資安事件新聞週報 2019/9/23 ~ 2019/9/27
資安事件新聞週報 2019/9/23 ~ 2019/9/27
1.重大弱點漏洞/後門/Exploit/Zero Day
泰國司法部長就電子跟蹤器手環EM漏洞 司法部索賠逾8300萬銖
http://www.udnbkk.com/article-286128-1.html
清華大學發現ARM、Intel處理器漏洞;華為發布Mate 30系列手機
https://kknews.cc/tech/qlklg5r.html
makandra consul gem for Ruby 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16377
Agwl駭客組織再攻Phpstudy,新增Apache Solr漏洞利用
https://s.tencent.com/research/report/813.html
全球最大同性交友網站化身漏洞管理者,還有25個潛在漏洞排名
https://www.jishuwen.com/d/pmdz/zh-tw
Kubernetes Kubectl曝安全漏洞,Rancher產品不受影響
https://segmentfault.com/a/1190000020464083
思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x
Cisco Nexus 9000 Series CVE-2019-1901 CVSS V3 8.8
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo
Cisco IOS XE Software CVE-2019-12646 CVSS V3 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-alg
Cisco Catalyst 4000 Series Switches CVE-2019-12652 CVSS V3 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-cat4000-tcp-dos
Cisco IOx for IOS Software CVE-2019-12648 CVSS V3 9.9
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth
Cisco IOS XE Software CVE-2019-12650 CVE-2019-12651 CVSS V3 7.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection
Cisco IOS and IOS XE Software CVE-2019-12654 CVSS V3 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos
Cisco IOS XE Software CVE-2019-12653 CVSS V3 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dos
Cisco IOS XE Software CVE-2019-12658 CVSS V3 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-fsdos
Cisco IOx Application CVE-2019-12656 CVSS V3 7.5
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox
Cisco IOS XE Software CVE-2019-12655 CVSS V3 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ftp
Cisco IOS XE Software CVE-2019-12657 CVSS V3 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-utd
Cisco IOS and IOS XE Software CVE-2019-12647 CVSS V3 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-identd-dos
IBM WebSphere Application Server 多個漏洞
https://www.ibm.com/support/pages/security-bulletin-multiple-vulnerabilities-ibm-http-server-used-websphere-application-server
WebSphere漏洞預警(CVE-2019-4505)
https://www.agesec.com/news/7537.html
pam-python 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16729
DOMPurify 跨站脚本漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16728
Update Google Chrome Browser to Patch New Critical Security Flaws
https://thehackernews.com/2019/09/google-chrome-update.html
Developer takes down Ruby library after he finds out ICE was using it
https://www.zdnet.com/article/developer-takes-down-ruby-library-after-he-finds-out-ice-was-using-it/#ftag=RSSbaffb68
CVE-2019-4505:WebSphere任意文件讀取漏洞警報
https://www.linuxidc.com/Linux/2019-09/160757.htm
ElasticSearch命令執行防禦(CVE-2014-3120)
http://blog.itpub.net/69946337/viewspace-2658305/
VMware Security Advisories VMSA-2019-0014.1
https://www.vmware.com/security/advisories/VMSA-2019-0014.html
Forcepoint VPN Client is Vulnerable to Privilege Escalation Attacks
https://threatpost.com/forcepoint-vpn-client-is-vulnerable-to-privilege-escalation-attacks/148544/
Forcepoint VPN Client CVE-2019-6145
https://nvd.nist.gov/vuln/detail/CVE-2019-6145
CVE-2019-6145 Unquoted search path vulnerability in Forcepoint VPN Client for Windows
https://support.forcepoint.com/KBArticle?id=000017525
arubanetworks -- arubaos
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-7081
D-Link DNS-320
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16057
tenda -- n301_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16288
tendacn -- n301_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16412
Western Digital WD My Book
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16399
Wireshark
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16319
arubanetworks -- arubaos CVE-2018-7081 CVSS 9.3
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-7081
apache -- tapestry CVE-2019-0195 CVSS 7.5
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0195
haxx -- curl CVE-2019-5481 CVSS 7.5
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5481
haxx -- curl CVE-2019-5482 CVSS 7.5
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5482
linux -- linux_kernel CVE-2019-14821 CVSS 7.2
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14821
linux-nfs -- nfs-utils CVE-2019-3689 CVSS 10.0
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3689
Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites
https://www.zdnet.com/article/anonymous-researcher-drops-vbulletin-zero-day-impacting-tens-of-thousands-of-sites/#ftag=RSSbaffb68
[Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly
https://thehackernews.com/2019/09/vbulletin-zero-day-exploit.html
微軟緊急修補兩個已遭大規模濫用的 0-day 漏洞
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5108
CVE-2019-0801: MICROSOFT OFFICE URI HYPERLINK HIJINKS
https://www.thezdi.com/blog/2019/9/24/cve-2019-0801-microsoft-office-uri-hyperlink-hijinks
Microsoft Releases Emergency Patches for IE 0-Day and Windows Defender Flaw
https://thehackernews.com/2019/09/windows-update-zero-day.html
Microsoft: Windows 10 now on more than 900 million devices
https://www.zdnet.com/article/microsoft-windows-10-now-on-more-than-900-million-devices/#ftag=RSSbaffb68
微軟例外修補IE、Windows Defender兩重大漏洞,IE零時差漏洞已有攻擊程式
https://ithome.com.tw/news/133226
Windows 10 updates drag down software customer satisfaction scores for Microsoft: ACSI
https://www.zdnet.com/article/windows-10-updates-drag-down-software-customer-satisfaction-scores-for-microsoft-acsi/#ftag=RSSbaffb68
Microsoft releases out-of-band security update to fix IE zero-day & Defender bug
https://www.zdnet.com/article/microsoft-releases-out-of-band-security-update-to-fix-ie-zero-day-defender-bug/#ftag=RSSbaffb68
Microsoft to provide free Windows 7 updates for voting systems in 2020
https://www.zdnet.com/article/microsoft-to-provide-free-windows-7-updates-for-voting-systems-in-2020/#ftag=RSSbaffb68
This free Windows 10 upgrade offer still works. Here's why -- and how to get it
https://www.zdnet.com/article/this-free-windows-10-upgrade-offer-still-works-heres-why-and-how-to-get-it/#ftag=RSSbaffb68
Windows Defender Update Bug Breaks Quick and Full Scans
https://winbuzzer.com/2019/09/19/windows-defender-update-bug-breaks-quick-and-full-scans-xcxwbn/
IE瀏覽器爆發高危漏洞:4年來所有版本Win10均需打補丁
https://news.xfastest.com/microsoft/70006/ie-4-win10/
IE 瀏覽器存在遠程代碼執行漏洞,攻擊者可藉此控制系統
http://bit.ly/2mQWaOE
Red Hat introduces rolling release CentOS Stream
https://www.zdnet.com/article/red-hat-introduces-rolling-release-centos-stream/#ftag=RSSbaffb68
CentOS 8.0 1905 is now available for download
https://lists.centos.org/pipermail/centos/2019-September/173484.html
Privilege escalation vulnerability patched in Forcepoint VPN for Windows
https://www.zdnet.com/article/privilege-escalation-vulnerability-patched-in-forcepoint-vpn-for-windows/#ftag=RSSbaffb68
Adobe patches two critical issues with Cold Fusion
https://www.scmagazine.com/home/security-news/vulnerabilities/adobe-patches-two-critical-issues-with-cold-fusion/
13家知名品牌路由器隱藏125處漏洞,小米、華碩都中招!附125個漏洞列表
https://zhuanlan.zhihu.com/p/83942560
