資安事件新聞週報 2020/11/2 ~ 2020/11/6

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2020/11/2 ~ 2020/11/6 1.重大弱點漏洞/後門/Exploit/Zero Day Apache Tomcat WebSocket拒絕服務漏洞（CVE-2020-13935）EXP公開，黑客攻擊正迫在眉睫 https://s.tencent.com/research/report/1172.html Trend Micro InterScan Messaging Security Virtual Appliance 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27019 Tomcat WebSocket拒絕服務漏洞（CVE-2020-13935）利用代碼公開預警 https://www.huaweicloud.com/notice/2018/20201106173340446.html Fortinet FortiMail 授權問題漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15933 CloudBees Jenkins Active Directory Plugin 授權問題漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2302 Fedora 33 : yubihsm-shell (2020-8afd443d46) https://www.tenable.com/plugins/nessus/142040 Cisco IP Phone 8800 Series和Cisco IP Phone 7800 Series 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3574 思科揭露已有攻擊程式問世的AnyConnect零時差漏洞 https://www.ithome.com.tw/news/140945 騰訊安全披露多個0day漏洞，Linux系統或陷入“被控”危機 https://www.ofweek.com/security/2020-11/ART-510011-8440-30467913.html Ubuntu 發現讀取任意文件和拒絕服務漏洞，需要盡快升級 https://www.ithome.com/0/517/818.htm 依賴存儲庫劫持漏洞已經影響谷歌 GitHub 等 7 萬多個開源項目的供應鏈 https://www.chainnews.com/zh-hant/articles/670863310251.htm 拒絕展延修補寬限期，Google準時公布GitHub高風險漏洞 https://www.ithome.com.tw/news/140965 GitHub企業版RCE敏捷（GitHub Enterprise <2.21.4）2020.8 https://xz.aliyun.com/t/8458 Oracle Solaris重大零時差漏洞遭駭客開採，曾潛伏企業內長達2年 https://www.ithome.com.tw/news/140915 甲骨文WebLogic RCE漏洞疑似遭積極鎖定 https://www.ithome.com.tw/news/140858 Windows Kernel cng.sys pool-based buffer overflow in IOCTL 0x390400 https://bugs.chromium.org/p/project-zero/issues/detail?id=2104 CVE-2020-14383 https://www.samba.org/samba/security/CVE-2020-14383.html CVE-2020-14323 https://www.samba.org/samba/security/CVE-2020-14323.html CVE-2020-14318 https://www.samba.org/samba/security/CVE-2020-14318.html PATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots https://isc.sans.edu/diary/rss/26734 甲骨文發布緊急補丁修復WebLogic Server嚴重漏洞（CVE-2020-14750） https://4hou.win/wordpress/?p=54729 Oracle Critical Patch Update Advisory - October 2020 https://www.oracle.com/security-alerts/cpuoct2020.html WARNING: Google Discloses Windows Zero-Day Bug Exploited in the Wild https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html New Chrome Zero-Day Under Active Attacks – Update Your Browser https://thehackernews.com/2020/11/new-chrome-zero-day-under-active.html Adobe Acrobat 和Reader 軟件發現任意代碼執行漏洞，需盡快升級 https://finance.sina.com.cn/tech/2020-11-04/doc-iiznezxr9897052.shtml Qualcomm HLOS 加密問題漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11123 CERT-In在Chrome和Safari等瀏覽器中發現多個安全漏洞 https://www.ahjcg.cn/guoji/202011/0428575.html 谷歌披露影響開發人員的GitHub 高危0day漏洞 https://www.secrss.com/articles/26765 網絡安全Google修補了適用於Android操作系統的30個漏洞 https://reurl.cc/R1QKWn Linux kernel 