cyber threats 2015

CYBER THREATS 2015

ThaiCERT

, , , , , Martijn Van Der Heide, , , , , , , , , , ,

1 2559

3,000

300

.. 2537

() (Thailand Computer Emergency Response Team : ThaiCERT)

() (.) Electronic Transactions Development Agency (Public Organization) (ETDA)

Ministry of Information and Communication Technology

() 20 33/4 9 10310

: 0 2123 1212 | : 0 2120 1200 : [email protected] : www.thaicert.or.th () : www.etda.or.th : www.mict.go.th

Digital Economy Cybersecurity

() (.) ETDA ()

2558 E-banking

" CYBER THREATS 2015" 2558

()

1

Awareness

1. Microsoft Mainstream Windows 7 13 2558 ...............................................................21

2. FBI 6,000 ..........................21

3. FBI Sony .......................................22

4. Apple ..........22

5. ................................................................23

6. FB ...................................................23

7. ..........................................................24

8. FireEye IT ...................................25

9. Google Chrome Adware ...............................................26

10. Facebook ..............27

11. Signal 2.0 iOS - Android ........28

12. Cybersecurity 2558 ZDNet .......................................................29

13. iOS ......................30

14. Google Play Store .......................30

15. IBM X-Force 2557 ..........................31

16. Samsung Galaxy Tab .......................................................32

17. ..........................................32

18. World Backup ..............................................................34

19. Android find my phone Google ..................................................34

1 264

20. Biometrics Scanner BodyPrint ..........34

21. Facebook PGP ..................................................................................................35

22. MasterCard ..............................................36

23. Microsoft Security Essentials Windows XP ................................................................37

24. ........38

25. Microsoft, Google, Facebook, Twitter Yahoo .........................................................39

26. Facebook ......................................39

27. Microsoft Internet Explorer 12 2559 ...............................................................................40

28. SHA-1 ...................................................................................41

29. .....................................................................42

Computer Security Incident

30. twitter ............................................45

31. 19,000 ...................................................................45

32. Malaysia Airline ..................................................................................46

33. Baby Monitor .......................47

34. Kaspersky Equation group APT NSA ..............................48

35. 300 100 .....................49

36. Lizard Squad Google ........................................................................................50

37. Torrent Bitcoin .....................................51

38. Panda .........................................................52

39. APT30 .....................................................................52

40. DDoS ........................................................................53

41. Kaspersky Naikon APT ..............................................54

42. ....................................................................................55

43. SMEs Grabit .....56

44. LastPass ..................................................................57

45. ICANN ..................................................58

46. ThaiCERT () .......................................59

47. MySQL DDoS ...............................................60

Law & Policy

48. ETDA 10 . ........................................63

49. .................................................................63

50. .............................................................64

51. ....................................................65

52. Backdoor ..............................................................................65

Malware

53. Twitter #JeSuisCharlie ..............................................67

54. iOS ............................................67

55. Lenovo SSL ..................................................................68

56. .........................................69

57. LastPass Superfish VisualDiscovery ...................................................................69

58. Microsoft Windows Defender Superfish ...........70

59. ........................71

60. Killer USB .........................................................................72

61. Android 3 .............72

62. "Your Facebook login is currently removed" ......................................................................................73

63. ...................................................................................73

64. ..................................................75

65. PuTTY ...........................................76

66. Ransomware .......................................................................76

67. Ransomware Android .......................................................................................................77

68. UnfriendAlert Facebook ...............................................78

69. CTB-Locker 14 ....................................79

70. adf.ly ............80

71. Play Store Android ...................................................................80

72. Red Star ....................................................................81

73. CTB-Locker Windows 10 ...............................................................................82

74. Smartwatch ....................................................83

75. Tweak iCloud ..............................................84

76. Android .......................................................................84

77. Brain Test Play Store root / 1 ................................................85

78. Mac OS X ......................................86

79. Dell eDellroot Dell .......................................................87

Phishing/Scam

80. Facebook .........................................................89

81. Phishing Facebook Facebook Apps .....................89

82. / Facebook App ............................................................................90

83. ............................................90

84. Dance of the Pope ...................................................91

85. / PayPal .91

86. Outlook/Hotmail / ..............93

87. PayPal .....94

88. ..............95

Privacy

89. ........................................97

90. ...................................................................................................97

91. .................98

92. Edward Snowden ..................................................................................................99

93. Apple Siri .................................99

94. G20 ................................................................................. 100

95. Facebook .................................................................................................. 101

96. NSA / ...................................................................................................... 101

97. Selfie ................................................. 102

98. Snowden NSA Google Play Store ................................. 103

99. Facebook Messenger ..... 104

100. 17% Facebook ................................................................................ 105

101. "DuckDuckGo" 6 .................................................................................... 106

102. WhatsApp .......................................................................................................... 106

103. 47 1 ........ 107

104. GhostShell .................................................................................. 108

105. Hacking Team 400 GB ......................... 110

106. - 4.8 2 . Vtech .................................. 111

Vulnerability

107. Mac Thunderbolt....................................................................................... 113

108. OpenSSL .................................................................................. 113

109. Google Android 4.4 ............................................................................................ 114

110. Samsung Smart TV ............................ 114

111. Facebook .......................................................... 115

112. Microsoft PowerPoint ............................................................. 115

113. BIND ......................................... 116

114. FireEye Masque Attack .......................................................... 116

115. Mac OS X Internet Explorer 2557 .......................................................... 117

116. Telegram .................................... 118

117. Samba .................................... 118

118. WP-Slimstat WordPress ... 119

119. Bitdefender SSL ...................................................... 119

120. Business Storage 2-Bay ......................................................... 120

121. Blu-ray Blu-ray .................................... 121

122. Toshiba Admin 122

123. Yoast WordPress 14 .. 122

124. Line .............. 123

125. D-Link DCS-93xL ........................................................... 123

126. Drupal ................................ 124

127. PHP Ubuntu ........................................ 124

128. OpenSSL ......................... 125

129. Mozilla Firefox 36.0.3 Pwn2Own .................................................................. 125

130. Firefox, Chrome, IE, Safari Pwn2Own 2015 .... 126

131. BIOS OS .............................. 126

132. IP Phone Cisco ....... 127

133. Android ................................................................................................ 127

134. YouTube .................................................................. 128

135. WordPress .................................................. 128

136. ntpd ................................ 128

137. WordPress ............................................................... 129

138. iOS 8 iPhone-iPad WiFi ........................................................ 129

139. Lenovo System Update ................................................................................................................. 130

140. VENOM Virtual Machine ................................................... 131

141. URL Safari ............................................ 132

142. Logjam TLS ...................................................................... 132

143. UC Browser Android ........................................ 133

144. Add-on Unity Web Player ........................... 134

145. Samsung Galaxy 600 ........................................................................................... 135

146. Drupal ........................... 136

147. Flash Player .................................................................... 136

148. Flash Player ........ 137

149. Apple OS X 10.10.4, iOS 8.4 ..................................................................... 137

150. OpenSSL .......................................... 138

151. Adobe Adobe Flash Player Hacking Team .................................................................................... 138

152. Internet Explorer (CVE-2015-2372) ....................... 139

153. Windows (CVE-2015-2426) ....................... 139

154. WordPress 4.2.3 Cross-Site Scripting ................ 140

155. Stagefright Android MMS ............................................................................... 140

156. Android Stagefright MMS.................................................... 142

157. Google Chrome Extension ......................................................................................... 143

158. Android Stagefright ...... 144

159. Dropbox, Google Drive, OneDrive man-in-the-cloud.................................................................................. 145

160. PDF Firefox Firefox 39.0.3 ....................................................... 146

161. Android AudioEffect ............................................................................ 146

162. Android ...................... 147

163. Belkin N600 (CVE-2015-5989) ....................................................................................................... 148

164. ISC 2 BIND (CVE-2015-5986, CVE-2015-5722) ..................................................................... 149

165. Seagate Telnet Username Password root ............................... 149

166. WordPress 4.3.1 Cross-Site Scripting (CVE-2015-5714) Privilege Escalation (CVE-2015-5715) ........................................................ 150

167. AirDrop iOS, OS X .......................... 151

168. WinRAR 152

169. Zyxel NBG-418N, PMG5318-B20A P-660HW-T1 ........................................................ 152

170. Apple 4 Keynote, Pages Numbers ........................................................... 153

171. Mozilla Firefox 41.0.2 .................................................. 153

172. Joomla! 3.4.5 ................ 154

173. ColdFusion 10, 11 Cross-Site Scripting (CVE-2015-8052, CVE-2015-8053) Server-side Request Forgery ......................................................................... 154

174. OpenSSL ....... 155

175. Joomla! 1.5 3.4.5 ................................................. 155

176. MacKeeper ........................................ 156

177. Juniper ScreenOS ........................................................................................ 157

1. CTB Locker ........................................................ 160

2. glibc (GHOST, CVE-2015-0235) ............................................ 170

3. D-Link DNS . 174

4. (Phishing) .................................................................... 177

5. SSL/TLS (FREAK) ..................................... 182

6. HTTP Protocol Stack (HTTP.sys) BSOD (CVE-2015-1635) ........................................................................ 187

