###### tags: `資安事件新聞週報` # 資安事件新聞週報 2020/4/27 ~ 2020/5/1 1.重大弱點漏洞/後門/Exploit/Zero Day Hackers are exploiting a Sophos firewall zero-day https://www.zdnet.com/article/hackers-are-exploiting-a-sophos-firewall-zero-day/#ftag=RSSbaffb68 Hackers exploit zero-day in Sophos XG Firewall, fix released https://www.bleepingcomputer.com/news/security/hackers-exploit-zero-day-in-sophos-xg-firewall-fix-released/ Sophos緊急修補旗下防火牆已遭開採的零時差漏洞 https://www.ithome.com.tw/news/137239 Pulse Connect Secure の脆弱性への対策や侵害有無などの確認を https://www.jpcert.or.jp/newsflash/2020041701.html Fixing SQL injection vulnerability and malicious code execution in XG Firewall/SFOS https://community.sophos.com/kb/en-us/135412 Fortinet 產品繞過保安限制漏洞 https://fortiguard.com/psirt/FG-IR-20-045 McAfee 產品繞過保安限制漏洞 https://kc.mcafee.com/corporate/index?page=content&id=SB10316 https://kc.mcafee.com/corporate/index?page=content&id=KB92752 IBM DB2 多個漏洞 https://www.ibm.com/support/pages/node/6198380 Juniper Junos OS 遠端執行程式碼漏洞 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021 Samba 多個漏洞 https://www.samba.org/samba/security/CVE-2020-10704.html https://www.samba.org/samba/security/CVE-2020-10700.html ZyXEL Zyxel XGS2210-52HP跨站脚本漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13495 Gigamon GigaVUE 路徑遍歷漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12251 JVN#47668991 Sales Force Assistant におけるクロスサイトスクリプティングの脆弱性 https://jvn.jp/jp/JVN47668991/ 升級且慢！報告稱 Windows 10 更新會破壞 Chrome 安全機制 https://3c.ltn.com.tw/news/40225 Google披露蘋果Image I/O零點擊漏洞　現已修復 https://www.ettoday.net/news/20200429/1702996.htm 潛伏了8年的iPhone和iPad嚴重漏洞可能正在受到積極攻擊 https://www.rixin.info/a/5004.html Google discloses zero-click bugs impacting several Apple operating systems https://www.zdnet.com/article/google-discloses-zero-click-bugs-impacting-several-apple-operating-systems/#ftag=RSSbaffb68 Zoom Call Recording 跨站脚本漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18223 HPE Onboard Administrator 跨站脚本漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7132 多款NETGEAR產品命令注入漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21154 Edimax EW-7438RPn 1.13 Remote Code Execution https://packetstormsecurity.com/files/157381/edimaxew7438rpn113-exec.txt 受Ghostcat漏洞波及，多家IT平臺軟體接續發布相關修補 https://www.ithome.com.tw/news/137207 HTCondor 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18823 一組特定字串被發現會使 Apple 裝置當機 https://bit.ly/3cLBFaX iOS 13 郵件軟體遭發現 2 個嚴重 0-day 漏洞，無需用戶操作即可導致駭侵者遠端執行任意程式碼 https://www.twcert.org.tw/tw/cp-104-3576-51b6d-1.html Apple disputes recent iOS zero-day claim https://www.zdnet.com/article/apple-disputes-recent-ios-zero-day-claim/#ftag=RSSbaffb68 打開空白電郵可能「被駭」！iPhone、iPad 證實有資安漏洞，iOS 13.4.5 將修補漏洞 https://buzzorange.com/techorange/2020/04/24/iphone-ipad-security-bug/ Zero-Day Warning: It's Possible to Hack iPhones Just by Sending Emails https://thehackernews.com/2020/04/zero-day-warning-its-possible-to-hack.html Foxit發布安全性公告，揭露20個安全漏洞，其中4個可被用於遠端執行任意程式碼攻擊 https://www.ithome.com.tw/news/137177 微軟修復 Teams 重大資安漏洞：一張 GIF 圖檔即可綁架整個單位的 Teams 帳號 https://www.twcert.org.tw/tw/cp-104-3579-fdbdd-1.html Microsoft Patches Teams Vulnerability https://www.bankinfosecurity.com/microsoft-patches-teams-vulnerability-a-14195 微軟緊急修補Office及小畫家3D的遠端程式攻擊漏洞 https://www.ithome.com.tw/news/137165 Windows Embedded Compact 7 安全更新：2020 年 3 月 https://support.microsoft.com/zh-cn/help/4550089/security-update-for-windows-embedded-compact-7 Huawei Lion-AL00C 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1880 Critical Security Patches Released for Magento, Adobe Illustrator and Bridge https://thehackernews.com/2020/04/adobe-software-updates.html GitLab向報告遠程代碼執行漏洞的研究員獎勵2萬美元 https://www.cnbeta.com/articles/tech/973253.htm Critical Bugs Found in 3 Popular e-Learning Plugins for WordPress Sites https://thehackernews.com/2020/04/wordpress-lms-plugins.html JVN#93064451 複数のシャープ製 Android 端末における情報漏えいの脆弱性 https://jvn.jp/jp/JVN93064451/ 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 為因應 COVID-19（武漢肺炎）疫情衍生之資安威脅，請依說明事項辦理，請查照並轉知所屬會員 https://law.fsc.gov.tw/law/NewsContent.aspx?id=8085 《金融》壽險串聯健康存摺 金管會未准 https://ww2.money-link.com.tw/RealtimeNews/NewsContent.aspx?SN=4166546001&PU=0010 194家異地辦公 佔金融業比重64% https://tw.news.appledaily.com/finance/20200424/JSSMLP3OA6I54V4MPFIRPZ27HA/ 中華民國銀行商業同業公會全國聯合會金融資安聯防教育訓練研討會新聞稿 https://www.ba.org.tw/Notice/Detail/1639 十年磨一劍！ 