跳到主要內容

資安事件新聞週報 2019/9/2 ~ 2019/9/6


資安事件新聞週報  2019/9/2  ~  2019/9/6

1.重大弱點漏洞/後門/Exploit/Zero Day
PSV、PS3雙雙獲得韌體更新,但似乎忘了把漏洞補上
https://www.techbang.com/posts/72481-psv-ps3-double-get-stolic-update-but-seem-to-forget-to-fill-in-the-vulnerability

發現美國海軍網站的敏感信息洩露和SQL注入漏洞
https://nosec.org/home/detail/2909.html

企業修補進度慢!近期臺灣資安業者揭露的SSL VPN漏洞,傳出已遭駭客鎖定
https://www.ithome.com.tw/news/132764

SonarQube檢測出的bug、漏洞以及異味的修復整理
https://cloud.tencent.com/developer/article/1497624

Zimbra-RCE
https://github.com/rek7/Zimbra-RCE

Trend Micro OfficeScan (OSCE) DLL Side-Loading安全性弱點通告
https://nvd.nist.gov/vuln/detail/CVE-2019-9492

Hiding in Plain Text: Jenkins Plugin Vulnerabilities
https://blog.trendmicro.com/trendlabs-security-intelligence/hiding-in-plain-text-jenkins-plugin-vulnerabilities/

Lightning Network用戶敦促因漏洞而緊急更新軟件
https://0xzx.com/201908302043248275.html

SA103 : October 2015 NTP Security Vulnerabilities
https://support.symantec.com/us/en/article.SYMSA1335.html

SA98 : OpenSSL Security Advisory 11-June-2015
https://support.symantec.com/us/en/article.SYMSA1325.html

SA104 : OpenSSH Vulnerabilities
https://support.symantec.com/us/en/article.SYMSA1337.html

XSS and Information Disclosure Vulnerabilities in ASG and ProxySG
https://support.symantec.com/us/en/article.SYMSA1472.html


Information Disclosure Vulnerability in Reporter
https://support.symantec.com/us/en/article.SYMSA1489.html

Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018
https://support.symantec.com/us/en/article.SYMSA1457.html

思科 NX-OS 多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

Cisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection
https://www.exploit-db.com/exploits/47329

Cisco Nexus 7000 Series Switches和Nexus 7700 Series Switches NX-OS Software 輸入驗證錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1964

Company behind Foxit PDF Reader announces security breach
https://www.zdnet.com/article/company-behind-foxit-pdf-reader-announces-security-breach/#ftag=RSSbaffb68

Google Chrome 遠端執行任意程式碼漏洞
https://chromereleases.googleblog.com/2019/08/stable-channel-update-for-desktop_26.html

Multiple WordPress Plugins SQL Injection Vulnerabilities
https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html

WordPress sites under attack as hacker group tries to create rogue admin accounts
https://www.zdnet.com/article/wordpress-sites-under-attack-as-hacker-group-tries-to-create-rogue-admin-accounts/#ftag=RSSbaffb68

WordPress 10多個外掛遭駭,用以建立網站非法帳號
https://www.ithome.com.tw/news/132788

車輛跟踪系統LoJack的認證系統API存在漏洞,可以被利用實時跟踪汽車
https://www.4hou.com/vulnerable/20013.html

Hickory智能門鎖存在的多個漏洞
https://cloud.tencent.com/developer/article/1494657

來當賞金獵人?Google升級「維安計畫」 找到漏洞就有獎金拿
https://cnews.com.tw/140190903a04/

微軟著手調查造成Windows 10 CPU使用率飆高的原因
https://www.ithome.com.tw/news/132837

Analyzing and Identifying Issues with the Microsoft Patch for CVE-2018-8423
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analyzing-and-identifying-issues-with-the-microsoft-patch-for-cve-2018-8423/

Microsoft's latest Windows 10 20H1 test build adds cloud-reset option
https://www.zdnet.com/article/microsofts-latest-windows-10-20h1-test-build-adds-cloud-reset-option/#ftag=RSSbaffb68

Microsoft plans to remove Adobe Flash from all of its web browsers by December 2020
https://www.onmsft.com/news/microsoft-plans-to-remove-adobe-flash-from-all-of-its-web-browsers-by-december-2020

How MuleSoft patched a critical security flaw and avoided a disaster
https://www.zdnet.com/article/how-mulesoft-patched-a-critical-security-flaw-and-avoided-a-disaster/#ftag=RSSbaffb68

BMC Vulnerabilities Expose Supermicro Servers to Remote USB-Attacks
https://thehackernews.com/2019/09/hacking-bmc-server.html

超微伺服器的基板傳出含有遠端攻擊漏洞
https://www.ithome.com.tw/news/132842

企業修補進度慢!近期臺灣資安業者揭露的SSL VPN漏洞,傳出已遭駭客鎖定,全球近1萬5個Pulse Secure VPN端點曝險
https://www.ithome.com.tw/news/132764

GNU Compiler Collection 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15847

Wolters Kluwer Financial Services TeamMate+ 跨站請求偽造漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10253

Panasonic Video Insight VMS SQL注入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5996

Over 47,000 Supermicro servers are exposing BMC ports on the internet
https://www.zdnet.com/article/over-47000-supermicro-servers-are-exposing-bmc-ports-on-the-internet/#ftag=RSSbaffb68

The latest on BlueKeep and DejaBlue vulnerabilities — Using Firepower to defend against encrypted DejaBlue
https://blogs.cisco.com/security/talos/the-latest-on-bluekeep-and-dejablue-vulnerabilities-using-firepower-to-defend-against-encrypted-dejablue

Firefox 69 Now Blocks 3rd-Party Tracking Cookies and Cryptominers By Default
https://thehackernews.com/2019/09/firefox-tracking-cookies-cryptominers.html

【Cookie 剋星】最新版 Firefox 69 上線!全面啟用追蹤保護擋追蹤軟體
https://buzzorange.com/techorange/2019/09/05/firefox-69-launch/

Mozilla Firefox 多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/09/04/mozilla-releases-security-updates-firefox-and-firefox-esr

Year-Old Samba Bug Allows Access to Forbidden Root Share Paths
https://www.bleepingcomputer.com/news/security/year-old-samba-bug-allows-access-to-forbidden-root-share-paths/

Kubernetes 爆發嚴重漏洞:可能影響所有開源版本
https://juejin.im/post/5d6ef4575188256ea517d950

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
臺北金融科技展11月底即將登場,三家純網銀將首次同臺秀特色
https://www.ithome.com.tw/news/132678

外資主導搶食網銀大餅 國家隊好想贏日韓
https://m.mirrormedia.mg/story/20190827soc006/

將來銀行將自組 AI 團隊,佈局純網銀四大重點領域
https://buzzorange.com/techorange/2019/08/28/next-bank/

純網銀徵才大戰/LINE Bank拚2020上半年開業 年底前招募逾百位專才
https://www.ettoday.net/news/20190831/1525158.htm

純網銀徵才大戰/3團隊瘋搶這4類人才 文科生、理科生也可捧金飯碗
https://www.ettoday.net/news/20190831/1525157.htm

新版人民幣來了!市民「嘗鮮」多為收藏,網點將逐步投放
https://news.sina.com.tw/article/20190830/32500274.html

新版人民幣後日面世 1蚊5毫硬幣都改款
https://hk.news.appledaily.com/china/realtime/article/20190828/59982127

將來銀行」的將來在哪裡
https://forum.ettoday.net/news/1526799?redirect=1

純網銀大舉徵才!哪種人會錄取?將來銀行總經理透露面試考題
http://bit.ly/2kqUBpT

舊手機也可保手機保險了 但僅限這家銀行信用卡持卡人
https://ec.ltn.com.tw/article/breakingnews/2904121

獨家丨繼證大后,另一家P2P平台新新貸也被上海警方立案
https://news.sina.com.tw/article/20190902/32524866.html

新加坡預計2020年中期前釋出純網銀執照
https://news.cnyes.com/news/id/4373786

湖南警方抓獲15名販賣銀行卡嫌疑人
https://news.sina.com.tw/article/20190827/32460524.html

FinTech Taipei 2019即將隆重登場
https://www.setn.com/News.aspx?NewsID=590919

港交所:出現連接問題 所有市場目前如常運作
https://www.mpfinance.com/fin/instantf2.php?node=1567653673182&issue=20190905

香港交易所期貨線路出現問題
https://www.bsgroup.com.hk/importantannouncement/important/?page=5

「死機」逾12小時 港交所三宗罪
https://hk.finance.appledaily.com/finance/realtime/article/20190905/60014169

張華峰:港交所期指交易系統非遭駭客入侵
http://www.metroradio.com.hk/news/default.aspx?NewsID=20190905163410

李小加稱期貨停市涉新系統出現漏洞 非受攻擊
http://bit.ly/2lzACWs

港交所期貨交易當機停市 否認人為破壞
https://money.udn.com/money/story/5603/4032220

P2P爆雷不斷 中國官方將全面納入徵信系統
https://www.cna.com.tw/news/acn/201909040343.aspx

重磅!P2P將納入徵信體系 互金、網貸整治辦聯合發文
https://news.sina.com.tw/article/20190905/32560468.html

