資安事件新聞週報 2021/2/1 ~ 2021/2/5
1.重大弱點漏洞/後門/Exploit/Zero Day
微軟 Windows 10 今年首個更新版本要來了?外媒曝正式版釋出時間點曝光
https://3c.ltn.com.tw/news/43139
Google:去年1/4零時差漏洞來自修補不確實
https://www.ithome.com.tw/news/142649
Sudo漏洞也影響macOS、AIX、Solaris
https://www.ithome.com.tw/news/142619
sudoedit 堆溢出本地提權漏洞(CVE-2021-3156)
https://www.mdeditor.tw/pl/gO0b
Realtek RTL8195AM 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25856
Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices
https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html
SonicWall緊急修補已發生攻擊的SMA 100系列設備漏洞
https://www.ithome.com.tw/news/142630
https://www.sonicwall.com/support/product-notification/urgent-security-notice-probable-sma-100-series-vulnerability-updated-jan-27-2021/210122173415410/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001
https://www.sonicwall.com/support/product-notification/urgent-patch-available-for-sma-100-series-10-x-firmware-zero-day-vulnerability-updated-feb-3-2-p-m-cst/210122173415410/
Hackers Exploiting Critical Zero-Day Bug in SonicWall SMA 100 Devices
https://thehackernews.com/2021/02/hackers-exploiting-critical-zero-day.html
IBM Security Guardium 11.2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-4952
思科IOS XR網絡互連操作系統發現拒絕服務漏洞
https://finance.sina.com.cn/tech/2021-02-05/doc-ikftpnny5112871.shtml
Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP
https://thehackernews.com/2021/02/critical-flaws-reported-in-cisco-vpn.html
多款Cisco 產品授權問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1289
SolarWinds Orion Platform 多個漏洞
https://www1.crisp.govcert.gov.hk/portal/govcert/tc/alerts_detail.xhtml?id=546
3 New Severe Security Vulnerabilities Found In SolarWinds Software
https://thehackernews.com/2021/02/3-new-severe-security-vulnerabilities.html
Chrome 88 緊急更新補上一個已經被不肖份子利用的漏洞
https://chinese.engadget.com/chrome-88-zero-day-exploit-050348845.html
Google修補已遭開採的Chrome零時差漏洞
https://www.ithome.com.tw/news/142645
Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions
https://thehackernews.com/2021/02/over-dozen-chrome-extensions-caught.html
Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects
https://thehackernews.com/2021/01/google-discloses-severe-bug-in.html
Google uncovers new iOS security feature Apple quietly added after zero-day attacks
https://thehackernews.com/2021/01/google-uncovers-new-ios-security.html
New Chrome Browser 0-day Under Active Attack—Update Immediately
https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html
Vulnerability Makes Vehicles Cyber Attack Targets
https://argus-sec.com/addressing-public-cves-in-the-automotive-domain/
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
SoftMaker Office PlanMaker 緩衝區錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27247
IBM MQ消息中間件產品發現執行任意代碼漏洞
https://news.sina.com.tw/article/20210204/37571754.html
APACHE SHIRO權限繞過漏洞(CVE-2020-17523)通告
http://blog.nsfocus.net/cve-2020-17523/
