資安事件新聞週報 2020/1/13 ~ 2020/1/17
1.重大弱點漏洞/後門/Exploit/Zero Day
研究人員揭露纜線數據機漏洞Cable Haunt:光在歐洲就波及2億台數據機
https://www.ithome.com.tw/news/135306
可取國際(icatch)DVR攝影主機遭網路惡意入侵,煩請儘速確認並進行韌體更新
http://www.idsmag.com.tw/ids/new_article.asp?ar_id=30954
Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
https://www.exploit-db.com/exploits/47927
Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now
https://thehackernews.com/2020/01/firefox-cyberattack.html
Symantec Endpoint Detection and Response XSS
https://support.symantec.com/us/en/article.SYMSA1502.html
甲骨文修補334個安全漏洞,平歷史紀錄
https://www.ithome.com.tw/news/135411
F5 BIG-IP Engineering Hotfix 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5851
Juniper 產品多個漏洞
https://www.hkcert.org/my_url/zh/alert/20011001
安全研究人員發佈了兩個思傑嚴重漏洞的利用
https://www.chainnews.com/zh-hant/articles/618719868910.htm
美國國土安全部和MSF相繼發布了Citrix漏洞的測試利用工具
https://nosec.org/home/detail/3924.html
美國國土安全部釋出Citrix漏洞CVE-2019-19781的檢測工具
https://www.ithome.com.tw/news/135355
Citrix ADC和NetScaler漏洞風險提示
https://read01.com/oAaKKo6.html#.XhvZN8gzbIU
CVE-2019-19781:深入分析Citrix ADC RCE漏洞
https://www.anquanke.com/post/id/197074
Citrix ADC Exploits: Overview of Observed Payloads
https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+Overview+of+Observed+Payloads/25704/
PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability
https://thehackernews.com/2020/01/citrix-adc-gateway-exploit.html
Proof-of-concept code published for Citrix bug as attacks intensify
https://www.zdnet.com/article/proof-of-concept-code-published-for-citrix-bug-as-attacks-intensify/#ftag=RSSbaffb68
Severe Citrix Flaw: Proof-of-Concept Exploit Code Released
https://www.bankinfosecurity.com/severe-citrix-flaw-proof-of-concept-exploit-code-released-a-13600
PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability
https://thehackernews.com/2020/01/citrix-adc-gateway-exploit.html
Hackers are scanning for vulnerable Citrix servers
https://www.itproportal.com/news/hackers-are-scanning-for-vulnerable-citrix-servers/
Dutch Govt Suggests Turning Off Citrix ADC Devices, Mitigations May Fail
https://www.bleepingcomputer.com/news/security/dutch-govt-suggests-turning-off-citrix-adc-devices-mitigations-may-fail/#.XiERc_2pqfw.twitter
Hackers use system weakness to rattle doors on Citrix systems
https://reurl.cc/k5Kgnd
New Snort rules protect against recently discovered Citrix vulnerability
https://blog.talosintelligence.com/2020/01/snort-rules-cve-2019-19781.html
New Snort rules protect against recently discovered Citrix vulnerability
https://blog.talosintelligence.com/2020/01/snort-rules-cve-2019-19781.html
NETSCALER REMOTE CODE EXECUTION FORENSICS
https://www.trustedsec.com/blog/netscaler-remote-code-execution-forensics
Hackers use system weakness to rattle doors on Citrix systems
https://nakedsecurity.sophos.com/2020/01/10/hackers-use-system-weakness-to-rattle-doors-on-citrix-systems/
CVE-2019-19781
https://nvd.nist.gov/vuln/detail/CVE-2019-19781
Windows組件crypt32.dll發現嚴重加密漏洞,Windows 7可能錯過修復補丁
https://tech.ifeng.com/c/7tEO4zDbhQ0
微軟1月安全更新情報 | Crypt32.dll的漏洞可造成黑客遠程執行程式碼
http://bit.ly/38c0Lxq
美國國安局通報WINDOWS 10漏洞:微軟稱其已打補丁
http://bit.ly/2TnBv31
美國家安全局通報Win 10嚴重漏洞:影響所有版本
https://3g.163.com/tech/article/F2TS82ON000999LD.html
美國國家安全局發布公告,建議Windows相關用戶立即更新漏洞,以修補重大漏洞
https://www.twcert.org.tw/tw/cp-104-3243-ef588-1.html
NSA罕見公布Windows資安風險 微軟發布安全補丁因應
https://news.cnyes.com/news/id/4434316
美國安局發現Windows系統有漏洞 微軟火速發布安全更新
https://times.hinet.net/news/22740619
微軟修補首個由NSA所提報的CVE-2020-0601漏洞
https://www.ithome.com.tw/news/135366
美國國家安全局發布公告,建議Windows相關用戶立即更新漏洞,以修補重大漏洞
https://www.twcert.org.tw/tw/cp-104-3243-ef588-1.html
Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
https://blog.talosintelligence.com/2020/01/microsoft-patch-tuesday-jan-2020.html
Addressing Microsoft’s January 2020 Security Update for CVE-2020-0601
https://www.fortinet.com/blog/threat-research/microsoft-january-2020-update-cve-2020-0601.html
Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA
https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html
January Patch Tuesday: Update List Includes Fixes for Internet Explorer, Remote Desktop, Cryptographic Bugs
https://newsroom.trendmicro.com/blog/security-intelligence/january-patch-tuesday-update-list-includes-fixes-internet-explorer-remote
Microsoft Patch Tuesday – January 2020
https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-january-2020
Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA
https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html
Proof-of-concept exploits published for the Microsoft-NSA crypto bug
https://www.zdnet.com/article/proof-of-concept-exploits-published-for-the-microsoft-nsa-crypto-bug/#ftag=RSSbaffb68
微軟Windows作業系統存在安全漏洞(CVE-2020-0601、CVE-2020-0609、CVE-2020-0610及CVE-2020-0611),允許攻擊者進行中間人攻擊或遠端執行任意程式碼,請儘速確認並進行更新
https://www.nccst.nat.gov.tw/Vulnerability?lang=zh
Windows 7: Microsoft Ceases Free Security Updates
https://www.bankinfosecurity.com/windows-7-microsoft-ceases-free-security-updates-a-13604
An Ex-Operating System Hit by an Exploit Found In Audio Files
https://www.ehackingnews.com/2020/01/an-ex-operating-system-hit-by-exploit.html?utm_source=dlvr.it&utm_medium=twitter
Mozilla Thunderbird 多個漏洞
https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/
Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now!
