跳到主要內容

資安事件新聞週報 2019/10/28 ~ 2019/11/1



資安事件新聞週報  2019/10/28  ~  2019/11/1

1.重大弱點漏洞/後門/Exploit/Zero Day

Symantec antivirus crashes something again. This time Chrome 78 browsers
https://www.zdnet.com/article/symantec-antivirus-crashes-something-again-this-time-chrome-78-browsers/#ftag=RSSbaffb68

VMWare vCenter 伺服器設備資料洩露漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0018.html

MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
https://www.exploit-db.com/exploits/47566

主流虛擬化平臺 QEMU-KVM 被曝存在漏洞,可完全控制宿主機及其虛擬機
https://www.chainnews.com/zh-hant/articles/730633063482.htm

Google Chrome/Microsoft Edge Chromium version 78.0.x error "Aw, Snap! Something went wrong while displaying this webpage." when using Endpoint Protection
https://support.symantec.com/us/en/article.tech256047.html

Where the beep is Reopen Closed Tab in Chrome 78? (and how to get it back)
https://www.zdnet.com/article/where-the-beep-is-reopen-closed-tab-in-chrome-78-and-how-to-get-it-back/#ftag=RSSbaffb68

Samba Releases Security Updates
https://www.samba.org/samba/security/CVE-2019-10218.html
https://www.samba.org/samba/security/CVE-2019-14833.html
https://www.samba.org/samba/security/CVE-2019-14847.html

IBM Cloud Orchestrator 注入漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4396

IBM InfoSphere Information Server on Cloud和IBM InfoSphere Information Server信息泄露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4615

IBM Security Guardium Big Data Intelligence信息泄露漏洞
https://www.ibm.com/support/pages/node/1096384

IBM Security Guardium Big Data Intelligence加密问题漏洞
https://www.ibm.com/support/pages/node/1096924

PHP再傳遠端程式碼執行漏洞,波及Nginx網站伺服器
https://www.ithome.com.tw/news/133904

Nasty PHP7 remote code execution bug exploited in the wild
https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/#ftag=RSSbaffb68

Fujitsu Wireless Keyboard Set LX390 Keystroke Injection
https://packetstormsecurity.com/files/154956/SYSS-2019-011.txt

Xorg X11 Server SUID modulepath Privilege Escalation
https://packetstormsecurity.com/files/154942/xorg_x11_suid_server_modulepath.rb.txt

Trend Micro Anti-Threat Toolkit (ATTK) 1.62.0.1218 Remote Code Execution
https://packetstormsecurity.com/files/154916/TREND-MICRO-ANTI-THREAT-TOOLKIT-ATTK-REMOTE-CODE-EXECUTION.txt

Unsupported D-Link routers vulnerable to RCE flaws
https://www.scmagazine.com/home/security-news/vulnerabilities/unsupported-d-link-routers-vulnerable-to-rce-flaws/

Major vulnerability patched in the EU's eIDAS authentication system
https://www.zdnet.com/article/major-vulnerability-patched-in-the-eus-eidas-authentication-system/#ftag=RSSbaffb68

Facebook sues Israeli surveillance vendor over WhatsApp zero-day
https://www.zdnet.com/article/facebook-sues-israeli-surveillance-vendor-over-whatsapp-zero-day/#ftag=RSSbaffb68

NFC False Tag Vulnerability – CVE-2019-9295
https://www.checkmarx.com/blog/nfc-false-tag-vulnerability

Modern Binary Analysis with ILs
https://binary.ninja/presentations/Modern%20Binary%20Analysis%20with%20ILs.pdf

Apache Solr Velocity模板遠程代碼執行,附poc
http://www.shungg.cn/post/268

Microsoft Warns of Windows Slow Startup Due to Persistent Memory
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-windows-slow-startup-due-to-persistent-memory/

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
行庫組織調整 強化法遵、資安
http://bit.ly/2BK4iFb

國泰證下單系統今早大當機 公司:已完成修復 
https://tw.appledaily.com/new/realtime/20191028/1655067/

金控子公司雙向身分認證服務 首例壽險銀行合作
https://www.cna.com.tw/news/afe/201910280196.aspx

淘寶網購避稅要注意囉!海關將查信用卡刷卡資料 3管齊下防堵
https://www.ettoday.net/news/20191028/1567092.htm

普及資安險 產險業推親民保單
http://bit.ly/2NrQzbi

中華保險服務協會辦研討 保險業迎科技創新 須慎防資安風險
http://bit.ly/2Ns1PED

金融業決勝科技運用,深耕小資族挖掘大商機
http://bit.ly/2WxtYyj

歐盟擬新設機構 打擊洗錢活動
http://bit.ly/34tRmQb

打擊洗錢犯罪,歐盟擬成立獨立監管機構
http://bit.ly/2JFXLPY

狐假虎威,無名駭客試圖冒充知名駭客團體成員向金融機構發起DDoS攻擊
https://ek21.com/news/tech/155211/

日商三菱日聯銀行股份有限公司通訊加密設備因惡意連線導致台灣據點部分客戶及第三方交易資訊洩漏一事
https://piyolog.hatenadiary.jp/entry/2019/10/29/060335

三菱UFJ銀行が不正アクセスを受けた通信暗号化装置について調べてみた
https://piyolog.hatenadiary.jp/entry/2019/10/29/060335

ローカルキャッシュマネジメントサービスの通信暗号化装置への不正アクセスによる台湾拠点の一部お客さま情報および第三者情報の漏えいについて
https://www.bk.mufg.jp/news/news2019/pdf/news1025.pdf

DDoS 攻撃を示唆して、仮想通貨を要求する脅迫メールについて
https://www.jpcert.or.jp/newsflash/2019103001.html

Romanian duo skims data from 8 ATMs in Hyderabad, held
http://timesofindia.indiatimes.com/articleshow/71747779.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

Online shoppers beware: Those ATM skimming devices are now on some retail websites
https://www.fastcompany.com/90421916/online-shoppers-beware-those-atm-skimming-devices-are-now-on-some-retail-websites

ATM Malware and Jackpotting Attacks Could Be Making a Return
https://www.cpomagazine.com/cyber-security/atm-malware-and-jackpotting-attacks-could-be-making-a-return/

Four suspected cyber criminals arrested while trying to steal money from an ATM
https://nairobinews.nation.co.ke/news/four-suspected-cyber-criminals-arrested-while-trying-to-steal-money-from-an-atm

Five of ATM fraudsters’ gang land in police net
https://www.tribuneindia.com/news/five-of-atm-fraudsters-gang-land-in-police-net/850841.html

Online banking and ATM fraud: Mumbai tops among 19 metros
https://indianexpress.com/article/india/online-banking-and-atm-fraud-mumbai-tops-among-19-metros-6082817/

SBI Card: Know State Bank of India's all debits cards, their ATM withdrawal limit
https://www.zeebiz.com/personal-finance/news-sbi-card-know-state-bank-of-indias-all-debits-cards-their-atm-withdrawal-limit-113258

