跳到主要內容

資安事件新聞週報 2020/6/22 ~ 2020/6/26








資安事件新聞週報 2020/6/22  ~  2020/6/26

1.重大弱點漏洞/後門/Exploit/Zero Day
微軟六月發佈之漏洞修補數量,創有史以來最高
https://www.eset.tw/html/86/202006191/

Netgear路由器安全漏洞六個月後終於修復
https://bit.ly/315KOZz

瀚淶科技發佈NETGEAR 產品安全性通知 建議使用者更新韌體修補
https://bit.ly/3178OeE

國內網通設備廠商修復存於家用路由器的嚴重資安漏洞
https://www.twcert.org.tw/tw/cp-104-3721-9ca72-1.html

Cisco WebEx 被發現記憶體傾印資安漏洞
https://www.twcert.org.tw/tw/cp-104-3717-c993a-1.html

Webex修復兩個嚴重漏洞,兩者可使黑客運行任意程序以及代碼
https://www.expreview.com/74776.html

Cisco Wireless LAN Controller Software緩衝區溢出漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3273

物聯網設備「驚爆」底層漏洞
https://kknews.cc/tech/lv4xvvz.html

New Ripple20 Flaws Put Billions of Internet-Connected Devices at Risk of Hacking
https://thehackernews.com/2020/06/new-critical-flaws-put-billions-of.html

Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations
https://thehackernews.com/2020/06/oracle-e-business-suite.html

IBM Security Guardium漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4193
2019 was a record year for OSS vulnerabilities
https://www.helpnetsecurity.com/2020/06/09/oss-vulnerabilities/

英雄聯盟上周處罰共2W+惡意利用漏洞上分用戶
https://www.vpgame.com/news/article/338633

TRENDnet TEW-827DRU命令注入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14081

黑客可利用IBM Maximo Asset Management軟件的SSRF漏洞攻擊企業網絡
https://www.freebuf.com/column/240864.html

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
【環聯洩密】傳銀公與金管局傾向 中央處理客戶個人信貸資料
https://bit.ly/3dqKfvE

三倍券7/1開放預購 政院:將做好每一環節測試
https://www.epochtimes.com/b5/20/6/26/n12214008.htm

振興三倍券刷哪張卡最划算?銀行、行動支付優惠比一比
https://www.cna.com.tw/news/firstnews/202006235003.aspx

API安全成金融創新關鍵
http://www.netadmin.com.tw/netadmin/zh-tw/market/BD506214B097419D82730619B1481DD1

More S3 Buckets Compromised with Magecart and Malicious Redirector
https://www.infosecurity-magazine.com/news/s3-compromised-magecart-malicious/

點選熱門新聞也出事?五個意想不到信用卡遭盜刷原因
https://blog.trendmicro.com.tw/?p=64761

Critical Bugs and Backdoor Found in GeoVision's Fingerprint and Card Scanners
https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html

3.電子支付/電子票證/行動支付/ pay/新聞及資安
使用人數超車一卡通 街口已稱霸電子支付
https://www.cardu.com.tw/news/detail.php?40848

北市強制裝電子支付 公有市場使用少
https://reurl.cc/nzd6O8

日本企業組成協議會,建立共通電子支付架構
https://technews.tw/2020/06/07/apanese-companies-want-to-establish-a-common-electronic-payment-structure/

零售業的行動支付創新
https://udn.com/news/story/6871/4657519

股價3天崩9成!德國行動支付巨頭爆假帳醜聞 軟銀10億美元飛了
https://reurl.cc/E7l8Xa

Facebook 在巴西首次推出 WhatsApp 行動支付服務,用戶轉帳免費
https://technews.tw/2020/06/16/facebook-launches-whatsapp-based-digital-payments-service-in-brazil/

大陸行動支付上線8年 搶案少9成 搶匪快消失了
https://www.chinatimes.com/realtimenews/20200623005187-260410?chdtv

4.虛擬貨幣/區塊鍊/數位貨幣/相關新聞及資安
Bancor DEX 發現嚴重漏洞,代碼安全成 DeFi“阿喀琉斯之踵”
https://www.chainnews.com/zh-hant/articles/155230754382.htm

