資安事件新聞週報 2019/10/28 ~ 2019/11/1
1.重大弱點漏洞/後門/Exploit/Zero Day
Symantec antivirus crashes something again. This time Chrome 78 browsers
https://www.zdnet.com/article/symantec-antivirus-crashes-something-again-this-time-chrome-78-browsers/#ftag=RSSbaffb68
VMWare vCenter 伺服器設備資料洩露漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0018.html
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
https://www.exploit-db.com/exploits/47566
主流虛擬化平臺 QEMU-KVM 被曝存在漏洞,可完全控制宿主機及其虛擬機
https://www.chainnews.com/zh-hant/articles/730633063482.htm
Google Chrome/Microsoft Edge Chromium version 78.0.x error "Aw, Snap! Something went wrong while displaying this webpage." when using Endpoint Protection
https://support.symantec.com/us/en/article.tech256047.html
Where the beep is Reopen Closed Tab in Chrome 78? (and how to get it back)
https://www.zdnet.com/article/where-the-beep-is-reopen-closed-tab-in-chrome-78-and-how-to-get-it-back/#ftag=RSSbaffb68
Samba Releases Security Updates
https://www.samba.org/samba/security/CVE-2019-10218.html
https://www.samba.org/samba/security/CVE-2019-14833.html
https://www.samba.org/samba/security/CVE-2019-14847.html
IBM Cloud Orchestrator 注入漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4396
IBM InfoSphere Information Server on Cloud和IBM InfoSphere Information Server信息泄露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4615
IBM Security Guardium Big Data Intelligence信息泄露漏洞
https://www.ibm.com/support/pages/node/1096384
IBM Security Guardium Big Data Intelligence加密问题漏洞
https://www.ibm.com/support/pages/node/1096924
PHP再傳遠端程式碼執行漏洞,波及Nginx網站伺服器
https://www.ithome.com.tw/news/133904
Nasty PHP7 remote code execution bug exploited in the wild
https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/#ftag=RSSbaffb68
Fujitsu Wireless Keyboard Set LX390 Keystroke Injection
https://packetstormsecurity.com/files/154956/SYSS-2019-011.txt
Xorg X11 Server SUID modulepath Privilege Escalation
https://packetstormsecurity.com/files/154942/xorg_x11_suid_server_modulepath.rb.txt
Trend Micro Anti-Threat Toolkit (ATTK) 1.62.0.1218 Remote Code Execution
https://packetstormsecurity.com/files/154916/TREND-MICRO-ANTI-THREAT-TOOLKIT-ATTK-REMOTE-CODE-EXECUTION.txt
Unsupported D-Link routers vulnerable to RCE flaws
https://www.scmagazine.com/home/security-news/vulnerabilities/unsupported-d-link-routers-vulnerable-to-rce-flaws/
Major vulnerability patched in the EU's eIDAS authentication system
https://www.zdnet.com/article/major-vulnerability-patched-in-the-eus-eidas-authentication-system/#ftag=RSSbaffb68
Facebook sues Israeli surveillance vendor over WhatsApp zero-day
https://www.zdnet.com/article/facebook-sues-israeli-surveillance-vendor-over-whatsapp-zero-day/#ftag=RSSbaffb68
NFC False Tag Vulnerability – CVE-2019-9295
https://www.checkmarx.com/blog/nfc-false-tag-vulnerability
Modern Binary Analysis with ILs
https://binary.ninja/presentations/Modern%20Binary%20Analysis%20with%20ILs.pdf
Apache Solr Velocity模板遠程代碼執行,附poc
http://www.shungg.cn/post/268
Microsoft Warns of Windows Slow Startup Due to Persistent Memory
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-windows-slow-startup-due-to-persistent-memory/
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
行庫組織調整 強化法遵、資安
http://bit.ly/2BK4iFb
國泰證下單系統今早大當機 公司:已完成修復
https://tw.appledaily.com/new/realtime/20191028/1655067/
金控子公司雙向身分認證服務 首例壽險銀行合作
https://www.cna.com.tw/news/afe/201910280196.aspx
淘寶網購避稅要注意囉!海關將查信用卡刷卡資料 3管齊下防堵
https://www.ettoday.net/news/20191028/1567092.htm
普及資安險 產險業推親民保單
http://bit.ly/2NrQzbi
中華保險服務協會辦研討 保險業迎科技創新 須慎防資安風險
http://bit.ly/2Ns1PED
金融業決勝科技運用,深耕小資族挖掘大商機
http://bit.ly/2WxtYyj
歐盟擬新設機構 打擊洗錢活動
http://bit.ly/34tRmQb
打擊洗錢犯罪,歐盟擬成立獨立監管機構
http://bit.ly/2JFXLPY
狐假虎威,無名駭客試圖冒充知名駭客團體成員向金融機構發起DDoS攻擊
https://ek21.com/news/tech/155211/
日商三菱日聯銀行股份有限公司通訊加密設備因惡意連線導致台灣據點部分客戶及第三方交易資訊洩漏一事
https://piyolog.hatenadiary.jp/entry/2019/10/29/060335
三菱UFJ銀行が不正アクセスを受けた通信暗号化装置について調べてみた
https://piyolog.hatenadiary.jp/entry/2019/10/29/060335
ローカルキャッシュマネジメントサービスの通信暗号化装置への不正アクセスによる台湾拠点の一部お客さま情報および第三者情報の漏えいについて
https://www.bk.mufg.jp/news/news2019/pdf/news1025.pdf
DDoS 攻撃を示唆して、仮想通貨を要求する脅迫メールについて
https://www.jpcert.or.jp/newsflash/2019103001.html
Romanian duo skims data from 8 ATMs in Hyderabad, held
http://timesofindia.indiatimes.com/articleshow/71747779.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst
Online shoppers beware: Those ATM skimming devices are now on some retail websites
https://www.fastcompany.com/90421916/online-shoppers-beware-those-atm-skimming-devices-are-now-on-some-retail-websites
ATM Malware and Jackpotting Attacks Could Be Making a Return
https://www.cpomagazine.com/cyber-security/atm-malware-and-jackpotting-attacks-could-be-making-a-return/
Four suspected cyber criminals arrested while trying to steal money from an ATM
https://nairobinews.nation.co.ke/news/four-suspected-cyber-criminals-arrested-while-trying-to-steal-money-from-an-atm
Five of ATM fraudsters’ gang land in police net
https://www.tribuneindia.com/news/five-of-atm-fraudsters-gang-land-in-police-net/850841.html
Online banking and ATM fraud: Mumbai tops among 19 metros
https://indianexpress.com/article/india/online-banking-and-atm-fraud-mumbai-tops-among-19-metros-6082817/
