資安事件新聞週報 2019/12/9 ~ 2019/12/13
1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco DNA Spaces:Connector SQL注入漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-dna-sqlinjection
Cisco 指控 Zoom Connector for Cisco 會造成嚴重資安漏洞
https://www.twcert.org.tw/tw/cp-104-3118-53912-1.html
IBM QRadar SIEM跨站脚本漏洞
https://www.ibm.com/support/pages/node/1103499
VMware ESXi 和 Horizon DaaS 發布安全更新
https://www.vmware.com/security/advisories/VMSA-2019-0022.html
DroneSense 現安全漏洞 警用無人機監視路線被公開
http://bit.ly/2RMjPxp
Google瀏覽器推出Chrome 79版!密碼遭盜用會發出警告 提醒進入網路釣魚網址
https://www.ettoday.net/news/20191211/1599471.htm
Chrome79問世,新增即時網釣保護,整合密碼外洩通知功能
https://ithome.com.tw/news/134761
Chrome now warns you if your password has been stolen
https://www.welivesecurity.com/2019/12/12/chrome-warnings-password-stolen/
谷歌緊急修復兩個嚴重的零日漏洞,Chrome用戶需盡快更新
https://www.freebuf.com/news/222816.html
OpenBSD多個嚴重認證繞過漏洞
https://www.4hou.com/vulnerable/21966.html
卡巴斯基透露有黑客同時利用Windows 10和Chrome零日漏洞發動攻擊
https://tech.sina.com.cn/roll/2019-12-12/doc-iihnzhfz5387740.shtml
New Linux Bug Lets Attackers Hijack Encrypted VPN Connections
https://thehackernews.com/2019/12/linux-vpn-hacking.html
Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD
https://thehackernews.com/2019/12/openbsd-authentication-vulnerability.html
HAProxy 'tcp-request content'緩衝區溢出漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1912
「軟帝學院」:研究人員:Java 的新漏洞被發現
https://kknews.cc/tech/8gag3pl.html
New vulnerability lets attackers sniff or hijack VPN connections
https://www.zdnet.com/article/new-vulnerability-lets-attackers-sniff-or-hijack-vpn-connections/#ftag=RSSbaffb68
騰訊Blade Team發現雲虛擬化平台逃逸漏洞
http://www.jifang360.com/news/2019127/n5731125165.html
微軟正計畫強制部分 Windows 10 用戶升級到最新 1909 版本
https://www.kocpc.com.tw/archives/296211
微軟Patch Tuesday列出36個安全漏洞
https://ithome.com.tw/news/134769
微軟發佈12月份安全性公告
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2019-Dec
https://support.microsoft.com/en-us/help/20191210/security-update-deployment-information-december-10-2019
December Patch Tuesday: Vulnerabilities in Windows components, RDP, and PowerPoint Get Fixes
https://blog.trendmicro.com/trendlabs-security-intelligence/december-patch-tuesday-vulnerabilities-in-windows-components-rdp-and-powerpoint-get-fixes/
Bypass discovered to allow Windows 7 Extended Security Updates on all systems
https://www.zdnet.com/article/bypass-discovered-to-allow-windows-7-extended-security-updates-on-all-systems/#ftag=RSSbaffb68
Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
https://blog.talosintelligence.com/2019/12/microsoft-patch-tuesday-dec-2019.html
Latest Microsoft Update Patches New Windows 0-Day Under Active Attack
https://thehackernews.com/2019/12/windows-zero-day-patch.html
Microsoft Security Essentials updates not included in Windows 7 ESU
https://www.zdnet.com/article/microsoft-security-essentials-updates-not-included-in-windows-7-esu/#ftag=RSSbaffb68
一個的時代終結,微軟Windows 10 Mobile全面終止更新
http://bit.ly/35cTKvk
2019年12月マイクロソフトセキュリティ更新プログラムに関する注意喚起
https://www.jpcert.or.jp/at/2019/at190046.html
不再提供安全更新 Windows 10 Mobile將於12/10後正式步入歷史
https://udn.com/news/story/11017/4215856
CVE-2019-9512 – A MICROSOFT WINDOWS HTTP/2 PING FLOOD DENIAL OF SERVICE
https://www.thezdi.com/blog/2019/12/4/cve-2019-9512-a-microsoft-windows-http2-ping-flood-denial-of-service
Vulnerability Spotlight: Two vulnerabilities in RDP for Windows 7, XP
https://blog.talosintelligence.com/2019/12/vuln-spotlight-RDP-Dec-19.html
Windows 7壽命倒數計時,微軟對其「臨終關懷」也只剩一個月了
https://www.techbang.com/posts/74928-win7-countdown-microsofts-hospice-care-is-only-a-month-away
預警!Windows BlueKeep RDP來了
https://www.4hou.com/system/22078.html
IBM Cloud Pak System Platform System Manager 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4521
IBM WebSphere Application Server 多個漏洞
https://www.ibm.com/support/pages/node/1127397
Android內核防禦學習——CVE-2014-3153分析
https://xz.aliyun.com/t/6907
Adobe Releases Patches for 'Likely Exploitable' Critical Vulnerabilities
https://thehackernews.com/2019/12/adobe-software-update.html
Adobe patches 17 critical code execution bugs in Photoshop, Reader, Brackets
https://www.zdnet.com/article/adobe-patches-17-critical-code-execution-bugs-in-photoshop-reader-brackets/#ftag=RSSbaffb68
