資安事件新聞週報 2019/11/18 ~ 2019/11/22






資安事件新聞週報  2019/11/18  ~  2019/11/22

1.重大弱點漏洞/後門/Exploit/Zero Day
中彈!高通晶片有漏洞 手機個資不保
https://www.chinatimes.com/realtimenews/20191118003422-260410?chdtv

透過智慧門鈴就可攻擊整個房子聯網設備!Amazon 已修補Ring Video Doorbell Pro 漏洞
https://blog.trendmicro.com.tw/?p=62657

Grin核心開發者解析Mimblewimble「漏洞」:非根本性缺陷,Grin很安全
https://news.knowing.asia/news/0cc8c2e7-222c-40e0-a7c8-5c010ede7023

Grin 隱私模型漏洞!駭客每週花費60美元的AWS服務,就能追蹤 96% 金流地址
https://www.blocktempo.com/former-google-engineer-uncovers-96-of-privacy-altcoin-addresses/

Fortinet FortOS 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19111802

Fortinet FortiClient 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19111901

Google動態郵件功能出現XSS漏洞,可讓駭客透過Gmail發動攻擊
https://www.ithome.com.tw/news/134279

IBM WebSphere Application 遠端執行任意程式碼漏洞
https://www.hkcert.org/my_url/zh/alert/19111801

HKCERT 呼籲關注Windows 7、Windows伺服器2008 及 2008 R2 終止支援服務
https://www.hkcert.org/my_url/zh/blog/19112201

引發 BSoD 的BlueKeep漏洞攻擊,造成系統崩潰的原因
https://blog.trendmicro.com.tw/?p=62621

High-Severity Windows UAC Flaw Enables Privilege Escalation
https://threatpost.com/windows-uac-flaw-privilege-escalation/150463/

THANKSGIVING TREAT: EASY-AS-PIE WINDOWS 7 SECURE DESKTOP ESCALATION OF PRIVILEGE
https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege

Microsoft issues patch for Internet Explorer zero‑day
https://www.welivesecurity.com/2019/11/14/microsoft-patch-internet-explorer-zero-day/

Windows操作系統的74個漏洞用戶如何保護設備
https://chinese.aljazeera.net/technology/2019/11/19/microsoft-fixes-74-vulnerabilities-windows-operating-system

CVE-2019-1388
https://nvd.nist.gov/vuln/detail/CVE-2019-1388

New Windows 10 20H1 test build brings more fixes
https://www.zdnet.com/article/new-windows-10-20h1-test-build-brings-more-fixes/#ftag=RSSbaffb68

Symantec Endpoint Protection遭爆有本地端權限漏洞
https://www.ithome.com.tw/news/134228

Symantec 產品多個漏洞
https://www.hkcert.org/my_url/zh/alert/19111501

英特爾被曝漏洞Zombieload2 jQuery 跨站腳本漏洞影響大量網站
https://www.huorong.cn/info/1573813322393.html

McAfee殺毒軟件代碼執行漏洞(CVE-2019-3648)
https://www.venustech.com.cn/article/1/10574.html

Serious Security Vulnerability Found In All McAfee Antivirus Editions
https://latesthackingnews.com/2019/11/14/serious-security-vulnerability-found-in-all-mcafee-antivirus-editions/

RHEL和CentOS再獲重要內核安全更新:緩解英特爾處理器漏洞影響
https://www.cnbeta.com/articles/tech/911581.htm

美國研究員發現 11 個 5G 新漏洞:會被駭客降成 4G,還會被發虛假警報
https://buzzorange.com/techorange/2019/11/19/new-5g-security-threats/

Chrome 瀏覽器書籤不見了,原來是 Google 在測試新功能出了差錯
https://technews.tw/2019/11/19/chrome-browser-fake/

思科VoIP適配器具有嚴重的安全漏洞
http://bit.ly/334EzT4

THANKSGIVING TREAT: EASY-AS-PIE WINDOWS 7 SECURE DESKTOP ESCALATION OF PRIVILEGE
https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege

Openfind MAIL2000 Webmail Pre-Auth Cross-Site Scripting and Open Redirect
http://net.nthu.edu.tw/2009/mailing:announcement:20191121_01

Openfind MAIL2000 Webmail Post-Auth Cross-Site Scripting
https://tvn.twcert.org.tw/taiwanvn/TVN-201909002

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
內線交易難定罪 陳冲:改內部人要買賣先公告
https://www.chinatimes.com/realtimenews/20191116002687-260410?chdtv

純網銀的思辨(下):三國鼎立的年代,究竟誰能勝出獨領風騷
https://www.bnext.com.tw/article/55502/internet-only-bank-open-banking-2

數位時代 給證交法新生命
http://bit.ly/35cswEK

大量印度信用卡資料出現在暗網,金融卡資料首度喊到每筆100美元,創黑市新高
https://www.ithome.com.tw/news/134217

2019台北金融科技展拚創意 五家FinTech獨角獸現身
https://money.udn.com/money/story/5636/4171711

緊急聲明:近日出現疑似冒充本公司「ANUE 鉅亨」網站 提醒用戶慎防
https://news.cnyes.com/news/id/4413249?exp=b

星展銀行開出第一槍!顧立雄提銀行裁撤ATM的3大原則
http://bit.ly/2CUDoe2

ATM顯示「偵測鈔券放入異常」 他撬開吐鈔口驚見4.4萬...直接入袋
https://www.ettoday.net/news/20191119/1583351.htm