Details for 1.3 million Indian payment cards put up for sale on Joker's Stash
https://www.zdnet.com/article/details-for-1-3-million-indian-payment-cards-put-up-for-sale-on-jokers-stash/#ftag=RSSbaffb68

Joker's Stash Lists 1.3 Million Stolen Indian Payment Cards
https://www.bankinfosecurity.com/jokers-stash-lists-13-million-stolen-indian-payment-cards-a-13302

Biggest single card database ever on sale on dark net marketplace
https://www.group-ib.com/media/biggest-card-database-ever/

Cybercrime, a fake Fancy Bear threats companies with DDoS attacks
https://www.difesaesicurezza.com/en/defence-and-security/cybercrime-a-fake-fancy-bear-threats-companies-with-ddos-attacks/

DDoS attackers claim to be Russian APT group, demand ransom
https://www.scmagazine.com/home/security-news/cybercrime/ddos-attackers-claim-to-be-russian-apt-group-demand-ransom/

Global RDoS Campaign – Fancy Bear
https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reports/global-rdos-campagin%E2%80%93fancy-bear/

Warning of Serious DDoS Blackmail Campaigns Attributed to Fancy Bear Group
https://www.link11.com/en/blog/warning-of-serious-ddos-blackmail-campaigns-attributed-to-fancy-bear-group/

Fast-Food Chain Krystal Investigates Card 'Security Incident'
https://www.bankinfosecurity.com/fast-food-chain-krystal-investigates-card-security-incident-a-13301

Visa Drops 2FA for Low-Value Transactions
https://www.bankinfosecurity.asia/visa-drops-2fa-for-low-value-transactions-a-13308

Need to bolster banking apps security on mobile devices: Fortinet’s Rajesh Maurya
https://techobserver.in/2019/10/31/need-to-bolster-banking-apps-security-on-mobile-devices-fortinets-rajesh-maurya/

Inside Magecart: the history behind the covert card-skimming assault on the e-commerce industry
https://www.virusbulletin.com/blog/2019/10/vb2019-paper-inside-magecart-history-behind-covert-card-skimming-assault-e-commerce-industry/

Banche, si teme un attacco phishing ai clienti
https://qds.it/banche-si-teme-un-attacco-phishing-ai-clienti/

Some brokerages in Singapore hit by DDoS attacks last week
https://www.businesstimes.com.sg/banking-finance/some-brokerages-in-singapore-hit-by-ddos-attacks-last-week

Stock brokerages here hit by cyber attacks
https://www.tnp.sg/news/singapore/stock-brokerages-here-hit-cyber-attacks

Turkey ranked second in mobile banking attacks
https://www.news1.news/tr/2019/10/turkey-ranked-second-in-mobile-banking-attacks.html

Cybersecurity and Banking: 3 Trends to Watch in 2020
https://www.bitsight.com/blog/cybersecurity-and-banking-3-trends-to-watch-in-2020

Polisi Ringkus Spesialis Pembobol ATM Lintas Provinsi Pakai Tusuk Gigi
https://radarsurabaya.jawapos.com/read/2019/10/29/163495/polisi-ringkus-spesialis-pembobol-atm-lintas-provinsi-pakai-tusuk-gigi

Diduga akan Skimming ATM, WN Ukraina Ditangkap Polda Bali
https://www.merdeka.com/peristiwa/diduga-akan-skimming-atm-wn-ukraina-ditangkap-polda-bali.html

Secret Service: Brazilian’s bank data scheme hits Seacoast ATMs
https://www.fosters.com/news/20191031/secret-service-brazilians-bank-data-scheme-hits-seacoast-atms

India is on radar of hackers stealing card details from ATM machines
https://www.livemint.com/technology/tech-news/india-is-on-radar-of-hackers-stealing-card-details-from-atm-machines-11572514090022.html

The Central Bank will strengthen control over IT-security of credit institutions
https://www.ehackingnews.com/2019/10/the-central-bank-will-strengthen.html?utm_source=dlvr.it&utm_medium=twitter

3.電子支付/電子票證/行動支付/ pay/新聞及資安
LINE Pay一卡通繳卡費「爆出漏洞」!網友神製條碼器 每期爽賺500點高回饋
https://www.ettoday.net/news/20191027/1566267.htm

鑽LinePay漏洞!他撈500點回饋 律師:恐涉詐欺
https://news.ebc.net.tw/News/living/183573

謊稱支付寶遭盜用獲賠 杭州大學生反被告詐騙
https://hk.on.cc/hk/bkn/cnt/cnnews/20191027/bkn-20191027130540419-1027_00952_001.html

4.虛擬貨幣/區塊鍊相關新聞及資安
陳元談區塊鏈:需警惕新技術的安全漏洞
https://news.sina.com.tw/article/20191027/33097584.html

跨境貿易融資 加速應用區塊鏈
https://www.chinatimes.com/newspapers/20191028000083-260309?chdtv

區塊鏈應避虛就實加快場景應用是根本
https://news.sina.com.tw/article/20191029/33116898.html

銀行發展區塊鏈 人行緊盯資安
https://www.chinatimes.com/newspapers/20191029000042-260301?chdtv

區塊鏈應避虛就實加快場景應用是根本
https://news.sina.com.tw/article/20191029/33117080.html

科技與人性(一)區塊鏈做不到的事。什麼是 hard candy?區塊鏈裡的秘密資訊、《最大の素數》
http://bit.ly/2MVyR0X

中國力推區塊鏈 比特幣暴漲 區塊鏈是極權政府的良伴嗎
https://www.cw.com.tw/article/article.action?id=5097442

ICC 新盤 GDA 號稱被黑客攻擊跑路,又出現了 3T、EXXA 等新盤
https://www.chainnews.com/zh-hant/articles/817620599105.htm

想投資比特幣嗎?給新手比特幣交易者的五條建議
http://news.knowing.asia/news/cd2955e6-88cb-4fe7-ad71-1f501fd2eeb2

ENWIN warning bitcoin scammers may target customers
https://windsor.ctvnews.ca/enwin-warning-bitcoin-scammers-may-target-customers-1.4656982

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
360安全衛士披露羅技軟件漏洞傳播木馬木馬作者也被感染
https://www.239232.com/qita/71076.html

2020年資安預測:目標式勒索軟體與行動惡意程式將持續升溫
https://ithome.com.tw/news/133872

手機惡意程式氾濫國家級APT病毒間諜
http://bit.ly/2MTwwUi

南非最大城約翰尼斯堡遭勒索軟體入侵
https://www.ithome.com.tw/news/133858

駭客入侵南非約翰尼斯堡勒索總值14.2萬比特幣
http://bit.ly/2MYEzz3

印度南部核電廠曾遭網攻 所幸系統未受影響
https://news.ltn.com.tw/news/world/breakingnews/2962566

系統駭入專家與勒索病毒集團結盟
https://blog.trendmicro.com.tw/?p=62344

刪不掉的新型Android病毒!專家祭6招防範措施
https://newtalk.tw/news/view/2019-10-30/319013

QNAP NAS遭惡意程式感染,至少7000台中標
https://www.ithome.com.tw/news/133955

歐洲國際機場感染挖礦病毒,系統耗電量大增
https://blog.trendmicro.com.tw/?p=62363

A Brief Look at the Citadel Banking Trojan
https://cyware.com/news/a-brief-look-at-the-citadel-banking-trojan-950f1bf6

