###### tags: `資安事件新聞週報` # 資安事件新聞週報 2020/8/3 ~ 2020/8/7 1.重大弱點漏洞/後門/Exploit/Zero Day D-Link DIR-816L命令注入漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15893 GRUB 多個漏洞 https://www.hkcert.org/my_url/zh/alert/20073004 Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems https://thehackernews.com/2020/07/grub2-bootloader-vulnerability.html 全球數十億筆電與伺服器危矣！BootHole漏洞無差別攻擊Linux及Windows作業系統 https://reurl.cc/O1dOeD Vulnerability Spotlight: Microsoft issues security update for Azure Sphere https://blog.talosintelligence.com/2020/07/vuln-spotlight-azure-sphere-july-2020.html Netgear 產品遠端執行任意程式碼漏洞 https://kb.netgear.com/000062158/Security-Advisory-for-Pre-Authentication-Command-Injection-on-R8300-PSV-2020-0211 https://kb.netgear.com/000062127/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-R6700v3-PSV-2020-0202 資安防護有漏洞？IG傳偷開用戶攝像頭 官方回應：系統程式錯誤 https://life.tw/?app=view&no=1117657 從 MicroStrategy 入手發現 Facebook 的 XSS 漏洞 https://www.chainnews.com/zh-hant/articles/279335819156.htm 多款Qualcomm產品资源管理錯誤漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11120 蘋果 Face ID / Touch ID 安全晶片傳漏洞！無法修復、iPhone 5S 後續機種中招 https://3c.ltn.com.tw/news/41234 華碩路由器遠端執行漏洞通告 https://blog.csdn.net/weixin_45728976/article/details/107794706 ABUS Secvest FUMO5011 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14158 Cisco SD-WAN高危漏洞 （CVE-2020-3374，CVE-2020-3375） https://www.nsfocus.com.cn/html/2020/39_0731/952.html 17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers https://thehackernews.com/2020/07/windows-dns-server-hacking.html Nexus Repository Manager 遠程代碼執行漏洞預警（CVE-2020-15871） https://www.huaweicloud.com/notice/2018/20200801232406320.html Nexus Repository Manager 遠程代碼執行漏洞（CVE-2020-15871） https://nosec.org/home/detail/4518.html Nexus Repository Manager CVE-2020-15869 https://support.sonatype.com/hc/en-us/articles/360051424554-CVE-2020-15869-Nexus-Repository-Manager-3-Reflection-XSS-7-29-2020 Nexus Repository Manager CVE-2020-15870 https://support.sonatype.com/hc/en-us/articles/360051424754-CVE-2020-15870-Nexus-Repository-Manager-3-Reflection-XSS-7-29-2020 Nexus Repository Manager CVE-2020-15871 https://support.sonatype.com/hc/en-us/articles/360052192693-CVE-2020-15871-Nexus-Repository-Manager-3-Remote-Code-Execution-7-29-2020 Nexus Repository Manager 遠程代碼執行漏洞風險通告，騰訊雲鏡可以檢測 https://s.tencent.com/research/bsafe/1067.html Google: Eleven zero-days detected in the wild in the first half of 2020 https://www.zdnet.com/article/google-eleven-zero-days-detected-in-the-wild-in-the-first-half-of-2020/ Windows 10 2004: New update fixes all these problems, says Microsoft https://www.zdnet.com/article/windows-10-2004-new-update-fixes-all-these-problems-says-microsoft/ Mac用戶小心被駭客入侵！Microsoft Office被爆資安漏洞　微軟與蘋果討論防堵 https://www.ettoday.net/news/20200806/1778244.htm 駭侵者可利用 Zoom 資安漏洞，以暴力試誤法破解私人視訊會議密碼 https://www.twcert.org.tw/tw/cp-104-3821-03ba2-1.html Red Hat JBoss 多個漏洞 https://access.redhat.com/errata/RHSA-2020:3209 IBM WebSphere Application Server 多個漏洞 https://www.ibm.com/support/pages/node/6254704 Cisco Talos團隊披露Microsoft Azure Sphere多個安全漏洞 https://www.freebuf.com/vuls/245378.html 華碩路由器遠程代碼執行漏洞通告 https://cert.360.cn/warning/detail?id=81fd25539ed87e395f360e9094196da4 FortiOS SSL VPN 2FA bypass by changing username case https://fortiguard.com/psirt/FG-IR-19-283 微軟Chromium Edge連出兩包 https://www.ithome.com.tw/news/139175 IBM 多款產品爆出漏洞,或嚴重影響银行等金融機構 https://finance.jrj.com.cn/tech/2020/08/04154430423742.shtml 安全研究人员披露Ledger安全漏洞 https://www.bitcoin86.com/live/81869.html Grandstream 四個安全漏洞的影響 https://www.freebuf.com/vuls/245546.html Meetup安全漏洞可讓駭客接管社團以及金流 https://www.ithome.com.tw/news/139205 Twitter又曝新漏洞：Android用戶私人數據面臨泄露風險 https://reurl.cc/ex06lR Vulnerability Spotlight: Two vulnerabilities in SoftPerfect RAM Disk https://blog.talosintelligence.com/2020/08/softperfect-file-deletion-vuln-spotlight-aug-2020.html 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 7家銀行串接Mydata平台 辦信用卡免財力證明 https://reurl.cc/9Ego0V Visa數據顯示今年上半年電子支付大幅成長16%，疫情已改變消費行為 https://reurl.cc/arQ2M9 不只純網銀要來 電支電票整合可望變身「微銀行」 https://news.cnyes.com/news/id/4510499 樂天網銀開幕前 董座簡明仁說資訊人員聘用很艱苦 https://udn.com/news/story/7239/4762786?from=udn-ch1_breaknews-1-cate6-news 四大資安威脅 金管會要求營運中斷不逾4小時 https://m.ctee.com.tw/livenews/aj/a91617002020080618211775?area= 金管會推金融資安懶人包 金融業強制設資安長門檻出爐 https://news.cnyes.com/news/id/4512173 31家金融機構 須設資安長 https://udn.com/news/story/7239/4762025 金管會推動「金融資安行動方案」，追求安全便利不中斷的金融服務目標 https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202008060003&toolsflag=Y&dtable=News 〈永豐金法說〉進行數位組織改造 資安拉至金控層級 瞄準兩大戰場 https://news.cnyes.com/news/id/4511458?exp=a 小心！