跳到主要內容

資安事件新聞週報 2019/10/7 ~ 2019/10/11






資安事件新聞週報  2019/10/7  ~  2019/10/11

1.重大弱點漏洞/後門/Exploit/Zero Day
英國政府警告:Pulse Secure、Palo Alto和Fortinet的VPN存在APT攻擊漏洞
https://www.ithome.com.tw/news/133480

Unpatched VPN Servers Targeted by Nation-State Attackers
https://www.bankinfosecurity.com/unpatched-vpn-servers-targeted-by-nation-state-attackers-a-13202

Vulnerabilities exploited in VPN products used worldwide
https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities

Palo Alto PAN-OS 遠端執行程式碼漏洞
https://www.hkcert.org/my_url/zh/alert/19072402

Fortinet FortOS 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19100802

Juniper Networks 產品安全性漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0074

IBM WebSphere Application 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.3731/
https://www.auscert.org.au/bulletins/ESB-2019.3728/

熱門UI設計工具Figma的擴充套件系統存在漏洞,官方抽換底層基礎架構
https://www.ithome.com.tw/news/133492

Notepad++ (x64) before 7.7 CVE-2019-16294 – Remote Code Execution
https://0day.life/exploits/0day-940.html


PHP 7.3 disable_functions Bypass
https://packetstormsecurity.com/files/154728/php7073-bypass.txt

Linux/x86 NOT + XOR-N + Random Encoded /bin/sh Shellcode
https://packetstormsecurity.com/files/154727/linuxnotxorn-shellcode.txt

Hisilicon Hi3518 HD Camera Remote Configuration Disclosure
https://packetstormsecurity.com/files/154720/Hi3518.pl.txt

Slackware Security Advisory - tcpdump Updates
https://packetstormsecurity.com/files/154710/SSA-2019-274-01.txt

DHS and FDA warn about much broader impact of Urgent/11 vulnerabilities
https://www.zdnet.com/article/dhs-and-fda-warn-about-much-broader-impact-of-urgent11-vulnerabilities/#ftag=RSSbaffb68

Fedora drops 32-bit Linux
https://www.zdnet.com/article/fedora-drops-32-bit-linux/#ftag=RSSbaffb68

macOS Catalina beta版可先爽玩Apple Arcade
https://tw.lifestyle.appledaily.com/gadget/20191005/J7YNUDNVO4Q3HWORSRV6ISPD6A/

7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
https://thehackernews.com/2019/10/iterm2-macos-terminal-rce.html

SA115 : Multiple nginx DNS resolver vulnerabilities
https://support.symantec.com/us/en/article.SYMSA1352.html

SA100 : Apache Tomcat Vulnerabilities
https://support.symantec.com/us/en/article.SYMSA1329.html

思科交換機新漏洞被發現,恐引起新一輪全球掃描
https://anquan.baidu.com/article/922

Cisco 多個產品發布多個安全更新
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-72541

微軟再發佈IE漏洞例外修補程式,所有版本都要安裝
https://www.ithome.com.tw/news/133453

Microsoft Releases October 2019 Patch Tuesday Updates
https://thehackernews.com/2019/10/microsoft-patch-tuesday-october.html

Microsoft October 2019 Patch Tuesday is a light one
https://www.zdnet.com/article/microsoft-october-2019-patch-tuesday-is-a-light-one/#ftag=RSSbaffb68

Microsoft 產品存在安全性弱點
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367

Windows 10 Mobile新漏洞曝光,微軟放棄修復
https://tech.sina.com.cn/mobile/n/n/2019-10-11/doc-iicezuev1362480.shtml

SharePoint 企業伺服器 2016 的安全更新說明:2019 年 10 月 8 日
https://support.microsoft.com/zh-tw/help/4484111/security-update-for-sharepoint-enterprise-server-2016

分析多款D-Link路由器中的未授權RCE漏洞
https://www.anquanke.com/post/id/187923

D-Link router remote code execution vulnerability will not be patched
https://www.zdnet.com/article/d-link-routers-contain-remote-code-execution-vulnerability/#ftag=RSSbaffb68

D-Link -- dhp-1565_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16920

四款D-Link路由器發現無法修復的漏洞唯一選擇是棄之不用
https://www.cnbeta.com/articles/tech/897255.htm

D-Link路由器曝出RCE漏洞,牽涉多個型號
https://nosec.org/home/detail/3020.html

rsyslog
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14454

How to Prioritize Vulnerability Patching
https://www.bankinfosecurity.asia/how-to-prioritize-vulnerability-patching-a-13200

Zero-day published for old Joomla CMS versions
https://www.zdnet.com/article/zero-day-published-for-old-joomla-cms-versions/#ftag=RSSbaffb68

vBulletin Releases Patch Update for New RCE and SQLi Vulnerabilities
https://thehackernews.com/2019/10/vBulletin-hacking-exploit.html

Adobe Suspends Accounts for All Venezuela Users Citing U.S. Sanctions
https://thehackernews.com/2019/10/adobe-venezuela-sanctions.html

Thunderbird to add built-in support for OpenPGP email encryption standard
https://www.zdnet.com/article/thunderbird-to-add-built-in-support-for-openpgp-email-encryption-standard/#ftag=RSSbaffb68

Intel處理器再爆MDS資安漏洞,更新處理器微碼犧牲效能換取安全
https://buy.line.me/u/article/96367

Android 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19100902

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
強化數位帳戶 迎戰純網銀
https://money.udn.com/money/story/9740/3980473

違反證券法 又傳台灣分析師在上海遭收押 6人限制出境
https://news.cnyes.com/news/id/4388984

手握信用評分執照AISP通吃31國 CRIF集團 歐洲開放銀行先驅
https://www.chinatimes.com/newspapers/20191007000220-260202?chdtv

降低純網銀流動風險 金管會將建置即時監理系統
https://udn.com/news/story/7239/4090726

鯰魚有不同管法 金管會強化純網銀六大管理
https://www.chinatimes.com/realtimenews/20191007003104-260410?chdtv

3家純網銀來襲 公股銀免驚!財部:善用自身業務與優勢
https://www.ettoday.net/news/20191008/1552854.htm

台資被誤認成中資! 上海商銀在香港遭攻擊 金管會說明
https://ec.ltn.com.tw/article/breakingnews/2940657

兆豐金:純網銀與實體銀行,5年內不會有競合問題
http://bit.ly/2OBO1cM

Magecart: New Research Shows the State of a Growing Threat
https://www.riskiq.com/blog/external-threat-management/magecart-growing-threat/

Old Magecart Domains are Being Bought Up for Monetization
https://www.riskiq.com/blog/labs/magecart-reused-domains/

