資安事件新聞週報 2020/2/17 ~ 2020/2/21

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2020/2/17 ~ 2020/2/21 1.重大弱點漏洞/後門/Exploit/Zero Day 全景公司ServiSign元件存在多個弱點，可導致任意程式碼執行或是任意檔案讀取及刪除 https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce 中華資安國際Red Team團隊發現，國內某證券選股系統具有多項弱點 https://gist.github.com/chtsecurity/d42564a3f92ebe697ae2c69266640529 https://gist.github.com/chtsecurity/5a74ef5445a8aea34904c5691a477534 https://gist.github.com/chtsecurity/d936e2381a0087dddc0cadf7c61a4a7b Palo Alto PAN-OS 遠端執行程式碼漏洞 https://security.paloaltonetworks.com/CVE-2020-1975 SonicWall SMA設備被曝超危漏洞，易遭受遠程攻擊 https://www.freebuf.com/column/227639.html Fortinet FortiOS 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6696 美國五州使用的投票程式Voatz被揪出含有可竄改的漏洞 https://www.ithome.com.tw/news/135839 IBM DB2 阻斷服務漏洞 https://www.hkcert.org/my_url/zh/alert/20021901 IBM Security Identity Manager跨站脚本漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4451 JVNVU#99571081 IBM ServeRAID Manager における任意のコード実行が可能な脆弱性 https://jvn.jp/vu/JVNVU99571081/ 卡巴斯基：Windows 10升級漏洞並非由公司殺毒工具引起 https://www.cnbeta.com/articles/tech/945341.htm 快下載！一口氣修補99個漏洞 Windows 10 有始以來最大更新 https://newtalk.tw/news/view/2020-02-14/366627 想升級先等等！微軟 Windows 10 安全更新連續爆出 Bug 災情 https://3c.ltn.com.tw/news/39546 Second Windows 10 update is now causing problems by hiding user profiles https://www.zdnet.com/article/second-windows-10-update-is-now-causing-problems-by-hiding-user-profiles/#ftag=RSSbaffb68 Nearly half of hospital Windows systems still vulnerable to RDP bugs https://nakedsecurity.sophos.com/2020/02/20/nearly-half-of-hospital-windows-systems-still-vulnerable-to-rdp-bugs/ 12,000個Jenkins服務器漏洞被用於放大DDoS攻擊 https://netsecurity.51cto.com/art/202002/610679.htm OpenSSH adds support for FIDO/U2F security keys https://www.zdnet.com/article/openssh-adds-support-for-fidou2f-security-keys/#ftag=RSSbaffb68 SweynTooth漏洞影響大量使用了BLE協議的設備 https://nosec.org/home/detail/4114.html Unknown number of Bluetooth LE devices impacted by SweynTooth vulnerabilities https://www.zdnet.com/article/unknown-number-of-bluetooth-le-devices-impacted-by-sweyntooth-vulnerabilities/#ftag=RSSbaffb68 Bluetooth bugs – researchers find 10 “Sweyntooth” security holes https://nakedsecurity.sophos.com/2020/02/14/bluetooth-bugs-researchers-find-10-sweyntooth-security-holes/ Critical XSS vulnerability patched in WordPress plugin GDPR Cookie Consent https://www.zdnet.com/article/critical-vulnerability-patched-in-gdpr-cookie-consent-wordpress-plugin/#ftag=RSSbaffb68 Oracle Outside In Technology存在未明漏洞 https://www.oracle.com/security-alerts/cpujan2020.html Oracle WebLogic Server存在未明漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2519 Oracle Identity Manager存在未明漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2729 CVE-2020-3937-3939 https://www.chtsecurity.com/news/a791f509-9782-4be1-b71f-22fc619f8215 OpenSIPS 安全漏洞 http://github.com/OpenSIPS/opensips/commit/54e027adfa486cfcf993828512b2e273aeb163c2 Vulnerability Spotlight: Memory corruption, DoS vulnerabilities in CoTURN https://blog.talosintelligence.com/2020/02/vuln-spotlight-coturn-DoS-memory-feb-2020.html 黑客正利用WordPress中ThemeREX插件的漏洞來接管網站 https://nosec.org/home/detail/4136.html Apache Tomcat服務器存在文件包含漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938 谷歌翻譯服務（Google Translator）的跨站漏洞 https://cloud.tencent.com/developer/article/1587222 Cybermdx：許多醫院沒有針對設備已知重大漏洞進行修補 https://www.ithome.com.tw/news/135943 2.銀行/金融/保險/證券/支付系統/ 新聞及資安強化業績能力臺企銀鎖定八大政策金融業務 https://readers.ctee.com.tw/cm/20200214/a12aa12/1040714/c2ba88e402a5fe0d0b0208c88a5d1d1f/share 資訊界「4師1員」職缺現最搶手！純網銀廣發徵才英雄帖 http://bit.ly/2Sz6HM1 國泰推首檔網路資安ETF 3月開募 https://money.udn.com/money/story/5618/4350214 亞洲首檔資安ETF要來了反駭客概念成投資新趨勢 http://bit.ly/37Hy3Ul 資安指數漲勢更勝納斯達克資安概念股看俏 https://news.cnyes.com/news/id/4444848 今年首場行庫會報，財部祭四指令 http://bit.ly/37yjRgw 美國國稅局呼籲線上報稅民眾啟用多因素認證 https://www.ithome.com.tw/news/135879 確保營運不中斷金管會下令銀行採五大防疫措施 https://udn.com/news/story/7238/4353702 以色列耶路撒冷創投JVP在紐約設立資安中心 http://bit.ly/38HNg9w 嚴防疫情延燒金控業啟動「異地備援」 https://news.cts.com.tw/cts/life/202002/202002191991109.html Central Bank as the regions with the highest and lowest cybercrime http://www.kxan36news.com/central-bank-as-the-regions-with-the-highest-and-lowest-cybercrime Nedbank says 1.7 million customers impacted by breach at third-party provider https://www.zdnet.com/article/nedbank-says-1-7-million-customers-impacted-by-breach-at-third-party-provider/#ftag=RSSbaffb68 3.