跳到主要內容

資安事件新聞週報 2019/8/19 ~ 2019/8/23

資安事件新聞週報  2019/8/19  ~  2019/8/23

1.重大弱點漏洞/後門/Exploit/Zero Day
卡巴斯基殺毒軟件被曝出用戶上網痕跡洩露漏洞
https://zhuanlan.zhihu.com/p/78480931

被HTTP/2漏洞拖累,所有Kubernetes版本受影響
https://www.kubernetes.org.cn/5746.html

UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks
https://www.zdnet.com/article/uk-cybersecurity-agency-warns-devs-to-drop-python-2-due-to-looming-eol-security-risks/#ftag=RSSbaffb68

npm撤下含有可竊取登入憑證的bb-builder套件
https://www.ithome.com.tw/news/132572

npm Pulls Malicious Package that Stole Login Passwords
https://www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/

The NPM package that walked away with all your passwords
https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords

IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10964780

JVNVU#98790275 Apache HTTP Web Server 2.4 における複数の脆弱性に対するアップデート
https://jvn.jp/vu/JVNVU98790275/

思科智慧網路交換器存在重大漏洞
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16283

思科產品多個漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190816-ftd-srb
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190816-ftd-nspd
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190816-ftd-null
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190816-ftd-http

思科 Webex Meetings Mobile 資料洩露漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-webex-ssl-cert

FreeBSD 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5611

Unpatchable security flaw found in popular SoC boards
https://www.zdnet.com/article/unpatchable-security-flaw-found-in-popular-soc-boards/

DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution
https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html

FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
https://www.exploit-db.com/exploits/47288

FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
https://www.exploit-db.com/exploits/47287

Webmin 0day遠程代碼執行
http://t.cn/AiQPhDKp

Webmin 0day remote code execution
https://blog.firosolutions.com/exploits/webmin/

Debian Linux漏洞通告
http://t.cn/AiQPhDNm

SilverSHielD 6.x 提權漏洞
http://t.cn/AiQPhDjb

Gentoo linux 命令執行漏洞
http://t.cn/AiQPhDH5

Integria IMS 5.0.86 – 任意文件上傳
http://t.cn/AiQPhD88

Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online
https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html

Vulnerability Patched in Firefox Password Manager
https://www.securityweek.com/vulnerability-patched-firefox-password-manager

Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again
https://thehackernews.com/2019/08/libreoffice-patch-update.html

New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections
https://thehackernews.com/2019/08/bluetooth-knob-vulnerability.html

使用WinServer用戶注意:新蠕蟲漏洞來襲需立即修復
https://kknews.cc/code/mlqo5eg.html

Unit 42 Named Top Zero-Day Vulnerability Contributor by Microsoft
https://blog.paloaltonetworks.com/2019/08/unit-42-named-top-zero-day-vulnerability-contributor-microsoft/

Microsoft makes Notepad a separate Store app starting with new Windows 10 20H1 test build
https://zd.net/2ZeeHC2

Microsoft: These Windows 10 updates fix broken Visual Basic apps but not for 1903
https://www.zdnet.com/article/microsoft-these-windows-10-updates-fix-broken-visual-basic-apps-but-not-for-1903/

Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again
https://thehackernews.com/2019/08/libreoffice-patch-update.html

Vulnerability Spotlight: Multiple bugs in OpenWeave and Nest Labs Nest Cam IQ indoor camera
https://blog.talosintelligence.com/2019/08/vuln-spotlight-nest-camera-openweave-aug-2019.html

Gitlab多個高危漏洞安全預警(CVE-2019-14942/14943/14944)
https://www.huaweicloud.com/notice/2018/20190820154152650.html

OAuth2 Client extension for MediaWiki 跨站請求偽造漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15150

Researcher publishes second Steam 0-day after getting banned on Valve's bug bounty program
https://www.zdnet.com/article/researcher-publishes-second-steam-0-day-after-getting-banned-on-valves-bug-bounty-program/#ftag=RSSbaffb68

Severe Flaws in Kubernetes Expose All Servers to DoS Attacks
https://www.bleepingcomputer.com/news/security/severe-flaws-in-kubernetes-expose-all-servers-to-dos-attacks/

Adobe Acrobat 與 Adobe Reader 被發現多個安全漏洞
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5103

第二個 Steam 0-day 漏洞,對近億 Windows 平台玩家造成資安威脅
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=914

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
銀行業金融創新與金融詐騙僅一步之遙
https://www.jishuwen.com/d/2wOJ/zh-tw

國泰世華銀行網銀密碼調整為6~16位英數混合密碼,適用於網路銀行及行動銀行
https://www.cathaybk.com.tw/cathaybk/personal/news/announcement/2019/0818-1AnnounceInfo/

國泰世華銀行網路銀行電子郵件驗證通知
https://www.cathaybk.com.tw/cathaybk/personal/news/announcement/2019/0817AnnounceInfo/

信用卡多幣和全幣種的區別以及好處
https://twgreatdaily.com/dGecm2wBvvf6VcSZ2o-n.html

中國財經媒體報道匯總:網信證券被遼寧證監局託管
https://on.wsj.com/2zbdrFg

中國央行頻頻發聲!官方將如何管理央行數位貨幣
http://news.knowing.asia/news/89ff45d0-a830-4de2-b275-4137cce99b48

亞太防制洗錢組織 肯定期貨證券金融業努力成果
https://money.udn.com/money/story/5613/4000920

數萬信用卡客戶被錯收年費 西太銀行退款道歉
http://www.epochtimes.com/b5/19/8/21/n11466810.htm

「數字人民幣」初露真容:非虛擬貨幣,非網路支付和電子錢包
https://news.sina.com.tw/article/20190821/32384568.html

Apple Card安全偵測有玄機 16位數卡號供萬事達卡與高盛識別...若遭破解立刻終止
https://www.ettoday.net/news/20190821/1517962.htm

林坤正:純網銀的戰略思考
https://www.wealth.com.tw/home/articles/21941

網釣問題是電商詐欺管理的最大挑戰,新一代3DS 2.0驗證成未來焦點
https://www.ithome.com.tw/news/132552

金融攜手電信產業 大數據互補延伸應用
https://taronews.tw/2019/08/21/441196/

「刷臉」存取款機在湖北亮相 年底覆蓋全省
https://news.sina.com.tw/article/20190823/32416192.html

俄羅斯駭客組織攻擊全球30國銀行掠財,台灣為亞洲首要目標
https://www.ithome.com.tw/news/132556

防盜刷!刷卡消費逾5000元 銀行須強制發簡訊通知
https://news.cnyes.com/news/id/4370654

美國銀行Capital One遭駭客入侵
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16279

ECB示警銀行業高層須對遭駭客入侵等IT風險達成共識
http://bit.ly/2MqwcgE

ECB shuts down one of its websites after hacker attack
https://finance.yahoo.com/news/ecb-shuts-down-one-websites-163822588.html

