###### tags: `資安事件新聞週報` # 資安事件新聞週報 2020/4/20 ~ 2020/4/24 1.重大弱點漏洞/後門/Exploit/Zero Day Google Chrome 記憶體釋放後使用漏洞 https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html Google Chrome爆重大安全漏洞　20億用家或陷攻擊風險 https://bit.ly/3auiykn 蘋果電郵程式存漏洞 5億用戶陷資料被盜風險 http://www.takungpao.com.hk/international/text/2020/0423/440693.html 蘋果電郵應用程式有漏洞　5億iPhone用戶易受駭客攻擊 https://tw.appledaily.com/international/20200423/WQ2FFRDG6FUIRR4WV424H4E5XM/ 郵件程式爆漏洞！空白郵件別亂點…五億用戶成駭客眼中大肥羊 https://cnews.com.tw/137200423a02/ iPhone郵件爆資安漏洞 蘋果研發修補程式 https://money.udn.com/money/story/5602/4515036 iPhone Mail應用程式爆資安漏洞！5億支iPhone易受攻擊 https://www.ettoday.net/news/20200423/1698054.htm Apple investigating report of a new iOS exploit being used in the wild https://www.zdnet.com/article/apple-investigating-report-of-a-new-ios-exploit-being-used-in-the-wild/#ftag=RSSbaffb68 iPhone與iPad有安全漏洞 收到空白電郵可能遭駭 https://www.cna.com.tw/news/firstnews/202004230046.aspx 研究：iOS Mail App爆存在8年的零時差漏洞，無需點擊就被駭 https://www.ithome.com.tw/news/137163 Liferay Portal –利用遠程執行代碼漏洞（CERT-EU安全通報2020-022） https://digitpol.hk/zh-TW/liferay-portal-exploited-remote-code-execution-vulnerabilities-cert-eu-security-advisory-2020-022/ 微軟遠端桌面用戶端漏洞可讓駭客執行遠端程式碼，但微軟不願修補 https://www.ithome.com.tw/news/137136 微軟緊急修補Office及小畫家3D的遠端程式攻擊漏洞 https://www.ithome.com.tw/news/137165 TVN/CVE漏洞資訊 - iCatch DVR http://net.nthu.edu.tw/2009/mailing:announcement:20200420_02 TVN/CVE漏洞資訊 - HGiga C&Cmail http://net.nthu.edu.tw/2009/mailing:announcement:20200420_01 That critical VMware vuln allowed anyone on your network to create new admin users, no creds needed https://www.theregister.co.uk/AMP/2020/04/17/vmware_vcenter_critical_vuln_anyone_create_admin_users/ 美國國土安全部督促使用者修補Pulse Secure VPN漏洞 https://www.ithome.com.tw/news/137095 CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers https://thehackernews.com/2020/04/pulse-secure-vpn-vulnerability.html Intel 發表四月平台資安更新，修復多個嚴重資安漏洞 https://www.twcert.org.tw/tw/cp-104-3553-6a9f7-1.html April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities https://newsroom.trendmicro.com/blog/security-intelligence/april-patch-tuesday-fixes-font-related-microsoft-sharepoint-windows-com-0 Windows 10 KB4549951 update is causing BSOD, Bluetooth and WiFi issues, random system crashes https://mspoweruser.com/windows-10-kb4549951-bsod-bluetooth-bug/ Windows 10 SMBGhost 漏洞 RCE PoC 公佈 https://www.chainnews.com/zh-hant/articles/366966166339.htm Security researcher discloses four IBM zero-days after company refused to patch https://www.zdnet.com/article/security-researcher-discloses-four-ibm-zero-days-after-company-refused-to-patch/#ftag=RSSbaffb68 多款NETGEAR產品跨站請求偽造漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18848 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 金融業超前部署！滙豐台灣隔離管理學：每通電話都錄音，提醒「不能做的事」 https://www.wealth.com.tw/home/articles/25361 澳門正研究設立人民幣計價證券交易所 https://bit.ly/3cARS2G 超前部署跑第一　金融業194家啟動異地、居家辦公 https://tw.appledaily.com/property/20200423/RLUY3IJ3WARE7RM6U2I7OCM5PY/ 【防疫惹議】新光金居家辦公爭議　專家：應減少人群接觸 https://tw.appledaily.com/property/20200423/MUOFIJHBNHFSWXCMEU6Q6XLLTM/ Sustainability, data key to survival for new players eyeing Singapore's digital bank market https://www.zdnet.com/article/sustainability-data-key-to-survival-for-new-players-eyeing-singapores-digital-bank-market/#ftag=RSSbaffb68 Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker https://securityaffairs.co/wordpress/101637/mobile-2/portuguese-banking-android-trojan.html Attackers are using a Brazilian hacking tool against Spanish banks https://www.cyberscoop.com/attackers-using-brazilian-hacking-tool-spanish-banks/ Grandoreiro Malware Now Targeting Banks in Spain https://securityintelligence.com/posts/grandoreiro-malware-now-targeting-banks-in-spain/ Payment distancing: Apple and Google, we need our cashless society even more in pandemic times https://www.zdnet.com/article/payment-distancing-apple-and-google-we-need-our-cashless-society-even-more-now/ 3.電子支付/電子票證/行動支付/ pay/新聞及資安 傳統實體代幣轉向行動支付，大魯閣改造IT要重塑顧客體驗 https://www.ithome.com.tw/people/137097 傳 Facebook 將聯合 Gojek 等印尼公司推跨平台行動支付服務 https://technews.tw/2020/04/22/facebook-three-indonesian-firms-in-early-talks-for-mobile-payment-approval/ 無接觸商機、電子支付帶領台灣邁入新消費時代 https://health.udn.com/health/story/120952/4511233 北市公有停車場月票 柯文哲指示悠遊付跟上 https://www.cna.com.tw/news/aloc/202004240213.aspx 〈財經週報-電支電票二合一〉電支電票二合一 轉帳紅利共享共用 https://ec.ltn.com.tw/article/paper/1367149 4.