Microsoft IE遠程命令執行在野0day漏洞通告
https://www.secrss.com/articles/29151
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
金融機構除「駭」 資安再升級
https://money.udn.com/money/story/5613/5218927
徵才+科技 金融機構強化防護網
https://money.udn.com/money/story/5613/5218947
公股行庫陸續啟動核心系統更新計畫
https://ctee.com.tw/news/finance/411245.html
無預警全下線!中國網路平台存款 8.6兆回流銀行體系
https://www.inside.com.tw/article/22429-platform-cash-back-to-bank
央行:美財政部並未敦促台幣進一步升值
https://money.udn.com/money/story/5613/5219943?from=edn_breaknewstab_index
螞蟻與大陸官方達成協議 春節前成立金控公司
https://udn.com/news/story/7333/5231737?from=udn-catebreaknews_ch2
螞蟻轉型金控 2年內重啟上市
https://udn.com/news/story/7333/5233099?from=udn_ch2_menu_v2_main_cate
《大陸金融》SWIFT攜人行 成立合資公司
https://reurl.cc/YWXkZ4
銀行推電子利市獎賞吸客 你會考慮使用綫上理財系統嗎
https://reurl.cc/WE18p5
集保今年徵才16名 鎖定資訊、資安菁英
https://reurl.cc/KxQOyR
3.電子支付/行動支付/pay/資安
香港民建聯指現金支付或成防疫漏洞 促特區政府推動普及電子支付
http://www.hkcna.hk/content/2021/0205/877890.shtml
揭銀行轉數漏洞 富融系統升級 雙重核實收款人資料
https://hk.appledaily.com/finance/20210205/DJ66VTYJSFHUHFZIFEQOOQLQOM/
街口支付董事長胡亦嘉遭停職怒嗆「不接受處分」
https://www.ptt.cc/bbs/Finance/M.1612487241.A.A0A.html
街口支付遭罰180萬 金管會:董事長胡亦嘉停職一年
https://www.cna.com.tw/news/firstnews/202102045007.aspx
電子支付連結帳戶 交易額衝高
https://www.chinatimes.com/newspapers/20210201000297-260208?chdtv
電子支付在台加速發展 首度超車現金
https://www.chinatimes.com/realtimenews/20210128004176-260410?chdtv
手機變刷卡機 支付新潮流
https://money.udn.com/money/story/5613/5220780
儲值千元「機車快遞」叫嘸! 男控:退錢也卡關
https://reurl.cc/3NYbdV
2020年刷卡金仍守在3兆大關 創史上次高
https://finance.ettoday.net/news/1914748
韓國國際協力機構協助,柬埔寨國家銀行正式推出全新電子支付系統
https://www.moneydj.com/KMDJ/News/NewsViewer.aspx?a=%7B557d18ff-2ba5-4754-af7c-df24db58c012%7D
悠遊付攜手全台7宮廟 以行動支付索取結緣金
https://reurl.cc/Q7bV80
【電子支付】WeChat Pay HK新增轉數快增值八達通銀包功能 用戶可經手機為八達通卡增值
https://reurl.cc/R6X9Kn
不用行動支付!拿現金結帳太落伍? 網勸「快跟上」:不然虧很大
https://udn.com/news/story/120913/5234503
台灣行動支付APP 新春天天抽紅包
https://money.udn.com/money/story/5636/5232534
食品業者推行動支付 買年貨不用肢體接觸
https://reurl.cc/pmMKqr
4.加密貨幣/挖礦/區塊鍊 資安
這檔基金握有57萬顆比特幣!但它不賣給散戶,只有資產3千萬以上的大戶才能買
https://www.storm.mg/article/3434074
反逼表態!瑞波文件回覆 SEC :「XRP 是虛擬貨幣,你們管不著?」幣價大漲 100%
https://www.blocktempo.com/ripple-responded-sec-lawsuit-xrp-outside-their-jurisdiction/
交易熱度超越比特幣!數據:以太幣去年鏈上結算 3.45 億次
https://blockcast.it/2021/01/29/ethereum-transaction-volume-surpasses-bitcoin/
打通銀行與 Defi世界!Circle 宣佈 API 整合「自動轉帳扣款ACH」,銀行美元可直換 USDC
https://reurl.cc/MZb5jW
「我是比特幣的支持者」馬斯克上 Clubhouse 對談:或許狗狗幣真的會變成世界貨幣
https://www.blocktempo.com/elon-musk-goes-live-on-clubhouse/
「狗狗幣」價格倍數急升 Robinhood 決定限制其交易
https://unwire.hk/2021/01/31/robinhood-restricts-crypto-trading-as-bitcoin-dogecoin-surge/fun-tech/
BTC供不應求!GrayScale的買幣速度,是「新挖出比特幣」的1.54倍,且仍在擴大
https://www.blocktempo.com/grayscale-is-buying-btc-54-faster-than-it-is-mined-since-2021/
瑞波前CTO恢復倒貨!上週每日賣1,717萬枚XRP,很可能今年底前全數脫手
https://www.blocktempo.com/ripple-former-cto-dumping-again-17m-xrp-per-day/
關於Defi錢包連結安全性及coinbase錢包被駭
https://pttweb.tw/s/2AKVHE
