資安事件新聞週報 2020/8/31 ~ 2020/9/4

 

資安事件新聞週報 2020/8/31  ~  2020/9/4

1.重大弱點漏洞/後門/Exploit/Zero Day
Oracle NetSuite 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14729

Aruba Intelligent Edge Switch 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5321

CVE-2020-24616:Jackson 多個反序列化安全漏洞
https://www.anquanke.com/post/id/215721

JustSystems Ichitaro(一太郎)緩衝區溢出漏洞
https://www.freebuf.com/vuls/248109.html

QNAP再被發現有RCE漏洞,廠商雖然早於2017年發布更新韌體,但仍有設備未更新
https://www.ithome.com.tw/news/139710

Slack修補遠端程式攻擊漏洞,只付1,750美元惹爭議
https://www.ithome.com.tw/news/139696

IBM Resilient 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4579

GitLab 13.3開始提供模糊測試,可發現Go和C/C++應用程式臭蟲
https://www.ithome.com.tw/news/139671
Mozilla 產品多個漏洞
https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-41/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-38/

Bridgefy離線通訊存私隱漏洞
http://startupbeat.hkej.com/?p=91596

ESET發布了用於在Thunderbolt界面中導航來自漏洞的風險的指南
https://reurl.cc/v1qXol

HiCOS資安漏洞通知,請盡速更新版本
https://www.chgsh.chc.edu.tw/newsin.php?_nClass=2&nID=11343

Safari 驚爆新漏洞!用戶過往 瀏覽記錄全曝光
https://kknews.cc/tech/kkv4vzp.html

IBM DB2資料庫爆資料外洩漏洞,影響Windows版本
https://www.ithome.com.tw/news/139575

IBM Security Key Lifecycle Manager賬戶問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4567

Gmail四月份爆出漏洞遲遲不修 研究人員八月公布漏洞後七小時內急修好
https://reurl.cc/0OjnK6

Gmail 冒名轉寄漏洞發現逾 4 個月,Google 終於推出修補程式
https://technews.tw/2020/08/27/sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/

Google 修復可造成遠端執行任意程式碼的嚴重 Chrome 漏洞
https://www.twcert.org.tw/tw/cp-104-3905-b33da-1.html

Google Chrome 多個漏洞
https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html

【頁面操作效率大提升】Chrome 新增分頁群組功能,還可直接編輯 PDF
https://buzzorange.com/techorange/2020/08/27/google-chrome-85/

Google Researcher Reported 3 Flaws in Apache Web Server Software
https://thehackernews.com/2020/08/apache-webserver-security.html

Apache伺服器爆致命漏洞;暗網巨頭關閉數日疑遭DDoS攻擊
https://kknews.cc/tech/9vg54el.html

Chrome 85出爐,網頁載入速度快10%
https://www.ithome.com.tw/news/139608

「緊急通知」寶塔面板漏洞linux正式版7.4.2
https://segmentfault.com/a/1190000023732864

【安全通報】寶塔某處未授權訪問數據庫漏洞
https://nosec.org/home/detail/4536.html

Check Point Research 發現 Alexa 特定子域存在漏洞
https://kknews.cc/tech/3yvy88g.html

微軟緊急推出資安修補更新,修復兩個可提升執行權限的嚴重資安漏洞
https://www.twcert.org.tw/tw/cp-104-3891-5dc4f-1.html

微軟物聯網安全解決方案發現特權提升漏洞,需要盡快升級
https://tech.sina.com.cn/roll/2020-08-26/doc-iivhuipp0788878.shtml

Windows 8.1、RT 8.1 和 Server 2012 R2 的安全更新:2020 年 8 月 19 日
https://support.microsoft.com/zh-cn/help/4578013/security-update-for-windows-8-1-rt-8-1-and-server-2012-r2

研究人員披露Safari Web Share API漏洞詳情蘋果計劃2021年春季修復
https://www.cnbeta.com/articles/tech/1020059.htm

Metasploit Framework module 存在安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7376

Cellopoint CelloOS - Unauthenticated Arbitrary File Disclosure
https://www.twcert.org.tw/tw/cp-132-3846-7790c-1.html

Jackson反序列化遠程代碼執行漏洞(CVE-2020-24616)風險通告,騰訊雲防火牆支持攔截
https://s.tencent.com/research/bsafe/1102.html

Linux 內核多個漏洞
https://www.auscert.org.au/bulletins/ESB-2020.2864.2/

Check Point Research 發現Alexa 特定子域存在漏洞
https://www.ofweek.com/security/2020-08/ART-510010-8460-30455136.html

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86

Patch now: Cisco warns Jabber IM client for Windows has a critical flaw
https://www.zdnet.com/article/cisco-warns-jabber-im-client-for-windows-has-a-critical-flaw/

Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely
https://thehackernews.com/2020/09/cisco-jabber-hacking.html

High-Severity Cisco DoS Flaw Plagues Small-Business Switches
https://threatpost.com/high-severity-cisco-dos-flaw-small-business-switches/158124/

Security Bulletin: WebSphere Application Server ND is vulnerable to cross-site scripting (CVE-2020-4575)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-nd-is-vulnerable-to-cross-site-scripting-cve-2020-4575/

Security Bulletin: WebSphere Application Server ND is vulnerable to cross-site scripting (CVE-2020-4575)
https://www.ibm.com/support/pages/node/6323293

SECURITY BULLETIN: Trend Micro Deep Security Manager and Vulnerability Protection Multiple Vulnerabilities
https://success.trendmicro.com/solution/000252039-SECURITY-BULLETIN-Trend-Micro-Deep-Security-and-Vulnerability-Manager

K02663161: BIND vulnerability CVE-2020-8622
https://support.f5.com/csp/article/K02663161

Windows 10: Microsoft Leaves Active Security Exploit Unfixed—For Two Years!
https://www.forbes.com/sites/daveywinder/2020/08/30/windows-10-microsoft-leaves-active-security-exploit-unfixed-for-two-years-glueball/#7d581a1e1a9e

Cellopoint CelloOS - Remote Command Execution (RCE)
https://www.twcert.org.tw/tw/cp-132-3845-be6bf-1.html

Safari 驚爆新漏洞!用戶過往「瀏覽紀錄全曝光」 iOS14 測試版已先搶修
https://www.ettoday.net/news/20200826/1793703.htm

Safari藏漏洞使iPhone及Mac用戶陷點擊詐騙風險,但蘋果計畫2021年初才要補
https://www.ithome.com.tw/news/139606

思科交換機和光纖存儲解決方案發現高危漏洞,需要盡快升級
http://finance.jrj.com.cn/tech/2020/08/27155930604829.shtml

Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild
https://thehackernews.com/2020/09/cisco-issue-warning-over-ios-xr-zero.html

TeamViewer高危漏洞可洩露用戶密碼
https://www.aqniu.com/news-views/69677.html

微軟IoT硬體安全平台Azure Sphere爆出權限升級與程式碼執行漏洞
https://reurl.cc/R1jOLD

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
封閉式網絡失守 「判上判」程式開發成漏洞
https://reurl.cc/LdbDDX

數位資產可獲保險保障
https://view.ctee.com.tw/processing/22505.html

行庫振興進度 財部9/7驗收
https://www.chinatimes.com/newspapers/20200824000156-260202?chdtv

街口託付寶安全嗎?這3大風險在你投資前一定要知道
https://www.storm.mg/article/2984421

金控集團 將可共享客戶資料
https://money.udn.com/money/story/5613/4822339

一銀ATM盜領後教訓 打斷手骨顛倒勇
https://ec.ltn.com.tw/article/breakingnews/3279298

純網銀向白帽駭客請益 強化資安實兵演練
https://money.udn.com/money/story/5613/4813498

永豐金控 贊助資安會議
https://www.chinatimes.com/newspapers/20200825000421-260203?chdtv

《金融》金融三業衝金融科技 支付、機器人、保險科技最夯
https://reurl.cc/VXj16n

北韓「募資」新招?駭客為拯救祖國不惜搶劫全球銀行
https://newtalk.tw/news/view/2020-08-27/456933

美國對北韓駭客的全球銀行盜竊行動進行警告
https://reurl.cc/j5kGpp

美警告:北韓駭客入侵多國銀行竊取資金 讓ATM吐鈔
https://ec.ltn.com.tw/article/breakingnews/3272985

監理科技黑客松 開跑
https://money.udn.com/money/story/5607/4806730

在網路輸入信用卡號要注意的兩件事
https://blog.trendmicro.com.tw/?p=65085

數位理財通/純網銀發展 留意五大關鍵
https://money.udn.com/money/story/9740/4818307

台灣首屆監理科技黑客松 Taiwan RegTech Challenge 2020 廣發全球英雄帖
https://www.bnext.com.tw/article/59001/tdcc1