有人冒充銀行工作人員利用閃付漏洞盜刷信用卡 https://finance.sina.com.cn/money/bank/bank_hydt/2020-08-03/doc-iivhuipn6626614.shtml Carding and black box attacks: common ATM hacking techniques by Dominique René https://hakin9.org/carding-and-black-box-attacks-common-atm-hacking-techniques/ 3.電子支付/行動支付/pay/資安 「電支條例修正案」擴大開放電支業務五大亮點 https://www.inside.com.tw/article/20536-e-payment-regulation 4.加密貨幣/挖礦/區塊鍊 資安 加密資產的安全就該交給「運氣」？談交易所投保的重要性 https://blockcast.it/2020/07/31/keeping-cryptocurrency-secure-is-your-exchange-insured/amp/ 區塊鏈資安月報：7月共發生安全事件32起，虛擬貨幣詐騙案件氾濫 https://www.blocktempo.com/monthly-digital-currency-security-report-by-peckshield/ 你的「紙錢包」可能不安全！私鑰盜竊問題叢生，資安新創 CYBAVO 詳列危險清單 https://www.blocktempo.com/is-your-cryptocurrency-wallet-safe-cybavo/ 確保網路安全！以太坊基金會擬組建ETH 2.0安全團隊 https://news.knowing.asia/news/05ec56f3-2f5a-45b8-95c1-ed37f8bfc14c 新應用、新業態正在快速落地，區塊鏈安全如何保障 https://news.sina.com.tw/article/20200806/35968542.html An Introduction to Substrate - Building Blockchains the Easy Way https://www.crowdcast.io/e/ocimgwg2/register A Beginner’s Guide to Blockchain Programming by Febin John James https://hakin9.org/a-beginners-guide-to-blockchain-programming/ China arrests over 100 people suspected of involvement in PlusToken cryptocurrency scam https://www.zdnet.com/article/china-arrests-over-100-people-suspected-of-involvement-in-plustoken-cryptocurrency-scam/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 假扮成 TikTok 替代程式的惡意軟體，在印度藉由 WhatsApp 等管道肆虐 https://www.twcert.org.tw/tw/cp-104-3819-bbf10-1.html 特別針對臺灣的惡意程式Taidoor又來了！美國政府與警方警告，中國政府支持的駭客正以此變種發動攻擊 https://www.ithome.com.tw/news/139193 中共間諜軟件「泰門」新版出現！美權威警告 https://www.soundofhope.org/post/408094?lang=b5 美示警 中國木馬軟體正發動攻擊 https://tw.appledaily.com/headline/20200805/PIOVVUBIIE2MN5J32YS33YRLOI/ 美警告：中共利用Taidoor網攻竊密 https://news.ltn.com.tw/news/world/paper/1391077 Ensiko：具備勒索病毒能力的網站指令介面工具 (Webshell) https://blog.trendmicro.com.tw/?p=65396 英美政府：QNAP NAS 遭感染 6.2 萬台，SSH 後門開啟＋無法更新 https://technews.tw/2020/08/01/62000-qnap-nas-devices-infected-with-persistent-qsnatch-malware/ 鎖定Windows平臺的惡意程式TrickBot開始攻擊Linux裝置 https://www.ithome.com.tw/news/139180 Canon先後發生雲端遭駭及Maze勒索軟體攻擊 https://www.ithome.com.tw/news/139234 旅遊管理業者CWT遭勒索軟體攻擊，與駭客的談判過程全曝光 https://www.ithome.com.tw/news/139198 Garmin被綁1／電腦遭駭客綁架　關鍵2檔案曝光 https://www.ctwant.com/article/65402 Garmin被綁2／勒索軟體爆發 全球線上服務斷線4天 https://reurl.cc/KkVx19 Garmin被綁3／Wasted Locker從歐洲入侵　知情人士：非直接付贖金 https://www.ctwant.com/article/65404 Garmin被綁4／Wasted Locker 5月才被發現 專家：水坑式攻擊法 https://reurl.cc/qdMmeg Garmin被綁5／如何避免勒索軟體　專家：人才是重點 https://www.ctwant.com/article/65406 Microsoft Edge is malware, says angry Windows 7 user https://www.zdnet.com/article/microsoft-edge-is-malware-says-angry-windows-7-user/ GandCrab ransomware distributor arrested in Belarus https://www.zdnet.com/article/gandcrab-ransomware-distributor-arrested-in-belarus/#ftag=RSSbaffb68 QNAP urges users to update Malware Remover after QSnatch alert https://www.bleepingcomputer.com/news/security/qnap-urges-users-to-update-malware-remover-after-qsnatch-alert/ GandCrab ransomware operator arrested in Belarus https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-operator-arrested-in-belarus/ Linux warning: TrickBot malware is now infecting your systems https://www.bleepingcomputer.com/news/security/linux-warning-trickbot-malware-is-now-infecting-your-systems/ TrickBot Malware Warning Victims of Infection by Mistake https://www.tripwire.com/state-of-security/security-data-protection/trickbot-malware-warning-victims-of-infection-by-mistake/ RATicate malware gang goes commercial https://nakedsecurity.sophos.com/2020/07/14/raticate-malware-gang-goes-commercial/ Confirmed: Garmin received decryptor for WastedLocker ransomware https://www.bleepingcomputer.com/news/security/confirmed-garmin-received-decryptor-for-wastedlocker-ransomware/ WastedLocker: technical analysis https://securelist.com/wastedlocker-technical-analysis/97944/ Ransomware is Still a Blight on Business https://blog.trendmicro.com/ransomware-is-still-a-blight-on-business/ Ransomware: Why the internet's biggest headache refuses to go away https://www.zdnet.com/article/ransomware-why-the-internets-biggest-headache-refuses-to-go-away/ Confirmed: Garmin received decryptor for WastedLocker ransomware https://www.bleepingcomputer.com/news/security/confirmed-garmin-received-decryptor-for-wastedlocker-ransomware/ NetWalker ransomware gang has made $25 million since March 2020 https://www.zdnet.com/article/netwalker-ransomware-gang-has-made-25-million-since-march-2020/#ftag=RSSbaffb68 GandCrab ransomware distributor arrested in Belarus https://www.zdnet.com/article/gandcrab-ransomware-distributor-arrested-in-belarus/#ftag=RSSbaffb68 Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902 https://blog.trendmicro.com/trendlabs-security-intelligence/mirai-botnet-exploit-weaponized-to-attack-iot-devices-via-cve-2020-5902/ Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902 https://documents.trendmicro.com/assets/IoCs_Appendix_Mirai-Botnet-Exploit-Weaponized-to-Attack-IoT-Devices-via-CVE-2020-5902.pdf MassLogger: An Emerging Spyware and Keylogger https://www.seqrite.com/blog/masslogger-an-emerging-spyware-and-keylogger/ CISA, DOD, FBI expose new Chinese malware strain named Taidoor https://www.zdnet.com/article/cisa-dod-fbi-expose-new-chinese-malware-strain-named-taidoor/#ftag=RSSbaffb68 New infection chain of njRAT variant https://blog.360totalsecurity.com/en/new-infection-chain-of-njrat-variant/ Take a “NetWalk” on the Wild Side https://www.mcafee.com/blogs/other-blogs/mcafee-labs/take-a-netwalk-on-the-wild-side/ Canon hit by Maze Ransomware attack, 10TB data allegedly stolen https://www.bleepingcomputer.com/news/security/canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen/ B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G 中國盤古團隊發現蘋果Secure Enclave晶片存在「不可修補」漏洞 https://kknews.cc/tech/m9pzvj6.html Zoom 又爆安全漏洞 - 會議預設 6 位純數字密碼，幾分鐘就可破解 https://hk.xfastest.com/63984/zoom-security-breakthrough/ Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes https://thehackernews.com/2020/07/zoom-meeting-password-hacking.html 資安風暴延燒 美議員要求司法部調查Zoom和TikTok https://reurl.cc/Y1LyYl 抖音有何懼 壟斷洩密竊個資 https://www.chinatimes.com/newspapers/20200802000339-260108?chdtv 北京法院認證 抖音侵個資 https://www.ydn.com.tw/News/391744 應用程式資安漏洞多！小工具App易成詐騙溫床 訂閱費帳單嚇死人 https://reurl.cc/Mvn1y4 蘋果設備遭爆存在「無法修復」的漏洞！影響範圍遍及5代iPhone https://www.ettoday.net/news/20200803/1775962.htm 美將對中國APP「採取行動」　陸外交部：典型雙重標準 https://www.ettoday.net/news/20200803/1776041.htm 中共訊息戰武器 TikTok涉資安疑慮或遭禁 https://www.ntdtv.com/b5/2020/08/03/a102909658.html 盤古團隊發現硬件級不可修復漏洞：iOS 14能完美越獄 https://reurl.cc/qdMpzp Android 版 AirDrop 終於上線了！兩大品牌手機搶先使用 https://3c.ltn.com.tw/news/41241 印度擴大禁用中國手機App 小米百度遭殃 https://www.cna.com.tw/news/firstnews/202008060114.aspx TikTok投資5億美元在愛爾蘭建大型資料中心 宣示維護資安決心 https://news.cnyes.com/news/id/4511770 日本大阪等地停用TikTok官方帳號 稱需釐清資安疑慮 https://reurl.cc/9EdWoj 一款支付功能 App 存在提現漏洞 被“抓包軟件”抓走 14 萬 https://www.chainnews.com/zh-hant/articles/838279189120.htm 資安防護有漏洞？IG傳偷開用戶攝像頭 官方回應：系統程式錯誤 https://reurl.cc/GVzbLD 打假消息有一套！WhatsApp「放大鏡」替你查真偽、病毒資訊只能轉發一人 https://news.sina.com.tw/article/20200805/35956382.html Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts https://thehackernews.com/2020/08/apple-touchid-sign-in.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 趨勢科技研究機構披露舊程式語言的設計缺陷與漏洞 https://times.hinet.net/news/23001634 刑事局破獲非法侵權機上盒公司 竟播放未成年猥褻影片 https://udn.com/news/story/7315/4752004 侵權數千萬元！非法中國機上盒「夢想」看免錢 經銷商被逮 https://m.ltn.com.tw/news/society/breakingnews/3248317 盜版、色情片大放送！中國製「夢想機上盒」與中國工程師合作，警方：有嚴重資安問題 https://buzzorange.com/2020/08/04/set-box-of-dreamtv-is-illegal/ 最新電影、A片 免費看 中國機上盒侵權3800萬 https://m.ltn.com.tw/news/society/paper/1390772 夢想機上盒盜播侵權近4千萬　刑事局破獲逮10嫌 https://www.setn.com/News.aspx?NewsID=791219 Juiker正式聲明：遭駭與中資介入均屬不實謠言 http://www.netadmin.com.tw/netadmin/zh-tw/trend/867BFBA714C0456DBFB8E4928D2952D4 面對中國的監控技術，逃避不切實際，如何找到辦法與之共存 https://www.businessweekly.com.tw/international/blog/3003372 AI智鬥駭客，數位戰警網路掃黑 https://scitechvista.nat.gov.tw/c/sTvx.htm Garmin 系統中斷事件第六天宣告陸續恢復，官方首認是「網路攻擊」 https://saydigi-tech.com/2020/07/garmin-back-to-normal.html 網路媒體誤發新聞是系統被入侵？NOWnews表示已報案，但外界霧裡看花 https://www.ithome.com.tw/news/139154 鎖定大型雲端服務裡的Docker伺服器下手的後門程式，竟透過區塊鏈產生與C&C中繼站連線的網址 https://times.hinet.net/news/22994991 被問是否遭陸竊機密 美科技四巨頭僅一家說有 https://www.chinatimes.com/realtimenews/20200731003748-260408?chdtv 駭客亂給資料客服沒檢查？知名《虹彩六號》YouTuber遊戲帳戶遭封鎖 https://game.udn.com/game/story/10453/4745108 資安存疑！川普表態封殺　傳微軟洽談收購TikTok喊卡 https://www.setn.com/News.aspx?NewsID=790055 【澳洲疫情】民眾千方百計避入境隔離 昆士蘭被迫收緊邊境管制 https://reurl.cc/ex0mOb 梵諦岡曾遭中國駭客組織攻擊 https://pttstudy.com/ia/M.1596279516.A.517.html 美國新冠疫苗公司疑遭中國駭客入侵！中國外交發言人：造謠污衊 https://newtalk.tw/news/view/2020-07-31/444125 接連被控竊疫苗機密 中國氣噗噗：我們領先不必靠偷 https://news.ltn.com.tw/news/world/breakingnews/3247690 佐柏格指中國竊機密後 疫苗龍頭廠莫德納證實官網被駭入 https://www.ftvnews.com.tw/news/detail/2020731I10M1 中駭客攻擊疫苗研發公司 莫德納疑淪目標 https://life.tw/?app=view&no=1115922 國際產經：新冠疫苗研發商摩德納遭中國駭客鎖定 https://reurl.cc/ZODmNl 中駭客攻擊疫苗研發公司 莫德納疑淪目標 https://www.ftvnews.com.tw/news/detail/2020731W0072 Moderna遭狙擊？傳中國駭客為新冠疫苗出手 https://ctee.com.tw/news/global/310971.html 美國控中國駭客攻擊疫苗研發公司 欲偷貴重資料 https://www.cna.com.tw/news/firstnews/202007310114.aspx 吳奕軍專欄：被「紅色滲透」多年　比利時不忍了 https://www.upmedia.mg/news_info.php?SerialNo=92682 北極星行動：朝鮮駭客針對美國國防和航空太空公司 https://ek21.com/news/tech/208433/ 聯合國報告：北韓研發出小型核彈頭 https://reurl.cc/E7qpa0 趁機挑撥離間？ 