Yearn.Finance驚爆漏洞DeFi再遭打擊一文帶你探明事件始末
https://www.jinse.com/news/blockchain/995859.html
Yearn 遭到攻擊損失1100萬美元,目前該漏洞已得到緩解
https://www.bishijie.com/shendu/166966.html
CertiK:Yearn.Finance驚爆漏洞,一文帶你探明事件始末
https://www.chaindaily.cc/posts/ea7452af81bfd2106d5c864823d11be6
「數位人民幣」會是特洛伊木馬嗎?專家警告:中國央行將可即時監控所有交易
https://www.storm.mg/article/3455738
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
駭客在中國兩大公有雲發動挖礦攻擊,鎖定ActiveMQ、WebLogic、Redis等中介軟體下手
https://www.ithome.com.tw/news/142569
英國研究與創新機構遭勒索軟體攻擊
https://www.ithome.com.tw/news/142554
勒索軟體FonixCrypter退出江湖並釋出解密金鑰
https://www.ithome.com.tw/news/142555
殭屍網路Trickbot納入網路探測模組,企圖掌握受害電腦所在網路環境樣貌
https://www.ithome.com.tw/news/142625
Kobalos木馬程式鎖定全球Linux超級電腦、資安業者與個人伺服器展開攻擊
https://www.ithome.com.tw/news/142614
竊密惡意軟體Agent Tesla出現變種,藉由關閉電腦惡意軟體偵測機制來隱匿行蹤
https://www.ithome.com.tw/news/142618
使用者請小心!知名 Android 模擬器 NoxPlayer 夜神遭到駭客植入木馬
https://unikoshardware.com/2021/02/android-emu-noxplayer-hacked.html
偽裝成管理軟件的新木馬活動猖獗360安全衛士極智守護杜絕安全漏洞
http://news.ctocio.com.cn/qyqy/2021/0205/022021_47329.html
'Lebanese Cedar' New Campaign
https://www.clearskysec.com/cedar/
https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf
A New Software Supply‑Chain Attack Targeted Millions With Spyware
https://thehackernews.com/2021/02/a-new-software-supplychain-attack.html
A New Linux Malware Targeting High-Performance Computing Clusters
https://thehackernews.com/2021/02/a-new-linux-malware-targeting-high.html
Agent Tesla Malware Spotted Using New Delivery & Evasion Techniques
https://thehackernews.com/2021/02/agent-tesla-malware-spotted-using-new.html
Beware: New Matryosh DDoS Botnet Targeting Android-Based Devices
https://thehackernews.com/2021/02/beware-new-matryosh-ddos-botnet.html
A New Software Supply Chain Attack Targeted Millions With Spyware
https://thehackernews.com/2021/02/a-new-software-supplychain-attack.html
New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers
https://thehackernews.com/2021/02/new-cryptojacking-malware-targeting.html
Zeoticus 2.0: A Ransomware with no C2 Connectivity Required Gets Recent Updates
https://labs.sentinelone.com/zeoticus-2-0-ransomware-with-no-c2-required/
Excel Spreadsheets Push SystemBC Malware
https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/
Operation NightScout: Supply‑chain attack targets online gaming in Asia
https://www.welivesecurity.com/2021/02/01/operation-nightscout-supply-chain-attack-online-gaming-asia/
Hildegard: New TeamTNT Malware Targeting Kubernetes
https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/
A41APT - Analysis of the Stealth APT Campaign Threatening Japan
http://jsac.jpcert.or.jp/archive/2021/pdf/JSAC2021_202_niwa-yanagishita_en.pdf
DocuSign Themed Malspam Leads to BazarBackdoor and Cobalt Strike
https://thedfirreport.com/2021/01/31/bazar-no-ryuk/
Kobalos – A complex Linux threat to high performance computing infrastructure
