###### tags: `資安事件新聞週報` # 資安事件新聞週報 2020/3/2 ~ 2020/3/6 1.重大弱點漏洞/後門/Exploit/Zero Day Android爆嚴重保安漏洞！聯發科晶片出事！即看中招型號及解決法 http://bit.ly/38nKpkU 聯發科晶片漏洞CVE-2020-0069允許駭客取得裝置根權限，影響數百萬Android裝置 https://www.ithome.com.tw/news/136151 Netgear 部份路由器產品新發現多個嚴重資安漏洞 https://www.twcert.org.tw/tw/cp-104-3406-75dff-1.html Ghostcat 漏洞曝光，Apache Tomcat 服務器受影響 https://www.chainnews.com/zh-hant/articles/623287993990.htm GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat https://thehackernews.com/2020/02/ghostcat-new-high-risk-vulnerability.html Ghostcat is a high-risk file read / include vulnerability in Tomcat 【 CVE-2020-1938 】 https://www.chaitin.cn/en/ghostcat CVE-2020-1938-Tomact-file_include-file_read https://github.com/sv3nbeast/CVE-2020-1938-Tomact-file_include-file_read JVNVU#97748968 複数の ZyXEL 製品に含まれる weblogin.cgi にコマンドインジェクションの脆弱性 https://jvn.jp/vu/JVNVU97748968/ Cisco Email Security Appliance拒絕服務漏洞 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-shrt-dos-wM54R8qA Cisco patches incoming to address Kr00k vulnerability impacting routers, firewall products https://www.zdnet.com/article/cisco-says-patches-incoming-to-address-new-kr00k-vulnerability-impacting-routers-firewall-products/ 多項合勤防火牆、NAS產品爆指令注入漏洞可執行任意程式碼 https://www.ithome.com.tw/news/136038 Kr00k漏洞可造成Wi-Fi網路封包解密，影響搭載Broadcom、Cypress晶片的產品 https://www.ithome.com.tw/news/136066 超級WiFi漏洞影響10億設備，小米華為全中招 https://www.aqniu.com/threat-alert/64547.html KrØØk: Serious vulnerability affected encryption of billion+ WiFi devices https://www.welivesecurity.com/2020/02/26/krook-serious-vulnerability-affected-encryption-billion-wifi-devices/ KR00K - CVE-2019-15126 SERIOUS VULNERABILITY DEEP INSIDE YOUR WI-FI ENCRYPTION https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices https://thehackernews.com/2020/02/kr00k-wifi-encryption-flaw.html Flaw in billions of Wi-Fi devices left communications open to eavesdropping https://arstechnica.com/information-technology/2020/02/flaw-in-billions-of-wi-fi-devices-left-communications-open-to-eavesdroppng/ Wi-Fi 晶片發現資安漏洞，駭客可攔截用戶發送的訊息 https://buzzorange.com/techorange/2020/03/02/wifi-chip-flaw/ 駭客正在掃描微軟Exchange伺服器漏洞，還沒修補的請儘快 https://www.ithome.com.tw/news/136043 GOOGLE CHROME瀏覽器存在安全漏洞(CVE-2020-6407與CVE-2020-6418) https://www.isda.org.tw/2020/02/d8bdcacec23662f921c42a2f010b0de4/ 號召60萬黑客鑽研漏洞 HackerOne去年獎金破3億 http://startupbeat.hkej.com/?p=84449 掃地機械人爆安全漏洞　黑客可遙控及遠程偷窺 http://bit.ly/2x1yxbv The Long Path out of the Vulnerability Disclosure Dark Ages https://www.wired.com/story/vulnerability-disclosure-bug-bounties/ Hackers are actively exploiting zero-days in several WordPress plugins https://www.zdnet.com/article/hackers-are-actively-exploiting-zero-days-in-several-wordpress-plugins/#ftag=RSSbaffb68 Jackson-databind再修復兩個RCE漏洞 https://nosec.org/home/detail/4181.html Windows 10 Y3K Bug: Won't Install After January 18, 3001 https://www.bleepingcomputer.com/news/microsoft/windows-10-y3k-bug-wont-install-after-january-18-3001/ Adobe Patches Critical Bugs Affecting Media Encoder and After Effects https://thehackernews.com/2020/02/adobe-software-updates.html GitLab訪問控制錯誤漏洞 https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 API...讓監理機關場外監控更及時 https://money.udn.com/money/story/5613/4381904 迎戰數位金融 業者去年砸逾200億 https://udn.com/news/story/7239/4381683?from=udn-catebreaknews_ch2 偽造連鎖零售商會員卡條碼,盜刷偷來的信用卡 https://blog.trendmicro.com.tw/?p=63549 擁抱金飯碗！合庫銀畢業季徵才360人 儲備菁英年薪百萬 https://udn.com/news/story/7239/4390933 合庫銀下月徵才360人 https://money.udn.com/money/story/5613/4392780 武漢肺炎疫情拖累樂天銀 樂天銀行首次董事會延至3月 https://ec.ltn.com.tw/article/breakingnews/3088875 偽造連鎖零售商會員卡條碼,盜刷偷來的信用卡 https://blog.trendmicro.com.tw/?p=63549 The hacker explained why in Russia cards will become more often blocked https://www.ehackingnews.com/2020/03/the-hacker-explained-why-in-russia.html Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server https://blog.malwarebytes.com/threat-analysis/2020/02/fraudsters-cloak-credit-card-skimmer-with-fake-content-delivery-network-ngrok-server/ NEW INITIATIVE BRINGS TOGETHER LAW ENFORCEMENT AND EUROPE’S LARGEST FINANCIAL INFRASTRUCTURES https://www.europol.europa.eu/newsroom/news/new-initiative-brings-together-law-enforcement-and-europe%E2%80%99s-largest-financial-infrastructures TA505 hacking crew spent much of 2019 trying to breach South Korea's financial sector https://www.cyberscoop.com/ta505-south-korea-bank-phishing/ The Central Bank of Russia warned about the new scheme of fraud "taxi from the Bank" https://www.ehackingnews.com/2020/02/the-central-bank-of-russia-warned-about.html Hackers launch DDoS Attacks to Target Australian Banks https://www.ehackingnews.com/2020/02/hackers-launch-ddos-attacks-to-target.html How to do your banking online without putting your security at risk https://www.komando.com/money-tips/safe-online-banking-security/707655/ 3.