3.電子支付/電子票證/行動支付/ pay/新聞及資安
財金公司建行動支付高速路
https://udn.com/news/story/7239/4086695

掃碼支付 最快年底共用TWQR
https://udn.com/news/story/7239/4086532

「台灣Pay」市占率低迷 財金董座:不以市場競爭為目的
https://www.cmmedia.com.tw/home/articles/17901

電子支付好夯使用人數衝上568萬 一卡通最多人用穩坐冠軍寶座
https://www.ettoday.net/news/20191005/1550457.htm

三星Samsung Pay推出47國跨境轉帳、金融預付卡
https://news.cnyes.com/news/id/4390432

APP綁信用卡消費爭議 金管會建議2步驟解決
http://bit.ly/2Olhp73

台灣不適合行動支付?他曝致命陋習
https://www.chinatimes.com/hottopic/20191005001678-260804?chdtv

北捷e-Shop試辦4個月 支援11種支付購票卡
http://bit.ly/35lb8ya

個資存三方外洩有難度 專家:交換過程也可遭駭客鎖定
https://tw.news.appledaily.com/life/realtime/20191008/1645595/

日本10%消費者稅一週 電子支付系統大當機
http://bit.ly/2ATmnQr

Samsung Pay Cash now available: Budget your spending with this prepaid virtual card
https://zd.net/2AYKDRx

4.虛擬貨幣/區塊鍊相關新聞及資安
讓手機變身加密貨幣離線錢包!Parity發布新版本應用程式
http://news.knowing.asia/news/a17be8f5-84ef-4492-8bb4-99cdd40434bc

日本金融廳發布「基金投資加密資產」準則草案!10 月底前聽取各界意見
https://news.cnyes.com/news/id/4390614

拯救10%的資產安全!MakerDAO修復多抵押品系統重要漏洞
http://news.knowing.asia/news/3e7ad17e-8bfc-41c8-a14d-5cb6feb77e82

郭台銘學院要唸什麼?郭董首推台版Libra
https://udn.com/news/story/7238/4085132?from=udn-catelistnews_ch2

PayPal宣佈退出虛擬貨幣Libra 衝擊臉書推動加密貨幣計劃
https://www.ettoday.net/news/20191005/1550569.htm

加密貨幣持續撼動銀行系統!預計未來10年美國銀行將裁員20萬人
http://news.knowing.asia/news/4bf64ad2-05ac-452b-9410-42bfa539c989

比特幣閃電網路的規格通過了首個「形式化驗證」的安全性測試
http://bit.ly/33loSre

PayPal drops out of Facebook's Libra
https://www.atmmarketplace.com/news/paypal-drops-out-of-facebooks-libra/

PayPal backs out: what does this mean for the future of Facebook’s Libra cryptocurrency
https://www.zdnet.com/article/paypal-backs-out-what-does-this-mean-for-the-future-of-facebooks-libra-cryptocurrency/#ftag=RSSbaffb68

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
駭客專挑企業下手! 無檔案式攻擊暴增265%
https://tw.news.appledaily.com/life/realtime/20191005/1644095/

疑似俄國駭客發展新式RAT,可突破HTTPS加密追蹤上網行蹤
https://www.ithome.com.tw/news/133468

駭客攻擊新手法:用木馬程式破解 HTTPS 加密,透過 Chrome 監視你的上網資料
http://bit.ly/35mNFN7

GalactiCrypter勒索軟體有解了
https://www.ithome.com.tw/news/133476

烏茲別克斯坦黑客組織犯低級錯誤在有卡巴斯基的機器上測試病毒被披露
https://www.cnbeta.com/articles/tech/897049.htm

雲端電子商務平台Volusion的結帳頁面被注入惡意程式
https://ithome.com.tw/news/133560

新的 Muhstik Ransomware 瞄準 NAS 進行攻擊
https://www.twcert.org.tw/tw/cp-104-3009-9f878-1.html

Hackers breach Volusion and start collecting card details from thousands of sites
https://www.zdnet.com/article/hackers-breach-volusion-and-start-collecting-card-details-from-thousands-of-sites/

Sesame Street Store & Volusion customers are comprised; how the cookie monster is stealing credit card info
http://bit.ly/2AYE4yd

Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC
https://www.vice.com/en_us/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec

Hospitals in US, Australia hobbled by ransomware
https://www.welivesecurity.com/2019/10/03/hospitals-us-australia-ransomware/

The Week in Ransomware - October 4th 2019 - That's all Folks
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-4th-2019-thats-all-folks/

2019-10-03 - DATA DUMP: CLASSIC-STYLE HANCITOR MALSPAM
https://www.malware-traffic-analysis.net/2019/10/03/index.html

Just How Widespread Is Ransomware Epidemic
https://www.bankinfosecurity.com/just-how-widespread-ransomware-epidemic-a-13183

Malware Most Foul: Emotet, Trickbot, Cryptocurrency Miners
https://www.bankinfosecurity.com/malware-most-foul-emotet-trickbot-cryptocurrency-miners-a-13181

If a Bank Sends You Your Passwords via a Text Message, This Android Trojan Could Steal Them
https://www.cyclonis.com/if-bank-sends-passwords-via-text-this-android-trojan-steal-them/

Malware Botnet of $160 planned to rob Crypto from 72,000 Devices
https://orlanko.com/2019/10/04/malware-botnet-of-160-planned-to-rob-crypto-from-72000-devices/

Antivirus Firm, ESET, Reveals Cryptojacking Trojan Targeting Cryptocurrency Users
https://bitcoinexchangeguide.com/antivirus-firm-eset-reveals-cryptojacking-trojan-targeting-cryptocurrency-users/

ANDROID: THIS MALWARE HAS STOLEN MONEY FROM 800 000 BANK ACCOUNTS SINCE 2016
https://www.gizchina.com/2019/10/04/android-this-malware-has-stolen-money-from-800-000-bank-accounts-since-2016/

IC3 Issues Alert on Ransomware
https://www.us-cert.gov/ncas/current-activity/2019/10/04/ic3-issues-alert-ransomware

HIGH-IMPACT RANSOMWARE ATTACKS THREATEN U.S. BUSINESSES AND ORGANIZATIONS
https://www.ic3.gov/media/2019/191002.aspx

Casbaneiro: Dangerous cooking with a secret ingredient
https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/

More Hidden App Malware Found on Google Play with over 2.1 Million Downloads
https://www.symantec.com/blogs/threat-intelligence/hidden-adware-google-play

Ramnit Targets Japanese Shoppers, Aiming at Top Fashion Brands
https://securityintelligence.com/posts/ramnit-targets-japanese-shoppers-aiming-at-top-fashion-brands/

2019-10-05 - TRAFFIC ANALYSIS EXERCISE
https://www.malware-traffic-analysis.net/2019/10/05/index.html

