資安事件新聞週報 2019/9/16 ~ 2019/9/20

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/9/16 ~ 2019/9/20 1.重大弱點漏洞/後門/Exploit/Zero Day Atlassian Jira 跨站脚本漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14996 Windows Defender malware scans are failing after a few seconds https://www.zdnet.com/article/windows-defender-malware-scans-are-failing-after-a-few-seconds/ Haxx curl 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481 IBM WebSphere Application Server 多個漏洞 https://www.ibm.com/support/pages/security-bulletin-information-disclosure-vulnerability-websphere-application-server-cve-2019-4477 https://www.ibm.com/support/pages/security-bulletin-file-traversal-vulnerability-websphere-application-server-admin-console-cve-2019-4268 https://www.ibm.com/support/pages/security-bulletin-cross-site-scripting-vulnerability-websphere-application-server-admin-console-cve-2019-4270 CVE-2019-1579:-- #Critical Pre-Authentication #Vulnerability https://github.com/securifera/CVE-2019-1579 Vivotek VIVOTEK IP Camera 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14458 Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions https://thehackernews.com/2019/09/phpmyadmin-csrf-exploit.html 安全專家在多家廠商的SOHO路由器和NAS設備中發現了125個新漏洞 https://nosec.org/home/detail/2966.html 125 New Flaws Found in Routers and NAS Devices from Popular Brands https://thehackernews.com/2019/09/hacking-soho-routers.html 新的NetCAT 漏洞利用英特爾至強處理器上的DDIO 竊取數據 https://www.bilibili.com/read/cv3579340/ 使用ASPEED AST2400和 AST2500 system-on-chips (SoCs) 的系統相關的Baseboard Management Controller (BMC)安全漏洞 https://www.supermicro.com/support/security_CVE-2019-6260.cfm?mlg=1 CVE-2019-12922：零日phpMyAdmin跨站點請求偽造漏洞警報 https://www.linuxidc.com/Linux/2019-09/160657.htm phpMyAdmin 4.9.0.1 Cross Site Request Forgery https://packetstormsecurity.com/files/154483/phpmyadmin4901-xsrf.txt FTPShell Client 6.74 Buffer Overflow https://packetstormsecurity.com/files/154482/ftpshell674-overflow.txt [漏洞預警] CVE-2019-10392 / Jenkins Git Client插件遠程命令執行漏洞 https://qiita.com/shimizukawasaki/items/a4bd7e329252a90be3d4 必升！佳能連發8款單反升級固件：修復主要漏洞 https://news.sina.com.tw/article/20190917/32674210.html 微軟發佈09月份安全性公告 https://support.microsoft.com/en-us/help/20190910/security-update-deployment Red Hat OpenShift Container Platform 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10213 Popular consumer and enterprise routers, IoT devices contain remote access vulnerabilities https://www.zdnet.com/article/iot-security-has-become-worse-in-the-last-five-years/#ftag=RSSbaffb68 jenkins -- script_security https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10399 jenkins -- script_security https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10400 dlink -- dir-806_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10891 dlink -- dir-806_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10892 dlink -- dir-868l_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16190 teamviewer https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11769 Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload https://www.exploit-db.com/exploits/47392 Misuse of WordPress update_option() function Leads to Website Infections https://blog.sucuri.net/2019/09/misuse-of-wordpress-update_option-function-leads-to-website-infections.html LastPass緊急修補會洩露用戶前一個登入網站密碼的漏洞 https://www.ithome.com.tw/news/133083 VMware Releases Security Updates for Multiple Products https://www.us-cert.gov/ncas/current-activity/2019/09/17/vmware-releases-security-updates-multiple-products VMware 產品多個漏洞 https://www.vmware.com/security/advisories/VMSA-2019-0013.html Webmin 1.920 Remote Code Execution https://packetstormsecurity.com/files/154485/CVE_2019_15107.c phpMyAdmin 4.9.0.1 Cross Site Request Forgery https://packetstormsecurity.com/files/154483/phpmyadmin4901-xsrf.txt FTPShell Client 6.74 Buffer Overflow https://packetstormsecurity.com/files/154482/ftpshell674-overflow.txt Western Digital My Book World II NAS 1.02.12 Hardcoded Credential https://packetstormsecurity.com/files/154524/wdmbwiinas10212-exec.txt TOR Virtual Network Tunneling Tool 0.4.1.6 https://packetstormsecurity.com/files/154534/tor-0.4.1.6.tar.gz Google Chrome 多個漏洞 https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html Dell EMC RSA Archer 信息洩露漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3756 Microsoft Windows遠端桌面服務存在安全漏洞(CVE-2019-1181、CVE-2019-1182、CVE-2019-1222及CVE-2019-1226)，允許攻擊者遠端執行任意程式碼，請儘速確認並進行更新 https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1107 JVN#97845465 LINE (Android版) における複数の整数オーバーフローの脆弱性 https://jvn.jp/jp/JVN97845465/ 2.銀行/金融/保險/證券/支付系統/ 新聞及資安港交所擬收購倫敦證券交易所　　傳英國政府或否決交易 https://unwire.pro/2019/09/12/hkex/news/ 「世紀併購」香港出價收購倫敦證券交易所，代表什麼？ https://www.cw.com.tw/article/article.action?id=5096845 外銀自建境外私有雲採報備即可 https://www.chinatimes.com/realtimenews/20190912005557-260410?chdtv 銀行資料可存境外雲端 https://udn.com/news/story/7239/4045210 金融科技淘金考驗資安風險管控 https://money.udn.com/money/story/5613/4047131 資安險叫好不叫座去年僅141張保單 https://news.wearn.com/c323744.html 澳門金融管理局:“亞洲證券交易所”未獲許可從事金融活動 http://www.hkcna.hk/content/2019/0914/784505.shtml 憂中共滲透！倫交所拒港交所兆元「提親」 http://bit.ly/2lWHoW9 就像在 ATM 上安裝盜卡裝置一樣, 「Magecart」專偷線上刷卡資料 https://blog.trendmicro.com.tw/?p=61779 Firstrade最新聲明與白帽駭客 https://coldbloodinvestment.blogspot.com/2019/09/firstrade.html Firstrade客戶資料被竄改　官方指是安全測試 http://bit.ly/2koMB8U 發票存載具...陌生伯吐槽「都沒人在用」　網反揭「長輩友善功能」：超好用 https://www.ettoday.net/news/20190913/1534730.htm 瑞士信用卡目前並不適用歐盟「嚴格顧客驗證機制規定」 http://bit.ly/2kzdIhP 出現金融獨角獸？顧立雄：跟金融業合作拓展海外就有機會 https://money.udn.com/money/story/12926/4050343 關注純網銀資訊安全將來銀行打造生活Ⅹ金融生態圈 https://news.cnyes.com/news/id/4383013 《金融》保險、洗錢防制缺失，8金融機構挨罰 https://www.chinatimes.com/realtimenews/20190917001046-260410?chdtv 〈南山人壽遭重罰〉保險業今年罰單近億元南山就苦吞5460萬元、占比55% https://news.cnyes.com/news/id/4383257 全球裂聯網與金融雅爾達體系 https://udn.com/news/story/7238/4053395 美商第一證券客戶資料遭竄改，官方宣稱是執行漏洞獎勵計畫的測試 https://www.ithome.com.tw/news/133101 數位銀行超車傳統金融 KPMG：整合、資安是關鍵 http://bit.ly/2kpLtlB 大馬銀行擬來台發伊斯蘭債 https://udn.com/news/story/7239/4053410 網銀沒有獨立App被瘋狂抱怨，永豐大戶：要靠「金融美學」突圍 https://moptt.tw/p/creditcard.M.1568691509.A.D8A 財金Open API開發者平臺首度大公開，第二階段消費者資訊查詢API標準年底出爐 https://www.ithome.com.tw/news/133124 趨勢科技指歐洲最新銀行法規可能帶來資訊保安風險 https://times.hinet.net/topic/22563440 保險區塊鏈10月上路？　壽險公會：系統優化仍需時間 https://tw.finance.appledaily.com/realtime/20190918/1635266 加州網路保險問市防遭駭客攻擊勒索 http://bit.ly/2m922m6 加強控管壽險？