資安事件新聞週報 2021/2/1 ~ 2021/2/5

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2021/2/1 ~ 2021/2/5 1.重大弱點漏洞/後門/Exploit/Zero Day 微軟 Windows 10 今年首個更新版本要來了？外媒曝正式版釋出時間點曝光 https://3c.ltn.com.tw/news/43139 Google：去年1/4零時差漏洞來自修補不確實 https://www.ithome.com.tw/news/142649 Sudo漏洞也影響macOS、AIX、Solaris https://www.ithome.com.tw/news/142619 sudoedit 堆溢出本地提權漏洞（CVE-2021-3156） https://www.mdeditor.tw/pl/gO0b Realtek RTL8195AM 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25856 Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html SonicWall緊急修補已發生攻擊的SMA 100系列設備漏洞 https://www.ithome.com.tw/news/142630 URGENT: Probable Zero-Day SMA 100 Vulnerability https://www.sonicwall.com/support/product-notification/urgent-security-notice-probable-sma-100-series-vulnerability-updated-jan-27-2021/210122173415410/ https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001 https://www.sonicwall.com/support/product-notification/urgent-patch-available-for-sma-100-series-10-x-firmware-zero-day-vulnerability-updated-feb-3-2-p-m-cst/210122173415410/ Hackers Exploiting Critical Zero-Day Bug in SonicWall SMA 100 Devices https://thehackernews.com/2021/02/hackers-exploiting-critical-zero-day.html IBM Security Guardium 11.2 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-4952 思科IOS XR網絡互連操作系統發現拒絕服務漏洞 https://finance.sina.com.cn/tech/2021-02-05/doc-ikftpnny5112871.shtml Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP https://thehackernews.com/2021/02/critical-flaws-reported-in-cisco-vpn.html 多款Cisco 產品授權問題漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1289 SolarWinds Orion Platform 多個漏洞 https://www1.crisp.govcert.gov.hk/portal/govcert/tc/alerts_detail.xhtml?id=546 3 New Severe Security Vulnerabilities Found In SolarWinds Software https://thehackernews.com/2021/02/3-new-severe-security-vulnerabilities.html Chrome 88 緊急更新補上一個已經被不肖份子利用的漏洞 https://chinese.engadget.com/chrome-88-zero-day-exploit-050348845.html Google修補已遭開採的Chrome零時差漏洞 https://www.ithome.com.tw/news/142645 Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions https://thehackernews.com/2021/02/over-dozen-chrome-extensions-caught.html Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects https://thehackernews.com/2021/01/google-discloses-severe-bug-in.html Google uncovers new iOS security feature Apple quietly added after zero-day attacks https://thehackernews.com/2021/01/google-uncovers-new-ios-security.html New Chrome Browser 0-day Under Active Attack—Update Immediately https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html Vulnerability Makes Vehicles Cyber Attack Targets https://argus-sec.com/addressing-public-cves-in-the-automotive-domain/ https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit SoftMaker Office PlanMaker 緩衝區錯誤漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27247 IBM MQ消息中間件產品發現執行任意代碼漏洞 https://news.sina.com.tw/article/20210204/37571754.html APACHE SHIRO權限繞過漏洞（CVE-2020-17523）通告 http://blog.nsfocus.net/cve-2020-17523/ Microsoft IE遠程命令執行在野0day漏洞通告 https://www.secrss.com/articles/29151 2.