頻遭網路攻擊 紐西蘭證交所連3日中斷交易
https://ctee.com.tw/news/global/325744.html

紐西蘭證交所遭駭 交易連4天停擺 週五終恢復
https://reurl.cc/x0OQNe

紐西蘭證交所再遭境外駭客攻擊 情報單位將調查
https://money.udn.com/money/story/5602/4818478

財經背景不是唯一標準!將來銀行總經理:具備這些特質才適合當「純網銀人」
https://buzzorange.com/techorange/2020/08/28/online-bank-needs-new-prefessional/

海外券商免手續費暗藏陷阱 KPMG:小心資安!
https://money.udn.com/money/story/5613/4829178

香港財庫局推「千人計劃2.0」 冀創1500個金融業新職位
http://www.hkcd.com/content/2020-08/28/content_1210853.html

【臺灣資安大會直擊】永豐金控數位科技長萬幼筠:金融資安出現6大典範轉移,數位金融更將成為資安治理最大挑戰
https://www.ithome.com.tw/news/139628

Magecart’s Success Paves Way For Cybercriminal Credit Card ‘Sniffer’ Market
https://threatpost.com/magecarts-success-paves-way-for-cybercriminal-credit-card-sniffer-market/158684/

Credit Card ‘Sniffers’ Pose Persistent Threat to Growing E-Commerce Industry
https://www.recordedfuture.com/credit-card-sniffers/

ATM vendors Diebold and NCR fixed deposit forgery bugs
https://securityaffairs.co/wordpress/107421/hacking/diebold-nixdorf-ncr-deposit-forgery.html

New Zealand stock exchange disrupted by fourth 'offshore' cyber attack
https://www.theguardian.com/world/2020/aug/28/new-zealand-stock-exchange-disrupted-by-fourth-offshore-cyber-attack

New Zealand stock exchange halted by cyber-attack
https://www.bbc.com/news/53918580#:~:text=NZX%20said%20it%20had%20first,before%2016%3A00%20local%20time.

PANDEMIC UNEMPLOYMENT ASSISTANCE FRAUD REMAINS PROLIFIC
http://click.broadcasts.visa.com/xfm/?41081/0/5b9664726de563dcd4507e334c5c7daa/lonew

Online Banking Mistakes that can Compromise your Bank Account
https://futtress.com/simple-online-banking-mistakes/

NCR confirms malware in lab environment, says clients not at risk
https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Academics bypass PINs for Visa contactless payments
https://www.zdnet.com/article/academics-bypass-pins-for-visa-contactless-payments/

New Zealand Stock Exchange Trades Again After DDoS
https://www.bankinfosecurity.com/new-zealand-stock-exchange-trades-again-after-ddos-a-14904

UltraRank hackers steal credit cards from hundreds of stores
https://www.bleepingcomputer.com/news/security/ultrarank-hackers-steal-credit-cards-from-hundreds-of-stores/

Lack of MFA May Have Caused Sendgrid Account Compromise
https://www.bankinfosecurity.com/lack-mfa-may-have-caused-sendgrid-account-compromise-a-14916

US Agencies Warn of Uptick in North Korean Bank Heists
https://www.bankinfosecurity.com/us-agencies-warn-uptick-in-north-korean-bank-heists-a-14902

New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data
https://thehackernews.com/2020/09/credit-card-telegram-hackers.html

3.電子支付/行動支付/pay/資安
交通罰單新增行動支付管道 今起LINE Pay Money也能繳
https://news.ltn.com.tw/news/life/breakingnews/3280158

街口首創條碼三合一...狠甩對手3年、整合三大超商2350萬會員,致勝關鍵在哪
https://www.bnext.com.tw/article/59045/jkos-e-invoice

國泰世華銀行攜手誠品打造 「eslite Pay」
https://www.chinatimes.com/realtimenews/20200903004318-260410?chdtv

不再需要會員卡! 花蓮知名打卡地標商場推出全方位行動支付
https://reurl.cc/m9GZ8G

【刷卡繳學費】3管道大PK 街口、Line Pay回饋大完勝
https://tw.appledaily.com/property/20200830/RPWSCY3QKZDSNKA3UAANZCCPMQ/

玉山銀:台灣Pay共通規格 有利於營業人受理支付
https://ctee.com.tw/news/finance/327708.html

【電子支付】疫情刺激電商 Visa:上半年電商交易額增10個百分點
https://reurl.cc/Xk451M

最願意在哪用手機支付?7成台人選這
https://reurl.cc/GroX83

《金融》電支使用人數 年底估破千萬
https://reurl.cc/Q3jWr0

街口支付瞄準南部行動支付商機 積極往南拓展
https://udn.com/news/story/7239/4823438

勞Show支道——電子支付再建奇功
https://reurl.cc/pyWZzr

字節跳動取得牌照進入萬億手機支付市場
http://www.hkcna.hk/content/2020/0903/848783.shtml

4.加密貨幣/挖礦/區塊鍊 資安
Defi、錢包、交易所、詐騙… 8月共28起安全事件,危害程度評級為「中級」
https://www.blocktempo.com/peckshield-security-report-august-2020/

加密幣稅務網 CryptoTrader.Tax 遭駭!上千名交易者個資被竊取
https://blockcast.it/2020/08/25/hacker-stole-data-on-more-than-1k-users-from-cryptotrader-tax/

IRS | 美國國稅局承包商 CryptoTrader.Tax 爆外洩,1,082名「投資人個資」被放到暗網兜售
https://www.blocktempo.com/cryptotrader-tax-users-data-leaked-by-hacker/

慢霧:技術拆解 YFValue 合約漏洞,一行代碼如何鎖定上億美元
https://www.chainnews.com/zh-hant/articles/188428512978.htm

CERtified — Hacken發佈的加密貨幣交易所安全標準
https://reurl.cc/7orln1

美國研究:數位貨幣成大陸資金移出關鍵工具
http://www.bcc.com.tw/newsView.4442506

重磅!建設銀行釋出「DCEP數位貨幣錢包」,中國央行「人民幣3.0」時代來臨! (內有APP實測)
https://www.blocktempo.com/ccb-release-dcep-wallet-app-the-age-of-cbdc-had-come/

中國推進數字貨幣大規模測試,世界多國角逐激烈
https://www.bbc.com/zhongwen/trad/business-53722841

通膨點燃黃金和比特幣再次發光
https://reurl.cc/6lEL1k

告別紙幣?來看看數位人民幣錢包真實的樣子
https://news.knowing.asia/news/5ec7c0c3-27bf-4408-9895-2f6cb11beee4

「人民幣不適合作避險貨幣」美國智庫學者:中國央行數位貨幣,對美元霸權不構成威脅
https://www.blocktempo.com/dcep-will-rise-but-not-rule/

Binance|多方打擊加密詐欺!幣安宣布啟動「加密資產安全聯盟」呼籲業者加入
https://www.blocktempo.com/binance-announce-cryptosafe-alliance/

數字貨幣悄然內測,會取代支付寶和微信嗎
https://news.sina.com.tw/article/20200903/36239502.html

鏈上反恐追蹤:美國司法部披露的「恐怖主義」加密貨幣地址,洗錢流向解析
https://www.blocktempo.com/how-terrorist-organizations-do-money-laundering/

