資安事件新聞週報 2019/9/23 ~ 2019/9/27






資安事件新聞週報  2019/9/23  ~  2019/9/27

1.重大弱點漏洞/後門/Exploit/Zero Day
泰國司法部長就電子跟蹤器手環EM漏洞 司法部索賠逾8300萬銖
http://www.udnbkk.com/article-286128-1.html

清華大學發現ARM、Intel處理器漏洞;華為發布Mate 30系列手機
https://kknews.cc/tech/qlklg5r.html

makandra consul gem for Ruby 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16377

Agwl駭客組織再攻Phpstudy,新增Apache Solr漏洞利用
https://s.tencent.com/research/report/813.html

全球最大同性交友網站化身漏洞管理者,還有25個潛在漏洞排名
https://www.jishuwen.com/d/pmdz/zh-tw

Kubernetes Kubectl曝安全漏洞,Rancher產品不受影響
https://segmentfault.com/a/1190000020464083


思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

Cisco Nexus 9000 Series CVE-2019-1901  CVSS V3 8.8
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo

Cisco IOS XE Software CVE-2019-12646 CVSS V3 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-alg

Cisco Catalyst 4000 Series Switches CVE-2019-12652  CVSS V3 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-cat4000-tcp-dos

Cisco IOx for IOS Software CVE-2019-12648  CVSS V3 9.9
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth

Cisco IOS XE Software CVE-2019-12650  CVE-2019-12651 CVSS V3  7.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection

Cisco IOS and IOS XE Software CVE-2019-12654 CVSS V3 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos

Cisco IOS XE Software CVE-2019-12653 CVSS V3 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dos

Cisco IOS XE Software CVE-2019-12658 CVSS V3 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-fsdos

Cisco IOx Application CVE-2019-12656 CVSS V3 7.5
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox

Cisco IOS XE Software CVE-2019-12655 CVSS V3 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ftp

Cisco IOS XE Software CVE-2019-12657  CVSS V3 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-utd

Cisco IOS and IOS XE Software CVE-2019-12647 CVSS V3 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-identd-dos

IBM WebSphere Application Server 多個漏洞
https://www.ibm.com/support/pages/security-bulletin-multiple-vulnerabilities-ibm-http-server-used-websphere-application-server

WebSphere漏洞預警(CVE-2019-4505)
https://www.agesec.com/news/7537.html

pam-python 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16729

DOMPurify 跨站脚本漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16728

Update Google Chrome Browser to Patch New Critical Security Flaws
https://thehackernews.com/2019/09/google-chrome-update.html

Developer takes down Ruby library after he finds out ICE was using it
https://www.zdnet.com/article/developer-takes-down-ruby-library-after-he-finds-out-ice-was-using-it/#ftag=RSSbaffb68

CVE-2019-4505:WebSphere任意文件讀取漏洞警報
https://www.linuxidc.com/Linux/2019-09/160757.htm

ElasticSearch命令執行防禦(CVE-2014-3120)
http://blog.itpub.net/69946337/viewspace-2658305/

VMware Security Advisories VMSA-2019-0014.1
https://www.vmware.com/security/advisories/VMSA-2019-0014.html

Forcepoint VPN Client is Vulnerable to Privilege Escalation Attacks
https://threatpost.com/forcepoint-vpn-client-is-vulnerable-to-privilege-escalation-attacks/148544/

Forcepoint VPN Client CVE-2019-6145
https://nvd.nist.gov/vuln/detail/CVE-2019-6145

CVE-2019-6145 Unquoted search path vulnerability in Forcepoint VPN Client for Windows
https://support.forcepoint.com/KBArticle?id=000017525

arubanetworks -- arubaos
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-7081

D-Link DNS-320
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16057

tenda -- n301_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16288

tendacn -- n301_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16412

Western Digital WD My Book
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16399

Wireshark
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16319

arubanetworks -- arubaos CVE-2018-7081 CVSS 9.3
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-7081

apache -- tapestry    CVE-2019-0195 CVSS 7.5
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0195

haxx -- curl CVE-2019-5481 CVSS 7.5
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5481

haxx -- curl    CVE-2019-5482 CVSS 7.5
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5482

linux -- linux_kernel    CVE-2019-14821 CVSS 7.2
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14821

linux-nfs -- nfs-utils    CVE-2019-3689 CVSS 10.0
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3689

Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites
https://www.zdnet.com/article/anonymous-researcher-drops-vbulletin-zero-day-impacting-tens-of-thousands-of-sites/#ftag=RSSbaffb68

[Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly
https://thehackernews.com/2019/09/vbulletin-zero-day-exploit.html

微軟緊急修補兩個已遭大規模濫用的 0-day 漏洞
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5108

CVE-2019-0801: MICROSOFT OFFICE URI HYPERLINK HIJINKS
https://www.thezdi.com/blog/2019/9/24/cve-2019-0801-microsoft-office-uri-hyperlink-hijinks

Microsoft Releases Emergency Patches for IE 0-Day and Windows Defender Flaw
https://thehackernews.com/2019/09/windows-update-zero-day.html

Microsoft: Windows 10 now on more than 900 million devices
https://www.zdnet.com/article/microsoft-windows-10-now-on-more-than-900-million-devices/#ftag=RSSbaffb68

微軟例外修補IE、Windows Defender兩重大漏洞,IE零時差漏洞已有攻擊程式
https://ithome.com.tw/news/133226

Windows 10 updates drag down software customer satisfaction scores for Microsoft: ACSI
https://www.zdnet.com/article/windows-10-updates-drag-down-software-customer-satisfaction-scores-for-microsoft-acsi/#ftag=RSSbaffb68

Microsoft releases out-of-band security update to fix IE zero-day & Defender bug
https://www.zdnet.com/article/microsoft-releases-out-of-band-security-update-to-fix-ie-zero-day-defender-bug/#ftag=RSSbaffb68

Microsoft to provide free Windows 7 updates for voting systems in 2020
https://www.zdnet.com/article/microsoft-to-provide-free-windows-7-updates-for-voting-systems-in-2020/#ftag=RSSbaffb68

This free Windows 10 upgrade offer still works. Here's why -- and how to get it
https://www.zdnet.com/article/this-free-windows-10-upgrade-offer-still-works-heres-why-and-how-to-get-it/#ftag=RSSbaffb68

Windows Defender Update Bug Breaks Quick and Full Scans
https://winbuzzer.com/2019/09/19/windows-defender-update-bug-breaks-quick-and-full-scans-xcxwbn/

IE瀏覽器爆發高危漏洞:4年來所有版本Win10均需打補丁
https://news.xfastest.com/microsoft/70006/ie-4-win10/

IE 瀏覽器存在遠程代碼執行漏洞,攻擊者可藉此控制系統
http://bit.ly/2mQWaOE

Red Hat introduces rolling release CentOS Stream
https://www.zdnet.com/article/red-hat-introduces-rolling-release-centos-stream/#ftag=RSSbaffb68

CentOS 8.0 1905 is now available for download
https://lists.centos.org/pipermail/centos/2019-September/173484.html

Privilege escalation vulnerability patched in Forcepoint VPN for Windows
https://www.zdnet.com/article/privilege-escalation-vulnerability-patched-in-forcepoint-vpn-for-windows/#ftag=RSSbaffb68

Adobe patches two critical issues with Cold Fusion
https://www.scmagazine.com/home/security-news/vulnerabilities/adobe-patches-two-critical-issues-with-cold-fusion/

13家知名品牌路由器隱藏125處漏洞,小米、華碩都中招!附125個漏洞列表
https://zhuanlan.zhihu.com/p/83942560

Grafana 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15635

Smart Battery A4 存在權限控制缺陷
https://tvn.twcert.org.tw/taiwanvn/TVN-201908003

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
開放銀行下階段…個資隱私 仍有外洩疑慮
https://udn.com/news/story/7239/4062515

解放客戶資料…開放銀行 月底登台
https://udn.com/news/story/7239/4062520

民眾反映許多機型老舊按鍵數字模糊 盼改善
http://www.ksnews.com.tw/index.php/news/contents_page/0001303122

趨勢科技:開放銀行法規PSD2存在風險
https://ec.ltn.com.tw/article/breakingnews/2925153

當 PSD2 開啟了更多扇門:開放銀行的風險
https://blog.trendmicro.com.tw/?p=62077

金融業小心!專家警告科技變革將帶來新衝擊
http://bit.ly/2lxxWca

尹衍樑談南山新系統始末 遭網友狂打臉
https://ec.ltn.com.tw/article/breakingnews/2926309

趨勢科技點出歐洲最新銀行法規,可能讓網路駭客對金融服務機構及客戶的攻擊大幅增加
http://bit.ly/2mK8uR2

ATM卡住存6萬2變2萬5 10天後在「神秘區域」找到了
https://udn.com/news/story/8864/4067543

假卡黨用ATM偷錢 原來同呢款提款卡有關
http://bit.ly/2mNi3yE

行庫動態:彰銀開放銀行藍圖大躍進,完成18支API驗證上架,實現數位生活應用
http://bit.ly/2lJQhmA

彰銀 攻開放銀行應用
https://udn.com/news/story/7239/4071057

維護金融網路安全 守護群眾金融利益
https://news.sina.com.tw/article/20190921/32726106.html

中國官方將推「數字人民幣」 交易全受政府監管 傳最快雙11登場
http://bit.ly/2lTmGXJ

小企難防網絡攻擊 6成遇「駭」沒保險
http://bit.ly/2m1gNId

香港金融管理局於9月25日發布香港招商永隆銀行有限公司發現詐騙網站
https://www.hkma.gov.hk/chi/news-and-media/press-releases/2019/09/20190925-6/

