資安事件新聞週報 2020/8/3 ~ 2020/8/7
1.重大弱點漏洞/後門/Exploit/Zero Day
D-Link DIR-816L命令注入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15893
GRUB 多個漏洞
https://www.hkcert.org/my_url/zh/alert/20073004
Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems
https://thehackernews.com/2020/07/grub2-bootloader-vulnerability.html
全球數十億筆電與伺服器危矣!BootHole漏洞無差別攻擊Linux及Windows作業系統
https://reurl.cc/O1dOeD
Vulnerability Spotlight: Microsoft issues security update for Azure Sphere
https://blog.talosintelligence.com/2020/07/vuln-spotlight-azure-sphere-july-2020.html
Netgear 產品遠端執行任意程式碼漏洞
https://kb.netgear.com/000062158/Security-Advisory-for-Pre-Authentication-Command-Injection-on-R8300-PSV-2020-0211
https://kb.netgear.com/000062127/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-R6700v3-PSV-2020-0202
資安防護有漏洞?IG傳偷開用戶攝像頭 官方回應:系統程式錯誤
https://life.tw/?app=view&no=1117657
從 MicroStrategy 入手發現 Facebook 的 XSS 漏洞
https://www.chainnews.com/zh-hant/articles/279335819156.htm
多款Qualcomm產品资源管理錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11120
蘋果 Face ID / Touch ID 安全晶片傳漏洞!無法修復、iPhone 5S 後續機種中招
https://3c.ltn.com.tw/news/41234
華碩路由器遠端執行漏洞通告
https://blog.csdn.net/weixin_45728976/article/details/107794706
ABUS Secvest FUMO5011 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14158
Cisco SD-WAN高危漏洞 (CVE-2020-3374,CVE-2020-3375)
https://www.nsfocus.com.cn/html/2020/39_0731/952.html
17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers
https://thehackernews.com/2020/07/windows-dns-server-hacking.html
Nexus Repository Manager 遠程代碼執行漏洞預警(CVE-2020-15871)
https://www.huaweicloud.com/notice/2018/20200801232406320.html
Nexus Repository Manager 遠程代碼執行漏洞(CVE-2020-15871)
https://nosec.org/home/detail/4518.html
Nexus Repository Manager CVE-2020-15869
https://support.sonatype.com/hc/en-us/articles/360051424554-CVE-2020-15869-Nexus-Repository-Manager-3-Reflection-XSS-7-29-2020
Nexus Repository Manager CVE-2020-15870
https://support.sonatype.com/hc/en-us/articles/360051424754-CVE-2020-15870-Nexus-Repository-Manager-3-Reflection-XSS-7-29-2020
Nexus Repository Manager CVE-2020-15871
https://support.sonatype.com/hc/en-us/articles/360052192693-CVE-2020-15871-Nexus-Repository-Manager-3-Remote-Code-Execution-7-29-2020
Nexus Repository Manager 遠程代碼執行漏洞風險通告,騰訊雲鏡可以檢測
https://s.tencent.com/research/bsafe/1067.html
Google: Eleven zero-days detected in the wild in the first half of 2020
https://www.zdnet.com/article/google-eleven-zero-days-detected-in-the-wild-in-the-first-half-of-2020/
Windows 10 2004: New update fixes all these problems, says Microsoft
https://www.zdnet.com/article/windows-10-2004-new-update-fixes-all-these-problems-says-microsoft/
Mac用戶小心被駭客入侵!Microsoft Office被爆資安漏洞 微軟與蘋果討論防堵
https://www.ettoday.net/news/20200806/1778244.htm
駭侵者可利用 Zoom 資安漏洞,以暴力試誤法破解私人視訊會議密碼
https://www.twcert.org.tw/tw/cp-104-3821-03ba2-1.html
Red Hat JBoss 多個漏洞
https://access.redhat.com/errata/RHSA-2020:3209
IBM WebSphere Application Server 多個漏洞
https://www.ibm.com/support/pages/node/6254704
Cisco Talos團隊披露Microsoft Azure Sphere多個安全漏洞
https://www.freebuf.com/vuls/245378.html
華碩路由器遠程代碼執行漏洞通告
https://cert.360.cn/warning/detail?id=81fd25539ed87e395f360e9094196da4
FortiOS SSL VPN 2FA bypass by changing username case
https://fortiguard.com/psirt/FG-IR-19-283
微軟Chromium Edge連出兩包
https://www.ithome.com.tw/news/139175
IBM 多款產品爆出漏洞,或嚴重影響银行等金融機構
https://finance.jrj.com.cn/tech/2020/08/04154430423742.shtml
安全研究人员披露Ledger安全漏洞
https://www.bitcoin86.com/live/81869.html
Grandstream 四個安全漏洞的影響
https://www.freebuf.com/vuls/245546.html
Meetup安全漏洞可讓駭客接管社團以及金流
https://www.ithome.com.tw/news/139205
Twitter又曝新漏洞:Android用戶私人數據面臨泄露風險
https://reurl.cc/ex06lR
Vulnerability Spotlight: Two vulnerabilities in SoftPerfect RAM Disk
https://blog.talosintelligence.com/2020/08/softperfect-file-deletion-vuln-spotlight-aug-2020.html
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
7家銀行串接Mydata平台 辦信用卡免財力證明
https://reurl.cc/9Ego0V
Visa數據顯示今年上半年電子支付大幅成長16%,疫情已改變消費行為
https://reurl.cc/arQ2M9
不只純網銀要來 電支電票整合可望變身「微銀行」
https://news.cnyes.com/news/id/4510499
樂天網銀開幕前 董座簡明仁說資訊人員聘用很艱苦
https://udn.com/news/story/7239/4762786?from=udn-ch1_breaknews-1-cate6-news
四大資安威脅 金管會要求營運中斷不逾4小時
https://m.ctee.com.tw/livenews/aj/a91617002020080618211775?area=
金管會推金融資安懶人包 金融業強制設資安長門檻出爐
https://news.cnyes.com/news/id/4512173
31家金融機構 須設資安長
https://udn.com/news/story/7239/4762025
金管會推動「金融資安行動方案」,追求安全便利不中斷的金融服務目標
https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202008060003&toolsflag=Y&dtable=News
〈永豐金法說〉進行數位組織改造 資安拉至金控層級 瞄準兩大戰場
https://news.cnyes.com/news/id/4511458?exp=a
小心!有人冒充銀行工作人員利用閃付漏洞盜刷信用卡
https://finance.sina.com.cn/money/bank/bank_hydt/2020-08-03/doc-iivhuipn6626614.shtml
Carding and black box attacks: common ATM hacking techniques by Dominique René
https://hakin9.org/carding-and-black-box-attacks-common-atm-hacking-techniques/
3.電子支付/行動支付/pay/資安
「電支條例修正案」擴大開放電支業務五大亮點
https://www.inside.com.tw/article/20536-e-payment-regulation
4.加密貨幣/挖礦/區塊鍊 資安
加密資產的安全就該交給「運氣」?談交易所投保的重要性
https://blockcast.it/2020/07/31/keeping-cryptocurrency-secure-is-your-exchange-insured/amp/
區塊鏈資安月報:7月共發生安全事件32起,虛擬貨幣詐騙案件氾濫
https://www.blocktempo.com/monthly-digital-currency-security-report-by-peckshield/
你的「紙錢包」可能不安全!私鑰盜竊問題叢生,資安新創 CYBAVO 詳列危險清單
https://www.blocktempo.com/is-your-cryptocurrency-wallet-safe-cybavo/
確保網路安全!以太坊基金會擬組建ETH 2.0安全團隊
https://news.knowing.asia/news/05ec56f3-2f5a-45b8-95c1-ed37f8bfc14c
新應用、新業態正在快速落地,區塊鏈安全如何保障
https://news.sina.com.tw/article/20200806/35968542.html
An Introduction to Substrate - Building Blockchains the Easy Way
https://www.crowdcast.io/e/ocimgwg2/register
A Beginner’s Guide to Blockchain Programming by Febin John James
https://hakin9.org/a-beginners-guide-to-blockchain-programming/
China arrests over 100 people suspected of involvement in PlusToken cryptocurrency scam
https://www.zdnet.com/article/china-arrests-over-100-people-suspected-of-involvement-in-plustoken-cryptocurrency-scam/
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
假扮成 TikTok 替代程式的惡意軟體,在印度藉由 WhatsApp 等管道肆虐
https://www.twcert.org.tw/tw/cp-104-3819-bbf10-1.html
特別針對臺灣的惡意程式Taidoor又來了!美國政府與警方警告,中國政府支持的駭客正以此變種發動攻擊
https://www.ithome.com.tw/news/139193
中共間諜軟件「泰門」新版出現!美權威警告
https://www.soundofhope.org/post/408094?lang=b5
美示警 中國木馬軟體正發動攻擊
https://tw.appledaily.com/headline/20200805/PIOVVUBIIE2MN5J32YS33YRLOI/
美警告:中共利用Taidoor網攻竊密
https://news.ltn.com.tw/news/world/paper/1391077
Ensiko:具備勒索病毒能力的網站指令介面工具 (Webshell)
https://blog.trendmicro.com.tw/?p=65396
英美政府:QNAP NAS 遭感染 6.2 萬台,SSH 後門開啟+無法更新
https://technews.tw/2020/08/01/62000-qnap-nas-devices-infected-with-persistent-qsnatch-malware/
鎖定Windows平臺的惡意程式TrickBot開始攻擊Linux裝置
https://www.ithome.com.tw/news/139180
Canon先後發生雲端遭駭及Maze勒索軟體攻擊
https://www.ithome.com.tw/news/139234
旅遊管理業者CWT遭勒索軟體攻擊,與駭客的談判過程全曝光
https://www.ithome.com.tw/news/139198
Garmin被綁1/電腦遭駭客綁架 關鍵2檔案曝光
https://www.ctwant.com/article/65402
Garmin被綁2/勒索軟體爆發 全球線上服務斷線4天
https://reurl.cc/KkVx19
Garmin被綁3/Wasted Locker從歐洲入侵 知情人士:非直接付贖金
https://www.ctwant.com/article/65404
Garmin被綁4/Wasted Locker 5月才被發現 專家:水坑式攻擊法
https://reurl.cc/qdMmeg
Garmin被綁5/如何避免勒索軟體 專家:人才是重點
https://www.ctwant.com/article/65406
Microsoft Edge is malware, says angry Windows 7 user
https://www.zdnet.com/article/microsoft-edge-is-malware-says-angry-windows-7-user/
GandCrab ransomware distributor arrested in Belarus
https://www.zdnet.com/article/gandcrab-ransomware-distributor-arrested-in-belarus/#ftag=RSSbaffb68
QNAP urges users to update Malware Remover after QSnatch alert
https://www.bleepingcomputer.com/news/security/qnap-urges-users-to-update-malware-remover-after-qsnatch-alert/
GandCrab ransomware operator arrested in Belarus
https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-operator-arrested-in-belarus/
Linux warning: TrickBot malware is now infecting your systems
https://www.bleepingcomputer.com/news/security/linux-warning-trickbot-malware-is-now-infecting-your-systems/
TrickBot Malware Warning Victims of Infection by Mistake
https://www.tripwire.com/state-of-security/security-data-protection/trickbot-malware-warning-victims-of-infection-by-mistake/
RATicate malware gang goes commercial
https://nakedsecurity.sophos.com/2020/07/14/raticate-malware-gang-goes-commercial/
Confirmed: Garmin received decryptor for WastedLocker ransomware
https://www.bleepingcomputer.com/news/security/confirmed-garmin-received-decryptor-for-wastedlocker-ransomware/
WastedLocker: technical analysis
https://securelist.com/wastedlocker-technical-analysis/97944/
Ransomware is Still a Blight on Business
https://blog.trendmicro.com/ransomware-is-still-a-blight-on-business/
Ransomware: Why the internet's biggest headache refuses to go away
https://www.zdnet.com/article/ransomware-why-the-internets-biggest-headache-refuses-to-go-away/
Confirmed: Garmin received decryptor for WastedLocker ransomware
https://www.bleepingcomputer.com/news/security/confirmed-garmin-received-decryptor-for-wastedlocker-ransomware/
NetWalker ransomware gang has made $25 million since March 2020
https://www.zdnet.com/article/netwalker-ransomware-gang-has-made-25-million-since-march-2020/#ftag=RSSbaffb68
GandCrab ransomware distributor arrested in Belarus
https://www.zdnet.com/article/gandcrab-ransomware-distributor-arrested-in-belarus/#ftag=RSSbaffb68
Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
