###### tags: `資安事件新聞週報` # 資安事件新聞週報 2020/8/31 ~ 2020/9/4 1.重大弱點漏洞/後門/Exploit/Zero Day Oracle NetSuite 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14729 Aruba Intelligent Edge Switch 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5321 CVE-2020-24616：Jackson 多個反序列化安全漏洞 https://www.anquanke.com/post/id/215721 JustSystems Ichitaro（一太郎）緩衝區溢出漏洞 https://www.freebuf.com/vuls/248109.html QNAP再被發現有RCE漏洞，廠商雖然早於2017年發布更新韌體，但仍有設備未更新 https://www.ithome.com.tw/news/139710 Slack修補遠端程式攻擊漏洞，只付1,750美元惹爭議 https://www.ithome.com.tw/news/139696 IBM Resilient 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4579 GitLab 13.3開始提供模糊測試，可發現Go和C/C++應用程式臭蟲 https://www.ithome.com.tw/news/139671 Mozilla 產品多個漏洞 https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-41/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-38/ Bridgefy離線通訊存私隱漏洞 http://startupbeat.hkej.com/?p=91596 ESET發布了用於在Thunderbolt界面中導航來自漏洞的風險的指南 https://reurl.cc/v1qXol HiCOS資安漏洞通知，請盡速更新版本 https://www.chgsh.chc.edu.tw/newsin.php?_nClass=2&nID=11343 Safari 驚爆新漏洞！用戶過往 瀏覽記錄全曝光 https://kknews.cc/tech/kkv4vzp.html IBM DB2資料庫爆資料外洩漏洞，影響Windows版本 https://www.ithome.com.tw/news/139575 IBM Security Key Lifecycle Manager賬戶問題漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4567 Gmail四月份爆出漏洞遲遲不修 研究人員八月公布漏洞後七小時內急修好 https://reurl.cc/0OjnK6 Gmail 冒名轉寄漏洞發現逾 4 個月，Google 終於推出修補程式 https://technews.tw/2020/08/27/sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/ Google 修復可造成遠端執行任意程式碼的嚴重 Chrome 漏洞 https://www.twcert.org.tw/tw/cp-104-3905-b33da-1.html Google Chrome 多個漏洞 https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html 【頁面操作效率大提升】Chrome 新增分頁群組功能，還可直接編輯 PDF https://buzzorange.com/techorange/2020/08/27/google-chrome-85/ Google Researcher Reported 3 Flaws in Apache Web Server Software https://thehackernews.com/2020/08/apache-webserver-security.html Apache伺服器爆致命漏洞；暗網巨頭關閉數日疑遭DDoS攻擊 https://kknews.cc/tech/9vg54el.html Chrome 85出爐，網頁載入速度快10% https://www.ithome.com.tw/news/139608 「緊急通知」寶塔面板漏洞linux正式版7.4.2 https://segmentfault.com/a/1190000023732864 【安全通報】寶塔某處未授權訪問數據庫漏洞 https://nosec.org/home/detail/4536.html Check Point Research 發現 Alexa 特定子域存在漏洞 https://kknews.cc/tech/3yvy88g.html 微軟緊急推出資安修補更新，修復兩個可提升執行權限的嚴重資安漏洞 https://www.twcert.org.tw/tw/cp-104-3891-5dc4f-1.html 微軟物聯網安全解決方案發現特權提升漏洞，需要盡快升級 https://tech.sina.com.cn/roll/2020-08-26/doc-iivhuipp0788878.shtml Windows 8.1、RT 8.1 和 Server 2012 R2 的安全更新：2020 年 8 月 19 日 https://support.microsoft.com/zh-cn/help/4578013/security-update-for-windows-8-1-rt-8-1-and-server-2012-r2 研究人員披露Safari Web Share API漏洞詳情蘋果計劃2021年春季修復 https://www.cnbeta.com/articles/tech/1020059.htm Metasploit Framework module 存在安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7376 Cellopoint CelloOS - Unauthenticated Arbitrary File Disclosure https://www.twcert.org.tw/tw/cp-132-3846-7790c-1.html Jackson反序列化遠程代碼執行漏洞（CVE-2020-24616）風險通告，騰訊雲防火牆支持攔截 https://s.tencent.com/research/bsafe/1102.html Linux 內核多個漏洞 https://www.auscert.org.au/bulletins/ESB-2020.2864.2/ Check Point Research 發現Alexa 特定子域存在漏洞 https://www.ofweek.com/security/2020-08/ART-510010-8460-30455136.html Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 Patch now: Cisco warns Jabber IM client for Windows has a critical flaw https://www.zdnet.com/article/cisco-warns-jabber-im-client-for-windows-has-a-critical-flaw/ Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely https://thehackernews.com/2020/09/cisco-jabber-hacking.html High-Severity Cisco DoS Flaw Plagues Small-Business Switches https://threatpost.com/high-severity-cisco-dos-flaw-small-business-switches/158124/ Security Bulletin: WebSphere Application Server ND is vulnerable to cross-site scripting (CVE-2020-4575) https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-nd-is-vulnerable-to-cross-site-scripting-cve-2020-4575/ Security Bulletin: WebSphere Application Server ND is vulnerable to cross-site scripting (CVE-2020-4575) https://www.ibm.com/support/pages/node/6323293 SECURITY BULLETIN: Trend Micro Deep Security Manager and Vulnerability Protection Multiple Vulnerabilities https://success.trendmicro.com/solution/000252039-SECURITY-BULLETIN-Trend-Micro-Deep-Security-and-Vulnerability-Manager K02663161: BIND vulnerability CVE-2020-8622 https://support.f5.com/csp/article/K02663161 Windows 10: Microsoft Leaves Active Security Exploit Unfixed—For Two Years! https://www.forbes.com/sites/daveywinder/2020/08/30/windows-10-microsoft-leaves-active-security-exploit-unfixed-for-two-years-glueball/#7d581a1e1a9e Cellopoint CelloOS - Remote Command Execution (RCE) https://www.twcert.org.tw/tw/cp-132-3845-be6bf-1.html Safari 驚爆新漏洞！用戶過往「瀏覽紀錄全曝光」　iOS14 測試版已先搶修 https://www.ettoday.net/news/20200826/1793703.htm Safari藏漏洞使iPhone及Mac用戶陷點擊詐騙風險，但蘋果計畫2021年初才要補 https://www.ithome.com.tw/news/139606 思科交換機和光纖存儲解決方案發現高危漏洞，需要盡快升級 http://finance.jrj.com.cn/tech/2020/08/27155930604829.shtml Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild https://thehackernews.com/2020/09/cisco-issue-warning-over-ios-xr-zero.html TeamViewer高危漏洞可洩露用戶密碼 https://www.aqniu.com/news-views/69677.html 微軟IoT硬體安全平台Azure Sphere爆出權限升級與程式碼執行漏洞 https://reurl.cc/R1jOLD 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 封閉式網絡失守 「判上判」程式開發成漏洞 https://reurl.cc/LdbDDX 數位資產可獲保險保障 https://view.ctee.com.tw/processing/22505.html 行庫振興進度 財部9／7驗收 https://www.chinatimes.com/newspapers/20200824000156-260202?chdtv 街口託付寶安全嗎？