虛擬貨幣/區塊鍊相關新聞及資安 財政部解釋令：3000萬元以下 STO 比照實體有價證券，課徵 1‰ 交易稅 https://www.blocktempo.com/sto-transfer-taxes-will-be-including-in-securities-transaction-tax-act/ 中國央行數位貨幣 (DCEP) 已在內測階段，它最終會長什麼樣子 https://www.blocktempo.com/china-dcep-testing-phrase-payment-centralbank-commercialbanks/ 支付寶證實參與中國「數位人民幣 DCEP 」開發，傳 5 月最先在蘇州落地 https://www.blocktempo.com/china-dcep-will-pilot-in-suzhou/ 央行數字貨幣落地 蘇州用以發放交通補貼 https://www.ntdtv.com/b5/2020/04/18/a102826185.html dForce楊民道發布「東山再起」宣言，駭客正試圖與他們聯繫 https://www.blocktempo.com/dforce-lendfme-hacked-investigation-comeback-defi/ 區塊鏈金融平臺dForce的加密貨幣資產幾乎被盜領一空 https://www.ithome.com.tw/news/137106 香港證監會批准第一支比特幣基金！Arrano 放眼首年 1 億美元 https://www.blocktempo.com/hong-kong-s-first-approved-crypto-fund/ 黑客已歸還Lendf.Me 幾乎所有被盜取資產 https://www.panewslab.com/zh_hk/articledetails/1587448754450049.html Lendf.me 神轉折！駭客將「7.5億贓款」全數歸還，疑因經驗不足 IP 洩漏身份遭掌握 https://www.blocktempo.com/endf-me-attacker-screws-up-returns-all-the-stolen-funds/ 信件真偽檢測　區塊鏈即時防詐 http://www.netadmin.com.tw/netadmin/zh-tw/market/E2FD1711883B493AAD45DFFBA47B0699 Hackers steal $25 million worth of cryptocurrency from Uniswap and Lendf.me https://www.zdnet.com/article/hackers-steal-25-million-worth-of-cryptocurrency-from-uniswap-and-lendf-me/ This is what happens to cryptocurrency paid out in sextortion campaigns https://www.zdnet.com/article/this-is-what-happens-to-the-cryptocurrency-paid-out-through-sextortion-campaigns/#ftag=RSSbaffb68 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 Google：Gmail每天擋下1,800萬封與武漢肺炎有關的惡意郵件 https://www.ithome.com.tw/news/137082 網路駭侵事件與資安提醒 https://announce.pu.edu.tw/p/404-1037-8141-1.php?Lang=zh-tw Tomcat Server存在Ghostcat漏洞，有中國駭客在臺灣校園網站上傳BiFrost後門程式 https://www.ithome.com.tw/news/137074 TrickBot木馬將獲取交易身份驗證碼的應用推向德國銀行客戶 https://www.freebuf.com/articles/terminal/231903.html 假借武漢肺炎最新資訊名義為誘餌，間諜軟體鎖定兩大行動裝置平臺收集各式資料 https://www.ithome.com.tw/news/137061 美國多家大型航太製造業者遭勒贖攻擊，拒付贖款後機密內容遭曝光 https://www.twcert.org.tw/tw/cp-104-3555-3819e-1.html 大型IT服務業者Cognizant證實遭到Maze勒索軟體攻擊 https://www.ithome.com.tw/news/137112 快遞到貨通知,要求確認收據地址,打開ACE檔就中毒 https://blog.trendmicro.com.tw/?p=63942 駭客散布勒索恐嚇郵件詐騙使用者 https://www.twcert.org.tw/tw/cp-104-3568-0207d-1.html PoetRAT Trojan targets energy sector using coronavirus lures https://www.zdnet.com/article/poetrat-trojan-targets-energy-sector-using-coronavirus-lures/#ftag=RSSbaffb68 PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors https://blog.talosintelligence.com/2020/04/poetrat-covid-19-lures.html Deconstructing an Evasive Formbook Campaign Leveraging COVID-19 Themes https://www.fortinet.com/blog/threat-research/deconstructing-an-evasive-formbook-campaign-leveraging-covid-19-themes.html COVID-Themed Lures Target SCADA Sectors With Data Stealing Malware https://thehackernews.com/2020/04/coronavirus-scada-malware.html PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors https://blog.talosintelligence.com/2020/04/poetrat-covid-19-lures.html Coronavirus-themed attacks April 12 – April 18, 2020 https://securityaffairs.co/wordpress/101868/cyber-crime/coronavirus-themed-attacks-april-12-april-18-2020.html Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository https://thehackernews.com/2020/04/rubygem-typosquatting-malware.html Clipboard hijacking malware found in 725 Ruby libraries https://www.zdnet.com/article/clipboard-hijacking-malware-found-in-725-ruby-libraries/#ftag=RSSbaffb68 Ransomware Recovery in the 'New Normal' https://www.bankinfosecurity.com/interviews/ransomware-recovery-in-new-normal-i-4658 Corporate users at most hacking risk from banking malware attacks: Report https://www.thenewsminute.com/article/corporate-users-most-hacking-risk-banking-malware-attacks-report-122824 KPOT Analysis: Obtaining the Decrypted KPOT EXE https://isc.sans.edu/diary/KPOT+Analysis%3A+Obtaining+the+Decrypted+KPOT+EXE/26014 Maldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store https://isc.sans.edu/diary/rss/26036 Weaponized RTF Document Generator & Mailer in PowerShell https://isc.sans.edu/diary/Weaponized+RTF+Document+Generator+%26+Mailer+in+PowerShell/26030 Discord users tempted by bots offering “free Nitro games” https://blog.malwarebytes.com/cybercrime/2020/04/discord-users-tempted-by-bots-offering-free-nitro-games/ New AgentTesla variant steals WiFi credentials https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-variant-steals-wifi-credentials/ Emotet JavaScript downloader https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-javascript-downloader/ OSINT Investigation: Cerberus and the INPS https://bushidotoken.blogspot.com/2020/04/osint-investigation-cerberus-and-inps.html Linux Malware: The Truth About This Growing Threat https://linuxsecurity.com/features/features/linux-malware-the-truth-about-this-growing-threat?showall=1 Understanding the relationship between Emotet, Ryuk and TrickBot https://blog.intel471.com/2020/04/14/understanding-the-relationship-between-emotet-ryuk-and-trickbot/ 2019 IoT Advanced Malware Threat (AMT ) Research Notes