DeFi Saver發現自有交易平台安全漏洞並使用白帽攻擊提取資金
http://bc.jrj.com.cn/2020/06/20121029972106.shtml

研究人員發現以太坊錢包Argent出現高危漏洞
http://bc.jrj.com.cn/2020/06/19222829969549.shtml

矽谷「鋼鐵人」被冒名!以馬斯克為名的比特幣騙局已捲走200萬美元
https://news.knowing.asia/news/5e802d2b-d7ec-4d54-a79d-2fdb9b528bfc

科大設區塊鏈證書核實平台 方便僱主查驗 利求職升學
http://startupbeat.hkej.com/?p=88846

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
Android 間諜軟體ActionSpy, 用新聞網頁為餌進行漏洞攻擊
https://blog.trendmicro.com.tw/?p=64859

【駭客打獵的全盛時期】手機病毒早在 16 年前就問世,智慧型時代更嚴重肆虐
https://buzzorange.com/techorange/2020/06/20/cellphone-virus-in-the-smart-era/

【病毒史上的今天】2004年 6 月 15 日 第一支手機病毒 Cabir 誕生
https://blog.trendmicro.com.tw/?p=7451

國際特赦組織:摩洛哥用以色列製間諜軟體對付記者
https://money.udn.com/money/story/5599/4653211

美資安公司發現 中國稅務軟體暗藏後門
https://www.chinatimes.com/realtimenews/20200626002750-260410?chdtv

Targeted Attack Leverages India-China Border Dispute to Lure Victims
https://www.zscaler.com/blogs/research/targeted-attack-leverages-india-china-border-dispute-lure-victims

Microsoft Defender ATP now detects Windows 10 UEFI malware
https://www.bleepingcomputer.com/news/security/microsoft-defender-atp-now-detects-windows-10-uefi-malware/

Targeted Attack Leverages India-China Border Dispute to Lure Victims
https://www.zscaler.com/blogs/research/targeted-attack-leverages-india-china-border-dispute-lure-victims

Discord modified to steal accounts by new NitroHack malware
https://www.bleepingcomputer.com/news/security/discord-modified-to-steal-accounts-by-new-nitrohack-malware/

Hackers use fake Windows error logs to hide malicious payload
https://www.bleepingcomputer.com/news/security/hackers-use-fake-windows-error-logs-to-hide-malicious-payload/

Thanos ransomware auto-spreads to Windows devices, evades security
https://www.bleepingcomputer.com/news/security/thanos-ransomware-auto-spreads-to-windows-devices-evades-security/

New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data
https://thehackernews.com/2020/05/gmail-malware-hacker.html

U.S. Officials Ask Juniper Networks About Investigation Into 2015 Backdoor
https://www.securityweek.com/us-officials-ask-juniper-networks-about-investigation-2015-backdoor

IndigoDrop spreads via military-themed lures to deliver Cobalt Strike
https://blog.talosintelligence.com/2020/06/indigodrop-maldocs-cobalt-strike.html

SSH-Targeting Golang Bots Becoming the New Norm
https://labs.bitdefender.com/2020/06/ssh-targeting-golang-bots-becoming-the-new-norm/

The eagle eye is back: old and new backdoors from APT30
https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/eagle-eye-is-back-apt30/

Ryuk ransomware deployed two weeks after Trickbot infection
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-deployed-two-weeks-after-trickbot-infection/

Inside a TrickBot Cobalt Strike Attack Server
https://labs.sentinelone.com/inside-a-trickbot-cobaltstrike-attack-server/

VirusTotal Adds Cynet's Artificial Intelligence-Based Malware Detection
https://thehackernews.com/2020/06/virustotal-cynet-malware-detection.html

Pillowmint: FIN7’s Monkey Thief
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/pillowmint-fin7s-monkey-thief/

Oh, what a boot-iful mornin’
https://securelist.com/oh-what-a-boot-iful-mornin/97365/

The Golden Tax Department and Emergence of GoldenSpy Malware
https://trustwave.azureedge.net/media/16908/the-golden-tax-department-and-emergence-of-goldenspy-malware.pdf

