資安事件新聞週報 2019/12/16 ~ 2019/12/20
1.重大弱點漏洞/後門/Exploit/Zero Day
Micro Focus ArcSight Logger 跨站請求偽造漏洞 CVE-2019-11657
https://nvd.nist.gov/vuln/detail/CVE-2019-11657
Trend Micro HouseCall for Home Networks 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19689
TP-Link 路由器遠端執行任意程式碼漏洞
https://www.securitywizardry.com/the-radar-page/alert-details#alerts
TP-Link修補不用密碼就能登入路由器的安全漏洞
https://www.ithome.com.tw/news/134878
TP-Link Archer Router Vulnerability Voids Admin Password, Can Allow Remote Takeover
https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/
新的攻擊 CPU 手法 Plundervolt 出現,超頻降頻也能觸發漏洞
https://technews.tw/2019/12/17/cpu-plundervolt/
微軟下個月開始用全螢幕提醒你升級Windows 7
https://www.ithome.com.tw/news/134781
微軟悄悄將Windows 10 Mobile實際終止更新時間延後一個月
https://mashdigi.com/microsoft-quietly-extends-support-for-windows-10-mobile/
So you want to keep running Windows 7? Good luck with that, small businesses
https://www.zdnet.com/article/so-you-want-to-keep-running-windows-7-good-luck-with-that-small-businesses/#ftag=RSSbaffb68
Microsoft Security Essentials updates not included in Windows 7 ESU
https://www.zdnet.com/article/microsoft-security-essentials-updates-not-included-in-windows-7-esu/#ftag=RSSbaffb68
Multiple Vulnerabilities in Barco ClickShare
https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/
Npm team warns of new 'binary planting' bug
https://www.zdnet.com/article/npm-team-warns-of-new-binary-planting-bug/#ftag=RSSbaffb68
Symantec Messaging Gateway CVE-2019-18379
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-18379
Trend Micro Security CVE-2019-18190
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-18190
SQLite CVE-2019-19603
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-19603
小心!! 黑客可通過漏洞避開防毒偵查?! 【黑開有條路!!】Intel RST 被發現存在漏洞
http://bit.ly/34A8DXs
Seven Critical Vulnerabilities Discovered in Portainer
https://www.fortinet.com/blog/threat-research/seven-critical-vulnerabilities-portainer.html
Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw
https://thehackernews.com/2019/12/drupal-website-hacking.html
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
首例!國壽、易遊網推「旅平險一站式服務」 5步驟輕鬆投保
https://www.ettoday.net/news/20191213/1601551.htm
監理沙盒上線 1分鐘買好旅平險
https://udn.com/news/story/7239/4225564?from=udn-catelistnews_ch2
開放銀行潮流下 防治金融犯罪成重要議題
https://money.udn.com/money/story/5636/4225488
銀行防斷線 資安升級大作戰
https://www.chinatimes.com/newspapers/20191215000257-260202?chdtv
拒駭 呂桔誠:國銀要打聯防
https://www.chinatimes.com/newspapers/20191215000259-260202?chdtv
Visa警告:加油站POS系統成為FIN8駭客集團的新目標
https://ithome.com.tw/news/134832
能提前發現和修補漏洞支付寶安全實驗室在BlackHat推出兩款移動安全工具
https://blog.51cto.com/14164343/2457924
隔空“刷爆”銀行卡一新型網絡盜刷團伙被端
http://news.xmnn.cn/xmnn/2019/12/14/100638912.shtml
隔空「刷爆」銀行卡 一新型網路盜刷團伙被端
https://news.sina.com.tw/article/20191214/33669598.html
銀行卡被「隔空」盜刷 警方提示如何辨「異象」
https://news.sina.com.tw/article/20191215/33673926.html
銀行業最大風險恐不在中國違約升高 網路資安才是戰場
https://news.cnyes.com/news/id/4423225
開放API 責任歸屬待克服
https://money.udn.com/money/story/12040/4225573
中國銀聯建立威脅情報體系實戰案例
https://kknews.cc/tech/gp6x3vy.html
金管會推普惠金融 要訂KPI
https://money.udn.com/money/story/5613/4223519
誰搶了銀行?他們懸賞2.5萬元希望找出嫌犯
http://bit.ly/2PKVi9g
金融機構如何應對日益頻繁的網絡攻擊
http://blog.itpub.net/69933183/viewspace-2668681/
金融機構創新業務 改走試辦
https://www.chinatimes.com/newspapers/20191212000274-260202?chdtv
Visa警告加油站刷卡 易遭黑客入侵
http://bit.ly/35CdmZK
Visa警告:在加油站刷信用卡 小心被駭
http://bit.ly/2PtNlqf
小心加油也會被駭!Fin8 駭客組織入侵加油站 POS 系統竊取信用卡資料
https://technews.tw/2019/12/17/visa-warns-that-hackers-are-scraping-card-details-from-gas-pumps/
數位轉型讓銀行的「風險」也轉型了!比起企業違約率,網路資安的風險更大
https://buzzorange.com/techorange/2019/12/16/risk-of-banks/
國泰投信申請 網路資安指數認可
https://money.udn.com/money/story/5607/4230482
純網銀即將開業 顧立雄:要真的引導創新,一定得玩大的
https://www.cw.com.tw/article/article.action?id=5098156
【虛擬銀行】眾安銀行跑出 成為首間試業虛銀
http://bit.ly/2tqB6Sw
【2020年臺灣金融圈最新變革:LINE Bank、樂天銀行、將來銀行】3家純網銀首度同臺亮相,大秀自家最新特色
https://www.ithome.com.tw/news/134869
Govt, banks spend $270m to combat cyberattacks
https://punchng.com/govt-banks-spend-270m-to-combat-cyberattacks/
Batch of 460,000+ Payment Cards Sold on Black Market Forum
https://www.bleepingcomputer.com/news/security/batch-of-460-000-payment-cards-sold-on-black-market-forum/
Scoop: The World Bank told Taiwanese staff to get Chinese passports
https://www.axios.com/world-bank-taiwan-staff-china-passport-dde4ca2d-a251-48c5-a566-fe25d754b776.html
Internet banking sites and their use of TLS... and SSLv3... and SSLv2
https://isc.sans.edu/diary/rss/25606
Net banking & card frauds up 50%, Delhi is ATM con capit ..