SBI Card: Know State Bank of India's all debits cards, their ATM withdrawal limit
https://www.zeebiz.com/personal-finance/news-sbi-card-know-state-bank-of-indias-all-debits-cards-their-atm-withdrawal-limit-113258
Details for 1.3 million Indian payment cards put up for sale on Joker's Stash
https://www.zdnet.com/article/details-for-1-3-million-indian-payment-cards-put-up-for-sale-on-jokers-stash/#ftag=RSSbaffb68
Joker's Stash Lists 1.3 Million Stolen Indian Payment Cards
https://www.bankinfosecurity.com/jokers-stash-lists-13-million-stolen-indian-payment-cards-a-13302
Biggest single card database ever on sale on dark net marketplace
https://www.group-ib.com/media/biggest-card-database-ever/
Cybercrime, a fake Fancy Bear threats companies with DDoS attacks
https://www.difesaesicurezza.com/en/defence-and-security/cybercrime-a-fake-fancy-bear-threats-companies-with-ddos-attacks/
DDoS attackers claim to be Russian APT group, demand ransom
https://www.scmagazine.com/home/security-news/cybercrime/ddos-attackers-claim-to-be-russian-apt-group-demand-ransom/
Global RDoS Campaign – Fancy Bear
https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reports/global-rdos-campagin%E2%80%93fancy-bear/
Warning of Serious DDoS Blackmail Campaigns Attributed to Fancy Bear Group
https://www.link11.com/en/blog/warning-of-serious-ddos-blackmail-campaigns-attributed-to-fancy-bear-group/
Fast-Food Chain Krystal Investigates Card 'Security Incident'
https://www.bankinfosecurity.com/fast-food-chain-krystal-investigates-card-security-incident-a-13301
Visa Drops 2FA for Low-Value Transactions
https://www.bankinfosecurity.asia/visa-drops-2fa-for-low-value-transactions-a-13308
Need to bolster banking apps security on mobile devices: Fortinet’s Rajesh Maurya
https://techobserver.in/2019/10/31/need-to-bolster-banking-apps-security-on-mobile-devices-fortinets-rajesh-maurya/
Inside Magecart: the history behind the covert card-skimming assault on the e-commerce industry
https://www.virusbulletin.com/blog/2019/10/vb2019-paper-inside-magecart-history-behind-covert-card-skimming-assault-e-commerce-industry/
Banche, si teme un attacco phishing ai clienti
https://qds.it/banche-si-teme-un-attacco-phishing-ai-clienti/
Some brokerages in Singapore hit by DDoS attacks last week
https://www.businesstimes.com.sg/banking-finance/some-brokerages-in-singapore-hit-by-ddos-attacks-last-week
Stock brokerages here hit by cyber attacks
https://www.tnp.sg/news/singapore/stock-brokerages-here-hit-cyber-attacks
Turkey ranked second in mobile banking attacks
https://www.news1.news/tr/2019/10/turkey-ranked-second-in-mobile-banking-attacks.html
Cybersecurity and Banking: 3 Trends to Watch in 2020
https://www.bitsight.com/blog/cybersecurity-and-banking-3-trends-to-watch-in-2020
Polisi Ringkus Spesialis Pembobol ATM Lintas Provinsi Pakai Tusuk Gigi
https://radarsurabaya.jawapos.com/read/2019/10/29/163495/polisi-ringkus-spesialis-pembobol-atm-lintas-provinsi-pakai-tusuk-gigi
Diduga akan Skimming ATM, WN Ukraina Ditangkap Polda Bali
https://www.merdeka.com/peristiwa/diduga-akan-skimming-atm-wn-ukraina-ditangkap-polda-bali.html
Secret Service: Brazilian’s bank data scheme hits Seacoast ATMs
https://www.fosters.com/news/20191031/secret-service-brazilians-bank-data-scheme-hits-seacoast-atms
India is on radar of hackers stealing card details from ATM machines
https://www.livemint.com/technology/tech-news/india-is-on-radar-of-hackers-stealing-card-details-from-atm-machines-11572514090022.html
The Central Bank will strengthen control over IT-security of credit institutions
https://www.ehackingnews.com/2019/10/the-central-bank-will-strengthen.html?utm_source=dlvr.it&utm_medium=twitter
3.電子支付/電子票證/行動支付/ pay/新聞及資安
LINE Pay一卡通繳卡費「爆出漏洞」!網友神製條碼器 每期爽賺500點高回饋
https://www.ettoday.net/news/20191027/1566267.htm
鑽LinePay漏洞!他撈500點回饋 律師:恐涉詐欺
https://news.ebc.net.tw/News/living/183573
謊稱支付寶遭盜用獲賠 杭州大學生反被告詐騙
https://hk.on.cc/hk/bkn/cnt/cnnews/20191027/bkn-20191027130540419-1027_00952_001.html
4.虛擬貨幣/區塊鍊相關新聞及資安
陳元談區塊鏈:需警惕新技術的安全漏洞
https://news.sina.com.tw/article/20191027/33097584.html
跨境貿易融資 加速應用區塊鏈
https://www.chinatimes.com/newspapers/20191028000083-260309?chdtv
區塊鏈應避虛就實加快場景應用是根本
https://news.sina.com.tw/article/20191029/33116898.html
銀行發展區塊鏈 人行緊盯資安
https://www.chinatimes.com/newspapers/20191029000042-260301?chdtv
區塊鏈應避虛就實加快場景應用是根本
https://news.sina.com.tw/article/20191029/33117080.html
科技與人性(一)區塊鏈做不到的事。什麼是 hard candy?區塊鏈裡的秘密資訊、《最大の素數》
http://bit.ly/2MVyR0X
中國力推區塊鏈 比特幣暴漲 區塊鏈是極權政府的良伴嗎
https://www.cw.com.tw/article/article.action?id=5097442
ICC 新盤 GDA 號稱被黑客攻擊跑路,又出現了 3T、EXXA 等新盤
https://www.chainnews.com/zh-hant/articles/817620599105.htm
想投資比特幣嗎?給新手比特幣交易者的五條建議
http://news.knowing.asia/news/cd2955e6-88cb-4fe7-ad71-1f501fd2eeb2
ENWIN warning bitcoin scammers may target customers
https://windsor.ctvnews.ca/enwin-warning-bitcoin-scammers-may-target-customers-1.4656982
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
360安全衛士披露羅技軟件漏洞傳播木馬木馬作者也被感染
https://www.239232.com/qita/71076.html
2020年資安預測:目標式勒索軟體與行動惡意程式將持續升溫
https://ithome.com.tw/news/133872
手機惡意程式氾濫國家級APT病毒間諜
http://bit.ly/2MTwwUi