7. OpenSSL SSL (CVE 2015-1793) ....................................... 191

8. Adobe Flash Player (CVE-2015-5122, CVE-2015-5123) ..................................... 193

9. Asus, ZTE, Digicom Observa Telecom . 195

10. Xcode iOS WeChat .......................... 197

11. Bookworm ...................................................................................................... 200

12. Microsoft Windows DNS (CVE-2015-6125, MS15-127) .................... 207

1 Gmail, Outlook Yahoo ................................................................... 212

2. Locker Unlocker : Ransomware .................... 239

3. Flash Player ....................................................................... 252

.......................................................................................... 264

....................................................................................................... 266

CYBER THREATS 2015 19

20

Awareness


FBI Charles Gilgen FBI 2,000 4,000

2553 CyberCorps 20,000-25,000 3 45 3

: 08-01-2558 : Businessweek

2FBI 6,000

Microsoft Mainstream Windows 7 13 2558

Windows 7 Mainstream 13 2558 Feature Windows 7

Windows 7 Extended Support 14 2563

: 07-01-2558 : Microsoft

1

Awareness

22

Apple TouchID iPhone iPad Apple

Apple Apple

: 20-01-2558 : The Register

4Apple

FBI Sony

FBI James Comey Sony the Guardians of Peace Proxy

FBI

: 13-01-2558 : Foxnews

3


13.00-15.00 . 27 2558 Facebook Instagram Lizard Squad Facebook BBC

Facebook Instagram

: 28-01-2558 : BBC

6FB

hackerlist.com

Facebook, Gmail 2,000 hackerforhirereview.com

: 23-01-2558 : Nakedsecurity

5

24

password Software Advice

56% (, , , )

54%

17% 2 (2-Factor Authentication)

14% Biometric Authentication

: 04-02-2558 : Infosecurity-magazine

7


FireEye IT

FireEye M-Trend 2015: A View from the Front Lines IT 78% (44%)

(Remote Access) / 2 (2-Factor Authen-tication)

1. 205 2556

2. 69%

3.

4.

8

: 2015-02-25 : FireEye

26

Google Chrome Adware

Google Chrome Download.com, Sourceforge, Softonic Adware

Google Chrome Google Chrome

9

: 27-02-2558 : Ghacks


Facebook

Facebook Facebook Support

(Irish Data Protection Commissioner)

: 03-03-2558 : The Hacker News

10

28

Signal 2.0 iOS - Android "Edward Snowden " (http://thcert.co/7452m8) 3 Android TextSecure iOS iPhone (https://www.eff.org/secure-messaging-scorecard)

iPhone Android iPhone iMessage Apple Apple

2 2558 Open Whisper Systems iOS Signal 2.0 Signal iOS TextSecure Android https://itunes.apple.com/us/app/signal-private-messen-ger/id874139669?mt=8

Signal 2.0 iOS - Android 11

: 05-03-2558 : The Hacker News ,

Ars Technica , EFF


Cybersecurity 2558 ZDNet

ZDNet ( Heartbleed Shellshock ) Apple

Sandboxing

ZDNet Firewall Cloud Firewall, VPN, IDS/IPS

: 10-03-2558 : ZDNet

12

30

MDSec iOS 4 USB (Brute-force) 111 1

iOS 10

Google Play Store Apple App Store Google E (Everyone) , T (Teen) , M (Mature)

iOS

Google Play Store

13

14: 19-03-2558

: MDSec



IBM X-Force Threat Intelligence Quarterly IBM 2557

1. 2556 25%

2.

(Security Question)

3. Cryptography Libraries Heartbleed, POODLE, FREAK

4. 28.7%, 13%, 10.7 %

IBM X-Force 2557 15

: 27-03-2558 : Net-security

32

Ben Gurion University (Air-gapped Computer)

17

Stanford Research Institute (SRI) Samsung (Iris-scanning) Galaxy Tab Pro 8.4

SRI 1,000 SRI Iris on the Move (IoM)

Samsung Galaxy Tab 16



31 2558 World Backup Day worldbackupday.com 30% 113 (Ransomware)

Google Drive Dropbox 2 (2-Factor Authentica-tion) worldbackupday Infographic https://vimeo.com/97489098

World Backup 18


: 01-04-2558 : World Backup Day

2 Air-gapped

Computer 8

34

Google Android find my phone Google ( Android Device Manager)

Google Account Remote locate this device Google Settings Google

(Biometric)

Yahoo! BodyPrint BodyPrint

Android find my phone Google

Biometrics Scanner BodyPrint

19

20: 16-04-2558

: +Google


Facebook HTTPS, HSTS Facebook Tor

Facebook

Facebook PGP Profile Facebook Facebook Facebook

Facebook PGP 21


: 02-06-2558 : Facebook

(touchscreen) BodyPrint .

99.98% 12 Yahoo!

36

( .. - ..) MasterCard Apple, Google, Microsoft Samsung

MasterCard SecureCode 3

MasterCard 22

: 06-07-2558 : CNN


Windows XP 2557 Microsoft Security Essentials ( Microsoft) Windows XP 14 2558 Microsoft Microsoft Security Essentials

Windows XP " Windows XP 8 2557" (http://thcert.co/Jp6761)

Microsoft Security Essentials Windows XP 23

: 17-07-2558 : ZDNet

38

HP 10

1. SSL/TLS 40%

2. 30%

3. 30%

Two Factor Authentication 2

4. 70%

HP

24


HP


Internet Watch Foundation IWF 5 IT Microsoft, Twitter, Google, Facebook, Yahoo IWF Hash

IWF 500

Face-book Facebook

Microsoft, Google, Facebook, Twitter Yahoo

Facebook

25

26: 13-08-2558

: Naked Security

40


: 07-10-2558 : Microsoft

Facebook API ( ) API

Facebook

https://www.etda.or.th/content/social-network-security.html

Microsoft 12 2559

Internet Explorer Internet Explorer 11

Microsoft Internet Explorer 12 2559 27


: 16-10-2558 : Ars Technica

Hash Hash Hash Hash Hash Collision ( http://thcert.co/sbR2L2) Hash Collision

SHA-1 Hash SHA-1 2561

SHA-1 173,000 75,000-120,000

SHA-1 SHA-2 SHA-3 (Certificate Authority) SHA-1 SHA-1 2558 2559

SHA-1 28

42

: 18-12-2558 : ThaiCERT

(https://thaicert.or.th/alerts/user/2015/al2015us007.html)

1.

2. ,

3.

Infographic (https://www.thaicert.or.th/downloads/files/info_ThaiCERT_Mail-Scam.jpg)

29

44

Computer Security Incident


: 14-01-2558 : bbc

: 21-01-2558 : ap

12 2558 CyberCaliphate Twitter YouTube (US Central Command)

US Central Command Twitter YouTube

Arnaud Coustillire 19,000 DDoS Charlie Hebdo 7

Arnaud Coustillire

twitter

19,000

30

31

46

: 27-01-2558 : nakedsecurity

26 2558 NakedSecurity Malaysia Airline "404-Plane Not Found" Lizard Squad

Malasia Airline 22

Malaysia Airline DNS Server ( ) Lizard Squad

Malaysia Airline 32



(Default Password)

nakedsecurity Baby Monitor Foscam

Baby Monitor 33

48

Kaspersky Equation group APT 2001 0-Day

C&C C&C C&C

0-Day Stuxnet Equation group Stux-net

()

NSA

Kaspersky Equation group APT NSA 34



: 18-02-2558 : Secure List

Kaspersky 300 100 2556

Carbanak ATM

300 100 35

NSA

NSA

50

: 24-02-2558 : TeachWorm

23 2558 Google (google.com.vn) "Hacked by Lizard Squad, greetz from antichrist, Brian Krebs, sp3c, Komodo, ryan, HTP & Rory Andrew Godfrey (holding it down in Texas)Buy DDOS.."

zing.vn DNS 8.8.8.8

Lizard Squad Google 36


: 10-03-2558 : The Verge

5 2558 Torrent 3.4.2 build 38913 EpicScale Bitcoin Torrent

Torrent Windows EpicScale Windows Task Manager Ctrl+Shift+ESC

EpicScale

1. Control Panel > Pro-grams and Features EpicScale Uninstall

2. C:\programdata Folder EpicScale

3. Windows+R regedit Registry Editor

4. HKEY_CURRENT_US-ER>Software>EpicScale EpicScale Delete

5. HKEY_CURRENT_USER>-Software>Microsoft>Win-dowsCurrentVersion>Run EpicScale delete

Torrent Bitcoin 37

52

: 12-03-2558 : Panda Security

Panda Security (Panda Cloud Office Protec-tion, Panda Cloud Office Protection Advanced, Panda Antivirus Pro 2015,Panda Internet Security 2015, Panda Global Protection 2015, Panda Gold Protection)

Signature

Panda Security http://www.pandasecurity.com/uk/homeus-ers/support/card?id=100045

FireEye APT30

aseanm.com (asean.org)

FireEye IOC (Indicators of Compromise) https://github.com/fireeye/iocs/tree/master/APT30

Panda

APT30

38

39

: 16-04-2558 : FireEye


(Telecom Regulatory Authority of India TRAI) Net Neutrality

ISP , , TRAI Vodafone Airtel Net Neutrality

TRAI 1 TRAI

TRAI (trai.gov.in) AnonOp-sIndia @opindia_revenge DDoS (Distributed Denial of Service) TRAI TRAI

DDoS 40


54

: 15-05-2558 : MAwarenessboard ,

Secure List

Kaspersky Naikon APT APT30 FireEye

Kaspersky Naikon APT 5 ( )

Microsoft Word

Naikon APT Microsoft Word Microsoft Word

Kaspersky Naikon APT 41


Chris Roberts United Airlines Chris Roberts In-flight Entertainment (IFE) Ethernet

Cable

Chris 15 United Airlines

42


56

Kaspersky Grabit 10,000

Grabit

Grabit (.doc)

HawkEye 3,023 2,887 1,053 4,928 Outlook, Facebook, Skype, Google mail, Yahoo, LinkedIn Twitter

Kaspersky Grabit

1. C:\Users\\AppData\Roaming\Microsoft executable file ( .exe)

SMEs Grabit 43


: 09-06-2558 : Kaspersky Lab

15 2558 LastPass , Password reminders, Salt (Master Password) Hash

LastPass LastPass LastPass 2 LastPass 1. , 2. 3. 2 (2 Factor Authentication) https://helpdesk.lastpass.com/multifactor-authenti-cation-options/

LastPass 44

: 16-06-2558 : LastPass

2. Windows System Configurations startup grabit1.exe

3.