https://docs.google.com/spreadsheets/d/1UMBFtWxfc40TAF4AIXkPZYBD8uBE6xP2HVs9dRHlTF8/edit#gid=0 Cybercriminal group mails malicious USB dongles to targeted companies https://www.csoonline.com/article/3534693/cybercriminal-group-mails-malicious-usb-dongles-to-targeted-companies.html#tk.rss_all IT Services Giant Cognizant Hit by Maze Ransomware Cyber Attack https://gbhackers.com/it-services-giant-cognizant-hit-by-maze-ransomware-cyber-attack/ PSA: If You Get a 'Best Buy Gift Card' on a USB Drive in the Mail, Don't Plug It Into Your PC https://www.pcmag.com/news/psa-if-you-get-a-best-buy-gift-card-on-a-usb-drive-in-the-mail-dont-plug Researchers Discover Coronavirus Malicious Applications: What you Should Know https://medium.com/@janettompson/researchers-discover-coronavirus-malicious-applications-what-you-should-know-a6273ee361f Trickbot malware is using these unique 'macro-laced' document attachments with a coronavirus theme https://www.zdnet.com/article/trickbot-malware-is-using-these-unique-macro-laced-document-attachments-with-a-coronavirus-theme/ Mootbot Botnet Targets Fiber Routers with Dual Zero-Days https://threatpost.com/mootbot-fiber-routers-zero-days/154962/ Multiple fiber routers are being compromised by botnets using 0-day https://blog.netlab.360.com/multiple-fiber-routers-are-being-compromised-by-botnets-using-0-day-en/ New Coronavirus screenlocker malware is extremely annoying https://www.bleepingcomputer.com/news/security/new-coronavirus-screenlocker-malware-is-extremely-annoying/#.Xp7pPyK0P1M.twitter COVID-19 Phishing Emails Mainly Contain TrickBot: Microsoft https://www.bankinfosecurity.com/covid-19-phishing-emails-mainly-contain-trickbot-microsoft-a-14149 Unkillable xHelper and a Trojan matryoshka https://securelist.com/unkillable-xhelper-and-a-trojan-matryoshka/96487/#comment-3112205 Hackers have breached 60 ad servers to load their own malicious ads https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/#ftag=RSSbaffb68 NSA shares list of vulnerabilities commonly exploited to plant web shells https://www.zdnet.com/article/nsa-shares-list-of-vulnerabilities-commonly-exploited-to-plant-web-shells/#ftag=RSSbaffb68 Guidance for mitigation web shells. #nsacyber https://github.com/nsacyber/Mitigating-Web-Shells A look at the ATM/PoS malware landscape from 2017-2019 https://securelist.com/atm-pos-malware-landscape-2017-2019/96750/ Following ESET’s discovery, a Monero mining botnet is disrupted https://www.welivesecurity.com/2020/04/23/eset-discovery-monero-mining-botnet-disrupted/ B.行動安全 / iPhone / Android /穿戴裝置 /App 【遠端有數，資安要顧】趨勢科技：手機釣魚軟體假冒防疫 App 偷定位、拍照 https://www.inside.com.tw/article/19555-spyware-and-phishing-notice Zoom強調免費用戶資料不會傳回中國大陸，那台灣呢 https://www.bnext.com.tw/article/57350/zoom-privacy-policy 留著中國血液 ZOOM〈一〉：在牆內資安是黨的事情 https://bit.ly/3eyC7eA 中國基督徒用ZOOM復活節禮拜　公安上門抓人 https://newtalk.tw/news/view/2020-04-19/393981 近期Zoom的資安事件總覽 https://www.ithome.com.tw/news/137058 Zoom強化資安顯成效 新加坡教育部重新開放教師使用 https://newtalk.tw/news/view/2020-04-21/394754 Zoom達成90天資安計劃里程碑 發布Zoom 5.0 https://www.chinatimes.com/realtimenews/20200423001773-260412?chdtv Zoom adds data center routing, security updates https://www.zdnet.com/article/zoom-adds-data-center-routing-security-updates/#ftag=RSSbaffb68 Zoom isn’t actually end-to-end encrypted https://www.theverge.com/2020/3/31/21201234/zoom-end-to-end-encryption-video-chats-meetings Keep Zoombombing cybercriminals from dropping a load on your meetings https://blog.malwarebytes.com/how-tos-2/2020/04/keep-zoombombing-cybercriminals-from-dropping-a-load-on-your-meetings/ 22校長學習架設Jitsimeet伺服器 https://times.hinet.net/news/22865674 4G災防警告PWS系統介紹：細胞簡訊原理、手機警報訊息教學 https://www.cool3c.com/article/152131 Webhooks URL洩漏可致Slack用戶受釣魚攻擊 https://www.ithome.com.tw/news/137038 抖音驚傳流量傳輸未加密，恐造成中間人攻擊，並藉此傳送假訊息 https://www.ithome.com.tw/news/137083 疫情期間通訊安全－深度解析加密通訊軟體 Signal https://www.techbang.com/posts/77913-communication-security-depth-resolution-encrypted-communication-software-signal-during-the-outbreak Webex, Teams, Meet, Jitsi 8款視訊會議軟體需求測試比較表格 https://www.playpcesor.com/2020/04/webex-teams-meet-jitsi-8.html 不怕 GPS 定位洩漏隱私，最好用的疫情追蹤技術就是人人都有的「藍芽」 https://buzzorange.com/techorange/2020/04/23/bluetooth-virus/ WhatsApp Users To Get This Killer New Update: Just Perfect Timing https://www.forbes.com/sites/zakdoffman/2020/04/19/whatsapp-users-to-get-this-killer-new-update-just-perfect-timing/ France asks Apple to relax iPhone security for coronavirus tracking app development https://www.zdnet.com/article/france-asks-apple-to-relax-iphone-security-for-coronavirus-tracking-app-development/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 分流上班、分班在家工作，疫情帶來的資安挑戰， 您準備好了嗎 https://bit.ly/3cJhcnb 任天堂驚傳大量帳號遭駭 官方建議兩步驟驗證保護資料 https://game.udn.com/game/story/10453/4508274?form=udn_ch2_common3_cate 任天堂玩家帳號爆大量外洩！