New ransomware posing as COVID‑19 tracing app targets Canada; ESET offers decryptor
https://www.welivesecurity.com/2020/06/24/new-ransomware-uses-covid19-tracing-guise-target-canada-eset-decryptor/

A Threat Actor Targeting Cryptocurrency Exchanges
https://www.clearskysec.com/wp-content/uploads/2020/06/CryptoCore_Group.pdf

Glupteba malware hides in plain sight
https://news.sophos.com/en-us/2020/06/24/glupteba-report/

Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/

Attackers Cryptojacking Docker Images to Mine for Monero
https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/

VALAK: MORE THAN MEETS THE EYE
https://www.cybereason.com/blog/valak-more-than-meets-the-eye

OBFUSCATED VBSCRIPT DROPS ZLOADER, URSNIF, QAKBOT, DRIDEX
https://blog.morphisec.com/obfuscated-vbscript-drops-zloader-ursnif-qakbot-dridex

Docker Images Containing Cryptojacking Malware Distributed via Docker Hub
https://thehackernews.com/2020/06/cryptocurrency-docker-image.html

B.行動安全 / iPhone / Android /穿戴裝置 /App
反擊資安疑慮!Zoom升級免費用戶加密系統
https://bit.ly/37Jb513

2G成"犯罪溫床",動態驗證碼成為安全漏洞,幾分鐘銀行卡被掏空
https://www.sohu.com/a/403551212_100030976

Why Google Removed “Remove China Apps” From Play Store
https://techincidents.com/google-removed-remove-china-apps/

New Privacy Features Added to the Upcoming Apple iOS 14 and macOS Big Sur
https://thehackernews.com/2020/06/ios14-macos-big-sur-privacy.html

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
憂心資安!港立法會議員:有公司轉移敏感資料至國外伺服器
https://ec.ltn.com.tw/article/breakingnews/3206708

域名仿冒攻擊上升 對話劫持真假難辨
https://bit.ly/3fP4zsb

資安即國安 網路安全產業將成下一個10年投資寵兒
https://news.cnyes.com/news/id/4495969

用「黑盒子」遭斷網 華人排長龍安裝正規網絡
https://www.epochtimes.com/b5/20/6/20/n12199538.htm

南京紫金山實驗室“懸賞”200萬元 迎全球“黑客”挑戰
https://bit.ly/3hTwmK1

80個Chrome擴充程式疑涉及大規模監控行動,擴充程式已成新的rootkit
https://www.ithome.com.tw/news/138369

大規模駭客攻擊!Chrome超過3200萬個用戶資料恐遭竊
http://m.match.net.tw/pc/news/technology/20200619/5369268

惡意外掛偷資料?Chrome爆大筆資料遭竊 下架70款程式、已被下載3200萬次!
https://times.hinet.net/news/22943344

Over 100 New Chrome Browser Extensions Caught Spying On Users
https://thehackernews.com/2020/06/chrome-browser-extensions-spying.html

The Internet’s New Arms Dealers: Malicious Domain Registrars
https://awakesecurity.com/blog/the-internets-new-arms-dealers-malicious-domain-registrars/

駭客濫用牛津大學、Adobe及三星資源,對Office 365用戶展開網釣攻擊
https://www.ithome.com.tw/news/138346

築牢網絡安全防線泰州市“網安2020”專項行動啟動
http://www.js.xinhuanet.com/2020-06/20/c_1126138517.htm

澳洲遭「國家級」駭客網攻或中共軍方所為
https://m.soundofhope.org/post/391912

澳洲遭國家級駭客攻擊 國會議員:與中國有關
https://www.cna.com.tw/news/aopl/202006230050.aspx

澳媒:中國主使惡意駭客攻擊
https://www.pourquoi.tw/2020/06/20/intlnews-nasaoa-200613-200619-1/

澳智庫:疫情期間 中共升級網攻
https://bit.ly/2ByXsVW

澳洲網路安全中心分享網路攻擊相關威脅指標,請注意防範
http://net.nthu.edu.tw/netsys/mailing:announcement:20200622_01

南韓統一部升級內網防朝駭客
https://cb.yna.co.kr/gate/big5/cn.yna.co.kr/view/ACK20200621001000881?section=politics/index

