跳到主要內容

資安事件新聞週報 2020/1/13 ~ 2020/1/17


資安事件新聞週報 2020/1/13 ~ 2020/1/17
1.重大弱點漏洞/後門/Exploit/Zero Day
研究人員揭露纜線數據機漏洞Cable Haunt:光在歐洲就波及2億台數據機
https://www.ithome.com.tw/news/135306

可取國際(icatch)DVR攝影主機遭網路惡意入侵,煩請儘速確認並進行韌體更新
http://www.idsmag.com.tw/ids/new_article.asp?ar_id=30954

Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
https://www.exploit-db.com/exploits/47927

Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now
https://thehackernews.com/2020/01/firefox-cyberattack.html

Symantec Endpoint Detection and Response XSS
https://support.symantec.com/us/en/article.SYMSA1502.html

甲骨文修補334個安全漏洞,平歷史紀錄
https://www.ithome.com.tw/news/135411

F5 BIG-IP Engineering Hotfix 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5851

Juniper 產品多個漏洞
https://www.hkcert.org/my_url/zh/alert/20011001

安全研究人員發佈了兩個思傑嚴重漏洞的利用
https://www.chainnews.com/zh-hant/articles/618719868910.htm

美國國土安全部和MSF相繼發布了Citrix漏洞的測試利用工具
https://nosec.org/home/detail/3924.html

美國國土安全部釋出Citrix漏洞CVE-2019-19781的檢測工具
https://www.ithome.com.tw/news/135355

Citrix ADC和NetScaler漏洞風險提示
https://read01.com/oAaKKo6.html#.XhvZN8gzbIU

CVE-2019-19781:深入分析Citrix ADC RCE漏洞
https://www.anquanke.com/post/id/197074

Citrix ADC Exploits: Overview of Observed Payloads
https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+Overview+of+Observed+Payloads/25704/

PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability
https://thehackernews.com/2020/01/citrix-adc-gateway-exploit.html

Proof-of-concept code published for Citrix bug as attacks intensify
https://www.zdnet.com/article/proof-of-concept-code-published-for-citrix-bug-as-attacks-intensify/#ftag=RSSbaffb68

Severe Citrix Flaw: Proof-of-Concept Exploit Code Released
https://www.bankinfosecurity.com/severe-citrix-flaw-proof-of-concept-exploit-code-released-a-13600

PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability
https://thehackernews.com/2020/01/citrix-adc-gateway-exploit.html

Hackers are scanning for vulnerable Citrix servers
https://www.itproportal.com/news/hackers-are-scanning-for-vulnerable-citrix-servers/

Dutch Govt Suggests Turning Off Citrix ADC Devices, Mitigations May Fail
https://www.bleepingcomputer.com/news/security/dutch-govt-suggests-turning-off-citrix-adc-devices-mitigations-may-fail/#.XiERc_2pqfw.twitter

Hackers use system weakness to rattle doors on Citrix systems
https://reurl.cc/k5Kgnd

New Snort rules protect against recently discovered Citrix vulnerability
https://blog.talosintelligence.com/2020/01/snort-rules-cve-2019-19781.html

New Snort rules protect against recently discovered Citrix vulnerability
https://blog.talosintelligence.com/2020/01/snort-rules-cve-2019-19781.html

NETSCALER REMOTE CODE EXECUTION FORENSICS
https://www.trustedsec.com/blog/netscaler-remote-code-execution-forensics

Hackers use system weakness to rattle doors on Citrix systems
https://nakedsecurity.sophos.com/2020/01/10/hackers-use-system-weakness-to-rattle-doors-on-citrix-systems/

CVE-2019-19781
https://nvd.nist.gov/vuln/detail/CVE-2019-19781

Windows組件crypt32.dll發現嚴重加密漏洞,Windows 7可能錯過修復補丁
https://tech.ifeng.com/c/7tEO4zDbhQ0

微軟1月安全更新情報 | Crypt32.dll的漏洞可造成黑客遠程執行程式碼
http://bit.ly/38c0Lxq

美國國安局通報WINDOWS 10漏洞:微軟稱其已打補丁
http://bit.ly/2TnBv31

美國家安全局通報Win 10嚴重漏洞:影響所有版本
https://3g.163.com/tech/article/F2TS82ON000999LD.html

美國國家安全局發布公告,建議Windows相關用戶立即更新漏洞,以修補重大漏洞
https://www.twcert.org.tw/tw/cp-104-3243-ef588-1.html

NSA罕見公布Windows資安風險 微軟發布安全補丁因應
https://news.cnyes.com/news/id/4434316

美國安局發現Windows系統有漏洞 微軟火速發布安全更新
https://times.hinet.net/news/22740619

微軟修補首個由NSA所提報的CVE-2020-0601漏洞
https://www.ithome.com.tw/news/135366

美國國家安全局發布公告,建議Windows相關用戶立即更新漏洞,以修補重大漏洞
https://www.twcert.org.tw/tw/cp-104-3243-ef588-1.html

Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
https://blog.talosintelligence.com/2020/01/microsoft-patch-tuesday-jan-2020.html

Addressing Microsoft’s January 2020 Security Update for CVE-2020-0601
https://www.fortinet.com/blog/threat-research/microsoft-january-2020-update-cve-2020-0601.html

Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA
https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html

January Patch Tuesday: Update List Includes Fixes for Internet Explorer, Remote Desktop, Cryptographic Bugs
https://newsroom.trendmicro.com/blog/security-intelligence/january-patch-tuesday-update-list-includes-fixes-internet-explorer-remote

Microsoft Patch Tuesday – January 2020
https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-january-2020

Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA
https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html

Proof-of-concept exploits published for the Microsoft-NSA crypto bug
https://www.zdnet.com/article/proof-of-concept-exploits-published-for-the-microsoft-nsa-crypto-bug/#ftag=RSSbaffb68

微軟Windows作業系統存在安全漏洞(CVE-2020-0601、CVE-2020-0609、CVE-2020-0610及CVE-2020-0611),允許攻擊者進行中間人攻擊或遠端執行任意程式碼,請儘速確認並進行更新
https://www.nccst.nat.gov.tw/Vulnerability?lang=zh

Windows 7: Microsoft Ceases Free Security Updates
https://www.bankinfosecurity.com/windows-7-microsoft-ceases-free-security-updates-a-13604

An Ex-Operating System Hit by an Exploit Found In Audio Files
https://www.ehackingnews.com/2020/01/an-ex-operating-system-hit-by-exploit.html?utm_source=dlvr.it&utm_medium=twitter

Mozilla Thunderbird 多個漏洞
https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/

Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now!
https://thehackernews.com/2020/01/firefox-cyberattack.html