南非最大城約翰尼斯堡遭勒索軟體入侵
https://www.ithome.com.tw/news/133858
駭客入侵南非約翰尼斯堡勒索總值14.2萬比特幣
http://bit.ly/2MYEzz3
印度南部核電廠曾遭網攻 所幸系統未受影響
https://news.ltn.com.tw/news/world/breakingnews/2962566
系統駭入專家與勒索病毒集團結盟
https://blog.trendmicro.com.tw/?p=62344
刪不掉的新型Android病毒!專家祭6招防範措施
https://newtalk.tw/news/view/2019-10-30/319013
QNAP NAS遭惡意程式感染,至少7000台中標
https://www.ithome.com.tw/news/133955
歐洲國際機場感染挖礦病毒,系統耗電量大增
https://blog.trendmicro.com.tw/?p=62363
A Brief Look at the Citadel Banking Trojan
https://cyware.com/news/a-brief-look-at-the-citadel-banking-trojan-950f1bf6
London police software quarantines thousands of cybercrime reports
https://www.zdnet.com/article/london-police-software-quarantines-thousands-of-cybercrime-reports/#ftag=RSSbaffb68
Here's Why 'Raccoon' Infostealer Is Popular With Criminals
https://www.bankinfosecurity.com/heres-raccoon-infostealer-popular-criminals-a-13294
Researchers find stealthy MSSQL server backdoor developed by Chinese cyberspies
https://www.zdnet.com/article/researchers-find-stealthy-mssql-server-backdoor-developed-by-chinese-cyberspies/
How TrickBot Hooking Engine Targets Windows 10 Browsers
https://malware.news/t/how-trickbot-hooking-engine-targets-windows-10-browsers/34139
Govt warns of new 'Emotet' malware campaign
https://www.crn.com.au/news/govt-warns-of-new-emotet-malware-campaign-532967
REWTERZ THREAT ALERT – CITADEL BANKING MALWARE – IOCS
http://www.rewterz.com/rewterz-news/rewterz-threat-alert-citadel-banking-malware-iocs
Government raises threat level on 'undetectable' email virus
http://bit.ly/31RcNbV
Advisory 2019-131: Emotet malware campaign
https://www.cyber.gov.au/threats/advisory-2019-131-emotet-malware-campaign
AutoIT-compiled Negasteal/Agent Tesla, Ave Maria Delivered via Malspam
https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-compiled-negasteal-agent-tesla-ave-maria-delivered-via-malspam/
New FuxSocy Ransomware Impersonates the Notorious Cerber
https://www.bleepingcomputer.com/news/security/new-fuxsocy-ransomware-impersonates-the-notorious-cerber/
Microsoft Office Bug Remains Top Malware Delivery Vector
https://www.darkreading.com/operations/microsoft-office-bug-remains-top-malware-delivery-vector/d/d-id/1336182
New 'unremovable' xHelper malware has infected 45,000 Android devices
https://www.zdnet.com/article/new-unremovable-xhelper-malware-has-infected-45000-android-devices/#ftag=RSSbaffb68
Maze Ransomware Attacks Italy in New Email Campaign
https://www.bleepingcomputer.com/news/security/maze-ransomware-attacks-italy-in-new-email-campaign/
This old trojan malware is back with a new trick to help it hide in plain sight
https://www.zdnet.com/article/this-old-trojan-malware-is-back-with-a-new-trick-to-help-it-hide-in-plain-sight/
Confirmed: North Korean malware found on Indian nuclear plant's network
https://www.zdnet.com/article/confirmed-north-korean-malware-found-on-indian-nuclear-plants-network/
Paradise Ransomware Decryptor Gets Your Files Back for Free
https://www.bleepingcomputer.com/news/security/paradise-ransomware-decryptor-gets-your-files-back-for-free/
This is how malicious Android apps avoid Google’s security vetting
https://www.zdnet.com/article/this-is-how-malicious-android-apps-avoid-googles-security-vetting/
Emsisoft Decryptor for Paradise
https://www.emsisoft.com/ransomware-decryption-tools/paradise
Defending Systems Against Cryptocurrency Miner Malware
http://bit.ly/322mFzJ
Cyber-attack hits Utah wind and solar energy provider
https://www.zdnet.com/article/cyber-attack-hits-utah-wind-and-solar-energy-provider/#ftag=RSSbaffb68
Thousands of QNAP NAS devices have been infected with the QSnatch malware
https://www.zdnet.com/article/thousands-of-qnap-nas-devices-have-been-infected-with-the-qsnatch-malware/#ftag=RSSbaffb68
At least 13 managed service providers were used to push ransomware this year
https://www.zdnet.com/article/at-least-13-managed-service-providers-were-used-to-push-ransomware-this-year/#ftag=RSSbaffb68
These were the worst malware strains of 2019
https://www.techradar.com/news/these-were-the-worst-malware-strains-of-2019
McAfee: Malicious Voicemails Target Office365 Users
https://www.bankinfosecurity.com/mcafee-malicious-voicemails-target-office365-users-a-13327
Mobile Devices: Protecting Critical Data
https://www.bankinfosecurity.com/interviews/mobile-devices-protecting-critical-data-i-4493
Attacchi fraudolenti: phishing e malware si evolvono
https://www.lineaedp.it/news/43734/attacchi-fraudolenti-phishing-e-malware-si-evolvono/#.Xbu1W5ozbIU
QSnatch Malware Infects Thousands of NAS Devices, Steals Credentials
https://www.bleepingcomputer.com/news/security/qsnatch-malware-infects-thousands-of-nas-devices-steals-credentials/
B.行動安全 / iPhone / Android /穿戴裝置 /App
大陸犯罪集團出「解鎖」App!造成共享單車企業損失13億...14人深圳被逮
https://www.ettoday.net/news/20191027/1566509.htm
蘋果App Store有17款程式含木馬元件
https://www.ithome.com.tw/news/133822
Android用戶請注意!Google Play再添42款惡意APP
http://bit.ly/34emmUa
Google Play惡意APP流竄! 資安公司呼籲立即刪除
http://bit.ly/2NELWuT
Pegasus監控神器爭議多
https://www1.hkej.com/dailynews/article/id/2289141/
下載後刪不了!這些地雷App千萬別點
https://www.chinatimes.com/realtimenews/20191028002064-260405?chdtv
下載後刪不掉狂跳廣告! 資安公司提醒小心這「15款APP」