官方建議補救辦法 https://3c.ltn.com.tw/news/40173 Nintendo accounts are getting hacked and used to buy Fortnite currency https://www.zdnet.com/article/nintendo-accounts-are-getting-hacked-and-used-to-buy-fortnite-currency/#ftag=RSSbaffb68 Switch現安全漏洞？大批玩家投訴帳戶被異常登陸 https://bit.ly/2VrbG2P 美商懸賞300萬破解自家遊戲…卻遭爆料遊戲「不單純」 https://www.setn.com/News.aspx?NewsID=729690 協助研究人員度過疫情難關，Google將發給獎金1,300美元 https://www.ithome.com.tw/news/137138 紐時：Dropbox曾私下找駭客調查Zoom的安全漏洞 https://www.ithome.com.tw/news/137116 伺服器設定錯誤，臉部辨識技術公司 Clearview 不小心公開原始碼 https://technews.tw/2020/04/21/clearview-ais-source-code-and-app-data-exposed-in-cybersecurity-lapse/ 反守為攻的不對稱資訊戰 https://talk.ltn.com.tw/article/paper/1367097 趨勢科技：駭客利用「冠狀病毒」進行新一波網路攻擊 https://money.udn.com/money/story/5648/4504607 教授林盈達︰中國部分軟體 有資安危機 https://m.ltn.com.tw/news/life/paper/1366697 人權團體批默許「網路監控」 聯合國暫緩與騰訊合作 https://m.ltn.com.tw/news/world/breakingnews/3137402 俄羅斯封城實施「數位通行證」 一上線就當機惹民怨 https://www.ftvnews.com.tw/news/detail/2020418I10M1 捷克接連遭網攻 布拉格機場與地區醫院都遭鎖定 https://www.ydn.com.tw/News/380423 捷克官方示警恐有網攻 隔天醫院伺服器就受攻擊 https://news.ltn.com.tw/news/world/breakingnews/3137455 駭客趁疫情作亂 捷克2座醫院遭網攻引美關切 https://money.udn.com/money/story/5599/4501137 Google：至少有12個國家級駭客組織利用疫情展開攻擊 https://www.ithome.com.tw/news/137176 Findings on COVID-19 and online security threats https://www.blog.google/technology/safety-security/threat-analysis-group/findings-covid-19-and-online-security-threats/ 對抗中國網戰 國防部射五箭 https://news.ltn.com.tw/news/politics/paper/1367371 中國網軍年後拼復工，以武漢肺炎議題為餌，鎖定臺灣政府和醫療智庫學者發動攻擊 https://www.ithome.com.tw/news/137187 FBI示警 疫苗研發機構遭駭客鎖定 https://news.ltn.com.tw/news/world/paper/1366755 Chinese hackers targeted company behind 'Ragnarok Online' MMORPG https://www.zdnet.com/article/chinese-hackers-targeted-company-behind-ragnarok-online-mmorpg WINNTI GROUP: Insights From the Past https://quointelligence.eu/2020/04/winnti-group-insights-from-the-past/ CrowdStrike: Ongoing Pirate Panda operations using current event themes https://www.scribd.com/document/451284814/CrowdStrike-Ongoing-Pirate-Panda-operations-using-current-event-themes#download China-linked ‘Electric Panda’ hackers seek U.S. targets, intel agency warns https://www.politico.com/amp/news/2020/04/16/china-electric-panda-hackers-seek-us-targets-191220 Gamaredon APT Group Use Covid-19 Lure in Campaigns https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/ FBI: Hackers Targeting US COVID-19 Research Facilities https://www.bankinfosecurity.com/fbi-hackers-targeting-us-covid-19-research-facilities-a-14138 FBI says cybercrime reports quadrupled during COVID-19 pandemic https://www.zdnet.com/article/fbi-says-cybercrime-reports-quadrupled-during-covid-19-pandemic/#ftag=RSSbaffb68 Addressing Shadow IT Issues During COVID-19 Crisis https://www.bankinfosecurity.com/addressing-shadow-issues-during-covid-19-crisis-a-14137 U.S. Offers Rewards up to $5 Million for Information on North Korean Hackers https://thehackernews.com/2020/04/north-korea-hackers.html FBI takes down hacker platform Deer.io https://nakedsecurity.sophos.com/2020/03/27/fbi-takes-down-russia-based-hacker-platform-deer-io/ Why SaaS opens the door to so many cyber threats (and how to make it safer) https://thehackernews.com/2020/04/saas-cybersecurity.html Analysis: Insider Threats Posed by Remote Workforce https://www.bankinfosecurity.com/interviews/analysis-insider-threats-posed-by-remote-workforce-i-4657 Beware of Coronavirus Dark Web Scams – Starting from Vaccine, Test Kits & Infected Blood For Sale https://cybersecuritynews.com/coronavirus-dark-web-scams/ Spearphishing attacks hit the oil and gas industry sector https://securityaffairs.co/wordpress/101967/cyber-crime/spearphishing-energy-oil-gas-industry.html Cynet Issues Incident Response Challenge 2020 for IR Professionals With $5,000 Prize https://gbhackers.com/cynet-issues-incident-response/ The Incident Response Challenge https://incident-response-challenge.com/ 美資安公司：越南駭客入侵中國政府系統　尋找武肺資訊 https://tw.appledaily.com/international/20200423/RSUVSVTI3H7KD22PGAMPJVEPCY/ Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage https://www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html Security researcher identifies new APT group mentioned in 2017 Shadow Brokers leak https://www.zdnet.com/article/security-researcher-identifies-new-apt-group-mentioned-in-2017-shadow-brokers-leak/#ftag=RSSbaffb68 Nazar: A Lost Amulet https://www.epicturla.com/blog/the-lost-nazar Attackers Target Oil and Gas Industry With AgentTesla https://www.bankinfosecurity.com/attackers-target-oil-gas-industry-agenttesla-a-14169 Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal https://labs.bitdefender.com/2020/04/oil-&-gas-spearphishing-campaigns-drop-agent-tesla-spyware-in-advance-of-historic-opec+-deal/ 《CS：GO》原始碼洩漏！