美國司法部欲查封 280 個「與北韓有關」的加密帳戶,聯手中國 OTC 洗錢獲利數億
https://www.blocktempo.com/us-doj-prosecute-korea-hacker-and-china-otc/

日本|LINE 加密版圖再擴張:推出 BITMAX Wallet、區塊鏈開發平台,連結 LINE ID 加快轉帳效率
https://www.blocktempo.com/line-launches-bitmax-wallet-and-line-blockchain-developers/

美國司法部欲查封 280 個「與北韓有關」的加密帳戶,聯手中國 OTC 洗錢獲利數億
https://www.blocktempo.com/us-doj-prosecute-korea-hacker-and-china-otc/

DOJ Seeks to Recover Stolen Cryptocurrency
https://www.bankinfosecurity.com/doj-seeks-to-recover-stolen-cryptocurrency-a-14915

Hacker Stole 1,000 Traders’ Personal Data From Crypto Tax Reporting Service
https://www.coindesk.com/hacker-cryptotrader-tax

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
Mac 資安威脅越來越高,惡意軟體居然被蘋果認證合格
https://reurl.cc/KjpX5M

安全人員發現 Mac 應用被植入 XCSSET 惡意程式,或將躲過安全偵測滲透 App Store
https://www.kocpc.com.tw/archives/340206

『Akamai insight』新冠病毒肆虐的現在, DDoS勒索信件正在亞洲金融產業捲土重來,請加強資安防護
https://www.zerone.com.tw/Content/Product/02A71DA8F9F80BCE

AWS社群AMI藏有挖礦惡意程式
https://www.ithome.com.tw/news/139576

2020年最新勒索軟件 Maze雙重勒索
https://reurl.cc/n0EOb8

請注意防範北韓駭客組織所利用之惡意程式
http://net.nthu.edu.tw/2009/mailing:announcement:20200825_01

挖礦惡意程式藉由假防毒防駭軟體大肆散布
https://www.twcert.org.tw/tw/cp-104-3900-ab831-1.html

PC用戶注意!資安業者揭露:挖礦惡意程式藉由「假冒版」防毒軟體入侵
https://3c.ltn.com.tw/news/41461

假防毒軟體出沒注意!小心電腦沒獲保護反被利用挖礦
https://newtalk.tw/news/view/2020-08-28/457302

微軟警告Anubis竊密木馬程式已在網路散布
https://www.ithome.com.tw/news/139663

Google 雲端爆安全漏洞!備份圖片恐被「調包」成惡意軟體
https://3c.ltn.com.tw/news/41431

系統才當機就爆漏洞?Google雲端資安問題 備份檔可能被調包成惡意軟體
https://reurl.cc/OqpEQ7

Google Drive 漏洞可能允許攻擊者向你提供惡意軟件
https://www.wangan.com/articles/863

Google雲端有安全漏洞 透過「管理版本」將文件替換成病毒
https://reurl.cc/Q39DNb

Google雲端硬碟錯誤可能允許黑客在您的手機上安裝惡意軟體
https://kknews.cc/tech/m9nrpzz.html

A Google Drive 'Feature' Could Let Attackers Trick You Into Installing Malware
https://thehackernews.com/2020/08/google-drive-file-versions.html

英資安公司調查:非洲市場逾5萬台中國品牌手機含惡意軟體
https://news.ltn.com.tw/news/world/breakingnews/3271627

中國售非洲「廉價手機」出廠藏木馬 移除後「陰魂不散再回來」
https://times.hinet.net/news/23025920

美國公布北韓駭客所使用的RAT惡意程式
https://www.ithome.com.tw/news/139529

請注意防範北韓駭客組織所利用之惡意程式
http://net.nthu.edu.tw/2009/mailing:announcement:20200825_01

美國公布搶劫全球銀行的北韓駭客集團BeagleBoyz分析報告
https://www.ithome.com.tw/news/139632

競爭對手雇用APT駭客在3ds Max軟體植入惡意外掛,入侵知名建商系統竊資
https://www.ithome.com.tw/news/139629

APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage
https://thehackernews.com/2020/08/autodesk-malware-attack.html

Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware
https://thehackernews.com/2020/08/hackers-journalist-malware.html

The Kittens Are Back in Town 3
https://www.clearskysec.com/the-kittens-are-back-in-town-3/

An Old Bot’s Nasty New Tricks: Exploring Qbot’s Latest Attack Methods
https://research.checkpoint.com/2020/exploring-qbots-latest-attack-methods/

QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money
https://thehackernews.com/2020/08/qakbot-banking-trojan.html

Gozi: The Malware with a Thousand Faces
https://research.checkpoint.com/2020/gozi-the-malware-with-a-thousand-faces/

The Shoe is a Lie: How an Android Botnet Defrauded Advertisers and Consumers
https://www.whiteops.com/blog/the-shoe-is-a-lie-how-an-android-botnet-defrauded-advertisers-and-consumers

TERRACOTTA Android Malware: A Technical Study
https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study

Malicious Attachments Remain a Cybercriminal Threat Vector Favorite
https://threatpost.com/malicious-attachments-remain-a-cybercriminal-threat-vector-favorite/158631/

Emotet botnet has begun to use a new ‘Red Dawn’ template
https://securityaffairs.co/wordpress/107705/cyber-crime/emotet-botnet-red-dawn-template.html

Canon confirms ransomware attack in internal memo
https://www.bleepingcomputer.com/news/security/canon-confirms-ransomware-attack-in-internal-memo/

Malware-Wielding Extortionists Target Tesla: 8 Takeaways
https://www.bankinfosecurity.com/malware-wielding-extortionists-target-tesla-8-takeaways-a-14911

'Lemon Duck' Cryptominer Aims for Linux Systems
https://www.bankinfosecurity.com/lemon-duck-cryptominer-aims-for-linux-systems-a-14909

Qbot Banking Trojan Now Hijacks Outlook Email Threads
https://www.bankinfosecurity.com/qbot-banking-trojan-now-hijacks-outlook-email-threads-a-14903

Ransomware: DarkSide Debuts; Script-Kiddies Tap Dharma
https://www.bankinfosecurity.com/ransomware-darkside-debuts-script-kiddies-tap-dharma-a-14874

Microsoft Defender can ironically be used to download malware
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-can-ironically-be-used-to-download-malware

Joker Spyware Plagues More Google Play Apps
https://threatpost.com/joker-spyware-google-play-apps-2/158895/

Russian Arrested After Offering $1 Million to U.S. Company Employee for Planting Malware
https://thehackernews.com/2020/08/russian-extortion-malware.html

Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware
https://thehackernews.com/2020/08/hackers-journalist-malware.html

NetWalker Ransomware in 1 Hour
https://thedfirreport.com/2020/08/31/netwalker-ransomware-in-1-hour/

In the wild QNAP NAS attacks
https://blog.netlab.360.com/in-the-wild-qnap-nas-attacks-en/

A Comprehensive Look at Emotet’s Summer 2020 Return
https://www.proofpoint.com/us/blog/threat-insight/comprehensive-look-emotets-summer-2020-return

Malware Used by Lazarus after Network Intrusion
https://blogs.jpcert.or.jp/en/2020/08/Lazarus-malware.html

Epic Manchego – atypical maldoc delivery brings flurry of infostealers
https://blog.nviso.eu/2020/09/01/epic-manchego-atypical-maldoc-delivery-brings-flurry-of-infostealers/

Epic_Manchego_IOC
https://github.com/NVISO-BE/nviso-cti/tree/master/Epic_Manchego_IOC

Chinese APT TA413 Resumes Targeting of Tibet Following COVID-19 Themed Economic Espionage Campaign Delivering Sepulcher Malware Targeting Europe
https://www.proofpoint.com/us/blog/threat-insight/chinese-apt-ta413-resumes-targeting-tibet-following-covid-19-themed-economic

