跳到主要內容

資安事件新聞週報 2020/2/24 ~ 2020/2/28






資安事件新聞週報 2020/2/24 ~ 2020/2/28

1.重大弱點漏洞/後門/Exploit/Zero Day
研究:7家BLE系統單晶片的SDK含有眾多安全漏洞
https://www.ithome.com.tw/news/135969

IBM QRadar Advisor With Watson 加密問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4557

Zyxel修復了NAS設備中的嚴重漏洞
https://nosec.org/home/detail/4159.html

JVNVU#97748968 複数の ZyXEL 製品に含まれる weblogin.cgi にコマンドインジェクションの脆弱性
https://jvn.jp/vu/JVNVU97748968/

多項合勤防火牆、NAS產品爆指令注入漏洞可執行任意程式碼
https://www.ithome.com.tw/news/136038

Flaw in billions of Wi-Fi devices left communications open to eavesdropping
https://arstechnica.com/information-technology/2020/02/flaw-in-billions-of-wi-fi-devices-left-communications-open-to-eavesdroppng/

JVNVU#94679920 Apache Tomcat の複数の脆弱性に対するアップデート
https://jvn.jp/vu/JVNVU94679920/

思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

Cisco drops security fixes for Smart Software Manager, security appliances
https://www.helpnetsecurity.com/2020/02/21/cisco-security-fixes/

Cisco多款產品存在高危漏洞,均已修復
https://www.freebuf.com/column/228574.html

關於APACHE TOMCAT存在文件包含漏洞的安全公告
http://bit.ly/2TabRgv

Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2020-4204)
https://www.ibm.com/support/pages/node/2875875

Cisco軟件管理平台曝出默認密碼漏洞
https://nosec.org/home/detail/4143.html

因嚴重IE漏洞微軟再為已停止支持的WINDOWS 7發布安全更新
http://bit.ly/2SWEAVS

因嚴重 IE 漏洞 微軟再爲已停止支持的 Win7 發佈安全更新
https://www.chainnews.com/zh-hant/articles/602014569888.htm

建議各單位勿開啟遠端桌面協定(RDP),以避免系統遭到入侵
http://net.nthu.edu.tw/2009/mailing:announcement:20200221_01

IE記憶體毁損漏洞傳有攻擊發生,迫使微軟對Windows 7發出例外修補
https://www.ithome.com.tw/news/135970

微軟更新Azure Security Center現可偵測Linux上的無檔案攻擊
https://www.ithome.com.tw/news/135991

駭客正在掃描微軟Exchange伺服器漏洞,還沒修補的請儘快
https://www.ithome.com.tw/news/136043

D-Link DGS-1250 Header Injection
https://packetstormsecurity.com/files/156473/dlinkdgs1250-inject.txt

AVIRA Generic Malformed Container Bypass
https://packetstormsecurity.com/files/156472/TZO-19-2020.txt

Open-Xchange App Suite / Documents Server-Side Request Forgery
https://packetstormsecurity.com/files/156474/oxappsuite-ssrf.txt

通航DVR存在安全漏洞,煩請儘速確認並進行更新
http://net.nthu.edu.tw/2009/mailing:announcement:20200224_01

通航DVR - 未經授權存取維護管理介面
https://tvn.twcert.org.tw/taiwanvn/TVN-201910003

VULNERABILITIES IN VMWARE
http://bit.ly/2uoCoOK

Google系統出包緊急修復漏洞 旗下智慧家居卻當機17小時
https://cnews.com.tw/137200227a05/

Google patches Chrome zero-day under active attacks
https://www.zdnet.com/article/google-patches-chrome-zero-day-under-active-attacks/#ftag=RSSbaffb68

Google Chrome瀏覽器存在安全漏洞(CVE-2020-6407與CVE-2020-6418)
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1115

Google Chrome 多個漏洞
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html

Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks
https://thehackernews.com/2020/02/google-chrome-zero-day.html

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users
https://thehackernews.com/2020/02/firefox-dns-over-https.html

New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices
https://thehackernews.com/2020/02/kr00k-wifi-encryption-flaw.html

Kr00k A serious vulnerability deep inside Wi-Fi encryption
https://www.eset.com/int/kr00k/

Kr00k漏洞讓駭客可解密Wi-Fi封包 至少10億台連網產品曝險
http://bit.ly/2T73d3H

Kr00k:允許黑客“破壞” Wi-Fi網絡的錯誤
https://zh-tw.secnews.gr/213451/kr00k%E8%87%B3sfalma-pou-epitrepei-stous-chakers-na-spasoun-diktya-wi-fi/

OpenSMTPD 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8794

Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass
https://www.exploit-db.com/exploits/48135

JVN#11708203 複数のリコー製プリンタおよび複合機における複数のバッファオーバーフローの脆弱性
https://jvn.jp/jp/JVN11708203/

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
資安威脅無所不在 2019年資安險投保件數明顯增
https://m.ctee.com.tw/livenews/aj/a78817002020022122395599?area=

資安險投保夯,去年增3.5倍
http://bit.ly/2PmalHc

臺德加強雙邊銀行業及保險業之跨境監理合作
http://bit.ly/2va10v6

顛覆傳統金融 金管會核准十件創新試辦業務
https://money.udn.com/money/story/5613/4364466

綁Google Pay的Paypal帳戶遭盜刷,美、德及俄國用戶遭殃
https://www.ithome.com.tw/news/135997

中華民國保險代理人商業同業公會提醒業者應注意駭客利用近期嚴重特殊傳染性肺炎疫情,透過惡意郵件、惡意程式等方式進行社交工程攻擊
http://www.ciaa.org.tw/pages/HotNewsDetail_04.aspx?PKID=20200224000007

二二八連假 金管會要求保險公司保戶服務不中斷
https://money.udn.com/money/story/5613/4371937

澳洲多家銀行與金融單位接獲 DDoS 攻擊威脅
https://www.twcert.org.tw/tw/cp-104-3401-3023a-1.html

Indian income tax agency patched a security flaw that would’ve allowed hackers to take over its site
http://bit.ly/2T0pb76

Credit Card Skimmer Found on Nine Sites, Researchers Ignored
https://www.bleepingcomputer.com/news/security/credit-card-skimmer-found-on-nine-sites-researchers-ignored/

Public warned of new banking scam targeting social media users
https://www.corkbeo.ie/news/local-news/public-warned-new-banking-scam-17798023

住信SBIネット銀行などのシステム障害 ほぼ解消
https://www3.nhk.or.jp/news/html/20200223/k10012297941000.html

黑客在PayPal的Google Pay集成中發現漏洞進行未經授權的付款
https://www.cnbeta.com/articles/tech/948363.htm

