跳到主要內容

資安事件新聞週報 2020/2/10 ~ 2020/2/14

資安事件新聞週報 2020/2/10 ~ 2020/2/14

1.重大弱點漏洞/後門/Exploit/Zero Day
OSSEC-HIDS服務器組件緩衝區溢出漏洞
https://github.com/ossec/ossec-hids/issues/1816

Gemalto Ezio Server訪問控制錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9158

安全人員發現以色列政府DNS服務器存在Open SSH安全漏洞
https://www.cnbeta.com/articles/soft/939923.htm

中興保全Dr.ID 門禁考勤系統存在安全漏洞
http://net.nthu.edu.tw/2009/mailing:announcement:20200212_01

全景Windows版ServiSign 安控元件存在安全漏洞
http://net.nthu.edu.tw/2009/mailing:announcement:20200212_02

Dell電腦內建管理軟體SupportAssist 爆權限升級漏洞
https://www.ithome.com.tw/news/135782

Oracle Financial Services Applications Banking Payments存在未明漏洞
https://www.oracle.com/security-alerts/cpujan2020.html

Oracle Financial Services Applications FLEXCUBE Investor Servicing存在未明漏洞
https://www.oracle.com/security-alerts/cpujan2020.html

IBM Security Directory Server漏洞
https://www.ibm.com/support/pages/node/1288660

IBM Security Secret Server漏洞
https://www.ibm.com/support/pages/node/1283212

IBM WebSphere Application Server 多個漏洞
https://www.ibm.com/support/pages/node/1488921

Google fixes no-user-interaction bug in Android's Bluetooth component
https://zd.net/3732W5y

Chrome to block intrusive video ads starting August 5, 2020
https://zd.net/39p1P1L

Mozilla 產品多個漏洞
https://www.us-cert.gov/ncas/current-activity/2020/02/11/mozilla-releases-security-updates-multiple-products

Firefox 73出爐了,改善網頁閱讀經驗,修補6個安全漏洞
https://www.ithome.com.tw/news/135797

抓包!俄調查:華為海思晶片有「後門」 錄影設備恐遭入侵
https://3c.ltn.com.tw/news/39447

Adobe Acrobat和Reader存在JavaScript權限繞過漏洞
https://helpx.adobe.com/security/products/acrobat/apsb19-18.html

Vulnerability Spotlight: Information leak vulnerability in Adobe Acrobat Reader’s JavaScript function
https://blog.talosintelligence.com/2020/02/vuln-spotlight-adobe-readerr-feb-2020-info-leak.html

Vulnerability Spotlight: Remote code execution vulnerability in Apple Safari
https://blog.talosintelligence.com/2020/02/vuln-spotlight-apple-safari-code-execution-feb-2020.html

關於思科CDP設備多個安全漏洞情況的通報
https://www.secrss.com/articles/17010

思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

Cisco 發布多種產品的安全更新,建議請管理者儘速評估更新
https://www.us-cert.gov/ncas/current-activity/2020/02/06/cisco-releases-security-updates-multiple-products

GoPro GPMF-parser堆緩衝區溢出漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20088

微軟修補把Windows 7桌布變黑的臭蟲
https://www.ithome.com.tw/news/135741

Windows 7 無法正常關機,令使用者們摸不著頭腦
http://bit.ly/37gvd8A

Windows 7 bug prevents users from shutting down or rebooting computers
https://www.zdnet.com/article/windows-7-bug-prevents-users-from-shutting-down-or-rebooting-computers/#ftag=RSSbaffb68

Microsoft's February 2020 Patch Tuesday fixes 99 security bugs
https://www.zdnet.com/article/microsofts-february-2020-patch-tuesday-fixes-99-security-bugs/#ftag=RSSbaffb68

Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel
https://blog.talosintelligence.com/2020/02/vuln-spotlight-Excel-code-execution-feb-2020.html

Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
https://blog.talosintelligence.com/2020/02/microsoft-patch-tuesday-feb-2020.html

Vulnerability Spotlight: Use-after-free vulnerability in Windows 10 win32kbase
https://blog.talosintelligence.com/2020/02/vuln-spotlight-Windows-10-use-after-free-feb-2020.html

Vulnerability Spotlight: Code execution vulnerability in Microsoft Media Foundation
https://blog.talosintelligence.com/2020/02/vuln-spotlight-code-media-foundation-feb-2020.html

Vulnerability Spotlight: Accusoft ImageGear library code execution vulnerabilities
https://blog.talosintelligence.com/2020/02/accusoft-imagegear-code-execution-feb-2020.html

CVE-2020-3933-3935
https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac

Jenkins servers can be abused for DDoS attacks
https://www.zdnet.com/article/jenkins-servers-can-be-abused-for-ddos-attacks/#ftag=RSSbaffb68

CVE-2019-18634:Sudo Linux 提權漏洞
https://www.chainnews.com/zh-hant/articles/169903634253.htm

Ruby: Source code disclosed via S3 Bucket
https://vulners.com/hackerone/H1:778931?utm_source=rss&utm_medium=rss&utm_campaign=rss

February Patch Tuesday: Fixes for Critical LNK, RDP, Trident Vulnerabilities
https://newsroom.trendmicro.com/blog/security-intelligence/february-patch-tuesday-fixes-critical-lnk-rdp-trident-vulnerabilities-0

Critical XSS vulnerability patched in WordPress plugin GDPR Cookie Consent
https://www.zdnet.com/article/critical-vulnerability-patched-in-gdpr-cookie-consent-wordpress-plugin/#ftag=RSSbaffb68

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
跟熊大當同事!LINE、LINE Bank與LINE Pay 研發工程團隊首度聯合徵才
https://www.computerdiy.com.tw/20200211_line/

衝刺開業!LINE Bank釋出近20種職缺 與LINE、LINE Pay聯合徵才
https://ec.ltn.com.tw/article/breakingnews/3064777

建立證券商資通安全檢查機制
http://www.selaw.com.tw/LawArticle.aspx?LawID=G0100479

Biggest single card database ever on sale on dark net marketplace
https://www.group-ib.com/media/biggest-card-database-ever/

Joker Got Taste for India: Group-IB Detects Half a Million Indian Banks’ Cards on Darknet Cardshop
https://www.group-ib.com/media/india-banks-cards/