金管會祭債券ETF、目標到期基金限募令 http://bit.ly/2kHqqLz 壽險區塊鏈保單存摺先行 https://www.chinatimes.com/newspapers/20190919000323-260205?chdtv%3 開放銀行浪潮席捲各行業，資策會MIC：未來10年金融服務將無所不在 https://www.bnext.com.tw/article/54811/mic-fintech-trend-openbanking 純網銀混搭零售...金融新服務來了 https://money.udn.com/money/story/9740/4057784 10/1 (二)遠東銀行系統維護 https://www.ecpay.com.tw/Announcement/DetailAnnouncement?nID=3677 Credit Card Theft Ringleader Pleads Guilty https://www.bankinfosecurity.com/credit-card-theft-ringleader-pleads-guilty-a-13088 PSD2 Authentication Requirements: The Implementation Hurdles https://www.bankinfosecurity.com/psd2-authentication-requirements-implementation-hurdles-a-13086 When PSD2 Opens More Doors: The Risks of Open Banking https://blog.trendmicro.com/trendlabs-security-intelligence/when-psd2-opens-more-doors-the-risks-of-open-banking/ The Risks of Open Banking http://bit.ly/2m0gMnc ATM theft link: Alert highway patrolling staff nab 2 criminals http://www.millenniumpost.in/delhi/atm-theft-link-alert-highway-patrolling-staff-nab-2-criminals-375034 LCPD in search of suspects for attempted ATM theft https://www.americanpress.com/news/crime/crime_brief/lcpd-in-search-of-suspects-for-attempted-atm-theft/article_c1f16f24-da4d-11e9-8109-aff32ce339e4.html Financial asset firm PCI ordered to pay $1.5 million for poor cybersecurity practices https://www.zdnet.com/article/company-ordered-to-pay-1-5-million-for-poor-cybersecurity-practices/ Old Magecart web domains resurrected for fraudulent ad schemes https://www.zdnet.com/article/old-magecart-domains-reincarnated-in-new-attacks/#ftag=RSSbaffb68 Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites http://bit.ly/2krnD93 Vacationers Hit by Skimming Attack https://www.infosecurity-magazine.com/news/vacationers-hit-by-skimming/ Two years later, hackers are still breaching local government payment portals https://www.zdnet.com/article/two-years-later-hackers-are-still-breaching-local-government-payment-portals/#ftag=RSSbaffb68 Hotel websites infected with skimmer via supply chain attack https://www.scmagazine.com/home/security-news/hotel-websites-infected-with-skimmer-via-supply-chain-attack/ Police release video of driver who almost pinned officer to ATM http://www.fox5atlanta.com/news/police-release-video-of-driver-who-almost-pinned-officer-to-atm Police: Man burglarized South Middleton gas station, stole ATM and work van http://bit.ly/2kT13X1 Police investigating another attempted burglary of ATM at a local bank https://www.kbtx.com/content/news/Police-investigating-another-attempted-burglary-of-ATM-at-a-local-bank-560832841.html Nepal cautions Beijing as five Chinese men hack into ATMs https://www.dnaindia.com/world/report-nepal-cautions-beijing-as-five-chinese-men-hack-into-atms-2791052 3.電子支付/電子票證/行動支付/ pay/新聞及資安來旅遊！大陸網紅行動支付碰壁嗆台灣發展落後 https://news.ebc.net.tw/News/entertainment/177845 支付寶如果被駭或公司破產會怎樣 https://disp.cc/b/163-bH1q 【台灣Pay體檢1】綁金融卡痛失先機　連犯五大缺失！「國家品牌」市佔難破5% https://tw.appledaily.com/new/realtime/20190914/1630308/ 【台灣Pay體檢2】行銷費用和對手沒得比　公股銀行咬牙配合財政部 https://tw.appledaily.com/recommend/realtime/20190914/1630311 台灣Pay總體檢 5缺失輸很大行銷銀彈不足信用卡整合慢 https://tw.appledaily.com/finance/daily/20190915/38445031/ 埃塞俄比亞航空透過CellPoint Digital的Velocity支付平臺推出微信支付和KNET https://n.yam.com/Article/20190916599244 支付方式整理 https://www.dcard.tw/f/money/p/232087406 推動環保、分散通勤潮！東京推「電子貨幣」新政策獎勵民眾 https://fnc.ebc.net.tw/FncNews/world/99793 騰訊旗下財付通被央行罰149萬，因違反支付結算管理等制度 https://news.sina.com.tw/article/20190916/32666274.html 義大利新政府將加強現金管控力推電子支付手段 https://news.sina.com.tw/article/20190918/32688848.html 支付寶澳門服務上線居民可使用澳門手機號註冊 https://www.finet.hk/newscenter/news_content/5d82dfc0bde0b37e69366d57 台灣行動支付慘輸大陸？　眾人揭「真相」打臉：不懂裝懂 https://www.nownews.com/news/20190919/3640170/ 4.虛擬貨幣/區塊鍊新聞及資安瑞士警告 Libra 加密貨幣可能會受進一步審查 https://unwire.pro/2019/09/12/facebooks-libra-seeks-swiss-payment-system-license/blockchain/crytocurrency/ FB天秤幣申請牌照遭質疑瑞士監管機構表示歡迎審查 https://news.sina.com.tw/article/20190912/32643708.html 以太坊項目AirSwap中的關鍵漏洞 https://0xzx.com/201909150604272060.html 台日虛擬貨幣糾紛應付金額被灌水幣寶台灣要告BPJ https://newtalk.tw/news/view/2019-09-11/297466 Libra 開源代碼含安全漏洞！網路安全公司：耗時近 1 個月完成修補 https://news.cnyes.com/news/id/4381023 黑市出現新型「洗錢」服務：支付一折價格的比特幣，向駭客購入十倍的黑錢 https://www.blocktempo.com/cybercriminals-selling-hacked-fiat-money-for-bitcoin-at-10-of-its-value/ 「目標年底 400 家！」——德意志銀行宣布加入摩根大通的「區塊鏈金融網路」 https://www.blocktempo.com/germanys-largest-bank-joins-jpmorgans-blockchain-network/ Mastercard區塊鏈與R3的跨境支付 https://0xzx.com/201909130601268938.html 中國推數位貨幣意在挑戰美元地位 https://ec.ltn.com.tw/article/paper/1317766 德法反對臉書加密貨幣進入歐洲 https://tech.sina.com.cn/roll/2019-09-18/doc-iicezueu6560338.shtml FB天秤幣再遭質疑歐洲央行官員稱將擾亂金融系統 https://news.sina.com.tw/article/20190918/32687050.html 天秤幣接受26國央行聯合會考，「批准的門檻肯定會很高」 https://news.sina.com.tw/article/20190917/32683432.html 加密貨幣成銀行業標配？「富國銀行數位現金」試點明年開跑 https://blockcast.it/2019/09/18/wells-fargo-is-developing-usd-stablecoin/ 中國央行虛擬貨幣來了！地位等同法定貨幣、可離線交易… 一次看懂「數位版人民幣」 https://buzzorange.com/techorange/2019/09/18/china-dcep/ LINE PAY 也能買幣了！LINE 旗下第二間交易所「BITMAX」上線 https://www.bnext.com.tw/article/54804/bitmax-cryptocurrency-exchange-for-japan-begins-operations 櫃買中心針對STO推出細部規範！將透過這5種方式管理虛擬通貨交易平台業者 http://news.knowing.asia/news/40dd5198-4378-4967-996c-a536cef079a2 證券型STO細部規範公佈，許毓仁：畫虎不成反類犬 http://news.knowing.asia/news/c9d3567a-a05d-4dcf-b90c-62292421bc78 富國銀行開發加密貨幣明年試用於內部結算 https://news.sina.com.tw/article/20190918/32688320.html Two Ethereum consultants charged with extorting a cryptocurrency startup https://www.zdnet.com/article/two-ethereum-consultants-charged-with-extorting-a-cryptocurrency-startup/#ftag=RSSbaffb68 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式調查：惡意軟件Echobot正廣泛攻擊全球物聯網設備 http://bit.ly/2mgilxI 網絡漏洞多多　惡意軟件肆虐全球 http://bit.ly/2kLIkfQ 8 月三大惡意軟件 + 常被利用的漏洞出爐！