資安事件新聞週報 2020/4/27 ~ 2020/5/1
1.重大弱點漏洞/後門/Exploit/Zero Day
Hackers are exploiting a Sophos firewall zero-day
https://www.zdnet.com/article/hackers-are-exploiting-a-sophos-firewall-zero-day/#ftag=RSSbaffb68
Hackers exploit zero-day in Sophos XG Firewall, fix released
https://www.bleepingcomputer.com/news/security/hackers-exploit-zero-day-in-sophos-xg-firewall-fix-released/
Sophos緊急修補旗下防火牆已遭開採的零時差漏洞
https://www.ithome.com.tw/news/137239
Pulse Connect Secure の脆弱性への対策や侵害有無などの確認を
https://www.jpcert.or.jp/newsflash/2020041701.html
Fixing SQL injection vulnerability and malicious code execution in XG Firewall/SFOS
https://community.sophos.com/kb/en-us/135412
Fortinet 產品繞過保安限制漏洞
https://fortiguard.com/psirt/FG-IR-20-045
McAfee 產品繞過保安限制漏洞
https://kc.mcafee.com/corporate/index?page=content&id=SB10316
https://kc.mcafee.com/corporate/index?page=content&id=KB92752
IBM DB2 多個漏洞
https://www.ibm.com/support/pages/node/6198380
Juniper Junos OS 遠端執行程式碼漏洞
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021
Samba 多個漏洞
https://www.samba.org/samba/security/CVE-2020-10704.html
https://www.samba.org/samba/security/CVE-2020-10700.html
ZyXEL Zyxel XGS2210-52HP跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13495
Gigamon GigaVUE 路徑遍歷漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12251
JVN#47668991 Sales Force Assistant におけるクロスサイトスクリプティングの脆弱性
https://jvn.jp/jp/JVN47668991/
升級且慢!報告稱 Windows 10 更新會破壞 Chrome 安全機制
https://3c.ltn.com.tw/news/40225
Google披露蘋果Image I/O零點擊漏洞 現已修復
https://www.ettoday.net/news/20200429/1702996.htm
潛伏了8年的iPhone和iPad嚴重漏洞可能正在受到積極攻擊
https://www.rixin.info/a/5004.html
Google discloses zero-click bugs impacting several Apple operating systems
https://www.zdnet.com/article/google-discloses-zero-click-bugs-impacting-several-apple-operating-systems/#ftag=RSSbaffb68
Zoom Call Recording 跨站脚本漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18223
HPE Onboard Administrator 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7132
多款NETGEAR產品命令注入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21154
Edimax EW-7438RPn 1.13 Remote Code Execution
https://packetstormsecurity.com/files/157381/edimaxew7438rpn113-exec.txt
受Ghostcat漏洞波及,多家IT平臺軟體接續發布相關修補
https://www.ithome.com.tw/news/137207
HTCondor 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18823
一組特定字串被發現會使 Apple 裝置當機
https://bit.ly/3cLBFaX
iOS 13 郵件軟體遭發現 2 個嚴重 0-day 漏洞,無需用戶操作即可導致駭侵者遠端執行任意程式碼
https://www.twcert.org.tw/tw/cp-104-3576-51b6d-1.html
Apple disputes recent iOS zero-day claim
https://www.zdnet.com/article/apple-disputes-recent-ios-zero-day-claim/#ftag=RSSbaffb68
打開空白電郵可能「被駭」!iPhone、iPad 證實有資安漏洞,iOS 13.4.5 將修補漏洞
https://buzzorange.com/techorange/2020/04/24/iphone-ipad-security-bug/
Zero-Day Warning: It's Possible to Hack iPhones Just by Sending Emails
https://thehackernews.com/2020/04/zero-day-warning-its-possible-to-hack.html
Foxit發布安全性公告,揭露20個安全漏洞,其中4個可被用於遠端執行任意程式碼攻擊
https://www.ithome.com.tw/news/137177
微軟修復 Teams 重大資安漏洞:一張 GIF 圖檔即可綁架整個單位的 Teams 帳號
https://www.twcert.org.tw/tw/cp-104-3579-fdbdd-1.html
Microsoft Patches Teams Vulnerability
https://www.bankinfosecurity.com/microsoft-patches-teams-vulnerability-a-14195
微軟緊急修補Office及小畫家3D的遠端程式攻擊漏洞
https://www.ithome.com.tw/news/137165
Windows Embedded Compact 7 安全更新:2020 年 3 月
https://support.microsoft.com/zh-cn/help/4550089/security-update-for-windows-embedded-compact-7
Huawei Lion-AL00C 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1880
Critical Security Patches Released for Magento, Adobe Illustrator and Bridge
https://thehackernews.com/2020/04/adobe-software-updates.html
GitLab向報告遠程代碼執行漏洞的研究員獎勵2萬美元
https://www.cnbeta.com/articles/tech/973253.htm
Critical Bugs Found in 3 Popular e-Learning Plugins for WordPress Sites
https://thehackernews.com/2020/04/wordpress-lms-plugins.html
JVN#93064451 複数のシャープ製 Android 端末における情報漏えいの脆弱性
https://jvn.jp/jp/JVN93064451/
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
為因應 COVID-19(武漢肺炎)疫情衍生之資安威脅,請依說明事項辦理,請查照並轉知所屬會員
https://law.fsc.gov.tw/law/NewsContent.aspx?id=8085
《金融》壽險串聯健康存摺 金管會未准
https://ww2.money-link.com.tw/RealtimeNews/NewsContent.aspx?SN=4166546001&PU=0010
194家異地辦公 佔金融業比重64%
https://tw.news.appledaily.com/finance/20200424/JSSMLP3OA6I54V4MPFIRPZ27HA/
中華民國銀行商業同業公會全國聯合會金融資安聯防教育訓練研討會新聞稿
https://www.ba.org.tw/Notice/Detail/1639
十年磨一劍! 臺灣證券市場正式迎向逐筆交易新制
https://www.ithome.com.tw/news/137206
【2020支付安全未來三年新變革】商家儲存的信用卡號應代碼化,全新3-DS驗證在臺有3大類別商家必須啟用
https://www.ithome.com.tw/news/136821
Line Bank揭露更詳細IT組織架構,更可一窺這家純網銀採用技術與未來發展藍圖
https://www.ithome.com.tw/news/137288
四十萬筆卡片消費記錄,於暗網上以200萬美金出售
https://www.twcert.org.tw/tw/cp-104-3585-b930d-1.html
Imitation is the sincerest form of flattery: Natwest copies Starling with carers card
https://www.finextra.com/newsarticle/35697/imitation-is-the-sincerest-form-of-flattery-natwest-copies-starling-with-carers-card