瑞典9月14日將開始執行歐盟付款服務規定PSD2
https://www.trademag.org.tw/page/newsid1/?id=753310&iz=6

巴黎街頭遭搶!歹徒10分內破解台灣金融卡盜10萬
https://news.ebc.net.tw/News/society/176841

旺旺集團拿下純網銀再傳震撼彈
https://moptt.tw/p/HatePolitics.M.1567569448.A.0DE

首例!國泰人壽與易遊網合作1分鐘旅平險正式通過
https://money.udn.com/money/story/5613/4032210

旅平險可直接在旅遊平台投保 保險業沙盒首例
https://www.cna.com.tw/news/afe/201909060087.aspx

Chinese nationals hacked ATM systems in Nepal's capital
https://www.thepaypers.com/digital-identity-security-online-fraud/chinese-nationals-hacked-atm-systems-in-nepal-s-capital/780474-26#

5 Chinese nationals arrested for stealing money from ATM in Kathmandu
https://www.indiatvnews.com/news/world-chinese-nationals-arrested-stealing-money-atm-in-kathmandu-546508

Police make four more arrests in ATM robbery case
https://myrepublica.nagariknetwork.com/news/police-make-four-more-arrests-in-atm-robbery-case/

German bank loses €1.5 million in mysterious cashout of EMV cards
https://www.zdnet.com/article/german-bank-loses-eur1-5-million-in-mysterious-cashout-of-emv-cards/#ftag=RSSbaffb68

3.電子支付/電子票證/行動支付/ pay/新聞及資安
不再擔心鈔票卡魚鱗  QR Code革命將消滅新台幣紙鈔?
https://www.cw.com.tw/article/article.action?id=5096647

「LINE Pay 一卡通帳戶」行動支付於 7-ELEVEN 正式上線
http://bit.ly/2lKlzsS

三井住友推駭客險 電子支付更有保障
https://money.udn.com/money/story/5602/4023217

網路賭局易使詐 行動支付警難辦
http://bit.ly/2lNnmxn

懵漢電子支付車費 手機投錢箱
https://orientaldaily.on.cc/cnt/china_world/20190901/00178_018.html

台灣電子支付大整合 金管會:LINE Pay、街口最快明年可互轉帳
https://news.cnyes.com/news/id/4375953

金管會計畫開放電支商家可互通 最快2020年成立「跨機構共用平台」
https://www.ettoday.net/news/20190903/1527810.htm

讓電子支付「一家親」 金管會研擬互轉帳整合平台
https://www.chinatimes.com/realtimenews/20190903004408-260410?chdtv

電子支付 擬設共用平台
http://merit-times.net/2019/09/04/124160/

【0.3 秒閃付】Amazon 測試「掃手」支付系統 明年應用 Whole Foods 超級市場
http://bit.ly/2k3jSXc

中國迎向刷臉支付時代 暗藏資安隱私風險
http://bit.ly/2k0n7P7

4.虛擬貨幣/區塊鍊   新聞及資安
臉書幣Libra還活著!推出31萬「抓蟲」賞金
https://ec.ltn.com.tw/article/breakingnews/2897984

最高 1 萬美元!Facebook 加密幣 Libra 祭漏洞賞金計畫
https://www.inside.com.tw/article/17361-libra-bug-bounty-program

正式推出比特幣期貨!Bakkt 下月初開放客戶入倉
https://news.cnyes.com/news/id/4373489

門羅幣挖礦風暴襲捲廣大企業 傳統防護已難以防守
https://money.udn.com/money/story/10860/4017581

以太坊Parity客戶端曝出RPC安全漏洞用戶需盡快升級
https://www.feixiaohao.com/news/4346927

馬上升級!比特幣閃電網絡或存在安全漏洞
https://www.zilian8.com/188980.html

比特幣或出現安全漏洞
https://www.bitguai.com/bitcoin/news/40076.html

加拿大出現比特幣ATM新騙局!詐騙者誘騙用戶掃描虛假QR Code
https://news.sina.com.tw/article/20190830/32498880.html

北韓否認攻擊加密貨幣交易所 稱指控是「由美國竄起的謠言」
https://news.cnyes.com/news/id/4375010

「假」黃金正在擾亂市場,比特幣需求可能因此大漲
http://news.knowing.asia/news/978ee55e-cb6a-479f-a9f2-364701c17388

交易所幣客無預警宣布關閉:表示遭駭客攻擊,公司「資不抵債」
https://www.blocktempo.com/bitker-exchange-announced-to-put-out0of-businss/

騰訊安全:不法駭客冒充“熱心用戶”,對虛擬幣交易平台發起定向攻擊
http://big5.pconline.com.cn/b5/news.pconline.com.cn/1288/12885031.html

比特幣閃電網絡中檢測到的嚴重漏洞
https://0xzx.com/201909021654252002.html

強攻發明專利及外幣現鈔聯盟鏈平台… 一銀區塊鏈運用 四路進擊
http://bit.ly/2jWacgZ

中國將成首個擁有數字貨幣國家
http://www.hkcd.com/content/2019-09/03/content_1154888.html

中南美洲最大電子支付公司 Cielo 宣布,推出加密貨幣支付系統
https://www.blocktempo.com/14-million-brazilian-point-of-sale-devices-to-support-crypto-payments/

用 Bitcoin 買傢俱 Pricerite 首推加密貨幣支付服務
http://bit.ly/2lrxyLT

以太坊獲伊斯蘭學者「清真認證」!數位貨幣也分是否清真
http://news.knowing.asia/news/94796903-4cba-41e5-9abb-b599cbb9554a

沒有虧錢也沒有被盜幣,這家泰國主流交易所卻宣布關站
http://news.knowing.asia/news/89f5bf4e-ca3b-4b63-9cee-d0fcffebf349

比特幣突破10000美元!「Bakkt效應」終於顯現了嗎
http://news.knowing.asia/news/bfc04b40-dd96-4289-9707-23e44a1f483c

關貿:門羅幣挖礦風暴襲捲企業
http://bit.ly/2jYsJcy

電力最強挖礦機?烏克蘭核電廠員工被查出上班時間偷接電挖礦
https://technews.tw/2019/09/04/employees-connect-nuclear-plant-to-the-internet-so-they-can-mine-cryptocurrency/

匯豐銀行完成首次以「人民幣計價」的區塊鏈信用狀交易
https://www.blocktempo.com/hsbc-processes-first-blockchain-letter-of-credit-using-chinese-yuan/

要單挑臉書幣!Telegram擬發行自家加密貨幣
https://ec.ltn.com.tw/article/breakingnews/2905511

監管比特幣礦工?有專家向美國國會出了個餿主意
http://news.knowing.asia/news/f9ce1af7-723a-49a9-8cc4-a823f60d2393

牛幣學院疑似詐欺,總資金高達近二千萬台幣
https://zombit.info/suspected-fraud-total-funds-up-to-nearly-20-million-taiwan-dollars/

比特幣不夠快,但什麼樣的產品才能成為理想的支付選擇呢
http://news.knowing.asia/news/164b773f-2518-4e83-9424-4efc5f51c8c8

美國國安局在研發加密貨幣,可抵抗量子計算
http://news.knowing.asia/news/94c801bf-fca2-4578-ada6-04a6528b60f5

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
美國數百家牙科診所仰賴的備份公司遭到勒索軟體攻擊
https://www.ithome.com.tw/news/132762

窮地方政府最危險!今年至少40個美國公部門遭駭客勒索失數千萬
http://bit.ly/2ZFfvjS

衛福部晚間公布臺灣醫療院所受勒索軟體攻擊現況,已有22家遇害
https://www.ithome.com.tw/news/132804

近日22家醫療院所遭勒索病毒攻擊事件處理說明
https://www.mohw.gov.tw/cp-4343-49147-1.html

兩家衛福部所屬醫院遭勒索軟體襲擊,確認臺灣已有10多間醫院遇害
https://ithome.com.tw/news/132781

公立醫院遭駭勒索病毒入侵? 彰化醫院:已建置新系統
https://www.chinatimes.com/realtimenews/20190831001635-260405?chdtv