臺灣證券市場正式迎向逐筆交易新制 https://www.ithome.com.tw/news/137206 【2020支付安全未來三年新變革】商家儲存的信用卡號應代碼化，全新3-DS驗證在臺有3大類別商家必須啟用 https://www.ithome.com.tw/news/136821 Line Bank揭露更詳細IT組織架構，更可一窺這家純網銀採用技術與未來發展藍圖 https://www.ithome.com.tw/news/137288 四十萬筆卡片消費記錄，於暗網上以200萬美金出售 https://www.twcert.org.tw/tw/cp-104-3585-b930d-1.html Imitation is the sincerest form of flattery: Natwest copies Starling with carers card https://www.finextra.com/newsarticle/35697/imitation-is-the-sincerest-form-of-flattery-natwest-copies-starling-with-carers-card Hackers Trick 3 British Private Equity Firms Into Sending Them $1.3 Million https://thehackernews.com/2020/04/bec-scam-wire-transfer-money.html 5G in financial services will provide new possibilities https://www.zdnet.com/article/5g-in-financial-services-will-provide-new-possibilities/#ftag=RSSbaffb68 South Korean and US payment card details worth nearly $2M up for sale in the underground https://www.group-ib.com/media/south-korean-and-us-banks-cards/ 3.電子支付/電子票證/行動支付/ pay/新聞及資安 電支電票二合一 轉帳紅利共享共用 https://pttcareer.com/mobilepay/M.1587900716.A.628.html Three hurdles to address before digital retail payments can scale across Asia Pacific https://www.zdnet.com/article/three-hurdles-to-address-before-digital-retail-payments-can-scale-across-asia-pacific/#ftag=RSSbaffb68 4.虛擬貨幣/區塊鍊相關新聞及資安 關於中國央行數位貨幣 DCEP，讀完這篇文章才算是懂了 https://www.blocktempo.com/china-dcep-central-bank-digital-currecny/ Binance幣安研究：大眾對中國央行「數位人民幣 DCEP」的迷思 (完整報告) https://www.blocktempo.com/china-cbdc-dcep-cryptocurrency-revolution-binance/ 我央行評估數位貨幣將出爐 傾向雙軌並行 https://ec.ltn.com.tw/article/paper/1368728 當離駭客如此近 … 從 Lendf.Me 駭客事件我們看到了什麼 https://zombit.info/what-do-we-see-from-the-lendf-me-hacking-incident/ Lendf 被盜代幣已全數歸還！駭客疑似自洩個資露馬腳 https://news.cnyes.com/news/id/4467332 區塊鏈金融平臺dForce的加密貨幣資產幾乎被盜領一空 https://www.ithome.com.tw/news/137106 “洗錢“意外留下元數據？黑客被迫退回2500萬美金 https://www.freebuf.com/news/234573.html 重磅！幣寶日本發函解除契約、終止系統服務，台灣市場「數億消失資產」該如何彌補 https://www.blocktempo.com/bitpoint-jp-stop-the-contract-of-tw/ 台灣2.5億傳銷案｜IBCoin受害者一審敗訴，法官: 網路發達查證不難，不該因被告空話就買幣 https://www.blocktempo.com/ibcoin-victims-lost-the-suit/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 勒索軟體攻擊超越金融卡竊盜，在去年成為最常見的網路攻擊行動 https://www.ithome.com.tw/news/137199 卡巴斯基揭露透過Android程式的大規模間諜活動 https://www.ithome.com.tw/news/137278 APT 駭客集團利用武漢肺炎作為誘餌 https://blog.trendmicro.com.tw/?p=64059 勒索軟體Shade/Troldesh收山，釋出75萬把解密金鑰 https://ithome.com.tw/news/137253 勒索軟體攻擊超越金融卡竊盜，在去年成為最常見的網路攻擊行動 https://www.ithome.com.tw/news/137199 勒索病毒專挑特定對象下手, 政府機關飽受針對性勒索病毒危害 https://blog.trendmicro.com.tw/?p=63955 美國科羅拉多州醫院遭到勒索軟體攻擊，多個資訊系統被迫停止運作 https://www.ithome.com.tw/news/137283 微軟攜35國 摧毀殭屍網路Necurs https://bit.ly/3cM4vIj Tekya惡意軟件混入Google Play https://www.freebuf.com/articles/network/231545.html < 資安報告>勒索病毒專挑特定對象下手, 政府機關飽受針對性勒索病毒危害 https://blog.trendmicro.com.tw/?p=63955 《肺炎電腦病毒新增案例》首例開機磁區確診 Coronavirus 病毒，導致無法開機 https://blog.trendmicro.com.tw/?p=64121 LeetHozer Botnet分析报告 https://blog.netlab.360.com/the-leethozer-botnet/ 微軟警告：駭客正利用盜版影片遞送惡意程式 https://www.ithome.com.tw/news/137303 電腦自動重新開機,跳出 Coronavirus 病毒圖片?確診電腦將無法開機 https://blog.trendmicro.com.tw/?p=64121 美澳聯手警告：小心Web Shell惡意程式 https://www.ithome.com.tw/news/137211 Attackers Increasingly Using Web Shells to Create Backdoors https://www.bankinfosecurity.com/attackers-increasingly-using-web-shells-to-create-backdoors-a-14179 Moobot Botnet Hacks Various Fiber Routers Using 0-Day Vulnerability https://gbhackers.com/moobot-botnet/ Malicious USB Drives Infect 35,000 Computers With Crypto-Mining Botnet https://thehackernews.com/2020/04/usb-drive-botnet-malware.html Threat Spotlight: MedusaLocker https://blog.talosintelligence.com/2020/04/medusalocker.html 2020-04-24 - TRAFFIC ANALYSIS EXERCISE - STEELCOFFEE https://www.malware-traffic-analysis.net/2020/04/24/index.html 2020-04-23 - QAKBOT (QBOT) SPX103 - THE "/docs_[3 characters]/" WAVE https://www.malware-traffic-analysis.net/2020/04/23/index.html Botnet Designed to Mine Virtual Currency Shut Down https://www.bankinfosecurity.com/botnet-designed-to-mine-virtual-currency-shut-down-a-14180 Grouping Linux IoT Malware Samples With Trend Micro ELF Hash https://blog.trendmicro.com/trendlabs-security-intelligence/grouping-linux-iot-malware-samples-with-trend-micro-elf-hash/ Hackers Hit Los Angeles Suburb, Demand 100 Bitcoin Ransom https://hotforsecurity.bitdefender.com/blog/hackers-hit-los-angeles-suburb-demand-100-bitcoin-ransom-23038.html Nemty Ransomware Gang Shuts Down Public Gig, Announces ‘Exclusive’ Business Model https://hotforsecurity.bitdefender.com/blog/nemty-ransomware-gang-shuts-down-public-gig-announces-exclusive-business-model-22999.html LockBit ransomware borrows tricks to keep up with REvil and Maze https://news.sophos.com/en-us/2020/04/24/lockbit-ransomware-borrows-tricks-to-keep-up-with-revil-and-maze/ Shade Ransomware Operation Apparently Shuts Down https://www.bankinfosecurity.com/shade-ransomware-operation-apparently-shuts-down-a-14192 New Android Malware Steals Banking Passwords, Private Data and Keystrokes https://thehackernews.com/2020/04/android-banking-keylogger.html EVENTBOT: A NEW MOBILE BANKING TROJAN IS BORN https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born B.