###### tags: `資安事件新聞週報` # 資安事件新聞週報 2020/10/19 ~ 2020/10/23 1.重大弱點漏洞/後門/Exploit/Zero Day 臉部辨識裝置爆資安漏洞 https://blog.trendmicro.com.tw/?p=65908 甲骨文10月修補402個漏洞 https://times.hinet.net/topic/23092693 Oracle Database Server Scheduler component 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14735 Magento rubygems openmage/magento-lts 注入漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15244 Juniper Networks Releases Security Updates for Multiple Products https://us-cert.cisa.gov/ncas/current-activity/2020/10/15/juniper-networks-releases-security-updates-multiple-products Fortinet FortiOS 安全漏洞 https://www.secfree.com/vul-152579.html 7大手機瀏覽器漏洞可讓用戶導向惡意網站 https://www.ithome.com.tw/news/140674 10 個地址欄欺騙漏洞影響 7 個瀏覽器 https://www.chainnews.com/zh-hant/articles/615537884225.htm Nagios XI 命令注入漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5792 WebLogic 多個遠程代碼執行漏洞 https://blog.csdn.net/weixin_45728976/article/details/109208118 Cisco Releases Security Updates for Multiple Products https://us-cert.cisa.gov/ncas/current-activity/2020/10/22/cisco-releases-security-updates-multiple-products Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird https://us-cert.cisa.gov/ncas/current-activity/2020/10/21/mozilla-releases-security-updates-firefox-firefox-esr-and 黑客攻擊Cisco 設備中的CVE-2020-3118 漏洞 https://defense.yunaq.com/news/5f924d31d132c828beebb4dc/ Cisco iOS XR Software 遠程代碼執行漏洞（CVE-2020-3118） https://www.wangan.com/articles/1215 Cisco Adaptive Security Appliance (ASA) 跨站脚本漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3599 Cisco Adaptive Security Appliance (ASA) 和 Cisco Firepower Threat Defense (FTD) 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3585 Check Point發現Instagram安全漏洞 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000596390_i2e48g1c8dkkck1go7w32 Microsoft出現遠端執行程式碼漏洞！盡快安裝修補程式 https://www.cybersechub.hk/en/post/683 快檢查！Win10 10月安全更新出大事，bug危害所有版本 https://kknews.cc/news/yj5z2va.html Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities https://us-cert.cisa.gov/ncas/current-activity/2020/10/16/microsoft-releases-security-updates-address-remote-code-execution 用 Windows 編輯 iPhone 影片的人請小心，HEVC 影像檔有遠端入侵漏洞 https://reurl.cc/ygO9Qq KB954593 - MS08-052：GDI+ 中的漏洞可能允許遠程代碼執行 https://support.microsoft.com/zh-cn/help/954593/kb954593-ms08-052-vulnerabilities-in-gdi-could-allow-remote-code-execu VMware Releases Security Updates for Multiple Products https://us-cert.cisa.gov/ncas/current-activity/2020/10/20/vmware-releases-security-updates-multiple-products VMware ESXi OpenSLP 高危漏洞風險提示 https://www.wangan.com/articles/1227 VMSA-2020-0023 https://www.vmware.com/security/advisories/VMSA-2020-0023.html sonicwall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010 Nearly 800,000 SonicWall VPNs Need Critical Flaw Patching https://www.infosecurity-magazine.com/news/800k-sonicwall-vpns-critical-flaw Two New IoT Vulnerabilities Identified with Mirai Payloads