https://timesofindia.indiatimes.com/city/delhi/net-banking-card-frauds-up-50-delhi-is-atm-con-capital/articleshow/72466808.cms
Cases of Net Banking and ATM Frauds Increase by 50% in New Delhi
https://www.ehackingnews.com/2019/12/cases-of-net-banking-and-atm-frauds.html
THREE ARRESTED FOR BLOWING UP ATMS IN GERMANY AND HUNGARY
https://www.europol.europa.eu/newsroom/news/three-arrested-for-blowing-atms-in-germany-and-hungary
Visa: Gas Station Networks Targeted to Steal Card Data
https://www.bankinfosecurity.com/visa-gas-station-networks-targeted-to-steal-card-data-a-13507
Skimming Campaign Leveraged Heroku Cloud Platform: Report
https://www.bankinfosecurity.com/skimming-campaign-leveraged-heroku-cloud-platform-report-a-13472
PSD2: The Compliance and Enforcement Update
https://www.bankinfosecurity.com/interviews/psd2-compliance-enforcement-update-i-4526
Credit Card Data Exposed Online Is Tested Within 2 Hours
https://www.bleepingcomputer.com/news/security/credit-card-data-exposed-online-is-tested-within-2-hours/
Singapore digital banking era will put focus on SMBs, consumer trust
https://www.zdnet.com/article/singapore-digital-banking-era-will-put-focus-on-smbs-consumer-trust/#ftag=RSSbaffb68
3.電子支付/電子票證/行動支付/ pay/新聞及資安
「未來遊樂園」即將開幕!每項設施都用行動支付,遊客想玩什麼再付錢即可
https://buzzorange.com/techorange/2019/12/19/jets-carnival/
在大陸行動支付 小心「嗅探」隔空盜刷
https://udn.com/news/story/7333/4204641
LINE金融策略調整 電子支付改名、推全新行動支付App
https://udn.com/news/story/7241/4201877
4.虛擬貨幣/區塊鍊相關新聞及資安
加密貨幣商神秘身亡 債權人訴請驗屍確認
http://bit.ly/2ss69Nu
人為疏失成最大漏洞? VeChain 基金會遭竊走 6,500 萬美元 VET 代幣
https://blockcast.it/2019/12/16/vechain-hacked-losing-1b-vet-tokens-worth-6m-usd/
VeChain 基金會被駭客入侵,價值 $650 萬美元的 VET 代幣被盜去
http://bit.ly/2PtIxkp
得天獨厚的中國礦工|三分之二的比特幣產出來自中國,66% 的算力貢獻持續攀升
https://bigdatafinance.tw/index.php/blockchain/1345-66
幣寶台灣與幣寶日本將在1月14日再次開庭!三分鐘回顧幣寶被駭事件
https://news.knowing.asia/news/3b0d6128-d5d8-4463-aa8a-a447759d9658
香港比特幣投資公司在台吸金上億!投資比特幣前得先注意這三點
https://news.knowing.asia/news/ad156d9c-60d6-46b0-90f1-aaa5114ccf31
關於2019年區塊鏈產業經歷過的風雨,你還記得多少
https://news.knowing.asia/news/b82feb80-f033-46af-8f90-33cfb7e9e0ef
讓虛擬貨幣交易合規有保障 庫幣科技Sygna為台爭光
https://ec.ltn.com.tw/article/breakingnews/3014626
Spammers force Keybase to stop Stellar Space Drop cryptocurrency handouts
https://www.zdnet.com/article/spammers-force-keybase-to-stop-stellar-space-drop-cryptocurrency-handouts/#ftag=RSSbaffb68
Attackers now use process hollowing to hide cryptocurrency miners on your PC
https://www.zdnet.com/article/monero-miners-can-lurk-undetected-through-new-process-hollowing-technique/#ftag=RSSbaffb68
(Almost) Hollow and Innocent: Monero Miner Remains Undetected via Process Hollowing
https://blog.trendmicro.com/trendlabs-security-intelligence/almost-hollow-and-innocent-monero-miner-remains-undetected-via-process-hollowing/
Shopin founder charged by SEC for running $42 million scam cryptocurrency ICO
https://www.zdnet.com/article/shopin-founder-charged-by-sec-for-running-scam-cryptocurrency-ico/#ftag=RSSbaffb68
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
新版Echobot殭屍病毒所使用的漏洞攻擊程式增加到77個
https://www.ithome.com.tw/news/134830
New Echobot Variant Exploits 77 Remote Code Execution Flaws
https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/
卡巴斯基表示: 惡意軟體數量有所上升,攻擊手段有所轉變
https://news.xfastest.com/kaspersky/73746/kaspersky-said-that-the-method-of-how-malwares-attack-has-changed/
蘋果電腦不中毒神話破滅?資安公司發布報告 Mac威脅偵測呈上升趨勢
https://www.ettoday.net/news/20191217/1603807.htm
微軟:不鼓勵企業支付勒索軟體贖金
https://www.ithome.com.tw/news/134879
今年美國有超過1,000所學校遭勒索軟體波及
https://ithome.com.tw/news/134907
勒索軟體受害者到底該不該向駭客妥協?向其支付贖金
https://ek21.com/news/tech/166073/
NJ’s largest hospital system forced to pay ransom in cyber attack
https://nj1015.com/nj-largest-hospital-system-forced-to-pay-ransom-in-cyber-attack/
Ryuk Ransomware Likely Behind New Orleans Cyberattack
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-likely-behind-new-orleans-cyberattack/
Largest hospital system in New Jersey was hit by ransomware attack
https://securityaffairs.co/wordpress/95152/cyber-crime/new-jersey-hospital-ransomware-attack.html
Microsoft: We never encourage a ransomware victim to pay
https://www.zdnet.com/article/microsoft-we-never-encourage-a-ransomware-victim-to-pay/#ftag=RSSbaffb68
Decryptor Bug Means Ryuk Victims Stuck in Ransomware Rut
https://www.bankinfosecurity.com/decryptor-bug-means-victims-stuck-in-ryuk-ransomware-rut-a-13481
North Korean Hackers Tapping Into TrickBot: Report
https://www.bankinfosecurity.com/north-korean-hackers-tapping-into-trickbot-report-a-13497
Georgia Wire Manufacturer Struck by Ransomware
https://www.bankinfosecurity.com/georgia-wire-manufacturer-struck-by-ransomware-a-13496
Wiper Malware Targets Middle Eastern Energy Firms: Report
https://www.bankinfosecurity.com/wiper-malware-targets-middle-eastern-energy-firms-report-a-13474
