資安事件新聞週報 2020/1/6 ~ 2020/1/10
1.重大弱點漏洞/後門/Exploit/Zero Day
Project Zero調整漏洞揭露政策,漏洞細節一律通報後90天才公開
https://www.ithome.com.tw/news/135265
Ruckus 產品多個漏洞
https://www.ruckuswireless.com/security/299/view/pdf
思科修補可繞過身分認證並執行任意行動的安全漏洞
https://ithome.com.tw/news/135203
近期多家VPN設備資安漏洞,相關單位應立即檢視以降低資安威脅
https://www.twcert.org.tw/tw/cp-15-3211-f51e9-1.html
Citrix應用伺服器與閘道器產品存在安全漏洞(CVE-2019-19781)
http://net.nthu.edu.tw/2009/mailing:announcement:20200109_01
Citrix部分產品存在遠端執行程式碼漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1448
Hackers probe Citrix servers for weakness to remote code execution vulnerability
https://www.zdnet.com/article/hackers-probe-unsecured-citrix-servers-for-netscaler-vulnerability/#ftag=RSSbaffb68
Cisco Data Center Network Manager存在多個漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1447
Cisco DCNM 發布安全更新
https://www.us-cert.gov/ncas/current-activity/2020/01/07/cisco-releases-security-updates
IBM Security Secret Server 信息泄露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4634
GitLab 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2020.0046/
Android 多個漏洞
https://source.android.com/security/bulletin/2020-01-01
微軟Access資料庫出現漏洞 或致8.5萬家企業面臨風險
https://news.sina.com.tw/article/20200108/33937806.html
安全預警- 華為部分產品的信息洩露漏洞
https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200108-01-phone-cn
NCSC Cyber Security Advisory CSA-2020-1439 Critical Vulnerability in Citrix Products
https://www.ncsc.govt.nz/newsroom/ncsc-cyber-security-advisory-csa-2020-1439/
Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy
https://threatpost.com/google-ditches-patch-disclosure-90-day-policy/151626/
Mozilla Patches Critical Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/#CVE-2019-17026
Mozilla Foundation Security Advisory 2020-01 Security Vulnerabilities fixed in Firefox 72
https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/
Mozilla Foundation Security Advisory 2020-02 Security Vulnerabilities fixed in Firefox ESR 68.4
https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/
Mozilla patches Firefox zero-day reported by Qihoo 360
https://www.zdnet.com/article/mozilla-patches-firefox-zero-day-reported-by-qihoo-360/#ftag=RSSbaffb68
U.S. Government Confirms Critical Security Warning For Firefox Users
https://www.forbes.com/sites/daveywinder/2020/01/09/us-government-confirms-critical-security-warning-for-firefox-users/#52b27f7c2ebf
Google Releases Security Updates for Chrome
https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html
Vulnerability Spotlight: Remote code execution vulnerability in E2fsprogs
https://blog.talosintelligence.com/2020/01/e2fsprogs-remote-code-execution-vuln-jan-2020.html
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
街口託付寶申購基金踩監理紅線 金管會緊盯
https://amp-news.cnyes.com/news/id/4429725
街口「託付寶」踩紅線! 金管會:去年底已拒絕
https://reurl.cc/24G2Z9
中國地下外匯交易平台突倒閉 近200萬人投資人被坑4323億元
https://ec.ltn.com.tw/article/breakingnews/3030614
外匯變傳銷,中國百萬人遭坑殺 4 千多億
https://reurl.cc/1QVb2p
大新信用卡疑洩資料 多人中招收0蚊交易通知 香港金管局:收到事故通報
https://hk.finance.appledaily.com/finance/realtime/article/20200105/60452596
信用卡系統疑現漏洞 大新:影響數千客戶惟無金錢資料損失
https://reurl.cc/ZnkvKW
香港金管局稱已收到大新通報疑有信用卡用戶資料被盜用
http://bit.ly/2ZRrEnk
保險「大魔王」後年上線 「會計準則應與金融監理脫鉤」
https://udn.com/news/story/7239/4268006
撿到提款卡!男一招破解「6位數密碼」 爽盜領46萬多元
https://www.setn.com/News.aspx?NewsID=666386
國泰世華銀加入「SWIFT gpi」 跨境匯款即時追蹤
https://tw.finance.appledaily.com/realtime/20200106/1686955/
亞馬遜申請手掌辨識專利,這三個國家早已將「掃手」落地
https://news.knowing.asia/news/7aaecdb0-6eba-47ff-a00b-ac445514c0d3
內部控制常見的八大漏洞
https://mp.weixin.qq.com/s/PVR6Zxpr1nIOKeNlFyGx9g
【2020 全科會將至】全世界駭客都愛攻擊台灣,資安產業怎麼養才對
https://buzzorange.com/techorange/2020/01/06/taiwan-cybersecurity/
利用ETC信用卡辦理漏洞竊取公民信息開通金融轉賬服務
http://news.ycwb.com/2020-01/08/content_30476243.htm
新加坡金管局﹕已收21份數字銀行申請 當中7份申零售銀行牌照
http://bit.ly/35AWwd1
集保大數據分析應用平台,助建FinTech服務生態系
https://www.chinatimes.com/realtimenews/20200109002708-260410?chdtv
神奈川警方擬在銀行設置熱成像攝像頭防詐騙
https://tchina.kyodonews.net/news/2020/01/e483f11fe934.html
6秒鐘隔空測心跳!台灣新創如何玩活體偵測技術,吸引純網銀客戶買單
https://www.bnext.com.tw/article/56239/faceheart-ces2020
紐約州長提議:「給金融監管機構更多的權力。」
http://bit.ly/36Fe09H
倫敦外匯交易公司Travelex遭惡意程式入侵,被迫採用人工交易
https://www.ithome.com.tw/news/135186
Travelex被駭遭索1.8億 拿紙筆交易
https://tw.appledaily.com/finance/20200109/2W2ZYR52UT4DIYMAPSYSQPBYZA/
TRAVELEX遭入侵被逼關電腦系統 紙筆記錄交易
https://news.rthk.hk/rthk/ch/component/k2/1501550-20200108.htm
Travelex遭黑客勒索未有通報客戶及政府捱批
https://news.now.com/home/international/player?newsId=375973
Travelex遭駭客勒索300萬美元
https://www.ithome.com.tw/news/135227
Travelex customers left in cashless limbo, ICO not formally alerted to data theft claims
https://www.zdnet.com/article/travelex-customers-left-in-cashless-limbo-uk-regulators-now-step-in/#ftag=RSSbaffb68
Currency Exchange Travelex Held Hostage by Ransomware Attack
https://www.bankinfosecurity.com/currency-exchange-travelex-held-hostage-by-ransomware-attack-a-13588
Travelex faces ransom demands following NYE malware attack
https://www.zdnet.com/article/travelex-faces-ransom-demands-following-nye-malware-attack/#ftag=RSSbaffb68
