###### tags: `資安事件新聞週報` # 資安事件新聞週報 2020/1/20 ~ 2020/1/24 1.重大弱點漏洞/後門/Exploit/Zero Day Google Chrome新版本可防止Windows CryptoAPI驗證漏洞攻擊 https://www.ithome.com.tw/news/135418 Google Chrome Adds Protection for NSA's Windows CryptoAPI Flaw https://www.bleepingcomputer.com/news/security/google-chrome-adds-protection-for-nsas-windows-cryptoapi-flaw/ Google Chrome 多個漏洞 https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html 瀏覽網頁更有隱私！Google預計兩年內慢慢淘汰Chrome第三方Cookie https://n.yam.com/Article/20200117690204 盤點並分析 2019 年發現的 Chromium IPC 漏洞 https://www.chainnews.com/zh-hant/articles/918550449231.htm Oracle Virtualization VM VirtualBox 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2698 甲骨文修補334個安全漏洞，Oracle MySQL亦有19個漏洞 https://www.insoler.com/forum/topic/15792446180636.htm 關於Oracle WebLogic多個安全漏洞的預警通知 http://zuits.zju.edu.cn/2020/0117/c7943a1957336/pagem.htm WebLogic遠程代碼執行漏洞預警（CVE-2020-2551、CVE-2020-2546） https://www.huaweicloud.com/notice/2018/20200116115654037.html HPE enhanced Internet Usage Manager 跨站脚本漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11997 HPE Superdome Flex Server 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11998 Adobe Releases First 2020 Patch Tuesday Software Updates https://thehackernews.com/2020/01/adobe-software-updates.html 微軟Windows作業系統存在安全漏洞(CVE-2020-0601、CVE-2020-0609、CVE-2020-0610及CVE-2020-0611) https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1114 弱點通告：微軟發佈01月份安全性公告，建議請儘速更新 https://support.microsoft.com/en-us/help/20200114/security-update-deployment-information-december-10-2019 支付寶安全實驗室發現Office高危漏洞獲微軟致謝 http://www.kaixian.tv/gd/2020/0121/244930.html 快升級避免資安風險！微軟預告 Office 2010 將終止支援 https://newtalk.tw/news/view/2020-01-17/355884 美國安局首公布企業漏洞！Windows出現系統瑕疵 微軟發布重大更新防駭 https://cnews.com.tw/137200120a04/ 微軟準備修復IE9/10/11漏洞 可導致黑客獲取用戶許可權 https://news.sina.com.tw/article/20200119/34027796.html 鎖定微軟CVE-2020-0601漏洞的PoC攻擊程式在24小時內就出爐了 https://www.ithome.com.tw/news/135430 修補CVE-2020-0601 漏洞了嗎?別讓 Vulnera-Bullies 得逞，快用免費工具檢測 https://blog.trendmicro.com.tw/?p=63228 Win10高危漏洞遭黑產攻擊！騰訊安全緊急響應全面攔截 https://cloud.tencent.com/developer/article/1576280 Microsoft patches severe Windows flaw after tip‑off from NSA https://www.welivesecurity.com/2020/01/15/microsoft-patches-severe-windows-vulnerability-tipoff-nsa/ Windows Vulnerability: Researchers Demonstrate Exploits https://www.bankinfosecurity.com/windows-vulnerability-researchers-demonstrate-exploits-a-13614 Windows CryptoAPI exploit https://twitter.com/saleemrash1d/status/1217495681230954506 Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html Actively Exploited IE 11 Zero-Day Bug Gets Temporary Patch https://www.bleepingcomputer.com/news/security/actively-exploited-ie-11-zero-day-bug-gets-temporary-patch/ Micropatching a Workaround for CVE-2020-0674 https://blog.0patch.com/2020/01/micropatching-workaround-for-cve-2020.html This Week in Security News: The First Patch Tuesday Update of 2020 and Pwn2Own Vancouver Announced https://newsroom.trendmicro.com/blog/simply-security/week-security-news-first-patch-tuesday-update-2020-and-pwn2own-vancouver-announ Don’t Let the Vulnera-Bullies Win. Use our free tool to see if you are patched against Vulnerability CVE-2020-0601 https://newsroom.trendmicro.com/blog/simply-security/dont-let-vulnera-bullies-win-use-our-free-tool-see-if-you-are-patched-against-v Microsoft Warns of Unpatched IE Browser Zero-Day That's Under Active Attacks https://thehackernews.com/2020/01/internet-explorer-zero-day-attack.html Microsoft warns about Internet Explorer zero-day, but no patch yet https://www.zdnet.com/article/microsoft-warns-about-internet-explorer-zero-day-but-no-patch-yet/#ftag=RSSbaffb68 Microsoft fixes critical bugs in CryptoAPI, RD Gateway and .NET https://nakedsecurity.sophos.com/2020/01/15/microsoft-fixes-critical-bugs-in-cryptoapi-rd-gateway-and-net/ Microsoft Warns of Unpatched IE Browser Zero-Day That's Under Active Attacks https://thehackernews.com/2020/01/internet-explorer-zero-day-attack.html Microsoft Zero-Day Actively Exploited, Patch Forthcoming https://threatpost.com/microsoft-zero-day-actively-exploited-patch/152018/ Windows 7 Begins to Show Full Screen Windows 10 Upgrade Alerts https://www.bleepingcomputer.com/news/microsoft/windows-7-begins-to-show-full-screen-windows-10-upgrade-alerts/ 美國國家安全局發佈公告，建議Windows相關用戶立即更新突破，以修復重大突破 https://www.twcert.org.tw/tw/cp-104-3243-ef588-1.html Internet Explorer 又被發現漏洞讓駭客可直接遠端執行惡意程式，但這次微軟不打算立刻修復 https://www.techbang.com/posts/75801-internet-explorer-security-flaw Citrix釋出官方的CVE-2019-19781漏洞掃描工具 https://www.ithome.com.tw/news/135512 Critical Vulnerabilities in Microsoft Windows Operating System https://www.csa.gov.sg/singcert/advisories/advisory-on-critical-vulnerabilities-in-microsoft-windows-operating-system Citrix閘道系統重大漏洞已出現攻擊程式，修補程式還在路上 https://www.ithome.com.tw/news/135461 Citrix rolls out patches for critical ADC vulnerability exploited in the wild https://www.zdnet.com/article/citrix-rolls-out-patches-for-critical-adc-vulnerabilities-being-exploited-in-the-wild/#ftag=RSSbaffb68 Citrix交付控制器和網關存在嚴重漏洞 影響全球超過80000家企業 https://blog.cocook.cn/archives/125284/ Citrix Application Delivery Controller 嚴重漏洞（CVE-2019-19781）警報 https://www.hkcert.org/my_url/zh/blog/20011702 Citrix rolls out patches for critical ADC vulnerability exploited in the wild https://www.zdnet.com/article/citrix-rolls-out-patches-for-critical-adc-vulnerabilities-being-exploited-in-the-wild/#ftag=RSSbaffb68 Citrix Releases First Patches to Fix Severe Vulnerability https://www.bankinfosecurity.com/citrix-releases-first-patches-to-fix-severe-vulnerability-a-13627 Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack https://thehackernews.com/2020/01/citrix-adc-patch-update.html Citrix Accelerates Patch Rollout For Critical RCE Flaw https://threatpost.com/citrix-patch-rollout-critical-rce-flaw/152041/ Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack https://thehackernews.com/2020/01/citrix-adc-patch-update.html A hacker is patching Citrix servers to maintain exclusive access https://www.zdnet.com/article/a-hacker-is-patching-citrix-servers-to-maintain-exclusive-access/#ftag=RSSbaffb68 席捲全球158國的Citrix高危漏洞正被利用，有黑客組織安置“獨家”後門 https://www.anquanke.com/post/id/197487 Dutch Govt Suggests Turning Off Citrix ADC Devices, Mitigations May Fail https://www.bleepingcomputer.com/news/security/dutch-govt-suggests-turning-off-citrix-adc-devices-mitigations-may-fail/ UPDATE: Schakel Citrix-systemen uit waar dat kan of tref aanvullende maatregelen https://www.ncsc.nl/actueel/nieuws/2020/januari/16/door-citrix-geadviseerde-mitigerende-maatregelen-niet-altijd-effectief 美國陸軍漏洞懸賞項目共發放27.5萬美元的賞金 https://nosec.org/home/detail/4006.html WordPress plugin vulnerability can be exploited for total website takeover https://www.zdnet.com/article/wordpress-plugin-vulnerability-can-be-exploited-for-full-website-hijacking/#ftag=RSSbaffb68 Cisco NX-OS Software輸入驗證錯誤漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1968 Sophos XG firewall Admin Portal SQL注入漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16116 D-Link DIR-823G命令注入漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15528 Vulnerability Spotlight: Bitdefender BOX 2 bootstrap remote code execution vulnerabilities https://blog.talosintelligence.com/2020/01/vuln-spotlight-bitdefender-box-rce-jan-2020.html SMC Networks SMC D3G0804W 跨站脚本漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7249 NetApp Clustered Data ONTAP 9.2 漏洞 http://iknow.lenovo.com/detail/dc_186943.html Vulnerability Spotlight: Multiple vulnerabilities in some AMD graphics cards https://blog.talosintelligence.com/2020/01/vuln-spotlight-AMD-VM-jan-2020.html 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 6家銀行迅速回應App隱私政策違規金融科技專家提6條措施補“漏洞” https://tech.sina.com.cn/roll/2020-01-18/doc-iihnzhha3187132.shtml Open API & Open Banking成話題 英、澳、日、星經驗分享 https://money.udn.com/money/story/5613/4294503 黑天鵝難測16金控海外風險管理列金檢 https://gb.udn.com/gb/udn.com/news/story/7239/4297316 春節期間金融服務不打烊 金管會下令銀行採取五措施 https://udn.com/news/story/7239/4302023 春節連假倒數，金管會：金融、保戶服務不打烊 https://www.chinatimes.com/realtimenews/20200122002796-260410?chdtv 春節使用ATM，財金公司5提醒 http://bit.ly/2vcDRrE Windows 7 自動櫃員機再現 網友笑指 Windows XP ATM 仍然存在 http://bit.ly/2G9fuxj 