電子支付/電子票證/行動支付/ pay/新聞及資安 電子支付使用人數首破700萬　一卡通、街口最多人用市占逾5成 https://www.ettoday.net/news/20200306/1661154.htm 4.虛擬貨幣/區塊鍊相關新聞及資安 首個「區塊鏈版第三方登入」落地！ Maxonrow 攜手全新資產平台，拓展實名生態圈 https://news.knowing.asia/news/ab9a4a5c-9a81-4d06-aad6-950ba7bbbd10 實體貨幣掰掰？瑞典進行國家級數位貨幣實驗　看不到的「克朗」將便於民眾消費 https://cnews.com.tw/134200229a01/ LINE美國成立電子貨幣交易所　BITFRONT投入服務 http://bit.ly/3ahkIUt 他將價值18億比特幣密碼藏在鋁盒中 竟被房東當垃圾全丟了 https://udn.com/news/story/6810/4386516 PeckShield 資安報告：2月共發生11起安全、駭客事件，損失4,823萬美元 https://www.blocktempo.com/there-are-48-million-assets-lost-in-february/ 實名區塊鏈版圖全面擴張！Maxonrow即將上架GRXTrade交易所 http://bit.ly/3cAdX27 確保資產安全！英國保險巨頭勞合社將為加密貨幣持有者提供保險服務 https://bitnance.vip/news/326d3708-03a1-4f99-88b6-4e3f906e293f ProgPoW算法被曝漏洞，以太坊ASIC挖礦已不可阻擋 https://kknews.cc/tech/bz99ggo.html Blockstack anchors to Bitcoin network with new mining algorithm https://www.zdnet.com/article/blockstack-anchors-to-bitcoin-network-with-new-mining-algorithm/#ftag=RSSbaffb68 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 新版金融木馬Cerberus可竊取Google Authenticator所產生的一次性密碼 https://ithome.com.tw/news/136064 Gmail 近期來者不善的附件　超過一半偽裝成微軟 Office 文件 https://saydigi-tech.com/2020/02/19003.html 可惡！惡意軟體以「新型冠狀病毒」為主題傳播 https://ec.ltn.com.tw/article/breakingnews/3083428 FBI：勒索軟體受害者過去6年來已支付價值1.4億美元的比特幣 https://www.ithome.com.tw/news/136075 駭客專挑尚未更新系統的企業,更新工具套件，清除舊版挖礦程式並攻擊更多系統 https://blog.trendmicro.com.tw/?p=63456 研究人員把國家級macOS惡意程式納為己用 https://www.ithome.com.tw/news/136126 無檔案式挖礦程式 PowerGhost 跳脫 Windows，現身 Linux 系統 https://blog.trendmicro.com.tw/?p=63564 McAfee：有接近一半的Android惡意程式屬於隱藏程式 https://www.ithome.com.tw/news/136187 McAfee Mobile Threat Report https://www.mcafee.com/content/dam/consumer/en-us/docs/2020-Mobile-Threat-Report.pdf US government authorities fail to train employees on ransomware detection, prevention https://www.zdnet.com/article/government-authorities-fail-to-train-employees-on-ransomware-detection-prevention/#ftag=RSSbaffb68 Emotet Resurfaces to Drive 145% of Threats in Q4 2019 https://www.darkreading.com/attacks-breaches/emotet-resurfaces-to-drive-145--of-threats-in-q4-2019/d/d-id/1337147 DoppelPaymer Hacked Bretagne Télécom Using the Citrix ADC Flaw https://www.bleepingcomputer.com/news/security/doppelpaymer-hacked-bretagne-t-l-com-using-the-citrix-adc-flaw/ Nemty Ransomware Actively Distributed via 'Love Letter' Spam https://www.bleepingcomputer.com/news/security/nemty-ransomware-actively-distributed-via-love-letter-spam/ Roaming Mantis, part V Distributed in 2019 using SMiShing and enhanced anti-researcher techniques https://securelist.com/roaming-mantis-part-v/96250/ New Evasion Encyclopedia Shows How Malware Detects Virtual Machines https://www.bleepingcomputer.com/news/security/new-evasion-encyclopedia-shows-how-malware-detects-virtual-machines/ RiskIQ’s 2019 Mobile App Threat Landscape Report: The Mobile Ecosystem Swells, but Google Leads a Decline in Malicious Apps https://www.riskiq.com/blog/external-threat-management/2019-mobile-app-threat-landscape-report/ Android malware can steal Google Authenticator 2FA codes https://www.zdnet.com/article/android-malware-can-steal-google-authenticator-2fa-codes/#ftag=RSSbaffb68 2020 - Year of the RAT https://www.threatfabric.com/blogs/2020_year_of_the_rat.html Raccoon malware targets massive range of browsers to steal your data and cryptocurrency https://www.zdnet.com/article/raccoon-malware-targets-massive-browser-range-to-steal-your-data-and-cryptocurrency/ Raccoon: The Story of a Typical Infostealer https://www.cyberark.com/threat-research-blog/raccoon-the-story-of-a-typical-infostealer/ NICTに届いたEmotetへの感染を狙ったメール（2019年9月~2020年2月） https://blog.nicter.jp/2020/03/emotet-mail-201909-202002/ Script Kiddie Nightmare: IoT Attack Code Embedded with Backdoor by Ankit Anubhav https://hakin9.org/script-kiddie-nightmare-iot-attack-code-embedded-with-backdoor/ New PwndLocker Ransomware Targeting U.S. Cities, Enterprises https://www.bleepingcomputer.com/news/security/new-pwndlocker-ransomware-targeting-us-cities-enterprises/ Domen toolkit gets back to work with new malvertising campaign https://blog.malwarebytes.com/threat-analysis/2020/02/domen-toolkit-gets-back-to-work-with-new-malvertising-campaign/ 2020-02-25 - TRICKBOT GTAG RED4 DISTRIBUTED AS DLL FILE https://www.malware-traffic-analysis.net/2020/02/25/index.html MMD-0066-2020 - Linux/Mirai-Fbot - A re-emerged IoT threat https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html CyaX DotNet Packer Analysis https://rvsec0n.wordpress.com/2020/01/24/cyax-dotnet-packer/ Turla_IOC https://github.com/StrangerealIntel/DailyIOC/blob/master/2020-03-01/Turla_IOC.csv New Iranian Campaign Tailored to US Companies Utilizes an Updated Toolset https://intezer.com/blog-new-iranian-campaign-tailored-to-us-companies-uses-updated-toolset/?utm_source=wadi&utm_medium=influencer_platform Weaponizing a Lazarus Group Implant https://objective-see.com/blog/blog_0x54.html Golang wrapper on an old obscene malware https://sysopfb.github.io/malware/2020/02/28/Golang-Wrapper-on-an-old-malware.html MEETING POWERBAND: THE APT33 .NET POWERTON VARIANT https://blog.telsy.com/meeting-powerband-the-apt33-net-powerton-variant/ Revealing the Trick | A Deep Dive into TrickLoader Obfuscation https://labs.sentinelone.com/revealing-the-trick-a-deep-dive-into-trickloader-obfuscation/ Ransomware Attack in Florida Forces Prosecutor to Drop Charges in Drug Cases https://hotforsecurity.bitdefender.com/blog/ransomware-attack-in-florida-forces-prosecutor-to-drop-charges-in-drug-cases-22383.html Mitigating malware and ransomware attacks https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks Nemty Ransomware Punishes Victims by Posting Their Stolen Data https://www.bleepingcomputer.com/news/security/nemty-ransomware-punishes-victims-by-posting-their-stolen-data/ Android malware is running rampant but Microsoft could have the perfect solution https://www.express.co.uk/life-style/science-technology/1248287/Android-malware-Microsoft-Defender-antivirus-app-release TrickBot Adds ActiveX Control, Hides Dropper in Images https://threatpost.com/trickbot-activex-control-dropper/153370/ TRICKBOT 使用新的 win 10 UAC 繞過 https://www.chainnews.com/zh-hant/articles/863015758407.htm TRICKBOT DELIVERY METHOD GETS A NEW UPGRADE FOCUSING ON WINDOWS 10 https://blog.morphisec.com/trickbot-delivery-method-gets-a-new-upgrade-focusing-on-windows NCSC Updates its Ransomware Guidance in Light of High-Profile Attacks https://cyware.com/news/ncsc-updates-its-ransomware-guidance-in-light-of-high-profile-attacks-5696f019 Mitigating malware and ransomware attacks https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks Legal services giant Epiq Global offline after ransomware attack https://techcrunch.com/2020/03/02/epiq-global-ransomware/ NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs https://threatpost.com/netsupport-manager-rat-nortonlifelock-docs/153387/ Cortex XDR™ Detects New Phishing Campaign Installing NetSupport Manager RAT https://unit42.paloaltonetworks.com/cortex-xdr-detects-netsupport-manager-rat-campaign/ Malware Trends Tracker https://any.run/malware-trends/ Cobalt Ulster Strikes Again With New ForeLord Malware https://threatpost.com/cobalt-ulster-strikes-again-with-new-forelord-malware/153418/ 2020-03-02 - QUICK POST: 4 EXAMPLES OF MAGNITUDE EK https://www.malware-traffic-analysis.net/2020/03/02/index.html Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations https://unit42.paloaltonetworks.com/molerats-delivers-spark-backdoor/ New Perl Botnet (Tuyul) Found with Possible Indonesian Attribution https://www.f5.com/labs/articles/threat-intelligence/new-perl-botnet--tuyul--found-with-possible-indonesian-attributi Ransomware Attackers Use Your Cloud Backups Against You https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/?&web_view=true The North Korean Kimsuky APT keeps threatening South Korea evolving its TTPs https://blog.yoroi.company/research/the-north-korean-kimsuky-apt-keeps-threatening-south-korea-evolving-its-ttps/ 김수키(Kimsuky) 조직, 실제 주민등록등본 파일로 둔갑한 '블루 에스티메이트 Part3' APT 공격 주의 https://blog.alyac.co.kr/2737 Guildma: The Devil drives electric https://www.welivesecurity.com/2020/03/05/guildma-devil-drives-electric/ Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks https://blog.trendmicro.com/trendlabs-security-intelligence/dissecting-geost-exposing-the-anatomy-of-the-android-trojan-targeting-russian-banks/ B.