###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/10/28 ~ 2019/11/1 1.重大弱點漏洞/後門/Exploit/Zero Day Symantec antivirus crashes something again. This time Chrome 78 browsers https://www.zdnet.com/article/symantec-antivirus-crashes-something-again-this-time-chrome-78-browsers/#ftag=RSSbaffb68 VMWare vCenter 伺服器設備資料洩露漏洞 https://www.vmware.com/security/advisories/VMSA-2019-0018.html MikroTik RouterOS 6.45.6 - DNS Cache Poisoning https://www.exploit-db.com/exploits/47566 主流虛擬化平臺 QEMU-KVM 被曝存在漏洞，可完全控制宿主機及其虛擬機 https://www.chainnews.com/zh-hant/articles/730633063482.htm Google Chrome/Microsoft Edge Chromium version 78.0.x error "Aw, Snap! Something went wrong while displaying this webpage." when using Endpoint Protection https://support.symantec.com/us/en/article.tech256047.html Where the beep is Reopen Closed Tab in Chrome 78? (and how to get it back) https://www.zdnet.com/article/where-the-beep-is-reopen-closed-tab-in-chrome-78-and-how-to-get-it-back/#ftag=RSSbaffb68 Samba Releases Security Updates https://www.samba.org/samba/security/CVE-2019-10218.html https://www.samba.org/samba/security/CVE-2019-14833.html https://www.samba.org/samba/security/CVE-2019-14847.html IBM Cloud Orchestrator 注入漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4396 IBM InfoSphere Information Server on Cloud和IBM InfoSphere Information Server信息泄露漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4615 IBM Security Guardium Big Data Intelligence信息泄露漏洞 https://www.ibm.com/support/pages/node/1096384 IBM Security Guardium Big Data Intelligence加密问题漏洞 https://www.ibm.com/support/pages/node/1096924 PHP再傳遠端程式碼執行漏洞，波及Nginx網站伺服器 https://www.ithome.com.tw/news/133904 Nasty PHP7 remote code execution bug exploited in the wild https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/#ftag=RSSbaffb68 Fujitsu Wireless Keyboard Set LX390 Keystroke Injection https://packetstormsecurity.com/files/154956/SYSS-2019-011.txt Xorg X11 Server SUID modulepath Privilege Escalation https://packetstormsecurity.com/files/154942/xorg_x11_suid_server_modulepath.rb.txt Trend Micro Anti-Threat Toolkit (ATTK) 1.62.0.1218 Remote Code Execution https://packetstormsecurity.com/files/154916/TREND-MICRO-ANTI-THREAT-TOOLKIT-ATTK-REMOTE-CODE-EXECUTION.txt Unsupported D-Link routers vulnerable to RCE flaws https://www.scmagazine.com/home/security-news/vulnerabilities/unsupported-d-link-routers-vulnerable-to-rce-flaws/ Major vulnerability patched in the EU's eIDAS authentication system https://www.zdnet.com/article/major-vulnerability-patched-in-the-eus-eidas-authentication-system/#ftag=RSSbaffb68 Facebook sues Israeli surveillance vendor over WhatsApp zero-day https://www.zdnet.com/article/facebook-sues-israeli-surveillance-vendor-over-whatsapp-zero-day/#ftag=RSSbaffb68 NFC False Tag Vulnerability – CVE-2019-9295 https://www.checkmarx.com/blog/nfc-false-tag-vulnerability Modern Binary Analysis with ILs https://binary.ninja/presentations/Modern%20Binary%20Analysis%20with%20ILs.pdf Apache Solr Velocity模板遠程代碼執行,附poc http://www.shungg.cn/post/268 Microsoft Warns of Windows Slow Startup Due to Persistent Memory https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-windows-slow-startup-due-to-persistent-memory/ 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 行庫組織調整 強化法遵、資安 http://bit.ly/2BK4iFb 國泰證下單系統今早大當機　公司：已完成修復　 https://tw.appledaily.com/new/realtime/20191028/1655067/ 金控子公司雙向身分認證服務 首例壽險銀行合作 https://www.cna.com.tw/news/afe/201910280196.aspx 淘寶網購避稅要注意囉！海關將查信用卡刷卡資料　3管齊下防堵 https://www.ettoday.net/news/20191028/1567092.htm 普及資安險 產險業推親民保單 http://bit.ly/2NrQzbi 中華保險服務協會辦研討 保險業迎科技創新 須慎防資安風險 http://bit.ly/2Ns1PED 金融業決勝科技運用，深耕小資族挖掘大商機 http://bit.ly/2WxtYyj 歐盟擬新設機構 打擊洗錢活動 http://bit.ly/34tRmQb 打擊洗錢犯罪，歐盟擬成立獨立監管機構 http://bit.ly/2JFXLPY 狐假虎威，無名駭客試圖冒充知名駭客團體成員向金融機構發起DDoS攻擊 https://ek21.com/news/tech/155211/ 日商三菱日聯銀行股份有限公司通訊加密設備因惡意連線導致台灣據點部分客戶及第三方交易資訊洩漏一事 https://piyolog.hatenadiary.jp/entry/2019/10/29/060335 三菱UFJ銀行が不正アクセスを受けた通信暗号化装置について調べてみた https://piyolog.hatenadiary.jp/entry/2019/10/29/060335 ローカルキャッシュマネジメントサービスの通信暗号化装置への不正アクセスによる台湾拠点の一部お客さま情報および第三者情報の漏えいについて https://www.bk.mufg.jp/news/news2019/pdf/news1025.pdf DDoS 攻撃を示唆して、仮想通貨を要求する脅迫メールについて https://www.jpcert.or.jp/newsflash/2019103001.html Romanian duo skims data from 8 ATMs in Hyderabad, held http://timesofindia.indiatimes.com/articleshow/71747779.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst Online shoppers beware: Those ATM skimming devices are now on some retail websites https://www.fastcompany.com/90421916/online-shoppers-beware-those-atm-skimming-devices-are-now-on-some-retail-websites ATM Malware and Jackpotting Attacks Could Be Making a Return https://www.cpomagazine.com/cyber-security/atm-malware-and-jackpotting-attacks-could-be-making-a-return/ Four suspected cyber criminals arrested while trying to steal money from an ATM https://nairobinews.nation.co.ke/news/four-suspected-cyber-criminals-arrested-while-trying-to-steal-money-from-an-atm Five of ATM fraudsters’ gang land in police net https://www.tribuneindia.com/news/five-of-atm-fraudsters-gang-land-in-police-net/850841.html Online banking and ATM fraud: Mumbai tops among 19 metros