這3大風險在你投資前一定要知道 https://www.storm.mg/article/2984421 金控集團 將可共享客戶資料 https://money.udn.com/money/story/5613/4822339 一銀ATM盜領後教訓 打斷手骨顛倒勇 https://ec.ltn.com.tw/article/breakingnews/3279298 純網銀向白帽駭客請益 強化資安實兵演練 https://money.udn.com/money/story/5613/4813498 永豐金控 贊助資安會議 https://www.chinatimes.com/newspapers/20200825000421-260203?chdtv 《金融》金融三業衝金融科技 支付、機器人、保險科技最夯 https://reurl.cc/VXj16n 北韓「募資」新招？駭客為拯救祖國不惜搶劫全球銀行 https://newtalk.tw/news/view/2020-08-27/456933 美國對北韓駭客的全球銀行盜竊行動進行警告 https://reurl.cc/j5kGpp 美警告：北韓駭客入侵多國銀行竊取資金 讓ATM吐鈔 https://ec.ltn.com.tw/article/breakingnews/3272985 監理科技黑客松 開跑 https://money.udn.com/money/story/5607/4806730 在網路輸入信用卡號要注意的兩件事 https://blog.trendmicro.com.tw/?p=65085 數位理財通／純網銀發展 留意五大關鍵 https://money.udn.com/money/story/9740/4818307 台灣首屆監理科技黑客松 Taiwan RegTech Challenge 2020 廣發全球英雄帖 https://www.bnext.com.tw/article/59001/tdcc1 頻遭網路攻擊 紐西蘭證交所連3日中斷交易 https://ctee.com.tw/news/global/325744.html 紐西蘭證交所遭駭 交易連4天停擺 週五終恢復 https://reurl.cc/x0OQNe 紐西蘭證交所再遭境外駭客攻擊 情報單位將調查 https://money.udn.com/money/story/5602/4818478 財經背景不是唯一標準！將來銀行總經理：具備這些特質才適合當「純網銀人」 https://buzzorange.com/techorange/2020/08/28/online-bank-needs-new-prefessional/ 海外券商免手續費暗藏陷阱 KPMG：小心資安！ https://money.udn.com/money/story/5613/4829178 香港財庫局推「千人計劃2.0」 冀創1500個金融業新職位 http://www.hkcd.com/content/2020-08/28/content_1210853.html 【臺灣資安大會直擊】永豐金控數位科技長萬幼筠：金融資安出現6大典範轉移，數位金融更將成為資安治理最大挑戰 https://www.ithome.com.tw/news/139628 Magecart’s Success Paves Way For Cybercriminal Credit Card ‘Sniffer’ Market https://threatpost.com/magecarts-success-paves-way-for-cybercriminal-credit-card-sniffer-market/158684/ Credit Card ‘Sniffers’ Pose Persistent Threat to Growing E-Commerce Industry https://www.recordedfuture.com/credit-card-sniffers/ ATM vendors Diebold and NCR fixed deposit forgery bugs https://securityaffairs.co/wordpress/107421/hacking/diebold-nixdorf-ncr-deposit-forgery.html New Zealand stock exchange disrupted by fourth 'offshore' cyber attack https://www.theguardian.com/world/2020/aug/28/new-zealand-stock-exchange-disrupted-by-fourth-offshore-cyber-attack New Zealand stock exchange halted by cyber-attack https://www.bbc.com/news/53918580#:~:text=NZX%20said%20it%20had%20first,before%2016%3A00%20local%20time. PANDEMIC UNEMPLOYMENT ASSISTANCE FRAUD REMAINS PROLIFIC http://click.broadcasts.visa.com/xfm/?41081/0/5b9664726de563dcd4507e334c5c7daa/lonew Online Banking Mistakes that can Compromise your Bank Account https://futtress.com/simple-online-banking-mistakes/ NCR confirms malware in lab environment, says clients not at risk https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/ Academics bypass PINs for Visa contactless payments https://www.zdnet.com/article/academics-bypass-pins-for-visa-contactless-payments/ New Zealand Stock Exchange Trades Again After DDoS https://www.bankinfosecurity.com/new-zealand-stock-exchange-trades-again-after-ddos-a-14904 UltraRank hackers steal credit cards from hundreds of stores https://www.bleepingcomputer.com/news/security/ultrarank-hackers-steal-credit-cards-from-hundreds-of-stores/ Lack of MFA May Have Caused Sendgrid Account Compromise https://www.bankinfosecurity.com/lack-mfa-may-have-caused-sendgrid-account-compromise-a-14916 US Agencies Warn of Uptick in North Korean Bank Heists https://www.bankinfosecurity.com/us-agencies-warn-uptick-in-north-korean-bank-heists-a-14902 New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data https://thehackernews.com/2020/09/credit-card-telegram-hackers.html 3.電子支付/行動支付/pay/資安 交通罰單新增行動支付管道 今起LINE Pay Money也能繳 https://news.ltn.com.tw/news/life/breakingnews/3280158 街口首創條碼三合一...狠甩對手3年、整合三大超商2350萬會員，致勝關鍵在哪 https://www.bnext.com.tw/article/59045/jkos-e-invoice 國泰世華銀行攜手誠品打造 「eslite Pay」 https://www.chinatimes.com/realtimenews/20200903004318-260410?chdtv 不再需要會員卡！ 花蓮知名打卡地標商場推出全方位行動支付 https://reurl.cc/m9GZ8G 【刷卡繳學費】3管道大PK　街口、Line Pay回饋大完勝 https://tw.appledaily.com/property/20200830/RPWSCY3QKZDSNKA3UAANZCCPMQ/ 玉山銀：台灣Pay共通規格 有利於營業人受理支付 https://ctee.com.tw/news/finance/327708.html 【電子支付】疫情刺激電商　Visa：上半年電商交易額增10個百分點 https://reurl.cc/Xk451M 最願意在哪用手機支付？7成台人選這 https://reurl.cc/GroX83 《金融》電支使用人數 年底估破千萬 https://reurl.cc/Q3jWr0 街口支付瞄準南部行動支付商機 積極往南拓展 https://udn.com/news/story/7239/4823438 勞Show支道——電子支付再建奇功 https://reurl.cc/pyWZzr 字節跳動取得牌照進入萬億手機支付市場 http://www.hkcna.hk/content/2020/0903/848783.shtml 4.加密貨幣/挖礦/區塊鍊 資安 Defi、錢包、交易所、詐騙… 8月共28起安全事件，危害程度評級為「中級」 https://www.blocktempo.com/peckshield-security-report-august-2020/ 加密幣稅務網 CryptoTrader.Tax 遭駭！上千名交易者個資被竊取 https://blockcast.it/2020/08/25/hacker-stole-data-on-more-than-1k-users-from-cryptotrader-tax/ IRS | 美國國稅局承包商 CryptoTrader.Tax 爆外洩，1,082名「投資人個資」被放到暗網兜售 https://www.blocktempo.com/cryptotrader-tax-users-data-leaked-by-hacker/ 慢霧：技術拆解 YFValue 合約漏洞，一行代碼如何鎖定上億美元 https://www.chainnews.com/zh-hant/articles/188428512978.htm CERtified — Hacken發佈的加密貨幣交易所安全標準 https://reurl.cc/7orln1 美國研究：數位貨幣成大陸資金移出關鍵工具 http://www.bcc.com.tw/newsView.4442506 重磅！建設銀行釋出「DCEP數位貨幣錢包」，中國央行「人民幣3.0」時代來臨！ (內有APP實測) https://www.blocktempo.com/ccb-release-dcep-wallet-app-the-age-of-cbdc-had-come/ 中國推進數字貨幣大規模測試，世界多國角逐激烈 https://www.bbc.com/zhongwen/trad/business-53722841 通膨點燃黃金和比特幣再次發光 https://reurl.cc/6lEL1k 告別紙幣？來看看數位人民幣錢包真實的樣子 https://news.knowing.asia/news/5ec7c0c3-27bf-4408-9895-2f6cb11beee4 「人民幣不適合作避險貨幣」美國智庫學者：中國央行數位貨幣，對美元霸權不構成威脅 https://www.blocktempo.com/dcep-will-rise-but-not-rule/ Binance｜多方打擊加密詐欺！