資安新聞及事件週報 2018/10/15 ~ 2018/10/19

1.重大弱點漏洞

ClamAV 安全漏洞
https://www.anquanke.com/vul/id/1354791

Imperva SecureSphere 13 - Remote Command Execution
https://www.exploit-db.com/exploits/45542/

Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
https://www.exploit-db.com/exploits/45625/

Red Hat 內核多個漏洞
https://www.auscert.org.au/bulletins/69914

研究人員公布D-Link路由器漏洞,牽涉8款產品,D-Link只修補2款
https://www.ithome.com.tw/news/126513?fbclid=IwAR0jmJiVL7p9P3KxSrDuetf0b86ORYrif70BYOz-ZOOjMmTtMD98P1i0k7o

libssh's server-side state machine before versions 0.7.6 and 0.8.4  vulnerability CVE-2018-10933
https://nvd.nist.gov/vuln/detail/CVE-2018-10933

The libssh “login with no password” bug – what you need to know [VIDEO]
https://nakedsecurity.sophos.com/2018/10/18/the-libssh-login-with-no-password-bug-what-you-need-to-know-video/

Security flaw in libssh leaves thousands of servers at risk of hijacking
https://www.zdnet.com/article/security-flaw-in-libssh-leaves-thousands-of-servers-at-risk-of-hijacking/

LibSSH Flaw Allows Hackers to Take Over Servers Without Password
https://bit.ly/2yJqJZd

TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
https://www.exploit-db.com/exploits/45632/

jQuery-File-Upload 9.22.0 - Arbitrary File Upload
https://www.exploit-db.com/exploits/45584/

CVE-2018-3211: Java Usage Tracker Local Elevation of Privilege on Windows
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2018-3211-java-usage-tracker-local-elevation-of-privilege-on-windows/

branch.io漏洞令6.85億網民面臨跨站攻擊
https://www.aqniu.com/news-views/39550.html

WebLogic遠程代碼執行漏洞CVE-2018-3191 威脅預警通告
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

獲官方致謝360代碼衛士協助Oracle公司修復高危漏洞
http://security.zhiding.cn/security_zone/2018/1018/3112140.shtml

Oracle Critical Patch Update for October 2018
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

漏洞預警| WebLogic 多個高危漏洞
https://zhuanlan.zhihu.com/p/46975502

甲骨文修補301個安全漏洞,包含45個重大漏洞
https://www.ithome.com.tw/news/126496

基於DOM的XSS漏洞使Vinder,Shopify,Western Union和Imgur的6.85億用戶面臨風險
http://www.4hou.com/vulnerable/13995.html

多款Apple產品WebKit內存錯誤引用漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4318

PHP 5版年底終止安全更新開始倒數計時,6成網站恐曝風險
https://www.ithome.com.tw/news/126419

Juniper Junos OS之NTP套件存在多個安全漏洞
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1090

Juniper修補七項重大安全漏洞
https://www.ithome.com.tw/news/126377

Juniper Networks Junos OS 存在多個安全性弱點
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10898&cat=SIRT_1&actp=LIST

WhatsApp 修復了一項能透過影像通話劫持帳戶的漏洞
https://chinese.engadget.com/2018/10/11/whatsapp-fixes-video-call-exploit/

Just Answering A Video Call Could Compromise Your WhatsApp Account
https://bit.ly/2PwJ5Uq

Apache Tika任意文件覆蓋漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11762

Apache OPTIONS method is enabled 漏洞
https://ccie.lol/knowledge-base/hole-apache-options-method-is-enabled/

Adobe 已發布安全更新以解決 Adobe 多個產品存在安全性弱點
https://www.us-cert.gov/ncas/current-activity/2018/10/09/Adobe-Releases-Security-Updates

Apache CouchDB任意代碼執行漏洞(CVE-2018-8007)
https://blog.couchdb.org/2018/07/10/cve-2018-8007/

VMWare重大漏洞可讓Guest OS軟體在主機OS上執行
https://www.ithome.com.tw/news/126512?fbclid=IwAR3uCAQKcRD1LjVhxdnaAgmWc60E39xlfOFrcLmgTItaoksosbK3ti0Il54

VMware 發布新的安全更新
https://www.vmware.com/security/advisories/VMSA-2018-0025.html

VMware ESXi, Workstation, Fusion關鍵緩衝區溢出特權升級漏洞
https://www.vmware.com/security/advisories/VMSA-2018-0026.html

UsualToolCMS 安全漏洞
https://www.anquanke.com/vul/id/1356290

Microsoft Windows - 'FSCTL_FIND_FILES_BY_SID' Information Disclosure
https://www.exploit-db.com/exploits/45624/

Microsoft Jet Database Engine緩衝區溢出漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8392

Microsoft Windows Media Player信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8482

研究人員發現Windows劫持漏洞,黑客可藉此獲取控制權限
http://www.tmtpost.com/3536873.html

Windows 爆RID綁架漏洞,至少10個月未修補
https://www.ithome.com.tw/news/126478

微軟發佈10月份安全性公告
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/aa99ba28-e99f-e811-a978-000d3a33c573

Microsoft 近日發佈更新以解決多個產品存在零時差弱點
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453

研究人員釋出Microsoft Edge漏洞的概念性驗證攻擊程式
https://www.ithome.com.tw/news/126399

更新Win 10檔案全被刪 微軟:已修復漏洞並會重新推送更新
https://www.ettoday.net/news/20181012/1279481.htm

Windows爆RID劫持漏洞且10個月未修復,微軟尚未回應
https://www.ithome.com/html/win10/389457.htm

Linksys E系列路由器曝出三個高危漏洞
https://t.cj.sina.com.cn/articles/view/1747383115/6826f34b02000ef4p

Vulnerability Spotlight: Linksys ESeries Multiple OS Command Injection Vulnerabilities
https://blog.talosintelligence.com/2018/10/vulnerability-spotlight-linksys-eseries.html

Cisco IOS XE Software CLI解析器輸入驗證漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15368

Cisco 807、809和829 Industrial Integrated Services Router任意內存寫漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15375

Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities
https://bit.ly/2OpzjqE

