資安事件新聞週報 2019/7/15 ~ 2019/7/19
1.重大弱點漏洞/後門/Exploit/Zero Day
NetApp 阻斷服務漏洞
https://security.netapp.com/advisory/ntap-20190715-0001/
Palo Alto PAN-OS 多個漏洞
https://securityadvisories.paloaltonetworks.com/Home/Detail/155
https://securityadvisories.paloaltonetworks.com/Home/Detail/156
https://securityadvisories.paloaltonetworks.com/Home/Detail/157
Sprint發布安全漏洞警告:黑客通過三星網站竊取用戶敏感數據
https://finance.ifeng.com/c/7oNcPBGrCGe
Sprint:三星網站害用戶帳號遭駭、資料曝光
https://www.ithome.com.tw/news/131878
藍牙裝置漏洞可用來追蹤iOS/Mac、Windows 10裝置、Fitbit用戶位置
https://www.ithome.com.tw/news/131907
Oracle Critical Patch Update Advisory - July 2019
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Palo Alto GlobalProtect 資安通報
https://devco.re/blog/2019/07/17/Palo-Alto-GlobalProtect-advisory/
羅技舊款Unifying無線產品爆漏洞 疑遭駭客安裝惡意軟體
https://udn.com/news/story/7087/3934932
羅技無線接收器再現漏洞,攻擊者可輕易通過其控制他人電腦
https://www.expreview.com/69456.html
羅技 Unifying 接收器可能被駭客入侵,同時羅技有漏洞的舊款滑鼠也依在市場銷售
https://www.cool3c.com/article/146051
羅技無線設備出現4個安全漏洞,羅技官方只會修復一半
http://www.udaxia.com/xtzx/18896.html
LenovoEMC儲存裝置含有資料外洩漏洞
https://www.ithome.com.tw/news/131899
數位學習平台 WMPro 智慧大師含有 Command Injection 漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11062
索尼BRAVIA智能電視存在漏洞
https://4hou.win/wordpress/?p=34166
CentOS Control Web Panel 0.9.8.838 - User Enumeration
https://www.exploit-db.com/exploits/47125
Sun Solaris Doors Kernel Functionality 多個漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0874
Magento 2.3.1: Unauthenticated Stored XSS to RCE
https://blog.ripstech.com/2019/magento-rce-via-xss/
Zoom Zero Day Followup: Getting the RCE
https://blog.assetnote.io/bug-bounty/2019/07/17/rce-on-zoom/
Zoom Video Conferencing for macOS Also Vulnerable to Critical RCE Flaw
https://thehackernews.com/2019/07/zoom-video-conferencing-hacking.html
Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu
https://thehackernews.com/2019/07/zoom-ringcentral-vulnerabilities.html
Wormable BlueKeep Bug Still Threatens Legions of Windows Systems
https://threatpost.com/805k-windows-systems-open-bluekeep/146529/
BlueKeep patching isn’t progressing fast enough
https://www.welivesecurity.com/2019/07/17/bluekeep-patching-progress/
Microsoft Windows 10 1903/1809 - RPCSS Activation Kernel Security Callback Privilege Escalation
https://www.exploit-db.com/exploits/47135
Windows 7用戶注意! 微軟明年1月終止支援
https://ec.ltn.com.tw/article/breakingnews/2853622
Windows 7終止支援倒數6個月!微軟呼籲把握時機完成Windows 10升級與部署
http://bit.ly/2Ghujy3
微軟視窗 Defender Application Control 繞過保安限制漏洞
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1167
Microsoft is starting to auto-update Windows 10 Home, Pro users on 1803 or older to 1903
https://www.zdnet.com/article/microsoft-is-starting-to-auto-update-windows-10-home-pro-users-on-1803-or-older-to-1903/#ftag=RSSbaffb68
Here's Microsoft's updated roadmap for Chromium-based Edge features for the enterprise
https://www.zdnet.com/article/heres-microsofts-updated-roadmap-for-chromium-based-edge-features-for-the-enterprise/#ftag=RSSbaffb68
Security Flaw Exposed Valid Airline Boarding Passes
https://www.bankinfosecurity.com/security-flaw-exposed-valid-airline-boarding-passes-a-12783
Payment Fraud: Criminals Enroll Stolen Cards on Apple Pay
https://www.bankinfosecurity.com/payment-fraud-criminals-enroll-stolen-cards-on-apple-pay-a-12779
CTM籲用戶升級路由器固件 防範網絡攻擊
https://www.exmoo.com/article/115827.html
聯想和技嘉服務器固件發現可利用的漏洞
https://www.solidot.org/story?sid=61408
BMC韌體重大漏洞波及技嘉、聯想、宏碁等8家伺服器
https://ithome.com.tw/news/131908
VULNERABLE FIRMWARE IN THE SUPPLY CHAIN OF ENTERPRISE SERVERS
https://eclypsium.com/wp-content/uploads/2019/07/Vulnerable-Firmware-in-the-Supply-Chain.pdf
Vulnerability Allows Hackers to Take Control of Drupal 8 Websites
https://www.securityweek.com/vulnerability-allows-hackers-take-control-drupal-8-websites
Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks
https://blog.trendmicro.com/trendlabs-security-intelligence/jenkins-admins-relying-on-default-settings-could-put-master-at-risk-of-remote-code-execution-attacks/
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
國銀分行連5年減少 ATM台數資安人才需求增加
https://taronews.tw/2019/07/11/399258/
解放銀行數據力的鑰匙
https://www.ithome.com.tw/voice/131810
網路金融安全時代來臨
https://news.cnyes.com/news/id/4356845?exp=b
純網銀結合金、物流 央行評估風險
https://money.udn.com/money/story/5613/3927374
女員工利用銀行漏洞挪用1億多買下10多套房產
http://news.cctv.com/2019/07/12/VIDEf4ewe205yeXgPFtPa09X190712.shtml
發生了什麼?威士萬事達或將退出俄羅斯
https://news.sina.com.tw/article/20190715/31967582.html
電信大斷訊 澳洲櫃員機和商店支付系統癱瘓
https://taronews.tw/2019/07/11/399255/
費時三年 台大金融科技中心將揭牌
https://ctee.com.tw/news/finance/118372.html
傳統銀行接招! 7月底開放新設2家純網銀
https://news.tvbs.com.tw/life/1168122
又現擅自修改數據!中信證券頂風作案 違規修改科創板招股書被罰
https://news.sina.com.tw/article/20190717/31993634.html
