資安事件新聞週報 2020/10/12 ~ 2020/10/16

 

資安事件新聞週報 2020/10/12  ~  2020/10/16

1.重大弱點漏洞/後門/Exploit/Zero Day
Radeon 驅動發現漏洞可致 BSOD 死機
https://reurl.cc/k0oj7q

VMware vCenter Server 任意文件讀取漏洞通告
https://cert.360.cn/warning/detail?id=d50172ef4c867ec7b4735cb1cc366bc1

駭客發現蘋果網路 55 個安全漏洞,其中 11 項標記為「高危險」等級
https://technews.tw/2020/10/15/researchers-found-55-flaws-in-apples-corporate-network/

55 New Security Flaws Reported in Apple Software and Services
https://thehackernews.com/2020/10/apple-security.html

微軟推出十月 Patch Tuesday 資安更新修補包,共修復 87 個資安漏洞
https://www.twcert.org.tw/tw/cp-104-4061-59594-1.html

微軟加強驅動程式驗證可能引發Windows 10錯誤訊息
https://www.ithome.com.tw/news/140550

Microsoft Azure 遭發現漏洞,駭侵者可能接管用戶伺服器
https://www.twcert.org.tw/tw/cp-104-4047-28bc3-1.html

Researchers Find Vulnerabilities in Microsoft Azure Cloud Service
https://thehackernews.com/2020/10/microsoft-azure-vulnerability.html

美國網戰司令部要求立即修補 Windows TCP/IP 漏洞
https://www.twcert.org.tw/tw/cp-104-4063-8722a-1.html

Ping of Death:速修復TCP/IP RCE 漏洞CVE-2020-16898
https://blog.csdn.net/smellycat000/article/details/109108608

微軟WINDOWS TCP/IP堆疊存在安全漏洞(CVE-2020-16898),允許攻擊者遠端執行任意程式碼,請儘速確認並進行更新
https://www.isda.org.tw/2020/10/16/86aaf73a18de9162ed9ef1a4b540cda1/


US Cyber Command: Patch Windows 'Bad Neighbor' TCP/IP bug now
https://www.bleepingcomputer.com/news/security/us-cyber-command-patch-windows-bad-neighbor-tcp-ip-bug-now/

Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs
https://thehackernews.com/2020/10/windows-tcp-ip-patch-tuesday.html

Vulnerability Spotlight: Denial-of-service vulnerabilities in Allen-Bradley Flex I/O
https://blog.talosintelligence.com/2020/10/vuln-spotlight-allen-bradley-dos-flex-io.html

CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898

Security Bulletin: Unzip as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2019-13232)
https://www.ibm.com/support/pages/node/6347610

Security Bulletin: Apache Derby as used by IBM QRadar SIEM is vulnerable to Improper Input Validation (CVE-2018-1313)
https://www.ibm.com/support/pages/node/6347642

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
https://www.ibm.com/support/pages/node/6347588

Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability
https://www.ibm.com/support/pages/node/6347600

Security updates available for Adobe Flash Player | APSB20-58
https://helpx.adobe.com/security/products/flash-player/apsb20-58.html

IBM Security Guardium Security Bulletins - October 7th, 2020
https://exchange.xforce.ibmcloud.com/collection/489dd48d93112953fb164c8d4e453428

Cisco Security Advisories - October 07
https://exchange.xforce.ibmcloud.com/collection/0fb12cb8245a2d0c6a27f78a3cb1b92d

Linux 內核曝嚴重藍牙漏洞,影響多個版本
https://www.chainnews.com/zh-hant/articles/733257907701.htm

谷歌和英特爾警告Linux中存在高嚴重的藍牙安全漏洞
https://kknews.cc/tech/g4pzxj8.html

CVE-2020-12351/12352/24490:linux內核BlueZ遠程代碼執行漏洞
https://cert.360.cn/warning/detail?id=dcc4472b567e3ded25c1385fe3bbe247