Sodinokibi Ransomware Hits Travelex, Demands $3 Million
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-travelex-demands-3-million/
Patch or Perish: VPN Servers Hit by Ransomware Attackers
https://www.bankinfosecurity.com/patch-or-perish-vpn-servers-hit-by-ransomware-attackers-a-13583
Travelex: Banks halt currency service after cyber-attack
https://www.bbc.com/news/business-51034731
New evasion techniques found in web skimmers
https://reurl.cc/4gzgvK
Researcher Spots New Tricks in Web Payment Card Skimmers
https://www.bankinfosecurity.com/researcher-spots-new-tricks-in-web-payment-card-skimmers-a-13573
Another consortium joins race for Singapore digital bank licence
https://www.zdnet.com/article/another-consortium-joins-race-for-singapore-digital-bank-licence/#ftag=RSSbaffb68
ロンドン証取のシステム障害、サイバー攻撃の可能性調査
https://jp.wsj.com/articles/SB11833998325689744897304586123174226141088
Pune: Man arrested ‘red-handed’ with ATM card-cloning device at ICICI Bank kiosk
https://indianexpress.com/article/cities/pune/pune-man-arrested-red-handed-with-atm-card-cloning-device-at-icici-bank-kiosk-6197764/
ATM Hackers Quizzed in Tripura, Agartala
https://www.sentinelassam.com/north-east-india-news/tripura-news/atm-hackers-quizzed-in-tripura-agartala/
RBI issues Cyber Security Controls Guidelines for Third party ATM Switch Application Service Providers
https://www.taxscan.in/rbi-issues-cyber-security-controls-guidelines-third-party-switch-application/42890/
Pune: Nigerian lands in cop net for card cloning ploy
https://timesofindia.indiatimes.com/city/pune/pune-nigerian-lands-in-cop-net-for-card-cloning-ploy/articleshow/73077938.cms
Miscreants steal Rs 23.5 lakh from ATM near central jail
https://timesofindia.indiatimes.com/city/bengaluru/miscreants-steal-rs-23-5-lakh-from-atm-near-central-jail-in-bengaluru/articleshow/73078376.cms
Three Chinese men exonerated in ATM skimming scams
https://www.dawn.com/news/1525901/three-chinese-men-exonerated-in-atm-skimming-scams
Cardknox payment gateway certified with Pax S920
https://www.atmmarketplace.com/news/cardknox-payment-gateway-certified-with-pax-s920/
Morning Brief 1.6.20: U.K. banks suffer fresh payment outages
https://www.paymentssource.com/news/u-k-banks-suffer-fresh-payment-outages
RBI issues Cyber Security Controls Guidelines for Third party ATM Switch Application Service Providers
https://www.taxscan.in/rbi-issues-cyber-security-controls-guidelines-third-party-switch-application/42890/
Cyber Security controls for Third party ATM Switch Application Service Providers
https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11773&Mode=0
Cyber Security Controls for ATM Switch Application Service Providers (ASPs)
https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11773&Mode=0#AN
UK government investigates possible cyberattack link to London Stock exchange outage
https://www.zdnet.com/article/uk-government-investigates-possible-cyberattack-link-to-london-stock-exchange-outage/#ftag=RSSbaffb68
Cyberattack could have taken London Stock Exchange offline
https://www.itproportal.com/news/cyberattack-could-have-taken-london-stock-exchange-offline/
GCHQ: A cyber-what-now? Rumours of our probe into London Stock Exchange 'cyberattack' have been greatly exaggerated
https://www.theregister.co.uk/2020/01/06/gchq_london_stock_exchange_cyberattack_allegation/
Iranian hackers deface US government & African bank website
https://www.hackread.com/iranian-hackers-deface-us-government-african-bank-website/
Bank of England and FCA plot internal data analytics shake-up
https://www.fintechfutures.com/2020/01/bank-of-england-and-fca-plot-internal-data-analytics-shake-up/
Ukrainian cyber police exposed a fraudulent scheme of financial auctions
https://www.ehackingnews.com/2020/01/ukrainian-cyber-police-exposed.html
ATM skimmer sentenced for fleecing $400,000 out of US banks
https://www.zdnet.com/article/atm-skimmer-sentenced-for-fleecing-400000-out-of-new-jersey-banks/
Member of ATM Skimming Conspiracy Targeting Multiple New Jersey Bank Locations Sentenced to 60 Months in Prison
https://www.justice.gov/opa/pr/member-atm-skimming-conspiracy-targeting-multiple-new-jersey-bank-locations-sentenced-60
Nigerian Banks Spent N200bn Preventing Cyber Attacks In 2019
https://economicconfidential.com/2020/01/banks-n200bn-preventing-cyber-attack/
3.電子支付/電子票證/行動支付/ pay/新聞及資安
百Pay齊放 金管會促今年電子支付達52%比重
https://reurl.cc/31E0x9
從電支電票的合併修法 ── 談支付法制之發展及本次修法特色(上)
https://www.bnext.com.tw/article/56151/electronic-payment-e-ticket
4.虛擬貨幣/區塊鍊相關新聞及資安
金融小學堂/區塊鏈錢包 打破支付國界
https://money.udn.com/money/story/9740/4266484
Hardcore | 以太坊中智能合約攻擊和漏洞百科全書
https://www.zhiguf.com/focusnews_detail/29388
開發數據金礦 建議設監理沙盒
https://www.chinatimes.com/newspapers/20200106000175-260202?chdtv
證券型代幣交易所 今年上路
https://money.udn.com/money/story/5613/4262474
虛擬貨幣也能輕鬆Pay?SecuX 設計冷錢包,存錢花錢一把罩
https://meet.bnext.com.tw/articles/view/45745
中國人民銀行表示,中國央行數字貨幣「進展順利」
https://reurl.cc/RdVern
新加坡金管局就合規交易所加密貨幣衍生品的監管問題表態
http://finance.eastmoney.com/a/202001071349253542.html