行動安全 / iPhone / Android /穿戴裝置 /App iPhone Android都中招！手機WiFi零件現保安漏洞　即睇邊部機出事 http://bit.ly/39hirc6 小心手機充滿「毒」！程式商店藏6萬惡意軟體 其中最安全的就是「它」 https://cnews.com.tw/137200304a05/ 史上最開放的 iPhone 問世？竟可以搭載 Android 10 系統 https://3c.ltn.com.tw/news/39715 Report identifies the most dangerous mobile app store on the internet https://www.zdnet.com/article/report-identifies-the-most-dangerous-mobile-app-store-on-the-internet/ SurfingAttack – hacking phones via ultrasonic waves https://securityaffairs.co/wordpress/98785/hacking/surfingattack-technique.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 聰明企業的資安準則叫做零信任 https://ithome.com.tw/article/136121 遠距工作的資安注意事項 https://devco.re/blog/2020/03/04/telework-security/ 2020年2月十大資安新聞 https://www.ithome.com.tw/news/136129 因韓國中學生的憤怒？新天地的官方網站被駭！ https://www.koreastardaily.com/tc/news/124791 Tesla 與 SpaceX 零組件供應商遭駭侵攻擊 https://www.twcert.org.tw/tw/cp-104-3405-83b71-1.html 駭客逃亡中國13年　因武漢肺炎奔回台投案 https://tw.appledaily.com/local/20200229/3YPWJEHOJ6GEV4X6DWJAQTOQ5Y/ 先斬後奏：一個靠入侵社交帳號打商業廣告的駭客組織 https://ek21.com/news/tech/181709/ 擁有30億人臉資料庫的AI公司被駭！擁有資料量超越美國聯邦政府，客戶包含美國移民局、司法部、FBI http://bit.ly/2TFIWkS 擁有 30 億張圖片的臉部辨識新創遭駭客入侵 http://bit.ly/2wuOqH8 兩岸網軍「終局大戰」　國防院：陸可攻擊海纜「讓台灣斷網！」 https://www.ettoday.net/news/20200303/1658448.htm 中資公司被曝網安措施不足 客戶隱私恐泄露 https://www.epochtimes.com/b5/20/3/2/n11909393.htm 星國擬成立網路部隊 反制駭客 http://bit.ly/2wsmqUn 美國起訴兩名被指幫助北韓比特幣駭客洗錢的中國人 https://on.wsj.com/2TgI8DR 中共5次網攻 偷了美國什麼 http://bit.ly/39kEAGj 美國司法部指稱，北韓駭客盜取 2.5 億美元虛擬貨幣，再交由兩名中國人協助洗錢 https://www.techbang.com/posts/76605-chinese-bitcoin-cryptocurrency-north-korea-hacking 美國財政部制裁中國公民！其涉嫌助北韓駭客「Lazarus Group」洗錢 27 億虛擬貨幣 http://bit.ly/3czAigm 美CIA連續11年攻擊大陸網站　陸網安企業公布證據 https://www.chinatimes.com/realtimenews/20200303005831-260409?chdtv 奇虎360：美國CIA自2008年就開始攻擊中國 https://www.ithome.com.tw/news/136154 披露美國中央情報局CIA攻擊組織（APT-C-39）對中國關鍵領域長達十一年的網絡滲透攻擊 http://www.xinhuanet.com/world/2020-03/03/c_1210499250.htm 陸外交部：美國才是名副其實的「駭客帝國」 https://money.udn.com/money/story/5603/4389598 The CIA Hacking Group (APT-C-39) Conducts Cyber-Espionage Operation on China's Critical Industries for 11 Years http://blogs.360.cn/post/APT-C-39_CIA_EN.html Researchers Claim CIA Was Behind 11-Year-Long Hacking Attacks Against China https://thehackernews.com/2020/03/china-cia-hackers.html Windows 10 Users Warned As Hackers Target Newly Updated Computers https://www.forbes.com/sites/daveywinder/2020/02/29/windows-10-users-warned-as-hackers-target-newly-updated-computers/ US Charges Two With Laundering $100M for North Korean Hackers https://www.bleepingcomputer.com/news/security/us-charges-two-with-laundering-100m-for-north-korean-hackers/ Coronavirus: Effective strategies and tools for remote work during a pandemic https://www.zdnet.com/article/effective-strategies-and-tools-for-remote-work-during-coronavirus/#ftag=RSSbaffb68 Let's Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years https://thehackernews.com/2020/02/lets-encrypt-ssl-certificate.html How a Hacker's Mom Broke Into a Prison—and the Warden's Computer https://www.wired.com/story/hackers-mom-broke-into-prison-wardens-computer/ Australia's surveillance laws are hitting the social license problem https://www.zdnet.com/article/australias-surveillance-laws-are-hitting-the-social-license-problem/#ftag=RSSbaffb68 Hackers Can Use Ultrasonic Waves to Secretly Control Voice Assistant Devices https://thehackernews.com/2020/03/voice-assistants-ultrasonic-waves.html Chinese Hackers Target Asian Betting Firms https://www.infosecurity-magazine.com/news/chinese-hackers-target-asian/#.Xk6ERs2ir3Q.twitter US Treasury sanctions two Chinese nationals for laundering cryptocurrency for North Korean hackers https://www.zdnet.com/article/us-treasury-sanctions-two-chinese-nationals-for-laundering-cryptocurrency-for-north-korean-hackers/ Let's Encrypt? Let's revoke 3 million HTTPS certificates on Wednesday, more like: Check code loop blunder strikes https://www.theregister.co.uk/2020/03/03/lets_encrypt_cert_revocation/ 熟悉php資深工程師、資安維護 https://www.tasker.com.tw/casepage-detail-159155.html 資安_資訊安全工程師(SOC) https://www.yes123.com.tw/admin/job_refer_comp_job_detail2.asp?p_id=45210_03077208&job_id=20200302134136_4839183 趨勢科技校園徵才開跑　開放200個職缺 https://tw.appledaily.com/property/20200304/3OAFKZAIMFLYKA26GHFHIC7ZE4/ D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 駭客用你的信箱要求匯款！