https://unit42.paloaltonetworks.com/iot-vulnerabilities-mirai-payloads/ Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF NSA warns defense contractors of recent Chinese government-backed hacking https://www.cyberscoop.com/defense-contractors-chinese-government-hacking-nsa/ Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices https://thehackernews.com/2020/10/linux-Bluetooth-hacking.htm Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks https://thehackernews.com/2020/10/browser-address-spoofing-vulnerability.html New Chrome 0-day Under Active Attacks – Update Your Browser Now https://thehackernews.com/2020/10/chrome-zeroday-attacks.html 【閒來無事小試身手】工程師自願幫蘋果抓漏洞，花三個月攻破獲五萬美金懸賞 https://buzzorange.com/techorange/2020/10/16/apple-security-bug/ Security Bulletin: IBM Security Guardium is affected by vulnerabilities in DB2, which Guardium ships https://www.ibm.com/support/pages/node/6349177 Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a 3RD PARTY Cryptographc vulnerability https://www.ibm.com/support/pages/node/6348664 Stable Channel Update for Desktop Tuesday, October 20, 2020 https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html Chrome for Android Update Tuesday, October 20, 2020 https://chromereleases.googleblog.com/2020/10/chrome-for-android-update_20.html IProom MMC+ Server - URL Redirection to Untrusted Site ('Open Redirect') https://www.twcert.org.tw/tw/cp-132-4053-6e9a2-1.html Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 驚動資安人員 日盛Online APP下載量爆桌 https://money.udn.com/money/story/5613/4954515 散戶投資熱 二款券商App下載量大增 https://news.cnyes.com/news/id/4535427 藍營立委質疑「北富銀系統之亂」，憂今不交報告！ 黃天牧：相信會準時送到；有充分了解狀況 https://reurl.cc/Gra6zA 加拿大稅務局因遭受駭客攻擊被迫暫停線上服務 http://www.hwgroup.com.tw/info/20201023 富邦產險：疫情將使新常態資安與國際貿易風險增加 https://www.chinatimes.com/realtimenews/20201023003765-260410?chdtv 地價稅11月開徵 銀行推刷卡分期零手續費搶市 https://news.cnyes.com/news/id/4535827 Financial System Could Be Seriously Disrupted By Single Cyber Attack, G20 Warned https://www.forbes.com/sites/tedknutson/2020/10/19/financial-system-could-be-seriously-disrupted-by-single-cyber-attack-g20-warned/#450b9f6488d4 Banking Web Injects Are Top Cyber Threat for Financial Sector https://www.recordedfuture.com/banking-web-injects/ 3.電子支付/行動支付/pay/資安 一"嗶"在手好方便 行動支付存隱憂 https://www.peopo.org/news/489207 移動支付又出新漏洞，這裏有一份支付安全指南請收好 https://pcnow.cc/p/A31MK5eb69.html 新華時評：網絡支付安全為先 http://big5.xinhuanet.com/gate/big5/www.xinhuanet.com/fortune/2020-10/23/c_1126650023.htm LINE Pay深耕校園推展行動支付 普及率領先同業 https://reurl.cc/m9pKZW 台中行動支付店家六都吊車尾 市府： 成功爭取便利Pay https://udn.com/news/story/7325/4950245 《金融》數位金融客群 八大場景最需行動支付 https://reurl.cc/r80OLZ 北韓也搞行動支付！走到哪嗶到哪...自稱研發成功已投入市場 https://www.ettoday.net/news/20201021/1836571.htm 低接觸支付「疫」外崛起　統一超三大電子支付突破2.7億人次 https://www.ettoday.net/news/20201021/1836701.htm AppotaPay是第39家獲得越南國家銀行的許可證的支付中介公司 https://times.hinet.net/news/23091933 行動支付雙雄 「嗶」出新榮景 https://udn.com/news/story/7239/4941721 4.加密貨幣/挖礦/區塊鍊 資安 千呼萬喚！三大平台都支持的FileCoin主網上線後，將帶來什麼影響 https://news.knowing.asia/news/9b33af1f-d86b-4c88-b4b2-8ec28b4eea27 線上交易平台Robinhood被駭 近2,000帳戶資金遭竊取 https://money.udn.com/money/story/5602/4941836 給想入局DeFi投資者的7個建議！除了評估安全風險外，還要考量使用場景 https://news.knowing.asia/news/7511e0d8-c04a-443b-ae50-933e6b60152f CVE-2020-26896：閃電網絡被曝安全漏洞 https://www.chainnews.com/zh-hant/articles/923956697599.htm 比特幣漲到一年多新高 因這個支付平台將可使用加密幣 https://udn.com/news/story/6811/4953865 PayPal 將開放加密貨幣交易，市場樂觀其成 https://technews.tw/2020/10/22/paypal-will-open-cryptocurrency-trading-the-market-is-optimistic-about-its-success/ 【數碼人民幣】防支付寶和微信支付助大？剖析人民銀行發行數碼人民幣的箇中原因 https://reurl.cc/n0pGD1 千萬數位人民幣大試點，非區塊鏈且可離線支付 https://technews.tw/2020/10/12/large-pilot-program-for-tens-of-millions-of-rmb-non-blockchain-and-offline-payment/ Bitcoin wallet update trick has netted criminals more than $22 million https://www.zdnet.com/article/bitcoin-wallet-trick-has-netted-criminals-more-than-22-million/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC ESET與其他資安及電信業者協同打擊Trickbot殭屍網路 https://reurl.cc/7oE8Ob 勒索軟體找上遊戲公司 Ubisoft 與 Crytek，威脅披露《看門狗：自由軍團》的原始碼 https://reurl.cc/e8p2YQ Google 揭中國駭客最新狠招！假冒防毒軟體入侵電腦 https://3c.ltn.com.tw/news/42046 年中資安報告:駭客集團精心策劃目標式攻擊 勒索病毒瞄準更大目標以及更高金額 https://blog.trendmicro.com.tw/?p=65658 勒索軟體受害者若未向警方報案恐損及他人 https://blog.twnic.tw/2020/10/23/15635/ Ryuk駭客組織重啟勒索攻擊，法國IT外包商Sopra Steria可能是最新受害者 https://www.ithome.com.tw/news/140697 Windows GravityRAT Malware Now Also Targets macOS and Android Devices https://thehackernews.com/2020/10/windows-gravityrat-malware-now-also.html Geofenced Amazon Japan Credential Phishing Volumes Rival Emotet https://www.proofpoint.com/us/blog/threat-insight/geofenced-amazon-japan-credential-phishing-volumes-rival-emotet Pakistani spy lured 98 targets with bots https://timesofindia.indiatimes.com/city/lucknow/pakistan-spy-lured-98-targets-with-bots/articleshow/69867201.cms GravityRAT: The spy returns https://securelist.com/gravityrat-the-spy-returns/99097/ Operation Earth Kitsune: Tracking SLUB’s Current Operations https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-kitsune.pdf Looking Into the Eye of the Interplanetary Storm https://www.bitdefender.com/files/News/CaseStudies/study/376/Bitdefender-Whitepaper-IPStorm.pdf Secret-stealing Trojan active in Brazil releases the new framework SolarSys https://blog.360totalsecurity.com/en/secret-stealing-trojan-active-in-brazil-releases-the-new-framework-solarsys/ T-RAT 2.0: Malware control via smartphone https://www.gdatasoftware.com/blog/trat-control-via-smartphone On the trail of the XMRig miner https://securelist.com/miner-xmrig/99151/ Droppers, Downloaders and TrickBot: Detecting a Stealthy COVID-19-themed Campaign using Toolmarks https://threatresearch.ext.hp.com/detecting-a-stealthy-trickbot-campaign/ An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques https://labs.sentinelone.com/an-inside-look-at-how-ryuk-evolved-its-encryption-and-evasion-techniques/ Alert (AA20-296A) Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets https://us-cert.cisa.gov/ncas/alerts/aa20-296a