資安事件新聞週報 2019/9/2 ~ 2019/9/6

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/9/2 ~ 2019/9/6 1.重大弱點漏洞/後門/Exploit/Zero Day PSV、PS3雙雙獲得韌體更新，但似乎忘了把漏洞補上 https://www.techbang.com/posts/72481-psv-ps3-double-get-stolic-update-but-seem-to-forget-to-fill-in-the-vulnerability 發現美國海軍網站的敏感信息洩露和SQL注入漏洞 https://nosec.org/home/detail/2909.html 企業修補進度慢！近期臺灣資安業者揭露的SSL VPN漏洞，傳出已遭駭客鎖定 https://www.ithome.com.tw/news/132764 SonarQube檢測出的bug、漏洞以及異味的修復整理 https://cloud.tencent.com/developer/article/1497624 Zimbra-RCE https://github.com/rek7/Zimbra-RCE Trend Micro OfficeScan (OSCE) DLL Side-Loading安全性弱點通告 https://nvd.nist.gov/vuln/detail/CVE-2019-9492 Hiding in Plain Text: Jenkins Plugin Vulnerabilities https://blog.trendmicro.com/trendlabs-security-intelligence/hiding-in-plain-text-jenkins-plugin-vulnerabilities/ Lightning Network用戶敦促因漏洞而緊急更新軟件 https://0xzx.com/201908302043248275.html SA103 : October 2015 NTP Security Vulnerabilities https://support.symantec.com/us/en/article.SYMSA1335.html SA98 : OpenSSL Security Advisory 11-June-2015 https://support.symantec.com/us/en/article.SYMSA1325.html SA104 : OpenSSH Vulnerabilities https://support.symantec.com/us/en/article.SYMSA1337.html XSS and Information Disclosure Vulnerabilities in ASG and ProxySG https://support.symantec.com/us/en/article.SYMSA1472.html Information Disclosure Vulnerability in Reporter https://support.symantec.com/us/en/article.SYMSA1489.html Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018 https://support.symantec.com/us/en/article.SYMSA1457.html 思科 NX-OS 多個漏洞 https://tools.cisco.com/security/center/publicationListing.x Cisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection https://www.exploit-db.com/exploits/47329 Cisco Nexus 7000 Series Switches和Nexus 7700 Series Switches NX-OS Software 輸入驗證錯誤漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1964 Company behind Foxit PDF Reader announces security breach https://www.zdnet.com/article/company-behind-foxit-pdf-reader-announces-security-breach/#ftag=RSSbaffb68 Google Chrome 遠端執行任意程式碼漏洞 https://chromereleases.googleblog.com/2019/08/stable-channel-update-for-desktop_26.html Multiple WordPress Plugins SQL Injection Vulnerabilities https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html WordPress sites under attack as hacker group tries to create rogue admin accounts https://www.zdnet.com/article/wordpress-sites-under-attack-as-hacker-group-tries-to-create-rogue-admin-accounts/#ftag=RSSbaffb68 WordPress 10多個外掛遭駭，用以建立網站非法帳號 https://www.ithome.com.tw/news/132788 車輛跟踪系統LoJack的認證系統API存在漏洞，可以被利用實時跟踪汽車 https://www.4hou.com/vulnerable/20013.html Hickory智能門鎖存在的多個漏洞 https://cloud.tencent.com/developer/article/1494657 來當賞金獵人？Google升級「維安計畫」　找到漏洞就有獎金拿 https://cnews.com.tw/140190903a04/ 微軟著手調查造成Windows 10 CPU使用率飆高的原因 https://www.ithome.com.tw/news/132837 Analyzing and Identifying Issues with the Microsoft Patch for CVE-2018-8423 https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analyzing-and-identifying-issues-with-the-microsoft-patch-for-cve-2018-8423/ Microsoft's latest Windows 10 20H1 test build adds cloud-reset option https://www.zdnet.com/article/microsofts-latest-windows-10-20h1-test-build-adds-cloud-reset-option/#ftag=RSSbaffb68 Microsoft plans to remove Adobe Flash from all of its web browsers by December 2020 https://www.onmsft.com/news/microsoft-plans-to-remove-adobe-flash-from-all-of-its-web-browsers-by-december-2020 How MuleSoft patched a critical security flaw and avoided a disaster https://www.zdnet.com/article/how-mulesoft-patched-a-critical-security-flaw-and-avoided-a-disaster/#ftag=RSSbaffb68 BMC Vulnerabilities Expose Supermicro Servers to Remote USB-Attacks https://thehackernews.com/2019/09/hacking-bmc-server.html 超微伺服器的基板傳出含有遠端攻擊漏洞 https://www.ithome.com.tw/news/132842 企業修補進度慢！近期臺灣資安業者揭露的SSL VPN漏洞，傳出已遭駭客鎖定，全球近1萬5個Pulse Secure VPN端點曝險 https://www.ithome.com.tw/news/132764 GNU Compiler Collection 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15847 Wolters Kluwer Financial Services TeamMate+ 跨站請求偽造漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10253 Panasonic Video Insight VMS SQL注入漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5996 Over 47,000 Supermicro servers are exposing BMC ports on the internet https://www.zdnet.com/article/over-47000-supermicro-servers-are-exposing-bmc-ports-on-the-internet/#ftag=RSSbaffb68 The latest on BlueKeep and DejaBlue vulnerabilities — Using Firepower to defend against encrypted DejaBlue https://blogs.cisco.com/security/talos/the-latest-on-bluekeep-and-dejablue-vulnerabilities-using-firepower-to-defend-against-encrypted-dejablue Firefox 69 Now Blocks 3rd-Party Tracking Cookies and Cryptominers By Default https://thehackernews.com/2019/09/firefox-tracking-cookies-cryptominers.html 【Cookie 剋星】最新版 Firefox 69 上線！全面啟用追蹤保護擋追蹤軟體 https://buzzorange.com/techorange/2019/09/05/firefox-69-launch/ Mozilla Firefox 多個漏洞 https://www.us-cert.gov/ncas/current-activity/2019/09/04/mozilla-releases-security-updates-firefox-and-firefox-esr Year-Old Samba Bug Allows Access to Forbidden Root Share Paths https://www.bleepingcomputer.com/news/security/year-old-samba-bug-allows-access-to-forbidden-root-share-paths/ Kubernetes 爆發嚴重漏洞：可能影響所有開源版本 https://juejin.im/post/5d6ef4575188256ea517d950 2.銀行/金融/保險/證券/支付系統/ 新聞及資安臺北金融科技展11月底即將登場，三家純網銀將首次同臺秀特色 https://www.ithome.com.tw/news/132678 外資主導搶食網銀大餅　國家隊好想贏日韓 https://m.mirrormedia.mg/story/20190827soc006/ 將來銀行將自組 AI 團隊，佈局純網銀四大重點領域 https://buzzorange.com/techorange/2019/08/28/next-bank/ 純網銀徵才大戰／LINE Bank拚2020上半年開業　年底前招募逾百位專才 https://www.ettoday.net/news/20190831/1525158.htm 純網銀徵才大戰／3團隊瘋搶這4類人才　文科生、理科生也可捧金飯碗 https://www.ettoday.net/news/20190831/1525157.htm 新版人民幣來了！市民「嘗鮮」多為收藏，網點將逐步投放 https://news.sina.com.tw/article/20190830/32500274.html 新版人民幣後日面世 1蚊5毫硬幣都改款 https://hk.news.appledaily.com/china/realtime/article/20190828/59982127 將來銀行」的將來在哪裡 https://forum.ettoday.net/news/1526799?redirect=1 純網銀大舉徵才！哪種人會錄取？