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25662 SaltStack 遠程命令執行漏洞（CVE-2020-16846） https://nosec.org/home/detail/4601.html 安全預警- 涉及華為部分產品的不安全加密算法漏洞 https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20201104-01-encryption-cn Huawei FusionCompute 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9128 CVE-2020-17087 Windows 0 day漏洞利用 http://read01.com/mz8DgyB.html HashiCorp Consul 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25201 VoIP伺服器曝重大漏洞，黑客可以繞過管理員身份 http://read01.com/AzQEgjO.html FreePBX仍然是全球VOIP攻擊者的最大目標 http://www.ctiforum.com/news/guonei/579790.html 2.銀行/金融/保險/證券/支付系統/ 新聞及資安螞蟻暫緩上市公告漏洞百出：150字公告出現3處文字錯誤 https://reurl.cc/q839rD 假避險真炒匯外資大買反向ETF https://www.merit-times.com.tw/NewsPage.aspx?unid=602892 臺灣F-ISAC屆滿三年，金管會揭露推動進度與成果 https://www.ithome.com.tw/news/140906 永豐數金大將萬幼筠離職 https://www.chinatimes.com/newspapers/20201105000224-260205?chdtv 《基金》趁螞蟻上市卡關逢低布局金融科技基金 https://www.chinatimes.com/realtimenews/20201104004901-260410?chdtv 遠傳電信攜手銀行、保險業者力推數位金融 https://money.udn.com/money/story/5617/4990840 樂天商銀拚年底試營運將引進全套日本資安系統 https://ec.ltn.com.tw/article/breakingnews/3343466 樂天銀行力拼年底前試營運，但正式公開要等明年！為何純網銀上路時程一延再延 https://www.bnext.com.tw/article/59961/taiwan-internet-only-bank- 樂天商銀拚年底前內部試營運不打燒錢戰略 https://news.cnyes.com/news/id/4538847 3.電子支付/行動支付/pay/資安【電子支付】印度Whatsapp正式推出電子支付　繼巴西失敗後再接再厲 https://reurl.cc/WLVegy 建構台灣支付生態圈電支條例11/9初審 https://ctee.com.tw/news/finance/365518.html 打通無現金社會最後一哩電支條例11/9立法院初審 https://reurl.cc/q8392q 【電子支付】華為測試手機八達通付款服務　支援多款新機型號 https://reurl.cc/Ezaqy0 立院下周初審修法電支機構可設海外據點、打國際盃 https://ec.ltn.com.tw/article/breakingnews/3344386 4.加密貨幣/挖礦/區塊鍊資安比特幣價值逼迫40萬台幣　背後神祕真相曝光 https://www.setn.com/News.aspx?NewsID=843465 瑞波｜冷錢包 Ledger 驚傳大規模釣魚攻擊，駭客已盜走「28 萬美元 — 115萬顆 XRP」 https://www.blocktempo.com/ledger-users-got-hacked-1-15m-xrp-by-phishing-scam/ 大選推動比特幣牛市：還會繼續漲 https://www.storm.mg/article/3173851 關於PayPal支援比特幣的未來，你信嗎 https://www.bnext.com.tw/article/59914/paypal-bitcoin-cryptocurrency 美國司法部推出加密貨幣實施框架 https://blog.twnic.tw/2020/11/05/15800/ 數位人民幣最安全？加速國進民退，中國試點市場卻爆山寨危機 https://opinion.udn.com/opinion/story/120972/4991743 Persistent Actor Targets Ledger Cryptocurrency Wallets https://www.proofpoint.com/us/blog/threat-insight/persistent-actor-targets-ledger-cryptocurrency-wallets 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 義大利酒商Campari Group遭勒索軟體攻陷，駭客要脅1,500萬美元贖金 https://www.ithome.com.tw/news/140967 贖金恐超過千萬美元！卡普空遭 Ragnar Locker 勒索軟體攻擊 https://technews.tw/2020/11/06/ransomware-hackers-hit-capcom-networks/ 芭比娃娃製造商Mattel遭到勒索軟體攻擊 https://www.ithome.com.tw/news/140932 Browser Bugs Exploited to Install 2 New Backdoors on Targeted Computers https://thehackernews.com/2020/10/browser-exploit-backdoor.html Anchor Project for Trickbot Adds ICMP https://labs.sentinelone.com/anchor-project-for-trickbot-adds-icmp/ Dropping the Anchor https://www.netscout.com/blog/asert/dropping-anchor