資安事件新聞週報 2020/12/7 ~ 2020/12/11

 

資安事件新聞週報 2020/12/7  ~  2020/12/11

1.重大弱點漏洞/後門/Exploit/Zero Day
QNAP Security Advisories - December 7th, 2020
https://www.bleepingcomputer.com/news/security/qnap-patches-qts-vulnerabilities-allowing-nas-device-takeover/
https://www.qnap.com/en/security-advisory/qsa-20-16
https://www.qnap.com/en/security-advisory/qsa-20-12
https://www.qnap.com/en/security-advisory/qsa-20-13
https://www.qnap.com/en/security-advisory/qsa-20-14
https://www.qnap.com/en/security-advisory/qsa-20-15

VERT Threat Alert: December 2020 Patch Tuesday Analysis
https://www.tripwire.com/state-of-security/vert/vert-threat-alert-december-2020-patch-tuesday-analysis/

Gafgyt Using Pulse Secure Vulnerability
https://prod-blog.avira.com/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218

NSA Warns Russian Hacker Exploiting VMware Bug to Breach Corporate Networks
https://thehackernews.com/2020/12/nsa-warns-russian-hacker-exploiting.html

WARNING — Critical Remote Hacking Flaws Affect D-Link VPN Routers
https://thehackernews.com/2020/12/warning-critical-remote-hacking-flaws.html

Apache 近日發布更新以解決Apache Struts 的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/apache-releases-security-update-apache-struts-2

Apache發布針對Apache Tomcat的安全公告
http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C52858194-2efd-6f17-1821-9036c8494df0%40apache.org%3E
OpenSSL發布安全更新
https://www.openssl.org/news/secadv/20201208.txt

VMware 發布安全更新以解決多項產品弱點問題
https://www.vmware.com/security/advisories/VMSA-2020-0027.html

Russian State-Sponsored Actors Exploiting Vulnerability in Certain VMware Products
https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2434988/russian-state-sponsored-malicious-cyber-actors-exploit-known-vulnerability-in-v/

Cisco 近日發布更新以解決多個產品存在的遠端程式碼執行弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-java-rce-mWJEedcD

Cisco Reissues Patches for Critical Bugs in Jabber Video Conferencing Software
https://thehackernews.com/2020/12/cisco-reissues-patches-for-critical.html

Valve's Steam Server Bugs Could've Let Hackers Hijack Online Games
https://thehackernews.com/2020/12/valves-steam-server-bugs-couldve-let.html

研究人員揭露4個開源TCP/IP堆疊的安全漏洞Amnesia:33
https://www.ithome.com.tw/news/141572

Amnesia:33 — Critical TCP/IP Flaws Affect Millions of IoT Devices
https://thehackernews.com/2020/12/amnesia33-critical-tcpip-flaws-affect.html

今年最後一個Patch Tuesday,微軟修補58個安全漏洞
https://www.ithome.com.tw/news/141606

Microsoft Releases Windows Update (Dec 2020) to Fix 58 Security Flaws
https://thehackernews.com/2020/12/microsoft-releases-windows-update-dec.html

Windows Kerberos Vulnerability Exploited
https://www.bleepingcomputer.com/news/security/windows-kerberos-bronze-bit-attack-gets-public-exploit-patch-now/
https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-overview/
https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-theory/
https://support.microsoft.com/en-us/help/4598347/managing-deployment-of-kerberos-s4u-changes-for-cve-2020-17049
https://support.microsoft.com/help/4598347

Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams
https://thehackernews.com/2020/12/zero-click-wormable-rce-vulnerability.html

Adobe 多個產品存在安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/adobe-releases-security-updates-multiple-products

IBM Security Family PAM Content Update 4012.04111
https://exchange.xforce.ibmcloud.com/xpu/XPU%204008.20170

SAP Security Patch Day - December 2020
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079

Palo Alto Security Advisories
https://security.paloaltonetworks.com/PAN-SA-2020-0011