將來銀行總經理透露面試考題 http://bit.ly/2kqUBpT 舊手機也可保手機保險了但僅限這家銀行信用卡持卡人 https://ec.ltn.com.tw/article/breakingnews/2904121 獨家丨繼證大后，另一家P2P平台新新貸也被上海警方立案 https://news.sina.com.tw/article/20190902/32524866.html 新加坡預計2020年中期前釋出純網銀執照 https://news.cnyes.com/news/id/4373786 湖南警方抓獲15名販賣銀行卡嫌疑人 https://news.sina.com.tw/article/20190827/32460524.html FinTech　Taipei　2019即將隆重登場 https://www.setn.com/News.aspx?NewsID=590919 港交所：出現連接問題所有市場目前如常運作 https://www.mpfinance.com/fin/instantf2.php?node=1567653673182&issue=20190905 香港交易所期貨線路出現問題 https://www.bsgroup.com.hk/importantannouncement/important/?page=5 「死機」逾12小時港交所三宗罪 https://hk.finance.appledaily.com/finance/realtime/article/20190905/60014169 張華峰:港交所期指交易系統非遭駭客入侵 http://www.metroradio.com.hk/news/default.aspx?NewsID=20190905163410 李小加稱期貨停市涉新系統出現漏洞　非受攻擊 http://bit.ly/2lzACWs 港交所期貨交易當機停市否認人為破壞 https://money.udn.com/money/story/5603/4032220 P2P爆雷不斷中國官方將全面納入徵信系統 https://www.cna.com.tw/news/acn/201909040343.aspx 重磅!P2P將納入徵信體系互金、網貸整治辦聯合發文 https://news.sina.com.tw/article/20190905/32560468.html 瑞典9月14日將開始執行歐盟付款服務規定PSD2 https://www.trademag.org.tw/page/newsid1/?id=753310&iz=6 巴黎街頭遭搶！歹徒10分內破解台灣金融卡盜10萬 https://news.ebc.net.tw/News/society/176841 旺旺集團拿下純網銀再傳震撼彈 https://moptt.tw/p/HatePolitics.M.1567569448.A.0DE 首例！國泰人壽與易遊網合作1分鐘旅平險正式通過 https://money.udn.com/money/story/5613/4032210 旅平險可直接在旅遊平台投保保險業沙盒首例 https://www.cna.com.tw/news/afe/201909060087.aspx Chinese nationals hacked ATM systems in Nepal's capital https://www.thepaypers.com/digital-identity-security-online-fraud/chinese-nationals-hacked-atm-systems-in-nepal-s-capital/780474-26# 5 Chinese nationals arrested for stealing money from ATM in Kathmandu https://www.indiatvnews.com/news/world-chinese-nationals-arrested-stealing-money-atm-in-kathmandu-546508 Police make four more arrests in ATM robbery case https://myrepublica.nagariknetwork.com/news/police-make-four-more-arrests-in-atm-robbery-case/ German bank loses €1.5 million in mysterious cashout of EMV cards https://www.zdnet.com/article/german-bank-loses-eur1-5-million-in-mysterious-cashout-of-emv-cards/#ftag=RSSbaffb68 3.電子支付/電子票證/行動支付/ pay/新聞及資安不再擔心鈔票卡魚鱗　QR Code革命將消滅新台幣紙鈔？ https://www.cw.com.tw/article/article.action?id=5096647 「LINE Pay 一卡通帳戶」行動支付於 7-ELEVEN 正式上線 http://bit.ly/2lKlzsS 三井住友推駭客險電子支付更有保障 https://money.udn.com/money/story/5602/4023217 網路賭局易使詐行動支付警難辦 http://bit.ly/2lNnmxn 懵漢電子支付車費手機投錢箱 https://orientaldaily.on.cc/cnt/china_world/20190901/00178_018.html 台灣電子支付大整合金管會：LINE Pay、街口最快明年可互轉帳 https://news.cnyes.com/news/id/4375953 金管會計畫開放電支商家可互通　最快2020年成立「跨機構共用平台」 https://www.ettoday.net/news/20190903/1527810.htm 讓電子支付「一家親」金管會研擬互轉帳整合平台 https://www.chinatimes.com/realtimenews/20190903004408-260410?chdtv 電子支付擬設共用平台 http://merit-times.net/2019/09/04/124160/ 【0.3 秒閃付】Amazon 測試「掃手」支付系統明年應用 Whole Foods 超級市場 http://bit.ly/2k3jSXc 中國迎向刷臉支付時代暗藏資安隱私風險 http://bit.ly/2k0n7P7 4.虛擬貨幣/區塊鍊新聞及資安臉書幣Libra還活著！推出31萬「抓蟲」賞金 https://ec.ltn.com.tw/article/breakingnews/2897984 最高 1 萬美元！Facebook 加密幣 Libra 祭漏洞賞金計畫 https://www.inside.com.tw/article/17361-libra-bug-bounty-program 正式推出比特幣期貨！Bakkt 下月初開放客戶入倉 https://news.cnyes.com/news/id/4373489 門羅幣挖礦風暴襲捲廣大企業傳統防護已難以防守 https://money.udn.com/money/story/10860/4017581 以太坊Parity客戶端曝出RPC安全漏洞用戶需盡快升級 https://www.feixiaohao.com/news/4346927 馬上升級！比特幣閃電網絡或存在安全漏洞 https://www.zilian8.com/188980.html 比特幣或出現安全漏洞 https://www.bitguai.com/bitcoin/news/40076.html 加拿大出現比特幣ATM新騙局！詐騙者誘騙用戶掃描虛假QR Code https://news.sina.com.tw/article/20190830/32498880.html 北韓否認攻擊加密貨幣交易所稱指控是「由美國竄起的謠言」 https://news.cnyes.com/news/id/4375010 「假」黃金正在擾亂市場，比特幣需求可能因此大漲 http://news.knowing.asia/news/978ee55e-cb6a-479f-a9f2-364701c17388 交易所幣客無預警宣布關閉：表示遭駭客攻擊，公司「資不抵債」 https://www.blocktempo.com/bitker-exchange-announced-to-put-out0of-businss/ 騰訊安全：不法駭客冒充“熱心用戶”，對虛擬幣交易平台發起定向攻擊 http://big5.pconline.com.cn/b5/news.pconline.com.cn/1288/12885031.html 比特幣閃電網絡中檢測到的嚴重漏洞 https://0xzx.com/201909021654252002.html 強攻發明專利及外幣現鈔聯盟鏈平台… 一銀區塊鏈運用四路進擊 http://bit.ly/2jWacgZ 中國將成首個擁有數字貨幣國家 http://www.hkcd.com/content/2019-09/03/content_1154888.html 中南美洲最大電子支付公司 Cielo 宣布，推出加密貨幣支付系統 https://www.blocktempo.com/14-million-brazilian-point-of-sale-devices-to-support-crypto-payments/ 用 Bitcoin 買傢俱 Pricerite 首推加密貨幣支付服務 http://bit.ly/2lrxyLT 以太坊獲伊斯蘭學者「清真認證」！數位貨幣也分是否清真 http://news.knowing.asia/news/94796903-4cba-41e5-9abb-b599cbb9554a 沒有虧錢也沒有被盜幣，這家泰國主流交易所卻宣布關站 http://news.knowing.asia/news/89f5bf4e-ca3b-4b63-9cee-d0fcffebf349 比特幣突破10000美元！「Bakkt效應」終於顯現了嗎 http://news.knowing.asia/news/bfc04b40-dd96-4289-9707-23e44a1f483c 關貿：門羅幣挖礦風暴襲捲企業 http://bit.ly/2jYsJcy 電力最強挖礦機？烏克蘭核電廠員工被查出上班時間偷接電挖礦 https://technews.tw/2019/09/04/employees-connect-nuclear-plant-to-the-internet-so-they-can-mine-cryptocurrency/ 匯豐銀行完成首次以「人民幣計價」的區塊鏈信用狀交易 https://www.blocktempo.com/hsbc-processes-first-blockchain-letter-of-credit-using-chinese-yuan/ 要單挑臉書幣！Telegram擬發行自家加密貨幣 https://ec.ltn.com.tw/article/breakingnews/2905511 監管比特幣礦工？有專家向美國國會出了個餿主意 http://news.knowing.asia/news/f9ce1af7-723a-49a9-8cc4-a823f60d2393 牛幣學院疑似詐欺，總資金高達近二千萬台幣 https://zombit.info/suspected-fraud-total-funds-up-to-nearly-20-million-taiwan-dollars/ 比特幣不夠快，但什麼樣的產品才能成為理想的支付選擇呢 http://news.knowing.asia/news/164b773f-2518-4e83-9424-4efc5f51c8c8 美國國安局在研發加密貨幣，可抵抗量子計算 http://news.knowing.asia/news/94c801bf-fca2-4578-ada6-04a6528b60f5 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式美國數百家牙科診所仰賴的備份公司遭到勒索軟體攻擊 https://www.ithome.com.tw/news/132762 窮地方政府最危險！今年至少40個美國公部門遭駭客勒索失數千萬 http://bit.ly/2ZFfvjS 衛福部晚間公布臺灣醫療院所受勒索軟體攻擊現況，已有22家遇害 https://www.ithome.com.tw/news/132804 近日22家醫療院所遭勒索病毒攻擊事件處理說明 https://www.mohw.gov.tw/cp-4343-49147-1.html 兩家衛福部所屬醫院遭勒索軟體襲擊，確認臺灣已有10多間醫院遇害 https://ithome.com.tw/news/132781 公立醫院遭駭勒索病毒入侵？彰化醫院：已建置新系統 https://www.chinatimes.com/realtimenews/20190831001635-260405?chdtv 多家醫院電腦中勒索病毒衛福部：時間點太尷尬 https://m.ltn.com.tw/news/society/breakingnews/2902034 勒索病毒入侵全台10餘家醫院遇駭 http://bit.ly/2UkmRbg 全台10餘家醫院中勒索病毒密碼管理成漏洞 https://udn.com/news/story/7266/4021200 全台18家醫院中勒索病毒衛福部：沒有資料被外洩 http://bit.ly/2LcdSpH 勒索病毒襲衛福部院所要比特幣付贖 https://www.pcdvd.com.tw/showthread.php?t=1165860 多家醫院中勒索病毒衛福部：兩小時解除無個資外洩 https://udn.com/news/story/7266/4020891 高雄阮綜合醫院疑中「勒索病毒」行政系統癱瘓重建中 https://news.ltn.com.tw/news/life/breakingnews/2901611 疑中勒索病毒阮綜合醫院行政作業一度癱瘓 https://udn.com/news/story/7327/4021197 勒索病毒襲擊彰化醫院、員基中標 https://news.ltn.com.tw/news/Changhua/breakingnews/2901828 勒索病毒侵台北醫院、彰化醫院要求比特幣贖金 http://bit.ly/2PyrG27 "勒索病毒"襲衛福部院所要比特幣付贖 https://www.ttv.com.tw/news/view/10808310002800N/579 「勒索病毒」攻佔醫院主機！　傳全台56家中鏢…個資病歷全被鎖 https://www.ettoday.net/news/20190831/1525367.htm 「勒索病毒」襲台傳56醫療院所電腦中鏢 https://m.ltn.com.tw/news/society/breakingnews/2901521 Avast與警方聯手移除85萬臺PC上的惡意蠕蟲 https://www.ithome.com.tw/news/132713 長島學區遭駭資料被鎖付8.8萬贖金 http://bit.ly/2PxP1kB 接收健保署電子郵件會中勒索病毒？