###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/12/2 ~ 2019/12/6 1.重大弱點漏洞/後門/Exploit/Zero Day MISP 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19379 Linux漏洞將允許駭客挾持VPN連線 https://ithome.com.tw/news/134652 安全預警- 某些華為設備中存在DoS安全漏洞 https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191204-03-dos-cn IBM WebSphere eXtreme Scale Admin Console點擊劫持漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4109 IBM DataPower Gateway 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4621 HP Workstation BIOS安全特征问题漏洞 https://support.hp.com/us-en/document/c06318199 可重複的模擬攻擊技術在漏洞管理領域的應用 https://www.chainnews.com/zh-hant/articles/215260357729.htm 索尼再現網站安全漏洞宣布關閉隱患網頁 https://nosec.org/home/detail/3252.html GoAhead Web 服務器又現關鍵漏洞 https://www.chainnews.com/zh-hant/articles/100479860666.htm Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices https://thehackernews.com/2019/12/goahead-web-server-hacking.html Zmanda Management Console 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19469 CVE-2019-19082 CrOS: Vulnerability reported in Linux kernel https://bugs.chromium.org/p/chromium/issues/detail?id=1030084 卡巴斯基安全軟件被發現漏洞可為黑客提供簽名代碼執行 https://www.cnbeta.com/articles/tech/917585.htm Vulnerabilities Disclosed in Kaspersky, Trend Micro Products https://www.securityweek.com/vulnerabilities-disclosed-kaspersky-trend-micro-products Kaspersky Secure Connection - DLL Preloading and Potential Abuses (CVE-2019-15689) http://bit.ly/2LrR5WC Researchers disclose DLL loading vulnerabilities in Autodesk, Trend Micro, Kaspersky software https://zd.net/38gaVhh OpenBSD patches authentication bypass, privilege escalation vulnerabilities https://zd.net/2OVvmIL Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD https://thehackernews.com/2019/12/openbsd-authentication-vulnerability.html The most copied StackOverflow Java code snippet contains a bug https://zd.net/2YnVHlN 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 金融科技展比炫 樂天銀行先搬日本純網銀服務搶先體驗 https://ec.ltn.com.tw/article/breakingnews/2993618 開放API第二階段望明年開放 客戶查詢帳戶資料更方便 https://money.udn.com/money/story/5613/4195075 IBM主機、中菲電腦帳務系統助攻，大昌證券推創新證券服務 https://www.cw.com.tw/article/article.action?id=5097924 樂天純網銀趕進度 最快6月開業 https://udn.com/news/story/7239/4196225 徵信科技唯一業者 CRIF中華徵信所秀TSP強項 https://www.chinatimes.com/realtimenews/20191129004544-260410?chdtv 13國FinTech新創齊聚台北金融科技展 機器人與區塊鏈吸睛 https://www.ctimes.com.tw/DispNews/tw/fintech/1911292004T3.shtml 英國來台推銷「金融科技聯盟」 https://www.chinatimes.com/realtimenews/20191129004409-260410?chdtv 純網銀最快明年第2季開業　國泰金總座李長庚不擔心衝擊 https://www.nownews.com/news/20191129/3786884/ LINE參2019台北金融科技展　秀日本用戶積分服務小額借貸 https://www.nownews.com/news/20191129/3786198/ 歐洲央行副行長Guindos：全球金融穩定環境面臨挑戰 https://news.sina.com.tw/article/20191130/33496240.html 證交所推「逐筆交易」　台北金融科技展亮相 https://www.setn.com/News.aspx?NewsID=645369 FinTech Taipei2019台北金融科技展　財金公司「開放互通．數位創新」展區 https://news.sina.com.tw/article/20191129/33496004.html LINE Bank評估推3大服務 首年拚數百萬用戶 https://udn.com/news/story/7239/4194706 金融科技展世貿競技　LINE Bank Q2底開業 https://www.cardu.com.tw/news/detail.php?39538 三家純網銀首度同臺亮相，LINE Bank拚明年6月開業、樂天商銀要緊貼樂天生態圈 https://www.ithome.com.tw/news/134518 驗證碼洩露卡被盜刷銀行擔責七成 https://www.chinanews.com/sh/2019/12-01/9021672.shtml 溢繳卡款逾50萬 金管會查洗錢 私菸案條款上路 銀行反彈：增成本惹民怨 https://tw.appledaily.com/highlight/20191202/UQGKAAVIWZXDHBF5B267OFHR5U/ FinTechSpace園區館展現8大金融共創成果 https://money.udn.com/money/story/5636/4198808 金融科技結合生態圈，樂天國際商業銀行2019科技展登場 https://ipop.sina.com.tw/posts/439200 雲端業最想爭取的客戶：開放金融資料上雲後，銀行業如何迎來數位轉型 https://www.inside.com.tw/article/18241-2019ESUN-FHC-fintech-talent2 林國良：資料交換 架高速公路 https://udn.com/news/story/7239/4201285?from=udn-ch1_breaknews-1-cate6-news 現場查獲500多張銀行卡詐騙團伙用網站漏洞獲利30餘萬元 http://news.xmnn.cn/xmnn/2019/12/03/100634282.shtml 《金融》星展銀導入API對接，自動化零時差理賠付款 http://bit.ly/2OM26V3 系統更新引風暴 南山人壽給金融業寶貴一課 https://money.udn.com/money/story/5613/4203309 數位金融的資安防護│ FinTech eMBA協力共創工作坊105期 http://bit.ly/2Rf8uFL 畢馬威：銀行網絡安全需加快升級 http://paper.wenweipo.com/2019/12/04/MC1912040005.htm 星展銀攜手安聯人壽導入API對接　零時差即時理賠付款 https://www.ettoday.net/news/20191203/1593343.htm 邁開職涯規劃起步　中國科大財金系校外教學提升學生金融科技專業 http://n.yam.com/Article/20191204920976 網路犯罪集團覬覦的銀行與金融業 https://blog.trendmicro.com.tw/?p=62446 網銀元年熱身戰　金融行動服務大打AI牌 https://tw.nextmgz.com/realtimenews/news/485316 數位身份檔案 未來銀行經營核心 http://bit.ly/2OTePoG 中信金、富邦銀混搭小新創的新銀行年代 區塊鏈錢包、超AI客服 4大金融科技明年改變你生活 https://money.udn.com/money/story/5613/4207670 排除資安、信心風險 AI助攻純網銀系統優勢 https://udn.com/news/story/6868/4209394 一小時轉移 89 億美元比特幣？！Bittrex 否認交易所遭駭客入侵 https://blockcast.it/2019/12/06/almost-9b-of-btc-moved-in-1-hour-hack-attacks-denied 2020純網銀來襲 https://udn.com/news/story/6868/4209357 全球銀行風險報告 業者憂遭網路戰波及 https://udn.com/news/story/7238/4208414 直追北韓「超級假美鈔」！