###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/12/16 ~ 2019/12/20 1.重大弱點漏洞/後門/Exploit/Zero Day Micro Focus ArcSight Logger 跨站請求偽造漏洞 CVE-2019-11657 https://nvd.nist.gov/vuln/detail/CVE-2019-11657 Trend Micro HouseCall for Home Networks 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19689 TP-Link 路由器遠端執行任意程式碼漏洞 https://www.securitywizardry.com/the-radar-page/alert-details#alerts TP-Link修補不用密碼就能登入路由器的安全漏洞 https://www.ithome.com.tw/news/134878 TP-Link Archer Router Vulnerability Voids Admin Password, Can Allow Remote Takeover https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/ 新的攻擊 CPU 手法 Plundervolt 出現，超頻降頻也能觸發漏洞 https://technews.tw/2019/12/17/cpu-plundervolt/ 微軟下個月開始用全螢幕提醒你升級Windows 7 https://www.ithome.com.tw/news/134781 微軟悄悄將Windows 10 Mobile實際終止更新時間延後一個月 https://mashdigi.com/microsoft-quietly-extends-support-for-windows-10-mobile/ So you want to keep running Windows 7? Good luck with that, small businesses https://www.zdnet.com/article/so-you-want-to-keep-running-windows-7-good-luck-with-that-small-businesses/#ftag=RSSbaffb68 Microsoft Security Essentials updates not included in Windows 7 ESU https://www.zdnet.com/article/microsoft-security-essentials-updates-not-included-in-windows-7-esu/#ftag=RSSbaffb68 Multiple Vulnerabilities in Barco ClickShare https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/ Npm team warns of new 'binary planting' bug https://www.zdnet.com/article/npm-team-warns-of-new-binary-planting-bug/#ftag=RSSbaffb68 Symantec Messaging Gateway CVE-2019-18379 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-18379 Trend Micro Security CVE-2019-18190 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-18190 SQLite CVE-2019-19603 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-19603 小心!! 黑客可通過漏洞避開防毒偵查?! 【黑開有條路!!】Intel RST 被發現存在漏洞 http://bit.ly/34A8DXs Seven Critical Vulnerabilities Discovered in Portainer https://www.fortinet.com/blog/threat-research/seven-critical-vulnerabilities-portainer.html Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw https://thehackernews.com/2019/12/drupal-website-hacking.html 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 首例！國壽、易遊網推「旅平險一站式服務」　5步驟輕鬆投保 https://www.ettoday.net/news/20191213/1601551.htm 監理沙盒上線 1分鐘買好旅平險 https://udn.com/news/story/7239/4225564?from=udn-catelistnews_ch2 開放銀行潮流下 防治金融犯罪成重要議題 https://money.udn.com/money/story/5636/4225488 銀行防斷線 資安升級大作戰 https://www.chinatimes.com/newspapers/20191215000257-260202?chdtv 拒駭 呂桔誠：國銀要打聯防 https://www.chinatimes.com/newspapers/20191215000259-260202?chdtv Visa警告：加油站POS系統成為FIN8駭客集團的新目標 https://ithome.com.tw/news/134832 能提前發現和修補漏洞支付寶安全實驗室在BlackHat推出兩款移動安全工具 https://blog.51cto.com/14164343/2457924 隔空“刷爆”銀行卡一新型網絡盜刷團伙被端 http://news.xmnn.cn/xmnn/2019/12/14/100638912.shtml 隔空「刷爆」銀行卡 一新型網路盜刷團伙被端 https://news.sina.com.tw/article/20191214/33669598.html 銀行卡被「隔空」盜刷 警方提示如何辨「異象」 https://news.sina.com.tw/article/20191215/33673926.html 銀行業最大風險恐不在中國違約升高 網路資安才是戰場 https://news.cnyes.com/news/id/4423225 開放API 責任歸屬待克服 https://money.udn.com/money/story/12040/4225573 中國銀聯建立威脅情報體系實戰案例 https://kknews.cc/tech/gp6x3vy.html 金管會推普惠金融 要訂KPI https://money.udn.com/money/story/5613/4223519 誰搶了銀行？他們懸賞2.5萬元希望找出嫌犯 http://bit.ly/2PKVi9g 金融機構如何應對日益頻繁的網絡攻擊 http://blog.itpub.net/69933183/viewspace-2668681/ 金融機構創新業務 改走試辦 https://www.chinatimes.com/newspapers/20191212000274-260202?chdtv Visa警告加油站刷卡 易遭黑客入侵 http://bit.ly/35CdmZK Visa警告：在加油站刷信用卡 小心被駭 http://bit.ly/2PtNlqf 小心加油也會被駭！Fin8 駭客組織入侵加油站 POS 系統竊取信用卡資料 https://technews.tw/2019/12/17/visa-warns-that-hackers-are-scraping-card-details-from-gas-pumps/ 數位轉型讓銀行的「風險」也轉型了！比起企業違約率，網路資安的風險更大 https://buzzorange.com/techorange/2019/12/16/risk-of-banks/ 國泰投信申請 網路資安指數認可 https://money.udn.com/money/story/5607/4230482 純網銀即將開業　顧立雄：要真的引導創新，一定得玩大的 https://www.cw.com.tw/article/article.action?id=5098156 【虛擬銀行】眾安銀行跑出　成為首間試業虛銀 http://bit.ly/2tqB6Sw 【2020年臺灣金融圈最新變革：LINE Bank、樂天銀行、將來銀行】3家純網銀首度同臺亮相，大秀自家最新特色 https://www.ithome.com.tw/news/134869 Govt, banks spend $270m to combat cyberattacks https://punchng.com/govt-banks-spend-270m-to-combat-cyberattacks/ Batch of 460,000+ Payment Cards Sold on Black Market Forum https://www.bleepingcomputer.com/news/security/batch-of-460-000-payment-cards-sold-on-black-market-forum/ Scoop: The World Bank told Taiwanese staff to get Chinese passports https://www.axios.com/world-bank-taiwan-staff-china-passport-dde4ca2d-a251-48c5-a566-fe25d754b776.html Internet banking sites and their use of TLS... and SSLv3... and SSLv2 https://isc.sans.edu/diary/rss/25606 Net banking & card frauds up 50%, Delhi is ATM con capit .. https://timesofindia.indiatimes.com/city/delhi/net-banking-card-frauds-up-50-delhi-is-atm-con-capital/articleshow/72466808.cms