https://indianexpress.com/article/india/online-banking-and-atm-fraud-mumbai-tops-among-19-metros-6082817/ SBI Card: Know State Bank of India's all debits cards, their ATM withdrawal limit https://www.zeebiz.com/personal-finance/news-sbi-card-know-state-bank-of-indias-all-debits-cards-their-atm-withdrawal-limit-113258 Details for 1.3 million Indian payment cards put up for sale on Joker's Stash https://www.zdnet.com/article/details-for-1-3-million-indian-payment-cards-put-up-for-sale-on-jokers-stash/#ftag=RSSbaffb68 Joker's Stash Lists 1.3 Million Stolen Indian Payment Cards https://www.bankinfosecurity.com/jokers-stash-lists-13-million-stolen-indian-payment-cards-a-13302 Biggest single card database ever on sale on dark net marketplace https://www.group-ib.com/media/biggest-card-database-ever/ Cybercrime, a fake Fancy Bear threats companies with DDoS attacks https://www.difesaesicurezza.com/en/defence-and-security/cybercrime-a-fake-fancy-bear-threats-companies-with-ddos-attacks/ DDoS attackers claim to be Russian APT group, demand ransom https://www.scmagazine.com/home/security-news/cybercrime/ddos-attackers-claim-to-be-russian-apt-group-demand-ransom/ Global RDoS Campaign – Fancy Bear https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reports/global-rdos-campagin%E2%80%93fancy-bear/ Warning of Serious DDoS Blackmail Campaigns Attributed to Fancy Bear Group https://www.link11.com/en/blog/warning-of-serious-ddos-blackmail-campaigns-attributed-to-fancy-bear-group/ Fast-Food Chain Krystal Investigates Card 'Security Incident' https://www.bankinfosecurity.com/fast-food-chain-krystal-investigates-card-security-incident-a-13301 Visa Drops 2FA for Low-Value Transactions https://www.bankinfosecurity.asia/visa-drops-2fa-for-low-value-transactions-a-13308 Need to bolster banking apps security on mobile devices: Fortinet’s Rajesh Maurya https://techobserver.in/2019/10/31/need-to-bolster-banking-apps-security-on-mobile-devices-fortinets-rajesh-maurya/ Inside Magecart: the history behind the covert card-skimming assault on the e-commerce industry https://www.virusbulletin.com/blog/2019/10/vb2019-paper-inside-magecart-history-behind-covert-card-skimming-assault-e-commerce-industry/ Banche, si teme un attacco phishing ai clienti https://qds.it/banche-si-teme-un-attacco-phishing-ai-clienti/ Some brokerages in Singapore hit by DDoS attacks last week https://www.businesstimes.com.sg/banking-finance/some-brokerages-in-singapore-hit-by-ddos-attacks-last-week Stock brokerages here hit by cyber attacks https://www.tnp.sg/news/singapore/stock-brokerages-here-hit-cyber-attacks Turkey ranked second in mobile banking attacks https://www.news1.news/tr/2019/10/turkey-ranked-second-in-mobile-banking-attacks.html Cybersecurity and Banking: 3 Trends to Watch in 2020 https://www.bitsight.com/blog/cybersecurity-and-banking-3-trends-to-watch-in-2020 Polisi Ringkus Spesialis Pembobol ATM Lintas Provinsi Pakai Tusuk Gigi https://radarsurabaya.jawapos.com/read/2019/10/29/163495/polisi-ringkus-spesialis-pembobol-atm-lintas-provinsi-pakai-tusuk-gigi Diduga akan Skimming ATM, WN Ukraina Ditangkap Polda Bali https://www.merdeka.com/peristiwa/diduga-akan-skimming-atm-wn-ukraina-ditangkap-polda-bali.html Secret Service: Brazilian’s bank data scheme hits Seacoast ATMs https://www.fosters.com/news/20191031/secret-service-brazilians-bank-data-scheme-hits-seacoast-atms India is on radar of hackers stealing card details from ATM machines https://www.livemint.com/technology/tech-news/india-is-on-radar-of-hackers-stealing-card-details-from-atm-machines-11572514090022.html The Central Bank will strengthen control over IT-security of credit institutions https://www.ehackingnews.com/2019/10/the-central-bank-will-strengthen.html?utm_source=dlvr.it&utm_medium=twitter 3.電子支付/電子票證/行動支付/ pay/新聞及資安 LINE Pay一卡通繳卡費「爆出漏洞」！網友神製條碼器　每期爽賺500點高回饋 https://www.ettoday.net/news/20191027/1566267.htm 鑽LinePay漏洞！他撈500點回饋 律師：恐涉詐欺 https://news.ebc.net.tw/News/living/183573 謊稱支付寶遭盜用獲賠　杭州大學生反被告詐騙 https://hk.on.cc/hk/bkn/cnt/cnnews/20191027/bkn-20191027130540419-1027_00952_001.html 4.虛擬貨幣/區塊鍊相關新聞及資安 陳元談區塊鏈：需警惕新技術的安全漏洞 https://news.sina.com.tw/article/20191027/33097584.html 跨境貿易融資 加速應用區塊鏈 https://www.chinatimes.com/newspapers/20191028000083-260309?chdtv 區塊鏈應避虛就實加快場景應用是根本 https://news.sina.com.tw/article/20191029/33116898.html 銀行發展區塊鏈 人行緊盯資安 https://www.chinatimes.com/newspapers/20191029000042-260301?chdtv 區塊鏈應避虛就實加快場景應用是根本 https://news.sina.com.tw/article/20191029/33117080.html 科技與人性（一）區塊鏈做不到的事。什麼是 hard candy？區塊鏈裡的秘密資訊、《最大の素數》 http://bit.ly/2MVyR0X 中國力推區塊鏈　比特幣暴漲　區塊鏈是極權政府的良伴嗎 https://www.cw.com.tw/article/article.action?id=5097442 ICC 新盤 GDA 號稱被黑客攻擊跑路，又出現了 3T、EXXA 等新盤 https://www.chainnews.com/zh-hant/articles/817620599105.htm 想投資比特幣嗎？給新手比特幣交易者的五條建議 http://news.knowing.asia/news/cd2955e6-88cb-4fe7-ad71-1f501fd2eeb2 ENWIN warning bitcoin scammers may target customers https://windsor.ctvnews.ca/enwin-warning-bitcoin-scammers-may-target-customers-1.4656982 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 360安全衛士披露羅技軟件漏洞傳播木馬木馬作者也被感染 https://www.239232.com/qita/71076.html 2020年資安預測：目標式勒索軟體與行動惡意程式將持續升溫 https://ithome.com.tw/news/133872 手機惡意程式氾濫國家級APT病毒間諜 http://bit.ly/2MTwwUi 南非最大城約翰尼斯堡遭勒索軟體入侵 https://www.ithome.com.tw/news/133858 駭客入侵南非約翰尼斯堡勒索總值14.2萬比特幣 http://bit.ly/2MYEzz3 印度南部核電廠曾遭網攻 所幸系統未受影響 https://news.ltn.com.tw/news/world/breakingnews/2962566 系統駭入專家與勒索病毒集團結盟 https://blog.trendmicro.com.tw/?p=62344 刪不掉的新型Android病毒！