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
沒有溫柔櫃姐 拼資安與體驗
https://tw.appledaily.com/finance/20201210/WDRSSL4RHJE2HK2YCM2E6BOBXA/

三竹助攻 華南銀推出SnY數位帳戶APP
https://ec.ltn.com.tw/article/breakingnews/3377004

證交所取得ISO 22301認證,服務品質再提昇
https://www.moneydj.com/KMDJ/News/NewsViewer.aspx?a=f7c8486a-ec2c-404d-a18a-e93e6d05e70c

遠傳friDay理財+ 獲金管會首家核准「開放銀行」第二階段業務
https://news.sina.com.tw/article/20201211/37125598.html

黃天牧爆找樂天董「喝咖啡」 籲純網跟別打價格戰
https://www.ftvnews.com.tw/news/detail/2020C11F06M1

印度又被駭 700萬持卡人資料外洩暗黑網
https://www.fountmedia.io/article/89623

純網銀明年上路 個資保護是最大課題
https://udn.com/news/story/7239/5086202

刷臉比密碼更安全 網銀生物辨識成防盜利器
https://tw.appledaily.com/property/20201212/XGBRGOUQL5FA5NH7CWS7C6AIYY/

全年信用卡刷卡金額,拚再破 3 兆元大關
https://technews.tw/2020/12/11/annual-credit-card-amount/

期交所:運用金融區塊鏈函證 更保障投資人資訊安全權
https://money.udn.com/money/story/5613/5086612

Payment Card Skimmer Group Using Raccoon Info-Stealer to Siphon Off Data
https://thehackernews.com/2020/12/payment-card-skimmer-group-using.html

Hiding Web Skimmers in CSS Files
https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

3.電子支付/行動支付/pay/資安
又一PayPal幫成員公司上市!「先買後付」借貸平台Affirm申請IPO,預計募資千萬美元
https://meet.bnext.com.tw/articles/view/47134

電支用戶近1100萬人 10月代收付儲值衰退
https://reurl.cc/e8NeNx

蝦皮想拿到電子支付執照 蝦拚晚點付恐需喊停
https://udn.com/news/story/7239/5072904

電子支付成現今新常態 方便、安全、普及化
https://reurl.cc/q8lxlN

看上這一點,街口胡亦嘉與鄭文燦聯手打造「璀璨桃園支付節」
https://www.storm.mg/article/3283486

疫情加速本地電子商貿應用 Visa 研究發現電子支付首次超越現金
https://www.pcmarket.com.hk/20201211-visa-consumer-payment-attitudes-study-2/

疫情衝擊國人刷卡習慣 銀行改衝現金回饋、行動支付
https://money.udn.com/money/story/5617/5076509

街口支付冠名新竹攻城獅 (圖)
https://reurl.cc/145d5V

老翁不會行動支付繳錢被拒 陸央行:嚴懲「拒收現金」的單位
https://www.ettoday.net/news/20201126/1863399.htm

4.加密貨幣/挖礦/區塊鍊 資安
從代幣經濟到人人可用戰略,Line區塊鏈生態系關鍵平臺終於到位
https://www.ithome.com.tw/news/141484

Rikkeisoft與Oraichain將在全球拓展人工智能區塊鏈技術
https://times.hinet.net/news/23149776

接軌國際!新創Aegis Custody以區塊鏈打造的金融商品新商機
https://meet.bnext.com.tw/articles/view/47139

星證交所參股DBS數位交易平台 供比特幣與法定貨幣交易
https://udn.com/news/story/7239/5082819

中國查抄加密貨幣老鼠會 沒收比特幣近20萬枚
https://ec.ltn.com.tw/article/breakingnews/3365278

「牛市」來臨?看加密貨幣市場發展
https://news.sina.com.tw/article/20201210/37120638.html

標準普爾:2021年將推出加密貨幣指數
https://news.cnyes.com/news/id/4547456

Libra協會更名為Diem協會,可望於明年發行加密貨幣
https://www.ithome.com.tw/news/141419

數位支付時代來臨!PayPal執行長:加密貨幣將成主流
https://ec.ltn.com.tw/article/breakingnews/3360992

星展啟動數碼交易平台 提供加密貨幣服務
http://www.hkcd.com/content/2020-12/10/content_1235024.html

為防堵恐怖主義融資 要求全面KYC!一分鐘回顧法國對加密貨幣的監管政策
https://news.knowing.asia/news/3d2e4a78-a228-40f4-a1f0-80271a32f01b