Cyber News Rundown: Windows 10 Update Deletes Files
https://www.webroot.com/blog/2018/10/12/cyber-news-rundown-windows-10-update-deletes-files/

NEW EXPLOIT FOR MIKROTIK ROUTER WINBOX VULNERABILITY
https://blog.mikrotik.com/security/new-exploit-for-mikrotik-router-winbox-vulnerability.html

FB稱安全漏洞受影響用戶較估計少 正計劃發訊息通知
http://news.rthk.hk/rthk/ch/component/k2/1422788-20181013.htm

安全預警:雄邁攝像頭存在漏洞
https://zhuanlan.zhihu.com/p/46629745

XMeye P2P雲服務器內置硬編碼賬號漏洞通告
https://ti.360.net/advisory/articles/advisory-of-cve-2018-17919/

雄邁監控雲端服務XMeye P2P Cloud多破綻,再無更新恐惡化成IoT botnet
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5036

Git Submodule新漏洞已修復
https://github.com/git/git/commit/98afac7a7cefdca0d2c4917dd8066a59f7088265

685 million users may be affected by the Branch.io service XSS vulnerability
https://bit.ly/2yHuNJp

Agentejo Cockpit 跨站脚本漏洞
https://www.anquanke.com/vul/id/1354788

OpenSSH信息洩露漏洞(CVE-2018-15473、CVE-2018-15919)
http://blog.nsfocus.net/openssh-cve-2018-15919/

快更新!Chrome 瀏覽器釋出新版修補漏洞,並新增 4 大實用功能!
http://3c.ltn.com.tw/news/34891

Google Chrome 多個漏洞
https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html

多款Apple產品Kernel內存破壞漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4336

Tumblr Patches A Flaw That Could Have Exposed Users’ Account Info
https://thehackernews.com/2018/10/tumblr-account-hacking.html

Vulnerability Spotlight: Live Networks LIVE555 streaming media RTSPServer code execution vulnerability
https://blog.talosintelligence.com/2018/10/vulnerability-spotlight-live-networks.html

JVN#58005743 Symantec Web Isolation におけるクロスサイトスクリプティングの脆弱性
https://jvn.jp/jp/JVN58005743/

JVNVU#91290141 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
https://jvn.jp/vu/JVNVU91290141/

JVNVU#90390242 Ghostscript に -dSAFER オプションによる保護が回避される複数の脆弱性
https://jvn.jp/vu/JVNVU90390242/


2.銀行/金融/保險/證券/電子支付/行動支付/支付系統/虛擬貨幣/區塊鍊 新聞及資安

硬體錢包也不安全!數位資產安全攻略
http://news.knowing.asia/news/22e2bce0-48a9-49a9-a4d6-07ddb48f7ad7

最神秘交易所・銀行流浪史——Bitfinex 的爭議與疑雲究竟來自何處
https://www.blocktempo.com/the-mysterious-exchange-bitfinex/

比賠錢的交易更虧! 虛擬貨幣交易所的9個資安風險
https://blog.trendmicro.com.tw/?p=57425

交易所被盜,是其運行算法的環境出了問題
http://news.knowing.asia/news/09fb6fb0-e10e-4b15-9cf1-5654d06ffe4b

智慧合約存在著潛在威脅!該如何解決安全問題
http://news.knowing.asia/news/5177682f-182a-4201-ab98-e7ac0a0f5d3d

從兩個實際案例,來看智慧合約的漏洞
http://news.knowing.asia/news/b9228c1f-354c-454b-9586-3e8587211e22

讓訊息更安全!區塊鏈應用將成為發達國家執法的新標準
http://news.knowing.asia/news/de062672-c827-4a57-b05e-b84deb83cb54

支付寶稱黑客利用蘋果ID漏洞 盜取用戶資金
https://news.mingpao.com/ins/instantnews/web_tc/article/20181011/s00002/1539246366571

陸銀處長監守自盜 植病毒盜領鉅款
https://bit.ly/2Px9YYr

頂級金融機構密集拿下私募牌照 五大行三缺二
https://news.sina.com.tw/article/20181013/28460100.html

從防堵手遊外掛起家,果核數位攻進金融App資安市場
https://bit.ly/2QOGMwg

商業銀行組織架構調整七大趨勢
https://ek21.com/news/1/115201/

修正「銀行負責人應具備資格條件兼職限制及應遵行事項準則」
https://bit.ly/2OmAneR

金融總會祕書長吳當傑 創新園區培育人才
https://money.udn.com/money/story/5648/3421763

早上銀行辦卡並存20萬下午只剩35元 銀行應該承擔全部責任嗎
https://read01.com/ggAxBP0.html

男子發現銀行漏洞主動報告遭無視白得上千萬過上奢靡生活 
https://www.52hrtt.com/cl/n/w/info/G1539230599111

IMF:交易所將繼續成為駭客攻擊的目標
https://life.tw/?app=view&no=854977

南山董座 揭平台出包內幕 砸百億升級 上線1個月傳災情
https://tw.appledaily.com/headline/daily/20181017/38154716/

悠遊卡也能買麥當勞!解決「找1元」銅板煩惱
https://fnc.ebc.net.tw/FncNews/life/55275

永豐銀行豐掌櫃儲值支付帳戶服務終止公告
https://www.ptt.cc/bbs/Bank_Service/M.1539659940.A.A4D.html

銀行強化洗錢防制,金管會:高風險地區均較嚴謹
https://www.chinatimes.com/realtimenews/20181017001081-260410

LINE App全新「錢包」頁面上線 安卓用戶先體驗
https://www.chinatimes.com/realtimenews/20181016001824-260412

台灣Pay推共通標準 要當行動支付Visa
https://bit.ly/2J0Z6PP

系統不一店家困擾!銀行推「QR Code共通支付標準」
https://www.setn.com/News.aspx?NewsID=443215

第一銀行澄清稿
https://www.firstbank.com.tw/servlet/fbweb/zh_TW/1454092210623

研究報告:金融業正面臨越來越多憑證填充 (Credential Stuffing) 攻擊
https://blog.trendmicro.com.tw/?cat=4038

