資安事件新聞週報 2020/10/19 ~ 2020/10/23

 

資安事件新聞週報 2020/10/19  ~  2020/10/23

1.重大弱點漏洞/後門/Exploit/Zero Day
臉部辨識裝置爆資安漏洞
https://blog.trendmicro.com.tw/?p=65908

甲骨文10月修補402個漏洞
https://times.hinet.net/topic/23092693

Oracle Database Server Scheduler component 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14735

Magento rubygems openmage/magento-lts 注入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15244

Juniper Networks Releases Security Updates for Multiple Products
https://us-cert.cisa.gov/ncas/current-activity/2020/10/15/juniper-networks-releases-security-updates-multiple-products

Fortinet FortiOS 安全漏洞
https://www.secfree.com/vul-152579.html


7大手機瀏覽器漏洞可讓用戶導向惡意網站
https://www.ithome.com.tw/news/140674

10 個地址欄欺騙漏洞影響 7 個瀏覽器
https://www.chainnews.com/zh-hant/articles/615537884225.htm

Nagios XI 命令注入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5792

WebLogic 多個遠程代碼執行漏洞
https://blog.csdn.net/weixin_45728976/article/details/109208118

Cisco Releases Security Updates for Multiple Products
https://us-cert.cisa.gov/ncas/current-activity/2020/10/22/cisco-releases-security-updates-multiple-products

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
https://us-cert.cisa.gov/ncas/current-activity/2020/10/21/mozilla-releases-security-updates-firefox-firefox-esr-and

黑客攻擊Cisco 設備中的CVE-2020-3118 漏洞
https://defense.yunaq.com/news/5f924d31d132c828beebb4dc/

Cisco iOS XR Software 遠程代碼執行漏洞(CVE-2020-3118)
https://www.wangan.com/articles/1215

Cisco Adaptive Security Appliance (ASA) 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3599

Cisco Adaptive Security Appliance (ASA) 和 Cisco Firepower Threat Defense (FTD) 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3585

Check Point發現Instagram安全漏洞
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000596390_i2e48g1c8dkkck1go7w32

Microsoft出現遠端執行程式碼漏洞!盡快安裝修補程式
https://www.cybersechub.hk/en/post/683

快檢查!Win10 10月安全更新出大事,bug危害所有版本
https://kknews.cc/news/yj5z2va.html

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities
https://us-cert.cisa.gov/ncas/current-activity/2020/10/16/microsoft-releases-security-updates-address-remote-code-execution

用 Windows 編輯 iPhone 影片的人請小心,HEVC 影像檔有遠端入侵漏洞
https://reurl.cc/ygO9Qq

KB954593 - MS08-052:GDI+ 中的漏洞可能允許遠程代碼執行
https://support.microsoft.com/zh-cn/help/954593/kb954593-ms08-052-vulnerabilities-in-gdi-could-allow-remote-code-execu

VMware Releases Security Updates for Multiple Products
https://us-cert.cisa.gov/ncas/current-activity/2020/10/20/vmware-releases-security-updates-multiple-products

VMware ESXi OpenSLP 高危漏洞風險提示
https://www.wangan.com/articles/1227

VMSA-2020-0023
https://www.vmware.com/security/advisories/VMSA-2020-0023.html

sonicwall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010

Nearly 800,000 SonicWall VPNs Need Critical Flaw Patching
https://www.infosecurity-magazine.com/news/800k-sonicwall-vpns-critical-flaw

Two New IoT Vulnerabilities Identified with Mirai Payloads
https://unit42.paloaltonetworks.com/iot-vulnerabilities-mirai-payloads/

Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities
https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF

NSA warns defense contractors of recent Chinese government-backed hacking
https://www.cyberscoop.com/defense-contractors-chinese-government-hacking-nsa/

Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices
https://thehackernews.com/2020/10/linux-Bluetooth-hacking.htm

Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks
https://thehackernews.com/2020/10/browser-address-spoofing-vulnerability.html

New Chrome 0-day Under Active Attacks – Update Your Browser Now
https://thehackernews.com/2020/10/chrome-zeroday-attacks.html

【閒來無事小試身手】工程師自願幫蘋果抓漏洞,花三個月攻破獲五萬美金懸賞
https://buzzorange.com/techorange/2020/10/16/apple-security-bug/