Grafana 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15635
Smart Battery A4 存在權限控制缺陷
https://tvn.twcert.org.tw/taiwanvn/TVN-201908003
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
開放銀行下階段…個資隱私 仍有外洩疑慮
https://udn.com/news/story/7239/4062515
解放客戶資料…開放銀行 月底登台
https://udn.com/news/story/7239/4062520
民眾反映許多機型老舊按鍵數字模糊 盼改善
http://www.ksnews.com.tw/index.php/news/contents_page/0001303122
趨勢科技:開放銀行法規PSD2存在風險
https://ec.ltn.com.tw/article/breakingnews/2925153
當 PSD2 開啟了更多扇門:開放銀行的風險
https://blog.trendmicro.com.tw/?p=62077
金融業小心!專家警告科技變革將帶來新衝擊
http://bit.ly/2lxxWca
尹衍樑談南山新系統始末 遭網友狂打臉
https://ec.ltn.com.tw/article/breakingnews/2926309
趨勢科技點出歐洲最新銀行法規,可能讓網路駭客對金融服務機構及客戶的攻擊大幅增加
http://bit.ly/2mK8uR2
ATM卡住存6萬2變2萬5 10天後在「神秘區域」找到了
https://udn.com/news/story/8864/4067543
假卡黨用ATM偷錢 原來同呢款提款卡有關
http://bit.ly/2mNi3yE
行庫動態:彰銀開放銀行藍圖大躍進,完成18支API驗證上架,實現數位生活應用
http://bit.ly/2lJQhmA
彰銀 攻開放銀行應用
https://udn.com/news/story/7239/4071057
維護金融網路安全 守護群眾金融利益
https://news.sina.com.tw/article/20190921/32726106.html
中國官方將推「數字人民幣」 交易全受政府監管 傳最快雙11登場
http://bit.ly/2lTmGXJ
小企難防網絡攻擊 6成遇「駭」沒保險
http://bit.ly/2m1gNId
香港金融管理局於9月25日發布香港招商永隆銀行有限公司發現詐騙網站
https://www.hkma.gov.hk/chi/news-and-media/press-releases/2019/09/20190925-6/
香港金融管理局於9月25日發布香港中信銀行(國際)有限公司發現詐騙網站
https://www.hkma.gov.hk/chi/news-and-media/press-releases/2019/09/20190925-5/
銀行公會改選理監事 台銀董座呂桔誠連任理事長
https://www.ettoday.net/news/20190926/1544109.htm
銀行公會108年9 月26日第13屆第1次會員代表大會新聞稿
https://www.ba.org.tw/Notice/Detail/1612
10月1日起烏茲別克斯坦ATM機將停止提取現金外幣
https://www.inform.kz/cn/10-1-atm_a3569735
手機訂房者請注意:信用卡側錄器正鎖定訂房網站
https://blog.trendmicro.com.tw/?p=62111
就像在 ATM 上安裝盜卡裝置一樣, 「Magecart」專偷線上刷卡資料
https://blog.trendmicro.com.tw/?p=61779
Magecart黑客瞄準公用Wi-Fi 免費收費都係目標
http://bit.ly/2n9vqZW
Magecart strikes again: hotel booking websites come under fire
https://www.zdnet.com/article/magecart-strikes-again-hotel-booking-websites-come-under-fire/#ftag=RSSbaffb68
Other Attackers Reuse Old Magecart Domains: Report
https://www.bankinfosecurity.com/other-attackers-reuse-old-magecart-domains-report-a-13129
Old Magecart Domains are Being Bought Up for Monetization
https://www.riskiq.com/blog/labs/magecart-reused-domains/
Magecart Group Targets Routers Behind Public Wi-Fi Networks
https://threatpost.com/magecart-group-targets-routers-behind-public-wi-fi-networks/148662/
Eight US Cities See Payment Card Data Stolen
https://www.bankinfosecurity.com/eight-us-cities-see-payment-card-data-stolen-a-13127
Second Wave of Click2Gov Breaches Hits United States
https://geminiadvisory.io/second-wave-of-click2gov-breaches-hits-united-states/
Two years later, hackers are still breaching local government payment portals
https://www.zdnet.com/article/two-years-later-hackers-are-still-breaching-local-government-payment-portals/#ftag=RSSbaffb68
Finance’s increasingly aware of the cyber threat, says France’s ANSSI
https://cyceon.com/2019/09/20/finances-increasingly-aware-of-the-cyber-threat-says-frances-anssi/
ATM card cloning gang busted in Pratapgarh
https://www.hindustantimes.com/cities/atm-card-cloning-gang-busted-in-pratapgarh/story-tgCFIvUhIuTqdB2r9dwTcM.html
Hackers looking into injecting card stealing code on routers, rather than websites
https://www.zdnet.com/article/hackers-looking-into-injecting-card-stealing-code-on-routers-rather-than-websites/#ftag=RSSbaffb68
3.電子支付/電子票證/行動支付/ pay/新聞及資安
從法令整併談電子支付競爭力
https://udn.com/news/story/7338/4066621
為了「反欺詐」 金融類App需要更多手機許可權
https://news.sina.com.tw/article/20190925/32763058.html
中國掀「刷臉支付」風潮,擬發布臉部辨識相關金融標準
https://technews.tw/2019/09/25/china-face-payment-publish-relevant-financial-standards/
全台唯一Cross-site免跳轉技術,TapPay如何讓電商掉單率減3成
https://www.bnext.com.tw/article/54860/tappay-crosssite-fintech
Zwei Drittel der Konsumenten zweifeln an Mobile Payment – Infografik
https://www.der-bank-blog.de/zweifel-mobile-payment/studien/mobile-payment-studien/37657211/
4.虛擬貨幣/區塊鍊相關新聞及資安
「證券型代幣」交易規範出爐,尺度難拿捏金管會一個頭兩個大
https://finance.technews.tw/2019/09/20/sto-rules-come-out-fsc/
不只SM!韓國這些企業也紛紛開始涉足區塊鏈領域
http://news.knowing.asia/news/3bc3a343-935d-4847-af5a-0298d0476c6e
制裁不了嗎?朝鮮官員曝正開發加密貨幣
https://www.secretchina.com/news/b5/2019/09/20/907916.html
台灣證券型代幣 STO 法規細項出爐 這樣的法律遵循成本合理嗎
https://news.cnyes.com/news/id/4384388
IBM、花旗宣布加入新加坡區塊鏈加速器 Tribe Accelerator
https://news.cnyes.com/news/id/4384291
加密貨幣新篇章,比特幣實物交割期貨正式上市
https://finance.technews.tw/2019/09/23/bitcoin-future-contract-launch/
fb狂彈麟伯賣bitcoin廣告 金管局:銀行估逾2,000客戶提供信用卡資料
https://hk.finance.appledaily.com/finance/realtime/article/20190923/60077244
實名制區塊鏈改變加密貨幣交易生態! Maxonrow即將上架KuCoin交易所
http://bit.ly/2mwvUZU
對於機構投資者來說,Bakkt的開張代表著什麼
http://news.knowing.asia/news/07fc5e31-3707-4c1f-8fe5-90b178078758
區塊鏈安全入門筆記(系列1-10完整版)
https://paper.seebug.org/973/
比特幣ATM大爆發 Bitcoin Depot明年在美安裝發破千台
https://www.ettoday.net/news/20190924/1542004.htm
Forbes:傳統金融體系和比特幣一樣脆弱
http://news.knowing.asia/news/ee5c136b-8a27-4a60-b928-497a5f0628c0
Exclusive: TalkTalk hacker also breached EtherDelta cryptocurrency exchange
https://www.zdnet.com/article/exclusive-talktalk-hacker-also-breached-etherdelta-cryptocurrency-exchange/#ftag=RSSbaffb68
Blockchain ID checks: How this startup is now verifying identities online
https://www.zdnet.com/article/blockchain-id-checks-how-this-startup-is-now-verifying-identities-online/#ftag=RSSbaffb68
Coinbase mulls over bringing Telegram to its cryptocurrency trading platform
https://www.zdnet.com/article/coinbase-mulls-over-adding-telegram-to-trading-platform/#ftag=RSSbaffb68
Singapore Bank Giant OCBC Joins JPMorgan’s Blockchain Network
https://cointelegraph.com/news/singapore-bank-giant-ocbc-joins-jpmorgans-blockchain-network
Kik messaging app binned to focus on Kin cryptocurrency court case
https://www.zdnet.com/article/kik-messaging-app-binned-to-focus-on-kin-cryptocurrency-development/#ftag=RSSbaffb68
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
惡意程式冒充知名廣告封鎖外掛 微軟等逾300網站受害
https://udn.com/news/story/7088/4062481
偽裝成股票交易軟體 Stockfolio 竊個資的 Mac 惡意應用程式
https://blog.trendmicro.com.tw/?p=62115
趨勢科技發現股票交易軟體木馬 Mac用戶小心個資遭竊
https://www.chinatimes.com/realtimenews/20190925003159-260412?chdtv
Mac用戶注意!傳木馬病毒入侵 偽裝股票交易竊取個資
https://www.setn.com/news.aspx?NewsID=608253
Mac用戶注意!惡意程式偽裝股票交易軟體竊取個資
https://www.ettoday.net/news/20190925/1543098.htm
Mac用戶注意!傳木馬病毒竊取個資
http://bit.ly/2lhe39c
Mac資安亮紅燈?惡意程式偽裝股票交易軟體竊個資
https://fnc.ebc.net.tw/FncNews/headline/100957
Phony IRS Emails Promise Refund, But Deliver Botnet Instead
https://www.bankinfosecurity.com/phony-irs-emails-promise-refund-but-deliver-botnet-instead-a-13126
New Phishing Campaign Targets U.S. Taxpayers by Dropping Amadey Botnet
https://cofense.com/new-phishing-campaign-targets-u-s-taxpayers-dropping-amadey-botnet/
Cryptocurrency Malware Group ‘Panda’ Has Amassed Nearly $100,000 in Monero
https://www.cryptoglobe.com/latest/2019/09/cryptocurrency-malware-group-panda-has-amassed-nearly-100000-in-monero/
‘Panda’ Crypto Malware Group Has Nabbed $100K in Monero Since 2018
https://www.coindesk.com/panda-crypto-malware-group-has-nabbed-100k-in-monero-since-2018
Panda Malware Group Has Pulled In $100,000 in Illicit Monero Hacking, Says Report
