與 ID 已經在暗網出售
https://technews.tw/2020/04/08/stolen-zoom-id-sale-on-darkweb/
報導:駭客在暗網中公布352個Zoom帳號
https://www.ithome.com.tw/news/136852
Zoom再爆資安疑慮!352 個帳戶遭外洩 個資在暗網「共享」
https://udn.com/news/story/11017/4477119
教育部禁用Zoom 宅神酸:學校教學是有什麼機密
https://bit.ly/3aYTvXq
學校禁用ZOOM惹議 教長:行政院已審慎評估
https://www.cna.com.tw/news/ahel/202004080258.aspx
教部禁用Zoom 高中老師激憤:教學哪來資安問題
https://udn.com/news/story/120960/4474620?from=udn-catebreaknews_ch2
修電腦才有艷門照?杜奕瑾驚曝漏洞:現在裝Zoom就夠了
https://www.setn.com/news.aspx?NewsID=721729
ZOOM爆資案漏洞 國泰投信:拚防疫也要注意防駭
https://www.chinatimes.com/realtimenews/20200407003492-260410?ctrack=mo_main_rtime_p12&chdtv
How i hacked worldwide ZOOM users
https://medium.com/@s3c/how-i-hacked-worldwide-zoom-users-eafdff94077d
使用 Zoom 開視訊會議前,必須確認的資安基本要點
https://blog.trendmicro.com.tw/?p=63877
Zoom備受質疑 在家工作如何顧資安?台積電有祕技
https://bit.ly/2y4yJad
Zoom袁征:強化資安保護 相信台灣會解除禁用令
https://money.udn.com/money/story/5599/4481399
HKCERT 建議10招保障 Zoom 網上會議安全
https://www.hkcert.org/my_url/zh/blog/20040201
第三方收集資訊不再容易!臉書將推新工具讓用戶擴大權限盼減少資安問題
https://bit.ly/39PyiOA
【當我們硬塞在家】還在用 LINE?遠端工作企業通訊軟體挑選指南
https://www.inside.com.tw/article/19384-company-saas-for-wfh
串接資料與手機訊號 跨部門追蹤居家檢疫者足跡
https://money.udn.com/money/story/5613/4468913
Teams誤傳資安漏洞 台灣微軟:已修補完成
https://money.udn.com/money/story/5612/4472228
遠距軟體雙面刃 「4要3不」防資安裸奔
https://udn.com/news/story/120960/4475485
【重磅快評】突然封殺Zoom 試問林全揪科群組還在否
https://udn.com/news/story/11091/4475925
網友求救研發「安全視訊APP」 唐鳳不藏私推薦「這三款」視訊系統
https://www.ettoday.net/news/20200407/1686085.htm
How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera
https://thehackernews.com/2020/04/hacking-iphone-macbook-camera.html
>4,000 Android apps silently access your installed software
https://arstechnica.com/information-technology/2020/03/4000-android-apps-silently-access-your-installed-software/
What to do you if your phone is lost or stolen
https://www.welivesecurity.com/2020/04/06/what-to-do-phone-lost-stolen/
Australian Kids' Smartwatch Maker Hit By Same Bug Again
https://www.bankinfosecurity.com/australian-kids-smartwatch-maker-hit-by-same-bug-again-a-14046
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
應對網路入侵 災難復原分秒必爭
https://unwire.pro/2020/04/04/ibm-dr/columnist/
網友哀嚎!台最大追劇「楓林網」遭查封 老闆是2台大碩士
https://www.setn.com/News.aspx?NewsID=721793
COVID-19 (新型冠狀病毒) 帶來那些新的網路威脅
https://www.computerdiy.com.tw/20200407_covid-19_threaten/
防疫遠距辦公 KPMG示警:當心企業機密網路裸奔
https://money.udn.com/money/story/5612/4470828
全球200大CDN發生BGP劫持,Google、Cloudflare、Line皆被導向俄羅斯
https://www.ithome.com.tw/news/136758
趨勢科技:組態設定錯誤 是雲端環境頭號風險
https://udn.com/news/story/7240/4479385
資安控管應先於遠距辦公
https://talk.ltn.com.tw/article/paper/1364168
曾阻止惡意軟體被稱英雄!網路安全專家自寫程式遭起訴 最終法官這樣判
https://news.sina.com.tw/article/20200403/34749846.html
疑遭駭客連續16小時攻擊?wecare高雄官網暫時閉站
https://6do.news/article/2467442-01
罷韓粉專被駭 Wecare籲勿以身試法
