資安事件新聞週報 2020/8/17 ~ 2020/8/21

 

 
 資安事件新聞週報 2020/8/17  ~  2020/8/21

1.重大弱點漏洞/後門/Exploit/Zero Day
快更新Chrome瀏覽器!以免遭駭客遠距竊取個資
https://newtalk.tw/news/view/2020-08-11/449330

Google Chrome Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_18.html

資安廠商發現以 Chromium 為基礎的瀏覽器,均存有可輕易跳過內容安全原則的嚴重 0-day 漏洞
https://www.twcert.org.tw/tw/cp-104-3857-87101-1.html

Apache HTTP Server 披露多個安全漏洞,騰訊主機安全支持檢測
https://www.chainnews.com/zh-hant/articles/515043208760.htm

PoC Exploit Targeting Apache Struts Surfaces on GitHub
https://threatpost.com/poc-exploit-github-apache-struts/158393/

TeamViewer存在安全漏洞,用戶密碼可被破解
https://www.freebuf.com/vuls/246200.html

數十億用戶可能受影響 - Chrome 瀏覽器發現了一個存在最少 1 年的漏洞
https://hk.xfastest.com/65062/chrome-cve-2020-6519/

Citrix Endpoint Management 多個高危漏洞通告
https://www.anquanke.com/post/id/214023

Snapdragon DSP 被揭嚴重漏洞   全球 40% 裝置隨時中招
https://m.eprice.com.hk/mobile/talk/4247/216421/1/Jenkins公告主框架及多款插件存在高危漏洞(2020.8.12)
https://s.tencent.com/research/bsafe/1086.html

亞馬遜Alexa現漏洞:可能會曝光用戶個人信息及語音歷史
https://www.cnbeta.com/articles/tech/1015493.htm

CVE-2020-1472:NetLogon特權提升漏洞通告
https://www.anquanke.com/post/id/213812

360 發現並協助修復 Windows 新一代 PrintDemon 漏洞,再獲微軟官方致謝
https://www.chainnews.com/zh-hant/articles/881135385829.htm

卡巴斯基:IE 11的零時差漏洞CVE-2020-1380曾被用來攻擊南韓企業
https://www.ithome.com.tw/news/139391

微軟發布8月安全更新 共修復120個漏洞,當中17個為高危
https://www.expreview.com/75630.html

Microsoft August 2020 Patch Tuesday fixes 120 vulnerabilities, two zero-days
https://www.zdnet.com/article/microsoft-august-2020-patch-tuesday-fixes-120-vulnerabilities-two-zero-days/

Combodo iTop - CSRF
https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html

GitLab 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13281

Roundcube 郵件系統發現重要漏洞,需要盡快升級
https://tech.sina.com.cn/roll/2020-08-17/doc-iivhuipn9140633.shtml

兩個Apache Struts 2安全漏洞的PoC攻擊代碼出現在GitHub上
https://www.sohu.com/a/413525813_354899

Amazon Alexa Bugs Allowed Hackers to Install Malicious Skills Remotely
https://thehackernews.com/2020/08/amazon-alexa-hacking-skills.html

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure and denial of service (CVE-2020-4414)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-and-denial-of-service-cve-2020-4414/

IBM Db2 Shared Memory Vulnerability (CVE-2020-4414)
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ibm-db2-shared-memory-vulnerability-cve-2020-4414/

Experts Reported Security Bug in IBM's Db2 Data Management Software
https://thehackernews.com/2020/08/ibm-data-management.html

Jenkins Security Advisory 2020-08-17
https://www.jenkins.io/security/advisory/2020-08-17/

Jenkins服務氣漏洞致敏感信息洩漏
https://www.4hou.com/posts/PrEw

Critical Jenkins Server Vulnerability Could Leak Sensitive Information
https://thehackernews.com/2020/08/jenkins-server-vulnerability.html

Google在Gmail漏洞公布七小时後部署了緩解措施
https://www.sohu.com/a/414189403_99956743

Microsoft RDP RCE(CVE-2019-0708)漏洞
https://www.freebuf.com/vuls/247284.html

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
《金融》資安、雙語人才受歡迎 行庫攬才 下半年擴大招募
https://reurl.cc/pyDzNl

【臺灣資安大會直擊】純網銀資安如何實現縱深防禦部署策略?將來銀行資訊長周旺暾揭露關鍵
https://www.ithome.com.tw/news/139333

【臺灣資安大會直擊】封閉網路強化安控從資安框架做起!臺灣證券交易所維運管理挑戰大公開
https://www.ithome.com.tw/news/139390

【臺灣資安大會直擊】第一銀行副總劉培文:銀行面臨數位轉型需打造新型數位安全架構,連帶資安典範也要跟著轉移
https://www.ithome.com.tw/news/139371

【臺灣資安大會直擊】8大金融資安行動方案最大目的是超前做好資安規範,金管會揭露更詳細作法
https://www.ithome.com.tw/news/139357

【2020 資安大會】兩大重點搶先看:如何防範「目標式勒索攻擊」、如何部署純網銀的資安策略
https://buzzorange.com/techorange/2020/08/12/cybersec-2020/

數位理財通/發展金融科技 強化風險防護
https://money.udn.com/money/story/9740/4782672

【新內閣online】台灣金融科技發展出現新契機?金管會主委黃天牧:金管會有責任建立一個能跨領域溝通的「單一平台」
https://ppt.cc/f4AHox

資安人才成當紅炸子雞 金融物流科技3產業需求熱
https://www.cna.com.tw/news/ahel/202008170164.aspx

金管會結合法務部與金融總會及各相關公會共同舉辦「2020全國金融業企業誠信及法令遵循研討會」
https://reurl.cc/Z77NKg

ATM機上鉤錢 勾走20萬歐
http://www.ouhua.info/2020/0817/31191.html

金融業砸重本發展金融科技 金管會估今年投資近200億
https://www.ettoday.net/news/20200820/1789724.htm

藉ATM機漏洞盜取現金 美新澤西逾百人被捕
https://www.epochtimes.com/b5/20/8/20/n12344456.htm

ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks
https://www.zdnet.com/article/atm-makers-diebold-and-ncr-deploy-fixes-for-deposit-forgery-attacks/#ftag=RSSbaffb68

Hacking Group Targets European Banks, Military
https://www.bankinfosecurity.com/hacking-group-targets-european-banks-military-a-14841

3.電子支付/行動支付/pay/資安
電支電票整合政府沒說的事 便民卻是大型業者的痛
https://news.cnyes.com/news/id/4515981

臉書建立新金融服務部門 統整支付系統
https://www.cna.com.tw/news/aopl/202008110125.aspx

電子支付繳保費 3種額度限制要注意
https://udn.com/news/story/7239/4783225?from=udn-catebreaknews_ch2

不用帶錢包 行動支付輕鬆搞定
https://udn.com/news/story/7098/4788968?from=udn-catelistnews_ch2


4.加密貨幣/挖礦/區塊鍊 資安
佈局支付領域?聯準會開始採用Hyperledger Fabric區塊鏈軟體
https://news.knowing.asia/news/b3662fe6-6a94-479e-9bb3-d30d423f48b9

央行成立金融科技「王牌軍」,意欲何為
https://news.sina.com.tw/article/20200812/36016748.html

央行數位貨幣漸熱 依國家需求訂制度
https://reurl.cc/Z7OodQ

23% of Tor browser relays found to be stealing Bitcoin
https://www.hackread.com/tor-browser-relays-found-to-stealing-bitcoin/