合作金庫商業銀行  107年10月22日(一)下午 17:00至18:00 暫停行動網銀服務
https://bit.ly/2OyXZgs

防洗錢沒做好 銀行業被罰最慘
https://tw.appledaily.com/new/realtime/20181018/1450105/

金融法規繁瑣 人工智慧協助銀行降低法遵成本
http://ec.ltn.com.tw/article/breakingnews/2584912

防洗錢缺失,今年共抓到254件
https://bit.ly/2NLcPLy

洗錢防制評鑑下月來了 金管會提交的「國家隊」代表名單
https://bit.ly/2RYDV5b

微信將與NetsPay推跨境支付合作讓中國遊更便捷
http://www.ccw.com.cn/internet/2018-10-18/4350.html

開放銀行有限執照 助攻Fintech
https://udndata.com/ndapp/udntag/finance/Article?origid=9160451

中信銀尖峰時刻大當機 200家彩券行哀號
http://ec.ltn.com.tw/article/paper/1240494

中信銀ATM大當機 銀行局震怒「公司應對外說明」
https://www.ettoday.net/news/20181018/1284768.htm

又是IBM惹禍 中信ATM全台大當機
https://www.chinatimes.com/realtimenews/20181018004368-260410

中信5千台ATM 癱3小時 系統全當 吃掉存簿 投注站也掛 民眾跳腳
https://tw.appledaily.com/headline/daily/20181019/38156479/

沒吐鈔卻扣款 留明細叩客服
https://tw.news.appledaily.com/headline/daily/20181019/38156488/

中信主機系統異常,ATM、網銀等服務停擺約3小時
https://www.ithome.com.tw/news/126502

ATM大當機修好了 中信銀行發聲明道歉
http://ec.ltn.com.tw/article/breakingnews/2585169

短短兩月又出包!中信金ATM因主機異常大當機 IBM:還在了解中
https://www.ettoday.net/news/20181018/1284780.htm

TWCERT發布國外大量金融機構頁面遭仿冒,用於詐騙使用者個資
https://twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=767

Report: Cryptocurrency Exchanges Lost $882 Million to Hackers
https://www.bankinfosecurity.com/report-cryptocurrency-exchanges-lost-882-million-to-hackers-a-11624

MasterCard introduces authentication security measures for online checkout
https://www.atmmarketplace.com/news/mastercard-introduces-authentication-security-measures-for-online-checkout/


3.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體

螢幕彈跳出 Adobe Flash 更新通知? 當心遭駭客植入加密挖礦惡意軟體
https://blockcast.it/2018/10/13/psa-hackers-are-using-fake-flash-updates-to-hide-cryptocurrency-mining-malware/

你的電腦安全嗎?現代人經常忽略「挖礦病毒、勒索病毒」
https://bit.ly/2EIGZjt

防毒軟體除了最基本的檔案掃瞄之外,還能幫你做些什麼?免費/付費又有什麼差異
https://blog.trendmicro.com.tw/?p=57680

新型Android特洛伊木馬偽裝成Google Play Store,隱藏在手機中
https://www.zdnet.com/article/this-trojan-masquerades-as-google-play-to-hide-on-your-phone/#ftag=RSSbaffb68

惡意軟體活動散佈資料竊取木馬/遠端控制木馬並會規避防毒軟體
https://www.bleepingcomputer.com/news/security/ic3-issues-alert-regarding-remote-desktop-protocol-rdp-attacks/

Fortnite for Android Released, But Make Sure You Don't Download Malware
https://bit.ly/2PDWZUw

Criminals' Cryptocurrency Addiction Continues
https://www.bankinfosecurity.com/criminals-cryptocurrency-addiction-continues-a-11594

Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
https://blog.talosintelligence.com/2018/10/old-dog-new-tricks-analysing-new-rtf_15.html

Open source web hosting software compromised with DDoS malware
https://www.zdnet.com/article/open-source-web-hosting-software-compromised-with-ddos-malware/

THE MYSTERIOUS RETURN OF YEARS-OLD CHINESE MALWARE
https://www.wired.com/story/mysterious-return-of-years-old-chinese-malware-apt1/

Tracking Tick Through Recent Campaigns Targeting East Asia
https://blog.talosintelligence.com/2018/10/tracking-tick-through-recent-campaigns.html


B.行動安全 / iPhone / Android / App

蒙騙蘋果數載!外媒揭祕 iPhone 維修政策衍生的灰色產業鏈
https://bit.ly/2pStLq2

日本開發者替iPhone 5 運行 iOS 10.2.1實現完美越獄
https://mrmad.com.tw/doras2-untethered-ios-10-jailbreak-on-iphone-5

傳出iMessage誤傳、耗電災情 iOS 12.0.1更新出現Bug
https://www.ettoday.net/news/20181014/1281089.htm

小心Siri被駭客叫醒!照片資料全曝光轉發
https://tw.appledaily.com/new/realtime/20181016/1448781/

Apple 隱私權更新 讓使用者完全掌控個資安全
https://www.mobile01.com/newsdetail/27242/apple-privacy-policy-2018

iOS又出包 駭客用VoiceOver就能看光你的照片
https://www.ettoday.net/news/20181015/1281826.htm

iOS 再現漏洞! 駭客能透過VoiceOver瀏覽及轉發用戶照片
https://udn.com/news/story/7086/3422646

蘋果裝置身障人士輔助工具VoiceOver漏洞沒修好!研究人員再度揭露概念性驗證攻擊手法
https://www.ithome.com.tw/news/126482

買iPhone還是Android手機?手機隱私安全大不同
https://news.cnyes.com/news/id/4217747

安卓曝大漏洞:一條彩信可控製手機,影響95%設備
https://www.imooc.com/article/254134

Google強化Android Pie應用程式資料備份安全,防止內部員工的惡意攻擊
https://www.ithome.com.tw/news/126427

交通部與中華電信合作開發APP 正式上市
https://www.ydn.com.tw/News/309153

Google 解釋 Pixel 3 系列的定制安全晶片是如何運作
https://chinese.engadget.com/2018/10/18/google-details-pixel-3-titan-m-chip/