美國秘勤局認證　台1100萬偽鈔與兆豐銀換鈔案同款 https://www.ettoday.net/news/20191206/1596084.htm Web skimmer phishes credit card data via rogue payment service platform http://bit.ly/2PjXzIh Forget cybersecurity, it’s “hardsec” that will reinvent banking http://bit.ly/33ZC9W1 3.電子支付/電子票證/行動支付/ pay/新聞及資安 迎接金融科技／劉燈城：電子支付 要安全便利 https://udn.com/news/story/7239/4201290 台灣人為何不愛行動支付？　行家揭暗黑真相：不敢用正常 https://www.nownews.com/news/20191203/3793722/ 中小企支付系統存風險 全雲端保安部署助推動業務 http://bit.ly/2qqHyb1 4.虛擬貨幣/區塊鍊相關新聞及資安 智能合約之父：受信任第三方與安全漏洞 http://jiedion.com/portal.php?mod=view&aid=3407 教北韓用虛擬貨幣 前駭客在美被捕 https://www.cna.com.tw/news/aopl/201911300126.aspx 助北韓規避美國制裁被捕 知名駭客恐判刑20年 https://ec.ltn.com.tw/article/breakingnews/2994364 竊電挖5.41枚比特幣 判6個月沒收217萬追償6500萬 https://udn.com/news/story/7321/4197251 科技連結生活！區塊鏈技術研究團隊首度曝光 https://www.setn.com/News.aspx?NewsID=645435 他帶1500萬現金欲買泰達幣 台南高鐵站前2分鐘被劫走 http://bit.ly/2r0XFwj 泰達幣是什麼？男千萬現金交易慘被搶 http://bit.ly/2rGm3mW 台南虛擬貨幣強盜案 1嫌20萬交保3嫌聲押 http://bit.ly/2DDiKQ7 虛擬幣隱密難追蹤 犯罪集團「新歡」 https://udn.com/news/story/7315/4199304 今年前9個月全球加密貨幣盜竊量激增達44億美元 http://bit.ly/2Pgpvga 交易所遭駭不再是崩盤指標，區塊鏈標記系統可防治金融犯罪 https://blockcast.it/2019/12/02/blockchain-tracking-system-could-prevent-financial-crimes/ 8家交易所持有超過195萬個BTC，加密貨幣投資者直呼太危險 https://news.knowing.asia/news/2121147c-3dbb-4427-b8f8-d2816c7765b4 安卓系統潛藏 StrandHogg 漏洞！資安業者：可讓駭客竊取加密錢包資訊 http://bit.ly/2sSQFlN 讓付款更輕鬆！開發者提議為比特幣建造一個新帳戶系統 https://news.knowing.asia/news/92354cb3-3270-419b-b089-4a518533384d 法院批准了瑞典的 Nordea 銀行禁止員工交易及持有加密貨幣的禁令 http://bit.ly/2qqr9U0 區塊鏈解東京奧運兩難題 http://bit.ly/2OTI0Im 科技連結生活！區塊鏈技術團隊曝光 http://bit.ly/2PoVnz8 智能合约安全与漏洞分析（四） https://cloud.tencent.com/developer/article/1549563 米FBIがイーサリアム開発者を逮捕 https://crypto.watch.impress.co.jp/docs/news/1221722.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 Ginp銀行木馬使用螢幕覆蓋攻擊,竊取帳密和信用卡資料 https://blog.trendmicro.com.tw/?p=62820 阿根廷政府數據中心被勒索軟體攻擊，駭客要求支付比特幣 https://life.tw/?app=view&no=1007899 利用預判式機器學習技術交叉關聯靜態與動態行為特徵，實現更快、更精準的惡意程式偵測 https://blog.trendmicro.com.tw/?p=62678 Microsoft: Malware, ransomware, and cryptominer detections are down in 2019 https://zd.net/36aRqVO Security Firm Prosegur Hit By Ryuk Ransomware https://www.bankinfosecurity.com/security-firm-prosegur-hit-by-ryuk-ransomware-a-13456 The Threat of Ransomware and Doxing https://www.bankinfosecurity.com/interviews/threat-ransomware-doxing-i-4528 Security Firm Prosegur Hit By Ryuk Ransomware https://www.bankinfosecurity.com/security-firm-prosegur-hit-by-ryuk-ransomware-a-13456 Threat Analysis Unit (TAU) Threat Intelligence Notification: Ramnit Banking Trojan https://malware.news/t/threat-analysis-unit-tau-threat-intelligence-notification-ramnit-banking-trojan/34825 New SectopRAT Trojan creates hidden second desktop to control browser sessions https://www.zdnet.com/article/new-sectoprat-malware-creates-hidden-second-desktop-to-control-browser-sessions/ New SectopRAT: Remote access malware utilizes second desktop to control browsers https://www.gdatasoftware.com/blog/2019/11/35548-new-sectoprat-remote-access-malware-utilizes-second-desktop-to-control-browsers 全球警方聯手摧毀惡意的遠端存取工具Imminent https://www.ithome.com.tw/news/134548 Authorities take down 'Imminent Monitor' RAT malware operation https://www.zdnet.com/article/authorities-take-down-imminent-monitor-rat-malware-operation/#ftag=RSSbaffb68 INTERNATIONAL CRACKDOWN ON RAT SPYWARE WHICH TAKES TOTAL CONTROL OF VICTIMS’ PCS https://www.europol.europa.eu/newsroom/news/international-crackdown-rat-spyware-which-takes-total-control-of-victims%E2%80%99-pcs Europol Shuts Down 'Imminent Monitor' RAT Operations With 13 Arrests https://thehackernews.com/2019/11/europol-imminent-monitor-rat.html Emotet - What's Changed https://www.netscout.com/blog/asert/emotet-whats-changed Ransomware Attacks on Businesses Have Doubled in 2019 https://www.webtitan.com/blog/ransomware-attacks-on-businesses-have-doubled-in-2019/ Massive Malvertising Campaign Uses Zero Day Exploit to Deliver Malware https://www.webtitan.com/blog/massive-malvertising-campaign-uses-zero-day-exploit-to-deliver-malware/ マルウエア Emotet の感染に関する注意喚起 https://www.jpcert.or.jp/at/2019/at190044.html Threat Analysis Unit (TAU) Threat Intelligence Notification: Ramnit Banking Trojan https://malware.news/t/threat-analysis-unit-tau-threat-intelligence-notification-ramnit-banking-trojan/34825 Ingredion to deduct wages from employee paychecks following malware attack http://bit.ly/2rYgkJs 61% of malicious ads target Windows users https://www.zdnet.com/article/61-of-malicious-ads-target-windows-users/#ftag=RSSbaffb68 Beware of Thanksgiving eCard Emails Distributing Malware