跳到主要內容

資安事件新聞週報 2020/5/25 ~ 2020/5/29


資安事件新聞週報 2020/5/25  ~  2020/5/29

1.重大弱點漏洞/後門/Exploit/Zero Day
針對8萬個應用程式的調查發現,有7成程式含有開源漏洞
https://www.ithome.com.tw/news/137846

美國安局警告,俄羅斯駭客正在開採Exim漏洞
https://www.ithome.com.tw/news/137947

STATE OF SOFTWARE SECURITY Open Source Edition
https://www.veracode.com/sites/default/files/pdf/resources/reports/state-of-software-security-open-source-edition-veracode-report.pdf

多種DNS解析程序被發現漏洞允許攻擊者發動拒絕服務攻擊
https://www.cnbeta.com/articles/tech/982263.htm

一個新的 DNS 安全漏洞被曝出,可引發大規模的 DDoS“轟炸
https://www.chainnews.com/zh-hant/articles/855208189865.htm

NXNSAttack:DNS協議安全漏洞通告
https://www.anquanke.com/post/id/207004

研究人員發現DNS查詢遞迴漏洞,影響多數DNS伺服器,企業應儘速採取修補作業
https://www.ithome.com.tw/news/137777

Microsoft Warns of Vulnerability Affecting Windows DNS Server
https://www.darkreading.com/threat-intelligence/microsoft-warns-of-vulnerability-affecting-windows-dns-server/d/d-id/1337872

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks
https://thehackernews.com/2020/05/dns-server-ddos-attack.html

Fortinet FortiClient 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9291

駭客企圖開採已修補的Sophos防火牆漏洞來散布勒索軟體
https://www.ithome.com.tw/news/137809

Hackers are exploiting a Sophos firewall zero-day
https://www.zdnet.com/article/hackers-are-exploiting-a-sophos-firewall-zero-day/

電郵爆資安漏洞?被陌生人看光…無須認證就能檢閱信件內容
https://bit.ly/2ZwpKKG

微軟承認KB4556799可能導致電腦無法連網
https://www.ithome.com.tw/news/137841

Google 自曝:Chrome 70% 重大資安漏洞都出在記憶體問題
https://www.inside.com.tw/article/19888-chrome-70-of-all-security-bugs-are-memory-safety-issues

谷歌工程師:七成 Chrome 安全漏洞是內存安全問題
https://www.chainnews.com/zh-hant/articles/440974045452.htm

Cisco Unified Contact Center Express反序列化代碼執行(CVE-2020-3280)
http://blog.nsfocus.net/cisco-unified-ccx-cve-2020-3280-0522/

Adobe 推出修補程式,以解決 Adobe Character Animator 中的遠端程式碼執行漏洞
https://www.twcert.org.tw/tw/cp-104-3629-e0fab-1.html

QNAP NAS設備存在安全漏洞(CVE-2019-7192、CVE-2019-7193、CVE-2019-7194及CVE-2019-7195)
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1124

Security Advisory for Vulnerabilities in QTS and Photo Station
https://www.qnap.com/zh-tw/security-advisory/nas-201911-25

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers
https://thehackernews.com/2020/05/hacking-bluetooth-vulnerability.html

Chrome 83: Enhanced Safe Browsing, Secure DNS, a Safety Check
https://www.helpnetsecurity.com/2020/05/20/chrome-83-security-features/

D-Link DAP-1360 CVE-2019-18666
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-18666

MariaDB Connector/C CVE-2020-13249
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-13249

NOKIA VitalSuite SPM 2020 SQL Injection
https://packetstormsecurity.com/files/157851/nokiavsspm2020-sql.txt

蘋果產品多個漏洞
https://support.apple.com/en-hk/HT201222

雲安全提醒:Docker for windows 版本出現遠程控制漏洞
https://news.sina.com.tw/article/20200528/35307222.html

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
三道防火牆 金融交易更安全
https://money.udn.com/money/story/9740/4583943

俄羅斯證券交易所暫停股市交易,英媒:系軟體故障
https://news.sina.com.tw/article/20200508/35103922.html

包商銀行接管後續:蒙商銀行、徽商銀行四家分行5月25日正式營業
https://finance.sina.com.cn/roll/2020-05-22/doc-iirczymk3041476.shtml

金管會下半年施政重點 電支電票整併、新財管方案等5大項
https://ec.ltn.com.tw/article/breakingnews/3177076

金管會新主委預告3個月內揭6大金融方案,將訂Fintech藍圖和金融資安整體規畫,開放銀行第二階段則Q3上路
https://www.ithome.com.tw/news/137863

承諾3月內提6大金融長治久安措施 黃天牧:資安行動方案3年內要超前部署
https://fountmedia.io/article/58999

強化金融防駭 金管會推資安行動方案
https://ec.ltn.com.tw/article/paper/1375352

金管會新主委預告3個月內揭6大金融方案,將訂Fintech藍圖和金融資安整體規畫,開放銀行第二階段則Q3上路
https://www.ithome.com.tw/news/137863

回顧支付戰爭史|1970s Visa 的普及化進程,竟與數位貨幣驚人相似
https://blocktempo.com/there-are-parallels-between-70s-visa-and-modern-crypto/

網路報稅小心資安外洩 這動作很重要
https://tw.appledaily.com/gadget/20200526/Q77F4LNZ7SFDJKKFKGKFVYW76A/

國泰世華導入FIDO資安標準 強化行動銀行防護規格
https://pchome.megatime.com.tw/news/cat3/20200526/15904645415924227003.html

行庫動態:國泰世華銀全面升級行動銀行資安規格,導入FIDO國際級標準
https://bit.ly/2X6Df2d

獨家揭秘上海版偷天陷阱 央行電票系統"開出"20億假匯票
https://news.sina.com.tw/article/20200526/35274154.html

國防設備、網路銀行搶人才
https://bit.ly/3c7s0e0

金管會:未來黑天鵝、灰犀牛會更頻繁出現
https://www.chinatimes.com/realtimenews/20200526004061-260410?ctrack=mo_main_rtime_p02&chdtv

業者不等了 開放銀行邁向第二階段
https://m.ctee.com.tw/livenews/aj/a83205002020052621144171

數位男女網路報稅「情境」開箱 2大壞習慣你中了嗎
https://www.setn.com/News.aspx?NewsID=750930

純網銀下半年開業 調查:逾6成民眾有開戶意願
https://udn.com/news/story/7239/4594051

《金融股》國票金法說 魏啟林:樂天純網銀估H2開業
https://bit.ly/36EE4m0

樂天拚台灣首家純網銀!展開30天模擬營運、9月正式開業
https://www.bnext.com.tw/article/57881/rakuten--online-banking-open