盤點近期網絡安全漏洞
https://kknews.cc/tech/44bp84q.html

IProom MMC+ Server - URL Redirection to Untrusted Site ('Open Redirect')
https://www.twcert.org.tw/tw/cp-132-4053-6e9a2-1.html

2020-10 補丁日: SAP多個產品高危漏洞安全風險通告
https://blog.csdn.net/weixin_45728976/article/details/109097206

2.銀行/金融/保險/證券/支付系統/ 新聞及資安

手機綁定信用卡支付藏「資安隱憂」!專家建議「這樣做」
http://www.nexttv.com.tw/NextTV/News/Home/Society/2020-10-15/273989.html

紐約州金融服務部敦促設立專門機構監督大型社交媒體平台
https://reurl.cc/q8YjN0

韓國多家銀行近日遭受DDoS勒索攻擊
https://www.twcert.org.tw/tw/cp-104-4055-692d5-1.html

金融監理規範若不夠開放,創新很難實踐!3 大關鍵揭銀行服務未來式
https://meet.bnext.com.tw/articles/view/46975

【企業RPA實例:國泰金控】業務人員變身素人開發者,大力擁抱RPA加快數位轉型
https://www.ithome.com.tw/news/140422

Credit card skimmer targets virtual conference platform
https://www.redpacketsecurity.com/credit-card-skimmer-targets-virtual-conference-platform/

3.電子支付/行動支付/pay/資安
陳德霖開數碼錢包支付公司 中資眾安雲鋒入股 將與各國商合作
https://reurl.cc/GrNRKp

行動支付/電子支付哪裡不一樣?2020 四大行動支付比一比
https://reurl.cc/Oqm8M3

每2.8人就有1人用LINE Pay、街口用戶破350萬,兩大支付龍頭下個考驗是什麼
https://www.bnext.com.tw/article/59597/mobile-payment-trend-2020

街市資助租戶用電子支付
https://hk.appledaily.com/local/20201016/QCALPWBVGJA4DH77QIHBG3SP3M/

LINE Pay獲2020財訊金融獎「最佳行動支付」
https://www.chinatimes.com/realtimenews/20201016004282-260410?chdtv

疫情間電子支付遽增 歐洲央行評估發行虛擬歐元
https://www.rti.org.tw/news/view/id/2081985

網家 衝刺行動支付業務
https://udn.com/news/story/7254/4935575?from=udn-catelistnews_ch2

中國央行:2020年及未來一段時期,電子支付普及率有望繼續提升,移動支付
https://news.sina.com.tw/article/20201015/36591270.html

菲律賓促進電子支付 推動國民新身分識別系統
https://money.udn.com/money/story/5602/4933305

連結行動支付扣款失敗 北富銀:僅街口暫無法使用
https://reurl.cc/ygAjvD

全聯PX Pay婆媽部隊更勝網軍!3成台灣人都愛用的關鍵曝光
https://money.udn.com/money/story/5648/4937975

4.加密貨幣/挖礦/區塊鍊 資安
央行數位貨幣向左,區塊鏈向右
http://big5.ftchinese.com/story/001089745?full=y

Robinhood 驚傳資安危機!Netflix股票遭賣、帳戶盜領「29萬全飛」
https://www.ettoday.net/news/20201015/1832187.htm

XREX 上線七週,CipherTrace 偵測到第一件可疑比特幣洗錢案
https://www.inside.com.tw/article/21236-XREX-has-been-online-for-seven-weeks-and-detected-the-first-suspicious-Bitcoin-transfer

虛假更新致ELECTRUM錢包APP用戶兩年被竊取超2400萬美元的資產
https://reurl.cc/e8k4m7

習近平「南巡」之際 數字人民幣在深圳首測有何看點
https://www.bbc.com/zhongwen/trad/business-54536796

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
美國網戰司令部與微軟公司,同時開始對抗意圖駭侵美國大選的 TrickBot 僵屍網路
https://www.twcert.org.tw/tw/cp-104-4058-11e8e-1.html