https://www.bleepingcomputer.com/news/security/beware-of-thanksgiving-ecard-emails-distributing-malware/ PureLocker: the unusual ransomware that encrypts servers https://www.pandasecurity.com/mediacenter/security/purelocker-ransomware-servers/ European International Airport Workstations Infected With Persistent Anti-CoinMiner Malware http://bit.ly/2Lu2h5k 2019-12-02 - PCAP AND MALWARE FOR AN ISC DIARY (URSNIF INFECTION WITH DRIDEX) https://www.malware-traffic-analysis.net/2019/12/02/index.html TrickBot Widens Infection Campaigns in Japan Ahead of Holiday Season https://securityintelligence.com/posts/trickbot-widens-infection-campaigns-in-japan-ahead-of-holiday-season/ A decade of malware: Top botnets of the 2010s https://www.zdnet.com/article/a-decade-of-malware-top-botnets-of-the-2010s/#ftag=RSSbaffb68 Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack http://bit.ly/2PjDoKz This trojan malware is being used to steal passwords and spread ransomware https://www.zdnet.com/article/this-trojan-malware-is-being-used-to-steal-passwords-and-spread-ransomware/ Meet PyXie: A Nefarious New Python RAT https://threatvector.cylance.com/en_us/home/meet-pyxie-a-nefarious-new-python-rat.html PyXie RAT Trojan Malware Steals Credentials, Keylogs, Records Videos On Target Windows PCs https://hothardware.com/news/pyxie-rat-trojan-discovered Ginp Trojan Targets Android Banking App Users, Steals Login Credentials and Credit Card Details http://bit.ly/2rZ4nmG The latest variant of the new Ginp Android Trojan borrows code from Anubis https://securityaffairs.co/wordpress/94533/cyber-crime/ginp-android-trojan-anubis.html The Role of Evil Downloaders in the Android Mobile Malware Kill Chain https://securityintelligence.com/posts/the-role-of-evil-downloaders-in-the-android-mobile-malware-kill-chain/ Two malicious Python libraries caught stealing SSH and GPG keys https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/#ftag=RSSbaffb68 Microsoft: Malware, ransomware, and cryptominer detections are down in 2019 https://www.zdnet.com/article/microsoft-malware-ransomware-and-cryptominer-detections-are-down-in-2019/#ftag=RSSbaffb68 New Malware Campaign Uses Trojanized 'Tetris' Game: Report https://www.bankinfosecurity.com/new-malware-campaign-uses-trojanized-tetris-game-report-a-13465 Notorious spy tool taken down in global operation https://www.welivesecurity.com/2019/12/03/notorious-rat-spy-tool-global-operation/ ClamAV team shows off new Mussels dependency build automation tool https://blog.talosintelligence.com/2019/12/clamav-team-shows-off-new-mussels.html ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector https://thehackernews.com/2019/12/zerocleare-data-wiper-malware.html B.行動安全 / iPhone / Android /穿戴裝置 /App 開源廠商開發仿真器讓虛擬機秒變iPhone 蘋果：快收手 https://www.cnbeta.com/articles/tech/916345.htm WhatsApp訊息自動刪除功能再更新　可自訂清洗時間日子 http://bit.ly/33z08LC LINE台灣開發者大會 聚焦五大領域 http://bit.ly/2r042zS 監控再升級！中國今起買手機註冊門號得做臉部辨識 https://www.rti.org.tw/news/view/id/2043396 中國辦手機將強制「刷臉」監控 網民痛批「政府是在怕什麼？」 https://times.hinet.net/news/22677089 外/媒：中共監控國民 將手機武器化 http://bit.ly/35VDVt0 360互聯網安全中心：2019上半年安卓系統安全性生態環境研究 http://bit.ly/37Rv1yg WhatsApp 被駭客入侵　印度準備對其進行安全審查 https://unwire.pro/2019/12/03/india-plans-security-audit-of-whatsapp/security/ 可偽裝成正常應用程序，安卓又見新型漏洞Strandhogg https://www.expreview.com/71913.html FBI：視所有俄製Apps為潛在反間諜威脅 https://hk.on.cc/hk/bkn/cnt/amenews/20191203/bkn-20191203151021570-1203_00972_001.html Android再爆漏洞　黑客假冒合法程式監控用戶 https://inews.hket.com/article/2512464 安卓高危漏洞讓500款應用中招，還教會了銀行木馬“隔山打牛” https://www.leiphone.com/news/201912/yy2Xu5INwE0tQTbN.html 安卓手機存在漏洞嗎？別讓你的手機被人監視，網友：趕快去看 https://kknews.cc/tech/zylmx6p.html 安卓系統出現嚴重的漏洞，大部分亞太地區熱門的應用程序都容易受到攻擊 http://bit.ly/2RsoWT6 德國電訊叫停 5G 設備採購交易！待德政府決定會否禁華為參與 http://bit.ly/2DQBw6J TrueDialog洩露千萬用戶數據谷歌修復安卓DoS漏洞 https://zhuanlan.zhihu.com/p/95591776 黑客藉假冒合法App 監控Android用戶 http://bit.ly/2RqekUQ 報告：Android漏洞允許黑客竊取加密錢包信息 https://kknews.cc/tech/gpxal6m.html 全球的Android系統漏洞可能會導致加密錢包和銀行數據被盜 http://www.528btc.com/blocknews/59170.html 事實證明，竊取比特幣錢包數據的漏洞對另外500個Android應用程序來說是危險的 https://0xzx.com/201912042304397751.html 逾八成購物程式不安全… 小心手機購物「賣掉」個資 https://money.udn.com/money/story/12524/4207756 IDC：5G 設施用中國，資安用另一國家方案的混合模式成部分國家的選項 http://bit.ly/34RZKtb 荷蘭將拍賣 5G 頻譜估進帳 9 億歐元，關注資安隱憂 http://technews.tw/2019/12/06/netherlands-to-auction-5g-spectrum/ iPhone 11 默默蒐集用戶定位？ 蘋果官方回應：正常系統行為 https://newtalk.tw/news/view/2019-12-06/336730 Android 重大漏洞可致永久 DoS？