Cases of Net Banking and ATM Frauds Increase by 50% in New Delhi https://www.ehackingnews.com/2019/12/cases-of-net-banking-and-atm-frauds.html THREE ARRESTED FOR BLOWING UP ATMS IN GERMANY AND HUNGARY https://www.europol.europa.eu/newsroom/news/three-arrested-for-blowing-atms-in-germany-and-hungary Visa: Gas Station Networks Targeted to Steal Card Data https://www.bankinfosecurity.com/visa-gas-station-networks-targeted-to-steal-card-data-a-13507 Skimming Campaign Leveraged Heroku Cloud Platform: Report https://www.bankinfosecurity.com/skimming-campaign-leveraged-heroku-cloud-platform-report-a-13472 PSD2: The Compliance and Enforcement Update https://www.bankinfosecurity.com/interviews/psd2-compliance-enforcement-update-i-4526 Credit Card Data Exposed Online Is Tested Within 2 Hours https://www.bleepingcomputer.com/news/security/credit-card-data-exposed-online-is-tested-within-2-hours/ Singapore digital banking era will put focus on SMBs, consumer trust https://www.zdnet.com/article/singapore-digital-banking-era-will-put-focus-on-smbs-consumer-trust/#ftag=RSSbaffb68 3.電子支付/電子票證/行動支付/ pay/新聞及資安 「未來遊樂園」即將開幕！每項設施都用行動支付，遊客想玩什麼再付錢即可 https://buzzorange.com/techorange/2019/12/19/jets-carnival/ 在大陸行動支付 小心「嗅探」隔空盜刷 https://udn.com/news/story/7333/4204641 LINE金融策略調整 電子支付改名、推全新行動支付App https://udn.com/news/story/7241/4201877 4.虛擬貨幣/區塊鍊相關新聞及資安 加密貨幣商神秘身亡 債權人訴請驗屍確認 http://bit.ly/2ss69Nu 人為疏失成最大漏洞？ VeChain 基金會遭竊走 6,500 萬美元 VET 代幣 https://blockcast.it/2019/12/16/vechain-hacked-losing-1b-vet-tokens-worth-6m-usd/ VeChain 基金會被駭客入侵，價值 ＄650 萬美元的 VET 代幣被盜去 http://bit.ly/2PtIxkp 得天獨厚的中國礦工｜三分之二的比特幣產出來自中國，66% 的算力貢獻持續攀升 https://bigdatafinance.tw/index.php/blockchain/1345-66 幣寶台灣與幣寶日本將在1月14日再次開庭！三分鐘回顧幣寶被駭事件 https://news.knowing.asia/news/3b0d6128-d5d8-4463-aa8a-a447759d9658 香港比特幣投資公司在台吸金上億！投資比特幣前得先注意這三點 https://news.knowing.asia/news/ad156d9c-60d6-46b0-90f1-aaa5114ccf31 關於2019年區塊鏈產業經歷過的風雨，你還記得多少 https://news.knowing.asia/news/b82feb80-f033-46af-8f90-33cfb7e9e0ef 讓虛擬貨幣交易合規有保障 庫幣科技Sygna為台爭光 https://ec.ltn.com.tw/article/breakingnews/3014626 Spammers force Keybase to stop Stellar Space Drop cryptocurrency handouts https://www.zdnet.com/article/spammers-force-keybase-to-stop-stellar-space-drop-cryptocurrency-handouts/#ftag=RSSbaffb68 Attackers now use process hollowing to hide cryptocurrency miners on your PC https://www.zdnet.com/article/monero-miners-can-lurk-undetected-through-new-process-hollowing-technique/#ftag=RSSbaffb68 (Almost) Hollow and Innocent: Monero Miner Remains Undetected via Process Hollowing https://blog.trendmicro.com/trendlabs-security-intelligence/almost-hollow-and-innocent-monero-miner-remains-undetected-via-process-hollowing/ Shopin founder charged by SEC for running $42 million scam cryptocurrency ICO https://www.zdnet.com/article/shopin-founder-charged-by-sec-for-running-scam-cryptocurrency-ico/#ftag=RSSbaffb68 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 新版Echobot殭屍病毒所使用的漏洞攻擊程式增加到77個 https://www.ithome.com.tw/news/134830 New Echobot Variant Exploits 77 Remote Code Execution Flaws https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/ 卡巴斯基表示： 惡意軟體數量有所上升，攻擊手段有所轉變 https://news.xfastest.com/kaspersky/73746/kaspersky-said-that-the-method-of-how-malwares-attack-has-changed/ 蘋果電腦不中毒神話破滅？資安公司發布報告　Mac威脅偵測呈上升趨勢 https://www.ettoday.net/news/20191217/1603807.htm 微軟：不鼓勵企業支付勒索軟體贖金 https://www.ithome.com.tw/news/134879 今年美國有超過1,000所學校遭勒索軟體波及 https://ithome.com.tw/news/134907 勒索軟體受害者到底該不該向駭客妥協？向其支付贖金 https://ek21.com/news/tech/166073/ NJ’s largest hospital system forced to pay ransom in cyber attack https://nj1015.com/nj-largest-hospital-system-forced-to-pay-ransom-in-cyber-attack/ Ryuk Ransomware Likely Behind New Orleans Cyberattack https://www.bleepingcomputer.com/news/security/ryuk-ransomware-likely-behind-new-orleans-cyberattack/ Largest hospital system in New Jersey was hit by ransomware attack https://securityaffairs.co/wordpress/95152/cyber-crime/new-jersey-hospital-ransomware-attack.html Microsoft: We never encourage a ransomware victim to pay https://www.zdnet.com/article/microsoft-we-never-encourage-a-ransomware-victim-to-pay/#ftag=RSSbaffb68 Decryptor Bug Means Ryuk Victims Stuck in Ransomware Rut https://www.bankinfosecurity.com/decryptor-bug-means-victims-stuck-in-ryuk-ransomware-rut-a-13481 North Korean Hackers Tapping Into TrickBot: Report https://www.bankinfosecurity.com/north-korean-hackers-tapping-into-trickbot-report-a-13497 Georgia Wire Manufacturer Struck by Ransomware https://www.bankinfosecurity.com/georgia-wire-manufacturer-struck-by-ransomware-a-13496 Wiper Malware Targets Middle Eastern Energy Firms: Report https://www.bankinfosecurity.com/wiper-malware-targets-middle-eastern-energy-firms-report-a-13474 