資安事件新聞週報 2019/12/16 ~ 2019/12/20






資安事件新聞週報  2019/12/16  ~  2019/12/20

1.重大弱點漏洞/後門/Exploit/Zero Day
Micro Focus ArcSight Logger 跨站請求偽造漏洞 CVE-2019-11657
https://nvd.nist.gov/vuln/detail/CVE-2019-11657

Trend Micro HouseCall for Home Networks 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19689

TP-Link 路由器遠端執行任意程式碼漏洞
https://www.securitywizardry.com/the-radar-page/alert-details#alerts

TP-Link修補不用密碼就能登入路由器的安全漏洞
https://www.ithome.com.tw/news/134878

TP-Link Archer Router Vulnerability Voids Admin Password, Can Allow Remote Takeover
https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/

新的攻擊 CPU 手法 Plundervolt 出現,超頻降頻也能觸發漏洞
https://technews.tw/2019/12/17/cpu-plundervolt/

微軟下個月開始用全螢幕提醒你升級Windows 7
https://www.ithome.com.tw/news/134781

微軟悄悄將Windows 10 Mobile實際終止更新時間延後一個月
https://mashdigi.com/microsoft-quietly-extends-support-for-windows-10-mobile/

So you want to keep running Windows 7? Good luck with that, small businesses
https://www.zdnet.com/article/so-you-want-to-keep-running-windows-7-good-luck-with-that-small-businesses/#ftag=RSSbaffb68

Microsoft Security Essentials updates not included in Windows 7 ESU
https://www.zdnet.com/article/microsoft-security-essentials-updates-not-included-in-windows-7-esu/#ftag=RSSbaffb68

Multiple Vulnerabilities in Barco ClickShare
https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/

Npm team warns of new 'binary planting' bug
https://www.zdnet.com/article/npm-team-warns-of-new-binary-planting-bug/#ftag=RSSbaffb68

Symantec Messaging Gateway CVE-2019-18379
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-18379

Trend Micro Security CVE-2019-18190
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-18190

SQLite CVE-2019-19603
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-19603

小心!! 黑客可通過漏洞避開防毒偵查?! 【黑開有條路!!】Intel RST 被發現存在漏洞
http://bit.ly/34A8DXs

Seven Critical Vulnerabilities Discovered in Portainer
https://www.fortinet.com/blog/threat-research/seven-critical-vulnerabilities-portainer.html

Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw
https://thehackernews.com/2019/12/drupal-website-hacking.html

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
首例!國壽、易遊網推「旅平險一站式服務」 5步驟輕鬆投保
https://www.ettoday.net/news/20191213/1601551.htm

監理沙盒上線 1分鐘買好旅平險
https://udn.com/news/story/7239/4225564?from=udn-catelistnews_ch2

開放銀行潮流下 防治金融犯罪成重要議題
https://money.udn.com/money/story/5636/4225488

銀行防斷線 資安升級大作戰
https://www.chinatimes.com/newspapers/20191215000257-260202?chdtv

拒駭 呂桔誠:國銀要打聯防
https://www.chinatimes.com/newspapers/20191215000259-260202?chdtv

Visa警告:加油站POS系統成為FIN8駭客集團的新目標
https://ithome.com.tw/news/134832

能提前發現和修補漏洞支付寶安全實驗室在BlackHat推出兩款移動安全工具
https://blog.51cto.com/14164343/2457924

隔空“刷爆”銀行卡一新型網絡盜刷團伙被端
http://news.xmnn.cn/xmnn/2019/12/14/100638912.shtml

隔空「刷爆」銀行卡 一新型網路盜刷團伙被端
https://news.sina.com.tw/article/20191214/33669598.html

銀行卡被「隔空」盜刷 警方提示如何辨「異象」
https://news.sina.com.tw/article/20191215/33673926.html

銀行業最大風險恐不在中國違約升高 網路資安才是戰場
https://news.cnyes.com/news/id/4423225

開放API 責任歸屬待克服
https://money.udn.com/money/story/12040/4225573

中國銀聯建立威脅情報體系實戰案例
https://kknews.cc/tech/gp6x3vy.html

金管會推普惠金融 要訂KPI
https://money.udn.com/money/story/5613/4223519

誰搶了銀行?他們懸賞2.5萬元希望找出嫌犯
http://bit.ly/2PKVi9g

金融機構如何應對日益頻繁的網絡攻擊
http://blog.itpub.net/69933183/viewspace-2668681/

金融機構創新業務 改走試辦
https://www.chinatimes.com/newspapers/20191212000274-260202?chdtv

Visa警告加油站刷卡 易遭黑客入侵
http://bit.ly/35CdmZK

Visa警告:在加油站刷信用卡 小心被駭
http://bit.ly/2PtNlqf

小心加油也會被駭!Fin8 駭客組織入侵加油站 POS 系統竊取信用卡資料
https://technews.tw/2019/12/17/visa-warns-that-hackers-are-scraping-card-details-from-gas-pumps/

數位轉型讓銀行的「風險」也轉型了!比起企業違約率,網路資安的風險更大
https://buzzorange.com/techorange/2019/12/16/risk-of-banks/

國泰投信申請 網路資安指數認可
https://money.udn.com/money/story/5607/4230482

純網銀即將開業 顧立雄:要真的引導創新,一定得玩大的
https://www.cw.com.tw/article/article.action?id=5098156

【虛擬銀行】眾安銀行跑出 成為首間試業虛銀
http://bit.ly/2tqB6Sw

【2020年臺灣金融圈最新變革:LINE Bank、樂天銀行、將來銀行】3家純網銀首度同臺亮相,大秀自家最新特色
https://www.ithome.com.tw/news/134869

Govt, banks spend $270m to combat cyberattacks
https://punchng.com/govt-banks-spend-270m-to-combat-cyberattacks/

Batch of 460,000+ Payment Cards Sold on Black Market Forum
https://www.bleepingcomputer.com/news/security/batch-of-460-000-payment-cards-sold-on-black-market-forum/

Scoop: The World Bank told Taiwanese staff to get Chinese passports
https://www.axios.com/world-bank-taiwan-staff-china-passport-dde4ca2d-a251-48c5-a566-fe25d754b776.html

Internet banking sites and their use of TLS... and SSLv3... and SSLv2
https://isc.sans.edu/diary/rss/25606

