資安事件新聞週報 2020/2/3 ~ 2020/2/7
資安事件新聞週報 2020/2/3 ~ 2020/2/7
1.重大弱點漏洞/後門/Exploit/Zero Day
思科交換器多個漏洞
https://tools.cisco.com/security/center/publicationListing.x
可取國際(icatch)DVR攝影主機遭網路惡意入侵,煩請儘速確認並進行韌體更新
https://cert.tanet.edu.tw/prog/showrpt.php?id=3566
IBM WebSphere Application Server 阻斷服務狀況漏洞
https://www.ibm.com/support/pages/node/1285372
Fortinet 產品多個漏洞
https://fortiguard.com/psirt/FG-IR-19-013
Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers
https://thehackernews.com/2020/01/openbsd-opensmtpd-hacking.html
Cisco 驚爆重大 CDP 安全漏洞,全球數以百萬計網路裝置拉警報
https://technews.tw/2020/02/06/cisco-flaws-put-millions-of-workplace-devices-at-risk/
思科私有協定CDP遭爆含有5個零時差漏洞,危及數千萬裝置
https://www.ithome.com.tw/news/135697
5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras
https://thehackernews.com/2020/02/cisco-cdp-vulnerabilities.html
Webtareas 2.0 - 'id' SQL Injection
https://www.exploit-db.com/exploits/47959
Patching the Citrix ADC Bug Doesn't Mean You Weren't Hacked
https://www.bleepingcomputer.com/news/security/patching-the-citrix-adc-bug-doesnt-mean-you-werent-hacked/#.Xi22GMNp0EU.twitter
Sudo爆可取得根帳號權限的漏洞
https://www.ithome.com.tw/news/135665
Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root
https://thehackernews.com/2020/02/sudo-linux-vulnerability.html
Vulnerability Spotlight: Denial-of-service, information leak bugs in Mini-SNMPD
https://blog.talosintelligence.com/2020/02/vuln-spotlight-mini-snmpd-feb-2020.html
macOS Catalina 10.15.3修復Apple Mail漏洞 加密郵件不再被看光光
https://www.ettoday.net/news/20200206/1639303.htm
Hackers Exploited Trend Micro Zero-day In Mitsubishi Electric Hack
https://amingosec.blog/2020/02/02/hackers-exploited-trend-micro-zero-day-in-mitsubishi-electric-hack/
RHEL 8 Still Vulnerable to “Magellan 2” SQLite Bugs, as Patches Drop
https://www.cbronline.com/enterprise-it/software/sqlite-vulnerability-red-hat/
Chrome 80出爐了,修補56個安全漏洞
https://ithome.com.tw/news/135670
RIP FTP? File Transfer Protocol switched off by default in Chrome 80
https://www.theregister.co.uk/2020/02/05/ftp_deprecated_chrome/
Google cuts Chrome 'patch gap' in half, from 33 to 15 days
https://www.zdnet.com/article/google-cuts-chrome-patch-gap-in-half-from-33-to-15-days/#ftag=RSSbaffb68
Microsoft Office遠程代碼執行漏洞
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652
qemu-pwn-cve-2015-7504堆重疊細分分析
https://www.anquanke.com/post/id/197638
研究人員揭露海思半導體晶片的後門漏洞
https://www.ithome.com.tw/news/135675
華為旗下海思芯片現漏洞黑客可入侵控製網絡攝錄機
http://bit.ly/39foHAs
Researcher: Backdoor mechanism still active in devices using HiSilicon chips
https://www.zdnet.com/article/researcher-backdoor-mechanism-discovered-in-devices-using-hisilicon-chips/#ftag=RSSbaffb68
Realtek Fixes DLL Hijacking Flaw in HD Audio Driver for Windows
https://www.bleepingcomputer.com/news/security/realtek-fixes-dll-hijacking-flaw-in-hd-audio-driver-for-windows/#.XjoYpcTZ5g8.twitter
Nasty Linux, macOS sudo bug found and fixed
https://www.zdnet.com/article/nasty-linux-macos-sudo-bug-found-and-fixed/#ftag=RSSbaffb68
Linux and macOS PCs hit by serious Sudo vulnerability
https://www.techradar.com/news/linux-and-macos-pcs-hit-by-serious-sudo-vulnerability
廠商釋出 DVR 新版 firmware,以對應先前針對資安漏洞的駭侵攻擊
https://www.twcert.org.tw/tw/cp-104-3301-3594c-1.html
Trend Micro Password Manager內存使用漏洞
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123595.aspx
CVE-2020-7980/Intellian Satellian Aptus Web控制台存在遠程命令執行漏洞
https://qiita.com/shimizukawasaki/items/4b35efce0307c4e2efcd
GitLab CE/EE服務器端請求偽造漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20499
SonicOS權限提升漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7479
The Rise of the Open Bug Bounty Project
https://thehackernews.com/2020/02/open-bug-bounty-project.html
Critical Bluetooth Vulnerability in Android (CVE-2020-0022)
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
JVN#52486659 Ghostscript におけるアクセス制限回避の脆弱性
https://jvn.jp/jp/JVN52486659/
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
美國連鎖超商 Wawa 三千萬顧客個資被竊
https://www.twcert.org.tw/tw/cp-104-3280-c0eb5-1.html
金融科技創新園區 啟動第三梯招募
https://money.udn.com/money/story/5636/4319463
召開首次董事會LINE Bank估Q3正式營運
https://ec.ltn.com.tw/article/paper/1350305
入侵數千家網路商店的Magecart盜卡組織成員,在印尼被捕
https://blog.trendmicro.com.tw/?p=63308
比讚被偽造指紋 深偽詐騙恐成Fintech資安隱憂
https://money.udn.com/money/story/5613/4325965
新加坡金管局維持貨幣政策立場不變 必要時再放寬
http://bit.ly/3bizxYb
【金融業抗疫對策:金管會】金融業紛紛啟動緊急應變預定對策,保險業更分6級因應武漢肺炎
https://ithome.com.tw/news/135685
協力制定洗防相關法規期待金管會加速溝通
https://www.chinatimes.com/newspapers/20200207000309-260210
Wawa Breach: Hackers Put 30 Million Stolen Payment Card Details for Sale
https://thehackernews.com/2020/01/wawa-credit-card-breach.html
Cyber News Rundown: Magecart Hackers Arrested
https://www.webroot.com/blog/2020/01/31/cyber-news-rundown-magecart-hackers-arrested/
Stolen Payment Card Trafficking Mastermind Pleads Guilty
https://www.bankinfosecurity.com/stolen-payment-card-trafficking-mastermind-pleads-guilty-a-13644
Nigerian banks and rising cyber threats
https://guardian.ng/business-services/nigerian-banks-and-rising-cyber-threats/
금융보안원, 국내 금융권 피싱 공격 배후 분석 결과 발표
https://www.fsec.or.kr/user/bbs/fsec/41/18/bbsDataView/1373.do
국내 금융권 타깃 60만건 피싱메일 보낸 ‘TA505 위협그룹’ 분석 보고서 발표돼
https://www.dailysecu.com/news/articleView.html?idxno=104622
Suspected Magecart Hackers Arrested in Indonesia
