###### tags: `資安事件新聞週報` # 資安事件新聞週報 2020/3/16 ~ 2020/3/20 1.重大弱點漏洞/後門/Exploit/Zero Day 協作通訊平台 Slack 被發現重大漏洞，可能導致大量帳號遭盜 https://www.twcert.org.tw/tw/cp-104-3439-869ef-1.html Joomla! 多個漏洞 https://www.auscert.org.au/bulletins/ESB-2020.0900/ 多家路由器潛藏Kr00k漏洞 https://www.ptt.cc/bbs/PC_Shopping/M.1584079855.A.12C.html Fortinet FortiClient安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9287 McAfee Web Gateway漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3635 VMware 發布多個產品安全更新 https://www.vmware.com/security/advisories/VMSA-2020-0004.html VMware修復了Workstation和Fusion中的嚴重漏洞 https://nosec.org/home/detail/4325.html Oracle Fusion Middleware Reports Developer漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2534 Aruba Networks ClearPass Policy Manager存在未明漏洞 https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-010.txt WordPress外掛Popup Builder含有可被接管的安全漏洞，影響逾10萬網站 https://www.ithome.com.tw/news/136375 WordPress to add auto-update feature for themes and plugins https://www.zdnet.com/article/wordpress-to-add-auto-update-feature-for-themes-and-plugins/#ftag=RSSbaffb68 微軟緊急修補SMB蠕蟲漏洞 https://www.ithome.com.tw/news/136330 Windows 被發現全新漏洞，利用此漏洞的惡意程式感染率高，請立即進行更新 https://www.twcert.org.tw/tw/cp-104-3429-85df7-1.html Critical Patch Released for 'Wormable' SMBv3 Vulnerability — Install It ASAP https://thehackernews.com/2020/03/patch-wormable-smb-vulnerability.html Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed https://thehackernews.com/2020/03/smbv3-wormable-vulnerability.html Microsoft Exchange伺服器存有資安漏洞，建議立即更新至最新版本 https://www.twcert.org.tw/tw/cp-104-3430-72cee-1.html 自家遠端桌面連線工具RDCMan爆資訊外洩漏洞，微軟直接宣布除役 https://www.ithome.com.tw/news/136345 微軟Windows 10 版本1909 Build 18363.720 推送，修復SMBv3 協議漏洞 https://tech.sina.com.cn/digi/2020-03-13/doc-iimxyqwa0044350.shtml OpenSMTPD Vulnerability (CVE-2020-8794) Can Lead to Root Privilege Escalation and Remote Code Execution https://newsroom.trendmicro.com/blog/security-intelligence/opensmtpd-vulnerability-cve-2020-8794-can-lead-root-privilege-escalatio-1 中華資安國際Red Team團隊發現國內知名保全門禁與差勤系統具有多項弱點 https://www.chtsecurity.com/news/b5545791-9f16-4e55-8d19-c97d9c2a2cd6 IBM MQ和IBM MQ Appliance漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4719 ArmorX LisoMail電子郵件協同作業 - SQL Injection https://www.twcert.org.tw/tw/cp-132-3437-17241-1.html Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion https://thehackernews.com/2020/03/adobe-software-update.html 【AMD 笑了】Intel CPU 發現「LVI」新漏洞 Xeon 都變 Atom ?? 修復後性能大跌 77% https://www.hkepc.com/19146 MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation https://www.exploit-db.com/exploits/48079 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 金融外商員工確診武漢肺炎 金融圈高度警戒 https://news.pts.org.tw/article/470629 菲律賓開第一槍　憂新冠肺炎致金融動盪全面關閉金融交易 http://www.bcc.com.tw/newsView.4065755 信用卡Google Pay啟用異常 https://www.ptt.cc/bbs/creditcard/M.1584449182.A.31E.html 國泰產險官網 全新升級改版 https://money.udn.com/money/story/5636/4425546 快速揪出詐欺業務員！新光人壽正式啟動關聯網路分析AI，數十件個案調查中 https://www.ithome.com.tw/news/136434? 金管會同意保險業運用區塊鏈技術申請試辦「保全/理賠聯盟鏈」服務 https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath 中國銀行(香港) 提醒客戶及公眾人士，慎防偽冒由中銀香港發出的虛假電子郵件 https://www.bochk.com/dam/bochk/desktop/top/aboutus/pressrelease2/2020/20200318_01_Press_Release_TC.pdf Possible Spoofing of the BNL Bank in Italy https://spamcion.com/2020/03/14/bnl/ In Kiev, a hacker group who used the vulnerability of banks to steal their clients' money was caught https://www.ehackingnews.com/2020/03/in-kiev-hacker-group-who-used.html For Sale: Card Data From Online Stores Using Volusion https://www.bankinfosecurity.com/for-sale-card-data-from-online-stores-using-volusion-a-13937 Breached Volusion Card Data Surfaces in Dark Web