卡片領錢慘遭「剖半」 只剩背面不出鈔超傻眼
https://tw.appledaily.com/life/20200529/JA3IHMBOUGKRTO2UYR6KKQULUU/

避免卡片毀損 專家建議做到這三件事
https://tw.appledaily.com/life/20200529/HDX4XOZA2AKW4C5AA2NHBSUFQE/

Visa:純網銀開戶意願逾六成
https://ctee.com.tw/news/finance/275893.html

純網銀認知度達7成2 民眾不信任開放銀行
https://www.cardu.com.tw/news/detail.php?40770

開放銀行第二階段Q3上路,18支消費者資訊開放API和規範細節終於公開
https://www.ithome.com.tw/news/137909

The Bank of America is the latest victim of a data breach
https://www.hackread.com/the-bank-of-america-victim-of-data-breach/

NOTICE OF DATA BREACH
https://oag.ca.gov/system/files/2020-3523_Privacy_Notification_Final_Template%20%28P%29.pdf

銀行招考【合作金庫】─招考時間、名額與科目
https://www.ckpublic.com.tw/tnck/ckopsp-courses-E20200528005

2020菁英人才招募01~AI應用專案管理/雲端系統/SDN網路規劃/資安/系統分析與開發
https://www.cakeresume.com/companies/cht-career/jobs/6b44f1

3.電子支付/電子票證/行動支付/ pay/新聞及資安
統合商家力量 金門金沙鎮數位支付升級說明會
https://times.hinet.net/news/22912964

龍運巴士周日推電子支付系統 支援信用卡Apple Pay等
https://bit.ly/3d43608

報告:柬埔寨央行CBDC支付系統使用Iroha,或因後者專注於移動端
http://bc.jrj.com.cn/2020/05/22105029738631.shtml

金管會下半年施政重點 電支電票整併、新財管方案等5大項
https://inanews.tw/archives/196315

4.虛擬貨幣/區塊鍊/數位貨幣/相關新聞及資安
學術報告指出:99% 的 Zcash 交易可追蹤,因用戶不了解匿名幣交易機制
https://www.blocktempo.com/annonymous-zcash-monero-privacy-crypto-transaction-research-report/

CoinGate將AVA代幣加入其支付系統
http://bc.jrj.com.cn/2020/05/22065529736120.shtml

上任後有意放寬STO法規?金管會主委黃天牧:將擇日統一與業者進行溝通
https://life.tw/?app=view&no=1082876

習近平簽署主席令公布中國首部《民法典》,虛擬貨幣納入遺產繼承範圍
https://www.blocktempo.com/npc-cppcc-new-civil-code-crypto-assets-inherit/

China's Crypto Is All About Tracing — and Power
https://www.bloomberg.com/opinion/articles/2020-05-24/china-s-yuan-will-exit-covid-19-with-a-big-digital-currency-lead

China and Digital Currency : multifaceted advantages or a surveillance and tracking juncture
https://www.ehackingnews.com/2020/05/china-and-digital-currency-multifaceted.html

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
駭客偽冒總統府電子郵件寄發夾藏惡意程式釣魚網站
https://www.cib.gov.tw/News/BulletinDetail/8294

駭侵者以肺炎為名,透過魚叉式網路釣魚,散布惡意 Excel 檔
https://www.twcert.org.tw/tw/cp-104-3634-245b1-1.html

如何防堵勒索病毒?企業應採用資安防禦與備份方案以保護數位資產
https://www.zerone.com.tw/Content/Product/A5A51D5D314517B8

【獨家】中油遭駭揭秘!高雄營業處先「毒發」 竟燒13天才全修復
https://tw.appledaily.com/life/20200523/U37VFEDAM24XAOYCBAC2JHMLHM/

泰國 Android 用戶遭 WolfRAT 鎖定,攻擊熱門聊天 App 以竊取資訊
https://www.twcert.org.tw/tw/cp-104-3630-471e9-1.html

勒索軟體攻擊發展出加裝VM以躲避防毒偵測的新手法
https://www.ithome.com.tw/news/137845

Ragnar Locker ransomware deploys virtual machine to dodge security
https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/

新一代ComRAT木馬程式利用Gmail作為命令暨控制媒介
https://ithome.com.tw/news/137885

New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data
https://thehackernews.com/2020/05/gmail-malware-hacker.html

企業資安之道- 勒索軟體的攻與防
https://www.twcert.org.tw/tw/cp-15-3632-c19eb-1.html

Hackers Abusing Open RDP ports For Remote Access using Windows Backdoor Malware
https://gbhackers.com/hackers-abusing-open-rdp-ports-for-remote-access/

Maze Ransomware Operators Leaked 2GB of Financial Data from Bank of Costa Rica (BCR)
https://www.ehackingnews.com/2020/05/maze-ransomware-operators-leaks-2gb-of.html

Sarwent Malware Continues to Evolve With Updated Command Functions
https://labs.sentinelone.com/sarwent-malware-updates-command-detonation/

The Evolution of APT15’s Codebase 2020
https://www.intezer.com/blog/research/the-evolution-of-apt15s-codebase-2020/

ZLoader Loads Again: New ZLoader Variant Returns
https://www.proofpoint.com/us/blog/threat-insight/zloader-loads-again-new-zloader-variant-returns

Banking Malware ZLoader spotted in over 100 email campaigns
https://www.itsecurityguru.org/2020/05/22/banking-malware-zloader-spotted-in-over-100-email-campaigns/

Hiding in plain sight: PhantomLance walks into a market
https://securelist.com/apt-phantomlance/96772/#comment-3123008

The “Silent Night” Zloader/Zbot
https://resources.malwarebytes.com/files/2020/05/The-Silent-Night-Zloader-Zbot_Final.pdf

Ransomware Gang Posting Financial Details From Bank Attack
https://www.bankinfosecurity.com/ransomware-gang-posting-financial-details-from-bank-attack-a-14335

MAZE RANSOMWARE OPERATORS RELEASE THE BANCO DE COSTA RICA DATA LEAK PART 3!!
https://cybleinc.com/2020/05/22/maze-ransomware-operators-release-the-banco-de-costa-rica-data-leak-part-3/

Ransomware Gang Arrested for Spreading Locky to Hospitals
https://threatpost.com/ransomware-gang-arrested-locky-hospitals/155842/

Thousands of enterprise systems infected by new Blue Mockingbird malware gang
https://www.zdnet.com/article/thousands-of-enterprise-systems-infected-by-new-blue-mockingbird-malware-gang/

Introducing Blue Mockingbird
https://redcanary.com/blog/blue-mockingbird-cryptominer/

Vigilante hackers target 'scammers' with ransomware, DDoS attacks
https://www.bleepingcomputer.com/news/security/vigilante-hackers-target-scammers-with-ransomware-ddos-attacks/