Valve發聲明認了 https://newtalk.tw/news/view/2020-04-23/395954 Valve says it's safe to play CS:GO and TF2 after source code leaked online https://www.zdnet.com/article/valve-says-its-safe-to-play-csgo-and-tf2-after-source-code-leaked-online/#ftag=RSSbaffb68 中央存保公司甄才公告 109年公開甄試正式職員7人 https://ptc.tabf.org.tw/tw/ptc_109cdic/BotDownload.asp 資安管理主管 https://www.104.com.tw/job/6x72f 資安威脅研究員(Cyber Security Analyst) https://www.104.com.tw/job/5uley?jobsource=company_job 資安工程師 (Security Engineer) https://www.104.com.tw/job/5zrgs?jobsource=company_job 財金資訊公司109年徵才 https://ptc.tabf.org.tw/tw/ptc_109fisc/BotDownload.asp 財金資訊公司109年系統操作人員甄試 https://ptc.tabf.org.tw/tw/ptc_10902fisc/ D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 又有詐騙新花招！NeTflix 遭冒名 免費看成誘餌 https://newtalk.tw/news/view/2020-04-20/394135 < 資安報告>假的「404 Not Found」頁面等四個網路釣魚新手法 https://blog.trendmicro.com.tw/?p=63975 ubereats 被盜刷四千元 https://moptt.tw/p/Gossiping.M.1587198863.A.0F0 駭客正利用「冠狀病毒」進行新一波網路間諜與釣魚活動 https://www.techbang.com/posts/77917-trend-micro-hackers-are-using-the-coronavirus-for-a-new-wave-of-cyberespionage-and-phishing 武肺疫情成釣餌　 駭客與網路間諜騙個資 https://tw.appledaily.com/property/20200418/DVDTYZB5VBU3X7F4CPTR7GLFLM/ 用疫情恐慌 詐騙電子郵件大量增加 https://www.ydn.com.tw/News/380365 網路釣魚攻擊進化 最常仿冒蘋果品牌 https://www.cna.com.tw/news/ait/202004230245.aspx 商業電子郵件詐騙 台灣受攻擊次數北亞最多 https://money.udn.com/money/story/5617/4507339 針對電視串流廣告的詐騙攻擊，假冒超過200萬台裝置觀看廣告 https://www.twcert.org.tw/tw/cp-104-3566-cc502-1.html 網路水軍散播假訊息　真相查核防堵資安破口 http://www.netadmin.com.tw/netadmin/zh-tw/technology/7C0872F291FE4DDAB4243117ACDAAB82 【錯誤】重磅消息！中共絕密文件曝光，「透過自願者令香港警察英勇殉職，以吸引媒體的眼球集中在暴徒身上」 https://tfc-taiwan.org.tw/articles/930 超過一億巴基斯坦手機用戶，個資遭駭侵者於暗網出售 https://www.twcert.org.tw/tw/cp-104-3569-2ce3b-1.html Palo Alto Networks 警告:商業電郵詐騙台灣受攻擊次數北亞最多 https://www.computerdiy.com.tw/20200420_palo-alto-networks/ 「臺灣就業通」網頁有漏洞　業者討債竊個資 https://tw.appledaily.com/local/20200421/JGCFOEIY4CTHHBXO6MMSU6VF2E/ 隨手一個小動作…路人竟知他老婆生日！背後真相超險惡 https://www.setn.com/News.aspx?NewsID=730405 駭客趁疫情下手？ 世衛等組織傳2.5萬個電郵、密碼外洩 https://3c.ltn.com.tw/news/40183 中國網軍「出奧步」 淡化境內疫情 https://news.cts.com.tw/cts/international/202004/202004221998074.html FBI：要在臉書上分享自己的高中照片？請三思而後行 https://www.ithome.com.tw/news/137127 PTT使用者反應帳號出現非本人嘗試登入行為，疑似對方利用自動化工具猜密碼 https://www.ithome.com.tw/news/137175 全球衛生機構捲入資安風暴 2.5萬電郵帳密遭外洩 https://newtalk.tw/news/view/2020-04-23/396068 Details of 20 million Aptoide app store users leaked on hacking forum https://www.zdnet.com/article/details-of-20-million-aptoide-app-store-users-leaked-on-hacking-forum/#ftag=RSSbaffb68 Most consumers admit to sharing passwords with someone outside their home https://www.zdnet.com/article/most-consumers-admit-to-sharing-passwords-with-someone-outside-their-home/#ftag=RSSbaffb68 Facebook will now warn you if you’ve interacted with fake, dangerous coronavirus posts https://www.zdnet.com/article/facebook-will-now-warn-you-if-youve-interacted-with-fake-dangerous-coronavirus-posts/#ftag=RSSbaffb68 Demand for Phishing Kits Is Strong: Report https://www.bankinfosecurity.com/demand-for-phishing-kits-strong-report-a-14140 Hacker leaks 23 million usernames and passwords from Webkinz children's game https://www.zdnet.com/article/hacker-leaks-23-million-usernames-and-passwords-from-webkinz-childrens-game/#ftag=RSSbaffb68 German government might have lost tens of millions of euros in COVID-19 phishing attack https://www.zdnet.com/article/german-government-might-have-lost-tens-of-millions-of-euros-in-covid-19-phishing-attack/#ftag=RSSbaffb68 Fraud Guides Top List of Most Frequently Sold Type of Data on Major Dark Web Marketplaces https://terbiumlabs.com/2020/04/16/fraud-guides-top-list-of-most-frequently-sold-type-of-data-on-major-dark-web-marketplaces/ Coronavirus Dark Web Scams: From infected blood to ventilators https://www.bleepingcomputer.com/news/security/coronavirus-dark-web-scams-from-infected-blood-to-ventilators/ Economic Stimulus Payments: A Fraud Target https://www.bankinfosecurity.com/economic-stimulus-payments-fraud-target-a-14145 WHO, Gates Foundation Credentials Dumped Online: Report https://www.bankinfosecurity.com/who-gates-foundation-credentials-dumped-online-report-a-14167 COVID-19 campaigns highlight the need for phishing protection https://www.zdnet.com/article/covid-19-campaigns-highlight-the-need-for-phishing-protection/#ftag=RSSbaffb68 Prevent Fraud And Phishing Attacks With DMARC https://www.forrester.com/report/Prevent+Fraud+And+Phishing+Attacks+With+DMARC/-/E-RES160344# Cybercriminals Using Zoom, WebEx as Phishing Lures: Report https://www.bankinfosecurity.com/cybercriminals-using-zoom-webex-as-phishing-lures-report-a-14162 Remote Video Conferencing Themes in Credential Theft and Malware Threats https://www.proofpoint.com/us/threat-insight/post/remote-video-conferencing-themes-credential-theft-and-malware-threats Scammers are now taking advantage of US small business relief fund in phishing emails https://www.zdnet.com/article/scammers-are-now-taking-advantage-of-us-small-business-relief-fund-in-phishing-emails/#ftag=RSSbaffb68 Hackers Steal 25,000 Email Addresses and Passwords From NIH, WHO, Gates Foundation And Others Are Dumped Online https://cybersecuritynews.com/email-addresses-and-passwords/ E.