Bluetana App Quickly Detects Hidden Bluetooth Card Skimmers at Gas Pumps
https://thehackernews.com/2019/08/credit-card-skimmer-detector.html

Silence Advanced Hackers Attack Banks All Over the World
https://www.bleepingcomputer.com/news/security/silence-advanced-hackers-attack-banks-all-over-the-world/

'Silence' Gang Ramps Up Bank Assaults
https://www.bankinfosecurity.com/silence-gang-ramps-up-bank-assaults-a-12944

3.電子支付/電子票證/行動支付/ pay/新聞及資安
20190815(簡報)國家發展委員會:「加速行動支付普及進度與成果」
https://www.slideshare.net/OpenMic1/20190815-163924231

非洲手機行動支付業務蓬勃發展
https://www.trademag.org.tw/page/newsid1/?id=752552&iz=6

南非電信公司MTN將恢復在南非推出行動支付服務
https://www.trademag.org.tw/page/newsid1/?id=752551&iz=6

莫迪連任后再訪不丹:揭牌衛星地面接收站,推廣印版電子支付
https://news.sina.com.tw/article/20190819/32368874.html

WhatsApp進軍印尼行動支付 傳與當地3大Fintech公司合作
https://news.cnyes.com/news/id/4369496

即時支付系統處理港元交易日均達1萬億元
https://www.finet.hk/newscenter/news_content/5d5b9d6fbde0b3718d7075e8

挾900萬會員優勢 遠東集團推HAPPY GO Pay
http://bit.ly/2TQM4tR

PokerTracker.com Hacked to Inject Payment Card Stealing Script
https://www.bleepingcomputer.com/news/security/pokertrackercom-hacked-to-inject-payment-card-stealing-script/

Website Blocking  ajaxclick.com
https://forums.malwarebytes.com/topic/250401-ajaxclickcom/

4.虛擬貨幣/區塊鍊   新聞及資安
Coinbase 披露密碼漏洞:近 3,500 名潛在客戶受影響
https://blockcast.it/2019/08/19/coinbase-disclosed-potential-password-vulnerability/

再有交易所被爆洩漏用戶個資!火幣回應:跟幣安情況不同
https://blockcast.it/2019/08/16/dark-web-market-selling-huobi-users-information/

英國一名 19 歲駭客「竊個資賺比特幣」,現在被判刑 20 個月
https://www.blocktempo.com/man-offering-hacking-services-for-bitcoin-gets-20-month-jail-sentence/

交易所安全漏洞的根本原因
https://bihu.com/article/1411380804/page/1

感受到威脅?美國政府為了這四大原因決定對比特幣下禁令
http://news.knowing.asia/news/7904a39e-b8a3-4458-b90c-5a866f260dc7

麥基諾橋代幣將於9月停止使用
http://www.epochtimes.com/b5/19/8/17/n11459282.htm

支付寶、微信支付的終結者來了,央行即將發行區塊鏈數字貨幣
http://www.sohu.com/a/334403479_455111

肖磊:中國官方數字貨幣將會在深圳誕生
https://news.sina.com.tw/article/20190820/32371076.html

凱基證券子公司結盟美國網路券商 線上交易平台可投資加密貨幣
https://www.ettoday.net/news/20190820/1517103.htm

2027年比特幣將被攻破?量子技術窮追不捨
http://news.knowing.asia/news/33626849-d249-46c6-83a7-f824d530f19e

這三國的加密貨幣交易所最近都過得不太好,這代表著什麼
http://news.knowing.asia/news/766b36fb-94a4-471e-ad38-2b018051d346

銀行與大企業不得不正視的區塊鏈浪潮,是炒作?還是未來主流
https://cnews.com.tw/147190820a01/

被盜的加密貨幣如何被「洗白」?這裡有幾種可能的途徑
http://news.knowing.asia/news/ca5ab5f6-b4d5-447a-875a-149d6c912d6f

Coinbase公開承認:因註冊漏洞導致3420名用戶信息洩露
https://www.jinse.com/blockchain/444220.html

歐洲聯盟反壟斷部門據報正查facebook虛擬貨幣項目
http://bit.ly/30xmFrm

柯文哲參訪 MaiCoin 實體店,為「碳權 STO」站台
https://www.inside.com.tw/article/17278-Taipei-Mayor-show-up-at-maicoins

MaiCoin集團一手推碳權ICO 一手辦帳聯網望金融大餅
https://www.chinatimes.com/realtimenews/20190821004686-260410?chdtv

央行20天三次「發聲」談數字貨幣
https://news.sina.com.tw/article/20190822/32397358.html

210名客戶帳密流出! 幣寶台灣告日本BITPoint索賠3億
https://ec.ltn.com.tw/article/breakingnews/2892796

兩名竊賊偷走華盛頓一家購物中心的比特幣ATM
https://news.sina.com.tw/article/20190823/32417864.html

Moscow's blockchain voting system cracked a month before election
https://www.zdnet.com/article/moscows-blockchain-voting-system-cracked-a-month-before-election/#ftag=RSSbaffb68

SEC charges rating service $269,000 for hiding ICO touting payments
https://www.zdnet.com/article/sec-charges-initial-coin-offering-rating-service-269000-for-hiding-advertising-payments/#ftag=RSSbaffb68

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
數位相機WiFi聯網 可能遭惡意軟體攻擊
http://bit.ly/2Z6gGbG

騰訊QQ升級程序存在漏洞被利用植入後門病毒
https://bbs.pediy.com/thread-253986.htm

騰訊QQ/TIM全系列產品升級程序存在漏洞被攻擊者植入病毒推送給用戶
https://www.landiannews.com/archives/62890.html