https://thehackernews.com/2020/01/firefox-cyberattack.html
Google、Mozilla會繼續支援Windows 7版Chrome及Firefox
https://www.ithome.com.tw/news/135311
快更新 Firefox!避免零日漏洞攻擊,Mozilla 發布新版本
https://reurl.cc/A1vbd3
Firefox瀏覽器出現資安漏洞 美國網路安全局呼籲快更新至72.0.1版
https://www.ettoday.net/news/20200113/1624256.htm
Firefox瀏覽器存在安全漏洞(CVE-2019-17026),允許攻擊者遠端執行任意程式碼,請儘速確認並進行更新
https://www.nccst.nat.gov.tw/VulnerabilityDetail.aspx?lang=zh&seq=1113
PotPlayer 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7185
Adobe Releases First 2020 Patch Tuesday Software Updates
https://thehackernews.com/2020/01/adobe-software-updates.html
Adobe Acrobat與Reader應用程式存在多個安全漏洞,允許攻擊者遠端執行任意程式碼,請儘速確認並進行更新
https://www.nccst.nat.gov.tw/VulnerabilityDetail.aspx?lang=zh&seq=1112
JVNVU#98141012 複数の CDN サービスプロバイダが HTTP キャッシュポイズニングの影響を受ける問題
https://jvn.jp/vu/JVNVU98141012/
Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Foxit PDF Reader
https://blog.talosintelligence.com/2020/01/vulnerability-spotlight-multiple-remote.html
Critical bugs in WordPress plugins InfiniteWP, WP Time Capsule expose 320,000 websites to attack
https://www.zdnet.com/article/critical-bugs-in-wordpress-plugins-infinitewp-wp-time-capsule-expose-300000-websites-to-attack/#ftag=RSSbaffb68
Securing Kubernetes: Bug bounty program announced
https://www.zdnet.com/article/securing-kubernetes-bug-bounty-program-announced/#ftag=RSSbaffb68
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
簡立忠:今年網路下單將上看七成 盤中逐筆交易、零股交易陸續上線,資安治理更重要
https://readers.ctee.com.tw/cm/20200110/a29ab5/1034514/share
PeckShield|2019全球數位資產反洗錢 AML 研究報告(附完整報告)
https://www.blocktempo.com/2019-aml-digital-currency-report/
金管會公布2020年FinTech施政重點:開放銀行新階段、數位帳戶未成年開戶、保險區塊鏈上路、純網銀下半年開業
https://ithome.com.tw/news/135363
託付寶吸金爭議 金管會緊盯
https://news.wearn.com/c427065.html
逐筆交易323上路 盼機構投資人增台股新動能
https://m.ctee.com.tw/livenews/aj/a91617002020011420334652
普惠金融指標21項出爐 網路投保拚400萬件
https://www.chinatimes.com/realtimenews/20200114004655-260410?chdtv
去年金融網絡攻擊增30% 生促局料有新保安風險
https://hk.on.cc/hk/bkn/cnt/news/20200116/bkn-20200116171947038-0116_00822_001.html
你的行動銀行應用程式安全嗎
https://blog.trendmicro.com.tw/?p=63028
NCR Important Updates and Actions required relating to Microsoft Security Patch Updates
http://bit.ly/2sxrhSQ
Multiple Hacking Groups Attempt to Skim Credit Cards from Perricone MD
https://www.rapidspike.com/blog/multiple-hacking-groups-attempt-to-skim-credit-cards-from-perricone-md/
Major Brazilian Bank Tests Homomorphic Encryption on Financial Data
https://www.darkreading.com/threat-intelligence/major-brazilian-bank-tests-homomorphic-encryption-on-financial-data/d/d-id/1336779?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Russian hacking group targets Sub-Saharan Africa banks
https://www.itweb.co.za/content/8OKdWqDEx98vbznQ
Travelex services begin again after ransomware cyber-attack
https://www.theguardian.com/business/2020/jan/13/travelex-services-begin-again-after-ransomware-cyber-attack?CMP=share_btn_tw
Sodinokibi Ransomware threats Travelex to release data, if ransom not paid
https://www.ehackingnews.com/2020/01/sodinokibi-ransomware-threats-travelex.html
ANZ Bank exploited again in a new phishing scam designed to steal banking credentials
https://www.mailguard.com.au/blog/anz-bank-exploited-again-in-a-new-phishing-scam-designed-to-steal-banking-credentials
Deep Analysis of New Metamorfo Variant Targeting Customers of Brazilian Financial Organizations
https://www.fortinet.com/blog/threat-research/analysis-metamorfo-variant-targets-financial-organizations.html
Silence before the storm: Russian speaking hacking group is attacking banks in Sub-Saharan Africa
http://bit.ly/35Tf5Jz
3.電子支付/電子票證/行動支付/ pay/新聞及資安
5家西班牙銀行聯合運用智慧合約進行跨行支付作業測試
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000575564_hys6iutu5s0kyj5n5wvmt
街口電支走入日本 跨境支付於日本啟用限期回饋20%
https://www.chinatimes.com/realtimenews/20200114002561-260412?chdtv
新國會誕生 金管會今年要修電支電票整合等「八大法案」
https://ec.ltn.com.tw/article/breakingnews/3040424
4.虛擬貨幣/區塊鍊相關新聞及資安
卡巴斯基: 北韓駭客組織「拉撒路小組」正在用 Telegram 偷用戶的加密貨幣
https://www.blocktempo.com/north-korean-hackers-now-using-telegram-to-steal-crypto-kaspersky/
推動區塊鏈 兩障礙待克服
https://money.udn.com/money/story/9740/4280391