London police software quarantines thousands of cybercrime reports
https://www.zdnet.com/article/london-police-software-quarantines-thousands-of-cybercrime-reports/#ftag=RSSbaffb68

Here's Why 'Raccoon' Infostealer Is Popular With Criminals
https://www.bankinfosecurity.com/heres-raccoon-infostealer-popular-criminals-a-13294

Researchers find stealthy MSSQL server backdoor developed by Chinese cyberspies
https://www.zdnet.com/article/researchers-find-stealthy-mssql-server-backdoor-developed-by-chinese-cyberspies/

How TrickBot Hooking Engine Targets Windows 10 Browsers
https://malware.news/t/how-trickbot-hooking-engine-targets-windows-10-browsers/34139

Govt warns of new 'Emotet' malware campaign
https://www.crn.com.au/news/govt-warns-of-new-emotet-malware-campaign-532967

REWTERZ THREAT ALERT – CITADEL BANKING MALWARE – IOCS
http://www.rewterz.com/rewterz-news/rewterz-threat-alert-citadel-banking-malware-iocs

Government raises threat level on 'undetectable' email virus
http://bit.ly/31RcNbV

Advisory 2019-131: Emotet malware campaign
https://www.cyber.gov.au/threats/advisory-2019-131-emotet-malware-campaign

AutoIT-compiled Negasteal/Agent Tesla, Ave Maria Delivered via Malspam
https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-compiled-negasteal-agent-tesla-ave-maria-delivered-via-malspam/

New FuxSocy Ransomware Impersonates the Notorious Cerber
https://www.bleepingcomputer.com/news/security/new-fuxsocy-ransomware-impersonates-the-notorious-cerber/

Microsoft Office Bug Remains Top Malware Delivery Vector
https://www.darkreading.com/operations/microsoft-office-bug-remains-top-malware-delivery-vector/d/d-id/1336182

New 'unremovable' xHelper malware has infected 45,000 Android devices
https://www.zdnet.com/article/new-unremovable-xhelper-malware-has-infected-45000-android-devices/#ftag=RSSbaffb68

Maze Ransomware Attacks Italy in New Email Campaign
https://www.bleepingcomputer.com/news/security/maze-ransomware-attacks-italy-in-new-email-campaign/

This old trojan malware is back with a new trick to help it hide in plain sight
https://www.zdnet.com/article/this-old-trojan-malware-is-back-with-a-new-trick-to-help-it-hide-in-plain-sight/

Confirmed: North Korean malware found on Indian nuclear plant's network
https://www.zdnet.com/article/confirmed-north-korean-malware-found-on-indian-nuclear-plants-network/

Paradise Ransomware Decryptor Gets Your Files Back for Free
https://www.bleepingcomputer.com/news/security/paradise-ransomware-decryptor-gets-your-files-back-for-free/

This is how malicious Android apps avoid Google’s security vetting
https://www.zdnet.com/article/this-is-how-malicious-android-apps-avoid-googles-security-vetting/

Emsisoft Decryptor for Paradise
https://www.emsisoft.com/ransomware-decryption-tools/paradise

Defending Systems Against Cryptocurrency Miner Malware
http://bit.ly/322mFzJ

Cyber-attack hits Utah wind and solar energy provider
https://www.zdnet.com/article/cyber-attack-hits-utah-wind-and-solar-energy-provider/#ftag=RSSbaffb68

Thousands of QNAP NAS devices have been infected with the QSnatch malware
https://www.zdnet.com/article/thousands-of-qnap-nas-devices-have-been-infected-with-the-qsnatch-malware/#ftag=RSSbaffb68

At least 13 managed service providers were used to push ransomware this year
https://www.zdnet.com/article/at-least-13-managed-service-providers-were-used-to-push-ransomware-this-year/#ftag=RSSbaffb68

These were the worst malware strains of 2019
https://www.techradar.com/news/these-were-the-worst-malware-strains-of-2019

McAfee: Malicious Voicemails Target Office365 Users
https://www.bankinfosecurity.com/mcafee-malicious-voicemails-target-office365-users-a-13327

Mobile Devices: Protecting Critical Data
https://www.bankinfosecurity.com/interviews/mobile-devices-protecting-critical-data-i-4493

Attacchi fraudolenti: phishing e malware si evolvono
https://www.lineaedp.it/news/43734/attacchi-fraudolenti-phishing-e-malware-si-evolvono/#.Xbu1W5ozbIU

QSnatch Malware Infects Thousands of NAS Devices, Steals Credentials
https://www.bleepingcomputer.com/news/security/qsnatch-malware-infects-thousands-of-nas-devices-steals-credentials/

B.行動安全 / iPhone / Android /穿戴裝置 /App
大陸犯罪集團出「解鎖」App!造成共享單車企業損失13億...14人深圳被逮
https://www.ettoday.net/news/20191027/1566509.htm

蘋果App Store有17款程式含木馬元件
https://www.ithome.com.tw/news/133822

Android用戶請注意!Google Play再添42款惡意APP
http://bit.ly/34emmUa

Google Play惡意APP流竄! 資安公司呼籲立即刪除
http://bit.ly/2NELWuT

Pegasus監控神器爭議多
https://www1.hkej.com/dailynews/article/id/2289141/

下載後刪不了!這些地雷App千萬別點
https://www.chinatimes.com/realtimenews/20191028002064-260405?chdtv

下載後刪不掉狂跳廣告! 資安公司提醒小心這「15款APP」
https://news.ltn.com.tw/news/life/breakingnews/2961305

電信帳單無故暴增?資安業者拆穿假冒美顏修圖 App 詐騙新手法
https://3c.ltn.com.tw/news/38403

Android用戶注意!這些「惡意APP」資安網站呼籲立即刪除
https://newtalk.tw/news/view/2019-10-25/316882

美參議員點名「恐洩漏個資」 TikTok:用戶數據存在美國境內
https://www.ettoday.net/news/20191026/1565743.htm

下載後刪不掉!15款地雷APP曝光 專家:千萬別點
https://news.tvbs.com.tw/world/1224915

惡意Android程式遇到Google會裝乖
https://www.ithome.com.tw/news/133823

Android用戶注意! 42個惡意APP易耗手機效能
https://www.ctwant.com/article/11979

傳三星Galaxy S10指紋安全漏洞國外已修復,國內還未跟進
https://kknews.cc/tech/pveva2p.html

三星螢幕指紋漏洞修補好了!S10、Note 10 用戶更新軟體,注意這4項重點
https://3c.ltn.com.tw/news/38412

Samsung S10 、Note 10可以用返指紋鎖
http://bit.ly/2qOx3y2

歐洲併購建廠熱,中信國際電訊 CPC 海陸纜三路連歐「快、穩、好」
http://technews.tw/2019/10/29/cpc-europe-mid-asia-web-service/

