###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/10/7 ~ 2019/10/11 1.重大弱點漏洞/後門/Exploit/Zero Day 英國政府警告：Pulse Secure、Palo Alto和Fortinet的VPN存在APT攻擊漏洞 https://www.ithome.com.tw/news/133480 Unpatched VPN Servers Targeted by Nation-State Attackers https://www.bankinfosecurity.com/unpatched-vpn-servers-targeted-by-nation-state-attackers-a-13202 Vulnerabilities exploited in VPN products used worldwide https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities Palo Alto PAN-OS 遠端執行程式碼漏洞 https://www.hkcert.org/my_url/zh/alert/19072402 Fortinet FortOS 多個漏洞 https://www.hkcert.org/my_url/zh/alert/19100802 Juniper Networks 產品安全性漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0074 IBM WebSphere Application 多個漏洞 https://www.auscert.org.au/bulletins/ESB-2019.3731/ https://www.auscert.org.au/bulletins/ESB-2019.3728/ 熱門UI設計工具Figma的擴充套件系統存在漏洞，官方抽換底層基礎架構 https://www.ithome.com.tw/news/133492 Notepad++ (x64) before 7.7 CVE-2019-16294 – Remote Code Execution https://0day.life/exploits/0day-940.html PHP 7.3 disable_functions Bypass https://packetstormsecurity.com/files/154728/php7073-bypass.txt Linux/x86 NOT + XOR-N + Random Encoded /bin/sh Shellcode https://packetstormsecurity.com/files/154727/linuxnotxorn-shellcode.txt Hisilicon Hi3518 HD Camera Remote Configuration Disclosure https://packetstormsecurity.com/files/154720/Hi3518.pl.txt Slackware Security Advisory - tcpdump Updates https://packetstormsecurity.com/files/154710/SSA-2019-274-01.txt DHS and FDA warn about much broader impact of Urgent/11 vulnerabilities https://www.zdnet.com/article/dhs-and-fda-warn-about-much-broader-impact-of-urgent11-vulnerabilities/#ftag=RSSbaffb68 Fedora drops 32-bit Linux https://www.zdnet.com/article/fedora-drops-32-bit-linux/#ftag=RSSbaffb68 macOS Catalina beta版可先爽玩Apple Arcade https://tw.lifestyle.appledaily.com/gadget/20191005/J7YNUDNVO4Q3HWORSRV6ISPD6A/ 7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App https://thehackernews.com/2019/10/iterm2-macos-terminal-rce.html SA115 : Multiple nginx DNS resolver vulnerabilities https://support.symantec.com/us/en/article.SYMSA1352.html SA100 : Apache Tomcat Vulnerabilities https://support.symantec.com/us/en/article.SYMSA1329.html 思科交換機新漏洞被發現，恐引起新一輪全球掃描 https://anquan.baidu.com/article/922 Cisco 多個產品發布多個安全更新 https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-72541 微軟再發佈IE漏洞例外修補程式，所有版本都要安裝 https://www.ithome.com.tw/news/133453 Microsoft Releases October 2019 Patch Tuesday Updates https://thehackernews.com/2019/10/microsoft-patch-tuesday-october.html Microsoft October 2019 Patch Tuesday is a light one https://www.zdnet.com/article/microsoft-october-2019-patch-tuesday-is-a-light-one/#ftag=RSSbaffb68 Microsoft 產品存在安全性弱點 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367 Windows 10 Mobile新漏洞曝光，微軟放棄修復 https://tech.sina.com.cn/mobile/n/n/2019-10-11/doc-iicezuev1362480.shtml SharePoint 企業伺服器 2016 的安全更新說明：2019 年 10 月 8 日 https://support.microsoft.com/zh-tw/help/4484111/security-update-for-sharepoint-enterprise-server-2016 分析多款D-Link路由器中的未授權RCE漏洞 https://www.anquanke.com/post/id/187923 D-Link router remote code execution vulnerability will not be patched https://www.zdnet.com/article/d-link-routers-contain-remote-code-execution-vulnerability/#ftag=RSSbaffb68 D-Link -- dhp-1565_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16920 四款D-Link路由器發現無法修復的漏洞唯一選擇是棄之不用 https://www.cnbeta.com/articles/tech/897255.htm D-Link路由器曝出RCE漏洞，牽涉多個型號 https://nosec.org/home/detail/3020.html rsyslog https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14454 How to Prioritize Vulnerability Patching https://www.bankinfosecurity.asia/how-to-prioritize-vulnerability-patching-a-13200 Zero-day published for old Joomla CMS versions https://www.zdnet.com/article/zero-day-published-for-old-joomla-cms-versions/#ftag=RSSbaffb68 vBulletin Releases Patch Update for New RCE and SQLi Vulnerabilities https://thehackernews.com/2019/10/vBulletin-hacking-exploit.html Adobe Suspends Accounts for All Venezuela Users Citing U.S. Sanctions https://thehackernews.com/2019/10/adobe-venezuela-sanctions.html Thunderbird to add built-in support for OpenPGP email encryption standard https://www.zdnet.com/article/thunderbird-to-add-built-in-support-for-openpgp-email-encryption-standard/#ftag=RSSbaffb68 Intel處理器再爆MDS資安漏洞，更新處理器微碼犧牲效能換取安全 https://buy.line.me/u/article/96367 Android 多個漏洞 https://www.hkcert.org/my_url/zh/alert/19100902 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 強化數位帳戶 迎戰純網銀 https://money.udn.com/money/story/9740/3980473 違反證券法 又傳台灣分析師在上海遭收押 6人限制出境 https://news.cnyes.com/news/id/4388984 手握信用評分執照AISP通吃31國 CRIF集團 歐洲開放銀行先驅 https://www.chinatimes.com/newspapers/20191007000220-260202?chdtv 降低純網銀流動風險 金管會將建置即時監理系統 https://udn.com/news/story/7239/4090726 鯰魚有不同管法 金管會強化純網銀六大管理 https://www.chinatimes.com/realtimenews/20191007003104-260410?chdtv 3家純網銀來襲　公股銀免驚！財部：善用自身業務與優勢 https://www.ettoday.net/news/20191008/1552854.htm 台資被誤認成中資！ 