###### tags: `資安事件新聞週報` # 資安事件新聞週報 2020/5/25 ~ 2020/5/29 1.重大弱點漏洞/後門/Exploit/Zero Day 針對8萬個應用程式的調查發現，有7成程式含有開源漏洞 https://www.ithome.com.tw/news/137846 美國安局警告，俄羅斯駭客正在開採Exim漏洞 https://www.ithome.com.tw/news/137947 STATE OF SOFTWARE SECURITY Open Source Edition https://www.veracode.com/sites/default/files/pdf/resources/reports/state-of-software-security-open-source-edition-veracode-report.pdf 多種DNS解析程序被發現漏洞允許攻擊者發動拒絕服務攻擊 https://www.cnbeta.com/articles/tech/982263.htm 一個新的 DNS 安全漏洞被曝出，可引發大規模的 DDoS“轟炸 https://www.chainnews.com/zh-hant/articles/855208189865.htm NXNSAttack：DNS協議安全漏洞通告 https://www.anquanke.com/post/id/207004 研究人員發現DNS查詢遞迴漏洞，影響多數DNS伺服器，企業應儘速採取修補作業 https://www.ithome.com.tw/news/137777 Microsoft Warns of Vulnerability Affecting Windows DNS Server https://www.darkreading.com/threat-intelligence/microsoft-warns-of-vulnerability-affecting-windows-dns-server/d/d-id/1337872 New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks https://thehackernews.com/2020/05/dns-server-ddos-attack.html Fortinet FortiClient 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9291 駭客企圖開採已修補的Sophos防火牆漏洞來散布勒索軟體 https://www.ithome.com.tw/news/137809 Hackers are exploiting a Sophos firewall zero-day https://www.zdnet.com/article/hackers-are-exploiting-a-sophos-firewall-zero-day/ 電郵爆資安漏洞？被陌生人看光…無須認證就能檢閱信件內容 https://bit.ly/2ZwpKKG 微軟承認KB4556799可能導致電腦無法連網 https://www.ithome.com.tw/news/137841 Google 自曝：Chrome 70% 重大資安漏洞都出在記憶體問題 https://www.inside.com.tw/article/19888-chrome-70-of-all-security-bugs-are-memory-safety-issues 谷歌工程師：七成 Chrome 安全漏洞是內存安全問題 https://www.chainnews.com/zh-hant/articles/440974045452.htm Cisco Unified Contact Center Express反序列化代碼執行（CVE-2020-3280） http://blog.nsfocus.net/cisco-unified-ccx-cve-2020-3280-0522/ Adobe 推出修補程式，以解決 Adobe Character Animator 中的遠端程式碼執行漏洞 https://www.twcert.org.tw/tw/cp-104-3629-e0fab-1.html QNAP NAS設備存在安全漏洞(CVE-2019-7192、CVE-2019-7193、CVE-2019-7194及CVE-2019-7195) https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1124 Security Advisory for Vulnerabilities in QTS and Photo Station https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 New Bluetooth Vulnerability Exposes Billions of Devices to Hackers https://thehackernews.com/2020/05/hacking-bluetooth-vulnerability.html Chrome 83: Enhanced Safe Browsing, Secure DNS, a Safety Check https://www.helpnetsecurity.com/2020/05/20/chrome-83-security-features/ D-Link DAP-1360 CVE-2019-18666 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-18666 MariaDB Connector/C CVE-2020-13249 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-13249 NOKIA VitalSuite SPM 2020 SQL Injection https://packetstormsecurity.com/files/157851/nokiavsspm2020-sql.txt 蘋果產品多個漏洞 https://support.apple.com/en-hk/HT201222 雲安全提醒：Docker for windows 版本出現遠程控制漏洞 https://news.sina.com.tw/article/20200528/35307222.html 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 三道防火牆 金融交易更安全 https://money.udn.com/money/story/9740/4583943 俄羅斯證券交易所暫停股市交易，英媒：系軟體故障 https://news.sina.com.tw/article/20200508/35103922.html 包商銀行接管後續：蒙商銀行、徽商銀行四家分行5月25日正式營業 https://finance.sina.com.cn/roll/2020-05-22/doc-iirczymk3041476.shtml 金管會下半年施政重點 電支電票整併、新財管方案等5大項 https://ec.ltn.com.tw/article/breakingnews/3177076 金管會新主委預告3個月內揭6大金融方案，將訂Fintech藍圖和金融資安整體規畫，開放銀行第二階段則Q3上路 https://www.ithome.com.tw/news/137863 承諾3月內提6大金融長治久安措施 黃天牧：資安行動方案3年內要超前部署 https://fountmedia.io/article/58999 強化金融防駭 金管會推資安行動方案 https://ec.ltn.com.tw/article/paper/1375352 金管會新主委預告3個月內揭6大金融方案，將訂Fintech藍圖和金融資安整體規畫，開放銀行第二階段則Q3上路 https://www.ithome.com.tw/news/137863 回顧支付戰爭史｜1970s Visa 的普及化進程，竟與數位貨幣驚人相似 https://blocktempo.com/there-are-parallels-between-70s-visa-and-modern-crypto/ 網路報稅小心資安外洩　這動作很重要 https://tw.appledaily.com/gadget/20200526/Q77F4LNZ7SFDJKKFKGKFVYW76A/ 國泰世華導入FIDO資安標準 強化行動銀行防護規格 https://pchome.megatime.com.tw/news/cat3/20200526/15904645415924227003.html 行庫動態：國泰世華銀全面升級行動銀行資安規格，導入FIDO國際級標準 https://bit.ly/2X6Df2d 獨家揭秘上海版偷天陷阱 央行電票系統"開出"20億假匯票 https://news.sina.com.tw/article/20200526/35274154.html 國防設備、網路銀行搶人才 https://bit.ly/3c7s0e0 金管會：未來黑天鵝、灰犀牛會更頻繁出現 https://www.chinatimes.com/realtimenews/20200526004061-260410?ctrack=mo_main_rtime_p02&chdtv 業者不等了 開放銀行邁向第二階段 https://m.ctee.com.tw/livenews/aj/a83205002020052621144171 數位男女網路報稅「情境」開箱　2大壞習慣你中了嗎 https://www.setn.com/News.aspx?NewsID=750930 純網銀下半年開業 調查：逾6成民眾有開戶意願 https://udn.com/news/story/7239/4594051 《金融股》國票金法說 魏啟林：樂天純網銀估H2開業 https://bit.ly/36EE4m0 樂天拚台灣首家純網銀！展開30天模擬營運、9月正式開業 https://www.bnext.com.tw/article/57881/rakuten--online-banking-open 卡片領錢慘遭「剖半」　只剩背面不出鈔超傻眼 https://tw.appledaily.com/life/20200529/JA3IHMBOUGKRTO2UYR6KKQULUU/ 避免卡片毀損　專家建議做到這三件事 https://tw.appledaily.com/life/20200529/HDX4XOZA2AKW4C5AA2NHBSUFQE/ Visa：純網銀開戶意願逾六成 https://ctee.com.tw/news/finance/275893.html 純網銀認知度達7成2　民眾不信任開放銀行 https://www.cardu.com.tw/news/detail.php?40770 開放銀行第二階段Q3上路，18支消費者資訊開放API和規範細節終於公開 https://www.ithome.com.tw/news/137909 The Bank of America is the latest victim of a data breach https://www.hackread.com/the-bank-of-america-victim-of-data-breach/ NOTICE OF DATA BREACH https://oag.ca.gov/system/files/2020-3523_Privacy_Notification_Final_Template%20%28P%29.pdf 銀行招考【合作金庫】─招考時間、名額與科目 https://www.ckpublic.com.tw/tnck/ckopsp-courses-E20200528005 2020菁英人才招募01~AI應用專案管理/雲端系統/SDN網路規劃/資安/系統分析與開發 https://www.cakeresume.com/companies/cht-career/jobs/6b44f1 3.電子支付/電子票證/行動支付/ pay/新聞及資安 統合商家力量 金門金沙鎮數位支付升級說明會 https://times.hinet.net/news/22912964 龍運巴士周日推電子支付系統　支援信用卡Apple Pay等 https://bit.ly/3d43608 報告：柬埔寨央行CBDC支付系統使用Iroha，或因後者專注於移動端 http://bc.jrj.com.cn/2020/05/22105029738631.shtml 金管會下半年施政重點 電支電票整併、新財管方案等5大項 https://inanews.tw/archives/196315 4.虛擬貨幣/區塊鍊/數位貨幣/相關新聞及資安 學術報告指出：99% 的 Zcash 交易可追蹤，因用戶不了解匿名幣交易機制 https://www.blocktempo.com/annonymous-zcash-monero-privacy-crypto-transaction-research-report/ CoinGate將AVA代幣加入其支付系統 http://bc.jrj.com.cn/2020/05/22065529736120.shtml 上任後有意放寬STO法規？金管會主委黃天牧：將擇日統一與業者進行溝通 https://life.tw/?app=view&no=1082876 習近平簽署主席令公布中國首部《民法典》，虛擬貨幣納入遺產繼承範圍 https://www.blocktempo.com/npc-cppcc-new-civil-code-crypto-assets-inherit/ China's Crypto Is All About Tracing — and Power https://www.bloomberg.com/opinion/articles/2020-05-24/china-s-yuan-will-exit-covid-19-with-a-big-digital-currency-lead China and Digital Currency : multifaceted advantages or a surveillance and tracking juncture https://www.ehackingnews.com/2020/05/china-and-digital-currency-multifaceted.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 駭客偽冒總統府電子郵件寄發夾藏惡意程式釣魚網站 https://www.cib.gov.tw/News/BulletinDetail/8294 駭侵者以肺炎為名，透過魚叉式網路釣魚，散布惡意 Excel 檔 https://www.twcert.org.tw/tw/cp-104-3634-245b1-1.html 如何防堵勒索病毒？企業應採用資安防禦與備份方案以保護數位資產 https://www.zerone.com.tw/Content/Product/A5A51D5D314517B8 【獨家】中油遭駭揭秘！高雄營業處先「毒發」　竟燒13天才全修復 https://tw.appledaily.com/life/20200523/U37VFEDAM24XAOYCBAC2JHMLHM/ 泰國 Android 用戶遭 WolfRAT 鎖定，攻擊熱門聊天 App 以竊取資訊 https://www.twcert.org.tw/tw/cp-104-3630-471e9-1.html 勒索軟體攻擊發展出加裝VM以躲避防毒偵測的新手法 https://www.ithome.com.tw/news/137845 Ragnar Locker ransomware deploys virtual machine to dodge security https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/ 新一代ComRAT木馬程式利用Gmail作為命令暨控制媒介 https://ithome.com.tw/news/137885 New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data https://thehackernews.com/2020/05/gmail-malware-hacker.html 企業資安之道- 勒索軟體的攻與防 https://www.twcert.org.tw/tw/cp-15-3632-c19eb-1.html Hackers Abusing Open RDP ports For Remote Access using Windows Backdoor Malware https://gbhackers.com/hackers-abusing-open-rdp-ports-for-remote-access/ Maze Ransomware Operators Leaked 2GB of Financial Data from Bank of Costa Rica (BCR) https://www.ehackingnews.com/2020/05/maze-ransomware-operators-leaks-2gb-of.html Sarwent Malware Continues to Evolve With Updated Command Functions https://labs.sentinelone.com/sarwent-malware-updates-command-detonation/ The Evolution of APT15’s Codebase 2020 https://www.intezer.com/blog/research/the-evolution-of-apt15s-codebase-2020/ ZLoader Loads Again: New ZLoader Variant Returns https://www.proofpoint.com/us/blog/threat-insight/zloader-loads-again-new-zloader-variant-returns Banking Malware ZLoader spotted in over 100 email campaigns https://www.itsecurityguru.org/2020/05/22/banking-malware-zloader-spotted-in-over-100-email-campaigns/ Hiding in plain sight: PhantomLance walks into a market https://securelist.com/apt-phantomlance/96772/#comment-3123008 The “Silent Night” Zloader/Zbot https://resources.malwarebytes.com/files/2020/05/The-Silent-Night-Zloader-Zbot_Final.pdf Ransomware Gang Posting Financial Details From Bank Attack https://www.bankinfosecurity.com/ransomware-gang-posting-financial-details-from-bank-attack-a-14335 MAZE RANSOMWARE OPERATORS RELEASE THE BANCO DE COSTA RICA DATA LEAK PART 3!! https://cybleinc.com/2020/05/22/maze-ransomware-operators-release-the-banco-de-costa-rica-data-leak-part-3/ Ransomware Gang Arrested for Spreading Locky to Hospitals https://threatpost.com/ransomware-gang-arrested-locky-hospitals/155842/ Thousands of enterprise systems infected by new Blue Mockingbird malware gang https://www.zdnet.com/article/thousands-of-enterprise-systems-infected-by-new-blue-mockingbird-malware-gang/ Introducing Blue Mockingbird https://redcanary.com/blog/blue-mockingbird-cryptominer/ Vigilante hackers target 'scammers' with ransomware, DDoS attacks https://www.bleepingcomputer.com/news/security/vigilante-hackers-target-scammers-with-ransomware-ddos-attacks/ Insidious Android malware gives up all malicious features but one to gain stealth https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/ Turla hacker group steals antivirus logs to see if its malware was detected https://www.zdnet.com/article/turla-hacker-group-steals-antivirus-logs-to-see-if-its-malware-was-detected/ Vigilante hackers target 'scammers' with ransomware, DDoS attacks https://www.bleepingcomputer.com/news/security/vigilante-hackers-target-scammers-with-ransomware-ddos-attacks/ Insidious Android malware gives up all malicious features but one to gain stealth https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/ Qihoo & Baidu disrupt malware botnet with hundreds of thousands of victims https://www.zdnet.com/article/qihoo-baidu-disrupt-malware-botnet-with-hundreds-of-thousands-of-victims/#ftag=RSSbaffb68 New activity of DoubleGuns Group, control hundreds of thousands of bots via public cloud service https://blog.netlab.360.com/shuangqiang/ From Agent.BTZ to ComRAT v4: A ten year journey https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/ Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers https://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-devil-shadow-botnet-hidden-in-fake-zoom-installers/ Cyber-Criminal espionage Operation insists on Italian Manufacturing https://yoroi.company/research/cyber-criminal-espionage-operation-insists-on-italian-manufacturing/ AgentTesla Delivered via a Malicious PowerPoint Add-In https://isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/ Microsoft warns of PonyFinal ransomware attacks https://hotforsecurity.bitdefender.com/blog/microsoft-warns-of-ponyfinal-ransomware-attacks-23387.html A Rogues' Gallery of MacOS Malware https://www.darkreading.com/vulnerabilities---threats/a-rogues-gallery-of-macos-malware/d/d-id/1337934 B.行動安全 / iPhone / Android /穿戴裝置 /App Zoom 持續實現 90 天資安強化計劃 https://news.sina.com.tw/article/20200522/35253004.html Zoom修補計畫持續進行　暫禁使用GIF平台功能 https://bit.ly/3d4cBN0 趁疫情全面禁用ZOOM？ 加拿大指我國誤讀資安報告 https://udn.com/news/story/6885/4599060 通訊軟體那麼多，LINE、M+、Skype、Telegram 企業使用怎麼選 https://www.inside.com.tw/article/19885- 拉脫維亞釋出Google、蘋果技術為基礎的COVID-19接觸追蹤App https://www.ithome.com.tw/news/137839 WhatsApp 安全性更新 - 修復 Android、iOS 平台備份訊息的加密漏洞 https://hk.xfastest.com/55873/whatsapp-update/ 國安法通過 港人憂「得翻牆」反監控APP下載激增 https://bit.ly/2ZTs133 國安下的零基資安（一）：匯出及刪除 WhatsApp 對話記錄 https://bit.ly/2TOfF8t 國安下的零基資安（二）：保護手機屏幕，免受偷窺 https://bit.ly/3gyCSFn 刪除不需要的手機應用程式 https://blog.trendmicro.com.tw/?p=64493 蘋果被爆Siri竊聽用戶 9億iPhone或被駭 https://www.epochtimes.com/b5/20/5/25/n12135456.htm 蘋果剛推出iOS 13.5不到3天，Unc0ver發布越獄程式，且能支援最新推出的iPhone SE https://ithome.com.tw/news/137889 所有iPhone設備都可能被解鎖！ 駭客發布新款越獄軟體「Unc0ver」 https://ek21.com/news/tech/197519/ iPhone還安全嗎？駭客團體「越獄」成功，破解蘋果最新iOS系統 https://www.bnext.com.tw/article/57823/jailbreak-iphone-apple 德國聯邦資訊安全辦公室要蘋果用戶儘快修補郵件漏洞 https://www.ithome.com.tw/news/137904 今年 2 月就遭外流？蘋果 iOS 14 傳面臨史上最嚴重「洩密」事件 https://3c.ltn.com.tw/news/40483 New jailbreak tool works on Apple’s just-released iOS 13.5 https://www.theverge.com/2020/5/24/21268945/apple-hackers-jailbreak-iphones-ios-13-5 New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug https://thehackernews.com/2020/05/iphone-ios-jailbreak-tools.html Aggressive in-app advertising in Android https://securelist.com/in-app-advertising-in-android/97065/ Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers https://newsroom.trendmicro.com/blog/security-intelligence/backdoor-devil-shadow-botnet-hidden-fake-zoom-installers-1 70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs https://threatpost.com/70-of-apps-open-source-bugs/156040/ Fake Valorant Mobile app pushes scams on eager gamers https://www.bleepingcomputer.com/news/security/fake-valorant-mobile-app-pushes-scams-on-eager-gamers/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 近日重點網絡安全漏洞情況摘報 https://kknews.cc/tech/8kx65bg.html 電腦犯罪財損屢創新高 刑事局：資安防護應視同防疫 https://bit.ly/3gyXjSv 販毒也在電商化？疫情讓毒品「供應」流向暗網，但「需求」大幅減少 https://www.inside.com.tw/article/19922-coronavirus-lockdowns-dark-web-drug-market 軍校盃網路安全競賽 理工學院奪冠 https://www.ydn.com.tw/News/384500 是誰在大量操縱訊息？Google公布首個協作影響力行動公告 https://www.ithome.com.tw/news/137932 《李忠憲專欄》香港國安法的啟示 https://taronews.tw/2020/05/26/660212/ 這不是一個測試， APT41利用多個漏洞啟動全球入侵活動 https://bit.ly/2ZJ9GW8 政府、企業都受「駭」！3 個關鍵數字暴露台灣資安危機 https://buzzorange.com/techorange/2020/05/26/taiwan-cyber-security-issue/ NTT 全球威脅情報報告：網路罪犯創新自動化使攻擊量大增 http://www.netadmin.com.tw/netadmin/zh-tw/snapshot/1C6804D83BB34F2AB53CFC5207A3FBF3 網路戰爭來襲，駭客危機變商機！投資人該如何抓住新機會 https://www.wealth.com.tw/home/articles/25887 內賊資安事件調查發現，6成犯案者是準備離職員工與約聘人員 https://www.ithome.com.tw/news/137837 粉專恐遭駭客攻擊 臉書向台灣用戶發警告 https://bit.ly/3cZsEvn 小禎粉團、IG被綁架 貼文遭大量刪除 https://bit.ly/2M4Qkmf 小玉30萬粉專遭駭「被消失」！ 崩潰喊：我○七 https://fnc.ebc.net.tw/FncNews/life/120051 藝人網紅好慌!駭客鎖定"高人氣美女"帳號盜IG https://bit.ly/3gB8cmI 「台灣阿童」粉專遭越南詐團霸佔　童仲彥斡旋終取回所有權 https://tw.news.appledaily.com/local/20200525/5U53YGBQL7RT4GKIESF6JD6X4U/ 推特遭駭客發表怪文 SJ神童：這是最後的警告 https://www.epochtimes.com/b5/20/5/27/n12140306.htm 醫療機構網路攻擊事件頻傳 紅十字會發起連署促遏止 https://news.ltn.com.tw/news/world/breakingnews/3177591 台綜院也被駭　高官成跳板險害調查局淪陷 https://tw.appledaily.com/local/20200527/GF7ZOCTHAJMB3D4VGTXX4LILQE/ 不只總統府！　台綜院驚被駭「郵件藏毒」急擋 http://www.nexttv.com.tw/NextTV/News/Home/Politics/2020-05-27/175536.html 外交部派資安團隊外館掃毒 查出19個駭客樣態 https://bit.ly/2LXK7Zl 防紅色駭客！駐外館處資安健檢 揪出19種入侵型態 https://inanews.tw/archives/195751 資安研究顯示台韓遊戲開發商遭入侵　疑似中國駭客組織所為 https://game.udn.com/game/story/10453/4588645 技術麻瓜也能網路犯罪？彭博的實驗結果表明資安問題的嚴重性 https://abmedia.io/bloomberg-dark-web-ransomware/ 德國駭客惡意散播政治人物個資 遭檢方起訴 https://money.udn.com/money/story/5599/4592360 烏克蘭警方逮捕洩露Collection#1的駭客 https://www.ithome.com.tw/news/137811 從政府到企業都受「駭」，3 個關鍵數字暴露台灣資安危機 https://technews.tw/2020/05/23/3-keys-figures-expose-taiwan-cybersecurity-crisis/ 台灣中油：「遭駭補償金」係訛傳 資安事故通報未延遲 https://money.udn.com/money/story/5612/4585340 國安會示警：中國國家型網軍已成形 對台攻擊強度越來越高 https://news.ltn.com.tw/news/politics/paper/1375332 川普簽行政命令檢討《通訊規範法》　專家警告或不合憲 https://tw.appledaily.com/international/20200529/Y7MFCYYQFXWFTBBK52BC5O57O4/ 跟進美國 日本擴大排除採購中國通訊設備 https://money.udn.com/money/story/5599/4595048 美列33家陸資機構入實體清單 大陸資安巨頭也中槍 https://bit.ly/2XtQhWo 美國制裁33家中企機構 控侵犯新疆人權為共軍採購 https://www.cna.com.tw/news/firstnews/202005230019.aspx 中美貿易戰火不斷 中國最大資安公司遭美國列黑名單 https://newtalk.tw/news/view/2020-05-26/412274 全球近3成VPN業者被中資掌控 網民翻牆趨困難 https://bit.ly/3c0SVbv 傳英國政府有意組「D10」聯盟，擺脫依賴中國技術 https://technews.tw/2020/05/29/uk-d10-alliance/ 金額逾748億　美偵破北韓洗錢集團助發展核武 https://tw.appledaily.com/international/20200529/WE4GS4JQEUU2BDT7N5WIALNPYQ/ 勒索事件追蹤：4200萬美金成交！ 駭客聲稱川普「髒衣服」被買走 https://ek21.com/news/tech/196566/ 數位威權輸出下的自由世界聯盟 https://www.twreporter.org/a/bookreview-the-great-firewall-of-china ネット特定班最大勢力「鬼女」が日本のCIAと呼ばれる所以 https://www.news-postseven.com/archives/20200128_1533376.html Iranian APT Group Targets Governments in Kuwait and Saudi Arabia https://thehackernews.com/2020/05/iran-hackers-kuwait.html Ukrainian Police Arrest Hacker Who Tried Selling Billions of Stolen Records https://thehackernews.com/2020/05/ukrainian-hacker-arrested.html NSO Group Impersonated Facebook to Help Clients Hack Targets https://www.vice.com/en_us/article/qj4p3w/nso-group-hack-fake-facebook-domain How Cybersecurity Enables Government, Health, EduTech Cope With COVID-19 https://thehackernews.com/2020/05/covid-19-cybersecurity.html eBay port scans visitors' computers for remote access programs https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/ Israel is suspected to be behind the cyberattack on Iranian port https://securityaffairs.co/wordpress/103517/cyber-warfare-2/israel-cyberattack-iranian-port.html eBay私自掃瞄網站訪客電腦的遠端存取傳輸埠 https://www.ithome.com.tw/news/137876 eBay port scans visitors' computers for remote access programs https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/ Europol, Capgemini team up in cybercrime prevention, awareness campaigns https://www.zdnet.com/article/europol-capgemini-team-up-in-cybercrime-prevention-awareness-campaigns/#ftag=RSSbaffb68 Why is This Website Port Scanning me https://nullsweep.com/why-is-this-website-port-scanning-me/ Google highlights Indian 'hack-for-hire' companies in new TAG report https://www.zdnet.com/article/google-highlights-indian-hack-for-hire-companies-in-new-tag-report/ Valak targets Microsoft Exchange servers to steal enterprise data https://www.zdnet.com/article/valak-targets-microsoft-exchange-servers-to-steal-enterprise-data-in-active-campaigns/ Microsoft IIS servers hacked by Blue Mockingbird to mine Monero https://www.bleepingcomputer.com/news/security/microsoft-iis-servers-hacked-by-blue-mockingbird-to-mine-monero/ Researchers Uncover Brazilian Hacktivist's Identity Who Defaced Over 4800 Sites https://thehackernews.com/2020/05/brazilian-hacker-vandathegod.html NSA warns of new Sandworm attacks on email servers https://www.zdnet.com/google-amp/article/nsa-warns-of-new-sandworm-attacks-on-email-servers/ Got $50k spare? Then you can crack SHA-1 – so OpenSSH is deprecating flawed hashing algo in a 'near-future release' https://www.theregister.co.uk/2020/05/28/openssh_deprecating_sha1/ 200K sites with buggy WordPress plugin exposed to wipe attacks https://www.bleepingcomputer.com/news/security/200k-sites-with-buggy-wordpress-plugin-exposed-to-wipe-attacks/ 【新竹】新竹市政府教育網路中心徵資安分析師1名 https://openhouse.nctu.edu.tw/news/990/ TA3810 IT 資安工程師 Cyber Security Engineer https://www.104.com.tw/job/6y8r3 中華電信校園資通訊人才線上招募 開跑 https://times.hinet.net/news/22917517 5G搶7月開台 中華電啟動大徵才 https://www.chinatimes.com/newspapers/20200528000234-260202?chdtv D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 新資安威脅出現！投票人資料庫、遊戲帳號喊價上千美元 https://www.chinatimes.com/realtimenews/20200527004047-260410?chdtv 五億 Facebook 用戶個資檔案，遭駭侵者以三萬美元求售 https://www.twcert.org.tw/tw/cp-104-3646-829ec-1.html 《國際金融》疫情期間 美信用卡詐騙案暴增 https://bit.ly/2M7BoDQ 總統府釣魚信事件 換個釣魚情境同樣在企業間上演 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000585789_lzq691iu90thdi8duf48d 印尼近 230 萬選民資料，遭駭侵團體曝光 https://www.twcert.org.tw/tw/cp-104-3633-f49c3-1.html 巴基斯坦三家電信業者，遭駭侵團體 Greenbug 長期竊聽 https://www.twcert.org.tw/tw/cp-104-3631-7610c-1.html 實聯制防個資濫用 最多存放28天須銷毀 https://www.cna.com.tw/news/firstnews/202005285005.aspx 指揮中心發布實聯制指引，管制商家防疫個資用途，要求疫調專用、專人保管還要28天刪除 https://www.ithome.com.tw/news/137896 健保卡領振興券引發個資疑慮 指揮中心：有法律授權依據 https://newtalk.tw/news/view/2020-05-28/413336 網購退貨遭騙操作ATM 超商與警齊力阻詐18萬 https://times.hinet.net/news/22916357 泰國電信龍頭 AIS 資料庫外洩，83 億筆泰國網路紀錄看光光 https://www.techbang.com/posts/78720-thai-billions-internet-records-leak 泰最大電信業 AIS 資料外洩，用戶 DNS 數據被看光光 https://www.inside.com.tw/article/19884-thai-billions-internet-records-leak Thai Database Leaks 8.3 Billion Internet Records https://rainbowtabl.es/2020/05/25/thai-database-leaks-internet-records/ 俄羅斯部落格LiveJournala逾2,600萬個憑證流入駭客論壇 https://www.ithome.com.tw/news/137886 26 million LiveJournal credentials leaked online, sold on the dark web https://www.zdnet.com/article/26-million-livejournal-credentials-leaked-online-sold-on-the-dark-web/#ftag=RSSbaffb68 26 million LiveJournal accounts being shared on hacker forums https://www.bleepingcomputer.com/news/security/26-million-livejournal-accounts-being-shared-on-hacker-forums/ GitLab 寄釣魚信件測試員工資安意識，20% 員工未通過 https://technews.tw/2020/05/27/gitlab-tried-phishing-its-own-work-from-home-staff/ HTTPSを使用したフィッシングサイトが27%に増加 https://securitynews.so-net.ne.jp/news/sec_30196.html Microsoft issued Warning against Spear-phishing Campaign using COVID-19 themed Emails https://offensive-hackers.blogspot.com/2020/05/microsoft-issued-warning-against-phishing-emails.html Phishing Campaign Leverages Google to Harvest Credentials https://www.bankinfosecurity.com/phishing-campaign-leverages-google-to-harvest-credentials-a-14332 UK Data Breach Reports Decline https://www.bankinfosecurity.com/uk-data-breach-reports-decline-a-14331 Mercedes-Benz Data Leak: Embarrassing But Endurable https://www.bankinfosecurity.com/blogs/mercedes-benz-data-leak-embarrassing-but-endurable-p-2903 Spam and phishing in Q1 2020 https://securelist.com/spam-and-phishing-in-q1-2020/97091/ NTT代管服務網路被駭，621家客戶公司資料疑外流 https://www.ithome.com.tw/news/137936 Fortune 500 company NTT discloses security breach https://www.zdnet.com/article/fortune-500-company-ntt-discloses-security-breach/ A GOVERNMENT DATABASE OF 20 MILLION+ TAIWANESE CITIZENS LEAKED IN DARKWEB https://cybleinc.com/2020/05/29/government-database-20-million-plus-taiwanese-personal-information-leaked-in-darkweb/ DETAILED INFORMATION OF OVER 80K CREDIT CARDS DUMP ON SALE IN THE DARKWEB MARKET!! https://cybleinc.com/2020/05/28/detailed-information-of-over-80k-credit-cards-dump-on-sale-in-the-darkweb-market/ [2ND UPDATE] 47.5 MILLION INDIAN TRUECALLER RECORDS ON SALE IN DARKWEB FOR (ONLY) $1000! https://cybleinc.com/2020/05/26/47-5-million-indian-truecaller-records-on-sale-for-only-1000/ Phishing attack impersonates Amazon Web Services to steal user credentials https://www.techrepublic.com/article/phishing-attack-impersonates-amazon-web-services-to-steal-user-credentials/ E.研究報告 雄邁IPC 攝像頭後門漏洞分析 https://www.anquanke.com/post/id/206004 看懂MITRE ATT&CK資安產品評測結果，先瞭解6大偵測類別含義 https://www.ithome.com.tw/news/137821 研究人員準備開源USB驅動程式漏洞測試工具USBFuzz https://www.ithome.com.tw/news/137929 Parallels Desktop最新虛擬機逃逸漏洞分析（CVE-2020-8871） https://www.4hou.com/posts/Xnr8 Learn to Analyze Docker Image with Dive tool https://blog.pentesteracademy.com/learn-to-analyze-docker-image-with-dive-tool-4cdee4aeef6b Smuggling HTTP headers through reverse proxies https://telekomsecurity.github.io/2020/05/smuggling-http-headers-through-reverse-proxies.html OSINT Quick Guide: Running a Domain Scan in Lampyre https://medium.com/@raebaker/osint-quick-guide-running-a-domain-scan-in-lampyre-7dfacc4404fe Demonstrate Brute Force On Web Login Page By Using BurpSuite https://hackersonlineclub.com/demonstrate-brute-force-on-web-login-page-by-using-burpsuite/ Intercept SSL traffic to perform penetration testing on Android apps using Charles Debug Proxy https://medium.com/@Mayank.Grover/intercept-ssl-traffic-to-perform-penetration-testing-on-android-apps-using-charles-debug-proxy-59211859d22f Practical Insider Threat Penetration Testing Cases with Scapy (Shell Code and Protocol Evasion) https://pentestmag.com/practical-insider-threat-penetration-testing-cases-with-scapy-shell-code-and-protocol-evasion/ Webshell, Virtual Private Server (VPS) and cPanel Database https://github.com/c0delatte/carina Framework ment to help testing the users iseeyou https://github.com/zarkones/iseeyou IoT-Implant-Toolkit https://github.com/arthastang/IoT-Implant-Toolkit/blob/master/README.md Evil-WinRM: The ultimate WinRM shell for hacking/pentesting https://hakin9.org/evil-winrm-the-ultimate-winrm-shell-for-hacking-pentesting/ Evilreg : Reverse Shell Using Windows Registry Files (.reg) https://kalilinuxtutorials.com/evilreg/ EvilApp - Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA) https://www.kitploit.com/2020/05/evilapp-phishing-attack-using-android.html Route Redistribution PPP Multilink mock configuration https://ccie.internetworks.in/2019/12/route-redistribution-ppp-multilink-mock.html OSINT tool for visualizing relationships between domains, IPs and email addresses. https://www.offensiveosint.io/osint-tool-for-visualizing-relationships-between-domains-ips-and-email-addresses/ Offensive OSINT s01e05 - OSINT & Corporate espionage. Tentacles of Mindgeek part 1. https://www.offensiveosint.io/offensive-osint-s01e05-osint-corporate-espionage/ RangeAmp attacks can take down websites and CDN servers https://www.zdnet.com/article/rangeamp-attacks-can-take-down-websites-and-cdn-servers/ CDN Backfired: Amplification Attacks Based on HTTP Range Requests https://www.liubaojun.org/uploads/1/1/8/3/118316462/dsn_2020.pdf How to use Trend Micro's Rootkit Remover to Install a Rootkit https://billdemirkapi.me/How-to-use-Trend-Micro-Rootkit-Remover-to-Install-a-Rootkit/ マクニカネットワークス、台湾のTeamT5社と標的型攻撃グループに関して共同リサーチ開始 https://www.macnica.net/pressrelease/mpressioncss_20200526.html/ 標的型攻撃の実態と 対策アプローチ https://www.macnica.net/file/mpressioncss_ta_report_2019_4.pdf SQL Injection - MySQL comment: the double dash mystery https://rawsec.ml/en/sql-injection-mysql-comment/ Stowaway -- Multi-hop Proxy Tool for pentesters https://github.com/ph4ntonn/Stowaway Phonia - most advanced toolkits to scan phone numbers using only free resources https://hakin9.org/phonia-most-advanced-toolkits-to-scan-phone-numbers-using-only-free-resources/ Detecting malicious downloads with Osquery, Rsyslog, Kafka, Python3 and Virustotal | by Ben Bornholm https://eforensicsmag.com/detecting-malicious-downloads-with-osquery-rsyslog-kafka-python3-and-virustotal-by-ben-bornholm/ Installing the MalConfScan with Cuckoo to Analyze Emotet https://medium.com/@soji256/build-a-malconfscan-with-cuckoo-environment-to-analyze-emotet-ff0c4c589afe Thick Client Penetration Testing – Exploiting JAVA Deserialization Vulnerability for Remote Code Execution https://pentestmag.com/thick-client-penetration-testing-exploiting-java-deserialization-vulnerability-remote-code-execution/ Inside the NSA’s Secret Tool for Mapping Your Social Network https://www.wired.com/story/inside-the-nsas-secret-tool-for-mapping-your-social-network/ Bypassing WAF to perform XSS https://medium.com/bugbountywriteup/bypassing-waf-to-perform-xss-2d2f5a4367f3 A New Free Monitoring Tool to Measure Your Dark Web Exposure https://thehackernews.com/2020/05/dark-web-monitoring-tool.html F.