首例!不甩金管會檢查 禮正投顧遭開罰60萬元
https://ec.ltn.com.tw/article/breakingnews/2854571
李氏證券內部監控缺失遭譴責及罰款52萬
http://bit.ly/2M2rrc7
RBI, HDFC Bank and others warned about this app. Here's what
http://bit.ly/2LtgKjm
German banks are moving away from SMS one-time passcodes
https://www.zdnet.com/article/german-banks-are-moving-away-from-sms-one-time-passcodes/
3.電子支付/電子票證/行動支付/ pay/新聞及資安
EMV國際通用掃碼支付正式在臺上線,一張QR Code貼紙就能接軌多個支付App
https://www.ithome.com.tw/news/131895
網友爆料騰訊充值業務出現漏洞,有網友充值高達萬元的Q幣
https://www.bilibili.com/read/cv3088587/
Huawei Pay在港推出 擴至4萬個銷售點
http://bit.ly/2GfwDFS
國際財經:俄羅斯表態加入歐盟針對伊朗的支付管道Instex
http://bit.ly/2JEuohF
網絡故障導致全澳零售業付款系統大癱瘓
http://www.epochtimes.com/b5/19/7/15/n11385721.htm
4.虛擬貨幣/區塊鍊 新聞及資安
日本幣寶交易所遭駭約 35 億日圓的數位貨幣,台灣幣寶用戶暫不受影響
https://news.xfastest.com/%E8%99%9B%E6%93%AC%E8%B2%A8%E5%B9%A3/67028/bitpoint-japan-hacked/
日本加密貨幣交易所 BITPoint 證實被盜官方:台灣分公司不受影響
https://news.cnyes.com/news/id/4356999
日業者虛擬貨幣遭盜 損失估逾10億元
https://money.udn.com/money/story/5599/3925210
全球比特幣 ATM 數量已經超過 5000 台,在歐洲恐成反洗錢(AML)防制漏洞
https://www.blocktempo.com/bitcoin-atms-show-gap-in-eu-s-money-laundering-rules-police-say/
這次又坑多少人?深度解析Dash錢包關鍵漏洞
https://www.feixiaohao.com/news/3834282
加密貨幣大戰 正邪難辨
https://hk.finance.appledaily.com/finance/daily/article/20190715/20729425
獲新交所投資!新加坡首家持牌證券型代幣交易所 1exchange 宣告上線
https://news.cnyes.com/news/id/4356202
MaiCoin擬發碳權證券型代幣 金管會:沒來談過
https://money.udn.com/money/story/5613/3933516
MaiCoin盼年底發「碳權STO」 金管會尚未點頭
https://www.chinatimes.com/realtimenews/20190717000881-260410?chdtv
去中心化交易所協議0x 發現安全漏洞交易合約暫時關閉
https://www.linksfin.com/article/299255
如何挑選比特幣交易所
https://www.inside.com.tw/article/16924-how-to-choose-crytpo-exchanges
facebook擬發行虛擬貨幣 G7同意控制發展
http://bit.ly/2xQ2AzV
出面回應 BITPoint Japan 遭駭事件社長小田玄紀:承擔責任、徹查到底
https://news.cnyes.com/news/id/4358595
駭客正在將幣安(Binance)被盜的比特幣,轉移到其他交易所中
https://www.blocktempo.com/hackers-are-turning-binances-stolen-bitcoin-into-fiat/
不翼而飛 − 日本加密貨幣交易所遭駭客入侵盜走 $3,200 萬美元
http://bit.ly/2SwZOtb
傳日本推虛擬幣支付國際網絡
https://hk.finance.appledaily.com/finance/realtime/article/20190718/59836161
打擊洗錢活動 傳日本擬開發加密貨幣支付網絡
https://ec.ltn.com.tw/article/breakingnews/2856514
G7“嚴重關切”Libra 同意抓緊出臺對策
https://tchina.kyodonews.net/news/2019/07/84e074b100c4-g7libra-.html
交大FinTech中心攜手奧丁丁 發展區塊鏈與AI
https://money.udn.com/money/story/5613/3936549
Brazil completes first blockchain real estate sale
https://www.zdnet.com/article/brazil-completes-first-blockchain-real-estate-sale/#ftag=RSSbaffb68
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
專門攻擊 QNAP 網路儲存裝置的 eCh0raix 勒索病毒
https://blog.trendmicro.com.tw/?p=61210
夾帶惡意軟體App 下載百萬次
http://bit.ly/32sPUNu
惡意軟件襲 Android!自動取代正版軟件防不勝防
https://m.eprice.com.hk/mobile/talk/124/213526/1/
Emotet神隱一個月 復活後或變超惡程式
http://bit.ly/2XKlveW
Panda反病毒軟件本地提權漏洞分析(CVE-2019-12042)
https://www.freebuf.com/vuls/207765.html
拒受勒索軟體要脅 巴爾的摩高代價重建系統
https://money.udn.com/money/story/10511/3928055
新款Android惡意程式出現 香港逾萬部手機受感染
http://bit.ly/30FgPns
惡意軟體「Agent Smith」已感染全球 2,500 萬安卓設備 台灣也有 479 台中標
https://saydigi-tech.com/2019/07/8727.html
請小心這位探員!惡意程式「Agent Smith」傳在全球感染超過2500萬支Android手機
https://cnews.com.tw/140190712a03/
被超難解密的勒索軟體纏身,美國又有地方政府選擇支付贖金給駭客
https://ithome.com.tw/news/131832
新型Android變種惡意軟體 全球有2500萬台裝置受感染
https://tw.finance.appledaily.com/realtime/20190717/1601346/
Telegram多功能版MobonoGram 2019會偷下載惡意網站
https://ithome.com.tw/news/131874
【NotPetya】史上破壞力最強的一次網絡攻擊(五):癱瘓烏克蘭
http://bit.ly/2JDf0BX
2019 下半年勒索病毒將如何發展
https://blog.trendmicro.com.tw/?p=61165
Ransomware: As GandCrab Retires, Sodinokibi Rises
https://www.bankinfosecurity.com/ransomware-as-gandcrab-retires-sodinokibi-rises-a-12788
OpenNIC drops support for .bit domain names after rampant malware abuse
https://www.zdnet.com/article/opennic-drops-support-for-bit-domain-names-after-rampant-malware-abuse/#ftag=RSSbaffb68
This Week in Security News: Banking Malware and Phishing Campaigns
https://blog.trendmicro.com/weekinsecurity7-12-19/
2019-07-12 - DRIDEX ACTIVITY
https://www.malware-traffic-analysis.net/2019/07/12/index.html
2019-07-09 - MALSPAM WITH PASSWORD-PROTECTED WORD DOC PUSHES DRIDEX
https://www.malware-traffic-analysis.net/2019/07/09/index.html
Should governments pay extortion payments after a ransomware attack
https://blog.talosintelligence.com/2019/07/ransomware-extortion-roundtable-government-payments.html
Wannacry ransomware attack: Industry experts offer their tips for prevention
https://www.techrepublic.com/article/wannacry-ransomware-attack-industry-experts-offer-their-tips-for-prevention/
New Malware Replaced Legit Android Apps With Fake Ones On 25 Million Devices
https://thehackernews.com/2019/07/whatsapp-android-malware.html
A New Ransomware Is Targeting Network Attached Storage (NAS) Devices
https://thehackernews.com/2019/07/ransomware-nas-devices.html
Powerful FinSpy Spyware Found Targeting iOS and Android Users in Myanmar
https://thehackernews.com/2019/07/finspy-spyware-android-ios.html
Security Advisory for eCh0raix Ransomware
https://www.qnap.com/zh-tw/security-advisory/nas-201907-11
Malware framework creates one billion fake Google Adsense ad impressions in only a few months
https://www.zdnet.com/article/malware-framework-creates-one-billion-fake-google-adsense-ad-impressions-in-only-a-few-months/#ftag=RSSbaffb68
Newly Discovered Malware Framework Cashing in on Ad Fraud
https://www.flashpoint-intel.com/blog/newly-discovered-malware-framework-cashing-in-on-ad-fraud/
Hong Kong malvertiser blamed for malicious ads that invaded Microsoft apps
https://www.zdnet.com/article/hong-kong-malvertiser-blamed-for-malicious-ads-that-invaded-microsoft-apps/#ftag=RSSbaffb68
Hong Kong Based Malvertiser Brokers Traffic To Fake Antivirus Scams — Over 100 Million Ads Compromised In 2019 So Far
https://blog.confiant.com/hong-kong-based-malvertiser-brokers-traffic-to-fake-antivirus-scams-over-100-million-ads-300e251eff06
資安公司在Python套件儲存庫PyPI發現3個惡意後門套件
https://www.ithome.com.tw/news/131912
Malicious Python libraries targeting Linux servers removed from PyPI
https://www.zdnet.com/article/malicious-python-libraries-targeting-linux-servers-removed-from-pypi/#ftag=RSSbaffb68
SupPy Chain Malware - Detecting malware in package manager repositories
https://blog.reversinglabs.com/blog/suppy-chain-malware-detecting-malware-in-package-manager-repositories
Powload Loads Up on Evasion Techniques Posted
https://blog.trendmicro.com/trendlabs-security-intelligence/powload-loads-up-on-evasion-techniques/
EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users
https://thehackernews.com/2019/07/linux-gnome-spyware.html
Unofficial Telegram App Secretly Loads Infinite Malicious Sites
https://www.symantec.com/blogs/threat-intelligence/unofficial-telegram-app-malicious-sites
Trojan-Riddled WinRAR, Winbox, IDM Spreads StrongPity Spyware
https://www.bleepingcomputer.com/news/security/trojan-riddled-winrar-winbox-idm-spreads-strongpity-spyware/
Banking Trojan TrickBot learned to spam and has already collected 250 million email addresses
https://trojan-killer.net/banking-trojan-trickbot-learned-to-spam-and-has-already-collected-250-million-email-addresses/
Tenga cuidado con el Malware de Anubis Banking que puede poner en riesgo su privacidad virtual
https://www.todotech20.com/tenga-cuidado-con-el-malware-de-anubis-banking-que-puede-poner-en-riesgo-su-privacidad-virtual/
EvilGnome: Rare Malware Spying on Linux Desktop Users
https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/
SLUB Gets Rid of GitHub, Intensifies Slack Use
https://blog.trendmicro.com/trendlabs-security-intelligence/slub-gets-rid-of-github-intensifies-slack-use/
Okrum: Ke3chang group targets diplomatic missions
https://www.welivesecurity.com/2019/07/18/okrum-ke3chang-targets-diplomatic-missions/
New Okrum Malware Used by Ke3chang Group to Target Diplomats
https://www.bleepingcomputer.com/news/security/new-okrum-malware-used-by-ke3chang-group-to-target-diplomats/
Mirai Botnet Sees Big 2019 Growth, Shifts Focus to Enterprises
https://threatpost.com/mirai-botnet-sees-big-2019-growth-shifts-focus-to-enterprises/146547/
The rising tide of ransomware requires a commitment to best practices
https://www.zdnet.com/article/the-rising-tide-of-ransomware-requires-a-commitment-to-best-practices/#ftag=RSSbaffb68
B.行動安全 / iPhone / Android /穿戴裝置 /App
2500萬台安卓手機遭陸公司入侵 靠掉包APP廣告來賺錢
https://n.yam.com/Article/20190712751863
Apple 宣佈暫時禁用 Apple Watch 上的對講機功能
http://bit.ly/2JxaYuJ
有人在偷聽你的iPhone對話!蘋果手錶曝竊聽漏洞
https://news.sina.com.tw/article/20190713/31953066.html
臉書今晨大當機!介面「一片空白」 網友哀號:又掛了
https://tw.news.appledaily.com/life/realtime/20190718/1601967/
中國警方運用間諜軟體監控智慧型手機
https://technews.tw/2019/07/18/china-police-spyapp-smartphone/
注意!iOS 13測試版出現漏洞未經授權可訪問“設置”中保存的密碼
http://www.sohu.com/a/327163131_114774
iOS 13現安全漏洞 繞過權限認證獲取帳號密碼
http://bit.ly/2LpZLOZ
Android版WhatsApp、Telegram漏洞,可使駭客篡改影像檔案
https://www.ithome.com.tw/news/131856
Telegram多功能版MobonoGram 2019會偷下載惡意網站
https://ithome.com.tw/news/131874
研究人員破解IG的密碼復原程序,可取得任何用戶的登入憑證
https://www.ithome.com.tw/news/131888
警示片《原本以為只是手機掉了》揭資安死角! 一不小心連命都沒了
https://www.ettoday.net/dalemon/post/44801
變老App被爆有資安漏洞 引起社群資安恐慌
https://newtalk.tw/news/view/2019-07-18/274296
「抖音」疑設「後門」直通中國政府 印度IT部要求解釋
https://m.ltn.com.tw/news/world/breakingnews/2857377
區塊科技推「存證王APP」 隨時隨地都可自保
https://www.chinatimes.com/realtimenews/20190718003566-260410?chdtv
網友亂留言,區塊鏈技術可快速蒐證
https://ec.ltn.com.tw/article/breakingnews/2857318
iOS URL Scheme Susceptible to Hijacking
https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/
Slack to reset passwords for tens of thousands of users
https://www.zdnet.com/article/slack-to-reset-passwords-for-tens-of-thousands-of-users/#ftag=RSSbaffb68
How your Instagram account could have been hijacked
https://www.welivesecurity.com/2019/07/16/instagram-account-could-have-been-hijacked/
New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission
https://thehackernews.com/2019/07/android-side-channel-attacks.html
This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes
https://thehackernews.com/2019/07/hack-instagram-accounts.html
Unofficial Telegram App Secretly Loads Infinite Malicious Sites
https://www.symantec.com/blogs/threat-intelligence/unofficial-telegram-app-malicious-sites
Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram
https://thehackernews.com/2019/07/media-files-whatsapp-telegram.html
Unofficial Telegram app secretly loads malicious sites
http://bit.ly/2Lp605r
iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts
https://thehackernews.com/2019/07/ios-custom-url-scheme.html
Latest technology could miss Australia due to encryption laws: Telstra
https://www.zdnet.com/article/latest-technology-could-miss-australia-due-to-encryption-laws-telstra/
Bluetooth exploit can track and identify iOS, Microsoft mobile device users
https://www.zdnet.com/article/bluetooth-vulnerability-can-be-exploited-to-track-and-id-iphone-smartwatch-microsoft-tablet-users/#ftag=RSSbaffb68
Major Chinese Android developer booted from Google Play for drowning users in adverts
https://www.zdnet.com/article/google-boots-chinese-android-developer-for-drowning-users-in-ads/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
驚人!高手自製「解壓縮炸彈」能把 46MB 變 4.5PB
https://3c.ltn.com.tw/news/37385
不破解wifi密碼就出不去!HITCON推出「駭客版」密室逃脫遊戲
https://www.bnext.com.tw/article/53847/hitcon-hacker-escaperoom
FCC新規則將處罰海外電話詐騙犯
https://www.ntdtv.com/b5/2019/07/17/a102624481.html
依規劃制定回應程序 設計Playbook輔助跨部門協防 資安事件編排與回應平台 補強領域知識缺口
https://www.netadmin.com.tw/netadmin/zh-tw/trend/49D92C0E8E55432ABC9EA52C7A53625D
調查:網絡安全最大威脅來自內部
http://paper.wenweipo.com/2019/07/18/MC1907180003.htm
56%台企遭網攻 專家:駭客獲利4次
https://www.secretchina.com/news/b5/2019/07/16/900487.html
駭走38億元貨款 1堂台企不能忽視的資安課
https://www.chinatimes.com/realtimenews/20190715002709-260410?chdtv
自學抓漏 「白帽駭客」錄取交大資工
https://news.ltn.com.tw/news/life/paper/1303492
五分之一的大型企業依然使用Windows 7系統
https://news.sina.com.tw/article/20190716/31978478.html
提供駭客代管服務的網路罪犯遭美方通緝多年後終於被逮捕
https://www.ithome.com.tw/news/131882
上市櫃公司若遭駭 資安專家:恐付4重代價
https://udn.com/news/story/7251/3929846
駭客攻擊勒贖個資「一魚四吃」 台CEO做好防範數位攻擊年增4成
https://www.ettoday.net/news/20190712/1488765.htm
9月奧斯陸論壇聚焦資訊戰 何韻詩將出席
http://www.epochtimes.com/b5/19/7/13/n11382796.htm
強暴+烹殺…太便宜?警方抓暗網交易
http://bit.ly/2NUmtRc
駭客變國安全危機 直擊資安戰情室
https://news.cts.com.tw/cts/international/201907/201907141967522.html
Cybersecurity Frameworks — Types, Strategies, Implementation and Benefits
https://thehackernews.com/2019/07/best-cybersecurity-frameworks.html
數位電子駕照取代紙卡 手機存取美試行
https://news.tvbs.com.tw/focus/1165209
認定資安無虞 陸大疆無人機 美國意外放行
https://readers.ctee.com.tw/cm/20190712/a01aa1/993264/share
〈紅色滲透〉台網媒負責人曾是駭客挨告 公司登記在住家
https://www.nextmag.com.tw/realtimenews/news/474144
密電曝光讓駐外大使丟官 英情報機構發現洩密者了
https://news.ltn.com.tw/news/world/breakingnews/2852495
共諜利用民主開放滲透 學者:立法補黑洞
http://bit.ly/2Gd8Pm6
指控Google遭陸滲透 川普大金主促FBI快來查
https://www.chinatimes.com/realtimenews/20190717000004-260408?chdtv
國軍退將是共諜 學者:價值觀被混淆
http://bit.ly/2YUnkCz
捲入上海仟和億 公安曝光涉案台灣分析師名單
https://ec.ltn.com.tw/article/breakingnews/2853908
台灣分析師上海遭逮 真正內幕曝光
https://www.chinatimes.com/realtimenews/20190718000007-260410?chdtv
內幕:中共五千間諜侵台 滲透軍方五大手法
http://www.epochtimes.com/b5/19/7/15/n11385101.htm
微軟:過去一年將近1萬個企業用戶也面臨國家級駭客的攻擊威脅
https://www.ithome.com.tw/news/131926
Equifax前信息官涉內部交易 被判罰款
http://www.epochtimes.com/b5/19/7/18/n11394044.htm
全國斷網數小時損失超1億美元 澳大利亞尷尬了
https://news.sina.com.tw/article/20190714/31959098.html
澳大利亞電訊2019網絡安全調查報告: 安全漏洞持續上升,網絡安全仍然是香港企業最高優先事項
http://bit.ly/2xPVn2V
港藝術家編程式 自動收集全球「反送中」照片影片 無篩選展示觀眾眼前
http://bit.ly/32rJxdk
南韓新法上路 縱容職場霸凌恐判刑
https://news.cts.com.tw/cts/international/201907/201907181968074.html
多數德人願為資安支付更高費用 安全標籤有助購買決策
https://www.chinatimes.com/realtimenews/20190716001256-260408?chdtv
英國會議員:英國應擴大限制華為 但不是資安理由
https://ec.ltn.com.tw/article/breakingnews/2853749
華為證實在美刪減千名員工、今後三年將在義大利投資31億美元
https://news.cnyes.com/news/id/4358220
美國選舉委員會改弦易轍,允許政治活動接受優惠的網路安全服務
https://www.ithome.com.tw/news/131831
新加坡資安新措施將加強機密數據保障
https://twbusiness.nat.gov.tw/news.do?id=402620439
美軍官妄稱中國使委內瑞拉人民背負債務,外交部:酸葡萄心理
https://news.sina.com.tw/article/20190716/31985170.html
狼蹤再現!中國伺服器國家隊 藏身新北市第一高樓
https://udn.com/news/story/6841/3929083
Magecart駭客集團專找配置錯誤的Amazon S3儲存貯體
https://times.hinet.net/news/22460421
Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets
https://thehackernews.com/2019/07/magecart-amazon-s3-hacking.html
