每日安全简讯(20161108)

1、网络安全法获通过，明年六月起施行
2、安全厂商分析仿冒流行应用移动木马
3、新型邮件钓鱼活动针对LinkedIn用户
4、俄外交部要求美方澄清入侵俄方消息
5、印度驻六国大使馆员工数据被泄露
6、特易购银行2万帐户被黑客窃取资金

【安天】搜集整理（来源：people、securelist、securityaffairs、securityweek、securityaffairs、irishexaminer）

1、网络安全法获通过，明年六月起施行
{CHN}
标题：中华人民共和国网络安全法

作者信息：2016年11月7日 By 第十二届全国人民代表大会常务委员会

//BEGIN
第一章　总　则
　　第一条　为了保障网络安全，维护网络空间主权和国家安全、社会公共利益，保护公民、法人和其他组织的合法权益，促进经济社会信息化健康发展，制定本法。
　　第二条　在中华人民共和国境内建设、运营、维护和使用网络，以及网络安全的监督管理，适用本法。
　　第三条　国家坚持网络安全与信息化发展并重，遵循积极利用、科学发展、依法管理、确保安全的方针，推进网络基础设施建设和互联互通，鼓励网络技术创新和应用，支持培养网络安全人才，建立健全网络安全保障体系，提高网络安全保护能力。
　　第四条　国家制定并不断完善网络安全战略，明确保障网络安全的基本要求和主要目标，提出重点领域的网络安全政策、工作任务和措施。
　　第五条　国家采取措施，监测、防御、处置来源于中华人民共和国境内外的网络安全风险和威胁，保护关键信息基础设施免受攻击、侵入、干扰和破坏，依法惩治网络违法犯罪活动，维护网络空间安全和秩序。
　　第六条　国家倡导诚实守信、健康文明的网络行为，推动传播社会主义核心价值观，采取措施提高全社会的网络安全意识和水平，形成全社会共同参与促进网络安全的良好环境。
　　第七条　国家积极开展网络空间治理、网络技术研发和标准制定、打击网络违法犯罪等方面的国际交流与合作，推动构建和平、安全、开放、合作的网络空间，建立多边、民主、透明的网络治理体系。
　　第八条　国家网信部门负责统筹协调网络安全工作和相关监督管理工作。国务院电信主管部门、公安部门和其他有关机关依照本法和有关法律、行政法规的规定，在各自职责范围内负责网络安全保护和监督管理工作。
　　县级以上地方人民政府有关部门的网络安全保护和监督管理职责，按照国家有关规定确定。
　　第九条　网络运营者开展经营和服务活动，必须遵守法律、行政法规，尊重社会公德，遵守商业道德，诚实信用，履行网络安全保护义务，接受政府和社会的监督，承担社会责任。
　　第十条　建设、运营网络或者通过网络提供服务，应当依照法律、行政法规的规定和国家标准的强制性要求，采取技术措施和其他必要措施，保障网络安全、稳定运行，有效应对网络安全事件，防范网络违法犯罪活动，维护网络数据的完整性、保密性和可用性。
　　第十一条　网络相关行业组织按照章程，加强行业自律，制定网络安全行为规范，指导会员加强网络安全保护，提高网络安全保护水平，促进行业健康发展。
　　第十二条　国家保护公民、法人和其他组织依法使用网络的权利，促进网络接入普及，提升网络服务水平，为社会提供安全、便利的网络服务，保障网络信息依法有序自由流动。
　　任何个人和组织使用网络应当遵守宪法法律，遵守公共秩序，尊重社会公德，不得危害网络安全，不得利用网络从事危害国家安全、荣誉和利益，煽动颠覆国家政权、推翻社会主义制度，煽动分裂国家、破坏国家统一，宣扬恐怖主义、极端主义，宣扬民族仇恨、民族歧视，传播暴力、淫秽色情信息，编造、传播虚假信息扰乱经济秩序和社会秩序，以及侵害他人名誉、隐私、知识产权和其他合法权益等活动。
　　第十三条　国家支持研究开发有利于未成年人健康成长的网络产品和服务，依法惩治利用网络从事危害未成年人身心健康的活动，为未成年人提供安全、健康的网络环境。
　　第十四条　任何个人和组织有权对危害网络安全的行为向网信、电信、公安等部门举报。收到举报的部门应当及时依法作出处理；不属于本部门职责的，应当及时移送有权处理的部门。
　　有关部门应当对举报人的相关信息予以保密，保护举报人的合法权益。