Net banking & card frauds up 50%, Delhi is ATM con capit ..
https://timesofindia.indiatimes.com/city/delhi/net-banking-card-frauds-up-50-delhi-is-atm-con-capital/articleshow/72466808.cms

Cases of Net Banking and ATM Frauds Increase by 50% in New Delhi
https://www.ehackingnews.com/2019/12/cases-of-net-banking-and-atm-frauds.html

THREE ARRESTED FOR BLOWING UP ATMS IN GERMANY AND HUNGARY
https://www.europol.europa.eu/newsroom/news/three-arrested-for-blowing-atms-in-germany-and-hungary

Visa: Gas Station Networks Targeted to Steal Card Data
https://www.bankinfosecurity.com/visa-gas-station-networks-targeted-to-steal-card-data-a-13507

Skimming Campaign Leveraged Heroku Cloud Platform: Report
https://www.bankinfosecurity.com/skimming-campaign-leveraged-heroku-cloud-platform-report-a-13472

PSD2: The Compliance and Enforcement Update
https://www.bankinfosecurity.com/interviews/psd2-compliance-enforcement-update-i-4526

Credit Card Data Exposed Online Is Tested Within 2 Hours
https://www.bleepingcomputer.com/news/security/credit-card-data-exposed-online-is-tested-within-2-hours/

Singapore digital banking era will put focus on SMBs, consumer trust
https://www.zdnet.com/article/singapore-digital-banking-era-will-put-focus-on-smbs-consumer-trust/#ftag=RSSbaffb68

3.電子支付/電子票證/行動支付/ pay/新聞及資安
「未來遊樂園」即將開幕!每項設施都用行動支付,遊客想玩什麼再付錢即可
https://buzzorange.com/techorange/2019/12/19/jets-carnival/

在大陸行動支付 小心「嗅探」隔空盜刷
https://udn.com/news/story/7333/4204641

LINE金融策略調整 電子支付改名、推全新行動支付App
https://udn.com/news/story/7241/4201877

4.虛擬貨幣/區塊鍊相關新聞及資安
加密貨幣商神秘身亡 債權人訴請驗屍確認
http://bit.ly/2ss69Nu

人為疏失成最大漏洞? VeChain 基金會遭竊走 6,500 萬美元 VET 代幣
https://blockcast.it/2019/12/16/vechain-hacked-losing-1b-vet-tokens-worth-6m-usd/

VeChain 基金會被駭客入侵,價值 $650 萬美元的 VET 代幣被盜去
http://bit.ly/2PtIxkp

得天獨厚的中國礦工|三分之二的比特幣產出來自中國,66% 的算力貢獻持續攀升
https://bigdatafinance.tw/index.php/blockchain/1345-66

幣寶台灣與幣寶日本將在1月14日再次開庭!三分鐘回顧幣寶被駭事件
https://news.knowing.asia/news/3b0d6128-d5d8-4463-aa8a-a447759d9658

香港比特幣投資公司在台吸金上億!投資比特幣前得先注意這三點
https://news.knowing.asia/news/ad156d9c-60d6-46b0-90f1-aaa5114ccf31

關於2019年區塊鏈產業經歷過的風雨,你還記得多少
https://news.knowing.asia/news/b82feb80-f033-46af-8f90-33cfb7e9e0ef

讓虛擬貨幣交易合規有保障 庫幣科技Sygna為台爭光
https://ec.ltn.com.tw/article/breakingnews/3014626

Spammers force Keybase to stop Stellar Space Drop cryptocurrency handouts
https://www.zdnet.com/article/spammers-force-keybase-to-stop-stellar-space-drop-cryptocurrency-handouts/#ftag=RSSbaffb68

Attackers now use process hollowing to hide cryptocurrency miners on your PC
https://www.zdnet.com/article/monero-miners-can-lurk-undetected-through-new-process-hollowing-technique/#ftag=RSSbaffb68

(Almost) Hollow and Innocent: Monero Miner Remains Undetected via Process Hollowing
https://blog.trendmicro.com/trendlabs-security-intelligence/almost-hollow-and-innocent-monero-miner-remains-undetected-via-process-hollowing/

Shopin founder charged by SEC for running $42 million scam cryptocurrency ICO
https://www.zdnet.com/article/shopin-founder-charged-by-sec-for-running-scam-cryptocurrency-ico/#ftag=RSSbaffb68

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
新版Echobot殭屍病毒所使用的漏洞攻擊程式增加到77個
https://www.ithome.com.tw/news/134830

New Echobot Variant Exploits 77 Remote Code Execution Flaws
https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/

卡巴斯基表示: 惡意軟體數量有所上升,攻擊手段有所轉變
https://news.xfastest.com/kaspersky/73746/kaspersky-said-that-the-method-of-how-malwares-attack-has-changed/

蘋果電腦不中毒神話破滅?資安公司發布報告 Mac威脅偵測呈上升趨勢
https://www.ettoday.net/news/20191217/1603807.htm

微軟:不鼓勵企業支付勒索軟體贖金
https://www.ithome.com.tw/news/134879

今年美國有超過1,000所學校遭勒索軟體波及
https://ithome.com.tw/news/134907

勒索軟體受害者到底該不該向駭客妥協?向其支付贖金
https://ek21.com/news/tech/166073/

NJ’s largest hospital system forced to pay ransom in cyber attack
https://nj1015.com/nj-largest-hospital-system-forced-to-pay-ransom-in-cyber-attack/

Ryuk Ransomware Likely Behind New Orleans Cyberattack
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-likely-behind-new-orleans-cyberattack/

Largest hospital system in New Jersey was hit by ransomware attack
https://securityaffairs.co/wordpress/95152/cyber-crime/new-jersey-hospital-ransomware-attack.html

Microsoft: We never encourage a ransomware victim to pay
https://www.zdnet.com/article/microsoft-we-never-encourage-a-ransomware-victim-to-pay/#ftag=RSSbaffb68

Decryptor Bug Means Ryuk Victims Stuck in Ransomware Rut
https://www.bankinfosecurity.com/decryptor-bug-means-victims-stuck-in-ryuk-ransomware-rut-a-13481

North Korean Hackers Tapping Into TrickBot: Report
https://www.bankinfosecurity.com/north-korean-hackers-tapping-into-trickbot-report-a-13497

Georgia Wire Manufacturer Struck by Ransomware
https://www.bankinfosecurity.com/georgia-wire-manufacturer-struck-by-ransomware-a-13496