https://www.infosecurity-magazine.com/news/suspected-magecart-hackers/#.XjAuDM_6J70.twitter
INTERPOL supports arrest of cybercriminals targeting online shopping websites
https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-supports-arrest-of-cybercriminals-targeting-online-shopping-websites
3.電子支付/電子票證/行動支付/ pay/新聞及資安
行動支付/行動支付身世大解謎
http://times.hinet.net/topic/22770444
4.虛擬貨幣/區塊鍊相關新聞及資安
Kraken 交易所安全部門揭露「Trezor冷錢包」漏洞:僅花 15 分鐘就成功破解駭入
https://www.blocktempo.com/kraken-hacked-trezors-bitcoin-wallets-in-just-15-minutes/
新手幣讀 加密貨幣儲蓄理財方案的七大誤區
https://money.udn.com/money/story/5636/4316585
以太坊隱私交易平台Tornado.cash 因用戶界面漏洞,導致百名用戶信息或遭洩露
https://www.lianshijie.com/news/318238
加密貨幣新用途 烏拉圭獎勵市民回收塑料
http://bit.ly/37Vzsrj
新加坡金管局局長:與中國央行就數字貨幣等展開討論
https://news.sina.com.tw/article/20200203/34124126.html
2019加密貨幣市場的風風雨雨,帶給了我們什麼教訓
https://news.sina.com.tw/article/20200205/34141502.html
馬斯克警告:Twitter加密貨幣騙案已達嚴重程度
http://bit.ly/2UqbHDX
區塊鏈數位貨幣 恆久保存的挑戰
https://www.chinatimes.com/newspapers/20200207000310-260210?chdtv
IMF總裁也關注!對於近期火紅的CBDC,各國央行總裁這麼說
https://news.knowing.asia/news/cd08372a-82f6-4b88-ad49-ecb73fafec62
Bug hunter finds cryptocurrency-mining botnet on DOD network
https://www.zdnet.com/article/bug-hunter-finds-cryptocurrency-mining-botnet-on-dod-network/
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
駭客利用冠狀病毒事件傳播惡意軟體
http://big5.pconline.com.cn/b5/pcedu.pconline.com.cn/1318/13187707.html
去年發送惡意Office檔的駭客,又利用HTML轉址手法散布木馬程式
https://www.ithome.com.tw/news/135612
小心!利用武漢肺炎的病毒與網釣郵件已開始流竄
https://www.ithome.com.tw/news/135613
武漢肺炎疫情通知信,竟是駭客發的
https://blog.trendmicro.com.tw/?p=63326
賺「數位災難財」?駭客利用武漢肺炎恐懼,散播惡意郵件
https://www.inside.com.tw/article/18815-hackers-coronavirus-malware
微軟安全情報:傳奇球星 Kobe 墜機逝世,惡意挖礦程式 CoinHive 透過其圖片桌布偷算力
https://news.xfastest.com/others/76151/microsoft-finds-cryptocurrency-mining-script-in-kobe-bryants-photo/
Ransomware Exploits GIGABYTE Driver to Kill AV Processes
https://www.bleepingcomputer.com/news/security/ransomware-exploits-gigabyte-driver-to-kill-av-processes/#.Xjy-uPMivzQ.twitter
Living off another land: Ransomware borrows vulnerable driver to remove security software
https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/
[Heads-up] Scam Of The Week: Coronavirus Phishing Attacks In The Wild
https://blog.knowbe4.com/heads-up-scam-of-the-week-coronavirus-phishing-attacks-in-the-wild?nCOV-2019-bc-index
Hackers using coronavirus scare to spread Emotet malware in Japan
https://www.techrepublic.com/article/hackers-using-coronavirus-scare-to-spread-emotet-malware-in-japan/
Android Malware Targets Diabetic Patients
https://www.fortinet.com/blog/threat-research/android-malware-targets-diabetic-patients.html
Ransomware hits TV & radio news monitoring service TVEyes
https://www.zdnet.com/article/ransomware-hits-tv-radio-news-monitoring-service-tveyes/#ftag=RSSbaffb68
Coronavirus Campaigns Spread Emotet, Malware
https://threatpost.com/coronavirus-propagate-emotet/152404/
The coronavirus has reached the web, according to Kaspersky
https://www.intelligentcio.com/africa/2020/01/30/the-coronavirus-has-reached-the-web-according-to-kaspersky/
TA505 APT Group Returns With New Techniques: Report
https://www.bankinfosecurity.com/ta505-apt-group-returns-new-techniques-report-a-13678
Fake Coronavirus Messages Spreading Emotet Infections
https://www.bankinfosecurity.com/fake-coronavirus-messages-spreading-emotet-infections-a-13675
Judge Rules Insurer Must Pay for Ransomware Damage
https://www.bankinfosecurity.com/judge-rules-insurer-must-pay-for-ransomware-damage-a-13673
AZORult Campaign Adopts Novel Triple-Encryption Technique
https://threatpost.com/azorult-campaign-encryption-technique/152508/
Analysis of a triple-encrypted AZORult downloader
https://isc.sans.edu/forums/diary/Analysis+of+a+tripleencrypted+AZORult+downloader/25768/
Mysterious New Ransomware Targets Industrial Control Systems
https://www.wired.com/story/ekans-ransomware-industrial-control-systems/
Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries
https://www.fortinet.com/blog/threat-research/another-metamorfo-variant-targeting-customers-of-financial-institutions.html
NIST Drafts Guidelines for Coping With Ransomware
https://www.bankinfosecurity.com/nist-drafts-guidelines-for-coping-ransomware-a-13679
Judge Rules Insurer Must Pay for Ransomware Damage
https://www.bankinfosecurity.com/judge-rules-insurer-must-pay-for-ransomware-damage-a-13673
Emotet Malware Alert Sounded by US Cybersecurity Agency
https://www.bankinfosecurity.com/emotet-malware-alert-sounded-by-us-cybersecurity-agency-a-13640
Emotet Gets Ready for Tax Season With Malicious W-9 Forms
https://www.bleepingcomputer.com/news/security/emotet-gets-ready-for-tax-season-with-malicious-w-9-forms/
Emotet Gears Up to File (Your) Taxes
https://cofense.com/emotet-gears-file-taxes/
Updated FTCODE Ransomware Now Steals Credentials, Passwords
https://www.bankinfosecurity.com/updated-ftcode-ransomware-now-steals-credentials-passwords-a-13638
DoppelPaymer Ransomware Gang Threatens to Dump Victims' Data
https://www.bankinfosecurity.com/doppelpaymer-ransomware-gang-threatens-to-dump-victims-data-a-13683
【2020/2/4】ばらまき型攻撃メール(Emotet)に関する注意喚起
https://www.cc.uec.ac.jp/blogs/news/2020/02/20200204malwareemotet.html
Bitbucket平台被用來散布惡意程式,感染電腦超過50萬
https://www.ithome.com.tw/news/135676
Malware stew cooked up on Bitbucket, deployed in attacks worldwide