Google、Mozilla會繼續支援Windows 7版Chrome及Firefox
https://www.ithome.com.tw/news/135311

快更新 Firefox!避免零日漏洞攻擊,Mozilla 發布新版本
https://reurl.cc/A1vbd3

Firefox瀏覽器出現資安漏洞 美國網路安全局呼籲快更新至72.0.1版
https://www.ettoday.net/news/20200113/1624256.htm

Firefox瀏覽器存在安全漏洞(CVE-2019-17026),允許攻擊者遠端執行任意程式碼,請儘速確認並進行更新
https://www.nccst.nat.gov.tw/VulnerabilityDetail.aspx?lang=zh&seq=1113

PotPlayer 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7185

Adobe Releases First 2020 Patch Tuesday Software Updates
https://thehackernews.com/2020/01/adobe-software-updates.html

Adobe Acrobat與Reader應用程式存在多個安全漏洞,允許攻擊者遠端執行任意程式碼,請儘速確認並進行更新
https://www.nccst.nat.gov.tw/VulnerabilityDetail.aspx?lang=zh&seq=1112

JVNVU#98141012  複数の CDN サービスプロバイダが HTTP キャッシュポイズニングの影響を受ける問題
https://jvn.jp/vu/JVNVU98141012/

Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Foxit PDF Reader
https://blog.talosintelligence.com/2020/01/vulnerability-spotlight-multiple-remote.html

Critical bugs in WordPress plugins InfiniteWP, WP Time Capsule expose 320,000 websites to attack
https://www.zdnet.com/article/critical-bugs-in-wordpress-plugins-infinitewp-wp-time-capsule-expose-300000-websites-to-attack/#ftag=RSSbaffb68

Securing Kubernetes: Bug bounty program announced
https://www.zdnet.com/article/securing-kubernetes-bug-bounty-program-announced/#ftag=RSSbaffb68

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
簡立忠:今年網路下單將上看七成 盤中逐筆交易、零股交易陸續上線,資安治理更重要
https://readers.ctee.com.tw/cm/20200110/a29ab5/1034514/share

PeckShield|2019全球數位資產反洗錢 AML 研究報告(附完整報告)
https://www.blocktempo.com/2019-aml-digital-currency-report/

金管會公布2020年FinTech施政重點:開放銀行新階段、數位帳戶未成年開戶、保險區塊鏈上路、純網銀下半年開業
https://ithome.com.tw/news/135363

託付寶吸金爭議 金管會緊盯
https://news.wearn.com/c427065.html

逐筆交易323上路 盼機構投資人增台股新動能
https://m.ctee.com.tw/livenews/aj/a91617002020011420334652

普惠金融指標21項出爐 網路投保拚400萬件
https://www.chinatimes.com/realtimenews/20200114004655-260410?chdtv

去年金融網絡攻擊增30% 生促局料有新保安風險
https://hk.on.cc/hk/bkn/cnt/news/20200116/bkn-20200116171947038-0116_00822_001.html

你的行動銀行應用程式安全嗎
https://blog.trendmicro.com.tw/?p=63028

NCR Important Updates and Actions required relating to Microsoft Security Patch Updates
http://bit.ly/2sxrhSQ

Multiple Hacking Groups Attempt to Skim Credit Cards from Perricone MD
https://www.rapidspike.com/blog/multiple-hacking-groups-attempt-to-skim-credit-cards-from-perricone-md/

Major Brazilian Bank Tests Homomorphic Encryption on Financial Data
https://www.darkreading.com/threat-intelligence/major-brazilian-bank-tests-homomorphic-encryption-on-financial-data/d/d-id/1336779?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Russian hacking group targets Sub-Saharan Africa banks
https://www.itweb.co.za/content/8OKdWqDEx98vbznQ

Travelex services begin again after ransomware cyber-attack
https://www.theguardian.com/business/2020/jan/13/travelex-services-begin-again-after-ransomware-cyber-attack?CMP=share_btn_tw

Sodinokibi Ransomware threats Travelex to release data, if ransom not paid
https://www.ehackingnews.com/2020/01/sodinokibi-ransomware-threats-travelex.html

ANZ Bank exploited again in a new phishing scam designed to steal banking credentials
https://www.mailguard.com.au/blog/anz-bank-exploited-again-in-a-new-phishing-scam-designed-to-steal-banking-credentials

Deep Analysis of New Metamorfo Variant Targeting Customers of Brazilian Financial Organizations
https://www.fortinet.com/blog/threat-research/analysis-metamorfo-variant-targets-financial-organizations.html

Silence before the storm: Russian speaking hacking group is attacking banks in Sub-Saharan Africa
http://bit.ly/35Tf5Jz

3.電子支付/電子票證/行動支付/ pay/新聞及資安
5家西班牙銀行聯合運用智慧合約進行跨行支付作業測試
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000575564_hys6iutu5s0kyj5n5wvmt

街口電支走入日本 跨境支付於日本啟用限期回饋20%
https://www.chinatimes.com/realtimenews/20200114002561-260412?chdtv

新國會誕生 金管會今年要修電支電票整合等「八大法案」
https://ec.ltn.com.tw/article/breakingnews/3040424

4.虛擬貨幣/區塊鍊相關新聞及資安
卡巴斯基: 北韓駭客組織「拉撒路小組」正在用 Telegram 偷用戶的加密貨幣
https://www.blocktempo.com/north-korean-hackers-now-using-telegram-to-steal-crypto-kaspersky/

推動區塊鏈 兩障礙待克服
https://money.udn.com/money/story/9740/4280391

委員關注區塊鏈建議安全技術措施與區塊鏈建設同步規劃
http://www.bjnews.com.cn/news/2020/01/10/672786.html

台灣新創獨角獸夢碎!加密交易所 Cobinhood 正式宣布關閉交易所,6,000 名受害者等待求償
https://www.blocktempo.com/taiwan-cobinhood-announce-to-shut-down/

數千位 COBINHOOD 用戶已經組成自救會,要求陳泰元解決「交易所資金提領問題」
https://www.blocktempo.com/victims-claimed-cobinhood-and-dexon-are-scam/

金融科技獨角獸 上市後命運落差大
https://reurl.cc/yyVevM

區塊科技推防詐工具驗證Email 揪可疑寄件人、上區塊鏈存證
https://news.cnyes.com/news/id/4433892

加密貨幣交易所Bithumb被徵收巨額稅款超過6,900萬美元
http://bit.ly/30tDZ1l

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
美國低價政府補貼手機暗藏中國惡意程式
https://technews.tw/2020/01/10/subside-phone-was-found-preinstalled-with-chinese-malware/