https://geminiadvisory.io/breached-volusion-card-data-surfaces-in-dark-web/ Regulators, banks plan for contingencies as customers rush for cash amid COVID-19 https://www.atmmarketplace.com/news/regulators-banks-plan-for-contingencies-as-customers-rush-for-cash-amid-covid-19/ Financial companies leak 425GB in company, client data through open database https://www.zdnet.com/article/financial-apps-leak-425gb-in-company-data-through-open-database/ Report: Two Corporate Finance Companies Leak Half a Million Legal and Financial Documents Online https://www.vpnmentor.com/blog/report-mca-wizard-leak/ How financial services firms are handling data privacy https://www.helpnetsecurity.com/2020/03/18/financial-services-data-privacy/ TrueFire Guitar Tutoring Website Suffers Magecart-style Credit Card Breach https://thehackernews.com/2020/03/truefire-guitar-tutoring-data-breach.html Skimming code battle on NutriBullet website may have risked customer credit card data https://www.zdnet.com/article/skimming-code-lurking-on-nutribullet-website-puts-customer-credit-card-data-at-risk/ Unsecured Database Exposes Financial Records: Report https://www.bankinfosecurity.com/unsecured-database-exposes-financial-records-report-a-13969 Magecart Group 8 Blends into NutriBullet.com Adding To Their Growing List of Victims https://www.riskiq.com/blog/labs/magecart-nutribullet/ 3.電子支付/電子票證/行動支付/ pay/新聞及資安 中國行乞用支付寶、瑞典ATM難尋！無現金交易漸成世界主流 https://www.ftvnews.com.tw/news/detail/2020314W0053 Samsung Pay悠遊卡搶攻行動支付 首波6家信用卡支援加值 https://news.cnyes.com/news/id/4453675 KIA「超質感」Sorento南韓上市　內建行動支付讓你加油免掏信用卡 https://speed.ettoday.net/news/1670724?redirect=1 速食業打電子支付戰 麥當勞結合LINE Pay https://www.cna.com.tw/news/ahel/202003190340.aspx 毋須八達通！龍運巴士試用新電子支付　Apple Pay、Alipay都得 https://bit.ly/2Wwz6og 電子支付使用人數首破700萬　一卡通、街口最多人用市占逾5成 https://www.ettoday.net/news/20200306/1661154.htm 三月底手機確定就可當悠遊卡…但唯一遺憾卻是iPhone還不支援搭交通工具 https://cnews.com.tw/134200304a05/ 金管會擴大電支機構合作帳戶 民眾可省15元手續費 https://news.cnyes.com/news/id/4444887 4.虛擬貨幣/區塊鍊相關新聞及資安 大戶遭駭損失13.5億 「防盜金鑰」紅透虛擬幣圈 http://bit.ly/2QifaBF 高嘉瑜質疑數位貨幣政策「曖昧不清」　楊金龍：央行還在「觀察」階段 https://www.storm.mg/article/2393930 日本警視廳拘捕了兩位與 Coincheck「 ＄5.3 億美元黑客攻擊事件」有關的男子 http://bit.ly/2TRbvwQ The issue and circulation of cryptocurrencies will be banned in Russia https://www.ehackingnews.com/2020/03/the-issue-and-circulation-of.html?utm_source=dlvr.it&utm_medium=twitter 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 “My love（我的愛）” 勒索病毒寄給你的情書 https://blog.trendmicro.com.tw/?p=63675 趨勢科技 2019 年攔截了近 1,300 萬次高風險的電子郵件威脅 https://blog.trendmicro.com.tw/?p=63691 FireEye：76%的勒索軟體攻擊發生在非上班時間 https://www.ithome.com.tw/news/136435 電腦病毒也叫corona　偽裝成防疫郵件點進去秒騙錢 https://www.setn.com/News.aspx?NewsID=706299 新冠電腦病毒也猖狂　假網站賣口罩騙個資 https://www.cardu.com.tw/news/detail.php?40242 New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts https://thehackernews.com/2020/03/android-cookies-malware-hacking.html 小心！約翰霍普金斯大學新冠病毒疫情地圖淪為駭客散播 AZORult 病毒新途徑 http://bit.ly/39PXtRG 有駭客以假的武漢肺炎疫情儀表板供下載，藉機散布惡意程式以竊取敏感資訊 https://ithome.com.tw/news/136339 勒索病毒現身大賺「疫情財」！不讓手機解鎖還會公開私密照 https://3c.ltn.com.tw/news/39816 Beware of 'Coronavirus Maps' – It's a malware infecting PCs to steal passwords https://thehackernews.com/2020/03/coronavirus-maps-covid-19.html Necurs未日！最大殭屍網絡瓦解 http://bit.ly/2QhHXWX 安全憑證「不安全」？駭客用來掩飾惡意程式 遇到新版本瀏覽器要小心 https://news.sina.com.tw/article/20200315/34531384.html 駭客大賺災難財！