網路勒索猖狂 各市政府擬投保
http://bit.ly/33CPZPr

超過20個德州政府機構遭到勒索軟體攻擊
https://www.ithome.com.tw/news/132486

美國德克薩斯州信息資源部(DIR)20個當地政府實體遭受網絡攻擊
http://t.cn/AiQPhD5b

Shade活躍,中國將成為下一個受害者
https://www.freebuf.com/articles/system/210577.html

破壞性惡意軟體攻擊日益劇增
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16282

警惕新型Android勒索軟件
https://www.freebuf.com/articles/terminal/209895.html

First‑of‑its‑kind spyware sneaks into Google Play
https://www.welivesecurity.com/2019/08/22/first-spyware-android-ahmyth-google-play/

Open-source spyware makes it on the Google Play Store
https://www.zdnet.com/article/open-source-spyware-makes-it-on-the-google-play-store/#ftag=RSSbaffb68

Ransomware wave hits 23 towns in Texas
https://www.welivesecurity.com/2019/08/20/ransomware-attack-hits-texas/

Ransomware attacks hit 1 in 5 Americans
https://www.helpnetsecurity.com/2019/08/19/ransomware-attacks-americans/

Over 20 Texas local governments hit in 'coordinated ransomware attack'
https://www.zdnet.com/article/at-least-20-texas-local-governments-hit-in-coordinated-ransomware-attack/#ftag=RSSbaffb68

'Coordinated Ransomware Attack' in Texas Hits 23 Local Governments
https://www.bleepingcomputer.com/news/security/coordinated-ransomware-attack-in-texas-hits-23-local-governments/

CB TAU Threat Intelligence Notification: Trickbot Banking Trojan Continues to Evolve
https://www.carbonblack.com/2019/08/16/cb-tau-threat-intelligence-notification-trickbot-banking-trojan-continues-to-evolve/

QxSearch hijacker fakes failed installs
https://blog.malwarebytes.com/pups/2019/08/qxsearch-hijacker-fakes-failed-installs/

Norman: new malware that mines Monero
https://en.cryptonomist.ch/2019/08/16/norman-malware-mines-monero/

Backdoor found in Webmin, a popular web-based utility for managing Unix servers
https://www.zdnet.com/article/backdoor-found-in-webmin-a-popular-web-based-utility-for-managing-unix-servers/#ftag=RSSbaffb68

Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response
http://bit.ly/2MrZkV0

Backdoor code found in 11 Ruby libraries
https://www.zdnet.com/article/backdoor-code-found-in-11-ruby-libraries/#ftag=RSSbaffb68

UK Police Investigations Still Affected by Ransomware Attack
https://www.bankinfosecurity.eu/uk-police-investigations-still-affected-by-ransomware-attack-a-12936

Czech security experts detect dangerous banking viruses
https://newsfounded.com/czechrepubliceng/czech-security-experts-detect-dangerous-banking-viruses/

Cybersecurity: This trojan malware being offered for free could cause hacking spike
https://www.zdnet.com/article/cybersecurity-this-trojan-malware-being-offered-for-free-could-cause-hacking-spike/

23 state agencies across Texas succumb to a ‘coordinated ransomware attack’ (Updated)
https://thenextweb.com/security/2019/08/19/23-state-agencies-across-texas-succumb-to-a-coordinated-ransomware-attack/

Cybersecurity: This trojan malware being offered for free could cause hacking spike
https://www.zdnet.com/article/cybersecurity-this-trojan-malware-being-offered-for-free-could-cause-hacking-spike/

Fake VPN Website Delivers Banking Trojan
https://www.bankinfosecurity.com/fake-vpn-website-delivers-banking-trojan-a-12940

Backdoor Found in Utility for Linux, Unix Servers
https://threatpost.com/backdoor-found-in-utility-for-linux/147581/

A botnet has been cannibalizing other hackers' web shells for more than a year
https://www.zdnet.com/article/a-botnet-has-been-cannibalizing-other-hackers-web-shells-for-more-than-a-year/#ftag=RSSbaffb68

Coordinated Ransomware Attack in Texas Seen as Escalation From Prior Hacks
https://www.nextgov.com/cybersecurity/2019/08/coordinated-ransomware-attack-texas-seen-escalation-prior-hacks/159329/

2019-08-21 - URSNIF INFECTION WITH TRICKBOT
https://www.malware-traffic-analysis.net/2019/08/21/index.html

B.行動安全 / iPhone / Android /穿戴裝置 /App
充電用這條「Lightning線」 一插駭客就能偷你資料
https://udn.com/news/story/7086/3996129

標榜最安全Face ID可被輕鬆破解?竟只需一副眼鏡跟一段「這個」
https://cnews.com.tw/134190818a01/

藍牙被發現存在資安漏洞,駭客可隔空截取裝置資訊
https://technews.tw/2019/08/19/bluetooth-device-flaw-hackers-vulnerability/

KNOB藍牙漏洞可弱化加密,致裝置通訊內容外洩被竄改
https://www.ithome.com.tw/news/132485

藍牙被發現存在保安漏洞 駭客可隔空截取裝置資訊
https://unwire.hk/2019/08/18/bluetooth-device-flaw-hackers-vulnerability/fun-tech/

藍芽傳輸漏洞! 技術聯盟:改長密碼即可解
https://www.limedia.tw/tech/9898/

旋鈕安全漏洞利用藍牙加密貨幣密鑰
https://0xzx.com/201908200323230053.html

蘋果提告提供完全擬真iOS模擬器的公司Corellium 認為程式碼、圖像、介面都涉侵權
https://www.cool3c.com/article/147092

有些東西千萬不能借!資安專家:充電線超危險
https://www.cheers.com.tw/article/article.action?id=5095078&eturec=1

新App可偵測加油機信用卡惡意盜刷
http://bit.ly/2TSUmS5

色人夫用iPhone看「最強國中生外流片」…喊+1後被綁架 獨家功能成漏洞
https://www.ettoday.net/news/20190820/1516743.htm

果粉注意了!iOS 12.4系統遭黑客破解,漏洞危及數百萬用戶
https://www.lieyunwang.com/archives/458037

APP泛濫浪費資源存隱憂莫讓「便民」利器成「擾民」工具
https://news.sina.com.tw/article/20190821/32383416.html

85款ANDROID拍照與遊戲的假APP!下載蓋版惡意廣告
https://www.mygopen.com/2019/08/85-android-app.html

85 款假冒拍照軟體與遊戲的App ,誘使Android用戶下載蓋版惡意廣告, 累計安裝超過 800 萬次
https://blog.trendmicro.com.tw/?p=61756

駭客通過簡單地發送文本即可闖入你的蘋果設備
https://www.bannedbook.org/bnews/zh-tw/fanqiang/20190821/1178200.html