電子支付/電子票證/行動支付/ pay/新聞及資安亞太電跨國行動支付Q2有望上線 https://money.udn.com/money/story/5612/4355277 你聽過 GtPay 嗎？亞太電信行動支付不只 NFC-SIM 感應支付與手機悠遊卡、信用卡服務，之後還能「跨國行動支付」 http://bit.ly/2SOf9au 行動支付成主流分析師預測：Apple Pay 5年內將佔全球信用卡交易10% https://cnews.com.tw/137200214a03/ 恩智浦攜手 NTT DoCoMo 與 Sony 發表 UWB 技術行動支付 https://technews.tw/2020/02/11/nxp-ntt-docomo-sony-uwb-mobile-pay/ 小確幸！民眾在街口等電子支付帳戶可省手續費 https://money.udn.com/money/story/5613/4358826 金管會鬆綁電支機構合作帳戶幫民眾省手續費 https://taronews.tw/2020/02/20/615912/ 萊爾富開放icash支付成為首家可使用4大票證的超商 https://udn.com/news/story/7193/4360092 4.虛擬貨幣/區塊鍊相關新聞及資安數位時代打擊仿冒：瑞士鐘錶業如何用區塊鏈防偽 https://udn.com/news/story/6871/4342176 用戶報告台灣交易所比特之星出金不順，官方表示 : 系統升級中 http://bit.ly/38wvm9x MIT：區塊鏈投票系統VOATZ存在一系列漏洞極易受到攻擊 http://bit.ly/37zkqqA 防止虛擬貨幣洗錢！美制定新法管控 https://newtalk.tw/news/view/2020-02-13/366270 bZx駭客事件分析 https://pttdigit.com/digicurrency/M.1582017234.A.D49.html 怎麼透過 Defi 組合做到的？詳細還原轟動全球社群的「bZx」駭客事件始末 https://www.blocktempo.com/analyze-bzx-hacking-process/ DeFi 借貸協議 bZx 再遭套利！產品漏洞損失 64.5 萬美元 https://blockcast.it/2020/02/19/defi-lending-protocol-bzx-has-just-been-exploited-again/ 閃電貸款｜駭客第二次對「各 DeFi 產品壓力測試」，從 bZx 再次獲利「2378 ETH」 https://www.blocktempo.com/defi-project-bzx-exploited-for-second-time-in-a-week-loses-630k-in-ether/ 比特幣減半倒數：幣價上漲的傳統，誰是被淘汰的礦工 https://www.inside.com.tw/article/18950-bitcoin-price-next-halving IOTA Trinity錢包漏洞報告，被盜160萬美元 https://0xzx.com/202002141220513402.html IOTA 錢包爆發代幣遭竊事件！基金會關閉節點進行調查 https://news.cnyes.com/news/id/4442840 Mt.Gox事件受害者有望拿回88％的資金！那些被駭的交易所後來都怎麼了 https://news.knowing.asia/news/abddda59-d60d-4541-9a63-969b20c78177 【Block 週記】以太坊遊戲開發平台 Enjin 上線，遊戲內貨幣與加密貨幣將可通用 https://technews.tw/2020/02/21/block-weekly-20200220/ IOTA cryptocurrency shuts down entire network after wallet hack https://www.zdnet.com/article/iota-cryptocurrency-shuts-down-entire-network-after-wallet-hack/ Inside J-CAT – Europol’s Joint Cybercrime Action Taskforce https://portswigger.net/daily-swig/inside-j-cat-europols-joint-cybercrime-action-taskforce Police bust alleged operator of Bitcoin mixing service Helix https://nakedsecurity.sophos.com/2020/02/17/police-bust-alleged-operator-of-bitcoin-mixing-service-helix/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式一年40個美國公部門遭駭客攻擊　遇上勒索病毒時，該付贖金嗎 https://www.cw.com.tw/article/article.action?id=5098988 RobbinHood：利用 Windows 驅動程序漏洞關閉殺軟的勒索軟件 https://www.chainnews.com/zh-hant/articles/899104922855.htm 點開立馬被綁架！超強 Android 病毒竟藏身電子收據 http://bit.ly/2SYBd11 宅經濟招駭客手機惡意病毒隨網購商品簡訊四處流竄 https://newtalk.tw/news/view/2020-02-17/367847? 您的商品已到貨？手機病毒藏後頭 https://www.chinatimes.com/realtimenews/20200214001601-260412?chdtv 國內出現「訂購商品查詢」手機簡訊夾病毒，點選連結後就成病毒超級傳播者 https://www.techbang.com/posts/76178-your-goods-have-arrived-cell-phone-virus-hidden-behind 小心別亂點！「超強金融木馬病毒」　偽裝電子收據騙你 https://www.ettoday.net/news/20200215/1646250.htm 木馬程式一點就完蛋！攻擊安卓用戶金融資料、自然人憑證都遭竊 https://cnews.com.tw/137200218a03/ 新發現：惡意軟體 Emotet 可透過駭侵鄰近無線網路進行擴散 https://www.twcert.org.tw/tw/cp-104-3341-7a3b2-1.html 挖礦程式使用 Haiduc 駭客工具和 Xhide 應用程式隱藏工具,暴力登入電腦與伺服器 https://blog.trendmicro.com.tw/?p=63218 新電子郵件勒索手法，不付錢就讓你網站廣告被Google封鎖 https://www.ithome.com.tw/news/135892 比特幣勒贖最新手法：用機器人灌爆你的 Google AdSense https://www.inside.com.tw/article/18946-email-scheme-google-adsense-bitcoin 想用約會 app 尋求新關係?當心找到了手機病毒 https://blog.trendmicro.com.tw/?p=63450 偽裝韓國公平貿易委員會的惡意垃圾郵件,夾帶勒索病毒與竊個資木馬 https://blog.trendmicro.com.tw/?p=63430 CISA：勒索軟體攻陷美國天然氣壓縮公司 https://ithome.com.tw/news/135917 Eclypsium：沒簽章的周邊裝置韌體成為惡意程式溫床 https://times.hinet.net/news/22793158 Malicious Spam Campaign Targets South Korean Users https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/malicious-spam-campaign-targets-south-korean-users 超過170萬次下載！