HildaCrypt Ransomware Developer Releases Decryption Keys
https://www.bleepingcomputer.com/news/security/hildacrypt-ransomware-developer-releases-decryption-keys/

DCH Hospital Pays Ryuk Ransomware for Decryption Key
https://www.bleepingcomputer.com/news/security/dch-hospital-pays-ryuk-ransomware-for-decryption-key/

Report: Android Banking Botnet Targeted Russians
https://www.bankinfosecurity.com/report-android-banking-botnet-targeted-russians-a-13201

GEOST BOTNET. THE STORY OF THE DISCOVERY OF A NEW ANDROID BANKING TROJAN FROM AN OPSEC ERROR
http://public.avast.com/research/VB2019-Garcia-etal.pdf

White-hat hacks Muhstik ransomware gang and releases decryption keys
https://www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-releases-decryption-keys/#ftag=RSSbaffb68

Security Advisory for Muhstik Ransomware
https://www.qnap.com/en-us/security-advisory/NAS-201910-02

New sextortion campaign taps altcoins to avoid detection
https://www.zdnet.com/article/new-sextortion-campaign-taps-altcoins-to-avoid-detection/#ftag=RSSbaffb68

B.行動安全 / iPhone / Android /穿戴裝置 /App
Android版WhatsApp含有遠端攻擊漏洞,波及全球數億用戶
https://www.ithome.com.tw/news/133445

攻擊者宣稱可利用0day漏洞完全控制Android手機
https://www.cnbeta.com/articles/tech/895947.htm

安卓再曝零日漏洞,谷歌/三星/華為/小米等多款手機可被控制
https://www.ithome.com/0/448/676.htm

Android 系統曝重大漏洞,手機恐遭駭控制!Google 公佈14款機型清單
https://3c.ltn.com.tw/news/38178

谷歌發佈高危漏洞,18款安卓手機機型受影響
http://finance.sina.com/bg/usstock/usstock_news/thepaper/2019-10-07/doc-ifzpqvem1946556.shtml

國際特赦組織調查!16 款通訊軟體保密排行,WeChat 零分出局
https://3c.ltn.com.tw/news/27035

WhatsApp爆漏洞 一張GIF圖就能讓駭客控制帳戶
https://www.chinatimes.com/realtimenews/20191008003797-260412?chdtv

紐約市執法部購以色列程式 解鎖iPhone取證據
https://inews.hket.com/article/2468182

歐盟警告:5G網路供應商單一 恐受國家支持駭客攻擊
https://ec.ltn.com.tw/article/breakingnews/2942544

愛瘋傳災情!「警示訊息」狂跳關不掉
http://bit.ly/2M6O7I5

SimJacker 漏洞   揭重大私隱危機
http://bit.ly/2AWwrbw

三星:20多處安全漏洞影響所有Galaxy旗艦機型
http://finance.sina.com/bg/tech/technews/sinacn/2019-10-09/doc-ifzpuztq0594053.shtml

三星多款機型現漏洞:涉21個安全問題 影響4000萬用戶
http://finance.sina.com/bg/economy/economy_company/thepaper/2019-10-10/doc-ifzpuztq0618287.shtml

再也看不到追蹤對象按了誰的讚!IG黑暗模式、刪除追蹤中功能等4大更新
https://www.niusnews.com/=P31p0002

西班牙電信阿根廷公司推出由Mavenir提供的信令防火牆
https://times.hinet.net/news/22596533

資料誤用另一例,Twitter 坦承把救急的雙因子認證電話號碼用在針對性廣告
https://technews.tw/2019/10/09/twitter-misuse-of-2fa-on-targeted-ad/

Twitter 承認利用兩步驟認證電話號碼,對使用者進行精準廣告投放
https://www.techbang.com/posts/73415-twitter-admits-it-used-two-factor-phone-numbers-and-emails-for-targeted-advertising

Yubico 向香港抗爭者贊助安全金鑰 Yubikey
http://bit.ly/320fSay

瑞典Yubikey捐港人500條最強網絡保安鎖匙
http://bit.ly/318m1jQ

蘋果為何軟了?下架香港地圖軟體和Quartz新聞
https://www.secretchina.com/news/b5/2019/10/11/910059.html

You Gave Your Phone Number to Twitter for Security and Twitter Used it for Ads
https://thehackernews.com/2019/10/twitter-advertising-privacy.html

Twitter used 2FA phone numbers for ad targeting
https://www.zdnet.com/article/twitter-used-2fa-phone-numbers-for-ad-targeting/#ftag=RSSbaffb68

Google finds Android zero-day impacting Pixel, Samsung, Huawei, Xiaomi devices
https://www.zdnet.com/article/google-finds-android-zero-day-impacting-pixel-samsung-huawei-xiaomi-devices/#ftag=RSSbaffb68

New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild
https://thehackernews.com/2019/10/android-kernel-vulnerability.html

Signal fixes FaceTime-like eavesdropping bug
https://www.zdnet.com/article/signal-fixes-facetime-like-eavesdropping-bug/

Signal Messenger Bug Lets Callers Auto-Connect Calls Without Receivers' Interaction
https://thehackernews.com/2019/10/signal-messenger-bug.html

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
九毛九收銀系統現漏洞 一門店四名員工截留32萬營收
https://news.sina.com.tw/article/20191009/32891906.html

「2020 全美重要資安大會」
https://www.tca.org.tw/market_info1.php?n=2262

暗網潛航——信息安全風險保險 (一)——偷樑換柱
http://bit.ly/322XkX7

網絡衝突不斷學者:網絡空間急需國際安全架構
https://news.sina.com.cn/c/2019-10-10/doc-iicezuev1112741.shtml

如果ISO 27001證書沒有TAF標誌,還有效嗎
https://www.ithome.com.tw/news/133528

盜用AWS與Cloud雲端運算挖礦,29歲駭客面臨至少34年牢獄刑責
https://www.ithome.com.tw/news/133562

執行紅隊演練,別受制於手上資訊與已知手法、漏洞
https://ithome.com.tw/news/133469

戴夫寇爾剖析漏洞與製作攻擊驗證工具
https://www.ithome.com.tw/news/133523

以攻擊者的角度制定防禦策略
https://devco.re/blog/2019/10/09/def-strategy/

關於台灣首次「網路風暴」聯合演習的幾點看法
https://www.upmedia.mg/news_info.php?SerialNo=72714

追蹤東南亞網路間諜攻擊 Palo Alto發現「PKPLUG」團體
https://udn.com/news/story/7238/4092225

資安報告:23 間大型 VPN 有 6 間中國 VPN公司資料安全成疑
https://unwire.hk/2019/07/10/chinavpn-2/tech-secure/

中共形象全球急速惡化 歐美澳亞皆厭惡
http://bit.ly/333k8Gh

西班牙地方網路遭駭 中央伸援
http://news.m.pchome.com.tw/internation/gpwb/20191005/index-57029084087357201011.html