https://www.zdnet.com/article/malware-stew-cooked-up-on-bitbucket-deployed-in-attacks-worldwide/#ftag=RSSbaffb68
Malware and ransomware attack volume down due to more targeted attacks
https://www.helpnetsecurity.com/2020/02/05/ransomware-attack-volume-down/
Bitbucket Abused to Infect 500,000+ Hosts with Malware Cocktail
https://www.bleepingcomputer.com/news/security/bitbucket-abused-to-infect-500-000-hosts-with-malware-cocktail/#.XjqKXqNrnow.twitter
Microsoft says it detects 77,000 active web shells on a daily basis
https://www.zdnet.com/article/microsoft-says-it-detects-77000-active-web-shells-on-a-daily-average/#ftag=RSSbaffb68
Ghost in the shell: Investigating web shell attacks
https://www.microsoft.com/security/blog/2020/02/04/ghost-in-the-shell-investigating-web-shell-attacks/
Emotet Gets Ready for Tax Season With Malicious W-9 Forms
https://www.bleepingcomputer.com/news/security/emotet-gets-ready-for-tax-season-with-malicious-w-9-forms/
Android Banking Malware
https://maxkersten.nl/wp-content/uploads/2020/02/SecureID_AndroidBankingMalware_ENG.pdf
Malware stew cooked up on Bitbucket, deployed in attacks worldwide
https://www.zdnet.com/article/malware-stew-cooked-up-on-bitbucket-deployed-in-attacks-worldwide/
THE HOLE IN THE BUCKET: ATTACKERS ABUSE BITBUCKET TO DELIVER AN ARSENAL OF MALWARE
https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
WHY IS EMOTET SO POPULAR AND WHO IS IT TARGETING NOW
https://www.cybereason.com/blog/why-is-emotet-so-popular-and-who-is-it-targeting-now
New Lemon Duck Malware Campaign Targets IoT, Large Manufacturers
https://threatpost.com/lemon-duck-malware-targets-iot/152596/
Mailto (NetWalker) Ransomware Targets Enterprise Networks
https://www.bleepingcomputer.com/news/security/mailto-netwalker-ransomware-targets-enterprise-networks/
New Ransomware Strain Halts Toll Group Deliveries
https://www.bleepingcomputer.com/news/security/new-ransomware-strain-halts-toll-group-deliveries/
Oscar Nominated Movies Featured in Phishing, Malware Attacks
https://www.bleepingcomputer.com/news/security/oscar-nominated-movies-featured-in-phishing-malware-attacks/#.Xjy-LoMWK7M.twitter
CamuBot Resurfaces With Cross-Channel, Targeted Attacks in Brazil
https://securityintelligence.com/posts/camubot-resurfaces-with-cross-channel-targeted-attacks-in-brazil/
Banks being targeted with major malware campaign
https://www.techradar.com/news/banks-being-targeted-with-major-malware-campaign
Emotet attacks— a spike to start the year
https://www.menlosecurity.com/blog/emotet-attacks-a-spike-to-start-the-year
Coronavirus Campaigns Spread Emotet, Malware
https://threatpost.com/coronavirus-propagate-emotet/152404/
B.行動安全 / iPhone / Android /穿戴裝置 /App
蘋果走下資安強者神壇?鑑識探員:安卓手機已比iPhone更難破解
https://www.ettoday.net/news/20200202/1636183.htm
手機恐成防疫漏洞!螢幕含菌量比馬桶座多3.5倍 3步驟做好清潔
http://bit.ly/2Op8jFE
居家隔離手機揭秘!「遙控相機+定位」 電子柵欄遠端監控
https://www.setn.com/News.aspx?NewsID=682680
APP被黑客攻擊導致數據篡改洩露如何滲透測試漏洞與修復解決
https://www.admin5.com/article/20200204/942795.shtml
一個時代輝煌時代的結束!黑莓手機宣布 2020 年 8 月底停產
https://finance.technews.tw/2020/02/04/blackberry-mobile-will-stop-being-sold-in-august-2020/
美國愛荷華州民主黨初選計票當機,一支App惹的禍
https://www.ithome.com.tw/news/135664
Android 用戶有下載快刪掉!Google Play 遭爆有 24 款「惡意」App
https://3c.ltn.com.tw/news/39430
臉書修補WhatsApp允許駭客存取本地端檔案系統的安全漏洞
https://ithome.com.tw/news/135671
桌面版 WhatsApp 應用的漏洞讓駭客能遙距存取檔案
http://bit.ly/36Xnmgc
你的隱私真的安全嗎?社交平台出包 駭客利用漏洞取得用戶電話
https://times.hinet.net/news/22770263
今年該注意會讓你破財的四款假應用程式
https://blog.trendmicro.com.tw/?p=63316
FCC: Wireless Carriers Violated Law by Sharing Location Data
https://www.bankinfosecurity.com/fcc-wireless-carriers-violated-law-by-sharing-location-data-a-13677
How to Clear Data Facebook Collects About You from Other Sites and Apps
https://thehackernews.com/2020/01/off-facebook-activity-data.html
Android alert: New malware can break a smartphone when you try and delete it
https://www.express.co.uk/life-style/science-technology/1233133/Android-warning-malware-preinstalled-breaks-phone-January-26
6 Suspects Arrested in Maltese Bank Hacking Heist
https://www.bankinfosecurity.com/6-suspects-arrested-in-maltese-bank-hacking-heist-a-13674
Twitter says an attacker used its API to match usernames to phone numbers
https://www.zdnet.com/article/twitter-says-an-attacker-used-its-api-to-match-usernames-to-phone-numbers/#ftag=RSSbaffb68
Twitter Warns API Flaw Abuse May Have Unmasked Users
https://www.bankinfosecurity.com/twitter-warns-api-flaw-abuse-may-have-unmasked-users-a-13680
Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users
https://thehackernews.com/2020/02/find-twitter-phone-number.html
Analysis: New Details on the Hacking of Jeff Bezos' iPhone
https://www.bankinfosecurity.com/interviews/analysis-new-details-on-hacking-jeff-bezos-iphone-i-4585
Mobile Banking malware on the rise: How is WhatsApp related
https://en.secnews.gr/210307/malware-whatsapp-banking-klopi/
Apple Caves In to FBI Demand for Backdoor Access
https://www.theadvocates.org/2020/01/apple-caves-in-to-fbi-demand-for-backdoor-access/
Malicious Optimizer and Utility Android Apps on Google Play Communicate with Trojans that Install Malware, Perform Mobile Ad Fraud
http://bit.ly/2OvFgjK
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
左耳朵耗子:疫情下的遠程辦公,聊聊我的經驗和實踐
https://mp.weixin.qq.com/s/frMxPrhg9TjqcS_aSJMnVQ