https://blog.trendmicro.com/trendlabs-security-intelligence/mirai-botnet-exploit-weaponized-to-attack-iot-devices-via-cve-2020-5902/
Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
https://documents.trendmicro.com/assets/IoCs_Appendix_Mirai-Botnet-Exploit-Weaponized-to-Attack-IoT-Devices-via-CVE-2020-5902.pdf
MassLogger: An Emerging Spyware and Keylogger
https://www.seqrite.com/blog/masslogger-an-emerging-spyware-and-keylogger/
CISA, DOD, FBI expose new Chinese malware strain named Taidoor
https://www.zdnet.com/article/cisa-dod-fbi-expose-new-chinese-malware-strain-named-taidoor/#ftag=RSSbaffb68
New infection chain of njRAT variant
https://blog.360totalsecurity.com/en/new-infection-chain-of-njrat-variant/
Take a “NetWalk” on the Wild Side
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/take-a-netwalk-on-the-wild-side/
Canon hit by Maze Ransomware attack, 10TB data allegedly stolen
https://www.bleepingcomputer.com/news/security/canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen/
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G
中國盤古團隊發現蘋果Secure Enclave晶片存在「不可修補」漏洞
https://kknews.cc/tech/m9pzvj6.html
Zoom 又爆安全漏洞 - 會議預設 6 位純數字密碼,幾分鐘就可破解
https://hk.xfastest.com/63984/zoom-security-breakthrough/
Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes
https://thehackernews.com/2020/07/zoom-meeting-password-hacking.html
資安風暴延燒 美議員要求司法部調查Zoom和TikTok
https://reurl.cc/Y1LyYl
抖音有何懼 壟斷洩密竊個資
https://www.chinatimes.com/newspapers/20200802000339-260108?chdtv
北京法院認證 抖音侵個資
https://www.ydn.com.tw/News/391744
應用程式資安漏洞多!小工具App易成詐騙溫床 訂閱費帳單嚇死人
https://reurl.cc/Mvn1y4
蘋果設備遭爆存在「無法修復」的漏洞!影響範圍遍及5代iPhone
https://www.ettoday.net/news/20200803/1775962.htm
美將對中國APP「採取行動」 陸外交部:典型雙重標準
https://www.ettoday.net/news/20200803/1776041.htm
中共訊息戰武器 TikTok涉資安疑慮或遭禁
https://www.ntdtv.com/b5/2020/08/03/a102909658.html
盤古團隊發現硬件級不可修復漏洞:iOS 14能完美越獄
https://reurl.cc/qdMpzp
Android 版 AirDrop 終於上線了!兩大品牌手機搶先使用
https://3c.ltn.com.tw/news/41241
印度擴大禁用中國手機App 小米百度遭殃
https://www.cna.com.tw/news/firstnews/202008060114.aspx
TikTok投資5億美元在愛爾蘭建大型資料中心 宣示維護資安決心
https://news.cnyes.com/news/id/4511770
日本大阪等地停用TikTok官方帳號 稱需釐清資安疑慮
https://reurl.cc/9EdWoj
一款支付功能 App 存在提現漏洞 被“抓包軟件”抓走 14 萬
https://www.chainnews.com/zh-hant/articles/838279189120.htm
資安防護有漏洞?IG傳偷開用戶攝像頭 官方回應:系統程式錯誤
https://reurl.cc/GVzbLD
打假消息有一套!WhatsApp「放大鏡」替你查真偽、病毒資訊只能轉發一人
https://news.sina.com.tw/article/20200805/35956382.html
Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts
https://thehackernews.com/2020/08/apple-touchid-sign-in.html
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
趨勢科技研究機構披露舊程式語言的設計缺陷與漏洞
https://times.hinet.net/news/23001634
刑事局破獲非法侵權機上盒公司 竟播放未成年猥褻影片
https://udn.com/news/story/7315/4752004
侵權數千萬元!非法中國機上盒「夢想」看免錢 經銷商被逮
https://m.ltn.com.tw/news/society/breakingnews/3248317
盜版、色情片大放送!中國製「夢想機上盒」與中國工程師合作,警方:有嚴重資安問題
https://buzzorange.com/2020/08/04/set-box-of-dreamtv-is-illegal/
最新電影、A片 免費看 中國機上盒侵權3800萬
https://m.ltn.com.tw/news/society/paper/1390772
夢想機上盒盜播侵權近4千萬 刑事局破獲逮10嫌
https://www.setn.com/News.aspx?NewsID=791219
Juiker正式聲明:遭駭與中資介入均屬不實謠言
http://www.netadmin.com.tw/netadmin/zh-tw/trend/867BFBA714C0456DBFB8E4928D2952D4
面對中國的監控技術,逃避不切實際,如何找到辦法與之共存
https://www.businessweekly.com.tw/international/blog/3003372
AI智鬥駭客,數位戰警網路掃黑
https://scitechvista.nat.gov.tw/c/sTvx.htm
Garmin 系統中斷事件第六天宣告陸續恢復,官方首認是「網路攻擊」
https://saydigi-tech.com/2020/07/garmin-back-to-normal.html
網路媒體誤發新聞是系統被入侵?NOWnews表示已報案,但外界霧裡看花
https://www.ithome.com.tw/news/139154
鎖定大型雲端服務裡的Docker伺服器下手的後門程式,竟透過區塊鏈產生與C&C中繼站連線的網址
https://times.hinet.net/news/22994991
被問是否遭陸竊機密 美科技四巨頭僅一家說有
https://www.chinatimes.com/realtimenews/20200731003748-260408?chdtv
駭客亂給資料客服沒檢查?知名《虹彩六號》YouTuber遊戲帳戶遭封鎖
https://game.udn.com/game/story/10453/4745108
資安存疑!川普表態封殺 傳微軟洽談收購TikTok喊卡
https://www.setn.com/News.aspx?NewsID=790055
【澳洲疫情】民眾千方百計避入境隔離 昆士蘭被迫收緊邊境管制
https://reurl.cc/ex0mOb
梵諦岡曾遭中國駭客組織攻擊
https://pttstudy.com/ia/M.1596279516.A.517.html
美國新冠疫苗公司疑遭中國駭客入侵!中國外交發言人:造謠污衊
https://newtalk.tw/news/view/2020-07-31/444125
接連被控竊疫苗機密 中國氣噗噗:我們領先不必靠偷
https://news.ltn.com.tw/news/world/breakingnews/3247690
佐柏格指中國竊機密後 疫苗龍頭廠莫德納證實官網被駭入
https://www.ftvnews.com.tw/news/detail/2020731I10M1
中駭客攻擊疫苗研發公司 莫德納疑淪目標
https://life.tw/?app=view&no=1115922
國際產經:新冠疫苗研發商摩德納遭中國駭客鎖定
https://reurl.cc/ZODmNl
中駭客攻擊疫苗研發公司 莫德納疑淪目標
https://www.ftvnews.com.tw/news/detail/2020731W0072
Moderna遭狙擊?傳中國駭客為新冠疫苗出手
https://ctee.com.tw/news/global/310971.html
美國控中國駭客攻擊疫苗研發公司 欲偷貴重資料
https://www.cna.com.tw/news/firstnews/202007310114.aspx
吳奕軍專欄:被「紅色滲透」多年 比利時不忍了
https://www.upmedia.mg/news_info.php?SerialNo=92682
北極星行動:朝鮮駭客針對美國國防和航空太空公司
https://ek21.com/news/tech/208433/
聯合國報告:北韓研發出小型核彈頭
https://reurl.cc/E7qpa0
趁機挑撥離間? 「中國人」狂罵印度 印媒 :很多是巴基斯坦假帳號
https://newtalk.tw/news/view/2020-08-04/445672
印度資安機構:核動力潛艦可能已成中國駭客目標
https://www.inside.com.tw/article/20570-Central-Security-Service-report-china-hacker-more-active
巴基斯坦電視台遭駭客入侵出現印度國旗畫面
https://reurl.cc/lV3n5E
印度安全機構:中國駭客活動增強 蒐集國安情資
https://money.udn.com/money/story/5599/4754213
美政府祭千萬美元查緝協助外國干擾選舉的人士
https://www.ithome.com.tw/news/139236
中共網絡間諜被捕突顯社交招聘網站漏洞
https://gnews.org/zh-hant/281990/
歐盟首次製裁俄、中、朝駭客
https://www.bannedbook.org/bnews/zh-tw/comments/20200731/1372620.html
歐盟首次針對重大網絡攻擊實施制裁,向美國看齊
https://reurl.cc/5l7GxR
美國政府政策立場社論:打擊網絡犯罪
https://www.voacantonese.com/a/editorial-fighting-cybercrime-20200805-ry/5531265.html
美國宣布「清網」 祭6大措施排擠中國
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=9&id=0000590942_231LLLI63EM4ER3QMS8PV
美擴大乾淨網路計畫 擬封殺具資安風險中國App
https://money.udn.com/money/story/10511/4760173
制裁網路犯罪!歐盟點名中國及北韓企業、俄國軍情局
https://newtalk.tw/news/view/2020-07-31/443919
國際要聞:歐盟就網路攻擊制裁俄羅斯、中國、北韓
https://reurl.cc/O1dOQv
歐盟首度制裁網攻 俄「中」北韓入列
https://www.ydn.com.tw/News/391739
守護資安 歐盟首次動用數位制裁 對俄中北韓機構個人開罰
https://money.udn.com/money/story/5602/4746566
EU sanctions hackers from China, Russia, North Korea who're wanted by the FBI
https://thehackernews.com/2020/07/sanctions-against-wanted-hackers.html
New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks
https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html
Is Your Security Vendor Forcing You To Move to the Cloud? You Don't Have To
https://thehackernews.com/2020/07/cloud-security-endpoints.html
CWT Travel Agency Faces $4.5M Ransom in Cyberattack, Report
https://threatpost.com/cwt-travel-agency-ransom-cyberattack-report/157911/
FBI warns of disruptive DDoS amplification attacks
https://www.welivesecurity.com/2020/07/28/fbi-warning-disruptive-ddos-amplification-attacks/
A critical flaw in wpDiscuz WordPress plugin lets hackers take over hosting account
https://securityaffairs.co/wordpress/106638/hacking/wpdiscuz-wordpress-plugin-bug.html
Belarussian authorities arrested GandCrab ransomware distributor
https://securityaffairs.co/wordpress/106701/malware/gandcrab-distrubutor-arrested.html
New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks
https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html
資安SOC一線工程師
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=528812&HIRE_ID=9850711
資安SOC二線工程師
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=528812&HIRE_ID=9850789
資訊管理中心109年第七次專案人力進用-1.研發類-資訊安全
https://www.104.com.tw/job/70fa0
資安工程師
https://www.104.com.tw/job/70fu7
資安工程師/Cloud Security Engineer
https://www.104.com.tw/job/70gbz
(SOC)資安監控中心資安工程師
https://www.104.com.tw/job/70hww
資安監控人員
https://www.104.com.tw/job/70iki
雲端資安與應用服務經理 #6421 K-165
https://www.104.com.tw/job/6zurv
網路工程師(新竹)
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=50778&HIRE_ID=9868853
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
Google打假消息 刪逾2500個中國相關YouTube頻道
https://www.cna.com.tw/news/firstnews/202008060124.aspx
FBI 發出警訊,線上購物相關詐騙案例明顯增加
https://www.twcert.org.tw/tw/cp-104-3826-9fc90-1.html
IBM《資料外洩成本報告》:外洩憑證與雲端配置錯誤為最大的攻擊媒介
https://www.ithome.com.tw/news/139185
藝人粉專被盜頻傳!警官分析詐騙手法 中招就失去管理權限
https://forum.ettoday.net/news/1777154?redirect=1
買個資盜刷信用卡 半年獲利300萬
https://www.chinatimes.com/realtimenews/20200801001487-260402?chdtv
數位三倍券詐騙頻傳!專家教這3招輕鬆查證不上當
https://www.storm.mg/lifestyle/2833366
臉書日本用戶遭駭 至少76005帳號個資外洩
https://tw.appledaily.com/international/20200804/T32M4GQZ3BTHW5QQUYFGHSUNZY/
騙案追縱:釣魚電郵出沒注意 信用卡資料勿亂俾
https://reurl.cc/Nj3WEk
硬體錢包公司爆資安漏洞!Ledger 上百萬用戶電郵遭洩
https://blockcast.it/2020/07/31/ledger-suffered-data-breach-in-late-june/
買個資盜刷信用卡 半年獲利300萬
https://www.chinatimes.com/realtimenews/20200801001487-260402?chdtv
陳自瑤墮入「迷網」 IG遭駭客入侵兼被勒索500蚊美金
https://reurl.cc/xZdRee
電話詐婦30萬! 報警停話後「改打LINE轟炸」
https://reurl.cc/MvnAxm
警方找到推特詐騙案嫌犯,犯案者駭入推特內部Slack工作空間以取得管理員帳密
https://www.ithome.com.tw/news/139171
直播吸毒百人觀看... 隱乳人妻遇駭遭勒索萬元贖金
https://ent.ltn.com.tw/news/breakingnews/3246573
江蕙臉書突重開?!經紀人急喊「駭客入侵」
http://www.nexttv.com.tw/NextTV/News/Home/LatestNews/2020-08-01/219115.html
男國中生網交「姊姊」被騙千元 警攻堅破獲假交友詐騙機房
https://www.chinatimes.com/realtimenews/20200731004842-260402?chdtv
點讚賺外快!女砸4萬加會員 控騙局一場
https://reurl.cc/8G14N7
利用帥哥美女照釣魚 被害人傻傻上勾話數誘騙投資
https://reurl.cc/7XOaLD
搗假交友投資詐欺機房 力破高價防暴門逮13人
https://news.ltn.com.tw/news/society/breakingnews/3245751
謊稱賭博網站有漏洞可獲利騙財 警逮13人送辦
https://www.cna.com.tw/news/asoc/202007310207.aspx
又是詐騙!女網友P手術圖騙同情 熱血台女險匯72萬
https://m.ltn.com.tw/news/society/breakingnews/3249090
騙徒看牙科誆心臟病 女愛心滿滿險被騙72萬
https://www.ctwant.com/article/65676
臉書日本用戶遭駭 至少76005帳號個資外洩
https://tw.appledaily.com/international/20200804/T32M4GQZ3BTHW5QQUYFGHSUNZY/
利用“以租代購”詐騙汽車 五人“鑽空子”非法獲利20余萬元