https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/
https://github.com/eset/malware-ioc/tree/master/kobalos
https://www.welivesecurity.com/wp-content/uploads/2021/01/ESET_Kobalos.pdf
TrickBot masrv Module
https://www.kryptoslogic.com/blog/2021/02/trickbot-masrv-module/
Matryosh Botnet
https://blog.netlab.360.com/matryosh-botnet-is-spreading-en/
New Version of DanaBot
https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
New Versions of the Necro Botnet in the Wild
https://blog.netlab.360.com/necro/
Sodinokibi Attack Analysis
https://www.trendmicro.com/en_us/research/21/a/sodinokibi-ransomware.html
A New Campaign Using Trickbot
https://www.menlosecurity.com/blog/trickbot-new-year-old-lure
Torisma and LCPDot Malware
https://blogs.jpcert.or.jp/en/2021/01/Lazarus_malware2.html
New Cryptojacking Malware From the Rocke Group
https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/
TeamTNT Delivers Malware with New Detection Evasion Tool
https://cybersecurity.att.com/blogs/labs-research/teamtnt-delivers-malware-with-new-detection-evasion-tool
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
你被邀請了嗎 神秘社群APP,Clubhouse夯什麼
https://www.cw.com.tw/article/5107782
【這樣偽裝也給過?】AI 研究團隊列印這款「眼鏡」,成功解鎖 19 款安卓手機
https://buzzorange.com/techorange/2021/02/01/beijig-tsing-hua-real-ai-glasses-mobile-phone-face-idattack/
不滿資安立場回答 印度永久禁止抖音、微信等中國59個app
https://news.cnyes.com/news/id/4563115
iPhone中毒訊息是真的嗎?網頁顯示中毒或被黑該怎麼辦
https://mrmad.com.tw/iphone-poisoning-message
Instagram 新增回收桶功能,防止帳號被駭後刪除貼文
https://technews.tw/2021/02/05/instagram-recently-deleted-function/
對抗美國拆解「中國供應鏈」,北京打造「數位絲綢之路」!瓜達爾港成中國通訊光纜通往東非、歐洲節點
https://www.storm.mg/article/3455539
iCloud多項服務故障! 蘋果使用者批個資漏洞
https://today.line.me/tw/v2/article/MGmk2j
哪些手機通ESS資安認證呢
https://www.kocpc.com.tw/archives/366210
Clubhouse風靡新創圈 綠委示警:恐成下個抖音
https://ec.ltn.com.tw/article/breakingnews/3433790
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
網路身分認證安全機制,翻轉過去的思維
https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9032
法國資安業者StormShield的防火牆原始碼被駭客盜走
https://www.ithome.com.tw/news/142659
五月天演唱會售票遭駭 4嫌不法獲利408萬
https://pttsuperstar.com/MayDay/1Sq0qHDW
Parler CEO 因理念不合與資安漏洞,而被保守派董事會開除
https://www.inside.com.tw/article/22494-parlers-ceo-has-been-fired
侵權價值超過10億! 警方大掃蕩非法機上盒 民視等多家電視台受害
https://www.ftvnews.com.tw/news/detail/2021205W0065
資安威脅再創新高,40%攻擊事件情資「尚需調查」
https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9030
混合型態工作環境興起 零信任原則控管風險
https://www.netadmin.com.tw/netadmin/zh-tw/trend/9DC1BCC2B547433D9C397372C26FCBC7
網安機構:應增加基本了解 馬來西亞用戶不受網絡威脅
https://reurl.cc/e9OVrx
SolarWinds 攻擊中國疑參一腳,入侵美國農業部薪資發放機構
https://technews.tw/2021/02/04/solarwinds-china/
SolarWinds攻擊行動中,約莫有3成受害者並未使用Orion Platform
https://www.ithome.com.tw/news/142551
路透社報導:有第二組疑似來自中國的駭客入侵SolarWinds
https://www.ithome.com.tw/news/142622
面對中國駭客入侵威脅 政府資安防護機制安全嗎
https://www.ftvnews.com.tw/news/detail/2021204W0144