健保署：經查非事實 https://news.ltn.com.tw/news/Taipei/breakingnews/2903434 曾秀國旗喊台灣NO.1 爆乳網美遭勒索「不給錢就刪性感照」 https://news.ltn.com.tw/news/world/breakingnews/2901243 挖礦軟體感染目標擴及英特爾伺服器 https://www.ithome.com.tw/news/132791 騰訊安全威脅感知系統截獲網銀大盜木馬提醒網友注意陌生郵件 https://guanjia.qq.com/news/n3/2546.html 開學了，小心數位論文與教科書暗藏惡意程式 https://www.ithome.com.tw/news/132818 勒索病毒攻擊加密3萬張照片欲哭無淚專家教你這樣止血 https://udn.com/news/story/7315/4026465?from=udn-catelistnews_ch2 計算機專業畢業生驚人大案：給網吧電腦裝木馬，遠程「挖礦」獲利上億元 https://news.sina.com.tw/article/20190903/32537952.html 挖礦惡意軟件逐漸進逼 Intel 伺服器 https://unwire.pro/2019/09/03/coinmining-malware-intel/security/ 網絡安全威脅增　勒索軟件飆118% https://inews.hket.com/article/2443436 驚！無檔案式威脅成長265%　數位勒索、變臉詐騙猖獗 https://www.setn.com/News.aspx?NewsID=597558 趨勢科技警告：「無檔案」式攻擊量暴增 https://udn.com/news/story/7088/4031557 Nemty勒索病毒可能透過暴露的遠端桌面連線散播 https://blog.trendmicro.com.tw/?p=61895 開學了，小心數位論文與教科書暗藏惡意程式 https://www.ithome.com.tw/news/132818 LokiBot變種利用圖像隱碼術來隱藏蹤跡 https://blog.trendmicro.com.tw/?p=61729 MDR 找到埋伏某公司系統2年的MyKings變種 https://blog.trendmicro.com.tw/?p=61824 獅子大開口！駭客向美國麻州城市New Bedford要求530萬美元贖金遭拒 https://ithome.com.tw/news/132896 Taxpayers against cities paying up in ransomware attacks, says survey https://www.zdnet.com/article/taxpayers-against-cities-paying-up-in-ransomware-attacks-says-survey/#ftag=RSSbaffb68 Malware being disguised as school textbooks https://www.techradar.com/news/criminals-disguising-malware-as-school-textbooks Kaspersky: Malware Found Hiding in Popular Android App https://www.bankinfosecurity.com/kaspersky-malware-found-hiding-in-popular-android-app-a-13008 Ransomware Hits Dental Data Backup Service Offering Ransomware Protection https://thehackernews.com/2019/08/dds-safe-dental-ransomware-attack.html Trickbot Is Using Google Docs to Trick Proofpoint’s Gateway https://cofense.com/trickbot-using-google-docs-trick-proofpoints-gateway/ New Trickbot variant targets mobile users' PIN codes https://cyware.com/news/new-trickbot-variant-targets-mobile-users-pin-codes-f7937c93 A new variant of Trickbot banking Trojan targets Verizon, T-Mobile, and Sprint users https://securityaffairs.co/wordpress/90508/malware/trickbot-targets-us-mobile-users.html Emotet Botnet Is Back, Servers Active Across the World https://www.bleepingcomputer.com/news/security/emotet-botnet-is-back-servers-active-across-the-world/ TrickBot Modifications Target U.S. Mobile Users https://www.secureworks.com/blog/trickbot-modifications-target-us-mobile-users GOOTKIT BANKING TROJAN | DEEP DIVE INTO ANTI-ANALYSIS FEATURES https://www.sentinelone.com/blog/gootkit-banking-trojan-deep-dive-anti-analysis-features/ GOOTKIT BANKING TROJAN | PART 2: PERSISTENCE & OTHER CAPABILITIES https://www.sentinelone.com/blog/gootkit-banking-trojan-persistence-other-capabilities/ RAT Ratatouille: Backdooring PCs with leaked RATs https://blog.talosintelligence.com/2019/08/rat-ratatouille-revrat-orcus.html BRATA Android RAT Used to Infect and Spy on Brazilian Users https://www.bleepingcomputer.com/news/security/brata-android-rat-used-to-infect-and-spy-on-brazilian-users/ Fully equipped Spying Android RAT from Brazil: BRATA https://securelist.com/spying-android-rat-from-brazil-brata/92775/ Analysis: How Police Disrupted a Cryptomining Malware Gang https://www.bankinfosecurity.com/interviews/analysis-how-police-disrupted-cryptomining-malware-gang-i-4430 New Android Malware for Banking Apps steal passwords by recording screens https://www.technowize.com/new-android-malware-for-banking-apps-steal-passwords-by-recording-screens/ Hackers use Google Docs to spread TrickBot banking trojans https://meterpreter.org/hackers-use-google-docs-to-spread-trickbot-banking-trojans/ 2019-09-03 - PCAP AND MALWARE FOR AN ISC DIARY (REMCOS RAT) https://www.malware-traffic-analysis.net/2019/09/03/index.html Fake BleachBit Website Built to Distribute AZORult Info Stealer https://www.bleepingcomputer.com/news/security/fake-bleachbit-website-built-to-distribute-azorult-info-stealer/ WordPress Plugins Anchor Widespread Malvertising, Rogue Backdoor Campaign https://threatpost.com/wordpress-plugins-malvertising-backdoor-campaign/147926/ Hacked SharePoint Sites Used to Bypass Secure Email Gateways https://www.bleepingcomputer.com/news/security/hacked-sharepoint-sites-used-to-bypass-secure-email-gateways/ Phishing Emails Are Using SharePoint to Slip Past Symantec’s Gateway and Attack Banks https://cofense.com/phishing-emails-using-sharepoint-slip-past-symantecs-gateway-attack-banks/ Ransomware gang wanted $5.3 million from US city, but they only offered $400,000 https://www.zdnet.com/article/ransomware-gang-wanted-5-3-million-from-us-city-but-they-only-offered-400000/#ftag=RSSbaffb68 2019-08-31 - DATA DUMP: URSNIF+VIDAR WITH TRICKBOT https://www.malware-traffic-analysis.net/2019/08/31/index.html 2019-09-03 - PCAP AND MALWARE FOR AN ISC DIARY (REMCOS RAT) https://www.malware-traffic-analysis.net/2019/09/03/index.html 2019-09-04 - DATA DUMP: URSNIF INFECTION WITH TRICKBOT https://www.malware-traffic-analysis.net/2019/09/04/index.html 2019-09-04 - DATA DUMP: URSNIF DOC SENDS VIDAR https://www.malware-traffic-analysis.net/2019/09/04/index2.html 2019-09-05 - WORD DOC MACRO CAUSES URSNIF WITH TRICKBOT, OR IT CAUSES VIDAR https://www.malware-traffic-analysis.net/2019/09/05/index.html Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions https://blog.trendmicro.com/trendlabs-security-intelligence/glupteba-campaign-hits-network-routers-and-updates-cc-servers-with-data-from-bitcoin-transactions/ TrickBot Makes Heavy Use of Evasion in Recent Attacks https://www.securityweek.com/trickbot-makes-heavy-use-evasion-recent-attacks JSWorm: The 4th Version of the Infamous Ransomware https://securityaffairs.co/wordpress/90811/malware/jsworm-4-ransomware-analysis.html New social engineering toolkit draws inspiration from previous web campaigns https://blog.malwarebytes.com/social-engineering/2019/09/new-social-engineering-toolkit-draws-inspiration-from-previous-web-campaigns/ Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-abuses-php-functions-for-persistence-uses-compromised-devices-for-evasion-and-intrusion/ Ransomware gang wanted $5.3 million from US city, but they only offered $400,000 https://www.zdnet.com/article/ransomware-gang-wanted-5-3-million-from-us-city-but-they-only-offered-400000/#ftag=RSSbaffb68 A Ransomware Tale: Mayor Describes City's Decisions