Two Russians Indicted Over $100M Dridex Malware Thefts https://www.bankinfosecurity.com/two-russians-indicted-over-100m-dridex-malware-thefts-a-13473 New Malware Campaign Uses Trojanized 'Tetris' Game: Report https://www.bankinfosecurity.com/new-malware-campaign-uses-trojanized-tetris-game-report-a-13465 Emotet Trojan is Inviting You To A Malicious Christmas Party https://www.bleepingcomputer.com/news/security/emotet-trojan-is-inviting-you-to-a-malicious-christmas-party/ Incident Response lessons from recent Maze ransomware attacks https://blog.talosintelligence.com/2019/12/IR-Lessons-Maze.html Lazarus pivots to Linux attacks through Dacls Trojan https://www.zdnet.com/article/lazarus-pivots-to-linux-attacks-through-dacls-trojan/#ftag=RSSbaffb68 Lazarus Group使用Dacls RAT攻擊Linux平台 https://blog.netlab.360.com/dacls-the-dual-platform-rat/ Dridex Banking Trojan Infections and PowerShell Empire Activity Preceding BitPaymer Ransomware Attacks https://www.it.ucla.edu/security/advisories/dridex-banking-trojan-infections-powershell-empire-activity-preceding-bitpaymer-ransomware-attacks Maze Ransomware Gang Dumps Purported Victim List https://www.bankinfosecurity.asia/blogs/maze-ransomware-gang-dumps-purported-victim-list-p-2839 Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia https://unit42.paloaltonetworks.com/rancor-cyber-espionage-group-uses-new-custom-malware-to-attack-southeast-asia/ 14 Ways to Evade Botnet Malware Attacks On Your Computers https://thehackernews.com/2019/12/botnet-malware-attacks.html Another ransomware strain is now stealing data before encrypting it https://www.zdnet.com/article/another-ransomware-strain-is-now-stealing-data-before-encrypting-it/#ftag=RSSbaffb68 2019: The year in malware https://blog.talosintelligence.com/2019/12/2019-year-in-malware.html Attackers Posing as German Authorities Distribute Emotet Malware https://www.bleepingcomputer.com/news/security/attackers-posing-as-german-authorities-distribute-emotet-malware/ Achtung: Schadhafte SPAM-Mails im Namen mehrerer Bundesbehörden https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Spam-Bundesbehoerden_181219.html ScreenConnect MSP Software Used to Install Zeppelin Ransomware https://www.bleepingcomputer.com/news/security/screenconnect-msp-software-used-to-install-zeppelin-ransomware/ CONNECTWISE CONTROL ABUSED AGAIN TO DELIVER ZEPPELIN RANSOMWARE https://blog.morphisec.com/connectwise-control-abused-again-to-deliver-zeppelin-ransomware B.行動安全 / iPhone / Android /穿戴裝置 /App 挪威電信放棄合作十年的華為 改用瑞典愛立信 https://hk.news.appledaily.com/international/realtime/article/20191214/60377221 5G時代下的資安風險 專家：政府應制定相關法律　 http://www.epochtimes.com/b5/19/12/15/n11724118.htm G Suite明年6月將強制第三方app支援OAuth https://www.ithome.com.tw/news/134876 WhatsApp臭蟲可搞掛所有群聊成員的App、永遠退出群組 https://www.ithome.com.tw/news/134892 一條訊息足致全群組死機　WhatsApp推新版本修復漏洞 http://bit.ly/2M5altd The Media Trust揭露鎖定iPhone用戶的惡意廣告活動 https://www.ithome.com.tw/news/134913 Persistent Malware Using Multiple Techniques Hits Online Readers in Time for the Holidays https://mediatrust.com/sites/default/files/2019-12/Krampus-3PC_2019-1211.pdf AirDrop爆發惡意漏洞，立即更新iOS 13.3 即可防止遭受攻擊 https://mrmad.com.tw/update-ios-13-3-to-prevent-hackers-from-airdrop iPhone AirDrop爆漏洞　教你防禦拒絕陌生人無限傳送檔案 http://bit.ly/35shhs5 From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13 https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13 Twitter proposes open social network standard https://www.zdnet.com/article/twitter-proposes-open-social-network-standard/#ftag=RSSbaffb68 This Bug Could Have Let Anyone Crash WhatsApp Of All Group Members https://thehackernews.com/2019/12/whatsapp-group-crash.html Google fixes Chrome 79 data loss bug on Android https://www.zdnet.com/article/google-fixes-chrome-79-data-loss-bug-on-android/#ftag=RSSbaffb68 Is your Phone infected by this Mobile Malware: Agent Smith https://www.achillesresolute.com/blog/agent-smith-malware.html C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件 LifeLabs遭駭客入侵 本省及安省1500萬客户資料被盜 https://www.am1470.com/news_detail.php?i=89147 加拿大醫學實驗室被駭 國內近半人口個資恐外洩 https://living.taronews.tw/2019/12/18/562414/ LifeLabs pays hackers to recover data of 15 million customers https://www.zdnet.com/article/lifelabs-pays-hackers-to-recover-data-of-15-million-customers/#ftag=RSSbaffb68 資安業者：蟄伏中國駭客團體 復出攻擊政府企業 https://www.cna.com.tw/news/ait/201912190388.aspx Operation Wocao: Shining a light on one of China’s hidden hacking groups https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/ 數百家製造業者遭網路間諜鎖定，超過一半位於南韓 https://www.ithome.com.tw/news/134912 Gangnam Industrial Style: APT Campaign Targets Korean Industrial Companies https://cyberx-labs.com/blog/gangnam-industrial-style-apt-campaign-targets-korean-industrial-companies/ 官網、郵件、會計系統遭境外IP攻擊停擺　民進黨已報案 https://www.storm.mg/article/2077881 民進黨官網、郵件系統連2天癱瘓 羅文嘉已報警 http://bit.ly/2PzI3cP 民進黨部電腦遭駭客入侵 查到某外資公司 https://www.chinatimes.com/realtimenews/20191218003660-260407?chdtv 託管服務供應商常犯的三個電子郵件資安錯誤 https://blog.trendmicro.com.tw/?p=61897 遠端視訊創造企業高效率，但小心雲安全漏洞 https://udn.com/news/story/7086/4234606 沉寂數年後，中國駭客組織再度活躍，攻擊範圍擴展至美英法等國 http://bit.ly/2PCyERv 資安業者：蟄伏中國駭客團體 復出攻擊政府企業 https://www.cna.com.tw/news/ait/201912190388.aspx 軟體工程師利用業餘時間寫的程式碼也算公司的？