跳到主要內容

資安事件新聞週報 2020/1/6 ~ 2020/1/10






資安事件新聞週報 2020/1/6 ~ 2020/1/10
1.重大弱點漏洞/後門/Exploit/Zero Day
Project Zero調整漏洞揭露政策,漏洞細節一律通報後90天才公開
https://www.ithome.com.tw/news/135265

Ruckus 產品多個漏洞
https://www.ruckuswireless.com/security/299/view/pdf

思科修補可繞過身分認證並執行任意行動的安全漏洞
https://ithome.com.tw/news/135203

近期多家VPN設備資安漏洞,相關單位應立即檢視以降低資安威脅
https://www.twcert.org.tw/tw/cp-15-3211-f51e9-1.html

Citrix應用伺服器與閘道器產品存在安全漏洞(CVE-2019-19781)
http://net.nthu.edu.tw/2009/mailing:announcement:20200109_01

Citrix部分產品存在遠端執行程式碼漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1448

Hackers probe Citrix servers for weakness to remote code execution vulnerability
https://www.zdnet.com/article/hackers-probe-unsecured-citrix-servers-for-netscaler-vulnerability/#ftag=RSSbaffb68

Cisco Data Center Network Manager存在多個漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1447

Cisco DCNM 發布安全更新
https://www.us-cert.gov/ncas/current-activity/2020/01/07/cisco-releases-security-updates

IBM Security Secret Server 信息泄露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4634

GitLab 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2020.0046/

Android 多個漏洞
https://source.android.com/security/bulletin/2020-01-01

微軟Access資料庫出現漏洞 或致8.5萬家企業面臨風險
https://news.sina.com.tw/article/20200108/33937806.html

安全預警- 華為部分產品的信息洩露漏洞
https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200108-01-phone-cn

NCSC Cyber Security Advisory CSA-2020-1439 Critical Vulnerability in Citrix Products
https://www.ncsc.govt.nz/newsroom/ncsc-cyber-security-advisory-csa-2020-1439/

Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy
https://threatpost.com/google-ditches-patch-disclosure-90-day-policy/151626/

Mozilla Patches Critical Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/#CVE-2019-17026

Mozilla Foundation Security Advisory 2020-01 Security Vulnerabilities fixed in Firefox 72
https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/

Mozilla Foundation Security Advisory 2020-02 Security Vulnerabilities fixed in Firefox ESR 68.4
https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/

Mozilla patches Firefox zero-day reported by Qihoo 360
https://www.zdnet.com/article/mozilla-patches-firefox-zero-day-reported-by-qihoo-360/#ftag=RSSbaffb68

U.S. Government Confirms Critical Security Warning For Firefox Users
https://www.forbes.com/sites/daveywinder/2020/01/09/us-government-confirms-critical-security-warning-for-firefox-users/#52b27f7c2ebf

Google Releases Security Updates for Chrome
https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html

Vulnerability Spotlight: Remote code execution vulnerability in E2fsprogs
https://blog.talosintelligence.com/2020/01/e2fsprogs-remote-code-execution-vuln-jan-2020.html

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
街口託付寶申購基金踩監理紅線 金管會緊盯
https://amp-news.cnyes.com/news/id/4429725

街口「託付寶」踩紅線! 金管會:去年底已拒絕
https://reurl.cc/24G2Z9

中國地下外匯交易平台突倒閉 近200萬人投資人被坑4323億元
https://ec.ltn.com.tw/article/breakingnews/3030614

外匯變傳銷,中國百萬人遭坑殺 4 千多億
https://reurl.cc/1QVb2p

大新信用卡疑洩資料 多人中招收0蚊交易通知 香港金管局:收到事故通報
https://hk.finance.appledaily.com/finance/realtime/article/20200105/60452596

信用卡系統疑現漏洞 大新:影響數千客戶惟無金錢資料損失
https://reurl.cc/ZnkvKW

香港金管局稱已收到大新通報疑有信用卡用戶資料被盜用
http://bit.ly/2ZRrEnk

保險「大魔王」後年上線 「會計準則應與金融監理脫鉤」
https://udn.com/news/story/7239/4268006

撿到提款卡!男一招破解「6位數密碼」 爽盜領46萬多元
https://www.setn.com/News.aspx?NewsID=666386

國泰世華銀加入「SWIFT gpi」 跨境匯款即時追蹤
https://tw.finance.appledaily.com/realtime/20200106/1686955/

亞馬遜申請手掌辨識專利,這三個國家早已將「掃手」落地
https://news.knowing.asia/news/7aaecdb0-6eba-47ff-a00b-ac445514c0d3

內部控制常見的八大漏洞
https://mp.weixin.qq.com/s/PVR6Zxpr1nIOKeNlFyGx9g

【2020 全科會將至】全世界駭客都愛攻擊台灣,資安產業怎麼養才對
https://buzzorange.com/techorange/2020/01/06/taiwan-cybersecurity/

利用ETC信用卡辦理漏洞竊取公民信息開通金融轉賬服務
http://news.ycwb.com/2020-01/08/content_30476243.htm

新加坡金管局﹕已收21份數字銀行申請 當中7份申零售銀行牌照
http://bit.ly/35AWwd1

集保大數據分析應用平台,助建FinTech服務生態系
https://www.chinatimes.com/realtimenews/20200109002708-260410?chdtv

神奈川警方擬在銀行設置熱成像攝像頭防詐騙
https://tchina.kyodonews.net/news/2020/01/e483f11fe934.html

6秒鐘隔空測心跳!台灣新創如何玩活體偵測技術,吸引純網銀客戶買單
https://www.bnext.com.tw/article/56239/faceheart-ces2020

紐約州長提議:「給金融監管機構更多的權力。」
http://bit.ly/36Fe09H

倫敦外匯交易公司Travelex遭惡意程式入侵,被迫採用人工交易
https://www.ithome.com.tw/news/135186

Travelex被駭遭索1.8億 拿紙筆交易
https://tw.appledaily.com/finance/20200109/2W2ZYR52UT4DIYMAPSYSQPBYZA/

TRAVELEX遭入侵被逼關電腦系統 紙筆記錄交易
https://news.rthk.hk/rthk/ch/component/k2/1501550-20200108.htm

Travelex遭黑客勒索未有通報客戶及政府捱批
https://news.now.com/home/international/player?newsId=375973

Travelex遭駭客勒索300萬美元
https://www.ithome.com.tw/news/135227

Travelex customers left in cashless limbo, ICO not formally alerted to data theft claims
https://www.zdnet.com/article/travelex-customers-left-in-cashless-limbo-uk-regulators-now-step-in/#ftag=RSSbaffb68

Currency Exchange Travelex Held Hostage by Ransomware Attack
https://www.bankinfosecurity.com/currency-exchange-travelex-held-hostage-by-ransomware-attack-a-13588