用戶應盡快更新系統 http://bit.ly/2YoGbGl New Facebook Tool Let Users Transfer Their Photos and Videos to Google https://thehackernews.com/2019/12/facebook-google-photos-data.html A Team of Hackers Created an Advanced Scheme Using SMS’s to Attack Smartphones by Phishing https://www.msuiche.net/hackers-created-scheme-sms-attack-smartphones-phishing/ Russia's ‘Sandworm’ Hackers Also Targeted Android Phones https://www.wired.com/story/sandworm-android-malware/ Smartphones hotspots of cyberattacks in India: Check Point https://telecom.economictimes.indiatimes.com/news/smartphones-hotspots-of-cyberattacks-in-india-check-point/72315524 Android 'spoofing' bug helps targets bank accounts https://www.bbc.com/news/technology-50605455?intlink_from_url=&link_location=live-reporting-story Android: New StrandHogg vulnerability is being exploited in the wild https://www.zdnet.com/article/android-new-strandhogg-vulnerability-is-being-exploited-in-the-wild/#ftag=RSSbaffb68 This cheap gadget can stop your smartphone or tablet being hacked at an airport, hotel or cafe https://zd.net/33YNHZI Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild https://thehackernews.com/2019/12/strandhogg-android-vulnerability.html 80% of all Android apps encrypt traffic by default https://www.welivesecurity.com/2019/12/05/80-percent-android-apps-encrypt-traffic/ C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件 工程師都愛的萊娜小姐　究竟是誰 https://www.digitimes.com.tw/col/article.asp?id=1129 微軟員工爆：現在Windows 7、8.1還可以免費升級Windows 10 https://ithome.com.tw/news/134543 商務人士自我保護、避免資安攻擊的10個方法：上篇 https://tuna.press/?p=13619 臉書用戶帳號遭到駭客盜用，以投放違禁品廣告 https://www.ithome.com.tw/news/134651 網路攻擊與金錢支助 https://talk.ltn.com.tw/article/paper/1337071 SF2伺服器遭受駭客攻擊，資料損壞，全體玩家道具、等級全數消失 https://forum.gamer.com.tw/C.php?bsn=60076&snA=5439362&tnum=1 《SF2 Online》玩家資料全洗白救不回，官方宣稱遭駭客入侵 https://tw.pikolive.com/news/4gamers/41362/sf2-online-user-data-all-gone 沒有節操的駭客組織排行，看這些就對了 https://ek21.com/news/tech/161544/ CIS 2019：騰訊安全聚焦前沿攻防技術，分享八大實踐經驗 https://www.csdn.net/article/a/2019-12-03/15985209 FBI警告智能電視機易被駭客攻擊 http://bit.ly/34QTjXi FBI告誡智能電視用戶：請用黑膠帶遮鏡頭 https://www.ntdtv.com/b5/2019/12/03/a102721398.html 「薅羊毛」黑灰產鏈調查：犯罪群體低齡化明顯 https://news.sina.com.tw/article/20191203/33522098.html 獨家探訪華為布魯塞爾網絡安全透明中心能看到深圳總部源代碼 https://www.yicai.com/news/100421426.html 資安戰隊發另類年終 高貢獻度隊員可領逾5萬 https://www.cna.com.tw/news/ait/201912010114.aspx 層層掩護下的十多個 APT33 殭屍網路,鎖定亞洲在內的特定目標 https://blog.trendmicro.com.tw/?p=62824 Google發布關於國家駭客的攻擊報告 https://ek21.com/news/tech/161943/ 《資訊戰爭》：網路永遠改變了混合戰，讓「格拉西莫夫準則」更為切合實際 https://www.thenewslens.com/article/127942 《資訊戰爭》導讀：我們已進入「民主危機浮現、民粹指控成常態」的準戰爭狀態 https://www.thenewslens.com/article/127941 衝著華為？印度擬限制外企參與資安產業 https://newtalk.tw/news/view/2019-12-02/334901 貿易戰下 台灣在國際資安產業凸顯角色 https://www.cna.com.tw/news/afe/201912030059.aspx 中國再祭網路大炮 試圖癱瘓香港連登論壇 https://udn.com/news/story/120538/4210163 北韓駭客小組，可能藏身於惡意軟體化身的假冒加密網站背後 http://bit.ly/2s2UPXE 調查外國干預 澳洲鎖定社群媒體平台 http://bit.ly/2qsrrtH 俄駭客網路竊取數千萬美元 在美被起訴 https://money.udn.com/money/story/5599/4209124 網攻造成1億多美元損失美FBI宣布俄頭號網絡通緝犯 https://m.soundofhope.org/post/319504 俄駭客網路竊取數千萬美元 在美被起訴 https://www.rti.org.tw/news/view/id/2043986 美懸賞500萬美元 俄高富帥駭客成全球頭號通緝犯 https://newtalk.tw/news/view/2019-12-06/336573 美國起訴並制裁散布金融惡意程式的俄羅斯駭客，發出500萬美元的高額懸賞 https://www.ithome.com.tw/news/134646 懸賞160萬元獎金！新加坡政府邀白帽駭客揪12個官方系統的資安漏洞 https://www.bnext.com.tw/article/55660/hackers-to-test-singapore-12-govt-systems-in-bug-bounty-programme 中國國內首家！騰訊「TSRC安全情報平台」免費開放 https://news.sina.com.tw/article/20191206/33574640.html Google: Government-Backed Hackers Targeted 12,000 Users https://www.bankinfosecurity.com/google-government-backed-hackers-targeted-12000-users-a-13458 Rise in Cyberattacks on Law Firms Highlights Need for Additional Security Layers https://www.spamtitan.com/web-filtering/cyberattacks-on-law-firms-need-additional-security-layers/ Ciberdelitos: se registran 49 amenazas por minuto en la Argentina https://www.lanacion.com.ar/seguridad/ciberdelitos-se-registran-49-amenazas-por-minuto-en-la-argentina-nid2311456 Russian hackers switched from Russian banks to foreign ones https://www.ehackingnews.com/2019/12/russian-hackers-switched-from-russian.html Surviving a Breach: 8 Incident Response Essentials https://www.bankinfosecurity.com/surviving-breach-8-incident-response-essentials-a-13460 Trend Micro alerta de una escalada de riesgo https://www.channelpartner.es/fabricantes/noticias/1115581001102/trend-micro-alerta-de-escalada-de-riesgo.1.html Remember the viral app that aged you? FBI slams FaceApp as counterintelligence threat https://www.zdnet.com/article/remember-the-viral-app-that-aged-you-fbi-slams-faceapp-as-counterintelligence-threat/#ftag=RSSbaffb68 Hackers Can Access, Manipulate Your Biometric Data Using Sophisticated Malware Attack https://www.republicworld.com/technology-news/science/hackers-biometric-data-malware-attack.html Authorities Dismantle Transnational