Insidious Android malware gives up all malicious features but one to gain stealth
https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/

Turla hacker group steals antivirus logs to see if its malware was detected
https://www.zdnet.com/article/turla-hacker-group-steals-antivirus-logs-to-see-if-its-malware-was-detected/

Vigilante hackers target 'scammers' with ransomware, DDoS attacks
https://www.bleepingcomputer.com/news/security/vigilante-hackers-target-scammers-with-ransomware-ddos-attacks/

Insidious Android malware gives up all malicious features but one to gain stealth
https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/

Qihoo & Baidu disrupt malware botnet with hundreds of thousands of victims
https://www.zdnet.com/article/qihoo-baidu-disrupt-malware-botnet-with-hundreds-of-thousands-of-victims/#ftag=RSSbaffb68

New activity of DoubleGuns Group, control hundreds of thousands of bots via public cloud service
https://blog.netlab.360.com/shuangqiang/

From Agent.BTZ to ComRAT v4: A ten year journey
https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/

Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
https://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-devil-shadow-botnet-hidden-in-fake-zoom-installers/

Cyber-Criminal espionage Operation insists on Italian Manufacturing
https://yoroi.company/research/cyber-criminal-espionage-operation-insists-on-italian-manufacturing/

AgentTesla Delivered via a Malicious PowerPoint Add-In
https://isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/

Microsoft warns of PonyFinal ransomware attacks
https://hotforsecurity.bitdefender.com/blog/microsoft-warns-of-ponyfinal-ransomware-attacks-23387.html

A Rogues' Gallery of MacOS Malware
https://www.darkreading.com/vulnerabilities---threats/a-rogues-gallery-of-macos-malware/d/d-id/1337934

B.行動安全 / iPhone / Android /穿戴裝置 /App
Zoom 持續實現 90 天資安強化計劃
https://news.sina.com.tw/article/20200522/35253004.html

Zoom修補計畫持續進行 暫禁使用GIF平台功能
https://bit.ly/3d4cBN0

趁疫情全面禁用ZOOM? 加拿大指我國誤讀資安報告
https://udn.com/news/story/6885/4599060

通訊軟體那麼多,LINE、M+、Skype、Telegram 企業使用怎麼選
https://www.inside.com.tw/article/19885-

拉脫維亞釋出Google、蘋果技術為基礎的COVID-19接觸追蹤App
https://www.ithome.com.tw/news/137839

WhatsApp 安全性更新 - 修復 Android、iOS 平台備份訊息的加密漏洞
https://hk.xfastest.com/55873/whatsapp-update/

國安法通過 港人憂「得翻牆」反監控APP下載激增
https://bit.ly/2ZTs133

國安下的零基資安(一):匯出及刪除 WhatsApp 對話記錄
https://bit.ly/2TOfF8t

國安下的零基資安(二):保護手機屏幕,免受偷窺
https://bit.ly/3gyCSFn

刪除不需要的手機應用程式
https://blog.trendmicro.com.tw/?p=64493

蘋果被爆Siri竊聽用戶 9億iPhone或被駭
https://www.epochtimes.com/b5/20/5/25/n12135456.htm

蘋果剛推出iOS 13.5不到3天,Unc0ver發布越獄程式,且能支援最新推出的iPhone SE
https://ithome.com.tw/news/137889

所有iPhone設備都可能被解鎖! 駭客發布新款越獄軟體「Unc0ver」
https://ek21.com/news/tech/197519/

iPhone還安全嗎?駭客團體「越獄」成功,破解蘋果最新iOS系統
https://www.bnext.com.tw/article/57823/jailbreak-iphone-apple

德國聯邦資訊安全辦公室要蘋果用戶儘快修補郵件漏洞
https://www.ithome.com.tw/news/137904

今年 2 月就遭外流?蘋果 iOS 14 傳面臨史上最嚴重「洩密」事件
https://3c.ltn.com.tw/news/40483

New jailbreak tool works on Apple’s just-released iOS 13.5
https://www.theverge.com/2020/5/24/21268945/apple-hackers-jailbreak-iphones-ios-13-5

New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug
https://thehackernews.com/2020/05/iphone-ios-jailbreak-tools.html

Aggressive in-app advertising in Android
https://securelist.com/in-app-advertising-in-android/97065/

Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
https://newsroom.trendmicro.com/blog/security-intelligence/backdoor-devil-shadow-botnet-hidden-fake-zoom-installers-1

70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs
https://threatpost.com/70-of-apps-open-source-bugs/156040/

Fake Valorant Mobile app pushes scams on eager gamers
https://www.bleepingcomputer.com/news/security/fake-valorant-mobile-app-pushes-scams-on-eager-gamers/

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
近日重點網絡安全漏洞情況摘報
https://kknews.cc/tech/8kx65bg.html

電腦犯罪財損屢創新高 刑事局:資安防護應視同防疫
https://bit.ly/3gyXjSv

販毒也在電商化?疫情讓毒品「供應」流向暗網,但「需求」大幅減少
https://www.inside.com.tw/article/19922-coronavirus-lockdowns-dark-web-drug-market

軍校盃網路安全競賽 理工學院奪冠
https://www.ydn.com.tw/News/384500

是誰在大量操縱訊息?Google公布首個協作影響力行動公告
https://www.ithome.com.tw/news/137932

《李忠憲專欄》香港國安法的啟示
https://taronews.tw/2020/05/26/660212/

這不是一個測試, APT41利用多個漏洞啟動全球入侵活動
https://bit.ly/2ZJ9GW8

政府、企業都受「駭」!3 個關鍵數字暴露台灣資安危機
https://buzzorange.com/techorange/2020/05/26/taiwan-cyber-security-issue/

NTT 全球威脅情報報告:網路罪犯創新自動化使攻擊量大增
http://www.netadmin.com.tw/netadmin/zh-tw/snapshot/1C6804D83BB34F2AB53CFC5207A3FBF3

網路戰爭來襲,駭客危機變商機!投資人該如何抓住新機會
https://www.wealth.com.tw/home/articles/25887

內賊資安事件調查發現,6成犯案者是準備離職員工與約聘人員
https://www.ithome.com.tw/news/137837

粉專恐遭駭客攻擊 臉書向台灣用戶發警告
https://bit.ly/3cZsEvn

小禎粉團、IG被綁架 貼文遭大量刪除
https://bit.ly/2M4Qkmf

小玉30萬粉專遭駭「被消失」! 崩潰喊:我○七
https://fnc.ebc.net.tw/FncNews/life/120051

藝人網紅好慌!駭客鎖定"高人氣美女"帳號盜IG
https://bit.ly/3gB8cmI

「台灣阿童」粉專遭越南詐團霸佔 童仲彥斡旋終取回所有權
https://tw.news.appledaily.com/local/20200525/5U53YGBQL7RT4GKIESF6JD6X4U/