香港金融管理局於9月25日發布香港中信銀行(國際)有限公司發現詐騙網站
https://www.hkma.gov.hk/chi/news-and-media/press-releases/2019/09/20190925-5/

銀行公會改選理監事 台銀董座呂桔誠連任理事長
https://www.ettoday.net/news/20190926/1544109.htm

銀行公會108年9 月26日第13屆第1次會員代表大會新聞稿
https://www.ba.org.tw/Notice/Detail/1612

10月1日起烏茲別克斯坦ATM機將停止提取現金外幣
https://www.inform.kz/cn/10-1-atm_a3569735

手機訂房者請注意:信用卡側錄器正鎖定訂房網站
https://blog.trendmicro.com.tw/?p=62111

就像在 ATM 上安裝盜卡裝置一樣, 「Magecart」專偷線上刷卡資料
https://blog.trendmicro.com.tw/?p=61779

Magecart黑客瞄準公用Wi-Fi 免費收費都係目標
http://bit.ly/2n9vqZW

Magecart strikes again: hotel booking websites come under fire
https://www.zdnet.com/article/magecart-strikes-again-hotel-booking-websites-come-under-fire/#ftag=RSSbaffb68

Other Attackers Reuse Old Magecart Domains: Report
https://www.bankinfosecurity.com/other-attackers-reuse-old-magecart-domains-report-a-13129

Old Magecart Domains are Being Bought Up for Monetization
https://www.riskiq.com/blog/labs/magecart-reused-domains/

Magecart Group Targets Routers Behind Public Wi-Fi Networks
https://threatpost.com/magecart-group-targets-routers-behind-public-wi-fi-networks/148662/

Eight US Cities See Payment Card Data Stolen
https://www.bankinfosecurity.com/eight-us-cities-see-payment-card-data-stolen-a-13127

Second Wave of Click2Gov Breaches Hits United States
https://geminiadvisory.io/second-wave-of-click2gov-breaches-hits-united-states/

Two years later, hackers are still breaching local government payment portals
https://www.zdnet.com/article/two-years-later-hackers-are-still-breaching-local-government-payment-portals/#ftag=RSSbaffb68

Finance’s increasingly aware of the cyber threat, says France’s ANSSI
https://cyceon.com/2019/09/20/finances-increasingly-aware-of-the-cyber-threat-says-frances-anssi/

ATM card cloning gang busted in Pratapgarh
https://www.hindustantimes.com/cities/atm-card-cloning-gang-busted-in-pratapgarh/story-tgCFIvUhIuTqdB2r9dwTcM.html

Hackers looking into injecting card stealing code on routers, rather than websites
https://www.zdnet.com/article/hackers-looking-into-injecting-card-stealing-code-on-routers-rather-than-websites/#ftag=RSSbaffb68

3.電子支付/電子票證/行動支付/ pay/新聞及資安
從法令整併談電子支付競爭力
https://udn.com/news/story/7338/4066621

為了「反欺詐」 金融類App需要更多手機許可權
https://news.sina.com.tw/article/20190925/32763058.html

中國掀「刷臉支付」風潮,擬發布臉部辨識相關金融標準
https://technews.tw/2019/09/25/china-face-payment-publish-relevant-financial-standards/

全台唯一Cross-site免跳轉技術,TapPay如何讓電商掉單率減3成
https://www.bnext.com.tw/article/54860/tappay-crosssite-fintech

Zwei Drittel der Konsumenten zweifeln an Mobile Payment – Infografik
https://www.der-bank-blog.de/zweifel-mobile-payment/studien/mobile-payment-studien/37657211/

4.虛擬貨幣/區塊鍊相關新聞及資安
「證券型代幣」交易規範出爐,尺度難拿捏金管會一個頭兩個大
https://finance.technews.tw/2019/09/20/sto-rules-come-out-fsc/

不只SM!韓國這些企業也紛紛開始涉足區塊鏈領域
http://news.knowing.asia/news/3bc3a343-935d-4847-af5a-0298d0476c6e

制裁不了嗎?朝鮮官員曝正開發加密貨幣
https://www.secretchina.com/news/b5/2019/09/20/907916.html

台灣證券型代幣 STO 法規細項出爐 這樣的法律遵循成本合理嗎
https://news.cnyes.com/news/id/4384388

IBM、花旗宣布加入新加坡區塊鏈加速器 Tribe Accelerator
https://news.cnyes.com/news/id/4384291

加密貨幣新篇章,比特幣實物交割期貨正式上市
https://finance.technews.tw/2019/09/23/bitcoin-future-contract-launch/

fb狂彈麟伯賣bitcoin廣告 金管局:銀行估逾2,000客戶提供信用卡資料
https://hk.finance.appledaily.com/finance/realtime/article/20190923/60077244

實名制區塊鏈改變加密貨幣交易生態! Maxonrow即將上架KuCoin交易所
http://bit.ly/2mwvUZU

對於機構投資者來說,Bakkt的開張代表著什麼
http://news.knowing.asia/news/07fc5e31-3707-4c1f-8fe5-90b178078758

區塊鏈安全入門筆記(系列1-10完整版)
https://paper.seebug.org/973/

比特幣ATM大爆發 Bitcoin Depot明年在美安裝發破千台
https://www.ettoday.net/news/20190924/1542004.htm

Forbes:傳統金融體系和比特幣一樣脆弱
http://news.knowing.asia/news/ee5c136b-8a27-4a60-b928-497a5f0628c0

Exclusive: TalkTalk hacker also breached EtherDelta cryptocurrency exchange
https://www.zdnet.com/article/exclusive-talktalk-hacker-also-breached-etherdelta-cryptocurrency-exchange/#ftag=RSSbaffb68

Blockchain ID checks: How this startup is now verifying identities online
https://www.zdnet.com/article/blockchain-id-checks-how-this-startup-is-now-verifying-identities-online/#ftag=RSSbaffb68

Coinbase mulls over bringing Telegram to its cryptocurrency trading platform
https://www.zdnet.com/article/coinbase-mulls-over-adding-telegram-to-trading-platform/#ftag=RSSbaffb68

Singapore Bank Giant OCBC Joins JPMorgan’s Blockchain Network
https://cointelegraph.com/news/singapore-bank-giant-ocbc-joins-jpmorgans-blockchain-network

Kik messaging app binned to focus on Kin cryptocurrency court case
https://www.zdnet.com/article/kik-messaging-app-binned-to-focus-on-kin-cryptocurrency-development/#ftag=RSSbaffb68

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
惡意程式冒充知名廣告封鎖外掛 微軟等逾300網站受害
https://udn.com/news/story/7088/4062481

偽裝成股票交易軟體 Stockfolio 竊個資的 Mac 惡意應用程式
https://blog.trendmicro.com.tw/?p=62115

趨勢科技發現股票交易軟體木馬 Mac用戶小心個資遭竊
https://www.chinatimes.com/realtimenews/20190925003159-260412?chdtv

Mac用戶注意!傳木馬病毒入侵 偽裝股票交易竊取個資
https://www.setn.com/news.aspx?NewsID=608253

Mac用戶注意!惡意程式偽裝股票交易軟體竊取個資
https://www.ettoday.net/news/20190925/1543098.htm

Mac用戶注意!傳木馬病毒竊取個資
http://bit.ly/2lhe39c

Mac資安亮紅燈?惡意程式偽裝股票交易軟體竊個資
https://fnc.ebc.net.tw/FncNews/headline/100957

Phony IRS Emails Promise Refund, But Deliver Botnet Instead
https://www.bankinfosecurity.com/phony-irs-emails-promise-refund-but-deliver-botnet-instead-a-13126

New Phishing Campaign Targets U.S. Taxpayers by Dropping Amadey Botnet
https://cofense.com/new-phishing-campaign-targets-u-s-taxpayers-dropping-amadey-botnet/

Cryptocurrency Malware Group ‘Panda’ Has Amassed Nearly $100,000 in Monero
https://www.cryptoglobe.com/latest/2019/09/cryptocurrency-malware-group-panda-has-amassed-nearly-100000-in-monero/

‘Panda’ Crypto Malware Group Has Nabbed $100K in Monero Since 2018
https://www.coindesk.com/panda-crypto-malware-group-has-nabbed-100k-in-monero-since-2018

Panda Malware Group Has Pulled In $100,000 in Illicit Monero Hacking, Says Report
https://kryptomoney.com/panda-malware-group-has-pulled-in-100000-in-illicit-monero-hacking-says-report/

Swiss information security body warns of wave of “Emotet” banking trojan malware
https://financefeeds.com/swiss-information-security-body-warns-wave-emotet-banking-trojan-malware/

Emotet, a dangerous botnet spams malicious emails, “targets 66,000 unique emails for more than 30,000 domain
http://bit.ly/2ky2XfG

Emotet Trojan Evolves Since Being Reawakend, Here is What We Know
https://www.bleepingcomputer.com/news/security/emotet-trojan-evolves-since-being-reawakend-here-is-what-we-know/

