跳到主要內容

資安事件新聞週報 2020/2/3 ~ 2020/2/7


資安事件新聞週報 2020/2/3 ~ 2020/2/7

1.重大弱點漏洞/後門/Exploit/Zero Day
思科交換器多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

可取國際(icatch)DVR攝影主機遭網路惡意入侵,煩請儘速確認並進行韌體更新
https://cert.tanet.edu.tw/prog/showrpt.php?id=3566

IBM WebSphere Application Server 阻斷服務狀況漏洞
https://www.ibm.com/support/pages/node/1285372

Fortinet 產品多個漏洞
https://fortiguard.com/psirt/FG-IR-19-013

Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers
https://thehackernews.com/2020/01/openbsd-opensmtpd-hacking.html

Cisco 驚爆重大 CDP 安全漏洞,全球數以百萬計網路裝置拉警報
https://technews.tw/2020/02/06/cisco-flaws-put-millions-of-workplace-devices-at-risk/

思科私有協定CDP遭爆含有5個零時差漏洞,危及數千萬裝置
https://www.ithome.com.tw/news/135697

5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras
https://thehackernews.com/2020/02/cisco-cdp-vulnerabilities.html

Webtareas 2.0 - 'id' SQL Injection
https://www.exploit-db.com/exploits/47959

Patching the Citrix ADC Bug Doesn't Mean You Weren't Hacked
https://www.bleepingcomputer.com/news/security/patching-the-citrix-adc-bug-doesnt-mean-you-werent-hacked/#.Xi22GMNp0EU.twitter

Sudo爆可取得根帳號權限的漏洞
https://www.ithome.com.tw/news/135665

Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root
https://thehackernews.com/2020/02/sudo-linux-vulnerability.html

Vulnerability Spotlight: Denial-of-service, information leak bugs in Mini-SNMPD
https://blog.talosintelligence.com/2020/02/vuln-spotlight-mini-snmpd-feb-2020.html

macOS Catalina 10.15.3修復Apple Mail漏洞 加密郵件不再被看光光
https://www.ettoday.net/news/20200206/1639303.htm

Hackers Exploited Trend Micro Zero-day In Mitsubishi Electric Hack
https://amingosec.blog/2020/02/02/hackers-exploited-trend-micro-zero-day-in-mitsubishi-electric-hack/

RHEL 8 Still Vulnerable to “Magellan 2” SQLite Bugs, as Patches Drop
https://www.cbronline.com/enterprise-it/software/sqlite-vulnerability-red-hat/

Chrome 80出爐了,修補56個安全漏洞
https://ithome.com.tw/news/135670

RIP FTP? File Transfer Protocol switched off by default in Chrome 80
https://www.theregister.co.uk/2020/02/05/ftp_deprecated_chrome/

Google cuts Chrome 'patch gap' in half, from 33 to 15 days
https://www.zdnet.com/article/google-cuts-chrome-patch-gap-in-half-from-33-to-15-days/#ftag=RSSbaffb68

Microsoft Office遠程代碼執行漏洞
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652

qemu-pwn-cve-2015-7504堆重疊細分分析
https://www.anquanke.com/post/id/197638

研究人員揭露海思半導體晶片的後門漏洞
https://www.ithome.com.tw/news/135675

華為旗下海思芯片現漏洞黑客可入侵控製網絡攝錄機
http://bit.ly/39foHAs

Researcher: Backdoor mechanism still active in devices using HiSilicon chips
https://www.zdnet.com/article/researcher-backdoor-mechanism-discovered-in-devices-using-hisilicon-chips/#ftag=RSSbaffb68

Realtek Fixes DLL Hijacking Flaw in HD Audio Driver for Windows
https://www.bleepingcomputer.com/news/security/realtek-fixes-dll-hijacking-flaw-in-hd-audio-driver-for-windows/#.XjoYpcTZ5g8.twitter

Nasty Linux, macOS sudo bug found and fixed
https://www.zdnet.com/article/nasty-linux-macos-sudo-bug-found-and-fixed/#ftag=RSSbaffb68

Linux and macOS PCs hit by serious Sudo vulnerability
https://www.techradar.com/news/linux-and-macos-pcs-hit-by-serious-sudo-vulnerability

廠商釋出 DVR 新版 firmware,以對應先前針對資安漏洞的駭侵攻擊
https://www.twcert.org.tw/tw/cp-104-3301-3594c-1.html

Trend Micro Password Manager內存使用漏洞
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123595.aspx

CVE-2020-7980/Intellian Satellian Aptus Web控制台存在遠程命令執行漏洞
https://qiita.com/shimizukawasaki/items/4b35efce0307c4e2efcd

GitLab CE/EE服務器端請求偽造漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20499

SonicOS權限提升漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7479

The Rise of the Open Bug Bounty Project
https://thehackernews.com/2020/02/open-bug-bounty-project.html

Critical Bluetooth Vulnerability in Android (CVE-2020-0022)
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/

JVN#52486659 Ghostscript におけるアクセス制限回避の脆弱性
https://jvn.jp/jp/JVN52486659/

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
美國連鎖超商 Wawa 三千萬顧客個資被竊
https://www.twcert.org.tw/tw/cp-104-3280-c0eb5-1.html

金融科技創新園區 啟動第三梯招募
https://money.udn.com/money/story/5636/4319463

召開首次董事會LINE Bank估Q3正式營運
https://ec.ltn.com.tw/article/paper/1350305

入侵數千家網路商店的Magecart盜卡組織成員,在印尼被捕
https://blog.trendmicro.com.tw/?p=63308

比讚被偽造指紋 深偽詐騙恐成Fintech資安隱憂
https://money.udn.com/money/story/5613/4325965

新加坡金管局維持貨幣政策立場不變 必要時再放寬
http://bit.ly/3bizxYb

【金融業抗疫對策:金管會】金融業紛紛啟動緊急應變預定對策,保險業更分6級因應武漢肺炎
https://ithome.com.tw/news/135685

協力制定洗防相關法規期待金管會加速溝通
https://www.chinatimes.com/newspapers/20200207000309-260210

Wawa Breach: Hackers Put 30 Million Stolen Payment Card Details for Sale
https://thehackernews.com/2020/01/wawa-credit-card-breach.html

Cyber News Rundown: Magecart Hackers Arrested
https://www.webroot.com/blog/2020/01/31/cyber-news-rundown-magecart-hackers-arrested/

Stolen Payment Card Trafficking Mastermind Pleads Guilty
https://www.bankinfosecurity.com/stolen-payment-card-trafficking-mastermind-pleads-guilty-a-13644

Nigerian banks and rising cyber threats
https://guardian.ng/business-services/nigerian-banks-and-rising-cyber-threats/

금융보안원, 국내 금융권 피싱 공격 배후 분석 결과 발표
https://www.fsec.or.kr/user/bbs/fsec/41/18/bbsDataView/1373.do