Two Russians Indicted Over $100M Dridex Malware Thefts
https://www.bankinfosecurity.com/two-russians-indicted-over-100m-dridex-malware-thefts-a-13473
New Malware Campaign Uses Trojanized 'Tetris' Game: Report
https://www.bankinfosecurity.com/new-malware-campaign-uses-trojanized-tetris-game-report-a-13465
Emotet Trojan is Inviting You To A Malicious Christmas Party
https://www.bleepingcomputer.com/news/security/emotet-trojan-is-inviting-you-to-a-malicious-christmas-party/
Incident Response lessons from recent Maze ransomware attacks
https://blog.talosintelligence.com/2019/12/IR-Lessons-Maze.html
Lazarus pivots to Linux attacks through Dacls Trojan
https://www.zdnet.com/article/lazarus-pivots-to-linux-attacks-through-dacls-trojan/#ftag=RSSbaffb68
Lazarus Group使用Dacls RAT攻擊Linux平台
https://blog.netlab.360.com/dacls-the-dual-platform-rat/
Dridex Banking Trojan Infections and PowerShell Empire Activity Preceding BitPaymer Ransomware Attacks
https://www.it.ucla.edu/security/advisories/dridex-banking-trojan-infections-powershell-empire-activity-preceding-bitpaymer-ransomware-attacks
Maze Ransomware Gang Dumps Purported Victim List
https://www.bankinfosecurity.asia/blogs/maze-ransomware-gang-dumps-purported-victim-list-p-2839
Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia
https://unit42.paloaltonetworks.com/rancor-cyber-espionage-group-uses-new-custom-malware-to-attack-southeast-asia/
14 Ways to Evade Botnet Malware Attacks On Your Computers
https://thehackernews.com/2019/12/botnet-malware-attacks.html
Another ransomware strain is now stealing data before encrypting it
https://www.zdnet.com/article/another-ransomware-strain-is-now-stealing-data-before-encrypting-it/#ftag=RSSbaffb68
2019: The year in malware
https://blog.talosintelligence.com/2019/12/2019-year-in-malware.html
Attackers Posing as German Authorities Distribute Emotet Malware
https://www.bleepingcomputer.com/news/security/attackers-posing-as-german-authorities-distribute-emotet-malware/
Achtung: Schadhafte SPAM-Mails im Namen mehrerer Bundesbehörden
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Spam-Bundesbehoerden_181219.html
ScreenConnect MSP Software Used to Install Zeppelin Ransomware
https://www.bleepingcomputer.com/news/security/screenconnect-msp-software-used-to-install-zeppelin-ransomware/
CONNECTWISE CONTROL ABUSED AGAIN TO DELIVER ZEPPELIN RANSOMWARE
https://blog.morphisec.com/connectwise-control-abused-again-to-deliver-zeppelin-ransomware
B.行動安全 / iPhone / Android /穿戴裝置 /App
挪威電信放棄合作十年的華為 改用瑞典愛立信
https://hk.news.appledaily.com/international/realtime/article/20191214/60377221
5G時代下的資安風險 專家:政府應制定相關法律
http://www.epochtimes.com/b5/19/12/15/n11724118.htm
G Suite明年6月將強制第三方app支援OAuth
https://www.ithome.com.tw/news/134876
WhatsApp臭蟲可搞掛所有群聊成員的App、永遠退出群組
https://www.ithome.com.tw/news/134892
一條訊息足致全群組死機 WhatsApp推新版本修復漏洞
http://bit.ly/2M5altd
The Media Trust揭露鎖定iPhone用戶的惡意廣告活動
https://www.ithome.com.tw/news/134913
Persistent Malware Using Multiple Techniques Hits Online Readers in Time for the Holidays
https://mediatrust.com/sites/default/files/2019-12/Krampus-3PC_2019-1211.pdf
AirDrop爆發惡意漏洞,立即更新iOS 13.3 即可防止遭受攻擊
https://mrmad.com.tw/update-ios-13-3-to-prevent-hackers-from-airdrop
iPhone AirDrop爆漏洞 教你防禦拒絕陌生人無限傳送檔案
http://bit.ly/35shhs5
From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13
https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13
Twitter proposes open social network standard
https://www.zdnet.com/article/twitter-proposes-open-social-network-standard/#ftag=RSSbaffb68
This Bug Could Have Let Anyone Crash WhatsApp Of All Group Members
https://thehackernews.com/2019/12/whatsapp-group-crash.html
Google fixes Chrome 79 data loss bug on Android
https://www.zdnet.com/article/google-fixes-chrome-79-data-loss-bug-on-android/#ftag=RSSbaffb68
Is your Phone infected by this Mobile Malware: Agent Smith
https://www.achillesresolute.com/blog/agent-smith-malware.html
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
LifeLabs遭駭客入侵 本省及安省1500萬客户資料被盜
https://www.am1470.com/news_detail.php?i=89147
加拿大醫學實驗室被駭 國內近半人口個資恐外洩
https://living.taronews.tw/2019/12/18/562414/
LifeLabs pays hackers to recover data of 15 million customers
https://www.zdnet.com/article/lifelabs-pays-hackers-to-recover-data-of-15-million-customers/#ftag=RSSbaffb68
資安業者:蟄伏中國駭客團體 復出攻擊政府企業
https://www.cna.com.tw/news/ait/201912190388.aspx
Operation Wocao: Shining a light on one of China’s hidden hacking groups
https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
數百家製造業者遭網路間諜鎖定,超過一半位於南韓
https://www.ithome.com.tw/news/134912
Gangnam Industrial Style: APT Campaign Targets Korean Industrial Companies
https://cyberx-labs.com/blog/gangnam-industrial-style-apt-campaign-targets-korean-industrial-companies/
官網、郵件、會計系統遭境外IP攻擊停擺 民進黨已報案
https://www.storm.mg/article/2077881
民進黨官網、郵件系統連2天癱瘓 羅文嘉已報警
http://bit.ly/2PzI3cP
民進黨部電腦遭駭客入侵 查到某外資公司