多家醫院電腦中勒索病毒 衛福部:時間點太尷尬
https://m.ltn.com.tw/news/society/breakingnews/2902034

勒索病毒入侵 全台10餘家醫院遇駭
http://bit.ly/2UkmRbg

全台10餘家醫院中勒索病毒 密碼管理成漏洞
https://udn.com/news/story/7266/4021200

全台18家醫院中勒索病毒 衛福部:沒有資料被外洩
http://bit.ly/2LcdSpH

勒索病毒襲衛福部院所 要比特幣付贖
https://www.pcdvd.com.tw/showthread.php?t=1165860

多家醫院中勒索病毒 衛福部:兩小時解除無個資外洩
https://udn.com/news/story/7266/4020891

高雄阮綜合醫院疑中「勒索病毒」 行政系統癱瘓重建中
https://news.ltn.com.tw/news/life/breakingnews/2901611

疑中勒索病毒 阮綜合醫院行政作業一度癱瘓
https://udn.com/news/story/7327/4021197

勒索病毒襲擊 彰化醫院、員基中標
https://news.ltn.com.tw/news/Changhua/breakingnews/2901828

勒索病毒侵台北醫院、彰化醫院 要求比特幣贖金
http://bit.ly/2PyrG27

"勒索病毒"襲衛福部院所 要比特幣付贖
https://www.ttv.com.tw/news/view/10808310002800N/579

「勒索病毒」攻佔醫院主機! 傳全台56家中鏢…個資病歷全被鎖
https://www.ettoday.net/news/20190831/1525367.htm

「勒索病毒」襲台 傳56醫療院所電腦中鏢
https://m.ltn.com.tw/news/society/breakingnews/2901521

Avast與警方聯手移除85萬臺PC上的惡意蠕蟲
https://www.ithome.com.tw/news/132713

長島學區遭駭資料被鎖 付8.8萬贖金
http://bit.ly/2PxP1kB

接收健保署電子郵件會中勒索病毒?健保署:經查非事實
https://news.ltn.com.tw/news/Taipei/breakingnews/2903434

曾秀國旗喊台灣NO.1 爆乳網美遭勒索「不給錢就刪性感照」
https://news.ltn.com.tw/news/world/breakingnews/2901243

挖礦軟體感染目標擴及英特爾伺服器
https://www.ithome.com.tw/news/132791

騰訊安全威脅感知系統截獲網銀大盜木馬提醒網友注意陌生郵件
https://guanjia.qq.com/news/n3/2546.html

開學了,小心數位論文與教科書暗藏惡意程式
https://www.ithome.com.tw/news/132818

勒索病毒攻擊加密3萬張照片欲哭無淚 專家教你這樣止血
https://udn.com/news/story/7315/4026465?from=udn-catelistnews_ch2

計算機專業畢業生驚人大案:給網吧電腦裝木馬,遠程「挖礦」獲利上億元
https://news.sina.com.tw/article/20190903/32537952.html

挖礦惡意軟件逐漸進逼 Intel 伺服器
https://unwire.pro/2019/09/03/coinmining-malware-intel/security/

網絡安全威脅增 勒索軟件飆118%
https://inews.hket.com/article/2443436

驚!無檔案式威脅成長265% 數位勒索、變臉詐騙猖獗
https://www.setn.com/News.aspx?NewsID=597558

趨勢科技警告:「無檔案」式攻擊量暴增
https://udn.com/news/story/7088/4031557

Nemty勒索病毒可能透過暴露的遠端桌面連線散播
https://blog.trendmicro.com.tw/?p=61895

開學了,小心數位論文與教科書暗藏惡意程式
https://www.ithome.com.tw/news/132818

LokiBot變種利用圖像隱碼術來隱藏蹤跡
https://blog.trendmicro.com.tw/?p=61729

MDR 找到埋伏某公司系統2年的MyKings變種
https://blog.trendmicro.com.tw/?p=61824

獅子大開口!駭客向美國麻州城市New Bedford要求530萬美元贖金遭拒
https://ithome.com.tw/news/132896

Taxpayers against cities paying up in ransomware attacks, says survey
https://www.zdnet.com/article/taxpayers-against-cities-paying-up-in-ransomware-attacks-says-survey/#ftag=RSSbaffb68

Malware being disguised as school textbooks
https://www.techradar.com/news/criminals-disguising-malware-as-school-textbooks

Kaspersky: Malware Found Hiding in Popular Android App
https://www.bankinfosecurity.com/kaspersky-malware-found-hiding-in-popular-android-app-a-13008

Ransomware Hits Dental Data Backup Service Offering Ransomware Protection
https://thehackernews.com/2019/08/dds-safe-dental-ransomware-attack.html

Trickbot Is Using Google Docs to Trick Proofpoint’s Gateway
https://cofense.com/trickbot-using-google-docs-trick-proofpoints-gateway/

New Trickbot variant targets mobile users' PIN codes
https://cyware.com/news/new-trickbot-variant-targets-mobile-users-pin-codes-f7937c93

A new variant of Trickbot banking Trojan targets Verizon, T-Mobile, and Sprint users
https://securityaffairs.co/wordpress/90508/malware/trickbot-targets-us-mobile-users.html

Emotet Botnet Is Back, Servers Active Across the World
https://www.bleepingcomputer.com/news/security/emotet-botnet-is-back-servers-active-across-the-world/

TrickBot Modifications Target U.S. Mobile Users
https://www.secureworks.com/blog/trickbot-modifications-target-us-mobile-users

GOOTKIT BANKING TROJAN | DEEP DIVE INTO ANTI-ANALYSIS FEATURES
https://www.sentinelone.com/blog/gootkit-banking-trojan-deep-dive-anti-analysis-features/

GOOTKIT BANKING TROJAN | PART 2: PERSISTENCE & OTHER CAPABILITIES
https://www.sentinelone.com/blog/gootkit-banking-trojan-persistence-other-capabilities/

RAT Ratatouille: Backdooring PCs with leaked RATs
https://blog.talosintelligence.com/2019/08/rat-ratatouille-revrat-orcus.html

BRATA Android RAT Used to Infect and Spy on Brazilian Users
https://www.bleepingcomputer.com/news/security/brata-android-rat-used-to-infect-and-spy-on-brazilian-users/

Fully equipped Spying Android RAT from Brazil: BRATA
https://securelist.com/spying-android-rat-from-brazil-brata/92775/

Analysis: How Police Disrupted a Cryptomining Malware Gang
https://www.bankinfosecurity.com/interviews/analysis-how-police-disrupted-cryptomining-malware-gang-i-4430

New Android Malware for Banking Apps steal passwords by recording screens
https://www.technowize.com/new-android-malware-for-banking-apps-steal-passwords-by-recording-screens/

Hackers use Google Docs to spread TrickBot banking trojans
https://meterpreter.org/hackers-use-google-docs-to-spread-trickbot-banking-trojans/

2019-09-03 - PCAP AND MALWARE FOR AN ISC DIARY (REMCOS RAT)
https://www.malware-traffic-analysis.net/2019/09/03/index.html

Fake BleachBit Website Built to Distribute AZORult Info Stealer
https://www.bleepingcomputer.com/news/security/fake-bleachbit-website-built-to-distribute-azorult-info-stealer/

WordPress Plugins Anchor Widespread Malvertising, Rogue Backdoor Campaign
https://threatpost.com/wordpress-plugins-malvertising-backdoor-campaign/147926/

Hacked SharePoint Sites Used to Bypass Secure Email Gateways
https://www.bleepingcomputer.com/news/security/hacked-sharepoint-sites-used-to-bypass-secure-email-gateways/

Phishing Emails Are Using SharePoint to Slip Past Symantec’s Gateway and Attack Banks
https://cofense.com/phishing-emails-using-sharepoint-slip-past-symantecs-gateway-attack-banks/

Ransomware gang wanted $5.3 million from US city, but they only offered $400,000
https://www.zdnet.com/article/ransomware-gang-wanted-5-3-million-from-us-city-but-they-only-offered-400000/#ftag=RSSbaffb68

2019-08-31 - DATA DUMP: URSNIF+VIDAR WITH TRICKBOT
https://www.malware-traffic-analysis.net/2019/08/31/index.html

2019-09-03 - PCAP AND MALWARE FOR AN ISC DIARY (REMCOS RAT)
https://www.malware-traffic-analysis.net/2019/09/03/index.html

2019-09-04 - DATA DUMP: URSNIF INFECTION WITH TRICKBOT
https://www.malware-traffic-analysis.net/2019/09/04/index.html

2019-09-04 - DATA DUMP: URSNIF DOC SENDS VIDAR
https://www.malware-traffic-analysis.net/2019/09/04/index2.html

2019-09-05 - WORD DOC MACRO CAUSES URSNIF WITH TRICKBOT, OR IT CAUSES VIDAR
https://www.malware-traffic-analysis.net/2019/09/05/index.html

Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions
https://blog.trendmicro.com/trendlabs-security-intelligence/glupteba-campaign-hits-network-routers-and-updates-cc-servers-with-data-from-bitcoin-transactions/

TrickBot Makes Heavy Use of Evasion in Recent Attacks
https://www.securityweek.com/trickbot-makes-heavy-use-evasion-recent-attacks

JSWorm: The 4th Version of the Infamous Ransomware
https://securityaffairs.co/wordpress/90811/malware/jsworm-4-ransomware-analysis.html

New social engineering toolkit draws inspiration from previous web campaigns
https://blog.malwarebytes.com/social-engineering/2019/09/new-social-engineering-toolkit-draws-inspiration-from-previous-web-campaigns/

Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion
https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-abuses-php-functions-for-persistence-uses-compromised-devices-for-evasion-and-intrusion/

Ransomware gang wanted $5.3 million from US city, but they only offered $400,000
https://www.zdnet.com/article/ransomware-gang-wanted-5-3-million-from-us-city-but-they-only-offered-400000/#ftag=RSSbaffb68

A Ransomware Tale: Mayor Describes City's Decisions
https://www.bankinfosecurity.com/ransomware-tale-mayor-describes-citys-decisions-a-13033