http://www.nexttv.com.tw/NextTV/News/Home/Politics/2020-04-04/148983.html
駭客連攻官網16小時 Wecare高雄急關站保資安
https://newtalk.tw/news/view/2020-04-04/386134
疑遭駭客連續16小時攻擊?wecare高雄官網
https://www.ptt.cc/bbs/Gossiping/M.1585963095.A.B67.html
Evernote及其他共享平台遭網路釣客盯上
https://blog.trendmicro.com.tw/?p=63869
網路罪犯以新冠病毒為主題,對企業發動社交工程攻擊
https://times.hinet.net/news/22853669
疫情期間 網路犯罪成長5倍 攻擊醫院
https://www.ntdtv.com/b5/2020/04/08/a102818951.html
霸氣!玩家喊武漢肺炎遭封10年 台廠捍衛自由與中國恩斷義絕
https://3c.ltn.com.tw/news/40013
趨勢科技發布全球假冒新冠肺炎疫情之網路威脅情勢
https://news.sina.com.tw/article/20200405/34760378.html
美英網安機關警告 政治背景駭客利用疫情滲透網路
https://taronews.tw/2020/04/09/652784/
WhatsApp控以色列駭客集團助20國政府入侵手機 沒想到遭反駁說臉書原本也想買
https://cnews.com.tw/134200407a03/
深信服VPN設備被曝成境外駭客突破口 回應稱極少數用戶受影響
http://big5.china.com.cn/gate/big5/tech.china.com.cn/internet/20200407/364891.shtml
利用內核漏洞 中國默默駭全球linux近十年
https://www.ptt.cc/bbs/Gossiping/M.1586317309.A.9A5.html
中國駭客攻擊 Linux 伺服器,竊取知識產權長達 10 年沒被發現
https://buzzorange.com/techorange/2020/04/09/chinese-hack-linux/
中國駭客駭過臺灣什麼情報
https://www.pttweb.cc/bbs/Gossiping/M.1586062387.A.0D8
神秘APT組織利用IE和Firefox漏洞攻擊中國和日本
https://www.4hou.com/posts/Zm5J
美國2020~2022年反情報戰略
https://www.freebuf.com/articles/network/230126.html
美陸戰隊網路防禦小組 首納編MEU部署巡弋
https://www.ydn.com.tw/News/379195
因應疫情流量暴增需求,美國政府同意Google啟用連結加州與臺灣的海底電纜為期6個月
https://www.ithome.com.tw/news/136856
Hackers exploited IE and Firefox flaws in attacks on entities in China, Japan
https://securityaffairs.co/wordpress/100960/hacking/ie-firefox-flaws.html
IEの脆弱性 (CVE-2020-0674) とFirefoxの脆弱性 (CVE-2019-17026) を悪用する攻撃
https://blogs.jpcert.or.jp/ja/2020/04/ie_firefox_0day.html
Cyber News Rundown: Zoom Targeted by Hackers
https://www.webroot.com/blog/2020/04/06/cyber-news-rundown-zoom-targeted-by-hackers/
Coronavirus-related cyberattacks surge in Brazil
https://www.zdnet.com/article/coronavirus-related-cyberattacks-surge-in-brazil/#ftag=RSSbaffb68
Italian Social Security Website Disrupted
https://www.bankinfosecurity.com/italian-social-security-website-disrupted-a-14054
Italy's social security website hit by hacker attack
https://www.reuters.com/article/us-health-coronavirus-italy-cybercrime/italys-social-security-website-hit-by-hacker-attack-idUSKBN21J5U1
FBI Alleges Russian Man Laundered Cybercriminals' Money
https://www.bankinfosecurity.com/fbi-alleges-russian-man-laundered-cybercriminals-money-a-14041
Top spies are enlisted to 'attack and destroy' foreign cyber criminals preying on vulnerable Australians during the coronavirus pandemic
https://www.dailymail.co.uk/news/article-8194863/Australian-government-enlists-spies-attack-foreign-cyber-criminals-preying-vulnerable-people.html
DOJ urges FCC to revoke China Telecom's license
https://www.zdnet.com/article/doj-urges-fcc-to-revoke-china-telecoms-license/#ftag=RSSbaffb68
March 2020 Cyber Attacks Statistics