Vulnerability Spotlight: Information leak vulnerability in Adobe Acrobat Reader
https://blog.talosintelligence.com/2019/12/vuln-spotlight-Adobe-Acrobat-JS-leak.html
Vulnerability Spotlight: Multiple vulnerabilities in LEADTOOLS software
https://blog.talosintelligence.com/2019/12/vuln-spotlight-multiple-leadtools-dec-2019.html
部分英特爾CPU存在Plundervolt漏洞,駭客可透過操縱電壓來偷取敏感資料
https://www.ithome.com.tw/news/134758
CloudBees Jenkins跨站脚本漏洞
https://www.cloudbees.com/jenkins-security-advisory-2012-09-17
Vulnerability Spotlight: Two vulnerabilities in EmbedThis GoAhead
https://blog.talosintelligence.com/2019/12/vulnerability-spotlight-EmbedThis-GoAhead.html
安全研究人員發現亞馬遜上銷售的兒童智能手錶存在嚴重安全漏洞
https://www.cnbeta.com/articles/tech/920535.htm
美國網絡安全機構調查 3 款中國製兒童智能手錶或成黑客追蹤對象
http://bit.ly/36xQs5Q
Samba 產品存在多個安全性弱點
https://www.samba.org/samba/security/CVE-2019-14870.html
https://www.samba.org/samba/security/CVE-2019-14861.html
adobe 已發布安全更新以解決多個產品中的弱點
https://www.us-cert.gov/ncas/current-activity/2019/12/10/adobe-releases-security-updates
Intel 近日發布更新以解決多個產品中的弱點
https://www.us-cert.gov/ncas/current-activity/2019/12/10/intel-releases-security-updates
Openfind Mail2000 存在多個安全性弱點
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15073
Apple 發布多個安全更新
https://support.apple.com/zh-tw/HT201222
Huawei Nova 5i pro和Nova 5數組下標校驗不當漏洞
https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191120-01-smartphone-cn
phpMyAdmin SQL注入漏洞
https://www.phpmyadmin.net/security/PMASA-2019-5/
McAfee Client Proxy身份驗證繞過漏洞
https://kc.mcafee.com/corporate/index?page=content&id=SB10305
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
林國良:金融數位落差驚人 這單位最嚴重
https://ec.ltn.com.tw/article/breakingnews/2972920
迎接金融科技/林國良:資料交換 架高速公路
https://koin.kcg.gov.tw/?p=2322
銀行公會 舉行金融資安聯防教育訓練研討會
https://www.chinatimes.com/realtimenews/20191211004360-260410?chdtv
千萬美金都假的!台灣最大偽鈔集團落網
http://bit.ly/2sc0jzK
值台幣3.3億!印刷廠學徒「國中畢業」變偽鈔大師 竟騙過驗鈔機
https://www.ettoday.net/news/20191207/1596328.htm
一堂百億的金融課:系統更新引風暴 南山人壽轉型啟示錄
https://www.cmmedia.com.tw/home/articles/18863
中介管理漏洞多 中國大陸地區交易所重罰5家券商
http://finance.eastmoney.com/a/201912071316176019.html
中國大陸多家金融APP被下架整改銀行紛紛發聲明回應
https://3g.163.com/money/article/EVUSKFRA002580S6.html
LINE Bank開出20職缺 力拚明年第二季開業
https://www.yes123.com.tw/admin/aboutwork/article.asp?w_id=16680
LINE資安團隊任務分工首度在臺公開
https://www.ithome.com.tw/news/134689
Open Bank箭在弦上 美商鄧白氏助台解決資安風險
https://money.udn.com/money/story/5636/4217871
純網銀上路 資安業者:為駭客帶來新機會
https://www.cna.com.tw/news/ait/201912110116.aspx
財團法人金融聯合徵信中心「109年度防火牆設備與資安管理設備維護案」
https://www.jcic.org.tw/main_ch/docDetail.aspx?uid=71&pid=71&docid=1133
對抗針對金融機構的駭侵攻擊,衣索比亞暫時斷網
https://www.twcert.org.tw/tw/cp-104-3123-b6ea4-1.html
網路犯罪集團覬覦的銀行與金融業
https://blog.trendmicro.com.tw/?p=62446
There’s an app for that: web skimmers found on PaaS Heroku
https://blog.malwarebytes.com/web-threats/2019/12/theres-an-app-for-that-web-skimmers-found-on-paas-heroku/
European Money Mule Action (EMMA 5) leads to 228 Arrests Posted on 05/12/2019
https://www.association-secure-transactions.eu/european-money-mule-action-emma-5-leads-to-228-arrests/
Cloud Security and Artificial Intelligence in the Financial Sector
https://securingtomorrow.mcafee.com/blogs/other-blogs/executive-perspectives/cloud-security-and-artificial-intelligence-in-the-financial-sector/
Hackers steal credit card details from Sweaty Betty customers
https://hotforsecurity.bitdefender.com/blog/hackers-steal-credit-card-details-from-sweaty-betty-customers-21888.html
Hundreds of counterfeit online shoe stores injected with credit card skimmer
https://blog.malwarebytes.com/threat-analysis/2019/12/hundreds-of-counterfeit-online-shoe-stores-injected-with-credit-card-skimmer/
Huge set of Turkish banks’ cards on sale on dark net marketplace
https://www.group-ib.com/media/turkish-banks-cards/
3.電子支付/電子票證/行動支付/ pay/新聞及資安
支付寶安全實驗室發佈最新安全技術 獲全球頂級黑帽大會認可
https://news.sina.com.tw/article/20191212/33643486.html
人臉辨識遭印刷面具破解 中國海關.支付系統存漏洞
http://bit.ly/2LQEFrE
4.虛擬貨幣/區塊鍊相關新聞及資安
區塊鏈漏洞:如何降低安全風險
https://0xzx.com/201912061710400590.html
只投加密貨幣的基金將消亡?投資者仍未放棄對區塊鏈的探索
https://news.knowing.asia/news/72b89b00-613b-4f86-b718-9307d5cbf209
開放原始碼就代表硬體錢包已升級?讓我們從風險開始談起
https://news.knowing.asia/news/6119c503-523b-447d-8932-6880892806fb