Travelex faces ransom demands following NYE malware attack
https://www.zdnet.com/article/travelex-faces-ransom-demands-following-nye-malware-attack/#ftag=RSSbaffb68

Sodinokibi Ransomware Hits Travelex, Demands $3 Million
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-travelex-demands-3-million/

Patch or Perish: VPN Servers Hit by Ransomware Attackers
https://www.bankinfosecurity.com/patch-or-perish-vpn-servers-hit-by-ransomware-attackers-a-13583

Travelex: Banks halt currency service after cyber-attack
https://www.bbc.com/news/business-51034731

New evasion techniques found in web skimmers
https://reurl.cc/4gzgvK

Researcher Spots New Tricks in Web Payment Card Skimmers
https://www.bankinfosecurity.com/researcher-spots-new-tricks-in-web-payment-card-skimmers-a-13573

Another consortium joins race for Singapore digital bank licence
https://www.zdnet.com/article/another-consortium-joins-race-for-singapore-digital-bank-licence/#ftag=RSSbaffb68

ロンドン証取のシステム障害、サイバー攻撃の可能性調査
https://jp.wsj.com/articles/SB11833998325689744897304586123174226141088

Pune: Man arrested ‘red-handed’ with ATM card-cloning device at ICICI Bank kiosk
https://indianexpress.com/article/cities/pune/pune-man-arrested-red-handed-with-atm-card-cloning-device-at-icici-bank-kiosk-6197764/

ATM Hackers Quizzed in Tripura, Agartala
https://www.sentinelassam.com/north-east-india-news/tripura-news/atm-hackers-quizzed-in-tripura-agartala/

RBI issues Cyber Security Controls Guidelines for Third party ATM Switch Application Service Providers
https://www.taxscan.in/rbi-issues-cyber-security-controls-guidelines-third-party-switch-application/42890/

Pune: Nigerian lands in cop net for card cloning ploy
https://timesofindia.indiatimes.com/city/pune/pune-nigerian-lands-in-cop-net-for-card-cloning-ploy/articleshow/73077938.cms

Miscreants steal Rs 23.5 lakh from ATM near central jail
https://timesofindia.indiatimes.com/city/bengaluru/miscreants-steal-rs-23-5-lakh-from-atm-near-central-jail-in-bengaluru/articleshow/73078376.cms

Three Chinese men exonerated in ATM skimming scams
https://www.dawn.com/news/1525901/three-chinese-men-exonerated-in-atm-skimming-scams

Cardknox payment gateway certified with Pax S920
https://www.atmmarketplace.com/news/cardknox-payment-gateway-certified-with-pax-s920/

Morning Brief 1.6.20: U.K. banks suffer fresh payment outages
https://www.paymentssource.com/news/u-k-banks-suffer-fresh-payment-outages

RBI issues Cyber Security Controls Guidelines for Third party ATM Switch Application Service Providers
https://www.taxscan.in/rbi-issues-cyber-security-controls-guidelines-third-party-switch-application/42890/

Cyber Security controls for Third party ATM Switch Application Service Providers
https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11773&Mode=0

Cyber Security Controls for ATM Switch Application Service Providers (ASPs)
https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11773&Mode=0#AN

UK government investigates possible cyberattack link to London Stock exchange outage
https://www.zdnet.com/article/uk-government-investigates-possible-cyberattack-link-to-london-stock-exchange-outage/#ftag=RSSbaffb68

Cyberattack could have taken London Stock Exchange offline
https://www.itproportal.com/news/cyberattack-could-have-taken-london-stock-exchange-offline/

GCHQ: A cyber-what-now? Rumours of our probe into London Stock Exchange 'cyberattack' have been greatly exaggerated
https://www.theregister.co.uk/2020/01/06/gchq_london_stock_exchange_cyberattack_allegation/

Iranian hackers deface US government & African bank website
https://www.hackread.com/iranian-hackers-deface-us-government-african-bank-website/

Bank of England and FCA plot internal data analytics shake-up
https://www.fintechfutures.com/2020/01/bank-of-england-and-fca-plot-internal-data-analytics-shake-up/

Ukrainian cyber police exposed a fraudulent scheme of financial auctions
https://www.ehackingnews.com/2020/01/ukrainian-cyber-police-exposed.html

ATM skimmer sentenced for fleecing $400,000 out of US banks
https://www.zdnet.com/article/atm-skimmer-sentenced-for-fleecing-400000-out-of-new-jersey-banks/

Member of ATM Skimming Conspiracy Targeting Multiple New Jersey Bank Locations Sentenced to 60 Months in Prison
https://www.justice.gov/opa/pr/member-atm-skimming-conspiracy-targeting-multiple-new-jersey-bank-locations-sentenced-60

Nigerian Banks Spent N200bn Preventing Cyber Attacks In 2019
https://economicconfidential.com/2020/01/banks-n200bn-preventing-cyber-attack/

3.電子支付/電子票證/行動支付/ pay/新聞及資安
百Pay齊放 金管會促今年電子支付達52%比重
https://reurl.cc/31E0x9

從電支電票的合併修法 ── 談支付法制之發展及本次修法特色(上)
https://www.bnext.com.tw/article/56151/electronic-payment-e-ticket

4.虛擬貨幣/區塊鍊相關新聞及資安
金融小學堂/區塊鏈錢包 打破支付國界
https://money.udn.com/money/story/9740/4266484

Hardcore | 以太坊中智能合約攻擊和漏洞百科全書
https://www.zhiguf.com/focusnews_detail/29388

開發數據金礦 建議設監理沙盒
https://www.chinatimes.com/newspapers/20200106000175-260202?chdtv

證券型代幣交易所 今年上路
https://money.udn.com/money/story/5613/4262474

虛擬貨幣也能輕鬆Pay?SecuX 設計冷錢包,存錢花錢一把罩
https://meet.bnext.com.tw/articles/view/45745

中國人民銀行表示,中國央行數字貨幣「進展順利」
https://reurl.cc/RdVern

新加坡金管局就合規交易所加密貨幣衍生品的監管問題表態
http://finance.eastmoney.com/a/202001071349253542.html

虛擬幣交易所平台的網站安全加固如何防護?從滲透測試服務開始
https://www.admin5.com/article/20200110/941210.shtml

Cryptocurrency exchange Poloniex issues password reset warning
https://reurl.cc/K6W6Ln

Characterizing and Detecting Money Laundering Activities on the Bitcoin Network
https://arxiv.org/abs/1912.12060

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
羅技軟件被曝出漏洞傳播木馬:可遠程控制受害者電腦
https://haote.net/article/22-40442.html