星展銀行推出「星展數位交易平台」 打造全方位數位資產生態系
https://ec.ltn.com.tw/article/breakingnews/3377905

渣打推加密貨幣託管平台Zodia 攻機構投資者
https://hk.on.cc/hk/bkn/cnt/finance/20201209/bkn-20201209132929649-1209_00842_001.html

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
鴻海證實美洲廠區受勒索病毒攻擊 傳金額達10億台幣
https://www.cna.com.tw/news/firstnews/202012085005.aspx

勒索軟體對製造業網路的衝擊
https://blog.trendmicro.com.tw/?p=66520

國外駭客鎖定台灣企業勒索 卻因看不懂繁體中文字慘做白工
https://fuhouse.setn.com/news/862109

駭客病毒入侵 癱瘓伺服器竊機密文件藉機勒索
https://www.ettvamerica.com/News/Article?i=146776

Microsoft 揭露「Adrozek」惡意軟體,Chrome、Firefox 跟 Edge 都是它的挾持目標
https://www.kocpc.com.tw/archives/360445

Phishing emails with RAT targeting corporate users
https://github.com/DoctorWebLtd/malware-iocs/blob/master/BackDoor.RMS/README.adoc
https://news.drweb.com/show/?i=14083&lng=en

Recent QakBot Malspam Activity
https://isc.sans.edu/forums/diary/Recent+Qakbot+Qbot+activity/26862/

Egregor Ransomware Threat Assessment
https://unit42.paloaltonetworks.com/egregor-ransomware-courses-of-action/
https://github.com/pan-unit42/iocs/blob/master/Egregor/EgregorIOCs

Commodity .NET Packers use Embedded Images to Hide Payloads
https://www.proofpoint.com/us/blog/threat-insight/commodity-net-packers-use-embedded-images-hide-payloads

APT39 Rana Android Malware
https://blog.reversinglabs.com/blog/rana-android-malware
https://blog.reversinglabs.com/hubfs/Blog/rana_android_malware/IOC_SHA1_list.txt
https://blog.reversinglabs.com/hubfs/Blog/rana_android_malware/IOC_C2_list.txt
https://blog.reversinglabs.com/hubfs/Blog/rana_android_malware/IOC_suspicious_domains.txt
https://www.ic3.gov/Media/News/2020/200917-2.pdf

Chinese APT RedDelta spotted with potentially updated/new version of PlugX RAT
https://twitter.com/XOR_Hex/status/1333832546589749249
https://twitter.com/noottrak/status/1334165739423608834

Spearphishing Campaigns Using MESSAGEMANIFOLD Malware
https://www.recordedfuture.com/messagemanifold-malware-spearphishing-campaigns/

Watch Out! Adrozek Malware Hijacking Chrome, Firefox, Edge, Yandex Browsers
https://thehackernews.com/2020/12/watch-out-adrozek-malware-hijacking.html

Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware
https://thehackernews.com/2020/12/russian-apt28-hackers-using-covid-19-as.html

Iranian RANA Android Malware Also Spies On Instant Messengers
https://thehackernews.com/2020/12/iranian-rana-android-malware-also-spies.html

Hackers-For-Hire Group Develops New 'PowerPepper' In-Memory Malware
https://thehackernews.com/2020/12/hackers-for-hire-group-develops-new.html

TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected
https://thehackernews.com/2020/12/trickbot-malware-gets-uefibios-bootkit.html

Rana Android Malware
https://blog.reversinglabs.com/blog/rana-android-malware

Commodity .NET Packers use Embedded Images to Hide Payloads
https://www.proofpoint.com/us/blog/threat-insight/commodity-net-packers-use-embedded-images-hide-payloads