銀行/金融/保險/證券/支付系統/ 新聞及資安金融機構除「駭」資安再升級 https://money.udn.com/money/story/5613/5218927 徵才+科技金融機構強化防護網 https://money.udn.com/money/story/5613/5218947 公股行庫陸續啟動核心系統更新計畫 https://ctee.com.tw/news/finance/411245.html 無預警全下線！中國網路平台存款 8.6兆回流銀行體系 https://www.inside.com.tw/article/22429-platform-cash-back-to-bank 央行：美財政部並未敦促台幣進一步升值 https://money.udn.com/money/story/5613/5219943?from=edn_breaknewstab_index 螞蟻與大陸官方達成協議春節前成立金控公司 https://udn.com/news/story/7333/5231737?from=udn-catebreaknews_ch2 螞蟻轉型金控 2年內重啟上市 https://udn.com/news/story/7333/5233099?from=udn_ch2_menu_v2_main_cate 《大陸金融》SWIFT攜人行成立合資公司 https://reurl.cc/YWXkZ4 銀行推電子利市獎賞吸客　你會考慮使用綫上理財系統嗎 https://reurl.cc/WE18p5 集保今年徵才16名鎖定資訊、資安菁英 https://reurl.cc/KxQOyR 3.電子支付/行動支付/pay/資安香港民建聯指現金支付或成防疫漏洞促特區政府推動普及電子支付 http://www.hkcna.hk/content/2021/0205/877890.shtml 揭銀行轉數漏洞富融系統升級雙重核實收款人資料 https://hk.appledaily.com/finance/20210205/DJ66VTYJSFHUHFZIFEQOOQLQOM/ 街口支付董事長胡亦嘉遭停職怒嗆「不接受處分」 https://www.ptt.cc/bbs/Finance/M.1612487241.A.A0A.html 街口支付遭罰180萬金管會：董事長胡亦嘉停職一年 https://www.cna.com.tw/news/firstnews/202102045007.aspx 電子支付連結帳戶交易額衝高 https://www.chinatimes.com/newspapers/20210201000297-260208?chdtv 電子支付在台加速發展首度超車現金 https://www.chinatimes.com/realtimenews/20210128004176-260410?chdtv 手機變刷卡機支付新潮流 https://money.udn.com/money/story/5613/5220780 儲值千元「機車快遞」叫嘸！男控：退錢也卡關 https://reurl.cc/3NYbdV 2020年刷卡金仍守在3兆大關　創史上次高 https://finance.ettoday.net/news/1914748 韓國國際協力機構協助，柬埔寨國家銀行正式推出全新電子支付系統 https://www.moneydj.com/KMDJ/News/NewsViewer.aspx?a=%7B557d18ff-2ba5-4754-af7c-df24db58c012%7D 悠遊付攜手全台7宮廟以行動支付索取結緣金 https://reurl.cc/Q7bV80 【電子支付】WeChat Pay HK新增轉數快增值八達通銀包功能　用戶可經手機為八達通卡增值 https://reurl.cc/R6X9Kn 不用行動支付！拿現金結帳太落伍？網勸「快跟上」：不然虧很大 https://udn.com/news/story/120913/5234503 台灣行動支付APP 新春天天抽紅包 https://money.udn.com/money/story/5636/5232534 食品業者推行動支付買年貨不用肢體接觸 https://reurl.cc/pmMKqr 4.加密貨幣/挖礦/區塊鍊資安這檔基金握有57萬顆比特幣！但它不賣給散戶，只有資產3千萬以上的大戶才能買 https://www.storm.mg/article/3434074 反逼表態！瑞波文件回覆 SEC :「XRP 是虛擬貨幣，你們管不著？」幣價大漲 100% https://www.blocktempo.com/ripple-responded-sec-lawsuit-xrp-outside-their-jurisdiction/ 交易熱度超越比特幣！數據：以太幣去年鏈上結算 3.45 億次 https://blockcast.it/2021/01/29/ethereum-transaction-volume-surpasses-bitcoin/ 打通銀行與 Defi世界！Circle 宣佈 API 整合「自動轉帳扣款ACH」，銀行美元可直換 USDC https://reurl.cc/MZb5jW 「我是比特幣的支持者」馬斯克上 Clubhouse 對談：或許狗狗幣真的會變成世界貨幣 https://www.blocktempo.com/elon-musk-goes-live-on-clubhouse/ 「狗狗幣」價格倍數急升　Robinhood 決定限制其交易 https://unwire.hk/2021/01/31/robinhood-restricts-crypto-trading-as-bitcoin-dogecoin-surge/fun-tech/ BTC供不應求！GrayScale的買幣速度，是「新挖出比特幣」的1.54倍，且仍在擴大 https://www.blocktempo.com/grayscale-is-buying-btc-54-faster-than-it-is-mined-since-2021/ 瑞波前CTO恢復倒貨！