證交所持續推廣台股盤中逐筆交易 擬真平台使用人次成長近7成
https://www.ettoday.net/news/20191119/1583478.htm

財金公司建議 保資安險護身
http://bit.ly/2XwFLgV

跨入第二階段 開放API 財金訂TSP篩選標準
http://bit.ly/37rhP32

Web payment card skimmers add anti-forensics capabilities
https://www.csoonline.com/article/3453940/web-payment-card-skimmers-add-anti-forensics-capabilities.html

New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks
https://thehackernews.com/2019/11/financial-cyberattacks.html

Massive Hack Strikes Offshore Cayman National Bank and Trust
https://unicornriot.ninja/2019/massive-hack-strikes-offshore-cayman-national-bank-and-trust/

New JavaScript Skimmer Found on Ecommerce Sites
https://www.bankinfosecurity.com/new-javascript-skimmer-found-on-ecommerce-sites-a-13411

Cases of ATM skimming decline, explosive attacks increase in Europe
https://www.atmmarketplace.com/news/cases-of-atm-skimming-decline-explosive-attacks-increase-in-europe/

All commercial banks switch to chip-based cards
https://thehimalayantimes.com/business/all-commercial-banks-switch-to-chip-based-cards/

Turkish cybercriminals hack ATMs in Tripura, steal huge cash
https://www.thehindu.com/news/national/other-states/turkish-cybercriminals-hack-atms-in-tripura-steal-huge-cash/article30010268.ece

Macy’s suffers online Magecart card-skimming attack, data breach
https://www.zdnet.com/article/macys-suffers-online-magecart-card-skimming-attack/#ftag=RSSbaffb68

3.電子支付/電子票證/行動支付/ pay/新聞及資安
行動支付快速發展 陳美伶估年底消費金額突破千億大關
https://www.rti.org.tw/news/view/id/2042386

4.虛擬貨幣/區塊鍊相關新聞及資安
Maker中的漏洞:預言機治理攻擊、攻擊DAOs和去中心化
https://www.lianshijie.com/news/180394

第一人稱射擊遊戲「比特幣賞金獵人」,擊殺玩家賺取比特幣
https://zombit.info/first-person-shooter-bitcoin-bounty-hunter-kill-players-to-earn-bitcoin

加密貨幣錢包GateHub數據遭洩露,140萬帳戶資訊被盜
https://news.knowing.asia/news/81a31bc4-afcb-4d8e-b771-36d8ea146d79

勤業眾信:企業區塊鏈市場逐漸成熟了,金融、物流應用型態開始更多元
https://www.ithome.com.tw/news/134324

從加密貨幣交易所的故事,來瞭解整個加密貨幣產業
https://news.knowing.asia/news/209b877a-1f72-430d-8a41-ecb1a352eab7

比特幣日漸稀缺,丟失的比特幣都到哪裡去了
https://news.knowing.asia/news/523788b7-d496-4195-ad93-b3cb96411837

US charges men with cryptocurrency theft, SIM-swapping attacks
https://www.zdnet.com/article/us-charges-men-with-cryptocurrency-theft-sim-swapping-attacks/#ftag=RSSbaffb68

DOJ: Pair Used SIM Swapping Scam to Steal Cryptocurrency
https://www.bankinfosecurity.com/doj-pair-used-sim-swapping-scam-to-steal-cryptocurrency-a-13405

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
小心公共USB充電站讓惡意程式上身,美政府籲勿使用
https://ithome.com.tw/news/134225

使用公共 USB 充電站,恐被駭客植入惡意程式!美府:最好用行動電源
https://buzzorange.com/techorange/2019/11/18/us-usb-charging-station-malware/

盤點近幾年勒索病毒使用過的工具和漏洞
https://mlog.club/article/1859512

路易斯安那州遭勒索軟體攻擊,部份伺服器停擺
https://www.ithome.com.tw/news/134285

Sophos揭露WannaCry 由獵食者演變成危險疫苗
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000572853_NZA9DAHL48LZ6E4HEVU2C

駭客在臉書上刊登惡意的麥當勞廣告散佈金融木馬
https://www.ithome.com.tw/news/134315

小心別亂點!假冒微軟 Windows 更新通知信,暗藏新型勒索軟體
https://3c.ltn.com.tw/news/38709

是更新還是病毒?資安業者提醒 小心以微軟更新版為名的假信件
https://newtalk.tw/news/view/2019-11-22/330307

YouTube 出現「比特幣錢包金鑰產生器 」,實為竊個資木馬
https://blog.trendmicro.com.tw/?p=62693

Ransomware Revival: Troldesh becomes a leader by the number of attacks
https://securityaffairs.co/wordpress/94111/malware/ransomware-troldesh-top-malwar.html

When one isn’t enough: This shady malware will infect your PC with dual Trojans
https://www.zdnet.com/article/when-one-isnt-enough-this-shady-malware-will-infect-your-pc-with-two-trojans/#ftag=RSSbaffb68

Double Vision: Stealthy Malware Dropper Delivers Dual RATs
https://threatpost.com/malware-dropper-dual-rats/150271/

When one isn’t enough: This shady malware will infect your PC with dual Trojans
https://www.zdnet.com/article/when-one-isnt-enough-this-shady-malware-will-infect-your-pc-with-two-trojans/#ftag=RSSbaffb68

Double Trouble: RevengeRAT and WSHRAT
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample.html

Weeding out WannaMine v4.0: Analyzing and Remediating This Mineware Nightmare
https://www.crowdstrike.com/blog/weeding-out-wannamine-v4-0-analyzing-and-remediating-this-mineware-nightmare/