Wiper Malware Targets Middle Eastern Energy Firms: Report
https://www.bankinfosecurity.com/wiper-malware-targets-middle-eastern-energy-firms-report-a-13474

Two Russians Indicted Over $100M Dridex Malware Thefts
https://www.bankinfosecurity.com/two-russians-indicted-over-100m-dridex-malware-thefts-a-13473

New Malware Campaign Uses Trojanized 'Tetris' Game: Report
https://www.bankinfosecurity.com/new-malware-campaign-uses-trojanized-tetris-game-report-a-13465

Emotet Trojan is Inviting You To A Malicious Christmas Party
https://www.bleepingcomputer.com/news/security/emotet-trojan-is-inviting-you-to-a-malicious-christmas-party/

Incident Response lessons from recent Maze ransomware attacks
https://blog.talosintelligence.com/2019/12/IR-Lessons-Maze.html

Lazarus pivots to Linux attacks through Dacls Trojan
https://www.zdnet.com/article/lazarus-pivots-to-linux-attacks-through-dacls-trojan/#ftag=RSSbaffb68

Lazarus Group使用Dacls RAT攻擊Linux平台
https://blog.netlab.360.com/dacls-the-dual-platform-rat/

Dridex Banking Trojan Infections and PowerShell Empire Activity Preceding BitPaymer Ransomware Attacks
https://www.it.ucla.edu/security/advisories/dridex-banking-trojan-infections-powershell-empire-activity-preceding-bitpaymer-ransomware-attacks

Maze Ransomware Gang Dumps Purported Victim List
https://www.bankinfosecurity.asia/blogs/maze-ransomware-gang-dumps-purported-victim-list-p-2839

Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia
https://unit42.paloaltonetworks.com/rancor-cyber-espionage-group-uses-new-custom-malware-to-attack-southeast-asia/

14 Ways to Evade Botnet Malware Attacks On Your Computers
https://thehackernews.com/2019/12/botnet-malware-attacks.html

Another ransomware strain is now stealing data before encrypting it
https://www.zdnet.com/article/another-ransomware-strain-is-now-stealing-data-before-encrypting-it/#ftag=RSSbaffb68

2019: The year in malware
https://blog.talosintelligence.com/2019/12/2019-year-in-malware.html

Attackers Posing as German Authorities Distribute Emotet Malware
https://www.bleepingcomputer.com/news/security/attackers-posing-as-german-authorities-distribute-emotet-malware/

Achtung: Schadhafte SPAM-Mails im Namen mehrerer Bundesbehörden
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Spam-Bundesbehoerden_181219.html

ScreenConnect MSP Software Used to Install Zeppelin Ransomware
https://www.bleepingcomputer.com/news/security/screenconnect-msp-software-used-to-install-zeppelin-ransomware/

CONNECTWISE CONTROL ABUSED AGAIN TO DELIVER ZEPPELIN RANSOMWARE
https://blog.morphisec.com/connectwise-control-abused-again-to-deliver-zeppelin-ransomware

B.行動安全 / iPhone / Android /穿戴裝置 /App
挪威電信放棄合作十年的華為 改用瑞典愛立信
https://hk.news.appledaily.com/international/realtime/article/20191214/60377221

5G時代下的資安風險 專家:政府應制定相關法律 
http://www.epochtimes.com/b5/19/12/15/n11724118.htm

G Suite明年6月將強制第三方app支援OAuth
https://www.ithome.com.tw/news/134876

WhatsApp臭蟲可搞掛所有群聊成員的App、永遠退出群組
https://www.ithome.com.tw/news/134892

一條訊息足致全群組死機 WhatsApp推新版本修復漏洞
http://bit.ly/2M5altd

The Media Trust揭露鎖定iPhone用戶的惡意廣告活動
https://www.ithome.com.tw/news/134913

Persistent Malware Using Multiple Techniques Hits Online Readers in Time for the Holidays
https://mediatrust.com/sites/default/files/2019-12/Krampus-3PC_2019-1211.pdf

AirDrop爆發惡意漏洞,立即更新iOS 13.3 即可防止遭受攻擊
https://mrmad.com.tw/update-ios-13-3-to-prevent-hackers-from-airdrop

iPhone AirDrop爆漏洞 教你防禦拒絕陌生人無限傳送檔案
http://bit.ly/35shhs5

From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13
https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13

Twitter proposes open social network standard
https://www.zdnet.com/article/twitter-proposes-open-social-network-standard/#ftag=RSSbaffb68

This Bug Could Have Let Anyone Crash WhatsApp Of All Group Members
https://thehackernews.com/2019/12/whatsapp-group-crash.html

Google fixes Chrome 79 data loss bug on Android
https://www.zdnet.com/article/google-fixes-chrome-79-data-loss-bug-on-android/#ftag=RSSbaffb68

Is your Phone infected by this Mobile Malware: Agent Smith
https://www.achillesresolute.com/blog/agent-smith-malware.html

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
LifeLabs遭駭客入侵 本省及安省1500萬客户資料被盜
https://www.am1470.com/news_detail.php?i=89147

加拿大醫學實驗室被駭 國內近半人口個資恐外洩
https://living.taronews.tw/2019/12/18/562414/

LifeLabs pays hackers to recover data of 15 million customers
https://www.zdnet.com/article/lifelabs-pays-hackers-to-recover-data-of-15-million-customers/#ftag=RSSbaffb68

資安業者:蟄伏中國駭客團體 復出攻擊政府企業
https://www.cna.com.tw/news/ait/201912190388.aspx

Operation Wocao: Shining a light on one of China’s hidden hacking groups
https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/

數百家製造業者遭網路間諜鎖定,超過一半位於南韓
https://www.ithome.com.tw/news/134912

Gangnam Industrial Style: APT Campaign Targets Korean Industrial Companies
https://cyberx-labs.com/blog/gangnam-industrial-style-apt-campaign-targets-korean-industrial-companies/

官網、郵件、會計系統遭境外IP攻擊停擺 民進黨已報案
https://www.storm.mg/article/2077881

民進黨官網、郵件系統連2天癱瘓 羅文嘉已報警
http://bit.ly/2PzI3cP

民進黨部電腦遭駭客入侵 查到某外資公司
https://www.chinatimes.com/realtimenews/20191218003660-260407?chdtv

