資安事件新聞週報 2019/12/30 ~ 2020/1/3
1.重大弱點漏洞/後門/Exploit/Zero Day
Ruckus Wireless Wi-Fi路由器RCE漏洞可遭駭入,甚至只要一行程式碼
https://www.ithome.com.tw/news/135093
Ruckus 無線路由器發現多個資安漏洞
https://www.twcert.org.tw/tw/cp-104-3202-d8067-1.html
BullGuard Premium Protection 競爭條件問題漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20000
CVE-2019-17556:Apache Olingo中的反序列化漏洞
https://nosec.org/home/detail/3669.html
Apache Solr遠程代碼執行漏洞
https://www.baobuzz.com/info/99387.html
甲骨文發布嚴重Java漏洞安全警報:攻擊者可以控制和訪問個人數據
https://read01.com/L27BjLd.html#.XghrBVUzbIU
Palo Alto Networks PA-7080和PA-7050 PAN-OS 安全漏洞風險通告
https://www.venustech.com.cn/article/1/10911.html
日本LINE與HackerOne啟動公共漏洞懸賞計劃
https://www.sohu.com/a/362431675_100161396
Xerox AltaLink C8035 Printer Cross-Site Request Forgery (Add Admin)
https://cxsecurity.com/issue/WLB-2019120122
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
玉山廣召科技人 衝智能金融
https://reurl.cc/b6jag3
中國大陸公安部、中國人民銀行聯合嚴厲打擊整治非法網路支付
https://news.sina.com.tw/article/20191229/33841188.html
集保資訊系統轉型與改造研討會 分享系統改造轉型經驗
https://www.bnext.com.tw/article/56095/tdcc
金融開放關鍵 勤業眾信:資安與隱私
https://www.chinatimes.com/realtimenews/20191230002321-260410?chdtv
準備好迎接PSD2了嗎?開放銀行的風險
https://blog.trendmicro.com.tw/?p=62080
台股資安防護 八點不漏
https://money.udn.com/money/story/5607/4258350
開放銀行要「書同文,車同軌」嗎?什麼是台灣最適合的模式
https://www.bnext.com.tw/article/56103/open-banking-mode-taiwan
捲土重來現曙光 麻布記帳 App 高潮迭起的金融創新心路歷程
https://www.inside.com.tw/article/18512-google-play-money-book
雙反把客戶當匪諜 金融業頭大
https://www.chinatimes.com/newspapers/20200101001306-260118?chdtv
一銀 獲聯徵中心雙金獎
https://money.udn.com/money/story/5636/4264268
集保「股東e票通」 資安升級
https://money.udn.com/money/story/5607/4264330
Magnetic stripe ATM cards will continue to work: SBP
https://www.brecorder.com/2020/01/03/558453/magnetic-stripe-atm-cards-will-continue-to-work-sbp/
Cyberthreats to financial institutions 2020: Overview and predictions
https://securelist.com/financial-predictions-2020/95388/
Mastercard Acquires RiskRecon To Boost Cybersecurity
https://www.pymnts.com/news/security-and-risk/2019/mastercard-acquires-riskrecon-to-boost-cybersecurity/
Phishing Scams Target Canadian Bank Customers
https://www.bankinfosecurity.com/phishing-scams-target-canadian-bank-customers-a-13551
MasterCard Inks Deal for Startup RiskRecon
https://www.bankinfosecurity.com/mastercard-inks-deal-for-startup-riskrecon-a-13546
Financial threats in 2020: fintech, mobile banking and e-commerce are in the crosshairs
https://www.kaspersky.com/about/press-releases/2019_financial-threats-in-2020-fintech-mobile-banking-and-e-commerce-are-in-the-crosshairs
122 Chinese Men Detained in Nepal on Charges of Cyber-crime and Bank Fraud
https://www.ehackingnews.com/2019/12/122-chinese-men-detained-in-nepal-on.html
Nepal detains 122 Chinese for suspected cyber crime and bank fraud
https://www.reuters.com/article/us-nepal-china-crime/nepal-detains-122-chinese-for-suspected-cyber-crime-bank-fraud-idUSKBN1YS0AP
Deutsche, Mastercard Launch Spain’s First Dynamic Code Card
https://www.pymnts.com/news/security-and-risk/2019/deutsche-mastercard-launch-dynamic-code-card-in-spain/
3 Chinese nationals acquitted in ATM-skimming case due to lack of evidence
https://www.dawn.com/news/1525877/3-chinese-nationals-acquitted-in-atm-skimming-case-due-to-lack-of-evidence
Nigerian national held for cloning ATM cards in Pisoli
https://www.hindustantimes.com/pune-news/nigerian-national-held-for-cloning-atm-cards-in-pisoli/story-zmyVYAKx760fvzF9FbGWZM.html
Razer bets on youth base in bid for Singapore digital bank licence
https://www.zdnet.com/article/razer-bets-on-youth-base-in-bid-for-singapore-digital-bank-licence/#ftag=RSSbaffb68
3.電子支付/電子票證/行動支付/ pay/新聞及資安
PayPal officially enters China: Challenges vs. opportunities
https://www.zdnet.com/article/paypal-officially-enters-china-challenges-vs-opportunities/#ftag=RSSbaffb68
China smartphone makers form alliance to offer P2P file transfer
https://www.zdnet.com/article/china-smartphone-makers-form-alliance-to-offer-p2p-file-transfer/#ftag=RSSbaffb68
4.虛擬貨幣/區塊鍊相關新聞及資安
瑞士不接受加密貨幣「Libra」與一籃子貨幣掛鈎
https://reurl.cc/K6nLEn
被逼交出30億美元比特幣 「自稱」發明人卻說
https://ec.ltn.com.tw/article/breakingnews/3024195
加密貨幣很難用?Coinbase研發的新技術將可讓比特幣廣泛流通
https://news.knowing.asia/news/069de49a-52e6-4776-bec3-98a45adec455
COSO 將於 2020 年發佈區塊鏈安全指引
http://bit.ly/39p1SLB
一帶一路|中國清大成立「一帶一路區塊鏈技術應用聯盟」,為 國際擴展 和 長三角戰略 發展鋪路!