委員關注區塊鏈建議安全技術措施與區塊鏈建設同步規劃
http://www.bjnews.com.cn/news/2020/01/10/672786.html
台灣新創獨角獸夢碎!加密交易所 Cobinhood 正式宣布關閉交易所,6,000 名受害者等待求償
https://www.blocktempo.com/taiwan-cobinhood-announce-to-shut-down/
數千位 COBINHOOD 用戶已經組成自救會,要求陳泰元解決「交易所資金提領問題」
https://www.blocktempo.com/victims-claimed-cobinhood-and-dexon-are-scam/
金融科技獨角獸 上市後命運落差大
https://reurl.cc/yyVevM
區塊科技推防詐工具驗證Email 揪可疑寄件人、上區塊鏈存證
https://news.cnyes.com/news/id/4433892
加密貨幣交易所Bithumb被徵收巨額稅款超過6,900萬美元
http://bit.ly/30tDZ1l
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
美國低價政府補貼手機暗藏中國惡意程式
https://technews.tw/2020/01/10/subside-phone-was-found-preinstalled-with-chinese-malware/
新Android木馬可關閉Google Play Protect以進行假評論
https://www.ithome.com.tw/news/135307
Google總計移除含有Joker惡意軟體的1,700款Android程式
https://times.hinet.net/news/22736191
美國連鎖餐廳體系 POS 系統遭惡意軟體攻擊,顧客信用卡資訊遭竊取
https://www.twcert.org.tw/tw/cp-104-3236-3b04d-1.html
微軟發現惡意npm軟件包可從UNIX系統竊取數據
https://www.cnbeta.com/articles/tech/932243.htm
網路變慢 電費暴增?可能是它暗中搞鬼
https://blog.trendmicro.com.tw/?p=63158
2019年中國網絡安全報告:新增木馬病毒6557萬個
http://4g.zijing.org/?app=article&controller=article&action=show&contentid=803496
按下「更新」才能使用飯店 Wi-Fi ?一按就下載病毒
https://blog.trendmicro.com.tw/?p=63149
Shell Backdoor List - PHP / ASP Shell Backdoor List
https://www.kitploit.com/2020/01/shell-backdoor-list-php-asp-shell.html
Microsoft spots malicious npm package stealing data from UNIX systems
https://www.zdnet.com/article/microsoft-spots-malicious-npm-package-stealing-data-from-unix-systems/#ftag=RSSbaffb68
SNAKE Ransomware – A New Threat For Businesses In Town
https://latesthackingnews.com/2020/01/12/snake-ransomware-a-new-threat-for-businesses-in-town/
Hackers using Drake’s kiki do you love me to drop Lokibot malware
https://www.hackread.com/hackers-using-drakes-kiki-do-you-love-me-azorult-lokibot/
TrickBot hackers create new stealthy backdoor for high-value targets
https://www.zdnet.com/article/trickbot-hackers-create-new-stealthy-backdoor-for-high-value-targets/
TrickBot group exploiting PowerShell-based backdoor to target high-value organisations
https://www.computing.co.uk/ctg/news/3084953/trickbot-powershell-backdoor
Threat Research SAIGON, the Mysterious Ursnif Fork
https://www.fireeye.com/blog/threat-research/2020/01/saigon-mysterious-ursnif-fork.html
The Faketoken Trojan sends out offensive texts
https://www.kaspersky.com/blog/faketoken-trojan-sends-offensive-sms/32048/
Oski Stealer Targets Browser Data, Crypto Wallets in U.S.
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us
Cyber News Rundown: Snake Ransomware
https://www.webroot.com/blog/2020/01/10/cyber-news-rundown-snake-ransomware/
Snake alert! This ransomware is not a game
https://nakedsecurity.sophos.com/2020/01/13/snake-alert-this-ransomware-is-not-a-game/
TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection
https://www.bleepingcomputer.com/news/security/trickbot-now-uses-a-windows-10-uac-bypass-to-evade-detection/#.XiDPtCaseQA.twitter
JhoneRAT: Cloud based python RAT targeting Middle Eastern countries
https://blog.talosintelligence.com/2020/01/jhonerat.html
Stolen emails reflect Emotet's organic growth
https://blog.talosintelligence.com/2020/01/stolen-emails-reflect-emotets-organic.html
Emotet Locked onto US Military and Government
https://www.infosecurity-magazine.com/news/emotet-locked-onto-us-military-and/
This Trojan hijacks your smartphone to send offensive text messages
https://www.zdnet.com/article/this-trojan-hijacks-your-smartphone-to-send-offensive-text-messages/#ftag=RSSbaffb68
2020-01-16 - LOKIBOT MALSPAM AND INFECTION TRAFFIC
https://www.malware-traffic-analysis.net/2020/01/16/index.html
2020-01-15 - QUICK POST: MALSPAM PUSHING REVENGE RAT
https://www.malware-traffic-analysis.net/2020/01/15/index.html
B.行動安全 / iPhone / Android /穿戴裝置 /App
張東健捲桃色風波?朱鎮模手機遭駭流出18禁「約奶妹」對話
https://ent.ltn.com.tw/news/breakingnews/3036096
南韓知名已婚演員遭竊手機,聊天內容討論比基尼辣妹曝光!韓網友譏諷根本是中年版鄭俊英
https://www.wishnote.tw/#!/menu=landing&content_id=121632
瑞幸咖啡回應App被工信部點名:為防止駭客騙取第一杯免費
http://big5.pconline.com.cn/b5/pcedu.pconline.com.cn/1314/13148505.html
Galaxy手機內建將資料傳給中國政府的間諜軟體?三星否認
https://www.ithome.com.tw/news/135281
Samsung 手機漏洞私照全被看光光,多位韓國明星慘遭勒索!
