###### tags: `資安事件新聞週報` # 資安事件新聞週報 2020/2/3 ~ 2020/2/7 1.重大弱點漏洞/後門/Exploit/Zero Day 思科交換器多個漏洞 https://tools.cisco.com/security/center/publicationListing.x 可取國際(icatch)DVR攝影主機遭網路惡意入侵，煩請儘速確認並進行韌體更新 https://cert.tanet.edu.tw/prog/showrpt.php?id=3566 IBM WebSphere Application Server 阻斷服務狀況漏洞 https://www.ibm.com/support/pages/node/1285372 Fortinet 產品多個漏洞 https://fortiguard.com/psirt/FG-IR-19-013 Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers https://thehackernews.com/2020/01/openbsd-opensmtpd-hacking.html Cisco 驚爆重大 CDP 安全漏洞，全球數以百萬計網路裝置拉警報 https://technews.tw/2020/02/06/cisco-flaws-put-millions-of-workplace-devices-at-risk/ 思科私有協定CDP遭爆含有5個零時差漏洞，危及數千萬裝置 https://www.ithome.com.tw/news/135697 5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras https://thehackernews.com/2020/02/cisco-cdp-vulnerabilities.html Webtareas 2.0 - 'id' SQL Injection https://www.exploit-db.com/exploits/47959 Patching the Citrix ADC Bug Doesn't Mean You Weren't Hacked https://www.bleepingcomputer.com/news/security/patching-the-citrix-adc-bug-doesnt-mean-you-werent-hacked/#.Xi22GMNp0EU.twitter Sudo爆可取得根帳號權限的漏洞 https://www.ithome.com.tw/news/135665 Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root https://thehackernews.com/2020/02/sudo-linux-vulnerability.html Vulnerability Spotlight: Denial-of-service, information leak bugs in Mini-SNMPD https://blog.talosintelligence.com/2020/02/vuln-spotlight-mini-snmpd-feb-2020.html macOS Catalina 10.15.3修復Apple Mail漏洞　加密郵件不再被看光光 https://www.ettoday.net/news/20200206/1639303.htm Hackers Exploited Trend Micro Zero-day In Mitsubishi Electric Hack https://amingosec.blog/2020/02/02/hackers-exploited-trend-micro-zero-day-in-mitsubishi-electric-hack/ RHEL 8 Still Vulnerable to “Magellan 2” SQLite Bugs, as Patches Drop https://www.cbronline.com/enterprise-it/software/sqlite-vulnerability-red-hat/ Chrome 80出爐了，修補56個安全漏洞 https://ithome.com.tw/news/135670 RIP FTP? File Transfer Protocol switched off by default in Chrome 80 https://www.theregister.co.uk/2020/02/05/ftp_deprecated_chrome/ Google cuts Chrome 'patch gap' in half, from 33 to 15 days https://www.zdnet.com/article/google-cuts-chrome-patch-gap-in-half-from-33-to-15-days/#ftag=RSSbaffb68 Microsoft Office遠程代碼執行漏洞 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652 qemu-pwn-cve-2015-7504堆重疊細分分析 https://www.anquanke.com/post/id/197638 研究人員揭露海思半導體晶片的後門漏洞 https://www.ithome.com.tw/news/135675 華為旗下海思芯片現漏洞黑客可入侵控製網絡攝錄機 http://bit.ly/39foHAs Researcher: Backdoor mechanism still active in devices using HiSilicon chips https://www.zdnet.com/article/researcher-backdoor-mechanism-discovered-in-devices-using-hisilicon-chips/#ftag=RSSbaffb68 Realtek Fixes DLL Hijacking Flaw in HD Audio Driver for Windows https://www.bleepingcomputer.com/news/security/realtek-fixes-dll-hijacking-flaw-in-hd-audio-driver-for-windows/#.XjoYpcTZ5g8.twitter Nasty Linux, macOS sudo bug found and fixed https://www.zdnet.com/article/nasty-linux-macos-sudo-bug-found-and-fixed/#ftag=RSSbaffb68 Linux and macOS PCs hit by serious Sudo vulnerability https://www.techradar.com/news/linux-and-macos-pcs-hit-by-serious-sudo-vulnerability 廠商釋出 DVR 新版 firmware，以對應先前針對資安漏洞的駭侵攻擊 https://www.twcert.org.tw/tw/cp-104-3301-3594c-1.html Trend Micro Password Manager內存使用漏洞 https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123595.aspx CVE-2020-7980/Intellian Satellian Aptus Web控制台存在遠程命令執行漏洞 https://qiita.com/shimizukawasaki/items/4b35efce0307c4e2efcd GitLab CE/EE服務器端請求偽造漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20499 SonicOS權限提升漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7479 The Rise of the Open Bug Bounty Project https://thehackernews.com/2020/02/open-bug-bounty-project.html Critical Bluetooth Vulnerability in Android (CVE-2020-0022) https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/ JVN#52486659 Ghostscript におけるアクセス制限回避の脆弱性 https://jvn.jp/jp/JVN52486659/ 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 美國連鎖超商 Wawa 三千萬顧客個資被竊 https://www.twcert.org.tw/tw/cp-104-3280-c0eb5-1.html 金融科技創新園區 啟動第三梯招募 https://money.udn.com/money/story/5636/4319463 召開首次董事會LINE Bank估Q3正式營運 https://ec.ltn.com.tw/article/paper/1350305 入侵數千家網路商店的Magecart盜卡組織成員,在印尼被捕 https://blog.trendmicro.com.tw/?p=63308 比讚被偽造指紋 深偽詐騙恐成Fintech資安隱憂 https://money.udn.com/money/story/5613/4325965 新加坡金管局維持貨幣政策立場不變　必要時再放寬 http://bit.ly/3bizxYb 【金融業抗疫對策：金管會】金融業紛紛啟動緊急應變預定對策，保險業更分6級因應武漢肺炎 https://ithome.com.tw/news/135685 協力制定洗防相關法規期待金管會加速溝通 https://www.chinatimes.com/newspapers/20200207000309-260210 Wawa Breach: Hackers Put 30 Million Stolen Payment Card Details for Sale https://thehackernews.com/2020/01/wawa-credit-card-breach.html Cyber News Rundown: Magecart Hackers Arrested https://www.webroot.com/blog/2020/01/31/cyber-news-rundown-magecart-hackers-arrested/ Stolen Payment Card Trafficking Mastermind Pleads Guilty https://www.bankinfosecurity.com/stolen-payment-card-trafficking-mastermind-pleads-guilty-a-13644 Nigerian banks and rising cyber threats https://guardian.ng/business-services/nigerian-banks-and-rising-cyber-threats/ 금융보안원, 국내 금융권 피싱 공격 배후 분석 결과 발표 https://www.fsec.or.kr/user/bbs/fsec/41/18/bbsDataView/1373.do 국내 금융권 타깃 60만건 피싱메일 보낸 ‘TA505 위협그룹’ 분석 보고서 발표돼 https://www.dailysecu.com/news/articleView.html?idxno=104622 Suspected Magecart Hackers Arrested in Indonesia https://www.infosecurity-magazine.com/news/suspected-magecart-hackers/#.XjAuDM_6J70.twitter INTERPOL supports arrest of cybercriminals targeting online shopping websites https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-supports-arrest-of-cybercriminals-targeting-online-shopping-websites 3.