新Android木馬可關閉Google Play Protect以進行假評論
https://www.ithome.com.tw/news/135307

Google總計移除含有Joker惡意軟體的1,700款Android程式
https://times.hinet.net/news/22736191

美國連鎖餐廳體系 POS 系統遭惡意軟體攻擊,顧客信用卡資訊遭竊取
https://www.twcert.org.tw/tw/cp-104-3236-3b04d-1.html

微軟發現惡意npm軟件包可從UNIX系統竊取數據
https://www.cnbeta.com/articles/tech/932243.htm

網路變慢 電費暴增?可能是它暗中搞鬼
https://blog.trendmicro.com.tw/?p=63158

2019年中國網絡安全報告:新增木馬病毒6557萬個
http://4g.zijing.org/?app=article&controller=article&action=show&contentid=803496

按下「更新」才能使用飯店 Wi-Fi ?一按就下載病毒
https://blog.trendmicro.com.tw/?p=63149

Shell Backdoor List - PHP / ASP Shell Backdoor List
https://www.kitploit.com/2020/01/shell-backdoor-list-php-asp-shell.html

Microsoft spots malicious npm package stealing data from UNIX systems
https://www.zdnet.com/article/microsoft-spots-malicious-npm-package-stealing-data-from-unix-systems/#ftag=RSSbaffb68

SNAKE Ransomware – A New Threat For Businesses In Town
https://latesthackingnews.com/2020/01/12/snake-ransomware-a-new-threat-for-businesses-in-town/

Hackers using Drake’s kiki do you love me to drop Lokibot malware
https://www.hackread.com/hackers-using-drakes-kiki-do-you-love-me-azorult-lokibot/

TrickBot hackers create new stealthy backdoor for high-value targets
https://www.zdnet.com/article/trickbot-hackers-create-new-stealthy-backdoor-for-high-value-targets/

TrickBot group exploiting PowerShell-based backdoor to target high-value organisations
https://www.computing.co.uk/ctg/news/3084953/trickbot-powershell-backdoor

Threat Research  SAIGON, the Mysterious Ursnif Fork
https://www.fireeye.com/blog/threat-research/2020/01/saigon-mysterious-ursnif-fork.html

The Faketoken Trojan sends out offensive texts
https://www.kaspersky.com/blog/faketoken-trojan-sends-offensive-sms/32048/

Oski Stealer Targets Browser Data, Crypto Wallets in U.S.
https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us

Cyber News Rundown: Snake Ransomware
https://www.webroot.com/blog/2020/01/10/cyber-news-rundown-snake-ransomware/

Snake alert! This ransomware is not a game
https://nakedsecurity.sophos.com/2020/01/13/snake-alert-this-ransomware-is-not-a-game/

TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection
https://www.bleepingcomputer.com/news/security/trickbot-now-uses-a-windows-10-uac-bypass-to-evade-detection/#.XiDPtCaseQA.twitter

JhoneRAT: Cloud based python RAT targeting Middle Eastern countries
https://blog.talosintelligence.com/2020/01/jhonerat.html

Stolen emails reflect Emotet's organic growth
https://blog.talosintelligence.com/2020/01/stolen-emails-reflect-emotets-organic.html

Emotet Locked onto US Military and Government
https://www.infosecurity-magazine.com/news/emotet-locked-onto-us-military-and/

This Trojan hijacks your smartphone to send offensive text messages
https://www.zdnet.com/article/this-trojan-hijacks-your-smartphone-to-send-offensive-text-messages/#ftag=RSSbaffb68

2020-01-16 - LOKIBOT MALSPAM AND INFECTION TRAFFIC
https://www.malware-traffic-analysis.net/2020/01/16/index.html

2020-01-15 - QUICK POST: MALSPAM PUSHING REVENGE RAT
https://www.malware-traffic-analysis.net/2020/01/15/index.html

B.行動安全 / iPhone / Android /穿戴裝置 /App
張東健捲桃色風波?朱鎮模手機遭駭流出18禁「約奶妹」對話
https://ent.ltn.com.tw/news/breakingnews/3036096

南韓知名已婚演員遭竊手機,聊天內容討論比基尼辣妹曝光!韓網友譏諷根本是中年版鄭俊英
https://www.wishnote.tw/#!/menu=landing&content_id=121632

瑞幸咖啡回應App被工信部點名:為防止駭客騙取第一杯免費
http://big5.pconline.com.cn/b5/pcedu.pconline.com.cn/1314/13148505.html

Galaxy手機內建將資料傳給中國政府的間諜軟體?三星否認
https://www.ithome.com.tw/news/135281

Samsung 手機漏洞私照全被看光光,多位韓國明星慘遭勒索!
https://reurl.cc/ZnLl96

韓星朱鎮模手機遭駭 揪友討論大奶妹對話流出
https://reurl.cc/5g9bMv

朱鎮模手機資料「遭駭客盜取勒索」! 與大咖好友「超私密對話外流」網瘋傳
https://star.ettoday.net/news/1622558

找大咖一起嗨?男星「鹹濕對話」流出
https://reurl.cc/D1rbmE

對鏡頭比「YA」可能被竊取指紋!3大神話破解 指紋辨識沒想像中安全
https://www.ettoday.net/news/20200110/1622537.htm

5G資安 台專家:應有檢測機制
http://www.epochtimes.com/b5/20/1/10/n11782507.htm

Tiktok(抖音國際版)安全漏洞分析
https://www.4hou.com/index.php/posts/7Wx8

資安業者揭露 TikTok 漏洞:攻擊者能透過惡意連結,操縱使用者帳戶並公開私人影片
https://buzzorange.com/techorange/2020/01/14/tiktok-cyber-security-issue/

Check Point 揭抖音資安漏洞!帳號可能被盜、個資外露,籲使用者儘速更新
https://www.inside.com.tw/article/18622-tiktok-vulnerability-found

「抖音」蒐情資 社群軟體藏危機
https://www.ydn.com.tw/News/368038

抖音出現資安漏洞,使用者 IP 位址、電子信箱暴露在風險下
http://bit.ly/30hmkd8

資安業者揭抖音漏洞 帳戶內容可能被操縱
https://www.cna.com.tw/news/ait/202001130128.aspx

2020年1月Android安全補丁和Pixel更新發布:修復40個漏洞
https://tech.sina.com.cn/roll/2020-01-10/doc-iihnzahk3179835.shtml

用充電線就能駭進你手機 盜版充電線已可量產
https://reurl.cc/e5K7VK

釣魚郵件換成簡訊捲土重來 資安專家提醒三原則遠離詐騙
https://inanews.tw/archives/66231

國際組織要求Google監管Android手機預設程式
http://bit.ly/30eKiG5

除了手機殼,你的手機還需要更強大的保護力
https://blog.trendmicro.com.tw/?p=63049

退出高階旗艦機市場?HTC驚傳無預警關閉鐵粉專用的論壇
https://news.sina.com.tw/article/20200114/33988902.html