IAmTheKing and the SlothfulMedia malware family
https://securelist.com/iamtheking-and-the-slothfulmedia-malware-family/99000/

Deep Analysis – The EKING Variant of Phobos Ransomware
https://www.fortinet.com/blog/threat-research/deep-analysis-the-eking-variant-of-phobos-ransomware

Lemon Duck brings cryptocurrency miners back into the spotlight
https://blog.talosintelligence.com/2020/10/lemon-duck-brings-cryptocurrency-miners.html

Alert (AA20-283A) APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations
https://us-cert.cisa.gov/ncas/alerts/aa20-283a

APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations
https://us-cert.cisa.gov/sites/default/files/publications/AA20-283A-APT_Actors_Chaining_Vulnerabilities.pdf

There’s a New a Golang-written RAT in Town
https://labs.bitdefender.com/2020/10/theres-a-new-a-golang-written-rat-in-town/

Watch Out — Microsoft Warns Android Users About A New Ransomware
https://thehackernews.com/2020/10/android-ransomware-lock.html

ALERT! Hackers targeting IoT devices with a new P2P botnet malware
https://thehackernews.com/2020/10/p2p-iot-botnet.html

New 'MosaicRegressor' UEFI Bootkit Malware Found Active in the Wild
https://thehackernews.com/2020/10/uefi-bootkit-malware.html

Microsoft and Other Tech Companies Take Down TrickBot Botnet
https://thehackernews.com/2020/10/trickbot-computer-virus.html

FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks
https://thehackernews.com/2020/10/fin11-hackers-spotted-using-new.html

Police Raided German Spyware Company FinFisher Offices
https://thehackernews.com/2020/10/finfisher-spyware-raid.html

"Front Door" into BazarBackdoor: Stealthy Cybercrime Weapon
https://www.advanced-intel.com/post/front-door-into-bazarbackdoor-stealthy-cybercrime-weapon

Software AG IT giant hit with $23 million ransom by Clop ransomware
https://www.bleepingcomputer.com/news/security/software-ag-it-giant-hit-with-23-million-ransom-by-clop-ransomware/

Somewhere over the RAINBOW(MIX)
https://www.whiteops.com/blog/somewhere-over-the-rainbowmix

New pastebin-like service used in multiple malware campaigns
https://blogs.juniper.net/en-us/threat-research/new-pastebin-like-service-used-in-multiple-malware-campaigns

HEH, a new IoT P2P Botnet going after weak telnet services
https://blog.netlab.360.com/heh-an-iot-p2p-botnet/

There’s a New a Golang-written RAT in Town
https://labs.bitdefender.com/2020/10/theres-a-new-a-golang-written-rat-in-town/

The FONIX RaaS | New Low-Key Threat with Unnecessary Complexities
https://labs.sentinelone.com/the-fonix-raas-new-low-key-threat-with-unnecessary-complexities/

B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G
完成網路安全協定!印度與日本將在 5G、物聯網、AI合作
https://www.inside.com.tw/article/21183-india-and-japan-cooperation

支付寶團隊回應手機黑產:人臉識別未被突破,受害人沒被套到錢和信息
https://www.freebuf.com/news/251550.html

一部手機失竊而揭露的竊取個人信息實現資金盜取的黑色產業鏈
https://www.freebuf.com/articles/network/249294.html

國外開發商如何解決 APP 開發中最耗時花人力的「錯誤修正溝通」,甚至神預測使用者的操作模式
https://buzzorange.com/techorange/2020/10/16/app_development_seetest_platform/