Emotet Malware – An Introduction to the Banking Trojan
https://soundbytes.org/2019/09/21/emotet-malware-an-introduction-to-the-banking-trojan/

Emotet Botnet Now Using Snowden's Memoir as a Lure
https://www.bankinfosecurity.com/emotet-botnet-now-using-snowdens-memoir-as-lure-a-13142

"Emotet" antwortet selbstständig auf E-Mails
https://www.t-online.de/digital/sicherheit/id_86486698/schadsoftware-ist-zurueck-emotet-antwortet-selbststaendig-auf-e-mails.html

2019-09-19 - DATA DUMP: URSNIF, EMOTET, AND FORMBOOK INFECTIONS
https://www.malware-traffic-analysis.net/2019/09/19/index.html

2019-09-25 - DATA DUMP: EMOTET INFECTION WITH TRICKBOT IN AD ENVIRONMENT
https://www.malware-traffic-analysis.net/2019/09/25/index2.html

2019-09-25 - DATA DUMP: TRICKBOT INFECTION, GTAG ONO19
https://www.malware-traffic-analysis.net/2019/09/25/index.html

2019-09-26 - DATA DUMP: TWO URSNIF INFECTIONS
https://www.malware-traffic-analysis.net/2019/09/26/index.html

News Wrap: Emotet’s Return, U.S. Vs. Snowden, Physical Pen Testers Arrested
https://threatpost.com/news-wrap-emotets-return-u-s-vs-snowden-physical-pen-testers-arrested/148535/

Wie man Malware analysiert und dateilose Angriffe lanciert
https://www.netzwoche.ch/storys/2019-09-19/wie-man-malware-analysiert-und-dateilose-angriffe-lanciert

NEW REPORT OFFERS ANALYSIS ON THE ANTIVIRUS SOFTWARE MARKET
https://newsspaceflight.com/new-report-offers-analysis-on-the-antivirus-software-market/

2019-09-19 - DATA DUMP: URSNIF, EMOTET, AND FORMBOOK INFECTIONS
https://www.malware-traffic-analysis.net/2019/09/19/index.html

2019-09-24 - PCAP AND MALWARE FOR AN ISC DIARY (QUASAR RAT)
https://www.malware-traffic-analysis.net/2019/09/24/index.html

Meet Stop Ransomware: The Most Active Ransomware Nobody Talks About
https://www.bleepingcomputer.com/news/security/meet-stop-ransomware-the-most-active-ransomware-nobody-talks-about/

Payouts from insurance policies may fuel ransomware attacks
https://news.yahoo.com/payouts-insurance-policies-may-fuel-153100593.html

Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign
https://securityaffairs.co/wordpress/91525/malware/agent-tesla-malware-campaign.html

Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign
https://blog.yoroi.company/research/commodity-malware-reborn-the-agenttesla-total-oil-themed-campaign/

Autumn Aperture: Threat Campaign Highlights New Evasion Technique using an Antiquated File Format
https://blog.prevailion.com/2019/09/autumn-aperture-report.html

North Korean Hackers Use New Tricks in Attacks on U.S.
https://www.securityweek.com/north-korean-hackers-use-new-tricks-attacks-us

North Korean hackers employ antiquated file formats to evade detection
https://www.cybersecurity-help.cz/blog/677.html?affChecked=1

ATMDtrack – North Korean Hacker Group Attacking ATMs in India to Steal Card Details
https://bkhackers-on-security.blogspot.com/2019/09/atmdtrack-north-korean-hacker-group.html

New North Korean malware targeting ATMs spotted in India
https://www.zdnet.com/article/new-north-korean-malware-targeting-atms-spotted-in-india/#ftag=RSSbaffb68

Kaspersky: Dual-Use Dtrack Malware Linked to ATM Thefts
https://www.bankinfosecurity.com/kaspersky-dual-use-dtrack-malware-linked-to-atm-thefts-a-13144

The Lazarus Group is Using a new Banking Malware Against Indian Banks
https://www.technadu.com/lazarus-group-new-banking-malware-against-indian-banks/80747/

India's ATM malware issues traced to North Korea
https://gulfnews.com/world/asia/india/indias-atm-malware-issues-traced-to-north-korea-1.1569245535186

Dtrack RAT is Behind Virulent ATM-Espionage Campaign
https://threatpost.com/north-korea-atm-espionage-malware-dtrack/148602/

State-Backed Attackers Target US Entities with LookBack Malware
https://www.bleepingcomputer.com/news/security/state-backed-attackers-target-us-entities-with-lookback-malware/

Malicious Ad Blockers for Chrome Caught in Ad Fraud Scheme
https://threatpost.com/malicious-ad-blockers-for-chrome-caught-in-ad-fraud-scheme/148591/

Fake Ad Blockers 2: Now with Cookies and Ad Fraud
https://adguard.com/en/blog/fake-ad-blockers-part-2.html

17 US utility firms targeted by mysterious state-sponsored group
https://www.zdnet.com/article/17-us-utility-firms-targeted-by-mysterious-state-sponsored-group/#ftag=RSSbaffb68

State-Backed Attackers Target US Entities with LookBack Malware
https://www.bleepingcomputer.com/news/security/state-backed-attackers-target-us-entities-with-lookback-malware/

Malware Found Hiding in Fake Income Tax Department Emails, CERT-in Warns
https://gadgets.ndtv.com/internet/news/fake-income-department-emails-malware-hiding-cert-in-advistory-2105800

German authority reiterates warning over malware Emotet
https://www.telecompaper.com/news/german-authority-reiterates-warning-over-malware-emotet--1309405

Political targets at risk as Fancy Bear returns with refreshed backdoor malware
https://www.zdnet.com/article/political-targets-at-risk-as-fancy-bear-returns-with-refreshed-backdoor-malware/#ftag=RSSbaffb68

Russian APT Map Reveals 22,000 Connections Between 2000 Malware Samples
https://thehackernews.com/2019/09/russia-hacking-groups-map.html

Russia-Backed APT Groups Compete With Each Other: Report
https://www.bankinfosecurity.com/russia-backed-apt-groups-compete-each-other-report-a-13149

Did GandCrab Gang Fake Its Ransomware Retirement
https://www.bankinfosecurity.com/did-gandcrab-gang-fake-its-ransomware-retirement-a-13146

TFlower Ransomware Campaign
https://cyber.gc.ca/en/alerts/tflower-ransomware-campaign

Canadian Centre for Cyber Security Releases Advisory on New Ransomware Campaign
https://www.us-cert.gov/ncas/current-activity/2019/09/25/canadian-centre-cyber-security-releases-advisory-new-ransomware

Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host
https://blog.talosintelligence.com/2019/09/divergent-analysis.html

Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware
https://www.microsoft.com/security/blog/2019/09/26/bring-your-own-lolbin-multi-stage-fileless-nodersok-campaign-delivers-rare-node-js-based-malware/

Microsoft: New Nodersok malware has infected thousands of PCs
https://www.zdnet.com/article/microsoft-new-nodersok-malware-has-infected-thousands-of-pcs/#ftag=RSSbaffb68

Malware operators abuse Windows Narrator software in Asian attack wave
https://www.zdnet.com/article/malware-operators-replace-windows-narrator-software-with-trojan-in-new-wave-of-attacks/#ftag=RSSbaffb68

PcShare Backdoor Attacks Targeting Windows Users with FakeNarrator Malware
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html

'Fancy Bear' Hacking Group Adds New Capabilities, Targets
https://www.bankinfosecurity.com/fancy-bear-hacking-group-adds-new-capabilities-targets-a-13150

No summer vacations for Zebrocy
https://www.welivesecurity.com/2019/09/24/no-summer-vacations-zebrocy/

Cisco: Hacking Group Targets US Veterans
https://www.bankinfosecurity.com/cisco-hacking-group-targets-us-veterans-a-13152

How Tortoiseshell created a fake veteran hiring website to host malware
https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html

B.行動安全 / iPhone / Android /穿戴裝置 /App
如何檢測手機電池是否壞掉
https://blog.trendmicro.com.tw/?p=61926

Telegram、Whatsapp訊息刪除功能涉造假?黑客爆漏洞、連兩方回應
http://bit.ly/2m0IOiA

中共如何獲取推特帳號 進行虛假宣傳
http://www.epochtimes.com/b5/19/9/20/n11535181.htm

超2000款App需整改!360專家:開發者應及時自查
http://www.ccidnet.com/2019/0921/10489080.shtml

平均每款安卓終端漏洞達21個!黑產不斷演進,智能電視也被攻擊
https://kknews.cc/tech/em2vaa4.html

iOS 13鎖屏旁路漏洞泄露聯繫人信息 | 大量安卓 VPN 惡意嵌入廣告
https://read01.com/gR44z0G.html

5G催化網絡安全投資機會下匹黑馬即將浮現
https://www.jfinfo.com/news/20190922/2409184

java 反射和反序列化破解單例模式和填補漏洞方法
https://blog.51cto.com/14437184/2440143

app暗藏追蹤程式 網購類最高危
http://paper.wenweipo.com/2019/09/23/YO1909230018.htm

華為Mate30 Pro被外國大神破解:可以裝Google全家餐
https://applealmond.com/posts/59069

Check Point Research揭露Android手机安全性漏洞
http://gb-www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000568584_P176MAFP77ELXF53MRLZZ#ixzz60JBLaVsy