국내 금융권 타깃 60만건 피싱메일 보낸 ‘TA505 위협그룹’ 분석 보고서 발표돼
https://www.dailysecu.com/news/articleView.html?idxno=104622

Suspected Magecart Hackers Arrested in Indonesia
https://www.infosecurity-magazine.com/news/suspected-magecart-hackers/#.XjAuDM_6J70.twitter

INTERPOL supports arrest of cybercriminals targeting online shopping websites
https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-supports-arrest-of-cybercriminals-targeting-online-shopping-websites

3.電子支付/電子票證/行動支付/ pay/新聞及資安
行動支付/行動支付身世大解謎
http://times.hinet.net/topic/22770444

4.虛擬貨幣/區塊鍊相關新聞及資安
Kraken 交易所安全部門揭露「Trezor冷錢包」漏洞:僅花 15 分鐘就成功破解駭入
https://www.blocktempo.com/kraken-hacked-trezors-bitcoin-wallets-in-just-15-minutes/

新手幣讀 加密貨幣儲蓄理財方案的七大誤區
https://money.udn.com/money/story/5636/4316585

以太坊隱私交易平台Tornado.cash 因用戶界面漏洞,導致百名用戶信息或遭洩露
https://www.lianshijie.com/news/318238

加密貨幣新用途 烏拉圭獎勵市民回收塑料
http://bit.ly/37Vzsrj

新加坡金管局局長:與中國央行就數字貨幣等展開討論
https://news.sina.com.tw/article/20200203/34124126.html

2019加密貨幣市場的風風雨雨,帶給了我們什麼教訓
https://news.sina.com.tw/article/20200205/34141502.html

馬斯克警告:Twitter加密貨幣騙案已達嚴重程度
http://bit.ly/2UqbHDX

區塊鏈數位貨幣 恆久保存的挑戰
https://www.chinatimes.com/newspapers/20200207000310-260210?chdtv

IMF總裁也關注!對於近期火紅的CBDC,各國央行總裁這麼說
https://news.knowing.asia/news/cd08372a-82f6-4b88-ad49-ecb73fafec62

Bug hunter finds cryptocurrency-mining botnet on DOD network
https://www.zdnet.com/article/bug-hunter-finds-cryptocurrency-mining-botnet-on-dod-network/

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
駭客利用冠狀病毒事件傳播惡意軟體
http://big5.pconline.com.cn/b5/pcedu.pconline.com.cn/1318/13187707.html

去年發送惡意Office檔的駭客,又利用HTML轉址手法散布木馬程式
https://www.ithome.com.tw/news/135612

小心!利用武漢肺炎的病毒與網釣郵件已開始流竄
https://www.ithome.com.tw/news/135613

武漢肺炎疫情通知信,竟是駭客發的
https://blog.trendmicro.com.tw/?p=63326

賺「數位災難財」?駭客利用武漢肺炎恐懼,散播惡意郵件
https://www.inside.com.tw/article/18815-hackers-coronavirus-malware

微軟安全情報:傳奇球星 Kobe 墜機逝世,惡意挖礦程式 CoinHive 透過其圖片桌布偷算力
https://news.xfastest.com/others/76151/microsoft-finds-cryptocurrency-mining-script-in-kobe-bryants-photo/

Ransomware Exploits GIGABYTE Driver to Kill AV Processes
https://www.bleepingcomputer.com/news/security/ransomware-exploits-gigabyte-driver-to-kill-av-processes/#.Xjy-uPMivzQ.twitter

Living off another land: Ransomware borrows vulnerable driver to remove security software
https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/

[Heads-up] Scam Of The Week: Coronavirus Phishing Attacks In The Wild
https://blog.knowbe4.com/heads-up-scam-of-the-week-coronavirus-phishing-attacks-in-the-wild?nCOV-2019-bc-index

Hackers using coronavirus scare to spread Emotet malware in Japan
https://www.techrepublic.com/article/hackers-using-coronavirus-scare-to-spread-emotet-malware-in-japan/

Android Malware Targets Diabetic Patients
https://www.fortinet.com/blog/threat-research/android-malware-targets-diabetic-patients.html

Ransomware hits TV & radio news monitoring service TVEyes
https://www.zdnet.com/article/ransomware-hits-tv-radio-news-monitoring-service-tveyes/#ftag=RSSbaffb68

Coronavirus Campaigns Spread Emotet, Malware
https://threatpost.com/coronavirus-propagate-emotet/152404/

The coronavirus has reached the web, according to Kaspersky
https://www.intelligentcio.com/africa/2020/01/30/the-coronavirus-has-reached-the-web-according-to-kaspersky/

TA505 APT Group Returns With New Techniques: Report
https://www.bankinfosecurity.com/ta505-apt-group-returns-new-techniques-report-a-13678

Fake Coronavirus Messages Spreading Emotet Infections
https://www.bankinfosecurity.com/fake-coronavirus-messages-spreading-emotet-infections-a-13675

Judge Rules Insurer Must Pay for Ransomware Damage
https://www.bankinfosecurity.com/judge-rules-insurer-must-pay-for-ransomware-damage-a-13673

AZORult Campaign Adopts Novel Triple-Encryption Technique
https://threatpost.com/azorult-campaign-encryption-technique/152508/

Analysis of a triple-encrypted AZORult downloader
https://isc.sans.edu/forums/diary/Analysis+of+a+tripleencrypted+AZORult+downloader/25768/

Mysterious New Ransomware Targets Industrial Control Systems
https://www.wired.com/story/ekans-ransomware-industrial-control-systems/

Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries
https://www.fortinet.com/blog/threat-research/another-metamorfo-variant-targeting-customers-of-financial-institutions.html

NIST Drafts Guidelines for Coping With Ransomware
https://www.bankinfosecurity.com/nist-drafts-guidelines-for-coping-ransomware-a-13679

Judge Rules Insurer Must Pay for Ransomware Damage
https://www.bankinfosecurity.com/judge-rules-insurer-must-pay-for-ransomware-damage-a-13673

Emotet Malware Alert Sounded by US Cybersecurity Agency
https://www.bankinfosecurity.com/emotet-malware-alert-sounded-by-us-cybersecurity-agency-a-13640

Emotet Gets Ready for Tax Season With Malicious W-9 Forms
https://www.bleepingcomputer.com/news/security/emotet-gets-ready-for-tax-season-with-malicious-w-9-forms/

Emotet Gears Up to File (Your) Taxes
https://cofense.com/emotet-gears-file-taxes/

Updated FTCODE Ransomware Now Steals Credentials, Passwords
https://www.bankinfosecurity.com/updated-ftcode-ransomware-now-steals-credentials-passwords-a-13638

DoppelPaymer Ransomware Gang Threatens to Dump Victims' Data
https://www.bankinfosecurity.com/doppelpaymer-ransomware-gang-threatens-to-dump-victims-data-a-13683