追蹤疫情APP內竟含勒索病毒 http://m.match.net.tw/pc/news/technology/20200317/5238639 2 月頭號惡意軟件Mirai 殭屍網絡，傳播的漏洞利用率大幅增加 http://www.ccidnet.com/2020/0318/10517022.shtml COVID-19時代惡意軟件躥行，該國COVID-19測試中心慘遭攻擊 https://www.freebuf.com/news/230479.html 盜亦有道，勒索軟體於武漢肺炎期間暫停攻擊醫療機構 https://www.ithome.com.tw/news/136444 資安業者免費服務受到勒索軟體攻擊的醫療院所 https://www.ithome.com.tw/news/136459 謹防新型跟踪惡意軟件：Monitor Minor https://www.freebuf.com/news/230619.html MacOS惡意軟件Shlayer分析 https://www.freebuf.com/articles/network/227482.html Security News This Week: Elite Hackers Are Using Coronavirus Emails to Set Traps https://www.wired.com/story/coronavirus-phishing-ad-fraud-clearview-security-news/ Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan https://newsroom.trendmicro.com/blog/security-intelligence/operation-overtrap-targets-japanese-online-banking-users-bottle-exploit-2 Czech hospital hit by cyberattack while in the midst of a COVID-19 outbreak https://www.zdnet.com/article/czech-hospital-hit-by-cyber-attack-while-in-the-midst-of-a-covid-19-outbreak/ Coronavirus-Themed APT Attack Spreads Malware https://threatpost.com/coronavirus-apt-attack-malware/153697/ Vicious Panda: The COVID Campaign https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign/ New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts https://thehackernews.com/2020/03/android-cookies-malware-hacking.html APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/ MonitorMinor: vicious stalkerware https://securelist.com/monitorminor-vicious-stalkerware/95575/ New PXJ Ransomware Delete’s Backup Copies and Disable’s User Ability to Recover any Files https://gbhackers.com/new-pxj-ransomware/ Fake WiseCleaner website spreading CoronaVirus ransomware https://www.hackread.com/fake-wisecleaner-website-coronavirus-ransomware/ Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait https://thehackernews.com/2020/03/covid-19-coronavirus-hacker-malware.html TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks https://thehackernews.com/2020/03/trickbot-malware-rdp-bruteforce.html Thousands of COVID-19 scam and malware sites are being created on a daily basis https://www.zdnet.com/article/thousands-of-covid-19-scam-and-malware-sites-are-being-created-on-a-daily-basis/ New TrickBot Variant Targets Telecoms in US, Asia: Report https://www.bankinfosecurity.com/new-trickbot-variant-targets-telecoms-in-us-asia-report-a-13973 Fighting Coronavirus-Themed Ransomware and Malware https://www.bankinfosecurity.com/fighting-coronavirus-themed-ransomware-malware-a-13966 Cybercriminals impersonate World Health Organization to distribute fake coronavirus e-book https://bit.ly/3a7q8lh COVID-19-Themed Malware Goes Mobile https://www.bankinfosecurity.com/covid-19-themed-malware-goes-mobile-a-13981 2020-03-16 - QUICK POST: MALSPAM KNOWN FOR URSNIF SWITCHES TO ICEDID https://www.malware-traffic-analysis.net/2020/03/16/index2.html B.行動安全 / iPhone / Android /穿戴裝置 /App iOS 13再曝資安漏洞！逾50多款應用程式會暗中偷看 iPhone 剪貼版內容 https://3c.ltn.com.tw/news/39812 蘋果iOS有漏洞！恐導致帳戶密碼或信用卡號外洩 https://newtalk.tw/news/view/2020-03-17/376503 「抖音」等50多款熱門APP 遭爆利用iPhone資安漏洞偷看「複製貼上」內容 https://udn.com/news/story/7098/4420272 你的手機竊聽準確率可達90%，這個安全漏洞如何堵 http://bit.ly/2TQGQ2S 安卓用戶小心！駭客利用疫情肆虐恐慌 散佈勒索軟體 https://udn.com/news/story/11017/4420194?from=udn-catebreaknews_ch2 FBI warns of human traffickers luring victims on dating apps https://www.welivesecurity.com/2020/03/17/fbi-warns-human-traffickers-luring-victims-dating-apps/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 知名科技 YouTuber 展示在 Nintendo Switch 運行 Android 有多讚，堪稱遊戲迷最佳行動裝置 https://www.kocpc.com.tw/archives/311802 從移花接木的 Deepfake 影音,看機器學習與網路攻擊 https://blog.trendmicro.com.tw/?p=63517 【專家剖析】效法台積電分組辦公模式，作業分流應注意的資訊與網路風險 https://www.ithome.com.tw/news/136456 武漢肺炎帶動遠距工作 駭客入侵機會也來了 https://www.cna.com.tw/news/aopl/202003190452.aspx Hahow好學校試行「全公司遠端上班」政策！個人到團體遵守這6大準則就對了 https://meet.bnext.com.tw/articles/view/46221 中國最小駭客，8歲開始寫代碼，13歲向360公司報告漏洞 https://ek21.com/news/tech/185127/ 打機捍衛真相？