Stealthy new Android malware poses as ad blocker, serves up ads instead
https://blog.malwarebytes.com/android/2019/11/stealthy-new-android-malware-poses-as-ad-blocker-serves-up-ads-instead/

Stealthy Malware Flies Under AV Radar with Advanced Obfuscation
https://threatpost.com/malware-steals-info-with-advanced-obfuscation/150280/

Custom dropper hide and seek
https://blog.talosintelligence.com/2019/11/custom-dropper-hide-and-seek.html

Android malware disguises as ad blocker, but then pesters users with ads
https://www.zdnet.com/article/android-malware-disguises-as-ad-blocker-but-then-pesters-users-with-ads/#ftag=RSSbaffb68

Hackers μολύνουν συστήματα χρησιμοποιώντας το Metasploit και κακόβουλα έγγραφα Word
https://www.secnews.gr/204461/hackers-word-emails/

Ανησυχητική η αύξηση των malware επιθέσεων σε νοσοκομεία
https://www.secnews.gr/204438/nosokomeia-trojan-dedomena-epitheseis/

Phishing Campaigns Spoof Government Agencies: Report
https://www.bankinfosecurity.com/phishing-campaigns-spoof-government-agencies-report-a-13408

Warnings Issued For Text, TV 'Smishing' Scams
https://dailyvoice.com/connecticut/shelton/news/warnings-issued-for-text-tv-smishing-scams/778936/

Attackers are staging tax-themed phishing attacks to target companies in Germany and Italy
https://renewsindustry.com/attackers-are-staging-tax-themed-phishing-attacks-to-target-companies-in-germany-and-italy/2196/

Malware developers are betting you’ll be fooled by ‘Donald Trump Screen of Death’
https://www.nny360.com/artsandlife/lifestyle/malware-developers-are-betting-you-ll-be-fooled-by-donald/article_6c01b7ea-7def-5213-8f2b-40b1bb0fc1d1.html

When one isn’t enough: This shady malware will infect your PC with dual Trojans
https://newsvire.com/when-one-isnt-enough-this-shady-malware-will-infect-your-pc-with-dual-trojans/

Koadic C3 COM Command & Control - JScript RAT
https://github.com/zerosum0x0/koadic

Symantec, ESET, McAfee rank first in Windows anti-malware market share
https://www.zdnet.com/article/symantec-eset-mcafee-rank-first-in-windows-anti-malware-market-share/#ftag=RSSbaffb68

Ransomware hits Louisiana state government systems
https://www.zdnet.com/article/ransomware-hits-louisiana-state-government-systems/#ftag=RSSbaffb68

Shade Ransomware Is the Most Actively Distributed Malware via Email
https://www.bleepingcomputer.com/news/security/shade-ransomware-is-the-most-actively-distributed-malware-via-email/

2019-11-19 - PCAP AND MALWARE FOR AN ISC DIARY (HANCITOR INFECTION)
https://www.malware-traffic-analysis.net/2019/11/19/index.html

Antivirus vendors and non-profits join to form 'Coalition Against Stalkerware'
https://www.zdnet.com/article/antivirus-vendors-and-non-profits-join-to-form-coalition-against-stalkerware/#ftag=RSSbaffb68

Emotet Trojan Campaigns Continue
https://www.cyber.nj.gov/alerts-and-advisories/20191112/emotet-trojan-campaigns-continue

Louisiana Government Recovering From Ransomware Attack
https://www.bankinfosecurity.com/louisiana-government-recovering-from-ransomware-attack-a-13419

Mac Backdoor Linked to Lazarus Targets Korean Users
https://blog.trendmicro.com/trendlabs-security-intelligence/mac-backdoor-linked-to-lazarus-targets-korean-users/

Threat Analysis Unit (TAU) Threat Intelligence Notification: Ramnit Banking Trojan
https://www.carbonblack.com/2019/11/18/threat-analysis-unit-tau-threat-intelligence-notification-ramnit-banking-trojan/

Russian Hacker Behind NeverQuest Banking Malware Gets 4 Years in U.S. Prison
https://thehackernews.com/2019/11/lisov-neverquest-russian-hacker.html

B.行動安全 / iPhone / Android /穿戴裝置 /App
iPhone 史上最大資安危機,強烈呼籲受影響的各界重要人士立即更換你的手機
https://technews.tw/2019/11/16/iphone-checkm8/

iPhone 資安亮紅燈!避免硬體漏洞被入侵,從「4 大防駭習慣」開始養成
https://buzzorange.com/techorange/2019/11/18/apple-iphone-bursts-a-major-hardware-vulnerability/

iPhone 驚傳史上最大漏洞!台灣開發者揭 14 款機型恐 3 分鐘被入侵
https://3c.ltn.com.tw/news/38652

蘋果手機爆資安漏洞 KPMG四招自保教學
https://news.wearn.com/c377476.html

安卓曝高危漏洞:華為小米等18款設備中招
https://www.twoeggz.com/news/15733572.html

從 Android 手機有許多資安漏洞說起
https://softnshare.com/kryptowire-android-cve-mobile-security/

蘋果 Apple MacBook 硬碟容量不足效能緩慢,其他資料佔用近百 GB 空間
https://www.vedfolnir.com/apple-macos-hard-disk-capacity-is-slow-35339.html

華為踢鐵板 手機標中國台灣 NCC要求禁賣
http://m.secretchina.com/news/b5/2019/11/15/913720.html

系統更新 竟標「中國台灣」NCC出手 五大電信 禁售華為3款手機
https://tw.appledaily.com/highlight/20191115/WVQEM3IDMMVWOPYYGI57GKURUI/