託管服務供應商常犯的三個電子郵件資安錯誤
https://blog.trendmicro.com.tw/?p=61897

遠端視訊創造企業高效率,但小心雲安全漏洞
https://udn.com/news/story/7086/4234606

沉寂數年後,中國駭客組織再度活躍,攻擊範圍擴展至美英法等國
http://bit.ly/2PCyERv

資安業者:蟄伏中國駭客團體 復出攻擊政府企業
https://www.cna.com.tw/news/ait/201912190388.aspx

軟體工程師利用業餘時間寫的程式碼也算公司的?Nginx之父被捕引發爭議
http://bit.ly/2sKvh1P

ICANN 暫緩 .org 網域銷售,稱買賣方需提供足夠審核的文件
http://bit.ly/38K0rai

2019年11月十大資安新聞
https://www.ithome.com.tw/news/134908

DEF CON CTF主辦人在HITCON CTF論壇,首度公開PWN Collage開源課程
https://times.hinet.net/news/22697842

台灣駭客賽HITCON CTF落幕,DEFCON CTF 主辦人來台分享經驗
https://ec.ltn.com.tw/article/breakingnews/3011124

HITCON CTF賽事培養眾多駭客高手!大企業為什麼吸引不到這些資安人才
https://www.bnext.com.tw/article/55923/hitcon-ctf-teadelivers

中國隊Tea Deliverers贏得HITCON CTF冠軍,直接晉級2020年DEF CON CTF決賽
https://www.ithome.com.tw/news/134848

玩家濫用《Diablo III》Buff漏洞 將受處罰 現已緊急修復
http://bit.ly/2RMOPxd

5G、純網銀上路,資安風險更棘手?4大資安趨勢老闆需注意
https://www.bnext.com.tw/article/55909/trendmicro-estimation2020-cybersecurity

F22戰機電腦無法駭入 美前海軍部長透露真實原因
https://www.chinatimes.com/realtimenews/20191213004221-260417?chdtv

草木皆兵!美擔憂選舉投票機遭陸駭客入侵
https://www.chinatimes.com/realtimenews/20191218004144-260409?chdtv

國外網紅雇用槍手去搶劫「網域名稱」,結果槍手反被對方「撿到槍」差點打死
http://bit.ly/36EImbE

微軟發出警告:一波大規模黑客攻擊來襲電信運營商需警惕
https://www.cnbeta.com/articles/tech/921405.htm

中國大陸衢州警方發布“淨網2019”行動戰果
http://news.qz828.com/system/2019/12/13/011521316.shtml

人臉辨識遭印刷面具破解 中國海關.電子支付系統存漏洞
https://ezone.ulifestyle.com.hk/article/2519502

中國網絡漏洞披露全球性標准進入最終意見徵集階段
https://www.anquanke.com/post/id/195054

中國工信部公開徵求對《網絡安全漏洞管理規定(徵求意見稿)》的意見
http://www.cfis.cn/2019-12/16/c_1125351345.htm

中國的全球觸角:超越防火長城的監控和審查制度
https://lab.ocf.tw/2019/12/12/article/

中國再教育營文件外洩 中國控管新疆變本加厲
https://news.ltn.com.tw/news/world/paper/1339155

新疆機密文件遭洩 外媒:陸緊急焚毀檔案
https://gotv.ctitv.com.tw/2019/12/1188076.htm

周曉輝:高調關注中共盜版仿製 俄補刀不簡單
http://www.epochtimes.com/b5/19/12/16/n11726663.htm

北京警方今年破獲駭客攻擊等涉網案件7800余起
http://big5.eastday.com:82/gate/big5/news.eastday.com/s/20191216/u1ai20231075.html

美起訴俄羅斯情治官員與駭客 卻難以遏制莫斯科食髓知味
https://inanews.tw/archives/81647

通俄調查 美法官:FBI做法不當
http://bit.ly/2S9dgVM

網攻機關企業 駭客全美勒索 鎖數據癱瘓作業 已撈75億
http://bit.ly/2ElbQ2g

俄將斷網測「RuNet」 網路自由存憂慮
https://www.ydn.com.tw/News/357819

澳門設《網安法》天眼監控 議員:恐變「秘密警察」社會
https://tw.news.appledaily.com/international/realtime/20191218/1678778/

中美言和轉單效應仍會持續 楊金龍解密關鍵是資安
https://udn.com/news/story/7238/4237542

大陸如何落實資安與網路安全
https://www.chinatimes.com/realtimenews/20191220000006-260409?chdtv

Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites
https://thehackernews.com/2019/12/wordpress-elementor-beaver.html

Cybersecurity: This password-stealing hacking campaign is targeting governments around the world
https://www.zdnet.com/article/cybersecurity-this-password-stealing-hacking-campaign-is-targeting-governments-around-the-world/

North Korean hackers working with East European cybercriminals
https://www.defenceweb.co.za/cyber-defence/north-korean-hackers-working-with-east-european-cybercriminals/

New Orleans Declares State Of Emergency Following Cyber Attack
https://www.forbes.com/sites/daveywinder/2019/12/14/new-orleans-declares-state-of-emergency-following-cyber-attack/

5 Reasons Why Programmers Should Think like Hackers
https://thehackernews.com/2019/12/cybersecurity-for-programmers.html

Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites
https://thehackernews.com/2019/12/wordpress-elementor-beaver.html

Singapore government triggers online falsehood directive at another opposition politician
https://www.zdnet.com/article/singapore-government-triggers-online-falsehood-directive-at-another-opposition-politician/#ftag=RSSbaffb68

Singapore government issues online falsehood directive to opposition political party
https://www.zdnet.com/article/singapore-government-issues-online-falsehood-directive-to-opposition-political-party/#ftag=RSSbaffb68

Cybersecurity Defenders: Channel Your Adversary's Mindset
https://www.bankinfosecurity.com/cybersecurity-defenders-channel-your-adversarys-mindset-a-13470

Iran investigating third cyberattack in a week
https://www.jpost.com/Middle-East/Iran-investigating-third-cyberattack-in-a-week-611013

Decade retrospective: Cybersecurity from 2010 to 2019
https://www.zdnet.com/article/decade-retrospective-cybersecurity-from-2010-to-2019/#ftag=RSSbaffb68