學者：應考慮將金融穩定發展委員會變更為監管機構 https://news.sina.com.tw/article/20200123/34064564.html Travelex遭駭客攻擊 https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16343 Heightened Cybersecurity Risk Considerations https://www.fdic.gov/news/news/financial/2020/fil20003.html https://www.fdic.gov/news/news/financial/2020/fil20003a.pdf Visa's plan against Magecart attacks: Devalue and disrupt https://www.zdnet.com/article/visas-plan-against-magecart-attacks-devalue-and-disrupt/#ftag=RSSbaffb68 Cyberattack on a Major Bank Would Have Ripple Effect: Study https://www.bankinfosecurity.com/cyberattack-on-major-bank-would-have-ripple-effect-study-a-13620 Aussie Bank Says Server Upgrade Led to Data Breach https://www.bankinfosecurity.com/aussie-bank-says-server-upgrade-led-to-data-breach-a-13617 Money laundering: This startup thinks its tech can prevent another banking scandal https://www.zdnet.com/article/money-laundering-this-startup-thinks-its-tech-can-prevent-another-banking-scandal/#ftag=RSSbaffb68 Swedish Open Banking Startup Tink Closes €90M Funding Deal https://www.pymnts.com/news/fintech-investments/2020/swedish-open-banking-startup-tink-closes-e90m-funding-deal/ MAS alerts financial institutions to vulnerability in Microsoft Windows Operating System https://www.mas.gov.sg/news/media-releases/2020/mas-alerts-financial-institutions-to-vulnerability-in-microsoft-windows-operating-system Zen Cart “PayPal” Skimmer https://blog.sucuri.net/2020/01/zen-cart-paypal-skimmer.html Travelex Ransom Demand Is Doubled https://www.cybersecurityintelligence.com/blog/travelex-ransom-demand-is-doubled-4743.html Bank of Ireland warn customers to be wary of scam text doing the rounds https://www.rsvplive.ie/news/irish-news/bank-ireland-warn-customers-wary-21329153 3.電子支付/電子票證/行動支付/ pay/新聞及資安 全聯、中油、101 都推 Pay！行動支付品牌暴增，分析師點出致勝 3 關鍵 https://www.managertoday.com.tw/articles/view/59120 港版支付寶可在廣州搭車 自動兌換港幣結算 http://bit.ly/2TDSAWK 4.虛擬貨幣/區塊鍊相關新聞及資安 曾經有一個漏洞，造出了1800多億個比特幣 https://kknews.cc/tech/8gjpzjq.html 虛擬貨幣規範上路 KPMG：法治化領先國際 https://udn.com/news/story/7239/4292296 STO納入證券監管規範上路 會計師提醒投資人留意三大面向 https://news.cnyes.com/news/id/4435067 金管會與櫃買中心納管證券型代幣交易！一分鐘看懂STO新制五個重點 https://news.knowing.asia/news/cb0e6fc1-c40b-4543-a831-45dc8d09f4fd 金管會 2020 首個「虛擬通貨」發行規範函令：3,000 萬以下STO 需付公開說明書 編制年報 https://www.blocktempo.com/fsc-2020-first-orders-3000/ 幣安現在允許直接在其平台上添加Visa信用卡以購買包括XRP在內的加密貨幣 http://bit.ly/36e28dK Facebook再流失創始成員　Vodafone退出Libra加密貨幣組織 http://bit.ly/2RidclQ 櫃買發布STO管理法規 PwC提醒應留意洗防、資安及風險揭露等事項 https://www.pwc.tw/zh/news/press-release/press-20200122.html UK's HMRC tax authority seeks tools to track down cryptocurrency criminals https://www.zdnet.com/article/uk-hmrc-tax-authority-seeks-tools-to-track-down-cryptocurrency-criminals/#ftag=RSSbaffb68 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 億萬用戶仍可遭病毒攻擊 Windows7"退休"後該怎麼辦 http://bit.ly/2RBinMD 14日起終止支緣…死守Windows 7 遇病毒沒防護 http://bit.ly/2NHrtpX 360曝Win7漏洞威脅 可被植入勒索病毒甚至被監聽 https://news.sina.com.tw/article/20200118/34024546.html Sodinokibi 勒索病毒在年終活動加劇，攻擊了機場及其他企業 https://blog.trendmicro.com.tw/?p=63152 勒索病毒攻擊漸趨白熱化 http://bit.ly/2G2E9DF Android 惡意木馬 App 能切斷 Google Play 保護措施，並偽造用戶評價 https://www.twcert.org.tw/tw/cp-104-3257-35dde-1.html 盜賊無信用 電腦中勒索病毒 付贖金恐兩頭空 https://www.cna.com.tw/news/ait/202001230162.aspx Windows EFS可被用來實作勒索軟體，防毒軟體偵測不到 https://www.ithome.com.tw/news/135488 WTF, EFS? Experts warn Windows encryption could spawn nasty new ransomware https://www.theregister.co.uk/2020/01/21/efs_ransomware_poc/ EFS Ransomware https://safebreach.com/Post/EFS-Ransomware TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection https://www.bleepingcomputer.com/news/security/trickbot-now-uses-a-windows-10-uac-bypass-to-evade-detection/ Emotet Returns After Holiday Break with Major Campaigns https://www.proofpoint.com/us/corporate-blog/post/emotet-returns-after-holiday-break-major-campaigns Increased Emotet Malware Activity https://www.us-cert.gov/ncas/current-activity/2020/01/22/increased-emotet-malware-activity Alert (TA18-201A) Emotet Malware https://www.us-cert.gov/ncas/alerts/TA18-201A JhoneRAT exploits cloud services to attack Middle