上海商銀在香港遭攻擊 金管會說明 https://ec.ltn.com.tw/article/breakingnews/2940657 兆豐金：純網銀與實體銀行，5年內不會有競合問題 http://bit.ly/2OBO1cM Magecart: New Research Shows the State of a Growing Threat https://www.riskiq.com/blog/external-threat-management/magecart-growing-threat/ Old Magecart Domains are Being Bought Up for Monetization https://www.riskiq.com/blog/labs/magecart-reused-domains/ 3.電子支付/電子票證/行動支付/ pay/新聞及資安 財金公司建行動支付高速路 https://udn.com/news/story/7239/4086695 掃碼支付 最快年底共用TWQR https://udn.com/news/story/7239/4086532 「台灣Pay」市占率低迷 財金董座：不以市場競爭為目的 https://www.cmmedia.com.tw/home/articles/17901 電子支付好夯使用人數衝上568萬　一卡通最多人用穩坐冠軍寶座 https://www.ettoday.net/news/20191005/1550457.htm 三星Samsung Pay推出47國跨境轉帳、金融預付卡 https://news.cnyes.com/news/id/4390432 APP綁信用卡消費爭議　金管會建議2步驟解決 http://bit.ly/2Olhp73 台灣不適合行動支付？他曝致命陋習 https://www.chinatimes.com/hottopic/20191005001678-260804?chdtv 北捷e-Shop試辦4個月 支援11種支付購票卡 http://bit.ly/35lb8ya 個資存三方外洩有難度　專家：交換過程也可遭駭客鎖定 https://tw.news.appledaily.com/life/realtime/20191008/1645595/ 日本10%消費者稅一週 電子支付系統大當機 http://bit.ly/2ATmnQr Samsung Pay Cash now available: Budget your spending with this prepaid virtual card https://zd.net/2AYKDRx 4.虛擬貨幣/區塊鍊相關新聞及資安 讓手機變身加密貨幣離線錢包！Parity發布新版本應用程式 http://news.knowing.asia/news/a17be8f5-84ef-4492-8bb4-99cdd40434bc 日本金融廳發布「基金投資加密資產」準則草案！10 月底前聽取各界意見 https://news.cnyes.com/news/id/4390614 拯救10%的資產安全！MakerDAO修復多抵押品系統重要漏洞 http://news.knowing.asia/news/3e7ad17e-8bfc-41c8-a14d-5cb6feb77e82 郭台銘學院要唸什麼？郭董首推台版Libra https://udn.com/news/story/7238/4085132?from=udn-catelistnews_ch2 PayPal宣佈退出虛擬貨幣Libra　衝擊臉書推動加密貨幣計劃 https://www.ettoday.net/news/20191005/1550569.htm 加密貨幣持續撼動銀行系統！預計未來10年美國銀行將裁員20萬人 http://news.knowing.asia/news/4bf64ad2-05ac-452b-9410-42bfa539c989 比特幣閃電網路的規格通過了首個「形式化驗證」的安全性測試 http://bit.ly/33loSre PayPal drops out of Facebook's Libra https://www.atmmarketplace.com/news/paypal-drops-out-of-facebooks-libra/ PayPal backs out: what does this mean for the future of Facebook’s Libra cryptocurrency https://www.zdnet.com/article/paypal-backs-out-what-does-this-mean-for-the-future-of-facebooks-libra-cryptocurrency/#ftag=RSSbaffb68 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 駭客專挑企業下手！　無檔案式攻擊暴增265％ https://tw.news.appledaily.com/life/realtime/20191005/1644095/ 疑似俄國駭客發展新式RAT，可突破HTTPS加密追蹤上網行蹤 https://www.ithome.com.tw/news/133468 駭客攻擊新手法：用木馬程式破解 HTTPS 加密，透過 Chrome 監視你的上網資料 http://bit.ly/35mNFN7 GalactiCrypter勒索軟體有解了 https://www.ithome.com.tw/news/133476 烏茲別克斯坦黑客組織犯低級錯誤在有卡巴斯基的機器上測試病毒被披露 https://www.cnbeta.com/articles/tech/897049.htm 雲端電子商務平台Volusion的結帳頁面被注入惡意程式 https://ithome.com.tw/news/133560 新的 Muhstik Ransomware 瞄準 NAS 進行攻擊 https://www.twcert.org.tw/tw/cp-104-3009-9f878-1.html Hackers breach Volusion and start collecting card details from thousands of sites https://www.zdnet.com/article/hackers-breach-volusion-and-start-collecting-card-details-from-thousands-of-sites/ Sesame Street Store & Volusion customers are comprised; how the cookie monster is stealing credit card info http://bit.ly/2AYE4yd Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC https://www.vice.com/en_us/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec Hospitals in US, Australia hobbled by ransomware https://www.welivesecurity.com/2019/10/03/hospitals-us-australia-ransomware/ The Week in Ransomware - October 4th 2019 - That's all Folks https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-4th-2019-thats-all-folks/ 2019-10-03 - DATA DUMP: CLASSIC-STYLE HANCITOR MALSPAM https://www.malware-traffic-analysis.net/2019/10/03/index.html Just How Widespread Is Ransomware Epidemic https://www.bankinfosecurity.com/just-how-widespread-ransomware-epidemic-a-13183 Malware Most Foul: Emotet, Trickbot, Cryptocurrency Miners https://www.bankinfosecurity.com/malware-most-foul-emotet-trickbot-cryptocurrency-miners-a-13181 If a Bank Sends You Your Passwords via a Text Message, This Android Trojan Could Steal Them https://www.cyclonis.com/if-bank-sends-passwords-via-text-this-android-trojan-steal-them/ Malware Botnet of $160 planned to rob Crypto from 72,000 Devices https://orlanko.com/2019/10/04/malware-botnet-of-160-planned-to-rob-crypto-from-72000-devices/ Antivirus Firm, ESET, Reveals Cryptojacking Trojan Targeting Cryptocurrency Users https://bitcoinexchangeguide.com/antivirus-firm-eset-reveals-cryptojacking-trojan-targeting-cryptocurrency-users/ ANDROID: THIS MALWARE HAS STOLEN MONEY FROM 800 000 BANK ACCOUNTS SINCE 2016 https://www.gizchina.com/2019/10/04/android-this-malware-has-stolen-money-from-800-000-bank-accounts-since-2016/ IC3 Issues Alert on Ransomware https://www.us-cert.gov/ncas/current-activity/2019/10/04/ic3-issues-alert-ransomware HIGH-IMPACT RANSOMWARE ATTACKS THREATEN U.S. BUSINESSES AND ORGANIZATIONS https://www.ic3.gov/media/2019/191002.aspx Casbaneiro: Dangerous cooking with a secret ingredient https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/ More Hidden App Malware Found on Google Play with over 