專家祭6招防範措施 https://newtalk.tw/news/view/2019-10-30/319013 QNAP NAS遭惡意程式感染，至少7000台中標 https://www.ithome.com.tw/news/133955 歐洲國際機場感染挖礦病毒,系統耗電量大增 https://blog.trendmicro.com.tw/?p=62363 A Brief Look at the Citadel Banking Trojan https://cyware.com/news/a-brief-look-at-the-citadel-banking-trojan-950f1bf6 London police software quarantines thousands of cybercrime reports https://www.zdnet.com/article/london-police-software-quarantines-thousands-of-cybercrime-reports/#ftag=RSSbaffb68 Here's Why 'Raccoon' Infostealer Is Popular With Criminals https://www.bankinfosecurity.com/heres-raccoon-infostealer-popular-criminals-a-13294 Researchers find stealthy MSSQL server backdoor developed by Chinese cyberspies https://www.zdnet.com/article/researchers-find-stealthy-mssql-server-backdoor-developed-by-chinese-cyberspies/ How TrickBot Hooking Engine Targets Windows 10 Browsers https://malware.news/t/how-trickbot-hooking-engine-targets-windows-10-browsers/34139 Govt warns of new 'Emotet' malware campaign https://www.crn.com.au/news/govt-warns-of-new-emotet-malware-campaign-532967 REWTERZ THREAT ALERT – CITADEL BANKING MALWARE – IOCS http://www.rewterz.com/rewterz-news/rewterz-threat-alert-citadel-banking-malware-iocs Government raises threat level on 'undetectable' email virus http://bit.ly/31RcNbV Advisory 2019-131: Emotet malware campaign https://www.cyber.gov.au/threats/advisory-2019-131-emotet-malware-campaign AutoIT-compiled Negasteal/Agent Tesla, Ave Maria Delivered via Malspam https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-compiled-negasteal-agent-tesla-ave-maria-delivered-via-malspam/ New FuxSocy Ransomware Impersonates the Notorious Cerber https://www.bleepingcomputer.com/news/security/new-fuxsocy-ransomware-impersonates-the-notorious-cerber/ Microsoft Office Bug Remains Top Malware Delivery Vector https://www.darkreading.com/operations/microsoft-office-bug-remains-top-malware-delivery-vector/d/d-id/1336182 New 'unremovable' xHelper malware has infected 45,000 Android devices https://www.zdnet.com/article/new-unremovable-xhelper-malware-has-infected-45000-android-devices/#ftag=RSSbaffb68 Maze Ransomware Attacks Italy in New Email Campaign https://www.bleepingcomputer.com/news/security/maze-ransomware-attacks-italy-in-new-email-campaign/ This old trojan malware is back with a new trick to help it hide in plain sight https://www.zdnet.com/article/this-old-trojan-malware-is-back-with-a-new-trick-to-help-it-hide-in-plain-sight/ Confirmed: North Korean malware found on Indian nuclear plant's network https://www.zdnet.com/article/confirmed-north-korean-malware-found-on-indian-nuclear-plants-network/ Paradise Ransomware Decryptor Gets Your Files Back for Free https://www.bleepingcomputer.com/news/security/paradise-ransomware-decryptor-gets-your-files-back-for-free/ This is how malicious Android apps avoid Google’s security vetting https://www.zdnet.com/article/this-is-how-malicious-android-apps-avoid-googles-security-vetting/ Emsisoft Decryptor for Paradise https://www.emsisoft.com/ransomware-decryption-tools/paradise Defending Systems Against Cryptocurrency Miner Malware http://bit.ly/322mFzJ Cyber-attack hits Utah wind and solar energy provider https://www.zdnet.com/article/cyber-attack-hits-utah-wind-and-solar-energy-provider/#ftag=RSSbaffb68 Thousands of QNAP NAS devices have been infected with the QSnatch malware https://www.zdnet.com/article/thousands-of-qnap-nas-devices-have-been-infected-with-the-qsnatch-malware/#ftag=RSSbaffb68 At least 13 managed service providers were used to push ransomware this year https://www.zdnet.com/article/at-least-13-managed-service-providers-were-used-to-push-ransomware-this-year/#ftag=RSSbaffb68 These were the worst malware strains of 2019 https://www.techradar.com/news/these-were-the-worst-malware-strains-of-2019 McAfee: Malicious Voicemails Target Office365 Users https://www.bankinfosecurity.com/mcafee-malicious-voicemails-target-office365-users-a-13327 Mobile Devices: Protecting Critical Data https://www.bankinfosecurity.com/interviews/mobile-devices-protecting-critical-data-i-4493 Attacchi fraudolenti: phishing e malware si evolvono https://www.lineaedp.it/news/43734/attacchi-fraudolenti-phishing-e-malware-si-evolvono/#.Xbu1W5ozbIU QSnatch Malware Infects Thousands of NAS Devices, Steals Credentials https://www.bleepingcomputer.com/news/security/qsnatch-malware-infects-thousands-of-nas-devices-steals-credentials/ B.行動安全 / iPhone / Android /穿戴裝置 /App 大陸犯罪集團出「解鎖」App！造成共享單車企業損失13億...14人深圳被逮 https://www.ettoday.net/news/20191027/1566509.htm 蘋果App Store有17款程式含木馬元件 https://www.ithome.com.tw/news/133822 Android用戶請注意！Google Play再添42款惡意APP http://bit.ly/34emmUa Google Play惡意APP流竄！ 資安公司呼籲立即刪除 http://bit.ly/2NELWuT Pegasus監控神器爭議多 https://www1.hkej.com/dailynews/article/id/2289141/ 下載後刪不了！這些地雷App千萬別點 https://www.chinatimes.com/realtimenews/20191028002064-260405?chdtv 下載後刪不掉狂跳廣告！ 