//END
第七章　附　则
　　第七十六条　本法下列用语的含义：
　　（一）网络，是指由计算机或者其他信息终端及相关设备组成的按照一定的规则和程序对信息进行收集、存储、传输、交换、处理的系统。
　　（二）网络安全，是指通过采取必要措施，防范对网络的攻击、侵入、干扰、破坏和非法使用以及意外事故，使网络处于稳定可靠运行的状态，以及保障网络数据的完整性、保密性、可用性的能力。
　　（三）网络运营者，是指网络的所有者、管理者和网络服务提供者。
　　（四）网络数据，是指通过网络收集、存储、传输、处理和产生的各种电子数据。
　　（五）个人信息，是指以电子或者其他方式记录的能够单独或者与其他信息结合识别自然人个人身份的各种信息，包括但不限于自然人的姓名、出生日期、身份证件号码、个人生物识别信息、住址、电话号码等。
　　第七十七条　存储、处理涉及国家秘密信息的网络的运行安全保护，除应当遵守本法外，还应当遵守保密法律、行政法规的规定。
　　第七十八条　军事网络的安全保护，由中央军事委员会另行规定。
　　第七十九条　本法自2017年6月1日起施行。

//下载： 中华人民共和国网络安全法.pdf (388.75 KB, 下载次数: 30)

2016-11-8 17:08 上传

点击文件名下载附件

文件名：中华人民共和国网络安全法.pdf`
文件大小：398，078 bytes
MD5     : 5829DFDC87397FB324C81B0B9AF8493D

点评：我国网络安全领域的大事。

2、安全厂商分析仿冒流行应用移动木马
标题：Disassembling a Mobile Trojan Attack

作者信息：November 7, 2016. 10:27 am By Nikita Buchka, Anton Kivva

//BEGIN
In early August we detected several cases of a banking Trojan being downloaded automatically when users viewed certain news sites on their Android devices. Later it became apparent that this was being caused by advertising messages from the Google AdSense network, and was not restricted to news sites. In fact, any site using AdSense to display adverts could potentially have displayed messages that downloaded the dangerous Trojan-Banker.AndroidOS.Svpeng and automatically saved it to the device’s SD card. This behavior surprised us: typically, the browser warns users about downloading a potentially dangerous file, and offers them a choice of whether or not to save the file. We intercepted traffic coming from the attacked device when this sort of “advert” was displayed, and figured out how the malicious program was downloaded and automatically saved.
三个月前，卡巴发现一些该国的Android的手机用户在浏览了一些新闻网站后就会被安装上网银木马软件，而且整个过程是自动的，用户几乎感觉不到。后来经过分析发现这些都是通过Google的一个名为AdSense的网络服务进行的，而且不限于浏览新闻网站也可能中毒。事实上所有采用了Google的AdSense广告服务的网站都可能用来传播该网页木马，而且能自动保存到用户的手机SD卡中。这和我们认知的常理并不一致：一般认为，如果要从某个网站下载某个文件（即使是一些恶意的程序），一般都会提示用户，这些可能有风险或者提示下载到哪个位置等等。经过对这些受害手机的场景的网络流量分析，卡巴的安全工程师们发现了其是采用了某种技术来实现其自动下载并自动保存的。

//END
So far, those behind Svpeng have limited their attacks to smartphone users in Russia. However, next time they push their “adverts” on AdSense they may well choose to attack users in other countries; we have seen similar cases in the past. After all, what could be more convenient than exploiting the most popular advertising platform to download their malicious creations to hundreds of thousands of mobile devices?
目前该网页木马的对象只是来自俄罗斯Android手机用户，当然不排除进一步传播到其他地区的可能性，而且以前也有过类似的情况发生：首先在俄国出现，然后蔓延到其他国家和地区。毕竟，能够发现一种悄无声息的进入用户手机SD卡的途径，对于恶意代码作者来说是多么的诱惑，而且是在手机端。

点评：原来是利用了手机浏览器Chrome的一个漏洞进行的，尽快更新！

3、新型邮件钓鱼活动针对LinkedIn用户
标题：Watch out! A new LinkedIn Phishing campaign is spreading in the wild

