資安事件新聞週報 2020/12/7 ~ 2020/12/11

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2020/12/7 ~ 2020/12/11 1.重大弱點漏洞/後門/Exploit/Zero Day QNAP Security Advisories - December 7th, 2020 https://www.bleepingcomputer.com/news/security/qnap-patches-qts-vulnerabilities-allowing-nas-device-takeover/ https://www.qnap.com/en/security-advisory/qsa-20-16 https://www.qnap.com/en/security-advisory/qsa-20-12 https://www.qnap.com/en/security-advisory/qsa-20-13 https://www.qnap.com/en/security-advisory/qsa-20-14 https://www.qnap.com/en/security-advisory/qsa-20-15 VERT Threat Alert: December 2020 Patch Tuesday Analysis https://www.tripwire.com/state-of-security/vert/vert-threat-alert-december-2020-patch-tuesday-analysis/ Gafgyt Using Pulse Secure Vulnerability https://prod-blog.avira.com/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218 NSA Warns Russian Hacker Exploiting VMware Bug to Breach Corporate Networks https://thehackernews.com/2020/12/nsa-warns-russian-hacker-exploiting.html WARNING — Critical Remote Hacking Flaws Affect D-Link VPN Routers https://thehackernews.com/2020/12/warning-critical-remote-hacking-flaws.html Apache 近日發布更新以解決Apache Struts 的安全性弱點 https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/apache-releases-security-update-apache-struts-2 Apache發布針對Apache Tomcat的安全公告 http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C52858194-2efd-6f17-1821-9036c8494df0%40apache.org%3E OpenSSL發布安全更新 https://www.openssl.org/news/secadv/20201208.txt VMware 發布安全更新以解決多項產品弱點問題 https://www.vmware.com/security/advisories/VMSA-2020-0027.html Russian State-Sponsored Actors Exploiting Vulnerability in Certain VMware Products https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2434988/russian-state-sponsored-malicious-cyber-actors-exploit-known-vulnerability-in-v/ Cisco 近日發布更新以解決多個產品存在的遠端程式碼執行弱點 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-java-rce-mWJEedcD Cisco Reissues Patches for Critical Bugs in Jabber Video Conferencing Software https://thehackernews.com/2020/12/cisco-reissues-patches-for-critical.html Valve's Steam Server Bugs Could've Let Hackers Hijack Online Games https://thehackernews.com/2020/12/valves-steam-server-bugs-couldve-let.html 研究人員揭露4個開源TCP/IP堆疊的安全漏洞Amnesia:33 https://www.ithome.com.tw/news/141572 Amnesia:33 — Critical TCP/IP Flaws Affect Millions of IoT Devices https://thehackernews.com/2020/12/amnesia33-critical-tcpip-flaws-affect.html 今年最後一個Patch Tuesday，微軟修補58個安全漏洞 https://www.ithome.com.tw/news/141606 Microsoft Releases Windows Update (Dec 2020) to Fix 58 Security Flaws https://thehackernews.com/2020/12/microsoft-releases-windows-update-dec.html Windows Kerberos Vulnerability Exploited https://www.bleepingcomputer.com/news/security/windows-kerberos-bronze-bit-attack-gets-public-exploit-patch-now/ https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-overview/ https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-theory/ https://support.microsoft.com/en-us/help/4598347/managing-deployment-of-kerberos-s4u-changes-for-cve-2020-17049 https://support.microsoft.com/help/4598347 Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams https://thehackernews.com/2020/12/zero-click-wormable-rce-vulnerability.html Adobe 多個產品存在安全性弱點 https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/adobe-releases-security-updates-multiple-products IBM Security Family PAM Content Update 4012.04111 https://exchange.xforce.ibmcloud.com/xpu/XPU%204008.20170 SAP Security Patch Day - December 2020 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 Palo Alto Security Advisories https://security.paloaltonetworks.com/PAN-SA-2020-0011 2.銀行/金融/保險/證券/支付系統/ 新聞及資安沒有溫柔櫃姐　拼資安與體驗 https://tw.appledaily.com/finance/20201210/WDRSSL4RHJE2HK2YCM2E6BOBXA/ 三竹助攻華南銀推出SnY數位帳戶APP https://ec.ltn.com.tw/article/breakingnews/3377004 證交所取得ISO 22301認證，服務品質再提昇 https://www.moneydj.com/KMDJ/News/NewsViewer.aspx?a=f7c8486a-ec2c-404d-a18a-e93e6d05e70c 遠傳friDay理財+ 獲金管會首家核准「開放銀行」第二階段業務 https://news.sina.com.tw/article/20201211/37125598.html 黃天牧爆找樂天董「喝咖啡」籲純網跟別打價格戰 https://www.ftvnews.com.tw/news/detail/2020C11F06M1 印度又被駭 700萬持卡人資料外洩暗黑網 https://www.fountmedia.io/article/89623 純網銀明年上路個資保護是最大課題 https://udn.com/news/story/7239/5086202 刷臉比密碼更安全　網銀生物辨識成防盜利器 https://tw.appledaily.com/property/20201212/XGBRGOUQL5FA5NH7CWS7C6AIYY/ 全年信用卡刷卡金額，拚再破 3 兆元大關 https://technews.tw/2020/12/11/annual-credit-card-amount/ 期交所：運用金融區塊鏈函證更保障投資人資訊安全權 https://money.udn.com/money/story/5613/5086612 Payment Card Skimmer Group Using Raccoon Info-Stealer to Siphon Off Data https://thehackernews.com/2020/12/payment-card-skimmer-group-using.html Hiding Web Skimmers in CSS Files https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/ 3.電子支付/行動支付/pay/資安又一PayPal幫成員公司上市！「先買後付」借貸平台Affirm申請IPO，預計募資千萬美元 https://meet.bnext.com.tw/articles/view/47134 電支用戶近1100萬人 10月代收付儲值衰退 https://reurl.cc/e8NeNx 蝦皮想拿到電子支付執照蝦拚晚點付恐需喊停 https://udn.com/news/story/7239/5072904 電子支付成現今新常態　方便、安全、普及化 https://reurl.cc/q8lxlN 看上這一點，街口胡亦嘉與鄭文燦聯手打造「璀璨桃園支付節」 https://www.storm.mg/article/3283486 疫情加速本地電子商貿應用 Visa 研究發現電子支付首次超越現金 https://www.pcmarket.com.hk/20201211-visa-consumer-payment-attitudes-study-2/ 疫情衝擊國人刷卡習慣　銀行改衝現金回饋、行動支付 https://money.udn.com/money/story/5617/5076509 街口支付冠名新竹攻城獅 (圖) https://reurl.cc/145d5V 老翁不會行動支付繳錢被拒　陸央行：嚴懲「拒收現金」的單位 https://www.ettoday.net/news/20201126/1863399.htm 4.加密貨幣/挖礦/區塊鍊資安從代幣經濟到人人可用戰略，Line區塊鏈生態系關鍵平臺終於到位 https://www.ithome.com.tw/news/141484 Rikkeisoft與Oraichain將在全球拓展人工智能區塊鏈技術 https://times.hinet.net/news/23149776 接軌國際！新創Aegis Custody以區塊鏈打造的金融商品新商機 https://meet.bnext.com.tw/articles/view/47139 星證交所參股DBS數位交易平台供比特幣與法定貨幣交易 https://udn.com/news/story/7239/5082819 中國查抄加密貨幣老鼠會沒收比特幣近20萬枚 https://ec.ltn.com.tw/article/breakingnews/3365278 「牛市」來臨？看加密貨幣市場發展 https://news.sina.com.tw/article/20201210/37120638.html 標準普爾：2021年將推出加密貨幣指數 https://news.cnyes.com/news/id/4547456 Libra協會更名為Diem協會，可望於明年發行加密貨幣 https://www.ithome.com.tw/news/141419 數位支付時代來臨！