###### tags: `資安事件新聞週報` # 資安事件新聞週報 2020/1/13 ~ 2020/1/17 1.重大弱點漏洞/後門/Exploit/Zero Day 研究人員揭露纜線數據機漏洞Cable Haunt：光在歐洲就波及2億台數據機 https://www.ithome.com.tw/news/135306 可取國際(icatch)DVR攝影主機遭網路惡意入侵，煩請儘速確認並進行韌體更新 http://www.idsmag.com.tw/ids/new_article.asp?ar_id=30954 Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting https://www.exploit-db.com/exploits/47927 Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now https://thehackernews.com/2020/01/firefox-cyberattack.html Symantec Endpoint Detection and Response XSS https://support.symantec.com/us/en/article.SYMSA1502.html 甲骨文修補334個安全漏洞，平歷史紀錄 https://www.ithome.com.tw/news/135411 F5 BIG-IP Engineering Hotfix 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5851 Juniper 產品多個漏洞 https://www.hkcert.org/my_url/zh/alert/20011001 安全研究人員發佈了兩個思傑嚴重漏洞的利用 https://www.chainnews.com/zh-hant/articles/618719868910.htm 美國國土安全部和MSF相繼發布了Citrix漏洞的測試利用工具 https://nosec.org/home/detail/3924.html 美國國土安全部釋出Citrix漏洞CVE-2019-19781的檢測工具 https://www.ithome.com.tw/news/135355 Citrix ADC和NetScaler漏洞風險提示 https://read01.com/oAaKKo6.html#.XhvZN8gzbIU CVE-2019-19781：深入分析Citrix ADC RCE漏洞 https://www.anquanke.com/post/id/197074 Citrix ADC Exploits: Overview of Observed Payloads https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+Overview+of+Observed+Payloads/25704/ PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability https://thehackernews.com/2020/01/citrix-adc-gateway-exploit.html Proof-of-concept code published for Citrix bug as attacks intensify https://www.zdnet.com/article/proof-of-concept-code-published-for-citrix-bug-as-attacks-intensify/#ftag=RSSbaffb68 Severe Citrix Flaw: Proof-of-Concept Exploit Code Released https://www.bankinfosecurity.com/severe-citrix-flaw-proof-of-concept-exploit-code-released-a-13600 PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability https://thehackernews.com/2020/01/citrix-adc-gateway-exploit.html Hackers are scanning for vulnerable Citrix servers https://www.itproportal.com/news/hackers-are-scanning-for-vulnerable-citrix-servers/ Dutch Govt Suggests Turning Off Citrix ADC Devices, Mitigations May Fail https://www.bleepingcomputer.com/news/security/dutch-govt-suggests-turning-off-citrix-adc-devices-mitigations-may-fail/#.XiERc_2pqfw.twitter Hackers use system weakness to rattle doors on Citrix systems https://reurl.cc/k5Kgnd New Snort rules protect against recently discovered Citrix vulnerability https://blog.talosintelligence.com/2020/01/snort-rules-cve-2019-19781.html New Snort rules protect against recently discovered Citrix vulnerability https://blog.talosintelligence.com/2020/01/snort-rules-cve-2019-19781.html NETSCALER REMOTE CODE EXECUTION FORENSICS https://www.trustedsec.com/blog/netscaler-remote-code-execution-forensics Hackers use system weakness to rattle doors on Citrix systems https://nakedsecurity.sophos.com/2020/01/10/hackers-use-system-weakness-to-rattle-doors-on-citrix-systems/ CVE-2019-19781 https://nvd.nist.gov/vuln/detail/CVE-2019-19781 Windows組件crypt32.dll發現嚴重加密漏洞，Windows 7可能錯過修復補丁 https://tech.ifeng.com/c/7tEO4zDbhQ0 微軟1月安全更新情報 | Crypt32.dll的漏洞可造成黑客遠程執行程式碼 http://bit.ly/38c0Lxq 美國國安局通報WINDOWS 10漏洞：微軟稱其已打補丁 http://bit.ly/2TnBv31 美國家安全局通報Win 10嚴重漏洞：影響所有版本 https://3g.163.com/tech/article/F2TS82ON000999LD.html 美國國家安全局發布公告，建議Windows相關用戶立即更新漏洞，以修補重大漏洞 https://www.twcert.org.tw/tw/cp-104-3243-ef588-1.html NSA罕見公布Windows資安風險 微軟發布安全補丁因應 https://news.cnyes.com/news/id/4434316 美國安局發現Windows系統有漏洞 微軟火速發布安全更新 https://times.hinet.net/news/22740619 微軟修補首個由NSA所提報的CVE-2020-0601漏洞 https://www.ithome.com.tw/news/135366 美國國家安全局發布公告，建議Windows相關用戶立即更新漏洞，以修補重大漏洞 https://www.twcert.org.tw/tw/cp-104-3243-ef588-1.html Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage https://blog.talosintelligence.com/2020/01/microsoft-patch-tuesday-jan-2020.html Addressing Microsoft’s January 2020 Security Update for CVE-2020-0601 https://www.fortinet.com/blog/threat-research/microsoft-january-2020-update-cve-2020-0601.html Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html January Patch Tuesday: Update List Includes Fixes for Internet Explorer, Remote Desktop, Cryptographic Bugs https://newsroom.trendmicro.com/blog/security-intelligence/january-patch-tuesday-update-list-includes-fixes-internet-explorer-remote Microsoft Patch Tuesday – January 2020 https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-january-2020 Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html Proof-of-concept exploits published for the Microsoft-NSA crypto bug https://www.zdnet.com/article/proof-of-concept-exploits-published-for-the-microsoft-nsa-crypto-bug/#ftag=RSSbaffb68 