愛當免費仔?線上看電影小心LINE帳密被竊取
https://newtalk.tw/news/view/2019-10-30/318721

LINE廣傳「雙子殺手免費線上看」 小心駭客偷走帳密個資
https://tw.appledaily.com/new/realtime/20191030/1656148/

Google 小技巧 :個資不分大小,手機資料安全如何自保
https://saydigi-tech.com/2019/10/14373.html

自保資安 Google 教你善用 Android 內建實用三大功能
https://www.inside.com.tw/article/17978-Android-useful-feature-to-protect-security

李安新片成詐騙集團新手段!資安業者教兩招「解毒」
https://www.chinatimes.com/realtimenews/20191031000048-260410?chdtv

線上看電影LINE被盜 Mac股票交易暗藏木馬
https://www.cardu.com.tw/news/detail.php?39320

間諜程式襲記者異見者 WhatsApp告以色列開發商
https://hk.news.appledaily.com/international/realtime/article/20191030/60210410

WhatsApp控以色列駭客公司 助20國政府監看手機
https://www.cna.com.tw/news/aopl/201910300094.aspx

動作頻頻!WhatsApp指控以色列駭客集團 協助20國政府侵入手機
http://bit.ly/2JFalz5

WhatsApp告以色列駭客公司 駭入1400名用戶手機
https://ec.ltn.com.tw/article/breakingnews/2961848

WhatsApp用戶資料被盜案 傳涉多國政要
https://www2.hkej.com/instantnews/international/article/2290613

涉記者人權分子高官 WhatsApp揭以企業助政府監控1400人
http://bit.ly/2Jy5ZK0

Facebook Sues Spyware Maker Over WhatsApp Exploit
https://www.bankinfosecurity.com/facebook-sues-spyware-maker-over-whatsapp-exploit-a-13307

Verizon, AT&T, Sprint and T-Mobile to replace SMS with RCS Messaging in 2020
https://thehackernews.com/2019/10/rcs-messaging-sms.html

42 Adware Apps with 8 Million Downloads Traced Back to Vietnamese Student
https://thehackernews.com/2019/10/42-adware-apps-with-8-million-downloads.html

12 tips to protect your mobile device from Hackers
https://www.baldwin-bulletin.com/news/tips-to-protect-your-mobile-device-from-hackers/article_22f3fde8-f734-11e9-8add-3352c7565165.html

Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users
https://thehackernews.com/2019/10/whatsapp-nso-group-malware.html

Mysterious malware that re-installs itself infected over 45,000 Android Phones
https://thehackernews.com/2019/10/remove-xhelper-android-malware.html

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
2019台灣資安年會 善用聯防降低風險
https://money.udn.com/money/story/10860/4136099

25平米藏了近20個針孔攝像頭18名極客想在十分鐘內找到
http://www.sohu.com/a/349802698_161795

駭客鎖定聯合國人道援助組織 誘騙員工洩露個資
https://udn.com/news/story/7088/4125301

非政府組織遭駭客鎖定 誘洩個資
http://bit.ly/2NhslAv

網路釣魚攻擊瞄準聯合國與人道救援組織
https://www.ithome.com.tw/news/133885

欲盜資料轉售 黑客攻擊大數據平台3500次
https://hk.on.cc/hk/bkn/cnt/cnnews/20191030/bkn-20191030004558287-1030_00952_001.html

2019 年最可怕的黑客事件與安全漏洞(上)
https://zhuanlan.zhihu.com/p/89200642

2019 年最可怕的黑客事件與安全漏洞(下)
https://www.chainnews.com/zh-hant/articles/986387693795.htm

駭客入侵線上購物事件頻仍 網購4招自保
http://www.epochtimes.com/b5/19/10/29/n11619844.htm

歐盟電子身份識別系統有漏洞,可讓駭客冒充公民身份
https://www.ithome.com.tw/news/133952

有官方的影子!中國駭客入侵 擷取電訊商敏感通訊紀錄
https://news.ltn.com.tw/news/world/breakingnews/2963754

中國駭客竊取海外手機簡訊與通話記錄 美部分軍政要員中招
http://m.secretchina.com/news/b5/2019/11/01/912247.html

趨勢科技研究顯示 電競產業面對更多網絡威脅
https://times.hinet.net/news/22627589

印度核電公司證實遭北韓網軍入侵核電廠
https://technews.tw/2019/10/31/india-comfirm-hacking-of-nuclear-power-plant-by-north-korean-cyber-army/

硬起來!涉網路犯罪 蒙古逮捕800名中國人
https://m.ltn.com.tw/news/world/breakingnews/2963207

澳洲提議成人網站使用人臉辨識來過濾造訪者身分
https://www.ithome.com.tw/news/133918

黑客少年竊取的「數據帝國」
https://news.sina.com.tw/article/20191029/33117106.html

邊緣人變天才駭客!14歲進入暗網建立「數據王國」 1個月竊取上億個人資訊
https://www.ettoday.net/news/20191029/1567412.htm

18歲神級駭客 輕鬆竊取上億條公民個資在黑市販賣
https://www.chinatimes.com/realtimenews/20191030002532-260405?chdtv

黑客高中生竊上億條個人資料售賣 獲刑3年半懺悔:做個普通人
http://bit.ly/345jKaS

遭踢爆防護不周導致金鑰外流,NordVPN亡羊補牢啟動抓漏獎勵,改用無硬碟伺服器
https://ithome.com.tw/news/133928

荷蘭史基浦投訴網站被黑客攻入,個人資料外洩
http://bit.ly/2p89S1u

荷蘭史基浦機場投訴網站漏洞致近60000投訴者信息洩露
https://www.dbsec.cn/blog/article/5309.html

加拿大多倫多市府網路安全堪憂 審計總長促加強防範
http://bit.ly/32QL9NL

俄羅斯政府擬進行「斷網」測試 外界憂加強審查
https://hk.on.cc/hk/bkn/cnt/aeanews/20191026/bkn-20191026195832769-1026_00912_001.html

俄將斷網測「RuNet」 網路自由存憂慮
https://www.ydn.com.tw/News/357819

惡意 IP 對企業 Office 365 帳號進行暴力破解攻擊
https://www.hkjh.tc.edu.tw/modules/tadnews/index.php?nsn=2311

27國簽署網路安全聯合聲明
https://blog.twnic.net.tw/2019/10/25/5325/

亞馬遜雲端服務 AWS 遭 DDoS 攻擊,造成部分服務受阻達八小時
https://www.twcert.org.tw/tw/cp-104-3027-cbfe4-1.html