上週每日賣1,717萬枚XRP，很可能今年底前全數脫手 https://www.blocktempo.com/ripple-former-cto-dumping-again-17m-xrp-per-day/ 關於Defi錢包連結安全性及coinbase錢包被駭 https://pttweb.tw/s/2AKVHE Yearn.Finance驚爆漏洞DeFi再遭打擊一文帶你探明事件始末 https://www.jinse.com/news/blockchain/995859.html Yearn 遭到攻擊損失1100萬美元，目前該漏洞已得到緩解 https://www.bishijie.com/shendu/166966.html CertiK：Yearn.Finance驚爆漏洞，一文帶你探明事件始末 https://www.chaindaily.cc/posts/ea7452af81bfd2106d5c864823d11be6 「數位人民幣」會是特洛伊木馬嗎？專家警告：中國央行將可即時監控所有交易 https://www.storm.mg/article/3455738 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 駭客在中國兩大公有雲發動挖礦攻擊，鎖定ActiveMQ、WebLogic、Redis等中介軟體下手 https://www.ithome.com.tw/news/142569 英國研究與創新機構遭勒索軟體攻擊 https://www.ithome.com.tw/news/142554 勒索軟體FonixCrypter退出江湖並釋出解密金鑰 https://www.ithome.com.tw/news/142555 殭屍網路Trickbot納入網路探測模組，企圖掌握受害電腦所在網路環境樣貌 https://www.ithome.com.tw/news/142625 Kobalos木馬程式鎖定全球Linux超級電腦、資安業者與個人伺服器展開攻擊 https://www.ithome.com.tw/news/142614 竊密惡意軟體Agent Tesla出現變種，藉由關閉電腦惡意軟體偵測機制來隱匿行蹤 https://www.ithome.com.tw/news/142618 使用者請小心！知名 Android 模擬器 NoxPlayer 夜神遭到駭客植入木馬 https://unikoshardware.com/2021/02/android-emu-noxplayer-hacked.html 偽裝成管理軟件的新木馬活動猖獗360安全衛士極智守護杜絕安全漏洞 http://news.ctocio.com.cn/qyqy/2021/0205/022021_47329.html 'Lebanese Cedar' New Campaign https://www.clearskysec.com/cedar/ https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf A New Software Supply‑Chain Attack Targeted Millions With Spyware https://thehackernews.com/2021/02/a-new-software-supplychain-attack.html A New Linux Malware Targeting High-Performance Computing Clusters https://thehackernews.com/2021/02/a-new-linux-malware-targeting-high.html Agent Tesla Malware Spotted Using New Delivery & Evasion Techniques https://thehackernews.com/2021/02/agent-tesla-malware-spotted-using-new.html Beware: New Matryosh DDoS Botnet Targeting Android-Based Devices https://thehackernews.com/2021/02/beware-new-matryosh-ddos-botnet.html A New Software Supply Chain Attack Targeted Millions With Spyware https://thehackernews.com/2021/02/a-new-software-supplychain-attack.html New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers https://thehackernews.com/2021/02/new-cryptojacking-malware-targeting.html Zeoticus 2.0: A Ransomware with no C2 Connectivity Required Gets Recent Updates https://labs.sentinelone.com/zeoticus-2-0-ransomware-with-no-c2-required/ Excel Spreadsheets Push SystemBC Malware https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/ Operation NightScout: Supply‑chain attack targets online gaming in Asia https://www.welivesecurity.com/2021/02/01/operation-nightscout-supply-chain-attack-online-gaming-asia/ Hildegard: New TeamTNT Malware Targeting Kubernetes https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/ A41APT - Analysis of the Stealth APT Campaign Threatening Japan