Twitter將更改受駭客攻擊材料政策,此前過濾《紐約郵報》文章引軒然大波
https://reurl.cc/3LMlLO

推特清晨大當機 官方:沒有證據顯示為駭客入侵
https://m.ltn.com.tw/news/world/breakingnews/3322926

Zoom點對點加密 4階段堵保安漏洞
http://startupbeat.hkej.com/?p=93928

中國聯通:未發佈過「斷卡」行動公告
https://news.sina.com.tw/article/20201016/36597934.html

Android 11 測試版新增與 iOS 類似的暫時釋放 app 佔用記憶體功能 以降低電力損耗
https://www.cool3c.com/article/157450

Apple T2 晶片遭發現存有無法修復的資安漏洞,可能導致駭侵者取得 root 權限
https://www.twcert.org.tw/tw/cp-104-4044-ff2a5-1.html

研究人員展示以客製化USB-C纜線破解MacBook Pro上的T2晶片
https://www.ithome.com.tw/news/140516

【5G手機】三星Galaxy S20 FE推出不足一個月 用家投訴不斷
https://reurl.cc/XkQYEE

Fitbit gallery can be used to distribute malicious apps
https://www.bleepingcomputer.com/news/security/fitbit-gallery-can-be-used-to-distribute-malicious-apps/

Research:Can you build spyware for a Fitbit
https://www.immersivelabs.com/resources/blog/fitbit-spyware/

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
【暗網奇談Ep.3】甚麼都能賺?暗網「萬能黑市」逛到心膽寒..殺手駭客任你挑
https://ck101.com/thread-5280036-1-1.html?ref=channel_newest_index

9分鐘5千票完售?搶看《DD52》演唱會「系統當機」
https://star.ettoday.net/news/1831157?redirect=1

出道1個月票9分鐘賣光 「G.O.F」演唱會遭黃牛入侵
https://reurl.cc/Mdzx4K

FBI 警告美國大眾,提防經由旅館 Wi-Fi 網路連線遠距工作的資安風險
https://www.twcert.org.tw/tw/cp-104-4046-6b751-1.html

微軟ELASTICSEARCH伺服器遭駭客攻擊刪除6.5TB用戶資料
https://www.isda.org.tw/2020/10/15/76a05f9113d9306fb3b4bd9e4a0ee524/

5萬多支亞洲室內監控遭駭!不雅影片遭上傳成人網站
https://reurl.cc/4mN71V

駭客入侵大量住家網路攝影機 出浴哺乳更衣房事全上網賣
https://tw.appledaily.com/international/20201013/4BXIBPEECRFKNHFOUAIGOYDKBE/

若中天被撤照=總統府洩密案是真的?NCC全體同意2委員不需迴避
https://cnews.com.tw/134201016a02/

Switch改機破解晶片遭破解 任天堂「最強法務」又頭痛了
https://udn.com/news/story/7086/4939585

阻駭客操控美國大選!微軟攔截大規模網攻行動
https://reurl.cc/2gQkm9

拜登之子電腦檔案外洩登小報 臉書推特禁分享川普開罵「糟透了」
https://tw.appledaily.com/international/20201015/3TUHJEAXKBHFFJLBWKUFN5QNCU/

中國防火牆世界最嚴格!連6年被認證「全球最差」國家
https://www.storm.mg/article/3111402

挪威政府聲稱8月國會遭駭是俄羅斯駭客所為
https://www.ithome.com.tw/news/140530

英情報頭子:陸是英最大長期威脅 危險程度比俄更高
https://www.chinatimes.com/realtimenews/20201015004787-260409?chdtv

大選在即!推特再祭規範禁自行宣布當選、轉發錯誤推文 拒操弄選情
https://reurl.cc/Z7N5GQ

推特禁拜登電郵門報導 執行長認有瑕疵、將被國會傳喚
https://money.udn.com/money/story/10511/4940043

緊咬對手兒子「電郵門」與中企交易 川普轟背叛美國:拜登贏中國贏
https://newtalk.tw/news/view/2020-10-16/480047

美國最大連鎖書店Barnes and Noble遭駭客入侵,從企業網路、實體書店到Nook服務全面停擺
https://www.ithome.com.tw/news/140562