https://reurl.cc/ZnLl96
韓星朱鎮模手機遭駭 揪友討論大奶妹對話流出
https://reurl.cc/5g9bMv
朱鎮模手機資料「遭駭客盜取勒索」! 與大咖好友「超私密對話外流」網瘋傳
https://star.ettoday.net/news/1622558
找大咖一起嗨?男星「鹹濕對話」流出
https://reurl.cc/D1rbmE
對鏡頭比「YA」可能被竊取指紋!3大神話破解 指紋辨識沒想像中安全
https://www.ettoday.net/news/20200110/1622537.htm
5G資安 台專家:應有檢測機制
http://www.epochtimes.com/b5/20/1/10/n11782507.htm
Tiktok(抖音國際版)安全漏洞分析
https://www.4hou.com/index.php/posts/7Wx8
資安業者揭露 TikTok 漏洞:攻擊者能透過惡意連結,操縱使用者帳戶並公開私人影片
https://buzzorange.com/techorange/2020/01/14/tiktok-cyber-security-issue/
Check Point 揭抖音資安漏洞!帳號可能被盜、個資外露,籲使用者儘速更新
https://www.inside.com.tw/article/18622-tiktok-vulnerability-found
「抖音」蒐情資 社群軟體藏危機
https://www.ydn.com.tw/News/368038
抖音出現資安漏洞,使用者 IP 位址、電子信箱暴露在風險下
http://bit.ly/30hmkd8
資安業者揭抖音漏洞 帳戶內容可能被操縱
https://www.cna.com.tw/news/ait/202001130128.aspx
2020年1月Android安全補丁和Pixel更新發布:修復40個漏洞
https://tech.sina.com.cn/roll/2020-01-10/doc-iihnzahk3179835.shtml
用充電線就能駭進你手機 盜版充電線已可量產
https://reurl.cc/e5K7VK
釣魚郵件換成簡訊捲土重來 資安專家提醒三原則遠離詐騙
https://inanews.tw/archives/66231
國際組織要求Google監管Android手機預設程式
http://bit.ly/30eKiG5
除了手機殼,你的手機還需要更強大的保護力
https://blog.trendmicro.com.tw/?p=63049
退出高階旗艦機市場?HTC驚傳無預警關閉鐵粉專用的論壇
https://news.sina.com.tw/article/20200114/33988902.html
華府曾要求蘋果解鎖槍手的手機被拒
https://news.now.com/home/international/player?newsId=376765
解鎖手機查恐攻 美司法部再槓蘋果
https://money.udn.com/money/story/5599/4287165
美高階團隊敦促英政府 禁止華爲進入英5G網絡
https://www.soundofhope.org/post/330730?lang=b5
Google 公布 iOS 12.4 漏洞詳情:駭客可遠端控制 iPhone
https://technews.tw/2020/01/15/ios-12-4-loophole/
FBI被曝有解鎖iPhone工具,根本不需要蘋果“留後門”
http://bit.ly/35PPCkd
川普推文開罵蘋果不知感恩 資安專家證實:FBI自有能力解鎖iPhone
https://cnews.com.tw/13720016a02/
蘋果有無協助美國政府解碼iPhone引爭論 資安專家點出:FBI有能力獨立破解
https://www.ettoday.net/news/20200115/1626326.htm
資安公司曝 Google Play 有「偷錢」App!一不留神可能扣你 7,200 元
https://3c.ltn.com.tw/news/39273
不要隨意下載!又有一批全新免費「騙錢軟體」上架Google Play
https://newtalk.tw/news/view/2020-01-16/355271
5G技術藏漏洞 AI詐騙電郵將成網絡攻擊威脅
http://bit.ly/388R5no
Google Play商店現偷錢程式 料全球6億用戶中招
http://bit.ly/2u3EtPE
如何判斷手機是否遭安裝追蹤軟體 (Stalkerware)
https://blog.trendmicro.com.tw/?p=62877
Google Play 25程式 免費試用後擅收費
http://bit.ly/30qqCz6
Russian experts warn the danger of charging the phone in public places
https://www.ehackingnews.com/2020/01/russian-experts-warn-danger-of-charging.html
Google hackers successfully use remote exploit to hack iPhone
https://www.hackread.com/google-hackers-remote-exploit-hack-iphone/
Google details its three-year fight against the Bread (Joker) malware operation
https://www.zdnet.com/article/google-details-its-fight-against-the-bread-joker-malware-operation/#ftag=RSSbaffb68
Malware Spotted on Government-Subsidized Android Phone
https://www.extremetech.com/mobile/304577-malware-spotted-on-government-subsidized-android-phone
Academic research finds five US telcos vulnerable to SIM swapping attacks
https://www.zdnet.com/article/academic-research-finds-five-us-telcos-vulnerable-to-sim-swapping-attacks/#ftag=RSSbaffb68
5 major US wireless carriers vulnerable to SIM swapping attacks
https://www.welivesecurity.com/2020/01/13/major-us-wireless-carriers-vulnerable-sim-swap-scams/
Switcher: Android joins the ‘attack-the-router’ club
https://securelist.com/switcher-android-joins-the-attack-the-router-club/76969/#comment-2978311
Use iPhone as Physical Security Key to Protect Your Google Accounts
https://thehackernews.com/2020/01/google-iphone-security-key.html
More than 600 million users installed Android 'fleeceware' apps from the Play Store
https://www.zdnet.com/article/more-than-600-million-users-installed-android-fleeceware-apps-from-the-play-store/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
首見駭客以惡意Office 365 App存取用戶帳號
https://www.ithome.com.tw/news/135331
保全監視系統無法連上線 中興保全:無個資外洩疑慮、未必是駭客所為
https://www.ettoday.net/news/20200116/1626951.htm
2020年網絡安全4大發展趨勢
http://bit.ly/3ag4sUE
退休金帳戶成駭客目標 該如何自保
https://chinese.efreenews.com/a/tuixiujinzhanghuchenghaikemubiao-gairuhezibao
【寰宇韜略】新形態「網戰脅迫」 各國謹慎應對(上)
https://www.ydn.com.tw/News/368406
【寰宇韜略】新形態網戰脅迫 各國謹慎應對(中)
https://www.ydn.com.tw/News/368616
【寰宇韜略】新形態「網戰脅迫」 各國謹慎應對(下)
https://www.ydn.com.tw/News/368805
香港2019年首11個月共處理8827宗網絡安全事故
http://www.hkcna.hk/content/2020/0113/803660.shtml
加拿大電腦雲端(CCC)與華為合作引發加國學者擔憂
http://bit.ly/36T9UL0
對抗網軍假消息 前北約官員稱台灣是好例子
https://www.rti.org.tw/news/view/id/2048341
假新聞滲透民主國家 前北約秘書長:台灣是對抗網軍模範
https://news.ltn.com.tw/news/world/breakingnews/3041986
伊朗報復性網路攻擊升溫! 伊朗駭客對美國電網發動大規模「密碼噴灑」攻擊
https://reurl.cc/YlKk80
伊朗或將對美國發動攻擊 以癱瘓電網
https://reurl.cc/e5KVzL
美國政府所屬網站遭駭,放置伊朗國旗與川普打臉圖
https://www.twcert.org.tw/tw/cp-104-3235-5d584-1.html
俄國又想干預美國總統大選?「烏克蘭門」發現俄國駭客蹤跡,他們也在翻找拜登「黑資料」
https://www.storm.mg/article/2181718
印度最高法院判決 政府中斷克什米爾網路違憲