安卓用戶注意!知名「掃描軟體」驚傳內藏木馬程式 百萬用戶重招了
https://cnews.com.tw/134190922a02/

谷歌急下架!手機狂掉電、廣告狂跳?小心載到這2款APP
https://www.setn.com/News.aspx?NewsID=607107

中美鬥法 華為 蘋果新機對撼
http://bit.ly/2m6QwaM

中國黑客疑用蘋果漏洞 入侵流亡西藏人手機通訊
https://hk.on.cc/hk/bkn/cnt/cnnews/20190925/bkn-20190925150016184-0925_00952_001.html

疑似中國黑客入侵西藏人手機通訊
https://www.voacantonese.com/a/Chinese-Hackers-Who-Pursued-Uighurs-Also-Targeted-Tibetans-20190924/5096230.html

不只維吾爾人! 報告:中共駭客鑽IPHONE漏洞攻擊流亡藏人
https://www.bannedbook.org/bnews/zh-tw/cbnews/20190925/1197001.html

加大學研究:疑中國黑客用蘋果手機漏洞 入侵流亡西藏人手機通訊
http://bit.ly/2nhrN4d

5G企業專網 立委有異見
https://money.udn.com/money/story/5612/4064491

iPhone藍牙恐「外洩定位」 iOS 13警示大開!全APP須用戶同意才能開啟
https://www.ettoday.net/news/20190925/1542472.htm

iOS13災情多!信用卡個資被看光
http://bit.ly/2nipZYM

別更新!iOS13再傳定位外洩bug 蘋果急推新版滅火
https://fnc.ebc.net.tw/FncNews/tech/100798

IG用戶注意:侵權警告信件可能是網釣攻擊
https://ithome.com.tw/news/133257

大量 Instagram 釣魚郵件,藉侵權為由騙取帳號控制權
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=928

YouTube 大量用戶帳號遭劫持,創作者哀鴻遍野
https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=914

小心!Telegram 群人肉搜索個資 北京辨識示威者
http://m.secretchina.com/news/b5/2019/09/27/908644.html

1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp
https://thehackernews.com/2019/09/iphone-android-hacking-tibet.html

Google removes Android apps caught grossly overcharging users for basic features
https://www.zdnet.com/article/google-removes-android-apps-caught-grossly-overcharging-users-for-basic-features/#ftag=RSSbaffb68

Chameleon gambling apps wiped from App Store, Google Play
https://www.zdnet.com/article/chameleon-gambling-apps-wiped-from-ios-store-google-play/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
2019上半年 全球惡意網址威脅高達4.9億次
https://money.udn.com/money/story/5613/4059461

駭客入侵Google Nest 情侶慘遭惡作劇
http://bit.ly/2lQtxBg

TANET研討會 聚焦5大主軸
https://news.sina.com.tw/article/20190925/32768866.html

育碧起身對抗DDoS和DoS攻擊者
http://bit.ly/2l22l28

研究:美國前500大企業6成被駭客入侵
http://bit.ly/2nEp6tK

空巴供應商遭駭客攻擊 安全人士疑與中國有關
https://www.rti.org.tw/news/view/id/2035768

開發人員集訓中心Thinkful遭駭,重設所有用戶密碼
https://ithome.com.tw/news/133199

民眾黨官網被駭7天後重新上線 強調加強安全防護
https://news.ltn.com.tw/news/politics/breakingnews/2924049

TANET 2019臺灣網際網路研討會 駭客與防禦者互相攻防
https://udn.com/news/story/7327/4067746

華為再遇挫 遭國際資安組織暫停會員資格
https://www.setn.com/News.aspx?NewsID=605390

現有海康威視監視器 中山大:資安無虞
https://living.taronews.tw/2019/09/20/471782/

中國「天眼」系統 2020 前全面監控澳門,台灣卻還在使用中國製監視器
https://buzzorange.com/techorange/2019/09/23/macau-surveillance-2020/

網路安全產業前景廣闊網安人才走俏
http://news.stcn.com/2019/0922/15401675.shtml

快速打造企業級資安防禦的新指南
https://www.ithome.com.tw/voice/133166

【快速認識NIST網路安全框架】從五大構面評估企業資安防禦現況與目標
https://www.ithome.com.tw/news/133170

專家大推的NIST網路安全框架規畫工具
https://www.ithome.com.tw/news/133171

【NIST CSF導入關鍵】7步驟打造整體安全防護網,從盤點現況與成熟度評估著手
https://www.ithome.com.tw/news/133172

NIST網路安全框架當紅
https://www.ithome.com.tw/article/133173

第二屆全國中學生網絡安全競賽決賽在西安電子科技大學舉行
http://news.xiancn.com/content/2019-09/21/content_3501494.htm

中國大陸800餘萬重慶人參與2019年重慶市網絡安全宣傳周活動
http://news.cbg.cn/hotnews/2019/0926/11330957.shtml

中國大陸成都兩支隊伍闖入2019年工業信息安全技能大賽決賽
https://news.sina.com.cn/c/2019-09-26/doc-iicezzrq8501668.shtml

中國科大在量子密鑰分發實際安全性研究方面取得新進展
https://news.sina.com.cn/o/2019-09-23/doc-iicezueu7890259.shtml

中國大陸湖北“淨網2019”專項行動破案3624起下架APP2092個
http://news.xmnn.cn/xmnn/2019/09/20/100601559.shtml

中國大陸成都打擊處置違法網民80餘人次淨化網絡環境
https://finance.jrj.com.cn/2019/09/21161728163090.shtml

中國大陸貴州開展網站專項整治工作
https://tech.sina.com.cn/roll/2019-09-23/doc-iicezueu7728143.shtml

中俄網路行為不端 27國簽署網路安全聲明
http://www.secretchina.com/news/b5/2019/09/25/908417.html?code=b5

27國簽署聯合聲明 暗批中共網絡行為不端
https://www.ntdtv.com/b5/2019/09/25/a102672318.html

27國簽署網絡安全聲明 暗批中俄網絡行為不端
http://chinese.efreenews.com/a/27guoqianshuwangluoanquanshengming-anpizhongewangluohengweifouduan

美眾議院擬撥10億美元 援助電信業者汰換華為
https://news.cnyes.com/news/id/4386407

中國頻頻竊取美企商業機密 美國官員:企業應做好防備
https://ec.ltn.com.tw/article/breakingnews/2924201

美司法部:中國國家支持偷竊技術 美企應加強防範
https://news.cnyes.com/news/id/4385473

美國空軍將重金懸賞黑客排查軌道衛星系統漏洞
http://www.360.cn/n/11088.html

台灣已進入準戰爭狀態? 中國資訊戰操作對立手法曝光
https://news.ltn.com.tw/news/politics/breakingnews/2921283

網路駭客戰 台美合作演練
https://udn.com/news/story/11311/4062695

台美首聯合網攻演練 15國黑客攻台尋漏洞
http://bit.ly/2kzdTJY

台美11月舉行網絡攻防演習
https://news.now.com/home/international/player?newsId=363640

台美首聯合網攻演練 15國黑客攻台尋漏洞
http://bit.ly/2kzdTJY

15國資安團隊實兵演練進攻政府網路!「大規模網路攻防演練」強化台灣資安
https://www.storm.mg/article/1740947

【歐美 15 國網軍將攻台 5 天】台美首度合作「網路攻防演練」!「假同事」將傳訊息測台官員是否中招
https://buzzorange.com/2019/09/23/15-countries-cyberwarfare-units-will-test-taiwan/

台美首度網路攻防演練 15國網軍11月測試台灣資安
https://times.hinet.net/news/22570520

台美首聯合網攻演練 15國黑客攻台尋漏洞
http://bit.ly/2kzdTJY

台灣不是資訊戰唯一受害者!學者江雅綺舉德、法、美政府反制假資訊對策
https://musou.watchout.tw/read/wdGej8t2lfmHFErpHHcg

北美公用事業帳單入口網站系統Click2Gov二度被駭客鎖定
https://www.ithome.com.tw/news/133200

國家級駭客鎖定美國的公用事業服務供應商展開魚叉式網釣攻擊
https://www.ithome.com.tw/news/133252

沙國遭攻擊 區內網戰將更激烈
https://m.ctee.com.tw/livenews/gj/a98601002019092220584235?area=

捷克政府機關遇網攻 情報單位控中國幕後黑手
https://money.udn.com/money/story/5599/4069542

捷克政府機關遇網攻 情報單位控中共是幕後黑手
https://www.ydn.com.tw/News/354110

日本海事協會建立跨單位網路資安小組
https://m.ctee.com.tw/livenews/aj/a98623002019092315074036

US military veterans targeted by Iranian state hackers
https://www.zdnet.com/article/us-military-veterans-targeted-by-iranian-state-hackers/#ftag=RSSbaffb68

Russian state hackers rarely share code with one another
https://www.zdnet.com/article/russian-state-hackers-rarely-share-code-with-one-another/#ftag=RSSbaffb68

Report: FBI Subpoenaed Data From Banks, Credit Agencies
https://www.bankinfosecurity.com/report-fbi-subpoenaed-data-from-banks-credit-agencies-a-13130

'Carpet-bombing' DDoS attack takes down South African ISP for an entire day
https://www.zdnet.com/article/carpet-bombing-ddos-attack-takes-down-south-african-isp-for-an-entire-day/#ftag=RSSbaffb68