Senators introduce K-12 Cybersecurity Act
https://www.zdnet.com/article/senators-introduce-k-12-cybersecurity-act/#ftag=RSSbaffb68

Member of 'The Dark Overlord' hacking group extradited to the US
https://www.zdnet.com/article/member-of-the-dark-overlord-hacking-group-extradited-to-the-us/#ftag=RSSbaffb68

Former Palo Alto Networks IT admin charged for running insider trading ring
https://www.zdnet.com/article/former-palo-alto-networks-it-admin-charged-for-running-insider-trading-ring/#ftag=RSSbaffb68

British Hacker Accused of Blackmailing healthcare Firms Extradited to U.S.
https://thehackernews.com/2019/12/dark-overlord-hacker-extradited.html

資安工程師
https://www.104.com.tw/job/6s0e2?jobsource=company_job

資安維運工程師
https://www.104.com.tw/job/6ksyo?jobsource=company_job

網路工程師
https://www.104.com.tw/job/65kx5?jobsource=company_job

資安主管
https://www.104.com.tw/job/6s0e1?jobsource=company_job

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
本田汽車的Elasticsearch資料庫又配置錯誤,這次是2.6萬名車主資訊曝光
https://www.ithome.com.tw/news/134938

要匯款的真是你老闆嗎?小心激增的AI偽冒詐騙
http://bit.ly/2PMKOGC

2019 網友「最常用」密碼排行榜單出爐,驚見這家品牌名稱入榜
https://3c.ltn.com.tw/news/38914

亞馬遜再陷資安風暴 75萬美國人個資可任意下載
https://kairos.news/171386

6萬多個人信息被暗網掛賣海南某網絡公司被罰款10萬元
http://www.hinews.cn/news/system/2019/12/15/032235591.shtml

首次針對反對黨 新加坡政府引《假新聞法》下令更正FB貼文
https://tw.news.appledaily.com/international/realtime/20191216/1677817/

利用支付寶"漏洞"賺錢詐騙28起案值5萬餘元!即墨法院公開審理一起支付寶詐騙案涉案8人均領刑
http://news.bandao.cn/a/318933.html

鑽漏洞?臉書嚴查假消息 網揭「內容農場」換網址又復活
https://news.ltn.com.tw/news/politics/breakingnews/3011186

商務電郵詐騙增 黑客假扮CEO催促匯款
http://bit.ly/35tAvhb

秘密搜集個人資訊 《華郵》駭進汽車有大發現
https://tw.news.appledaily.com/international/realtime/20191218/1678810/

密碼設「ji32k7au4a83」!外國工程師疑惑..這 「亂碼」 怎麼超多人用? 嫩..台灣人一看秒懂
http://bit.ly/2sCtnQW

臉書安全漏洞使黑客能控制5000萬帳戶
http://www.hfsjwb.com/c55e4/11994.html

不想被找到都不行 臉書坦承用這些方法追蹤你
https://www.cna.com.tw/news/firstnews/201912180244.aspx

就算關閉定位服務 臉書還是有辦法找到你
http://bit.ly/38L20F3

假的!早安問候圖會竊個資?專家教大家注意這些事
https://news.ltn.com.tw/news/life/breakingnews/3013494

垃圾郵件廣告系列在用戶恐懼心F中發揮作用
http://bit.ly/2PESgV5

FB 潛藏危機!小心這 7 種常見詐騙方式
https://3c.ltn.com.tw/news/38987

Healthcare.gov出現安全漏洞7.5萬人信息被洩露
https://nosec.org/home/detail/3496.html

光明日報:警惕以虛擬幣為噱頭的新式詐騙
https://news.sina.com.tw/article/20191220/33737612.html

臉書又爆大量個資外洩!2.67億筆用戶ID電話全被看光光 駭客可能來自越南犯罪集團
https://www.ettoday.net/news/20191220/1606411.htm

Facebook再傳數據外洩 包含2.69億用戶資料 多數為美國人
https://fnc.ebc.net.tw/FncNews/else/110173

還在「qwerty123」?2019年最糟密碼大公開
https://news.ltn.com.tw/news/life/breakingnews/3015062

網軍假新聞操弄民意 三大社群媒體防禦作戰
http://bit.ly/2Q3y9z1

Payroll Data of 29,000 Facebook Employees Stolen: Report
https://www.bankinfosecurity.com/payroll-data-29000-facebook-employees-stolen-report-a-13509

The Hidden Cost of a Third-Party Data Breach
https://www.bankinfosecurity.com/blogs/hidden-cost-third-party-data-breach-p-2805

The worst passwords of 2019: Did yours make the list
https://www.welivesecurity.com/2019/12/16/worst-passwords-2019-did-yours-make-list/

Online fake news is costing us $78 billion globally each year
https://www.zdnet.com/article/online-fake-news-costing-us-78-billion-globally-each-year/#ftag=RSSbaffb68

E.研究報告
軟體更新安全規範The Update Framework從CNCF孵化器畢業
https://www.ithome.com.tw/news/134922

混沌工程介紹與實踐
https://www.i5seo.com/hun-dun-gong-cheng-jie-shao-yu-shi-jian.html

原創深度:滲透測試與邊緣設備安全(一)
http://mouser.eetrend.com/content/2019/100046475.html

原創深度:滲透測試與邊緣設備安全(二)
http://mouser.eetrend.com/content/2019/100046508.html

BaseQuery:一款數據漏洞以及泄露數據的強大搜索工具
https://www.chainnews.com/zh-hant/articles/857154805744.htm

Kotlin conf 2019 心得 (上)
http://bit.ly/2qYtplH

Kotlin conf 2019心得(中)
http://bit.ly/2RZjaZC

工控CTF之某固件分析解题
http://www.sohu.com/a/360313706_354899

百萬用戶個人信息洩露漏洞
https://www.freebuf.com/vuls/222028.html

一言不合就改用 gRPC?要我大前端怎麼配合啊
http://bit.ly/38HKkKg

CVE-2019-12750:SEP本地提權漏洞分析(Part 1)
https://www.anquanke.com/post/id/195107

CVE-2019-12750:SEP本地提權漏洞分析(Part 2)
https://www.anquanke.com/post/id/195216

TP-Link Archer系列路由器漏洞可使Admin賬戶密碼保護失效
https://www.freebuf.com/vuls/223076.html

D-link DAP-1860命令注入遠程代碼執行漏洞分析
https://www.4hou.com/info/news/22144.html

Android內核漏洞學習——CVE-2014-3153分析
https://xz.aliyun.com/t/6948

CVE-2017-11906 && CVE-2017-11907 組合漏洞分析筆記
https://bbs.pediy.com/thread-256832.htm

metasploit、powershell之Windows錯誤系統配置漏洞實戰提權
https://cloud.tencent.com/developer/article/1555450