推特遭駭客發表怪文 SJ神童:這是最後的警告
https://www.epochtimes.com/b5/20/5/27/n12140306.htm

醫療機構網路攻擊事件頻傳 紅十字會發起連署促遏止
https://news.ltn.com.tw/news/world/breakingnews/3177591

台綜院也被駭 高官成跳板險害調查局淪陷
https://tw.appledaily.com/local/20200527/GF7ZOCTHAJMB3D4VGTXX4LILQE/

不只總統府! 台綜院驚被駭「郵件藏毒」急擋
http://www.nexttv.com.tw/NextTV/News/Home/Politics/2020-05-27/175536.html

外交部派資安團隊外館掃毒 查出19個駭客樣態
https://bit.ly/2LXK7Zl

防紅色駭客!駐外館處資安健檢 揪出19種入侵型態
https://inanews.tw/archives/195751

資安研究顯示台韓遊戲開發商遭入侵 疑似中國駭客組織所為
https://game.udn.com/game/story/10453/4588645

技術麻瓜也能網路犯罪?彭博的實驗結果表明資安問題的嚴重性
https://abmedia.io/bloomberg-dark-web-ransomware/

德國駭客惡意散播政治人物個資 遭檢方起訴
https://money.udn.com/money/story/5599/4592360

烏克蘭警方逮捕洩露Collection#1的駭客
https://www.ithome.com.tw/news/137811

從政府到企業都受「駭」,3 個關鍵數字暴露台灣資安危機
https://technews.tw/2020/05/23/3-keys-figures-expose-taiwan-cybersecurity-crisis/

台灣中油:「遭駭補償金」係訛傳 資安事故通報未延遲
https://money.udn.com/money/story/5612/4585340

國安會示警:中國國家型網軍已成形 對台攻擊強度越來越高
https://news.ltn.com.tw/news/politics/paper/1375332

川普簽行政命令檢討《通訊規範法》 專家警告或不合憲
https://tw.appledaily.com/international/20200529/Y7MFCYYQFXWFTBBK52BC5O57O4/

跟進美國 日本擴大排除採購中國通訊設備
https://money.udn.com/money/story/5599/4595048

美列33家陸資機構入實體清單 大陸資安巨頭也中槍
https://bit.ly/2XtQhWo

美國制裁33家中企機構 控侵犯新疆人權為共軍採購
https://www.cna.com.tw/news/firstnews/202005230019.aspx

中美貿易戰火不斷 中國最大資安公司遭美國列黑名單
https://newtalk.tw/news/view/2020-05-26/412274

全球近3成VPN業者被中資掌控 網民翻牆趨困難
https://bit.ly/3c0SVbv

傳英國政府有意組「D10」聯盟,擺脫依賴中國技術
https://technews.tw/2020/05/29/uk-d10-alliance/

金額逾748億 美偵破北韓洗錢集團助發展核武
https://tw.appledaily.com/international/20200529/WE4GS4JQEUU2BDT7N5WIALNPYQ/

勒索事件追蹤:4200萬美金成交! 駭客聲稱川普「髒衣服」被買走
https://ek21.com/news/tech/196566/

數位威權輸出下的自由世界聯盟
https://www.twreporter.org/a/bookreview-the-great-firewall-of-china

ネット特定班最大勢力「鬼女」が日本のCIAと呼ばれる所以
https://www.news-postseven.com/archives/20200128_1533376.html

Iranian APT Group Targets Governments in Kuwait and Saudi Arabia
https://thehackernews.com/2020/05/iran-hackers-kuwait.html

Ukrainian Police Arrest Hacker Who Tried Selling Billions of Stolen Records
https://thehackernews.com/2020/05/ukrainian-hacker-arrested.html

NSO Group Impersonated Facebook to Help Clients Hack Targets
https://www.vice.com/en_us/article/qj4p3w/nso-group-hack-fake-facebook-domain

How Cybersecurity Enables Government, Health, EduTech Cope With COVID-19
https://thehackernews.com/2020/05/covid-19-cybersecurity.html

eBay port scans visitors' computers for remote access programs
https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/

Israel is suspected to be behind the cyberattack on Iranian port
https://securityaffairs.co/wordpress/103517/cyber-warfare-2/israel-cyberattack-iranian-port.html

eBay私自掃瞄網站訪客電腦的遠端存取傳輸埠
https://www.ithome.com.tw/news/137876

eBay port scans visitors' computers for remote access programs
https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/

Europol, Capgemini team up in cybercrime prevention, awareness campaigns
https://www.zdnet.com/article/europol-capgemini-team-up-in-cybercrime-prevention-awareness-campaigns/#ftag=RSSbaffb68

Why is This Website Port Scanning me
https://nullsweep.com/why-is-this-website-port-scanning-me/

Google highlights Indian 'hack-for-hire' companies in new TAG report
https://www.zdnet.com/article/google-highlights-indian-hack-for-hire-companies-in-new-tag-report/

Valak targets Microsoft Exchange servers to steal enterprise data
https://www.zdnet.com/article/valak-targets-microsoft-exchange-servers-to-steal-enterprise-data-in-active-campaigns/

Microsoft IIS servers hacked by Blue Mockingbird to mine Monero
https://www.bleepingcomputer.com/news/security/microsoft-iis-servers-hacked-by-blue-mockingbird-to-mine-monero/

Researchers Uncover Brazilian Hacktivist's Identity Who Defaced Over 4800 Sites
https://thehackernews.com/2020/05/brazilian-hacker-vandathegod.html

NSA warns of new Sandworm attacks on email servers
https://www.zdnet.com/google-amp/article/nsa-warns-of-new-sandworm-attacks-on-email-servers/

Got $50k spare? Then you can crack SHA-1 – so OpenSSH is deprecating flawed hashing algo in a 'near-future release'
https://www.theregister.co.uk/2020/05/28/openssh_deprecating_sha1/

200K sites with buggy WordPress plugin exposed to wipe attacks
https://www.bleepingcomputer.com/news/security/200k-sites-with-buggy-wordpress-plugin-exposed-to-wipe-attacks/

【新竹】新竹市政府教育網路中心徵資安分析師1名
https://openhouse.nctu.edu.tw/news/990/

TA3810 IT 資安工程師 Cyber Security Engineer
https://www.104.com.tw/job/6y8r3

中華電信校園資通訊人才線上招募 開跑
https://times.hinet.net/news/22917517

5G搶7月開台 中華電啟動大徵才
https://www.chinatimes.com/newspapers/20200528000234-260202?chdtv

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
新資安威脅出現!投票人資料庫、遊戲帳號喊價上千美元
https://www.chinatimes.com/realtimenews/20200527004047-260410?chdtv

五億 Facebook 用戶個資檔案,遭駭侵者以三萬美元求售
https://www.twcert.org.tw/tw/cp-104-3646-829ec-1.html

《國際金融》疫情期間 美信用卡詐騙案暴增
https://bit.ly/2M7BoDQ

總統府釣魚信事件 換個釣魚情境同樣在企業間上演
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000585789_lzq691iu90thdi8duf48d

印尼近 230 萬選民資料,遭駭侵團體曝光
https://www.twcert.org.tw/tw/cp-104-3633-f49c3-1.html

巴基斯坦三家電信業者,遭駭侵團體 Greenbug 長期竊聽
https://www.twcert.org.tw/tw/cp-104-3631-7610c-1.html

實聯制防個資濫用 最多存放28天須銷毀
https://www.cna.com.tw/news/firstnews/202005285005.aspx

指揮中心發布實聯制指引,管制商家防疫個資用途,要求疫調專用、專人保管還要28天刪除
https://www.ithome.com.tw/news/137896

健保卡領振興券引發個資疑慮 指揮中心:有法律授權依據
https://newtalk.tw/news/view/2020-05-28/413336

網購退貨遭騙操作ATM 超商與警齊力阻詐18萬
https://times.hinet.net/news/22916357

泰國電信龍頭 AIS 資料庫外洩,83 億筆泰國網路紀錄看光光
https://www.techbang.com/posts/78720-thai-billions-internet-records-leak

泰最大電信業 AIS 資料外洩,用戶 DNS 數據被看光光
https://www.inside.com.tw/article/19884-thai-billions-internet-records-leak

Thai Database Leaks 8.3 Billion Internet Records
https://rainbowtabl.es/2020/05/25/thai-database-leaks-internet-records/

俄羅斯部落格LiveJournala逾2,600萬個憑證流入駭客論壇
https://www.ithome.com.tw/news/137886

26 million LiveJournal credentials leaked online, sold on the dark web
https://www.zdnet.com/article/26-million-livejournal-credentials-leaked-online-sold-on-the-dark-web/#ftag=RSSbaffb68

26 million LiveJournal accounts being shared on hacker forums
https://www.bleepingcomputer.com/news/security/26-million-livejournal-accounts-being-shared-on-hacker-forums/

GitLab 寄釣魚信件測試員工資安意識,20% 員工未通過
https://technews.tw/2020/05/27/gitlab-tried-phishing-its-own-work-from-home-staff/

HTTPSを使用したフィッシングサイトが27%に増加
https://securitynews.so-net.ne.jp/news/sec_30196.html

Microsoft issued Warning against Spear-phishing Campaign using COVID-19 themed Emails
https://offensive-hackers.blogspot.com/2020/05/microsoft-issued-warning-against-phishing-emails.html

Phishing Campaign Leverages Google to Harvest Credentials
https://www.bankinfosecurity.com/phishing-campaign-leverages-google-to-harvest-credentials-a-14332

UK Data Breach Reports Decline
https://www.bankinfosecurity.com/uk-data-breach-reports-decline-a-14331

Mercedes-Benz Data Leak: Embarrassing But Endurable
https://www.bankinfosecurity.com/blogs/mercedes-benz-data-leak-embarrassing-but-endurable-p-2903

Spam and phishing in Q1 2020
https://securelist.com/spam-and-phishing-in-q1-2020/97091/

NTT代管服務網路被駭,621家客戶公司資料疑外流
https://www.ithome.com.tw/news/137936

Fortune 500 company NTT discloses security breach
https://www.zdnet.com/article/fortune-500-company-ntt-discloses-security-breach/

A GOVERNMENT DATABASE OF 20 MILLION+ TAIWANESE CITIZENS LEAKED IN DARKWEB
https://cybleinc.com/2020/05/29/government-database-20-million-plus-taiwanese-personal-information-leaked-in-darkweb/

DETAILED INFORMATION OF OVER 80K CREDIT CARDS DUMP ON SALE IN THE DARKWEB MARKET!!
https://cybleinc.com/2020/05/28/detailed-information-of-over-80k-credit-cards-dump-on-sale-in-the-darkweb-market/

[2ND UPDATE] 47.5 MILLION INDIAN TRUECALLER RECORDS ON SALE IN DARKWEB FOR (ONLY) $1000!
https://cybleinc.com/2020/05/26/47-5-million-indian-truecaller-records-on-sale-for-only-1000/

Phishing attack impersonates Amazon Web Services to steal user credentials
https://www.techrepublic.com/article/phishing-attack-impersonates-amazon-web-services-to-steal-user-credentials/

E.研究報告
雄邁IPC 攝像頭後門漏洞分析
https://www.anquanke.com/post/id/206004

看懂MITRE ATT&CK資安產品評測結果,先瞭解6大偵測類別含義
https://www.ithome.com.tw/news/137821

研究人員準備開源USB驅動程式漏洞測試工具USBFuzz
https://www.ithome.com.tw/news/137929

Parallels Desktop最新虛擬機逃逸漏洞分析(CVE-2020-8871)
https://www.4hou.com/posts/Xnr8

Learn to Analyze Docker Image with Dive tool
https://blog.pentesteracademy.com/learn-to-analyze-docker-image-with-dive-tool-4cdee4aeef6b

Smuggling HTTP headers through reverse proxies
https://telekomsecurity.github.io/2020/05/smuggling-http-headers-through-reverse-proxies.html

OSINT Quick Guide: Running a Domain Scan in Lampyre
https://medium.com/@raebaker/osint-quick-guide-running-a-domain-scan-in-lampyre-7dfacc4404fe

Demonstrate Brute Force On Web Login Page By Using BurpSuite
https://hackersonlineclub.com/demonstrate-brute-force-on-web-login-page-by-using-burpsuite/

Intercept SSL traffic to perform penetration testing on Android apps using Charles Debug Proxy
https://medium.com/@Mayank.Grover/intercept-ssl-traffic-to-perform-penetration-testing-on-android-apps-using-charles-debug-proxy-59211859d22f

Practical Insider Threat Penetration Testing Cases with Scapy (Shell Code and Protocol Evasion)
https://pentestmag.com/practical-insider-threat-penetration-testing-cases-with-scapy-shell-code-and-protocol-evasion/

Webshell, Virtual Private Server (VPS) and cPanel Database
https://github.com/c0delatte/carina

Framework ment to help testing the users iseeyou
https://github.com/zarkones/iseeyou

IoT-Implant-Toolkit
https://github.com/arthastang/IoT-Implant-Toolkit/blob/master/README.md