Magecart Gang Attacks Olympic Ticket Reseller and Survival Food Sites
https://threatpost.com/olympic-ticket-survival-sites-hit-by-cyberattack/152648/

우리은행의 고객정보 무단사용, 고객 대상 '범죄 행위'
http://www.cctvnews.co.kr/news/articleView.html?idxno=160196

South Korean Woori Bank is accused of unauthorized use of customer data
https://securityaffairs.co/wordpress/97633/cyber-crime/woori-bank-unauthorized-use-customer-data.html

Three Ukrainian Citizens stole 2.7 Million BAM from ATMs in only 53 Hours in Bosnia-Herzegovina
https://www.sarajevotimes.com/three-ukrainian-citizens-stole-2-7-million-bam-from-atms-in-only-53-hours/

More victims come forward saying money went missing after using Wells Fargo ATM in Alexandria
https://www.fox5dc.com/news/more-victims-come-forward-saying-money-went-missing-after-using-wells-fargo-atm-in-alexandria

New research report offers detailed research on developments in ATM (Automated Teller Machine) Market
http://bit.ly/38nYRKH

Magecart Group 12’s Latest: Actors Behind Attacks on Olympics Ticket Re-sellers Deftly Swapped Domains to Continue Campaign
https://www.riskiq.com/blog/labs/magecart-group-12-olympics/

3.電子支付/電子票證/行動支付/ pay/新聞及資安
都是手機付錢?行動支付、電子支付、第三方支付其實不一樣
https://dailyview.tw/popular/detail/7474

電子支付人口近700萬 三大業務街口皆稱王
https://www.cardu.com.tw/news/detail.php?40024

4.虛擬貨幣/區塊鍊相關新聞及資安
加密貨幣產業進駐德國!40家銀行已申請加密貨幣託管服務牌照
https://news.knowing.asia/news/4a8ecead-40f8-4e42-b247-ad1d482c7e24

Altsbit plans exit after hack leaves cryptocurrency exchange out of pocket
https://zd.net/38gYPEe

Ohio man arrested for running Bitcoin mixing service that laundered $300 million
https://www.zdnet.com/article/ohio-man-arrested-for-running-bitcoin-mixing-service-that-laundered-300-million/#ftag=RSSbaffb68

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
太歲頭上動土!美國防部伺服器被植入挖礦殭屍網路
https://www.ithome.com.tw/news/135701

最新的網路釣魚詐騙正在傳播Emotet惡意程式
https://zd.net/2SnhlUO

黑客利用Windows驅動程序漏洞關閉防病毒軟件
https://www.cnbeta.com/articles/tech/940859.htm

勒索軟體利用有漏洞的技嘉驅動程式關閉電腦防毒軟體
https://www.ithome.com.tw/news/135761

具備勒索軟體及鍵盤側錄的金融木馬Anubis,鎖定逾250款Android程式展開攻擊
https://www.ithome.com.tw/news/135723

APT 駭侵組織假冒知名媒體記者名義,對重要人士發動釣魚攻擊
https://www.twcert.org.tw/tw/cp-104-3312-92003-1.html

勒索病毒去年逾20萬件 贖金月均19萬元
http://bit.ly/2UIZwlK

五年前的外遇網站資料外洩受害者,竟成最新勒索行動目標
https://blog.trendmicro.com.tw/?p=63360

Android 用戶注意!Google Play 悄藏惡意 App、可偷加載 3,000 種病毒
https://3c.ltn.com.tw/news/39490

小心別隨意點開!「超強 Android 木馬病毒」藏身銀行、網拍電子收據
https://3c.ltn.com.tw/news/39489

趨勢科技提出示警 新型病毒「Xloader.A」將讓手機暴露於更多惡意威脅風險之中
https://gnn.gamer.com.tw/detail.php?sn=192687

到貨簡訊暗藏手機病毒 誤點小心收到爆量簡訊費帳單
https://www.chinatimes.com/realtimenews/20200213003839-260412?chdtv

手機網購查詢簡訊別亂點!小心成為病毒訊息超級傳播者
https://cnews.com.tw/124200213a06/

報告:Mac網路威脅首度超過Windows平台
https://ithome.com.tw/news/135804

駭侵者利用武漢肺炎病毒為主題,針對和運輸有關的各行業發動攻擊
https://www.twcert.org.tw/tw/cp-104-3320-a6ca6-1.html

金融木馬Emotet新增利用Wi-Fi 散布的能力
https://ithome.com.tw/news/135769

Emotet Evolves With New Wi-Fi Spreader
https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/

China Alleges India for Cyber-attacks Amid the Coronavirus Outbreak. Demands International Cooperation
https://www.ehackingnews.com/2020/02/china-alleges-india-for-cyber-attacks.html

Bug hunter finds cryptocurrency-mining botnet on DOD network
https://zd.net/37cMboJ

Banks being targeted with major malware campaign
https://www.techradar.com/news/banks-being-targeted-with-major-malware-campaign

Emotet attacks— a spike to start the year...
https://www.menlosecurity.com/blog/emotet-attacks-a-spike-to-start-the-year

Loda RAT Grows Up
https://blog.talosintelligence.com/2020/02/loda-rat-grows-up.html

Linux Kernel Module Rootkit — Syscall Table Hijacking
https://medium.com/bugbountywriteup/linux-kernel-module-rootkit-syscall-table-hijacking-8f1bc0bd099c

This crafty malware makes you retype your passwords so it can steal them
https://zd.net/39gzgmU

Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries
http://bit.ly/2ScdJWR

THE HOLE IN THE BUCKET: ATTACKERS ABUSE BITBUCKET TO DELIVER AN ARSENAL OF MALWARE
http://bit.ly/2H40ZLp

Emotet Hacks Nearby Wi-Fi Networks to Spread to New Victims
http://bit.ly/2UDge66

Emotet Evolves With New Wi-Fi Spreader
https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/

Emotet trojan evolves to spread via WiFi connections
https://www.zdnet.com/article/emotet-trojan-evolves-to-spread-via-a-wifi-connection/

UK government rolls out red carpet for infamous spyware vendor
https://www.zdnet.com/article/uk-government-rolls-out-the-red-carpet-for-infamous-spyware-vendor/#ftag=RSSbaffb68

Financial Firms Targeted With New Type of Backdoor: Report
https://www.bankinfosecurity.com/financial-firms-targeted-new-type-backdoor-report-a-13699