無國界記者用Minecraft建虛擬圖書館 瀏覽被審查封鎖的新聞 http://bit.ly/39UpNCv 疫情當前，企業部署異地工作，員工需強化遠端溝通能力 http://bit.ly/2IPgOGI 疫情升溫遠距工作夯 專家：小心駭客趁機入侵 https://ec.ltn.com.tw/article/breakingnews/3103192 落實「遠距工作」防護SOP 資安監控零死角 http://bit.ly/39UA9Cy 建立敏捷式異地安全辦公環境 闢建「資安戰備跑道」 部署臨時遠端辦公室利器 https://ithome.com.tw/pr/136430 各機關警告駭客利用新冠疫情牟利 http://bit.ly/2Qn5eH2 駭客攻擊美衛生部網站 阻止澄清「全國隔離」假消息 https://news.ltn.com.tw/news/world/breakingnews/3102223 美國衛服部遭到分散式服務阻斷攻擊 https://www.ithome.com.tw/news/136407 駭客攻擊美衛生部 試圖延遲美國應對疫情 http://bit.ly/2IXKwcW 捷克武漢肺炎篩檢中心遭駭客攻擊 https://www.ithome.com.tw/news/136372 CIA遭爆密碼用123ABCdef！使用易破解組合 情報機構卻疏於防護 https://cnews.com.tw/137200314a01/ 美國正式禁止電信業者使用補助資金採購華為、中興網通設備 https://www.cool3c.com/article/152434 川普再出招，鄉村電信商汰換華為設備 http://bit.ly/2U6lTzL 美國指控中國公民為朝鮮洗錢 http://bitfunance.com/article/983 新黨共諜案鑑識報告漏洞百出？王炳忠竊笑！證據能力恐遭挑戰 https://www.ettoday.net/news/20200318/1670149.htm 中國大陸學者：網路軟入侵 如誅心戰 https://turnnewsapp.com/global/politics/172048.html 美官員：中共真有全球統治計劃 間諜戰術威脅不斷 http://bit.ly/2w7kZLp 美國總統川普公開譴責中共抹黑美軍 http://bit.ly/2x3c1Pr DHS警告：Microsoft Exchange服務器漏洞正被APT黑客利用 https://www.4hou.com/posts/qMg0 外媒：中國設新警種 全力解決「提出問題的人」 https://news.ltn.com.tw/news/world/breakingnews/3103489 中國賦予網警更大權力，壓制有關疫情應對的憤怒和批評 https://cn.nytimes.com/china/20200317/china-coronavirus-internet-police/zh-hant/ 中國大陸信安標委發布《網絡安全標準實踐指南—遠程辦公安全防護》，重點防護設備、數據、環境等方面 https://www.freebuf.com/news/230540.html 中國網信辦官員發文質疑微博違法 被禁言30天 https://www.cna.com.tw/news/firstnews/202003200070.aspx 9 Cybersecurity Takeaways as COVID-19 Outbreak Grows https://www.bankinfosecurity.com/9-cybersecurity-takeaways-as-covid-19-outbreak-grows-a-13968 COVID-19: With everyone working from home, VPN security has now become paramount https://www.zdnet.com/article/covid-19-with-everyone-working-from-home-vpn-security-has-now-become-paramount/#ftag=RSSbaffb68 Suspicious cyberactivity targeting HHS tied to coronavirus response, sources say https://news.yahoo.com/cyberattack-hhs-meant-slow-coronavirus-response-sources-134400639--abc-news-topstories.html COVID‑19 and the forced workplace exodus https://www.welivesecurity.com/2020/03/16/covid19-forced-workplace-exodus/ European power grid organization hit by cyberattack https://www.welivesecurity.com/2020/03/12/european-power-grid-organization-entsoe-cyberattack/ Hackers find new target as Americans work from home during outbreak https://thehill.com/policy/cybersecurity/487542-hackers-find-new-target-as-americans-work-from-home-during-outbreak Researchers Uncover a Nigerian Hacker's Pursuit of his Million Dollar Dream https://thehackernews.com/2020/03/nigerian-hacker-million-dollars.html The Inside Scoop on a Six-Figure Nigerian Fraud Campaign https://research.checkpoint.com/2020/the-inside-scoop-on-a-six-figure-nigerian-fraud-campaign/ Work from home: How to set up a VPN https://www.welivesecurity.com/2020/03/18/work-home-how-set-up-vpn/ How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats https://thehackernews.com/2020/03/coronavirus-cybersecurity-ciso.html DHS Warns APT Attackers Exploiting Microsoft Exchange Server Flaw https://healthitsecurity.com/news/dhs-warns-apt-attackers-exploiting-microsoft-exchange-server-flaw [台北] 台大資安中心計畫專任助理 https://pttcareer.com/job/M.1584087666.A.2D7.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 網路釣魚在去年高風險電子郵件中 占比達89％ https://udn.com/news/story/7240/4409545 新冠肺炎假訊息流竄 屏警接獲6起報案 https://www.chinatimes.com/realtimenews/20200313004192-260402?chdtv iPhone 收到「Apple ID 被鎖」信息？三招分辨出是否釣魚郵件 http://bit.ly/2WejTs0 軟體更新邀請竟是釣魚郵件？小心駭客這樣偷走你個資 https://cnews.com.tw/37200315a02/ 超譯印尼文散布假疫情 刑事局查辦新住民首案 https://www.epochtimes.com/b5/20/3/13/n11938118.htm 歐洲刑警組織破獲兩個SIM卡偷換詐騙集團 https://www.ithome.com.tw/news/136373 軟體更新邀請竟是釣魚郵件？小心駭客這樣偷走你個資 http://bit.ly/3db3oTJ 搭火車滑手機,會導致個資外洩 https://blog.trendmicro.com.tw/?p=63658 八百萬筆歐洲區 Amazon 和 eBay 等大型電商顧客交易資料遭曝光 https://www.twcert.org.tw/tw/cp-104-3433-be3ff-1.html 迪士尼音樂原來有隱藏功能？　