Eastern countries https://www.zdnet.com/article/jhonerat-exploits-microsoft-office-cloud-services-to-attack-middle-eastern-countries/#ftag=RSSbaffb68 Beware of Microsoft Windows Malware, Warns Singapore Regulators https://upnewsinfo.com/2020/01/20/beware-of-microsoft-windows-malware-warns-singapore-regulators/ Increase in Emotet Spam Observed, Blocked by Symantec https://www.symantec.com/blogs/threat-intelligence/increase-emotet-spam-observed-blocked-symantec Breaking: Mobile Banking Trojan Draining Users’ Accts – Expert Commentary https://www.informationsecuritybuzz.com/expert-comments/breaking-mobile-banking-trojan-draining-users-accts-expert-commentary/ Defend Yourself Now and in the Future Against Mobile Malware https://newsroom.trendmicro.com/blog/simply-security/defend-yourself-now-and-future-against-mobile-malware New NetWire RAT Campaigns Use IMG Attachments to Deliver Malware Targeting Enterprise Users https://securityintelligence.com/posts/new-netwire-rat-campaigns-use-img-attachments-to-deliver-malware-targeting-enterprise-users/ New paper: Behind the scenes of GandCrab's operation https://www.virusbulletin.com/blog/2020/01/new-paper-behind-scenes-gandcrabs-operation/ Antivirus vendors push fixes for EFS ransomware attack method https://www.zdnet.com/article/antivirus-vendors-scramble-to-fix-new-efs-ransomware-attack/#ftag=RSSbaffb68 BitPyLock Ransomware Now Threatens to Publish Stolen Data https://www.bleepingcomputer.com/news/security/bitpylock-ransomware-now-threatens-to-publish-stolen-data/ 新版FTCode勒索軟體添增憑證竊取功能 https://www.ithome.com.tw/news/135475 FTCode Ransomware Now Steals Saved Login Credentials https://www.bleepingcomputer.com/news/security/ftcode-ransomware-now-steals-saved-login-credentials/ FTCODE Ransomware — New Version Includes Stealing Capabilities https://www.zscaler.com/blogs/research/ftcode-ransomware--new-version-includes-stealing-capabilities FTCODE ransomware is now armed with browser, email password stealing features https://www.zdnet.com/article/ftcode-ransomware-is-now-armed-with-browser-email-password-stealing-features/#ftag=RSSbaffb68 Fileless ransomware FTCODE now steals credentials http://blog.ptsecurity.com/2020/01/fileless-ransomware-ftcode-now-steals.html FTCODE Ransomware — New Version Includes Stealing Capabilities https://www.zscaler.com/blogs/research/ftcode-ransomware--new-version-includes-stealing-capabilities Updated FTCODE Ransomware Now Steals Credentials, Passwords https://www.bankinfosecurity.com/updated-ftcode-ransomware-now-steals-credentials-passwords-a-13638 Malicious JavaScript Used in WP Site/Home URL Redirects https://blog.sucuri.net/2020/01/malicious-javascript-used-in-wp-site-home-url-redirects.html Breaking down a two-year run of Vivin’s cryptominers https://blog.talosintelligence.com/2020/01/vivin-cryptomining-campaigns.html Maryland Considers Criminalizing Ransomware Possession https://www.bankinfosecurity.com/maryland-considers-criminalizing-ransomware-possession-a-13632 sLoad launches version 2.0, Starslord https://www.microsoft.com/security/blog/2020/01/21/sload-launches-version-2-0-starslord/ Ransomware attacks matured in 2019, report says https://statescoop.com/ransomware-attacks-matured-2019-2020-crowdstrike-report/ Android Banking Trojans: History, Types, Modus Operandi https://www.tripwire.com/state-of-security/security-data-protection/android-banking-trojans-history-types-modus-operandi/ 【2020/1/21】ばらまき型攻撃メール（Emotet）に関する注意喚起 https://www.cc.uec.ac.jp/blogs/news/2020/01/20200121malwareemotet.html sLoad Malware Revamped as Powerful ‘StarsLord’ Loader https://threatpost.com/sload-malware-revamped-starslord-l-features/152084/ Emotet – Virus bancar – Prezent pe domenii din Romania https://www.prodefence.ro/emotet-virus-bancar-prezent-pe-domenii-din-romania/ Shlayer Trojan attacks one in ten macOS users https://securelist.com/shlayer-for-macos/95724/ B.行動安全 / iPhone / Android /穿戴裝置 /App 別當冤大頭！軟體試用期一過自動扣款 惡意程式利用漏洞詐取高額訂閱金 https://times.hinet.net/news/22743748 歐洲擬要求統一充電插頭　蘋果公司或棄用Lightning接口 http://bit.ly/368nxFc 韓媒爆另有一線男星手機遭入侵洩密 李秉憲中槍 http://bit.ly/30JARyI 注意！