Cybersquatting: Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers
https://unit42.paloaltonetworks.com/cybersquatting/

OpBlueRaven: Unveiling Fin7/Carbanak - Part I : Tirion
https://threatintel.blog/OPBlueRaven-Part1/

OpBlueRaven: Unveiling Fin7/Carbanak - Part II : BadUSB Attacks
https://threatintel.blog/OPBlueRaven-Part2/

Bella
https://github.com/kdaoudieh/Bella

KryptoCibule: The multitasking multicurrency cryptostealer
https://www.welivesecurity.com/2020/09/02/kryptocibule-multitasking-multicurrency-cryptostealer/

KryptoCibule — Indicators of Compromise
https://github.com/eset/malware-ioc/tree/master/kryptocibule/

DLL Fixer leads to Cyrat Ransomware
https://www.gdatasoftware.com/blog/cyrat-ransomware

Threat Actor Profile: TA2719 Uses Colorful Lures to Deliver RATs in Local Languages
https://www.proofpoint.com/us/blog/threat-insight/threat-actor-profile-ta2719-uses-colorful-lures-deliver-rats-local-languages

Apple Approved Malware
https://objective-see.com/blog/blog_0x4E.html

The Kittens Are Back in Town 3 Charming Kitten Campaign Evolved and Deploying Spear-Phishing link by WhatsApp
https://www.clearskysec.com/wp-content/uploads/2020/08/The-Kittens-are-Back-in-Town-3.pdf

“Face Mask Manufacturer” Supplies Agent Tesla Malware
https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

The BLINDINGCAN RAT and Malicious North Korean Activity
https://www.sentinelone.com/blog/the-blindingcan-rat-and-malicious-north-korean-activity/

B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G
逾20萬中國傳音手機預載廣告詐騙程式
https://www.ithome.com.tw/news/139600

酈英傑:5G電信商若受中國等威權政府控制 將有隱私安全漏洞
https://www.rti.org.tw/news/view/id/2077446

三星頂規旗艦Note 20 Ultra、旗艦平板Galaxy Tab S7 傳綠螢幕災情
https://3c.ltn.com.tw/news/41460

Android 11增加更多限制!Google為顧用戶隱私將讓第三方App更難用相機
http://n.yam.com/Article/20200824760832

中共抵制蘋果淪笑柄!中國民眾爆搶購
https://reurl.cc/Y69X3a

美國會要擬「框架法案」 全面規範中共app
https://reurl.cc/0O2Xv9

自從手機跑分工具App安兔兔被Google下架後,山寨安兔兔開始滿天飛
https://www.techbang.com/posts/80776-the-well-known-running-app-ann-rabbit-was-removed-by-google-and-the-shanzhai-app-flew-in-full

陸製手機竊數據 還亂花錢
https://reurl.cc/e86ODM

逾20萬中國傳音手機預載廣告詐騙程式
https://www.ithome.com.tw/news/139600

譚德塞親中反被捅刀!中國賣給非洲手機被抓包剝削用戶
https://newtalk.tw/news/view/2020-08-27/456763

「WeChat的資安疑慮」之專家回應
https://smctw.tw/7072/

全國首例!大學生情侶利用微信漏洞獲利被判刑
https://www.sohu.com/a/415388450_161623

1200 個 iOS App 使用含有廣告詐騙惡意程式碼,且會竊取資料的 SDK
https://blog.twnic.tw/2020/08/31/14964/

印度再封鎖118個中國程式,百度及支付寶入列
https://www.ithome.com.tw/news/139763

Government Blocks 118 Mobile Apps Which are Prejudicial to Sovereignty and Integrity of India, Defence of India, Security of State and Public Order
https://www.pib.gov.in/PressReleasePage.aspx?PRID=1650669

India bans PUBG Mobile, and over 100 other Chinese apps
https://techcrunch.com/2020/09/02/india-bans-pubg-and-over-100-additional-chinese-apps/

Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud
https://thehackernews.com/2020/08/ios-sdk-ad-fraud.html

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
網路戰是新常態
https://times.hinet.net/news/23028285

面對網路攻擊事件,該如何回應
https://blog.trendmicro.com.tw/?p=65051

官方網站為何駭客入侵攻擊
https://web.bc3ts.net/post/4421136

不是被盜刷!酷航系統設定錯誤向沒有購買機票會員寄發航班通知
https://www.kocpc.com.tw/archives/340449

想舒服也要小心!看謎片當心被側錄 恐成為駭客威脅對象
https://reurl.cc/Z7rbv6

90後程序員為炫技控制67萬餘台電腦,又找到博彩網站漏洞獲利百萬,判了
https://ori.hangzhou.com.cn/ornews/content/2020-08/28/content_7802014.htm

後疫情時代的八種資安威脅
https://blog.trendmicro.com.tw/?p=65562

不會 C 語言也可以是資安高手,學好 Python 就能和駭客大戰
https://buzzorange.com/techorange/2020/08/27/cyber-security-with-python/

【臺灣資安大會直擊】解決攻防團隊各司其職、目標衝突的現象,紅藍隊演練需要透過紫隊來居間協調
https://www.ithome.com.tw/news/139425

【臺灣資安大會直擊】企業要設立資安專責單位,應先考慮的3大資安管理建議
https://www.ithome.com.tw/news/139666

【臺灣資安2020的下一步戰略】透過數據驅動的資安情資,做資安防駭超前部署
http://www.tpcc.org.tw/topic_detail.php?id=f88e7f4a1c350750

被抄還是捲款而逃?全球最大暗網黑市 Empire Market 已蒸發三天
https://www.inside.com.tw/article/20787-Dark-web-Empire-Market-has-mysteriously-disappeared

《一九八四》沒真實上演 竊聽仍在你我身邊
https://www.digitimes.com.tw/col/article.asp?id=1244&cf=AI1

駭客和攝像頭:北京在香港部署「數位羅網」
https://cn.nytimes.com/technology/20200825/hong-kong-national-security-law/zh-hant/

中共已對淘寶、蝦皮具有更大控制力 我須嚴肅面對中資引發資安及智財威脅
https://reurl.cc/LdpMmx

YouTube 解密演算法!回應「黃標」爭議:強調沒有言論審查
https://3c.ltn.com.tw/news/41439

Google、Facebook放棄海底電纜香港端改道台灣、菲律賓上岸,亞太網路樞紐正悄悄轉移
https://reurl.cc/ygQrp2

全球網路攻防搶旗賽CTF九月正式起跑 將首次採全程線上競賽
https://reurl.cc/zzeXOp

趨勢科技辦網路攻防賽 培養全球資安人才
https://money.udn.com/money/story/5612/4809015

【臺灣資安大會直擊】擬定資安策略要從俯視角度看待,活用資安框架及Cyber Defense Matrix更是關鍵
https://www.ithome.com.tw/news/139567

「淘寶台灣」疑資安風險 遭罰41萬新台幣限半年撤資
https://hk.on.cc/hk/bkn/cnt/cnnews/20200824/bkn-20200824152941442-0824_00952_001.html

劍指華為?台美5G安全共同宣言發布 將合作維護資安
http://dev99.newtalk.tw/news/view/2020-08-26/456437

台美攜手去中 美「乾淨路徑」納台灣電信公司
https://reurl.cc/4m4p6K

美國增列中國交建等11家中企 認定受解放軍掌控
https://www.cna.com.tw/news/firstnews/202008290045.aspx

駭客和攝像頭:北京在香港部署「數位羅網」
https://cn.nytimes.com/technology/20200825/hong-kong-national-security-law/zh-hant/