Nginx之父被捕引發爭議 http://bit.ly/2sKvh1P ICANN 暫緩 .org 網域銷售，稱買賣方需提供足夠審核的文件 http://bit.ly/38K0rai 2019年11月十大資安新聞 https://www.ithome.com.tw/news/134908 DEF CON CTF主辦人在HITCON CTF論壇，首度公開PWN Collage開源課程 https://times.hinet.net/news/22697842 台灣駭客賽HITCON CTF落幕，DEFCON CTF 主辦人來台分享經驗 https://ec.ltn.com.tw/article/breakingnews/3011124 HITCON CTF賽事培養眾多駭客高手！大企業為什麼吸引不到這些資安人才 https://www.bnext.com.tw/article/55923/hitcon-ctf-teadelivers 中國隊Tea Deliverers贏得HITCON CTF冠軍，直接晉級2020年DEF CON CTF決賽 https://www.ithome.com.tw/news/134848 玩家濫用《Diablo III》Buff漏洞 將受處罰 現已緊急修復 http://bit.ly/2RMOPxd 5G、純網銀上路，資安風險更棘手？4大資安趨勢老闆需注意 https://www.bnext.com.tw/article/55909/trendmicro-estimation2020-cybersecurity F22戰機電腦無法駭入 美前海軍部長透露真實原因 https://www.chinatimes.com/realtimenews/20191213004221-260417?chdtv 草木皆兵！美擔憂選舉投票機遭陸駭客入侵 https://www.chinatimes.com/realtimenews/20191218004144-260409?chdtv 國外網紅雇用槍手去搶劫「網域名稱」，結果槍手反被對方「撿到槍」差點打死 http://bit.ly/36EImbE 微軟發出警告：一波大規模黑客攻擊來襲電信運營商需警惕 https://www.cnbeta.com/articles/tech/921405.htm 中國大陸衢州警方發布“淨網2019”行動戰果 http://news.qz828.com/system/2019/12/13/011521316.shtml 人臉辨識遭印刷面具破解 中國海關．電子支付系統存漏洞 https://ezone.ulifestyle.com.hk/article/2519502 中國網絡漏洞披露全球性標准進入最終意見徵集階段 https://www.anquanke.com/post/id/195054 中國工信部公開徵求對《網絡安全漏洞管理規定（徵求意見稿）》的意見 http://www.cfis.cn/2019-12/16/c_1125351345.htm 中國的全球觸角：超越防火長城的監控和審查制度 https://lab.ocf.tw/2019/12/12/article/ 中國再教育營文件外洩 中國控管新疆變本加厲 https://news.ltn.com.tw/news/world/paper/1339155 新疆機密文件遭洩 外媒：陸緊急焚毀檔案 https://gotv.ctitv.com.tw/2019/12/1188076.htm 周曉輝：高調關注中共盜版仿製 俄補刀不簡單 http://www.epochtimes.com/b5/19/12/16/n11726663.htm 北京警方今年破獲駭客攻擊等涉網案件7800余起 http://big5.eastday.com:82/gate/big5/news.eastday.com/s/20191216/u1ai20231075.html 美起訴俄羅斯情治官員與駭客 卻難以遏制莫斯科食髓知味 https://inanews.tw/archives/81647 通俄調查 美法官：FBI做法不當 http://bit.ly/2S9dgVM 網攻機關企業 駭客全美勒索 鎖數據癱瘓作業 已撈75億 http://bit.ly/2ElbQ2g 俄將斷網測「RuNet」 網路自由存憂慮 https://www.ydn.com.tw/News/357819 澳門設《網安法》天眼監控　議員：恐變「秘密警察」社會 https://tw.news.appledaily.com/international/realtime/20191218/1678778/ 中美言和轉單效應仍會持續 楊金龍解密關鍵是資安 https://udn.com/news/story/7238/4237542 大陸如何落實資安與網路安全 https://www.chinatimes.com/realtimenews/20191220000006-260409?chdtv Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites https://thehackernews.com/2019/12/wordpress-elementor-beaver.html Cybersecurity: This password-stealing hacking campaign is targeting governments around the world https://www.zdnet.com/article/cybersecurity-this-password-stealing-hacking-campaign-is-targeting-governments-around-the-world/ North Korean hackers working with East European cybercriminals https://www.defenceweb.co.za/cyber-defence/north-korean-hackers-working-with-east-european-cybercriminals/ New Orleans Declares State Of Emergency Following Cyber Attack https://www.forbes.com/sites/daveywinder/2019/12/14/new-orleans-declares-state-of-emergency-following-cyber-attack/ 5 Reasons Why Programmers Should Think like Hackers https://thehackernews.com/2019/12/cybersecurity-for-programmers.html Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites https://thehackernews.com/2019/12/wordpress-elementor-beaver.html Singapore government triggers online falsehood directive at another opposition politician https://www.zdnet.com/article/singapore-government-triggers-online-falsehood-directive-at-another-opposition-politician/#ftag=RSSbaffb68 Singapore government issues online falsehood directive to opposition political party https://www.zdnet.com/article/singapore-government-issues-online-falsehood-directive-to-opposition-political-party/#ftag=RSSbaffb68 Cybersecurity Defenders: Channel Your Adversary's Mindset https://www.bankinfosecurity.com/cybersecurity-defenders-channel-your-adversarys-mindset-a-13470 Iran investigating third cyberattack in a week https://www.jpost.com/Middle-East/Iran-investigating-third-cyberattack-in-a-week-611013 Decade retrospective: Cybersecurity from 2010 to 2019 https://www.zdnet.com/article/decade-retrospective-cybersecurity-from-2010-to-2019/#ftag=RSSbaffb68 Senators introduce K-12 Cybersecurity Act https://www.zdnet.com/article/senators-introduce-k-12-cybersecurity-act/#ftag=RSSbaffb68 Member of 'The Dark Overlord' hacking group extradited to the US