4.

58

ICANN Internet Corporation for Assigned Names and Numbers

5 2558 ICANN ICANN.org

ICANN Hash ICANN.org https://www.icann.org/users/password/new

ICANN 45

: 07-08-2558 : ICANN


23 2558 Fallaga Team (Web Defacement) 19,000 Charlie Hebdo 25 2558 Fallaga Team 106

Web Defacement

Web Defacement [email protected] 0 2123 1212

/

ThaiCERT () 46

60

Log

: 26-08-2558 : ETDA

: 02-11-2558 : Net-Security , Symantec

Symantec Chikdos MySQL DDoS SQL Injection User-defined Function (UDF) UDF

MySQL Administrator, SQL Injection

MySQL DDoS 47

62

Law & Policy


: 24-01-2558 : thaicert

24 2558 ETDA ICT Law Center 10 ETDA

ETDA Digital Economy

... 1 10

10

24 2558 66A Information Act 2000

3

ETDA 10 .

48

49

64

: 26-03-2558 : Naked Security

: 21-04-2558 : Infosecurity Magazine

(China Banking Regulatory Commission : CBRC)

50


: 07-05-2558 : Euronews ,

BBC

: 13-10-2558 : The New York Times

5 2558

(Mass Surveillance) Liberal Democrats

iMessage, Facebook Messenger (Backdoor)

Apple Google

Backdoor

51

52

66

Malware


: 19-01-2558 : cbronline

Charlie Hebdo Twitter DarkComet Remote Access Trojan (RAT)

#JeSuisCharlie

Trend Micro 2 XAgent iOS Contact, SMS, GPS, , 1 MadCap

2 Pawn Storm

(Defense Contractor) iOS 7 iOS 8 iOS 7 1 4 iOS

iOS Enterprise/Ad-hoc provisioning App Store

Twitter #JeSuisCharlie

iOS

53

54 Malware

68

(

iOS App Store)

: 10-02-2558 : Trend Micro

: 19-02-2558 : The Next Web ,

Y Combinator

Lenovo Superfish VisualDiscovery Lenovo Search engine

Superfish VisualDiscovery SSL Superfish VisualDiscovery SSL

Superfish VisualDiscovery

Superfish VisualDiscovery Lenovo 2557 https://www.youtube.com/watch?v=oMMOPg9DRDc

Lenovo SSL 55


: 20-02-2558 : AVG

AVG . Animation

AGV

Superfish VisualDis-covery Lenovo Lenovo Y50, Z40, Z50, G50 Yoga 2 Pro HTTPS SSL

LastPass https://lastpass.com/superfish/

SSL

Windows start > "uninstall program" > uninstall program > Superfish inc VisualDiscovery > Uninstall

SSL

LastPass Superfish VisualDiscovery

56

57

70

Windows Start > "certmgr.msc" > certmgr.msc > > Trusted Root Certification

Authorities > Certificates > Superfish Inc delete >

: 20-02-2558 : LastPass

: 23-02-2558 : Ars Technica ,

Ars Technica

Superfish Lenovo (http://thcert.co/e9zx5p) Microsoft Windows Defender Windows Vista SSL

Internet Explorer, Chrome Opera Firefox

SSL Superfish Mozilla Firefox

1. Menu Options

2. Options Advanced Certificates

3. View Certificates

4. Certificate Manager Superfish, Inc

5. Delete or Distrust

6. OK

Microsoft Windows Defender Superfish 58


: 13-03-2558 : Net Security

Bromium Labs (Ransomware)

Call of Duty, StarCraft 2, Diablo, Minecraft, Half-Life 2, Skyrim, WarCraft 3, Assassin's Creed, World of Warcraft, Day Z, League of Legends, World of Tanks Steam RPG Maker, Unity3D Unreal Engine

iTunes Library

CryptoLocker Word-Press CVE-2015-0311 Flash Player CVE-2013-2551 Internet Explorer

59

72

: 13-03-2558 : Kukuruko

: 31-03-2558 : We Live Security

USB Stick Killer USB

Killer USB -110V USB Stick

Carnegie Mellon Android (Geolocation) 3 The Weather Channel 2,000 Groupon 1,062

( ) Groupon 20

Google Play Services 2,200 Android iOS

Killer USB

Android 3

60

61


: 30-04-2558 : Online Threat Alerts

Facebook "Your Facebook login is currently removed" ( "")

Ransomware () " /

(Encryption) External Drive

"Your Facebook login is currently removed"

62

63

74

(Bitcoin) (Decryption)

1.

2. Java PDF Reader

3.

4.

1.

2. (Portable Storage) (Network Storage)

3. IT

[email protected] 0 2123 1212

: 07-05-2558 : ThaiCERT


: 11-05-2558 : Softpedia

Ransomware (CV)

( (En-cryption) External Drive (Decryption) )

64

76

: 11-05-2558 : Softpedia

Cisco MalPutty PuTTY Secure Shell Credential HTTP GET

PuTTY

PuTTY for Mac, PuTTY for Android platforms Search Engine

Hash PuTTY Cisco

Ransomware

McAfee

Ransomware Tox

PuTTY

Ransomware

65

66



Bitdefender Android.Trojan.SLocker.DZ Android Ransomware 500 1500

Adobe Flash Player

Home Launcher Back Home

Safe mode ADB (Android Debug Bridge)

Ransomware Android 67

: 27-05-2558 : Softpedia

20%

Ransomware

78

Malwarebytes UnfriendAlert Facebook Unfriend UnfriendAlert / Facebook (yougotunfriended.com) Facebook

Facebook

Facebook Facebook OAuth "Log in with Facebook account" Facebook

Unfriend Alert Malwarebytes Log out of Awareness devices

UnfriendAlert Facebook 68

: 08-06-2558 : Malwarebytes


Trust-wave Trustwave Global Security Report 2015 547 15 2557

- 1,425% ($84,100 ) 14 (Ransomware) CTB-Locker

- 98% Trustwave 1 (Median) 2557 43%

- "Password1"

- 188

- 43% (13%) (12%)

- / 31% / (CVV)

- 81%

- (Remote Access)

- Spam 60% (69%)

CTB-Locker 14 69

: 15-06-2558 : Trustwave

80

Malwarebytes adf.ly Internet Explorer Flash Player

HanJuan exploit kit

ESET Facebook "Cowboy Adventure" "Jump Chess"

Facebook

Google Play Store

1. Facebook

2. Google Play Store

adf.ly

Play Store Android

70

71: 25-06-2558

: Softpedia


ERNW Red Star Linux

OpenOffice

Red Star 72



3. "Cowboy Adventure" Facebook

4. 2 (2 Factor Authentication) Facebook

5.

82

Cisco CTB-Locker update @microsoft.com Windows 10 .zip (Win10Installer.zip) .zip CTB-Locker

Windows 10 Microsoft (http://www.microsoft.com/th-th/windows/windows-10-upgrade)

CTB-Locker (https://www.thaicert.or.th/alerts/user/2015/al2015us001.html)

CTB-Locker Windows 10 73

: 04-08-2558 : Cisco


Smartwatch, Smart TV, Smart Fridge Smart Lock

Symantec Simplocker Smartwatch Smartwatch Smartwatch Smartwatch

Memory Card Smartwatch Smartwatch (Factory Reset)

Smartwatch Smart TV (http://thcert.co/jw1f9T) Android TV Box

Smartwatch 74


IOT+Security

84

Wooyun.com iCloud 220,000 iOS Tweak () iCloud

Tweak Wooyun iOS App Store

Zscaler Adult Player ( Google Play Store)

Device Administrator

Tweak iCloud

Android

75

76: 28-08-2558

: The Hacker News


Check Point Brain Test Google Play Store 10-15 2558 1 Google Play Store root

IP Google

Google Play Store

root

Brain Test Play Store root / 1 77

: 22-09-2558 : Check Point


Zscaler

Safe Mode Settings > Security > Device Administrator Adult Player Settings > Apps > Uninstall

Google Play Store Device Administrator

86

Rafael Salema Marques Mabouia (Ransomware) Mac OS X Ransomware Windows

YouTube (https://www.youtube.com/watch?v=9nJv_

PN2m1Y) Ransomware Mac OS X

Apple Mac OS X Ransomware

Mac OS X 78

: 09-11-2558 : LinkedIn , Softpedia


Dell eDellroot Root CA Dell (Private key) Man-in-the-middle https

Dell eDellroot Dell Dell XPS 15 laptops, M4800 worksta-tions, Inspiron desktop Inspiron laptop Dell https://dellupdater.dell.com/Downloads/APP009/eDellRootCertFix.exe