http://jsac.jpcert.or.jp/archive/2021/pdf/JSAC2021_202_niwa-yanagishita_en.pdf DocuSign Themed Malspam Leads to BazarBackdoor and Cobalt Strike https://thedfirreport.com/2021/01/31/bazar-no-ryuk/ Kobalos – A complex Linux threat to high performance computing infrastructure https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/ https://github.com/eset/malware-ioc/tree/master/kobalos https://www.welivesecurity.com/wp-content/uploads/2021/01/ESET_Kobalos.pdf TrickBot masrv Module https://www.kryptoslogic.com/blog/2021/02/trickbot-masrv-module/ Matryosh Botnet https://blog.netlab.360.com/matryosh-botnet-is-spreading-en/ New Version of DanaBot https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot New Versions of the Necro Botnet in the Wild https://blog.netlab.360.com/necro/ Sodinokibi Attack Analysis https://www.trendmicro.com/en_us/research/21/a/sodinokibi-ransomware.html A New Campaign Using Trickbot https://www.menlosecurity.com/blog/trickbot-new-year-old-lure Torisma and LCPDot Malware https://blogs.jpcert.or.jp/en/2021/01/Lazarus_malware2.html New Cryptojacking Malware From the Rocke Group https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/ TeamTNT Delivers Malware with New Detection Evasion Tool https://cybersecurity.att.com/blogs/labs-research/teamtnt-delivers-malware-with-new-detection-evasion-tool B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊你被邀請了嗎　神秘社群APP，Clubhouse夯什麼 https://www.cw.com.tw/article/5107782 【這樣偽裝也給過？】AI 研究團隊列印這款「眼鏡」，成功解鎖 19 款安卓手機 https://buzzorange.com/techorange/2021/02/01/beijig-tsing-hua-real-ai-glasses-mobile-phone-face-idattack/ 不滿資安立場回答印度永久禁止抖音、微信等中國59個app https://news.cnyes.com/news/id/4563115 iPhone中毒訊息是真的嗎？網頁顯示中毒或被黑該怎麼辦 https://mrmad.com.tw/iphone-poisoning-message Instagram 新增回收桶功能，防止帳號被駭後刪除貼文 https://technews.tw/2021/02/05/instagram-recently-deleted-function/ 對抗美國拆解「中國供應鏈」，北京打造「數位絲綢之路」！瓜達爾港成中國通訊光纜通往東非、歐洲節點 https://www.storm.mg/article/3455539 iCloud多項服務故障！　蘋果使用者批個資漏洞 https://today.line.me/tw/v2/article/MGmk2j 哪些手機通ESS資安認證呢 https://www.kocpc.com.tw/archives/366210 Clubhouse風靡新創圈綠委示警：恐成下個抖音 https://ec.ltn.com.tw/article/breakingnews/3433790 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件網路身分認證安全機制，翻轉過去的思維 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9032 法國資安業者StormShield的防火牆原始碼被駭客盜走 https://www.ithome.com.tw/news/142659 五月天演唱會售票遭駭 4嫌不法獲利408萬 https://pttsuperstar.com/MayDay/1Sq0qHDW Parler CEO 因理念不合與資安漏洞，而被保守派董事會開除 https://www.inside.com.tw/article/22494-parlers-ceo-has-been-fired 侵權價值超過10億！