商業 資安業練兵 模擬入侵攻防 https://money.udn.com/money/story/5612/4585447 接軌數位化致勝四大面向（上）─上雲端、遠距離 https://www.17cross.org.tw/Km/km_more?id=4a59930ea9e04034a9f8810caaf1b1be 接軌數位化致勝四大面向（下）─做電商、顧資安 https://www.17cross.org.tw/Km/km_more?id=e1d09b97ff9b4bbe99d6cd86237d68d6 網路戰爭來襲 解碼資安產業未來十年大商機 https://news.cnyes.com/news/id/4482250 裝置管控聚焦iOS與macOS，Jamf強調與蘋果系統深度整合 https://www.ithome.com.tw/review/137842 HackerOne成立8年來已頒發1億美元抓漏獎金，預計只需5年就能突破10億美元門檻 https://www.ithome.com.tw/news/137933 微軟提出四大資安應變措施 協助企業資安防疫，「檢測、隔離、解決、重建」 阻絕駭客攻擊與勒索軟體威脅 http://www.pcdiy.com.tw/detail/16303 Outlook for Windows client to store email signature in the cloud https://www.zdnet.com/article/outlook-for-windows-client-to-store-email-signature-in-the-cloud/#ftag=RSSbaffb68 G.政府 總統府資安 有如宮鬥劇 https://udn.com/news/story/7339/4584271 總統府被駭案 盼早日向國人還原真相 http://www.ksnews.com.tw/index.php/news/contents_page/0001376681 談總統府洩密案 張善政：我覺得大部分是真的！太寫實了 https://bit.ly/2AOMSK7 駭客案藍轉彎再出招 逼總統府面對 https://udn.com/news/story/10805/4584943 總統府駭客案因劉建忻筆電遺失？刑事局：未接獲訊息 https://udn.com/news/story/10805/4583548 從國安單位情蒐侷限性看中國駭客入侵 https://www.upmedia.mg/news_info.php?SerialNo=88030 立委：機敏資料 勿存放個人電腦 https://m.ltn.com.tw/news/politics/paper/1375065 驗碼不給人、機密天天清，備份存三地，資安不擔心。 https://www.rti.org.tw/radio/programMessageView/id/114778 台中網路學習平台錯誤多 「出師表變退秦師」局長也傻眼 https://udn.com/news/story/6885/4591540 紅軍駭客表演換網站首頁　掀國軍高層內鬥風波 https://tw.appledaily.com/politics/20200527/W7APAWG2UP6K4VWUQQI23IFD5A/ 漢光演習紅軍駭客破軍網奪將領個資　竟被當真共諜送辦 https://tw.appledaily.com/politics/20200527/6H26NCYLVWI4SSR4YAVNTX2CFY/ 「金句王」黃天牧升任金管會主委，將先找他們喝咖啡 https://www.gvm.com.tw/article/72858 國軍人事系統連3年遭「內鬼」入侵 將官機密遭鎖定嚴重曝險 https://news.ltn.com.tw/news/society/breakingnews/3178584 5軍士官漢光演習後持續侵入電腦 調查局移送高檢署偵辦 https://udn.com/news/story/7321/4593375 漢光演習已結束軍方電腦仍被攻擊　調查竟是自己人搞鬼 https://www.ctwant.com/article/53516 漢光演習扮駭客遭送辦　軍官心寒退伍怒批「自己人打死自己」 https://tw.appledaily.com/politics/20200527/LQFDTVH6HNWU5FDORCOJRKWTSY/ 紅軍駭客表演換網站首頁　掀國軍高層惡鬥內幕 https://tw.appledaily.com/politics/20200527/W7APAWG2UP6K4VWUQQI23IFD5A/ 資通電軍漢光演習後仍持續駭 防守軍不爽怒告調查局偵辦 https://www.chinatimes.com/realtimenews/20200527002285-260402?chdtv 5軍士官漢光演習後多次當「駭客」遭辦 辯稱：好玩 https://udn.com/news/story/7321/4594015?from=udn-catebreaknews_ch2 漢光演習結束後繼續當駭客　5軍士官辯「只是好玩」被法辦 https://www.storm.mg/article/2691183 國軍人事系統連3年遭「內鬼」入侵 將官機密遭鎖定嚴重曝險 https://news.ltn.com.tw/news/society/breakingnews/3178584 駭客分黑白灰3類 軍方電軍5士官從「白帽」變「黑帽」 https://m.ltn.com.tw/news/society/breakingnews/3178726 5軍士官漢光演習後持續侵入電腦 調查局移送高檢署偵辦 https://udn.com/news/story/7321/4593375?from=udn-catebreaknews_ch2 資通電軍遭國防部聯一控侵駭？ 國防部：尊重司法 https://udn.com/news/story/10930/4594405?from=udn-catebreaknews_ch2 資通電軍5軍士官涉駭入國軍人事系統 調查局︰未以共諜罪法辦 https://m.ltn.com.tw/news/society/breakingnews/3179098 國防部通資電指揮部對涉駭客案官兵做出說明 http://www.touchmedia.tw/?p=817161 資通電軍：「軍方專家扮駭客」乙情 全案已進入司法程序 https://bit.ly/2BcGNaR 調查局澄清未以共諜罪法辦資通電人員 https://www.mjib.gov.tw/news/Details/1/609 Re: [新聞] 漢光演習紅軍駭客破軍網奪將領個資 https://moptt.tw/p/Gossiping.M.1590643031.A.720 神祕資通電軍 民間挖角對象 https://www.chinatimes.com/newspapers/20200528000530-260118?chdtv 「港版國安法」後劍指台灣？國防部：中國從未放棄武力犯台 https://www.storm.mg/article/2694008 資通電軍遭檢調約談　國防部：疑似有演習外的非法行為 https://tw.appledaily.com/politics/20200528/P7RHQTUZO6FFK5YHQJU2EWND7M/ 內鬥？資通電軍演練駭進自己人網頁 竟被以內亂外患罪送辦 https://bit.ly/2Xb2JeM 一張圖表看國軍第四軍種　「資電通軍」力抗中國駭客捍衛數位國土 https://tw.appledaily.com/politics/20200528/Z2YPOPM2GF7FATWMO5SKDYP5FY/ 資通電軍官兵竊密遭移送？ 國防部：沒有機密遭竊 https://money.udn.com/money/story/5648/4595952 軍士官演習扮駭客.