NEW DDOS VECTOR OBSERVED IN THE WILD: WSD ATTACKS HITTING 35/GBPS
https://blogs.akamai.com/sitr/2019/09/new-ddos-vector-observed-in-the-wild-wsd-attacks-hitting-35gbps.html

Accused JPMorgan Chase Hacker Plans to Plead Guilty
https://www.bankinfosecurity.com/jpmorgan-chases-accused-hacker-plans-to-plead-guilty-a-13128

Analysis: Fallout From the Snowden Memoir
https://www.bankinfosecurity.com/interviews/analysis-fallout-from-snowden-memoir-i-4449

Report: UK Universities Vulnerable to Cyberattacks
https://www.bankinfosecurity.eu/report-uk-universities-vulnerable-to-cyberattacks-a-13132

Fortinet leading the fight against cybercriminals
https://www.scotsman.com/business/fortinet-leading-the-fight-against-cybercriminals-1-5007569

99 percent of all misconfigurations in the public cloud go unreported
https://www.zdnet.com/article/99-percent-of-all-misconfiguration-in-the-public-cloud-go-unreported/#ftag=RSSbaffb68

Dear network operators, please use the existing tools to fix security
https://www.zdnet.com/article/dear-network-operators-please-use-the-existing-tools-to-fix-security/#ftag=RSSbaffb68

FedEx execs: We had no idea cyberattack would be so bad. Investors: Is that why you sold $40m+ of your own shares
https://www.theregister.co.uk/2019/09/19/fedex_execs_sued/

Cyber Crime & Cyber Security
https://isc2central.blogspot.com/2019/09/cybercrimeandcybersecurity.html

SQL Attacks are a piece of Cake for Hackers – and the Risk to Firms is High
https://www.cbronline.com/feature/sql-attacks

Avid Users Are Suddenly Finding That Their Macs Won’t Boot
https://www.bleepingcomputer.com/news/software/avid-users-are-suddenly-finding-that-their-macs-won-t-boot/

JPMorgan Chase's Russian Hacker Pleads Guilty
https://www.bankinfosecurity.com/jpmorgan-chases-russian-hacker-pleads-guilty-a-13138

'Carpet-bombing' DDoS attack takes down South African ISP for an entire day
https://www.zdnet.com/article/carpet-bombing-ddos-attack-takes-down-south-african-isp-for-an-entire-day/#ftag=RSSbaffb68

International traffic - DDoS - Cool Ideas
https://coolzone.cisp.co.za/announcements.php?announcement=2038-international-traffic-ddos-cool-ideas

NIST to Finalize Privacy Framework Soon
https://www.bankinfosecurity.com/nist-to-finalize-privacy-framework-soon-a-13147

AT&T redirected pen-test payloads to the FBI's Tips portal
https://www.zdnet.com/article/at-t-redirected-pen-test-payloads-to-the-fbis-tips-portal/#ftag=RSSbaffb68

【資安所】Security Researcher(資安研究員)
https://www.104.com.tw/job/6qnvk?jobsource=keyword2Keyword

ASP網頁程式設計-資安工程師(找漏洞及除bug)
https://myptt.cc/article/Soft_Job/M.1229939985.A.D5B

資訊安全人員
https://www.104.com.tw/job/6qh85

行政管理師
https://www.104.com.tw/job/6qtkd

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
駭客怎麼騙你的? 趨勢科技快閃店演給你看
https://ec.ltn.com.tw/article/breakingnews/2922033

買網拍要注意!網購平台個資外洩 2女遭「假客服」詐3萬元
https://www.ettoday.net/news/20190921/1540276.htm

烏龍詐團給錯銀行帳戶 8年級美眉不能匯款仍被騙
https://udn.com/news/story/7315/4060819

8年級妙齡女被假客服騙 年度5大高風險網購平台
https://news.ltn.com.tw/news/Taipei/breakingnews/2922607

美妝賣場疑個資外洩 無良詐團專騙8年級美眉
https://www.chinatimes.com/realtimenews/20190921002173-260402?chdtv

詐騙集團盜用臉書LINE帳號詐財 警1天內逮獲車手、幹部3人
https://www.ettoday.net/news/20190920/1539914.htm

澳門女子墮入“情網”被“愛郎”騙768萬人民幣
http://www.hkcna.hk/content/2019/0920/785546.shtml

男子利用漏洞操控67萬台計算機信息詐騙獲利600萬
https://news.163.com/19/0921/03/EPIM565B0001899O.html

新加坡個資外洩罰款飆增 今年來達94萬美元
https://money.udn.com/money/story/5602/4062656

為什麼我們被網絡釣魚攻擊所吸引
https://betanews.com/2019/09/24/hooked-by-phishing-attacks/

批大學推動「人臉辨識」侵犯學生個資 人本執行長:再多說法都不能改變「監控」的本質
https://www.storm.mg/article/1757090

看到有人操作ATM離開...機器竟吐鈔! 她爽拿1萬4挨告
https://www.ettoday.net/news/20190926/1543671.htm

警方偵破花、北、高電信詐騙集團
https://newtalk.tw/news/view/2019-09-26/303405

租花蓮民宅當機房 詐團16人被逮
http://www.ksnews.com.tw/index.php/news/contents_page/0001304570

「帳戶遭凍結」! 中華電信前董座遭詐167萬
https://news.tvbs.com.tw/local/1206726

美國外賣服務DoorDash數據洩露:影響490萬人
https://www.cnbeta.com/articles/tech/893869.htm

BRT呼籲美國儘快立法保護消費者資料
https://www.nccst.nat.gov.tw/NewsRSSDetail.aspx?lang=zh&RSSType=news&seq=16296

商業詐騙攻擊日益猖獗
https://www.nccst.nat.gov.tw/NewsRSSDetail.aspx?lang=zh&RSSType=news&seq=16295

「尋找我的 iPhone」卻找到釣魚網站,導致 Apple 登入憑證被盜
https://blog.trendmicro.com.tw/?p=61917

垃圾信夾帶山寨新聞網站連結,引導至虛擬貨幣交易詐騙網站
https://blog.trendmicro.com.tw/?p=62015

Bulgarian Man Sentenced for Massive Phishing Scheme
https://www.bankinfosecurity.com/bulgarian-man-sentenced-for-massive-phishing-scheme-a-13135

AWS says servers secure following Malindo Air data breach
https://www.zdnet.com/article/aws-says-servers-secure-following-malindo-air-data-breach/#ftag=RSSbaffb68

Mobile Phishing – Gefahr für Nutzer und Unternehmen
https://www.ip-insider.de/mobile-phishing-gefahr-fuer-nutzer-und-unternehmen-a-863767/

Phishing email in garb of I-T dept lurking in Indian cyberspace: Advisory
https://economictimes.indiatimes.com/tech/internet/phishing-email-in-garb-of-i-t-dept-lurking-in-indian-cyberspace-advisory/articleshow/71244005.cms

Study shows that majority of second-hand hard drives contain previous owner’s data
https://www.zdnet.com/article/study-shows-that-majority-of-second-hand-hard-drives-contain-previous-owners-data/

Malindo Air Blames Data Leak on Third-Party Supplier
https://www.bankinfosecurity.asia/malindo-air-blames-data-leak-on-third-party-supplier-a-13137

‘Delete immediately’: Convincing Netflix scam takes your card details
https://au.finance.yahoo.com/news/dont-click-on-this-netflix-scam-001715461.html

Heyyo dating app leaked users' personal data, photos, location, more
https://www.zdnet.com/article/heyyo-dating-app-leaked-users-personal-data-photos-location-data-more/#ftag=RSSbaffb68

E.研究報告
滲透測試流程關於文件上傳漏洞的檢測與修復過程
https://cloud.tencent.com/developer/article/1509827

個案分析-勒索病毒GoGaLocker攻擊事件分析報告_10809
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019092702094545603639826586556.pdf

CVE-2019-12922:phpMyAdmin 0 Day 漏洞
https://www.chainnews.com/articles/824370151698.htm

Windows遠程桌面服務漏洞(CVE-2019-0708)復現測試
https://www.4hou.com/vulnerable/20422.html

CVE-2018-6924:解析FreeBSD ELF 頭導致內核內存洩露
https://www.freebuf.com/vuls/213345.html

Microsoft Edge瀏覽器的Universal XSS漏洞分析(CVE-2019-1030)
https://www.4hou.com/info/news/20307.html

Mondoo:雲本土安全和漏洞風險管理系統
https://www.freebuf.com/sectool/213651.html

泛微OA管理系統RCE漏洞利用腳本
https://www.xj.hk/thread-3330.htm

【漏洞復現】 CVE-2019-14540遠程代碼執行漏洞分析&復現
https://mp.weixin.qq.com/s/D2-gTqfMfx_fs8usi77QPQ

Forcepoint VPN的客戶端曝出權限提升漏洞
https://nosec.org/home/detail/2983.html

對WebLogic漏洞及補丁的分析
https://www.anquanke.com/post/id/186812

滲透測試網站安全基礎點講解
https://www.admin5.com/article/20190923/925996.shtml

CVE-2019-5475:Nexus2 yum插件RCE漏洞復現
https://www.icode9.com/content-3-463516.html

phpMyAdmin爆出安全漏洞,跨站點請求偽造,附帶解決方案
http://www.safebase.cn/article-258604-1.html

VS下EXE可執行文件啟動代碼剖析(5)使用動態運行庫的EXE
https://blog.csdn.net/wangpengk7788/article/details/53999213