電子支付/電子票證/行動支付/ pay/新聞及資安 行動支付／行動支付身世大解謎 http://times.hinet.net/topic/22770444 4.虛擬貨幣/區塊鍊相關新聞及資安 Kraken 交易所安全部門揭露「Trezor冷錢包」漏洞：僅花 15 分鐘就成功破解駭入 https://www.blocktempo.com/kraken-hacked-trezors-bitcoin-wallets-in-just-15-minutes/ 新手幣讀 加密貨幣儲蓄理財方案的七大誤區 https://money.udn.com/money/story/5636/4316585 以太坊隱私交易平台Tornado.cash 因用戶界面漏洞，導致百名用戶信息或遭洩露 https://www.lianshijie.com/news/318238 加密貨幣新用途　烏拉圭獎勵市民回收塑料 http://bit.ly/37Vzsrj 新加坡金管局局長:與中國央行就數字貨幣等展開討論 https://news.sina.com.tw/article/20200203/34124126.html 2019加密貨幣市場的風風雨雨，帶給了我們什麼教訓 https://news.sina.com.tw/article/20200205/34141502.html 馬斯克警告：Twitter加密貨幣騙案已達嚴重程度 http://bit.ly/2UqbHDX 區塊鏈數位貨幣 恆久保存的挑戰 https://www.chinatimes.com/newspapers/20200207000310-260210?chdtv IMF總裁也關注！對於近期火紅的CBDC，各國央行總裁這麼說 https://news.knowing.asia/news/cd08372a-82f6-4b88-ad49-ecb73fafec62 Bug hunter finds cryptocurrency-mining botnet on DOD network https://www.zdnet.com/article/bug-hunter-finds-cryptocurrency-mining-botnet-on-dod-network/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 駭客利用冠狀病毒事件傳播惡意軟體 http://big5.pconline.com.cn/b5/pcedu.pconline.com.cn/1318/13187707.html 去年發送惡意Office檔的駭客，又利用HTML轉址手法散布木馬程式 https://www.ithome.com.tw/news/135612 小心！利用武漢肺炎的病毒與網釣郵件已開始流竄 https://www.ithome.com.tw/news/135613 武漢肺炎疫情通知信,竟是駭客發的 https://blog.trendmicro.com.tw/?p=63326 賺「數位災難財」？駭客利用武漢肺炎恐懼，散播惡意郵件 https://www.inside.com.tw/article/18815-hackers-coronavirus-malware 微軟安全情報：傳奇球星 Kobe 墜機逝世，惡意挖礦程式 CoinHive 透過其圖片桌布偷算力 https://news.xfastest.com/others/76151/microsoft-finds-cryptocurrency-mining-script-in-kobe-bryants-photo/ Ransomware Exploits GIGABYTE Driver to Kill AV Processes https://www.bleepingcomputer.com/news/security/ransomware-exploits-gigabyte-driver-to-kill-av-processes/#.Xjy-uPMivzQ.twitter Living off another land: Ransomware borrows vulnerable driver to remove security software https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/ [Heads-up] Scam Of The Week: Coronavirus Phishing Attacks In The Wild https://blog.knowbe4.com/heads-up-scam-of-the-week-coronavirus-phishing-attacks-in-the-wild?nCOV-2019-bc-index Hackers using coronavirus scare to spread Emotet malware in Japan https://www.techrepublic.com/article/hackers-using-coronavirus-scare-to-spread-emotet-malware-in-japan/ Android Malware Targets Diabetic Patients https://www.fortinet.com/blog/threat-research/android-malware-targets-diabetic-patients.html Ransomware hits TV & radio news monitoring service TVEyes https://www.zdnet.com/article/ransomware-hits-tv-radio-news-monitoring-service-tveyes/#ftag=RSSbaffb68 Coronavirus Campaigns Spread Emotet, Malware https://threatpost.com/coronavirus-propagate-emotet/152404/ The coronavirus has reached the web, according to Kaspersky https://www.intelligentcio.com/africa/2020/01/30/the-coronavirus-has-reached-the-web-according-to-kaspersky/ TA505 APT Group Returns With New Techniques: Report https://www.bankinfosecurity.com/ta505-apt-group-returns-new-techniques-report-a-13678 Fake Coronavirus Messages Spreading Emotet Infections https://www.bankinfosecurity.com/fake-coronavirus-messages-spreading-emotet-infections-a-13675 Judge Rules Insurer Must Pay for Ransomware Damage https://www.bankinfosecurity.com/judge-rules-insurer-must-pay-for-ransomware-damage-a-13673 AZORult Campaign Adopts Novel Triple-Encryption Technique https://threatpost.com/azorult-campaign-encryption-technique/152508/ Analysis of a triple-encrypted AZORult downloader https://isc.sans.edu/forums/diary/Analysis+of+a+tripleencrypted+AZORult+downloader/25768/ Mysterious New Ransomware Targets Industrial Control Systems https://www.wired.com/story/ekans-ransomware-industrial-control-systems/ Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries https://www.fortinet.com/blog/threat-research/another-metamorfo-variant-targeting-customers-of-financial-institutions.html NIST Drafts Guidelines for Coping With Ransomware https://www.bankinfosecurity.com/nist-drafts-guidelines-for-coping-ransomware-a-13679 Judge Rules Insurer Must Pay for Ransomware Damage https://www.bankinfosecurity.com/judge-rules-insurer-must-pay-for-ransomware-damage-a-13673 Emotet Malware Alert Sounded by US Cybersecurity Agency https://www.bankinfosecurity.com/emotet-malware-alert-sounded-by-us-cybersecurity-agency-a-13640 Emotet Gets Ready for Tax Season With Malicious W-9 Forms https://www.bleepingcomputer.com/news/security/emotet-gets-ready-for-tax-season-with-malicious-w-9-forms/ Emotet Gears Up to File (Your) Taxes https://cofense.com/emotet-gears-file-taxes/ Updated FTCODE Ransomware Now Steals Credentials, Passwords https://www.bankinfosecurity.com/updated-ftcode-ransomware-now-steals-credentials-passwords-a-13638 DoppelPaymer Ransomware Gang Threatens to Dump Victims' Data https://www.bankinfosecurity.com/doppelpaymer-ransomware-gang-threatens-to-dump-victims-data-a-13683 【2020/2/4】ばらまき型攻撃メール（Emotet）に関する注意喚起 https://www.cc.uec.ac.jp/blogs/news/2020/02/20200204malwareemotet.html Bitbucket平台被用來散布惡意程式，感染電腦超過50萬 https://www.ithome.com.tw/news/135676 Malware stew cooked up on Bitbucket, deployed in attacks worldwide https://www.zdnet.com/article/malware-stew-cooked-up-on-bitbucket-deployed-in-attacks-worldwide/#ftag=RSSbaffb68 Malware and ransomware attack volume down due to more targeted attacks https://www.helpnetsecurity.com/2020/02/05/ransomware-attack-volume-down/ Bitbucket Abused to Infect 500,000+ Hosts with Malware Cocktail https://www.bleepingcomputer.com/news/security/bitbucket-abused-to-infect-500-000-hosts-with-malware-cocktail/#.XjqKXqNrnow.twitter Microsoft says it detects 77,000 active web shells on a daily basis https://www.zdnet.com/article/microsoft-says-it-detects-77000-active-web-shells-on-a-daily-average/#ftag=RSSbaffb68 Ghost in the shell: Investigating web shell attacks https://www.microsoft.com/security/blog/2020/02/04/ghost-in-the-shell-investigating-web-shell-attacks/ Emotet Gets Ready for Tax Season With Malicious W-9 Forms https://www.bleepingcomputer.com/news/security/emotet-gets-ready-for-tax-season-with-malicious-w-9-forms/ Android Banking Malware https://maxkersten.nl/wp-content/uploads/2020/02/SecureID_AndroidBankingMalware_ENG.pdf Malware stew cooked up on Bitbucket, deployed in attacks worldwide https://www.zdnet.com/article/malware-stew-cooked-up-on-bitbucket-deployed-in-attacks-worldwide/ THE HOLE IN THE BUCKET: ATTACKERS ABUSE BITBUCKET TO DELIVER AN ARSENAL OF MALWARE https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware WHY IS EMOTET SO POPULAR AND WHO IS IT TARGETING NOW https://www.cybereason.com/blog/why-is-emotet-so-popular-and-who-is-it-targeting-now New Lemon Duck Malware Campaign Targets IoT, Large Manufacturers https://threatpost.com/lemon-duck-malware-targets-iot/152596/ Mailto (NetWalker) Ransomware Targets Enterprise Networks https://www.bleepingcomputer.com/news/security/mailto-netwalker-ransomware-targets-enterprise-networks/ New Ransomware Strain Halts Toll Group Deliveries https://www.bleepingcomputer.com/news/security/new-ransomware-strain-halts-toll-group-deliveries/ Oscar Nominated Movies Featured in Phishing, Malware Attacks https://www.bleepingcomputer.com/news/security/oscar-nominated-movies-featured-in-phishing-malware-attacks/#.Xjy-LoMWK7M.twitter CamuBot Resurfaces With Cross-Channel, Targeted Attacks in Brazil https://securityintelligence.com/posts/camubot-resurfaces-with-cross-channel-targeted-attacks-in-brazil/ Banks being targeted with major malware campaign https://www.techradar.com/news/banks-being-targeted-with-major-malware-campaign Emotet attacks— a spike to start the year https://www.menlosecurity.com/blog/emotet-attacks-a-spike-to-start-the-year Coronavirus Campaigns Spread Emotet, Malware https://threatpost.com/coronavirus-propagate-emotet/152404/ B.行動安全 / iPhone / Android /穿戴裝置 /App 蘋果走下資安強者神壇？鑑識探員：安卓手機已比iPhone更難破解 https://www.ettoday.net/news/20200202/1636183.htm 手機恐成防疫漏洞！螢幕含菌量比馬桶座多3.5倍 3步驟做好清潔 http://bit.ly/2Op8jFE 居家隔離手機揭秘！「遙控相機+定位」　電子柵欄遠端監控 https://www.setn.com/News.aspx?NewsID=682680 APP被黑客攻擊導致數據篡改洩露如何滲透測試漏洞與修復解決 https://www.admin5.com/article/20200204/942795.shtml 一個時代輝煌時代的結束！黑莓手機宣布 2020 年 8 月底停產 https://finance.technews.tw/2020/02/04/blackberry-mobile-will-stop-being-sold-in-august-2020/ 美國愛荷華州民主黨初選計票當機，一支App惹的禍 https://www.ithome.com.tw/news/135664 Android 用戶有下載快刪掉！Google Play 遭爆有 24 款「惡意」App https://3c.ltn.com.tw/news/39430 臉書修補WhatsApp允許駭客存取本地端檔案系統的安全漏洞 https://ithome.com.tw/news/135671 桌面版 WhatsApp 應用的漏洞讓駭客能遙距存取檔案 http://bit.ly/36Xnmgc 你的隱私真的安全嗎？社交平台出包 駭客利用漏洞取得用戶電話 https://times.hinet.net/news/22770263 今年該注意會讓你破財的四款假應用程式 https://blog.trendmicro.com.tw/?p=63316 FCC: Wireless Carriers Violated Law by Sharing Location Data https://www.bankinfosecurity.com/fcc-wireless-carriers-violated-law-by-sharing-location-data-a-13677 How to Clear Data Facebook Collects About You from Other Sites and Apps https://thehackernews.com/2020/01/off-facebook-activity-data.html Android alert: New malware can break a smartphone when you try and delete it https://www.express.co.uk/life-style/science-technology/1233133/Android-warning-malware-preinstalled-breaks-phone-January-26 6 Suspects Arrested in Maltese Bank Hacking Heist https://www.bankinfosecurity.com/6-suspects-arrested-in-maltese-bank-hacking-heist-a-13674 Twitter says an attacker used its API to match usernames to phone numbers https://www.zdnet.com/article/twitter-says-an-attacker-used-its-api-to-match-usernames-to-phone-numbers/#ftag=RSSbaffb68 Twitter Warns API Flaw Abuse May Have Unmasked Users https://www.bankinfosecurity.com/twitter-warns-api-flaw-abuse-may-have-unmasked-users-a-13680 Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users https://thehackernews.com/2020/02/find-twitter-phone-number.html Analysis: New Details on the Hacking of Jeff Bezos' iPhone https://www.bankinfosecurity.com/interviews/analysis-new-details-on-hacking-jeff-bezos-iphone-i-4585 Mobile Banking malware on the rise: How is WhatsApp related https://en.secnews.gr/210307/malware-whatsapp-banking-klopi/ Apple Caves In to FBI Demand for Backdoor Access https://www.theadvocates.org/2020/01/apple-caves-in-to-fbi-demand-for-backdoor-access/ Malicious Optimizer and Utility Android Apps on Google Play Communicate with Trojans that Install Malware, Perform Mobile Ad Fraud http://bit.ly/2OvFgjK C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 左耳朵耗子：疫情下的遠程辦公，聊聊我的經驗和實踐 https://mp.weixin.qq.com/s/frMxPrhg9TjqcS_aSJMnVQ 「社群媒體漏洞」黑市價格曝光！2020資安6大戰場…電商購物車付款資料也被偷 https://www.bnext.com.tw/article/56446/checkpoint-cybersecurity-socialmedia 以色列一所大學的研究發現，只需要透過追蹤電腦螢幕的亮度就能盜取其中的數據 http://bit.ly/2usAHjj 武漢肺炎爆發，需常到中國出差的企業怎麼辦？四大會計師事務所這樣做 https://www.businessweekly.com.tw/international/blog/3001676 武漢肺炎同名之累？桃市武漢國中官網遭駭 http://bit.ly/398RXsP 360：捕獲疫情相幹攻擊案例 駭客組織來自印度 https://ek21.com/news/tech/176482/ 印度 APT 組織趁火打劫對我國醫療機構發起定向攻擊！無恥 https://www.chainnews.com/zh-hant/articles/786387450134.htm 安全廠商：全球百大國際機場僅3家通過所有資安檢測 https://www.ithome.com.tw/news/135663 安全人員發現以色列政府DNS服務器存在Open SSH安全漏洞 https://www.cnbeta.com/articles/soft/939923.htm NEC網路遭駭，2.8萬份檔案疑遭存取 https://ithome.com.tw/news/135637 駭客運用 NSC 智慧建築存取控制系統漏洞，發動遍布上百國、數萬起 DDoS 攻擊 https://technews.tw/2020/02/03/hackers-are-hijacking-smart-building-access-systems-to-launch-ddos-attacks/ Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks https://securityaffairs.co/wordpress/97226/hacking/nsc-linear-emerge-e3-hack.html 駭伺服器盜取NS機密的駭客 被發現是戀童 https://pttcomic.com/c_question/M.1580733097.A.30F.html 竊取任天堂機密的21歲駭客，經FBI調查發現持有大量兒童色情檔案 https://game.udn.com/game/story/10453/4321052 Nintendo hacker pleads guilty https://www.zdnet.com/article/nintendo-hacker-pleads-guilty/#ftag=RSSbaffb68 LINEAR EMERGE E3 ACCESS CONTROLLER ACTIVELY BEING EXPLOITED https://securitynews.sonicwall.com/xmlpost/linear-emerge-e3-access-controller-actively-being-exploited/ 1個英文字母 害公司慘虧千萬 https://udn.com/news/story/7321/4316327 《李忠憲專欄》武漢肺炎：資安與防疫 https://taronews.tw/2020/01/31/599680/ 日NEC遭駭 2.7萬份文件被盜 https://www.ydn.com.tw/News/371190 聯中欺台引爆全球怒火！聯合國官網遭大批駭客改成感謝台灣專頁 http://bit.ly/387aNAk 台灣難波萬！國際駭客出征UN網站貼挺台頁面　逾14小時才被下架 http://tag.analysis.tw/news/apple/1252283/ 外媒取得聯合國內部機密文件　揭隱瞞遭受黑客攻擊事故 http://bit.ly/2vIkXcr 聯合國掩飾被駭惹人非議，人權分子被迫暴露在危險情境 http://bit.ly/2tiSTeK 聯合國驚傳遭大規模駭侵攻擊 https://www.twcert.org.tw/tw/cp-104-3284-59ccc-1.html 聯合國人權辦公室駭侵事件，源於微軟 SharePoint 已公開的資安漏洞 https://www.twcert.org.tw/tw/cp-104-3289-4b14c-1.html 資安仍「無法」保障 肯亞「生物辨識」身分證喊卡 https://news.ltn.com.tw/news/world/breakingnews/3054019 民主黨總統初選的「愛荷華當機慘案」：開票失敗的數位政治大爆炸 https://global.udn.com/global_vision/story/8662/4320874 消息稱FBI正調間諜軟體公司NSO 或入侵貝索斯手機 https://news.sina.com.tw/article/20200131/34108718.html 五角大廈網安標準上線 承包商分5級 https://www.ydn.com.tw/News/371445 美國國防部將開始要求承包商必須具備網路安全認證 https://www.ithome.com.tw/news/135658 涉洩飛彈機密給中共 雷神華裔僱員被捕 http://bit.ly/2Se5Tux 日本國防相關企業紛傳遭中國駭 https://pourquoi.tw/2020/02/07/intlnews-neasia-200131-200206-1/ 企業のサイバー攻撃 “過去にさかのぼって報告を” 経済産業省 https://www3.nhk.or.jp/news/html/20200131/k10012268141000.html NECもやられた。サイバー攻撃で「狙われる日本」 https://jbpress.ismedia.jp/articles/-/59190?page=4 日本ハッカー協会杉浦氏が OSINT を解説、メールアドレスでここまで情報が入手可能 https://scan.netsecurity.ne.jp/article/2020/01/29/43598.html 「ハッカーが活躍できる社会を作る」2年間の成果とこれからの展望…日本ハッカー協会独占インタビュー https://scan.netsecurity.ne.jp/article/2020/01/28/43594.html Exclusive: FBI probes use of Israeli firm's spyware in personal and government hacks - sources https://reut.rs/2uVwUuG Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers https://thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs https://thehackernews.com/2020/01/managed-cybersecurity-services.html ISRO, SEBI, Other Govt Email Accounts Breached In Hack https://inc42.com/buzz/isro-sebi-other-govt-email-accounts-breached-in-hack/ ISRO, MEA, Nuclear Scientists Among 3,000 Breached Govt Email IDs https://www.thequint.com/news/india/ministry-of-external-affairs-isro-barc-breached-thousands-government-mails-cybersecurity The Chicken Keeps Laying New Eggs: Uncovering New GC MaaS Tools Used By Top-tier Threat Actors https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9 Geopolitical Tensions May Increase Risk of Destructive Attacks https://www.symantec.com/blogs/threat-intelligence/tensions-iran-destructive-attacks The CIA’s Infamous, Unsolved Cryptographic Puzzle Gets a ‘Final Clue’ https://www.vice.com/en_us/article/3a8k93/the-cias-infamous-unsolved-cryptographic-puzzle-gets-a-final-clue TA505 APT Group Returns With New Techniques: Report https://www.bankinfosecurity.com/ta505-apt-group-returns-new-techniques-report-a-13678 FCC: Wireless Carriers Violated Law by Sharing Location Data https://www.bankinfosecurity.com/fcc-wireless-carriers-violated-law-by-sharing-location-data-a-13677 