台灣、美國、日本舉辦智財權研討會 印太地區18國參與
https://www.taiwannews.com.tw/ch/news/4030768

民主國家必定抵制!看個抖音都有資安疑慮了 聯合國竟在中國建數據中心
https://www.rti.org.tw/news/view/id/2082335

Silent Librarian APT right on schedule for 20/21 academic year
https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/

India Witnessed Spike in Cyber Attacks Amidst Covid-19 - Here's Why
https://thehackernews.com/2020/10/covid-19-india-cyberattacks.html

Sam's Club customer accounts hacked in credential stuffing attacks
https://www.bleepingcomputer.com/news/security/sams-club-customer-accounts-hacked-in-credential-stuffing-attacks/

Data watchdog issues biggest ever fine over airline cyberattack
https://www.zdnet.com/article/data-watchdog-issues-biggest-ever-fine-over-airline-cyberattack/

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
詐騙全聯1500萬點數 2嫌遭法辦
https://www.epochtimes.com/b5/20/10/15/n12478154.htm

鑽APP漏洞詐全聯!推薦會員200點
https://pttcareer.com/soft_job/M.1602787116.A.4C4.html

點數詐現金!全聯PX Pay遭破解 8折轉賣撈120萬
https://reurl.cc/d5ajXq

伊朗APT駭客組織鎖定全球12所大學發動網路釣魚攻擊
https://www.ithome.com.tw/news/140565

Barnes & Noble 系統遭入侵 顧客個人資料被盜
https://unwire.pro/2020/10/16/barnes-noble-cybersecurity-attack/security/

內部人士透露,遭駭客入侵的 Robinhood 帳戶數量恐接近 2,000 個
https://www.abmedia.io/robinhood-hack-larger-previously-thought-reports/

沒有想像中安全 ?FBI警告:智慧電視隱私保護有隱憂
https://news.sina.com.tw/article/20201015/36592196.html

情報單位上月研判:俄羅斯以真假電郵製造「十月驚奇」
https://www.worldjournal.com/wj/story/121468/4939285

美大選 十月驚奇頻發 或持續到明年1月
https://www.epochtimes.com/b5/20/10/16/n12479903.htm

中正大學資安大出包!5年學生個資寄給200人
https://reurl.cc/x03j7b

前員工疑竊營業祕密 安永發三點聲明
https://udn.com/news/story/7240/4934963?from=udn-ch1_breaknews-1-cate6-news

安永會計爆內鬼 前主管涉竊機密遭約談
https://reurl.cc/x03jLz

Agile Threat Actors Pivot from COVID-19 to Voter Registration Themes in Phishing Lures
https://www.proofpoint.com/us/blog/threat-insight/agile-threat-actors-pivot-covid-19-voter-registration-themes-phishing-lures

A Self-Service Password Reset Project Can Be A Quick Win For IT
https://thehackernews.com/2020/10/password-reset-software.html

Chowbus delivery service breached, hacker emails data to users
https://www.bleepingcomputer.com/news/security/chowbus-delivery-service-breached-hacker-emails-data-to-users/

E.研究報告
誰溫暖了資安部 系列
https://ithelp.ithome.com.tw/users/20006132/ironman/3564

資安這條路─以自建漏洞環境學習資訊安全 系列
https://ithelp.ithome.com.tw/users/20108446/ironman/3463

Envoy as a gRPC Load Balancer in Kubernetes
https://telegra.ph/Envoy-as-a-gRPC-Load-Balancer-in-Kubernetes-09-30

IoT Security: How to Search for Vulnerable Connected Devices
https://pentestmag.com/iot-security-how-to-search-for-vulnerable-connected-devices/

Most Important Computer Forensics Tools for Hackers and Security Professionals
https://gbhackers.com/computer-forensics-tools/