Alert (AA20-283A)APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations https://us-cert.cisa.gov/ncas/alerts/aa20-283a Police Raided German Spyware Company FinFisher Offices https://thehackernews.com/2020/10/finfisher-spyware-raid.html FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks https://thehackernews.com/2020/10/fin11-hackers-spotted-using-new.html Lemon Duck brings cryptocurrency miners back into the spotlight https://blog.talosintelligence.com/2020/10/lemon-duck-brings-cryptocurrency-miners.html IAmTheKing and the SlothfulMedia malware family https://securelist.com/iamtheking-and-the-slothfulmedia-malware-family/99000/ New action to combat ransomware ahead of U.S. elections https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/ SourMint: malicious code, ad fraud, and data leak in iOS https://snyk.io/blog/sourmint-malicious-code-ad-fraud-and-data-leak-in-ios/ Operation Quicksand MuddyWater’s Offensive Attack Against Israeli Organizations https://www.clearskysec.com/wp-content/uploads/2020/10/Operation-Quicksand.pdf Ave_Maria and Packer Malware Analysis https://www.vmray.com/cyber-security-blog/warzone-rat-malware-analysis-spotlight/ New Vizom Malware Discovered Targets Brazilian Bank Customers with Remote Overlay Attacks https://securityintelligence.com/posts/vizom-malware-targets-brazilian-bank-customers-remote-overlay/ B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G Sensity：不雅圖片造假工具透過Telegram散播，受害者恐超過10萬人 https://www.ithome.com.tw/news/140660 WhatsApp推出程式內購買功能 強化臉書電商平台 https://news.cnyes.com/news/id/4535591 iOS 14 .1 曝災情！預設第三方瀏覽器與郵件App更新後，需重新設定 https://3c.ltn.com.tw/news/42100 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 全球前97大VPN業者3成是中資公司 只要「翻牆」就可能遭陸方監控 https://reurl.cc/4mlVyV 「黑客精神」陰暗面在人際關係？過分優化恐走向自我黑化 https://reurl.cc/7oEzok 現代羅賓漢？駭客勒索企業後捐贈贖款 慈善機構表示：拒收 https://reurl.cc/q8pWdR 網路威脅情資共享機制將有助資安團隊的效益倍增 https://technews.tw/2020/10/23/infoblox-october-tide/ 百萬軟體賤賣四百3／大補帖攤販未滅　檔案無法安裝 https://www.ctwant.com/article/80139 研究指疫情下針對商店會員系統的網上攻擊增加 https://unwire.pro/2020/10/22/coronavirus-outbreak-triggered-a-rush-of-online-attacks-against-retail-loyalty-schemes/security/ 嚴防資安破口 反制敵網路民兵 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1275738&type=forum 【十字路口】拜登家再爆通共門 中共滲透聯合國 https://www.epochtimes.com/b5/20/10/17/n12482835.htm 白登版電郵門 FBI查是否俄國背後搞鬼 https://www.worldjournal.com/wj/story/121468/4944037 拜登兒「通郵門」不單純 50位美前情報官點出幕後黑手 https://www.chinatimes.com/realtimenews/20201023000021-260408?chdtv 推特推翻封殺拜登電郵門決定 允許用戶轉貼、分享 https://news.cnyes.com/news/id/4534333 瞄準競選團隊 Google 揭露中國大型駭客攻擊行動細節 https://www.inside.com.tw/article/21250-chinese-hacking-google-security-found 美國FCC要求司法部 評估中國聯通國安威脅 https://reurl.cc/0Omqrx 美國聯邦機構：俄羅斯最新駭客攻擊行動預示著可能干預美大選 https://reurl.cc/9XWmz8 美情報首長證實　俄國伊朗意圖干預大選 https://tw.appledaily.com/international/20201023/TEGFWYBVXBCDTC4WIGUVUZ34T4/ 美國安局警告，中國駭客目標正對準美國軍事國防系統 https://reurl.cc/Kj21ke 美國安局示警 中共資助駭客鎖定美政軍資訊 https://reurl.cc/Ld2K3a 美方證實：俄羅斯駭客成功竊取政府網路資料 https://money.udn.com/money/story/10511/4957495 美指中國協助北韓規避制裁　訓練駭客網路竊盜、洗錢 https://tw.appledaily.com/international/20201023/XIJGO4CFEREQNPWOLJYHO2FXBQ/ YouTube刪除3000個中共營運的假帳號 https://www.epochtimes.com/b5/20/10/17/n12482575.htm 俄國兩名情報高官涉網攻德國國會 歐盟予以制裁 https://www.cna.com.tw/news/aopl/202010230205.aspx 美國大選｜美指控俄羅斯駭客攻擊地方及州政府網路　至少兩伺服器遭入侵 https://tw.appledaily.com/international/20201023/U52YAXDQ4FDP7EKV54WW2K6HAM/ 「中國威脅美國民主，北京意識形態橫行全球」！白宮國安顧問擂反中戰鼓，拉孔子助陣 https://www.storm.mg/article/3138616 美國教育部斥 12 大學收中俄逾十億匿名捐款　大部分與華為有科研合作　恐成技術轉移漏洞 https://reurl.cc/VX2bjQ 美指控中國黑客威脅美信息網絡　中國外交部：美國應停止賊喊捉賊 https://reurl.cc/bRdK2l U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks https://thehackernews.com/2020/10/russian-hackers.html Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow https://labs.sentinelone.com/purple-fox-ek-new-cves-steganography-and-virtualization-added-to-attack-flow/ India Witnessed Spike in Cyber Attacks Amidst Covid-19 - Here's Why https://thehackernews.com/2020/10/covid-19-india-cyberattacks.html CISA and FBI Release Joint Advisories Regarding Russian and Iranian APT Actors https://us-cert.cisa.gov/ncas/current-activity/2020/10/22/cisa-and-fbi-release-joint-advisories-regarding-russian-and D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 網上情緣騙案人均失4100元 電子支付受騙比例13％ https://reurl.cc/ygO97D 滙豐：26%人曾遇電子支付詐騙 http://paper.wenweipo.com/2020/10/22/FI2010220015.htm 【LINE訊息查證】全民查證王就是你！165防詐、釣魚網站一秒辨識 http://official-blog.line.me/tw/archives/84217449.html 3玩家貪中國遊戲點數便宜 網購遭「三方詐欺」騙走13萬 https://news.ltn.com.tw/news/society/breakingnews/3330230 申請關簡訊 可幫長者擋掉認證關卡 https://m.ltn.com.tw/news/society/paper/1406767 日本藥廠台灣分部驚遭網路攻擊 部分資料遭竊 https://m.ltn.com.tw/news/society/breakingnews/3329663 新一波網釣攻擊假冒Microsoft Teams訊息以竊取Office 365憑證 https://www.ithome.com.tw/news/140710 駭客販售上億美國選民個資！FBI已展開調查 https://www.ettvamerica.com/News/Article?i=142675 駭客論壇流傳 幾乎美國選民個資 https://reurl.cc/148N4p 川普推特4年2度被同1人登入？荷資安專家傻眼 https://newtalk.tw/news/view/2020-10-23/483467 荷蘭資安人員號稱破解川普 Twitter 帳密？但遭白宮嚴正否認 https://www.inside.com.tw/article/21303-White-House-deny-claims-that-researcher-hacked-Trump-account 太容易！荷蘭資安專家猜對密碼 登入川普推特帳號 https://www.worldjournal.com/wj/story/121469/4957242 駭客稱破解川普推特：9字密碼超好猜 https://reurl.cc/avXYpD FB推特禁轉拜登醜聞惹毛共和黨 參院委員會傳喚2公司執行長 https://www.chinatimes.com/realtimenews/20201023000058-260408?chdtv 美情報單位：俄將用真假電郵攻擊拜登 https://udn.com/news/story/121687/4941859?from=udn-catelistnews_ch2 俄利用烏克蘭真假電郵掀「10月驚奇」！鎖定朱利安尼餵假消息 https://udn.com/news/story/121687/4940309?from=udn-catebreaknews_ch2 「新聞警察」 推特仍禁貼拜登父子電郵門 https://m.ltn.com.tw/news/world/paper/1406610 台灣宿配網個資全外洩 僅通知業者而非用戶 處理態度引發質疑 https://m.ltn.com.tw/news/society/breakingnews/3323792 五星飯店爆個資外洩? 詐騙成員稱：我是飯店主管 https://reurl.cc/bRdrjv 審查爭議延燒 川普競選帳號又被推特凍結 https://reurl.cc/R12VG6 女性注意！