微軟Windows作業系統存在安全漏洞(CVE-2020-0601、CVE-2020-0609、CVE-2020-0610及CVE-2020-0611)，允許攻擊者進行中間人攻擊或遠端執行任意程式碼，請儘速確認並進行更新 https://www.nccst.nat.gov.tw/Vulnerability?lang=zh Windows 7: Microsoft Ceases Free Security Updates https://www.bankinfosecurity.com/windows-7-microsoft-ceases-free-security-updates-a-13604 An Ex-Operating System Hit by an Exploit Found In Audio Files https://www.ehackingnews.com/2020/01/an-ex-operating-system-hit-by-exploit.html?utm_source=dlvr.it&utm_medium=twitter Mozilla Thunderbird 多個漏洞 https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/ Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now! https://thehackernews.com/2020/01/firefox-cyberattack.html Google、Mozilla會繼續支援Windows 7版Chrome及Firefox https://www.ithome.com.tw/news/135311 快更新 Firefox！避免零日漏洞攻擊，Mozilla 發布新版本 https://reurl.cc/A1vbd3 Firefox瀏覽器出現資安漏洞　美國網路安全局呼籲快更新至72.0.1版 https://www.ettoday.net/news/20200113/1624256.htm Firefox瀏覽器存在安全漏洞(CVE-2019-17026)，允許攻擊者遠端執行任意程式碼，請儘速確認並進行更新 https://www.nccst.nat.gov.tw/VulnerabilityDetail.aspx?lang=zh&seq=1113 PotPlayer 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7185 Adobe Releases First 2020 Patch Tuesday Software Updates https://thehackernews.com/2020/01/adobe-software-updates.html Adobe Acrobat與Reader應用程式存在多個安全漏洞，允許攻擊者遠端執行任意程式碼，請儘速確認並進行更新 https://www.nccst.nat.gov.tw/VulnerabilityDetail.aspx?lang=zh&seq=1112 JVNVU#98141012 複数の CDN サービスプロバイダが HTTP キャッシュポイズニングの影響を受ける問題 https://jvn.jp/vu/JVNVU98141012/ Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Foxit PDF Reader https://blog.talosintelligence.com/2020/01/vulnerability-spotlight-multiple-remote.html Critical bugs in WordPress plugins InfiniteWP, WP Time Capsule expose 320,000 websites to attack https://www.zdnet.com/article/critical-bugs-in-wordpress-plugins-infinitewp-wp-time-capsule-expose-300000-websites-to-attack/#ftag=RSSbaffb68 Securing Kubernetes: Bug bounty program announced https://www.zdnet.com/article/securing-kubernetes-bug-bounty-program-announced/#ftag=RSSbaffb68 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 簡立忠：今年網路下單將上看七成 盤中逐筆交易、零股交易陸續上線，資安治理更重要 https://readers.ctee.com.tw/cm/20200110/a29ab5/1034514/share PeckShield｜2019全球數位資產反洗錢 AML 研究報告（附完整報告） https://www.blocktempo.com/2019-aml-digital-currency-report/ 金管會公布2020年FinTech施政重點：開放銀行新階段、數位帳戶未成年開戶、保險區塊鏈上路、純網銀下半年開業 https://ithome.com.tw/news/135363 託付寶吸金爭議 金管會緊盯 https://news.wearn.com/c427065.html 逐筆交易323上路 盼機構投資人增台股新動能 https://m.ctee.com.tw/livenews/aj/a91617002020011420334652 普惠金融指標21項出爐 網路投保拚400萬件 https://www.chinatimes.com/realtimenews/20200114004655-260410?chdtv 去年金融網絡攻擊增30%　生促局料有新保安風險 https://hk.on.cc/hk/bkn/cnt/news/20200116/bkn-20200116171947038-0116_00822_001.html 你的行動銀行應用程式安全嗎 https://blog.trendmicro.com.tw/?p=63028 NCR Important Updates and Actions required relating to Microsoft Security Patch Updates http://bit.ly/2sxrhSQ Multiple Hacking Groups Attempt to Skim Credit Cards from Perricone MD https://www.rapidspike.com/blog/multiple-hacking-groups-attempt-to-skim-credit-cards-from-perricone-md/ Major Brazilian Bank Tests Homomorphic Encryption on Financial Data https://www.darkreading.com/threat-intelligence/major-brazilian-bank-tests-homomorphic-encryption-on-financial-data/d/d-id/1336779?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple Russian hacking group targets Sub-Saharan Africa banks https://www.itweb.co.za/content/8OKdWqDEx98vbznQ Travelex services begin again after ransomware cyber-attack https://www.theguardian.com/business/2020/jan/13/travelex-services-begin-again-after-ransomware-cyber-attack?CMP=share_btn_tw Sodinokibi Ransomware threats Travelex to release data, if ransom not paid https://www.ehackingnews.com/2020/01/sodinokibi-ransomware-threats-travelex.html ANZ Bank exploited again in a new phishing scam designed to steal banking credentials https://www.mailguard.com.au/blog/anz-bank-exploited-again-in-a-new-phishing-scam-designed-to-steal-banking-credentials Deep Analysis of New Metamorfo Variant Targeting Customers of Brazilian Financial Organizations https://www.fortinet.com/blog/threat-research/analysis-metamorfo-variant-targets-financial-organizations.html Silence before the storm: Russian speaking hacking group is attacking banks in Sub-Saharan Africa http://bit.ly/35Tf5Jz 3.電子支付/電子票證/行動支付/ pay/新聞及資安 5家西班牙銀行聯合運用智慧合約進行跨行支付作業測試 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000575564_hys6iutu5s0kyj5n5wvmt 街口電支走入日本 跨境支付於日本啟用限期回饋20％ https://www.chinatimes.com/realtimenews/20200114002561-260412?chdtv 新國會誕生 金管會今年要修電支電票整合等「八大法案」 https://ec.ltn.com.tw/article/breakingnews/3040424 4.