Quasar Family RAT Activities
https://blogs.jpcert.or.jp/en/2020/12/quasar-family.html

Gootkit Loader Investigation and TTPs
https://www.trendmicro.com/en_us/research/20/l/investigating-the-gootkit-loader.html

PGMiner Botnet
https://unit42.paloaltonetworks.com/pgminer-postgresql-cryptocurrency-mining-botnet/

Fake Functions Conceal WordPress Backdoor
https://blog.sucuri.net/2020/12/fake-wordpress-functions-conceal-assert-backdoor.html

Pastebin Used as Command and Control Tunnel for njRAT
https://unit42.paloaltonetworks.com/njrat-pastebin-command-and-control/

Qakbot Upgrade and Activity
https://isc.sans.edu/forums/diary/Recent+Qakbot+Qbot+activity/26862/
https://twitter.com/lazyactivist192/status/1332363179729575938
https://twitter.com/_alex_il_/status/1333737189990158337
https://twitter.com/0verfl0w_/status/1331598884431421441

Malicious npm packages spotted delivering njRAT Trojan
https://securityaffairs.co/wordpress/111751/hacking/npm-packages-installs-njrat.html

B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G
以技術、文化、人為主軸,Line提出全面向資安
https://www.ithome.com.tw/news/141485

手機IMEI碼被洩漏,手機就會被禁用、遠程鎖機及竊聽嗎
https://www.kocpc.com.tw/archives/360375

手機防毒也不要輕忽!五個「跨平台防毒軟體」讓你從電腦到手機都不怕病毒入侵
https://reurl.cc/MdlaQp

Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking
https://thehackernews.com/2020/12/several-unpatched-popular-android-apps.html

Android app still exposing messages of 100M users despite bug fix
https://www.bleepingcomputer.com/news/security/android-app-still-exposing-messages-of-100m-users-despite-bug-fix/#.X8ZwljycLro.twitter

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
駭客在暗網中拍賣25萬個盜來的MySQL資料庫
https://www.ithome.com.tw/news/141613

親駁「仁寶被駭」認栽千萬 許勝雄:半年前就掌握駭客了
https://disp.cc/b/204-d1d4

鴻海也遭駭客入侵 企業到底該如何防範
https://money.udn.com/money/story/5612/5079055?from=edn_breaknewstab_index

鴻海傳遭駭勒索10億 劉揚偉:已解決不影響營運
https://www.ftvnews.com.tw/news/detail/2020C10W0024

駭客攻擊勒索4億 研華:啟動資安防護機制
https://reurl.cc/5qA6ZM

正妹科學家為佛州官方建立新冠數據庫 現卻遭控是駭客
https://reurl.cc/Ez9300

陸網軍打擊我國際形象!冒調查局公文指煽動泰革命 台人涉入
https://udn.com/news/story/7315/5084414?from=udn-catelistnews_ch2

對岸假公文再一樁「調查局資安站」成冒名對象
https://www.ftvnews.com.tw/news/detail/2020C11S01M1

台灣人涉散布中國網軍假訊息 首宗網路國安案件
https://www.cna.com.tw/news/firstnews/202012110028.aspx

首宗網路國安案件 台灣人赴中國受水軍訓練散布假公文
https://www.ftvnews.com.tw/news/detail/2020C11W0041

赴陸受訓散布假訊息 台FB社團兩管理員落網
https://www.epochtimes.com/b5/20/12/11/n12613346.htm

對岸假公文再一樁「調查局資安站」成冒名對象
https://life.tw/?app=view&no=1180173

中國吸收台灣人當網軍 散布假公文
https://news.ltn.com.tw/news/politics/paper/1418413

台指控「帝吧」台籍人員赴陸「訓練」 捏造台美介入泰國示威
https://reurl.cc/Mdlax4

網軍捏造調查局公文! 稱台美干預泰國內政
https://news.tvbs.com.tw/politics/1431269

對台假訊息戰 中國網軍複製擴散一帶一路國家
https://reurl.cc/Oqyl8D

台首宗網絡國安案 三人涉發假訊息被捕
https://hk.appledaily.com/china/20201212/ZZOQLKXVFJETTNJ3SV3PLWK3LU/