2.1 Million Downloads https://www.symantec.com/blogs/threat-intelligence/hidden-adware-google-play Ramnit Targets Japanese Shoppers, Aiming at Top Fashion Brands https://securityintelligence.com/posts/ramnit-targets-japanese-shoppers-aiming-at-top-fashion-brands/ 2019-10-05 - TRAFFIC ANALYSIS EXERCISE https://www.malware-traffic-analysis.net/2019/10/05/index.html HildaCrypt Ransomware Developer Releases Decryption Keys https://www.bleepingcomputer.com/news/security/hildacrypt-ransomware-developer-releases-decryption-keys/ DCH Hospital Pays Ryuk Ransomware for Decryption Key https://www.bleepingcomputer.com/news/security/dch-hospital-pays-ryuk-ransomware-for-decryption-key/ Report: Android Banking Botnet Targeted Russians https://www.bankinfosecurity.com/report-android-banking-botnet-targeted-russians-a-13201 GEOST BOTNET. THE STORY OF THE DISCOVERY OF A NEW ANDROID BANKING TROJAN FROM AN OPSEC ERROR http://public.avast.com/research/VB2019-Garcia-etal.pdf White-hat hacks Muhstik ransomware gang and releases decryption keys https://www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-releases-decryption-keys/#ftag=RSSbaffb68 Security Advisory for Muhstik Ransomware https://www.qnap.com/en-us/security-advisory/NAS-201910-02 New sextortion campaign taps altcoins to avoid detection https://www.zdnet.com/article/new-sextortion-campaign-taps-altcoins-to-avoid-detection/#ftag=RSSbaffb68 B.行動安全 / iPhone / Android /穿戴裝置 /App Android版WhatsApp含有遠端攻擊漏洞，波及全球數億用戶 https://www.ithome.com.tw/news/133445 攻擊者宣稱可利用0day漏洞完全控制Android手機 https://www.cnbeta.com/articles/tech/895947.htm 安卓再曝零日漏洞，谷歌/三星/華為/小米等多款手機可被控制 https://www.ithome.com/0/448/676.htm Android 系統曝重大漏洞，手機恐遭駭控制！Google 公佈14款機型清單 https://3c.ltn.com.tw/news/38178 谷歌發佈高危漏洞，18款安卓手機機型受影響 http://finance.sina.com/bg/usstock/usstock_news/thepaper/2019-10-07/doc-ifzpqvem1946556.shtml 國際特赦組織調查！16 款通訊軟體保密排行，WeChat 零分出局 https://3c.ltn.com.tw/news/27035 WhatsApp爆漏洞 一張GIF圖就能讓駭客控制帳戶 https://www.chinatimes.com/realtimenews/20191008003797-260412?chdtv 紐約市執法部購以色列程式　解鎖iPhone取證據 https://inews.hket.com/article/2468182 歐盟警告：5G網路供應商單一 恐受國家支持駭客攻擊 https://ec.ltn.com.tw/article/breakingnews/2942544 愛瘋傳災情！「警示訊息」狂跳關不掉 http://bit.ly/2M6O7I5 SimJacker 漏洞 揭重大私隱危機 http://bit.ly/2AWwrbw 三星：20多處安全漏洞影響所有Galaxy旗艦機型 http://finance.sina.com/bg/tech/technews/sinacn/2019-10-09/doc-ifzpuztq0594053.shtml 三星多款機型現漏洞:涉21個安全問題 影響4000萬用戶 http://finance.sina.com/bg/economy/economy_company/thepaper/2019-10-10/doc-ifzpuztq0618287.shtml 再也看不到追蹤對象按了誰的讚！IG黑暗模式、刪除追蹤中功能等4大更新 https://www.niusnews.com/=P31p0002 西班牙電信阿根廷公司推出由Mavenir提供的信令防火牆 https://times.hinet.net/news/22596533 資料誤用另一例，Twitter 坦承把救急的雙因子認證電話號碼用在針對性廣告 https://technews.tw/2019/10/09/twitter-misuse-of-2fa-on-targeted-ad/ Twitter 承認利用兩步驟認證電話號碼，對使用者進行精準廣告投放 https://www.techbang.com/posts/73415-twitter-admits-it-used-two-factor-phone-numbers-and-emails-for-targeted-advertising Yubico 向香港抗爭者贊助安全金鑰 Yubikey http://bit.ly/320fSay 瑞典Yubikey捐港人500條最強網絡保安鎖匙 http://bit.ly/318m1jQ 蘋果為何軟了？下架香港地圖軟體和Quartz新聞 https://www.secretchina.com/news/b5/2019/10/11/910059.html You Gave Your Phone Number to Twitter for Security and Twitter Used it for Ads https://thehackernews.com/2019/10/twitter-advertising-privacy.html Twitter used 2FA phone numbers for ad targeting https://www.zdnet.com/article/twitter-used-2fa-phone-numbers-for-ad-targeting/#ftag=RSSbaffb68 Google finds Android zero-day impacting Pixel, Samsung, Huawei, Xiaomi devices https://www.zdnet.com/article/google-finds-android-zero-day-impacting-pixel-samsung-huawei-xiaomi-devices/#ftag=RSSbaffb68 New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild https://thehackernews.com/2019/10/android-kernel-vulnerability.html Signal fixes FaceTime-like eavesdropping bug https://www.zdnet.com/article/signal-fixes-facetime-like-eavesdropping-bug/ Signal Messenger Bug Lets Callers Auto-Connect Calls Without Receivers' Interaction https://thehackernews.com/2019/10/signal-messenger-bug.html C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件 九毛九收銀系統現漏洞 一門店四名員工截留32萬營收 https://news.sina.com.tw/article/20191009/32891906.html 「2020 全美重要資安大會」 https://www.tca.org.tw/market_info1.php?n=2262 暗網潛航——信息安全風險保險 （一）——偷樑換柱 http://bit.ly/322XkX7 網絡衝突不斷學者：網絡空間急需國際安全架構 https://news.sina.com.cn/c/2019-10-10/doc-iicezuev1112741.shtml 如果ISO 27001證書沒有TAF標誌，還有效嗎 https://www.ithome.com.tw/news/133528 盜用AWS與Cloud雲端運算挖礦，29歲駭客面臨至少34年牢獄刑責 https://www.ithome.com.tw/news/133562 執行紅隊演練，別受制於手上資訊與已知手法、漏洞 https://ithome.com.tw/news/133469 戴夫寇爾剖析漏洞與製作攻擊驗證工具 https://www.ithome.com.tw/news/133523 以攻擊者的角度制定防禦策略 https://devco.re/blog/2019/10/09/def-strategy/ 關於台灣首次「網路風暴」聯合演習的幾點看法 https://www.upmedia.mg/news_info.php?SerialNo=72714 追蹤東南亞網路間諜攻擊 Palo Alto發現「PKPLUG」團體 https://udn.com/news/story/7238/4092225 資安報告：23 間大型 VPN 有 6 間中國　VPN公司資料安全成疑 https://unwire.hk/2019/07/10/chinavpn-2/tech-secure/ 中共形象全球急速惡化 歐美澳亞皆厭惡 http://bit.ly/333k8Gh 西班牙地方網路遭駭 中央伸援 http://news.m.pchome.com.tw/internation/gpwb/20191005/index-57029084087357201011.html 哈利王子語音郵件被駭　怒控英國2媒體　拒黛妃事件重演 https://www.nownews.com/news/20191007/3675805/ 黑客攻擊事件被爆，100萬新西蘭人的健康信息或處於危險之中 http://www.chinesenzherald.co.nz/news/new-zealand/hack-attack-puts-health-details-at-risk/ Algorand 投資部門的CTO手機遭駭，損失高達200萬美元 https://zombit.info/algorands-cto-mobile-phone-in-the-investment-department-suffered-a-loss-of-up-to-2-million/ 英國政府警告，有APT組織正利用VPN漏洞大肆攻擊 https://nosec.org/home/detail/3014.html 袁桂笙：若網遭攻擊癱瘓台灣會變網絡孤島 http://news.stnn.cc/hk_taiwan/2019/1006/677080.shtml 路透：伊朗駭客疑試圖侵入川普競選團隊 https://udn.com/news/story/6809/4087238?from=udn-ch1_breaknews-1-cate5-news 不是假消息！