日本推出水墨紙手機,支援4G網絡僅信用卡大!
https://bit.ly/2CmF3dk

New iPhone Bug Gives Anyone Access to Your Private Photos
https://bit.ly/2yM6dH5

Google to Encrypt Android Cloud Backups With Your Lock Screen Password
https://thehackernews.com/2018/10/android-cloud-backup.html

Google Adds Control-Flow Integrity to Beef up Android Kernel Security
https://thehackernews.com/2018/10/android-linux-kernel-cfi.html

Google Will Charge Android Phone Makers to Use Its Apps In Europe
https://bit.ly/2P3sc6S


C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件

GitHub 史上最大改版:能讓程式碼在網頁上運行的 GitHub Actions
https://buzzorange.com/techorange/2018/10/18/github-programmer-loves-what/

極具設計感的易用 Linux 發行版 elementary OS 發布 5.0 (Juno)
https://openingsource.org/4324/zh-tw/?fbclid=IwAR0HO1nmNxPoS1M69kt36YwVjH2fyw1zj66mBABjCSNibtmd_m6lu3y76mA

十大網站駭客技術公布,臺灣滲透測試專家研究獲第一
https://www.ithome.com.tw/news/126410

資安產業大逆襲
https://udn.com/news/story/6851/3428605

資安需求經驗分享
https://bit.ly/2RYha11

Secutech 2019聚焦鏈結IoT x AI + Security
https://money.udn.com/money/story/10860/3427039

騰訊安全《九月安全輿情報告》:數據洩露與漏洞安全事件持續增長
https://tech.china.com/article/20181017/kejiyuan0718202453.html

PS4收到問號訊息後當機了嗎?網傳PS4疑遭駭客找到漏洞:靠訊息讓主機崩潰
https://applealmond.com/posts/42004

Sony Entertainment回應PS4惡意信息漏洞一事!正在計劃給出更新解決漏洞問題
https://bit.ly/2NKTQ3R

索尼正式回應PS4變磚漏洞未來將通過修復升級解決
http://www.techweb.com.cn/onlinegamenews/2018-10-16/2707053.shtml

索尼表示已修復PS4“惡意代碼消息”漏洞
http://tv.zol.com.cn/701/7011729.html

自動販賣機支援行動支付好方便,但研究人員竟能駭進app無限免費儲值
https://www.ithome.com.tw/news/126457

伺服器產業面臨供應鏈安全的考驗
https://www.ithome.com.tw/voice/126405

國際駭客攻擊傾巢而出 資安產業大逆襲
https://bit.ly/2RXbXqr

冰島國內遭受大規模釣魚攻擊,Remcos遠端工具遭利用
https://twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=872

澳學者加國首都揭示中共利用統戰滲透西方
http://www.epochtimes.com/b5/18/10/18/n10792438.htm

中共駭客猖獗 惹來神祕組織狩獵
https://bit.ly/2OvZM5H

北約成立「網絡指揮部」 2023年全面開戰敵軍駭客
https://www.ettoday.net/news/20181017/1283075.htm

制裁網攻 英國波羅的海國家尋求義國支持
https://bit.ly/2ykoKeu

加強訊息控管 臉書封鎖美國期中選舉假消息
http://ec.ltn.com.tw/article/breakingnews/2581909

資安風險若迫使美國防產業改變政策 衝擊全球供應鏈
https://money.udn.com/money/story/5599/3423916

美資安焦慮 衝擊全球供應鏈
https://money.udn.com/money/story/5599/3425776

美國防部遭黑客攻擊 疑3萬員工資料外洩
https://bit.ly/2ye7ojl

美前司法部官員:中國駭客可能讓美國戰鬥機「反殺自己人」
https://www.ettoday.net/news/20181013/1280582.htm

美國示警 籲加拿大考慮拒華為參與網路建設
https://tw.appledaily.com/new/realtime/20181016/1448201/

要求 FTC 介入調查,美國參議員希望 Google 針對 Google+ 漏洞問題作具體解釋
https://www.inside.com.tw/2018/10/13/senators-ask-ftc-to-investigate-disclosure-of-google-vulnerability

New Juniper Report Highlights Need for Security Automation and Additional Cybersecurity Pros
https://www.cpomagazine.com/2018/07/05/new-juniper-report-highlights-need-for-security-automation-and-additional-cybersecurity-pros/

Bloomberg blunder highlights supply chain risks
https://blog.malwarebytes.com/cybercrime/2018/10/bloomberg-blunder-supply-chain-risks/

6 ways to keep up with cybersecurity without going crazy
https://blog.malwarebytes.com/101/2018/10/6-ways-to-keep-up-with-cybersecurity-without-going-crazy/

When Endpoint Detection and Response (EDR) is not enough
https://blog.malwarebytes.com/malwarebytes-news/2018/10/when-endpoint-detection-and-response-edr-is-not-enough/

Fake browser update seeks to compromise more MikroTik routers
https://blog.malwarebytes.com/threat-analysis/2018/10/fake-browser-update-seeks-to-compromise-more-mikrotik-routers/

Malwarebytes Labs Cybercrime Tactics and Techniques Report (CTNT) shows shift to business targets in Q3
https://blog.malwarebytes.com/malwarebytes-news/2018/10/labs-cybercrime-tactics-and-techniques-report-ctnt-shows-shift-to-business-targets/

Google Adds Control-Flow Integrity to Beef up Android Kernel Security
https://bit.ly/2NFPV87

Chrome, Firefox, Edge and Safari Plans to Disable TLS 1.0 and 1.1 in 2020
https://thehackernews.com/2018/10/web-browser-tls-support.html

French Dark-Web Drug Dealer Sentenced to 20 Years in US Prison
https://bit.ly/2EiVrOR

Safeguarding Critical Infrastructure From Cyberattacks
https://www.bankinfosecurity.com/interviews/safeguarding-critical-infrastructure-from-cyberattacks-i-4145

Network vs. Endpoint Security: Striking the Right Balance
https://www.bankinfosecurity.com/interviews/network-vs-endpoint-security-striking-right-balance-i-4141

Pentagon Travel Provider Data Breach Counts 30,000 Victims
https://www.bankinfosecurity.com/pentagon-travel-provider-data-breach-counts-30000-victims-a-11600