資安公司提醒小心這「15款APP」 https://news.ltn.com.tw/news/life/breakingnews/2961305 電信帳單無故暴增？資安業者拆穿假冒美顏修圖 App 詐騙新手法 https://3c.ltn.com.tw/news/38403 Android用戶注意！這些「惡意APP」資安網站呼籲立即刪除 https://newtalk.tw/news/view/2019-10-25/316882 美參議員點名「恐洩漏個資」　TikTok：用戶數據存在美國境內 https://www.ettoday.net/news/20191026/1565743.htm 下載後刪不掉！15款地雷APP曝光　專家：千萬別點 https://news.tvbs.com.tw/world/1224915 惡意Android程式遇到Google會裝乖 https://www.ithome.com.tw/news/133823 Android用戶注意！　42個惡意APP易耗手機效能 https://www.ctwant.com/article/11979 傳三星Galaxy S10指紋安全漏洞國外已修復，國內還未跟進 https://kknews.cc/tech/pveva2p.html 三星螢幕指紋漏洞修補好了！S10、Note 10 用戶更新軟體，注意這4項重點 https://3c.ltn.com.tw/news/38412 Samsung S10 、Note 10可以用返指紋鎖 http://bit.ly/2qOx3y2 歐洲併購建廠熱，中信國際電訊 CPC 海陸纜三路連歐「快、穩、好」 http://technews.tw/2019/10/29/cpc-europe-mid-asia-web-service/ 愛當免費仔？線上看電影小心LINE帳密被竊取 https://newtalk.tw/news/view/2019-10-30/318721 LINE廣傳「雙子殺手免費線上看」　小心駭客偷走帳密個資 https://tw.appledaily.com/new/realtime/20191030/1656148/ Google 小技巧 ：個資不分大小，手機資料安全如何自保 https://saydigi-tech.com/2019/10/14373.html 自保資安 Google 教你善用 Android 內建實用三大功能 https://www.inside.com.tw/article/17978-Android-useful-feature-to-protect-security 李安新片成詐騙集團新手段！資安業者教兩招「解毒」 https://www.chinatimes.com/realtimenews/20191031000048-260410?chdtv 線上看電影LINE被盜　Mac股票交易暗藏木馬 https://www.cardu.com.tw/news/detail.php?39320 間諜程式襲記者異見者 WhatsApp告以色列開發商 https://hk.news.appledaily.com/international/realtime/article/20191030/60210410 WhatsApp控以色列駭客公司 助20國政府監看手機 https://www.cna.com.tw/news/aopl/201910300094.aspx 動作頻頻！WhatsApp指控以色列駭客集團 協助20國政府侵入手機 http://bit.ly/2JFalz5 WhatsApp告以色列駭客公司 駭入1400名用戶手機 https://ec.ltn.com.tw/article/breakingnews/2961848 WhatsApp用戶資料被盜案 傳涉多國政要 https://www2.hkej.com/instantnews/international/article/2290613 涉記者人權分子高官 WhatsApp揭以企業助政府監控1400人 http://bit.ly/2Jy5ZK0 Facebook Sues Spyware Maker Over WhatsApp Exploit https://www.bankinfosecurity.com/facebook-sues-spyware-maker-over-whatsapp-exploit-a-13307 Verizon, AT&T, Sprint and T-Mobile to replace SMS with RCS Messaging in 2020 https://thehackernews.com/2019/10/rcs-messaging-sms.html 42 Adware Apps with 8 Million Downloads Traced Back to Vietnamese Student https://thehackernews.com/2019/10/42-adware-apps-with-8-million-downloads.html 12 tips to protect your mobile device from Hackers https://www.baldwin-bulletin.com/news/tips-to-protect-your-mobile-device-from-hackers/article_22f3fde8-f734-11e9-8add-3352c7565165.html Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users https://thehackernews.com/2019/10/whatsapp-nso-group-malware.html Mysterious malware that re-installs itself infected over 45,000 Android Phones https://thehackernews.com/2019/10/remove-xhelper-android-malware.html C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件 2019台灣資安年會 善用聯防降低風險 https://money.udn.com/money/story/10860/4136099 25平米藏了近20個針孔攝像頭18名極客想在十分鐘內找到 http://www.sohu.com/a/349802698_161795 駭客鎖定聯合國人道援助組織 誘騙員工洩露個資 https://udn.com/news/story/7088/4125301 非政府組織遭駭客鎖定 誘洩個資 http://bit.ly/2NhslAv 網路釣魚攻擊瞄準聯合國與人道救援組織 https://www.ithome.com.tw/news/133885 欲盜資料轉售　黑客攻擊大數據平台3500次 https://hk.on.cc/hk/bkn/cnt/cnnews/20191030/bkn-20191030004558287-1030_00952_001.html 2019 年最可怕的黑客事件與安全漏洞（上） https://zhuanlan.zhihu.com/p/89200642 2019 年最可怕的黑客事件與安全漏洞（下） https://www.chainnews.com/zh-hant/articles/986387693795.htm 駭客入侵線上購物事件頻仍 網購4招自保 http://www.epochtimes.com/b5/19/10/29/n11619844.htm 歐盟電子身份識別系統有漏洞，可讓駭客冒充公民身份 https://www.ithome.com.tw/news/133952 有官方的影子！中國駭客入侵 擷取電訊商敏感通訊紀錄 https://news.ltn.com.tw/news/world/breakingnews/2963754 中國駭客竊取海外手機簡訊與通話記錄 美部分軍政要員中招 http://m.secretchina.com/news/b5/2019/11/01/912247.html 趨勢科技研究顯示 電競產業面對更多網絡威脅 https://times.hinet.net/news/22627589 印度核電公司證實遭北韓網軍入侵核電廠 https://technews.tw/2019/10/31/india-comfirm-hacking-of-nuclear-power-plant-by-north-korean-cyber-army/ 硬起來！涉網路犯罪 蒙古逮捕800名中國人 https://m.ltn.com.tw/news/world/breakingnews/2963207 澳洲提議成人網站使用人臉辨識來過濾造訪者身分 https://www.ithome.com.tw/news/133918 黑客少年竊取的「數據帝國」 https://news.sina.com.tw/article/20191029/33117106.html 邊緣人變天才駭客！14歲進入暗網建立「數據王國」　1個月竊取上億個人資訊 https://www.ettoday.net/news/20191029/1567412.htm 18歲神級駭客 輕鬆竊取上億條公民個資在黑市販賣 https://www.chinatimes.com/realtimenews/20191030002532-260405?chdtv 黑客高中生竊上億條個人資料售賣　獲刑3年半懺悔：做個普通人 http://bit.ly/345jKaS 遭踢爆防護不周導致金鑰外流，NordVPN亡羊補牢啟動抓漏獎勵，改用無硬碟伺服器 https://ithome.com.tw/news/133928 荷蘭史基浦投訴網站被黑客攻入，個人資料外洩 http://bit.ly/2p89S1u 荷蘭史基浦機場投訴網站漏洞致近60000投訴者信息洩露 https://www.dbsec.cn/blog/article/5309.html 加拿大多倫多市府網路安全堪憂 審計總長促加強防範 http://bit.ly/32QL9NL 俄羅斯政府擬進行「斷網」測試　外界憂加強審查 https://hk.on.cc/hk/bkn/cnt/aeanews/20191026/bkn-20191026195832769-1026_00912_001.html 俄將斷網測「RuNet」 網路自由存憂慮 https://www.ydn.com.tw/News/357819 惡意 IP 對企業 Office 365 帳號進行暴力破解攻擊 https://www.hkjh.tc.edu.tw/modules/tadnews/index.php?nsn=2311 27國簽署網路安全聯合聲明 https://blog.twnic.net.tw/2019/10/25/5325/ 亞馬遜雲端服務 AWS 遭 DDoS 攻擊，造成部分服務受阻達八小時 https://www.twcert.org.tw/tw/cp-104-3027-cbfe4-1.html 微軟：新一波網路攻擊鎖定運動及反禁藥組織 https://www.ithome.com.tw/news/133879 俄國駭客消除冬奧禁藥紀錄　魚叉式網路釣魚運用最廣 https://www.ettoday.net/news/20191029/1567791.htm 華為獲得中國首張5G基站設備的進網許可證 http://bit.ly/2p9IKiD 美審查電信供應鏈緊急狀態規則 華為或被禁 http://www.epochtimes.com/b5/19/10/29/n11620950.htm 打擊中國間諜行為 美禁用800架中國無人機 http://bit.ly/3265RaY 抓到了！中國駭客竊取美軍政高層手機簡訊 https://news.cnyes.com/news/id/4403717 喬治亞共同國網路遭大規模駭客襲擊 http://www.soundofhope.org/b5/2019/10/29/n3293688.html 黑客竟然利用漏洞操控 67 萬臺計算機？逮捕 https://www.chainnews.com/zh-hant/articles/956305088770.htm 南非駭客入侵約翰尼斯堡市官網勒索3萬美元比特幣贖金 https://money.udn.com/money/story/5602/4126604 City of Johannesburg held for ransom by hacker gang https://www.zdnet.com/article/city-of-johannesburg-held-for-ransom-by-hacker-gang/#ftag=RSSbaffb68 Johannesburg Struggles to Recover From Ransomware Attack https://www.bankinfosecurity.com/johannesburg-struggles-to-recover-from-ransomware-attack-a-13296 世界最大雲服務商AWS遭到駭客攻擊，導致其服務長時間中斷 https://ek21.com/news/tech/154197/ 微軟：俄相關駭客發動網攻 鎖定國際體育組織 https://money.udn.com/money/story/5599/4131641 東京奧運或成俄羅斯黑客攻撃對象 微軟 Microsoft 作出警告 http://bit.ly/36bGlEC 五角大廈再添購中國製無人機 美國防部：拿來當靶機 http://n.yam.com/Article/20191025707862 美軍駭入伊朗革命衛隊系統，摧毀其恐怖攻擊資料庫 https://www.twcert.org.tw/tw/cp-104-3030-3668c-1.html 美特檢穆勒通俄門報告 法官裁眾院可索取刪減資料 https://www.cna.com.tw/news/aopl/201910260025.aspx 華為參與5G建設？德國情報局長深表疑慮 https://www.rti.org.tw/news/view/id/2039769 BBC新聞開設「暗網」版 破解中國封殺網站 https://m.ltn.com.tw/news/world/breakingnews/2957893 中共「網攻台灣」 盯上明年總統大選 http://bit.ly/2MSaDEU 台大選在即 學者抵加座談 揭「中共對台信息戰」 https://www.ntdtv.com/b5/2019/10/29/a102695628.html 台美將合辦大規模網路攻防演練 美助卿訪北京將提台灣議題 http://bit.ly/2JuUuTH 美國聯邦傳播委員會11月表決 禁止使用華為中興 https://www.cna.com.tw/news/aopl/201910290012.aspx FCC擬要求電信業者移除華為、中興設備 https://www.ithome.com.tw/news/133876 North Korean elite hacking unit launch surprise attack on India’s nuclear weapons systems https://www.express.co.uk/news/world/1198103/north-korea-kim-jong-un-elite-hacking-unit-lazarus-group-cyber-attack-india The cybersecurity of the Terminator https://www.kaspersky.com/blog/terminator-1-2-cybersecurity/29080/ Not All Hackers are Larcenists https://latesthackingnews.com/2019/10/31/not-all-hackers-are-larcenists/ Chinese Hackers Compromise Telecom Servers to Spy on SMS Messages https://thehackernews.com/2019/10/sms-spying-malware.html Russian hackers cloak attacks using Iranian group https://www.bbc.com/news/technology-50103378 Hackers Target Indian Nuclear Power Plant – Everything We Know So Far https://thehackernews.com/2019/10/nuclear-power-plant-cyberattack.html Security researcher gets access to all Xiaomi pet feeders around the world https://www.zdnet.com/article/security-researcher-gets-access-to-all-xiaomi-pet-feeders-around-the-world/#ftag=RSSbaffb68 Advisory: Turla group exploits Iranian APT to expand coverage of victims https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims Eight-Hour DDoS Attack Struck AWS Customers https://www.darkreading.com/cloud/eight-hour-ddos-attack-struck-aws-customers/d/d-id/1336165 Blogger and WordPress Sites Hacked to Show Sextortion Scams https://www.bleepingcomputer.com/news/security/blogger-and-wordpress-sites-hacked-to-show-sextortion-scams/ ‘We have to hit the problem the way it hits us’: How the FBI tracks a range of hacking threats https://www.cyberscoop.com/fbi-cyberthreats-iran-china-russia-north-korea/ Fancy Bear Targets Sporting, Anti-Doping Orgs As 2020 Olympics Loom https://threatpost.com/cyberattacks-sporting-anti-doping-orgs-as-2020-olympics-loom/149634/ Largest cyber-attack in Georgia's history linked to hacked web hosting provider https://www.zdnet.com/article/largest-cyber-attack-in-georgias-history-linked-to-hacked-web-hosting-provider/#ftag=RSSbaffb68 One cyber attack can cost major APAC ports $110B https://www.zdnet.com/article/one-cyber-attack-can-cost-major-apac-ports-110b/#ftag=RSSbaffb68 Most system administrators prefer firewall GUIs over CLIs https://www.zdnet.com/article/most-system-administrators-prefer-firewall-guis-over-clis/#ftag=RSSbaffb68 Largest cyber-attack in Georgia's history linked to hacked web hosting provider https://www.zdnet.com/article/largest-cyber-attack-in-georgias-history-linked-to-hacked-web-hosting-provider/ Georgia hit by massive cyber-attack https://www.bbc.com/news/technology-50207192 Chinese users attack Notepad++ app after 'Free Uyghur' release https://www.zdnet.com/article/chinese-users-attack-notepad-app-after-free-uyghur-release/#ftag=RSSbaffb68 Hackers who extorted Uber and LinkedIn plead guilty https://www.zdnet.com/article/hackers-who-extorted-uber-and-linkedin-plead-guilty/#ftag=RSSbaffb68 Ubisoft reports 93% drop in DDoS attacks after pushing back against attackers https://www.zdnet.com/article/ubisoft-reports-93-drop-in-ddos-attacks-after-pushing-back-against-attackers/#ftag=RSSbaffb68 Zealcon software firm owner sentenced for tax fraud https://www.zdnet.com/article/zealcon-software-firm-chief-sentenced-for-tax-fraud/#ftag=RSSbaffb68 Turla Teardown: Why Attribute Nation-State Attacks https://www.bankinfosecurity.com/blogs/turla-teardown-attribute-nation-state-attacks-p-2813 Ghost cats and dodgy horror movie streams – the spookiest Halloween hacks revealed https://www.trustedreviews.com/news/ghost-cats-and-horror-movie-streams-the-spookiest-halloween-hacks-revealed-3950432 Breaches at NetworkSolutions, Register.com, and Web.com https://krebsonsecurity.com/2019/10/breaches-at-networksolutions-register-com-and-web-com/ Two Hackers Who Extorted Money From Uber and LinkedIn Plead Guilty