https://www.chinatimes.com/realtimenews/20191218003660-260407?chdtv
託管服務供應商常犯的三個電子郵件資安錯誤
https://blog.trendmicro.com.tw/?p=61897
遠端視訊創造企業高效率,但小心雲安全漏洞
https://udn.com/news/story/7086/4234606
沉寂數年後,中國駭客組織再度活躍,攻擊範圍擴展至美英法等國
http://bit.ly/2PCyERv
資安業者:蟄伏中國駭客團體 復出攻擊政府企業
https://www.cna.com.tw/news/ait/201912190388.aspx
軟體工程師利用業餘時間寫的程式碼也算公司的?Nginx之父被捕引發爭議
http://bit.ly/2sKvh1P
ICANN 暫緩 .org 網域銷售,稱買賣方需提供足夠審核的文件
http://bit.ly/38K0rai
2019年11月十大資安新聞
https://www.ithome.com.tw/news/134908
DEF CON CTF主辦人在HITCON CTF論壇,首度公開PWN Collage開源課程
https://times.hinet.net/news/22697842
台灣駭客賽HITCON CTF落幕,DEFCON CTF 主辦人來台分享經驗
https://ec.ltn.com.tw/article/breakingnews/3011124
HITCON CTF賽事培養眾多駭客高手!大企業為什麼吸引不到這些資安人才
https://www.bnext.com.tw/article/55923/hitcon-ctf-teadelivers
中國隊Tea Deliverers贏得HITCON CTF冠軍,直接晉級2020年DEF CON CTF決賽
https://www.ithome.com.tw/news/134848
玩家濫用《Diablo III》Buff漏洞 將受處罰 現已緊急修復
http://bit.ly/2RMOPxd
5G、純網銀上路,資安風險更棘手?4大資安趨勢老闆需注意
https://www.bnext.com.tw/article/55909/trendmicro-estimation2020-cybersecurity
F22戰機電腦無法駭入 美前海軍部長透露真實原因
https://www.chinatimes.com/realtimenews/20191213004221-260417?chdtv
草木皆兵!美擔憂選舉投票機遭陸駭客入侵
https://www.chinatimes.com/realtimenews/20191218004144-260409?chdtv
國外網紅雇用槍手去搶劫「網域名稱」,結果槍手反被對方「撿到槍」差點打死
http://bit.ly/36EImbE
微軟發出警告:一波大規模黑客攻擊來襲電信運營商需警惕
https://www.cnbeta.com/articles/tech/921405.htm
中國大陸衢州警方發布“淨網2019”行動戰果
http://news.qz828.com/system/2019/12/13/011521316.shtml
人臉辨識遭印刷面具破解 中國海關.電子支付系統存漏洞
https://ezone.ulifestyle.com.hk/article/2519502
中國網絡漏洞披露全球性標准進入最終意見徵集階段
https://www.anquanke.com/post/id/195054
中國工信部公開徵求對《網絡安全漏洞管理規定(徵求意見稿)》的意見
http://www.cfis.cn/2019-12/16/c_1125351345.htm
中國的全球觸角:超越防火長城的監控和審查制度
https://lab.ocf.tw/2019/12/12/article/
中國再教育營文件外洩 中國控管新疆變本加厲
https://news.ltn.com.tw/news/world/paper/1339155
新疆機密文件遭洩 外媒:陸緊急焚毀檔案
https://gotv.ctitv.com.tw/2019/12/1188076.htm
周曉輝:高調關注中共盜版仿製 俄補刀不簡單
http://www.epochtimes.com/b5/19/12/16/n11726663.htm
北京警方今年破獲駭客攻擊等涉網案件7800余起
http://big5.eastday.com:82/gate/big5/news.eastday.com/s/20191216/u1ai20231075.html
美起訴俄羅斯情治官員與駭客 卻難以遏制莫斯科食髓知味
https://inanews.tw/archives/81647
通俄調查 美法官:FBI做法不當
http://bit.ly/2S9dgVM
網攻機關企業 駭客全美勒索 鎖數據癱瘓作業 已撈75億
http://bit.ly/2ElbQ2g
俄將斷網測「RuNet」 網路自由存憂慮
https://www.ydn.com.tw/News/357819
澳門設《網安法》天眼監控 議員:恐變「秘密警察」社會
https://tw.news.appledaily.com/international/realtime/20191218/1678778/
中美言和轉單效應仍會持續 楊金龍解密關鍵是資安
https://udn.com/news/story/7238/4237542
大陸如何落實資安與網路安全
https://www.chinatimes.com/realtimenews/20191220000006-260409?chdtv
Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites
https://thehackernews.com/2019/12/wordpress-elementor-beaver.html
Cybersecurity: This password-stealing hacking campaign is targeting governments around the world
https://www.zdnet.com/article/cybersecurity-this-password-stealing-hacking-campaign-is-targeting-governments-around-the-world/
North Korean hackers working with East European cybercriminals
https://www.defenceweb.co.za/cyber-defence/north-korean-hackers-working-with-east-european-cybercriminals/
New Orleans Declares State Of Emergency Following Cyber Attack
https://www.forbes.com/sites/daveywinder/2019/12/14/new-orleans-declares-state-of-emergency-following-cyber-attack/
5 Reasons Why Programmers Should Think like Hackers
https://thehackernews.com/2019/12/cybersecurity-for-programmers.html
Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites
https://thehackernews.com/2019/12/wordpress-elementor-beaver.html
Singapore government triggers online falsehood directive at another opposition politician
https://www.zdnet.com/article/singapore-government-triggers-online-falsehood-directive-at-another-opposition-politician/#ftag=RSSbaffb68
Singapore government issues online falsehood directive to opposition political party
https://www.zdnet.com/article/singapore-government-issues-online-falsehood-directive-to-opposition-political-party/#ftag=RSSbaffb68
Cybersecurity Defenders: Channel Your Adversary's Mindset
https://www.bankinfosecurity.com/cybersecurity-defenders-channel-your-adversarys-mindset-a-13470
Iran investigating third cyberattack in a week
https://www.jpost.com/Middle-East/Iran-investigating-third-cyberattack-in-a-week-611013
Decade retrospective: Cybersecurity from 2010 to 2019
https://www.zdnet.com/article/decade-retrospective-cybersecurity-from-2010-to-2019/#ftag=RSSbaffb68
Senators introduce K-12 Cybersecurity Act
https://www.zdnet.com/article/senators-introduce-k-12-cybersecurity-act/#ftag=RSSbaffb68
Member of 'The Dark Overlord' hacking group extradited to the US
https://www.zdnet.com/article/member-of-the-dark-overlord-hacking-group-extradited-to-the-us/#ftag=RSSbaffb68
Former Palo Alto Networks IT admin charged for running insider trading ring
https://www.zdnet.com/article/former-palo-alto-networks-it-admin-charged-for-running-insider-trading-ring/#ftag=RSSbaffb68
British Hacker Accused of Blackmailing healthcare Firms Extradited to U.S.