「社群媒體漏洞」黑市價格曝光!2020資安6大戰場…電商購物車付款資料也被偷
https://www.bnext.com.tw/article/56446/checkpoint-cybersecurity-socialmedia
以色列一所大學的研究發現,只需要透過追蹤電腦螢幕的亮度就能盜取其中的數據
http://bit.ly/2usAHjj
武漢肺炎爆發,需常到中國出差的企業怎麼辦?四大會計師事務所這樣做
https://www.businessweekly.com.tw/international/blog/3001676
武漢肺炎同名之累?桃市武漢國中官網遭駭
http://bit.ly/398RXsP
360:捕獲疫情相幹攻擊案例 駭客組織來自印度
https://ek21.com/news/tech/176482/
印度 APT 組織趁火打劫對我國醫療機構發起定向攻擊!無恥
https://www.chainnews.com/zh-hant/articles/786387450134.htm
安全廠商:全球百大國際機場僅3家通過所有資安檢測
https://www.ithome.com.tw/news/135663
安全人員發現以色列政府DNS服務器存在Open SSH安全漏洞
https://www.cnbeta.com/articles/soft/939923.htm
NEC網路遭駭,2.8萬份檔案疑遭存取
https://ithome.com.tw/news/135637
駭客運用 NSC 智慧建築存取控制系統漏洞,發動遍布上百國、數萬起 DDoS 攻擊
https://technews.tw/2020/02/03/hackers-are-hijacking-smart-building-access-systems-to-launch-ddos-attacks/
Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks
https://securityaffairs.co/wordpress/97226/hacking/nsc-linear-emerge-e3-hack.html
駭伺服器盜取NS機密的駭客 被發現是戀童
https://pttcomic.com/c_question/M.1580733097.A.30F.html
竊取任天堂機密的21歲駭客,經FBI調查發現持有大量兒童色情檔案
https://game.udn.com/game/story/10453/4321052
Nintendo hacker pleads guilty
https://www.zdnet.com/article/nintendo-hacker-pleads-guilty/#ftag=RSSbaffb68
LINEAR EMERGE E3 ACCESS CONTROLLER ACTIVELY BEING EXPLOITED
https://securitynews.sonicwall.com/xmlpost/linear-emerge-e3-access-controller-actively-being-exploited/
1個英文字母 害公司慘虧千萬
https://udn.com/news/story/7321/4316327
《李忠憲專欄》武漢肺炎:資安與防疫
https://taronews.tw/2020/01/31/599680/
日NEC遭駭 2.7萬份文件被盜
https://www.ydn.com.tw/News/371190
聯中欺台引爆全球怒火!聯合國官網遭大批駭客改成感謝台灣專頁
http://bit.ly/387aNAk
台灣難波萬!國際駭客出征UN網站貼挺台頁面 逾14小時才被下架
http://tag.analysis.tw/news/apple/1252283/
外媒取得聯合國內部機密文件 揭隱瞞遭受黑客攻擊事故
http://bit.ly/2vIkXcr
聯合國掩飾被駭惹人非議,人權分子被迫暴露在危險情境
http://bit.ly/2tiSTeK
聯合國驚傳遭大規模駭侵攻擊
https://www.twcert.org.tw/tw/cp-104-3284-59ccc-1.html
聯合國人權辦公室駭侵事件,源於微軟 SharePoint 已公開的資安漏洞
https://www.twcert.org.tw/tw/cp-104-3289-4b14c-1.html
資安仍「無法」保障 肯亞「生物辨識」身分證喊卡
https://news.ltn.com.tw/news/world/breakingnews/3054019
民主黨總統初選的「愛荷華當機慘案」:開票失敗的數位政治大爆炸
https://global.udn.com/global_vision/story/8662/4320874
消息稱FBI正調間諜軟體公司NSO 或入侵貝索斯手機
https://news.sina.com.tw/article/20200131/34108718.html
五角大廈網安標準上線 承包商分5級
https://www.ydn.com.tw/News/371445
美國國防部將開始要求承包商必須具備網路安全認證
https://www.ithome.com.tw/news/135658
涉洩飛彈機密給中共 雷神華裔僱員被捕
http://bit.ly/2Se5Tux
日本國防相關企業紛傳遭中國駭
https://pourquoi.tw/2020/02/07/intlnews-neasia-200131-200206-1/
企業のサイバー攻撃 “過去にさかのぼって報告を” 経済産業省
https://www3.nhk.or.jp/news/html/20200131/k10012268141000.html
NECもやられた。サイバー攻撃で「狙われる日本」
https://jbpress.ismedia.jp/articles/-/59190?page=4
日本ハッカー協会杉浦氏が OSINT を解説、メールアドレスでここまで情報が入手可能
https://scan.netsecurity.ne.jp/article/2020/01/29/43598.html
「ハッカーが活躍できる社会を作る」2年間の成果とこれからの展望…日本ハッカー協会独占インタビュー
https://scan.netsecurity.ne.jp/article/2020/01/28/43594.html
Exclusive: FBI probes use of Israeli firm's spyware in personal and government hacks - sources
https://reut.rs/2uVwUuG
Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers
https://thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html
Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs
https://thehackernews.com/2020/01/managed-cybersecurity-services.html
ISRO, SEBI, Other Govt Email Accounts Breached In Hack
https://inc42.com/buzz/isro-sebi-other-govt-email-accounts-breached-in-hack/
ISRO, MEA, Nuclear Scientists Among 3,000 Breached Govt Email IDs
https://www.thequint.com/news/india/ministry-of-external-affairs-isro-barc-breached-thousands-government-mails-cybersecurity
The Chicken Keeps Laying New Eggs: Uncovering New GC MaaS Tools Used By Top-tier Threat Actors
https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9
Geopolitical Tensions May Increase Risk of Destructive Attacks
https://www.symantec.com/blogs/threat-intelligence/tensions-iran-destructive-attacks
The CIA’s Infamous, Unsolved Cryptographic Puzzle Gets a ‘Final Clue’
https://www.vice.com/en_us/article/3a8k93/the-cias-infamous-unsolved-cryptographic-puzzle-gets-a-final-clue
TA505 APT Group Returns With New Techniques: Report
https://www.bankinfosecurity.com/ta505-apt-group-returns-new-techniques-report-a-13678
FCC: Wireless Carriers Violated Law by Sharing Location Data
https://www.bankinfosecurity.com/fcc-wireless-carriers-violated-law-by-sharing-location-data-a-13677
Hackers Target European Energy Firm: Researchers
https://www.bankinfosecurity.com/hackers-target-european-energy-firm-researchers-a-13645
Documents Describe US Cyber Command's Campaign to Hack ISIS
https://www.bankinfosecurity.com/documents-describe-us-cyber-commands-campaign-to-hack-isis-a-13637
Top Secret documents show Cyber Command's growing pains in its mission against ISIS
https://www.cyberscoop.com/cyber-command-pentagon-counter-isis-glowing-symphony-foia/
The duke of URL: Zoom meetups' info leaked out through eavesdrop hole
https://www.theregister.co.uk/2020/01/28/zoom_eavesdrop_hack/
Teen takes down ISP with DDoS attacks to get info on one of its subscribers
https://www.zdnet.com/article/teen-takes-down-isp-with-ddos-attacks-to-get-info-on-one-of-its-subscribers/#ftag=RSSbaffb68
Electric scooters vulnerable to remote hacks
https://www.welivesecurity.com/2020/02/04/electric-scooters-vulnerable-remote-hacks/
Anonymous creates pro-Taiwan page inside UN website
https://www.taiwannews.com.tw/en/news/3871244?