美電子投票商怒告福斯新聞 指控假新聞嚇跑台灣客戶
https://tw.appledaily.com/international/20210205/66MR72K5JNGZLOWYK2OT72QTMA/
實名制口罩遭盜領! 嫌犯「手動輸證號」 恐有資安危機
https://www.nexttv.com.tw/NextTV/News/Home/Life/2021-01-31/367586.html
23 歲女孩過勞致死、「007」工時成常態——中國互聯網產業「用命換錢」的血汗紀實
https://crossing.cw.com.tw/article/14413
【中國統戰】兩岸宗教線上參拜 國防院:恐釀資安破口
https://tw.appledaily.com/politics/20210130/LZ2YFQLPZRHNVBZGQAECZFOIRE/
澳門網絡安全法下月22日實施 手電用戶要實名登記
https://news.rthk.hk/rthk/ch/component/k2/1493613-20191121.htm
中國山東省學校開展網絡信息安全漏洞專項排查整治工作
http://www.lcu.edu.cn/ztzx/ldyw/373743.htm
用駭客「賺」外匯?北韓嚴選高中資優生進駭客部隊培養
https://www.pourquoi.tw/2021/02/05/intlnews-neasia-210129-210204-3/
反恐情報戰→對抗中國竊密 喬州學者:拜登廣結盟打持久戰
https://www.worldjournal.com/wj/story/121278/5233981
對抗中國 印度軍隊以「西藏學」武裝
https://reurl.cc/NXpo0p
美國在月背建造了基地?還擁有太空部隊?來自世界頂級駭客的爆料
https://www.juduo.cc/military/3145352.html
普丁,美國的有毒前男友
https://cn.nytimes.com/opinion/20210204/vladimir-putin-russia-america/zh-hant/
拜登首場外交政策演說 誓言對抗威權抑制中俄野心
https://www.cna.com.tw/news/firstnews/202102050015.aspx
拜登首場外交演說:中國大陸是美國最重大的競爭者
https://udn.com/news/story/6809/5233675?from=udn-ch1_breaknews-1-0-news
自由之家:多國系統性跨國打壓異己 中國尤甚
https://www.cna.com.tw/news/aopl/202102050017.aspx
美國務卿與俄國外長通話 談及納瓦尼、核武軍控協議
https://tw.appledaily.com/international/20210205/WZWKLBKACFBEJNR2SDKNFD453A/
中南海保鏢護衛習近平 疑安保留致命漏洞
https://www.ntdtv.com/b5/2021/02/05/a103047462.html
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
年關將近 假冒銀行透過簡訊騙取民眾網銀帳密爆增
https://tw.appledaily.com/property/20210131/UZKY5RG3KVA6ZCRSDRXXWG7LFU/
被揭有大批假帳號操縱社交媒體 華為認有不足展內部調查 Twitter:如證據確鑿不排除永久封鎖
https://reurl.cc/Xe4MLM
「您的銀行帳戶顯示異常」趨勢:假簡訊釣魚攻擊
https://saydigi-tech.com/2021/01/36900.html
小心!這是詐騙簡訊 假國泰世華釣魚簡訊 三天21人受騙 詐騙金額高達300萬
https://www.ftvnews.com.tw/news/detail/2021131W0046
假國泰世華釣魚簡訊 3天21人遭騙逾300萬元
https://www.ftvnews.com.tw/news/detail/2021131F04M1
防疫保單超夯,「線上投保專區」詐騙個資
https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9027
Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State
https://thehackernews.com/2021/02/data-breach-exposes-16-million-jobless.html
Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication
https://www.fireeye.com/blog/threat-research/2021/01/phishing-campaign-woff-obfuscation-telegram-communications.html
LogoKit Phishing Kit
https://www.riskiq.com/blog/external-threat-management/logokit-phishing/
Phishing and Malspam with Leaf PHPMailer
https://blog.sucuri.net/2021/01/phishing-malspam-with-leaf-phpmailer.html
Phishing Campaigns and Their Evasion and Obfuscation Techniques
https://www.zscaler.com/blogs/security-research/new-phishing-trends-and-evasion-techniques
Phishing, Sweepstakes, Delivery Scams for 2021
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cybercriminals-kick-off-2021-with-sweepstakes-credit-card-delivery-scams
E.研究報告
基礎架構程式碼:資安風險與如何防範
https://blog.trendmicro.com.tw/?p=66782
SSRF漏洞簡介
https://blog.csdn.net/zzwwhhpp/article/details/113445170
RustSecu