https://thehackernews.com/2019/12/dark-overlord-hacker-extradited.html
資安工程師
https://www.104.com.tw/job/6s0e2?jobsource=company_job
資安維運工程師
https://www.104.com.tw/job/6ksyo?jobsource=company_job
網路工程師
https://www.104.com.tw/job/65kx5?jobsource=company_job
資安主管
https://www.104.com.tw/job/6s0e1?jobsource=company_job
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
本田汽車的Elasticsearch資料庫又配置錯誤,這次是2.6萬名車主資訊曝光
https://www.ithome.com.tw/news/134938
要匯款的真是你老闆嗎?小心激增的AI偽冒詐騙
http://bit.ly/2PMKOGC
2019 網友「最常用」密碼排行榜單出爐,驚見這家品牌名稱入榜
https://3c.ltn.com.tw/news/38914
亞馬遜再陷資安風暴 75萬美國人個資可任意下載
https://kairos.news/171386
6萬多個人信息被暗網掛賣海南某網絡公司被罰款10萬元
http://www.hinews.cn/news/system/2019/12/15/032235591.shtml
首次針對反對黨 新加坡政府引《假新聞法》下令更正FB貼文
https://tw.news.appledaily.com/international/realtime/20191216/1677817/
利用支付寶"漏洞"賺錢詐騙28起案值5萬餘元!即墨法院公開審理一起支付寶詐騙案涉案8人均領刑
http://news.bandao.cn/a/318933.html
鑽漏洞?臉書嚴查假消息 網揭「內容農場」換網址又復活
https://news.ltn.com.tw/news/politics/breakingnews/3011186
商務電郵詐騙增 黑客假扮CEO催促匯款
http://bit.ly/35tAvhb
秘密搜集個人資訊 《華郵》駭進汽車有大發現
https://tw.news.appledaily.com/international/realtime/20191218/1678810/
密碼設「ji32k7au4a83」!外國工程師疑惑..這 「亂碼」 怎麼超多人用? 嫩..台灣人一看秒懂
http://bit.ly/2sCtnQW
臉書安全漏洞使黑客能控制5000萬帳戶
http://www.hfsjwb.com/c55e4/11994.html
不想被找到都不行 臉書坦承用這些方法追蹤你
https://www.cna.com.tw/news/firstnews/201912180244.aspx
就算關閉定位服務 臉書還是有辦法找到你
http://bit.ly/38L20F3
假的!早安問候圖會竊個資?專家教大家注意這些事
https://news.ltn.com.tw/news/life/breakingnews/3013494
垃圾郵件廣告系列在用戶恐懼心F中發揮作用
http://bit.ly/2PESgV5
FB 潛藏危機!小心這 7 種常見詐騙方式
https://3c.ltn.com.tw/news/38987
Healthcare.gov出現安全漏洞7.5萬人信息被洩露
https://nosec.org/home/detail/3496.html
光明日報:警惕以虛擬幣為噱頭的新式詐騙
https://news.sina.com.tw/article/20191220/33737612.html
臉書又爆大量個資外洩!2.67億筆用戶ID電話全被看光光 駭客可能來自越南犯罪集團
https://www.ettoday.net/news/20191220/1606411.htm
Facebook再傳數據外洩 包含2.69億用戶資料 多數為美國人
https://fnc.ebc.net.tw/FncNews/else/110173
還在「qwerty123」?2019年最糟密碼大公開
https://news.ltn.com.tw/news/life/breakingnews/3015062
網軍假新聞操弄民意 三大社群媒體防禦作戰
http://bit.ly/2Q3y9z1
Payroll Data of 29,000 Facebook Employees Stolen: Report
https://www.bankinfosecurity.com/payroll-data-29000-facebook-employees-stolen-report-a-13509
The Hidden Cost of a Third-Party Data Breach
https://www.bankinfosecurity.com/blogs/hidden-cost-third-party-data-breach-p-2805
The worst passwords of 2019: Did yours make the list
https://www.welivesecurity.com/2019/12/16/worst-passwords-2019-did-yours-make-list/
Online fake news is costing us $78 billion globally each year
https://www.zdnet.com/article/online-fake-news-costing-us-78-billion-globally-each-year/#ftag=RSSbaffb68
E.研究報告
軟體更新安全規範The Update Framework從CNCF孵化器畢業
https://www.ithome.com.tw/news/134922
混沌工程介紹與實踐
https://www.i5seo.com/hun-dun-gong-cheng-jie-shao-yu-shi-jian.html
原創深度:滲透測試與邊緣設備安全(一)
http://mouser.eetrend.com/content/2019/100046475.html
原創深度:滲透測試與邊緣設備安全(二)
http://mouser.eetrend.com/content/2019/100046508.html
BaseQuery:一款數據漏洞以及泄露數據的強大搜索工具
https://www.chainnews.com/zh-hant/articles/857154805744.htm
Kotlin conf 2019 心得 (上)
http://bit.ly/2qYtplH
Kotlin conf 2019心得(中)
http://bit.ly/2RZjaZC
工控CTF之某固件分析解题
http://www.sohu.com/a/360313706_354899
百萬用戶個人信息洩露漏洞
https://www.freebuf.com/vuls/222028.html
一言不合就改用 gRPC?要我大前端怎麼配合啊
http://bit.ly/38HKkKg
CVE-2019-12750:SEP本地提權漏洞分析(Part 1)
https://www.anquanke.com/post/id/195107
CVE-2019-12750:SEP本地提權漏洞分析(Part 2)
https://www.anquanke.com/post/id/195216
TP-Link Archer系列路由器漏洞可使Admin賬戶密碼保護失效
https://www.freebuf.com/vuls/223076.html
D-link DAP-1860命令注入遠程代碼執行漏洞分析
https://www.4hou.com/info/news/22144.html
Android內核漏洞學習——CVE-2014-3153分析
https://xz.aliyun.com/t/6948
CVE-2017-11906 && CVE-2017-11907 組合漏洞分析筆記
https://bbs.pediy.com/thread-256832.htm
metasploit、powershell之Windows錯誤系統配置漏洞實戰提權
https://cloud.tencent.com/developer/article/1555450
淺談python反序列化漏洞
https://www.cnblogs.com/wh4am1/p/12071804.html
CVE-2019-18670:宏基Quick Access安全漏洞
https://www.4hou.com/vulnerable/22213.html
Cyberattacks and How To Protect Your Computer and Data - Part 1 of 3
https://www.peerlyst.com/posts/cyberattacks-and-how-to-protect-your-computer-and-data-part-1-of-3-josh-moulin
Cyberattacks and How To Protect Your Computer and Data - Part 2 of 3
https://www.peerlyst.com/posts/cyberattacks-and-how-to-protect-your-computer-and-data-part-2-of-3-josh-moulin
Cyberattacks and How To Protect Your Computer and Data - Part 3 of 3
https://www.peerlyst.com/posts/cyberattacks-and-how-to-protect-your-computer-and-data-part-3-of-3-josh-moulin
Cyber Threat Intelligence: Comparing the incident-centric and actor-centric approaches
https://www.linkedin.com/pulse/cyber-threat-intelligence-comparing-incident-centric-approaches-mark/