侵入軍網 事後煞偷提機密 https://news.pts.org.tw/article/480671 漢光演習扮中國駭客結束後還持續入侵 https://www.ptt.cc/bbs/Gossiping/M.1590550246.A.C9B.html 軍方駭客挨告 國防部力保 https://bit.ly/2Xb8Hw7 卓榮泰稱總統府駭客「圍魏救韓」　國民黨批：趁機帶風向「打韓救蔡」 https://www.storm.mg/article/2647123 假冒總統府「開後門」釣立委 刑事局研判境外駭客 https://video.udn.com/news/1177631 冒總統府發釣魚電郵 刑事局：德資安業者判斷「中國攻擊台灣政府」 https://news.ltn.com.tw/news/politics/breakingnews/3181259 總統府立院電腦遭駭案　警疑中國駭客鎖定政府高官竊資 https://tw.news.appledaily.com/local/20200529/TRGEJXMKTT3MKHB7MFOKCCAVBY/ 國軍嚴密監偵 全面掌握共軍動態 https://www.ydn.com.tw/News/384667 高市府電子公文系統移機出包　 弄丟5萬份花一周找回 https://tw.news.appledaily.com/local/20200528/U4VNXV7MHSMVZUJDTUKYOMHZIQ/ 經濟部工業局產創平台主題式研發計畫-「智慧製造資安強化推動」 https://www.teeia.org.tw/zh-tw/News/detail/70 H.工控系統/SCADA/ICS Emerson OpenEnterprise SCADA軟件存在超危漏洞 https://www.freebuf.com/column/237802.html I.教育訓練 WAF 是什麼？你的網站需要 WAF 嗎 https://blog.cloudmax.com.tw/waf/ How to Reset Forgotten Root Password in Ubuntu https://www.tecmint.com/reset-forgotten-root-password-in-ubuntu/ How to build a Machine Learning Intrusion Detection system https://www.peerlyst.com/posts/how-to-build-a-machine-learning-intrusion-detection-system-chiheb-chebbi How to Perform MalDoc Analysis–Geodo Usecase (PART I) https://www.peerlyst.com/posts/how-to-perform-maldoc-analysis-geodo-usecase-part-i-sudhendu How to become a Hardware Security Specialist https://www.peerlyst.com/posts/how-to-become-a-hardware-security-specialist-sudhendu Introduction to Multicast https://www.internetworks.in/2019/06/introduction-to-multicast.html How To Spoof Mac Address https://hackersonlineclub.com/spoof-mac-address/ How to get a CCSK certification https://www.peerlyst.com/posts/how-to-get-a-ccsk-certification-yogesh-gupta-cissp-r-ccsp How to configure MPLS L3 VPN with EIGRP https://mpls.internetworks.in/2020/03/how-to-configure-mpls-l3-vpn-with-eigrp.html How To Build And Run A SOC for Incident Response - A Collection Of Resources https://www.peerlyst.com/posts/how-to-build-and-run-a-soc-for-incident-response-and-enterprise-defensibility-a-collection-of-resources How to Hack Android Remotely (100% working) “ TechHacks https://medium.com/@ankjshr/how-to-hack-android-remotely-100-working-techhacks-54004e4d6f4d How To Find Web Server Vulnerabilities With Nikto Scanner https://hackersonlineclub.com/how-to-find-web-server-vulnerabilities-with-nikto-scanner/ J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 黑客瞄準IIoT　進擊智能工廠 https://bit.ly/2M4ZkIl 物聯網應用首重資安 Bureau Veritas提供完整一站式IoT安全評等 https://bit.ly/2zqilCa 智能汽車的新攻擊面：GNU Glibc內存損壞漏洞分析（CVE-2020-6096） https://www.anquanke.com/post/id/206628 Shodan founder John Matherly on IoT security, dual-purpose hacking tools, and information overload https://portswigger.net/daily-swig/shodan-founder-john-matherly-on-iot-security-dual-purpose-hacking-tools-and-information-overload 6.近期資安活動及研討會 交通大學駭客書院 - 進階網頁滲透測試 5/30 https://hackercollege.nctu.edu.tw/?p=1159 榮耀資戰 – 重裝上陣 5/30 https://zyxel-foundation.kktix.cc/events/cyberthrones2020 109年智能物聯網與資訊安全碩士學分班 5/30 ~ 8/8 https://www.accupass.com/event/2003160837472127685300 Java Spring安全程式開發實務班 6/2 ~ 6/3 https://www.iiiedu.org.tw/courses/msa466t2001/ 邊緣計算系統之大數據與深度學習應用 6/5 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index 物聯網資安認證制度推廣說明會（工業局主辦）6/5 https://www.accupass.com/event/2005051416518928110270 中山資安社-資安讀書會 6/6 https://nsysuisc.kktix.cc/events/readinggroup20200606 Excel對人資假勤及薪資管理分析報表實務班 6/9 https://www.accupass.com/event/2003310137088658330050 透過零信任防護策略因應數位轉型對企業雲應用與IoT安全挑戰 6/9 https://bit.ly/2VzDodV 交通大學駭客書院 - 高階網頁滲透測試 6/13 6/20 https://hackercollege.nctu.edu.tw/?p=1161 CREST CPSA BootCamp 資安分析專家認證課程 6/15 ~ 6/19 https://www.ainetwork-training.com/product/crest-cpsa-bootcamp/ 惡意程式偵測、分析、防護實戰班(第3期) 6/16 http://service.tabf.org.tw/tw/user/409646/ ISACA® 國際資訊安全管理師 CISM 認證課程 6/16 ~ 6/19 https://www.accupass.com/event/2004140928122685616880 雲端資安防護研討會 6/18 https://www.accupass.com/event/2003230957111782855813 設計新興雲端安全防護架構: Container & Serverless Security安全藍圖 6/23 https://bit.ly/2VzDodV 交通大學駭客書院 - 企業網域控管-Active Directory攻擊與防禦 6/27 https://hackercollege.nctu.edu.tw/?p=1164 CompTIA Security+ 國際網路資安認證班 7/4 ~ 7/12 https://www.iiiedu.org.tw/courses/msa293t2002/ 數據分析與機器學習案例實務(三)影像分類技術 7/20 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3897&from_course_list_url=course_index CYBERSEC 2020 臺灣資安大會 8/12 https://cyber.ithome.com.tw/ 認證系統安全從業人員 SSCP 輔導班 9/5 ~ 9/13 https://www.iiiedu.org.tw/courses/asq902t2001/ 邊緣計算系統之大數據與深度學習應用 9/11 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3895&from_course_list_url=course_index 數據分析與機器學習案例實務(四)應用實例 9/14 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3898&from_course_list_url=course_index