Australian Delivery Firm Confirms Ransomware Attack
https://www.bankinfosecurity.com/australian-delivery-firm-confirms-ransomware-attack-a-13688

New Ransomware Targets Industrial Controls: Report
https://www.bankinfosecurity.com/new-ransomware-targets-industrial-controls-report-a-13687

Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware
https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/

KBOT: sometimes they come back
https://securelist.com/kbot-sometimes-they-come-back/96157/

KBOT virus takes out system files with no hope of recovery
https://www.zdnet.com/article/kbot-virus-takes-out-system-files-with-no-hope-of-recovery/#ftag=RSSbaffb68

Outlaw hacking group kills existing cryptocurrency miners in enterprise server attacks
https://www.zdnet.com/article/outlaw-now-kills-off-existing-cryptocurrency-miners-in-enterprise-server-attacks/#ftag=RSSbaffb68

Florida county election office hit by ransomware before 2016 presidential election
https://www.zdnet.com/article/florida-county-election-office-hit-by-ransomware-before-2016-presidential-election/#ftag=RSSbaffb68

CamuBot Resurfaces With Cross-Channel, Targeted Attacks in Brazil
https://securityintelligence.com/posts/camubot-resurfaces-with-cross-channel-targeted-attacks-in-brazil/

Google removes 500+ malicious Chrome extensions from the Web Store
https://www.zdnet.com/article/google-removes-500-malicious-chrome-extensions-from-the-web-store/#ftag=RSSbaffb68

Loda Trojan revitalized with stealthy upgrade, new exploits
https://www.zdnet.com/article/loda-trojan-leaves-infancy-with-revamped-obfuscation-exploits/#ftag=RSSbaffb68

Rutter's store chain discloses security breach involving POS malware
https://www.zdnet.com/article/rutters-store-chain-discloses-security-breach-involving-pos-malware/#ftag=RSSbaffb68

Ransomware Hit a Florida Voting System in 2016
https://www.bankinfosecurity.com/ransomware-hit-florida-voting-system-in-2016-a-13721

US Has Evidence of Huawei Backdoor: Report
https://www.bankinfosecurity.com/us-has-evidence-huawei-backdoor-report-a-13718

B.行動安全 / iPhone / Android /穿戴裝置 /App

Android 裝置驚爆 BlueFrag 安全漏洞,駭客可在藍牙上執行任意程式碼
https://technews.tw/2020/02/10/bluefrag-security-vulnerability-allows-code-execution-over-bluetooth-on-some-android-devices/

趕緊升Android10 黑客攻克舊版安卓的藍牙系統
https://kknews.cc/tech/okbx5go.html

印度政府嚴控社群媒體!下令業者提供用戶身份、追蹤貼文 遭WhatsApp拒絕 
https://www.ettoday.net/news/20200213/1644622.htm

法國不排除華為 但歐洲廠商優先、將保護主權相關設施
https://ec.ltn.com.tw/article/breakingnews/3067301

Critical Bluetooth bug leaves Android users open to attack
https://www.welivesecurity.com/2020/02/07/google-critical-android-bluetooth-flaw-attack/

Google fixes no-user-interaction bug in Android's Bluetooth component
https://www.zdnet.com/article/google-fixes-no-user-interaction-bug-in-androids-bluetooth-component/#ftag=RSSbaffb68

How much electricity do all your smartphone chargers waste when not in use
https://www.zdnet.com/article/how-much-electricity-do-all-your-smartphone-chargers-waste-when-not-in-use/#ftag=RSSbaffb68

ANDROID SECURITY BULLETIN DECEMBER 2019: CRITICAL FLAWS WITHIN ANDROID OS LEADS TO PERMANENT DENIAL OF SERVICE
https://blog.eccouncil.org/android-security-bulletin-december-2019-critical-flaws-within-android-os-leads-to-permanent-denial-of-service/

Play Protect blocked 1.9B malware installs from non-Google sources last year
https://www.zdnet.com/article/play-protect-blocked-1-9b-malware-installs-from-non-google-sources-last-year/#ftag=RSSbaffb68

MIT researchers disclose vulnerabilities in Voatz mobile voting election app
https://www.zdnet.com/article/mit-researchers-disclose-vulnerabilities-in-voatz-mobile-voting-election-app/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
暗網潛航——黑客術概覽(五)──詭言浮說
http://bit.ly/2OPez9X

你下載的瀏覽器擴充功能安全嗎
https://blog.trendmicro.com.tw/?p=63314

門羅幣駭客組織《Outlaw》回歸,將以歐美企業為攻擊目標
http://bit.ly/39tJ0dH

CNCERT:境外黑客組織聲稱將對我國發起網路攻擊
https://news.sina.com.tw/article/20200212/34206992.html

國家網際網路應急中心:近期境外黑客組織擬攻擊我國視頻監控系統
https://kknews.cc/tech/y59ggrg.html

Facebook Messenger 及 IG 的 Twitter 頁面遭 OurMine 劫持
https://technews.tw/2020/02/10/social-networking-websites-twitter-page-was-compromised/

以色列資安研究:駭客能使用光通道,從螢幕的亮度變化竊取使用者資料
https://buzzorange.com/techorange/2020/02/10/hacker-get-data-from-screen/

企業上雲漏洞連連 驚現近20萬個不安全雲端範本
http://bit.ly/38hhBvd

科技防疫》駭客、工程師鍵盤救國! 實名系統72小時上線幕後
https://money.udn.com/money/story/5658/4342245

鍵盤救國是真的!看這群工程師,如何3天讓大家用健保卡記名買口罩
https://www.businessweekly.com.tw/focus/blog/3001698

糗!駭客入侵臉書的推特帳號 稱推特比較好駭
https://money.udn.com/money/story/10511/4330154

Wacom繪圖板會跟踪你打開的每一個應用程序
https://www.zdnet.com/article/wacom-drawing-tablets-track-every-app-you-open/

強化網路威脅情資共享 美DNI擬擴大民間參與
https://www.ydn.com.tw/News/372136

歐洲名校遭駭客勒索付了30個比特幣贖金
https://finance.sina.com.cn/stock/usstock/c/2020-02-06/doc-iimxyqvz0632688.shtml