【2020/2/4】ばらまき型攻撃メール(Emotet)に関する注意喚起
https://www.cc.uec.ac.jp/blogs/news/2020/02/20200204malwareemotet.html

Bitbucket平台被用來散布惡意程式,感染電腦超過50萬
https://www.ithome.com.tw/news/135676

Malware stew cooked up on Bitbucket, deployed in attacks worldwide
https://www.zdnet.com/article/malware-stew-cooked-up-on-bitbucket-deployed-in-attacks-worldwide/#ftag=RSSbaffb68

Malware and ransomware attack volume down due to more targeted attacks
https://www.helpnetsecurity.com/2020/02/05/ransomware-attack-volume-down/

Bitbucket Abused to Infect 500,000+ Hosts with Malware Cocktail
https://www.bleepingcomputer.com/news/security/bitbucket-abused-to-infect-500-000-hosts-with-malware-cocktail/#.XjqKXqNrnow.twitter

Microsoft says it detects 77,000 active web shells on a daily basis
https://www.zdnet.com/article/microsoft-says-it-detects-77000-active-web-shells-on-a-daily-average/#ftag=RSSbaffb68

Ghost in the shell: Investigating web shell attacks
https://www.microsoft.com/security/blog/2020/02/04/ghost-in-the-shell-investigating-web-shell-attacks/

Emotet Gets Ready for Tax Season With Malicious W-9 Forms
https://www.bleepingcomputer.com/news/security/emotet-gets-ready-for-tax-season-with-malicious-w-9-forms/

Android Banking Malware
https://maxkersten.nl/wp-content/uploads/2020/02/SecureID_AndroidBankingMalware_ENG.pdf

Malware stew cooked up on Bitbucket, deployed in attacks worldwide
https://www.zdnet.com/article/malware-stew-cooked-up-on-bitbucket-deployed-in-attacks-worldwide/

THE HOLE IN THE BUCKET: ATTACKERS ABUSE BITBUCKET TO DELIVER AN ARSENAL OF MALWARE
https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

WHY IS EMOTET SO POPULAR AND WHO IS IT TARGETING NOW
https://www.cybereason.com/blog/why-is-emotet-so-popular-and-who-is-it-targeting-now

New Lemon Duck Malware Campaign Targets IoT, Large Manufacturers
https://threatpost.com/lemon-duck-malware-targets-iot/152596/

Mailto (NetWalker) Ransomware Targets Enterprise Networks
https://www.bleepingcomputer.com/news/security/mailto-netwalker-ransomware-targets-enterprise-networks/

New Ransomware Strain Halts Toll Group Deliveries
https://www.bleepingcomputer.com/news/security/new-ransomware-strain-halts-toll-group-deliveries/

Oscar Nominated Movies Featured in Phishing, Malware Attacks
https://www.bleepingcomputer.com/news/security/oscar-nominated-movies-featured-in-phishing-malware-attacks/#.Xjy-LoMWK7M.twitter

CamuBot Resurfaces With Cross-Channel, Targeted Attacks in Brazil
https://securityintelligence.com/posts/camubot-resurfaces-with-cross-channel-targeted-attacks-in-brazil/

Banks being targeted with major malware campaign
https://www.techradar.com/news/banks-being-targeted-with-major-malware-campaign

Emotet attacks— a spike to start the year
https://www.menlosecurity.com/blog/emotet-attacks-a-spike-to-start-the-year

Coronavirus Campaigns Spread Emotet, Malware
https://threatpost.com/coronavirus-propagate-emotet/152404/

B.行動安全 / iPhone / Android /穿戴裝置 /App
蘋果走下資安強者神壇?鑑識探員:安卓手機已比iPhone更難破解
https://www.ettoday.net/news/20200202/1636183.htm

手機恐成防疫漏洞!螢幕含菌量比馬桶座多3.5倍 3步驟做好清潔
http://bit.ly/2Op8jFE

居家隔離手機揭秘!「遙控相機+定位」 電子柵欄遠端監控
https://www.setn.com/News.aspx?NewsID=682680

APP被黑客攻擊導致數據篡改洩露如何滲透測試漏洞與修復解決
https://www.admin5.com/article/20200204/942795.shtml

一個時代輝煌時代的結束!黑莓手機宣布 2020 年 8 月底停產
https://finance.technews.tw/2020/02/04/blackberry-mobile-will-stop-being-sold-in-august-2020/

美國愛荷華州民主黨初選計票當機,一支App惹的禍
https://www.ithome.com.tw/news/135664

Android 用戶有下載快刪掉!Google Play 遭爆有 24 款「惡意」App
https://3c.ltn.com.tw/news/39430

臉書修補WhatsApp允許駭客存取本地端檔案系統的安全漏洞
https://ithome.com.tw/news/135671

桌面版 WhatsApp 應用的漏洞讓駭客能遙距存取檔案
http://bit.ly/36Xnmgc

你的隱私真的安全嗎?社交平台出包 駭客利用漏洞取得用戶電話
https://times.hinet.net/news/22770263

今年該注意會讓你破財的四款假應用程式
https://blog.trendmicro.com.tw/?p=63316

FCC: Wireless Carriers Violated Law by Sharing Location Data
https://www.bankinfosecurity.com/fcc-wireless-carriers-violated-law-by-sharing-location-data-a-13677

How to Clear Data Facebook Collects About You from Other Sites and Apps
https://thehackernews.com/2020/01/off-facebook-activity-data.html

Android alert: New malware can break a smartphone when you try and delete it
https://www.express.co.uk/life-style/science-technology/1233133/Android-warning-malware-preinstalled-breaks-phone-January-26

6 Suspects Arrested in Maltese Bank Hacking Heist
https://www.bankinfosecurity.com/6-suspects-arrested-in-maltese-bank-hacking-heist-a-13674

Twitter says an attacker used its API to match usernames to phone numbers
https://www.zdnet.com/article/twitter-says-an-attacker-used-its-api-to-match-usernames-to-phone-numbers/#ftag=RSSbaffb68

Twitter Warns API Flaw Abuse May Have Unmasked Users
https://www.bankinfosecurity.com/twitter-warns-api-flaw-abuse-may-have-unmasked-users-a-13680

Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users
https://thehackernews.com/2020/02/find-twitter-phone-number.html

Analysis: New Details on the Hacking of Jeff Bezos' iPhone
https://www.bankinfosecurity.com/interviews/analysis-new-details-on-hacking-jeff-bezos-iphone-i-4585

Mobile Banking malware on the rise: How is WhatsApp related
https://en.secnews.gr/210307/malware-whatsapp-banking-klopi/

Apple Caves In to FBI Demand for Backdoor Access
https://www.theadvocates.org/2020/01/apple-caves-in-to-fbi-demand-for-backdoor-access/

Malicious Optimizer and Utility Android Apps on Google Play Communicate with Trojans that Install Malware, Perform Mobile Ad Fraud
http://bit.ly/2OvFgjK