淺談python反序列化漏洞
https://www.cnblogs.com/wh4am1/p/12071804.html

CVE-2019-18670:宏基Quick Access安全漏洞
https://www.4hou.com/vulnerable/22213.html

Cyberattacks and How To Protect Your Computer and Data - Part 1 of 3
https://www.peerlyst.com/posts/cyberattacks-and-how-to-protect-your-computer-and-data-part-1-of-3-josh-moulin

Cyberattacks and How To Protect Your Computer and Data - Part 2 of 3
https://www.peerlyst.com/posts/cyberattacks-and-how-to-protect-your-computer-and-data-part-2-of-3-josh-moulin

Cyberattacks and How To Protect Your Computer and Data - Part 3 of 3
https://www.peerlyst.com/posts/cyberattacks-and-how-to-protect-your-computer-and-data-part-3-of-3-josh-moulin

Cyber Threat Intelligence: Comparing the incident-centric and actor-centric approaches
https://www.linkedin.com/pulse/cyber-threat-intelligence-comparing-incident-centric-approaches-mark/

What I Learned from Reverse Engineering Windows Containers
https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/

Python Dictionary
https://learncodewithmike.blogspot.com/2019/12/python-dictionary.html

Securing the System: A Deep Dive into Reversing Android Pre-Installed Apps
https://www.youtube.com/watch?v=U6qTcpCfuFc&feature

Top 10 Cyber Security Trends To Look Out For In 2020
https://cybersecuritycourses.blogspot.com/2019/12/top-10-cyber-security-trends-to-look.html

Modeling somatic computation with non-neural bioelectric networks
https://www.nature.com/articles/s41598-019-54859-8

Digital lockpicking - stealing keys to the kingdom
https://labs.f-secure.com/blog/digital-lockpicking-stealing-keys-to-the-kingdom

Unit 42 Presents New Research at BlueHat Seattle on Three new Windows RDP Vulnerability Exploit Methods
https://unit42.paloaltonetworks.com/unit-42-presents-new-research-at-bluehat-seattle-on-three-new-windows-rdp-vulnerability-exploit-methods/

6 Steps to Prevent a Cyber Attack Against your Business
https://medium.com/@Priya.Reddy/6-steps-to-prevent-a-cyber-attack-against-your-business-ea48d7aed2b9

Hacking Android With Metasploit
https://linuxsecurityblog.com/2019/09/04/hacking-android-with-metasploit/

Spy on Traffic from a Smartphone with Wireshark
https://null-byte.wonderhowto.com/how-to/spy-traffic-from-smartphone-with-wireshark-0198549/

Review of Snowden's book Permanent Record - Part II: At the NSA
https://www.electrospaces.net/2019/12/review-of-snowdens-book-permanent.html

Inside the mind of a hacker
https://www.itpro.co.uk/security/hacking/354310/inside-the-mind-of-a-hacker

What Goes on During Threat Hunting
https://www.techslang.com/what-goes-on-during-threat-hunting/

Screetsec/TheFatRat
https://github.com/Screetsec/TheFatRat

al0ne/nginx_log_check
https://github.com/al0ne/nginx_log_check

den4uk / Andriller
https://github.com/den4uk/andriller

andreafioraldi/frida-fuzzer
https://github.com/andreafioraldi/frida-fuzzer

Areizen/Android-Malware-Sandbox
https://github.com/Areizen/Android-Malware-Sandbox

MobSF/Mobile-Security-Framework-MobSF
https://github.com/MobSF/Mobile-Security-Framework-MobSF

Python Scripting For The Ethical Hacker
https://linuxsecurityblog.com/2018/06/21/python-scripting-for-the-ethical-hacker/

How To Fully Anonymize Your System
https://linuxsecurityblog.com/2019/11/20/how-to-fully-anonymize-your-system/

Cronos — HackTheBox Walkthrough
https://medium.com/@RainSec/cronos-hackthebox-walkthrough-d24d5ef0e2d3

Send Secret Files in an Image Using Steganography
https://linuxsecurityblog.com/2019/10/02/send-secret-files-in-an-image-using-steganography/

Phishing Campaign Targets Login Credentials of Multiple US, International Government Procurement Services
https://www.anomali.com/blog/phishing-campaign-targets-login-credentials-of-multiple-us-international-government-procurement-services

How Does a Hashing Algorithm Work
https://bigdatafinance.tw/index.php/blockchain/1333-how-does-a-hashing-algorithm-work

BlueKeep – Exploit Windows (RDP Vulnerability) Remotely
https://linuxsecurityblog.com/2019/10/10/bluekeep-exploit-windows-rdp-vulnerability-remotely/

PenTesting: Gaining Root Privileges on Kioptrix
https://linuxsecurityblog.com/2019/12/06/pentesting-gaining-root-privileges-on-kioptrix/

Neural Information Processing Systems (NeurIPS)
https://slideslive.com/neurips

Cyber Threat Intelligence: Observing the adversary
https://blog.intel471.com/2016/05/17/cyber-threat-intelligence-observing-the-adversary/

Being a cyber threat intelligence analyst and operating in the fog of uncertainty
https://blog.intel471.com/2017/05/25/being-a-cyber-threat-intelligence-analyst-and-operating-in-the-fog-of-uncertainty/

Actionable intelligence — Is it a capability problem or does your intelligence provider suck
https://blog.intel471.com/2016/05/18/actionable-intelligence-is-it-a-capability-problem-or-does-your-intelligence-provider-suck/

Clever hack creates the first 128GB 3.5-inch floppy drive
https://www.extremetech.com/extreme/223736-clever-hack-creates-the-first-128gb-1-44-inch-floppy-drive

From iPhone to NT AUTHORITY\SYSTEM – exploit ‘Printconfig’ dll with a real-world example
https://securityaffairs.co/wordpress/95135/hacking/iphone-printconfig-dll-exploitation.html

It’s time to disconnect RDP from the internet
https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/