研究報告 瞭解 MITRE 2020 ATT&CK 端點防衛評估 — 麻瓜版 — Part 1 https://bit.ly/2VQ9aCb 瞭解 MITRE 2020 ATT&CK 端點防衛評估 — 麻瓜版 — Part 2 主偵測類別 https://bit.ly/34ZldBc 行政院技術服務中心109年第1季資通安全技術報告 https://bit.ly/2VzjCiu SOC日誌可視化工具：SOC Sankey Generator https://www.freebuf.com/sectool/231106.html Web Application核心防禦機制記要 https://www.freebuf.com/articles/web/232186.html 域控管理員帳戶架構擴展 https://www.freebuf.com/articles/es/230271.html TEA：一款基於TAS框架的SSH客戶端蠕蟲 https://www.freebuf.com/articles/network/231963.html Unicode同形字符域漏洞 https://www.freebuf.com/vuls/229446.html Github中間人攻擊原理分析 https://www.freebuf.com/articles/web/231802.html Manul：一款基於覆蓋率引導的並行模糊測試工具 https://www.freebuf.com/articles/terminal/227865.html 網絡層繞過IDSIPS的一些探索 https://www.freebuf.com/articles/system/233678.html 挖洞經驗| 用HTTP請求重寫實現JSON CSRF https://www.freebuf.com/vuls/230243.html 多款光纖路由器設備在野0天擴展簡報 https://blog.netlab.360.com/multiple-fiber-routers-are-being-compromised-by-botnets-using-0-day/ 記錄過某常見WAF最新版 https://www.freebuf.com/articles/web/231905.html Lazarus APT組織利用新冠疫情誘餌針對某國地區的定向攻擊分析 https://www.freebuf.com/articles/system/233528.html UEBA實踐：CISO內部威脅管理指南 https://www.freebuf.com/articles/es/234017.html Dirble：一款高性能目錄掃描與爬取工具 https://www.freebuf.com/articles/network/231596.html SQL注入萬能Bypass技巧 https://mp.weixin.qq.com/s/RSXc0ACv5DS-GsajdO8IRw 你知道在 Azure 上有幾種 On Demand 啟動 Spark 的方法嗎 https://lab.howie.tw/2020/04/azure-on-demand-spark.html 記一次對PUBG吃雞外掛病毒的反製過程 https://mp.weixin.qq.com/s/u0Ah-bWUnxZBBV1qH3nzcw 從 SQL 到 RCE: 利用 SessionState 反序列化攻擊 ASP.NET 網站應用程式 https://devco.re/blog/2020/04/21/from-sql-to-rce-exploit-aspnet-app-with-sessionstate/ 聽說不能用明文存密碼，那到底該怎麼存 https://medium.com/starbugs/how-to-store-password-in-database-sefely-6b20f48def92 乾貨| ATT&CK滲透測試手冊 https://mp.weixin.qq.com/s/bfkSCQonYDd6bpCLzppS_Q Pentest Notes - Approaching a Target https://pentestmag.com/pentest-notes-approaching-a-target/ TikTok Vulnerability Enables Hackers to Show Users Fake Videos https://www.mysk.blog/2020/04/13/tiktok-vulnerability-enables-hackers-to-show-users-fake-videos/ Hacking TikTok to Show Fraudulent Videos on WHO (DNS Attack) https://www.youtube.com/watch?v=voTnYPfkqlY Hacking TikTok to Show Fraudulent Videos (DNS Attack) https://www.youtube.com/watch?v=pHt4jok7v5w Boost UDP Transaction Performance https://www.slideshare.net/lfevents/boost-udp-transaction-performance Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems https://newsroom.trendmicro.com/blog/security-intelligence/exposing-modular-adware-how-dealply-iserik-and-managex-persist-systems Hackers Exploit Two-factor Authentication to Steal Millions and How to Fix It https://medium.com/@sub_80999/hackers-exploit-two-factor-authentication-to-steal-millions-and-how-to-fix-it-655145722d45 Getting Started with Reverse Engineering using Ghidra https://www.peerlyst.com/posts/getting-started-with-reverse-engineering-using-ghidra-chiheb-chebbi A brute-force password cracker and video auto-downloader for Zoom's "Record to Cloud" functionality. https://github.com/markbuffalo/zoombo Manage A Remote SOC: Shift Management Tip https://blog.paloaltonetworks.com/2020/04/cortex-shift-management/ Rise of the Sensors: Securing LoRaWAN Networks https://research.nccgroup.com/2020/04/16/rise-of-the-sensors-securing-lorawan-networks/ Methodology for Static Reverse Engineering of Windows Kernel Drivers https://posts.specterops.io/methodology-for-static-reverse-engineering-of-windows-kernel-drivers-3115b2efed83 MemLock: Memory Usage Guided Fuzzing https://wcventure.github.io/MemLock Red Team Tactics: Utilizing Syscalls in C# - Prerequisite Knowledge https://jhalon.github.io/utilizing-syscalls-in-csharp-1/ Replay USB messages from Wireshark (.cap) files https://github.com/JohnDMcMaster/usbrply Simple Remote Code Execution Vulnerability Examples for Beginners https://medium.com/bugbountywriteup/simple-remote-code-execution-vulnerability-examples-for-beginners-985867878311 Fuzzing sockets, part 1: FTP servers https://securitylab.github.com/research/fuzzing-sockets-FTP Null Terminated Programming 101 - x64 https://0x00sec.org/t/null-terminated-programming-101-x64/20398 