朝鮮半島情勢升溫!南韓統一部加強內部網路防北韓網攻
https://money.udn.com/money/story/5599/4650497

我國擬態防禦網絡擋住280萬次攻擊
http://stdaily.com/index/kejixinwen/2020-06/21/content_958976.shtml

北韓派帶刀部隊到邊界「除草修路」 南韓:非動武前兆
https://udn.com/news/story/121405/4652395?from=udn-ch1_breaknews-1-cate5-news

北韓翻臉文攻武嚇 下個波將是南韓網路戰?
http://globalnewstv.com.tw/202006/112078/

Australian Government Under Ongoing Cyberattack
https://www.darkreading.com/attacks-breaches/australian-government-under-ongoing-cyberattack/d/d-id/1338137

Hackers Target Military and Aerospace Staff by Posing as HRs Offering Jobs
https://thehackernews.com/2020/06/military-aerospace-hacking.html

Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies
https://www.welivesecurity.com/2020/06/17/operation-interception-aerospace-military-companies-cyberspies/

Samsung Blu-ray players reportedly have stopped working but it’s not clear why
https://www.theverge.com/2020/6/20/21297854/samsung-blu-ray-problems-ssl-firmware

Most of the world's most popular passwords can be cracked in under a second
https://www.techrepublic.com/article/most-of-the-worlds-most-popular-passwords-can-be-cracked-in-under-a-second/

Expiring SSL certs expected to break smart TVs, fridges, and IoTs
https://www.bleepingcomputer.com/news/security/expiring-ssl-certs-expected-to-break-smart-tvs-fridges-and-iots/

Weed Sales on the Dark Web Surged Early in the Pandemic
https://www.wired.com/story/dark-web-cannabis-sales-surged-pandemic/

Misconfigured Public Cloud Databases Attacked Within Hours of Deployment
https://www.securityweek.com/misconfigured-public-cloud-databases-attacked-within-hours-deployment

Academics studied DDoS takedowns and said they're ineffective, recommend patching vulnerable servers
https://www.zdnet.com/article/academics-studied-ddos-takedowns-and-said-theyre-ineffective-recommend-patching-vulnerable-servers/

80,000 printers are exposing their IPP port online
https://www.zdnet.com/article/80000-printers-are-exposing-their-ipp-port-online/

WikiLeaks Founder Charged With Conspiring With LulzSec & Anonymous Hackers
https://thehackernews.com/2020/06/wikileaks-lulzsec-anonymous-hackers.html

資安研發主管(資通訊安全及防護)_台達研究院(台北)
https://www.104.com.tw/job/6z223

集保結算所6/30~7/13擴大徵才 重視「跨界、多元化」思維
https://www.ettoday.net/news/20200619/1740870.htm

資安工程師
https://bit.ly/3dktt1j

【IT】資安駐點工程師 - 2000418
https://www.104.com.tw/job/6z0vh

資安稽核工程師 (徵)
https://job.taiwanjobs.gov.tw/internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=150340&HIRE_ID=9703685

[徵才] Supermicro 全新團隊誠徵產品/資安人才
https://pttcareer.com/tech_job/M.1592641835.A.F4A.html

[北部] 資安管理工程師
https://pttcareer.com/job/M.1592883235.A.656.html

[北部] 資安管理工程師
https://pttcareer.com/job/M.1592883235.A.656.html

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
憂重陽禮金帳戶洩漏個資 盧秀燕喊停
https://www.chinatimes.com/realtimenews/20200619004269-260405?ctrack=mo_main_rtime_p03&chdtv

如何避免個資淪入黑暗網路(Dark Web)任人拍賣
https://blog.trendmicro.com.tw/?p=64586

9款特殊交友程式的通訊內容及照片曝露在雲端
https://www.ithome.com.tw/news/138250

駭客濫用牛津大學、Adobe及三星資源,對Office 365用戶展開網釣攻擊
https://www.ithome.com.tw/news/138346

「解除分期付款」詐騙猖獗 刑事局公布高風險網購平台
https://m.ltn.com.tw/news/society/breakingnews/3203167

甲骨文公司驚傳 洩露數十億條網路數據記錄
https://news.knowing.asia/news/e95f79f4-3af1-4284-b0d3-f039a6f5841c