https://bigdatafinance.tw/index.php/blockchain/1391-2019-12-29-18-00-23
樂天集團「交易所 Rakuten Wallet」推出點數獎勵計畫,每月最高兌換 50 萬日圓比特幣
https://bigdatafinance.tw/index.php/blockchain/1393-rakuten-wallet-50
美國國會議員提出《2020年加密貨幣法案》草案,有望建立明確監管
https://bigdatafinance.tw/index.php/blockchain/1392-2020
區塊鏈在國防領域能有哪些作為
https://news.sina.com.tw/article/20191230/33849996.html
區塊鏈技術有漏洞 加密貨幣隱憂注意
http://bit.ly/2QztFAw
加密貨幣市場動盪多 比特幣將跌至1,000美元
http://bit.ly/2rLlIzQ
騙走整個貨幣交易所的俄國詐騙集團:4.5億美元加密貨幣如何憑空消失的故事
https://www.storm.mg/article/2128389
以鈦坊暴露漏洞:駭客利用Parity節點
https://www.fxshell.com/article/48375
Doxed credit card data has two hours max before it’s nabbed
https://nakedsecurity.sophos.com/2019/12/18/doxed-credit-card-data-has-two-hours-max-before-its-nabbed/
From crypto currency to chocolate – where to spend your Bitcoin
https://www.zdnet.com/article/from-crypto-currency-to-chocolate-where-to-spend-your-bitcoin/#ftag=RSSbaffb68
Chrome extension caught stealing crypto-wallet private keys
https://www.zdnet.com/article/chrome-extension-caught-stealing-crypto-wallet-private-keys/#ftag=RSSbaffb68
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
360安全大腦發布《2019年勒索病毒疫情分析報告》 “中毒”計算機高達412.5萬
https://www.csdn.net/article/a/2019-12-27/15986652
駭客利用惡意檔案竊取臉書帳號資訊
https://webnas.bhes.ntpc.edu.tw/wordpress/archives/15294
個案分析-勒索病毒GlobeImposter攻擊事件分析報告_10812
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019122602121717386022891771760.pdf
DDoS攻擊和IoT漏洞攻擊:Momentum殭屍網路的新動態
https://blog.trendmicro.com.tw/?p=62968
兩隻新勒索病毒:Snatch重啟電腦進入安全模式/ Zepplin鎖定歐美
https://blog.trendmicro.com.tw/?p=62964
UAE Telecom Authority issues warning about global virus 'Emotet'
https://www.connectedtoindia.com/uae-telecom-authority-issues-warning-about-global-virus-emotet-6758.html
FIN7 Hackers' BIOLOAD Malware Drops Fresher Carbanak Backdoor
https://reurl.cc/QpkGVq
Introducing BIOLOAD: FIN7 BOOSTWRITE’s Lost Twin
https://www.fortinet.com/blog/threat-research/bioload-fin7-boostwrite-lost-twin.html
Ransomware Attackers May Lurk for Months, FBI Warns
https://www.bankinfosecurity.com/blogs/ransomware-attackers-may-lurk-for-months-fbi-warns-p-2844
Ransomware 2.0: Cybercrime Gangs Apply APT-Style Tactics
https://www.bankinfosecurity.com/interviews/ransomware-20-cybercrime-gangs-apply-apt-style-tactics-i-4543
New Orleans' Mission: Clean 4,000 Computers in 48 Hours
https://www.bankinfosecurity.com/new-orleans-mission-clean-4000-computers-in-48-hours-a-13528
7 types of virus – a short glossary of contemporary cyberbadness
https://nakedsecurity.sophos.com/2019/12/28/7-types-of-virus-a-short-glossary-of-contemporary-cyberbadness/
Christmas malware uses “Support Greta Thunberg” as a lure
https://nakedsecurity.sophos.com/2019/12/27/christmas-malware-uses-support-greta-thunberg-as-a-lure/
Ransomware-seized New Orleans declares state of emergency
https://nakedsecurity.sophos.com/2019/12/17/ransomware-seized-new-orleans-declares-state-of-emergency/
A new trojan Lampion targets Portugal
https://securityaffairs.co/wordpress/95731/malware/lampion-malware-targets-portugal.html
US Coast Guard discloses Ryuk ransomware infection at maritime facility
https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/
US Coast Guard discloses Ryuk ransomware infection at maritime facility
https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/#ftag=RSSbaffb68
Chrome extension caught stealing crypto-wallet private keys
https://www.zdnet.com/article/chrome-extension-caught-stealing-crypto-wallet-private-keys/
Story of the year 2019: Cities under ransomware siege
https://securelist.com/story-of-the-year-2019-cities-under-ransomware-siege/95456/
Restaurant Chain Landry's Investigates Malware Incident
https://www.bankinfosecurity.com/restaurant-chain-landrys-investigates-malware-incident-a-13571
Landry's restaurant chain disclose POS malware incident
https://www.zdnet.com/article/landrys-restaurant-chain-disclose-pos-malware-incident/#ftag=RSSbaffb68
B.行動安全 / iPhone / Android /穿戴裝置 /App
中國那個將Sim卡與MicroSD卡整合在一起的「超級SIM卡」很厲害?其實你也可以自己在家DIY做一個
https://reurl.cc/5gyZbM
公共充電座真的安全嗎?USB保險套協助隔離風險
https://reurl.cc/EKMLVg
OPPO攜手HackerOne,共建安全生態