Hackers Trick 3 British Private Equity Firms Into Sending Them $1.3 Million
https://thehackernews.com/2020/04/bec-scam-wire-transfer-money.html
5G in financial services will provide new possibilities
https://www.zdnet.com/article/5g-in-financial-services-will-provide-new-possibilities/#ftag=RSSbaffb68
South Korean and US payment card details worth nearly $2M up for sale in the underground
https://www.group-ib.com/media/south-korean-and-us-banks-cards/
3.電子支付/電子票證/行動支付/ pay/新聞及資安
電支電票二合一 轉帳紅利共享共用
https://pttcareer.com/mobilepay/M.1587900716.A.628.html
Three hurdles to address before digital retail payments can scale across Asia Pacific
https://www.zdnet.com/article/three-hurdles-to-address-before-digital-retail-payments-can-scale-across-asia-pacific/#ftag=RSSbaffb68
4.虛擬貨幣/區塊鍊相關新聞及資安
關於中國央行數位貨幣 DCEP,讀完這篇文章才算是懂了
https://www.blocktempo.com/china-dcep-central-bank-digital-currecny/
Binance幣安研究:大眾對中國央行「數位人民幣 DCEP」的迷思 (完整報告)
https://www.blocktempo.com/china-cbdc-dcep-cryptocurrency-revolution-binance/
我央行評估數位貨幣將出爐 傾向雙軌並行
https://ec.ltn.com.tw/article/paper/1368728
當離駭客如此近 … 從 Lendf.Me 駭客事件我們看到了什麼
https://zombit.info/what-do-we-see-from-the-lendf-me-hacking-incident/
Lendf 被盜代幣已全數歸還!駭客疑似自洩個資露馬腳
https://news.cnyes.com/news/id/4467332
區塊鏈金融平臺dForce的加密貨幣資產幾乎被盜領一空
https://www.ithome.com.tw/news/137106
“洗錢“意外留下元數據?黑客被迫退回2500萬美金
https://www.freebuf.com/news/234573.html
重磅!幣寶日本發函解除契約、終止系統服務,台灣市場「數億消失資產」該如何彌補
https://www.blocktempo.com/bitpoint-jp-stop-the-contract-of-tw/
台灣2.5億傳銷案|IBCoin受害者一審敗訴,法官: 網路發達查證不難,不該因被告空話就買幣
https://www.blocktempo.com/ibcoin-victims-lost-the-suit/
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
勒索軟體攻擊超越金融卡竊盜,在去年成為最常見的網路攻擊行動
https://www.ithome.com.tw/news/137199
卡巴斯基揭露透過Android程式的大規模間諜活動
https://www.ithome.com.tw/news/137278
APT 駭客集團利用武漢肺炎作為誘餌
https://blog.trendmicro.com.tw/?p=64059
勒索軟體Shade/Troldesh收山,釋出75萬把解密金鑰
https://ithome.com.tw/news/137253
勒索軟體攻擊超越金融卡竊盜,在去年成為最常見的網路攻擊行動
https://www.ithome.com.tw/news/137199
勒索病毒專挑特定對象下手, 政府機關飽受針對性勒索病毒危害
https://blog.trendmicro.com.tw/?p=63955
美國科羅拉多州醫院遭到勒索軟體攻擊,多個資訊系統被迫停止運作
https://www.ithome.com.tw/news/137283
微軟攜35國 摧毀殭屍網路Necurs
https://bit.ly/3cM4vIj
Tekya惡意軟件混入Google Play
https://www.freebuf.com/articles/network/231545.html
< 資安報告>勒索病毒專挑特定對象下手, 政府機關飽受針對性勒索病毒危害
https://blog.trendmicro.com.tw/?p=63955
《肺炎電腦病毒新增案例》首例開機磁區確診 Coronavirus 病毒,導致無法開機
https://blog.trendmicro.com.tw/?p=64121
LeetHozer Botnet分析报告
https://blog.netlab.360.com/the-leethozer-botnet/
微軟警告:駭客正利用盜版影片遞送惡意程式
https://www.ithome.com.tw/news/137303
電腦自動重新開機,跳出 Coronavirus 病毒圖片?確診電腦將無法開機
https://blog.trendmicro.com.tw/?p=64121
美澳聯手警告:小心Web Shell惡意程式
https://www.ithome.com.tw/news/137211
Attackers Increasingly Using Web Shells to Create Backdoors
https://www.bankinfosecurity.com/attackers-increasingly-using-web-shells-to-create-backdoors-a-14179
Moobot Botnet Hacks Various Fiber Routers Using 0-Day Vulnerability
https://gbhackers.com/moobot-botnet/
Malicious USB Drives Infect 35,000 Computers With Crypto-Mining Botnet
https://thehackernews.com/2020/04/usb-drive-botnet-malware.html
Threat Spotlight: MedusaLocker
https://blog.talosintelligence.com/2020/04/medusalocker.html
2020-04-24 - TRAFFIC ANALYSIS EXERCISE - STEELCOFFEE
https://www.malware-traffic-analysis.net/2020/04/24/index.html
2020-04-23 - QAKBOT (QBOT) SPX103 - THE "/docs_[3 characters]/" WAVE
https://www.malware-traffic-analysis.net/2020/04/23/index.html
Botnet Designed to Mine Virtual Currency Shut Down
https://www.bankinfosecurity.com/botnet-designed-to-mine-virtual-currency-shut-down-a-14180
Grouping Linux IoT Malware Samples With Trend Micro ELF Hash
https://blog.trendmicro.com/trendlabs-security-intelligence/grouping-linux-iot-malware-samples-with-trend-micro-elf-hash/
Hackers Hit Los Angeles Suburb, Demand 100 Bitcoin Ransom
https://hotforsecurity.bitdefender.com/blog/hackers-hit-los-angeles-suburb-demand-100-bitcoin-ransom-23038.html
Nemty Ransomware Gang Shuts Down Public Gig, Announces ‘Exclusive’ Business Model
https://hotforsecurity.bitdefender.com/blog/nemty-ransomware-gang-shuts-down-public-gig-announces-exclusive-business-model-22999.html
LockBit ransomware borrows tricks to keep up with REvil and Maze
https://news.sophos.com/en-us/2020/04/24/lockbit-ransomware-borrows-tricks-to-keep-up-with-revil-and-maze/
Shade Ransomware Operation Apparently Shuts Down
https://www.bankinfosecurity.com/shade-ransomware-operation-apparently-shuts-down-a-14192
New Android Malware Steals Banking Passwords, Private Data and Keystrokes
https://thehackernews.com/2020/04/android-banking-keylogger.html
EVENTBOT: A NEW MOBILE BANKING TROJAN IS BORN
https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born