防堵現漏洞!中企藉複雜交易 已取得美晶片「核心技術」
https://www.setn.com/News.aspx?NewsID=803313

中共駭客攻擊臺灣晶片公司 作案手法曝光
https://reurl.cc/5qraKG

中國挖不到就偷! 7家竹科半導體廠遭駭 從晶片設計到程式碼都要 在美國資安界「引起很大轟動」
https://reurl.cc/av9zZQ

對共軍資通電戰必須官民合作
https://reurl.cc/D6dXpE

中共攻台資訊安全戰 「軟硬」二手策略曝光
https://www.epochtimes.com/b5/20/8/30/n12367954.htm

各取所需產業鏈!清大研究生兩度勇闖中國「統戰團」,直擊中國人也未必懂的黑箱結構
https://reurl.cc/q8ONvg

簡報:新疆封城防疫引發民怨;時報專訪原黨校教授蔡霞
https://cn.nytimes.com/morning-brief/20200826/xinjiang-coronavirus-lockdown-cai-xia-xi-china/zh-hant/

中國國家密碼管理局《商用密碼管理條例(修訂草案徵求意見稿)》公開徵求意見
https://mp.weixin.qq.com/s/L-EUTmM3wE2NdgnNlSCdnQ

澳洲將調查外國勢力介入大學 疑為阻中國影響力
https://money.udn.com/money/story/5599/4824206

中國鑽澳洲法律漏洞 廣攬人才助陣高科技研發
https://udn.com/news/story/6809/4806502

中國鑽澳洲法律漏洞 招募頂尖科學家拿澳洲補助在中國註冊專利
https://tw.appledaily.com/international/20200825/LD2HNVYHABE5FGYGR3ZTP6IW6A/

2020年上半年美國網絡安全政策與舉措動態
https://mp.weixin.qq.com/s/rCgFmrn8ULuGpFj27Gek1A

擴大「排中」! 印度政府要求所有電信商勿買中國設備
https://newtalk.tw/news/view/2020-08-25/455632

傳500中國人申請「黃金護照」 審查存漏洞
https://hk.on.cc/hk/bkn/cnt/aeanews/20200827/bkn-20200827123000143-0827_00912_001.html

靠投資移民賺錢 賽普勒斯竟賣「黃金護照」給罪犯
https://news.ltn.com.tw/news/world/breakingnews/3269275

金小胖還好嗎? 金正恩露面駁斥昏迷傳言,北韓仍面臨兩大危機夾擊
https://www.storm.mg/article/2979580

日本が中国の影響工作に警戒せねばならない訳
https://toyokeizai.net/articles/-/371385

吹哨者揭露丹麥情報機關監控公民通訊,局長、官員遭停職
https://www.ithome.com.tw/news/139641

US wants to seize cryptocurrency stolen by North Korean hackers
https://www.bleepingcomputer.com/news/security/us-wants-to-seize-cryptocurrency-stolen-by-north-korean-hackers/

Cisco engineer resigns then nukes 16k WebEx accounts, 456 VMs
https://www.bleepingcomputer.com/news/security/cisco-engineer-resigns-then-nukes-16k-webex-accounts-456-vms/

Musk confirms Tesla Nevada factory was target of ‘serious’ cyber attack
https://www.defenceweb.co.za/cyber-defence/musk-confirms-tesla-nevada-factory-was-target-of-serious-cyber-attack/

The Ministry of Internal Affairs of Bashkortostan intends to cooperate with white hackers to reduce cyber crime
https://www.ehackingnews.com/2020/08/the-ministry-of-internal-affairs-of.html

Iranian Hackers Using LinkedIn, WhatsApp to Target Victims
https://www.bankinfosecurity.com/iranian-hackers-using-linkedin-whatsapp-to-target-victims-a-14914

Luxury Real Estate Rivalry Involved Hired Hackers
https://www.bankinfosecurity.com/luxury-real-estate-rivalry-involved-hired-hackers-a-14894

Hacking-for-Hire Group Expands Cyber Espionage Campaign
https://www.bankinfosecurity.com/hacking-for-hire-group-expands-cyber-espionage-campaign-a-14889

Massive Freepik Data Breach Tied to SQL Injection Attack
https://www.bankinfosecurity.com/massive-freepik-data-breach-tied-to-sql-injection-attack-a-14880

WordPress File Manager plugin flaw causing website hijack exploited in the wild
https://www.zdnet.com/article/wordpress-file-manager-bug-causing-full-website-takeover-exploited-in-the-wild/

Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today
https://thehackernews.com/2020/09/ssl-tls-certificate-validity-398.html

Who Is PIONEER KITTEN
https://www.crowdstrike.com/blog/who-is-pioneer-kitten/

SWP4_615 資安主管 - 傳統製造業
https://www.104.com.tw/job/7188t

資安滲透測試人員(網路安全分析師,Internet程式設計師,其他資訊專業人員)
https://www.cakeresume.com/companies/ace-home/jobs/d3242b

科技廠資安管制員(機動)
https://www.518.com.tw/job-LzpkVz.html

資安工程師、網管人員、網路工程師
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=114025&HIRE_ID=9912237

高薪韌體Firmware Kernel Developer (資安/密碼學 台北工作) ETP2_620
https://www.104.com.tw/job/71ja4

資安網路系統工程師【BU3-高雄】
https://www.104.com.tw/job/71hg0

資安系統工程師【BU3-台北】
https://www.104.com.tw/job/71hhz

資安工程師 / 資安防禦工程師
https://www.104.com.tw/job/71gtq

110年研發替代役/預聘 - 資訊安全開發工程師
https://www.104.com.tw/job/70tu3

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
台灣事實查核發展大躍進! AI不實訊息快篩平台上線
https://tfc-taiwan.org.tw/articles/4398

【科技力量助攻】資策會協助查核組織 開發「不實訊息快篩平台」
https://tfc-taiwan.org.tw/articles/4403

微軟向用戶發送了奇怪的Microsoft Teams FCM通知
https://www.sohu.com/a/415254234_114760

《金融行為通識課》:詐騙犯慣用的九種認知經驗法則&五種策略和角色
https://www.thenewslens.com/article/139171

為討2萬修車錢翻臉 女子臉書公開伴侶個資遭判刑5月
https://tw.appledaily.com/local/20200827/5APWF4U4ORAT7E7Q5EOEDUNQ34/

資料共享再利用 資策會科法所:個資去識別化管理成核心
http://n.yam.com/Article/20200826596764

FBI與CISA警告:美國正出現大規模的語音網釣活動
https://www.ithome.com.tw/news/139578

假訊息威脅加劇 積極反制護國安
https://www.ydn.com.tw/news/newsInsidePage?chapterID=1253993&type=forum

收到boarding 通知其實是對岸駭客
https://www.ptt.cc/bbs/Gossiping/M.1598348975.A.A47.html

被騙1900萬美元!亞馬遜存在漏洞,75萬員工竟被4人愚弄?
https://www.sohu.com/a/414698641_100123330

【網絡安全】新冠肺炎成上半年最大威脅 商務電郵詐騙升
https://reurl.cc/7orll1

美國VPN服務商遭駭!全球900家企業資料外洩
https://newtalk.tw/news/view/2020-08-26/456169

臉書網購商品詐騙案 中興警及時阻詐
https://times.hinet.net/news/23031125

駭客用AI仿冒英國能源公司CEO 語音命令員工匯款22萬歐元
https://reurl.cc/3LjYWO

「跳島」夯船票難得 33人還沒出遊就被騙走200萬元
https://m.ltn.com.tw/news/society/breakingnews/3276191

報復性旅遊傳詐騙 男大生訂蘭嶼船票被騙14萬
https://www.chinatimes.com/realtimenews/20200830002279-260402?chdtv

網紅受關注遭眼紅 個資公開、恐陷人身危險
https://reurl.cc/MdbNV3

中共國社交媒體監控公司的內部文件洩漏
https://gnews.org/zh-hant/320945/

拒絕3千萬誘惑!特斯拉員工聯手FBI 阻止駭客攻擊
https://www.ettvamerica.com/News/Article?i=137652

員工揭發網攻陰謀 Tesla躲過一劫
https://www.chinatimes.com/realtimenews/20200828005072-260410?chdtv