2FA: Double down on your security
https://www.welivesecurity.com/2019/12/13/2fa-double-down-your-security/

HTTP Request Smuggling + IDOR
https://hipotermia.pw/bb/http-desync-idor

rewardone/OSCPRepo
https://github.com/rewardone/OSCPRepo

Cobalt Strike – Bypassing Windows Defender with Obfuscation
http://www.offensiveops.io/tools/cobalt-strike-bypassing-windows-defender-with-obfuscation/

Cyber Threat Intelligence: Observing the adversary
https://blog.intel471.com/2016/05/17/cyber-threat-intelligence-observing-the-adversary/

Top 5 Essential Features of Effective Cybersecurity for Web Apps
https://thehackernews.com/2019/12/web-application-cybersecurity.html

A sinkhole for collecting and analysing malicious traffic
https://github.com/scrapbird/sinkholed

Nginx Log Check - Nginx Log Security Analysis Script
https://www.kitploit.com/2019/12/nginx-log-check-nginx-log-security.html

alphaSeclab/awesome-reverse-engineering
https://github.com/alphaSeclab/awesome-reverse-engineering/blob/master/Readme_en.md

F.商業
So-net合作Nexusguard 打造全新資安防禦服務
http://bit.ly/2PitWZa

BAE Systems to develop new cyber tools for DARPA to improve security of electronic data formats
http://bit.ly/2RWrI3v

Google提升Chrome密碼防護,當帳密被盜時主動發出警告
https://www.techbang.com/posts/75010-google-boosts-chrome-password-protection-to-proactively-warn-when-books-are-stolen

從駭客偵測到保險理賠,AI資安新創打造一條龍服務
https://www.bnext.com.tw/article/47673/cycarrier

硬體卸載當道,以虛勝實不是夢
https://www.ithome.com.tw/voice/134836

Mozilla要求Firefox外掛開發商啟用2FA
https://www.ithome.com.tw/news/134855

鄧白氏協助銀行客戶解決資安問題
https://ctee.com.tw/industrynews/financesmanage/190826.html

關貿網路搶資安商機 看準中小企業需求
https://pr.aotter.net/p/13709/[email protected]

台北市電腦公會將選新任理事長 友達彭双浪呼聲高
https://money.udn.com/money/story/5612/4230061

安碁資訊結盟泰國DCS合作夥伴 SOC資安服務正式啟動
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000574479_CYD3PNUB87BON38CPLDE5

安碁資訊助宏碁取得資安管理認證
https://www.chinatimes.com/realtimenews/20191217002850-260410?chdtv

A10 助企業實現全面資安防護
https://ctee.com.tw/industrynews/technology/191590.html

系統整合商小且少 成台灣推動智慧製造瓶頸
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000575154_ert28cb84wtpza52yellg

Keyfactor:每182個RSA憑證就有一個可被攻陷
https://www.ithome.com.tw/news/134890

趨勢科技在臺公布2020資安預測,BEC詐騙、IoT攻擊手法更複雜
https://www.ithome.com.tw/news/134893

Akamai攜手零壹科技 建構全方位資安防護機制
https://ithome.com.tw/pr/134937

台灣大車隊聯袂中信國際電訊 建構資安防護
https://money.udn.com/money/story/10860/4238053

聚合資料與雲端儲存趨勢 醫療產業轉型也將伴隨資安風險
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=70&id=0000574989_xtjlpru27dcroylm1s0ly

結合資料正規化、加密壓縮,ParseMe加快資料前置處理
https://www.ithome.com.tw/review/132614

Opera becomes part of the CNA program
https://blogs.opera.com/security/2019/12/opera-becomes-part-of-the-cna-program/

Group-IB forges new security partnerships and threat intelligence sharing to ensure Singapore's cyber resilience
https://securitybrief.asia/story/group-ib-forges-new-security-partnerships-and-threat-intelligence-sharing-to-ensure-singapore-s-cyber-resilience

Fortinet acquires security automation provider CyberSponse
https://www.zdnet.com/article/fortinet-acquires-security-automation-provider-cybersponse/#ftag=RSSbaffb68

Microsoft delivers first Windows 10 Fast Ring build from its new development branch
https://www.zdnet.com/article/microsoft-delivers-first-windows-10-fast-ring-build-from-its-new-development-branch/#ftag=RSSbaffb68

McAfee Considers Purchase of NortonLifeLock: Report
https://www.bankinfosecurity.com/mcafee-considers-purchase-nortonlifelock-report-a-13488

Mozilla: Firefox Add-On Developers Must Use 2FA
https://www.bankinfosecurity.asia/mozilla-firefox-add-on-developers-must-use-2fa-a-13511

Google Offers Financial Support to Open Source Projects for Cybersecurity
https://thehackernews.com/2019/12/google-open-source-projects.html

G.政府
國安局裁撤公開情報中心 臉書網路社群監控移轉第四處
https://news.ltn.com.tw/news/politics/breakingnews/3007703

H.ICS/SCADA 工控系統
Schneider Electric SoMachine Basic和Schneider Electric Modicon M221授權問題漏洞
https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01/

Siemens SPPA-T3000反序列化不受信任數據漏洞
https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf

Flaws in Siemens SPPA-T3000 control system expose power plants to hack
https://securityaffairs.co/wordpress/95092/ics-scada/siemens-sppa-t3000-flaws.html

工控資安標準 IEC 62443 認驗證機制:ISA Secure scheme 篇
https://secbuzzer.co/post/131

電影駭客交鋒中工控那些事
http://www.gzkjwb.com/5bd66/12643.html

施耐德修復了Modicon 和EcoStruxure 產品中的DoS 漏洞
http://hackernews.cc/archives/28817

工控系統面臨數位轉型 工業物聯網資安風險日增
https://www.chtsecurity.com/news/b2db79d5-eddd-4667-89b9-d054c77251b1

WAGO PLC中的多個漏洞風險通告
https://www.venustech.com.cn/article/1/10845.html

工業製程轉型,工控資安也要轉型
https://secbuzzer.co/post/92

製造智慧化風險大增 資安意識提升刻不容緩
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000575148_YDE2DMT43GXJA6996JXLP

西門子SPPA-T3000工控系統曝數十個漏洞,全球大規模斷電一觸即發
https://kknews.cc/tech/zyv4ozp.html

I.教育訓練
資訊安全分析師在做什麼
https://event.1111.com.tw/careermaster/detail/140404?agent=out_hiwork_outlink