Microsoft notified 10,000 victims of nation-state attacks
https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/#ftag=RSSbaffb68
Cyber Command tested ‘persistent engagement’ in June exercise
https://www.fifthdomain.com/dod/cybercom/2019/07/16/cyber-command-tested-persistent-engagement-in-june-exercise/
U.S. Cyber Command simulated a seaport cyberattack to test digital readiness
https://www.cyberscoop.com/us-cyber-command-simulated-seaport-cyberattack-test-digital-readiness/
Brazil gears up to enhance data analytics to tackle benefit fraud
https://www.zdnet.com/article/brazil-gears-up-to-enhance-data-analytics-to-tackle-benefit-fraud/#ftag=RSSbaffb68
Brazil is at the forefront of a new type of router attack
https://www.zdnet.com/article/brazil-is-at-the-forefront-of-a-new-type-of-router-attack/#ftag=RSSbaffb68
Surprising Password Guidelines from NIST
https://www.bankinfosecurity.com/blogs/surprising-password-guidelines-from-nist-p-2764
Engineer flees to China after stealing source code of US train firm
https://www.zdnet.com/article/engineer-flees-to-china-after-stealing-source-code-of-us-train-firm/#ftag=RSSbaffb68
Cybersecurity Frameworks — Types, Strategies, Implementation and Benefits
https://thehackernews.com/2019/07/best-cybersecurity-frameworks.html
Organizations expect to boost their cybersecurity investments by 34%
https://www.helpnetsecurity.com/2019/07/15/boost-cybersecurity-investments/
Engage Your Management with the Definitive 'Security for Management' Presentation Template
https://thehackernews.com/2019/07/security-for-management.html
Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
https://blog.talosintelligence.com/2019/07/sea-turtle-keeps-on-swimming.html
NCSC report warns of DNS Hijacking Attacks
https://securityaffairs.co/wordpress/88366/hacking/dns-hijacking-ncsc-report.html
Ministry of Home Affairs Needs to Go Beyond Security Basics
https://www.bankinfosecurity.asia/blogs/ministry-home-affairs-needs-to-go-beyond-security-basics-p-2775
Kazakhstan government is now intercepting all HTTPS traffic
https://www.zdnet.com/article/kazakhstan-government-is-now-intercepting-all-https-traffic/
APAC firms must transform cybersecurity approach
https://www.zdnet.com/article/apac-firms-must-transform-cybersecurity-approach/#ftag=RSSbaffb68
【資安所】產業合作專員
https://www.104.com.tw/job/6o9ga
Security Engineer
https://www.cakeresume.com/companies/maicoin/jobs/security-engineer-ae8ff9
Security Engineer
https://github.com/MaiAmis/Careers/blob/master/MaiCoin/security-engineer.md
#徵才 台北/群聚整合資安/解決方案架構師(售前)
https://www.dcard.tw/f/job/p/231681330
資安管制人員/北市大安
https://m.yes123.com.tw/memmvc/jobsearch/JobDetailPage?pid=20091202100256_16890535&subid=20190709110004_2377997
契約資訊(副)工程師(資安)甄選公告
https://www.vhlc.gov.tw/News_Content.aspx?n=D65DB00DDAEFC920&sms=21B65CD3BBA62A7F&s=0FE8E032A0B37B7C
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
黑貓宅急騙 跟真正的黑貓官網相似度99%
https://blog.trendmicro.com.tw/?p=61179
相似度99%! 駭客偽「宅配網」 詐單號騙個資
https://news.tvbs.com.tw/life/1167303
【詐騙】黑貓宅急騙 跟真正的黑貓官網相似度99%,收到送貨進度簡訊,別點連結
https://blog.trendmicro.com.tw/?p=61179
中國江蘇省公安局洩漏超過九千萬筆個人與公司行號資料
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=893
【獨家】人力銀行1111有20萬筆個資遭外洩,來源同外洩銓敘部個資的論壇
https://www.ithome.com.tw/news/131930
駭客論壇兜售! 1111人力銀行驚傳20萬筆個資外洩
http://bit.ly/2XOXMKB
1111人力銀行遭駭 舊個資外洩警方偵辦中
https://www.cna.com.tw/news/asoc/201907190107.aspx
1111人力銀行 予人煏講漏洩求職者個資
https://news.pts.org.tw/article/438646
1111人力銀行20萬筆個資 遭駭客惡意外洩
https://tw.news.appledaily.com/life/realtime/20190719/1602555/
秦嗣葵:銓敘部個資外洩 資安戰略待強化
https://tw.appledaily.com/new/realtime/20190719/1602387/
駭客竊取個資 四招放空企業
http://bit.ly/2LWRq4B
知名飯店Kiosk系統漏洞讓後台資料庫憑證曝險,可致客戶資料被竊
https://www.ithome.com.tw/news/131809
美調查侵犯隱私案 傳重罰臉書逾1550億元
https://taronews.tw/2019/07/13/401105/
fb洩私隱和解 罰390億破紀錄 不及去年收入十分一 被指欠阻嚇力
http://bit.ly/2Y5uAhU
投資虛擬貨幣發大財?詐騙案層出不窮
http://bit.ly/2LTBD6W
保加利亞國稅局遭到駭客入侵,數百萬納稅人資料外洩
https://www.ithome.com.tw/news/131879
「付款設定錯誤」狂詐69名網拍店家 10車手海削440萬全上繳
https://www.ettoday.net/news/20190716/1491538.htm
假檢警騙很大 桃園去年財損1.3億
https://udn.com/news/story/11322/3930579
電腦密碼發明人逝世享年93歲 曾稱「密碼」已成網路惡夢
https://cnews.com.tw/140190715a06/
SAS:2021年25%組織採用 AI將成反詐欺主流技術
https://www.chinatimes.com/newspapers/20190716000277-260204?chdtv
Phishing Scheme Targets Amex Cardholders
https://www.bankinfosecurity.com/new-phishing-scheme-targets-amex-card-holders-a-12796
This Phishing Attacker Takes American Express—and Victims’ Credentials
https://cofense.com/phishing-attacker-takes-american-express-victims-credentials/
93% of porn sites leak data to a third-party
https://www.zdnet.com/article/93-of-porn-sites-leak-data-to-a-third-party/#ftag=RSSbaffb68
The use of compromised accounts to send phishing emails to contacts inside and outside an organization is an increasing security threat