Dell eDellroot Dell 79

: 25-11-2558 : Ars Technica ,

Dell

88

Phishing/Scam


Facebook Facebook Facebook

"Many people on Facebook have reported that this story contains false information"

business2community / Facebook Facebook Fanpage Facebook /

(hxxps://apps.facebook.com/1538154846437637 - )

Facebook apps.facebook.com

Facebook

Phishing Facebook Facebook Apps

80

81: 23-01-2558

: fb

: 20-02-2558 : Business 2 Community

90

Online Threat Alerts / Facebook App "hello ! Do you want to know after 20 years you will look like? Please Click here to view hxxp://bit.ly/1BDzD84 I tried very fun and interesting hxxp://appnew2015.cf/"

Facebook /

/ Facebook https://www.facebook.com/hacked

Neil Moore Wandsorth 88

3 Neil Moore

/ Facebook App

82

83: 09-03-2558

: Online Threat Alerts

: 30-03-2558 : BBC


Social media "" (The Dance of the Pope) (Hoax) 2558

onlinethreatalerts.com (Billing Address) PayPal

PayPal /

Dance of the Pope

/ PayPal

84

85: 09-04-2558

: Hoax Slayer , Snopes

92

From: servces paypal [mailto:info@fanandish .com]

Sent: 20 April 2015 16:31

Subject: Your Transaction Needs Verification

Verify mailing address

Dear Customer,

Please confirm your billing address as we cannot match it to your card billing address. Did you change/update your billing address. We cannot process any payment for your purchase. You need you to confirm this action now.

Take a minute to confirm this address so we know it belongs to you. Once you confirm it, you can use this email address to receive alerts and updates concerning your account to avoid account blocked.

Confirm My Address

It's important because it helps us make sure no one is getting into your account without your knowledge.

Sincerely,

PayPal


(https://www.thaicert.or.th/downloads/files/info_ThaiCERT_Mail-Scam.jpg,https://www.thaicert.or.th/downloads/files/info_ThaiCERT_Phishing.jpg)


Outlook/Hotmail / 86


onlinethreatalerts.com Reset Outlook/Hotmail

(hxxp://www.webaccess12.esy.es/Access12.html) /

Hello!

Someone started the process to reset your account password without success.

Was this you?

Press here to validate your identity if you requested account login reset.

If you did not request to reset your account login information, it is nowmandatory for you to link your location to your account for improved security.

Press here to validate location if login information reset was not requested.

Please note your account will be disable if you fail to comply to request as we shall assume you no longer require service and account. Also note you may receive this email on your work email address and or alternative email address which you supplied to us at the time of registration.

Thank you for choosing yahoo as your email service provider.

Team Microsoft Outlook!

94

Subject: Account information needs to be updated.

From: Pay/Pal ([email protected])

Dear Member,

Please login to your Pay.Pal Account and visit the Message Center section in order to read the message.

To Login, please click the link below:

____Message Center____

2015 Pay_Pal Corporation. All rights reserved.\\

PayPal 87

Online Threat Alerts PayPal Pay/Pal ( [email protected]) PayPal

(hxxp://www.cswl168.com/us/Revalidate.htm?cmd_submitaccess0023044.submit=data_refund) / ,

PayPal

(https://www.thaicert.or.th/downloads/files/info_ThaiCERT_Mail-Scam.jpg, https://www.thaicert.or.th/downloads/files/info_ThaiCERT_Phishing.jpg)



.88

Social Engineering

1.

2.

3.

4.

5.

6.

OTP https://www.youtube.com/watch?v=_dj_90TnVbo


96

Privacy


89

90

Rex Mundi Banque Cantonale de Geneve 10,000

Reuters 30,000

The Intercept Communications Security Establishment (CSE) 2 BADASS IP

LEVITATION Rapidshare Megaupload 2012



98

91

Stanford PowerSpy Android 90%



Edward Snowden

Apple Siri

92

93

19 2558 (Edward Snowden) NSA GCHQ Gemalto NSA GCHQ 2553-2554 Gemalto 2 Token VPN

NSA/GCHQ

Gemalto

Walk N' Talk Technologies Siri Apple Apple Apple Siri

Apple Apple Samsung Samsung Smart TV

: 27-02-2558 : The Intercept ,

Gemalto


100

G20 94 Guardian

G20 , ,

(Auto-fill) Outlook

Auto-fill

10,000

: 31-03-2558 : The Guardian


Facebook

NSA /

95

96

26 2558 ( Great Firewall of China) Facebook JavaScript Facebook Login

( VPN) Facebook Login

Facebook wpkg.org ptraveler.com

Baidu GitHub DDoS ( The Great Cannon)

7 2558 National Security Agency NSA

NSA (Edward Snowden) 2556

: 29-04-2558 : The Verge

102

FBI


Selfie 97

Darth Vader Facebook 20,000

Facebook



Snowden NSA Google Play Store 98

(Edward Snowden) NSA 5 Five Eye (Hijack) Google Play Store Samsung App Store

2011 2012 IRRITANT HORN

Man-in-the-middle

Google Play Store Samsung App Store 2012 Jon Oberheide Charlie Miller SummerCon 2012 Android Market ( Play Store) HTTP


Jon Oberheide

104

Facebook Messenger 99

Cambridge Chrome extension Marauders Map Facebook Messenger

Marauders Map Location New messages include your location by default



17% Facebook 100

The Parent Zone 2,000

17% Facebook

70%

51%

39% 17% Facebook Instagram 2

Facebook Messenger


106

"DuckDuckGo" 6

WhatsApp

101

102

NSA (Privacy) DuckDuckGo 6 3

DuckDuckGo Google Google

Google DuckDuckGo

DuckDuck-Go https://duckduckgo.com Firefox Safari Search Engine DuckDuckGo

Electronic Frontier Foun-dation - EFF (https://www.eff.org/) WhatsApp

AT&T Verizon

EFF 5

: 20-06-2558 : NakedSecurity


47 1 103

Recorded Future 1 89 47 Pastebin

2558 47 12 2 (2 Factor Authentication)

http://go.recordedfuture.com/government-credentials-report


1.

2.

3.

4.

5. backdoors

https://www.eff.org/who-has-your-back-government-data- requests-2015

: 26-06-2558 : Softpedia

108

GhostShell 104

2 2558 2.00 . GhostShell

GhostShell 28 2558 500 13,000 4,000 (.edu) 108 82 .com 61 40

Ghost-Shell SQL injection

58 3 21

1.

2.

3.


: 02-07-2558 : Twitter ,

Computerworld

1.

2. Log

3.

4.

Ghostshell .. 2012 120,000 NASA, Pentagon, Federal Reserve FBI 1.6

110

Hacking Team 400 GB 105

Hacking Team Malware ( ) Spyware ()

400 GB Hacking

Team

Hacking Team Hacking Team

Hacking Team



- 4.8 2 . Vtech 106

MAwarenessboard Vtech , , 4.8 (), , 2

14 2558

4 ( haveibeenpwned.com) 1 Adobe 152 www.haveibeenpwned.com

: 01-12-2558 : MAwarenessboard

112

Vulnerability


Mac Thunderbolt

OpenSSL

107

108

Chaos Computer Congress (30C3) Trammell Hudson Mac Thunderbolt Thunderbolt Thunderstrike

Hudson

OS X ROM

Mac Apple Mac mini iMac 5K Retina Mac

OpenSSL OpenSSL Denial of Service

OpenSSL 1.0.1 ,1.0.0 ,0.9.8 1.0.1k, 1.0.0p, 0.9.8zd

: 06-01-2558 : thehackernews

: 09-01-2558 : openssl

114

Google Android 4.4

Samsung Smart TV

109

110

Rapid7 Android 4.4

Google Android 4.4 Android 4.4 61% Android Google

Smart TV Samsung Smart TV (Voice Recognition) Samsung

Samsung




Facebook

Microsoft PowerPoint

111

112

Laxman Muthiyah Facebook

Public Laxman Facebook

Micorosoft 10 2558 KB2920732 Microsoft PowerPoint 2013

Microsoft PowerPoint Microsoft Windows Update

8 ( 2557) Microsoft Windows Update 6



116

BIND

FireEye Masque Attack

113

114

18 2558 ISC Denial of Service BIND

9.9.6-P2 9.10.1-P2

2557 FireEye Masque Attack iOS App Store Jailbreak ( https://thaicert.or.th/papers/technical/2014/pa2014te003.html)

FireEye

URL scheme iOS URL

URL scheme URL "googlechrome://" Google Chrome

: 19-02-2558 : ISC


Mac OS X Internet Explorer 2557 115

GFI 2557

1. Mac OS X (147 ) iOS Linux Windows 7 5 Windows 8 7

2. IE (242 ) Chrome Firefox

3. Nation-al Vulnerability Database (NVD) 2557 7,038 2556 4,794

4. 2557 24% 1,705 2556 1,612

: 20-02-2558 : FireEye

: 24-02-2558 : GFI Blog

URL "fb://" Facebook

iOS URL scheme URL scheme

CVE-2014-4494 Apple iOS 8.1.3 iOS

118

Telegram

Samba

116

117

Zimperium Telegram Telegram Kernel Android root Cache Telegram

Telegram 30

Telegram Telegram root root OS

23 2558 Samba Samba (CVE-2015-0240) (Remote Code Execution)