How a build log from a Jenkins leaked everything
https://medium.com/@aseem.shrey/mind-your-logs-how-a-build-log-from-a-jenkins-leaked-everything-603cf07fa85

使用Ghidra P-Code進行輔助逆向分析
http://bit.ly/34iHl7L

駭客自首:極惡網路攻擊的內幕技巧
https://www.books.com.tw/products/0010842697?loc=P_0001_011

Kali Linux 滲透測試工具|花小錢做資安,你也是防駭高手
https://www.tenlong.com.tw/products/9789865023584?list_name=i-r-zh_tw

駭客自首:極惡網路攻擊的內幕技巧
https://www.books.com.tw/products/0010842697?loc=P_0001_011

【Raspberry-Pi】Raspberry-Pi 4 的安裝過程
https://william-weng.github.io/2019/12/08/raspberry-pi-helloworld/

在 Kubernetes Engine 中部署 Jenkins 並以之實作持續交付
http://bit.ly/2qSZjA2

React Conf 2019 | 筆記
http://bit.ly/2sxuEZn

108 年特種考試地方政府公務人員考試試題 資訊管理與資通安全
https://info.public.com.tw/prog/gavin/reference/rfile/FD-20191215173840-DKN.pdf

Where Do I Start Studying for the CISSP
https://www.studynotesandtheory.com/single-post/Where-Do-I-Start-Studying-for-the-CISSP

Design science research — a short summary
https://bigdatafinance.tw/index.php/tech/1334-design-science-research-a-short-summary

Docker For Pentesting And Bug Bounty Hunting
https://www.youtube.com/watch?v=5G6tA8Q9AuQ&

Extracting Information from a Phone Number using OSINT Tool
https://www.peerlyst.com/posts/extracting-information-from-a-phone-number-using-osint-tool-irfan-shakeel

Stories of a CISSP: SNMP Monitoring
https://www.studynotesandtheory.com/single-post/Stories-of-a-CISSP-SNMP-Monitoring

Do certificates help your cybersecurity career
https://www.peerlyst.com/posts/do-certificates-help-your-cybersecurity-career-kimberly-crawley

樹莓派之學習 OpenWrt 的世界
http://www.sandal.tw/article.php?id=7

Interview with Cyber Threat Specialist, John Modica
https://medium.com/@dmferreira/interview-with-cyber-threat-specialist-john-modica-d3708b235207

Kali Linux & Metasploit: Getting Started with Pentesting by Nicholas Handy
https://hakin9.org/kali-linux-metasploit-getting-started-with-pentesting/

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
2019年底將發布多款物聯網資安標章合格產品
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000574896_3TQ7559OLICSYK51QG9OX

FBI警告筆電不應和物聯網裝置共用Wi-Fi網路
https://www.ithome.com.tw/news/134813

卡巴斯基 Cyber Insights 2019 工業4.0智慧製造資安論壇:資安無人可置身事外
http://bit.ly/35mwcnJ

打造你的 AI 資安鑑識專家:ALBL 仲裁技術演算法 (以 KDD99 為例)
https://secbuzzer.co/post/68

獨自在家突然有人跟你講話? 可能被駭客入侵了
https://udn.com/news/story/7088/4227116?from=udn-catelistnews_ch2

「嗨,我是聖誕老公公」:駭客入侵監控攝影機 Amazon Ring,與美國女童遠端對話
https://www.inside.com.tw/article/18365-hacker-accesses-ring-camera-in-little-girls-bedroom-to-tell-her-hes-santa

宛如恐怖片 駭客入侵監視器跟孩童說"hello"智慧型監視器遭駭客入侵 全美各地傳案例
http://bit.ly/2RWphO3

智能電視可成駭客目標 監聽監視盜取私人信息
https://www.ntdtv.com/b5/2019/12/14/a102729100.html

騙過登機、支付系統!AI新創用擬真面具和照片,破解臉部辨識技術
https://www.bnext.com.tw/article/55917/airport-store-facial-recognition-systems-fooled

企業在物聯網技術應用下可能面對之風險管理議題
https://money.udn.com/money/story/5640/4229048

360安全團隊為奔馳修復了19個智能網聯汽車有關的潛在漏洞
https://kknews.cc/car/95qako5.html

信通院發布《2019互聯網設備-智能音箱安全白皮書》 90%產品未採用加密存儲芯片
https://tech.sina.com.cn/roll/2019-12-19/doc-iihnzahi8670308.shtml

Artificial Intelligence to be Used for Charting, Intel Collection
https://www.defense.gov/explore/story/Article/2040031/artificial-intelligence-to-be-used-for-charting-intel-collection/f

AI helps discover new geoglyph in the Nazca Lines
https://www.theverge.com/2019/11/19/20970578/nazca-lines-ai-machine-learning-143-new-geoglyphs-ibm-japan-yamagata-university

Machine learning opens up new worlds for developers
https://www.zdnet.com/article/machine-learning-means-expanded-job-roles-for-developers/#ftag=RSSbaffb68

'Learning' is still the operative word in machine learning initiatives
https://www.zdnet.com/article/learning-is-still-the-operative-word-in-machine-learning-initiatives/#ftag=RSSbaffb68

Study: IoT Devices Have Alarmingly Weak RSA Keys
https://www.bankinfosecurity.asia/study-iot-devices-have-alarmingly-weak-rsa-keys-a-13510

6.近期資安活動及研討會
openSUSE Taiwan Year End Party 2019 2019/12/22
https://opensuse-tw.kktix.cc/events/year2019

若渴計畫 (台南場):徵求分享 X vpn X 新聞討論 2019/12/22
https://www.facebook.com/events/1380942692079977/

雲端與物聯網世代DDoS防護之道,新的資安觀念、新的防護工具,實務案例分析 12/26
https://www.techbang.com/posts/75046-course-ddos

 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

 2020核果資訊冬季班 Python 程式語言 (Level 1) 1/22~ 2/13
 https://www.accupass.com/event/1911150442131985092910

 PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
 https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world

 制御システムセキュリティカンファレンス 2020  2020年2月14日
 https://www.jpcert.or.jp/event/ics-conference2020.html



沒有留言:

張貼留言

2024年 12 月份資安、社群活動分享

  2024年 12 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/3 https://www.meetup.com/taiwan-code-camp/e...