華府曾要求蘋果解鎖槍手的手機被拒
https://news.now.com/home/international/player?newsId=376765

解鎖手機查恐攻 美司法部再槓蘋果
https://money.udn.com/money/story/5599/4287165

美高階團隊敦促英政府 禁止華爲進入英5G網絡
https://www.soundofhope.org/post/330730?lang=b5

Google 公布 iOS 12.4 漏洞詳情:駭客可遠端控制 iPhone
https://technews.tw/2020/01/15/ios-12-4-loophole/

FBI被曝有解鎖iPhone工具,根本不需要蘋果“留後門”
http://bit.ly/35PPCkd

川普推文開罵蘋果不知感恩 資安專家證實:FBI自有能力解鎖iPhone
https://cnews.com.tw/13720016a02/

蘋果有無協助美國政府解碼iPhone引爭論 資安專家點出:FBI有能力獨立破解
https://www.ettoday.net/news/20200115/1626326.htm

資安公司曝 Google Play 有「偷錢」App!一不留神可能扣你 7,200 元
https://3c.ltn.com.tw/news/39273

不要隨意下載!又有一批全新免費「騙錢軟體」上架Google Play
https://newtalk.tw/news/view/2020-01-16/355271

5G技術藏漏洞 AI詐騙電郵將成網絡攻擊威脅
http://bit.ly/388R5no

Google Play商店現偷錢程式 料全球6億用戶中招
http://bit.ly/2u3EtPE

如何判斷手機是否遭安裝追蹤軟體 (Stalkerware)
https://blog.trendmicro.com.tw/?p=62877

Google Play 25程式 免費試用後擅收費
http://bit.ly/30qqCz6

Russian experts warn the danger of charging the phone in public places
https://www.ehackingnews.com/2020/01/russian-experts-warn-danger-of-charging.html

Google hackers successfully use remote exploit to hack iPhone
https://www.hackread.com/google-hackers-remote-exploit-hack-iphone/

Google details its three-year fight against the Bread (Joker) malware operation
https://www.zdnet.com/article/google-details-its-fight-against-the-bread-joker-malware-operation/#ftag=RSSbaffb68

Malware Spotted on Government-Subsidized Android Phone
https://www.extremetech.com/mobile/304577-malware-spotted-on-government-subsidized-android-phone

Academic research finds five US telcos vulnerable to SIM swapping attacks
https://www.zdnet.com/article/academic-research-finds-five-us-telcos-vulnerable-to-sim-swapping-attacks/#ftag=RSSbaffb68

5 major US wireless carriers vulnerable to SIM swapping attacks
https://www.welivesecurity.com/2020/01/13/major-us-wireless-carriers-vulnerable-sim-swap-scams/

Switcher: Android joins the ‘attack-the-router’ club
https://securelist.com/switcher-android-joins-the-attack-the-router-club/76969/#comment-2978311

Use iPhone as Physical Security Key to Protect Your Google Accounts
https://thehackernews.com/2020/01/google-iphone-security-key.html

More than 600 million users installed Android 'fleeceware' apps from the Play Store
https://www.zdnet.com/article/more-than-600-million-users-installed-android-fleeceware-apps-from-the-play-store/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
首見駭客以惡意Office 365 App存取用戶帳號
https://www.ithome.com.tw/news/135331

保全監視系統無法連上線 中興保全:無個資外洩疑慮、未必是駭客所為
https://www.ettoday.net/news/20200116/1626951.htm

2020年網絡安全4大發展趨勢
http://bit.ly/3ag4sUE

退休金帳戶成駭客目標 該如何自保
https://chinese.efreenews.com/a/tuixiujinzhanghuchenghaikemubiao-gairuhezibao

【寰宇韜略】新形態「網戰脅迫」 各國謹慎應對(上)
https://www.ydn.com.tw/News/368406

【寰宇韜略】新形態網戰脅迫 各國謹慎應對(中)
https://www.ydn.com.tw/News/368616

【寰宇韜略】新形態「網戰脅迫」 各國謹慎應對(下)
https://www.ydn.com.tw/News/368805

香港2019年首11個月共處理8827宗網絡安全事故
http://www.hkcna.hk/content/2020/0113/803660.shtml

加拿大電腦雲端(CCC)與華為合作引發加國學者擔憂
http://bit.ly/36T9UL0

對抗網軍假消息 前北約官員稱台灣是好例子
https://www.rti.org.tw/news/view/id/2048341

假新聞滲透民主國家 前北約秘書長:台灣是對抗網軍模範
https://news.ltn.com.tw/news/world/breakingnews/3041986

伊朗報復性網路攻擊升溫! 伊朗駭客對美國電網發動大規模「密碼噴灑」攻擊
https://reurl.cc/YlKk80

伊朗或將對美國發動攻擊 以癱瘓電網
https://reurl.cc/e5KVzL

美國政府所屬網站遭駭,放置伊朗國旗與川普打臉圖
https://www.twcert.org.tw/tw/cp-104-3235-5d584-1.html

俄國又想干預美國總統大選?「烏克蘭門」發現俄國駭客蹤跡,他們也在翻找拜登「黑資料」
https://www.storm.mg/article/2181718

印度最高法院判決 政府中斷克什米爾網路違憲
https://news.ltn.com.tw/news/world/breakingnews/3036328

涉川普彈劾案 烏天然氣公司遭俄諜駭攻
https://www.rti.org.tw/news/view/id/2048157

俄駭客疑涉川普彈劾案 干預美大選疑慮漸深
https://www.ydn.com.tw/news/368357

憂中共透過中製無人機竊國安機密 傳白宮將全面禁飛民用無人機
https://cnews.com.tw/137200114a04/

美為精準打擊中國罕見求助盟友美歐日聯合施壓北京
http://bit.ly/36YBCpG

英媒:特朗普政府將公布新規 阻止對華為銷售外國製產品
http://bit.ly/2Nt2wOM

美中簽署第1階段協議 駭客、政府補貼等問題被擱置
https://ec.ltn.com.tw/article/breakingnews/3041837

拜登兒子前公司證實遭駭 美資安公司:百分百是俄國情報機構幹的
http://bit.ly/2RpXJPi

俄國疑似網攻烏克蘭能源公司 基輔尋求FBI協助
https://www.rti.org.tw/news/view/id/2048427

德檢搜索3人疑為中國情蒐 傳德外交官涉案
https://money.udn.com/money/story/5599/4293100

Intrusion Truth揭露由海南省主導的APT駭客集團
https://www.ithome.com.tw/news/135348

Report: Chinese hacking group APT40 hides behind network of front companies
https://www.zdnet.com/article/report-chinese-hacking-group-apt40-hides-behind-network-of-front-companies/#ftag=RSSbaffb68