https://news.ltn.com.tw/news/world/breakingnews/3036328
涉川普彈劾案 烏天然氣公司遭俄諜駭攻
https://www.rti.org.tw/news/view/id/2048157
俄駭客疑涉川普彈劾案 干預美大選疑慮漸深
https://www.ydn.com.tw/news/368357
憂中共透過中製無人機竊國安機密 傳白宮將全面禁飛民用無人機
https://cnews.com.tw/137200114a04/
美為精準打擊中國罕見求助盟友美歐日聯合施壓北京
http://bit.ly/36YBCpG
英媒:特朗普政府將公布新規 阻止對華為銷售外國製產品
http://bit.ly/2Nt2wOM
美中簽署第1階段協議 駭客、政府補貼等問題被擱置
https://ec.ltn.com.tw/article/breakingnews/3041837
拜登兒子前公司證實遭駭 美資安公司:百分百是俄國情報機構幹的
http://bit.ly/2RpXJPi
俄國疑似網攻烏克蘭能源公司 基輔尋求FBI協助
https://www.rti.org.tw/news/view/id/2048427
德檢搜索3人疑為中國情蒐 傳德外交官涉案
https://money.udn.com/money/story/5599/4293100
Intrusion Truth揭露由海南省主導的APT駭客集團
https://www.ithome.com.tw/news/135348
Report: Chinese hacking group APT40 hides behind network of front companies
https://www.zdnet.com/article/report-chinese-hacking-group-apt40-hides-behind-network-of-front-companies/#ftag=RSSbaffb68
APT40
https://www.fireeye.com/current-threats/apt-groups.html#apt40
What is the Hainan Xiandun Technology Development Company
https://intrusiontruth.wordpress.com/2020/01/09/what-is-the-hainan-xiandun-technology-development-company/
Who is Mr Gu
https://intrusiontruth.wordpress.com/2020/01/10/who-is-mr-gu/
This Secretive Surveillance Company Is Selling Cops Cameras Hidden in Gravestones
https://www.vice.com/en_us/article/qjdp95/this-secretive-surveillance-company-is-selling-cops-cameras-hidden-in-gravestones
An Iranian Hacking Campaign, Social Media Surveillance, and More News
https://www.wired.com/story/iran-hackers-us-electric-grid-border-social-media-surveillance/
Iranian Hackers Have Been ‘Password-Spraying’ the US Grid
https://www.wired.com/story/iran-apt33-us-electric-grid/
Hackers Increasingly Probe North American Power Grid
https://www.bankinfosecurity.com/hackers-increasingly-probe-north-american-power-grid-a-13596
UK is nearly ready to launch force to hit hostile countries with cyberattacks
https://www.independent.co.uk/news/uk/home-news/cyber-warfare-security-force-iran-crisis-ministry-of-defence-a9278591.html
YOUR PASSWORD HAS BEEN HACKED! DO YOU KNOW HOW IT HAPPENED
https://blog.eccouncil.org/your-password-has-been-hacked-do-you-know-how-it-happened/
Kaspersky Lab reports North Korean Hacker group Lazarus stealing cryptocurrencies using the Telegram messenger
https://www.ehackingnews.com/2020/01/kaspersky-lab-reports-north-korean.html
Las Vegas Hacked: Quick Reactions Save Sin City from Outages
https://www.cbronline.com/cybersecurity/breaches/las-vegas-hacked/
TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking
https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/servhelper-evolution-and-new-ta505-campaigns/
'Serious cyber-attack' on Austria's foreign ministry
https://www.bbc.com/news/world-europe-50997773
GCHQ warns not to use Windows 7 computers for banking or email after Tuesday
https://www.telegraph.co.uk/news/2020/01/12/gchq-warns-not-use-windows-7-computers-banking-email-tuesday/
Report: Russian hackers waged broad phishing campaign against company tied to Trump impeachment
https://www.cyberscoop.com/russia-hacking-ukraine-burisma-donald-trump-apt28-area-1/
Russian spies hacked Ukrainian energy company at center of Trump's impeachment
https://nbcnews.to/2FK7FOn
FBI: Nation-state actors have breached two US municipalities
https://www.zdnet.com/article/fbi-nation-state-actors-have-breached-two-us-municipalities/
Wind River acquires Star Lab to improve its Linux security
https://www.zdnet.com/article/wind-river-acquires-star-lab-to-improve-its-linux-security/#ftag=RSSbaffb68
Report: Russian Hackers Targeted Ukrainian Gas Firm Burisma
https://www.bankinfosecurity.com/report-russian-hackers-targeted-ukrainian-gas-firm-burisma-a-13606
Russia responsible for hacking gas firm tied to Trump impeachment: report
https://www.zdnet.com/article/russia-responsible-for-hacking-gas-firm-tied-to-trump-impeachment-case-report/#ftag=RSSbaffb68
Congress Hears Warnings of Iranian Cyberthreats
https://www.bankinfosecurity.com/congress-hears-warnings-iranian-cyberthreats-a-13613
資安工程師
https://reurl.cc/5g9bKG
數聯資安正職人力需求
https://ece.ntust.edu.tw/p/404-1017-73164.php
Google Analytics分析師-加入台中矽谷 (GA流量分析、數據分析、成長駭客)
https://www.104.com.tw/job/6ue4d
資安技術工程師
https://www.104.com.tw/job/4iegg
達友科技/Product Manager
https://www.104.com.tw/job/6ujwd?jobsource=googlejobs
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
5,600 萬美國人數據流出 源自中國 IP 位址
https://reurl.cc/EK5bG0
CHAN YEOL、世勳護照資訊因機場工作人員翻拍遭外洩
https://reurl.cc/qDW4Ky
資策會科法所:個資重要不可忽視 TPIPAS強化業者法遵保護
https://times.hinet.net/news/22736757
【加強監管】政府:正檢討加強網絡保安 防止資料外洩
http://www.orangenews.hk/news/system/2020/01/13/010136783.shtml
德國資安業者Greenbone Networks:已有超過10億張醫療影像在網路上流竄
