###### tags: `資安事件新聞週報` # 資安事件新聞週報 2020/2/24 ~ 2020/2/28 1.重大弱點漏洞/後門/Exploit/Zero Day 研究：7家BLE系統單晶片的SDK含有眾多安全漏洞 https://www.ithome.com.tw/news/135969 IBM QRadar Advisor With Watson 加密問題漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4557 Zyxel修復了NAS設備中的嚴重漏洞 https://nosec.org/home/detail/4159.html JVNVU#97748968 複数の ZyXEL 製品に含まれる weblogin.cgi にコマンドインジェクションの脆弱性 https://jvn.jp/vu/JVNVU97748968/ 多項合勤防火牆、NAS產品爆指令注入漏洞可執行任意程式碼 https://www.ithome.com.tw/news/136038 Flaw in billions of Wi-Fi devices left communications open to eavesdropping https://arstechnica.com/information-technology/2020/02/flaw-in-billions-of-wi-fi-devices-left-communications-open-to-eavesdroppng/ JVNVU#94679920 Apache Tomcat の複数の脆弱性に対するアップデート https://jvn.jp/vu/JVNVU94679920/ 思科產品多個漏洞 https://tools.cisco.com/security/center/publicationListing.x Cisco drops security fixes for Smart Software Manager, security appliances https://www.helpnetsecurity.com/2020/02/21/cisco-security-fixes/ Cisco多款產品存在高危漏洞，均已修復 https://www.freebuf.com/column/228574.html 關於APACHE TOMCAT存在文件包含漏洞的安全公告 http://bit.ly/2TabRgv Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2020-4204) https://www.ibm.com/support/pages/node/2875875 Cisco軟件管理平台曝出默認密碼漏洞 https://nosec.org/home/detail/4143.html 因嚴重IE漏洞微軟再為已停止支持的WINDOWS 7發布安全更新 http://bit.ly/2SWEAVS 因嚴重 IE 漏洞 微軟再爲已停止支持的 Win7 發佈安全更新 https://www.chainnews.com/zh-hant/articles/602014569888.htm 建議各單位勿開啟遠端桌面協定（RDP)，以避免系統遭到入侵 http://net.nthu.edu.tw/2009/mailing:announcement:20200221_01 IE記憶體毁損漏洞傳有攻擊發生，迫使微軟對Windows 7發出例外修補 https://www.ithome.com.tw/news/135970 微軟更新Azure Security Center現可偵測Linux上的無檔案攻擊 https://www.ithome.com.tw/news/135991 駭客正在掃描微軟Exchange伺服器漏洞，還沒修補的請儘快 https://www.ithome.com.tw/news/136043 D-Link DGS-1250 Header Injection https://packetstormsecurity.com/files/156473/dlinkdgs1250-inject.txt AVIRA Generic Malformed Container Bypass https://packetstormsecurity.com/files/156472/TZO-19-2020.txt Open-Xchange App Suite / Documents Server-Side Request Forgery https://packetstormsecurity.com/files/156474/oxappsuite-ssrf.txt 通航DVR存在安全漏洞，煩請儘速確認並進行更新 http://net.nthu.edu.tw/2009/mailing:announcement:20200224_01 通航DVR - 未經授權存取維護管理介面 https://tvn.twcert.org.tw/taiwanvn/TVN-201910003 VULNERABILITIES IN VMWARE http://bit.ly/2uoCoOK Google系統出包緊急修復漏洞 旗下智慧家居卻當機17小時 https://cnews.com.tw/137200227a05/ Google patches Chrome zero-day under active attacks https://www.zdnet.com/article/google-patches-chrome-zero-day-under-active-attacks/#ftag=RSSbaffb68 Google Chrome瀏覽器存在安全漏洞(CVE-2020-6407與CVE-2020-6418) https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1115 Google Chrome 多個漏洞 https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks https://thehackernews.com/2020/02/google-chrome-zero-day.html Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users https://thehackernews.com/2020/02/firefox-dns-over-https.html New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices https://thehackernews.com/2020/02/kr00k-wifi-encryption-flaw.html Kr00k A serious vulnerability deep inside Wi-Fi encryption https://www.eset.com/int/kr00k/ Kr00k漏洞讓駭客可解密Wi-Fi封包　至少10億台連網產品曝險 http://bit.ly/2T73d3H Kr00k：允許黑客“破壞” Wi-Fi網絡的錯誤 https://zh-tw.secnews.gr/213451/kr00k%E8%87%B3sfalma-pou-epitrepei-stous-chakers-na-spasoun-diktya-wi-fi/ OpenSMTPD 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8794 Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass https://www.exploit-db.com/exploits/48135 JVN#11708203 複数のリコー製プリンタおよび複合機における複数のバッファオーバーフローの脆弱性 https://jvn.jp/jp/JVN11708203/ 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 資安威脅無所不在 2019年資安險投保件數明顯增 https://m.ctee.com.tw/livenews/aj/a78817002020022122395599?area= 資安險投保夯，去年增3.5倍 http://bit.ly/2PmalHc 臺德加強雙邊銀行業及保險業之跨境監理合作 http://bit.ly/2va10v6 顛覆傳統金融 金管會核准十件創新試辦業務 https://money.udn.com/money/story/5613/4364466 綁Google Pay的Paypal帳戶遭盜刷，美、德及俄國用戶遭殃 https://www.ithome.com.tw/news/135997 中華民國保險代理人商業同業公會提醒業者應注意駭客利用近期嚴重特殊傳染性肺炎疫情，透過惡意郵件、惡意程式等方式進行社交工程攻擊 http://www.ciaa.org.tw/pages/HotNewsDetail_04.aspx?PKID=20200224000007 二二八連假 金管會要求保險公司保戶服務不中斷 https://money.udn.com/money/story/5613/4371937 澳洲多家銀行與金融單位接獲 DDoS 攻擊威脅 https://www.twcert.org.tw/tw/cp-104-3401-3023a-1.html Indian income tax agency patched a security flaw that would’ve allowed hackers to take over its site http://bit.ly/2T0pb76 Credit Card Skimmer Found on Nine Sites, Researchers Ignored https://www.bleepingcomputer.com/news/security/credit-card-skimmer-found-on-nine-sites-researchers-ignored/ Public warned of new banking scam targeting social media users https://www.corkbeo.ie/news/local-news/public-warned-new-banking-scam-17798023 住信ＳＢＩネット銀行などのシステム障害 ほぼ解消 https://www3.nhk.or.jp/news/html/20200223/k10012297941000.html 黑客在PayPal的Google Pay集成中發現漏洞進行未經授權的付款 