New Kimsuky Module Makes North Korean Spyware More Powerful https://thehackernews.com/2020/11/new-kimsuky-module-makes-north-korean.html Alert (AA20-301A) North Korean Advanced Persistent Threat Focus: Kimsuky https://us-cert.cisa.gov/ncas/alerts/aa20-301a More suspected North Korean malware identified after US alert on Kimsuky hackers https://www.cyberscoop.com/north-korea-espionage-kimsuky-cybereason/ Back to the Future: Inside the Kimsuky KGH Spyware Suite https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite Iranian hackers probed election-related websites in 10 states, US officials say https://www.cyberscoop.com/iran-election-hacking-state-websites-probe-fbi/ Alert (AA20-304A) Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data https://us-cert.cisa.gov/ncas/alerts/aa20-304a Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945 https://www.fireeye.com/blog/threat-research/2020/11/live-off-the-land-an-overview-of-unc1945.html TinyPOS and ProLocker: An Odd Relationship https://norfolkinfosec.com/tinypos-and-prolocker-an-odd-relationship/ NEW MALWARE SAMPLES IDENTIFIED IN POINT-OF-SALE COMPROMISES https://usa.visa.com/dam/VCOM/global/support-legal/documents/new-pos-malware-samples.pdf ATT&CKing ProLock Ransomware https://www.group-ib.com/blog/prolock 북한 연계 해킹조직 탈륨, 미국 대선 예측 언론 문서로 위장한 APT 공격 수행 https://blog.alyac.co.kr/3352 Hacks for sale: inside the Buer Loader malware-as-a-service https://news.sophos.com/en-us/2020/10/28/hacks-for-sale-inside-the-buer-loader-malware-as-a-service/ IoCs/Troj-BuerLd-A.csv https://github.com/sophoslabs/IoCs/blob/master/Troj-BuerLd-A.csv "Front Door" into BazarBackdoor: Stealthy Cybercrime Weapon https://www.advanced-intel.com/post/front-door-into-bazarbackdoor-stealthy-cybercrime-weapon Gitpaste-12: a new worming botnet with reverse shell capability spreading via GitHub and Pastebin https://blogs.juniper.net/en-us/threat-research/gitpaste-12 The Ryuk Threat: Why BazarBackdoor Matters Most https://cofense.com/the-ryuk-threat-why-bazarbackdoor-matters-most/ A Decade of WMI Abuse – an Overview of Techniques in Modern Malware https://www.bitdefender.com/files/News/CaseStudies/study/377/Bitdefender-Whitepaper-WMI-creat4871-en-EN-GenericUse.pdf njRAT Rising - The Increase in Activity of the Remote Access Trojan https://blog.cyberint.com/njrat-bulletin ZLoader 악성코드, 사업 정지 경고로 위장해 유포중 https://blog.alyac.co.kr/3322 The Hasty Agent: Agent Tesla Attack Uses Hastebin https://www.deepinstinct.com/2020/10/29/the-hasty-agent-agent-tesla-attack-uses-hastebin/ Turla uses HyperStack, Carbon, and Kazuar to compromise government entity https://www.accenture.com/us-en/blogs/cyber-defense/turla-belugasturgeon-compromises-government-entity KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms https://thehackernews.com/2020/10/kashmirblack-botnet-hijacks-thousands.html Ransomware Wave Targets US Hospitals: What We Know So Far https://reurl.cc/Ezaqem B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G 【小心預覽連結！】