http://news.cnw.com.cn/news-china/htm2019/20191227_325468.shtml
APP安全測試該如何滲透檢測APP存在的漏洞
https://cloud.tencent.com/developer/article/1559790
WhatsApp 與 Check Point 聯手解決群組死機漏洞
https://unwire.pro/2019/12/27/checkpoint-2/security/
微信微博聊天記錄可作為證據!互聯網從來不是法外之地
http://www.sohu.com/a/363379203_115224
陸民事訴訟新規 雲端通訊可作證
https://www.chinatimes.com/newspapers/20191228000159-260302?chdtv
賽道狂人、冰雪奇緣2線上看?LINE帳號恐遭登入盜用
http://bit.ly/2SFg3pN
華為插旗印度?傳印度政府允許華為參與5G網路試驗
https://ec.ltn.com.tw/article/breakingnews/3025028
2019 折疊元年,GMS 將成中國手機廠商的禁地
https://3c.talk.tw/Article.aspx?Article_ID=3844
5G設備安全威脅多 資安評估準則有測有保庇
https://www.2cm.com.tw/2cm/zh-tw/tech/9070B8CFE9FC4B4CA7F5E083AC5EBB0B
LINE表示 沒有任何人可監控
https://www.chinatimes.com/newspapers/20200102000484-260102?chdtv
中國大陸刷臉時代危機 一張照片破解人臉識別
https://news.tvbs.com.tw/focus/1256480
作案分析大數據 套路貸“忽悠術”升級
http://big5.xinhuanet.com/gate/big5/www.xinhuanet.com/fortune/2019-12/31/c_1125406263.htm
資安疑慮迫使五角大廈下令,美國陸軍也禁用 TikTok
https://technews.tw/2020/01/02/army-follows-pentagon-guidance-and-bans-chinese-owned-tiktok-app/
Smartphone location data can be used to identify and track anyone
https://nakedsecurity.sophos.com/2019/12/23/smartphone-location-data-can-be-used-to-identify-and-track-anyone/
iOS bugs and annoyances Apple desperately needs to fix in 2020
https://www.zdnet.com/article/ios-bugs-and-annoyances-apple-desperately-needs-to-fix-in-2020/#ftag=RSSbaffb68
US Army Follows Navy in Banning TikTok App: Report
https://www.bankinfosecurity.com/us-army-follows-navy-in-banning-tiktok-app-report-a-13570
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
2019年12月十大資安新聞
https://www.ithome.com.tw/news/135149
2019年資安長(CISO)最擔心的是什麼
https://blog.trendmicro.com.tw/?p=62853
【旅發局除夕大抽獎死server】現嚴重漏洞!毋須驗證碼也可登記
http://bit.ly/2Ff0fCy
臉書因應2020大選 將首度在台灣設立戰情室
https://www.cna.com.tw/news/firstnews/201912300252.aspx
Garena重置密碼會遇到竹"簾"戰堂簡訊
https://www.ptt.cc/bbs/LoL/M.1577272674.A.DA2.html
靠挖掘別人家的資料數據來賺錢,「網路爬蟲」這個行為合法嗎
https://www.techbang.com/posts/75284-is-the-internet-crawler-legal-china-and-the-united-states-have-different-views
卡巴斯基報告:70% 的黑客攻擊事件瞄準Office 漏洞
http://bit.ly/2QtPJMW
黑客盯上美國助學申請工具漏洞竊取10萬納稅人信息
https://nosec.org/home/detail/3696.html
新版任天堂Switch Lite慘被破解!全線主機成功運行翻版遊戲
https://reurl.cc/k5jDE3
網路攻擊不斷 桃市資科局:平均10多件到數百件
http://bit.ly/2svR6CH
國外駭客發現系統漏洞,有機會破解 Switch
https://games.yahoo.com.tw/hackerswitch-130103922.html
國際產經:中國企業間諜活動加劇,包括IBM等皆發現駭客攻擊
http://bit.ly/37luhAq
無所不在的中國駭客!美國企業遭「雲端跳躍」攻擊始末大揭密
https://www.storm.mg/article/2134294
藉侵入雲端業者網路,中國駭客集團 APT10 活動足跡比原先想的還要大
https://technews.tw/2020/01/02/chinese-hacker-apt10-footprint-is-larger-than-previous-thought/
WSJ:中國駭客行動Cloud Hopper規模超乎原先預期
https://www.ithome.com.tw/news/135135
華日:中共駭客「雲端跳躍」威脅超乎想像
http://bit.ly/2QiUcDk
中駭客「雲端」竊密 全球數百企業受害
https://ec.ltn.com.tw/article/paper/1342996
中國駭客再現行跡?破2FA認證 攻擊企業用戶網路
https://cnews.com.tw/137191229a01/
防俄擾2020大選 美資訊戰反制
https://news.ltn.com.tw/news/world/paper/1341902
俄成功全國「斷網」 專家憂心網路自由蕩然無存
https://www.ydn.com.tw/News/365547
俄「斷網」測試 箝制輿論於無形
https://www.ydn.com.tw/News/365589
「007」總部翻修工程藍圖外流!承包商被解約
https://udn.com/news/story/6809/4254876
紅色滲透又出同招!傳北京派地方組織「盯場催票」回報中國
https://www.setn.com/News.aspx?NewsID=662371
中共被指用駭客組織攻擊新疆與香港人權活動人士
https://gnews.org/zh-hant/68063/
協助曝光新疆再教育營內部文件 她被威脅:不停止就碎屍萬段
https://news.ltn.com.tw/news/world/breakingnews/3025145
網路間諜監控亞洲NGO 後台疑是中共
http://bit.ly/2QaNE9B
微軟破獲北韓駭客組織網路,為其第4例
https://ithome.com.tw/news/135119
用「rn」冒充「m」,微軟怒查抄朝鮮駭客組織的50個域名
https://ek21.com/news/tech/168918/
北韓駭客攻擊維權人士 微軟獲法院許可接管網域
https://udn.com/news/story/6809/4258943
北韓駭客組織攻擊又一起!釣魚郵件攻擊維權人士 美聯邦法院授權微軟接管網域
http://bit.ly/39wfJ2Y
微軟反擊北韓駭客團體,興訟奪得 50 網域控制權
https://technews.tw/2019/12/31/microsoft-use-law-suit-on-north-korean-hacker-group-and-gets-50-domains/
北韓駭客冒用微軟品牌與商標追蹤攻擊維權人士,微軟獲法院許可接管網域
http://bit.ly/2u7lxQ7
微軟成功清理與朝鮮駭客攻擊有關的50個域名
https://ek21.com/news/tech/169018/
又一國!拉脫維亞首將中共列威脅名單
http://www.ntdtv.com.tw/b5/20191230/video/260956.html
披露:日本擬立法限制中國科技
https://ec.ltn.com.tw/article/breakingnews/3026977
中共提一國兩制 台灣推「國安五法」因應
http://bit.ly/2FdKmMs
中南海對第一階段詭異沉默 有個行為是信號 川普公開加碼沒有第2階段
https://tw.aboluowang.com/2020/0102/1390846.html
港警首度偵破反送中示威者通訊站 控其「協助暴動」