虛擬貨幣/區塊鍊相關新聞及資安 卡巴斯基: 北韓駭客組織「拉撒路小組」正在用 Telegram 偷用戶的加密貨幣 https://www.blocktempo.com/north-korean-hackers-now-using-telegram-to-steal-crypto-kaspersky/ 推動區塊鏈 兩障礙待克服 https://money.udn.com/money/story/9740/4280391 委員關注區塊鏈建議安全技術措施與區塊鏈建設同步規劃 http://www.bjnews.com.cn/news/2020/01/10/672786.html 台灣新創獨角獸夢碎！加密交易所 Cobinhood 正式宣布關閉交易所，6,000 名受害者等待求償 https://www.blocktempo.com/taiwan-cobinhood-announce-to-shut-down/ 數千位 COBINHOOD 用戶已經組成自救會，要求陳泰元解決「交易所資金提領問題」 https://www.blocktempo.com/victims-claimed-cobinhood-and-dexon-are-scam/ 金融科技獨角獸 上市後命運落差大 https://reurl.cc/yyVevM 區塊科技推防詐工具驗證Email 揪可疑寄件人、上區塊鏈存證 https://news.cnyes.com/news/id/4433892 加密貨幣交易所Bithumb被徵收巨額稅款超過6,900萬美元 http://bit.ly/30tDZ1l 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 美國低價政府補貼手機暗藏中國惡意程式 https://technews.tw/2020/01/10/subside-phone-was-found-preinstalled-with-chinese-malware/ 新Android木馬可關閉Google Play Protect以進行假評論 https://www.ithome.com.tw/news/135307 Google總計移除含有Joker惡意軟體的1,700款Android程式 https://times.hinet.net/news/22736191 美國連鎖餐廳體系 POS 系統遭惡意軟體攻擊，顧客信用卡資訊遭竊取 https://www.twcert.org.tw/tw/cp-104-3236-3b04d-1.html 微軟發現惡意npm軟件包可從UNIX系統竊取數據 https://www.cnbeta.com/articles/tech/932243.htm 網路變慢 電費暴增?可能是它暗中搞鬼 https://blog.trendmicro.com.tw/?p=63158 2019年中國網絡安全報告：新增木馬病毒6557萬個 http://4g.zijing.org/?app=article&controller=article&action=show&contentid=803496 按下「更新」才能使用飯店 Wi-Fi ?一按就下載病毒 https://blog.trendmicro.com.tw/?p=63149 Shell Backdoor List - PHP / ASP Shell Backdoor List https://www.kitploit.com/2020/01/shell-backdoor-list-php-asp-shell.html Microsoft spots malicious npm package stealing data from UNIX systems https://www.zdnet.com/article/microsoft-spots-malicious-npm-package-stealing-data-from-unix-systems/#ftag=RSSbaffb68 SNAKE Ransomware – A New Threat For Businesses In Town https://latesthackingnews.com/2020/01/12/snake-ransomware-a-new-threat-for-businesses-in-town/ Hackers using Drake’s kiki do you love me to drop Lokibot malware https://www.hackread.com/hackers-using-drakes-kiki-do-you-love-me-azorult-lokibot/ TrickBot hackers create new stealthy backdoor for high-value targets https://www.zdnet.com/article/trickbot-hackers-create-new-stealthy-backdoor-for-high-value-targets/ TrickBot group exploiting PowerShell-based backdoor to target high-value organisations https://www.computing.co.uk/ctg/news/3084953/trickbot-powershell-backdoor Threat Research SAIGON, the Mysterious Ursnif Fork https://www.fireeye.com/blog/threat-research/2020/01/saigon-mysterious-ursnif-fork.html The Faketoken Trojan sends out offensive texts https://www.kaspersky.com/blog/faketoken-trojan-sends-offensive-sms/32048/ Oski Stealer Targets Browser Data, Crypto Wallets in U.S. https://www.securityweek.com/oski-stealer-targets-browser-data-crypto-wallets-us Cyber News Rundown: Snake Ransomware https://www.webroot.com/blog/2020/01/10/cyber-news-rundown-snake-ransomware/ Snake alert! This ransomware is not a game https://nakedsecurity.sophos.com/2020/01/13/snake-alert-this-ransomware-is-not-a-game/ TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection https://www.bleepingcomputer.com/news/security/trickbot-now-uses-a-windows-10-uac-bypass-to-evade-detection/#.XiDPtCaseQA.twitter JhoneRAT: Cloud based python RAT targeting Middle Eastern countries https://blog.talosintelligence.com/2020/01/jhonerat.html Stolen emails reflect Emotet's organic growth https://blog.talosintelligence.com/2020/01/stolen-emails-reflect-emotets-organic.html Emotet Locked onto US Military and Government https://www.infosecurity-magazine.com/news/emotet-locked-onto-us-military-and/ This Trojan hijacks your smartphone to send offensive text messages https://www.zdnet.com/article/this-trojan-hijacks-your-smartphone-to-send-offensive-text-messages/#ftag=RSSbaffb68 2020-01-16 - LOKIBOT MALSPAM AND INFECTION TRAFFIC https://www.malware-traffic-analysis.net/2020/01/16/index.html 2020-01-15 - QUICK POST: MALSPAM PUSHING REVENGE RAT https://www.malware-traffic-analysis.net/2020/01/15/index.html B.行動安全 / iPhone / Android /穿戴裝置 /App 張東健捲桃色風波？朱鎮模手機遭駭流出18禁「約奶妹」對話 https://ent.ltn.com.tw/news/breakingnews/3036096 南韓知名已婚演員遭竊手機，聊天內容討論比基尼辣妹曝光！韓網友譏諷根本是中年版鄭俊英 https://www.wishnote.tw/#!/menu=landing&content_id=121632 瑞幸咖啡回應App被工信部點名：為防止駭客騙取第一杯免費 http://big5.pconline.com.cn/b5/pcedu.pconline.com.cn/1314/13148505.html Galaxy手機內建將資料傳給中國政府的間諜軟體？三星否認 https://www.ithome.com.tw/news/135281 Samsung 手機漏洞私照全被看光光，多位韓國明星慘遭勒索！ https://reurl.cc/ZnLl96 韓星朱鎮模手機遭駭 揪友討論大奶妹對話流出 https://reurl.cc/5g9bMv 朱鎮模手機資料「遭駭客盜取勒索」！　與大咖好友「超私密對話外流」網瘋傳 https://star.ettoday.net/news/1622558 找大咖一起嗨？男星「鹹濕對話」流出 https://reurl.cc/D1rbmE 對鏡頭比「YA」可能被竊取指紋！