https://www.bankinfosecurity.com/ransomware-tale-mayor-describes-citys-decisions-a-13033 GOOTKIT BANKING TROJAN | PART 3: RETRIEVING THE FINAL PAYLOAD https://www.sentinelone.com/blog/gootkit-banking-trojan-retrieving-final-payload/ Ransomware Delivery Mechanisms [Part 1] https://www.lastline.com/labsblog/ransomware-delivery-mechanisms/ Ransomware: Too Overt to Hide [Part 2] https://www.lastline.com/labsblog/ransomware-overt-hide-part-2/ TROJAN DROPPER https://malwr-analysis.com/2019/08/23/trojan-dropper-bdf243b7a296f7aecc366c799e3fb865ee3aff7c72d8d942e2b2632a347fe5c3/ Banking Trojans: A Reference Guide to the Malware Family Tree https://www.f5.com/labs/articles/education/banking-trojans-a-reference-guide-to-the-malware-family-tree TrickBot adds new trick to its arsenal: tampering with trusted texts https://blog.malwarebytes.com/trojans/2019/09/trickbot-adds-new-trick-to-its-arsenal-tampering-with-trusted-texts/ Windows worms. Forbix worm analysis https://persianov.net/windows-worms-forbix-worm-analysis Mobile Menace Monday: Android Trojan raises xHelper https://blog.malwarebytes.com/android/2019/08/mobile-menace-monday-android-trojan-raises-xhelper/ Unprecedented new iPhone malware discovered https://blog.malwarebytes.com/mac/2019/08/unprecedented-new-iphone-malware-discovered/ New social engineering toolkit draws inspiration from previous web campaigns https://blog.malwarebytes.com/social-engineering/2019/09/new-social-engineering-toolkit-draws-inspiration-from-previous-web-campaigns/ B.行動安全 / iPhone / Android /穿戴裝置 /App Android攻擊程式價格首度超過iOS https://www.ithome.com.tw/news/132835 Android exploits are now worth more than iOS exploits for the first time https://www.zdnet.com/article/android-exploits-are-now-worth-more-than-ios-exploits-for-the-first-time/#ftag=RSSbaffb68 知名安卓軟體「掃描全能王」被發現含有特洛伊木馬！下載量超過一億次 https://applealmond.com/posts/57647 你可能也有安裝！下載破億次、超紅 Android 手機 App 被爆是木馬 https://3c.ltn.com.tw/news/37810 學校安全零死角中山大學開發貼身護衛App https://udn.com/news/story/7240/4014324?from=udn-ch1_breaknews-1-cate6-news 5G設企業專網中華電：影響企業與電信業合作 https://ec.ltn.com.tw/article/paper/1313849 iOS 12.4.1修復越獄漏洞蘋果建議用戶更新 https://www.chinatimes.com/realtimenews/20190828001595-260412?chdtv Google finds malicious sites pushing iOS exploits for years https://www.zdnet.com/article/google-finds-malicious-sites-pushing-ios-exploits-for-years/#ftag=RSSbaffb68 iPhone 最安全？Google：iPhone 早已被惡意網站入侵多年 https://www.inside.com.tw/article/17391-google-iphone-secretly-hacked Google團隊揭露駭客史上最大攻擊iPhone事件！竊取文件和即時定位　蘋果獲報修復 https://www.ettoday.net/news/20190830/1524947.htm 「用戶和Siri對話被聽光光」　蘋果正式道歉了 https://www.mirrormedia.mg/story/20190829edi021/ 香港反送中爆紅Telegram安全隱憂示威者身份恐曝光 http://bit.ly/2NIie9K Telegram 回應香港人訴求？執法機關無法再透過電話號碼肉搜使用者參與過的群組 https://buzzorange.com/techorange/2019/08/30/telegram-hk/ Telegram 被發現洩露用戶身份漏洞！官方正式回應 http://bit.ly/2PuZ5dZ 保護示威者 Telegram關閉電話配對 https://m.ltn.com.tw/news/world/paper/1314765 外媒：中國政府疑使用Telegram漏洞辨別示威者 https://unwire.hk/2019/08/31/telegram-3/tech-secure/ 用LINE集點！店家控點數自動增加…損失逾5百元 http://bit.ly/2PAd6XN Google將下載次數超過1億的Android app列入抓漏範圍 https://www.ithome.com.tw/news/132737 Google團隊揭iPhone漏洞　黑客可裝監控程式 http://bit.ly/2LjiFod 谷歌威脅分析小組稱，IPhone IOS 10-12巨型漏洞利用：從5個鏈中劫持多年 https://0xzx.com/201909020857251643.html 美媒：監控維吾爾人北京設釣魚網站 https://udn.com/news/story/7331/4026367 中國利用iphone 漏洞監控維吾爾族 https://www.ptt.cc/bbs/MobileComm/M.1567365381.A.4D9.html Google：iPhone被入侵恐是陸針對維吾爾族穆斯林之舉 https://udn.com/news/story/11017/4024824 中共駭入維吾爾族 CNN：港台人士提防 https://udn.com/news/story/7331/4030151 中國監控維族手機Google、微軟作業系統被駭 https://m.ltn.com.tw/news/world/paper/1315236 中國利用iPhone監控新疆人？惡意程式侵入網站長達兩年，照片訊息、帳戶密碼全都竊 https://www.storm.mg/lifestyle/1664309 傳中國為監控新疆打造的iPhone攻擊鏈，也會對Windows、Android用戶下手 https://www.ithome.com.tw/news/132807 瀏覽網站就被植入惡意碼，中國政府利用 iPhone 監控維吾爾族 https://buzzorange.com/techorange/2019/09/02/code-in-iphone-to-monitor-uyghur/ 間諜程式藏網站大規模侵入iPhone至少2年，疑意在監控維吾爾人 https://www.ithome.com.tw/news/132786 㩒入Google搜尋結果手機都會中招外媒：監控黑手很可能是中國 https://hk.news.appledaily.com/international/realtime/article/20190902/60000457 Google 資安研究團隊揭發史上最大 iPhone 駭侵事件 https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=911 Android 軟體更新報告出爐，Nokia 最勤快、vivo 和 LG 慘兮兮 https://technews.tw/2019/09/02/android-update-for-smartphone/ 內地AI換臉軟件「ZAO」走紅　網民憂臉容遭不當利用 http://bit.ly/2ln6QUw 華為「鴻蒙」安全成疑　專家籲用黑客思維逆向思考 http://bit.ly/2lPJYNJ 「一張照演天下戲」大陸換臉APP恐洩隱私 https://news.tvbs.com.tw/focus/1193977 Google 正式釋出 Android 10 ， Pixel 系列裝置將陸續收到更新通知 https://www.cool3c.com/article/147691 Gmail隱藏圖片功能延伸至App　用戶資安更添保障 https://www.ettoday.net/news/20190904/1528397.htm 警惕手機淪為遠程竊聽器 APP偷聽今年被重點監管治理 https://news.sina.com.tw/article/20190905/32560836.html 深入理解PHP Phar反序列化漏洞原理及利用方法 https://www.4hou.com/vulnerable/18196.html Bridgefy通訊App 港人下載急增　專家：未必可免受監控 http://bit.ly/2kiqtx7 「臉書約會」推出！　整合Instagram列「暗戀名單」秘密配對：風險自負 https://www.ettoday.net/news/20190906/1529681.htm FB推出約會服務　聲明：結果風險自負 https://www.ctwant.com/article/6426 網釣簡訊利用OTA散布可變更手機設定，三星、LG等品牌受害 https://www.ithome.com.tw/news/132897 交友App管理消極消基會：不乏未成年者冒充年齡進入 https://money.udn.com/money/story/5612/4032363 Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years https://thehackernews.com/2019/08/hacking-iphone-ios-exploits.html Apple Changes the Way It Listens to Your Siri Recordings Following Privacy Concerns https://thehackernews.com/2019/08/apple-siri-recording-privacy.html New Stealthy Ad Clicking Tactics Found in Popular Apps on Google Play https://www.symantec.com/blogs/threat-intelligence/stealthy-ad-clicking-apps-google-play Chinese Face-Swapping App ZAO Sparks Privacy Concerns After Going Crazily Viral https://thehackernews.com/2019/09/face-swapping-deepfake-zao.html Exploit Reseller Offering Up To $2.5 Million For Android Zero-Days https://thehackernews.com/2019/09/android-full-chain-zero-day-exploit.html Mysterious iOS Attack Changes Everything We Know About iPhone Hacking https://www.wired.com/story/ios-attack-watering-hole-project-zero/ Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks https://www.wired.com/story/android-zero-day-more-than-ios-zerodium/ Just An SMS Could Let Remote Attackers Access All Your Emails, Experts Warn https://thehackernews.com/2019/09/just-sms-could-let-remote-attackers.html iPhone Hacks May Be Linked to Broader China Spying https://www.bankinfosecurity.com/iphone-hacks-may-be-linked-to-broader-china-spying-a-13010 Zero-day disclosed in Android OS https://www.zdnet.com/article/zero-day-disclosed-in-android-os/#ftag=RSSbaffb68 Semi‑annual balance of mobile security 2019 https://www.welivesecurity.com/2019/09/05/balance-mobile-security-2019/ Apple iOS Attack Underscores Importance of Threat Research https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/apple-ios-attack-underscores-importance-of-threat-research/ C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件「白帽黑客」組成 Project Zero屢建奇功 http://paper.wenweipo.com/2019/08/31/GJ1908310003.htm Mozilla 調查指出台灣面臨三大網路風險，隱私、資訊壟斷與訊息誤導壟罩台灣網路環境 https://www.cool3c.com/article/147631 不只身體有！