https://www.cnbeta.com/articles/tech/948363.htm PayPal accounts are getting abused en-masse for unauthorized payments https://www.zdnet.com/article/paypal-accounts-are-getting-abused-en-masse-for-unauthorized-payments/#ftag=RSSbaffb68 Grab raises $850M from Japanese investors to fuel financial services push https://www.zdnet.com/article/grab-raises-850m-from-japanese-investors-to-fuel-financial-services-expansion/#ftag=RSSbaffb68 Australian banks targeted by DDoS extortionists https://www.zdnet.com/article/australian-banks-targeted-by-ddos-extortionists/ ACSC Aware of DDoS Threats being made against Australian Organisations https://www.cyber.gov.au/threats/acsc-aware-ddos-threats-being-made-against-australian-organisations 18 Sniffers Steal Payment Card Data from Print Store Customers https://www.bleepingcomputer.com/news/security/18-sniffers-steal-payment-card-data-from-print-store-customers/#.XlZOfygtEVc.twitter 3.電子支付/電子票證/行動支付/ pay/新聞及資安 金管會鬆綁電支機構合作帳戶 幫民眾省手續費 http://pchome.megatime.com.tw/news/cat1/20200220/15822043937677522003.html 電支帳戶限制再鬆綁 開放信合社農業金庫 http://bit.ly/37Q9HYU Brazil unveils instant payments platform https://www.zdnet.com/article/brazil-unveils-instant-payments-platform/#ftag=RSSbaffb68 4.虛擬貨幣/區塊鍊相關新聞及資安 資安專欄：圖文拆解「交易挖礦始祖 FCoin」資產流向，鼎盛時期便埋下禍根 https://www.blocktempo.com/fcoin-asset-flow-history/ 國家級數位貨幣實驗，瑞典央行先行計畫測試數位克朗 https://finance.technews.tw/2020/02/25/sweden-starts-testing-new-official-digital-currency/ 瑞典中央銀行開始測試數位貨幣電子克朗 https://www.ithome.com.tw/news/135962 高調炫富到發文求助！一比特幣富豪 SIM 卡被駭，「13.7億」的 BTC BCH 遭竊引市場恐慌 https://m.xuite.net/blog/jodenh/jOrz/588928720 MASEx為TTChain提供擴張資金，將徹底改變數位資產交易所生態系統 http://www.businesswirechina.com/hk/news/42862.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 首例！「羅賓漢」勒索軟體借Gigabyte舊驅動程式「謀殺」安全軟體 http://bit.ly/39Txp7T LokiBot 偽裝成熱門遊戲啟動器並植入可編譯的C#程式碼檔案 https://blog.trendmicro.com.tw/?p=63489 偽裝韓國公平貿易委員會的惡意垃圾郵件,夾帶勒索病毒與竊個資木馬 https://blog.trendmicro.com.tw/?p=63430 駭客發送暗藏木馬程式的疫情資訊，讓你的電腦也感染「新冠病毒」 https://buzzorange.com/techorange/2020/02/24/coronavirus-computer-version/ 疫症當前混水摸魚　報告指駭客利用疫情偽裝攻擊 http://bit.ly/2w1QZ38 Check Point：Haken惡意程式成功進駐Google Play上的8款Android程式 https://www.ithome.com.tw/news/135983 小心！惡意軟體Emotet假新冠肺炎之名發動郵件攻擊 https://www.ctwant.com/article/38515 銀行木馬Emotet 再進化, 新增 Wi-Fi 散播能力 https://blog.trendmicro.com.tw/?p=63467 惡意軟體Emotet偽裝成新型冠狀病毒資訊，這些疫情連結千萬不要亂點 https://www.techbang.com/posts/76407-the-virus-is-rampant-too-malware-spread-under-the-theme-of-new-coronavirus 勢科技年度資安總評出爐 去年攔截超過6100萬次勒索病毒攻擊 https://cnews.com.tw/124200226a01/ 小心你的電腦也染上「新冠病毒」！這類郵件、檔案千萬別點開 https://cnews.com.tw/137200225a05/ 駭客集團勾結獲利！醫療業成勒索病毒苦主，看準受害者怕曝光心態 https://www.bnext.com.tw/article/56719/trendmicro-bec-ransomware 勒索病毒成資安主要威脅　去年逾700家醫院受害 https://newtalk.tw/news/view/2020-02-27/373151 簡單又便宜的資料竊取軟體服務大為流行，可竊取六十多種應用軟體的資料 https://www.twcert.org.tw/tw/cp-104-3398-2208a-1.html Cybersecurity Research During the Coronavirus Outbreak and After https://securelist.com/cybersecurity-research-during-the-coronavirus-outbreak-and-after/96275/ Microsoft Brings Defender Antivirus for Linux, Coming Soon for Android and iOS https://thehackernews.com/2020/02/windows-defender-atp-linux-android.html 2020-02-11 - PCAP AND MALWARE FOR AN ISC DIARY (URSNIF) https://www.malware-traffic-analysis.net/2020/02/11/index.html 2020-02-19 - TRICKBOT GTAG WECAN23 INFECTION https://www.malware-traffic-analysis.net/2020/02/19/index.html SMS Phishing Campaign Used to Spread Emotet: Report https://www.bankinfosecurity.com/sms-phishing-campaign-used-to-spread-emotet-report-a-13749 Facilities Maintenance Firm Recovering From Malware Attack https://www.bankinfosecurity.com/facilities-maintenance-firm-recovering-from-malware-attack-a-13747 ObliqueRAT linked to threat group launching attacks against government targets https://zd.net/2up7UMB Coronavirus now attacks the cyber world https://www.nationalheraldindia.com/flick-past/coronavirus-now-attacks-the-cyber-world Palestinians Targeted By ‘Gazan’ Hackers As Researchers Unearth Mysterious New Backdoor http://bit.ly/2wIT2cT January 2020’s Most Wanted Malware: Coronavirus-themed spam spreads malicious Emotet malware http://bit.ly/3a2LbVZ Palestinians Targeted By ‘Gazan’ Hackers As Researchers Unearth Mysterious New Backdoor http://bit.ly/2wIT2cT NEW CYBER ESPIONAGE CAMPAIGNS TARGETING PALESTINIANS - PART 1: THE SPARK CAMPAIGN http://bit.ly/2HRxlcY NEW CYBER ESPIONAGE CAMPAIGNS TARGETING PALESTINIANS - PART 2: THE DISCOVERY OF THE NEW, MYSTERIOUS PIEROGI BACKDOOR http://bit.ly/3c27Za6 ATM Malware WinPotv3 showme.exe http://bit.ly/2Vg5Od5 ATM Malware WinPotv3 555.exe http://bit.ly/39WzfVB DoppelPaymer Ransomware Launches Site to Post Victim's Data https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-launches-site-to-post-victims-data/ New Mozart Malware Gets Commands, Hides Traffic Using DNS https://www.bleepingcomputer.com/news/security/new-mozart-malware-gets-commands-hides-traffic-using-dns/ Mobile malware evolution 2019 https://securelist.com/mobile-malware-evolution-2019/96280/ Coronavirus-themed Attacks Target Global Shipping Concerns https://www.proofpoint.com/us/corporate-blog/post/coronavirus-themed-attacks-target-global-shipping-concerns Coronavirus-Themed Emails Deliver Malware, Phishing, Scams https://www.securityweek.com/coronavirus-themed-emails-deliver-malware-phishing-scams Coronavirus Fears Exploited in Phishing Attacks https://appriver.com/resources/blog/january-2020/coronavirus-fears-exploited-phishing-attacks Scam Of The Week: Coronavirus Phishing Attacks In The Wild https://blog.knowbe4.com/heads-up-scam-of-the-week-coronavirus-phishing-attacks-in-the-wild Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT https://www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html North Korea Is Recycling Mac Malware. That's Not the Worst Part https://www.wired.com/story/malware-reuse-north-korea-lazarus-group/ Hackers Expand Their Repertoire as Trend Micro Blocks 52 Billion Threats in 2019 https://blog.trendmicro.com/hackers-expand-their-repertoire-as-trend-micro-blocks-52-billion-threats-in-2019/ Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-may-tip-nasdaq-on-attacks-to-hurt-stock-prices/#.XlcgBmPbbSk.twitter B.行動安全 / iPhone / Android /穿戴裝置 /App 「尋找我的手機」亂跳通知？台灣三星曝原因原來是 https://cnews.com.tw/137200221a03/ 新冠肺炎疫情助攻宅經濟 大陸APP下載量2月大爆發 http://bit.ly/2T3u5jN 5G商用台灣7月後啟動5G商用！三大供應商各有特色 https://newtalk.tw/news/view/2020-02-23/370511 Google Play「大屠殺」下架600款軟體！大動作懲處 獵豹移動旗下程式全遭刪 https://cnews.com.tw/137200224a04/ TikTok又碰壁 美運輸局宣布禁用 http://bit.ly/2STuw1b 谷歌警告：華為新款手機用戶若加載Gmail和Youtube會有資安漏洞 https://www.cmmedia.com.tw/home/articles/20062 三星在查找手機應用程式出現烏龍推送後主動調查資料洩露 https://news.xfastest.com/samsung/76978/samsung-blasts-galaxy-phones-worldwide-with-weird-1-notification/ 烏龍推播後又出包！三星證實洩漏150用戶個資 稱兩項技術錯誤無關連 https://cnews.com.tw/137200226a05/ 三星官方證實，發生手機用戶個人資料洩露問題 https://news.knowing.asia/news/a92f1dac-81ca-4b89-ac71-5ec9bced415f 德媒：很多剛出廠的安卓手機就裝有後門 可監視主人 https://www.soundofhope.org/post/347938?lang=b5 Google 開始限制 Android App 於背景追蹤用戶所在地資訊 https://www.twcert.org.tw/tw/cp-104-3396-3a4dc-1.html Google Play Store 中多個 Android 平台 VPN App 可能帶來嚴重資安風險 https://www.twcert.org.tw/tw/cp-104-3395-dfd64-1.html 提防手機公共充電站的「Juice Jacking」陷阱 https://www.hkcert.org/my_url/zh/blog/20022801 Google Bans 600 Android Apps from Play Store for Serving Disruptive Ads https://thehackernews.com/2020/02/android-adware-apps-banned.html Automation: Take the fast lane on the path to 5G https://www.blueplanet.com/blog/automation-take-the-fast-lane-on-the-path-to-5G.html Is your phone listening to you https://www.welivesecurity.com/2020/02/24/is-your-phone-listening-to-you/ New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users https://thehackernews.com/2020/02/lte-network-4g-vulnerability.html Google Advises Android Developers to Encrypt App Data On Device https://thehackernews.com/2020/02/android-app-data-encryption.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 資安人必看！SecBuzzer 暗網情資整理（2020 年 1、2 月號） https://secbuzzer.co/post/173 全新駭侵攻擊手法，可繞過 AWS 伺服器上防火牆並自由進出 https://www.twcert.org.tw/tw/cp-104-3397-0e893-1.html 雲端資安,讓 IT 人員輾轉難眠的四個原因 https://blog.trendmicro.com.tw/?p=63447 另類白武士　2019 年有 7 位道德駭客賞金收入超 100 萬美元 https://hk.xfastest.com/47110/hackerone-white-hat/ 資安問題當道，電商經營不可忽略的三大安全關卡 http://bit.ly/2Px97ZH Google開發者大會聚焦AI、資安議題 不畏疫情照辦但官方表示「受理退票」 https://cnews.com.tw/137200224a02/ 肺炎疫情也在網路延燒，Check Point 提醒相關資安風險 https://technews.tw/2020/02/24/check-point-warnning-covid-19-risk-at-internet/ 從防疫反思網路安全策略 https://ithome.com.tw/voice/136058 PTT洩露總統秘密行程 中華電信員工遭開除 https://www.chinatimes.com/realtimenews/20200228001712-260402?ctrack=mo_main_rtime_p15&chdtv 新型數位化投票機 可靠度遭質疑 http://bit.ly/2VfchVE 上GIT 我只想知道為什麼一直斷線 駭客攻擊 一直瘋狂斷線我怎麼傳 駭客攻擊 https://memes.tw/wtf/164561 刑事局警官逮學生駭客　愛心輔導後變身資安公司CEO https://www.ettoday.net/news/20200225/1653281.htm NCT官推被駭客攻入！混韓圈久了，什麼世面都能見到 https://www.koreastardaily.com/tc/news/124520 連駭客都生氣！國外企業不理會網站漏洞提醒　駭客獲悉乾脆寄信警告消費者 https://www.ettoday.net/news/20200224/1653023.htm 60萬人粉專遭駭「狂發A片」！　9年心血被毀…施菲亞搶不回崩潰：世上還有公理嗎 https://star.ettoday.net/news/1651778 辣模臉書遭駭「狂發A片」 慘淪色情頁面崩潰了 https://ent.ltn.com.tw/news/breakingnews/3077356 駭客入侵太多次！智慧門鈴災情頻傳 宣布強制用戶啟動雙重認證機制 https://cnews.com.tw/137200222a02/ 企業防疫應變新思維 遠距工作資安監控零死角 http://www.ctimes.com.tw/DispNews/tw/2002210759RM.shtml 中國政府的「另類防疫」：組織網軍，刪除網路上的負面疫情消息 https://buzzorange.com/techorange/2020/02/26/coronavirus-cyber-army/ 美國關切：台灣敏感技術遭中國買走或盜走 中資滲透還有很多法制漏洞 https://www.cmmedia.com.tw/home/articles/20055 美國防部要求承包商須具備網路安全認證 https://www.isda.org.tw/2020/02/7496776930d1f7fc03aaf5e8f69764d5/ 美英指責俄羅斯駭客大舉攻擊喬治亞 https://ithome.com.tw/news/135956 美國白宮對華為限制措施仍未定案 有官員形容華為像「黑手黨」 https://news.cnyes.com/news/id/4446233 澳情報官：外國間諜威脅前所未有 程度超冷戰 https://www.epochtimes.com/b5/20/2/24/n11892672.htm 澳情報機構示警：新納粹崛起、間諜活動超越冷戰 https://news.ltn.com.tw/news/world/breakingnews/3079026 澳洲破獲重要間諜網 潛伏特工祕密活動多年 https://www.epochtimes.com/b5/20/2/25/n11893839.htm 從美國起訴中國網軍看戰略支援部隊 http://bit.ly/2VuBUBL Home Affairs pushes back against encryption law proposals https://www.zdnet.com/article/home-affairs-pushes-back-against-encryption-law-proposals/#ftag=RSSbaffb68 FBI recommends passphrases over password complexity https://www.zdnet.com/article/fbi-recommends-passphrases-over-password-complexity/#ftag=RSSbaffb68 Municipal Cyberattacks Put Us All at Risk: What Can We Learn From Previous Attacks https://securityintelligence.com/articles/municipal-cyberattacks-put-us-all-at-risk-what-can-we-learn-from-previous-attacks/ US, UK Blame Russia for Cyberattack in Country of Georgia https://www.bankinfosecurity.com/us-uk-blame-russia-for-cyberattack-in-country-georgia-a-13748 Symantec Security Summary https://www.symantec.com/blogs/feature-stories/symantec-security-summary Cyber attack on PM’s office, state bodies attributed to foreign spies http://bit.ly/32sZ7WK FBI Makes Arrest in DDoS Attack on Candidate's Website https://www.bankinfosecurity.com/fbi-makes-arrest-in-ddos-attack-on-candidates-website-a-13754 FBI https://www.documentcloud.org/documents/6782920-USA-v-Dam.html Gamaredon APT Improves Toolset to Target Ukraine Government, Military https://threatpost.com/gamaredon-apt-toolset-ukraine/152568/ R0000275:【2020 趨勢科技全年實習】軟體核心研發 (資安威脅研究/機器學習/雲端架構/系統設計與開發類) https://m.104.com.tw/job/6vpgy 網路資安工程師 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=867460&HIRE_ID=9562643 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 美國國防部所屬單位遭駭，相關人員之個人資訊被竊 https://www.twcert.org.tw/tw/cp-104-3402-5b79e-1.html 駭客如何通過電匯詐騙在三天內盜走了45萬美元 https://on.wsj.com/32qd1cc 擁有190萬追蹤的電玩直播頻道遭駭，進行比特幣詐騙斬獲24,000 美元 https://www.blocktempo.com/youtube-channel-neebs-got-hacked/ 知名 YouTube 電玩直播頻道被盜，用以進行加密貨幣詐騙 https://www.twcert.org.tw/tw/cp-104-3382-e0dd6-1.html MGM飯店超過千萬名住客資料被洩露到駭客論壇 https://www.ithome.com.tw/news/135944 小賈斯丁也遭殃！美國 MGM 飯店爆大規模資料外洩 https://www.inside.com.tw/article/19001-us-mgm-resorts-intl-cyber-leak 米高梅酒店千萬賓客個資遇駭 受害者包括政商名流 https://udn.com/news/story/6813/4360915 美國防部通訊IT單位去年員工個資疑遭外洩 https://www.ithome.com.tw/news/135945 負責總統通訊安全機構也被駭 20萬人受影響 https://udn.com/news/story/6813/4360916 少女為衝高點閱率　竟散布疫情假訊息 https://tw.news.appledaily.com/local/20200221/DLU2LS3VEZ4S2A7PXTKPNKC3MU/ 控粉絲外流「肉包包」性愛片　直播主判賠15萬 https://tw.news.appledaily.com/local/20200221/WRSNBV2WJDS2XESRYJ7PVETZFQ/ 打擊不實資訊要全社會參與！AIT辦科技挑戰賽　台灣「防詐達人」抱回逾520萬獎金 https://www.storm.mg/article/2315286 對抗假訊息 酈英傑：須社會共同參與 https://news.ltn.com.tw/news/politics/paper/1353530 詐團駭客耍疫招，騙錢騙個資 http://bit.ly/2HJL8lN 帳號密碼太簡單容易破解，太難又記不住怎麼辦？五個方法幫助你保管所有密碼 https://www.storm.mg/lifestyle/2322495 FBI：以長密詞取代密碼、不應設定密碼變更期間或次數上限 https://ithome.com.tw/news/135993 企業郵件詐騙連刑事局也頭痛！區塊鏈新創推防詐工具，一鍵讓駭客現形 https://www.bnext.com.tw/article/56731/blockchainsecurity-bec-cybersecurity 維護用戶資安優先！蘋果宣布限制網站安全憑證效期縮至398天 https://news.sina.com.tw/article/20200227/34359678.html 美臉部辨識新創「Clearview AI」遇駭 全部客戶名單遭竊 https://news.ltn.com.tw/news/world/breakingnews/3082551 LINE官方3招防詐騙　教用戶辨識「釣魚網站」 https://www.ettoday.net/news/20200227/1655321.htm 全面資訊一手掌握：網路防護、網路陷阱，做個數位公民 http://bit.ly/3abppiM 推特疫情謠言滿天飛 查核中心揭殭屍帳號6特點 https://news.ltn.com.tw/news/life/breakingnews/3082528 數據分析公司不當取得用戶個資 臉書提聯邦訴訟 https://www.cna.com.tw/news/aopl/202002280106.aspx 以色列選舉系統漏洞導致選民資料外洩 https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16356 設定不當的 AWS S3 儲存貯體,外洩 36,000 筆受刑人紀錄 https://blog.trendmicro.com.tw/?p=63464 Financial and Customer Info being Exposed in Slickwraps Data Breach https://www.ehackingnews.com/2020/02/financial-and-customer-info-being.html New Mexico Sues Google for Mining Children's Data https://www.bleepingcomputer.com/news/legal/new-mexico-sues-google-for-mining-childrens-data/ Defense Department Agency Reports Data Breach https://www.bankinfosecurity.com/defense-department-agency-reports-data-breach-a-13750 Hackers Gain Access to Sensitive Data; Release Veterans’ Stolen Data Related To PTSD Claims https://www.ehackingnews.com/2020/02/hackers-gain-access-to-sensitive-data.html BEC Group Favors G-Suite, Physical Checks: Report https://www.bankinfosecurity.com/bec-group-favors-g-suite-physical-checks-report-a-13755 Exaggerated Lion https://www.agari.com/cyber-intelligence-research/whitepapers/acid-agari-exaggerated-lion.pdf Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing https://thehackernews.com/2020/02/spear-phishing-cybersecurity.html WhatsApp and Telegram Group Links Leaked Online https://www.ehackingnews.com/2020/02/whatsapp-and-telegram-group-links.html?utm_source=dlvr.it&utm_medium=twitter E.研究報告 每次登入 Windows Server 2019 都出現關機事件追蹤器（Shutdown Event Tracker） https://dotblogs.com.tw/supershowwei/2020/02/17/110128 （MINILSM）忍！project-scott MiniLSM被暴露出現0day突破，你還敢用嗎 https://github.com/ICEYSELF/project-scott/issues/24 個案分析-勒索病毒Mailto分析報告_10902 https://cert.tanet.edu.tw/prog/opendoc.php?id=2020022610024747648378775106244.pdf Tomcat AJP協議漏洞分析與利用 https://zhuanlan.zhihu.com/p/108410246 GPAC空指針解引用漏洞 https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521 GhostCat-從源代碼比對到漏洞利用 https://www.colabug.com/2020/0223/7031283/ 如何實時查看MISP實例的威脅情報信息 https://www.freebuf.com/articles/network/226685.html 個人技術站一把罩！部落格建置大全（二）- 將 Github Page 串上自己的域名 http://bit.ly/2HR8GFa 手動標註標籤即將成為過去式 http://bit.ly/2w47efY Firefox漏洞利用研究（一） https://www.freebuf.com/vuls/226853.html 淺談XSS漏洞 https://blog.csdn.net/weixin_45589086/article/details/104495548 CVE-2020-0618復現及分析 https://bbs.pediy.com/thread-257827.htm Weblogic漏洞搭建與復現：CVE-2017-10271 https://cloud.tencent.com/developer/article/1590638 Day5 - 做一個與 LINE Notify 連動的服務 http://bit.ly/39ZsqCF LINE Notify + Flask 的範例專案 https://github.com/louis70109/flask-line-notify 從零開始在 Windows 使用 Node.js 打造專屬於你的 LINE Bot 聊天機器人 http://bit.ly/2w4Of4Y PENTESTER’S WINDOWS NTFS TRICKS COLLECTION https://sec-consult.com/en/blog/2018/06/pentesters-windows-ntfs-tricks-collection/ Exercises for C# Workshop at Wild West Hackin' Fest 2018 & 2019 https://github.com/redcanaryco/wwhf Exploiting Routers With Routersploit https://linuxsecurityblog.com/2019/09/26/exploiting-routers-with-routersploit/ An Overview of Cryptography https://www.garykessler.net/library/crypto.html hammerhead-lineageos https://sourceforge.net/projects/hammerhead-lineageos/ How Microsoft 365’s new solution uses machine learning to stop data leaks and insider attacks https://blogs.microsoft.com/ai/insider-risk-management-microsoft-365/ Sharepoint RCE https://www.inputzero.io/2020/02/sharepoint-rce.html Hacking AWS Cognito Misconfigurations https://www.notsosecure.com/hacking-aws-cognito-misconfigurations/ NekoBot | Auto Exploiter With 500+ Exploit 2000+ Shell https://github.com/tegal1337/NekoBotV1 All in one subdomain and vulnerability scanner https://github.com/theamanrawat/voobar A list of useful payloads and bypass for Web Application Security and Pentest/CTF https://github.com/swisskyrepo/PayloadsAllTheThings Diamorphine Rootkit Signal Privilege Escalation https://packetstormsecurity.com/files/156462/diamorphine_rootkit_signal_priv_esc.rb.txt DECRYPTTEAMVIEWER : DECRYPT TEAMVIEWER CREDENTIALS FROM WINDOWS REGISTRY https://www.easyhack.in/2020/02/23/decryptteamviewer-decrypt-teamviewer-credentials-from-windows-registry/ Escalate Yourself on Windows Platform https://medium.com/@liau.weijie/escalate-yourself-on-windows-platform-885acd2a51ce YET ANOTHER SOAR DESIGN https://www.peerlyst.com/posts/yet-another-soar-design-can-topay How to Brute Force FTP Servers in Python https://www.thepythoncode.com/article/brute-force-attack-ftp-servers-using-ftplib-in-python A Network Enumeration and Attack Toolset https://github.com/m8r0wn/ActiveReign SQLi Without Quotes https://web.archive.org/web/20180920195115/https://eternalnoobs.com/sqli-without-quotes/ AngularJS Client Side Template Injection (XSS) http://ghostlulz.com/angularjs-client-side-template-injection-xss/ Introduction To Modern Routing For Red Team Infrastructure - using Traefik, Metasploit, Covenant and Docker https://khast3x.club/posts/2020-02-14-Intro-Modern-Routing-Traefik-Metasploit-Docker/ Blue Eye a python Recon Tookit script https://hackingpassion.com/blue-eye-a-python-recon-toolkit/ Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage https://github.com/lanjelot/patator xerosploit https://github.com/PleXone2019/ Cacti v1.2.8 authenticated Remote Code Execution (CVE-2020-8813) https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/ Chirp of the PoisonFrog https://ironnet.com/blog/chirp-of-the-poisonfrog/ Automated pentest framework for offensive security experts https://github.com/1N3/Sn1per AttackSurfaceMapper is a tool that aims to automate the reconnaissance process https://github.com/superhedgy/AttackSurfaceMapper SQL Injection Cheat Sheet https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/ Exploiting Jira for Host Discovery https://medium.com/tenable-techblog/exploiting-jira-for-host-discovery-43be3cddf023 Create a Persistent Back Door with Kali, Netcat and Weevely https://linuxsecurityblog.com/2018/09/13/create-a-persistent-back-door-with-kali-netcat-and-weevely/ Legion - open source network penetration testing tool https://hakin9.org/legion-open-source-network-penetration-testing-tool/ Windows 10 Privacy Guide: Settings Everyone Should Use https://www.bleepingcomputer.com/news/microsoft/windows-10-privacy-guide-settings-everyone-should-use/ Nexus - Just another stealer https://fr3d.hk/blog/nexus-just-another-stealer PyFuscation https://github.com/CBHue/PyFuscation A ransomware developed in python, with bypass technics, for educational purposes https://github.com/ReddyyZ/DeathRansom Bramble is a hacking Open source suite https://github.com/marcrowProject/Bramble Router Analysis Part 1: UART Discovery and SPI Flash Extraction https://wrongbaud.github.io/router-teardown/ Jaeles - The Swiss Army knife for automated Web Application Testing https://hakin9.org/jaeles-the-swiss-army-knife-for-automated-web-application-testing/ Cutting Google out of your life (2019) https://github.com/tycrek/degoogle AMSI_Handler https://github.com/two06/AMSI_Handler 7 Tools For Malicious Document Creation https://bestestredteam.com/2019/03/19/7-tools-for-malicious-document-creation/ Handling Errors in ASP .NET Core 3.1 https://wakeupandcode.com/handling-errors-in-asp-net-core-3-1/ Python django postgresql An new vulnerability has been found in django’s postgresql module https://blog.firosolutions.com/exploits/python-django-vulnerability-2020/ 7 Tips To Keep Windows 7 Secure After End Of Life https://hackersonlineclub.com/7-tips-to-keep-windows-7-secure-after-end-of-life/ 5 Practical Scenarios for XSS Attacks https://pentest-tools.com/blog/xss-attacks-practical-scenarios/ How to Make Flash Drive That Copy's Users Files Silently and Automatically https://www.instructables.com/id/How-to-make-flash-drive-that-copys-users-files-si/ SSRF 101: How Server-Side Request Forgery Sneaks Past Your Web Apps http://bit.ly/3c5ymMa Web Application Exploits and Defenses https://google-gruyere.appspot.com/ Awesome Shodan Search Queries https://github.com/jakejarvis/awesome-shodan-queries PivotSuite: Hack The Hidden Network – A Network Pivoting Toolkit https://hackersonlineclub.com/pivotsuite-hack-the-hidden-network/ Insecure Direct Object Reference (IDOR) — Web-based Application Security, Part 6 https://securityboulevard.com/2020/02/insecure-direct-object-reference-idor-web-based-application-security-part-6/ Use CVE-2020-0668 to perform an arbitrary privileged file move operation https://github.com/RedCursorSecurityConsulting/CVE-2020-0668 OpenDXL Ontology project https://github.com/opencybersecurityalliance/opendxl-ontology Trying to unmask the fake Microsoft support scammers https://securelist.com/trying-to-unmask-the-fake-microsoft-support-scammers-17/33734/#comment-3020138 Keyloggers: How they work and how to detect them (Part 1) https://securelist.com/keyloggers-how-they-work-and-how-to-detect-them-part-1/36138/#comment-3019332 Keyloggers: Implementing keyloggers in Windows. Part Two https://securelist.com/keyloggers-implementing-keyloggers-in-windows-part-two/36358/ Smartphone shopaholic https://securelist.com/smartphone-shopaholic/95544/#comment-2990139 Congratulations, you’ve won! The reality behind online lotteries https://securelist.com/congratulations-youve-won-the-reality-behind-online-lotteries/36450/#comment-2988693 Scammers’ delivery service: exclusively dangerous https://securelist.com/scammers-delivery-service-exclusively-dangerous/66515/#comment-2987776 How I hacked my smart bracelet https://securelist.com/how-i-hacked-my-smart-bracelet/69369/#comment-2999297 Dumping Firmware With the CH341a Programmer | by Rick Wisser https://hakin9.org/dumping-firmware-with-the-ch341a-programmer-by-rick-wisser/ (Ab)using bash-fu to analyze recent Aggah sample https://blog.malwarelab.pl/posts/basfu_aggah/ A post-exploitation powershell tool for extracting juicy info from memory https://github.com/putterpanda/mimikittenz F.商業 紅帽OS整合雲端分析與自動管理，強化企業工作負載支援 https://www.ithome.com.tw/review/134119 施宣輝專訪（一）／安碁資訊進化 打資安國際盃 https://money.udn.com/money/story/5649/4365672 施宣輝專訪（二）／CEO賽車手 眼光放遠 https://money.udn.com/money/story/5649/4365675 疫情延燒，研調：資安電信等 5 大領域增溫 http://technews.tw/2020/02/25/covid-19-rise-5-industries-up/ 思科發佈全新雲端平台SecureX ，簡化資安防護並降低複雜性 http://www.compotechasia.com/a/press/2020/0225/44058.html Google Cloud釋出Chronicle威脅偵測、企業版reCAPTCHA https://ithome.com.tw/news/135992 RSA大會2020創新沙盒冠軍出爐，SECURITI.ai新創聚焦隱私合規 https://www.ithome.com.tw/news/136002 IBM、McAfee發起的開放網路安全聯盟OCA，釋出資安產品共通語言框架 https://ithome.com.tw/news/136014 醫療資訊應用升級窒礙 資安策略或成解方 https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000579412_PCO3EOHD29MDOF1Y5FFO0 BEC防詐 從事前防禦到事後調查完整解決方案 https://money.udn.com/money/story/5640/4375576 電子郵件詐騙頻傳 台灣區塊鏈新創研發獨步全球解決方案 https://www.rti.org.tw/news/view/id/2053259 