資安事件新聞週報 2020/6/1 ~ 2020/6/5
1.重大弱點漏洞/後門/Exploit/Zero Day
VMware Security Advisories VMSA-2020-0011
https://www.vmware.com/security/advisories/VMSA-2020-0011.html
VMware雲監測平台被曝嚴重漏洞,可導致黑客接管企業服務器
https://www.secrss.com/articles/19954
Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers
https://thehackernews.com/2020/06/vmware-cloud-director-exploit.html
研究員從主流操作系統上發現26個USB驅動漏洞
https://www.secrss.com/articles/19860
IBM MQ 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4352
Chrome瀏覽器重大資安問題7成都出在記憶體?Google回應這麼說
https://bit.ly/2XfxL5d
MINDSHARE: HARDWARE REVERSING WITH THE TP-LINK TL-WR841N ROUTER
https://www.zerodayinitiative.com/blog/2019/9/2/mindshare-hardware-reversing-with-the-tp-link-tl-wr841n-router
MINDSHARE: HARDWARE REVERSING WITH THE TP-LINK TL-WR841N ROUTER - PART 2
https://www.zerodayinitiative.com/blog/2019/12/2/mindshare-hardware-reversing-with-the-tp-link-tl-wr841n-router-part-2
駭客藉由SaltStack漏洞入侵思科伺服器
https://www.ithome.com.tw/news/137960
Hackers breached six Cisco servers through SaltStack Salt vulnerabilities
https://www.helpnetsecurity.com/2020/05/29/cisco-saltstack-salt/
Hackers Breached 6 Unpatched Cisco Internal Servers
https://www.bankinfosecurity.com/hackers-breached-6-unpatched-cisco-internal-servers-a-14357
Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2020-037)
https://www.tenable.com/plugins/nessus/136804
QNAP Pre-Auth Root RCE Affecting ~312K Devices on the Internet
https://medium.com/bugbountywriteup/qnap-pre-auth-root-rce-affecting-450k-devices-on-the-internet-d55488d28a05
HP releases fix through Windows Update for issue causing BSOD for certain PCs
https://www.neowin.net/news/hp-releases-fix-through-windows-update-for-issue-causing-bsod-for-certain-pcs/
Zero-day in Sign in with Apple
https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/
Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug
https://securityaffairs.co/wordpress/104135/hacking/sign-in-with-apple-flaw.html
Critical 'Sign in with Apple' Bug Could Have Let Attackers Hijack Anyone's Account
https://thehackernews.com/2020/05/sign-in-with-apple-hacking.html
資安專家曝「Sign in with Apple」快速登入藏重大漏洞!蘋果證實並已火速修補
https://3c.ltn.com.tw/news/40561
資安大漏洞!蘋果承認:駭客可從「快速登入」取得用戶資料
https://newtalk.tw/news/view/2020-06-01/414939
iPhone 0-day 越獄漏洞得到修補
https://www.twcert.org.tw/tw/cp-104-3661-1aaec-1.html
The zero-day exploits of Operation WizardOpium
https://securelist.com/the-zero-day-exploits-of-operation-wizardopium/97086/
蘋果建議安裝!最新釋出macOS Catalina 10.15.5補充更新 修復安全漏洞
https://www.ettoday.net/news/20200602/1728012.htm
蘋果突發iOS/iPadOS 13.5.1更新:封堵越獄漏洞
https://www.sohu.com/a/399351186_628601
FortiGuard Labs Discovers Multiple Critical Vulnerabilities in Adobe Illustrator CC 2020
https://www.fortinet.com/blog/threat-research/fortiguard-lab-researcher-discovers-multiple-critical-vulnerabilities-in-adob-illustrator-cc-2020
Vulnerability Spotlight: Memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack
https://blog.talosintelligence.com/2020/05/cve-2020-6096.html
Vulnerability Spotlight: Authentication bypass vulnerability in some Epson projectors
https://blog.talosintelligence.com/2020/05/vuln-spotlight-epson-project-authentication-may-2020.html
Vulnerability Spotlight: VMware Workstation 15 denial-of-service vulnerability
https://blog.talosintelligence.com/2020/06/vulnerability-spotlight-vmware.html
Vulnerability Spotlight: Two vulnerabilities in Zoom could lead to code execution
https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-execution-june-2020.html
SAP ASE資料庫軟體出現任意程式碼執行、資料外洩等漏洞
https://www.ithome.com.tw/news/138069
Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers
https://thehackernews.com/2020/06/newly-patched-sap-ase-flaws-could-let.html
你還沒收到Windows 10 版本2004的五月大更新嗎?微軟表示原因「都是為你好」
https://bit.ly/36HoIx4
Windows Security Alert: Core System File Zero-Days Confirmed Unpatched
https://bit.ly/2TU83RF
Microsoft's Windows 10 May 2020 Update is starting to roll out to mainstream users
https://www.zdnet.com/article/microsofts-windows-10-may-2020-update-is-starting-to-roll-out-to-mainstream-users/#ftag=RSSbaffb68
Microsoft continues its productivity-aide push with the new Cortana app for Windows 10 2004
https://www.zdnet.com/article/microsoft-continues-its-productivity-aide-push-with-the-new-cortana-app-for-windows-10-2004/#ftag=RSSbaffb68
Windows 10 5月フィーチャーアップデートに不具合報告あり、更新なら確認を
https://news.mynavi.jp/article/20200531-1045278/
Windows 10 2004 comes with Wi-Fi 6 and WPA3 support
https://www.bleepingcomputer.com/news/microsoft/windows-10-2004-comes-with-wi-fi-6-and-wpa3-support/
Windows 10 Enterprise May 2020 update includes promised support for MSIX App Attach
https://www.zdnet.com/article/windows-10-enterprise-may-2020-update-includes-promised-support-for-msix-app-attach/#ftag=RSSbaffb68
微軟蠕蟲級高危漏洞SMBv3 攻擊代碼公佈,請盡快修復
https://www.ithome.com/0/490/816.htm
Microsoft Windows - 'SMBGhost' Remote Code Execution
https://www.exploit-db.com/exploits/48537
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
純網銀實習機會來了 將來銀行暑期實習時薪170只限25名
https://money.udn.com/money/story/5613/4596682
報稅系統 「每天都有駭客敲門」
https://money.udn.com/money/story/5648/4604380
報稅系統驚傳每天有駭客敲門 資安概念ETF連日大漲
https://bit.ly/3eHywdq
上網報稅防駭「從不關機的電腦較危險」
https://udn.com/news/story/7243/4604381?from=udn-catelistnews_ch2
玉山銀行公告自2020/08/31(一) 起虛擬帳號業務停止支援TLS 1.0加密通訊協定
https://bit.ly/36TBlVN
三星在支持Gemini的旗舰手机上增加了加密交易
http://finance.eastmoney.com/a/202006011504822815.html
國泰銀導入FIDO資安標準強化行動銀行防護
https://pttcareer.com/bank_service/M.1591089005.A.A98.html
強化金融防駭 金管會推資安行動方案
https://ec.ltn.com.tw/article/paper/1375352
Bank of America Security Incident Affects PPP Applicants
https://bit.ly/2Xf5VGn
3.電子支付/電子票證/行動支付/ pay/新聞及資安
新加坡中央銀行開發跨境支付原型
https://zephyrnet.com/zh-TW/singapores-central-bank-to-develop-prototype-for-cross-border-payments/
網傳假指紋能解鎖行動支付、門鎖? 專家回應了
https://fnc.ebc.net.tw/FncNews/tech/113254
不納ATM轉帳購物/金管會︰電子化支付 衝刺52%目標
https://ec.ltn.com.tw/article/paper/1376930