Android 遭爆「預載漏洞」多達 146 個! 三星、華碩也被點名
https://3c.ltn.com.tw/news/38657

Android 手機預裝軟體藏大量漏洞,導致 29 廠商中招
http://technews.tw/2019/11/20/pre-installed-apps-on-low-end-android-phones-are-full-of-security-holes/

華碩、三星都中標! Android手機被爆「預載」146款惡意軟體
https://newtalk.tw/news/view/2019-11-18/328259

德國擬禁止Apple Pay壟斷NFC 蘋果:開放恐危及用戶資安
https://www.ettoday.net/news/20191116/1581363.htm

華為邀請全球駭客找系統漏洞:或為鴻蒙手機鋪路
https://sina.com.hk/news/article/20191116/0/0/2/-10848832.html

Facebook 陳澍:大規模違反《社群守則》已排除,是內部技術問題
https://www.inside.com.tw/article/18122-facebook-community-standards-2

政治貼文一PO就被砍 臉書公布原因了
https://www.chinatimes.com/realtimenews/20191115004881-260405?chdtv

追蹤位置是小事,5G 漏洞可能用於軍事打擊
https://www.chainnews.com/zh-hant/articles/310410144352.htm

5G漏洞使用戶位置被追踪TPM漏洞影響數十億設備
https://zhuanlan.zhihu.com/p/91839862

【兩岸論壇】中共力推「學習強國」 全面監控民眾
https://www.ydn.com.tw/News/360548

香港反送中通訊利器Telegram 資安專家擔憂漏洞洩密
https://ec.ltn.com.tw/article/breakingnews/2978749

華為發布關於網絡安全的立場聲明:我們從未經歷過任何嚴重的網絡安全漏洞
https://www.leiphone.com/news/201911/xKZ9aisIKkeTYIUD.html

最新的WhatsApp漏洞已經存在:Android和iOS用戶注意麵臨惡意風險
https://news.guo.media/zh/13576/

平價 Android 手機藏陷阱?調查報告指預載軟體含大量漏洞
https://www.eprice.com.tw/mobile/talk/102/5439921/1/

安卓遭爆「預載」惡意軟體 個資恐洩
http://bit.ly/2r9t2UY

WhatsApp 發現全新漏洞!接收影片即中招
http://bit.ly/2XsIsQD

Android 平價機預載 Apps 現大量漏洞 美國國土安全部爆大鑊
http://bit.ly/2KAsajh

Apple Pay涉壟斷!德立法要求開放iPhone NFC晶片 蘋果憂危及用戶資安
https://www.ettoday.net/news/20191119/1583440.htm

抖音全力洗白!就算習近平下令也「照樣拒絕」
https://ec.ltn.com.tw/article/breakingnews/2982869

六個簡單避免手機被入侵的方法
http://bit.ly/37nutzS

你的手機會偷拍?資安公司踢爆Android漏洞 Google、三星都中招
https://newtalk.tw/news/view/2019-11-20/329212

WhatsApp新突破:駭客可通過傳送MP4攻擊,能監控設備+竊取聊天記錄
https://zinggadget.com/2019/11/19/whatsapp-warning-hacker-may-sentmp4-hack-user-phone/

臉書修補WhatsApp的遠端程式執行漏洞
https://ithome.com.tw/news/134306

Google 修復 Android 相機 App 嚴重安全漏洞,用戶應盡速更新
http://technews.tw/2019/11/21/google-android-camera-app-bug/

愛瘋嚴重資安漏洞!他1分鐘破解
http://bit.ly/2qlsAmR

Android 相機 App 新漏洞   惡意取用相機 + 錄製通話內容
https://unwire.hk/2019/11/20/android-flaw/software/android-app/

Android相機App爆資安漏洞 偷拍錄影+錄製通話內容
http://bit.ly/2KLuLHg

安卓被曝嚴重漏洞:惡意應用能秘密錄製視頻監聽通話
https://finance.sina.com.cn/chanjing/cyxw/2019-11-21/doc-iihnzhfz0759766.shtml

成功攻破Amazon Echo 網絡駭客獲6萬美金獎金
https://hk.epochtimes.com/news/2019-11-21/50760505

更新愛瘋爆災情!LINE中標這樣解
http://bit.ly/2QDLaRT

想成為LINE工程師?3大團隊精神,看跨國公司的開發文化
https://www.bnext.com.tw/article/55579/line-developer-culture

Telegram 執行長大吐槽 Facebook 以及 Whatsapp 後門事件
https://www.inside.com.tw/article/18174-WhatsApp-will-never-be-secure

史上成長最快通訊軟體!微軟Teams突破2千萬用戶,Slack嗆數據膨風
https://www.bnext.com.tw/article/55577/microsoft-teams-slack-competition

由機器學習與隱私優先原則 看 LINE 如何有感減少垃圾訊息並為個資把關
https://www.techbang.com/posts/74420-line-security-privacy

資安風險高! 推特將取消以電話啟用雙因素驗證
https://www.ithome.com.tw/news/134350

Google 修復 Android 相機 App 嚴重安全漏洞,用戶應盡速更新
http://technews.tw/2019/11/21/google-android-camera-app-bug/

Google、三星相機程式被曝高風險漏洞,可被黑客偷拍照、錄像
https://kknews.cc/tech/k46m4j8.html

IG上買女傭?中東奴隸線上交易鑽漏洞 連警都參一咖
https://www.setn.com/News.aspx?NewsID=640452

Two Arrested for Stealing $550,000 in Cryptocurrency Using Sim Swapping
https://thehackernews.com/2019/11/hacking-with-sim-swapping.html

