跳到主要內容

資安事件新聞週報 2020/3/23 ~ 2020/3/27






資安事件新聞週報 2020/3/23 ~ 2020/3/27

1.重大弱點漏洞/後門/Exploit/Zero Day
PHP 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066

Dr.ID門禁考勤系統,門禁Ver 3.3.2版本 資安訊息說明
http://www.secom.com.tw/news/news_detail.aspx?sn=2020030001&cid=2013060066

HPE Warns of New Bug That Kills SSD Drives After 40,000 Hours
https://www.bleepingcomputer.com/news/security/hpe-warns-of-new-bug-that-kills-ssd-drives-after-40-000-hours/

Cisco Addressed Multiple High-Risk Vulnerabilities In SD-WAN Solution
https://latesthackingnews.com/2020/03/22/cisco-addressed-multiple-high-risk-vulnerabilities-in-sd-wan-solution/

Trend Micro Patched Zero-Day Vulnerabilities Under Active Exploit
https://latesthackingnews.com/2020/03/22/trend-micro-patched-zero-day-vulnerabilities-under-active-exploit/

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices
https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html

Adobe 發布2020年三月資安修補包,共修補九個嚴重漏洞
https://www.twcert.org.tw/tw/cp-104-3440-35f59-1.html

PrivEsc in Lenovo Vantage. Two minutes later
https://www.pentestpartners.com/security-blog/privesc-in-lenovo-vantage-two-minutes-later/

微軟警告:Windows RCE重大漏洞已有攻擊出現,但4月才會修補
https://www.ithome.com.tw/news/136527

微軟 Windows 10 最新 0-day 漏洞已遭駭侵者利用
https://www.twcert.org.tw/tw/cp-104-3447-f0ac1-1.html

Windows用戶面臨安全漏洞攻擊 微軟預計4月14日才能更新補丁
https://kknews.cc/tech/6rmza83.html

趕快更新!微軟連續公布兩項「重大」Windows 10 漏洞
https://3c.ltn.com.tw/news/39906

Microsoft warns of two Windows zero day flaws
https://www.welivesecurity.com/2020/03/24/microsoft-warns-two-windows-zero-day-flaws/

Windows 10 upgrade failed? Use these 5 tools to find the problem and fix it fast
https://www.zdnet.com/article/windows-10-upgrade-failed-use-these-5-tools-to-find-the-problem-and-fix-it-fast/

Microsoft pauses Edge releases amid coronavirus outbreak
https://www.zdnet.com/article/microsoft-pauses-edge-releases-amid-coronavirus-outbreak/

Microsoft warns of Windows zero-day exploited in the wild
https://www.zdnet.com/article/microsoft-warns-of-windows-zero-day-exploited-in-the-wild/

防用戶更新出包,微軟也暫停推出Edge新版
https://www.ithome.com.tw/news/136476

Nagios XI 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10819

聯想電腦預裝軟件Lenovo Vantage的提權漏洞
https://nosec.org/home/detail/4367.html

360安全大腦發現MacOS藍牙漏洞 可實現零點擊無接觸遠程利用
http://tj.people.com.cn/n2/2020/0326/c375799-33906367.html

Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns
https://blog.talosintelligence.com/2020/03/vuln-spotlight-videolabs-microdns.html

Vulnerability Spotlight: Denial-of-service vulnerability in GStreamer
https://blog.talosintelligence.com/2020/03/vuln-spotlight-Gstreamer-DoS-March-2020.html

Vulnerability Spotlight: Intel Raid Web Console 3 denial-of-service bugs
https://blog.talosintelligence.com/2020/03/vulnerability-spotlight-intel-raid-web-march-2020.html

Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop
https://www.fortinet.com/blog/threat-research/fortinet-security-researcher-discovers-multiple-critical-vulnerabilities-in-adobe-photoshop.html

Organizations struggle with patching endpoints against critical vulnerabilities
https://www.helpnetsecurity.com/2020/03/26/patching-endpoints/

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
吸金30億元 國泰網路資安30日掛牌上市
https://money.udn.com/money/story/5607/4436324

開放銀行五大應用 吸睛
https://money.udn.com/money/story/9740/4431370

3券商看盤系統爆災情 投資人怨「下不了單」
https://tw.appledaily.com/property/20200323/LZDKKXLTS6YGL4OQJV3QFNQNU4/

逐筆交易首日 安全接軌
https://times.hinet.net/news/22836820

隨撮隨合!逐筆交易上路 券商傳當機狀況
https://www.ustv.com.tw/UstvMedia/news/103/20200323A099

武漢肺炎紓困 政府號召銀行公會組金融國家隊
https://www.cna.com.tw/news/aipl/202003240155.aspx

產險公會:國泰富邦南山明台已啟動異地辦公
https://www.cna.com.tw/news/afe/202003040320.aspx

Fintech company Finastra hit by ransomware
https://www.zdnet.com/article/fintech-company-finastra-hit-by-ransomware/

Russian payment systems will switch to using domestic cryptographic information security tools by 2031
https://www.ehackingnews.com/2020/03/russian-payment-systems-will-switch-to.html

Singapore consumers will move to digital non-banks for service innovation
https://www.zdnet.com/article/singapore-consumers-will-move-to-digital-non-banks-for-service-innovation/

Tupperware website hacked and infected with payment card skimmer
https://www.zdnet.com/article/tupperware-website-hacked-and-infected-with-payment-card-skimmer/

Criminals hack Tupperware website with credit card skimmer
https://blog.malwarebytes.com/hacking-2/2020/03/criminals-hack-tupperware-website-with-credit-card-skimmer/