Hackers Target European Energy Firm: Researchers https://www.bankinfosecurity.com/hackers-target-european-energy-firm-researchers-a-13645 Documents Describe US Cyber Command's Campaign to Hack ISIS https://www.bankinfosecurity.com/documents-describe-us-cyber-commands-campaign-to-hack-isis-a-13637 Top Secret documents show Cyber Command's growing pains in its mission against ISIS https://www.cyberscoop.com/cyber-command-pentagon-counter-isis-glowing-symphony-foia/ The duke of URL: Zoom meetups' info leaked out through eavesdrop hole https://www.theregister.co.uk/2020/01/28/zoom_eavesdrop_hack/ Teen takes down ISP with DDoS attacks to get info on one of its subscribers https://www.zdnet.com/article/teen-takes-down-isp-with-ddos-attacks-to-get-info-on-one-of-its-subscribers/#ftag=RSSbaffb68 Electric scooters vulnerable to remote hacks https://www.welivesecurity.com/2020/02/04/electric-scooters-vulnerable-remote-hacks/ Anonymous creates pro-Taiwan page inside UN website https://www.taiwannews.com.tw/en/news/3871244? All you need to know about Darkweb markets https://hackernewsdog.com/darkweb-markets-search-engines/ How the B-Team watches over Australia's encryption laws and cybersecurity https://www.zdnet.com/article/how-the-b-team-watches-over-australias-encryption-laws-and-cybersecurity/#ftag=RSSbaffb68 Japanese Defense Contractors Kobe Steel, Pasco Disclose Breaches https://www.bleepingcomputer.com/news/security/japanese-defense-contractors-kobe-steel-pasco-disclose-breaches/#.Xjy-WX5wEiQ.twitter Porn Sites Suffer Highest Number of DDoS Attacks https://www.infosecurity-magazine.com/news/porn-sites-suffer-highest-number/ Charming Kitten Uses Fake Interview Requests to Target Public Figures https://threatpost.com/charming-kitten-uses-fake-interview-requests-to-target-public-figures/152628/ 駐點資安工程師(約聘)南投縣南投市 https://www.104.com.tw/job/6uwui 北市府釋出150個職缺 2/3-2/10報名 http://bit.ly/2RYJmTT 資深資安工程師(台北) https://www.104.com.tw/job/6uzk2 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 被爆賣用戶個資！全球第五大病毒防護商Avast，火速收掉問題子公司 https://www.bnext.com.tw/article/56424/avast-jumpshot-subsidiary-suspended-data-collection-selling 近十二億張醫療影像在網路上曝光，而且全無保護 https://www.twcert.org.tw/tw/cp-104-3283-1b4d1-1.html 趁武漢肺炎口罩之亂, 全聯遭冒用,詐騙集團成立多個假粉專騙個資 https://blog.trendmicro.com.tw/?p=63281 口罩之亂！粉專「留言就送一盒」 專家提醒：詐騙集團騙個資 http://bit.ly/31ul1sd 高額電話詐騙案年年狂增 美司法部開第一槍要求電信商負擔責任 https://cnews.com.tw/137200204a05/ 誆駭客技術可追回遭詐騙款項　警籲勿遭「二次詐騙」 https://tw.news.appledaily.com/local/20200206/UHXXVMQ4XX4LQX5BHRQJPK6PYU/ 虛擬帳戶成詐騙工具 警：個資外流小心成幫助犯 https://news.ltn.com.tw/news/society/breakingnews/3059101 有夠衰！詐團假裝司法機關　同個被害人「被騙錢2次」 https://www.setn.com/News.aspx?NewsID=684677 詐騙新招！網路交友遇連環騙 騙稱可找駭客追回騙款剝兩次皮 https://news.ltn.com.tw/news/society/breakingnews/3059679 隱私相片竟被傳到他人相簿中？雲端相簿超離譜漏洞讓用戶資安拉警報 https://news.sina.com.tw/article/20200206/34154982.html Yahoo史上最大個資外洩事件賠償方案出爐！收到通知郵件的用戶可採取4種方案 https://www.ettoday.net/news/20200207/1640218.htm 「健保卡被鎖卡」領不到口罩！　486先生破解荒謬騙術…1.4萬人推爆：真的有接到 https://star.ettoday.net/news/1640114 趁武漢肺炎口罩之亂, 全聯遭冒用,詐騙集團成立多個假粉專騙個資 https://blog.trendmicro.com.tw/?p=63281 這些臉書粉絲團都是假的,五招避免上當 https://blog.trendmicro.com.tw/?p=60197 Pabbly Email Marketing Exposes 51.2 Million Records Online https://securitydiscovery.com/pabbly-email-marketing/ Singapore, Malaysia clamp down on online falsehoods about coronavirus https://www.zdnet.com/article/singapore-malaysia-clamp-down-on-online-falsehoods-about-coronavirus/ Would you get hooked by a phishing scam? Test yourself https://www.welivesecurity.com/2020/02/03/would-you-get-hooked-phishing-scam-test-yourself/ Ashley Madison: The Impact of Some Data Breaches Is Forever https://www.bankinfosecurity.com/blogs/ashley-madison-impact-some-data-breaches-forever-p-2859 POS Vendor for Cannabis Dispensaries Exposed Data: Report https://www.bankinfosecurity.com/pos-vendor-for-cannabis-dispensaries-exposed-data-report-a-13643 Report: Cannabis Users’ Sensitive Data Exposed in Data Breach https://www.vpnmentor.com/blog/report-thsuite-breach/ FBI Warns: Beware of Spoofed Job Application Portals https://www.bankinfosecurity.com/fbi-warns-beware-spoofed-job-application-portals-a-13641 Security risks for e-scooters and riders exposed https://www.helpnetsecurity.com/2020/01/28/e-scooters-risks/ FBI Issues Valentine Romance Scam Warning https://www.infosecurity-magazine.com/news/fbi-issues-valentine-romance-scam/ E.研究報告 Windows 如何透過 VirtualBox 安裝 macOS Catalina 虛擬機？ 5 個步驟輕鬆完成 https://www.kocpc.com.tw/archives/305342 [原創]CVE-2019-1215分析筆記 https://bbs.pediy.com/thread-257435.htm OpenWRT 曝遠程代碼執行漏洞 https://www.chainnews.com/zh-hant/articles/896869389932.htm 超過20萬個WordPress網站受到插件中CSRF漏洞影響 https://nosec.org/home/detail/4060.html CVE-2020-8417：WP Code Snippets CSRF RCE漏洞 https://www.4hou.com/posts/GQO3 Apache Software Foundation 發布2019 年安全報告 https://www.cnbeta.com/articles/tech/938093.htm 自動發現IDOR（越權）漏洞的方法：使用BurpSuite中的Autozie和Autorepeater插件來檢測和識別IDOR漏洞 https://www.023niu.com/show-64-400-1.html 文件上傳漏洞原理及其攻擊思路 https://juejin.im/post/5e33f0c66fb9a0300052c2bc thinkphp6 session 任意文件創建漏洞復現含POC https://zhuanlan.zhihu.com/p/104473609 挖洞經驗| PayPal驗證碼質詢功能（reCAPTCHA Challenge）存在的用戶密碼洩露漏洞 https://www.freebuf.com/vuls/225330.html CVE-2020-8417：WP Code Snippets CSRF RCE 漏洞 https://www.chainnews.com/zh-hant/articles/136770718489.htm 遠程雲端執行（RCE）：Azure雲架構中的漏洞分析（Part 1） https://www.anquanke.com/post/id/197713 遠程雲端執行（RCE）：Azure雲架構中的漏洞分析（Part 2） https://www.anquanke.com/post/id/197743 自動掃描漏洞的黑客工具！