Cybercrime Group https://stockdailydish.com/authorities-dismantle-transnational-cybercrime-group/ Retailers, prepare wisely: DDoS remains a holiday threat https://www.zdnet.com/article/retailers-prepare-wisely-ddos-remains-a-holiday-threat/#ftag=RSSbaffb68 Retailers, Prepare Wisely: DDoS Remains A Holiday Threat https://go.forrester.com/blogs/retailers-prepare-wisely-ddos-remains-a-holiday-threat/ China resurrects Great Cannon for DDoS attacks on Hong Kong forum https://www.zdnet.com/article/china-resurrects-great-cannon-for-ddos-attacks-on-hong-kong-forum/#ftag=RSSbaffb68 Europol Shuts Down Over 30,500 Piracy Websites in Global Operation https://thehackernews.com/2019/12/counterfeit-piracy-websites.html Avast and AVG Browser Extensions Spying On Chrome and Firefox Users https://thehackernews.com/2019/12/avast-and-avg-browser-plugins.html Top 5 Cybersecurity and Cybercrime Predictions for 2020 https://thehackernews.com/2019/12/cybersecurity-predictions-2020.html 資訊工程師 https://www.104.com.tw/job/6sr0j 櫃買中心徵才 12╱18截止 http://bit.ly/2OD90M0 資安軟體研發工程師 https://www.cakeresume.com/companies/blockchain-security/jobs/software-development-engineer-b97b9e 臺中市政府社會局招聘資安人員 http://www.1111edu.com.tw/edu_mobile/civil/detail.php?autono=62733 資安維運工程師 Security Operations Engineer (SecOps) https://www.104.com.tw/job/6p2ar?jobsource=n104bank2 資安管理師/資安主管 https://www.104.com.tw/job/6smcw?jobsource=joblist_morej 〔資訊〕資訊安全管理師(台北) https://www.104.com.tw/job/5gcqu?jobsource=joblist_morej 招聘| 阿里巴巴招聘情報體系專家 https://www.anquanke.com/post/id/194205 新安東京海上產物保險股份有限公司 資安管理人員 https://fel.cycu.edu.tw/wSite/public/Data/f1575513125078.pdf D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 「LINE 8種貼圖免費抽」　小心詐騙個資被偷光 https://www.nownews.com/news/20191128/3784860/ 假新聞網站騙廣告 網址洩端倪 https://news.ltn.com.tw/news/world/paper/1335911 網購防詐騙 趨勢科技提出三種「防詐策略」 https://udn.com/news/story/7239/4199697 上億美國人的個人數據被駭客竊取 https://ek21.com/news/tech/162210/ 加州少女告抖音 沒帳號卻疑遭蒐集個資 https://www.ntdtv.com/b5/2019/12/03/a102721512.html 多重身份驗證市場：2019-2025年全球行業報告分析，機遇和預測 http://bit.ly/2OZk1Yt 日本發生有史以來最大的個資洩漏事件 https://moptt.tw/p/Tech_Job.M.1575603850.A.958 中國網上公開販售人臉數據 黑色產業鏈悄然形成 https://www.cna.com.tw/news/firstnews/201912060127.aspx 詐騙集團假冒國內企業與機關網站事件不斷，近期中華郵政、鉅亨網與經濟部相繼發出警告 https://www.ithome.com.tw/news/134619 中國電信再次被曝重大漏洞可查上億用戶信息已關停相關服務器 https://finance.sina.com.cn/stock/relnews/us/2019-12-06/doc-iihnzahi5728865.shtml Top gadgets for the security and privacy conscious (or the super paranoid!) https://www.zdnet.com/article/top-gadgets-for-the-security-and-privacy-conscious-or-the-super-paranoid/#ftag=RSSbaffb68 Data of 21 million Mixcloud users put up for sale on the dark web https://www.zdnet.com/article/data-of-21-million-mixcloud-users-put-up-for-sale-on-the-dark-web/#ftag=RSSbaffb68 Report: Millions of Americans at Risk After Huge Data and SMS Leak https://www.vpnmentor.com/blog/report-truedialog-leak/?=truedialog-exposed-data Mixcloud Breach Affects 21 Million Accounts https://www.bankinfosecurity.com/mixcloud-breach-affects-21-million-accounts-a-13461 Most Brazilians believe companies don't protect their personal data https://www.zdnet.com/article/most-brazilians-believe-companies-dont-protect-their-personal-data/#ftag=RSSbaffb68 Credit, Debit Card Fraud: Here is how you can avoid it and stay safe https://www.financialexpress.com/money/credit-debit-card-fraud-here-is-how-you-can-avoid-it-and-stay-safe/1782078/ 5 personal (and cheap) data privacy tools that scale for business https://www.welivesecurity.com/2019/12/02/5-personal-cheap-data-privacy-tools-business/ Smith & Wesson Web Site Hacked to Steal Customer Payment Info https://www.bleepingcomputer.com/news/security/smith-and-wesson-web-site-hacked-to-steal-customer-payment-info/ PAYMENT SKIMMERS TARGET SANGUINE https://sansec.io/labs/2019/12/02/magecart-hackers-target-sanguine/ Most Brazilians believe companies don't protect their personal data https://www.zdnet.com/article/most-brazilians-believe-companies-dont-protect-their-personal-data/#ftag=RSSbaffb68 Face scanning – privacy concern or identity protection https://www.welivesecurity.com/2019/12/05/face-scanning-privacy-concern-identity-protection/ E.