台灣人最愛用的 Messenger、LINE、IG 都有資料外洩風險 https://buzzorange.com/techorange/2020/11/05/link-preview-disadvantages/ 蘋果釋出iOS 14.2，修補已被駭客開採的3個安全漏洞 https://www.ithome.com.tw/news/140964 NASA公開反對AST & Science的衛星行動網路計畫 https://www.ithome.com.tw/news/140916 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 FBI警告醫療機構遭網路攻擊！駭客稱400多家醫院遇害 https://reurl.cc/ldMEMA 電玩之大數據、大監控 https://talk.ltn.com.tw/article/paper/1410867 雙十一線上購物浪潮來襲，電商如何有效應付爆棚流量 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=40&id=0000597490_HV638WCVL2VATDLZ7GHP2 Web應用攻擊上半年激增超800%，政府機構成重災區 https://news.sina.com.tw/article/20201105/36797950.html 駭客以Google表單作為網釣跳板，竊取AT&T憑證 https://www.ithome.com.tw/news/140968 前澳洲眾議院議長警告台海局勢牽動澳洲國家安全 https://www.cna.com.tw/news/aopl/202011060042.aspx 【威盛晶片風暴1】曾遭控留後門洩個資　威盛瑕疵晶片遭判賠 https://www.mirrormedia.mg/story/20190507inv001/ 【威盛晶片風暴2】港中台求償官司三地開打　香港仲裁成關鍵 https://www.ettoday.net/news/20200508/1847950.htm?redirect=1 【威盛晶片風暴3】手機過熱害當機　立委質疑間諜晶片惹禍 https://www.ettoday.net/news/20200508/1848354.htm?redirect=1 【威盛晶片風暴4】合作商向王雪紅老公追債　北京法院自承管不到台灣 https://www.ettoday.net/news/20200508/1847833.htm?redirect=1 【威盛晶片風暴5】威勝賠償金早編列　苦主纏訟10年拿不到半毛錢 https://www.ettoday.net/news/20200508/1847948.htm?redirect=1 【威盛晶片風暴6】王雪紅創2股王　從天價崩跌下殺1折 https://www.ettoday.net/news/20200508/1847834.htm?redirect=1 以駭客為主題的《看門狗：自由軍團》原始碼真的被駭客竊取，560 GB 檔案全被偷 https://games.yahoo.com.tw/watchdogreal-112339915.html 臺灣主機託管業者再傳遭到來自國內IP位址的DDoS攻擊！捕夢網連續4天遭到攻擊 https://www.ithome.com.tw/news/140950 黃竹坑公司電腦有駭客入侵勒索4萬元虛擬貨幣 https://reurl.cc/R1QKr9 美國司法部繳獲與網上毒品市場「絲綢之路」有關的10億美元比特幣 https://reurl.cc/Q3O1L9 值 10 億美元！美國司法部查獲暗網「絲路」相關 7 萬枚比特幣 https://www.inside.com.tw/article/21469-us-feds-seize-1-billion-in-bitcoin-from-wallet-linked-to-silk-road 美國空軍購買 DJI 無人機議員憂敏感資料外洩中方 https://reurl.cc/k0Q4kr 威州黨部遭駭客入侵！川普競選帳戶丟失逾6千萬 https://reurl.cc/6leper Premium-Rate Phone Fraudsters Hack VoIP Servers of 1200 Companies https://thehackernews.com/2020/11/premium-rate-phone-fraudsters-hack-voip.html Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/seedworm-apt-iran-middle-east INJ3CTOR3 Operation – Leveraging Asterisk Servers for Monetization https://research.checkpoint.com/2020/inj3ctor3-operation-leveraging-asterisk-servers-for-monetization/ New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service https://thehackernews.com/2020/11/new-natfirewall-bypass-attack-lets.html Taiwanese Company Admits Stealing US Trade Secrets https://www.infosecurity-magazine.com/news/taiwanese-company-admits-stealing/ Cybersecurity expert explains alleged Wisconsin GOP hack https://wkow.com/2020/10/29/cybersecurity-expert-explains-alleged-wisconsin-gop-hack/ Hackers stole $2.3 million from the Wisconsin Republican party https://www.theverge.com/2020/10/29/21540135/wisconsin-republican-party-hack-2-3-million-stolen D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞暗網搶手貨？