Hacking Android phone remotely using Metasploit
https://medium.com/@irfaanshakeel/hacking-android-phone-remotely-using-metasploit-43ccf0fbe9b8

Operation Quicksand
https://www.clearskysec.com/operation-quicksand/

Operation Quicksand MuddyWater’s Offensive Attack Against Israeli Organizations
https://www.clearskysec.com/wp-content/uploads/2020/10/Operation-Quicksand.pdf

Two New IoT Vulnerabilities Identified with Mirai Payloads
https://unit42.paloaltonetworks.com/iot-vulnerabilities-mirai-payloads/

Operation “Space Race”:Reaching the stars through professional Social Networks
https://www.telsy.com/wp-content/uploads/Operation_Space_Race.pdf

Metasploit Shellcodes Attack Exposed Docker APIs
https://www.trendmicro.com/en_us/research/20/j/metasploit-shellcodes-attack-exposed-docker-apis.html

TeamT5 Information Operation White Paper(Part 1 of 3): Observations on 2020 Taiwanese General Elections
https://teamt5.org/en/posts/teamt5-information-operation-white-paper-observations-on-2020-taiwanese-general-elections/

TeamT5 Information Operation White Paper (Part 2 of 3): China’s Digital Propaganda Formula inside the Great Firewall
https://teamt5.org/en/posts/teamt5-information-operation-white-paper-china-s-digital-propaganda-formula-inside-the-great-firewall/

TeamT5 Information Operation White Paper (Part 3 of 3): China’s Social Manipulation outside the Great Firewall
https://teamt5.org/en/posts/info-op-white-paper-iii-china-s-social-manipulation-outside-the-great-firewall/

MontysThree: Industrial espionage with steganography and a Russian accent on both sides
https://securelist.com/montysthree-industrial-espionage/98972/

CVE-2020-16898
https://github.com/advanced-threat-research/CVE-2020-16898

OSINT experiment: Trying to scrape completed contact forms
https://medium.com/daniels-tech-world/osint-experiment-trying-to-scrape-completed-contact-forms-2688637328af

Millhouse-Project
https://github.com/thrsrossi/Millhouse-Project

thrsrossi Millhouse-Project 1.414 Cross Site Scripting
https://packetstormsecurity.com/files/155103/thrsrossi-Millhouse-Project-1.414-Cross-Site-Scripting.html

c41n - an automated Rogue Access Point setup tool
https://hakin9.org/c41n-an-automated-rogue-access-point-setup-tool/

F.商業
立德國際資訊安全認證服務助攻5G與工業物聯網
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000595954_ngol3qlb495p4p5irnz6k

拚綠能供應鏈進軍國際 總統接見風電產業領袖
https://reurl.cc/r8Yjxy

取得零信任存取專利技術 完善SASE框架核心要件 軟體定義資安鐵三角 搭建整合式雲端安全
http://www.netadmin.com.tw/netadmin/zh-tw/trend/C13AD10D8D1343ADBDA02216AB95F860

台灣微軟首場資安高峰會 10/19 登場,5 大資安議題線上開講
https://technews.tw/2020/10/13/microsoft-security/

微軟首辦資安高峰會 揭微軟智慧資安最新技術與趨勢
https://tw.appledaily.com/property/20201014/TRX2KZ4TOFBXVMLUAHAEOKX2GE/

【RPA主要廠牌:Blue Prism】20年經驗建立RPA方法論,主打物件導向開發瞄準大企業
https://www.ithome.com.tw/news/140464

網擎數位存證信函 3步驟寄發省成本
https://money.udn.com/money/story/5640/4933885

G.政府
立院每年遭駭550萬次 資安受關注
https://udn.com/news/story/6656/4939395

立院每年遭550萬次駭客攻擊!資訊處:都沒讓駭客成功
https://udn.com/news/story/6656/4937026?from=udn_mobile_indexrecommend