美女法官親密照外流 逮到男法官偷開她電腦
https://www.mirrormedia.mg/story/20200622inv007/

特惠iPhone11詐全台 本尊「淑婉」出現案情大逆轉
https://tw.appledaily.com/local/20200624/VMV2YJICCYSFEGMZ3YULFBYDUI/

居家檢疫8.2萬人拿1.4萬補助 1078人沒隔離竟也想冒領
https://tw.appledaily.com/life/20200624/LUL6ZZXENHKMY5VIS6446Y4ENU/

星巴克新漏洞:可訪問 1 億客戶記錄
https://www.chainnews.com/zh-hant/articles/921277743570.htm

沒有絕對的安全!CIA 承認防範不足遭遇史上最大規模資料外洩
https://technews.tw/2020/06/23/cia-data-leakage/

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments
https://krebsonsecurity.com/2020/06/blueleaks-exposes-files-from-hundreds-of-police-departments/

Hacking Starbucks and Accessing Nearly 100 Million Customer Records
https://samcurry.net/hacking-starbucks/

IT guy from FEMA hacked medical center, sold data on dark web
https://www.hackread.com/fema-it-guy-hacked-medical-center-sold-data-on-dark-web/

Australians reported 25,000 phishing scams last year
https://www.zdnet.com/article/australians-reported-25000-phishing-scams-to-the-accc-last-year/

Hackers Leaked 269 GB of U.S. Police and Fusion Centers Data Online
https://thehackernews.com/2020/06/law-enforcement-data-breach.html

E.研究報告
巡風裂縫掃描系統源碼分析
https://www.anquanke.com/post/id/207831

淺談 GitOps 的概念
https://www.hwchiu.com/gitops.html

Web常见几种漏洞实践操作思维导图
https://www.cnblogs.com/CRRPF/p/13173502.html

CVE-2018-10731:工業交換機漏洞分析
https://www.chainnews.com/zh-hant/articles/680311461031.htm

2020護網紅方漏洞利用總結(一)
https://zhuanlan.zhihu.com/p/149740144

分析Netgear R7000路由器棧溢出漏洞
https://www.anquanke.com/post/id/208935

WizardOpium APT組織在攻擊中使用了兩個Chrome和win32k 0 day漏洞
https://www.4hou.com/posts/z9nO

LeakLooker-X
https://github.com/woj-ciech/LeakLooker-X

Ripple20, set of vulnerabilities inside Treck / KASAGO IP Stacks
https://gist.github.com/SwitHak/5f20872748843a8ad697a75c658278fe

Completely and absolutely correct use of your 64 Cores and 128 Threads
https://www.reddit.com/r/Amd/comments/hbxn6p/completely_and_absolutely_correct_use_of_your_64/

Adversaries targeting Japan in the second half of 2019
https://www.macnica.net/pdf/mpressioncss_ta_report_2019_4_en.pdf

RUBY 2.X UNIVERSAL RCE DESERIALIZATION GADGET CHAIN
https://www.elttam.com/blog/ruby-deserialization/

Deploying of infrastructure and technologies for a SOC as a Service ( SOCasS)
https://www.peerlyst.com/posts/deploying-of-infrastructure-and-technologies-for-a-soc-as-a-service-socass-ibrahim-ayadhi

Script to check MikroTik Routers the WinBox Authentication Bypass Disclosure & RouterOS Jailbreak vulnerabilities
https://github.com/s1l3nt78/MkCheck

IIS6.0解析漏洞、CGI解析漏洞、Upload-labs-master20-23Wirteup
https://www.defcode01.com/cs106824929/

HiveJack
https://github.com/Viralmaniar/HiveJack

Web shell threat hunting with Azure Sentinel and Microsoft Threat Protection
https://techcommunity.microsoft.com/t5/azure-sentinel/web-shell-threat-hunting-with-azure-sentinel-and-microsoft/ba-p/1448065