https://github.com/ChaosStudyGroup/RustSecu
Azure Security Basics: Log Analytics, Security Center, and Sentinel
https://www.blackhillsinfosec.com/azure-security-basics-log-analytics-security-center-and-sentinel/
日本組織遭遇高複雜度的長期攻擊行動
Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
https://medium.com/cycraft/threat-intelligence-news-3-ea4ba0711ab1
EP35 - 6個駭客在攻擊前會思考的問題
https://reurl.cc/YWvWrO
21個RSA對於2021的網路安全預測
https://www.sysage.com.tw/News/NewsDetail/734
Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions
https://thehackernews.com/2021/02/over-dozen-chrome-extensions-caught.html
How to Audit Password Changes in Active Directory
https://thehackernews.com/2021/02/how-to-audit-password-changes-in-active.html
Why Human Error is #1 Cyber Security Threat to Businesses in 2021
https://thehackernews.com/2021/02/why-human-error-is-1-cyber-security.html
The Cyber Landscape in Latin America
https://www.fireeye.fr/blog/executive-perspective/2021/01/the-cyber-landscape-in-latin-america.html
An Usual Technique Used by an APT
https://www.trendmicro.com/en_us/research/21/a/xdr-investigation-uncovers-plugx-unique-technique-in-apt-attack.html
Security Researchers Being Targeted in New Campaign
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
S2-059/S2-061 漏洞原理簡單分析
https://zhuanlan.zhihu.com/p/348999160
網站漏洞修復SQL隱碼攻擊防護辦法
https://iter01.com/584523.html
病毒攻防機理及WinRAR惡意劫持漏洞(bat病毒、自啟動、定時關機、藍屏攻擊)
https://www.mdeditor.tw/pl/gOzS
Apache Druid 遠程代碼執行漏洞(CVE-2021-25646)
https://www.cnblogs.com/Savior-cc/p/14375098.html
Jquery XSS漏洞(CVE-2020-11022)
https://blog.csdn.net/qq_41832837/article/details/113655878
Apache Druid 遠程代碼執行漏洞分析(CVE-2021-25646)
https://paper.seebug.org/1481/
Lanproxy 任意文件讀取漏洞復現(CVE-2021-3019)
https://www.jianshu.com/p/957ec2ca0c90
LDAP Channel Binding and LDAP Signing Requirements - March 2020 update final release
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/ldap-channel-binding-and-ldap-signing-requirements-march-2020/ba-p/921536
F.商業
F5與Red Hat攜手 助政府資料中心向上集中 完美進化
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000603709_2YU8M5ACLV9I6VLXW9955
訊舟空氣盒子 全球設點
https://ctee.com.tw/news/stock/411422.html
「業務資安長」改善資安與商業流程整合的系統性挑戰
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9037
新資安報告點出前三大董事會必須關心的資安策略,ESG 研究指出資安未獲充分重視
http://www.pcdiy.com.tw/detail/19031
趨勢科技公佈新資安報告,提醒企業董事會 3 大該關心的資安策略
https://technews.tw/2021/02/01/trend-micro-security/
攻擊型態趨於多元,供應鏈防護需涵蓋 VPN 網路與外部服務,Safe-T 協助企業做好資安防護
https://reurl.cc/WErEKk
友訊科技宣佈正式代理Cyberbit
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9050
眾至推出OT防火牆設備,正式跨入工控安全防護領域
https://www.ithome.com.tw/review/142557
TXOne Networks榮獲亞太區10大最佳企業資安解決方案提供者
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9046
Sigma Rules to Live Your Best SOC Life
https://thehackernews.com/2021/02/sigma-rules-to-live-your-best-soc-life.html
Guide: How Security Consolidation Helps Small Cybersecurity Teams