https://www.ithome.com.tw/news/135354
中國國務院部際聯席會議:從事電詐犯罪及黑灰產業的納入失信懲戒
https://news.sina.com.tw/article/20200114/33990524.html
打擊電信網絡詐騙 中國國務院:犯罪人員列入失信懲戒名單
http://bit.ly/2NtWkX1
去年近萬宗網絡保安事故 網絡釣魚顯著增
http://bit.ly/2FVEPdT
一隻網路上的臘腸狗,讓她犬財兩失
https://blog.trendmicro.com.tw/?p=63056
PlanetDrugsDirect reveals security breach, warns customers their data may have been exposed
https://www.tripwire.com/state-of-security/featured/planetdrugsdirect-reveals-security-breach-warns-customers-their-data-may-have-been-exposed/
Texas School District Lost $2.3M to Phishing Email Scam
https://www.tripwire.com/state-of-security/security-data-protection/texas-school-district-lost-2-3m-to-phishing-email-scam/
Scammers’ delivery service: exclusively dangerous
https://securelist.com/scammers-delivery-service-exclusively-dangerous/66515/#comment-2978500
Scammers’ delivery service: exclusively dangerous
https://securelist.com/scammers-delivery-service-exclusively-dangerous/66515/#comment-2978498
Latitude Financial spoofed in phishing scam; email tells users their account access has been ‘disabled’
https://www.mailguard.com.au/blog/latitude-financial-spoofed-in-phishing-scam-email-tells-users-their-account-access-has-been-disabled
Baby's First Data Breach: App Exposes Baby Photos, Videos
https://www.bankinfosecurity.com/babys-first-data-breach-app-exposes-baby-photos-videos-a-13603
49 million user records from US data broker LimeLeads put up for sale online
https://www.zdnet.com/article/49-million-user-records-from-us-data-broker-limeleads-put-up-for-sale-online/#ftag=RSSbaffb68
Class Action Breach Lawsuits: The Impact of Data for Sale
https://www.bankinfosecurity.com/interviews/class-action-breach-lawsuits-impact-data-for-sale-i-4572
Hotel lawyer alert for hotel owners and operators: Newest FTC warning about hotel data security
https://hotellaw.jmbm.com/ftc-warns-hotel-data-security.html
E.研究報告
記一次Redis+Getshell經驗分享
https://www.freebuf.com/vuls/224235.html
企業安全建設之漏洞管理與運營
https://www.freebuf.com/articles/security-management/222429.html
有駭客讓 Nintendo Switch 跑起了 Linux
https://read01.com/jEA6A7E.html#.Xhr1e_4zbIU
Flan Scan:Cloudflare開源輕量級網絡漏洞掃描軟件
https://www.77169.net/html/249504.html
釣魚攻擊之Reverse Tabnabbing
https://xz.aliyun.com/t/7080
Apereo CAS反序列化進攻分析及回顯利用
https://www.anquanke.com/post/id/197086
BoomER 一款檢測和利用本地漏洞工具
https://www.77169.net/download/238656.html
如何查詢目前 Windows 電腦曾經連線過的 WiFi 密碼
https://blog.miniasp.com/post/2020/01/12/Retrieve-Wi-Fi-password-in-Windows
黑產團伙利用Apache Struts 2漏洞及SQL爆破控制服務器挖礦
https://s.tencent.com/research/report/871.html
被誤解的EDR,端點安全如何撥雲見日
http://m.ccidnet.com/pcarticle/10509014
帶你推開PWN世界的大門
https://zhuanlan.zhihu.com/p/102685081
WEB開發中安全漏洞的分析和預防
https://www.boxuegu.com/news/2383.html
2019年中國網絡安全報告
http://it.rising.com.cn/dongtai/19692.html
phpmyadmin PMASA-2020-1突破分析與復現
https://xz.aliyun.com/t/7092
Seagate Central Storage RCE 0day漏洞分析
https://www.anquanke.com/post/id/197345
進攻性掃描CVE 2019 2725 Weblogic GetShell Exploit
http://bit.ly/2TxJyuu
weblogic 2020年第一季度漏洞分析
https://www.modb.pro/db/15080
漏洞掃描軟件AWVS的介紹和使用
https://zhuanlan.zhihu.com/p/102744281
Windows Carbon Black edr逆向分析第一部分
https://www.anquanke.com/post/id/197312
騰訊安全緊急發布CVE-2020-0601漏洞利用惡意樣本專殺工具
https://s.tencent.com/research/report/878.html
How to Hack/Crack Password
https://hackonology.com/blogs/how-to-hack-crack-password/
Top 10 web hacking techniques of 2019
https://portswigger.net/polls/top-10-web-hacking-techniques-2019
Red Teaming @ 10000 Feet
https://pentestmag.com/red-teaming-10000-feet/
ReconCobra Complete Automated pentest
https://hackingpassion.com/reconcobra-complete-automated-pentest/
MOBILE DEVICE FORENSICS
https://blog.eccouncil.org/mobile-device-forensics/
MALWARE AND MEMORY FORENSICS
https://blog.eccouncil.org/malware-and-memory-forensics/
Exploiting Routers With Routersploit
https://linuxsecurityblog.com/2019/09/26/exploiting-routers-with-routersploit/
Kilos – New Dark Web Search Engine With Extensive Filtering Capabilities
https://cybersecuritynews.com/search-engine-kilos/
Threat Research SAIGON, the Mysterious Ursnif Fork
https://reurl.cc/Rd399n
projectzeroindia/CVE-2019-19781
https://github.com/projectzeroindia/CVE-2019-19781
quantumcore/supercharge
https://github.com/quantumcore/supercharge
NYAN-x-CAT/Mass-RAT
https://github.com/NYAN-x-CAT/Mass-RAT
Persistence – AppInit DLLs
https://pentestlab.blog/2020/01/07/persistence-appinit-dlls/
THREAT RESEARCH Predator the Thief: Analysis of Recent Versions
https://www.fortinet.com/blog/threat-research/predator-the-thief-recent-versions.html
Heavily Obfuscated Malware Campaign using Weaponized PowerPoint Files to Drop Lokibot & Azorult