Jenkins插件漏洞分析
https://www.freebuf.com/vuls/213085.html

Jenkins Git client 插件命令執行漏洞(CVE-2019-10392)
https://www.chainnews.com/articles/442462553660.htm

Thinkphp反序列化利用鏈深入分析
https://paper.seebug.org/1040/

phpStudy 隱藏後門[漏洞插件編寫]
https://www.chainnews.com/articles/576921738649.htm

應用安全- 端口漏洞整理
https://www.cnblogs.com/nul1/p/11584058.html

利用Python腳本實現漏洞情報監控與通知的經驗分享
https://zhuanlan.zhihu.com/p/84074544

CVE-2019-0232-ApacheTomca遠程執行代碼漏洞復現
https://cloud.tencent.com/developer/article/1512468

網站滲透測試詳細檢測方法
https://www.admin5.com/article/20190925/926538.shtml

CVE-2019-12922:phpMyAdmin 0 Day漏洞
https://blog.pumo.com.tw/archives/1103

隨機數之殤——EOS 新型隨機數攻擊手法細節分析
https://paper.seebug.org/1042/

CVE-2019-1663 Cisco 的多個低端設備的堆棧緩衝區溢出漏洞分析
https://paper.seebug.org/1039/

D-Link DIR-816 A2路由器安全研究分享
https://paper.seebug.org/1036/

BlueKeep Exploit Analysis
https://paper.seebug.org/1038/

Microsoft Office中URI劫持漏洞所導致的目錄穿越
https://www.freebuf.com/column/215456.html

使用Ghidra 對iOS 應用進行msgSend 分析
https://paper.seebug.org/1037/

Reversing Cisco IOS Raw Binary Firmware Images with Ghidra
https://gist.github.com/nstarke/ed0aba2c882b8b3078747a567ee00520

JohnTroony/HUAWEI_MOBILE_WIFI
https://github.com/JohnTroony/HUAWEI_MOBILE_WIFI

The Zeek Network Security Monitor
https://github.com/zeek/zeek

Security Threat Intelligence Solutions Market Growth Sales Revenue Analysis 2019-2027
https://bestmarketherald.com/security-threat-intelligence-solutions-market-growth-sales-revenue-analysis-2019-2027/

Talos Reveals Panda Crypto Malware Group’s Scoop Of $100K in Monero Since 2018
https://www.cryptonewsz.com/talos-reveals-panda-crypto-malware-groups-scoop-of-100k-in-monero-since-2018/43422/

Crack WPA/WPA2 Wi-Fi Routers with Aircrack-ng and Hashcat by Brannon Dorsey
https://hakin9.org/crack-wpa-wpa2-wi-fi-routers-with-aircrack-ng-and-hashcat/

Andromeda - Interactive Reverse Engineering Tool for Android Applications
https://github.com/secrary/Andromeda

OWASP API Security Project
https://www.owasp.org/index.php/OWASP_API_Security_Project

Extract the secret keys from android application
https://github.com/ShapManasick/SecretumDroid

Security: HTTP Smuggling, Apache Traffic Server
https://regilero.github.io/english/security/2019/10/17/security_apache_traffic_server_http_smuggling/

Security: HTTP Smuggling, Jetty
https://regilero.github.io/english/security/2019/04/24/security_jetty_http_smuggling/

Rise of RDP as a target vector
https://www.helpnetsecurity.com/2019/09/25/rdp-target-vector/

BurpSuite-Extender-phpStudy-Backdoor-Scanner
https://github.com/gh0stkey/BurpSuite-Extender-phpStudy-Backdoor-Scanner

Easy Trick to Upload a Web Shell and Bypass AV Products
https://blog.offensivebits.ae/easy-trick-to-upload-webshell-bypass-av/

webshell/fuzzdb-webshell
https://github.com/tennc/webshell/tree/master/fuzzdb-webshell

F.商業
中華電信HiNet資安艦隊出航 CISCO Firepower 2100為企業打造新世代防火牆
https://www.cw.com.tw/article/article.action?id=5097000

深耕物聯網資安防護領域,研華(2395)與Acronis簽訂全球經銷協議
http://bit.ly/2mb9sFV

安碁資訊擁兩大成長引擎 估10月下旬掛牌上櫃
https://udn.com/news/story/7251/4070504

Azure Sentinel, Microsoft's cloud-based SIEM, hits general availability
https://www.zdnet.com/article/azure-sentinel-microsofts-cloud-based-siem-hits-general-availability/#ftag=RSSbaffb68

Two Widely Used Ad Blocker Extensions for Chrome Caught in Ad Fraud Scheme
https://thehackernews.com/2019/09/browser-chrome-extension-adblock.html

Microsoft to add more AI-infused apps and features to Dynamics 365
https://www.zdnet.com/article/microsoft-to-add-more-ai-infused-apps-and-features-to-dynamics-365/#ftag=RSSbaffb68

Cynet 360: The Next Generation of EDR
https://thehackernews.com/2019/09/cynet-endpoint-detection-response.html

Cloudflare, Google Chrome, and Firefox add HTTP/3 support
https://www.zdnet.com/article/cloudflare-google-chrome-and-firefox-add-http3-support/#ftag=RSSbaffb68

G.政府
中科院舉辦神盾盃網路奪旗競賽 發掘資訊菁英共維國家安全
http://n.yam.com/Article/20190921578952

【神盾盃網路奪旗賽】考驗臨場反應 團隊分工奪佳績
https://www.ydn.com.tw/News/353488

中科院舉辦神盾盃網路奪旗競賽 發掘資訊菁英共維國家安全
https://mna.gpwb.gov.tw/post.php?id=12&message=96439&print

神盾盃網路奪旗賽 中科院自行研發競技場登場
https://money.udn.com/money/story/5640/4061106

徐國勇:新式數位身分證 絕對無法被追蹤、主動發訊
https://udn.com/news/story/7240/4066966?from=udn-ch1_breaknews-1-cate6-news

徐國勇:數位身分證所有標案排除中資廠商
https://money.udn.com/money/story/7307/4067177

防資安風險 鄭秀玲:「數位身分證」先小規模發行測試
https://www.peoplenews.tw/news/1a22f2e0-ef2a-4c2a-8149-868d2cbe60a2

沒有資安疑慮嗎?徐永明:「身分證換發規劃案」得標公司代表人是中國執業律師
https://www.peoplenews.tw/news/b3d5f4d7-6f15-4e86-a5d7-adfed916cbac

行政院派員抵縣府實地稽核資安
https://www.kinmen.gov.tw/News_Content2.aspx?n=98E3CA7358C89100&sms=BF7D6D478B935644&s=9A2E5BFC79A04CC4

勞動部聯手TibaMe全額補助培育AI工程師
https://money.udn.com/money/story/5635/4067898

調查站防制假訊息及資安宣導 榮家互動熱絡發言踴躍
https://www.peopo.org/news/423797

證基會開班 培育金融科技人才
https://money.udn.com/money/story/5635/4066405

國防部最常被駭的不是軍情局?竟是這單位
https://www.chinatimes.com/realtimenews/20190925002030-260417?chdtv

H.ICS/SCADA 工控系統
國際半導體展首度談資安,工作小組揭露推動資安標準現況
https://ithome.com.tw/news/133168

台灣半導體.資安跨界合作 推SECPAAS資安整合服務平台
http://bit.ly/2m4U4L2

醫療儀器易受網路攻擊 如何保障病人私隱
http://bit.ly/2myY0UA

advantech -- webaccess   
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13550

advantech -- webaccess   
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13558

schneider-electric -- bmxnor0200h_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6813

schneider-electric -- modicon_premium_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6809

schneider-electric -- modicon_premium_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6828

siemens -- sinema_remote_connect_server
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13918

6 Best Practices for Performing Physical Penetration Tests
https://www.darkreading.com/risk/6-best-practices-for-performing-physical-penetration-tests/a/d-id/1335871

I.教育訓練
『 Day 1 』前言 & 期許
https://ithelp.ithome.com.tw/articles/10215273

『 Day 2 』認識 CTF
https://ithelp.ithome.com.tw/articles/10215497

『 Day 3 』Web Security - 認識 OWASP & A1 . Injection
https://ithelp.ithome.com.tw/articles/10215507

『 Day 4 』Web Security - A2 . 無效的身份認證
https://ithelp.ithome.com.tw/articles/10216226

『 Day 5 』Web Security - A3 . 敏感資料外洩
https://ithelp.ithome.com.tw/articles/10218540

『 Day 6 』Web Security - A4 . XML External Entity ( XXE )
https://ithelp.ithome.com.tw/articles/10218939

『 Day 7 』Web Security - A5 . Broken Access Control
https://ithelp.ithome.com.tw/articles/10219428

『 Day 8 』Web Security - A6 . Security Misconfiguration
https://ithelp.ithome.com.tw/articles/10219943

『 Day 9 』Web Security - A7 . Cross-Site Scripting (XSS) - 上篇
https://ithelp.ithome.com.tw/articles/10218476