網民利用網絡漏洞防止性愛影片流出 http://bit.ly/2TZy2aY 網路釣魚利用武漢肺炎 小心「在家工作」郵件真偽 https://www.rti.org.tw/news/view/id/2055986 玻璃心！買不到台灣口罩 中國網軍崩潰狂發假訊息 https://news.ltn.com.tw/news/society/breakingnews/3104358 Outlook疑似被駭，一直無法寄信和收信 https://answers.microsoft.com/zh-hant/outlook_com/forum/all/outlook%E7%96%91%E4%BC%BC%E8%A2%AB%E9%A7%AD/11acc433-f7b2-4c14-aaa6-06c8ceb5f31c 境外黑產團伙也復工，針對國內相關單位發起釣魚攻擊 https://www.freebuf.com/articles/system/229983.html Beware scams exploiting coronavirus fears https://www.welivesecurity.com/2020/03/13/beware-scams-exploiting-coronavirus-fears/ Europol Arrests 26 SIM Swapping Fraudsters For Stealing Over $3 Million https://thehackernews.com/2020/03/sim-swapping-fraud-hacking.html Europol takes down SIM-swap hacking rings responsible for theft of millions of euros https://www.zdnet.com/article/europol-tackles-massive-sim-swap-hacking-rings/#ftag=RSSbaffb68 How to Stay Safe as Online Coronavirus Scams Spread https://blog.trendmicro.com/how-to-stay-safe-as-online-coronavirus-scams-spread/ Coronavirus Phishing Scams Exploit Misinformation https://hotforsecurity.bitdefender.com/blog/coronavirus-phishing-scams-exploit-misinformation-22599.html 【2020/3/20 11:20】Amazonを騙る詐欺メールに関する注意喚起 https://www.cc.uec.ac.jp/blogs/news/2020/03/20200320amazonphishing.html Going Phishing in the African Banking Sector https://cofense.com/going-phishing-african-banking-sector/ E.研究報告 針對東南亞博弈公司的網路間諜活動 https://blog.trendmicro.com.tw/?p=63532 WordPress站點惡意JS注入漏洞分析 https://www.4hou.com/index.php/posts/0Xk3 網絡版“黑吃黑”？神秘黑客組織每天分發受感染的黑客工具 https://www.freebuf.com/news/230004.html Roaming Mantis惡意活動分析報告 https://www.freebuf.com/articles/network/228769.html 利用Jira的郵件服務器連通測試功能發現其CSRF漏洞 https://www.freebuf.com/vuls/227971.html 每日獲取變更的CVE漏洞 https://www.freebuf.com/articles/es/228571.html RobbinHood勒索軟件另闢渠道，通過驅動漏洞幹翻殺毒軟件 https://www.freebuf.com/articles/system/228338.html 挖洞經驗| 不被PayPal待見的6個安全漏洞 https://www.freebuf.com/vuls/228755.html v8利用入門-從越界訪問到rce https://paper.seebug.org/1145/ 這是一篇“不一樣”的真實滲透測試案例分析文章 https://paper.seebug.org/1144/ 淺談DDoS攻防對抗中的AI實踐 https://security.tencent.com/index.php/blog/msg/144 Cobalt Strike 4.0 手冊——獻給滲透測試人員的先進威脅戰術 https://paper.seebug.org/1143/ Apache Tomcat 遠程文件包含漏洞深入分析 https://paper.seebug.org/1142/ 全球高級持續性威脅（APT） 2019年上半年研究報告 https://paper.seebug.org/1140/ Netgear R6400 upnp棧重疊冗餘分析 https://www.freebuf.com/vuls/228293.html 乾貨！CVE-2020-0796漏洞技術分析 https://s.tencent.com/research/bsafe/912.html 從網絡側分析蟻劍交互流量 https://www.freebuf.com/articles/network/229193.html jackson-databind-2653: JNDI注入導致遠程代碼執行漏洞通告 https://cert.360.cn/warning/detail?id=784f7badbb98574e17a1786d12c78675 CVE-2020-0796漏洞DoS測試腳本公開 https://nosec.org/home/detail/4331.html 黑客可利用Slack漏洞控制用戶賬戶 https://www.freebuf.com/column/230522.html VMware Workstation和Fusion存在安全漏洞，攻擊者可在主機上執行任意代碼 https://www.freebuf.com/column/230523.html Netgear R6400 upnp漏洞分析 https://www.freebuf.com/vuls/228293.html JudasDNS：域名服务器DNS投毒测试工具 https://www.freebuf.com/articles/network/227984.html 挖礦應急響應小結 https://mp.weixin.qq.com/s/Lhf_aE2gLclVt_28bCjEkQ 慘遭刪庫，這筆賬應該怎麼算 https://www.freebuf.com/articles/database/230698.html 騰訊安全威脅情報中心“明爐亮灶”工程：​自動化惡意域名檢測揭秘 https://mp.weixin.qq.com/s/QV8ErKHow3b-AMp6HMzKQg 威脅狩獵101文檔 https://mp.weixin.qq.com/s/8F_X46NGte2LQ4DS-0k-rg 奇安信CERT 2月安全監測報告：高危漏洞數量持續上升 https://www.secrss.com/articles/17919 SMBGhost漏洞技術分析與防禦方案 https://zhuanlan.zhihu.com/p/114010748 Check Point防火牆的提權漏洞 https://nosec.org/home/detail/4347.html ExchangeServer漏洞CVE-2020-0688復現 https://www.freebuf.com/vuls/228681.html 記錄並淺析一次服務器被黑事件 https://www.freebuf.com/articles/web/229518.html 隱私一覽無餘！