https://tw.news.appledaily.com/international/realtime/20200102/1685379/
德媒披露華為不如美國︰思科 10個「後門」,華為「零」
http://bit.ly/2FeYUeL
Report: Cloud Hopper Attacks Affected More MSPs
https://www.bankinfosecurity.com/report-cloud-hopper-attacks-affected-more-msps-a-13565
Microsoft takes down 50 domains operated by North Korean hackers
https://www.zdnet.com/article/microsoft-takes-down-50-domains-operated-by-north-korean-hackers/#ftag=RSSbaffb68
US Cybercom Considers Bold Election Security Moves: Report
https://www.bankinfosecurity.com/us-cybercom-considers-bold-election-security-moves-report-a-13560
Analysis: 2020 Cybersecurity Issues
https://www.bankinfosecurity.com/interviews/analysis-2020-cybersecurity-issues-i-4556
US Navy Memo Raised Cyberscurity Concerns About DJI Drones
https://www.bankinfosecurity.com/us-navy-memo-raised-cyberscurity-concerns-about-dji-drones-a-13523
Serious Security: The decade-ending “Y2K bug” that wasn’t
https://nakedsecurity.sophos.com/2019/12/23/serious-security-the-decade-ending-y2k-bug-that-wasnt/
Planning for 2020? Here are 3 cybersecurity trends to look out for
https://www.helpnetsecurity.com/2019/12/30/2020-cybersecurity-trends/
Microsoft takes down 50 domains operated by North Korean hackers
https://www.zdnet.com/article/microsoft-takes-down-50-domains-operated-by-north-korean-hackers
Microsoft takes court action against fourth nation-state cybercrime group
https://blogs.microsoft.com/on-the-issues/2019/12/30/microsoft-court-action-against-nation-state-cybercrime/
Cyber police in Ukraine caught hackers who hacked tens of thousands of servers around the world
https://www.ehackingnews.com/2019/12/cyber-police-in-ukraine-caught-hackers.html
APT review: what the world’s threat actors got up to in 2019
https://securelist.com/ksb-2019-review-of-the-year/95394/
Corporate security prediction 2020
https://securelist.com/corporate-security-predictions-2020/95387/
Cybersecurity of connected healthcare 2020: Overview and predictions
https://securelist.com/healthcare-predictions-2020/95385/
5G technology predictions 2020
https://securelist.com/5g-predictions-2020/95386/
Biometric data processing and storage system threats
https://securelist.com/biometric-data-processing-and-storage-system-threats/95364/
Job Search: Head of UK's National Cyber Security Center
https://www.bankinfosecurity.com/blogs/job-search-head-uks-national-cyber-security-center-p-2845
中華電信挖掘人才!舉辦大平台創意應用賽
https://reurl.cc/W4ZMgy
資安工程師 (台北)
https://www.104.com.tw/job/6tz8j
資安工程師(士林)
https://www.yes123.com.tw/admin/job_refer_comp_job_detail2.asp?p_id=83151_04322046&job_id=20191231190717_6089594
臺南市政府AI發展計畫人才招募
http://grad.osa.ncku.edu.tw/p/406-1054-201031,r1710.php?Lang=zh-tw
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
新創新詐騙?EBITDA財務模型
http://globalnewstv.com.tw/201912/91580/?doing_wp_cron=1577609205.5249099731445312500000
Jack Dai/假新聞——中共統一管理網路密碼
https://reurl.cc/1Qa7KY
房仲開發「搜尋系統」洩1.7億個資! 蔡英文也遭殃…最新判決出爐
https://www.ettoday.net/news/20191228/1612327.htm
『 FireFox Monitor 』幫你檢查你的個資有沒有外洩!不幸中獎了就快改密碼吧
https://agirls.aotter.net/post/56586
如何應對「反人臉辨識」?專家:政府立意良善與完整制度是關鍵
https://newtalk.tw/news/view/2019-12-28/346144
專騙一般民眾的郵件詐騙手法,你也收過恐嚇信嗎
https://ithelp.ithome.com.tw/articles/10229518?sc=rss.qu
小心!刑事局公布五大詐騙高風險網路賣場名單
https://udn.com/news/story/7315/4256018
花蝴蝶跨年夜酸阿姆「小陰莖」狂罵黑人 原來帳號被盜惹
https://ent.ltn.com.tw/news/breakingnews/3026865
星巴克因員工重大疏失,導致內部系統API金鑰置於GitHub公開資料夾
https://www.ithome.com.tw/news/135128
有240萬用戶的個人數據被Wyze暴露該公司專門研究互聯安全
http://news.edunews.net.cn/zixun/20200102/014815.html
IoT裝置製造商Wyze伺服器外洩240萬名客戶資料
https://www.ithome.com.tw/news/135096
IoT 廠商 Wyze 證實大規模資料外洩,內部操作失誤造成
https://technews.tw/2019/12/30/iot-manufacturer-wyze-says-they-have-confirm-mass-leaks-it-was-due-to-internal-error/
IoT vendor Wyze confirms server leak
https://www.zdnet.com/article/iot-vendor-wyze-confirms-server-leak/#ftag=RSSbaffb68
Database Left 267 Million Facebook IDs Exposed: Report
https://www.bankinfosecurity.com/database-left-267-million-facebook-ids-exposed-report-a-13535
Will the U.S. Get a Federal Privacy Law
https://www.bankinfosecurity.com/will-us-get-federal-privacy-law-a-13559