Researcher retrieves $300,000 worth of Bitcoin from an encrypted Zip file
https://www.hackread.com/researcher-retrieves-bitcoin-from-encrypted-zip-file/

澳洲首例「加密貨幣竊盜」判決,25 歲女竊 400,000 美元 XRP 今跌成十分之一
https://blocktempo.com/australian-wowan-jailed-for-stealing-100000-xrp/

Uniswap上的代幣項目跑路?NUGS合約漏洞分析
https://www.bishijie.com/shendu/121806.html

DeFi 項目 YAM 爆漏洞有驚無險!修復提案已湊夠票數
https://blockcast.it/2020/08/13/defi-yam-finally-saved-at-last-minute/

一文讀懂「人民幣 3.0」,中國「央行數位貨幣 DCEP」試點仍然是 4+1
https://www.blocktempo.com/china-cbdc-handbook/

你的USDT真的可靠嗎?紐約州批准多個穩定幣但卻獨漏USDT
https://news.knowing.asia/news/700e2676-ffb5-45fe-bb62-13c610e089c2

跨鏈技術趨勢 – 深度解析Polkadot(一)
http://n.yam.com/Article/20200811367114

研究:駭客挾持Tor流量以竊取比特幣
https://www.ithome.com.tw/news/139355

首宗利用漏洞 交易後即轉走 3男藉Bitcoin櫃機呃23萬
https://hk.appledaily.com/local/20200816/5VVFCNWU2ZC5RNAXQHLJMUPFDU/

蠱惑集團騙款23萬警拘3人 專家倡立例規管虛擬貨幣交易
https://reurl.cc/R14n2e

【世界的十字路口】小心貨幣監控你 數字人民幣急飇
https://www.ntdtv.com/b5/2020/08/15/a102918879.html

數位貨幣開創新局 個資隱私是難題
https://anntw.com/articles/20200817-iqKj

各國央行力推數位貨幣 專家揭3大關鍵動機
https://www.ettoday.net/news/20200818/1787107.htm

區塊鏈動數位轉型新契機,你發現了嗎
http://n.yam.com/Article/20200818971643

新式比特幣詐騙?香港警方逮捕三名嫌犯 通過比特幣櫃員機盜取數十萬港元
https://industry.fx168.com/news/2008/4113381.shtml

日本首次虛擬貨幣沒收命令!交易所Coincheck遭駭後續,男子吐回480萬日圓
https://www.abmedia.io/japan-first-crypto-confiscate-order/

「155億CoinCheck遭駭事件」二嫌疑與駭客交易甚密,日本法院首次裁定加密貨幣扣押
https://www.blocktempo.com/japans-first-cryptocurrency-seizure/

【臺灣資安大會直擊】從區塊鏈架構剖析4大類常見駭客攻擊手法
https://www.ithome.com.tw/news/139472

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
自2020年3月以來NetWalker勒索軟件團伙已經賺了2500萬美元
https://www.sohu.com/a/412470574_99956743

國家級駭客組織所利用之惡意程式TAIDOOR,請注意防範
https://www.chc.edu.tw/posts/74

駭客正透過政府、學術機關網站,植入惡意網址以散布惡意程式
https://www.twcert.org.tw/tw/cp-104-3860-83b9a-1.html

MAC惡意軟件通過XCODE項目傳播濫用WEBKIT、DATA VAULT漏洞
https://reurl.cc/Y61njO

沒修補Citrix重大漏洞讓駭客有機可趁,全球最大遊輪業者Carnival遭勒索軟體攻擊
https://www.insoler.com/forum/topic/15978576096508.htm

猶他大學遭勒索軟體攻擊:付贖金的原因不是為了解密資料,而是贖回被盜的學生資料
https://www.ithome.com.tw/news/139547

南韓 SK 海力士遭駭,藉勒索軟體取得資料並勒索贖金
https://reurl.cc/WLLOAZ

駭客組織TeamsTNT利用挖礦蠕蟲從Docker或K8s中竊取AWS密碼
https://reurl.cc/Oqqm67

新版TeamTNT挖礦蠕蟲會竊取AWS憑證
https://www.ithome.com.tw/news/139496

研究:新一代殭屍網路FritzFrog感染500臺伺服器以幫駭客挖礦
https://www.ithome.com.tw/news/139520

美國國土安全部與 FBI 公布疑似北韓駭侵活動,以假徵人啟事散布惡意軟體
https://www.twcert.org.tw/tw/cp-104-3873-505c3-1.html

美國公布北韓駭客所使用的RAT惡意程式
https://www.ithome.com.tw/news/139529

Konica Minolta傳遭勒索軟體攻擊,系統斷線數日
https://www.ithome.com.tw/news/139456

研究人員利用Emotet惡意程式中的漏洞阻止擴散
https://www.sohu.com/a/413702862_354899

NSA、FBI警告俄羅斯發動Linux惡意程式Drovorub攻擊政府及國防單位
https://www.ithome.com.tw/news/139403

Russia is targeting Linux with Drovorub malware
https://betanews.com/2020/08/14/russia-malware-linux-drovorub/

NSA, FBI Warn of Linux Malware Used in Espionage Attacks
https://threatpost.com/nsa-fbi-warn-of-linux-malware-used-in-espionage-attacks/158351/

Upgraded Agent Tesla malware steals passwords from browsers, VPNs
https://www.bleepingcomputer.com/news/security/upgraded-agent-tesla-malware-steals-passwords-from-browsers-vpns/

RedCurl Emerges as a Corporate Espionage APT
https://www.infosecurity-magazine.com/news/redcurl-emerges-as-a-corporate/

Russia’s Fancy Bear targets Linux environments with Drovorub malware
https://www.computerweekly.com/news/252487658/Russias-Fancy-Bear-targets-Linux-environments-with-Drovorub-malware

Agent Tesla | Old RAT Uses New Tricks to Stay on Top
https://labs.sentinelone.com/agent-tesla-old-rat-uses-new-tricks-to-stay-on-top/

Alert (AA20-227A) Phishing Emails Used to Deploy KONNI Malware
https://us-cert.cisa.gov/ncas/alerts/aa20-227a

Mac Users Targeted by Spyware Spreading via Xcode Projects
https://threatpost.com/mac-spyware-xcode-projects/158388/

Emotet malware employed in fresh COVID19-themed spam campaign
https://securityaffairs.co/wordpress/107179/cyber-crime/emotet-covid19-spam-campaign.html

CactusPete APT group’s updated Bisonal backdoor
https://securelist.com/cactuspete-apt-groups-updated-bisonal-backdoor/97962/

Mekotio: These aren’t the security updates you’re looking for
https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-updates-youre-looking-for/

XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
https://blog.trendmicro.com/trendlabs-security-intelligence/xcsset-mac-malware-infects-xcode-projects-performs-uxss-attack-on-safari-other-browsers-leverages-zero-day-exploits/

Blackbaud ransomware attack exposed donor data from two UK charities
https://portswigger.net/daily-swig/blackbaud-ransomware-attack-exposed-donor-data-from-two-uk-charities

Carnival Cruises into Danger After Ransomware Attack
https://www.infosecurity-magazine.com/news/carnival-cruises-danger-ransomware/