神鬼不知的電匯詐騙讓美國年損逾500億元 https://www.storm.mg/article/2343379 以色列行銷公司Straffic外洩4,900萬筆通訊錄 https://ithome.com.tw/news/136095 以色列行銷業者未正確保護資料庫，近五千萬個 Email 等多項個資在網上曝光 https://www.twcert.org.tw/tw/cp-104-3403-ff638-1.html Line、簡訊別亂點連結 避免受騙 https://times.hinet.net/topic/22808789 電郵被駭 助理上當匯錢 董事長損失45萬元 http://bit.ly/2VOJasi 【詐騙】包裹因電話無人接聽送貨失敗下載APP查詢簡訊？惡意軟體 https://www.mygopen.com/2020/02/fake-link.html 個資隱私受威脅 網路潛藏危機 https://www.peopo.org/news/444149 國台辦稱陸網友散播假訊息是謊言　徐國勇：這句就是假訊息 https://www.setn.com/News.aspx?NewsID=700905 Israeli Marketing Company Exposes Contacts Database https://www.bankinfosecurity.com/israeli-marketing-company-exposes-contacts-database-a-13785 Security News This Week: Clearview AI's Massive Client List Got Hacked https://www.wired.com/story/clearview-ai-client-list-cerberus-malware-security-news/ Walgreens says mobile app leaked users' personal data https://www.zdnet.com/article/walgreens-says-mobile-app-leaked-users-personal-data/#ftag=RSSbaffb68 Walgreens Official notice leaked users' personal data https://oag.ca.gov/system/files/Walgreens%20Mobile%20Messaging%20letter%20v2%20%28WAG%20version%29-Final.pdf One in four Americans won’t do business with data-breached companies https://www.zdnet.com/article/one-in-four-americans-wont-do-business-with-data-breached-companies/#ftag=RSSbaffb68 弘前市が職員関与と判断したほぼ全ての職員情報流出についてまとめてみた https://piyolog.hatenadiary.jp/entry/2020/01/10/071456 教員アドレスから迷惑メール　岡山大、外部から不正アクセス https://www.sanyonews.jp/article/989879 Tesco sends security warning to 600,000 Clubcard holders https://www.bbc.com/news/technology-51710687 Fresh phish! Stripe scam baked and delivered in under an hour https://nakedsecurity.sophos.com/2020/03/02/the-stripe-account-phish-that-unfolded-in-under-an-hour/ Taking a GPS tracker off your car isn’t ‘theft,’ court rules https://nakedsecurity.sophos.com/2020/02/26/taking-a-gps-tracker-off-your-car-isnt-theft-court-rules/ Do you have a data breach response plan https://www.helpnetsecurity.com/2020/03/03/data-breach-response-plan/ A Massive U.S. Property and Demographic Database Exposes 200 Million Records https://thehackernews.com/2020/03/us-property-records-database.html US property and demographic database of 200 million records leaked on the web https://www.comparitech.com/blog/vpn-privacy/200-million-us-database-leaked/ E.研究報告 淺談甲方企業資訊安全建設的方法論 https://www.freebuf.com/articles/es/228582.html 什麼是Deepfake（深偽技術）?A 片女主角也可能造假 https://blog.trendmicro.com.tw/?p=63452 業務穩定性遷移實驗 https://www.freebuf.com/articles/es/228354.html Obfuscapk：一款針對Android應用程序的黑盒混淆工具 https://www.freebuf.com/sectool/226391.html Pytm：一種Python風格的威脅建模框架 https://www.freebuf.com/sectool/226951.html KBOT研究報告 https://www.freebuf.com/articles/network/226952.html Github敏感數據分析 https://www.freebuf.com/articles/network/226672.html 2020年仍然有效的一些XSS Payload https://www.freebuf.com/articles/web/226719.html “冠狀病毒”引發的移動安全事件 https://www.freebuf.com/articles/terminal/227337.html 挖洞經驗| 跨站Websocket Hijacking漏洞導致的Facebook賬號劫持 https://www.freebuf.com/vuls/227050.html 挖洞經驗| Snapchat不當輸入驗證漏洞導致的任意構造短信發送 https://www.freebuf.com/vuls/227092.html Weblogic IIOP反序列化漏洞(CVE-2020-2551) 漏洞分析 https://www.freebuf.com/vuls/227920.html 詳解64位靜態編譯程序的fini_array劫持及ROP攻擊 https://www.freebuf.com/articles/system/226003.html Pikachu靶場系列之XSS釣魚攻擊與PHP中的HTTP認證 https://www.freebuf.com/articles/web/226365.html jackson-2634 / jackson-databind JNDI注入導致遠程代碼執行/官方更新白名單機制 https://qiita.com/shimizukawasaki/items/f8a3d1aa8412d3a4343a IPv6Tools：一款模塊化的IPv6安全審計框架 https://www.freebuf.com/articles/network/226953.html F-Secure Internet Gatekeeper中的堆溢出漏洞分析 https://www.freebuf.com/vuls/226687.html CSV文件注入漏洞簡析 https://www.cnblogs.com/Eleven-Liu/p/12397857.html Windows漏洞利用之基於SEH異常處理機制的棧溢出攻擊及shell提取 https://blog.csdn.net/Eastmount/article/details/104593520 手把手教你如何將學校飯卡複製到小米手環NFC版上 https://www.freebuf.com/geek/227717.html WebLogic CVE-2020-2551漏洞分析 http://bit.ly/2Iacdie House of 系列堆漏洞詳解 https://xz.aliyun.com/t/7267 直接利用angr進行突破挖掘 https://xz.aliyun.com/t/7275 Dufflebag：一款針對亞馬遜EBS彈性塊存儲服務的安全檢測工具 https://www.freebuf.com/sectool/226681.html Ctftool：一種功能強大的相互替代CTF擴展利用工具 https://www.freebuf.com/sectool/227330.html Gitee遭受DDoS攻擊，官方建議不要在hosts裡綁定IP地址 https://www.freebuf.com/news/228942.html Hershell：一款功能強大的跨平台反向Shell生成器 https://www.freebuf.com/articles/network/226491.html 擴大Android攻擊面：React Native Android應用程序分析 https://www.freebuf.com/articles/terminal/226947.html 遠控免殺從入門到實踐（1）：基礎篇 https://www.freebuf.com/articles/system/227461.html 遠控免殺從入門到實踐（2）工具總結篇 