公開照片恐被AI「數位脫衣」 連女星都受害 https://vip.udn.com/vip/story/121162/4955553 Google Doc 等13 個合法表單服務網站被惡意建立釣魚表單 https://blog.trendmicro.com.tw/?p=65709 千筆個資外洩　中正研擬強化學生資安 https://reurl.cc/Md2KAX 保單委託外製恐洩個資 立委要求保密SOP https://udn.com/news/story/7239/4955307?from=udn-ch1_breaknews-1-cate6-news Agile Threat Actors Pivot from COVID-19 to Voter Registration Themes in Phishing Lures https://www.proofpoint.com/us/blog/threat-insight/agile-threat-actors-pivot-covid-19-voter-registration-themes-phishing-lures E.研究報告 資安這條路─以自建漏洞環境學習資訊安全 系列 https://ithelp.ithome.com.tw/users/20108446/ironman/3463 Jboss 漏洞利用總結 https://www.wangan.com/articles/1240 CVE-2019-0230：Apache Struts OGNL遠程代碼執行漏洞詳解 https://www.4hou.com/index.php/posts/VlRB DVS - D(COM) V(ulnerability) S(canner) AKA Devious swiss army knife https://hakin9.org/dvs-dcom-vulnerability-scanner-aka-devious-swiss-army-knife/ PwnDoc - Pentest Report Generator https://hakin9.org/pwndoc-pentest-report-generator/ Pivotnacci - A tool to make socks connections through HTTP agents https://hakin9.org/pivotnacci-a-tool-to-make-socks-connections-through-http-agents/ Secret-stealing Trojan active in Brazil releases the new framework SolarSys https://blog.360totalsecurity.com/en/secret-stealing-trojan-active-in-brazil-releases-the-new-framework-solarsys/ F.商業 CYBAVO頂尖資安團隊 打造區塊鏈最高資安 https://startupterrace.tw/news/310 中華電子公司中華資安國際 紅隊演練服務通過國際驗證 https://reurl.cc/9XWkgV 本土資安秀軟實力 高效散熱解決方案驚豔全場 https://money.udn.com/money/story/10860/4957051 Hitachi Vantara推出超融合基礎架構統一雲端管理 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000596389_a4n4gkp67iwgral59y05s 晶睿推開放平台智慧安防新品 可安裝App擴充功能 https://ec.ltn.com.tw/article/breakingnews/3329827 搶攻區塊鏈檔案存證商機！宏碁資訊攜手 ITM、旭聯資安推「BlockSeal」 https://blockcast.it/2020/10/23/aceraeb-partnered-with-itm-and-sunnet-cyber-to-launch-blockseal-blockchain-solution/ 微軟資安高峰會 揭示「零信任」為資安基石 https://money.udn.com/money/story/5612/4958065 微軟攜手MITRE釋出捍衛機器學習系統的Adversarial ML Threat Matrix開放框架 https://www.ithome.com.tw/news/140700 思科：遠距辦公恐成資安防護漏洞，面臨詭譎多變網路惡意攻擊，台灣企業務必加強資安投資 https://tnntoday.com/296355/cisco-20201023 因應企業工作模式轉變，微軟揭示混合辦公資安三大架構 https://technews.tw/2020/10/23/microsost-security/ 加速全球防詐產業鏈佈局 Gogolook插旗日本 https://reurl.cc/Ezm5nn G.政府 「 立院濟南路直通中南海 」立法院研究室資訊設備全為大同公司承攬 https://reurl.cc/zzQajN 立院每年遭駭客攻擊550萬次 資訊處：都成功防堵 https://reurl.cc/Kj2WaM 若中天被撤照=總統府洩密案是真的？NCC全體同意2委員不需迴避 https://times.hinet.net/news/23084765 解構科技偵查》調查局、FBI揪中國邪惡熊貓！創台美合抗科技犯罪首例 https://www.storm.mg/article/3056273 蘇貞昌和徐國勇背書「數位身分證」的說法，若非無知就是可惡 https://www.thenewslens.com/article/142153 中資投資涉資安 經濟部同意檢討 https://reurl.cc/0OmqYY 開放大數據資料共享 台內政部：盼社會理性對話 https://www.epochtimes.com/b5/20/10/23/n12496884.htm 何志偉開記者會「打擊網路詐騙」　狠酸徐國勇：沒成效就下台 https://www.upmedia.mg/news_info.php?SerialNo=98542 H.工控系統/ICS/SCADA 相關資安 ABB攜手IBM，提升工業資安威脅的可視性 https://ctee.com.tw/industrynews/technology/356141.html 新唐舉辦發表會深入剖析工控、車用、物聯網微控制器 https://www.digitimes.com.tw/iot/article.asp?cat=130&id=0000596221_AV2323V219Y2D22TZEV0W MOXA NPort IAW5004A-I/O Series過量認證嘗試不當限制漏洞 https://www.cics-vd.org.cn/publish/main/list/leakInfo/leakInfo_12264.html ICS Medical Advisory (ICSMA-20-296-01) B. Braun OnlineSuite https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01 ICS Medical Advisory (ICSMA-20-296-02) B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus https://us-cert.cisa.gov/ics/advisories/icsma-20-296-02 ICS Advisory (ICSA-20-294-01)Rockwell Automation 1794-AENT Flex I/O Series B https://us-cert.cisa.gov/ics/advisories/icsa-20-294-01 ICS Advisory (ICSA-20-294-02)Hitachi ABB Power Grids XMC20 Multiservice-Multiplexer https://us-cert.cisa.gov/ics/advisories/icsa-20-294-02 I.