『 Day 10 』Web Security - A7 . Cross-Site Scripting (XSS) - 下篇
https://ithelp.ithome.com.tw/articles/10220667

『 Day 11』Web Security - A8 . 反序列化漏洞
https://ithelp.ithome.com.tw/articles/10218773

[駭客工具 Day17] SQL Injection漏洞利用 - sqlmap
https://ithelp.ithome.com.tw/articles/10217184

[駭客工具 Day18] windows密碼獲取神器 - mimikatz
https://ithelp.ithome.com.tw/articles/10217688

[駭客工具 Day19] web安全測試2 - OWASP ZAP
https://ithelp.ithome.com.tw/articles/10218306

[駭客工具 Day20] Wi-Fi密碼破解 - Aircrack-ng
https://ithelp.ithome.com.tw/articles/10218774

[駭客工具 Day21] 隱匿行蹤的瀏覽器 - Tor
https://ithelp.ithome.com.tw/articles/10219181

[駭客工具 Day22] 密碼HASH值破解 - John the Ripper
https://ithelp.ithome.com.tw/articles/10219768

[駭客工具 Day23] DDoS攻擊 - LOIC
https://ithelp.ithome.com.tw/articles/10220236

[駭客工具 Day24] 惡意檔案分析網站 - VirusTotal
https://ithelp.ithome.com.tw/articles/10220843

[駭客工具 Day25] CTF Exploit的Python library - pwntools
https://ithelp.ithome.com.tw/articles/10221189

[Day 09]資安百物語-第四談:用都市傳說「扭來扭去」理解RFID(中)
https://ithelp.ithome.com.tw/articles/10220668

那個夜裡的資安-17(mod_security)
https://ithelp.ithome.com.tw/articles/10219411

那個夜裡的資安-18(Log)
https://ithelp.ithome.com.tw/articles/10219897

那個夜裡的資安-19(log in tmp or run)
https://ithelp.ithome.com.tw/articles/10220401

那個夜裡的資安-20(Linux Streams)
https://ithelp.ithome.com.tw/articles/10220882

那些年我們一起追的資安影集與電影: 序
https://ithelp.ithome.com.tw/articles/10215959

那些年我們一起追的資安影集與電影 : Day 1
https://ithelp.ithome.com.tw/articles/10216592

那些年我們一起追的資安影集與電影 : Day 2
https://ithelp.ithome.com.tw/articles/10217018

那些年我們一起追的資安影集與電影 : Day 3
https://ithelp.ithome.com.tw/articles/10217693

那些年我們一起追的資安影集與電影 : Day 4
https://ithelp.ithome.com.tw/articles/10218199

那些年我們一起追的資安影集與電影 : Day 6
https://ithelp.ithome.com.tw/articles/10219214

資安戰爭 三十六計之第5計:趁火打劫
https://ithelp.ithome.com.tw/articles/10218450

資安戰爭 三十六計之第6計:聲東擊西
https://ithelp.ithome.com.tw/articles/10218954

十一、雲端資訊安全(二)
https://ithelp.ithome.com.tw/articles/10221342

[Day 05]資安百物語:第二談:現代飛頭蠻的反制法-反無人機技術(下)
https://ithelp.ithome.com.tw/articles/10218551

0x00 Basics of Reverse Engineering: Stack
https://medium.com/@Flying_glasses/0x00-basics-of-reverse-engineering-stack-99bebf865359

NetCat & Cache Level Attacks Explained
https://medium.com/@Flying_glasses/netcat-cache-level-attacks-explained-af9ce2fd47ca

Retrieving Files from memory dump
https://medium.com/@Flying_glasses/retrieving-files-from-memory-dump-34d9fa573033

TOP Linux utilities for Reverse Engineering
https://medium.com/@Flying_glasses/top-linux-utilities-for-reverse-engineering-b8d1a66ff059

Emotet Memory dump analysis: Part 1 (Detecting malicious processes)
https://medium.com/@Flying_glasses/emotet-memory-dump-analysis-part-1-detecting-malicious-processes-d84c468dff4b

Dynamic Analysis of Watchdog spyware
https://medium.com/@Flying_glasses/dynamic-analysis-of-watchdog-spyware-58304f6bc20a

Top 5 ways to detect malicious file manually
https://medium.com/@Flying_glasses/top-5-ways-to-detect-malicious-file-manually-d02744f7c43a

Dynamic malware analysis : LAB setup
https://medium.com/@Flying_glasses/dynamic-malware-analysis-lab-setup-613075f9423f

Entropy Analysis : A critical test for malware's.
https://medium.com/@Flying_glasses/entropy-analysis-a-critical-test-for-malwares-69939f5b8b1

Basic Static Malware analysis : PE viewer, Depnd walker & DIE.
https://medium.com/@Flying_glasses/basic-static-malware-analysis-pe-viewer-depnd-walker-die-f400dde2d9a9

Mobile Security Pentest Kali Linux
https://www.youtube.com/watch?v=SvQyNwjIqLg

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
2013年來物聯網設備安全漏洞翻一番
http://www.360.cn/n/11107.html

如何解決嵌入式物聯網設計的6大安全挑戰
https://www.eettaiwan.com/download/Renesas_WP_TC_201910

《IOT 物聯網》預設密碼讓60萬台GPS追蹤裝置陷入危險
https://blog.trendmicro.com.tw/?p=62065

Zira launches industrial IoT platform with data integration, marketplace, and AI-driven process automation
https://www.zdnet.com/article/zira-launches-industrial-iot-platform-with-data-integration-marketplace-and-ai-driven-process-automation/#ftag=RSSbaffb68

6.近期資安活動及研討會
 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

交通大學亥客書院-B022:基礎網頁安全與滲透測試 9/28
 https://hackercollege.nctu.edu.tw/?p=1084

 【Flutter Brunch】: 一起來交流 Flutter 技術 9/28
 https://www.meetup.com/Women-Who-Code-Taipei/events/264801570/

 WTM Networking - UXers' Breakfast #3 9/28
 https://www.meetup.com/GDGTaipei/events/264719986/

 JavaScript Developer Conference-2019  2019-09-28(六) 09:30 ~ 2019-10-26(六) 17:30 (GMT+8)
 https://www.accupass.com/event/1907081509101081922774

 AI/BigData技能養成系列課程-資料工程實務應用精鍊假日班(確定開課) 9/28 ~ 10/6
 https://www.accupass.com/event/1908010601311553672560

 亞洲‧矽谷學院108年免費認證考試 9/29
 https://college.asvda.org.tw/

 NSPA實作課程(假日班)報名表 9/29
 https://docs.google.com/forms/d/e/1FAIpQLSf6g7LmwAk_T6RFCaZL3dvgxjS9qlMrHlLtkXDC-nqNza_V9w/viewform

 軟體安全測試實務 9/29
 https://www.sce.pccu.edu.tw/event/chtweb/index.html

 2019 NASA黑客松賽前技術分享[Microsoft]_Azure 雲端運算與認知識別服務 10/1
 https://www.facebook.com/events/421753888461417/

 技職校院物聯網創新應用賽 10/1 受理報名
 https://iot2gather.ntust.edu.tw/

 Gnss海面反射訊號之技術及應用 10/1
 https://www.facebook.com/events/384731849123773/

 GovernmentWare Conference & Exhibition  10/1
 https://infosec-conferences.com/events-in-2019/govware/

 Cyber City Conference 10/1
 https://infosec-conferences.com/events-in-2019/cyber-city-conference/

 GDG DevFest Taipei 2019 10/1
 https://www.meetup.com/GDGTaipei/events/263142255/

 IEEE International Symposium on Reliable Distributed Systems (SRDS)  10/1 ~ 10/4
 https://infosec-conferences.com/events-in-2019/srds/

 Nasa黑客松,太空中心能幫你什麼 10/2
 https://www.facebook.com/events/390573691633383/

 108 年「先進製造 AI 與物聯網資安實務應用研討會」 10/3
 https://seminars.tca.org.tw/D15e02340.aspx

 Wisdom of Crowds Dubai 10/3
 https://infosec-conferences.com/events-in-2019/wisdom-of-crowds-dubai/

 工業物聯網資安檢測與防護策略 10/4
 https://ievents.iii.org.tw/EventS.aspx?t=0&id=661

 我們與資安的距離 10/5
 https://hackersir.kktix.cc/events/20191005

 安全程式碼撰寫基礎 10/6
 https://www.sce.pccu.edu.tw/event/chtweb/index.html

 SecTor Security Conference 10/7
 https://infosec-conferences.com/events-in-2019/sector-security-conference/

 Australian Cyber Conference 2019 10/7
 https://infosec-conferences.com/events-in-2019/australian-cyber-conference/

 XRY Certification 教育訓練 10/7 ~ 10/8
 https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=38

 Unleashing Cyber Security  10/7 ~ 10/8
 https://infosec-conferences.com/events-in-2019/unleashing-cyber-security/

 資安檢核核心技術及進階技術研討會 10月7日至10月9日
 http://bit.ly/2TN2UtD

 2019年台灣資安通報應變年會 10/8
 https://www.informationsecurity.com.tw/Seminar/ISevent20191008/

 Cloud Native Forum 2019   10/9
 https://www.meetup.com/Cloud-Native-Taipei-User-Group/events/264613646/

 BSides Delhi 10/11
 https://infosec-conferences.com/events-in-2019/bsides-delhi/

 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/

 白帽駭客體驗實作 10/13
 https://www.sce.pccu.edu.tw/event/chtweb/index.html

 HAKON – International Information Security Meet 10/13
 https://infosec-conferences.com/events-in-2019/hakon/

 國家高速網路與計算中心 台灣杉一號高速計算主機使用進階課程 10/14
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3869&from_course_list_url=course_index

 M3AAWG 47th General Meeting 10/14 ~ 10/17
 https://infosec-conferences.com/events-in-2019/m3aawg-47th-general-meeting/

 數位時代,自已的權利自己顧 -- 不可不知!基礎資安教戰講座  10/15
 https://ocftw.kktix.cc/events/e0c1048b

 AWS Transformation Day 10/15
 https://amzn.to/2ksO8Lb

 智資時代 2019 科技法制前瞻論壇 10/15
 https://seminar.ithome.com.tw/live/iii20191015/index.html?eDM_iThome

 AI時代下,資安與視覺化的觀點與實例 10/16
 https://www.tiai.org.tw/tiaiActDetailClass?sno=19

 2019 IBM Cloud 用戶實作課程秋季班  10/16
 https://ibm.co/2n4VNQQ

 BSides Ahmedabad 10/16
 https://infosec-conferences.com/events-in-2019/bsides-ahmedabad/

 TFUG Taipei | TensorFlow All Around 10/16
 https://www.meetup.com/TensorFlow-User-Group-Taipei/events/264713077/

 第八屆國際程式競賽 CodeVita Season 8 即日起至10/17日報名截止
 https://bhuntr.com/tw/competitions/104724210865172005190909102w

 Data Connectors Toronto Tech-Security – October  10/17
 https://infosec-conferences.com/events-in-2019/data-connectors-toronto-october/

 Kotlin/Everywhere GDG Hsinchu - Kotlin on Cloud and Web 10/17
 https://www.meetup.com/GDG-Hsinchu/events/263741333/

 2019 Space Apps Challenge_NASA 黑客松台北場 10/18
 https://www.facebook.com/events/2112377919060176/

 2019 邊緣運算論壇 - AI + IoT 備戰台商回流潮,IIoT 智慧升級 10/18
 https://www.accupass.com/event/1909040655361186052756

 2019 CYBERSPACE聯合研討會 10/18 ~ 10/19
 https://cyberspace.ttu.edu.tw/cyber2019/

 Crosslink Taiwan 2019 10/19
 https://www.meetup.com/Taipei-Ethereum-Meetup/events/264302796/

 交通大學亥客書院-A006:數位足跡追蹤與分析 10/19
 https://hackercollege.nctu.edu.tw/?p=1088

 無痛上手-WiFi無線網路安全檢測 10/20
 https://www.sce.pccu.edu.tw/event/chtweb/index.html

 日盛金融黑客松 報名至10/20 止
 https://app.jsun.com/hackathon/Main

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 國家高速網路與計算中心 平行計算程式設計基礎課程 10/22
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3778&from_course_list_url=course_index

  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019

 IEEE Symposium on Visualization for Cyber Security (VizSec) 10/23
 https://infosec-conferences.com/events-in-2019/vizsec/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

 [Palo Alto Networks]-Palo Alto Networks 直播研討會Part6. MITRE ATT&CK 新資安攻防框架進階產業應用 10/24
 https://www.zerone.com.tw/TrainingDetial/Seminar/7747B901A8198AC3%7C1C130FE6FEC34700

 Cybersecurity Conference Rhein-Neckar  10/24 ~ 10/25
 https://infosec-conferences.com/events-in-2019/cybersecurity-rhein-neckar/

 Identity Days 10/24
 https://infosec-conferences.com/events-in-2019/identity-days/

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  10/25
 https://signupcybersec101.ithome.com.tw/

 國家高速網路與計算中心 大數據軟體開發平台與深度學習、HBase(大數據資料庫)開發應用案例 10/25
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3867&from_course_list_url=course_index

 交通大學亥客書院-A015:進階網頁滲透測試 10/26
 https://hackercollege.nctu.edu.tw/?p=1090

 International Conference on Networks & Communications (NETWORKS) 10/26 ~ 10/27
 https://infosec-conferences.com/events-in-2019/networks/

 亞洲‧矽谷學院108年免費認證考試 10/27
 https://college.asvda.org.tw/

 International Conference on Emerging Security Information, Systems and Technologies (SECURWARE) 10/27 ~ 10/31
 https://infosec-conferences.com/events-in-2019/securware/

 SANS Amsterdam October  10/28
 https://infosec-conferences.com/events-in-2019/sans-amsterdam-october/

 資安檢核核心技術及進階技術研討會 10月28日至10月30日
 http://bit.ly/2TN2UtD

 Foundations in Digital Forensics with EnCase® (DF120) (原CF1) 10/28 ~ 10/31
 https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=39

 International Workshop on Reliability and Security Data Analysis (RSDA)  10/28 ~ 10/31
 https://infosec-conferences.com/events-in-2019/rsda/

 International Symposium on Software Reliability Engineering (ISSRE)  10/28 ~ 11/1
 https://infosec-conferences.com/events-in-2019/issre/

 Securing New Ground 10/29 ~ 10/30
 https://infosec-conferences.com/events-in-2019/securing-new-ground/

 CEBIT Australia  10/29 ~ 10/31
 https://infosec-conferences.com/events-in-2019/cebit-australia/

 OWASP AppSec Day Melbourne  11/1
 https://infosec-conferences.com/events-in-2019/owasp-appsec-day-melbourne/

 Hackfest 2019  11/1 ~ 11/3
 https://infosec-conferences.com/events-in-2019/hackfest-2019/

 行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30
 https://www.accupass.com/event/1810080517061259295030

  Elite East Coast CISO Summit 11/3~11/5
 https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/

 Red Hat Forum Taipei 2019  11/5
 https://www.facebook.com/events/1390202967799392/

 Cyber Security Summit: Boston  11/6
 https://infosec-conferences.com/events-in-2019/cyber-security-summit-boston/

 駭客攻防暨數位鑑識系列一(第1期) 11/7
 https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=384540

 網路攻擊鏈( Cyber Kill Chain)各階段實作 (6hr)  11/7
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384540

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/8
 https://signupcybersec101.ithome.com.tw/

 BSides Charleston 11/9
 https://infosec-conferences.com/events-in-2019/bsides-charleston/

 Kotlin/Everywhere GDG Taoyuan - 運用 Ktor 建置一個以 Kotlin 打造的後端服務  11/9
 https://www.meetup.com/GDGTaoyuan/events/264776152/

 CLEAR Cyber Leaders Conference 11/12 ~ 11/13
 https://infosec-conferences.com/events-in-2019/clear-cyber-leaders-conference/

 Windows檔案系統及檔案還原 (6hr)  11/14
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384541

 Digital Internet Summit 11/14
 https://infosec-conferences.com/events-in-2019/digital-internet-summit/

 INTERFACE – Nebraska 11/14
 https://infosec-conferences.com/events-in-2019/interface-nebraska/

 SecureWV – Hack3rCon  11/15 ~ 11/17
 https://infosec-conferences.com/events-in-2019/securewv-hack3rcon/

 交通大學亥客書院-P006:高階網頁滲透測試 11/16
 https://hackercollege.nctu.edu.tw/?p=1092

 FS-ISAC Fall Summit 11/17 ~ 11/20
 https://infosec-conferences.com/events-in-2019/fs-isac-fall-summit/

 Microsoft IoT in Action 11/20
 https://www.iotinactionevents.com/event/taipei

 Infosecurity ISACA North America Expo and Conference 11/20 ~ 11/21
 https://infosec-conferences.com/events-in-2019/isaca-north-america-expo-conference/

 檔案特徵值比對與關鍵字搜尋 (2hr) Open Source數位鑑識工具實務操作 (5hr) 11/21
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384542

 Trend Micro CTF 2019 // Raimund Genes Cup  FINAL / NOVEMBER 23–24, 2019
 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html

 資安檢核核心技術及進階技術研討會11月26日至11月28日
 http://bit.ly/2TN2UtD

 人資人員必修的職安法規定 11/26
 https://www.accupass.com/event/1909121441141977826554

 模擬案例鑑識分析實務 (6hr)  11/28
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384543

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/29
 https://signupcybersec101.ithome.com.tw/

 交通大學亥客書院-B015:惡意程式檢測 11/30
 https://hackercollege.nctu.edu.tw/?p=1098

 亞洲‧矽谷學院108年免費認證考試 11/30
 https://college.asvda.org.tw/

 Digital Summit Dallas  12/4
 https://infosec-conferences.com/events-in-2019/digital-summit-dallas/

 Kansas City Cyber Security Conference 12/5
 https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/

 CyberMaryland Conference 12/5 ~ 12/6
 https://infosec-conferences.com/events-in-2019/cybermaryland-conference/

 FutureCon Nashville Cyber Security Conference 12/11
 https://infosec-conferences.com/events-in-2019/futurecon-nashville/

 Utility Cyber Security Forum December 12/11
 https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/

 交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦  12/14
 https://hackercollege.nctu.edu.tw/?p=1094

 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

沒有留言:

張貼留言

2024年 10 月份資安、社群活動分享

  2024年 10  月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/10/1 https://www.meetup.com/taiwan-code-camp/...