https://www.freebuf.com/articles/system/227462.html 遠控免殺從入門到實踐（3）-代碼文章-C / C ++ https://www.freebuf.com/articles/system/227463.html XSS掃描器成長記 https://www.freebuf.com/articles/web/227275.html Apache AJP協議CVE-2020-1938突破分析 https://www.freebuf.com/vuls/228108.html TAS：一種輕量級tty修改與代碼偽造框架 https://www.freebuf.com/articles/network/226575.html Threat Alert: New Attack Vector Targeting Your Cloud Environment https://blog.aquasec.com/threat-alert-cloud-computing-security JSQL Injection Java Based Application For Automatic SQL Database Injection https://hackersonlineclub.com/jsql-injection-java-based-application-for-automatic-sql-database-injection/ 2019年度網站攻擊技法公布，臺灣資安專家研究連三年獲肯定，再以兩項名列10大 https://www.ithome.com.tw/news/136109 Top 10 web hacking techniques of 2019 - nominations open https://portswigger.net/research/top-10-web-hacking-techniques-of-2019-nominations-open Evidence of VBA Purging Found in Malicious Documents https://blog.nviso.eu/2020/02/25/evidence-of-vba-purging-found-in-malicious-documents/amp/ E-COMMERCE MERCHANTS: A HOT COMMODITY IN THE DARK WEB https://q6cyber.com/blog/E-Commerce_Merchants_A_Hot_Commodity_in_the_Dark_Web/ Profiling of TA505 Threat Group That Continues to Attack the Financial Sector https://www.fsec.or.kr/common/proc/fsec/bbs/163/fileDownLoad/2297.do TA505 Group Profiling Follow the trail of TA505 (Abridged Version) https://www.fsec.or.kr/common/proc/fsec/bbs/163/fileDownLoad/2298.do New Evasion Encyclopedia Shows How Malware Detects Virtual Machines https://www.bleepingcomputer.com/news/security/new-evasion-encyclopedia-shows-how-malware-detects-virtual-machines/ Evasion techniques https://evasions.checkpoint.com/ 建築業界を狙ったサイバー攻撃オペレーション「kiya」について https://insight-jp.nttsecurity.com/post/102fz2k/kiya 建築業界を狙ったサイバー攻撃オペレーション「kiya」について(続編) https://insight-jp.nttsecurity.com/post/102g03d/kiya New Research Paper: Prevalence and impact of low-entropy packing schemes in the malware ecosystem https://blog.talosintelligence.com/2020/02/new-research-paper-prevalence-and.html Heimdal™ Security Discovers Gangs Hiding Behind Multiple Domains to Avoid TTPC Detection https://heimdalsecurity.com/blog/gangs-hiding-behind-multiple-domains-to-avoid-ttpc-detection/ SECURITY ALERT: US Users Targeted with Corona Virus Phishing Attacks https://heimdalsecurity.com/blog/security-alert-corona-virus-phishing/ 4 THINGS THAT CAN HAPPEN IN THE ABSENCE OF A DISASTER RECOVERY PLAN https://blog.eccouncil.org/4-things-that-can-happen-in-the-absence-of-a-disaster-recovery-plan/ Group-IB’s digital forensic experts presented the analysis of documents on the case involving Russian biathletes https://www.group-ib.com/media/biathlon-docs-analysis/ Red_Team https://github.com/BankSecurity/Red_Team Payloads All The Things https://github.com/swisskyrepo/PayloadsAllTheThings Эксперты-криминалисты Group-IB представили анализ документов по делу российских биатлонисток https://www.group-ib.ru/media/biathlon-docs-analysis/ Polyshell : A Bash/Batch/PowerShell Polyglot https://kalilinuxtutorials.com/polyshell/ pentestmindmap https://github.com/5bhuv4n35h/pentestmindmap Critical MediaTek rootkit affecting millions of Android devices has been out in the open for months https://www.xda-developers.com/mediatek-su-rootkit-exploit/ Extracting Embedded Payloads From Malware https://medium.com/@ryancor/extracting-embedded-payloads-from-malware-aaca8e9aa1a9 Top 10 Open Source Security Testing Tools for Web Applications For 2020 https://teletype.in/@sravancynixit/iadvWWwi ‘Cloud Snooper’ Attack Bypasses Firewall Security Measures https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/ Academics find 30 file upload vulnerabilities in 23 web apps, CMSes, and forums https://www.zdnet.com/article/academics-find-30-file-upload-vulnerabilities-in-23-web-apps-cmses-and-forums/#ftag=RSSbaffb68 FUSE: Finding File Upload Bugs via Penetration Testing https://www.ndss-symposium.org/wp-content/uploads/2020/02/23126.pdf ELF_TSCookie - Linux Malware Used by BlackTech https://blogs.jpcert.or.jp/en/2020/03/elf-tscookie.html 令和元年におけるサイバー空間をめぐる脅威の情勢等について https://www.npa.go.jp/publications/statistics/cybersecurity/data/R01_cyber_jousei.pdf Security Risks in Online Coding Platforms https://blog.trendmicro.com/trendlabs-security-intelligence/security-risks-in-online-coding-platforms/ Security Risks in Online Coding Platforms https://newsroom.trendmicro.com/blog/security-intelligence/security-risks-online-coding-platforms