行動安全 / iPhone / Android /穿戴裝置 /App 社交距離App 走過留足跡 https://money.udn.com/money/story/5658/4519108 政院社交APP疫調更便利！ 遭疑洩個資「暫緩」 https://bit.ly/3eV17ws 防疫兼顧隱私！政院推APP能算「與確診者的距離」 https://bit.ly/2zy6gKX 一鍵開啟手機防護，Phone Guardian 保護瀏覽隱私、保護個人資料、安全上網(Android、iOS) https://kkplay3c.net/phone-guardian/ 發布16小時 逾百萬澳人已下載疫情追蹤軟件 https://www.epochtimes.com/b5/20/4/27/n12063693.htm 【Zoom 資安風暴】台灣用戶資料歸何處？ 回覆 INSIDE十問 https://www.inside.com.tw/article/19613-zoom-Abe-Smith-reply-inside-10-Q-and-A Zoom不但涉嫌充當北京海外耳目還被指打壓國內宗教 https://bit.ly/2KxwK1j ZOOM再傳資安問題 中國基督徒做禮拜遭公安上門抓人 https://www.epochtimes.com/b5/20/4/24/n12059105.htm Zoom遭駭客利用！藉疫「出1招」成功竊5萬個資：別被騙了 https://www.nownews.com/news/20200428/4058290/ 惡意入侵會議進行「Zoom轟炸」，疫情下新生的網絡視頻暴力，你經歷過嗎 https://theinitium.com/roundtable/20200427-roundtable-zh-international-zoombombing/ Zoom-Bombing Attack Targets U.S. Government Meeting https://hotforsecurity.bitdefender.com/blog/zoom-bombing-attack-targets-u-s-government-meeting-23030.html WhatsApp 表示黑客組織利用其美國伺服器進行攻擊 https://chinese.engadget.com/chinese-2020-04-27-whatsapp-says-nso-group-launched-attacks-from-us.html 下載到假的 Telegram、WhatsApp …等熱門即時通訊軟體,廣告跳不停 https://blog.trendmicro.com.tw/?p=64114 仿效蘋果、Google，德國將改用去中心式接觸追蹤App https://www.ithome.com.tw/news/137257 推特關閉大部分國家所有簡訊發文服務 https://ithome.com.tw/news/137276 你的手機被放生了嗎？Android 安全更新「最確實」排行出爐 https://3c.ltn.com.tw/news/40237 南韓 N 號房事件反思：加密通訊軟體的隱私性、利與弊 https://www.inside.com.tw/article/19673-Telegram-sexual-abuse 犯罪集團持續兵分多路朝行動裝 置和Apple 作業系統 等其他平台邁進 https://blog.trendmicro.com.tw/?p=63966 App檢測通過名錄 https://www.mas.org.tw/app_cert_1b.php?id=1153 Facebook-NSO lawsuit: Hundreds of WhatsApp attacks linked to one IP address https://www.zdnet.com/article/nso-lawsuit-facebook-links-hundreds-of-whatsapp-attacks-to-one-ip-address/#ftag=RSSbaffb68 FCC approves plan to open up more spectrum for Wi-Fi https://www.zdnet.com/article/fcc-approves-plan-to-open-up-more-spectrum-for-wi-fi/#ftag=RSSbaffb68 Netgear signals big WiFi 6 upgrade cycle amid shift to remote work, telecommuting https://www.zdnet.com/article/netgear-signals-big-wifi-6-upgrade-cycle-amid-shift-to-remote-work-telecommuting/#ftag=RSSbaffb68 Aussie Contact-Tracing App: Details Slowly Emerge https://www.bankinfosecurity.com/aussie-contact-tracing-app-details-slowly-emerge-a-14173 How to Block the “Sindhi Text Bomb” on iOS https://hotforsecurity.bitdefender.com/blog/how-to-block-the-sindhi-text-bomb-on-ios-23079.html How An Image Could've Let Attackers Hack Microsoft Teams Accounts https://thehackernews.com/2020/04/microsoft-teams-vulnerability.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 任天堂爆資安漏洞！坦承全球 16 萬名玩家帳號遭入侵 https://3c.ltn.com.tw/news/40210 任天堂證實：約 16 萬帳戶資訊遭駭客入侵 https://ek21.com/news/tech/192970/ 任天堂在遭受大量駭客企圖攻擊後，廢除 NNID 登入 https://bit.ly/2W3jdUJ 任天堂表示近 16 萬個 Nintendo Network ID 遭到不當登入，部分受害者遭盜刷購買遊戲 https://www.twcert.org.tw/tw/cp-104-3578-60f52-1.html 4月驚傳有16萬組Switch帳號有資安漏洞…任天堂證實並提供解決方案！ https://bit.ly/2YcZ01s MITRE ATT&CK 評測講解：參賽選手觀點 https://www.ithome.com.tw/news/137298 愛看免錢盜版影片？微軟：小心電腦遭駭客利用挖礦 https://inanews.tw/archives/181136 黃琪搞鬼！駭台大雲端總機訂口罩 法院裁定羈押禁見 https://bit.ly/3aKe35e 以COVID-19為主題的駭侵攻擊活動案例，三月較一月增三百倍以上 https://www.twcert.org.tw/tw/cp-104-3587-0825c-1.html 疫情期間風險升高！資安事件層出不窮　專家建議這樣做 https://newtalk.tw/news/view/2020-04-26/397326 全球招募！GeekPwn2020征程再起新增“新基建”安全挑戰賽 http://news.tom.com/202004/4177830733.html 〈5月報稅季來了〉防疫宅在家報稅 五招自保方法閃駭客攻擊 https://news.cnyes.com/news/id/4469227 黑客入侵官網　完美威士忌珍藏網上拍賣被迫暫停 https://hk.thevalue.com/articles/perfect-whisky-collection-online-auction-hacked 世衛組織高級官員成為網絡駭客攻擊目標 https://bit.ly/3cExuhc 中國駭客頻入侵 鎖定蔡英文及柯P病歷下手 https://bit.ly/2KJs1tq 疾管署疑遭中國駭客入侵 法務部長：即刻協助阻斷攻擊 https://news.ltn.com.tw/news/life/breakingnews/3149703 防疫五月天也破功？全球2.5萬筆電郵帳密遭駭驚見疾管署 https://www.mirrormedia.mg/story/20200427inv009/ 疾管署證實駭客入侵！連3年外流68筆帳密 員工註冊網購惹禍 https://bit.ly/2KFonAX 疾管署駭客入侵？蔡清祥：速查境內或境外所為 https://money.udn.com/money/story/5648/4527889 駭客竊取疾管署人員帳密 調查局資安站全力追查 http://m.match.net.tw/pc/news/local/20200429/5297891 蔡英文總統 台北市長柯文哲病歷遭駭？ 陳時中回應了 https://www.chinatimes.com/realtimenews/20200429002338-260407?ctrack=mo_main_rtime_p01&chdtv 疾管署68筆公務信箱帳密遭駭！莊人祥：外洩帳號已停用 https://times.hinet.net/news/22881113 中國駭客想竊總統病歷　蔡英文：健康資料有保護機制 https://tw.appledaily.com/politics/20200429/7VQKTOBCAC5JRKD5L6H6ADNUGA/ KPMG：拿公務帳號註冊 CDC帳密害了 https://www.chinatimes.com/realtimenews/20200429003633-260410?ctrack=mo_main_rtime_p04&chdtv 衛福部人員帳密遭駭　成調查局資安站掛牌後首要任務 https://www.ctwant.com/article/48256 台大醫院遭駭客入侵！驚傳蔡英文、柯文哲病歷資料遭鎖定 https://www.chinatimes.com/realtimenews/20200429001791-260407?ctrack=mo_main_rtime_p02&chdtv 疾管署遭駭！全球2.5萬筆電郵帳密恐外洩 調查局立案偵辦 https://money.udn.com/money/story/5648/4526621 用公務信箱逛網拍遭駭？疾管署遭駭客入侵緊急出面說明 https://times.hinet.net/news/22881058 傳中國駭客偷蔡英文、柯文哲病歷　藍委洩「內幕」爆偷錯… https://www.setn.com/News.aspx?NewsID=734066 「他們想要偷走一切！」