3.電子支付/電子票證/行動支付/ pay/新聞及資安
悠遊付全面開放註冊!安卓手機「嗶一聲」可乘車
https://newtalk.tw/news/view/2020-03-23/379468

悠遊付
http://easywallet.easycard.com.tw/

悠遊付今上線 悠遊卡公司發豪語:2年內趕上一卡通
https://udn.com/news/story/7266/4436395

「悠遊付」開放註冊!QR Code 掃碼付款、Android 手機感應搭車,使用教學看這裡
https://technews.tw/2020/03/24/update-your-easy-wallet-app/

一加支付系統OnePlus Pay 來了
https://tech.sina.com.cn/digi/2020-03-24/doc-iimxxsth1391803.shtml

哈薩克斯坦將建立推廣實時支付系統
https://finance.sina.com.cn/roll/2020-03-19/doc-iimxyqwa1508558.shtml

悠遊卡加入電支戰局!悠遊付今開通 首波8銀行支援
https://ec.ltn.com.tw/article/breakingnews/3109489

擴大「OPEN錢包」支付場域,統一集團打造OPEN POINT熟客生態圈
https://www.foodnext.net/news/industry/paper/5357428199

e化繳納服務費 行動支付輕鬆pay
https://www.mof.gov.tw/singlehtml/384fb3077bb349ea973e7fc6f13b6974?cntId=2c264a73633b41e3bc10c168132a2274

無卡新體驗 嗶手機搭車購物更easy
https://news.cts.com.tw/cts/life/202003/202003241994680.html

4.虛擬貨幣/區塊鍊相關新聞及資安
已向臺北地方法院提交刑事自訴提告...三分鐘回顧幣寶整起被駭事件
https://bit.ly/3ae9EYJ

黑天鵝事件(二):如何應對區塊鏈與加密貨幣市場結構崩潰
https://www.blocktempo.com/march-12-the-day-crypto-market-structure-broke-part-2/

中國央行特製長圖宣導:不要被「虛擬貨幣交易平台」騙了。比特幣隨即跌破 6000 美元
https://www.blocktempo.com/china-cryptoexchanges-binance-laundering-fraud-bitcoin/

Cryptocurrency mining PC army joins coronavirus research project
https://www.zdnet.com/article/cryptocurrency-mining-pc-army-joins-coronavirus-research-project/

Baidu Employee Jailed for Using Baidu Servers to Mine Cryptocurrencies
https://cybersecuritynews.com/baidu-employee/

安邦非法控制計算機信息系統二審刑事裁定書
http://wenshu.court.gov.cn/website/wenshu/181107ANFZ0BXSK4/index.html?docId=94ffc9c9a4c4431a9240ab74000c2f13

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式

停班停課通知有「詭」 點網址恐中毒
https://news.cts.com.tw/cts/life/202003/202003201994393.html

勒索病毒疫起來賺黑心財!不僅讓手機變磚塊,還威脅公開社群私密影像
https://blog.trendmicro.com.tw/?p=63743

偽裝成武漢病毒相關應用的勒索應用《COVID19 Tracker》現身
https://www.kocpc.com.tw/archives/313382

美國與香港電信業者遭全新僵屍模組的暴力 RDP 連線攻擊
https://www.twcert.org.tw/tw/cp-104-3441-410f1-1.html

駭客利用疫情主題散布惡意程式,接獲不明郵件應保持警覺以免受駭
https://www.twcert.org.tw/tw/cp-104-3443-c911d-1.html

六個新冠病毒常用網路釣魚主旨
https://blog.trendmicro.com.tw/?p=63784#more-63784

小心!Corona防毒軟體其實是隻木馬
https://www.ithome.com.tw/news/136545

Thousands of COVID-19 scam and malware sites are being created on a daily basis
https://www.zdnet.com/article/thousands-of-covid-19-scam-and-malware-sites-are-being-created-on-a-daily-basis/

More than one billion Android devices at risk of malware threats
https://www.which.co.uk/news/2020/03/more-than-one-billion-android-devices-at-risk-of-malware-threats/

Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices
https://thehackernews.com/2020/03/zyxel-mukashi-mirai-iot-botnet.html

New Mirai Variant Targets Zyxel Network-Attached Storage Devices
https://unit42.paloaltonetworks.com/new-mirai-variant-mukashi/

DDoS botnets have abused three zero-days in LILIN video recorders for months
https://www.zdnet.com/article/ddos-botnets-have-abused-three-zero-days-in-lilin-video-recorders-for-months/

Fake Corona Antivirus Software Used to Install Backdoor Malware
https://www.bleepingcomputer.com/news/security/fake-corona-antivirus-software-used-to-install-backdoor-malware/

2020-03-26 - INFORMATION_03_26.DOC PUSHES ZLOADER
https://www.malware-traffic-analysis.net/2020/03/26/index.html

2020-03-25 - QUICK POST: TWO PCAPS WITH GULOADER & NETWIRE RAT INFECTION TRAFFIC
https://www.malware-traffic-analysis.net/2020/03/25/index.html

2020-03-23 - INFO_03_23.DOC PUSHES MALWARE (VALAK, MAYBE?)
https://www.malware-traffic-analysis.net/2020/03/23/index2.html

2020-03-23 - POLISH MALSPAM WITH XLS ATTACHMENT PUSHES URSNIF (GOZI/IFSB/DREAMBOT)
https://www.malware-traffic-analysis.net/2020/03/23/index.html

2020-03-20 - ICEDID FROM INFO_03_20.DOC
https://www.malware-traffic-analysis.net/2020/03/20/index.html

2020-03-19 - ENGLISH MALSPAM PUSHES URSNIF (GOZI/IFSB)
https://www.malware-traffic-analysis.net/2020/03/19/index.html