警方大掃蕩非法機上盒民視等多家電視台受害 https://www.ftvnews.com.tw/news/detail/2021205W0065 資安威脅再創新高，40％攻擊事件情資「尚需調查」 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9030 混合型態工作環境興起　零信任原則控管風險 https://www.netadmin.com.tw/netadmin/zh-tw/trend/9DC1BCC2B547433D9C397372C26FCBC7 網安機構：應增加基本了解馬來西亞用戶不受網絡威脅 https://reurl.cc/e9OVrx SolarWinds 攻擊中國疑參一腳，入侵美國農業部薪資發放機構 https://technews.tw/2021/02/04/solarwinds-china/ SolarWinds攻擊行動中，約莫有3成受害者並未使用Orion Platform https://www.ithome.com.tw/news/142551 路透社報導：有第二組疑似來自中國的駭客入侵SolarWinds https://www.ithome.com.tw/news/142622 面對中國駭客入侵威脅政府資安防護機制安全嗎 https://www.ftvnews.com.tw/news/detail/2021204W0144 美電子投票商怒告福斯新聞　指控假新聞嚇跑台灣客戶 https://tw.appledaily.com/international/20210205/66MR72K5JNGZLOWYK2OT72QTMA/ 實名制口罩遭盜領！嫌犯「手動輸證號」恐有資安危機 https://www.nexttv.com.tw/NextTV/News/Home/Life/2021-01-31/367586.html 23 歲女孩過勞致死、「007」工時成常態——中國互聯網產業「用命換錢」的血汗紀實 https://crossing.cw.com.tw/article/14413 【中國統戰】兩岸宗教線上參拜　國防院：恐釀資安破口 https://tw.appledaily.com/politics/20210130/LZ2YFQLPZRHNVBZGQAECZFOIRE/ 澳門網絡安全法下月22日實施　手電用戶要實名登記 https://news.rthk.hk/rthk/ch/component/k2/1493613-20191121.htm 中國山東省學校開展網絡信息安全漏洞專項排查整治工作 http://www.lcu.edu.cn/ztzx/ldyw/373743.htm 用駭客「賺」外匯?北韓嚴選高中資優生進駭客部隊培養 https://www.pourquoi.tw/2021/02/05/intlnews-neasia-210129-210204-3/ 反恐情報戰→對抗中國竊密喬州學者：拜登廣結盟打持久戰 https://www.worldjournal.com/wj/story/121278/5233981 對抗中國印度軍隊以「西藏學」武裝 https://reurl.cc/NXpo0p 美國在月背建造了基地？還擁有太空部隊？來自世界頂級駭客的爆料 https://www.juduo.cc/military/3145352.html 普丁，美國的有毒前男友 https://cn.nytimes.com/opinion/20210204/vladimir-putin-russia-america/zh-hant/ 拜登首場外交政策演說誓言對抗威權抑制中俄野心 https://www.cna.com.tw/news/firstnews/202102050015.aspx 拜登首場外交演說：中國大陸是美國最重大的競爭者 https://udn.com/news/story/6809/5233675?from=udn-ch1_breaknews-1-0-news 自由之家：多國系統性跨國打壓異己中國尤甚 https://www.cna.com.tw/news/aopl/202102050017.aspx 美國務卿與俄國外長通話　談及納瓦尼、核武軍控協議 https://tw.appledaily.com/international/20210205/WZWKLBKACFBEJNR2SDKNFD453A/ 中南海保鏢護衛習近平疑安保留致命漏洞 https://www.ntdtv.com/b5/2021/02/05/a103047462.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞年關將近　假冒銀行透過簡訊騙取民眾網銀帳密爆增 https://tw.appledaily.com/property/20210131/UZKY5RG3KVA6ZCRSDRXXWG7LFU/ 被揭有大批假帳號操縱社交媒體　華為認有不足展內部調查　Twitter：如證據確鑿不排除永久封鎖 https://reurl.cc/Xe4MLM 「您的銀行帳戶顯示異常」趨勢：假簡訊釣魚攻擊 https://saydigi-tech.com/2021/01/36900.html 小心！這是詐騙簡訊假國泰世華釣魚簡訊三天21人受騙詐騙金額高達300萬 https://www.ftvnews.com.tw/news/detail/2021131W0046 假國泰世華釣魚簡訊 3天21人遭騙逾300萬元 https://www.ftvnews.com.tw/news/detail/2021131F04M1 防疫保單超夯，「線上投保專區」詐騙個資 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9027 Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State https://thehackernews.com/2021/02/data-breach-exposes-16-million-jobless.html Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication https://www.fireeye.com/blog/threat-research/2021/01/phishing-campaign-woff-obfuscation-telegram-communications.html LogoKit Phishing Kit https://www.riskiq.com/blog/external-threat-management/logokit-phishing/ Phishing and Malspam with Leaf PHPMailer https://blog.sucuri.net/2021/01/phishing-malspam-with-leaf-phpmailer.html Phishing Campaigns and Their Evasion and Obfuscation Techniques https://www.zscaler.com/blogs/security-research/new-phishing-trends-and-evasion-techniques Phishing, Sweepstakes, Delivery Scams for 2021 https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cybercriminals-kick-off-2021-with-sweepstakes-credit-card-delivery-scams E.