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
左耳朵耗子:疫情下的遠程辦公,聊聊我的經驗和實踐
https://mp.weixin.qq.com/s/frMxPrhg9TjqcS_aSJMnVQ

「社群媒體漏洞」黑市價格曝光!2020資安6大戰場…電商購物車付款資料也被偷
https://www.bnext.com.tw/article/56446/checkpoint-cybersecurity-socialmedia

以色列一所大學的研究發現,只需要透過追蹤電腦螢幕的亮度就能盜取其中的數據
http://bit.ly/2usAHjj

武漢肺炎爆發,需常到中國出差的企業怎麼辦?四大會計師事務所這樣做
https://www.businessweekly.com.tw/international/blog/3001676

武漢肺炎同名之累?桃市武漢國中官網遭駭
http://bit.ly/398RXsP

360:捕獲疫情相幹攻擊案例 駭客組織來自印度
https://ek21.com/news/tech/176482/

印度 APT 組織趁火打劫對我國醫療機構發起定向攻擊!無恥
https://www.chainnews.com/zh-hant/articles/786387450134.htm

安全廠商:全球百大國際機場僅3家通過所有資安檢測
https://www.ithome.com.tw/news/135663

安全人員發現以色列政府DNS服務器存在Open SSH安全漏洞
https://www.cnbeta.com/articles/soft/939923.htm

NEC網路遭駭,2.8萬份檔案疑遭存取
https://ithome.com.tw/news/135637

駭客運用 NSC 智慧建築存取控制系統漏洞,發動遍布上百國、數萬起 DDoS 攻擊
https://technews.tw/2020/02/03/hackers-are-hijacking-smart-building-access-systems-to-launch-ddos-attacks/

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks
https://securityaffairs.co/wordpress/97226/hacking/nsc-linear-emerge-e3-hack.html

駭伺服器盜取NS機密的駭客 被發現是戀童
https://pttcomic.com/c_question/M.1580733097.A.30F.html

竊取任天堂機密的21歲駭客,經FBI調查發現持有大量兒童色情檔案
https://game.udn.com/game/story/10453/4321052

Nintendo hacker pleads guilty
https://www.zdnet.com/article/nintendo-hacker-pleads-guilty/#ftag=RSSbaffb68

LINEAR EMERGE E3 ACCESS CONTROLLER ACTIVELY BEING EXPLOITED
https://securitynews.sonicwall.com/xmlpost/linear-emerge-e3-access-controller-actively-being-exploited/

1個英文字母 害公司慘虧千萬
https://udn.com/news/story/7321/4316327

《李忠憲專欄》武漢肺炎:資安與防疫
https://taronews.tw/2020/01/31/599680/

日NEC遭駭 2.7萬份文件被盜
https://www.ydn.com.tw/News/371190

聯中欺台引爆全球怒火!聯合國官網遭大批駭客改成感謝台灣專頁
http://bit.ly/387aNAk

台灣難波萬!國際駭客出征UN網站貼挺台頁面 逾14小時才被下架
http://tag.analysis.tw/news/apple/1252283/

外媒取得聯合國內部機密文件 揭隱瞞遭受黑客攻擊事故
http://bit.ly/2vIkXcr

聯合國掩飾被駭惹人非議,人權分子被迫暴露在危險情境
http://bit.ly/2tiSTeK

聯合國驚傳遭大規模駭侵攻擊
https://www.twcert.org.tw/tw/cp-104-3284-59ccc-1.html

聯合國人權辦公室駭侵事件,源於微軟 SharePoint 已公開的資安漏洞
https://www.twcert.org.tw/tw/cp-104-3289-4b14c-1.html

資安仍「無法」保障 肯亞「生物辨識」身分證喊卡
https://news.ltn.com.tw/news/world/breakingnews/3054019

民主黨總統初選的「愛荷華當機慘案」:開票失敗的數位政治大爆炸
https://global.udn.com/global_vision/story/8662/4320874

消息稱FBI正調間諜軟體公司NSO 或入侵貝索斯手機
https://news.sina.com.tw/article/20200131/34108718.html

五角大廈網安標準上線 承包商分5級
https://www.ydn.com.tw/News/371445

美國國防部將開始要求承包商必須具備網路安全認證
https://www.ithome.com.tw/news/135658

涉洩飛彈機密給中共 雷神華裔僱員被捕
http://bit.ly/2Se5Tux

日本國防相關企業紛傳遭中國駭
https://pourquoi.tw/2020/02/07/intlnews-neasia-200131-200206-1/

企業のサイバー攻撃 “過去にさかのぼって報告を” 経済産業省
https://www3.nhk.or.jp/news/html/20200131/k10012268141000.html

NECもやられた。サイバー攻撃で「狙われる日本」
https://jbpress.ismedia.jp/articles/-/59190?page=4

日本ハッカー協会杉浦氏が OSINT を解説、メールアドレスでここまで情報が入手可能
https://scan.netsecurity.ne.jp/article/2020/01/29/43598.html

「ハッカーが活躍できる社会を作る」2年間の成果とこれからの展望…日本ハッカー協会独占インタビュー
https://scan.netsecurity.ne.jp/article/2020/01/28/43594.html

Exclusive: FBI probes use of Israeli firm's spyware in personal and government hacks - sources
https://reut.rs/2uVwUuG

Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers
https://thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html

Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs
https://thehackernews.com/2020/01/managed-cybersecurity-services.html

ISRO, SEBI, Other Govt Email Accounts Breached In Hack
https://inc42.com/buzz/isro-sebi-other-govt-email-accounts-breached-in-hack/

ISRO, MEA, Nuclear Scientists Among 3,000 Breached Govt Email IDs
https://www.thequint.com/news/india/ministry-of-external-affairs-isro-barc-breached-thousands-government-mails-cybersecurity

The Chicken Keeps Laying New Eggs: Uncovering New GC MaaS Tools Used By Top-tier Threat Actors
https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9

Geopolitical Tensions May Increase Risk of Destructive Attacks
https://www.symantec.com/blogs/threat-intelligence/tensions-iran-destructive-attacks

The CIA’s Infamous, Unsolved Cryptographic Puzzle Gets a ‘Final Clue’
https://www.vice.com/en_us/article/3a8k93/the-cias-infamous-unsolved-cryptographic-puzzle-gets-a-final-clue

TA505 APT Group Returns With New Techniques: Report
https://www.bankinfosecurity.com/ta505-apt-group-returns-new-techniques-report-a-13678

FCC: Wireless Carriers Violated Law by Sharing Location Data
https://www.bankinfosecurity.com/fcc-wireless-carriers-violated-law-by-sharing-location-data-a-13677

Hackers Target European Energy Firm: Researchers
https://www.bankinfosecurity.com/hackers-target-european-energy-firm-researchers-a-13645

Documents Describe US Cyber Command's Campaign to Hack ISIS
https://www.bankinfosecurity.com/documents-describe-us-cyber-commands-campaign-to-hack-isis-a-13637

Top Secret documents show Cyber Command's growing pains in its mission against ISIS
https://www.cyberscoop.com/cyber-command-pentagon-counter-isis-glowing-symphony-foia/

The duke of URL: Zoom meetups' info leaked out through eavesdrop hole
https://www.theregister.co.uk/2020/01/28/zoom_eavesdrop_hack/

Teen takes down ISP with DDoS attacks to get info on one of its subscribers
https://www.zdnet.com/article/teen-takes-down-isp-with-ddos-attacks-to-get-info-on-one-of-its-subscribers/#ftag=RSSbaffb68

Electric scooters vulnerable to remote hacks
https://www.welivesecurity.com/2020/02/04/electric-scooters-vulnerable-remote-hacks/

Anonymous creates pro-Taiwan page inside UN website
https://www.taiwannews.com.tw/en/news/3871244?