區塊科技推出可做電子郵件檢查、加密與存證以防範釣魚詐騙的ChkSender http://bit.ly/2I5Ghvq McAfee買下瀏覽器隔離技術開發商Light Point Security https://ithome.com.tw/news/136028 Symantec Participates in Latest MITRE ATT&CK® Evaluation https://www.symantec.com/blogs/expert-perspectives/symantec-participates-latest-mitre-attckr-evaluation F5 brings WAF app protection to the NGINX platform https://www.zdnet.com/article/f5-brings-waf-app-protection-to-the-nginx-platform/#ftag=RSSbaffb68 Cisco unveils SecureX cloud platform for improved security visibility https://www.zdnet.com/article/cisco-unveils-securex-cloud-platform-for-improved-security-visibility/#ftag=RSSbaffb68 Redefining Security Orchestration and Automation with Cortex XSOAR https://blog.paloaltonetworks.com/2020/02/cortex-xsoar/ The Cortex XSOAR Ecosystem is Exploding with Partner-Owned Integrations https://blog.paloaltonetworks.com/2020/02/cortex-xsoar-ecosystem/ How to Use a Firewall for Network Traffic Analysis and Behavioral Detection https://blog.paloaltonetworks.com/2020/02/cortex-network-traffic-analysis/ Gmail Is Catching More Malicious Attachments With Deep Learning https://www.wired.com/story/gmail-catching-more-malicious-attachments-deep-learning/ Using the FortiGuard Labs Threat Landscape Report to Defend Against Evolving Cybercrime https://www.fortinet.com/blog/threat-research/using-the-fortiguard-labs-threat-landscape-report-to-defend-against-evolving-cybercrime.html Exploitation Framework for Embedded Devices https://github.com/threat9/routersploit 攻撃グループBlackTech が使用するLinux用マルウエア (ELF_TSCookie) https://blogs.jpcert.or.jp/ja/2020/02/elf_tscookie.html G.政府 謹言慎行保密 嚴守資安防駭 https://www.ydn.com.tw/News/373869 Linker Networks臺南辦公室正式揭牌 https://www.chinatimes.com/realtimenews/20200224003230-260410?chdtv 台灣全新「數位身分證」真的要啟動了？超便民5大亮點整理，綁定手機、加密個資還有一堆小細節 https://www.elle.com/tw/life/tech/a31126570/digital-identity-card/ 全球第21大超級電腦助攻，國網中心要當產學界AI推手 https://www.ithome.com.tw/people/135989 H.工控系統/SCADA/ICS Vulnerability Spotlight: Multiple vulnerabilities in Moxa AWK-3131A https://blog.talosintelligence.com/2020/02/vuln-spotlight-moxa-awk-feb-2020.html Moxa MGate 5105-MB-EIP firmware Vulnerability https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-8858 Moxa PT-7528和PT-7828 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6983 思科發現Moxa工業設備中的十二個高危漏洞 https://nosec.org/home/detail/4152.html JVN#25766797 Aterm WF1200CR 、WG1200CR および WG2600HS における複数の OS コマンドインジェクションの脆弱性 https://jvn.jp/jp/JVN25766797/ I.教育訓練 SQL Murder Mystery https://mystery.knightlab.com/walkthrough.html Network Address Translation https://packetlife.net/media/library/32/NAT.pdf Physical Treminations https://packetlife.net/media/library/22/physical_terminations.pdf Wireshark Commands Cheatsheet https://hackersonlineclub.com/wireshark-commands-cheatsheet/ Hack The Box: Zetta https://gr4n173.github.io/2020/02/22/htb-zetta.html HackTheBox Writeup — Zetta https://medium.com/@hussaini.faisal/hackthebox-writeup-zetta-d236212776fc Peerlyst Community eBook: 32 Influential Malware Research Professionals https://www.peerlyst.com/posts/peerlyst-community-ebook-32-influential-malware-research-professionals-peerlyst How to become a Cloud Security Expert https://www.peerlyst.com/posts/how-to-become-a-cloud-security-expert-guy-bertrand-kamga Nebula – fake your echo (level01) – walkthrough https://www.peerlyst.com/posts/nebula-fake-your-echo-level01-walkthrough-prasanna-v-balaji Beginner’s Guide to Pentesting IoT Architecture/Network and Setting Up IoT Pentesting Lab http://bit.ly/2VfWfL6 Introduction to Ethical Hacking and Penetration Testing https://www.peerlyst.com/posts/introduction-to-ethical-hacking-and-penetration-testing-1-chiheb-chebbi Cybersecurity Research Topic Guidelines https://www.theweborion.com/blog/cybersecurity-research-topic-guidelines/ Open Source Data Protection/Privacy Regulatory Mapping Project https://github.com/microsoft/data-protection-mapping-project IT to Red Team: How to Make the Jump https://www.peerlyst.com/posts/it-to-red-team-how-to-make-the-jump-matt-george HOW TO PREPARE FOR THE ECSA EXAM https://blog.eccouncil.org/how-to-prepare-for-the-ecsa-exam/ 29 Practical Examples of Nmap Commands for Linux System/Network Administrators https://www.tecmint.com/nmap-command-examples/ How to bypass Machine Learning Malware Detectors with Generative adversarial Networks http://bit.ly/38XmYAd Computer Forensics: A Method to Recover Data from MySQL Database by Utilizing Binlog http://bit.ly/2uskPNP Hacking Tools with Python: Part 1 https://resources.infosecinstitute.com/writing-hacking-tools-with-python-part-1/ Hacking Tools with Python: Part 2 https://resources.infosecinstitute.com/hacking-tools-with-python-part-2/#article ABD - Course Materials For