「100 萬美元夠嗎?」俄羅斯駭客小組提 BTC 報酬,專招募美國企業內鬼
https://www.blocktempo.com/russian-hackers-offered-us-employees-1m-to-plant-malware-on-company-computer/

CHINA} 3 Millions Mobile Phones Numbers with-Contact Names 2020
https://cybershafarat.com/2020/08/29/china-3-millions-mobile-phones-numbers-with-contact-names-2020/

Multiple Data Dumps – China / Hong Kong
https://cybershafarat.com/2020/04/25/multiple-data-dumps-china-hong-kong/

Lazarus Group Uses Spear Phishing to Steal Cryptocurrency
https://www.bankinfosecurity.com/lazarus-group-uses-spear-phishing-to-steal-cryptocurrency-a-14898

Alert: Vishing Attacks Are Surging
https://www.bankinfosecurity.com/alert-vishing-attacks-are-surging-a-14875

28,000 exposed printers hacked to highlight lack of printer security
https://www.hackread.com/28000-exposed-printers-hacked-over-lack-printer-security/

FBI Warns of Fraud Trend: Online Romance Scams
https://www.fbi.gov/contact-us/field-offices/saltlakecity/news/press-releases/fbi-warns-of-fraud-trend-online-romance-scams

Phishing scam uses Sharepoint and One Note to go after passwords
https://nakedsecurity.sophos.com/2020/09/02/phishing-scam-uses-sharepoint-and-one-note-to-go-after-passwords/

Sendgrid Under Siege from Hacked Accounts
https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/

E.研究報告
異(公)界轉生資安狗奴隸的第1天:人物與章節介紹
https://ithelp.ithome.com.tw/articles/10233367

異(公)界轉生資安狗奴隸的第2天:資安法與爆笑藝能界的距離
https://ithelp.ithome.com.tw/articles/10233714

異(公)界轉生資安狗奴隸的第3天:資安金字塔突破資安管理的坑
https://ithelp.ithome.com.tw/articles/10233745

APNIC文摘— 我們需要全方位的DNS安全策略
https://blog.twnic.tw/2020/09/01/14843/

網頁外鏈用了target=_blank 實作釣魚網站
https://zi.media/@jashliaoeuwordpress/post/89YVio

漏洞挖掘的藝術-面向源碼的靜態漏洞挖掘
https://www.cnblogs.com/hetianlab/p/13578463.html

NTT:2020年全球威脅情報報告
http://www.199it.com/archives/1099394.html

EaseUS RecExperts 螢幕錄影軟體@錄製麥克風背景音/遊戲畫面擷錄
https://funtop.tw/easeus-recexperts/

Weblogic一致性組件iiop反序列化斷裂淺析(CVE-2020-14644)
https://xz.aliyun.com/t/8155

對 Windows 最新嚴重內核驅動 win32kfull.sys 漏洞的分析
https://www.chainnews.com/zh-hant/articles/530473496860.htm

日企員工在家作業VPN遭網攻 海外900家企業資訊外洩流通暗網
https://www.ctwant.com/article/69654

Project Zero 對2019 年在野利用0 day 漏洞的分析總結
https://www.chainnews.com/articles/652966220514.htm

從逆向角度看證書覆蓋安裝漏洞
https://www.buaq.net/go-30196.html

ReNamer 7.2 功能超強的免費批次更名工具
https://ez3c.tw/831

CVE-2020-24616: Jackson 多個反序列化安全漏洞通告
https://blog.csdn.net/weixin_45728976/article/details/108256738

攻撃グループLazarusがネットワーク侵入後に使用するマルウェア
https://blogs.jpcert.or.jp/ja/2020/08/Lazarus_malware.html

Lockdoor-Framework
https://github.com/SofianeHamlaoui/Lockdoor-Framework

Starbucks says gift card hack was 'fraudulent activity'
https://www.bbc.com/news/technology-32844123

Hacking Starbucks for unlimited coffee
http://sakurity.com/blog/2015/05/21/starbucks.html

EagleShell
https://github.com/TRSTN4/EagleShell

malwoverview
https://github.com/alexandreborges/malwoverview

ioc-extractor
https://github.com/ninoseki/ioc-extractor

Iblessing - An iOS Security Exploiting Toolkit
https://www.kitploit.com/2020/08/iblessing-ios-security-exploiting.html

Bypassing AV through Metasploit Loader 64-Bit
https://medium.com/securebit/bypassing-av-through-metasploit-loader-64-bit-9abe55e3e0c8

Why streaming a video could freeze Microsoft IIS servers
https://www.bleepingcomputer.com/editorial/security/why-streaming-a-video-could-freeze-microsoft-iis-servers/

Bettercap: Hacking Attacks on Bluetooth Devices
https://reurl.cc/XkWze3

Browsers for Privacy, OPSEC, and OSINT
https://medium.com/@_C_3PJoe/browsers-for-privacy-opsec-and-osint-b4157382f218

Security_Ladders
https://github.com/product-security-group/Security_Ladders

Intel Owl- Open Source Cyber Threat Intelligence Project
https://hackersonlineclub.com/intelowl-open-source-cyber-threat-intelligence-project/

LinPwn
https://github.com/3XPL017/LinPwn

bluescan
https://github.com/fO-000/bluescan

postshell
https://github.com/rek7/postshell

Osintgram
https://github.com/Datalux/Osintgram

SpaceSiren - A Honey Token Manager And Alert System For AWS
https://www.kitploit.com/2020/09/spacesiren-honey-token-manager-and.html

Turn your laptop into a portable mainframe
https://oofhours.com/2019/09/17/turn-your-laptop-into-a-portable-mainframe/

Penetration Testing and security programs
https://en.iguru.gr/2020/09/03/penetration-testing-kai-programmata-asfaleias/

Apollo
https://github.com/apacketofsweets/Apollo

Coronavirus & Cybersecurity: 3 Areas of Exploitation
https://pentestmag.com/coronavirus-cybersecurity-3-areas-of-exploitation/

A Self-Evolved Microservice Framework in Go
https://medium.com/@jfeng45/a-self-evolved-microservice-framework-in-go-d9bf87c10ab0

NCSC Releases Cyber-Guidance
https://www.infosecurity-magazine.com/news/ncsc-releases-cyberguidance/

DroneSploit - A pentesting console framework dedicated to drones
https://hakin9.org/dronesploit-a-pentesting-console-framework-dedicated-to-drones/

Computer Forensic Analysis By U.S. Department of Justice — FBI
https://digitalforensicexaminer.wordpress.com/2006/11/02/computer-forensic-analysis-by-u-s-department-of-justice-fbi/

F.商業
Check Point推出IoT Protect整合解決方案
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&id=0000591524_52z6sdkc1emuqw5gk4263

邊信聯科技 打造超前部署可信邊緣運算技術
https://money.udn.com/money/story/11799/4805248

F5調查顯示多數消費者認為不需為自我資安負責
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000591534_ydj6nhvs2rwq3g59myjby

超越端點:為何組織要選擇XDR進行全面的偵測及回應
https://blog.trendmicro.com.tw/?p=65162

趨勢科技、Snyk擴大合作 推全新資安解決方案
https://money.udn.com/money/story/5613/4814541

Palo Alto Networks 推出業界最具規模、最完善協調的資安應用平台
https://news.sina.com.tw/article/20200824/36125440.html

奧義智慧聯手日本資通訊大廠 Net One System 提供AI資安防護 加速拓展日本市場
https://turnnewsapp.com/livenews/tech/A07657002020082510134855