B.行動安全 / iPhone / Android /穿戴裝置 /App
社交距離App 走過留足跡
https://money.udn.com/money/story/5658/4519108
政院社交APP疫調更便利! 遭疑洩個資「暫緩」
https://bit.ly/3eV17ws
防疫兼顧隱私!政院推APP能算「與確診者的距離」
https://bit.ly/2zy6gKX
一鍵開啟手機防護,Phone Guardian 保護瀏覽隱私、保護個人資料、安全上網(Android、iOS)
https://kkplay3c.net/phone-guardian/
發布16小時 逾百萬澳人已下載疫情追蹤軟件
https://www.epochtimes.com/b5/20/4/27/n12063693.htm
【Zoom 資安風暴】台灣用戶資料歸何處? 回覆 INSIDE十問
https://www.inside.com.tw/article/19613-zoom-Abe-Smith-reply-inside-10-Q-and-A
Zoom不但涉嫌充當北京海外耳目還被指打壓國內宗教
https://bit.ly/2KxwK1j
ZOOM再傳資安問題 中國基督徒做禮拜遭公安上門抓人
https://www.epochtimes.com/b5/20/4/24/n12059105.htm
Zoom遭駭客利用!藉疫「出1招」成功竊5萬個資:別被騙了
https://www.nownews.com/news/20200428/4058290/
惡意入侵會議進行「Zoom轟炸」,疫情下新生的網絡視頻暴力,你經歷過嗎
https://theinitium.com/roundtable/20200427-roundtable-zh-international-zoombombing/
Zoom-Bombing Attack Targets U.S. Government Meeting
https://hotforsecurity.bitdefender.com/blog/zoom-bombing-attack-targets-u-s-government-meeting-23030.html
WhatsApp 表示黑客組織利用其美國伺服器進行攻擊
https://chinese.engadget.com/chinese-2020-04-27-whatsapp-says-nso-group-launched-attacks-from-us.html
下載到假的 Telegram、WhatsApp …等熱門即時通訊軟體,廣告跳不停
https://blog.trendmicro.com.tw/?p=64114
仿效蘋果、Google,德國將改用去中心式接觸追蹤App
https://www.ithome.com.tw/news/137257
推特關閉大部分國家所有簡訊發文服務
https://ithome.com.tw/news/137276
你的手機被放生了嗎?Android 安全更新「最確實」排行出爐
https://3c.ltn.com.tw/news/40237
南韓 N 號房事件反思:加密通訊軟體的隱私性、利與弊
https://www.inside.com.tw/article/19673-Telegram-sexual-abuse
犯罪集團持續兵分多路朝行動裝 置和Apple 作業系統 等其他平台邁進
https://blog.trendmicro.com.tw/?p=63966
App檢測通過名錄
https://www.mas.org.tw/app_cert_1b.php?id=1153
Facebook-NSO lawsuit: Hundreds of WhatsApp attacks linked to one IP address
https://www.zdnet.com/article/nso-lawsuit-facebook-links-hundreds-of-whatsapp-attacks-to-one-ip-address/#ftag=RSSbaffb68
FCC approves plan to open up more spectrum for Wi-Fi
https://www.zdnet.com/article/fcc-approves-plan-to-open-up-more-spectrum-for-wi-fi/#ftag=RSSbaffb68
Netgear signals big WiFi 6 upgrade cycle amid shift to remote work, telecommuting
https://www.zdnet.com/article/netgear-signals-big-wifi-6-upgrade-cycle-amid-shift-to-remote-work-telecommuting/#ftag=RSSbaffb68
Aussie Contact-Tracing App: Details Slowly Emerge
https://www.bankinfosecurity.com/aussie-contact-tracing-app-details-slowly-emerge-a-14173
How to Block the “Sindhi Text Bomb” on iOS
https://hotforsecurity.bitdefender.com/blog/how-to-block-the-sindhi-text-bomb-on-ios-23079.html
How An Image Could've Let Attackers Hack Microsoft Teams Accounts
https://thehackernews.com/2020/04/microsoft-teams-vulnerability.html
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
任天堂爆資安漏洞!坦承全球 16 萬名玩家帳號遭入侵
https://3c.ltn.com.tw/news/40210
任天堂證實:約 16 萬帳戶資訊遭駭客入侵
https://ek21.com/news/tech/192970/
任天堂在遭受大量駭客企圖攻擊後,廢除 NNID 登入
https://bit.ly/2W3jdUJ
任天堂表示近 16 萬個 Nintendo Network ID 遭到不當登入,部分受害者遭盜刷購買遊戲
https://www.twcert.org.tw/tw/cp-104-3578-60f52-1.html
4月驚傳有16萬組Switch帳號有資安漏洞…任天堂證實並提供解決方案!
https://bit.ly/2YcZ01s
MITRE ATT&CK 評測講解:參賽選手觀點
https://www.ithome.com.tw/news/137298
愛看免錢盜版影片?微軟:小心電腦遭駭客利用挖礦
https://inanews.tw/archives/181136
黃琪搞鬼!駭台大雲端總機訂口罩 法院裁定羈押禁見
https://bit.ly/3aKe35e
以COVID-19為主題的駭侵攻擊活動案例,三月較一月增三百倍以上
https://www.twcert.org.tw/tw/cp-104-3587-0825c-1.html
疫情期間風險升高!資安事件層出不窮 專家建議這樣做
https://newtalk.tw/news/view/2020-04-26/397326
全球招募!GeekPwn2020征程再起新增“新基建”安全挑戰賽
http://news.tom.com/202004/4177830733.html
〈5月報稅季來了〉防疫宅在家報稅 五招自保方法閃駭客攻擊
https://news.cnyes.com/news/id/4469227
黑客入侵官網 完美威士忌珍藏網上拍賣被迫暫停
https://hk.thevalue.com/articles/perfect-whisky-collection-online-auction-hacked
世衛組織高級官員成為網絡駭客攻擊目標
https://bit.ly/3cExuhc
中國駭客頻入侵 鎖定蔡英文及柯P病歷下手
https://bit.ly/2KJs1tq
疾管署疑遭中國駭客入侵 法務部長:即刻協助阻斷攻擊
https://news.ltn.com.tw/news/life/breakingnews/3149703
防疫五月天也破功?全球2.5萬筆電郵帳密遭駭驚見疾管署
https://www.mirrormedia.mg/story/20200427inv009/
疾管署證實駭客入侵!連3年外流68筆帳密 員工註冊網購惹禍
https://bit.ly/2KFonAX
疾管署駭客入侵?蔡清祥:速查境內或境外所為
https://money.udn.com/money/story/5648/4527889
駭客竊取疾管署人員帳密 調查局資安站全力追查
http://m.match.net.tw/pc/news/local/20200429/5297891
蔡英文總統 台北市長柯文哲病歷遭駭? 陳時中回應了
https://www.chinatimes.com/realtimenews/20200429002338-260407?ctrack=mo_main_rtime_p01&chdtv
疾管署68筆公務信箱帳密遭駭!莊人祥:外洩帳號已停用
https://times.hinet.net/news/22881113
中國駭客想竊總統病歷 蔡英文:健康資料有保護機制
https://tw.appledaily.com/politics/20200429/7VQKTOBCAC5JRKD5L6H6ADNUGA/
KPMG:拿公務帳號註冊 CDC帳密害了
https://www.chinatimes.com/realtimenews/20200429003633-260410?ctrack=mo_main_rtime_p04&chdtv
衛福部人員帳密遭駭 成調查局資安站掛牌後首要任務
https://www.ctwant.com/article/48256
台大醫院遭駭客入侵!驚傳蔡英文、柯文哲病歷資料遭鎖定
https://www.chinatimes.com/realtimenews/20200429001791-260407?ctrack=mo_main_rtime_p02&chdtv
疾管署遭駭!全球2.5萬筆電郵帳密恐外洩 調查局立案偵辦
https://money.udn.com/money/story/5648/4526621
用公務信箱逛網拍遭駭?疾管署遭駭客入侵緊急出面說明
https://times.hinet.net/news/22881058
傳中國駭客偷蔡英文、柯文哲病歷 藍委洩「內幕」爆偷錯…
https://www.setn.com/News.aspx?NewsID=734066
「他們想要偷走一切!」新冠肺炎燒出中美駭客戰 華盛頓指控中國竊取疫苗智慧財產權
https://www.storm.mg/article/2566389
美國網路攻擊激增 CNN:華府指控「中國駭客」竊取新冠肺炎研究成果
https://www.ettoday.net/news/20200426/1700577.htm?from=feature
無恥!中國駭客全面進攻美國 試圖竊取武漢肺炎研究
https://news.ltn.com.tw/news/world/breakingnews/3145990
中共爲病毒疫苗研發覬覦美國研究實驗室 黑客行爲瘋狂
https://www.soundofhope.org/post/371368?lang=b5
美國威脅更換世衛負責人、中國抗疫機構遭駭客攻擊……耿爽都回應了耿爽回應
https://ek21.com/news/business/128017/
中國大陸網信辦發布《網絡安全審查辦法》,6月1日起正式實施
https://www.freebuf.com/articles/compliance/235163.html
中國大陸《網絡安全審查辦法》要點解讀
https://www.freebuf.com/news/235177.html
中菲大外宣11萬人「倒讚」 菲律賓網友:我們不是朋友
https://bit.ly/2W1beHw
中國駭客組織再度監控維吾爾穆斯林,鎖定執行特定版本iOS裝置的族群下手
https://www.ithome.com.tw/news/137158
中國疫情期間繼續監控維吾爾人的手機通訊
https://www.voacantonese.com/a/china-still-hacking-urghur-phone-04242020/5391216.html
Hackers Targeted Chinese Agencies for COVID-19 Intel: Report
https://www.bankinfosecurity.com/hackers-targeted-chinese-agencies-for-covid-19-intel-report-a-14181
Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims
https://thehackernews.com/2020/04/iphone-zero-day-exploit.html
Chinese ‘Frontline’ COVID-19 Research Firm Reported Hacked: Data Now On Dark Web
https://www.forbes.com/sites/zakdoffman/2020/04/26/chinese-covid-19-detection-firm-just-got-hacked-data-for-sale-on-dark-web-new-report/
美企稱越南「支持駭客竊取中國疫情資訊」 越外交部否認
https://ek21.com/news/business/127954/
越南駭客對中國防疫部門發動網路攻擊?中國外交部回應
http://www.ctstvnet.com/?wid=19&id=9420&ua=pc
曝越南黑客組織對我國長達3個月的入侵,意圖竊取COVID-19相關情報
https://www.freebuf.com/news/234855.html
Shadow Broker leaked NSA files point to unknown APT group
https://nakedsecurity.sophos.com/2020/04/24/shadow-broker-leaked-nsa-files-point-to-unknown-apt-group/
WHO證實電郵遭駭 華郵:駭客鎖定全球機構犯案
https://www.ydn.com.tw/News/380959
美國FCC發通牒 有意把中國電信商逐出美國
https://ec.ltn.com.tw/article/breakingnews/3145454
南韓網路安全戰略 應對資訊威脅
https://www.ydn.com.tw/News/381634
THE LOGIC BEHIND RUSSIAN MILITARY CYBER OPERATIONS
https://www.boozallen.com/c/insight/publication/the-logic-behind-russian-military-cyber-operations.html
https://www.boozallen.com/content/dam/boozallen_site/ccg/pdf/publications/bearing-witness-uncovering-the-logic-behind-russian-military-cyber-operations-2020.pdf
美國發布俄羅斯GRU網路攻擊行動報告
https://www.freebuf.com/articles/network/232403.html
Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics
https://www.zdnet.com/article/booz-allen-analyzed-200-russian-hacking-operations-to-better-understand-their-tactics/
The Incident Response Challenge 2020 — Win $5,000 Prize!
https://thehackernews.com/2020/04/incident-response-challenge.html
RIPE opposes China's internet protocols upgrade plan
https://www.zdnet.com/article/ripe-opposes-chinas-internet-protocols-upgrade-plan/#ftag=RSSbaffb68
US, UK Authorities Crack Down on Suspicious COVID-19 Domains
https://www.bankinfosecurity.com/us-uk-authorities-crack-down-on-suspicious-covid-19-domains-a-14171
WHO Reports 'Dramatic' Increase in Attacks
https://www.bankinfosecurity.com/who-reports-dramatic-increase-in-attacks-a-14184
Python for Hacking : Python Became a language of Choice for Ethical Hacking & Cyber Security
https://ethicalhackersacademy.com/blogs/ethical-hackers-academy/python-for-hacking
Hackers are creating backdoor accounts and cookie files on WordPress sites running OneTone
https://www.zdnet.com/article/hackers-are-creating-backdoor-accounts-and-cookie-files-on-wordpress-sites-running-onetone/#ftag=RSSbaffb68
FL-【金控】雲端資安工程師
https://www.cakeresume.com/companies/recruit-express-taiwan-466cac/jobs/fl-gold-control-cloud-security-engineer
【資安所】網駭科技研析中心-資安工讀
https://www.104.com.tw/job/6i1l7?jobsource=jolist_c_relevance
【資安所】網駭科技研析中心-5G資安研發工程師
https://www.104.com.tw/job/6v9cz?jobsource=jolist_c_relevance
【資安所】網駭科技研析中心-工控OT資安研發工程師
https://www.104.com.tw/job/6v9d6?jobsource=jolist_c_relevance
【資安所】網駭科技研析中心-晶片IC資安研發工程師
https://www.104.com.tw/job/6v9dd?jobsource=jolist_c_relevance
資訊安全暨隱私保護實習顧問
https://www.104.com.tw/job/6xlp2
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
大量駭客利用偽造 Netflix 與 Disney+ 登入頁面竊取用戶個資
https://hypebeast.com/zh/2020/4/hackers-creating-fake-netflix-disney-plus-pages
Google:每天逾2.4億則垃圾訊息 5大惡招愛注意
https://tw.appledaily.com/gadget/20200425/V4IEA7P7F6GSORB5SA3B2GMTNI/
Google提醒強化資安觀念 提防各種以疫情為主的詐騙
https://bit.ly/2Y4hTU1
武漢肺炎相關惡意程式與釣魚威脅猖獗,Google 提出強化防護機制與建議
https://www.kocpc.com.tw/archives/318880
WHO電郵遭駭 假募款詐騙暴增5倍
https://bit.ly/3cJGAZS
駭客散布勒索恐嚇郵件詐騙使用者
https://www.twcert.org.tw/tw/cp-104-3568-0207d-1.html
小心網路釣魚!資安專家:駭客最常假冒蘋果、Netflix和雅虎
https://newtalk.tw/news/view/2020-04-24/396547
不小心點了釣魚包裹簡訊 台中女子遭盜刷7萬
https://bit.ly/2SaTpEK
涉以「網戀」行騙 司警拘3男女檢380萬元
https://hk.on.cc/hk/bkn/cnt/news/20200430/bkn-20200430123026422-0430_00822_001.html
隱私和健康哪個重要?歐盟擬用數位足跡追蹤新冠病毒
https://cnews.com.tw/137200425a03/
網路釣魚報告:蘋果用戶是犯罪者眼中的最多汁的肥羊
https://saydigi-tech.com/2020/04/22020.html