Researchers Exploited A Bug in Emotet to Stop the Spread of Malware
https://thehackernews.com/2020/08/emotet-botnet-malware.html

Crypto-mining worm steal AWS credentials
https://www.zdnet.com/article/crypto-mining-worm-steal-aws-credentials/#ftag=RSSbaffb68

TEAM TNT – THE FIRST CRYPTO-MINING WORM TO STEAL AWS CREDENTIALS
https://www.cadosecurity.com/2020/08/17/teamtnt-the-first-crypto-mining-worm-to-steal-aws-credentials/

New Attack Alert: Duri
https://www.menlosecurity.com/blog/new-attack-alert-duri

Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors
https://umbrella.cisco.com/blog/navigating-cybersecurity-during-a-pandemic-latest-malware-and-threat-actors

Ukraine arrests gang who ran 20 crypto-exchanges and laundered money for ransomware gangs
https://www.zdnet.com/article/ukraine-arrests-gang-who-ran-20-crypto-exchanges-and-laundered-money-for-ransomware-gangs/

IcedID Campaign Strikes Back
https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Operation ‘Dream Job’Widespread North Korean EspionageCampaign
https://www.clearskysec.com/wp-content/uploads/2020/08/Dream-Job-Campaign.pdf

North Korean Malicious Cyber Activity
https://us-cert.cisa.gov/ncas/current-activity/2020/08/19/north-korean-malicious-cyber-activity

Malware Analysis Report (AR20-232A) MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a

WannaRen ransomware author contacts security firm to share decryption key
https://www.zdnet.com/article/wannaren-ransomware-author-contacts-security-firm-to-share-decryption-key/#ftag=RSSbaffb68

Hundreds of URLs Inside Microsoft Excel Spreads New Dridex Trojan Variant
https://www.fortinet.com/blog/threat-research/hundreds-of-urls-inside-microsoft-excel-spreads-new-dridex-trojan-variant
 
Dussmann Group Data Leaked After Ransomware Attack
https://www.infosecurity-magazine.com/news/dussman-group-data-leaked/

RANSOM DEMANDS RETURN: NEW DDOS EXTORTION THREATS FROM OLD ACTORS TARGETING FINANCE AND RETAIL
https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html

Researchers Exploited A Bug in Emotet to Stop the Spread of Malware
https://thehackernews.com/2020/08/emotet-botnet-malware.html

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide
https://thehackernews.com/2020/08/p2p-botnet-malware.html

Operation ‘Dream Job’ Widespread North Korean Espionage Campaign
https://www.clearskysec.com/operation-dream-job/

FritzFrog Monero Cryptojacking Malware Attack Millions Of Addresses
https://insidebitcoins.com/news/fritzfrog-monero-cryptojacking-malware-attack-millions-of-addresses

IBM AI-Powered Data Management Software Subject to Simple Exploit
https://threatpost.com/ibm-ai-powered-data-management-software-subject-exploit/158497/

Transparent Tribe APT targets government, military by infecting USB devices
https://www.zdnet.com/article/transparent-tribe-hacking-group-spreads-malware-by-infecting-usb-devices/

Transparent Tribe: Evolution analysis,part 1
https://securelist.com/transparent-tribe-part-1/98127/

Ransomware hits Jack Daniel's owner and Ritz London— investigation ongoing
https://cio.economictimes.indiatimes.com/news/digital-security/ransomware-hits-jack-daniels-owner-and-ritz-london-investigation-ongoing/77630640

New FritzFrog P2P botnet has breached at least 500 enterprise, government servers
https://www.zdnet.com/article/new-fritzfrog-p2p-botnet-has-breached-at-least-500-enterprise-government-servers/

FRITZFROG: A NEW GENERATION OF PEER-TO-PEER BOTNETS
https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

World's largest cruise line operator Carnival hit by ransomware
https://www.bleepingcomputer.com/news/security/worlds-largest-cruise-line-operator-carnival-hit-by-ransomware/

B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G
WSJ:TikTok 鑽漏洞收集 Android 用戶 MAC 位址長達 15 個月
https://reurl.cc/5qgmYG

TikTok暗中蒐集Android裝置識別資料長達一年
https://www.ithome.com.tw/news/139349

Apple 承認 iPhone 11 使用了中國北斗系統的定位資料
https://reurl.cc/WL475Z

打造桃園青埔成為5G創新應用示範場域
https://m.ctee.com.tw/livenews/aj/a07634002020081816421298?area=

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
網路犯罪平台都架設在哪裡
https://blog.trendmicro.com.tw/?p=65495

網絡入侵在新冠肺炎疫情期間增25%
https://reurl.cc/OqqM2R

【資安關鍵字:資安威脅|Web Skimming】透過常用網頁元件與分析工具來攻擊,手法更隱密
https://www.ithome.com.tw/news/139455

談及網路攻擊戰 學者:很多國家都不宣告直接打
https://www.secretchina.com/news/b5/2020/08/20/943570.html

網路陷阱停看聽!安全憑證成駭客攻擊途徑 個資防護眉角多
https://reurl.cc/14xQY8

虛擬的新柏林圍牆 中國滲透之下的乾淨網路世界
https://reurl.cc/j5dXLM

挑戰 XP 的長壽紀錄?近 25% 用戶死守微軟 Window 7 系統
https://3c.ltn.com.tw/news/41307

「天份應用在對的地方」 黑帽駭客變身資安公司CEO
https://tw.appledaily.com/local/20200816/S5ZBV3Q4BURBDJYVIXODBA52PI/

美國司法部:Uber 前資安長「用比特幣付封口費」掩飾駭客事件
https://blockcast.it/2020/08/21/uber-former-cso-trying-to-conceal-data-breach-by-paying-hackers-100k-in-bitcoin/

【臺灣資安大會直擊】中華電信揭露本土DDoS攻擊最新災情數據,7月攻擊近4千次,最高流量達75Gbps
https://www.ithome.com.tw/news/139330

【臺灣資安大會直擊】單日4.4億筆查詢能攔6千萬次惡意網站連線,IBM免費DNS如何靠ML分群億級時序資料揪出惡意網站
https://www.ithome.com.tw/news/139356

DEF CON CTF決賽首度採線上舉辦,臺灣HITCON x Balsn戰隊打敗多國好手,奪得第三名
https://www.ithome.com.tw/news/139300

台涉共諜案 曝光中共祕探法輪功情報黑幕
https://www.epochtimes.com/b5/20/8/15/n12334079.htm

鑽這漏洞 大陸駭客竊我10政府機關及資訊供應商機敏情資
https://udn.com/news/story/6656/4793952

攻擊政府駭客源頭查到了 調查局揪出境外駭客攻台資訊供應鏈
https://www.chinatimes.com/realtimenews/20200819002628-260402?chdtv

中國兩駭客組織專攻我政府標案商 調查局揭11個惡意網域
https://www.rti.org.tw/news/view/id/2076604

中共駭我國政府機關?調查局:至少從2018年
https://reurl.cc/n00qYX

調查局首度揭露國內政府委外廠商成資安破口的現況,近期至少10個公家單位與4家資訊服務供應商遇害
https://www.ithome.com.tw/news/139504

中国が台湾市民の個人情報を狙っていると政府が発表
https://gigazine.net/news/20200820-taiwan-accuses-chinese-hackers/