三星Galaxy系列手機隱私堪憂 最好啟用2步驟驗證 https://news.ltn.com.tw/news/world/breakingnews/3045049 出浴畫面瘋傳 正妹復出示範手機放胸口 https://times.hinet.net/news/22744484 企業5G裝置普及需時　專家：WiFi將與5G共存 http://bit.ly/2RyWTQn Google 公布 iOS 12.4 漏洞詳情，駭客可遠端控制 iPhone https://lihkg.com/thread/1828648/page/1 WhatsApp香港在內多個地區「死機」 未能發送圖像視頻 http://bit.ly/2Rz9eUB Google纏鬥詐騙「小丑」三年！刪1700萬次檔不住 想自保先做這些步驟 https://times.hinet.net/news/22747640 研究：美國電信業者放任SIM卡交換攻擊 https://www.ithome.com.tw/news/135459 蘋果受FBI壓力影響？曾考慮採用iCloud點對點加密手機備份計畫 https://mrmad.com.tw/apple-encrypting-backups-after-fbi-complained 專家：短時間大量資料被上傳 肯定被入侵 http://bit.ly/2Ge41fO Google揭露蘋果Safari追蹤防護工具的多個安全及隱私漏洞 https://times.hinet.net/news/22752959 美國司法部文件聲稱 FBI 近期已成功破解 iPhone 11 http://bit.ly/3aE3YI7 一則病毒影片 讓全球首富難保資安… 手機隱私現隱憂 http://bit.ly/2uwnSEd WhatsApp傳資安疑慮 聯合國官員不使用 https://taronews.tw/2020/01/24/594469/ Use iPhone as Physical Security Key to Protect Your Google Accounts https://thehackernews.com/2020/01/google-iphone-security-key.html You can now turn your iPhone into a Google security key https://www.welivesecurity.com/2020/01/16/you-can-now-turn-iphone-security-key/ Tips Hindari Modus SIM Swap yang Bisa Bobol Rekening Bank dan Medsos https://www.senayanpost.com/tips-hindari-modus-sim-swap-yang-bisa-bobol-rekening-bank-dan-medsos/ 14% of Android app privacy policies contain contradictions about data collection https://www.zdnet.com/article/14-of-android-app-privacy-policies-contain-contradictions-about-data-collection/ C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件 十年資安教訓 https://www.ithome.com.tw/voice/135438 2020年全球網路資安管理趨勢 https://www.taiwanservices.com.tw/internet/zh/procurementInfoDetail.aspx?item=17376&cat=4&U=1 我們還需要另一個資安標準嗎？ -從NIST CSF思考數位韌性 https://www.chinatimes.com/newspapers/20200121000279-260210?chdtv 2020年資安趨勢：居家門上鎖、盜錄勒索、偷窺軟體變主流 https://ec.ltn.com.tw/article/breakingnews/3046781 長亭出席阿里白帽大會， 探討漏洞挖掘進化論 https://www.chainnews.com/zh-hant/articles/085715782217.htm 暗網潛航——黑客術概覽（一）：庖丁解牛 http://bit.ly/3azjlS9 暗網潛航——黑客術概覽（二）：批亢搗虛 http://bit.ly/2TOTD69 惡意篡改後台數據6名“黑客”竊取話費被公訴 http://www.hxnews.com/news/fj/fz/202001/22/1854521.shtml 綽號「蜘蛛人」的駭客，一個人搞癱了賴比瑞亞整個國家的網路 https://www.techbang.com/posts/75572-nicknamed-spider-man-hacker-a-man-who-paralysed-a-national-network-above 因擁有《華盛頓郵報》，亞馬遜貝佐斯手機遭到沙國王儲沙爾曼發動的網路攻擊 https://technews.tw/2020/01/22/jeff-bezos-phone-was-reportedly-hacked-by-saudi-crown-prince-mohammed-bin-salman-in-2018/ 裸照事件傳「沙國王儲也有份」！　貝佐斯揭駭客入侵手段：一則惡意影片 https://www.ettoday.net/news/20200122/1630940.htm 貝佐斯手機資訊外洩！英媒爆駭客是沙國王儲 https://ec.ltn.com.tw/article/breakingnews/3047580 Google纏鬥詐騙「小丑」三年！刪1700萬次檔不住 想自保先做這些步驟 https://cnews.com.tw/137200120a03/ 日本三菱電機疑遭陸駭客入侵 重要機密未外洩 https://www.cna.com.tw/news/firstnews/202001200048.aspx 日本三菱電機疑遭中國黑客入侵　國防信息或外泄 http://bit.ly/2ujpjpO 日本三菱電機遭多個駭侵團體同時大規模駭侵 https://www.twcert.org.tw/tw/cp-104-3276-f6a98-1.html 三菱電機遭網攻 傳中國駭客幹的 https://news.ltn.com.tw/news/world/paper/1347586 【独自】サイバー攻撃4集団　標的の分野・時期は様々 https://www.asahi.com/articles/photo/AS20200121004397.html 【独自】三菱電機、複数ハッカーが攻撃か　ウイルスバスター欠陥悪用 https://headlines.yahoo.co.jp/hl?a=20200122-00000002-asahi-soci Mitsubishi Electric Blames Anti-Virus Bug for Data Breach https://www.bankinfosecurity.com/mitsubishi-electric-blames-anti-virus-bug-for-data-breach-a-13628 國土安全部長：中共「舉國」明暗嚴重威脅美國 http://bit.ly/2RA0ayS 解放軍網軍竊取以色列「鐵穹」參數　箭式3型飛彈也遭殃 https://www.ettoday.net/news/20200119/1628698.htm 荷蘭司法部網絡安全中心通知：重要機構關閉電腦家庭工作系統 http://bit.ly/30A7U86 伊朗駭客入侵美國電網、油氣公司 https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16344 國家黑客利用 VPN 服務器漏洞入侵美國政府網絡 https://www.chainnews.com/zh-hant/articles/828893097149.htm 美國愛沙尼亞合作護網安 建立情報分享系統 https://www.ydn.com.tw/news/369134 德籍前外交官疑為中國間諜 震撼歐盟外交圈 https://www.cna.com.tw/news/firstnews/202001200289.aspx 美國國會議員提議設立網路安全協調員 https://www.ithome.com.tw/news/135460 烏克蘭政府招聘官網曝出網絡安全事件：求職人員的諸多詳細信息被洩漏 https://www.cnbeta.com/articles/tech/934879.htm 史諾登案美籍記者 遭巴西指控駭客 http://bit.ly/30OGvQc 中國發布網路信息內容生態治理規定 https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16341 Ubisoft sues operators of four DDoS-for-hire services https://www.zdnet.com/article/ubisoft-sues-operators-of-four-ddos-for-hire-services/#ftag=RSSbaffb68 Singapore public