Samba 3.5.0 - 4.2.0rc4

: 24-02-2558 : CIO


WP-Slimstat WordPress

Bitdefender SSL

118

119

Sucuri WordPress WP-Slimstat SQL Injection

WordPress 1,300,000 3.9.6

Risk Based Security Bitdefender SSL (Revoke) Bitdefender Antivirus

Plus, Bitdefender Internet Security Bitdefender Total Security

Bitdefender HTTPS SSL

: 27-02-2558 : Sucuri

: 27-02-2558 : Samba

Debian: http://www.debian.org/security/2015/dsa-3171

Redhad:https://securityblog.redhat.com/2015/02/23/samba-vulnera-bility-cve-2015-0240/

Ubuntu: https://securityblog.redhat.com/2015/02/23/samba-vulner-ability-cve-2015-0240/

120

: 27-02-2558 : PC World

SSL Bitdefender

SSL Bitdefender SSL SSL

SSL Bitdefender

Bitdefender Bitdefender

Business Storage 2-Bay 120

0-day Business Storage 2-Bay NAS Seagate root

Business Storage 2-Bay NAS 2014.00319, 2013.60311 2014.00319



Blu-ray Blu-ray 121

NCC Group Blu-ray Blu-ray

PowerDVD Blu-ray Blu-ray Disc Java (BD-J) Java Blu-ray

BD-J Xlets Xlets PowerDVD

Xlets

Blu-ray Linux BusyBox root Blu-ray

PowerDVD Blue-ray Blu-ray Blu-ray

: 05-03-2558 : PC World

122

Toshiba Admin

Yoast Wordpress 14

122

123

Blue-tooth Stack TOSHIBA Service Station Toshiba (Administrator)

Toshiba CVE-2015-0884 Bluetooth Stack for Windows 9.10.32 TOSHIBA Service Station 2.2.14 TOSHIBA (http://www.toshiba.co.uk/innovation/generic/computing-support/)

WPScan Vulnerability Database SQL Injection WordPress Yoast SQL Injection

WordPress 14,00,000 1.7.4

: 06-03-2558 : Softpedia ,

CERT



Line

D-Link DCS-93xL

124

125

16 2558 Line Man-In-The-Middle

Line WiFi

D-Link D-Link DSC-93xL

(Arbitrary Code Execution)

Firmware

: 17-03-2558 : Line

: 19-03-2558 : D-Link

124

Drupal

PHP Ubuntu

126

127

18 2558 Drupal Drupal URL Drupal

URL redirect Parameter "destination"

Drupal (6.35, 7.35)

18 2558 Ubuntu PHP Ubuntu 14.10, 14.04 LTS, 12.04 LTS 10.04 LTS

(Denial of Service) (Remote Code Execution) PHP

: 23-03-2558 : Drupal

: 23-03-2558 : Ubutu


OpenSSL

Mozilla Firefox 36.0.3 Pwn2Own

128

129

19 OpenSSL OpenSSL (Denial of Service) OpenSSL

OpenSSL (OpenSSL 1.0.2a 1.0.2 , OpenSSL 1.0.1m 1.0.1, OpenSSL 1.0.0r 1.0.0 OpenSSL 0.9.8zf 0.9.8)

Mozilla Firefox Pwn2Own 2015

(Remote Code Execution)

Mozilla Firefox 36.0.3, Firefox ESR 31.5.2 SeaMonkey 2.33.1

: 23-03-2558 : OpenSSL

: 24-03-2558 : Mozilla

126

Firefox, Chrome, IE, Safari Pwn2Own 2015

BIOS OS

130

131

HP Pwn2Own 2015 Firefox, Chrome, IE Safari (Privilege Escalation)

Jung Hoon Lee 7 IE, Chrome Safari ilxu1a Firefox

BIOS CanSecWest (Malicious Code) BIOS

BIOS 2

BIOS BIOS Dell, Lenovo HP

: 24-03-2558 : HP

: 24-03-2558 : Wired


IP Phone Cisco

Android

132

133

IP Phone Cisco SPA300 SPA500 3

Cisco 7.5.5 Cisco

Palo Alto Networks PackageInstaller Android .apk .apk

.apk (permission) .apk

Android 4.4 49.5% Android root Palo Alto Networks Android Google Play Store

: 24-03-2558 : IT News

: 25-03-2558 : Palo Alto Networks

128

YouTube

WordPress

ntpd

134

135

136

Kamil Hismatullin YouTube Request Session Token

Google Facebook

US-CERT WordPress WP Super Cache

Cross-Site Scripting 1.4.4

8 US-CERT ntpd The Network Time Foundation

Man-in-the-middle (Denial of Service) ntpd 4.2.8p2


: 10-04-2558 : US-CERT

: 10-04-2558 : US-CERT


WordPress

iOS 8 iPhone-iPad WiFi

137

138

21 2558 WordPress Cross-Site Scripting

WordPress SQL Injection

WordPress 4.1.2

iOS 8 ( iPhone iPad)

iOS 8 SSL Certificate SSL Certificate

WiFi Access Point SSL Certificates Access Point WiFi NO iOS ZONE DoS (Denial-of-Service)

: 22-04-2558 : WordPress

130

NO iOS ZONE

WiFi Free WiFi


Lenovo System Update 139

IOActive 3 Lenovo System Update Lenovo 3

1. Lenovo System Update Service SYSTEM (CVE-2015-2219)

2. Lenovo System Update

Man-in-the-middle

3. Lenovo System Update

3 Lenovo System Update 5.6.0.27 Lenovo IOActive Lenovo

: 07-05-2558 : Gizmodo ,

IOActive


VENOM Virtual Machine 140

13 2558 CrowdStrike Computer Virtualization Platform Floppy disk ( Virtual Machine Escape)

QEMU 2004 Opensource

Virtualization Opensource Xen, KVM, VirtualBox VMware Microsoft Hyper-V

VirtualBox 4.3.28 Redhat, Ubuntu, Debian, Xen Project, QEMU, Citrix, FireEye, Linode, Rackspace, SUSE, DigitalOcean, f5 http://venom.crowdstrike.com/

: 14-05-2558 : CrowdStrike

132

URL Safari

Logjam TLS

141

142

Safari iOS OS X URL () Safari

URL

Apple

TLS Man-in-the-middle TLS HTTPS, SSH, IPSec, SMTPS VPN Logjam

TLS Diffie-Hellman (

TLS) Client DHE_EXPORT Client

DHE_EXPORT Server Client



UC Browser Android 143

University of Toronto UC Browser Android 500 ( IMEI, Geolocation, Search)

UC Browser UCWeb Inc. Android,

iOS, Windows Phone Windows UC Browser Android

UC Browser Android 2 Xiaomi App Store UC Browser (Permission) . SMS Geolocation .

: 21-05-2558 : Weakdh

512

1 HTTPS 8.4%

( HTTPS) Logjam https://weakdh.org/sysadmin.html DHE_EXPORT https://weakdh.org/sysadmin.html

134

UC Browser 270 HTTP WiFi

WiFi Access Point UC Browser

Search UC Browser Search Google Yahoo! HTTP Google Yahoo! HTTPS

: 22-05-2558 : Citizenlab

Add-on Unity Web Player 144

Cross- domain Policy

Jouko Pynnnen Unity Web Player Add-on 3D

Unity Web Player Gmail (https://www.youtube.com/watch?v=zzujoyWzUvo) Unity Web Player Redirect http://attacker.site:[email protected]/


: 05-06-2558 : Softpedia

Unity Technologies Unity Web Player

2557

Samsung Galaxy 600 145

Samsung 600 Samsung Galaxy S5, S6 (Remote Code Execution)

Samsung IME Keyboard Android 4.4 WiFi

Samsung IME Keyboard Extract

Samsung IME Keyboard Samsung WiFi


136

Drupal

Flash Player

146

147

Drupal 4 Drupal (Critical) 1 OpenID OpenID

OpenID OpenID Verisign, LiveJournal, StackExchange

Drupal 6.x 7.x (6.36, 7.38)

23 2558 Adobe Adobe Flash Player (Remote Code Execution)

Internet Explorer

Windows 7 Firefox Windows XP

Adobe Flash Player (18.0.0.194 Windows Macintosh, 11.2.202.468 Linux)

: 19-06-2558 : Drupal

: 24-06-2558 : Adobe


Flash Player

Apple OS X 10.10.4, iOS 8.4

148

149

Adobe Adobe Flash Player

(Exploit Kits) Magnitude (Ransomware)

Magnitude Adobe Flash Player

Adobe Flash Player (18.0.0.194 Windows Macintosh, 11.2.202.468 Linux)

30 .. Apple QuickTime 7.7.7, iTunes 12.2, Safari 8.0.7, Safari 7.1.7, Safari 6.2.7, Mac EFI Security Update 2015-001, OS X Yosemite 10.10.4 and Security Update 2015-005 iOS 8.4 77

(Remote Code Execution) EFI Mac Flash Memory Format

: 30-06-2558 : Malware don't need Coffee

: 01-07-2558 : net-security

138

OpenSSL

Adobe Adobe Flash Player Hacking Team

150

151

OpenSSL OpenSSL 1.0.2d 1.0.1p

1.0.0 0.9.8 9 2558

8 Adobe Adobe Flash Player Hacking Team ( http://thcert.co/7y4A41) (Remote Code Execution)

Angler Exploit Kit Nuclear Exploit Pack

Flash Player ( 18.0.0.203 Windows OSX, 11.2.202.481 Linux )