微博洩露事件臥底調查報告 https://www.freebuf.com/news/230960.html 紅隊基本操作：通用Shellcode加載器 https://www.freebuf.com/articles/network/228795.html APT攻防之紅隊入侵：DLL劫持與白利用 https://www.freebuf.com/articles/system/227824.html 內網滲透之域關係探測神器：Bloodhound https://www.freebuf.com/sectool/228329.html 從OilRig APT攻擊分析惡意DNS流量阻斷在企業安全建設中的必要性 https://www.freebuf.com/articles/others-articles/228700.html 基於USB的攻擊向量總結 https://www.freebuf.com/articles/terminal/229042.html Getting Started in Android apps Pen-testing (PART-1) https://blog.securitybreached.org/2020/03/17/getting-started-in-android-apps-pentesting/ A Fundamental Tool in the Toolkit: Evasive Shellcode Launchers – Part 1 https://www.nagarrosecurity.com/blog/evasive-shellcode-launchers Windows 10 Mail App Forensics https://medium.com/@melanijan93/windows-10-mail-app-forensics-39025f5418d2 Maryam : Open-source Intelligence(OSINT) Framework https://github.com/saeeddhqan/Maryam AFLNet: A Greybox Fuzzer for Network Protocols https://github.com/aflnet/aflnet/blob/master/README.md Table of Contents https://github.com/renzu0/nw-tips Reverse Engineering for Beginners https://www.begin.re/ Tracking Turla: New backdoor delivered via Armenian watering holes https://www.welivesecurity.com/2020/03/12/tracking-turla-new-backdoor-armenian-watering-holes/ VB2019 paper: Defeating APT10 compiler-level obfuscations https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-defeating-apt10-compiler-level-obfuscations/ Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-attribution-object-using-rtf-object-dimensions-track-apt-phishing-weaponizers/ Kimsuky group: tracking the king of the spear phishing https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-kimsuky-group-tracking-king-spearphishing/ Binary Ninja Deep Thoughts https://binary.ninja/2020/03/11/signature-libraries.html 普段の調査で利用するOSINTまとめ https://qiita.com/00001B1A/items/4d8ceb53993d3217307e 安全技能樹簡版 https://evilcos.me/security_skill_tree_basic/ Crafty Web Skimming Domain Spoofs “https” https://krebsonsecurity.com/2020/03/crafty-web-skimming-domain-spoofs-https/ Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldn't https://www.zdnet.com/article/tor-team-warns-of-tor-browser-bug-that-runs-javascript-on-sites-it-shouldnt/#ftag=RSSbaffb68 Avast Antivirus JavaScript Interpreter https://github.com/taviso/avscript Firmware Analysis for IoT Devices https://www.peerlyst.com/posts/firmware-analysis-for-iot-devices-aditya-gupta Shadows in the Rain https://medium.com/insomniacs/shadows-in-the-rain-a16efaf21aae Proton Framework https://github.com/entynetproject/proton Loki - Simple IOC and Incident Response Scanner https://github.com/Neo23x0/Loki Using OSINT Techniques to Land that Dream Job https://www.peerlyst.com/posts/using-osint-techniques-to-land-that-dream-job-raf-borges Crafty Web Skimming Domain Spoofs “https” https://krebsonsecurity.com/2020/03/crafty-web-skimming-domain-spoofs-https/ UPGRADE YOUR WORKFLOW, PART 1: BUILDING OSINT CHECKLISTS https://www.trustedsec.com/blog/upgrade-your-workflow-part-1-building-osint-checklists/ Open Cyber Threat Intelligence Platform https://github.com/OpenCTI-Platform/opencti PowerShell for Hackers (W41) by Atul Tiwari for Hakin9 (Review) https://thesecuritynoob.com/course/powershell-for-hackers-w41-by-atul-tiwari-for-hakin9-review/ Hunting APTs with YARA https://securelist.com/hunting-apts-with-yara/96386/?utm_source=rss&utm_medium=rss&utm_campaign=hunting-apts-with-yara Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory https://hakin9.org/unicorn-is-a-simple-tool-for-using-a-powershell-downgrade-attack-and-inject-shellcode-straight-into-memory/ Finding McAfee: A Case Study on Geoprofiling and Imagery Analysis https://blog.usejournal.com/finding-mcafee-a-case-study-on-geoprofiling-and-imagery-analysis-6f16bbd5c219 