Sextortionists return for Christmas – price goes down, threats go up
https://nakedsecurity.sophos.com/2019/12/24/sextortionists-return-for-christmas-price-goes-down-threats-go-up/
Seattle- based Wyze alleged of data breach: Unpaired all devices from Google Assistant and Alexa
https://www.ehackingnews.com/2020/01/seattle-based-wyze-alleged-of-data.html
Check if your email address or password has been compromised in data breach
https://hackingvision.com/author/javarockstar/
Brazil surpasses UK in Facebook fine over Cambridge Analytica scandal
https://www.zdnet.com/article/brazil-surpasses-uk-in-facebook-fine-over-cambridge-analytica-scandal/#ftag=RSSbaffb68
E.研究報告
資訊安全對智慧家庭的衝擊
https://epaper.ttc.org.tw/share.aspx?aQBkAA2=MQA0ADUA0&bgBvAA2=NgAxAA2
Docker搭建Pikachu靶場
https://bbs.77169.net/forum.php?mod=viewthread&tid=375192
挖洞經驗| 利用Instagram版權功能構造CSRF漏洞刪除其他用戶文件
https://www.freebuf.com/vuls/223496.html
挖洞經驗| 如何發現更多的IDOR漏洞(越權漏洞)
https://www.freebuf.com/vuls/223500.html
CVE-2017-0101-Win32k提權分析筆記
https://bbs.pediy.com/thread-256949.htm
軟體測試方法/AI攻擊例白箱檢測技術解謎
https://secbuzzer.co/post/162
軟體測試方法/AI攻擊例白箱檢測技術解謎
https://secbuzzer.co/post/162
Log4j反序列化分析(CVE-2019-17571&CVE-2017-5645)
https://xz.aliyun.com/t/7010
漏洞筆記| 淺談SSRF原理及其利用
https://cloud.tencent.com/developer/article/1561355
Windows 內核IDT(中斷描述符表)的學習總結
https://www.4hou.com/index.php/posts/wR8w
如何編寫shellcode查找EIP&RIP
https://www.4hou.com/index.php/posts/7WwA
對Windows IIS HTTP/2 PING FLOOD 拒絕服務漏洞(CVE-2019-9512)的分析
https://www.4hou.com/index.php/posts/x7Nr
對TP-Link TL-WR841N v14 CVE-2019-17147 緩衝區溢出漏洞的分析
https://www.4hou.com/index.php/posts/gQG9
Amazon blink 智能安全攝像頭被發現命令注入漏洞
https://www.4hou.com/index.php/posts/wR5w
如何編寫基於Linux x86的TCP Bind Shell
https://www.4hou.com/index.php/posts/E67k
HackZone CTF比賽上一道X86_64上使用任意內存寫來獲取RCE題目的WriteUp
https://www.4hou.com/index.php/posts/GQ70
Redhat2019CTF上利用honggfuzz 和QEMU 插樁完成題目的WriteUp
https://www.4hou.com/index.php/posts/J7jo
使用Frida對app進行hook分析的基本方法介紹
https://www.4hou.com/index.php/posts/rM56
Spelevo EK使用社會工程技術
https://www.4hou.com/index.php/posts/mMPp
[漏洞分析] CVE-2019-2215漏洞學習及利用
https://www.52pojie.cn/thread-1083552-1-1.html
對KeyWe 智能門鎖的漏洞挖掘分析總結
https://www.4hou.com/index.php/posts/qM5r
Metasploit使用漏洞(漏洞)
https://www.ancii.com/ahwj563vm/
PHP反序列化漏洞入門
https://www.freebuf.com/articles/web/221213.html
我的2019年漏洞挖掘之旅
https://nosec.org/home/detail/3736.html
Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
https://blogs.technet.microsoft.com/jepayne/2017/12/08/weffles/
DC-8 (Pretty Interesting Box)
https://pwnedsites.blogspot.com/2019/12/dc-8-pretty-interesting-box.html
Cuckoo Sandbox Architecture | by Ricardo van Zutphen
https://eforensicsmag.com/cuckoo-sandbox-architecture/
Don't Ruck Us Too Hard - Owning Ruckus AP Devices
https://berlin-ak.ftp.media.ccc.de/congress/2019/slides-h264-hd/36c3-10816-eng-deu-Dont_Ruck_Us_Too_Hard_-_Owning_Ruckus_AP_Devices_hd-slides.mp4
How to Convert HTML Tables into CSV Files in Python
https://www.thepythoncode.com/article/convert-html-tables-into-csv-files-in-python
How to Make an Email Extractor in Python
https://www.thepythoncode.com/article/extracting-email-addresses-from-web-pages-using-python
How to Defend Against Amplified Reflection DDoS Attacks
https://www.a10networks.com/blog/how-defend-against-amplified-reflection-ddos-attacks/
Netcat Tutorial Beginner to Advanced
https://hackonology.com/blogs/netcat-tutorial-beginner-to-advanced/
Enumeration | ethical hacking enumeration techniques
https://www.hackingcastle.com/2019/12/enumeration-enumeration-in-ethical.html
From Zero to Lateral Movement in 36 Minutes
https://www.wilbursecurity.com/2019/12/from-zero-to-lateral-movement-in-36-minutes/
Reversing a real-world 249 bytes backdoor
https://anee.me/reversing-a-real-world-249-bytes-backdoor-aadd876c0a32
Mobile Application Pentesting-Part 1
https://medium.com/@patilpiyush/mobile-application-pentesting-part-1-596e82e56e83
entynetproject/mouse
https://github.com/entynetproject/mouse
axi0mX / ipwndfu
https://github.com/axi0mX/ipwndfu
Apache-Poi-XXE-Analysis
https://xz.aliyun.com/t/6996
artikrh/SMS-Xombie
https://github.com/artikrh/SMS-Xombie
uknowsec/ZVulDrill