Web漏洞掃描技巧篇 http://bit.ly/370SpaQ 在Tesla Model S 上實現Wi-Fi 協議棧漏洞的利用 https://paper.seebug.org/1106/ 物聯網安全系列之遠程破解Google Home https://paper.seebug.org/1111/ ATT&CK 之防御逃逸 https://paper.seebug.org/1103/ CVE-2020-7799 : Apache FreeMarker模板FusionAuth遠程代碼執行漏洞通告 https://cert.360.cn/warning/detail?id=207275e27a6e7ee85a43a6eb5cf5fc69 0-day漏洞，1-day漏洞，n-day漏洞各自是什麼意思 https://blog.csdn.net/weixin_42859280/article/details/104157806 Wine 5.0正式版本釋出，支援Vulkan 1.1、XAudio2強化影音表現 https://www.techbang.com/posts/75934-wine-50-official-release-support-for-vulkan-11-xaudio2-enhanced-audio-and-video-performance Foxit PhantomPDF HTML2PDF HTML解析釋放後重利用代碼執行漏洞(CVE-2018-17691) https://aliyunnew.com/a/CVE-2018-17691.html CVE-2019-19781 遠程代碼執行漏洞深入分析 https://paper.seebug.org/1117/ 安卓技巧CVE 2017-13287復現分析 https://www.anquanke.com/post/id/197710 Loader.io – 免費線上壓力測試工具，檢測網站主機的負載能力 https://techmoon.xyz/loader-io/ Introduction to mobile network intrusions from a mobile phone https://medium.com/mobile-stacks-and-networks-security/introduction-to-mobile-network-intrusions-from-a-mobile-phone-9a8e909cc276 Hitcon Traning Lab10做題筆記-UAF突破分析 https://xz.aliyun.com/t/7146 HITCON-Training https://github.com/scwuaptx/HITCON-Training Open Source Intelligence (OSINT) https://www.hackers-arise.com/osint LeakCanary is a memory leak detection library for Android https://github.com/square/leakcanary Burpsuite Intruder payload https://github.com/1N3/IntruderPayloads Rich headers: leveraging the mysterious artifact of the PE format http://bit.ly/3b0MdD4 Winnti Group targeting universities in Hong Kong https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/ Abusing DLL Misconfigurations — Using Threat Intelligence to Weaponize R&D http://bit.ly/2GHIg8o Increasing Enterprise Visibility: Integrated Defense with Mitre ATT&CK https://pentestmag.com/increasing-enterprise-visibility-integrated-defense-with-mitre-attck/ Expanding the Attack Surface: React Native Android Applications https://blog.assetnote.io/bug-bounty/2020/02/01/expanding-attack-surface-react-native/ APT34: Glimpse project https://marcoramilli.com/2019/05/02/apt34-glimpse-project/ exploitdb-bin-sploits https://github.com/offensive-security/exploitdb-bin-sploits EKFiddle v.0.9.5 https://github.com/malwareinfosec/EKFiddle Exploiting The Entity: XXE (XML External Entity Injection) https://pentestmag.com/exploiting-the-entity-xme-xml-external-entity-injection/ Emotet detection tool for Windows OS https://github.com/JPCERTCC/EmoCheck Tech Support Scam Hitting Microsoft Edge Start Page Takes a Break https://www.bleepingcomputer.com/news/security/tech-support-scam-hitting-microsoft-edge-start-page-takes-a-break/#.XjcMaUDcsv4.twitter Penta - Open Source All-In-One CLI Tool To Automate Pentesting https://hakin9.org/penta-open-source-all-in-one-cli-tool-to-automate-pentesting/ TeamViewer https://whynotsecurity.com/blog/teamviewer/ The Social-Engineer Toolkit (SET) https://github.com/TrustedSec/social-engineer-toolkit Red Teamer’s Cookbook: BYOI (Bring Your Own Interpreter) https://www.blackhillsinfosec.com/red-teamers-cookbook-byoi-bring-your-own-interpreter/ DVNA - Damn Vulnerable NodeJS Application https://www.kitploit.com/2020/02/dvna-damn-vulnerable-nodejs-application.html Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations https://unit42.paloaltonetworks.com/actors-still-exploiting-sharepoint-vulnerability/ Escalating Privileges with CylancePROTECT https://www.atredis.com/blog/cylance-privilege-escalation-vulnerability Integrating Defender ATP with Azure Sentinel to detect Pass-The-Hash & Pass-The-Ticket https://identityaccess.management/2020/02/04/integrating-defender-atp-with-azure-sentinel-to-detect-pass-the-hash-pass-the-ticket/ Adding a Backdoor to AD in 400 Milliseconds https://www.secframe.com/blog/persistence-in-400-milliseconds?utm_content=115078011 namevariation https://github.com/jakecreps/namevariation Cross Site Scripting (XSS) https://hackersonlineclub.com/cross-site-scripting-xss/ Attack-Surfaces-Tools-and-Techniques https://github.com/The-Art-of-Hacking/h4cker/blob/master/cheat_sheets/Attack-Surfaces-Tools-and-Techniques.pdf QuasarRAT https://github.com/quasar/QuasarRAT WHAT YOU NEED TO KNOW: "SNIPR" CREDENTIAL STUFFING TOOL https://blogs.akamai.com/2018/03/what-you-need-to-know-snipr-credential-stuffing-tool.html The Chicken Keeps Laying New Eggs: Uncovering New GC MaaS Tools Used By Top-tier Threat Actors https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9 The OSINT-ification of ISIS on the Dark Web http://bit.ly/39aFNj6 Bypassing Windows User Account Control https://www.peerlyst.com/posts/bypassing-windows-user-account-control-ian-barwise?trk=explore_page_posts_featured_feed_entry A brief introduction to malware analysis https://www.peerlyst.com/posts/a-brief-introduction-to-malware-analysis-kimberly-crawley?trk=explore_page_posts_featured_feed_entry LKM rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64) https://github.com/m0nad/Diamorphine How to catch a cybercriminal: Tales from the digital forensics lab https://www.welivesecurity.com/2020/02/05/how-catch-cybercriminal-tales-digital-forensics-lab/ security webcams hacking way too easy https://hackingpassion.com/security-webcam-hacking-way-too-easy/ How To Quickly Run a Basic Security Audit Against Docker & Secure the Docker Daemon https://pentestmag.com/how-to-quickly-run-a-basic-security-audit-against-docker-secure-the-docker-daemon/ An evil RAT (Remote Administration Tool) for macOS / OS X. https://github.com/Marten4n6/EvilOSX Penetration Testing Platform https://github.com/jeffzh3ng/fuxi UFONet - Denial of Service Toolkit https://github.com/epsylon/ufonet OpendoorCDN Skimmer Analysis Continued https://www.goggleheadedhacker.com/blog/post/15 Termshark 2.1v Released – Wireshark Based UI https://hackersonlineclub.com/termshark-2-1v-released-wireshark-based-ui/ Blue Team Architecture and Analysis - Part 1 https://www.peerlyst.com/posts/blue-team-architecture-and-analysis-part-1-j-geno Blue Team Architecture and Analysis - Part 2, Guide to the Part 1 Document https://www.peerlyst.com/posts/blue-team-architecture-and-analysis-part-2-guide-to-the-part-1-document-j-geno Blue Team Architecture and Analysis - Part 3, Coverage Assessment Map https://www.peerlyst.com/posts/blue-team-architecture-and-analysis-part-3-coverage-assessment-map-j-geno Heartbleed Discovery and Exploit https://linuxsecurityblog.com/2020/02/01/heartbleed-discovery-and-exploit/ FTP Backdoor Command Execution https://medium.com/@server107/ftp-backdoor-command-execution-9a95973c02a3 Threat Research STOMP 2 DIS: Brilliance in the (Visual) Basics https://www.fireeye.com/blog/threat-research/2020/01/stomp-2-dis-brilliance-in-the-visual-basics.html The TIDoS Framework - The Offensive Manual Web Application Penetration Testing Framework https://hakin9.org/the-tidos-framework-the-offensive-manual-web-application-penetration-testing-framework/ How to Design a Web Application: Software Architecture 101 https://dev.to/educative/how-to-design-a-web-application-software-architecture-101-188b Mercure is a tool for security managers who want to train their colleague to phishing https://github.com/atexio/mercure Phishing_Kits https://github.com/JoulioK/Phishing_Kits/tree/master/chase.com.andrewlewisdesign.com celerystalk https://github.com/sethsec/celerystalk Artifical Intelligence Suite for Android Application Security https://github.com/haroonawanofficial/flameapk F.商業 是德科技 Ixia 部門加入 IBM Security App Exchange 社群 https://news.sina.com.tw/article/20200131/34109922.html Google 開源支援 FIDO2 的 OpenSK，助硬體業者加速採納二階段認證機制 http://bit.ly/2S91Rnh Sophos推出Intercept X for Mobile可防禦騙錢軟體 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&id=577284 防疫帶動異地辦公需求 中華電助陣 https://money.udn.com/money/story/5612/4324151 全景攜手CyberArk 守護特權帳號 https://www.chinatimes.com/newspapers/20200207000513-260210?chdtv 訊舟推出硬體加密SecuBox 強化第三方雲端監控安全 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000577498_J915EZ608M8VNL9OP3W4D Zyxel launches ZyWALL VPN1000 VPN Firewall, an all-in-one security solution for SMBs https://www.helpnetsecurity.com/2020/02/04/zyxel-zywall-vpn1000-vpn-firewall/ Trend Micro and Baker Hughes collaborate to help deliver protection for critical infrastructure https://www.helpnetsecurity.com/2020/02/04/trend-micro-baker-hughes/ VPNs will change forever with the arrival of WireGuard into Linux https://www.zdnet.com/article/vpns-will-change-forever-with-the-arrival-of-wireguard-into-linux/#ftag=RSSbaffb68 Neo4j 4.0 adds enterprise Fabric to its graph database https://www.zdnet.com/article/neo4j-4-0-adds-enterprise-fabric-to-its-graph-database/#ftag=RSSbaffb68 Breaking the Discovery Protocols of the Enterprise of Things https://go.armis.com/hubfs/White-papers/Armis-CDPwn-WP.pdf Google's OpenSK lets you BYOSK – burn your own security key https://www.theregister.co.uk/2020/02/04/security_key_google_opensk/ The Swiss Army knife for automated Web Application Testing https://github.com/jaeles-project/jaeles G.政府 行政院技術服務中心資安威脅趨勢與案例分享 http://bit.ly/2PJPKfh 行政院技術服務中心108年網路攻防演練暨資安檢測重要發現事項 http://bit.ly/38E64XJ 政府雲端應用正起飛 導航IT產業新高峰 (資安人科技網專訪) https://bost.ey.gov.tw/Page/5E4F83982214BC6/dab20f7d-7d3d-4c7a-9c11-8aded295784d 參加外交部紐澳駐外館處資安健檢 https://report.nat.gov.tw/ReportFront/ReportDetail/detail?sysId=C10803307 [公告] 資安專業人才培育 | 109年度培訓課程甄選開始 https://www.acw.org.tw/News/Detail.aspx?id=116 H.工控系統/SCADA/ICS Touch panels deployed in critical infrastructure vulnerable to remote attacks https://www.helpnetsecurity.com/2020/02/05/cve-2020-6969/ ICS Advisory (ICSA-20-035-01) AutomationDirect C-More Touch Panels https://www.us-cert.gov/ics/advisories/icsa-20-035-01 ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path https://www.exploit-db.com/exploits/48009 SCADA/ICS Hacking https://www.hackers-arise.com/scada-hacking I.