https://www.techrepublic.com/article/lateral-phishing-hackers-are-taking-over-business-accounts-to-send-malicious-emails/
Threat Spotlight: Lateral Phishing
https://blog.barracuda.com/2019/07/18/threat-spotlight-lateral-phishing/
Bulgarian Authorities Arrest Suspect in Massive Data Breach
https://www.bankinfosecurity.com/bulgarian-authorities-arrest-suspect-in-massive-data-breach-a-12790
Hacker Stole Data of Over 70% Bulgarian Citizens from Tax Agency Servers
https://thehackernews.com/2019/07/bulgaria-nra-data-breach.html
Sweden and UK's surveillance programs on trial at the European Court of Human Rights
https://www.zdnet.com/article/sweden-and-uks-surveillance-programs-on-trial-at-the-european-court-of-human-rights/#ftag=RSSbaffb68
Evite Invites Over 100 Million People to Their Data Breach
https://www.bleepingcomputer.com/news/security/evite-invites-over-100-million-people-to-their-data-breach/
Bulgaria's hacked database is now available on hacking forums
https://www.zdnet.com/article/bulgarias-hacked-database-is-now-available-on-hacking-forums/#ftag=RSSbaffb68
Hacker steals data of millions of Bulgarians, emails it to local media
https://www.zdnet.com/article/hacker-steals-data-of-millions-of-bulgarians-emails-it-to-local-media/#ftag=RSSbaffb68
Singapore hopes to groom data protection officers with training framework
https://www.zdnet.com/article/singapore-hopes-to-groom-data-protection-officers-with-training-framework/#ftag=RSSbaffb68
E.研究報告
賽門鐵克雲端安全威脅研究報告探討雲端的真實風險
https://symc.ly/2GdRhX3
靈活運用Serverless運算 雲原生系統也能輕鬆遷移 建構K8S容器管理平台 打底Knative無伺服器框架
https://www.netadmin.com.tw/netadmin/zh-tw/technology/78E2B931705C4C4B974991B7CA31938D
WebLogic 任意文件上傳遠程代碼執行_CVE-2018-2894漏洞復現
https://www.cnblogs.com/yuzly/p/11152895.html
0x協議漏洞原理剖析:惡意掛單可擾亂正常交易秩序
https://www.xcong.com/articles/3560727
Ubuntu桌面版USBCreator D-Bus權限提升漏洞分析
https://www.anquanke.com/post/id/181937
CVE-2019-12272 OpenWrt圖形化管理界面LuCI命令注入分析
https://www.4hou.com/vulnerable/19135.html
網站安全滲透測試服務之discuz漏洞挖掘與利用
http://blog.itpub.net/31542418/viewspace-2650648/
Atlassian JIRA模板注入漏洞预警
https://www.freebuf.com/vuls/208365.html
Apache struts2遠端命令執行_CVE-2017-9805(S2-052)漏洞復現
https://www.itread01.com/content/1563294303.html
某報表v8.0 Getshell漏洞分析
https://xz.aliyun.com/t/5652
深入分析macOS漏洞CVE-2019-8507
https://www.jishuwen.com/d/2nNj/zh-tw
挖洞經驗| 看我如何發現微軟Outlook for Android移動應用的XSS漏洞
https://www.freebuf.com/vuls/208038.html
[經驗分享]phpIPAM 安裝流程與使用心得
http://blog.jason.tools/2019/07/phpipam-install.html
CVE-2019-5596 : FreeBSD UaF提權漏洞分析
https://www.anquanke.com/post/id/182014
Calling Syscalls Directly from Visual Studio to Bypass AVs/EDRs
https://ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Bypassing Python3.8 Audit Hooks [Part 1]
https://daddycocoaman.dev/posts/bypassing-python38-audit-hooks-part-1/
dfvfs v20190714 releases: Digital Forensics Virtual File System
https://securityonline.info/dfvfs/?fbclid=IwAR1i268fFZAnoljTFeF2ojmpr5zeQqLO5BbHrNsughrc67aArz26FhM4Byc
HiedaNaKan/FuckMFS
https://github.com/HiedaNaKan/FuckMFS
Endpoint Hunting in an AntiEDR World
https://mgreen27.github.io/projects/AntiEDRWorld/
0DAYZ OF OUR LIFE
https://objectivebythesea.com/v2/talks/OBTS_v2_Hill.pdf
posixninja/pppoccl
https://github.com/posixninja/pppoccl
Fuzzing File Systems via Two-Dimensional Input Space Exploration – Summary
http://bit.ly/2YUmsxI
macOS - getting root with benign App Store apps
https://objectivebythesea.com/v2/talks/OBTS_v2_Fitzl.pdf
Breaking mobile userland w[0x42] alls
https://drive.google.com/file/d/1HwG6Ks_2dO0ut2plyPx1-svfNVKL1Mhu/view
How I Hacked the Microsoft Outlook Android App and Found CVE-2019-1105
http://bit.ly/2NQARtM
Analysis of a use-after-unmap vulnerability in Edge: CVE-2019-0609
https://gts3.org/2019/cve-2019-0609.html
Ghidra Python Scripting - AZORult
http://rinseandrepeatanalysis.blogspot.com/2019/07/ghidra-python-scripting-azorult.html
Automated AD and Windows test lab deployments with Invoke-ADLabDeployer
http://bit.ly/2XXtm8k
WCTF2019 Writeup
https://bit.ly/wctf2019-gtf
IronPython, darkly: how we uncovered an attack on government entities in Europe
http://blog.ptsecurity.com/2019/07/ironpython-darkly-how-we-uncovered.html
Facebook to Pay $5 Billion Fine to Settle FTC Privacy Investigation
https://thehackernews.com/2019/07/facebook-data-privacy-ftc.html
SWEED: Exposing years of Agent Tesla campaigns
https://blog.talosintelligence.com/2019/07/sweed-agent-tesla.html
Meet Extenbro, a new DNS-changer Trojan protecting adware
https://blog.malwarebytes.com/trojans/2019/07/extenbro-a-new-dns-changer-trojan-protecting-adware/
Turla renews its arsenal with Topinambour
https://securelist.com/turla-renews-its-arsenal-with-topinambour/91687/