微軟證實伊朗駭客發動「網路攻擊」 企圖干涉2020美總統大選 http://n.yam.com/Article/20191007158000 《基督日報》香港版被駭客入侵 強烈譴責違反新聞自由 http://bit.ly/2MmD8sC 干擾美國大選？世界駭客大賽測試發現　超過百款「投票機器」易遭駭客攻陷 https://cnews.com.tw/140191006a02/ 領先全歐洲！法國下個月全國實施「臉部辨識」計畫 https://cnews.com.tw/140191007a05/ 美國黑名單再增8中企 多數曾助中共監控新疆維族 https://news.ltn.com.tw/news/world/breakingnews/2940829 美國聯邦調查局大轉型 反恐怖主義改成網路安全 https://news.ltn.com.tw/news/world/breakingnews/2744481 泰國新例嚴管網絡言論 用咖啡店 WiFi 會被儲存瀏覽紀錄 http://bit.ly/2OCaoij 英國護照人臉辨識現漏洞 無法檢測深膚色人士 http://bit.ly/2MKipiX Microsoft: Iran-Backed Group Targeted a Presidential Campaign https://www.bankinfosecurity.com/microsoft-iran-backed-group-targeted-presidential-campaign-a-13198 Microsoft: Iranian hackers targeted a 2020 presidential campaign https://www.zdnet.com/article/microsoft-iranian-hackers-targeted-a-2020-presidential-campaign/#ftag=RSSbaffb68 Iranian Hackers Targeted a US Presidential Candidate https://www.wired.com/story/iran-hackers-target-us-presidential-candidate/ Russian hacker group patches Chrome and Firefox to fingerprint TLS traffic https://www.zdnet.com/article/russian-hacker-group-patches-chrome-and-firefox-to-fingerprint-tls-traffic/ Report: Nation state hackers and cyber criminals are spoofing each other https://www.zdnet.com/article/optiv-report-nation-state-hackers-and-cyber-criminals-are-spoofing-each-other/#ftag=RSSbaffb68 Optiv Security Releases Cyber Threat Intelligence Estimate Report to Increase Understanding of Cyber Threat Landscape, Offer Best Practices https://www.optiv.com/press-releases/optiv-security-releases-cyber-threat-intelligence-estimate-report-increase New CrowdStrike Threat Hunting Report Reveals Prolific Adversary Trends and Tactics https://www.crowdstrike.com/resources/news/crowdstrike-releases-falcon-overwatch-mid-year-report-2019/ A 2019 Mid-Year Review From the CrowdStrike Falcon OverWatch Team https://www.crowdstrike.com/resources/reports/observations-from-the-front-lines-of-threat-hunting-2019/ Microsoft: MFA bypass attacks are so rare we don't have good statistics on them https://www.zdnet.com/article/microsoft-mfa-bypass-attacks-are-so-rare-we-dont-have-good-statistics-on-them/#ftag=RSSbaffb68 FBI warns about attacks that bypass multi-factor authentication (MFA) https://www.zdnet.com/article/fbi-warns-about-attacks-that-bypass-multi-factor-authentication-mfa/#ftag=RSSbaffb68 Hacker to 5 Million Victims: “Get Outside More” https://www.cbronline.com/news/toms-hacked Schneier slams Australia's encryption laws and CyberCon speaker bans https://www.zdnet.com/article/schneier-slams-australias-encryption-laws-cybercon-speaker-bans/#ftag=RSSbaffb68 Government interference in Australia's premier cybersecurity conference is a worry https://www.zdnet.com/article/government-interference-in-australias-premier-cybersecurity-conference-is-a-worry/#ftag=RSSbaffb68 Hackers breach Volusion and start collecting card details from thousands of sites https://www.zdnet.com/article/hackers-breach-volusion-and-start-collecting-card-details-from-thousands-of-sites/#ftag=RSSbaffb68 France warns of cyberattacks against service providers and engineering offices https://www.zdnet.com/article/france-warns-of-cyberattacks-against-service-providers-and-engineering-offices/#ftag=RSSbaffb68 76 percent of US businesses have experienced a cyberattack in the past year https://www.zdnet.com/article/76-percent-of-us-businesses-have-experienced-a-cyberattack-in-the-past-year/#ftag=RSSbaffb68 資安專案管理 http://bit.ly/30Tj9ar 網管兼資安工程師 https://www.104.com.tw/job/6r7uk 趨勢科技／物聯網資安軟體測試實習生（薪高、福利好） https://worknowapp.com/jobs/ba13f31b-0d9d-4782-ad36-8324f491c4e7 金融聯合徵信中心招考 大學畢43K https://www.1111.com.tw/zone/school_fresh/article_In.asp?artCat=3&id=128050&agent=out_Epaper25_school_fresh2019100912post03 【資訊】資訊安全管理師-ISO27001 https://www.104.com.tw/job/69jq5?jobsource=jolist_a_relevance 資訊安全管理師 / 資安工程師 https://www.104.com.tw/job/56qde?jobsource=jolist_a_relevance 資訊部門-資訊安全管理師 https://www.104.com.tw/job/4ws6j?jobsource=jolist_a_relevance V資訊安全管理師 https://www.104.com.tw/job/6fmty?jobsource=jolist_a_relevance 〔資訊〕資深資訊安全管理師(台北) https://www.104.com.tw/job/5gcqu?jobsource=jolist_a_relevance 資訊安全輔導顧問（台中辦公室） https://www.104.com.tw/job/6kq0j?jobsource=jolist_a_relevance 資訊安全輔導顧問（台北辦公室） https://www.104.com.tw/job/6kq0b?jobsource=jolist_a_relevance 資訊安全輔導顧問（台北/台中/高雄辦公室） https://www.104.com.tw/job/3ra34?jobsource=jolist_a_relevance 合規處-資訊安全顧問 https://www.104.com.tw/job/5nttf?jobsource=jolist_a_relevance I3601 資訊安全資深工程師(板橋) https://www.104.com.tw/job/6dd4o?jobsource=jolist_a_relevance I3601 資訊安全工程師(板橋) https://www.104.com.tw/job/6doj9?jobsource=jolist_a_relevance 資訊安全事件中心(SOC)輪班正職人員-夜班 https://www.104.com.tw/job/4dzpm?jobsource=jolist_a_relevance 資訊安全售前架構師 https://www.104.com.tw/job/673hb?jobsource=jolist_a_relevance 行政_資訊安全工程師(SOC) https://www.104.com.tw/job/6gssv?jobsource=jolist_a_relevance 行政_資訊安全工程師(DLP) https://www.104.com.tw/job/5ucdb?jobsource=jolist_a_relevance 資安管理師 https://www.104.com.tw/job/6m54y?jobsource=jolist_a_relevance 【資訊處】資安規範管理師 Security Compliance https://www.104.com.tw/job/6p7v6?jobsource=jolist_a_relevance 【資安】資安管理專業人員 https://www.104.com.tw/job/67bcx?jobsource=jolist_a_relevance ISMS 資安顧問 https://www.104.com.tw/job/6fis1?jobsource=jolist_a_relevance 資訊系統管理師 https://www.104.com.tw/job/6jhgr?jobsource=jolist_a_relevance 資安專案經理 https://www.104.com.tw/job/64mq7?jobsource=jolist_a_relevance 網路系統管理師 https://www.104.com.tw/job/6f3f6?jobsource=jolist_a_relevance 資安技術顧問-E10B https://www.104.com.tw/job/6he3h?jobsource=jolist_a_relevance 資安技術服務工程師(正職) https://www.104.com.tw/job/3kmxs?jobsource=jolist_a_relevance F 資訊作業管理人員 https://www.104.com.tw/job/6beps?jobsource=jolist_a_relevance [幸福企業人才召募]網路資安工程顧問 https://www.104.com.tw/job/5x4dt?jobsource=jolist_a_relevance 資安專案經理/Project Manager https://www.104.com.tw/job/2w0gs?jobsource=jolist_a_relevance 數位鑑識與舞弊偵防顧問 https://www.104.com.tw/job/2wf7t?jobsource=jolist_a_relevance 法金_國際資訊管理人員 https://www.104.com.tw/job/5cqzk?jobsource=jolist_a_relevance 專案管理高級工程師【福利佳】 https://www.104.com.tw/job/3cdtq?jobsource=jolist_a_relevance 金融科技、內控人員 https://www.104.com.tw/job/6j1x0?jobsource=jolist_a_relevance 資安Presales-E10B https://www.104.com.tw/job/6he3g?jobsource=jolist_a_relevance 【資安】資安科技專業人員 https://www.104.com.tw/job/67cru?jobsource=jolist_a_relevance F-資訊服務規劃師 https://www.104.com.tw/job/4gtpx?jobsource=jolist_a_relevance 海外資安稽核_某知名網路公司 (3003292) https://m.1111.com.tw/job/91186564/ D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 法國下月實施臉部辨識身分 馬克宏「提升行政效率」挨轟 http://bit.ly/352ltPH AI黑客整合資料 度身定造釣魚電郵 http://bit.ly/2VqTPY1 推特認了 用戶個資不慎用作廣告目的 http://bit.ly/35nzEz2 美司法部要求fb「開路」 讓執法部門調查時閱覽加密訊息 https://hk.news.appledaily.com/international/realtime/article/20191004/60115291 「加州消費者隱私法」明年生效，消費者可以要求刪除什麼樣的數據 https://www.thenewslens.com/feature/timefortune/125541 網路交易三方詐騙難防範 台灣司法人權進步協會：盡量選擇合法交易網站平台 http://bit.ly/2Isdq55 你的個資被外洩？ 用這網站搜尋自己就知道 https://udn.com/news/story/7088/4096237 訂房網驚傳個資外洩 228名會員被騙3362萬 https://news.ltn.com.tw/news/Taipei/breakingnews/2938050 訂房網疑洩個資 醫師被騙164萬 https://news.ltn.com.tw/news/society/paper/1323071 Booking.com訂房網疑個資外洩 228會員遭騙3千多萬元 http://bit.ly/2oUZVE5 Booking訂房網疑個資外洩！228會員慘淪詐騙提款機…被騙逾3千萬 https://www.ettoday.net/news/20191006/1551287.htm Booking訂房網228台人被騙 驚動荷蘭總公司 https://udn.com/news/story/7315/4096205?from=udn-catelistnews_ch2 Booking.com疑似個資外洩非單一案例，近半年民眾通報各網購平臺解除分期詐騙破千件 https://www.ithome.com.tw/news/133558 知名訂房網疑個資外洩 荷蘭總公司與刑事局合作防堵 https://gotv.ctitv.com.tw/2019/10/1141435.htm 北京警方發佈電信網路詐騙犯罪安全防範提示 https://news.sina.com.tw/article/20191001/32830418.html 紐西蘭初級衛生組織Tū Ora遭駭客入侵，外洩100萬名用戶資料 https://ithome.com.tw/news/133509 呼叫器洩漏加拿大溫哥華病患敏感資料：這對企業的意義為何 https://blog.trendmicro.com.tw/?p=62214 小心落入電郵詐騙騙局 駭客造假有3手法 https://money.udn.com/money/story/5648/4097851 電郵詐騙 一個字母坑千萬 https://money.udn.com/money/story/5648/4097807 企業電郵詐騙案沒停過 今年36件拐走上億元 https://money.udn.com/money/story/5648/4097814 防制電郵詐騙五秘訣 幫金庫上安全鎖 https://money.udn.com/money/story/5648/4097844 小心落入電郵詐騙騙局 駭客造假有3手法 https://money.udn.com/money/story/5648/4097851 California Consumer Privacy Act (CCPA): What you need to know to be compliant https://www.csoonline.com/article/3292578/california-consumer-privacy-act-what-you-need-to-know-to-be-compliant.html Turkey fines Facebook $282,000 over privacy breach https://www.reuters.com/article/us-facebook-lawsuit-privacy-turkey/turkey-fines-facebook-282000-over-privacy-breach-idUSKBN1WI0LJ Nigerian Man Charged in Phishing Scam Targeting US Agencies https://www.bankinfosecurity.com/nigerian-man-charged-in-phishing-scam-targeting-us-agencies-a-13195 Check If You Are in the Sephora and StreetEasy Data Breaches https://www.bleepingcomputer.com/news/security/check-if-you-are-in-the-sephora-and-streeteasy-data-breaches/ Turkey Fines Facebook After Data Breach https://www.bankinfosecurity.asia/turkey-fines-facebook-after-data-breach-a-13199 Data breach at Russian ISP impacts 8.7 million customers https://www.zdnet.com/article/data-breach-at-russian-isp-impacts-8-7-million-customers/#ftag=RSSbaffb68 Tū Ora Compass Health data breach exposes medical data of one million people https://www.zdnet.com/article/tu-ora-data-breach-exposes-medical-data-of-one-million-new-zealand-residents/#ftag=RSSbaffb68 Phishing attempts increase 400%, many malicious URLs found on trusted domains https://www.helpnetsecurity.com/2019/10/09/phishing-increase-2019/ Beware of Fake Amazon AWS Suspension Emails for Unpaid Bills https://www.bleepingcomputer.com/news/security/beware-of-fake-amazon-aws-suspension-emails-for-unpaid-bills/ E.