虛擬幣交易所平台的網站安全加固如何防護?從滲透測試服務開始
https://www.admin5.com/article/20200110/941210.shtml
Cryptocurrency exchange Poloniex issues password reset warning
https://reurl.cc/K6W6Ln
Characterizing and Detecting Money Laundering Activities on the Bitcoin Network
https://arxiv.org/abs/1912.12060
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
羅技軟件被曝出漏洞傳播木馬:可遠程控制受害者電腦
https://haote.net/article/22-40442.html
羅技軟體被曝出漏洞傳播木馬:可遠程控制受害者電腦
https://read01.com/KD4LAML.html#.XhSStFUzY2w
國際刑警組織讓東南亞被挖礦程式綁架的路由器減少了78%
https://www.ithome.com.tw/news/135275
伊朗駭客惡意程式已駭入美國電網、油氣公司
https://ithome.com.tw/news/135276
新年伊始,勒贖軟體繼續在美國各地傳出災情
https://www.twcert.org.tw/tw/cp-104-3206-227cc-1.html
Landry's Restaurant Chain Suffers Payment Card Theft Via PoS Malware
https://thehackernews.com/2020/01/landry-pos-malware-attack.html
Win32.Stuxnet : Part 1 - Introduction, Installation and Infection
https://www.youtube.com/watch?v=sEfqtET13SY&feature=youtu.be&t=520
Live Malware Analysis | Starship Bash Botnet
https://www.youtube.com/watch?v=g-rNFzpUmh4&feature=emb_logo
DeathRansom evolves from joke to actual ransomware
https://www.zdnet.com/article/deathransom-evolves-from-joke-to-actual-ransomware/#ftag=RSSbaffb68
High-Impact Windows 10 Security Threat Revealed As App-Killing Malware Evolves
https://www.forbes.com/sites/daveywinder/2020/01/05/alarming-new-windows-10-security-threat-as-app-killing-clop-malware-evolves/#5d8e7ae55a9f
Maze Ransomware Victim Sues Anonymous Attackers
https://www.bankinfosecurity.com/maze-ransomware-victim-sues-anonymous-attackers-a-13574
Restaurant Chain Landry's Investigates Malware Incident
https://www.bankinfosecurity.com/restaurant-chain-landrys-investigates-malware-incident-a-13571
BANKING MALWARE IN ANDROID CONTINUES TO GROW. A LOOK AT THE RECENT BRAZILIAN BANKING TROJAN BASBANKE/COYBOT
https://www.buguroo.com/en/blog/banking-malware-in-android-continues-to-grow.-a-look-at-the-recent-brazilian-banking-trojan-basbanke-coybot
The Mac Malware of 2019
https://objective-see.com/blog/blog_0x53.html
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/
Predator the Thief: Analysis of Recent Versions
https://www.fortinet.com/blog/threat-research/predator-the-thief-recent-versions.html
This password-stealing malware just got updated with new tactics to help it hide better
https://www.zdnet.com/article/this-password-stealing-malware-just-got-updated-with-new-tactics-to-help-it-hide-better/
Malware in the Cloud: Protecting Yourself Based on Your Cloud Environment
https://www.tripwire.com/state-of-security/security-data-protection/cloud/malware-cloud-protection-cloud-environment/
Predator the Thief: Analysis of Recent Versions
https://www.fortinet.com/blog/threat-research/predator-the-thief-recent-versions.html
This password-stealing malware just got updated with new tactics to help it hide better
https://www.zdnet.com/article/this-password-stealing-malware-just-got-updated-with-new-tactics-to-help-it-hide-better/
SNAKE Ransomware Is the Next Threat Targeting Business Networks
https://www.bleepingcomputer.com/news/security/snake-ransomware-is-the-next-threat-targeting-business-networks/
Naive IoT botnet wastes its time mining cryptocurrency
https://www.zdnet.com/article/naive-iot-botnet-wastes-its-time-mining-cryptocurrency/#ftag=RSSbaffb68
Drake Lyrics Used as Calling Card in Malware Attack
https://threatpost.com/drake-lyrics-used-as-calling-card-in-malware-attack/151665/
PowerPoint Malware References Drake Lyrics to Drop Lokibot & Azorult
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
REvil ransomware exploiting VPN flaws made public last April
https://nakedsecurity.sophos.com/2020/01/08/revil-ransomware-exploiting-vpn-flaws-made-public-last-april/
Dubious downloads: How to check if a website and its files are malicious
https://blog.malwarebytes.com/how-tos-2/2020/01/dubious-downloads-how-to-check-if-a-website-and-its-files-are-malicious/
Title: Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets
https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/#report
Rising sea and spam levels? Emotet campaign uses Greta Thunberg as lure
https://www.scmagazine.com/home/security-news/rising-sea-and-spam-levels-emotet-campaign-uses-greta-thunberg-as-lure/
B.行動安全 / iPhone / Android /穿戴裝置 /App
指示加強網絡安全 首長手機疑遭駭客盯上
https://eunited.com.my/332825/
如何判斷手機是否遭安裝追蹤軟體 (Stalkerware)
https://blog.trendmicro.com.tw/?p=62877
WhatsApp 通知恐怖份子帳號被駭,使歐洲政府調查受阻
https://www.inside.com.tw/article/18544-European-authorities-investigating-terror-suspect-say-WhatsApp-informed-phone-hacked
手機被駭遭勒索…《奇皇后》男星私密資料全流出!氣喊要告
https://www.setn.com/News.aspx?NewsID=667602
韓媒曝韓國10名以上頂級明星遭到駭客威脅勒索
http://n.yam.com/Article/20200108464771
發生名人三星手機駭客威脅事件
https://www.ptt.cc/bbs/KoreaStar/M.1578449276.A.93D.html
韓多名頂流藝人手機遭黑被勒索巨額,男愛豆怕影像流出被迫匯款!都用了三星這款手機
https://www.koreastardaily.com/tc/news/123342
多位韓國藝人手機資料遭盜並被勒索 正巧都用三星手機
https://www.chinatimes.com/realtimenews/20200109002358-260412?chdtv
安卓提權漏洞再遭利用,攻擊者疑似來自印度網軍
https://www.secrss.com/articles/16476
FBI又要求蘋果解鎖iPhone協助破案