https://kryptomoney.com/panda-malware-group-has-pulled-in-100000-in-illicit-monero-hacking-says-report/
Swiss information security body warns of wave of “Emotet” banking trojan malware
https://financefeeds.com/swiss-information-security-body-warns-wave-emotet-banking-trojan-malware/
Emotet, a dangerous botnet spams malicious emails, “targets 66,000 unique emails for more than 30,000 domain
http://bit.ly/2ky2XfG
Emotet Trojan Evolves Since Being Reawakend, Here is What We Know
https://www.bleepingcomputer.com/news/security/emotet-trojan-evolves-since-being-reawakend-here-is-what-we-know/
Emotet Malware – An Introduction to the Banking Trojan
https://soundbytes.org/2019/09/21/emotet-malware-an-introduction-to-the-banking-trojan/
Emotet Botnet Now Using Snowden's Memoir as a Lure
https://www.bankinfosecurity.com/emotet-botnet-now-using-snowdens-memoir-as-lure-a-13142
"Emotet" antwortet selbstständig auf E-Mails
https://www.t-online.de/digital/sicherheit/id_86486698/schadsoftware-ist-zurueck-emotet-antwortet-selbststaendig-auf-e-mails.html
2019-09-19 - DATA DUMP: URSNIF, EMOTET, AND FORMBOOK INFECTIONS
https://www.malware-traffic-analysis.net/2019/09/19/index.html
2019-09-25 - DATA DUMP: EMOTET INFECTION WITH TRICKBOT IN AD ENVIRONMENT
https://www.malware-traffic-analysis.net/2019/09/25/index2.html
2019-09-25 - DATA DUMP: TRICKBOT INFECTION, GTAG ONO19
https://www.malware-traffic-analysis.net/2019/09/25/index.html
2019-09-26 - DATA DUMP: TWO URSNIF INFECTIONS
https://www.malware-traffic-analysis.net/2019/09/26/index.html
News Wrap: Emotet’s Return, U.S. Vs. Snowden, Physical Pen Testers Arrested
https://threatpost.com/news-wrap-emotets-return-u-s-vs-snowden-physical-pen-testers-arrested/148535/
Wie man Malware analysiert und dateilose Angriffe lanciert
https://www.netzwoche.ch/storys/2019-09-19/wie-man-malware-analysiert-und-dateilose-angriffe-lanciert
NEW REPORT OFFERS ANALYSIS ON THE ANTIVIRUS SOFTWARE MARKET
https://newsspaceflight.com/new-report-offers-analysis-on-the-antivirus-software-market/
2019-09-19 - DATA DUMP: URSNIF, EMOTET, AND FORMBOOK INFECTIONS
https://www.malware-traffic-analysis.net/2019/09/19/index.html
2019-09-24 - PCAP AND MALWARE FOR AN ISC DIARY (QUASAR RAT)
https://www.malware-traffic-analysis.net/2019/09/24/index.html
Meet Stop Ransomware: The Most Active Ransomware Nobody Talks About
https://www.bleepingcomputer.com/news/security/meet-stop-ransomware-the-most-active-ransomware-nobody-talks-about/
Payouts from insurance policies may fuel ransomware attacks
https://news.yahoo.com/payouts-insurance-policies-may-fuel-153100593.html
Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign
https://securityaffairs.co/wordpress/91525/malware/agent-tesla-malware-campaign.html
Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign
https://blog.yoroi.company/research/commodity-malware-reborn-the-agenttesla-total-oil-themed-campaign/
Autumn Aperture: Threat Campaign Highlights New Evasion Technique using an Antiquated File Format
https://blog.prevailion.com/2019/09/autumn-aperture-report.html
North Korean Hackers Use New Tricks in Attacks on U.S.
https://www.securityweek.com/north-korean-hackers-use-new-tricks-attacks-us
North Korean hackers employ antiquated file formats to evade detection
https://www.cybersecurity-help.cz/blog/677.html?affChecked=1
ATMDtrack – North Korean Hacker Group Attacking ATMs in India to Steal Card Details
https://bkhackers-on-security.blogspot.com/2019/09/atmdtrack-north-korean-hacker-group.html
New North Korean malware targeting ATMs spotted in India
https://www.zdnet.com/article/new-north-korean-malware-targeting-atms-spotted-in-india/#ftag=RSSbaffb68
Kaspersky: Dual-Use Dtrack Malware Linked to ATM Thefts
https://www.bankinfosecurity.com/kaspersky-dual-use-dtrack-malware-linked-to-atm-thefts-a-13144
The Lazarus Group is Using a new Banking Malware Against Indian Banks
https://www.technadu.com/lazarus-group-new-banking-malware-against-indian-banks/80747/
India's ATM malware issues traced to North Korea
https://gulfnews.com/world/asia/india/indias-atm-malware-issues-traced-to-north-korea-1.1569245535186
Dtrack RAT is Behind Virulent ATM-Espionage Campaign
https://threatpost.com/north-korea-atm-espionage-malware-dtrack/148602/
State-Backed Attackers Target US Entities with LookBack Malware
https://www.bleepingcomputer.com/news/security/state-backed-attackers-target-us-entities-with-lookback-malware/
Malicious Ad Blockers for Chrome Caught in Ad Fraud Scheme
https://threatpost.com/malicious-ad-blockers-for-chrome-caught-in-ad-fraud-scheme/148591/
Fake Ad Blockers 2: Now with Cookies and Ad Fraud
https://adguard.com/en/blog/fake-ad-blockers-part-2.html
17 US utility firms targeted by mysterious state-sponsored group
https://www.zdnet.com/article/17-us-utility-firms-targeted-by-mysterious-state-sponsored-group/#ftag=RSSbaffb68
State-Backed Attackers Target US Entities with LookBack Malware
https://www.bleepingcomputer.com/news/security/state-backed-attackers-target-us-entities-with-lookback-malware/
Malware Found Hiding in Fake Income Tax Department Emails, CERT-in Warns
https://gadgets.ndtv.com/internet/news/fake-income-department-emails-malware-hiding-cert-in-advistory-2105800
German authority reiterates warning over malware Emotet
https://www.telecompaper.com/news/german-authority-reiterates-warning-over-malware-emotet--1309405
Political targets at risk as Fancy Bear returns with refreshed backdoor malware
https://www.zdnet.com/article/political-targets-at-risk-as-fancy-bear-returns-with-refreshed-backdoor-malware/#ftag=RSSbaffb68
Russian APT Map Reveals 22,000 Connections Between 2000 Malware Samples
https://thehackernews.com/2019/09/russia-hacking-groups-map.html
Russia-Backed APT Groups Compete With Each Other: Report
https://www.bankinfosecurity.com/russia-backed-apt-groups-compete-each-other-report-a-13149
Did GandCrab Gang Fake Its Ransomware Retirement
https://www.bankinfosecurity.com/did-gandcrab-gang-fake-its-ransomware-retirement-a-13146
TFlower Ransomware Campaign
https://cyber.gc.ca/en/alerts/tflower-ransomware-campaign
Canadian Centre for Cyber Security Releases Advisory on New Ransomware Campaign
https://www.us-cert.gov/ncas/current-activity/2019/09/25/canadian-centre-cyber-security-releases-advisory-new-ransomware
Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host
https://blog.talosintelligence.com/2019/09/divergent-analysis.html
Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware
https://www.microsoft.com/security/blog/2019/09/26/bring-your-own-lolbin-multi-stage-fileless-nodersok-campaign-delivers-rare-node-js-based-malware/
Microsoft: New Nodersok malware has infected thousands of PCs
https://www.zdnet.com/article/microsoft-new-nodersok-malware-has-infected-thousands-of-pcs/#ftag=RSSbaffb68
Malware operators abuse Windows Narrator software in Asian attack wave
https://www.zdnet.com/article/malware-operators-replace-windows-narrator-software-with-trojan-in-new-wave-of-attacks/#ftag=RSSbaffb68
PcShare Backdoor Attacks Targeting Windows Users with FakeNarrator Malware
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