研究報告 騰訊Blade Team發現雲虛擬化平台QEMU-KVM逃逸漏洞各大雲廠或受影響 http://www.kaixian.tv/gd/2019/1010/1057889.html 《李忠憲專欄》科幻小說與資安 https://living.taronews.tw/2019/10/09/491257/ 《李忠憲專欄》資訊安全忙起來就不要 https://taronews.tw/2019/10/10/491557/ 《李忠憲專欄》V怪客面具 https://living.taronews.tw/2019/10/10/491581/ 如何查看與操弄 Android/iOS App 裡的 HTTPS Request 及 Response http://bit.ly/30SsBuL 除了 Web API 之外的新選擇 - gRPC 服務 https://dotblogs.com.tw/supershowwei/2019/10/07/090708 「網絡安全預警通報」關於Windows RPD服務遠程代碼執行漏洞的預警通報 http://www.sohu.com/a/345229127_100160592 釣魚郵件的投遞和偽造 https://xz.aliyun.com/t/6325 瀏覽器中的資料庫 https://www.ithome.com.tw/voice/133384 解決最近駭客透過UUIDSpoof入侵其分流並獲取OP進行破壞的四個方案 https://forum.gamer.com.tw/C.php?bsn=18673&snA=179712 GitHub 準備集成Semmle 代碼分析用於持續的漏洞檢測 https://www.infoq.cn/article/D7C0Wgu1N2fsdm0jmwqR?utm_source=rss&utm_medium=article 一篇了解Redis 未授權漏洞利用 https://mp.weixin.qq.com/s/Oy63HY68MdDzL0WBdFLDBQ 網站命令執行滲透測試步驟詳情 https://www.admin5.com/article/20191010/928029.shtml 直抄程式碼惹禍 Stack Overflow成重災區 http://bit.ly/35mGO6z CVE-2019-1315：基於錯誤報告機制的Windows提權漏洞 https://nosec.org/home/detail/3027.html 主流虛擬化平台QEMU-KVM被曝存在漏洞，可完全控制母機及其虛擬機 https://www.leiphone.com/news/201910/rFUAnGxghqK8M4sa.html File upload vulnerability scanner and exploitation tool. https://github.com/almandin/fuxploider Setup a Centralized Log Server with Rsyslog in CentOS/RHEL 8 https://www.tecmint.com/create-centralized-log-server-with-rsyslog-in-centos-8/ Using the MITRE ATT&CK Navigator for Intelligence Gathering Pre-purple Teaming https://pentestmag.com/using-the-mitre-attck-navigator-for-intelligence-gathering-pre-purple-teaming/ DNS-over-HTTPS causes more problems than it solves, experts say https://www.zdnet.com/article/dns-over-https-causes-more-problems-than-it-solves-experts-say/#ftag=RSSbaffb68 ThreadBoat : Program Uses Thread Execution Hijacking to Inject Native Shellcode into a Standard Win32 Application https://kalilinuxtutorials.com/threadboat-thread-execution-hijacking/ Web App for Volatility framework https://github.com/kevthehermit/VolUtility F.商業 Google資料中心實習計畫曝光　想要進去要有這幾種能力 http://bit.ly/35amjcY IBM資訊安全部門全球威脅情報防禦產品協理謝明君 100％客製方案 資安缺了OT就Out https://times.hinet.net/magazine/cp105/22590343 泉順食品攜手精品科技活用X-FORT強化網路監控力 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000569770_40O8444D67OEYJ1PFO5O7 CloudMile 攜手 Multi CDN 專家 mlytics 推出一站式平台 MileCDN http://n.yam.com/Article/20191008136276 開放原始碼漏洞翻倍，趨勢科技與Snyk聯手出擊 http://bit.ly/35gqbJA 17 Media 資料遷移：從全託管 MongoDB 到 MongoDB Atlas，用戶體驗與工作效率雙提升 https://www.inside.com.tw/article/17763-MongoDB Arm 為提供嵌入式平台客戶差異化，推出嵌入式 CPU 客製化指令集服務 https://www.cool3c.com/article/148770 Arm enables SoC makers to create custom instructions for embedded CPUs https://www.zdnet.com/article/arm-enables-soc-makers-to-create-custom-instructions-for-embedded-cpus/#ftag=RSSbaffb68 Cybersecurity giants join forces to combat cyberthreats under OASIS umbrella https://www.zdnet.com/article/cybersecurity-firms-join-forces-to-combat-open-source-security-woes-under-oasis-umbrella/#ftag=RSSbaffb68 Microsoft's Azure Data Box Edge gets rugged, portable option https://www.zdnet.com/article/microsofts-azure-data-box-edge-gets-rugged-portable-option/#ftag=RSSbaffb68 Microsoft's unified Office Mobile app: What it is and why it matters https://www.zdnet.com/article/microsofts-unified-office-mobile-app-what-it-is-and-why-it-matters/#ftag=RSSbaffb68 New Comic Videos Take CISO/Security Vendor Relationship to the Extreme https://thehackernews.com/2019/10/ciso-cyber-security-videos.html Breaches are now commonplace, but Reason Cybersecurity lets users guard their privacy https://thehackernews.com/2019/10/reason-antivirus-protection.html G.政府 29個法院遭駭攻 綠委憂司院資安不足 http://pchome.megatime.com.tw/news/cat8/20191003/57010460429856224001.html NCC：專網不一定需要專頻 http://bit.ly/2AI3cJg 中科院列管名單從出入境電腦下線逾2個月 出國管制出現5個月大漏洞 http://bit.ly/2OrBmZZ 修法清查現空窗？中科院：境管並無漏洞 https://news.pchome.com.tw/society/newstaiwandigi/20191006/photo-57035655016335279002.html 傳中科院曝出境管制漏洞 國防部：管制出境人數達1516人 https://newtalk.tw/news/view/2019-10-06/308035 《謠言終結站》國防部：中科院人員出境都納管 https://news.ltn.com.tw/news/politics/paper/1323091 國防部：中科院涉密人員已調整出入境納管期限 https://living.taronews.tw/2019/10/06/487819/ 中科院轉型行政法人脫離國安管制 綠委提案補強安全稽核疏漏 http://bit.ly/35fiDXp 政策 人員 技術 打造資安防護金鐘罩 https://udn.com/news/story/6868/4087551 美台國防工業會議展開 許毓仁：資安科技將成為決勝的第一道防線 http://news.knowing.asia/news/dae13976-dcd0-4c8d-9610-ba31493231e6 訂房免用境外平台 台灣旅宿網2.0月底上線 https://www.ttv.com.tw/news/view/10810080013000I/579 柯市府推「智慧販賣機」入校園，成大資安教授揭「AI 潛在危機」 https://buzzorange.com/2019/10/08/taipei-ai-vending-machine/ 因應金融環境變化與挑戰 金管會提發展新策略 https://money.udn.com/money/story/5613/4091801 資通電軍資通2大隊國慶假期軍紀宣教 維護國軍榮譽 