APT40
https://www.fireeye.com/current-threats/apt-groups.html#apt40

What is the Hainan Xiandun Technology Development Company
https://intrusiontruth.wordpress.com/2020/01/09/what-is-the-hainan-xiandun-technology-development-company/

Who is Mr Gu
https://intrusiontruth.wordpress.com/2020/01/10/who-is-mr-gu/

This Secretive Surveillance Company Is Selling Cops Cameras Hidden in Gravestones
https://www.vice.com/en_us/article/qjdp95/this-secretive-surveillance-company-is-selling-cops-cameras-hidden-in-gravestones

An Iranian Hacking Campaign, Social Media Surveillance, and More News
https://www.wired.com/story/iran-hackers-us-electric-grid-border-social-media-surveillance/

Iranian Hackers Have Been ‘Password-Spraying’ the US Grid
https://www.wired.com/story/iran-apt33-us-electric-grid/

Hackers Increasingly Probe North American Power Grid
https://www.bankinfosecurity.com/hackers-increasingly-probe-north-american-power-grid-a-13596

UK is nearly ready to launch force to hit hostile countries with cyberattacks
https://www.independent.co.uk/news/uk/home-news/cyber-warfare-security-force-iran-crisis-ministry-of-defence-a9278591.html

YOUR PASSWORD HAS BEEN HACKED! DO YOU KNOW HOW IT HAPPENED
https://blog.eccouncil.org/your-password-has-been-hacked-do-you-know-how-it-happened/

Kaspersky Lab reports North Korean Hacker group Lazarus stealing cryptocurrencies using the Telegram messenger
https://www.ehackingnews.com/2020/01/kaspersky-lab-reports-north-korean.html

Las Vegas Hacked: Quick Reactions Save Sin City from Outages
https://www.cbronline.com/cybersecurity/breaches/las-vegas-hacked/

TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking
https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/servhelper-evolution-and-new-ta505-campaigns/

'Serious cyber-attack' on Austria's foreign ministry
https://www.bbc.com/news/world-europe-50997773

GCHQ warns not to use Windows 7 computers for banking or email after Tuesday
https://www.telegraph.co.uk/news/2020/01/12/gchq-warns-not-use-windows-7-computers-banking-email-tuesday/

Report: Russian hackers waged broad phishing campaign against company tied to Trump impeachment
https://www.cyberscoop.com/russia-hacking-ukraine-burisma-donald-trump-apt28-area-1/

Russian spies hacked Ukrainian energy company at center of Trump's impeachment
https://nbcnews.to/2FK7FOn

FBI: Nation-state actors have breached two US municipalities
https://www.zdnet.com/article/fbi-nation-state-actors-have-breached-two-us-municipalities/

Wind River acquires Star Lab to improve its Linux security
https://www.zdnet.com/article/wind-river-acquires-star-lab-to-improve-its-linux-security/#ftag=RSSbaffb68

Report: Russian Hackers Targeted Ukrainian Gas Firm Burisma
https://www.bankinfosecurity.com/report-russian-hackers-targeted-ukrainian-gas-firm-burisma-a-13606

Russia responsible for hacking gas firm tied to Trump impeachment: report
https://www.zdnet.com/article/russia-responsible-for-hacking-gas-firm-tied-to-trump-impeachment-case-report/#ftag=RSSbaffb68

Congress Hears Warnings of Iranian Cyberthreats
https://www.bankinfosecurity.com/congress-hears-warnings-iranian-cyberthreats-a-13613

資安工程師
https://reurl.cc/5g9bKG

數聯資安正職人力需求
https://ece.ntust.edu.tw/p/404-1017-73164.php

Google Analytics分析師-加入台中矽谷 (GA流量分析、數據分析、成長駭客)
https://www.104.com.tw/job/6ue4d

資安技術工程師
https://www.104.com.tw/job/4iegg

達友科技/Product Manager
https://www.104.com.tw/job/6ujwd?jobsource=googlejobs

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
5,600 萬美國人數據流出 源自中國 IP 位址
https://reurl.cc/EK5bG0

CHAN YEOL、世勳護照資訊因機場工作人員翻拍遭外洩
https://reurl.cc/qDW4Ky

資策會科法所:個資重要不可忽視 TPIPAS強化業者法遵保護
https://times.hinet.net/news/22736757

【加強監管】政府:正檢討加強網絡保安 防止資料外洩
http://www.orangenews.hk/news/system/2020/01/13/010136783.shtml

德國資安業者Greenbone Networks:已有超過10億張醫療影像在網路上流竄
https://www.ithome.com.tw/news/135354

中國國務院部際聯席會議:從事電詐犯罪及黑灰產業的納入失信懲戒
https://news.sina.com.tw/article/20200114/33990524.html

打擊電信網絡詐騙 中國國務院:犯罪人員列入失信懲戒名單
http://bit.ly/2NtWkX1

去年近萬宗網絡保安事故 網絡釣魚顯著增
http://bit.ly/2FVEPdT

一隻網路上的臘腸狗,讓她犬財兩失
https://blog.trendmicro.com.tw/?p=63056

PlanetDrugsDirect reveals security breach, warns customers their data may have been exposed
https://www.tripwire.com/state-of-security/featured/planetdrugsdirect-reveals-security-breach-warns-customers-their-data-may-have-been-exposed/

Texas School District Lost $2.3M to Phishing Email Scam
https://www.tripwire.com/state-of-security/security-data-protection/texas-school-district-lost-2-3m-to-phishing-email-scam/

Scammers’ delivery service: exclusively dangerous
https://securelist.com/scammers-delivery-service-exclusively-dangerous/66515/#comment-2978500

Scammers’ delivery service: exclusively dangerous
https://securelist.com/scammers-delivery-service-exclusively-dangerous/66515/#comment-2978498

Latitude Financial spoofed in phishing scam; email tells users their account access has been ‘disabled’
https://www.mailguard.com.au/blog/latitude-financial-spoofed-in-phishing-scam-email-tells-users-their-account-access-has-been-disabled

Baby's First Data Breach: App Exposes Baby Photos, Videos
https://www.bankinfosecurity.com/babys-first-data-breach-app-exposes-baby-photos-videos-a-13603

49 million user records from US data broker LimeLeads put up for sale online
https://www.zdnet.com/article/49-million-user-records-from-us-data-broker-limeleads-put-up-for-sale-online/#ftag=RSSbaffb68

Class Action Breach Lawsuits: The Impact of Data for Sale
https://www.bankinfosecurity.com/interviews/class-action-breach-lawsuits-impact-data-for-sale-i-4572