駭客熱衷兜售Robinhood相關個資　本周近萬筆電郵資料遭洩 https://tw.appledaily.com/property/20201101/MDDNBWOWUZHOTI6ETK3U747RF4/ 奎丁加入「神秘色情片群組」驚見自己！　一翻長串名單怒了：這是數位性暴力 https://star.ettoday.net/news/1844135 美情報官員：伊朗黑客入侵一州選民數據庫 https://www.epochtimes.com/b5/20/10/31/n12515588.htm 女子誤信博彩網站存“漏洞時段”被騙19萬人民幣 https://reurl.cc/gmEg4p 萬豪因泄露3億客人信息被罰1.6億歷經4年漏洞才被發現 https://news.sina.com.tw/article/20201104/36786296.html 利用招商銀行“閃電貸”徵信系統漏洞詐騙團伙騙得貸款400餘萬元 http://finance.caijing.com.cn/20201104/4711505.shtml 慎防詐騙集團周末蠢動好物市集提5大防詐提醒 https://reurl.cc/e8Z0WL 日本電玩開發商卡普空疑遭勒索軟體攻擊，被盜走1TB資料 https://www.ithome.com.tw/news/140960 雙11防詐騙趨勢科技：三招嚴堵駭客竊個資 https://money.udn.com/money/story/5612/4993782 兩名交易員了結與SEC公司數據庫遭駭客攻擊有關的案件 https://reurl.cc/bRyZEE 阿里巴巴旗下的Lazada稱駭客竊取了客戶數據 https://reurl.cc/Y6nMna 阿里巴巴旗下新加坡電商 Lazada 遭駭客入侵，110 萬客戶數據外洩 https://technews.tw/2020/11/06/alibaba-owned-lazada-suffers-data-breach-for-its-grocery-delivery-business-in-singapore/ Purchase Order Phishing, the Everlasting Phishing Tactic https://cofense.com/purchase-order-phishing-the-everlasting-phishing-tactic/ Online Leader Invites You to This Webex Phish https://cofense.com/online-leader-invites-you-to-this-webex-phish/ 해외 로그인 문자메시지로 위장된 국내 암호화폐 피싱 사이트 주의 https://blog.alyac.co.kr/3321 E.研究報告肚腦蟲組織（ APT-C-35）疑似針對巴基斯坦軍事人員的最新攻擊活動 https://blogs.360.cn/post/APT-C-35_target_at_armed_forces_in_Pakistan.html 如何通過查找惡意開發者的線索來尋找漏洞（上） https://www.chainnews.com/zh-hant/articles/975983726494.htm 如何通過查找惡意開發者的線索來尋找漏洞（中） https://www.chainnews.com/zh-hant/articles/632568220307.htm CVE-2020-27194：Linux內核eBPF模塊提權突破的分析與利用 https://www.anquanke.com/post/id/221545 挖洞經驗| 價值6k$的星巴克官網賬戶劫持漏洞 https://netsecurity.51cto.com/art/202011/630914.htm CVE-2020-16898 TCP/IP遠程代碼執行漏洞 https://zhuanlan.zhihu.com/p/274622102 WebLogic-XMLDecoder反序列化漏洞分析 https://xz.aliyun.com/t/8465 全球量子加密通訊發展現況與趨勢 [趨勢新知] https://www.moea.gov.tw/MNS/doit/bulletin/Bulletin.aspx?kind=4&html=1&menu_id=13553&bull_id=7935 SD-WAN安全網路新架構助製造業於決勝千里之外 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=13&id=0000596464_ZTA5BO7V5K651I56VZFH6 旅行路上的資安交戰守則！ft.旅行熱炒店 https://infosecdecompress.com/posts/patches_security_tips_for_traveling [Kali]--攻擊PDF漏洞 https://blog.csdn.net/weixin_42633229/article/details/109535367 Attacks on industrial enterprises using RMS and TeamViewer:new data https://ics-cert.kaspersky.com/media/Kaspersky-Attacks-on-industrial-enterprises-using-RMS-and-TeamViewer-EN.pdf Attacks on industrial enterprises using RMS and TeamViewer: new data https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer-new-data/99206/ P.A.S. Fork v. 1.0 — A Web Shell Revival https://blog.sucuri.net/2020/10/p-a-s-fork-v-1-0-a-web-shell-revival.html GRIZZLY STEPPE – Russian Malicious Cyber Activity https://us-cert.cisa.