BEC Campaign Targets HR Departments: Report
https://www.bankinfosecurity.com/bec-campaign-targets-hr-departments-report-a-13997

The Curious Case of the Criminal Curriculum Vitae
https://blog.prevailion.com/

Cerberus trojan flies under the COVID-19 flag
https://blog.avira.com/cerberus-flies-under-covid-19-flag/

Ave Maria RAT – .xls, ADS, and EQNEDT32!
https://clickallthethings.wordpress.com/2020/03/23/avemaria-rat-xls-ads-and-eqnedt32/

New Mirai Variant Exploits NAS Device Vulnerability
https://www.bankinfosecurity.com/new-mirai-variant-exploits-nas-device-vulnerability-a-14004

Evasion Techniques Dissected: A Mirai Case Study
https://intezer.com/blog-evasion-techniques-dissected-mirai-case-study/

AZORult++: Rewriting history
https://securelist.com/azorult-analysis-history/89922/#comment-3026930

New attack on home routers sends users to spoofed sites that push malware
https://arstechnica.com/information-technology/2020/03/new-attack-on-home-routers-sends-users-to-spoofed-sites-that-push-malware/

新銀行木馬“Eventbot”,影響234個金融應用
https://bit.ly/33QOmhE

Watch Out: Android Apps in Google Play Store Capitalizing on Coronavirus Outbreak
https://thehackernews.com/2020/03/coronavirus-covid-apps-android.html

Android Apps and Malware Capitalize on Coronavirus
https://labs.bitdefender.com/2020/03/android-apps-and-malware-capitalize-on-coronavirus/

TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services
https://thehackernews.com/2020/03/trickbot-two-factor-mobile-malware.html

Apple iOS users served mobile malware in Poisoned News campaign
https://www.zdnet.com/article/apple-ios-users-served-mobile-malware-in-operation-poisoned-news-campaign/

Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/

iOS exploit chain deploys LightSpy feature-rich malware
https://securelist.com/ios-exploit-chain-deploys-lightspy-malware/96407/

Operation Poisoned News:Hong Kong Users Targeted with Mobile Malware via Local News Links IOC
https://documents.trendmicro.com/assets/Tech-Brief-Operation-Poisoned-News-Hong-Kong-Users-Targeted-with-Mobile-Malware-via-Local-News-Links.pdf

D-Link and Linksys routers hacked to point users to coronavirus-themed malware
https://www.zdnet.com/article/d-link-and-linksys-routers-hacked-to-point-users-to-coronavirus-themed-malware/#ftag=RSSbaffb68

Malware sfrutta pandemia per chiedere soldi
http://www.ansa.it/sito/notizie/tecnologia/hitech/2020/03/25/malware-sfrutta-pandemia-per-chiedere-soldi_969609e8-9a00-4dc6-bdba-ba8c41271744.html

B.行動安全 / iPhone / Android /穿戴裝置 /App
LINE近午一度當機! 官方:正在釐清狀況中 
https://tw.appledaily.com/gadget/20200323/23YAYIJZ4RXU5GUT4ZLCX2A2CY/

LINE大當機!官方回覆:異常用戶為中華網路
https://tw.appledaily.com/gadget/20200323/23YAYIJZ4RXU5GUT4ZLCX2A2CY/

LINE中華電信用戶傳大當機 官方回應了
https://bit.ly/2JkAwL3

手機SIM卡遭劫 他被駭走百萬元
https://bit.ly/2Uok7tZ

視訊會議軟體 Zoom 曾爆資安危機,會偷偷自動開啟 Mac 用戶鏡頭
https://buzzorange.com/techorange/2020/03/25/zoom-hijack-mac-cameras/

iOS 13曝「個人熱點」連線異常Bug!蘋果官方公佈應變解法
https://3c.ltn.com.tw/news/39876

LINE預告 將終止FB註冊新LINE帳號
https://tw.appledaily.com/gadget/20200326/XFTWWDQ47R6U3QKN5ZSTGAGKHU/

Google Play 56 款應用程式含 Tekya 惡意軟體被下架,但已累計百萬次下載
https://m.eprice.com.tw/smartos/talk/124/5497983/1/

First look: Trackpads on iPadOS 13.4
https://www.zdnet.com/article/first-look-trackpads-on-ipados-13-4

How to prevent your Zoom meetings bein
https://www.zdnet.com/article/how-to-prevent-your-zoom-meetings-being-zoom-bombed-gate-crashed-by-trolls/

How to Keep the Party Crashers from Crashing Your Zoom Event
https://blog.zoom.us/wordpress/2020/03/20/keep-the-party-crashers-from-crashing-your-zoom-event/

This iOS bug could seriously affect your work from home plans
https://www.zdnet.com/article/this-ios-bug-could-seriously-affect-your-work-from-home-plans/

The never ending disappointment of targeted WhatsApp OSINT
https://medium.com/@nocommonsense/the-never-ending-disappointment-of-targeted-whatsapp-osint-4960904ebe29

Dozens of Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme
https://thehackernews.com/2020/03/android-apps-ad-fraud.html

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
TWCERT/CC參與2020 APCERT Cyber Drill演練,展現跨境資安通報與協處能量
https://www.twcert.org.tw/tw/cp-104-3444-f7e09-1.html

空軍學生手機熱點傳資料竟重懲 告贏學校撤2大過免退學
https://udn.com/news/story/10930/4436685?from=udn-catelistnews_ch2