Advanced Binary Deobfuscation https://www.kitploit.com/2020/02/abd-course-materials-for-advanced.html Antivirus fundamentals: Viruses, signatures, disinfection https://www.kaspersky.co.uk/blog/signature-virus-disinfection/7799/ J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 IoT and connected devices: The best thing to happen to home automation, or a frustrating mess https://zd.net/37WYHZv Gold-nuggeting: Machine learning tool simplifies target discovery for pen testers https://portswigger.net/daily-swig/gold-nuggeting-machine-learning-tool-simplifies-target-discovery-for-pen-testers Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles https://www.mcafee.com/blogs/other-blogs/mcafee-labs/model-hacking-adas-to-pave-safer-roads-for-autonomous-vehicles/ 意法STM32L5首款 兼具低功耗與資安的IoT微控制器 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?CnlID=13&cat=10&id=0000579079_ZFUL96FB8L2B7I8X33GI8 Nation's youngest engineers further Army drone ambitions https://www.zdnet.com/article/nations-youngest-engineers-to-further-army-drone-ambitions/#ftag=RSSbaffb68 6.近期資安活動及研討會 Coffee & Code 3/1 https://www.meetup.com/Innovate-Taiwan/events/268999350/ WizardAmigos CodeCamp [Taipei,JavaScript,­English] 3/2 https://www.meetup.com/WizardAmigos/events/vdttmrybcfbdb/ 邊緣運算介紹與應用 & Let's AIY ( 人工智慧小聚 - Hsinchu#20200304 ) 3/4 https://www.meetup.com/AIA-Hsinchu/events/267713123/ Android Code Club(Taipei) 3/4 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcfbgb/ #28 Azure Machine Learning - 圖形化介面的免費 Studio 與付費的 Designer 之差異 3/4 https://www.meetup.com/Azure-Taiwan/events/268794485/ 台北以太坊社群月聚 Monthly Taipei Ethereum Meetup 3/5 https://www.meetup.com/Taipei-Ethereum-Meetup/events/269000957/ 「智慧機械與資安解決方案」技術交流媒合會 3/5 https://forms.gle/ZRksvpLu1hDHUm538 Monad 細說從頭！ FunTh#81 3/5 https://www.meetup.com/Functional-Thursday/events/267683150/ Multi-threaded programming in Python 3/11 https://www.meetup.com/pythonhug/events/268925062/ Android Code Club(Taipei) 3/11 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybcfbpb/ GDG Hsinchu #05 - 如何應用ok Google結合物聯網打造智慧生活 3/12 https://www.meetup.com/GDG-Hsinchu/events/268976601/ 人工智慧小聚 - 新竹 ◤從 RNN 到 Attention，自然語言處理的前世今生◢ ◤字型生成經驗分享◢ 3/18 https://www.meetup.com/AIA-Hsinchu/events/268649939/ Scala Taiwan #37 3/18 https://www.meetup.com/Scala-Taiwan-Meetup/events/267899692/ 韓國國際安全博覽會 3/18 https://www.twcert.org.tw/tw/cp-105-3230-a3bd4-1.html Taipei.py 2020 三月聚會 (March Monthly Meeting) 3/19 https://www.meetup.com/Taipei-py/events/268681120/ Study Group - Clean Coder 3/19 https://www.meetup.com/Women-Who-Code-Taipei/events/jlmfprybcfbzb/ 數據分析與機器學習案例實務(一)以PM2.5為例 3/23 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3888&from_course_list_url=course_index Taipei 暗号通貨 (Cryptocurrency) Meetup 3/25 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcfbhc/ Thinking Thursday 第七場 3/26 https://www.meetup.com/Thinking-Thursday/events/266911452/ Flutter Taipei 2020 暖開幕 | Warm Up Party 3/27 https://www.meetup.com/Flutter-Taipei/events/269033933/ 交通大學駭客書院 - 緩衝區溢位攻擊與預防 3/28 https://hackercollege.nctu.edu.tw/?p=1141 black ASIA 2020 Singapore 3/31 ~ 4/3 https://www.blackhat.com/asia-20/briefings/schedule/ Kaspersky® Security Analyst Summit 4/6 ~ 4/9 https://thesascon.com/ QGIS地理資訊研習班 4/8 ~ 4/9 https://www.accupass.com/event/2002120936323517290110 邊緣計算系統之大數據與深度學習應用 4/10 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3883&from_course_list_url=course_index 第二屆ICANN APAC-TWNIC Engagement Forum 與第34屆TWNIC IP政策資源管理會議 4/16 https://forum.twnic.tw/2020/registration.htm 交通大學駭客書院 -入侵行為發覺與應變指南 4/18 https://hackercollege.nctu.edu.tw/?p=1144 VXCON 2020 - APAC 4/18 ~ 4/19 https://www.vxcon.hk/ 2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore 4/21 ~ 4/23 https://www.icscybersecurityconference.com/singapore/ Taipei 暗号通貨 (Cryptocurrency) Meetup 4/22 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybcgbdc/ 亞太資訊安全論壇暨展覽會 4/22 https://www.twcert.org.tw/tw/cp-105-3149-70ad7-1.html 交通大學駭客書院 - 基礎網頁安全與滲透測試 4/25 https://hackercollege.nctu.edu.tw/?p=1147 2020 LINE Taiwan Developers Recruitment Day 4/25 https://engineering.linecorp.com/zh-hant/blog/2020-line-taiwan-technical-recruitment-day/ 交通大學駭客書院 - 基礎網站安全建構實務 5/16 https://hackercollege.nctu.edu.tw/?p=1151 交通大學駭客書院 - 電子郵件之偽造攻擊與防護措施 5/23 https://hackercollege.nctu.edu.tw/?p=1156 Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/ 交通大學駭客書院 - 進階網頁滲透測試 5/30 https://hackercollege.nctu.edu.tw/?p=1159 邊緣計算系統之大數據與深度學習應用 6/5 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index 交通大學駭客書院 - 高階網頁滲透測試 6/13 6/20 https://hackercollege.nctu.edu.tw/?p=1161 交通大學駭客書院 - 企業網域控管-Active Directory攻擊與防禦 6/27 https://hackercollege.nctu.edu.tw/?p=1164 CYBERSEC 2020 臺灣資安大會 8/12 https://cyber.ithome.com.tw/