http://big5.xinhuanet.com/gate/big5/www.js.xinhuanet.com/2020-08/01/c_1126311968.htm
比特幣釣魚的推特駭客遭逮!執法單位重嗆:網路犯罪無法再躲於匿名之後了
https://www.abmedia.io/twitter-hackers-under-arrest/
Twitter「社交工程攻擊」詐騙案的幕後主使被捕
https://reurl.cc/O1dOzD
國際產經:推特調查稱,7月15日駭客事件為透過手機連絡公司員工時入侵系統
https://reurl.cc/WdjnyD
推特被駭 利用名人帳號轉推淨賺10萬美金
https://m.ltn.com.tw/news/world/breakingnews/3246215
推特爆大規模駭客詐騙 幕後首腦竟是17歲少年
https://ec.ltn.com.tw/article/breakingnews/3246452
名人推特帳戶遭大規模入侵 美起訴三名涉案者
https://www.epochtimes.com/b5/20/7/31/n12298665.htm
Twitter Confirms Spear-Phishing Attack Caused Account Takeover
https://www.infosecurity-magazine.com/news/twitter-spear-phishing/
Twitter An update on our security incident
https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html
Breach of high-profile Twitter accounts caused by phone spear phishing attack
https://www.techrepublic.com/article/breach-of-high-profile-twitter-accounts-caused-by-phone-spear-phishing-attack/
Canadian MSP discloses data breach, failed ransomware attack
https://www.bleepingcomputer.com/news/security/canadian-msp-discloses-data-breach-failed-ransomware-attack/
Maine Intelligence Center Breach Could Snarl Investigations
https://www.govtech.com/security/Maine-Intelligence-Center-Breach-Could-Snarl-Investigations.html
Phishing campaigns, from first to last victim, take 21h on average
https://www.zdnet.com/article/phishing-campaigns-from-first-to-last-victim-take-21h-on-average/
10 billion records exposed in unsecured databases, study says
https://www.welivesecurity.com/2020/07/30/10-billion-records-exposed-unsecured-databases/
Phishing campaigns, from first to last victim, take 21h on average
https://www.zdnet.com/article/phishing-campaigns-from-first-to-last-victim-take-21h-on-average/
FBI Warns of Surge in Fraudulent Shopping Websites
https://www.bankinfosecurity.com/fbi-warns-surge-in-fraudulent-shopping-websites-a-14765
E.研究報告
行政院技術服務中心109年第2季資通安全技術報告
https://ppt.cc/fkznQx
以合法掩護非法 WastedLocker勒索軟體深層分析
http://www.netadmin.com.tw/netadmin/zh-tw/snapshot/8E18D08773064F93B339A511587A0752
深度分析成功入侵Garmin的WastedLocker勒索軟體 為何會如此刁鑽
https://reurl.cc/62WrKZ
java 反序列化漏洞利用思路簡介
https://blog.csdn.net/whatday/article/details/107736196
Mirai 殭屍網路可被用來透過漏洞 CVE-2020-5902攻擊物聯網裝置
https://blog.trendmicro.com.tw/?p=65401
DoH技術遭駭客組織利用,網路安全技術淪竊密工具
https://www.twcert.org.tw/tw/cp-104-3829-4a0ff-1.html
利用最新Apache解析漏洞(CVE-2017-15715)
https://www.yisu.com/zixun/250778.html
IBM WebSphere CVE-2020-4450漏洞分析
https://www.secrss.com/articles/24353
cve-2018-2628 Weblogic反序列化漏洞實現反彈shell
https://blog.csdn.net/whatday/article/details/107720033
從cve2015-1805漏洞入門
https://bbs.pediy.com/thread-261165.htm
WebLogic coherence UniversalExtractor 反序列化 (CVE-2020-14645) 漏洞分析
https://paper.seebug.org/1280/
卡巴斯基報告:Lazarus APT 組織的大型狩獵遊戲
https://paper.seebug.org/1279/
“失控”的 IPv6:觀察 IPv6 網路境安全現狀
https://paper.seebug.org/1277/
Django SQL注入漏洞復現(CVE-2020-7471)
https://www.freebuf.com/vuls/245359.html
Node.js中存在原型污染漏洞,可致Web應用程式遭受DoS和遠端Shell攻擊
https://www.freebuf.com/vuls/245658.html
Opyn ETH Put邏輯漏洞技術分析
https://www.bishijie.com/shendu/119960.html
WordPress聊天外掛含有安全漏洞,允許駭客接管聊天功能
https://www.ithome.com.tw/news/139231
安全專家發現伊朗駭客率先利用DoH暗中竊密
https://www.ithome.com.tw/news/139209
java反序列化漏洞的一些gadget
https://blog.csdn.net/whatday/article/details/107854348
近期幾起資安事件之風險防患討論
https://vocus.cc/@Jerome/5f2a54b9fd89780001f64e83
人、工具、流程再進化 打造現代資安維運中心 加速OODA循環 從戰略層級應變攻擊
http://www.netadmin.com.tw/netadmin/zh-tw/trend/052F244B988E490DBD2D7FBB1CE1D1AD
Incident Response Analyst Report 2019
https://securelist.com/incident-response-analyst-report-2019/97974/
SSH Pentesting Guide
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/SSH%20Pentesting%20Guide.pdf
How we deal with sparse data at SentinelOne
https://medium.com/@Sentinelone_tech/how-we-deal-with-sparse-data-at-sentinelone-26df32ea7a37
SIEM Better Visibility for SOC Analyst to Handle an Incident with Event ID
https://gbhackers.com/siem-for-better-visibility-for-an-analyst-to-handle-an-incident/
CVE-2020-1313 Exploit
https://github.com/irsl/CVE-2020-1313
XRCross (Recon)
https://github.com/pikpikcu/xrcross
V3n0M-Scanner
https://github.com/v3n0m-Scanner/V3n0M-Scanner
DRAKVUF Sandbox
https://github.com/CERT-Polska/drakvuf-sandbox
Ehtools - Framework Of Serious Wi-Fi Penetration Tools
https://hakin9.org/ehtools-framework-of-serious-wi-fi-penetration-tools/
Offense and Defense – A Tale of Two Sides: Group Policy and Logon Scripts
https://www.fortinet.com/blog/threat-research/offense-defense-a-tale-of-two-sides-group-policy-and-logon-scripts
Web App Hacking: Overview and Strategy for Beginners
https://www.hackers-arise.com/post/2017/10/20/web-app-hacking-overview-and-strategy-for-beginners
Python Basics for Hackers, Part 4:How to Find the Exact Location of any IP Address
https://www.hackers-arise.com/post/2016/08/29/how-to-find-the-exact-location-of-any-ip-address
Overworked and burnt out? Cybersecurity pros under more pressure
https://techhq.com/2020/07/overworked-and-burnt-out-cybersecurity-pros-under-more-pressure-than-ever/
Threat Intelligence Fundamentals
https://www.peerlyst.com/posts/threat-intelligence-fundamentals-chiheb-chebbi?trk=site_header
A new approach for Bypassing Windows 10 UAC with mock folders and DLL hijacking
https://www.offensive-hackers.com/2020/08/A-new-approach-for-Bypassing-Windows-10-UAC-with-mock-folders-and-DLL-hijacking.html
Password Spraying Secure Logon for F5 Networks
https://www.n00py.io/2020/08/password-spraying-secure-logon-for-f5-networks/
Kaspersky Uncovers New APT “Mercenary” Group
https://www.infosecurity-magazine.com/news/kaspersky-uncovers-new-apt/
Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates
https://www.fireeye.com/blog/threat-research/2020/07/insights-into-office-365-attacks-and-how-managed-defense-investigates.html
Cybercriminals Targeting Multiple Vulnerabilities in WordPress Plugins
https://www.zscaler.com/blogs/research/cybercriminals-targeting-multiple-vulnerabilities-wordpress-plugins
Crack WPA/WPA2 Wi-Fi Routers with Aircrack-ng and Hashcat by Brannon Dorsey
https://hakin9.org/crack-wpa-wpa2-wi-fi-routers-with-aircrack-ng-and-hashcat/
Bypassing Windows 10 UAC with mock folders and DLL hijacking
https://www.bleepingcomputer.com/news/security/bypassing-windows-10-uac-with-mock-folders-and-dll-hijacking/
Universal Radio Hacker: Investigate Wireless Protocols like a Boss
https://hakin9.org/universal-radio-hacker-investigate-wireless-protocols-like-a-boss/
6 TYPES OF PASSWORD ATTACKS COMMONLY USED BY ETHICAL HACKERS
https://blog.eccouncil.org/6-types-of-password-attacks-commonly-used-by-ethical-hackers/
Xerosploit - Efficient and Advanced Man-In-The-Middle Framework
https://hakin9.org/xerosploit-efficient-and-advanced-man-in-the-middle-framework/
Remote working security challenges urge MFA implementation
https://www.helpnetsecurity.com/2020/07/14/remote-working-security-challenges/
OSINT_TIPS
https://github.com/blaCCkHatHacEEkr/OSINT_TIPS
ESET Threat Report Q2 2020
https://www.welivesecurity.com/2020/07/29/eset-threat-report-q22020/
Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
https://reurl.cc/7X69Eb
Analysis of Android InsecureBank v2 Part 1
https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-1-9e0788ba5552
Analysis of Android InsecureBank v2 Part 2
https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-2-429b4ab4a60f
Analysis of Android InsecureBank v2 Part 3
https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-3-2b3e5843fe91
SOC analyst job description, salary, and certification
https://www.csoonline.com/article/3537510/soc-analyst-job-description-salary-and-certification.html
SOC Analyst: Interview Preparation
https://www.cybrary.it/blog/2017/08/soc-analyst-interview-preparation/
BlackBerry releases new security tool for reverse-engineering PE files
https://www.zdnet.com/article/blackberry-releases-new-security-tool-for-reverse-engineering-pe-files/#ftag=RSSbaffb68
PE Tree
https://github.com/blackberry/pe_tree
ビジネスメール詐欺実態を共同分析、攻撃者の手口と素性が明らかに(マクニカネットワークス、伊藤忠商事)
https://scan.netsecurity.ne.jp/article/2020/08/04/44395.html
ビジネスメール詐欺の実態と対策アプローチ
https://www.macnica.net/pdf/macnica_wp_0729.pdf
Doki Dukes with Kinsing
https://www.lacework.com/doki-dukes-kinsing/
Mitaka
https://github.com/ninoseki/mitaka
US defense and aerospace sectors targeted in new wave of North Korean attacks
https://www.zdnet.com/article/us-defense-and-aerospace-sectors-targeted-in-new-wave-of-north-korean-attacks/
Research Roundup: Recent Probable Charming Kitten Infrastructure
https://threatconnect.com/blog/research-roundup-recent-probable-charming-kitten-infrastructure/
Inter skimming kit used in homoglyph attacks
https://blog.malwarebytes.com/threat-analysis/2020/08/inter-skimming-kit-used-in-homoglyph-attacks/
Black Hat: When penetration testing earns you a felony arrest record
https://www.zdnet.com/article/black-hat-when-penetration-testing-earns-you-a-felony-record/
The disappointment of Australia's new cybersecurity strategy
https://www.zdnet.com/article/the-disappointment-of-australias-new-cybersecurity-strategy/
Black Hat: Hackers can remotely hijack enterprise, healthcare Temi robots
https://www.zdnet.com/article/black-hat-healthcare-senior-living-temi-robots-can-be-hijacked-remotely-by-hackers/
Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack
https://thehackernews.com/2020/08/http-request-smuggling.html
F.商業
每年900萬人成「網路犯罪」受害者 諾頓教你如何安全上網
https://udn.com/news/story/7086/4745513
力抗病毒,資安產業未來 5 年熱度可期
https://technews.tw/2020/07/31/information-security-industry-is-expected-to-be-hot/
提升專業資安團隊工作效率 加速反制攻擊威脅 SOAR統整異質平台 預建流程自動執行回應
http://www.netadmin.com.tw/netadmin/zh-tw/trend/F6E7E0CFB2F14E06ACCA8F67DE1330C9
數聯資安攜手VMware提供資安託管服務
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=13&id=0000590080_f9f1gdl97nu7m91dsh0bn
【超融合系統獨立平臺點將錄(1)NetApp HCI】獨特運算與儲存節點分離架構,提供更靈活、高效的資源運用
https://www.ithome.com.tw/tech/139035
TensorFlow 2.3加入新API解決資料工作管線載入瓶頸
https://www.ithome.com.tw/news/139181
Juniper推出AI故障排除工具使企業網路營運更自動化
https://www.ithome.com.tw/news/139178
蘋果併購行動支付業者Mobeewave
https://www.ithome.com.tw/news/139177
騰訊計畫買下搜狗,將其私有化
https://www.ithome.com.tw/news/139176
取得川普同意,微軟公開表態有意買下TikTok,9月15日以前定案
https://www.ithome.com.tw/news/139174
Google Chrome將顯示廣告主身份、測試Trust API
https://www.ithome.com.tw/news/139173
PyTorch 1.6加入自動混合精度訓練
https://www.ithome.com.tw/news/139184
能搜尋連網裝置與漏洞系統的搜尋引擎 Censys,獲 1,550 萬美元 A 輪融資
https://finance.technews.tw/2020/08/07/censys-a-search-engine-for-internet-devices-raises-series-a/
FBI呼籲私人企業應儘速脫離Windows 7,升級到最新版本
https://www.ithome.com.tw/news/139230
全球新冠疫情迅速蔓延為網路環境帶來新威脅 VMware 網路安全威脅報告:網路攻擊增加態勢和漏洞升級
http://www.netadmin.com.tw/netadmin/zh-tw/snapshot/7A82AD0E621448F68490AB52AB5F4733
Linux基金會成立開源安全基金會,微軟、Google加入
https://www.ithome.com.tw/news/139191
安控、AI影像分析到資安的完美整合 晶睿開創智慧工廠監控新紀元
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000590055_l5w1j3ar44zzxc6fkpkgp
台灣資訊安全協會成立 鏈結產官學產業生態系
https://money.udn.com/money/story/10860/4757875
42家資安業者揪團 建平台走向國際
https://www.ocacnews.net/overseascommunity/article/article_story.jsp?id=260756
日本Nulab軟體開發公司推出全新資安服務「Nulab Pass」
https://twnewshub.com/archives/6622
TikTok投資5億美元在愛爾蘭建大型資料中心 宣示維護資安決心
https://news.cnyes.com/news/id/4511770?exp=a
Kroll聘請Alex Shim以擴大日本網絡風險業務
http://www.businesswirechina.com/hk/news/44113.html
Uniting for better open-source security: The Open Source Security Foundation
https://www.zdnet.com/article/uniting-for-better-open-source-security-the-open-source-security-foundation/#ftag=RSSbaffb68
G.政府
抓漏洞!身分遭盜用怎解?內政部:數位防偽機制比紙本強
https://www.setn.com/News.aspx?NewsID=789445
台大應力所教授吳光鐘真除 今起任國研院長
https://udn.com/news/story/6885/4747196
吳光鐘教授正式接任國家實驗研究院院長 持續優化各中心科研服務
https://times.hinet.net/news/22996797
資安與人權不能政策豪賭 數位身分證十大爭議
https://reurl.cc/mnaEpM
國安局反擊共軍網駭再設新武器平台 不與國防部交流
https://udn.com/news/story/10930/4749278?from=udn-catelistnews_ch2
開放架構白牌興起藏漏洞 NCC嚴審安全維護計劃
https://tw.appledaily.com/property/20200802/4NOPTDVAOPZZDSAV4A6UXD27F4/
行政院通過「電子支付機構管理條例」修正草案
https://reurl.cc/rxNdK4
【紅色危機2】中科院、陸軍官校也輕忽資安 《蘋果》踢爆後才緊急查辦
https://tw.appledaily.com/politics/20200805/533DRITRWKRRARWN63GHAZQGP4/
【紅色危機3】全國逾半公務機關使用中國通訊產品 政院下令盡速汰換
https://tw.appledaily.com/politics/20200805/3A6DE5GB44VEI7PSRPPHOARHGU/
立院影音 爆紅色資安危機 《蘋果》踢爆 與解放軍使用同公司系統14年 立院:將立刻更換
https://tw.appledaily.com/headline/20200806/OA2DNT74JXGJ6RGYVWLDVRVJMM/
蘋論:不可輕忽「紅色資安危機」
https://tw.appledaily.com/headline/20200806/2XI5JVPNXXA5IF6LQM6A7GH4QI/
立院影音儲存系統遭爆使用中國貨 蔡其昌:有資安疑慮就要趕快更新
https://m.ltn.com.tw/news/politics/breakingnews/3250312
立院影音儲存系統中國製 外界憂資安危機
https://news.pts.org.tw/article/489650
立院使用中國系統爆資安危機 蔡其昌:若有疑慮就更新
https://reurl.cc/vDyKye
【台海軍情】防共軍電磁脈衝攻擊 國土安全辦公室要求加強防護
https://tw.appledaily.com/politics/20200806/WQPLKZDP7OQM4AJTLBVM6JDTA4/
固安作戰計畫遭洩?軍方否認 戰車士官交保返回連隊
https://udn.com/news/story/10930/4758532
NCC組改進行式 陳耀祥:已爭取內容監理獨立性
https://udn.com/news/story/7266/4757998
動滋券頻出包,承包商聯網國際(活動咖)公司遭駭,爆資安疑慮
https://www.dcard.tw/f/trending/p/234174703
H.工控系統/ICS/SCADA 相關資安
樹立國際工控資安標準 IEC 62443捍衛工業聯網安全
https://www.2cm.com.tw/2cm/zh-tw/tech/7E876B7170EE44A9A23BF87A11CB465A
日本海事協會宣布 第二版船上網路資安指導方針
https://m.ctee.com.tw/livenews/aj/a98623002020080310474621?area=
Rockwell工控軟體的5個组合漏洞導致RCE
https://www.anquanke.com/post/id/212531
Pwn2own Miami:通過漏洞利用鏈實現對 Ignition 工控系統的代碼執行
https://www.chainnews.com/zh-hant/articles/990975995016.htm
趨勢科技研究發現工業 4.0 與 IT 連接的關鍵介面重大漏洞
https://reurl.cc/xZY92V
I.教育訓練
DDoS防禦實務
https://reurl.cc/ar6Xyl
如何學習網站漏洞滲透測試
https://iter01.com/520192.html
Writing Shell Scripts — The Beginner’s Guide by Muhammad Junaid
https://hakin9.org/writing-shell-scripts%E2%80%8A-%E2%80%8Athe-beginners-guide/
Universal Radio Hacker: Investigate Wireless Protocols like a Boss
https://hakin9.org/universal-radio-hacker-investigate-wireless-protocols-like-a-boss/
Hacking-OSCP cheatsheet
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/Hacking-OSCP%20cheatsheet.pdf
Metasploit Payloads GUI - Create Backdoors & Control Hacked Devices Easily
https://www.youtube.com/watch?v=hollnezbeus
How to Extend Security Across Your Kubernetes Infrastructure
https://securityaffairs.co/wordpress/105944/hacking/extend-security-kubernetes-infrastructure.html
Case Study: How Incident Response Companies Choose IR Tools
https://thehackernews.com/2020/08/incident-response-software.html
SANS Incident Handler's Handbook
https://www.sans.org/reading-room/whitepapers/incident/paper/33901
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
解決第三方物聯網漏洞需要轉變網絡安全範式
https://www.secrss.com/articles/24384
6.近期資安活動及研討會
SITCON 2020 8/8
https://sitcon.org/2020/
中華電信學院 無人機操控證照輔導班 基本級2KG以下(台中平日全科班)
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=165
CYBERSEC 2020 臺灣資安大會 8/12
https://cyber.ithome.com.tw/
Power of X 科技講堂 2020/08/13
https://systex-tw.kktix.cc/events/power-of-x-webinar
AI/BigData技能養成班系列課程-白帽駭客認知班(確定開課) 8/14
https://www.accupass.com/event/2005060928471871405427
高雄場-資安趨勢暨物聯網(IoT)資安探討 8/17
https://tacert.mis.nsysu.edu.tw/p/404-1257-207359.php
DevDays Asia 2020 Online 亞太技術年會 8/19 8/20 8/21 8/25 8/26
https://seminar.ithome.com.tw/public/live/devdays/
物聯網(IoT)資安防護設計與強化實作培訓班 8/19 ~ 8/21
https://www.moea.gov.tw/Mns/populace/news/NewsAction.aspx?kind=4&menu_id=43&news_id=90845
【資安初階課程】Google hacking & Shodan實務 上課時間: 2020/8/20 (四) 09:30 ~ 16:30
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3905&from_course_list_url=homepage
臺北場-資安趨勢暨網路攻防技術 8/20
https://tacert.mis.nsysu.edu.tw/p/404-1257-237050.php
醫療資訊安全技術實作培訓班 8/20 ~ 8/22
https://www.moeaidb.gov.tw/external/ctlr?PRO=indpark.BulletinView&id=21154&lang=0
「資安管理與 個資保護落實之新觀念與新趨勢」教育訓練 8/21
https://reurl.cc/pdlX3r
自然語言處理技術再進化,Google BERT讓聊天機器人更能理解人類意圖,進入全新境界 8/22
https://www.techbang.com/posts/78985-course-bert-technology-practice
資安事故處理實務課程-109年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」 8/22
https://www.cisanet.org.tw/News/activity_more?id=MTUyOA==
SDN x Cloud Native Meetup - Webinar 海外篇 #5 8/22
https://www.meetup.com/CloudNative-Taiwan/events/272097499/
NISRA Enlightened 2020 8/24
https://nisra.kktix.cc/events/2020enlightened
中華電信學院 109 年 暑期 CCNA 網通證照實戰營(高雄) 8/24
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=172
「物聯網世界新常態的資安挑戰和機會研討會」 8/25
https://www.acw.org.tw/News/Detail.aspx?id=1142
中華電信學院 無人機操控證照輔導班 基本級2KG以下(高雄平日全科班) 8/22 ~ 8/28
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=166
開源碼網管軟體實作(高雄上機實作)8/26
https://tacert.mis.nsysu.edu.tw/p/404-1257-207353.php
中華電信學院 資通安全專業課程訓練 勒索軟體與釣魚平台防護實務 8/27 ~ 8/28
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=63
智慧工控與智慧電網資安風險與防護研討會 8/28
https://www.beclass.com/rid=2443d1b5f23d8632b23a
交通大學亥客書院 新世代企業資安治理: 現今企業經營所面臨之挑戰 8/28
https://hackercollege.nctu.edu.tw/?p=1190
中華電信學院 資通安全專業課程訓練 網站弱點偵測與防護管理 9/4
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=58
交通大學亥客書院 電子郵件之偽造攻擊與防護措施 9/5
https://hackercollege.nctu.edu.tw/?p=1203
台灣駭客年會 HITCON Training 2020 9/5
https://hitcon.kktix.cc/events/hitcon-training-2020
台灣駭客年會 HITCON Training 2020 - 學生報名 9/5
https://hitcon.kktix.cc/events/hitcon-training-2020-student
認證系統安全從業人員 SSCP 輔導班 9/5 ~ 9/13
https://www.iiiedu.org.tw/courses/asq902t2001/
中華電信學院 資通安全專業課程訓練 物聯網資安威脅與實務 9/9 ~ 9/11
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=54
邊緣計算系統之大數據與深度學習應用 9/11
https://reurl.cc/62OD9k
HITCON 2020 台灣駭客年會 9/11
https://hitcon.kktix.cc/events/hitcon-2020
交通大學亥客書院 基礎網頁安全與滲透測試 9/12
https://hackercollege.nctu.edu.tw/?p=1205
數據分析與機器學習案例實務(二)應用實例 上課時間: 2020/9/14 (一) 09:30 ~ 16:30
https://reurl.cc/1xAoMp
【單元課程班-認列董監進修時數】開始報名, 「資安戰略對企業發展關鍵意義及資安治理與防護」109/10/15
https://reurl.cc/AqGdlQ
中華電信學院 資通安全專業課程訓練 Web應用滲透測試 9/16 ~ 9/17
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=167
邊緣計算系統之大數據與深度學習應用 上課時間: 2020/9/18 (五) 09:30 ~ 16:30
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3895&from_course_list_url=homepage
交通大學亥客書院 緩衝區溢位攻擊與預防 10/17
https://hackercollege.nctu.edu.tw/?p=1207
中華電信學院 自主式移動機器人ROS開發實戰班 10/20 ~ 10/23
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=188
交通大學亥客書院 入侵行為發覺與應變指南 10/24
https://hackercollege.nctu.edu.tw/?p=1214
交通大學亥客書院 進階網頁滲透測試 10/31
https://hackercollege.nctu.edu.tw/?p=1216
交通大學亥客書院 阻斷服務攻擊/分散式阻斷服務攻擊/Botnet 11/7
https://hackercollege.nctu.edu.tw/?p=1218
交通大學亥客書院 基礎網站安全建構實務 11/14
https://hackercollege.nctu.edu.tw/?p=1220
交通大學亥客書院 系統防護及內網威脅通報應變實戰班 11/17、11/24
http://service.tabf.org.tw/tw/user/409646/course1-4.htm
交通大學亥客書院 惡意程式檢測實務 11/21 11/28
https://hackercollege.nctu.edu.tw/?p=1222
交通大學亥客書院 高階網頁滲透測試 12/5 12/12
https://hackercollege.nctu.edu.tw/?p=1224
交通大學亥客書院 系統滲透測試與漏洞利用 12/19
https://hackercollege.nctu.edu.tw/?p=1226
交通大學亥客書院 AI於資訊安全之應用 2021/1/9 1/16
https://hackercollege.nctu.edu.tw/?p=1228
交通大學亥客書院 企業網域控管-Active Directory攻擊與防禦 2021/1/23
https://hackercollege.nctu.edu.tw/?p=1230