提金融科技建言 安侯建業:應有個資專責主管機關
https://www.cna.com.tw/news/afe/202008250104.aspx

看好台灣戰略優勢!傳Google將建第三座資料中心
https://reurl.cc/r8QRRb

數位通國際MDR服務 雲端系統防駭新寵
https://money.udn.com/money/story/5640/4813392

可運用ZDI揭露的弱點資訊,趨勢次世代IPS整合威脅情報服務
https://www.ithome.com.tw/review/139603

Fortinet 年貢獻台灣代工廠150億!深化資安承諾、持續投資台灣
https://reurl.cc/N6pRb6

Fortinet 公布最新《全球威脅型態報告》:後疫情時代資安威脅高速演變中
https://reurl.cc/4m4pN3

資安廠公布網路威脅報告 「台病毒威脅比全球更嚴重」
https://www.ettoday.net/news/20200829/1796375.htm

Fortinet:今年全球病毒活動量增加131% 影響層級達「國家級」
https://udn.com/news/story/7086/4820813

趨勢科技上半年資安報告:新生活型態衍生資安威脅
https://money.udn.com/money/story/5648/4823517

趨勢科技 2020 上半年攔截了 880 萬次冠狀病毒病相關威脅
http://n.yam.com/Article/20200827237854

資安新考驗 上半年攔截880萬次疫情相關威脅
https://reurl.cc/m9GZN7

精誠攜手台灣高鐵打造點數兌換平台
https://ctee.com.tw/industrynews/consumption/327466.html

G.政府
【臺灣資安2020的下一步戰略】透過數據驅動的資安情資,做資安防駭超前部署
https://www.ithome.com.tw/news/139538

國防部841件機密採購用免費電子信箱聯繫? 林昶佐:資安問題暴露風險
https://www.ftvnews.com.tw/news/detail/2020824W0093

立委爆國防部使用免費信箱聯繫! 網驚:國防武器竟以Gmail購買
https://newtalk.tw/news/view/2020-08-24/455334

國防部要求採購單位以公務信箱對外 防安全漏洞
https://www.cna.com.tw/news/aipl/202008240338.aspx

招標用免費電子信箱引資安疑慮?國防部:未涉機密事項
https://udn.com/news/story/10930/4806804?from=udn-ch1_breaknews-1-cate1-news

擔心軍情外洩 國防部要求所屬採購單位公務信箱不再使用Gmail或Hotmail
https://reurl.cc/WL3W07

國防部:嚴格要求所屬使用國軍公務電子信箱
https://www.ydn.com.tw/news/newsInsidePage?chapterID=1253934&type=immediate

國網中心推分析大師 助攻企業政府智慧化轉型
https://www.cna.com.tw/news/ait/202008250038.aspx

公告「智慧機械-產業聚落供應鏈數位串流暨AI應用」主題式研發計畫- 智慧製造資安強化推動
https://www.moea.gov.tw/Mns/populace/news/News.aspx?kind=2&menu_id=41&news_id=91088

總統:資安就是國安 建立強有力的主動防禦系統
http://m.match.net.tw/pc/news/politics/20200826/5463057

新版數位身分證明年上路 資安風險引外界憂慮
http://globalnewstv.com.tw/202008/124195/

外交部與AIT共同發布臺美「5G安全共同宣言」
https://reurl.cc/j5kGD1

衛生福利部公告基層醫療院所資安防護參考指引
http://sc-dr.com.tw/content-detail.php?type=5&id=5318

【政院組改】考量網路世代 整合NCC、資安處等設置「數位發展部」
https://tw.appledaily.com/politics/20200826/TVO3FHGJLBHHBPKKURUX7JRISU/

區域變化快速 蔡英文:需要自二戰以來最全面戰略調整
https://reurl.cc/EzpRVR

[公告] 109年度資訊安全能量登錄暨資通安全自主產品通過名單
https://www.acw.org.tw/News/Detail.aspx?id=1148

情報戰開打!國軍遭爆洩密中國 陳柏惟「2招」封殺共諜
https://www.setn.com/News.aspx?NewsID=802947

國軍資安憂!軍服3D掃描機「爆中資」
http://www.eracom.com.tw/EraNews/Home/HotNews/2020-08-25/236636.html

資安一把抓 別淪全民公敵
https://www.chinatimes.com/newspapers/20200826000476-260118?chdtv

政院組改 考量網路世代需求 科技部NCC整合 組建數位發展部
https://www.chinatimes.com/newspapers/20200826000439-260119?chdtv

蔡總統:提升防衛能力 守護自由印太
https://reurl.cc/GroEOZ

柯P任內資安事件創新高! 議員:今年已發生18起
https://m.ltn.com.tw/news/politics/breakingnews/3275561

北市府資通安全事件創新高 今年已18起
https://m.ltn.com.tw/news/life/paper/1396312

蔡總統與澳洲智庫視訊 首次釋出台澳戰略合作訊息
https://money.udn.com/money/story/7307/4814314

谷歌、臉書海纜登陸台灣 政院將建網路交換中心
https://udn.com/news/story/7238/4824202?from=udn-ch1_breaknews-1-cate6-news

資安即國安!強化防禦計畫 國安會明年增列1038萬預算
https://tw.appledaily.com/politics/20200901/CK2GA64R6FHEDG3BQ2QF22TYMU/

公部門一個月被「駭」上千萬次…沒有煙硝味的戰爭開打了
https://reurl.cc/R1jOlr

內政部:數位身分證由中央印製廠辦理 依法推動
https://tw.appledaily.com/politics/20200901/3GJIQTKX2NFS3G2XS6SWH7W7KY/

109年第3季資安職能評量開放報名
https://ctts.nccst.nat.gov.tw/NewsDetail/117

H.工控系統/ICS/SCADA 相關資安
七成以上工控系統漏洞可遠程利用
https://www.chainnews.com/zh-hant/articles/932035837238.htm

場域整合+標準訂定 工業局雙管齊下 助資安產業再進化
https://www.sipo.org.tw/industry-overview/industry-news/item/2058-2020082603.html

【臺灣資安大會直擊】從大型製造業實例,看FAB廠房、OA、RD和IoT內網防護新作法
https://www.ithome.com.tw/news/139649

工業編程中的惡意代碼及漏洞研究
https://www.secrss.com/articles/25069

《Black Hat 黑帽大會精選》工業物聯網 (IIoT)漏洞
https://blog.trendmicro.com.tw/?p=65592

台捷企業洽談近180場 鎖定工業自動化等領域
https://www.cna.com.tw/news/aipl/202009010004.aspx

自動化轉型 工業網路資安風險增
https://www.chinatimes.com/newspapers/20200902000452-260210?chdtv

I.教育訓練
資安長培育搖籃 資安LEAP班上課了
https://www.chinatimes.com/realtimenews/20200827005971-260410?chdtv

快速產生亂數隨機密碼
https://hackercat.org/diy-tools/generate-random-password-from-command-line

web安全攻防滲透測試實戰指南Web安全深度剖析白帽子講Web安全 黑客攻防技術教程黑帽
https://www.ruten.com.tw/item/show?22034189348543

[資安]有關於檔案上傳request參數filename在Burp裡面的問題
https://ithelp.ithome.com.tw/questions/10199942

資安漏洞修補 – IIS 目錄列舉(NTFS8.3格式)
https://cheyi.idv.tw/wp/2020/08/26/iis_scan_8-3/

MSSQL snapshot copy-on-write很棒的詮釋
https://www.dbaid.tw/2020/09/mssql-snapshot-copy-on-write.html

2-node vSAN within VMware Cloud on AWS
https://blogs.vmware.com/virtualblocks/2020/08/26/2-node-vsan-within-vmware-cloud-on-aws/

A quick study about Palo Alto Networks Firewalls and models with features and Capabilities
https://www.thenetworkdna.com/2020/07/a-quick-study-about-palo-alto-networks.html

How to Create PHP Web Shell And Backdoor using Weevely
https://blackhattutorial.com/how-to-create-php-web-shell-and-backdoor-using-weevely/

Cisco Viptela SDWAN: OMP Best Path Algorithm & Loop Avoidance
https://www.thenetworkdna.com/2020/07/cisco-viptela-sdwan-omp-best-path.html

BUILDING THE LAB – VSPHERE AND VSAN
https://my-sddc.net/building-the-lab-vsphere-and-vsan/