Security Bulletin: IBM Security Guardium is affected by vulnerabilities in DB2, which Guardium ships
https://www.ibm.com/support/pages/node/6349177

Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a 3RD PARTY Cryptographc vulnerability
https://www.ibm.com/support/pages/node/6348664

Stable Channel Update for Desktop Tuesday, October 20, 2020
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

Chrome for Android Update Tuesday, October 20, 2020
https://chromereleases.googleblog.com/2020/10/chrome-for-android-update_20.html

IProom MMC+ Server - URL Redirection to Untrusted Site ('Open Redirect')
https://www.twcert.org.tw/tw/cp-132-4053-6e9a2-1.html

Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection
https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
驚動資安人員 日盛Online APP下載量爆桌
https://money.udn.com/money/story/5613/4954515

散戶投資熱 二款券商App下載量大增
https://news.cnyes.com/news/id/4535427

藍營立委質疑「北富銀系統之亂」,憂今不交報告! 黃天牧:相信會準時送到;有充分了解狀況
https://reurl.cc/Gra6zA

加拿大稅務局因遭受駭客攻擊被迫暫停線上服務
http://www.hwgroup.com.tw/info/20201023

富邦產險:疫情將使新常態資安與國際貿易風險增加
https://www.chinatimes.com/realtimenews/20201023003765-260410?chdtv

地價稅11月開徵 銀行推刷卡分期零手續費搶市
https://news.cnyes.com/news/id/4535827

Financial System Could Be Seriously Disrupted By Single Cyber Attack, G20 Warned
https://www.forbes.com/sites/tedknutson/2020/10/19/financial-system-could-be-seriously-disrupted-by-single-cyber-attack-g20-warned/#450b9f6488d4

Banking Web Injects Are Top Cyber Threat for Financial Sector
https://www.recordedfuture.com/banking-web-injects/

3.電子支付/行動支付/pay/資安
一"嗶"在手好方便 行動支付存隱憂
https://www.peopo.org/news/489207

移動支付又出新漏洞,這裏有一份支付安全指南請收好
https://pcnow.cc/p/A31MK5eb69.html

新華時評:網絡支付安全為先
http://big5.xinhuanet.com/gate/big5/www.xinhuanet.com/fortune/2020-10/23/c_1126650023.htm

LINE Pay深耕校園推展行動支付 普及率領先同業
https://reurl.cc/m9pKZW

台中行動支付店家六都吊車尾 市府: 成功爭取便利Pay
https://udn.com/news/story/7325/4950245

《金融》數位金融客群 八大場景最需行動支付
https://reurl.cc/r80OLZ

北韓也搞行動支付!走到哪嗶到哪...自稱研發成功已投入市場
https://www.ettoday.net/news/20201021/1836571.htm

低接觸支付「疫」外崛起 統一超三大電子支付突破2.7億人次
https://www.ettoday.net/news/20201021/1836701.htm

AppotaPay是第39家獲得越南國家銀行的許可證的支付中介公司
https://times.hinet.net/news/23091933

行動支付雙雄 「嗶」出新榮景
https://udn.com/news/story/7239/4941721

4.加密貨幣/挖礦/區塊鍊 資安
千呼萬喚!三大平台都支持的FileCoin主網上線後,將帶來什麼影響
https://news.knowing.asia/news/9b33af1f-d86b-4c88-b4b2-8ec28b4eea27

線上交易平台Robinhood被駭 近2,000帳戶資金遭竊取
https://money.udn.com/money/story/5602/4941836

給想入局DeFi投資者的7個建議!除了評估安全風險外,還要考量使用場景
https://news.knowing.asia/news/7511e0d8-c04a-443b-ae50-933e6b60152f

CVE-2020-26896:閃電網絡被曝安全漏洞
https://www.chainnews.com/zh-hant/articles/923956697599.htm

比特幣漲到一年多新高 因這個支付平台將可使用加密幣
https://udn.com/news/story/6811/4953865

PayPal 將開放加密貨幣交易,市場樂觀其成
https://technews.tw/2020/10/22/paypal-will-open-cryptocurrency-trading-the-market-is-optimistic-about-its-success/

【數碼人民幣】防支付寶和微信支付助大?剖析人民銀行發行數碼人民幣的箇中原因
https://reurl.cc/n0pGD1

千萬數位人民幣大試點,非區塊鏈且可離線支付
https://technews.tw/2020/10/12/large-pilot-program-for-tens-of-millions-of-rmb-non-blockchain-and-offline-payment/