Google 一口氣下架逾 500個Chrome 惡意擴充程式 https://3c.ltn.com.tw/news/39542 Google移除逾500個惡意的Chrome擴充程式 https://www.ithome.com.tw/news/135838 500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users https://thehackernews.com/2020/02/chrome-extension-malware.html There's finally a way to remove xHelper, the unremovable Android malware https://www.zdnet.com/article/theres-finally-a-way-to-remove-xhelper-the-unremovable-android-malware/#ftag=RSSbaffb68 ViperSoftX - New JavaScript Threat https://www.fortinet.com/blog/threat-research/vipersoftx-new-javascript-threat.html CISA Issues Multiple Agency Malware Analysis Reports on Hidden Cobra https://www.fortinet.com/blog/threat-research/cisa-issues-multiple-agency-malware-analysis-reports-on-hidden-cobra.html US Cyber Command, DHS, and FBI expose new North Korean malware https://www.zdnet.com/article/us-cyber-command-dhs-and-fbi-expose-new-north-korean-malware/#ftag=RSSbaffb68 North Korean Malicious Cyber Activity https://www.us-cert.gov/ncas/current-activity/2020/02/14/north-korean-malicious-cyber-activity AR20-045A : MAR-10265965-1.v1 – North Korean Trojan: BISTROMATH https://www.us-cert.gov/ncas/analysis-reports/ar20-045a AR20–045B : MAR-10265965-2.v1 – North Korean Trojan: SLICKSHOES https://www.us-cert.gov/ncas/analysis-reports/ar20-045b AR20-045C : MAR-10265965-3.v1 – North Korean Trojan: CROWDEDFLOUNDER https://www.us-cert.gov/ncas/analysis-reports/ar20-045c AR20-045D : MAR-10271944-1.v1 – North Korean Trojan: HOTCROISSANT https://www.us-cert.gov/ncas/analysis-reports/ar20-045d AR20-045E : MAR-10271944-2.v1 – North Korean Trojan: ARTFULPIE https://www.us-cert.gov/ncas/analysis-reports/ar20-045e AR20-045F : MAR-10271944-3.v1 – North Korean Trojan: BUFFETLINE https://www.us-cert.gov/ncas/analysis-reports/ar20-045f Rutter's store chain discloses security breach involving POS malware https://www.zdnet.com/article/rutters-store-chain-discloses-security-breach-involving-pos-malware/#ftag=RSSbaffb68 Ginp mobile Trojan fakes incoming SMS messages https://www.kaspersky.com/blog/ginp-mobile-banking-trojan/32478/ Coronavirus spam emails are spreading Emotet Malware https://techau.com.au/coronavirus-spam-emails-are-spreading-emotet-malware/ Malware attack further proof that small health systems are vulnerable https://searchhealthit.techtarget.com/news/252478672/Malware-attack-further-proof-that-small-health-systems-are-vulnerable January 2020’s Most Wanted Malware: Coronavirus-themed Spam Spreads Emotet Malware http://bit.ly/2SQynL8 Sophisticated Emotet malware loader thriving on unsophisticated passwords https://techxplore.com/news/2020-02-sophisticated-emotet-malware-loader-unsophisticated.html Beware of hackers planting Valentine’s Day malware https://www.komando.com/security-privacy/hackers-plant-valentines-day-malware/706654/ LokiBot Impersonates Popular Game Launcher and Drops Compiled C# Code File https://newsroom.trendmicro.com/blog/security-intelligence/lokibot-impersonates-popular-game-launcher-and-drops-compiled-c-code-fi-1 New paper: LokiBot: dissecting the C&C panel deployments https://www.virusbulletin.com/blog/2020/02/new-paper-lokibot-dissecting-cc-panel-deployments/ Sextortion Scams Delivered by Emotet Net 10 Times More Than Necurs Sextortion — Here’s Why https://securityintelligence.com/posts/sextortion-scams-delivered-by-emotet-net-10-times-more-than-necurs-sextortion-heres-why/ Tampa Bay Times hit with Ryuk ransomware attack https://blog.malwarebytes.com/ransomware/2020/01/tampa-bay-times-hit-with-ryuk-ransomware-attack/ Hamas Android Malware On IDF Soldiers-This is How it Happened https://research.checkpoint.com/2020/hamas-android-malware-on-idf-soldiers-this-is-how-it-happened/ AZORult spreads as a fake ProtonVPN installer https://securelist.com/azorult-spreads-as-a-fake-protonvpn-installer/96261/ Banking Trojans and Ransomware — A Treacherous Matrimony Bound to Get Worse https://securityintelligence.com/posts/banking-trojans-and-ransomware-a-treacherous-matrimony-bound-to-get-worse/ Council returns to using pen and paper after cyberattack https://nakedsecurity.sophos.com/2020/02/18/council-returns-to-using-pen-and-paper-after-cyberattack/ Malware and HTTPS – a growing love affair https://nakedsecurity.sophos.com/2020/02/18/malware-and-https-a-growing-love-affair/ Emotet SMiShing Uses Fake Bank Domains in Targeted Attacks, Payloads Hint at TrickBot Connection https://ibm.co/2P8ktDa Ransomware attack forces 2-day shutdown of natural gas pipeline https://nakedsecurity.sophos.com/2020/02/20/ransomware-attack-forces-2-day-shutdown-of-natural-gas-pipeline/ Ransomware Attack Hit US Natural Gas Facility https://www.bankinfosecurity.com/ransomware-attack-hit-us-natural-gas-facility-a-13740 Cybersecurity Research During the Coronavirus Outbreak and After https://securelist.com/cybersecurity-research-during-the-coronavirus-outbreak-and-after/96275/ ObliqueRAT: New RAT hits victims' endpoints via malicious documents https://blog.talosintelligence.com/2020/02/obliquerat-hits-victims-via-maldocs.html B.