「中國人」狂罵印度 印媒 ：很多是巴基斯坦假帳號 https://newtalk.tw/news/view/2020-08-04/445672 印度資安機構：核動力潛艦可能已成中國駭客目標 https://www.inside.com.tw/article/20570-Central-Security-Service-report-china-hacker-more-active 巴基斯坦電視台遭駭客入侵出現印度國旗畫面 https://reurl.cc/lV3n5E 印度安全機構：中國駭客活動增強 蒐集國安情資 https://money.udn.com/money/story/5599/4754213 美政府祭千萬美元查緝協助外國干擾選舉的人士 https://www.ithome.com.tw/news/139236 中共網絡間諜被捕突顯社交招聘網站漏洞 https://gnews.org/zh-hant/281990/ 歐盟首次製裁俄、中、朝駭客 https://www.bannedbook.org/bnews/zh-tw/comments/20200731/1372620.html 歐盟首次針對重大網絡攻擊實施制裁，向美國看齊 https://reurl.cc/5l7GxR 美國政府政策立場社論：打擊網絡犯罪 https://www.voacantonese.com/a/editorial-fighting-cybercrime-20200805-ry/5531265.html 美國宣布「清網」　祭6大措施排擠中國 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=9&id=0000590942_231LLLI63EM4ER3QMS8PV 美擴大乾淨網路計畫 擬封殺具資安風險中國App https://money.udn.com/money/story/10511/4760173 制裁網路犯罪！歐盟點名中國及北韓企業、俄國軍情局 https://newtalk.tw/news/view/2020-07-31/443919 國際要聞：歐盟就網路攻擊制裁俄羅斯、中國、北韓 https://reurl.cc/O1dOQv 歐盟首度制裁網攻 俄「中」北韓入列 https://www.ydn.com.tw/News/391739 守護資安 歐盟首次動用數位制裁 對俄中北韓機構個人開罰 https://money.udn.com/money/story/5602/4746566 EU sanctions hackers from China, Russia, North Korea who're wanted by the FBI https://thehackernews.com/2020/07/sanctions-against-wanted-hackers.html New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html Is Your Security Vendor Forcing You To Move to the Cloud? You Don't Have To https://thehackernews.com/2020/07/cloud-security-endpoints.html CWT Travel Agency Faces $4.5M Ransom in Cyberattack, Report https://threatpost.com/cwt-travel-agency-ransom-cyberattack-report/157911/ FBI warns of disruptive DDoS amplification attacks https://www.welivesecurity.com/2020/07/28/fbi-warning-disruptive-ddos-amplification-attacks/ A critical flaw in wpDiscuz WordPress plugin lets hackers take over hosting account https://securityaffairs.co/wordpress/106638/hacking/wpdiscuz-wordpress-plugin-bug.html Belarussian authorities arrested GandCrab ransomware distributor https://securityaffairs.co/wordpress/106701/malware/gandcrab-distrubutor-arrested.html New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html 資安SOC一線工程師 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=528812&HIRE_ID=9850711 資安SOC二線工程師 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=528812&HIRE_ID=9850789 資訊管理中心109年第七次專案人力進用-1.研發類-資訊安全 https://www.104.com.tw/job/70fa0 資安工程師 https://www.104.com.tw/job/70fu7 資安工程師/Cloud Security Engineer https://www.104.com.tw/job/70gbz (SOC)資安監控中心資安工程師 https://www.104.com.tw/job/70hww 資安監控人員 https://www.104.com.tw/job/70iki 雲端資安與應用服務經理 #6421 K-165 https://www.104.com.tw/job/6zurv 網路工程師(新竹) https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=50778&HIRE_ID=9868853 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 Google打假消息 刪逾2500個中國相關YouTube頻道 https://www.cna.com.tw/news/firstnews/202008060124.aspx FBI 發出警訊，線上購物相關詐騙案例明顯增加 https://www.twcert.org.tw/tw/cp-104-3826-9fc90-1.html IBM《資料外洩成本報告》：外洩憑證與雲端配置錯誤為最大的攻擊媒介 https://www.ithome.com.tw/news/139185 藝人粉專被盜頻傳！警官分析詐騙手法　中招就失去管理權限 https://forum.ettoday.net/news/1777154?redirect=1 買個資盜刷信用卡 半年獲利300萬 https://www.chinatimes.com/realtimenews/20200801001487-260402?chdtv 數位三倍券詐騙頻傳！專家教這3招輕鬆查證不上當 https://www.storm.mg/lifestyle/2833366 臉書日本用戶遭駭　至少76005帳號個資外洩 https://tw.appledaily.com/international/20200804/T32M4GQZ3BTHW5QQUYFGHSUNZY/ 騙案追縱：釣魚電郵出沒注意 信用卡資料勿亂俾 https://reurl.cc/Nj3WEk 硬體錢包公司爆資安漏洞！Ledger 上百萬用戶電郵遭洩 https://blockcast.it/2020/07/31/ledger-suffered-data-breach-in-late-june/ 買個資盜刷信用卡 半年獲利300萬 https://www.chinatimes.com/realtimenews/20200801001487-260402?chdtv 陳自瑤墮入「迷網」 IG遭駭客入侵兼被勒索500蚊美金 https://reurl.cc/xZdRee 電話詐婦30萬！ 報警停話後「改打LINE轟炸」 https://reurl.cc/MvnAxm 警方找到推特詐騙案嫌犯，犯案者駭入推特內部Slack工作空間以取得管理員帳密 https://www.ithome.com.tw/news/139171 直播吸毒百人觀看... 隱乳人妻遇駭遭勒索萬元贖金 https://ent.ltn.com.tw/news/breakingnews/3246573 江蕙臉書突重開？！經紀人急喊「駭客入侵」 http://www.nexttv.com.tw/NextTV/News/Home/LatestNews/2020-08-01/219115.html 男國中生網交「姊姊」被騙千元 警攻堅破獲假交友詐騙機房 https://www.chinatimes.com/realtimenews/20200731004842-260402?chdtv 點讚賺外快！女砸4萬加會員 控騙局一場 https://reurl.cc/8G14N7 利用帥哥美女照釣魚 被害人傻傻上勾話數誘騙投資 https://reurl.cc/7XOaLD 搗假交友投資詐欺機房 力破高價防暴門逮13人 https://news.ltn.com.tw/news/society/breakingnews/3245751 謊稱賭博網站有漏洞可獲利騙財 警逮13人送辦 https://www.cna.com.tw/news/asoc/202007310207.aspx 又是詐騙！女網友P手術圖騙同情 熱血台女險匯72萬 https://m.ltn.com.tw/news/society/breakingnews/3249090 騙徒看牙科誆心臟病　女愛心滿滿險被騙72萬 https://www.ctwant.com/article/65676 臉書日本用戶遭駭　至少76005帳號個資外洩 https://tw.appledaily.com/international/20200804/T32M4GQZ3BTHW5QQUYFGHSUNZY/ 利用“以租代購”詐騙汽車 五人“鑽空子”非法獲利20余萬元 http://big5.xinhuanet.com/gate/big5/www.js.xinhuanet.com/2020-08/01/c_1126311968.htm 比特幣釣魚的推特駭客遭逮！