研究報告 Real World CTF技術論壇將啟極客嘉年華重磅來襲 https://www.csdn.net/article/a/2019-11-28/15984994 從滲透測試到漏洞掃描看我們如何對網站做安全防護 http://blog.itpub.net/31542418/viewspace-2666796/ 從零淺析漏洞：文件讀取與下載漏洞 http://bit.ly/2qb41sI CVE-2019-16759：vBulletin預認證遠程代碼執行漏洞分析 https://www.freebuf.com/vuls/218880.html 從lodash原型污染安全漏洞深入理解JavaScript原型機制 https://juejin.im/post/5ddfb304e51d4532d667b719 黑客漏洞利用知識點“Apache SoIrRCE漏洞分析” https://zhuanlan.zhihu.com/p/94359495 Android勒索病毒分析（上） https://paper.seebug.org/1085/ 2020 年DevOps 的七大發展趨勢 https://www.cnbeta.com/articles/tech/916629.htm Reverse Engineering iOS Applications https://paper.seebug.org/1084/ 月光再臨——MoonLight組織針對中東地區的最新攻擊活動剖析 https://ti.qianxin.com/blog/articles/anatomy-of-moonLight-attack-on-the-middle-east/ Google OpenTitan，硬件安全的泰坦之箭 https://security.tencent.com/index.php/blog/msg/138 【Java代碼審計入門-02】SQL擴展原理與實際案例介紹 https://xz.aliyun.com/t/6872 網站安全滲透測試基礎知識點大全 https://www.admin5.com/article/20191203/936171.shtml 可重複的模擬攻擊技術在漏洞管理領域的應用 https://www.4hou.com/vulnerable/21868.html [經典技研堂] 誤打誤撞的出身 史上第一台小筆電：Asus EPC 701 https://www.cool3c.com/article/149556 追溯朝鮮APT組織Lazarus的攻擊歷程 https://www.freebuf.com/articles/system/221008.html IIS短文件名洩露 https://cloud.tencent.com/developer/article/1547737 WebFuzzing 方法和漏洞案例總結 https://www.chainnews.com/zh-hant/articles/260879316797.htm StrandHogg安卓漏洞分析 https://www.4hou.com/vulnerable/21903.html 揭秘美國網絡安全體系架構 https://www.freebuf.com/articles/network/221852.html Strandhogg漏洞：Android系統上的維京海盜 https://www.freebuf.com/news/221933.html 針對Steam平台的攻擊分析 https://www.freebuf.com/articles/network/218771.html Windows與Linux雙平台無文件攻擊：PowerGhost挖礦病毒最新變種感染多省份 https://www.freebuf.com/articles/system/219715.html 不傳之密：殺毒軟件開發，原理、設計、編程實戰 https://www.freebuf.com/articles/system/220061.html Hack the box靶機實戰：Haystack https://www.freebuf.com/articles/web/219163.html 挖礦處置手冊：安全研究員的套路都在這兒了 https://www.freebuf.com/articles/system/220132.html 阻擊“幻影”行動：奇安信斬斷東北亞APT組織“虎木槿”伸向國內重要機構的魔爪 https://www.freebuf.com/column/222127.html 黑客漏洞ssrf模糊匹配工具使用"Ssrfmap" https://zhuanlan.zhihu.com/p/95590262 Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack http://bit.ly/2PjDoKz Kilos: The Dark Web’s Newest – and Most Extensive – Search Engine https://intsights.com/blog/kilos-the-dark-webs-newest-and-most-extensive-search-engine Port Cybersecurity - Good practices for cybersecurity in the maritime sector https://www.enisa.europa.eu/publications/port-cybersecurity-good-practices-for-cybersecurity-in-the-maritime-sector/ Imtiazkarimik23/ATFuzzer https://github.com/Imtiazkarimik23/ATFuzzer MITRE ATT&CK Website https://attack.mitre.org https://github.com/mitre-attack/attack-website anonaddy/anonaddy https://github.com/anonaddy/anonaddy Product Warning! Chinese children’s watch reveals thousands of children’s data https://www.iot-tests.org/2019/11/product-warning-chinese-childrens-watch-reveals-thousands-of-childrens-data/ Smartwatch exposes locations and other data on thousands of children https://www.welivesecurity.com/2019/11/29/smartwatch-exposes-location-data-children/ Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK https://blog.trendmicro.com/trendlabs-security-intelligence/operation-endtrade-finding-multi-stage-backdoors-that-tick/ Threat Hunting or Efficiency: Pick Your EDR Path https://securingtomorrow.mcafee.com/enterprise/endpoint-security/threat-hunting-or-efficiency-pick-your-edr-path/ Sextortion scammers getting creative https://blog.malwarebytes.com/cybercrime/2019/11/sextortion-scammers-getting-creative/ Threat Hunting with Function Imports https://practicalsecurityanalytics.com/threat-hunting-with-function-imports/ m4ll0k/BurpSuite-Secret_Finder https://github.com/m4ll0k/BurpSuite-Secret_Finder// Red Team Diary, Entry #1: Making NSA’s PeddleCheap RAT Invisible https://medium.com/@d.bougioukas/red-team-diary-entry-1-making-nsas-peddlecheap-rat-invisible-f88ccbdc484d Red Team Diary, Entry #2: Stealthily Backdooring CMS Through Redis’ Memory Space https://medium.com/@d.bougioukas/red-team-diary-entry-2-stealthily-backdooring-cms-through-redis-memory-space-5813c62f8add Red Team Diary, Entry #3: Custom Malware Development (Establishing A Shell Through the Target’s Browser) https://medium.com/@d.bougioukas/red-team-diary-entry-3-custom-malware-development-establish-a-shell-through-the-browser-bed97c6398a5 Blue Team Diary, Entry #1: Leveraging Osquery For Enhanced Incident Response & Threat Hunting (Free Video Training) https://medium.com/@d.bougioukas/blue-team-diary-entry-1-leveraging-osquery-for-enhanced-incident-response-threat-hunting-70935538c9c3 To Survive a Data Breach, Create a Response Playbook https://www.bankinfosecurity.com/to-survive-data-breach-create-response-playbook-a-13459 Report: APT gang increased cyberattacks on businesses in Q3 https://www.techrepublic.com/article/report-apt-gang-increased-cyberattacks-on-businesses-in-q3/ Teardown: Windows 10 on ARM - x86 Emulation https://threatvector.cylance.com/en_us/home/teardown-windows-10-on-arm-x86-emulation.html Analysis of Malicious ElectrumX Servers Source Code http://www.peppermalware.com/2019/12/analysis-of-malicious-electrumx-servers.html Newlib