MakerDAO系統存在安全漏洞?Maker方面如此回應
https://news.knowing.asia/news/e40262fa-610f-4b55-8152-6f050e223804
Mac 惡意軟體隱藏在電腦,偽裝成加密貨幣交易程式 UnionCryptoTrade 疑似來自北韓駭客
https://www.blocktempo.com/new-mac-malware-hides-in-memory-and-masquerades-as-a-crypto-app/
台電內鬼爽收491萬回扣 助挖礦業者竊電!三點看懂到底什麼是「挖礦」
https://news.knowing.asia/news/eb443f14-d97e-42a0-90da-7f87e80b3ee8
數字貨幣投資詐欺 Shopin執行長被定罪
https://www.ntdtv.com/b5/2019/12/13/a102728421.html
國際駭客團體「匿名者」7,500 萬美元比特幣基金最新進度:「所有項目都已經投資完畢。」
https://www.blocktempo.com/mysterious-bitcoin-fund-completes-75m-donation-to-preserve-privacy/
FinTech金融科技創新 「區塊鏈/加密貨幣」投資正夯
http://n.yam.com/Article/20191212134412
基因嗨寶:區塊鏈+寵物養成,這款遊戲帶你入門區塊鏈|創業
http://bit.ly/2PgGdNx
Shopin founder charged by SEC for running $42 million scam cryptocurrency ICO
https://www.zdnet.com/article/shopin-founder-charged-by-sec-for-running-scam-cryptocurrency-ico/#ftag=RSSbaffb68
DoJ arrests Ponzi operators planning to retire ‘RAF’ through cryptocurrency scam
https://www.zdnet.com/article/doj-arrests-ponzi-operators-planning-to-retire-raf-through-cryptocurrency-scam/#ftag=RSSbaffb68
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
美國資料中心供應商CyrusOne也成勒索軟體受害者
https://www.ithome.com.tw/news/134717
利用IQY(Excel Web Query)文件分發,Buran勒索病毒又出新變種
https://www.freebuf.com/articles/system/220725.html
北韓駭客發展出Mac版無檔案攻擊程式手法
https://www.ithome.com.tw/news/134748
Sfone蠕蟲分析之看片需謹慎
https://www.freebuf.com/articles/system/221420.html
Emsisoft:付費的Ryuk解密工具可能造成資料遺失
https://www.ithome.com.tw/news/134749
警惕會“說話”的新型迷宮勒索病毒
https://www.freebuf.com/articles/terminal/221517.html
MacOs 危險!新木馬病毒可隱藏在內存並偽裝成加密應用程式
http://bit.ly/38pfMwV
警惕SODINOKIBI勒索病毒再變種,勒索巨額贖金
https://www.freebuf.com/articles/terminal/221845.html
2019年全球十大流行勒索病毒
https://www.freebuf.com/articles/system/222029.html
企業感染惡意軟件的處理建議
https://www.freebuf.com/articles/security-management/220758.html
CrySiS勒索病毒最新變種來襲,加密後綴為kharma
https://www.freebuf.com/articles/system/221128.html
勒索軟體將電腦以安全模式重開機以躲過防毒偵測
https://www.ithome.com.tw/news/134771
Windows與Linux雙平台無文件攻擊:PowerGhost挖礦病毒最新變種感染多省份
https://www.freebuf.com/articles/system/219715.html
PyXie RAT 木馬惡意程式被用來竊取密碼並散布勒索病毒
https://www.zdnet.com/article/this-trojan-malware-is-being-used-to-steal-passwords-and-spread-ransomware/
CallerSpy 行動間諜軟體,偽裝聊天APP竊個資,可能發動針對性攻擊
https://blog.trendmicro.com.tw/?p=62851
Ginp銀行木馬使用螢幕覆蓋攻擊,竊取帳密和信用卡資料
https://blog.trendmicro.com.tw/?p=62820
New Zeppelin Ransomware Targeting Tech and Health Companies
https://thehackernews.com/2019/12/zeppelin-ransomware-attacks.html
Caution! Ryuk Ransomware decryptor damages larger files, even if you pay
https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/
Snatch ransomware reboots PCs into Safe Mode to bypass protection
https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/
FBI Puts $5 Million Bounty On Russian Hackers Behind Dridex Banking Malware
https://thehackernews.com/2019/12/dridex-russian-hackers-wanted-by-fbi.html
ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector
https://thehackernews.com/2019/12/zerocleare-data-wiper-malware.html
Cyber News Rundown: ZeroCleare Malware
https://www.webroot.com/blog/2019/12/06/cyber-news-rundown-zerocleare-malware/
Ryuk ransomware contains a bug causing data loss for some victims
https://www.zdnet.com/article/ryuk-ransomware-contains-a-bug-causing-data-loss-for-some-victims/#ftag=RSSbaffb68
East Greenwich town computers fall victim to ‘ransomware’ attack
https://www.wpri.com/news/local-news/west-bay/east-greenwich-town-computers-fall-victim-to-cyber-attack/
マルウエア Emotet の感染に関する注意喚起
https://www.jpcert.or.jp/at/2019/at190044.html
マルウエアEmotetへの対応FAQ
https://blogs.jpcert.or.jp/ja/2019/12/emotetfaq.html
Reveton ransomware schemer stripped of six years of freedom, £270,000, and a Rolex
https://www.zdnet.com/article/reveton-ransomware-operator-stripped-of-six-years-of-freedom-270000-and-a-rolex/#ftag=RSSbaffb68
Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus
https://thehackernews.com/2019/12/snatch-ransomware-safe-mode.html
Snatch ransomware reboots PCs in Windows Safe Mode to bypass antivirus apps
https://www.zdnet.com/article/snatch-ransomware-reboots-pcs-in-windows-safe-mode-to-bypass-antivirus-apps/#ftag=RSSbaffb68