安卓APP安全漏洞測試如何對APP安全進行全方位的漏洞檢測
https://cloud.tencent.com/developer/article/1491528

安卓新作業系統為「Android 10」!告別甜點命名
https://tw.lifestyle.appledaily.com/gadget/realtime/20190823/1621332/

駭客公開最新 iOS 12.4 越獄破解資訊
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=912

Researchers were able to detect what is typed using just a smartphone

USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$
http://bit.ly/2NbB8Wl

Bluetana App allows detecting Bluetooth card skimmers in just 3 seconds
https://securityaffairs.co/wordpress/90050/cyber-crime/bluetana-bluetooth-card-skimmers.html

Bluetana App Quickly Detects Hidden Bluetooth Card Skimmers at Gas Pumps
https://thehackernews.com/2019/08/credit-card-skimmer-detector.html

Researchers were able to detect what is typed using just a smartphone
https://www.helpnetsecurity.com/2019/08/19/smartphone-intercept-typing/

Adware Posing as 85 Photography and Gaming Apps on Google Play Installed Over 8 Million Times
http://bit.ly/2P61age

iPhone holes and Android malware – how to keep your phone safe
https://nakedsecurity.sophos.com/2019/08/16/iphone-holes-and-android-malware-how-to-keep-your-phone-safe/

Malicious Android photography, gaming apps downloaded 8 million times from Google Play
https://www.zdnet.com/article/malicious-android-photography-gaming-apps-downloaded-8-million-times-from-google-play/#ftag=RSSbaffb68

how to keep your smartphone safe
https://www.abacusnews.com/digital-life/how-protect-your-smartphone-data-when-border-agents-ask-your-phone/article/3023435

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
非法監視無所不在? 美國女駭客推「滿版車牌T」擾亂自動辨識
http://bit.ly/2KVogAM

中國玩家還能翻牆玩嗎?Valve:一切依法行政
https://newtalk.tw/news/view/2019-08-22/289090

網銷藥物漏洞多 藥品管理法將加強監管
https://hk.on.cc/hk/bkn/cnt/cnnews/20190822/bkn-20190822140627441-0822_00952_001.html

面臨網路間諜和駭客威脅 資安防禦因應挑戰
https://money.udn.com/money/story/10860/4004605

俄國駭客利用IoT裝置入侵企業網路
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16281

美學者警告:網路攻擊的危害與核子戰爭相等
https://news.ltn.com.tw/news/world/breakingnews/2889367

新型攻擊形式:駭客如何利用無人機接管你家電視
https://www.bannedbook.org/bnews/zh-tw/fanqiang/20190820/1177864.html

中國第一女駭客,以前1天崩潰兩千臺計算機,如今怎麼樣了
https://ek21.com/news/tech/122327/

APT41網路間諜和駭客威脅者 已讓全球各產業造成嚴重傷害
https://news.wearn.com/c305323.html

中國駭客可能正在竊取你的健康資訊
https://www.rti.org.tw/news/view/id/2031751

資安公司火眼:中國駭客正對美國癌症研究機構下手
https://ec.ltn.com.tw/article/breakingnews/2892242

研究報告指網絡安全防禦不足 容易令供應鏈被入侵
https://unwire.pro/2019/08/19/sophos-impossible-puzzle-of-cybersecurity/security/

美國一位宅宅工程師將車牌申請為「NULL」,結果全國辨識不清的違規罰單都找到了一個家
http://bit.ly/2KHzYQR

旅行時途中如何避免發生網路安全糾紛
https://blog.trendmicro.com.tw/?p=61553

從供應鏈到電子郵件,從行動設備到雲端,任何環境都難逃網路攻擊
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv&aid=8752&pages=1

精通C語言的黑客有多厲害?網友:能黑學習網站嗎?不要太簡單
https://kknews.cc/tech/empbjjy.html

跨國共享工作空間 WeWork,在全球各地竟使用相同的易猜測 Wi-Fi 密碼
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=913

拼多多協助警方打擊網路黑灰產 15人落網凍結800多萬
https://news.sina.com.tw/article/20190819/32360342.html

網路黑產無孔不入:暗網助長犯罪 溝通隱蔽難以追查
https://news.sina.com.tw/article/20190817/32346272.html

北京資訊戰現形 台灣防火牆在哪
https://tw.appledaily.com/new/realtime/20190822/1620582/

twitter 大戰中國網軍!?解密被刪帳號資料集
https://www.readr.tw/post/2013

Capital One女駭客 疑駭過30多家公司
http://bit.ly/2z2mLvh

網絡攻擊瞄準個人銀行,談談5個典型攻擊手段
https://www.freebuf.com/articles/network/211150.html

周鴻禕:未來網路戰將成戰爭首選 必須用作戰角度看待
https://news.sina.com.tw/article/20190819/32361268.html

360進軍政企安全市場,周鴻禕:構建國家級網路攻防體系
https://news.sina.com.tw/article/20190819/32363072.html

美中技術霸主爭奪戰的暗黑戰場
https://www.wealth.com.tw/home/articles/21838

美售F-16V!學者:下步是網路戰
http://bit.ly/2P7fMvN

美國司法部長呼籲業者為產品加入存取加密資料後門
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16280

美國強化 .gov網域之DNS安全性
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16278

全球已有超220支網路戰部隊 國家級黑客力量入場
http://bit.ly/2KKTc82

全球監控最嚴密10大城 中國占8個 重慶居首
https://udn.com/news/story/6809/3999078

英國資安網站:預估2020年每兩個中國人被一台監視器監控
http://bit.ly/2NkTkgq

中共滲透 澳前防長:高校面臨網絡安全威脅
http://www.epochtimes.com/b5/19/8/20/n11465900.htm

中國大陸深圳再次被委以重任:接下來要幹這三十件大事
http://www.hkcna.hk/content/2019/0819/780311.shtml

中國大陸互聯網安全大會今開幕 5G元年直面資安挑戰
https://www.chinatimes.com/realtimenews/20190819001026-260410?chdtv

美國前資安官員:好萊塢誇大了駭客的能耐
https://technews.tw/2019/08/21/former-us-security-intelligent-office-says-hollywood-dramatize-hackers-ability/

美國防部採購陸辦公用品 美議員:威脅國安
https://www.chinatimes.com/realtimenews/20190823001403-260409?chdtv

美國海關電腦系統大當機 機場入境處擠爆
https://www.ttv.com.tw/news/view/10808170011300N/575

美國海關電腦停止運作 多個機場旅客大排長龍
http://bit.ly/2KQwLxb

加拿大國家安全情報局報告指出:加國經濟安全威脅風險增加
https://www.trademag.org.tw/page/newsid1/?id=752465&iz=6