2.67億Facebook用戶信息以500英鎊在暗網出售
https://www.freebuf.com/news/234439.html
兩億六千七百萬組 Facebook 用戶資訊,在暗網上待價而沽
https://www.twcert.org.tw/tw/cp-104-3584-f694e-1.html
暗網流行數據報告,個人數據只值1美元
https://www.freebuf.com/articles/neopoints/234317.html
假資遣,真釣魚!駭客假借人資發 Zoom 會議連結,登入個資就外洩
https://www.inside.com.tw/article/19637-zoom-phishing-email-hack-coronavirus-unemployment
401(k)退休帳戶遇駭 存款8萬元慘剩8000元
https://bit.ly/2VGllmi
歐盟批中共隱匿還以假訊息誣台 竟被施壓刪報告
https://bit.ly/2SbV0Ks
路報稅小白最易被「網路詐騙」 專家教你5招自保
https://www.ettoday.net/news/20200428/1701665.htm
地下錢莊假冒政府紓困名義攬客 龔明鑫也都收到借錢簡訊
https://ec.ltn.com.tw/article/breakingnews/3143668
偽造視訊會議邀請連結釣魚情事頻傳,收到信件時請張大眼睛看清楚
https://www.kocpc.com.tw/archives/319625
抓準疫情恐慌心理 專家:恐出現報稅釣魚郵件
https://news.tvbs.com.tw/life/1315941
美女空姐網紅IG遭駭入侵 匯款還要脅裸照…崩潰72小時
https://www.setn.com/News.aspx?NewsID=734892
簡訊通知包裹被退 有詐!網址勿點入
https://news.ltn.com.tw/news/society/breakingnews/3150123
< 資安報告>假的「404 Not Found」頁面等四個網路釣魚新手法
https://blog.trendmicro.com.tw/?p=63975
臺灣學術網路個資外洩事件之預防與應變指南V2
https://cert.tanet.edu.tw/prog/opendoc.php?id=2020042801041515533659691159823.pdf
Latest Phishing Campaigns Spoof Federal Reserve, SBA
https://www.bankinfosecurity.com/latest-phishing-campaigns-spoof-federal-reserve-sba-a-14188
Around 25,000 Email Addresses and Passwords Belonging to NIH, WHO, World Bank and Others Posted Online
https://www.ehackingnews.com/2020/04/around-25000-email-addresses-and.html
Email Credentials of WHO, The Gates Foundation, Other Leaked Online
https://hotforsecurity.bitdefender.com/blog/email-credentials-of-who-the-gates-foundation-other-leaked-online-23064.html
Neo-Nazis post 'hacked emails from WHO' and others amid coronavirus pandemic
https://www.thenational.ae/world/neo-nazis-post-hacked-emails-from-who-and-others-amid-coronavirus-pandemic-1.1009670
Enterprises are getting more high-risk calls as fraudsters exploit COVID-19
https://www.zdnet.com/article/enterprises-are-getting-more-high-risk-calls-as-fraudsters-exploit-covid-19/#ftag=RSSbaffb68
Canadian Authorities Email Private Details of 247 MS Zaandam Cruise Passengers
https://hotforsecurity.bitdefender.com/blog/canadian-authorities-email-private-details-of-247-ms-zaandam-cruise-passengers-23010.html
Wappalyzer reveals data breach after hacker disclosed incident to customers
https://hotforsecurity.bitdefender.com/blog/wappalyzer-reveals-data-breach-after-hacker-disclosed-incident-to-customers-23006.html
Hackers threaten to leak data from high-end architecture firm Zaha Hadid
https://www.zdnet.com/article/hackers-threaten-to-leak-data-from-high-end-architecture-firm-zaha-hadid/#ftag=RSSbaffb68
Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies
https://thehackernews.com/2020/04/targeted-phishing-attacks-successfully.html
E.研究報告
APT28攻擊活動分析報告
https://www.freebuf.com/articles/network/231640.html
APT41多入侵網絡攻擊分析
https://www.freebuf.com/articles/network/231801.html
什麼是 MITRE 評測?如何閱讀看待它的結果
https://blog.trendmicro.com.tw/?p=64146
慎防遠端存取服務攻擊
https://www.hkcert.org/my_url/zh/blog/20042801
路由抓包的種種姿勢
https://www.freebuf.com/articles/network/232048.html
個案分析-SMB暴力破解密碼攻擊事件分析報告_10903
https://cert.tanet.edu.tw/prog/opendoc.php?id=2020033110035454604665848435897.pdf
遠控免殺從入門到實踐之白名單(113個)總結篇
https://www.freebuf.com/articles/system/232074.html
紅藍對抗場景下的二三事
https://www.freebuf.com/vuls/232185.html
Nginx服務漏洞詳解
https://zhuanlan.zhihu.com/p/136801555
VMware 虛擬機最新高危敏感信息泄露漏洞分析(CVE-2020-3952)
https://www.chainnews.com/zh-hant/articles/713821082130.htm
Cisco IP電話被發現RCE漏洞
https://www.4hou.com/index.php/posts/NpDz
Rocke Group團伙新挖礦病毒變種分析
https://www.freebuf.com/articles/system/232412.html
COVID-19攻擊手段與數據分析
https://www.freebuf.com/articles/network/234843.html
TEA:一款基於TAS框架的SSH客戶端蠕蟲
https://www.freebuf.com/articles/network/231963.html
Pulsar:一款功能強大的可視化網絡足跡掃描平台
https://www.freebuf.com/articles/network/232520.html
實戰中如何繞過殺軟用mimikatz獲取賬號密碼
https://www.freebuf.com/articles/web/232534.html
關於MciroPython的智慧農業檢測控制系統
https://www.freebuf.com/geek/196892.html
CNCERT發布《2019年我國互聯網網絡安全態勢綜述》
https://www.freebuf.com/articles/paper/234421.html
Web Application核心防禦機制記要
https://www.freebuf.com/articles/web/232186.html
Unicode同形字符域漏洞
https://www.freebuf.com/vuls/229446.html
Pentest-Tools-Framework:一款專為滲透測試初學者設計的強大框架
https://www.freebuf.com/sectool/231606.html
DRAMDig:最快69秒逆向觸發Rowhammer攻擊的DRAM地址映射
https://www.freebuf.com/articles/system/234605.html
惠普電腦預裝軟件多個高危漏洞深入分析
https://www.anquanke.com/post/id/203238
Jeopardize:一款針對釣魚域名的低功耗威脅情報&響應工具
https://www.freebuf.com/sectool/231977.html
HACKUSB內測版本評測:年輕人的第一條黑客數據線
https://www.freebuf.com/articles/terminal/232552.html
SOC日誌可視化工具:SOC Sankey Generator
https://www.freebuf.com/sectool/231106.html
Zelos:一款功能強大的代碼模擬和測試平台
https://www.freebuf.com/articles/system/231609.html
針對電子商務的組織Magecart又研發了新的攻擊工具