Snatch ransomware reboots PCs into Safe Mode to bypass protection
https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/
MalwinX: A framework for learning Malware and win32 functions
http://securityviacode.in/view_article/+MalwinX:+A+framework+for+learning+Malware+and+win32+functions
TrickBot Campaign Uses Fake Payroll Emails to Conduct Phishing Attacks
https://unit42.paloaltonetworks.com/trickbot-campaign-uses-fake-payroll-emails-to-conduct-phishing-attacks/
New ransomware attacks target your NAS devices, backup storage
https://www.zdnet.com/article/new-ransomware-attack-targets-your-nas-devices-backup-storage/#ftag=RSSbaffb68
Reveton ransomware schemer stripped of six years of freedom, £270,000, and a Rolex
https://www.zdnet.com/article/reveton-ransomware-operator-stripped-of-six-years-of-freedom-270000-and-a-rolex/#ftag=RSSbaffb68
Sodinokibi ransomware gang infects yet another IT provider serving dentists; 100+ offices hit
https://hotforsecurity.bitdefender.com/blog/sodinokibi-ransomware-gang-infects-yet-another-it-provider-serving-dentists-100-offices-hit-21881.html
‘Professional’ ransomware gang targets 1,800 large organizations worldwide, Dutch investigators find
https://hotforsecurity.bitdefender.com/blog/professional-ransomware-gang-targets-1800-large-organizations-worldwide-dutch-investigators-find-21837.html
Attackers now use process hollowing to hide cryptocurrency miners on your PC
https://www.zdnet.com/article/monero-miners-can-lurk-undetected-through-new-process-hollowing-technique/#ftag=RSSbaffb68
(Almost) Hollow and Innocent: Monero Miner Remains Undetected via Process Hollowing
https://blog.trendmicro.com/trendlabs-security-intelligence/almost-hollow-and-innocent-monero-miner-remains-undetected-via-process-hollowing/
B.行動安全 / iPhone / Android /穿戴裝置 /App
抖音頻被質疑!下週赴華府見國會議員
http://bit.ly/2LBVfv6
Android爆安全漏洞 黑客冒合法程式竊資料
http://bit.ly/38nok7h
挪威安全公司在Android上發現了一個漏洞,允許黑客訪問用戶的錢包
https://0xzx.com/201912070436401520.html
iPhone 11 Pro 偷偷蒐集定位資訊?Apple :未來禁用該超寬頻功能
https://cnews.com.tw/137191209a04/
蘋果用千禧年著作權法要推特刪 iPhone加密文 引起眾怒
https://www.ettoday.net/news/20191212/1600492.htm
修復超過10項漏洞!蘋果推出iOS 13.3版本更新
https://newtalk.tw/news/view/2019-12-11/339003
AirDrop遭爆「超煩人」漏洞 攻擊者可不停發送垃圾訊息讓對方設備無法使用
https://www.ettoday.net/news/20191211/1599651.htm
專家展示利用 AirDrop 對周遭 iPhone、iPad 進行 DoS 攻擊的方法
https://www.twcert.org.tw/tw/cp-104-3127-d22f4-1.html
15 個防止智能手機被駭的方法
https://www.techritual.com/2019/12/11/193784/
臉書公開拒絕開啟傳訊程式後門供政府使用
https://ithome.com.tw/news/134770
從SIM卡劫持到不良決策:非公共網路內的5G威脅及安全建議
https://blog.trendmicro.com.tw/?p=62709
The Role of Evil Downloaders in the Android Mobile Malware Kill Chain
https://securityintelligence.com/posts/the-role-of-evil-downloaders-in-the-android-mobile-malware-kill-chain/
Dangerous Android Vulnerability that Lets Attackers Steal Sensitive Data Found in Wild
https://hotforsecurity.bitdefender.com/blog/dangerous-android-vulnerability-that-lets-attackers-steal-sensitive-data-found-in-wild-21856.html
Lawsuit alleges TikTok sends user videos to Chinese servers for surveillance
https://hotforsecurity.bitdefender.com/blog/lawsuit-alleges-tiktok-sends-user-videos-to-chinese-servers-for-surveillance-21847.html
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
商務人士自我保護、避免資安攻擊的10個方法:下篇
https://tuna.to/information-security-2-9f08402c9d72
10 個自我保護、避免駭侵攻擊的方法(下篇)
http://bit.ly/35gK430
駭客入侵你Linux服務器的一萬種玩法
https://ek21.com/news/tech/164346/
駭客天涯若比鄰 標章產品保安心
https://www.chinatimes.com/newspapers/20191210000486-260210?chdtv
誕生於麻省理工:黑客曾是編程高手的代名詞
https://kknews.cc/tech/najapo2.html
你的電腦安全嗎?專家分析:明年三大資安風險強勢來襲
https://newtalk.tw/news/view/2019-12-11/339002
量子電腦破解公鑰加密倒數 15 年!台灣企業如何 100% 備戰資安危機
https://buzzorange.com/techorange/2019/12/11/quantum-computing-tech-forum/
滲透測試服務前期對客戶網站APP的信息收集分享
https://www.admin5.com/article/20191209/936982.shtml
悠遊卡娃娃機台有漏洞 他用這招免費夾娃娃1萬次
https://tw.news.appledaily.com/local/realtime/20191210/1675244/
趨勢科技公佈2020年資安年度預測報告 三大威脅挑戰重重
https://www.chinatimes.com/realtimenews/20191211002366-260412?chdtv
駭客串連Windows與Chrome漏洞以執行WizardOpium攻擊
https://www.ithome.com.tw/news/134767
更多影音服務將報到?駭客從程式碼挖出大批特斯拉未上線的娛樂頻道
http://bit.ly/36qeHmE
北韓駭侵印度核能電廠,目的為竊取放射性釷核能科技
http://bit.ly/2Podmpm
美軍基地槍擊案後 佛州彭薩科拉市網路遭駭
https://www.cna.com.tw/news/aopl/201912100027.aspx