不再躊躇,日本政府決定大力擁抱雲端,今年秋天開始將政府重要共用系統搬上雲
https://www.ithome.com.tw/news/135794

美國國安部買手機個資「抓」無證移民…鎖定數百萬人位置
http://bit.ly/2OLmeGb

美德間諜秘密曝光:多國通訊加密裝置疑一直被設「後門」
https://www.bbc.com/zhongwen/trad/world-51471429

科技先進增隱憂 美首將獨立駭客列間諜威脅
https://tw.appledaily.com/international/20200212/Y2SHNAKHJNCUY5CWYOHZM2CAD4/

美國路易斯安那州州長敦促官員做好網路攻擊的準備
https://www.securityweek.com/louisiana-governor-urges-officials-ready-cyberattacks

美司法部起訴4名解放軍駭客 眾議員:中國須以國家層級負責
https://news.ltn.com.tw/news/world/breakingnews/3066386

從 Windows 10 搬到 Linux!韓國政府正測試作業系統轉移
https://www.inside.com.tw/article/18877-south-koreas-government-explores-move-from-windows-to-linux-desktop

中共經濟間諜多樣化 FBI籲全面防堵
http://bit.ly/2S8qpOk

美國國防部推出網路安全新規範 CMMC,請廠商務必遵守
http://bit.ly/2HfLCjn

美司法部長籲取得諾基亞、愛立信控制股權 防中獨霸5G
https://money.udn.com/money/story/12926/4328181

罪證確鑿?美國安顧問稱:華為「走後門」長達10年
https://cnews.com.tw/137200212a05/

美國司法部起訴四名解放軍駭客 近1.5億美公民個資遭竊
http://bit.ly/2vqWSGH

4解放軍駭客遭美起訴 起底神秘「第54研究所」
https://newtalk.tw/news/view/2020-02-13/366178

共軍駭客竊美個資 掌握把柄藉機滲透
https://news.pchome.com.tw/internation/cna/20200211/index-15814066222997918011.html

Equifax個資外洩案 美起訴4解放軍「駭客」
https://tw.news.appledaily.com/international/20200211/WT4WO5ZS33GTK6OPR5IH2WXMFQ/

駭入信評公司資料庫 美國起訴中國4軍人
https://www.cna.com.tw/news/aopl/202002110004.aspx

網攻來襲!美國FBI警告:中國駭客密謀奪取EV技術
https://times.hinet.net/news/22777794

白宮國安顧問:中共惡意行動未因疫情而減緩
http://bit.ly/2SkXF56

印度黑客事件曝光後紅客聯盟發布5個字視頻,網友:紅客要出手了
https://kknews.cc/tech/nanqyjg.html

趁火打劫?這個時候,印度APT組織竟然對我國醫療機構發起定向攻擊
https://kknews.cc/tech/azko85j.html

Was Internet in Iran Hit by DDoS Attack
https://www.bankinfosecurity.com/was-internet-in-iran-hit-by-ddos-attack-a-13706

FBI is investigating more than 1,000 cases of Chinese theft of US technology
https://www.zdnet.com/article/fbi-is-investigating-more-than-1000-cases-of-chinese-theft-of-us-technology/#ftag=RSSbaffb68

FBI warns about ongoing attacks against software supply chain companies
https://www.zdnet.com/article/fbi-warns-about-ongoing-attacks-against-software-supply-chain-companies/#ftag=RSSbaffb68

Charming Kitten Uses Fake Interview Requests to Target Public Figures
https://threatpost.com/charming-kitten-uses-fake-interview-requests-to-target-public-figures/152628/

Malaysia warns of Chinese hacking campaign targeting government projects
https://www.zdnet.com/article/malaysia-warns-of-chinese-hacking-campaign-targeting-government-projects/#ftag=RSSbaffb68

MA-770.022020: MyCERT Advisory - Espionage campaign targeting Malaysia government officials
https://www.mycert.org.my/portal/advisory?id=MA-770.022020

Misconfigured Docker Registries Expose Orgs to Critical Risks
http://bit.ly/2SuARik

DoD to Require Cybersecurity Certification From Defense Contractors
http://bit.ly/2UzVzQl

Powerful Cyber Attack Takes Down 25% Of Iranian Internet
https://www.forbes.com/sites/daveywinder/2020/02/09/powerful-iran-cyber-attack-takes-down-25-of-national-internet/#1331a94b20dc

FBI Reportedly Says DDoS Attack Targeted Voter Registration
https://www.bankinfosecurity.com/fbi-reportedly-says-ddos-attack-targeted-voter-registration-a-13691

US Federal Court judge grants AWS request to temporarily block JEDI contract work
https://www.zdnet.com/article/u-s-federal-court-judge-grants-aws-request-to-temporarily-block-jedi-contract-work/#ftag=RSSbaffb68

NECにサイバー攻撃 防衛装備品の情報流出か
https://www.nikkei.com/article/DGXMZO55070860Q0A130C2CC1000/

ばらまき型攻撃メール(表題が顔文字)に関する注意喚起
https://www.cc.uec.ac.jp/blogs/news/2020/02/20200208malwarekaomoji.html

NEC、三菱電機も被害、中国ハッカー集団の全容
https://business.nikkei.com/atcl/gen/19/00002/020701079/?P=1

China's Hacking Spree Will Have a Decades-Long Fallout
https://www.wired.com/story/china-equifax-anthem-marriott-opm-hacks-data/

South Korea's government explores move from Windows to Linux desktop
https://www.zdnet.com/article/south-koreas-government-explores-move-from-windows-to-linux-desktop/#ftag=RSSbaffb68

Labor roasted over inconsistent stand on Australia's encryption laws
https://www.zdnet.com/article/labor-roasted-over-inconsistent-stand-on-australias-encryption-laws/#ftag=RSSbaffb68

US District Court rejects lawsuit trying to block T-Mobile-Sprint merger
https://www.zdnet.com/article/us-district-court-rejects-lawsuit-trying-to-block-t-mobile-sprint-merger/#ftag=RSSbaffb68

Enterprise companies struggle to control security certificates, cryptographic keys
https://www.zdnet.com/article/enterprise-companies-struggle-to-control-digital-certificates-public-key-infrastructure/#ftag=RSSbaffb68

Brazil launches cybersecurity strategy
https://www.zdnet.com/article/brazil-launches-cybersecurity-strategy/#ftag=RSSbaffb68

As support ends, Windows 7 users head for the exits
https://www.zdnet.com/article/as-support-ends-windows-7-users-head-for-the-exits/#ftag=RSSbaffb68