報導:華為協助烏干達政府竊聽政敵通訊
https://www.ithome.com.tw/news/132460

中共涉對德國大規模工業間諜 德國正調查
http://bit.ly/2NjOHms

【諜戰疑雲】中國被指大規模刺探德國情報 為達2025計劃
http://bit.ly/2OZNBPd

中國駭客入侵印度醫療網 竊取68萬個資兜售
https://newtalk.tw/news/view/2019-08-23/289586

繞過美國安檢查 中共被曝換手法獲取美技術
https://www.ntdtv.com/b5/2019/08/21/a102648702.html

國際產經:美國新成立網路安全機構CISA,視中國為最大戰略風險來源
http://bit.ly/33OWjDD

前以色列信息安全局長:曾有很多黑客想攻破我們的防禦系統
https://news.sina.com.tw/article/20190819/32361038.html

哈薩克網路審查 Google等科技巨頭集體制裁
https://news.ltn.com.tw/news/world/breakingnews/2891805

哈薩克政府發行會竊密的根憑證,遭各大瀏覽器聯手封鎖
https://www.ithome.com.tw/news/132557

哈薩克政府監控民眾 Firefox、Chrome、Safari聯手封鎖
http://www.limedia.tw/comm/10037/

For Sale on Cybercrime Markets: Real 'Digital Fingerprints'
https://www.bankinfosecurity.com/for-sale-on-cybercrime-markets-real-digital-fingerprints-a-12943

With Great Power Comes Great Threats: Cybersecurity In A World Dependent On Technology
https://wcit2019.org/blog/with-great-power-comes-great-threats-cybersecurity-in-a-world-dependent-on-technology

UK hacker-for-hire jailed for role in SIM-swapping attacks, data theft
https://www.zdnet.com/article/british-hacker-for-hire-jailed-for-role-in-sim-swapping-attacks-data-theft/#ftag=RSSbaffb68

Red teaming: Why a forward offense is the best defense
https://www.helpnetsecurity.com/2019/08/19/red-teaming/

Singapore to feel impact of China-US trade dispute if prolonged
https://www.zdnet.com/article/singapore-to-feel-impact-of-china-us-trade-dispute-if-prolonged/#ftag=RSSbaffb68

Degrading Tor network performance only costs a few thousand dollars per month
https://www.zdnet.com/article/degrading-tor-network-performance-only-costs-a-few-thousand-dollars-per-month/#ftag=RSSbaffb68

Hacking Back: To Do or Not To Do
https://innovate.ieee.org/innovation-spotlight/hacking-back-counter-attack/

Both the U.S. and Russia Are Stalking the World's Undersea Cables
https://interestingengineering.com/both-the-us-and-russia-are-stalking-the-worlds-undersea-cables

Google wants to reduce lifespan for HTTPS certificates to one year
https://www.zdnet.com/article/google-wants-to-reduce-lifespan-for-https-certificates-to-one-year/#ftag=RSSbaffb68

Cloud security is too important to leave to cloud providers
https://www.zdnet.com/article/cloud-security-is-too-important-to-leave-to-cloud-providers/#ftag=RSSbaffb68

U.S. CyberDome Poised to Protect 2020 Elections
https://www.bankinfosecurity.com/interviews/us-cyberdome-poised-to-protect-2020-elections-i-4420

The pointless puppetry of national security's parliamentary processes
https://www.zdnet.com/article/the-pointless-puppetry-of-national-securitys-parliamentary-processes/#ftag=RSSbaffb68

Police site DDoSer/bomb hoaxer caught after jeering on social media
https://nakedsecurity.sophos.com/2019/08/16/police-site-ddoser-bomb-hoaxer-caught-after-jeering-on-social-media/

Twitter bans 936 accounts managed by the Chinese state, aimed at Hong Kong protests
https://www.zdnet.com/article/twitter-bans-936-accounts-managed-by-the-chinese-state-aimed-at-hong-kong-protests/#ftag=RSSbaffb68

Apple, Google, and Mozilla block Kazakhstan's HTTPS intercepting certificate
https://www.zdnet.com/article/apple-google-and-mozilla-block-kazakhstans-https-intercepting-certificate/#ftag=RSSbaffb68

Cancer research organizations are now the focus of Chinese hacking groups
https://www.zdnet.com/article/cancer-research-organizations-become-the-new-focus-of-chinese-hacking-groups/#ftag=RSSbaffb68

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
臉書未提醒資安危機!「帳戶連動」遭駭風險大
https://news.ltn.com.tw/news/life/breakingnews/2886594

提款機駭客被控詐領$125,000
https://www.lvcnn.com/news.php?id=27521

【存款失竊案】工行銀行卡離奇集體被盜款 四川酒廠30員工失$42萬
https://hk.news.appledaily.com/china/realtime/article/20190817/59941308

數十億的記錄曝光:2019年有望成為數據洩露最糟糕的一年
http://t.cn/AiQ7TDEB

【錯誤】網傳「使用提款機的時候,為免有人預裝了盗取密碼的程式,在插入你的信用卡前,先按取消鍵兩次...」
http://bit.ly/31KgAbq

網路交友陷阱多 求證警方免遭騙
https://www.101newsmedia.com/news/51700

冒蘋果電腦盤商騙櫃姐上億 百貨樓管40罪判22年
http://bit.ly/2MpHCBb

又現殺熟!山東臨沂一男子信用卡被盜刷7萬,不料竟是朋友作案
https://twgreatdaily.com/zWcim2wBvvf6VcSZ0j4J.html

外媒:快樂的人更易遭到網路釣魚攻擊
https://news.sina.com.tw/article/20190818/32351138.html

山東警方破獲特大網路直播平台詐騙案
https://news.sina.com.tw/article/20190818/32353342.html

透視詐騙動畫微電影 解析犯罪手法防受害
https://www.cna.com.tw/news/asoc/201908170054.aspx

Chrome 插件密碼安全檢查報告 1.5% 用戶使用被洩密碼
http://bit.ly/2zbc9dz

中國北京警方破獲500多起電信網絡詐騙案代辦信用卡類詐騙最為突出
http://news.cctv.com/2019/08/18/ARTIOxiUGdAT3pO75Ms3bnTU190818.shtml