微軟:新一波網路攻擊鎖定運動及反禁藥組織
https://www.ithome.com.tw/news/133879

俄國駭客消除冬奧禁藥紀錄 魚叉式網路釣魚運用最廣
https://www.ettoday.net/news/20191029/1567791.htm

華為獲得中國首張5G基站設備的進網許可證
http://bit.ly/2p9IKiD

美審查電信供應鏈緊急狀態規則 華為或被禁
http://www.epochtimes.com/b5/19/10/29/n11620950.htm

打擊中國間諜行為 美禁用800架中國無人機
http://bit.ly/3265RaY

抓到了!中國駭客竊取美軍政高層手機簡訊
https://news.cnyes.com/news/id/4403717

喬治亞共同國網路遭大規模駭客襲擊
http://www.soundofhope.org/b5/2019/10/29/n3293688.html

黑客竟然利用漏洞操控 67 萬臺計算機?逮捕
https://www.chainnews.com/zh-hant/articles/956305088770.htm

南非駭客入侵約翰尼斯堡市官網勒索3萬美元比特幣贖金
https://money.udn.com/money/story/5602/4126604

City of Johannesburg held for ransom by hacker gang
https://www.zdnet.com/article/city-of-johannesburg-held-for-ransom-by-hacker-gang/#ftag=RSSbaffb68

Johannesburg Struggles to Recover From Ransomware Attack
https://www.bankinfosecurity.com/johannesburg-struggles-to-recover-from-ransomware-attack-a-13296

世界最大雲服務商AWS遭到駭客攻擊,導致其服務長時間中斷
https://ek21.com/news/tech/154197/

微軟:俄相關駭客發動網攻 鎖定國際體育組織
https://money.udn.com/money/story/5599/4131641

東京奧運或成俄羅斯黑客攻撃對象 微軟 Microsoft 作出警告
http://bit.ly/36bGlEC

五角大廈再添購中國製無人機 美國防部:拿來當靶機
http://n.yam.com/Article/20191025707862

美軍駭入伊朗革命衛隊系統,摧毀其恐怖攻擊資料庫
https://www.twcert.org.tw/tw/cp-104-3030-3668c-1.html

美特檢穆勒通俄門報告 法官裁眾院可索取刪減資料
https://www.cna.com.tw/news/aopl/201910260025.aspx

華為參與5G建設?德國情報局長深表疑慮
https://www.rti.org.tw/news/view/id/2039769

BBC新聞開設「暗網」版 破解中國封殺網站
https://m.ltn.com.tw/news/world/breakingnews/2957893

中共「網攻台灣」 盯上明年總統大選
http://bit.ly/2MSaDEU

台大選在即 學者抵加座談 揭「中共對台信息戰」
https://www.ntdtv.com/b5/2019/10/29/a102695628.html

台美將合辦大規模網路攻防演練 美助卿訪北京將提台灣議題
http://bit.ly/2JuUuTH

美國聯邦傳播委員會11月表決 禁止使用華為中興
https://www.cna.com.tw/news/aopl/201910290012.aspx

FCC擬要求電信業者移除華為、中興設備
https://www.ithome.com.tw/news/133876

North Korean elite hacking unit launch surprise attack on India’s nuclear weapons systems
https://www.express.co.uk/news/world/1198103/north-korea-kim-jong-un-elite-hacking-unit-lazarus-group-cyber-attack-india

The cybersecurity of the Terminator
https://www.kaspersky.com/blog/terminator-1-2-cybersecurity/29080/

Not All Hackers are Larcenists
https://latesthackingnews.com/2019/10/31/not-all-hackers-are-larcenists/

Chinese Hackers Compromise Telecom Servers to Spy on SMS Messages
https://thehackernews.com/2019/10/sms-spying-malware.html

Russian hackers cloak attacks using Iranian group
https://www.bbc.com/news/technology-50103378

Hackers Target Indian Nuclear Power Plant – Everything We Know So Far
https://thehackernews.com/2019/10/nuclear-power-plant-cyberattack.html

Security researcher gets access to all Xiaomi pet feeders around the world
https://www.zdnet.com/article/security-researcher-gets-access-to-all-xiaomi-pet-feeders-around-the-world/#ftag=RSSbaffb68

Advisory: Turla group exploits Iranian APT to expand coverage of victims
https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims

Eight-Hour DDoS Attack Struck AWS Customers
https://www.darkreading.com/cloud/eight-hour-ddos-attack-struck-aws-customers/d/d-id/1336165

Blogger and WordPress Sites Hacked to Show Sextortion Scams
https://www.bleepingcomputer.com/news/security/blogger-and-wordpress-sites-hacked-to-show-sextortion-scams/

‘We have to hit the problem the way it hits us’: How the FBI tracks a range of hacking threats
https://www.cyberscoop.com/fbi-cyberthreats-iran-china-russia-north-korea/

Fancy Bear Targets Sporting, Anti-Doping Orgs As 2020 Olympics Loom
https://threatpost.com/cyberattacks-sporting-anti-doping-orgs-as-2020-olympics-loom/149634/

Largest cyber-attack in Georgia's history linked to hacked web hosting provider
https://www.zdnet.com/article/largest-cyber-attack-in-georgias-history-linked-to-hacked-web-hosting-provider/#ftag=RSSbaffb68

One cyber attack can cost major APAC ports $110B
https://www.zdnet.com/article/one-cyber-attack-can-cost-major-apac-ports-110b/#ftag=RSSbaffb68

Most system administrators prefer firewall GUIs over CLIs
https://www.zdnet.com/article/most-system-administrators-prefer-firewall-guis-over-clis/#ftag=RSSbaffb68

Largest cyber-attack in Georgia's history linked to hacked web hosting provider
https://www.zdnet.com/article/largest-cyber-attack-in-georgias-history-linked-to-hacked-web-hosting-provider/

Georgia hit by massive cyber-attack
https://www.bbc.com/news/technology-50207192

Chinese users attack Notepad++ app after 'Free Uyghur' release
https://www.zdnet.com/article/chinese-users-attack-notepad-app-after-free-uyghur-release/#ftag=RSSbaffb68

Hackers who extorted Uber and LinkedIn plead guilty
https://www.zdnet.com/article/hackers-who-extorted-uber-and-linkedin-plead-guilty/#ftag=RSSbaffb68

Ubisoft reports 93% drop in DDoS attacks after pushing back against attackers
https://www.zdnet.com/article/ubisoft-reports-93-drop-in-ddos-attacks-after-pushing-back-against-attackers/#ftag=RSSbaffb68

Zealcon software firm owner sentenced for tax fraud
https://www.zdnet.com/article/zealcon-software-firm-chief-sentenced-for-tax-fraud/#ftag=RSSbaffb68

Turla Teardown: Why Attribute Nation-State Attacks
https://www.bankinfosecurity.com/blogs/turla-teardown-attribute-nation-state-attacks-p-2813

Ghost cats and dodgy horror movie streams – the spookiest Halloween hacks revealed
https://www.trustedreviews.com/news/ghost-cats-and-horror-movie-streams-the-spookiest-halloween-hacks-revealed-3950432

Breaches at NetworkSolutions, Register.com, and Web.com
https://krebsonsecurity.com/2019/10/breaches-at-networksolutions-register-com-and-web-com/

Two Hackers Who Extorted Money From Uber and LinkedIn Plead Guilty
https://thehackernews.com/2019/10/hackers-extorted-money.html