軍校生「開手機熱點連筆電」遭記過退學 法官一句話讓他保住學籍
https://www.ettoday.net/news/20200324/1674949.htm

防疫期間,在家工作應注意的資訊與網路風險
https://www.ithome.com.tw/news/136470

遠距辦公不隨便 資策會:小心駭客三大手法
https://money.udn.com/money/story/5612/4444517

疫情帶動遠距視訊軟體夯 資安防範有3大撇步
https://www.cna.com.tw/news/firstnews/202003260073.aspx

武漢肺炎防疫作戰》實行員工在家工作,公司該注意哪些事,才能超前部署
https://bit.ly/2QHYWSz

在家上班,工作效率竟比辦公室還高!專家破解:掌握這幾個重要環節,必能事半功倍
https://www.storm.mg/lifestyle/2439436

居家辦公人口增 資安專家提9點保護機密資料
https://newtalk.tw/news/view/2020-03-23/379700

台積電非產線員工約3萬人將「在家上班」
https://ec.ltn.com.tw/article/breakingnews/3110275

疫情帶動居家辦公 資安業者提醒9大安全技巧
https://bit.ly/2wubeqR

駭客趁新冠肺炎疫情作亂 400網安高手組聯盟對抗
https://udn.com/news/story/7086/4444915

一名駭客竊取並洩漏了 Xbox Series X 及數款 AMD 顯卡的顯示源碼
https://chinese.engadget.com/chinese-2020-03-26-hacker-steals-source-code-for-xbox-series-x-graphics.html

路透:駭客猛攻世界衛生組織
https://news.cnyes.com/news/id/4456638

頂尖駭客試圖入侵 WHO頻遭網路攻擊
https://money.udn.com/money/story/5602/4440933

小心!駭客假好心真攻擊 武漢肺炎地圖也有假
https://bit.ly/2JdyRqd

Kaggle 發布新冠病毒數據分析挑戰賽,邀請全球工程師破解病毒資訊
https://buzzorange.com/techorange/2020/03/25/coronavirus-data-analysis/

網路空間秩序的加密攻防 (上)
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=8791

失業救濟領起來!澳洲政府網站「塞爆癱瘓」...大批人改現場排隊
https://www.ettoday.net/news/20200324/1674933.htm

美國情報人員使用的部分開源情報(OSINT)工具展示
https://mp.weixin.qq.com/s/xXvjRNGLGtTcRJMFVKEuRA

俄羅斯黑產界"淘寶"運營人被美國抓捕,靠收租進賬千萬美元
https://mp.weixin.qq.com/s/YIwsKwnTOHUx9wZ7VwRBCg

FireEye:無視疫情散布,中國駭客攻擊散布在逾20個國家的Citrix與Zoho漏洞
https://www.ithome.com.tw/news/136573

Hackers Targeted World Health Organization
https://www.bankinfosecurity.com/hackers-targeted-world-health-organization-a-14003

New York asks domain registrars to crack down on sites used for coronavirus scams
https://www.zdnet.com/article/new-york-asks-domain-registrars-to-crack-down-on-sites-used-for-coronavirus-scams/

FCC opens up more spectrum to keep mobile phones working during coronavirus pandemic
https://www.zdnet.com/article/fcc-open-up-more-spectrum-to-keep-mobile-phones-working-during-coronavirus-pandemic/

Hacker selling data of 538 million Weibo users
https://www.zdnet.com/article/hacker-selling-data-of-538-million-weibo-users/

Coronavirus-themed attacks March 15 – March 21, 2020
https://securityaffairs.co/wordpress/100187/cyber-crime/coronavirus-themed-attacks-2.html

Putin’s Secret Intelligence Agency Hacked: Dangerous New ‘Cyber Weapons’ Now Exposed
https://www.forbes.com/sites/zakdoffman/2020/03/21/putins-secret-intelligence-agency-hacked-dangerous-new-cyber-weapons-target-your-devices/

Hackers breach FSB contractor and leak details about IoT hacking project
https://www.zdnet.com/article/hackers-breach-fsb-contractor-and-leak-details-about-iot-hacking-project/#ftag=RSSbaffb68

Hackers Breach The FSB Contractor and leaked a Document of IoT Cyber Weapons Development
https://cybersecuritynews.com/hackers-leaked-a-document-of-iot-cyber-weapons-development/

Boots Advantage card hackers may be behind Tesco Clubcard cyber attack
https://www.mirror.co.uk/news/uk-news/boots-advantage-card-hackers-behind-21648152

A Perfect Way to Start and Strengthen Your Cyber Security Career
https://gbhackers.com/a-perfect-way-to-start-and-strengthen-your-cyber-security-career/

The people of Australia are a DDoS machine that the government cannot handle
https://www.zdnet.com/article/the-people-of-australia-are-a-ddos-machine-that-the-government-cannot-handle/

ISPs to continue blocking graphic violent content in Australia
https://www.zdnet.com/article/isps-to-continue-blocking-graphic-violent-content-in-australia/

400,000 new people have joined [email protected]'s fight against COVID-19
https://www.engadget.com/2020/03/23/folding-at-home-adds-400000-in-coronavirus-fight/

Russia-linked APT28 has been scanning vulnerable email servers in the last year
https://securityaffairs.co/wordpress/100072/apt/apt28-vulnerable-email-servers.html

Europol eradicates criminal gangs flogging fake coronavirus medicine, surgical masks
https://www.zdnet.com/article/europol-takes-down-coronavirus-fake-medicine-surgical-mask-criminal-gangs/

RISE OF FAKE ‘CORONA CURES’ REVEALED IN GLOBAL COUNTERFEIT MEDICINE OPERATION
https://www.europol.europa.eu/newsroom/news/rise-of-fake-%E2%80%98corona-cures%E2%80%99-revealed-in-global-counterfeit-medicine-operation