羅技軟體被曝出漏洞傳播木馬:可遠程控制受害者電腦
https://read01.com/KD4LAML.html#.XhSStFUzY2w

國際刑警組織讓東南亞被挖礦程式綁架的路由器減少了78%
https://www.ithome.com.tw/news/135275

伊朗駭客惡意程式已駭入美國電網、油氣公司
https://ithome.com.tw/news/135276

新年伊始,勒贖軟體繼續在美國各地傳出災情
https://www.twcert.org.tw/tw/cp-104-3206-227cc-1.html

Landry's Restaurant Chain Suffers Payment Card Theft Via PoS Malware
https://thehackernews.com/2020/01/landry-pos-malware-attack.html

Win32.Stuxnet : Part 1 - Introduction, Installation and Infection
https://www.youtube.com/watch?v=sEfqtET13SY&feature=youtu.be&t=520

Live Malware Analysis | Starship Bash Botnet
https://www.youtube.com/watch?v=g-rNFzpUmh4&feature=emb_logo

DeathRansom evolves from joke to actual ransomware
https://www.zdnet.com/article/deathransom-evolves-from-joke-to-actual-ransomware/#ftag=RSSbaffb68

High-Impact Windows 10 Security Threat Revealed As App-Killing Malware Evolves
https://www.forbes.com/sites/daveywinder/2020/01/05/alarming-new-windows-10-security-threat-as-app-killing-clop-malware-evolves/#5d8e7ae55a9f

Maze Ransomware Victim Sues Anonymous Attackers
https://www.bankinfosecurity.com/maze-ransomware-victim-sues-anonymous-attackers-a-13574

Restaurant Chain Landry's Investigates Malware Incident
https://www.bankinfosecurity.com/restaurant-chain-landrys-investigates-malware-incident-a-13571

BANKING MALWARE IN ANDROID CONTINUES TO GROW. A LOOK AT THE RECENT BRAZILIAN BANKING TROJAN BASBANKE/COYBOT
https://www.buguroo.com/en/blog/banking-malware-in-android-continues-to-grow.-a-look-at-the-recent-brazilian-banking-trojan-basbanke-coybot

The Mac Malware of 2019
https://objective-see.com/blog/blog_0x53.html

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/

Predator the Thief: Analysis of Recent Versions
https://www.fortinet.com/blog/threat-research/predator-the-thief-recent-versions.html

This password-stealing malware just got updated with new tactics to help it hide better
https://www.zdnet.com/article/this-password-stealing-malware-just-got-updated-with-new-tactics-to-help-it-hide-better/

Malware in the Cloud: Protecting Yourself Based on Your Cloud Environment
https://www.tripwire.com/state-of-security/security-data-protection/cloud/malware-cloud-protection-cloud-environment/

Predator the Thief: Analysis of Recent Versions
https://www.fortinet.com/blog/threat-research/predator-the-thief-recent-versions.html

This password-stealing malware just got updated with new tactics to help it hide better
https://www.zdnet.com/article/this-password-stealing-malware-just-got-updated-with-new-tactics-to-help-it-hide-better/

SNAKE Ransomware Is the Next Threat Targeting Business Networks
https://www.bleepingcomputer.com/news/security/snake-ransomware-is-the-next-threat-targeting-business-networks/

Naive IoT botnet wastes its time mining cryptocurrency
https://www.zdnet.com/article/naive-iot-botnet-wastes-its-time-mining-cryptocurrency/#ftag=RSSbaffb68

Drake Lyrics Used as Calling Card in Malware Attack
https://threatpost.com/drake-lyrics-used-as-calling-card-in-malware-attack/151665/

PowerPoint Malware References Drake Lyrics to Drop Lokibot & Azorult
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/

REvil ransomware exploiting VPN flaws made public last April
https://nakedsecurity.sophos.com/2020/01/08/revil-ransomware-exploiting-vpn-flaws-made-public-last-april/

Dubious downloads: How to check if a website and its files are malicious
https://blog.malwarebytes.com/how-tos-2/2020/01/dubious-downloads-how-to-check-if-a-website-and-its-files-are-malicious/

Title: Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets
https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/#report

Rising sea and spam levels? Emotet campaign uses Greta Thunberg as lure
https://www.scmagazine.com/home/security-news/rising-sea-and-spam-levels-emotet-campaign-uses-greta-thunberg-as-lure/

B.行動安全 / iPhone / Android /穿戴裝置 /App
指示加強網絡安全 首長手機疑遭駭客盯上
https://eunited.com.my/332825/

如何判斷手機是否遭安裝追蹤軟體 (Stalkerware)
https://blog.trendmicro.com.tw/?p=62877

WhatsApp 通知恐怖份子帳號被駭,使歐洲政府調查受阻
https://www.inside.com.tw/article/18544-European-authorities-investigating-terror-suspect-say-WhatsApp-informed-phone-hacked

手機被駭遭勒索…《奇皇后》男星私密資料全流出!氣喊要告
https://www.setn.com/News.aspx?NewsID=667602

韓媒曝韓國10名以上頂級明星遭到駭客威脅勒索
http://n.yam.com/Article/20200108464771

發生名人三星手機駭客威脅事件
https://www.ptt.cc/bbs/KoreaStar/M.1578449276.A.93D.html

韓多名頂流藝人手機遭黑被勒索巨額,男愛豆怕影像流出被迫匯款!都用了三星這款手機
https://www.koreastardaily.com/tc/news/123342

多位韓國藝人手機資料遭盜並被勒索 正巧都用三星手機
https://www.chinatimes.com/realtimenews/20200109002358-260412?chdtv

安卓提權漏洞再遭利用,攻擊者疑似來自印度網軍
https://www.secrss.com/articles/16476

FBI又要求蘋果解鎖iPhone協助破案
https://www.ithome.com.tw/news/135242

瑞幸咖啡回應App被工信部點名:為防止駭客騙取首杯免費
https://ek21.com/news/tech/170801/

資安漏洞頻傳,抖音母公司將導入區塊鏈技術
https://media.ace.io/tiktoks-owner-pivots-to-blockchain-as-app-security-flaws/

抖音國際版TikTok被爆可被黑客竊取信息及劫持視頻
https://www.leiphone.com/news/202001/YMgTl2sshO2cfeif.html

政府が無料配布するスマートフォンに中国製らしき悪質なアプリがプリインストールされていたと判明
https://gigazine.net/news/20200110-government-funded-phone-malware/

3 Google Play Store Apps Exploit Android Zero-Day Used by NSO Group
https://thehackernews.com/2020/01/android-zero-day-malware-apps.html

Researchers Demonstrate How to Hack Any TikTok Account by Sending SMS
https://thehackernews.com/2020/01/hack-tiktok-account.html

How to stop your iPhone and apps from tracking you 24/7
https://www.zdnet.com/article/how-to-stop-your-iphone-and-apps-from-tracking-you-247/#ftag=RSSbaffb68