Cybersecurity predictions for 2020
https://www.hcamag.com/asia/specialisation/hr-technology/cybersecurity-predictions-for-2020/190203

技術處-高級資安研究員
https://www.104.com.tw/job/6rvo3

資訊安全治理儲備幹部
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=2393025&HIRE_ID=9343233

資訊安全工程師
https://www.104.com.tw/job/6rypz?jobsource=company_job

資安專案管理
https://www.104.com.tw/job/6rysv?jobsource=company_job

【資訊處】資安維運中心工程師 SOC
https://www.cakeresume.com/companies/nextbank/jobs/624344

板信商業銀行-資訊部( 資訊安全經辦 )
https://www.104.com.tw/job/6ryy7

達友科技/資安工程師-技術一部(上班地點:臺北市)
https://www.104.com.tw/job/2j5e4?jobsource=googlejobs

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
美國消費者重隱私 偏好紙本發票
https://money.udn.com/money/story/5602/4129164

雄獅洩36萬筆個資 消基會提團訟一審敗訴
https://news.ltn.com.tw/news/society/breakingnews/2963116

雄獅旅行社遭駭客竊個資 消基會提告求償450萬元敗訴
http://photo.udn.com/money/story/5648/4136849

剩餘房間數假的?Booking.com在台詐騙案頻傳 ,官方現身說
https://www.bnext.com.tw/article/55230/booking-com-about-taiwan

遠傳打擊詐騙 獲刑事警察局表揚
http://bit.ly/2qD710C

南非開普敦出現新詐欺手法 先騙遊客再搶劫
https://times.hinet.net/times/news/22629514

近750萬Adobe Creative Cloud用戶資料遭洩漏 慎防電郵釣魚詐騙
https://www.chinatimes.com/realtimenews/20191028001514-260412?chdtv

Facebook 近四億二千萬筆用戶個資外洩,資料庫被公開在網路上
https://www.twcert.org.tw/tw/cp-104-3031-b65c1-1.html

詐騙擴及美加華人圈 誆註銷綠卡逾百人被騙錢
https://tw.appledaily.com/new/realtime/20191009/1646311/

騎 GoShare 可能讓你的住家位置外洩?有心人士可透過車牌號碼與 API 推算
https://buzzorange.com/techorange/2019/10/29/goshare-personal-data-leak/

警偷查個資案 網友自稱當事人質疑警串證「為愛犧牲」
https://m.ltn.com.tw/news/society/breakingnews/2961195

加國華人超市引「人臉支付」系統 民間憂訊息被竊
https://tw.news.appledaily.com/international/realtime/20191030/1656044/

Akamai:網釣駭客最愛盜用的前兩大品牌為微軟與PayPal
https://www.ithome.com.tw/news/133944

Fortune 500企業的2,100萬個登入憑證流落暗網
https://ithome.com.tw/news/133945

大量 Instagram 釣魚郵件,藉侵權為由騙取帳號控制權
https://www.twcert.org.tw/tw/cp-104-3032-18206-1.html

Alexa 和Google 智慧家居裝置可能被用來竊聽或進行網路釣魚
https://blog.trendmicro.com.tw/?p=62422

Gitlab使用者遙測服務引爭議,官方急踩煞車
https://www.ithome.com.tw/news/133816

GitLab backs down on telemetry changes and forced tracking - for now
https://www.zdnet.com/article/gitlab-backs-down-on-planned-telemetry-changes-forced-tracking/#ftag=RSSbaffb68

Scammers are targeting Cash App users hoping for free money
https://www.zdnet.com/article/scammers-are-targeting-cash-app-users-hoping-for-free-money/#ftag=RSSbaffb68

Leaky Autoclerk database exposes info on travelers, including military and gov’t personnel
http://bit.ly/369TYnD

Scammers use fake Jeremy Clarkson ad in Bitcoin scam
https://finance.yahoo.com/news/scammers-fake-jeremy-clarkson-ad-150049196.html

Scammers use fake Jeremy Clarkson ad in Bitcoin scam
https://coinrivet.com/scammers-use-fake-jeremy-clarkson-ad-in-bitcoin-scam/

UniCredit Bank Suffers 'Data Incident' Exposing 3 Million Italian Customer Records
https://thehackernews.com/2019/10/unicredit-bank-data-breach.html

Two Data Leaks Expose Millions of Records
https://www.bankinfosecurity.co.uk/two-data-leaks-expose-millions-records-a-13299

21 Million Logins for Top 500 Firms Offered on the Dark Web
https://www.bleepingcomputer.com/news/security/21-million-logins-for-top-500-firms-offered-on-the-dark-web/

State of Stolen Credentials in the Dark Web from Fortune 500 Companies
https://www.immuniweb.com/blog/stolen-credentials-dark-web-fortune-500.html

Leading Web Domain Name Registrars Disclose Data Breach
https://thehackernews.com/2019/10/domain-name-registrars-hacked.html

5 Places Where Hackers Are Stealthily Stealing Your Data In 2019
https://thehackernews.com/2019/10/hacking-data-breach-protection.html

E.研究報告
Firefox 70版 隱私保護與資料攻擊分析
https://udn.com/umedia/story/12759/4125612

個案分析-勒索病毒Sodinokibi攻擊事件分析報告_10810
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019102811105151777062636571380.pdf

PHP-fpm 遠程代碼執行漏洞(CVE-2019-11043)分析
https://paper.seebug.org/1063/

PHP7.0-7.3繞過disable_functions進行命令執行漏洞(含PoC)
https://www.agesec.com/8506.html

CVE-2019-11043PHP-FPM在Nginx特定配置下遠程代碼執行漏洞復現
https://cloud.tencent.com/developer/article/1530146

挖洞經驗| Jira服務工作台路徑遍歷導致的敏感信息洩露漏洞(CVE-2019-14994)
https://www.freebuf.com/vuls/216267.html

CVE-2019-16920:D-link RCE 漏洞
https://www.chainnews.com/zh-hant/articles/590847744162.htm

CVE-2019-11043遠程代碼執行漏洞復現
https://www.secpulse.com/archives/116446.html

滲透測試Java架構執行漏洞檢測
https://cloud.tencent.com/developer/article/1527627

Microsoft.AspNetCore DoS漏洞,如何解決.Net Framework項目
http://bit.ly/347cEmq

Joomla-3.4.6遠程代碼執行突破原理分析和Poc構造
https://www.freebuf.com/vuls/216130.html

CVE-2019-16759漏洞在野利用
https://www.anquanke.com/post/id/189470

漏洞CVE-2019-8697:如何通過macOS的磁盤管理工具實現系統提權
https://www.freebuf.com/vuls/216211.html

隱私小號:中國臨時手機號碼服務,接收驗證碼簡訊不洩漏真實身分
https://free.com.tw/yinsixiaohao/

The NCSC Annual Review 2019
https://www.ncsc.gov.uk/news/annual-review-2019

Weblogic XMLDecoder反序列化入侵復現(CVE-2017-10271)
https://www.secpulse.com/archives/116542.html