White House pushes for more telework as first DoD contractor dies because of COVID-19
https://www.zdnet.com/article/white-house-pushes-for-more-telework-as-first-dod-contractor-dies-because-of-covid-19/#ftag=RSSbaffb68

COVID-19 has made network servers hard to find
https://www.zdnet.com/article/covid-19-has-made-network-servers-hard-to-find/

How to Provide Remote Incident Response During the Coronavirus Times
https://thehackernews.com/2020/03/remote-incident-response.html

Dark web hosting provider hacked again -- 7,600 sites down
https://www.zdnet.com/article/dark-web-hosting-provider-hacked-again-7600-sites-down/

Chinese Cyber Espionage Continues Despite COVID-19
https://www.bankinfosecurity.com/chinese-cyber-espionage-continues-despite-covid-19-a-14019

This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html

Newly Discovered APT Group Targets Middle East Firms: Report
https://www.bankinfosecurity.com/newly-discovered-apt-group-targets-middle-east-firms-report-a-14018

Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics
https://www.zdnet.com/article/booz-allen-analyzed-200-russian-hacking-operations-to-better-understand-their-tactics/#ftag=RSSbaffb68

THE LOGIC BEHIND RUSSIAN MILITARY CYBER OPERATIONS
https://www.boozallen.com/c/insight/publication/the-logic-behind-russian-military-cyber-operations.html

香港資訊網絡安全人才炙手可熱
https://bit.ly/3aeXor1

中華電信公司109年第9次從業人員(具工作經驗)遴選簡章 (資安)
https://www.cht.com.tw/home/cht/recruit-and-training/recruit/recruit-information

中華電信公司109年第10次從業人員(具工作經驗)遴選簡章(5 G)
https://www.cht.com.tw/home/cht/recruit-and-training/recruit/recruit-information

[徵才] 財團法人台灣網路資訊中心 徵軟體工程師
https://pttcareer.com/soft_job/M.1584952012.A.0E9.html

【資安所】網駭科技研析中心-5G資安研發工程師
https://www.104.com.tw/job/6v9cz

【資安所】聯網安全發展中心-工控資安工程師
https://www.104.com.tw/job/6vne5

【資安所】創新通訊安全中心-通訊軟體開發工程師
https://www.104.com.tw/job/6k4p5

【資安所】網駭科技研析中心-晶片IC資安研發工程師
https://www.104.com.tw/job/6v9dd

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
謊稱可追回損失「165在線反詐騙聯盟」連續詐騙民眾
https://www.chinatimes.com/realtimenews/20200323004931-260402?chdtv

165在線反詐騙聯盟可「追回被騙資金」?刑事局:新詐騙手法
https://m.ltn.com.tw/news/society/breakingnews/3109572

武漢肺炎疫情發酵,鎖定特定國家的目標式網路釣魚攻擊大舉進攻
https://www.ithome.com.tw/news/136520

【謠言】行政院宣布9縣市因冠狀病毒放假兩星期?惡作劇連結
https://bit.ly/2QAKbAP

智慧助理成隱私漏洞?小心「同音詞」誤觸…個資、病例全外洩
https://cnews.com.tw/137200323a04/

口罩網路訂購「電話詐騙」 民眾不要上當
https://bit.ly/2vGUBaW

口罩2.0遭詐騙老哏利用 警籲防疫別忘反詐騙
https://taronews.tw/2020/03/23/643271/

傳駭客以僅1千美金網上兜售5億筆微博用戶個資
https://www.ithome.com.tw/news/136487

公布境外假訊息特徵 刑事局:留意簡體字、中國用語
https://bit.ly/2UhoSGU

疫情延燒謠言滿天飛 2月假消息數量暴增203%
https://udn.com/news/story/7314/4442838?from=udn-ch1_breaknews-1-cate1-news

【2020/3/23 1:50】ばらまき型脅迫詐欺メールに関する注意喚起
https://www.cc.uec.ac.jp/blogs/news/2020/03/20200323scammail.html

NewsGuard drops its paywall to combat coronavirus misinformation
https://www.zdnet.com/article/newsguard-drops-its-paywall-to-combat-coronavirus-information/

Hackers leak data from medical company set to carry out COVID-19 vaccine trials
https://siliconangle.com/2020/03/22/data-leaked-medical-company-set-carry-covid-19-vaccine-trials/

Social Engineering's Role in Cyber Fraud - And What We Are Doing About It
https://www.bankinfosecurity.com/blogs/social-engineerings-role-in-cyber-fraud-what-we-are-doing-about-it-p-2887

E.研究報告
淺談內容欺騙漏洞
https://www.onebug.org/websafe/98492.html

相似樣本查找引擎研究
https://bit.ly/2Jax9pN

LILIN DVR 在野0-day 漏洞分析报告
https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day/

mysql資料庫漏洞利用及提權方式小結
https://xz.aliyun.com/t/7392

攻擊者利用通達OA漏洞釋放勒索病毒,用戶數據遭到加密
https://www.secpulse.com/archives/125954.html

Windows系統中的圖形設備接口漏洞
https://nosec.org/home/detail/4357.html

學校網課平台的XSS漏洞簡單分析
https://www.52pojie.cn/thread-1136478-1-1.html

xray 新功能使用體驗和Ghostcat 漏洞分析
https://zhuanlan.zhihu.com/p/114477783

漏洞分析學習之某ActiveX控件imageMan.dll棧溢出
https://xz.aliyun.com/t/7395

DLink RCE漏洞CVE-2019-17621分析
https://www.freebuf.com/vuls/228726.html

挖洞經驗| 密碼重置Token可預測性導致的賬號劫持漏洞
https://www.freebuf.com/vuls/227858.html

CSRF漏洞——原理及防禦
https://blog.csdn.net/cldimd/article/details/105007957

SSRF漏洞中使用到的其他協議
https://zhuanlan.zhihu.com/p/115222529

記一次電子表格文件轉換中的漏洞挖掘和利用
https://4hou.win/wordpress/?p=40786

AWS Client VPN with openSUSE leap 15.1 小記
https://sakananote2.blogspot.com/2020/03/aws-client-vpn-with-opensuse-leap-151.html