作者信息：November 6, 2016  By Pierluigi Paganini

//BEGIN
Experts from Heimdal Security reported a recent LinkedIn phishing campaign aiming to collect confidential information from unsuspecting users.
Phishing attacks continue to be a serious threat, crooks exploit paradigms such as social medial platforms and mobile in the attempt of stealing sensitive
data.According to 2015 Verizon Data Breach Investigation Report, 23% of email recipients open phishing messages and 11% click on malicious attachments … and this is just the tip of the iceberg.
安全专家最近发现了一例针对LinkedIn用户的邮件钓鱼活动，利用这个钓鱼邮件窃取用户的隐私和机密信息。钓鱼邮件目前依然是互联网用户面临的一个重要威胁，按照一个权威的统计分析报告显示，大约23%的电子邮件客户会打开那些钓鱼邮件的信息，11%的用户甚至会直接点击那些恶意附件。但是我们知道，这些统计数字还只是冰山一角，更大更多的威胁还未被揭露和发现。

//END
“The link is placed on the recipient’s name and leads to a password reset page, secured by HTTPS. Strangely enough, this is actually a safe page, which could prompt the email recipients to believe that the rest of the email is valid and legitimate as well.” continues the analysis.
Going forward, the experts noticed many other strange issues, I invite you to give a look at the analysis. Awareness of such kind of scams is important to make them ineffective.
To report phishing messages you’ve received, please email phishing@linkedin.com.
钓鱼邮件的右上角通常是书写接收者姓名的地方有一个HTTPS链接，点击它可以引导到一个密码重置页面。很奇怪的是，这竟然是一个安全的页面，当然钓鱼者这样做的目的是真假混杂，以让接收者相信整封邮件的真实性。当然这个钓鱼邮件还有一些其他的疑点值得关注，不管怎样，保持一个警觉性对识破这类钓鱼邮件是非常重要的。

//下载： rp_DBIR_2016_Report_en_xg.pdf (2.61 MB, 下载次数: 36)

2016-11-8 17:14 上传

点击文件名下载附件

文件名：rp_DBIR_2016_Report_en_xg.pdf
文件大小：2，739，802 bytes
MD5     : AFF1FD2DA75C0EA3C56FFB269A022ED5
备注：85页的2016年数据泄露报告

点评：钓鱼说到底还是非技术问题，是个意识问题。

4、俄外交部要求美方澄清入侵俄方消息
标题：Russia Demands Explanation for US Military Hacking Reports

作者信息：November 07, 2016 By Eduard Kovacs

//BEGIN
Moscow has asked Washington to provide clarifications on reports that the U.S. military has hacked into Russia’s critical infrastructure and its intention to leverage this access to retaliate in case of serious disruptions to the upcoming elections.
NBC News reported on Friday that it learned from a senior U.S. intelligence official and top-secret documents that United States military hackers have broken into Russia’s telecommunications networks, electric grid and Kremlin’s command systems. This will allegedly allow the U.S. to attack these critical systems if necessary.
俄方要求美方对上周五的NBC报道做出澄清。上周五NBC的报道指出美方已经渗透到俄方的关键基础设施，并将在时机成熟时对这些关键基础设施发起攻击。这些基础设施包括俄罗斯的通信网络系统、电力控制系统、克林姆林宫的作战指挥系统等等。

//END
"The threats directed against Moscow and our state's leadership are unprecedented because they are voiced at the level of the US vice president," said Kremlin spokesman Dmitry Peskov. "To the backdrop of this aggressive, unpredictable line, we must take measures to protect (our) interests, to hedge risks."
Guccifer 2.0, the hacker who has taken credit for the Democratic Party cyberattacks, said he will be observing the elections in the United States and urged other hackers to “monitor the elections from inside the system.” Some security experts believe Guccifer 2.0 is a persona used by Russia to throw investigators off track.
其实以前已经有个名为Guccifer 2.0的黑客组织声称对入侵美国大选系统的行为负责，但是美方认为这只是个幌子，这个黑客组织背后其实是俄罗斯政府背书，之所以传出这样的消息，是为了混淆视听。
针对美方的威胁，俄方表示将采取一切可能的措施保护其基础设施的安全。

点评：公开的威胁，很强势呀。

5、印度驻六国大使馆员工数据被泄露
标题：Databases of Indian embassies leaked online. Too easy hack them