All you need to know about Darkweb markets
https://hackernewsdog.com/darkweb-markets-search-engines/
How the B-Team watches over Australia's encryption laws and cybersecurity
https://www.zdnet.com/article/how-the-b-team-watches-over-australias-encryption-laws-and-cybersecurity/#ftag=RSSbaffb68
Japanese Defense Contractors Kobe Steel, Pasco Disclose Breaches
https://www.bleepingcomputer.com/news/security/japanese-defense-contractors-kobe-steel-pasco-disclose-breaches/#.Xjy-WX5wEiQ.twitter
Porn Sites Suffer Highest Number of DDoS Attacks
https://www.infosecurity-magazine.com/news/porn-sites-suffer-highest-number/
Charming Kitten Uses Fake Interview Requests to Target Public Figures
https://threatpost.com/charming-kitten-uses-fake-interview-requests-to-target-public-figures/152628/
駐點資安工程師(約聘)南投縣南投市
https://www.104.com.tw/job/6uwui
北市府釋出150個職缺 2/3-2/10報名
http://bit.ly/2RYJmTT
資深資安工程師(台北)
https://www.104.com.tw/job/6uzk2
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
被爆賣用戶個資!全球第五大病毒防護商Avast,火速收掉問題子公司
https://www.bnext.com.tw/article/56424/avast-jumpshot-subsidiary-suspended-data-collection-selling
近十二億張醫療影像在網路上曝光,而且全無保護
https://www.twcert.org.tw/tw/cp-104-3283-1b4d1-1.html
趁武漢肺炎口罩之亂, 全聯遭冒用,詐騙集團成立多個假粉專騙個資
https://blog.trendmicro.com.tw/?p=63281
口罩之亂!粉專「留言就送一盒」 專家提醒:詐騙集團騙個資
http://bit.ly/31ul1sd
高額電話詐騙案年年狂增 美司法部開第一槍要求電信商負擔責任
https://cnews.com.tw/137200204a05/
誆駭客技術可追回遭詐騙款項 警籲勿遭「二次詐騙」
https://tw.news.appledaily.com/local/20200206/UHXXVMQ4XX4LQX5BHRQJPK6PYU/
虛擬帳戶成詐騙工具 警:個資外流小心成幫助犯
https://news.ltn.com.tw/news/society/breakingnews/3059101
有夠衰!詐團假裝司法機關 同個被害人「被騙錢2次」
https://www.setn.com/News.aspx?NewsID=684677
詐騙新招!網路交友遇連環騙 騙稱可找駭客追回騙款剝兩次皮
https://news.ltn.com.tw/news/society/breakingnews/3059679
隱私相片竟被傳到他人相簿中?雲端相簿超離譜漏洞讓用戶資安拉警報
https://news.sina.com.tw/article/20200206/34154982.html
Yahoo史上最大個資外洩事件賠償方案出爐!收到通知郵件的用戶可採取4種方案
https://www.ettoday.net/news/20200207/1640218.htm
「健保卡被鎖卡」領不到口罩! 486先生破解荒謬騙術…1.4萬人推爆:真的有接到
https://star.ettoday.net/news/1640114
趁武漢肺炎口罩之亂, 全聯遭冒用,詐騙集團成立多個假粉專騙個資
https://blog.trendmicro.com.tw/?p=63281
這些臉書粉絲團都是假的,五招避免上當
https://blog.trendmicro.com.tw/?p=60197
Pabbly Email Marketing Exposes 51.2 Million Records Online
https://securitydiscovery.com/pabbly-email-marketing/
Singapore, Malaysia clamp down on online falsehoods about coronavirus
https://www.zdnet.com/article/singapore-malaysia-clamp-down-on-online-falsehoods-about-coronavirus/
Would you get hooked by a phishing scam? Test yourself
https://www.welivesecurity.com/2020/02/03/would-you-get-hooked-phishing-scam-test-yourself/
Ashley Madison: The Impact of Some Data Breaches Is Forever
https://www.bankinfosecurity.com/blogs/ashley-madison-impact-some-data-breaches-forever-p-2859
POS Vendor for Cannabis Dispensaries Exposed Data: Report
https://www.bankinfosecurity.com/pos-vendor-for-cannabis-dispensaries-exposed-data-report-a-13643
Report: Cannabis Users’ Sensitive Data Exposed in Data Breach
https://www.vpnmentor.com/blog/report-thsuite-breach/
FBI Warns: Beware of Spoofed Job Application Portals
https://www.bankinfosecurity.com/fbi-warns-beware-spoofed-job-application-portals-a-13641
Security risks for e-scooters and riders exposed
https://www.helpnetsecurity.com/2020/01/28/e-scooters-risks/
FBI Issues Valentine Romance Scam Warning
https://www.infosecurity-magazine.com/news/fbi-issues-valentine-romance-scam/
E.研究報告
Windows 如何透過 VirtualBox 安裝 macOS Catalina 虛擬機? 5 個步驟輕鬆完成
https://www.kocpc.com.tw/archives/305342
[原創]CVE-2019-1215分析筆記
https://bbs.pediy.com/thread-257435.htm
OpenWRT 曝遠程代碼執行漏洞
https://www.chainnews.com/zh-hant/articles/896869389932.htm
超過20萬個WordPress網站受到插件中CSRF漏洞影響
https://nosec.org/home/detail/4060.html
CVE-2020-8417:WP Code Snippets CSRF RCE漏洞
https://www.4hou.com/posts/GQO3
Apache Software Foundation 發布2019 年安全報告
https://www.cnbeta.com/articles/tech/938093.htm
自動發現IDOR(越權)漏洞的方法:使用BurpSuite中的Autozie和Autorepeater插件來檢測和識別IDOR漏洞
https://www.023niu.com/show-64-400-1.html
文件上傳漏洞原理及其攻擊思路
https://juejin.im/post/5e33f0c66fb9a0300052c2bc
thinkphp6 session 任意文件創建漏洞復現含POC
https://zhuanlan.zhihu.com/p/104473609
挖洞經驗| PayPal驗證碼質詢功能(reCAPTCHA Challenge)存在的用戶密碼洩露漏洞
https://www.freebuf.com/vuls/225330.html
CVE-2020-8417:WP Code Snippets CSRF RCE 漏洞
https://www.chainnews.com/zh-hant/articles/136770718489.htm
遠程雲端執行(RCE):Azure雲架構中的漏洞分析(Part 1)
https://www.anquanke.com/post/id/197713
遠程雲端執行(RCE):Azure雲架構中的漏洞分析(Part 2)
https://www.anquanke.com/post/id/197743
自動掃描漏洞的黑客工具!Web漏洞掃描技巧篇
http://bit.ly/370SpaQ
在Tesla Model S 上實現Wi-Fi 協議棧漏洞的利用
https://paper.seebug.org/1106/
物聯網安全系列之遠程破解Google Home
https://paper.seebug.org/1111/
ATT&CK 之防御逃逸
https://paper.seebug.org/1103/
CVE-2020-7799 : Apache FreeMarker模板FusionAuth遠程代碼執行漏洞通告
https://cert.360.cn/warning/detail?id=207275e27a6e7ee85a43a6eb5cf5fc69
0-day漏洞,1-day漏洞,n-day漏洞各自是什麼意思
https://blog.csdn.net/weixin_42859280/article/details/104157806
Wine 5.0正式版本釋出,支援Vulkan 1.1、XAudio2強化影音表現
https://www.techbang.com/posts/75934-wine-50-official-release-support-for-vulkan-11-xaudio2-enhanced-audio-and-video-performance