哈利王子語音郵件被駭 怒控英國2媒體 拒黛妃事件重演
https://www.nownews.com/news/20191007/3675805/

黑客攻擊事件被爆,100萬新西蘭人的健康信息或處於危險之中
http://www.chinesenzherald.co.nz/news/new-zealand/hack-attack-puts-health-details-at-risk/

Algorand 投資部門的CTO手機遭駭,損失高達200萬美元
https://zombit.info/algorands-cto-mobile-phone-in-the-investment-department-suffered-a-loss-of-up-to-2-million/

英國政府警告,有APT組織正利用VPN漏洞大肆攻擊
https://nosec.org/home/detail/3014.html

袁桂笙:若網遭攻擊癱瘓台灣會變網絡孤島
http://news.stnn.cc/hk_taiwan/2019/1006/677080.shtml

路透:伊朗駭客疑試圖侵入川普競選團隊
https://udn.com/news/story/6809/4087238?from=udn-ch1_breaknews-1-cate5-news

不是假消息!微軟證實伊朗駭客發動「網路攻擊」 企圖干涉2020美總統大選
http://n.yam.com/Article/20191007158000

《基督日報》香港版被駭客入侵 強烈譴責違反新聞自由
http://bit.ly/2MmD8sC

干擾美國大選?世界駭客大賽測試發現 超過百款「投票機器」易遭駭客攻陷
https://cnews.com.tw/140191006a02/

領先全歐洲!法國下個月全國實施「臉部辨識」計畫
https://cnews.com.tw/140191007a05/

美國黑名單再增8中企 多數曾助中共監控新疆維族
https://news.ltn.com.tw/news/world/breakingnews/2940829

美國聯邦調查局大轉型 反恐怖主義改成網路安全
https://news.ltn.com.tw/news/world/breakingnews/2744481

泰國新例嚴管網絡言論 用咖啡店 WiFi 會被儲存瀏覽紀錄
http://bit.ly/2OCaoij

英國護照人臉辨識現漏洞 無法檢測深膚色人士
http://bit.ly/2MKipiX

Microsoft: Iran-Backed Group Targeted a Presidential Campaign
https://www.bankinfosecurity.com/microsoft-iran-backed-group-targeted-presidential-campaign-a-13198

Microsoft: Iranian hackers targeted a 2020 presidential campaign
https://www.zdnet.com/article/microsoft-iranian-hackers-targeted-a-2020-presidential-campaign/#ftag=RSSbaffb68

Iranian Hackers Targeted a US Presidential Candidate
https://www.wired.com/story/iran-hackers-target-us-presidential-candidate/

Russian hacker group patches Chrome and Firefox to fingerprint TLS traffic
https://www.zdnet.com/article/russian-hacker-group-patches-chrome-and-firefox-to-fingerprint-tls-traffic/

Report: Nation state hackers and cyber criminals are spoofing each other
https://www.zdnet.com/article/optiv-report-nation-state-hackers-and-cyber-criminals-are-spoofing-each-other/#ftag=RSSbaffb68

Optiv Security Releases Cyber Threat Intelligence Estimate Report to Increase Understanding of Cyber Threat Landscape, Offer Best Practices
https://www.optiv.com/press-releases/optiv-security-releases-cyber-threat-intelligence-estimate-report-increase

New CrowdStrike Threat Hunting Report Reveals Prolific Adversary Trends and Tactics
https://www.crowdstrike.com/resources/news/crowdstrike-releases-falcon-overwatch-mid-year-report-2019/

A 2019 Mid-Year Review From the CrowdStrike Falcon OverWatch Team
https://www.crowdstrike.com/resources/reports/observations-from-the-front-lines-of-threat-hunting-2019/

Microsoft: MFA bypass attacks are so rare we don't have good statistics on them
https://www.zdnet.com/article/microsoft-mfa-bypass-attacks-are-so-rare-we-dont-have-good-statistics-on-them/#ftag=RSSbaffb68

FBI warns about attacks that bypass multi-factor authentication (MFA)
https://www.zdnet.com/article/fbi-warns-about-attacks-that-bypass-multi-factor-authentication-mfa/#ftag=RSSbaffb68

Hacker to 5 Million Victims: “Get Outside More”
https://www.cbronline.com/news/toms-hacked

Schneier slams Australia's encryption laws and CyberCon speaker bans
https://www.zdnet.com/article/schneier-slams-australias-encryption-laws-cybercon-speaker-bans/#ftag=RSSbaffb68

Government interference in Australia's premier cybersecurity conference is a worry
https://www.zdnet.com/article/government-interference-in-australias-premier-cybersecurity-conference-is-a-worry/#ftag=RSSbaffb68

Hackers breach Volusion and start collecting card details from thousands of sites
https://www.zdnet.com/article/hackers-breach-volusion-and-start-collecting-card-details-from-thousands-of-sites/#ftag=RSSbaffb68

France warns of cyberattacks against service providers and engineering offices
https://www.zdnet.com/article/france-warns-of-cyberattacks-against-service-providers-and-engineering-offices/#ftag=RSSbaffb68

76 percent of US businesses have experienced a cyberattack in the past year
https://www.zdnet.com/article/76-percent-of-us-businesses-have-experienced-a-cyberattack-in-the-past-year/#ftag=RSSbaffb68

資安專案管理
http://bit.ly/30Tj9ar

網管兼資安工程師
https://www.104.com.tw/job/6r7uk

趨勢科技/物聯網資安軟體測試實習生(薪高、福利好)
https://worknowapp.com/jobs/ba13f31b-0d9d-4782-ad36-8324f491c4e7

金融聯合徵信中心招考 大學畢43K
https://www.1111.com.tw/zone/school_fresh/article_In.asp?artCat=3&id=128050&agent=out_Epaper25_school_fresh2019100912post03

【資訊】資訊安全管理師-ISO27001
https://www.104.com.tw/job/69jq5?jobsource=jolist_a_relevance

資訊安全管理師 / 資安工程師
https://www.104.com.tw/job/56qde?jobsource=jolist_a_relevance

資訊部門-資訊安全管理師
https://www.104.com.tw/job/4ws6j?jobsource=jolist_a_relevance

V資訊安全管理師
https://www.104.com.tw/job/6fmty?jobsource=jolist_a_relevance

〔資訊〕資深資訊安全管理師(台北)
https://www.104.com.tw/job/5gcqu?jobsource=jolist_a_relevance

資訊安全輔導顧問(台中辦公室)
https://www.104.com.tw/job/6kq0j?jobsource=jolist_a_relevance

資訊安全輔導顧問(台北辦公室)
https://www.104.com.tw/job/6kq0b?jobsource=jolist_a_relevance

資訊安全輔導顧問(台北/台中/高雄辦公室)
https://www.104.com.tw/job/3ra34?jobsource=jolist_a_relevance