新冠肺炎燒出中美駭客戰　華盛頓指控中國竊取疫苗智慧財產權 https://www.storm.mg/article/2566389 美國網路攻擊激增　CNN：華府指控「中國駭客」竊取新冠肺炎研究成果 https://www.ettoday.net/news/20200426/1700577.htm?from=feature 無恥！中國駭客全面進攻美國 試圖竊取武漢肺炎研究 https://news.ltn.com.tw/news/world/breakingnews/3145990 中共爲病毒疫苗研發覬覦美國研究實驗室 黑客行爲瘋狂 https://www.soundofhope.org/post/371368?lang=b5 美國威脅更換世衛負責人、中國抗疫機構遭駭客攻擊……耿爽都回應了耿爽回應 https://ek21.com/news/business/128017/ 中國大陸網信辦發布《網絡安全審查辦法》，6月1日起正式實施 https://www.freebuf.com/articles/compliance/235163.html 中國大陸《網絡安全審查辦法》要點解讀 https://www.freebuf.com/news/235177.html 中菲大外宣11萬人「倒讚」 菲律賓網友：我們不是朋友 https://bit.ly/2W1beHw 中國駭客組織再度監控維吾爾穆斯林，鎖定執行特定版本iOS裝置的族群下手 https://www.ithome.com.tw/news/137158 中國疫情期間繼續監控維吾爾人的手機通訊 https://www.voacantonese.com/a/china-still-hacking-urghur-phone-04242020/5391216.html Hackers Targeted Chinese Agencies for COVID-19 Intel: Report https://www.bankinfosecurity.com/hackers-targeted-chinese-agencies-for-covid-19-intel-report-a-14181 Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims https://thehackernews.com/2020/04/iphone-zero-day-exploit.html Chinese ‘Frontline’ COVID-19 Research Firm Reported Hacked: Data Now On Dark Web https://www.forbes.com/sites/zakdoffman/2020/04/26/chinese-covid-19-detection-firm-just-got-hacked-data-for-sale-on-dark-web-new-report/ 美企稱越南「支持駭客竊取中國疫情資訊」 越外交部否認 https://ek21.com/news/business/127954/ 越南駭客對中國防疫部門發動網路攻擊？中國外交部回應 http://www.ctstvnet.com/?wid=19&id=9420&ua=pc 曝越南黑客組織對我國長達3個月的入侵，意圖竊取COVID-19相關情報 https://www.freebuf.com/news/234855.html Shadow Broker leaked NSA files point to unknown APT group https://nakedsecurity.sophos.com/2020/04/24/shadow-broker-leaked-nsa-files-point-to-unknown-apt-group/ WHO證實電郵遭駭 華郵：駭客鎖定全球機構犯案 https://www.ydn.com.tw/News/380959 美國FCC發通牒 有意把中國電信商逐出美國 https://ec.ltn.com.tw/article/breakingnews/3145454 南韓網路安全戰略 應對資訊威脅 https://www.ydn.com.tw/News/381634 THE LOGIC BEHIND RUSSIAN MILITARY CYBER OPERATIONS https://www.boozallen.com/c/insight/publication/the-logic-behind-russian-military-cyber-operations.html https://www.boozallen.com/content/dam/boozallen_site/ccg/pdf/publications/bearing-witness-uncovering-the-logic-behind-russian-military-cyber-operations-2020.pdf 美國發布俄羅斯GRU網路攻擊行動報告 https://www.freebuf.com/articles/network/232403.html Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics https://www.zdnet.com/article/booz-allen-analyzed-200-russian-hacking-operations-to-better-understand-their-tactics/ The Incident Response Challenge 2020 — Win $5,000 Prize! https://thehackernews.com/2020/04/incident-response-challenge.html RIPE opposes China's internet protocols upgrade plan https://www.zdnet.com/article/ripe-opposes-chinas-internet-protocols-upgrade-plan/#ftag=RSSbaffb68 US, UK Authorities Crack Down on Suspicious COVID-19 Domains https://www.bankinfosecurity.com/us-uk-authorities-crack-down-on-suspicious-covid-19-domains-a-14171 WHO Reports 'Dramatic' Increase in Attacks https://www.bankinfosecurity.com/who-reports-dramatic-increase-in-attacks-a-14184 Python for Hacking : Python Became a language of Choice for Ethical Hacking & Cyber Security https://ethicalhackersacademy.com/blogs/ethical-hackers-academy/python-for-hacking Hackers are creating backdoor accounts and cookie files on WordPress sites running OneTone https://www.zdnet.com/article/hackers-are-creating-backdoor-accounts-and-cookie-files-on-wordpress-sites-running-onetone/#ftag=RSSbaffb68 FL-【金控】雲端資安工程師 https://www.cakeresume.com/companies/recruit-express-taiwan-466cac/jobs/fl-gold-control-cloud-security-engineer 【資安所】網駭科技研析中心-資安工讀 https://www.104.com.tw/job/6i1l7?jobsource=jolist_c_relevance 【資安所】網駭科技研析中心-5G資安研發工程師 https://www.104.com.tw/job/6v9cz?jobsource=jolist_c_relevance 【資安所】網駭科技研析中心-工控OT資安研發工程師 https://www.104.com.tw/job/6v9d6?jobsource=jolist_c_relevance 【資安所】網駭科技研析中心-晶片IC資安研發工程師 https://www.104.com.tw/job/6v9dd?jobsource=jolist_c_relevance 資訊安全暨隱私保護實習顧問 https://www.104.com.tw/job/6xlp2 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 大量駭客利用偽造 Netflix 與 Disney+ 登入頁面竊取用戶個資 https://hypebeast.com/zh/2020/4/hackers-creating-fake-netflix-disney-plus-pages Google：每天逾2.4億則垃圾訊息　5大惡招愛注意 https://tw.appledaily.com/gadget/20200425/V4IEA7P7F6GSORB5SA3B2GMTNI/ Google提醒強化資安觀念 提防各種以疫情為主的詐騙 https://bit.ly/2Y4hTU1 武漢肺炎相關惡意程式與釣魚威脅猖獗，Google 提出強化防護機制與建議 https://www.kocpc.com.tw/archives/318880 WHO電郵遭駭 假募款詐騙暴增5倍 https://bit.ly/3cJGAZS 駭客散布勒索恐嚇郵件詐騙使用者 https://www.twcert.org.tw/tw/cp-104-3568-0207d-1.html 小心網路釣魚！資安專家：駭客最常假冒蘋果、Netflix和雅虎 https://newtalk.tw/news/view/2020-04-24/396547 不小心點了釣魚包裹簡訊 台中女子遭盜刷7萬 https://bit.ly/2SaTpEK 涉以「網戀」行騙　司警拘3男女檢380萬元 https://hk.on.cc/hk/bkn/cnt/news/20200430/bkn-20200430123026422-0430_00822_001.html 隱私和健康哪個重要？