愛上網的台灣人在網路也有「三高」 https://money.udn.com/money/story/5617/4024341 趨勢：91％駭客威脅透過電郵入侵 http://bit.ly/2kl13yW 2019年8月十大資安新聞 https://www.ithome.com.tw/news/132843 資安智慧醫療的罩門 https://talk.ltn.com.tw/article/paper/1314919 回應「資安，智慧醫療的罩門」 https://talk.ltn.com.tw/article/paper/1315174 Yahoo官網驚傳無預警關閉網友哀嚎遍野 https://3c.ltn.com.tw/news/37890 國家網路安全宣傳周｜你的口令會成為駭客破解的對象嗎 https://ek21.com/news/tech/134970/ 入侵Capital One的駭客以遭駭的伺服器來挖礦 https://www.ithome.com.tw/news/132784 駭客組織強襲石油公司，中東恐成資訊戰最活躍戰場 http://bit.ly/2lyt4mH 中國最小的駭客，8歲黑進學校系統，13歲向360提出改進方案 https://ek21.com/news/tech/133846/ Kaspersky調查：還有4成用戶使用已終止支援或即將過期的Windows平台 https://www.ithome.com.tw/news/132792 資安即國安　電腦公會帶頭整合資安與製造業者 https://digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000567422_BZ955ZP51KP05U345QID7&cf=AG1 如何將資安導入DevOps的開發流程？白帽觀點創辦人揭露心法 https://www.ithome.com.tw/news/132778 推特執行長帳號遭駭大發種族歧視推文 https://www.chinatimes.com/realtimenews/20190831003436-260410?chdtv Twitter CEO 多爾西的推特帳號被駭，駭客只運用簡單的 SIM 盜換技術就搞定 https://technews.tw/2019/09/02/twitter-ceo-jack-dorsey-account-was-hacked-and-hacker-just-simply-use-sim-swap-method/ Twitter CEO Jack Dorsey 的個人 Twitter 帳號遭到駭客入侵 https://hypebeast.com/zh/2019/9/twitter-ceo-jack-dorsey-account-hacked-chuckle-squad-information 推特CEO狂發「種族歧視文」：總部有炸彈！　爆駭客1狡猾手段入侵 https://www.ettoday.net/news/20190831/1525403.htm 推特CEO推特帳號被駭！駭客放話要炸總部 https://udn.com/news/story/6811/4020663?from=udn-ch1_breaknews-1-cate5-news 駭進產品就賞3千萬！蘋果重金邀駭客查漏洞 https://fnc.ebc.net.tw/FncNews/life/97012 被指攻擊銀行及交易所獲20億美元北韓發聲明否認 http://bit.ly/2kowqbL 網攻竊取逾600億？北韓痛批美國散播惡毒謠言 https://fnc.ebc.net.tw/FncNews/world/97586 華為再遭控竊取專利反咬美國政府對公司發動「網路攻擊」 https://www.ftvnews.com.tw/news/detail/2019904W0025 華為有意公開原始碼盼釋日方資安疑慮 https://www.chinatimes.com/realtimenews/20190904002756-260410?chdtv 日本防衛概算出爐將成立太空作戰隊 https://m.ltn.com.tw/news/world/breakingnews/2901087 Defense One：應對網攻浩劫後美須速謀對策 http://bit.ly/2LfOsHC 專家呼籲美政府應建立「網攻第一擊後」應對方案 https://www.ydn.com.tw/News/350319 美國和波蘭簽署5G網絡安全聲明劍指華為 http://www.epochtimes.com/b5/19/9/2/n11494094.htm 美軍駭入伊朗革命衛隊系統，摧毀其恐怖攻擊資料庫 https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=912 澳國大學加大防堵中國滲透措施 http://bit.ly/2Zzh86B 劍橋分析吹哨者:中國干預澳大利亞選舉比俄羅斯還危險 http://bit.ly/30MFEhU 外國勢力滲透大學校園澳洲政府採取行動防範 https://money.udn.com/money/story/5599/4015394 聯國制裁報告：北韓續發展核武和導彈計畫 http://bit.ly/2m2vHxr 與國際接軌北韓擴充網安發展科技 http://bit.ly/2luiCN4 已具有突破防禦體系能力聯合國報告：北韓還在發展核導計畫 https://news.ltn.com.tw/news/world/breakingnews/2907530 中國社會信用系統2020年適用企業歐商會示警外企也要被監控 https://ec.ltn.com.tw/article/breakingnews/2898412 路透：為北京服務的黑客侵入亞洲電信公司系統監控維族人行蹤 https://www.voacantonese.com/a/CHINA-HACEKED-ASIAN-TELCOS-TO-SPY-ON-UIGHUR-TRAVELERS-20190905/5071398.html 中國駭客入侵亞洲多國電信商監控維吾爾人 https://news.ltn.com.tw/news/world/breakingnews/2907227 北韓37大學大舉新設資安及尖端科學系所　教改跟上世界潮流 https://www.ettoday.net/news/20190904/1528047.htm A Chinese APT is now going after Pulse Secure and Fortinet VPN servers https://www.zdnet.com/article/a-chinese-apt-is-now-going-after-pulse-secure-and-fortinet-vpn-servers/#ftag=RSSbaffb68 Lyceum APT Group a New Threat to Oil and Gas Companies https://www.bankinfosecurity.com/lyceum-apt-group-new-threat-to-oil-gas-companies-a-13003 Capital One Hacker Also Accused of Hacking 30 More Companies and CryptoJacking https://thehackernews.com/2019/08/paige-thompson-capital-one.html Unix at 50: How the OS that powered smartphones started from failure https://arstechnica.com/gadgets/2019/08/unix-at-50-it-starts-with-a-mainframe-a-gator-and-three-dedicated-researchers/ Huawei Accuses US Government of Hack Attacks https://www.bankinfosecurity.com/huawei-accuses-us-government-hack-attacks-a-13011 How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory https://www.cyberscoop.com/apt3-nsa-tools-smb-check-point/ 網路/資安工程師 (北京) https://www.104.com.tw/job/6pzkh 【管理】資訊安全主管 https://www.104.com.tw/job/6pxgd 北區-資安講師(資安攻防實務、專題研討) https://www.104.com.tw/job/6puwx 5287 資安分析師 / 資安工程師 (新竹市區) https://www.cakeresume.com/companies/66cd09/jobs/security-analyst 駐點資安服務工程師 (大安運動中心附近) https://www.104.com.tw/job/6q2g4 系統發展中心108年第四次專案人力進用-26.研發類-資安/通訊 https://www.104.com.tw/job/6q408?jobsource=n104bank2 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 LINE不當轉傳致洩密 http://epaper.wra.gov.tw/Article_Detail.aspx?s=7E7BC791D6822D9D Google日曆也變詐騙聖地！二步驟讓你遠離假訊息 https://www.ettoday.net/news/20190829/1524283.htm Google 日曆被垃圾訊息洗版，只要一個選項就乾淨溜溜 https://www.kocpc.com.tw/archives/277295 網安公司報告揭英美多國病人私隱被賤賣 http://bit.ly/2HE6Xnb Imperva發生資料外洩意外，影響Cloud WAF雲端防火牆客戶 https://www.ithome.com.tw/news/132687 二合一選舉桃市已有10多件假訊息情資 http://bit.ly/2HRea3t 第一資本個資外洩案女駭客被起訴 http://bit.ly/2PtkUKL 第一資本個資外洩案女駭客被起訴最重可判25年 https://udn.com/news/story/6812/4017729 密碼設為123456、多網站共用一組帳密，都有嚴重資安風險！教育部教你這樣設密碼，安全又好記 http://about.storm.mg/lifestyle/1648206 FB收緊刊美國政治廣告規則減誤導及虛假訊息但仍存漏洞 http://bit.ly/2LojD2F 警方報案電話系統有漏洞民眾個資險外流 https://udn.com/news/story/7321/4017753?from=udn-relatednews_ch2 挽救形象？Facebook開「快閃咖啡廳」教用戶如何設定隱私 https://news.sina.com.tw/article/20190901/32517928.html 偽裝台灣小農打悲情牌,宣稱無花果茶/桑葚,有治糖尿病/白髮療效 https://blog.trendmicro.com.tw/?p=61829 Foxit資料外洩曝露用戶密碼 https://www.ithome.com.tw/news/132790 165示警！新詐騙手法「特殊管道」助貸款　連環套錢坑越來越大 https://www.ettoday.net/news/20190901/1526150.htm 網路賭局易使詐行動支付警難辦 http://bit.ly/2lNnmxn 網傳收健保郵件會中「勒索病毒」？　衛福部急澄清：舊聞啦 https://health.ettoday.net/news/1526731 信用卡個資外洩遭恐嚇詐騙匯款員警及時攔阻 https://udn.com/news/story/7320/4025509?from=udn-catebreaknews_ch2 挪威涉中國公民電信詐騙頻發中使館提醒防範 http://www.hkcna.hk/content/2019/0902/782514.shtml 又利用網路愛情詐騙保七力阻24萬險遭騙 http://bit.ly/2lVG8mq 駐布里斯班總領館發佈提醒：謹防網上交友詐騙 https://news.sina.com.tw/article/20190902/32523692.html 學生盜取上億條個人信息境外網路販賣被公訴 https://news.sina.com.tw/article/20190903/32541836.html 買家接詐騙電話　警覺抓包蝦皮！