'Fancy Bear' Hacking Group Adds New Capabilities, Targets
https://www.bankinfosecurity.com/fancy-bear-hacking-group-adds-new-capabilities-targets-a-13150
No summer vacations for Zebrocy
https://www.welivesecurity.com/2019/09/24/no-summer-vacations-zebrocy/
Cisco: Hacking Group Targets US Veterans
https://www.bankinfosecurity.com/cisco-hacking-group-targets-us-veterans-a-13152
How Tortoiseshell created a fake veteran hiring website to host malware
https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html
B.行動安全 / iPhone / Android /穿戴裝置 /App
如何檢測手機電池是否壞掉
https://blog.trendmicro.com.tw/?p=61926
Telegram、Whatsapp訊息刪除功能涉造假?黑客爆漏洞、連兩方回應
http://bit.ly/2m0IOiA
中共如何獲取推特帳號 進行虛假宣傳
http://www.epochtimes.com/b5/19/9/20/n11535181.htm
超2000款App需整改!360專家:開發者應及時自查
http://www.ccidnet.com/2019/0921/10489080.shtml
平均每款安卓終端漏洞達21個!黑產不斷演進,智能電視也被攻擊
https://kknews.cc/tech/em2vaa4.html
iOS 13鎖屏旁路漏洞泄露聯繫人信息 | 大量安卓 VPN 惡意嵌入廣告
https://read01.com/gR44z0G.html
5G催化網絡安全投資機會下匹黑馬即將浮現
https://www.jfinfo.com/news/20190922/2409184
java 反射和反序列化破解單例模式和填補漏洞方法
https://blog.51cto.com/14437184/2440143
app暗藏追蹤程式 網購類最高危
http://paper.wenweipo.com/2019/09/23/YO1909230018.htm
華為Mate30 Pro被外國大神破解:可以裝Google全家餐
https://applealmond.com/posts/59069
Check Point Research揭露Android手机安全性漏洞
http://gb-www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000568584_P176MAFP77ELXF53MRLZZ#ixzz60JBLaVsy
安卓用戶注意!知名「掃描軟體」驚傳內藏木馬程式 百萬用戶重招了
https://cnews.com.tw/134190922a02/
谷歌急下架!手機狂掉電、廣告狂跳?小心載到這2款APP
https://www.setn.com/News.aspx?NewsID=607107
中美鬥法 華為 蘋果新機對撼
http://bit.ly/2m6QwaM
中國黑客疑用蘋果漏洞 入侵流亡西藏人手機通訊
https://hk.on.cc/hk/bkn/cnt/cnnews/20190925/bkn-20190925150016184-0925_00952_001.html
疑似中國黑客入侵西藏人手機通訊
https://www.voacantonese.com/a/Chinese-Hackers-Who-Pursued-Uighurs-Also-Targeted-Tibetans-20190924/5096230.html
不只維吾爾人! 報告:中共駭客鑽IPHONE漏洞攻擊流亡藏人
https://www.bannedbook.org/bnews/zh-tw/cbnews/20190925/1197001.html
加大學研究:疑中國黑客用蘋果手機漏洞 入侵流亡西藏人手機通訊
http://bit.ly/2nhrN4d
5G企業專網 立委有異見
https://money.udn.com/money/story/5612/4064491
iPhone藍牙恐「外洩定位」 iOS 13警示大開!全APP須用戶同意才能開啟
https://www.ettoday.net/news/20190925/1542472.htm
iOS13災情多!信用卡個資被看光
http://bit.ly/2nipZYM
別更新!iOS13再傳定位外洩bug 蘋果急推新版滅火
https://fnc.ebc.net.tw/FncNews/tech/100798
IG用戶注意:侵權警告信件可能是網釣攻擊
https://ithome.com.tw/news/133257
大量 Instagram 釣魚郵件,藉侵權為由騙取帳號控制權
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=928
YouTube 大量用戶帳號遭劫持,創作者哀鴻遍野
https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=914
小心!Telegram 群人肉搜索個資 北京辨識示威者
http://m.secretchina.com/news/b5/2019/09/27/908644.html
1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp
https://thehackernews.com/2019/09/iphone-android-hacking-tibet.html
Google removes Android apps caught grossly overcharging users for basic features
https://www.zdnet.com/article/google-removes-android-apps-caught-grossly-overcharging-users-for-basic-features/#ftag=RSSbaffb68
Chameleon gambling apps wiped from App Store, Google Play
https://www.zdnet.com/article/chameleon-gambling-apps-wiped-from-ios-store-google-play/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
2019上半年 全球惡意網址威脅高達4.9億次
https://money.udn.com/money/story/5613/4059461
駭客入侵Google Nest 情侶慘遭惡作劇
http://bit.ly/2lQtxBg
TANET研討會 聚焦5大主軸
https://news.sina.com.tw/article/20190925/32768866.html
育碧起身對抗DDoS和DoS攻擊者
http://bit.ly/2l22l28
研究:美國前500大企業6成被駭客入侵
http://bit.ly/2nEp6tK
空巴供應商遭駭客攻擊 安全人士疑與中國有關
https://www.rti.org.tw/news/view/id/2035768
開發人員集訓中心Thinkful遭駭,重設所有用戶密碼
https://ithome.com.tw/news/133199
民眾黨官網被駭7天後重新上線 強調加強安全防護
https://news.ltn.com.tw/news/politics/breakingnews/2924049
TANET 2019臺灣網際網路研討會 駭客與防禦者互相攻防
https://udn.com/news/story/7327/4067746
華為再遇挫 遭國際資安組織暫停會員資格
https://www.setn.com/News.aspx?NewsID=605390
現有海康威視監視器 中山大:資安無虞
https://living.taronews.tw/2019/09/20/471782/
中國「天眼」系統 2020 前全面監控澳門,台灣卻還在使用中國製監視器
https://buzzorange.com/techorange/2019/09/23/macau-surveillance-2020/
網路安全產業前景廣闊網安人才走俏
http://news.stcn.com/2019/0922/15401675.shtml
快速打造企業級資安防禦的新指南
https://www.ithome.com.tw/voice/133166
【快速認識NIST網路安全框架】從五大構面評估企業資安防禦現況與目標
https://www.ithome.com.tw/news/133170
專家大推的NIST網路安全框架規畫工具
https://www.ithome.com.tw/news/133171
【NIST CSF導入關鍵】7步驟打造整體安全防護網,從盤點現況與成熟度評估著手
https://www.ithome.com.tw/news/133172
NIST網路安全框架當紅
https://www.ithome.com.tw/article/133173
第二屆全國中學生網絡安全競賽決賽在西安電子科技大學舉行
http://news.xiancn.com/content/2019-09/21/content_3501494.htm
中國大陸800餘萬重慶人參與2019年重慶市網絡安全宣傳周活動
http://news.cbg.cn/hotnews/2019/0926/11330957.shtml
中國大陸成都兩支隊伍闖入2019年工業信息安全技能大賽決賽
https://news.sina.com.cn/c/2019-09-26/doc-iicezzrq8501668.shtml
中國科大在量子密鑰分發實際安全性研究方面取得新進展
https://news.sina.com.cn/o/2019-09-23/doc-iicezueu7890259.shtml
中國大陸湖北“淨網2019”專項行動破案3624起下架APP2092個
http://news.xmnn.cn/xmnn/2019/09/20/100601559.shtml
中國大陸成都打擊處置違法網民80餘人次淨化網絡環境
https://finance.jrj.com.cn/2019/09/21161728163090.shtml
中國大陸貴州開展網站專項整治工作
https://tech.sina.com.cn/roll/2019-09-23/doc-iicezueu7728143.shtml
中俄網路行為不端 27國簽署網路安全聲明
http://www.secretchina.com/news/b5/2019/09/25/908417.html?code=b5
27國簽署聯合聲明 暗批中共網絡行為不端
https://www.ntdtv.com/b5/2019/09/25/a102672318.html
27國簽署網絡安全聲明 暗批中俄網絡行為不端
http://chinese.efreenews.com/a/27guoqianshuwangluoanquanshengming-anpizhongewangluohengweifouduan
美眾議院擬撥10億美元 援助電信業者汰換華為
https://news.cnyes.com/news/id/4386407
中國頻頻竊取美企商業機密 美國官員:企業應做好防備
https://ec.ltn.com.tw/article/breakingnews/2924201
美司法部:中國國家支持偷竊技術 美企應加強防範
https://news.cnyes.com/news/id/4385473
美國空軍將重金懸賞黑客排查軌道衛星系統漏洞
http://www.360.cn/n/11088.html
台灣已進入準戰爭狀態? 中國資訊戰操作對立手法曝光
https://news.ltn.com.tw/news/politics/breakingnews/2921283
網路駭客戰 台美合作演練
https://udn.com/news/story/11311/4062695
台美首聯合網攻演練 15國黑客攻台尋漏洞
http://bit.ly/2kzdTJY
台美11月舉行網絡攻防演習
https://news.now.com/home/international/player?newsId=363640
台美首聯合網攻演練 15國黑客攻台尋漏洞
http://bit.ly/2kzdTJY
15國資安團隊實兵演練進攻政府網路!「大規模網路攻防演練」強化台灣資安
https://www.storm.mg/article/1740947
【歐美 15 國網軍將攻台 5 天】台美首度合作「網路攻防演練」!「假同事」將傳訊息測台官員是否中招
https://buzzorange.com/2019/09/23/15-countries-cyberwarfare-units-will-test-taiwan/
台美首度網路攻防演練 15國網軍11月測試台灣資安
https://times.hinet.net/news/22570520
台美首聯合網攻演練 15國黑客攻台尋漏洞
http://bit.ly/2kzdTJY
台灣不是資訊戰唯一受害者!學者江雅綺舉德、法、美政府反制假資訊對策
https://musou.watchout.tw/read/wdGej8t2lfmHFErpHHcg
北美公用事業帳單入口網站系統Click2Gov二度被駭客鎖定
https://www.ithome.com.tw/news/133200
國家級駭客鎖定美國的公用事業服務供應商展開魚叉式網釣攻擊
https://www.ithome.com.tw/news/133252
沙國遭攻擊 區內網戰將更激烈
https://m.ctee.com.tw/livenews/gj/a98601002019092220584235?area=
捷克政府機關遇網攻 情報單位控中國幕後黑手
https://money.udn.com/money/story/5599/4069542
捷克政府機關遇網攻 情報單位控中共是幕後黑手
https://www.ydn.com.tw/News/354110
日本海事協會建立跨單位網路資安小組
https://m.ctee.com.tw/livenews/aj/a98623002019092315074036
US military veterans targeted by Iranian state hackers
https://www.zdnet.com/article/us-military-veterans-targeted-by-iranian-state-hackers/#ftag=RSSbaffb68
Russian state hackers rarely share code with one another
https://www.zdnet.com/article/russian-state-hackers-rarely-share-code-with-one-another/#ftag=RSSbaffb68
Report: FBI Subpoenaed Data From Banks, Credit Agencies
https://www.bankinfosecurity.com/report-fbi-subpoenaed-data-from-banks-credit-agencies-a-13130
'Carpet-bombing' DDoS attack takes down South African ISP for an entire day