GOOTKIT BANKING TROJAN | PART 3: RETRIEVING THE FINAL PAYLOAD
https://www.sentinelone.com/blog/gootkit-banking-trojan-retrieving-final-payload/

Ransomware Delivery Mechanisms [Part 1]
https://www.lastline.com/labsblog/ransomware-delivery-mechanisms/

Ransomware: Too Overt to Hide [Part 2]
https://www.lastline.com/labsblog/ransomware-overt-hide-part-2/

TROJAN DROPPER
https://malwr-analysis.com/2019/08/23/trojan-dropper-bdf243b7a296f7aecc366c799e3fb865ee3aff7c72d8d942e2b2632a347fe5c3/

Banking Trojans: A Reference Guide to the Malware Family Tree
https://www.f5.com/labs/articles/education/banking-trojans-a-reference-guide-to-the-malware-family-tree

TrickBot adds new trick to its arsenal: tampering with trusted texts
https://blog.malwarebytes.com/trojans/2019/09/trickbot-adds-new-trick-to-its-arsenal-tampering-with-trusted-texts/

Windows worms. Forbix worm analysis
https://persianov.net/windows-worms-forbix-worm-analysis

Mobile Menace Monday: Android Trojan raises xHelper
https://blog.malwarebytes.com/android/2019/08/mobile-menace-monday-android-trojan-raises-xhelper/

Unprecedented new iPhone malware discovered
https://blog.malwarebytes.com/mac/2019/08/unprecedented-new-iphone-malware-discovered/

New social engineering toolkit draws inspiration from previous web campaigns
https://blog.malwarebytes.com/social-engineering/2019/09/new-social-engineering-toolkit-draws-inspiration-from-previous-web-campaigns/

B.行動安全 / iPhone / Android /穿戴裝置 /App
Android攻擊程式價格首度超過iOS
https://www.ithome.com.tw/news/132835

Android exploits are now worth more than iOS exploits for the first time
https://www.zdnet.com/article/android-exploits-are-now-worth-more-than-ios-exploits-for-the-first-time/#ftag=RSSbaffb68

知名安卓軟體「掃描全能王」被發現含有特洛伊木馬!下載量超過一億次
https://applealmond.com/posts/57647

你可能也有安裝!下載破億次、超紅 Android 手機 App 被爆是木馬
https://3c.ltn.com.tw/news/37810

學校安全零死角 中山大學開發貼身護衛App
https://udn.com/news/story/7240/4014324?from=udn-ch1_breaknews-1-cate6-news

5G設企業專網 中華電:影響企業與電信業合作
https://ec.ltn.com.tw/article/paper/1313849

iOS 12.4.1修復越獄漏洞 蘋果建議用戶更新
https://www.chinatimes.com/realtimenews/20190828001595-260412?chdtv

Google finds malicious sites pushing iOS exploits for years
https://www.zdnet.com/article/google-finds-malicious-sites-pushing-ios-exploits-for-years/#ftag=RSSbaffb68

iPhone 最安全?Google:iPhone 早已被惡意網站入侵多年
https://www.inside.com.tw/article/17391-google-iphone-secretly-hacked

Google團隊揭露駭客史上最大攻擊iPhone事件!竊取文件和即時定位 蘋果獲報修復
https://www.ettoday.net/news/20190830/1524947.htm

「用戶和Siri對話被聽光光」 蘋果正式道歉了
https://www.mirrormedia.mg/story/20190829edi021/

香港反送中爆紅Telegram安全隱憂 示威者身份恐曝光
http://bit.ly/2NIie9K

Telegram 回應香港人訴求?執法機關無法再透過電話號碼肉搜使用者參與過的群組
https://buzzorange.com/techorange/2019/08/30/telegram-hk/

Telegram 被發現洩露用戶身份漏洞!官方正式回應
http://bit.ly/2PuZ5dZ

保護示威者 Telegram關閉電話配對
https://m.ltn.com.tw/news/world/paper/1314765

外媒:中國政府疑使用Telegram漏洞辨別示威者
https://unwire.hk/2019/08/31/telegram-3/tech-secure/

用LINE集點!店家控點數自動增加…損失逾5百元
http://bit.ly/2PAd6XN

Google將下載次數超過1億的Android app列入抓漏範圍
https://www.ithome.com.tw/news/132737

Google團隊揭iPhone漏洞 黑客可裝監控程式
http://bit.ly/2LjiFod

谷歌威脅分析小組稱,IPhone IOS 10-12巨型漏洞利用:從5個鏈中劫持多年
https://0xzx.com/201909020857251643.html

美媒:監控維吾爾人 北京設釣魚網站
https://udn.com/news/story/7331/4026367

中國利用iphone 漏洞監控維吾爾族
https://www.ptt.cc/bbs/MobileComm/M.1567365381.A.4D9.html

Google:iPhone被入侵 恐是陸針對維吾爾族穆斯林之舉
https://udn.com/news/story/11017/4024824

中共駭入維吾爾族 CNN:港台人士提防
https://udn.com/news/story/7331/4030151

中國監控維族 手機Google、微軟作業系統被駭
https://m.ltn.com.tw/news/world/paper/1315236

中國利用iPhone監控新疆人?惡意程式侵入網站長達兩年,照片訊息、帳戶密碼全都竊
https://www.storm.mg/lifestyle/1664309

傳中國為監控新疆打造的iPhone攻擊鏈,也會對Windows、Android用戶下手
https://www.ithome.com.tw/news/132807

瀏覽網站就被植入惡意碼,中國政府利用 iPhone 監控維吾爾族
https://buzzorange.com/techorange/2019/09/02/code-in-iphone-to-monitor-uyghur/

間諜程式藏網站大規模侵入iPhone至少2年,疑意在監控維吾爾人
https://www.ithome.com.tw/news/132786

㩒入Google搜尋結果手機都會中招 外媒:監控黑手很可能是中國
https://hk.news.appledaily.com/international/realtime/article/20190902/60000457

Google 資安研究團隊揭發史上最大 iPhone 駭侵事件
https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=911

Android 軟體更新報告出爐,Nokia 最勤快、vivo 和 LG 慘兮兮
https://technews.tw/2019/09/02/android-update-for-smartphone/

內地AI換臉軟件「ZAO」走紅 網民憂臉容遭不當利用
http://bit.ly/2ln6QUw

華為「鴻蒙」安全成疑 專家籲用黑客思維逆向思考
http://bit.ly/2lPJYNJ

「一張照演天下戲」 大陸換臉APP恐洩隱私
https://news.tvbs.com.tw/focus/1193977

Google 正式釋出 Android 10 , Pixel 系列裝置將陸續收到更新通知
https://www.cool3c.com/article/147691

Gmail隱藏圖片功能延伸至App 用戶資安更添保障
https://www.ettoday.net/news/20190904/1528397.htm

警惕手機淪為遠程竊聽器 APP偷聽今年被重點監管治理
https://news.sina.com.tw/article/20190905/32560836.html

深入理解PHP Phar反序列化漏洞原理及利用方法
https://www.4hou.com/vulnerable/18196.html

Bridgefy通訊App 港人下載急增 專家:未必可免受監控
http://bit.ly/2kiqtx7

「臉書約會」推出! 整合Instagram列「暗戀名單」秘密配對:風險自負
https://www.ettoday.net/news/20190906/1529681.htm

FB推出約會服務 聲明:結果風險自負
https://www.ctwant.com/article/6426

網釣簡訊利用OTA散布可變更手機設定,三星、LG等品牌受害
https://www.ithome.com.tw/news/132897

交友App管理消極 消基會:不乏未成年者冒充年齡進入
https://money.udn.com/money/story/5612/4032363

Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years
https://thehackernews.com/2019/08/hacking-iphone-ios-exploits.html

Apple Changes the Way It Listens to Your Siri Recordings Following Privacy Concerns
https://thehackernews.com/2019/08/apple-siri-recording-privacy.html

New Stealthy Ad Clicking Tactics Found in Popular Apps on Google Play
https://www.symantec.com/blogs/threat-intelligence/stealthy-ad-clicking-apps-google-play

Chinese Face-Swapping App ZAO Sparks Privacy Concerns After Going Crazily Viral
https://thehackernews.com/2019/09/face-swapping-deepfake-zao.html

Exploit Reseller Offering Up To $2.5 Million For Android Zero-Days
https://thehackernews.com/2019/09/android-full-chain-zero-day-exploit.html

Mysterious iOS Attack Changes Everything We Know About iPhone Hacking
https://www.wired.com/story/ios-attack-watering-hole-project-zero/

Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks
https://www.wired.com/story/android-zero-day-more-than-ios-zerodium/

Just An SMS Could Let Remote Attackers Access All Your Emails, Experts Warn
https://thehackernews.com/2019/09/just-sms-could-let-remote-attackers.html

iPhone Hacks May Be Linked to Broader China Spying
https://www.bankinfosecurity.com/iphone-hacks-may-be-linked-to-broader-china-spying-a-13010

Zero-day disclosed in Android OS
https://www.zdnet.com/article/zero-day-disclosed-in-android-os/#ftag=RSSbaffb68