10 Cyberattacks Investigated Weekly by UK
https://www.bankinfosecurity.in/10-cyberattacks-investigated-weekly-by-uk-a-11617

Red Hat welcomes Microsoft to the LOT Network and effort to protect the community against attacks by patent assertion entities
https://red.ht/2P4Vz8B

The Fear that KRACK Built…and How You Can Protect Your WiFi Security
https://bit.ly/2yJqBcb

LuminosityLink Hacking Tool Author Gets 30-Months Prison Sentence
https://bit.ly/2CpabZR

Webroot WiFi Security: Expanding Our Commitment to Security & Privacy
https://www.webroot.com/blog/2018/10/17/webroot-wifi-security-expanding-our-commitment-to-security-privacy/

Responding to Risk in an Evolving Threat Landscape
https://www.webroot.com/blog/2018/10/18/responding-risk-evolving-threat-landscape/

インターネット定点観測レポート(2018年 7~9月)
https://www.jpcert.or.jp/tsubame/report/report201807-09.html

徵才 - 資安系統管理
https://m.1111.com.tw/job/85150908/



D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷
商業電郵詐騙猖獗,今年全臺遭詐騙金額已破兩億元
https://www.ithome.com.tw/news/126464

新型態網路釣魚:以熟人回信手法散發病毒, 教育、金融及能源產業為攻擊目標
https://blog.trendmicro.com.tw/?p=57671

英老人被騙兩萬鎊 銀行拒賠
http://www.epochtimes.com/b5/18/10/12/n10779353.htm

英銀行主管承認:短信騙局太複雜
http://www.epochtimes.com/b5/18/10/12/n10779357.htm

透過 Microsoft Store 漏洞 騙徒上載假 Google Photos 軟件
https://unwire.hk/2018/10/14/fake-google-photos-software-microsoft-store/news/

不收錢只收個資 美大學校園首家「個資換飲料」咖啡店開張
https://www.mirrormedia.mg/story/20181012int001

輸入帳密解除消費! 用戶收PayPal假信盜個資
https://bit.ly/2ChZNDl

詐騙集團「潛伏」電郵內 假稱改匯款帳號騙錢
https://bit.ly/2NE50qY

假冒客戶郵電騙匯款 兩肉品公司600萬飛了
https://www.ettoday.net/news/20181014/1281202.htm

假電郵問候1年 騙走肉商540萬貨款
https://udn.com/news/story/11315/3421892

詐騙也有「潛伏期」 真假Email讓人眼花匯錯款
https://tw.appledaily.com/new/realtime/20181014/1447422/

Google被質疑隱瞞用戶資料外洩
https://bit.ly/2IW3Aak

3分鐘萬元飛了!陸iPhone近千用戶遭盜刷
https://news.tvbs.com.tw/life/1009161

從蘋果“盜刷門”看大數據時代的全民焦慮
https://bit.ly/2AiQt0B

中國蘋果用戶遭盜刷  受害者上看千人
http://globalnewstv.com.tw/201810/43682/?doing_wp_cron=1539569150.8977389335632324218750

Apple ID被盜:這幾個功能一定要打開
https://bit.ly/2CJoERg

Apple ID 遭駭!中國受害者上百人,支付寶、WeChat 淪為詐騙集團印鈔機
https://www.hksilicon.com/articles/1687643

蘋果資安問題再起!間諜晶片風暴後傳中國用戶 Apple ID 遭駭
https://news.cnyes.com/news/id/4219175

蘋果帳號被爆大批盜刷 全因這功能沒開啟
https://tw.appledaily.com/new/realtime/20181013/1446696/

蘋果手機防護有漏洞 逾700人帳密外洩遭盜刷
https://news.ftv.com.tw/news/detail/2018A14I05M1

Facebook 開發電視機上盒,外界擔心隱私將成大問題
https://technews.tw/2018/10/18/facebook-camera-tv-device-ripley/

臉書「2900萬用戶」個資被偷...生日打卡全曝光!點此秒看是否中招
https://www.ettoday.net/news/20181013/1280287.htm

2900萬筆個資外洩 臉書:垃圾郵件業者所為
https://www.cna.com.tw/news/firstnews/201810180399.aspx

Facebook稱近期網絡入侵主謀是垃圾郵件發送者而非外國政府
https://cn.wsj.com/articles/CT-TEC-20181018101050

Facebook千萬帳戶資料被盜 調查暫稱垃圾郵件發送者為幕後黑手
https://bit.ly/2NRgk2W

Facebook稱1,400萬用戶的私密數據遭駭客竊取
https://bit.ly/2PxvGLJ

Facebook 被駭事件最新報告:影響人數下修為 3,000 萬
https://technews.tw/2018/10/13/facebook-hacker-accessed-personal-details-for-29-million-accounts/

fb修定2900萬個帳戶遭黑客入侵 WhatsApp及IG未受影響
http://hd.stheadline.com/news/realtime/wo/1339863/

急澄清!Facebook:駭入使用者帳號的不是特定國家
https://cnews.com.tw/002181018a04/

這次不是俄羅斯!偷走 3000 萬 Facebook 使用者個資的是廣告詐騙集團
http://technews.tw/2018/10/19/facebook-finds-hack-was-done-by-spammers-not-foreign-state/

軍方人員個資遭駭 美國防部展開調查
https://money.udn.com/money/story/5599/3419373

美國國防部網絡出現保安漏洞致僱員個人資料外洩
https://news.now.com/home/international/player?newsId=323564

承德艦疑洩密案 海軍強調衛星通訊系統已換
https://udn.com/news/story/10930/3418514?from=udn-catelistnews_ch2

山東龍口:利用信用卡實施詐騙 嫌疑人落入法網
http://big5.xinhuanet.com/gate/big5/www.sd.xinhuanet.com/sd/yt/2018-10/13/c_1123554296.htm