執法單位重嗆：網路犯罪無法再躲於匿名之後了 https://www.abmedia.io/twitter-hackers-under-arrest/ Twitter「社交工程攻擊」詐騙案的幕後主使被捕 https://reurl.cc/O1dOzD 國際產經：推特調查稱，7月15日駭客事件為透過手機連絡公司員工時入侵系統 https://reurl.cc/WdjnyD 推特被駭 利用名人帳號轉推淨賺10萬美金 https://m.ltn.com.tw/news/world/breakingnews/3246215 推特爆大規模駭客詐騙 幕後首腦竟是17歲少年 https://ec.ltn.com.tw/article/breakingnews/3246452 名人推特帳戶遭大規模入侵 美起訴三名涉案者 https://www.epochtimes.com/b5/20/7/31/n12298665.htm Twitter Confirms Spear-Phishing Attack Caused Account Takeover https://www.infosecurity-magazine.com/news/twitter-spear-phishing/ Twitter An update on our security incident https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html Breach of high-profile Twitter accounts caused by phone spear phishing attack https://www.techrepublic.com/article/breach-of-high-profile-twitter-accounts-caused-by-phone-spear-phishing-attack/ Canadian MSP discloses data breach, failed ransomware attack https://www.bleepingcomputer.com/news/security/canadian-msp-discloses-data-breach-failed-ransomware-attack/ Maine Intelligence Center Breach Could Snarl Investigations https://www.govtech.com/security/Maine-Intelligence-Center-Breach-Could-Snarl-Investigations.html Phishing campaigns, from first to last victim, take 21h on average https://www.zdnet.com/article/phishing-campaigns-from-first-to-last-victim-take-21h-on-average/ 10 billion records exposed in unsecured databases, study says https://www.welivesecurity.com/2020/07/30/10-billion-records-exposed-unsecured-databases/ Phishing campaigns, from first to last victim, take 21h on average https://www.zdnet.com/article/phishing-campaigns-from-first-to-last-victim-take-21h-on-average/ FBI Warns of Surge in Fraudulent Shopping Websites https://www.bankinfosecurity.com/fbi-warns-surge-in-fraudulent-shopping-websites-a-14765 E.研究報告 行政院技術服務中心109年第2季資通安全技術報告 https://ppt.cc/fkznQx 以合法掩護非法　WastedLocker勒索軟體深層分析 http://www.netadmin.com.tw/netadmin/zh-tw/snapshot/8E18D08773064F93B339A511587A0752 深度分析成功入侵Garmin的WastedLocker勒索軟體 為何會如此刁鑽 https://reurl.cc/62WrKZ java 反序列化漏洞利用思路簡介 https://blog.csdn.net/whatday/article/details/107736196 Mirai 殭屍網路可被用來透過漏洞 CVE-2020-5902攻擊物聯網裝置 https://blog.trendmicro.com.tw/?p=65401 DoH技術遭駭客組織利用，網路安全技術淪竊密工具 https://www.twcert.org.tw/tw/cp-104-3829-4a0ff-1.html 利用最新Apache解析漏洞（CVE-2017-15715） https://www.yisu.com/zixun/250778.html IBM WebSphere CVE-2020-4450漏洞分析 https://www.secrss.com/articles/24353 cve-2018-2628 Weblogic反序列化漏洞實現反彈shell https://blog.csdn.net/whatday/article/details/107720033 從cve2015-1805漏洞入門 https://bbs.pediy.com/thread-261165.htm WebLogic coherence UniversalExtractor 反序列化 (CVE-2020-14645) 漏洞分析 https://paper.seebug.org/1280/ 卡巴斯基報告：Lazarus APT 組織的大型狩獵遊戲 https://paper.seebug.org/1279/ “失控”的 IPv6：觀察 IPv6 網路境安全現狀 https://paper.seebug.org/1277/ Django SQL注入漏洞復現(CVE-2020-7471) https://www.freebuf.com/vuls/245359.html Node.js中存在原型污染漏洞，可致Web應用程式遭受DoS和遠端Shell攻擊 https://www.freebuf.com/vuls/245658.html Opyn ETH Put邏輯漏洞技術分析 https://www.bishijie.com/shendu/119960.html WordPress聊天外掛含有安全漏洞，允許駭客接管聊天功能 https://www.ithome.com.tw/news/139231 安全專家發現伊朗駭客率先利用DoH暗中竊密 https://www.ithome.com.tw/news/139209 java反序列化漏洞的一些gadget https://blog.csdn.net/whatday/article/details/107854348 近期幾起資安事件之風險防患討論 https://vocus.cc/@Jerome/5f2a54b9fd89780001f64e83 人、工具、流程再進化　打造現代資安維運中心 加速OODA循環　從戰略層級應變攻擊 http://www.netadmin.com.tw/netadmin/zh-tw/trend/052F244B988E490DBD2D7FBB1CE1D1AD Incident Response Analyst Report 2019 https://securelist.com/incident-response-analyst-report-2019/97974/ SSH Pentesting Guide https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/SSH%20Pentesting%20Guide.pdf How we deal with sparse data at SentinelOne https://medium.com/@Sentinelone_tech/how-we-deal-with-sparse-data-at-sentinelone-26df32ea7a37 SIEM Better Visibility for SOC Analyst to Handle an Incident with Event ID https://gbhackers.com/siem-for-better-visibility-for-an-analyst-to-handle-an-incident/ CVE-2020-1313 Exploit https://github.com/irsl/CVE-2020-1313 XRCross (Recon) https://github.com/pikpikcu/xrcross V3n0M-Scanner https://github.com/v3n0m-Scanner/V3n0M-Scanner DRAKVUF Sandbox https://github.com/CERT-Polska/drakvuf-sandbox Ehtools - Framework Of Serious Wi-Fi Penetration Tools https://hakin9.org/ehtools-framework-of-serious-wi-fi-penetration-tools/ Offense and Defense – A Tale of Two Sides: Group Policy and Logon Scripts https://www.fortinet.com/blog/threat-research/offense-defense-a-tale-of-two-sides-group-policy-and-logon-scripts Web App Hacking: Overview and Strategy for Beginners https://www.hackers-arise.com/post/2017/10/20/web-app-hacking-overview-and-strategy-for-beginners