作者信息：November 6, 2016  By Pierluigi Paganini

//BEGIN
The databases of the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and Libya were leaked online by two grey hat hackers.
Today I was contacted by a security pentester who goes online with the moniker Kapustkiy who revealed me to have breached the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and Libya. Kapustkiy and his friend Kasimierz (@Kasimierz_) told me that they were initially white hats in the past, but decided to change to grey hats to get the media attention and force many administrators of websites online to seriously consider cyber security.
印度驻六国的大使馆员工信息被泄露在网络上几个小时后，被下线。这六个国家是瑞士、马里、罗马尼亚、意大利、马拉维以及利比亚等，这些个人的信息是被两个灰客（Grey hat）泄露的：他们两个人原来都是白帽子(White hat)，但是他们的工作并未得到重视或者媒体的关注，因此采用这种偏激的方式来引起外界的重视。

//END
I had no opportunity to check the authenticity of the data, I tried to reach the embassy online but at the time I was writing the website of the Indian Embassy in Rome is unavailable.
Update
All the websites are down a few hours after the data leaks. Data appears to be legitimate.
本文的作者虽然没有核实过这些信息的真实性，但是根据其他来源的信息证实这些被泄露的信息基本都是真实的，虽然直接联系印度使馆没有得到任何反馈和结果。

点评：今天的第三条有更多的关于数据泄露的报告.

6、特易购银行2万帐户被黑客窃取资金
标题：Tesco Bank confirms almost 20,000 customers had money stolen from accounts by hackers

作者信息：Monday, November 07, 2016 - 09:33 am By  Irish Examiner Ltd

//BEGIN
Nearly 20,000 Tesco Bank (译者注：https://www.tescobank.com/sss/auth)customers have had money stolen from their accounts as a result of a weekend hack attack, the group's chief executive has said.
The British bank confirmed that of its 136,000 current account holders, 40,000 had seen suspicious transactions over the weekend, while money had been fraudulently withdrawn from around 20,000 accounts.
A spokesman would not disclose the total amount that has been stolen from the accounts, adding that the incident is currently being treated as a "criminal
investigation".
一家来自英国的银行声称其约2万用户在上周末被攻击，同时他们的账号被盗取资金。银行方面称其一共有十三万多持卡用户，周末的时候有大约四万笔可疑的交易，总计大约有2万个账户被盗取资金。但是资金的总数到目前为止还没有公开，目前已经启动犯罪调查程序。


//END
The bank has temporarily frozen online transactions as part of emergency security measures, and was earlier forced to block some customers' cards after "suspicious activity" was detected in its fraud prevention system.
Mr Higgins issued an apology to customers and said the bank would refund accounts as soon as possible.
"We apologise for the worry and inconvenience that this has caused for customers, and can only stress that we are taking every step to protect our customers' accounts.
"We can reassure customers that any financial loss as a result of this activity will be resolved fully by Tesco Bank, and we are working to refund accounts that have been subject to fraud as soon as possible," he said.
The news sent Tesco shares lower by 1.2% in early trading.
银行方面在周末采取了一些临时的措施来防止该事态的扩大：终止了部分用户的在线交易，同时防止诈骗系统也启动，以阻止某些被感染账户的非正常交易。该公司对用户表示道歉，同时声称将赔偿用户的损失。
该消息的公布立即导致周一该公司的股票交易下跌1.2%。

//TESCO 乐购（标题的特易购普遍被翻译为乐购）银行首页的道歉申明 http://www.tescobank.com/?referrerid=tesco/redirect
*********
Tesco Bank can confirm that, over the weekend, some of its customers’ current accounts have been subject to online criminal activity, in some cases resulting in money being withdrawn fraudulently.
We apologise for the worry and inconvenience that this has caused for customers, and can only stress that we are taking every step to protect our customers’ accounts.
As a precautionary measure, we took the decision on Sunday 6 November 2016 to temporarily stop online transactions from current accounts. This will only affect current account customers. While online debit transactions will not be available, current account customers will still be able to use their cards for cash withdrawals, chip and pin payments, and all existing bill payments and direct debits will continue as normal. We are working hard to resume normal service on current accounts as soon as possible.
We can reassure customers that any financial loss as a result of this activity will be resolved fully by Tesco Bank. This afternoon we began the process of refunding all customer current accounts that have been subjected to online criminal activity and we expect this process to be completed by the end of tomorrow.
We continue to work with the authorities and regulators to address the fraud and will keep our customers informed through regular updates on our website, Twitter and Your Community.
If customers have any concerns at all, we would advise them to contact our customer service team who will be able to provide assistance.
Benny Higgins
Chief Executive
7 November 2016
*********

点评：窃在想一旦某支付宝的支付系统被突然攻击（周末或者重大节假日期间），我们的应对措施会是什么.....