警方查抄裝載駭客工具的監視車
https://ek21.com/news/tech/164591/
朴敘俊Youtube賬號被駭客入侵 過往影片全數慘遭刪除
https://www.koreastardaily.com/tc/news/122531
傑尼斯官網驚爆被駭客入侵! 「LOGO被換掉+發出怪聲」連APP都遭殃
https://star.ettoday.net/news/1600850
智慧門鈴保全系統Ring在四州傳出遭駭客入侵
http://bit.ly/36BngLD
女兒房監視器傳「陌生男唱歌罵髒話」...媽嚇歪!大廠Ring爆安全問題
https://www.ettoday.net/news/20191213/1600987.htm
《Special Force 2》伺服器受駭客攻擊導致玩家資料全數消失 現正研擬相關補償方案
https://gnn.gamer.com.tw/detail.php?sn=189673
黑客入侵 喇沙小等3校泄師生資料 出事校管系統教局提供 姓名地址出世紙號碼或被盜
http://bit.ly/351TFdG
駭客釋出工具以免費使用Windows 7的延伸安全更新、這個工具顯然是違法!另一個選擇就是免費升級到Windows 10
https://www.insoler.com/forum/topic/15759876824511.htm
法國電商平台曝稅務大漏洞 華商需註意按規納稅
http://www.hkcna.hk/content/2019/1210/798298.shtml
部分英特爾CPU存在Plundervolt漏洞,駭客可透過操縱電壓來偷取敏感資料
https://www.ptt.cc/bbs/PC_Shopping/M.1576065234.A.1C8.html
英國核發電廠遭受網絡攻擊,疑似法國電力公司受影響
https://www.freebuf.com/articles/system/221713.html
日海上保安廳憂資安 禁中製無人機
https://ec.ltn.com.tw/article/paper/1337972
中國2前員工竊無人車機密 蘋果憂恐潛逃
https://tw.news.appledaily.com/international/realtime/20191210/1675266/
中共「網路大炮」 欲癱瘓香港抗爭者輿論陣地|中國一分鐘
http://bit.ly/36hS8AA
近日發現「網路巨砲」,針對香港線上論壇發動 DDoS 攻擊
https://www.twcert.org.tw/tw/cp-104-3143-07e7e-1.html
洩露「中國電文」揭新疆慘況卻飽受威脅 荷籍維吾爾女子曝光身分:我必須冒險
https://www.storm.mg/article/2045925
俄羅斯Evil Corp犯罪組織被指控竊取超過1億美元
https://www.freebuf.com/news/222194.html
俄駭客網路竊取數千萬美元 在美被起訴
http://mobile.chinesedaily.com/plus/view.php?aid=401122
中美漸行漸遠!陸公家機構將耗時3年剷除外國PC、軟體
https://www.moneydj.com/KMDJ/News/NewsViewer.aspx?a=7dd4a27b-9064-4b76-ae2c-90eb690d8a43
中國下令公家機關3年內換掉外國軟硬體 微軟、惠普、戴爾中槍
https://www.cmmedia.com.tw/home/articles/18920
美《國防授權法》協商版 加強與臺資安、軍事合作
https://www.ydn.com.tw/News/363426
美起訴俄羅斯情治官員與駭客 卻難以遏制莫斯科食髓知味
https://newtalk.tw/news/view/2019-12-13/339964
美國會推法案預防政府退出北約 特朗普曾批北約
https://news.sina.com.tw/article/20191213/33650652.html
OTT恐替中共宣傳 立委:政府應解決
http://bit.ly/34ixL4Z
長期休暇に備えて 2019/12
https://www.jpcert.or.jp/newsflash/2019120501.html
McAfee Labs 2020 Threats Predictions Report
https://securingtomorrow.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-labs-2020-threats-predictions-report/
Download: The 2020 Cybersecurity Salary Survey Results
https://thehackernews.com/2019/12/cybersecurity-jobs-salary.html
Hackers Can Mess With Voltages to Steal Intel Chips' Secrets
https://www.wired.com/story/plundervolt-intel-chips-sgx-hack/
New PlunderVolt Attack Targets Intel SGX Enclaves by Tweaking CPU Voltage
https://thehackernews.com/2019/12/intel-sgx-voltage-attack.html
Hackers breach top plastic surgery clinic
https://www.bbc.com/news/technology-41735104
Dark Web: A cheat sheet for business professionals
https://www.techrepublic.com/article/dark-web-the-smart-persons-guide/?ftag=CMG-01-10aaa1b
Russian Police Raided NGINX Moscow Office, Detained Co-Founders
https://thehackernews.com/2019/12/nginx-copyright-rumbler.html
Russian police raid NGINX Moscow office
https://www.zdnet.com/article/russian-police-raid-nginx-moscow-office/#ftag=RSSbaffb68
Cybersecurity: This password-stealing hacking campaign is targeting governments around the world
https://www.zdnet.com/article/cybersecurity-this-password-stealing-hacking-campaign-is-targeting-governments-around-the-world/
Two of China's largest tech firms are uniting to create a new 'domestic OS'
https://www.zdnet.com/article/two-of-chinas-largest-tech-firms-are-uniting-to-create-a-new-domestic-os/#ftag=RSSbaffb68
櫃買中心招新進人員 即日起受理報名
https://www.1111.com.tw/zone/school_fresh/article_In.asp?artCat=3&id=130796&agent=out_Epaper25_school_fresh2019121114post08
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
詐團先扮假警 再變身銀行員 謊稱退詐款實則詐空帳戶
https://times.hinet.net/news/22686663
iPhone 11未經同意收集用戶位置數據?蘋果掃隱私疑雲稱:新功能惹禍
https://www.bnext.com.tw/article/55815/iphone-11-is-requesting-location-data-without-permission
大陸網上公開販賣人臉數據 信息疑遭洩露
https://hk.epochtimes.com/news/2019-12-06/55052253
當中共掌握你的長相——黑色產業鏈賤賣臉孔數據
https://opinion.udn.com/opinion/story/120611/4215597
被駭還是遭洩 英調查與美貿易機密文件外流疑雲
https://www.cna.com.tw/news/aopl/201912090069.aspx
美國入出境人臉辨識面臨諸多挑戰且招致隱私侵犯與資安風險疑慮
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000574035_M22144172X6G83680SZ7N
網詐案飆升 年末網購季警3招籲防詐
https://udn.com/news/story/7315/4217353
75萬筆的美國出生證明申請書在AWS上曝光
https://www.ithome.com.tw/news/134734
駭客快速AI化 怎麼提升資安意識技術應用 防堵竊取個資