Python Basics for Hackers, Part 4:How to Find the Exact Location of any IP Address https://www.hackers-arise.com/post/2016/08/29/how-to-find-the-exact-location-of-any-ip-address Overworked and burnt out? Cybersecurity pros under more pressure https://techhq.com/2020/07/overworked-and-burnt-out-cybersecurity-pros-under-more-pressure-than-ever/ Threat Intelligence Fundamentals https://www.peerlyst.com/posts/threat-intelligence-fundamentals-chiheb-chebbi?trk=site_header A new approach for Bypassing Windows 10 UAC with mock folders and DLL hijacking https://www.offensive-hackers.com/2020/08/A-new-approach-for-Bypassing-Windows-10-UAC-with-mock-folders-and-DLL-hijacking.html Password Spraying Secure Logon for F5 Networks https://www.n00py.io/2020/08/password-spraying-secure-logon-for-f5-networks/ Kaspersky Uncovers New APT “Mercenary” Group https://www.infosecurity-magazine.com/news/kaspersky-uncovers-new-apt/ Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates https://www.fireeye.com/blog/threat-research/2020/07/insights-into-office-365-attacks-and-how-managed-defense-investigates.html Cybercriminals Targeting Multiple Vulnerabilities in WordPress Plugins https://www.zscaler.com/blogs/research/cybercriminals-targeting-multiple-vulnerabilities-wordpress-plugins Crack WPA/WPA2 Wi-Fi Routers with Aircrack-ng and Hashcat by Brannon Dorsey https://hakin9.org/crack-wpa-wpa2-wi-fi-routers-with-aircrack-ng-and-hashcat/ Bypassing Windows 10 UAC with mock folders and DLL hijacking https://www.bleepingcomputer.com/news/security/bypassing-windows-10-uac-with-mock-folders-and-dll-hijacking/ Universal Radio Hacker: Investigate Wireless Protocols like a Boss https://hakin9.org/universal-radio-hacker-investigate-wireless-protocols-like-a-boss/ 6 TYPES OF PASSWORD ATTACKS COMMONLY USED BY ETHICAL HACKERS https://blog.eccouncil.org/6-types-of-password-attacks-commonly-used-by-ethical-hackers/ Xerosploit - Efficient and Advanced Man-In-The-Middle Framework https://hakin9.org/xerosploit-efficient-and-advanced-man-in-the-middle-framework/ Remote working security challenges urge MFA implementation https://www.helpnetsecurity.com/2020/07/14/remote-working-security-challenges/ OSINT_TIPS https://github.com/blaCCkHatHacEEkr/OSINT_TIPS ESET Threat Report Q2 2020 https://www.welivesecurity.com/2020/07/29/eset-threat-report-q22020/ Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902 https://reurl.cc/7X69Eb Analysis of Android InsecureBank v2 Part 1 https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-1-9e0788ba5552 Analysis of Android InsecureBank v2 Part 2 https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-2-429b4ab4a60f Analysis of Android InsecureBank v2 Part 3 https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-3-2b3e5843fe91 SOC analyst job description, salary, and certification https://www.csoonline.com/article/3537510/soc-analyst-job-description-salary-and-certification.html SOC Analyst: Interview Preparation https://www.cybrary.it/blog/2017/08/soc-analyst-interview-preparation/ BlackBerry releases new security tool for reverse-engineering PE files https://www.zdnet.com/article/blackberry-releases-new-security-tool-for-reverse-engineering-pe-files/#ftag=RSSbaffb68 PE Tree https://github.com/blackberry/pe_tree ビジネスメール詐欺実態を共同分析、攻撃者の手口と素性が明らかに（マクニカネットワークス、伊藤忠商事） https://scan.netsecurity.ne.jp/article/2020/08/04/44395.html ビジネスメール詐欺の実態と対策アプローチ https://www.macnica.net/pdf/macnica_wp_0729.pdf Doki Dukes with Kinsing https://www.lacework.com/doki-dukes-kinsing/ Mitaka https://github.com/ninoseki/mitaka US defense and aerospace sectors targeted in new wave of North Korean attacks https://www.zdnet.com/article/us-defense-and-aerospace-sectors-targeted-in-new-wave-of-north-korean-attacks/ Research Roundup: Recent Probable Charming Kitten Infrastructure https://threatconnect.com/blog/research-roundup-recent-probable-charming-kitten-infrastructure/ Inter skimming kit used in homoglyph attacks https://blog.malwarebytes.com/threat-analysis/2020/08/inter-skimming-kit-used-in-homoglyph-attacks/ Black Hat: When penetration testing earns you a felony arrest record https://www.zdnet.com/article/black-hat-when-penetration-testing-earns-you-a-felony-record/ The disappointment of Australia's new cybersecurity strategy https://www.zdnet.com/article/the-disappointment-of-australias-new-cybersecurity-strategy/ Black Hat: Hackers can remotely hijack enterprise, healthcare Temi robots https://www.zdnet.com/article/black-hat-healthcare-senior-living-temi-robots-can-be-hijacked-remotely-by-hackers/ Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack https://thehackernews.com/2020/08/http-request-smuggling.html F.