https://www.zdnet.com/article/carpet-bombing-ddos-attack-takes-down-south-african-isp-for-an-entire-day/#ftag=RSSbaffb68
NEW DDOS VECTOR OBSERVED IN THE WILD: WSD ATTACKS HITTING 35/GBPS
https://blogs.akamai.com/sitr/2019/09/new-ddos-vector-observed-in-the-wild-wsd-attacks-hitting-35gbps.html
Accused JPMorgan Chase Hacker Plans to Plead Guilty
https://www.bankinfosecurity.com/jpmorgan-chases-accused-hacker-plans-to-plead-guilty-a-13128
Analysis: Fallout From the Snowden Memoir
https://www.bankinfosecurity.com/interviews/analysis-fallout-from-snowden-memoir-i-4449
Report: UK Universities Vulnerable to Cyberattacks
https://www.bankinfosecurity.eu/report-uk-universities-vulnerable-to-cyberattacks-a-13132
Fortinet leading the fight against cybercriminals
https://www.scotsman.com/business/fortinet-leading-the-fight-against-cybercriminals-1-5007569
99 percent of all misconfigurations in the public cloud go unreported
https://www.zdnet.com/article/99-percent-of-all-misconfiguration-in-the-public-cloud-go-unreported/#ftag=RSSbaffb68
Dear network operators, please use the existing tools to fix security
https://www.zdnet.com/article/dear-network-operators-please-use-the-existing-tools-to-fix-security/#ftag=RSSbaffb68
FedEx execs: We had no idea cyberattack would be so bad. Investors: Is that why you sold $40m+ of your own shares
https://www.theregister.co.uk/2019/09/19/fedex_execs_sued/
Cyber Crime & Cyber Security
https://isc2central.blogspot.com/2019/09/cybercrimeandcybersecurity.html
SQL Attacks are a piece of Cake for Hackers – and the Risk to Firms is High
https://www.cbronline.com/feature/sql-attacks
Avid Users Are Suddenly Finding That Their Macs Won’t Boot
https://www.bleepingcomputer.com/news/software/avid-users-are-suddenly-finding-that-their-macs-won-t-boot/
JPMorgan Chase's Russian Hacker Pleads Guilty
https://www.bankinfosecurity.com/jpmorgan-chases-russian-hacker-pleads-guilty-a-13138
'Carpet-bombing' DDoS attack takes down South African ISP for an entire day
https://www.zdnet.com/article/carpet-bombing-ddos-attack-takes-down-south-african-isp-for-an-entire-day/#ftag=RSSbaffb68
International traffic - DDoS - Cool Ideas
https://coolzone.cisp.co.za/announcements.php?announcement=2038-international-traffic-ddos-cool-ideas
NIST to Finalize Privacy Framework Soon
https://www.bankinfosecurity.com/nist-to-finalize-privacy-framework-soon-a-13147
AT&T redirected pen-test payloads to the FBI's Tips portal
https://www.zdnet.com/article/at-t-redirected-pen-test-payloads-to-the-fbis-tips-portal/#ftag=RSSbaffb68
【資安所】Security Researcher(資安研究員)
https://www.104.com.tw/job/6qnvk?jobsource=keyword2Keyword
ASP網頁程式設計-資安工程師(找漏洞及除bug)
https://myptt.cc/article/Soft_Job/M.1229939985.A.D5B
資訊安全人員
https://www.104.com.tw/job/6qh85
行政管理師
https://www.104.com.tw/job/6qtkd
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
駭客怎麼騙你的? 趨勢科技快閃店演給你看
https://ec.ltn.com.tw/article/breakingnews/2922033
買網拍要注意!網購平台個資外洩 2女遭「假客服」詐3萬元
https://www.ettoday.net/news/20190921/1540276.htm
烏龍詐團給錯銀行帳戶 8年級美眉不能匯款仍被騙
https://udn.com/news/story/7315/4060819
8年級妙齡女被假客服騙 年度5大高風險網購平台
https://news.ltn.com.tw/news/Taipei/breakingnews/2922607
美妝賣場疑個資外洩 無良詐團專騙8年級美眉
https://www.chinatimes.com/realtimenews/20190921002173-260402?chdtv
詐騙集團盜用臉書LINE帳號詐財 警1天內逮獲車手、幹部3人
https://www.ettoday.net/news/20190920/1539914.htm
澳門女子墮入“情網”被“愛郎”騙768萬人民幣
http://www.hkcna.hk/content/2019/0920/785546.shtml
男子利用漏洞操控67萬台計算機信息詐騙獲利600萬
https://news.163.com/19/0921/03/EPIM565B0001899O.html
新加坡個資外洩罰款飆增 今年來達94萬美元
https://money.udn.com/money/story/5602/4062656
為什麼我們被網絡釣魚攻擊所吸引
https://betanews.com/2019/09/24/hooked-by-phishing-attacks/
批大學推動「人臉辨識」侵犯學生個資 人本執行長:再多說法都不能改變「監控」的本質
https://www.storm.mg/article/1757090
看到有人操作ATM離開...機器竟吐鈔! 她爽拿1萬4挨告
https://www.ettoday.net/news/20190926/1543671.htm
警方偵破花、北、高電信詐騙集團
https://newtalk.tw/news/view/2019-09-26/303405
租花蓮民宅當機房 詐團16人被逮
http://www.ksnews.com.tw/index.php/news/contents_page/0001304570
「帳戶遭凍結」! 中華電信前董座遭詐167萬
https://news.tvbs.com.tw/local/1206726
美國外賣服務DoorDash數據洩露:影響490萬人
https://www.cnbeta.com/articles/tech/893869.htm
BRT呼籲美國儘快立法保護消費者資料
https://www.nccst.nat.gov.tw/NewsRSSDetail.aspx?lang=zh&RSSType=news&seq=16296
商業詐騙攻擊日益猖獗
https://www.nccst.nat.gov.tw/NewsRSSDetail.aspx?lang=zh&RSSType=news&seq=16295
「尋找我的 iPhone」卻找到釣魚網站,導致 Apple 登入憑證被盜
https://blog.trendmicro.com.tw/?p=61917
垃圾信夾帶山寨新聞網站連結,引導至虛擬貨幣交易詐騙網站
https://blog.trendmicro.com.tw/?p=62015
Bulgarian Man Sentenced for Massive Phishing Scheme
https://www.bankinfosecurity.com/bulgarian-man-sentenced-for-massive-phishing-scheme-a-13135
AWS says servers secure following Malindo Air data breach
https://www.zdnet.com/article/aws-says-servers-secure-following-malindo-air-data-breach/#ftag=RSSbaffb68
Mobile Phishing – Gefahr für Nutzer und Unternehmen
https://www.ip-insider.de/mobile-phishing-gefahr-fuer-nutzer-und-unternehmen-a-863767/
Phishing email in garb of I-T dept lurking in Indian cyberspace: Advisory
https://economictimes.indiatimes.com/tech/internet/phishing-email-in-garb-of-i-t-dept-lurking-in-indian-cyberspace-advisory/articleshow/71244005.cms
Study shows that majority of second-hand hard drives contain previous owner’s data
https://www.zdnet.com/article/study-shows-that-majority-of-second-hand-hard-drives-contain-previous-owners-data/
Malindo Air Blames Data Leak on Third-Party Supplier
https://www.bankinfosecurity.asia/malindo-air-blames-data-leak-on-third-party-supplier-a-13137
‘Delete immediately’: Convincing Netflix scam takes your card details
https://au.finance.yahoo.com/news/dont-click-on-this-netflix-scam-001715461.html
Heyyo dating app leaked users' personal data, photos, location, more
https://www.zdnet.com/article/heyyo-dating-app-leaked-users-personal-data-photos-location-data-more/#ftag=RSSbaffb68
E.研究報告
滲透測試流程關於文件上傳漏洞的檢測與修復過程
https://cloud.tencent.com/developer/article/1509827
個案分析-勒索病毒GoGaLocker攻擊事件分析報告_10809
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019092702094545603639826586556.pdf
CVE-2019-12922:phpMyAdmin 0 Day 漏洞
https://www.chainnews.com/articles/824370151698.htm
Windows遠程桌面服務漏洞(CVE-2019-0708)復現測試
https://www.4hou.com/vulnerable/20422.html
CVE-2018-6924:解析FreeBSD ELF 頭導致內核內存洩露
https://www.freebuf.com/vuls/213345.html
Microsoft Edge瀏覽器的Universal XSS漏洞分析(CVE-2019-1030)
https://www.4hou.com/info/news/20307.html
Mondoo:雲本土安全和漏洞風險管理系統
https://www.freebuf.com/sectool/213651.html
泛微OA管理系統RCE漏洞利用腳本
https://www.xj.hk/thread-3330.htm
【漏洞復現】 CVE-2019-14540遠程代碼執行漏洞分析&復現
https://mp.weixin.qq.com/s/D2-gTqfMfx_fs8usi77QPQ
Forcepoint VPN的客戶端曝出權限提升漏洞
https://nosec.org/home/detail/2983.html
對WebLogic漏洞及補丁的分析
https://www.anquanke.com/post/id/186812
滲透測試網站安全基礎點講解
https://www.admin5.com/article/20190923/925996.shtml
CVE-2019-5475:Nexus2 yum插件RCE漏洞復現
https://www.icode9.com/content-3-463516.html
phpMyAdmin爆出安全漏洞,跨站點請求偽造,附帶解決方案
http://www.safebase.cn/article-258604-1.html
VS下EXE可執行文件啟動代碼剖析(5)使用動態運行庫的EXE
https://blog.csdn.net/wangpengk7788/article/details/53999213
Jenkins插件漏洞分析
https://www.freebuf.com/vuls/213085.html
Jenkins Git client 插件命令執行漏洞(CVE-2019-10392)
https://www.chainnews.com/articles/442462553660.htm
Thinkphp反序列化利用鏈深入分析