太歲頭上動土!駭客冒充冰島警方寄出網釣郵件 
https://www.ithome.com.tw/news/126425

詐騙集團LINE偽裝親友 退休公務員遭詐30萬
https://tw.appledaily.com/new/realtime/20181015/1448028/

交友app助特朗普粉絲配對 首推即洩資料
http://paper.wenweipo.com/2018/10/17/GJ1810170019.htm

美國期中選舉將近,駭客論壇正兜售19州3,500萬選民個資
https://www.ithome.com.tw/news/126448

「面交」也有詐!賣家遭「假網銀匯款」騙走新手機
https://bit.ly/2Es8gX9

自認有工程師背景! 嫌犯設計「假網銀App」詐騙
https://bit.ly/2RYeyAf

偽造網銀轉帳畫面 逾15人賣手機遭詐
https://www.ttv.com.tw/news/view/10710170012900I/568

木工男轉職!架假網銀APP騙43萬
https://bit.ly/2yHhgS2

直播主爽收萬元禮物 竟是這樣來的
https://tw.news.appledaily.com/local/realtime/20181018/1449819/

中國籍旅遊從業者因涉嫌信用卡詐騙被再次逮捕
https://tchina.kyodonews.net/news/2018/10/141a531e7c3e.html

沒有惡意程式,不綁架檔案,一封信竟騙走一棟房子
https://blog.trendmicro.com.tw/?p=57309

Facebook Clarifies Extent of Data Breach
https://www.bankinfosecurity.com/facebook-clarifies-extent-data-breach-a-11598

Facebook Eyes Spammers for Mega-Breach
https://www.bankinfosecurity.com/facebook-eyes-spammers-for-mega-breach-a-11625

Fewer data breaches in first half of 2018, but far more records stolen
https://www.atmmarketplace.com/news/fewer-data-breaches-in-first-half-of-2018-but-far-more-records-stolen/

30 Million Facebook Accounts Were Hacked: Check If You're One of Them
https://thehackernews.com/2018/10/hack-facebook-account.html

Anthem Mega-Breach: Record $16 Million HIPAA Settlement
https://www.bankinfosecurity.in/anthem-mega-breach-record-16-million-hipaa-settlement-a-11622


E.研究報告

honggfuzz漏洞挖掘技術深究系列(1)——反饋驅動(Feedback-Driven)
https://bit.ly/2CItHRX

honggfuzz漏洞挖掘技術深究系列(2)—— Persistent Fuzzing
https://bit.ly/2Oo6zP9

honggfuzz漏洞挖掘技術深究系列(3)——Fuzz策略
https://bit.ly/2CJyItp

honggfuzz漏洞挖掘技術深研系列(4) - 擴展Fuzzer
https://bit.ly/2EiKDQJ

honggfuzz漏洞挖掘技術深究系列(5)—— Intel Processor Trace
https://bit.ly/2pOZHLU

phar & fastcgi & rsync 漏洞小結
https://bit.ly/2PvOCus

Git Submodule 漏洞(CVE-2018-17456)分析
https://paper.seebug.org/716/

詳細分析Apache Struts RCE漏洞及攻擊事件(CVE-2018-11776)
http://www.4hou.com/vulnerable/13917.html

移動安全自動化測試框架MobSF多個版本靜態分析接口存在的任意文件寫入漏洞復現與分析
http://www.freebuf.com/vuls/185937.html

打開JBoss的潘多拉魔盒——JBoss高危漏洞分析
http://www.4hou.com/vulnerable/14088.html

利用時空旅行調試技術挖掘Windows GDI漏洞(上)
https://xz.aliyun.com/t/2916

CVE-2018-3211:Java Usage Tracker本地提權漏洞分析
https://www.anquanke.com/post/id/162211

libssh CVE-2018-10933身份驗證繞過漏洞分析報告
https://www.anquanke.com/post/id/162225

Web框架下安全漏洞的測試反思
https://juejin.im/post/5bc7e2b9e51d450e4714646d

5G規範安全性和協議漏洞分析(上篇)
http://netsecurity.51cto.com/art/201810/585249.htm

XXRF Shots – Useful For Testing SSRF Vulnerability
https://kalilinuxtutorials.com/xxrf-shots-ssrf-vulnerability/


F.商業

安碁資訊開辦資安講堂 海外招商洽談中
https://money.udn.com/money/story/5612/3418318

奇偶參與國際資通產業標準論壇 共同推動網路資安
https://money.udn.com/money/story/5612/3427006

佛大資應系專業受肯定 將協助互聯安睿公司赴縣府檢測資安
http://n.yam.com/Article/20181018401169



G.政府

金融科技創新園區首監理門診 顧立雄親上陣
https://bit.ly/2P1jFkS

協助勞保年改 金管會出招 顧立雄:基富通可作勞退自選平台
https://www.chinatimes.com/newspapers/20181017000234-260202

金管會:年底還會有案入沙盒
https://www.chinatimes.com/newspapers/20181017000247-260202

金管會查OBU 花萬元就過關
https://www.chinatimes.com/newspapers/20181016000542-260102

防洗錢 金管會鎖定五大區
https://bit.ly/2RVsyL9

假借反洗錢嚴控兩岸金流? 公股行庫、顧立雄這麼說
https://www.nownews.com/news/20181016/3017322/

資通安全管理法實務說明會
https://www.nccst.nat.gov.tw/HandoutDetail?lang=zh&seq=1276

傳中國駭客晶片侵美 NCC:不能排除可能性
https://tw.appledaily.com/new/realtime/20181018/1449701/

台灣舉辦電子化選舉不難,但是國家的資安防護概念有跟著數位化嗎
https://buzzorange.com/techorange/2018/10/18/hacker-election/


H.工控系統  SCADA / ICS Security

《對工業控制系統的安全攻擊》報告摘要
https://ibm.co/2OwAiWa

Projecting Military Power through Cyberspace Using Offensive Cyber Attacks
https://bit.ly/2RXwM51

GreyEnergy: New malware campaign targets critical infrastructure companies
https://www.zdnet.com/article/greyenergy-new-malware-campaign-targets-critical-infrastructure-companies/

Crypto Quantique unveils its ‘quantum driven secure chip’ for IoT devices
https://techcrunch.com/2018/10/17/crypto-quantique/

GreyEnergy Potential Successor of BlackEnergy
https://www.infosecurity-magazine.com/news/greyenergy-potential-successor/