https://www.ydn.com.tw/News/355665 H.ICS/SCADA 工控系統 10月15日國際工控系統資安研討會台北登場 https://digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000570042_PDQ1G2BW38493N3YLUJ94&cat=60 駭客新招術 癱瘓機台系統 https://money.udn.com/money/story/5648/4097856 Qualcomm -- ipq4019_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10499 Qualcomm -- ipq8074_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10539 Qualcomm -- ipq8074_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10540 Qualcomm -- mdm9205_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2294 Qualcomm -- mdm9206_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10489 Qualcomm -- mdm9607_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10492 Qualcomm -- mdm9650_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2252 Qualcomm -- msm8909w_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10509 Qualcomm -- msm8909w_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10538 Qualcomm -- qcs405_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10510 I.教育訓練 改變歷史的加密訊息 https://ithelp.ithome.com.tw/users/20111946/ironman/2582 網路世界的奇怪冒險 https://ithelp.ithome.com.tw/users/20112000/ironman/2908 Cissp 系列 https://ithelp.ithome.com.tw/users/20118530/ironman/2224 JavaScript 中的同步與非同步（上）：先成為 callback 大師吧 https://blog.huli.tw/2019/10/04/javascript-async-sync-and-callback/ 資安攻防最後一步：學會滲透測試 https://ithome.com.tw/pr/133484 讓駭客走過，就留下痕跡！你需要學會資安分析實務 http://bit.ly/2VoGTlK J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 想躲過AI 監控？ 戰鬥民族研發「反臉孔辨識」化妝術 https://fnc.ebc.net.tw/FncNews/business/101960 OT人效率擺第一　資安危機應對心態要調整 https://www.mem.com.tw/arti.php?sn=1910050010 2020 年智慧工廠資安趨勢：AI、邊緣運算為何成為駭客最愛的攻擊弱點 https://buzzorange.com/techorange/2019/10/07/iiot-security-trends-2020/ 別讓物聯網成「惡」聯網 政策 人員 技術 打造資安防護金鐘罩 http://bit.ly/2VrcAKX 科技連接未來! 你該知道的物聯網重點有這些 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&id=0000569868_5GR79QQA7W90067CDC7NK Answering IoT Security Questions for CISOs https://blog.trendmicro.com/answering-iot-security-questions-for-cisos/ 6.近期資安活動及研討會 HITB+ CYBER WEEK 2019/10/12 ~17 https://d2p.hitb.org/ 白帽駭客體驗實作 10/13 https://www.sce.pccu.edu.tw/event/chtweb/index.html HAKON – International Information Security Meet 10/13 https://infosec-conferences.com/events-in-2019/hakon/ 國家高速網路與計算中心 台灣杉一號高速計算主機使用進階課程 10/14 https://edu.nchc.org.tw/course/one_course_introduction.asp M3AAWG 47th General Meeting 10/14 ~ 10/17 https://infosec-conferences.com/events-in-2019/m3aawg-47th-general-meeting/ 數位時代，自已的權利自己顧 -- 不可不知！基礎資安教戰講座 10/15 https://ocftw.kktix.cc/events/e0c1048b AWS Transformation Day 10/15 https://amzn.to/2ksO8Lb 智資時代 2019 科技法制前瞻論壇 10/15 https://seminar.ithome.com.tw/live/iii20191015/index.html?eDM_iThome AI時代下，資安與視覺化的觀點與實例 10/16 https://www.tiai.org.tw/tiaiActDetailClass?sno=19 2019 IBM Cloud 用戶實作課程秋季班 10/16 https://ibm.co/2n4VNQQ BSides Ahmedabad 10/16 https://infosec-conferences.com/events-in-2019/bsides-ahmedabad/ TFUG Taipei | TensorFlow All Around 10/16 https://www.meetup.com/TensorFlow-User-Group-Taipei/events/264713077/ 第八屆國際程式競賽 CodeVita Season 8 即日起至10/17日報名截止 https://bhuntr.com/tw/competitions/104724210865172005190909102w Data Connectors Toronto Tech-Security – October 10/17 https://infosec-conferences.com/events-in-2019/data-connectors-toronto-october/ Kotlin/Everywhere GDG Hsinchu - Kotlin on Cloud and Web 10/17 https://www.meetup.com/GDG-Hsinchu/events/263741333/ 2019 Space Apps Challenge_NASA 黑客松台北場 10/18 https://www.facebook.com/events/2112377919060176/ 2019 邊緣運算論壇 - AI + IoT 備戰台商回流潮，IIoT 智慧升級 10/18 https://www.accupass.com/event/1909040655361186052756 2019 CYBERSPACE聯合研討會 10/18 ~ 10/19 https://cyberspace.ttu.edu.tw/cyber2019/ Crosslink Taiwan 2019 10/19 https://www.meetup.com/Taipei-Ethereum-Meetup/events/264302796/ 交通大學亥客書院-A006:數位足跡追蹤與分析 10/19 https://hackercollege.nctu.edu.tw/?p=1088 無痛上手-WiFi無線網路安全檢測 10/20 https://www.sce.pccu.edu.tw/event/chtweb/index.html 日盛金融黑客松 報名至10/20 止 https://app.jsun.com/hackathon/Main DEVCORE 那些年我回報的漏洞踩雷經驗 10/21 https://hackersir.kktix.cc/events/orange1021 Splunk .conf 19 10/21 ~ 10/24 https://conf.splunk.com/ 國家高速網路與計算中心 平行計算程式設計基礎課程 10/22 https://edu.nchc.org.tw/course/one_course_introduction.asp AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22 https://ittraining.kktix.cc/events/aiot-training-2019 IEEE Symposium on Visualization for Cyber Security (VizSec) 10/23 https://infosec-conferences.com/events-in-2019/vizsec/ Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019 https://www.icscybersecurityconference.com 從網路基礎建設安全談RPKI與DDoS 10/24 https://twnic-icann.kktix.cc/events/108-7 [Palo Alto Networks]-Palo Alto Networks 直播研討會Part6. MITRE ATT&CK 新資安攻防框架進階產業應用 10/24 https://www.zerone.com.tw/TrainingDetial/Seminar/7747B901A8198AC3%7C1C130FE6FEC34700 Cybersecurity Conference Rhein-Neckar 10/24 ~ 10/25 https://infosec-conferences.com/events-in-2019/cybersecurity-rhein-neckar/ Identity Days 10/24 