https://paper.seebug.org/1040/
phpStudy 隱藏後門[漏洞插件編寫]
https://www.chainnews.com/articles/576921738649.htm
應用安全- 端口漏洞整理
https://www.cnblogs.com/nul1/p/11584058.html
利用Python腳本實現漏洞情報監控與通知的經驗分享
https://zhuanlan.zhihu.com/p/84074544
CVE-2019-0232-ApacheTomca遠程執行代碼漏洞復現
https://cloud.tencent.com/developer/article/1512468
網站滲透測試詳細檢測方法
https://www.admin5.com/article/20190925/926538.shtml
CVE-2019-12922:phpMyAdmin 0 Day漏洞
https://blog.pumo.com.tw/archives/1103
隨機數之殤——EOS 新型隨機數攻擊手法細節分析
https://paper.seebug.org/1042/
CVE-2019-1663 Cisco 的多個低端設備的堆棧緩衝區溢出漏洞分析
https://paper.seebug.org/1039/
D-Link DIR-816 A2路由器安全研究分享
https://paper.seebug.org/1036/
BlueKeep Exploit Analysis
https://paper.seebug.org/1038/
Microsoft Office中URI劫持漏洞所導致的目錄穿越
https://www.freebuf.com/column/215456.html
使用Ghidra 對iOS 應用進行msgSend 分析
https://paper.seebug.org/1037/
Reversing Cisco IOS Raw Binary Firmware Images with Ghidra
https://gist.github.com/nstarke/ed0aba2c882b8b3078747a567ee00520
JohnTroony/HUAWEI_MOBILE_WIFI
https://github.com/JohnTroony/HUAWEI_MOBILE_WIFI
The Zeek Network Security Monitor
https://github.com/zeek/zeek
Security Threat Intelligence Solutions Market Growth Sales Revenue Analysis 2019-2027
https://bestmarketherald.com/security-threat-intelligence-solutions-market-growth-sales-revenue-analysis-2019-2027/
Talos Reveals Panda Crypto Malware Group’s Scoop Of $100K in Monero Since 2018
https://www.cryptonewsz.com/talos-reveals-panda-crypto-malware-groups-scoop-of-100k-in-monero-since-2018/43422/
Crack WPA/WPA2 Wi-Fi Routers with Aircrack-ng and Hashcat by Brannon Dorsey
https://hakin9.org/crack-wpa-wpa2-wi-fi-routers-with-aircrack-ng-and-hashcat/
Andromeda - Interactive Reverse Engineering Tool for Android Applications
https://github.com/secrary/Andromeda
OWASP API Security Project
https://www.owasp.org/index.php/OWASP_API_Security_Project
Extract the secret keys from android application
https://github.com/ShapManasick/SecretumDroid
Security: HTTP Smuggling, Apache Traffic Server
https://regilero.github.io/english/security/2019/10/17/security_apache_traffic_server_http_smuggling/
Security: HTTP Smuggling, Jetty
https://regilero.github.io/english/security/2019/04/24/security_jetty_http_smuggling/
Rise of RDP as a target vector
https://www.helpnetsecurity.com/2019/09/25/rdp-target-vector/
BurpSuite-Extender-phpStudy-Backdoor-Scanner
https://github.com/gh0stkey/BurpSuite-Extender-phpStudy-Backdoor-Scanner
Easy Trick to Upload a Web Shell and Bypass AV Products
https://blog.offensivebits.ae/easy-trick-to-upload-webshell-bypass-av/
webshell/fuzzdb-webshell
https://github.com/tennc/webshell/tree/master/fuzzdb-webshell
F.商業
中華電信HiNet資安艦隊出航 CISCO Firepower 2100為企業打造新世代防火牆
https://www.cw.com.tw/article/article.action?id=5097000
深耕物聯網資安防護領域,研華(2395)與Acronis簽訂全球經銷協議
http://bit.ly/2mb9sFV
安碁資訊擁兩大成長引擎 估10月下旬掛牌上櫃
https://udn.com/news/story/7251/4070504
Azure Sentinel, Microsoft's cloud-based SIEM, hits general availability
https://www.zdnet.com/article/azure-sentinel-microsofts-cloud-based-siem-hits-general-availability/#ftag=RSSbaffb68
Two Widely Used Ad Blocker Extensions for Chrome Caught in Ad Fraud Scheme
https://thehackernews.com/2019/09/browser-chrome-extension-adblock.html
Microsoft to add more AI-infused apps and features to Dynamics 365
https://www.zdnet.com/article/microsoft-to-add-more-ai-infused-apps-and-features-to-dynamics-365/#ftag=RSSbaffb68
Cynet 360: The Next Generation of EDR
https://thehackernews.com/2019/09/cynet-endpoint-detection-response.html
Cloudflare, Google Chrome, and Firefox add HTTP/3 support
https://www.zdnet.com/article/cloudflare-google-chrome-and-firefox-add-http3-support/#ftag=RSSbaffb68
G.政府
中科院舉辦神盾盃網路奪旗競賽 發掘資訊菁英共維國家安全
http://n.yam.com/Article/20190921578952
【神盾盃網路奪旗賽】考驗臨場反應 團隊分工奪佳績
https://www.ydn.com.tw/News/353488
中科院舉辦神盾盃網路奪旗競賽 發掘資訊菁英共維國家安全
https://mna.gpwb.gov.tw/post.php?id=12&message=96439&print
神盾盃網路奪旗賽 中科院自行研發競技場登場
https://money.udn.com/money/story/5640/4061106
徐國勇:新式數位身分證 絕對無法被追蹤、主動發訊
https://udn.com/news/story/7240/4066966?from=udn-ch1_breaknews-1-cate6-news
徐國勇:數位身分證所有標案排除中資廠商
https://money.udn.com/money/story/7307/4067177
防資安風險 鄭秀玲:「數位身分證」先小規模發行測試
https://www.peoplenews.tw/news/1a22f2e0-ef2a-4c2a-8149-868d2cbe60a2
沒有資安疑慮嗎?徐永明:「身分證換發規劃案」得標公司代表人是中國執業律師
https://www.peoplenews.tw/news/b3d5f4d7-6f15-4e86-a5d7-adfed916cbac
行政院派員抵縣府實地稽核資安
https://www.kinmen.gov.tw/News_Content2.aspx?n=98E3CA7358C89100&sms=BF7D6D478B935644&s=9A2E5BFC79A04CC4
勞動部聯手TibaMe全額補助培育AI工程師
https://money.udn.com/money/story/5635/4067898
調查站防制假訊息及資安宣導 榮家互動熱絡發言踴躍
https://www.peopo.org/news/423797
證基會開班 培育金融科技人才
https://money.udn.com/money/story/5635/4066405
國防部最常被駭的不是軍情局?竟是這單位
https://www.chinatimes.com/realtimenews/20190925002030-260417?chdtv
H.ICS/SCADA 工控系統
國際半導體展首度談資安,工作小組揭露推動資安標準現況
https://ithome.com.tw/news/133168
台灣半導體.資安跨界合作 推SECPAAS資安整合服務平台
http://bit.ly/2m4U4L2
醫療儀器易受網路攻擊 如何保障病人私隱
http://bit.ly/2myY0UA
advantech -- webaccess
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13550
advantech -- webaccess
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13558
schneider-electric -- bmxnor0200h_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6813
schneider-electric -- modicon_premium_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6809
schneider-electric -- modicon_premium_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6828
siemens -- sinema_remote_connect_server
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13918
6 Best Practices for Performing Physical Penetration Tests
https://www.darkreading.com/risk/6-best-practices-for-performing-physical-penetration-tests/a/d-id/1335871
I.教育訓練
『 Day 1 』前言 & 期許
https://ithelp.ithome.com.tw/articles/10215273
『 Day 2 』認識 CTF
https://ithelp.ithome.com.tw/articles/10215497
『 Day 3 』Web Security - 認識 OWASP & A1 . Injection
https://ithelp.ithome.com.tw/articles/10215507
『 Day 4 』Web Security - A2 . 無效的身份認證
https://ithelp.ithome.com.tw/articles/10216226
『 Day 5 』Web Security - A3 . 敏感資料外洩
https://ithelp.ithome.com.tw/articles/10218540
『 Day 6 』Web Security - A4 . XML External Entity ( XXE )
https://ithelp.ithome.com.tw/articles/10218939
『 Day 7 』Web Security - A5 . Broken Access Control
https://ithelp.ithome.com.tw/articles/10219428
『 Day 8 』Web Security - A6 . Security Misconfiguration
https://ithelp.ithome.com.tw/articles/10219943
『 Day 9 』Web Security - A7 . Cross-Site Scripting (XSS) - 上篇
https://ithelp.ithome.com.tw/articles/10218476
『 Day 10 』Web Security - A7 . Cross-Site Scripting (XSS) - 下篇
https://ithelp.ithome.com.tw/articles/10220667
『 Day 11』Web Security - A8 . 反序列化漏洞
https://ithelp.ithome.com.tw/articles/10218773
[駭客工具 Day17] SQL Injection漏洞利用 - sqlmap
https://ithelp.ithome.com.tw/articles/10217184
[駭客工具 Day18] windows密碼獲取神器 - mimikatz
https://ithelp.ithome.com.tw/articles/10217688
[駭客工具 Day19] web安全測試2 - OWASP ZAP
https://ithelp.ithome.com.tw/articles/10218306
[駭客工具 Day20] Wi-Fi密碼破解 - Aircrack-ng
https://ithelp.ithome.com.tw/articles/10218774
[駭客工具 Day21] 隱匿行蹤的瀏覽器 - Tor
https://ithelp.ithome.com.tw/articles/10219181
[駭客工具 Day22] 密碼HASH值破解 - John the Ripper
https://ithelp.ithome.com.tw/articles/10219768