爆系統紕漏外洩個資 https://tw.news.appledaily.com/life/realtime/20190904/1625910/ 臉書一頁式購物廣告充斥詐騙 http://www.ksnews.com.tw/index.php/news/contents_page/0001298246 美國防部開發軟件打擊假新聞 https://hk.news.appledaily.com/international/daily/article/20190904/20761834 AI時代金融信息安全攻防戰危情：誰泄露了我的數據 https://news.sina.com.tw/article/20190904/32547538.html 換臉APP涉洩個資 ZAO致歉 http://bit.ly/2lx0x0O 詐騙集團以AI軟體偽裝成老板聲音指示匯錢 https://www.ithome.com.tw/news/132836 知名餅店太火紅　詐騙集團拿去當犯案招牌 https://www.nownews.com/news/20190904/3610396/ 警破一條龍詐騙集團突破斷點逮22嫌 https://www.chinatimes.com/realtimenews/20190904002854-260402?chdtv 南京破獲一起冒用他人身份證辦理信用卡並惡意透支案 https://news.sina.com.tw/article/20190905/32563998.html 惡劣！盜領癌末患者錢財　社工遭農會識破報案 https://news.tvbs.com.tw/local/1195689 FB 又爆資安漏洞！上億用戶電話資料庫曝光 https://3c.ltn.com.tw/news/37884 釣魚電郵騙個資！收到「臉書官方」這封信不要回傳 https://m.ltn.com.tw/news/life/breakingnews/2906974 安卓用戶小心！手機收到假冒電信商簡訊恐是釣魚攻擊 http://bit.ly/2kuEjfN 北京警方打掉一「鏈條化」信用卡詐騙犯罪團伙 https://news.sina.com.tw/article/20190904/32557640.html 主管打來叫他幫忙轉帳，誰知竟是駭客詐騙！AI模仿主管聲音，七百萬現金人間蒸發 https://www.storm.mg/lifestyle/1675979 駭客用AI仿冒英國能源公司CEO 語音命令員工匯款22萬歐元 https://cnews.com.tw/140190905a05/ 陸刷臉支付暗藏資安疑慮 https://www.ydn.com.tw/News/351381 DevOps服務Circleci資料外洩事件調查，攻擊者未取得任何用戶機密資料 https://www.ithome.com.tw/news/132884 中國製GPS追蹤器洩露60萬用戶即時地點 https://www.ithome.com.tw/news/132893 【詐騙新招】偽裝台灣小農打悲情牌,宣稱無花果茶/桑葚,有治糖尿病/白髮療效 https://blog.trendmicro.com.tw/?p=61829 BEC overtakes ransomware and data breaches in cyber-insurance claims https://www.zdnet.com/article/bec-overtakes-ransomware-and-data-breaches-in-cyber-insurance-claims/#ftag=RSSbaffb68 Google Will Now Pay Anyone Who Reports Apps Abusing Users' Data https://thehackernews.com/2019/08/google-data-abuse-bug-bounty.html Brazilian citizen data under threat with sale of national tech firms https://www.zdnet.com/article/brazilian-citizen-data-under-threat-with-sale-of-national-tech-firms/#ftag=RSSbaffb68 Some of Russia's surveillance tech leaked data for more than a year https://www.zdnet.com/article/some-of-russias-surveillance-tech-leaked-data-for-more-than-a-year/#ftag=RSSbaffb68 Foxit Software Breach Exposes Account Data https://www.bankinfosecurity.in/foxit-software-breach-exposes-account-data-a-13006 XKCD Forum Hacked – Over 562,000 Users’ Account Details Leaked https://thehackernews.com/2019/09/xkcd-forum-hacked.html Phishers Use SCA Checks to Trick Banking Customers https://www.infosecurity-magazine.com/news/phishers-use-sca-checks-trick 600,000 GPS trackers left exposed online with a default password of '123456' https://www.zdnet.com/article/600000-gps-trackers-left-exposed-online-with-a-default-password-of-123456/#ftag=RSSbaffb68 DK-Lok data breach exposes global enterprise client data, internal emails https://www.zdnet.com/article/dklok-data-breach-leaked-global-enterprise-client-internal-emails/#ftag=RSSbaffb68 E.研究報告如何自己動手編寫漏洞POC https://cloud.tencent.com/developer/article/1496209 Buhtrap CVE-2019-1132攻擊事件相關漏洞樣本分析 https://www.freebuf.com/vuls/210782.html Confluence 文件讀取漏洞(CVE-2019-3394)分析 https://paper.seebug.org/1025/ 如何解“邏輯漏洞檢測”難題？默安給你答案 https://www.aqniu.com/vendor/54318.html CVE-2015-2546 內核Use After Free漏洞分析 https://xz.aliyun.com/t/6115 SUCTF2019，python源碼分析，漏洞原理 https://xz.aliyun.com/t/6135 vivetok 攝像頭遠程棧溢出漏洞分析 https://juejin.im/entry/5d68ecb8f265da03b95009eb SRC 漏洞挖掘實用技巧 https://www.jishuwen.com/d/29pP 華為路由器H532G漏洞分析 https://xz.aliyun.com/t/6116 Objection：一款運行時移動設備漏洞利用工具 https://www.freebuf.com/sectool/211869.html 利用吃灰的釣魚利器（esp8266）做一個手機遠程遙控小車 https://www.freebuf.com/articles/others-articles/210044.html 大型跨國銀行系統架構的微服務與敏捷開發實踐之路 https://www.infoq.cn/article/1uZuwqSo3XIL6WtrrP33 WebLogic漏洞深入滲透利用及防范思路 https://www.freebuf.com/articles/network/212858.html 網站漏洞檢測squid反向代理存在遠程代碼執行漏洞 https://cloud.tencent.com/developer/article/1496746 Web安全-之文件上傳漏洞場景 https://blog.csdn.net/devcloud/article/details/100173321 傳統XSS攻擊引發持久型ATO漏洞技術研究 https://xz.aliyun.com/t/6186 Pulse Secure SSL VPN遠程代碼執行漏洞利用與分析 https://www.anquanke.com/post/id/185773 通用漏洞評估方法CVSS3.0介紹 https://blog.csdn.net/whatday/article/details/100552807 解除任天堂Google Authenticator二階段驗證 SWITCH帳戶解鎖流程教學 https://www.cool3c.com/article/147763 淺談ARP欺騙的實現與防禦 https://www.freebuf.com/articles/network/210852.html CVE-2018-8639分析與復現 https://bbs.pediy.com/thread-254305.htm 西門子S7通信過程及重放攻擊分析 https://www.freebuf.com/articles/ics-articles/212283.html 日活百萬級病毒“DropperNecro”分析報告 https://www.freebuf.com/articles/terminal/213324.html 個案分析-X大學系所網站駭侵攻擊事件分析報告_10808 https://cert.tanet.edu.tw/prog/opendoc.php?id=2019083011082828195490327742851.pdf 挖洞經驗| 繞過WAF限制利用php:方法實現OOB-XXE漏洞利用 https://www.freebuf.com/vuls/211822.html Macro_Pack中的宏代碼混淆方法分析 https://www.freebuf.com/sectool/211592.html Dwarf：一款基於Pyqt5和Frida的逆向分析調試工具 https://www.freebuf.com/sectool/212123.html Adobe ColdFusion RCE(CVE-2019-7839) 漏洞分析 https://www.freebuf.com/vuls/210386.html Separ木馬分析報告案例分析 https://www.freebuf.com/articles/network/211691.html 從習總書記講話看中國網絡空間安全發展趨勢 https://www.freebuf.com/articles/network/213433.html 利用Redis未授權訪問漏洞進行門羅幣（XMR）挖礦事件分析 https://www.freebuf.com/vuls/213484.html Gorgon APT組織再做文章：DropBox到NJRat的曲折歷程 https://www.freebuf.com/articles/system/213082.html 安全運維工作中的機器學習應用 https://www.freebuf.com/articles/es/211990.html HiddenEye：帶有高級功能的現代釣魚工具 https://www.freebuf.com/sectool/212130.html 釣魚郵件故事一則與處理方法分享 https://www.freebuf.com/articles/es/211692.html 電子郵件安全問題分析（一） https://www.freebuf.com/articles/network/212241.html 電子郵件安全問題分析（二） https://www.freebuf.com/articles/network/212273.html Hacker101白帽黑客進階之路 https://www.freebuf.com/video/213279.html 谷歌提醒iPhone用戶注意數據竊取惡意軟件攻擊 https://www.freebuf.com/articles/database/213201.html WannaMine挖礦木馬再活躍，14萬台linux系統受攻擊廣東省為重災區 https://www.freebuf.com/articles/network/212166.html 淺談電子數字取證技術 https://www.freebuf.com/articles/network/211643.html BoomBox Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant https://github.com/nbeede/BoomBox GhIDA: Ghidra decompiler for IDA Pro https://blog.talosintelligence.com/2019/09/ghida.html Nishang https://github.com/samratashok/nishang xray: A powerful security assessment tool https://securityonline.info/xray-powerful-security-assessment/ mwrlabs/C3 https://github.com/mwrlabs/C3/blob/master/README.md CVE-2019-8790：Check Point Endpoint Security初始客戶端提權漏洞分析 https://www.anquanke.com/post/id/185338 China Chopper still active 9 years later https://blog.talosintelligence.com/2019/08/china-chopper-still-active-9-years-later.html Virtual Machine for Adversary Emulation and Threat Hunting https://github.com/redhuntlabs/RedHunt-OS Exploitation of Windows CVE-2019-0708 (BlueKeep): Three Ways to Write Data into the Kernel with RDP PDU http://bit.ly/2LbPNPM Operation Fast Cash - Hidden Cobra‘s AIX PowerPC malware dissected http://bit.ly/2ZJ9FxQ crawlab https://github.com/crawlab-team/crawlab AIL Framework - Framework for Analysis of Information Leaks https://www.kitploit.com/2019/08/ail-framework-framework-for-analysis-of.html Backdooring My Router Firmware https://www.secjuice.com/backdooring-dlink-router-firmware/ VB2019 preview: Inside Magecart: the history behind the covert card-skimming assault on the e-commerce industry https://www.virusbulletin.com/blog/2019/08/vb2019-preview-inside-magecart-history-behind-covert-card-skimming-assault-e-commerce-industry/ F.