Hotel lawyer alert for hotel owners and operators: Newest FTC warning about hotel data security
https://hotellaw.jmbm.com/ftc-warns-hotel-data-security.html

E.研究報告
記一次Redis+Getshell經驗分享
https://www.freebuf.com/vuls/224235.html

企業安全建設之漏洞管理與運營
https://www.freebuf.com/articles/security-management/222429.html

有駭客讓 Nintendo Switch 跑起了 Linux
https://read01.com/jEA6A7E.html#.Xhr1e_4zbIU

Flan Scan:Cloudflare開源輕量級網絡漏洞掃描軟件
https://www.77169.net/html/249504.html

釣魚攻擊之Reverse Tabnabbing
https://xz.aliyun.com/t/7080

Apereo CAS反序列化進攻分析及回顯利用
https://www.anquanke.com/post/id/197086

BoomER 一款檢測和利用本地漏洞工具
https://www.77169.net/download/238656.html

如何查詢目前 Windows 電腦曾經連線過的 WiFi 密碼
https://blog.miniasp.com/post/2020/01/12/Retrieve-Wi-Fi-password-in-Windows

黑產團伙利用Apache Struts 2漏洞及SQL爆破控制服務器挖礦
https://s.tencent.com/research/report/871.html

被誤解的EDR,端點安全如何撥雲見日
http://m.ccidnet.com/pcarticle/10509014

帶你推開PWN世界的大門
https://zhuanlan.zhihu.com/p/102685081

WEB開發中安全漏洞的分析和預防
https://www.boxuegu.com/news/2383.html

2019年中國網絡安全報告
http://it.rising.com.cn/dongtai/19692.html

phpmyadmin PMASA-2020-1突破分析與復現
https://xz.aliyun.com/t/7092

Seagate Central Storage RCE 0day漏洞分析
https://www.anquanke.com/post/id/197345

進攻性掃描CVE 2019 2725 Weblogic GetShell Exploit
http://bit.ly/2TxJyuu

weblogic 2020年第一季度漏洞分析
https://www.modb.pro/db/15080

漏洞掃描軟件AWVS的介紹和使用
https://zhuanlan.zhihu.com/p/102744281

Windows Carbon Black edr逆向分析第一部分
https://www.anquanke.com/post/id/197312

騰訊安全緊急發布CVE-2020-0601漏洞利用惡意樣本專殺工具
https://s.tencent.com/research/report/878.html

How to Hack/Crack Password
https://hackonology.com/blogs/how-to-hack-crack-password/

Top 10 web hacking techniques of 2019
https://portswigger.net/polls/top-10-web-hacking-techniques-2019

Red Teaming @ 10000 Feet
https://pentestmag.com/red-teaming-10000-feet/

ReconCobra Complete Automated pentest
https://hackingpassion.com/reconcobra-complete-automated-pentest/

MOBILE DEVICE FORENSICS
https://blog.eccouncil.org/mobile-device-forensics/

MALWARE AND MEMORY FORENSICS
https://blog.eccouncil.org/malware-and-memory-forensics/

Exploiting Routers With Routersploit
https://linuxsecurityblog.com/2019/09/26/exploiting-routers-with-routersploit/

Kilos – New Dark Web Search Engine With Extensive Filtering Capabilities
https://cybersecuritynews.com/search-engine-kilos/

Threat Research  SAIGON, the Mysterious Ursnif Fork
https://reurl.cc/Rd399n

projectzeroindia/CVE-2019-19781
https://github.com/projectzeroindia/CVE-2019-19781

quantumcore/supercharge
https://github.com/quantumcore/supercharge

NYAN-x-CAT/Mass-RAT
https://github.com/NYAN-x-CAT/Mass-RAT

Persistence – AppInit DLLs
https://pentestlab.blog/2020/01/07/persistence-appinit-dlls/

THREAT RESEARCH Predator the Thief: Analysis of Recent Versions
https://www.fortinet.com/blog/threat-research/predator-the-thief-recent-versions.html

Heavily Obfuscated Malware Campaign using Weaponized PowerPoint Files to Drop Lokibot & Azorult
https://cybersecuritynews.com/powerpoint-malware/

Hacking With PowerShell: Blue Team
https://securethelogs.com/hacking-with-powershell-blue-team/

TRAPE | Track Anyone Over Internet
https://training.twintechsolutions.in/training/trape-track-anyone-over-internet/

A Complete Malware Analysis Tutorials, Cheatsheet & Tools list for Security Professionals
https://gbhackers.com/malware-analysis-cheat-sheet-and-tools-list/

Threat Actor Abuses Mobile Sensor to Evade Detection
https://info.phishlabs.com/blog/threat-actor-abuses-mobile-sensor-evade-detection

rshipp/awesome-malware-analysis
https://github.com/rshipp/awesome-malware-analysis

OWASP SecureTea help to secure your IoT
https://github.com/OWASP/SecureTea-Project

Bypass with PHP non-alpha encoder
https://medium.com/mucomplex/bypass-with-php-non-alpha-encoder-fee4e1bac31e

LNAV : Log File Navigator 2020
https://kalilinuxtutorials.com/lnav-log-file-navigator/

Detect Frida for Android
https://darvincitech.wordpress.com/2019/12/23/detect-frida-for-android/

Testing for XSS (Like a KNOXSS)
https://brutelogic.com.br/blog/testing-for-xss-like-a-knoxss/

Security hardening of Android native code
https://darvincitech.wordpress.com/2020/01/07/security-hardening-of-android-native-code/

Creating and Analyzing a Malicious PDF File with PDF-Parser Tool
https://gbhackers.com/creating-and-analyzing-a-malicious-pdf-file-with-pdf-parser-tool/

a USB multitool for monitoring, hacking, and developing USB devices (work in progress)
https://github.com/greatscottgadgets/luna

Abusing Exchange: One API call away from Domain Admin
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/

alphaSeclab/awesome-forensics
https://github.com/alphaSeclab/awesome-forensics/blob/master/Readme_en.md

hash3liZer/Blunder
https://github.com/hash3liZer/Blunder

OSCP Goldmine (not clickbait)
http://0xc0ffee.io/blog/OSCP-Goldmine

cryforce
https://github.com/lildwagz/cryforce

Web Vulnerability Assessment Tool
https://github.com/tempto/wvat

AWSからAbuse Reportがきた時の対応方法
https://qiita.com/blackpeach7/items/7e2781547103c31f283b

Dnss Domain Name Search Software - 'Name' Denial of Service (PoC)
https://www.exploit-db.com/exploits/47861

Xiaomi_Mi_WiFi_R3G_Vulnerability_POC
https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC/blob/master/report/report.md