[駭客工具 Day23] DDoS攻擊 - LOIC
https://ithelp.ithome.com.tw/articles/10220236
[駭客工具 Day24] 惡意檔案分析網站 - VirusTotal
https://ithelp.ithome.com.tw/articles/10220843
[駭客工具 Day25] CTF Exploit的Python library - pwntools
https://ithelp.ithome.com.tw/articles/10221189
[Day 09]資安百物語-第四談:用都市傳說「扭來扭去」理解RFID(中)
https://ithelp.ithome.com.tw/articles/10220668
那個夜裡的資安-17(mod_security)
https://ithelp.ithome.com.tw/articles/10219411
那個夜裡的資安-18(Log)
https://ithelp.ithome.com.tw/articles/10219897
那個夜裡的資安-19(log in tmp or run)
https://ithelp.ithome.com.tw/articles/10220401
那個夜裡的資安-20(Linux Streams)
https://ithelp.ithome.com.tw/articles/10220882
那些年我們一起追的資安影集與電影: 序
https://ithelp.ithome.com.tw/articles/10215959
那些年我們一起追的資安影集與電影 : Day 1
https://ithelp.ithome.com.tw/articles/10216592
那些年我們一起追的資安影集與電影 : Day 2
https://ithelp.ithome.com.tw/articles/10217018
那些年我們一起追的資安影集與電影 : Day 3
https://ithelp.ithome.com.tw/articles/10217693
那些年我們一起追的資安影集與電影 : Day 4
https://ithelp.ithome.com.tw/articles/10218199
那些年我們一起追的資安影集與電影 : Day 6
https://ithelp.ithome.com.tw/articles/10219214
資安戰爭 三十六計之第5計:趁火打劫
https://ithelp.ithome.com.tw/articles/10218450
資安戰爭 三十六計之第6計:聲東擊西
https://ithelp.ithome.com.tw/articles/10218954
十一、雲端資訊安全(二)
https://ithelp.ithome.com.tw/articles/10221342
[Day 05]資安百物語:第二談:現代飛頭蠻的反制法-反無人機技術(下)
https://ithelp.ithome.com.tw/articles/10218551
0x00 Basics of Reverse Engineering: Stack
https://medium.com/@Flying_glasses/0x00-basics-of-reverse-engineering-stack-99bebf865359
NetCat & Cache Level Attacks Explained
https://medium.com/@Flying_glasses/netcat-cache-level-attacks-explained-af9ce2fd47ca
Retrieving Files from memory dump
https://medium.com/@Flying_glasses/retrieving-files-from-memory-dump-34d9fa573033
TOP Linux utilities for Reverse Engineering
https://medium.com/@Flying_glasses/top-linux-utilities-for-reverse-engineering-b8d1a66ff059
Emotet Memory dump analysis: Part 1 (Detecting malicious processes)
https://medium.com/@Flying_glasses/emotet-memory-dump-analysis-part-1-detecting-malicious-processes-d84c468dff4b
Dynamic Analysis of Watchdog spyware
https://medium.com/@Flying_glasses/dynamic-analysis-of-watchdog-spyware-58304f6bc20a
Top 5 ways to detect malicious file manually
https://medium.com/@Flying_glasses/top-5-ways-to-detect-malicious-file-manually-d02744f7c43a
Dynamic malware analysis : LAB setup
https://medium.com/@Flying_glasses/dynamic-malware-analysis-lab-setup-613075f9423f
Entropy Analysis : A critical test for malware's.
https://medium.com/@Flying_glasses/entropy-analysis-a-critical-test-for-malwares-69939f5b8b1
Basic Static Malware analysis : PE viewer, Depnd walker & DIE.
https://medium.com/@Flying_glasses/basic-static-malware-analysis-pe-viewer-depnd-walker-die-f400dde2d9a9
Mobile Security Pentest Kali Linux
https://www.youtube.com/watch?v=SvQyNwjIqLg
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
2013年來物聯網設備安全漏洞翻一番
http://www.360.cn/n/11107.html
如何解決嵌入式物聯網設計的6大安全挑戰
https://www.eettaiwan.com/download/Renesas_WP_TC_201910
《IOT 物聯網》預設密碼讓60萬台GPS追蹤裝置陷入危險
https://blog.trendmicro.com.tw/?p=62065
Zira launches industrial IoT platform with data integration, marketplace, and AI-driven process automation
https://www.zdnet.com/article/zira-launches-industrial-iot-platform-with-data-integration-marketplace-and-ai-driven-process-automation/#ftag=RSSbaffb68
6.近期資安活動及研討會
HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
https://www.accupass.com/event/1906050355291064968019
交通大學亥客書院-B022:基礎網頁安全與滲透測試 9/28
https://hackercollege.nctu.edu.tw/?p=1084
【Flutter Brunch】: 一起來交流 Flutter 技術 9/28
https://www.meetup.com/Women-Who-Code-Taipei/events/264801570/
WTM Networking - UXers' Breakfast #3 9/28
https://www.meetup.com/GDGTaipei/events/264719986/
JavaScript Developer Conference-2019 2019-09-28(六) 09:30 ~ 2019-10-26(六) 17:30 (GMT+8)
https://www.accupass.com/event/1907081509101081922774
AI/BigData技能養成系列課程-資料工程實務應用精鍊假日班(確定開課) 9/28 ~ 10/6
https://www.accupass.com/event/1908010601311553672560
亞洲‧矽谷學院108年免費認證考試 9/29
https://college.asvda.org.tw/
NSPA實作課程(假日班)報名表 9/29
https://docs.google.com/forms/d/e/1FAIpQLSf6g7LmwAk_T6RFCaZL3dvgxjS9qlMrHlLtkXDC-nqNza_V9w/viewform
軟體安全測試實務 9/29
https://www.sce.pccu.edu.tw/event/chtweb/index.html
2019 NASA黑客松賽前技術分享[Microsoft]_Azure 雲端運算與認知識別服務 10/1
https://www.facebook.com/events/421753888461417/
技職校院物聯網創新應用賽 10/1 受理報名
https://iot2gather.ntust.edu.tw/
Gnss海面反射訊號之技術及應用 10/1
https://www.facebook.com/events/384731849123773/
GovernmentWare Conference & Exhibition 10/1
https://infosec-conferences.com/events-in-2019/govware/
Cyber City Conference 10/1
https://infosec-conferences.com/events-in-2019/cyber-city-conference/
GDG DevFest Taipei 2019 10/1
https://www.meetup.com/GDGTaipei/events/263142255/
IEEE International Symposium on Reliable Distributed Systems (SRDS) 10/1 ~ 10/4
https://infosec-conferences.com/events-in-2019/srds/
Nasa黑客松,太空中心能幫你什麼 10/2
https://www.facebook.com/events/390573691633383/
108 年「先進製造 AI 與物聯網資安實務應用研討會」 10/3
https://seminars.tca.org.tw/D15e02340.aspx
Wisdom of Crowds Dubai 10/3
https://infosec-conferences.com/events-in-2019/wisdom-of-crowds-dubai/
工業物聯網資安檢測與防護策略 10/4
https://ievents.iii.org.tw/EventS.aspx?t=0&id=661
我們與資安的距離 10/5
https://hackersir.kktix.cc/events/20191005
安全程式碼撰寫基礎 10/6
https://www.sce.pccu.edu.tw/event/chtweb/index.html
SecTor Security Conference 10/7
https://infosec-conferences.com/events-in-2019/sector-security-conference/
Australian Cyber Conference 2019 10/7
https://infosec-conferences.com/events-in-2019/australian-cyber-conference/
XRY Certification 教育訓練 10/7 ~ 10/8
https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=38
Unleashing Cyber Security 10/7 ~ 10/8
https://infosec-conferences.com/events-in-2019/unleashing-cyber-security/
資安檢核核心技術及進階技術研討會 10月7日至10月9日
http://bit.ly/2TN2UtD
2019年台灣資安通報應變年會 10/8
https://www.informationsecurity.com.tw/Seminar/ISevent20191008/
Cloud Native Forum 2019 10/9
https://www.meetup.com/Cloud-Native-Taipei-User-Group/events/264613646/
BSides Delhi 10/11
https://infosec-conferences.com/events-in-2019/bsides-delhi/
HITB+ CYBER WEEK 2019/10/12 ~17
https://d2p.hitb.org/
白帽駭客體驗實作 10/13
https://www.sce.pccu.edu.tw/event/chtweb/index.html
HAKON – International Information Security Meet 10/13
https://infosec-conferences.com/events-in-2019/hakon/
國家高速網路與計算中心 台灣杉一號高速計算主機使用進階課程 10/14
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3869&from_course_list_url=course_index
M3AAWG 47th General Meeting 10/14 ~ 10/17
https://infosec-conferences.com/events-in-2019/m3aawg-47th-general-meeting/
數位時代,自已的權利自己顧 -- 不可不知!基礎資安教戰講座 10/15
https://ocftw.kktix.cc/events/e0c1048b
AWS Transformation Day 10/15
https://amzn.to/2ksO8Lb
智資時代 2019 科技法制前瞻論壇 10/15
https://seminar.ithome.com.tw/live/iii20191015/index.html?eDM_iThome
AI時代下,資安與視覺化的觀點與實例 10/16
https://www.tiai.org.tw/tiaiActDetailClass?sno=19
2019 IBM Cloud 用戶實作課程秋季班 10/16
https://ibm.co/2n4VNQQ
BSides Ahmedabad 10/16
https://infosec-conferences.com/events-in-2019/bsides-ahmedabad/
TFUG Taipei | TensorFlow All Around 10/16
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/264713077/
第八屆國際程式競賽 CodeVita Season 8 即日起至10/17日報名截止