Qualcomm Chip Flaws Let Hackers Steal Private Data From Android Devices
https://thehackernews.com/2019/11/qualcomm-android-hacking.html

Threat Landscape Report for Q3 2019
http://www.manilastandard.net/index.php/tech/tech-news/310151/threat-landscape-report-for-q3-2019.html

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
Real World CTF安全訓練營將啟動,四位一體聚焦網絡安全
http://news.tom.com/201911/4798310753.html

20歲美大學生幫ISIS客製開發Gentoo Linux、散佈訊息,最高恐判刑20年
https://ithome.com.tw/news/134331

假期購物季將至 零售業者須嚴防網路攻擊
https://money.udn.com/money/story/5599/4176567

DDoS服務商遭判刑13個月,經營者只有21歲
https://www.ithome.com.tw/news/134273

英國工黨網站遭DDoS攻擊
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16320

FBI 警告:駭侵組織正在鎖定美國汽車工業進行攻擊
https://www.twcert.org.tw/tw/cp-104-3093-cff7a-1.html

2019HITCON DEFENSE打造多元情境 S.H.I.E.L.D.奪冠
https://money.udn.com/money/story/5640/4175917

資安金盾獎 交大及鳳山永春南一中聯隊摘冠
https://money.udn.com/money/story/10860/4168414

Disney+系統遭駭客入侵? 官方:沒有證據顯示有安全漏洞
https://newtalk.tw/news/view/2019-11-22/330204

電腦全天上網未關機成「肉雞」 淪駭客盜刷「跳板」
https://news.ltn.com.tw/news/life/breakingnews/2984378

110名網絡技術精英演繹“虛擬空間”安全“攻防戰”
http://www.stdaily.com/index/kejixinwen/2019-11/17/content_815984.shtml

梅西百貨證實網站遭駭客攻擊,週二股價重挫11%
http://bit.ly/35fLVoa

梅西又被駭 未透露多少顧客資料被盜
http://bit.ly/2OAunMH

2K 粉絲團遭駭客入侵,貼文發「尼哥」粉絲全看傻
https://tw.esports.yahoo.com/201911153-050521478.html

又一家美國法院裁定警方無權強迫嫌疑人交出設備密碼
http://bit.ly/2OAmhnp

北市大校內電郵狂收對岸嘲諷信 教部:應為群組帳號外流
https://m.ltn.com.tw/news/life/breakingnews/2980240

學校公用電郵狂收垃圾信/北市大︰學生盜用信箱 非遭駭
https://m.ltn.com.tw/news/life/paper/1332503

北市大收「對岸」電子嘲諷信 教部:帳號外流
https://news.tvbs.com.tw/life/1235609

信箱驚見「我是翻牆過來的江蘇人」爆資安危機? 北市大︰校內生誤用
http://bit.ly/37byjvX

國際駭客組織 Anonymous 將捐贈7,500萬美元的比特幣
https://zombit.info/international-hacker-organization-anonymous-will-donate-75-million-in-bitcoin/

資安拉警報!北約秘書長:中國能從全球蒐集大量數據
https://newtalk.tw/news/view/2019-11-18/328591

關於港警圍攻香港中文大學,控制HKIX將導致香港斷網的傳言,聽聽香港專業IT人員怎麼說
https://ithome.com.tw/news/134232

中國自創天府杯駭客競賽,Chrome、Safari與Office 365全被攻陷
https://ithome.com.tw/news/134297

你,可能早就是中國政府「審查」的對象
https://www.cw.com.tw/article/article.action?id=5097806

大股東裝了監控系統 中國可能可遠端切斷菲國輸電網
https://news.ltn.com.tw/news/world/breakingnews/2985520

周鴻禕:超100國家成立網軍 網路戰將成未來戰爭首選
https://news.sina.com.tw/article/20191121/33396558.html

美資安專家稱 俄、「中」恐非首要威脅
https://www.ydn.com.tw/News/360507

美專家:網路威脅多來自中等國家
https://www.ydn.com.tw/news/360529

美司法部長:華為、中興具安全威脅
http://bit.ly/2Oiw6GA

華為囂張不久...美國出口管制終極武器還沒用
https://ec.ltn.com.tw/article/breakingnews/2982958

趕盡殺絕!美司法部長一句話 華為設備恐拆了
https://www.chinatimes.com/realtimenews/20191116000010-260408?chdtv

美國敗下陣來,印度以安全為由決定封殺臉書,中國成為最終大贏家
http://www.sohu.com/a/354177140_759851

駐烏克蘭代辦手機與特朗普通話 恐遭俄羅斯等多國截聽
https://hk.on.cc/hk/bkn/cnt/amenews/20191115/bkn-20191115220627958-1115_00972_001.html

伊朗全國大斷網 封鎖網絡能遏止示威嗎
http://bit.ly/35j12NE

Cybersecurity is heading into a recruitment crisis: Here's how we fix the problem
https://www.zdnet.com/article/cybersecurity-is-heading-into-a-recruitment-crisis-heres-how-we-fix-the-problem/#ftag=RSSbaffb68

More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/

Company Detected Years-Long Breach Only After Hacker Maxed Out Servers' Storage
https://thehackernews.com/2019/11/hacking-file-storage.html

Chrome, Edge, Safari hacked at elite Chinese hacking contest
https://www.zdnet.com/article/chrome-edge-safari-hacked-at-elite-chinese-hacking-contest/#ftag=RSSbaffb68

ProtonMail blocked in Belarus following wave of bomb threats across the country
https://www.zdnet.com/article/protonmail-blocked-in-belarus-following-wave-of-bomb-threats-across-the-country/#ftag=RSSbaffb68