幣安宣布啟動「加密資產安全聯盟」呼籲業者加入 https://www.blocktempo.com/binance-announce-cryptosafe-alliance/ 數字貨幣悄然內測，會取代支付寶和微信嗎 https://news.sina.com.tw/article/20200903/36239502.html 鏈上反恐追蹤：美國司法部披露的「恐怖主義」加密貨幣地址，洗錢流向解析 https://www.blocktempo.com/how-terrorist-organizations-do-money-laundering/ 美國司法部欲查封 280 個「與北韓有關」的加密帳戶，聯手中國 OTC 洗錢獲利數億 https://www.blocktempo.com/us-doj-prosecute-korea-hacker-and-china-otc/ 日本｜LINE 加密版圖再擴張：推出 BITMAX Wallet、區塊鏈開發平台，連結 LINE ID 加快轉帳效率 https://www.blocktempo.com/line-launches-bitmax-wallet-and-line-blockchain-developers/ 美國司法部欲查封 280 個「與北韓有關」的加密帳戶，聯手中國 OTC 洗錢獲利數億 https://www.blocktempo.com/us-doj-prosecute-korea-hacker-and-china-otc/ DOJ Seeks to Recover Stolen Cryptocurrency https://www.bankinfosecurity.com/doj-seeks-to-recover-stolen-cryptocurrency-a-14915 Hacker Stole 1,000 Traders’ Personal Data From Crypto Tax Reporting Service https://www.coindesk.com/hacker-cryptotrader-tax 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Mac 資安威脅越來越高，惡意軟體居然被蘋果認證合格 https://reurl.cc/KjpX5M 安全人員發現 Mac 應用被植入 XCSSET 惡意程式，或將躲過安全偵測滲透 App Store https://www.kocpc.com.tw/archives/340206 『Akamai insight』新冠病毒肆虐的現在， DDoS勒索信件正在亞洲金融產業捲土重來，請加強資安防護 https://www.zerone.com.tw/Content/Product/02A71DA8F9F80BCE AWS社群AMI藏有挖礦惡意程式 https://www.ithome.com.tw/news/139576 2020年最新勒索軟件 Maze雙重勒索 https://reurl.cc/n0EOb8 請注意防範北韓駭客組織所利用之惡意程式 http://net.nthu.edu.tw/2009/mailing:announcement:20200825_01 挖礦惡意程式藉由假防毒防駭軟體大肆散布 https://www.twcert.org.tw/tw/cp-104-3900-ab831-1.html PC用戶注意！資安業者揭露：挖礦惡意程式藉由「假冒版」防毒軟體入侵 https://3c.ltn.com.tw/news/41461 假防毒軟體出沒注意！小心電腦沒獲保護反被利用挖礦 https://newtalk.tw/news/view/2020-08-28/457302 微軟警告Anubis竊密木馬程式已在網路散布 https://www.ithome.com.tw/news/139663 Google 雲端爆安全漏洞！備份圖片恐被「調包」成惡意軟體 https://3c.ltn.com.tw/news/41431 系統才當機就爆漏洞？Google雲端資安問題 備份檔可能被調包成惡意軟體 https://reurl.cc/OqpEQ7 Google Drive 漏洞可能允許攻擊者向你提供惡意軟件 https://www.wangan.com/articles/863 Google雲端有安全漏洞 透過「管理版本」將文件替換成病毒 https://reurl.cc/Q39DNb Google雲端硬碟錯誤可能允許黑客在您的手機上安裝惡意軟體 https://kknews.cc/tech/m9nrpzz.html A Google Drive 'Feature' Could Let Attackers Trick You Into Installing Malware https://thehackernews.com/2020/08/google-drive-file-versions.html 英資安公司調查：非洲市場逾5萬台中國品牌手機含惡意軟體 https://news.ltn.com.tw/news/world/breakingnews/3271627 中國售非洲「廉價手機」出廠藏木馬 移除後「陰魂不散再回來」 https://times.hinet.net/news/23025920 美國公布北韓駭客所使用的RAT惡意程式 https://www.ithome.com.tw/news/139529 請注意防範北韓駭客組織所利用之惡意程式 http://net.nthu.edu.tw/2009/mailing:announcement:20200825_01 美國公布搶劫全球銀行的北韓駭客集團BeagleBoyz分析報告 https://www.ithome.com.tw/news/139632 競爭對手雇用APT駭客在3ds Max軟體植入惡意外掛，入侵知名建商系統竊資 https://www.ithome.com.tw/news/139629 APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage https://thehackernews.com/2020/08/autodesk-malware-attack.html Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware https://thehackernews.com/2020/08/hackers-journalist-malware.html The Kittens Are Back in Town 3 https://www.clearskysec.com/the-kittens-are-back-in-town-3/ An Old Bot’s Nasty New Tricks: Exploring Qbot’s Latest Attack Methods https://research.checkpoint.com/2020/exploring-qbots-latest-attack-methods/ QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money https://thehackernews.com/2020/08/qakbot-banking-trojan.html Gozi: The Malware with a Thousand Faces https://research.checkpoint.com/2020/gozi-the-malware-with-a-thousand-faces/ The Shoe is a Lie: How an Android Botnet Defrauded Advertisers and Consumers https://www.whiteops.com/blog/the-shoe-is-a-lie-how-an-android-botnet-defrauded-advertisers-and-consumers TERRACOTTA Android Malware: A Technical Study https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study Malicious Attachments Remain a Cybercriminal Threat Vector Favorite https://threatpost.com/malicious-attachments-remain-a-cybercriminal-threat-vector-favorite/158631/ Emotet botnet has begun to use a new ‘Red Dawn’ template https://securityaffairs.co/wordpress/107705/cyber-crime/emotet-botnet-red-dawn-template.html Canon confirms ransomware attack in internal memo https://www.bleepingcomputer.com/news/security/canon-confirms-ransomware-attack-in-internal-memo/ Malware-Wielding Extortionists Target Tesla: 8 Takeaways https://www.bankinfosecurity.com/malware-wielding-extortionists-target-tesla-8-takeaways-a-14911 'Lemon Duck' Cryptominer Aims for Linux Systems https://www.bankinfosecurity.com/lemon-duck-cryptominer-aims-for-linux-systems-a-14909 Qbot Banking Trojan Now Hijacks Outlook Email Threads https://www.bankinfosecurity.com/qbot-banking-trojan-now-hijacks-outlook-email-threads-a-14903 Ransomware: DarkSide Debuts; Script-Kiddies Tap Dharma https://www.bankinfosecurity.com/ransomware-darkside-debuts-script-kiddies-tap-dharma-a-14874 Microsoft Defender can ironically be used to download malware https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-can-ironically-be-used-to-download-malware Joker Spyware Plagues More Google Play Apps https://threatpost.com/joker-spyware-google-play-apps-2/158895/ Russian Arrested After Offering $1 Million to U.S. Company Employee for Planting Malware https://thehackernews.com/2020/08/russian-extortion-malware.html Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware https://thehackernews.com/2020/08/hackers-journalist-malware.html NetWalker Ransomware in 1 Hour https://thedfirreport.com/2020/08/31/netwalker-ransomware-in-1-hour/ In the wild QNAP