殭屍網絡病毒 Echobot 對物聯網發起攻擊 http://bit.ly/2mdxzDr 升級漏洞受攻擊者“青睞”即時通信軟件被劫持用於傳播病毒 http://bit.ly/2ktMXLF 2019-09-13 - WSHRAT INFECTION FROM MALSPAM https://www.malware-traffic-analysis.net/2019/09/13/index.html InnfiRAT malware lurks in your machine to steal cryptocurrency wallet data https://www.zdnet.com/article/innfirat-malware-lurks-in-your-machine-to-steal-cryptocurrency-wallet-data/ InnfiRAT: A new RAT aiming for your cryptocurrency and more https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more Emotet, today's most dangerous botnet, comes back to life https://www.zdnet.com/article/emotet-todays-most-dangerous-botnet-comes-back-to-life/#ftag=RSSbaffb68 2019-09-16 - DATA DUMP: URSNIF INFECTION WITH ICEDID AND TRICKBOT (GTAG: LEO16) https://www.malware-traffic-analysis.net/2019/09/16/index2.html 2019-09-16 - DATA DUMP: EMOTET INFECTION WITH TRICKBOT (GTAG: MOR1) https://www.malware-traffic-analysis.net/2019/09/16/index.html 2019-09-17 - PCAP AND MALWARE FOR AN ISC DIARY (EMOTET + TRICKBOT) https://www.malware-traffic-analysis.net/2019/09/17/index.html 2019-09-18 - DATA DUMP: EMOTET INFECTION WITH TRICKBOT (GTAG: MOR3) https://www.malware-traffic-analysis.net/2019/09/18/index.html 2019-09-19 - DATA DUMP: URSNIF, EMOTET, AND FORMBOOK INFECTIONS https://www.malware-traffic-analysis.net/2019/09/19/index.html Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload http://bit.ly/2kNZyJG Emotet is back: botnet springs back to life with new spam campaign https://blog.malwarebytes.com/botnets/2019/09/emotet-is-back-botnet-springs-back-to-life-with-new-spam-campaign/ New Threat Actor Fraudulently Buys Digital Certificates to Spread Malware https://threatpost.com/threat-actor-buys-digital-certs-spreads-malware/148345/ Digital Certificates - Models for Trust and Targets for Misuse https://blog.reversinglabs.com/blog/digital-certificates-impersonated-executives-as-certificate-identity-fronts Researchers: Emotet Botnet Is Active Again https://www.bankinfosecurity.com/researchers-emotet-botnet-active-again-a-13099 Gootkit malware crew left their database exposed online without a password https://www.zdnet.com/article/gootkit-malware-crew-left-their-database-exposed-online-without-a-password/#ftag=RSSbaffb68 Banking Trojan Database Exposed – Millions of Users At Risk https://securitydiscovery.com/banking-trojan-database-exposed-millions-of-users-at-risk/ Emotet is back after a summer break https://blog.talosintelligence.com/2019/09/emotet-is-back-after-summer-break.html Researchers: Emotet Botnet Is Active Again https://www.bankinfosecurity.com/researchers-emotet-botnet-active-again-a-13099 Nemty Ransomware 1.0: A Threat in its Early Stage https://www.fortinet.com/blog/threat-research/nemty-ransomware-early-stage-threat.html Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda” https://blog.talosintelligence.com/2019/09/panda-evolution.html Smominru Botnet Indiscriminately Hacked Over 90,000 Computers Just Last Month https://thehackernews.com/2019/09/smominru-botnet.html Cryptoming Botnet Smominru Returns With a Vengeance https://www.bankinfosecurity.com/cryptoming-botnet-smominru-returns-vengeance-a-13123 THE MASSIVE PROPAGATION OF THE SMOMINRU BOTNET https://www.guardicore.com/2019/09/smominru-botnet-attack-breaches-windows-machines-using-eternalblue-exploit Malware Moves: The Rise of LookBack – And Return of Emotet https://threatpost.com/malware-moves-the-rise-of-lookback-and-return-of-emotet/148365/ Crypto-mining malware saw new life over the summer as Monero value tripled https://www.zdnet.com/article/crypto-mining-malware-saw-new-life-over-the-summer-as-monero-value-tripled/#ftag=RSSbaffb68 New ransomware strain uses ‘overkill’ encryption to lock down your PC https://www.zdnet.com/article/this-ransomware-uses-overkill-encryption-to-lock-down-your-pc/#ftag=RSSbaffb68 TFlower Ransomware - The Latest Attack Targeting Businesses https://www.bleepingcomputer.com/news/security/tflower-ransomware-the-latest-attack-targeting-businesses/ CookieMiner malware targets Macs, steals passwords and SMS messages, mines for cryptocurrency https://www.tripwire.com/state-of-security/featured/cookieminer-malware-targets-macs-steals-passwords-messages-mines-cryptocurrency/#new_tab B.行動安全 / iPhone / Android /穿戴裝置 /App APP個資無法可刪江雅綺：個資保護一片混亂 http://bit.ly/2lNtgi4 手機內置中國防毒軟件技術　Samsung：不會傳送任何資料至個人裝置以外地方 http://bit.ly/2kznuAB iOS 13又現大漏洞：不解鎖iPhone的情況下可查看聯繫人 https://www.xfastest.com/thread-233466-1-1.html iOS 13驚傳有漏洞！就算iPhone有上鎖駭客還是可輕鬆竊取個資 http://bit.ly/2kPzgXv 新型手機黑客攻擊 Simjacker 漏洞或影響全球逾 10 億用家 http://bit.ly/2kzNdJ8 CHECK POINT RESEARCH：部分 ANDROID 手機有 OTA 漏洞，黑客可發假 OMA CP 訊息 https://ysnweb.net/2019/09/news/international/check-point-research-android-ota-vulnerable/ 中美貿易戰背後的祕密！台灣5G產業的新商機來了 http://bit.ly/2lUiJ4U 駭客利用 SIM 卡漏洞來追蹤人們位置至少 2 年 https://chinese.engadget.com/2019/09/15/simjacker-attack/ 資安業者揭新漏洞！ SIM卡被「挾持」 iOS、安卓都中招 https://news.ltn.com.tw/news/Taipei/breakingnews/2917170 涉超額採集個人私隱　內地手機App被點名 https://hk.on.cc/hk/bkn/cnt/cnnews/20190916/bkn-20190916110239643-0916_00952_001.html IG再傳會洩露用戶電話、姓名的漏洞 https://www.ithome.com.tw/news/133043 【照片一上傳，想刪都刪不掉】手機 APP 藏個資「霸王條款」！專家警告：心理測驗、遊戲儘量別點 https://buzzorange.com/2019/09/16/personal-data-online-is-at-risk/ iPhone有「危險設定」要關閉？　3C達人：不必過慮...除非不想用地圖導航服務 https://www.ettoday.net/news/20190916/1536414.htm APP服務下市個資無法可刪 https://money.udn.com/money/story/5617/4045606 防濫用Spotify共享計劃　突擊檢查家庭用家位置 http://bit.ly/2kwU7Pj 違規手機App 官方點名「碧桂園售樓」金山詞霸涉擅取手機資料 http://bit.ly/2lXqMh2 App涉超額採集隱私將進行監管 https://www.ydn.com.tw/News/352811 SIM卡漏洞遭SimJacker入侵！駭客發送簡訊即可監控掌握手機　10億用戶面臨威脅 https://www.ettoday.net/news/20190917/1537183.htm 頻繁被點名 App侵犯隱私何時休 https://news.sina.com.tw/article/20190917/32674010.html 國家計算機病毒中心發布違規APP和SDK 金山詞霸、墨跡天氣等被點名 https://m.nbd.com.cn/articles/2019-09-17/1372309.html 斯諾登警告法國政要不要用WhatsApp:絕對是個錯誤 https://news.sina.com.tw/article/20190918/32686174.html 黑龍江安卓用戶：你的手機有20.9個漏洞！男士更要注意 https://read01.com/BJGEex3.html 工程師開發程式助避收費陷阱　Apps試用到期自動取消 https://hk.on.cc/hk/bkn/cnt/aeanews/20190917/bkn-20190917190008988-0917_00912_001.html Google Fi 推「全球吃到飽」電信套餐，最低只要 45 美元起 https://www.inside.com.tw/article/17569-google-fi-launches-a-more-traditional-unlimited-plan 手機被駭入大陸30萬台手機被控制用作詐騙 https://udn.com/news/story/7332/4056759 你一直被追蹤位置你知道嗎？