台灣情報機構:中國駭客長期侵台
https://reurl.cc/XkkZv7

【國安危機】中國駭客入侵10政府機關 「機敏資料早被看光光」
https://tw.appledaily.com/local/20200819/7NJS4NBV2ZB4PDS6TMUNB54Z3Q/

中國駭客組織攻擊政府單位 調查局專案偵辦
https://reurl.cc/Mddj1K

中駭客組織 長期滲透試圖竊取我機密資訊
https://news.pts.org.tw/article/491132

攻擊承包政府標案商當跳板 調查局:中國駭客駭我逾10政府機關
https://m.ltn.com.tw/news/society/breakingnews/3264812

中駭客對台資訊供應鏈 發動人海攻勢
https://news.pchome.com.tw/politics/idn/20200819/index-59783900457569224001.html

中國駭客入侵政府機關  「得標資訊商」成破口
http://www.nexttv.com.tw/NextTV/News/Home/Society/2020-08-19/232727.html

擬3天武統台!共軍瞄準基礎建設?吳斯懷曝:這4項最危險
https://www.setn.com/News.aspx?NewsID=799389

中國駭客駭我政府機關 趙立堅反批民進黨「惡意污衊」
https://news.ltn.com.tw/news/world/breakingnews/3266527

台指控中國駭我政府機關 戰狼外交官拗:中國也是受害者
https://tw.appledaily.com/international/20200820/3OS4DXXQQ5BBDMHWJFLCH6M474/

伊朗駭客組織Oilrig在攻擊中利用DNS-over-HTTPS協議
https://ek21.com/news/tech/209801/

荷蘭駭客,駭入俄國網軍觀察一年,曝光俄國操控美國選舉
https://home.gamer.com.tw/creationDetail.php?sn=4880718

美起訴2中國駭客竊防疫研究 中共公安部黑手曝光
https://reurl.cc/j5dz71

南太平洋數據中心爆資安漏洞! 華為兩年前就破解加密演算法
https://www.ettoday.net/news/20200812/1783012.htm

中國電信廈門分公司重拳出擊落實網信安全工作
http://www.xmnn.cn/xmnn/2020/08/10/100764616.shtml

大量陸製假身份證件流入美國 網民熱議:陸操縱美大選
https://www.chinatimes.com/realtimenews/20200812007863-260409?chdtv

中國駐英使館批「五眼聯盟」聲明粗暴干涉香港事務
https://reurl.cc/ldL1qE

美資海底電纜因中資介入改牽台灣 NCC:香港連結地位將被取代
https://reurl.cc/k00nnx

要港府好好交代!聯合國報告列27項侵害人權問題待查
https://news.ltn.com.tw/news/world/breakingnews/3256090

美政府懸賞千萬!避外國勢力干預總統大選 社群平台、政府齊打假
https://cnews.com.tw/137200810a03/

27 臺人違法赴中國任政治職竟判免罰 台教會痛批:行政法院成國安漏洞
https://musou.watchout.tw/read/7OvX2prZDVYI3K6fToVM

國際要聞:美國正式實施對華為、中興通訊等五家陸企禁令
https://reurl.cc/ldLEE9

國防院:中國推特揭露美軍機動態是灰色衝突手段
https://www.rti.org.tw/news/view/id/2076233

北京勒令媒體禁報「新冠疫苗研發進度」 疑為病毒來自實驗室製造闢謠
https://reurl.cc/Mdv7Zp

「五毛網軍」突消失!傳中國通知「禁反美」
https://reurl.cc/EzK33R

陸製設備裝後門 印度要電信商資安審查
https://reurl.cc/Kjjeyp

防安保漏洞 日本政府擬修法建立秘密專利制度
https://www.cna.com.tw/news/aopl/202008120343.aspx

「黑暗兵法」讓美軍輕敵?解放軍秀戰力遭專家批漏洞百出:鬧笑話
https://reurl.cc/7oo46b

美軍報告︰北韓擁60枚核彈 化武規模全球第3大
https://news.ltn.com.tw/news/world/breakingnews/3264949

北韓坐擁60枚核彈 5000噸化武! 美軍報告:可能用來對付「這三國」
https://fnc.ebc.net.tw/FncNews/world/123901

美軍報告︰北韓擁60枚核彈頭、5000噸化武 恐不打算無核化
https://tw.appledaily.com/international/20200819/V32U4K5FSRAGRELSH6OXLZY3IE/

以色列稱其成功阻擋了一個北韓駭客組織的網絡攻擊
https://reurl.cc/VXak5n

中國網路開賣武漢肺炎假疫苗 一劑要價逾2千元
https://www.cna.com.tw/news/firstnews/202008130059.aspx

傳英國貿易大臣領頭反對TikTok總部遷擬往倫敦
https://ec.ltn.com.tw/article/breakingnews/3262821

司法部扣押凱達等組織加密貨幣帳戶數百萬元
https://reurl.cc/e8x59Q

美凍結三恐怖組織加密資金帳戶
https://reurl.cc/ygZyEM

針對北美企業發動的駭侵攻擊,年增率高達 93%
https://www.twcert.org.tw/tw/cp-104-3864-995b1-1.html

憂中國設備裝後門 印度要電信商提資安報告
https://money.udn.com/money/story/5599/4790840

海軍造艦受陸諜嚴重威脅 澳洲議員促關閉陸領事館
https://www.chinatimes.com/realtimenews/20200817004472-260409?chdtv

【美中角力】美情報總監:中國對美國威脅比任何國家都大
https://tw.appledaily.com/international/20200818/KA22CW7OOBHUBJIGYZJLOC7NLA/

五千多個CRA賬戶遇駭客突襲 政府急暫停賬戶
https://reurl.cc/N6jark

聯邦官員:針對CRA和GCKey的網絡攻擊已得到控制
https://reurl.cc/MdvGkm

加拿大政府網站遭駭客攻擊,上萬用戶憑證被竊
https://www.ithome.com.tw/news/139438

加拿大政府網站遭駭侵攻擊,疫情紓困專款遭盜領
https://www.twcert.org.tw/tw/cp-104-3866-c262f-1.html

加拿大政府遭網攻 稅務局帳戶遭駭
https://www.rti.org.tw/news/view/id/2076230

Statement from the Office of the Chief Information Officer of the Government Canada on recent credential stuffing attacks
https://www.canada.ca/en/treasury-board-secretariat/news/2020/08/statement-from-the-office-of-the-chief-information-officer-of-the-government-canada-on-recent-credential-stuffing-attacks.html

Canada suffers cyberattack used to steal COVID-19 relief payments
https://www.bleepingcomputer.com/news/security/canada-suffers-cyberattack-used-to-steal-covid-19-relief-payments/

Cybersecurity: These two basic flaws make it easy for hackers to break into your systems
https://www.zdnet.com/article/cybersecurity-these-two-basic-flaws-make-it-easy-for-hackers-to-break-into-you-systems/

Exposing and Circumventing China's Censorship of ESNI
https://geneva.cs.umd.edu/posts/china-censors-esni/esni/

[TLS] Possible blocking of Encrypted SNI extension in China
https://mailarchive.ietf.org/arch/msg/tls/YzT5LjLJ_6WWhdnU2wVsKNKR6_I/

US Army report says many North Korean hackers operate from abroad
https://www.zdnet.com/article/us-army-report-says-many-north-korean-hackers-operate-from-abroad/

US Army report on North Korean military capabilities
http://www.documentcloud.org/documents/7038686-US-Army-report-on-North-Korean-military.html