NAS attacks https://blog.netlab.360.com/in-the-wild-qnap-nas-attacks-en/ A Comprehensive Look at Emotet’s Summer 2020 Return https://www.proofpoint.com/us/blog/threat-insight/comprehensive-look-emotets-summer-2020-return Malware Used by Lazarus after Network Intrusion https://blogs.jpcert.or.jp/en/2020/08/Lazarus-malware.html Epic Manchego – atypical maldoc delivery brings flurry of infostealers https://blog.nviso.eu/2020/09/01/epic-manchego-atypical-maldoc-delivery-brings-flurry-of-infostealers/ Epic_Manchego_IOC https://github.com/NVISO-BE/nviso-cti/tree/master/Epic_Manchego_IOC Chinese APT TA413 Resumes Targeting of Tibet Following COVID-19 Themed Economic Espionage Campaign Delivering Sepulcher Malware Targeting Europe https://www.proofpoint.com/us/blog/threat-insight/chinese-apt-ta413-resumes-targeting-tibet-following-covid-19-themed-economic Cybersquatting: Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers https://unit42.paloaltonetworks.com/cybersquatting/ OpBlueRaven: Unveiling Fin7/Carbanak - Part I : Tirion https://threatintel.blog/OPBlueRaven-Part1/ OpBlueRaven: Unveiling Fin7/Carbanak - Part II : BadUSB Attacks https://threatintel.blog/OPBlueRaven-Part2/ Bella https://github.com/kdaoudieh/Bella KryptoCibule: The multitasking multicurrency cryptostealer https://www.welivesecurity.com/2020/09/02/kryptocibule-multitasking-multicurrency-cryptostealer/ KryptoCibule — Indicators of Compromise https://github.com/eset/malware-ioc/tree/master/kryptocibule/ DLL Fixer leads to Cyrat Ransomware https://www.gdatasoftware.com/blog/cyrat-ransomware Threat Actor Profile: TA2719 Uses Colorful Lures to Deliver RATs in Local Languages https://www.proofpoint.com/us/blog/threat-insight/threat-actor-profile-ta2719-uses-colorful-lures-deliver-rats-local-languages Apple Approved Malware https://objective-see.com/blog/blog_0x4E.html The Kittens Are Back in Town 3 Charming Kitten Campaign Evolved and Deploying Spear-Phishing link by WhatsApp https://www.clearskysec.com/wp-content/uploads/2020/08/The-Kittens-are-Back-in-Town-3.pdf “Face Mask Manufacturer” Supplies Agent Tesla Malware https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/ The BLINDINGCAN RAT and Malicious North Korean Activity https://www.sentinelone.com/blog/the-blindingcan-rat-and-malicious-north-korean-activity/ B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G 逾20萬中國傳音手機預載廣告詐騙程式 https://www.ithome.com.tw/news/139600 酈英傑：5G電信商若受中國等威權政府控制 將有隱私安全漏洞 https://www.rti.org.tw/news/view/id/2077446 三星頂規旗艦Note 20 Ultra、旗艦平板Galaxy Tab S7 傳綠螢幕災情 https://3c.ltn.com.tw/news/41460 Android 11增加更多限制！Google為顧用戶隱私將讓第三方App更難用相機 http://n.yam.com/Article/20200824760832 中共抵制蘋果淪笑柄！中國民眾爆搶購 https://reurl.cc/Y69X3a 美國會要擬「框架法案」 全面規範中共app https://reurl.cc/0O2Xv9 自從手機跑分工具App安兔兔被Google下架後，山寨安兔兔開始滿天飛 https://www.techbang.com/posts/80776-the-well-known-running-app-ann-rabbit-was-removed-by-google-and-the-shanzhai-app-flew-in-full 陸製手機竊數據 還亂花錢 https://reurl.cc/e86ODM 逾20萬中國傳音手機預載廣告詐騙程式 https://www.ithome.com.tw/news/139600 譚德塞親中反被捅刀！中國賣給非洲手機被抓包剝削用戶 https://newtalk.tw/news/view/2020-08-27/456763 「WeChat的資安疑慮」之專家回應 https://smctw.tw/7072/ 全國首例！大學生情侶利用微信漏洞獲利被判刑 https://www.sohu.com/a/415388450_161623 1200 個 iOS App 使用含有廣告詐騙惡意程式碼，且會竊取資料的 SDK https://blog.twnic.tw/2020/08/31/14964/ 印度再封鎖118個中國程式，百度及支付寶入列 https://www.ithome.com.tw/news/139763 Government Blocks 118 Mobile Apps Which are Prejudicial to Sovereignty and Integrity of India, Defence of India, Security of State and Public Order https://www.pib.gov.in/PressReleasePage.aspx?PRID=1650669 India bans PUBG Mobile, and over 100 other Chinese apps https://techcrunch.com/2020/09/02/india-bans-pubg-and-over-100-additional-chinese-apps/ Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud https://thehackernews.com/2020/08/ios-sdk-ad-fraud.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 網路戰是新常態 https://times.hinet.net/news/23028285 面對網路攻擊事件,該如何回應 https://blog.trendmicro.com.tw/?p=65051 官方網站為何駭客入侵攻擊 https://web.bc3ts.net/post/4421136 不是被盜刷！酷航系統設定錯誤向沒有購買機票會員寄發航班通知 https://www.kocpc.com.tw/archives/340449 想舒服也要小心！看謎片當心被側錄 恐成為駭客威脅對象 https://reurl.cc/Z7rbv6 90後程序員為炫技控制67萬餘台電腦，又找到博彩網站漏洞獲利百萬，判了 https://ori.hangzhou.com.cn/ornews/content/2020-08/28/content_7802014.htm 後疫情時代的八種資安威脅 https://blog.trendmicro.com.tw/?p=65562 不會 C 語言也可以是資安高手，學好 Python 就能和駭客大戰 https://buzzorange.com/techorange/2020/08/27/cyber-security-with-python/ 【臺灣資安大會直擊】解決攻防團隊各司其職、目標衝突的現象，紅藍隊演練需要透過紫隊來居間協調 https://www.ithome.com.tw/news/139425 【臺灣資安大會直擊】企業要設立資安專責單位，應先考慮的3大資安管理建議 https://www.ithome.com.tw/news/139666 【臺灣資安2020的下一步戰略】透過數據驅動的資安情資，做資安防駭超前部署 http://www.tpcc.org.tw/topic_detail.php?id=f88e7f4a1c350750 被抄還是捲款而逃？全球最大暗網黑市 Empire Market 已蒸發三天 https://www.inside.com.tw/article/20787-Dark-web-Empire-Market-has-mysteriously-disappeared 《一九八四》沒真實上演　竊聽仍在你我身邊 https://www.digitimes.com.tw/col/article.asp?id=1244&cf=AI1 駭客和攝像頭：北京在香港部署「數位羅網」 https://cn.nytimes.com/technology/20200825/hong-kong-national-security-law/zh-hant/ 中共已對淘寶、蝦皮具有更大控制力 我須嚴肅面對中資引發資安及智財威脅 https://reurl.cc/LdpMmx YouTube 解密演算法！回應「黃標」爭議：強調沒有言論審查 https://3c.ltn.com.tw/news/41439 Google、Facebook放棄海底電纜香港端改道台灣、菲律賓上岸，亞太網路樞紐正悄悄轉移 https://reurl.cc/ygQrp2 全球網路攻防搶旗賽CTF九月正式起跑 將首次採全程線上競賽 https://reurl.cc/zzeXOp 趨勢科技辦網路攻防賽 培養全球資安人才 https://money.udn.com/money/story/5612/4809015 【臺灣資安大會直擊】擬定資安策略要從俯視角度看待，活用資安框架及Cyber Defense Matrix更是關鍵 https://www.ithome.com.tw/news/139567 「淘寶台灣」疑資安風險　遭罰41萬新台幣限半年撤資 https://hk.on.cc/hk/bkn/cnt/cnnews/20200824/bkn-20200824152941442-0824_00952_001.html 劍指華為？