行動安全 / iPhone / Android /穿戴裝置 /App Google Project Zero：三星保護手機的作法反而讓Android不安全 https://ithome.com.tw/news/135827 美國推智慧型手機投票批評者憂駭客暗中動手腳 https://www.cna.com.tw/news/aopl/202002160115.aspx 亞馬遜Ring啟動強制雙重驗證　防止駭客入侵 https://www.ettoday.net/news/20200219/1648968.htm Google 點名三星：不必要的改動恐讓 Android 手機不安全 https://3c.ltn.com.tw/news/39564 順豐香港版App疑有保安漏洞　最近使用寄件人資料通晒天 https://www.passiontimes.hk/article/02-19-2020/60178 Google去年阻止79萬款違規程式登上Play Store https://www.ithome.com.tw/news/135821 Fraudsters using malicious apps to target Kochi’s smartphone users https://www.nyoooz.com/news/kochi/1433891/fraudsters-using-malicious-apps-to-target-kochis-smartphone-users/ More than 7,700 attacks by threats disguised as dating apps in Africa https://www.intelligentcio.com/africa/2020/02/12/more-than-7700-attacks-by-threats-disguised-as-dating-apps-in-africa/ Security News This Week: The 'Robo Revenge' App Makes It Easy to Sue Robocallers https://www.wired.com/story/robo-revenge-apple-malware-security-news/ Signal Is Finally Bringing Its Secure Messaging to the Masses https://www.wired.com/story/signal-encrypted-messaging-features-mainstream/ Ring to enable 2FA for all user accounts after recent hacks https://www.zdnet.com/article/ring-to-enable-2fa-for-all-user-accounts-after-recent-hacks/#ftag=RSSbaffb68 Singapore gets three bids for 5G licences https://www.zdnet.com/article/singapore-gets-three-bids-for-5g-licences/#ftag=RSSbaffb68 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 WordPress外掛ThemeGrill Demo Importer可讓駭客清除資料庫，波及20萬網站 https://www.ithome.com.tw/news/135891 戰鬥民族瘋改造身體竟植入台灣晶片 https://news.ltn.com.tw/news/world/breakingnews/3072243 網站流量暴增要小心？可能是駭客發動廣告勒索攻擊 https://cnews.com.tw/137200219a04/ 報告：去年每1分鐘發生16次DDoS攻擊 https://www.ithome.com.tw/news/135912 武漢肺炎效應，IBM退出RSA大會，亞洲黑帽駭客大會延期 https://www.ithome.com.tw/news/135856 世衛也出聲了：小心有關武漢肺炎的網釣郵件 https://www.ithome.com.tw/news/135890 警示! 全球利用安全漏洞的網路攻擊激增 http://bit.ly/2V16Fy5 帳號遭駭客入侵「隱私全曝」　IU罕見動怒：越線是犯罪 https://www.setn.com/news.aspx?NewsID=691014 脫北官員太永浩手機疑遭北韓駭客入侵盜資訊 https://money.udn.com/money/story/5599/4350201 官方推特帳號被盜？以色列國防部貼出撩人正妹照 https://news.ltn.com.tw/news/world/breakingnews/3070024 奧運及奧委會社交網站遭黑客入侵　Twitter：已封鎖受影響帳戶 http://bit.ly/3bJTYgT 英警方呼籲家長一但發現小孩在用Kali Linux、Tor、Discord，應主動通報 https://www.ithome.com.tw/news/135886 網路安全成戰爭武器休斯頓能源業需高度關注 https://scdaily.com/post/1486 美國兩起駭客攻擊指向同一家網路服務提供商 https://on.wsj.com/2HAdrmI 中國大陸網路資訊內容生態治理規定 http://www.cac.gov.cn/2019-12/20/c_1578375159509309.htm 共軍駭客窮凶惡極國際社會杜微慎防 https://www.ydn.com.tw/News/373350 【中共的秘密在她電腦裡】讀到全身發抖！她向國際爆料「新疆 2 份關鍵文件」，卻收到死亡威脅、遭駭客攻擊 https://buzzorange.com/2020/02/20/the-whistleblower-of-xinjiang-cases/ 美、德情報機關掌控瑞士加密通信公司多年來竟竊聽多達120國情報機密 https://news.sina.com.tw/article/20200214/34233970.html 盟國若採用華為設備川普揚言斷情報分享 https://times.hinet.net/topic/22789041 喬治亞上萬網站遇駭英美盟邦矛頭指向俄國 https://www.cna.com.tw/news/aopl/202002210032.aspx 越南專家構建首個信息安全生態系統 http://n.yam.com/Article/20200220995715 伊朗國家黑客濫用VPN漏洞，入侵全球企業內網植入後門 https://www.secrss.com/articles/17172 Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world https://www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/#ftag=RSSbaffb68 Unpatched VPN Servers Hit by Apparent Iranian APT Groups https://www.bankinfosecurity.com/unpatched-vpn-servers-hit-by-apparent-iranian-apt-groups-a-13733 Israeli soldiers tricked into installing malware by Hamas agents posing as women https://www.zdnet.com/article/israeli-military-tricked-into-installing-malware-by-hamas-agents-posing-as-women/#ftag=RSSbaffb68 U.S. Charges Huawei with Stealing Trade Secrets from 6 Companies https://thehackernews.com/2020/02/united-states-china-huawei.html UK police deny responsibility for poster urging parents to report kids for using Kali Linux https://www.zdnet.com/article/uk-police-distance-themselves-from-poster-warning-parents-to-report-kids-for-using-kali-linux/#ftag=RSSbaffb68 