Foxit PhantomPDF HTML2PDF HTML解析釋放後重利用代碼執行漏洞(CVE-2018-17691)
https://aliyunnew.com/a/CVE-2018-17691.html
CVE-2019-19781 遠程代碼執行漏洞深入分析
https://paper.seebug.org/1117/
安卓技巧CVE 2017-13287復現分析
https://www.anquanke.com/post/id/197710
Loader.io – 免費線上壓力測試工具,檢測網站主機的負載能力
https://techmoon.xyz/loader-io/
Introduction to mobile network intrusions from a mobile phone
https://medium.com/mobile-stacks-and-networks-security/introduction-to-mobile-network-intrusions-from-a-mobile-phone-9a8e909cc276
Hitcon Traning Lab10做題筆記-UAF突破分析
https://xz.aliyun.com/t/7146
HITCON-Training
https://github.com/scwuaptx/HITCON-Training
Open Source Intelligence (OSINT)
https://www.hackers-arise.com/osint
LeakCanary is a memory leak detection library for Android
https://github.com/square/leakcanary
Burpsuite Intruder payload
https://github.com/1N3/IntruderPayloads
Rich headers: leveraging the mysterious artifact of the PE format
http://bit.ly/3b0MdD4
Winnti Group targeting universities in Hong Kong
https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/
Abusing DLL Misconfigurations — Using Threat Intelligence to Weaponize R&D
http://bit.ly/2GHIg8o
Increasing Enterprise Visibility: Integrated Defense with Mitre ATT&CK
https://pentestmag.com/increasing-enterprise-visibility-integrated-defense-with-mitre-attck/
Expanding the Attack Surface: React Native Android Applications
https://blog.assetnote.io/bug-bounty/2020/02/01/expanding-attack-surface-react-native/
APT34: Glimpse project
https://marcoramilli.com/2019/05/02/apt34-glimpse-project/
exploitdb-bin-sploits
https://github.com/offensive-security/exploitdb-bin-sploits
EKFiddle v.0.9.5
https://github.com/malwareinfosec/EKFiddle
Exploiting The Entity: XXE (XML External Entity Injection)
https://pentestmag.com/exploiting-the-entity-xme-xml-external-entity-injection/
Emotet detection tool for Windows OS
https://github.com/JPCERTCC/EmoCheck
Tech Support Scam Hitting Microsoft Edge Start Page Takes a Break
https://www.bleepingcomputer.com/news/security/tech-support-scam-hitting-microsoft-edge-start-page-takes-a-break/#.XjcMaUDcsv4.twitter
Penta - Open Source All-In-One CLI Tool To Automate Pentesting
https://hakin9.org/penta-open-source-all-in-one-cli-tool-to-automate-pentesting/
TeamViewer
https://whynotsecurity.com/blog/teamviewer/
The Social-Engineer Toolkit (SET)
https://github.com/TrustedSec/social-engineer-toolkit
Red Teamer’s Cookbook: BYOI (Bring Your Own Interpreter)
https://www.blackhillsinfosec.com/red-teamers-cookbook-byoi-bring-your-own-interpreter/
DVNA - Damn Vulnerable NodeJS Application
https://www.kitploit.com/2020/02/dvna-damn-vulnerable-nodejs-application.html
Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations
https://unit42.paloaltonetworks.com/actors-still-exploiting-sharepoint-vulnerability/
Escalating Privileges with CylancePROTECT
https://www.atredis.com/blog/cylance-privilege-escalation-vulnerability
Integrating Defender ATP with Azure Sentinel to detect Pass-The-Hash & Pass-The-Ticket
https://identityaccess.management/2020/02/04/integrating-defender-atp-with-azure-sentinel-to-detect-pass-the-hash-pass-the-ticket/
Adding a Backdoor to AD in 400 Milliseconds
https://www.secframe.com/blog/persistence-in-400-milliseconds?utm_content=115078011
namevariation
https://github.com/jakecreps/namevariation
Cross Site Scripting (XSS)
https://hackersonlineclub.com/cross-site-scripting-xss/
Attack-Surfaces-Tools-and-Techniques
https://github.com/The-Art-of-Hacking/h4cker/blob/master/cheat_sheets/Attack-Surfaces-Tools-and-Techniques.pdf
QuasarRAT
https://github.com/quasar/QuasarRAT
WHAT YOU NEED TO KNOW: "SNIPR" CREDENTIAL STUFFING TOOL
https://blogs.akamai.com/2018/03/what-you-need-to-know-snipr-credential-stuffing-tool.html
The Chicken Keeps Laying New Eggs: Uncovering New GC MaaS Tools Used By Top-tier Threat Actors
https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9
The OSINT-ification of ISIS on the Dark Web
http://bit.ly/39aFNj6
Bypassing Windows User Account Control
https://www.peerlyst.com/posts/bypassing-windows-user-account-control-ian-barwise?trk=explore_page_posts_featured_feed_entry
A brief introduction to malware analysis
https://www.peerlyst.com/posts/a-brief-introduction-to-malware-analysis-kimberly-crawley?trk=explore_page_posts_featured_feed_entry
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)
https://github.com/m0nad/Diamorphine
How to catch a cybercriminal: Tales from the digital forensics lab
https://www.welivesecurity.com/2020/02/05/how-catch-cybercriminal-tales-digital-forensics-lab/
security webcams hacking way too easy
https://hackingpassion.com/security-webcam-hacking-way-too-easy/
How To Quickly Run a Basic Security Audit Against Docker & Secure the Docker Daemon
https://pentestmag.com/how-to-quickly-run-a-basic-security-audit-against-docker-secure-the-docker-daemon/
An evil RAT (Remote Administration Tool) for macOS / OS X.