商業 每年900萬人成「網路犯罪」受害者 諾頓教你如何安全上網 https://udn.com/news/story/7086/4745513 力抗病毒，資安產業未來 5 年熱度可期 https://technews.tw/2020/07/31/information-security-industry-is-expected-to-be-hot/ 提升專業資安團隊工作效率　加速反制攻擊威脅 SOAR統整異質平台　預建流程自動執行回應 http://www.netadmin.com.tw/netadmin/zh-tw/trend/F6E7E0CFB2F14E06ACCA8F67DE1330C9 數聯資安攜手VMware提供資安託管服務 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=13&id=0000590080_f9f1gdl97nu7m91dsh0bn 【超融合系統獨立平臺點將錄（1）NetApp HCI】獨特運算與儲存節點分離架構，提供更靈活、高效的資源運用 https://www.ithome.com.tw/tech/139035 TensorFlow 2.3加入新API解決資料工作管線載入瓶頸 https://www.ithome.com.tw/news/139181 Juniper推出AI故障排除工具使企業網路營運更自動化 https://www.ithome.com.tw/news/139178 蘋果併購行動支付業者Mobeewave https://www.ithome.com.tw/news/139177 騰訊計畫買下搜狗，將其私有化 https://www.ithome.com.tw/news/139176 取得川普同意，微軟公開表態有意買下TikTok，9月15日以前定案 https://www.ithome.com.tw/news/139174 Google Chrome將顯示廣告主身份、測試Trust API https://www.ithome.com.tw/news/139173 PyTorch 1.6加入自動混合精度訓練 https://www.ithome.com.tw/news/139184 能搜尋連網裝置與漏洞系統的搜尋引擎 Censys，獲 1,550 萬美元 A 輪融資 https://finance.technews.tw/2020/08/07/censys-a-search-engine-for-internet-devices-raises-series-a/ FBI呼籲私人企業應儘速脫離Windows 7，升級到最新版本 https://www.ithome.com.tw/news/139230 全球新冠疫情迅速蔓延為網路環境帶來新威脅 VMware 網路安全威脅報告：網路攻擊增加態勢和漏洞升級 http://www.netadmin.com.tw/netadmin/zh-tw/snapshot/7A82AD0E621448F68490AB52AB5F4733 Linux基金會成立開源安全基金會，微軟、Google加入 https://www.ithome.com.tw/news/139191 安控、AI影像分析到資安的完美整合 晶睿開創智慧工廠監控新紀元 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000590055_l5w1j3ar44zzxc6fkpkgp 台灣資訊安全協會成立 鏈結產官學產業生態系 https://money.udn.com/money/story/10860/4757875 42家資安業者揪團 建平台走向國際 https://www.ocacnews.net/overseascommunity/article/article_story.jsp?id=260756 日本Nulab軟體開發公司推出全新資安服務「Nulab Pass」 https://twnewshub.com/archives/6622 TikTok投資5億美元在愛爾蘭建大型資料中心 宣示維護資安決心 https://news.cnyes.com/news/id/4511770?exp=a Kroll聘請Alex Shim以擴大日本網絡風險業務 http://www.businesswirechina.com/hk/news/44113.html Uniting for better open-source security: The Open Source Security Foundation https://www.zdnet.com/article/uniting-for-better-open-source-security-the-open-source-security-foundation/#ftag=RSSbaffb68 G.政府 抓漏洞！身分遭盜用怎解？內政部：數位防偽機制比紙本強 https://www.setn.com/News.aspx?NewsID=789445 台大應力所教授吳光鐘真除 今起任國研院長 https://udn.com/news/story/6885/4747196 吳光鐘教授正式接任國家實驗研究院院長 持續優化各中心科研服務 https://times.hinet.net/news/22996797 資安與人權不能政策豪賭 數位身分證十大爭議 https://reurl.cc/mnaEpM 國安局反擊共軍網駭再設新武器平台 不與國防部交流 https://udn.com/news/story/10930/4749278?from=udn-catelistnews_ch2 開放架構白牌興起藏漏洞　NCC嚴審安全維護計劃 https://tw.appledaily.com/property/20200802/4NOPTDVAOPZZDSAV4A6UXD27F4/ 行政院通過「電子支付機構管理條例」修正草案 https://reurl.cc/rxNdK4 【紅色危機2】中科院、陸軍官校也輕忽資安　《蘋果》踢爆後才緊急查辦 https://tw.appledaily.com/politics/20200805/533DRITRWKRRARWN63GHAZQGP4/ 【紅色危機3】全國逾半公務機關使用中國通訊產品　政院下令盡速汰換 https://tw.appledaily.com/politics/20200805/3A6DE5GB44VEI7PSRPPHOARHGU/ 立院影音 爆紅色資安危機 《蘋果》踢爆 與解放軍使用同公司系統14年 立院：將立刻更換 https://tw.appledaily.com/headline/20200806/OA2DNT74JXGJ6RGYVWLDVRVJMM/ 蘋論：不可輕忽「紅色資安危機」 https://tw.appledaily.com/headline/20200806/2XI5JVPNXXA5IF6LQM6A7GH4QI/ 立院影音儲存系統遭爆使用中國貨 蔡其昌：有資安疑慮就要趕快更新 https://m.ltn.com.tw/news/politics/breakingnews/3250312 立院影音儲存系統中國製 外界憂資安危機 https://news.pts.org.tw/article/489650 立院使用中國系統爆資安危機 蔡其昌：若有疑慮就更新 https://reurl.cc/vDyKye 【台海軍情】防共軍電磁脈衝攻擊　國土安全辦公室要求加強防護 https://tw.appledaily.com/politics/20200806/WQPLKZDP7OQM4AJTLBVM6JDTA4/ 固安作戰計畫遭洩？軍方否認 戰車士官交保返回連隊 https://udn.com/news/story/10930/4758532 NCC組改進行式 陳耀祥：已爭取內容監理獨立性 https://udn.com/news/story/7266/4757998 動滋券頻出包，承包商聯網國際(活動咖)公司遭駭，爆資安疑慮 https://www.dcard.tw/f/trending/p/234174703 H.工控系統/ICS/SCADA 相關資安 樹立國際工控資安標準　IEC 62443捍衛工業聯網安全 https://www.2cm.com.tw/2cm/zh-tw/tech/7E876B7170EE44A9A23BF87A11CB465A 日本海事協會宣布 第二版船上網路資安指導方針 https://m.ctee.com.tw/livenews/aj/a98623002020080310474621?area= Rockwell工控軟體的5個组合漏洞導致RCE https://www.anquanke.com/post/id/212531 Pwn2own Miami：通過漏洞利用鏈實現對 Ignition 工控系統的代碼執行 https://www.chainnews.com/zh-hant/articles/990975995016.htm 趨勢科技研究發現工業 4.0 與 IT 連接的關鍵介面重大漏洞 https://reurl.cc/xZY92V I.教育訓練 DDoS防禦實務 https://reurl.cc/ar6Xyl 如何學習網站漏洞滲透測試 https://iter01.com/520192.html Writing Shell Scripts — The Beginner’s Guide by Muhammad Junaid https://hakin9.org/writing-shell-scripts%E2%80%8A-%E2%80%8Athe-beginners-guide/ Universal Radio Hacker: Investigate Wireless Protocols like a Boss https://hakin9.org/universal-radio-hacker-investigate-wireless-protocols-like-a-boss/ Hacking-OSCP cheatsheet https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/Hacking-OSCP%20cheatsheet.pdf Metasploit Payloads GUI - Create Backdoors & Control Hacked Devices Easily https://www.youtube.com/watch?v=hollnezbeus How to Extend Security Across Your Kubernetes Infrastructure https://securityaffairs.co/wordpress/105944/hacking/extend-security-kubernetes-infrastructure.html Case Study: How Incident Response Companies Choose IR Tools https://thehackernews.com/2020/08/incident-response-software.html SANS Incident Handler's Handbook https://www.sans.org/reading-room/whitepapers/incident/paper/33901 J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 解決第三方物聯網漏洞需要轉變網絡安全範式 https://www.secrss.com/articles/24384 6.