教你看懂什麼是「定位」、「權限」 https://blog.trendmicro.com.tw/?p=61296 Check Point Research揭露Android手機安全性漏洞 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000568584_P176MAFP77ELXF53MRLZZ Instagram再傳資安疑慮安全漏洞恐讓用戶電話、姓名全外洩 http://bit.ly/2kOboDu Instagram fixed after researcher finds way to link account info to PII http://bit.ly/2lYa3KQ WhatsApp 'Delete for Everyone' Doesn't Delete Media Files Sent to iPhone Users https://thehackernews.com/2019/09/whatsapp-delete-for-everyone-privacy.html Yikes! iOS 13 Coming Next Week With iPhone LockScreen Bypass Bug https://thehackernews.com/2019/09/ios-13-lockscreen-bypass.html New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS https://thehackernews.com/2019/09/simjacker-mobile-hacking.html When is Android 10 coming to my phone https://www.zdnet.com/article/when-is-android-10-coming-to-my-phone/#ftag=RSSbaffb68 WhatsApp 'Delete for Everyone' Doesn't Delete Media Files Sent to iPhone Users https://thehackernews.com/2019/09/whatsapp-delete-for-everyone-privacy.html C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件用來驗證真人的Captcha遭駭客利用，變成釣魚網頁的新工具 https://www.techbang.com/posts/72847-captcha-used-by-hackers-to-turn-it-into-a-new-tool-for-phishing-pages 月初同時DDoS《魔獸世界》、《鬥陣特攻》，官方：已經抓到人了 https://tw.news.yahoo.com/wowddoscaught-045540631.html 利用軟件漏洞侵占充值款食堂員工“揩油”120萬 http://www.51testing.com/html/74/n-4462474.html 15個新興崛起成長的工作 https://www.1111.com.tw/news/jobns/127323/ 連 Google 都在用！中國網友開發的「翻牆神器」Shadowsocks 為何比傳統 VPN 工具更受歡迎 https://buzzorange.com/techorange/2019/09/16/shadowsocks/ 國際電子戰研討會成果展示 https://www.mitac.com.tw/article.cfm?id=301 資通安全事件通報應變推動淺談 https://www.acw.org.tw/Events/Detail.aspx?id=33 駭客冒名申請合法數位憑證以四處兜售 https://www.ithome.com.tw/news/133102 民眾黨官網遭駭客攻擊警：機器人程式癱瘓註冊 http://bit.ly/2lTYvbs 獨／遭駭「開告」民眾黨今前往信義分局報案 https://udn.com/news/story/7321/4052860 簡訊驗證機制遭濫用，臺灣民眾黨網站驚傳剛上線就被駭 https://www.ithome.com.tw/news/133089 出師不利！官網才上線秒掛...民眾黨：有心人士蓄意癱瘓 https://www.setn.com/News.aspx?NewsID=603343 DDoS攻擊？民眾黨不懂資安還推線上入黨 https://www.setn.com/News.aspx?NewsID=603127 台灣民眾黨官網遭駭客入侵癱瘓柯文哲：報警處理 https://udn.com/news/story/6656/4049604 台灣民眾黨網站遭駭客入侵緊急關站維修中 https://boba.ettoday.net/video/1/698/179477 台灣民眾黨官網遭駭客入侵？黨員註冊系統被癱瘓 https://udn.com/news/story/6656/4049470 民眾黨網站上線遭駭客入侵關閉 http://m.match.net.tw/pc/news/politics/20190916/5024781 台灣民眾黨網站遭駭客入侵 https://www.ptt.cc/bbs/HatePolitics/M.1568599276.A.BFB.html 台灣民眾黨官網昨暝上線半暝受駭客攻擊 https://news.pts.org.tw/article/446415 資安疑慮監視器入侵校園綠委籲全面汰換 https://www.cna.com.tw/news/aipl/201909200097.aspx 台大傳出安裝中國監視器立委呼籲教部立即全面檢查 https://udn.com/news/story/6656/4058251 台大裝中國監視器校方：依規儘速處理 https://www.cna.com.tw/news/ahel/201909190342.aspx Armor 揭暗網洗錢新招：比特幣支付 800 美元換取 1 萬美元現金 https://blockcast.it/2019/09/16/new-trend-of-illicit-conversions-from-btc-to-cash-on-dark-web/amp/ 應對亞太區暗網崛起的威脅　　企業的四大關鍵策略 https://unwire.pro/2019/09/15/lenovo-3/news/ 俄羅斯網路監控系統SORM曝光 https://ithome.com.tw/news/133162 伊朗駭客集團Cobalt Dickens於全球大學展開大規模網釣行動 https://ithome.com.tw/news/133071 澳洲國會被「駭」中國國安部幹的 https://news.ltn.com.tw/news/world/paper/1318467 未公開報告：澳洲選前國會與3大黨都駭客入侵中國是幕後黑手 http://bit.ly/2kDv8dc 路透：澳國會、政黨遭駭客入侵「是中國出手」　怕得罪集體噤聲 https://www.ettoday.net/news/20190916/1536302.htm 路透：澳洲傳查出網攻是「中國發動」！怕破壞關係不敢說 https://ec.ltn.com.tw/article/breakingnews/2917234 傳澳洲查出中國發動網攻擔心損及貿易秘而不宣 https://money.udn.com/money/story/5599/4050832 中國侵害台灣不夠，連澳洲選舉都要干預 https://taronews.tw/2019/09/18/468984/ 美國務院：阿里巴巴騰訊百度或從事間諜活動 https://hk.on.cc/hk/bkn/cnt/cnnews/20190916/bkn-20190916084239982-0916_00952_001.html 中國駭客危及台灣資安學者籲尋求國際合作 https://udn.com/news/story/7088/4045670 業務和網絡控制各自為戰是網絡安全的最大漏洞 http://finance.eastmoney.com/a/201909161238190056.html 無孔不入中共挾陸企滲透全球 https://www.ydn.com.tw/News/352712 中共滲透台灣——網絡篇「網攻台灣」中共網軍盯上明年台灣大選 http://www.epochtimes.com/b5/19/9/16/n11524852.htm 全球網絡安全行業組織First 暫停華為成員資格 http://bit.ly/2lZ2JOT 中國大陸網絡安全宣傳周千鋒教育積極構建網絡安全新格局 http://info.chinabyte.com/111/410111.shtml 中國大陸湖北省網絡與信息安全保障工作進入臨戰階段 http://www.hb.xinhuanet.com/2019-09/20/c_1125017605.htm 中國大陸外交部：網路安全應防備思科、蘋果非華為 https://www.chinatimes.com/realtimenews/20190916003650-260410?chdtv 中國大陸共同織密網絡安全防護網——黨的十八大以來網絡安全工作綜述 http://finance.eastmoney.com/a/201909161237318943.html 中國工程院院士鄔江興：網絡空間安全最大的威脅是不確定威脅 http://it.people.com.cn/n1/2019/0917/c1009-31357755.html 北京軍事專家：香港反送中具「超限戰」特徵 https://udn.com/news/story/120538/4049892 傳許家印被邊控中共對富豪下手 http://www.epochtimes.com/b5/19/9/19/n11531193.htm 網攻竊密攫奪資金美制裁3北韓駭客集團 http://bit.ly/2mdzNmk 美制裁3受北韓資助惡意網攻團體 https://www.ydn.com.tw/News/352599 北韓駭客組織因網絡攻擊事件而遭到美國制裁 http://bit.ly/2kgioJ5 北韓網攻攫奪飛彈資金陷受害美企於兩難 https://www.cna.com.tw/news/firstnews/201909140036.aspx 朝鮮黑客「戰績彪炳」　受害企業陷道德兩難 http://bit.ly/2kyLN1v 美財政部：北韓駭客用勒索軟體攫取飛彈資金 http://bit.ly/2mgu3Zc 美財政部：北韓利用3大駭客組織籌錢網攻竊密勒索樣樣來 https://ec.ltn.com.tw/article/breakingnews/2915934 美制裁３個朝鮮網絡組織 http://bit.ly/2kNw4vk 美國制裁 3 個北韓駭客組織，WannaCry 病毒兇手入列 http://technews.tw/2019/09/18/us-treasury-sanctions-three-north-korean-hacking-groups-lazarus-group-bluenoroff-and-andarial/ 利用WannaCry發動全球網攻　3北韓黑客組織遭制裁 https://hk.on.cc/hk/bkn/cnt/aeanews/20190914/bkn-20190914011159570-0914_00912_001.html 國際產經：美國制裁北韓政府支持的三個駭客組織 http://bit.ly/2kyHIKJ 賴岳謙：日本國安局長換人做！安倍外交戰略起變化 https://www.chinatimes.com/opinion/20190909000002-262115?chdtv 俄媒：斯諾登否認與俄情報機關合作 https://news.sina.com.tw/article/20190914/32654270.html 加國皇家騎警情報部總長被控洩密 https://hk.news.appledaily.com/international/daily/article/20190915/20768539 加拿大資安漏洞皇家騎警情報高官涉洩密 http://bit.ly/2kJqBG1 加警操流利中文情報官員涉嫌洩密恐危害五眼聯盟 http://bit.ly/2kkmBeY “五眼聯盟”或受損‧加高官涉洩密被捕 https://www.sinchew.com.my/content/content_2116009.html 美眾院反壟斷調查要求蘋果臉書等交內部電郵 http://bit.ly/2kfZi5S 「全球最強大的國家希望我從這世界消失」史上最強揭密者史諾登回憶錄暢談童年與揭密心境 https://www.storm.mg/article/1711355 出身軍事情報世家中學曾入侵校網 http://paper.wenweipo.com/2019/09/15/GJ1909150009.htm 普亭身旁臥底美在俄最高階間諜險曝光 CIA急撤人 http://bit.ly/2kFkbrp 去年砸650億買美國武器沙國卻難擋廉價科技偷襲 http://bit.ly/2kRux7J 越南再推本土新版社群網站加強控制網路自由 https://www.cna.com.tw/news/aopl/201909170122.aspx 共同強化資安 AIT：台美11月首度網路攻防演練 https://www.cna.com.tw/news/firstnews/201909170216.aspx 中國對台網攻2年暴增20倍！台美11月將聯合舉行網路攻防演練，15國齊聚強化資安 https://www.storm.mg/article/1725930 周曉輝：美台將聯合舉行網絡攻防演練威懾中共 http://www.epochtimes.com/b5/19/9/20/n11534130.htm 多國聯軍稱襲擊武器來自伊朗特朗普指暫不動武 http://www.hkcna.hk/content/2019/0917/785005.shtml 美國有官員稱華為設備具嚴重安全漏洞電訊商或須移除 http://bit.ly/2kRGKcp 美國官員：可能需移除華為生產的通信設備 https://hk.finance.appledaily.com/finance/realtime/article/20190918/60056818 印度國產航母「4台電腦＋硬碟」失竊！　未完工卻創「下水3次」奇蹟 https://www.ettoday.net/news/20190919/1538513.htm?from=news-sitemap 糗！印首艘國產航母還在建電腦設備竟遭竊 https://www.chinatimes.com/realtimenews/20190920000013-260417?chdtv 還敢買中國貨？美軍精銳部隊遭爆採購中國無人機 https://news.ltn.com.tw/news/world/breakingnews/2919013 台灣已進入準戰爭狀態？