Singapore to spend $719M beefing up government's cyber, data security systems https://www.zdnet.com/article/singapore-to-spend-719m-beefing-up-governments-cyber-data-security-systems/#ftag=RSSbaffb68 16 DDoS attacks take place every 60 seconds, rates reach 622 Gbps https://www.zdnet.com/article/16-ddos-attacks-take-place-every-60-seconds-rates-reach-622-gbps/#ftag=RSSbaffb68 Five years after the Equation Group HDD hacks, firmware security still sucks https://www.zdnet.com/article/five-years-after-the-equation-group-hdd-hacks-firmware-security-still-sucks/#ftag=RSSbaffb68 Hundreds of Millions of PC Components Still Have Hackable Firmware https://www.wired.com/story/firmware-hacks-vulnerable-pc-components-peripherals/ Cybersecurity Plan for 2020 US Election Unveiled https://www.bankinfosecurity.com/cybersecurity-plan-for-2020-us-election-unveiled-a-13732 US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility https://thehackernews.com/2020/02/critical-infrastructure-ransomware-attack.html Millions Of Windows And Linux Systems Are Vulnerable To This ‘Hidden’ Cyber Attack https://www.forbes.com/sites/daveywinder/2020/02/18/millions-of-windows-and-linux-systems-are-vulnerable-to-this-hidden-cyber-attack/ Spoofing Banks is a Balancing Act https://www.domaintools.com/resources/blog/spoofing-banks-is-a-balancing-act# ＮＥＣ約６万人の社員が一斉にテレワーク実施 https://www3.nhk.or.jp/news/html/20200220/k10012293751000.html Microsoft has a subdomain hijacking problem https://www.zdnet.com/article/microsoft-has-a-subdomain-hijacking-problem/#ftag=RSSbaffb68 The US Blames Russia's GRU for Sweeping Cyberattacks in Georgia https://www.wired.com/story/us-blames-russia-gru-sweeping-cyberattacks-georgia/ 資安工程師/資深安全專家 (w0012) http://bit.ly/38F4ODj 產險-資訊安全分析師(內湖) https://www.104.com.tw/job/6vdbh?jobsource=googlejobs 資安工程師-F75E https://mail.google.com/mail/u/0/?tab=wm&ogbl#inbox 高級系統維護師(資安專人) https://m.1111.com.tw/job/91414896/ 資安工程師 (i-Security Engineer) https://www.104.com.tw/job/3q770 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞美台合作科技對抗「假新聞」！AIT：中國靠不實資訊削弱台灣自由民主 https://www.storm.mg/article/2308520 防疫散布假消息最重關4年半？陳其邁：明日會統一規定 https://news.ltn.com.tw/news/life/breakingnews/3072884 留言送口罩？小心有「駭」！ https://news.cnyes.com/news/id/4442938 詐騙手法不斷翻新！FBI公布報告去年網路犯罪損失金額最多是這類 https://cnews.com.tw/137200215a03/ 嘜來鬧！「LINE 2階段認證」是假的　小心帳號被盜 https://tw.appledaily.com/gadget/20200219/P2JQY3SVJBSVNCW6ICY2IBWFXE/ LINE 根本沒有「2 階段密碼認證」！小心釣魚訊息盜帳號 https://3c.ltn.com.tw/news/39579 1070萬酒店住宿資訊泄露：慘遭駭客散布 https://ek21.com/news/tech/179639/ 拍下身分證！口罩販賣機免費領　憂個資問題？業者秀代碼「沒有存個資啦」 https://tw.news.appledaily.com/life/20200221/JIMWMIXCRAHUQXJS4TTOC2VBBE/ 誰騙誰！男子稱為釣出詐騙集團杜撰武漢偷渡返國貼文遭逮 https://reurl.cc/nVkGDl 世衛也出聲了：小心有關武漢肺炎的網釣郵件 https://www.ithome.com.tw/news/135890 【武漢肺炎網路釣魚】 WHO呼籲:只有@who.int 才是來自世衛的信件,@who. com 、@who. org 都是山寨 https://blog.trendmicro.com.tw/?p=63475 Beware of criminals pretending to be WHO https://www.who.int/about/communications/cyber-security 女po文自爆花15萬武漢偷渡返台高市警揪出假帳號、追查IP http://bit.ly/2HvchJ6 波多黎各政府遭釣魚攻擊，損失達 400 萬美元 https://www.twcert.org.tw/tw/cp-104-3363-8df05-1.html PayPal remains the most‑spoofed brand in phishing scams https://www.welivesecurity.com/2020/02/14/paypal-remains-most-spoofed-brand-phishing-scams/ How romance scammers break your heart – and your bank account https://www.welivesecurity.com/2020/02/14/how-romance-scammers-break-your-heart-bank-account/ FBI: Cybercrime losses tripled over the last 5 years https://www.welivesecurity.com/2020/02/13/fbi-cybercrime-losses-tripled-last-5-years/ Watchdog Agency: Improper Use of Medicare Data Rampant https://www.bankinfosecurity.com/watchdog-agency-improper-use-medicare-data-rampant-a-13727 On data protection, the UK says it will go it alone. It probably won't. https://www.zdnet.com/article/on-data-protection-the-uk-says-it-will-go-it-alone-it-probably-wont/ Cyber tips for safe online dating: How to avoid privacy gaffs, exploits, and scams https://blog.malwarebytes.com/privacy-2/2020/02/cyber-tips-safe-online-dating/ Singapore instructs Facebook to block page access under online falsehoods law https://www.zdnet.com/article/singapore-instructs-facebook-to-block-page-access-under-online-falsehoods-law/#ftag=RSSbaffb68 Exclusive: Details