https://www.ithome.com.tw/news/135242
瑞幸咖啡回應App被工信部點名:為防止駭客騙取首杯免費
https://ek21.com/news/tech/170801/
資安漏洞頻傳,抖音母公司將導入區塊鏈技術
https://media.ace.io/tiktoks-owner-pivots-to-blockchain-as-app-security-flaws/
抖音國際版TikTok被爆可被黑客竊取信息及劫持視頻
https://www.leiphone.com/news/202001/YMgTl2sshO2cfeif.html
政府が無料配布するスマートフォンに中国製らしき悪質なアプリがプリインストールされていたと判明
https://gigazine.net/news/20200110-government-funded-phone-malware/
3 Google Play Store Apps Exploit Android Zero-Day Used by NSO Group
https://thehackernews.com/2020/01/android-zero-day-malware-apps.html
Researchers Demonstrate How to Hack Any TikTok Account by Sending SMS
https://thehackernews.com/2020/01/hack-tiktok-account.html
How to stop your iPhone and apps from tracking you 24/7
https://www.zdnet.com/article/how-to-stop-your-iphone-and-apps-from-tracking-you-247/#ftag=RSSbaffb68
Apple targets jailbreaking in lawsuit against iOS virtualization company
https://news.hitb.org/content/apple-targets-jailbreaking-lawsuit-against-ios-virtualization-company
FBI Asks Apple for Access to Saudi Shooter's iPhones
https://www.bankinfosecurity.com/fbi-asks-apple-for-access-to-saudi-shooters-iphones-a-13586
Lawmakers Prod FCC to Act on SIM Swapping
https://krebsonsecurity.com/2020/01/senators-prod-fcc-to-act-on-sim-swapping/
Unremovable malware found preinstalled on low-end smartphone sold in the US
https://www.zdnet.com/article/unremovable-malware-found-preinstalled-on-low-end-smartphone-sold-in-the-us/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
2020年10大資安趨勢預測
https://www.ithome.com.tw/article/135183
2020資安趨勢重點整理
https://www.ithome.com.tw/voice/135171
嫌犯製「機械手臂」自動洗錢 不法所得破百億
https://news.tvbs.com.tw/local/1259401
香港警方過去半年閱 3721 部被捕人手機 李家超:全獲搜查令 拒答有否用駭客軟件
http://bit.ly/2T1JxyB
政府網軍竊密碼? 多名能源人士收到通知
https://news.tvbs.com.tw/politics/1259887
陳立誠扯密碼被「政府網軍」駭?Google駁「是資安提醒」
https://newtalk.tw/news/view/2020-01-08/351622
政府網軍竊密碼? 多名能源人士收到通知
http://bit.ly/2tIPyW2
消費者對連網住宅資安與隱私風險了解不足、缺乏有效作為
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000575996_pzd8j763lp695v5nxyb1w
Nexusguard研究表示,DNS放大攻擊年增近4,800% SYN洪水攻擊急增惹關注
https://times.hinet.net/news/22725538
利用url跳轉漏洞冒充公安局官網的騷操作
https://www.77169.net/html/249117.html
被駭超過20次卻不知不覺的InfoTrax與FTC和解
https://www.ithome.com.tw/news/135215
【除夕大抽獎】電郵設定兩漏洞變「垃圾」 旅發局聘獨立顧問檢討
https://reurl.cc/0zqzWM
有漏洞、頁面被篡改、非法收集個人信息…貴陽網警嚴查網絡違法
http://www.chinapeace.gov.cn/chinapeace/c53721/2020-01/06/content_12314219.shtml
源頭之戰,不斷升級的攻防對抗技術—— 軟件供應鏈攻擊防禦探索
https://security.tencent.com/index.php/blog/msg/140
翟本喬協助逮「黑韓」網軍 徐永明:時力揭弊只問是非
https://udn.com/news/story/9261/4277238
專家:大陸重構了網路能力
https://www.chinatimes.com/realtimenews/20200109001417-260409?chdtv
美國FBI最想定罪的“邪惡公司”首領:年僅32歲吸金億萬美元
https://www.freebuf.com/news/223492.html
美軍將撤離是假消息!科威特國家通訊社:遭駭客入侵
https://news.ltn.com.tw/news/world/breakingnews/3034291
消息超亂!科威特媒體稱「美軍3天內撤軍」 政府急澄清:被駭客攻擊
https://www.ettoday.net/news/20200108/1620926.htm
怕美國將撤軍消息洩露歸罪“俄駭客” 俄外交官這樣溫馨提示
http://big5.eastday.com:82/gate/big5/news.eastday.com/w/20200107/u1ai20287478_K26845.html
伊朗將領遭狙殺駭客也怒了 侵入美政府網頁誓復仇
https://www.cna.com.tw/news/aopl/202001050120.aspx
伊朗駭客侵入美政府機關網站 誓為蘇雷曼尼報仇
https://reurl.cc/rlql4k
伊朗將領遭狙殺駭客也怒了 侵入美政府網頁誓復仇
https://www.setn.com/News.aspx?NewsID=666653
伊朗將領遭狙殺 英相:不會哀嘆他的死
https://www.ntdtv.com/b5/2020/01/06/a102746042.html
白宮下設網站遭入侵長達1小時 駭客留下一張意味深長的圖
https://ek21.com/news/business/104973/
白宮下設網站遭入侵黑客留下一張意味深長的圖
https://news.ji-qi.com/world/economics/202001/92-1710471.html
美國土安全部警告企業,伊朗可能發動網路攻擊
https://ithome.com.tw/news/135217
美聯邦官網被疑似伊朗駭客攻破 當局已實施監測
http://big5.eastday.com:82/gate/big5/news.eastday.com/w/20200107/u1ai20287381.html
美中第二階段談判將啟動 聚焦中共駭客竊盜
https://reurl.cc/lLrx9j
Half of the websites using WebAssembly use it for malicious purposes
https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes/#ftag=RSSbaffb68
New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild
https://www.sec.cs.tu-bs.de/pubs/2019a-dimva.pdf
UK man sentenced to prison for hacking and spying on victims through their webcams
https://www.zdnet.com/article/uk-man-sentenced-to-prison-for-hacking-and-spying-on-victims-through-their-webcams/#ftag=RSSbaffb68
New Iranian data wiper malware hits Bapco, Bahrain's national oil company
https://www.zdnet.com/article/new-iranian-data-wiper-malware-hits-bapco-bahrains-national-oil-company/#ftag=RSSbaffb68
Saudi Arabia CNA report
https://www.scribd.com/document/442225568/Saudi-Arabia-CNA-report#download
Austria's foreign ministry says facing 'serious cyber attack'
https://www.afp.com/en/news/15/austrias-foreign-ministry-says-facing-serious-cyber-attack-doc-1ng2hj1
November 2019 Cyber Attacks Statistics
https://www.hackmageddon.com/2019/12/18/november-2019-cyber-attacks-statistics/
Preparing for Potential Iranian 'Wiper' Attacks
https://www.bankinfosecurity.com/interviews/preparing-for-potential-iranian-wiper-attacks-i-4566
Iranian Cyberattacks: 10 Must-Have Defenses
https://www.bankinfosecurity.com/blogs/iranian-cyberattacks-10-must-have-defenses-p-2848
Global Cyber Alliance President on Iranian Cyber Threat