PayPal accounts are getting abused en-masse for unauthorized payments
https://www.zdnet.com/article/paypal-accounts-are-getting-abused-en-masse-for-unauthorized-payments/#ftag=RSSbaffb68

Grab raises $850M from Japanese investors to fuel financial services push
https://www.zdnet.com/article/grab-raises-850m-from-japanese-investors-to-fuel-financial-services-expansion/#ftag=RSSbaffb68

Australian banks targeted by DDoS extortionists
https://www.zdnet.com/article/australian-banks-targeted-by-ddos-extortionists/

ACSC Aware of DDoS Threats being made against Australian Organisations
https://www.cyber.gov.au/threats/acsc-aware-ddos-threats-being-made-against-australian-organisations

18 Sniffers Steal Payment Card Data from Print Store Customers
https://www.bleepingcomputer.com/news/security/18-sniffers-steal-payment-card-data-from-print-store-customers/#.XlZOfygtEVc.twitter

3.電子支付/電子票證/行動支付/ pay/新聞及資安
金管會鬆綁電支機構合作帳戶 幫民眾省手續費
http://pchome.megatime.com.tw/news/cat1/20200220/15822043937677522003.html

電支帳戶限制再鬆綁 開放信合社農業金庫
http://bit.ly/37Q9HYU

Brazil unveils instant payments platform
https://www.zdnet.com/article/brazil-unveils-instant-payments-platform/#ftag=RSSbaffb68

4.虛擬貨幣/區塊鍊相關新聞及資安
資安專欄:圖文拆解「交易挖礦始祖 FCoin」資產流向,鼎盛時期便埋下禍根
https://www.blocktempo.com/fcoin-asset-flow-history/

國家級數位貨幣實驗,瑞典央行先行計畫測試數位克朗
https://finance.technews.tw/2020/02/25/sweden-starts-testing-new-official-digital-currency/

瑞典中央銀行開始測試數位貨幣電子克朗
https://www.ithome.com.tw/news/135962

高調炫富到發文求助!一比特幣富豪 SIM 卡被駭,「13.7億」的 BTC BCH 遭竊引市場恐慌
https://m.xuite.net/blog/jodenh/jOrz/588928720

MASEx為TTChain提供擴張資金,將徹底改變數位資產交易所生態系統
http://www.businesswirechina.com/hk/news/42862.html

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
首例!「羅賓漢」勒索軟體借Gigabyte舊驅動程式「謀殺」安全軟體
http://bit.ly/39Txp7T

LokiBot 偽裝成熱門遊戲啟動器並植入可編譯的C#程式碼檔案
https://blog.trendmicro.com.tw/?p=63489

偽裝韓國公平貿易委員會的惡意垃圾郵件,夾帶勒索病毒與竊個資木馬
https://blog.trendmicro.com.tw/?p=63430

駭客發送暗藏木馬程式的疫情資訊,讓你的電腦也感染「新冠病毒」
https://buzzorange.com/techorange/2020/02/24/coronavirus-computer-version/

疫症當前混水摸魚 報告指駭客利用疫情偽裝攻擊
http://bit.ly/2w1QZ38

Check Point:Haken惡意程式成功進駐Google Play上的8款Android程式
https://www.ithome.com.tw/news/135983

小心!惡意軟體Emotet假新冠肺炎之名發動郵件攻擊
https://www.ctwant.com/article/38515

銀行木馬Emotet 再進化, 新增 Wi-Fi 散播能力
https://blog.trendmicro.com.tw/?p=63467

惡意軟體Emotet偽裝成新型冠狀病毒資訊,這些疫情連結千萬不要亂點
https://www.techbang.com/posts/76407-the-virus-is-rampant-too-malware-spread-under-the-theme-of-new-coronavirus

勢科技年度資安總評出爐 去年攔截超過6100萬次勒索病毒攻擊
https://cnews.com.tw/124200226a01/

小心你的電腦也染上「新冠病毒」!這類郵件、檔案千萬別點開
https://cnews.com.tw/137200225a05/

駭客集團勾結獲利!醫療業成勒索病毒苦主,看準受害者怕曝光心態
https://www.bnext.com.tw/article/56719/trendmicro-bec-ransomware

勒索病毒成資安主要威脅 去年逾700家醫院受害
https://newtalk.tw/news/view/2020-02-27/373151

簡單又便宜的資料竊取軟體服務大為流行,可竊取六十多種應用軟體的資料
https://www.twcert.org.tw/tw/cp-104-3398-2208a-1.html

Cybersecurity Research During the Coronavirus Outbreak and After
https://securelist.com/cybersecurity-research-during-the-coronavirus-outbreak-and-after/96275/

Microsoft Brings Defender Antivirus for Linux, Coming Soon for Android and iOS
https://thehackernews.com/2020/02/windows-defender-atp-linux-android.html

2020-02-11 - PCAP AND MALWARE FOR AN ISC DIARY (URSNIF)
https://www.malware-traffic-analysis.net/2020/02/11/index.html

2020-02-19 - TRICKBOT GTAG WECAN23 INFECTION
https://www.malware-traffic-analysis.net/2020/02/19/index.html

SMS Phishing Campaign Used to Spread Emotet: Report
https://www.bankinfosecurity.com/sms-phishing-campaign-used-to-spread-emotet-report-a-13749

Facilities Maintenance Firm Recovering From Malware Attack
https://www.bankinfosecurity.com/facilities-maintenance-firm-recovering-from-malware-attack-a-13747

ObliqueRAT linked to threat group launching attacks against government targets
https://zd.net/2up7UMB

Coronavirus now attacks the cyber world
https://www.nationalheraldindia.com/flick-past/coronavirus-now-attacks-the-cyber-world

Palestinians Targeted By ‘Gazan’ Hackers As Researchers Unearth Mysterious New Backdoor
http://bit.ly/2wIT2cT

January 2020’s Most Wanted Malware: Coronavirus-themed spam spreads malicious Emotet malware
http://bit.ly/3a2LbVZ

Palestinians Targeted By ‘Gazan’ Hackers As Researchers Unearth Mysterious New Backdoor
http://bit.ly/2wIT2cT

NEW CYBER ESPIONAGE CAMPAIGNS TARGETING PALESTINIANS - PART 1: THE SPARK CAMPAIGN
http://bit.ly/2HRxlcY

NEW CYBER ESPIONAGE CAMPAIGNS TARGETING PALESTINIANS - PART 2: THE DISCOVERY OF THE NEW, MYSTERIOUS PIEROGI BACKDOOR
http://bit.ly/3c27Za6

ATM Malware WinPotv3 showme.exe
http://bit.ly/2Vg5Od5

ATM Malware WinPotv3 555.exe
http://bit.ly/39WzfVB

DoppelPaymer Ransomware Launches Site to Post Victim's Data
https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-launches-site-to-post-victims-data/