Turla APT Returns with New Malware, Anti-Censorship Angle
https://threatpost.com/turla-apt-malware-anti-censorship/146472/
'Sea Turtle' DNS Hijackers Expand Reach
https://www.bankinfosecurity.com/sea-turtle-dns-hijackers-expand-reach-a-12780
Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study
https://devco.re/blog/2019/07/17/attacking-ssl-vpn-part-1-PreAuth-RCE-on-Palo-Alto-GlobalProtect-with-Uber-as-case-study/
RDP exposed: the wolves already at your door
https://nakedsecurity.sophos.com/2019/07/17/rdp-exposed-the-wolves-already-at-your-door/
SLUB Gets Rid of GitHub, Intensifies Slack Use
https://blog.trendmicro.com/trendlabs-security-intelligence/slub-gets-rid-of-github-intensifies-slack-use/
JShielder : Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark G
https://kalilinuxtutorials.com/jshielder-hardening-script/
Passpie : Multiplatform Command-line Password Manager
https://kalilinuxtutorials.com/passpie-command-line-password-manager/
iKy : OSINT Project To Collect Information From Mail
https://kalilinuxtutorials.com/iky-osint-project/
Multi-Cloud Security Best Practices Guide
https://www.tripwire.com/state-of-security/security-data-protection/cloud/multi-cloud-security-best-practices-guide/
curi0usJack/.htaccess
https://gist.github.com/curi0usJack/971385e8334e189d93a6cb4671238b10
Attacking Private Networks from the Internet with DNS Rebinding
https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
Evading Sysmon DNS Monitoring
https://blog.xpnsec.com/evading-sysmon-dns-monitoring/
Bypassing Web Application Firewalls with HTTP Parameter Pollution
https://www.exploit-db.com/docs/47082
Apache Camel Exploitation
https://www.exploit-db.com/docs/47074
F.商業
過濾8.9 Gbps進階威脅,Check Point增設企業級新機型
https://www.ithome.com.tw/review/131610
威脅情資平台 Anomali 談火紅的 AI,AI 已經被說得太誇大了
https://technews.tw/2019/07/18/anomali-thinks-what-ai-can-d-is-said-too-big-compare-to-the-reality/
KX906指紋智慧鑰匙 奪回資安主導權
https://ctee.com.tw/industrynews/117511.html
趨勢科技為 Amazon Web Services 用戶提供高效能在線式網絡防護
https://money.udn.com/money/story/12987/3925277
Win7終止支援倒數6個月 主流Win10市占高出去年10%
https://tw.lifestyle.appledaily.com/gadget/realtime/20190716/1600724/
中信國際電訊CPC 提供新一代雲網融合服務
https://ctee.com.tw/industrynews/technology/118414.html
外商MDR攜手在地夥伴 培育專人運用iSIGHT情資解惑 事件回應並非直接阻斷 目的在判斷真假攻擊
https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/110F1FFE087C4013BEEBB8070EF0A454
基於EDR建構分析平台 自主研發判斷規則輔助偵查 遠端及時獵捕威脅 主動回應採取行動
https://www.netadmin.com.tw/netadmin/zh-tw/trend/7E268013919D43049D3E7184E7C101FA
防止駭客破解演算法並偽造,富士通用FRAM物理特性認證電子設備身分安全
https://www.ithome.com.tw/news/131901
趨勢科技在 Microsoft Azure Marketplace 上推出 Deep Security as a Service 雲端資安服務
http://bit.ly/2YZ9aA7
上海控安自研國內首款同時支持源代碼與二進製文件的漏洞掃描工具
https://www.aqniu.com/vendor/51398.html
Firefox follows in Chrome's footsteps and will mark all HTTP pages as 'not secure'
https://www.zdnet.com/article/firefox-follows-in-chromes-footsteps-and-will-mark-all-http-pages-as-not-secure/#ftag=RSSbaffb68
Google to remove Chrome's built-in XSS protection (XSS Auditor)
https://www.zdnet.com/article/google-to-remove-chromes-built-in-xss-protection-xss-auditor/#ftag=RSSbaffb68
Companies with zero-trust network security move toward biometric authentication
https://www.csoonline.com/article/3409785/companies-with-zero-trust-network-security-move-toward-biometric-authentication.html
Microsoft thrives on Android, iOS as bet away from Windows pays off
https://www.zdnet.com/article/microsoft-thrives-on-android-ios-as-bet-away-from-windows-pays-off/#ftag=RSSbaffb68
Hostinger web hosting review: Good support and a killer entry-level price
https://www.zdnet.com/article/hostinger-web-hosting-review-good-support-and-a-killer-entry-level-price/#ftag=RSSbaffb68
New Azure Marketplace Pay-As-You-Go Billing for Trend Micro Deep Security as a Service
https://blog.trendmicro.com/azuremarketplace/
Cloud-Based IoT Solutions: Responding to Traditional Limits and Security Concerns
https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/cloud-based-iot-solutions-responding-to-traditional-limits-and-security-concerns
G.政府
銓敘部59萬筆文官個資外洩 監委調查
https://news.ltn.com.tw/news/politics/breakingnews/2852408
公務禁購 華為、中興、海康威視上黑榜
https://ec.ltn.com.tw/article/paper/1304118
福衛七號傳回第一筆資料 7個月後開放免費使用
http://bit.ly/2O0s5cG
驚!台中出現中國海康威視監視器 議員促拆光
https://news.ltn.com.tw/news/politics/breakingnews/2856574
海康威視入侵台中市 台灣大道沿線幾乎全淪陷
https://news.ltn.com.tw/news/politics/breakingnews/2856723
高雄市議會也用中國監視器 黃捷嘆:早就提醒過了
https://news.ltn.com.tw/news/politics/breakingnews/2857235
貿易戰助攻 工研院:台灣資安產值明年估550億
https://udn.com/news/story/7240/3936290
本土業者驚爆:還有很多公部門裝「中國天網」
https://news.ltn.com.tw/news/politics/breakingnews/2857356
不止台中地下道 業者︰中國監視器 瓜分台1/3大餅
https://m.ltn.com.tw/news/politics/paper/1304358
標準及測試規範