Bitcoin wallet update trick has netted criminals more than $22 million
https://www.zdnet.com/article/bitcoin-wallet-trick-has-netted-criminals-more-than-22-million/

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
ESET與其他資安及電信業者協同打擊Trickbot殭屍網路
https://reurl.cc/7oE8Ob

勒索軟體找上遊戲公司 Ubisoft 與 Crytek,威脅披露《看門狗:自由軍團》的原始碼
https://reurl.cc/e8p2YQ

Google 揭中國駭客最新狠招!假冒防毒軟體入侵電腦
https://3c.ltn.com.tw/news/42046

年中資安報告:駭客集團精心策劃目標式攻擊 勒索病毒瞄準更大目標以及更高金額
https://blog.trendmicro.com.tw/?p=65658

勒索軟體受害者若未向警方報案恐損及他人
https://blog.twnic.tw/2020/10/23/15635/

Ryuk駭客組織重啟勒索攻擊,法國IT外包商Sopra Steria可能是最新受害者
https://www.ithome.com.tw/news/140697

Windows GravityRAT Malware Now Also Targets macOS and Android Devices
https://thehackernews.com/2020/10/windows-gravityrat-malware-now-also.html

Geofenced Amazon Japan Credential Phishing Volumes Rival Emotet
https://www.proofpoint.com/us/blog/threat-insight/geofenced-amazon-japan-credential-phishing-volumes-rival-emotet

Pakistani spy lured 98 targets with bots
https://timesofindia.indiatimes.com/city/lucknow/pakistan-spy-lured-98-targets-with-bots/articleshow/69867201.cms

GravityRAT: The spy returns
https://securelist.com/gravityrat-the-spy-returns/99097/

Operation Earth Kitsune: Tracking SLUB’s Current Operations
https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-kitsune.pdf

Looking Into the Eye of the Interplanetary Storm
https://www.bitdefender.com/files/News/CaseStudies/study/376/Bitdefender-Whitepaper-IPStorm.pdf

Secret-stealing Trojan active in Brazil releases the new framework SolarSys
https://blog.360totalsecurity.com/en/secret-stealing-trojan-active-in-brazil-releases-the-new-framework-solarsys/

T-RAT 2.0: Malware control via smartphone
https://www.gdatasoftware.com/blog/trat-control-via-smartphone

On the trail of the XMRig miner
https://securelist.com/miner-xmrig/99151/

Droppers, Downloaders and TrickBot: Detecting a Stealthy COVID-19-themed Campaign using Toolmarks
https://threatresearch.ext.hp.com/detecting-a-stealthy-trickbot-campaign/

An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques
https://labs.sentinelone.com/an-inside-look-at-how-ryuk-evolved-its-encryption-and-evasion-techniques/

Alert (AA20-296A) Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets
https://us-cert.cisa.gov/ncas/alerts/aa20-296a

Alert (AA20-283A)APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations
https://us-cert.cisa.gov/ncas/alerts/aa20-283a

Police Raided German Spyware Company FinFisher Offices
https://thehackernews.com/2020/10/finfisher-spyware-raid.html

FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks
https://thehackernews.com/2020/10/fin11-hackers-spotted-using-new.html

Lemon Duck brings cryptocurrency miners back into the spotlight
https://blog.talosintelligence.com/2020/10/lemon-duck-brings-cryptocurrency-miners.html

IAmTheKing and the SlothfulMedia malware family
https://securelist.com/iamtheking-and-the-slothfulmedia-malware-family/99000/

New action to combat ransomware ahead of U.S. elections
https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/

SourMint: malicious code, ad fraud, and data leak in iOS
https://snyk.io/blog/sourmint-malicious-code-ad-fraud-and-data-leak-in-ios/

Operation Quicksand MuddyWater’s Offensive Attack Against Israeli Organizations
https://www.clearskysec.com/wp-content/uploads/2020/10/Operation-Quicksand.pdf

Ave_Maria and Packer Malware Analysis
https://www.vmray.com/cyber-security-blog/warzone-rat-malware-analysis-spotlight/

New Vizom Malware Discovered Targets Brazilian Bank Customers with Remote Overlay Attacks
https://securityintelligence.com/posts/vizom-malware-targets-brazilian-bank-customers-remote-overlay/