台美5G安全共同宣言發布 將合作維護資安 http://dev99.newtalk.tw/news/view/2020-08-26/456437 台美攜手去中 美「乾淨路徑」納台灣電信公司 https://reurl.cc/4m4p6K 美國增列中國交建等11家中企 認定受解放軍掌控 https://www.cna.com.tw/news/firstnews/202008290045.aspx 駭客和攝像頭：北京在香港部署「數位羅網」 https://cn.nytimes.com/technology/20200825/hong-kong-national-security-law/zh-hant/ 防堵現漏洞！中企藉複雜交易　已取得美晶片「核心技術」 https://www.setn.com/News.aspx?NewsID=803313 中共駭客攻擊臺灣晶片公司 作案手法曝光 https://reurl.cc/5qraKG 中國挖不到就偷！ 7家竹科半導體廠遭駭　從晶片設計到程式碼都要　在美國資安界「引起很大轟動」 https://reurl.cc/av9zZQ 對共軍資通電戰必須官民合作 https://reurl.cc/D6dXpE 中共攻台資訊安全戰 「軟硬」二手策略曝光 https://www.epochtimes.com/b5/20/8/30/n12367954.htm 各取所需產業鏈！清大研究生兩度勇闖中國「統戰團」，直擊中國人也未必懂的黑箱結構 https://reurl.cc/q8ONvg 簡報：新疆封城防疫引發民怨；時報專訪原黨校教授蔡霞 https://cn.nytimes.com/morning-brief/20200826/xinjiang-coronavirus-lockdown-cai-xia-xi-china/zh-hant/ 中國國家密碼管理局《商用密碼管理條例（修訂草案徵求意見稿）》公開徵求意見 https://mp.weixin.qq.com/s/L-EUTmM3wE2NdgnNlSCdnQ 澳洲將調查外國勢力介入大學 疑為阻中國影響力 https://money.udn.com/money/story/5599/4824206 中國鑽澳洲法律漏洞 廣攬人才助陣高科技研發 https://udn.com/news/story/6809/4806502 中國鑽澳洲法律漏洞　招募頂尖科學家拿澳洲補助在中國註冊專利 https://tw.appledaily.com/international/20200825/LD2HNVYHABE5FGYGR3ZTP6IW6A/ 2020年上半年美國網絡安全政策與舉措動態 https://mp.weixin.qq.com/s/rCgFmrn8ULuGpFj27Gek1A 擴大「排中」! 印度政府要求所有電信商勿買中國設備 https://newtalk.tw/news/view/2020-08-25/455632 傳500中國人申請「黃金護照」　審查存漏洞 https://hk.on.cc/hk/bkn/cnt/aeanews/20200827/bkn-20200827123000143-0827_00912_001.html 靠投資移民賺錢 賽普勒斯竟賣「黃金護照」給罪犯 https://news.ltn.com.tw/news/world/breakingnews/3269275 金小胖還好嗎？　金正恩露面駁斥昏迷傳言，北韓仍面臨兩大危機夾擊 https://www.storm.mg/article/2979580 日本が中国の影響工作に警戒せねばならない訳 https://toyokeizai.net/articles/-/371385 吹哨者揭露丹麥情報機關監控公民通訊，局長、官員遭停職 https://www.ithome.com.tw/news/139641 US wants to seize cryptocurrency stolen by North Korean hackers https://www.bleepingcomputer.com/news/security/us-wants-to-seize-cryptocurrency-stolen-by-north-korean-hackers/ Cisco engineer resigns then nukes 16k WebEx accounts, 456 VMs https://www.bleepingcomputer.com/news/security/cisco-engineer-resigns-then-nukes-16k-webex-accounts-456-vms/ Musk confirms Tesla Nevada factory was target of ‘serious’ cyber attack https://www.defenceweb.co.za/cyber-defence/musk-confirms-tesla-nevada-factory-was-target-of-serious-cyber-attack/ The Ministry of Internal Affairs of Bashkortostan intends to cooperate with white hackers to reduce cyber crime https://www.ehackingnews.com/2020/08/the-ministry-of-internal-affairs-of.html Iranian Hackers Using LinkedIn, WhatsApp to Target Victims https://www.bankinfosecurity.com/iranian-hackers-using-linkedin-whatsapp-to-target-victims-a-14914 Luxury Real Estate Rivalry Involved Hired Hackers https://www.bankinfosecurity.com/luxury-real-estate-rivalry-involved-hired-hackers-a-14894 Hacking-for-Hire Group Expands Cyber Espionage Campaign https://www.bankinfosecurity.com/hacking-for-hire-group-expands-cyber-espionage-campaign-a-14889 Massive Freepik Data Breach Tied to SQL Injection Attack https://www.bankinfosecurity.com/massive-freepik-data-breach-tied-to-sql-injection-attack-a-14880 WordPress File Manager plugin flaw causing website hijack exploited in the wild https://www.zdnet.com/article/wordpress-file-manager-bug-causing-full-website-takeover-exploited-in-the-wild/ Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today https://thehackernews.com/2020/09/ssl-tls-certificate-validity-398.html Who Is PIONEER KITTEN https://www.crowdstrike.com/blog/who-is-pioneer-kitten/ SWP4_615 資安主管 - 傳統製造業 https://www.104.com.tw/job/7188t 資安滲透測試人員(網路安全分析師,Internet程式設計師,其他資訊專業人員) https://www.cakeresume.com/companies/ace-home/jobs/d3242b 科技廠資安管制員(機動) https://www.518.com.tw/job-LzpkVz.html 資安工程師、網管人員、網路工程師 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=114025&HIRE_ID=9912237 高薪韌體Firmware Kernel Developer (資安/密碼學 台北工作) ETP2_620 https://www.104.com.tw/job/71ja4 資安網路系統工程師【BU3-高雄】 https://www.104.com.tw/job/71hg0 資安系統工程師【BU3-台北】 https://www.104.com.tw/job/71hhz 資安工程師 / 資安防禦工程師 https://www.104.com.tw/job/71gtq 110年研發替代役/預聘 - 資訊安全開發工程師 https://www.104.com.tw/job/70tu3 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 台灣事實查核發展大躍進！ AI不實訊息快篩平台上線 https://tfc-taiwan.org.tw/articles/4398 【科技力量助攻】資策會協助查核組織 開發「不實訊息快篩平台」 https://tfc-taiwan.org.tw/articles/4403 微軟向用戶發送了奇怪的Microsoft Teams FCM通知 https://www.sohu.com/a/415254234_114760 《金融行為通識課》：詐騙犯慣用的九種認知經驗法則＆五種策略和角色 https://www.thenewslens.com/article/139171 為討2萬修車錢翻臉　女子臉書公開伴侶個資遭判刑5月 https://tw.appledaily.com/local/20200827/5APWF4U4ORAT7E7Q5EOEDUNQ34/ 資料共享再利用 資策會科法所：個資去識別化管理成核心 http://n.yam.com/Article/20200826596764 FBI與CISA警告：美國正出現大規模的語音網釣活動 https://www.ithome.com.tw/news/139578 假訊息威脅加劇 積極反制護國安 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1253993&type=forum 收到boarding 通知其實是對岸駭客 https://www.ptt.cc/bbs/Gossiping/M.1598348975.A.A47.html 被騙1900萬美元！亞馬遜存在漏洞，75萬員工竟被4人愚弄？ https://www.sohu.com/a/414698641_100123330 【網絡安全】新冠肺炎成上半年最大威脅　商務電郵詐騙升 https://reurl.cc/7orll1 美國VPN服務商遭駭！全球900家企業資料外洩 https://newtalk.tw/news/view/2020-08-26/456169 臉書網購商品詐騙案 中興警及時阻詐 https://times.hinet.net/news/23031125 駭客用AI仿冒英國能源公司CEO 語音命令員工匯款22萬歐元 https://reurl.cc/3LjYWO 「跳島」夯船票難得 33人還沒出遊就被騙走200萬元 https://m.ltn.com.tw/news/society/breakingnews/3276191 報復性旅遊傳詐騙 男大生訂蘭嶼船票被騙14萬 https://www.chinatimes.com/realtimenews/20200830002279-260402?chdtv 網紅受關注遭眼紅 個資公開、恐陷人身危險 https://reurl.cc/MdbNV3 中共國社交媒體監控公司的內部文件洩漏 https://gnews.org/zh-hant/320945/ 拒絕3千萬誘惑！