3大神話破解　指紋辨識沒想像中安全 https://www.ettoday.net/news/20200110/1622537.htm 5G資安 台專家：應有檢測機制 http://www.epochtimes.com/b5/20/1/10/n11782507.htm Tiktok（抖音國際版）安全漏洞分析 https://www.4hou.com/index.php/posts/7Wx8 資安業者揭露 TikTok 漏洞：攻擊者能透過惡意連結，操縱使用者帳戶並公開私人影片 https://buzzorange.com/techorange/2020/01/14/tiktok-cyber-security-issue/ Check Point 揭抖音資安漏洞！帳號可能被盜、個資外露，籲使用者儘速更新 https://www.inside.com.tw/article/18622-tiktok-vulnerability-found 「抖音」蒐情資 社群軟體藏危機 https://www.ydn.com.tw/News/368038 抖音出現資安漏洞，使用者 IP 位址、電子信箱暴露在風險下 http://bit.ly/30hmkd8 資安業者揭抖音漏洞 帳戶內容可能被操縱 https://www.cna.com.tw/news/ait/202001130128.aspx 2020年1月Android安全補丁和Pixel更新發布：修復40個漏洞 https://tech.sina.com.cn/roll/2020-01-10/doc-iihnzahk3179835.shtml 用充電線就能駭進你手機 盜版充電線已可量產 https://reurl.cc/e5K7VK 釣魚郵件換成簡訊捲土重來　資安專家提醒三原則遠離詐騙 https://inanews.tw/archives/66231 國際組織要求Google監管Android手機預設程式 http://bit.ly/30eKiG5 除了手機殼,你的手機還需要更強大的保護力 https://blog.trendmicro.com.tw/?p=63049 退出高階旗艦機市場？HTC驚傳無預警關閉鐵粉專用的論壇 https://news.sina.com.tw/article/20200114/33988902.html 華府曾要求蘋果解鎖槍手的手機被拒 https://news.now.com/home/international/player?newsId=376765 解鎖手機查恐攻 美司法部再槓蘋果 https://money.udn.com/money/story/5599/4287165 美高階團隊敦促英政府 禁止華爲進入英5G網絡 https://www.soundofhope.org/post/330730?lang=b5 Google 公布 iOS 12.4 漏洞詳情：駭客可遠端控制 iPhone https://technews.tw/2020/01/15/ios-12-4-loophole/ FBI被曝有解鎖iPhone工具，根本不需要蘋果“留後門” http://bit.ly/35PPCkd 川普推文開罵蘋果不知感恩 資安專家證實：FBI自有能力解鎖iPhone https://cnews.com.tw/13720016a02/ 蘋果有無協助美國政府解碼iPhone引爭論　資安專家點出：FBI有能力獨立破解 https://www.ettoday.net/news/20200115/1626326.htm 資安公司曝 Google Play 有「偷錢」App！一不留神可能扣你 7,200 元 https://3c.ltn.com.tw/news/39273 不要隨意下載！又有一批全新免費「騙錢軟體」上架Google Play https://newtalk.tw/news/view/2020-01-16/355271 5G技術藏漏洞　AI詐騙電郵將成網絡攻擊威脅 http://bit.ly/388R5no Google Play商店現偷錢程式　料全球6億用戶中招 http://bit.ly/2u3EtPE 如何判斷手機是否遭安裝追蹤軟體 (Stalkerware) https://blog.trendmicro.com.tw/?p=62877 Google Play 25程式 免費試用後擅收費 http://bit.ly/30qqCz6 Russian experts warn the danger of charging the phone in public places https://www.ehackingnews.com/2020/01/russian-experts-warn-danger-of-charging.html Google hackers successfully use remote exploit to hack iPhone https://www.hackread.com/google-hackers-remote-exploit-hack-iphone/ Google details its three-year fight against the Bread (Joker) malware operation https://www.zdnet.com/article/google-details-its-fight-against-the-bread-joker-malware-operation/#ftag=RSSbaffb68 Malware Spotted on Government-Subsidized Android Phone https://www.extremetech.com/mobile/304577-malware-spotted-on-government-subsidized-android-phone Academic research finds five US telcos vulnerable to SIM swapping attacks https://www.zdnet.com/article/academic-research-finds-five-us-telcos-vulnerable-to-sim-swapping-attacks/#ftag=RSSbaffb68 5 major US wireless carriers vulnerable to SIM swapping attacks https://www.welivesecurity.com/2020/01/13/major-us-wireless-carriers-vulnerable-sim-swap-scams/ Switcher: Android joins the ‘attack-the-router’ club https://securelist.com/switcher-android-joins-the-attack-the-router-club/76969/#comment-2978311 Use iPhone as Physical Security Key to Protect Your Google Accounts https://thehackernews.com/2020/01/google-iphone-security-key.html More than 600 million users installed Android 'fleeceware' apps from the Play Store https://www.zdnet.com/article/more-than-600-million-users-installed-android-fleeceware-apps-from-the-play-store/#ftag=RSSbaffb68 C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件 首見駭客以惡意Office 365 App存取用戶帳號 https://www.ithome.com.tw/news/135331 保全監視系統無法連上線　中興保全：無個資外洩疑慮、未必是駭客所為 https://www.ettoday.net/news/20200116/1626951.htm 2020年網絡安全4大發展趨勢 http://bit.ly/3ag4sUE 退休金帳戶成駭客目標 該如何自保 https://chinese.efreenews.com/a/tuixiujinzhanghuchenghaikemubiao-gairuhezibao 【寰宇韜略】新形態「網戰脅迫」 各國謹慎應對（上） https://www.ydn.com.tw/News/368406 【寰宇韜略】新形態網戰脅迫 各國謹慎應對（中） https://www.ydn.com.tw/News/368616 【寰宇韜略】新形態「網戰脅迫」 各國謹慎應對（下） https://www.ydn.com.tw/News/368805 香港2019年首11個月共處理8827宗網絡安全事故 http://www.hkcna.hk/content/2020/0113/803660.shtml 加拿大電腦雲端(CCC)與華為合作引發加國學者擔憂 http://bit.ly/36T9UL0 對抗網軍假消息 前北約官員稱台灣是好例子 https://www.rti.org.tw/news/view/id/2048341 假新聞滲透民主國家 前北約秘書長：台灣是對抗網軍模範 https://news.ltn.com.tw/news/world/breakingnews/3041986 伊朗報復性網路攻擊升溫！ 伊朗駭客對美國電網發動大規模「密碼噴灑」攻擊 https://reurl.cc/YlKk80 伊朗或將對美國發動攻擊　以癱瘓電網 https://reurl.cc/e5KVzL 美國政府所屬網站遭駭，放置伊朗國旗與川普打臉圖 https://www.twcert.org.tw/tw/cp-104-3235-5d584-1.html 俄國又想干預美國總統大選？