B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G
Sensity:不雅圖片造假工具透過Telegram散播,受害者恐超過10萬人
https://www.ithome.com.tw/news/140660

WhatsApp推出程式內購買功能 強化臉書電商平台
https://news.cnyes.com/news/id/4535591

iOS 14 .1 曝災情!預設第三方瀏覽器與郵件App更新後,需重新設定
https://3c.ltn.com.tw/news/42100

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
全球前97大VPN業者3成是中資公司 只要「翻牆」就可能遭陸方監控
https://reurl.cc/4mlVyV

「黑客精神」陰暗面在人際關係?過分優化恐走向自我黑化
https://reurl.cc/7oEzok

現代羅賓漢?駭客勒索企業後捐贈贖款 慈善機構表示:拒收
https://reurl.cc/q8pWdR

網路威脅情資共享機制將有助資安團隊的效益倍增
https://technews.tw/2020/10/23/infoblox-october-tide/

百萬軟體賤賣四百3/大補帖攤販未滅 檔案無法安裝
https://www.ctwant.com/article/80139

研究指疫情下針對商店會員系統的網上攻擊增加
https://unwire.pro/2020/10/22/coronavirus-outbreak-triggered-a-rush-of-online-attacks-against-retail-loyalty-schemes/security/

嚴防資安破口 反制敵網路民兵
https://www.ydn.com.tw/news/newsInsidePage?chapterID=1275738&type=forum

【十字路口】拜登家再爆通共門 中共滲透聯合國
https://www.epochtimes.com/b5/20/10/17/n12482835.htm

白登版電郵門 FBI查是否俄國背後搞鬼
https://www.worldjournal.com/wj/story/121468/4944037

拜登兒「通郵門」不單純 50位美前情報官點出幕後黑手
https://www.chinatimes.com/realtimenews/20201023000021-260408?chdtv

推特推翻封殺拜登電郵門決定 允許用戶轉貼、分享
https://news.cnyes.com/news/id/4534333

瞄準競選團隊 Google 揭露中國大型駭客攻擊行動細節
https://www.inside.com.tw/article/21250-chinese-hacking-google-security-found

美國FCC要求司法部 評估中國聯通國安威脅
https://reurl.cc/0Omqrx

美國聯邦機構:俄羅斯最新駭客攻擊行動預示著可能干預美大選
https://reurl.cc/9XWmz8

美情報首長證實 俄國伊朗意圖干預大選
https://tw.appledaily.com/international/20201023/TEGFWYBVXBCDTC4WIGUVUZ34T4/

美國安局警告,中國駭客目標正對準美國軍事國防系統
https://reurl.cc/Kj21ke

美國安局示警 中共資助駭客鎖定美政軍資訊
https://reurl.cc/Ld2K3a

美方證實:俄羅斯駭客成功竊取政府網路資料
https://money.udn.com/money/story/10511/4957495

美指中國協助北韓規避制裁 訓練駭客網路竊盜、洗錢
https://tw.appledaily.com/international/20201023/XIJGO4CFEREQNPWOLJYHO2FXBQ/

YouTube刪除3000個中共營運的假帳號
https://www.epochtimes.com/b5/20/10/17/n12482575.htm

俄國兩名情報高官涉網攻德國國會 歐盟予以制裁
https://www.cna.com.tw/news/aopl/202010230205.aspx

美國大選|美指控俄羅斯駭客攻擊地方及州政府網路 至少兩伺服器遭入侵
https://tw.appledaily.com/international/20201023/U52YAXDQ4FDP7EKV54WW2K6HAM/

「中國威脅美國民主,北京意識形態橫行全球」!白宮國安顧問擂反中戰鼓,拉孔子助陣
https://www.storm.mg/article/3138616

美國教育部斥 12 大學收中俄逾十億匿名捐款 大部分與華為有科研合作 恐成技術轉移漏洞
https://reurl.cc/VX2bjQ

美指控中國黑客威脅美信息網絡 中國外交部:美國應停止賊喊捉賊
https://reurl.cc/bRdK2l

U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks
https://thehackernews.com/2020/10/russian-hackers.html

Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow
https://labs.sentinelone.com/purple-fox-ek-new-cves-steganography-and-virtualization-added-to-attack-flow/

India Witnessed Spike in Cyber Attacks Amidst Covid-19 - Here's Why
https://thehackernews.com/2020/10/covid-19-india-cyberattacks.html