of 10.6 million MGM hotel guests posted on a hacking forum https://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/ Scam Alert: You've Been Selected for 'Like of the Year 2020' Cash Prizes https://thehackernews.com/2020/02/like-of-the-year-scam.html Премия «Лайк года 2020» награждает фишингом: новая волна масштабной схемы мошенничества https://www.group-ib.ru/media/like-2020/ DOD DISA discloses data breach https://www.zdnet.com/article/dod-disa-discloses-data-breach/#ftag=RSSbaffb68 Phishing Campaigns Tied to Coronavirus Persist https://www.bankinfosecurity.com/phishing-campaigns-tied-to-coronavirus-persist-a-13741 Canadian Government Breaches Exposed Citizens' Data: Report https://www.bankinfosecurity.com/canadian-government-breaches-exposed-citizens-data-report-a-13739 E.研究報告【NIST CSF導入關鍵】7步驟打造整體安全防護網，從盤點現況與成熟度評估著手 https://www.ithome.com.tw/news/133172 ChkSender郵件存證與真偽驗證 https://reurl.cc/31GzrX Pikachu 漏洞靶場系列之 XSS https://www.chainnews.com/zh-hant/articles/186617425715.htm 使用Burpsuite快速掃描授權漏洞 https://zhuanlan.zhihu.com/p/106927394 Apache Shiro 反序列化漏洞利用工具使用 https://www.colabug.com/2020/0215/7000605/ CVE-2019-17564:Apache dubbo HTTP協議反序列化漏洞分析 https://www.colabug.com/2020/0215/6999555/ 高危進攻！黑客可利用sudo獲得root權限 https://juejin.im/entry/5e47903e51882549331ce423 [紅日安全] Web安全第3天– CSRF實戰攻防 https://www.freebuf.com/column/227295.html [紅日安全]Web安全Day4 – SSRF實戰攻防 https://www.freebuf.com/column/227309.html [紅日安全]Web安全Day5 – 任意文件上傳實戰攻防 https://www.freebuf.com/column/227315.html [紅日安全]Web安全Day6 – 業務邏輯漏洞實戰攻防 https://www.freebuf.com/column/227316.html 微軟SQL Server Reporting Services遠程代碼執行漏洞安全風險通告 http://vulsee.com/archives/vulsee_2020/0216_10577.html 文件上傳漏洞學習筆記——upload-labs https://www.jianshu.com/p/50e2e0fa4f8b xssi漏洞案例分析+漏洞挖掘 https://xz.aliyun.com/t/7204 CVE-2020-7471 漏洞詳細分析原理以及POC （原創） https://xz.aliyun.com/t/7218 漏洞分析丨CVE-2020-7471 https://www.colabug.com/2020/0217/7006388/ 漏洞復現篇——.htaccess文件解析漏洞 https://blog.csdn.net/weixin_45728976/article/details/104363400 漏洞分析學習之cve-2010-3333 https://xz.aliyun.com/t/7230 德國研究人員發現4GLTE協議新漏洞 https://www.freebuf.com/column/227816.html Web安全學習之SRC邏輯漏洞挖掘思路和技巧詳解 http://www.sohu.com/a/374284486_472906 危險的外圍設備：利用外設固件漏洞攻擊Windows/Linux電腦 https://www.secrss.com/articles/17240 邏輯漏洞挖掘經驗 https://www.cnblogs.com/thespace/p/12336237.html 「ファイルレス型」攻撃、企業揺さぶる　三菱電機も被害 https://www.nikkei.com/article/DGXMZO55672360U0A210C2EA2000/ 不正アクセスによる個人情報と企業機密の流出可能性について（第 3 報） http://www.mitsubishielectric.co.jp/news/2020/0212-b.pdf Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world https://www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/ Fox Kitten Campaign Widespread Iranian Espionage-Offensive Campaign https://www.clearskysec.com/wp-content/uploads/2020/02/ClearSky-Fox-Kitten-Campaign-v1.pdf TugaRecon - Subdomain Enumeration Tool https://pentestmag.com/tugarecon-subdomain-enumeration-tool/ RED HAWK- All In One Suite For Information Gathering And Vulnerability Scanning https://hackersonlineclub.com/red-hawk-all-in-one-suite-for-information-gathering-and-vulnerability-scanning/ ViperSoftX - New JavaScript Threat https://www.fortinet.com/blog/threat-research/vipersoftx-new-javascript-threat.html What Is a DDoS Attack https://securityintelligence.com/articles/what-is-a-ddos-attack/ Cookie-nabbing app could have served users side helping of XSS https://nakedsecurity.sophos.com/2020/02/14/cookie-nabbing-app-could-have-served-users-side-helping-of-xss/ WordPress GDPR Cookie Consent plugin fixed vulnerability. https://blog.nintechnet.com/wordpress-gdpr-cookie-consent-plugin-fixed-vulnerability/ Updates on WordPress security, Wordfence and what we're cooking in the lab today https://www.wordfence.com/blog/2020/02/improper-access-controls-in-gdpr-cookie-consent-plugin/ WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation https://blog.malwarebytes.com/threat-analysis/2020/01/woof-locker-stealthy-browser-locker-tech-support-scam/ JavaScript Injection Impact https://hackersonlineclub.com/JavaScript-injection-impact/ Data Backup Strategy: Step By Step Guide for Business https://hackonology.com/blogs/data-backup-strategy-step-by-step-guide-for-business/ Drone pentesting framework console https://github.com/dhondta/dronesploit Small and highly