Company discovered it was hacked after a server ran out of free space
https://www.zdnet.com/article/company-discovered-it-was-hacked-after-a-server-ran-out-of-free-space/

Official Monero website compromised with malware that steals funds
https://www.zdnet.com/article/official-monero-website-compromised-with-malware-that-steals-funds/#ftag=RSSbaffb68

The Russian Railways information system got hacked in 20 minutes
https://www.ehackingnews.com/2019/11/the-russian-railways-information-system.html?utm_source=dlvr.it&utm_medium=twitter

Emergency Response Process and Compromised Binaries Post-Mortem Meeting: 22 November 23:00 UTC #413
https://github.com/monero-project/meta/issues/413

2020 年「サイバーセキュリティ月間」実施に伴う 関連行事の募集について
https://www.nisc.go.jp/active/kihon/pdf/csm2020kanren.pdf

4 Automated Password Policy Enforcers for NIST Password Guidelines
https://www.bankinfosecurity.com/blogs/4-automated-password-policy-enforcers-for-nist-password-guidelines-p-2803

THE LAZARUS’ GAZE TO THE WORLD: WHAT IS BEHIND THE SECOND STONE
https://blog.telsy.com/the-lazarus-gaze-to-the-world-what-is-behind-the-second-stone/

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
Disney+ app才推出,駭客論壇驚傳有上千帳號被兜售
https://www.ithome.com.tw/news/134256

Disney+開通後上千用戶被駭 帳號暗網最低價不到百元
https://ec.ltn.com.tw/article/breakingnews/2982721

Disney+才推出 數千帳號被駭 3元轉手賤賣
http://bit.ly/2XC1Tq9

蘋果中國新網域被Safari和Google視為釣魚網站,到底怎麼回事
https://mrmad.com.tw/apple-com-cn-safari-deceptive-site-ahead

假訊息資訊戰 將在大選總驗收
https://udn.com/news/story/11321/4173241

網路假訊息流傳 中原大學生盼科技遏止歪風
http://bit.ly/32W5qAJ

盤點2019年度五大資安詐騙類型
https://blog.trendmicro.com.tw/?p=62635

中科天齊:全球十大高危數據泄露事件影響30億用戶
https://news.sina.com.tw/article/20191119/33370842.html

按讚也會被騙!社群10大詐騙手法曝光 它居然只排第5
https://theme.udn.com/theme/story/6774/4178037

大選在即,台灣將成為假訊息病毒的培養皿
https://forum.ettoday.net/news/1584010

資安知識分享】經典詐騙: 分享給十位朋友即可領取免費Line貼圖?別再上當啦
https://ithelp.ithome.com.tw/articles/10229091?sc=rss.qu

歐洲最大級飯店訂房系統公司近 1TB 旅客資料於網路曝光
https://www.twcert.org.tw/tw/cp-104-3089-ffd48-1.html

韓粉轉傳陳菊貪污假訊息被判拘役 源頭竟來自港媒
https://m.ltn.com.tw/news/politics/breakingnews/2985229

陳菊貪污假訊息 調查局:最早出自於香港媒體
https://www.cna.com.tw/news/firstnews/201911210198.aspx

抵制資訊戰!Google不只停政治廣告 三大策略對抗假新聞
https://news.sina.com.tw/article/20191121/33398876.html

「無卡分期」是什麼? 小心別誤入門號換現金詐騙翻版!
https://www.kocpc.com.tw/archives/293321

網路詐欺犯入獄繼續騙「跨多國海撈3000萬」! 坐牢竟能買豪宅、爽上網
https://www.ettoday.net/news/20191121/1584561.htm

網絡職業打假灰產鏈調查:利用漏洞大量購買成職業索賠人
http://m.cnwest.com/tianxia/a/2019/11/22/18195493.html

這些臉書粉絲團都是假的,五招避免上當!(持續更新)
https://blog.trendmicro.com.tw/?p=60197

盤點2019年度五大資安詐騙類型
https://blog.trendmicro.com.tw/?p=62635

Thousands of hacked Disney+ accounts are already for sale on hacking forums
https://www.zdnet.com/article/thousands-of-hacked-disney-accounts-are-already-for-sale-on-hacking-forums/#ftag=RSSbaffb68

The banking scams criminals are using to target South Africans right now
https://businesstech.co.za/news/banking/354209/the-banking-scams-criminals-are-using-to-target-south-africans-right-now/

Parliament House hack report reveals poor password practices
https://www.zdnet.com/article/parliament-house-hack-report-reveals-poor-password-practices/#ftag=RSSbaffb68

Privacy and OSINT lessons from the IronMarch Leak
https://inteltechniques.com/blog/2019/11/18/privacy-and-osint-lessons-from-the-ironmarch-leak/

Disney+ fans without answers after thousands hacked
https://www.bbc.com/news/technology-50461171

Recently Discovered Phishing Campaign Found Targeting Office 365 Admins
http://passwordalert.com/recently-discovered-phishing-campaign-found-targeting-office-365-admins/

Boost Your Personal Security With These Killer 2019 Black Friday and Cyber Monday Deals
https://thehackernews.com/2019/11/cyber-monday-black-friday-deals.htm

T-Mobile Suffers Data Breach Affecting Prepaid Wireless Customers
https://thehackernews.com/2019/11/t-mobile-prepaid-data-breach.html