PayPal執行長：加密貨幣將成主流 https://ec.ltn.com.tw/article/breakingnews/3360992 星展啟動數碼交易平台提供加密貨幣服務 http://www.hkcd.com/content/2020-12/10/content_1235024.html 為防堵恐怖主義融資要求全面KYC！一分鐘回顧法國對加密貨幣的監管政策 https://news.knowing.asia/news/3d2e4a78-a228-40f4-a1f0-80271a32f01b 星展銀行推出「星展數位交易平台」打造全方位數位資產生態系 https://ec.ltn.com.tw/article/breakingnews/3377905 渣打推加密貨幣託管平台Zodia　攻機構投資者 https://hk.on.cc/hk/bkn/cnt/finance/20201209/bkn-20201209132929649-1209_00842_001.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 鴻海證實美洲廠區受勒索病毒攻擊傳金額達10億台幣 https://www.cna.com.tw/news/firstnews/202012085005.aspx 勒索軟體對製造業網路的衝擊 https://blog.trendmicro.com.tw/?p=66520 國外駭客鎖定台灣企業勒索　卻因看不懂繁體中文字慘做白工 https://fuhouse.setn.com/news/862109 駭客病毒入侵癱瘓伺服器竊機密文件藉機勒索 https://www.ettvamerica.com/News/Article?i=146776 Microsoft 揭露「Adrozek」惡意軟體，Chrome、Firefox 跟 Edge 都是它的挾持目標 https://www.kocpc.com.tw/archives/360445 Phishing emails with RAT targeting corporate users https://github.com/DoctorWebLtd/malware-iocs/blob/master/BackDoor.RMS/README.adoc https://news.drweb.com/show/?i=14083&lng=en Recent QakBot Malspam Activity https://isc.sans.edu/forums/diary/Recent+Qakbot+Qbot+activity/26862/ Egregor Ransomware Threat Assessment https://unit42.paloaltonetworks.com/egregor-ransomware-courses-of-action/ https://github.com/pan-unit42/iocs/blob/master/Egregor/EgregorIOCs Commodity .NET Packers use Embedded Images to Hide Payloads https://www.proofpoint.com/us/blog/threat-insight/commodity-net-packers-use-embedded-images-hide-payloads APT39 Rana Android Malware https://blog.reversinglabs.com/blog/rana-android-malware https://blog.reversinglabs.com/hubfs/Blog/rana_android_malware/IOC_SHA1_list.txt https://blog.reversinglabs.com/hubfs/Blog/rana_android_malware/IOC_C2_list.txt https://blog.reversinglabs.com/hubfs/Blog/rana_android_malware/IOC_suspicious_domains.txt https://www.ic3.gov/Media/News/2020/200917-2.pdf Chinese APT RedDelta spotted with potentially updated/new version of PlugX RAT https://twitter.com/XOR_Hex/status/1333832546589749249 https://twitter.com/noottrak/status/1334165739423608834 Spearphishing Campaigns Using MESSAGEMANIFOLD Malware https://www.recordedfuture.com/messagemanifold-malware-spearphishing-campaigns/ Watch Out! Adrozek Malware Hijacking Chrome, Firefox, Edge, Yandex Browsers https://thehackernews.com/2020/12/watch-out-adrozek-malware-hijacking.html Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware https://thehackernews.com/2020/12/russian-apt28-hackers-using-covid-19-as.html Iranian RANA Android Malware Also Spies On Instant Messengers https://thehackernews.com/2020/12/iranian-rana-android-malware-also-spies.html Hackers-For-Hire Group Develops New 'PowerPepper' In-Memory Malware https://thehackernews.com/2020/12/hackers-for-hire-group-develops-new.html TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected https://thehackernews.com/2020/12/trickbot-malware-gets-uefibios-bootkit.html Rana Android Malware https://blog.reversinglabs.com/blog/rana-android-malware Commodity .NET Packers use Embedded Images to Hide Payloads https://www.proofpoint.com/us/blog/threat-insight/commodity-net-packers-use-embedded-images-hide-payloads Quasar Family RAT Activities https://blogs.jpcert.or.jp/en/2020/12/quasar-family.html Gootkit Loader Investigation and TTPs https://www.trendmicro.com/en_us/research/20/l/investigating-the-gootkit-loader.html PGMiner Botnet https://unit42.paloaltonetworks.com/pgminer-postgresql-cryptocurrency-mining-botnet/ Fake Functions Conceal WordPress Backdoor https://blog.sucuri.net/2020/12/fake-wordpress-functions-conceal-assert-backdoor.html Pastebin Used as Command and Control Tunnel for njRAT https://unit42.paloaltonetworks.com/njrat-pastebin-command-and-control/ Qakbot Upgrade and Activity https://isc.sans.edu/forums/diary/Recent+Qakbot+Qbot+activity/26862/ https://twitter.com/lazyactivist192/status/1332363179729575938 https://twitter.com/_alex_il_/status/1333737189990158337 https://twitter.com/0verfl0w_/status/1331598884431421441 Malicious npm packages spotted delivering njRAT Trojan https://securityaffairs.co/wordpress/111751/hacking/npm-packages-installs-njrat.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G 以技術、文化、人為主軸，Line提出全面向資安 https://www.ithome.com.tw/news/141485 手機IMEI碼被洩漏，手機就會被禁用、遠程鎖機及竊聽嗎 https://www.kocpc.com.tw/archives/360375 手機防毒也不要輕忽！五個「跨平台防毒軟體」讓你從電腦到手機都不怕病毒入侵 https://reurl.cc/MdlaQp Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking https://thehackernews.com/2020/12/several-unpatched-popular-android-apps.html Android app still exposing messages of 100M users despite bug fix https://www.bleepingcomputer.com/news/security/android-app-still-exposing-messages-of-100m-users-despite-bug-fix/#.X8ZwljycLro.twitter C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件駭客在暗網中拍賣25萬個盜來的MySQL資料庫 https://www.ithome.com.tw/news/141613 親駁「仁寶被駭」認栽千萬許勝雄：半年前就掌握駭客了 https://disp.cc/b/204-d1d4 鴻海也遭駭客入侵企業到底該如何防範 https://money.udn.com/money/story/5612/5079055?from=edn_breaknewstab_index 鴻海傳遭駭勒索10億劉揚偉：已解決不影響營運 https://www.ftvnews.com.tw/news/detail/2020C10W0024 駭客攻擊勒索4億研華：啟動資安防護機制 https://reurl.cc/5qA6ZM 正妹科學家為佛州官方建立新冠數據庫現卻遭控是駭客 https://reurl.cc/Ez9300 陸網軍打擊我國際形象！冒調查局公文指煽動泰革命台人涉入 https://udn.com/news/story/7315/5084414?from=udn-catelistnews_ch2 對岸假公文再一樁「調查局資安站」成冒名對象 https://www.ftvnews.com.tw/news/detail/2020C11S01M1 台灣人涉散布中國網軍假訊息首宗網路國安案件 https://www.cna.com.tw/news/firstnews/202012110028.aspx 首宗網路國安案件台灣人赴中國受水軍訓練散布假公文 https://www.ftvnews.com.tw/news/detail/2020C11W0041 赴陸受訓散布假訊息台FB社團兩管理員落網 https://www.epochtimes.com/b5/20/12/11/n12613346.htm 對岸假公文再一樁「調查局資安站」成冒名對象 https://life.tw/?app=view&no=1180173 中國吸收台灣人當網軍散布假公文 https://news.ltn.com.tw/news/politics/paper/1418413 台指控「帝吧」台籍人員赴陸「訓練」　捏造台美介入泰國示威 https://reurl.cc/Mdlax4 網軍捏造調查局公文！　稱台美干預泰國內政 https://news.tvbs.com.tw/politics/1431269 對台假訊息戰中國網軍複製擴散一帶一路國家 https://reurl.cc/Oqyl8D 台首宗網絡國安案　三人涉發假訊息被捕 https://hk.appledaily.com/china/20201212/ZZOQLKXVFJETTNJ3SV3PLWK3LU/ 對岸受訓轉發調局假公文 https://udn.com/news/story/7320/5086239?from=udn-catelistnews_ch2 冠軍周庭...