portable detection tests based on MITRE's ATT&CK. https://github.com/timfrazier1/atomic-red-team NETSCOUT THREAT INTELLIGENCE REPORT https://www.netscout.com/threatreport?ls=PR-MKTG&lsd=pr-021820-5 PERILOUS PERIPHERALS: THE HIDDEN DANGERS INSIDE WINDOWS & LINUX COMPUTERS https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/ Http-Asynchronous-Reverse-Shell https://github.com/onSec-fr/Http-Asynchronous-Reverse-Shell Automated Red Team Infrastructure deployement using Docker https://github.com/khast3x/Redcloud BlackPhish https://github.com/iinc0gnit0/BlackPhish 2019 Cyberthreat Defense Report https://www.imperva.com/resources/resource-library/lp/2019-cyberthreat-defense-report/ BlueKeep – Exploit Windows (RDP Vulnerability) Remotely https://linuxsecurityblog.com/2019/10/10/bluekeep-exploit-windows-rdp-vulnerability-remotely/ Pypykatz - Mimikatz implementation in pure Python https://hakin9.org/pypykatz-mimikatz-implementation-in-pure-python/ 日本国内の組織を狙ったマルウエアLODEINFO https://blogs.jpcert.or.jp/ja/2020/02/LODEINFO.html From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras https://github.com/Varbaek/xsser Network traffic analysis for IR: Analyzing IoT attacks https://securityboulevard.com/2020/02/network-traffic-analysis-for-ir-analyzing-iot-attacks/ Chinese hackers have breached online betting and gambling sites https://www.zdnet.com/article/chinese-hackers-have-breached-online-betting-and-gambling-sites/ Uncovering DRBControl Inside the Cyberespionage Campaign Targeting Gambling Operations https://documents.trendmicro.com/assets/white_papers/wp-uncovering-DRBcontrol.pdf CLAMBLING - A New Backdoor Base On Dropbox (EN) http://www.talent-jump.com/article/2020/02/17/CLAMBLING-A-New-Backdoor-Base-On-Dropbox-en/ Wi-Ploit Exploit Tool https://hackingpassion.com/wi-ploit-wi-fi-exploit-tool/ Cybersecurity Research During the Coronavirus Outbreak and After https://securelist.com/cybersecurity-research-during-the-coronavirus-outbreak-and-after/96275/ F.商業 Palo Alto結合容器與無伺服器防護，跨入雲端原生安全應用 https://www.ithome.com.tw/review/135656 中華資安導入Nutanix 企業雲作業系統強化企業資訊安全 https://news.sina.com.tw/article/20200218/34263264.html 5G資安風險大美方傳擴大封堵華為衝擊台積電 http://bit.ly/2P5hrQ7 全球遠端工作需求升台灣微軟佈署兩大高效遠距辦公方案 http://www.ctimes.com.tw/DispNews/tw/Microsoft/%E5%BE%AE%E8%BB%9F/2002181530SL.shtml 勤業眾信：遠距工作增加資安風險，四大關鍵教你如何安心 Work From Home https://buzzorange.com/techorange/2020/02/17/deloitte-sop/ 讓指紋辨識更安全！法國公司推多手指全螢幕FoD技術盼今年成功量產 https://cnews.com.tw/134200218a03/ 全球遠端工作需求升，台灣微軟解決方案為企業把關生產力 https://www.techbang.com/posts/76284-global-demand-for-remote-work-rises-taiwans-microsoft-solutions-for-enterprises-to-control-productivity Dell 20 億美元出售 RSA https://reurl.cc/W4jmdZ 強化資安防護 Google Chrome 不用點擊顯示密碼即可複製貼上 https://www.inside.com.tw/article/18960-google-chrome-copy-password 前檢察官轉行當律師國內首設測謊及數位採證 https://udn.com/news/story/7323/4358425 用APP投票選總統？微軟開源投票程式上線測試未來可用於大選活動 https://news.sina.com.tw/article/20200220/34289312.html Microsoft set to bring its antivirus app to iOS and Android sometime this year https://9to5mac.com/2020/02/20/microsoft-antivirus-software-ios/ G.政府國防部後備指揮部109年聘雇進用國軍資安鑑測題庫 https://afrc.mnd.gov.tw/AFRCWeb/NewsContent.aspx?sn=12683 108年第4季更新之資通安全專業證照清單 https://nicst.ey.gov.tw/Page/D94EC6EDE9B10E15/7ba35454-3644-4199-828d-cff2f2d077fc 隱私疑慮未解恐成「資安阿基里斯腱」　數位身分證換發倒數，台灣準備好了嗎 https://www.wealth.com.tw/home/articles/24403 【倒數 8 個月換新證件，台灣真準備好了嗎】政府一年被網攻 3.6 億次！學者憂數位身分證成「資安破口」 https://buzzorange.com/2020/02/20/the-concern-about-new-eid/ 行政院技術服務中心108 年資安服務廠商評鑑結果 http://bit.ly/2Pc6jkG 71％公務員個資外洩監察院促請銓敘部檢討 https://news.ltn.com.tw/news/politics/breakingnews/3075158 每3名公務員有2人個資外洩監院促銓敘部檢討 https://udn.com/news/story/7314/4360450 H.工控系統/SCADA/ICS Profinet工業通信協議漏洞影響西門子，Moxa等工業設備 https://nosec.org/home/detail/4110.html JVNVU#95424547 三菱電機製 MELSEC C言語コントローラユニットおよび MELIPC シリーズ MI5000 における複数の脆弱性 https://jvn.jp/vu/JVNVU95424547/ 趨勢科技架設仿真模擬工業環境測試駭客攻擊 https://zeekmagazine.com/archives/115956 NEC Aterm WG2600HS 操作系統命令注入漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5534 JVN#25766797 Aterm WF1200CR 、WG1200CR および WG2600HS における複数の OS コマンドインジェクションの脆弱性 https://jvn.jp/jp/JVN25766797/ JVN#49410695 Aterm WG2600HS における複数の脆弱性 https://jvn.jp/jp/JVN49410695/ JVNVU#95424547 三菱電機製 MELSEC C言語コントローラユニットおよび MELIPC シリーズ MI5000 における複数の脆弱性 https://jvn.jp/vu/JVNVU95424547/ What the Explosive Growth in ICS-Infrastructure Targeting Means for Security Leaders https://securityintelligence.com/posts/what-the-explosive-growth-in-ics-infrastructure-targeting-means-for-security-leaders/ I.