「烏克蘭門」發現俄國駭客蹤跡，他們也在翻找拜登「黑資料」 https://www.storm.mg/article/2181718 印度最高法院判決 政府中斷克什米爾網路違憲 https://news.ltn.com.tw/news/world/breakingnews/3036328 涉川普彈劾案 烏天然氣公司遭俄諜駭攻 https://www.rti.org.tw/news/view/id/2048157 俄駭客疑涉川普彈劾案 干預美大選疑慮漸深 https://www.ydn.com.tw/news/368357 憂中共透過中製無人機竊國安機密 傳白宮將全面禁飛民用無人機 https://cnews.com.tw/137200114a04/ 美為精準打擊中國罕見求助盟友美歐日聯合施壓北京 http://bit.ly/36YBCpG 英媒：特朗普政府將公布新規　阻止對華為銷售外國製產品 http://bit.ly/2Nt2wOM 美中簽署第1階段協議 駭客、政府補貼等問題被擱置 https://ec.ltn.com.tw/article/breakingnews/3041837 拜登兒子前公司證實遭駭 美資安公司：百分百是俄國情報機構幹的 http://bit.ly/2RpXJPi 俄國疑似網攻烏克蘭能源公司 基輔尋求FBI協助 https://www.rti.org.tw/news/view/id/2048427 德檢搜索3人疑為中國情蒐 傳德外交官涉案 https://money.udn.com/money/story/5599/4293100 Intrusion Truth揭露由海南省主導的APT駭客集團 https://www.ithome.com.tw/news/135348 Report: Chinese hacking group APT40 hides behind network of front companies https://www.zdnet.com/article/report-chinese-hacking-group-apt40-hides-behind-network-of-front-companies/#ftag=RSSbaffb68 APT40 https://www.fireeye.com/current-threats/apt-groups.html#apt40 What is the Hainan Xiandun Technology Development Company https://intrusiontruth.wordpress.com/2020/01/09/what-is-the-hainan-xiandun-technology-development-company/ Who is Mr Gu https://intrusiontruth.wordpress.com/2020/01/10/who-is-mr-gu/ This Secretive Surveillance Company Is Selling Cops Cameras Hidden in Gravestones https://www.vice.com/en_us/article/qjdp95/this-secretive-surveillance-company-is-selling-cops-cameras-hidden-in-gravestones An Iranian Hacking Campaign, Social Media Surveillance, and More News https://www.wired.com/story/iran-hackers-us-electric-grid-border-social-media-surveillance/ Iranian Hackers Have Been ‘Password-Spraying’ the US Grid https://www.wired.com/story/iran-apt33-us-electric-grid/ Hackers Increasingly Probe North American Power Grid https://www.bankinfosecurity.com/hackers-increasingly-probe-north-american-power-grid-a-13596 UK is nearly ready to launch force to hit hostile countries with cyberattacks https://www.independent.co.uk/news/uk/home-news/cyber-warfare-security-force-iran-crisis-ministry-of-defence-a9278591.html YOUR PASSWORD HAS BEEN HACKED! DO YOU KNOW HOW IT HAPPENED https://blog.eccouncil.org/your-password-has-been-hacked-do-you-know-how-it-happened/ Kaspersky Lab reports North Korean Hacker group Lazarus stealing cryptocurrencies using the Telegram messenger https://www.ehackingnews.com/2020/01/kaspersky-lab-reports-north-korean.html Las Vegas Hacked: Quick Reactions Save Sin City from Outages https://www.cbronline.com/cybersecurity/breaches/las-vegas-hacked/ TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/servhelper-evolution-and-new-ta505-campaigns/ 'Serious cyber-attack' on Austria's foreign ministry https://www.bbc.com/news/world-europe-50997773 GCHQ warns not to use Windows 7 computers for banking or email after Tuesday https://www.telegraph.co.uk/news/2020/01/12/gchq-warns-not-use-windows-7-computers-banking-email-tuesday/ Report: Russian hackers waged broad phishing campaign against company tied to Trump impeachment https://www.cyberscoop.com/russia-hacking-ukraine-burisma-donald-trump-apt28-area-1/ Russian spies hacked Ukrainian energy company at center of Trump's impeachment https://nbcnews.to/2FK7FOn FBI: Nation-state actors have breached two US municipalities https://www.zdnet.com/article/fbi-nation-state-actors-have-breached-two-us-municipalities/ Wind River acquires Star Lab to improve its Linux security https://www.zdnet.com/article/wind-river-acquires-star-lab-to-improve-its-linux-security/#ftag=RSSbaffb68 Report: Russian Hackers Targeted Ukrainian Gas Firm Burisma https://www.bankinfosecurity.com/report-russian-hackers-targeted-ukrainian-gas-firm-burisma-a-13606 Russia responsible for hacking gas firm tied to Trump impeachment: report https://www.zdnet.com/article/russia-responsible-for-hacking-gas-firm-tied-to-trump-impeachment-case-report/#ftag=RSSbaffb68 Congress Hears Warnings of Iranian Cyberthreats https://www.bankinfosecurity.com/congress-hears-warnings-iranian-cyberthreats-a-13613 資安工程師 https://reurl.cc/5g9bKG 數聯資安正職人力需求 https://ece.ntust.edu.tw/p/404-1017-73164.php Google Analytics分析師-加入台中矽谷 (GA流量分析、數據分析、成長駭客) https://www.104.com.tw/job/6ue4d 資安技術工程師 https://www.104.com.tw/job/4iegg 達友科技/Product Manager https://www.104.com.tw/job/6ujwd?jobsource=googlejobs D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 5,600 萬美國人數據流出　源自中國 IP 位址 https://reurl.cc/EK5bG0 CHAN YEOL、世勳護照資訊因機場工作人員翻拍遭外洩 https://reurl.cc/qDW4Ky 資策會科法所：個資重要不可忽視 TPIPAS強化業者法遵保護 https://times.hinet.net/news/22736757 【加強監管】政府：正檢討加強網絡保安　防止資料外洩 http://www.orangenews.hk/news/system/2020/01/13/010136783.shtml 德國資安業者Greenbone Networks：已有超過10億張醫療影像在網路上流竄 https://www.ithome.com.tw/news/135354 中國國務院部際聯席會議：從事電詐犯罪及黑灰產業的納入失信懲戒 https://news.sina.com.tw/article/20200114/33990524.html 打擊電信網絡詐騙 中國國務院:犯罪人員列入失信懲戒名單 http://bit.ly/2NtWkX1 