淘寶台灣遭認定中資將停運 王美花:目前沒其他案
https://money.udn.com/money/story/5613/4937910

與孩子一起認識「美國資安意識月」
https://isafe.moe.edu.tw/article/2425?user_type=3&topic=9

NCC委員「任務」在身? 難躲質疑
https://udn.com/news/story/121744/4936320

科偵法彙整意見中 蔡清祥:修正後再進行立法
https://www.chinatimes.com/realtimenews/20201014004355-260402?chdtv

指中資假借外資港資來台大漏洞 經民連批金管會毫無作為
https://m.ltn.com.tw/news/politics/breakingnews/3322074

中共告台灣書又來了 這回給情治部門
https://www.cna.com.tw/news/firstnews/202010150102.aspx

資安專家幫企業找問題!工研院在9/23~9/25限時推出「資安問診室」,現場直擊
https://www.techbang.com/posts/81547-security-experts-help-you-fill-in-the-leak-directly-hit-the

漏氣?大陸吹噓台諜 總統府洩密案卻找不到駭客
https://www.worldjournal.com/wj/story/121222/4931541

央視再爆台2學者是間諜 陸委會轟又栽贓
https://reurl.cc/Oqm8G3

H.工控系統/ICS/SCADA 相關資安
ICS-CERT Security Advisories - October 13th, 2020
https://exchange.xforce.ibmcloud.com/collection/3df8f524e351700efc5ba2ea36af2a00

ICS-CERT Security Advisories - October 8th, 2020
https://exchange.xforce.ibmcloud.com/collection/35566cee355c17fb5cc1764f7f0a275a

完善 STM32 產品線,意法半導體加速工業自動化應用腳步
https://technews.tw/2020/10/14/stmicroelectronics-stm32-series/

I.教育訓練
TLS and ISO OSI Reference Model
https://wentzwu.com/2020/10/09/tls-and-iso-osi-reference-model/

Creating DICOM Associations in Ensemble
https://reurl.cc/odVbZD

OSCP Training VM’s hosted on Vulnhub.com
https://medium.com/@andr3w_hilton/oscp-training-vms-hosted-on-vulnhub-com-22fa061bf6a1

網路安全 駭客攻防實錄 恆盛杰資訊 碁峰資訊 190701B
https://www.ruten.com.tw/item/show?22042668586076

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
ETC舉辦【智慧電網資安與互通性檢測技術研討會_智慧電網資安、OpenADR需量反應與CNS16014智慧家電】
http://www.taiseia.org.tw/Industry/industry_more?id=1180

鴻海研究院資安所 目標車用ECU安全保護
https://video.udn.com/news/1189128

智慧安防公會成立 扮演產業及政府溝通重要橋樑
https://money.udn.com/money/story/5612/4940700

反轉全球安控產業市場 智慧安防公會服務處正式啟用
https://www.chinatimes.com/realtimenews/20201016004474-260410?chdtv

製程安全快速一把罩「5G ×資安×智慧製造」
http://n.yam.com/Article/20201016628982

連網智慧門鈴應用 隱私與執法如何平衡
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000592977_N2OLSB19604HJK8IHBVSD

6.近期資安活動及研討會
交通大學亥客書院 緩衝區溢位攻擊與預防 10/17
https://hackercollege.nctu.edu.tw/?p=1207

【Azure】Microsoft Azure Security Technologies 微軟雲端安全技術認證課程 10/17
https://www.accupass.com/event/2005280846381043060110

Raspberry Pi 4+Google AIY Voice Kit,打造智慧語音助理 10/17
https://www.techbang.com/posts/81150-raspberry-pi-4google-aiy-voice-kit

無痛上手 RPA (Robotic Process Automation)流程機器人 10/20
https://www.meetup.com/Taipei-Agile-AI/events/273431914/

中華電信學院 自主式移動機器人ROS開發實戰班 10/20 ~ 10/23
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=188