https://www.freebuf.com/articles/database/227997.html
使用FakeNet-NG改進動態惡意軟件分析
https://www.freebuf.com/articles/others-articles/232557.html
域控管理員帳戶架構擴展
https://www.freebuf.com/articles/es/230271.html
俄羅斯Rostelecom劫持事件,BGP安全不止於此
https://www.freebuf.com/articles/network/233075.html
shuffleDNS:一款基於主動爆破的子域名枚舉工具
https://www.freebuf.com/sectool/231959.html
一個例子引出的PLT與GOT姐妹花
https://www.freebuf.com/articles/others-articles/232329.html
Kernel Hack實戰:修改並編譯手機內核源碼對抗反調試
https://www.freebuf.com/articles/terminal/229624.html
XXExploiter:一款功能強大的XXE漏洞掃描與利用工具
https://www.freebuf.com/sectool/231978.html
挖洞經驗| HackerOne用戶頭像名稱變化導致的DoS漏洞
https://www.freebuf.com/vuls/232237.html
關於Network Discovery的一些思考
https://www.freebuf.com/sectool/226489.html
挖洞經驗| 以未授權方式查看特斯拉未公開車型Model Y參數數據
https://www.freebuf.com/vuls/228004.html
記一次域控服務器應急
https://www.freebuf.com/articles/system/231947.html
Burpy:連接你的BurpSuite和Python
https://www.freebuf.com/sectool/231825.html
Gospider:一款基於Go語言的快速Web爬蟲
https://www.freebuf.com/sectool/232276.html
技術討論| Largebin攻擊突破利用分析
https://www.freebuf.com/articles/system/232676.html
流量分析在安全攻防上的探索實踐
https://security.tencent.com/index.php/blog/msg/148
攻擊者利用漏洞攻擊Edimax WiFi橋接器,綠盟威脅情報中心已支持相關檢測
https://www.nsfocus.com.cn/html/2020/21_0427/439.html
PHP文件包含漏洞利用思路與Bypass總結手冊(一)
https://www.freebuf.com/column/235054.html
PHP文件包含漏洞利用思路與Bypass總結手冊(二)
https://www.freebuf.com/column/235437.html
內核漏洞分析9.5 CVE-2011-2005 Winodws Afd.sys本地提權漏洞
https://book.douban.com/annotation/94806565/
PHP imap_open函数任意命令执行漏洞
https://www.weibo.com/ttarticle/p/show?id=2309404480613032788217
Liferay門戶Java反序列化進攻分析
https://www.freebuf.com/vuls/233296.html
利用Mojo IPC的UAF漏洞實現Chrome瀏覽器沙箱逃逸
https://www.anquanke.com/post/id/203834
零知識證明 - Trapdoor 團隊發現 PoREP 嚴重漏洞
https://www.chainnews.com/zh-hant/articles/240648383767.htm
xShock:一款針對Shellshock漏洞的利用工具
https://www.freebuf.com/sectool/232277.html
2019年天府杯上的Adobe Reader RCE突破利用鏈分析
https://www.chainnews.com/zh-hant/articles/467054959914.htm
Stomping Shadow Copies - A Second Look Into Deletion Methods
https://www.fortinet.com/blog/threat-research/stomping-shadow-copies-a-second-look-into-deletion-methods.html
Root me — Cisco Password Write-up
https://medium.com/blacksecurity/root-me-cisco-password-decrypt-write-up-3b4beb890a76
IR Case: The Florentine Banker Group
https://research.checkpoint.com/2020/ir-case-the-florentine-banker-group/
Attacking smart cards in active directory
https://sensepost.com/blog/2020/attacking-smart-cards-in-active-directory/
Uncovering New Magecart Implant Attacking eCommerce
https://marcoramilli.com/2020/02/19/uncovering-new-magecart-implant-attacking-ecommerce/
Bypass OTP using http header.
https://medium.com/@rapidsafeguard/bypass-otp-using-http-header-a579ace73ed2
PICC Your Battles: Securing Emergency Field Hospitals and Temporary Medical Spaces
https://www.fireeye.com/blog/executive-perspective/2020/04/securing-emergency-field-hospitals-and-temporary-medical-spaces.html
Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining
https://newsroom.trendmicro.com/node/4830
Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining
https://newsroom.trendmicro.com/node/4831
GitHub hit with multiple back-to-back outages
https://www.zdnet.com/article/github-hit-with-multiple-back-to-back-outages/#ftag=RSSbaffb68
Abusing COM objects
https://0xpat.github.io/Abusing_COM_Objects/
Demystifying the Signal Protocol for End-to-End Encryption (E2EE)
https://medium.com/@justinomora/demystifying-the-signal-protocol-for-end-to-end-encryption-e2ee-ad6a567e6cb4
Hunting for credentials and building a credential type reference catalog
https://wunderwuzzi23.github.io/blog/posts/2020/hunting-for-credentials/
Pypykatz - Mimikatz implementation in pure Python
https://hakin9.org/pypykatz-mimikatz-implementation-in-pure-python/
Impulse : Denial-of-service ToolKit
https://kalilinuxtutorials.com/impulse/
OptOut – Compiler Undefined Behavior Optimizations
https://research.checkpoint.com/2020/optout-compiler-undefined-behavior-optimizations/
Let’s break into Payment Gateways
https://medium.com/bugbountywriteup/lets-break-into-payment-gateways-fc52523eeaca
Hacking Android Remotely (WAN) using Kali Linux
https://medium.com/@ehackingdotnet/hacking-android-remotely-wan-using-kali-linux-6c18fe6d9d9
Reverse Engineering Linux
http://index-of.es/Miscellanous/LIVRES/anti-reverse-engineering-linux.pdf
Android IPC: Part 1 - Introduction
https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=46
emojidb_plaidctf2020 Emojidb (pwn)
https://saaramar.github.io/emojidb_plaidctf2020/
Exploiting GlobalProtect for Privilege Escalation, Part One: Windows
https://www.crowdstrike.com/blog/exploiting-escalation-of-privileges-via-globalprotect-part-1/
What is old is new again: The Relay Attack