商業趨勢科技推出涵蓋電郵、網絡、用戶端、伺服器及雲端的XDR 雲端服務平台 http://n.yam.com/Article/20190827828595 中華電攻新南向越南研討會首登場 https://www.cna.com.tw/news/afe/201908270309.aspx 中華電跨國物聯網上線拓展行動業務及技術 https://money.udn.com/money/story/5612/4013211 【資安情報】勒索．挖掘．漏洞增企業關注高危系統 http://bit.ly/2zFl8UH 趨勢科技作育全球網路資安英才 https://news.sina.com.tw/article/20190828/32482588.html 記錄指令活動嚴防內鬼或駭客竊取營業秘密 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000566822_bpd7cao13w7o5j1qy1yg1 部分 Surface 用戶發現更新後耗電異常，關機再開吃掉 25％電力 https://www.kocpc.com.tw/archives/277690 Palo Alto 以 7,500 萬美元收購 IoT 安全新創公司 Zingbox，並將首度提供安全訂閱服務 https://finance.technews.tw/2019/09/06/palo-alto-networks-intends-to-acquire-zingbox/ New Free Offering Enables Any MSP and Security Integrator to Add Incident Response to their Services Portfolio https://thehackernews.com/2019/09/msp-incident-response.html Palo Alto Networks delivers strong Q4, acquires Zingbox for IoT security https://www.zdnet.com/article/palo-alto-networks-delivers-strong-q4-acquires-zingbox-for-iot-security/#ftag=RSSbaffb68 G.政府行程很硬的一週...陳其邁深夜喊：給我三個月也很難變三浦春馬 https://www.ettoday.net/news/20190829/1523693.htm 工業局補助資安健檢團隊到你家 https://money.udn.com/money/story/10860/4017790 網路性騷無法管？綠委將提案修性騷擾防治法 https://www.rti.org.tw/news/view/id/2032667 網紅拍片辱護理師無法可治立委拋修法拒網路性別罷凌 https://taronews.tw/2019/08/30/450648/ 數位身分證個資內政部怎保護 https://tw.appledaily.com/new/realtime/20190902/1626346/ 外商掌握關鍵技術　廠商憂全民個資恐外流 https://m.mirrormedia.mg/story/20190902soc004/ 1分鐘看懂新式身分證　八大功能一把抓 https://www.mirrormedia.mg/story/20190902soc006 資安防護觀念轉變唐鳳：如何反擊重於防守 https://www.cna.com.tw/news/afe/201909030152.aspx 金管會明年施政緊盯四要點 https://www.chinatimes.com/newspapers/20190903000233-260202?chdtv 新式身分證傳外包疑洩個資內政部：集中製卡個資不外洩 https://www.chinatimes.com/realtimenews/20190903003160-260407?chdtv 如何強化台灣資安戰場？唐鳳：主動出擊重於防護 https://www.ftvnews.com.tw/news/detail/2019903W0018 蘇貞昌：數位身分證重視資安 https://www.chinatimes.com/realtimenews/20190903003617-260407?chdtv 資通安全管理法常見問題 https://nicst.ey.gov.tw/Page/D94EC6EDE9B10E15/c14455ab-503d-4687-97ae-c514b7fa1df2 Fintech周報第114期：金管會揭露2020年金融科技八大發展重點 https://ithome.com.tw/news/132845 工研院組國家隊攜手微軟，發展國內 AI 晶片新應用商機 https://technews.tw/2019/09/05/ai-chip-itri/ 有線電視用戶恐跌破500萬 CBIT籲NCC鬆綁法規限制 https://ec.ltn.com.tw/article/breakingnews/2907206 108年「資安系列競賽」9月2日起開放報名 https://www.nccst.nat.gov.tw/NewInfoDetail?lang=zh&seq=1530 H.ICS/SCADA 工控系統推動資安標準為工控領域灌輸防禦基本功 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000566908_kvg8pq7d1kizrg7zhw907 產能、資安面面俱到加速智慧製造轉型進程 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000566824_tf17xahr386ov23d5ic9k 因應工業環境特殊性選用正確設備以強化工控安全 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000566848_3fw7ibvn5bvh3e7tkfu9z 綜觀人員、流程、技術重新定義工控安全體系 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000566306_h8a46i0tlev6pq740s2n4 援引國際規範打造安全穩定的ICS運作環境 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000566909_85flg1q0l0lm21lc6ziba 善用超級電腦為工業4.0工廠設計分配式智慧防駭系統 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000566911_v4dl2gwu0ou7v02pbpawz 破解一輛特斯拉Model S需要多長時間？2018年的漏洞仍未徹底修復：駭客仍能幾秒內破解特斯拉Model S https://www.insoler.com/forum/topic/15672997979807.htm I.教育訓練實體安全與資安管理 https://drive.google.com/file/d/1OYFLHKPGFm9MWI-LBcEERCgXXVf-WAAM/view 參與資安稽核的緣起(一) https://ithelp.ithome.com.tw/articles/10213103 參與資安稽核的緣起(二) https://ithelp.ithome.com.tw/articles/10213117 訓練課程的注意事項 https://ithelp.ithome.com.tw/articles/10213691 [駭客工具 Day1] 前言 https://ithelp.ithome.com.tw/articles/10213312 [駭客工具 Day2] Port Scan王者 - Nmap https://ithelp.ithome.com.tw/articles/10213539 [駭客工具 Day3] 網路封包側錄分析 - Wireshark https://ithelp.ithome.com.tw/articles/10213677 (1)資安事件分析(2)資訊安全管理制度實務(3)網路安全管理實務 (4)資通安全設備管理(含 Firewall、IPS、WAF、AD 與 Exchange Server、SIEM) 等實務測驗題庫彙編 http://bit.ly/2lCKI8L 學會這些JS 小技巧，提升編碼幸福度 https://www.infoq.cn/article/wF1PorTPQiW0*Q2Jc2XU curl 的用法指南 http://www.ruanyifeng.com/blog/2019/09/curl-reference.htm 教你如何搭建威脅情報庫 https://www.freebuf.com/articles/network/210451.html Resource: Malware analysis - learning How To Reverse Malware: A collection of guides and tools https://www.peerlyst.com/posts/resource-learning-how-to-reverse-malware-a-guide?trk=search_suggestion_query Learn Ethical Hacking Online – A to Z Training Bundle 2019 https://thehackernews.com/2017/03/learn-hacking-training.html Malware Naming Hell Part 1: Taming the mess of AV detection names https://www.gdatasoftware.com/blog/2019/08/35146-taming-the-mess-of-av-detection-names Cisco releases guides for incident responders handling hacked Cisco gear https://www.zdnet.com/article/cisco-releases-guides-for-incident-responders-handling-hacked-cisco-gear/#ftag=RSSbaffb68 Cisco ASA Forensic Investigation Procedures for First Responders https://tools.cisco.com/security/center/resources/asa_forensic_investigation Cisco IOS Software Forensic Investigation Procedures for First Responders https://tools.cisco.com/security/center/resources/ios_forensic_investigation Cisco IOS XE Software Forensic Investigation Procedures for First Responders https://tools.cisco.com/security/center/resources/iosxe_forensic_guide Cisco Firepower Threat Defense Forensic Investigation Procedures for First Responders https://tools.cisco.com/security/center/resources/ftd_forensic_investigation What is MITRE ATT&CK and how is it useful https://www.welivesecurity.com/2019/09/03/what-is-mitre-attck-useful/ PowerShell Script with a builtin DLL https://isc.sans.edu/diary/PowerShell+Script+with+a+builtin+DLL/25302 J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識根據資訊安全分類實施物聯網雲端安全控制措施 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000566847_rby7z74d5jgvvw6w786an 借助雲端平台生態系加速提升IoT安全性 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000566845_43d9hztj34u7o46ywu23q 物聯網資安情況堪慮原因：欠產品保安意識 http://bit.ly/2UqW90L 你家門鈴就是監視器！