Semi‑annual balance of mobile security 2019
https://www.welivesecurity.com/2019/09/05/balance-mobile-security-2019/

Apple iOS Attack Underscores Importance of Threat Research
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/apple-ios-attack-underscores-importance-of-threat-research/

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
「白帽黑客」組成 Project Zero屢建奇功
http://paper.wenweipo.com/2019/08/31/GJ1908310003.htm

Mozilla 調查指出台灣面臨三大網路風險,隱私、資訊壟斷與訊息誤導壟罩台灣網路環境
https://www.cool3c.com/article/147631

不只身體有!愛上網的台灣人 在網路也有「三高」
https://money.udn.com/money/story/5617/4024341

趨勢:91%駭客威脅 透過電郵入侵
http://bit.ly/2kl13yW

2019年8月十大資安新聞
https://www.ithome.com.tw/news/132843

資安 智慧醫療的罩門
https://talk.ltn.com.tw/article/paper/1314919

回應「資安,智慧醫療的罩門」
https://talk.ltn.com.tw/article/paper/1315174

Yahoo官網驚傳無預警關閉 網友哀嚎遍野
https://3c.ltn.com.tw/news/37890

國家網路安全宣傳周|你的口令會成為駭客破解的對象嗎
https://ek21.com/news/tech/134970/

入侵Capital One的駭客以遭駭的伺服器來挖礦
https://www.ithome.com.tw/news/132784

駭客組織強襲石油公司,中東恐成資訊戰最活躍戰場
http://bit.ly/2lyt4mH

中國最小的駭客,8歲黑進學校系統,13歲向360提出改進方案
https://ek21.com/news/tech/133846/

Kaspersky調查:還有4成用戶使用已終止支援或即將過期的Windows平台
https://www.ithome.com.tw/news/132792

資安即國安 電腦公會帶頭整合資安與製造業者
https://digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000567422_BZ955ZP51KP05U345QID7&cf=AG1

如何將資安導入DevOps的開發流程?白帽觀點創辦人揭露心法
https://www.ithome.com.tw/news/132778

推特執行長帳號遭駭 大發種族歧視推文
https://www.chinatimes.com/realtimenews/20190831003436-260410?chdtv

Twitter CEO 多爾西的推特帳號被駭,駭客只運用簡單的 SIM 盜換技術就搞定
https://technews.tw/2019/09/02/twitter-ceo-jack-dorsey-account-was-hacked-and-hacker-just-simply-use-sim-swap-method/

Twitter CEO Jack Dorsey 的個人 Twitter 帳號遭到駭客入侵
https://hypebeast.com/zh/2019/9/twitter-ceo-jack-dorsey-account-hacked-chuckle-squad-information

推特CEO狂發「種族歧視文」:總部有炸彈! 爆駭客1狡猾手段入侵
https://www.ettoday.net/news/20190831/1525403.htm

推特CEO推特帳號被駭!駭客放話要炸總部
https://udn.com/news/story/6811/4020663?from=udn-ch1_breaknews-1-cate5-news

駭進產品就賞3千萬!蘋果重金邀駭客查漏洞
https://fnc.ebc.net.tw/FncNews/life/97012

被指攻擊銀行及交易所獲20億美元 北韓發聲明否認
http://bit.ly/2kowqbL

網攻竊取逾600億?北韓痛批美國散播惡毒謠言
https://fnc.ebc.net.tw/FncNews/world/97586

華為再遭控竊取專利 反咬美國政府對公司發動「網路攻擊」
https://www.ftvnews.com.tw/news/detail/2019904W0025

華為有意公開原始碼 盼釋日方資安疑慮
https://www.chinatimes.com/realtimenews/20190904002756-260410?chdtv

日本防衛概算出爐 將成立太空作戰隊
https://m.ltn.com.tw/news/world/breakingnews/2901087

Defense One:應對網攻浩劫後 美須速謀對策
http://bit.ly/2LfOsHC

專家呼籲 美政府應建立「網攻第一擊後」應對方案
https://www.ydn.com.tw/News/350319

美國和波蘭簽署5G網絡安全聲明 劍指華為
http://www.epochtimes.com/b5/19/9/2/n11494094.htm

美軍駭入伊朗革命衛隊系統,摧毀其恐怖攻擊資料庫
https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=912

澳國大學加大防堵中國滲透措施
http://bit.ly/2Zzh86B

劍橋分析吹哨者:中國干預澳大利亞選舉 比俄羅斯還危險
http://bit.ly/30MFEhU

外國勢力滲透大學校園 澳洲政府採取行動防範
https://money.udn.com/money/story/5599/4015394

聯國制裁報告:北韓續發展核武和導彈計畫
http://bit.ly/2m2vHxr

與國際接軌 北韓擴充網安發展科技
http://bit.ly/2luiCN4

已具有突破防禦體系能力 聯合國報告:北韓還在發展核導計畫
https://news.ltn.com.tw/news/world/breakingnews/2907530

中國社會信用系統2020年適用企業 歐商會示警外企也要被監控
https://ec.ltn.com.tw/article/breakingnews/2898412

路透:為北京服務的黑客侵入亞洲電信公司系統監控維族人行蹤
https://www.voacantonese.com/a/CHINA-HACEKED-ASIAN-TELCOS-TO-SPY-ON-UIGHUR-TRAVELERS-20190905/5071398.html

中國駭客入侵亞洲多國電信商 監控維吾爾人
https://news.ltn.com.tw/news/world/breakingnews/2907227

北韓37大學大舉新設資安及尖端科學系所 教改跟上世界潮流
https://www.ettoday.net/news/20190904/1528047.htm

A Chinese APT is now going after Pulse Secure and Fortinet VPN servers
https://www.zdnet.com/article/a-chinese-apt-is-now-going-after-pulse-secure-and-fortinet-vpn-servers/#ftag=RSSbaffb68

Lyceum APT Group a New Threat to Oil and Gas Companies
https://www.bankinfosecurity.com/lyceum-apt-group-new-threat-to-oil-gas-companies-a-13003

Capital One Hacker Also Accused of Hacking 30 More Companies and CryptoJacking
https://thehackernews.com/2019/08/paige-thompson-capital-one.html

Unix at 50: How the OS that powered smartphones started from failure
https://arstechnica.com/gadgets/2019/08/unix-at-50-it-starts-with-a-mainframe-a-gator-and-three-dedicated-researchers/

Huawei Accuses US Government of Hack Attacks
https://www.bankinfosecurity.com/huawei-accuses-us-government-hack-attacks-a-13011

How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory
https://www.cyberscoop.com/apt3-nsa-tools-smb-check-point/

網路/資安工程師 (北京)
https://www.104.com.tw/job/6pzkh

【管理】資訊安全主管
https://www.104.com.tw/job/6pxgd

北區-資安講師(資安攻防實務、專題研討)
https://www.104.com.tw/job/6puwx

5287 資安分析師 / 資安工程師 (新竹市區)
https://www.cakeresume.com/companies/66cd09/jobs/security-analyst

駐點資安服務工程師 (大安運動中心附近)
https://www.104.com.tw/job/6q2g4

系統發展中心108年第四次專案人力進用-26.研發類-資安/通訊
https://www.104.com.tw/job/6q408?jobsource=n104bank2

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
LINE不當轉傳致洩密
http://epaper.wra.gov.tw/Article_Detail.aspx?s=7E7BC791D6822D9D

Google日曆也變詐騙聖地!二步驟讓你遠離假訊息
https://www.ettoday.net/news/20190829/1524283.htm

Google 日曆被 垃圾訊息洗版,只要一個選項就乾淨溜溜
https://www.kocpc.com.tw/archives/277295

網安公司報告 揭英美多國病人私隱被賤賣
http://bit.ly/2HE6Xnb

Imperva發生資料外洩意外,影響Cloud WAF雲端防火牆客戶
https://www.ithome.com.tw/news/132687

二合一選舉 桃市已有10多件假訊息情資
http://bit.ly/2HRea3t

第一資本個資外洩案 女駭客被起訴
http://bit.ly/2PtkUKL

第一資本個資外洩案女駭客被起訴 最重可判25年
https://udn.com/news/story/6812/4017729

密碼設為123456、多網站共用一組帳密,都有嚴重資安風險!教育部教你這樣設密碼,安全又好記
http://about.storm.mg/lifestyle/1648206

FB收緊刊美國政治廣告規則減誤導及虛假訊息 但仍存漏洞
http://bit.ly/2LojD2F

警方報案電話系統有漏洞 民眾個資險外流
https://udn.com/news/story/7321/4017753?from=udn-relatednews_ch2

挽救形象?Facebook開「快閃咖啡廳」 教用戶如何設定隱私
https://news.sina.com.tw/article/20190901/32517928.html