https://www.bankinfosecurity.com/interviews/global-cyber-alliance-president-on-iranian-cyber-threat-i-4564
Iranian cyberattacks feared after killing of top general
https://apnews.com/aa3ddd9dd24b79f8ec76aa1a6487e4fc
US Conflict With Iran Sparks Cybersecurity Concerns
https://www.bankinfosecurity.com/us-conflict-iran-sparks-cybersecurity-concerns-a-13576
5 technology trends for the roaring 20s, part 1: Blockchain, cloud, open source
https://www.zdnet.com/article/5-technology-trends-for-the-roaring-20s-part-one-blockchain-cloud-open-source/#ftag=RSSbaffb68
Chrome to show error codes, similar to Windows BSOD screens
https://www.zdnet.com/article/chrome-to-show-error-codes-similar-to-windows-bsod-screens/#ftag=RSSbaffb68
'Serious cyber-attack' on Austria's foreign ministry
https://www.bbc.com/news/world-europe-50997773
Cybersecurity Data Sharing: A Federal Progress Report
https://www.bankinfosecurity.com/cybersecurity-data-sharing-federal-progress-report-a-13575
Analysis: Countering Nation-State Attacks in 2020
https://www.bankinfosecurity.com/interviews/analysis-countering-nation-state-attacks-in-2020-i-4561
WARNING FOR INTENSE CYBERWAR: IRAN HACKS US GOVERNMENT WEBSITE FOR REVENGE
https://www.analyticsinsight.net/warning-intense-cyberwar-iran-hacks-us-government-website-revenge/
HOW NORTH KOREA HACKERS ATTACK MAJOR CYBERSECURITY WEAKNESSES ACROSS THE GLOBE
https://analyticsindiamag.com/how-north-korea-hackers-attack-major-cybersecurity-weaknesses-across-the-globe/
Microsoft: RDP brute-force attacks last 2-3 days on average
https://www.zdnet.com/article/microsoft-rdp-brute-force-attacks-last-2-3-days-on-average/#ftag=RSSbaffb68
Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks
http://bit.ly/2Fp7TKn
FBI Investigating How Town Defrauded of $1 Million: Report
https://www.bankinfosecurity.com/fbi-investigating-how-town-defrauded-1-million-report-a-13580
Analysis: Threat Posed by Pro-Iranian Hackers
https://www.bankinfosecurity.com/analysis-threat-posed-by-pro-iranian-hackers-a-13579
US Conflict With Iran Sparks Cybersecurity Concerns
https://www.bankinfosecurity.com/us-conflict-iran-sparks-cybersecurity-concerns-a-13576
The Everyday Cyber Threat Landscape: Trends from 2019 to 2020
https://newsroom.trendmicro.com/blog/simply-security/everyday-cyber-threat-landscape-trends-2019-2020
NIST 800-171 & Why Organizations Need Password Similarity Blocking in Active Directory
https://www.bankinfosecurity.com/blogs/nist-800-171-organizations-need-password-similarity-blocking-in-active-p-2838
City of Las Vegas said it successfully avoided devastating cyber-attack
https://www.zdnet.com/article/city-of-las-vegas-said-it-successfully-avoided-devastating-cyber-attack/#ftag=RSSbaffb68
INTERPOL Collaboration Reduces Cryptojacking by 78%
https://blog.trendmicro.com/interpol-collaboration-reduces-cryptojacking-by-78/
The Six Pillars of Effective Security Operations
https://blog.paloaltonetworks.com/2020/01/cortex-security-operations/
6 ways hackers are targeting retail businesses
https://blog.malwarebytes.com/web-threats/2020/01/6-ways-hackers-are-targeting-retail-businesses/
Router Cryptojacking Campaigns Disrupted
https://www.bankinfosecurity.com/router-cryptojacking-campaigns-disrupted-a-13592
Automated host recon, persistence and exfiltration
https://medium.com/@Bank_Security/automated-host-recon-persistence-and-exfiltration-85d49423dcc2
Threat Source newsletter (Jan. 9, 2019)
https://blog.talosintelligence.com/2020/01/threat-source-newsletter-jan-9-2019.html
DATA HACK Dixons Carphone fined £500,000 after hackers targeted 14million customers
https://www.thesun.co.uk/money/10707151/dixons-carphone-fined-500000-hackers-customers/
板橋〈資安〉工程師
https://www.104.com.tw/job/6jwq9
資安工程師/資深安全專家 (w0012)
https://www.104.com.tw/job/6u5zn
資深資安工程師 (資安專家)
https://www.104.com.tw/job/6u5p3
[招聘] 北京頂象技術有限公司招聘漏洞研究員/安全專家
https://www.52pojie.cn/thread-1084834-1-1.html
專案與資安業務專員、專案與HR產品業務人員
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=93184&HIRE_ID=9469597
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
工程師不爽抖內仍被甩 駭女網友裸照PO網判1年3月
https://www.chinatimes.com/realtimenews/20200105001055-260402?chdtv
「抖內」女網友發現養小白臉 竹科新貴駭進雲端散布性愛片
https://m.ltn.com.tw/news/society/breakingnews/3030361
發財夢遮眼!他狂匯款...堅信可預測台彩號碼 億萬富翁夢碎了
https://www.ettoday.net/news/20200103/1616729.htm
日本愛情旅館搜尋引擎資料外洩,最壞結果資料被用來勒索
http://technews.tw/2020/01/07/japanese-love-hotel-search-website-date-breach-the-worst-situation-is-user-is-blackmailed/
美國社區醫院郵件帳號外洩波及近5萬名病患個資
https://www.ithome.com.tw/news/135245
手機自動傳百通 「星巴克請喝咖啡」急收回
https://news.tvbs.com.tw/life/1260159
去年首3季4500科技罪案 多屬網騙
http://bit.ly/35EiPyy
駭客「盜走」1000億?176萬人受害 手法與5年前「犯事」非法平臺雷同
https://ek21.com/news/business/105413/
School management software provider discloses severe security breach
https://www.zdnet.com/article/school-management-software-provider-discloses-severe-security-breach/#ftag=RSSbaffb68
Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’
https://www.theguardian.com/uk-news/2020/jan/04/cambridge-analytica-data-leak-global-election-manipulation