Unlink Heap Exploitation https://blog.infosectcbr.com.au/2019/12/newlib-unlink-heap-exploitation.html ATT&CK Website Docker https://blacksmith.readthedocs.io/en/latest/attack_website_docker.html SASM - simple crossplatform IDE for NASM, MASM, GAS and FASM assembly languages https://github.com/Dman95/SASM pdb++, a drop-in replacement for pdb (the Python debugger) https://github.com/pdbpp/pdbpp relentless-warrior/5GReasoner https://github.com/relentless-warrior/5GReasoner Exploiting XSS with 20 characters limitation https://jlajara.gitlab.io/posts/2019/11/30/XSS_20_characters.html Public SSH keys can leak your private infrastructure https://rushter.com/blog/public-ssh-keys/ A tool for in-depth analysis of USB HID devices communication https://github.com/ondrejbudai/hidviz Easier Node.js streams via async iteration https://2ality.com/2019/11/nodejs-streams-async-iteration.html CTF box with most tools installed https://github.com/boogy/ctfbox Kerberos Domain Username Enumeration https://www.attackdebris.com/?p=311 Backreferences in JavaScript regular expressions https://www.stefanjudis.com/today-i-learned/backreferences-in-javascript-regular-expressions/ Extending IDA processor modules for GDB debugging http://www.hexblog.com/?p=1371 dsdump https://derekselander.github.io/dsdump/ Attack Monitor - Endpoint Detection And Malware Analysis Software https://www.kitploit.com/2019/11/attack-monitor-endpoint-detection-and.html Shellcoding: Finding EIP/RIP https://blog.xenoscr.net/Finding-EIP/ Checkm8, Checkra1n and the new "golden age" for iOS Forensics https://blog.digital-forensics.it/2019/11/checkm8-checkra1n-and-new-golden-age.html MINDSHARE: HARDWARE REVERSING WITH THE TP-LINK TL-WR841N ROUTER - PART 2 https://www.thezdi.com/blog/2019/12/2/mindshare-hardware-reversing-with-the-tp-link-tl-wr841n-router-part-2 Win32 Shellcode - Hashed Reverse Shell https://blackcloud.me/Win32-shellcode-hashed/ SMS Replacement is Exposing Users to Text, Call Interception Thanks to Sloppy Telecos https://www.vice.com/en_us/article/j5ywxb/rcs-rich-communications-services-text-call-interception BlueHat-2019-Seattle https://github.com/ga1ois/BlueHat-2019-Seattle Threat Research FIDL: FLARE’s IDA Decompiler Library https://www.fireeye.com/blog/threat-research/2019/11/fidl-flare-ida-decompiler-library.html Threat Research Excelerating Analysis – Tips and Tricks to Analyze Data with Microsoft Excel https://www.fireeye.com/blog/threat-research/2019/12/tips-and-tricks-to-analyze-data-with-microsoft-excel.html Threat Research Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774) https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign http://bit.ly/2YpgpBY Iranian hackers deploy new ZeroCleare data-wiping malware https://www.zdnet.com/article/iranian-hackers-deploy-new-zerocleare-data-wiping-malware/#ftag=RSSbaffb68 New Destructive Wiper “ZeroCleare” Targets Energy Sector in the Middle East https://www.ibm.com/downloads/cas/OAJ4VZNJ F.商業 SecBuzzer雲端資安情資服務平台 https://www.iii.org.tw/Product/TechLensDtl.aspx?tp_sqno=nhuy3AsZDkIy73PMgWUHLw__&fm_sqno=72 KubAnomaly：容器應用軟體資安診測與攻擊防禦系統 https://www.iii.org.tw/Product/TechLensDtl.aspx?tp_sqno=n9wnPK4y9LqvmWsiqrfoeg__&fm_sqno=72 資安業找新血 趨勢科技人資長：熱情學不來 https://www.cna.com.tw/news/afe/201912010075.aspx GitHub 開源代碼分析引擎 CodeQL，同步啓動 3000 美元漏洞獎勵計劃 https://www.chainnews.com/zh-hant/articles/281213551749.htm Check Point推出可加強IoT裝置韌體安全解決方案 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000573636_YB85W9164UEW205LH6EEC 0.3 秒快速領錢的關鍵在人臉辨識！NEC 強勢展出六大金融科技解決方案 https://buzzorange.com/techorange/2019/12/02/nec-facial-recognition/ 【GREYCORTEX MENDEL人工智慧監控軟體】可補強SOC之不足 即時監控內部網路發現漏洞及提出警訊 https://www.bnext.com.tw/article/55720/greycortex-mendel-soc UL：足夠資安評估 才能讓物聯遠離駭客攻擊 http://www.ctimes.com.tw/DispNews/tw/IOT/UL/1912031353N3.shtml 精誠攜手nCipher 進軍5G資安市場 https://udn.com/news/story/7240/4203242 精誠揪伴 攻資安防護 https://news.wearn.com/c392186.html AiShield 在家戶網路大門設立網路檢查哨，讓家中所有連網設備都有防護罩 https://www.techbang.com/posts/74574-set-up-checkpoints-at-the-doors-of-the-homes-net-aishield 零壹科技積極參與台美跨國資安攻防演練 為捍衛資安防禦再創新頁 https://www.zerone.com.tw/Content/Product/7B74CD9ED3C72967 關貿網路新開發「資安閘門防護」 拚中小企業務 https://www.chinatimes.com/realtimenews/20191204003547-260410?chdtv 關貿網路搶資安商機　看準中小企業需求 https://www.setn.com/News.aspx?NewsID=648110 企業採用ISO 27001稽核程序，讓資安管理事半功倍 https://ithome.com.tw/pr/134604 大陸資安巨頭360 擬募資人民幣108億元 https://www.chinatimes.com/realtimenews/20191205005021-260410?chdtv IBM 新專利防無人機包裹被盜　憑高度改變得知包裹動向 http://bit.ly/2PjjhMr 中華資安國際助企業抵禦多重威脅 https://www.digitimes.com.tw/iot/article.asp?cat=130&id=0000574156_T500D9LR63CR4S54Z39TT 缺技術、缺市場、缺人才都找他？