Уязвимости в SCADA-системе LCDS ставят под угрозу безопасность предприятий
https://www.securitylab.ru/news/495976.php

Understaffing, Underinvestment and Human Errors Put ICS Security at Risk in the MENA Region
https://www.albawaba.com/business/pr/understaffing-underinvestment-and-human-errors-put-ics-security-risk-meta-region-1201586

RiskSense CEO to Present New Approach for Assessing Industrial Threats at the 2018 ICS Cyber Security Conference USA
https://www.businesswire.com/news/home/20181017005164/en/RiskSense-CEO-Present-New-Approach-Assessing-Industrial



I.教育訓練類

一秒就上手!馬上幫您爬取匯率價格!掌控最新貿易匯損!(附python 程式碼)
https://bit.ly/2EFZ5CG

xss基礎及漏洞原理
http://blog.51cto.com/13905896/2299588

Struts2漏洞exp從零分析
https://www.anquanke.com/post/id/161690

漏洞利用練手----ctf某題目
https://bbs.pediy.com/thread-247263.htm

黑蘋果是什麼?組裝黑蘋果電腦最容易碰到什麼困擾?
https://mrmad.com.tw/hackintosh

資安補帖─Day2─想學資安,先學寫程式&利用Google當個駭客
https://ithelp.ithome.com.tw/articles/10201068

資安補帖─Day3─沒有資安基礎怎麼辦&資安入門資源(Got Your PW)&個人隱私議題
https://ithelp.ithome.com.tw/articles/10201260

資安補帖─Day4─雜談讀書會&PicoCTF推廣&跟著前輩一起學習(資訊_資安社群簡介)
https://ithelp.ithome.com.tw/articles/10201399

資安補帖─Day5─資安競賽-金盾獎(初賽)經驗分享
https://ithelp.ithome.com.tw/articles/10201604

資安補帖─Day6─Linux基本指令
https://ithelp.ithome.com.tw/articles/10201755

資安補帖─Day7─淺談簡報 Become A Security Master &資安人才培育計畫(AIS3、台灣好厲駭)介紹
https://ithelp.ithome.com.tw/articles/10202353

資安補帖─Day8─Web Security
https://ithelp.ithome.com.tw/articles/10202700

三十篇資安實例分享及解析DAY 4--遠東國際商業銀行18億元被盜轉
https://ithelp.ithome.com.tw/articles/10200838

三十篇資安實例分享及解析DAY 5--7-11的icash點數遭兌換
https://ithelp.ithome.com.tw/articles/10201005

三十篇資安實例分享及解析DAY 6--台灣司法院隔離外網還是被入侵受駭
https://ithelp.ithome.com.tw/articles/10201291

三十篇資安實例分享及解析DAY 7--雄獅旅遊因個資外洩,遭消基會求償363萬餘元
https://ithelp.ithome.com.tw/articles/10201491?sc=iThelpR

三十篇資安實例分享及解析DAY 8--台北市公衛系統遭置入木馬,使得眾多民眾個資外洩
https://ithelp.ithome.com.tw/articles/10201513?sc=iThelpR

三十篇資安實例分享及解析DAY 9--居易科技駭客利用遠端管理功能漏洞修改DHCP及DNS的值,造成多款路由器被駭
https://ithelp.ithome.com.tw/articles/10202035?sc=iThelpR

三十篇資安實例分享及解析DAY 10--台灣大車隊的司機,利用APP行動支付漏洞盜刷客戶信用卡
https://ithelp.ithome.com.tw/articles/10202285

[Day 1] 漏洞是什麼?能吃嗎
https://ithelp.ithome.com.tw/articles/10201753

[Day 2] 國內有哪些漏洞協處單位
https://ithelp.ithome.com.tw/articles/10202214?sc=iThelpR

[Day 3] 國際有哪些漏洞協處單位
https://ithelp.ithome.com.tw/articles/10202580

[Day 4] 國際漏洞編號標準有哪些
https://ithelp.ithome.com.tw/articles/10202981?sc=iThelpR

智慧邊緣—— Akamai 下個20年的新征途【鐵人挑戰01天】
https://ithelp.ithome.com.tw/articles/10201768

區塊鏈能解決網路安全?別傻了,區塊鏈自己都不安全!【鐵人挑戰02天】
https://ithelp.ithome.com.tw/articles/10201782

報告老闆,我們的伺服器剛才被冰箱給駭了!【鐵人賽03天】
https://ithelp.ithome.com.tw/articles/10201889?sc=iThelpR

如何用一根溫度計搞垮你的工廠?【鐵人賽挑戰04天】
https://ithelp.ithome.com.tw/articles/10202391

[Day01]Why CISSP
https://ithelp.ithome.com.tw/articles/10200425

[Day02]藏在書本裡的倫理與道德
https://ithelp.ithome.com.tw/articles/10202306

[Day03]今天我是首席資安官
https://ithelp.ithome.com.tw/articles/10202329?fbclid=IwAR3xCstByawbX6tzzU7s0s7Hk8WFRA6Eis_xU-bKQ0xBxfdmPSp-11yudDg

2018 年 Raspberry Pi 的終極指南: 提示、訣竅和駭客技巧
https://softnshare.com/2018/10/15/pi-ultimate-guide-2/

Learn RxJS operators and Reactive Programming principles
http://reactive.how/?fbclid=IwAR1tdFxSoMNm8UzQqXTukTbDJPpEjSqrObBUGws5lonUfStMl1ybRniRFFo


J.玄武實驗室每日安全動態推送

每日安全動態推送(10-15)
https://tw.weibo.com/xuanwulab/4295372551040623

每日安全動態推送(10-16)
https://tw.weibo.com/xuanwulab/4295733874192382

每日安全動態推送(10-17)
https://tw.weibo.com/xuanwulab/4296094009302209

每日安全動態推送(10-18)
https://tw.weibo.com/xuanwulab/4296457291134628

每日安全動態推送(10-19)
https://tw.weibo.com/xuanwulab/4296817618821139


K.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機

資安標準論壇 聚焦物聯網
https://bit.ly/2q0FeE3

【TechOrange 2018 邊緣運算趨勢論壇】迎戰新時代資安,AI 與邊緣運算已密不可分
https://www.hksilicon.com/articles/1687897?utm_source=hksilicon.com&utm_medium=NewArticleBottomRight