Search engine for Japanese sex hotels announces security breach
https://www.zdnet.com/article/search-engine-for-japanese-sex-hotels-announces-security-breach/
Hackers steal sensitive data from Japanese search engine for sex hotels
https://www.hackread.com/hackers-steal-data-japanese-search-engine-sex-hotels/
Microsoft Phishing Scam Exploits Iran Cyberattack Scare
https://www.bleepingcomputer.com/news/security/microsoft-phishing-scam-exploits-iran-cyberattack-scare/
TEXT SCAM Bank of Ireland warn customers of scam messages after fraudsters send texts to customers seeking personal information
https://www.thesun.ie/news/4971635/bank-of-ireland-warn-fraud-scam-messages/
E.研究報告
108年第3季資通安全技術報告
https://download.nccst.nat.gov.tw/attachfilenew/108_Q3_Cyber%20Security%20Technology%20Report.pdf
淺析通過操縱BGP Communities影響路由選路
https://www.freebuf.com/articles/network/223879.html
D-Link DIR-859的RCE漏洞(CVE-2019–17621)
https://www.freebuf.com/column/224459.html
Spelevo EK 使用社會工程技術
https://www.chainnews.com/zh-hant/articles/085401388235.htm
Nagios XI遠程命令執行漏洞(CVE-2019-20197)
https://s.tencent.com/research/bsafe/868.html
【代碼審計】某JA網站內容管理系統模板注入漏洞
https://zhuanlan.zhihu.com/p/100864935
107 年 12月份 TWCERT/CC資安情資電子報
https://reurl.cc/5gxqry
濫用ThinkPHP 漏洞的殭屍網絡Hakai 和Yowai
https://zhuanlan.zhihu.com/p/100574038
網絡空間安全時代的紅藍對抗建設
https://security.tencent.com/index.php/blog/msg/139
挖洞經驗| 用空字節(Null Byte)觸發內存洩露的4萬美金漏洞
https://www.freebuf.com/vuls/224088.html
深度研究Pass-the-Hash攻擊與防禦
https://xz.aliyun.com/t/7051
為何在 Docker 中執行特權容器不是個好主意
https://blog.trendmicro.com.tw/?p=62986
要如何找出無線設備獨一無二的射頻指紋
https://secbuzzer.co/post/85
[資訊安全] Web Application Security Testing Note
https://github.com/MksYi/Web-Application-Security-Testing-Note
震網三代CVE-2017-8464漏洞復現
https://zhuanlan.zhihu.com/p/101608776
挖洞經驗| 利用越權漏洞竊取Airbnb房東的收款資金
https://www.freebuf.com/vuls/224431.html
教你利用繞過 UAC 對話框的漏洞
https://www.chainnews.com/zh-hant/articles/687022389326.htm
CVE-2019-10758 mongo-express RCE漏洞分析
https://xz.aliyun.com/t/7066
Open Webmail郵件系統安全管理與防護指南
https://cert.tanet.edu.tw/prog/opendoc.php?id=2020010610014343586025745412569.pdf
LINE Taiwan Security Meetup – BECKS #4
https://engineering.linecorp.com/zh-hant/blog/becks-meetup-0918/
Brief Analysis of the FDLP.gov Deface
https://medium.com/@sshell_/brief-analysis-of-the-fdlp-gov-deface-980caba9c786
Bypassing AV via in-memory PE execution
https://blog.dylan.codes/bypassing-av-via/
Top 10 Dangerous DNS Attacks Types and The Prevention Measures
https://cybersecuritynews.com/dns-attacks/
First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
http://bit.ly/2Qt9MME
Fasten your Recon process using Shell Scripting
https://reurl.cc/D121L5
ahmetb/kubectl-tree
https://github.com/ahmetb/kubectl-tree
shodansploit
https://github.com/shodansploit/shodansploit
Open Redirect Payloads
https://github.com/cujanovic/Open-Redirect-Payloads
Blind WAF identification tool
https://github.com/stamparm/identYwaf
yeyintminthuhtut/Awesome-Red-Teaming
https://github.com/yeyintminthuhtut/Awesome-Red-Teaming/blob/master/README.md
Command Injection Through BLH
https://medium.com/@trapp3rhat/command-injection-through-blh-3c32614bb395?
DomLink
https://github.com/vysecurity/DomLink
Gather urls from wayback machine
https://github.com/ghostlulzhacks/waybackSqliScanner
Awesome Security
https://github.com/sbilly/awesome-security/blob/master/README.md
awesome-forensics
https://github.com/alphaSeclab/awesome-forensics/blob/master/Readme_en.md
xingkong123600/AngelSword
https://github.com/xingkong123600/AngelSword
cnlh/nps
https://github.com/cnlh/nps
EmotetについてATT&CKを使って調べてみた
https://qiita.com/IK_PE/items/201e6b900e0de1d9fc89
AIOOSCP/hash-identifier
https://github.com/AIOOSCP/hash-identifier
3gstudent/pyKerbrute
https://github.com/3gstudent/pyKerbrute//
PandoraFMS v7.0NG authenticated Remote Code Execution (CVE-2019-15029)
https://shells.systems/pandorafms-v7-0ng-authenticated-remote-code-execution-cve-2019-15029/
December honeypot report
https://bontchev.nlcv.bas.bg/articles/?y=2020&m=01
Active Directory forest trusts part 1 - How does SID filtering work
https://dirkjanm.io/active-directory-forest-trusts-part-one-how-does-sid-filtering-work/
Updated: Basic IPv6 Troubleshooting Commands / IPv6 Rosetta Stone 2019
https://theinternetprotocolblog.wordpress.com/2019/11/04/basic-ipv6-troubleshooting-commands-i-ipv6-rosetta-stone-2019/
GHC + GDB
https://asciinema.org/a/mzQFrJefYQyIYA5MyappydgzP
iOS Application Injection
https://arjunbrar.com/post/ios-application-injection
CyberTruck Challenge 2019 — Android CTF
https://medium.com/bugbountywriteup/cybertruck-challenge-2019-android-ctf-e39c7f796530
DNS Hijacking: A New Method of MitM Attack Observed in the Wild
https://www.airoav.com/dns-hijacking-a-new-method-of-mitm-attack-observed-in-the-wild/
cat ~/footstep.ninja/blog.txt
https://footstep.ninja/posts/exploiting-self-xss/
cseagle/blc
https://github.com/cseagle/blc
HTML Injection
https://www.hackingcastle.com/2020/01/html-injection-tutorial.html
Alert Alarm SMS exploit - English version