CIA Secretly Owned Swiss Encryption Firm for Years: Reports
https://www.bankinfosecurity.com/cia-secretly-owned-swiss-encryption-firm-for-years-reports-a-13713

States Press for Federal Resources to Fight Cyberthreats
https://www.bankinfosecurity.com/states-press-for-federal-resources-to-fight-cyberthreats-a-13714

US Counterintelligence Outlines 5 Key Priorities
https://www.bankinfosecurity.com/us-counterintelligence-outlines-5-key-priorities-a-13711

Crypto AG Unmasked: CIA Spied on Governments For Decades
https://www.infosecurity-magazine.com/news/crypto-ag-unmasked-cia-spied/

Gaza group strikes targets in Palestinian territories in new cyberattack wave
https://www.zdnet.com/article/gaza-group-strikes-targets-in-palestinian-territories-in-new-cyberattack-wave/#ftag=RSSbaffb68

10代のサイバー犯罪者を逮捕し続けた鬼の捜査官
https://business.nikkei.com/atcl/gen/19/00087/021000023/

Gaza group strikes targets in Palestinian territories in new cyberattack wave
https://www.ithome.com.tw/news/135797

臺北捷運109年新進人員甄試簡章
https://ssl.metro.taipei/workerdataV2/

[台北] 台大資安中心計畫專任助理
https://pttcareer.com/job/M.1581474818.A.9C4.html

【資訊工程類】網路管理/電腦系統工程師 (楊梅新區)
https://www.104.com.tw/job/6v74z

【資安所】技術合作組-策略行銷專案經理
https://www.104.com.tw/job/6vc2h

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
熱戀情人經常為自己挖的四個資安漏洞
https://blog.trendmicro.com.tw/?p=63401

當你個資外洩時會發生什麼事?(上)
https://blog.trendmicro.com.tw/?p=63237

防止資料外洩的 5 大基本對策(下)
https://blog.trendmicro.com.tw/?p=63243

武漢肺炎疫情期間,要警惕這些電信網路詐騙新手法
https://mp.weixin.qq.com/s/9SBgeAw1TqOqi1x5vd0MnA

資安漏洞導致用戶個資外洩 Twitter拒透露受害人數
https://newtalk.tw/news/view/2020-02-07/363565

荷蘭法院裁定福利監督系統侵犯了人們的隱私權利
https://zd.net/3bdgcrs

一家巴西公司公開了成千上萬名球迷的個人資料
https://www.zdnet.com/article/brazilian-firm-exposes-personal-details-of-thousands-of-soccer-fans/

以色列選舉應用程式現漏洞 洩漏逾600萬選民數據
http://bit.ly/37kiMZr

留言、分享送1盒口罩 警方:詐騙集團騙取個資千萬別信
https://money.udn.com/money/story/12524/4333431

2000箱口罩當幌子 假贈送真騙個資
https://www.chinatimes.com/realtimenews/20200210004565-260402?chdtv

駭客偽裝成 WHO 以電郵騙取個資
https://technews.tw/2020/02/13/hacker-pretend-who-send-email/

WHO防疫信是假的?駭客冒名發釣魚郵件騙個資 專家:連結別亂點
https://cnews.com.tw/137200213a03/

丹麥報稅網站軟體出錯,外洩1/5全國納稅人個資
https://www.ithome.com.tw/news/135758

9歲男童被冒名開卡 醫療保險機構個資遭駭
http://bit.ly/2UScpKq

Happy New Fear! Gift-wrapped spam and phishing
https://securelist.com/new-year-phishing-spam/96124/

Cops are getting full URLs under Australia's data retention scheme
https://www.zdnet.com/article/cops-are-getting-full-urls-under-australias-data-retention-scheme/#ftag=RSSbaffb68

Netanyahu's party exposes data on over 6.4 million Israelis
https://www.zdnet.com/article/netanyahus-party-exposes-data-on-over-6-4-million-israelis/#ftag=RSSbaffb68

Fraudsters Pose as Journalist in Phishing Campaign: Report
https://www.bankinfosecurity.com/fraudsters-pose-as-journalist-in-phishing-campaign-report-a-13694

Ireland's Privacy Watchdog Probing Google's Data Use
https://www.bankinfosecurity.com/irelands-privacy-watchdog-probing-googles-data-use-a-13689

LifeLabs data breach may impact almost everyone in B.C.
https://www.castanet.net/news/BC/276055/LifeLabs-data-breach-may-impact-almost-everyone-in-B-C

Software error exposes the ID numbers for 1.26 million Danish citizens
https://www.zdnet.com/article/software-error-exposes-the-id-numbers-for-1-26-million-danish-citizens/#ftag=RSSbaffb68

Is Digital Transformation Leaving your Company Exposed
https://info.keyfactor.com/the-impact-of-unsecured-digital-identities-2020-report-critical-trust-index

FBI: BEC scams accounted for half of the cyber-crime losses in 2019
https://www.zdnet.com/article/fbi-bec-scams-accounted-for-half-of-the-cyber-crime-losses-in-2019/#ftag=RSSbaffb68

More Phishing Campaigns Tied to Coronavirus Fears
https://www.bankinfosecurity.com/more-phishing-campaigns-tied-to-coronavirus-fears-a-13709

Coronavirus “safety measures” email is a phishing scam
https://nakedsecurity.sophos.com/2020/02/05/coronavirus-safety-measures-email-is-a-phishing-scam/

Amex, Chase Fraud Protection Emails Used as Clever Phishing Lure
https://www.bleepingcomputer.com/news/security/amex-chase-fraud-protection-emails-used-as-clever-phishing-lure/

How to Manage Your Privacy On and Off Facebook
https://blog.trendmicro.com/how-to-manage-your-privacy-on-and-off-facebook/

E.研究報告
一站式機器學習平台建設實踐
https://mp.weixin.qq.com/s/ZDRD0vAxkSqe4UeXi9avKQ

用 Jasmine 撰寫一個 JavaScript 的單元測試
https://dotblogs.com.tw/supershowwei/2020/02/10/143236

某攝像頭產品漏洞分析及解決方案
https://paper.seebug.org/1118/

CVE-2020-0609/0610 漏洞分析
https://www.chainnews.com/zh-hant/articles/622906871598.htm

深入了解Microsoft RTF格式和OLE漏洞
https://www.4hou.com/posts/kOvv

如何將XSS漏洞從中危提升到嚴重
https://cloud.tencent.com/developer/article/1580721

CVE-2020-0646:SharePoint 遠程代碼執行漏洞分析
https://www.chainnews.com/zh-hant/articles/947386377018.htm

海思0 day漏洞分析
https://www.4hou.com/posts/pXAy

跨站攻擊與文件上傳漏洞
https://www.colabug.com/2020/0212/6983033/

SonicWall SRA及SMA多個漏洞分析
https://www.anquanke.com/post/id/198663

Gaining Root From a Buffer Overflow Vulnerability
https://linuxsecurityblog.com/2019/12/09/gaining-root-from-a-buffer-overflow-vulnerability/

CVE-2019-12415: XML processing vulnerability in Apache POI
https://pentestmag.com/cve-2019-12415-xml-processing-vulnerability-in-apache-poi/

Getting Started with Chrome Ext Security (Extra)-Zoomeye Tools
http://bit.ly/2OBDnC4

Privilege Escalation Enumeration Script for Windows
https://github.com/itm4n/PrivescCheck

Forging SWIFT MT Payment Messages for fun and pr... research!
https://labs.f-secure.com/blog/forging-swift-mt-payment-messages

Raven - Linkedin Information Gathering Tool for Pentesters
https://hakin9.org/raven-linkedin-information-gathering-tool-for-pentesters/

Subdomain enumeration and information gathering tool
https://github.com/jonluca/Anubis

Awesome Penetration Testing
https://github.com/wtsxDev/Penetration-Testing

LFI and RFI —- The Website Security Vulnerabilities
https://hackersonlineclub.com/lfi-rfi/

A backdoor with a multitude of features.
https://github.com/AIOOSCP/BetterBackdoor

Subrake - A powerful Subdomain Scanner & Validator for Reconnaissance
https://hakin9.org/subrake-a-powerful-subdomain-scanner-validator-for-reconnaissance/

Create a Backdoor Shell Script in Python
https://linuxsecurityblog.com/2019/09/28/create-a-backdoor-shell-script-in-python/

Break into Router Gateways with Patator
https://null-byte.wonderhowto.com/how-to/break-into-router-gateways-with-patator-0194600/

GDA- Android Reverse Engineering Suite
https://hackersonlineclub.com/gda-android-reverse-engineering-suite/

Massdns : A High-Performance DNS Stub Resolver For Bulk Lookups & Reconnaissance
http://bit.ly/39mBUYy

Getting Started with Chrome Ext Security (Extra)-Zoomeye Tools
http://bit.ly/2OBDnC4

Blockchain — hacking smart contract with Ethernaut CTF (Part 1)
http://bit.ly/2ujbnwl

Artificial Intelligence Comes to Cyber Warfare
https://medium.com/swlh/spy-vs-spy-cyber-warfare-gets-automated-aba60ece738c

Useful OSCP Links
https://gist.github.com/natesubra/5117959c660296e12d3ac5df491da395

Android: How to Bypass Root Check and Certificate Pinning
http://bit.ly/39eTCwI

Intrusion alert: System uses machine learning, curiosity-driven ‘honeypots’ to stop cyber attackers
http://bit.ly/2vjivJi

Simple Remote Code Execution Vulnerability Examples for Beginners
https://medium.com/@ozguralp/simple-remote-code-execution-vulnerability-examples-for-beginners-985867878311

Find Vulnerable Devices On The Internet With Shodan
https://linuxsecurityblog.com/2019/09/09/find-vulnerable-devices-on-the-internet-with-shodan/

TheFatRat
https://github.com/Screetsec/TheFatRat

BlueTeamLabs/sentinel-attack
https://github.com/BlueTeamLabs/sentinel-attack

Carving file control blocks from memory dumps
https://dfir.ru/2020/02/09/carving-file-control-blocks-from-memory-dumps/

Legion - open source network penetration testing tool
https://hakin9.org/legion-open-source-network-penetration-testing-tool/

The Internals of AppLocker - Part 1 - Overview and Setup
https://www.tiraniddo.dev/2019/11/the-internals-of-applocker-part-1.html

The Internals of AppLocker - Part 2 - Blocking Process Creation
https://www.tiraniddo.dev/2019/11/the-internals-of-applocker-part-2.html?m=1

The Internals of AppLocker - Part 3 - Access Tokens and Access Checking
https://www.tiraniddo.dev/2019/11/the-internals-of-applocker-part-3.html?m=1

The Internals of AppLocker - Part 4 - Blocking DLL Loading
https://www.tiraniddo.dev/2019/11/the-internals-of-applocker-part-4.html?m=1

31-days-of-API-Security-Tips
https://github.com/smodnix/31-days-of-API-Security-Tips

Zero to OSCP Hero - PWK Course - Week 1
https://www.pathtoroot.net/l/zero-to-oscp-hero-pwk-course-week-1/

The Top 137 Osint Open Source Projects
https://awesomeopensource.com/projects/osint

OSINT Framework
https://osintframework.com/

awesome-osint
https://github.com/jivoi/awesome-osint

awesome-osint
https://github.com/jaikishantulswani/awesome-osint

awesome-osint
https://devhub.io/repos/jivoi-awesome-osint

TII Online Research Cheat Sheets
https://www.toddington.com/resources/cheat-sheets/

OSINT Quick Guide: Running a Domain Scan in Lampyre
https://medium.com/@raebaker/osint-quick-guide-running-a-domain-scan-in-lampyre-7dfacc4404fe

TOP 20 Open-Source Intelligence (OSINT) tools you should know in 2020
https://www.peerlyst.com/posts/top-20-open-source-intelligence-osint-tools-you-should-know-in-2020-chiheb-chebbi

NICTER 観測レポート 2019
https://www.nict.go.jp/cyber/report/NICTER_report_2019.pdf

Malware-Analysis
https://github.com/ashubits/Malware-Analysis

Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript
https://isc.sans.edu/diary/Sandbox+Detection+Tricks+%26+Nice+Obfuscation+in+a+Single+VBScript+/25780

2019 Internet Crime Report
https://pdf.ic3.gov/2019_IC3Report.pdf

DDoS attacks in Q4 2019
https://securelist.com/ddos-report-q4-2019/96154/

Needle- IOS Application Security Testing Framework
https://hackersonlineclub.com/needle-ios-application-security-testing-framework/

An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)
https://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-technical-analysis-of-curveball-cve-2020-0601/

F.商業
臉書Google傳放棄香港 海底電纜計畫改連台灣菲律賓
https://www.cna.com.tw/news/firstnews/202002080184.aspx

調查:去年36%原Oracle JDK開發者改用OpenJDK
https://ithome.com.tw/news/135732

無關地點 Citrix幫助企業建置辦公連續性
https://www.chinatimes.com/realtimenews/20200210002043-260410?chdtv

SEMI鎖定六大領域,要用半導體關鍵技術實現AI和5G應用
https://www.ithome.com.tw/news/135790

雲端、IoT受疫 資通訊營收添動能
https://www.chinatimes.com/newspapers/20200214000235-260202?chdtv

Microsoft backtracks on 'Bing-jacking' Chrome with its Microsoft Search extension
https://www.zdnet.com/article/microsoft-backtracks-on-bing-jacking-chrome-with-its-microsoft-search-extension/#ftag=RSSbaffb68

G.政府
國防部將招募240名後備戰士
http://bit.ly/2SaAhHs

數位身分證即將上路,我們準備好改變了嗎
https://www.bnext.com.tw/article/56498/eid-taiwan

北市體育局狂PO歐美謎片?臉書粉專畫面流出嚇壞民眾:扯
https://www.nownews.com/news/20200208/3924230/

「台北運動吧」被盜!A片連發讓體育局怒了 正式反擊
https://www.ettoday.net/news/20200208/1640778.htm?redirect=1

大量色情影片引發網友圍觀!北市體育局臉書疑遭駭
https://udn.com/news/story/7323/4329994

臉書帳號遭盜,狂噴色情連結影片病毒災情再起!自保3招這樣做
https://3c.ltn.com.tw/news/39457

出席國際智慧城市論壇 小英:將投入資安基礎建設
http://bit.ly/2voul4A

H.工控系統/SCADA/ICS
IEC62443為自動化及控制系統重要安全指標
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000577900_4jllv8kjl147451dwyaer

Siemens產品曝多個拒絕服務漏洞,均已修復
https://www.freebuf.com/column/227142.html

Open source takes on managing and securing the electrical grid
https://www.zdnet.com/article/open-source-takes-on-managing-and-securing-the-electrical-grid/#ftag=RSSbaffb68

Automaton takes center stage in enterprise cyberattacks
https://www.zdnet.com/article/automaton-takes-center-stage-in-enterprise-cyberattacks/#ftag=RSSbaffb68

I.教育訓練
Node.js常見突破學習與總結
https://xz.aliyun.com/t/7184

全球駭客事件頻傳 組織落實標準管理法為資安最佳防護策略
https://ithome.com.tw/pr/135751

Windows Red Team Cheat Sheet
https://morph3sec.com/

JavaScript: What are Stack and Queue
https://medium.com/javascript-in-plain-english/javascript-what-are-stack-and-queue-79df7af5a566

Knocking the door to Server-side Template Injection. Part 1
https://pentestmag.com/knocking-the-door-to-server-side-template-injection-part-1/

CARDING TUTORIAL
https://hackonology.com/blogs/carding-tutorial/

DOM clobbering
https://portswigger.net/web-security/dom-based/dom-clobbering

DOM Clobbering strikes back
https://portswigger.net/research/dom-clobbering-strikes-back

10 Cybersecurity Books Every Business Owner Should Read
http://bit.ly/31EJV8d

SSRF (Server Side Request Forgery)
http://bit.ly/2Scfjbf

Remote Exploitation 101-Root The Box
https://medium.com/@jawadsaqib6/remote-exploitation-101-root-the-box-d63bc659b385

Hack The Boxを楽しむためのKali Linuxチューニング
https://qiita.com/v_avenger/items/c85d946ed2b6bf340a84

How to Perform Static Malware Analysis with Radare2
https://www.peerlyst.com/posts/how-to-perform-static-malware-analysis-with-radare2-chiheb-chebbi

CSRF-BASICS
https://princetechhavenz.wordpress.com/2019/12/11/csrf-basics/

CSRF – PRACTICE
https://princetechhavenz.wordpress.com/2020/02/07/csrf-practice/

CSRF- 101
https://princetechhavenz.wordpress.com/2019/12/26/csrf-101/

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
智慧燈泡成駭客入侵目標!資安業者揭露攻擊手法慧燈泡用戶注意!智慧家居資安出包 駭客「這兩招」入侵家中
https://cnews.com.tw/137200210a05/

智慧燈泡成駭客入侵目標!資安業者揭露攻擊手法
https://3c.ltn.com.tw/news/39493

What's in your network? Shadow IT and shadow IoT challenge technology sensibilities
https://www.zdnet.com/article/shadow-it-and-now-shadow-iot-challenge-technology-leaders/#ftag=RSSbaffb68

IoT security is bad. It's time to take a different approach.
https://www.zdnet.com/article/iot-security-is-bad-its-time-to-take-a-different-approach/#ftag=RSSbaffb68

Disinfecting robots to fight coronavirus run into travel bans
https://www.zdnet.com/article/disinfecting-robots-to-fight-coronavirus-run-into-travel-bans/#ftag=RSSbaffb68

6.近期資安活動及研討會
【板橋/2020二月】WordPress #歡迎你來聚 2/15
https://www.meetup.com/Taipei-WordPress/events/268347650/

【課程】金融大數據分析平台實作,使用Python實作網路爬蟲,快速有效獲取必要資訊,打造自動化分析工具 2/15
https://www.techbang.com/tags/19419

Taipei Rails Meetup 2/18
https://www.meetup.com/rails-taiwan/events/dlgzljybcdbxb/

高雄 Rails Meetup 2/19
https://www.meetup.com/rails-taiwan/events/qxfvjkybcdbzb/

人工智慧小聚 - 新竹 2/19
https://www.meetup.com/AIA-Hsinchu/events/267801851/

Android Code Club(Taipei) 2/19
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcdbzb/

Certificate of Cloud Security Knowledge (CCSK) Plus 2/23 ~ 2/24
https://csacongress.org/event/csa-summit-at-rsa-conference-2020/