Apple targets jailbreaking in lawsuit against iOS virtualization company
https://news.hitb.org/content/apple-targets-jailbreaking-lawsuit-against-ios-virtualization-company

FBI Asks Apple for Access to Saudi Shooter's iPhones
https://www.bankinfosecurity.com/fbi-asks-apple-for-access-to-saudi-shooters-iphones-a-13586

Lawmakers Prod FCC to Act on SIM Swapping
https://krebsonsecurity.com/2020/01/senators-prod-fcc-to-act-on-sim-swapping/

Unremovable malware found preinstalled on low-end smartphone sold in the US
https://www.zdnet.com/article/unremovable-malware-found-preinstalled-on-low-end-smartphone-sold-in-the-us/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
2020年10大資安趨勢預測
https://www.ithome.com.tw/article/135183

2020資安趨勢重點整理
https://www.ithome.com.tw/voice/135171

嫌犯製「機械手臂」自動洗錢 不法所得破百億
https://news.tvbs.com.tw/local/1259401

香港警方過去半年閱 3721 部被捕人手機 李家超:全獲搜查令 拒答有否用駭客軟件
http://bit.ly/2T1JxyB

政府網軍竊密碼? 多名能源人士收到通知
https://news.tvbs.com.tw/politics/1259887

陳立誠扯密碼被「政府網軍」駭?Google駁「是資安提醒」
https://newtalk.tw/news/view/2020-01-08/351622

政府網軍竊密碼? 多名能源人士收到通知
http://bit.ly/2tIPyW2

消費者對連網住宅資安與隱私風險了解不足、缺乏有效作為
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000575996_pzd8j763lp695v5nxyb1w

Nexusguard研究表示,DNS放大攻擊年增近4,800%  SYN洪水攻擊急增惹關注
https://times.hinet.net/news/22725538

利用url跳轉漏洞冒充公安局官網的騷操作
https://www.77169.net/html/249117.html

被駭超過20次卻不知不覺的InfoTrax與FTC和解
https://www.ithome.com.tw/news/135215

【除夕大抽獎】電郵設定兩漏洞變「垃圾」 旅發局聘獨立顧問檢討
https://reurl.cc/0zqzWM

有漏洞、頁面被篡改、非法收集個人信息…貴陽網警嚴查網絡違法
http://www.chinapeace.gov.cn/chinapeace/c53721/2020-01/06/content_12314219.shtml

源頭之戰,不斷升級的攻防對抗技術—— 軟件供應鏈攻擊防禦探索
https://security.tencent.com/index.php/blog/msg/140

翟本喬協助逮「黑韓」網軍 徐永明:時力揭弊只問是非
https://udn.com/news/story/9261/4277238

專家:大陸重構了網路能力
https://www.chinatimes.com/realtimenews/20200109001417-260409?chdtv

美國FBI最想定罪的“邪惡公司”首領:年僅32歲吸金億萬美元
https://www.freebuf.com/news/223492.html

美軍將撤離是假消息!科威特國家通訊社:遭駭客入侵
https://news.ltn.com.tw/news/world/breakingnews/3034291

消息超亂!科威特媒體稱「美軍3天內撤軍」 政府急澄清:被駭客攻擊
https://www.ettoday.net/news/20200108/1620926.htm

怕美國將撤軍消息洩露歸罪“俄駭客” 俄外交官這樣溫馨提示
http://big5.eastday.com:82/gate/big5/news.eastday.com/w/20200107/u1ai20287478_K26845.html

伊朗將領遭狙殺駭客也怒了 侵入美政府網頁誓復仇
https://www.cna.com.tw/news/aopl/202001050120.aspx

伊朗駭客侵入美政府機關網站 誓為蘇雷曼尼報仇
https://reurl.cc/rlql4k

伊朗將領遭狙殺駭客也怒了 侵入美政府網頁誓復仇
https://www.setn.com/News.aspx?NewsID=666653

伊朗將領遭狙殺 英相:不會哀嘆他的死
https://www.ntdtv.com/b5/2020/01/06/a102746042.html

白宮下設網站遭入侵長達1小時 駭客留下一張意味深長的圖
https://ek21.com/news/business/104973/

白宮下設網站遭入侵黑客留下一張意味深長的圖
https://news.ji-qi.com/world/economics/202001/92-1710471.html

美國土安全部警告企業,伊朗可能發動網路攻擊
https://ithome.com.tw/news/135217

美聯邦官網被疑似伊朗駭客攻破 當局已實施監測
http://big5.eastday.com:82/gate/big5/news.eastday.com/w/20200107/u1ai20287381.html

美中第二階段談判將啟動 聚焦中共駭客竊盜
https://reurl.cc/lLrx9j

Half of the websites using WebAssembly use it for malicious purposes
https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes/#ftag=RSSbaffb68

New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild
https://www.sec.cs.tu-bs.de/pubs/2019a-dimva.pdf

UK man sentenced to prison for hacking and spying on victims through their webcams
https://www.zdnet.com/article/uk-man-sentenced-to-prison-for-hacking-and-spying-on-victims-through-their-webcams/#ftag=RSSbaffb68

New Iranian data wiper malware hits Bapco, Bahrain's national oil company
https://www.zdnet.com/article/new-iranian-data-wiper-malware-hits-bapco-bahrains-national-oil-company/#ftag=RSSbaffb68

Saudi Arabia CNA report
https://www.scribd.com/document/442225568/Saudi-Arabia-CNA-report#download

Austria's foreign ministry says facing 'serious cyber attack'
https://www.afp.com/en/news/15/austrias-foreign-ministry-says-facing-serious-cyber-attack-doc-1ng2hj1

November 2019 Cyber Attacks Statistics
https://www.hackmageddon.com/2019/12/18/november-2019-cyber-attacks-statistics/

Preparing for Potential Iranian 'Wiper' Attacks
https://www.bankinfosecurity.com/interviews/preparing-for-potential-iranian-wiper-attacks-i-4566

Iranian Cyberattacks: 10 Must-Have Defenses
https://www.bankinfosecurity.com/blogs/iranian-cyberattacks-10-must-have-defenses-p-2848

Global Cyber Alliance President on Iranian Cyber Threat
https://www.bankinfosecurity.com/interviews/global-cyber-alliance-president-on-iranian-cyber-threat-i-4564

Iranian cyberattacks feared after killing of top general
https://apnews.com/aa3ddd9dd24b79f8ec76aa1a6487e4fc

US Conflict With Iran Sparks Cybersecurity Concerns
https://www.bankinfosecurity.com/us-conflict-iran-sparks-cybersecurity-concerns-a-13576