1.重大弱點漏洞/後門/Exploit/Zero Day
D-Link DIR-816L命令注入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15893
GRUB 多個漏洞
https://www.hkcert.org/my_url/zh/alert/20073004
Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems
https://thehackernews.com/2020/07/grub2-bootloader-vulnerability.html
全球數十億筆電與伺服器危矣!BootHole漏洞無差別攻擊Linux及Windows作業系統
https://reurl.cc/O1dOeD
Vulnerability Spotlight: Microsoft issues security update for Azure Sphere
https://blog.talosintelligence.com/2020/07/vuln-spotlight-azure-sphere-july-2020.html
Netgear 產品遠端執行任意程式碼漏洞
https://kb.netgear.com/000062158/Security-Advisory-for-Pre-Authentication-Command-Injection-on-R8300-PSV-2020-0211
https://kb.netgear.com/000062127/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-R6700v3-PSV-2020-0202
資安防護有漏洞?IG傳偷開用戶攝像頭 官方回應:系統程式錯誤
https://life.tw/?app=view&no=1117657
從 MicroStrategy 入手發現 Facebook 的 XSS 漏洞
https://www.chainnews.com/zh-hant/articles/279335819156.htm
多款Qualcomm產品资源管理錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11120
蘋果 Face ID / Touch ID 安全晶片傳漏洞!無法修復、iPhone 5S 後續機種中招
https://3c.ltn.com.tw/news/41234
華碩路由器遠端執行漏洞通告
https://blog.csdn.net/weixin_45728976/article/details/107794706
ABUS Secvest FUMO5011 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14158
Cisco SD-WAN高危漏洞 (CVE-2020-3374,CVE-2020-3375)
https://www.nsfocus.com.cn/html/2020/39_0731/952.html
17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers
https://thehackernews.com/2020/07/windows-dns-server-hacking.html
Nexus Repository Manager 遠程代碼執行漏洞預警(CVE-2020-15871)
https://www.huaweicloud.com/notice/2018/20200801232406320.html
Nexus Repository Manager 遠程代碼執行漏洞(CVE-2020-15871)
https://nosec.org/home/detail/4518.html
Nexus Repository Manager CVE-2020-15869
https://support.sonatype.com/hc/en-us/articles/360051424554-CVE-2020-15869-Nexus-Repository-Manager-3-Reflection-XSS-7-29-2020
Nexus Repository Manager CVE-2020-15870
https://support.sonatype.com/hc/en-us/articles/360051424754-CVE-2020-15870-Nexus-Repository-Manager-3-Reflection-XSS-7-29-2020
Nexus Repository Manager CVE-2020-15871
https://support.sonatype.com/hc/en-us/articles/360052192693-CVE-2020-15871-Nexus-Repository-Manager-3-Remote-Code-Execution-7-29-2020
Nexus Repository Manager 遠程代碼執行漏洞風險通告,騰訊雲鏡可以檢測
https://s.tencent.com/research/bsafe/1067.html
Google: Eleven zero-days detected in the wild in the first half of 2020
https://www.zdnet.com/article/google-eleven-zero-days-detected-in-the-wild-in-the-first-half-of-2020/
Windows 10 2004: New update fixes all these problems, says Microsoft
https://www.zdnet.com/article/windows-10-2004-new-update-fixes-all-these-problems-says-microsoft/
Mac用戶小心被駭客入侵!Microsoft Office被爆資安漏洞 微軟與蘋果討論防堵
https://www.ettoday.net/news/20200806/1778244.htm
駭侵者可利用 Zoom 資安漏洞,以暴力試誤法破解私人視訊會議密碼
https://www.twcert.org.tw/tw/cp-104-3821-03ba2-1.html
Red Hat JBoss 多個漏洞
https://access.redhat.com/errata/RHSA-2020:3209
IBM WebSphere Application Server 多個漏洞
https://www.ibm.com/support/pages/node/6254704
Cisco Talos團隊披露Microsoft Azure Sphere多個安全漏洞
https://www.freebuf.com/vuls/245378.html
華碩路由器遠程代碼執行漏洞通告
https://cert.360.cn/warning/detail?id=81fd25539ed87e395f360e9094196da4
FortiOS SSL VPN 2FA bypass by changing username case
https://fortiguard.com/psirt/FG-IR-19-283
微軟Chromium Edge連出兩包
https://www.ithome.com.tw/news/139175
IBM 多款產品爆出漏洞,或嚴重影響银行等金融機構
https://finance.jrj.com.cn/tech/2020/08/04154430423742.shtml
安全研究人员披露Ledger安全漏洞
https://www.bitcoin86.com/live/81869.html
Grandstream 四個安全漏洞的影響
https://www.freebuf.com/vuls/245546.html
Meetup安全漏洞可讓駭客接管社團以及金流
https://www.ithome.com.tw/news/139205
Twitter又曝新漏洞:Android用戶私人數據面臨泄露風險
https://reurl.cc/ex06lR
Vulnerability Spotlight: Two vulnerabilities in SoftPerfect RAM Disk
https://blog.talosintelligence.com/2020/08/softperfect-file-deletion-vuln-spotlight-aug-2020.html
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
7家銀行串接Mydata平台 辦信用卡免財力證明
https://reurl.cc/9Ego0V
Visa數據顯示今年上半年電子支付大幅成長16%,疫情已改變消費行為
https://reurl.cc/arQ2M9
不只純網銀要來 電支電票整合可望變身「微銀行」
https://news.cnyes.com/news/id/4510499
樂天網銀開幕前 董座簡明仁說資訊人員聘用很艱苦
https://udn.com/news/story/7239/4762786?from=udn-ch1_breaknews-1-cate6-news
四大資安威脅 金管會要求營運中斷不逾4小時
https://m.ctee.com.tw/livenews/aj/a91617002020080618211775?area=
金管會推金融資安懶人包 金融業強制設資安長門檻出爐
https://news.cnyes.com/news/id/4512173
31家金融機構 須設資安長
https://udn.com/news/story/7239/4762025
金管會推動「金融資安行動方案」,追求安全便利不中斷的金融服務目標
https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202008060003&toolsflag=Y&dtable=News
〈永豐金法說〉進行數位組織改造 資安拉至金控層級 瞄準兩大戰場
https://news.cnyes.com/news/id/4511458?exp=a
小心!有人冒充銀行工作人員利用閃付漏洞盜刷信用卡
https://finance.sina.com.cn/money/bank/bank_hydt/2020-08-03/doc-iivhuipn6626614.shtml
Carding and black box attacks: common ATM hacking techniques by Dominique René
https://hakin9.org/carding-and-black-box-attacks-common-atm-hacking-techniques/
3.電子支付/行動支付/pay/資安
「電支條例修正案」擴大開放電支業務五大亮點
https://www.inside.com.tw/article/20536-e-payment-regulation
4.加密貨幣/挖礦/區塊鍊 資安
加密資產的安全就該交給「運氣」?談交易所投保的重要性
https://blockcast.it/2020/07/31/keeping-cryptocurrency-secure-is-your-exchange-insured/amp/
區塊鏈資安月報:7月共發生安全事件32起,虛擬貨幣詐騙案件氾濫
https://www.blocktempo.com/monthly-digital-currency-security-report-by-peckshield/
你的「紙錢包」可能不安全!私鑰盜竊問題叢生,資安新創 CYBAVO 詳列危險清單
https://www.blocktempo.com/is-your-cryptocurrency-wallet-safe-cybavo/
確保網路安全!以太坊基金會擬組建ETH 2.0安全團隊
https://news.knowing.asia/news/05ec56f3-2f5a-45b8-95c1-ed37f8bfc14c
新應用、新業態正在快速落地,區塊鏈安全如何保障
https://news.sina.com.tw/article/20200806/35968542.html
An Introduction to Substrate - Building Blockchains the Easy Way
https://www.crowdcast.io/e/ocimgwg2/register
A Beginner’s Guide to Blockchain Programming by Febin John James
https://hakin9.org/a-beginners-guide-to-blockchain-programming/
China arrests over 100 people suspected of involvement in PlusToken cryptocurrency scam
https://www.zdnet.com/article/china-arrests-over-100-people-suspected-of-involvement-in-plustoken-cryptocurrency-scam/
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
假扮成 TikTok 替代程式的惡意軟體,在印度藉由 WhatsApp 等管道肆虐
https://www.twcert.org.tw/tw/cp-104-3819-bbf10-1.html
特別針對臺灣的惡意程式Taidoor又來了!美國政府與警方警告,中國政府支持的駭客正以此變種發動攻擊
https://www.ithome.com.tw/news/139193
中共間諜軟件「泰門」新版出現!美權威警告
https://www.soundofhope.org/post/408094?lang=b5
美示警 中國木馬軟體正發動攻擊
https://tw.appledaily.com/headline/20200805/PIOVVUBIIE2MN5J32YS33YRLOI/
美警告:中共利用Taidoor網攻竊密
https://news.ltn.com.tw/news/world/paper/1391077
Ensiko:具備勒索病毒能力的網站指令介面工具 (Webshell)
https://blog.trendmicro.com.tw/?p=65396
英美政府:QNAP NAS 遭感染 6.2 萬台,SSH 後門開啟+無法更新
https://technews.tw/2020/08/01/62000-qnap-nas-devices-infected-with-persistent-qsnatch-malware/
鎖定Windows平臺的惡意程式TrickBot開始攻擊Linux裝置
https://www.ithome.com.tw/news/139180
Canon先後發生雲端遭駭及Maze勒索軟體攻擊
https://www.ithome.com.tw/news/139234
旅遊管理業者CWT遭勒索軟體攻擊,與駭客的談判過程全曝光
https://www.ithome.com.tw/news/139198
Garmin被綁1/電腦遭駭客綁架 關鍵2檔案曝光
https://www.ctwant.com/article/65402
Garmin被綁2/勒索軟體爆發 全球線上服務斷線4天
https://reurl.cc/KkVx19
Garmin被綁3/Wasted Locker從歐洲入侵 知情人士:非直接付贖金
https://www.ctwant.com/article/65404
Garmin被綁4/Wasted Locker 5月才被發現 專家:水坑式攻擊法
https://reurl.cc/qdMmeg
Garmin被綁5/如何避免勒索軟體 專家:人才是重點
https://www.ctwant.com/article/65406
Microsoft Edge is malware, says angry Windows 7 user
https://www.zdnet.com/article/microsoft-edge-is-malware-says-angry-windows-7-user/
GandCrab ransomware distributor arrested in Belarus
https://www.zdnet.com/article/gandcrab-ransomware-distributor-arrested-in-belarus/#ftag=RSSbaffb68
QNAP urges users to update Malware Remover after QSnatch alert
https://www.bleepingcomputer.com/news/security/qnap-urges-users-to-update-malware-remover-after-qsnatch-alert/
GandCrab ransomware operator arrested in Belarus
https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-operator-arrested-in-belarus/
Linux warning: TrickBot malware is now infecting your systems
https://www.bleepingcomputer.com/news/security/linux-warning-trickbot-malware-is-now-infecting-your-systems/
TrickBot Malware Warning Victims of Infection by Mistake
https://www.tripwire.com/state-of-security/security-data-protection/trickbot-malware-warning-victims-of-infection-by-mistake/
RATicate malware gang goes commercial
https://nakedsecurity.sophos.com/2020/07/14/raticate-malware-gang-goes-commercial/
Confirmed: Garmin received decryptor for WastedLocker ransomware
https://www.bleepingcomputer.com/news/security/confirmed-garmin-received-decryptor-for-wastedlocker-ransomware/
WastedLocker: technical analysis
https://securelist.com/wastedlocker-technical-analysis/97944/
Ransomware is Still a Blight on Business
https://blog.trendmicro.com/ransomware-is-still-a-blight-on-business/
Ransomware: Why the internet's biggest headache refuses to go away
https://www.zdnet.com/article/ransomware-why-the-internets-biggest-headache-refuses-to-go-away/
Confirmed: Garmin received decryptor for WastedLocker ransomware
https://www.bleepingcomputer.com/news/security/confirmed-garmin-received-decryptor-for-wastedlocker-ransomware/
NetWalker ransomware gang has made $25 million since March 2020
https://www.zdnet.com/article/netwalker-ransomware-gang-has-made-25-million-since-march-2020/#ftag=RSSbaffb68
GandCrab ransomware distributor arrested in Belarus
https://www.zdnet.com/article/gandcrab-ransomware-distributor-arrested-in-belarus/#ftag=RSSbaffb68
Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