特斯拉員工聯手FBI 阻止駭客攻擊 https://www.ettvamerica.com/News/Article?i=137652 員工揭發網攻陰謀 Tesla躲過一劫 https://www.chinatimes.com/realtimenews/20200828005072-260410?chdtv 「100 萬美元夠嗎？」俄羅斯駭客小組提 BTC 報酬，專招募美國企業內鬼 https://www.blocktempo.com/russian-hackers-offered-us-employees-1m-to-plant-malware-on-company-computer/ CHINA} 3 Millions Mobile Phones Numbers with-Contact Names 2020 https://cybershafarat.com/2020/08/29/china-3-millions-mobile-phones-numbers-with-contact-names-2020/ Multiple Data Dumps – China / Hong Kong https://cybershafarat.com/2020/04/25/multiple-data-dumps-china-hong-kong/ Lazarus Group Uses Spear Phishing to Steal Cryptocurrency https://www.bankinfosecurity.com/lazarus-group-uses-spear-phishing-to-steal-cryptocurrency-a-14898 Alert: Vishing Attacks Are Surging https://www.bankinfosecurity.com/alert-vishing-attacks-are-surging-a-14875 28,000 exposed printers hacked to highlight lack of printer security https://www.hackread.com/28000-exposed-printers-hacked-over-lack-printer-security/ FBI Warns of Fraud Trend: Online Romance Scams https://www.fbi.gov/contact-us/field-offices/saltlakecity/news/press-releases/fbi-warns-of-fraud-trend-online-romance-scams Phishing scam uses Sharepoint and One Note to go after passwords https://nakedsecurity.sophos.com/2020/09/02/phishing-scam-uses-sharepoint-and-one-note-to-go-after-passwords/ Sendgrid Under Siege from Hacked Accounts https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/ E.研究報告 異(公)界轉生資安狗奴隸的第1天：人物與章節介紹 https://ithelp.ithome.com.tw/articles/10233367 異(公)界轉生資安狗奴隸的第2天：資安法與爆笑藝能界的距離 https://ithelp.ithome.com.tw/articles/10233714 異(公)界轉生資安狗奴隸的第3天：資安金字塔突破資安管理的坑 https://ithelp.ithome.com.tw/articles/10233745 APNIC文摘— 我們需要全方位的DNS安全策略 https://blog.twnic.tw/2020/09/01/14843/ 網頁外鏈用了target=_blank 實作釣魚網站 https://zi.media/@jashliaoeuwordpress/post/89YVio 漏洞挖掘的藝術-面向源碼的靜態漏洞挖掘 https://www.cnblogs.com/hetianlab/p/13578463.html NTT：2020年全球威脅情報報告 http://www.199it.com/archives/1099394.html EaseUS RecExperts 螢幕錄影軟體@錄製麥克風背景音/遊戲畫面擷錄 https://funtop.tw/easeus-recexperts/ Weblogic一致性組件iiop反序列化斷裂淺析（CVE-2020-14644） https://xz.aliyun.com/t/8155 對 Windows 最新嚴重內核驅動 win32kfull.sys 漏洞的分析 https://www.chainnews.com/zh-hant/articles/530473496860.htm 日企員工在家作業VPN遭網攻　海外900家企業資訊外洩流通暗網 https://www.ctwant.com/article/69654 Project Zero 對2019 年在野利用0 day 漏洞的分析總結 https://www.chainnews.com/articles/652966220514.htm 從逆向角度看證書覆蓋安裝漏洞 https://www.buaq.net/go-30196.html ReNamer 7.2 功能超強的免費批次更名工具 https://ez3c.tw/831 CVE-2020-24616: Jackson 多個反序列化安全漏洞通告 https://blog.csdn.net/weixin_45728976/article/details/108256738 攻撃グループLazarusがネットワーク侵入後に使用するマルウェア https://blogs.jpcert.or.jp/ja/2020/08/Lazarus_malware.html Lockdoor-Framework https://github.com/SofianeHamlaoui/Lockdoor-Framework Starbucks says gift card hack was 'fraudulent activity' https://www.bbc.com/news/technology-32844123 Hacking Starbucks for unlimited coffee http://sakurity.com/blog/2015/05/21/starbucks.html EagleShell https://github.com/TRSTN4/EagleShell malwoverview https://github.com/alexandreborges/malwoverview ioc-extractor https://github.com/ninoseki/ioc-extractor Iblessing - An iOS Security Exploiting Toolkit https://www.kitploit.com/2020/08/iblessing-ios-security-exploiting.html Bypassing AV through Metasploit Loader 64-Bit https://medium.com/securebit/bypassing-av-through-metasploit-loader-64-bit-9abe55e3e0c8 Why streaming a video could freeze Microsoft IIS servers https://www.bleepingcomputer.com/editorial/security/why-streaming-a-video-could-freeze-microsoft-iis-servers/ Bettercap: Hacking Attacks on Bluetooth Devices https://reurl.cc/XkWze3 Browsers for Privacy, OPSEC, and OSINT https://medium.com/@_C_3PJoe/browsers-for-privacy-opsec-and-osint-b4157382f218 Security_Ladders https://github.com/product-security-group/Security_Ladders Intel Owl- Open Source Cyber Threat Intelligence Project https://hackersonlineclub.com/intelowl-open-source-cyber-threat-intelligence-project/ LinPwn https://github.com/3XPL017/LinPwn bluescan https://github.com/fO-000/bluescan postshell https://github.com/rek7/postshell Osintgram https://github.com/Datalux/Osintgram SpaceSiren - A Honey Token Manager And Alert System For AWS https://www.kitploit.com/2020/09/spacesiren-honey-token-manager-and.html Turn your laptop into a portable mainframe https://oofhours.com/2019/09/17/turn-your-laptop-into-a-portable-mainframe/ Penetration Testing and security programs https://en.iguru.gr/2020/09/03/penetration-testing-kai-programmata-asfaleias/ Apollo https://github.com/apacketofsweets/Apollo Coronavirus & Cybersecurity: 3 Areas of Exploitation https://pentestmag.com/coronavirus-cybersecurity-3-areas-of-exploitation/ A Self-Evolved Microservice Framework in Go https://medium.com/@jfeng45/a-self-evolved-microservice-framework-in-go-d9bf87c10ab0 NCSC Releases Cyber-Guidance https://www.infosecurity-magazine.com/news/ncsc-releases-cyberguidance/ DroneSploit - A pentesting console framework dedicated to drones https://hakin9.org/dronesploit-a-pentesting-console-framework-dedicated-to-drones/ Computer Forensic Analysis By U.S. Department of Justice — FBI https://digitalforensicexaminer.wordpress.com/2006/11/02/computer-forensic-analysis-by-u-s-department-of-justice-fbi/ F.