5 technology trends for the roaring 20s, part 1: Blockchain, cloud, open source
https://www.zdnet.com/article/5-technology-trends-for-the-roaring-20s-part-one-blockchain-cloud-open-source/#ftag=RSSbaffb68

Chrome to show error codes, similar to Windows BSOD screens
https://www.zdnet.com/article/chrome-to-show-error-codes-similar-to-windows-bsod-screens/#ftag=RSSbaffb68

'Serious cyber-attack' on Austria's foreign ministry
https://www.bbc.com/news/world-europe-50997773

Cybersecurity Data Sharing: A Federal Progress Report
https://www.bankinfosecurity.com/cybersecurity-data-sharing-federal-progress-report-a-13575

Analysis: Countering Nation-State Attacks in 2020
https://www.bankinfosecurity.com/interviews/analysis-countering-nation-state-attacks-in-2020-i-4561

WARNING FOR INTENSE CYBERWAR: IRAN HACKS US GOVERNMENT WEBSITE FOR REVENGE
https://www.analyticsinsight.net/warning-intense-cyberwar-iran-hacks-us-government-website-revenge/

HOW NORTH KOREA HACKERS ATTACK MAJOR CYBERSECURITY WEAKNESSES ACROSS THE GLOBE
https://analyticsindiamag.com/how-north-korea-hackers-attack-major-cybersecurity-weaknesses-across-the-globe/

Microsoft: RDP brute-force attacks last 2-3 days on average
https://www.zdnet.com/article/microsoft-rdp-brute-force-attacks-last-2-3-days-on-average/#ftag=RSSbaffb68

Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks
http://bit.ly/2Fp7TKn

FBI Investigating How Town Defrauded of $1 Million: Report
https://www.bankinfosecurity.com/fbi-investigating-how-town-defrauded-1-million-report-a-13580

Analysis: Threat Posed by Pro-Iranian Hackers
https://www.bankinfosecurity.com/analysis-threat-posed-by-pro-iranian-hackers-a-13579

US Conflict With Iran Sparks Cybersecurity Concerns
https://www.bankinfosecurity.com/us-conflict-iran-sparks-cybersecurity-concerns-a-13576

The Everyday Cyber Threat Landscape: Trends from 2019 to 2020
https://newsroom.trendmicro.com/blog/simply-security/everyday-cyber-threat-landscape-trends-2019-2020

NIST 800-171 & Why Organizations Need Password Similarity Blocking in Active Directory
https://www.bankinfosecurity.com/blogs/nist-800-171-organizations-need-password-similarity-blocking-in-active-p-2838

City of Las Vegas said it successfully avoided devastating cyber-attack
https://www.zdnet.com/article/city-of-las-vegas-said-it-successfully-avoided-devastating-cyber-attack/#ftag=RSSbaffb68

INTERPOL Collaboration Reduces Cryptojacking by 78%
https://blog.trendmicro.com/interpol-collaboration-reduces-cryptojacking-by-78/

The Six Pillars of Effective Security Operations
https://blog.paloaltonetworks.com/2020/01/cortex-security-operations/

6 ways hackers are targeting retail businesses
https://blog.malwarebytes.com/web-threats/2020/01/6-ways-hackers-are-targeting-retail-businesses/

Router Cryptojacking Campaigns Disrupted
https://www.bankinfosecurity.com/router-cryptojacking-campaigns-disrupted-a-13592

Automated host recon, persistence and exfiltration
https://medium.com/@Bank_Security/automated-host-recon-persistence-and-exfiltration-85d49423dcc2

Threat Source newsletter (Jan. 9, 2019)
https://blog.talosintelligence.com/2020/01/threat-source-newsletter-jan-9-2019.html

DATA HACK Dixons Carphone fined £500,000 after hackers targeted 14million customers
https://www.thesun.co.uk/money/10707151/dixons-carphone-fined-500000-hackers-customers/

板橋〈資安〉工程師
https://www.104.com.tw/job/6jwq9

資安工程師/資深安全專家 (w0012)
https://www.104.com.tw/job/6u5zn

資深資安工程師 (資安專家)
https://www.104.com.tw/job/6u5p3

[招聘] 北京頂象技術有限公司招聘漏洞研究員/安全專家
https://www.52pojie.cn/thread-1084834-1-1.html

專案與資安業務專員、專案與HR產品業務人員
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=93184&HIRE_ID=9469597

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
工程師不爽抖內仍被甩 駭女網友裸照PO網判1年3月
https://www.chinatimes.com/realtimenews/20200105001055-260402?chdtv

「抖內」女網友發現養小白臉 竹科新貴駭進雲端散布性愛片
https://m.ltn.com.tw/news/society/breakingnews/3030361

發財夢遮眼!他狂匯款...堅信可預測台彩號碼 億萬富翁夢碎了
https://www.ettoday.net/news/20200103/1616729.htm

日本愛情旅館搜尋引擎資料外洩,最壞結果資料被用來勒索
http://technews.tw/2020/01/07/japanese-love-hotel-search-website-date-breach-the-worst-situation-is-user-is-blackmailed/

美國社區醫院郵件帳號外洩波及近5萬名病患個資
https://www.ithome.com.tw/news/135245

手機自動傳百通 「星巴克請喝咖啡」急收回
https://news.tvbs.com.tw/life/1260159

去年首3季4500科技罪案 多屬網騙
http://bit.ly/35EiPyy

駭客「盜走」1000億?176萬人受害 手法與5年前「犯事」非法平臺雷同
https://ek21.com/news/business/105413/

School management software provider discloses severe security breach
https://www.zdnet.com/article/school-management-software-provider-discloses-severe-security-breach/#ftag=RSSbaffb68

Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’
https://www.theguardian.com/uk-news/2020/jan/04/cambridge-analytica-data-leak-global-election-manipulation

Search engine for Japanese sex hotels announces security breach
https://www.zdnet.com/article/search-engine-for-japanese-sex-hotels-announces-security-breach/

Hackers steal sensitive data from Japanese search engine for sex hotels
https://www.hackread.com/hackers-steal-data-japanese-search-engine-sex-hotels/

Microsoft Phishing Scam Exploits Iran Cyberattack Scare
https://www.bleepingcomputer.com/news/security/microsoft-phishing-scam-exploits-iran-cyberattack-scare/

TEXT SCAM Bank of Ireland warn customers of scam messages after fraudsters send texts to customers seeking personal information
https://www.thesun.ie/news/4971635/bank-of-ireland-warn-fraud-scam-messages/

E.研究報告
108年第3季資通安全技術報告
https://download.nccst.nat.gov.tw/attachfilenew/108_Q3_Cyber%20Security%20Technology%20Report.pdf