https://www.zi.media/@zitalkpw/post/LKcGa2
這些謠言你聽過了嗎?LINE TODAY 公布 2019 前十大謠言
https://saydigi-tech.com/2019/12/16189.html
網路謠言滿天飛 「毒熱狗」話題驚悚LINE破65萬人瀏覽
https://www.chinatimes.com/realtimenews/20191213002052-260412?chdtv
《BEC 變臉詐騙 》多了個「s」, 騙走一百萬美元
https://blog.trendmicro.com.tw/?p=62891
數十萬張美國手機用戶帳單曝露在網路上,全無保護
https://www.twcert.org.tw/tw/cp-104-3121-0567a-1.html
El MINJUSDH inicia proceso administrativo sancionador al BCP
https://www.gob.pe/institucion/minjus/noticias/70447-el-minjusdh-inicia-proceso-administrativo-sancionador-al-bcp
Facebook Sued Hong Kong Firm for Hacking Users and Ad Fraud Scheme
https://thehackernews.com/2019/12/facebook-account-hacking.html
A Saudi Telecom Exposed a Streaming List of GPS Locations
https://www.vice.com/en_us/article/3kxxe9/saudi-telecom-stcs-exposed-gps-locations
Cyberattack cripples city of Pensacola, officials not sure if personal data was exposed
https://www.pnj.com/story/news/2019/12/09/city-pensacola-currently-experiencing-cyber-attack-mayor-says/2629993001/
Fake news probe in Brazil exposes "Office of Hate" within government
https://www.zdnet.com/article/fake-news-probe-in-brazil-exposes-office-of-hate-within-government/#ftag=RSSbaffb68
Microsoft to help Office 365 customers track entire phishing campaigns, not just lone emails
https://www.zdnet.com/article/microsoft-to-help-office-365-customers-track-entire-phishing-campaigns-not-just-lone-emails/#ftag=RSSbaffb68
2.7 billion email addresses exposed online, more than 1 billion of them include passwords
https://www.comparitech.com/blog/information-security/2-7-billion-email-addresses-exposed-online/
BEC Scam Successfully Steals US$1 Million Using Look-alike Domains
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/bec-scam-successfully-steals-us-1-million-using-look-alike-domains
These are the worst hacks, cyberattacks, and data breaches of 2019
https://www.zdnet.com/article/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019/#ftag=RSSbaffb68
Unsecured AWS bucket exposes personal data of 750,000 U.S. residents
https://hotforsecurity.bitdefender.com/blog/unsecured-aws-bucket-exposes-personal-data-of-750000-u-s-residents-21895.html
Data leak exposes 750,000 birth certificate applications
https://www.welivesecurity.com/2019/12/10/data-leak-exposes-750000-birth-certificate-applications/
The quiet evolution of phishing
https://www.microsoft.com/security/blog/2019/12/11/the-quiet-evolution-of-phishing/
E.研究報告
網絡安全中的好,壞和醜陋
https://www.aurigasec.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-49
Platinum黑客組織攻擊分析
https://www.freebuf.com/articles/network/219741.html
CVE-2019-18276 :Bash 5.0 Patch 11 - SUID Priv Drop Exploit
https://paper.seebug.org/1093/
零信任+:邊界信任模型,零信任模型與零信任+淺談
https://www.freebuf.com/articles/es/220633.html
PHP安全之道3:常見漏洞和攻防
https://www.cnblogs.com/freephp/p/12001901.html
Windows 7即將停止支持:這款破解工具能繞過ESU審查三年免費升級
https://www.cnbeta.com/articles/tech/919161.htm
#黑客基礎學習| 利用模糊測試來挖掘邏輯漏洞
https://www.bilibili.com/read/cv4111138/
衛達信息:“動態防禦技術”—數字化網絡防護新突破
http://news.tom.com/201912/4684168997.html
如何寫出沒有安全漏洞的代碼?前微博安全研發負責人爲你揭祕
https://www.chainnews.com/zh-hant/articles/541068253715.htm
Windows COM 特權提升漏洞利用
https://www.77169.net/video/247035.html
代碼分析引擎CodeQL 初體驗
https://www.freebuf.com/articles/network/220497.html
Don’t break the Web:以 SmooshGate 以及 keygen 為例
https://blog.techbridge.cc/2019/11/30/smooshgate-and-keygen/
淺談滲透測試之前期信息蒐集
https://www.freebuf.com/articles/web/221242.html
老趙說安全系列:淺談數據安全和隱私保護
https://www.freebuf.com/articles/database/221056.html
Cacti:一套完整的網絡圖形化解決方案
https://www.freebuf.com/articles/network/221608.html
uTorrent被多個殺軟攔截,疑似捆綁推廣行為導致
https://www.freebuf.com/news/222454.html
2019第三季度網絡威脅分析
https://www.freebuf.com/articles/network/221640.html
如何使用ADSI接口和反射型DLL枚舉活動目錄
https://www.freebuf.com/articles/system/218855.html
冰蠍動態二進制加密WebShell基於流量側檢測方案
https://www.freebuf.com/articles/web/221241.html
深入分析一個Pwn2Own的優質Webkit漏洞
https://www.freebuf.com/vuls/221577.html
關於2020年的安全預測
https://www.freebuf.com/articles/network/220732.html
從Avast殺毒軟件發現價值5000美金的反射型XSS
https://www.freebuf.com/vuls/219686.html
安全小遊戲:尋找漏洞
https://www.freebuf.com/articles/web/221415.html
HAL:一款功能強大的硬件安全分析工具
https://www.freebuf.com/articles/terminal/221644.html