https://bhuntr.com/tw/competitions/104724210865172005190909102w
Data Connectors Toronto Tech-Security – October 10/17
https://infosec-conferences.com/events-in-2019/data-connectors-toronto-october/
Kotlin/Everywhere GDG Hsinchu - Kotlin on Cloud and Web 10/17
https://www.meetup.com/GDG-Hsinchu/events/263741333/
2019 Space Apps Challenge_NASA 黑客松台北場 10/18
https://www.facebook.com/events/2112377919060176/
2019 邊緣運算論壇 - AI + IoT 備戰台商回流潮,IIoT 智慧升級 10/18
https://www.accupass.com/event/1909040655361186052756
2019 CYBERSPACE聯合研討會 10/18 ~ 10/19
https://cyberspace.ttu.edu.tw/cyber2019/
Crosslink Taiwan 2019 10/19
https://www.meetup.com/Taipei-Ethereum-Meetup/events/264302796/
交通大學亥客書院-A006:數位足跡追蹤與分析 10/19
https://hackercollege.nctu.edu.tw/?p=1088
無痛上手-WiFi無線網路安全檢測 10/20
https://www.sce.pccu.edu.tw/event/chtweb/index.html
日盛金融黑客松 報名至10/20 止
https://app.jsun.com/hackathon/Main
Splunk .conf 19 10/21 ~ 10/24
https://conf.splunk.com/
國家高速網路與計算中心 平行計算程式設計基礎課程 10/22
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3778&from_course_list_url=course_index
AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22
https://ittraining.kktix.cc/events/aiot-training-2019
IEEE Symposium on Visualization for Cyber Security (VizSec) 10/23
https://infosec-conferences.com/events-in-2019/vizsec/
Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019
https://www.icscybersecurityconference.com
[Palo Alto Networks]-Palo Alto Networks 直播研討會Part6. MITRE ATT&CK 新資安攻防框架進階產業應用 10/24
https://www.zerone.com.tw/TrainingDetial/Seminar/7747B901A8198AC3%7C1C130FE6FEC34700
Cybersecurity Conference Rhein-Neckar 10/24 ~ 10/25
https://infosec-conferences.com/events-in-2019/cybersecurity-rhein-neckar/
Identity Days 10/24
https://infosec-conferences.com/events-in-2019/identity-days/
Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 10/25
https://signupcybersec101.ithome.com.tw/
國家高速網路與計算中心 大數據軟體開發平台與深度學習、HBase(大數據資料庫)開發應用案例 10/25
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3867&from_course_list_url=course_index
交通大學亥客書院-A015:進階網頁滲透測試 10/26
https://hackercollege.nctu.edu.tw/?p=1090
International Conference on Networks & Communications (NETWORKS) 10/26 ~ 10/27
https://infosec-conferences.com/events-in-2019/networks/
亞洲‧矽谷學院108年免費認證考試 10/27
https://college.asvda.org.tw/
International Conference on Emerging Security Information, Systems and Technologies (SECURWARE) 10/27 ~ 10/31
https://infosec-conferences.com/events-in-2019/securware/
SANS Amsterdam October 10/28
https://infosec-conferences.com/events-in-2019/sans-amsterdam-october/
資安檢核核心技術及進階技術研討會 10月28日至10月30日
http://bit.ly/2TN2UtD
Foundations in Digital Forensics with EnCase® (DF120) (原CF1) 10/28 ~ 10/31
https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=39
International Workshop on Reliability and Security Data Analysis (RSDA) 10/28 ~ 10/31
https://infosec-conferences.com/events-in-2019/rsda/
International Symposium on Software Reliability Engineering (ISSRE) 10/28 ~ 11/1
https://infosec-conferences.com/events-in-2019/issre/
Securing New Ground 10/29 ~ 10/30
https://infosec-conferences.com/events-in-2019/securing-new-ground/
CEBIT Australia 10/29 ~ 10/31
https://infosec-conferences.com/events-in-2019/cebit-australia/
OWASP AppSec Day Melbourne 11/1
https://infosec-conferences.com/events-in-2019/owasp-appsec-day-melbourne/
Hackfest 2019 11/1 ~ 11/3
https://infosec-conferences.com/events-in-2019/hackfest-2019/
行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30
https://www.accupass.com/event/1810080517061259295030
Elite East Coast CISO Summit 11/3~11/5
https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/
Red Hat Forum Taipei 2019 11/5
https://www.facebook.com/events/1390202967799392/
Cyber Security Summit: Boston 11/6
https://infosec-conferences.com/events-in-2019/cyber-security-summit-boston/
駭客攻防暨數位鑑識系列一(第1期) 11/7
https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=384540
網路攻擊鏈( Cyber Kill Chain)各階段實作 (6hr) 11/7
http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384540
Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/8
https://signupcybersec101.ithome.com.tw/
BSides Charleston 11/9
https://infosec-conferences.com/events-in-2019/bsides-charleston/
Kotlin/Everywhere GDG Taoyuan - 運用 Ktor 建置一個以 Kotlin 打造的後端服務 11/9
https://www.meetup.com/GDGTaoyuan/events/264776152/
CLEAR Cyber Leaders Conference 11/12 ~ 11/13
https://infosec-conferences.com/events-in-2019/clear-cyber-leaders-conference/
Windows檔案系統及檔案還原 (6hr) 11/14
http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384541
Digital Internet Summit 11/14
https://infosec-conferences.com/events-in-2019/digital-internet-summit/
INTERFACE – Nebraska 11/14
https://infosec-conferences.com/events-in-2019/interface-nebraska/
SecureWV – Hack3rCon 11/15 ~ 11/17
https://infosec-conferences.com/events-in-2019/securewv-hack3rcon/
交通大學亥客書院-P006:高階網頁滲透測試 11/16
https://hackercollege.nctu.edu.tw/?p=1092
FS-ISAC Fall Summit 11/17 ~ 11/20
https://infosec-conferences.com/events-in-2019/fs-isac-fall-summit/
Microsoft IoT in Action 11/20
https://www.iotinactionevents.com/event/taipei
Infosecurity ISACA North America Expo and Conference 11/20 ~ 11/21
https://infosec-conferences.com/events-in-2019/isaca-north-america-expo-conference/
檔案特徵值比對與關鍵字搜尋 (2hr) Open Source數位鑑識工具實務操作 (5hr) 11/21
http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384542
Trend Micro CTF 2019 // Raimund Genes Cup FINAL / NOVEMBER 23–24, 2019
https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html
資安檢核核心技術及進階技術研討會11月26日至11月28日
http://bit.ly/2TN2UtD
人資人員必修的職安法規定 11/26
https://www.accupass.com/event/1909121441141977826554
模擬案例鑑識分析實務 (6hr) 11/28
http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384543
Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/29
https://signupcybersec101.ithome.com.tw/
交通大學亥客書院-B015:惡意程式檢測 11/30
https://hackercollege.nctu.edu.tw/?p=1098
亞洲‧矽谷學院108年免費認證考試 11/30
https://college.asvda.org.tw/
Digital Summit Dallas 12/4
https://infosec-conferences.com/events-in-2019/digital-summit-dallas/
Kansas City Cyber Security Conference 12/5
https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/
CyberMaryland Conference 12/5 ~ 12/6
https://infosec-conferences.com/events-in-2019/cybermaryland-conference/
FutureCon Nashville Cyber Security Conference 12/11
https://infosec-conferences.com/events-in-2019/futurecon-nashville/
Utility Cyber Security Forum December 12/11
https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/
交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦 12/14
https://hackercollege.nctu.edu.tw/?p=1094
Japan Security Analyst Conference
https://jsac.jpcert.or.jp/
訂閱:
張貼留言 (Atom)
2024年 10 月份資安、社群活動分享
2024年 10 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/10/1 https://www.meetup.com/taiwan-code-camp/...
-
2023年 12月份資安、社群活動分享 零信任身份認證與存取控管 2023/12/1 https://web.tabf.org.tw/page/407020/course11.htm 線上資安專題講座-以攻擊策略演練角度協助企業評估、強化與呈現資安投資成效 2023/12/...
-
2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://b...
-
2024年 2月份資安、社群活動分享 Taipei All About API Meetup Group - Meet and Greet, 01 Feb 2024, 07:00 PM 2024/2/1 https://www.meetup.com/taipei-all-a...
沒有留言:
張貼留言