智慧門鈴廠商 Ring 與警方合作，提供監視畫面打擊犯罪 https://buzzorange.com/techorange/2019/08/29/ring-cooperate-with-police/ 無所不在的物聯網 http://bit.ly/2ZvyZfi 臉書、微軟辦大賽徵求辨識深度合成造假影片的技術 https://udn.com/news/story/6811/4032078 A Hack to Steal a Tesla, a Yelp Overhaul, and More News https://www.wired.com/story/tesla-key-fob-hack-yelp-custom-search/ Hackers Could Steal a Tesla Model S by Cloning Its Key Fob—Again https://www.wired.com/story/hackers-steal-tesla-model-s-key-fob-encryption/ 6.近期資安活動及研討會 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28 https://www.accupass.com/event/1906050355291064968019 AI 投資理財技術實作，Python爬蟲+機器學習技術實務，打造個人投資理財工具 9/7 https://www.techbang.com/posts/72056-course-ai-investment-finance-technology 交通大學亥克書院-B022:基礎網頁安全與滲透測試<新竹場次> 9/7 https://hackercollege.nctu.edu.tw/?p=1079 DigitalOcean Hsichu x Golang TW Meetup 9/7 https://www.meetup.com/DigitalOceanHsinchu/events/263910445/ Trend Micro CTF 2019 // Raimund Genes Cup SEPTEMBER 7–8, 2019 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html 資訊安全管理系統-基礎課程 9/8 https://www.accupass.com/event/1907160853513957042270 Scala Taiwan #32 - Introduction to Minitime 9/9 https://www.meetup.com/Scala-Taiwan-Meetup/events/263961981/ MLDM Monday｜Domain Adaptation 的數學理論推導 9/9 https://www.meetup.com/Taiwan-R/events/263929941/ 【AWS資安】Security Engineering on AWS高級課程 2019-09-09(一) 09:30 ~ 2019-09-11(三) 17:30 (GMT+8) https://www.accupass.com/event/1905150854571147685105 微軟 2nd Cybersecurity Conference 2019/09/10 9:00-17:00 https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x7592629abcd SyntaxError 9/11 https://www.meetup.com/pythonhug/events/tnzzgpyzmbpb/ Android Code Club(Taipei) 9/11 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbpb/ 【AWS資安】Security Engineering on AWS高級課程 9/9 ~ 9/11 https://www.accupass.com/event/1905150854571147685105 CDX2.0推廣活動 - 台北場次 9/10 https://nchc-cdx.kktix.cc/events/cdxactivity-0910 Kubernetes Sumｍit 9/11 https://summit.ithome.com.tw/kubernetes/ 台灣賽門鐵克年度資安論壇 9/12 https://zh.surveymonkey.com/r/symantec_0912 HackingThursday 固定聚會 9/12 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbqb/ 資安檢核核心技術及進階技術研討會 9月16日至9月18日 http://bit.ly/2TN2UtD MLDM Monday｜TensorFlow All Around 9/16 https://www.meetup.com/Taiwan-R/events/264154315/ Kotlin/Everywhere GDG Hsinchu - Kotlin on Cloud and Web 9/17 https://www.meetup.com/GDG-Hsinchu/events/263741333/ Cosmos SDK Workshop - 打造自己的新手區塊鏈 9/17 https://www.meetup.com/Taipei-Blockchain/events/264188406/ 2019網路治理分享會台灣、亞太、與全球的焦點議題 9/17 https://www.nii.org.tw/events/igf19/ Cyber Attack Taipei Series 2019 9/17 https://www.eventbrite.com/e/cyber-attack-taipei-series-2019-tickets-68951581035 稽核主管研習班(108年第二期) 9/17 ~ 9/18 https://edu.tii.org.tw/pt_training/mpage/index/info/1072673781 Android Code Club(Taipei) 9/18 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbxb/ SyntaxError 9/18 https://www.meetup.com/pythonhug/events/tnzzgpyzmbxb/ HackingThursday 固定聚會 9/19 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbzb/ Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 9/20 https://signupcybersec101.ithome.com.tw/ 金融資安培訓課程 9/20 https://twap.deloitte.com.tw/DTLCRA/Works/CourseDetail.aspx?CourseID=T1906002 Android Code Club(Taipei) 9/21 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzlbcc/ SyntaxError 9/21 https://www.meetup.com/pythonhug/events/tnzzgpyzlbcc/ 資策會開辦「認證系統安全從業人員 SSCP 輔導班」2019/9/21 https://ithome.com.tw/pr/131772 交通大學亥客書院-A011:入侵行為發覺與應變指南 9/21 https://hackercollege.nctu.edu.tw/?p=1082 資訊安全管理系統-進階課程 9/21 https://www.accupass.com/event/1907160908138705889800 Open UP Summit Fukuoka Outreach 9/21 https://www.meetup.com/TaipeiWomeninTech/events/263683783/ Build Your First Custom Blockchain - 親手打造你的第一個客制區塊鏈 9/24 https://www.meetup.com/Polkadot-Taipei/events/264188190/ TANET 2019 - 臺灣網際網路研討會 9/25 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310 Nextlink Technology 9/25 (三) https://www.accupass.com/event/1908020858535104977240 DEVCORE Conference 2019 9/25 https://devco.re/conf/2019/ 面對 APT進階持續性滲透攻擊，企業如何建立正確防護觀念與有效、低成本的資安防護能力 9/26 https://www.techbang.com/posts/72484-lecturecorporate-apt Thinking Thursday 第四場 9/26 https://www.meetup.com/Thinking-Thursday/events/263826166/ [CyCarrier]-奧義智慧資安活動_Fintech威脅剖析金融科技資安升級 9/26 https://www.zerone.com.tw/TrainingDetial/Seminar/2CB2943BF5366C08%7C581222C91497B312 [Akamai]-Akamai線上研討會快速部署與高效預測抵禦的資安防護網 9/27 https://www.zerone.com.tw/TrainingDetial/Seminar/33439C9B5852933A%7C4D840EFFD881209B 交通大學亥客書院-B022:基礎網頁安全與滲透測試 9/28 https://hackercollege.nctu.edu.tw/?p=1084 JavaScript Developer Conference-2019 2019-09-28(六) 09:30 ~ 2019-10-26(六) 17:30 (GMT+8) https://www.accupass.com/event/1907081509101081922774 GDG DevFest Taipei 2019 10/1 https://www.meetup.com/GDGTaipei/events/263142255/ 資安檢核核心技術及進階技術研討會 10月7日至10月9日 http://bit.ly/2TN2UtD HITB+ CYBER WEEK 2019/10/12 ~17 https://d2p.hitb.org/ 交通大學亥客書院-A006:數位足跡追蹤與分析 10/19 https://hackercollege.nctu.edu.tw/?p=1088 Splunk .conf 19 10/21 ~ 10/24 https://conf.splunk.com/ AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22 https://ittraining.kktix.cc/events/aiot-training-2019 Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019 https://www.icscybersecurityconference.com [Palo Alto Networks]-Palo Alto Networks 直播研討會Part6. MITRE ATT&CK 新資安攻防框架進階產業應用 10/24 https://www.zerone.com.tw/TrainingDetial/Seminar/7747B901A8198AC3%7C1C130FE6FEC34700 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 10/25 https://signupcybersec101.ithome.com.tw/ 交通大學亥客書院-A015:進階網頁滲透測試 10/26 https://hackercollege.nctu.edu.tw/?p=1090 資安檢核核心技術及進階技術研討會 10月28日至10月30日 http://bit.ly/2TN2UtD Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/8 https://signupcybersec101.ithome.com.tw/ 交通大學亥客書院-P006:高階網頁滲透測試 11/16 https://hackercollege.nctu.edu.tw/?p=1092 Trend Micro CTF 2019 // Raimund Genes Cup FINAL / NOVEMBER 23–24, 2019 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html 資安檢核核心技術及進階技術研討會11月26日至11月28日 http://bit.ly/2TN2UtD Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/29 https://signupcybersec101.ithome.com.tw/ 交通大學亥客書院-B015:惡意程式檢測 11/30 https://hackercollege.nctu.edu.tw/?p=1098 交通大學亥客書院-A018:企業網域控管－Active Directory攻擊與防禦 12/14 https://hackercollege.nctu.edu.tw/?p=1094 Japan Security Analyst Conference https://jsac.jpcert.or.jp/