https://www.hackmageddon.com/2020/04/08/march-2020-cyber-attacks-statistics/
16-31 March 2020 Cyber Attacks Timeline
https://www.hackmageddon.com/2020/04/07/16-31-march-2020-cyber-attacks-timeline/
資安防護管理人員(網路安全)
https://www.104.com.tw/job/6wvip
不畏疫情 合庫徵才360人
https://ec.ltn.com.tw/article/breakingnews/3124469
合庫招募360人 配合推出徵才短片
https://money.udn.com/money/story/5636/4472281
財團法人大學入學考試中心 求才啟事
https://bit.ly/2xZi2x1
大規模在家工作牽動職場三大改變 資安工程師需求逆勢增
https://news.cnyes.com/news/id/4462005
系統資安工程師
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=356366&HIRE_ID=9636991
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
防疫宅在家 詐騙變多了性交易少了
https://udn.com/news/story/7315/4465529?from=udn-catelistnews_ch2
艦船開假訊號偽冒遼寧艦 國防部快速打擊:「假訊息」
https://udn.com/news/story/10930/4480616
網路出現「165在線反詐騙聯盟」 警方:新騙術
https://www.kmdn.gov.tw/1117/1271/1272/317503/
359件假訊息案7成來自中國 調查局揭攻擊模式
https://bit.ly/2y0knbd
Cisco WebEx 視訊會議用戶,近來遭到詐騙更新訊息攻擊
https://www.twcert.org.tw/tw/cp-104-3526-63a65-1.html
不肖人士利用疫情資訊釣魚 趨勢科技:垃圾郵件佔資安威脅逾6成
https://tw.appledaily.com/property/20200404/FD2JVLIIBL5OM5MVCK3O2IJFWI/
在家工作的惡夢!個資遭辦公軟體分享還被老闆監控
https://newtalk.tw/news/view/2020-04-04/386078
電子追蹤系統資訊全都露 防疫與隱私權的兩難
https://money.udn.com/money/story/5613/4468966
美國參議員對蘋果COVID-19應用的隱私問題提出質疑
https://news.sina.com.tw/article/20200404/34753126.html
防疫串聯個資 法界促訂退場條例
https://www.merit-times.com.tw/NewsPage.aspx?unid=581028
誤信5G傳播病毒謠言 英國基地台被燒毀
https://udn.com/news/story/6809/4468741
開箱灑10萬!小玉買「駭客技術」慘被騙 網傻眼:果然有錢就是任性
https://zodiac.tw/200403
冠狀病毒》疫發不可收拾的網路謠言,如何教孩子分辨
https://blog.trendmicro.com.tw/?p=63775
調查局再查5案假訊息 男竟指「澎湖已淪陷」
https://tw.appledaily.com/local/20200408/K7EL4MXOMQGLDYQ7VHWTPQLIOQ/
義大利電子郵件服務email.it遭駭,60萬用戶資料流落黑市
https://ithome.com.tw/news/136843
小心相關網站釣魚郵件 美英警告有駭客利用疫情滲透網路
https://www.cna.com.tw/news/aopl/202004090045.aspx
數位錢包 App Key Ring 雲端設定錯誤,導致四千四百萬筆用戶個資外洩
https://www.twcert.org.tw/tw/cp-104-3504-f2b14-1.html
Data Breach: A summary of healthcare security incidents in March 2020. Are you a victim of Medical Identity Theft
https://bit.ly/39Q6Q3e
THREAT ACTORS RECYCLING PHISHING KITS IN NEW CORONAVIRUS (COVID-19) CAMPAIGNS
https://blogs.akamai.com/sitr/2020/04/threat-actors-recycling-phishing-kits-in-new-coronavirus-covid-19-campaigns.html
“Instant bank fraud” warning spread on WhatsApp is a hoax
https://nakedsecurity.sophos.com/2020/03/31/instant-bank-fraud-warning-spread-on-whatsapp-is-a-hoax/
Email provider got hacked, data of 600,000 users now sold on the dark web
https://www.zdnet.com/article/email-provider-got-hacked-data-of-600000-users-now-sold-on-the-dark-web/#ftag=RSSbaffb68
Nigerian BEC Scammers Increase Proficiency: Report
https://www.bankinfosecurity.com/nigerian-bec-scammers-increase-proficiency-report-a-14040
Spam and phishing in 2019
https://securelist.com/spam-report-2019/96527/