Digital Forensics, Part 2: Live Memory Acquisition and Analysis
https://www.hackers-arise.com/post/2016/09/27/digital-forensics-part-2-live-memory-acquisition-and-analysis

Free Blocklists of Suspected Malicious IPs and URLs
https://zeltser.com/malicious-ip-blocklists/

Free Online Tools for Looking up Potentially Malicious Websites
https://zeltser.com/lookup-malicious-websites/

Free Automated Malware Analysis Sandboxes and Services
https://zeltser.com/automated-malware-analysis/

S3Tk:-- A #Security #Toolkit For #Amazon S3.
https://github.com/ankane/s3tk

Do Your SOC Metrics Incentivize Bad Behavior
https://blog.paloaltonetworks.com/2020/01/cortex-soc-metrics/

Powerful GPG collision attack spells the end for SHA-1
https://nakedsecurity.sophos.com/2020/01/13/powerful-gpg-collision-attack-spells-the-end-for-sha-1/

WebMap:-- WebMap
https://github.com/SabyasachiRana/WebMap

F.商業
Palo Alto Networks 公布最新2020年資安趨勢預測
https://www.chinatimes.com/realtimenews/20200110001469-260412?chdtv

Windows 7正式終止支援 十月換Office 2010停止更新
https://udn.com/news/story/11017/4291913

Windows 7即將終止更新支援 13項守則讓使用者保平安
https://news.xfastest.com/others/75212/windows-7-stop-update/

Windows 7支援即將於明天到期,又有證據還可以免費升級
https://ithome.com.tw/news/135312

Windows 7 官方支援只到明天!微軟1月14日後不再提供更新 呼籲用戶快升級Win 10
https://www.ettoday.net/news/20200113/1624477.htm

Windows 7 不想升級到 Windows 10 怎麼辦?這 8 招讓你安心用舊機
https://3c.ltn.com.tw/news/39230

Microsoft Windows 7 正式停止官方支援 不升級原來很危險
http://bit.ly/2FLpWdY

微軟今終止支援Windows 7 用戶快升級以遠離風險
https://newtalk.tw/news/view/2020-01-14/354391

Windows 7 end of life: Time to move on
https://www.welivesecurity.com/2020/01/14/windows7-end-life-time-move-on/

Windows 7 Begins to Show Full Screen Windows 10 Upgrade Alerts
https://www.bleepingcomputer.com/news/microsoft/windows-7-begins-to-show-full-screen-windows-10-upgrade-alerts/

中山醫大攜手業界 打造新世代醫療資安課程
https://money.udn.com/money/story/5723/4281285

強調供應商安全管理的SecurityScorecard,能偵測企業暴露在外部網路的資安風險
https://www.ithome.com.tw/review/135314

資安即國安 個資保護重要性更為提升
http://www.t3-news.com/news_detail.php?NewsID=3031

IBM開源雲端系統遙測資料格式SysFlow
https://www.ithome.com.tw/news/135344

打造資安閘門防護服務
https://money.udn.com/money/story/8521/4260455

台灣大車隊持續精進乘車安全 導入中信國際電訊資安防護
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=35&id=0000575921_SAW85W3D3G3K5T0DXPGLY

Palo Alto Networks發表2020網路安全預測,資安人才和5G安全成焦點
https://ithome.com.tw/news/135327

黑客利用AI尋目標 微軟預測四大網絡安全趨勢
http://bit.ly/2R4wbjL

奇安信發布第三代安全引擎"天狗"對漏洞攻擊實施降維打擊
http://www.chinanews.com/business/2020/01-17/9062649.shtml

G.政府
嘉義市政府推動資安防護有成 奠定發展數位政策穩健基石
https://ithome.com.tw/pr/135146

教育部函~有關各機關(構)、學校如有採購大陸製監視器相關資安疑慮事宜
https://www.stu.edu.tw/latestnews_single.php?id=74365

107年至108年資訊安全能量登錄暨資通安全自主產品廠商名單
https://www.acw.org.tw/News/Detail.aspx?id=107

當選了,然後呢?看蔡英文下一個4年的科技、能源與新創政策
https://www.bnext.com.tw/article/56256/presidential-tech-policy

金管會7字賀鼠年 發表2020十大工作重點與普惠金融21條
https://udn.com/news/story/7239/4287213

金管會報喜 金融業2019年獲利創新高
https://m.ctee.com.tw/livenews/aj/a91617002020011415352534?area=

公告資訊-為配合內政部辦理「108年度戶役政綠色便民及資安強化計畫案」作業,本市各戶政事務所於109年1月22日(星期三)暫停夜間延時服務
https://reurl.cc/Naeryx

晶片身分證資安疑慮 民團籲在野黨堅守預算刪減提案
https://www.rti.org.tw/news/view/id/2048228

金管會108年重要施政成果及109年工作重點
http://bit.ly/2QV0DwI

民團質疑數位身分證資安疑慮 籲在野黨堅守
https://www.cna.com.tw/news/aipl/202001150139.aspx

數位身分證遭疑資安問題 內政部:審慎推動絕無政府監控問題
https://www.chinatimes.com/realtimenews/20200115003166-260407?chdtv

科技部108年度「資安關鍵技術基礎研發計畫」專案,校內申請截止日109年2月10日上午10時
https://www2.nchu.edu.tw/news-detail/id/47815

第五代公文交換系統翻新工程,檔管局不惜改用API全面重構
https://ithome.com.tw/people/135277

蔡英文勝選的行政後盾 陳其邁首任資安長推動5G「緊緊緊」
https://www.ettoday.net/news/20200115/1626565.htm

5G第二階段位置競價年後登場!NCC估最快7月後可提供服務
https://www.ettoday.net/news/20200116/1626990.htm

高市戶政連線當機改採人工收件 初步排除被駭
https://www.cna.com.tw/news/ahel/202001160198.aspx

唐鳳將協助規劃成立數位發展部會 落實小英政見
https://news.ltn.com.tw/news/politics/breakingnews/3043291

落實數位發展政見 唐鳳:資安、網路訊息討論將更密切
https://www.chinatimes.com/realtimenews/20200117002542-260407?chdtv

H.工控系統/SCADA/ICS
Rasilient PixelStor 5000 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6757

多款Siemens產品訪問繞過漏洞的補丁
https://ics-cert.us-cert.gov/advisories/ICSA-18-317-01

加強化工信息安全防護勢在必行
http://www.ccin.com.cn/detail/8a83d3641c1ceb7e146b140cee97075d

一種基於知識圖譜的工業互聯網安全漏洞研究方法
https://www.secrss.com/articles/16641

工業製造業者遭網路間諜鎖定
https://www.nccst.nat.gov.tw/NewsRSSDetail.aspx?lang=zh&RSSType=news&seq=16339