sector called out for recurring IT lapses https://www.zdnet.com/article/singapore-public-sector-called-out-for-recurring-it-lapses/#ftag=RSSbaffb68 FBI Promises 'Timely' Election Breach Reports for Officials https://www.bankinfosecurity.com/fbi-promises-timely-election-breach-reports-for-officials-a-13619 Congress Hears Warnings of Iranian Cyberthreats https://www.bankinfosecurity.com/congress-hears-warnings-iranian-cyberthreats-a-13613 How Cybercriminals Are Converting Cryptocurrency to Cash https://www.bankinfosecurity.com/how-cybercriminals-are-converting-cryptocurrency-to-cash-a-13625 How Hackers Are Spying on US & Canadian Special Forces https://pentestmag.com/how-hackers-are-spying-on-us-canadian-special-forces/ Did you really 'like' that? How Chameleon attacks spring in Facebook, Twitter, LinkedIn https://www.zdnet.com/article/did-you-really-like-that-how-chameleon-attacks-spring-in-facebook-twitter-linkedin/#ftag=RSSbaffb68 Rules on deepfakes take hold in the US https://blog.malwarebytes.com/artificial-intelligence/2020/01/deepfake-rules-take-hold-in-the-us/ US Cyber Command was not prepared to handle the amount of data it hacked from ISIS https://www.zdnet.com/article/us-cyber-command-was-not-prepared-to-handle-the-amount-data-it-hacked-from-isis/ LastPass stores passwords so securely, not even its users can access them https://www.theregister.co.uk/2020/01/20/lastpass_outage/ ProtonVPN Apps Open Sourced for Added Transparency and Security https://www.bleepingcomputer.com/news/security/protonvpn-apps-open-sourced-for-added-transparency-and-security/ Saudi Prince Allegedly Hacked World's Richest Man Jeff Bezos Using WhatsApp https://thehackernews.com/2020/01/saudi-prince-allegedly-hacked-worlds.html 資安技術顧問助理_台中 https://www.104.com.tw/job/6ujzy 學生實習-資安工程師 https://www.104.com.tw/job/6ulc6 資訊安全維護工程師 https://m.104.com.tw/job/6u0pz?jobsource=pc_redirect D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 百億帳密遭販賣 跨國警方逮兩嫌 https://udn.com/news/story/6809/4297099 侵害隱私？歐盟擬發布5年禁令 限制公共場合中臉部辨識應用 https://times.hinet.net/news/22747637 FBI 查封了一個專門販售被盜個資的網站 https://chinese.engadget.com/chinese-2020-01-20-fbi-seizes-site-dedicated-to-selling-data-breach-information.html FBI搗破專門出售個人資料網站　涉120億條用戶資料 http://bit.ly/2un7Axo 行政文書が大量流出　納税記録などのＨＤＤ転売 https://www.asahi.com/articles/ASMD57WSXMD5UTIL065.html 30 億張圖庫，一張照片就能查個資！臉部辨識再爆隱私爭議 http://technews.tw/2020/01/22/face-recognition-has-privacy-controversy-again/ 春節網購要小心 內政部提醒注意臉書「假網拍」 https://www.chinatimes.com/realtimenews/20200122001460-260407?chdtv 微軟意外曝露 2.5 億筆的客服記錄 http://bit.ly/30MEt2H 美國加州消費者隱私法案正式施行 https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16342 有衛生署認證就是品質保證?!　破解詐騙網購招數 https://blog.trendmicro.com.tw/?p=63220 澳洲森林大火成詐騙誘餌：別讓愛心 成為駭客提款機 https://blog.trendmicro.com.tw/?p=4843 BEC Fraudsters Targeting Financial Documents: Report https://www.bankinfosecurity.com/bec-fraudsters-targeting-financial-documents-report-a-13616 Spear Phishing Gets Us Nearly Every Time: Lessons From Europol’s Report https://securityintelligence.com/articles/spear-phishing-gets-us-nearly-every-time-lessons-from-europols-report/ This Citibank Phishing Scam Could Trick Many People https://www.bleepingcomputer.com/news/security/this-citibank-phishing-scam-could-trick-many-people/ More than half of Russian companies are concerned about the protection of personal data of employees and customers https://www.ehackingnews.com/2020/01/more-than-half-of-russian-companies-are.html Accused scammer Burkov to plead guilty to 'some' charges after extradition dispute https://www.cyberscoop.com/aleksei-burkov-russian-scammer-plead-guilty/ Dating apps share personal data with advertisers, study says https://www.welivesecurity.com/2020/01/22/dating-apps-share-intimate-data-advertisers-study/ E.