Mokes and Buerak distributed under the guise of security certificates https://securelist.com/mokes-and-buerak-distributed-under-the-guise-of-security-certificates/96324/ Bisonal: 10 years of play https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html Ryuk Revisited - Analysis of Recent Ryuk Attack https://www.fortinet.com/blog/threat-research/ryuk-revisited-analysis-of-recent-ryuk-attack.html Attackers Taking Advantage of the Coronavirus/COVID-19 Media Frenzy https://www.fortinet.com/blog/threat-research/attackers-taking-advantage-of-the-coronavirus-covid-19-media-frenzy.html 制御システムセキュリティカンファレンス 2020開催レポート～前編～ https://blogs.jpcert.or.jp/ja/2020/03/ics-conference2020-1.html 制御システムセキュリティカンファレンス 2020開催レポート～後編～ https://blogs.jpcert.or.jp/ja/2020/03/ics-conference2020-2.html F.商業 趨勢科技年度資安總評：去年攔截超過6100萬次勒索病毒攻擊 http://bit.ly/2I7plEI 區塊科技公司聯手數位鑑識國際權威 發表電子郵件防詐 https://ctee.com.tw/industrynews/technology/227045.html 電子郵件詐騙（BEC）猖獗 台區塊鏈新創出招抓鬼 https://ec.ltn.com.tw/article/breakingnews/3084170 電子郵件防詐方案 在台公開 https://www.chinatimes.com/newspapers/20200303000456-260210?chdtv 協助企業掌握網路攻擊源頭，查找潛在隱匿的資安威脅(如惡意程式、勒索病毒)，完善資安防護之佈局 https://www.bnext.com.tw/article/56740/greycortex-mendel-nod32-protection 中華資安國際勇奪108度行政院資安服務廠商評鑑最高等級五項A級 https://times.hinet.net/news/22810595 華邦電子與Secure-IC結盟攜手強化嵌入式網路安全 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000579807_PSX7WGB81IA1NR693TK97 是德推全新安全作業平台 預防資安漏洞 https://www.chinatimes.com/realtimenews/20200304005399-260410?ctrack=mo_main_rtime_p04&chdtv Akamai被獨立研究機構認定為網絡應用程式防火牆(WAF)領導者 https://times.hinet.net/news/22813196 零壹布局解決方案 子公司朔宇成Radware台灣授權代理商 https://udn.com/news/story/7240/4390879 關貿去年EPS、股利創高；今年續拓加值服務 http://bit.ly/331srnu G.政府 科技預算 金管會要搶食 https://udn.com/news/story/7239/4381680?from=udn-catebreaknews_ch2 國防產業保護機密 業界︰資安更重要 https://m.ltn.com.tw/news/politics/paper/1356040 【健保署長李伯璋專訪】強化健保資料庫安全性 破解須面對32位元金鑰與多重人員驗證 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=70&id=0000579961_dy18ppg57qmy690dxs6v0 NCC：透過政策工具補貼 5G初期資費可望與4G開台相當 https://news.cnyes.com/news/id/4448478 數位身分證將在 10 月上路！3 個亮點：融合健保卡、駕照，讓你「一卡打天下」 https://buzzorange.com/techorange/2020/03/05/digital-identification-card/ 107年至108年資訊安全能量登錄通過名單 https://www.acw.org.tw/News/Detail.aspx?id=119 NCC召集社群平台開會 嚴防惡意二改假新聞成防疫漏洞 http://bit.ly/32WbH0Y 金管會公布金融機構主要檢查缺失 http://bit.ly/2wArGW4 金管會公告金融機構最近五年度主要檢查缺失 https://www.feb.gov.tw/ch/home.jsp?id=300&parentpath=0,5,297 H.工控系統/SCADA/ICS Leverage ATT&CK for ICS to Secure Industrial Control Systems https://securityintelligence.com/posts/leverage-attck-for-ics-to-secure-industrial-control-systems/ 工業乙太網路的崛起與趨勢 http://bit.ly/38rvjLy JVNVU#91000130 オムロン製 PLC CJ シリーズにおけるサービス運用妨害 (DoS) の脆弱性 https://jvn.jp/vu/JVNVU91000130/ I.教育訓練 發生資安事件怎麼辦? 一定要學會的危機處理技巧 https://ithome.com.tw/pr/136077 資策會2020/4/11開辦「CompTIA Security+ 國際網路資安認證班」 https://times.hinet.net/news/22812544 滲透測試&漏洞掃描那些事-技術面試居然被一個簡單的問題刷下來了 https://www.ponews.net/tech/suw3x1ykst.html 漏洞掃描那些事 https://zhuanlan.zhihu.com/p/28700680 Pwn In Kernel（一）：基礎知識 https://www.freebuf.com/articles/system/227357.html ChaMd5安全團隊CTFHUB上線了 https://www.freebuf.com/news/228779.html CTFHUB https://www.ctfhub.com/#/index CobaltStrike基礎到進階 https://www.freebuf.com/open/227850.html Offense and Defense – A Tale of Two Sides: PowerShell https://www.fortinet.com/blog/threat-research/offense-and-defense-a-tale-of-two-sides-powershell.html Cyber Kill Chain (CKK) – APT Interception Methodologies and Advanced Malware Mitigation https://heimdalsecurity.com/blog/cyber-kill-chain/ Windows Exploit Development – Part 1: The Basics http://www.securitysift.com/windows-exploit-development-part-1-basics/ Windows Exploit Development – Part 2: Intro to Stack Based Overflows http://www.securitysift.com/windows-exploit-development-part-2-intro-stack-overflow/ Windows Exploit Development – Part 3: Changing Offsets and Rebased Modules http://www.securitysift.com/windows-exploit-development-part-3-changing-offsets-and-rebased-modules/ Windows Exploit Development – Part 4: Locating Shellcode With Jumps http://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/ Windows Exploit Development – Part 5: Locating Shellcode With Egghunting http://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting/ Windows Exploit Development – Part 6: SEH Exploits http://www.securitysift.com/windows-exploit-development-part-6-seh-exploits/ Windows Exploit Development – Part 7: Unicode