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf If You Don't Have A SASE Cloud Service, You Don't Have SASE At All https://thehackernews.com/2020/11/if-you-dont-have-sase-cloud-service-you.html F.商業產官學共同攜手破解場域和人才缺口兆勤力促資安從產業化走向國際化 https://www.bnext.com.tw/article/59945/zyxel Arm 打造 Cortex-A78C CPU 設計，推動運算效能更高的筆電產品 https://www.eprice.com.tw/tech/talk/1184/5569726/1 專家系統測知水準　提供循序補強建議製造業資安體檢　評估改善有據 http://www.netadmin.com.tw/netadmin/zh-tw/market/A4A9B593906141EA8DE2FF1F9A594E79 宏碁2020年特色新品陸續開賣滿足多元商務客群 https://zeekmagazine.com/archives/135044 新漢公司超前部署智慧製造、智慧醫療新契機 https://ctee.com.tw/industrynews/technology/364593.html 專家系統測知水準　提供循序補強建議製造業資安體檢　評估改善有據 http://www.netadmin.com.tw/netadmin/zh-tw/market/A4A9B593906141EA8DE2FF1F9A594E79 臺灣資安新創奧義智慧唯一加入日本資安通報應變體系 https://www.zerone.com.tw/Content/Product/04B67D0FF38F7FB3 微軟IBM大廠爭相投入科技部擬提高量子技術經費 https://www.cna.com.tw/news/ait/202011030272.aspx G.政府卡式台胞證與數位身分證？其實問題在晶片 https://www.inside.com.tw/article/21470-eMRTD 數位身分證安全疑慮中研院學者提三大解方 https://news.ltn.com.tw/news/politics/breakingnews/3342108 數位身分證內政部︰資安控管國際安全認證 https://news.ltn.com.tw/news/life/paper/1410544 數位身分證會不會有資安疑慮？中研院學者提出3大問題，呼籲政府暫緩換發 https://www.storm.mg/lifestyle/3176477 臺灣人權促進會針對數位身分證提出集體訴訟，資安疑慮、法源不足是民間團體質疑焦點 https://www.ithome.com.tw/news/140925 中研院學者籲暫緩數位身分證內政部：有風險管控 https://udn.com/news/story/6656/4990489?from=udn-catebreaknews_ch2 首任「數位發展部」部長由郭耀煌出線？立委高虹安喊話：新任部長必須針對這四大面向做統籌規劃 https://reurl.cc/av7pE4 行政院欲強化資安，擬在數位發展部下設資安署 http://www.yucc.org.tw/news/domestic/20201106-1 李副總長主持資安鑑識實驗室授證典禮國軍資安能量獲國際肯定 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1283441&type=immediate 李廷盛見證國軍資安新里程碑 https://reurl.cc/ldMEXA 關務署高雄關獲得資安認證 https://www.chinatimes.com/realtimenews/20201105004399-260410?chdtv H.工控系統/ICS/SCADA 相關資安 HGC環電與CyberSecurity Malaysia簽署諒解備忘錄 https://times.hinet.net/news/23106802 聯醫率先設置獨立資安中心，自建資安IT還兼顧OT法遵 https://www.ithome.com.tw/people/140837 ICS Advisory (ICSA-20-303-01) Mitsubishi Electric MELSEC iQ-R, Q and L Series https://us-cert.cisa.gov/ics/advisories/icsa-20-303-01 ICS Advisory (ICSA-20-303-02) Mitsubishi Electric MELSEC iQ-R https://us-cert.cisa.gov/ics/advisories/icsa-20-303-02 Mitsubishi Electric FR Configurator2 資源管理錯誤漏洞（CICSVD-2020-0003550） https://www.cics-vd.org.cn/publish/main/list/leakInfo/leakInfo_12384.html I.教育訓練大葉資管系大三生宋昕岳考取國際資安證照 https://reurl.cc/ldMEZE CIA-資安的目標 https://ithelp.ithome.com.tw/articles/10254104?sc=rss.qu How to Prevent Pwned and Reused Passwords in Your Active Directory https://thehackernews.com/2020/11/how-to-protect-yourself-from-pwned-and.html 5 Essential Steps to Improve Cybersecurity Maturity https://www.tripwire.com/state-of-security/featured/5-essential-steps-improve-cybersecurity-maturity/ Real-Time Observability with Redis