https://thehackernews.com/2019/10/hackers-extorted-money.html Cybersecurity predictions for 2020 https://www.hcamag.com/asia/specialisation/hr-technology/cybersecurity-predictions-for-2020/190203 技術處-高級資安研究員 https://www.104.com.tw/job/6rvo3 資訊安全治理儲備幹部 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=2393025&HIRE_ID=9343233 資訊安全工程師 https://www.104.com.tw/job/6rypz?jobsource=company_job 資安專案管理 https://www.104.com.tw/job/6rysv?jobsource=company_job 【資訊處】資安維運中心工程師 SOC https://www.cakeresume.com/companies/nextbank/jobs/624344 板信商業銀行-資訊部( 資訊安全經辦 ) https://www.104.com.tw/job/6ryy7 達友科技/資安工程師-技術一部(上班地點：臺北市) https://www.104.com.tw/job/2j5e4?jobsource=googlejobs D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 美國消費者重隱私 偏好紙本發票 https://money.udn.com/money/story/5602/4129164 雄獅洩36萬筆個資 消基會提團訟一審敗訴 https://news.ltn.com.tw/news/society/breakingnews/2963116 雄獅旅行社遭駭客竊個資 消基會提告求償450萬元敗訴 http://photo.udn.com/money/story/5648/4136849 剩餘房間數假的？Booking.com在台詐騙案頻傳 ，官方現身說 https://www.bnext.com.tw/article/55230/booking-com-about-taiwan 遠傳打擊詐騙 獲刑事警察局表揚 http://bit.ly/2qD710C 南非開普敦出現新詐欺手法 先騙遊客再搶劫 https://times.hinet.net/times/news/22629514 近750萬Adobe Creative Cloud用戶資料遭洩漏 慎防電郵釣魚詐騙 https://www.chinatimes.com/realtimenews/20191028001514-260412?chdtv Facebook 近四億二千萬筆用戶個資外洩，資料庫被公開在網路上 https://www.twcert.org.tw/tw/cp-104-3031-b65c1-1.html 詐騙擴及美加華人圈　誆註銷綠卡逾百人被騙錢 https://tw.appledaily.com/new/realtime/20191009/1646311/ 騎 GoShare 可能讓你的住家位置外洩？有心人士可透過車牌號碼與 API 推算 https://buzzorange.com/techorange/2019/10/29/goshare-personal-data-leak/ 警偷查個資案 網友自稱當事人質疑警串證「為愛犧牲」 https://m.ltn.com.tw/news/society/breakingnews/2961195 加國華人超市引「人臉支付」系統　民間憂訊息被竊 https://tw.news.appledaily.com/international/realtime/20191030/1656044/ Akamai：網釣駭客最愛盜用的前兩大品牌為微軟與PayPal https://www.ithome.com.tw/news/133944 Fortune 500企業的2,100萬個登入憑證流落暗網 https://ithome.com.tw/news/133945 大量 Instagram 釣魚郵件，藉侵權為由騙取帳號控制權 https://www.twcert.org.tw/tw/cp-104-3032-18206-1.html Alexa 和Google 智慧家居裝置可能被用來竊聽或進行網路釣魚 https://blog.trendmicro.com.tw/?p=62422 Gitlab使用者遙測服務引爭議，官方急踩煞車 https://www.ithome.com.tw/news/133816 GitLab backs down on telemetry changes and forced tracking - for now https://www.zdnet.com/article/gitlab-backs-down-on-planned-telemetry-changes-forced-tracking/#ftag=RSSbaffb68 Scammers are targeting Cash App users hoping for free money https://www.zdnet.com/article/scammers-are-targeting-cash-app-users-hoping-for-free-money/#ftag=RSSbaffb68 Leaky Autoclerk database exposes info on travelers, including military and gov’t personnel http://bit.ly/369TYnD Scammers use fake Jeremy Clarkson ad in Bitcoin scam https://finance.yahoo.com/news/scammers-fake-jeremy-clarkson-ad-150049196.html Scammers use fake Jeremy Clarkson ad in Bitcoin scam https://coinrivet.com/scammers-use-fake-jeremy-clarkson-ad-in-bitcoin-scam/ UniCredit Bank Suffers 'Data Incident' Exposing 3 Million Italian Customer Records https://thehackernews.com/2019/10/unicredit-bank-data-breach.html Two Data Leaks Expose Millions of Records https://www.bankinfosecurity.co.uk/two-data-leaks-expose-millions-records-a-13299 21 Million Logins for Top 500 Firms Offered on the Dark Web https://www.bleepingcomputer.com/news/security/21-million-logins-for-top-500-firms-offered-on-the-dark-web/ State of Stolen Credentials in the Dark Web from Fortune 500 Companies https://www.immuniweb.com/blog/stolen-credentials-dark-web-fortune-500.html Leading Web Domain Name Registrars Disclose Data Breach https://thehackernews.com/2019/10/domain-name-registrars-hacked.html 5 Places Where Hackers Are Stealthily Stealing Your Data In 2019 https://thehackernews.com/2019/10/hacking-data-breach-protection.html E.研究報告 Firefox 70版 隱私保護與資料攻擊分析 https://udn.com/umedia/story/12759/4125612 個案分析-勒索病毒Sodinokibi攻擊事件分析報告_10810 https://cert.tanet.edu.tw/prog/opendoc.php?id=2019102811105151777062636571380.pdf PHP-fpm 遠程代碼執行漏洞(CVE-2019-11043)分析 https://paper.seebug.org/1063/ PHP7.0-7.3繞過disable_functions進行命令執行漏洞（含PoC） https://www.agesec.com/8506.html CVE-2019-11043PHP-FPM在Nginx特定配置下遠程代碼執行漏洞復現 https://cloud.tencent.com/developer/article/1530146 挖洞經驗| Jira服務工作台路徑遍歷導致的敏感信息洩露漏洞（CVE-2019-14994） https://www.freebuf.com/vuls/216267.html CVE-2019-16920：D-link RCE 漏洞 https://www.chainnews.com/zh-hant/articles/590847744162.htm CVE-2019-11043遠程代碼執行漏洞復現 https://www.secpulse.com/archives/116446.html 滲透測試Java架構執行漏洞檢測 https://cloud.tencent.com/developer/article/1527627 Microsoft.AspNetCore DoS漏洞，如何解決.Net Framework項目 http://bit.ly/347cEmq Joomla-3.4.6遠程代碼執行突破原理分析和Poc構造 https://www.freebuf.com/vuls/216130.html CVE-2019-16759漏洞在野利用 https://www.anquanke.com/post/id/189470 漏洞CVE-2019-8697：如何通過macOS的磁盤管理工具實現系統提權 https://www.freebuf.com/vuls/216211.html 隱私小號：中國臨時手機號碼服務，接收驗證碼簡訊不洩漏真實身分 https://free.com.tw/yinsixiaohao/ The NCSC Annual Review 2019 https://www.ncsc.gov.uk/news/annual-review-2019 Weblogic XMLDecoder反序列化入侵復現（CVE-2017-10271） https://www.secpulse.com/archives/116542.html 最近修復的PHP遠程執行漏洞正被利用 http://bit.ly/2JvBO68 js語言中那些讓你抓狂又容易混淆的概念(建議收藏) http://bit.ly/2JvyGXY 由惡意GIF文件引發的RCE漏洞，超過40000個應用受影響 https://www.freebuf.com/news/218375.html 深入理解 PHP Phar 反序列化漏洞原理及利用方法（一） https://www.chainnews.com/zh-hant/articles/455445932350.htm WebLogic EJBTaglibDescriptor XXE漏洞(CVE-2019-2888)分析 https://paper.seebug.org/1067/ Bulehero挖礦蠕蟲升級，PhpStudy後門漏洞加入武器庫 https://www.4hou.com/vulnerable/21296.html 基於MITRE ATT&CK的RED TEAMING行動實踐 http://avfisher.win/archives/1145 Red Team從0到1的實踐與思考 http://bit.ly/2WspBUY SharpGen利用分析 http://bit.ly/2q3bCJq 利用Ocular 工具挖掘C & C++ 程序內存分配相關漏洞 https://www.4hou.com/technology/21129.html Unlink簡單分析 https://cloud.tencent.com/developer/article/1530686 Kibana RCE漏洞詳細分析 https://www.freebuf.com/vuls/217443.html Kibana RCE 漏洞詳細分析 https://www.chainnews.com/zh-hant/articles/434470783147.htm PING COMMAND IN LINUX https://ipcisco.com/ping-command-in-linux Evading Anti-Virus with Unusual Technique https://github.com/Techryptic/AV_Bypass Framework for building Windows malware, written in C++ https://github.com/richkmeli/Richkware Detecting Lateral Movement with Machine Learning https://github.com/JPCERTCC/DetectLM A submodule repository for distributing REDHAWK artifacts and the latest REDHAWK source code https://github.com/RedhawkSDR/redhawk Advanced python HTTP reverse shell made for Hacking Competition purpose https://github.com/FanaticPythoner/PythonAdvancedHTTPReverseShell WinPwn https://github.com/S3cur3Th1sSh1t/WinPwn Free and open-source threat intelligence feeds https://threatfeeds.io/ Automated testing comes to the Linux kernel: KernelCI https://www.zdnet.com/article/automated-testing-comes-to-the-linux-kernel-kernelci/#ftag=RSSbaffb68 KTRW: The journey to build a debuggable iPhone https://googleprojectzero.blogspot.com/2019/10/ktrw-journey-to-build-debuggable-iphone.html?m=1 Fake French Police Sextortion Scam https://blog.sucuri.net/2019/10/fake-french-police-sextortion-scam.html?utm_source=twitter&utm_medium=blog&utm_campaign=wyatt CertUtil Qualms: They Came to Drop FOMBs https://www.fireeye.com/blog/threat-research/2019/10/certutil-qualms-they-came-to-drop-fombs.html Local Group Enumeration https://www.harmj0y.net/blog/redteaming/local-group-enumeration/ Attacking The Network's Security Core - Hunting For Vulnerabilities In A Network Security Tool https://blog.vastart.dev/2019/10/attacking-networks-security-core.html Current and Future Hacks and Attacks that Threaten Esports https://blog.trendmicro.com/trendlabs-security-intelligence/current-and-future-hacks-and-attacks-that-threaten-esports/ The commoditization of mobile espionage software https://blog.talosintelligence.com/2019/10/the-commoditization-of-mobile-espionage.html Phishing — Baiting the Hook https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/soti-security-phishing-baiting-the-hook-report-2019.pdf OWASP/SecureTea-Project https://github.com/OWASP/SecureTea-Project F.商業 微軟DevOps資安實務大公開，側重威脅模型建立與自動化 https://www.ithome.com.tw/news/133911 推動更安全的移動服務　缺一不可的驗證與資安系統 https://digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=35&id=0000571586_8WS69KZM7YCE6X7PONZF5 BlackBerry推移動裝置保護方案　引入AI封鎖惡意程式 http://bit.ly/2N2zFBj 降低風險兼顧用戶體驗 成功落實檔案安全化 http://bit.ly/2PvlcPV Leaked documents indicate Microsoft's Windows 10X will be coming to clamshell laptops https://www.zdnet.com/article/leaked-documents-indicate-microsofts-windows-10x-will-be-coming-to-clamshell-laptops/#ftag=RSSbaffb68 Google Search to stop supporting Flash content https://www.zdnet.com/article/google-search-to-stop-supporting-flash-content/#ftag=RSSbaffb68 G.政府 國安大漏洞 今年中科院竟有15涉密軍文職人員過境香港 http://bit.ly/2PmZSfh 農業資訊網資訊不實　消費者難以辨別有機標章真偽 https://www.ctwant.com/article/11971 營區監視系統惹議 軍方暫棄人臉辨識系統 https://news.ltn.com.tw/news/politics/breakingnews/2961751 憂觸犯《個資法》　國防部宣布暫停人臉辨識系統建置 https://tw.news.appledaily.com/politics/realtime/20191030/1656245/ 國軍研發動力外骨骼系統 搬運砲彈更方便 https://living.taronews.tw/2019/10/30/512828/ 軍紀螺絲鬆？雲豹萬鈞車遺失通信器半年 http://bit.ly/2NmzL5K 防假訊息擾選舉 警調投入逾200專責人力 https://news.ltn.com.tw/news/politics/paper/1328665 美台首度網路攻防演練下週登場 實戰測試資安 https://www.cna.com.tw/news/ait/201910310227.aspx 防範中國網攻 美台首次大規模網路演練下週登場 https://m.ltn.com.tw/news/politics/breakingnews/2963184 第一次！美國、台灣舉辦國際聯合網路演練 AIT：雙方合作關係快速成長 https://news.m.pchome.com.tw/living/ftv/20191031/index-15725210962772319009.html H.ICS/SCADA 工控系統 首款工控設備成功通過威努特ISASecure安全測試 http://www.gongkong.com/news/201910/398376.html ZDI將舉辦鎖定工控系統的Pwn2Own駭客競賽 https://ithome.com.tw/news/133881 大手筆鼓勵挖掘ICS和相關協議漏洞，Pwn2Own的“新業務”想傳達什麼 https://www.leiphone.com/news/201910/4aWfsDeKBppTWPAe.html Industrial equipment to come under fire at the world's largest hacking contest https://www.zdnet.com/article/industrial-equipment-to-come-under-fire-at-the-worlds-largest-hacking-contest/#ftag=RSSbaffb68 Pwn2Own Contest to Focus on Industrial Control Systems https://www.bankinfosecurity.com/pwn2own-contest-to-focus-on-industrial-control-systems-a-13322 I.教育訓練 Deep Security 安裝與基本故障排除 https://www.youtube.com/embed/QzORMUc0Dmo Deep Security 基礎設定 https://www.youtube.com/embed/eUREjJ4uY2M Deep Security 基本系統調校 https://www.youtube.com/embed/0PE-RTLOAmA Deep Security FIM功能與內網監控 https://www.youtube.com/embed/4rL9cfmbybw 靜態分析與動態分析 https://youtu.be/JMvuyw7uX1Y 惡意攻擊辨識與相似度比較 https://youtu.be/l3PmFeGvRFY 機械學習的偵測機制 https://youtu.be/OC-WOkoxiOc 惡意攻擊視覺化與深度學習 https://youtu.be/c1IJXuDLa3w 10 LOW COST CYBERSECURITY DEGREES https://netinstruct.com/netinstruct-news/f/10-low-cost-cybersecurity-degrees J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 深度造假！新型態人工智能犯罪 恐造成資安隱憂 https://cnews.com.tw/169191025a03/ 漏洞已修復！日本連鎖飯店推「陪伴機器人」　驚傳可拿來偷看房客 https://cnews.com.tw/140191025a04/ 駭！公民專欄】想保護網路隱私？你可以用「假資訊」騙AI https://www.cw.com.tw/article/article.action?id=5097435 IoT時代資安設計刻不容緩 Microchip建構高安全等級MCU https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=&id=0000570921_OTF8TP0B31GIQA0NH9JP1 IoT Devices Fall Prey to Attacks up to 10 Crore by Hackers https://www.ehackingnews.com/2019/10/iot-devices-fall-prey-to-attacks-up-to.html?utm_source=dlvr.it&utm_medium=twitter 6.近期資安活動及研討會 行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30 https://www.accupass.com/event/1810080517061259295030 Elite East Coast CISO Summit 11/3~11/5 https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/ Red Hat Forum Taipei 2019 11/5 https://www.facebook.com/events/1390202967799392/ 資安人才培育成果發表暨就業媒合會 11/5 https://ievents.iii.org.tw/eventS.aspx?t=0&id=733 Cyber Security Summit: Boston 11/6 https://infosec-conferences.com/events-in-2019/cyber-security-summit-boston/ 駭客攻防暨數位鑑識系列一(第1期) 11/7 https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=384540 網路攻擊鏈( Cyber Kill Chain)各階段實作 (6hr) 11/7 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384540 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/8 https://signupcybersec101.ithome.com.tw/ BSides Charleston 11/9 https://infosec-conferences.com/events-in-2019/bsides-charleston/ ISDA 白帽駭客入門〈3〉 11/9 https://www.accupass.com/event/1910240847068228620890 Kotlin/Everywhere GDG Taoyuan - 運用 Ktor 建置一個以 Kotlin 打造的後端服務 11/9 https://www.meetup.com/GDGTaoyuan/events/264776152/ 資安健診 11/12 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3871&from_course_list_url=course_index OpenInfra Day Taiwan 11/12 http://openinfra.digitimes.com.tw/ 108年政府組態基準(GCB)實作研習 11/12 ~ 11/22 https://register.nccst.nat.gov.tw/Active/registerDetail.do?activeId=1285&activeType=course CLEAR Cyber Leaders Conference 11/12 ~ 11/13 https://infosec-conferences.com/events-in-2019/clear-cyber-leaders-conference/ 108年資安法律案例分享說明會 11/13 https://register.nccst.nat.gov.tw/Active/registerDetail.do?activeId=1286&activeType=conf HITCON DEFENSE CONTEST 企業資安攻防大賽 & SUMMIT 企業安全會議 2019 11/13 https://hitcon.kktix.cc/events/hitcon-defense-2019?locale=ja Windows檔案系統及檔案還原 (6hr) 11/14 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384541 Digital Internet Summit 11/14 https://infosec-conferences.com/events-in-2019/digital-internet-summit/ INTERFACE – Nebraska 11/14 https://infosec-conferences.com/events-in-2019/interface-nebraska/ 2019 資訊安全論壇 11/14 http://events.businesstoday.com.tw/2019/ACSI/#signup-sec Mozilla 開發者小聚-台灣站 11/15 https://www.accupass.com/event/1910230900235341736900 SecureWV – Hack3rCon 11/15 ~ 11/17 https://infosec-conferences.com/events-in-2019/securewv-hack3rcon/ 2019 Hack ‘n’Roll 駭客嘉年華 11/16 ~ 11/17 http://hacknroll.splashthat.com/IThomeBanners 交通大學亥客書院-P006:高階網頁滲透測試 11/16 https://hackercollege.nctu.edu.tw/?p=1092 FS-ISAC Fall Summit 11/17 ~ 11/20 https://infosec-conferences.com/events-in-2019/fs-isac-fall-summit/ Microsoft IoT in Action 11/20 https://www.iotinactionevents.com/event/taipei LINE將於11月舉辦LINE DEVELOPER DAY 2019 11/20 ~ 11/21 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000570636_HL57CPQM2H1ZHE71YVI2W Infosecurity ISACA North America Expo and Conference 11/20 ~ 11/21 https://infosec-conferences.com/events-in-2019/isaca-north-america-expo-conference/ 檔案特徵值比對與關鍵字搜尋 (2hr) Open Source數位鑑識工具實務操作 (5hr) 11/21 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384542 2019 BSI 國際資安標準管理年會 11/22 https://www.accupass.com/event/1910070533451342891420 Trend Micro CTF 2019 // Raimund Genes Cup FINAL / NOVEMBER 23–24, 2019 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html 資安檢核核心技術及進階技術研討會11月26日至11月28日 http://bit.ly/2TN2UtD 人資人員必修的職安法規定 11/26 https://www.accupass.com/event/1909121441141977826554 模擬案例鑑識分析實務 (6hr) 11/28 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384543 Global Cybersecurity Coference 11/28~11/29 https://2019.group-ib.com/ Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/29 https://signupcybersec101.ithome.com.tw/ 交通大學亥客書院-B015:惡意程式檢測 11/30 https://hackercollege.nctu.edu.tw/?p=1098 亞洲‧矽谷學院108年免費認證考試 11/30 https://college.asvda.org.tw/ The Dungeons of Hackers Conference 2019 - 駭客的地下城 11/30 https://tdohackerparty.kktix.cc/events/tdoh-conf-2019 Digital Summit Dallas 12/4 https://infosec-conferences.com/events-in-2019/digital-summit-dallas/ Kansas City Cyber Security Conference 12/5 https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/ CyberMaryland Conference 12/5 ~ 12/6 https://infosec-conferences.com/events-in-2019/cybermaryland-conference/ FutureCon Nashville Cyber Security Conference 12/11 https://infosec-conferences.com/events-in-2019/futurecon-nashville/ Utility Cyber Security Forum December 12/11 https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/ 交通大學亥客書院-A018:企業網域控管－Active Directory攻擊與防禦 12/14 https://hackercollege.nctu.edu.tw/?p=1094 Japan Security Analyst Conference https://jsac.jpcert.or.jp/ PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23 https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world