Buffer Overflows http://www.securitysift.com/windows-exploit-development-part-7-unicode-buffer-overflows/ Windows Debugging & Exploiting Part 1 - Environment Setup https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/windows-debugging-exploiting-part-1-environment-setup/ Windows Debugging & Exploiting Part 2 - WinDBG 101 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/windows-debugging-exploiting-part-2-windbg-101/ Windows Debugging & Exploiting Part 3: WinDBG Time Travel Debugging https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/windows-debugging-exploiting-part-3-windbg-time-travel-debugging/ Windows Debugging and Exploiting Part 4: NTQuerySystemInformation https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/windows-debugging-and-exploiting-part-4-ntquerysysteminformation/#.Xl9Ps8_ayAg.twitter Phishing with Macros and Powershell https://www.securitysift.com/phishing-with-macros-and-powershell/ How To Run Maltego – Cyber Intelligence And Forensics Software https://hackersonlineclub.com/how-to-run-maltego-cyber-intelligence-and-forensics-software/ キーロガーとは？操作履歴を盗むマルウェアの感染原因・検出・対策 https://blogs.mcafee.jp/keystroke-logging-prevention J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 歐洲制定聯網汽車數據私隱和安全規則 https://on.wsj.com/32I2XeM 奔馳網聯車爆19漏洞，攜手360共商汽車安全解決方案 https://www.leiphone.com/news/202003/BoIwGqAr4BKCVHhM.html IoT Security: How to Search for Vulnerable Connected Devices https://pentestmag.com/iot-security-how-to-search-for-vulnerable-connected-devices/ 6.近期資安活動及研討會 Multi-threaded programming in Python 3/11 https://www.meetup.com/pythonhug/events/268925062/ Android Code Club(Taipei) 3/11 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcfbpb/ GDG Hsinchu #05 - 如何應用ok Google結合物聯網打造智慧生活 3/12 https://www.meetup.com/GDG-Hsinchu/events/268976601/ 人工智慧小聚 - 新竹 ◤從 RNN 到 Attention，自然語言處理的前世今生◢ ◤字型生成經驗分享◢ 3/18 https://www.meetup.com/AIA-Hsinchu/events/268649939/ Scala Taiwan #37 3/18 https://www.meetup.com/Scala-Taiwan-Meetup/events/267899692/ 韓國國際安全博覽會 3/18 https://www.twcert.org.tw/tw/cp-105-3230-a3bd4-1.html Taipei.py 2020 三月聚會 (March Monthly Meeting) 3/19 https://www.meetup.com/Taipei-py/events/268681120/ Study Group - Clean Coder 3/19 https://www.meetup.com/Women-Who-Code-Taipei/events/jlmfprybcfbzb/ 數據分析與機器學習案例實務(一)以PM2.5為例 3/23 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3888&from_course_list_url=course_index Taipei 暗号通貨 (Cryptocurrency) Meetup 3/25 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcfbhc/ Thinking Thursday 第七場 3/26 https://www.meetup.com/Thinking-Thursday/events/266911452/ Flutter Taipei 2020 暖開幕 | Warm Up Party 3/27 https://www.meetup.com/Flutter-Taipei/events/269033933/ 交通大學駭客書院 - 緩衝區溢位攻擊與預防 3/28 https://hackercollege.nctu.edu.tw/?p=1141 black ASIA 2020 Singapore 3/31 ~ 4/3 https://www.blackhat.com/asia-20/briefings/schedule/ Kaspersky® Security Analyst Summit 4/6 ~ 4/9 https://thesascon.com/ QGIS地理資訊研習班 4/8 ~ 4/9 https://www.accupass.com/event/2002120936323517290110 邊緣計算系統之大數據與深度學習應用 4/10 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3883&from_course_list_url=course_index 第二屆ICANN APAC-TWNIC Engagement Forum 與第34屆TWNIC IP政策資源管理會議 4/16 https://forum.twnic.tw/2020/registration.htm 交通大學駭客書院 -入侵行為發覺與應變指南 4/18 https://hackercollege.nctu.edu.tw/?p=1144 VXCON 2020 - APAC 4/18 ~ 4/19 https://www.vxcon.hk/ 2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore 4/21 ~ 4/23 https://www.icscybersecurityconference.com/singapore/ Taipei 暗号通貨 (Cryptocurrency) Meetup 4/22 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcgbdc/ 亞太資訊安全論壇暨展覽會 4/22 https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html 交通大學駭客書院 - 基礎網頁安全與滲透測試 4/25 https://hackercollege.nctu.edu.tw/?p=1147 2020 LINE Taiwan Developers Recruitment Day 4/25 https://engineering.linecorp.com/zh-hant/blog/2020-line-taiwan-technical-recruitment-day/ 交通大學駭客書院 - 基礎網站安全建構實務 5/16 https://hackercollege.nctu.edu.tw/?p=1151 交通大學駭客書院 - 電子郵件之偽造攻擊與防護措施 5/23 https://hackercollege.nctu.edu.tw/?p=1156 Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/ 交通大學駭客書院 - 進階網頁滲透測試 5/30 https://hackercollege.nctu.edu.tw/?p=1159 邊緣計算系統之大數據與深度學習應用 6/5 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index 交通大學駭客書院 - 高階網頁滲透測試 6/13 6/20 https://hackercollege.nctu.edu.tw/?p=1161 交通大學駭客書院 - 企業網域控管-Active Directory攻擊與防禦 6/27 https://hackercollege.nctu.edu.tw/?p=1164 CYBERSEC 2020 臺灣資安大會 8/12 https://cyber.ithome.com.tw/