https://www.zdnet.com/article/member-of-the-dark-overlord-hacking-group-extradited-to-the-us/#ftag=RSSbaffb68 Former Palo Alto Networks IT admin charged for running insider trading ring https://www.zdnet.com/article/former-palo-alto-networks-it-admin-charged-for-running-insider-trading-ring/#ftag=RSSbaffb68 British Hacker Accused of Blackmailing healthcare Firms Extradited to U.S. https://thehackernews.com/2019/12/dark-overlord-hacker-extradited.html 資安工程師 https://www.104.com.tw/job/6s0e2?jobsource=company_job 資安維運工程師 https://www.104.com.tw/job/6ksyo?jobsource=company_job 網路工程師 https://www.104.com.tw/job/65kx5?jobsource=company_job 資安主管 https://www.104.com.tw/job/6s0e1?jobsource=company_job D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 本田汽車的Elasticsearch資料庫又配置錯誤，這次是2.6萬名車主資訊曝光 https://www.ithome.com.tw/news/134938 要匯款的真是你老闆嗎？小心激增的AI偽冒詐騙 http://bit.ly/2PMKOGC 2019 網友「最常用」密碼排行榜單出爐，驚見這家品牌名稱入榜 https://3c.ltn.com.tw/news/38914 亞馬遜再陷資安風暴　75萬美國人個資可任意下載 https://kairos.news/171386 6萬多個人信息被暗網掛賣海南某網絡公司被罰款10萬元 http://www.hinews.cn/news/system/2019/12/15/032235591.shtml 首次針對反對黨　新加坡政府引《假新聞法》下令更正FB貼文 https://tw.news.appledaily.com/international/realtime/20191216/1677817/ 利用支付寶"漏洞"賺錢詐騙28起案值5萬餘元！即墨法院公開審理一起支付寶詐騙案涉案8人均領刑 http://news.bandao.cn/a/318933.html 鑽漏洞？臉書嚴查假消息 網揭「內容農場」換網址又復活 https://news.ltn.com.tw/news/politics/breakingnews/3011186 商務電郵詐騙增　黑客假扮CEO催促匯款 http://bit.ly/35tAvhb 秘密搜集個人資訊　《華郵》駭進汽車有大發現 https://tw.news.appledaily.com/international/realtime/20191218/1678810/ 密碼設「ji32k7au4a83」！外國工程師疑惑..這 「亂碼」 怎麼超多人用? 嫩..台灣人一看秒懂 http://bit.ly/2sCtnQW 臉書安全漏洞使黑客能控制5000萬帳戶 http://www.hfsjwb.com/c55e4/11994.html 不想被找到都不行 臉書坦承用這些方法追蹤你 https://www.cna.com.tw/news/firstnews/201912180244.aspx 就算關閉定位服務 臉書還是有辦法找到你 http://bit.ly/38L20F3 假的！早安問候圖會竊個資？專家教大家注意這些事 https://news.ltn.com.tw/news/life/breakingnews/3013494 垃圾郵件廣告系列在用戶恐懼心F中發揮作用 http://bit.ly/2PESgV5 FB 潛藏危機！小心這 7 種常見詐騙方式 https://3c.ltn.com.tw/news/38987 Healthcare.gov出現安全漏洞7.5萬人信息被洩露 https://nosec.org/home/detail/3496.html 光明日報：警惕以虛擬幣為噱頭的新式詐騙 https://news.sina.com.tw/article/20191220/33737612.html 臉書又爆大量個資外洩！2.67億筆用戶ID電話全被看光光　駭客可能來自越南犯罪集團 https://www.ettoday.net/news/20191220/1606411.htm Facebook再傳數據外洩 包含2.69億用戶資料 多數為美國人 https://fnc.ebc.net.tw/FncNews/else/110173 還在「qwerty123」？2019年最糟密碼大公開 https://news.ltn.com.tw/news/life/breakingnews/3015062 網軍假新聞操弄民意 三大社群媒體防禦作戰 http://bit.ly/2Q3y9z1 Payroll Data of 29,000 Facebook Employees Stolen: Report https://www.bankinfosecurity.com/payroll-data-29000-facebook-employees-stolen-report-a-13509 The Hidden Cost of a Third-Party Data Breach https://www.bankinfosecurity.com/blogs/hidden-cost-third-party-data-breach-p-2805 The worst passwords of 2019: Did yours make the list https://www.welivesecurity.com/2019/12/16/worst-passwords-2019-did-yours-make-list/ Online fake news is costing us $78 billion globally each year https://www.zdnet.com/article/online-fake-news-costing-us-78-billion-globally-each-year/#ftag=RSSbaffb68 E.研究報告 軟體更新安全規範The Update Framework從CNCF孵化器畢業 https://www.ithome.com.tw/news/134922 混沌工程介紹與實踐 https://www.i5seo.com/hun-dun-gong-cheng-jie-shao-yu-shi-jian.html 原創深度：滲透測試與邊緣設備安全（一） http://mouser.eetrend.com/content/2019/100046475.html 原創深度：滲透測試與邊緣設備安全（二） http://mouser.eetrend.com/content/2019/100046508.html BaseQuery：一款數據漏洞以及泄露數據的強大搜索工具 https://www.chainnews.com/zh-hant/articles/857154805744.htm Kotlin conf 2019 心得 （上） http://bit.ly/2qYtplH Kotlin conf 2019心得（中） http://bit.ly/2RZjaZC 工控CTF之某固件分析解题 http://www.sohu.com/a/360313706_354899 百萬用戶個人信息洩露漏洞 https://www.freebuf.com/vuls/222028.html 一言不合就改用 gRPC？要我大前端怎麼配合啊 http://bit.ly/38HKkKg CVE-2019-12750：SEP本地提權漏洞分析（Part 1） https://www.anquanke.com/post/id/195107 CVE-2019-12750：SEP本地提權漏洞分析（Part 2） https://www.anquanke.com/post/id/195216 TP-Link Archer系列路由器漏洞可使Admin賬戶密碼保護失效 https://www.freebuf.com/vuls/223076.html D-link DAP-1860命令注入遠程代碼執行漏洞分析 https://www.4hou.com/info/news/22144.html Android內核漏洞學習——CVE-2014-3153分析 https://xz.aliyun.com/t/6948 CVE-2017-11906 && CVE-2017-11907 組合漏洞分析筆記 https://bbs.pediy.com/thread-256832.htm metasploit、powershell之Windows錯誤系統配置漏洞實戰提權 https://cloud.tencent.com/developer/article/1555450 淺談python反序列化漏洞 https://www.cnblogs.com/wh4am1/p/12071804.html CVE-2019-18670：宏基Quick Access安全漏洞 https://www.4hou.com/vulnerable/22213.html Cyberattacks and How To Protect Your Computer and Data - Part 1 of 3 https://www.peerlyst.com/posts/cyberattacks-and-how-to-protect-your-computer-and-data-part-1-of-3-josh-moulin Cyberattacks and How To Protect Your Computer and Data - Part 2 of 3 https://www.peerlyst.com/posts/cyberattacks-and-how-to-protect-your-computer-and-data-part-2-of-3-josh-moulin Cyberattacks and How To Protect Your Computer and Data - Part 3 of 3 