最近修復的PHP遠程執行漏洞正被利用
http://bit.ly/2JvBO68

js語言中那些讓你抓狂又容易混淆的概念(建議收藏)
http://bit.ly/2JvyGXY

由惡意GIF文件引發的RCE漏洞,超過40000個應用受影響
https://www.freebuf.com/news/218375.html

深入理解 PHP Phar 反序列化漏洞原理及利用方法(一)
https://www.chainnews.com/zh-hant/articles/455445932350.htm

WebLogic EJBTaglibDescriptor XXE漏洞(CVE-2019-2888)分析
https://paper.seebug.org/1067/

Bulehero挖礦蠕蟲升級,PhpStudy後門漏洞加入武器庫
https://www.4hou.com/vulnerable/21296.html

基於MITRE ATT&CK的RED TEAMING行動實踐
http://avfisher.win/archives/1145

Red Team從0到1的實踐與思考
http://bit.ly/2WspBUY

SharpGen利用分析
http://bit.ly/2q3bCJq

利用Ocular 工具挖掘C & C++ 程序內存分配相關漏洞
https://www.4hou.com/technology/21129.html

Unlink簡單分析
https://cloud.tencent.com/developer/article/1530686

Kibana RCE漏洞詳細分析
https://www.freebuf.com/vuls/217443.html

Kibana RCE 漏洞詳細分析
https://www.chainnews.com/zh-hant/articles/434470783147.htm

PING COMMAND IN LINUX
https://ipcisco.com/ping-command-in-linux

Evading Anti-Virus with Unusual Technique
https://github.com/Techryptic/AV_Bypass

Framework for building Windows malware, written in C++
https://github.com/richkmeli/Richkware

Detecting Lateral Movement with Machine Learning
https://github.com/JPCERTCC/DetectLM

A submodule repository for distributing REDHAWK artifacts and the latest REDHAWK source code
https://github.com/RedhawkSDR/redhawk

Advanced python HTTP reverse shell made for Hacking Competition purpose
https://github.com/FanaticPythoner/PythonAdvancedHTTPReverseShell

WinPwn
https://github.com/S3cur3Th1sSh1t/WinPwn

Free and open-source threat intelligence feeds
https://threatfeeds.io/

Automated testing comes to the Linux kernel: KernelCI
https://www.zdnet.com/article/automated-testing-comes-to-the-linux-kernel-kernelci/#ftag=RSSbaffb68

KTRW: The journey to build a debuggable iPhone
https://googleprojectzero.blogspot.com/2019/10/ktrw-journey-to-build-debuggable-iphone.html?m=1

Fake French Police Sextortion Scam
https://blog.sucuri.net/2019/10/fake-french-police-sextortion-scam.html?utm_source=twitter&utm_medium=blog&utm_campaign=wyatt

CertUtil Qualms: They Came to Drop FOMBs
https://www.fireeye.com/blog/threat-research/2019/10/certutil-qualms-they-came-to-drop-fombs.html

Local Group Enumeration
https://www.harmj0y.net/blog/redteaming/local-group-enumeration/

Attacking The Network's Security Core - Hunting For Vulnerabilities In A Network Security Tool
https://blog.vastart.dev/2019/10/attacking-networks-security-core.html

Current and Future Hacks and Attacks that Threaten Esports
https://blog.trendmicro.com/trendlabs-security-intelligence/current-and-future-hacks-and-attacks-that-threaten-esports/

The commoditization of mobile espionage software
https://blog.talosintelligence.com/2019/10/the-commoditization-of-mobile-espionage.html

Phishing —  Baiting the Hook
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/soti-security-phishing-baiting-the-hook-report-2019.pdf

OWASP/SecureTea-Project
https://github.com/OWASP/SecureTea-Project

F.商業
微軟DevOps資安實務大公開,側重威脅模型建立與自動化
https://www.ithome.com.tw/news/133911

推動更安全的移動服務 缺一不可的驗證與資安系統
https://digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=35&id=0000571586_8WS69KZM7YCE6X7PONZF5

BlackBerry推移動裝置保護方案 引入AI封鎖惡意程式
http://bit.ly/2N2zFBj

降低風險兼顧用戶體驗 成功落實檔案安全化
http://bit.ly/2PvlcPV

Leaked documents indicate Microsoft's Windows 10X will be coming to clamshell laptops
https://www.zdnet.com/article/leaked-documents-indicate-microsofts-windows-10x-will-be-coming-to-clamshell-laptops/#ftag=RSSbaffb68

Google Search to stop supporting Flash content
https://www.zdnet.com/article/google-search-to-stop-supporting-flash-content/#ftag=RSSbaffb68

G.政府
國安大漏洞 今年中科院竟有15涉密軍文職人員過境香港
http://bit.ly/2PmZSfh

農業資訊網資訊不實 消費者難以辨別有機標章真偽
https://www.ctwant.com/article/11971

營區監視系統惹議 軍方暫棄人臉辨識系統
https://news.ltn.com.tw/news/politics/breakingnews/2961751

憂觸犯《個資法》 國防部宣布暫停人臉辨識系統建置
https://tw.news.appledaily.com/politics/realtime/20191030/1656245/

國軍研發動力外骨骼系統 搬運砲彈更方便
https://living.taronews.tw/2019/10/30/512828/

軍紀螺絲鬆?雲豹萬鈞車遺失通信器半年
http://bit.ly/2NmzL5K

防假訊息擾選舉 警調投入逾200專責人力
https://news.ltn.com.tw/news/politics/paper/1328665

美台首度網路攻防演練下週登場 實戰測試資安
https://www.cna.com.tw/news/ait/201910310227.aspx

防範中國網攻 美台首次大規模網路演練下週登場
https://m.ltn.com.tw/news/politics/breakingnews/2963184

第一次!美國、台灣舉辦國際聯合網路演練 AIT:雙方合作關係快速成長
https://news.m.pchome.com.tw/living/ftv/20191031/index-15725210962772319009.html

H.ICS/SCADA 工控系統
首款工控設備成功通過威努特ISASecure安全測試
http://www.gongkong.com/news/201910/398376.html

ZDI將舉辦鎖定工控系統的Pwn2Own駭客競賽
https://ithome.com.tw/news/133881

大手筆鼓勵挖掘ICS和相關協議漏洞,Pwn2Own的“新業務”想傳達什麼
https://www.leiphone.com/news/201910/4aWfsDeKBppTWPAe.html

Industrial equipment to come under fire at the world's largest hacking contest
https://www.zdnet.com/article/industrial-equipment-to-come-under-fire-at-the-worlds-largest-hacking-contest/#ftag=RSSbaffb68

Pwn2Own Contest to Focus on Industrial Control Systems
https://www.bankinfosecurity.com/pwn2own-contest-to-focus-on-industrial-control-systems-a-13322