對岸受訓 轉發調局假公文
https://udn.com/news/story/7320/5086239?from=udn-catelistnews_ch2

冠軍周庭...收押中!香港Youtube熱門榜 多人被港府逮捕
https://news.ltn.com.tw/news/world/breakingnews/3377547

習近平再添「豬隊友」 中使館轉推川普指控
https://www.ntdtv.com/b5/2020/12/10/a103006621.html

美國將中國人大常委會14名副委員長列入涉港製裁黑名單
https://reurl.cc/Ez930m

中國量子計算機「九章」 問世,速度比Google的量子電腦還快100億倍
https://reurl.cc/MdlaKp

進行信息審查? YouTube背後中共的影子
https://www.soundofhope.org/post/452761?lang=b5

Hackers Targeting Companies Involved in Covid-19 Vaccine Distribution
https://thehackernews.com/2020/12/hackers-targeting-companies-involved-in.html

Chinese APT's New Arsenal: Part 3 Smanager
https://insight-jp.nttsecurity.com/post/102glv5/pandas-new-arsenal-part-3-smanager

Lazarus recent Manuscrypt campaign
https://x.threatbook.cn/nodev4/vb4/article?threatInfoID=3051
https://twitter.com/BitsOfBinary/status/133733028678751846

Russian APT28 Uses COVID-19 Lures to Deliver Zebrocy
https://www.intezer.com/blog/research/russian-apt-uses-covid-19-lures-to-deliver-zebrocy/

LuckyMouse Targeting Governmental Agencies in East Asia
https://decoded.avast.io/luigicamastra/apt-group-targeting-governmental-agencies-in-east-asia/

SideWinder APT South Asian Territorial Themed Spear Phishing and Mobile Device Attacks
https://www.trendmicro.com/en_us/research/20/l/sidewinder-leverages-south-asian-territorial-issues-for-spear-ph.html

FireEye遭到國家支持的駭客入侵
https://reurl.cc/x0ryMV

美國資安大廠FireEye遭網路攻擊!駭客工具被盜
https://reurl.cc/q8lxX3

美資安公司火眼遭入侵,駭客疑有國家撐腰
https://technews.tw/2020/12/09/us-cybersecurity-firm-fireeye-says-it-was-hacked-by-foreign-government/

FireEye Red Team Tool Countermeasures
https://github.com/fireeye/red_team_tool_countermeasures
https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html

Cybersecurity Firm FireEye Got Hacked; Red-Team Pentest Tools Stolen
https://thehackernews.com/2020/12/cybersecurity-firm-fireeye-got-hacked.html

FireEye Red Team Tools Accessed by an Adversary
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/theft-fireeye-red-team-tools
https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html

OilRig Network Infrastructure Analysis and Collection
https://www.domaintools.com/resources/blog/identifying-critical-infrastructure-targeting-through-network-creation

NSA Advisory on RU Actors Using CVE-2020-4006
https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2434988/russian-state-sponsored-malicious-cyber-actors-exploit-known-vulnerability-in-v/

Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam
https://thehackernews.com/2020/12/facebook-tracks-apt32-oceanlotus.html

48 U.S. States and FTC are suing Facebook for illegal monopolization
https://thehackernews.com/2020/12/48-us-states-and-ftc-are-suing-facebook.html

Shadow Academy Targets Universities
https://www.riskiq.com/blog/external-threat-management/shadow-academy/

Another Molerats Campaign Targeting the Middle East
https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf
https://www.cybereason.com/blog/new-malware-arsenal-abusing-cloud-platforms-in-middle-east-espionage-campaign

資安工程師
https://www.104.com.tw/job/74tr8

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
駭客入侵歐洲藥品管理局 輝瑞疫苗數據被竊
https://reurl.cc/A8NQrK