https://cybersecuritynews.com/powerpoint-malware/
Hacking With PowerShell: Blue Team
https://securethelogs.com/hacking-with-powershell-blue-team/
TRAPE | Track Anyone Over Internet
https://training.twintechsolutions.in/training/trape-track-anyone-over-internet/
A Complete Malware Analysis Tutorials, Cheatsheet & Tools list for Security Professionals
https://gbhackers.com/malware-analysis-cheat-sheet-and-tools-list/
Threat Actor Abuses Mobile Sensor to Evade Detection
https://info.phishlabs.com/blog/threat-actor-abuses-mobile-sensor-evade-detection
rshipp/awesome-malware-analysis
https://github.com/rshipp/awesome-malware-analysis
OWASP SecureTea help to secure your IoT
https://github.com/OWASP/SecureTea-Project
Bypass with PHP non-alpha encoder
https://medium.com/mucomplex/bypass-with-php-non-alpha-encoder-fee4e1bac31e
LNAV : Log File Navigator 2020
https://kalilinuxtutorials.com/lnav-log-file-navigator/
Detect Frida for Android
https://darvincitech.wordpress.com/2019/12/23/detect-frida-for-android/
Testing for XSS (Like a KNOXSS)
https://brutelogic.com.br/blog/testing-for-xss-like-a-knoxss/
Security hardening of Android native code
https://darvincitech.wordpress.com/2020/01/07/security-hardening-of-android-native-code/
Creating and Analyzing a Malicious PDF File with PDF-Parser Tool
https://gbhackers.com/creating-and-analyzing-a-malicious-pdf-file-with-pdf-parser-tool/
a USB multitool for monitoring, hacking, and developing USB devices (work in progress)
https://github.com/greatscottgadgets/luna
Abusing Exchange: One API call away from Domain Admin
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
alphaSeclab/awesome-forensics
https://github.com/alphaSeclab/awesome-forensics/blob/master/Readme_en.md
hash3liZer/Blunder
https://github.com/hash3liZer/Blunder
OSCP Goldmine (not clickbait)
http://0xc0ffee.io/blog/OSCP-Goldmine
cryforce
https://github.com/lildwagz/cryforce
Web Vulnerability Assessment Tool
https://github.com/tempto/wvat
AWSからAbuse Reportがきた時の対応方法
https://qiita.com/blackpeach7/items/7e2781547103c31f283b
Dnss Domain Name Search Software - 'Name' Denial of Service (PoC)
https://www.exploit-db.com/exploits/47861
Xiaomi_Mi_WiFi_R3G_Vulnerability_POC
https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC/blob/master/report/report.md
Digital Forensics, Part 2: Live Memory Acquisition and Analysis
https://www.hackers-arise.com/post/2016/09/27/digital-forensics-part-2-live-memory-acquisition-and-analysis
Free Blocklists of Suspected Malicious IPs and URLs
https://zeltser.com/malicious-ip-blocklists/
Free Online Tools for Looking up Potentially Malicious Websites
https://zeltser.com/lookup-malicious-websites/
Free Automated Malware Analysis Sandboxes and Services
https://zeltser.com/automated-malware-analysis/
S3Tk:-- A #Security #Toolkit For #Amazon S3.
https://github.com/ankane/s3tk
Do Your SOC Metrics Incentivize Bad Behavior
https://blog.paloaltonetworks.com/2020/01/cortex-soc-metrics/
Powerful GPG collision attack spells the end for SHA-1
https://nakedsecurity.sophos.com/2020/01/13/powerful-gpg-collision-attack-spells-the-end-for-sha-1/
WebMap:-- WebMap
https://github.com/SabyasachiRana/WebMap
F.商業
Palo Alto Networks 公布最新2020年資安趨勢預測
https://www.chinatimes.com/realtimenews/20200110001469-260412?chdtv
Windows 7正式終止支援 十月換Office 2010停止更新
https://udn.com/news/story/11017/4291913
Windows 7即將終止更新支援 13項守則讓使用者保平安
https://news.xfastest.com/others/75212/windows-7-stop-update/
Windows 7支援即將於明天到期,又有證據還可以免費升級
https://ithome.com.tw/news/135312
Windows 7 官方支援只到明天!微軟1月14日後不再提供更新 呼籲用戶快升級Win 10
https://www.ettoday.net/news/20200113/1624477.htm
Windows 7 不想升級到 Windows 10 怎麼辦?這 8 招讓你安心用舊機
https://3c.ltn.com.tw/news/39230
Microsoft Windows 7 正式停止官方支援 不升級原來很危險
http://bit.ly/2FLpWdY
微軟今終止支援Windows 7 用戶快升級以遠離風險
https://newtalk.tw/news/view/2020-01-14/354391
Windows 7 end of life: Time to move on
https://www.welivesecurity.com/2020/01/14/windows7-end-life-time-move-on/
Windows 7 Begins to Show Full Screen Windows 10 Upgrade Alerts
https://www.bleepingcomputer.com/news/microsoft/windows-7-begins-to-show-full-screen-windows-10-upgrade-alerts/
中山醫大攜手業界 打造新世代醫療資安課程
https://money.udn.com/money/story/5723/4281285
強調供應商安全管理的SecurityScorecard,能偵測企業暴露在外部網路的資安風險
https://www.ithome.com.tw/review/135314
資安即國安 個資保護重要性更為提升
http://www.t3-news.com/news_detail.php?NewsID=3031
IBM開源雲端系統遙測資料格式SysFlow
https://www.ithome.com.tw/news/135344
打造資安閘門防護服務
https://money.udn.com/money/story/8521/4260455
台灣大車隊持續精進乘車安全 導入中信國際電訊資安防護
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=35&id=0000575921_SAW85W3D3G3K5T0DXPGLY
Palo Alto Networks發表2020網路安全預測,資安人才和5G安全成焦點