DETERMIINE IF YOUR LINUX COMPUTER OR SERVER IS HACKED
https://hackingpassion.com/determine-if-your-linux-computer-or-server-is-hacked/

How to Train a Machine Learning Model to Defeat APT Cyber Attacks, Part 4: Fuchikoma v1 — Finding the Fancy Footwork
https://bit.ly/2V2XDQw

The secret life of GPS trackers (1/2)
https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers/

The secret life of GPS trackers (2/2)
https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers-2-2/

HFISH A HONEYPOT PLATFORM
https://hackingpassion.com/hfish-a-honeypot-platform/

Attacking the Golden Ring on AMD Mini-PC
https://medium.com/@dannyodler/attacking-the-golden-ring-on-amd-mini-pc-b7bfb217b437

SHODAN COMMAND LINE A STEP-BY-STEP WALKTHROUGH
https://hackingpassion.com/shodan-command-line-a-step-by-step-walkthrough/

Further Evasion in the Forgotten Corners of MS-XLS
https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/

The Curious Case of Copy & Paste – on risks of pasting arbitrary content in browsers
https://research.securitum.com/the-curious-case-of-copy-paste/

RapidPayload Framework - Metasploit Payload Generator - Kali Linux
https://www.youtube.com/watch?v=4cuNOioKmnM&

Brave Browser Caught Adding Referral Codes To Cryptocurrency URLs
https://techincidents.com/brave-browser-adding-referral-codes-to-cryptocurrency-urls/

Inshackle : Instagram Hacks
https://kalilinuxtutorials.com/inshackle/

DroidTracker - Script To Generate An Android App To Track Location In Real Time
https://www.kitploit.com/2020/06/droidtracker-script-to-generate-android.html

China moved the tactics from field to Cyber against India
https://www.youtube.com/watch?v=w5Jgj6L1Dxg

F.商業
友訊攜手A10 Networks 打造全方位網路解決方案
https://www.chinatimes.com/realtimenews/20200620001842-260410?ctrack=mo_main_rtime_p03&chdtv

TikTok在美打造資安基礎設施
https://www.chinatimes.com/realtimenews/20200623001865-260410?chdtv

CyCraft Services: Secure From Home, For Free
https://medium.com/@cycraft_corp/cycraft-services-secure-from-home-for-free-62b3e28d654f

G.政府
中油攜手調查站 共建危安資安防護網
https://n.yam.com/Article/20200622293422

政府無義務發行高資安風險的eID
https://tw.news.appledaily.com/headline/20200623/XFRGGZRINZHJBFKWO6ATV66IFQ/

H.工控系統/SCADA/ICS
2020年全球工業信息安全行業發展現狀分析:產業規模穩步增長
http://finance.eastmoney.com/a/202006191528342213.html

Advantech WebAccess/SCADA存在拒絕服務漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-29404

機械安全+工業資安 Pilz推防駭解決方案
https://money.udn.com/money/story/5950/4653110

I.教育訓練
什麼是黑暗網路(Dark Web)?跟深層網路(Deep Web)有何關係
https://blog.trendmicro.com.tw/?p=64580

PowerShell 練習 - 平行作業
https://blog.darkthread.net/blog/psfaq-parallel-execution/

WHAT ARE SNIFFING ATTACKS AND THEIR TYPES
https://blog.eccouncil.org/what-are-sniffing-attacks-and-their-types/

自製 NLog 的 Target(以 Slack 的 Incoming WebHooks 為例)
https://dotblogs.com.tw/supershowwei/2020/06/22/112737

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
微軟收購安全廠商CyberX,以強化IoT安全方案
https://ithome.com.tw/news/138401

6.近期資安活動及研討會
交通大學駭客書院 -     企業網域控管-Active Directory攻擊與防禦 6/27
https://hackercollege.nctu.edu.tw/?p=1164

CompTIA Security+ 國際網路資安認證班 7/4 ~ 7/12
https://www.iiiedu.org.tw/courses/msa293t2002/

數據分析與機器學習案例實務(三)影像分類技術 7/20
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3897&from_course_list_url=course_index