歐盟擬用數位足跡追蹤新冠病毒 https://cnews.com.tw/137200425a03/ 網路釣魚報告：蘋果用戶是犯罪者眼中的最多汁的肥羊 https://saydigi-tech.com/2020/04/22020.html 2.67億Facebook用戶信息以500英鎊在暗網出售 https://www.freebuf.com/news/234439.html 兩億六千七百萬組 Facebook 用戶資訊，在暗網上待價而沽 https://www.twcert.org.tw/tw/cp-104-3584-f694e-1.html 暗網流行數據報告，個人數據只值1美元 https://www.freebuf.com/articles/neopoints/234317.html 假資遣，真釣魚！駭客假借人資發 Zoom 會議連結，登入個資就外洩 https://www.inside.com.tw/article/19637-zoom-phishing-email-hack-coronavirus-unemployment 401(k)退休帳戶遇駭 存款8萬元慘剩8000元 https://bit.ly/2VGllmi 歐盟批中共隱匿還以假訊息誣台 竟被施壓刪報告 https://bit.ly/2SbV0Ks 路報稅小白最易被「網路詐騙」　專家教你5招自保 https://www.ettoday.net/news/20200428/1701665.htm 地下錢莊假冒政府紓困名義攬客 龔明鑫也都收到借錢簡訊 https://ec.ltn.com.tw/article/breakingnews/3143668 偽造視訊會議邀請連結釣魚情事頻傳，收到信件時請張大眼睛看清楚 https://www.kocpc.com.tw/archives/319625 抓準疫情恐慌心理　專家：恐出現報稅釣魚郵件 https://news.tvbs.com.tw/life/1315941 美女空姐網紅IG遭駭入侵　匯款還要脅裸照…崩潰72小時 https://www.setn.com/News.aspx?NewsID=734892 簡訊通知包裹被退 有詐！網址勿點入 https://news.ltn.com.tw/news/society/breakingnews/3150123 < 資安報告>假的「404 Not Found」頁面等四個網路釣魚新手法 https://blog.trendmicro.com.tw/?p=63975 臺灣學術網路個資外洩事件之預防與應變指南V2 https://cert.tanet.edu.tw/prog/opendoc.php?id=2020042801041515533659691159823.pdf Latest Phishing Campaigns Spoof Federal Reserve, SBA https://www.bankinfosecurity.com/latest-phishing-campaigns-spoof-federal-reserve-sba-a-14188 Around 25,000 Email Addresses and Passwords Belonging to NIH, WHO, World Bank and Others Posted Online https://www.ehackingnews.com/2020/04/around-25000-email-addresses-and.html Email Credentials of WHO, The Gates Foundation, Other Leaked Online https://hotforsecurity.bitdefender.com/blog/email-credentials-of-who-the-gates-foundation-other-leaked-online-23064.html Neo-Nazis post 'hacked emails from WHO' and others amid coronavirus pandemic https://www.thenational.ae/world/neo-nazis-post-hacked-emails-from-who-and-others-amid-coronavirus-pandemic-1.1009670 Enterprises are getting more high-risk calls as fraudsters exploit COVID-19 https://www.zdnet.com/article/enterprises-are-getting-more-high-risk-calls-as-fraudsters-exploit-covid-19/#ftag=RSSbaffb68 Canadian Authorities Email Private Details of 247 MS Zaandam Cruise Passengers https://hotforsecurity.bitdefender.com/blog/canadian-authorities-email-private-details-of-247-ms-zaandam-cruise-passengers-23010.html Wappalyzer reveals data breach after hacker disclosed incident to customers https://hotforsecurity.bitdefender.com/blog/wappalyzer-reveals-data-breach-after-hacker-disclosed-incident-to-customers-23006.html Hackers threaten to leak data from high-end architecture firm Zaha Hadid https://www.zdnet.com/article/hackers-threaten-to-leak-data-from-high-end-architecture-firm-zaha-hadid/#ftag=RSSbaffb68 Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies https://thehackernews.com/2020/04/targeted-phishing-attacks-successfully.html E.研究報告 APT28攻擊活動分析報告 https://www.freebuf.com/articles/network/231640.html APT41多入侵網絡攻擊分析 https://www.freebuf.com/articles/network/231801.html 什麼是 MITRE 評測?如何閱讀看待它的結果 https://blog.trendmicro.com.tw/?p=64146 慎防遠端存取服務攻擊 https://www.hkcert.org/my_url/zh/blog/20042801 路由抓包的種種姿勢 https://www.freebuf.com/articles/network/232048.html 個案分析-SMB暴力破解密碼攻擊事件分析報告_10903 https://cert.tanet.edu.tw/prog/opendoc.php?id=2020033110035454604665848435897.pdf 遠控免殺從入門到實踐之白名單（113個）總結篇 https://www.freebuf.com/articles/system/232074.html 紅藍對抗場景下的二三事 https://www.freebuf.com/vuls/232185.html Nginx服務漏洞詳解 https://zhuanlan.zhihu.com/p/136801555 VMware 虛擬機最新高危敏感信息泄露漏洞分析（CVE-2020-3952） https://www.chainnews.com/zh-hant/articles/713821082130.htm Cisco IP電話被發現RCE漏洞 https://www.4hou.com/index.php/posts/NpDz Rocke Group團伙新挖礦病毒變種分析 https://www.freebuf.com/articles/system/232412.html COVID-19攻擊手段與數據分析 https://www.freebuf.com/articles/network/234843.html TEA：一款基於TAS框架的SSH客戶端蠕蟲 https://www.freebuf.com/articles/network/231963.html Pulsar：一款功能強大的可視化網絡足跡掃描平台 https://www.freebuf.com/articles/network/232520.html 實戰中如何繞過殺軟用mimikatz獲取賬號密碼 https://www.freebuf.com/articles/web/232534.html 關於MciroPython的智慧農業檢測控制系統 https://www.freebuf.com/geek/196892.html CNCERT發布《2019年我國互聯網網絡安全態勢綜述》 https://www.freebuf.com/articles/paper/234421.html Web Application核心防禦機制記要 https://www.freebuf.com/articles/web/232186.html Unicode同形字符域漏洞 https://www.freebuf.com/vuls/229446.html Pentest-Tools-Framework：一款專為滲透測試初學者設計的強大框架 https://www.freebuf.com/sectool/231606.html DRAMDig：最快69秒逆向觸發Rowhammer攻擊的DRAM地址映射 https://www.freebuf.com/articles/system/234605.html 惠普電腦預裝軟件多個高危漏洞深入分析 https://www.anquanke.com/post/id/203238 Jeopardize：一款針對釣魚域名的低功耗威脅情報&響應工具 https://www.freebuf.com/sectool/231977.html HACKUSB內測版本評測：年輕人的第一條黑客數據線 https://www.freebuf.com/articles/terminal/232552.html SOC日誌可視化工具：SOC Sankey Generator https://www.freebuf.com/sectool/231106.html Zelos：一款功能強大的代碼模擬和測試平台 https://www.freebuf.com/articles/system/231609.html 針對電子商務的組織Magecart又研發了新的攻擊工具 