Mitigate Credential theft with Administrative Tier Model
https://windowssecurity.ca/2020/03/23/mitigate-credential-theft-with-administrative-tier-model/

VMware NSX-T Distributed Firewall can be bypassed by default
https://insinuator.net/2020/03/vmware-nsx-t-distributed-firewall-can-be-bypassed-by-default/

Android Security Resources.
https://github.com/alphaSeclab/android-security//

Blue Team Scripts
https://github.com/maldevel/blue-team

Resource: Exploit Development Tutorials and Guides
https://www.peerlyst.com/posts/resource-exploit-development-tutorials-and-guides-chiheb-chebbi

APT28 has been scanning vulnerable email servers for more than a year
https://www.zdnet.com/article/apt28-has-been-scanning-and-exploiting-vulnerable-email-servers-for-more-than-a-year/

Pawn Storm in 2019 A Year of Scanning and Credential Phishing on High-Profile Targets
https://documents.trendmicro.com/assets/white_papers/wp-pawn-storm-in-2019.pdf

Going Phishing in the African Banking Sector
https://cofense.com/going-phishing-african-banking-sector/

Threat Hunting Detecting Web Shells on Servers
https://thelinuxos.com/threat-hunting-detecting-web-shells-on-servers/

Red Teaming Series: Part 1 : Setting the environment, Running the C2 server on Docker and Bypassing latest security controls
https://br0h4ck3rs.blogspot.com/2020/03/red-teaming-series-part-1-setting_20.html

Penetration testing utility  invoker
https://github.com/ivan-sincek/invoker

Industry Perspectives Remote Work in an Age of COVID-19 — Threat Modeling the Risks
https://www.fireeye.com/blog/executive-perspective/2020/03/remote-work-in-an-age-of-covid-19-threat-modeling-the-risks.html

jeopardize
https://github.com/utkusen/jeopardize

Astra - Automated Security Testing For REST API's
https://www.kitploit.com/2020/03/astra-automated-security-testing-for.html

IT to Red Team: How to Make the Jump
https://www.peerlyst.com/posts/it-to-red-team-how-to-make-the-jump-matt-george

Peerlyst Community eBook: 32 Influential Malware Research Professionals
https://www.peerlyst.com/posts/peerlyst-community-ebook-32-influential-malware-research-professionals-peerlyst

XSHOCK Shellshock Exploit
https://github.com/capture0x/XSHOCK

[POC] Asynchronous reverse shell using the HTTP protocol
https://github.com/onSec-fr/Http-Asynchronous-Reverse-Shell

Authenticode certificates and checks from a KM driver
https://astralvx.com/index.php/2020/03/20/authenticode-certificates-and-checks-from-a-km-driver/

How Offensive Actors Use AppleScript For Attacking macOS
https://www.sentinelone.com/blog/how-offensive-actors-use-applescript-for-attacking-macos/

The car Hackers handbook [en]
https://drive.google.com/file/d/1vpC3OgRWZ4H-jVeAtY1VIGmuHpjXIYMn/edit

Pwn2Own首次遠端駭客競賽結果出爐,MacOS、Windows與Ubuntu三大作業系統全淪陷
https://www.ithome.com.tw/news/136494

PWN2OWN DAY TWO – RESULTS AND MASTER OF PWN
https://www.thezdi.com/blog/2020/3/20/pwn2own-day-two-results-and-master-of-pwn

OSINT: Using Spiderfoot for OSINT Data Gathering
https://www.hackers-arise.com/post/osint-using-spiderfoot-for-osint-data-gathering

Beef Framework tutorial in Kali Linux
https://hackonology.com/blogs/beef-framework-tutorial-in-kali-linux/

Difference Between IDS, IPS, Anti-virus
https://www.studynotesandtheory.com/single-post/Difference-Between-IDS-IPS-Anti-virus

Stories of a CISSP: IPS Locks Out Firewall
https://www.studynotesandtheory.com/single-post/Stories-of-a-CISSP-IPS-Locks-Out-Firewall

TLS-Tester
https://github.com/Tomahawkd/TLS-Tester

Top 10 Dangerous DNS Attacks Types and The Prevention Measures
https://cybersecuritynews.com/dns-attacks/

Winnti uses the rtf exploit 8.t too targeting Vietnam
https://medium.com/@Sebdraven/winnti-uses-the-rtf-exploit-8-t-too-targets-vietnam-13300d432272

Http-Asynchronous-Reverse-Shell
https://github.com/onSec-fr/Http-Asynchronous-Reverse-Shell

Remote Image Upload Leads to RCE (Inject Malicious Code to PHP-GD Image)
https://medium.com/@asdqwedev/remote-image-upload-leads-to-rce-inject-malicious-code-to-php-gd-image-90e1e8b2aada

VB2019 paper: Defeating APT10 compiler-level obfuscations
https://www.virusbulletin.com/blog/2020/03/vb2019-paper-defeating-apt10-compiler-level-obfuscations/

Catalina上で保全してきたUnifiedLogを解析する -Analyze the acquired UnifiedLog on Catalina-
https://padawan-4n6.hatenablog.com/entry/2020/03/15/052607

How to become a cyber forensics expert
https://www.peerlyst.com/posts/how-to-become-a-cyber-forensics-expert-abhinav-singh