去年近萬宗網絡保安事故 網絡釣魚顯著增 http://bit.ly/2FVEPdT 一隻網路上的臘腸狗,讓她犬財兩失 https://blog.trendmicro.com.tw/?p=63056 PlanetDrugsDirect reveals security breach, warns customers their data may have been exposed https://www.tripwire.com/state-of-security/featured/planetdrugsdirect-reveals-security-breach-warns-customers-their-data-may-have-been-exposed/ Texas School District Lost $2.3M to Phishing Email Scam https://www.tripwire.com/state-of-security/security-data-protection/texas-school-district-lost-2-3m-to-phishing-email-scam/ Scammers’ delivery service: exclusively dangerous https://securelist.com/scammers-delivery-service-exclusively-dangerous/66515/#comment-2978500 Scammers’ delivery service: exclusively dangerous https://securelist.com/scammers-delivery-service-exclusively-dangerous/66515/#comment-2978498 Latitude Financial spoofed in phishing scam; email tells users their account access has been ‘disabled’ https://www.mailguard.com.au/blog/latitude-financial-spoofed-in-phishing-scam-email-tells-users-their-account-access-has-been-disabled Baby's First Data Breach: App Exposes Baby Photos, Videos https://www.bankinfosecurity.com/babys-first-data-breach-app-exposes-baby-photos-videos-a-13603 49 million user records from US data broker LimeLeads put up for sale online https://www.zdnet.com/article/49-million-user-records-from-us-data-broker-limeleads-put-up-for-sale-online/#ftag=RSSbaffb68 Class Action Breach Lawsuits: The Impact of Data for Sale https://www.bankinfosecurity.com/interviews/class-action-breach-lawsuits-impact-data-for-sale-i-4572 Hotel lawyer alert for hotel owners and operators: Newest FTC warning about hotel data security https://hotellaw.jmbm.com/ftc-warns-hotel-data-security.html E.研究報告 記一次Redis+Getshell經驗分享 https://www.freebuf.com/vuls/224235.html 企業安全建設之漏洞管理與運營 https://www.freebuf.com/articles/security-management/222429.html 有駭客讓 Nintendo Switch 跑起了 Linux https://read01.com/jEA6A7E.html#.Xhr1e_4zbIU Flan Scan：Cloudflare開源輕量級網絡漏洞掃描軟件 https://www.77169.net/html/249504.html 釣魚攻擊之Reverse Tabnabbing https://xz.aliyun.com/t/7080 Apereo CAS反序列化進攻分析及回顯利用 https://www.anquanke.com/post/id/197086 BoomER 一款檢測和利用本地漏洞工具 https://www.77169.net/download/238656.html 如何查詢目前 Windows 電腦曾經連線過的 WiFi 密碼 https://blog.miniasp.com/post/2020/01/12/Retrieve-Wi-Fi-password-in-Windows 黑產團伙利用Apache Struts 2漏洞及SQL爆破控制服務器挖礦 https://s.tencent.com/research/report/871.html 被誤解的EDR，端點安全如何撥雲見日 http://m.ccidnet.com/pcarticle/10509014 帶你推開PWN世界的大門 https://zhuanlan.zhihu.com/p/102685081 WEB開發中安全漏洞的分析和預防 https://www.boxuegu.com/news/2383.html 2019年中國網絡安全報告 http://it.rising.com.cn/dongtai/19692.html phpmyadmin PMASA-2020-1突破分析與復現 https://xz.aliyun.com/t/7092 Seagate Central Storage RCE 0day漏洞分析 https://www.anquanke.com/post/id/197345 進攻性掃描CVE 2019 2725 Weblogic GetShell Exploit http://bit.ly/2TxJyuu weblogic 2020年第一季度漏洞分析 https://www.modb.pro/db/15080 漏洞掃描軟件AWVS的介紹和使用 https://zhuanlan.zhihu.com/p/102744281 Windows Carbon Black edr逆向分析第一部分 https://www.anquanke.com/post/id/197312 騰訊安全緊急發布CVE-2020-0601漏洞利用惡意樣本專殺工具 https://s.tencent.com/research/report/878.html How to Hack/Crack Password https://hackonology.com/blogs/how-to-hack-crack-password/ Top 10 web hacking techniques of 2019 https://portswigger.net/polls/top-10-web-hacking-techniques-2019 Red Teaming @ 10000 Feet https://pentestmag.com/red-teaming-10000-feet/ ReconCobra Complete Automated pentest https://hackingpassion.com/reconcobra-complete-automated-pentest/ MOBILE DEVICE FORENSICS https://blog.eccouncil.org/mobile-device-forensics/ MALWARE AND MEMORY FORENSICS https://blog.eccouncil.org/malware-and-memory-forensics/ Exploiting Routers With Routersploit https://linuxsecurityblog.com/2019/09/26/exploiting-routers-with-routersploit/ Kilos – New Dark Web Search Engine With Extensive Filtering Capabilities https://cybersecuritynews.com/search-engine-kilos/ Threat Research SAIGON, the Mysterious Ursnif Fork https://reurl.cc/Rd399n projectzeroindia/CVE-2019-19781 https://github.com/projectzeroindia/CVE-2019-19781 quantumcore/supercharge https://github.com/quantumcore/supercharge NYAN-x-CAT/Mass-RAT https://github.com/NYAN-x-CAT/Mass-RAT Persistence – AppInit DLLs https://pentestlab.blog/2020/01/07/persistence-appinit-dlls/ THREAT RESEARCH Predator the Thief: Analysis of Recent Versions https://www.fortinet.com/blog/threat-research/predator-the-thief-recent-versions.html Heavily Obfuscated Malware Campaign using Weaponized PowerPoint Files to Drop Lokibot & Azorult https://cybersecuritynews.com/powerpoint-malware/ Hacking With PowerShell: Blue Team https://securethelogs.com/hacking-with-powershell-blue-team/ TRAPE | Track Anyone Over Internet https://training.twintechsolutions.in/training/trape-track-anyone-over-internet/ A Complete Malware Analysis Tutorials, Cheatsheet & Tools list for Security Professionals https://gbhackers.com/malware-analysis-cheat-sheet-and-tools-list/ Threat Actor Abuses Mobile Sensor to Evade Detection https://info.phishlabs.com/blog/threat-actor-abuses-mobile-sensor-evade-detection rshipp/awesome-malware-analysis https://github.com/rshipp/awesome-malware-analysis OWASP SecureTea help to secure your IoT https://github.com/OWASP/SecureTea-Project Bypass with PHP non-alpha encoder https://medium.com/mucomplex/bypass-with-php-non-alpha-encoder-fee4e1bac31e LNAV : Log File Navigator 2020 https://kalilinuxtutorials.com/lnav-log-file-navigator/ Detect Frida for Android https://darvincitech.wordpress.com/2019/12/23/detect-frida-for-android/ Testing for XSS (Like a KNOXSS) https://brutelogic.com.br/blog/testing-for-xss-like-a-knoxss/ Security hardening of Android native code https://darvincitech.wordpress.com/2020/01/07/security-hardening-of-android-native-code/ Creating and Analyzing a Malicious PDF File with PDF-Parser Tool https://gbhackers.com/creating-and-analyzing-a-malicious-pdf-file-with-pdf-parser-tool/ a USB multitool for monitoring, hacking, and developing USB devices (work in progress) https://github.com/greatscottgadgets/luna Abusing Exchange: One API call away from Domain Admin https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/ alphaSeclab/awesome-forensics https://github.com/alphaSeclab/awesome-forensics/blob/master/Readme_en.md hash3liZer/Blunder https://github.com/hash3liZer/Blunder OSCP Goldmine (not clickbait) http://0xc0ffee.io/blog/OSCP-Goldmine cryforce https://github.com/lildwagz/cryforce Web Vulnerability Assessment Tool https://github.com/tempto/wvat AWSからAbuse Reportがきた時の対応方法 https://qiita.com/blackpeach7/items/7e2781547103c31f283b Dnss Domain Name Search Software - 'Name' Denial of Service (PoC) https://www.exploit-db.com/exploits/47861 Xiaomi_Mi_WiFi_R3G_Vulnerability_POC https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC/blob/master/report/report.md Digital Forensics, Part 2: Live Memory Acquisition and Analysis https://www.hackers-arise.com/post/2016/09/27/digital-forensics-part-2-live-memory-acquisition-and-analysis Free Blocklists of Suspected Malicious IPs and URLs https://zeltser.com/malicious-ip-blocklists/ Free Online Tools for Looking up Potentially Malicious Websites https://zeltser.com/lookup-malicious-websites/ Free Automated Malware Analysis Sandboxes and Services https://zeltser.com/automated-malware-analysis/ S3Tk:-- A #Security #Toolkit For #Amazon S3. https://github.com/ankane/s3tk Do Your SOC Metrics Incentivize Bad Behavior https://blog.paloaltonetworks.com/2020/01/cortex-soc-metrics/ Powerful GPG collision attack spells the end for SHA-1 https://nakedsecurity.sophos.com/2020/01/13/powerful-gpg-collision-attack-spells-the-end-for-sha-1/ WebMap:-- WebMap https://github.com/SabyasachiRana/WebMap F.商業 Palo Alto Networks 公布最新2020年資安趨勢預測 https://www.chinatimes.com/realtimenews/20200110001469-260412?chdtv Windows 7正式終止支援 十月換Office 2010停止更新 https://udn.com/news/story/11017/4291913 Windows 7即將終止更新支援 13項守則讓使用者保平安 https://news.xfastest.com/others/75212/windows-7-stop-update/ Windows 7支援即將於明天到期，又有證據還可以免費升級 https://ithome.com.tw/news/135312 Windows 7 官方支援只到明天！微軟1月14日後不再提供更新　呼籲用戶快升級Win 10 https://www.ettoday.net/news/20200113/1624477.htm Windows 7 不想升級到 Windows 10 怎麼辦？這 8 招讓你安心用舊機 https://3c.ltn.com.tw/news/39230 Microsoft Windows 7 正式停止官方支援　不升級原來很危險 http://bit.ly/2FLpWdY 微軟今終止支援Windows 7　用戶快升級以遠離風險 https://newtalk.tw/news/view/2020-01-14/354391 Windows 7 end of life: Time to move on https://www.welivesecurity.com/2020/01/14/windows7-end-life-time-move-on/ Windows 7 Begins to Show Full Screen Windows 10 Upgrade Alerts https://www.bleepingcomputer.com/news/microsoft/windows-7-begins-to-show-full-screen-windows-10-upgrade-alerts/ 中山醫大攜手業界 打造新世代醫療資安課程 https://money.udn.com/money/story/5723/4281285 強調供應商安全管理的SecurityScorecard，能偵測企業暴露在外部網路的資安風險 https://www.ithome.com.tw/review/135314 資安即國安 個資保護重要性更為提升 http://www.t3-news.com/news_detail.php?NewsID=3031 IBM開源雲端系統遙測資料格式SysFlow https://www.ithome.com.tw/news/135344 打造資安閘門防護服務 https://money.udn.com/money/story/8521/4260455 台灣大車隊持續精進乘車安全 導入中信國際電訊資安防護 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=35&id=0000575921_SAW85W3D3G3K5T0DXPGLY Palo Alto Networks發表2020網路安全預測，資安人才和5G安全成焦點 https://ithome.com.tw/news/135327 黑客利用AI尋目標　微軟預測四大網絡安全趨勢 http://bit.ly/2R4wbjL 奇安信發布第三代安全引擎"天狗"對漏洞攻擊實施降維打擊 http://www.chinanews.com/business/2020/01-17/9062649.shtml G.