合規處-資訊安全顧問
https://www.104.com.tw/job/5nttf?jobsource=jolist_a_relevance

I3601 資訊安全資深工程師(板橋)
https://www.104.com.tw/job/6dd4o?jobsource=jolist_a_relevance

I3601 資訊安全工程師(板橋)
https://www.104.com.tw/job/6doj9?jobsource=jolist_a_relevance

資訊安全事件中心(SOC)輪班正職人員-夜班
https://www.104.com.tw/job/4dzpm?jobsource=jolist_a_relevance

資訊安全售前架構師
https://www.104.com.tw/job/673hb?jobsource=jolist_a_relevance

行政_資訊安全工程師(SOC)
https://www.104.com.tw/job/6gssv?jobsource=jolist_a_relevance

行政_資訊安全工程師(DLP)
https://www.104.com.tw/job/5ucdb?jobsource=jolist_a_relevance

資安管理師
https://www.104.com.tw/job/6m54y?jobsource=jolist_a_relevance

【資訊處】資安規範管理師 Security Compliance
https://www.104.com.tw/job/6p7v6?jobsource=jolist_a_relevance

【資安】資安管理專業人員
https://www.104.com.tw/job/67bcx?jobsource=jolist_a_relevance

ISMS 資安顧問
https://www.104.com.tw/job/6fis1?jobsource=jolist_a_relevance

資訊系統管理師
https://www.104.com.tw/job/6jhgr?jobsource=jolist_a_relevance

資安專案經理
https://www.104.com.tw/job/64mq7?jobsource=jolist_a_relevance

網路系統管理師
https://www.104.com.tw/job/6f3f6?jobsource=jolist_a_relevance

資安技術顧問-E10B
https://www.104.com.tw/job/6he3h?jobsource=jolist_a_relevance

資安技術服務工程師(正職)
https://www.104.com.tw/job/3kmxs?jobsource=jolist_a_relevance

F 資訊作業管理人員
https://www.104.com.tw/job/6beps?jobsource=jolist_a_relevance

[幸福企業人才召募]網路資安工程顧問
https://www.104.com.tw/job/5x4dt?jobsource=jolist_a_relevance

資安專案經理/Project Manager
https://www.104.com.tw/job/2w0gs?jobsource=jolist_a_relevance

數位鑑識與舞弊偵防顧問
https://www.104.com.tw/job/2wf7t?jobsource=jolist_a_relevance

法金_國際資訊管理人員
https://www.104.com.tw/job/5cqzk?jobsource=jolist_a_relevance

專案管理高級工程師【福利佳】
https://www.104.com.tw/job/3cdtq?jobsource=jolist_a_relevance

金融科技、內控人員
https://www.104.com.tw/job/6j1x0?jobsource=jolist_a_relevance

資安Presales-E10B
https://www.104.com.tw/job/6he3g?jobsource=jolist_a_relevance

【資安】資安科技專業人員
https://www.104.com.tw/job/67cru?jobsource=jolist_a_relevance

F-資訊服務規劃師
https://www.104.com.tw/job/4gtpx?jobsource=jolist_a_relevance

海外資安稽核_某知名網路公司 (3003292)
https://m.1111.com.tw/job/91186564/

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
法國下月實施臉部辨識身分 馬克宏「提升行政效率」挨轟
http://bit.ly/352ltPH

AI黑客整合資料 度身定造釣魚電郵
http://bit.ly/2VqTPY1

推特認了 用戶個資不慎用作廣告目的
http://bit.ly/35nzEz2

美司法部要求fb「開路」 讓執法部門調查時閱覽加密訊息
https://hk.news.appledaily.com/international/realtime/article/20191004/60115291

「加州消費者隱私法」明年生效,消費者可以要求刪除什麼樣的數據
https://www.thenewslens.com/feature/timefortune/125541

網路交易三方詐騙難防範 台灣司法人權進步協會:盡量選擇合法交易網站平台
http://bit.ly/2Isdq55

你的個資被外洩? 用這網站搜尋自己就知道
https://udn.com/news/story/7088/4096237

訂房網驚傳個資外洩 228名會員被騙3362萬
https://news.ltn.com.tw/news/Taipei/breakingnews/2938050

訂房網疑洩個資 醫師被騙164萬
https://news.ltn.com.tw/news/society/paper/1323071

Booking.com訂房網疑個資外洩 228會員遭騙3千多萬元
http://bit.ly/2oUZVE5

Booking訂房網疑個資外洩!228會員慘淪詐騙提款機…被騙逾3千萬
https://www.ettoday.net/news/20191006/1551287.htm

Booking訂房網228台人被騙 驚動荷蘭總公司
https://udn.com/news/story/7315/4096205?from=udn-catelistnews_ch2

Booking.com疑似個資外洩非單一案例,近半年民眾通報各網購平臺解除分期詐騙破千件
https://www.ithome.com.tw/news/133558

知名訂房網疑個資外洩 荷蘭總公司與刑事局合作防堵
https://gotv.ctitv.com.tw/2019/10/1141435.htm

北京警方發佈電信網路詐騙犯罪安全防範提示
https://news.sina.com.tw/article/20191001/32830418.html

紐西蘭初級衛生組織Tū Ora遭駭客入侵,外洩100萬名用戶資料
https://ithome.com.tw/news/133509

呼叫器洩漏加拿大溫哥華病患敏感資料:這對企業的意義為何
https://blog.trendmicro.com.tw/?p=62214

小心落入電郵詐騙騙局 駭客造假有3手法
https://money.udn.com/money/story/5648/4097851

電郵詐騙 一個字母坑千萬
https://money.udn.com/money/story/5648/4097807

企業電郵詐騙案沒停過 今年36件拐走上億元
https://money.udn.com/money/story/5648/4097814

防制電郵詐騙五秘訣 幫金庫上安全鎖
https://money.udn.com/money/story/5648/4097844

小心落入電郵詐騙騙局 駭客造假有3手法
https://money.udn.com/money/story/5648/4097851

California Consumer Privacy Act (CCPA): What you need to know to be compliant
https://www.csoonline.com/article/3292578/california-consumer-privacy-act-what-you-need-to-know-to-be-compliant.html

Turkey fines Facebook $282,000 over privacy breach
https://www.reuters.com/article/us-facebook-lawsuit-privacy-turkey/turkey-fines-facebook-282000-over-privacy-breach-idUSKBN1WI0LJ

Nigerian Man Charged in Phishing Scam Targeting US Agencies
https://www.bankinfosecurity.com/nigerian-man-charged-in-phishing-scam-targeting-us-agencies-a-13195

Check If You Are in the Sephora and StreetEasy Data Breaches
https://www.bleepingcomputer.com/news/security/check-if-you-are-in-the-sephora-and-streeteasy-data-breaches/

Turkey Fines Facebook After Data Breach
https://www.bankinfosecurity.asia/turkey-fines-facebook-after-data-breach-a-13199

Data breach at Russian ISP impacts 8.7 million customers
https://www.zdnet.com/article/data-breach-at-russian-isp-impacts-8-7-million-customers/#ftag=RSSbaffb68

Tū Ora Compass Health data breach exposes medical data of one million people
https://www.zdnet.com/article/tu-ora-data-breach-exposes-medical-data-of-one-million-new-zealand-residents/#ftag=RSSbaffb68

Phishing attempts increase 400%, many malicious URLs found on trusted domains
https://www.helpnetsecurity.com/2019/10/09/phishing-increase-2019/

Beware of Fake Amazon AWS Suspension Emails for Unpaid Bills
https://www.bleepingcomputer.com/news/security/beware-of-fake-amazon-aws-suspension-emails-for-unpaid-bills/

E.研究報告
騰訊Blade Team發現雲虛擬化平台QEMU-KVM逃逸漏洞各大雲廠或受影響
http://www.kaixian.tv/gd/2019/1010/1057889.html

《李忠憲專欄》科幻小說與資安
https://living.taronews.tw/2019/10/09/491257/

《李忠憲專欄》資訊安全忙起來就不要
https://taronews.tw/2019/10/10/491557/

《李忠憲專欄》V怪客面具
https://living.taronews.tw/2019/10/10/491581/

如何查看與操弄 Android/iOS App 裡的 HTTPS Request 及 Response
http://bit.ly/30SsBuL

除了 Web API 之外的新選擇 - gRPC 服務
https://dotblogs.com.tw/supershowwei/2019/10/07/090708

「網絡安全預警通報」關於Windows RPD服務遠程代碼執行漏洞的預警通報
http://www.sohu.com/a/345229127_100160592

釣魚郵件的投遞和偽造
https://xz.aliyun.com/t/6325

瀏覽器中的資料庫
https://www.ithome.com.tw/voice/133384

解決最近駭客透過UUIDSpoof入侵其分流並獲取OP進行破壞的四個方案
https://forum.gamer.com.tw/C.php?bsn=18673&snA=179712

GitHub 準備集成Semmle 代碼分析用於持續的漏洞檢測
https://www.infoq.cn/article/D7C0Wgu1N2fsdm0jmwqR?utm_source=rss&utm_medium=article

一篇了解Redis 未授權漏洞利用
https://mp.weixin.qq.com/s/Oy63HY68MdDzL0WBdFLDBQ

網站命令執行滲透測試步驟詳情
https://www.admin5.com/article/20191010/928029.shtml

直抄程式碼惹禍  Stack Overflow成重災區
http://bit.ly/35mGO6z

CVE-2019-1315:基於錯誤報告機制的Windows提權漏洞
https://nosec.org/home/detail/3027.html

主流虛擬化平台QEMU-KVM被曝存在漏洞,可完全控制母機及其虛擬機
https://www.leiphone.com/news/201910/rFUAnGxghqK8M4sa.html

File upload vulnerability scanner and exploitation tool.
https://github.com/almandin/fuxploider

Setup a Centralized Log Server with Rsyslog in CentOS/RHEL 8
https://www.tecmint.com/create-centralized-log-server-with-rsyslog-in-centos-8/

Using the MITRE ATT&CK Navigator for Intelligence Gathering Pre-purple Teaming
https://pentestmag.com/using-the-mitre-attck-navigator-for-intelligence-gathering-pre-purple-teaming/

DNS-over-HTTPS causes more problems than it solves, experts say
https://www.zdnet.com/article/dns-over-https-causes-more-problems-than-it-solves-experts-say/#ftag=RSSbaffb68

ThreadBoat : Program Uses Thread Execution Hijacking to Inject Native Shellcode into a Standard Win32 Application
https://kalilinuxtutorials.com/threadboat-thread-execution-hijacking/

Web App for Volatility framework
https://github.com/kevthehermit/VolUtility

F.商業
Google資料中心實習計畫曝光 想要進去要有這幾種能力
http://bit.ly/35amjcY

IBM資訊安全部門全球威脅情報防禦產品協理謝明君 100%客製方案 資安缺了OT就Out
https://times.hinet.net/magazine/cp105/22590343

泉順食品攜手精品科技活用X-FORT強化網路監控力
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000569770_40O8444D67OEYJ1PFO5O7

CloudMile 攜手 Multi CDN 專家 mlytics 推出一站式平台 MileCDN
http://n.yam.com/Article/20191008136276

開放原始碼漏洞翻倍,趨勢科技與Snyk聯手出擊
http://bit.ly/35gqbJA

17 Media 資料遷移:從全託管 MongoDB 到 MongoDB Atlas,用戶體驗與工作效率雙提升
https://www.inside.com.tw/article/17763-MongoDB

Arm 為提供嵌入式平台客戶差異化,推出嵌入式 CPU 客製化指令集服務
https://www.cool3c.com/article/148770

Arm enables SoC makers to create custom instructions for embedded CPUs
https://www.zdnet.com/article/arm-enables-soc-makers-to-create-custom-instructions-for-embedded-cpus/#ftag=RSSbaffb68

Cybersecurity giants join forces to combat cyberthreats under OASIS umbrella
https://www.zdnet.com/article/cybersecurity-firms-join-forces-to-combat-open-source-security-woes-under-oasis-umbrella/#ftag=RSSbaffb68

Microsoft's Azure Data Box Edge gets rugged, portable option
https://www.zdnet.com/article/microsofts-azure-data-box-edge-gets-rugged-portable-option/#ftag=RSSbaffb68

Microsoft's unified Office Mobile app: What it is and why it matters
https://www.zdnet.com/article/microsofts-unified-office-mobile-app-what-it-is-and-why-it-matters/#ftag=RSSbaffb68

New Comic Videos Take CISO/Security Vendor Relationship to the Extreme
https://thehackernews.com/2019/10/ciso-cyber-security-videos.html

Breaches are now commonplace, but Reason Cybersecurity lets users guard their privacy
https://thehackernews.com/2019/10/reason-antivirus-protection.html

G.政府
29個法院遭駭攻 綠委憂司院資安不足
http://pchome.megatime.com.tw/news/cat8/20191003/57010460429856224001.html

NCC:專網不一定需要專頻
http://bit.ly/2AI3cJg

中科院列管名單從出入境電腦下線逾2個月 出國管制出現5個月大漏洞
http://bit.ly/2OrBmZZ

修法清查現空窗?中科院:境管並無漏洞
https://news.pchome.com.tw/society/newstaiwandigi/20191006/photo-57035655016335279002.html

傳中科院曝出境管制漏洞 國防部:管制出境人數達1516人
https://newtalk.tw/news/view/2019-10-06/308035

《謠言終結站》國防部:中科院人員出境都納管
https://news.ltn.com.tw/news/politics/paper/1323091

國防部:中科院涉密人員已調整出入境納管期限
https://living.taronews.tw/2019/10/06/487819/

中科院轉型行政法人脫離國安管制 綠委提案補強安全稽核疏漏
http://bit.ly/35fiDXp

政策 人員 技術 打造資安防護金鐘罩
https://udn.com/news/story/6868/4087551

美台國防工業會議展開 許毓仁:資安科技將成為決勝的第一道防線
http://news.knowing.asia/news/dae13976-dcd0-4c8d-9610-ba31493231e6

訂房免用境外平台 台灣旅宿網2.0月底上線
https://www.ttv.com.tw/news/view/10810080013000I/579

柯市府推「智慧販賣機」入校園,成大資安教授揭「AI 潛在危機」
https://buzzorange.com/2019/10/08/taipei-ai-vending-machine/

因應金融環境變化與挑戰 金管會提發展新策略
https://money.udn.com/money/story/5613/4091801

資通電軍資通2大隊國慶假期軍紀宣教 維護國軍榮譽
https://www.ydn.com.tw/News/355665

H.ICS/SCADA 工控系統
10月15日國際工控系統資安研討會台北登場
https://digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000570042_PDQ1G2BW38493N3YLUJ94&cat=60

駭客新招術 癱瘓機台系統
https://money.udn.com/money/story/5648/4097856

Qualcomm -- ipq4019_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10499

Qualcomm -- ipq8074_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10539

Qualcomm -- ipq8074_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10540

Qualcomm -- mdm9205_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2294

Qualcomm -- mdm9206_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10489

Qualcomm -- mdm9607_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10492

Qualcomm -- mdm9650_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2252

Qualcomm -- msm8909w_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10509

Qualcomm -- msm8909w_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10538

Qualcomm -- qcs405_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10510

I.教育訓練
改變歷史的加密訊息
https://ithelp.ithome.com.tw/users/20111946/ironman/2582

網路世界的奇怪冒險
https://ithelp.ithome.com.tw/users/20112000/ironman/2908

Cissp 系列
https://ithelp.ithome.com.tw/users/20118530/ironman/2224

JavaScript 中的同步與非同步(上):先成為 callback 大師吧
https://blog.huli.tw/2019/10/04/javascript-async-sync-and-callback/

資安攻防最後一步:學會滲透測試
https://ithome.com.tw/pr/133484

讓駭客走過,就留下痕跡!你需要學會資安分析實務
http://bit.ly/2VoGTlK

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
想躲過AI 監控? 戰鬥民族研發「反臉孔辨識」化妝術
https://fnc.ebc.net.tw/FncNews/business/101960

OT人效率擺第一 資安危機應對心態要調整
https://www.mem.com.tw/arti.php?sn=1910050010

2020 年智慧工廠資安趨勢:AI、邊緣運算為何成為駭客最愛的攻擊弱點
https://buzzorange.com/techorange/2019/10/07/iiot-security-trends-2020/

別讓物聯網成「惡」聯網 政策 人員 技術 打造資安防護金鐘罩
http://bit.ly/2VrcAKX

科技連接未來! 你該知道的物聯網重點有這些
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&id=0000569868_5GR79QQA7W90067CDC7NK

Answering IoT Security Questions for CISOs
https://blog.trendmicro.com/answering-iot-security-questions-for-cisos/

6.近期資安活動及研討會
 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/

 白帽駭客體驗實作 10/13
 https://www.sce.pccu.edu.tw/event/chtweb/index.html

 HAKON – International Information Security Meet 10/13
 https://infosec-conferences.com/events-in-2019/hakon/

 國家高速網路與計算中心 台灣杉一號高速計算主機使用進階課程 10/14
 https://edu.nchc.org.tw/course/one_course_introduction.asp

 M3AAWG 47th General Meeting 10/14 ~ 10/17
 https://infosec-conferences.com/events-in-2019/m3aawg-47th-general-meeting/

 數位時代,自已的權利自己顧 -- 不可不知!基礎資安教戰講座  10/15
 https://ocftw.kktix.cc/events/e0c1048b

 AWS Transformation Day 10/15
 https://amzn.to/2ksO8Lb

 智資時代 2019 科技法制前瞻論壇 10/15
 https://seminar.ithome.com.tw/live/iii20191015/index.html?eDM_iThome

 AI時代下,資安與視覺化的觀點與實例 10/16
 https://www.tiai.org.tw/tiaiActDetailClass?sno=19

 2019 IBM Cloud 用戶實作課程秋季班  10/16
 https://ibm.co/2n4VNQQ

 BSides Ahmedabad 10/16
 https://infosec-conferences.com/events-in-2019/bsides-ahmedabad/

 TFUG Taipei | TensorFlow All Around 10/16
 https://www.meetup.com/TensorFlow-User-Group-Taipei/events/264713077/

 第八屆國際程式競賽 CodeVita Season 8 即日起至10/17日報名截止
 https://bhuntr.com/tw/competitions/104724210865172005190909102w

 Data Connectors Toronto Tech-Security – October  10/17
 https://infosec-conferences.com/events-in-2019/data-connectors-toronto-october/

 Kotlin/Everywhere GDG Hsinchu - Kotlin on Cloud and Web 10/17
 https://www.meetup.com/GDG-Hsinchu/events/263741333/

 2019 Space Apps Challenge_NASA 黑客松台北場 10/18
 https://www.facebook.com/events/2112377919060176/

 2019 邊緣運算論壇 - AI + IoT 備戰台商回流潮,IIoT 智慧升級 10/18
 https://www.accupass.com/event/1909040655361186052756

 2019 CYBERSPACE聯合研討會 10/18 ~ 10/19
 https://cyberspace.ttu.edu.tw/cyber2019/

 Crosslink Taiwan 2019 10/19
 https://www.meetup.com/Taipei-Ethereum-Meetup/events/264302796/

 交通大學亥客書院-A006:數位足跡追蹤與分析 10/19
 https://hackercollege.nctu.edu.tw/?p=1088

 無痛上手-WiFi無線網路安全檢測 10/20
 https://www.sce.pccu.edu.tw/event/chtweb/index.html

 日盛金融黑客松 報名至10/20 止
 https://app.jsun.com/hackathon/Main

 DEVCORE 那些年我回報的漏洞踩雷經驗  10/21
 https://hackersir.kktix.cc/events/orange1021

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 國家高速網路與計算中心 平行計算程式設計基礎課程 10/22
 https://edu.nchc.org.tw/course/one_course_introduction.asp

  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019

 IEEE Symposium on Visualization for Cyber Security (VizSec) 10/23
 https://infosec-conferences.com/events-in-2019/vizsec/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

 從網路基礎建設安全談RPKI與DDoS  10/24
 https://twnic-icann.kktix.cc/events/108-7

 [Palo Alto Networks]-Palo Alto Networks 直播研討會Part6. MITRE ATT&CK 新資安攻防框架進階產業應用 10/24
 https://www.zerone.com.tw/TrainingDetial/Seminar/7747B901A8198AC3%7C1C130FE6FEC34700

 Cybersecurity Conference Rhein-Neckar  10/24 ~ 10/25
 https://infosec-conferences.com/events-in-2019/cybersecurity-rhein-neckar/

 Identity Days 10/24
 https://infosec-conferences.com/events-in-2019/identity-days/

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  10/25
 https://signupcybersec101.ithome.com.tw/

 國家高速網路與計算中心 大數據軟體開發平台與深度學習、HBase(大數據資料庫)開發應用案例 10/25
 https://edu.nchc.org.tw/course/one_course_introduction.asp

 交通大學亥客書院-A015:進階網頁滲透測試 10/26
 https://hackercollege.nctu.edu.tw/?p=1090

 International Conference on Networks & Communications (NETWORKS) 10/26 ~ 10/27
 https://infosec-conferences.com/events-in-2019/networks/

 亞洲‧矽谷學院108年免費認證考試 10/27
 https://college.asvda.org.tw/

 International Conference on Emerging Security Information, Systems and Technologies (SECURWARE) 10/27 ~ 10/31
 https://infosec-conferences.com/events-in-2019/securware/

 SANS Amsterdam October  10/28
 https://infosec-conferences.com/events-in-2019/sans-amsterdam-october/

 工業自動化資安管理與實務 10/29 ~ 10/30
 https://www.ivendor.com.tw/website/featured_detial/91

 資安檢核核心技術及進階技術研討會 10月28日至10月30日
 http://bit.ly/2TN2UtD

 Foundations in Digital Forensics with EnCase® (DF120) (原CF1) 10/28 ~ 10/31
 https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=39

 International Workshop on Reliability and Security Data Analysis (RSDA)  10/28 ~ 10/31
 https://infosec-conferences.com/events-in-2019/rsda/

 International Symposium on Software Reliability Engineering (ISSRE)  10/28 ~ 11/1
 https://infosec-conferences.com/events-in-2019/issre/

 Securing New Ground 10/29 ~ 10/30
 https://infosec-conferences.com/events-in-2019/securing-new-ground/

 CEBIT Australia  10/29 ~ 10/31
 https://infosec-conferences.com/events-in-2019/cebit-australia/

 OWASP AppSec Day Melbourne  11/1
 https://infosec-conferences.com/events-in-2019/owasp-appsec-day-melbourne/

 Hackfest 2019  11/1 ~ 11/3
 https://infosec-conferences.com/events-in-2019/hackfest-2019/

 行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30
 https://www.accupass.com/event/1810080517061259295030

  Elite East Coast CISO Summit 11/3~11/5
 https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/

 Red Hat Forum Taipei 2019  11/5
 https://www.facebook.com/events/1390202967799392/

 Cyber Security Summit: Boston  11/6
 https://infosec-conferences.com/events-in-2019/cyber-security-summit-boston/

 駭客攻防暨數位鑑識系列一(第1期) 11/7
 https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=384540

 網路攻擊鏈( Cyber Kill Chain)各階段實作 (6hr)  11/7
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384540

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/8
 https://signupcybersec101.ithome.com.tw/

 BSides Charleston 11/9
 https://infosec-conferences.com/events-in-2019/bsides-charleston/

 Kotlin/Everywhere GDG Taoyuan - 運用 Ktor 建置一個以 Kotlin 打造的後端服務  11/9
 https://www.meetup.com/GDGTaoyuan/events/264776152/

 OpenInfra Day Taiwan 11/12
 http://openinfra.digitimes.com.tw/

 CLEAR Cyber Leaders Conference 11/12 ~ 11/13
 https://infosec-conferences.com/events-in-2019/clear-cyber-leaders-conference/

 Windows檔案系統及檔案還原 (6hr)  11/14
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384541

 Digital Internet Summit 11/14
 https://infosec-conferences.com/events-in-2019/digital-internet-summit/

 INTERFACE – Nebraska 11/14
 https://infosec-conferences.com/events-in-2019/interface-nebraska/

 SecureWV – Hack3rCon  11/15 ~ 11/17
 https://infosec-conferences.com/events-in-2019/securewv-hack3rcon/

 交通大學亥客書院-P006:高階網頁滲透測試 11/16
 https://hackercollege.nctu.edu.tw/?p=1092

 FS-ISAC Fall Summit 11/17 ~ 11/20
 https://infosec-conferences.com/events-in-2019/fs-isac-fall-summit/

 Microsoft IoT in Action 11/20
 https://www.iotinactionevents.com/event/taipei

 Infosecurity ISACA North America Expo and Conference 11/20 ~ 11/21
 https://infosec-conferences.com/events-in-2019/isaca-north-america-expo-conference/

 檔案特徵值比對與關鍵字搜尋 (2hr) Open Source數位鑑識工具實務操作 (5hr) 11/21
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384542

 Trend Micro CTF 2019 // Raimund Genes Cup  FINAL / NOVEMBER 23–24, 2019
 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html

 資安檢核核心技術及進階技術研討會11月26日至11月28日
 http://bit.ly/2TN2UtD

 人資人員必修的職安法規定 11/26
 https://www.accupass.com/event/1909121441141977826554

 模擬案例鑑識分析實務 (6hr)  11/28
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384543

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/29
 https://signupcybersec101.ithome.com.tw/

 交通大學亥客書院-B015:惡意程式檢測 11/30
 https://hackercollege.nctu.edu.tw/?p=1098

 亞洲‧矽谷學院108年免費認證考試 11/30
 https://college.asvda.org.tw/

 Digital Summit Dallas  12/4
 https://infosec-conferences.com/events-in-2019/digital-summit-dallas/

 Kansas City Cyber Security Conference 12/5
 https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/

 CyberMaryland Conference 12/5 ~ 12/6
 https://infosec-conferences.com/events-in-2019/cybermaryland-conference/

 FutureCon Nashville Cyber Security Conference 12/11
 https://infosec-conferences.com/events-in-2019/futurecon-nashville/

 Utility Cyber Security Forum December 12/11
 https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/

 交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦  12/14
 https://hackercollege.nctu.edu.tw/?p=1094

 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

留言

這個網誌中的熱門文章

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…