教育訓練 內核漏洞利用輕鬆學系列預告 https://www.anquanke.com/post/id/219051 了解CSRF漏洞（新手指南） https://zhuanlan.zhihu.com/p/266989230 Log Analysis for Digital Forensic Investigation https://medium.com/mii-cybersec/log-analysis-for-digital-forensic-investigation-e4a00f5a5c09 J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 AIoT Taiwan展，台灣雲協大秀5G與資安軟實力 https://ec.ltn.com.tw/article/breakingnews/3328178 6.近期資安活動及研討會 交通大學亥客書院 入侵行為發覺與應變指南 10/24 https://hackercollege.nctu.edu.tw/?p=1214 國家高速網路與計算中心 【資安進階課程】資安情資分析手法與實務 10/27 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3924&from_course_list_url=course_index 交通大學亥客書院 進階網頁滲透測試 10/31 https://hackercollege.nctu.edu.tw/?p=1216 [廣宣學堂] 架構即程式碼深入實戰班 - Infrastructure as Code (IaC Day2) 10/31 https://broadmission.kktix.cc/events/iac-day2 國家高速網路與計算中心 邊緣計算系統之大數據與深度學習應用 11/6 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3895&from_course_list_url=course_index 交通大學亥客書院 阻斷服務攻擊/分散式阻斷服務攻擊/Botnet 11/7 https://hackercollege.nctu.edu.tw/?p=1218 資安防護實務與情境演練 2020-11-11 至 2020-11-13 https://cybersecurity.tisnet.com.tw/Home/SignUp/1082 交通大學亥客書院 基礎網站安全建構實務 11/14 https://hackercollege.nctu.edu.tw/?p=1220 Gopher Conference Taiwan 2020 11/14 https://www.meetup.com/golang-taipei-meetup/events/272815117/ 交通大學亥客書院 系統防護及內網威脅通報應變實戰班 11/17、11/24 http://service.tabf.org.tw/tw/user/409646/course1-4.htm 資安社 - VR 大學之道 11/18 https://nsysuisc.kktix.cc/events/vr2020 Google Cloud 資安攻略，打造更安全的雲端環境｜Google Cloud Security Overview 11/20 https://www.accupass.com/event/2008100235425139714960 【遠端監控在家上班】企業機密資訊安全及提升效率實作 10/23 https://www.accupass.com/event/2008260330053701468420 深耕計畫演講-基於了解駭客攻擊手法及思路的網路安全防禦方式 10/23 https://reurl.cc/A83e6Y InfoSec Taiwan 2020 - Workshop 實作課程 11/2 https://event.twcsa.org/site/course/7y4p3J0m_oL6h-WZ9XNXcQ.. InfoSec Taiwan 2020 - Briefing 年會 11/3 https://event.twcsa.org/site/course/5t2kIENz-rXMDMsfG5FgQA.. [台灣網路講堂]域名之扣押與沒收 以司法實務操作為中心 11/20 https://www.ihub.tw/Calendar/ihub20201120 Google Cloud 資安攻略，打造更安全的雲端環境｜Google Cloud Security Overview 11/20 https://www.accupass.com/event/2008100235425139714960 Cyberspace 2020聯合研討會 11/20 https://cyber2020.cc-isac.org/announce.php 交通大學亥客書院 惡意程式檢測實務 11/21 11/28 https://hackercollege.nctu.edu.tw/?p=1222 吱吱盃黑客松 2020/12/11 https://nsysuisc.kktix.cc/events/hackathon2020 交通大學亥客書院 高階網頁滲透測試 12/5 12/12 https://hackercollege.nctu.edu.tw/?p=1224 交通大學亥客書院 系統滲透測試與漏洞利用 12/19 https://hackercollege.nctu.edu.tw/?p=1226 交通大學亥客書院 AI於資訊安全之應用 2021/1/9 1/16 https://hackercollege.nctu.edu.tw/?p=1228 交通大學亥客書院 企業網域控管－Active Directory攻擊與防禦 2021/1/23 https://hackercollege.nctu.edu.tw/?p=1230