Evil-WinRM: The ultimate WinRM shell for hacking/pentesting
https://hakin9.org/evil-winrm-the-ultimate-winrm-shell-for-hacking-pentesting/

Evilreg : Reverse Shell Using Windows Registry Files (.reg)
https://kalilinuxtutorials.com/evilreg/

EvilApp - Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA)
https://www.kitploit.com/2020/05/evilapp-phishing-attack-using-android.html

Route Redistribution PPP Multilink mock configuration
https://ccie.internetworks.in/2019/12/route-redistribution-ppp-multilink-mock.html

OSINT tool for visualizing relationships between domains, IPs and email addresses.
https://www.offensiveosint.io/osint-tool-for-visualizing-relationships-between-domains-ips-and-email-addresses/

Offensive OSINT s01e05 - OSINT & Corporate espionage. Tentacles of Mindgeek part 1.
https://www.offensiveosint.io/offensive-osint-s01e05-osint-corporate-espionage/

RangeAmp attacks can take down websites and CDN servers
https://www.zdnet.com/article/rangeamp-attacks-can-take-down-websites-and-cdn-servers/

CDN Backfired: Amplification Attacks Based on HTTP Range Requests
https://www.liubaojun.org/uploads/1/1/8/3/118316462/dsn_2020.pdf

How to use Trend Micro's Rootkit Remover to Install a Rootkit
https://billdemirkapi.me/How-to-use-Trend-Micro-Rootkit-Remover-to-Install-a-Rootkit/

マクニカネットワークス、台湾のTeamT5社と標的型攻撃グループに関して共同リサーチ開始
https://www.macnica.net/pressrelease/mpressioncss_20200526.html/

標的型攻撃の実態と 対策アプローチ
https://www.macnica.net/file/mpressioncss_ta_report_2019_4.pdf

SQL Injection - MySQL comment: the double dash mystery
https://rawsec.ml/en/sql-injection-mysql-comment/

Stowaway -- Multi-hop Proxy Tool for pentesters
https://github.com/ph4ntonn/Stowaway

Phonia - most advanced toolkits to scan phone numbers using only free resources
https://hakin9.org/phonia-most-advanced-toolkits-to-scan-phone-numbers-using-only-free-resources/

Detecting malicious downloads with Osquery, Rsyslog, Kafka, Python3 and Virustotal | by Ben Bornholm
https://eforensicsmag.com/detecting-malicious-downloads-with-osquery-rsyslog-kafka-python3-and-virustotal-by-ben-bornholm/

Installing the MalConfScan with Cuckoo to Analyze Emotet
https://medium.com/@soji256/build-a-malconfscan-with-cuckoo-environment-to-analyze-emotet-ff0c4c589afe

Thick Client Penetration Testing – Exploiting JAVA Deserialization Vulnerability for Remote Code Execution
https://pentestmag.com/thick-client-penetration-testing-exploiting-java-deserialization-vulnerability-remote-code-execution/

Inside the NSA’s Secret Tool for Mapping Your Social Network
https://www.wired.com/story/inside-the-nsas-secret-tool-for-mapping-your-social-network/

Bypassing WAF to perform XSS
https://medium.com/bugbountywriteup/bypassing-waf-to-perform-xss-2d2f5a4367f3

A New Free Monitoring Tool to Measure Your Dark Web Exposure
https://thehackernews.com/2020/05/dark-web-monitoring-tool.html

F.商業
資安業練兵 模擬入侵攻防
https://money.udn.com/money/story/5612/4585447

接軌數位化致勝四大面向(上)─上雲端、遠距離
https://www.17cross.org.tw/Km/km_more?id=4a59930ea9e04034a9f8810caaf1b1be

接軌數位化致勝四大面向(下)─做電商、顧資安
https://www.17cross.org.tw/Km/km_more?id=e1d09b97ff9b4bbe99d6cd86237d68d6

網路戰爭來襲 解碼資安產業未來十年大商機
https://news.cnyes.com/news/id/4482250

裝置管控聚焦iOS與macOS,Jamf強調與蘋果系統深度整合
https://www.ithome.com.tw/review/137842

HackerOne成立8年來已頒發1億美元抓漏獎金,預計只需5年就能突破10億美元門檻
https://www.ithome.com.tw/news/137933

微軟提出四大資安應變措施 協助企業資安防疫,「檢測、隔離、解決、重建」 阻絕駭客攻擊與勒索軟體威脅
http://www.pcdiy.com.tw/detail/16303

Outlook for Windows client to store email signature in the cloud
https://www.zdnet.com/article/outlook-for-windows-client-to-store-email-signature-in-the-cloud/#ftag=RSSbaffb68

G.政府
總統府資安 有如宮鬥劇
https://udn.com/news/story/7339/4584271

總統府被駭案 盼早日向國人還原真相
http://www.ksnews.com.tw/index.php/news/contents_page/0001376681

談總統府洩密案 張善政:我覺得大部分是真的!太寫實了
https://bit.ly/2AOMSK7

駭客案藍轉彎再出招 逼總統府面對
https://udn.com/news/story/10805/4584943

總統府駭客案因劉建忻筆電遺失?刑事局:未接獲訊息
https://udn.com/news/story/10805/4583548

從國安單位情蒐侷限性看中國駭客入侵
https://www.upmedia.mg/news_info.php?SerialNo=88030

立委:機敏資料 勿存放個人電腦
https://m.ltn.com.tw/news/politics/paper/1375065

驗碼不給人、機密天天清,備份存三地,資安不擔心。
https://www.rti.org.tw/radio/programMessageView/id/114778

台中網路學習平台錯誤多 「出師表變退秦師」局長也傻眼
https://udn.com/news/story/6885/4591540

紅軍駭客表演換網站首頁 掀國軍高層內鬥風波
https://tw.appledaily.com/politics/20200527/W7APAWG2UP6K4VWUQQI23IFD5A/

漢光演習紅軍駭客破軍網奪將領個資 竟被當真共諜送辦
https://tw.appledaily.com/politics/20200527/6H26NCYLVWI4SSR4YAVNTX2CFY/

「金句王」黃天牧升任金管會主委,將先找他們喝咖啡
https://www.gvm.com.tw/article/72858

國軍人事系統連3年遭「內鬼」入侵 將官機密遭鎖定嚴重曝險
https://news.ltn.com.tw/news/society/breakingnews/3178584

5軍士官漢光演習後持續侵入電腦 調查局移送高檢署偵辦
https://udn.com/news/story/7321/4593375

漢光演習已結束軍方電腦仍被攻擊 調查竟是自己人搞鬼
https://www.ctwant.com/article/53516

漢光演習扮駭客遭送辦 軍官心寒退伍怒批「自己人打死自己」
https://tw.appledaily.com/politics/20200527/LQFDTVH6HNWU5FDORCOJRKWTSY/