I.教育訓練
Deep Security 安裝與基本故障排除
https://www.youtube.com/embed/QzORMUc0Dmo

Deep Security 基礎設定
https://www.youtube.com/embed/eUREjJ4uY2M

Deep Security 基本系統調校
https://www.youtube.com/embed/0PE-RTLOAmA

Deep Security FIM功能與內網監控
https://www.youtube.com/embed/4rL9cfmbybw

靜態分析與動態分析
https://youtu.be/JMvuyw7uX1Y

惡意攻擊辨識與相似度比較
https://youtu.be/l3PmFeGvRFY

機械學習的偵測機制
https://youtu.be/OC-WOkoxiOc

惡意攻擊視覺化與深度學習
https://youtu.be/c1IJXuDLa3w

10 LOW COST CYBERSECURITY DEGREES
https://netinstruct.com/netinstruct-news/f/10-low-cost-cybersecurity-degrees

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
深度造假!新型態人工智能犯罪 恐造成資安隱憂
https://cnews.com.tw/169191025a03/

漏洞已修復!日本連鎖飯店推「陪伴機器人」 驚傳可拿來偷看房客
https://cnews.com.tw/140191025a04/

駭!公民專欄】想保護網路隱私?你可以用「假資訊」騙AI
https://www.cw.com.tw/article/article.action?id=5097435

IoT時代資安設計刻不容緩 Microchip建構高安全等級MCU
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=&id=0000570921_OTF8TP0B31GIQA0NH9JP1

IoT Devices Fall Prey to Attacks up to 10 Crore by Hackers
https://www.ehackingnews.com/2019/10/iot-devices-fall-prey-to-attacks-up-to.html?utm_source=dlvr.it&utm_medium=twitter

6.近期資安活動及研討會
 行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30
 https://www.accupass.com/event/1810080517061259295030

  Elite East Coast CISO Summit 11/3~11/5
 https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/

 Red Hat Forum Taipei 2019  11/5
 https://www.facebook.com/events/1390202967799392/

 資安人才培育成果發表暨就業媒合會 11/5
 https://ievents.iii.org.tw/eventS.aspx?t=0&id=733

 Cyber Security Summit: Boston  11/6
 https://infosec-conferences.com/events-in-2019/cyber-security-summit-boston/

 駭客攻防暨數位鑑識系列一(第1期) 11/7
 https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=384540

 網路攻擊鏈( Cyber Kill Chain)各階段實作 (6hr)  11/7
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384540

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/8
 https://signupcybersec101.ithome.com.tw/

 BSides Charleston 11/9
 https://infosec-conferences.com/events-in-2019/bsides-charleston/

 ISDA 白帽駭客入門〈3〉 11/9
 https://www.accupass.com/event/1910240847068228620890

 Kotlin/Everywhere GDG Taoyuan - 運用 Ktor 建置一個以 Kotlin 打造的後端服務  11/9
 https://www.meetup.com/GDGTaoyuan/events/264776152/

 資安健診 11/12
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3871&from_course_list_url=course_index

 OpenInfra Day Taiwan 11/12
 http://openinfra.digitimes.com.tw/

 108年政府組態基準(GCB)實作研習 11/12 ~ 11/22
 https://register.nccst.nat.gov.tw/Active/registerDetail.do?activeId=1285&activeType=course

 CLEAR Cyber Leaders Conference 11/12 ~ 11/13
 https://infosec-conferences.com/events-in-2019/clear-cyber-leaders-conference/

 108年資安法律案例分享說明會 11/13
 https://register.nccst.nat.gov.tw/Active/registerDetail.do?activeId=1286&activeType=conf

 HITCON DEFENSE CONTEST 企業資安攻防大賽 & SUMMIT 企業安全會議 2019  11/13
 https://hitcon.kktix.cc/events/hitcon-defense-2019?locale=ja

 Windows檔案系統及檔案還原 (6hr)  11/14
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384541

 Digital Internet Summit 11/14
 https://infosec-conferences.com/events-in-2019/digital-internet-summit/

 INTERFACE – Nebraska 11/14
 https://infosec-conferences.com/events-in-2019/interface-nebraska/

 2019 資訊安全論壇 11/14
 http://events.businesstoday.com.tw/2019/ACSI/#signup-sec

 Mozilla 開發者小聚-台灣站  11/15
 https://www.accupass.com/event/1910230900235341736900

 SecureWV – Hack3rCon  11/15 ~ 11/17
 https://infosec-conferences.com/events-in-2019/securewv-hack3rcon/

 2019 Hack ‘n’Roll 駭客嘉年華  11/16 ~ 11/17
 http://hacknroll.splashthat.com/IThomeBanners

 交通大學亥客書院-P006:高階網頁滲透測試 11/16
 https://hackercollege.nctu.edu.tw/?p=1092

 FS-ISAC Fall Summit 11/17 ~ 11/20
 https://infosec-conferences.com/events-in-2019/fs-isac-fall-summit/

 Microsoft IoT in Action 11/20
 https://www.iotinactionevents.com/event/taipei

 LINE將於11月舉辦LINE DEVELOPER DAY 2019  11/20 ~ 11/21
 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000570636_HL57CPQM2H1ZHE71YVI2W

 Infosecurity ISACA North America Expo and Conference 11/20 ~ 11/21
 https://infosec-conferences.com/events-in-2019/isaca-north-america-expo-conference/

 檔案特徵值比對與關鍵字搜尋 (2hr) Open Source數位鑑識工具實務操作 (5hr) 11/21
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384542

 2019 BSI 國際資安標準管理年會  11/22
 https://www.accupass.com/event/1910070533451342891420

 Trend Micro CTF 2019 // Raimund Genes Cup  FINAL / NOVEMBER 23–24, 2019
 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html

 資安檢核核心技術及進階技術研討會11月26日至11月28日
 http://bit.ly/2TN2UtD

 人資人員必修的職安法規定 11/26
 https://www.accupass.com/event/1909121441141977826554

 模擬案例鑑識分析實務 (6hr)  11/28
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384543

 Global Cybersecurity Coference 11/28~11/29
 https://2019.group-ib.com/

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/29
 https://signupcybersec101.ithome.com.tw/

 交通大學亥客書院-B015:惡意程式檢測 11/30
 https://hackercollege.nctu.edu.tw/?p=1098

 亞洲‧矽谷學院108年免費認證考試 11/30
 https://college.asvda.org.tw/

 The Dungeons of Hackers Conference 2019 - 駭客的地下城 11/30
 https://tdohackerparty.kktix.cc/events/tdoh-conf-2019

 Digital Summit Dallas  12/4
 https://infosec-conferences.com/events-in-2019/digital-summit-dallas/

 Kansas City Cyber Security Conference 12/5
 https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/

 CyberMaryland Conference 12/5 ~ 12/6
 https://infosec-conferences.com/events-in-2019/cybermaryland-conference/

 FutureCon Nashville Cyber Security Conference 12/11
 https://infosec-conferences.com/events-in-2019/futurecon-nashville/

 Utility Cyber Security Forum December 12/11
 https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/

 交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦  12/14
 https://hackercollege.nctu.edu.tw/?p=1094

 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

 PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
 https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world


留言

這個網誌中的熱門文章

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…