New Mozart Malware Gets Commands, Hides Traffic Using DNS
https://www.bleepingcomputer.com/news/security/new-mozart-malware-gets-commands-hides-traffic-using-dns/

Mobile malware evolution 2019
https://securelist.com/mobile-malware-evolution-2019/96280/

Coronavirus-themed Attacks Target Global Shipping Concerns
https://www.proofpoint.com/us/corporate-blog/post/coronavirus-themed-attacks-target-global-shipping-concerns

Coronavirus-Themed Emails Deliver Malware, Phishing, Scams
https://www.securityweek.com/coronavirus-themed-emails-deliver-malware-phishing-scams

Coronavirus Fears Exploited in Phishing Attacks
https://appriver.com/resources/blog/january-2020/coronavirus-fears-exploited-phishing-attacks

Scam Of The Week: Coronavirus Phishing Attacks In The Wild
https://blog.knowbe4.com/heads-up-scam-of-the-week-coronavirus-phishing-attacks-in-the-wild

Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT
https://www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html

North Korea Is Recycling Mac Malware. That's Not the Worst Part
https://www.wired.com/story/malware-reuse-north-korea-lazarus-group/

Hackers Expand Their Repertoire as Trend Micro Blocks 52 Billion Threats in 2019
https://blog.trendmicro.com/hackers-expand-their-repertoire-as-trend-micro-blocks-52-billion-threats-in-2019/

Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-may-tip-nasdaq-on-attacks-to-hurt-stock-prices/#.XlcgBmPbbSk.twitter

B.行動安全 / iPhone / Android /穿戴裝置 /App
「尋找我的手機」亂跳通知?台灣三星曝原因原來是
https://cnews.com.tw/137200221a03/

新冠肺炎疫情助攻宅經濟 大陸APP下載量2月大爆發
http://bit.ly/2T3u5jN

5G商用台灣7月後啟動5G商用!三大供應商各有特色
https://newtalk.tw/news/view/2020-02-23/370511

Google Play「大屠殺」下架600款軟體!大動作懲處 獵豹移動旗下程式全遭刪
https://cnews.com.tw/137200224a04/

TikTok又碰壁 美運輸局宣布禁用
http://bit.ly/2STuw1b

谷歌警告:華為新款手機用戶若加載Gmail和Youtube會有資安漏洞
https://www.cmmedia.com.tw/home/articles/20062

三星在查找手機應用程式出現烏龍推送後主動調查資料洩露
https://news.xfastest.com/samsung/76978/samsung-blasts-galaxy-phones-worldwide-with-weird-1-notification/

烏龍推播後又出包!三星證實洩漏150用戶個資 稱兩項技術錯誤無關連
https://cnews.com.tw/137200226a05/

三星官方證實,發生手機用戶個人資料洩露問題
https://news.knowing.asia/news/a92f1dac-81ca-4b89-ac71-5ec9bced415f

德媒:很多剛出廠的安卓手機就裝有後門 可監視主人
https://www.soundofhope.org/post/347938?lang=b5

Google 開始限制 Android App 於背景追蹤用戶所在地資訊
https://www.twcert.org.tw/tw/cp-104-3396-3a4dc-1.html

Google Play Store 中多個 Android 平台 VPN App 可能帶來嚴重資安風險
https://www.twcert.org.tw/tw/cp-104-3395-dfd64-1.html

提防手機公共充電站的「Juice Jacking」陷阱
https://www.hkcert.org/my_url/zh/blog/20022801

Google Bans 600 Android Apps from Play Store for Serving Disruptive Ads
https://thehackernews.com/2020/02/android-adware-apps-banned.html

Automation: Take the fast lane on the path to 5G
https://www.blueplanet.com/blog/automation-take-the-fast-lane-on-the-path-to-5G.html

Is your phone listening to you
https://www.welivesecurity.com/2020/02/24/is-your-phone-listening-to-you/

New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users
https://thehackernews.com/2020/02/lte-network-4g-vulnerability.html

Google Advises Android Developers to Encrypt App Data On Device
https://thehackernews.com/2020/02/android-app-data-encryption.html

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
資安人必看!SecBuzzer 暗網情資整理(2020 年 1、2 月號)
https://secbuzzer.co/post/173

全新駭侵攻擊手法,可繞過 AWS 伺服器上防火牆並自由進出
https://www.twcert.org.tw/tw/cp-104-3397-0e893-1.html

雲端資安,讓 IT 人員輾轉難眠的四個原因
https://blog.trendmicro.com.tw/?p=63447

另類白武士 2019 年有 7 位道德駭客賞金收入超 100 萬美元
https://hk.xfastest.com/47110/hackerone-white-hat/

資安問題當道,電商經營不可忽略的三大安全關卡
http://bit.ly/2Px97ZH

Google開發者大會聚焦AI、資安議題 不畏疫情照辦但官方表示「受理退票」
https://cnews.com.tw/137200224a02/

肺炎疫情也在網路延燒,Check Point 提醒相關資安風險
https://technews.tw/2020/02/24/check-point-warnning-covid-19-risk-at-internet/

從防疫反思網路安全策略
https://ithome.com.tw/voice/136058

PTT洩露總統秘密行程 中華電信員工遭開除
https://www.chinatimes.com/realtimenews/20200228001712-260402?ctrack=mo_main_rtime_p15&chdtv

新型數位化投票機 可靠度遭質疑
http://bit.ly/2VfchVE

上GIT 我只想知道為什麼一直斷線 駭客攻擊 一直瘋狂斷線我怎麼傳 駭客攻擊
https://memes.tw/wtf/164561

刑事局警官逮學生駭客 愛心輔導後變身資安公司CEO
https://www.ettoday.net/news/20200225/1653281.htm

NCT官推被駭客攻入!混韓圈久了,什麼世面都能見到
https://www.koreastardaily.com/tc/news/124520

連駭客都生氣!國外企業不理會網站漏洞提醒 駭客獲悉乾脆寄信警告消費者
https://www.ettoday.net/news/20200224/1653023.htm

60萬人粉專遭駭「狂發A片」! 9年心血被毀…施菲亞搶不回崩潰:世上還有公理嗎
https://star.ettoday.net/news/1651778

辣模臉書遭駭「狂發A片」 慘淪色情頁面崩潰了
https://ent.ltn.com.tw/news/breakingnews/3077356

駭客入侵太多次!智慧門鈴災情頻傳 宣布強制用戶啟動雙重認證機制
https://cnews.com.tw/137200222a02/

企業防疫應變新思維 遠距工作資安監控零死角
http://www.ctimes.com.tw/DispNews/tw/2002210759RM.shtml

中國政府的「另類防疫」:組織網軍,刪除網路上的負面疫情消息
https://buzzorange.com/techorange/2020/02/26/coronavirus-cyber-army/