Network Basics for Hackers: Simple Network Management Protocol (SNMP) Theory, Reconnaissance and Exp
https://www.hackers-arise.com/post/2019/03/23/network-basics-for-hackers-simple-network-management-protocol-snmp-theory-reconnaissance

x86/x86-64 Assembly Introduction [FREE COURSE CONTENT]
https://hakin9.org/x86-x86-64-assembly-introduction-free-course-content/

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
特斯拉軟體鎖定功能被破解, 第三方升級服務費比官方便宜一半
https://www.techbang.com/posts/80769-tesla-vehicles-have-been-hacked-and-upgrades-are-half-as-cheap-as-official-ones

特斯拉 App 安全出漏洞?用戶可遙控千里之外的陌生人車輛
https://reurl.cc/3LammX

Tesla App疑出漏洞 車主可遙控陌生人座駕
http://startupbeat.hkej.com/?p=91708

新的物聯網基礎模塊漏洞可能使全球天量設備面臨安全風險
https://www.cnbeta.com/articles/tech/1019161.htm

人臉識別設備也“臉盲” 360AI安全研究院揭秘人工智能三大痛點
https://www.sohu.com/a/414973185_114984

實體裝置確保不可複製性 傳輸存取查驗數位簽章憑證 智慧物聯網資安四關卡 實體網路軟體資料都要顧
http://www.netadmin.com.tw/netadmin/zh-tw/technology/8B3AC9A6B2EF4E4897993A3277A3A986

手指輕碰就解鎖?智慧門鎖Level Touch開啟生活新紀元 用戶仍需定期檢驗這件事
https://reurl.cc/8nWp6j

物聯網資安三部曲:資安團隊+設備安全+供應鏈安全
https://www.acw.org.tw/News/Detail.aspx?id=1149

研究員發現物聯網裝置新漏洞
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000592139_z5b0rvq74nrhsh8wm589u

6.近期資安活動及研討會
Swift Meetup #55 9/1
https://www.meetup.com/Swift-Taipei-User-Group/events/272835401/

Taipei Rails Meetup 9/1
https://www.meetup.com/rails-taiwan/events/272821321/

#34 Azure 虛擬網路與 VPN - 串起彼此的橋樑 9/2
https://www.meetup.com/Azure-Taiwan/events/272626426/

Android Code Club(Taipei) 9/2
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/272614406/

中華電信學院 資通安全專業課程訓練 網站弱點偵測與防護管理 9/4
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=58

交通大學亥客書院 電子郵件之偽造攻擊與防護措施 9/5
https://hackercollege.nctu.edu.tw/?p=1203

台灣駭客年會 HITCON Training 2020 9/5
https://hitcon.kktix.cc/events/hitcon-training-2020

台灣駭客年會 HITCON Training 2020 - 學生報名 9/5
https://hitcon.kktix.cc/events/hitcon-training-2020-student

認證系統安全從業人員 SSCP 輔導班 9/5 ~ 9/13
https://www.iiiedu.org.tw/courses/asq902t2001/

夏日轉職工作坊 - Cloud Support Engineer 9/5
https://www.meetup.com/TaipeiWomeninTech/events/272334856/

《5G趨勢新視野-資安X場域實證X晶片創新應用》座談會 9/8
https://seminars.tca.org.tw/D15o00450.aspx

Second meetup! Constraint solvers, eclipse attacks and your talk here! 9/9
https://www.meetup.com/Papers-We-Love-Taipei-Taiwan/events/272610440/

中華電信學院 資通安全專業課程訓練 物聯網資安威脅與實務 9/9 ~ 9/11
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=54

【資安中階課程】滲透測試簡介與操作 9/10 (報名截止:2020/09/03 (四) 17:00)
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3914&from_course_list_url=course_index

Google Cloud 數據解決方案 9/11
https://www.meetup.com/CloudAce-Taiwan-meetup/events/272099266/

邊緣計算系統之大數據與深度學習應用 9/11
https://reurl.cc/62OD9k

Google Analytics 流量分析實務操作,完整掌握訪客軌跡,針對問題優化網站 9/11
https://www.techbang.com/posts/79359-course-ga-traffic-analysis-practice-operation-complete-interpretation-of-the-website-information

HITCON 2020 台灣駭客年會 9/11
https://hitcon.kktix.cc/events/hitcon-2020

交通大學亥客書院 基礎網頁安全與滲透測試 9/12
https://hackercollege.nctu.edu.tw/?p=1205

數據分析與機器學習案例實務(二)應用實例 上課時間:2020/9/14 (一)     09:30 ~ 16:30
https://reurl.cc/1xAoMp

【資安中階課程】網路封包分析 9/15 (報名截止:2020/09/10 (四) 17:00)
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3915&from_course_list_url=course_index

中華電信學院 資通安全專業課程訓練 Web應用滲透測試 9/16 ~ 9/17
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=167

工業控制系統(ICS)資安防護設計與強化實作培訓班(高雄) 9/17 ~ 9/19
http://www.tpcc.org.tw/topic_detail.php?id=bf61157646c54216

邊緣計算系統之大數據與深度學習應用 上課時間:    2020/9/18 (五)     09:30 ~ 16:30
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3895&from_course_list_url=homepage

為何勒索病毒無法根絕 9/19
https://tfc.kktix.cc/events/ransomware-prevent-share

【資安初階課程】資安工具101 9/24 (報名截止:2020/09/17 (四) 17:00)
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3917&from_course_list_url=course_index

中山資安社-資安讀書會 本次活動主題:區塊鏈 9/26
https://nsysuisc.kktix.cc/events/readinggroup20200926

IoT Sandbox 2020 智慧物聯網資安競賽 9/26中區初賽 / 9/29北區初賽
https://nchc-cdx.kktix.cc/events/iotsandbox2020

【資安中階課程】弱點掃描分析 9/29 (報名截止:2020/09/24 (四) 17:00)
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3916&from_course_list_url=course_index

工控資安基礎概論 10/6
http://ai-robot-stsp.tw/course/detail/?get_no=09W045

交通大學亥客書院 緩衝區溢位攻擊與預防 10/17
https://hackercollege.nctu.edu.tw/?p=1207

中華電信學院 自主式移動機器人ROS開發實戰班 10/20 ~ 10/23
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=188

硬體與晶片資安工作坊,歡迎踴躍報名參加 10/23
https://www.tca.org.tw/exhibit_info1.php?n=1272

交通大學亥客書院 入侵行為發覺與應變指南 10/24
https://hackercollege.nctu.edu.tw/?p=1214

交通大學亥客書院 進階網頁滲透測試 10/31
https://hackercollege.nctu.edu.tw/?p=1216

交通大學亥客書院 阻斷服務攻擊/分散式阻斷服務攻擊/Botnet 11/7
https://hackercollege.nctu.edu.tw/?p=1218

交通大學亥客書院 基礎網站安全建構實務 11/14
https://hackercollege.nctu.edu.tw/?p=1220

交通大學亥客書院 系統防護及內網威脅通報應變實戰班 11/17、11/24
http://service.tabf.org.tw/tw/user/409646/course1-4.htm

交通大學亥客書院 惡意程式檢測實務 11/21 11/28
https://hackercollege.nctu.edu.tw/?p=1222

交通大學亥客書院 高階網頁滲透測試 12/5 12/12
https://hackercollege.nctu.edu.tw/?p=1224

交通大學亥客書院 系統滲透測試與漏洞利用 12/19
https://hackercollege.nctu.edu.tw/?p=1226

交通大學亥客書院 AI於資訊安全之應用 2021/1/9 1/16
https://hackercollege.nctu.edu.tw/?p=1228

交通大學亥客書院 企業網域控管-Active Directory攻擊與防禦 2021/1/23
https://hackercollege.nctu.edu.tw/?p=1230



沒有留言:

張貼留言

資安事件新聞週報 2021/4/12 ~ 2021/4/16

 資安事件新聞週報 2021/4/12  ~  2021/4/16 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers...