###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/9/23 ~ 2019/9/27 1.重大弱點漏洞/後門/Exploit/Zero Day 泰國司法部長就電子跟蹤器手環EM漏洞 司法部索賠逾8300萬銖 http://www.udnbkk.com/article-286128-1.html 清華大學發現ARM、Intel處理器漏洞；華為發布Mate 30系列手機 https://kknews.cc/tech/qlklg5r.html makandra consul gem for Ruby 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16377 Agwl駭客組織再攻Phpstudy，新增Apache Solr漏洞利用 https://s.tencent.com/research/report/813.html 全球最大同性交友網站化身漏洞管理者，還有25個潛在漏洞排名 https://www.jishuwen.com/d/pmdz/zh-tw Kubernetes Kubectl曝安全漏洞，Rancher產品不受影響 https://segmentfault.com/a/1190000020464083 思科產品多個漏洞 https://tools.cisco.com/security/center/publicationListing.x Cisco Nexus 9000 Series CVE-2019-1901 CVSS V3 8.8 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo Cisco IOS XE Software CVE-2019-12646 CVSS V3 8.6 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-alg Cisco Catalyst 4000 Series Switches CVE-2019-12652 CVSS V3 8.6 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-cat4000-tcp-dos Cisco IOx for IOS Software CVE-2019-12648 CVSS V3 9.9 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth Cisco IOS XE Software CVE-2019-12650 CVE-2019-12651 CVSS V3 7.6 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection Cisco IOS and IOS XE Software CVE-2019-12654 CVSS V3 8.6 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos Cisco IOS XE Software CVE-2019-12653 CVSS V3 8.6 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dos Cisco IOS XE Software CVE-2019-12658 CVSS V3 8.6 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-fsdos Cisco IOx Application CVE-2019-12656 CVSS V3 7.5 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox Cisco IOS XE Software CVE-2019-12655 CVSS V3 8.6 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ftp Cisco IOS XE Software CVE-2019-12657 CVSS V3 8.6 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-utd Cisco IOS and IOS XE Software CVE-2019-12647 CVSS V3 8.6 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-identd-dos IBM WebSphere Application Server 多個漏洞 https://www.ibm.com/support/pages/security-bulletin-multiple-vulnerabilities-ibm-http-server-used-websphere-application-server WebSphere漏洞預警（CVE-2019-4505） https://www.agesec.com/news/7537.html pam-python 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16729 DOMPurify 跨站脚本漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16728 Update Google Chrome Browser to Patch New Critical Security Flaws https://thehackernews.com/2019/09/google-chrome-update.html Developer takes down Ruby library after he finds out ICE was using it https://www.zdnet.com/article/developer-takes-down-ruby-library-after-he-finds-out-ice-was-using-it/#ftag=RSSbaffb68 CVE-2019-4505：WebSphere任意文件讀取漏洞警報 https://www.linuxidc.com/Linux/2019-09/160757.htm ElasticSearch命令執行防禦（CVE-2014-3120） http://blog.itpub.net/69946337/viewspace-2658305/ VMware Security Advisories VMSA-2019-0014.1 https://www.vmware.com/security/advisories/VMSA-2019-0014.html Forcepoint VPN Client is Vulnerable to Privilege Escalation Attacks https://threatpost.com/forcepoint-vpn-client-is-vulnerable-to-privilege-escalation-attacks/148544/ Forcepoint VPN Client CVE-2019-6145 https://nvd.nist.gov/vuln/detail/CVE-2019-6145 CVE-2019-6145 Unquoted search path vulnerability in Forcepoint VPN Client for Windows https://support.forcepoint.com/KBArticle?id=000017525 arubanetworks -- arubaos https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-7081 D-Link DNS-320 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16057 tenda -- n301_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16288 tendacn -- n301_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16412 Western Digital WD My Book https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16399 Wireshark https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16319 arubanetworks -- arubaos CVE-2018-7081 CVSS 9.3 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-7081 apache -- tapestry CVE-2019-0195 CVSS 7.5 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0195 haxx -- curl CVE-2019-5481 CVSS 7.5 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5481 haxx -- curl CVE-2019-5482 CVSS 7.5 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5482 linux -- linux_kernel CVE-2019-14821 CVSS 7.2 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14821 linux-nfs -- nfs-utils CVE-2019-3689 CVSS 10.0 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3689 Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites https://www.zdnet.com/article/anonymous-researcher-drops-vbulletin-zero-day-impacting-tens-of-thousands-of-sites/#ftag=RSSbaffb68 [Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly https://thehackernews.com/2019/09/vbulletin-zero-day-exploit.html 微軟緊急修補兩個已遭大規模濫用的 0-day 漏洞 https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5108 CVE-2019-0801: MICROSOFT OFFICE URI HYPERLINK HIJINKS https://www.thezdi.com/blog/2019/9/24/cve-2019-0801-microsoft-office-uri-hyperlink-hijinks Microsoft Releases Emergency Patches for IE 0-Day and Windows Defender Flaw https://thehackernews.com/2019/09/windows-update-zero-day.html Microsoft: Windows 10 now on more than 900 million devices https://www.zdnet.com/article/microsoft-windows-10-now-on-more-than-900-million-devices/#ftag=RSSbaffb68 微軟例外修補IE、Windows Defender兩重大漏洞，IE零時差漏洞已有攻擊程式 https://ithome.com.tw/news/133226 Windows 10 updates drag down software customer satisfaction scores for Microsoft: ACSI https://www.zdnet.com/article/windows-10-updates-drag-down-software-customer-satisfaction-scores-for-microsoft-acsi/#ftag=RSSbaffb68 Microsoft releases out-of-band security update to fix IE zero-day & Defender bug https://www.zdnet.com/article/microsoft-releases-out-of-band-security-update-to-fix-ie-zero-day-defender-bug/#ftag=RSSbaffb68 Microsoft to provide free Windows 7 updates for voting systems in 2020 https://www.zdnet.com/article/microsoft-to-provide-free-windows-7-updates-for-voting-systems-in-2020/#ftag=RSSbaffb68 This free Windows 10 upgrade offer still works. Here's why -- and how to get it https://www.zdnet.com/article/this-free-windows-10-upgrade-offer-still-works-heres-why-and-how-to-get-it/#ftag=RSSbaffb68 Windows Defender Update Bug Breaks Quick and Full Scans https://winbuzzer.com/2019/09/19/windows-defender-update-bug-breaks-quick-and-full-scans-xcxwbn/ IE瀏覽器爆發高危漏洞：4年來所有版本Win10均需打補丁 https://news.xfastest.com/microsoft/70006/ie-4-win10/ IE 瀏覽器存在遠程代碼執行漏洞，攻擊者可藉此控制系統 http://bit.ly/2mQWaOE Red Hat introduces rolling release CentOS Stream https://www.zdnet.com/article/red-hat-introduces-rolling-release-centos-stream/#ftag=RSSbaffb68 CentOS 8.0 1905 is now available for download https://lists.centos.org/pipermail/centos/2019-September/173484.html Privilege escalation vulnerability patched in Forcepoint VPN for Windows https://www.zdnet.com/article/privilege-escalation-vulnerability-patched-in-forcepoint-vpn-for-windows/#ftag=RSSbaffb68 Adobe patches two critical issues with Cold Fusion https://www.scmagazine.com/home/security-news/vulnerabilities/adobe-patches-two-critical-issues-with-cold-fusion/ 13家知名品牌路由器隱藏125處漏洞，小米、華碩都中招！附125個漏洞列表 https://zhuanlan.zhihu.com/p/83942560 Grafana 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15635 Smart Battery A4 存在權限控制缺陷 https://tvn.twcert.org.tw/taiwanvn/TVN-201908003 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 開放銀行下階段…個資隱私 仍有外洩疑慮 https://udn.com/news/story/7239/4062515 解放客戶資料…開放銀行 月底登台 https://udn.com/news/story/7239/4062520 民眾反映許多機型老舊按鍵數字模糊 盼改善 http://www.ksnews.com.tw/index.php/news/contents_page/0001303122 趨勢科技：開放銀行法規PSD2存在風險 https://ec.ltn.com.tw/article/breakingnews/2925153 當 PSD2 開啟了更多扇門：開放銀行的風險 https://blog.trendmicro.com.tw/?p=62077 金融業小心！專家警告科技變革將帶來新衝擊 http://bit.ly/2lxxWca 尹衍樑談南山新系統始末 遭網友狂打臉 https://ec.ltn.com.tw/article/breakingnews/2926309 趨勢科技點出歐洲最新銀行法規，可能讓網路駭客對金融服務機構及客戶的攻擊大幅增加 http://bit.ly/2mK8uR2 ATM卡住存6萬2變2萬5 10天後在「神秘區域」找到了 https://udn.com/news/story/8864/4067543 假卡黨用ATM偷錢　原來同呢款提款卡有關 http://bit.ly/2mNi3yE 行庫動態：彰銀開放銀行藍圖大躍進，完成18支API驗證上架，實現數位生活應用 http://bit.ly/2lJQhmA 彰銀 攻開放銀行應用 https://udn.com/news/story/7239/4071057 維護金融網路安全 守護群眾金融利益 https://news.sina.com.tw/article/20190921/32726106.html 中國官方將推「數字人民幣」　交易全受政府監管　傳最快雙11登場 http://bit.ly/2lTmGXJ 小企難防網絡攻擊 6成遇「駭」沒保險 http://bit.ly/2m1gNId 香港金融管理局於9月25日發布香港招商永隆銀行有限公司發現詐騙網站 https://www.hkma.gov.hk/chi/news-and-media/press-releases/2019/09/20190925-6/ 香港金融管理局於9月25日發布香港中信銀行(國際)有限公司發現詐騙網站 https://www.hkma.gov.hk/chi/news-and-media/press-releases/2019/09/20190925-5/ 銀行公會改選理監事　台銀董座呂桔誠連任理事長 https://www.ettoday.net/news/20190926/1544109.htm 銀行公會108年9 月26日第13屆第1次會員代表大會新聞稿 https://www.ba.org.tw/Notice/Detail/1612 10月1日起烏茲別克斯坦ATM機將停止提取現金外幣 https://www.inform.kz/cn/10-1-atm_a3569735 手機訂房者請注意:信用卡側錄器正鎖定訂房網站 https://blog.trendmicro.com.tw/?p=62111 就像在 ATM 上安裝盜卡裝置一樣, 「Magecart」專偷線上刷卡資料 https://blog.trendmicro.com.tw/?p=61779 Magecart黑客瞄準公用Wi-Fi 免費收費都係目標 http://bit.ly/2n9vqZW Magecart strikes again: hotel booking websites come under fire https://www.zdnet.com/article/magecart-strikes-again-hotel-booking-websites-come-under-fire/#ftag=RSSbaffb68 Other Attackers Reuse Old Magecart Domains: Report https://www.bankinfosecurity.com/other-attackers-reuse-old-magecart-domains-report-a-13129 Old Magecart Domains are Being Bought Up for Monetization https://www.riskiq.com/blog/labs/magecart-reused-domains/ Magecart Group Targets Routers Behind Public Wi-Fi Networks https://threatpost.com/magecart-group-targets-routers-behind-public-wi-fi-networks/148662/ Eight US Cities See Payment Card Data Stolen https://www.bankinfosecurity.com/eight-us-cities-see-payment-card-data-stolen-a-13127 Second Wave of Click2Gov Breaches Hits United States https://geminiadvisory.io/second-wave-of-click2gov-breaches-hits-united-states/ Two years later, hackers are still breaching local government payment portals https://www.zdnet.com/article/two-years-later-hackers-are-still-breaching-local-government-payment-portals/#ftag=RSSbaffb68 Finance’s increasingly aware of the cyber threat, says France’s ANSSI https://cyceon.com/2019/09/20/finances-increasingly-aware-of-the-cyber-threat-says-frances-anssi/ ATM card cloning gang busted in Pratapgarh https://www.hindustantimes.com/cities/atm-card-cloning-gang-busted-in-pratapgarh/story-tgCFIvUhIuTqdB2r9dwTcM.html Hackers looking into injecting card stealing code on routers, rather than websites https://www.zdnet.com/article/hackers-looking-into-injecting-card-stealing-code-on-routers-rather-than-websites/#ftag=RSSbaffb68 3.電子支付/電子票證/行動支付/ pay/新聞及資安 從法令整併談電子支付競爭力 https://udn.com/news/story/7338/4066621 為了「反欺詐」 金融類App需要更多手機許可權 https://news.sina.com.tw/article/20190925/32763058.html 中國掀「刷臉支付」風潮，擬發布臉部辨識相關金融標準 https://technews.tw/2019/09/25/china-face-payment-publish-relevant-financial-standards/ 全台唯一Cross-site免跳轉技術，TapPay如何讓電商掉單率減3成 https://www.bnext.com.tw/article/54860/tappay-crosssite-fintech Zwei Drittel der Konsumenten zweifeln an Mobile Payment – Infografik https://www.der-bank-blog.de/zweifel-mobile-payment/studien/mobile-payment-studien/37657211/ 4.虛擬貨幣/區塊鍊相關新聞及資安 「證券型代幣」交易規範出爐，尺度難拿捏金管會一個頭兩個大 https://finance.technews.tw/2019/09/20/sto-rules-come-out-fsc/ 不只SM！韓國這些企業也紛紛開始涉足區塊鏈領域 http://news.knowing.asia/news/3bc3a343-935d-4847-af5a-0298d0476c6e 制裁不了嗎？朝鮮官員曝正開發加密貨幣 https://www.secretchina.com/news/b5/2019/09/20/907916.html 台灣證券型代幣 STO 法規細項出爐 這樣的法律遵循成本合理嗎 https://news.cnyes.com/news/id/4384388 IBM、花旗宣布加入新加坡區塊鏈加速器 Tribe Accelerator https://news.cnyes.com/news/id/4384291 加密貨幣新篇章，比特幣實物交割期貨正式上市 https://finance.technews.tw/2019/09/23/bitcoin-future-contract-launch/ fb狂彈麟伯賣bitcoin廣告 金管局：銀行估逾2,000客戶提供信用卡資料 https://hk.finance.appledaily.com/finance/realtime/article/20190923/60077244 實名制區塊鏈改變加密貨幣交易生態! Maxonrow即將上架KuCoin交易所 http://bit.ly/2mwvUZU 對於機構投資者來說，Bakkt的開張代表著什麼 http://news.knowing.asia/news/07fc5e31-3707-4c1f-8fe5-90b178078758 區塊鏈安全入門筆記（系列1-10完整版） https://paper.seebug.org/973/ 比特幣ATM大爆發　Bitcoin Depot明年在美安裝發破千台 https://www.ettoday.net/news/20190924/1542004.htm Forbes：傳統金融體系和比特幣一樣脆弱 http://news.knowing.asia/news/ee5c136b-8a27-4a60-b928-497a5f0628c0 Exclusive: TalkTalk hacker also breached EtherDelta cryptocurrency exchange https://www.zdnet.com/article/exclusive-talktalk-hacker-also-breached-etherdelta-cryptocurrency-exchange/#ftag=RSSbaffb68 Blockchain ID checks: How this startup is now verifying identities online https://www.zdnet.com/article/blockchain-id-checks-how-this-startup-is-now-verifying-identities-online/#ftag=RSSbaffb68 Coinbase mulls over bringing Telegram to its cryptocurrency trading platform https://www.zdnet.com/article/coinbase-mulls-over-adding-telegram-to-trading-platform/#ftag=RSSbaffb68 Singapore Bank Giant OCBC Joins JPMorgan’s Blockchain Network https://cointelegraph.com/news/singapore-bank-giant-ocbc-joins-jpmorgans-blockchain-network Kik messaging app binned to focus on Kin cryptocurrency court case https://www.zdnet.com/article/kik-messaging-app-binned-to-focus-on-kin-cryptocurrency-development/#ftag=RSSbaffb68 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 惡意程式冒充知名廣告封鎖外掛 微軟等逾300網站受害 https://udn.com/news/story/7088/4062481 偽裝成股票交易軟體 Stockfolio 竊個資的 Mac 惡意應用程式 https://blog.trendmicro.com.tw/?p=62115 趨勢科技發現股票交易軟體木馬 Mac用戶小心個資遭竊 https://www.chinatimes.com/realtimenews/20190925003159-260412?chdtv Mac用戶注意！傳木馬病毒入侵　偽裝股票交易竊取個資 https://www.setn.com/news.aspx?NewsID=608253 Mac用戶注意！惡意程式偽裝股票交易軟體竊取個資 https://www.ettoday.net/news/20190925/1543098.htm Mac用戶注意！傳木馬病毒竊取個資 http://bit.ly/2lhe39c Mac資安亮紅燈？惡意程式偽裝股票交易軟體竊個資 https://fnc.ebc.net.tw/FncNews/headline/100957 Phony IRS Emails Promise Refund, But Deliver Botnet Instead https://www.bankinfosecurity.com/phony-irs-emails-promise-refund-but-deliver-botnet-instead-a-13126 New Phishing Campaign Targets U.S. Taxpayers by Dropping Amadey Botnet https://cofense.com/new-phishing-campaign-targets-u-s-taxpayers-dropping-amadey-botnet/ Cryptocurrency Malware Group ‘Panda’ Has Amassed Nearly $100,000 in Monero https://www.cryptoglobe.com/latest/2019/09/cryptocurrency-malware-group-panda-has-amassed-nearly-100000-in-monero/ ‘Panda’ Crypto Malware Group Has Nabbed $100K in Monero Since 2018 https://www.coindesk.com/panda-crypto-malware-group-has-nabbed-100k-in-monero-since-2018 Panda Malware Group Has Pulled In $100,000 in Illicit Monero Hacking, Says Report https://kryptomoney.com/panda-malware-group-has-pulled-in-100000-in-illicit-monero-hacking-says-report/ Swiss information security body warns of wave of “Emotet” banking trojan malware https://financefeeds.com/swiss-information-security-body-warns-wave-emotet-banking-trojan-malware/ Emotet, a dangerous botnet spams malicious emails, “targets 66,000 unique emails for more than 30,000 domain http://bit.ly/2ky2XfG Emotet Trojan Evolves Since Being Reawakend, Here is What We Know https://www.bleepingcomputer.com/news/security/emotet-trojan-evolves-since-being-reawakend-here-is-what-we-know/ Emotet Malware – An Introduction to the Banking Trojan https://soundbytes.org/2019/09/21/emotet-malware-an-introduction-to-the-banking-trojan/ Emotet Botnet Now Using Snowden's Memoir as a Lure https://www.bankinfosecurity.com/emotet-botnet-now-using-snowdens-memoir-as-lure-a-13142 "Emotet" antwortet selbstständig auf E-Mails https://www.t-online.de/digital/sicherheit/id_86486698/schadsoftware-ist-zurueck-emotet-antwortet-selbststaendig-auf-e-mails.html 2019-09-19 - DATA DUMP: URSNIF, EMOTET, AND FORMBOOK INFECTIONS https://www.malware-traffic-analysis.net/2019/09/19/index.html 2019-09-25 - DATA DUMP: EMOTET INFECTION WITH TRICKBOT IN AD ENVIRONMENT https://www.malware-traffic-analysis.net/2019/09/25/index2.html 2019-09-25 - DATA DUMP: TRICKBOT INFECTION, GTAG ONO19 https://www.malware-traffic-analysis.net/2019/09/25/index.html 2019-09-26 - DATA DUMP: TWO URSNIF INFECTIONS https://www.malware-traffic-analysis.net/2019/09/26/index.html News Wrap: Emotet’s Return, U.S. Vs. Snowden, Physical Pen Testers Arrested https://threatpost.com/news-wrap-emotets-return-u-s-vs-snowden-physical-pen-testers-arrested/148535/ Wie man Malware analysiert und dateilose Angriffe lanciert https://www.netzwoche.ch/storys/2019-09-19/wie-man-malware-analysiert-und-dateilose-angriffe-lanciert NEW REPORT OFFERS ANALYSIS ON THE ANTIVIRUS SOFTWARE MARKET https://newsspaceflight.com/new-report-offers-analysis-on-the-antivirus-software-market/ 2019-09-19 - DATA DUMP: URSNIF, EMOTET, AND FORMBOOK INFECTIONS https://www.malware-traffic-analysis.net/2019/09/19/index.html 2019-09-24 - PCAP AND MALWARE FOR AN ISC DIARY (QUASAR RAT) https://www.malware-traffic-analysis.net/2019/09/24/index.html Meet Stop Ransomware: The Most Active Ransomware Nobody Talks About https://www.bleepingcomputer.com/news/security/meet-stop-ransomware-the-most-active-ransomware-nobody-talks-about/ Payouts from insurance policies may fuel ransomware attacks https://news.yahoo.com/payouts-insurance-policies-may-fuel-153100593.html Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign https://securityaffairs.co/wordpress/91525/malware/agent-tesla-malware-campaign.html Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign https://blog.yoroi.company/research/commodity-malware-reborn-the-agenttesla-total-oil-themed-campaign/ Autumn Aperture: Threat Campaign Highlights New Evasion Technique using an Antiquated File Format https://blog.prevailion.com/2019/09/autumn-aperture-report.html North Korean Hackers Use New Tricks in Attacks on U.S. https://www.securityweek.com/north-korean-hackers-use-new-tricks-attacks-us North Korean hackers employ antiquated file formats to evade detection https://www.cybersecurity-help.cz/blog/677.html?affChecked=1 ATMDtrack – North Korean Hacker Group Attacking ATMs in India to Steal Card Details https://bkhackers-on-security.blogspot.com/2019/09/atmdtrack-north-korean-hacker-group.html New North Korean malware targeting ATMs spotted in India https://www.zdnet.com/article/new-north-korean-malware-targeting-atms-spotted-in-india/#ftag=RSSbaffb68 Kaspersky: Dual-Use Dtrack Malware Linked to ATM Thefts https://www.bankinfosecurity.com/kaspersky-dual-use-dtrack-malware-linked-to-atm-thefts-a-13144 The Lazarus Group is Using a new Banking Malware Against Indian Banks https://www.technadu.com/lazarus-group-new-banking-malware-against-indian-banks/80747/ India's ATM malware issues traced to North Korea https://gulfnews.com/world/asia/india/indias-atm-malware-issues-traced-to-north-korea-1.1569245535186 Dtrack RAT is Behind Virulent ATM-Espionage Campaign https://threatpost.com/north-korea-atm-espionage-malware-dtrack/148602/ State-Backed Attackers Target US Entities with LookBack Malware https://www.bleepingcomputer.com/news/security/state-backed-attackers-target-us-entities-with-lookback-malware/ Malicious Ad Blockers for Chrome Caught in Ad Fraud Scheme https://threatpost.com/malicious-ad-blockers-for-chrome-caught-in-ad-fraud-scheme/148591/ Fake Ad Blockers 2: Now with Cookies and Ad Fraud https://adguard.com/en/blog/fake-ad-blockers-part-2.html 17 US utility firms targeted by mysterious state-sponsored group https://www.zdnet.com/article/17-us-utility-firms-targeted-by-mysterious-state-sponsored-group/#ftag=RSSbaffb68 State-Backed Attackers Target US Entities with LookBack Malware https://www.bleepingcomputer.com/news/security/state-backed-attackers-target-us-entities-with-lookback-malware/ Malware Found Hiding in Fake Income Tax Department Emails, CERT-in Warns https://gadgets.ndtv.com/internet/news/fake-income-department-emails-malware-hiding-cert-in-advistory-2105800 German authority reiterates warning over malware Emotet https://www.telecompaper.com/news/german-authority-reiterates-warning-over-malware-emotet--1309405 Political targets at risk as Fancy Bear returns with refreshed backdoor malware https://www.zdnet.com/article/political-targets-at-risk-as-fancy-bear-returns-with-refreshed-backdoor-malware/#ftag=RSSbaffb68 Russian APT Map Reveals 22,000 Connections Between 2000 Malware Samples https://thehackernews.com/2019/09/russia-hacking-groups-map.html Russia-Backed APT Groups Compete With Each Other: Report https://www.bankinfosecurity.com/russia-backed-apt-groups-compete-each-other-report-a-13149 Did GandCrab Gang Fake Its Ransomware Retirement https://www.bankinfosecurity.com/did-gandcrab-gang-fake-its-ransomware-retirement-a-13146 TFlower Ransomware Campaign https://cyber.gc.ca/en/alerts/tflower-ransomware-campaign Canadian Centre for Cyber Security Releases Advisory on New Ransomware Campaign https://www.us-cert.gov/ncas/current-activity/2019/09/25/canadian-centre-cyber-security-releases-advisory-new-ransomware Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host https://blog.talosintelligence.com/2019/09/divergent-analysis.html Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware https://www.microsoft.com/security/blog/2019/09/26/bring-your-own-lolbin-multi-stage-fileless-nodersok-campaign-delivers-rare-node-js-based-malware/ Microsoft: New Nodersok malware has infected thousands of PCs https://www.zdnet.com/article/microsoft-new-nodersok-malware-has-infected-thousands-of-pcs/#ftag=RSSbaffb68 Malware operators abuse Windows Narrator software in Asian attack wave https://www.zdnet.com/article/malware-operators-replace-windows-narrator-software-with-trojan-in-new-wave-of-attacks/#ftag=RSSbaffb68 PcShare Backdoor Attacks Targeting Windows Users with FakeNarrator Malware https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html 'Fancy Bear' Hacking Group Adds New Capabilities, Targets https://www.bankinfosecurity.com/fancy-bear-hacking-group-adds-new-capabilities-targets-a-13150 No summer vacations for Zebrocy https://www.welivesecurity.com/2019/09/24/no-summer-vacations-zebrocy/ Cisco: Hacking Group Targets US Veterans https://www.bankinfosecurity.com/cisco-hacking-group-targets-us-veterans-a-13152 How Tortoiseshell created a fake veteran hiring website to host malware https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html B.行動安全 / iPhone / Android /穿戴裝置 /App 如何檢測手機電池是否壞掉 https://blog.trendmicro.com.tw/?p=61926 Telegram、Whatsapp訊息刪除功能涉造假？黑客爆漏洞、連兩方回應 http://bit.ly/2m0IOiA 中共如何獲取推特帳號 進行虛假宣傳 http://www.epochtimes.com/b5/19/9/20/n11535181.htm 超2000款App需整改！360專家：開發者應及時自查 http://www.ccidnet.com/2019/0921/10489080.shtml 平均每款安卓終端漏洞達21個！黑產不斷演進，智能電視也被攻擊 https://kknews.cc/tech/em2vaa4.html iOS 13鎖屏旁路漏洞泄露聯繫人信息 | 大量安卓 VPN 惡意嵌入廣告 https://read01.com/gR44z0G.html 5G催化網絡安全投資機會下匹黑馬即將浮現 https://www.jfinfo.com/news/20190922/2409184 java 反射和反序列化破解單例模式和填補漏洞方法 https://blog.51cto.com/14437184/2440143 app暗藏追蹤程式 網購類最高危 http://paper.wenweipo.com/2019/09/23/YO1909230018.htm 華為Mate30 Pro被外國大神破解：可以裝Google全家餐 https://applealmond.com/posts/59069 Check Point Research揭露Android手机安全性漏洞 http://gb-www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000568584_P176MAFP77ELXF53MRLZZ#ixzz60JBLaVsy 安卓用戶注意！知名「掃描軟體」驚傳內藏木馬程式 百萬用戶重招了 https://cnews.com.tw/134190922a02/ 谷歌急下架！手機狂掉電、廣告狂跳？小心載到這2款APP https://www.setn.com/News.aspx?NewsID=607107 中美鬥法 華為 蘋果新機對撼 http://bit.ly/2m6QwaM 中國黑客疑用蘋果漏洞　入侵流亡西藏人手機通訊 https://hk.on.cc/hk/bkn/cnt/cnnews/20190925/bkn-20190925150016184-0925_00952_001.html 疑似中國黑客入侵西藏人手機通訊 https://www.voacantonese.com/a/Chinese-Hackers-Who-Pursued-Uighurs-Also-Targeted-Tibetans-20190924/5096230.html 不只維吾爾人！ 報告：中共駭客鑽IPHONE漏洞攻擊流亡藏人 https://www.bannedbook.org/bnews/zh-tw/cbnews/20190925/1197001.html 加大學研究：疑中國黑客用蘋果手機漏洞　入侵流亡西藏人手機通訊 http://bit.ly/2nhrN4d 5G企業專網 立委有異見 https://money.udn.com/money/story/5612/4064491 iPhone藍牙恐「外洩定位」　iOS 13警示大開！全APP須用戶同意才能開啟 https://www.ettoday.net/news/20190925/1542472.htm iOS13災情多！信用卡個資被看光 http://bit.ly/2nipZYM 別更新！iOS13再傳定位外洩bug 蘋果急推新版滅火 https://fnc.ebc.net.tw/FncNews/tech/100798 IG用戶注意：侵權警告信件可能是網釣攻擊 https://ithome.com.tw/news/133257 大量 Instagram 釣魚郵件，藉侵權為由騙取帳號控制權 https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=928 YouTube 大量用戶帳號遭劫持，創作者哀鴻遍野 https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=914 小心！Telegram 群人肉搜索個資 北京辨識示威者 http://m.secretchina.com/news/b5/2019/09/27/908644.html 1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp https://thehackernews.com/2019/09/iphone-android-hacking-tibet.html Google removes Android apps caught grossly overcharging users for basic features https://www.zdnet.com/article/google-removes-android-apps-caught-grossly-overcharging-users-for-basic-features/#ftag=RSSbaffb68 Chameleon gambling apps wiped from App Store, Google Play https://www.zdnet.com/article/chameleon-gambling-apps-wiped-from-ios-store-google-play/#ftag=RSSbaffb68 C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件 2019上半年 全球惡意網址威脅高達4.9億次 https://money.udn.com/money/story/5613/4059461 駭客入侵Google Nest 情侶慘遭惡作劇 http://bit.ly/2lQtxBg TANET研討會 聚焦5大主軸 https://news.sina.com.tw/article/20190925/32768866.html 育碧起身對抗DDoS和DoS攻擊者 http://bit.ly/2l22l28 研究：美國前500大企業6成被駭客入侵 http://bit.ly/2nEp6tK 空巴供應商遭駭客攻擊 安全人士疑與中國有關 https://www.rti.org.tw/news/view/id/2035768 開發人員集訓中心Thinkful遭駭，重設所有用戶密碼 https://ithome.com.tw/news/133199 民眾黨官網被駭7天後重新上線 強調加強安全防護 https://news.ltn.com.tw/news/politics/breakingnews/2924049 TANET 2019臺灣網際網路研討會 駭客與防禦者互相攻防 https://udn.com/news/story/7327/4067746 華為再遇挫　遭國際資安組織暫停會員資格 https://www.setn.com/News.aspx?NewsID=605390 現有海康威視監視器 中山大：資安無虞 https://living.taronews.tw/2019/09/20/471782/ 中國「天眼」系統 2020 前全面監控澳門，台灣卻還在使用中國製監視器 https://buzzorange.com/techorange/2019/09/23/macau-surveillance-2020/ 網路安全產業前景廣闊網安人才走俏 http://news.stcn.com/2019/0922/15401675.shtml 快速打造企業級資安防禦的新指南 https://www.ithome.com.tw/voice/133166 【快速認識NIST網路安全框架】從五大構面評估企業資安防禦現況與目標 https://www.ithome.com.tw/news/133170 專家大推的NIST網路安全框架規畫工具 https://www.ithome.com.tw/news/133171 【NIST CSF導入關鍵】7步驟打造整體安全防護網，從盤點現況與成熟度評估著手 https://www.ithome.com.tw/news/133172 NIST網路安全框架當紅 https://www.ithome.com.tw/article/133173 第二屆全國中學生網絡安全競賽決賽在西安電子科技大學舉行 http://news.xiancn.com/content/2019-09/21/content_3501494.htm 中國大陸800餘萬重慶人參與2019年重慶市網絡安全宣傳周活動 http://news.cbg.cn/hotnews/2019/0926/11330957.shtml 中國大陸成都兩支隊伍闖入2019年工業信息安全技能大賽決賽 https://news.sina.com.cn/c/2019-09-26/doc-iicezzrq8501668.shtml 中國科大在量子密鑰分發實際安全性研究方面取得新進展 https://news.sina.com.cn/o/2019-09-23/doc-iicezueu7890259.shtml 中國大陸湖北“淨網2019”專項行動破案3624起下架APP2092個 http://news.xmnn.cn/xmnn/2019/09/20/100601559.shtml 中國大陸成都打擊處置違法網民80餘人次淨化網絡環境 https://finance.jrj.com.cn/2019/09/21161728163090.shtml 中國大陸貴州開展網站專項整治工作 https://tech.sina.com.cn/roll/2019-09-23/doc-iicezueu7728143.shtml 中俄網路行為不端 27國簽署網路安全聲明 http://www.secretchina.com/news/b5/2019/09/25/908417.html?code=b5 27國簽署聯合聲明 暗批中共網絡行為不端 https://www.ntdtv.com/b5/2019/09/25/a102672318.html 27國簽署網絡安全聲明 暗批中俄網絡行為不端 http://chinese.efreenews.com/a/27guoqianshuwangluoanquanshengming-anpizhongewangluohengweifouduan 美眾議院擬撥10億美元 援助電信業者汰換華為 https://news.cnyes.com/news/id/4386407 中國頻頻竊取美企商業機密 美國官員：企業應做好防備 https://ec.ltn.com.tw/article/breakingnews/2924201 美司法部：中國國家支持偷竊技術 美企應加強防範 https://news.cnyes.com/news/id/4385473 美國空軍將重金懸賞黑客排查軌道衛星系統漏洞 http://www.360.cn/n/11088.html 台灣已進入準戰爭狀態？ 中國資訊戰操作對立手法曝光 https://news.ltn.com.tw/news/politics/breakingnews/2921283 網路駭客戰 台美合作演練 https://udn.com/news/story/11311/4062695 台美首聯合網攻演練 15國黑客攻台尋漏洞 http://bit.ly/2kzdTJY 台美11月舉行網絡攻防演習 https://news.now.com/home/international/player?newsId=363640 台美首聯合網攻演練 15國黑客攻台尋漏洞 http://bit.ly/2kzdTJY 15國資安團隊實兵演練進攻政府網路！「大規模網路攻防演練」強化台灣資安 https://www.storm.mg/article/1740947 【歐美 15 國網軍將攻台 5 天】台美首度合作「網路攻防演練」！「假同事」將傳訊息測台官員是否中招 https://buzzorange.com/2019/09/23/15-countries-cyberwarfare-units-will-test-taiwan/ 台美首度網路攻防演練 15國網軍11月測試台灣資安 https://times.hinet.net/news/22570520 台美首聯合網攻演練 15國黑客攻台尋漏洞 http://bit.ly/2kzdTJY 台灣不是資訊戰唯一受害者！學者江雅綺舉德、法、美政府反制假資訊對策 https://musou.watchout.tw/read/wdGej8t2lfmHFErpHHcg 北美公用事業帳單入口網站系統Click2Gov二度被駭客鎖定 https://www.ithome.com.tw/news/133200 國家級駭客鎖定美國的公用事業服務供應商展開魚叉式網釣攻擊 https://www.ithome.com.tw/news/133252 沙國遭攻擊 區內網戰將更激烈 https://m.ctee.com.tw/livenews/gj/a98601002019092220584235?area= 捷克政府機關遇網攻 情報單位控中國幕後黑手 https://money.udn.com/money/story/5599/4069542 捷克政府機關遇網攻 情報單位控中共是幕後黑手 https://www.ydn.com.tw/News/354110 日本海事協會建立跨單位網路資安小組 https://m.ctee.com.tw/livenews/aj/a98623002019092315074036 US military veterans targeted by Iranian state hackers https://www.zdnet.com/article/us-military-veterans-targeted-by-iranian-state-hackers/#ftag=RSSbaffb68 Russian state hackers rarely share code with one another https://www.zdnet.com/article/russian-state-hackers-rarely-share-code-with-one-another/#ftag=RSSbaffb68 Report: FBI Subpoenaed Data From Banks, Credit Agencies https://www.bankinfosecurity.com/report-fbi-subpoenaed-data-from-banks-credit-agencies-a-13130 'Carpet-bombing' DDoS attack takes down South African ISP for an entire day https://www.zdnet.com/article/carpet-bombing-ddos-attack-takes-down-south-african-isp-for-an-entire-day/#ftag=RSSbaffb68 NEW DDOS VECTOR OBSERVED IN THE WILD: WSD ATTACKS HITTING 35/GBPS https://blogs.akamai.com/sitr/2019/09/new-ddos-vector-observed-in-the-wild-wsd-attacks-hitting-35gbps.html Accused JPMorgan Chase Hacker Plans to Plead Guilty https://www.bankinfosecurity.com/jpmorgan-chases-accused-hacker-plans-to-plead-guilty-a-13128 Analysis: Fallout From the Snowden Memoir https://www.bankinfosecurity.com/interviews/analysis-fallout-from-snowden-memoir-i-4449 Report: UK Universities Vulnerable to Cyberattacks https://www.bankinfosecurity.eu/report-uk-universities-vulnerable-to-cyberattacks-a-13132 Fortinet leading the fight against cybercriminals https://www.scotsman.com/business/fortinet-leading-the-fight-against-cybercriminals-1-5007569 99 percent of all misconfigurations in the public cloud go unreported https://www.zdnet.com/article/99-percent-of-all-misconfiguration-in-the-public-cloud-go-unreported/#ftag=RSSbaffb68 Dear network operators, please use the existing tools to fix security https://www.zdnet.com/article/dear-network-operators-please-use-the-existing-tools-to-fix-security/#ftag=RSSbaffb68 FedEx execs: We had no idea cyberattack would be so bad. Investors: Is that why you sold $40m+ of your own shares https://www.theregister.co.uk/2019/09/19/fedex_execs_sued/ Cyber Crime & Cyber Security https://isc2central.blogspot.com/2019/09/cybercrimeandcybersecurity.html SQL Attacks are a piece of Cake for Hackers – and the Risk to Firms is High https://www.cbronline.com/feature/sql-attacks Avid Users Are Suddenly Finding That Their Macs Won’t Boot https://www.bleepingcomputer.com/news/software/avid-users-are-suddenly-finding-that-their-macs-won-t-boot/ JPMorgan Chase's Russian Hacker Pleads Guilty https://www.bankinfosecurity.com/jpmorgan-chases-russian-hacker-pleads-guilty-a-13138 'Carpet-bombing' DDoS attack takes down South African ISP for an entire day https://www.zdnet.com/article/carpet-bombing-ddos-attack-takes-down-south-african-isp-for-an-entire-day/#ftag=RSSbaffb68 International traffic - DDoS - Cool Ideas https://coolzone.cisp.co.za/announcements.php?announcement=2038-international-traffic-ddos-cool-ideas NIST to Finalize Privacy Framework Soon https://www.bankinfosecurity.com/nist-to-finalize-privacy-framework-soon-a-13147 AT&T redirected pen-test payloads to the FBI's Tips portal https://www.zdnet.com/article/at-t-redirected-pen-test-payloads-to-the-fbis-tips-portal/#ftag=RSSbaffb68 【資安所】Security Researcher(資安研究員) https://www.104.com.tw/job/6qnvk?jobsource=keyword2Keyword ASP網頁程式設計-資安工程師(找漏洞及除bug) https://myptt.cc/article/Soft_Job/M.1229939985.A.D5B 資訊安全人員 https://www.104.com.tw/job/6qh85 行政管理師 https://www.104.com.tw/job/6qtkd D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 駭客怎麼騙你的？ 趨勢科技快閃店演給你看 https://ec.ltn.com.tw/article/breakingnews/2922033 買網拍要注意！網購平台個資外洩　2女遭「假客服」詐3萬元 https://www.ettoday.net/news/20190921/1540276.htm 烏龍詐團給錯銀行帳戶 8年級美眉不能匯款仍被騙 https://udn.com/news/story/7315/4060819 8年級妙齡女被假客服騙 年度5大高風險網購平台 https://news.ltn.com.tw/news/Taipei/breakingnews/2922607 美妝賣場疑個資外洩 無良詐團專騙8年級美眉 https://www.chinatimes.com/realtimenews/20190921002173-260402?chdtv 詐騙集團盜用臉書LINE帳號詐財　警1天內逮獲車手、幹部3人 https://www.ettoday.net/news/20190920/1539914.htm 澳門女子墮入“情網”被“愛郎”騙768萬人民幣 http://www.hkcna.hk/content/2019/0920/785546.shtml 男子利用漏洞操控67萬台計算機信息詐騙獲利600萬 https://news.163.com/19/0921/03/EPIM565B0001899O.html 新加坡個資外洩罰款飆增 今年來達94萬美元 https://money.udn.com/money/story/5602/4062656 為什麼我們被網絡釣魚攻擊所吸引 https://betanews.com/2019/09/24/hooked-by-phishing-attacks/ 批大學推動「人臉辨識」侵犯學生個資　人本執行長：再多說法都不能改變「監控」的本質 https://www.storm.mg/article/1757090 看到有人操作ATM離開...機器竟吐鈔！　她爽拿1萬4挨告 https://www.ettoday.net/news/20190926/1543671.htm 警方偵破花、北、高電信詐騙集團 https://newtalk.tw/news/view/2019-09-26/303405 租花蓮民宅當機房 詐團16人被逮 http://www.ksnews.com.tw/index.php/news/contents_page/0001304570 「帳戶遭凍結」！　中華電信前董座遭詐167萬 https://news.tvbs.com.tw/local/1206726 美國外賣服務DoorDash數據洩露：影響490萬人 https://www.cnbeta.com/articles/tech/893869.htm BRT呼籲美國儘快立法保護消費者資料 https://www.nccst.nat.gov.tw/NewsRSSDetail.aspx?lang=zh&RSSType=news&seq=16296 商業詐騙攻擊日益猖獗 https://www.nccst.nat.gov.tw/NewsRSSDetail.aspx?lang=zh&RSSType=news&seq=16295 「尋找我的 iPhone」卻找到釣魚網站,導致 Apple 登入憑證被盜 https://blog.trendmicro.com.tw/?p=61917 垃圾信夾帶山寨新聞網站連結,引導至虛擬貨幣交易詐騙網站 https://blog.trendmicro.com.tw/?p=62015 Bulgarian Man Sentenced for Massive Phishing Scheme https://www.bankinfosecurity.com/bulgarian-man-sentenced-for-massive-phishing-scheme-a-13135 AWS says servers secure following Malindo Air data breach https://www.zdnet.com/article/aws-says-servers-secure-following-malindo-air-data-breach/#ftag=RSSbaffb68 Mobile Phishing – Gefahr für Nutzer und Unternehmen https://www.ip-insider.de/mobile-phishing-gefahr-fuer-nutzer-und-unternehmen-a-863767/ Phishing email in garb of I-T dept lurking in Indian cyberspace: Advisory https://economictimes.indiatimes.com/tech/internet/phishing-email-in-garb-of-i-t-dept-lurking-in-indian-cyberspace-advisory/articleshow/71244005.cms Study shows that majority of second-hand hard drives contain previous owner’s data https://www.zdnet.com/article/study-shows-that-majority-of-second-hand-hard-drives-contain-previous-owners-data/ Malindo Air Blames Data Leak on Third-Party Supplier https://www.bankinfosecurity.asia/malindo-air-blames-data-leak-on-third-party-supplier-a-13137 ‘Delete immediately’: Convincing Netflix scam takes your card details https://au.finance.yahoo.com/news/dont-click-on-this-netflix-scam-001715461.html Heyyo dating app leaked users' personal data, photos, location, more https://www.zdnet.com/article/heyyo-dating-app-leaked-users-personal-data-photos-location-data-more/#ftag=RSSbaffb68 E.研究報告 滲透測試流程關於文件上傳漏洞的檢測與修復過程 https://cloud.tencent.com/developer/article/1509827 個案分析-勒索病毒GoGaLocker攻擊事件分析報告_10809 https://cert.tanet.edu.tw/prog/opendoc.php?id=2019092702094545603639826586556.pdf CVE-2019-12922：phpMyAdmin 0 Day 漏洞 https://www.chainnews.com/articles/824370151698.htm Windows遠程桌面服務漏洞（CVE-2019-0708）復現測試 https://www.4hou.com/vulnerable/20422.html CVE-2018-6924：解析FreeBSD ELF 頭導致內核內存洩露 https://www.freebuf.com/vuls/213345.html Microsoft Edge瀏覽器的Universal XSS漏洞分析（CVE-2019-1030） https://www.4hou.com/info/news/20307.html Mondoo：雲本土安全和漏洞風險管理系統 https://www.freebuf.com/sectool/213651.html 泛微OA管理系統RCE漏洞利用腳本 https://www.xj.hk/thread-3330.htm 【漏洞復現】 CVE-2019-14540遠程代碼執行漏洞分析&復現 https://mp.weixin.qq.com/s/D2-gTqfMfx_fs8usi77QPQ Forcepoint VPN的客戶端曝出權限提升漏洞 https://nosec.org/home/detail/2983.html 對WebLogic漏洞及補丁的分析 https://www.anquanke.com/post/id/186812 滲透測試網站安全基礎點講解 https://www.admin5.com/article/20190923/925996.shtml CVE-2019-5475：Nexus2 yum插件RCE漏洞復現 https://www.icode9.com/content-3-463516.html phpMyAdmin爆出安全漏洞，跨站點請求偽造，附帶解決方案 http://www.safebase.cn/article-258604-1.html VS下EXE可執行文件啟動代碼剖析（5）使用動態運行庫的EXE https://blog.csdn.net/wangpengk7788/article/details/53999213 Jenkins插件漏洞分析 https://www.freebuf.com/vuls/213085.html Jenkins Git client 插件命令執行漏洞(CVE-2019-10392) https://www.chainnews.com/articles/442462553660.htm Thinkphp反序列化利用鏈深入分析 https://paper.seebug.org/1040/ phpStudy 隱藏後門[漏洞插件編寫] https://www.chainnews.com/articles/576921738649.htm 應用安全- 端口漏洞整理 https://www.cnblogs.com/nul1/p/11584058.html 利用Python腳本實現漏洞情報監控與通知的經驗分享 https://zhuanlan.zhihu.com/p/84074544 CVE-2019-0232-ApacheTomca遠程執行代碼漏洞復現 https://cloud.tencent.com/developer/article/1512468 網站滲透測試詳細檢測方法 https://www.admin5.com/article/20190925/926538.shtml CVE-2019-12922：phpMyAdmin 0 Day漏洞 https://blog.pumo.com.tw/archives/1103 隨機數之殤——EOS 新型隨機數攻擊手法細節分析 https://paper.seebug.org/1042/ CVE-2019-1663 Cisco 的多個低端設備的堆棧緩衝區溢出漏洞分析 https://paper.seebug.org/1039/ D-Link DIR-816 A2路由器安全研究分享 https://paper.seebug.org/1036/ BlueKeep Exploit Analysis https://paper.seebug.org/1038/ Microsoft Office中URI劫持漏洞所導致的目錄穿越 https://www.freebuf.com/column/215456.html 使用Ghidra 對iOS 應用進行msgSend 分析 https://paper.seebug.org/1037/ Reversing Cisco IOS Raw Binary Firmware Images with Ghidra https://gist.github.com/nstarke/ed0aba2c882b8b3078747a567ee00520 JohnTroony/HUAWEI_MOBILE_WIFI https://github.com/JohnTroony/HUAWEI_MOBILE_WIFI The Zeek Network Security Monitor https://github.com/zeek/zeek Security Threat Intelligence Solutions Market Growth Sales Revenue Analysis 2019-2027 https://bestmarketherald.com/security-threat-intelligence-solutions-market-growth-sales-revenue-analysis-2019-2027/ Talos Reveals Panda Crypto Malware Group’s Scoop Of $100K in Monero Since 2018 https://www.cryptonewsz.com/talos-reveals-panda-crypto-malware-groups-scoop-of-100k-in-monero-since-2018/43422/ Crack WPA/WPA2 Wi-Fi Routers with Aircrack-ng and Hashcat by Brannon Dorsey https://hakin9.org/crack-wpa-wpa2-wi-fi-routers-with-aircrack-ng-and-hashcat/ Andromeda - Interactive Reverse Engineering Tool for Android Applications https://github.com/secrary/Andromeda OWASP API Security Project https://www.owasp.org/index.php/OWASP_API_Security_Project Extract the secret keys from android application https://github.com/ShapManasick/SecretumDroid Security: HTTP Smuggling, Apache Traffic Server https://regilero.github.io/english/security/2019/10/17/security_apache_traffic_server_http_smuggling/ Security: HTTP Smuggling, Jetty https://regilero.github.io/english/security/2019/04/24/security_jetty_http_smuggling/ Rise of RDP as a target vector https://www.helpnetsecurity.com/2019/09/25/rdp-target-vector/ BurpSuite-Extender-phpStudy-Backdoor-Scanner https://github.com/gh0stkey/BurpSuite-Extender-phpStudy-Backdoor-Scanner Easy Trick to Upload a Web Shell and Bypass AV Products https://blog.offensivebits.ae/easy-trick-to-upload-webshell-bypass-av/ webshell/fuzzdb-webshell https://github.com/tennc/webshell/tree/master/fuzzdb-webshell F.商業 中華電信HiNet資安艦隊出航 CISCO Firepower 2100為企業打造新世代防火牆 https://www.cw.com.tw/article/article.action?id=5097000 深耕物聯網資安防護領域，研華(2395)與Acronis簽訂全球經銷協議 http://bit.ly/2mb9sFV 安碁資訊擁兩大成長引擎 估10月下旬掛牌上櫃 https://udn.com/news/story/7251/4070504 Azure Sentinel, Microsoft's cloud-based SIEM, hits general availability https://www.zdnet.com/article/azure-sentinel-microsofts-cloud-based-siem-hits-general-availability/#ftag=RSSbaffb68 Two Widely Used Ad Blocker Extensions for Chrome Caught in Ad Fraud Scheme https://thehackernews.com/2019/09/browser-chrome-extension-adblock.html Microsoft to add more AI-infused apps and features to Dynamics 365 https://www.zdnet.com/article/microsoft-to-add-more-ai-infused-apps-and-features-to-dynamics-365/#ftag=RSSbaffb68 Cynet 360: The Next Generation of EDR https://thehackernews.com/2019/09/cynet-endpoint-detection-response.html Cloudflare, Google Chrome, and Firefox add HTTP/3 support https://www.zdnet.com/article/cloudflare-google-chrome-and-firefox-add-http3-support/#ftag=RSSbaffb68 G.政府 中科院舉辦神盾盃網路奪旗競賽　發掘資訊菁英共維國家安全 http://n.yam.com/Article/20190921578952 【神盾盃網路奪旗賽】考驗臨場反應 團隊分工奪佳績 https://www.ydn.com.tw/News/353488 中科院舉辦神盾盃網路奪旗競賽　發掘資訊菁英共維國家安全 https://mna.gpwb.gov.tw/post.php?id=12&message=96439&print 神盾盃網路奪旗賽 中科院自行研發競技場登場 https://money.udn.com/money/story/5640/4061106 徐國勇：新式數位身分證 絕對無法被追蹤、主動發訊 https://udn.com/news/story/7240/4066966?from=udn-ch1_breaknews-1-cate6-news 徐國勇：數位身分證所有標案排除中資廠商 https://money.udn.com/money/story/7307/4067177 防資安風險 鄭秀玲：「數位身分證」先小規模發行測試 https://www.peoplenews.tw/news/1a22f2e0-ef2a-4c2a-8149-868d2cbe60a2 沒有資安疑慮嗎？徐永明：「身分證換發規劃案」得標公司代表人是中國執業律師 https://www.peoplenews.tw/news/b3d5f4d7-6f15-4e86-a5d7-adfed916cbac 行政院派員抵縣府實地稽核資安 https://www.kinmen.gov.tw/News_Content2.aspx?n=98E3CA7358C89100&sms=BF7D6D478B935644&s=9A2E5BFC79A04CC4 勞動部聯手TibaMe全額補助培育AI工程師 https://money.udn.com/money/story/5635/4067898 調查站防制假訊息及資安宣導 榮家互動熱絡發言踴躍 https://www.peopo.org/news/423797 證基會開班 培育金融科技人才 https://money.udn.com/money/story/5635/4066405 國防部最常被駭的不是軍情局？竟是這單位 https://www.chinatimes.com/realtimenews/20190925002030-260417?chdtv H.ICS/SCADA 工控系統 國際半導體展首度談資安，工作小組揭露推動資安標準現況 https://ithome.com.tw/news/133168 台灣半導體.資安跨界合作 推SECPAAS資安整合服務平台 http://bit.ly/2m4U4L2 醫療儀器易受網路攻擊　如何保障病人私隱 http://bit.ly/2myY0UA advantech -- webaccess https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13550 advantech -- webaccess https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13558 schneider-electric -- bmxnor0200h_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6813 schneider-electric -- modicon_premium_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6809 schneider-electric -- modicon_premium_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6828 siemens -- sinema_remote_connect_server https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13918 6 Best Practices for Performing Physical Penetration Tests https://www.darkreading.com/risk/6-best-practices-for-performing-physical-penetration-tests/a/d-id/1335871 I.教育訓練 『 Day 1 』前言 & 期許 https://ithelp.ithome.com.tw/articles/10215273 『 Day 2 』認識 CTF https://ithelp.ithome.com.tw/articles/10215497 『 Day 3 』Web Security - 認識 OWASP & A1 . Injection https://ithelp.ithome.com.tw/articles/10215507 『 Day 4 』Web Security - A2 . 無效的身份認證 https://ithelp.ithome.com.tw/articles/10216226 『 Day 5 』Web Security - A3 . 敏感資料外洩 https://ithelp.ithome.com.tw/articles/10218540 『 Day 6 』Web Security - A4 . XML External Entity ( XXE ) https://ithelp.ithome.com.tw/articles/10218939 『 Day 7 』Web Security - A5 . Broken Access Control https://ithelp.ithome.com.tw/articles/10219428 『 Day 8 』Web Security - A6 . Security Misconfiguration https://ithelp.ithome.com.tw/articles/10219943 『 Day 9 』Web Security - A7 . Cross-Site Scripting (XSS) - 上篇 https://ithelp.ithome.com.tw/articles/10218476 『 Day 10 』Web Security - A7 . Cross-Site Scripting (XSS) - 下篇 https://ithelp.ithome.com.tw/articles/10220667 『 Day 11』Web Security - A8 . 反序列化漏洞 https://ithelp.ithome.com.tw/articles/10218773 [駭客工具 Day17] SQL Injection漏洞利用 - sqlmap https://ithelp.ithome.com.tw/articles/10217184 [駭客工具 Day18] windows密碼獲取神器 - mimikatz https://ithelp.ithome.com.tw/articles/10217688 [駭客工具 Day19] web安全測試2 - OWASP ZAP https://ithelp.ithome.com.tw/articles/10218306 [駭客工具 Day20] Wi-Fi密碼破解 - Aircrack-ng https://ithelp.ithome.com.tw/articles/10218774 [駭客工具 Day21] 隱匿行蹤的瀏覽器 - Tor https://ithelp.ithome.com.tw/articles/10219181 [駭客工具 Day22] 密碼HASH值破解 - John the Ripper https://ithelp.ithome.com.tw/articles/10219768 [駭客工具 Day23] DDoS攻擊 - LOIC https://ithelp.ithome.com.tw/articles/10220236 [駭客工具 Day24] 惡意檔案分析網站 - VirusTotal https://ithelp.ithome.com.tw/articles/10220843 [駭客工具 Day25] CTF Exploit的Python library - pwntools https://ithelp.ithome.com.tw/articles/10221189 [Day 09]資安百物語-第四談：用都市傳說「扭來扭去」理解RFID(中) https://ithelp.ithome.com.tw/articles/10220668 那個夜裡的資安-17(mod_security) https://ithelp.ithome.com.tw/articles/10219411 那個夜裡的資安-18(Log) https://ithelp.ithome.com.tw/articles/10219897 那個夜裡的資安-19(log in tmp or run) https://ithelp.ithome.com.tw/articles/10220401 那個夜裡的資安-20(Linux Streams) https://ithelp.ithome.com.tw/articles/10220882 那些年我們一起追的資安影集與電影: 序 https://ithelp.ithome.com.tw/articles/10215959 那些年我們一起追的資安影集與電影 : Day 1 https://ithelp.ithome.com.tw/articles/10216592 那些年我們一起追的資安影集與電影 : Day 2 https://ithelp.ithome.com.tw/articles/10217018 那些年我們一起追的資安影集與電影 : Day 3 https://ithelp.ithome.com.tw/articles/10217693 那些年我們一起追的資安影集與電影 : Day 4 https://ithelp.ithome.com.tw/articles/10218199 那些年我們一起追的資安影集與電影 : Day 6 https://ithelp.ithome.com.tw/articles/10219214 資安戰爭 三十六計之第5計：趁火打劫 https://ithelp.ithome.com.tw/articles/10218450 資安戰爭 三十六計之第6計：聲東擊西 https://ithelp.ithome.com.tw/articles/10218954 十一、雲端資訊安全(二) https://ithelp.ithome.com.tw/articles/10221342 [Day 05]資安百物語：第二談：現代飛頭蠻的反制法-反無人機技術(下) https://ithelp.ithome.com.tw/articles/10218551 0x00 Basics of Reverse Engineering: Stack https://medium.com/@Flying_glasses/0x00-basics-of-reverse-engineering-stack-99bebf865359 NetCat & Cache Level Attacks Explained https://medium.com/@Flying_glasses/netcat-cache-level-attacks-explained-af9ce2fd47ca Retrieving Files from memory dump https://medium.com/@Flying_glasses/retrieving-files-from-memory-dump-34d9fa573033 TOP Linux utilities for Reverse Engineering https://medium.com/@Flying_glasses/top-linux-utilities-for-reverse-engineering-b8d1a66ff059 Emotet Memory dump analysis: Part 1 (Detecting malicious processes) https://medium.com/@Flying_glasses/emotet-memory-dump-analysis-part-1-detecting-malicious-processes-d84c468dff4b Dynamic Analysis of Watchdog spyware https://medium.com/@Flying_glasses/dynamic-analysis-of-watchdog-spyware-58304f6bc20a Top 5 ways to detect malicious file manually https://medium.com/@Flying_glasses/top-5-ways-to-detect-malicious-file-manually-d02744f7c43a Dynamic malware analysis : LAB setup https://medium.com/@Flying_glasses/dynamic-malware-analysis-lab-setup-613075f9423f Entropy Analysis : A critical test for malware's. https://medium.com/@Flying_glasses/entropy-analysis-a-critical-test-for-malwares-69939f5b8b1 Basic Static Malware analysis : PE viewer, Depnd walker & DIE. https://medium.com/@Flying_glasses/basic-static-malware-analysis-pe-viewer-depnd-walker-die-f400dde2d9a9 Mobile Security Pentest Kali Linux https://www.youtube.com/watch?v=SvQyNwjIqLg J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 2013年來物聯網設備安全漏洞翻一番 http://www.360.cn/n/11107.html 如何解決嵌入式物聯網設計的6大安全挑戰 https://www.eettaiwan.com/download/Renesas_WP_TC_201910 《IOT 物聯網》預設密碼讓60萬台GPS追蹤裝置陷入危險 https://blog.trendmicro.com.tw/?p=62065 Zira launches industrial IoT platform with data integration, marketplace, and AI-driven process automation https://www.zdnet.com/article/zira-launches-industrial-iot-platform-with-data-integration-marketplace-and-ai-driven-process-automation/#ftag=RSSbaffb68 6.近期資安活動及研討會 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28 https://www.accupass.com/event/1906050355291064968019 交通大學亥客書院-B022:基礎網頁安全與滲透測試 9/28 https://hackercollege.nctu.edu.tw/?p=1084 【Flutter Brunch】： 一起來交流 Flutter 技術 9/28 https://www.meetup.com/Women-Who-Code-Taipei/events/264801570/ WTM Networking - UXers' Breakfast #3 9/28 https://www.meetup.com/GDGTaipei/events/264719986/ JavaScript Developer Conference-2019 2019-09-28(六) 09:30 ~ 2019-10-26(六) 17:30 (GMT+8) https://www.accupass.com/event/1907081509101081922774 AI/BigData技能養成系列課程-資料工程實務應用精鍊假日班(確定開課) 9/28 ~ 10/6 https://www.accupass.com/event/1908010601311553672560 亞洲‧矽谷學院108年免費認證考試 9/29 https://college.asvda.org.tw/ NSPA實作課程(假日班)報名表 9/29 https://docs.google.com/forms/d/e/1FAIpQLSf6g7LmwAk_T6RFCaZL3dvgxjS9qlMrHlLtkXDC-nqNza_V9w/viewform 軟體安全測試實務 9/29 https://www.sce.pccu.edu.tw/event/chtweb/index.html 2019 NASA黑客松賽前技術分享[Microsoft]_Azure 雲端運算與認知識別服務 10/1 https://www.facebook.com/events/421753888461417/ 技職校院物聯網創新應用賽 10/1 受理報名 https://iot2gather.ntust.edu.tw/ Gnss海面反射訊號之技術及應用 10/1 https://www.facebook.com/events/384731849123773/ GovernmentWare Conference & Exhibition 10/1 https://infosec-conferences.com/events-in-2019/govware/ Cyber City Conference 10/1 https://infosec-conferences.com/events-in-2019/cyber-city-conference/ GDG DevFest Taipei 2019 10/1 https://www.meetup.com/GDGTaipei/events/263142255/ IEEE International Symposium on Reliable Distributed Systems (SRDS) 10/1 ~ 10/4 https://infosec-conferences.com/events-in-2019/srds/ Nasa黑客松，太空中心能幫你什麼 10/2 https://www.facebook.com/events/390573691633383/ 108 年「先進製造 AI 與物聯網資安實務應用研討會」 10/3 https://seminars.tca.org.tw/D15e02340.aspx Wisdom of Crowds Dubai 10/3 https://infosec-conferences.com/events-in-2019/wisdom-of-crowds-dubai/ 工業物聯網資安檢測與防護策略 10/4 https://ievents.iii.org.tw/EventS.aspx?t=0&id=661 我們與資安的距離 10/5 https://hackersir.kktix.cc/events/20191005 安全程式碼撰寫基礎 10/6 https://www.sce.pccu.edu.tw/event/chtweb/index.html SecTor Security Conference 10/7 https://infosec-conferences.com/events-in-2019/sector-security-conference/ Australian Cyber Conference 2019 10/7 https://infosec-conferences.com/events-in-2019/australian-cyber-conference/ XRY Certification 教育訓練 10/7 ~ 10/8 https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=38 Unleashing Cyber Security 10/7 ~ 10/8 https://infosec-conferences.com/events-in-2019/unleashing-cyber-security/ 資安檢核核心技術及進階技術研討會 10月7日至10月9日 http://bit.ly/2TN2UtD 2019年台灣資安通報應變年會 10/8 https://www.informationsecurity.com.tw/Seminar/ISevent20191008/ Cloud Native Forum 2019 10/9 https://www.meetup.com/Cloud-Native-Taipei-User-Group/events/264613646/ BSides Delhi 10/11 https://infosec-conferences.com/events-in-2019/bsides-delhi/ HITB+ CYBER WEEK 2019/10/12 ~17 https://d2p.hitb.org/ 白帽駭客體驗實作 10/13 https://www.sce.pccu.edu.tw/event/chtweb/index.html HAKON – International Information Security Meet 10/13 https://infosec-conferences.com/events-in-2019/hakon/ 國家高速網路與計算中心 台灣杉一號高速計算主機使用進階課程 10/14 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3869&from_course_list_url=course_index M3AAWG 47th General Meeting 10/14 ~ 10/17 https://infosec-conferences.com/events-in-2019/m3aawg-47th-general-meeting/ 數位時代，自已的權利自己顧 -- 不可不知！基礎資安教戰講座 10/15 https://ocftw.kktix.cc/events/e0c1048b AWS Transformation Day 10/15 https://amzn.to/2ksO8Lb 智資時代 2019 科技法制前瞻論壇 10/15 https://seminar.ithome.com.tw/live/iii20191015/index.html?eDM_iThome AI時代下，資安與視覺化的觀點與實例 10/16 https://www.tiai.org.tw/tiaiActDetailClass?sno=19 2019 IBM Cloud 用戶實作課程秋季班 10/16 https://ibm.co/2n4VNQQ BSides Ahmedabad 10/16 https://infosec-conferences.com/events-in-2019/bsides-ahmedabad/ TFUG Taipei | TensorFlow All Around 10/16 https://www.meetup.com/TensorFlow-User-Group-Taipei/events/264713077/ 第八屆國際程式競賽 CodeVita Season 8 即日起至10/17日報名截止 https://bhuntr.com/tw/competitions/104724210865172005190909102w Data Connectors Toronto Tech-Security – October 10/17 https://infosec-conferences.com/events-in-2019/data-connectors-toronto-october/ Kotlin/Everywhere GDG Hsinchu - Kotlin on Cloud and Web 10/17 https://www.meetup.com/GDG-Hsinchu/events/263741333/ 2019 Space Apps Challenge_NASA 黑客松台北場 10/18 https://www.facebook.com/events/2112377919060176/ 2019 邊緣運算論壇 - AI + IoT 備戰台商回流潮，IIoT 智慧升級 10/18 https://www.accupass.com/event/1909040655361186052756 2019 CYBERSPACE聯合研討會 10/18 ~ 10/19 https://cyberspace.ttu.edu.tw/cyber2019/ Crosslink Taiwan 2019 10/19 https://www.meetup.com/Taipei-Ethereum-Meetup/events/264302796/ 交通大學亥客書院-A006:數位足跡追蹤與分析 10/19 https://hackercollege.nctu.edu.tw/?p=1088 無痛上手-WiFi無線網路安全檢測 10/20 https://www.sce.pccu.edu.tw/event/chtweb/index.html 日盛金融黑客松 報名至10/20 止 https://app.jsun.com/hackathon/Main Splunk .conf 19 10/21 ~ 10/24 https://conf.splunk.com/ 國家高速網路與計算中心 平行計算程式設計基礎課程 10/22 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3778&from_course_list_url=course_index AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22 https://ittraining.kktix.cc/events/aiot-training-2019 IEEE Symposium on Visualization for Cyber Security (VizSec) 10/23 https://infosec-conferences.com/events-in-2019/vizsec/ Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019 https://www.icscybersecurityconference.com [Palo Alto Networks]-Palo Alto Networks 直播研討會Part6. MITRE ATT&CK 新資安攻防框架進階產業應用 10/24 https://www.zerone.com.tw/TrainingDetial/Seminar/7747B901A8198AC3%7C1C130FE6FEC34700 Cybersecurity Conference Rhein-Neckar 10/24 ~ 10/25 https://infosec-conferences.com/events-in-2019/cybersecurity-rhein-neckar/ Identity Days 10/24 https://infosec-conferences.com/events-in-2019/identity-days/ Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 10/25 https://signupcybersec101.ithome.com.tw/ 國家高速網路與計算中心 大數據軟體開發平台與深度學習、HBase(大數據資料庫)開發應用案例 10/25 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3867&from_course_list_url=course_index 交通大學亥客書院-A015:進階網頁滲透測試 10/26 https://hackercollege.nctu.edu.tw/?p=1090 International Conference on Networks & Communications (NETWORKS) 10/26 ~ 10/27 https://infosec-conferences.com/events-in-2019/networks/ 亞洲‧矽谷學院108年免費認證考試 10/27 https://college.asvda.org.tw/ International Conference on Emerging Security Information, Systems and Technologies (SECURWARE) 10/27 ~ 10/31 https://infosec-conferences.com/events-in-2019/securware/ SANS Amsterdam October 10/28 https://infosec-conferences.com/events-in-2019/sans-amsterdam-october/ 資安檢核核心技術及進階技術研討會 10月28日至10月30日 http://bit.ly/2TN2UtD Foundations in Digital Forensics with EnCase® (DF120) (原CF1) 10/28 ~ 10/31 https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=39 International Workshop on Reliability and Security Data Analysis (RSDA) 10/28 ~ 10/31 https://infosec-conferences.com/events-in-2019/rsda/ International Symposium on Software Reliability Engineering (ISSRE) 10/28 ~ 11/1 https://infosec-conferences.com/events-in-2019/issre/ Securing New Ground 10/29 ~ 10/30 https://infosec-conferences.com/events-in-2019/securing-new-ground/ CEBIT Australia 10/29 ~ 10/31 https://infosec-conferences.com/events-in-2019/cebit-australia/ OWASP AppSec Day Melbourne 11/1 https://infosec-conferences.com/events-in-2019/owasp-appsec-day-melbourne/ Hackfest 2019 11/1 ~ 11/3 https://infosec-conferences.com/events-in-2019/hackfest-2019/ 行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30 https://www.accupass.com/event/1810080517061259295030 Elite East Coast CISO Summit 11/3~11/5 https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/ Red Hat Forum Taipei 2019 11/5 https://www.facebook.com/events/1390202967799392/ Cyber Security Summit: Boston 11/6 https://infosec-conferences.com/events-in-2019/cyber-security-summit-boston/ 駭客攻防暨數位鑑識系列一(第1期) 11/7 https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=384540 網路攻擊鏈( Cyber Kill Chain)各階段實作 (6hr) 11/7 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384540 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/8 https://signupcybersec101.ithome.com.tw/ BSides Charleston 11/9 https://infosec-conferences.com/events-in-2019/bsides-charleston/ Kotlin/Everywhere GDG Taoyuan - 運用 Ktor 建置一個以 Kotlin 打造的後端服務 11/9 https://www.meetup.com/GDGTaoyuan/events/264776152/ CLEAR Cyber Leaders Conference 11/12 ~ 11/13 https://infosec-conferences.com/events-in-2019/clear-cyber-leaders-conference/ Windows檔案系統及檔案還原 (6hr) 11/14 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384541 Digital Internet Summit 11/14 https://infosec-conferences.com/events-in-2019/digital-internet-summit/ INTERFACE – Nebraska 11/14 https://infosec-conferences.com/events-in-2019/interface-nebraska/ SecureWV – Hack3rCon 11/15 ~ 11/17 https://infosec-conferences.com/events-in-2019/securewv-hack3rcon/ 交通大學亥客書院-P006:高階網頁滲透測試 11/16 https://hackercollege.nctu.edu.tw/?p=1092 FS-ISAC Fall Summit 11/17 ~ 11/20 https://infosec-conferences.com/events-in-2019/fs-isac-fall-summit/ Microsoft IoT in Action 11/20 https://www.iotinactionevents.com/event/taipei Infosecurity ISACA North America Expo and Conference 11/20 ~ 11/21 https://infosec-conferences.com/events-in-2019/isaca-north-america-expo-conference/ 檔案特徵值比對與關鍵字搜尋 (2hr) Open Source數位鑑識工具實務操作 (5hr) 11/21 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384542 Trend Micro CTF 2019 // Raimund Genes Cup FINAL / NOVEMBER 23–24, 2019 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html 資安檢核核心技術及進階技術研討會11月26日至11月28日 http://bit.ly/2TN2UtD 人資人員必修的職安法規定 11/26 https://www.accupass.com/event/1909121441141977826554 模擬案例鑑識分析實務 (6hr) 11/28 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384543 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/29 https://signupcybersec101.ithome.com.tw/ 交通大學亥客書院-B015:惡意程式檢測 11/30 https://hackercollege.nctu.edu.tw/?p=1098 亞洲‧矽谷學院108年免費認證考試 11/30 https://college.asvda.org.tw/ Digital Summit Dallas 12/4 https://infosec-conferences.com/events-in-2019/digital-summit-dallas/ Kansas City Cyber Security Conference 12/5 https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/ CyberMaryland Conference 12/5 ~ 12/6 https://infosec-conferences.com/events-in-2019/cybermaryland-conference/ FutureCon Nashville Cyber Security Conference 12/11 https://infosec-conferences.com/events-in-2019/futurecon-nashville/ Utility Cyber Security Forum December 12/11 https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/ 交通大學亥客書院-A018:企業網域控管－Active Directory攻擊與防禦 12/14 https://hackercollege.nctu.edu.tw/?p=1094 Japan Security Analyst Conference https://jsac.jpcert.or.jp/