What I Learned from Reverse Engineering Windows Containers
https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/
Python Dictionary
https://learncodewithmike.blogspot.com/2019/12/python-dictionary.html
Securing the System: A Deep Dive into Reversing Android Pre-Installed Apps
https://www.youtube.com/watch?v=U6qTcpCfuFc&feature
Top 10 Cyber Security Trends To Look Out For In 2020
https://cybersecuritycourses.blogspot.com/2019/12/top-10-cyber-security-trends-to-look.html
Modeling somatic computation with non-neural bioelectric networks
https://www.nature.com/articles/s41598-019-54859-8
Digital lockpicking - stealing keys to the kingdom
https://labs.f-secure.com/blog/digital-lockpicking-stealing-keys-to-the-kingdom
Unit 42 Presents New Research at BlueHat Seattle on Three new Windows RDP Vulnerability Exploit Methods
https://unit42.paloaltonetworks.com/unit-42-presents-new-research-at-bluehat-seattle-on-three-new-windows-rdp-vulnerability-exploit-methods/
6 Steps to Prevent a Cyber Attack Against your Business
https://medium.com/@Priya.Reddy/6-steps-to-prevent-a-cyber-attack-against-your-business-ea48d7aed2b9
Hacking Android With Metasploit
https://linuxsecurityblog.com/2019/09/04/hacking-android-with-metasploit/
Spy on Traffic from a Smartphone with Wireshark
https://null-byte.wonderhowto.com/how-to/spy-traffic-from-smartphone-with-wireshark-0198549/
Review of Snowden's book Permanent Record - Part II: At the NSA
https://www.electrospaces.net/2019/12/review-of-snowdens-book-permanent.html
Inside the mind of a hacker
https://www.itpro.co.uk/security/hacking/354310/inside-the-mind-of-a-hacker
What Goes on During Threat Hunting
https://www.techslang.com/what-goes-on-during-threat-hunting/
Screetsec/TheFatRat
https://github.com/Screetsec/TheFatRat
al0ne/nginx_log_check
https://github.com/al0ne/nginx_log_check
den4uk / Andriller
https://github.com/den4uk/andriller
andreafioraldi/frida-fuzzer
https://github.com/andreafioraldi/frida-fuzzer
Areizen/Android-Malware-Sandbox
https://github.com/Areizen/Android-Malware-Sandbox
MobSF/Mobile-Security-Framework-MobSF
https://github.com/MobSF/Mobile-Security-Framework-MobSF
Python Scripting For The Ethical Hacker
https://linuxsecurityblog.com/2018/06/21/python-scripting-for-the-ethical-hacker/
How To Fully Anonymize Your System
https://linuxsecurityblog.com/2019/11/20/how-to-fully-anonymize-your-system/
Cronos — HackTheBox Walkthrough
https://medium.com/@RainSec/cronos-hackthebox-walkthrough-d24d5ef0e2d3
Send Secret Files in an Image Using Steganography
https://linuxsecurityblog.com/2019/10/02/send-secret-files-in-an-image-using-steganography/
Phishing Campaign Targets Login Credentials of Multiple US, International Government Procurement Services
https://www.anomali.com/blog/phishing-campaign-targets-login-credentials-of-multiple-us-international-government-procurement-services
How Does a Hashing Algorithm Work
https://bigdatafinance.tw/index.php/blockchain/1333-how-does-a-hashing-algorithm-work
BlueKeep – Exploit Windows (RDP Vulnerability) Remotely
https://linuxsecurityblog.com/2019/10/10/bluekeep-exploit-windows-rdp-vulnerability-remotely/
PenTesting: Gaining Root Privileges on Kioptrix
https://linuxsecurityblog.com/2019/12/06/pentesting-gaining-root-privileges-on-kioptrix/
Neural Information Processing Systems (NeurIPS)
https://slideslive.com/neurips
Cyber Threat Intelligence: Observing the adversary
https://blog.intel471.com/2016/05/17/cyber-threat-intelligence-observing-the-adversary/
Being a cyber threat intelligence analyst and operating in the fog of uncertainty
https://blog.intel471.com/2017/05/25/being-a-cyber-threat-intelligence-analyst-and-operating-in-the-fog-of-uncertainty/
Actionable intelligence — Is it a capability problem or does your intelligence provider suck
https://blog.intel471.com/2016/05/18/actionable-intelligence-is-it-a-capability-problem-or-does-your-intelligence-provider-suck/
Clever hack creates the first 128GB 3.5-inch floppy drive
https://www.extremetech.com/extreme/223736-clever-hack-creates-the-first-128gb-1-44-inch-floppy-drive
From iPhone to NT AUTHORITY\SYSTEM – exploit ‘Printconfig’ dll with a real-world example
https://securityaffairs.co/wordpress/95135/hacking/iphone-printconfig-dll-exploitation.html
It’s time to disconnect RDP from the internet
https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/
2FA: Double down on your security
https://www.welivesecurity.com/2019/12/13/2fa-double-down-your-security/
HTTP Request Smuggling + IDOR
https://hipotermia.pw/bb/http-desync-idor
rewardone/OSCPRepo