https://infosec-conferences.com/events-in-2019/identity-days/ Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 10/25 https://signupcybersec101.ithome.com.tw/ 國家高速網路與計算中心 大數據軟體開發平台與深度學習、HBase(大數據資料庫)開發應用案例 10/25 https://edu.nchc.org.tw/course/one_course_introduction.asp 交通大學亥客書院-A015:進階網頁滲透測試 10/26 https://hackercollege.nctu.edu.tw/?p=1090 International Conference on Networks & Communications (NETWORKS) 10/26 ~ 10/27 https://infosec-conferences.com/events-in-2019/networks/ 亞洲‧矽谷學院108年免費認證考試 10/27 https://college.asvda.org.tw/ International Conference on Emerging Security Information, Systems and Technologies (SECURWARE) 10/27 ~ 10/31 https://infosec-conferences.com/events-in-2019/securware/ SANS Amsterdam October 10/28 https://infosec-conferences.com/events-in-2019/sans-amsterdam-october/ 工業自動化資安管理與實務 10/29 ~ 10/30 https://www.ivendor.com.tw/website/featured_detial/91 資安檢核核心技術及進階技術研討會 10月28日至10月30日 http://bit.ly/2TN2UtD Foundations in Digital Forensics with EnCase® (DF120) (原CF1) 10/28 ~ 10/31 https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=39 International Workshop on Reliability and Security Data Analysis (RSDA) 10/28 ~ 10/31 https://infosec-conferences.com/events-in-2019/rsda/ International Symposium on Software Reliability Engineering (ISSRE) 10/28 ~ 11/1 https://infosec-conferences.com/events-in-2019/issre/ Securing New Ground 10/29 ~ 10/30 https://infosec-conferences.com/events-in-2019/securing-new-ground/ CEBIT Australia 10/29 ~ 10/31 https://infosec-conferences.com/events-in-2019/cebit-australia/ OWASP AppSec Day Melbourne 11/1 https://infosec-conferences.com/events-in-2019/owasp-appsec-day-melbourne/ Hackfest 2019 11/1 ~ 11/3 https://infosec-conferences.com/events-in-2019/hackfest-2019/ 行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30 https://www.accupass.com/event/1810080517061259295030 Elite East Coast CISO Summit 11/3~11/5 https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/ Red Hat Forum Taipei 2019 11/5 https://www.facebook.com/events/1390202967799392/ Cyber Security Summit: Boston 11/6 https://infosec-conferences.com/events-in-2019/cyber-security-summit-boston/ 駭客攻防暨數位鑑識系列一(第1期) 11/7 https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=384540 網路攻擊鏈( Cyber Kill Chain)各階段實作 (6hr) 11/7 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384540 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/8 https://signupcybersec101.ithome.com.tw/ BSides Charleston 11/9 https://infosec-conferences.com/events-in-2019/bsides-charleston/ Kotlin/Everywhere GDG Taoyuan - 運用 Ktor 建置一個以 Kotlin 打造的後端服務 11/9 https://www.meetup.com/GDGTaoyuan/events/264776152/ OpenInfra Day Taiwan 11/12 http://openinfra.digitimes.com.tw/ CLEAR Cyber Leaders Conference 11/12 ~ 11/13 https://infosec-conferences.com/events-in-2019/clear-cyber-leaders-conference/ Windows檔案系統及檔案還原 (6hr) 11/14 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384541 Digital Internet Summit 11/14 https://infosec-conferences.com/events-in-2019/digital-internet-summit/ INTERFACE – Nebraska 11/14 https://infosec-conferences.com/events-in-2019/interface-nebraska/ SecureWV – Hack3rCon 11/15 ~ 11/17 https://infosec-conferences.com/events-in-2019/securewv-hack3rcon/ 交通大學亥客書院-P006:高階網頁滲透測試 11/16 https://hackercollege.nctu.edu.tw/?p=1092 FS-ISAC Fall Summit 11/17 ~ 11/20 https://infosec-conferences.com/events-in-2019/fs-isac-fall-summit/ Microsoft IoT in Action 11/20 https://www.iotinactionevents.com/event/taipei Infosecurity ISACA North America Expo and Conference 11/20 ~ 11/21 https://infosec-conferences.com/events-in-2019/isaca-north-america-expo-conference/ 檔案特徵值比對與關鍵字搜尋 (2hr) Open Source數位鑑識工具實務操作 (5hr) 11/21 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384542 Trend Micro CTF 2019 // Raimund Genes Cup FINAL / NOVEMBER 23–24, 2019 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html 資安檢核核心技術及進階技術研討會11月26日至11月28日 http://bit.ly/2TN2UtD 人資人員必修的職安法規定 11/26 https://www.accupass.com/event/1909121441141977826554 模擬案例鑑識分析實務 (6hr) 11/28 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384543 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/29 https://signupcybersec101.ithome.com.tw/ 交通大學亥客書院-B015:惡意程式檢測 11/30 https://hackercollege.nctu.edu.tw/?p=1098 亞洲‧矽谷學院108年免費認證考試 11/30 https://college.asvda.org.tw/ Digital Summit Dallas 12/4 https://infosec-conferences.com/events-in-2019/digital-summit-dallas/ Kansas City Cyber Security Conference 12/5 https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/ CyberMaryland Conference 12/5 ~ 12/6 https://infosec-conferences.com/events-in-2019/cybermaryland-conference/ FutureCon Nashville Cyber Security Conference 12/11 https://infosec-conferences.com/events-in-2019/futurecon-nashville/ Utility Cyber Security Forum December 12/11 https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/ 交通大學亥客書院-A018:企業網域控管－Active Directory攻擊與防禦 12/14 https://hackercollege.nctu.edu.tw/?p=1094 Japan Security Analyst Conference https://jsac.jpcert.or.jp/