https://github.com/Marten4n6/EvilOSX
Penetration Testing Platform
https://github.com/jeffzh3ng/fuxi
UFONet - Denial of Service Toolkit
https://github.com/epsylon/ufonet
OpendoorCDN Skimmer Analysis Continued
https://www.goggleheadedhacker.com/blog/post/15
Termshark 2.1v Released – Wireshark Based UI
https://hackersonlineclub.com/termshark-2-1v-released-wireshark-based-ui/
Blue Team Architecture and Analysis - Part 1
https://www.peerlyst.com/posts/blue-team-architecture-and-analysis-part-1-j-geno
Blue Team Architecture and Analysis - Part 2, Guide to the Part 1 Document
https://www.peerlyst.com/posts/blue-team-architecture-and-analysis-part-2-guide-to-the-part-1-document-j-geno
Blue Team Architecture and Analysis - Part 3, Coverage Assessment Map
https://www.peerlyst.com/posts/blue-team-architecture-and-analysis-part-3-coverage-assessment-map-j-geno
Heartbleed Discovery and Exploit
https://linuxsecurityblog.com/2020/02/01/heartbleed-discovery-and-exploit/
FTP Backdoor Command Execution
https://medium.com/@server107/ftp-backdoor-command-execution-9a95973c02a3
Threat Research STOMP 2 DIS: Brilliance in the (Visual) Basics
https://www.fireeye.com/blog/threat-research/2020/01/stomp-2-dis-brilliance-in-the-visual-basics.html
The TIDoS Framework - The Offensive Manual Web Application Penetration Testing Framework
https://hakin9.org/the-tidos-framework-the-offensive-manual-web-application-penetration-testing-framework/
How to Design a Web Application: Software Architecture 101
https://dev.to/educative/how-to-design-a-web-application-software-architecture-101-188b
Mercure is a tool for security managers who want to train their colleague to phishing
https://github.com/atexio/mercure
Phishing_Kits
https://github.com/JoulioK/Phishing_Kits/tree/master/chase.com.andrewlewisdesign.com
celerystalk
https://github.com/sethsec/celerystalk
Artifical Intelligence Suite for Android Application Security
https://github.com/haroonawanofficial/flameapk
F.商業
是德科技 Ixia 部門加入 IBM Security App Exchange 社群
https://news.sina.com.tw/article/20200131/34109922.html
Google 開源支援 FIDO2 的 OpenSK,助硬體業者加速採納二階段認證機制
http://bit.ly/2S91Rnh
Sophos推出Intercept X for Mobile可防禦騙錢軟體
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&id=577284
防疫帶動異地辦公需求 中華電助陣
https://money.udn.com/money/story/5612/4324151
全景攜手CyberArk 守護特權帳號
https://www.chinatimes.com/newspapers/20200207000513-260210?chdtv
訊舟推出硬體加密SecuBox 強化第三方雲端監控安全
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000577498_J915EZ608M8VNL9OP3W4D
Zyxel launches ZyWALL VPN1000 VPN Firewall, an all-in-one security solution for SMBs
https://www.helpnetsecurity.com/2020/02/04/zyxel-zywall-vpn1000-vpn-firewall/
Trend Micro and Baker Hughes collaborate to help deliver protection for critical infrastructure
https://www.helpnetsecurity.com/2020/02/04/trend-micro-baker-hughes/
VPNs will change forever with the arrival of WireGuard into Linux
https://www.zdnet.com/article/vpns-will-change-forever-with-the-arrival-of-wireguard-into-linux/#ftag=RSSbaffb68
Neo4j 4.0 adds enterprise Fabric to its graph database
https://www.zdnet.com/article/neo4j-4-0-adds-enterprise-fabric-to-its-graph-database/#ftag=RSSbaffb68
Breaking the Discovery Protocols of the Enterprise of Things
https://go.armis.com/hubfs/White-papers/Armis-CDPwn-WP.pdf
Google's OpenSK lets you BYOSK – burn your own security key
https://www.theregister.co.uk/2020/02/04/security_key_google_opensk/
The Swiss Army knife for automated Web Application Testing
https://github.com/jaeles-project/jaeles
G.政府
行政院技術服務中心資安威脅趨勢與案例分享
http://bit.ly/2PJPKfh
行政院技術服務中心108年網路攻防演練暨資安檢測重要發現事項
http://bit.ly/38E64XJ
政府雲端應用正起飛 導航IT產業新高峰 (資安人科技網專訪)
https://bost.ey.gov.tw/Page/5E4F83982214BC6/dab20f7d-7d3d-4c7a-9c11-8aded295784d
參加外交部紐澳駐外館處資安健檢
https://report.nat.gov.tw/ReportFront/ReportDetail/detail?sysId=C10803307
[公告] 資安專業人才培育 | 109年度培訓課程甄選開始
https://www.acw.org.tw/News/Detail.aspx?id=116
H.工控系統/SCADA/ICS
Touch panels deployed in critical infrastructure vulnerable to remote attacks
https://www.helpnetsecurity.com/2020/02/05/cve-2020-6969/
ICS Advisory (ICSA-20-035-01) AutomationDirect C-More Touch Panels
https://www.us-cert.gov/ics/advisories/icsa-20-035-01
ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path
https://www.exploit-db.com/exploits/48009
SCADA/ICS Hacking
https://www.hackers-arise.com/scada-hacking
I.教育訓練
PHP命令執行漏洞基礎
https://www.cnblogs.com/xhds/p/12250975.html
DVWA靶機--簡單的文件上傳漏洞
http://shangdixinxi.com/detail-1274054.html
網站圖片、文件上傳功能漏洞筆記
https://www.cnblogs.com/Dpkg/p/12254524.html
異形般強大的監控系統:Prometheus 掌控主機、VM、容器及 K8S
https://www.tenlong.com.tw/products/9789865501167
Incident Response Metrics to Measure the Maturity of a Cybersecurity Program
http://bit.ly/3baI9QJ
一款由Node.js打造的WEB漏洞測試平台:DVNA
https://zhuanlan.zhihu.com/p/105003724
Remote Exploitation 101: Vulnerable Database
https://ctfthemes.appspot.com/
關於紅外線控制的那些事
http://bit.ly/2Or4for