我國刑事局偵破詐欺車手集團 逮21嫌送辦
https://udn.com/news/story/7321/3997655

渣男誆幫下架性愛片 正妹相親1個月被騙142萬
https://tw.appledaily.com/local/realtime/20190818/1617334/

「猜猜我是誰」車手集團21人落網 主嫌不知遭通緝返台下場慘
https://www.ettoday.net/news/20190819/1516504.htm

暹粒警方發布電子支付詐騙警告
https://tnaot.com/article/article_detail/1998304

詐騙集團首腦!6旬翁騙倒10多家銀行
http://bit.ly/2KGr9GS

女約網友吃宵夜要匯款 警成功攔阻詐騙
http://bit.ly/2zdiSUk

網路通訊軟體求職陷阱多 中彰投分署資安大使教民眾求職防詐騙
http://www.fingermedia.tw/?p=743970

中國銀行開戶強行蒐集指靜脈資料 專家:一旦外洩影響終生
https://tw.appledaily.com/new/realtime/20190821/1620412/

關於冒用人民銀行名義發行或推廣數字貨幣的風險提示
https://news.sina.com.tw/article/20190820/32377660.html

你所不知道的電信詐騙!臺灣民眾要注意那些手法專家告訴你
https://ithome.com.tw/news/132579

IG帳號遭冒名盜用 小甜甜「我很崩潰」
https://stars.udn.com/star/story/10091/4004497

德國萬事達遭駭 9萬個資全曝光
http://www.limedia.tw/comm/10069/

承諾用戶匿名使用的色情網站,大量洩漏用戶個資
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=911

US military veterans swindled out of millions by former army employee
https://www.zdnet.com/article/five-charged-over-fraud-swindling-of-us-military-personnel-and-veterans/#ftag=RSSbaffb68

This Week in Security News: Phishing Campaigns and a Biometric Data Breach
https://blog.trendmicro.com/this-week-in-security-news-phishing-campaigns-and-a-biometric-data-breach/

UK watchdog to investigate King's Cross facial recognition tech used to spy on public
https://www.zdnet.com/article/uk-watchdog-to-investigate-kings-cross-facial-recognition-tech-use-to-spy-on-public/#ftag=RSSbaffb68

Phishing Campaigns Imitating CEOs Bypass Microsoft Gateway to Target Energy Sector
https://cofense.com/phishing-campaigns-imitating-ceos-bypass-microsoft-gateway-target-energy-sector/

Hy-Vee issues warning to customers after discovering point-of-sale breach
https://www.zdnet.com/article/hy-vee-issues-warning-to-customers-after-discovering-point-of-sale-breach/#ftag=RSSbaffb68

Formjacking Now Accounts For Most Web Breaches
https://www.infosecurity-magazine.com/news/formjacking-now-accounts-for-most/

Hy-Vee issues warning to customers after discovering point-of-sale breach
https://www.zdnet.com/article/hy-vee-issues-warning-to-customers-after-discovering-point-of-sale-breach/#ftag=RSSbaffb68

FBI Arrests Nigerian Suspect in $11 Million BEC Scheme
https://www.bankinfosecurity.com/fbi-arrests-nigerian-suspect-in-11-million-bec-scheme-a-12932

Info of US troops in South Korea may have been stolen in massive hack of 1M credit cards
https://washex.am/2ZfzLMT

E.研究報告
挖洞經驗| 劫持任意Paypal企業賬戶子賬戶實現未授權轉賬操作
https://www.freebuf.com/vuls/210669.html

如何通過MD5反查身份證號
https://mlog.club/article/25992

Weblogic的任意文件讀取和任意文件上傳
https://www.freebuf.com/vuls/209858.html

【權限維持】Window下的幾種隱藏技術
https://mlog.club/article/26127

使用Web Intelligence對暗網進行端到端調查
http://t.cn/AiQPhDJO

通過可寫入的etcpasswd文件實現Linux提權
http://t.cn/AiHs5CPO

通過ARP流量傳輸後門有效負載並繞過AV檢測
http://t.cn/EfaAVRO

evil-winrm:Windows遠程管理(WinRM)Shell終極版
https://www.freebuf.com/sectool/210479.html

利用ICMP進行命令控制和隧道傳輸
https://www.freebuf.com/sectool/210450.html

利用CobaltStrike捆綁後門的藝術
https://www.freebuf.com/sectool/210416.html

淺談企業安全:安全規劃建設運營和職業發展
https://www.freebuf.com/articles/es/210925.html

等保2.0標準個人解讀(二):安全通信網絡
https://www.freebuf.com/articles/network/209588.html

通過可寫入的etcpasswd文件實現Linux提權
https://www.freebuf.com/articles/system/210425.html

以某家用攝像頭測評入手談物聯網智能家居安全
https://www.freebuf.com/articles/terminal/207584.html

CORS-Vulnerable-Lab:與COSR配置錯誤相關的漏洞代碼靶場
https://www.freebuf.com/sectool/209605.html

非常逼真的Office 365釣魚工具包分析
https://www.freebuf.com/sectool/209583.html

PivotSuite:使用被攻克的系統在網絡內部移動
https://www.freebuf.com/sectool/208966.html

如何通過Linux xxd命令進行提權
https://www.freebuf.com/articles/system/209638.html

看我如何突破JFinal黑名單機制實現任意文件上傳
https://www.freebuf.com/vuls/211327.html

CVE-2019-15107:webmin遠程命令執行漏洞預警
https://cert.360.cn/warning/detail?id=368b16578d758b03b168fd447494b0ad

Webmin<=1.920-Unauthenticated_RCE(CVE-2019-15107)利用測試
https://www.4hou.com/technology/19803.html

Advantech WebAccess 多個漏洞分析
https://paper.seebug.org/1017/

hadoop yarn漏洞 8088埠進入挖礦病毒處理記錄
https://www.itread01.com/content/1566316803.html

再探Stagefright漏洞——POC與EXP
http://www.tiejiang.org/24537.html

oracle TNS Listener遠程投毒(CVE-2012-1675)漏洞潛析、復現
https://xz.aliyun.com/t/6034

Linux 系統安全(五):網站安全與漏洞
https://www.jishuwen.com/d/2wNv/zh-tw

Google 家用攝像頭存在洩露相機數據的漏洞
http://www.360.cn/n/10953.html

VulnX:一款針對CMS 的漏洞檢測工具和自動Shell 注入工具
https://www.chainnews.com/articles/485263199893.htm

Kubernetes的嚴重漏洞將所有服務器暴露在DoS攻擊面前
http://netsecurity.51cto.com/art/201908/601671.htm