CISA and FBI Release Joint Advisories Regarding Russian and Iranian APT Actors
https://us-cert.cisa.gov/ncas/current-activity/2020/10/22/cisa-and-fbi-release-joint-advisories-regarding-russian-and

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
網上情緣騙案人均失4100元 電子支付受騙比例13%
https://reurl.cc/ygO97D

滙豐:26%人曾遇電子支付詐騙
http://paper.wenweipo.com/2020/10/22/FI2010220015.htm

【LINE訊息查證】全民查證王就是你!165防詐、釣魚網站一秒辨識
http://official-blog.line.me/tw/archives/84217449.html

3玩家貪中國遊戲點數便宜 網購遭「三方詐欺」騙走13萬
https://news.ltn.com.tw/news/society/breakingnews/3330230

申請關簡訊 可幫長者擋掉認證關卡
https://m.ltn.com.tw/news/society/paper/1406767

日本藥廠台灣分部驚遭網路攻擊 部分資料遭竊
https://m.ltn.com.tw/news/society/breakingnews/3329663

新一波網釣攻擊假冒Microsoft Teams訊息以竊取Office 365憑證
https://www.ithome.com.tw/news/140710

駭客販售上億美國選民個資!FBI已展開調查
https://www.ettvamerica.com/News/Article?i=142675

駭客論壇流傳 幾乎美國選民個資
https://reurl.cc/148N4p

川普推特4年2度被同1人登入?荷資安專家傻眼
https://newtalk.tw/news/view/2020-10-23/483467

荷蘭資安人員號稱破解川普 Twitter 帳密?但遭白宮嚴正否認
https://www.inside.com.tw/article/21303-White-House-deny-claims-that-researcher-hacked-Trump-account

太容易!荷蘭資安專家猜對密碼 登入川普推特帳號
https://www.worldjournal.com/wj/story/121469/4957242

駭客稱破解川普推特:9字密碼超好猜
https://reurl.cc/avXYpD

FB推特禁轉拜登醜聞惹毛共和黨 參院委員會傳喚2公司執行長
https://www.chinatimes.com/realtimenews/20201023000058-260408?chdtv

美情報單位:俄將用真假電郵攻擊拜登
https://udn.com/news/story/121687/4941859?from=udn-catelistnews_ch2

俄利用烏克蘭真假電郵掀「10月驚奇」!鎖定朱利安尼餵假消息
https://udn.com/news/story/121687/4940309?from=udn-catebreaknews_ch2

「新聞警察」 推特仍禁貼拜登父子電郵門
https://m.ltn.com.tw/news/world/paper/1406610

台灣宿配網個資全外洩 僅通知業者而非用戶 處理態度引發質疑
https://m.ltn.com.tw/news/society/breakingnews/3323792

五星飯店爆個資外洩? 詐騙成員稱:我是飯店主管
https://reurl.cc/bRdrjv

審查爭議延燒 川普競選帳號又被推特凍結
https://reurl.cc/R12VG6

女性注意!公開照片恐被AI「數位脫衣」 連女星都受害
https://vip.udn.com/vip/story/121162/4955553

Google Doc 等13 個合法表單服務網站被惡意建立釣魚表單
https://blog.trendmicro.com.tw/?p=65709

千筆個資外洩 中正研擬強化學生資安
https://reurl.cc/Md2KAX

保單委託外製恐洩個資 立委要求保密SOP
https://udn.com/news/story/7239/4955307?from=udn-ch1_breaknews-1-cate6-news

Agile Threat Actors Pivot from COVID-19 to Voter Registration Themes in Phishing Lures
https://www.proofpoint.com/us/blog/threat-insight/agile-threat-actors-pivot-covid-19-voter-registration-themes-phishing-lures

E.研究報告
資安這條路─以自建漏洞環境學習資訊安全 系列
https://ithelp.ithome.com.tw/users/20108446/ironman/3463

Jboss 漏洞利用總結
https://www.wangan.com/articles/1240

CVE-2019-0230:Apache Struts OGNL遠程代碼執行漏洞詳解
https://www.4hou.com/index.php/posts/VlRB

DVS - D(COM) V(ulnerability) S(canner) AKA Devious swiss army knife
https://hakin9.org/dvs-dcom-vulnerability-scanner-aka-devious-swiss-army-knife/