連網設備的資安風險與信任管理策略 2/25
https://www.caa.org.tw/coursedetail-3272.html

第19屆亞太資安論壇  2/25 ~ 2/26
https://www.informationsecurity.com.tw/Seminar/2020_Seminar/all/

Taipei 暗号通貨 (Cryptocurrency) Meetup 2/26
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcdbjc/

Android Code Club(Taipei) 2/26
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcdbjc/

區塊鏈電子郵件防詐及網路資安鑑識研討會  2/27
https://www.tca.org.tw/market_info1.php?n=2390

Thinking Thursday 第七場 2/27
https://www.meetup.com/Thinking-Thursday/events/266911452/

邊緣運算介紹與應用 & Let's AIY ( 人工智慧小聚 - Hsinchu#20200304 ) 3/4
https://www.meetup.com/AIA-Hsinchu/events/267713123/

Android Code Club(Taipei) 3/4
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcfbgb/

Monad 細說從頭! FunTh#81 3/5
https://www.meetup.com/Functional-Thursday/events/267683150/

Android Code Club(Taipei) 3/11
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcfbpb/

CYBERSEC 2020 臺灣資安大會 3/17 ~ 3/19
https://cyber.ithome.com.tw/

Scala Taiwan #37 3/18
https://www.meetup.com/Scala-Taiwan-Meetup/events/267899692/

韓國國際安全博覽會 3/18
https://www.twcert.org.tw/tw/cp-105-3230-a3bd4-1.html

數據分析與機器學習案例實務(一)以PM2.5為例 3/23
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3888&from_course_list_url=course_index

Taipei 暗号通貨 (Cryptocurrency) Meetup 3/25
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcfbhc/

交通大學駭客書院 - 緩衝區溢位攻擊與預防 3/28
https://hackercollege.nctu.edu.tw/?p=1141

black ASIA 2020 Singapore 3/31 ~ 4/3
https://www.blackhat.com/asia-20/briefings/schedule/

Kaspersky® Security Analyst Summit  4/6 ~ 4/9
https://thesascon.com/

邊緣計算系統之大數據與深度學習應用 4/10
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3883&from_course_list_url=course_index

交通大學駭客書院 -入侵行為發覺與應變指南 4/18
https://hackercollege.nctu.edu.tw/?p=1144

VXCON 2020 - APAC  4/18 ~ 4/19
https://www.vxcon.hk/

2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore  4/21 ~ 4/23
https://www.icscybersecurityconference.com/singapore/

Taipei 暗号通貨 (Cryptocurrency) Meetup 4/22
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcgbdc/

亞太資訊安全論壇暨展覽會 4/22
https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html

交通大學駭客書院 - 基礎網頁安全與滲透測試 4/25
https://hackercollege.nctu.edu.tw/?p=1147

交通大學駭客書院 -     基礎網站安全建構實務 5/16
https://hackercollege.nctu.edu.tw/?p=1151

交通大學駭客書院 -     電子郵件之偽造攻擊與防護措施 5/23
https://hackercollege.nctu.edu.tw/?p=1156

Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/

交通大學駭客書院 -     進階網頁滲透測試 5/30
https://hackercollege.nctu.edu.tw/?p=1159

邊緣計算系統之大數據與深度學習應用 6/5
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index

交通大學駭客書院 -     高階網頁滲透測試 6/13 6/20
https://hackercollege.nctu.edu.tw/?p=1161

交通大學駭客書院 -     企業網域控管-Active Directory攻擊與防禦 6/27
https://hackercollege.nctu.edu.tw/?p=1164

留言

這個網誌中的熱門文章

資安事件新聞週報 2019/2/25 ~ 2019/3/1

資安事件新聞週報  2019/2/25  ~  2019/3/1

1.重大弱點漏洞

Avast:數位家庭最容易有漏洞的裝置是印表機、網路裝置及監視器
https://ithome.com.tw/news/128997

F5 BIG-IP Access Policy Manager 跨站腳本漏洞  CVE-2019-6595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6595

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT
https://www.exploit-db.com/exploits/46444

報告:前十大熱門Docker映像檔都有至少30個以上的漏洞
https://www.ithome.com.tw/news/129018

有攻擊者正利用Chrome的0day漏洞偷取他人信息
https://nosec.org/home/detail/2294.html

Chrome瀏覽器被曝存在漏洞攻擊者可通過PDF收集用戶信息
http://www.sohu.com/a/298175326_114774?sec=wd

Google Chrome zero-day used in the wild to collect user data via PDF files
https://www.zdnet.com/article/google-chrome-zero-day-used-in-the-wild-to-collect-user-data-via-pdf-files/#ftag=RSSbaffb68

Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers
https://bit.ly/2H4ZAWr

研究人員揭露大批Thunderclap安全漏洞,允許惡意周邊裝置竊取記憶體機密資訊
https://www.ithome.com.tw/news/129021

新發現的thunderclap 漏洞允許黑客使用Thunderbolt/USB-C 外設攻擊PC
http://hackernews.cc/archives/24…

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



1月份資安社群及教育訓練活動分享

1月份資安社群及教育訓練活動分享

Android Code Club(Taipei) 1/1
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybccbcb/

From Reactive to Functional FunTh#80 1/2
https://www.meetup.com/Functional-Thursday/events/266805309/

Hacking Thursday 1/2
http://www.hackingthursday.org/invite

大數據爬蟲技術實作,使用Python實作網路爬蟲,快速有效獲取大量資料,打造自動化金融數據平台 1/4
https://www.techbang.com/posts/58613-course-python-crawler-technology-implementation

[Birthday Series] R-Ladies Taipei 五歲拉 1/6
https://www.meetup.com/rladies-taipei/events/266131216/

SDN x Cloud Native Meetup #24 1/6
https://www.meetup.com/CloudNative-Taiwan/events/267390135/

WizardAmigos CodeCamp [Taipei,JavaScript,­English] 1/6
https://www.meetup.com/WizardAmigos/events/bbdclrybccbjb/

新型郵件威脅與挑戰因應策略 1/7
https://engage2demand.cisco.com/LP=19240?dtid=oemels001119&ccid=cc000828&ecid=22859

發現 CNN 新大陸 (人工智慧小聚 - Hsinchu#20200108 ) 1/8
https://www.meetup.com/AIA-Hsinchu/events/266704469/

LISP talk: LISP in surrounding parentheses is supremely powerful #3  1/8
https…