: 07-07-2558 : openssl.org

: 09-07-2558 : Adobe ,

Trendmicro


Internet Explorer (CVE-2015-2372)

Windows (CVE-2015-2426)

152

153

Hacking Team ( http://thcert.co/93Tsh6) Vectra Internet Explorer (Remote Code Execution) CVE-2015-2372

Microsoft 14 2558 12 Remote Code Execution (Privilege Escalation) Windows

20 2558 Microsoft OpenType

(Remote Code Execution) CVE-2015-2426

Microsoft Windows KB3079904

: 16-07-2558 : Naked Security ,

Microsoft

: 21-07-2558 : Microsoft

140

WordPress 4.2.3 Cross-Site Scripting

Stagefright Android MMS

154

155

23 2558 WordPress 4.2.3 Cross-Site Scripting

20 WordPress Auto Update 4.2.3 Dashboard Update

Zimperium Android Stagefright Stagefright Remote Code Execution

MMS Message

Stagefright MMS Google Hangouts SMS Hangouts MMS Preview Google Hangouts SMS MMS MMS

: 24-07-2558 : WordPress


: 28-07-2558 : Forbes

root

Android Google Android

Google Hangouts SMS MMS Message MMS APN MMS

142

Android Stagefright MMS156

Stagefright Android MMS (http://thcert.co/1S01ZY) Trend Micro MMS

Stagefright Android Stagefright

MMS

Google Chrome Mozilla Firefox Firefox 38 Android Firefox ( Facebook Twitter) Play Store



Android Police

Google Chrome Extension 157

Detectify Labs Google Chrome (Extension)

Google Chrome ping ID / ID

HTTPS Everywhere ID "gcbommkclmclpchllfjek-cdonpmejbdp" ping ""

Google Google

Google Android 5.1.1_r5 Android Android 5.1

Custom Firmware ( CyanogenMod)

: 05-08-2558 : Softpedia ,

Detectify labs

144

: 06-08-2558 : Ars Technica ,

The Verge , Android Police

Android Stagefright158

Zimperium Stagefright Android MMS ( http://thcert.co/nIxh6A)

Google Stagefright Nexus Stagefright

- Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10 Nexus Player

- Samsung Galaxy S5, S6, S6 Edge, Note 4 Note Edge

- HTC One M7, One M8, One M9

- LG G2, G3, G4

- Sony Xperia Z2, Xperia Z3, Xperia Z4, Xperia Z3 Compact

- Android One


: 07-08-2558 : ZDNet

Dropbox, Google Drive, OneDrive man-in-the-cloud159

Black Hat USA 2015 Imperva cloud man-in-the-cloud cloud

man-in-the-middle token ( token cloud cloud )

token

( ) token cloud ransomware cloud token

(design flaw)

146

: 10-08-2558 : Naked Security ,

Security Week , Mozilla

PDF Firefox Firefox 39.0.3

Android AudioEffect

160

161

Mozilla Firefox CVE-2015-4495 PDF (PDF Viewer)

Mozilla Firefox (Firefox 39.0.3 Firefox ESR 38.1.1) Firefox Android PDF Viewer

Trend Micro AudioEffect Android CVE-2015-3842 Android 2.3 (Gingerbread) 5.1.1 (Lollipop)

AudioEffect AudioEffect (Permission)



Android 162

Stagefright Mediaserver CVE-2015-3842 Pennsylvania State University FireEye Android Task Hijacking Android (Multitasking)

1.

2. Video Player

3.

4.

5.

Google Android

148

Google Verify Apps (https://support.google.com/accounts/an-swer/2812853?hl=th)

Play Store


USENIX

Belkin N600 (CVE-2015-5989)163

CERT 5 Belkin N600 DB Wireless Dual Band N+, F9K1102 v2 2.10.17

1. ( CVE-2015-5989)

2. DNS Response ( CVE-2015-5987)

3. Firmware HTTP ( CWE-319)

4. Cross-Site Request Forgery DNS ( CVE-2015-5990)


: 01-09-2558 : CERT

: 03-09-2558 : ISC , ISC

ISC 2 BIND (CVE-2015-5986, CVE-2015-5722)

Seagate Telnet Username Password root

164

165

ISC CVE-2015-5986, CVE-2015-5722 BIND DoS

(Denial-of-Service) BIND 9.9.7-P3 BIND 9 version 9.10.2-P4

CERT Seagate 3

- CVE-2015-2874 Telnet Username Password root

- CVE-2015-2875

- CVE-2015-2876 /media/sda2

ACL (Access Control List)

150

Seagate 3.4.1.105 Seagate

Seagate (https://apps1.seagate.com/downloads/request.html)

: 04-09-2558 : CERT

: 17-09-2558 : Wordpress

WordPress 4.3.1 Cross-Site Scripting (CVE-2015-5714) Privilege Escalation (CVE-2015-5715)166

15 2558 Word-Press 4.3.1 Cross-Site Scripting ( CVE-2015-5714) Privilege Escalation

( CVE-2015-5715) Private Sticky Post WordPress Auto Update 4.3.1 Dashboard Update


: 17-09-2558 : Forbes

AirDrop iOS, OS X 167

Mark Dowd Azimuth Security AirDrop iOS iOS AirDrop Jailbreak

AirDrop Enterprise iOS App Store Dowd iPhone AirDrop

Dowd iOS 9 Apple AirDrop iOS 9 OS X (Yosemite) OS X El Capitan

Apple Apple

152

: 05-10-2558 : SecLists

WinRAR

Zyxel NBG-418N, PMG5318-B20A P-660HW-T1

168

169

WinRAR 5.21 (Remote Code Execution)

SFX (self-extracting file) .exe Extract

SFX WinRAR Description .exe description .exe

WinRAR .exe

13 2558 CERT Zyxel NBG-418N, PMG5318-B20A P-660HW-T1 5 Remote Code Execution (CVE-2015-6018) ,

XSS (CVE-2015-6017) (CVE-2015-6016) 2 (CVE-2015-6019, CVE-2015-6020)


: 14-10-2558 : CERT

: 16-10-2558 : Apple

: 16-10-2558 : Mozilla

Apple 4 Keynote, Pages Numbers

Mozilla Firefox 41.0.2

170

171

15 2558 Apple 4 (CVE-2015-3784, CVE-2015-7032, CVE-2015-7033, CVE-2015-7034) 3 iOS OS X Keynote, Pages Numbers


(Keynote 6.6, Pages 5.6, Numbers 3.6)

15 2558 Mozilla (CVE-2015-7184) Firefox Cross-origin bypass

Firefox (Firefox 41.0.2) Alt Help > About

Zyxel P-660HW-T1

()

154

: 23-10-2558 : Joomla

: 23-11-2558 : Adobe

Joomla! 3.4.5

ColdFusion 10, 11 Cross-Site Scripting (CVE-2015-8052, CVE-2015-8053) Server-side Request Forgery

172

173

22 2558 Joomla! Joomla! 3.4.5 SQL Injection (CVE-2015-7297, CVE-2015-7857, CVE-2015-7858) (CVE-CVE-2015-7859,

CVE-2015-7899)

Joomla! (http://thcert.co/Z9vSJP)

17 2558 Adobe ColdFusion 10 11 Cross-Site Script-ing ( CVE-2015-8052, CVE-2015-8053)

Server-side Request Forgery (CVE-2015-5255) ColdFusion Cold-Fusion 11 Update 7 ColdFusion 10 Update 18


: 04-12-2558 : OpenSSL

OpenSSL

Joomla! 1.5 3.4.5

174

175

3 2558 OpenSSL OpenSSL 4 (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196) OpenSSL Denial of Service

(0.9.8zh, 1.0.0t, 1.0.1q 1.0.2e) 0.9.8zh, 1.0.0t OpenSSL 0.9.8 1.0.0 1.0.1 1.0.2

14 2558 Joomla! Joomla! 3.4.6 4 Remote Code Execution

Sucuri Joomla! Log Request 146.0.72.83 74.3.170.33 194.28.174.106 Request "JDatabaseDriv-erMysqli" "O:" Request

156

Website Security Standard 7.1.1 (https://standard.etda.or.th/wp/wp-content/uploads/2014/09/Website-Securi-ty-Standard_V6E6.2.pdf)

Joomla! 1.5 2.5 (End of Life) (https://docs.joomla.org/Security_hotfix-es_for_Joomla_EOL_versions) Joomla!