https://github.com/uknowsec/ZVulDrill
harismuneer/Ultimate-Facebook-Scraper
https://github.com/harismuneer/Ultimate-Facebook-Scraper
alphaSeclab/awesome-reverse-engineering
https://github.com/alphaSeclab/awesome-reverse-engineering/blob/master/Readme_en.md
r00t-3xp10it/PandoraBox
https://github.com/r00t-3xp10it/PandoraBox
wh-hackerexploit/HackerExploit-v2
https://github.com/wh-hackerexploit/HackerExploit-v2
Cyb0r9/SocialBox
https://github.com/Cyb0r9/SocialBox
michenriksen/aquatone
https://github.com/michenriksen/aquatone/wiki/Api-keys
alphaSeclab/awesome-rat
https://github.com/alphaSeclab/awesome-rat
vhoudoverdov/Windows-RedTeam
https://github.com/vhoudoverdov/Windows-RedTeam/tree/master/ClobberTime
Encoding your WiFi access point password into a QR code
https://feeding.cloud.geek.nz/posts/encoding-wifi-access-point-passwords-qr-code/
imperva/automatic-api-attack-tool
https://github.com/imperva/automatic-api-attack-tool
Mouse Payload Loader (MPL)
https://github.com/entynetproject/mouse
The Great Escape of ESXi Breaking Out of a Sandboxed Virtual Machine
https://media.ccc.de/v/36c3-10505-the_great_escape_of_esx
Active Directory Visualization for Blue Teams and Threat Hunters
https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters
Messenger Hacking: Remotely Compromising an iPhone through iMessage
https://media.ccc.de/v/36c3-10497-messenger_hacking_remotely_compromising_an_iphone_through_imessage
Wi-Fi Hacking Is Easy and Cheap With a Pi Zero W
https://www.pcmag.com/news/372754/wi-fi-hacking-is-easy-and-cheap-with-a-pi-zero-w
liyasthomas/postwoman
https://github.com/liyasthomas/postwoman
alphaSeclab/awesome-forensics
https://github.com/alphaSeclab/awesome-forensics/blob/master/Readme_en.md
Reversing Web Assembly (WASM)
https://anee.me/reversing-web-assembly-wasm-dd59eb2a52d4
maxpowersi/APE
https://github.com/maxpowersi/APE
Fuel Pumps II – PoSlurp.B
https://norfolkinfosec.com/fuel-pumps-ii-poslurp-b/
Looking into Attacks and Techniques Used Against WordPress Sites
https://newsroom.trendmicro.com/blog/security-intelligence/looking-attacks-and-techniques-used-against-wordpress-sites-7
Why Running a Privileged Container in Docker Is a Bad Idea
https://newsroom.trendmicro.com/blog/security-intelligence/why-running-privileged-container-docker-bad-idea-10
DDoS Attacks and IoT Exploits: New Activity from Momentum Botnet
https://newsroom.trendmicro.com/blog/security-intelligence/ddos-attacks-and-iot-exploits-new-activity-momentum-botnet-14
Decrypting config.bin files for TP-Link WR841N, WA855RE, and probably
https://assemblyofsecrets.blogspot.com/2020/01/decrypting-configbin-files-for-tp-link.html
Universal Radio Hacker: Investigate Wireless Protocols like a Boss
https://hakin9.org/universal-radio-hacker-investigate-wireless-protocols-like-a-boss/
NCSC glossary
https://www.ncsc.gov.uk/information/ncsc-glossary
CyberScan: Hackers Favourite ToolKit
https://hakin9.org/cyberscan-hackers-favourite-toolkit/
D-Link DIR-859 —Unauthenticated RCE (CVE-2019–17621) [EN]
https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104
How we developed our simple Harbour decompiler
https://securelist.com/how-we-developed-our-simple-harbour-decompiler/95517/
OilRig’s Poison Frog – old samples, same trick
https://securelist.com/oilrigs-poison-frog/95490/
Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium
https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/
Seven Critical Vulnerabilities Discovered in Portainer
https://www.fortinet.com/blog/threat-research/seven-critical-vulnerabilities-portainer.html
Dissecting Tor Bridges and Pluggable Transport - Part I: Finding the Built-in Tor Bridges and How Tor Browser Works
https://www.fortinet.com/blog/threat-research/dissecting-tor-bridges-pluggable-transport.html
Dissecting Tor Bridges and Pluggable Transport – Part II: How Obfs4 Bridges Defeats Censorship
https://www.fortinet.com/blog/threat-research/dissecting-tor-bridges-pluggable-transport-part-2.html
How to Conduct Jailed Testing with Frida
https://www.nowsecure.com/blog/2020/01/02/how-to-conduct-jailed-testing-with-frida
Web Security Basics: Is Your Web Application Safe