Garmin confirms cyber attack as fitness tracking systems come back online
https://www.theverge.com/2020/7/27/21339910/garmin-back-online-recovery-ransomeware

Copycat Hacking Groups Launch DDoS Attacks
https://www.bankinfosecurity.com/copycat-hacking-groups-launch-ddos-attacks-a-14846

RANSOM DEMANDS RETURN: NEW DDOS EXTORTION THREATS FROM OLD ACTORS TARGETING FINANCE AND RETAIL
https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html

資安工程師
https://www.104.com.tw/job/70xj4

資訊安全分析師【SE一部】
https://www.104.com.tw/job/44jhx?jobsource=m_cust_same_closed

【資訊工程類】資訊安全工程師(山鶯)
https://www.104.com.tw/job/70wva

Senior IT Engineer
https://www.cakeresume.com/companies/dcard/jobs/senior-it-engineer-200e9d

R0000004:【Threat Defense Expert - 打擊IoT網路駭客!】
https://www.104.com.tw/job/58ezm?jobsource=n104bank2

資安工程師 (白帽駭客)
https://www.104.com.tw/job/6rxul?jobsource=n104bank2

雲端資安 分析師 (台北)
https://www.104.com.tw/job/5yisu?jobsource=n104bank2

資安工程師
https://www.104.com.tw/job/6p7qq?jobsource=n104bank2

資訊安全技術工程師
https://www.104.com.tw/job/6qeyl?jobsource=n104bank2

【資訊管理部】資安技術顧問
https://www.104.com.tw/job/6nlbs?jobsource=n104bank2

資安威脅與調查分析工程師
https://www.104.com.tw/job/5y2jm?jobsource=n104bank2

資訊安全技術顧問
https://www.104.com.tw/job/48aak?jobsource=n104bank2

資安/網管工程師
https://www.104.com.tw/job/70urk

網路資安工程師 (內湖)
https://www.104.com.tw/job/70yjo

資安、資訊系統應用工程師
https://www.104.com.tw/job/713ya

資安工程師
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=68191&HIRE_ID=9895681

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
你的數據安全嗎?網站統計駭客攻擊名單 幫你檢視個資安全度
https://cnews.com.tw/137200817a03/

Check Point研究發現Alexa存在洩漏使用者資料的漏洞
https://www.ithome.com.tw/news/139424

反制中國假消息干擾 用政治作戰對中傳遞真新聞
https://news.ltn.com.tw/news/politics/paper/1394268

Google 將讓 Chrome 網址列顯示更精簡,提高使用者對釣魚網站警覺心
https://www.techbang.com/posts/80575-google-chrome-domain-name-only-url-experiment-scams-hacks-86

疫情期間駭客活動飆升!數位轉型下的資安疑慮 勒索不成私密照恐外流
https://reurl.cc/9XEoO8

嚇死人!全台屋主個資外洩?內政部駁:資安A級嚴密管控
https://www.setn.com/News.aspx?NewsID=797709

不動產個資洩海外 一個地址查全家
https://www.chinatimes.com/newspapers/20200816000323-260118?chdtv

海外系統可查國人不動產個資? 內政部澄清
https://udn.com/news/story/7266/4784087

【資安危機】全台屋主個資外洩  內政部:配合檢調調查
https://tw.appledaily.com/politics/20200815/N2R7QHD7E4PY3MUXZTGF5V7VNQ/

不動產個資傳外洩 內政部澄清:資安制度和監控中心管制嚴密
https://newtalk.tw/news/view/2020-08-15/451262

澳洲發首份華為涉洩漏用戶資料報告
https://www2.hkej.com/instantnews/article/id/2549846

讀冊生活個資外洩資安現漏洞 董事長:反服貿後駭客攻擊頻繁
https://www.ettoday.net/news/20200817/1787041.htm

讀冊生活疑個資外洩 230人受騙逾2000萬
https://www.cna.com.tw/news/firstnews/202008160102.aspx

藉愛心之名假粉專!別按讚留言分享,有互動就有風險
https://www.mygopen.com/2020/08/Fake-account.html

駭客通過釣魚和惡意軟件攻擊將體育組織作為目標
http://europes500.com/sports-organisations-phishing-malware-attacks/

可以重視個資嗎
https://www.dcard.tw/f/mood/p/234220757

被詐騙集團盯上!謝毅宏臉書被挖空…爆氣喊:太奸詐了
https://star.setn.com/news/796902

Uber前網絡安全主管涉瞞5700萬用戶資料外洩 遭美國司法部起訴
https://reurl.cc/v11LEL

高薪吸目光! 詐騙集團遊說投資 上百人受騙
https://www.ttv.com.tw/news/view/10908210005400N/579

海軍電郵被駭洩資料 內容涉及貪污吸毒曠職
https://ppt.cc/fXyeEx

假訊息不只衝擊政經 也衝擊美海外駐軍
https://reurl.cc/XkkRL7

通俄門報告揭!普丁助選川普 「邀看妹」訊息曝
https://ppt.cc/fYhKux

從總統大選到新冠肺炎的假訊息─中國因素(上)
https://tfc-taiwan.org.tw/articles/4332

上億用戶個資外洩 萬豪酒店在英國遭提告
https://ec.ltn.com.tw/article/breakingnews/3265294

上海195萬黨員名單疑外洩
https://reurl.cc/avvZMD

CISA Warns of Phishing Campaign with Loan-Relief Lure
https://www.darkreading.com/attacks-breaches/cisa-warns-of-phishing-campaign-with-loan-relief-lure/d/d-id/1338669

Phishing Tactic Targets Verizon Users' Credentials
https://www.infosecurity-magazine.com/news/phishing-verizon-credentials/

Phishing emails tempting people with fake coronavirus vaccines
https://www.techrepublic.com/article/phishing-emails-tempting-people-with-fake-coronavirus-vaccines/

Thousands Of Taiwan Government Email Accounts "Hacked By China": Officials
https://www.ndtv.com/world-news/thousands-of-taiwan-government-email-accounts-hacked-by-china-officials-2282216

Over 6,000 email accounts belonging to Taiwan government agencies hacked by Chinese hacked
https://securityaffairs.co/wordpress/107335/cyber-warfare-2/taiwan-government-agencies-email-hacked.html

369K+ ALLEGED BANKING RECORDS OF INDIAN CITIZENS LEAKED ON DARKWEB
https://cybleinc.com/2020/08/20/305k-indian-citizens-banking-records-leaked-on-darkweb/

E.研究報告
保護雲端原生系統的四個層次:雲端、叢集、容器 、程式碼
https://blog.trendmicro.com.tw/?p=65240

化身 CSI 鑑識偵探!「數位鑑識」專家如何從小小記憶體找出犯罪證據
https://buzzorange.com/techorange/2020/08/11/digital-forensics/

為何明明裝了中華電信光世代高速光纖網路, 使用WIFI上網還是龜速、常斷訊、不穩呢
https://tel3c.tw/blog/post/30271

Github 不再只是版控平台,還是 APT 後門中繼站
https://teamt5.org/tw/posts/Introducing-githubrat-malware-using-github-as-c2-server/