歐洲藥品管理局遭到網路攻擊,導致藥廠的COVID-19疫苗申請文件遭存取
https://www.ithome.com.tw/news/141605

巴西衛生部官網原始碼內含資料庫登入資訊,導致 2 億 4300 萬巴西民眾個資曝光
https://www.twcert.org.tw/tw/cp-104-4224-8d882-1.html

科技大廠接連遭駭 客戶資料外洩成隱憂
https://udn.com/news/story/7240/5079940

《原神》帳號被盜!官方稱「新主人有課金」不還帳號
https://www.setn.com/News.aspx?NewsID=862892

FBI 警告:愈來愈多駭侵團體駭入 Web Mail,竄改郵件規則,進行 BEC 攻擊
https://www.twcert.org.tw/tw/cp-104-4214-96e2c-1.html

感情路坎坷又嫁錯尪「小全智賢」性愛片外流神隱!事業全毀
https://star.setn.com/news/862562

Partner Phishing Compromise
https://abnormalsecurity.com/blog/compromised-partner-phishing/

Google Ads Used to Steal Cryptocurrency
https://www.bleepingcomputer.com/news/security/metamask-phishing-steals-cryptocurrency-wallets-via-google-ads/

Cyberpunk 2077 Release Hoax is Actually Data Theft Attempt
https://www.kaspersky.com/blog/cyberpunk-2077-scam/37907/

SideWinder Uses South Asian Issues for Spear Phishing and Mobile Attacks
https://www.trendmicro.com/en_us/research/20/l/sidewinder-leverages-south-asian-territorial-issues-for-spear-ph.html

Fake Office 365 Digest Summary
https://cofense.com/you-must-quarantine-fake-office-365-email-leads-to-curiosity/

E.研究報告
How to Detect Yellow Cockatoo Remote Access Trojan
https://redcanary.com/blog/yellow-cockatoo/
https://www.morphisec.com/hubfs/eBooks_and_Whitepapers/Jupyter%20Infostealer%20WEB.pdf

Governance Considerations for Democratizing Your Organization's Data in 2021
https://thehackernews.com/2020/12/governance-considerations-for.html

How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain
https://thehackernews.com/2020/12/how-dmarc-can-stop-criminals-sending.html

How Organizations Can Prevent Users from Using Breached Passwords
https://thehackernews.com/2020/12/how-organizations-can-prevent-users.html

MARIJUANA Obfuscation Allows Shell Bypass
https://blog.sucuri.net/2020/12/obfuscation-techniques-in-marijuana-shell-bypass.html

Phonia - most advanced toolkits to scan phone numbers using only free resources
https://hakin9.org/phonia-most-advanced-toolkits-to-scan-phone-numbers-using-only-free-resources/

Deep Inside Malicious PDF
https://hakin9.org/deep-inside-malicious-pdf/

The History and evolution of malware
https://hakin9.org/the-history-and-evolution-of-malware/

4 Free Online Cyber Security Testing Tools For 2021
https://thehackernews.com/2020/12/4-free-online-cyber-security-testing.html

F.商業
Fortinet 發布 2021 全球資安威脅預測,智慧邊緣設備將成防衛戰關鍵
https://technews.tw/2020/12/09/fortinet-2021-cyber-security-prediction/

企業數位轉型規劃 小心別陷入「忽略資安風險」盲點
https://www.bnext.com.tw/article/60383/3s

2020資訊治理年會登場!SGS揭露第一手資安趨勢觀察
https://www.bnext.com.tw/article/60209/sgs-202012

2021年IT領導者目標 數位轉型、資安成焦點
https://money.udn.com/money/story/5612/5081232

IBM針對5G產業推滲透測試服務,將涵蓋中上下游產業鏈如晶片、核網與SDN
https://www.ithome.com.tw/news/141581

鎖定數位轉型商機 叡揚資訊今掛牌上櫃
https://ec.ltn.com.tw/article/breakingnews/3377039

新加多種系統角色,紅帽OS提供增進系統穩定與效能機制
https://www.ithome.com.tw/review/141493

果核數位榮獲BSI 雲端資安獎,擁本地優勢+國際合作,免除 AIoT 時代資安疑慮
https://www.digicentre.com.tw/news_detail.php?id=82