研究報告 滲透測試工程師視角下的滲透測試流程 http://www.sohu.com/a/367827843_354899 內網滲透實驗：基於Cobaltstrike的多種實驗 https://www.freebuf.com/vuls/224507.html 針對Cisco DCNM高危漏洞的PoC公開 https://nosec.org/home/detail/3980.html Azure Cloud Shell 跨用戶命令執行與提權漏洞分析 https://www.chainnews.com/zh-hant/articles/460921811690.htm 安全研究員演示利用新披露的Windows 高危漏洞 https://www.solidot.org/story?sid=63293 黑產進攻Win10高危漏洞，騰訊安全緊急首發專殺工具 https://pttnews.cc/710d047ad0 Maccms8的命令執行漏洞分析及初探 https://forum.90sec.com/t/topic/724 對公司中控考勤機的進一步研究 https://iven.wang/index.php/archives/55.html Microsoft IE jscript遠程命令執行0day漏洞（CVE-2020-0674）通告 https://www.freebuf.com/column/225923.html CVE-2020-0601漏洞详细分析 https://www.freebuf.com/vuls/225879.html ProtonVPN開源所有平台的程式原始碼 https://www.ithome.com.tw/news/135493 Local Privilege Escalation in many Ricoh Printer Drivers for Windows (CVE-2019-19363) https://www.pentagrid.ch/en/blog/local-privilege-escalation-in-ricoh-printer-drivers-for-windows-cve-2019-19363/ The Most Important Role of Penetration Testing in Data Privacy and Protection https://gbhackers.com/the-role-of-penetration-testing/ YARASAFE - Automatic Binary Function Similarity Checks with Yara https://www.kitploit.com/2020/01/yarasafe-automatic-binary-function.html How to prevent a rootkit attack https://blog.malwarebytes.com/how-tos-2/2020/01/how-to-prevent-a-rootkit-attack/ Cyberawareness in Australia: The good and the bad https://www.welivesecurity.com/2020/01/16/cyberawareness-australia-good-bad/ The ESET Cyberawareness Index Australia 2019 https://cdn1.esetstatic.com/ESET/AU/whitepapers/ESS1003_ConsumerSurvey_Whitepaper_A4_Final.pdf Rough Patch: I Promise It'll Be 200 OK (Citrix ADC CVE-2019-19781) https://www.fireeye.com/blog/products-and-services/2020/01/rough-patch-promise-it-will-be-200-ok.html 404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html Millions of modems at risk of remote hijacking https://www.welivesecurity.com/2020/01/14/millions-modems-vulnerable-remote-hijacking/ Broadening the Scope: A Comprehensive View of Pen Testing https://thehackernews.com/2020/01/broadening-scope-comprehensive-view-of11.html Zero-Cost Threat Hunting with Elastic Stack https://www.cloudcybersafe.com/zero-cost-threat-hunting-with-elastic-stack FBI shuts down website selling billions of stolen records https://www.welivesecurity.com/2020/01/17/fbi-seizes-website-selling-stolen-personal-data/ BankSecurity/Red_Team https://github.com/BankSecurity/Red_Team Nginx-Lua-Anti-DDoS https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS insightglacier/Shiro_exploit https://github.com/insightglacier/Shiro_exploit 7 SDLC METHODOLOGIES THAT EVERY APPLICATION SECURITY ENGINEER SHOULD KNOW – PART 1 https://blog.eccouncil.org/7-sdlc-methodologies-that-every-application-security-engineer-should-know-part-1/ SQL Injection to RCE https://pentestmag.com/sql-injection-to-rce/ THE GOOD, THE BAD AND THE UGLY IN CYBERSECURITY – WEEK 1 https://www.aurigasec.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-1 THE GOOD, THE BAD AND THE UGLY IN CYBERSECURITY – WEEK 2 https://www.aurigasec.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-2 Grouper2 - Find Vulnerabilities In AD Group Policy https://www.kitploit.com/2020/01/grouper2-find-vulnerabilities-in-ad.html How To Fully Anonymize Your IP https://linuxsecurityblog.com/2019/11/20/how-to-fully-anonymize-your-ip/ Update: Curveball Exploit (CVE-2020-0601) Starts Making the Rounds https://www.fortinet.com/blog/threat-research/curveball-exploit-making-rounds.html 「Wine 5.0」が正式リリース ～マルチモニター環境と「Vulkan 1.1」をサポート https://forest.watch.impress.co.jp/docs/news/1230571.html 3gstudent / List-RDP-Connections-History https://github.com/3gstudent/List-RDP-Connections-History 【ハニーポット簡易分析】Honeypot簡易分析(2020/1/20) https://sec-chick.hatenablog.com/entry/2020/01/21/232804 AIOOSCP/Hijacker https://github.com/AIOOSCP/Hijacker Add internet access to a vintage computer using Raspberry Pi https://magpi.raspberrypi.org/articles/add-internet-access-to-a-vintage-computer-using-raspberry-pi A New Decade Of Javascript Threats https://www.riskiq.com/blog/external-threat-management/decade-of-javascript-threats/ Thousands of WordPress Sites Hacked to Fuel Scam Campaign https://www.bleepingcomputer.com/news/security/thousands-of-wordpress-sites-hacked-to-fuel-scam-campaign/ Free website security check & malware scanner https://sitecheck.sucuri.net/ F.