一次對某廠商MacOS客戶端軟件本地提權擴展的挖掘與利用
https://www.anquanke.com/post/id/213488

臉書開源可偵測Python程式碼安全與隱私問題的工具Pysa
https://www.ithome.com.tw/news/139304

高通與聯發科Wi-Fi晶片也爆出Kr00k漏洞 WPA-2加密資料也會外洩
https://reurl.cc/N6aWkm

CVE-2020–9854漏洞攻擊鏈分析
https://www.4hou.com/posts/NpRp

CVE-2020-1313進攻分析與利用PoC
https://www.freebuf.com/vuls/245706.html

Mac惡意軟件通過Xcode項目傳播濫用WebKit、Data Vault漏洞
https://www.cnbeta.com/articles/tech/1016349.htm

Bash遠程解析命令執行漏洞
https://www.freebuf.com/vuls/246831.html

新攻擊新武器:盲眼應APT組織最新攻擊活動完全分析
https://mp.weixin.qq.com/s/T15pdznZZ4ZsVVpcKrWlnQ

深信服終端檢測平台(EDR)存在遠程命令執行漏洞分析
https://www.buaq.net/go-29893.html

SANGFOR终端檢測響應平台任意用户登入漏洞
https://www.cnblogs.com/yuzly/p/13534540.html

2019~2020網路安全態勢觀察報告
https://www.sohu.com/a/413759159_115128

QRadar Threat Simulation - Security Monitoring
https://www.youtube.com/watch?v=nM_QlP2ZzHM

PwnXSS
https://github.com/pwn0sec/PwnXSS

pwndbg
https://github.com/pwndbg/pwndbg

Malwoverview
https://github.com/alexandreborges/malwoverview

OpenVPN and Transmission with WebUI
https://github.com/haugene/docker-transmission-openvpn

xxe-injection-payload-list
https://github.com/payloadbox/xxe-injection-payload-list

Inline Hooking for Programmers (Part 1: Introduction)
https://www.malwaretech.com/2015/01/inline-hooking-for-programmers-part-1.html

Bastillion - A Web-Based SSH Console That Centrally Manages Administrative Access To Systems
https://www.kitploit.com/2020/08/bastillion-web-based-ssh-console-that.html

CircleCI 101, Ship Quality code, faster by Mr. Funaki
https://www.youtube.com/watch?v=yar11phCSw4

How To Analyse And Capture The Packets In Wireshark
https://hackersonlineclub.com/how-to-analyse-and-capture-the-packets-in-wireshark/

iThome CyberSec2020-Chaos Of Vehicle Communications
https://speakerdeck.com/notsurprised/ithome-cybersec2020-chaos-of-vehicle-communications

Feds are treating BlueLeaks organization as ‘a criminal hacker group,’ documents show
https://www.theverge.com/2020/8/13/21365448/blueleaks-dhs-distributed-denial-secrets-dds-ddosecrets-police

Using the MITRE ATT&CK Navigator for Intelligence Gathering Pre-purple Teaming
https://pentestmag.com/using-the-mitre-attck-navigator-for-intelligence-gathering-pre-purple-teaming/

Exporting Outlook Private Keys and decrypting S/MIME emails
https://www.errno.fr/OutlookDecrypt/OutlookDecrypt

Agent Tesla Spyware Adds Fresh Tricks to Its Arsenal
https://threatpost.com/agent-tesla-spyware-tricks-arsenal/158284/

Reverse-engineering and analysis of SanDisk High Endurance microSDXC card
https://ripitapart.com/2020/07/16/reverse-engineering-and-analysis-of-sandisk-high-endurance-microsdxc-card/

Layerwise learning for Quantum Neural Networks
https://blog.tensorflow.org/2020/08/layerwise-learning-for-quantum-neural-networks.html

Kubernetes Security Challenges, Risks, and Attack Vectors
https://www.sentinelone.com/blog/kubernetes-security-challenges-risks-and-attack-vectors/

Call Me Maybe: Ea­ves­drop­ping En­cryp­ted LTE Calls With Re­VoL­TE
https://revolte-attack.net/?

Re­VoL­TE attack can decrypt 4G (LTE) calls to eavesdrop on conversations
https://www.zdnet.com/article/re-vol-te-attack-can-decrypt-4g-lte-calls-to-eavesdrop-on-conversations/

Nautilus - A Grammar Based Feedback Fuzzer
https://www.kitploit.com/2020/08/nautilus-grammar-based-feedback-fuzzer.html

TorBot - Open Source Intelligence Tool for the Dark Web
https://hakin9.org/torbot-open-source-intelligence-tool-for-the-dark-web/

The NSA Makes Ghidra, a Powerful Cybersecurity Tool, Open Source
https://www.wired.com/story/nsa-ghidra-open-source-tool/

Automating and Managing VMware with PowerShell
https://www.youtube.com/watch?v=LY62rPdyP7k&feature=youtu.be

Asynchronous reverse shell using the HTTP protocol.
https://hakin9.org/asynchronous-reverse-shell-using-the-http-protocol/

Hacker101 CTF: Android Challenge Writeups
https://medium.com/bugbountywriteup/hacker101-ctf-android-challenge-writeups-f830a382c3ce

How To Hack and Exploit Printers
https://hackingpassion.com/how-to-hack-and-exploit-printers-in-seconds/

BrowseSpy - Code developed to steal certain browser config files (history, preferences, etc)
https://hakin9.org/browsespy-code-developed-to-steal-certain-browser-config-files-history-preferences-etc/

PurpleWave—A New Infostealer from Russia
https://www.zscaler.com/blogs/research/purplewave-new-infostealer-russia

Mac惡意程式透過Xcode專案散布,鎖定蘋果零時差漏洞
https://www.ithome.com.tw/news/139432

SassyKitdi: Kernel Mode TCP Sockets + LSASS Dump
https://zerosum0x0.blogspot.com/2020/08/sassykitdi-kernel-mode-tcp-sockets.html

Panaseer Establishes Advisory Board to Help Expand Cybersecurity Vision
https://www.infosecurity-magazine.com/news/panaseer-establishes-advisory-board/

RDOS thwarts cyberattack
http://www.pentictonherald.ca/news/article_30c0ffae-de86-11ea-8bd1-8368a2582ad3.html

IcedID Malware Revamped With Avoidance Capabilities
https://www.bankinfosecurity.com/icedid-malware-revamped-avoidance-capabilities-a-14833

How Dharma Ransomware-as-a-Service Model Works
https://www.bankinfosecurity.com/how-dharma-ransomware-as-a-service-model-works-a-14826

NIST Issues Final Guidance on 'Zero Trust' Architecture
https://www.bankinfosecurity.com/nist-issues-final-guidance-on-zero-trust-architecture-a-14820

RedCurl Cyber Espionage Gang Targets Corporate Secrets
https://www.bankinfosecurity.com/redcurl-cyber-espionage-gang-targets-corporate-secrets-a-14819

Is CREST Penetration-Testing Certification Being Gamed
https://www.bankinfosecurity.com/blogs/crest-penetration-testing-certification-being-gamed-p-2931

SOC Analysts: What they are, what they do, and why they matter 
https://blog.eccouncil.org/soc-analysts-what-they-are-what-they-do-and-why-they-matter%E2%80%AF/

AutomatedLabでAD構築を自動化しよう
https://note.com/lacnote/n/nc2ec4f1c6609

How AppTrana Managed Cloud WAF Tackles Evolving Attacking Techniques
https://thehackernews.com/2020/08/apptrana-managed-cloud-waf.html