政府 嘉義市政府推動資安防護有成 奠定發展數位政策穩健基石 https://ithome.com.tw/pr/135146 教育部函~有關各機關（構）、學校如有採購大陸製監視器相關資安疑慮事宜 https://www.stu.edu.tw/latestnews_single.php?id=74365 107年至108年資訊安全能量登錄暨資通安全自主產品廠商名單 https://www.acw.org.tw/News/Detail.aspx?id=107 當選了，然後呢？看蔡英文下一個4年的科技、能源與新創政策 https://www.bnext.com.tw/article/56256/presidential-tech-policy 金管會7字賀鼠年 發表2020十大工作重點與普惠金融21條 https://udn.com/news/story/7239/4287213 金管會報喜 金融業2019年獲利創新高 https://m.ctee.com.tw/livenews/aj/a91617002020011415352534?area= 公告資訊-為配合內政部辦理「108年度戶役政綠色便民及資安強化計畫案」作業，本市各戶政事務所於109年1月22日(星期三)暫停夜間延時服務 https://reurl.cc/Naeryx 晶片身分證資安疑慮 民團籲在野黨堅守預算刪減提案 https://www.rti.org.tw/news/view/id/2048228 金管會108年重要施政成果及109年工作重點 http://bit.ly/2QV0DwI 民團質疑數位身分證資安疑慮 籲在野黨堅守 https://www.cna.com.tw/news/aipl/202001150139.aspx 數位身分證遭疑資安問題 內政部：審慎推動絕無政府監控問題 https://www.chinatimes.com/realtimenews/20200115003166-260407?chdtv 科技部108年度「資安關鍵技術基礎研發計畫」專案，校內申請截止日109年2月10日上午10時 https://www2.nchu.edu.tw/news-detail/id/47815 第五代公文交換系統翻新工程，檔管局不惜改用API全面重構 https://ithome.com.tw/people/135277 蔡英文勝選的行政後盾　陳其邁首任資安長推動5G「緊緊緊」 https://www.ettoday.net/news/20200115/1626565.htm 5G第二階段位置競價年後登場！NCC估最快7月後可提供服務 https://www.ettoday.net/news/20200116/1626990.htm 高市戶政連線當機改採人工收件 初步排除被駭 https://www.cna.com.tw/news/ahel/202001160198.aspx 唐鳳將協助規劃成立數位發展部會 落實小英政見 https://news.ltn.com.tw/news/politics/breakingnews/3043291 落實數位發展政見 唐鳳：資安、網路訊息討論將更密切 https://www.chinatimes.com/realtimenews/20200117002542-260407?chdtv H.工控系統/SCADA/ICS Rasilient PixelStor 5000 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6757 多款Siemens產品訪問繞過漏洞的補丁 https://ics-cert.us-cert.gov/advisories/ICSA-18-317-01 加強化工信息安全防護勢在必行 http://www.ccin.com.cn/detail/8a83d3641c1ceb7e146b140cee97075d 一種基於知識圖譜的工業互聯網安全漏洞研究方法 https://www.secrss.com/articles/16641 工業製造業者遭網路間諜鎖定 https://www.nccst.nat.gov.tw/NewsRSSDetail.aspx?lang=zh&RSSType=news&seq=16339 I.教育訓練 個資暨資安案例宣導及公務員申領小額款項實例分析 https://elearn.hrd.gov.tw/info/10013821 Overview of key Microsoft Azure Security Services – Part 1 https://www.peerlyst.com/posts/overview-of-key-microsoft-azure-security-services-part-1-guy-bertrand-kamga J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 破獲非法控制攝影鏡頭警逮32人 https://www.ydn.com.tw/News/367665 3500萬家庭擁有智能音箱隱私安全存在漏洞 http://www.ce.cn/cysc/tech/gd2012/202001/10/t20200110_34098048.shtml GE 家電採用 UL IoT 安全評等測試連網產品 https://reurl.cc/qDWKYD 保護你 Wi-Fi 路由器、家用網路的小訣竅 https://www.inside.com.tw/article/18588-secure-your-wi-fi-router IOT安全｜路由器漏洞分類 https://www.shangyexinzhi.com/article/details/id-436076/ 2020 年代的新型駭客：「汽車駭客」入侵自駕車癱瘓交通，使用「網路鎖」要你付贖金 https://buzzorange.com/techorange/2020/01/13/self-driving-car-hacker/ 日助企業製無人機 強化防駭措施 https://www.ydn.com.tw/News/368194 網路攻擊事件頻傳 資安已成嵌入式系統重大挑戰 https://udn.com/news/story/11726/4285244 越來越聰明的不止是特斯拉，還有汽車駭客！汽車擁有了一個具備完全自動駕駛能力的電腦系統，不可避免會存在這樣的疑問 https://www.insoler.com/forum/topic/15788986719291.htm 日本擬新政策培育本土無人機製造商減資安威脅　　印度與巴基斯坦邊界 25 公里列禁飛區 http://bit.ly/2RstmHU 物聯網為黑客提供入侵方式　Android手機易被入侵 http://bit.ly/2R3wn2B 6.近期資安活動及研討會 WizardAmigos CodeCamp [Taipei,JavaScript,­English] 1/20 https://www.meetup.com/WizardAmigos/events/bbdclrybccbbc/ Cyber Security for Critical Assets (CS4CA) MENA 1/20 ~ 1/21 https://mena.cs4ca.com/?ref=infosec-conferences.com PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23 https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world 2020核果資訊冬季班 Python 程式語言 (Level 1) 1/22~ 2/13 https://www.accupass.com/event/1911150442131985092910 Hacking Thursday 1/23 http://www.hackingthursday.org/invite Security Hell Conference (SH3LLCON) 1/24 ~ 1/25 https://www.sh3llcon.es/?ref=infosec-conferences.com NextGen SCADA 1/27 ~ 1/31 https://www.smartgrid-forums.com/forums/nextgen-scada-global/ Cranfield University Cyber Symposium 1/28 ~ 1/29 https://www.cranfield.ac.uk/events/symposia/cyber International Cyber Security Forum (FIC) 1/28 ~ 1/30 https://www.forum-fic.com/en/home.htm Free and Safe in Cyberspace 1/29 https://www.free-and-safe.org/ Hacking Thursday 1/30 http://www.hackingthursday.org/invite 制御システムセキュリティカンファレンス 2020 2020年2月14日 https://www.jpcert.or.jp/event/ics-conference2020.html CYBERSEC 2020 臺灣資安大會 3/17 ~ 3/19 https://cyber.ithome.com.tw/ 韓國國際安全博覽會 3/18 https://www.twcert.org.tw/tw/cp-105-3230-a3bd4-1.html black ASIA 2020 Singapore 3/31 ~ 4/3 https://www.blackhat.com/asia-20/briefings/schedule/ Kaspersky® Security Analyst Summit 4/6 ~ 4/9 https://thesascon.com/ 2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore 4/21 ~ 4/23 https://www.icscybersecurityconference.com/singapore/ 亞太資訊安全論壇暨展覽會 4/22 https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html