專訪資策會，台灣數位內容產業幕後推手 https://technews.tw/2019/12/06/iii-digital-content-industry/ AWS公佈雲端防資料外洩、防詐欺工具 https://www.ithome.com.tw/news/134624 HackerOne awards $20,000 bug bounty for private data access vulnerability on its own platform https://zd.net/2PlhHJX Network security simplified with Amazon VPC Ingress Routing and Trend Micro https://blog.trendmicro.com/network-security-simplified/ G.政府 教育部與趨勢科技攜手合作，打造網路守護天使2.0 https://www.techbang.com/posts/74575-ministry-of-education-and-trend-micro-work-together-to-create-cyberguardian-angel-20 國家資通安全情勢報告 http://bit.ly/2Y9vqaT 106-109年國家資通安全發展方案 http://bit.ly/360q5Wj 107年公務機關資安稽核概況報告 http://bit.ly/35IdPcK 國防部：營區平板有線連結軍網 不需無線網路 https://www.cna.com.tw/news/aipl/201912020232.aspx 值星官能用「接線」平板排哨了 國防部：部隊急需 https://udn.com/news/story/10930/4200915 買平板沒Wi-Fi無用？ 國軍澄清：是用軍網 https://news.ltn.com.tw/news/politics/paper/1336351 不懂市價行情？國軍出手買平板一台預算近 5 萬元 https://3c.ltn.com.tw/news/38794 行政院5G專網頻譜規劃出爐 https://ithome.com.tw/news/134638 保障病安 強化資安 健保醫療資訊雲端系統為您把關 https://www.mohw.gov.tw/cp-16-50429-1.html 專家傳真－發行晶片身分證 請政府停看聽 http://bit.ly/34WAstL 防中共介選 台嚴查假訊息、地下匯兌 http://www.epochtimes.com/b5/19/12/6/n11704410.htm 因應5G時代 蔡總統：研議設立數位發展主管機關 https://www.ydn.com.tw/News/362792 5G專網頻譜政院通過 蘇貞昌：台灣將邁入5G世代 https://living.taronews.tw/2019/12/05/549912/ H.ICS/SCADA 工控系統 Schneider Electric Modbus Serial Driver資源管理錯誤漏洞 https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/ 利用震網三代和某PLC漏洞組合攻擊工控系統 https://www.ics-cert.org.cn/portal/page/111/e0c2891ce6b948f5b291d68d2e3ed83d.html 防黑客攻擊車聯網聯合安全實驗室啟動 https://www.autohome.com.cn/news/201912/953885.html ICS Advisory (ICSA-19-330-01) ABB Relion 670 Series https://www.us-cert.gov/ics/advisories/icsa-19-330-01 LEN-27687 FPT Software 應對Texas Instruments TPS65988 USB Type-C Power Delivery Controller Driver 漏洞 http://iknow.lenovo.com/detail/dc_185930.html A Notorious Iranian Hacking Crew Is Targeting Industrial Control Systems https://www.wired.com/story/iran-apt33-industrial-control-systems/ I.教育訓練 簡明 Linux Shell Script 入門教學 https://blog.techbridge.cc/2019/11/15/linux-shell-script-tutorial/ e科技的資安分析與關鍵證據: 數位鑑識 http://bit.ly/33RmYOZ 108 年度全國職場達人盃 資安實戰攻防競賽公開題目 http://bit.ly/33UOyKY How to perform reverse engineering using IDA Pro https://www.peerlyst.com/posts/how-to-perform-reverse-engineering-using-ida-pro-abhinav-singh?trk=search_page_search_result Malware Analysis | Legion Credential Stealer/Backdoor [PowerShell] https://www.youtube.com/watch?v=aj56VYpbhzQ&feature=youtu.be Excel 4.0 Macros Analysis - Cobalt Strike Shellcode Injection https://www.youtube.com/watch?v=XnN_UWfHlNM&feature=youtu.be&t=905 CTHoW v2.0 - Cyber Threat Hunting on Windows https://www.peerlyst.com/posts/cthow-v2-0-cyber-threat-hunting-on-windows-huy-kha?trk=explore_page_posts_recent_feed_entry How to perform Open-Source Intelligence (OSINT) https://www.peerlyst.com/posts/how-to-perform-open-source-intelligence-osint-chiheb-chebbi J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 IoT 物聯網隱私被「駭」？UL 分享 IoT 安全評等揭密產品資安能力 http://bit.ly/2OZnRzz 駭入門檻低 居家監看憂隱私外洩 http://bit.ly/35QBAiP 印尼將以 AI 取代兩名高官 望增加政府運作流暢度 https://unwire.hk/2019/12/01/indonesia-will-replace-some-civil-servants-with-ai/fun-tech/ 新AI職業誕生！未來75%大型企業必須僱用「人工智慧檢查官」 https://www.bnext.com.tw/article/55773/artificial-intelligence-specialist IoT安全評等把關連網裝置安全 https://www.eettaiwan.com/news/article/20191202NT12-IoT-security-rating-ensures-connected-device-security 推動更安全的移動服務，從驗證與資安看自駕車發展 http://bit.ly/350IsKs IoT bills and guidelines: a global response https://blog.malwarebytes.com/cybercrime/privacy/2019/11/iot-bills-and-guidelines-a-global-response/ Explained: juice jacking https://blog.malwarebytes.com/explained/2019/11/explained-juice-jacking/ Top Raspberry Pi alternatives for 2020 https://www.zdnet.com/article/top-raspberry-pi-alternatives-for-2020/#ftag=RSSbaffb68 6.近期資安活動及研討會 Vue.js 新手村，前端實戰入門 12/7 https://hackersir.kktix.cc/events/20191112vuejs FutureCon Nashville Cyber Security Conference 12/11 https://infosec-conferences.com/events-in-2019/futurecon-nashville/ 「Log管理 x 營業秘密」研討會 12/11 https://www.accupass.com/event/1911110922137590408650 Utility Cyber Security Forum December 12/11 https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/ 交通大學亥客書院-A018:企業網域控管－Active Directory攻擊與防禦 12/14 https://hackercollege.nctu.edu.tw/?p=1094 台灣駭客年會 HITCON Winter Training 2019 12/16 https://hitcon.kktix.cc/events/hitcon-winter-training-2019 台灣駭客年會 HITCON Winter Training 2019 - 學生報名 12/16 https://hitcon.kktix.cc/events/hitcon-winter-training-2019-student Japan Security Analyst Conference https://jsac.jpcert.or.jp/ PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23 https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world