https://ithome.com.tw/news/135327
黑客利用AI尋目標 微軟預測四大網絡安全趨勢
http://bit.ly/2R4wbjL
奇安信發布第三代安全引擎"天狗"對漏洞攻擊實施降維打擊
http://www.chinanews.com/business/2020/01-17/9062649.shtml
G.政府
嘉義市政府推動資安防護有成 奠定發展數位政策穩健基石
https://ithome.com.tw/pr/135146
教育部函~有關各機關(構)、學校如有採購大陸製監視器相關資安疑慮事宜
https://www.stu.edu.tw/latestnews_single.php?id=74365
107年至108年資訊安全能量登錄暨資通安全自主產品廠商名單
https://www.acw.org.tw/News/Detail.aspx?id=107
當選了,然後呢?看蔡英文下一個4年的科技、能源與新創政策
https://www.bnext.com.tw/article/56256/presidential-tech-policy
金管會7字賀鼠年 發表2020十大工作重點與普惠金融21條
https://udn.com/news/story/7239/4287213
金管會報喜 金融業2019年獲利創新高
https://m.ctee.com.tw/livenews/aj/a91617002020011415352534?area=
公告資訊-為配合內政部辦理「108年度戶役政綠色便民及資安強化計畫案」作業,本市各戶政事務所於109年1月22日(星期三)暫停夜間延時服務
https://reurl.cc/Naeryx
晶片身分證資安疑慮 民團籲在野黨堅守預算刪減提案
https://www.rti.org.tw/news/view/id/2048228
金管會108年重要施政成果及109年工作重點
http://bit.ly/2QV0DwI
民團質疑數位身分證資安疑慮 籲在野黨堅守
https://www.cna.com.tw/news/aipl/202001150139.aspx
數位身分證遭疑資安問題 內政部:審慎推動絕無政府監控問題
https://www.chinatimes.com/realtimenews/20200115003166-260407?chdtv
科技部108年度「資安關鍵技術基礎研發計畫」專案,校內申請截止日109年2月10日上午10時
https://www2.nchu.edu.tw/news-detail/id/47815
第五代公文交換系統翻新工程,檔管局不惜改用API全面重構
https://ithome.com.tw/people/135277
蔡英文勝選的行政後盾 陳其邁首任資安長推動5G「緊緊緊」
https://www.ettoday.net/news/20200115/1626565.htm
5G第二階段位置競價年後登場!NCC估最快7月後可提供服務
https://www.ettoday.net/news/20200116/1626990.htm
高市戶政連線當機改採人工收件 初步排除被駭
https://www.cna.com.tw/news/ahel/202001160198.aspx
唐鳳將協助規劃成立數位發展部會 落實小英政見
https://news.ltn.com.tw/news/politics/breakingnews/3043291
落實數位發展政見 唐鳳:資安、網路訊息討論將更密切
https://www.chinatimes.com/realtimenews/20200117002542-260407?chdtv
H.工控系統/SCADA/ICS
Rasilient PixelStor 5000 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6757
多款Siemens產品訪問繞過漏洞的補丁
https://ics-cert.us-cert.gov/advisories/ICSA-18-317-01
加強化工信息安全防護勢在必行
http://www.ccin.com.cn/detail/8a83d3641c1ceb7e146b140cee97075d
一種基於知識圖譜的工業互聯網安全漏洞研究方法
https://www.secrss.com/articles/16641
工業製造業者遭網路間諜鎖定
https://www.nccst.nat.gov.tw/NewsRSSDetail.aspx?lang=zh&RSSType=news&seq=16339
I.教育訓練
個資暨資安案例宣導及公務員申領小額款項實例分析
https://elearn.hrd.gov.tw/info/10013821
Overview of key Microsoft Azure Security Services – Part 1
https://www.peerlyst.com/posts/overview-of-key-microsoft-azure-security-services-part-1-guy-bertrand-kamga
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
破獲非法控制攝影鏡頭警逮32人
https://www.ydn.com.tw/News/367665
3500萬家庭擁有智能音箱隱私安全存在漏洞
http://www.ce.cn/cysc/tech/gd2012/202001/10/t20200110_34098048.shtml
GE 家電採用 UL IoT 安全評等測試連網產品
https://reurl.cc/qDWKYD
保護你 Wi-Fi 路由器、家用網路的小訣竅
https://www.inside.com.tw/article/18588-secure-your-wi-fi-router
IOT安全|路由器漏洞分類
https://www.shangyexinzhi.com/article/details/id-436076/
2020 年代的新型駭客:「汽車駭客」入侵自駕車癱瘓交通,使用「網路鎖」要你付贖金
https://buzzorange.com/techorange/2020/01/13/self-driving-car-hacker/
日助企業製無人機 強化防駭措施
https://www.ydn.com.tw/News/368194
網路攻擊事件頻傳 資安已成嵌入式系統重大挑戰
https://udn.com/news/story/11726/4285244
越來越聰明的不止是特斯拉,還有汽車駭客!汽車擁有了一個具備完全自動駕駛能力的電腦系統,不可避免會存在這樣的疑問
https://www.insoler.com/forum/topic/15788986719291.htm
日本擬新政策培育本土無人機製造商減資安威脅 印度與巴基斯坦邊界 25 公里列禁飛區
http://bit.ly/2RstmHU
物聯網為黑客提供入侵方式 Android手機易被入侵
http://bit.ly/2R3wn2B
6.近期資安活動及研討會
WizardAmigos CodeCamp [Taipei,JavaScript,English] 1/20
https://www.meetup.com/WizardAmigos/events/bbdclrybccbbc/
Cyber Security for Critical Assets (CS4CA) MENA 1/20 ~ 1/21
https://mena.cs4ca.com/?ref=infosec-conferences.com
PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world
2020核果資訊冬季班 Python 程式語言 (Level 1) 1/22~ 2/13
https://www.accupass.com/event/1911150442131985092910
Hacking Thursday 1/23
http://www.hackingthursday.org/invite
Security Hell Conference (SH3LLCON) 1/24 ~ 1/25
https://www.sh3llcon.es/?ref=infosec-conferences.com
NextGen SCADA 1/27 ~ 1/31
https://www.smartgrid-forums.com/forums/nextgen-scada-global/
Cranfield University Cyber Symposium 1/28 ~ 1/29
https://www.cranfield.ac.uk/events/symposia/cyber
International Cyber Security Forum (FIC) 1/28 ~ 1/30
https://www.forum-fic.com/en/home.htm
Free and Safe in Cyberspace 1/29
https://www.free-and-safe.org/
Hacking Thursday 1/30
http://www.hackingthursday.org/invite
制御システムセキュリティカンファレンス 2020 2020年2月14日
https://www.jpcert.or.jp/event/ics-conference2020.html
CYBERSEC 2020 臺灣資安大會 3/17 ~ 3/19
https://cyber.ithome.com.tw/
韓國國際安全博覽會 3/18
https://www.twcert.org.tw/tw/cp-105-3230-a3bd4-1.html
black ASIA 2020 Singapore 3/31 ~ 4/3
https://www.blackhat.com/asia-20/briefings/schedule/
Kaspersky® Security Analyst Summit 4/6 ~ 4/9
https://thesascon.com/
2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore 4/21 ~ 4/23
https://www.icscybersecurityconference.com/singapore/
亞太資訊安全論壇暨展覽會 4/22
https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html
沒有留言:
張貼留言