教育訓練 PHP命令執行漏洞基礎 https://www.cnblogs.com/xhds/p/12250975.html DVWA靶機--簡單的文件上傳漏洞 http://shangdixinxi.com/detail-1274054.html 網站圖片、文件上傳功能漏洞筆記 https://www.cnblogs.com/Dpkg/p/12254524.html 異形般強大的監控系統：Prometheus 掌控主機、VM、容器及 K8S https://www.tenlong.com.tw/products/9789865501167 Incident Response Metrics to Measure the Maturity of a Cybersecurity Program http://bit.ly/3baI9QJ 一款由Node.js打造的WEB漏洞測試平台：DVNA https://zhuanlan.zhihu.com/p/105003724 Remote Exploitation 101: Vulnerable Database https://ctfthemes.appspot.com/ 關於紅外線控制的那些事 http://bit.ly/2Or4for HITCON CTF 介紹 - HG 導覽活動 https://www.slideshare.net/HITCONGIRLS/hitcon-ctf-hg HITCON CTF 2019 特色 - HG 導覽活動 https://www.slideshare.net/HITCONGIRLS/hitcon-ctf-2019-hg DYNAMIC ARP INSPECTION https://ipcisco.com/lesson/dynamic-arp-inspection/ How to Pass OSCP Like Boss https://medium.com/@parthdeshani/how-to-pass-oscp-like-boss-b269f2ea99d How to pass the OSCP https://gist.github.com/unfo/5ddc85671dcf39f877aaf5dce105fac3 OSCP-Archives https://github.com/CyDefUnicorn/OSCP-Archives/blob/master/README.md OSCP-Survival-Guide https://github.com/wwong99/pentest-notes/blob/master/oscp_resources/OSCP-Survival-Guide.md J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 研究員以投影機成功騙過特斯拉 Autopilot 系統 https://technews.tw/2020/01/30/projected-images-can-trick-tesla-autopilot-system/ DJI 剉著等，美國政府宣布正式禁用中國製無人機 http://bit.ly/3b1hRQX 安全性出包！小米智慧攝影機成「鄰居監控器」Google緊急停止合作 https://cnews.com.tw/137200202a02/ 台灣唯一Amazon Alexa資安檢測實驗室，安華聯網全面掌握物聯網安全 http://www.pcdiy.com.tw/detail/15214 物聯網漏洞難防 開放接口也會被黑客盯上 https://kknews.cc/tech/y596o6g.html Philips智慧燈泡漏洞將允許駭客滲透用戶網路 https://www.ithome.com.tw/news/135679 Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers https://thehackernews.com/2020/02/philips-smart-light-bulb-hacking.html The Dark Side of Smart Lighting: Check Point Research Shows How Business and Home Networks Can Be Hacked from a Lightbulb http://bit.ly/398wSi4 6.近期資安活動及研討會 Taipei Rails Meetup 2/11 https://www.meetup.com/rails-taiwan/events/dlgzljybcdbpb/ 高雄 Rails Meetup 2/12 https://www.meetup.com/rails-taiwan/events/qxfvjkybcdbqb/ 讓遠端工作機會成為你的職場跳板 2/12 https://www.meetup.com/TaipeiWomeninTech/events/268501510/ 制御システムセキュリティカンファレンス 2020 2020年2月14日 https://www.jpcert.or.jp/event/ics-conference2020.html 【板橋/2020二月】WordPress #歡迎你來聚 2/15 https://www.meetup.com/Taipei-WordPress/events/268347650/ 【課程】金融大數據分析平台實作，使用Python實作網路爬蟲，快速有效獲取必要資訊，打造自動化分析工具 2/15 https://www.techbang.com/tags/19419 Taipei Rails Meetup 2/18 https://www.meetup.com/rails-taiwan/events/dlgzljybcdbxb/ 高雄 Rails Meetup 2/19 https://www.meetup.com/rails-taiwan/events/qxfvjkybcdbzb/ 人工智慧小聚 - 新竹 2/19 https://www.meetup.com/AIA-Hsinchu/events/267801851/ Android Code Club(Taipei) 2/19 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcdbzb/ Certificate of Cloud Security Knowledge (CCSK) Plus 2/23 ~ 2/24 https://csacongress.org/event/csa-summit-at-rsa-conference-2020/ 連網設備的資安風險與信任管理策略 2/25 https://www.caa.org.tw/coursedetail-3272.html 第19屆亞太資安論壇 2/25 ~ 2/26 https://www.informationsecurity.com.tw/Seminar/2020_Seminar/all/ Taipei 暗号通貨 (Cryptocurrency) Meetup 2/26 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcdbjc/ Android Code Club(Taipei) 2/26 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcdbjc/ Thinking Thursday 第七場 2/27 https://www.meetup.com/Thinking-Thursday/events/266911452/ 邊緣運算介紹與應用 & Let's AIY ( 人工智慧小聚 - Hsinchu#20200304 ) 3/4 https://www.meetup.com/AIA-Hsinchu/events/267713123/ Android Code Club(Taipei) 3/4 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcfbgb/ Monad 細說從頭！ FunTh#81 3/5 https://www.meetup.com/Functional-Thursday/events/267683150/ Android Code Club(Taipei) 3/11 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcfbpb/ CYBERSEC 2020 臺灣資安大會 3/17 ~ 3/19 https://cyber.ithome.com.tw/ Scala Taiwan #37 3/18 https://www.meetup.com/Scala-Taiwan-Meetup/events/267899692/ 韓國國際安全博覽會 3/18 https://www.twcert.org.tw/tw/cp-105-3230-a3bd4-1.html 數據分析與機器學習案例實務(一)以PM2.5為例 3/23 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3888&from_course_list_url=course_index Taipei 暗号通貨 (Cryptocurrency) Meetup 3/25 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcfbhc/ black ASIA 2020 Singapore 3/31 ~ 4/3 https://www.blackhat.com/asia-20/briefings/schedule/ Kaspersky® Security Analyst Summit 4/6 ~ 4/9 https://thesascon.com/ 邊緣計算系統之大數據與深度學習應用 4/10 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3883&from_course_list_url=course_index VXCON 2020 - APAC 4/18 ~ 4/19 https://www.vxcon.hk/ 2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore 4/21 ~ 4/23 https://www.icscybersecurityconference.com/singapore/ Taipei 暗号通貨 (Cryptocurrency) Meetup 4/22 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcgbdc/ 亞太資訊安全論壇暨展覽會 4/22 https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/ 邊緣計算系統之大數據與深度學習應用 6/5 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index