https://www.freebuf.com/articles/database/227997.html 使用FakeNet-NG改進動態惡意軟件分析 https://www.freebuf.com/articles/others-articles/232557.html 域控管理員帳戶架構擴展 https://www.freebuf.com/articles/es/230271.html 俄羅斯Rostelecom劫持事件，BGP安全不止於此 https://www.freebuf.com/articles/network/233075.html shuffleDNS：一款基於主動爆破的子域名枚舉工具 https://www.freebuf.com/sectool/231959.html 一個例子引出的PLT與GOT姐妹花 https://www.freebuf.com/articles/others-articles/232329.html Kernel Hack實戰：修改並編譯手機內核源碼對抗反調試 https://www.freebuf.com/articles/terminal/229624.html XXExploiter：一款功能強大的XXE漏洞掃描與利用工具 https://www.freebuf.com/sectool/231978.html 挖洞經驗| HackerOne用戶頭像名稱變化導致的DoS漏洞 https://www.freebuf.com/vuls/232237.html 關於Network Discovery的一些思考 https://www.freebuf.com/sectool/226489.html 挖洞經驗| 以未授權方式查看特斯拉未公開車型Model Y參數數據 https://www.freebuf.com/vuls/228004.html 記一次域控服務器​​應急 https://www.freebuf.com/articles/system/231947.html Burpy：連接你的BurpSuite和Python https://www.freebuf.com/sectool/231825.html Gospider：一款基於Go語言的快速Web爬蟲 https://www.freebuf.com/sectool/232276.html 技術討論| Largebin攻擊突破利用分析 https://www.freebuf.com/articles/system/232676.html 流量分析在安全攻防上的探索實踐 https://security.tencent.com/index.php/blog/msg/148 攻擊者利用漏洞攻擊Edimax WiFi橋接器，綠盟威脅情報中心已支持相關檢測 https://www.nsfocus.com.cn/html/2020/21_0427/439.html PHP文件包含漏洞利用思路與Bypass總結手冊（一） https://www.freebuf.com/column/235054.html PHP文件包含漏洞利用思路與Bypass總結手冊（二） https://www.freebuf.com/column/235437.html 內核漏洞分析9.5 CVE-2011-2005 Winodws Afd.sys本地提權漏洞 https://book.douban.com/annotation/94806565/ PHP imap_open函数任意命令执行漏洞 https://www.weibo.com/ttarticle/p/show?id=2309404480613032788217 Liferay門戶Java反序列化進攻分析 https://www.freebuf.com/vuls/233296.html 利用Mojo IPC的UAF漏洞實現Chrome瀏覽器沙箱逃逸 https://www.anquanke.com/post/id/203834 零知識證明 - Trapdoor 團隊發現 PoREP 嚴重漏洞 https://www.chainnews.com/zh-hant/articles/240648383767.htm xShock：一款針對Shellshock漏洞的利用工具 https://www.freebuf.com/sectool/232277.html 2019年天府杯上的Adobe Reader RCE突破利用鏈分析 https://www.chainnews.com/zh-hant/articles/467054959914.htm Stomping Shadow Copies - A Second Look Into Deletion Methods https://www.fortinet.com/blog/threat-research/stomping-shadow-copies-a-second-look-into-deletion-methods.html Root me — Cisco Password Write-up https://medium.com/blacksecurity/root-me-cisco-password-decrypt-write-up-3b4beb890a76 IR Case: The Florentine Banker Group https://research.checkpoint.com/2020/ir-case-the-florentine-banker-group/ Attacking smart cards in active directory https://sensepost.com/blog/2020/attacking-smart-cards-in-active-directory/ Uncovering New Magecart Implant Attacking eCommerce https://marcoramilli.com/2020/02/19/uncovering-new-magecart-implant-attacking-ecommerce/ Bypass OTP using http header. https://medium.com/@rapidsafeguard/bypass-otp-using-http-header-a579ace73ed2 PICC Your Battles: Securing Emergency Field Hospitals and Temporary Medical Spaces https://www.fireeye.com/blog/executive-perspective/2020/04/securing-emergency-field-hospitals-and-temporary-medical-spaces.html Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining https://newsroom.trendmicro.com/node/4830 Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining https://newsroom.trendmicro.com/node/4831 GitHub hit with multiple back-to-back outages https://www.zdnet.com/article/github-hit-with-multiple-back-to-back-outages/#ftag=RSSbaffb68 Abusing COM objects https://0xpat.github.io/Abusing_COM_Objects/ Demystifying the Signal Protocol for End-to-End Encryption (E2EE) https://medium.com/@justinomora/demystifying-the-signal-protocol-for-end-to-end-encryption-e2ee-ad6a567e6cb4 Hunting for credentials and building a credential type reference catalog https://wunderwuzzi23.github.io/blog/posts/2020/hunting-for-credentials/ Pypykatz - Mimikatz implementation in pure Python https://hakin9.org/pypykatz-mimikatz-implementation-in-pure-python/ Impulse : Denial-of-service ToolKit https://kalilinuxtutorials.com/impulse/ OptOut – Compiler Undefined Behavior Optimizations https://research.checkpoint.com/2020/optout-compiler-undefined-behavior-optimizations/ Let’s break into Payment Gateways https://medium.com/bugbountywriteup/lets-break-into-payment-gateways-fc52523eeaca Hacking Android Remotely (WAN) using Kali Linux https://medium.com/@ehackingdotnet/hacking-android-remotely-wan-using-kali-linux-6c18fe6d9d9 Reverse Engineering Linux http://index-of.es/Miscellanous/LIVRES/anti-reverse-engineering-linux.pdf Android IPC: Part 1 - Introduction https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=46 emojidb_plaidctf2020 Emojidb (pwn) https://saaramar.github.io/emojidb_plaidctf2020/ Exploiting GlobalProtect for Privilege Escalation, Part One: Windows https://www.crowdstrike.com/blog/exploiting-escalation-of-privileges-via-globalprotect-part-1/ What is old is new again: The Relay