Scam alert: UK citizens receive fake text messages amid lockdown. If you plan to leave the house, you better pay up
https://hotforsecurity.bitdefender.com/blog/scam-alert-uk-citizens-receive-fake-text-messages-amid-lockdown-if-you-plan-to-leave-the-house-you-better-pay-up-22882.html
Elasticsearch Database with 42 Million Records of Iranian Citizen Found Exposed Online
https://hotforsecurity.bitdefender.com/blog/elasticsearch-database-with-42-million-records-of-iranian-citizen-found-exposed-online-22852.html
Data Leak: Private information of 14 million Key Ring users exposed
https://hotforsecurity.bitdefender.com/blog/data-leak-private-information-of-14-million-key-ring-users-exposed-22842.html
E.研究報告
已知現存中文 BBS 站台
https://hackmd.io/C8BLsIHbTUiVgdPHvmlZ_A
線上程式開發平台的資安風險
https://blog.trendmicro.com.tw/?p=63661
Donot team 組織(APT-C-35)移動端攻擊活動分析
https://s.tencent.com/research/report/951.html
高清還原進攻分析-被微軟發布又秒刪的遠程預執行代碼漏洞CVE-2020-0796
https://www.aqniu.com/vendor/66443.html
漏洞掃描工具-- Skipfish
https://zhuanlan.zhihu.com/p/123363993
Fuzzowski:一款功能強大的網絡協議模糊測試工具
https://www.freebuf.com/sectool/227869.html
PrivescCheck:一款針對Windows系統的提權枚舉腳本
https://www.freebuf.com/articles/system/229405.html
利用COVID-19發起的網絡攻擊分析
https://www.freebuf.com/articles/network/230475.html
網路犯罪天堂Deer.io之死
https://www.freebuf.com/news/232163.html
Wazuh:如何對離散數據進行關聯重組
https://www.freebuf.com/sectool/230505.html
挖洞經驗分享:關於IDOR的幾個奇怪案例分析
https://www.freebuf.com/vuls/228918.html
Android Cerberus惡意樣本分析
https://www.freebuf.com/articles/terminal/230628.html
JMX遠程代碼漏洞研究
https://www.freebuf.com/vuls/231132.html
Syborg:一款帶有斷路躲避系統的DNS子域名遞歸枚舉工具
https://www.freebuf.com/sectool/227851.html
CVE-2020-8794:OpenSMTPD默認安裝中的LPE和RCE漏洞分析
https://www.freebuf.com/vuls/228704.html
技術討論| 如何編寫一段內存蠕蟲
https://www.freebuf.com/articles/web/229597.html
Web安全漏洞系列:XSS(跨站腳本攻擊)
https://www.freebuf.com/video/232923.html
WAF機制及繞過方法總結:注入篇
https://www.freebuf.com/articles/web/229982.html
一種工控蜜罐識別與反識別技術研究與應用實踐
https://www.freebuf.com/articles/ics-articles/230402.html
2019年網絡安全態勢報告
https://www.freebuf.com/articles/paper/232371.html
Zeek如何提供對加密通信的感知
https://www.freebuf.com/articles/network/229767.html
2020年Pwn2Own中VMware虛擬機逃逸最新UAF漏洞分析(CVE-2020-3947)
https://www.4hou.com/posts/6zkn
QQ二維碼登陸機制分析+雙重SSRF釣魚利用
https://www.freebuf.com/vuls/229694.html
2019 東京PWN2OWN TP-Link Archer A7 exp 開發詳解
https://www.thezdi.com/blog/2020/4/6/exploiting-the-tp-link-archer-c7-at-pwn2own-tokyo
GTFOBins:一個用來繞過本地安全限制的Unix 二進製程序列表
https://gtfobins.github.io/
使用Slack 的TURN 服務器來訪問內部服務(ssrf)
https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/
漏洞管理面面觀
https://www.freebuf.com/vuls/232791.html
大型企業如何部署落地(雲)主機EDR+態勢感知平台
https://www.freebuf.com/articles/es/230196.html
繞過sysmon 和windows 事件日誌的通用手法
https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/
“震網”三代和二代漏洞技術分析報告
https://www.anquanke.com/post/id/202705
漏洞分析學習之cve-2010-2553
https://xz.aliyun.com/t/7520
Abnormal Attack Stories: Stimulus Payment Attack
https://abnormalsecurity.com/blog/abnormal-attack-stories-stimulus-payment-attack/
Preparing for the Surge in Attacks Targeting Remote Workers
https://www.fortinet.com/blog/threat-research/preparing-for-the-surge-in-attacks-targeting-remote-workers.html
BurpSuite basic use cases
https://www.peerlyst.com/posts/burpsuite-basic-use-cases-ben-johnson-cissp-gmob-gwapt
More Than 8,000 Unsecured Redis Instances Found in the Cloud
https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-8000-unsecured-redis-instances-found-in-the-cloud/
How Relevance Scoring Can Make Your Threat Intelligence More Actionable
https://securityintelligence.com/posts/how-relevance-scoring-can-make-your-threat-intelligence-more-actionable/
automation-script
https://github.com/resotto/automation-script
How to Setup Wazuh Open Source SIEM Virtual Machine
https://thelinuxos.com/how-to-setup-wazuh-open-source-siem/
Python String Functions
https://thelinuxos.com/python-string-functions/
Cloud WAF Comparison Using Real-World Attacks
https://medium.com/fraktal/cloud-waf-comparison-using-real-world-attacks-acb21d37805e
Zero-Day Exploitation Increasingly Demonstrates Access to Money, Rather than Skill — Intelligence for Vulnerability Management, Part One
https://bit.ly/39Uu48o
Offense and Defense – A Tale of Two Sides: Bypass UAC
https://www.fortinet.com/blog/threat-research/offense-and-defense-a-tale-of-two-sides-bypass-uac.html
IEの脆弱性 (CVE-2020-0674) とFirefoxの脆弱性 (CVE-2019-17026) を悪用する攻撃
https://blogs.jpcert.or.jp/ja/2020/04/ie_firefox_0day.html
Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation
https://www.fireeye.com/blog/threat-research/2020/04/code-grafting-to-unpack-malware-in-emulation.html
Fingerprint cloning: Myth or reality
https://blog.talosintelligence.com/2020/04/fingerprint-research.html
Introducing RedELK – Part 1: why we need it
https://outflank.nl/blog/2019/02/14/introducing-redelk-part-1-why-we-need-it/
RedELK Part 2 – getting you up and running
https://outflank.nl/blog/2020/02/28/redelk-part-2-getting-you-up-and-running/
RedELK Part 3 – Achieving operational oversight
https://outflank.nl/blog/2020/04/07/redelk-part-3-achieving-operational-oversight/
Hunting for evil: detect macros being executed
https://outflank.nl/blog/2018/01/16/hunting-for-evil-detect-macros-being-executed/
Mark-of-the-Web from a red team’s perspective
https://outflank.nl/blog/2020/03/30/mark-of-the-web-from-a-red-teams-perspective/
Red Team Tactics: Advanced process monitoring techniques in offensive operations
https://outflank.nl/blog/2020/03/11/red-team-tactics-advanced-process-monitoring-techniques-in-offensive-operations/
Red Team Tactics: Active Directory Recon using ADSI and Reflective DLLs
https://outflank.nl/blog/2019/10/20/red-team-tactics-active-directory-recon-using-adsi-and-reflective-dlls/
ARCHITECTING MOBILE BANKING APPS AGAINST ATTACKERS
https://bit.ly/3e4j37A
Securely donate CPU time with Windows Sandbox
https://techcommunity.microsoft.com/t5/windows-kernel-internals/securely-donate-cpu-time-with-windows-sandbox/ba-p/1285749#
Kerberos Tickets on Linux Red Teams
https://www.fireeye.com/blog/threat-research/2020/04/kerberos-tickets-on-linux-red-teams.html
F.商業
Cisco Webex 網上會議平台升級!免費版無時間限制、支援人數倍增
https://bit.ly/2wj0wn4
疫情帶動需求!思科視訊會議軟體Webex用戶創新高
https://bit.ly/2XbbeXP
年初揭 Zoom 保安風險 Check Point 籲企業採取零信任政策
https://unwire.pro/2020/04/04/check-point/security/
Zoom爆資安漏洞遭抵制 Skype強打免登入視訊功能
https://www.chinatimes.com/realtimenews/20200407001928-260412?chdtv
Zoom被揭存在大量保安漏洞!Skype推出全新會議功能搶客源
https://bit.ly/39NSeB9
避免數百萬企業遭駭客劫持的災難,微軟終於買下corp.com網域
https://www.ithome.com.tw/news/136832
資訊戰及網路威脅加劇 資安服務需求CAGR將達21%
https://bit.ly/2VhZQqv
2023年台灣資安服務市場年複合增長率 將達21%
https://money.udn.com/money/story/5607/4474385
勒索病毒攻擊增五倍!微軟戮力強化遠距工作與學習之資安防護網
https://news.sina.com.tw/article/20200409/34813122.html
具指紋和肛門辨識的智慧型馬桶!個人化健康監測不落空
https://bit.ly/34lv5oy
數聯資安推「3S資安訂閱服務」,讓資安輕鬆擁有
http://www.netadmin.com.tw/netadmin/zh-tw/snapshot/09BAC987E99B43EEB17672CA24F942A2
Microsoft announces IPE, a new code integrity feature for Linux
https://www.zdnet.com/article/microsoft-announces-ipe-a-new-code-integrity-feature-for-linux/#ftag=RSSbaffb68
Microsoft to add DANE and DNSSEC support to Exchange Online servers
https://www.zdnet.com/article/microsoft-to-add-dane-and-dnssec-support-to-exchange-online-servers/#ftag=RSSbaffb68
Linux Foundation backs security-oriented seL4 microkernel operating system
https://www.zdnet.com/article/linux-foundation-backs-security-oriented-sel4-microkernel-operating-system/#ftag=RSSbaffb68
支援NFC的Chrome 81來了
https://times.hinet.net/news/22854865
Chrome 81 released with initial support for the Web NFC standard
https://www.zdnet.com/article/chrome-81-released-with-initial-support-for-the-web-nfc-standard/#ftag=RSSbaffb68
Google backs Apple's SMS OTP standard proposal
https://www.zdnet.com/article/google-backs-apples-sms-otp-standard-proposal/#ftag=RSSbaffb68
G.政府
三軍地面部隊連長將人手一台平板 裡頭是什麼名堂
https://udn.com/news/story/10930/4468887
口罩實名制2.0推手 關貿公司12天完成國家級任務
https://udn.com/news/story/120974/4468950
肝12天做口罩實名制2.0 工程師:高壓也很高興
https://m.ltn.com.tw/news/politics/breakingnews/3123725
國軍網戰武器曝光 「弱點掃瞄軟體」主動掃瞄敵伺服器
https://udn.com/news/story/10930/4469093
口罩線上購買推手!eMask戰情室每日監控數量
https://news.tvbs.com.tw/life/1304803
金控防疫不同調 金管會:關注「金融服務不中斷」
https://ec.ltn.com.tw/article/breakingnews/3124850
電子圍籬兼顧監控與隱私 逾10國洽詢技術
https://www.cna.com.tw/news/firstnews/202004080142.aspx
【資安疑慮】國防部坦承曾用Zoom 未傳輸涉密資訊
https://tw.appledaily.com/politics/20200408/CJP7QBUMF3SIZ2BAYNJVES4NFM/
Zoom驚爆中國資安危機 司法院用了3年火速轉軌
https://news.ltn.com.tw/news/society/breakingnews/3128719
有資安疑慮 政院禁用ZOOM遠距視訊軟體
https://www.rti.org.tw/news/view/id/2058663
ZOOM禁用 花蓮教育處加緊教學新視訊軟體
https://udn.com/news/story/7328/4479638
特斯拉、美太空總署都禁用!司法院視訊竟用中資軟體「ZOOM」
https://bit.ly/3dYzm5O
Zoom有資安疑慮 外交部:未使用
https://money.udn.com/money/story/7307/4471887
zoom爆資安爭議 蘇揆:會有應對措施
https://bit.ly/2yAuinW
高市府市政會議 下周改視訊連線
https://udn.com/news/story/7327/4473396
Zoom爆資安疑慮! 中市府:跟進政院採CISCO
https://news.ltn.com.tw/news/politics/breakingnews/3128157
公務機關遠端視訊應優先使用國內產品及共同供應契約品項 避免資安疑慮
https://www.ey.gov.tw/Page/9277F759E41CCD91/9d2f8e8e-c8a6-4e1d-a9fe-68c3edb8ef72
Zoom爆資安疑慮! 陳其邁:公務機關視訊軟體應使用國產品
https://news.ltn.com.tw/news/politics/breakingnews/3125311
國防部曾將ZOOM用於救災
https://udn.com/news/story/10930/4476483?from=udn-catelistnews_ch2
Zoom 存嚴重安全漏洞 台灣國防部、國安局、行政院及教育部全面禁用
https://bit.ly/3c1qFpB
視訊軟體Zoom個資危機升溫 國防部緊急下令全面停用
https://bit.ly/2JOwZ7J
Zoom遭抵制!台、德政府下禁令 又被爆數百名用戶個資被放上暗網販賣
https://cnews.com.tw/137200409a04/
FBI曾示警「有資安疑慮」 教育部竟防疫停課期間推薦用中國視訊軟體Zoom
https://www.eatnews.net/article-2/20200405-1
視訊軟體遭爆資料傳中國 外交部:未使用ZOOM
https://times.hinet.net/news/22851600
Zoom爆資安疑慮 公務部門禁用
https://news.ltn.com.tw/news/politics/paper/1364183
立委點名教育部、司法院,籲公部門禁用 Zoom
https://www.inside.com.tw/article/19430-Judical-Yuan-use-security-concerns-zoom
關於Zoom風波 教育部長潘文忠 再度強調資安重要
https://news.sina.com.tw/article/20200408/34800904.html
ZOOM爆資安疑慮 網友求救唐鳳 竟真釣出本尊回應
https://news.ltn.com.tw/news/politics/breakingnews/3126202
國安等級!小英授權成立「資安站」 調查局第四軍成形
https://news.ltn.com.tw/news/politics/breakingnews/3127548
蔡清祥建議獲採納 調查局成立資安工作站
https://bit.ly/2Vf4zce
調局資安站:2月下旬迄今,陸網民已發動3波疫情假訊息攻擊
https://www.chinatimes.com/realtimenews/20200408005058-260402?chdtv
調查局成立資安工作站 偵辦假訊息、電腦犯罪案件
https://www.rti.org.tw/news/view/id/2058901
調查局成立資安工作站 偵辦假訊息、電腦犯罪案件
https://www.rti.org.tw/news/view/id/2058901
獨家直擊機密防疫系統 10國搶著學都想複製貼上
https://bit.ly/2Vaqb9Q
政院:視訊會議 不使用資安疑慮軟體
https://www.ydn.com.tw/News/379248
政院幕僚愛用Line 公務員以Juiker為主
https://udn.com/news/story/6656/4476132
教育部停用Zoom 學者:典型的資安管理作法
https://udn.com/news/story/6656/4476620
採Teams系統 教育部部務會報改視訊開會
https://m.ltn.com.tw/news/life/breakingnews/3127076
不忍了!江宜樺竟嗆禁用ZOOM「決策顛三倒四」
https://www.setn.com/News.aspx?NewsID=721970
內政部想啟動視訊會議〝但發現軟體都是ZOOM〞
https://udn.com/news/story/6656/4476482?from=udn-catelistnews_ch2
總統府:未採購Zoom等有資安疑慮產品
https://money.udn.com/money/story/7307/4474688
Taiwan instructs government agencies not to use Zoom
https://www.zdnet.com/article/taiwan-instructs-government-agencies-not-to-use-zoom/#ftag=RSSbaffb68
H.工控系統/SCADA/ICS
老舊作業系統為醫療IoT裝置帶來安全威脅
https://www.eettaiwan.com/20200407NT21-The-legacy-OS-brings-security-risk-to-connected-medical-devices/
Advantech WebAccess/NMS 路徑遍歷漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10631