Data on Indian Mobile Payments App Reportedly Exposed via Open S3 Bucket
https://www.darkreading.com/attacks-breaches/data-on-indian-mobile-payments-app-reportedly-exposed-via-open-s3-bucket/d/d-id/1337968
Report: Indian e-Payments App Exposes Millions of Users in Massive Data Breach
https://www.vpnmentor.com/blog/report-csc-bhim-leak/
4.虛擬貨幣/區塊鍊/數位貨幣/相關新聞及資安
Filecoin 被曝無限增發漏洞,礦工已增發 198 億枚 FIL
https://www.chainnews.com/zh-hant/articles/431395568411.htm
Binance上市印尼盾穩定幣 - Binance IDR(BIDR)
https://binance.zendesk.com/hc/zh-tw/articles/360043895792
證券業發力區塊鏈 機遇和挑戰並存
https://news.sina.com.tw/article/20200601/35332968.html
虛擬貨幣?資安加密?財經主播:區塊鏈不難,四大重點一次告訴你
https://www.storm.mg/article/2679782
PeckShield 資安月報|5月共發生安全事件 23 起,Filecoin 代碼中存在嚴重漏洞
https://www.blocktempo.com/asset-security-report-may/
區塊與網擎合作 推出數位資料存證安全方案
https://money.udn.com/money/story/10860/4608548
卸任後的未竟之志,與「加密立委」來一場深度交流
https://www.abmedia.io/have-an-in-depth-exchange-with-the-crypto-congressman/
中國大陸國家級區塊鏈漏洞子庫(CNVD-BC)正式上線
https://www.bitcoin86.com/live/69215.html
「比特幣核心開發團隊」發布 0.20.0 版更新:刪除核彈級漏洞 Open SLL 加密函式庫
https://www.blocktempo.com/bitcoin-core-just-got-an-upgrade-here-what-in-it/
Hackers hijack one of Coincheck's domains for spear-phishing attacks
https://www.zdnet.com/article/hackers-hijack-one-of-coinchecks-domains-for-spear-phishing-attacks/#ftag=RSSbaffb68
当社利用のドメイン登録サービスにおける不正アクセスについて(第一報)
https://corporate.coincheck.com/2020/06/02/97.html
お名前.com Naviで発生した事象につきまして
https://www.onamae.com/news/domain/20200603_1/
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
貪小便宜損失大!盜版影片易藏惡意程式 微軟警告:被駭客利用挖擴牟利
https://bit.ly/3eAXwD8
近期利用PORT 445加密勒索軟體活動頻繁,請加強系統/應用程式更新與資料備份作業
http://net.nthu.edu.tw/2009/mailing:announcement:20200603_01
Microsoft對新型勒索病毒PonyFinal提出警告,應立即部署防護措施
https://www.twcert.org.tw/tw/cp-104-3650-98bfd-1.html
近期電腦加密勒索軟體猖獗,請提高警覺與加強資料備份作業
http://www.ksvcs.kh.edu.tw/ksvcs/?/article/id-8142/index.html
美國密西根州立大學遭勒索軟體攻擊,駭客要脅不付贖金就要公開該校資料
https://ithome.com.tw/news/138046
攻擊者如何不用安裝軟體就能侵入系統?認識無檔案(Fileless)攻擊運作
https://blog.trendmicro.com.tw/?p=64359
最新Valak惡意程式可竊取Exchange伺服器憑證
https://www.ithome.com.tw/news/137971
駭侵者以肺炎為名,透過魚叉式網路釣魚,散布惡意 Excel 檔
https://www.twcert.org.tw/tw/cp-104-3634-245b1-1.html
TWCERT/CC 近期監控到三種惡意程式的感染趨勢增加,提醒大家注意防範
https://www.twcert.org.tw/tw/cp-104-3657-0c780-1.html
TWCERT近期監控到四種惡意程式的感染趨勢增加,提醒大家注意防範
https://www.twcert.org.tw/tw/cp-15-3656-b34a2-1.html
美國密西根州立大學遭勒索軟體攻擊,駭客要脅不付贖金就要公開該校資料
https://www.ithome.com.tw/news/138046
瑞星截獲針對Linux系統的挖礦病毒最新變種
https://news.sina.com.tw/article/20200605/35377392.html
供應鏈攻擊鎖定GitHub開源軟體專案,讓開發人員上傳程式碼就一併植入後門程式
https://www.ithome.com.tw/news/137953
GitHub warns Java developers of new malware poisoning NetBeans projects
https://www.zdnet.com/article/github-warns-java-developers-of-new-malware-poisoning-netbeans-projects/#ftag=RSSbaffb68
Octopus Scanner Malware: open source supply chain attack via NetBeans projects on GitHub
https://securityaffairs.co/wordpress/103996/malware/github-malware-netbeans-projects.html
Github uncovers malicious ‘Octopus Scanner’ targeting developers
https://nakedsecurity.sophos.com/2020/06/01/github-uncovers-malicious-scanner-targeting-developers/
Microsoft對新型勒索病毒PonyFinal提出警告,應立即部署防護措施
https://www.twcert.org.tw/tw/cp-104-3650-98bfd-1.html
Himera and AbSent-Loader Leverage Covid19 Theme
https://yoroi.company/research/himera-and-absent-loader-leverage-covid19-themes/
Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs
https://thehackernews.com/2020/05/chinese-botnet-malware.html
New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data
https://thehackernews.com/2020/05/gmail-malware-hacker.html
ZLoader banking malware is back, deployed in over 100 campaigns
https://www.bleepingcomputer.com/news/security/zloader-banking-malware-is-back-deployed-in-over-100-campaigns/#.XseGk9vc4BA.twitter
UnluckyWare Ransomware
https://id-ransomware.blogspot.com/2020/05/unluckyware-ransomware.html
Hackers preparing to launch ransomware attacks against hospitals arrested in Romania
https://www.zdnet.com/article/hackers-preparing-to-launch-ransomware-attacks-against-hospitals-arrested-in-romania/
김수키(Kimsuky)조직, 21대 국회의원 선거문서로 사칭한 스모크 스크린 APT 공격 수행
https://blog.alyac.co.kr/2906
Revealed: Advanced Java-Based Ransomware PonyFinal
https://www.infosecurity-magazine.com/news/advanced-javabased-ransomware/
Cyber Security, l’Italia ha un’arma segreta contro phishing e malware
https://www.difesaesicurezza.com/cyber/cyber-security-italia-ha-arma-segreta-contro-phishing-e-malware/amp/
IcedID: When ice burns through bank accounts
https://www.group-ib.com/blog/icedid
Discord client turned into a password stealer by updated malware
https://www.bleepingcomputer.com/news/security/discord-client-turned-into-a-password-stealer-by-updated-malware/
Python-Based Trojan Horse Attack
https://medium.com/bugbountywriteup/python-based-trojan-horse-attack-b35215849cd6
This TrickBot malware is hard to be detected and infects all versions of Windows
https://www.offensive-hackers.com/2020/05/this-trickbot-malware-infects-all-version-of-windows.html
Scammers Using COVID-19/Coronavirus Lure to Target Medical Suppliers
https://www.fortinet.com/blog/threat-research/scammers-using-covid-19-coronavirus-lure-to-target-medical-suppliers
Revamped Valak Malware Targets Exchange Servers
https://www.bankinfosecurity.com/revamped-valak-malware-targets-exchange-servers-a-14355
Top Ransomware Attack Vectors: RDP, Drive-By, Phishing
https://www.bankinfosecurity.com/top-ransomware-attack-vectors-rdp-drive-by-phishing-a-14353
Ransomware Gangs' Ruthlessness Leads to Bigger Profits
https://www.bankinfosecurity.com/ransomware-gangs-ruthlessness-leads-to-bigger-profits-a-14349
Russian Hackers Revamp Malware, Target Governments: Report
https://www.bankinfosecurity.com/russian-hackers-revamp-malware-target-governments-report-a-14343
Hacking group builds new Ketrum malware from recycled backdoors