專家揭秘中共對台資訊戰背後秘密 http://bit.ly/2ksbbG7 禁公費購陸製無人機美跨黨派議員提案 http://bit.ly/2m0lCBb US Sanctions 3 North Korean Hacking Groups Accused for Global Cyber Attacks https://thehackernews.com/2019/09/north-korea-cyber-attack.html Israeli police arrest execs from vendor of mobile surveillance tech https://www.zdnet.com/article/israeli-police-arrest-execs-from-vendor-of-mobile-surveillance-tech/#ftag=RSSbaffb68 Disqus & Kickstarter hacker warns against password reuse https://www.zdnet.com/article/disqus-kickstarter-hacker-warns-against-password-reuse/#ftag=RSSbaffb68 US Treasury sanctions three North Korean hacking groups https://www.zdnet.com/article/us-treasury-sanctions-three-north-korean-hacking-groups/#ftag=RSSbaffb68 How Cloud-Based Automation Can Keep Business Operations Secure https://thehackernews.com/2019/09/how-cloud-based-automation-can-keep.html Drones attack Saudi Arabia oil production plants, slice output in half https://www.zdnet.com/article/drone-attack-slices-saudi-arabia-oil-production-in-half/#ftag=RSSbaffb68 Israeli police arrest execs from vendor of mobile surveillance tech https://www.zdnet.com/article/israeli-police-arrest-execs-from-vendor-of-mobile-surveillance-tech/#ftag=RSSbaffb68 Brokerage Firm Hit With $500,000 Data Breach Penalty https://www.bankinfosecurity.com/brokerage-firm-hit-500000-data-breach-penalty-a-13095 Cyberattackers now pose as business executives to secure security certificates https://www.zdnet.com/article/cyberattackers-now-pose-as-executives-to-secure-security-certificates/#ftag=RSSbaffb68 Mainframe Security Challenges: An Encroaching Perimeter https://www.bankinfosecurity.com/interviews/mainframe-security-challenges-encroaching-perimeter-i-4444 US government sues ex-IT guy for breaking his NDA (Yes, we mean Edward Snowden) https://www.theregister.co.uk/2019/09/17/us_govt_sues_snowden/ The Definitive RFP Templates for EDR/EPP and APT Protection https://thehackernews.com/2019/09/rfp-templates-for-edr-epp.html United States Sues Edward Snowden and You'd be Surprised to Know Why https://thehackernews.com/2019/09/edward-snowden-lawsuit.html Ubisoft to send out cease & desist requests to DDoS-for-hire services https://www.zdnet.com/article/ubisoft-to-send-out-cease-desist-legal-letters-to-ddos-for-hire-services/#ftag=RSSbaffb68 Senators Urge FCC to Review Licenses for Chinese Telecoms https://www.bankinfosecurity.asia/senators-urge-fcc-to-review-licenses-for-chinese-telecoms-a-13118 A new type of DDoS attack can amplify attack strength by more than 15,300% https://www.techrepublic.com/article/a-new-type-of-ddos-attack-can-amplify-attack-strength-by-more-than-15300/ THE AIR FORCE IS INVITING HACKERS TO BREACH A SATELLITE https://futurism.com/the-byte/air-force-invite-hackers-breach-satellite Massive Gaming DDoS Exploits Widespread Technology https://threatpost.com/massive-gaming-ddos-attack-widespread-technology/148443/ Patch now: 1,300 Harbor cloud registries open to attack https://www.zdnet.com/article/patch-now-1300-harbor-cloud-registries-open-to-attack/#ftag=RSSbaffb68 Microsoft plans to rearchitect Azure Stack by making it container-based https://www.zdnet.com/article/microsoft-plans-to-rearchitect-azure-stack-by-making-it-container-based/#ftag=RSSbaffb68 Supply Chain Attacks: Hackers Hit IT Providers https://www.bankinfosecurity.com/supply-chain-attacks-hackers-hit-providers-a-13122 資訊室誠徵契約資訊工程師 http://bit.ly/2lVDLQj 資訊專員 https://www.104.com.tw/job/6qezh 資安技術工程師【PM一部】 https://www.104.com.tw/job/6qiwu?jobsource=jolist_a_relevance 知名人壽 - 資安助理 FL http://bit.ly/2m0MYXJ 業務代表_資安系統(19091901B) https://www.104.com.tw/job/6qmnu?jobsource=keyword2Keyword D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞起底「神秘」西安詐騙集團：互稱首長將軍　涉「聯合國搬遷」假項目 http://bit.ly/2kf7qDH 伊朗駭客集團Cobalt Dickens於全球大學展開大規模網釣行動 https://www.ithome.com.tw/news/133071 衛報的SecureDrop匿名爆料平台遭網釣駭客鎖定 https://ithome.com.tw/news/133088 國際警方聯手在全球逮捕281名商業電子郵件詐騙嫌犯 https://www.ithome.com.tw/news/133018 「人臉辨識」洩台人個資？銀行監視器爆中貨 https://www.setn.com/News.aspx?NewsID=601681 聯邦銀行員機警阻匯款愛情騙子終失敗 https://news.ltn.com.tw/news/society/breakingnews/2914642 個資管理多頭馬車成立專責機構當務之急 https://www.cna.com.tw/news/afe/201909140061.aspx 廣告追蹤器定位訪客拉票眾院撤國會議員網站鏈接 http://www.mingpaocanada.com/Tor/htm/News/20190914/tdc1_r.htm 罪犯來自新南向詐欺酒駕激增 https://www.chinatimes.com/newspapers/20190915001046-260106?chdtv 日本企業求才秘辛：從日本最大人力銀行Rikunabi驚傳個資不當使用說起 https://udn.com/news/story/6871/4044109 假賽馬誘賭客投資再榨乾　不給錢嗆炸掉你家...11人慘淪ATM被吸600萬 https://www.ettoday.net/news/20190914/1535464.htm “剪刀手”照片或洩露指紋信息專家：舊手機恢復出廠設置還不夠 http://sh.eastday.com/m/20190915/u1ai12833407.html 從源頭把關資策會科法所攜手業者對抗網購詐騙 http://n.yam.com/Article/20190916179844 韓星假賣票真詐騙　徐永明：售票平台應負連帶責任 https://www.ctwant.com/article/7311 3 年內 FBI 接獲商業電子郵件詐騙投訴金額高達 262 億美元，企業不可不慎 https://www.openfind.com.tw/taiwan/news_detail.php?news_id=10194 借記卡在北京卻在美國被盜刷超5萬元，持卡人起訴銀行獲全賠 https://news.sina.com.tw/article/20190916/32667548.html Garmin南非網站洩露顧客姓名、完整信用卡號、地址 https://www.ithome.com.tw/news/133045 女子遇新型網絡詐騙　下載App後被匯走6萬人仔 https://hk.on.cc/hk/bkn/cnt/cnnews/20190914/bkn-20190914191512871-0914_00952_001.html 電影看到飽 MoviePass結束服務客戶個資恐外洩 http://bit.ly/2kOasyX 高中同學「出錢出力」組詐騙集團騙大陸人上千萬元 https://udn.com/news/story/7321/4044149 給甜頭誘投資博奕網站詐600萬 https://money.udn.com/money/story/12524/4047852 金融聯防反詐有成士林警偕行員聯手阻詐 https://times.hinet.net/news/22556677 吸金216億元刑事局查獲中資網路簽賭 http://bit.ly/2klk1Fz 刑事局破獲中資非法博弈產業鏈來台 https://news.pts.org.tw/article/446489 網路廉價詐售蘋果手機警逮5嫌送辦 http://bit.ly/2mmjVyd 偷手機後利用App漏洞盜刷信用卡團伙獲利百萬元被抓 http://finance.sina.com/bg/tech/technews/thepaper/2019-09-16/doc-ifznycny5952067.shtml 厄瓜多全民個資幾全遭外洩亞桑傑也在其中 https://www.rti.org.tw/news/view/id/2034769 厄瓜多爾全國人民資料外洩總統維基創辦人俱受害 https://hk.news.appledaily.com/international/realtime/article/20190917/60055558 資安大漏洞！厄瓜多全國2000萬筆個資遭外洩連總統也受害 https://cnews.com.tw/140190918a05/ 逾3千萬名印尼獅子航空乘客資料外洩 https://www.ithome.com.tw/news/133115 陌生號碼發來年檢簡訊車主被高仿公眾號騙走兩千 https://news.sina.com.tw/article/20190917/32673884.html 如何防止師生信息泄露被竊取？專家給了這些建議 https://news.sina.com.tw/article/20190917/32685064.html 海南原人防辦報賬員7年間300多次造假騙取公款超百萬 https://news.sina.com.tw/article/20190918/32686996.html 隨手按個讚綁定臉書當帳號都有個資外洩風險 https://udn.com/news/story/7088/4053706 看待個資大不同日本可換咖啡韓改身分證號碼 https://udn.com/news/story/7088/4053726 假身份刷卡後退貨索錢 2男騙招遭拆穿落網 http://bit.ly/2kn2sVw 相同投資網卻不同IP？