近期資安活動及研討會 SITCON 2020 8/8 https://sitcon.org/2020/ 中華電信學院 無人機操控證照輔導班 基本級2KG以下(台中平日全科班) https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=165 CYBERSEC 2020 臺灣資安大會 8/12 https://cyber.ithome.com.tw/ Power of X 科技講堂 2020/08/13 https://systex-tw.kktix.cc/events/power-of-x-webinar AI/BigData技能養成班系列課程-白帽駭客認知班(確定開課) 8/14 https://www.accupass.com/event/2005060928471871405427 高雄場-資安趨勢暨物聯網(IoT)資安探討 8/17 https://tacert.mis.nsysu.edu.tw/p/404-1257-207359.php DevDays Asia 2020 Online 亞太技術年會 8/19 8/20 8/21 8/25 8/26 https://seminar.ithome.com.tw/public/live/devdays/ 物聯網(IoT)資安防護設計與強化實作培訓班 8/19 ~ 8/21 https://www.moea.gov.tw/Mns/populace/news/NewsAction.aspx?kind=4&menu_id=43&news_id=90845 【資安初階課程】Google hacking & Shodan實務 上課時間： 2020/8/20 (四) 09:30 ～ 16:30 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3905&from_course_list_url=homepage 臺北場-資安趨勢暨網路攻防技術 8/20 https://tacert.mis.nsysu.edu.tw/p/404-1257-237050.php 醫療資訊安全技術實作培訓班 8/20 ~ 8/22 https://www.moeaidb.gov.tw/external/ctlr?PRO=indpark.BulletinView&id=21154&lang=0 「資安管理與 個資保護落實之新觀念與新趨勢」教育訓練 8/21 https://reurl.cc/pdlX3r 自然語言處理技術再進化，Google BERT讓聊天機器人更能理解人類意圖，進入全新境界 8/22 https://www.techbang.com/posts/78985-course-bert-technology-practice 資安事故處理實務課程－109年度「資安人才培訓及國際推展計畫－資安專業人才培育深化課程」 8/22 https://www.cisanet.org.tw/News/activity_more?id=MTUyOA== SDN x Cloud Native Meetup - Webinar 海外篇 #5 8/22 https://www.meetup.com/CloudNative-Taiwan/events/272097499/ NISRA Enlightened 2020 8/24 https://nisra.kktix.cc/events/2020enlightened 中華電信學院 109 年 暑期 CCNA 網通證照實戰營(高雄) 8/24 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=172 「物聯網世界新常態的資安挑戰和機會研討會」 8/25 https://www.acw.org.tw/News/Detail.aspx?id=1142 中華電信學院 無人機操控證照輔導班 基本級2KG以下(高雄平日全科班) 8/22 ~ 8/28 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=166 開源碼網管軟體實作(高雄上機實作)8/26 https://tacert.mis.nsysu.edu.tw/p/404-1257-207353.php 中華電信學院 資通安全專業課程訓練 勒索軟體與釣魚平台防護實務 8/27 ~ 8/28 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=63 智慧工控與智慧電網資安風險與防護研討會 8/28 https://www.beclass.com/rid=2443d1b5f23d8632b23a 交通大學亥客書院 新世代企業資安治理: 現今企業經營所面臨之挑戰 8/28 https://hackercollege.nctu.edu.tw/?p=1190 中華電信學院 資通安全專業課程訓練 網站弱點偵測與防護管理 9/4 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=58 交通大學亥客書院 電子郵件之偽造攻擊與防護措施 9/5 https://hackercollege.nctu.edu.tw/?p=1203 台灣駭客年會 HITCON Training 2020 9/5 https://hitcon.kktix.cc/events/hitcon-training-2020 台灣駭客年會 HITCON Training 2020 - 學生報名 9/5 https://hitcon.kktix.cc/events/hitcon-training-2020-student 認證系統安全從業人員 SSCP 輔導班 9/5 ~ 9/13 https://www.iiiedu.org.tw/courses/asq902t2001/ 中華電信學院 資通安全專業課程訓練 物聯網資安威脅與實務 9/9 ~ 9/11 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=54 邊緣計算系統之大數據與深度學習應用 9/11 https://reurl.cc/62OD9k HITCON 2020 台灣駭客年會 9/11 https://hitcon.kktix.cc/events/hitcon-2020 交通大學亥客書院 基礎網頁安全與滲透測試 9/12 https://hackercollege.nctu.edu.tw/?p=1205 數據分析與機器學習案例實務(二)應用實例 上課時間： 2020/9/14 (一) 09:30 ～ 16:30 https://reurl.cc/1xAoMp 【單元課程班-認列董監進修時數】開始報名， 「資安戰略對企業發展關鍵意義及資安治理與防護」109/10/15 https://reurl.cc/AqGdlQ 中華電信學院 資通安全專業課程訓練 Web應用滲透測試 9/16 ~ 9/17 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=167 邊緣計算系統之大數據與深度學習應用 上課時間： 2020/9/18 (五) 09:30 ～ 16:30 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3895&from_course_list_url=homepage 交通大學亥客書院 緩衝區溢位攻擊與預防 10/17 https://hackercollege.nctu.edu.tw/?p=1207 中華電信學院 自主式移動機器人ROS開發實戰班 10/20 ~ 10/23 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=188 交通大學亥客書院 入侵行為發覺與應變指南 10/24 https://hackercollege.nctu.edu.tw/?p=1214 交通大學亥客書院 進階網頁滲透測試 10/31 https://hackercollege.nctu.edu.tw/?p=1216 交通大學亥客書院 阻斷服務攻擊/分散式阻斷服務攻擊/Botnet 11/7 https://hackercollege.nctu.edu.tw/?p=1218 交通大學亥客書院 基礎網站安全建構實務 11/14 https://hackercollege.nctu.edu.tw/?p=1220 交通大學亥客書院 系統防護及內網威脅通報應變實戰班 11/17、11/24 http://service.tabf.org.tw/tw/user/409646/course1-4.htm 交通大學亥客書院 惡意程式檢測實務 11/21 11/28 https://hackercollege.nctu.edu.tw/?p=1222 交通大學亥客書院 高階網頁滲透測試 12/5 12/12 https://hackercollege.nctu.edu.tw/?p=1224 交通大學亥客書院 系統滲透測試與漏洞利用 12/19 https://hackercollege.nctu.edu.tw/?p=1226 交通大學亥客書院 AI於資訊安全之應用 2021/1/9 1/16 https://hackercollege.nctu.edu.tw/?p=1228 交通大學亥客書院 企業網域控管－Active Directory攻擊與防禦 2021/1/23 https://hackercollege.nctu.edu.tw/?p=1230