美國關切:台灣敏感技術遭中國買走或盜走 中資滲透還有很多法制漏洞
https://www.cmmedia.com.tw/home/articles/20055

美國防部要求承包商須具備網路安全認證
https://www.isda.org.tw/2020/02/7496776930d1f7fc03aaf5e8f69764d5/

美英指責俄羅斯駭客大舉攻擊喬治亞
https://ithome.com.tw/news/135956

美國白宮對華為限制措施仍未定案 有官員形容華為像「黑手黨」
https://news.cnyes.com/news/id/4446233

澳情報官:外國間諜威脅前所未有 程度超冷戰
https://www.epochtimes.com/b5/20/2/24/n11892672.htm

澳情報機構示警:新納粹崛起、間諜活動超越冷戰
https://news.ltn.com.tw/news/world/breakingnews/3079026

澳洲破獲重要間諜網 潛伏特工祕密活動多年
https://www.epochtimes.com/b5/20/2/25/n11893839.htm

從美國起訴中國網軍看戰略支援部隊
http://bit.ly/2VuBUBL

Home Affairs pushes back against encryption law proposals
https://www.zdnet.com/article/home-affairs-pushes-back-against-encryption-law-proposals/#ftag=RSSbaffb68

FBI recommends passphrases over password complexity
https://www.zdnet.com/article/fbi-recommends-passphrases-over-password-complexity/#ftag=RSSbaffb68

Municipal Cyberattacks Put Us All at Risk: What Can We Learn From Previous Attacks
https://securityintelligence.com/articles/municipal-cyberattacks-put-us-all-at-risk-what-can-we-learn-from-previous-attacks/

US, UK Blame Russia for Cyberattack in Country of Georgia
https://www.bankinfosecurity.com/us-uk-blame-russia-for-cyberattack-in-country-georgia-a-13748

Symantec Security Summary
https://www.symantec.com/blogs/feature-stories/symantec-security-summary

Cyber attack on PM’s office, state bodies attributed to foreign spies
http://bit.ly/32sZ7WK

FBI Makes Arrest in DDoS Attack on Candidate's Website
https://www.bankinfosecurity.com/fbi-makes-arrest-in-ddos-attack-on-candidates-website-a-13754

FBI
https://www.documentcloud.org/documents/6782920-USA-v-Dam.html

Gamaredon APT Improves Toolset to Target Ukraine Government, Military
https://threatpost.com/gamaredon-apt-toolset-ukraine/152568/

R0000275:【2020 趨勢科技全年實習】軟體核心研發 (資安威脅研究/機器學習/雲端架構/系統設計與開發類)
https://m.104.com.tw/job/6vpgy

網路資安工程師
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=867460&HIRE_ID=9562643

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
美國國防部所屬單位遭駭,相關人員之個人資訊被竊
https://www.twcert.org.tw/tw/cp-104-3402-5b79e-1.html

駭客如何通過電匯詐騙在三天內盜走了45萬美元
https://on.wsj.com/32qd1cc

擁有190萬追蹤的電玩直播頻道遭駭,進行比特幣詐騙斬獲24,000 美元
https://www.blocktempo.com/youtube-channel-neebs-got-hacked/

知名 YouTube 電玩直播頻道被盜,用以進行加密貨幣詐騙
https://www.twcert.org.tw/tw/cp-104-3382-e0dd6-1.html

MGM飯店超過千萬名住客資料被洩露到駭客論壇
https://www.ithome.com.tw/news/135944

小賈斯丁也遭殃!美國 MGM 飯店爆大規模資料外洩
https://www.inside.com.tw/article/19001-us-mgm-resorts-intl-cyber-leak

米高梅酒店千萬賓客個資遇駭 受害者包括政商名流
https://udn.com/news/story/6813/4360915

美國防部通訊IT單位去年員工個資疑遭外洩
https://www.ithome.com.tw/news/135945

負責總統通訊安全機構也被駭 20萬人受影響
https://udn.com/news/story/6813/4360916

少女為衝高點閱率 竟散布疫情假訊息
https://tw.news.appledaily.com/local/20200221/DLU2LS3VEZ4S2A7PXTKPNKC3MU/

控粉絲外流「肉包包」性愛片 直播主判賠15萬
https://tw.news.appledaily.com/local/20200221/WRSNBV2WJDS2XESRYJ7PVETZFQ/

打擊不實資訊要全社會參與!AIT辦科技挑戰賽 台灣「防詐達人」抱回逾520萬獎金
https://www.storm.mg/article/2315286

對抗假訊息 酈英傑:須社會共同參與
https://news.ltn.com.tw/news/politics/paper/1353530

詐團駭客耍疫招,騙錢騙個資
http://bit.ly/2HJL8lN

帳號密碼太簡單容易破解,太難又記不住怎麼辦?五個方法幫助你保管所有密碼
https://www.storm.mg/lifestyle/2322495

FBI:以長密詞取代密碼、不應設定密碼變更期間或次數上限
https://ithome.com.tw/news/135993

企業郵件詐騙連刑事局也頭痛!區塊鏈新創推防詐工具,一鍵讓駭客現形
https://www.bnext.com.tw/article/56731/blockchainsecurity-bec-cybersecurity

維護用戶資安優先!蘋果宣布限制網站安全憑證效期縮至398天
https://news.sina.com.tw/article/20200227/34359678.html

美臉部辨識新創「Clearview AI」遇駭 全部客戶名單遭竊
https://news.ltn.com.tw/news/world/breakingnews/3082551

LINE官方3招防詐騙 教用戶辨識「釣魚網站」
https://www.ettoday.net/news/20200227/1655321.htm

全面資訊一手掌握:網路防護、網路陷阱,做個數位公民
http://bit.ly/3abppiM

推特疫情謠言滿天飛 查核中心揭殭屍帳號6特點
https://news.ltn.com.tw/news/life/breakingnews/3082528

數據分析公司不當取得用戶個資 臉書提聯邦訴訟
https://www.cna.com.tw/news/aopl/202002280106.aspx

以色列選舉系統漏洞導致選民資料外洩
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16356

設定不當的 AWS S3 儲存貯體,外洩 36,000 筆受刑人紀錄
https://blog.trendmicro.com.tw/?p=63464

Financial and Customer Info being Exposed in Slickwraps Data Breach
https://www.ehackingnews.com/2020/02/financial-and-customer-info-being.html

New Mexico Sues Google for Mining Children's Data
https://www.bleepingcomputer.com/news/legal/new-mexico-sues-google-for-mining-childrens-data/