PwnDoc - Pentest Report Generator
https://hakin9.org/pwndoc-pentest-report-generator/

Pivotnacci - A tool to make socks connections through HTTP agents
https://hakin9.org/pivotnacci-a-tool-to-make-socks-connections-through-http-agents/

Secret-stealing Trojan active in Brazil releases the new framework SolarSys
https://blog.360totalsecurity.com/en/secret-stealing-trojan-active-in-brazil-releases-the-new-framework-solarsys/

F.商業
CYBAVO頂尖資安團隊  打造區塊鏈最高資安
https://startupterrace.tw/news/310

中華電子公司中華資安國際 紅隊演練服務通過國際驗證
https://reurl.cc/9XWkgV

本土資安秀軟實力 高效散熱解決方案驚豔全場
https://money.udn.com/money/story/10860/4957051

Hitachi Vantara推出超融合基礎架構統一雲端管理
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000596389_a4n4gkp67iwgral59y05s

晶睿推開放平台智慧安防新品 可安裝App擴充功能
https://ec.ltn.com.tw/article/breakingnews/3329827

搶攻區塊鏈檔案存證商機!宏碁資訊攜手 ITM、旭聯資安推「BlockSeal」
https://blockcast.it/2020/10/23/aceraeb-partnered-with-itm-and-sunnet-cyber-to-launch-blockseal-blockchain-solution/

微軟資安高峰會 揭示「零信任」為資安基石
https://money.udn.com/money/story/5612/4958065

微軟攜手MITRE釋出捍衛機器學習系統的Adversarial ML Threat Matrix開放框架
https://www.ithome.com.tw/news/140700

思科:遠距辦公恐成資安防護漏洞,面臨詭譎多變網路惡意攻擊,台灣企業務必加強資安投資
https://tnntoday.com/296355/cisco-20201023

因應企業工作模式轉變,微軟揭示混合辦公資安三大架構
https://technews.tw/2020/10/23/microsost-security/

加速全球防詐產業鏈佈局 Gogolook插旗日本
https://reurl.cc/Ezm5nn

G.政府
「 立院濟南路直通中南海 」立法院研究室資訊設備全為大同公司承攬
https://reurl.cc/zzQajN

立院每年遭駭客攻擊550萬次 資訊處:都成功防堵
https://reurl.cc/Kj2WaM

若中天被撤照=總統府洩密案是真的?NCC全體同意2委員不需迴避
https://times.hinet.net/news/23084765

解構科技偵查》調查局、FBI揪中國邪惡熊貓!創台美合抗科技犯罪首例
https://www.storm.mg/article/3056273

蘇貞昌和徐國勇背書「數位身分證」的說法,若非無知就是可惡
https://www.thenewslens.com/article/142153

中資投資涉資安 經濟部同意檢討
https://reurl.cc/0OmqYY

開放大數據資料共享 台內政部:盼社會理性對話
https://www.epochtimes.com/b5/20/10/23/n12496884.htm

何志偉開記者會「打擊網路詐騙」 狠酸徐國勇:沒成效就下台
https://www.upmedia.mg/news_info.php?SerialNo=98542

H.工控系統/ICS/SCADA 相關資安
ABB攜手IBM,提升工業資安威脅的可視性
https://ctee.com.tw/industrynews/technology/356141.html

新唐舉辦發表會深入剖析工控、車用、物聯網微控制器
https://www.digitimes.com.tw/iot/article.asp?cat=130&id=0000596221_AV2323V219Y2D22TZEV0W

MOXA NPort IAW5004A-I/O Series過量認證嘗試不當限制漏洞
https://www.cics-vd.org.cn/publish/main/list/leakInfo/leakInfo_12264.html

ICS Medical Advisory (ICSMA-20-296-01) B. Braun OnlineSuite
https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01

ICS Medical Advisory (ICSMA-20-296-02) B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
https://us-cert.cisa.gov/ics/advisories/icsma-20-296-02

ICS Advisory (ICSA-20-294-01)Rockwell Automation 1794-AENT Flex I/O Series B
https://us-cert.cisa.gov/ics/advisories/icsa-20-294-01

ICS Advisory (ICSA-20-294-02)Hitachi ABB Power Grids XMC20 Multiservice-Multiplexer
https://us-cert.cisa.gov/ics/advisories/icsa-20-294-02