收押中！香港Youtube熱門榜多人被港府逮捕 https://news.ltn.com.tw/news/world/breakingnews/3377547 習近平再添「豬隊友」中使館轉推川普指控 https://www.ntdtv.com/b5/2020/12/10/a103006621.html 美國將中國人大常委會14名副委員長列入涉港製裁黑名單 https://reurl.cc/Ez930m 中國量子計算機「九章」問世，速度比Google的量子電腦還快100億倍 https://reurl.cc/MdlaKp 進行信息審查？ YouTube背後中共的影子 https://www.soundofhope.org/post/452761?lang=b5 Hackers Targeting Companies Involved in Covid-19 Vaccine Distribution https://thehackernews.com/2020/12/hackers-targeting-companies-involved-in.html Chinese APT's New Arsenal: Part 3 Smanager https://insight-jp.nttsecurity.com/post/102glv5/pandas-new-arsenal-part-3-smanager Lazarus recent Manuscrypt campaign https://x.threatbook.cn/nodev4/vb4/article?threatInfoID=3051 https://twitter.com/BitsOfBinary/status/133733028678751846 Russian APT28 Uses COVID-19 Lures to Deliver Zebrocy https://www.intezer.com/blog/research/russian-apt-uses-covid-19-lures-to-deliver-zebrocy/ LuckyMouse Targeting Governmental Agencies in East Asia https://decoded.avast.io/luigicamastra/apt-group-targeting-governmental-agencies-in-east-asia/ SideWinder APT South Asian Territorial Themed Spear Phishing and Mobile Device Attacks https://www.trendmicro.com/en_us/research/20/l/sidewinder-leverages-south-asian-territorial-issues-for-spear-ph.html FireEye遭到國家支持的駭客入侵 https://reurl.cc/x0ryMV 美國資安大廠FireEye遭網路攻擊！駭客工具被盜 https://reurl.cc/q8lxX3 美資安公司火眼遭入侵，駭客疑有國家撐腰 https://technews.tw/2020/12/09/us-cybersecurity-firm-fireeye-says-it-was-hacked-by-foreign-government/ FireEye Red Team Tool Countermeasures https://github.com/fireeye/red_team_tool_countermeasures https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html Cybersecurity Firm FireEye Got Hacked; Red-Team Pentest Tools Stolen https://thehackernews.com/2020/12/cybersecurity-firm-fireeye-got-hacked.html FireEye Red Team Tools Accessed by an Adversary https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html https://github.com/fireeye/red_team_tool_countermeasures https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/theft-fireeye-red-team-tools https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html OilRig Network Infrastructure Analysis and Collection https://www.domaintools.com/resources/blog/identifying-critical-infrastructure-targeting-through-network-creation NSA Advisory on RU Actors Using CVE-2020-4006 https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2434988/russian-state-sponsored-malicious-cyber-actors-exploit-known-vulnerability-in-v/ Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam https://thehackernews.com/2020/12/facebook-tracks-apt32-oceanlotus.html 48 U.S. States and FTC are suing Facebook for illegal monopolization https://thehackernews.com/2020/12/48-us-states-and-ftc-are-suing-facebook.html Shadow Academy Targets Universities https://www.riskiq.com/blog/external-threat-management/shadow-academy/ Another Molerats Campaign Targeting the Middle East https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf https://www.cybereason.com/blog/new-malware-arsenal-abusing-cloud-platforms-in-middle-east-espionage-campaign 資安工程師 https://www.104.com.tw/job/74tr8 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞駭客入侵歐洲藥品管理局輝瑞疫苗數據被竊 https://reurl.cc/A8NQrK 歐洲藥品管理局遭到網路攻擊，導致藥廠的COVID-19疫苗申請文件遭存取 https://www.ithome.com.tw/news/141605 巴西衛生部官網原始碼內含資料庫登入資訊，導致 2 億 4300 萬巴西民眾個資曝光 https://www.twcert.org.tw/tw/cp-104-4224-8d882-1.html 科技大廠接連遭駭客戶資料外洩成隱憂 https://udn.com/news/story/7240/5079940 《原神》帳號被盜！官方稱「新主人有課金」不還帳號 https://www.setn.com/News.aspx?NewsID=862892 FBI 警告：愈來愈多駭侵團體駭入 Web Mail，竄改郵件規則，進行 BEC 攻擊 https://www.twcert.org.tw/tw/cp-104-4214-96e2c-1.html 感情路坎坷又嫁錯尪「小全智賢」性愛片外流神隱！事業全毀 https://star.setn.com/news/862562 Partner Phishing Compromise https://abnormalsecurity.com/blog/compromised-partner-phishing/ Google Ads Used to Steal Cryptocurrency https://www.bleepingcomputer.com/news/security/metamask-phishing-steals-cryptocurrency-wallets-via-google-ads/ Cyberpunk 2077 Release Hoax is Actually Data Theft Attempt https://www.kaspersky.com/blog/cyberpunk-2077-scam/37907/ SideWinder Uses South Asian Issues for Spear Phishing and Mobile Attacks https://www.trendmicro.com/en_us/research/20/l/sidewinder-leverages-south-asian-territorial-issues-for-spear-ph.html Fake Office 365 Digest Summary https://cofense.com/you-must-quarantine-fake-office-365-email-leads-to-curiosity/ E.研究報告 How to Detect Yellow Cockatoo Remote Access Trojan https://redcanary.com/blog/yellow-cockatoo/ https://www.morphisec.com/hubfs/eBooks_and_Whitepapers/Jupyter%20Infostealer%20WEB.pdf Governance Considerations for Democratizing Your Organization's Data in 2021 https://thehackernews.com/2020/12/governance-considerations-for.html How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain https://thehackernews.com/2020/12/how-dmarc-can-stop-criminals-sending.html How Organizations Can Prevent Users from Using Breached Passwords https://thehackernews.com/2020/12/how-organizations-can-prevent-users.html MARIJUANA Obfuscation Allows Shell Bypass https://blog.sucuri.net/2020/12/obfuscation-techniques-in-marijuana-shell-bypass.html Phonia - most advanced toolkits to scan phone numbers using only free resources https://hakin9.org/phonia-most-advanced-toolkits-to-scan-phone-numbers-using-only-free-resources/ Deep Inside Malicious PDF https://hakin9.org/deep-inside-malicious-pdf/ The History and evolution of malware https://hakin9.org/the-history-and-evolution-of-malware/ 4 Free Online Cyber Security Testing Tools For 2021 https://thehackernews.com/2020/12/4-free-online-cyber-security-testing.html F.商業 Fortinet 發布 2021 全球資安威脅預測，智慧邊緣設備將成防衛戰關鍵 https://technews.tw/2020/12/09/fortinet-2021-cyber-security-prediction/ 企業數位轉型規劃小心別陷入「忽略資安風險」盲點 https://www.bnext.com.tw/article/60383/3s 2020資訊治理年會登場！