and Grafana https://redislabs.com/blog/real-time-observability-with-redis-and-grafana/ J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 u-blox推出IoT安全即服務產品組合 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=35&id=0000596700_Q1J6R9NH1YVJYBLGT7J7S 芯科擴展IoT模組　實現應用預認證無線連接 https://www.mem.com.tw/arti.php?sn=2011040006 IoT security 101: Understanding the basics https://www.itproportal.com/features/iot-security-101-understanding-the-basics/ Understanding the Impact of COVID-19 on IoT Security https://securityboulevard.com/2020/11/understanding-the-impact-of-covid-19-on-iot-security/ IoT Security in the Medical Industry https://www.iotforall.com/iot-security-medical 6.近期資安活動及研討會交通大學亥客書院阻斷服務攻擊/分散式阻斷服務攻擊/Botnet 11/7 https://hackercollege.nctu.edu.tw/?p=1218 2020北區資安體驗營－資安人生 No Information Security No Life 11/8 (日) 活動報名時間自109年10月19日上午10點至109年11月4日下午6點止，一律採網路報名 https://docs.google.com/forms/d/1IwTdfwEbQmKMUmsEUiqTkQPumygDbKU0JxJ4Ktti6Z0/viewform?edit_requested=true 資安防護實務與情境演練 2020-11-11 至 2020-11-13 https://cybersecurity.tisnet.com.tw/Home/SignUp/1082 交通大學亥客書院基礎網站安全建構實務 11/14 https://hackercollege.nctu.edu.tw/?p=1220 Gopher Conference Taiwan 2020 11/14 https://www.meetup.com/golang-taipei-meetup/events/272815117/ 交通大學亥客書院系統防護及內網威脅通報應變實戰班 11/17、11/24 http://service.tabf.org.tw/tw/user/409646/course1-4.htm Open Source Digital Forensics Conference 11/18 https://www.osdfcon.org/ 資安社 - VR 大學之道 11/18 https://nsysuisc.kktix.cc/events/vr2020 為了未來的資安創業家的經驗分享及日本市場的機會 11/18 https://www.accupass.com/event/2010211439595871812200 資訊安全防護及案例分享研討會 2020-11-20 https://www.accupass.com/event/2010280613402068809507 Google Cloud 資安攻略，打造更安全的雲端環境｜Google Cloud Security Overview 11/20 https://www.accupass.com/event/2008100235425139714960 [台灣網路講堂]功能變數名稱之扣押與沒收以司法實務操作為中心 11/20 https://www.ihub.tw/Calendar/ihub20201120 Google Cloud 資安攻略，打造更安全的雲端環境｜Google Cloud Security Overview 11/20 https://www.accupass.com/event/2008100235425139714960 Cyberspace 2020聯合研討會 11/20 https://cyber2020.cc-isac.org/announce.php 第一屆『E-Security 2020 資安科技-政府策略&企產資源&學研實務demo論壇』 11/20 https://www.esam.io/e-security-index/ 交通大學亥客書院惡意程式檢測實務 11/21 11/28 https://hackercollege.nctu.edu.tw/?p=1222 電腦稽核協會11月臺北例會_數位化時代－企業內部資訊安全防護及管理機制 11/27 https://www.caa.org.tw/coursedetail-3420.html 物聯網資安標章成果發表會 2020/12/01 https://www.taics.org.tw/RecentACTForm.aspx?ACTCat_id=1&ACT_id=11148 AWS 開發者的年末盛會 2020 年 12 月 4 日 (五) https://aws.amazon.com/tw/events/taiwan/devday/?sc_category=mult 吱吱盃駭客松 2020/12/11 https://nsysuisc.kktix.cc/events/hackathon2020 交通大學亥客書院高階網頁滲透測試 12/5 12/12 https://hackercollege.nctu.edu.tw/?p=1224 交通大學亥客書院系統滲透測試與漏洞利用 12/19 https://hackercollege.nctu.edu.tw/?p=1226 交通大學亥客書院 AI於資訊安全之應用 2021/1/9 1/16 https://hackercollege.nctu.edu.tw/?p=1228 交通大學亥客書院企業網域控管－Active Directory攻擊與防禦 2021/1/23 https://hackercollege.nctu.edu.tw/?p=1230