Defense Department Agency Reports Data Breach
https://www.bankinfosecurity.com/defense-department-agency-reports-data-breach-a-13750

Hackers Gain Access to Sensitive Data; Release Veterans’ Stolen Data Related To PTSD Claims
https://www.ehackingnews.com/2020/02/hackers-gain-access-to-sensitive-data.html

BEC Group Favors G-Suite, Physical Checks: Report
https://www.bankinfosecurity.com/bec-group-favors-g-suite-physical-checks-report-a-13755

Exaggerated Lion
https://www.agari.com/cyber-intelligence-research/whitepapers/acid-agari-exaggerated-lion.pdf

Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing
https://thehackernews.com/2020/02/spear-phishing-cybersecurity.html

WhatsApp and Telegram Group Links Leaked Online
https://www.ehackingnews.com/2020/02/whatsapp-and-telegram-group-links.html?utm_source=dlvr.it&utm_medium=twitter

E.研究報告
每次登入 Windows Server 2019 都出現關機事件追蹤器(Shutdown Event Tracker)
https://dotblogs.com.tw/supershowwei/2020/02/17/110128

(MINILSM)忍!project-scott MiniLSM被暴露出現0day突破,你還敢用嗎
https://github.com/ICEYSELF/project-scott/issues/24

個案分析-勒索病毒Mailto分析報告_10902
https://cert.tanet.edu.tw/prog/opendoc.php?id=2020022610024747648378775106244.pdf

Tomcat AJP協議漏洞分析與利用
https://zhuanlan.zhihu.com/p/108410246

GPAC空指針解引用漏洞
https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521

GhostCat-從源代碼比對到漏洞利用
https://www.colabug.com/2020/0223/7031283/

如何實時查看MISP實例的威脅情報信息
https://www.freebuf.com/articles/network/226685.html

個人技術站一把罩!部落格建置大全(二)- 將 Github Page 串上自己的域名
http://bit.ly/2HR8GFa

手動標註標籤即將成為過去式
http://bit.ly/2w47efY

Firefox漏洞利用研究(一)
https://www.freebuf.com/vuls/226853.html

淺談XSS漏洞
https://blog.csdn.net/weixin_45589086/article/details/104495548

CVE-2020-0618復現及分析
https://bbs.pediy.com/thread-257827.htm

Weblogic漏洞搭建與復現:CVE-2017-10271
https://cloud.tencent.com/developer/article/1590638

Day5 - 做一個與 LINE Notify 連動的服務
http://bit.ly/39ZsqCF

LINE Notify + Flask 的範例專案
https://github.com/louis70109/flask-line-notify

從零開始在 Windows 使用 Node.js 打造專屬於你的 LINE Bot 聊天機器人
http://bit.ly/2w4Of4Y

PENTESTER’S WINDOWS NTFS TRICKS COLLECTION
https://sec-consult.com/en/blog/2018/06/pentesters-windows-ntfs-tricks-collection/

Exercises for C# Workshop at Wild West Hackin' Fest 2018 & 2019
https://github.com/redcanaryco/wwhf

Exploiting Routers With Routersploit
https://linuxsecurityblog.com/2019/09/26/exploiting-routers-with-routersploit/

An Overview of Cryptography
https://www.garykessler.net/library/crypto.html

hammerhead-lineageos
https://sourceforge.net/projects/hammerhead-lineageos/

How Microsoft 365’s new solution uses machine learning to stop data leaks and insider attacks
https://blogs.microsoft.com/ai/insider-risk-management-microsoft-365/

Sharepoint RCE
https://www.inputzero.io/2020/02/sharepoint-rce.html

Hacking AWS Cognito Misconfigurations
https://www.notsosecure.com/hacking-aws-cognito-misconfigurations/

NekoBot | Auto Exploiter With 500+ Exploit 2000+ Shell
https://github.com/tegal1337/NekoBotV1

All in one subdomain and vulnerability scanner
https://github.com/theamanrawat/voobar

A list of useful payloads and bypass for Web Application Security and Pentest/CTF
https://github.com/swisskyrepo/PayloadsAllTheThings

Diamorphine Rootkit Signal Privilege Escalation
https://packetstormsecurity.com/files/156462/diamorphine_rootkit_signal_priv_esc.rb.txt

DECRYPTTEAMVIEWER : DECRYPT TEAMVIEWER CREDENTIALS FROM WINDOWS REGISTRY
https://www.easyhack.in/2020/02/23/decryptteamviewer-decrypt-teamviewer-credentials-from-windows-registry/

Escalate Yourself on Windows Platform
https://medium.com/@liau.weijie/escalate-yourself-on-windows-platform-885acd2a51ce

YET ANOTHER SOAR DESIGN
https://www.peerlyst.com/posts/yet-another-soar-design-can-topay

How to Brute Force FTP Servers in Python
https://www.thepythoncode.com/article/brute-force-attack-ftp-servers-using-ftplib-in-python

A Network Enumeration and Attack Toolset
https://github.com/m8r0wn/ActiveReign

SQLi Without Quotes
https://web.archive.org/web/20180920195115/https://eternalnoobs.com/sqli-without-quotes/

AngularJS Client Side Template Injection (XSS)
http://ghostlulz.com/angularjs-client-side-template-injection-xss/

Introduction To Modern Routing For Red Team Infrastructure - using Traefik, Metasploit, Covenant and Docker
https://khast3x.club/posts/2020-02-14-Intro-Modern-Routing-Traefik-Metasploit-Docker/

Blue Eye a python Recon Tookit script
https://hackingpassion.com/blue-eye-a-python-recon-toolkit/

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage
https://github.com/lanjelot/patator

xerosploit
https://github.com/PleXone2019/

Cacti v1.2.8 authenticated Remote Code Execution (CVE-2020-8813)
https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/

Chirp of the PoisonFrog
https://ironnet.com/blog/chirp-of-the-poisonfrog/

Automated pentest framework for offensive security experts
https://github.com/1N3/Sn1per

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process
https://github.com/superhedgy/AttackSurfaceMapper

SQL Injection Cheat Sheet
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/

Exploiting Jira for Host Discovery
https://medium.com/tenable-techblog/exploiting-jira-for-host-discovery-43be3cddf023

Create a Persistent Back Door with Kali, Netcat and Weevely
https://linuxsecurityblog.com/2018/09/13/create-a-persistent-back-door-with-kali-netcat-and-weevely/

Legion - open source network penetration testing tool
https://hakin9.org/legion-open-source-network-penetration-testing-tool/

Windows 10 Privacy Guide: Settings Everyone Should Use
https://www.bleepingcomputer.com/news/microsoft/windows-10-privacy-guide-settings-everyone-should-use/