Real-time file monitoring on Windows with osquery
https://blog.trailofbits.com/2020/03/16/real-time-file-monitoring-on-windows-with-osquery/

API secret key Leakage leads to disclosure of Employee’s Information
https://medium.com/@spade.com/api-secret-key-leakage-leads-to-disclosure-of-employees-information-5ca4ce17e1ce

Address Resolution Protocol ARP Spoofing- Detection And Prevention
https://hackersonlineclub.com/address-resolution-protocol-arp-spoofing/

Mustang Panda joins the COVID-19 bandwagon
https://malwareandstuff.com/mustang-panda-joins-the-covid19-bandwagon/

Maryam : Open-source Intelligence(OSINT) Framework
https://kalilinuxtutorials.com/maryam/

Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/

Apache Tomcat Vulnerability “Ghostcat” Attracting Threat Actor Attention
https://www.flashpoint-intel.com/blog/ghostcat/

XSS-LOADER - XSS Payload Generator / XSS Scanner / XSS Dork Finder
https://www.kitploit.com/2020/03/xss-loader-xss-payload-generator-xss.html

security_w1k1
https://github.com/euphrat1ca/security_w1k1

I want to learn about exploitation! Where do I start
https://research.checkpoint.com/2020/i-want-to-learn-about-exploitation-where-do-i-start/

Astra : Automated Security Testing For REST API’s
https://kalilinuxtutorials.com/astra/

F.商業
台灣大推智慧物聯無線電 助攻警政醫療系統
https://bit.ly/2Qxq5aC

修改晶片面世 Switch全系列破解
https://bit.ly/2Uo1Uwv

UPAS實踐端點安全管理願景 助企業強化內網安控能力
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=8766

Microsoft Shares Sneak Peek of Upcoming Windows 10 Features
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-sneak-peek-of-upcoming-windows-10-features/

Mozilla將從Firefox 77起逐步移除對FTP的支援
https://www.ithome.com.tw/news/136481

Firefox to burn FTP out of its browser, starting slowly in version 77 due in April
https://www.theregister.co.uk/2020/03/20/firefox_deprecates_ftp/

遠距辦公資安風險增 遠傳為企業備戰
https://market.ltn.com.tw/article/7945

金融業戰疫堅守營運不中斷,永豐銀行率先使用微軟Windows虛擬桌面,為國內首家導入之金融業者
https://www.bnext.com.tw/article/57035/microsoft-taiwan-windows

Juniper rolls out new Mist service for network, location analytics
https://www.zdnet.com/article/juniper-rolls-out-new-mist-service-for-network-location-analytics/#ftag=RSSbaffb68

Riding another wave of success for our multi-layered detection and response approach
https://blog.trendmicro.com/riding-another-wave-of-success-for-our-multi-layered-detection-and-response-approach/

G.政府
新冠肺炎雲林3例確診 異地分區辦公準備妥當
https://times.hinet.net/news/22833830

桃警異地辦公超前部署 確保警政工作運行順暢
https://udn.com/news/story/7320/4436432?from=udn-ch1_breaknews-1-cate2-news

臺東縣府資訊整備超前部署,力求縣政不停擺、教學不中斷
http://n.yam.com/Article/20200323860328

顧立雄今坐鎮機房 掌握新制狀況
https://money.udn.com/money/story/5607/4435511

資安服務機構能量登錄暨資通安全自主產品認定說明會
https://www.moeaidb.gov.tw/ctlr?PRO=indparknews.rwdIndparknewsView&id=19620

資通電軍新納情報機關 馬英漢明首赴立院業務報告
https://news.ltn.com.tw/news/politics/breakingnews/3110314

金管會要求營運不中斷 金融業啟動異地辦公
https://www.cardu.com.tw/news/detail.php?40174

方便遠距上班 Taipei Free 4月起免帳號密碼認證
https://udn.com/news/story/7323/4437872?from=udn-ch1_breaknews-1-cate3-news

部會積極防疫 原能會近期試辦異地辦公
https://money.udn.com/money/story/5612/4440129

台北市政府 4/1 起 Taipei Free 免帳號密碼登入
https://technews.tw/2020/03/25/taipei-free/

H.工控系統/SCADA/ICS
【宜特小學堂】晶片逆向去層:宜特用這招避免 Die 損壞,完整提出電路圖
http://technews.tw/2020/03/26/ist-how-delayer-die/

Monitoring ICS Cyber Operation Tools and Software Exploit Modules To Anticipate Future Threats
https://bit.ly/2JbFuJS

WildPressure targets industrial-related entities in the Middle East
https://securelist.com/wildpressure-targets-industrial-in-the-middle-east/96360/

Kaspersky finds new APT targeting the Middle East's industrial sector
https://www.zdnet.com/article/kaspersky-finds-new-apt-targeting-the-middle-easts-industrial-sector/

I.教育訓練
IPvS 學習手冊
https://www.hwchiu.com/ipvs-1.html

初識HTML和潛在漏洞(web安全入門篇)
https://zhuanlan.zhihu.com/p/115922546

SSRF服務器端請求偽造漏洞基礎
https://zhuanlan.zhihu.com/p/116039804

一次搞懂密碼學中的三兄弟 — Encode、Encrypt 跟 Hash
https://medium.com/starbugs/what-are-encoding-encrypt-and-hashing-4b03d40e7b0c

Import VirtualBox Images to GNS3
https://linuxsecurityblog.com/2019/11/01/import-virtualbox-images-to-gns3/

Shodan Command line A Step-by-Step walkthrough
https://hackingpassion.com/shodan-command-line-a-step-by-step-walkthrough/