I.教育訓練
個資暨資安案例宣導及公務員申領小額款項實例分析
https://elearn.hrd.gov.tw/info/10013821

Overview of key Microsoft Azure Security Services – Part 1
https://www.peerlyst.com/posts/overview-of-key-microsoft-azure-security-services-part-1-guy-bertrand-kamga

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
破獲非法控制攝影鏡頭警逮32人
https://www.ydn.com.tw/News/367665

3500萬家庭擁有智能音箱隱私安全存在漏洞
http://www.ce.cn/cysc/tech/gd2012/202001/10/t20200110_34098048.shtml

GE 家電採用 UL IoT 安全評等測試連網產品
https://reurl.cc/qDWKYD

保護你 Wi-Fi 路由器、家用網路的小訣竅
https://www.inside.com.tw/article/18588-secure-your-wi-fi-router

IOT安全|路由器漏洞分類
https://www.shangyexinzhi.com/article/details/id-436076/

2020 年代的新型駭客:「汽車駭客」入侵自駕車癱瘓交通,使用「網路鎖」要你付贖金
https://buzzorange.com/techorange/2020/01/13/self-driving-car-hacker/

日助企業製無人機 強化防駭措施
https://www.ydn.com.tw/News/368194

網路攻擊事件頻傳 資安已成嵌入式系統重大挑戰
https://udn.com/news/story/11726/4285244

越來越聰明的不止是特斯拉,還有汽車駭客!汽車擁有了一個具備完全自動駕駛能力的電腦系統,不可避免會存在這樣的疑問
https://www.insoler.com/forum/topic/15788986719291.htm

日本擬新政策培育本土無人機製造商減資安威脅  印度與巴基斯坦邊界 25 公里列禁飛區
http://bit.ly/2RstmHU

物聯網為黑客提供入侵方式 Android手機易被入侵
http://bit.ly/2R3wn2B

6.近期資安活動及研討會
WizardAmigos CodeCamp [Taipei,JavaScript,­English] 1/20
https://www.meetup.com/WizardAmigos/events/bbdclrybccbbc/

Cyber Security for Critical Assets (CS4CA) MENA 1/20 ~ 1/21
https://mena.cs4ca.com/?ref=infosec-conferences.com

PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world

2020核果資訊冬季班 Python 程式語言 (Level 1) 1/22~ 2/13
https://www.accupass.com/event/1911150442131985092910

Hacking Thursday 1/23
http://www.hackingthursday.org/invite

Security Hell Conference (SH3LLCON) 1/24 ~ 1/25
https://www.sh3llcon.es/?ref=infosec-conferences.com

NextGen SCADA 1/27 ~ 1/31
https://www.smartgrid-forums.com/forums/nextgen-scada-global/

Cranfield University Cyber Symposium 1/28 ~ 1/29
https://www.cranfield.ac.uk/events/symposia/cyber

International Cyber Security Forum (FIC) 1/28 ~ 1/30
https://www.forum-fic.com/en/home.htm

Free and Safe in Cyberspace 1/29
https://www.free-and-safe.org/

Hacking Thursday 1/30
http://www.hackingthursday.org/invite

制御システムセキュリティカンファレンス 2020 2020年2月14日
https://www.jpcert.or.jp/event/ics-conference2020.html

CYBERSEC 2020 臺灣資安大會 3/17 ~ 3/19
https://cyber.ithome.com.tw/

韓國國際安全博覽會 3/18
https://www.twcert.org.tw/tw/cp-105-3230-a3bd4-1.html

black ASIA 2020 Singapore 3/31 ~ 4/3
https://www.blackhat.com/asia-20/briefings/schedule/

Kaspersky® Security Analyst Summit  4/6 ~ 4/9
https://thesascon.com/

2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore  4/21 ~ 4/23
https://www.icscybersecurityconference.com/singapore/

亞太資訊安全論壇暨展覽會 4/22
https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html


留言

這個網誌中的熱門文章

資安事件新聞週報 2019/2/25 ~ 2019/3/1

資安事件新聞週報  2019/2/25  ~  2019/3/1

1.重大弱點漏洞

Avast:數位家庭最容易有漏洞的裝置是印表機、網路裝置及監視器
https://ithome.com.tw/news/128997

F5 BIG-IP Access Policy Manager 跨站腳本漏洞  CVE-2019-6595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6595

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT
https://www.exploit-db.com/exploits/46444

報告:前十大熱門Docker映像檔都有至少30個以上的漏洞
https://www.ithome.com.tw/news/129018

有攻擊者正利用Chrome的0day漏洞偷取他人信息
https://nosec.org/home/detail/2294.html

Chrome瀏覽器被曝存在漏洞攻擊者可通過PDF收集用戶信息
http://www.sohu.com/a/298175326_114774?sec=wd

Google Chrome zero-day used in the wild to collect user data via PDF files
https://www.zdnet.com/article/google-chrome-zero-day-used-in-the-wild-to-collect-user-data-via-pdf-files/#ftag=RSSbaffb68

Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers
https://bit.ly/2H4ZAWr

研究人員揭露大批Thunderclap安全漏洞,允許惡意周邊裝置竊取記憶體機密資訊
https://www.ithome.com.tw/news/129021

新發現的thunderclap 漏洞允許黑客使用Thunderbolt/USB-C 外設攻擊PC
http://hackernews.cc/archives/24…

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



1月份資安社群及教育訓練活動分享

1月份資安社群及教育訓練活動分享

Android Code Club(Taipei) 1/1
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybccbcb/

From Reactive to Functional FunTh#80 1/2
https://www.meetup.com/Functional-Thursday/events/266805309/

Hacking Thursday 1/2
http://www.hackingthursday.org/invite

大數據爬蟲技術實作,使用Python實作網路爬蟲,快速有效獲取大量資料,打造自動化金融數據平台 1/4
https://www.techbang.com/posts/58613-course-python-crawler-technology-implementation

[Birthday Series] R-Ladies Taipei 五歲拉 1/6
https://www.meetup.com/rladies-taipei/events/266131216/

SDN x Cloud Native Meetup #24 1/6
https://www.meetup.com/CloudNative-Taiwan/events/267390135/

WizardAmigos CodeCamp [Taipei,JavaScript,­English] 1/6
https://www.meetup.com/WizardAmigos/events/bbdclrybccbjb/

新型郵件威脅與挑戰因應策略 1/7
https://engage2demand.cisco.com/LP=19240?dtid=oemels001119&ccid=cc000828&ecid=22859

發現 CNN 新大陸 (人工智慧小聚 - Hsinchu#20200108 ) 1/8
https://www.meetup.com/AIA-Hsinchu/events/266704469/

LISP talk: LISP in surrounding parentheses is supremely powerful #3  1/8
https…