淺析通過操縱BGP Communities影響路由選路
https://www.freebuf.com/articles/network/223879.html

D-Link DIR-859的RCE漏洞(CVE-2019–17621)
https://www.freebuf.com/column/224459.html

Spelevo EK 使用社會工程技術
https://www.chainnews.com/zh-hant/articles/085401388235.htm

Nagios XI遠程命令執行漏洞(CVE-2019-20197)
https://s.tencent.com/research/bsafe/868.html

【代碼審計】某JA網站內容管理系統模板注入漏洞
https://zhuanlan.zhihu.com/p/100864935

107 年 12月份 TWCERT/CC資安情資電子報
https://reurl.cc/5gxqry

濫用ThinkPHP 漏洞的殭屍網絡Hakai 和Yowai
https://zhuanlan.zhihu.com/p/100574038

網絡空間安全時代的紅藍對抗建設
https://security.tencent.com/index.php/blog/msg/139

挖洞經驗| 用空字節(Null Byte)觸發內存洩露的4萬美金漏洞
https://www.freebuf.com/vuls/224088.html

深度研究Pass-the-Hash攻擊與防禦
https://xz.aliyun.com/t/7051

為何在 Docker 中執行特權容器不是個好主意
https://blog.trendmicro.com.tw/?p=62986

要如何找出無線設備獨一無二的射頻指紋
https://secbuzzer.co/post/85

[資訊安全] Web Application Security Testing Note
https://github.com/MksYi/Web-Application-Security-Testing-Note

震網三代CVE-2017-8464漏洞復現
https://zhuanlan.zhihu.com/p/101608776

挖洞經驗| 利用越權漏洞竊取Airbnb房東的收款資金
https://www.freebuf.com/vuls/224431.html

教你利用繞過 UAC 對話框的漏洞
https://www.chainnews.com/zh-hant/articles/687022389326.htm

CVE-2019-10758 mongo-express RCE漏洞分析
https://xz.aliyun.com/t/7066

Open Webmail郵件系統安全管理與防護指南
https://cert.tanet.edu.tw/prog/opendoc.php?id=2020010610014343586025745412569.pdf

LINE Taiwan Security Meetup – BECKS #4
https://engineering.linecorp.com/zh-hant/blog/becks-meetup-0918/

Brief Analysis of the FDLP.gov Deface
https://medium.com/@sshell_/brief-analysis-of-the-fdlp-gov-deface-980caba9c786

Bypassing AV via in-memory PE execution
https://blog.dylan.codes/bypassing-av-via/

Top 10 Dangerous DNS Attacks Types and The Prevention Measures
https://cybersecuritynews.com/dns-attacks/

First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
http://bit.ly/2Qt9MME

Fasten your Recon process using Shell Scripting
https://reurl.cc/D121L5

ahmetb/kubectl-tree
https://github.com/ahmetb/kubectl-tree

shodansploit
https://github.com/shodansploit/shodansploit

Open Redirect Payloads
https://github.com/cujanovic/Open-Redirect-Payloads

Blind WAF identification tool
https://github.com/stamparm/identYwaf

yeyintminthuhtut/Awesome-Red-Teaming
https://github.com/yeyintminthuhtut/Awesome-Red-Teaming/blob/master/README.md

Command Injection Through BLH
https://medium.com/@trapp3rhat/command-injection-through-blh-3c32614bb395?

DomLink
https://github.com/vysecurity/DomLink

Gather urls from wayback machine
https://github.com/ghostlulzhacks/waybackSqliScanner

Awesome Security
https://github.com/sbilly/awesome-security/blob/master/README.md

awesome-forensics
https://github.com/alphaSeclab/awesome-forensics/blob/master/Readme_en.md

xingkong123600/AngelSword
https://github.com/xingkong123600/AngelSword

cnlh/nps
https://github.com/cnlh/nps

EmotetについてATT&CKを使って調べてみた
https://qiita.com/IK_PE/items/201e6b900e0de1d9fc89

AIOOSCP/hash-identifier
https://github.com/AIOOSCP/hash-identifier

3gstudent/pyKerbrute
https://github.com/3gstudent/pyKerbrute//

PandoraFMS v7.0NG authenticated Remote Code Execution (CVE-2019-15029)
https://shells.systems/pandorafms-v7-0ng-authenticated-remote-code-execution-cve-2019-15029/

December honeypot report
https://bontchev.nlcv.bas.bg/articles/?y=2020&m=01

Active Directory forest trusts part 1 - How does SID filtering work
https://dirkjanm.io/active-directory-forest-trusts-part-one-how-does-sid-filtering-work/

Updated: Basic IPv6 Troubleshooting Commands / IPv6 Rosetta Stone 2019
https://theinternetprotocolblog.wordpress.com/2019/11/04/basic-ipv6-troubleshooting-commands-i-ipv6-rosetta-stone-2019/

GHC + GDB
https://asciinema.org/a/mzQFrJefYQyIYA5MyappydgzP

iOS Application Injection
https://arjunbrar.com/post/ios-application-injection

CyberTruck Challenge 2019 — Android CTF
https://medium.com/bugbountywriteup/cybertruck-challenge-2019-android-ctf-e39c7f796530

DNS Hijacking: A New Method of MitM Attack Observed in the Wild
https://www.airoav.com/dns-hijacking-a-new-method-of-mitm-attack-observed-in-the-wild/

cat ~/footstep.ninja/blog.txt
https://footstep.ninja/posts/exploiting-self-xss/

cseagle/blc
https://github.com/cseagle/blc

HTML Injection
https://www.hackingcastle.com/2020/01/html-injection-tutorial.html

Alert Alarm SMS exploit - English version
https://jyx.github.io/alert-alarm-exploit.html

Decrypting config.bin files for TP-Link WR841N, WA855RE, and probably
https://assemblyofsecrets.blogspot.com/2020/01/decrypting-configbin-files-for-tp-link.html

How to Break PDFs Breaking PDF Encryption and PDF Signatures
https://media.ccc.de/v/36c3-10832-how_to_break_pdfs

Burp Suite Series – Demonstrate Runtime File Payload
https://hackersonlineclub.com/burp-suite-series-demonstrate-runtime-file-payload/

Kali Linux Announced New Kali 2020.1 Comes With “Non-Root Users By Default”
https://reurl.cc/b6rYkr

VB2019 paper: Catch me if you can: detection of injection exploitation by validating query and API integrity
https://www.virusbulletin.com/blog/2020/01/vb2019-paper-catch-me-if-you-can-detection-injection-exploitation-validating-query-and-api-integrity/

cyberark/SkyArk
https://github.com/cyberark/SkyArk/blob/master/README.md

Virtualization Forensics: Live Acquisition of VMs
https://netseedblog.com/security/usb-forensics/

Tishna Automated pentest framework for Servers, Application Layer to Web Security
https://hackingpassion.com/tishna-automated-pentest-framework/

HTTP Request Smuggling + IDOR
https://hipotermia.pw/bb/http-desync-idor

Threat Hunting: Detecting Web Shells
https://medium.com/@alpinoacademy/threat-hunting-detecting-web-shells-d9e1e8c6de2a

Advanced Mobile Forensics Investigation Software
https://hackersonlineclub.com/advanced-mobile-forensics-investigation-software/

Graylog2/graylog-plugin-threatintel
https://github.com/Graylog2/graylog-plugin-threatintel

Energetic Bear/Crouching Yeti: attacks on servers
https://securelist.com/energetic-bear-crouching-yeti/85345/

Difference Between IDS, IPS, Anti-virus
https://www.studynotesandtheory.com/blog/category/Communications%20and%20Network%20Security

CyberTruck Challenge 2019 — Android CTF
https://medium.com/bugbountywriteup/cybertruck-challenge-2019-android-ctf-e39c7f796530

sundowndev/PhoneInfoga
https://github.com/sundowndev/PhoneInfoga

aquasecurity/harbor-scanner-aqua
https://github.com/aquasecurity/harbor-scanner-aqua

Installing SystemWebView
https://github.com/bromite/bromite/wiki/Installing-SystemWebView

Bash for Everyone — Part 1
https://medium.com/@ehsahil/bash-cookbook-for-everyone-part-1-cc98251e2887

Enviro pHAT Raspberry Pi review
https://magpi.raspberrypi.org/articles/enviro-phat-raspberry-pi-review

MSAdministrator/apt33_apt34_possible_commands.md
https://gist.github.com/MSAdministrator/7a61025263e279a740835da4b205e6d0

maldevel/PenTestKit
https://github.com/maldevel/PenTestKit

Neo23x0/ sigma
https://github.com/Neo23x0/sigma/blob/master/rules/web/web_citrix_cve_2019_19781_exploit.yml

nongiach/pyrofipass
https://github.com/nongiach/pyrofipass/blob/master/pyrofipass.py

XposedOrNot - Tool To Search An Aggregated Repository Of Xposed Passwords Comprising Of ~850 Million Real Time Passwords
https://www.kitploit.com/2020/01/xposedornot-tool-to-search-aggregated.html

xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations
https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/

Hold My Beer Mirai – Spinoff Named ‘LiquorBot’ Incorporates Cryptomining
https://labs.bitdefender.com/2020/01/hold-my-beer-mirai-spinoff-named-liquorbot-incorporates-cryptomining/

Getting Started with ATT&CK
https://www.mitre.org/sites/default/files/publications/mitre-getting-started-with-attack-october-2019.pdf

jas502n/CVE-2019-20197
https://github.com/jas502n/CVE-2019-20197

Continued Escalation of Tensions in the Middle East
https://blog.talosintelligence.com/2020/01/mideast-tensions-preparations.html

log2timeline/dftimewolf
https://github.com/log2timeline/dftimewolf

Smartphone shopaholic
https://securelist.com/smartphone-shopaholic/95544/

AD Fly Tool
https://0xsp.com/secploit-exploits-terminal/ad-fly-tool

offensive-hub/black-widow
https://github.com/offensive-hub/black-widow

KnightSec-Official/Phlexish
https://github.com/KnightSec-Official/Phlexish

securethelogs/Bluechecker
https://github.com/securethelogs/Bluechecker

F.商業
關貿網路武功強,去年抵禦30億次駭客攻擊
http://bit.ly/37ExBGU

安華聯網 Secure by Design 榮獲亞太區10大資安新創企業
https://ithome.com.tw/pr/135232

博通將原賽門鐵克網路安全服務部門賣給Accenture
https://www.ithome.com.tw/news/135235

物聯網隱藏資安風險 果核數位 AI SOC服務
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=8777

Cloudflare釋出零信任安全工具組Cloudflare for Teams
https://ithome.com.tw/news/135241

叡揚資訊10日興櫃掛牌 持續創新企業軟體應用與雲端服務
http://n.yam.com/Article/20200108177659

上月業績快報/安碁資訊+56% 攀峰
https://money.udn.com/money/story/11120/4275892

Extrahop網路偵測與回應系統能解析網路第2至第7層流量
https://www.ithome.com.tw/review/133851

Palo Alto Networks分享最新2020年資安趨勢預測報告 5G資安問題要關注
https://www.computerdiy.com.tw/20200109_palo-alto-networks/

中華電信板橋雲端資料中心成功取得SOC報告認證
https://times.hinet.net/news/22731291

雲端服務業者提供使用者帳戶安全保護
https://www.twcert.org.tw/tw/cp-104-3208-ca6d1-1.html

Are You Ready for Microsoft Windows 7 End of Support on 14th January 2020
https://thehackernews.com/2020/01/windows-7-support-ends.html

New Windows 10 Fast Ring test build adds new Task Manager, Notification options
https://www.zdnet.com/article/new-windows-10-fast-ring-test-build-adds-new-task-manager-notification-options/#ftag=RSSbaffb68

G.政府
內政部補助地方政府強化戶役政基層機關資安防護及區域聯防計畫作業要點
https://glrs.moi.gov.tw/LawContent.aspx?id=GL001038#lawmenu

推進數位發展 政府擬設專責部會
https://money.udn.com/money/story/5648/4269662

國發會計劃年底提出「開放資料專法」草案 強化數位治理
https://newtalk.tw/news/view/2020-01-02/348950

【2020十大資安趨勢7:法規遵循】資安法適用範圍擴及關鍵基礎設施,個資法為了因應GDPR將修法
https://ithome.com.tw/news/135179

【2020十大資安趨勢9:5G資安】NCC要求所有電信業者,5G資安要做到Security By Design
https://www.ithome.com.tw/news/135181

【2020十大資安趨勢10:資安人才】培育學校生根有成,資安人才與產業接軌是關鍵
https://times.hinet.net/topic/22730677

三總與中科院通過資安管理驗證 環奧頒證
https://money.udn.com/money/story/5635/4276466

中東局勢緊張 國安機制啟動
https://ec.ltn.com.tw/article/paper/1344754

Windows 7終止支援服務專區
https://www.nccst.nat.gov.tw/Win7EndOfSupportIntro?lang=zh

H.工控系統/SCADA/ICS
MITRE正式發布針對工業控制系統的ATT&CK for ICS
https://www.ithome.com.tw/news/135243

提高智慧電錶全生命週期的隱私性與安全性
https://www.eettaiwan.com/news/article/20200109TA31-Enhancing-Privacy-and-Security-in-the-Smart-Meter-Life-Cycle

工業製造業者遭網路間諜鎖定
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16339

I.教育訓練
社交工程資安教育訓練(108上半年)
https://elearn.hrd.gov.tw/info/10014130

你對資訊安全了解多少? 快利用1 Day學習網路上查不到的專業資安基礎知識
https://ithome.com.tw/pr/135223

[Trend Micro]-【資安防護直播研討會】全面晉級資安防衛戰  2/12
https://reurl.cc/0zqzll

SSCP從七大領域提昇資安知識,解決各種常見難題
https://ithome.com.tw/pr/135220

Web漏洞總結: OWASP Top 10
https://www.cnblogs.com/pengdai/p/12169534.html

OSCP Goldmine (not clickbait)
http://0xc0ffee.io/blog/OSCP-Goldmine

SSH Pentesting Guide
https://community.turgensec.com/ssh-hacking-guide/

Updated: Basic IPv6 Troubleshooting Commands / IPv6 Rosetta Stone 2019
https://theinternetprotocolblog.wordpress.com/2019/11/04/basic-ipv6-troubleshooting-commands-i-ipv6-rosetta-stone-2019/

【Webエンジニアど素人から3年生ぐらいになるまでに読むと良い本】を段階的にまとめた
https://qiita.com/JunyaShibato/items/3aa5f7f3fc991de17f3f

Wireshark Tutorial: Examining Ursnif Infections
https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-ursnif-infections/

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
歐盟網路資安局發表 IoT 資安報告,聚焦軟體開發設計安全
https://koin.kcg.gov.tw/?p=2586

網路攻擊事件頻傳 資安已成嵌入式系統重大挑戰
https://smartauto.ctimes.com.tw/DispArt-tw.asp?O=200107113050

央視曝數十萬個家用cam被入侵 黑客靠網售帳號牟利
https://reurl.cc/1QNoVG

中國數十萬只家用監視器帳號遭破解 通過網絡銷售
https://reurl.cc/D1rZ2O

FBI recommends keeping your IoT devices on a separate network
https://www.iottechnews.com/news/2019/dec/06/fbi-recommends-iot-devices-separate-network/

Xiaomi Cameras Connected to Google Nest Expose Video Feeds From Others
https://thehackernews.com/2020/01/google-nest-xiaomi-camera.html

Insight Partners' Latest Purchase: IoT Security Firm Armis
https://www.bankinfosecurity.com/insight-partners-latest-purchase-iot-security-firm-armis-a-13584

6.近期資安活動及研討會
AIS3 EOF資安搶旗競賽 1/11
https://ais3.org/eof

MLDM Monday x PyData Taiwan | TBD (about Shioaji) 1/13
https://www.meetup.com/Taiwan-R/events/266715784/

SANS Threat Hunting London Summit & Training 2020 1/13 ~ 1/18
https://www.sans.org/event/threat-hunting-europe-2020

GitLab Commit San Francisco 1/14
https://about.gitlab.com/events/commit/#attend-sanfrancisco

資安實務專題課程-Windows 惡意程式分析實務 1/14 ~ 1/17
https://isip.moe.edu.tw/wordpress/?p=1789

Build Your Security Token Blockchain - 如何打造證券型代幣區塊鏈 1/14
https://www.meetup.com/Polkadot-Taipei/events/267377249/

Elixir.tw Taipei Meetup inside 默默會(mokumokukai) 1/14
https://www.meetup.com/elixirtw-taipei/events/267421068/

Scala Taiwan #36 - Scala through lenses 1/14
https://www.meetup.com/Scala-Taiwan-Meetup/events/267314640/

Hacking Thursday 1/16
http://www.hackingthursday.org/invite

A meetup with Laurence Moroney 1/16
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/267109922/

ANSYS Workbench結構分析基礎課程 1/16 ~ 1/17
https://reurl.cc/mdjz7l

Japan Security Analyst Conference  1/17
https://jsac.jpcert.or.jp/

WizardAmigos CodeCamp [Taipei,JavaScript,­English] 1/20
https://www.meetup.com/WizardAmigos/events/bbdclrybccbbc/

Cyber Security for Critical Assets (CS4CA) MENA 1/20 ~ 1/21
https://mena.cs4ca.com/?ref=infosec-conferences.com

PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world

2020核果資訊冬季班 Python 程式語言 (Level 1) 1/22~ 2/13
https://www.accupass.com/event/1911150442131985092910

Hacking Thursday 1/23
http://www.hackingthursday.org/invite

Security Hell Conference (SH3LLCON) 1/24 ~ 1/25
https://www.sh3llcon.es/?ref=infosec-conferences.com

NextGen SCADA 1/27 ~ 1/31
https://www.smartgrid-forums.com/forums/nextgen-scada-global/

Cranfield University Cyber Symposium 1/28 ~ 1/29
https://www.cranfield.ac.uk/events/symposia/cyber

International Cyber Security Forum (FIC) 1/28 ~ 1/30
https://www.forum-fic.com/en/home.htm

Free and Safe in Cyberspace 1/29
https://www.free-and-safe.org/

Hacking Thursday 1/30
http://www.hackingthursday.org/invite

制御システムセキュリティカンファレンス 2020 2020年2月14日
https://www.jpcert.or.jp/event/ics-conference2020.html

CYBERSEC 2020 臺灣資安大會 3/17 ~ 3/19
https://cyber.ithome.com.tw/

black ASIA 2020 Singapore 3/31 ~ 4/3
https://www.blackhat.com/asia-20/briefings/schedule/

2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore
https://www.icscybersecurityconference.com/singapore/

留言

這個網誌中的熱門文章

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/

1月份資安社群及教育訓練活動分享

1月份資安社群及教育訓練活動分享

Android Code Club(Taipei) 1/1
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybccbcb/

From Reactive to Functional FunTh#80 1/2
https://www.meetup.com/Functional-Thursday/events/266805309/

Hacking Thursday 1/2
http://www.hackingthursday.org/invite

大數據爬蟲技術實作,使用Python實作網路爬蟲,快速有效獲取大量資料,打造自動化金融數據平台 1/4
https://www.techbang.com/posts/58613-course-python-crawler-technology-implementation

[Birthday Series] R-Ladies Taipei 五歲拉 1/6
https://www.meetup.com/rladies-taipei/events/266131216/

SDN x Cloud Native Meetup #24 1/6
https://www.meetup.com/CloudNative-Taiwan/events/267390135/

WizardAmigos CodeCamp [Taipei,JavaScript,­English] 1/6
https://www.meetup.com/WizardAmigos/events/bbdclrybccbjb/

新型郵件威脅與挑戰因應策略 1/7
https://engage2demand.cisco.com/LP=19240?dtid=oemels001119&ccid=cc000828&ecid=22859

發現 CNN 新大陸 (人工智慧小聚 - Hsinchu#20200108 ) 1/8
https://www.meetup.com/AIA-Hsinchu/events/266704469/

LISP talk: LISP in surrounding parentheses is supremely powerful #3  1/8
https…