Getting Started with Reverse Engineering using Ghidra
https://www.peerlyst.com/posts/getting-started-with-reverse-engineering-using-ghidra-chiheb-chebbi

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
車款Keyless免鑰匙系統漏洞,增加車輛遭竊風險
https://forum.u-car.com.tw/forum/thread/320067/?brand=&sortOrder=time&page=1

2020 年 Unit 42 物聯網威脅報告: 美國 83% 聯網醫療成像設備易受駭客攻擊
https://ek21.com/news/tech/185848/

6.近期資安活動及研討會
交通大學駭客書院 - 緩衝區溢位攻擊與預防 3/28
https://hackercollege.nctu.edu.tw/?p=1141

black ASIA 2020 Singapore 3/31 ~ 4/3
https://www.blackhat.com/asia-20/briefings/schedule/

Kaspersky® Security Analyst Summit  4/6 ~ 4/9
https://thesascon.com/

QGIS地理資訊研習班 4/8 ~ 4/9
https://www.accupass.com/event/2002120936323517290110

邊緣計算系統之大數據與深度學習應用 4/10
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3883&from_course_list_url=course_index

第二屆ICANN APAC-TWNIC Engagement Forum 與第34屆TWNIC IP政策資源管理會議 4/16
https://forum.twnic.tw/2020/registration.htm

交通大學駭客書院 -入侵行為發覺與應變指南 4/18
https://hackercollege.nctu.edu.tw/?p=1144

VXCON 2020 - APAC  4/18 ~ 4/19
https://www.vxcon.hk/

2020全方位資訊安全人才培育計畫 4/21 ~ 6/16
http://service.tabf.org.tw/tw/user/409646/

2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore  4/21 ~ 4/23
https://www.icscybersecurityconference.com/singapore/

Taipei 暗号通貨 (Cryptocurrency) Meetup 4/22
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcgbdc/

亞太資訊安全論壇暨展覽會 4/22
https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html

交通大學駭客書院 - 基礎網頁安全與滲透測試 4/25
https://hackercollege.nctu.edu.tw/?p=1147

2020 LINE Taiwan Developers Recruitment Day  4/25
https://engineering.linecorp.com/zh-hant/blog/2020-line-taiwan-technical-recruitment-day/

交通大學駭客書院 -     基礎網站安全建構實務 5/16
https://hackercollege.nctu.edu.tw/?p=1151

交通大學駭客書院 -     電子郵件之偽造攻擊與防護措施 5/23
https://hackercollege.nctu.edu.tw/?p=1156

Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/

交通大學駭客書院 -     進階網頁滲透測試 5/30
https://hackercollege.nctu.edu.tw/?p=1159

邊緣計算系統之大數據與深度學習應用 6/5
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index

交通大學駭客書院 -     高階網頁滲透測試 6/13 6/20
https://hackercollege.nctu.edu.tw/?p=1161

交通大學駭客書院 -     企業網域控管-Active Directory攻擊與防禦 6/27
https://hackercollege.nctu.edu.tw/?p=1164

CYBERSEC 2020 臺灣資安大會 8/12
https://cyber.ithome.com.tw/


留言

這個網誌中的熱門文章

資安事件新聞週報 2019/2/25 ~ 2019/3/1

資安事件新聞週報  2019/2/25  ~  2019/3/1

1.重大弱點漏洞

Avast:數位家庭最容易有漏洞的裝置是印表機、網路裝置及監視器
https://ithome.com.tw/news/128997

F5 BIG-IP Access Policy Manager 跨站腳本漏洞  CVE-2019-6595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6595

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT
https://www.exploit-db.com/exploits/46444

報告:前十大熱門Docker映像檔都有至少30個以上的漏洞
https://www.ithome.com.tw/news/129018

有攻擊者正利用Chrome的0day漏洞偷取他人信息
https://nosec.org/home/detail/2294.html

Chrome瀏覽器被曝存在漏洞攻擊者可通過PDF收集用戶信息
http://www.sohu.com/a/298175326_114774?sec=wd

Google Chrome zero-day used in the wild to collect user data via PDF files
https://www.zdnet.com/article/google-chrome-zero-day-used-in-the-wild-to-collect-user-data-via-pdf-files/#ftag=RSSbaffb68

Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers
https://bit.ly/2H4ZAWr

研究人員揭露大批Thunderclap安全漏洞,允許惡意周邊裝置竊取記憶體機密資訊
https://www.ithome.com.tw/news/129021

新發現的thunderclap 漏洞允許黑客使用Thunderbolt/USB-C 外設攻擊PC
http://hackernews.cc/archives/24…

資安新聞及事件週報 2018/12/3 ~ 2018/12/7

1.重大弱點漏洞

WebEx Meetings漏洞沒補好,思科再補一次
https://ithome.com.tw/news/127328

Cisco Prime License Manager 存在安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181128-plm-sql-inject

IBM QRadar SIEM 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1730

2019 PHP5網站技術支援到期,恐將成為資安孤兒
https://bit.ly/2Udfh1S

高階腳本語言Perl測出多種overflow觸發情境
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5059

CVE-2018-8550widows提權漏洞預警及復現
https://www.bilibili.com/video/av37405552/

Oracle WebLogic Server存在未明漏洞  CVE-2018-3249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3249

CyberArk 9.7 - Memory Disclosure
https://old.exploit-db.com/exploits/45926/?rss

Chrome 71出爐,加強封鎖不良廣告、修補43個安全漏洞
https://www.ithome.com.tw/news/127492

儘速更新Zoom!避免駭客亂入視訊會議
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5061

libsixel 緩衝區錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19762

容器技術 Kubernetes 被回報首度重大漏洞,使用者要盡快升級修補
https://technew…

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/