OSINT Search Links https://www.peerlyst.com/posts/osint-search-links-tawhidur-rahman sherlock Hunt down social media accounts by username across social networks https://github.com/sherlock-project/sherlock XSpear - Powerfull XSS Scanning and Parameter analysis tool and gem https://hakin9.org/xspear-powerfull-xss-scanning-and-parameter-analysis-tool-and-gem/ Creating CyberRange assets w/ Vagrant https://medium.com/aws-cyber-range/creating-cyberrange-assets-w-vagrant-1cf7636da049 OWASP Mobile Top 10 https://owasp.org/www-project-mobile-top-10/ Universal Radio Hacker: Investigate Wireless Protocols like a Boss https://hakin9.org/universal-radio-hacker-investigate-wireless-protocols-like-a-boss/ E-mails, subdomains and names Harvester - OSINT https://github.com/laramies/theHarvester Repository of sentinel alerts and hunting queries leveraging sysmon and the MITRE ATT&CK framework https://hakin9.org/repository-of-sentinel-alerts-and-hunting-queries-leveraging-sysmon-and-the-mitre-attck-framework/ Nginx-Lua-Anti-DDoS https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS sherlock https://github.com/sherlock-project/sherlock IOS Penetration Testing- App Decryption And Jailbreaking- Part 1 https://hackersonlineclub.com/ios-penetration-testing-app-decryption-and-jailbreaking/ Analyzing SUID Binaries https://blog.grimm-co.com/post/analyzing-suid-binaries/ MalwareBazaar Database https://bazaar.abuse.ch/browse/ Threat Research Six Facts about Address Space Layout Randomization on Windows https://www.fireeye.com/blog/threat-research/2020/03/six-facts-about-address-space-layout-randomization-on-windows.html F.商業 遠距工作成趨勢 微軟提出五大智慧資安防護觀察 https://money.udn.com/money/story/5612/4409888 Windows 10 變身開發者利器：內建 Linux 核心，像安裝驅動程式一樣方便 https://technews.tw/2020/03/17/wsl2-will-be-generally-available-in-windows-10-version-2004/ Nokia成中華電5G設備供應商　資安疑慮反成焦點 https://tw.appledaily.com/property/20200319/YX3L4UIEHOQ4B4FX7FJPU4VWH4/ BitDefender強化端點防護的進階威脅攻擊偵測能力，並提供電腦配置的風險評估 https://www.ithome.com.tw/review/136242 Google Nest 網路攝影機影像中斷，雲端服務受考驗 http://technews.tw/2020/03/20/google-nest-ip-camera-cloud-services-tested/ Microsoft Bing team launches COVID-19 tracker https://www.zdnet.com/article/microsoft-bing-team-launches-covid-19-tracker/#ftag=RSSbaffb68 A message from our COO regarding Trend Micro’s Customer commitment during the global Coronavirus Pandemic (COVID-19) https://blog.trendmicro.com/letter-from-our-coo/ Ansible DevOps comes to the mainframe https://www.zdnet.com/article/ansible-devops-comes-to-the-mainframe/#ftag=RSSbaffb68 SANS Offers Free Kit to Secure Home Workers https://www.infosecurity-magazine.com/news/sans-offers-free-kit-to-secure/ Let Us Help Secure Your Teleworkers https://resources.trendmicro.com/Work-From-Home-Assistance-Program.html Free SentinelOne Platform Access https://www.sentinelone.com/lp/covid-19/ The Elsatic Guide to Threat Hunting https://www.elastic.co/pdf/elastic-guide-to-threat-hunting Real-time file monitoring on Windows with osquery https://blog.trailofbits.com/2020/03/16/real-time-file-monitoring-on-windows-with-osquery/ Trace APIs declaratively through Frida. https://github.com/nowsecure/frida-trace G.政府 陳其邁與美學者分享大數據防疫經驗 http://bit.ly/33kELzg 嚴防新冠肺炎 北市居家、分區辦公順利完成演練 https://www.chinatimes.com/realtimenews/20200313005168-260405?chdtv 可重複登記！口罩實名制2.0「有漏洞」　陳時中：結算時會刪除 https://www.ettoday.net/news/20200313/1666814.htm 新黨案證據能力被挑戰？ 調查官：鑑識流程沒寫成報告 https://udn.com/news/story/7321/4423970 NCC指定102家「關鍵基礎設施提供者」 須負起資安義務 https://www.rti.org.tw/news/view/id/2056015 因應武漢肺炎疫情 國發會強化遠距辦公整備作業 https://www.rti.org.tw/news/view/id/2056009 7千多民眾口罩預購輸入手機格式錯誤 今以電子郵件通知更正 http://bit.ly/38Y8n6F 警署超前部署演練異地辦公 全國警下週跟進 https://www.cna.com.tw/news/asoc/202003190309.aspx 【2019政府網路攻防演練結果大公開】新焦點是需重視使用相同軟體套件與委外廠商可能忽略的風險 https://www.ithome.com.tw/news/136455 H.