: 15-12-2558 : Joomla! ,

Sucuri

: 16-12-2558 : MacKeeper ,

The Hacker News

MacKeeper 176

Chris Vickery MacKeeper Antivirus (Macintosh) 13 21 (Hash) MacKeeper

MacKeeper MacKeeper


: 22-12-2558 : Juniper ,

SANS , Shodan

Juniper ScreenOS 177

22 2558 SANS SSH Telnet Shodan 170

17 2558 Juniper 2 ScreenOS Firewall NetScreen

VPN Juniper (ScreenOS 6.2.0r19 6.3.0r21) (ScreenOS 6.2.0r15-6.2.0r18 6.3.0r12-6.3.0r20)

160

CTB Locker

: 23 2558 : 11 2558 : CTB Locker

: Malicious code

CTB-Locker

Curve-Tor-Bitcoin Locker Ransomware External Drive .pdf, .xls, .ppt, .txt, . py, .wb2, .jpg, .odb, .dbf, .md, .js, .pl, .doc

1


630 ( 20,000 ) Bitcoin ( )

CTB-Locker 2 CTB-Locker 4 ( ) 5 96

1 CTB-Locker [1]

162

2 [2]

CTB-Locker

1 ( .zip) ( .scr)

3 8-10


3

3 BTC 630 96 4

5

164

[]

breteau-photographe.com jbmsystem.fr maisondessources.com pleiade.asso.fr scolapedia.org voigt-its.de

4

CTB-Locker


5 Directory Windows Temp

Windows CTB Locker

5

1. External Drive

2. Public Key 6 CTB-Locker

Private Key Public Key

166

3. Windows 7 Shadow volumn copies volumn 7 - 11

Shadow volumn copies CTB-Locker

6 Public Key CTB-Locker

7 Shadow volumn copies CTB-Locker


8 - 9 Shadow volumn copies CTB-Locker ()

168

10 - 11 Shadow volumn copies CTB-Locker ()


4. Format

1.http://blog.trendmicro.com/trendlabs-security-intelligence 2.https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25696/en_US/McAfee_Labs_Threat_Advisory_CTB-Locker.pdf

1.

2. / Java Adobe Reader

3.

4.

5. CTB-Locker

CTB-Locker

170

(GHOST, CVE-2015-0235)

glibc

: 29 2558 : 29 2558 : glibc

(GHOST, CVE-2015-0235)

: Intrusion

27 2558 Qualys glibc GNU C Library Library C Linux [1] __nss_host-name_digits_dots() gethostbyname() Hostname Buffer overflow

(Remote code execution) Exim Address space layout randomization (ASLR), Position-independent executables (PIE) No-execute (NX) [2] CVE CVE-2015-0235 [3]

2


Ubuntu [4]

Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.10

Ubuntu 10.04 LTS: libc6 2.11.1-0ubuntu7.20

Debian [5]

Debian 7 LTS (Wheezy): 2.13-38+deb7u7

Red Hat Enterprise Linux CentOS [6]

RHEL 5: glibc-2.5-123.el5_11.1

RHEL 6: glibc-2.12-1.149.el6_6.5

RHEL 7: glibc-2.17-55.el7_0.5

CentOS 6: glibc-2.12-1.149.el6_6.5

CentOS 7: glibc-2.17-55.el7_0.5

Linux Debian Redhat (Patch) glibc

glibc

172

glibc

Debian Ubuntu

ldd --version ldd glibc

[user@ubuntu ~]$ ldd version ldd (Ubuntu GLIBC 2.19-10ubuntu2.2) 2.19 Copyright (C) 2014 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Written by Roland McGrath and Ulrich Drepper.

Red Hat Enterprise Linux CentOSU>

rpm -q glibc

[user@centos ~]$ rpm -q glibc

glibc-2.17-55.el7_0.5


1. Distribution

Debian Ubuntu

sudo apt-get update && sudo apt-get dist-upgrade reboot sudo reboot glibc

Red Hat Enterprise Linux CentOS

sudo yum update glibc reboot sudo reboot glibc

2. glibc

Linux

1.https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability2.http://www.openwall.com/lists/oss-security/2015/01/27/93.http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-02354.https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GHOST5.https://lists.debian.org/debian-security-announce/2015/msg00025.html6.https://rhn.redhat.com/errata/RHSA-2015-0092.html

glibc

174

DNS D-Link

: 30 2558 : 30 2558 : D-Link

DNS : Intrusion

27 2558 Computerworld Todor Donev Ethical Hacker ZyNOS D-Link DSL-2740R DNS server [1] ZyNOS TP-Link ZTE [2] [3] D-Link

DNS server DNS server Domain name IP address Server DNS server

3


Remote Access Control

Advance WAN

1

D-Link DSL-2740R

ZyNOS TP-Link ZTE

ACL (Access Control List) D-Link

176

1 Remote Access Control DSL-2740R

Apply Settings

1.http://www.computerworld.com/article/2876292/dns-hijacking-flaw-affects-d-link-dsl-router-possibly-other-devices.html2.http://en.wikipedia.org/wiki/ZyNOS3.http://packetstormsecurity.com/files/130113/D-Link-DSL-2740R-Unauthenticated-Remote-DNS-Change.html


(Phishing)

: 12 2558 : 12 2558 : (Phishing)

: Phishing

11 2558

http://goo.gl/B7YLSZ 1 (goo.gl Google URL) http://www.form2pay.com/publish/publish_form/163363

4

178

Phishing () 2

1


2 Phishing

10 .. 2558 ( 12 .. 2558 9.30 .)

285 7 ( Referer) 3

180

3 12 2557 9:30 .


1.

2. Phishing

3. Phishing URL

http://goo.gl/B7YLSZ

http://www.form2pay.com/publish/pub-lish_form/163363

4.

182

(FREAK)

SSL/TLS

: 5 2558 : 5 2558 : SSL/TLS

(FREAK) : Other

3 INRIA, Microsoft Research IMDEA Software FREAK (Factoring RSA Export Keys) Cipher suite SSL/TLS Cipher suite [1] OpenSSL CVE CVE-2015-0204 [2] [3] Apple

Google [4]

Cipher suite Cipher suite (Cipher suite Export-grade EXP EXPORT Cipher suite) RSA 512 bits

5


OpenSSL

1.0.1 1.0.1k

1.0.0 1.0.0p

0.9.8 0.9.8zd

Android

Safari OS X iOS

Cipher suite RSA export-grade cipher suite [5][6]

University of Michigan HTTPS 36.7% RSA export-grade cipher suite [7] 1 Alexa .th 60 (

) [8] e-banking

Man-in-the-middle SSL certificate HTTPS

184

1.

https://freakattack.com/clienttest.

html

1


1. SSL/TLS RSA export-grade cipher suite

Terminal openssl s_client -connect : -cipher EXPORT

handshake failure SSL

certificate RSA export-grade cipher suite

https://www.ssllabs.com/ssltest Cipher Suites Cipher suite RSA_EXPORT RSA export-grade cipher suite

2. Android Browser Safari

Mozilla Firefox

3.

186

2 RSA export-grade cipher suite

1.https://www.smacktls.com2.https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-02043.https://www.openssl.org/news/secadv_20150108.txt4.http://www.reuters.com/article/2015/03/03/us-apple-cybersecurity-idUSKBN0LZ2GA201503035.http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html6.https://blogs.akamai.com/2015/03/cve-2015-0204-getting-out-of-the-export-business.html7.https://freakattack.com8.https://freakattack.com/vulnerable.txt

2. OpenSSL OpenSSL Linux

OpenSSL


BSOD (CVE-2015-1635)

HTTP Protocol Stack (HTTP.sys)

: 16 2558 : 17 2558 : HTTP Protocol Stack (HTTP.sys)

BSOD (CVE-2015-1635)

: Intrusion Availability

14 2558 Microsoft Security Bulletin MS15-034 HTTP Protocol Stack ( HTTP.sys) Remote Code Execution [1] (Critical) CVE-2015-1635 [2] Bluescreen Error Blue Screen Of Dead (BSOD)

SANS [3] SANS (Honeypot) Bluescreen Error

HTTP Protocol Stack HTTP Request HTTP Request [4]

6

188

Bluescreen error

HTTP.sys Kernel SYSTEM

Windows 7 Windows 7 Service Pack 1 32 bit 64 bit

Windows Server 2008 R2 Windows Server 2008 R2 Service Pack 1 32 bit 64 bit

Windows 8 Windows 8.1 32 bit 64 bit

Windows Server 2012 Windows Server 2012 R2 32 bit 64 bit

Windows Server 2012 Windows Server 2012 R2 Server Core

: HTTP Protocol Stack (HTTP.sys) IIS Windows [5]


IIS

1. https://lab.xpaw.me/MS15-034/

2. Command Line CURL

[6]

1 https://lab.xpaw.me/MS15-034/

2

#curl -v SERVER_IP -H "Host: anything" -H "Range: bytes=0- 18446744073709551615"

190

Microsoft KB3042553 Microsoft Windows Update

IIS IIS Kernel Caching [7]

1.https://technet.microsoft.com/en-us/library/security/ms15-034.aspx2.http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-16353.https://isc.sans.edu/forums/diary/MS15034+HTTPsys+IIS+DoS+And+Possible+Remote+Code+Execution+PATCH+NOW/19583/4.https://ma.ttias.be/remote-code-execution-via-http-request-in-iis-on-windows/5.https://nakedsecurity.sophos.com/2015/04/15/update-tuesday-april-2015-urgent-action-needed-over-microsoft-http-bug/6.https://blog.sucuri.net/2015/04/website-firewall-critical-microsoft-iis-vulnerability-ms15-034.html7.https://technet.microsoft.com/en-us/library/cc731903%28v=ws.10%29.aspx


SSL (CVE 2015-1793)

OpenSSL

: 11 2558 : 11 2558 : OpenSSL

SSL (CVE 2015-1793)

: Other

OpenSSL SSL TLS Open source OpenSSL Linux, , VPN

6 2558 OpenSSL OpenSSL 1.0.2d 1.0.1p 1.0.0 0.9.8 OpenSSL

9 2558 [1]

SSL Man-in-the-Middle (MitM) [2] [3]

7

192

OpenSSL [4]