如何繞過PowerShell訪問限制並實現PowerShell代碼執行
https://www.freebuf.com/articles/system/218883.html
將MITRE ATT&CK模型應用於網絡設備
https://www.freebuf.com/articles/es/220628.html
揭秘美國網絡安全體系架構
https://www.freebuf.com/articles/network/221852.html
針對Steam平台的攻擊分析
https://www.freebuf.com/articles/network/218771.html
不傳之密:殺毒軟件開發,原理、設計、編程實戰
https://www.freebuf.com/articles/system/220061.html
Hack the box靶機實戰:Haystack
https://www.freebuf.com/articles/web/219163.html
一步一步學習某Json1.2.47遠程命令執行漏洞
https://xz.aliyun.com/t/6914
資安名詞:PUAs 非必要應用程式
https://blog.trendmicro.com.tw/?p=62874
インターネットガバナンスフォーラム参加記
https://blogs.jpcert.or.jp/ja/2019/12/post-4.html
VB2019 paper: A study of Machete cyber espionage operations in Latin America
https://www.virusbulletin.com/blog/2019/12/vb2019-paper-study-machete-cyber-espionage-operations-latin-america/
IT threat evolution Q3 2019
https://securelist.com/it-threat-evolution-q3-2019/95268/
25 Most Dangerous Software Errors List Shows SQL Injections Dropping in Frequency
https://hotforsecurity.bitdefender.com/blog/25-most-dangerous-software-errors-list-shows-sql-injections-dropping-in-frequency-21901.html
AVCLASS++: Yet Another Massive Malware Labeling Tool
https://github.com/malrev/avclassplusplus
Penta - Open Source All-In-One CLI Tool To Automate Pentesting
https://hakin9.org/penta-open-source-all-in-one-cli-tool-to-automate-pentesting/
Splunk Attack Range
https://github.com/splunk/attack_range
Discord Dll Hijacking, An Old Attack On A Popular Chat Application
https://medium.com/@AndrewRollins/discord-dll-hijack-cb77a6a288cf
Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium
https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/
F.商業
趨勢科技2020資安預測報告,3大關鍵要點迅速掌握
https://www.techbang.com/posts/74946-trend-micro-announces-2020-capital-forecast-report-three-key-points-quickly-mastered
騰訊發布“TSRC安全情報平台”, 打造安全情報共享生態
http://news.tom.com/201912/1449175803.html
勤業眾信聯合會計師事務所 排除資安、信心風險 AI助攻純網銀系統優勢
http://bit.ly/2LCpBh9
安碁資訊跨足泰國 啟用資安監控防護中心
http://pchome.megatime.com.tw/news/cat1/20191209/15758908997437718003.html
安碁資訊跨足泰國資安市場
http://bit.ly/2sVQBSa
安碁資訊(6690)結盟泰國SI業者DCS,跨足東南亞SOC資安服務
https://fnc.ebc.net.tw/FncNews/stock/108898
保護中小企業資安 關貿防駭推月租型服務
https://money.udn.com/money/story/5635/4219075
網路安全風險增 TAICS積極推展物聯網標章產品
http://bit.ly/348apid
喚起產業意識 打造資安防護網
http://bit.ly/2RDv7nC
微軟:5大招提高網絡安全 防黑客盜取個人資料
http://bit.ly/2PrWJcA
防駭!關貿等三大領域龍頭攜手 推資安閘門防護服務
https://tw.nextmgz.com/realtimenews/news/485682
資安業大整併? 傳McAfee擬和NortonLifeLock合併
https://ec.ltn.com.tw/article/breakingnews/3004699
擺脫隱私爭議負面形象?FB積極發展產品「資安」保護系統
http://bit.ly/2qHaYSz
NEC資安防禦解決方案 FinTech Taipei 大放異彩
https://news.wearn.com/c400191.html
Google 宣布採用 feature drop 策略,讓你的 Pixel 性能持續升級
https://buzzorange.com/techorange/2019/12/11/google-feature-drop/
Google釋出Packet Mirroring服務可轉發雲端流量供用戶進行額外分析
https://www.ithome.com.tw/news/134762
Google為Messages加入驗證與垃圾訊息偵測功能
https://ithome.com.tw/news/134811
McAfee傳想與NortonLifeLock合併 若談成將是資安業近期最大案
https://www.ettoday.net/news/20191211/1599824.htm
So-net x Nexusguard 攜手合作,打造全新資安防禦服務
https://www.inside.com.tw/article/18355-so-net
VMware首度在臺介紹新一代K8s產品線Tanzu,臺灣市場先聚焦金融業
https://www.ithome.com.tw/news/134801
It’s Time to Rethink Vulnerability Management. Welcome to the Age of Attack Surface Management
https://www.riskiq.com/blog/external-threat-management/rethink-vulnerability-management/
HackerOne pays $20,000 bounty after breach of own systems
https://nakedsecurity.sophos.com/2019/12/09/hackerone-pays-20000-bounty-after-accidental-breach-of-own-systems/
NordVPN launches promised bug bounty program
https://www.zdnet.com/article/nordvpn-launches-promised-bug-bounty-program/#ftag=RSSbaffb68
Cybersecurity Trends 2020: Technology is getting smarter – are we
https://www.welivesecurity.com/2019/12/10/cybersecurity-trends-2020-technology-is-getting-smarter-are-we/
Get yourself a USB condom
https://www.zdnet.com/article/get-yourself-a-usb-condom/#ftag=RSSbaffb68
Don’t Forget to Pack a USB Condom When Traveling
https://hotforsecurity.bitdefender.com/blog/dont-forget-to-pack-a-usb-condom-when-traveling-21898.html
Fortinet acquires security automation provider CyberSponse
https://www.zdnet.com/article/fortinet-acquires-security-automation-provider-cybersponse/#ftag=RSSbaffb68