Kryptowire提供軍規等級App安全檢測,驗證多種資安標準
https://www.ithome.com.tw/review/141513

思科於WebexOne 數位協作線上會議宣佈推出多項Webex嶄新功能
https://www.cisco.com/c/zh_tw/about/news-center/news-20201209.html

全景軟體身分認證為零信任架構 建立關鍵基礎
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000599357_JJP24VO7665KJF6W0EKMU

team+打造台版Slack,力拼下一個台灣獨角獸
https://www.techbang.com/posts/83123-teamplus-builds-a-taiwanese-version-of-slack

G.政府
竹市試辦數位身分證 議員憂資安
https://reurl.cc/WL25zO

做好資料庫防護 阻攔駭客竊取
https://reurl.cc/4m0AGv

數位身分證是魔戒還是聖杯? 資安專家:注意數位獨裁
https://reurl.cc/0Or5l9

數位身分證資安疑慮 綠委籲先暫緩
https://reurl.cc/yg3p0D

數位身分證爭議 對岸網媒竟出聲護航台灣行政院
https://n.yam.com/Article/20201210615405

試到資安專家攻不進!蘇貞昌轉彎:數位身分證不一定7月全面換發
https://newtalk.tw/news/view/2020-12-11/507321

蘇貞昌:數位身分證不一定2021年7月全國換發 要試辦到駭客攻不破
https://www.cna.com.tw/news/firstnews/202012110111.aspx?utm_medium=fanpage

數位身分證懸賞駭客攻破?資安專家:恐賣漏洞給黑市
https://udn.com/news/story/7321/5085239

內政部強調新數位身份證空白卡絕非中國製造
https://www.techbang.com/posts/83108-the-ministry-of-the-interior-stressed-that-the-new-digital-id

政院推動數位身分證、故宮併文化部惹議 政院官員:絕對尊重立法院意見
https://www.storm.mg/article/3285821

晶片不是Made in China!回應數位身分證資安疑慮,內政部將設賞金邀駭客進攻
https://www.bnext.com.tw/article/60498/2021-taiwan-eid

數位發展公聽會漏網議題
https://talk.ltn.com.tw/article/paper/1418323

政府推6大核心戰略產業 打造台灣成4大中心
https://www.cna.com.tw/news/firstnews/202012100158.aspx

【台灣被看光光】政府採購無人機七成以上「中國製」,蘇貞昌:盡快汰換
https://buzzorange.com/techorange/2020/12/10/china-drones-in-tw/

資策會科法所善用網路通訊 接軌後疫情時代國際通訊隱私趨勢
http://n.yam.com/Article/20201211901020

愛瑪麗歐捐贈人工智慧監視器 助台南市府打擊犯罪
https://udn.com/news/story/7238/5085524?from=udn-ch1_breaknews-1-cate6-news

科技部110年度「前瞻資安科技專案計畫」
http://research.nchu.edu.tw/news-detail/id/1808

資安人才培育展成果 產學社群共創新動能
https://reurl.cc/4m0A73

H.工控系統/ICS/SCADA 相關資安

Industry Perspectives Protecting Healthcare and Academia Against Cyber Threats
https://www.fireeye.com/blog/executive-perspective/2020/12/protecting-healthcare-and-academia-against-cyber-threats.html

mitsubishielectric r00cpu_firmware
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-16850

ICS-CERT Security Advisories - December 8th, 2020
https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-02
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-05
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-06
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-07
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-09
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-10

ICS-CERT Security Advisories - December 10th, 2020
https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01
https://us-cert.cisa.gov/ics/advisories/icsa-20-345-01
https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02

I.教育訓練
Quick Guide — How to Troubleshoot Active Directory Account Lockouts
https://thehackernews.com/2020/11/quick-guide-how-to-troubleshoot-active.html

Open University
http://www.open.ac.uk/

Cybrary
https://www.techradar.com/best/best-online-cyber-security-courses#1-cybrary