HITCON CTF 介紹 - HG 導覽活動
https://www.slideshare.net/HITCONGIRLS/hitcon-ctf-hg
HITCON CTF 2019 特色 - HG 導覽活動
https://www.slideshare.net/HITCONGIRLS/hitcon-ctf-2019-hg
DYNAMIC ARP INSPECTION
https://ipcisco.com/lesson/dynamic-arp-inspection/
How to Pass OSCP Like Boss
https://medium.com/@parthdeshani/how-to-pass-oscp-like-boss-b269f2ea99d
How to pass the OSCP
https://gist.github.com/unfo/5ddc85671dcf39f877aaf5dce105fac3
OSCP-Archives
https://github.com/CyDefUnicorn/OSCP-Archives/blob/master/README.md
OSCP-Survival-Guide
https://github.com/wwong99/pentest-notes/blob/master/oscp_resources/OSCP-Survival-Guide.md
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
研究員以投影機成功騙過特斯拉 Autopilot 系統
https://technews.tw/2020/01/30/projected-images-can-trick-tesla-autopilot-system/
DJI 剉著等,美國政府宣布正式禁用中國製無人機
http://bit.ly/3b1hRQX
安全性出包!小米智慧攝影機成「鄰居監控器」Google緊急停止合作
https://cnews.com.tw/137200202a02/
台灣唯一Amazon Alexa資安檢測實驗室,安華聯網全面掌握物聯網安全
http://www.pcdiy.com.tw/detail/15214
物聯網漏洞難防 開放接口也會被黑客盯上
https://kknews.cc/tech/y596o6g.html
Philips智慧燈泡漏洞將允許駭客滲透用戶網路
https://www.ithome.com.tw/news/135679
Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers
https://thehackernews.com/2020/02/philips-smart-light-bulb-hacking.html
The Dark Side of Smart Lighting: Check Point Research Shows How Business and Home Networks Can Be Hacked from a Lightbulb
http://bit.ly/398wSi4
6.近期資安活動及研討會
Taipei Rails Meetup 2/11
https://www.meetup.com/rails-taiwan/events/dlgzljybcdbpb/
高雄 Rails Meetup 2/12
https://www.meetup.com/rails-taiwan/events/qxfvjkybcdbqb/
讓遠端工作機會成為你的職場跳板 2/12
https://www.meetup.com/TaipeiWomeninTech/events/268501510/
制御システムセキュリティカンファレンス 2020 2020年2月14日
https://www.jpcert.or.jp/event/ics-conference2020.html
【板橋/2020二月】WordPress #歡迎你來聚 2/15
https://www.meetup.com/Taipei-WordPress/events/268347650/
【課程】金融大數據分析平台實作,使用Python實作網路爬蟲,快速有效獲取必要資訊,打造自動化分析工具 2/15
https://www.techbang.com/tags/19419
Taipei Rails Meetup 2/18
https://www.meetup.com/rails-taiwan/events/dlgzljybcdbxb/
高雄 Rails Meetup 2/19
https://www.meetup.com/rails-taiwan/events/qxfvjkybcdbzb/
人工智慧小聚 - 新竹 2/19
https://www.meetup.com/AIA-Hsinchu/events/267801851/
Android Code Club(Taipei) 2/19
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcdbzb/
Certificate of Cloud Security Knowledge (CCSK) Plus 2/23 ~ 2/24
https://csacongress.org/event/csa-summit-at-rsa-conference-2020/
連網設備的資安風險與信任管理策略 2/25
https://www.caa.org.tw/coursedetail-3272.html
第19屆亞太資安論壇 2/25 ~ 2/26
https://www.informationsecurity.com.tw/Seminar/2020_Seminar/all/
Taipei 暗号通貨 (Cryptocurrency) Meetup 2/26
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcdbjc/
Android Code Club(Taipei) 2/26
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcdbjc/
Thinking Thursday 第七場 2/27
https://www.meetup.com/Thinking-Thursday/events/266911452/
邊緣運算介紹與應用 & Let's AIY ( 人工智慧小聚 - Hsinchu#20200304 ) 3/4
https://www.meetup.com/AIA-Hsinchu/events/267713123/
Android Code Club(Taipei) 3/4
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcfbgb/
Monad 細說從頭! FunTh#81 3/5
https://www.meetup.com/Functional-Thursday/events/267683150/
Android Code Club(Taipei) 3/11
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcfbpb/
CYBERSEC 2020 臺灣資安大會 3/17 ~ 3/19
https://cyber.ithome.com.tw/
Scala Taiwan #37 3/18
https://www.meetup.com/Scala-Taiwan-Meetup/events/267899692/
韓國國際安全博覽會 3/18
https://www.twcert.org.tw/tw/cp-105-3230-a3bd4-1.html
數據分析與機器學習案例實務(一)以PM2.5為例 3/23
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3888&from_course_list_url=course_index
Taipei 暗号通貨 (Cryptocurrency) Meetup 3/25
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcfbhc/
black ASIA 2020 Singapore 3/31 ~ 4/3
https://www.blackhat.com/asia-20/briefings/schedule/
Kaspersky® Security Analyst Summit 4/6 ~ 4/9
https://thesascon.com/
邊緣計算系統之大數據與深度學習應用 4/10
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3883&from_course_list_url=course_index
VXCON 2020 - APAC 4/18 ~ 4/19
https://www.vxcon.hk/
2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore 4/21 ~ 4/23
https://www.icscybersecurityconference.com/singapore/
Taipei 暗号通貨 (Cryptocurrency) Meetup 4/22
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcgbdc/
亞太資訊安全論壇暨展覽會 4/22
https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html
Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/
邊緣計算系統之大數據與深度學習應用 6/5
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index
訂閱:
張貼留言 (Atom)
2024年 12 月份資安、社群活動分享
2024年 12 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/3 https://www.meetup.com/taiwan-code-camp/e...
-
2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://b...
-
2024年 2月份資安、社群活動分享 Taipei All About API Meetup Group - Meet and Greet, 01 Feb 2024, 07:00 PM 2024/2/1 https://www.meetup.com/taipei-all-a...
-
2024年 5 月份資安、社群活動分享 資安五四三 2024/5/2 https://csa.kktix.cc/events/202405-543 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/5/2 http...
沒有留言:
張貼留言