偽裝台灣小農打悲情牌,宣稱無花果茶/桑葚,有治糖尿病/白髮療效
https://blog.trendmicro.com.tw/?p=61829

Foxit資料外洩曝露用戶密碼
https://www.ithome.com.tw/news/132790

165示警!新詐騙手法「特殊管道」助貸款 連環套錢坑越來越大
https://www.ettoday.net/news/20190901/1526150.htm

網路賭局易使詐 行動支付警難辦
http://bit.ly/2lNnmxn

網傳收健保郵件會中「勒索病毒」? 衛福部急澄清:舊聞啦
https://health.ettoday.net/news/1526731

信用卡個資外洩遭恐嚇詐騙匯款 員警及時攔阻
https://udn.com/news/story/7320/4025509?from=udn-catebreaknews_ch2

挪威涉中國公民電信詐騙頻發 中使館提醒防範
http://www.hkcna.hk/content/2019/0902/782514.shtml

又利用網路愛情詐騙 保七力阻24萬險遭騙
http://bit.ly/2lVG8mq

駐布里斯班總領館發佈提醒:謹防網上交友詐騙
https://news.sina.com.tw/article/20190902/32523692.html

學生盜取上億條個人信息境外網路販賣被公訴
https://news.sina.com.tw/article/20190903/32541836.html

買家接詐騙電話 警覺抓包蝦皮!爆系統紕漏外洩個資
https://tw.news.appledaily.com/life/realtime/20190904/1625910/

臉書一頁式購物廣告充斥詐騙
http://www.ksnews.com.tw/index.php/news/contents_page/0001298246

美國防部開發軟件打擊假新聞
https://hk.news.appledaily.com/international/daily/article/20190904/20761834

AI時代金融信息安全攻防戰危情:誰泄露了我的數據
https://news.sina.com.tw/article/20190904/32547538.html

換臉APP涉洩個資 ZAO致歉
http://bit.ly/2lx0x0O

詐騙集團以AI軟體偽裝成老板聲音指示匯錢
https://www.ithome.com.tw/news/132836

知名餅店太火紅 詐騙集團拿去當犯案招牌
https://www.nownews.com/news/20190904/3610396/

警破一條龍詐騙集團 突破斷點逮22嫌
https://www.chinatimes.com/realtimenews/20190904002854-260402?chdtv

南京破獲一起冒用他人身份證辦理信用卡並惡意透支案
https://news.sina.com.tw/article/20190905/32563998.html

惡劣!盜領癌末患者錢財 社工遭農會識破報案
https://news.tvbs.com.tw/local/1195689

FB 又爆資安漏洞!上億用戶電話資料庫曝光
https://3c.ltn.com.tw/news/37884

釣魚電郵騙個資!收到「臉書官方」這封信不要回傳
https://m.ltn.com.tw/news/life/breakingnews/2906974

安卓用戶小心!手機收到假冒電信商簡訊 恐是釣魚攻擊
http://bit.ly/2kuEjfN

北京警方打掉一「鏈條化」信用卡詐騙犯罪團伙
https://news.sina.com.tw/article/20190904/32557640.html

主管打來叫他幫忙轉帳,誰知竟是駭客詐騙!AI模仿主管聲音,七百萬現金人間蒸發
https://www.storm.mg/lifestyle/1675979

駭客用AI仿冒英國能源公司CEO 語音命令員工匯款22萬歐元
https://cnews.com.tw/140190905a05/

陸刷臉支付 暗藏資安疑慮
https://www.ydn.com.tw/News/351381

DevOps服務Circleci資料外洩事件調查,攻擊者未取得任何用戶機密資料
https://www.ithome.com.tw/news/132884

中國製GPS追蹤器洩露60萬用戶即時地點
https://www.ithome.com.tw/news/132893

【詐騙新招】偽裝台灣小農打悲情牌,宣稱無花果茶/桑葚,有治糖尿病/白髮療效
https://blog.trendmicro.com.tw/?p=61829

BEC overtakes ransomware and data breaches in cyber-insurance claims
https://www.zdnet.com/article/bec-overtakes-ransomware-and-data-breaches-in-cyber-insurance-claims/#ftag=RSSbaffb68

Google Will Now Pay Anyone Who Reports Apps Abusing Users' Data
https://thehackernews.com/2019/08/google-data-abuse-bug-bounty.html

Brazilian citizen data under threat with sale of national tech firms
https://www.zdnet.com/article/brazilian-citizen-data-under-threat-with-sale-of-national-tech-firms/#ftag=RSSbaffb68

Some of Russia's surveillance tech leaked data for more than a year
https://www.zdnet.com/article/some-of-russias-surveillance-tech-leaked-data-for-more-than-a-year/#ftag=RSSbaffb68

Foxit Software Breach Exposes Account Data
https://www.bankinfosecurity.in/foxit-software-breach-exposes-account-data-a-13006

XKCD Forum Hacked – Over 562,000 Users’ Account Details Leaked
https://thehackernews.com/2019/09/xkcd-forum-hacked.html

Phishers Use SCA Checks to Trick Banking Customers
https://www.infosecurity-magazine.com/news/phishers-use-sca-checks-trick

600,000 GPS trackers left exposed online with a default password of '123456'
https://www.zdnet.com/article/600000-gps-trackers-left-exposed-online-with-a-default-password-of-123456/#ftag=RSSbaffb68

DK-Lok data breach exposes global enterprise client data, internal emails
https://www.zdnet.com/article/dklok-data-breach-leaked-global-enterprise-client-internal-emails/#ftag=RSSbaffb68

E.研究報告
如何自己動手編寫漏洞POC
https://cloud.tencent.com/developer/article/1496209

Buhtrap CVE-2019-1132攻擊事件相關漏洞樣本分析
https://www.freebuf.com/vuls/210782.html

Confluence 文件讀取漏洞(CVE-2019-3394)分析
https://paper.seebug.org/1025/

如何解“邏輯漏洞檢測”難題?默安給你答案
https://www.aqniu.com/vendor/54318.html

CVE-2015-2546 內核Use After Free漏洞分析
https://xz.aliyun.com/t/6115

SUCTF2019,python源碼分析,漏洞原理
https://xz.aliyun.com/t/6135

vivetok 攝像頭遠程棧溢出漏洞分析
https://juejin.im/entry/5d68ecb8f265da03b95009eb

SRC 漏洞挖掘實用技巧
https://www.jishuwen.com/d/29pP

華為路由器H532G漏洞分析
https://xz.aliyun.com/t/6116

Objection:一款運行時移動設備漏洞利用工具
https://www.freebuf.com/sectool/211869.html

利用吃灰的釣魚利器(esp8266)做一個手機遠程遙控小車
https://www.freebuf.com/articles/others-articles/210044.html

大型跨國銀行系統架構的微服務與敏捷開發實踐之路
https://www.infoq.cn/article/1uZuwqSo3XIL6WtrrP33

WebLogic漏洞深入滲透利用及防范思路
https://www.freebuf.com/articles/network/212858.html

網站漏洞檢測squid反向代理存在遠程代碼執行漏洞
https://cloud.tencent.com/developer/article/1496746

Web安全-之文件上傳漏洞場景
https://blog.csdn.net/devcloud/article/details/100173321

傳統XSS攻擊引發持久型ATO漏洞技術研究
https://xz.aliyun.com/t/6186

Pulse Secure SSL VPN遠程代碼執行漏洞利用與分析
https://www.anquanke.com/post/id/185773

通用漏洞評估方法CVSS3.0介紹
https://blog.csdn.net/whatday/article/details/100552807

解除任天堂Google Authenticator二階段驗證 SWITCH帳戶解鎖流程教學
https://www.cool3c.com/article/147763

淺談ARP欺騙的實現與防禦
https://www.freebuf.com/articles/network/210852.html

CVE-2018-8639分析與復現
https://bbs.pediy.com/thread-254305.htm

西門子S7通信過程及重放攻擊分析
https://www.freebuf.com/articles/ics-articles/212283.html

日活百萬級病毒“DropperNecro”分析報告
https://www.freebuf.com/articles/terminal/213324.html

個案分析-X大學系所網站駭侵攻擊事件分析報告_10808
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019083011082828195490327742851.pdf

挖洞經驗| 繞過WAF限制利用php:方法實現OOB-XXE漏洞利用
https://www.freebuf.com/vuls/211822.html

Macro_Pack中的宏代碼混淆方法分析
https://www.freebuf.com/sectool/211592.html

Dwarf:一款基於Pyqt5和Frida的逆向分析調試工具
https://www.freebuf.com/sectool/212123.html

Adobe ColdFusion RCE(CVE-2019-7839) 漏洞分析
https://www.freebuf.com/vuls/210386.html

Separ木馬分析報告案例分析
https://www.freebuf.com/articles/network/211691.html

從習總書記講話看中國網絡空間安全發展趨勢
https://www.freebuf.com/articles/network/213433.html

利用Redis未授權訪問漏洞進行門羅幣(XMR)挖礦事件分析
https://www.freebuf.com/vuls/213484.html

Gorgon APT組織再做文章:DropBox到NJRat的曲折歷程
https://www.freebuf.com/articles/system/213082.html