E.研究報告
GPO細部設定值取得
https://ithelp.ithome.com.tw/questions/10196144

CVE-2019-1405和CVE-2019-1322:通過組合漏洞進行權限提升
https://zhuanlan.zhihu.com/p/92017930

CVE-2019-3648漏洞分析
https://www.4hou.com/vulnerable/21561.html

WDS漏洞允許黑客通過不正確的TFTP數據包劫持Windows服務器
http://www.wanjiquan.com/zixun/201911/5528.html

iOS Jailbreak Principles - Sock Port 漏洞解析(一)UAF 与 Heap Spraying
https://juejin.im/post/5dd10660e51d453fac0a598d

事件識別碼 455,來源為 ESENT 的錯誤
https://dotblogs.com.tw/supershowwei/2019/11/18/222409

Kerberos KDC域權限提升漏洞總結
http://bit.ly/2KvqVSq

iOS checkra1n 越獄受影響裝置之惡意指令快速實作
https://hiraku.tw/2019/11/5076/?utm_source=Facebook_PicSee

IIS-解析漏洞(下)
https://cloud.tencent.com/developer/article/1541087

潛伏者:Roboto殭屍網絡分析報告
https://blog.netlab.360.com/the-awaiting-roboto-botnet/

**級ABB發電信息管理系統漏洞曝光,或成網電作戰致命武器
https://www.freebuf.com/column/220831.html

賽門鐵克郵件網關重置密碼漏洞
https://cloud.tencent.com/developer/article/1541536

個案分析-假冒寄件者回信之網路釣魚攻擊事件分析報告_10811
https://cert.tanet.edu.tw/prog/opendoc.php?id=20191122031110101466188805578.pdf

PHOENIX: THE TALE OF THE RESURRECTED KEYLOGGER
https://www.cybereason.com/blog/phoenix-the-tale-of-the-resurrected-alpha-keylogger

Wrong hashes (from getmonero.org) #6151
https://github.com/monero-project/monero/issues/6151

Monero download site and binaries compromised
https://bartblaze.blogspot.com/2019/11/monero-project-compromised.html

Hunting for LoLBins
https://blog.talosintelligence.com/2019/11/hunting-for-lolbins.html

Custom dropper hide and seek
https://blog.talosintelligence.com/2019/11/custom-dropper-hide-and-seek.html

4 Best Free Online Security Tools for SMEs in 2020
https://thehackernews.com/2019/11/online-website-security-tools.html

ANDRAX
https://andrax.thecrackertechnology.com/download

Cyberattacks and How To Protect Your Computer and Data - Part 1 of 3
https://www.peerlyst.com/posts/cyberattacks-and-how-to-protect-your-computer-and-data-part-1-of-3-josh-moulin

Cyberattacks and How To Protect Your Computer and Data - Part 2 of 3
https://www.peerlyst.com/posts/cyberattacks-and-how-to-protect-your-computer-and-data-part-2-of-3-josh-moulin

Cyberattacks and How To Protect Your Computer and Data - Part 3 of 3
https://www.peerlyst.com/posts/cyberattacks-and-how-to-protect-your-computer-and-data-part-3-of-3-josh-moulin

F.商業
奧義攻資安自動化 召喚AI 向駭客宣戰
https://money.udn.com/money/story/8889/4169661

奧義不徵人才 只找夥伴
https://money.udn.com/money/story/8889/4169667

奧義執行長邱銘彰 幫企業打造防護罩
https://money.udn.com/money/story/8889/4169670

StackRox發布K8s安全平臺3.0,加入配置與漏洞管理功能
https://www.ithome.com.tw/news/134209

為開源程式碼安全把關,GitHub推Security Lab計畫
https://ithome.com.tw/news/134222

趨勢科技推出全方位資安防護服務平台
https://www.chinatimes.com/realtimenews/20191119002071-260412?chdtv

趨勢科技針對採應用程式開發在雲端的企業推出全方位資安防護服務平台
https://news.sina.com.tw/article/20191120/33377464.html

Fortinet安全織網全方位防護網際超連結資料鏈
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=13&id=0000572847_8oa9gb3a32pf3f8nmk3la

Kaspersky to launch transparency center in Brazil
https://www.zdnet.com/article/kaspersky-to-launch-transparency-center-in-brazil/#ftag=RSSbaffb68

Google offers up to $1.5 million bounty for remotely hacking Titan M chip
https://thehackernews.com/2019/11/google-pixel-titan-m-chip.html

G.政府
CODE鞏固台美戰略夥伴關係
https://talk.ltn.com.tw/article/paper/1332805

現行安全機制不足 國安局研商全新密碼防護作為
https://m.ltn.com.tw/news/politics/breakingnews/2984758

國安單位對駐外館處督考 赫見保密裝備遭亂用
https://m.ltn.com.tw/news/politics/breakingnews/2984939

否認外館保密漏洞百出 外交部:均依規定辦理
https://m.ltn.com.tw/news/politics/breakingnews/2985573

教育部資安與個資管理會設置要點
https://edu.law.moe.gov.tw/LawContent.aspx?id=GL001950

非政府組織籲政府暫停推動晶片身分證
http://bit.ly/33ealwO

新身分證程序有問題? 內政部:謹慎推動
https://www.chinatimes.com/realtimenews/20191122001787-260407?chdtv

公文電子交換系統資訊安全管理規範
https://www.archives.gov.tw/Publish.aspx?cnid=1636&p=2456

H.ICS/SCADA 工控系統
白帽駭客將有機會在 Pwn2Own 2020 大賽展現工業控制系統安全機制破解技巧
https://blog.trendmicro.com.tw/?p=62604