警方：有詐騙風險 https://news.ltn.com.tw/news/society/breakingnews/2919258 深圳福田警方打掉一利用網銀U盾作案犯罪團伙 http://www.legaldaily.com.cn/index/content/2019-09/17/content_7994996.htm 馬印航空公司發生數據泄露數百萬名乘客或受影響 https://news.sina.com.tw/article/20190918/32693834.html 保險業現新型詐騙企業內控再臨考 https://news.sina.com.tw/article/20190919/32698646.html 數億張醫療影像在網路上曝光 https://ithome.com.tw/news/133132 堵陸媒惡行港法院禁洩《蘋果》員工個資 https://tw.appledaily.com/column/article/860/twapple/20190920/38450020/ YouTube 更改認證條件，大量用戶遭到撤銷資格引發批評與緊張 https://tw.mobi.yahoo.com/news/changeyoutube-032232611.html 冒牌AdBlock、uBlock廣告封鎖外掛實則廣告詐欺，300網站受害 https://www.ithome.com.tw/news/133164 Heatstrok網路釣魚攻擊,為何鎖定科技產業員工免費信箱 https://blog.trendmicro.com.tw/?p=62007 Smart TVs send user data to tech heavyweights including Facebook, Google, Netflix https://www.zdnet.com/article/smart-tvs-send-user-data-to-tech-heavyweights-including-facebook-google-netflix/#ftag=RSSbaffb68 Data of 24.3 million Lumin PDF users shared on hacking forum https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/#ftag=RSSbaffb68 LastPass bug leaks credentials from previous site https://www.zdnet.com/article/lastpass-bug-leaks-credentials-from-previous-site/#ftag=RSSbaffb68 Database leaks data on most of Ecuador's citizens, including 6.7 million children https://www.zdnet.com/article/database-leaks-data-on-most-of-ecuadors-citizens-including-6-7-million-children/#ftag=RSSbaffb68 Thousands of Google Calendars Possibly Leaking Private Information Online https://thehackernews.com/2019/09/google-calendar-search.html Investigation Launched After Ecuadorian Records Exposed https://www.bankinfosecurity.com/investigation-launched-after-ecuadorian-records-exposed-a-13097 Arrest made in Ecuador's massive data breach https://www.zdnet.com/article/arrest-made-in-ecuadors-massive-data-breach/#ftag=RSSbaffb68 If you are a Restaurant Depot customer, don’t open that phishing email https://www.zdnet.com/article/if-you-are-a-restaurant-depot-customer-dont-open-that-phishing-email/#ftag=RSSbaffb68 IT Firm Manager Arrested in the Biggest Data Breach Case of Ecuador’s History https://thehackernews.com/2019/09/ecuador-data-breach.html Scotiabank slammed for 'muppet-grade security' after internal source code and credentials spill onto open internet https://www.theregister.co.uk/2019/09/18/scotiabank_code_github_leak/ E.研究報告 K8S 漏洞報告｜近期重要bug fix 分析 https://www.infoq.cn/article/rLHhx2V8sXmkXx7RHTDl 基於鯤鵬雲服務器的MongoDB未授權訪問漏洞檢測及整改建議 https://bbs.huaweicloud.com/forum/thread-24668-1-1.html 釣魚攻擊姿勢老套，不明真相還是上當 https://www.freebuf.com/articles/system/212565.html Heatstrok網路釣魚攻擊,為何鎖定科技產業員工免費信箱 https://blog.trendmicro.com.tw/?p=62007 深入分析Adobe忽略了6年的PDF漏洞 https://xlab.tencent.com/cn/2019/09/12/deep-analysis-of-cve-2019-8014/ 一款漏洞驗證框架的構思 https://www.jishuwen.com/d/251d/zh-tw Fortigate SSL VPN從漏洞挖掘到漏洞利用分析 https://www.4hou.com/vulnerable/20170.html 一次無聊的APP漏洞挖掘 https://zhuanlan.zhihu.com/p/82513348 一篇RPO漏洞挖掘文章翻譯加深理解 https://www.cnblogs.com/piaomiaohongchen/p/11528205.html 記一次內部系統滲透測試：小漏洞組合拳 https://www.freebuf.com/articles/web/213675.html Jenkins RCE漏洞分析匯總 https://xz.aliyun.com/t/6361 深入探索在野外發現的iOS漏洞利用鏈 https://www.anquanke.com/post/id/186456 BlueKeep 漏洞利用分析 https://paper.seebug.org/1035/ 细数Android系统那些DOS漏洞 http://www.tiejiang.org/25242.html 安全漏洞XSS、CSRF、SQL注入以及DDOS攻擊 https://www.cnblogs.com/rinack/p/11549410.html CORS介紹及其漏洞檢測 http://www.saucer-man.com/information_security/331.html 攻撃グループBlackTechが侵入後に使用するマルウエア https://blogs.jpcert.or.jp/ja/2019/09/tscookie_loader.html Hacking LED Wristbands: A ‘Lightning’ Recap of RF Security Basics https://blog.trendmicro.com/trendlabs-security-intelligence/hacking-led-wristbands-a-lightning-recap-of-rf-security-basics/ 2019 CWE Top 25 Most Dangerous Software Errors https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html These software vulnerabilities top MITRE’s most dangerous list https://www.zdnet.com/article/these-software-vulnerabilities-top-mitres-most-dangerous-list-in-2019/#ftag=RSSbaffb68 SQL Injection Cheat Sheet https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/ GitHub security alerts now support PHP projects https://www.zdnet.com/article/github-security-alerts-now-support-php-projects/#ftag=RSSbaffb68 guillaC/wsManager https://github.com/guillaC/wsManager Sumeet-R/HackTheKeyboard https://github.com/Sumeet-R/HackTheKeyboard Leviathan36/kaboom https://github.com/Leviathan36/kaboom BullsEye0/shodan-eye https://github.com/BullsEye0/shodan-eye dlfernando/Instagram-downloader https://github.com/dlfernando/Instagram-downloader fkasler/dolos_cloak https://github.com/fkasler/dolos_cloak The TIDoS Framework - The Offensive Manual Web Application Penetration Testing Framework https://hakin9.org/the-tidos-framework-the-offensive-manual-web-application-penetration-testing-framework/ Edward Snowden - Permanent Record https://kaketosdelano.ml/threads/edward-snowden-permanent-record-2019-mp3-epub.8599/ GNU Radio CON 2019 https://www.gnuradio.org/grcon/grcon19/presentations/ [macOS, CTF] ChiChou/DezhouInstrumenz https://github.com/ChiChou/DezhouInstrumenz F.商業 Nexusguard研究顯示，DNS DNS放大攻擊去年以來增加了1,000％ https://times.hinet.net/news/22559475 微軟資料中心逐步融合資安防護與GDPR合規服務 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=70&id=0000568592_AH06L6AJ8B537J35H5MKK 瀏覽網頁變不一樣了！Chrome 77 最新版增添3項實用功能 https://3c.ltn.com.tw/news/38018 Palo Alto Networks：打擊網路犯罪企業用AI了嗎 https://news.sina.com.tw/article/20190917/32684284.html 迎戰中國削價競爭台灣安全監控產業資安升級 https://www.cna.com.tw/news/ahel/201909180037.aspx 甲骨文推出自主Linux作業系統 https://www.ithome.com.tw/news/133110 Office 365 vs. LibreOffice 比一比，誰才是你最得心應手的生產力工具 https://www.kocpc.com.tw/archives/275178 Windows 7 即將停止更新！即刻升級 Windows 10，保障資安、商用作業系統維護 https://www.cool3c.com/article/147971 GitHub 收購程式碼分析工具商 Semmle，協助開發人員發現程式碼漏洞 https://finance.technews.tw/2019/09/19/github-acquires-semmle-to-help-developers-spot-code-exploits/ Chrome v77推3項新功能改善文字傳送消失問題 https://udn.com/news/story/7086/4056208 Firefox 瀏覽器從明年開始，將進入每 4 週就更新一次的週期 https://www.kocpc.com.tw/archives/281165 甲骨文以上千台Raspberry Pi組成超級電腦叢集 https://www.ithome.com.tw/news/133137 Microsoft acquires code-analysis platform vendor Semmle https://www.zdnet.com/article/microsoft-acquires-code-analysis-platform-vendor-semmle/#ftag=RSSbaffb68 Microsoft pushes back end of support for Exchange Server 2010 by nine months https://www.zdnet.com/article/microsoft-pushes-back-end-of-support-for-exchange-server-2010-by-nine-months/#ftag=RSSbaffb68 Is Microsoft getting closer to launching its expected Microsoft 365 Consumer subscription https://www.zdnet.com/article/is-microsoft-getting-closer-to-launching-its-expected-microsoft-365-consumer-subscription/#ftag=RSSbaffb68 How Cloud-Based Automation Can Keep Business Operations Secure https://thehackernews.com/2019/09/how-cloud-based-automation-can-keep.html Dremio releases Data Lake Engines for AWS and Azure https://www.zdnet.com/article/dremio-releases-data-lake-engines-for-aws-azure-and-hybrid-cloud/#ftag=RSSbaffb68 Google removes two Chrome ad blocker extensions caught 'cookie stuffing' https://www.zdnet.com/article/google-removes-two-chrome-ad-blocker-extensions-caught-cookie-stuffing/#ftag=RSSbaffb68 G.