https://blog.trendmicro.com/trendlabs-security-intelligence/mirai-botnet-exploit-weaponized-to-attack-iot-devices-via-cve-2020-5902/
Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
https://documents.trendmicro.com/assets/IoCs_Appendix_Mirai-Botnet-Exploit-Weaponized-to-Attack-IoT-Devices-via-CVE-2020-5902.pdf
MassLogger: An Emerging Spyware and Keylogger
https://www.seqrite.com/blog/masslogger-an-emerging-spyware-and-keylogger/
CISA, DOD, FBI expose new Chinese malware strain named Taidoor
https://www.zdnet.com/article/cisa-dod-fbi-expose-new-chinese-malware-strain-named-taidoor/#ftag=RSSbaffb68
New infection chain of njRAT variant
https://blog.360totalsecurity.com/en/new-infection-chain-of-njrat-variant/
Take a “NetWalk” on the Wild Side
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/take-a-netwalk-on-the-wild-side/
Canon hit by Maze Ransomware attack, 10TB data allegedly stolen
https://www.bleepingcomputer.com/news/security/canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen/
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G
中國盤古團隊發現蘋果Secure Enclave晶片存在「不可修補」漏洞
https://kknews.cc/tech/m9pzvj6.html
Zoom 又爆安全漏洞 - 會議預設 6 位純數字密碼,幾分鐘就可破解
https://hk.xfastest.com/63984/zoom-security-breakthrough/
Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes
https://thehackernews.com/2020/07/zoom-meeting-password-hacking.html
資安風暴延燒 美議員要求司法部調查Zoom和TikTok
https://reurl.cc/Y1LyYl
抖音有何懼 壟斷洩密竊個資
https://www.chinatimes.com/newspapers/20200802000339-260108?chdtv
北京法院認證 抖音侵個資
https://www.ydn.com.tw/News/391744
應用程式資安漏洞多!小工具App易成詐騙溫床 訂閱費帳單嚇死人
https://reurl.cc/Mvn1y4
蘋果設備遭爆存在「無法修復」的漏洞!影響範圍遍及5代iPhone
https://www.ettoday.net/news/20200803/1775962.htm
美將對中國APP「採取行動」 陸外交部:典型雙重標準
https://www.ettoday.net/news/20200803/1776041.htm
中共訊息戰武器 TikTok涉資安疑慮或遭禁
https://www.ntdtv.com/b5/2020/08/03/a102909658.html
盤古團隊發現硬件級不可修復漏洞:iOS 14能完美越獄
https://reurl.cc/qdMpzp
Android 版 AirDrop 終於上線了!兩大品牌手機搶先使用
https://3c.ltn.com.tw/news/41241
印度擴大禁用中國手機App 小米百度遭殃
https://www.cna.com.tw/news/firstnews/202008060114.aspx
TikTok投資5億美元在愛爾蘭建大型資料中心 宣示維護資安決心
https://news.cnyes.com/news/id/4511770
日本大阪等地停用TikTok官方帳號 稱需釐清資安疑慮
https://reurl.cc/9EdWoj
一款支付功能 App 存在提現漏洞 被“抓包軟件”抓走 14 萬
https://www.chainnews.com/zh-hant/articles/838279189120.htm
資安防護有漏洞?IG傳偷開用戶攝像頭 官方回應:系統程式錯誤
https://reurl.cc/GVzbLD
打假消息有一套!WhatsApp「放大鏡」替你查真偽、病毒資訊只能轉發一人
https://news.sina.com.tw/article/20200805/35956382.html
Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts
https://thehackernews.com/2020/08/apple-touchid-sign-in.html
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
趨勢科技研究機構披露舊程式語言的設計缺陷與漏洞
https://times.hinet.net/news/23001634
刑事局破獲非法侵權機上盒公司 竟播放未成年猥褻影片
https://udn.com/news/story/7315/4752004
侵權數千萬元!非法中國機上盒「夢想」看免錢 經銷商被逮
https://m.ltn.com.tw/news/society/breakingnews/3248317
盜版、色情片大放送!中國製「夢想機上盒」與中國工程師合作,警方:有嚴重資安問題
https://buzzorange.com/2020/08/04/set-box-of-dreamtv-is-illegal/
最新電影、A片 免費看 中國機上盒侵權3800萬
https://m.ltn.com.tw/news/society/paper/1390772
夢想機上盒盜播侵權近4千萬 刑事局破獲逮10嫌
https://www.setn.com/News.aspx?NewsID=791219
Juiker正式聲明:遭駭與中資介入均屬不實謠言
http://www.netadmin.com.tw/netadmin/zh-tw/trend/867BFBA714C0456DBFB8E4928D2952D4
面對中國的監控技術,逃避不切實際,如何找到辦法與之共存
https://www.businessweekly.com.tw/international/blog/3003372
AI智鬥駭客,數位戰警網路掃黑
https://scitechvista.nat.gov.tw/c/sTvx.htm
Garmin 系統中斷事件第六天宣告陸續恢復,官方首認是「網路攻擊」
https://saydigi-tech.com/2020/07/garmin-back-to-normal.html
網路媒體誤發新聞是系統被入侵?NOWnews表示已報案,但外界霧裡看花
https://www.ithome.com.tw/news/139154
鎖定大型雲端服務裡的Docker伺服器下手的後門程式,竟透過區塊鏈產生與C&C中繼站連線的網址
https://times.hinet.net/news/22994991
被問是否遭陸竊機密 美科技四巨頭僅一家說有
https://www.chinatimes.com/realtimenews/20200731003748-260408?chdtv
駭客亂給資料客服沒檢查?知名《虹彩六號》YouTuber遊戲帳戶遭封鎖
https://game.udn.com/game/story/10453/4745108
資安存疑!川普表態封殺 傳微軟洽談收購TikTok喊卡
https://www.setn.com/News.aspx?NewsID=790055
【澳洲疫情】民眾千方百計避入境隔離 昆士蘭被迫收緊邊境管制
https://reurl.cc/ex0mOb
梵諦岡曾遭中國駭客組織攻擊
https://pttstudy.com/ia/M.1596279516.A.517.html
美國新冠疫苗公司疑遭中國駭客入侵!中國外交發言人:造謠污衊
https://newtalk.tw/news/view/2020-07-31/444125
接連被控竊疫苗機密 中國氣噗噗:我們領先不必靠偷
https://news.ltn.com.tw/news/world/breakingnews/3247690
佐柏格指中國竊機密後 疫苗龍頭廠莫德納證實官網被駭入
https://www.ftvnews.com.tw/news/detail/2020731I10M1
中駭客攻擊疫苗研發公司 莫德納疑淪目標
https://life.tw/?app=view&no=1115922
國際產經:新冠疫苗研發商摩德納遭中國駭客鎖定
https://reurl.cc/ZODmNl
中駭客攻擊疫苗研發公司 莫德納疑淪目標
https://www.ftvnews.com.tw/news/detail/2020731W0072
Moderna遭狙擊?傳中國駭客為新冠疫苗出手
https://ctee.com.tw/news/global/310971.html
美國控中國駭客攻擊疫苗研發公司 欲偷貴重資料
https://www.cna.com.tw/news/firstnews/202007310114.aspx
吳奕軍專欄:被「紅色滲透」多年 比利時不忍了
https://www.upmedia.mg/news_info.php?SerialNo=92682
北極星行動:朝鮮駭客針對美國國防和航空太空公司
https://ek21.com/news/tech/208433/
聯合國報告:北韓研發出小型核彈頭
https://reurl.cc/E7qpa0
趁機挑撥離間? 「中國人」狂罵印度 印媒 :很多是巴基斯坦假帳號
https://newtalk.tw/news/view/2020-08-04/445672
印度資安機構:核動力潛艦可能已成中國駭客目標
https://www.inside.com.tw/article/20570-Central-Security-Service-report-china-hacker-more-active
巴基斯坦電視台遭駭客入侵出現印度國旗畫面
https://reurl.cc/lV3n5E
印度安全機構:中國駭客活動增強 蒐集國安情資
https://money.udn.com/money/story/5599/4754213
美政府祭千萬美元查緝協助外國干擾選舉的人士
https://www.ithome.com.tw/news/139236
中共網絡間諜被捕突顯社交招聘網站漏洞
https://gnews.org/zh-hant/281990/
歐盟首次製裁俄、中、朝駭客
https://www.bannedbook.org/bnews/zh-tw/comments/20200731/1372620.html
歐盟首次針對重大網絡攻擊實施制裁,向美國看齊
https://reurl.cc/5l7GxR
美國政府政策立場社論:打擊網絡犯罪
https://www.voacantonese.com/a/editorial-fighting-cybercrime-20200805-ry/5531265.html
美國宣布「清網」 祭6大措施排擠中國
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=9&id=0000590942_231LLLI63EM4ER3QMS8PV
美擴大乾淨網路計畫 擬封殺具資安風險中國App
https://money.udn.com/money/story/10511/4760173
制裁網路犯罪!歐盟點名中國及北韓企業、俄國軍情局
https://newtalk.tw/news/view/2020-07-31/443919
國際要聞:歐盟就網路攻擊制裁俄羅斯、中國、北韓
https://reurl.cc/O1dOQv
歐盟首度制裁網攻 俄「中」北韓入列
https://www.ydn.com.tw/News/391739
守護資安 歐盟首次動用數位制裁 對俄中北韓機構個人開罰
https://money.udn.com/money/story/5602/4746566
EU sanctions hackers from China, Russia, North Korea who're wanted by the FBI
https://thehackernews.com/2020/07/sanctions-against-wanted-hackers.html
New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks
https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html
Is Your Security Vendor Forcing You To Move to the Cloud? You Don't Have To
https://thehackernews.com/2020/07/cloud-security-endpoints.html
CWT Travel Agency Faces $4.5M Ransom in Cyberattack, Report
https://threatpost.com/cwt-travel-agency-ransom-cyberattack-report/157911/
FBI warns of disruptive DDoS amplification attacks
https://www.welivesecurity.com/2020/07/28/fbi-warning-disruptive-ddos-amplification-attacks/
A critical flaw in wpDiscuz WordPress plugin lets hackers take over hosting account
https://securityaffairs.co/wordpress/106638/hacking/wpdiscuz-wordpress-plugin-bug.html
Belarussian authorities arrested GandCrab ransomware distributor
https://securityaffairs.co/wordpress/106701/malware/gandcrab-distrubutor-arrested.html
New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks
https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html
資安SOC一線工程師
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=528812&HIRE_ID=9850711
資安SOC二線工程師
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=528812&HIRE_ID=9850789
資訊管理中心109年第七次專案人力進用-1.研發類-資訊安全
https://www.104.com.tw/job/70fa0
資安工程師
https://www.104.com.tw/job/70fu7
資安工程師/Cloud Security Engineer
https://www.104.com.tw/job/70gbz
(SOC)資安監控中心資安工程師
https://www.104.com.tw/job/70hww
資安監控人員
https://www.104.com.tw/job/70iki
雲端資安與應用服務經理 #6421 K-165
https://www.104.com.tw/job/6zurv
網路工程師(新竹)
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=50778&HIRE_ID=9868853
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
Google打假消息 刪逾2500個中國相關YouTube頻道
https://www.cna.com.tw/news/firstnews/202008060124.aspx
FBI 發出警訊,線上購物相關詐騙案例明顯增加
https://www.twcert.org.tw/tw/cp-104-3826-9fc90-1.html
IBM《資料外洩成本報告》:外洩憑證與雲端配置錯誤為最大的攻擊媒介
https://www.ithome.com.tw/news/139185
藝人粉專被盜頻傳!警官分析詐騙手法 中招就失去管理權限
https://forum.ettoday.net/news/1777154?redirect=1
買個資盜刷信用卡 半年獲利300萬
https://www.chinatimes.com/realtimenews/20200801001487-260402?chdtv
數位三倍券詐騙頻傳!專家教這3招輕鬆查證不上當
https://www.storm.mg/lifestyle/2833366
臉書日本用戶遭駭 至少76005帳號個資外洩
https://tw.appledaily.com/international/20200804/T32M4GQZ3BTHW5QQUYFGHSUNZY/
騙案追縱:釣魚電郵出沒注意 信用卡資料勿亂俾
https://reurl.cc/Nj3WEk
硬體錢包公司爆資安漏洞!Ledger 上百萬用戶電郵遭洩
https://blockcast.it/2020/07/31/ledger-suffered-data-breach-in-late-june/
買個資盜刷信用卡 半年獲利300萬
https://www.chinatimes.com/realtimenews/20200801001487-260402?chdtv
陳自瑤墮入「迷網」 IG遭駭客入侵兼被勒索500蚊美金
https://reurl.cc/xZdRee
電話詐婦30萬! 報警停話後「改打LINE轟炸」
https://reurl.cc/MvnAxm
警方找到推特詐騙案嫌犯,犯案者駭入推特內部Slack工作空間以取得管理員帳密
https://www.ithome.com.tw/news/139171
直播吸毒百人觀看... 隱乳人妻遇駭遭勒索萬元贖金
https://ent.ltn.com.tw/news/breakingnews/3246573
江蕙臉書突重開?!經紀人急喊「駭客入侵」
http://www.nexttv.com.tw/NextTV/News/Home/LatestNews/2020-08-01/219115.html
男國中生網交「姊姊」被騙千元 警攻堅破獲假交友詐騙機房
https://www.chinatimes.com/realtimenews/20200731004842-260402?chdtv
點讚賺外快!女砸4萬加會員 控騙局一場
https://reurl.cc/8G14N7
利用帥哥美女照釣魚 被害人傻傻上勾話數誘騙投資
https://reurl.cc/7XOaLD
搗假交友投資詐欺機房 力破高價防暴門逮13人
https://news.ltn.com.tw/news/society/breakingnews/3245751
謊稱賭博網站有漏洞可獲利騙財 警逮13人送辦
https://www.cna.com.tw/news/asoc/202007310207.aspx
又是詐騙!女網友P手術圖騙同情 熱血台女險匯72萬
https://m.ltn.com.tw/news/society/breakingnews/3249090
騙徒看牙科誆心臟病 女愛心滿滿險被騙72萬
https://www.ctwant.com/article/65676
臉書日本用戶遭駭 至少76005帳號個資外洩
https://tw.appledaily.com/international/20200804/T32M4GQZ3BTHW5QQUYFGHSUNZY/
利用“以租代購”詐騙汽車 五人“鑽空子”非法獲利20余萬元