https://www.peerlyst.com/posts/cyberattacks-and-how-to-protect-your-computer-and-data-part-3-of-3-josh-moulin Cyber Threat Intelligence: Comparing the incident-centric and actor-centric approaches https://www.linkedin.com/pulse/cyber-threat-intelligence-comparing-incident-centric-approaches-mark/ What I Learned from Reverse Engineering Windows Containers https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/ Python Dictionary https://learncodewithmike.blogspot.com/2019/12/python-dictionary.html Securing the System: A Deep Dive into Reversing Android Pre-Installed Apps https://www.youtube.com/watch?v=U6qTcpCfuFc&feature Top 10 Cyber Security Trends To Look Out For In 2020 https://cybersecuritycourses.blogspot.com/2019/12/top-10-cyber-security-trends-to-look.html Modeling somatic computation with non-neural bioelectric networks https://www.nature.com/articles/s41598-019-54859-8 Digital lockpicking - stealing keys to the kingdom https://labs.f-secure.com/blog/digital-lockpicking-stealing-keys-to-the-kingdom Unit 42 Presents New Research at BlueHat Seattle on Three new Windows RDP Vulnerability Exploit Methods https://unit42.paloaltonetworks.com/unit-42-presents-new-research-at-bluehat-seattle-on-three-new-windows-rdp-vulnerability-exploit-methods/ 6 Steps to Prevent a Cyber Attack Against your Business https://medium.com/@Priya.Reddy/6-steps-to-prevent-a-cyber-attack-against-your-business-ea48d7aed2b9 Hacking Android With Metasploit https://linuxsecurityblog.com/2019/09/04/hacking-android-with-metasploit/ Spy on Traffic from a Smartphone with Wireshark https://null-byte.wonderhowto.com/how-to/spy-traffic-from-smartphone-with-wireshark-0198549/ Review of Snowden's book Permanent Record - Part II: At the NSA https://www.electrospaces.net/2019/12/review-of-snowdens-book-permanent.html Inside the mind of a hacker https://www.itpro.co.uk/security/hacking/354310/inside-the-mind-of-a-hacker What Goes on During Threat Hunting https://www.techslang.com/what-goes-on-during-threat-hunting/ Screetsec/TheFatRat https://github.com/Screetsec/TheFatRat al0ne/nginx_log_check https://github.com/al0ne/nginx_log_check den4uk / Andriller https://github.com/den4uk/andriller andreafioraldi/frida-fuzzer https://github.com/andreafioraldi/frida-fuzzer Areizen/Android-Malware-Sandbox https://github.com/Areizen/Android-Malware-Sandbox MobSF/Mobile-Security-Framework-MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF Python Scripting For The Ethical Hacker https://linuxsecurityblog.com/2018/06/21/python-scripting-for-the-ethical-hacker/ How To Fully Anonymize Your System https://linuxsecurityblog.com/2019/11/20/how-to-fully-anonymize-your-system/ Cronos — HackTheBox Walkthrough https://medium.com/@RainSec/cronos-hackthebox-walkthrough-d24d5ef0e2d3 Send Secret Files in an Image Using Steganography https://linuxsecurityblog.com/2019/10/02/send-secret-files-in-an-image-using-steganography/ Phishing Campaign Targets Login Credentials of Multiple US, International Government Procurement Services https://www.anomali.com/blog/phishing-campaign-targets-login-credentials-of-multiple-us-international-government-procurement-services How Does a Hashing Algorithm Work https://bigdatafinance.tw/index.php/blockchain/1333-how-does-a-hashing-algorithm-work BlueKeep – Exploit Windows (RDP Vulnerability) Remotely https://linuxsecurityblog.com/2019/10/10/bluekeep-exploit-windows-rdp-vulnerability-remotely/ PenTesting: Gaining Root Privileges on Kioptrix https://linuxsecurityblog.com/2019/12/06/pentesting-gaining-root-privileges-on-kioptrix/ Neural Information Processing Systems (NeurIPS) https://slideslive.com/neurips Cyber Threat Intelligence: Observing the adversary https://blog.intel471.com/2016/05/17/cyber-threat-intelligence-observing-the-adversary/ Being a cyber threat intelligence analyst and operating in the fog of uncertainty https://blog.intel471.com/2017/05/25/being-a-cyber-threat-intelligence-analyst-and-operating-in-the-fog-of-uncertainty/ Actionable intelligence — Is it a capability problem or does your intelligence provider suck https://blog.intel471.com/2016/05/18/actionable-intelligence-is-it-a-capability-problem-or-does-your-intelligence-provider-suck/ Clever hack creates the first 128GB 3.5-inch floppy drive https://www.extremetech.com/extreme/223736-clever-hack-creates-the-first-128gb-1-44-inch-floppy-drive From iPhone to NT AUTHORITY\SYSTEM – exploit ‘Printconfig’ dll with a real-world example https://securityaffairs.co/wordpress/95135/hacking/iphone-printconfig-dll-exploitation.html It’s time to disconnect RDP from the internet https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/ 2FA: Double down on your security https://www.welivesecurity.com/2019/12/13/2fa-double-down-your-security/ HTTP Request Smuggling + IDOR https://hipotermia.pw/bb/http-desync-idor rewardone/OSCPRepo https://github.com/rewardone/OSCPRepo Cobalt Strike – Bypassing Windows Defender with Obfuscation http://www.offensiveops.io/tools/cobalt-strike-bypassing-windows-defender-with-obfuscation/ Cyber Threat Intelligence: Observing the adversary https://blog.intel471.com/2016/05/17/cyber-threat-intelligence-observing-the-adversary/ Top 5 Essential Features of Effective Cybersecurity for Web Apps https://thehackernews.com/2019/12/web-application-cybersecurity.html A sinkhole for collecting and analysing malicious traffic https://github.com/scrapbird/sinkholed Nginx Log Check - Nginx Log Security Analysis Script https://www.kitploit.com/2019/12/nginx-log-check-nginx-log-security.html alphaSeclab/awesome-reverse-engineering https://github.com/alphaSeclab/awesome-reverse-engineering/blob/master/Readme_en.md F.商業 So-net合作Nexusguard 打造全新資安防禦服務 http://bit.ly/2PitWZa BAE Systems to develop new cyber tools for DARPA to improve security of electronic data formats http://bit.ly/2RWrI3v Google提升Chrome密碼防護，當帳密被盜時主動發出警告 https://www.techbang.com/posts/75010-google-boosts-chrome-password-protection-to-proactively-warn-when-books-are-stolen 從駭客偵測到保險理賠，AI資安新創打造一條龍服務 https://www.bnext.com.tw/article/47673/cycarrier 硬體卸載當道，以虛勝實不是夢 https://www.ithome.com.tw/voice/134836 Mozilla要求Firefox外掛開發商啟用2FA https://www.ithome.com.tw/news/134855 鄧白氏協助銀行客戶解決資安問題 https://ctee.com.tw/industrynews/financesmanage/190826.html 關貿網路搶資安商機 看準中小企業需求 https://pr.aotter.net/p/13709/yogi_ma@dia-mond.com.tw 台北市電腦公會將選新任理事長 友達彭双浪呼聲高 https://money.udn.com/money/story/5612/4230061 安碁資訊結盟泰國DCS合作夥伴 SOC資安服務正式啟動 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000574479_CYD3PNUB87BON38CPLDE5 安碁資訊助宏碁取得資安管理認證 https://www.chinatimes.com/realtimenews/20191217002850-260410?chdtv A10 助企業實現全面資安防護 https://ctee.com.tw/industrynews/technology/191590.html 系統整合商小且少 成台灣推動智慧製造瓶頸 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000575154_ert28cb84wtpza52yellg Keyfactor：每182個RSA憑證就有一個可被攻陷 https://www.ithome.com.tw/news/134890 趨勢科技在臺公布2020資安預測，BEC詐騙、IoT攻擊手法更複雜 https://www.ithome.com.tw/news/134893 Akamai攜手零壹科技 建構全方位資安防護機制 https://ithome.com.tw/pr/134937 台灣大車隊聯袂中信國際電訊 建構資安防護 https://money.udn.com/money/story/10860/4238053 聚合資料與雲端儲存趨勢 醫療產業轉型也將伴隨資安風險 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=70&id=0000574989_xtjlpru27dcroylm1s0ly 結合資料正規化、加密壓縮，ParseMe加快資料前置處理 https://www.ithome.com.tw/review/132614 Opera becomes part of the CNA program https://blogs.opera.com/security/2019/12/opera-becomes-part-of-the-cna-program/ Group-IB forges new security partnerships and threat intelligence sharing to ensure Singapore's cyber resilience https://securitybrief.asia/story/group-ib-forges-new-security-partnerships-and-threat-intelligence-sharing-to-ensure-singapore-s-cyber-resilience Fortinet acquires security automation provider CyberSponse https://www.zdnet.com/article/fortinet-acquires-security-automation-provider-cybersponse/#ftag=RSSbaffb68 Microsoft delivers first Windows 10 Fast Ring build from its new development branch https://www.zdnet.com/article/microsoft-delivers-first-windows-10-fast-ring-build-from-its-new-development-branch/#ftag=RSSbaffb68 McAfee Considers Purchase of NortonLifeLock: Report https://www.bankinfosecurity.com/mcafee-considers-purchase-nortonlifelock-report-a-13488 Mozilla: Firefox Add-On Developers Must Use 2FA https://www.bankinfosecurity.asia/mozilla-firefox-add-on-developers-must-use-2fa-a-13511 Google Offers Financial Support to Open Source Projects for Cybersecurity https://thehackernews.com/2019/12/google-open-source-projects.html G.政府 國安局裁撤公開情報中心 臉書網路社群監控移轉第四處 https://news.ltn.com.tw/news/politics/breakingnews/3007703 H.ICS/SCADA 工控系統 Schneider Electric SoMachine Basic和Schneider Electric Modicon M221授權問題漏洞 https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01/ Siemens SPPA-T3000反序列化不受信任數據漏洞 https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf Flaws in Siemens SPPA-T3000 control system expose power plants to hack https://securityaffairs.co/wordpress/95092/ics-scada/siemens-sppa-t3000-flaws.html 工控資安標準 IEC 62443 認驗證機制：ISA Secure scheme 篇 https://secbuzzer.co/post/131 電影駭客交鋒中工控那些事 http://www.gzkjwb.com/5bd66/12643.html 施耐德修復了Modicon 和EcoStruxure 產品中的DoS 漏洞 http://hackernews.cc/archives/28817 工控系統面臨數位轉型 工業物聯網資安風險日增 https://www.chtsecurity.com/news/b2db79d5-eddd-4667-89b9-d054c77251b1 WAGO PLC中的多個漏洞風險通告 https://www.venustech.com.cn/article/1/10845.html 工業製程轉型，工控資安也要轉型 https://secbuzzer.co/post/92 製造智慧化風險大增 資安意識提升刻不容緩 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000575148_YDE2DMT43GXJA6996JXLP 西門子SPPA-T3000工控系統曝數十個漏洞，全球大規模斷電一觸即發 https://kknews.cc/tech/zyv4ozp.html I.