Nexus - Just another stealer
https://fr3d.hk/blog/nexus-just-another-stealer

PyFuscation
https://github.com/CBHue/PyFuscation

A ransomware developed in python, with bypass technics, for educational purposes
https://github.com/ReddyyZ/DeathRansom

Bramble is a hacking Open source suite
https://github.com/marcrowProject/Bramble

Router Analysis Part 1: UART Discovery and SPI Flash Extraction
https://wrongbaud.github.io/router-teardown/

Jaeles - The Swiss Army knife for automated Web Application Testing
https://hakin9.org/jaeles-the-swiss-army-knife-for-automated-web-application-testing/

Cutting Google out of your life (2019)
https://github.com/tycrek/degoogle

AMSI_Handler
https://github.com/two06/AMSI_Handler

7 Tools For Malicious Document Creation
https://bestestredteam.com/2019/03/19/7-tools-for-malicious-document-creation/

Handling Errors in ASP .NET Core 3.1
https://wakeupandcode.com/handling-errors-in-asp-net-core-3-1/

Python django postgresql An new vulnerability has been found in django’s postgresql module
https://blog.firosolutions.com/exploits/python-django-vulnerability-2020/

7 Tips To Keep Windows 7 Secure After End Of Life
https://hackersonlineclub.com/7-tips-to-keep-windows-7-secure-after-end-of-life/

5 Practical Scenarios for XSS Attacks
https://pentest-tools.com/blog/xss-attacks-practical-scenarios/

How to Make Flash Drive That Copy's Users Files Silently and Automatically
https://www.instructables.com/id/How-to-make-flash-drive-that-copys-users-files-si/

SSRF 101: How Server-Side Request Forgery Sneaks Past Your Web Apps
http://bit.ly/3c5ymMa

Web Application Exploits and Defenses
https://google-gruyere.appspot.com/

Awesome Shodan Search Queries
https://github.com/jakejarvis/awesome-shodan-queries

PivotSuite: Hack The Hidden Network – A Network Pivoting Toolkit
https://hackersonlineclub.com/pivotsuite-hack-the-hidden-network/

Insecure Direct Object Reference (IDOR) — Web-based Application Security, Part 6
https://securityboulevard.com/2020/02/insecure-direct-object-reference-idor-web-based-application-security-part-6/

Use CVE-2020-0668 to perform an arbitrary privileged file move operation
https://github.com/RedCursorSecurityConsulting/CVE-2020-0668

OpenDXL Ontology project
https://github.com/opencybersecurityalliance/opendxl-ontology

Trying to unmask the fake Microsoft support scammers
https://securelist.com/trying-to-unmask-the-fake-microsoft-support-scammers-17/33734/#comment-3020138

Keyloggers: How they work and how to detect them (Part 1)
https://securelist.com/keyloggers-how-they-work-and-how-to-detect-them-part-1/36138/#comment-3019332

Keyloggers: Implementing keyloggers in Windows. Part Two
https://securelist.com/keyloggers-implementing-keyloggers-in-windows-part-two/36358/

Smartphone shopaholic
https://securelist.com/smartphone-shopaholic/95544/#comment-2990139

Congratulations, you’ve won! The reality behind online lotteries
https://securelist.com/congratulations-youve-won-the-reality-behind-online-lotteries/36450/#comment-2988693

Scammers’ delivery service: exclusively dangerous
https://securelist.com/scammers-delivery-service-exclusively-dangerous/66515/#comment-2987776

How I hacked my smart bracelet
https://securelist.com/how-i-hacked-my-smart-bracelet/69369/#comment-2999297

Dumping Firmware With the CH341a Programmer | by Rick Wisser
https://hakin9.org/dumping-firmware-with-the-ch341a-programmer-by-rick-wisser/

(Ab)using bash-fu to analyze recent Aggah sample
https://blog.malwarelab.pl/posts/basfu_aggah/

A post-exploitation powershell tool for extracting juicy info from memory
https://github.com/putterpanda/mimikittenz

F.商業
紅帽OS整合雲端分析與自動管理,強化企業工作負載支援
https://www.ithome.com.tw/review/134119

施宣輝專訪(一)/安碁資訊進化 打資安國際盃
https://money.udn.com/money/story/5649/4365672

施宣輝專訪(二)/CEO賽車手 眼光放遠
https://money.udn.com/money/story/5649/4365675

疫情延燒,研調:資安電信等 5 大領域增溫
http://technews.tw/2020/02/25/covid-19-rise-5-industries-up/

思科發佈全新雲端平台SecureX ,簡化資安防護並降低複雜性
http://www.compotechasia.com/a/press/2020/0225/44058.html

Google Cloud釋出Chronicle威脅偵測、企業版reCAPTCHA
https://ithome.com.tw/news/135992

RSA大會2020創新沙盒冠軍出爐,SECURITI.ai新創聚焦隱私合規
https://www.ithome.com.tw/news/136002

IBM、McAfee發起的開放網路安全聯盟OCA,釋出資安產品共通語言框架
https://ithome.com.tw/news/136014

醫療資訊應用升級窒礙 資安策略或成解方
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000579412_PCO3EOHD29MDOF1Y5FFO0

BEC防詐 從事前防禦到事後調查完整解決方案
https://money.udn.com/money/story/5640/4375576

電子郵件詐騙頻傳 台灣區塊鏈新創研發獨步全球解決方案
https://www.rti.org.tw/news/view/id/2053259

區塊科技推出可做電子郵件檢查、加密與存證以防範釣魚詐騙的ChkSender
http://bit.ly/2I5Ghvq

McAfee買下瀏覽器隔離技術開發商Light Point Security
https://ithome.com.tw/news/136028

Symantec Participates in Latest MITRE ATT&CK® Evaluation
https://www.symantec.com/blogs/expert-perspectives/symantec-participates-latest-mitre-attckr-evaluation

F5 brings WAF app protection to the NGINX platform
https://www.zdnet.com/article/f5-brings-waf-app-protection-to-the-nginx-platform/#ftag=RSSbaffb68

Cisco unveils SecureX cloud platform for improved security visibility
https://www.zdnet.com/article/cisco-unveils-securex-cloud-platform-for-improved-security-visibility/#ftag=RSSbaffb68

Redefining Security Orchestration and Automation with Cortex XSOAR
https://blog.paloaltonetworks.com/2020/02/cortex-xsoar/

The Cortex XSOAR Ecosystem is Exploding with Partner-Owned Integrations
https://blog.paloaltonetworks.com/2020/02/cortex-xsoar-ecosystem/

How to Use a Firewall for Network Traffic Analysis and Behavioral Detection
https://blog.paloaltonetworks.com/2020/02/cortex-network-traffic-analysis/