All you need to know about Darkweb markets
https://hackernewsdog.com/darkweb-markets-search-engines/

How the B-Team watches over Australia's encryption laws and cybersecurity
https://www.zdnet.com/article/how-the-b-team-watches-over-australias-encryption-laws-and-cybersecurity/#ftag=RSSbaffb68

Japanese Defense Contractors Kobe Steel, Pasco Disclose Breaches
https://www.bleepingcomputer.com/news/security/japanese-defense-contractors-kobe-steel-pasco-disclose-breaches/#.Xjy-WX5wEiQ.twitter

Porn Sites Suffer Highest Number of DDoS Attacks
https://www.infosecurity-magazine.com/news/porn-sites-suffer-highest-number/

Charming Kitten Uses Fake Interview Requests to Target Public Figures
https://threatpost.com/charming-kitten-uses-fake-interview-requests-to-target-public-figures/152628/

駐點資安工程師(約聘)南投縣南投市
https://www.104.com.tw/job/6uwui

北市府釋出150個職缺 2/3-2/10報名
http://bit.ly/2RYJmTT

資深資安工程師(台北)
https://www.104.com.tw/job/6uzk2

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
被爆賣用戶個資!全球第五大病毒防護商Avast,火速收掉問題子公司
https://www.bnext.com.tw/article/56424/avast-jumpshot-subsidiary-suspended-data-collection-selling

近十二億張醫療影像在網路上曝光,而且全無保護
https://www.twcert.org.tw/tw/cp-104-3283-1b4d1-1.html

趁武漢肺炎口罩之亂, 全聯遭冒用,詐騙集團成立多個假粉專騙個資
https://blog.trendmicro.com.tw/?p=63281

口罩之亂!粉專「留言就送一盒」 專家提醒:詐騙集團騙個資
http://bit.ly/31ul1sd

高額電話詐騙案年年狂增 美司法部開第一槍要求電信商負擔責任
https://cnews.com.tw/137200204a05/

誆駭客技術可追回遭詐騙款項 警籲勿遭「二次詐騙」
https://tw.news.appledaily.com/local/20200206/UHXXVMQ4XX4LQX5BHRQJPK6PYU/

虛擬帳戶成詐騙工具 警:個資外流小心成幫助犯
https://news.ltn.com.tw/news/society/breakingnews/3059101

有夠衰!詐團假裝司法機關 同個被害人「被騙錢2次」
https://www.setn.com/News.aspx?NewsID=684677

詐騙新招!網路交友遇連環騙 騙稱可找駭客追回騙款剝兩次皮
https://news.ltn.com.tw/news/society/breakingnews/3059679

隱私相片竟被傳到他人相簿中?雲端相簿超離譜漏洞讓用戶資安拉警報
https://news.sina.com.tw/article/20200206/34154982.html

Yahoo史上最大個資外洩事件賠償方案出爐!收到通知郵件的用戶可採取4種方案
https://www.ettoday.net/news/20200207/1640218.htm

「健保卡被鎖卡」領不到口罩! 486先生破解荒謬騙術…1.4萬人推爆:真的有接到
https://star.ettoday.net/news/1640114

趁武漢肺炎口罩之亂, 全聯遭冒用,詐騙集團成立多個假粉專騙個資
https://blog.trendmicro.com.tw/?p=63281

這些臉書粉絲團都是假的,五招避免上當
https://blog.trendmicro.com.tw/?p=60197

Pabbly Email Marketing Exposes 51.2 Million Records Online
https://securitydiscovery.com/pabbly-email-marketing/

Singapore, Malaysia clamp down on online falsehoods about coronavirus
https://www.zdnet.com/article/singapore-malaysia-clamp-down-on-online-falsehoods-about-coronavirus/

Would you get hooked by a phishing scam? Test yourself
https://www.welivesecurity.com/2020/02/03/would-you-get-hooked-phishing-scam-test-yourself/

Ashley Madison: The Impact of Some Data Breaches Is Forever
https://www.bankinfosecurity.com/blogs/ashley-madison-impact-some-data-breaches-forever-p-2859

POS Vendor for Cannabis Dispensaries Exposed Data: Report
https://www.bankinfosecurity.com/pos-vendor-for-cannabis-dispensaries-exposed-data-report-a-13643

Report: Cannabis Users’ Sensitive Data Exposed in Data Breach
https://www.vpnmentor.com/blog/report-thsuite-breach/

FBI Warns: Beware of Spoofed Job Application Portals
https://www.bankinfosecurity.com/fbi-warns-beware-spoofed-job-application-portals-a-13641

Security risks for e-scooters and riders exposed
https://www.helpnetsecurity.com/2020/01/28/e-scooters-risks/

FBI Issues Valentine Romance Scam Warning
https://www.infosecurity-magazine.com/news/fbi-issues-valentine-romance-scam/

E.研究報告
Windows 如何透過 VirtualBox 安裝 macOS Catalina 虛擬機? 5 個步驟輕鬆完成
https://www.kocpc.com.tw/archives/305342

[原創]CVE-2019-1215分析筆記
https://bbs.pediy.com/thread-257435.htm

OpenWRT 曝遠程代碼執行漏洞
https://www.chainnews.com/zh-hant/articles/896869389932.htm

超過20萬個WordPress網站受到插件中CSRF漏洞影響
https://nosec.org/home/detail/4060.html

CVE-2020-8417:WP Code Snippets CSRF RCE漏洞
https://www.4hou.com/posts/GQO3

Apache Software Foundation 發布2019 年安全報告
https://www.cnbeta.com/articles/tech/938093.htm

自動發現IDOR(越權)漏洞的方法:使用BurpSuite中的Autozie和Autorepeater插件來檢測和識別IDOR漏洞
https://www.023niu.com/show-64-400-1.html