https://www.acunetix.com/blog/web-security-zone/web-security-basics/
Surprising Differences between TLS and SSL Protocol
https://gbhackers.com/suprising-differences-tls-ssl-protocol/
Cybercrime Gangs Advertise Fresh Jobs, Hacking Services
http://www.bankinfosecurity.com/cybercrime-gangs-advertise-fresh-jobs-hacking-service-a-11934
Top 10 Best Open Source Intelligence Tools (OSINT Tools) for Penetration Testing – 2020
https://cybersecuritynews.com/osint-tools/
IPtables Commands Cheatsheet – For Windows And Linux
https://hackersonlineclub.com/iptables-commands-cheatsheet-for-windows-and-linux/
mirinsoft/debotnet
https://github.com/Mirinsoft/Debotnet
The Curious Case of DeathRansom: Part I
https://www.fortinet.com/blog/threat-research/death-ransom-new-strain-ransomware.html
DeathRansom Part II: Attribution
https://www.fortinet.com/blog/threat-research/death-ransom-attribution.html
New USB cable kills your Linux laptop if stolen in a public place
https://www.zdnet.com/article/new-usb-cable-kills-your-linux-laptop-if-stolen-in-a-public-place/#ftag=RSSbaffb68
Introducing BusKill: A Kill Cord for your Laptop
https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/
Reversing Web Assembly (WASM)
https://anee.me/reversing-web-assembly-wasm-dd59eb2a52d4
iOS Application Injection
https://arjunbrar.com/post/ios-application-injection
THE GOOD, THE BAD AND THE UGLY IN CYBERSECURITY – WEEK 51
https://www.aurigasec.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-51
F.商業
Windows 7最終道別 安全性更新開始倒數
https://reurl.cc/yyj4oD
Windows 7終止支援倒數15天 微軟籲儘速升級
https://tw.appledaily.com/new/realtime/20191230/1683412/
面對Win10的大時代來臨,我們應該笑著迎接,還是堅守Win7呢
https://kknews.cc/digital/pv3jm5j.html
迎接5G物聯網時代!中華電信IoT創意應用大賽 發掘頂尖人才
http://bit.ly/2SCL4ej
Google與資安大廠ESET、Lookout和Zimperium聯合成立應用程式防護聯盟
https://www.bnext.com.tw/article/56127/google-eset-lookout--zimperium
G.政府
台灣上網人數首次突破 2,000 萬!2019 台灣網路報告公布,四大亮點帶你一次看
https://buzzorange.com/techorange/2019/12/26/2019-twnic-report/
別急著同意!健保署鬆綁就醫記錄擷取 只想興利沒防弊
http://bit.ly/2Q75SZr
李副總長主持網際防禦政策會議 聯防國家網際空間安全
https://n.yam.com/Article/20191230292589
高積分誘導查辦網路假訊息 警界高層斥:調查局瘋了
http://m.match.net.tw/pc/news/local/20191231/5146941?source=email
台灣力推數位身分證,學愛沙尼亞卻只學半套?
https://www.cw.com.tw/article/article.action?id=5098443
進入AI、5G時代 我需「資訊基本法」
https://udn.com/news/story/7240/4264356
H.工控系統/SCADA/ICS
多款Philips醫療設備被曝存在加密問題漏洞
https://www.freebuf.com/column/224373.html
I.教育訓練
什麼是零時差漏洞?有哪些漏洞攻擊手法
https://blog.trendmicro.com.tw/?p=62238
Kubernetes 基礎教學(一)原理介紹
https://medium.com/@C.W.Hu/kubernetes-basic-concept-tutorial-e033e3504ec0
Kubernetes 基礎教學(二)實作範例:Pod、Service、Deployment、Ingress
https://medium.com/@C.W.Hu/kubernetes-implement-ingress-deployment-tutorial-7431c5f96c3e
Kubernetes 基礎教學(三)Helm 介紹與建立 Chart
https://medium.com/@C.W.Hu/kubernetes-helm-chart-tutorial-fbdad62a8b61
網路封包側錄分析入門 輕鬆找出佔線及可疑流量
https://www.netadmin.com.tw/netadmin/zh-tw/magazine/-Feature/953662809DD947B0BDB3BD1831FA8A58?page=2
網路封包分析的好幫手—Wireshark 擷取分析、防範攻擊無所不包
http://www.netadmin.com.tw/netadmin/zh-tw/technology/22A1719CB7B54BDDBB0F6A477A535355
妳知道第三方應用是怎麼存取妳的雲端資料嗎
https://medium.com/@petertc/oauth-2-0-196a5550b668
學習滲透測試,奠定您的資安職涯全新里程碑
https://ithome.com.tw/pr/135141
惡意程式鑑識案例經驗分享
https://elearn.hrd.gov.tw/info/10013877
DFIR Training
https://www.dfir.training/calendar
What is the dark web? How to access it and what you'll find
https://www.csoonline.com/article/3249765/what-is-the-dark-web-how-to-access-it-and-what-youll-find.html
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
真實版鋼鐵人!男子雙手植入4晶片 揮手就能解鎖特斯拉
https://reurl.cc/Ob8LrA
監視器遭駭客騷擾頻傳 受害者向亞馬遜求償1500萬
https://news.ltn.com.tw/news/world/breakingnews/3025025
駭客攻擊Ring安全照相頭 亞馬遜遭用戶起訴
https://ek21.com/news/tech/168556/
落實辨識與可視化 新興IoT裝置安全看得見
https://www.mem.com.tw/arti.php?sn=1912310007
物聯網時代資安第一 5G AIoT防護網大張旗鼓
https://www.mem.com.tw/arti.php?sn=1912310006
物聯網安全門戶洞開 英飛凌OPTIGA硬派把關
https://www.mem.com.tw/arti.php?sn=1912310008
騰訊科恩稱可通過無線協議遠程攻入特斯拉車載系統
https://www.leiphone.com/news/202001/vfWGOeacF3PyMpeE.html
在Tesla Model S上實現Wi-Fi協議棧漏洞的利用
https://keenlab.tencent.com/zh/2020/01/02/exploiting-wifi-stack-on-tesla-model-s/