工控系統/SCADA/ICS 多個Moxa AWK-3131A（工控無線網絡設備）漏洞可導致任意代碼執行 https://www.sohu.com/a/380526653_354899 美國Rockwell Automation公司的可編程邏輯控制器存在安全漏洞，可致敏感信息洩露 https://www.freebuf.com/column/230671.html 工程師不可不知的IEEE 802.3bt PoE技術 https://www.eettaiwan.com/news/article/20200319TA31-What-every-engineer-should-know-about-IEEE-802-point-3btPoE 工控安全| 西門子S7-300攻擊分析 https://www.freebuf.com/articles/ics-articles/228770.html I.教育訓練 擁有一堆顧客資料該如何正確管理，降低資安風險 https://ithome.com.tw/pr/136340 考一張拿兩張證照? CEH駭客大師雙認證 https://ithome.com.tw/pr/136342 AgileWorks 持續整合與自動化測試 http://jenkins.readbook.tw/ 白帽公開課｜CTF之逆向分析技術| 冠軍選手幫你把CTF知識點各個擊破 https://www.freebuf.com/open/230321.html Network Security Baseline https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/Baseline_Security/securebasebook/sec_chap1.html Introduction to Bluetooth Low Energy https://www.pentestpartners.com/security-blog/introduction-to-bluetooth-low-energy/ web漏洞之SSRF https://www.cnblogs.com/bin1121/p/12522637.html Create application-level event handlers in Excel https://docs.microsoft.com/en-us/office/troubleshoot/excel/create-application-level-event-handler How to Path Traversal with Burp Community Suite https://blog.mindedsecurity.com/2020/03/how-to-path-traversal-with-burp.html J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 台灣大哥大利用700MHz頻段布局IoT 推出智慧物聯無線電 https://www.sogi.com.tw/articles/iot_sim/6254615 6.近期資安活動及研討會 數據分析與機器學習案例實務(一)以PM2.5為例 3/23 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3888&from_course_list_url=course_index Taipei 暗号通貨 (Cryptocurrency) Meetup 3/25 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcfbhc/ Thinking Thursday 第七場 3/26 https://www.meetup.com/Thinking-Thursday/events/266911452/ Flutter Taipei 2020 暖開幕 | Warm Up Party 3/27 https://www.meetup.com/Flutter-Taipei/events/269033933/ 交通大學駭客書院 - 緩衝區溢位攻擊與預防 3/28 https://hackercollege.nctu.edu.tw/?p=1141 black ASIA 2020 Singapore 3/31 ~ 4/3 https://www.blackhat.com/asia-20/briefings/schedule/ Kaspersky® Security Analyst Summit 4/6 ~ 4/9 https://thesascon.com/ QGIS地理資訊研習班 4/8 ~ 4/9 https://www.accupass.com/event/2002120936323517290110 邊緣計算系統之大數據與深度學習應用 4/10 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3883&from_course_list_url=course_index 第二屆ICANN APAC-TWNIC Engagement Forum 與第34屆TWNIC IP政策資源管理會議 4/16 https://forum.twnic.tw/2020/registration.htm 交通大學駭客書院 -入侵行為發覺與應變指南 4/18 https://hackercollege.nctu.edu.tw/?p=1144 VXCON 2020 - APAC 4/18 ~ 4/19 https://www.vxcon.hk/ 2020全方位資訊安全人才培育計畫 4/21 ~ 6/16 http://service.tabf.org.tw/tw/user/409646/ 2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore 4/21 ~ 4/23 https://www.icscybersecurityconference.com/singapore/ Taipei 暗号通貨 (Cryptocurrency) Meetup 4/22 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcgbdc/ 亞太資訊安全論壇暨展覽會 4/22 https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html 交通大學駭客書院 - 基礎網頁安全與滲透測試 4/25 https://hackercollege.nctu.edu.tw/?p=1147 2020 LINE Taiwan Developers Recruitment Day 4/25 https://engineering.linecorp.com/zh-hant/blog/2020-line-taiwan-technical-recruitment-day/ 交通大學駭客書院 - 基礎網站安全建構實務 5/16 https://hackercollege.nctu.edu.tw/?p=1151 交通大學駭客書院 - 電子郵件之偽造攻擊與防護措施 5/23 https://hackercollege.nctu.edu.tw/?p=1156 Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/ 交通大學駭客書院 - 進階網頁滲透測試 5/30 https://hackercollege.nctu.edu.tw/?p=1159 邊緣計算系統之大數據與深度學習應用 6/5 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index 交通大學駭客書院 - 高階網頁滲透測試 6/13 6/20 https://hackercollege.nctu.edu.tw/?p=1161 交通大學駭客書院 - 企業網域控管-Active Directory攻擊與防禦 6/27 https://hackercollege.nctu.edu.tw/?p=1164 CYBERSEC 2020 臺灣資安大會 8/12 https://cyber.ithome.com.tw/