http://big5.xinhuanet.com/gate/big5/www.js.xinhuanet.com/2020-08/01/c_1126311968.htm
比特幣釣魚的推特駭客遭逮!執法單位重嗆:網路犯罪無法再躲於匿名之後了
https://www.abmedia.io/twitter-hackers-under-arrest/
Twitter「社交工程攻擊」詐騙案的幕後主使被捕
https://reurl.cc/O1dOzD
國際產經:推特調查稱,7月15日駭客事件為透過手機連絡公司員工時入侵系統
https://reurl.cc/WdjnyD
推特被駭 利用名人帳號轉推淨賺10萬美金
https://m.ltn.com.tw/news/world/breakingnews/3246215
推特爆大規模駭客詐騙 幕後首腦竟是17歲少年
https://ec.ltn.com.tw/article/breakingnews/3246452
名人推特帳戶遭大規模入侵 美起訴三名涉案者
https://www.epochtimes.com/b5/20/7/31/n12298665.htm
Twitter Confirms Spear-Phishing Attack Caused Account Takeover
https://www.infosecurity-magazine.com/news/twitter-spear-phishing/
Twitter An update on our security incident
https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html
Breach of high-profile Twitter accounts caused by phone spear phishing attack
https://www.techrepublic.com/article/breach-of-high-profile-twitter-accounts-caused-by-phone-spear-phishing-attack/
Canadian MSP discloses data breach, failed ransomware attack
https://www.bleepingcomputer.com/news/security/canadian-msp-discloses-data-breach-failed-ransomware-attack/
Maine Intelligence Center Breach Could Snarl Investigations
https://www.govtech.com/security/Maine-Intelligence-Center-Breach-Could-Snarl-Investigations.html
Phishing campaigns, from first to last victim, take 21h on average
https://www.zdnet.com/article/phishing-campaigns-from-first-to-last-victim-take-21h-on-average/
10 billion records exposed in unsecured databases, study says
https://www.welivesecurity.com/2020/07/30/10-billion-records-exposed-unsecured-databases/
Phishing campaigns, from first to last victim, take 21h on average
https://www.zdnet.com/article/phishing-campaigns-from-first-to-last-victim-take-21h-on-average/
FBI Warns of Surge in Fraudulent Shopping Websites
https://www.bankinfosecurity.com/fbi-warns-surge-in-fraudulent-shopping-websites-a-14765
E.研究報告
行政院技術服務中心109年第2季資通安全技術報告
https://ppt.cc/fkznQx
以合法掩護非法 WastedLocker勒索軟體深層分析
http://www.netadmin.com.tw/netadmin/zh-tw/snapshot/8E18D08773064F93B339A511587A0752
深度分析成功入侵Garmin的WastedLocker勒索軟體 為何會如此刁鑽
https://reurl.cc/62WrKZ
java 反序列化漏洞利用思路簡介
https://blog.csdn.net/whatday/article/details/107736196
Mirai 殭屍網路可被用來透過漏洞 CVE-2020-5902攻擊物聯網裝置
https://blog.trendmicro.com.tw/?p=65401
DoH技術遭駭客組織利用,網路安全技術淪竊密工具
https://www.twcert.org.tw/tw/cp-104-3829-4a0ff-1.html
利用最新Apache解析漏洞(CVE-2017-15715)
https://www.yisu.com/zixun/250778.html
IBM WebSphere CVE-2020-4450漏洞分析
https://www.secrss.com/articles/24353
cve-2018-2628 Weblogic反序列化漏洞實現反彈shell
https://blog.csdn.net/whatday/article/details/107720033
從cve2015-1805漏洞入門
https://bbs.pediy.com/thread-261165.htm
WebLogic coherence UniversalExtractor 反序列化 (CVE-2020-14645) 漏洞分析
https://paper.seebug.org/1280/
卡巴斯基報告:Lazarus APT 組織的大型狩獵遊戲
https://paper.seebug.org/1279/
“失控”的 IPv6:觀察 IPv6 網路境安全現狀
https://paper.seebug.org/1277/
Django SQL注入漏洞復現(CVE-2020-7471)
https://www.freebuf.com/vuls/245359.html
Node.js中存在原型污染漏洞,可致Web應用程式遭受DoS和遠端Shell攻擊
https://www.freebuf.com/vuls/245658.html
Opyn ETH Put邏輯漏洞技術分析
https://www.bishijie.com/shendu/119960.html
WordPress聊天外掛含有安全漏洞,允許駭客接管聊天功能
https://www.ithome.com.tw/news/139231
安全專家發現伊朗駭客率先利用DoH暗中竊密
https://www.ithome.com.tw/news/139209
java反序列化漏洞的一些gadget
https://blog.csdn.net/whatday/article/details/107854348
近期幾起資安事件之風險防患討論
https://vocus.cc/@Jerome/5f2a54b9fd89780001f64e83
人、工具、流程再進化 打造現代資安維運中心 加速OODA循環 從戰略層級應變攻擊
http://www.netadmin.com.tw/netadmin/zh-tw/trend/052F244B988E490DBD2D7FBB1CE1D1AD
Incident Response Analyst Report 2019
https://securelist.com/incident-response-analyst-report-2019/97974/
SSH Pentesting Guide
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/SSH%20Pentesting%20Guide.pdf
How we deal with sparse data at SentinelOne
https://medium.com/@Sentinelone_tech/how-we-deal-with-sparse-data-at-sentinelone-26df32ea7a37
SIEM Better Visibility for SOC Analyst to Handle an Incident with Event ID
https://gbhackers.com/siem-for-better-visibility-for-an-analyst-to-handle-an-incident/
CVE-2020-1313 Exploit
https://github.com/irsl/CVE-2020-1313
XRCross (Recon)
https://github.com/pikpikcu/xrcross
V3n0M-Scanner
https://github.com/v3n0m-Scanner/V3n0M-Scanner
DRAKVUF Sandbox
https://github.com/CERT-Polska/drakvuf-sandbox
Ehtools - Framework Of Serious Wi-Fi Penetration Tools
https://hakin9.org/ehtools-framework-of-serious-wi-fi-penetration-tools/
Offense and Defense – A Tale of Two Sides: Group Policy and Logon Scripts
https://www.fortinet.com/blog/threat-research/offense-defense-a-tale-of-two-sides-group-policy-and-logon-scripts
Web App Hacking: Overview and Strategy for Beginners
https://www.hackers-arise.com/post/2017/10/20/web-app-hacking-overview-and-strategy-for-beginners
Python Basics for Hackers, Part 4:How to Find the Exact Location of any IP Address
https://www.hackers-arise.com/post/2016/08/29/how-to-find-the-exact-location-of-any-ip-address
Overworked and burnt out? Cybersecurity pros under more pressure
https://techhq.com/2020/07/overworked-and-burnt-out-cybersecurity-pros-under-more-pressure-than-ever/
Threat Intelligence Fundamentals
https://www.peerlyst.com/posts/threat-intelligence-fundamentals-chiheb-chebbi?trk=site_header
A new approach for Bypassing Windows 10 UAC with mock folders and DLL hijacking
https://www.offensive-hackers.com/2020/08/A-new-approach-for-Bypassing-Windows-10-UAC-with-mock-folders-and-DLL-hijacking.html
Password Spraying Secure Logon for F5 Networks
https://www.n00py.io/2020/08/password-spraying-secure-logon-for-f5-networks/
Kaspersky Uncovers New APT “Mercenary” Group
https://www.infosecurity-magazine.com/news/kaspersky-uncovers-new-apt/
Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates
https://www.fireeye.com/blog/threat-research/2020/07/insights-into-office-365-attacks-and-how-managed-defense-investigates.html
Cybercriminals Targeting Multiple Vulnerabilities in WordPress Plugins
https://www.zscaler.com/blogs/research/cybercriminals-targeting-multiple-vulnerabilities-wordpress-plugins
Crack WPA/WPA2 Wi-Fi Routers with Aircrack-ng and Hashcat by Brannon Dorsey
https://hakin9.org/crack-wpa-wpa2-wi-fi-routers-with-aircrack-ng-and-hashcat/
Bypassing Windows 10 UAC with mock folders and DLL hijacking
https://www.bleepingcomputer.com/news/security/bypassing-windows-10-uac-with-mock-folders-and-dll-hijacking/
Universal Radio Hacker: Investigate Wireless Protocols like a Boss
https://hakin9.org/universal-radio-hacker-investigate-wireless-protocols-like-a-boss/
6 TYPES OF PASSWORD ATTACKS COMMONLY USED BY ETHICAL HACKERS
https://blog.eccouncil.org/6-types-of-password-attacks-commonly-used-by-ethical-hackers/
Xerosploit - Efficient and Advanced Man-In-The-Middle Framework
https://hakin9.org/xerosploit-efficient-and-advanced-man-in-the-middle-framework/
Remote working security challenges urge MFA implementation
https://www.helpnetsecurity.com/2020/07/14/remote-working-security-challenges/
OSINT_TIPS
https://github.com/blaCCkHatHacEEkr/OSINT_TIPS
ESET Threat Report Q2 2020
https://www.welivesecurity.com/2020/07/29/eset-threat-report-q22020/
Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
https://reurl.cc/7X69Eb
Analysis of Android InsecureBank v2 Part 1
https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-1-9e0788ba5552
Analysis of Android InsecureBank v2 Part 2
https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-2-429b4ab4a60f
Analysis of Android InsecureBank v2 Part 3
https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-3-2b3e5843fe91
SOC analyst job description, salary, and certification
https://www.csoonline.com/article/3537510/soc-analyst-job-description-salary-and-certification.html
SOC Analyst: Interview Preparation
https://www.cybrary.it/blog/2017/08/soc-analyst-interview-preparation/
BlackBerry releases new security tool for reverse-engineering PE files
https://www.zdnet.com/article/blackberry-releases-new-security-tool-for-reverse-engineering-pe-files/#ftag=RSSbaffb68
PE Tree
https://github.com/blackberry/pe_tree
ビジネスメール詐欺実態を共同分析、攻撃者の手口と素性が明らかに(マクニカネットワークス、伊藤忠商事)
https://scan.netsecurity.ne.jp/article/2020/08/04/44395.html
ビジネスメール詐欺の実態と対策アプローチ
https://www.macnica.net/pdf/macnica_wp_0729.pdf
Doki Dukes with Kinsing
https://www.lacework.com/doki-dukes-kinsing/
Mitaka
https://github.com/ninoseki/mitaka
US defense and aerospace sectors targeted in new wave of North Korean attacks
https://www.zdnet.com/article/us-defense-and-aerospace-sectors-targeted-in-new-wave-of-north-korean-attacks/
Research Roundup: Recent Probable Charming Kitten Infrastructure
https://threatconnect.com/blog/research-roundup-recent-probable-charming-kitten-infrastructure/
Inter skimming kit used in homoglyph attacks
https://blog.malwarebytes.com/threat-analysis/2020/08/inter-skimming-kit-used-in-homoglyph-attacks/
Black Hat: When penetration testing earns you a felony arrest record
https://www.zdnet.com/article/black-hat-when-penetration-testing-earns-you-a-felony-record/
The disappointment of Australia's new cybersecurity strategy
https://www.zdnet.com/article/the-disappointment-of-australias-new-cybersecurity-strategy/
Black Hat: Hackers can remotely hijack enterprise, healthcare Temi robots
https://www.zdnet.com/article/black-hat-healthcare-senior-living-temi-robots-can-be-hijacked-remotely-by-hackers/
Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack
https://thehackernews.com/2020/08/http-request-smuggling.html
F.商業
每年900萬人成「網路犯罪」受害者 諾頓教你如何安全上網
https://udn.com/news/story/7086/4745513
力抗病毒,資安產業未來 5 年熱度可期
https://technews.tw/2020/07/31/information-security-industry-is-expected-to-be-hot/
提升專業資安團隊工作效率 加速反制攻擊威脅 SOAR統整異質平台 預建流程自動執行回應
http://www.netadmin.com.tw/netadmin/zh-tw/trend/F6E7E0CFB2F14E06ACCA8F67DE1330C9
數聯資安攜手VMware提供資安託管服務
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=13&id=0000590080_f9f1gdl97nu7m91dsh0bn
【超融合系統獨立平臺點將錄(1)NetApp HCI】獨特運算與儲存節點分離架構,提供更靈活、高效的資源運用
https://www.ithome.com.tw/tech/139035
TensorFlow 2.3加入新API解決資料工作管線載入瓶頸
https://www.ithome.com.tw/news/139181
Juniper推出AI故障排除工具使企業網路營運更自動化
https://www.ithome.com.tw/news/139178
蘋果併購行動支付業者Mobeewave
https://www.ithome.com.tw/news/139177
騰訊計畫買下搜狗,將其私有化
https://www.ithome.com.tw/news/139176
取得川普同意,微軟公開表態有意買下TikTok,9月15日以前定案
https://www.ithome.com.tw/news/139174
Google Chrome將顯示廣告主身份、測試Trust API
https://www.ithome.com.tw/news/139173
PyTorch 1.6加入自動混合精度訓練
https://www.ithome.com.tw/news/139184
能搜尋連網裝置與漏洞系統的搜尋引擎 Censys,獲 1,550 萬美元 A 輪融資
https://finance.technews.tw/2020/08/07/censys-a-search-engine-for-internet-devices-raises-series-a/
FBI呼籲私人企業應儘速脫離Windows 7,升級到最新版本
https://www.ithome.com.tw/news/139230
全球新冠疫情迅速蔓延為網路環境帶來新威脅 VMware 網路安全威脅報告:網路攻擊增加態勢和漏洞升級
http://www.netadmin.com.tw/netadmin/zh-tw/snapshot/7A82AD0E621448F68490AB52AB5F4733
Linux基金會成立開源安全基金會,微軟、Google加入
https://www.ithome.com.tw/news/139191
安控、AI影像分析到資安的完美整合 晶睿開創智慧工廠監控新紀元
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000590055_l5w1j3ar44zzxc6fkpkgp
台灣資訊安全協會成立 鏈結產官學產業生態系
https://money.udn.com/money/story/10860/4757875
42家資安業者揪團 建平台走向國際
https://www.ocacnews.net/overseascommunity/article/article_story.jsp?id=260756
日本Nulab軟體開發公司推出全新資安服務「Nulab Pass」
https://twnewshub.com/archives/6622
TikTok投資5億美元在愛爾蘭建大型資料中心 宣示維護資安決心
https://news.cnyes.com/news/id/4511770?exp=a
Kroll聘請Alex Shim以擴大日本網絡風險業務
http://www.businesswirechina.com/hk/news/44113.html
Uniting for better open-source security: The Open Source Security Foundation
https://www.zdnet.com/article/uniting-for-better-open-source-security-the-open-source-security-foundation/#ftag=RSSbaffb68
G.政府
抓漏洞!身分遭盜用怎解?內政部:數位防偽機制比紙本強
https://www.setn.com/News.aspx?NewsID=789445
台大應力所教授吳光鐘真除 今起任國研院長
https://udn.com/news/story/6885/4747196
吳光鐘教授正式接任國家實驗研究院院長 持續優化各中心科研服務
https://times.hinet.net/news/22996797
資安與人權不能政策豪賭 數位身分證十大爭議
https://reurl.cc/mnaEpM
國安局反擊共軍網駭再設新武器平台 不與國防部交流
https://udn.com/news/story/10930/4749278?from=udn-catelistnews_ch2
開放架構白牌興起藏漏洞 NCC嚴審安全維護計劃
https://tw.appledaily.com/property/20200802/4NOPTDVAOPZZDSAV4A6UXD27F4/
行政院通過「電子支付機構管理條例」修正草案
https://reurl.cc/rxNdK4
【紅色危機2】中科院、陸軍官校也輕忽資安 《蘋果》踢爆後才緊急查辦
https://tw.appledaily.com/politics/20200805/533DRITRWKRRARWN63GHAZQGP4/
【紅色危機3】全國逾半公務機關使用中國通訊產品 政院下令盡速汰換
https://tw.appledaily.com/politics/20200805/3A6DE5GB44VEI7PSRPPHOARHGU/
立院影音 爆紅色資安危機 《蘋果》踢爆 與解放軍使用同公司系統14年 立院:將立刻更換
https://tw.appledaily.com/headline/20200806/OA2DNT74JXGJ6RGYVWLDVRVJMM/
蘋論:不可輕忽「紅色資安危機」
https://tw.appledaily.com/headline/20200806/2XI5JVPNXXA5IF6LQM6A7GH4QI/
立院影音儲存系統遭爆使用中國貨 蔡其昌:有資安疑慮就要趕快更新
https://m.ltn.com.tw/news/politics/breakingnews/3250312
立院影音儲存系統中國製 外界憂資安危機
https://news.pts.org.tw/article/489650
立院使用中國系統爆資安危機 蔡其昌:若有疑慮就更新
https://reurl.cc/vDyKye
【台海軍情】防共軍電磁脈衝攻擊 國土安全辦公室要求加強防護
https://tw.appledaily.com/politics/20200806/WQPLKZDP7OQM4AJTLBVM6JDTA4/
固安作戰計畫遭洩?軍方否認 戰車士官交保返回連隊
https://udn.com/news/story/10930/4758532
NCC組改進行式 陳耀祥:已爭取內容監理獨立性
https://udn.com/news/story/7266/4757998
動滋券頻出包,承包商聯網國際(活動咖)公司遭駭,爆資安疑慮
https://www.dcard.tw/f/trending/p/234174703
H.工控系統/ICS/SCADA 相關資安
樹立國際工控資安標準 IEC 62443捍衛工業聯網安全
https://www.2cm.com.tw/2cm/zh-tw/tech/7E876B7170EE44A9A23BF87A11CB465A
日本海事協會宣布 第二版船上網路資安指導方針
https://m.ctee.com.tw/livenews/aj/a98623002020080310474621?area=
Rockwell工控軟體的5個组合漏洞導致RCE
https://www.anquanke.com/post/id/212531
Pwn2own Miami:通過漏洞利用鏈實現對 Ignition 工控系統的代碼執行
https://www.chainnews.com/zh-hant/articles/990975995016.htm
趨勢科技研究發現工業 4.0 與 IT 連接的關鍵介面重大漏洞
https://reurl.cc/xZY92V
I.教育訓練
DDoS防禦實務
https://reurl.cc/ar6Xyl
如何學習網站漏洞滲透測試
https://iter01.com/520192.html
Writing Shell Scripts — The Beginner’s Guide by Muhammad Junaid
https://hakin9.org/writing-shell-scripts%E2%80%8A-%E2%80%8Athe-beginners-guide/
Universal Radio Hacker: Investigate Wireless Protocols like a Boss
https://hakin9.org/universal-radio-hacker-investigate-wireless-protocols-like-a-boss/
Hacking-OSCP cheatsheet
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/Hacking-OSCP%20cheatsheet.pdf
Metasploit Payloads GUI - Create Backdoors & Control Hacked Devices Easily
https://www.youtube.com/watch?v=hollnezbeus
How to Extend Security Across Your Kubernetes Infrastructure
https://securityaffairs.co/wordpress/105944/hacking/extend-security-kubernetes-infrastructure.html
Case Study: How Incident Response Companies Choose IR Tools
https://thehackernews.com/2020/08/incident-response-software.html
SANS Incident Handler's Handbook
https://www.sans.org/reading-room/whitepapers/incident/paper/33901
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
解決第三方物聯網漏洞需要轉變網絡安全範式
https://www.secrss.com/articles/24384
6.近期資安活動及研討會
SITCON 2020 8/8
https://sitcon.org/2020/
中華電信學院 無人機操控證照輔導班 基本級2KG以下(台中平日全科班)
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=165
CYBERSEC 2020 臺灣資安大會 8/12
https://cyber.ithome.com.tw/
Power of X 科技講堂 2020/08/13
https://systex-tw.kktix.cc/events/power-of-x-webinar
AI/BigData技能養成班系列課程-白帽駭客認知班(確定開課) 8/14
https://www.accupass.com/event/2005060928471871405427
高雄場-資安趨勢暨物聯網(IoT)資安探討 8/17
https://tacert.mis.nsysu.edu.tw/p/404-1257-207359.php
DevDays Asia 2020 Online 亞太技術年會 8/19 8/20 8/21 8/25 8/26
https://seminar.ithome.com.tw/public/live/devdays/
物聯網(IoT)資安防護設計與強化實作培訓班 8/19 ~ 8/21
https://www.moea.gov.tw/Mns/populace/news/NewsAction.aspx?kind=4&menu_id=43&news_id=90845
【資安初階課程】Google hacking & Shodan實務 上課時間: 2020/8/20 (四) 09:30 ~ 16:30
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3905&from_course_list_url=homepage
臺北場-資安趨勢暨網路攻防技術 8/20
https://tacert.mis.nsysu.edu.tw/p/404-1257-237050.php
醫療資訊安全技術實作培訓班 8/20 ~ 8/22
https://www.moeaidb.gov.tw/external/ctlr?PRO=indpark.BulletinView&id=21154&lang=0
「資安管理與 個資保護落實之新觀念與新趨勢」教育訓練 8/21
https://reurl.cc/pdlX3r
自然語言處理技術再進化,Google BERT讓聊天機器人更能理解人類意圖,進入全新境界 8/22
https://www.techbang.com/posts/78985-course-bert-technology-practice
資安事故處理實務課程-109年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」 8/22
https://www.cisanet.org.tw/News/activity_more?id=MTUyOA==
SDN x Cloud Native Meetup - Webinar 海外篇 #5 8/22
https://www.meetup.com/CloudNative-Taiwan/events/272097499/
NISRA Enlightened 2020 8/24
https://nisra.kktix.cc/events/2020enlightened
中華電信學院 109 年 暑期 CCNA 網通證照實戰營(高雄) 8/24
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=172
「物聯網世界新常態的資安挑戰和機會研討會」 8/25
https://www.acw.org.tw/News/Detail.aspx?id=1142
中華電信學院 無人機操控證照輔導班 基本級2KG以下(高雄平日全科班) 8/22 ~ 8/28
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=166
開源碼網管軟體實作(高雄上機實作)8/26
https://tacert.mis.nsysu.edu.tw/p/404-1257-207353.php
中華電信學院 資通安全專業課程訓練 勒索軟體與釣魚平台防護實務 8/27 ~ 8/28
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=63
智慧工控與智慧電網資安風險與防護研討會 8/28
https://www.beclass.com/rid=2443d1b5f23d8632b23a
交通大學亥客書院 新世代企業資安治理: 現今企業經營所面臨之挑戰 8/28
https://hackercollege.nctu.edu.tw/?p=1190
中華電信學院 資通安全專業課程訓練 網站弱點偵測與防護管理 9/4
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=58
交通大學亥客書院 電子郵件之偽造攻擊與防護措施 9/5
https://hackercollege.nctu.edu.tw/?p=1203
台灣駭客年會 HITCON Training 2020 9/5
https://hitcon.kktix.cc/events/hitcon-training-2020
台灣駭客年會 HITCON Training 2020 - 學生報名 9/5
https://hitcon.kktix.cc/events/hitcon-training-2020-student
認證系統安全從業人員 SSCP 輔導班 9/5 ~ 9/13
https://www.iiiedu.org.tw/courses/asq902t2001/
中華電信學院 資通安全專業課程訓練 物聯網資安威脅與實務 9/9 ~ 9/11
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=54
邊緣計算系統之大數據與深度學習應用 9/11
https://reurl.cc/62OD9k
HITCON 2020 台灣駭客年會 9/11
https://hitcon.kktix.cc/events/hitcon-2020
交通大學亥客書院 基礎網頁安全與滲透測試 9/12
https://hackercollege.nctu.edu.tw/?p=1205
數據分析與機器學習案例實務(二)應用實例 上課時間: 2020/9/14 (一) 09:30 ~ 16:30
https://reurl.cc/1xAoMp
【單元課程班-認列董監進修時數】開始報名, 「資安戰略對企業發展關鍵意義及資安治理與防護」109/10/15
https://reurl.cc/AqGdlQ
中華電信學院 資通安全專業課程訓練 Web應用滲透測試 9/16 ~ 9/17
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=167
邊緣計算系統之大數據與深度學習應用 上課時間: 2020/9/18 (五) 09:30 ~ 16:30
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3895&from_course_list_url=homepage
交通大學亥客書院 緩衝區溢位攻擊與預防 10/17
https://hackercollege.nctu.edu.tw/?p=1207
中華電信學院 自主式移動機器人ROS開發實戰班 10/20 ~ 10/23
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=188
交通大學亥客書院 入侵行為發覺與應變指南 10/24
https://hackercollege.nctu.edu.tw/?p=1214
交通大學亥客書院 進階網頁滲透測試 10/31
https://hackercollege.nctu.edu.tw/?p=1216
交通大學亥客書院 阻斷服務攻擊/分散式阻斷服務攻擊/Botnet 11/7
https://hackercollege.nctu.edu.tw/?p=1218
交通大學亥客書院 基礎網站安全建構實務 11/14
https://hackercollege.nctu.edu.tw/?p=1220
交通大學亥客書院 系統防護及內網威脅通報應變實戰班 11/17、11/24
http://service.tabf.org.tw/tw/user/409646/course1-4.htm
交通大學亥客書院 惡意程式檢測實務 11/21 11/28
https://hackercollege.nctu.edu.tw/?p=1222
交通大學亥客書院 高階網頁滲透測試 12/5 12/12
https://hackercollege.nctu.edu.tw/?p=1224
交通大學亥客書院 系統滲透測試與漏洞利用 12/19
https://hackercollege.nctu.edu.tw/?p=1226
交通大學亥客書院 AI於資訊安全之應用 2021/1/9 1/16
https://hackercollege.nctu.edu.tw/?p=1228
交通大學亥客書院 企業網域控管-Active Directory攻擊與防禦 2021/1/23
https://hackercollege.nctu.edu.tw/?p=1230
沒有留言:
張貼留言