小米監控攝像頭因漏洞被谷歌禁用:出現其他家庭影像
https://finance.sina.com.cn/stock/relnews/us/2020-01-03/doc-iihnzhha0012337.shtml
米家智慧居家監視器出現漏洞 Google暫停與小米合作
https://www.ettoday.net/news/20200103/1616796.htm
智慧運輸系統 (ITS) 與智慧車輛的威脅與風險
https://blog.trendmicro.com.tw/?p=62961
6.近期資安活動及研討會
大數據爬蟲技術實作,使用Python實作網路爬蟲,快速有效獲取大量資料,打造自動化金融數據平台 1/4
https://www.techbang.com/posts/58613-course-python-crawler-technology-implementation
[Birthday Series] R-Ladies Taipei 五歲拉 1/6
https://www.meetup.com/rladies-taipei/events/266131216/
SDN x Cloud Native Meetup #24 1/6
https://www.meetup.com/CloudNative-Taiwan/events/267390135/
WizardAmigos CodeCamp [Taipei,JavaScript,English] 1/6
https://www.meetup.com/WizardAmigos/events/bbdclrybccbjb/
新型郵件威脅與挑戰因應策略 1/7
https://engage2demand.cisco.com/LP=19240?dtid=oemels001119&ccid=cc000828&ecid=22859
發現 CNN 新大陸 (人工智慧小聚 - Hsinchu#20200108 ) 1/8
https://www.meetup.com/AIA-Hsinchu/events/266704469/
LISP talk: LISP in surrounding parentheses is supremely powerful #3 1/8
https://www.meetup.com/Clojure-tw/events/267468946/
#26 使用 Azure 進行文字分析與處理 1/8
https://www.meetup.com/Azure-Taiwan/events/267106591/
資安週講座-介於真假之間的假新聞 1/9
https://hackersir.kktix.cc/events/isweek-3
Python最強入門邁向數據科學之路-新書分享暨簽書會 1/9
https://tenlong.kktix.cc/events/dm1931
Fast.AI Workshop Lesson #3 1/9
https://www.meetup.com/Taipei-Agile-AI/events/267248318/
Hacking Thursday 1/9
http://www.hackingthursday.org/invite
AIS3 EOF資安搶旗競賽 1/11
https://ais3.org/eof
MLDM Monday x PyData Taiwan | TBD (about Shioaji) 1/13
https://www.meetup.com/Taiwan-R/events/266715784/
SANS Threat Hunting London Summit & Training 2020 1/13 ~ 1/18
https://www.sans.org/event/threat-hunting-europe-2020
GitLab Commit San Francisco 1/14
https://about.gitlab.com/events/commit/#attend-sanfrancisco
資安實務專題課程-Windows 惡意程式分析實務 1/14 ~ 1/17
https://isip.moe.edu.tw/wordpress/?p=1789
Build Your Security Token Blockchain - 如何打造證券型代幣區塊鏈 1/14
https://www.meetup.com/Polkadot-Taipei/events/267377249/
Elixir.tw Taipei Meetup inside 默默會(mokumokukai) 1/14
https://www.meetup.com/elixirtw-taipei/events/267421068/
Scala Taiwan #36 - Scala through lenses 1/14
https://www.meetup.com/Scala-Taiwan-Meetup/events/267314640/
Hacking Thursday 1/16
http://www.hackingthursday.org/invite
A meetup with Laurence Moroney 1/16
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/267109922/
ANSYS Workbench結構分析基礎課程 1/16 ~ 1/17
https://reurl.cc/mdjz7l
Japan Security Analyst Conference 1/17
https://jsac.jpcert.or.jp/
WizardAmigos CodeCamp [Taipei,JavaScript,English] 1/20
https://www.meetup.com/WizardAmigos/events/bbdclrybccbbc/
Cyber Security for Critical Assets (CS4CA) MENA 1/20 ~ 1/21
https://mena.cs4ca.com/?ref=infosec-conferences.com
PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world
2020核果資訊冬季班 Python 程式語言 (Level 1) 1/22~ 2/13
https://www.accupass.com/event/1911150442131985092910
Hacking Thursday 1/23
http://www.hackingthursday.org/invite
Security Hell Conference (SH3LLCON) 1/24 ~ 1/25
https://www.sh3llcon.es/?ref=infosec-conferences.com
NextGen SCADA 1/27 ~ 1/31
https://www.smartgrid-forums.com/forums/nextgen-scada-global/
Cranfield University Cyber Symposium 1/28 ~ 1/29
https://www.cranfield.ac.uk/events/symposia/cyber
International Cyber Security Forum (FIC) 1/28 ~ 1/30
https://www.forum-fic.com/en/home.htm
Free and Safe in Cyberspace 1/29
https://www.free-and-safe.org/
Hacking Thursday 1/30
http://www.hackingthursday.org/invite
制御システムセキュリティカンファレンス 2020 2020年2月14日
https://www.jpcert.or.jp/event/ics-conference2020.html
CYBERSEC 2020 臺灣資安大會 3/17 ~ 3/19
https://cyber.ithome.com.tw/
black ASIA 2020 3/31 ~ 4/3
https://www.blackhat.com/asia-20/briefings/schedule/
訂閱:
張貼留言 (Atom)
2024年 12 月份資安、社群活動分享
2024年 12 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/3 https://www.meetup.com/taiwan-code-camp/e...
-
2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://b...
-
2024年 2月份資安、社群活動分享 Taipei All About API Meetup Group - Meet and Greet, 01 Feb 2024, 07:00 PM 2024/2/1 https://www.meetup.com/taipei-all-a...
-
2024年 5 月份資安、社群活動分享 資安五四三 2024/5/2 https://csa.kktix.cc/events/202405-543 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/5/2 http...
沒有留言:
張貼留言