Instacart discloses security incident caused by two contractors
https://www.zdnet.com/article/instacart-discloses-security-incident-caused-by-two-contractors/#ftag=RSSbaffb68

Injectify - Perform advanced MiTM attacks on websites with ease.
https://hakin9.org/injectify-perform-advanced-mitm-attacks-on-websites-with-ease/

Internet Explorer and Windows zero-day exploits used in Operation PowerFall
https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/

The Dark Web: DDoS Attacks Selling For Less Than a Tenner
https://techround.co.uk/tech/dark-web-ddos-attacks-tenner/

Dark Web Price Index 2020
https://www.privacyaffairs.com/dark-web-price-index-2020/

How AppTrana Managed Cloud WAF Tackles Evolving Attacking Techniques
https://thehackernews.com/2020/08/apptrana-managed-cloud-waf.html

F.商業
中華電信聲明稿 數位身分證 (eID)無資安疑慮
https://reurl.cc/GrrnNG

關貿網路針對 EZWay 系統 服務說明
https://money.udn.com/money/story/5635/4793373

F5最新調查顯示75%的消費者認為不需為自我的資訊安全負責
https://times.hinet.net/news/23011132

面對資安新挑戰 微軟:導入AI可減少90%資安警示
https://money.udn.com/money/story/5612/4779992

Trend Micro與No More Ransom共同對抗勒索病毒,解密超過7,700萬份檔案
https://www.techbang.com/posts/80555-trend-micro-and-no-more-ransom-are-fighting-the-ransomware-virus-declassifying-more-than-77-million-files

【臺灣資安大會直擊】製造商想要做好連網家電資安,需要更快分析大量威脅!Panasonic建立情資平臺來改善分析工作
https://www.ithome.com.tw/news/139427

資安即國安 聚誠國際推動資安自動化響應
https://money.udn.com/money/story/11799/4788547

台灣資安布局民間不缺席 訊苗科技推加密通訊
https://www.taiwannews.com.tw/ch/news/3992118

中華電信新增全新雲端GPU主機 資安F5應用再升級
https://www.chinatimes.com/realtimenews/20200818003515-260410?chdtv

出現盜版危機?微軟遊戲新作《模擬飛行2020》上市當天 就被駭客破解
https://udn.com/news/story/10222/4795511

擺脫資安疑慮 Zoom在新加坡開設新數據中心
https://ec.ltn.com.tw/article/breakingnews/3264638

微軟Defender ATP新增惡意行為封鎖功能
https://www.ithome.com.tw/news/139497

Microsoft 365 將於 2021 年 8 月 17 日 終止支援 IE
https://www.pcmarket.com.hk/2021817-microsoft365-discontinue-support-internet-explorer/

趨勢漏洞懸賞計畫 成漏洞公開揭露市場領導者
https://money.udn.com/money/story/5613/4796928

Microsoft's Control Flow Guard comes to Rust and LLVM compilers
https://www.zdnet.com/article/microsofts-control-flow-guard-comes-to-rust-and-llvm-compilers/#ftag=RSSbaffb68

Microsoft brings Windows Subsystem for Linux 2 to Windows 10 1903 and 1909
https://www.zdnet.com/article/microsoft-brings-windows-subsystem-for-linux-2-to-windows-10-1903-and-1909/#ftag=RSSbaffb68

G.政府
蔡英文:提升數位國力,加速成立數位發展部、布局AI和物聯網,打造世界信賴的資安產業鏈
https://www.ithome.com.tw/news/139312

【臺灣資安大會直擊】NCC:明年1月初將成立國家級通訊軟體安全實驗室
https://www.ithome.com.tw/news/139340

加速成立「數位發展部會」 總統:打造世界級資安產業
https://www.chinatimes.com/newspapers/20200812002002-260202?chdtv

資安即國安! 總統宣示資安產業四大目標
https://reurl.cc/3L1029

【獨家/共諜案】駭客又想竊蔡英文病歷? 健保署長證實:上周抓到1起已封殺
https://tw.appledaily.com/life/20200813/AW7UKIZGPL3YU3XZBIVRVDYHPA/

共諜鎖定竊蔡英文病歷 府:持續提升資安防護
https://tw.appledaily.com/politics/20200813/M5QSXOYOVSOF6V2FX3SKD4SICI/

傳駭客想取得總統病歷 健保署:每天都有駭客入侵健保系統遭擋
https://m.ltn.com.tw/news/life/breakingnews/3259268

【共諜案】蔡英文病歷是國家機密有4道保護! 台北榮總僅1人可看
https://tw.appledaily.com/life/20200813/26JOLBH4CUDYYADJ2OB3MCPYKE/

竊蔡英文病例得先有「3張卡」 健保署:上週曾遭駭客攻擊已擋下
https://health.ettoday.net/news/1783936

陸軍中校淪共諜 偷拍作戰情資售中遭逮
https://tw.appledaily.com/headline/20200813/D5FPOE2UC73D5EUOBWNR4LGUH4/

離譜!陸軍再爆情報官作戰情資賣中國 國防部緊急補破網
https://tw.appledaily.com/politics/20200812/Y7WYDSPH2CB3F2GUZ6H6BD5BGY/

第3作戰區電腦輔助指揮所演習 發揮訓練成效
https://reurl.cc/6lgrZ5

免費的最貴1/冒名包裹竄市 EZWay APP實名制挨批做半套
https://www.ctwant.com/article/67654

免費的最貴2/EZWay花兩年試辦 網友差評不斷怨被當白老鼠
https://reurl.cc/m9n6vV

資安治理成熟度評估機制介紹
https://reurl.cc/6l2VZk

資通安全管理法子法介紹
https://roddayeye.pixnet.net/blog/post/326706903

【數位身分證傳弊】數位身分證標案遭控涉弊 檢調積極偵辦
https://www.mirrormedia.mg/story/20200817inv008/

政院:資安黑名單 持續討論尚未有結論
https://money.udn.com/money/story/7307/4790692

政府資訊作業委外安全管理
https://ppt.cc/fGJb4x

臺南市府已部署資安防護 嚴防政府委外廠商成資安破口
https://www.tainan.gov.tw/News_Content.aspx?n=13371&s=7704200

H.工控系統/ICS/SCADA 相關資安
Marvell QConvergeConsole 路徑遍歷漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17389

施耐德電機 EcoStruxure IT Expert 90 天免費試用
http://www.netadmin.com.tw/netadmin/zh-tw/snapshot/B65092BFBC75446FAE08A2AD5799FE17

避免工廠成為駭客組織的提款機 智慧製造資安防護不可輕忽
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000591738_uvt8xtw52wbfqz9two5ih

Moxa以次世代入侵防禦系統保護自動化關鍵設備
https://www.digitimes.com.tw/iot/article.asp?cat=130&id=0000591925_UEA8F6CR3972QE4XORYOK

Seowon Intech SLC-130和SLR-120S 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17456

【2020 資安大會】Moxa:智慧電網恐成破口,大型工業與民生用電成駭客目標
https://buzzorange.com/techorange/2020/08/19/2020-cybersec-moxa/

I.教育訓練
常見網路埠(PORT)滲透(駭入) 黑客/駭客筆錄 – jashliao部落格
https://zi.media/@jashliaoeuwordpress/post/QoGhdi

BurpSuite Series- Payload Processing Rules Working – Part 1
https://hackersonlineclub.com/burpsuite-series-payload-processing-rules-working/