https://thehackernews.com/2021/02/guide-how-security-consolidation-helps.html
Get Ready for CMMC: FireEye and Ardalyst Partner for Comprehensive, All-Threat Solution Set
https://www.fireeye.com/blog/products-and-services/2021/01/fireeye-ardalyst-partner-for-comprehensive-all-threat-solution-set.html
G.政府
「大陸製資通訊產品」校園全禁?立委籲:分級處理
https://www.ptt.cc/bbs/Teacher/M.1611963489.A.69C.html
人臉辨識搭機 松機春節後、桃機下半年試辦
https://www.cna.com.tw/news/ahel/202101310024.aspx
和2016年的國安局一樣,調查局也想出「香蕉」聘請資安專家
https://www.thenewslens.com/article/146670
培育女白帽駭客 科技部要扭轉性別刻板印象
https://www.ocacnews.net/overseascommunity/article/article_story.jsp?id=271842
斥資八億,打造國家級資安卓越中心,培訓臺灣高階的資安前瞻研究人才
https://www.ithome.com.tw/news/142509
台電等數十家公民營機構 資安納管
https://news.ltn.com.tw/news/politics/paper/1429519
行政院:關鍵基礎設施提供者 遇資安事件須通報
https://www.cna.com.tw/news/aipl/202102020184.aspx
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網 相關資安
消弭資訊安全隱憂 極大化智慧製造效益
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000603439_ETY58M55273TASLTHVK1D
2030年的智慧連網裝置在你的日常生活扮演什麼角色
https://www.eettaiwan.com/20210201nt21-top-10-consumer-trends-in-2030/
1億元的曙光產業 台灣遠距醫療興利從資安做起
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=70&id=0000603659_BCS5BWQO6048Q988MTFPL
2026年全球物聯網安全服務市場達168億美元,設備管理、資安佈署、IoT獲利策略須三者須並重
https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9036
58%醫療機構受訪者將資安視為數位轉型帶來的重大挑戰
https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9029
富士代碼執行漏洞使工業設備面臨安全風險
https://kknews.cc/tech/v5ngov2.html
2021年全球和中國工業信息安全行業發展現狀分析安全漏洞高速增長
http://finance.eastmoney.com/a/202102041803145871.html
何積豐院士:工控安全需著重解決「驗證難」「保障難」「分析難」問題
https://news.sina.com.tw/article/20210119/37429098.html
禾伸堂藉助Nozomi 即時監測OT資安威脅
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=13&id=0000603341_AQB2CI7V52I2ZV0VV1IYY
Open-source tool for hardening commonly used HMI/SCADA system
https://www.helpnetsecurity.com/2021/02/05/hardening-ge-cimplicity/
Learn to Build Effective IT-OT Cybersecurity Organizations at ARC Forum
https://www.arcweb.com/blog/learn-build-effective-it-ot-cybersecurity-organizations-arc-forum
Supply chain insecurity threatens national security
https://gcn.com/articles/2021/02/01/supply-chain-national-security.aspx
Industrial Control Systems (ICS) Security Market Report The demand for the Market will drastically increase in the Future Forecast 2025
https://ksusentinel.com/2021/02/05/industrial-control-systems-ics-security-market-report-the-demand-for-the-market-will-drastically-increase-in-the-future-forecast-2025/
I.教育訓練
109資通安全管理法數位教育訓練
https://reurl.cc/e9679M
資安事件鑑識分析與應用 - 工具介紹及實作
https://cert.tanet.edu.tw/prog/opendoc.php?id=2016072611073636116181716195916.pdf
開源碼網站安全暨防護實作-modsecurity實作(實機課程講義)
https://cert.tanet.edu.tw/prog/opendoc.php?id=2016072611070808281469077816844.pdf
不小心打開可疑郵件附件或連結該怎麼辦
https://blog.trendmicro.com.tw/?p=66676
為何不能重複使用密碼
https://blog.trendmicro.com.tw/?p=66438