教育訓練 #筆記分享-金管會防制洗錢與打擊資恐專業人員測驗 https://reurl.cc/W4jNED 零基礎了解CSRF漏洞 https://zhuanlan.zhihu.com/p/107719476 INE - OSCP Security Technology Course https://reurl.cc/4gEEgv Cisco Internal Routing Protocols https://packetlife.net/media/library/40/IOS_Interior_Routing_Protocols.pdf J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識物聯網資安聯合檢測中心成立，引進 UL IoT 安全評等 https://technews.tw/2020/02/14/hutoushan-innovation-hub-iot-cyber-security-center/ 物聯網資安聯合檢測中心成立引領台灣物聯網裝置接軌國際標準 https://life.taiwan368.com.tw/e_news.php?id=24784 台灣首座IoT資安檢測中心落成！從醫院、農場實測漏洞風險與潛在危害 https://www.bnext.com.tw/article/56597/tcc-iot-ul 為IoT注入資安思維：尚承科技從「晶片內部」做起，提供韌體加密與保護服務 https://meet.bnext.com.tw/articles/view/46093 特斯拉軟件被曝存漏洞，電子膠帶誘使其在限速區超速 https://www.36kr.com/p/5293553 歐盟發布 AI 白皮書！訓練數據、過程皆有規範，將如何衝擊科技產業 https://buzzorange.com/techorange/2020/02/20/european-commission-ai-white-paper/ 6.近期資安活動及研討會 Certificate of Cloud Security Knowledge (CCSK) Plus 2/23 ~ 2/24 https://csacongress.org/event/csa-summit-at-rsa-conference-2020/ 連網設備的資安風險與信任管理策略 2/25 https://www.caa.org.tw/coursedetail-3272.html 第19屆亞太資安論壇 2/25 ~ 2/26 https://www.informationsecurity.com.tw/Seminar/2020_Seminar/all/ Taipei 暗号通貨 (Cryptocurrency) Meetup 2/26 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcdbjc/ Android Code Club(Taipei) 2/26 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcdbjc/ 區塊鏈電子郵件防詐及網路資安鑑識研討會 2/27 https://www.tca.org.tw/market_info1.php?n=2390 Thinking Thursday 第七場 2/27 https://www.meetup.com/Thinking-Thursday/events/266911452/ 邊緣運算介紹與應用 & Let's AIY ( 人工智慧小聚 - Hsinchu#20200304 ) 3/4 https://www.meetup.com/AIA-Hsinchu/events/267713123/ Android Code Club(Taipei) 3/4 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcfbgb/ 「智慧機械與資安解決方案」技術交流媒合會 3/5 https://forms.gle/ZRksvpLu1hDHUm538 Monad 細說從頭！ FunTh#81 3/5 https://www.meetup.com/Functional-Thursday/events/267683150/ Android Code Club(Taipei) 3/11 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcfbpb/ Scala Taiwan #37 3/18 https://www.meetup.com/Scala-Taiwan-Meetup/events/267899692/ 韓國國際安全博覽會 3/18 https://www.twcert.org.tw/tw/cp-105-3230-a3bd4-1.html 數據分析與機器學習案例實務(一)以PM2.5為例 3/23 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3888&from_course_list_url=course_index Taipei 暗号通貨 (Cryptocurrency) Meetup 3/25 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcfbhc/ 交通大學駭客書院 - 緩衝區溢位攻擊與預防 3/28 https://hackercollege.nctu.edu.tw/?p=1141 black ASIA 2020 Singapore 3/31 ~ 4/3 https://www.blackhat.com/asia-20/briefings/schedule/ Kaspersky® Security Analyst Summit 4/6 ~ 4/9 https://thesascon.com/ 邊緣計算系統之大數據與深度學習應用 4/10 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3883&from_course_list_url=course_index 第二屆ICANN APAC-TWNIC Engagement Forum 與第34屆TWNIC IP政策資源管理會議 4/16 https://forum.twnic.tw/2020/registration.htm 交通大學駭客書院 -入侵行為發覺與應變指南 4/18 https://hackercollege.nctu.edu.tw/?p=1144 VXCON 2020 - APAC 4/18 ~ 4/19 https://www.vxcon.hk/ 2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore 4/21 ~ 4/23 https://www.icscybersecurityconference.com/singapore/ Taipei 暗号通貨 (Cryptocurrency) Meetup 4/22 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcgbdc/ 亞太資訊安全論壇暨展覽會 4/22 https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html 交通大學駭客書院 - 基礎網頁安全與滲透測試 4/25 https://hackercollege.nctu.edu.tw/?p=1147 2020 LINE Taiwan Developers Recruitment Day 4/25 https://engineering.linecorp.com/zh-hant/blog/2020-line-taiwan-technical-recruitment-day/ 交通大學駭客書院 - 基礎網站安全建構實務 5/16 https://hackercollege.nctu.edu.tw/?p=1151 交通大學駭客書院 - 電子郵件之偽造攻擊與防護措施 5/23 https://hackercollege.nctu.edu.tw/?p=1156 Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/ 交通大學駭客書院 - 進階網頁滲透測試 5/30 https://hackercollege.nctu.edu.tw/?p=1159 邊緣計算系統之大數據與深度學習應用 6/5 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index 交通大學駭客書院 - 高階網頁滲透測試 6/13 6/20 https://hackercollege.nctu.edu.tw/?p=1161 交通大學駭客書院 - 企業網域控管-Active Directory攻擊與防禦 6/27 https://hackercollege.nctu.edu.tw/?p=1164 CYBERSEC 2020 臺灣資安大會 8/12 https://cyber.ithome.com.tw/