Gmail Is Catching More Malicious Attachments With Deep Learning
https://www.wired.com/story/gmail-catching-more-malicious-attachments-deep-learning/

Using the FortiGuard Labs Threat Landscape Report to Defend Against Evolving Cybercrime
https://www.fortinet.com/blog/threat-research/using-the-fortiguard-labs-threat-landscape-report-to-defend-against-evolving-cybercrime.html

Exploitation Framework for Embedded Devices
https://github.com/threat9/routersploit

攻撃グループBlackTech が使用するLinux用マルウエア (ELF_TSCookie)
https://blogs.jpcert.or.jp/ja/2020/02/elf_tscookie.html

G.政府
謹言慎行保密 嚴守資安防駭
https://www.ydn.com.tw/News/373869

Linker Networks臺南辦公室正式揭牌
https://www.chinatimes.com/realtimenews/20200224003230-260410?chdtv

台灣全新「數位身分證」真的要啟動了?超便民5大亮點整理,綁定手機、加密個資還有一堆小細節
https://www.elle.com/tw/life/tech/a31126570/digital-identity-card/

全球第21大超級電腦助攻,國網中心要當產學界AI推手
https://www.ithome.com.tw/people/135989

H.工控系統/SCADA/ICS
Vulnerability Spotlight: Multiple vulnerabilities in Moxa AWK-3131A
https://blog.talosintelligence.com/2020/02/vuln-spotlight-moxa-awk-feb-2020.html

Moxa MGate 5105-MB-EIP firmware Vulnerability
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-8858

Moxa PT-7528和PT-7828 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6983

思科發現Moxa工業設備中的十二個高危漏洞
https://nosec.org/home/detail/4152.html

JVN#25766797 Aterm WF1200CR 、WG1200CR および WG2600HS における複数の OS コマンドインジェクションの脆弱性
https://jvn.jp/jp/JVN25766797/

I.教育訓練
SQL Murder Mystery
https://mystery.knightlab.com/walkthrough.html

Network Address Translation
https://packetlife.net/media/library/32/NAT.pdf

Physical Treminations
https://packetlife.net/media/library/22/physical_terminations.pdf

Wireshark Commands Cheatsheet
https://hackersonlineclub.com/wireshark-commands-cheatsheet/

Hack The Box: Zetta
https://gr4n173.github.io/2020/02/22/htb-zetta.html

HackTheBox Writeup — Zetta
https://medium.com/@hussaini.faisal/hackthebox-writeup-zetta-d236212776fc

Peerlyst Community eBook: 32 Influential Malware Research Professionals
https://www.peerlyst.com/posts/peerlyst-community-ebook-32-influential-malware-research-professionals-peerlyst

How to become a Cloud Security Expert
https://www.peerlyst.com/posts/how-to-become-a-cloud-security-expert-guy-bertrand-kamga

Nebula – fake your echo (level01) – walkthrough
https://www.peerlyst.com/posts/nebula-fake-your-echo-level01-walkthrough-prasanna-v-balaji

Beginner’s Guide to Pentesting IoT Architecture/Network and Setting Up IoT Pentesting Lab
http://bit.ly/2VfWfL6

Introduction to Ethical Hacking and Penetration Testing
https://www.peerlyst.com/posts/introduction-to-ethical-hacking-and-penetration-testing-1-chiheb-chebbi

Cybersecurity Research Topic Guidelines
https://www.theweborion.com/blog/cybersecurity-research-topic-guidelines/

Open Source Data Protection/Privacy Regulatory Mapping Project
https://github.com/microsoft/data-protection-mapping-project

IT to Red Team: How to Make the Jump
https://www.peerlyst.com/posts/it-to-red-team-how-to-make-the-jump-matt-george

HOW TO PREPARE FOR THE ECSA EXAM
https://blog.eccouncil.org/how-to-prepare-for-the-ecsa-exam/

29 Practical Examples of Nmap Commands for Linux System/Network Administrators
https://www.tecmint.com/nmap-command-examples/

How to bypass Machine Learning Malware Detectors with Generative adversarial Networks
http://bit.ly/38XmYAd

Computer Forensics: A Method to Recover Data from MySQL Database by Utilizing Binlog
http://bit.ly/2uskPNP

Hacking Tools with Python: Part 1
https://resources.infosecinstitute.com/writing-hacking-tools-with-python-part-1/

Hacking Tools with Python: Part 2
https://resources.infosecinstitute.com/hacking-tools-with-python-part-2/#article

ABD - Course Materials For Advanced Binary Deobfuscation
https://www.kitploit.com/2020/02/abd-course-materials-for-advanced.html

Antivirus fundamentals: Viruses, signatures, disinfection
https://www.kaspersky.co.uk/blog/signature-virus-disinfection/7799/

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
IoT and connected devices: The best thing to happen to home automation, or a frustrating mess
https://zd.net/37WYHZv

Gold-nuggeting: Machine learning tool simplifies target discovery for pen testers
https://portswigger.net/daily-swig/gold-nuggeting-machine-learning-tool-simplifies-target-discovery-for-pen-testers

Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/model-hacking-adas-to-pave-safer-roads-for-autonomous-vehicles/

意法STM32L5首款 兼具低功耗與資安的IoT微控制器
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?CnlID=13&cat=10&id=0000579079_ZFUL96FB8L2B7I8X33GI8

Nation's youngest engineers further Army drone ambitions
https://www.zdnet.com/article/nations-youngest-engineers-to-further-army-drone-ambitions/#ftag=RSSbaffb68

6.近期資安活動及研討會
Coffee & Code 3/1
https://www.meetup.com/Innovate-Taiwan/events/268999350/

WizardAmigos CodeCamp [Taipei,JavaScript,­English] 3/2
https://www.meetup.com/WizardAmigos/events/vdttmrybcfbdb/

邊緣運算介紹與應用 & Let's AIY ( 人工智慧小聚 - Hsinchu#20200304 ) 3/4
https://www.meetup.com/AIA-Hsinchu/events/267713123/

Android Code Club(Taipei) 3/4
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcfbgb/

#28 Azure Machine Learning - 圖形化介面的免費 Studio 與付費的 Designer 之差異 3/4
https://www.meetup.com/Azure-Taiwan/events/268794485/

台北以太坊社群月聚 Monthly Taipei Ethereum Meetup 3/5
https://www.meetup.com/Taipei-Ethereum-Meetup/events/269000957/

「智慧機械與資安解決方案」技術交流媒合會 3/5
https://forms.gle/ZRksvpLu1hDHUm538

Monad 細說從頭! FunTh#81 3/5
https://www.meetup.com/Functional-Thursday/events/267683150/

Multi-threaded programming in Python 3/11
https://www.meetup.com/pythonhug/events/268925062/

Android Code Club(Taipei) 3/11
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcfbpb/