US Department of Homeland Security
https://www.techradar.com/best/best-online-cyber-security-courses#2-us-department-of-homeland-security

Open Security Training
https://www.techradar.com/best/best-online-cyber-security-courses#3-open-security-training

Heimdal Security
https://www.techradar.com/best/best-online-cyber-security-courses#4-heimdal-security

Sans Cyber Aces Online
https://www.techradar.com/best/best-online-cyber-security-courses#5-sans-cyber-aces-online

K.物聯網/IOT/人工智慧
物聯網偵測火災,理賠流程縮短變三天!國泰攜手中興保全推IoT火災事故保險
https://udn.com/news/story/7239/5039978

Arm 新計畫開發專為 IoT 設計的免電池感測器
https://technews.tw/2020/11/27/arm-unleashes-project-triffid-to-help-deliver-internet-of-things/

IoT設備安全性設計的八項原則
https://www.eet-china.com/news/202011081205.html

6.近期資安活動及研討會
MLDM Monday @ 三創育成 | 高效率多目標最佳化及應用 12/14
https://www.meetup.com/Taiwan-R/events/274001434

國家高速網路與計算中心 教育訓練 【資安進階課程】Linux系統安全與漏洞運用 12/15 (報名到12/13截止)
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3933&from_course_list_url=course_index

從駭客的角度檢視您公司的資安 12/15
https://www.accupass.com/event/2012020646317937617740

亞洲‧矽谷計畫-強化物聯網資安防護-成果發表會暨授證典 禮12/15
http://www.filaweaving.org.tw/show/show-989828.htm

SP-ISAC 資安沙龍12/17
https://spisac.kktix.cc/events/20201217

【智慧資安】超前部署AI機器學習 提升資安防護力 【Power of X 科技講堂】 12/17
http://tw.systex.com/powerofx-webinar-1217/

TDOH Quantum Conf 2020 駭客的薛丁格地下城 12/18
https://tdohackerparty.kktix.cc/events/tdoh-2020-quantum-conf?locale=en

LINE TAIWAN TECHPULSE 2020 大會12/18
https://www.computerdiy.com.tw/20201120_line/

2020遠距使用者研究實務研討 12/19
https://userxper.kktix.cc/events/user-research-2020

交通大學亥客書院 系統滲透測試與漏洞利用 12/19
https://hackercollege.nctu.edu.tw/?p=1226

Taipei.py 2020 12 月聚會 12/24
https://www.meetup.com/Taipei-py/events/274272146

2020 Proxmox VE 中文使用者社團年會 12/26
https://tfc.kktix.cc/events/pve-tw-2020

利用NAC系統進行資安聯防 提升企業資安與競爭力【Power of X 科技講堂】 12/28
http://tw.systex.com/powerofx-webinar-1228/

2020【 WEA x BSI 資安風險趨勢講座 】 12/28
https://wea4risk.kktix.cc/events/2020weaxbsi

交通大學亥客書院 AI於資訊安全之應用 2021/1/9 1/16
https://hackercollege.nctu.edu.tw/?p=1228

交通大學亥客書院 企業網域控管-Active Directory攻擊與防禦 2021/1/23
https://hackercollege.nctu.edu.tw/?p=1230

2021 南新科技中心寒假營隊 [駭客攻防資安體驗營] 2021年1月21-22日
https://www.nsjh.tn.edu.tw/modules/tadnews/index.php?nsn=7790

吱吱盃黑客松 2021/04/02 18:30 ~ 2021/04/04 18:30
https://nsysuisc.kktix.cc/events/hackathon2020



沒有留言:

張貼留言

資安事件新聞週報 2021/1/11 ~ 2021/1/15

    資安事件新聞週報 2021/1/11  ~  2021/1/15 1.重大弱點漏洞/後門/Exploit/Zero Day Zyxel近日發布更新以解決多個產品存在遠端程式碼執行弱點 https://reurl.cc/4ymjYV Fortinet 近日發布更新以解決 F...