文件上傳漏洞原理及其攻擊思路
https://juejin.im/post/5e33f0c66fb9a0300052c2bc

thinkphp6 session 任意文件創建漏洞復現含POC
https://zhuanlan.zhihu.com/p/104473609

挖洞經驗| PayPal驗證碼質詢功能(reCAPTCHA Challenge)存在的用戶密碼洩露漏洞
https://www.freebuf.com/vuls/225330.html

CVE-2020-8417:WP Code Snippets CSRF RCE 漏洞
https://www.chainnews.com/zh-hant/articles/136770718489.htm

遠程雲端執行(RCE):Azure雲架構中的漏洞分析(Part 1)
https://www.anquanke.com/post/id/197713

遠程雲端執行(RCE):Azure雲架構中的漏洞分析(Part 2)
https://www.anquanke.com/post/id/197743

自動掃描漏洞的黑客工具!Web漏洞掃描技巧篇
http://bit.ly/370SpaQ

在Tesla Model S 上實現Wi-Fi 協議棧漏洞的利用
https://paper.seebug.org/1106/

物聯網安全系列之遠程破解Google Home
https://paper.seebug.org/1111/

ATT&CK 之防御逃逸
https://paper.seebug.org/1103/

CVE-2020-7799 : Apache FreeMarker模板FusionAuth遠程代碼執行漏洞通告
https://cert.360.cn/warning/detail?id=207275e27a6e7ee85a43a6eb5cf5fc69

0-day漏洞,1-day漏洞,n-day漏洞各自是什麼意思
https://blog.csdn.net/weixin_42859280/article/details/104157806

Wine 5.0正式版本釋出,支援Vulkan 1.1、XAudio2強化影音表現
https://www.techbang.com/posts/75934-wine-50-official-release-support-for-vulkan-11-xaudio2-enhanced-audio-and-video-performance

Foxit PhantomPDF HTML2PDF HTML解析釋放後重利用代碼執行漏洞(CVE-2018-17691)
https://aliyunnew.com/a/CVE-2018-17691.html

CVE-2019-19781 遠程代碼執行漏洞深入分析
https://paper.seebug.org/1117/

安卓技巧CVE 2017-13287復現分析
https://www.anquanke.com/post/id/197710

Loader.io – 免費線上壓力測試工具,檢測網站主機的負載能力
https://techmoon.xyz/loader-io/

Introduction to mobile network intrusions from a mobile phone
https://medium.com/mobile-stacks-and-networks-security/introduction-to-mobile-network-intrusions-from-a-mobile-phone-9a8e909cc276

Hitcon Traning Lab10做題筆記-UAF突破分析
https://xz.aliyun.com/t/7146

HITCON-Training
https://github.com/scwuaptx/HITCON-Training

Open Source Intelligence (OSINT)
https://www.hackers-arise.com/osint

LeakCanary is a memory leak detection library for Android
https://github.com/square/leakcanary

Burpsuite Intruder payload
https://github.com/1N3/IntruderPayloads

Rich headers: leveraging the mysterious artifact of the PE format
http://bit.ly/3b0MdD4

Winnti Group targeting universities in Hong Kong
https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/

Abusing DLL Misconfigurations — Using Threat Intelligence to Weaponize R&D
http://bit.ly/2GHIg8o

Increasing Enterprise Visibility: Integrated Defense with Mitre ATT&CK
https://pentestmag.com/increasing-enterprise-visibility-integrated-defense-with-mitre-attck/

Expanding the Attack Surface: React Native Android Applications
https://blog.assetnote.io/bug-bounty/2020/02/01/expanding-attack-surface-react-native/

APT34: Glimpse project
https://marcoramilli.com/2019/05/02/apt34-glimpse-project/

exploitdb-bin-sploits
https://github.com/offensive-security/exploitdb-bin-sploits

EKFiddle v.0.9.5
https://github.com/malwareinfosec/EKFiddle

Exploiting The Entity: XXE (XML External Entity Injection)
https://pentestmag.com/exploiting-the-entity-xme-xml-external-entity-injection/

Emotet detection tool for Windows OS
https://github.com/JPCERTCC/EmoCheck

Tech Support Scam Hitting Microsoft Edge Start Page Takes a Break
https://www.bleepingcomputer.com/news/security/tech-support-scam-hitting-microsoft-edge-start-page-takes-a-break/#.XjcMaUDcsv4.twitter

Penta - Open Source All-In-One CLI Tool To Automate Pentesting
https://hakin9.org/penta-open-source-all-in-one-cli-tool-to-automate-pentesting/

TeamViewer
https://whynotsecurity.com/blog/teamviewer/

The Social-Engineer Toolkit (SET)
https://github.com/TrustedSec/social-engineer-toolkit

Red Teamer’s Cookbook: BYOI (Bring Your Own Interpreter)
https://www.blackhillsinfosec.com/red-teamers-cookbook-byoi-bring-your-own-interpreter/

DVNA - Damn Vulnerable NodeJS Application
https://www.kitploit.com/2020/02/dvna-damn-vulnerable-nodejs-application.html

Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations
https://unit42.paloaltonetworks.com/actors-still-exploiting-sharepoint-vulnerability/

Escalating Privileges with CylancePROTECT
https://www.atredis.com/blog/cylance-privilege-escalation-vulnerability

Integrating Defender ATP with Azure Sentinel to detect Pass-The-Hash & Pass-The-Ticket
https://identityaccess.management/2020/02/04/integrating-defender-atp-with-azure-sentinel-to-detect-pass-the-hash-pass-the-ticket/

Adding a Backdoor to AD in 400 Milliseconds
https://www.secframe.com/blog/persistence-in-400-milliseconds?utm_content=115078011

namevariation
https://github.com/jakecreps/namevariation

Cross Site Scripting (XSS)
https://hackersonlineclub.com/cross-site-scripting-xss/

Attack-Surfaces-Tools-and-Techniques
https://github.com/The-Art-of-Hacking/h4cker/blob/master/cheat_sheets/Attack-Surfaces-Tools-and-Techniques.pdf

QuasarRAT
https://github.com/quasar/QuasarRAT

WHAT YOU NEED TO KNOW: "SNIPR" CREDENTIAL STUFFING TOOL
https://blogs.akamai.com/2018/03/what-you-need-to-know-snipr-credential-stuffing-tool.html

The Chicken Keeps Laying New Eggs: Uncovering New GC MaaS Tools Used By Top-tier Threat Actors
https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9

The OSINT-ification of ISIS on the Dark Web
http://bit.ly/39aFNj6

Bypassing Windows User Account Control
https://www.peerlyst.com/posts/bypassing-windows-user-account-control-ian-barwise?trk=explore_page_posts_featured_feed_entry

A brief introduction to malware analysis
https://www.peerlyst.com/posts/a-brief-introduction-to-malware-analysis-kimberly-crawley?trk=explore_page_posts_featured_feed_entry

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)
https://github.com/m0nad/Diamorphine