BurpSuite Series- Payload Processing Rules – Part 2
https://hackersonlineclub.com/burpsuite-payload-processing-rules-part-2/

How To Setup Proxychains In Kali Linux - #2 - Change Your IP
https://www.youtube.com/watch?v=FtFTh-KVjsA

How to stay anonymous using Proxy-chains || Part 2
https://www.youtube.com/watch?v=R7q7uKtF5lI

靶機練習- ATT&CK紅隊實戰靶場 環境搭建和漏洞利用
https://www.cnblogs.com/sallyzhang/p/13427634.html

I Heart Logs: Event Data, Stream Processing, and Data Integration
https://www.confluent.io/ebook/i-heart-logs-event-data-stream-processing-and-data-integration/

正版0Day 安全 軟件漏洞分析技術第二版
https://bbs.pediy.com/thread-261526.htm

應急響應 網絡安全的預防 發現 處置和恢復 漏洞響應技術人才培養案例解析 APT攻擊保障 【思利科技】
https://www.ruten.com.tw/item/show?22034171609500

【偉瀚 資安08TL】全新現貨 駭客秘笈 滲透測試實用指南(第2版)書少請詢問9787115442451人民(簡體書)
https://www.ruten.com.tw/item/show?21733938485036

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
【資安大會直擊】如何做好Linux物聯網裝置資安?專家呼籲要從慎選核心開始
https://www.ithome.com.tw/news/139528

Healthcare Industry Sees Respite From Attacks in First Half of 2020
https://reurl.cc/odDA23

20 種「AI 犯罪」危險度大排名,Deepfake 引領其他 5 種 AI 成新型犯罪催化劑
https://technews.tw/2020/08/11/ai-experts-rank-deepfakes-and-19-other-ai-based-crimes-by-danger-level/

【臺灣資安大會直擊】揚名美日資安新創第一手AI研發秘訣,奧義從失敗練出10道資安ML開發課題
https://www.ithome.com.tw/news/139367

智慧化萬物聯網時代來臨工業網路資安風險拉警報
https://news.pchome.com.tw/living/cdnews/20200820/index-59792987290094250009.html

6.近期資安活動及研討會
DevDays Asia 2020 Online 亞太技術年會 8/25 8/26
https://seminar.ithome.com.tw/public/live/devdays/

ClassNK 2020台灣技術研討會 8/26北高登場
https://times.hinet.net/news/23003850

自然語言處理技術再進化,Google BERT讓聊天機器人更能理解人類意圖,進入全新境界 8/22
https://www.techbang.com/posts/78985-course-bert-technology-practice

資安事故處理實務課程-109年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」 8/22
https://www.cisanet.org.tw/News/activity_more?id=MTUyOA==

SDN x Cloud Native Meetup - Webinar 海外篇 #5  8/22
https://www.meetup.com/CloudNative-Taiwan/events/272097499/

NISRA Enlightened 2020 8/24
https://nisra.kktix.cc/events/2020enlightened

中華電信學院  109 年 暑期 CCNA 網通證照實戰營(高雄) 8/24
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=172

「物聯網世界新常態的資安挑戰和機會研討會」 8/25
https://www.acw.org.tw/News/Detail.aspx?id=1142

中華電信學院 無人機操控證照輔導班 基本級2KG以下(高雄平日全科班) 8/22 ~ 8/28
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=166

開源碼網管軟體實作(高雄上機實作)8/26
https://tacert.mis.nsysu.edu.tw/p/404-1257-207353.php

中華電信學院 資通安全專業課程訓練 勒索軟體與釣魚平台防護實務 8/27 ~ 8/28
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=63

智慧工控與智慧電網資安風險與防護研討會 8/28
https://www.beclass.com/rid=2443d1b5f23d8632b23a

交通大學亥客書院 新世代企業資安治理: 現今企業經營所面臨之挑戰 8/28
https://hackercollege.nctu.edu.tw/?p=1190

中華電信學院 資通安全專業課程訓練 網站弱點偵測與防護管理 9/4
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=58

交通大學亥客書院 電子郵件之偽造攻擊與防護措施 9/5
https://hackercollege.nctu.edu.tw/?p=1203

台灣駭客年會 HITCON Training 2020 9/5
https://hitcon.kktix.cc/events/hitcon-training-2020

台灣駭客年會 HITCON Training 2020 - 學生報名 9/5
https://hitcon.kktix.cc/events/hitcon-training-2020-student

認證系統安全從業人員 SSCP 輔導班 9/5 ~ 9/13
https://www.iiiedu.org.tw/courses/asq902t2001/

中華電信學院 資通安全專業課程訓練 物聯網資安威脅與實務 9/9 ~ 9/11
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=54

邊緣計算系統之大數據與深度學習應用 9/11
https://reurl.cc/62OD9k

HITCON 2020 台灣駭客年會 9/11
https://hitcon.kktix.cc/events/hitcon-2020

交通大學亥客書院 基礎網頁安全與滲透測試 9/12
https://hackercollege.nctu.edu.tw/?p=1205

數據分析與機器學習案例實務(二)應用實例 上課時間:    2020/9/14 (一)     09:30 ~ 16:30
https://reurl.cc/1xAoMp

【單元課程班-認列董監進修時數】開始報名, 「資安戰略對企業發展關鍵意義及資安治理與防護」109/10/15
https://reurl.cc/AqGdlQ

中華電信學院 資通安全專業課程訓練 Web應用滲透測試 9/16 ~ 9/17
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=167

邊緣計算系統之大數據與深度學習應用 上課時間:    2020/9/18 (五)     09:30 ~ 16:30
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3895&from_course_list_url=homepage

交通大學亥客書院 緩衝區溢位攻擊與預防 10/17
https://hackercollege.nctu.edu.tw/?p=1207

中華電信學院 自主式移動機器人ROS開發實戰班 10/20 ~ 10/23
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=188

交通大學亥客書院 入侵行為發覺與應變指南 10/24
https://hackercollege.nctu.edu.tw/?p=1214

交通大學亥客書院 進階網頁滲透測試 10/31
https://hackercollege.nctu.edu.tw/?p=1216

交通大學亥客書院 阻斷服務攻擊/分散式阻斷服務攻擊/Botnet 11/7
https://hackercollege.nctu.edu.tw/?p=1218

交通大學亥客書院 基礎網站安全建構實務 11/14
https://hackercollege.nctu.edu.tw/?p=1220

交通大學亥客書院 系統防護及內網威脅通報應變實戰班 11/17、11/24
http://service.tabf.org.tw/tw/user/409646/course1-4.htm

交通大學亥客書院 惡意程式檢測實務 11/21 11/28
https://hackercollege.nctu.edu.tw/?p=1222

交通大學亥客書院 高階網頁滲透測試 12/5 12/12
https://hackercollege.nctu.edu.tw/?p=1224

交通大學亥客書院 系統滲透測試與漏洞利用 12/19
https://hackercollege.nctu.edu.tw/?p=1226

交通大學亥客書院 AI於資訊安全之應用 2021/1/9 1/16
https://hackercollege.nctu.edu.tw/?p=1228

交通大學亥客書院 企業網域控管-Active Directory攻擊與防禦 2021/1/23
https://hackercollege.nctu.edu.tw/?p=1230



沒有留言:

張貼留言

2024年 12 月份資安、社群活動分享

  2024年 12 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/3 https://www.meetup.com/taiwan-code-camp/e...