硬體與晶片資安工作坊,歡迎踴躍報名參加 10/23
https://www.tca.org.tw/exhibit_info1.php?n=1272

交通大學亥客書院 入侵行為發覺與應變指南 10/24
https://hackercollege.nctu.edu.tw/?p=1214

國家高速網路與計算中心 【資安進階課程】資安情資分析手法與實務 10/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3924&from_course_list_url=course_index

交通大學亥客書院 進階網頁滲透測試 10/31
https://hackercollege.nctu.edu.tw/?p=1216

[廣宣學堂] 架構即程式碼深入實戰班 - Infrastructure as Code (IaC Day2) 10/31
https://broadmission.kktix.cc/events/iac-day2

國家高速網路與計算中心 邊緣計算系統之大數據與深度學習應用 11/6
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3895&from_course_list_url=course_index

交通大學亥客書院 阻斷服務攻擊/分散式阻斷服務攻擊/Botnet 11/7
https://hackercollege.nctu.edu.tw/?p=1218

資安防護實務與情境演練 2020-11-11 至 2020-11-13
https://cybersecurity.tisnet.com.tw/Home/SignUp/1082

交通大學亥客書院 基礎網站安全建構實務 11/14
https://hackercollege.nctu.edu.tw/?p=1220

Gopher Conference Taiwan 2020 11/14
https://www.meetup.com/golang-taipei-meetup/events/272815117/

交通大學亥客書院 系統防護及內網威脅通報應變實戰班 11/17、11/24
http://service.tabf.org.tw/tw/user/409646/course1-4.htm

資安社 - VR 大學之道 11/18
https://nsysuisc.kktix.cc/events/vr2020

Google Cloud 資安攻略,打造更安全的雲端環境|Google Cloud Security Overview 11/20
https://www.accupass.com/event/2008100235425139714960

【遠端監控在家上班】企業機密資訊安全及提升效率實作 10/23
https://www.accupass.com/event/2008260330053701468420

深耕計畫演講-基於了解駭客攻擊手法及思路的網路安全防禦方式 10/23
https://reurl.cc/A83e6Y

InfoSec Taiwan 2020 - Workshop 實作課程 11/2
https://event.twcsa.org/site/course/7y4p3J0m_oL6h-WZ9XNXcQ..

InfoSec Taiwan 2020 - Briefing 年會 11/3
https://event.twcsa.org/site/course/5t2kIENz-rXMDMsfG5FgQA..

[台灣網路講堂]域名之扣押與沒收 以司法實務操作為中心 11/20
https://www.ihub.tw/Calendar/ihub20201120

Google Cloud 資安攻略,打造更安全的雲端環境|Google Cloud Security Overview 11/20
https://www.accupass.com/event/2008100235425139714960

Cyberspace 2020聯合研討會 11/20
https://cyber2020.cc-isac.org/announce.php

交通大學亥客書院 惡意程式檢測實務 11/21 11/28
https://hackercollege.nctu.edu.tw/?p=1222

吱吱盃黑客松 2020/12/11
https://nsysuisc.kktix.cc/events/hackathon2020

交通大學亥客書院 高階網頁滲透測試 12/5 12/12
https://hackercollege.nctu.edu.tw/?p=1224

交通大學亥客書院 系統滲透測試與漏洞利用 12/19
https://hackercollege.nctu.edu.tw/?p=1226

交通大學亥客書院 AI於資訊安全之應用 2021/1/9 1/16
https://hackercollege.nctu.edu.tw/?p=1228

交通大學亥客書院 企業網域控管-Active Directory攻擊與防禦 2021/1/23
https://hackercollege.nctu.edu.tw/?p=1230



沒有留言:

張貼留言

2020年 12 月份資安、社群活動分享

  2020年 12 月份資安、社群活動分享 物聯網資安標章成果發表會 2020/12/01 https://www.taics.org.tw/RecentACTForm.aspx?ACTCat_id=1&ACT_id=11148 從Python到TensorFlow線上...