https://news.ltn.com.tw/news/life/breakingnews/2961305
電信帳單無故暴增?資安業者拆穿假冒美顏修圖 App 詐騙新手法
https://3c.ltn.com.tw/news/38403
Android用戶注意!這些「惡意APP」資安網站呼籲立即刪除
https://newtalk.tw/news/view/2019-10-25/316882
美參議員點名「恐洩漏個資」 TikTok:用戶數據存在美國境內
https://www.ettoday.net/news/20191026/1565743.htm
下載後刪不掉!15款地雷APP曝光 專家:千萬別點
https://news.tvbs.com.tw/world/1224915
惡意Android程式遇到Google會裝乖
https://www.ithome.com.tw/news/133823
Android用戶注意! 42個惡意APP易耗手機效能
https://www.ctwant.com/article/11979
傳三星Galaxy S10指紋安全漏洞國外已修復,國內還未跟進
https://kknews.cc/tech/pveva2p.html
三星螢幕指紋漏洞修補好了!S10、Note 10 用戶更新軟體,注意這4項重點
https://3c.ltn.com.tw/news/38412
Samsung S10 、Note 10可以用返指紋鎖
http://bit.ly/2qOx3y2
歐洲併購建廠熱,中信國際電訊 CPC 海陸纜三路連歐「快、穩、好」
http://technews.tw/2019/10/29/cpc-europe-mid-asia-web-service/
愛當免費仔?線上看電影小心LINE帳密被竊取
https://newtalk.tw/news/view/2019-10-30/318721
LINE廣傳「雙子殺手免費線上看」 小心駭客偷走帳密個資
https://tw.appledaily.com/new/realtime/20191030/1656148/
Google 小技巧 :個資不分大小,手機資料安全如何自保
https://saydigi-tech.com/2019/10/14373.html
自保資安 Google 教你善用 Android 內建實用三大功能
https://www.inside.com.tw/article/17978-Android-useful-feature-to-protect-security
李安新片成詐騙集團新手段!資安業者教兩招「解毒」
https://www.chinatimes.com/realtimenews/20191031000048-260410?chdtv
線上看電影LINE被盜 Mac股票交易暗藏木馬
https://www.cardu.com.tw/news/detail.php?39320
間諜程式襲記者異見者 WhatsApp告以色列開發商
https://hk.news.appledaily.com/international/realtime/article/20191030/60210410
WhatsApp控以色列駭客公司 助20國政府監看手機
https://www.cna.com.tw/news/aopl/201910300094.aspx
動作頻頻!WhatsApp指控以色列駭客集團 協助20國政府侵入手機
http://bit.ly/2JFalz5
WhatsApp告以色列駭客公司 駭入1400名用戶手機
https://ec.ltn.com.tw/article/breakingnews/2961848
WhatsApp用戶資料被盜案 傳涉多國政要
https://www2.hkej.com/instantnews/international/article/2290613
涉記者人權分子高官 WhatsApp揭以企業助政府監控1400人
http://bit.ly/2Jy5ZK0
Facebook Sues Spyware Maker Over WhatsApp Exploit
https://www.bankinfosecurity.com/facebook-sues-spyware-maker-over-whatsapp-exploit-a-13307
Verizon, AT&T, Sprint and T-Mobile to replace SMS with RCS Messaging in 2020
https://thehackernews.com/2019/10/rcs-messaging-sms.html
42 Adware Apps with 8 Million Downloads Traced Back to Vietnamese Student
https://thehackernews.com/2019/10/42-adware-apps-with-8-million-downloads.html
12 tips to protect your mobile device from Hackers
https://www.baldwin-bulletin.com/news/tips-to-protect-your-mobile-device-from-hackers/article_22f3fde8-f734-11e9-8add-3352c7565165.html
Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users
https://thehackernews.com/2019/10/whatsapp-nso-group-malware.html
Mysterious malware that re-installs itself infected over 45,000 Android Phones
https://thehackernews.com/2019/10/remove-xhelper-android-malware.html
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
2019台灣資安年會 善用聯防降低風險
https://money.udn.com/money/story/10860/4136099
25平米藏了近20個針孔攝像頭18名極客想在十分鐘內找到
http://www.sohu.com/a/349802698_161795
駭客鎖定聯合國人道援助組織 誘騙員工洩露個資
https://udn.com/news/story/7088/4125301
非政府組織遭駭客鎖定 誘洩個資
http://bit.ly/2NhslAv
網路釣魚攻擊瞄準聯合國與人道救援組織
https://www.ithome.com.tw/news/133885
欲盜資料轉售 黑客攻擊大數據平台3500次
https://hk.on.cc/hk/bkn/cnt/cnnews/20191030/bkn-20191030004558287-1030_00952_001.html
2019 年最可怕的黑客事件與安全漏洞(上)
https://zhuanlan.zhihu.com/p/89200642
2019 年最可怕的黑客事件與安全漏洞(下)
https://www.chainnews.com/zh-hant/articles/986387693795.htm
駭客入侵線上購物事件頻仍 網購4招自保
http://www.epochtimes.com/b5/19/10/29/n11619844.htm
歐盟電子身份識別系統有漏洞,可讓駭客冒充公民身份
https://www.ithome.com.tw/news/133952
有官方的影子!中國駭客入侵 擷取電訊商敏感通訊紀錄
https://news.ltn.com.tw/news/world/breakingnews/2963754
中國駭客竊取海外手機簡訊與通話記錄 美部分軍政要員中招
http://m.secretchina.com/news/b5/2019/11/01/912247.html
趨勢科技研究顯示 電競產業面對更多網絡威脅
https://times.hinet.net/news/22627589
印度核電公司證實遭北韓網軍入侵核電廠
https://technews.tw/2019/10/31/india-comfirm-hacking-of-nuclear-power-plant-by-north-korean-cyber-army/
硬起來!涉網路犯罪 蒙古逮捕800名中國人
https://m.ltn.com.tw/news/world/breakingnews/2963207
澳洲提議成人網站使用人臉辨識來過濾造訪者身分
https://www.ithome.com.tw/news/133918
黑客少年竊取的「數據帝國」
https://news.sina.com.tw/article/20191029/33117106.html
邊緣人變天才駭客!14歲進入暗網建立「數據王國」 1個月竊取上億個人資訊
https://www.ettoday.net/news/20191029/1567412.htm
18歲神級駭客 輕鬆竊取上億條公民個資在黑市販賣
https://www.chinatimes.com/realtimenews/20191030002532-260405?chdtv
黑客高中生竊上億條個人資料售賣 獲刑3年半懺悔:做個普通人
http://bit.ly/345jKaS
遭踢爆防護不周導致金鑰外流,NordVPN亡羊補牢啟動抓漏獎勵,改用無硬碟伺服器
https://ithome.com.tw/news/133928
荷蘭史基浦投訴網站被黑客攻入,個人資料外洩
http://bit.ly/2p89S1u
荷蘭史基浦機場投訴網站漏洞致近60000投訴者信息洩露
https://www.dbsec.cn/blog/article/5309.html
加拿大多倫多市府網路安全堪憂 審計總長促加強防範
http://bit.ly/32QL9NL
俄羅斯政府擬進行「斷網」測試 外界憂加強審查
https://hk.on.cc/hk/bkn/cnt/aeanews/20191026/bkn-20191026195832769-1026_00912_001.html
俄將斷網測「RuNet」 網路自由存憂慮
https://www.ydn.com.tw/News/357819
惡意 IP 對企業 Office 365 帳號進行暴力破解攻擊
https://www.hkjh.tc.edu.tw/modules/tadnews/index.php?nsn=2311
27國簽署網路安全聯合聲明
https://blog.twnic.net.tw/2019/10/25/5325/
亞馬遜雲端服務 AWS 遭 DDoS 攻擊,造成部分服務受阻達八小時
https://www.twcert.org.tw/tw/cp-104-3027-cbfe4-1.html
微軟:新一波網路攻擊鎖定運動及反禁藥組織
https://www.ithome.com.tw/news/133879
俄國駭客消除冬奧禁藥紀錄 魚叉式網路釣魚運用最廣
https://www.ettoday.net/news/20191029/1567791.htm
華為獲得中國首張5G基站設備的進網許可證
http://bit.ly/2p9IKiD
美審查電信供應鏈緊急狀態規則 華為或被禁
http://www.epochtimes.com/b5/19/10/29/n11620950.htm
打擊中國間諜行為 美禁用800架中國無人機
http://bit.ly/3265RaY
抓到了!中國駭客竊取美軍政高層手機簡訊
https://news.cnyes.com/news/id/4403717
喬治亞共同國網路遭大規模駭客襲擊
http://www.soundofhope.org/b5/2019/10/29/n3293688.html
黑客竟然利用漏洞操控 67 萬臺計算機?逮捕
https://www.chainnews.com/zh-hant/articles/956305088770.htm
南非駭客入侵約翰尼斯堡市官網勒索3萬美元比特幣贖金
https://money.udn.com/money/story/5602/4126604
City of Johannesburg held for ransom by hacker gang
https://www.zdnet.com/article/city-of-johannesburg-held-for-ransom-by-hacker-gang/#ftag=RSSbaffb68
Johannesburg Struggles to Recover From Ransomware Attack
https://www.bankinfosecurity.com/johannesburg-struggles-to-recover-from-ransomware-attack-a-13296
世界最大雲服務商AWS遭到駭客攻擊,導致其服務長時間中斷
https://ek21.com/news/tech/154197/
微軟:俄相關駭客發動網攻 鎖定國際體育組織
https://money.udn.com/money/story/5599/4131641
東京奧運或成俄羅斯黑客攻撃對象 微軟 Microsoft 作出警告
http://bit.ly/36bGlEC
五角大廈再添購中國製無人機 美國防部:拿來當靶機
http://n.yam.com/Article/20191025707862
美軍駭入伊朗革命衛隊系統,摧毀其恐怖攻擊資料庫
https://www.twcert.org.tw/tw/cp-104-3030-3668c-1.html
美特檢穆勒通俄門報告 法官裁眾院可索取刪減資料
https://www.cna.com.tw/news/aopl/201910260025.aspx
華為參與5G建設?德國情報局長深表疑慮
https://www.rti.org.tw/news/view/id/2039769
BBC新聞開設「暗網」版 破解中國封殺網站
https://m.ltn.com.tw/news/world/breakingnews/2957893
中共「網攻台灣」 盯上明年總統大選
http://bit.ly/2MSaDEU
台大選在即 學者抵加座談 揭「中共對台信息戰」
https://www.ntdtv.com/b5/2019/10/29/a102695628.html
台美將合辦大規模網路攻防演練 美助卿訪北京將提台灣議題
http://bit.ly/2JuUuTH
美國聯邦傳播委員會11月表決 禁止使用華為中興
https://www.cna.com.tw/news/aopl/201910290012.aspx
FCC擬要求電信業者移除華為、中興設備
https://www.ithome.com.tw/news/133876
North Korean elite hacking unit launch surprise attack on India’s nuclear weapons systems
https://www.express.co.uk/news/world/1198103/north-korea-kim-jong-un-elite-hacking-unit-lazarus-group-cyber-attack-india
The cybersecurity of the Terminator
https://www.kaspersky.com/blog/terminator-1-2-cybersecurity/29080/
Not All Hackers are Larcenists
https://latesthackingnews.com/2019/10/31/not-all-hackers-are-larcenists/
Chinese Hackers Compromise Telecom Servers to Spy on SMS Messages
https://thehackernews.com/2019/10/sms-spying-malware.html
Russian hackers cloak attacks using Iranian group
https://www.bbc.com/news/technology-50103378
Hackers Target Indian Nuclear Power Plant – Everything We Know So Far
https://thehackernews.com/2019/10/nuclear-power-plant-cyberattack.html
Security researcher gets access to all Xiaomi pet feeders around the world
https://www.zdnet.com/article/security-researcher-gets-access-to-all-xiaomi-pet-feeders-around-the-world/#ftag=RSSbaffb68
Advisory: Turla group exploits Iranian APT to expand coverage of victims
https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims
Eight-Hour DDoS Attack Struck AWS Customers
https://www.darkreading.com/cloud/eight-hour-ddos-attack-struck-aws-customers/d/d-id/1336165
Blogger and WordPress Sites Hacked to Show Sextortion Scams
https://www.bleepingcomputer.com/news/security/blogger-and-wordpress-sites-hacked-to-show-sextortion-scams/
‘We have to hit the problem the way it hits us’: How the FBI tracks a range of hacking threats
https://www.cyberscoop.com/fbi-cyberthreats-iran-china-russia-north-korea/
Fancy Bear Targets Sporting, Anti-Doping Orgs As 2020 Olympics Loom
https://threatpost.com/cyberattacks-sporting-anti-doping-orgs-as-2020-olympics-loom/149634/
Largest cyber-attack in Georgia's history linked to hacked web hosting provider
https://www.zdnet.com/article/largest-cyber-attack-in-georgias-history-linked-to-hacked-web-hosting-provider/#ftag=RSSbaffb68
One cyber attack can cost major APAC ports $110B
https://www.zdnet.com/article/one-cyber-attack-can-cost-major-apac-ports-110b/#ftag=RSSbaffb68
Most system administrators prefer firewall GUIs over CLIs
https://www.zdnet.com/article/most-system-administrators-prefer-firewall-guis-over-clis/#ftag=RSSbaffb68
Largest cyber-attack in Georgia's history linked to hacked web hosting provider
https://www.zdnet.com/article/largest-cyber-attack-in-georgias-history-linked-to-hacked-web-hosting-provider/
Georgia hit by massive cyber-attack
https://www.bbc.com/news/technology-50207192
Chinese users attack Notepad++ app after 'Free Uyghur' release
https://www.zdnet.com/article/chinese-users-attack-notepad-app-after-free-uyghur-release/#ftag=RSSbaffb68
Hackers who extorted Uber and LinkedIn plead guilty
https://www.zdnet.com/article/hackers-who-extorted-uber-and-linkedin-plead-guilty/#ftag=RSSbaffb68
Ubisoft reports 93% drop in DDoS attacks after pushing back against attackers
https://www.zdnet.com/article/ubisoft-reports-93-drop-in-ddos-attacks-after-pushing-back-against-attackers/#ftag=RSSbaffb68
Zealcon software firm owner sentenced for tax fraud
https://www.zdnet.com/article/zealcon-software-firm-chief-sentenced-for-tax-fraud/#ftag=RSSbaffb68
Turla Teardown: Why Attribute Nation-State Attacks
https://www.bankinfosecurity.com/blogs/turla-teardown-attribute-nation-state-attacks-p-2813
Ghost cats and dodgy horror movie streams – the spookiest Halloween hacks revealed
https://www.trustedreviews.com/news/ghost-cats-and-horror-movie-streams-the-spookiest-halloween-hacks-revealed-3950432
Breaches at NetworkSolutions, Register.com, and Web.com
https://krebsonsecurity.com/2019/10/breaches-at-networksolutions-register-com-and-web-com/
Two Hackers Who Extorted Money From Uber and LinkedIn Plead Guilty
https://thehackernews.com/2019/10/hackers-extorted-money.html
Cybersecurity predictions for 2020
https://www.hcamag.com/asia/specialisation/hr-technology/cybersecurity-predictions-for-2020/190203
技術處-高級資安研究員
https://www.104.com.tw/job/6rvo3
資訊安全治理儲備幹部
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=2393025&HIRE_ID=9343233
資訊安全工程師
https://www.104.com.tw/job/6rypz?jobsource=company_job
資安專案管理
https://www.104.com.tw/job/6rysv?jobsource=company_job
【資訊處】資安維運中心工程師 SOC
https://www.cakeresume.com/companies/nextbank/jobs/624344
板信商業銀行-資訊部( 資訊安全經辦 )
https://www.104.com.tw/job/6ryy7
達友科技/資安工程師-技術一部(上班地點:臺北市)
https://www.104.com.tw/job/2j5e4?jobsource=googlejobs
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
美國消費者重隱私 偏好紙本發票
https://money.udn.com/money/story/5602/4129164
雄獅洩36萬筆個資 消基會提團訟一審敗訴
https://news.ltn.com.tw/news/society/breakingnews/2963116
雄獅旅行社遭駭客竊個資 消基會提告求償450萬元敗訴
http://photo.udn.com/money/story/5648/4136849
剩餘房間數假的?Booking.com在台詐騙案頻傳 ,官方現身說
https://www.bnext.com.tw/article/55230/booking-com-about-taiwan
遠傳打擊詐騙 獲刑事警察局表揚
http://bit.ly/2qD710C
南非開普敦出現新詐欺手法 先騙遊客再搶劫
https://times.hinet.net/times/news/22629514
近750萬Adobe Creative Cloud用戶資料遭洩漏 慎防電郵釣魚詐騙
https://www.chinatimes.com/realtimenews/20191028001514-260412?chdtv
Facebook 近四億二千萬筆用戶個資外洩,資料庫被公開在網路上
https://www.twcert.org.tw/tw/cp-104-3031-b65c1-1.html
詐騙擴及美加華人圈 誆註銷綠卡逾百人被騙錢
https://tw.appledaily.com/new/realtime/20191009/1646311/
騎 GoShare 可能讓你的住家位置外洩?有心人士可透過車牌號碼與 API 推算
https://buzzorange.com/techorange/2019/10/29/goshare-personal-data-leak/
警偷查個資案 網友自稱當事人質疑警串證「為愛犧牲」
https://m.ltn.com.tw/news/society/breakingnews/2961195
加國華人超市引「人臉支付」系統 民間憂訊息被竊
https://tw.news.appledaily.com/international/realtime/20191030/1656044/
Akamai:網釣駭客最愛盜用的前兩大品牌為微軟與PayPal
https://www.ithome.com.tw/news/133944
Fortune 500企業的2,100萬個登入憑證流落暗網
https://ithome.com.tw/news/133945
大量 Instagram 釣魚郵件,藉侵權為由騙取帳號控制權
https://www.twcert.org.tw/tw/cp-104-3032-18206-1.html
Alexa 和Google 智慧家居裝置可能被用來竊聽或進行網路釣魚
https://blog.trendmicro.com.tw/?p=62422
Gitlab使用者遙測服務引爭議,官方急踩煞車
https://www.ithome.com.tw/news/133816
GitLab backs down on telemetry changes and forced tracking - for now
https://www.zdnet.com/article/gitlab-backs-down-on-planned-telemetry-changes-forced-tracking/#ftag=RSSbaffb68
Scammers are targeting Cash App users hoping for free money
https://www.zdnet.com/article/scammers-are-targeting-cash-app-users-hoping-for-free-money/#ftag=RSSbaffb68
Leaky Autoclerk database exposes info on travelers, including military and gov’t personnel
http://bit.ly/369TYnD
Scammers use fake Jeremy Clarkson ad in Bitcoin scam
https://finance.yahoo.com/news/scammers-fake-jeremy-clarkson-ad-150049196.html
Scammers use fake Jeremy Clarkson ad in Bitcoin scam
https://coinrivet.com/scammers-use-fake-jeremy-clarkson-ad-in-bitcoin-scam/
UniCredit Bank Suffers 'Data Incident' Exposing 3 Million Italian Customer Records
https://thehackernews.com/2019/10/unicredit-bank-data-breach.html
Two Data Leaks Expose Millions of Records
https://www.bankinfosecurity.co.uk/two-data-leaks-expose-millions-records-a-13299
21 Million Logins for Top 500 Firms Offered on the Dark Web
https://www.bleepingcomputer.com/news/security/21-million-logins-for-top-500-firms-offered-on-the-dark-web/
State of Stolen Credentials in the Dark Web from Fortune 500 Companies
https://www.immuniweb.com/blog/stolen-credentials-dark-web-fortune-500.html
Leading Web Domain Name Registrars Disclose Data Breach
https://thehackernews.com/2019/10/domain-name-registrars-hacked.html
5 Places Where Hackers Are Stealthily Stealing Your Data In 2019
https://thehackernews.com/2019/10/hacking-data-breach-protection.html
E.研究報告
Firefox 70版 隱私保護與資料攻擊分析
https://udn.com/umedia/story/12759/4125612
個案分析-勒索病毒Sodinokibi攻擊事件分析報告_10810
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019102811105151777062636571380.pdf
PHP-fpm 遠程代碼執行漏洞(CVE-2019-11043)分析
https://paper.seebug.org/1063/
PHP7.0-7.3繞過disable_functions進行命令執行漏洞(含PoC)
https://www.agesec.com/8506.html
CVE-2019-11043PHP-FPM在Nginx特定配置下遠程代碼執行漏洞復現
https://cloud.tencent.com/developer/article/1530146
挖洞經驗| Jira服務工作台路徑遍歷導致的敏感信息洩露漏洞(CVE-2019-14994)
https://www.freebuf.com/vuls/216267.html
CVE-2019-16920:D-link RCE 漏洞
https://www.chainnews.com/zh-hant/articles/590847744162.htm
CVE-2019-11043遠程代碼執行漏洞復現
https://www.secpulse.com/archives/116446.html
滲透測試Java架構執行漏洞檢測
https://cloud.tencent.com/developer/article/1527627
Microsoft.AspNetCore DoS漏洞,如何解決.Net Framework項目
http://bit.ly/347cEmq
Joomla-3.4.6遠程代碼執行突破原理分析和Poc構造
https://www.freebuf.com/vuls/216130.html
CVE-2019-16759漏洞在野利用
https://www.anquanke.com/post/id/189470
漏洞CVE-2019-8697:如何通過macOS的磁盤管理工具實現系統提權
https://www.freebuf.com/vuls/216211.html
隱私小號:中國臨時手機號碼服務,接收驗證碼簡訊不洩漏真實身分
https://free.com.tw/yinsixiaohao/
The NCSC Annual Review 2019
https://www.ncsc.gov.uk/news/annual-review-2019
Weblogic XMLDecoder反序列化入侵復現(CVE-2017-10271)
https://www.secpulse.com/archives/116542.html
最近修復的PHP遠程執行漏洞正被利用
http://bit.ly/2JvBO68
js語言中那些讓你抓狂又容易混淆的概念(建議收藏)
http://bit.ly/2JvyGXY
由惡意GIF文件引發的RCE漏洞,超過40000個應用受影響
https://www.freebuf.com/news/218375.html
深入理解 PHP Phar 反序列化漏洞原理及利用方法(一)
https://www.chainnews.com/zh-hant/articles/455445932350.htm
WebLogic EJBTaglibDescriptor XXE漏洞(CVE-2019-2888)分析
https://paper.seebug.org/1067/
Bulehero挖礦蠕蟲升級,PhpStudy後門漏洞加入武器庫
https://www.4hou.com/vulnerable/21296.html
基於MITRE ATT&CK的RED TEAMING行動實踐
http://avfisher.win/archives/1145
Red Team從0到1的實踐與思考
http://bit.ly/2WspBUY
SharpGen利用分析
http://bit.ly/2q3bCJq
利用Ocular 工具挖掘C & C++ 程序內存分配相關漏洞
https://www.4hou.com/technology/21129.html
Unlink簡單分析
https://cloud.tencent.com/developer/article/1530686
Kibana RCE漏洞詳細分析
https://www.freebuf.com/vuls/217443.html
Kibana RCE 漏洞詳細分析
https://www.chainnews.com/zh-hant/articles/434470783147.htm
PING COMMAND IN LINUX
https://ipcisco.com/ping-command-in-linux
Evading Anti-Virus with Unusual Technique
https://github.com/Techryptic/AV_Bypass
Framework for building Windows malware, written in C++
https://github.com/richkmeli/Richkware
Detecting Lateral Movement with Machine Learning
https://github.com/JPCERTCC/DetectLM
A submodule repository for distributing REDHAWK artifacts and the latest REDHAWK source code
https://github.com/RedhawkSDR/redhawk
Advanced python HTTP reverse shell made for Hacking Competition purpose
https://github.com/FanaticPythoner/PythonAdvancedHTTPReverseShell
WinPwn
https://github.com/S3cur3Th1sSh1t/WinPwn
Free and open-source threat intelligence feeds
https://threatfeeds.io/
Automated testing comes to the Linux kernel: KernelCI
https://www.zdnet.com/article/automated-testing-comes-to-the-linux-kernel-kernelci/#ftag=RSSbaffb68
KTRW: The journey to build a debuggable iPhone
https://googleprojectzero.blogspot.com/2019/10/ktrw-journey-to-build-debuggable-iphone.html?m=1
Fake French Police Sextortion Scam
https://blog.sucuri.net/2019/10/fake-french-police-sextortion-scam.html?utm_source=twitter&utm_medium=blog&utm_campaign=wyatt
CertUtil Qualms: They Came to Drop FOMBs
https://www.fireeye.com/blog/threat-research/2019/10/certutil-qualms-they-came-to-drop-fombs.html
Local Group Enumeration
https://www.harmj0y.net/blog/redteaming/local-group-enumeration/
Attacking The Network's Security Core - Hunting For Vulnerabilities In A Network Security Tool
https://blog.vastart.dev/2019/10/attacking-networks-security-core.html
Current and Future Hacks and Attacks that Threaten Esports
https://blog.trendmicro.com/trendlabs-security-intelligence/current-and-future-hacks-and-attacks-that-threaten-esports/
The commoditization of mobile espionage software
https://blog.talosintelligence.com/2019/10/the-commoditization-of-mobile-espionage.html
Phishing — Baiting the Hook
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/soti-security-phishing-baiting-the-hook-report-2019.pdf
OWASP/SecureTea-Project
https://github.com/OWASP/SecureTea-Project
F.商業
微軟DevOps資安實務大公開,側重威脅模型建立與自動化
https://www.ithome.com.tw/news/133911
推動更安全的移動服務 缺一不可的驗證與資安系統
https://digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=35&id=0000571586_8WS69KZM7YCE6X7PONZF5
BlackBerry推移動裝置保護方案 引入AI封鎖惡意程式
http://bit.ly/2N2zFBj
降低風險兼顧用戶體驗 成功落實檔案安全化
http://bit.ly/2PvlcPV
Leaked documents indicate Microsoft's Windows 10X will be coming to clamshell laptops
https://www.zdnet.com/article/leaked-documents-indicate-microsofts-windows-10x-will-be-coming-to-clamshell-laptops/#ftag=RSSbaffb68
Google Search to stop supporting Flash content
https://www.zdnet.com/article/google-search-to-stop-supporting-flash-content/#ftag=RSSbaffb68
G.政府
國安大漏洞 今年中科院竟有15涉密軍文職人員過境香港
http://bit.ly/2PmZSfh
農業資訊網資訊不實 消費者難以辨別有機標章真偽
https://www.ctwant.com/article/11971
營區監視系統惹議 軍方暫棄人臉辨識系統
https://news.ltn.com.tw/news/politics/breakingnews/2961751
憂觸犯《個資法》 國防部宣布暫停人臉辨識系統建置
https://tw.news.appledaily.com/politics/realtime/20191030/1656245/
國軍研發動力外骨骼系統 搬運砲彈更方便
https://living.taronews.tw/2019/10/30/512828/
軍紀螺絲鬆?雲豹萬鈞車遺失通信器半年
http://bit.ly/2NmzL5K
防假訊息擾選舉 警調投入逾200專責人力
https://news.ltn.com.tw/news/politics/paper/1328665
美台首度網路攻防演練下週登場 實戰測試資安
https://www.cna.com.tw/news/ait/201910310227.aspx
防範中國網攻 美台首次大規模網路演練下週登場
https://m.ltn.com.tw/news/politics/breakingnews/2963184
第一次!美國、台灣舉辦國際聯合網路演練 AIT:雙方合作關係快速成長
https://news.m.pchome.com.tw/living/ftv/20191031/index-15725210962772319009.html
H.ICS/SCADA 工控系統
首款工控設備成功通過威努特ISASecure安全測試
http://www.gongkong.com/news/201910/398376.html
ZDI將舉辦鎖定工控系統的Pwn2Own駭客競賽
https://ithome.com.tw/news/133881
大手筆鼓勵挖掘ICS和相關協議漏洞,Pwn2Own的“新業務”想傳達什麼
https://www.leiphone.com/news/201910/4aWfsDeKBppTWPAe.html
Industrial equipment to come under fire at the world's largest hacking contest
https://www.zdnet.com/article/industrial-equipment-to-come-under-fire-at-the-worlds-largest-hacking-contest/#ftag=RSSbaffb68
Pwn2Own Contest to Focus on Industrial Control Systems
https://www.bankinfosecurity.com/pwn2own-contest-to-focus-on-industrial-control-systems-a-13322
I.教育訓練
Deep Security 安裝與基本故障排除
https://www.youtube.com/embed/QzORMUc0Dmo
Deep Security 基礎設定
https://www.youtube.com/embed/eUREjJ4uY2M
Deep Security 基本系統調校
https://www.youtube.com/embed/0PE-RTLOAmA
Deep Security FIM功能與內網監控
https://www.youtube.com/embed/4rL9cfmbybw
靜態分析與動態分析
https://youtu.be/JMvuyw7uX1Y
惡意攻擊辨識與相似度比較
https://youtu.be/l3PmFeGvRFY
機械學習的偵測機制
https://youtu.be/OC-WOkoxiOc
惡意攻擊視覺化與深度學習
https://youtu.be/c1IJXuDLa3w
10 LOW COST CYBERSECURITY DEGREES
https://netinstruct.com/netinstruct-news/f/10-low-cost-cybersecurity-degrees
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
深度造假!新型態人工智能犯罪 恐造成資安隱憂
https://cnews.com.tw/169191025a03/
漏洞已修復!日本連鎖飯店推「陪伴機器人」 驚傳可拿來偷看房客
https://cnews.com.tw/140191025a04/
駭!公民專欄】想保護網路隱私?你可以用「假資訊」騙AI
https://www.cw.com.tw/article/article.action?id=5097435
IoT時代資安設計刻不容緩 Microchip建構高安全等級MCU
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=&id=0000570921_OTF8TP0B31GIQA0NH9JP1
IoT Devices Fall Prey to Attacks up to 10 Crore by Hackers
https://www.ehackingnews.com/2019/10/iot-devices-fall-prey-to-attacks-up-to.html?utm_source=dlvr.it&utm_medium=twitter
6.近期資安活動及研討會
行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30
https://www.accupass.com/event/1810080517061259295030
Elite East Coast CISO Summit 11/3~11/5
https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/
Red Hat Forum Taipei 2019 11/5
https://www.facebook.com/events/1390202967799392/
資安人才培育成果發表暨就業媒合會 11/5
https://ievents.iii.org.tw/eventS.aspx?t=0&id=733
Cyber Security Summit: Boston 11/6
https://infosec-conferences.com/events-in-2019/cyber-security-summit-boston/
駭客攻防暨數位鑑識系列一(第1期) 11/7
https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=384540
網路攻擊鏈( Cyber Kill Chain)各階段實作 (6hr) 11/7
http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384540
Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/8
https://signupcybersec101.ithome.com.tw/
BSides Charleston 11/9
https://infosec-conferences.com/events-in-2019/bsides-charleston/
ISDA 白帽駭客入門〈3〉 11/9
https://www.accupass.com/event/1910240847068228620890
Kotlin/Everywhere GDG Taoyuan - 運用 Ktor 建置一個以 Kotlin 打造的後端服務 11/9
https://www.meetup.com/GDGTaoyuan/events/264776152/
資安健診 11/12
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3871&from_course_list_url=course_index
OpenInfra Day Taiwan 11/12
http://openinfra.digitimes.com.tw/
108年政府組態基準(GCB)實作研習 11/12 ~ 11/22
https://register.nccst.nat.gov.tw/Active/registerDetail.do?activeId=1285&activeType=course
CLEAR Cyber Leaders Conference 11/12 ~ 11/13
https://infosec-conferences.com/events-in-2019/clear-cyber-leaders-conference/
108年資安法律案例分享說明會 11/13
https://register.nccst.nat.gov.tw/Active/registerDetail.do?activeId=1286&activeType=conf
HITCON DEFENSE CONTEST 企業資安攻防大賽 & SUMMIT 企業安全會議 2019 11/13
https://hitcon.kktix.cc/events/hitcon-defense-2019?locale=ja
Windows檔案系統及檔案還原 (6hr) 11/14
http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384541
Digital Internet Summit 11/14
https://infosec-conferences.com/events-in-2019/digital-internet-summit/
INTERFACE – Nebraska 11/14
https://infosec-conferences.com/events-in-2019/interface-nebraska/
2019 資訊安全論壇 11/14
http://events.businesstoday.com.tw/2019/ACSI/#signup-sec
Mozilla 開發者小聚-台灣站 11/15
https://www.accupass.com/event/1910230900235341736900
SecureWV – Hack3rCon 11/15 ~ 11/17
https://infosec-conferences.com/events-in-2019/securewv-hack3rcon/
2019 Hack ‘n’Roll 駭客嘉年華 11/16 ~ 11/17
http://hacknroll.splashthat.com/IThomeBanners
交通大學亥客書院-P006:高階網頁滲透測試 11/16
https://hackercollege.nctu.edu.tw/?p=1092
FS-ISAC Fall Summit 11/17 ~ 11/20
https://infosec-conferences.com/events-in-2019/fs-isac-fall-summit/
Microsoft IoT in Action 11/20
https://www.iotinactionevents.com/event/taipei
LINE將於11月舉辦LINE DEVELOPER DAY 2019 11/20 ~ 11/21
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000570636_HL57CPQM2H1ZHE71YVI2W
Infosecurity ISACA North America Expo and Conference 11/20 ~ 11/21
https://infosec-conferences.com/events-in-2019/isaca-north-america-expo-conference/
檔案特徵值比對與關鍵字搜尋 (2hr) Open Source數位鑑識工具實務操作 (5hr) 11/21
http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384542
2019 BSI 國際資安標準管理年會 11/22
https://www.accupass.com/event/1910070533451342891420
Trend Micro CTF 2019 // Raimund Genes Cup FINAL / NOVEMBER 23–24, 2019
https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html
資安檢核核心技術及進階技術研討會11月26日至11月28日
http://bit.ly/2TN2UtD
人資人員必修的職安法規定 11/26
https://www.accupass.com/event/1909121441141977826554
模擬案例鑑識分析實務 (6hr) 11/28
http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384543
Global Cybersecurity Coference 11/28~11/29
https://2019.group-ib.com/
Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/29
https://signupcybersec101.ithome.com.tw/
交通大學亥客書院-B015:惡意程式檢測 11/30
https://hackercollege.nctu.edu.tw/?p=1098
亞洲‧矽谷學院108年免費認證考試 11/30
https://college.asvda.org.tw/
The Dungeons of Hackers Conference 2019 - 駭客的地下城 11/30
https://tdohackerparty.kktix.cc/events/tdoh-conf-2019
Digital Summit Dallas 12/4
https://infosec-conferences.com/events-in-2019/digital-summit-dallas/
Kansas City Cyber Security Conference 12/5
https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/
CyberMaryland Conference 12/5 ~ 12/6
https://infosec-conferences.com/events-in-2019/cybermaryland-conference/
FutureCon Nashville Cyber Security Conference 12/11
https://infosec-conferences.com/events-in-2019/futurecon-nashville/
Utility Cyber Security Forum December 12/11
https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/
交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦 12/14
https://hackercollege.nctu.edu.tw/?p=1094
Japan Security Analyst Conference
https://jsac.jpcert.or.jp/
PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world
沒有留言:
張貼留言