https://github.com/rewardone/OSCPRepo
Cobalt Strike – Bypassing Windows Defender with Obfuscation
http://www.offensiveops.io/tools/cobalt-strike-bypassing-windows-defender-with-obfuscation/
Cyber Threat Intelligence: Observing the adversary
https://blog.intel471.com/2016/05/17/cyber-threat-intelligence-observing-the-adversary/
Top 5 Essential Features of Effective Cybersecurity for Web Apps
https://thehackernews.com/2019/12/web-application-cybersecurity.html
A sinkhole for collecting and analysing malicious traffic
https://github.com/scrapbird/sinkholed
Nginx Log Check - Nginx Log Security Analysis Script
https://www.kitploit.com/2019/12/nginx-log-check-nginx-log-security.html
alphaSeclab/awesome-reverse-engineering
https://github.com/alphaSeclab/awesome-reverse-engineering/blob/master/Readme_en.md
F.商業
So-net合作Nexusguard 打造全新資安防禦服務
http://bit.ly/2PitWZa
BAE Systems to develop new cyber tools for DARPA to improve security of electronic data formats
http://bit.ly/2RWrI3v
Google提升Chrome密碼防護,當帳密被盜時主動發出警告
https://www.techbang.com/posts/75010-google-boosts-chrome-password-protection-to-proactively-warn-when-books-are-stolen
從駭客偵測到保險理賠,AI資安新創打造一條龍服務
https://www.bnext.com.tw/article/47673/cycarrier
硬體卸載當道,以虛勝實不是夢
https://www.ithome.com.tw/voice/134836
Mozilla要求Firefox外掛開發商啟用2FA
https://www.ithome.com.tw/news/134855
鄧白氏協助銀行客戶解決資安問題
https://ctee.com.tw/industrynews/financesmanage/190826.html
關貿網路搶資安商機 看準中小企業需求
https://pr.aotter.net/p/13709/[email protected]
台北市電腦公會將選新任理事長 友達彭双浪呼聲高
https://money.udn.com/money/story/5612/4230061
安碁資訊結盟泰國DCS合作夥伴 SOC資安服務正式啟動
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000574479_CYD3PNUB87BON38CPLDE5
安碁資訊助宏碁取得資安管理認證
https://www.chinatimes.com/realtimenews/20191217002850-260410?chdtv
A10 助企業實現全面資安防護
https://ctee.com.tw/industrynews/technology/191590.html
系統整合商小且少 成台灣推動智慧製造瓶頸
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000575154_ert28cb84wtpza52yellg
Keyfactor:每182個RSA憑證就有一個可被攻陷
https://www.ithome.com.tw/news/134890
趨勢科技在臺公布2020資安預測,BEC詐騙、IoT攻擊手法更複雜
https://www.ithome.com.tw/news/134893
Akamai攜手零壹科技 建構全方位資安防護機制
https://ithome.com.tw/pr/134937
台灣大車隊聯袂中信國際電訊 建構資安防護
https://money.udn.com/money/story/10860/4238053
聚合資料與雲端儲存趨勢 醫療產業轉型也將伴隨資安風險
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=70&id=0000574989_xtjlpru27dcroylm1s0ly
結合資料正規化、加密壓縮,ParseMe加快資料前置處理
https://www.ithome.com.tw/review/132614
Opera becomes part of the CNA program
https://blogs.opera.com/security/2019/12/opera-becomes-part-of-the-cna-program/
Group-IB forges new security partnerships and threat intelligence sharing to ensure Singapore's cyber resilience
https://securitybrief.asia/story/group-ib-forges-new-security-partnerships-and-threat-intelligence-sharing-to-ensure-singapore-s-cyber-resilience
Fortinet acquires security automation provider CyberSponse
https://www.zdnet.com/article/fortinet-acquires-security-automation-provider-cybersponse/#ftag=RSSbaffb68
Microsoft delivers first Windows 10 Fast Ring build from its new development branch
https://www.zdnet.com/article/microsoft-delivers-first-windows-10-fast-ring-build-from-its-new-development-branch/#ftag=RSSbaffb68
McAfee Considers Purchase of NortonLifeLock: Report
https://www.bankinfosecurity.com/mcafee-considers-purchase-nortonlifelock-report-a-13488
Mozilla: Firefox Add-On Developers Must Use 2FA
https://www.bankinfosecurity.asia/mozilla-firefox-add-on-developers-must-use-2fa-a-13511
Google Offers Financial Support to Open Source Projects for Cybersecurity
https://thehackernews.com/2019/12/google-open-source-projects.html
G.政府
國安局裁撤公開情報中心 臉書網路社群監控移轉第四處
https://news.ltn.com.tw/news/politics/breakingnews/3007703
H.ICS/SCADA 工控系統
Schneider Electric SoMachine Basic和Schneider Electric Modicon M221授權問題漏洞
https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01/
Siemens SPPA-T3000反序列化不受信任數據漏洞
https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
Flaws in Siemens SPPA-T3000 control system expose power plants to hack
https://securityaffairs.co/wordpress/95092/ics-scada/siemens-sppa-t3000-flaws.html
工控資安標準 IEC 62443 認驗證機制:ISA Secure scheme 篇
https://secbuzzer.co/post/131
電影駭客交鋒中工控那些事
http://www.gzkjwb.com/5bd66/12643.html
施耐德修復了Modicon 和EcoStruxure 產品中的DoS 漏洞
http://hackernews.cc/archives/28817
工控系統面臨數位轉型 工業物聯網資安風險日增
https://www.chtsecurity.com/news/b2db79d5-eddd-4667-89b9-d054c77251b1
WAGO PLC中的多個漏洞風險通告
https://www.venustech.com.cn/article/1/10845.html
工業製程轉型,工控資安也要轉型
https://secbuzzer.co/post/92
製造智慧化風險大增 資安意識提升刻不容緩
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000575148_YDE2DMT43GXJA6996JXLP
西門子SPPA-T3000工控系統曝數十個漏洞,全球大規模斷電一觸即發
https://kknews.cc/tech/zyv4ozp.html