商業 Check Point推出IoT Protect整合解決方案 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&id=0000591524_52z6sdkc1emuqw5gk4263 邊信聯科技 打造超前部署可信邊緣運算技術 https://money.udn.com/money/story/11799/4805248 F5調查顯示多數消費者認為不需為自我資安負責 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000591534_ydj6nhvs2rwq3g59myjby 超越端點：為何組織要選擇XDR進行全面的偵測及回應 https://blog.trendmicro.com.tw/?p=65162 趨勢科技、Snyk擴大合作 推全新資安解決方案 https://money.udn.com/money/story/5613/4814541 Palo Alto Networks 推出業界最具規模、最完善協調的資安應用平台 https://news.sina.com.tw/article/20200824/36125440.html 奧義智慧聯手日本資通訊大廠 Net One System 提供AI資安防護 加速拓展日本市場 https://turnnewsapp.com/livenews/tech/A07657002020082510134855 提金融科技建言 安侯建業：應有個資專責主管機關 https://www.cna.com.tw/news/afe/202008250104.aspx 看好台灣戰略優勢！傳Google將建第三座資料中心 https://reurl.cc/r8QRRb 數位通國際MDR服務 雲端系統防駭新寵 https://money.udn.com/money/story/5640/4813392 可運用ZDI揭露的弱點資訊，趨勢次世代IPS整合威脅情報服務 https://www.ithome.com.tw/review/139603 Fortinet 年貢獻台灣代工廠150億！深化資安承諾、持續投資台灣 https://reurl.cc/N6pRb6 Fortinet 公布最新《全球威脅型態報告》：後疫情時代資安威脅高速演變中 https://reurl.cc/4m4pN3 資安廠公布網路威脅報告　「台病毒威脅比全球更嚴重」 https://www.ettoday.net/news/20200829/1796375.htm Fortinet：今年全球病毒活動量增加131％ 影響層級達「國家級」 https://udn.com/news/story/7086/4820813 趨勢科技上半年資安報告：新生活型態衍生資安威脅 https://money.udn.com/money/story/5648/4823517 趨勢科技 2020 上半年攔截了 880 萬次冠狀病毒病相關威脅 http://n.yam.com/Article/20200827237854 資安新考驗 上半年攔截880萬次疫情相關威脅 https://reurl.cc/m9GZN7 精誠攜手台灣高鐵打造點數兌換平台 https://ctee.com.tw/industrynews/consumption/327466.html G.政府 【臺灣資安2020的下一步戰略】透過數據驅動的資安情資，做資安防駭超前部署 https://www.ithome.com.tw/news/139538 國防部841件機密採購用免費電子信箱聯繫？ 林昶佐：資安問題暴露風險 https://www.ftvnews.com.tw/news/detail/2020824W0093 立委爆國防部使用免費信箱聯繫! 網驚:國防武器竟以Gmail購買 https://newtalk.tw/news/view/2020-08-24/455334 國防部要求採購單位以公務信箱對外 防安全漏洞 https://www.cna.com.tw/news/aipl/202008240338.aspx 招標用免費電子信箱引資安疑慮？國防部：未涉機密事項 https://udn.com/news/story/10930/4806804?from=udn-ch1_breaknews-1-cate1-news 擔心軍情外洩 國防部要求所屬採購單位公務信箱不再使用Gmail或Hotmail https://reurl.cc/WL3W07 國防部：嚴格要求所屬使用國軍公務電子信箱 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1253934&type=immediate 國網中心推分析大師 助攻企業政府智慧化轉型 https://www.cna.com.tw/news/ait/202008250038.aspx 公告「智慧機械-產業聚落供應鏈數位串流暨AI應用」主題式研發計畫- 智慧製造資安強化推動 https://www.moea.gov.tw/Mns/populace/news/News.aspx?kind=2&menu_id=41&news_id=91088 總統：資安就是國安 建立強有力的主動防禦系統 http://m.match.net.tw/pc/news/politics/20200826/5463057 新版數位身分證明年上路 資安風險引外界憂慮 http://globalnewstv.com.tw/202008/124195/ 外交部與AIT共同發布臺美「5G安全共同宣言」 https://reurl.cc/j5kGD1 衛生福利部公告基層醫療院所資安防護參考指引 http://sc-dr.com.tw/content-detail.php?type=5&id=5318 【政院組改】考量網路世代　整合NCC、資安處等設置「數位發展部」 https://tw.appledaily.com/politics/20200826/TVO3FHGJLBHHBPKKURUX7JRISU/ 區域變化快速 蔡英文：需要自二戰以來最全面戰略調整 https://reurl.cc/EzpRVR [公告] 109年度資訊安全能量登錄暨資通安全自主產品通過名單 https://www.acw.org.tw/News/Detail.aspx?id=1148 情報戰開打！國軍遭爆洩密中國　陳柏惟「2招」封殺共諜 https://www.setn.com/News.aspx?NewsID=802947 國軍資安憂！軍服3D掃描機「爆中資」 http://www.eracom.com.tw/EraNews/Home/HotNews/2020-08-25/236636.html 資安一把抓 別淪全民公敵 https://www.chinatimes.com/newspapers/20200826000476-260118?chdtv 政院組改 考量網路世代需求 科技部NCC整合 組建數位發展部 https://www.chinatimes.com/newspapers/20200826000439-260119?chdtv 蔡總統：提升防衛能力 守護自由印太 https://reurl.cc/GroEOZ 柯P任內資安事件創新高！ 議員：今年已發生18起 https://m.ltn.com.tw/news/politics/breakingnews/3275561 北市府資通安全事件創新高 今年已18起 https://m.ltn.com.tw/news/life/paper/1396312 蔡總統與澳洲智庫視訊 首次釋出台澳戰略合作訊息 https://money.udn.com/money/story/7307/4814314 谷歌、臉書海纜登陸台灣 政院將建網路交換中心 https://udn.com/news/story/7238/4824202?from=udn-ch1_breaknews-1-cate6-news 資安即國安！強化防禦計畫　國安會明年增列1038萬預算 https://tw.appledaily.com/politics/20200901/CK2GA64R6FHEDG3BQ2QF22TYMU/ 公部門一個月被「駭」上千萬次…沒有煙硝味的戰爭開打了 https://reurl.cc/R1jOlr 內政部：數位身分證由中央印製廠辦理　依法推動 https://tw.appledaily.com/politics/20200901/3GJIQTKX2NFS3G2XS6SWH7W7KY/ 109年第3季資安職能評量開放報名 https://ctts.nccst.nat.gov.tw/NewsDetail/117 H.工控系統/ICS/SCADA 相關資安 七成以上工控系統漏洞可遠程利用 https://www.chainnews.com/zh-hant/articles/932035837238.htm 場域整合＋標準訂定 工業局雙管齊下 助資安產業再進化 https://www.sipo.org.tw/industry-overview/industry-news/item/2058-2020082603.html 【臺灣資安大會直擊】從大型製造業實例，看FAB廠房、OA、RD和IoT內網防護新作法 https://www.ithome.com.tw/news/139649 工業編程中的惡意代碼及漏洞研究 https://www.secrss.com/articles/25069 《Black Hat 黑帽大會精選》工業物聯網 (IIoT)漏洞 https://blog.trendmicro.com.tw/?p=65592 台捷企業洽談近180場 鎖定工業自動化等領域 https://www.cna.com.tw/news/aipl/202009010004.aspx 自動化轉型 工業網路資安風險增 https://www.chinatimes.com/newspapers/20200902000452-260210?chdtv I.教育訓練 資安長培育搖籃 資安LEAP班上課了 https://www.chinatimes.com/realtimenews/20200827005971-260410?chdtv 快速產生亂數隨機密碼 https://hackercat.org/diy-tools/generate-random-password-from-command-line web安全攻防滲透測試實戰指南Web安全深度剖析白帽子講Web安全 黑客攻防技術教程黑帽 https://www.ruten.com.tw/item/show?22034189348543 [資安]有關於檔案上傳request參數filename在Burp裡面的問題 https://ithelp.ithome.com.tw/questions/10199942 資安漏洞修補 – IIS 目錄列舉(NTFS8.3格式) https://cheyi.idv.tw/wp/2020/08/26/iis_scan_8-3/ MSSQL snapshot copy-on-write很棒的詮釋 https://www.dbaid.tw/2020/09/mssql-snapshot-copy-on-write.html 2-node vSAN within VMware Cloud on AWS https://blogs.vmware.com/virtualblocks/2020/08/26/2-node-vsan-within-vmware-cloud-on-aws/ A quick study about Palo Alto Networks Firewalls and models with features and Capabilities https://www.thenetworkdna.com/2020/07/a-quick-study-about-palo-alto-networks.html How to Create PHP Web Shell And Backdoor using Weevely https://blackhattutorial.com/how-to-create-php-web-shell-and-backdoor-using-weevely/ Cisco Viptela SDWAN: OMP Best Path Algorithm & Loop Avoidance https://www.thenetworkdna.com/2020/07/cisco-viptela-sdwan-omp-best-path.html BUILDING THE LAB – VSPHERE AND VSAN https://my-sddc.net/building-the-lab-vsphere-and-vsan/ Network Basics for Hackers: Simple Network Management Protocol (SNMP) Theory, Reconnaissance and Exp https://www.hackers-arise.com/post/2019/03/23/network-basics-for-hackers-simple-network-management-protocol-snmp-theory-reconnaissance x86/x86-64 Assembly Introduction [FREE COURSE CONTENT] https://hakin9.org/x86-x86-64-assembly-introduction-free-course-content/ J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 特斯拉軟體鎖定功能被破解， 第三方升級服務費比官方便宜一半 https://www.techbang.com/posts/80769-tesla-vehicles-have-been-hacked-and-upgrades-are-half-as-cheap-as-official-ones 特斯拉 App 安全出漏洞？