研究人員發現西門子工業控制器中的命令執行漏洞
https://nosec.org/home/detail/3183.html

I.教育訓練
政府組態基準(GCB)實作研習活動
http://bit.ly/2Ojnwr4

什麼是零時差漏洞?有哪些漏洞攻擊手法
https://blog.trendmicro.com.tw/?p=62238

CISSP 73: Intrusion Detection System (CISSP IT-Tutorial)
https://www.youtube.com/watch?v=6_6lBDloFH0&feature=

CISSP 74: Security Information and Event Management
https://www.youtube.com/watch?v=jFV9-BUYeBY&feature=

CISSP 75: Network Security from Hardware Devices (CISSP IT-Tutorial)
https://www.youtube.com/watch?v=8EkgyKbm2So&feature=

Ethical Hacking - Capture the Flag Walkthroughs #2 CTF - Easy Beginner Level
https://www.youtube.com/watch?v=x4nLpehOAdM

Getting Started with Shodan, “The scariest search engine”
https://www.peerlyst.com/posts/getting-starting-with-shodan-the-scariest-search-engine-princess-david

OpenVAS Network Vulnerability Scanning for Beginners: Step One, Installation
https://www.peerlyst.com/posts/openvas-network-vulnerability-scanning-for-beginners-step-one-installation-kimberly-crawley

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
水能載舟 亦能覆舟:如何防範物聯網資安風險
https://udn.com/news/story/6871/4167025

在車聯網時代實施安全解決方案
https://www.eettaiwan.com/news/article/20191115TA31-V2X-security

防止駭客攻擊 汽車安全需日新又新
https://www.mem.com.tw/arti.php?sn=1911150006

打造安全物聯網 系統層級檢測方法提對策
https://www.mem.com.tw/arti.php?sn=1911190001

管理、維運分散全球的邊緣裝置 物聯網佈署迎來三大挑戰
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000573305_h0r2jb4y1md8yp4wf46vq

聯網裝置暴增將人機管理比擴大至1:1000 人力吃緊促成智能設備走向遠端維運
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000573199_guq071qal6gse78pbd21s

研究:聲控設備易受駭客攻擊
http://www.epochtimes.com/b5/19/11/21/n11670292.htm

Australia releases draft IoT cybersecurity code of practice
https://www.zdnet.com/article/australia-releases-draft-iot-cybersecurity-code-of-practice/#ftag=RSSbaffb68

DRAFT Code of Practice Securing the Internet of Things for Consumers
https://www.homeaffairs.gov.au/reports-and-pubs/files/code-of-practice.pdf

6.近期資安活動及研討會
Trend Micro CTF 2019 // Raimund Genes Cup  FINAL / NOVEMBER 23–24, 2019
 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html

 資安檢核核心技術及進階技術研討會11月26日至11月28日
 http://bit.ly/2TN2UtD

 人資人員必修的職安法規定 11/26
 https://www.accupass.com/event/1909121441141977826554

 回國分享會:: COCONET 2019 東南亞數位權利營隊 11/27
 https://ocftw.kktix.cc/events/tw2019coconet-sharing

 印太戰略資安論壇:台灣的機會及隱憂 11/27
 https://www.accupass.com/event/1911150905322087822814

 模擬案例鑑識分析實務 (6hr)  11/28
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384543

 CCNS x SITCON 2020 台南投稿者小聚 11/28
 https://ccns.kktix.cc/events/ccns-sitcon-2020-meetup

 Global Cybersecurity Coference 11/28~11/29
 https://2019.group-ib.com/

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/29
 https://signupcybersec101.ithome.com.tw/

 交通大學亥客書院-B015:惡意程式檢測 11/30
 https://hackercollege.nctu.edu.tw/?p=1098

 亞洲‧矽谷學院108年免費認證考試 11/30
 https://college.asvda.org.tw/

 Docker 容器技術實作(201911)  11/30
 https://buy.techbang.com/products/97b497fb?from=home_news

 The Dungeons of Hackers Conference 2019 - 駭客的地下城 11/30
 https://tdohackerparty.kktix.cc/events/tdoh-conf-2019

 5G x AI資安關鍵技術研討會 Cybersecurity 5G x AI Workshop 12/2
 https://ievents.iii.org.tw/EventS.aspx?t=0&id=763

 新竹網絡安全日 Cybersecurity Day Hsinchu 108年 邀请函 12/3
 https://www.accupass.com/event/1911080348403103587380

 Digital Summit Dallas  12/4
 https://infosec-conferences.com/events-in-2019/digital-summit-dallas/

 Kansas City Cyber Security Conference 12/5
 https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/

 CyberMaryland Conference 12/5 ~ 12/6
 https://infosec-conferences.com/events-in-2019/cybermaryland-conference/

 Vue.js 新手村,前端實戰入門 12/7
 https://hackersir.kktix.cc/events/20191112vuejs

 FutureCon Nashville Cyber Security Conference 12/11
 https://infosec-conferences.com/events-in-2019/futurecon-nashville/

 「Log管理 x 營業秘密」研討會 12/11
https://www.accupass.com/event/1911110922137590408650

 Utility Cyber Security Forum December 12/11
 https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/

 交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦  12/14
 https://hackercollege.nctu.edu.tw/?p=1094

 台灣駭客年會 HITCON Winter Training 2019 12/16
 https://hitcon.kktix.cc/events/hitcon-winter-training-2019

 台灣駭客年會 HITCON Winter Training 2019 - 學生報名 12/16
 https://hitcon.kktix.cc/events/hitcon-winter-training-2019-student

 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

 PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
 https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world

沒有留言:

張貼留言

2024年 12 月份資安、社群活動分享

  2024年 12 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/3 https://www.meetup.com/taiwan-code-camp/e...