I.教育訓練
內核漏洞利用輕鬆學系列預告
https://www.anquanke.com/post/id/219051

了解CSRF漏洞(新手指南)
https://zhuanlan.zhihu.com/p/266989230

Log Analysis for Digital Forensic Investigation
https://medium.com/mii-cybersec/log-analysis-for-digital-forensic-investigation-e4a00f5a5c09

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
AIoT Taiwan展,台灣雲協大秀5G與資安軟實力
https://ec.ltn.com.tw/article/breakingnews/3328178

6.近期資安活動及研討會
交通大學亥客書院 入侵行為發覺與應變指南 10/24
https://hackercollege.nctu.edu.tw/?p=1214

國家高速網路與計算中心 【資安進階課程】資安情資分析手法與實務 10/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3924&from_course_list_url=course_index

交通大學亥客書院 進階網頁滲透測試 10/31
https://hackercollege.nctu.edu.tw/?p=1216

[廣宣學堂] 架構即程式碼深入實戰班 - Infrastructure as Code (IaC Day2) 10/31
https://broadmission.kktix.cc/events/iac-day2

國家高速網路與計算中心 邊緣計算系統之大數據與深度學習應用 11/6
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3895&from_course_list_url=course_index

交通大學亥客書院 阻斷服務攻擊/分散式阻斷服務攻擊/Botnet 11/7
https://hackercollege.nctu.edu.tw/?p=1218

資安防護實務與情境演練 2020-11-11 至 2020-11-13
https://cybersecurity.tisnet.com.tw/Home/SignUp/1082

交通大學亥客書院 基礎網站安全建構實務 11/14
https://hackercollege.nctu.edu.tw/?p=1220

Gopher Conference Taiwan 2020 11/14
https://www.meetup.com/golang-taipei-meetup/events/272815117/

交通大學亥客書院 系統防護及內網威脅通報應變實戰班 11/17、11/24
http://service.tabf.org.tw/tw/user/409646/course1-4.htm

資安社 - VR 大學之道 11/18
https://nsysuisc.kktix.cc/events/vr2020

Google Cloud 資安攻略,打造更安全的雲端環境|Google Cloud Security Overview 11/20
https://www.accupass.com/event/2008100235425139714960

【遠端監控在家上班】企業機密資訊安全及提升效率實作 10/23
https://www.accupass.com/event/2008260330053701468420

深耕計畫演講-基於了解駭客攻擊手法及思路的網路安全防禦方式 10/23
https://reurl.cc/A83e6Y

InfoSec Taiwan 2020 - Workshop 實作課程 11/2
https://event.twcsa.org/site/course/7y4p3J0m_oL6h-WZ9XNXcQ..

InfoSec Taiwan 2020 - Briefing 年會 11/3
https://event.twcsa.org/site/course/5t2kIENz-rXMDMsfG5FgQA..

[台灣網路講堂]域名之扣押與沒收 以司法實務操作為中心 11/20
https://www.ihub.tw/Calendar/ihub20201120

Google Cloud 資安攻略,打造更安全的雲端環境|Google Cloud Security Overview 11/20
https://www.accupass.com/event/2008100235425139714960

Cyberspace 2020聯合研討會 11/20
https://cyber2020.cc-isac.org/announce.php

交通大學亥客書院 惡意程式檢測實務 11/21 11/28
https://hackercollege.nctu.edu.tw/?p=1222

吱吱盃黑客松 2020/12/11
https://nsysuisc.kktix.cc/events/hackathon2020

交通大學亥客書院 高階網頁滲透測試 12/5 12/12
https://hackercollege.nctu.edu.tw/?p=1224

交通大學亥客書院 系統滲透測試與漏洞利用 12/19
https://hackercollege.nctu.edu.tw/?p=1226

交通大學亥客書院 AI於資訊安全之應用 2021/1/9 1/16
https://hackercollege.nctu.edu.tw/?p=1228

交通大學亥客書院 企業網域控管-Active Directory攻擊與防禦 2021/1/23
https://hackercollege.nctu.edu.tw/?p=1230



沒有留言:

張貼留言

2020年 12 月份資安、社群活動分享

  2020年 12 月份資安、社群活動分享 物聯網資安標章成果發表會 2020/12/01 https://www.taics.org.tw/RecentACTForm.aspx?ACTCat_id=1&ACT_id=11148 從Python到TensorFlow線上...