https://www.bleepingcomputer.com/news/security/hacking-group-builds-new-ketrum-malware-from-recycled-backdoors/
OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-ke3chang.pdf
Beware of mobile banking malware EventBot, warns CERT-In
https://www.therahnuma.com/beware-of-mobile-banking-malware-eventbot-warns-cert-in/
Ransomware Attack Hits One Public Figure After Another
https://www.cpomagazine.com/cyber-security/ransomware-attack-hits-one-public-figure-after-another/
Ransomware attack threatens to release stolen Michigan State University files
https://www.mlive.com/news/jackson/2020/05/ransomware-attack-threatens-to-release-stolen-michigan-state-university-files.html
Hackers in £800K Bitcoin ransom note to Kent PPE firm
https://www.bbc.com/news/uk-england-kent-52880218
How LoveBug changed malware forever
https://www.itproportal.com/features/how-lovebug-changed-malware-forever/
勒索軟體DopplePaymer宣稱成功入侵NASA外包商
https://www.ithome.com.tw/news/138074
Ransomware gang says it breached one of NASA's IT contractors
https://www.zdnet.com/article/ransomware-gang-says-it-breached-one-of-nasas-it-contractors/
HOW TO STAY SAFE FROM WEB-BASED MALWARE
https://blog.eccouncil.org/how-to-stay-safe-from-web-based-malware/
REvil ransomware gang launches auction site to sell stolen data
https://www.zdnet.com/article/revil-ransomware-gang-launches-auction-site-to-sell-stolen-data/#ftag=RSSbaffb68
Mustang Panda Recent Activity: Dll-Sideloading trojans with temporal C2 servers
https://lab52.io/blog/mustang-panda-recent-activity-dll-sideloading-trojans-with-temporal-c2-servers/
김수키(Kimsuky) 그룹, HWP, DOC, EXE 복합적 APT 공격 작전
https://blog.alyac.co.kr/3033
금성121 그룹, 교원 모집 공고문 등으로 변칙적 워터링 홀 공격
https://blog.alyac.co.kr/3038
Cycldek: Bridging the (air) gap
https://securelist.com/cycldek-bridging-the-air-gap/97157/
New USBCulprit Espionage Tool Steals Data From Air-Gapped Computers
https://thehackernews.com/2020/06/air-gap-malware-usbculprit.html
The First Ransomware Attack and the Ripples It Sent Forward In Time
https://www.ehackingnews.com/2020/06/the-first-ransomware-attack-and-ripples.html?utm_source=dlvr.it&utm_medium=twitter
URSNIF/GOZI DELIVERY -- OLD SCHOOL EXCEL MACRO 4.0 UTILIZATION UPTICK AND THE OCR HEURISTICS BYPASS
https://blog.morphisec.com/ursnif/gozi-delivery-old-school-excel-macro-4.0-utilization-uptick-and-the-ocr-heuristics-bypass
Polish malspam pushes ZLoader malware
https://isc.sans.edu/forums/diary/Polish+malspam+pushes+ZLoader+malware/26196/
New LNK attack tied to Higaisa APT discovered
https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/
This new ransomware is targeting Windows and Linux PCs with a 'unique' attack
https://www.zdnet.com/article/this-new-ransomware-is-targeting-windows-and-linux-pcs-with-a-unique-attack/
Banking Malware Attacks Increases in the First Quarter of 2020
http://www.inversk.co.ke/sites/news-team/article/banking-malware-attacks-increases-in-the-first-quarter-of-2020/
Cybercriminals use malware-laced CVs to steal banking credentials
https://www.techradar.com/au/news/cybercriminals-use-malware-laced-cvs-to-steal-banking-credentials
Maze Promotes Other Gang's Stolen Data On Its Darknet Site
https://www.bankinfosecurity.com/maze-promotes-other-gangs-stolen-data-on-its-darknet-site-a-14386
REvil Ransomware Gang Auctioning Off Stolen Data
https://www.bankinfosecurity.com/revil-ransomware-gang-auctioning-off-stolen-data-a-14378
In-depth analysis of the new Team9 malware family
https://research.nccgroup.com/2020/06/02/in-depth-analysis-of-the-new-team9-malware-family/
B.行動安全 / iPhone / Android /穿戴裝置 /App
NCC核准!中華電信拿下國內第一張5G執照
https://www.chinatimes.com/realtimenews/20200603003193-260410?chdtv
國安下的零基資安(三):轉用 Signal 通訊軟件
https://bit.ly/2MfYzMx
拒絕中國監控! 印度「移除中國APP」爆紅2週下載破百萬
https://news.ltn.com.tw/news/world/breakingnews/3183835
微信上的通訊監控 連海外用戶也不放過
https://bit.ly/2ZY4xcU
Android系統遭一桌布拖垮?疑與色域有關
https://bit.ly/3gGsPy0
駭客入侵事件頻傳 Zoom僅針對付費用戶提供加密服務
https://news.ltn.com.tw/news/world/breakingnews/3181875
視訊會議Zoom付費版可望內建E2EE全程加密,但免費版不會有
https://www.ithome.com.tw/news/138067
【Zoom安全疑雲】Zoom向GitHub尋求意見 擬加強視像通話加密技術
https://bit.ly/3cnMEab
Zoom paid accounts reportedly will get strong encryption for calls
https://www.theverge.com/2020/5/30/21275460/zoom-paying-customers-encryption-security
Two Critical Flaws in Zoom Could've Let Attackers Hack Systems via Chat
https://thehackernews.com/2020/06/zoom-video-software-hacking.html
六四31週年線上紀念 Zoom被駭一度失效
https://money.udn.com/money/story/5603/4613768
六四紀念會疑2度遭駭 主辦單位:中共恐懼人民記憶
https://money.udn.com/money/story/5603/4614422
中共所為?全球網上紀念大會兩遭黑客攻擊 王丹:人民記憶使他們恐懼
https://hk.appledaily.com/china/20200605/VJIX2LW7ONM2XMEDVENFPS5MFU/
Telegram使用人數破四億!加密技術帶來的高隱私與高爭議:安全,也危險
https://www.bnext.com.tw/article/57686/telegram-privacy-pros-cons
Facebook 舊文批次刪除終於有解,官方將推出 Manage Activity 幫大家清理黑歷史
https://www.kocpc.com.tw/archives/325817
iOS 13.5越獄工具推出 所有iPhone都能破解
https://ctee.com.tw/news/tech/277559.html
蘋果擬為Safari添「網頁翻譯」功能!iOS 14程式碼洩密
https://www.ettoday.net/news/20200603/1728736.htm
iPadOS系統現漏洞 iPad Pro無限輪迴重新啟動
https://bit.ly/3cr1BIm
New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps
https://thehackernews.com/2020/05/stranhogg-android-vulnerability.html
5G快來了!中華電信董座謝繼茂:最快7月1日開台
https://money.udn.com/money/story/5612/4600128
Telegram has withdrawn its appeal against the ban on issuing Gram tokens
https://www.ehackingnews.com/2020/05/telegram-has-withdrawn-its-appeal.html
StrandHogg is Back and Stronger As a More Sophisticated Vulnerability
https://www.ehackingnews.com/2020/05/strandhogg-is-back-and-stronger-as-more.html
The DHS Prepares for Attacks Fueled by 5G Conspiracy Theories
https://www.wired.com/story/the-dhs-prepares-for-attacks-fueled-by-5g-conspiracy-theories/
Contact-tracing app may become a permanent fixture in major Chinese city
https://www.theregister.com/2020/05/26/hangzhou_permanent_contact_tracing/
Critical Android flaw lets attackers hijack almost any app, steal data
https://www.welivesecurity.com/2020/05/27/critical-android-flaw-lets-attackers-hijack-almost-any-app-steal-data/
Cool iPhone and iPad hack for Zoom users
https://www.zdnet.com/article/cool-iphone-and-ipad-hack-for-zoom-users/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
國安下的零基資安(四):一分鐘改變寫作風格,抹去語言指紋
https://bit.ly/3eEkRn8
任天堂無奈:續航加強版Switch/Lite加密密鑰被攻破
https://bit.ly/2zPMdrO
駭客組織爆:Avicii猝逝「不是自殺」背後有驚人陰謀! 暗黑內幕曝光⋯2015年作品成關鍵
https://star.ettoday.net/news/1728531
趨勢科技最新研究:網路犯罪地下市場缺乏信任
https://www.techbang.com/posts/78781-the-underground-market-for-cybercrime-lacks-trust-according-to-a-new-study-by-trend-micro
國際毒梟告Apple「求償787億」:害我生命受威脅
https://bit.ly/2AiVuZk
封城期間駭客攻擊增加
https://bit.ly/3cvHqcw
社福體系的資安危機
https://vocus.cc/sw-u/5ed1fe17fd89780001e0bcfd
【最白話的資安文】資安消息怎麼讀?威脅、漏洞、風險,意思大不同
https://buzzorange.com/techorange/2020/06/03/cybersecutiry-threat-vulnerabilities-101/
強化資訊保護 台積電成立供應商資訊安全協會
https://tw.appledaily.com/property/20200601/KM5NWOUJVQ3LQUWMNUSGIVGQLI/
台積電資安保護滴水不漏 今年將召開至少9場資安會議
https://money.udn.com/money/story/5612/4604707
台積電攻資安布局 將完成9家供應商評核
https://money.udn.com/money/story/5612/4605206
駭客破壞市警局網站 要「揭露腐敗美國警察」
https://www.chinatimes.com/realtimenews/20200531003142-260408?chdtv
Re: [新聞] 駭客破壞市警局網站 要「揭露腐敗美國警
https://pttweb.tw/s/iOdmm
事發地美警官網遭駭!「匿名者」放話公布警暴、貪污證據
https://bit.ly/3cpiqn3
電腦犯罪財損屢創新高 刑事局:資安防護應視同防疫
https://www.epochtimes.com/b5/20/5/29/n12146454.htm
電腦犯罪逐年攀升 刑事局提6點防駭資安新思維
https://www.pbs.gov.tw/cht/index.php?code=list&flag=detail&ids=46&article_id=40676
除了核武還有頂級駭客 北韓每年發動網路閃擊多國
https://newtalk.tw/news/view/2020-05-31/414767
假港人提庇護「獅子大開口」 遭起底是中國網軍
https://www.setn.com/News.aspx?NewsID=753517
超限戰開打 中國網軍偽裝煽動反港情緒
https://taronews.tw/2020/06/03/661763/
中共超限戰,把一切武器化 TikTok、抖音如何被中共武器化
https://www.epochtimes.com/b5/20/5/31/n12149301.htm
中國大陸《網絡安全審查辦法》今天起正式生效
https://www.freebuf.com/news/topnews/238393.html
重拳出擊涉網黑惡犯罪——浙江深入開展網絡空間滋生漏洞整治專項行動
http://zjnews.zjol.com.cn/zjnews/zjxw/202006/t20200601_12014396.shtml
戰爭不能攻擊平民,以色列面對「網路戰」該怎麼辦
https://www.thenewslens.com/article/135835
美國NSA發警告:俄黑客組織Sandworm滲入MTA Exim已有數月時間
https://www.sohu.com/a/398610104_99956743
美國警方執法過當引發種族歧視爭議,匿名者宣稱竊得警方電子郵件信箱帳密進行報復,但資安專家發現並非屬實
https://www.ithome.com.tw/news/138075
Google:中伊駭客鎖定侵入拜登川普陣營
https://www.cna.com.tw/news/aopl/202006050007.aspx
美國明尼蘇達州政府遭駭侵攻擊
https://www.twcert.org.tw/tw/cp-104-3668-e0ae0-1.html
美國NSA警告 俄軍黑客針對美企發動網攻
https://hk.on.cc/hk/bkn/cnt/amenews/20200530/bkn-20200530010731208-0530_00972_001.html
美國家安全局發布罕見警告 曝俄軍駭客攻擊細節
https://news.ltn.com.tw/news/world/breakingnews/3181880
Researchers Uncover Brazilian Hacktivist's Identity Who Defaced Over 4800 Sites
https://thehackernews.com/2020/05/brazilian-hacker-vandathegod.html
新加坡政府強制關閉政治網站,臉書:假訊息法過於嚴峻,恐扼殺言論自由
https://www.thenewslens.com/article/135888
與美聯演在即 波蘭遭俄國散布假訊息攻擊
https://www.ydn.com.tw/News/384913
Russian hackers attacked Poland due to NATO exercises
https://www.ehackingnews.com/2020/05/russian-hackers-attacked-poland-due-to.html
Pre-authentication, remote root hole in call-center software? Thanks, Cisco. Just what a long weekend needs
https://www.theregister.com/2020/05/25/security_roundup_220520/
Career Choice Tip: Cybercrime is Mostly Boring
https://krebsonsecurity.com/2020/05/career-choice-tip-cybercrime-is-mostly-boring/
NCA launches UK ad campaign to divert kids searching for cybercrime tools
https://www.zdnet.com/article/nca-launches-ad-campaign-to-divert-kids-searching-for-cybercrime-tools/#ftag=RSSbaffb68
Suspected Hacker Faces Money Laundering, Conspiracy Charges
https://www.bankinfosecurity.com/suspected-hacker-faces-money-laundering-conspiracy-charges-a-14359
Another Alleged FIN7 Cybercrime Gang Member Arrested
https://www.bankinfosecurity.com/another-alleged-fin7-cybercrime-gang-member-arrested-a-14345
These Hackers Have Made $100 Million And Could Earn $1 Billion By 2025
https://bit.ly/36M9lmW
INSIDE THE HUNT FOR RUSSIA’S MOST NOTORIOUS HACKER
https://www.wired.com/2017/03/russian-hacker-spy-botnet/
What the NHS Test and Trace scheme could learn from banks about stopping scams
https://www.grahamcluley.com/nhs-test-and-trace-scheme-scam-banks/
Hacker posts database stolen from Dark Net free hosting provider DH
https://nakedsecurity.sophos.com/2020/06/02/hacker-posts-database-stolen-from-dark-net-free-hosting-provider-dh/
Provider Volia reported to the cyber police about the intense cyberattacks on the server
https://www.ehackingnews.com/2020/06/provider-volia-reported-to-cyber-police.html
Large-scale attack tries to steal configuration files from WordPress sites
https://www.zdnet.com/article/large-scale-attack-tries-to-steal-configuration-files-from-wordpress-sites/#ftag=RSSbaffb68
Google says foreign hackers targeted emails of Trump and Biden campaign staffers
https://www.theverge.com/2020/6/4/21280629/google-security-hackers-emails-trump-biden-campaign
Google: Chinese and Iranian hackers targeted Biden and Trump campaign staffers
https://www.zdnet.com/article/google-chinese-and-iranian-hackers-targeted-biden-and-trump-campaign-staffers/#ftag=RSSbaffb68
Chinese internet company launches own satellite
https://www.zdnet.com/article/chinese-internet-company-launches-own-satellite/#ftag=RSSbaffb68
科技廠資安管理員
https://www.104.com.tw/job/5gljg?jobsource=m_jobwiki
中華電信擴大徵才 今年要招募1,800人
https://money.udn.com/money/story/5612/4600085?tef=tab20200529
【稽核室】資訊稽核人員
https://www.104.com.tw/job/5xrfp?jobsource=n104bank2
資安專責人員(總公司)
https://www.104.com.tw/job/6xsst?jobsource=n104bank2
資訊安全工程師
https://www.104.com.tw/job/6rypz?jobsource=n104bank2
資安工程師(POD00)
https://www.104.com.tw/job/6f0d9?jobsource=n104bank2
資訊_資安管理師
https://www.104.com.tw/job/6r1br?jobsource=n104bank2
FF02-網路資安工程師
https://www.104.com.tw/job/4x2i2?jobsource=n104bank2
急徵!資安工程師(應用組-AP人員)
https://www.104.com.tw/job/5ufgi?jobsource=hotjob_chr
資訊管理師
https://www.104.com.tw/job/6xriz?jobsource=n104bank2
資訊安全工程師
https://www.104.com.tw/job/5ghgm?jobsource=n104bank2
P-P大陸資訊主管(江蘇揚州)
https://www.104.com.tw/job/6y0xf?jobsource=n104bank2
MIS單位主管
https://www.104.com.tw/job/6xdov?jobsource=n104bank2
資安資深工程師(總管理處)
https://www.104.com.tw/job/6xzy3?jobsource=n104bank2
資訊安全室_資訊安全專案襄理/副理(專業職)
https://www.104.com.tw/job/6v5qc?jobsource=n104bank2
華碩2020校園徵才5/29起線上開跑
http://www.pcdiy.com.tw/detail/16290
財團法人大學入學考試中心 求才啟事
https://bit.ly/36Sm87t
資安工程師
https://www.104.com.tw/job/6yeas
資安工程師
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=2405821&HIRE_ID=9734165
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
北京首例!一男子利用社交軟件漏洞盜取虛擬幣套現被抓
http://www.bjd.com.cn/a/202006/02/WS5ed5ce0be4b00aba04d1f9d0.html
釣魚網站仿冒 Netflix,蒐集信用卡等個資,並使用定位技術
https://blog.trendmicro.com.tw/?p=64560
全球2020第一季企業行動裝置釣魚攻擊增加37%
https://www.ithome.com.tw/news/138073
以防疫為名的網釣攻擊在臺已有受害案例,刑事局警告網路設備淪為轉發釣魚郵件跳板
https://www.ithome.com.tw/news/138094
駭客以偽造的VPN配置,針對Microsoft Office 365用戶展開網釣攻擊
https://www.ithome.com.tw/news/138079
健保卡領三倍券恐個資外洩? 唐鳳親上火線釋疑
https://bit.ly/2Bp6pkO
金管會提醒民眾注意從事外幣保證金交易應循合法管道避免詐騙風險
https://bit.ly/3gEblT6
實施外匯管制實屬謠傳 金管局:市民應小心核實訊息
https://bit.ly/36NKiQM
帳戶成詐團詐騙工具 一句「已掛失」難逃刑責判2月
https://udn.com/news/story/7321/4603282?from=udn-catebreaknews_ch2
利用臉書求職騙銀行帳號!公司要求「轉帳30萬」 屏東女機警報案
https://www.ettoday.net/news/20200601/1727089.htm
釣魚郵件難辨 地產投資大師遭騙40萬元
https://bit.ly/2TVNCDV
退休金詐騙案已停止 受害人促政府加強保護
https://www.epochtimes.com/b5/20/6/1/n12151553.htm
Facebook 用戶個人私隱網上被兜售 總共 5 億個香港用戶未能倖免
https://bit.ly/36I0kvi
五億 Facebook 用戶個資檔案,遭駭侵者以三萬美元求售
https://www.twcert.org.tw/tw/cp-104-3646-829ec-1.html
駭客集團假防疫真釣魚 攻擊2公司偷帳號、密碼
https://news.ltn.com.tw/news/society/breakingnews/3181361
資安業者揭穿「粉專遭駭」最新詐騙手法!用這五招防止FB帳號被盜
https://3c.ltn.com.tw/news/40592
盜台灣粉專到越南賣!囂張駭客「霸佔多名網紅臉書」…幾小時後PO上網喊價
https://www.ettoday.net/news/20200531/1726558.htm
「在不瘋狂」也被駭 竟被刪除這個人
https://bit.ly/2Mbwm9H
「在不瘋狂就等死」近百萬訂閱 40粉專遇駭
http://www.eracom.com.tw/EraNews/Home/Society/2020-06-01/178495.html
駭客攻擊頻傳!臉書名人粉專無預警被消失
https://www.ustv.com.tw/UstvMedia/news/103/20200529A103
假冒臉書官方訊息,粉絲團頻傳「被消失」,如何預防
https://blog.trendmicro.com.tw/?p=64449
藝人粉絲專頁屢傳被盜 郭彥甫也中招成辣妹生活影片
https://bit.ly/2Xn9R83
盜台灣粉專到越南賣!網紅名人粉絲專頁被盜PO上網拍賣
https://stars.udn.com/star/story/120661/4603073
不明電郵連結 勿任意點擊
https://tw.appledaily.com/headline/20200601/5NEXZ4WSIVLTDAUSZ4J6M2BQXQ/
【駭客風暴】名人臉書粉專陸續遭駭 警:來路不明電郵勿點擊
https://tw.appledaily.com/local/20200531/5BGY6PDVXGIJPOWWH4TZBETFZA/
總統府遭駭後 管碧玲也驚傳臉書帳號被盜!「令人毛骨悚然已報警」
https://tw.appledaily.com/politics/20200529/DAU62WDLQHUT7IOOFZQSPAPNO4/
小禎臉書被駭 多篇文章遭刪除
https://bit.ly/3gvDpbb
駭客仿臉書官方通知 趨勢科技提醒不輕易提供帳號密碼
https://money.udn.com/money/story/5613/4610737
駭客假冒臉書官方訊息詐騙資料 網紅、立委粉專都受害
https://www.nownews.com/news/politics/5016247
瞄準700位名人網紅!駭客假冒臉書官方意圖騙取粉專帳密
https://newtalk.tw/news/view/2020-06-03/416087
700位名人網紅臉書粉絲頁被駭 被舉報千萬別做這個動作
https://tw.appledaily.com/gadget/20200603/VDUSBMGSZYRZOQAAKMRYUL64EI/
民視美女主播臉書被盜 PO文籲「不要理會」
https://tw.news.appledaily.com/local/20200604/GJXHVM4UKLBQJRSUKIY3C4Y24M/
駭客偽冒Facebook官方訊息要求驗證帳戶,收到臉書警告先停看聽
https://www.kocpc.com.tw/archives/325886
掩蓋種族主義貼文謊稱臉書被駭 緬因副市長丟官吃官司
https://bit.ly/2Uc7DpQ
實名制洽公資料 只能留存28天 桃近期公開銷毀
https://udn.com/news/story/7324/4600499?from=udn-catelistnews_ch2
實名填寫訪客資料 防疫期間「個資」流去哪
https://bit.ly/2XtablK
日電信巨頭NTT遭駭 自衛隊資料疑外洩
https://www.ydn.com.tw/News/384874
NTT 新加坡雲端系統遭入侵 多個日本用戶數據外洩
https://unwire.pro/2020/06/01/ntt-warns-its-singapore-cloud-was-hacked/security/
碩士女師網購遇「ATM解除分期付款」老梗 遭詐20萬元
https://m.ltn.com.tw/news/society/breakingnews/3182157
臺灣2千萬筆戶政資料暗網兜售?資安處:非戶政資料,多方舊資料庫整併
https://www.ithome.com.tw/news/137955
美國資安公司爆:台灣超過 2000 萬筆戶政個資,擬似已經洩漏在暗網
https://www.inside.com.tw/article/19937-government-database-20-million-plus-taiwanese-personal-information-leaked-in-darkweb
Cyble指全台2000萬筆個資外洩暗網!小聖蚊:荒謬、可怕到極點
https://newtalk.tw/news/view/2020-05-30/414477
[爆卦] 台灣身分證登錄資料外洩至暗網兜售
https://disp.cc/b/163-cnSC
國外資安網站曝暗網洩個資 疑非公部門舊資料
https://udn.com/news/story/7315/4601737
台灣2000萬筆個資疑遭外洩 政院:內容很舊不是政府流出
https://m.ltn.com.tw/news/politics/breakingnews/3182343
超過2000萬筆!暗網疑外洩台灣民眾個資 刑事局研判:是舊資料
https://www.ettoday.net/news/20200530/1726325.htm
網傳大量個資外洩 政院:資安單位調查中
https://www.ey.gov.tw/Page/9277F759E41CCD91/dfc17936-f4b6-4fac-8bcc-1904fe8c6085
網傳國人個資外洩 政院:資安單位設法辨識真偽中
https://udn.com/news/story/6656/4601884?from=udn-catebreaknews_ch2
政府資安再現漏洞 戶政個資全上網調查局了解中
https://www.chinatimes.com/realtimenews/20200530002640-260402?chdtv
逾2千萬筆個資傳外洩 徐國勇︰不會讓外網連到戶政系統
https://news.ltn.com.tw/news/politics/breakingnews/3182817
台灣個資遭暗網出售? 政院資安處:為吸引買家佯稱我戶政資料
https://tw.appledaily.com/politics/20200531/33NTALPZF73CE4FXD6LZPWIH4A/
臺灣逾2,000萬民眾個資在暗網中流傳
https://www.ithome.com.tw/news/137961
臺灣2千萬筆戶政資料暗網兜售?資安處:非戶政資料,多方舊資料庫整併
https://www.ithome.com.tw/news/137955
【資安危機】駭客、釣魚信件、國人個資暗網出售 立委籲:國安單位建立防護網
https://tw.appledaily.com/politics/20200531/DNBFGGVTWSVGCF25BIR7QFLFMU/
國人個資外洩引譁然 學者:政府這種鬼話說得出來
https://udn.com/news/story/6656/4602784
千萬台人個資放暗網賣 知情者爆:徵信社幹的...之前喊價2千萬
https://bit.ly/2Mggm64
暗網賣台灣民眾個資!知情人士爆:多年前一份喊價2千萬
https://bit.ly/2XNOQCf
傳戶政資料外洩 政院駁:非事實
https://www.pourquoi.tw/2020/05/31/taiwan-news-20200531-household/amp/
台2千萬個資遭賣!知情者:徵信社賄賂來的…曾喊價2千萬
https://www.setn.com/News.aspx?NewsID=753413
爆出外洩2千萬筆民眾個資 徐國勇:非由政府部門外洩且為舊資訊
https://bit.ly/3eD9Cvw
誇張!2000萬筆台灣民眾個資遭外洩 包含姓名、生日、住址等資訊 內政部:懷疑私部門被駭
https://www.nooho.net/2020/05/DPPfraud33767/
2000萬筆台人個資流暗網 內政部:非官方外洩
https://news.m.pchome.com.tw/politics/pts/20200531/index-15908544007048908001.html
駭客「暗網」售台灣民眾個資! 2千萬筆賣7萬
https://news.tvbs.com.tw/politics/1332293
Re: [爆卦] 台灣身分證登錄資料外洩至暗網兜售
https://moptt.tw/p/Gossiping.M.1590827767.A.8E8
2000萬筆個資外洩 徐國勇:皆屬舊資訊且政府部門資安嚴密
https://www.chinatimes.com/realtimenews/20200531002080-260407?chdtv
驚!台兩千萬筆個資外洩 專家:政府資安意識薄弱
https://bit.ly/36IQkC6
2000萬筆個資外洩?行政院資安處:資料多重複
https://news.ltn.com.tw/news/politics/breakingnews/3183114
【超過 2000 萬筆台灣人個資,在暗網上被販售】政院資安處:多數為舊資料
https://buzzorange.com/techorange/2020/06/01/taiwanese-citizens-database-leaked-in-darkweb/
台灣2千萬筆個資於暗網外洩?行政院資安處表示,資料很舊、非自政府機關流出
https://bit.ly/3ckFjbm
臺灣戶政資料傳出外洩疑雲,行政院資安處揭露更多細節,強調與戶政單位無關
https://www.ithome.com.tw/news/137980
2千萬筆個資外洩來自畢冊?時力、民眾黨轟徐國勇說法
https://www.chinatimes.com/realtimenews/20200601002638-260407?chdtv
2000萬筆個資外洩》高虹安想問徐國勇 畢業紀念冊有身分證字號?
https://www.cmmedia.com.tw/home/articles/21659
行政院澄清:2000 萬筆暗網個資非政府流出,已請調查局出手查處
https://bit.ly/2ZYobFQ
二大一廣場/蠢!立委竟扯2000萬筆個資外洩源於畢冊
https://www.setn.com/News.aspx?NewsID=754640
駁台人資料外洩 政院秀數據分析:非單一來源取得、非戶政系統內容
https://www.ettoday.net/news/20200531/1726854.htm
臺灣戶政資料傳出外洩疑雲,行政院資安處揭露更多細節,強調與戶政單位無關
https://disp.cc/b/163-coxx
政院:個資保護需政府與民間共同努力
https://www.ydn.com.tw/News/384970
刑事局:比對網站照片個資 屬舊資料
https://www.cdns.com.tw/articles/187910
教育部幼兒園網遭駭客竊個資販售 恐淪不法人頭
https://www.chinatimes.com/realtimenews/20200604001939-260402?ctrack=mo_main_rtime_p04&chdtv
網傳「蔡英文陰謀」黑函 總統府澄清:變造文件非屬事實
https://www.storm.mg/article/2642466
誆誤設高級VIP會員 女教師遭詐20萬
https://tw.news.appledaily.com/local/20200530/5VD5ZDN2ZNKV5TKVJK3YO5ECV4/
假冒知名網路書店客服詐騙 女教師上當損失20萬
https://www.cna.com.tw/news/asoc/202005300142.aspx
擴大打擊假資訊,臉書要求文章瘋傳的帳號驗證身分
https://www.ithome.com.tw/news/137934
印尼近 230 萬選民資料,遭駭侵團體曝光
https://www.twcert.org.tw/tw/cp-104-3633-f49c3-1.html
竣盟科技資安快訊: 號外 ! 號外 ! 針對立法院釣魚郵件攻擊,獨家披露有突破的發現
https://blog.billows.com.tw/?p=172
People are accidentally throwing out their stimulus payments — because they look like junk mail
https://nbcnews.to/3dtQ2Bm
Security News This Week: Look Out for This Covid-19 Excel Phishing Scam
https://www.wired.com/story/covid-19-phishing-excel-ios-14-data-breaches/
AT&T tracked its own sales bods using GPS, secretly charged them $135 a month to do so, lawsuit claims
https://www.theregister.com/2020/05/19/att_gps_lawsuit/
Remember when Securus was sued for recording 14,000 calls between prison inmates and lawyers? It just settled
https://www.theregister.com/2020/05/21/securus_prison_wiretapping_lawsuit/
Cybercrooks tend to prefer Google-branded phishing to Microsoft-flavoured lures
https://www.theregister.com/2020/05/28/google_branded_phishing/
Google Location Tracking Lambasted in Arizona Lawsuit
https://threatpost.com/google-location-tracking-arizona-lawsuit/156082/
Online education site EduCBA discloses data breach after hack
https://www.bleepingcomputer.com/news/security/online-education-site-educba-discloses-data-breach-after-hack/#.XslQKrj5l-c.twitter
Phishing: how to report to the NCSC
https://www.ncsc.gov.uk/information/report-suspicious-emails
25 million Mathway user records available for sale on the dark web
https://securityaffairs.co/wordpress/103721/data-breach/mathway-data-breach.html
National Railroad Passenger Corporation AMTRAK suffered in the Data Breach
https://www.offensive-hackers.com/2020/05/Amtrak-suffered-in-the-data-breach.html
Crooks threaten to leak customer data stolen from e‑commerce sites
https://www.welivesecurity.com/2020/05/26/hackers-steal-customer-data-demand-ransom-retailers/
'Hack for Hire' Groups Spoof WHO Emails to Steal Data
https://www.bankinfosecurity.com/hack-for-hire-groups-spoof-who-emails-to-steal-data-a-14348
Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid
https://securityaffairs.co/wordpress/103758/cyber-crime/hackers-sell-sql-databases.html
Hacker leaks database of dark web hosting provider
https://www.zdnet.com/article/hacker-leaks-database-of-dark-web-hosting-provider/
Hacker, 22, who released personal data of German politicians charged
https://www.thelocal.de/20200526/hacker-behind-doxxing-of-german-politicians-charged
Internet giants unite to stop warrantless snooping on web histories
https://nakedsecurity.sophos.com/2020/05/26/internet-giants-unite-to-stop-warrantless-snooping-on-web-histories/
Joomla team discloses data breach
https://www.zdnet.com/article/joomla-team-discloses-data-breach/#ftag=RSSbaffb68
Joomla suffers security breach exposing user records
https://www.hackread.com/joomla-security-breach-exposing-user-records/
Joomla Resources Directory (JRD) Portal Suffers Data Breach
https://thehackernews.com/2020/06/joomla-data-breach.html
Hosting Provider’s Database of Crooked Customers Leaked
https://threatpost.com/hosting-providers-database-of-crooked-customers-leaked/156163/
Data Breach at Bank of America
https://www.infosecurity-magazine.com/news/data-breach-at-bank-of-america/#.Xs6r0ESQzR4.twitter
Majority of COVID phishing attacks coming from US IP addresses, report finds
https://www.techrepublic.com/article/majority-of-covid-phishing-attacks-coming-from-us-ip-addresses-report-finds/
San Francisco retirement program SFERS suffers data breach
https://www.bleepingcomputer.com/news/security/san-francisco-retirement-program-sfers-suffers-data-breach/
Update to the Notice of Potential Data Breach
https://mysfers.org/notice-of-potential-data-breach/
E.研究報告
《2020 5G網路安全白皮書》:網路安全是數位轉型關鍵
https://bit.ly/2Xypjy0
ISACA第三方風險管理白皮書中文版
https://www.caa.org.tw/newsdetail-16058.html
Invoker:一款功能強大的滲透測試實用工具
https://www.freebuf.com/sectool/236088.html
組態設定錯誤突增風險 登入憑證管理不當導致資料外洩 雲端架構複雜又環環相扣 謹慎方能抵禦資安威脅
http://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/7BD580FFAC7B4380BDA8B3B5DC03D227
格魯烏的黑暗?揭露Sandworm黑客組織長達數月的郵件服務器劫持
https://www.freebuf.com/news/238417.html
挖洞經驗| 用多態圖片實現谷歌學術網站(Google Scholar)XSS漏洞觸發
https://www.freebuf.com/vuls/236182.html
設備指紋干擾與反干擾檢測
https://www.freebuf.com/articles/web/235885.html
基於指紋識別的漏洞掃描設計
https://www.freebuf.com/articles/es/235883.html
黑科技:把手機DIY成一台硬件WAF
https://www.freebuf.com/articles/web/235835.html
看我如何製造漏洞繞過安全軟件來加入自啟動
https://www.sohu.com/a/399861365_354899
Weblogic反序列化漏洞(CVE-2019-2725)
https://www.cnblogs.com/twlr/p/13027190.html
MySQL JDBC 客户端反序列化漏洞
https://paper.seebug.org/1227/
挖洞經驗| 一次性驗證密碼(OTP)的簡單繞過
https://www.freebuf.com/vuls/234844.html
如何利用10年前被修復的Windows漏洞
https://www.anquanke.com/post/id/207601
挖洞經驗| 篡改JWT實現賬戶劫持
https://www.freebuf.com/vuls/235700.html
Django 初次嘗試編寫Web 漏洞掃描器挖坑記錄
https://xz.aliyun.com/t/7816
Naikon APT組織分析
https://www.freebuf.com/articles/network/236076.html
高級威脅:Ramsay惡意軟件針對隔離網絡的攻擊技術分析
https://www.freebuf.com/articles/network/238137.html
東歐殺手:Gamaredon APT組織定向攻擊烏克蘭事件分析
https://www.freebuf.com/articles/system/236131.html
在 APT 攻擊中利用特定國家軟件的 0 day 漏洞研究
https://www.chainnews.com/zh-hant/articles/971181991035.htm
朝鮮APT組織Kimsuky的技術研究分析
https://www.freebuf.com/articles/network/233629.html
A New Free Monitoring Tool to Measure Your Dark Web Exposure
https://thehackernews.com/2020/05/dark-web-monitoring-tool.html
New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective
https://thehackernews.com/2020/05/noise-resilient-flush-attack.html
This faulty WordPress plugin could allow hackers to wipe your website
https://www.techradar.com/news/this-faulty-wordpress-plugin-could-allow-hackers-to-erase-the-contents-of-your-website
10 Top OS for Ethical Hacking and Penetration Testing by Sourodip Biswas
https://hakin9.org/10-top-os-for-ethical-hacking-and-penetration-testing-by-sourodip-biswas/
普段の調査で利用するOSINTまとめ
https://qiita.com/00001B1A/items/4d8ceb53993d3217307e
One ring (zero) to rule them all.
https://medium.com/@b1tst0rm/one-ring-zero-to-rule-them-all-9ec99d914c68
DFWFW (Docker Firewall Framework)
https://linuxsecurity.expert/tools/dfwfw/
Pivotnacci - A Tool To Make Socks Connections Through HTTP Agents
https://www.kitploit.com/2020/05/pivotnacci-tool-to-make-socks.html
ANDRAX v5R NH-Killer - Penetration Testing on Android
https://www.kitploit.com/2020/05/andrax-v5r-nh-killer-penetration.html
Podcast 103 - Enigma Unlocked
https://bletchleypark.org.uk/news/podcast-103-enigma-unlocked
Ninja - Open source C2 server created for stealth red team operations
https://hakin9.org/ninja-open-source-c2-server-created-for-stealth-red-team-operations/
YARA v4.0.1
https://isc.sans.edu/diary/26184
WinDbg Basics for Malware Analysis
https://www.youtube.com/watch?v=QuFJpH3My7A&feature=youtu.be
Katana- A Python Tool For Google Hacking
https://hakin9.org/katana-a-python-tool-for-google-hacking/
Fuzzowski - the Network Protocol Fuzzer that we will want to use
https://hakin9.org/fuzzowski-the-network-protocol-fuzzer-that-we-will-want-to-use/
Silent Screenshot Capture | Post Exploitation Payload | VB.NET
https://github.com/ProjectorBUg/Mr.Link
Offense and Defense – A Tale of Two Sides: (Windows) OS Credential Dumping
https://www.fortinet.com/blog/threat-research/offense-and-defense-a-tale-of-two-sides-windows-os-credential-dumping
The Use – and Abuse – of DotNet Files, and the Value of FortiResponder Automation in the Threat Analysis Process
https://www.fortinet.com/blog/threat-research/the-use-and-abuse-of-dotnet-files-and-the-value-of-fortresponder-automation-in-threat-analysis
Singapore researchers tapping quantum cryptography to enhance network encryption
https://www.zdnet.com/article/singapore-researchers-tapping-quantum-cryptography-to-enhance-network-encryption/#ftag=RSSbaffb68
Microsoft blocks Trend Micro code at center of driver 'cheatware' storm from Windows 10, rootkit detector product pulled from site
https://www.theregister.com/2020/05/27/trend_micro_driver_windows_10/
Dynamic Data Resolver (DDR) — IDA Plugin 1.0 beta
https://blog.talosintelligence.com/2020/05/dynamic-data-resolver-1-0.html
Baidu releases quantum machine learning toolkit on GitHub
https://www.zdnet.com/article/baidu-releases-quantum-machine-learning-toolkit-on-github/#ftag=RSSbaffb68
FROM OSINT PROJECT TO MAKING MILLIONS HACKING DATABASES FOR BUG BOUNTY
https://medium.com/@nitesh.yours/from-osint-project-to-making-millions-hacking-databases-for-bug-bounty-6254d70866c6
FridaTrace++ – quick & dirty API monitor
http://www.hexacorn.com/blog/2020/05/31/fridatrace-quick-dirty-api-monitor/
サーバーレスの理解とメリット・デメリット(2020年版)
https://qiita.com/takanorig/items/3a3a0b43b5be5b4a124f
EvilApp : Phishing Attack Using An Android Application
https://kalilinuxtutorials.com/evilapp/
Red teaming - Out of box test cases
https://www.peerlyst.com/posts/red-teaming-out-of-box-test-cases-chintan-gurjar
CTF Design Guidelines
https://docs.google.com/document/d/1QBhColOjT8vVeyQxM1qNE-pczqeNSJiWOEiZQF2SSh8/preview
Analysing the (Alleged) Minneapolis Police Department "Hack"
https://www.troyhunt.com/analysing-the-alleged-minneapolis-police-department-hack/
Detection of PHP Web Shells with Access log, WAF and Audit Deamon
https://medium.com/@p.matkovski/detection-of-php-web-shells-with-access-log-waf-and-audit-deamon-e798d4c95ec
pivotnacci A tool to make socks connections through HTTP agents
https://github.com/blackarrowsec/pivotnacci
Pi Sniffer is a Wi-Fi sniffer built on the Raspberry Pi Zero W
https://hakin9.org/pi-sniffer-is-a-wi-fi-sniffer-built-on-the-raspberry-pi-zero-w/
Shifts in Underground Markets Mayra Rosario Fuentes Past, Present, and Future
https://documents.trendmicro.com/assets/white_papers/wp-shifts-in-the-underground.pdf
Python-Backdoor
https://github.com/xp4xbox/Python-Backdoor
Combination Of VPN, Tor And ProxyChain For More Anonymity
https://hackersonlineclub.com/combination-of-vpn-tor-and-proxychain-for-more-anonymity/
Top 10 Security Best Practices with Microsoft 365 in 2020
https://bit.ly/3dtBL87
Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack
https://msrc-blog.microsoft.com/2020/06/01/machine-learning-security-evasion-competition-2020-invites-researchers-to-defend-and-attack/
Octopus Scanner Sinks Tentacles into GitHub Repositories
https://threatpost.com/octopus-scanner-tentacles-github-repositories/156204/
CrowdStrike posts solid Q1 as customers seek to protect remote workers
https://www.zdnet.com/article/crowdstrike-posts-solid-q1-as-customers-seek-to-protect-remote-workers/
PyDOS
https://github.com/M-Taghizadeh/PyDOS
Kids on the Web in 2020
https://securelist.com/children-report-2020/97191/
Exploiting Routers With Routersploit
https://linuxsecurityblog.com/2019/09/26/exploiting-routers-with-routersploit/
GhostShell Malware indetectable, with AV bypass techniques, anti-disassembly, etc.
https://github.com/ReddyyZ/GhostShell
Photon - Incredibly fast crawler designed for OSINT
https://hakin9.org/photon-incredibly-fast-crawler-designed-for-osint/
Dark Web OSINT Tool TorBot
https://github.com/DedSecInside/TorBot
F.商業
全球駭客攻擊增加衍生資安商機,ISE 資安指數兩個月暴漲 45%
https://buzzorange.com/techorange/2020/05/29/cybersecurity-niche/
疫情危「駭」激增 微軟提出4大資安應變措施
https://tw.appledaily.com/property/20200530/KNLEND5AQH2PU4LOOE4LX7DEHM/
Microsoft Teams 可在後疫情時代幫助企業加速數位轉型
https://bit.ly/2XP9xy2
趨勢科技擲千萬宴 防疫經濟加倍送
https://ec.ltn.com.tw/article/breakingnews/3181173
精誠總代理Nozomi Networks 攻OT與IOT資安防護商機
https://money.udn.com/money/story/5613/4607906
內建硬體信任根與IPsec加速,Mellanox發表25GbE網路卡
https://www.ithome.com.tw/review/137969
Chef推出程式化安全與桌面自動化兩新產品
https://www.ithome.com.tw/news/138045
5G時代來臨 資誠示警:網路資安新威脅更多
https://news.cnyes.com/news/id/4485810
網路戰爭悄悄來襲!資安商機潛力無限 謝金河:它是台灣下一個亮點產業
https://udn.com/news/story/6839/4614566
G.政府
總統府資安防護建議
https://talk.ltn.com.tw/article/paper/1376623
總統府立院電腦遭駭案 警疑中國駭客鎖定政府高官竊資
https://tw.appledaily.com/local/20200529/TRGEJXMKTT3MKHB7MFOKCCAVBY/
冒總統府寄釣魚電郵 警:德資安業者指中國攻擊
https://www.cna.com.tw/news/asoc/202005290229.aspx
冒總統府駭立委 中國幹的 誤開釣魚電郵 逾10立委遭殃 專家:有政治目的
https://tw.appledaily.com/headline/20200530/Y3P3L32OKNO6X6YYD6I5JYEB2E/
假冒總統府寄釣魚信件給立委 警確認境外攻擊
https://www.chinatimes.com/realtimenews/20200529004266-260402?chdtv
只是好玩 演習後續駭國防部 5軍士官送辦 調查局查資通電軍駭客案 國防部:予以配合
https://www.ttv.com.tw/news/view/10905280031300N/579
協助業者圍標 國防部女程式員涉貪起訴
https://udn.com/news/story/7321/4599822
國防部參謀本部爆弊案 僱員搞圍標助業者牟2268萬
https://tw.appledaily.com/local/20200529/56MNSHNUJYDWAEB3JG6YRHQ4AQ/
國安會改組》這一次又變成蔡總統人馬的「中途之家」
https://www.cmmedia.com.tw/home/articles/21634
國際資訊安全會議 (RSA Conference 2020) 出國報告資料
https://report.nat.gov.tw/ReportFront/ReportDetail/detail?sysId=C10900299
NCC由獨立機關變成行政機關,政院不再叫不動
https://www.storm.mg/article/2690593
政府機關使用中國資通設備調查 政院:海康威視最多
https://news.ltn.com.tw/news/politics/breakingnews/3182937
機關採購中國資通設備 政院報告:海康威視最多
https://www.cna.com.tw/news/aipl/202005310142.aspx
中國資通訊設備 我檢測出資安漏洞
https://news.ltn.com.tw/news/politics/paper/1376643
我國資安再現破口? 行政院報告:政府機關共安裝366套海康威視設備
https://newtalk.tw/news/view/2020-05-31/414762?ref=topics
資安大漏洞》228個公務機關 採購中國資通產品
https://news.ltn.com.tw/news/politics/paper/1376530
這些設備不要用!小米 大疆 海康威視 多項中國系統藏資安漏洞
https://inanews.tw/archives/199643
陸資訊產品危害資安 台學者:恐攻擊關鍵設施
https://www.epochtimes.com/b5/20/6/1/n12152905.htm
38 個中央機關使用中國通訊設備!邱顯智籲行政院「別再只喊口號」
https://buzzorange.com/2020/06/04/38-china-gov-information/
中製資通訊設備可能洩密 政院︰加緊汰換與稽核 立委︰修法禁用
https://news.ltn.com.tw/news/politics/paper/1376644
台政府調查使用大陸通訊設備 海康威視、華為、小米都上榜
https://hk.appledaily.com/china/20200531/JZKNCG2SPCNS6TTQQ5W3UEKUEM/
「台灣製造」無資安風險 群光:政府資通設備 應多用國貨
https://news.ltn.com.tw/news/politics/paper/1376906
外館防駭 外交部建骨幹網路聯防
https://news.ltn.com.tw/news/politics/paper/1376645
日前才傳弊案遭搜 國防部網軍士官留遺書失蹤4天
https://www.chinatimes.com/realtimenews/20200601001692-260402?ctrack=mo_main_rtime_p01&chdtv
士官傳輕生訊息、失蹤4天! 資通電軍指揮部回應了
https://www.ettoday.net/news/20200601/1727534.htm
總統府為何被駭?專訪吳怡農:各部會資安,竟是查貪腐的人兼管
https://www.cw.com.tw/article/article.action?id=5100498
臺灣公開2支超前部署防疫App,將提供原始碼供外國政府防疫
https://www.ithome.com.tw/news/137975
國安會管資安的
https://news.ltn.com.tw/news/politics/paper/1377167
資安諮委傳由李漢銘接任 府:人事若定案會對外說明
https://bit.ly/2MpMzrQ
【中油遭駭】26頁檢討報告未提懲處 經部6/10前送交行政院
https://tw.news.appledaily.com/life/20200603/DXNR5ZAHOPHQIWK4HAUJE7PACM/
政府單位資安事件可能的四個資安突破口以及對應之道
https://blog.trendmicro.com.tw/?p=64511
振興政策/唐鳳:健保卡買三倍券像報稅 只讀取不存放紀錄
https://www.cna.com.tw/news/aipl/202006030038.aspx
六大戰略產業分工定 蔡英文:國安靠國防 非卑躬屈膝
https://www.secretchina.com/news/b5/2020/06/03/935328.html
台北市政府招標資安演練及稽核,預算1,176萬
https://bit.ly/2MsuOYT
數位身分證標案爆爭議 第一美卡:資安不可不慎
https://www.chinatimes.com/newspapers/20200605000196-260202?chdtv
H.工控系統/SCADA/ICS
西門子PLC的網絡仿真搭建方法探討
https://www.freebuf.com/articles/ics-articles/236250.html
資安廠商揭露駭侵者針對工業 4.0 的攻擊手法
https://www.twcert.org.tw/tw/cp-104-3654-9b990-1.html
Steganography Anchors Pinpoint Attacks on Industrial Targets
https://threatpost.com/steganography-pinpoint-attacks-industrial-targets/156151/
I.教育訓練
查不到想要的資料?分析師常用的7個Google搜尋技巧
https://career.1111.com.tw/tipDetail.aspx?no=2468
無痕瀏覽走過不留紀錄 記憶體鑑識仍有跡證可循
https://www.netadmin.com.tw/netadmin/zh-tw/technology/5F963706DBD64445A8AD03F47F41C38E?page=1
數位鑑識之無痕瀏覽器證據調查研究
http://jeb.cerps.org.tw/files/JEB2014-004.pdf
開啟 Chrome「無痕模式」仍會被追蹤!破解三大錯誤迷思
https://3c.ltn.com.tw/news/40589
我們與駭的距離
https://open.firstory.me/user/thehacksbetweenus
資安威脅你畫對重點了嗎?CTIA威脅情資分析專家,讓你比駭客更快一步
https://ucomedu.blogspot.com/2020/05/blog-post.html
Scripting for Hackers
https://www.hackers-arise.com/scripting
GCIH試験に合格しました
https://fiscsec.hatenablog.com/entry/2020/06/01/000447
How to Perform Forensic Analysis with Volatility – Part 1
https://www.peerlyst.com/posts/forensic-analysis-with-volatility-part-1-abhinav-singh?trk=user_notification
How to Perform Forensic Analysis with Volatility – Part 2
https://www.peerlyst.com/posts/how-to-perform-forensic-analysis-with-volatility-part-2-abhinav-singh
How I Hacked Into Your Corporate Network Using Your Own Antivirus Agent
https://pentestmag.com/how-i-hacked-into-your-corporate-network-using-your-own-anti-virus-agent/
How I made $31500 by submitting a bug to Facebook
https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204
Digital Forensics with Autopsy
https://medium.com/@tusharcool118/autopsy-tutorial-for-digital-forensics-707ea5d5994d
Malware Analysis: How to use Yara rules to detect malware
https://www.peerlyst.com/posts/malware-analysis-how-to-use-yara-rules-to-detect-malware-chiheb-chebbi
How to Handle Information Security Incidents [Part 1]
https://www.peerlyst.com/posts/how-to-handle-information-security-incidents-part-1-chiheb-chebbi
How to Handle Information security Incidents [Part2]
https://www.peerlyst.com/posts/how-to-handle-information-security-incidents-part2-chiheb-chebbi
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
ARMv7 處理器內含的記憶體崩潰漏洞,可能導致智慧車輛遭遠端遙控
https://www.twcert.org.tw/tw/cp-104-3648-139ef-1.html
思科報告稱:智能汽車易受黑客攻擊通過漏洞可實現“遠程控制”
https://www.sohu.com/a/399159109_257305
淺談車載機 車聯網時代的資訊跳板
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000586423_3bs5tkbu1rmtjg4pdrao4
UK.gov dangles £400k over makers of IoT Things: Go on, let's see how you'd make a security cert scheme
https://www.theregister.com/2020/06/01/ukgov_iot_kitemark_cash_grants/
6.近期資安活動及研討會
GDG Taoyuan #06 - 初探 Angular 應用設計框架 6/6
https://www.meetup.com/GDGTaoyuan/events/270845450/
SDN x Cloud Native Meetup - Webinar 海外篇 #3 6/6
https://www.meetup.com/CloudNative-Taiwan/events/270577365/
中山資安社-資安讀書會 6/6
https://nsysuisc.kktix.cc/events/readinggroup20200606
Excel對人資假勤及薪資管理分析報表實務班 6/9
https://www.accupass.com/event/2003310137088658330050
透過零信任防護策略因應數位轉型對企業雲應用與IoT安全挑戰 6/9
https://bit.ly/2VzDodV
亞太資安論壇報名 6/9 ~ 6/10
https://www.informationsecurity.com.tw/Seminar/2020_Seminar/all/
Elements of AI Online Study Group(0610) 6/10
https://www.meetup.com/TaipeiWomeninTech/events/270415222/
數位轉型攻略:後疫時代企業生存法則 居家上班永久化 6/10
https://event.ithome.com.tw/live/20200601/signup.html?v=1590718274?v=
數位轉型攻略:後疫時代企業生存法則 你家 AP 能不能打包外送 6/11
https://event.ithome.com.tw/live/20200601/signup.html?v=1590718274?v=
First meetup! Kademlia, the socialist millionaires’ problem, and more 6/11
https://www.meetup.com/Papers-We-Love-Taipei-Taiwan/events/270950966/
真Scrum 真敏捷 講座 6/13
https://www.meetup.com/AgileTaiwan/events/270776207/
交通大學駭客書院 - 高階網頁滲透測試 6/13 6/20
https://hackercollege.nctu.edu.tw/?p=1161
給初學者的雲端基礎認識 6/14
https://www.meetup.com/Women-Who-Code-Taipei/events/270944378/
CREST CPSA BootCamp 資安分析專家認證課程 6/15 ~ 6/19
https://www.ainetwork-training.com/product/crest-cpsa-bootcamp/
創業初心者前端框架UI/UX/DX大亂鬥 6/16
https://www.meetup.com/Taipei-Micro-Frontends/events/270906045/
惡意程式偵測、分析、防護實戰班(第3期) 6/16
http://service.tabf.org.tw/tw/user/409646/
ISACA® 國際資訊安全管理師 CISM 認證課程 6/16 ~ 6/19
https://www.accupass.com/event/2004140928122685616880
數位轉型攻略:後疫時代企業生存法則 分散協作成企業開發新常態 6/17
https://event.ithome.com.tw/live/20200601/signup.html?v=1590718274?v=
雲端資安防護研討會 6/18
https://www.accupass.com/event/2003230957111782855813
數位轉型攻略:後疫時代企業生存法則 全球化沒有消失而是變形更數位了 6/22
https://event.ithome.com.tw/live/20200601/signup.html?v=1590718274?v=
設計新興雲端安全防護架構: Container & Serverless Security安全藍圖 6/23
https://bit.ly/2VzDodV
交通大學駭客書院 - 企業網域控管-Active Directory攻擊與防禦 6/27
https://hackercollege.nctu.edu.tw/?p=1164
CompTIA Security+ 國際網路資安認證班 7/4 ~ 7/12
https://www.iiiedu.org.tw/courses/msa293t2002/
數據分析與機器學習案例實務(三)影像分類技術 7/20
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3897&from_course_list_url=course_index
CYBERSEC 2020 臺灣資安大會 8/12
https://cyber.ithome.com.tw/
認證系統安全從業人員 SSCP 輔導班 9/5 ~ 9/13
https://www.iiiedu.org.tw/courses/asq902t2001/
邊緣計算系統之大數據與深度學習應用 9/11
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3895&from_course_list_url=course_index
數據分析與機器學習案例實務(四)應用實例 9/14
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3898&from_course_list_url=course_index
沒有留言:
張貼留言