商業 Palo Alto Networks 公佈最新2020年資安趨勢預測 https://news.sina.com.tw/article/20200119/34032744.html Check Point：台灣企業去年受網路攻擊次數為全球平均4倍 https://ec.ltn.com.tw/article/breakingnews/3045753 果核鎖定 OWASP 十大 API 風險，完整佈局檢測、監控與顧問服務 https://www.digicentre.com.tw/news_detail.php?id=65& 新創區塊科技推出Email上鏈工具 防堵商業電郵詐騙 https://reurl.cc/Gk3LQy 資安世界級 G Suite掛保證 神通資科導入架構客製化安保機制事半功倍 https://www.mitac.com.tw/article.cfm?id=325 訊舟硬體加密SecuBox抗駭客，本季全面導入市場 http://bit.ly/2tGvGDl FireEye Buys Cloudvisory, in Seventh Security Acquisition https://www.cbronline.com/cybersecurity/solutions/cloudvisory-fireeye/ Morphisec Protects Customers Against Internet Explorer Scripting Zero Day https://securityboulevard.com/2020/01/morphisec-protects-customers-against-internet-explorer-scripting-zero-day/ G.政府 高市戶政連線當機改採人工收件 初步排除被駭 http://www.ksnews.com.tw/index.php/news/contents_page/0001337154 唐鳳稱 資安及網路訊息討論更密切 http://bit.ly/3asPRoU 中正紀念堂轉型、禁購清單 行政院繼續衝 https://udn.com/news/story/6656/4296611 成立數位發展部會 科技部統整國外經驗提供建議 https://www.cna.com.tw/news/ait/202001200105.aspx 政院國土安全會報 鎖定混合式威脅加強演習 https://www.rti.org.tw/news/view/id/2048816 國土安全整備，陳其邁：精進應變機制 http://bit.ly/37jb4Qq 關鍵基礎設施演習 鳳信有線電視拿特優 https://www.chinatimes.com/realtimenews/20200121002459-260405?chdtv 禁購危害資安產品 專家：應先盤點設備 http://bit.ly/2TEm0Ed 各機關資通訊應用管理要點 https://theme.ndc.gov.tw/lawout/LawContent.aspx?id=GL000031 經濟部工業局推動物聯網產品資安標章 讓您選購資安合格產品，安心過好年 https://www.moea.gov.tw/MNS/populace/news/News.aspx?kind=1&menu_id=40&news_id=88543 台灣將推「數位身分證」，專家憂個資濫用　資安與便利該如何取捨 https://www.cw.com.tw/article/article.action?id=5098704 H.工控系統/SCADA/ICS Fake Company, Real Threats https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/fake-company-real-threats-logs-from-a-smart-factory-honeypot RELIABLY FINDING AND EXPLOITING ICS/SCADA BUGS https://www.zerodayinitiative.com/blog/2020/1/15/reliably-finding-and-exploiting-icsscada-bugs I.教育訓練 A Beginner’s Guide to OSINT Investigation with Maltego https://medium.com/@raebaker/a-beginners-guide-to-osint-investigation-with-maltego-6b195f7245cc What is MPLS Label distributing protocol (LDP) ? How LDP works https://mpls.internetworks.in/2020/01/what-is-mpls-label-distributing.html 60 Cybersecurity Interview Questions [2019 Update] https://danielmiessler.com/study/infosec_interview_questions/ J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 51萬臺物聯網裝置的Telnet帳密被公布，史上最多 https://www.ithome.com.tw/news/135436 駭客入侵「監視器」網路 全台逾10萬戶受害 http://bit.ly/2TCzUGG 國內網路監視器DVR設備存有資安漏洞，建議用戶立即更新至最新版本 https://www.twcert.org.tw/tw/cp-104-3259-932ae-1.html IoT技術中心斥資上億 德國萊因用物聯三箭打造連網用戶安全體驗 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000576736_dfp83unb2kom8g79i2uur IoT時代萬物可駭 資安投資可望成顯學 https://money.udn.com/money/story/5612/4303059 IP CAM資安檢測方法一致性修正公告-更新檔案(20200109版) https://www.taics.org.tw/LatestASSForm.aspx?Ass_id=5065&Type=2 Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/#ftag=RSSbaffb68 6.近期資安活動及研討會 Security Hell Conference (SH3LLCON) 1/24 ~ 1/25 https://www.sh3llcon.es/?ref=infosec-conferences.com NextGen SCADA 1/27 ~ 1/31 https://www.smartgrid-forums.com/forums/nextgen-scada-global/ Cranfield University Cyber Symposium 1/28 ~ 1/29 https://www.cranfield.ac.uk/events/symposia/cyber International Cyber Security Forum (FIC) 1/28 ~ 1/30 https://www.forum-fic.com/en/home.htm Free and Safe in Cyberspace 1/29 https://www.free-and-safe.org/ Hacking Thursday 1/30 http://www.hackingthursday.org/invite 台灣E化資安分析管理協會-「網路身分識別安全與防護：從密碼走向無密碼時代」研習課程 2/5 https://inc.ntub.edu.tw/p/404-1011-75476-1.php?Lang=zh-tw 制御システムセキュリティカンファレンス 2020 2020年2月14日 https://www.jpcert.or.jp/event/ics-conference2020.html Certificate of Cloud Security Knowledge (CCSK) Plus 2/23 ~ 2/24 https://csacongress.org/event/csa-summit-at-rsa-conference-2020/ CYBERSEC 2020 臺灣資安大會 3/17 ~ 3/19 https://cyber.ithome.com.tw/ 韓國國際安全博覽會 3/18 https://www.twcert.org.tw/tw/cp-105-3230-a3bd4-1.html black ASIA 2020 Singapore 3/31 ~ 4/3 https://www.blackhat.com/asia-20/briefings/schedule/ Kaspersky® Security Analyst Summit 4/6 ~ 4/9 https://thesascon.com/ 2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore 4/21 ~ 4/23 https://www.icscybersecurityconference.com/singapore/ 亞太資訊安全論壇暨展覽會 4/22 https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html