Book Review: Windows Kernel Programming and Creating Drivers of Select Exercises https://truneski.github.io/post/2020/04/03/book-review-windows-kernel-programming-and-creating-drivers-of-select-exercises/ 2019 Advent Calendar, vmware pwnables https://github.com/nafod/advent-vmpwn// The Kernel Concurrency Sanitizer (KCSAN) https://github.com/google/ktsan/wiki/KCSAN#upstream-fixes-of-data-races-found-by-kcsan wasm_runtimes_fuzzing https://github.com/pventuzelo/wasm_runtimes_fuzzing CodeQL U-Boot Challenge (C/C++) https://lab.github.com/githubtraining/codeql-u-boot-challenge-(cc++) Windows Server 2008R2-2019 NetMan DLL Hijacking https://itm4n.github.io/windows-server-netman-dll-hijacking/ 【ハニーポット簡易分析】Honeypot簡易分析(2020/4/18) https://sec-chick.hatenablog.com/entry/2020/04/19/182419 Web Application Attacks – Types, Impact & Mitigation – Part-1 https://gbhackers.com/web-application-attacks-part1/ domain_hunter https://github.com/bit4woo/domain_hunter Jamfing for Joy: Attacking macOS in Enterprise https://labs.f-secure.com/blog/jamfing-for-joy-attacking-macos-in-enterprise/ SLAE Exam Assignment 1 - Creating a Bind TCP shellcode https://slaeryan.github.io/posts/slae-assignment1-blogpost.html SLAE Exam Assignment 2 - Creating a Reverse TCP shellcode https://slaeryan.github.io/posts/slae-assignment2-blogpost.html SLAE Exam Assignment 3 - Creating an Egg-hunter shellcode https://slaeryan.github.io/posts/slae-assignment3-blogpost.html SLAE Exam Assignment 4 - Creating a custom shellcode encoder https://slaeryan.github.io/posts/slae-assignment4-blogpost.html SLAE Exam Assignment 5 - Analyzing MSFVenom payloads https://slaeryan.github.io/posts/slae-assignment5-blogpost.html SLAE Exam Assignment 6 - Creating polymorphic shellcode https://slaeryan.github.io/posts/slae-assignment6-blogpost.html SLAE Exam Assignment 7 - Creating a custom shellcode crypter https://slaeryan.github.io/posts/slae-assignment7-blogpost.html あやしいサイトの3分調査方法(初心者向け) https://qiita.com/moneymog/items/2205388ff18b3f89f021 あなたもFakeNetの達人：FakeNet‐NGの裏技をマスターして動的マルウェア解析を改善しませんか https://www.fireeye.jp/blog/jp-threat-research/2020/04/improving-dynamic-malware-analysis-with-cheat-codes-for-fakenet-ng.html Introduction to Docker and Kubernets on GCP with Hands-on Configuration (Part 1 — Docker) https://medium.com/google-cloud/introduction-to-docker-and-kubernets-on-gcp-with-hands-on-configuration-part-1-docker-3d9709ee9f6a How to Setup Wazuh Open Source SIEM Virtual Machine https://thelinuxos.com/how-to-setup-wazuh-open-source-siem/ HTBenum : A Linux Enumeration Script For Hack The Box https://kalilinuxtutorials.com/htbenum/ Now Drag & Drop Files Between Galaxy Phones and Windows 10 PCs https://techincidents.com/drag-and-drop-galaxy-phones-and-windows-10/ GDA- Android Reverse Engineering Suite https://hackersonlineclub.com/gda-android-reverse-engineering-suite/ Messy BurpSuite plugin for SQL Truncation vulnerabilities. https://github.com/InitRoot/BurpSQLTruncSanner Sherloq- Forensic Image Analysis Suite https://hackersonlineclub.com/sherloq-forensic-image-analysis-suite/ Open source security auditing tool to search and dump system configuration https://github.com/trimstray/otseca Multiple Vulnerabilities in IBM Data Risk Manager https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md DNSProbe : Tool That Allows You To Perform Multiple DNS Queries https://kalilinuxtutorials.com/dnsprobe/ Nazar: A Lost Amulet https://www.epicturla.com/blog/the-lost-nazar Researchers Discovered a New Method that Let Hackers to Run Malicious Code Via RDP https://cybersecuritynews.com/malicious-code-via-rdp/ Sample Results From Processing a Large Feed of Shady Covid-Type Domains https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/sample-results-processing-large-feed-shady-covid-type-domains Webcam Hacking for any devices in one link https://github.com/SharqanAhamed/shasnap SOC vs MITRE APT29 evaluation – Racing with Cozy Bear https://www.mcafee.com/blogs/enterprise/security-operations/soc-vs-mitre-apt29-evaluation-racing-with-cozy-bear RED HAWK- All In One Suite For Information Gathering And Vulnerability Scanning https://hackersonlineclub.com/red-hawk-all-in-one-suite-for-information-gathering-and-vulnerability-scanning/ Cyber Security - Reducing the Biggest Threat - Emails https://www.peerlyst.com/posts/cyber-security-reducing-the-biggest-threat-emails-mitch-christian-cissp goBox : GO Sandbox To Run Untrusted Code https://kalilinuxtutorials.com/gobox/ A toolkit for developing high-performance HTTP reverse proxy applications. https://github.com/microsoft/reverse-proxy Azure Skeleton Key: Exploiting Pass-Through Auth to Steal Credentials https://blogvaronis2.wpengine.com/azure-skeleton-key/ F.