用戶可遙控千里之外的陌生人車輛 https://reurl.cc/3LammX Tesla App疑出漏洞　車主可遙控陌生人座駕 http://startupbeat.hkej.com/?p=91708 新的物聯網基礎模塊漏洞可能使全球天量設備面臨安全風險 https://www.cnbeta.com/articles/tech/1019161.htm 人臉識別設備也“臉盲” 360AI安全研究院揭秘人工智能三大痛點 https://www.sohu.com/a/414973185_114984 實體裝置確保不可複製性　傳輸存取查驗數位簽章憑證 智慧物聯網資安四關卡　實體網路軟體資料都要顧 http://www.netadmin.com.tw/netadmin/zh-tw/technology/8B3AC9A6B2EF4E4897993A3277A3A986 手指輕碰就解鎖？智慧門鎖Level Touch開啟生活新紀元 用戶仍需定期檢驗這件事 https://reurl.cc/8nWp6j 物聯網資安三部曲：資安團隊+設備安全+供應鏈安全 https://www.acw.org.tw/News/Detail.aspx?id=1149 研究員發現物聯網裝置新漏洞 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000592139_z5b0rvq74nrhsh8wm589u 6.近期資安活動及研討會 Swift Meetup #55 9/1 https://www.meetup.com/Swift-Taipei-User-Group/events/272835401/ Taipei Rails Meetup 9/1 https://www.meetup.com/rails-taiwan/events/272821321/ #34 Azure 虛擬網路與 VPN - 串起彼此的橋樑 9/2 https://www.meetup.com/Azure-Taiwan/events/272626426/ Android Code Club(Taipei) 9/2 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/272614406/ 中華電信學院 資通安全專業課程訓練 網站弱點偵測與防護管理 9/4 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=58 交通大學亥客書院 電子郵件之偽造攻擊與防護措施 9/5 https://hackercollege.nctu.edu.tw/?p=1203 台灣駭客年會 HITCON Training 2020 9/5 https://hitcon.kktix.cc/events/hitcon-training-2020 台灣駭客年會 HITCON Training 2020 - 學生報名 9/5 https://hitcon.kktix.cc/events/hitcon-training-2020-student 認證系統安全從業人員 SSCP 輔導班 9/5 ~ 9/13 https://www.iiiedu.org.tw/courses/asq902t2001/ 夏日轉職工作坊 - Cloud Support Engineer 9/5 https://www.meetup.com/TaipeiWomeninTech/events/272334856/ 《5G趨勢新視野－資安X場域實證X晶片創新應用》座談會 9/8 https://seminars.tca.org.tw/D15o00450.aspx Second meetup! Constraint solvers, eclipse attacks and your talk here! 9/9 https://www.meetup.com/Papers-We-Love-Taipei-Taiwan/events/272610440/ 中華電信學院 資通安全專業課程訓練 物聯網資安威脅與實務 9/9 ~ 9/11 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=54 【資安中階課程】滲透測試簡介與操作 9/10 (報名截止：2020/09/03 (四) 17:00) https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3914&from_course_list_url=course_index Google Cloud 數據解決方案 9/11 https://www.meetup.com/CloudAce-Taiwan-meetup/events/272099266/ 邊緣計算系統之大數據與深度學習應用 9/11 https://reurl.cc/62OD9k Google Analytics 流量分析實務操作，完整掌握訪客軌跡，針對問題優化網站 9/11 https://www.techbang.com/posts/79359-course-ga-traffic-analysis-practice-operation-complete-interpretation-of-the-website-information HITCON 2020 台灣駭客年會 9/11 https://hitcon.kktix.cc/events/hitcon-2020 交通大學亥客書院 基礎網頁安全與滲透測試 9/12 https://hackercollege.nctu.edu.tw/?p=1205 數據分析與機器學習案例實務(二)應用實例 上課時間：2020/9/14 (一) 09:30 ～ 16:30 https://reurl.cc/1xAoMp 【資安中階課程】網路封包分析 9/15 (報名截止：2020/09/10 (四) 17:00) https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3915&from_course_list_url=course_index 中華電信學院 資通安全專業課程訓練 Web應用滲透測試 9/16 ~ 9/17 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=167 工業控制系統(ICS)資安防護設計與強化實作培訓班(高雄) 9/17 ~ 9/19 http://www.tpcc.org.tw/topic_detail.php?id=bf61157646c54216 邊緣計算系統之大數據與深度學習應用 上課時間： 2020/9/18 (五) 09:30 ～ 16:30 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3895&from_course_list_url=homepage 為何勒索病毒無法根絕 9/19 https://tfc.kktix.cc/events/ransomware-prevent-share 【資安初階課程】資安工具101 9/24 (報名截止：2020/09/17 (四) 17:00) https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3917&from_course_list_url=course_index 中山資安社-資安讀書會 本次活動主題：區塊鏈 9/26 https://nsysuisc.kktix.cc/events/readinggroup20200926 IoT Sandbox 2020 智慧物聯網資安競賽 9/26中區初賽 / 9/29北區初賽 https://nchc-cdx.kktix.cc/events/iotsandbox2020 【資安中階課程】弱點掃描分析 9/29 (報名截止：2020/09/24 (四) 17:00) https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3916&from_course_list_url=course_index 工控資安基礎概論 10/6 http://ai-robot-stsp.tw/course/detail/?get_no=09W045 交通大學亥客書院 緩衝區溢位攻擊與預防 10/17 https://hackercollege.nctu.edu.tw/?p=1207 中華電信學院 自主式移動機器人ROS開發實戰班 10/20 ~ 10/23 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=188 硬體與晶片資安工作坊，歡迎踴躍報名參加 10/23 https://www.tca.org.tw/exhibit_info1.php?n=1272 交通大學亥客書院 入侵行為發覺與應變指南 10/24 https://hackercollege.nctu.edu.tw/?p=1214 交通大學亥客書院 進階網頁滲透測試 10/31 https://hackercollege.nctu.edu.tw/?p=1216 交通大學亥客書院 阻斷服務攻擊/分散式阻斷服務攻擊/Botnet 11/7 https://hackercollege.nctu.edu.tw/?p=1218 交通大學亥客書院 基礎網站安全建構實務 11/14 https://hackercollege.nctu.edu.tw/?p=1220 交通大學亥客書院 系統防護及內網威脅通報應變實戰班 11/17、11/24 http://service.tabf.org.tw/tw/user/409646/course1-4.htm 交通大學亥客書院 惡意程式檢測實務 11/21 11/28 https://hackercollege.nctu.edu.tw/?p=1222 交通大學亥客書院 高階網頁滲透測試 12/5 12/12 https://hackercollege.nctu.edu.tw/?p=1224 交通大學亥客書院 系統滲透測試與漏洞利用 12/19 https://hackercollege.nctu.edu.tw/?p=1226 交通大學亥客書院 AI於資訊安全之應用 2021/1/9 1/16 https://hackercollege.nctu.edu.tw/?p=1228 交通大學亥客書院 企業網域控管－Active Directory攻擊與防禦 2021/1/23 https://hackercollege.nctu.edu.tw/?p=1230