https://jyx.github.io/alert-alarm-exploit.html
Decrypting config.bin files for TP-Link WR841N, WA855RE, and probably
https://assemblyofsecrets.blogspot.com/2020/01/decrypting-configbin-files-for-tp-link.html
How to Break PDFs Breaking PDF Encryption and PDF Signatures
https://media.ccc.de/v/36c3-10832-how_to_break_pdfs
Burp Suite Series – Demonstrate Runtime File Payload
https://hackersonlineclub.com/burp-suite-series-demonstrate-runtime-file-payload/
Kali Linux Announced New Kali 2020.1 Comes With “Non-Root Users By Default”
https://reurl.cc/b6rYkr
VB2019 paper: Catch me if you can: detection of injection exploitation by validating query and API integrity
https://www.virusbulletin.com/blog/2020/01/vb2019-paper-catch-me-if-you-can-detection-injection-exploitation-validating-query-and-api-integrity/
cyberark/SkyArk
https://github.com/cyberark/SkyArk/blob/master/README.md
Virtualization Forensics: Live Acquisition of VMs
https://netseedblog.com/security/usb-forensics/
Tishna Automated pentest framework for Servers, Application Layer to Web Security
https://hackingpassion.com/tishna-automated-pentest-framework/
HTTP Request Smuggling + IDOR
https://hipotermia.pw/bb/http-desync-idor
Threat Hunting: Detecting Web Shells
https://medium.com/@alpinoacademy/threat-hunting-detecting-web-shells-d9e1e8c6de2a
Advanced Mobile Forensics Investigation Software
https://hackersonlineclub.com/advanced-mobile-forensics-investigation-software/
Graylog2/graylog-plugin-threatintel
https://github.com/Graylog2/graylog-plugin-threatintel
Energetic Bear/Crouching Yeti: attacks on servers
https://securelist.com/energetic-bear-crouching-yeti/85345/
Difference Between IDS, IPS, Anti-virus
https://www.studynotesandtheory.com/blog/category/Communications%20and%20Network%20Security
CyberTruck Challenge 2019 — Android CTF
https://medium.com/bugbountywriteup/cybertruck-challenge-2019-android-ctf-e39c7f796530
sundowndev/PhoneInfoga
https://github.com/sundowndev/PhoneInfoga
aquasecurity/harbor-scanner-aqua
https://github.com/aquasecurity/harbor-scanner-aqua
Installing SystemWebView
https://github.com/bromite/bromite/wiki/Installing-SystemWebView
Bash for Everyone — Part 1
https://medium.com/@ehsahil/bash-cookbook-for-everyone-part-1-cc98251e2887
Enviro pHAT Raspberry Pi review
https://magpi.raspberrypi.org/articles/enviro-phat-raspberry-pi-review
MSAdministrator/apt33_apt34_possible_commands.md
https://gist.github.com/MSAdministrator/7a61025263e279a740835da4b205e6d0
maldevel/PenTestKit
https://github.com/maldevel/PenTestKit
Neo23x0/ sigma
https://github.com/Neo23x0/sigma/blob/master/rules/web/web_citrix_cve_2019_19781_exploit.yml
nongiach/pyrofipass
https://github.com/nongiach/pyrofipass/blob/master/pyrofipass.py
XposedOrNot - Tool To Search An Aggregated Repository Of Xposed Passwords Comprising Of ~850 Million Real Time Passwords
https://www.kitploit.com/2020/01/xposedornot-tool-to-search-aggregated.html
xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/
Hold My Beer Mirai – Spinoff Named ‘LiquorBot’ Incorporates Cryptomining
https://labs.bitdefender.com/2020/01/hold-my-beer-mirai-spinoff-named-liquorbot-incorporates-cryptomining/
Getting Started with ATT&CK
https://www.mitre.org/sites/default/files/publications/mitre-getting-started-with-attack-october-2019.pdf
jas502n/CVE-2019-20197
https://github.com/jas502n/CVE-2019-20197
Continued Escalation of Tensions in the Middle East
https://blog.talosintelligence.com/2020/01/mideast-tensions-preparations.html
log2timeline/dftimewolf
https://github.com/log2timeline/dftimewolf
Smartphone shopaholic
https://securelist.com/smartphone-shopaholic/95544/
AD Fly Tool
https://0xsp.com/secploit-exploits-terminal/ad-fly-tool
offensive-hub/black-widow
https://github.com/offensive-hub/black-widow
KnightSec-Official/Phlexish
https://github.com/KnightSec-Official/Phlexish
securethelogs/Bluechecker
https://github.com/securethelogs/Bluechecker
F.商業
關貿網路武功強,去年抵禦30億次駭客攻擊
http://bit.ly/37ExBGU
安華聯網 Secure by Design 榮獲亞太區10大資安新創企業
https://ithome.com.tw/pr/135232
博通將原賽門鐵克網路安全服務部門賣給Accenture
https://www.ithome.com.tw/news/135235
物聯網隱藏資安風險 果核數位 AI SOC服務
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=8777
Cloudflare釋出零信任安全工具組Cloudflare for Teams
https://ithome.com.tw/news/135241
叡揚資訊10日興櫃掛牌 持續創新企業軟體應用與雲端服務
http://n.yam.com/Article/20200108177659
上月業績快報/安碁資訊+56% 攀峰
https://money.udn.com/money/story/11120/4275892
Extrahop網路偵測與回應系統能解析網路第2至第7層流量
https://www.ithome.com.tw/review/133851
Palo Alto Networks分享最新2020年資安趨勢預測報告 5G資安問題要關注
https://www.computerdiy.com.tw/20200109_palo-alto-networks/
中華電信板橋雲端資料中心成功取得SOC報告認證
https://times.hinet.net/news/22731291
雲端服務業者提供使用者帳戶安全保護
https://www.twcert.org.tw/tw/cp-104-3208-ca6d1-1.html
Are You Ready for Microsoft Windows 7 End of Support on 14th January 2020
https://thehackernews.com/2020/01/windows-7-support-ends.html
New Windows 10 Fast Ring test build adds new Task Manager, Notification options
https://www.zdnet.com/article/new-windows-10-fast-ring-test-build-adds-new-task-manager-notification-options/#ftag=RSSbaffb68