安全運維工作中的機器學習應用
https://www.freebuf.com/articles/es/211990.html

HiddenEye:帶有高級功能的現代釣魚工具
https://www.freebuf.com/sectool/212130.html

釣魚郵件故事一則與處理方法分享
https://www.freebuf.com/articles/es/211692.html

電子郵件安全問題分析(一)
https://www.freebuf.com/articles/network/212241.html

電子郵件安全問題分析(二)
https://www.freebuf.com/articles/network/212273.html

Hacker101白帽黑客進階之路
https://www.freebuf.com/video/213279.html

谷歌提醒iPhone用戶注意數據竊取惡意軟件攻擊
https://www.freebuf.com/articles/database/213201.html

WannaMine挖礦木馬再活躍,14萬台linux系統受攻擊廣東省為重災區
https://www.freebuf.com/articles/network/212166.html

淺談電子數字取證技術
https://www.freebuf.com/articles/network/211643.html

BoomBox Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant
https://github.com/nbeede/BoomBox

GhIDA: Ghidra decompiler for IDA Pro
https://blog.talosintelligence.com/2019/09/ghida.html

Nishang
https://github.com/samratashok/nishang

xray: A powerful security assessment tool
https://securityonline.info/xray-powerful-security-assessment/

mwrlabs/C3
https://github.com/mwrlabs/C3/blob/master/README.md

CVE-2019-8790:Check Point Endpoint Security初始客戶端提權漏洞分析
https://www.anquanke.com/post/id/185338

China Chopper still active 9 years later
https://blog.talosintelligence.com/2019/08/china-chopper-still-active-9-years-later.html

Virtual Machine for Adversary Emulation and Threat Hunting
https://github.com/redhuntlabs/RedHunt-OS

Exploitation of Windows CVE-2019-0708 (BlueKeep): Three Ways to Write Data into the Kernel with RDP PDU
http://bit.ly/2LbPNPM

Operation Fast Cash - Hidden Cobra‘s AIX PowerPC malware dissected
http://bit.ly/2ZJ9FxQ

crawlab
https://github.com/crawlab-team/crawlab

AIL Framework - Framework for Analysis of Information Leaks
https://www.kitploit.com/2019/08/ail-framework-framework-for-analysis-of.html

Backdooring My Router Firmware
https://www.secjuice.com/backdooring-dlink-router-firmware/

VB2019 preview: Inside Magecart: the history behind the covert card-skimming assault on the e-commerce industry
https://www.virusbulletin.com/blog/2019/08/vb2019-preview-inside-magecart-history-behind-covert-card-skimming-assault-e-commerce-industry/

F.商業
趨勢科技推出涵蓋電郵、網絡、用戶端、伺服器及雲端 的XDR 雲端服務平台
http://n.yam.com/Article/20190827828595

中華電攻新南向 越南研討會首登場
https://www.cna.com.tw/news/afe/201908270309.aspx

中華電跨國物聯網上線 拓展行動業務及技術
https://money.udn.com/money/story/5612/4013211

【資安情報】勒索.挖掘.漏洞增 企業關注高危系統
http://bit.ly/2zFl8UH

趨勢科技作育全球網路資安英才
https://news.sina.com.tw/article/20190828/32482588.html

記錄指令活動 嚴防內鬼或駭客竊取營業秘密
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000566822_bpd7cao13w7o5j1qy1yg1

部分 Surface 用戶發現更新後耗電異常 , 關機再開吃掉 25% 電力
https://www.kocpc.com.tw/archives/277690

Palo Alto 以 7,500 萬美元收購 IoT 安全新創公司 Zingbox,並將首度提供安全訂閱服務
https://finance.technews.tw/2019/09/06/palo-alto-networks-intends-to-acquire-zingbox/

New Free Offering Enables Any MSP and Security Integrator to Add Incident Response to their Services Portfolio
https://thehackernews.com/2019/09/msp-incident-response.html

Palo Alto Networks delivers strong Q4, acquires Zingbox for IoT security
https://www.zdnet.com/article/palo-alto-networks-delivers-strong-q4-acquires-zingbox-for-iot-security/#ftag=RSSbaffb68

G.政府
行程很硬的一週...陳其邁深夜喊:給我三個月也很難變三浦春馬
https://www.ettoday.net/news/20190829/1523693.htm

工業局補助 資安健檢團隊到你家
https://money.udn.com/money/story/10860/4017790

網路性騷無法管? 綠委將提案修性騷擾防治法
https://www.rti.org.tw/news/view/id/2032667

網紅拍片辱護理師無法可治 立委拋修法拒網路性別罷凌
https://taronews.tw/2019/08/30/450648/

數位身分證個資 內政部怎保護
https://tw.appledaily.com/new/realtime/20190902/1626346/

外商掌握關鍵技術 廠商憂全民個資恐外流
https://m.mirrormedia.mg/story/20190902soc004/

1分鐘看懂新式身分證 八大功能一把抓
https://www.mirrormedia.mg/story/20190902soc006

資安防護觀念轉變 唐鳳:如何反擊重於防守
https://www.cna.com.tw/news/afe/201909030152.aspx

金管會明年施政 緊盯四要點
https://www.chinatimes.com/newspapers/20190903000233-260202?chdtv

新式身分證傳外包疑洩個資 內政部:集中製卡個資不外洩
https://www.chinatimes.com/realtimenews/20190903003160-260407?chdtv

如何強化台灣資安戰場?唐鳳:主動出擊重於防護
https://www.ftvnews.com.tw/news/detail/2019903W0018

蘇貞昌:數位身分證 重視資安
https://www.chinatimes.com/realtimenews/20190903003617-260407?chdtv

資通安全管理法常見問題
https://nicst.ey.gov.tw/Page/D94EC6EDE9B10E15/c14455ab-503d-4687-97ae-c514b7fa1df2

Fintech周報第114期:金管會揭露2020年金融科技八大發展重點
https://ithome.com.tw/news/132845

工研院組國家隊攜手微軟,發展國內 AI 晶片新應用商機
https://technews.tw/2019/09/05/ai-chip-itri/

有線電視用戶恐跌破500萬 CBIT籲NCC鬆綁法規限制
https://ec.ltn.com.tw/article/breakingnews/2907206

108年「資安系列競賽」9月2日起開放報名
https://www.nccst.nat.gov.tw/NewInfoDetail?lang=zh&seq=1530

H.ICS/SCADA 工控系統
推動資安標準 為工控領域灌輸防禦基本功
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000566908_kvg8pq7d1kizrg7zhw907

產能、資安面面俱到 加速智慧製造轉型進程
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000566824_tf17xahr386ov23d5ic9k

因應工業環境特殊性 選用正確設備以強化工控安全
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000566848_3fw7ibvn5bvh3e7tkfu9z

綜觀人員、流程、技術 重新定義工控安全體系
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000566306_h8a46i0tlev6pq740s2n4

援引國際規範 打造安全穩定的ICS運作環境
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000566909_85flg1q0l0lm21lc6ziba

善用超級電腦 為工業4.0工廠設計分配式智慧防駭系統
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000566911_v4dl2gwu0ou7v02pbpawz

破解一輛特斯拉Model S需要多長時間?2018年的漏洞仍未徹底修復:駭客仍能幾秒內破解特斯拉Model S
https://www.insoler.com/forum/topic/15672997979807.htm

I.教育訓練
實體安全與資安管理
https://drive.google.com/file/d/1OYFLHKPGFm9MWI-LBcEERCgXXVf-WAAM/view

參與資安稽核的緣起(一)
https://ithelp.ithome.com.tw/articles/10213103

參與資安稽核的緣起(二)
https://ithelp.ithome.com.tw/articles/10213117

訓練課程的注意事項
https://ithelp.ithome.com.tw/articles/10213691

[駭客工具 Day1] 前言
https://ithelp.ithome.com.tw/articles/10213312

[駭客工具 Day2] Port Scan王者 - Nmap
https://ithelp.ithome.com.tw/articles/10213539

[駭客工具 Day3] 網路封包側錄分析 - Wireshark
https://ithelp.ithome.com.tw/articles/10213677

(1)資安事件分析(2)資訊安全管理制度實務(3)網路安全管理實務 (4)資通安全設備管理(含 Firewall、IPS、WAF、AD 與 Exchange Server、SIEM) 等實務測驗題庫彙編
http://bit.ly/2lCKI8L

學會這些JS 小技巧,提升編碼幸福度
https://www.infoq.cn/article/wF1PorTPQiW0*Q2Jc2XU

curl 的用法指南
http://www.ruanyifeng.com/blog/2019/09/curl-reference.htm

教你如何搭建威脅情報庫
https://www.freebuf.com/articles/network/210451.html

Resource: Malware analysis - learning How To Reverse Malware: A collection of guides and tools
https://www.peerlyst.com/posts/resource-learning-how-to-reverse-malware-a-guide?trk=search_suggestion_query

Learn Ethical Hacking Online – A to Z Training Bundle 2019
https://thehackernews.com/2017/03/learn-hacking-training.html

Malware Naming Hell Part 1: Taming the mess of AV detection names
https://www.gdatasoftware.com/blog/2019/08/35146-taming-the-mess-of-av-detection-names

Cisco releases guides for incident responders handling hacked Cisco gear
https://www.zdnet.com/article/cisco-releases-guides-for-incident-responders-handling-hacked-cisco-gear/#ftag=RSSbaffb68

Cisco ASA Forensic Investigation Procedures for First Responders
https://tools.cisco.com/security/center/resources/asa_forensic_investigation