G.政府
唐鳳:假訊息應60分內澄清
https://udn.com/news/story/11322/4214161
如何對付網軍假訊息 政委唐鳳提出2方法
https://tw.news.appledaily.com/politics/realtime/20191211/1675803/
台美跨國網路攻防實兵演練 唐鳳:未來每年至少一次
https://times.hinet.net/news/22691755
唐鳳:台美資安演練常態化辦理
https://www.chinatimes.com/realtimenews/20191211002999-260407?chdtv
網軍帶風向 唐鳳:政府有必要在60分鐘內給予澄清
https://udn.com/news/story/6656/4213426
力保台灣數位競爭力!蔡英文宣布設「數位發展部」:突破性整合 5 大領域專門機關
https://buzzorange.com/2019/12/06/tsai-ing-wen-taiwan-satellites-space-industries/
建立「數位發展部門」是台灣關鍵政策,蔡英文在未來科技展打通台灣未來
https://buzzorange.com/techorange/2019/12/06/government-tech-department/
批蔡英文數位政策「又抄襲」 張善政酸:乾脆換我們執政不是更好
https://www.ettoday.net/news/20191206/1596219.htm
5G釋照競標今開跑 NCC關注未來資安風險
https://www.rti.org.tw/news/view/id/2044376
5G釋照起跑!陳耀祥:得標者要有獨立資安維護計畫
https://www.ettoday.net/news/20191210/1598509.htm
5G競標第一日今結束 暫時總得標金額267.74億元
https://www.wealth.com.tw/home/articles/23368
數位身分證系統建置招標文件出爐! 明年6月完成相關系統建置
https://ithome.com.tw/news/134747
台美數位論壇10聲明 5G資安合作將更緊密
https://www.cna.com.tw/news/afe/201912110201.aspx
NCC協同TTC辦理「5G垂直應用實證與資安策略國際趨勢論壇」剖析5G應用前景與規範以及資安之策略與布局
https://market.ltn.com.tw/article/7437
資安就是國安 美拉攏台灣防堵華為產品
https://udn.com/news/story/7238/4220664
美2020「國防授權法」增美台資安合作
http://www.epochtimes.com/b5/19/12/12/n11717845.htm
台美數位論壇10聲明 5G資安合作將更緊密
https://wp.taronews.tw/2019/12/11/555773/
成立數位部會 政院明年啟動組織調整盤點工作
https://www.rti.org.tw/news/view/id/2044663
唐鳳:成立數位發展部、數位發展委員會 研議中
https://www.chinatimes.com/realtimenews/20191211004726-260410?chdtv
政院成立專責數位部會 陳其邁:明年啟動研擬、組織調整
https://money.udn.com/money/story/5612/4222479
第15任總統副總統競選活動起跑暨電腦計票及資安記者會
https://clarify.cec.gov.tw/central/cms/108news/31982
中選會選務資安防護 防範網路大規模攻擊
http://bit.ly/2YGDBvJ
立院三讀!從事間諜行為洩漏特定資訊 可判無期並終身追訴
https://news.ltn.com.tw/news/politics/breakingnews/3007814
108第2次政府資通安全防護巡迴研討會ー議題一:資安威脅趨勢與案例
http://bit.ly/2PJPKfh
108第2次政府資通安全防護巡迴研討會ー議題二之一:深化各機關落實資訊安全管理系統(CNS 27001)規劃
http://bit.ly/34gIWeb
108第2次政府資通安全防護巡迴研討會ー議題二之二:因應微軟Windows 7作業系統終止支援服務之防護措施建議
http://bit.ly/2Ea1Dps
108第2次政府資通安全防護巡迴研討會ー議題三:108年網路攻防演練暨資安檢測重要發現事項
http://bit.ly/38E64XJ
H.ICS/SCADA 工控系統
工控安全入門之攻與防
https://www.freebuf.com/articles/ics-articles/220302.html
Siemens SPPA-T3000堆緩衝區溢出漏洞
https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
駭客透過漏洞能控制ABB變電站的保護設備
https://www.securityweek.com/vulnerability-allows-hackers-take-control-abb-substation-protection-devices
JVNVU#94348866 オムロン製 PLC CS, CJ および NJ シリーズにおける総当たり攻撃に対する脆弱性
https://jvn.jp/vu/JVNVU94348866/
JVNVU#91952379 オムロン製 PLC CJ および PLC CS における複数の脆弱性
https://jvn.jp/vu/JVNVU91952379/
I.教育訓練
Hacker 101 CTF Write Up Part 6 - Encrypted Pastebin (Padding Oracle 以及翻轉攻擊)
https://yu-jack.github.io/2019/10/20/hacker101-part6/
Web安全漏洞系列:2019 Google CTF題型講解
https://www.freebuf.com/video/216237.html
深入浅出理解操作系统安全
https://www.freebuf.com/articles/system/220576.html
Linux Cheat Sheet
https://hakin9.org/linux-cheat-sheet/
有關對Kubernetes部署進行故障排除的直觀指南
https://learnk8s.io/troubleshooting-deployments
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
智慧路燈系統資安標準與測試規範
https://www.taics.org.tw/LatestASSForm.aspx?Ass_id=5059&Type=1
與Vinfast合作被盯上 BMW遭越南駭客組織攻擊、欲竊商業機密
https://speed.ettoday.net/news/1598959
BMW與現代汽車遭越南駭客鎖定
https://ithome.com.tw/news/134707
越南駭侵團體 APT32 駭入 BMW、現代車廠
https://www.twcert.org.tw/tw/cp-104-3124-3caaa-1.html
以人為先發展AI 應對網絡攻擊
http://bit.ly/2LEvDOo
2020資安預測 趨勢科技:家中物聯網成駭客目標
https://www.setn.com/News.aspx?NewsID=652048
2020資安大預測/5G、物聯網 成駭客攻擊管道
https://ec.ltn.com.tw/article/paper/1338503
臺灣物聯網資安標章發展上軌道,已有9家業者的22款產品取得資安標準合格證書
https://www.ithome.com.tw/news/134764
FBI recommends that you keep your IoT devices on a separate network
https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network/#ftag=RSSbaffb68
6.近期資安活動及研討會
交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦 12/14
https://hackercollege.nctu.edu.tw/?p=1094
台灣駭客年會 HITCON Winter Training 2019 12/16
https://hitcon.kktix.cc/events/hitcon-winter-training-2019
台灣駭客年會 HITCON Winter Training 2019 - 學生報名 12/16
https://hitcon.kktix.cc/events/hitcon-winter-training-2019-student
Japan Security Analyst Conference
https://jsac.jpcert.or.jp/
PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world
制御システムセキュリティカンファレンス 2020 2020年2月14日
https://www.jpcert.or.jp/event/ics-conference2020.html
沒有留言:
張貼留言