Attack https://www.secureauth.com/blog/what-old-new-again-relay-attack FUD Android Payload and Listener https://github.com/thelinuxchoice/getdroid PoC 2019-2215 exploit for S8/S8 active with DAC + SELinux + Knox/RKP bypass https://github.com/chompie1337/s8_2019_2215_poc Open-AudIT v3.3.1 Remote Command Execution (CVE-2020-12078) https://shells.systems/open-audit-v3-3-1-remote-command-execution-cve-2020-12078/ Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims https://github.com/mandatoryprogrammer/CursedChrome A Bootable Flash Drive to Extract Encrypted Volume Keys, Break Full-Disk Encryption https://blog.elcomsoft.com/2019/04/a-bootable-flash-drive-to-extract-encrypted-volume-keys-break-full-disk-encryption/ Turning the Pages:Introduction to Memory Paging on Windows 10 x64 https://connormcgarr.github.io/paging/ Honeysploit: Exploiting the Exploiters https://medium.com/@curtbraz/exploiting-the-exploiters-46fd0d620fd8 Patchguard: Detection Of Hypervisor Based Introspection [P1] https://revers.engineering/patchguard-detection-of-hypervisor-based-instrospection-p1/ Patchguard: Detection Of Hypervisor Based Introspection [P2] https://revers.engineering/patchguard-detection-of-hypervisor-based-instrospection-p2/ Automatic Enumeration Tool based in Open Source tools https://github.com/carlospolop/legion SMB2 Session Prediction & Consequences https://www.rumble.run/2020/03/smb2-session-prediction-consequences/ Polypyus Firmware Historian https://github.com/seemoo-lab/polypyus Joystick ATT&CK Evaluations tool https://github.com/mitre-attack/joystick Damn Vulnerable WordPress https://github.com/vavkamil/dvwp Content-Security-Policy (CSP) Bypass Techniques https://medium.com/bugbountywriteup/content-security-policy-csp-bypass-techniques-e3fa475bfe5d Pwning Adobe Reader Multiple Times with Malformed Strings https://bit.ly/3cU3jmj Awesome-Hacking-Resources https://github.com/vitalysim/Awesome-Hacking-Resources Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics https://thehackernews.com/2020/04/deanonymize-device-biometrics.html SysmonSearch v2.0 Released https://blogs.jpcert.or.jp/en/2020/04/sysmonsearch-v20-released.html F.商業 資安業者Malwarebytes進入VPN市場 https://www.ithome.com.tw/news/137212 MITRE ATT&CK公布第二輪評估計畫結果，臺灣有兩家資安公司名列其中 https://www.ithome.com.tw/news/137221 資誠提供COVID-19遠距診斷數位工具 助企業評估疫情影響 https://times.hinet.net/news/22874802 GreyNoise發表免費的裝置遭駭通知服務 https://www.ithome.com.tw/news/137228 訴求「隱私」 小米再推新品牌 https://bit.ly/2KAWEBf 台港第1家！中華電通過AWS IoT能力認證 https://ec.ltn.com.tw/amp/article/breakingnews/3147643 甲骨文拿下Zoom公有雲合約 https://www.ithome.com.tw/news/137275 微軟Office 2010終止服務倒數計時 快準備超前部署 https://www.chinatimes.com/realtimenews/20200430003165-260412?chdtv 老字號 IT 網管監控神器　大秀自動流程與智慧分析 http://www.netadmin.com.tw/netadmin/zh-tw/snapshot/93B651A90E3E4A18A9CDAF515AF72106 Ubuntu 20.04 LTS開放下載，4月29日還有線上派對 https://www.techbang.com/posts/78056-ubuntu-2004-lts-open-download-online-party-on-april-29 Ubuntu 20.04 arrives with Linux 5.4 kernel and WireGuard VPN https://www.zdnet.com/article/ubuntu-20-04-arrives-with-linux-5-4-kernel-and-wireguard-vpn/#ftag=RSSbaffb68 Getting ATT&CKed By A Cozy Bear And Being Really Happy About It: What MITRE Evaluations Are, and How To Read Them https://blog.trendmicro.com/mitre-evaluation2020/ MITRE Round 2 Results Solidify Cortex XDR as a Leader in EDR https://blog.paloaltonetworks.com/2020/04/cortex-mitre/ G.政府 7成假訊息來自中！　「資安站」國安級打假 http://www.nexttv.com.tw/NextTV/News/Home/Politics/2020-04-24/158799.html 調查局資安工作站揭牌 打擊網路犯罪添利器 https://bit.ly/2x5YDdR 調查局「資安工作站」揭牌　蔡英文：查緝網路犯罪就是維護台灣民主自由 https://www.storm.mg/article/2560013 打擊資安犯罪 強化反制護國安 https://www.ydn.com.tw/News/381632 殭屍網路Necurs無需連線C&C伺服器，微軟揭露追蹤異常IP位址通報調查局經過 https://www.ithome.com.tw/news/137295 蔡英文出席調查局資安工作站揭牌儀式 https://www.chinatimes.com/realtimenews/20200424001678-260407?chdtv 調查局資安工作站揭牌 蔡英文：強化民主防衛機制 https://udn.com/news/story/7321/4515788?from=udn-catelistnews_ch2 疫情期間駭客攻擊增！疫苗開發不來就用偷的、調查局攜手微軟查獲40萬殭屍網路 https://cnews.com.tw/137200421a02/ 蔡英文批假訊息擾防疫　調查局握1500件情資 https://tw.appledaily.com/local/20200424/TORD6NMQYMN47XPNNHPQZFRQAA/ 阻中國假訊息散播 調查局：請社群媒體下架帳號 https://m.ltn.com.tw/news/society/breakingnews/3144312 百位學者連署反對！一文解析數位身分證的 4 個資安疑慮 https://buzzorange.com/techorange/2020/04/24/anti-digital-identification-card/ 學者指10月換數位身分證有變數 官員：受疫情影響 https://www.cna.com.tw/news/aipl/202004250211.aspx 從新版數位身分證，看資安與國安危機 https://talk.ltn.com.tw/article/breakingnews/3145982 資訊專家李忠憲召喚唐鳳成功 10月發晶片身分證有變數 https://newtalk.tw/news/view/2020-04-25/397285 數位身分證延後換發 內政部：安全如軍事機密 https://www.epochtimes.com/b5/20/4/27/n12064768.htm 李貴敏：數位身分證資安疑慮多 引爆竊取身分危機 https://times.hinet.net/news/22879526 內政部為New eID數位身分證急祭「軍事機密」怕燒到誰 https://www.peoplenews.tw/news/4ce50303-9e4f-479e-bdcc-43aedf0ad881 有關駭客入侵竊取公務信箱帳密一事，經查非直接從疾管署系統中外洩 https://www.mohw.gov.tw/cp-16-52972-1.html 驚傳遭駭客入侵多筆資料曝光 疾管署最新說明 https://www.ftvnews.com.tw/news/detail/2020429W0019 109年度資訊安全管理系統(ISMS)認證維護暨資安顧問委外服務 https://www.iot.gov.tw/cp-23-201207-4010b-1.html 邱國正：嚴密監控妨礙國家安全訊息 https://www.ydn.com.tw/News/381612 1968App人潮示警優化 行政院指示成立戰情室掌握 https://www.rti.org.tw/news/view/id/2062210 一張圖表看懂大同承攬政府重要機密系統 https://tw.news.appledaily.com/politics/20200501/OCV5YBT6O7NK6MKXAYQORPRNUY/ 關貿報稅系統鋼鐵部隊 口罩、報稅服務一把罩 https://money.udn.com/money/story/5635/4533021 H.