商業 來毅瞄準資安商機 網路帳戶 加上防盜鎖 https://money.udn.com/money/story/8889/4502195 知名資安公司 Wordfence 推出免費的【Fast or Slow】檢測網站效能和速度工具 https://ithelp.ithome.com.tw/articles/10230962?sc=rss.qu 濎通提供加密架構組網　強化物聯網資安 https://www.2cm.com.tw/2cm/zh-tw/news/BD1DA69439B844199CF01BBDEAAD1B8D 佛心！宏碁雲架構 免費供中小企業檢測服務 https://money.udn.com/money/story/5613/4507434 奧義智慧 獲MITRE ATT&CK年度評測告警最高分 https://money.udn.com/money/story/5613/4511202 國際資安大賽，奧義智慧多項告警技冠群雄 https://ec.ltn.com.tw/article/breakingnews/3142543 免額外裝軟體就能登入！Google推BeyondCorp Remote Access免受VPN之苦 https://udn.com/news/story/7088/4510258 甲骨文整合管理軟體提供資料庫自動遷移工具，簡化混合雲管理 https://www.ithome.com.tw/review/137084 Microsoft 365全新更名 加速驅動數位轉型 https://money.udn.com/money/story/5640/4508936 廣告求轉換 內容攬新客！ PIXNET發布2020年社群藍皮書 https://cnews.com.tw/178200422a01/ Delivering the Detections: MITRE ATT&CK Evaluation Demonstrates FireEye Endpoint Security and Mandiant Managed Defense Detection Leadership https://bit.ly/3eMiik3 G.政府 反毒比賽用抖音遭疑資安漏洞 新北市教育局：已立即停用 https://www.chinatimes.com/realtimenews/20200417003469-260407?chdtv 交通部109年關鍵基礎設施資安資訊分享與分析中心平台擴充維運案 https://bit.ly/2KhwgfE 交通部資安推動計畫專業服務委外案 https://bit.ly/2ROik0T 呂文忠：調查局資安站 維護國家資安生力軍 https://udn.com/news/story/7314/4504715 調查局成立資安站護網域安全 調查官平均年齡僅31歲 https://web01.rti.org.tw/news/view/id/2060535 打擊網路犯罪、假訊息 確維資安 https://bit.ly/2VsYH0G 國防部：積極建立資安應處機制 防杜假訊息危害 https://bit.ly/2KgCZqh 「台北運動吧」粉專遭駭發A片 議員要求檢討資安 https://udn.com/news/story/7323/4505463 圖書館LED燈控制器的IP位址成攻擊跳板，法務部調查局與資安業者合力破獲 https://ithome.com.tw/news/137154 調查局聯手微軟破獲40萬裝置組成的殭屍網路，散毒源頭是一個LED燈控制器 https://www.ithome.com.tw/news/137110 微軟聯手 35 國摧毀 Necurs 殭屍網路，與調查局共享情資攻破非法 IP 位址 https://technews.tw/2020/04/22/microsoft-new-action-to-disrupt-the-largest-online-criminal-network/ 國軍強化資安教育 綿密管控機制 https://www.ydn.com.tw/News/380565 由數位身分證New eID談起 https://www.peoplenews.tw/news/bcf95661-d0c4-4615-bd75-908457f20a84 澄清「數位身分證」資安疑慮 內政部：可選是否附憑證功能 https://www.chinatimes.com/realtimenews/20200423005656-260405?chdtv 禁用Zoom之後 教育部全新遠距教學影片上架 https://udn.com/news/story/6885/4510352 工研院虛擬化APP服務平台在疫情檢測獲驗證 https://www.chinatimes.com/realtimenews/20200422003519-260412?chdtv 美國RSA Conference 2020資安研討會 公務出國報告 https://report.nat.gov.tw/ReportFront/ReportDetail/detail?sysId=C10900391 經濟部能源及水資源領域工業控制系統資安防護基準 https://www.rootlaw.com.tw/LawContent.aspx?LawID=A040100021016500-1090420 H.工控系統/SCADA/ICS Rockwell Automation RSLinx Classic https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-10642 I.教育訓練 VMware VCP-NV(2V0–642)網路虛擬化 — 自修考試準備心得與抵免上課教學(Network Virtualization) https://medium.com/blacksecurity/vmware-network-virtualization-e52b09b526c8 What does it take to become a good reverse engineer https://securelist.com/become-a-good-reverse-engineer/96743/ How To Analyse And Capture The Packets In Wireshark https://hackersonlineclub.com/how-to-analyse-and-capture-the-packets-in-wireshark/ J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 物聯網地理資訊整合開發，工業監控系統開發的第一步：取得圖資 https://bit.ly/3axrTrG 聯網車藏安全漏洞　恐致資料外洩及生命危險 https://bit.ly/2wTUEAY 福特、大眾暢銷車曝安全漏洞，黑客可竊取隱私、操控車輛 https://www.freebuf.com/news/233955.html 推物聯網資安標章 德國萊因獲網路攝影機資安檢測實驗室資格 https://n.yam.com/Article/20200422929040 多重破口、攻擊手法進化夾擊　弱點激增防護機制失靈頻傳 物聯網時代掀資安課題　導入新思維避免攻擊威脅 http://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/2BA306A3922C42AB87634330063C5558 Starbleed bug impacts FPGA chips used in data centers, IoT devices, industrial equipment https://www.zdnet.com/article/starbleed-bug-impacts-fpga-chips-used-in-data-centers-iot-devices-industrial-equipment/ Smart IoT home hubs vulnerable to remote code execution attacks https://www.zdnet.com/article/smart-iot-home-hubs-vulnerable-to-remote-code-execution-attacks/#ftag=RSSbaffb68 6.近期資安活動及研討會 交通大學駭客書院 - 基礎網頁安全與滲透測試 4/25 https://hackercollege.nctu.edu.tw/?p=1147 2020 LINE Taiwan Developers Recruitment Day 4/25 https://engineering.linecorp.com/zh-hant/blog/2020-line-taiwan-technical-recruitment-day/ 金融數據應用 統計+視覺化 4/26 https://tw.pyladies.com/events/event.html?id=179 交通大學駭客書院 - 基礎網站安全建構實務 5/16 https://hackercollege.nctu.edu.tw/?p=1151 資安社 - Forensic(一) 5/20 https://nsysuisc.kktix.cc/events/2020forensic1 交通大學駭客書院 - 電子郵件之偽造攻擊與防護措施 5/23 https://hackercollege.nctu.edu.tw/?p=1156 Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/ 交通大學駭客書院 - 進階網頁滲透測試 5/30 https://hackercollege.nctu.edu.tw/?p=1159 109年智能物聯網與資訊安全碩士學分班 5/30 ~ 8/8 https://www.accupass.com/event/2003160837472127685300 邊緣計算系統之大數據與深度學習應用 6/5 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index 交通大學駭客書院 - 高階網頁滲透測試 6/13 6/20 https://hackercollege.nctu.edu.tw/?p=1161 交通大學駭客書院 - 企業網域控管-Active Directory攻擊與防禦 6/27 https://hackercollege.nctu.edu.tw/?p=1164 CYBERSEC 2020 臺灣資安大會 8/12 https://cyber.ithome.com.tw/ Web development India https://www.webdevelopmentindia.biz/