紅軍駭客表演換網站首頁 掀國軍高層惡鬥內幕
https://tw.appledaily.com/politics/20200527/W7APAWG2UP6K4VWUQQI23IFD5A/

資通電軍漢光演習後仍持續駭 防守軍不爽怒告調查局偵辦
https://www.chinatimes.com/realtimenews/20200527002285-260402?chdtv

5軍士官漢光演習後多次當「駭客」遭辦 辯稱:好玩
https://udn.com/news/story/7321/4594015?from=udn-catebreaknews_ch2

漢光演習結束後繼續當駭客 5軍士官辯「只是好玩」被法辦
https://www.storm.mg/article/2691183

國軍人事系統連3年遭「內鬼」入侵 將官機密遭鎖定嚴重曝險
https://news.ltn.com.tw/news/society/breakingnews/3178584

駭客分黑白灰3類 軍方電軍5士官從「白帽」變「黑帽」
https://m.ltn.com.tw/news/society/breakingnews/3178726

5軍士官漢光演習後持續侵入電腦 調查局移送高檢署偵辦
https://udn.com/news/story/7321/4593375?from=udn-catebreaknews_ch2

資通電軍遭國防部聯一控侵駭? 國防部:尊重司法
https://udn.com/news/story/10930/4594405?from=udn-catebreaknews_ch2

資通電軍5軍士官涉駭入國軍人事系統 調查局︰未以共諜罪法辦
https://m.ltn.com.tw/news/society/breakingnews/3179098

國防部通資電指揮部對涉駭客案官兵做出說明
http://www.touchmedia.tw/?p=817161

資通電軍:「軍方專家扮駭客」乙情 全案已進入司法程序
https://bit.ly/2BcGNaR

調查局澄清未以共諜罪法辦資通電人員
https://www.mjib.gov.tw/news/Details/1/609

Re: [新聞] 漢光演習紅軍駭客破軍網奪將領個資
https://moptt.tw/p/Gossiping.M.1590643031.A.720

神祕資通電軍 民間挖角對象
https://www.chinatimes.com/newspapers/20200528000530-260118?chdtv

「港版國安法」後劍指台灣?國防部:中國從未放棄武力犯台
https://www.storm.mg/article/2694008

資通電軍遭檢調約談 國防部:疑似有演習外的非法行為
https://tw.appledaily.com/politics/20200528/P7RHQTUZO6FFK5YHQJU2EWND7M/

內鬥?資通電軍演練駭進自己人網頁 竟被以內亂外患罪送辦
https://bit.ly/2Xb2JeM

一張圖表看國軍第四軍種 「資電通軍」力抗中國駭客捍衛數位國土
https://tw.appledaily.com/politics/20200528/Z2YPOPM2GF7FATWMO5SKDYP5FY/

資通電軍官兵竊密遭移送? 國防部:沒有機密遭竊
https://money.udn.com/money/story/5648/4595952

軍士官演習扮駭客.侵入軍網 事後煞偷提機密
https://news.pts.org.tw/article/480671

漢光演習扮中國駭客結束後還持續入侵
https://www.ptt.cc/bbs/Gossiping/M.1590550246.A.C9B.html

軍方駭客挨告 國防部力保
https://bit.ly/2Xb8Hw7

卓榮泰稱總統府駭客「圍魏救韓」 國民黨批:趁機帶風向「打韓救蔡」
https://www.storm.mg/article/2647123

假冒總統府「開後門」釣立委 刑事局研判境外駭客
https://video.udn.com/news/1177631

冒總統府發釣魚電郵 刑事局:德資安業者判斷「中國攻擊台灣政府」
https://news.ltn.com.tw/news/politics/breakingnews/3181259

總統府立院電腦遭駭案 警疑中國駭客鎖定政府高官竊資
https://tw.news.appledaily.com/local/20200529/TRGEJXMKTT3MKHB7MFOKCCAVBY/

國軍嚴密監偵 全面掌握共軍動態
https://www.ydn.com.tw/News/384667

高市府電子公文系統移機出包  弄丟5萬份花一周找回
https://tw.news.appledaily.com/local/20200528/U4VNXV7MHSMVZUJDTUKYOMHZIQ/

經濟部工業局產創平台主題式研發計畫-「智慧製造資安強化推動」
https://www.teeia.org.tw/zh-tw/News/detail/70

H.工控系統/SCADA/ICS
Emerson OpenEnterprise SCADA軟件存在超危漏洞
https://www.freebuf.com/column/237802.html

I.教育訓練
WAF 是什麼?你的網站需要 WAF 嗎
https://blog.cloudmax.com.tw/waf/

How to Reset Forgotten Root Password in Ubuntu
https://www.tecmint.com/reset-forgotten-root-password-in-ubuntu/

How to build a Machine Learning Intrusion Detection system
https://www.peerlyst.com/posts/how-to-build-a-machine-learning-intrusion-detection-system-chiheb-chebbi

How to Perform MalDoc Analysis–Geodo Usecase (PART I)
https://www.peerlyst.com/posts/how-to-perform-maldoc-analysis-geodo-usecase-part-i-sudhendu

How to become a Hardware Security Specialist
https://www.peerlyst.com/posts/how-to-become-a-hardware-security-specialist-sudhendu

Introduction to Multicast
https://www.internetworks.in/2019/06/introduction-to-multicast.html

How To Spoof Mac Address
https://hackersonlineclub.com/spoof-mac-address/

How to get a CCSK certification
https://www.peerlyst.com/posts/how-to-get-a-ccsk-certification-yogesh-gupta-cissp-r-ccsp

How to configure MPLS L3 VPN with EIGRP
https://mpls.internetworks.in/2020/03/how-to-configure-mpls-l3-vpn-with-eigrp.html

How To Build And Run A SOC for Incident Response - A Collection Of Resources
https://www.peerlyst.com/posts/how-to-build-and-run-a-soc-for-incident-response-and-enterprise-defensibility-a-collection-of-resources

How to Hack Android Remotely (100% working) “ TechHacks
https://medium.com/@ankjshr/how-to-hack-android-remotely-100-working-techhacks-54004e4d6f4d

How To Find Web Server Vulnerabilities With Nikto Scanner
https://hackersonlineclub.com/how-to-find-web-server-vulnerabilities-with-nikto-scanner/

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
黑客瞄準IIoT 進擊智能工廠
https://bit.ly/2M4ZkIl

物聯網應用首重資安 Bureau Veritas提供完整一站式IoT安全評等
https://bit.ly/2zqilCa

智能汽車的新攻擊面:GNU Glibc內存損壞漏洞分析(CVE-2020-6096)
https://www.anquanke.com/post/id/206628