Cisco IOS Software Forensic Investigation Procedures for First Responders
https://tools.cisco.com/security/center/resources/ios_forensic_investigation

Cisco IOS XE Software Forensic Investigation Procedures for First Responders
https://tools.cisco.com/security/center/resources/iosxe_forensic_guide

Cisco Firepower Threat Defense Forensic Investigation Procedures for First Responders
https://tools.cisco.com/security/center/resources/ftd_forensic_investigation

What is MITRE ATT&CK and how is it useful
https://www.welivesecurity.com/2019/09/03/what-is-mitre-attck-useful/

PowerShell Script with a builtin DLL
https://isc.sans.edu/diary/PowerShell+Script+with+a+builtin+DLL/25302

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
根據資訊安全分類 實施物聯網雲端安全控制措施
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000566847_rby7z74d5jgvvw6w786an

借助雲端平台生態系 加速提升IoT安全性
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000566845_43d9hztj34u7o46ywu23q

物聯網資安情況堪慮 原因:欠產品保安意識
http://bit.ly/2UqW90L

你家門鈴就是監視器!智慧門鈴廠商 Ring 與警方合作,提供監視畫面打擊犯罪
https://buzzorange.com/techorange/2019/08/29/ring-cooperate-with-police/

無所不在的物聯網
http://bit.ly/2ZvyZfi

臉書、微軟辦大賽 徵求辨識深度合成造假影片的技術
https://udn.com/news/story/6811/4032078

A Hack to Steal a Tesla, a Yelp Overhaul, and More News
https://www.wired.com/story/tesla-key-fob-hack-yelp-custom-search/

Hackers Could Steal a Tesla Model S by Cloning Its Key Fob—Again
https://www.wired.com/story/hackers-steal-tesla-model-s-key-fob-encryption/

6.近期資安活動及研討會
 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 AI 投資理財技術實作,Python爬蟲+機器學習技術實務,打造個人投資理財工具 9/7
 https://www.techbang.com/posts/72056-course-ai-investment-finance-technology

 交通大學亥克書院-B022:基礎網頁安全與滲透測試<新竹場次> 9/7
 https://hackercollege.nctu.edu.tw/?p=1079

 DigitalOcean Hsichu x Golang TW Meetup  9/7
 https://www.meetup.com/DigitalOceanHsinchu/events/263910445/

 Trend Micro CTF 2019 // Raimund Genes Cup  SEPTEMBER 7–8, 2019
 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html

 資訊安全管理系統-基礎課程 9/8
 https://www.accupass.com/event/1907160853513957042270

 Scala Taiwan #32 - Introduction to Minitime 9/9
 https://www.meetup.com/Scala-Taiwan-Meetup/events/263961981/

 MLDM Monday|Domain Adaptation 的數學理論推導 9/9
 https://www.meetup.com/Taiwan-R/events/263929941/

 【AWS資安】Security Engineering on AWS​高級課程 2019-09-09(一) 09:30 ~ 2019-09-11(三) 17:30 (GMT+8)
 https://www.accupass.com/event/1905150854571147685105

 微軟 2nd Cybersecurity Conference 2019/09/10 9:00-17:00
 https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x7592629abcd

 SyntaxError 9/11
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbpb/

 Android Code Club(Taipei)  9/11
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbpb/

 【AWS資安】Security Engineering on AWS​高級課程 9/9 ~ 9/11
 https://www.accupass.com/event/1905150854571147685105

 CDX2.0推廣活動 - 台北場次 9/10
 https://nchc-cdx.kktix.cc/events/cdxactivity-0910

 Kubernetes Summit 9/11
 https://summit.ithome.com.tw/kubernetes/

 台灣賽門鐵克年度資安論壇  9/12
 https://zh.surveymonkey.com/r/symantec_0912

 HackingThursday 固定聚會 9/12
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbqb/

 資安檢核核心技術及進階技術研討會 9月16日至9月18日
 http://bit.ly/2TN2UtD

 MLDM Monday|TensorFlow All Around 9/16
 https://www.meetup.com/Taiwan-R/events/264154315/

 Kotlin/Everywhere GDG Hsinchu - Kotlin on Cloud and Web 9/17
 https://www.meetup.com/GDG-Hsinchu/events/263741333/

 Cosmos SDK Workshop - 打造自己的新手區塊鏈 9/17
 https://www.meetup.com/Taipei-Blockchain/events/264188406/

 2019網路治理分享會 台灣、亞太、與全球的焦點議題  9/17
 https://www.nii.org.tw/events/igf19/

 Cyber Attack Taipei Series 2019  9/17
 https://www.eventbrite.com/e/cyber-attack-taipei-series-2019-tickets-68951581035

 稽核主管研習班(108年第二期)  9/17 ~ 9/18
 https://edu.tii.org.tw/pt_training/mpage/index/info/1072673781

 Android Code Club(Taipei) 9/18
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbxb/

 SyntaxError 9/18
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbxb/

 HackingThursday 固定聚會  9/19
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbzb/

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  9/20
 https://signupcybersec101.ithome.com.tw/

 金融資安培訓課程 9/20
 https://twap.deloitte.com.tw/DTLCRA/Works/CourseDetail.aspx?CourseID=T1906002

 Android Code Club(Taipei) 9/21
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzlbcc/

 SyntaxError  9/21
 https://www.meetup.com/pythonhug/events/tnzzgpyzlbcc/

 資策會開辦「認證系統安全從業人員 SSCP 輔導班」2019/9/21
 https://ithome.com.tw/pr/131772

 交通大學亥客書院-A011:入侵行為發覺與應變指南 9/21
 https://hackercollege.nctu.edu.tw/?p=1082

 資訊安全管理系統-進階課程 9/21
 https://www.accupass.com/event/1907160908138705889800

 Open UP Summit Fukuoka Outreach 9/21
 https://www.meetup.com/TaipeiWomeninTech/events/263683783/

 Build Your First Custom Blockchain - 親手打造你的第一個客制區塊鏈  9/24
 https://www.meetup.com/Polkadot-Taipei/events/264188190/

 TANET 2019 - 臺灣網際網路研討會  9/25
 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310

 Nextlink Technology 9/25 (三)
 https://www.accupass.com/event/1908020858535104977240

 DEVCORE Conference 2019  9/25
 https://devco.re/conf/2019/

 面對 APT進階持續性滲透攻擊,企業如何建立正確防護觀念與有效、低成本的資安防護能力 9/26
 https://www.techbang.com/posts/72484-lecturecorporate-apt

 Thinking Thursday 第四場  9/26
 https://www.meetup.com/Thinking-Thursday/events/263826166/

 [CyCarrier]-奧義智慧資安活動_Fintech威脅剖析 金融科技資安升級 9/26
 https://www.zerone.com.tw/TrainingDetial/Seminar/2CB2943BF5366C08%7C581222C91497B312

 [Akamai]-Akamai線上研討會快速部署與高效預測抵禦的資安防護網 9/27
 https://www.zerone.com.tw/TrainingDetial/Seminar/33439C9B5852933A%7C4D840EFFD881209B

 交通大學亥客書院-B022:基礎網頁安全與滲透測試 9/28
 https://hackercollege.nctu.edu.tw/?p=1084

 JavaScript Developer Conference-2019  2019-09-28(六) 09:30 ~ 2019-10-26(六) 17:30 (GMT+8)
 https://www.accupass.com/event/1907081509101081922774

 GDG DevFest Taipei 2019 10/1
 https://www.meetup.com/GDGTaipei/events/263142255/

 資安檢核核心技術及進階技術研討會 10月7日至10月9日
 http://bit.ly/2TN2UtD

 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/

 交通大學亥客書院-A006:數位足跡追蹤與分析 10/19
 https://hackercollege.nctu.edu.tw/?p=1088

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

 [Palo Alto Networks]-Palo Alto Networks 直播研討會Part6. MITRE ATT&CK 新資安攻防框架進階產業應用 10/24
 https://www.zerone.com.tw/TrainingDetial/Seminar/7747B901A8198AC3%7C1C130FE6FEC34700

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  10/25
 https://signupcybersec101.ithome.com.tw/

 交通大學亥客書院-A015:進階網頁滲透測試 10/26
 https://hackercollege.nctu.edu.tw/?p=1090

 資安檢核核心技術及進階技術研討會 10月28日至10月30日
 http://bit.ly/2TN2UtD

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/8
 https://signupcybersec101.ithome.com.tw/

 交通大學亥客書院-P006:高階網頁滲透測試 11/16
 https://hackercollege.nctu.edu.tw/?p=1092

 Trend Micro CTF 2019 // Raimund Genes Cup  FINAL / NOVEMBER 23–24, 2019
 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html

 資安檢核核心技術及進階技術研討會11月26日至11月28日
 http://bit.ly/2TN2UtD

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/29
 https://signupcybersec101.ithome.com.tw/

 交通大學亥客書院-B015:惡意程式檢測 11/30
 https://hackercollege.nctu.edu.tw/?p=1098

 交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦  12/14
 https://hackercollege.nctu.edu.tw/?p=1094

 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/