GDG Hsinchu #05 - 如何應用ok Google結合物聯網打造智慧生活 3/12
https://www.meetup.com/GDG-Hsinchu/events/268976601/

人工智慧小聚 - 新竹 ◤從 RNN 到 Attention,自然語言處理的前世今生◢ ◤字型生成經驗分享◢ 3/18
https://www.meetup.com/AIA-Hsinchu/events/268649939/

Scala Taiwan #37 3/18
https://www.meetup.com/Scala-Taiwan-Meetup/events/267899692/

韓國國際安全博覽會 3/18
https://www.twcert.org.tw/tw/cp-105-3230-a3bd4-1.html

Taipei.py 2020 三月聚會 (March Monthly Meeting) 3/19
https://www.meetup.com/Taipei-py/events/268681120/

Study Group - Clean Coder 3/19
https://www.meetup.com/Women-Who-Code-Taipei/events/jlmfprybcfbzb/

數據分析與機器學習案例實務(一)以PM2.5為例 3/23
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3888&from_course_list_url=course_index

Taipei 暗号通貨 (Cryptocurrency) Meetup 3/25
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcfbhc/

Thinking Thursday 第七場 3/26
https://www.meetup.com/Thinking-Thursday/events/266911452/

Flutter Taipei 2020 暖開幕 | Warm Up Party 3/27
https://www.meetup.com/Flutter-Taipei/events/269033933/

交通大學駭客書院 - 緩衝區溢位攻擊與預防 3/28
https://hackercollege.nctu.edu.tw/?p=1141

black ASIA 2020 Singapore 3/31 ~ 4/3
https://www.blackhat.com/asia-20/briefings/schedule/

Kaspersky® Security Analyst Summit  4/6 ~ 4/9
https://thesascon.com/

QGIS地理資訊研習班 4/8 ~ 4/9
https://www.accupass.com/event/2002120936323517290110

邊緣計算系統之大數據與深度學習應用 4/10
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3883&from_course_list_url=course_index

第二屆ICANN APAC-TWNIC Engagement Forum 與第34屆TWNIC IP政策資源管理會議 4/16
https://forum.twnic.tw/2020/registration.htm

交通大學駭客書院 -入侵行為發覺與應變指南 4/18
https://hackercollege.nctu.edu.tw/?p=1144

VXCON 2020 - APAC  4/18 ~ 4/19
https://www.vxcon.hk/

2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore  4/21 ~ 4/23
https://www.icscybersecurityconference.com/singapore/

Taipei 暗号通貨 (Cryptocurrency) Meetup 4/22
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcgbdc/

亞太資訊安全論壇暨展覽會 4/22
https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html

交通大學駭客書院 - 基礎網頁安全與滲透測試 4/25
https://hackercollege.nctu.edu.tw/?p=1147

2020 LINE Taiwan Developers Recruitment Day  4/25
https://engineering.linecorp.com/zh-hant/blog/2020-line-taiwan-technical-recruitment-day/

交通大學駭客書院 -     基礎網站安全建構實務 5/16
https://hackercollege.nctu.edu.tw/?p=1151

交通大學駭客書院 -     電子郵件之偽造攻擊與防護措施 5/23
https://hackercollege.nctu.edu.tw/?p=1156

Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/

交通大學駭客書院 -     進階網頁滲透測試 5/30
https://hackercollege.nctu.edu.tw/?p=1159

邊緣計算系統之大數據與深度學習應用 6/5
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index

交通大學駭客書院 -     高階網頁滲透測試 6/13 6/20
https://hackercollege.nctu.edu.tw/?p=1161

交通大學駭客書院 -     企業網域控管-Active Directory攻擊與防禦 6/27
https://hackercollege.nctu.edu.tw/?p=1164

CYBERSEC 2020 臺灣資安大會 8/12
https://cyber.ithome.com.tw/


留言

這個網誌中的熱門文章

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



資安事件新聞週報 2019/2/25 ~ 2019/3/1

資安事件新聞週報  2019/2/25  ~  2019/3/1

1.重大弱點漏洞

Avast:數位家庭最容易有漏洞的裝置是印表機、網路裝置及監視器
https://ithome.com.tw/news/128997

F5 BIG-IP Access Policy Manager 跨站腳本漏洞  CVE-2019-6595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6595

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT
https://www.exploit-db.com/exploits/46444

報告:前十大熱門Docker映像檔都有至少30個以上的漏洞
https://www.ithome.com.tw/news/129018

有攻擊者正利用Chrome的0day漏洞偷取他人信息
https://nosec.org/home/detail/2294.html

Chrome瀏覽器被曝存在漏洞攻擊者可通過PDF收集用戶信息
http://www.sohu.com/a/298175326_114774?sec=wd

Google Chrome zero-day used in the wild to collect user data via PDF files
https://www.zdnet.com/article/google-chrome-zero-day-used-in-the-wild-to-collect-user-data-via-pdf-files/#ftag=RSSbaffb68

Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers
https://bit.ly/2H4ZAWr

研究人員揭露大批Thunderclap安全漏洞,允許惡意周邊裝置竊取記憶體機密資訊
https://www.ithome.com.tw/news/129021

新發現的thunderclap 漏洞允許黑客使用Thunderbolt/USB-C 外設攻擊PC
http://hackernews.cc/archives/24…

1月份資安社群及教育訓練活動分享

1月份資安社群及教育訓練活動分享

Android Code Club(Taipei) 1/1
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybccbcb/

From Reactive to Functional FunTh#80 1/2
https://www.meetup.com/Functional-Thursday/events/266805309/

Hacking Thursday 1/2
http://www.hackingthursday.org/invite

大數據爬蟲技術實作,使用Python實作網路爬蟲,快速有效獲取大量資料,打造自動化金融數據平台 1/4
https://www.techbang.com/posts/58613-course-python-crawler-technology-implementation

[Birthday Series] R-Ladies Taipei 五歲拉 1/6
https://www.meetup.com/rladies-taipei/events/266131216/

SDN x Cloud Native Meetup #24 1/6
https://www.meetup.com/CloudNative-Taiwan/events/267390135/

WizardAmigos CodeCamp [Taipei,JavaScript,­English] 1/6
https://www.meetup.com/WizardAmigos/events/bbdclrybccbjb/

新型郵件威脅與挑戰因應策略 1/7
https://engage2demand.cisco.com/LP=19240?dtid=oemels001119&ccid=cc000828&ecid=22859

發現 CNN 新大陸 (人工智慧小聚 - Hsinchu#20200108 ) 1/8
https://www.meetup.com/AIA-Hsinchu/events/266704469/

LISP talk: LISP in surrounding parentheses is supremely powerful #3  1/8
https…