SGS揭露第一手資安趨勢觀察 https://www.bnext.com.tw/article/60209/sgs-202012 2021年IT領導者目標數位轉型、資安成焦點 https://money.udn.com/money/story/5612/5081232 IBM針對5G產業推滲透測試服務，將涵蓋中上下游產業鏈如晶片、核網與SDN https://www.ithome.com.tw/news/141581 鎖定數位轉型商機叡揚資訊今掛牌上櫃 https://ec.ltn.com.tw/article/breakingnews/3377039 新加多種系統角色，紅帽OS提供增進系統穩定與效能機制 https://www.ithome.com.tw/review/141493 果核數位榮獲BSI 雲端資安獎，擁本地優勢+國際合作，免除 AIoT 時代資安疑慮 https://www.digicentre.com.tw/news_detail.php?id=82 Kryptowire提供軍規等級App安全檢測，驗證多種資安標準 https://www.ithome.com.tw/review/141513 思科於WebexOne 數位協作線上會議宣佈推出多項Webex嶄新功能 https://www.cisco.com/c/zh_tw/about/news-center/news-20201209.html 全景軟體身分認證為零信任架構建立關鍵基礎 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000599357_JJP24VO7665KJF6W0EKMU team+打造台版Slack，力拼下一個台灣獨角獸 https://www.techbang.com/posts/83123-teamplus-builds-a-taiwanese-version-of-slack G.政府竹市試辦數位身分證議員憂資安 https://reurl.cc/WL25zO 做好資料庫防護阻攔駭客竊取 https://reurl.cc/4m0AGv 數位身分證是魔戒還是聖杯？資安專家：注意數位獨裁 https://reurl.cc/0Or5l9 數位身分證資安疑慮綠委籲先暫緩 https://reurl.cc/yg3p0D 數位身分證爭議　對岸網媒竟出聲護航台灣行政院 https://n.yam.com/Article/20201210615405 試到資安專家攻不進！蘇貞昌轉彎：數位身分證不一定7月全面換發 https://newtalk.tw/news/view/2020-12-11/507321 蘇貞昌：數位身分證不一定2021年7月全國換發要試辦到駭客攻不破 https://www.cna.com.tw/news/firstnews/202012110111.aspx?utm_medium=fanpage 數位身分證懸賞駭客攻破？資安專家：恐賣漏洞給黑市 https://udn.com/news/story/7321/5085239 內政部強調新數位身份證空白卡絕非中國製造 https://www.techbang.com/posts/83108-the-ministry-of-the-interior-stressed-that-the-new-digital-id 政院推動數位身分證、故宮併文化部惹議　政院官員：絕對尊重立法院意見 https://www.storm.mg/article/3285821 晶片不是Made in China！回應數位身分證資安疑慮，內政部將設賞金邀駭客進攻 https://www.bnext.com.tw/article/60498/2021-taiwan-eid 數位發展公聽會漏網議題 https://talk.ltn.com.tw/article/paper/1418323 政府推6大核心戰略產業打造台灣成4大中心 https://www.cna.com.tw/news/firstnews/202012100158.aspx 【台灣被看光光】政府採購無人機七成以上「中國製」，蘇貞昌：盡快汰換 https://buzzorange.com/techorange/2020/12/10/china-drones-in-tw/ 資策會科法所善用網路通訊接軌後疫情時代國際通訊隱私趨勢 http://n.yam.com/Article/20201211901020 愛瑪麗歐捐贈人工智慧監視器助台南市府打擊犯罪 https://udn.com/news/story/7238/5085524?from=udn-ch1_breaknews-1-cate6-news 科技部110年度「前瞻資安科技專案計畫」 http://research.nchu.edu.tw/news-detail/id/1808 資安人才培育展成果產學社群共創新動能 https://reurl.cc/4m0A73 H.工控系統/ICS/SCADA 相關資安 Industry Perspectives Protecting Healthcare and Academia Against Cyber Threats https://www.fireeye.com/blog/executive-perspective/2020/12/protecting-healthcare-and-academia-against-cyber-threats.html mitsubishielectric r00cpu_firmware http://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-16850 ICS-CERT Security Advisories - December 8th, 2020 https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01 https://us-cert.cisa.gov/ics/advisories/icsa-20-343-02 https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03 https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04 https://us-cert.cisa.gov/ics/advisories/icsa-20-343-05 https://us-cert.cisa.gov/ics/advisories/icsa-20-343-06 https://us-cert.cisa.gov/ics/advisories/icsa-20-343-07 https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08 https://us-cert.cisa.gov/ics/advisories/icsa-20-343-09 https://us-cert.cisa.gov/ics/advisories/icsa-20-343-10 ICS-CERT Security Advisories - December 10th, 2020 https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01 https://us-cert.cisa.gov/ics/advisories/icsa-20-345-01 https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02 I.