保護 IT 與 OT 的整合
https://blog.trendmicro.com.tw/?p=57278

Review Shows Glaring Flaws In Xiongmai IoT Devices
https://www.bankinfosecurity.com/review-shows-glaring-flaws-in-xiongmai-iot-devices-a-11596

4.近期資安活動及研討會
  
  Call For Paper | HITCON PACIFIC 2018  9/17 ~ 10/14
  https://blog.hitcon.org/2018/09/call-for-paper-hitcon-pacific-2018.html

  2018 健康物聯網黑客松  10/19 ~ 10/21
  http://hack.tmu.edu.tw/2018.php

  物聯網資安培訓課程(崑山科技大學)  10/20 ~ 11/3
  https://w3.iiiedu.org.tw/coursedetail.php?id=ICSA05I&l=30&c=ICSA05I1801 

  物聯網資安專業培訓(中華電信) 10/20 ~ 11/17
  https://w3.iiiedu.org.tw/coursedetail.php?id=ICSA02I&l=30&c=ICSA02I1801

  第 44 回 Android Developer 讀書會 10/20
  https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/255501091/

  SQL Migration to Azure Data service實作課  10/22
  https://bit.ly/2ybA4cA

  Foundations in Digital Forensics with EnCase? (DF120) (原CF1)  10/23 ~ 10/26
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=40

  AWS Startup Day Taipei 2018   2018年10月23日
  https://amzn.to/2IYmQ7t

  國家高速網路與計算中心教育訓練 - 網路封包分析  10/23
  https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3650&from_course_list_url=homepage

  107年度各級專業人員持續訓練課程 - 資安治理概論與規劃  10/26
  https://www.tpipas.org.tw/course_view.aspx?no=118&tid=219

  物聯網資安培訓課程(中華民國資訊軟體協會) 10/26 ~ 11/9
  https://w3.iiiedu.org.tw/coursedetail.php?id=ICSA01I&l=35&c=ICSA01I1801

  金融資安培訓課程(台灣雲端安全聯盟) 10/26 ~ 11/3
  https://w3.iiiedu.org.tw/coursedetail.php?id=FCSA02I&l=30&c=FCSA02I1801

  亥客書院 -惡意程式檢測實務 10/27
  https://hackercollege.nctu.edu.tw/?p=885

  ISDA 白帽駭客巡迴入門〈1〉10/27
  https://reg.isda.org.tw/info.php?no=27

  TANET 2018-台灣網際網路研討會 暨資訊工程X智慧計算學門成果發表會 10/21 ~ 10/26
  https://cis.ncu.edu.tw/SeminarSys/activity/TANET2018/home

  Azure TechDay 年度盛會 10/30 台北場
  https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x4963751abcd

  Red Hat Forum 2018 TAIPEI  11/2
  https://www.redhat.com/en/events/red-hat-forum-taipei-2018?sc_cid=701f2000001OEJMAA4

  物聯網資安實務課程(台灣雲端安全聯盟) 11/2 ~ 11/10
  https://w3.iiiedu.org.tw/coursedetail.php?id=ICSA03I&l=30&c=ICSA03I1801

  ISDA 白帽駭客巡迴入門〈1〉11/03
  https://reg.isda.org.tw/info.php?no=28

  Building and Investigation with EnCase? (DF210) (原CF2)  11/5 ~ 11/8
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=41

  Imperva 2018 資安趨勢論壇 11/7
  https://seminar.ithome.com.tw/live/20181107Imperva/index.html

  亥客書院 - DDoS原理與實務  11/10
  https://hackercollege.nctu.edu.tw/?p=774

  認證系統安全從業人員SSCP輔導班  11月10日至11月18日
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=277

  新型態資安實務示範課程教學教師研習營  11/10 ~ 11/11
  https://docs.google.com/forms/d/e/1FAIpQLScCByNq_aQ6kIXawayMQPq9yMTtlFXkQ6JVTPrtpBh3TVGzoA/viewform

  Magnet原廠授權認證課程Magnet AXIOM Examinations 11/12 ~ 11/15
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=42

  SQL Migration to Azure Data service實作課 11/13
  https://bit.ly/2Nx6tiy

  資安趨勢與企業因應管理(可抵內稽)  11月13日
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=280

  原廠認證Cellebrite Certified Operator (CCO)  11/19 ~ 11/20
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=43

  Fortinet 2018 數位 X 資安 轉型論壇  11/15
  https://seminar.ithome.com.tw/live/2018fortinet/index.html?eDM_V1

  網站安全與稽核簡介(Ⅰ)(可抵內稽)  11月15日
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=281

  網站安全與稽核簡介(Ⅱ)(可抵內稽)  11月23日
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=282

  認證資訊系統安全專家 CISSP 輔導班 11月24日至12月8日
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=278

  Metasploit與滲透測試實務 11/25 ~ 11/26
  https://hackercollege.nctu.edu.tw/?p=641

  EnCase EnCE 認證考試 Preparation 課程  12/5 ~ 12/7
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=44

  駭客入侵調查暨資安緊急應變實務 12/10 ~ 12/11
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=45

  台灣駭客年會 HITCON Pacific 2018 12/13 ~ 12/14
  https://hitcon.kktix.cc/events/hitcon-pacific-2018

  亥客書院 - 進階網頁滲透測試  12/15
  https://hackercollege.nctu.edu.tw/?p=323

  專業手機暨硬碟資料救援教育訓練課程 12/26 ~ 12/28
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=46

  亥客書院 - 高階網頁滲透測試    2019/1/5
  https://hackercollege.nctu.edu.tw/?p=768

沒有留言:

張貼留言

資安事件新聞週報 2020/9/14 ~ 2020/9/18

    資安事件新聞週報 2020/9/14  ~  2020/9/18 1.重大弱點漏洞/後門/Exploit/Zero Day PAN-OS之Captive Portal或多因素驗證(Multi-Factor Authentication, MFA)介面存在安全漏洞(CVE-...