How to catch a cybercriminal: Tales from the digital forensics lab
https://www.welivesecurity.com/2020/02/05/how-catch-cybercriminal-tales-digital-forensics-lab/

security webcams hacking way too easy
https://hackingpassion.com/security-webcam-hacking-way-too-easy/

How To Quickly Run a Basic Security Audit Against Docker & Secure the Docker Daemon
https://pentestmag.com/how-to-quickly-run-a-basic-security-audit-against-docker-secure-the-docker-daemon/

An evil RAT (Remote Administration Tool) for macOS / OS X.
https://github.com/Marten4n6/EvilOSX

Penetration Testing Platform
https://github.com/jeffzh3ng/fuxi

UFONet - Denial of Service Toolkit
https://github.com/epsylon/ufonet

OpendoorCDN Skimmer Analysis Continued
https://www.goggleheadedhacker.com/blog/post/15

Termshark 2.1v Released – Wireshark Based UI
https://hackersonlineclub.com/termshark-2-1v-released-wireshark-based-ui/

Blue Team Architecture and Analysis - Part 1
https://www.peerlyst.com/posts/blue-team-architecture-and-analysis-part-1-j-geno

Blue Team Architecture and Analysis - Part 2, Guide to the Part 1 Document
https://www.peerlyst.com/posts/blue-team-architecture-and-analysis-part-2-guide-to-the-part-1-document-j-geno

Blue Team Architecture and Analysis - Part 3, Coverage Assessment Map
https://www.peerlyst.com/posts/blue-team-architecture-and-analysis-part-3-coverage-assessment-map-j-geno

Heartbleed Discovery and Exploit
https://linuxsecurityblog.com/2020/02/01/heartbleed-discovery-and-exploit/

FTP Backdoor Command Execution
https://medium.com/@server107/ftp-backdoor-command-execution-9a95973c02a3

Threat Research STOMP 2 DIS: Brilliance in the (Visual) Basics
https://www.fireeye.com/blog/threat-research/2020/01/stomp-2-dis-brilliance-in-the-visual-basics.html

The TIDoS Framework - The Offensive Manual Web Application Penetration Testing Framework
https://hakin9.org/the-tidos-framework-the-offensive-manual-web-application-penetration-testing-framework/

How to Design a Web Application: Software Architecture 101
https://dev.to/educative/how-to-design-a-web-application-software-architecture-101-188b

Mercure is a tool for security managers who want to train their colleague to phishing
https://github.com/atexio/mercure

Phishing_Kits
https://github.com/JoulioK/Phishing_Kits/tree/master/chase.com.andrewlewisdesign.com

celerystalk
https://github.com/sethsec/celerystalk

Artifical Intelligence Suite for Android Application Security
https://github.com/haroonawanofficial/flameapk

F.商業
是德科技 Ixia 部門加入 IBM Security App Exchange 社群
https://news.sina.com.tw/article/20200131/34109922.html

Google 開源支援 FIDO2 的 OpenSK,助硬體業者加速採納二階段認證機制
http://bit.ly/2S91Rnh

Sophos推出Intercept X for Mobile可防禦騙錢軟體
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&id=577284

防疫帶動異地辦公需求 中華電助陣
https://money.udn.com/money/story/5612/4324151

全景攜手CyberArk 守護特權帳號
https://www.chinatimes.com/newspapers/20200207000513-260210?chdtv

訊舟推出硬體加密SecuBox 強化第三方雲端監控安全
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000577498_J915EZ608M8VNL9OP3W4D

Zyxel launches ZyWALL VPN1000 VPN Firewall, an all-in-one security solution for SMBs
https://www.helpnetsecurity.com/2020/02/04/zyxel-zywall-vpn1000-vpn-firewall/

Trend Micro and Baker Hughes collaborate to help deliver protection for critical infrastructure
https://www.helpnetsecurity.com/2020/02/04/trend-micro-baker-hughes/

VPNs will change forever with the arrival of WireGuard into Linux
https://www.zdnet.com/article/vpns-will-change-forever-with-the-arrival-of-wireguard-into-linux/#ftag=RSSbaffb68

Neo4j 4.0 adds enterprise Fabric to its graph database
https://www.zdnet.com/article/neo4j-4-0-adds-enterprise-fabric-to-its-graph-database/#ftag=RSSbaffb68

Breaking the Discovery Protocols of the Enterprise of Things
https://go.armis.com/hubfs/White-papers/Armis-CDPwn-WP.pdf

Google's OpenSK lets you BYOSK – burn your own security key
https://www.theregister.co.uk/2020/02/04/security_key_google_opensk/

The Swiss Army knife for automated Web Application Testing
https://github.com/jaeles-project/jaeles

G.政府
行政院技術服務中心資安威脅趨勢與案例分享
http://bit.ly/2PJPKfh

行政院技術服務中心108年網路攻防演練暨資安檢測重要發現事項
http://bit.ly/38E64XJ

政府雲端應用正起飛 導航IT產業新高峰 (資安人科技網專訪)
https://bost.ey.gov.tw/Page/5E4F83982214BC6/dab20f7d-7d3d-4c7a-9c11-8aded295784d

參加外交部紐澳駐外館處資安健檢
https://report.nat.gov.tw/ReportFront/ReportDetail/detail?sysId=C10803307

[公告] 資安專業人才培育 | 109年度培訓課程甄選開始
https://www.acw.org.tw/News/Detail.aspx?id=116

H.工控系統/SCADA/ICS
Touch panels deployed in critical infrastructure vulnerable to remote attacks
https://www.helpnetsecurity.com/2020/02/05/cve-2020-6969/

ICS Advisory (ICSA-20-035-01) AutomationDirect C-More Touch Panels
https://www.us-cert.gov/ics/advisories/icsa-20-035-01

ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path
https://www.exploit-db.com/exploits/48009

SCADA/ICS Hacking
https://www.hackers-arise.com/scada-hacking

I.教育訓練
PHP命令執行漏洞基礎
https://www.cnblogs.com/xhds/p/12250975.html

DVWA靶機--簡單的文件上傳漏洞
http://shangdixinxi.com/detail-1274054.html

網站圖片、文件上傳功能漏洞筆記
https://www.cnblogs.com/Dpkg/p/12254524.html

異形般強大的監控系統:Prometheus 掌控主機、VM、容器及 K8S
https://www.tenlong.com.tw/products/9789865501167

Incident Response Metrics to Measure the Maturity of a Cybersecurity Program
http://bit.ly/3baI9QJ

一款由Node.js打造的WEB漏洞測試平台:DVNA
https://zhuanlan.zhihu.com/p/105003724

Remote Exploitation 101: Vulnerable Database
https://ctfthemes.appspot.com/

關於紅外線控制的那些事
http://bit.ly/2Or4for

HITCON CTF 介紹 - HG 導覽活動
https://www.slideshare.net/HITCONGIRLS/hitcon-ctf-hg

HITCON CTF 2019 特色 - HG 導覽活動
https://www.slideshare.net/HITCONGIRLS/hitcon-ctf-2019-hg