https://www.secureauth.com/blog/what-old-new-again-relay-attack
FUD Android Payload and Listener
https://github.com/thelinuxchoice/getdroid
PoC 2019-2215 exploit for S8/S8 active with DAC + SELinux + Knox/RKP bypass
https://github.com/chompie1337/s8_2019_2215_poc
Open-AudIT v3.3.1 Remote Command Execution (CVE-2020-12078)
https://shells.systems/open-audit-v3-3-1-remote-command-execution-cve-2020-12078/
Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims
https://github.com/mandatoryprogrammer/CursedChrome
A Bootable Flash Drive to Extract Encrypted Volume Keys, Break Full-Disk Encryption
https://blog.elcomsoft.com/2019/04/a-bootable-flash-drive-to-extract-encrypted-volume-keys-break-full-disk-encryption/
Turning the Pages:Introduction to Memory Paging on Windows 10 x64
https://connormcgarr.github.io/paging/
Honeysploit: Exploiting the Exploiters
https://medium.com/@curtbraz/exploiting-the-exploiters-46fd0d620fd8
Patchguard: Detection Of Hypervisor Based Introspection [P1]
https://revers.engineering/patchguard-detection-of-hypervisor-based-instrospection-p1/
Patchguard: Detection Of Hypervisor Based Introspection [P2]
https://revers.engineering/patchguard-detection-of-hypervisor-based-instrospection-p2/
Automatic Enumeration Tool based in Open Source tools
https://github.com/carlospolop/legion
SMB2 Session Prediction & Consequences
https://www.rumble.run/2020/03/smb2-session-prediction-consequences/
Polypyus Firmware Historian
https://github.com/seemoo-lab/polypyus
Joystick ATT&CK Evaluations tool
https://github.com/mitre-attack/joystick
Damn Vulnerable WordPress
https://github.com/vavkamil/dvwp
Content-Security-Policy (CSP) Bypass Techniques
https://medium.com/bugbountywriteup/content-security-policy-csp-bypass-techniques-e3fa475bfe5d
Pwning Adobe Reader Multiple Times with Malformed Strings
https://bit.ly/3cU3jmj
Awesome-Hacking-Resources
https://github.com/vitalysim/Awesome-Hacking-Resources
Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics
https://thehackernews.com/2020/04/deanonymize-device-biometrics.html
SysmonSearch v2.0 Released
https://blogs.jpcert.or.jp/en/2020/04/sysmonsearch-v20-released.html
F.商業
資安業者Malwarebytes進入VPN市場
https://www.ithome.com.tw/news/137212
MITRE ATT&CK公布第二輪評估計畫結果,臺灣有兩家資安公司名列其中
https://www.ithome.com.tw/news/137221
資誠提供COVID-19遠距診斷數位工具 助企業評估疫情影響
https://times.hinet.net/news/22874802
GreyNoise發表免費的裝置遭駭通知服務
https://www.ithome.com.tw/news/137228
訴求「隱私」 小米再推新品牌
https://bit.ly/2KAWEBf
台港第1家!中華電通過AWS IoT能力認證
https://ec.ltn.com.tw/amp/article/breakingnews/3147643
甲骨文拿下Zoom公有雲合約
https://www.ithome.com.tw/news/137275
微軟Office 2010終止服務倒數計時 快準備超前部署
https://www.chinatimes.com/realtimenews/20200430003165-260412?chdtv
老字號 IT 網管監控神器 大秀自動流程與智慧分析
http://www.netadmin.com.tw/netadmin/zh-tw/snapshot/93B651A90E3E4A18A9CDAF515AF72106
Ubuntu 20.04 LTS開放下載,4月29日還有線上派對
https://www.techbang.com/posts/78056-ubuntu-2004-lts-open-download-online-party-on-april-29
Ubuntu 20.04 arrives with Linux 5.4 kernel and WireGuard VPN
https://www.zdnet.com/article/ubuntu-20-04-arrives-with-linux-5-4-kernel-and-wireguard-vpn/#ftag=RSSbaffb68
Getting ATT&CKed By A Cozy Bear And Being Really Happy About It: What MITRE Evaluations Are, and How To Read Them
https://blog.trendmicro.com/mitre-evaluation2020/
MITRE Round 2 Results Solidify Cortex XDR as a Leader in EDR
https://blog.paloaltonetworks.com/2020/04/cortex-mitre/
G.政府
7成假訊息來自中! 「資安站」國安級打假
http://www.nexttv.com.tw/NextTV/News/Home/Politics/2020-04-24/158799.html
調查局資安工作站揭牌 打擊網路犯罪添利器
https://bit.ly/2x5YDdR
調查局「資安工作站」揭牌 蔡英文:查緝網路犯罪就是維護台灣民主自由
https://www.storm.mg/article/2560013
打擊資安犯罪 強化反制護國安
https://www.ydn.com.tw/News/381632
殭屍網路Necurs無需連線C&C伺服器,微軟揭露追蹤異常IP位址通報調查局經過
https://www.ithome.com.tw/news/137295
蔡英文出席調查局資安工作站揭牌儀式
https://www.chinatimes.com/realtimenews/20200424001678-260407?chdtv
調查局資安工作站揭牌 蔡英文:強化民主防衛機制
https://udn.com/news/story/7321/4515788?from=udn-catelistnews_ch2
疫情期間駭客攻擊增!疫苗開發不來就用偷的、調查局攜手微軟查獲40萬殭屍網路
https://cnews.com.tw/137200421a02/
蔡英文批假訊息擾防疫 調查局握1500件情資
https://tw.appledaily.com/local/20200424/TORD6NMQYMN47XPNNHPQZFRQAA/
阻中國假訊息散播 調查局:請社群媒體下架帳號
https://m.ltn.com.tw/news/society/breakingnews/3144312
百位學者連署反對!一文解析數位身分證的 4 個資安疑慮
https://buzzorange.com/techorange/2020/04/24/anti-digital-identification-card/
學者指10月換數位身分證有變數 官員:受疫情影響
https://www.cna.com.tw/news/aipl/202004250211.aspx
從新版數位身分證,看資安與國安危機
https://talk.ltn.com.tw/article/breakingnews/3145982
資訊專家李忠憲召喚唐鳳成功 10月發晶片身分證有變數
https://newtalk.tw/news/view/2020-04-25/397285
數位身分證延後換發 內政部:安全如軍事機密
https://www.epochtimes.com/b5/20/4/27/n12064768.htm
李貴敏:數位身分證資安疑慮多 引爆竊取身分危機
https://times.hinet.net/news/22879526
內政部為New eID數位身分證急祭「軍事機密」怕燒到誰
https://www.peoplenews.tw/news/4ce50303-9e4f-479e-bdcc-43aedf0ad881
有關駭客入侵竊取公務信箱帳密一事,經查非直接從疾管署系統中外洩