How Does Your AD Password Policy Compare to NIST's Password Recommendations
https://thehackernews.com/2021/01/creating-strong-password-policy-with.html
Memory Palace CISSP Notes
https://www.studynotesandtheory.com/single-post/memory-palace-cissp-notes
給行銷跟業務的 Kubernetes 101 中翻中介紹
https://blog.pichuang.com.tw/20210111-Kubernetes-for-sales-and-marketing/
WAF是什麼?WAF能幹嘛?我網站需要WAF 嗎
https://blog.pumo.com.tw/archives/1384
什麼是安全漏洞掃描
https://zhuanlan.zhihu.com/p/340391948
[Burp Suite 完整教學] 利用 Autorize 測試角色權限區分與IDOR漏洞
https://hackercat.org/burp-suite-tutorial/burp-suite-autorize
[Burp Suite 完整教學] Find comments 當個乖寶寶好好寫註解,我看你是沒有遇過壞人
https://hackercat.org/burp-suite-tutorial/burp-suite-find-comments
[Burp Suite 完整教學] Comparer 大家來找碴,不如讓工具幫你解答
https://hackercat.org/burp-suite-tutorial/burp-suite-comparer
[Burp Suite 完整教學] 看似平凡卻最常被使用 – Repeater 手動挖掘與驗證漏洞
https://hackercat.org/burp-suite-tutorial/burp-suite-repeater
[Burp Suite 完整教學] ActiveScan++ 提升 Scanner 的弱點掃描能力
https://hackercat.org/burp-suite-tutorial/burp-suite-activescan-plus
[Burp Suite 完整教學] JSON Beautifier – 美化你的JSON格式資料,讓一切看得更清楚
https://hackercat.org/burp-suite-tutorial/burp-suite-json-beautifier
[Burp Suite 完整教學] 這些功能還不夠嗎?來開外掛吧!Burp Extender擴充功能 – BApp Store
https://hackercat.org/burp-suite-tutorial/burp-suite-extender-bapp-store
[Burp Suite 完整教學] 滲透測試從來不是一件簡單的事
https://hackercat.org/burp-suite-tutorial/burp-suite-pentesting-is-not-easy
[Burp Suite 完整教學] Intruder 如何觀察與判斷堆積如山的結果
https://hackercat.org/burp-suite-tutorial/burp-suite-intruder-results
[Burp Suite 完整教學] Intruder Attack type & Payloads – 擁有千種姿態的攻擊模式
https://hackercat.org/burp-suite-tutorial/burp-suite-intruder-attack-type-and-payloads
EC-Council ECSA v10 滲透測試認證 – 考試準備心得分享
https://www.hackercat.org/pentesting/ec-council-ecsa-v10-experience
6.近期資安活動及研討會
User Interface and User Experience Design Weekend Crash Course Feb 6-7, 1-4pm 2/6 ~ 2/7
https://www.meetup.com/taiwan-code-camp/events/275764480
2021 All 駭 Yo 寒假資安訓練營 2/6 ~ 2/7
https://www.nchc.org.tw/Active/ActiveView?id=457&menutype=0&sitemenuid=3&mid=47
你所不知道的 Apple 設備管理秘笈 2/21
https://www.accupass.com/event/2101121212224382042200
[2021 Feb] Voice of Data 如何為你手中的數據發聲 2/22
https://www.meetup.com/rladies-taipei/events/275622681
國家高速網路與計算中心教育訓練【資安中階課程】資安健診弱點實證 2/25
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3940&from_course_list_url=course_index
人工智慧與資安保險論壇暨ACFD第二屆第二次會員大會及第二屆第三次理監事聯席會議 2/26
https://acfd2019.kktix.cc/events/1cac1bef-copy-1
台灣商戶如何使用Woo Commerce 2/26
https://www.meetup.com/Taipei-WooCommerce-Meetup-Group/events/275860646
2021嘉藥反毒與資安機器人競賽 至110年2月28日(星期日)晚上12時,或額滿為止
http://203.72.21.13/prac/index.php/2017-01-17-07-19-47/2017-02-07-01-41-33/1905-2021-15
TC5/ WG1#11無線寬頻分享器資安標準與測試規範產業專家會議(第二場) 3/4
https://www.taics.org.tw/TCMeetInfoForm.aspx?tcCat_id=5&tcMeetInfo_id=10223
吱吱盃黑客松 2021/04/02 18:30 ~ 2021/04/04 18:30
https://nsysuisc.kktix.cc/events/hackathon2020
沒有留言:
張貼留言