政府數位身分證會掌握你的行蹤？無稽之談 http://bit.ly/2kzNpbk 政院強推數位身分證監控人民? 內政部駁斥 https://news.sina.com.tw/article/20190916/32667930.html 再轟內政部新式身分證具追蹤機制　許毓仁：哪條法律授權政府在人民身上放eTag https://www.storm.mg/article/1716278 新式身分證恐釀資安危機／關鍵「私人金鑰」發包民間廠商處理晶片、系統將成駭客攻擊對象 https://news.ltn.com.tw/news/life/paper/1316927 揭露數位身分證2大隱憂台權會：個資外洩及國家機器監控 http://bit.ly/2kKaEPR 內政部：數位身分證私密金鑰無法重製資安無虞 https://money.udn.com/money/story/7307/4041268 新身分證具追蹤機制藍委：這不叫監控什麼叫監控 https://www.chinatimes.com/realtimenews/20190916001996-260407?chdtv 政府領域聯防監控情資回傳作業常見問題 http://bit.ly/2kB75LZ 陳美伶：個資涉及層面廣需跨領域規管整合 http://bit.ly/2kAPSlS 黃國昌稱時力不賣亡國感學者李忠憲：論述真是矛盾 https://news.ltn.com.tw/news/politics/breakingnews/2915732 廖世偉觀點：純網銀的身分認證的監理與資安 https://www.storm.mg/article/1671595 防「自己人」亂查／查過必留痕跡警方不定期資安稽核 https://news.ltn.com.tw/news/society/paper/1318159 案情反推諜對諜：調查局調查官教你如何就營業秘密案件搜證 https://udn.com/news/story/6871/4044037 網路賭博無罪法部修法堵漏洞 https://money.udn.com/money/story/5618/4047850 網路賭博不一樣　法務部修法改這2項 https://tw.appledaily.com/new/realtime/20190916/1633987/ 防恐攻大型無人機零件進口要納管 https://www.chinatimes.com/newspapers/20190917000255-260202?chdtv 台商回流重視供電台電、調查局推「資安聯防」阻駭 https://news.ltn.com.tw/news/politics/breakingnews/2917999 金管會修訂「金融機構作業委託他人處理內部作業制度及程序辦法」 http://bit.ly/2kPhio1 H.ICS/SCADA 工控系統工業資安保衛戰　IT/OT各司其職 https://www.mem.com.tw/arti.php?sn=1909160005 智慧工廠暴露製造端安全風險半導體、資安業者跨界合作推動資安平台 https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000568850_YTS76D756XWIV4LEZRSXB 半導體資安標準動起來　鏈結供需更有感 https://www.mem.com.tw/arti.php?sn=1909190002 advantech -- webaccess https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3975 頂象：工控設備被遠程瞬間摧毀企業該怎麼防 http://nx.sina.com.cn/finance/2019-09-20/detail-iicezueu7161266.shtml I.教育訓練【資安講座#2】揭露郵件與惡的距離，談Openfind BEC反詐騙應用與技術發展 https://funny-video-online.com/watch/j5d4f4d415o494m4a445v4.html 『 Day 2 』認識 CTF https://ithelp.ithome.com.tw/articles/10215497 [駭客工具 Day12] 密碼暴力破解 - Hydra https://ithelp.ithome.com.tw/articles/10215072 [駭客工具 Day13] 密碼字典檔生成工具 - crunch https://ithelp.ithome.com.tw/articles/10215234?sc=rss.qu [駭客工具 Day14] 快速網站弱點掃描- Nikto https://ithelp.ithome.com.tw/articles/10215447 [駭客工具 Day15] 主機系統弱點掃描 - Nessus https://ithelp.ithome.com.tw/articles/10215646 [駭客工具 Day16] 滲透神器 - Metasploit https://ithelp.ithome.com.tw/articles/10216722 [駭客工具 Day17] SQL Injection漏洞利用 - sqlmap https://ithelp.ithome.com.tw/articles/10217184 [Day 1] 話說這個人會講些啥 https://ithelp.ithome.com.tw/articles/10213662 [Day 2] Template Injection：欸不是，你真的懂 Python 嗎？ https://ithelp.ithome.com.tw/articles/10217309 [Day04] AI實例-將來銀行 https://ithelp.ithome.com.tw/articles/10217786?sc=iThelpR Day4 駭客&滲透階段 https://ithelp.ithome.com.tw/articles/10217638 資安開源工具：神兵利器還是雙面利刃？ (二) https://ithelp.ithome.com.tw/articles/10215297 那個夜裡的資安-9 https://ithelp.ithome.com.tw/articles/10215354 Day01 前言x初探CTF https://ithelp.ithome.com.tw/articles/10215346 [Day 01] 資安百物語-第零談：前言 &百物語 https://ithelp.ithome.com.tw/articles/10216250 利用Decorator進行參數型別檢查 https://www.uuu.com.tw/Public/content/article/19/20190916.htm [Day1] 淺談 Kubernetes 設計原理 https://ithelp.ithome.com.tw/articles/10215384 [Day01]源自於同事的困擾 https://ithelp.ithome.com.tw/articles/10213187 [Day02]來自駭客的預告信 https://ithelp.ithome.com.tw/articles/10213967 [Day-1] Tensorflow 介紹及 Tensorflow 2.0相關知識 https://ithelp.ithome.com.tw/articles/10215969 馬坤：成立網絡安全學院專注人才培養 http://m.cnwest.com/sxxw/a/2019/09/14/17995033.html [英語面試大秘訣] – 北美軟體工程師面試實戰分享 http://bit.ly/2lYU9zu 從拉麵店的販賣機理解什麼是 API https://medium.com/@hulitw/ramen-and-api-6238437dc544 鐵人賽：初入程式語言，沒想到是 JavaScript 的親戚啊 https://wcc723.github.io/ironman/2019/09/18/start-to-learn-program/ PyCon TW 2019 共同筆記 https://hackmd.io/@PyConTW/2019/%2FitlYBVanTbSrdXhjlbEdyA DVWA（Damn Vulnerable Web Application）- Brute Force http://bit.ly/2mryP6c J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識全國IoT資安挑戰賽民眾玩密室逃脫找資安弱點 https://udn.com/news/story/7266/4045825 2019IoT資安挑戰賽成果揭曉 UCCU Hacker奪冠 http://bit.ly/2kp9Css 智慧家庭要防駭「2019 IoT資安挑戰賽」成果揭曉 https://times.hinet.net/news/22556980 趨勢科技：物聯網已成網路犯罪地下市場熱門話題 https://newtalk.tw/news/view/2019-09-17/299906 防堵網路攝影機資安漏洞消費者自保有道 https://money.udn.com/money/story/7307/4053660 網路攝影機不設防資安漏洞隱私被看光 https://money.udn.com/money/story/7307/4053658 工控系統資安認證網路攝影機也有家用款 http://bit.ly/2kStW5J This Week in Security News: IoT Devices Are a Target in Cybercriminal Underground https://blog.trendmicro.com/this-week-in-security-news-iot-devices-are-a-target-in-cybercriminal-underground/ Protocol found in webcams and DVRs is fueling a new round of big DDoSes https://arstechnica.com/information-technology/2019/09/in-the-wild-ddoses-are-abusing-webcams-and-dvrs-to-amplify-their-crippling-effects/ 6.近期資安活動及研討會 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28 https://www.accupass.com/event/1906050355291064968019 PyTorch Tainan x CCNS 聚會 #28 9/21 https://pytorch-tainan.kktix.cc/events/2019-09-21-m28 Android Code Club(Taipei) 9/21 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzlbcc/ SyntaxError 9/21 https://www.meetup.com/pythonhug/events/tnzzgpyzlbcc/ 資策會開辦「認證系統安全從業人員 SSCP 輔導班」2019/9/21 https://ithome.com.tw/pr/131772 交通大學亥客書院-A011:入侵行為發覺與應變指南 9/21 https://hackercollege.nctu.edu.tw/?p=1082 AIC課程 _ Python 入門 9/21 ~ 9/22 https://www.facebook.com/events/429157554391837/?event_time_id=429157561058503 資訊安全管理系統-進階課程 9/21 https://www.accupass.com/event/1907160908138705889800 Open UP Summit Fukuoka Outreach 9/21 https://www.meetup.com/TaipeiWomeninTech/events/263683783/ Python 入門台北 2019/09 月份 9/21 https://www.meetup.com/PyLadiesTW/events/264464501/ TEM 基礎教育課程第二階段：「工程師的即戰力」 9/21 https://www.meetup.com/Taipei-Ethereum-Meetup/events/264544639/ 【CIT週末玩程式】- (9月)認識電腦與程式邏輯訓練 9/21 https://www.meetup.com/Women-Who-Code-Taipei/events/264121660/ Developer Meetup Taipei 2019 9/22 https://www.meetup.com/Taipei-Dapp-com-Meetup-Group/events/264898014/ Coffee & Code 9/22 https://www.meetup.com/Innovate-Taiwan/events/hkdmgryzmbdc/ Build Your First Custom Blockchain - 親手打造你的第一個客制區塊鏈 9/24 https://www.meetup.com/Polkadot-Taipei/events/264188190/ Golang Taipei