https://www.mohw.gov.tw/cp-16-52972-1.html
驚傳遭駭客入侵多筆資料曝光 疾管署最新說明
https://www.ftvnews.com.tw/news/detail/2020429W0019
109年度資訊安全管理系統(ISMS)認證維護暨資安顧問委外服務
https://www.iot.gov.tw/cp-23-201207-4010b-1.html
邱國正:嚴密監控妨礙國家安全訊息
https://www.ydn.com.tw/News/381612
1968App人潮示警優化 行政院指示成立戰情室掌握
https://www.rti.org.tw/news/view/id/2062210
一張圖表看懂大同承攬政府重要機密系統
https://tw.news.appledaily.com/politics/20200501/OCV5YBT6O7NK6MKXAYQORPRNUY/
關貿報稅系統鋼鐵部隊 口罩、報稅服務一把罩
https://money.udn.com/money/story/5635/4533021
H.工控系統/SCADA/ICS
西門子S7系列中間人攻擊:流量劫持和轉發(一)
https://www.freebuf.com/articles/ics-articles/231701.html
ABB分佈式控制系統存在漏洞黑客可藉此破壞工業系統
https://www.easyaq.com/news/2147307785.shtml
JVNVU#97783982 LCDS 製 LAquis SCADA に複数の脆弱性
https://jvn.jp/vu/JVNVU97783982/
Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution
https://packetstormsecurity.com/files/157383/ZSL-2020-5565.txt
I.教育訓練
網站滲透學習之漏洞環境搭建
https://zhuanlan.zhihu.com/p/136753209
Fun With Malware
https://www.youtube.com/watch?v=RGmZiCe9Mk8&list=PLwIrvBOwo9FYjuLcX-_g-VotrY5cfpBBd
Malware development part 1
https://0xpat.github.io/Malware_development_part_1/
Malware development part 2
https://0xpat.github.io/Malware_development_part_2/
Malware development part 3
https://0xpat.github.io/Malware_development_part_3/
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
你的車子其實不安全?兩大車款爆資安漏洞 用戶個資遭竊、陌生人入侵系統
https://bit.ly/2KCTNb7
Boston Dynamics gives hospital robot tech to the open source community
https://www.zdnet.com/article/boston-dynamics-gives-hospital-robot-tech-to-the-open-source-community/#ftag=RSSbaffb68
6.近期資安活動及研討會
SDN x Cloud Native Meetup - Webinar 海外篇 #2 5/2
https://www.meetup.com/CloudNative-Taiwan/events/269994432/
人工智慧拼資安升級實作班 5/4
https://www.iiiedu.org.tw/courses/msa376t2001/
Wi-Fi 6 進場的時間到了嗎 5/5
https://seminar.ithome.com.tw/live/extreme2020/index.html?utm_source=iThome&utm_medium=seminar
Study Group - Clean Coder 5/7
https://www.meetup.com/Women-Who-Code-Taipei/events/jlmfprybchbkb/
CISSP 資訊安全認證課程 5/7 ~ 7/4
https://www.accupass.com/event/2002130410356136663450
2020 Quantum系列再進化,全產品隆重上市與安全銷售包裝說明 5/12
https://bit.ly/2VzDodV
Web Application 威脅、弱點、防護及縱深防禦實戰班(第5期)5/12、5/19、5/26
http://service.tabf.org.tw/tw/user/409646/
Open Source 有哪些漏洞 5/13
http://reg.gss.com.tw/register/register.aspx?actid=706
Study Group - Clean Coder 5/14
https://www.meetup.com/Women-Who-Code-Taipei/events/jlmfprybchbsb/
109年資安職能訓練(5/15開放報名)
https://ctts.nccst.nat.gov.tw/NewsDetail/105
【零壹解決方案日】IT無疆界 企業營運不中斷 / 三大應用 八場直播 玩體驗 5/14 ~ 6/30
https://www.accupass.com/event/2004200112131299616148
交通大學駭客書院 - 基礎網站安全建構實務 5/16
https://hackercollege.nctu.edu.tw/?p=1151
ISO/IEC 27001:2013 資訊安全稽核師(主導稽核員)訓練課程 5/16 ~ 6/5
https://www.accupass.com/event/2002140726181428485387
中山大學資安社 - Forensic(一) 5/20
https://nsysuisc.kktix.cc/events/2020forensic1
Study Group - Clean Coder 5/21
https://www.meetup.com/Women-Who-Code-Taipei/events/jlmfprybchbcc/
RASP 應用程式的最後一道防護 5/22
http://reg.gss.com.tw/register/register.aspx?actid=707
交通大學駭客書院 - 電子郵件之偽造攻擊與防護措施 5/23
https://hackercollege.nctu.edu.tw/?p=1156
大智雲集- 雲端安全管理機制(SmartCloud)與AI驅動威脅防護引擎 5/26
https://bit.ly/2VzDodV
Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/
交通大學駭客書院 - 進階網頁滲透測試 5/30
https://hackercollege.nctu.edu.tw/?p=1159
榮耀資戰 – 重裝上陣 5/30
https://zyxel-foundation.kktix.cc/events/cyberthrones2020
109年智能物聯網與資訊安全碩士學分班 5/30 ~ 8/8
https://www.accupass.com/event/2003160837472127685300
Java Spring安全程式開發實務班 6/2 ~ 6/3
https://www.iiiedu.org.tw/courses/msa466t2001/
邊緣計算系統之大數據與深度學習應用 6/5
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index
Excel對人資假勤及薪資管理分析報表實務班 6/9
https://www.accupass.com/event/2003310137088658330050
透過零信任防護策略因應數位轉型對企業雲應用與IoT安全挑戰 6/9
https://bit.ly/2VzDodV
交通大學駭客書院 - 高階網頁滲透測試 6/13 6/20
https://hackercollege.nctu.edu.tw/?p=1161
CREST CPSA BootCamp 資安分析專家認證課程 6/15 ~ 6/19
https://www.ainetwork-training.com/product/crest-cpsa-bootcamp/
惡意程式偵測、分析、防護實戰班(第3期) 6/16
http://service.tabf.org.tw/tw/user/409646/
ISACA® 國際資訊安全管理師 CISM 認證課程 6/16 ~ 6/19
https://www.accupass.com/event/2004140928122685616880
設計新興雲端安全防護架構: Container & Serverless Security安全藍圖 6/23
https://bit.ly/2VzDodV
交通大學駭客書院 - 企業網域控管-Active Directory攻擊與防禦 6/27
https://hackercollege.nctu.edu.tw/?p=1164
CompTIA Security+ 國際網路資安認證班 7/4 ~ 7/12
https://www.iiiedu.org.tw/courses/msa293t2002/
數據分析與機器學習案例實務(三)影像分類技術 7/20
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3897&from_course_list_url=course_index
CYBERSEC 2020 臺灣資安大會 8/12
https://cyber.ithome.com.tw/
認證系統安全從業人員 SSCP 輔導班 9/5 ~ 9/13
https://www.iiiedu.org.tw/courses/asq902t2001/
邊緣計算系統之大數據與深度學習應用 9/11
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3895&from_course_list_url=course_index
數據分析與機器學習案例實務(四)應用實例 9/14
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3898&from_course_list_url=course_index
沒有留言:
張貼留言