DYNAMIC ARP INSPECTION
https://ipcisco.com/lesson/dynamic-arp-inspection/

How to Pass OSCP Like Boss
https://medium.com/@parthdeshani/how-to-pass-oscp-like-boss-b269f2ea99d

How to pass the OSCP
https://gist.github.com/unfo/5ddc85671dcf39f877aaf5dce105fac3

OSCP-Archives
https://github.com/CyDefUnicorn/OSCP-Archives/blob/master/README.md

OSCP-Survival-Guide
https://github.com/wwong99/pentest-notes/blob/master/oscp_resources/OSCP-Survival-Guide.md

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
研究員以投影機成功騙過特斯拉 Autopilot 系統
https://technews.tw/2020/01/30/projected-images-can-trick-tesla-autopilot-system/

DJI 剉著等,美國政府宣布正式禁用中國製無人機
http://bit.ly/3b1hRQX

安全性出包!小米智慧攝影機成「鄰居監控器」Google緊急停止合作
https://cnews.com.tw/137200202a02/

台灣唯一Amazon Alexa資安檢測實驗室,安華聯網全面掌握物聯網安全
http://www.pcdiy.com.tw/detail/15214

物聯網漏洞難防 開放接口也會被黑客盯上
https://kknews.cc/tech/y596o6g.html

Philips智慧燈泡漏洞將允許駭客滲透用戶網路
https://www.ithome.com.tw/news/135679

Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers
https://thehackernews.com/2020/02/philips-smart-light-bulb-hacking.html

The Dark Side of Smart Lighting: Check Point Research Shows How Business and Home Networks Can Be Hacked from a Lightbulb
http://bit.ly/398wSi4

6.近期資安活動及研討會
Taipei Rails Meetup  2/11
https://www.meetup.com/rails-taiwan/events/dlgzljybcdbpb/

高雄 Rails Meetup 2/12
https://www.meetup.com/rails-taiwan/events/qxfvjkybcdbqb/

讓遠端工作機會成為你的職場跳板 2/12
https://www.meetup.com/TaipeiWomeninTech/events/268501510/

制御システムセキュリティカンファレンス 2020 2020年2月14日
https://www.jpcert.or.jp/event/ics-conference2020.html

【板橋/2020二月】WordPress #歡迎你來聚 2/15
https://www.meetup.com/Taipei-WordPress/events/268347650/

【課程】金融大數據分析平台實作,使用Python實作網路爬蟲,快速有效獲取必要資訊,打造自動化分析工具 2/15
https://www.techbang.com/tags/19419

Taipei Rails Meetup 2/18
https://www.meetup.com/rails-taiwan/events/dlgzljybcdbxb/

高雄 Rails Meetup 2/19
https://www.meetup.com/rails-taiwan/events/qxfvjkybcdbzb/

人工智慧小聚 - 新竹 2/19
https://www.meetup.com/AIA-Hsinchu/events/267801851/

Android Code Club(Taipei) 2/19
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcdbzb/

Certificate of Cloud Security Knowledge (CCSK) Plus 2/23 ~ 2/24
https://csacongress.org/event/csa-summit-at-rsa-conference-2020/

連網設備的資安風險與信任管理策略 2/25
https://www.caa.org.tw/coursedetail-3272.html

第19屆亞太資安論壇  2/25 ~ 2/26
https://www.informationsecurity.com.tw/Seminar/2020_Seminar/all/

Taipei 暗号通貨 (Cryptocurrency) Meetup 2/26
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcdbjc/

Android Code Club(Taipei) 2/26
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcdbjc/

Thinking Thursday 第七場 2/27
https://www.meetup.com/Thinking-Thursday/events/266911452/

邊緣運算介紹與應用 & Let's AIY ( 人工智慧小聚 - Hsinchu#20200304 ) 3/4
https://www.meetup.com/AIA-Hsinchu/events/267713123/

Android Code Club(Taipei) 3/4
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcfbgb/

Monad 細說從頭! FunTh#81 3/5
https://www.meetup.com/Functional-Thursday/events/267683150/

Android Code Club(Taipei) 3/11
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcfbpb/

CYBERSEC 2020 臺灣資安大會 3/17 ~ 3/19
https://cyber.ithome.com.tw/

Scala Taiwan #37 3/18
https://www.meetup.com/Scala-Taiwan-Meetup/events/267899692/

韓國國際安全博覽會 3/18
https://www.twcert.org.tw/tw/cp-105-3230-a3bd4-1.html

數據分析與機器學習案例實務(一)以PM2.5為例 3/23
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3888&from_course_list_url=course_index

Taipei 暗号通貨 (Cryptocurrency) Meetup 3/25
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcfbhc/

black ASIA 2020 Singapore 3/31 ~ 4/3
https://www.blackhat.com/asia-20/briefings/schedule/

Kaspersky® Security Analyst Summit  4/6 ~ 4/9
https://thesascon.com/

邊緣計算系統之大數據與深度學習應用 4/10
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3883&from_course_list_url=course_index

VXCON 2020 - APAC  4/18 ~ 4/19
https://www.vxcon.hk/

2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore  4/21 ~ 4/23
https://www.icscybersecurityconference.com/singapore/

Taipei 暗号通貨 (Cryptocurrency) Meetup 4/22
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcgbdc/

亞太資訊安全論壇暨展覽會 4/22
https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html

Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/

邊緣計算系統之大數據與深度學習應用 6/5
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index

留言

這個網誌中的熱門文章

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



1月份資安社群及教育訓練活動分享

1月份資安社群及教育訓練活動分享

Android Code Club(Taipei) 1/1
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybccbcb/

From Reactive to Functional FunTh#80 1/2
https://www.meetup.com/Functional-Thursday/events/266805309/

Hacking Thursday 1/2
http://www.hackingthursday.org/invite

大數據爬蟲技術實作,使用Python實作網路爬蟲,快速有效獲取大量資料,打造自動化金融數據平台 1/4
https://www.techbang.com/posts/58613-course-python-crawler-technology-implementation

[Birthday Series] R-Ladies Taipei 五歲拉 1/6
https://www.meetup.com/rladies-taipei/events/266131216/

SDN x Cloud Native Meetup #24 1/6
https://www.meetup.com/CloudNative-Taiwan/events/267390135/

WizardAmigos CodeCamp [Taipei,JavaScript,­English] 1/6
https://www.meetup.com/WizardAmigos/events/bbdclrybccbjb/

新型郵件威脅與挑戰因應策略 1/7
https://engage2demand.cisco.com/LP=19240?dtid=oemels001119&ccid=cc000828&ecid=22859

發現 CNN 新大陸 (人工智慧小聚 - Hsinchu#20200108 ) 1/8
https://www.meetup.com/AIA-Hsinchu/events/266704469/

LISP talk: LISP in surrounding parentheses is supremely powerful #3  1/8
https…

8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/