Gathering #44 x Wanted 9/24 https://www.meetup.com/golang-taipei-meetup/events/264492552/ Android Taipei - 2019 九月聚會 9/24 https://www.facebook.com/events/421900911784891/ 智慧型手機破密 9/24 https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=37 Women Who Code <> VMware Taiwan 帶你進入K8s的世界 9/25 https://www.meetup.com/Women-Who-Code-Taipei/events/264860059/ TANET 2019 - 臺灣網際網路研討會 9/25 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310 不起眼的讀書會 #12 9/25 https://www.meetup.com/cschat-taichung/events/264917307/ Nextlink Technology 9/25 (三) https://www.accupass.com/event/1908020858535104977240 DEVCORE Conference 2019 9/25 https://devco.re/conf/2019/ Nextlink Technology | 企業資安防護能力再升級 | Nextlink 資安論壇9/25 (三) https://www.accupass.com/event/1908020858535104977240 面對 APT進階持續性滲透攻擊，企業如何建立正確防護觀念與有效、低成本的資安防護能力 9/26 https://www.techbang.com/posts/72484-lecturecorporate-apt Thinking Thursday 第四場 9/26 https://www.meetup.com/Thinking-Thursday/events/263826166/ Taipei.py 七週年慶 No. 7 Anniversary 9/26 https://www.meetup.com/Taipei-py/events/264775361/ [CyCarrier]-奧義智慧資安活動_Fintech威脅剖析金融科技資安升級 9/26 https://www.zerone.com.tw/TrainingDetial/Seminar/2CB2943BF5366C08%7C581222C91497B312 [Akamai]-Akamai線上研討會快速部署與高效預測抵禦的資安防護網 9/27 https://www.zerone.com.tw/TrainingDetial/Seminar/33439C9B5852933A%7C4D840EFFD881209B 交通大學亥客書院-B022:基礎網頁安全與滲透測試 9/28 https://hackercollege.nctu.edu.tw/?p=1084 【Flutter Brunch】：一起來交流 Flutter 技術 9/28 https://www.meetup.com/Women-Who-Code-Taipei/events/264801570/ WTM Networking - UXers' Breakfast #3 9/28 https://www.meetup.com/GDGTaipei/events/264719986/ JavaScript Developer Conference-2019 2019-09-28(六) 09:30 ~ 2019-10-26(六) 17:30 (GMT+8) https://www.accupass.com/event/1907081509101081922774 AI/BigData技能養成系列課程-資料工程實務應用精鍊假日班(確定開課) 9/28 ~ 10/6 https://www.accupass.com/event/1908010601311553672560 NSPA實作課程(假日班)報名表 9/29 https://docs.google.com/forms/d/e/1FAIpQLSf6g7LmwAk_T6RFCaZL3dvgxjS9qlMrHlLtkXDC-nqNza_V9w/viewform 軟體安全測試實務 9/29 https://www.sce.pccu.edu.tw/event/chtweb/index.html 2019 NASA黑客松賽前技術分享[Microsoft]_Azure 雲端運算與認知識別服務 10/1 https://www.facebook.com/events/421753888461417/ 技職校院物聯網創新應用賽 10/1 受理報名 https://iot2gather.ntust.edu.tw/ Gnss海面反射訊號之技術及應用 10/1 https://www.facebook.com/events/384731849123773/ Nasa黑客松，太空中心能幫你什麼 10/2 https://www.facebook.com/events/390573691633383/ GDG DevFest Taipei 2019 10/1 https://www.meetup.com/GDGTaipei/events/263142255/ 108 年「先進製造 AI 與物聯網資安實務應用研討會」 10/3 https://seminars.tca.org.tw/D15e02340.aspx 我們與資安的距離 10/5 https://hackersir.kktix.cc/events/20191005 安全程式碼撰寫基礎 10/6 https://www.sce.pccu.edu.tw/event/chtweb/index.html XRY Certification 教育訓練 10/7 ~ 10/8 https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=38 資安檢核核心技術及進階技術研討會 10月7日至10月9日 http://bit.ly/2TN2UtD 2019年台灣資安通報應變年會 10/8 https://www.informationsecurity.com.tw/Seminar/ISevent20191008/ Cloud Native Forum 2019 10/9 https://www.meetup.com/Cloud-Native-Taipei-User-Group/events/264613646/ HITB+ CYBER WEEK 2019/10/12 ~17 https://d2p.hitb.org/ 白帽駭客體驗實作 10/13 https://www.sce.pccu.edu.tw/event/chtweb/index.html 國家高速網路與計算中心台灣杉一號高速計算主機使用進階課程 10/14 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3869&from_course_list_url=course_index 數位時代，自已的權利自己顧 -- 不可不知！基礎資安教戰講座 10/15 https://ocftw.kktix.cc/events/e0c1048b 智資時代 2019 科技法制前瞻論壇 10/15 https://seminar.ithome.com.tw/live/iii20191015/index.html?eDM_iThome AI時代下，資安與視覺化的觀點與實例 10/16 https://www.tiai.org.tw/tiaiActDetailClass?sno=19 TFUG Taipei | TensorFlow All Around 10/16 https://www.meetup.com/TensorFlow-User-Group-Taipei/events/264713077/ Kotlin/Everywhere GDG Hsinchu - Kotlin on Cloud and Web 10/17 https://www.meetup.com/GDG-Hsinchu/events/263741333/ 2019 Space Apps Challenge_NASA 黑客松台北場 10/18 https://www.facebook.com/events/2112377919060176/ 2019 邊緣運算論壇 - AI + IoT 備戰台商回流潮，IIoT 智慧升級 10/18 https://www.accupass.com/event/1909040655361186052756 Crosslink Taiwan 2019 10/19 https://www.meetup.com/Taipei-Ethereum-Meetup/events/264302796/ 交通大學亥客書院-A006:數位足跡追蹤與分析 10/19 https://hackercollege.nctu.edu.tw/?p=1088 無痛上手-WiFi無線網路安全檢測 10/20 https://www.sce.pccu.edu.tw/event/chtweb/index.html 日盛金融黑客松報名至10/20 止 https://app.jsun.com/hackathon/Main Splunk .conf 19 10/21 ~ 10/24 https://conf.splunk.com/ 國家高速網路與計算中心平行計算程式設計基礎課程 10/22 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3778&from_course_list_url=course_index AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22 https://ittraining.kktix.cc/events/aiot-training-2019 Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019 https://www.icscybersecurityconference.com [Palo Alto Networks]-Palo Alto Networks 直播研討會Part6. MITRE ATT&CK 新資安攻防框架進階產業應用 10/24 https://www.zerone.com.tw/TrainingDetial/Seminar/7747B901A8198AC3%7C1C130FE6FEC34700 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 10/25 https://signupcybersec101.ithome.com.tw/ 國家高速網路與計算中心大數據軟體開發平台與深度學習、HBase(大數據資料庫)開發應用案例 10/25 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3867&from_course_list_url=course_index 交通大學亥客書院-A015:進階網頁滲透測試 10/26 https://hackercollege.nctu.edu.tw/?p=1090 資安檢核核心技術及進階技術研討會 10月28日至10月30日 http://bit.ly/2TN2UtD Foundations in Digital Forensics with EnCase® (DF120) (原CF1) 10/28 ~ 10/31 https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=39 行政院資安學院物聯網資安培訓課程 11/3 ~ 11/30 https://www.accupass.com/event/1810080517061259295030 Red Hat Forum Taipei 2019 11/5 https://www.facebook.com/events/1390202967799392/ 駭客攻防暨數位鑑識系列一(第1期) 11/7 https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=384540 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/8 https://signupcybersec101.ithome.com.tw/ Kotlin/Everywhere GDG Taoyuan - 運用 Ktor 建置一個以 Kotlin 打造的後端服務 11/9 https://www.meetup.com/GDGTaoyuan/events/264776152/ 交通大學亥客書院-P006:高階網頁滲透測試 11/16 https://hackercollege.nctu.edu.tw/?p=1092 Trend Micro CTF 2019 // Raimund Genes Cup FINAL / NOVEMBER 23–24, 2019 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html 資安檢核核心技術及進階技術研討會11月26日至11月28日 http://bit.ly/2TN2UtD 人資人員必修的職安法規定 11/26 https://www.accupass.com/event/1909121441141977826554 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/29 https://signupcybersec101.ithome.com.tw/ 交通大學亥客書院-B015:惡意程式檢測 11/30 https://hackercollege.nctu.edu.tw/?p=1098 交通大學亥客書院-A018:企業網域控管－Active Directory攻擊與防禦 12/14 https://hackercollege.nctu.edu.tw/?p=1094 Japan Security Analyst Conference https://jsac.jpcert.or.jp/