Shodan founder John Matherly on IoT security, dual-purpose hacking tools, and information overload
https://portswigger.net/daily-swig/shodan-founder-john-matherly-on-iot-security-dual-purpose-hacking-tools-and-information-overload

6.近期資安活動及研討會
交通大學駭客書院 -     進階網頁滲透測試 5/30
https://hackercollege.nctu.edu.tw/?p=1159

榮耀資戰 – 重裝上陣  5/30
https://zyxel-foundation.kktix.cc/events/cyberthrones2020

109年智能物聯網與資訊安全碩士學分班 5/30 ~ 8/8
https://www.accupass.com/event/2003160837472127685300

Java Spring安全程式開發實務班 6/2 ~ 6/3
https://www.iiiedu.org.tw/courses/msa466t2001/

邊緣計算系統之大數據與深度學習應用 6/5
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index

物聯網資安認證制度推廣說明會(工業局主辦)6/5
https://www.accupass.com/event/2005051416518928110270

中山資安社-資安讀書會 6/6
https://nsysuisc.kktix.cc/events/readinggroup20200606

Excel對人資假勤及薪資管理分析報表實務班 6/9
https://www.accupass.com/event/2003310137088658330050

透過零信任防護策略因應數位轉型對企業雲應用與IoT安全挑戰 6/9
https://bit.ly/2VzDodV

交通大學駭客書院 -     高階網頁滲透測試 6/13 6/20
https://hackercollege.nctu.edu.tw/?p=1161

CREST CPSA BootCamp 資安分析專家認證課程 6/15 ~ 6/19
https://www.ainetwork-training.com/product/crest-cpsa-bootcamp/

惡意程式偵測、分析、防護實戰班(第3期) 6/16
http://service.tabf.org.tw/tw/user/409646/

ISACA® 國際資訊安全管理師 CISM 認證課程 6/16 ~ 6/19
https://www.accupass.com/event/2004140928122685616880

雲端資安防護研討會 6/18
https://www.accupass.com/event/2003230957111782855813

設計新興雲端安全防護架構: Container & Serverless Security安全藍圖 6/23
https://bit.ly/2VzDodV

交通大學駭客書院 -     企業網域控管-Active Directory攻擊與防禦 6/27
https://hackercollege.nctu.edu.tw/?p=1164

CompTIA Security+ 國際網路資安認證班 7/4 ~ 7/12
https://www.iiiedu.org.tw/courses/msa293t2002/

數據分析與機器學習案例實務(三)影像分類技術 7/20
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3897&from_course_list_url=course_index

CYBERSEC 2020 臺灣資安大會 8/12
https://cyber.ithome.com.tw/

認證系統安全從業人員 SSCP 輔導班 9/5 ~ 9/13
https://www.iiiedu.org.tw/courses/asq902t2001/

邊緣計算系統之大數據與深度學習應用 9/11
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3895&from_course_list_url=course_index

數據分析與機器學習案例實務(四)應用實例 9/14
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3898&from_course_list_url=course_index

留言

這個網誌中的熱門文章

資安事件新聞週報 2019/2/25 ~ 2019/3/1

資安事件新聞週報  2019/2/25  ~  2019/3/1

1.重大弱點漏洞

Avast:數位家庭最容易有漏洞的裝置是印表機、網路裝置及監視器
https://ithome.com.tw/news/128997

F5 BIG-IP Access Policy Manager 跨站腳本漏洞  CVE-2019-6595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6595

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT
https://www.exploit-db.com/exploits/46444

報告:前十大熱門Docker映像檔都有至少30個以上的漏洞
https://www.ithome.com.tw/news/129018

有攻擊者正利用Chrome的0day漏洞偷取他人信息
https://nosec.org/home/detail/2294.html

Chrome瀏覽器被曝存在漏洞攻擊者可通過PDF收集用戶信息
http://www.sohu.com/a/298175326_114774?sec=wd

Google Chrome zero-day used in the wild to collect user data via PDF files
https://www.zdnet.com/article/google-chrome-zero-day-used-in-the-wild-to-collect-user-data-via-pdf-files/#ftag=RSSbaffb68

Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers
https://bit.ly/2H4ZAWr

研究人員揭露大批Thunderclap安全漏洞,允許惡意周邊裝置竊取記憶體機密資訊
https://www.ithome.com.tw/news/129021

新發現的thunderclap 漏洞允許黑客使用Thunderbolt/USB-C 外設攻擊PC
http://hackernews.cc/archives/24…

資安新聞及事件週報 2018/12/3 ~ 2018/12/7

1.重大弱點漏洞

WebEx Meetings漏洞沒補好,思科再補一次
https://ithome.com.tw/news/127328

Cisco Prime License Manager 存在安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181128-plm-sql-inject

IBM QRadar SIEM 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1730

2019 PHP5網站技術支援到期,恐將成為資安孤兒
https://bit.ly/2Udfh1S

高階腳本語言Perl測出多種overflow觸發情境
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5059

CVE-2018-8550widows提權漏洞預警及復現
https://www.bilibili.com/video/av37405552/

Oracle WebLogic Server存在未明漏洞  CVE-2018-3249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3249

CyberArk 9.7 - Memory Disclosure
https://old.exploit-db.com/exploits/45926/?rss

Chrome 71出爐,加強封鎖不良廣告、修補43個安全漏洞
https://www.ithome.com.tw/news/127492

儘速更新Zoom!避免駭客亂入視訊會議
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5061

libsixel 緩衝區錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19762

容器技術 Kubernetes 被回報首度重大漏洞,使用者要盡快升級修補
https://technew…

資安事件新聞週報 2019/7/8 ~ 2019/7/12

資安事件新聞週報  2019/7/8  ~  2019/7/12

1.重大弱點漏洞/後門/Exploit/Zero Day
安全公告:LEN-27828 Intel PROSet/Wireless WiFi Software 漏洞
http://iknow.lenovo.com/detail/dc_183380.html

Juniper Junos OS 多個漏洞
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10938
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10940
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10942
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10946

Lodash 嚴重安全漏洞背後你不得不知道的JavaScript 知識
https://juejin.im/post/5d271332f265da1b934e2d48

Lodash庫爆出嚴重安全漏洞,波及400萬+項目
https://mp.weixin.qq.com/s/tfZq2PZylGfMjOp8h8eeTw

Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
https://www.exploit-db.com/exploits/47111

知名飯店Kiosk系統漏洞讓後台資料庫憑證曝險,可致客戶資料被竊
https://ithome.com.tw/news/131809

Jira Server and Data Center Update Patches Critical Vulnerability
https://www.bleepingcomputer.com/news/security/jira-server-and-data-center-update-patches-critical-vulnerability/

JIRA Security Advisory 2019-07-1…