在Virtualbox中練習Solaris 10 x86漏洞的配置修補與利用
https://www.freebuf.com/articles/system/210700.html

業務安全漏洞挖掘歸納總結
http://www.tiejiang.org/24604.html

Amazon Inspector:基於雲的漏洞評估工具
https://www.freebuf.com/sectool/210586.html

A Malware Showcase Understanding Malware With Python
https://latesthackingnews.com/2019/08/23/a-malware-showcase-understanding-malware-with-python/

Adult Content Site Exposed Personal Data of 1M Users
https://threatpost.com/adult-content-site-exposed-personal-data-of-1m-users/147572/

Pyshark - Python Wrapper For Tshark, Allowing Python Packet Parsing Using Wireshark Dissectors
https://www.kitploit.com/2019/08/pyshark-python-wrapper-for-tshark.html

Router Network Isolation Broken By Covert Data Exfiltration
https://www.bleepingcomputer.com/news/security/router-network-isolation-broken-by-covert-data-exfiltration/

Goop - Google Search Scraper (Bypass CAPTCHA)
https://www.kitploit.com/2019/08/goop-google-search-scraper-bypass.html

Diaphora - The Most Advanced Free And Open Source Program Diffing Tool
https://www.kitploit.com/2019/08/diaphora-most-advanced-free-and-open.html

Hunting for PowerShell Abuse
https://speakerdeck.com/heirhabarov/hunting-for-powershell-abuse

Credential Stuffing Attacks vs. Brute Force Attacks
https://www.bankinfosecurity.com/blogs/credential-stuffing-attacks-vs-brute-force-attacks-p-2767

Invisi-Shell: Bypass all Powershell security features
https://securityonline.info/invisi-shell/

HRShell: HTTPS/HTTP reverse shell built with flask with advanced features
https://securityonline.info/hrshell-https-reverse-shell/

Serious Security: Phishing in the cloud – the freemium way
https://nakedsecurity.sophos.com/2019/08/20/serious-security-phishing-in-the-cloud-the-freemium-way/

F.商業
臉書Zoncolan除錯平台可在30分鐘內偵測逾1億行程式
https://www.ithome.com.tw/news/132496

網路安全企業加速產業布局 政企聯動共築安全生態
https://news.sina.com.tw/article/20190820/32369888.html

VMware確定收購Pivotal、加買資安公司Carbon Black
https://www.ithome.com.tw/news/132590

鉅晶國際正式成為Darktrace台灣區代理商
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000566555_rzp4qqix6sieul4rxnbfl

Google removes option to disable Nest cams’ status light
https://nakedsecurity.sophos.com/2019/08/16/google-removes-option-to-disable-nest-cams-status-light/

Microsoft won’t shift on AI recordings policy
https://nakedsecurity.sophos.com/2019/08/16/microsoft-wont-shift-on-ai-recordings-policy/

Microsoft makes Chromium-based Edge beta available for Windows and macOS
https://www.zdnet.com/article/microsoft-makes-chromium-based-edge-beta-available-for-windows-and-macos/#ftag=RSSbaffb68

Box adds native security controls to content management
https://www.zdnet.com/article/box-adds-native-security-controls-to-content-management/#ftag=RSSbaffb68

G.政府
擴大內需2.0版 政院百億上膛
http://bit.ly/2PiTzez

政院將訂資安禁購清單 學者看好:是國際趨勢
https://udn.com/news/story/6656/3997263?from=udn-ch1_breaknews-1-0-news

避「逢中必反」罵名 公務資通產品禁購清單再等等
https://money.udn.com/money/story/5648/3997256

科技產品黑名單 政院補強管制理由
https://www.rti.org.tw/news/view/id/2031438

觀望美態度? 政院資安疑慮禁購清單 還要等
https://www.chinatimes.com/newspapers/20190820000220-260202?chdtv

行政院:資安產品禁購清單不只列品牌 也會說明理由
https://money.udn.com/money/story/5648/4000193

政府惡意檔案檢測服務Virus Check開放民眾使用
https://www.ithome.com.tw/news/132508

防選舉賭盤依附 警掃蕩賭博網站
https://udn.com/news/story/7315/4000682

政院拍板數位身分證 強化資安管理
http://bit.ly/30oCsc6

新版身分證新樣式 有「國旗」和「中華民國」
http://bit.ly/2Zgu8hn

新式身分證擴大監控國人資訊? 內政部釋疑
https://udn.com/news/story/7240/4003342

新身分證明年砸48億換發 未結合駕照、健保卡
https://udn.com/news/story/6656/4003265?from=udn-catelistnews_ch2

新式數位身分證免費換發 第二階段綁定手機
https://news.ltn.com.tw/news/politics/breakingnews/2892361

學者:數位身分證外顯資料少 個資外洩疑慮不高
https://www.cna.com.tw/news/aipl/201908220139.aspx

沒錢付贖金!宜蘭3度「戒」微軟Office
https://www.twreporter.org/a/software-microsoft-tw-government-ilan

H.ICS/SCADA 工控系統
四零四科技將於自動化展展出關鍵AIoT應用與資安方案
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000566634_YX9703OI2PSM2E54OZHG2

雲端工控安全保衛戰
https://www.freebuf.com/articles/ics-articles/211300.html

專家警告要小心駭客餵錯誤資料,誤導 AI 導致被牽著走
https://technews.tw/2019/08/20/expert-says-beware-of-hackers-giving-misleading-data-to-ai-and-make-ai-make-wrong-judgement/

Moxa 參與2019自動化大展,鎖定IIoT與OT資安雙主軸
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000566405_cfx3lxui1lnmjp41konhr

I.教育訓練
準備好了嗎?MySQL DBA 面試高頻三十問
https://mlog.club/article/26009

什麼語言才是最安全的編程語言
https://developer.huawei.com/consumer/cn/forum/forum.php?mod=viewthread&fid=23&tid=41598661&extra=page%3D1

【Web安全入門】三個技巧教你玩轉XSS漏洞
https://zhuanlan.zhihu.com/p/79429137

GO map -1
https://njiot.blogspot.com/2019/08/go-hash-1.html

COSCUP : nstack Develop and Validate TCP/IP stack in Linux Userspace
https://hackmd.io/@jD9XFdyQS0iyAaFMPYi5Ww/HytQg4SCV

Malware Naming Hell Part 1: Taming the mess of AV detection names
https://www.gdatasoftware.com/blog/2019/08/35146-taming-the-mess-of-av-detection-names