https://www.taics.org.tw/Validation04.aspx?validateType_id=14
108年第1季資通安全技術報告ー開放下載
http://bit.ly/2SnyRYJ
H.ICS/SCADA 工控系統
Schneider Electric ProClima 緩衝區錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6824
研究人員披露了西門子ICS軟件中的漏洞
https://www.easyaq.com/news/2147307135.shtml
I.教育訓練
工程師好用資源來了!超完整 Python 查詢表,程式碼複製貼上不用自己寫
https://buzzorange.com/techorange/2019/07/16/github-python-resources/
SSRF漏洞Bypass技巧
https://zhuanlan.zhihu.com/p/73736127
Windows Registry Forensics: Investigating the Registry for Evidence
https://netseedblog.com/security/windows-registry-forensics-investigating-the-registry-for-evidence/
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
心理戰也沒在怕!臉書與卡內基美隆大學共同打造的AI機器人擊敗5名德州撲克專家
https://ithome.com.tw/news/131822
網絡安全﹕智能家居設備的安全風險
http://bit.ly/30E0U9e
智慧城市危機?趨勢總經理洪偉淦:萬物聯網,代表萬物皆可被駭
https://www.cw.com.tw/article/article.action?id=5096080
SparkLabs Taipei 第二屆 Demo Day,集結 AI、IoT、區塊鏈新創
https://technews.tw/2019/07/18/sparklabs-taipei-second-time-demo-day-for-startup/
How a Big Rock Revealed a Tesla XSS Vulnerability
https://www.bankinfosecurity.com/blogs/how-big-rock-revealed-tesla-xss-vulnerability-p-2772
Leak Confirms Google Speakers Often Record Without Warning
https://www.bankinfosecurity.com/blogs/leak-confirms-google-speakers-often-record-without-warning-p-2771
How Will Companies Deploy Industrial IoT Security Solutions
https://blog.trendmicro.com/how-will-companies-deploy-industrial-iot-security-solutions/
6.近期資安活動及研討會
HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
https://www.accupass.com/event/1906050355291064968019
HackingThursday 固定聚會 7/25
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/
新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站 7/26
https://ievents.iii.org.tw/eventS.aspx?t=0&id=547
2019扭轉資安營運研討會 7/26
https://www.netfos.com.tw/event/2019event/20190726netfos/20190726-NETFOS-seminar-reg.html
CDX2.0推廣活動 - 台南場次 7/26
https://nchc-cdx.kktix.cc/events/cdxactivity-0726
Agile Hsinchu 七月聚會: 當領域驅動上了雲 7/27
https://agilecommtw.kktix.cc/events/dddcloud
The Virus Bulletin Conference 2019 8/1
https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/
資安事件調查實務(上) 8/2
https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I
資安事故處理實務課程 8/7 ~ 8/8
http://bit.ly/2VW0Lv9
DEF CON 27 2019/8/8–8/11
https://www.defcon.org/
大數據軟體開發平台與AI(人工智慧)開發應用案例 8/9
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3805&from_course_list_url=homepage
數位鑑識處理實務 8/14 ~ 8/15
http://bit.ly/2VW0Lv9
108 年度臺灣學術網路危機處理中心資安巡迴研討會 -資安趨勢暨網路安全概要 8/19 ~ 8/27
http://www.hssh.tp.edu.tw/ezfiles/1/1001/attach/42/pta_17520_7551835_06329.pdf
台灣駭客年會 HITCON Summer Training 2019 - 學生報名 2019-08-19 ~ 2019-08-22
https://www.accupass.com/event/1906050919271598677460
ᅵYahoo奇摩電商專題講座ᅵ 我們與詐騙的距離_電商不可承受的資安之重 8/21
https://www.accupass.com/event/1906120307261445013215
WEB應用滲透測試 8/21 ~ 8/23
https://www.accupass.com/event/1904080221358963463590
台灣駭客年會 HITCON Community 2019 2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8)
https://www.accupass.com/event/1906040921594609934250
數位政府高峰會 2019 8/28
https://egov.ithome.com.tw/
ModernWeb 19 8/28 ~ 8/29
https://modernweb.tw/
資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」 8/29 ~ 8/30
http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==
108年資安職能訓練-行動裝置安全(8/29-8/30)
https://cee.ksu.edu.tw/recruitinfo/1443.html
2019 NGO 資安種子講師訓練 8/29
https://ocftw.kktix.cc/events/cscs2019tot
交通大學亥克書院-B022:基礎網頁安全與滲透測試<新竹場次> 9/7
https://hackercollege.nctu.edu.tw/?p=1079
【AWS資安】Security Engineering on AWS高級課程 9/9 ~ 9/11
https://www.accupass.com/event/1905150854571147685105
CDX2.0推廣活動 - 台北場次 9/10
https://nchc-cdx.kktix.cc/events/cdxactivity-0910
Kubernetes Summit 9/11
https://summit.ithome.com.tw/kubernetes/
資策會開辦「認證系統安全從業人員 SSCP 輔導班」2019/9/21
https://ithome.com.tw/pr/131772
交通大學亥克書院-A011:入侵行為發覺與應變指南 9/21
https://hackercollege.nctu.edu.tw/?p=1082
TANET 2019 - 臺灣網際網路研討會 9/25
https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310
交通大學亥克書院-B022:基礎網頁安全與滲透測試 9/28
https://hackercollege.nctu.edu.tw/?p=1084
HITB+ CYBER WEEK 2019/10/12 ~17
https://d2p.hitb.org/
交通大學亥克書院-A006:數位足跡追蹤與分析 10/19
https://hackercollege.nctu.edu.tw/?p=1088
Splunk .conf 19 10/21 ~ 10/24
https://conf.splunk.com/
AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22
https://ittraining.kktix.cc/events/aiot-training-2019
Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019
https://www.icscybersecurityconference.com
交通大學亥克書院-A015:進階網頁滲透測試 10/26
https://hackercollege.nctu.edu.tw/?p=1090
交通大學亥克書院-P006:高階網頁滲透測試 11/16
https://hackercollege.nctu.edu.tw/?p=1092
交通大學亥克書院-B015:惡意程式檢測 11/30
https://hackercollege.nctu.edu.tw/?p=1098
交通大學亥克書院-A018:企業網域控管-Active Directory攻擊與防禦 12/14
https://hackercollege.nctu.edu.tw/?p=1094
Japan Security Analyst Conference
https://jsac.jpcert.or.jp/
沒有留言:
張貼留言