工控系統/SCADA/ICS 西門子S7系列中間人攻擊：流量劫持和轉發（一） https://www.freebuf.com/articles/ics-articles/231701.html ABB分佈式控制系統存在漏洞黑客可藉此破壞工業系統 https://www.easyaq.com/news/2147307785.shtml JVNVU#97783982 LCDS 製 LAquis SCADA に複数の脆弱性 https://jvn.jp/vu/JVNVU97783982/ Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution https://packetstormsecurity.com/files/157383/ZSL-2020-5565.txt I.教育訓練 網站滲透學習之漏洞環境搭建 https://zhuanlan.zhihu.com/p/136753209 Fun With Malware https://www.youtube.com/watch?v=RGmZiCe9Mk8&list=PLwIrvBOwo9FYjuLcX-_g-VotrY5cfpBBd Malware development part 1 https://0xpat.github.io/Malware_development_part_1/ Malware development part 2 https://0xpat.github.io/Malware_development_part_2/ Malware development part 3 https://0xpat.github.io/Malware_development_part_3/ J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 你的車子其實不安全？兩大車款爆資安漏洞 用戶個資遭竊、陌生人入侵系統 https://bit.ly/2KCTNb7 Boston Dynamics gives hospital robot tech to the open source community https://www.zdnet.com/article/boston-dynamics-gives-hospital-robot-tech-to-the-open-source-community/#ftag=RSSbaffb68 6.近期資安活動及研討會 SDN x Cloud Native Meetup - Webinar 海外篇 #2 5/2 https://www.meetup.com/CloudNative-Taiwan/events/269994432/ 人工智慧拼資安升級實作班 5/4 https://www.iiiedu.org.tw/courses/msa376t2001/ Wi-Fi 6 進場的時間到了嗎 5/5 https://seminar.ithome.com.tw/live/extreme2020/index.html?utm_source=iThome&utm_medium=seminar Study Group - Clean Coder 5/7 https://www.meetup.com/Women-Who-Code-Taipei/events/jlmfprybchbkb/ CISSP 資訊安全認證課程 5/7 ~ 7/4 https://www.accupass.com/event/2002130410356136663450 2020 Quantum系列再進化，全產品隆重上市與安全銷售包裝說明 5/12 https://bit.ly/2VzDodV Web Application 威脅、弱點、防護及縱深防禦實戰班(第5期)5/12、5/19、5/26 http://service.tabf.org.tw/tw/user/409646/ Open Source 有哪些漏洞 5/13 http://reg.gss.com.tw/register/register.aspx?actid=706 Study Group - Clean Coder 5/14 https://www.meetup.com/Women-Who-Code-Taipei/events/jlmfprybchbsb/ 109年資安職能訓練(5/15開放報名) https://ctts.nccst.nat.gov.tw/NewsDetail/105 【零壹解決方案日】IT無疆界 企業營運不中斷 / 三大應用 八場直播 玩體驗 5/14 ~ 6/30 https://www.accupass.com/event/2004200112131299616148 交通大學駭客書院 - 基礎網站安全建構實務 5/16 https://hackercollege.nctu.edu.tw/?p=1151 ISO/IEC 27001:2013 資訊安全稽核師(主導稽核員)訓練課程 5/16 ~ 6/5 https://www.accupass.com/event/2002140726181428485387 中山大學資安社 - Forensic(一) 5/20 https://nsysuisc.kktix.cc/events/2020forensic1 Study Group - Clean Coder 5/21 https://www.meetup.com/Women-Who-Code-Taipei/events/jlmfprybchbcc/ RASP 應用程式的最後一道防護 5/22 http://reg.gss.com.tw/register/register.aspx?actid=707 交通大學駭客書院 - 電子郵件之偽造攻擊與防護措施 5/23 https://hackercollege.nctu.edu.tw/?p=1156 大智雲集- 雲端安全管理機制(SmartCloud)與AI驅動威脅防護引擎 5/26 https://bit.ly/2VzDodV Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/ 交通大學駭客書院 - 進階網頁滲透測試 5/30 https://hackercollege.nctu.edu.tw/?p=1159 榮耀資戰 – 重裝上陣 5/30 https://zyxel-foundation.kktix.cc/events/cyberthrones2020 109年智能物聯網與資訊安全碩士學分班 5/30 ~ 8/8 https://www.accupass.com/event/2003160837472127685300 Java Spring安全程式開發實務班 6/2 ~ 6/3 https://www.iiiedu.org.tw/courses/msa466t2001/ 邊緣計算系統之大數據與深度學習應用 6/5 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index Excel對人資假勤及薪資管理分析報表實務班 6/9 https://www.accupass.com/event/2003310137088658330050 透過零信任防護策略因應數位轉型對企業雲應用與IoT安全挑戰 6/9 https://bit.ly/2VzDodV 交通大學駭客書院 - 高階網頁滲透測試 6/13 6/20 https://hackercollege.nctu.edu.tw/?p=1161 CREST CPSA BootCamp 資安分析專家認證課程 6/15 ~ 6/19 https://www.ainetwork-training.com/product/crest-cpsa-bootcamp/ 惡意程式偵測、分析、防護實戰班(第3期) 6/16 http://service.tabf.org.tw/tw/user/409646/ ISACA® 國際資訊安全管理師 CISM 認證課程 6/16 ~ 6/19 https://www.accupass.com/event/2004140928122685616880 設計新興雲端安全防護架構: Container & Serverless Security安全藍圖 6/23 https://bit.ly/2VzDodV 交通大學駭客書院 - 企業網域控管-Active Directory攻擊與防禦 6/27 https://hackercollege.nctu.edu.tw/?p=1164 CompTIA Security+ 國際網路資安認證班 7/4 ~ 7/12 https://www.iiiedu.org.tw/courses/msa293t2002/ 數據分析與機器學習案例實務(三)影像分類技術 7/20 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3897&from_course_list_url=course_index CYBERSEC 2020 臺灣資安大會 8/12 https://cyber.ithome.com.tw/ 認證系統安全從業人員 SSCP 輔導班 9/5 ~ 9/13 https://www.iiiedu.org.tw/courses/asq902t2001/ 邊緣計算系統之大數據與深度學習應用 9/11 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3895&from_course_list_url=course_index 數據分析與機器學習案例實務(四)應用實例 9/14 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3898&from_course_list_url=course_index