1.0.1o 1.0.1p

1.0.1n 1.0.1p

1.0.2b 1.0.2d

1.0.2c 1.0.2d

OpenSSL

DPKG Debian, Ubuntu

dpkg -s openssl

RPM CentOS, Redhat

rpm -q --info openssl

1.https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html2.https://www.thaicert.or.th/papers/general/2012/pa2012ge012.html3.https://nakedsecurity.sophos.com/2015/07/09/the-openssl-cve-2015-1793-certificate-verification-bug-what-you-need-to-know/4.https://www.openssl.org/news/secadv_20150709.txt


(CVE-2015-5122, CVE-2015-5123)

Adobe Flash Player

: 13 2558 : 16 2558 : Adobe Flash Player

(CVE-2015-5122, CVE-2015-5123)

: Intrusion

14 2558 Adobe Adobe Flash Player (18.0.0.209 Windows Mac OS X) CVE-2015-5122 CVE-2015-5123 [8]

11 12 2558 Adobe Flash Player Hacking Team Use-after-free [1] [2]

CVE-2015-5122 CVE-2015-5123

Flash Microsoft Office Flash

8

194

Adobe Flash Player [3]

Adobe Flash Player 18.0.0.203 Windows Mac OS X

Adobe Flash Player Extended Support Release 13.0.0.302 13.x Windows Mac OS X

Adobe Flash Player Extended Support Release 11.2.202.481 11.x Linux

Adobe Flash Player [4] [5]

Adobe Flash Player Click-to-Play ( Flash ) [6]

Microsoft Enhanced Mitigation Experience Toolkit (EMET) [7]

1.http://www.kb.cert.org/vuls/id/3387362.http://www.kb.cert.org/vuls/id/9185683.https://helpx.adobe.com/security/products/flash-player/apsa15-04.html4.https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html5.https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html6.http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/7.www.microsoft.com/emet8.https://helpx.adobe.com/security/products/flash-player/apsb15-18.html


Asus, ZTE, Digicom Observa Telecom

: 28 2558 : 28 2558 : Asus, ZTE, Digicom

Observa Telecom

: Intrusion

25 2558 CERT Carnegie Mellon ASUS DSL-N12E, DIGICOM DG-5524T, Observa Telecom RTA01N Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN ZTE ZXV10 W300 (CVE-2014-0329) 2557 [1] Mac Address Mac Address (Remote Access) [2]

(Remote Access) DNS Server

ASUS DSL-N12E, ZTE ZXV10 W300, DIGICOM DG-5524T, Observa Telecom RTA01N Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN

9

196

ACL (Access Control List)

1.https://www.kb.cert.org/vuls/id/2288862.http://www.kb.cert.org/vuls/id/950576


iOS WeChat

Xcode

: 21 2558 : 21 2558 : Xcode

iOS WeChat

: Malicious Code

17 2558 Palo Alto Networks XcodeGhost Xcode Apple Xcode iOS / [1]

Xcode iOS Mac OS X Xcode Apple

Palo Alto Networks Xcode Xcode iOS Xcode / App Store Apple iOS Jailbreak

10

198

Palo Alto Networks Xcode WeChat

iOS / [2]

iOS Palo Alto Networks Fox-it 50 [1]

WeChat 6.2.5 [3]

WinZip

CamScanner

CamCard

Oplayer

PDFReader

Perfect365


Xcode [1] iOS Apple App Store [4]

Xcode [5]

iOS Apple ID

: WeChat 6.2.6 [3]

1.http://researchcenter.paloaltonetworks.com/2015/09/malware-xcodeghost-infects-39-ios-apps-including-wechat-affect-ing-hundreds-of-millions-of-users/2.http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/3.http://blog.wechat.com/2015/09/19/fixed-security-flaw-in-wechat-v6-2-5-for-ios/4.http://www.bbc.com/news/technology-343112035.https://developer.apple.com/xcode/download

200

Bookworm

: 13 2558 : 13 2558 : Bookworm

: Intrusion

10 2558 Palo Alto Bookworm [1] (Key Logging) (Clipboard Grabbing) (Command and Control Server C2 Server)

11


Bookworm

1 Bookworm hybrid-analysis.com [2] Executable Flash Player Flash Player

10

Bookworm

Palo Alto Bookworm [1]

Smart Installer Maker Extract 2 Side-loaded DLLs Microsoft Malware Protection (MsMpEng.exe) Kaspersky Anti-Virus

202

2 Bookworm

(ushata.exe) MpSvc.dll ushata.dll (Decrypt file) readme.txt extract XOR Bookworm DLL KBLogger.dll (Key

logging) (Clipboard grabbing) DLL (Command and Control server C2 server) DLL


3 Bookworm C2 [2]

1.

%AllUsersProfile%\Application Data\Microsoft\Crypto\RSA\Ma-chineKeys\sgkey.data ( 4)

%AllUsersProfile%\Application Data\Microsoft\DeviceSync ( 5)

%appData%\Surge ( 6)

Bookworm (Indicator of Compromise)

204

4 sgkey.data Bookworm

5 DeviceSync Bookworm

6 Surge Bookworm

2.


Domain Name IP Address

bkmai[.].blogdns[.]com 50.21.181.152, 74.208.153.9, 87.106.253.18, 87.106.149.145, 87.106.20.192,

213.165.83.176

debain[.]servehttp[.]com 115.144.107.22

linuxdns[.]sytes[.]net 115.144.107.134

news[.]nhknews[.]hk 127.0.0.1

sswmail[.]gotdns[.]com 50.21.181.152, 74.208.153.9, 87.106.253.18, 87.106.149.145, 87.106.20.192,

213.165.83.176

sswwmail[.]gotdns[.]com 50.21.181.152, 74.208.153.9, 87.106.253.18, 87.106.149.145, 87.106.20.192,

213.165.83.176

sysnc[.]sytes[.]net 115.144.107.134

systeminfothai[.]gotdns[.]ch 115.144.107.134

thailandbbs[.]ddns[.]net 153.251.226.56

ubuntudns[.]sytes[.]net 115.144.107.22

web12[.]nhknews[.]hk 127.0.0.1

1 C2 Server ( 13 .. 2558)

1. 2.

1 C2 Server ( 13 .. 2558)

1.

2.

3. Bookworm Hash Palo Alto [1]

https://www.virustotal.com/en/file/ac5742bf871c-7cabf9415721d88f38834d-6f73bb-926479b338861ab398090f81/analysis/

https://www.virustotal.com/en/file/2b02460613d-888536b83ec-9e658e33e98cb8d8d89eb-811cf5528fed78cebd062/analysis/

206

1.http://researchcenter.paloaltonetworks.com/2015/11/bookworm-trojan-a-model-of-modular-architecture/2.https://www.hybrid-analysis.com/sample/ac5742bf871c7cabf9415721d88f38834d6f73bb926479b338861ab398090f81?en-vironmentId=1

4.

5. (Block) 1

6. [email protected] 0 2123 1212


(CVE-2015-6125, MS15-127)

Microsoft Windows DNS

: 9 2558 : 9 2558 : Microsoft Windows DNS

(CVE-2015-6125, MS15-127)

: Intrusion

8 2558 Microsoft Windows DNS ( Remote Code Execution) Critical


Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2012

Windows Server 2012 R2

12

208

1. https://technet.microsoft.com/en-us/library/security/ms15-127.aspx

Microsoft Windows Update [1]

212

Gmail, Outlook Yahoo

: : 12 2558 : 12 2558

Gmail, Outook Yahoo

1. 2 (2-step verifica-tion)

2 2 2 3

1. (Something you know)

2. (Something you have) ,

3. (Something you are) ,

2

1


Gmail, Outlook Yahoo

2 SMS

5.1, 5.2 5.3

2 , Outlook 2010, Thunder-bird 5.4, 5.5 5.6

2.

Trusted Device 2 5.7, 5.8 5.9

214

3.

Keylogger Keylogger

On-Screen Keyboard Keylogger On-Screen Keyboard Windows XP 1 On-Screen Keyboard

1 On Screen Keyboard 7


4.

( [1])

1. 8

2. -

3.

4.

5. 3

/

/

216

5.

5.1 2 Gmail

[2] 2 - 7

2 - 3 2


4 - 6 2 ()

218

7 2 ()

2

2 8 - 10

8 2


9 - 10 2 ()

220

2

2 Backup codes 11 - 14

11 - 12


5.2 2 Outlook

2 Outlook 15 - 23

13 - 14 ()

222

15 - 16 2 Outlook


17 - 20 2 Outlook ()

224

5.3 2 Yahoo

2 Yahoo 24 - 29

21 - 23 2 Outlook ()


24 - 27 2 Yahoo

226

5.4 Gmail

Gmail 2-Step Verification google !! [3]

5.5 Outlook

Outlook Manage advanced security setting ( 5 5.2 2 Outlook) 30 - 31

28 - 29 2 Yahoo ()


5.6 Yahoo

Yahoo 32 - 38

30 - 31 Outlook

228

32 - 35 Yahoo


36- 38 Yahoo ()

5.7 Gmail

Gmail

Security Checkup 39 - 44

230

39 - 40 Gmail


41 - 43 Gmail ()

232

44 Gmail ()

5.8 Outlook

Outlook

Microsoft Account [4] Security & Privacy 45 - 50

45 Outlook


46 - 47 Outlook ()

234

48 - 50 Outlook ()


5.9 Yahoo

Yahoo 51 - 60

51 - 52 Yahoo