JVNVU#93617857 KUKA 製 KUKA.Sim Pro における通信チャネルで送信中のメッセージの整合性への不適切な強制の脆弱性
https://jvn.jp/vu/JVNVU93617857/
JVNVU#98887141 富士電機製 V-Server Lite におけるバッファオーバーフローの脆弱性
https://jvn.jp/vu/JVNVU98887141/
JVNVU#99126710 Rockwell Automation 製 RSLinx Classic における重要なリソースに対する不適切なパーミッションの割り当ての脆弱性
https://jvn.jp/vu/JVNVU99126710/
JVNVU#95253418 GE Digital 製 CIMPLICITY における不適切な権限管理の脆弱性
https://jvn.jp/vu/JVNVU95253418/
JVNVU#98887141 富士電機製 V-Server Lite におけるバッファオーバーフローの脆弱性
https://jvn.jp/vu/JVNVU98887141/
I.教育訓練
How to become a cyber forensics expert
https://www.peerlyst.com/posts/how-to-become-a-cyber-forensics-expert-abhinav-singh
Binary Exploitation
https://guyinatuxedo.github.io/00-intro/index.html
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
智慧家電不安全?數位安全要注意 FBI警告:駭客攻擊早已發生
https://cnews.com.tw/137200403a02/
Cybersecurity labeling scheme introduced to help users choose safe IoT devices
https://blog.malwarebytes.com/iot/2020/04/cybersecurity-labeling-scheme-introduced-to-help-users-choose-safe-iot-devices/
6.近期資安活動及研討會
ISO/IEC 27001:2013 資訊安全稽核師(主導稽核員)訓練課程 4/11 ~ 4/26
https://www.accupass.com/event/2002140726181428485387
第二屆ICANN APAC-TWNIC Engagement Forum 與第34屆TWNIC IP政策資源管理會議 4/16
https://forum.twnic.tw/2020/registration.htm
資安產業標準輔導暨推廣說明會 4/16
https://www.accupass.com/event/2003310711227678203960
交通大學駭客書院 -入侵行為發覺與應變指南 4/18
https://hackercollege.nctu.edu.tw/?p=1144
2020全方位資訊安全人才培育計畫 4/21 ~ 6/16
http://service.tabf.org.tw/tw/user/409646/
網駭,鑑識工具操作與證據追蹤分析 4/17
https://bit.ly/2UVwP55
2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore 4/21 ~ 4/23
https://www.icscybersecurityconference.com/singapore/
Taipei 暗号通貨 (Cryptocurrency) Meetup 4/22
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcgbdc/
亞太資訊安全論壇暨展覽會 4/22
https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html
交通大學駭客書院 - 基礎網頁安全與滲透測試 4/25
https://hackercollege.nctu.edu.tw/?p=1147
2020 LINE Taiwan Developers Recruitment Day 4/25
https://engineering.linecorp.com/zh-hant/blog/2020-line-taiwan-technical-recruitment-day/
金融數據應用 統計+視覺化 4/26
https://tw.pyladies.com/events/event.html?id=179
交通大學駭客書院 - 基礎網站安全建構實務 5/16
https://hackercollege.nctu.edu.tw/?p=1151
資安社 - Forensic(一) 5/20
https://nsysuisc.kktix.cc/events/2020forensic1
交通大學駭客書院 - 電子郵件之偽造攻擊與防護措施 5/23
https://hackercollege.nctu.edu.tw/?p=1156
Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/
交通大學駭客書院 - 進階網頁滲透測試 5/30
https://hackercollege.nctu.edu.tw/?p=1159
109年智能物聯網與資訊安全碩士學分班 5/30 ~ 8/8
https://www.accupass.com/event/2003160837472127685300
邊緣計算系統之大數據與深度學習應用 6/5
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index
交通大學駭客書院 - 高階網頁滲透測試 6/13 6/20
https://hackercollege.nctu.edu.tw/?p=1161
交通大學駭客書院 - 企業網域控管-Active Directory攻擊與防禦 6/27
https://hackercollege.nctu.edu.tw/?p=1164
CYBERSEC 2020 臺灣資安大會 8/12
https://cyber.ithome.com.tw/
沒有留言:
張貼留言