I.教育訓練
資訊安全分析師在做什麼
https://event.1111.com.tw/careermaster/detail/140404?agent=out_hiwork_outlink
How a build log from a Jenkins leaked everything
https://medium.com/@aseem.shrey/mind-your-logs-how-a-build-log-from-a-jenkins-leaked-everything-603cf07fa85
使用Ghidra P-Code進行輔助逆向分析
http://bit.ly/34iHl7L
駭客自首:極惡網路攻擊的內幕技巧
https://www.books.com.tw/products/0010842697?loc=P_0001_011
Kali Linux 滲透測試工具|花小錢做資安,你也是防駭高手
https://www.tenlong.com.tw/products/9789865023584?list_name=i-r-zh_tw
駭客自首:極惡網路攻擊的內幕技巧
https://www.books.com.tw/products/0010842697?loc=P_0001_011
【Raspberry-Pi】Raspberry-Pi 4 的安裝過程
https://william-weng.github.io/2019/12/08/raspberry-pi-helloworld/
在 Kubernetes Engine 中部署 Jenkins 並以之實作持續交付
http://bit.ly/2qSZjA2
React Conf 2019 | 筆記
http://bit.ly/2sxuEZn
108 年特種考試地方政府公務人員考試試題 資訊管理與資通安全
https://info.public.com.tw/prog/gavin/reference/rfile/FD-20191215173840-DKN.pdf
Where Do I Start Studying for the CISSP
https://www.studynotesandtheory.com/single-post/Where-Do-I-Start-Studying-for-the-CISSP
Design science research — a short summary
https://bigdatafinance.tw/index.php/tech/1334-design-science-research-a-short-summary
Docker For Pentesting And Bug Bounty Hunting
https://www.youtube.com/watch?v=5G6tA8Q9AuQ&
Extracting Information from a Phone Number using OSINT Tool
https://www.peerlyst.com/posts/extracting-information-from-a-phone-number-using-osint-tool-irfan-shakeel
Stories of a CISSP: SNMP Monitoring
https://www.studynotesandtheory.com/single-post/Stories-of-a-CISSP-SNMP-Monitoring
Do certificates help your cybersecurity career
https://www.peerlyst.com/posts/do-certificates-help-your-cybersecurity-career-kimberly-crawley
樹莓派之學習 OpenWrt 的世界
http://www.sandal.tw/article.php?id=7
Interview with Cyber Threat Specialist, John Modica
https://medium.com/@dmferreira/interview-with-cyber-threat-specialist-john-modica-d3708b235207
Kali Linux & Metasploit: Getting Started with Pentesting by Nicholas Handy
https://hakin9.org/kali-linux-metasploit-getting-started-with-pentesting/
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
2019年底將發布多款物聯網資安標章合格產品
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000574896_3TQ7559OLICSYK51QG9OX
FBI警告筆電不應和物聯網裝置共用Wi-Fi網路
https://www.ithome.com.tw/news/134813
卡巴斯基 Cyber Insights 2019 工業4.0智慧製造資安論壇:資安無人可置身事外
http://bit.ly/35mwcnJ
打造你的 AI 資安鑑識專家:ALBL 仲裁技術演算法 (以 KDD99 為例)
https://secbuzzer.co/post/68
獨自在家突然有人跟你講話? 可能被駭客入侵了
https://udn.com/news/story/7088/4227116?from=udn-catelistnews_ch2
「嗨,我是聖誕老公公」:駭客入侵監控攝影機 Amazon Ring,與美國女童遠端對話
https://www.inside.com.tw/article/18365-hacker-accesses-ring-camera-in-little-girls-bedroom-to-tell-her-hes-santa
宛如恐怖片 駭客入侵監視器跟孩童說"hello"智慧型監視器遭駭客入侵 全美各地傳案例
http://bit.ly/2RWphO3
智能電視可成駭客目標 監聽監視盜取私人信息
https://www.ntdtv.com/b5/2019/12/14/a102729100.html
騙過登機、支付系統!AI新創用擬真面具和照片,破解臉部辨識技術
https://www.bnext.com.tw/article/55917/airport-store-facial-recognition-systems-fooled
企業在物聯網技術應用下可能面對之風險管理議題
https://money.udn.com/money/story/5640/4229048
360安全團隊為奔馳修復了19個智能網聯汽車有關的潛在漏洞
https://kknews.cc/car/95qako5.html
信通院發布《2019互聯網設備-智能音箱安全白皮書》 90%產品未採用加密存儲芯片
https://tech.sina.com.cn/roll/2019-12-19/doc-iihnzahi8670308.shtml
Artificial Intelligence to be Used for Charting, Intel Collection
https://www.defense.gov/explore/story/Article/2040031/artificial-intelligence-to-be-used-for-charting-intel-collection/f
AI helps discover new geoglyph in the Nazca Lines
https://www.theverge.com/2019/11/19/20970578/nazca-lines-ai-machine-learning-143-new-geoglyphs-ibm-japan-yamagata-university
Machine learning opens up new worlds for developers
https://www.zdnet.com/article/machine-learning-means-expanded-job-roles-for-developers/#ftag=RSSbaffb68
'Learning' is still the operative word in machine learning initiatives
https://www.zdnet.com/article/learning-is-still-the-operative-word-in-machine-learning-initiatives/#ftag=RSSbaffb68
Study: IoT Devices Have Alarmingly Weak RSA Keys
https://www.bankinfosecurity.asia/study-iot-devices-have-alarmingly-weak-rsa-keys-a-13510
6.近期資安活動及研討會
openSUSE Taiwan Year End Party 2019 2019/12/22
https://opensuse-tw.kktix.cc/events/year2019
若渴計畫 (台南場):徵求分享 X vpn X 新聞討論 2019/12/22
https://www.facebook.com/events/1380942692079977/
雲端與物聯網世代DDoS防護之道,新的資安觀念、新的防護工具,實務案例分析 12/26
https://www.techbang.com/posts/75046-course-ddos
Japan Security Analyst Conference
https://jsac.jpcert.or.jp/
2020核果資訊冬季班 Python 程式語言 (Level 1) 1/22~ 2/13
https://www.accupass.com/event/1911150442131985092910
PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world
制御システムセキュリティカンファレンス 2020 2020年2月14日
https://www.jpcert.or.jp/event/ics-conference2020.html
沒有留言:
張貼留言