教育訓練 資訊安全分析師在做什麼 https://event.1111.com.tw/careermaster/detail/140404?agent=out_hiwork_outlink How a build log from a Jenkins leaked everything https://medium.com/@aseem.shrey/mind-your-logs-how-a-build-log-from-a-jenkins-leaked-everything-603cf07fa85 使用Ghidra P-Code進行輔助逆向分析 http://bit.ly/34iHl7L 駭客自首：極惡網路攻擊的內幕技巧 https://www.books.com.tw/products/0010842697?loc=P_0001_011 Kali Linux 滲透測試工具｜花小錢做資安，你也是防駭高手 https://www.tenlong.com.tw/products/9789865023584?list_name=i-r-zh_tw 駭客自首：極惡網路攻擊的內幕技巧 https://www.books.com.tw/products/0010842697?loc=P_0001_011 【Raspberry-Pi】Raspberry-Pi 4 的安裝過程 https://william-weng.github.io/2019/12/08/raspberry-pi-helloworld/ 在 Kubernetes Engine 中部署 Jenkins 並以之實作持續交付 http://bit.ly/2qSZjA2 React Conf 2019 | 筆記 http://bit.ly/2sxuEZn 108 年特種考試地方政府公務人員考試試題 資訊管理與資通安全 https://info.public.com.tw/prog/gavin/reference/rfile/FD-20191215173840-DKN.pdf Where Do I Start Studying for the CISSP https://www.studynotesandtheory.com/single-post/Where-Do-I-Start-Studying-for-the-CISSP Design science research — a short summary https://bigdatafinance.tw/index.php/tech/1334-design-science-research-a-short-summary Docker For Pentesting And Bug Bounty Hunting https://www.youtube.com/watch?v=5G6tA8Q9AuQ& Extracting Information from a Phone Number using OSINT Tool https://www.peerlyst.com/posts/extracting-information-from-a-phone-number-using-osint-tool-irfan-shakeel Stories of a CISSP: SNMP Monitoring https://www.studynotesandtheory.com/single-post/Stories-of-a-CISSP-SNMP-Monitoring Do certificates help your cybersecurity career https://www.peerlyst.com/posts/do-certificates-help-your-cybersecurity-career-kimberly-crawley 樹莓派之學習 OpenWrt 的世界 http://www.sandal.tw/article.php?id=7 Interview with Cyber Threat Specialist, John Modica https://medium.com/@dmferreira/interview-with-cyber-threat-specialist-john-modica-d3708b235207 Kali Linux & Metasploit: Getting Started with Pentesting by Nicholas Handy https://hakin9.org/kali-linux-metasploit-getting-started-with-pentesting/ J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 2019年底將發布多款物聯網資安標章合格產品 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000574896_3TQ7559OLICSYK51QG9OX FBI警告筆電不應和物聯網裝置共用Wi-Fi網路 https://www.ithome.com.tw/news/134813 卡巴斯基 Cyber Insights 2019 工業4.0智慧製造資安論壇：資安無人可置身事外 http://bit.ly/35mwcnJ 打造你的 AI 資安鑑識專家：ALBL 仲裁技術演算法 （以 KDD99 為例） https://secbuzzer.co/post/68 獨自在家突然有人跟你講話？ 可能被駭客入侵了 https://udn.com/news/story/7088/4227116?from=udn-catelistnews_ch2 「嗨，我是聖誕老公公」：駭客入侵監控攝影機 Amazon Ring，與美國女童遠端對話 https://www.inside.com.tw/article/18365-hacker-accesses-ring-camera-in-little-girls-bedroom-to-tell-her-hes-santa 宛如恐怖片 駭客入侵監視器跟孩童說"hello"智慧型監視器遭駭客入侵 全美各地傳案例 http://bit.ly/2RWphO3 智能電視可成駭客目標 監聽監視盜取私人信息 https://www.ntdtv.com/b5/2019/12/14/a102729100.html 騙過登機、支付系統！AI新創用擬真面具和照片，破解臉部辨識技術 https://www.bnext.com.tw/article/55917/airport-store-facial-recognition-systems-fooled 企業在物聯網技術應用下可能面對之風險管理議題 https://money.udn.com/money/story/5640/4229048 360安全團隊為奔馳修復了19個智能網聯汽車有關的潛在漏洞 https://kknews.cc/car/95qako5.html 信通院發布《2019互聯網設備-智能音箱安全白皮書》 90%產品未採用加密存儲芯片 https://tech.sina.com.cn/roll/2019-12-19/doc-iihnzahi8670308.shtml Artificial Intelligence to be Used for Charting, Intel Collection https://www.defense.gov/explore/story/Article/2040031/artificial-intelligence-to-be-used-for-charting-intel-collection/f AI helps discover new geoglyph in the Nazca Lines https://www.theverge.com/2019/11/19/20970578/nazca-lines-ai-machine-learning-143-new-geoglyphs-ibm-japan-yamagata-university Machine learning opens up new worlds for developers https://www.zdnet.com/article/machine-learning-means-expanded-job-roles-for-developers/#ftag=RSSbaffb68 'Learning' is still the operative word in machine learning initiatives https://www.zdnet.com/article/learning-is-still-the-operative-word-in-machine-learning-initiatives/#ftag=RSSbaffb68 Study: IoT Devices Have Alarmingly Weak RSA Keys https://www.bankinfosecurity.asia/study-iot-devices-have-alarmingly-weak-rsa-keys-a-13510 6.近期資安活動及研討會 openSUSE Taiwan Year End Party 2019 2019/12/22 https://opensuse-tw.kktix.cc/events/year2019 若渴計畫 (台南場)：徵求分享 X vpn X 新聞討論 2019/12/22 https://www.facebook.com/events/1380942692079977/ 雲端與物聯網世代DDoS防護之道，新的資安觀念、新的防護工具，實務案例分析 12/26 https://www.techbang.com/posts/75046-course-ddos Japan Security Analyst Conference https://jsac.jpcert.or.jp/ 2020核果資訊冬季班 Python 程式語言 (Level 1) 1/22~ 2/13 https://www.accupass.com/event/1911150442131985092910 PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23 https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world 制御システムセキュリティカンファレンス 2020 2020年2月14日 https://www.jpcert.or.jp/event/ics-conference2020.html