G.政府
內政部補助地方政府強化戶役政基層機關資安防護及區域聯防計畫作業要點
https://glrs.moi.gov.tw/LawContent.aspx?id=GL001038#lawmenu
推進數位發展 政府擬設專責部會
https://money.udn.com/money/story/5648/4269662
國發會計劃年底提出「開放資料專法」草案 強化數位治理
https://newtalk.tw/news/view/2020-01-02/348950
【2020十大資安趨勢7:法規遵循】資安法適用範圍擴及關鍵基礎設施,個資法為了因應GDPR將修法
https://ithome.com.tw/news/135179
【2020十大資安趨勢9:5G資安】NCC要求所有電信業者,5G資安要做到Security By Design
https://www.ithome.com.tw/news/135181
【2020十大資安趨勢10:資安人才】培育學校生根有成,資安人才與產業接軌是關鍵
https://times.hinet.net/topic/22730677
三總與中科院通過資安管理驗證 環奧頒證
https://money.udn.com/money/story/5635/4276466
中東局勢緊張 國安機制啟動
https://ec.ltn.com.tw/article/paper/1344754
Windows 7終止支援服務專區
https://www.nccst.nat.gov.tw/Win7EndOfSupportIntro?lang=zh
H.工控系統/SCADA/ICS
MITRE正式發布針對工業控制系統的ATT&CK for ICS
https://www.ithome.com.tw/news/135243
提高智慧電錶全生命週期的隱私性與安全性
https://www.eettaiwan.com/news/article/20200109TA31-Enhancing-Privacy-and-Security-in-the-Smart-Meter-Life-Cycle
工業製造業者遭網路間諜鎖定
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16339
I.教育訓練
社交工程資安教育訓練(108上半年)
https://elearn.hrd.gov.tw/info/10014130
你對資訊安全了解多少? 快利用1 Day學習網路上查不到的專業資安基礎知識
https://ithome.com.tw/pr/135223
[Trend Micro]-【資安防護直播研討會】全面晉級資安防衛戰 2/12
https://reurl.cc/0zqzll
SSCP從七大領域提昇資安知識,解決各種常見難題
https://ithome.com.tw/pr/135220
Web漏洞總結: OWASP Top 10
https://www.cnblogs.com/pengdai/p/12169534.html
OSCP Goldmine (not clickbait)
http://0xc0ffee.io/blog/OSCP-Goldmine
SSH Pentesting Guide
https://community.turgensec.com/ssh-hacking-guide/
Updated: Basic IPv6 Troubleshooting Commands / IPv6 Rosetta Stone 2019
https://theinternetprotocolblog.wordpress.com/2019/11/04/basic-ipv6-troubleshooting-commands-i-ipv6-rosetta-stone-2019/
【Webエンジニアど素人から3年生ぐらいになるまでに読むと良い本】を段階的にまとめた
https://qiita.com/JunyaShibato/items/3aa5f7f3fc991de17f3f
Wireshark Tutorial: Examining Ursnif Infections
https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-ursnif-infections/
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
歐盟網路資安局發表 IoT 資安報告,聚焦軟體開發設計安全
https://koin.kcg.gov.tw/?p=2586
網路攻擊事件頻傳 資安已成嵌入式系統重大挑戰
https://smartauto.ctimes.com.tw/DispArt-tw.asp?O=200107113050
央視曝數十萬個家用cam被入侵 黑客靠網售帳號牟利
https://reurl.cc/1QNoVG
中國數十萬只家用監視器帳號遭破解 通過網絡銷售
https://reurl.cc/D1rZ2O
FBI recommends keeping your IoT devices on a separate network
https://www.iottechnews.com/news/2019/dec/06/fbi-recommends-iot-devices-separate-network/
Xiaomi Cameras Connected to Google Nest Expose Video Feeds From Others
https://thehackernews.com/2020/01/google-nest-xiaomi-camera.html
Insight Partners' Latest Purchase: IoT Security Firm Armis
https://www.bankinfosecurity.com/insight-partners-latest-purchase-iot-security-firm-armis-a-13584
6.近期資安活動及研討會
AIS3 EOF資安搶旗競賽 1/11
https://ais3.org/eof
MLDM Monday x PyData Taiwan | TBD (about Shioaji) 1/13
https://www.meetup.com/Taiwan-R/events/266715784/
SANS Threat Hunting London Summit & Training 2020 1/13 ~ 1/18
https://www.sans.org/event/threat-hunting-europe-2020
GitLab Commit San Francisco 1/14
https://about.gitlab.com/events/commit/#attend-sanfrancisco
資安實務專題課程-Windows 惡意程式分析實務 1/14 ~ 1/17
https://isip.moe.edu.tw/wordpress/?p=1789
Build Your Security Token Blockchain - 如何打造證券型代幣區塊鏈 1/14
https://www.meetup.com/Polkadot-Taipei/events/267377249/
Elixir.tw Taipei Meetup inside 默默會(mokumokukai) 1/14
https://www.meetup.com/elixirtw-taipei/events/267421068/
Scala Taiwan #36 - Scala through lenses 1/14
https://www.meetup.com/Scala-Taiwan-Meetup/events/267314640/
Hacking Thursday 1/16
http://www.hackingthursday.org/invite
A meetup with Laurence Moroney 1/16
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/267109922/
ANSYS Workbench結構分析基礎課程 1/16 ~ 1/17
https://reurl.cc/mdjz7l
Japan Security Analyst Conference 1/17
https://jsac.jpcert.or.jp/
WizardAmigos CodeCamp [Taipei,JavaScript,English] 1/20
https://www.meetup.com/WizardAmigos/events/bbdclrybccbbc/
Cyber Security for Critical Assets (CS4CA) MENA 1/20 ~ 1/21
https://mena.cs4ca.com/?ref=infosec-conferences.com
PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world
2020核果資訊冬季班 Python 程式語言 (Level 1) 1/22~ 2/13
https://www.accupass.com/event/1911150442131985092910
Hacking Thursday 1/23
http://www.hackingthursday.org/invite
Security Hell Conference (SH3LLCON) 1/24 ~ 1/25
https://www.sh3llcon.es/?ref=infosec-conferences.com
NextGen SCADA 1/27 ~ 1/31
https://www.smartgrid-forums.com/forums/nextgen-scada-global/
Cranfield University Cyber Symposium 1/28 ~ 1/29
https://www.cranfield.ac.uk/events/symposia/cyber
International Cyber Security Forum (FIC) 1/28 ~ 1/30
https://www.forum-fic.com/en/home.htm
Free and Safe in Cyberspace 1/29
https://www.free-and-safe.org/
Hacking Thursday 1/30
http://www.hackingthursday.org/invite
制御システムセキュリティカンファレンス 2020 2020年2月14日
https://www.jpcert.or.jp/event/ics-conference2020.html
CYBERSEC 2020 臺灣資安大會 3/17 ~ 3/19
https://cyber.ithome.com.tw/
black ASIA 2020 Singapore 3/31 ~ 4/3
https://www.blackhat.com/asia-20/briefings/schedule/
2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore
https://www.icscybersecurityconference.com/singapore/
沒有留言:
張貼留言