教育訓練 Quick Guide — How to Troubleshoot Active Directory Account Lockouts https://thehackernews.com/2020/11/quick-guide-how-to-troubleshoot-active.html Open University http://www.open.ac.uk/ Cybrary https://www.techradar.com/best/best-online-cyber-security-courses#1-cybrary US Department of Homeland Security https://www.techradar.com/best/best-online-cyber-security-courses#2-us-department-of-homeland-security Open Security Training https://www.techradar.com/best/best-online-cyber-security-courses#3-open-security-training Heimdal Security https://www.techradar.com/best/best-online-cyber-security-courses#4-heimdal-security Sans Cyber Aces Online https://www.techradar.com/best/best-online-cyber-security-courses#5-sans-cyber-aces-online K.物聯網/IOT/人工智慧物聯網偵測火災，理賠流程縮短變三天！國泰攜手中興保全推IoT火災事故保險 https://udn.com/news/story/7239/5039978 Arm 新計畫開發專為 IoT 設計的免電池感測器 https://technews.tw/2020/11/27/arm-unleashes-project-triffid-to-help-deliver-internet-of-things/ IoT設備安全性設計的八項原則 https://www.eet-china.com/news/202011081205.html 6.近期資安活動及研討會 MLDM Monday @ 三創育成 | 高效率多目標最佳化及應用 12/14 https://www.meetup.com/Taiwan-R/events/274001434 國家高速網路與計算中心教育訓練【資安進階課程】Linux系統安全與漏洞運用 12/15 (報名到12/13截止) https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3933&from_course_list_url=course_index 從駭客的角度檢視您公司的資安 12/15 https://www.accupass.com/event/2012020646317937617740 亞洲‧矽谷計畫-強化物聯網資安防護-成果發表會暨授證典禮12/15 http://www.filaweaving.org.tw/show/show-989828.htm SP-ISAC 資安沙龍12/17 https://spisac.kktix.cc/events/20201217 【智慧資安】超前部署AI機器學習提升資安防護力【Power of X 科技講堂】 12/17 http://tw.systex.com/powerofx-webinar-1217/ TDOH Quantum Conf 2020 駭客的薛丁格地下城 12/18 https://tdohackerparty.kktix.cc/events/tdoh-2020-quantum-conf?locale=en LINE TAIWAN TECHPULSE 2020 大會12/18 https://www.computerdiy.com.tw/20201120_line/ 2020遠距使用者研究實務研討 12/19 https://userxper.kktix.cc/events/user-research-2020 交通大學亥客書院系統滲透測試與漏洞利用 12/19 https://hackercollege.nctu.edu.tw/?p=1226 Taipei.py 2020 12 月聚會 12/24 https://www.meetup.com/Taipei-py/events/274272146 2020 Proxmox VE 中文使用者社團年會 12/26 https://tfc.kktix.cc/events/pve-tw-2020 利用NAC系統進行資安聯防提升企業資安與競爭力【Power of X 科技講堂】 12/28 http://tw.systex.com/powerofx-webinar-1228/ 2020【 WEA x BSI 資安風險趨勢講座】 12/28 https://wea4risk.kktix.cc/events/2020weaxbsi 交通大學亥客書院 AI於資訊安全之應用 2021/1/9 1/16 https://hackercollege.nctu.edu.tw/?p=1228 交通大學亥客書院企業網域控管－Active Directory攻擊與防禦 2021/1/23 https://hackercollege.nctu.edu.tw/?p=1230 2021 南新科技中心寒假營隊 [駭客攻防資安體驗營] 2021年1月21-22日 https://www.nsjh.tn.edu.tw/modules/tadnews/index.php?nsn=7790 吱吱盃黑客松 2021/04/02 18:30 ~ 2021/04/04 18:30 https://nsysuisc.kktix.cc/events/hackathon2020