Resource: Malware analysis - learning How To Reverse Malware: A collection of guides and tools
https://www.peerlyst.com/posts/resource-learning-how-to-reverse-malware-a-guide

Resource: Cyber-Security & Risk Management, an evolving ecosystem (Full Article)
https://www.peerlyst.com/posts/cyber-security-and-risk-management-an-evolving-ecosystem-full-article-gary-hayslip-cissp-cisa-crisc-ccsk

"How to move to or start an InfoSec career" - wiki
https://www.peerlyst.com/posts/a-collection-of-links-about-transitioning-into-infosec-or-starting-an-infosec-career-and-making-it-peerlyst

The Hidden Opportunity in Cybersecurity
https://www.peerlyst.com/posts/the-hidden-opportunity-in-cybersecurity-steve-king

How to generate app passwords for your Microsoft Account
https://www.windowscentral.com/how-generate-app-passwords-your-microsoft-account

Learn Pwntools Step by Step
http://www.auxy.xyz/tutorial/2018/09/01/Pwntools-Step-By-Step.html

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
CLOUDSEC 趨勢安全研究副總談智慧城市:IoT 漏洞、隱私危機、物得其所的未來
https://www.inside.com.tw/article/17267-trend-micro-william-malik

物聯網上雲要注意安全組態的配置是否得宜,趨勢科技呼籲開發人員應做好相關控管
https://www.ithome.com.tw/news/132576

From low code and cloud, to AI and encryption: What you do with data needs to be about more than buzzwords
https://www.zdnet.com/article/from-low-code-and-cloud-to-ai-and-encryption-what-you-do-with-data-needs-to-be-about-more-than-buzzwords/#ftag=RSSbaffb68

Honeywell builds out building IoT applications, cybersecurity tools
https://www.zdnet.com/article/honeywell-builds-out-building-iot-applications-cybersecurity-tools/#ftag=RSSbaffb68

6.近期資安活動及研討會
 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 108 年度臺灣學術網路危機處理中心資安巡迴研討會 -資安趨勢暨網路安全概要  8/19 ~ 8/27
 http://www.hssh.tp.edu.tw/ezfiles/1/1001/attach/42/pta_17520_7551835_06329.pdf

 台灣駭客年會 HITCON Community 2019  2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8)
 https://www.accupass.com/event/1906040921594609934250

 第四屆臺灣好厲駭~開放報名 至108年8月26日(一)下午5點截止
 http://bit.ly/2ZlpP0Q

 NISRA Enlightened 2019 2019/08/26 ~ 2019/08/29
 https://nisra.kktix.cc/events/2019enlightened

 數位政府高峰會 2019  8/28
 https://egov.ithome.com.tw/

 ModernWeb 19  8/28 ~ 8/29
 https://modernweb.tw/

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 108年資安職能訓練-行動裝置安全(8/29-8/30)
 https://cee.ksu.edu.tw/recruitinfo/1443.html

 2019 NGO 資安種子講師訓練 8/29
 https://ocftw.kktix.cc/events/cscs2019tot

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  9/6
 https://signupcybersec101.ithome.com.tw/

 交通大學亥克書院-B022:基礎網頁安全與滲透測試<新竹場次> 9/7
 https://hackercollege.nctu.edu.tw/?p=1079

 資訊安全管理系統-基礎課程(免費!)9/8
 https://www.accupass.com/event/1907160853513957042270

 【AWS資安】Security Engineering on AWS​高級課程 9/9 ~ 9/11
 https://www.accupass.com/event/1905150854571147685105

 CDX2.0推廣活動 - 台北場次 9/10
 https://nchc-cdx.kktix.cc/events/cdxactivity-0910

 Kubernetes Summit 9/11
 https://summit.ithome.com.tw/kubernetes/

 台灣賽門鐵克年度資安論壇  9/12
 https://zh.surveymonkey.com/r/symantec_0912

 資安檢核核心技術及進階技術研討會 9月16日至9月18日
 http://bit.ly/2TN2UtD

 Cyber Attack Taipei Series 2019  9/17
 https://www.eventbrite.com/e/cyber-attack-taipei-series-2019-tickets-68951581035

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  9/20
 https://signupcybersec101.ithome.com.tw/

 金融資安培訓課程 9/20
 https://twap.deloitte.com.tw/DTLCRA/Works/CourseDetail.aspx?CourseID=T1906002

 資策會開辦「認證系統安全從業人員 SSCP 輔導班」2019/9/21
 https://ithome.com.tw/pr/131772

 交通大學亥克書院-A011:入侵行為發覺與應變指南 9/21
 https://hackercollege.nctu.edu.tw/?p=1082

 資訊安全管理系統-進階課程(免費!)9/21
 https://www.accupass.com/event/1907160908138705889800

 TANET 2019 - 臺灣網際網路研討會  9/25
 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310

 Nextlink Technology 9/25 (三)
 https://www.accupass.com/event/1908020858535104977240

 DEVCORE Conference 2019  9/25
 https://devco.re/conf/2019/

 交通大學亥克書院-B022:基礎網頁安全與滲透測試 9/28
 https://hackercollege.nctu.edu.tw/?p=1084

 資安檢核核心技術及進階技術研討會 10月7日至10月9日
 http://bit.ly/2TN2UtD

 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/

 交通大學亥克書院-A006:數位足跡追蹤與分析 10/19
 https://hackercollege.nctu.edu.tw/?p=1088

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  10/25
 https://signupcybersec101.ithome.com.tw/

 交通大學亥克書院-A015:進階網頁滲透測試 10/26
 https://hackercollege.nctu.edu.tw/?p=1090

 資安檢核核心技術及進階技術研討會 10月28日至10月30日
 http://bit.ly/2TN2UtD

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/8
 https://signupcybersec101.ithome.com.tw/

 交通大學亥克書院-P006:高階網頁滲透測試 11/16
 https://hackercollege.nctu.edu.tw/?p=1092

 資安檢核核心技術及進階技術研討會11月26日至11月28日
 http://bit.ly/2TN2UtD

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/29
 https://signupcybersec101.ithome.com.tw/

 交通大學亥克書院-B015:惡意程式檢測 11/30
 https://hackercollege.nctu.edu.tw/?p=1098

 交通大學亥克書院-A018:企業網域控管-Active Directory攻擊與防禦  12/14
 https://hackercollege.nctu.edu.tw/?p=1094

 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/