CYBERSEC 2020 臺灣資安大會 8/12
https://cyber.ithome.com.tw/

認證系統安全從業人員 SSCP 輔導班 9/5 ~ 9/13
https://www.iiiedu.org.tw/courses/asq902t2001/

邊緣計算系統之大數據與深度學習應用 9/11
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3895&from_course_list_url=course_index

數據分析與機器學習案例實務(四)應用實例 9/14
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3898&from_course_list_url=course_index


留言

這個網誌中的熱門文章

資安事件新聞週報 2019/2/25 ~ 2019/3/1

資安事件新聞週報  2019/2/25  ~  2019/3/1

1.重大弱點漏洞

Avast:數位家庭最容易有漏洞的裝置是印表機、網路裝置及監視器
https://ithome.com.tw/news/128997

F5 BIG-IP Access Policy Manager 跨站腳本漏洞  CVE-2019-6595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6595

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT
https://www.exploit-db.com/exploits/46444

報告:前十大熱門Docker映像檔都有至少30個以上的漏洞
https://www.ithome.com.tw/news/129018

有攻擊者正利用Chrome的0day漏洞偷取他人信息
https://nosec.org/home/detail/2294.html

Chrome瀏覽器被曝存在漏洞攻擊者可通過PDF收集用戶信息
http://www.sohu.com/a/298175326_114774?sec=wd

Google Chrome zero-day used in the wild to collect user data via PDF files
https://www.zdnet.com/article/google-chrome-zero-day-used-in-the-wild-to-collect-user-data-via-pdf-files/#ftag=RSSbaffb68

Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers
https://bit.ly/2H4ZAWr

研究人員揭露大批Thunderclap安全漏洞,允許惡意周邊裝置竊取記憶體機密資訊
https://www.ithome.com.tw/news/129021

新發現的thunderclap 漏洞允許黑客使用Thunderbolt/USB-C 外設攻擊PC
http://hackernews.cc/archives/24…

資安新聞及事件週報 2018/12/3 ~ 2018/12/7

1.重大弱點漏洞

WebEx Meetings漏洞沒補好,思科再補一次
https://ithome.com.tw/news/127328

Cisco Prime License Manager 存在安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181128-plm-sql-inject

IBM QRadar SIEM 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1730

2019 PHP5網站技術支援到期,恐將成為資安孤兒
https://bit.ly/2Udfh1S

高階腳本語言Perl測出多種overflow觸發情境
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5059

CVE-2018-8550widows提權漏洞預警及復現
https://www.bilibili.com/video/av37405552/

Oracle WebLogic Server存在未明漏洞  CVE-2018-3249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3249

CyberArk 9.7 - Memory Disclosure
https://old.exploit-db.com/exploits/45926/?rss

Chrome 71出爐,加強封鎖不良廣告、修補43個安全漏洞
https://www.ithome.com.tw/news/127492

儘速更新Zoom!避免駭客亂入視訊會議
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5061

libsixel 緩衝區錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19762

容器技術 Kubernetes 被回報首度重大漏洞,使用者要盡快升級修補
https://technew…

資安事件新聞週報 2019/7/8 ~ 2019/7/12

資安事件新聞週報  2019/7/8  ~  2019/7/12

1.重大弱點漏洞/後門/Exploit/Zero Day
安全公告:LEN-27828 Intel PROSet/Wireless WiFi Software 漏洞
http://iknow.lenovo.com/detail/dc_183380.html

Juniper Junos OS 多個漏洞
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10938
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10940
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10942
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10946

Lodash 嚴重安全漏洞背後你不得不知道的JavaScript 知識
https://juejin.im/post/5d271332f265da1b934e2d48

Lodash庫爆出嚴重安全漏洞,波及400萬+項目
https://mp.weixin.qq.com/s/tfZq2PZylGfMjOp8h8eeTw

Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
https://www.exploit-db.com/exploits/47111

知名飯店Kiosk系統漏洞讓後台資料庫憑證曝險,可致客戶資料被竊
https://ithome.com.tw/news/131809

Jira Server and Data Center Update Patches Critical Vulnerability
https://www.bleepingcomputer.com/news/security/jira-server-and-data-center-update-patches-critical-vulnerability/

JIRA Security Advisory 2019-07-1…