研究報告基礎架構程式碼：資安風險與如何防範 https://blog.trendmicro.com.tw/?p=66782 SSRF漏洞簡介 https://blog.csdn.net/zzwwhhpp/article/details/113445170 RustSecu https://github.com/ChaosStudyGroup/RustSecu Azure Security Basics: Log Analytics, Security Center, and Sentinel https://www.blackhillsinfosec.com/azure-security-basics-log-analytics-security-center-and-sentinel/ 日本組織遭遇高複雜度的長期攻擊行動 Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign https://medium.com/cycraft/threat-intelligence-news-3-ea4ba0711ab1 EP35 - 6個駭客在攻擊前會思考的問題 https://reurl.cc/YWvWrO 21個RSA對於2021的網路安全預測 https://www.sysage.com.tw/News/NewsDetail/734 Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions https://thehackernews.com/2021/02/over-dozen-chrome-extensions-caught.html How to Audit Password Changes in Active Directory https://thehackernews.com/2021/02/how-to-audit-password-changes-in-active.html Why Human Error is #1 Cyber Security Threat to Businesses in 2021 https://thehackernews.com/2021/02/why-human-error-is-1-cyber-security.html The Cyber Landscape in Latin America https://www.fireeye.fr/blog/executive-perspective/2021/01/the-cyber-landscape-in-latin-america.html An Usual Technique Used by an APT https://www.trendmicro.com/en_us/research/21/a/xdr-investigation-uncovers-plugx-unique-technique-in-apt-attack.html Security Researchers Being Targeted in New Campaign https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ S2-059/S2-061 漏洞原理簡單分析 https://zhuanlan.zhihu.com/p/348999160 網站漏洞修復SQL隱碼攻擊防護辦法 https://iter01.com/584523.html 病毒攻防機理及WinRAR惡意劫持漏洞(bat病毒、自啟動、定時關機、藍屏攻擊) https://www.mdeditor.tw/pl/gOzS Apache Druid 遠程代碼執行漏洞（CVE-2021-25646） https://www.cnblogs.com/Savior-cc/p/14375098.html Jquery XSS漏洞（CVE-2020-11022） https://blog.csdn.net/qq_41832837/article/details/113655878 Apache Druid 遠程代碼執行漏洞分析(CVE-2021-25646) https://paper.seebug.org/1481/ Lanproxy 任意文件讀取漏洞復現(CVE-2021-3019) https://www.jianshu.com/p/957ec2ca0c90 LDAP Channel Binding and LDAP Signing Requirements - March 2020 update final release https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/ldap-channel-binding-and-ldap-signing-requirements-march-2020/ba-p/921536 F.商業 F5與Red Hat攜手助政府資料中心向上集中完美進化 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000603709_2YU8M5ACLV9I6VLXW9955 訊舟空氣盒子全球設點 https://ctee.com.tw/news/stock/411422.html 「業務資安長」改善資安與商業流程整合的系統性挑戰 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9037 新資安報告點出前三大董事會必須關心的資安策略，ESG 研究指出資安未獲充分重視 http://www.pcdiy.com.tw/detail/19031 趨勢科技公佈新資安報告，提醒企業董事會 3 大該關心的資安策略 https://technews.tw/2021/02/01/trend-micro-security/ 攻擊型態趨於多元，供應鏈防護需涵蓋 VPN 網路與外部服務，Safe-T 協助企業做好資安防護 https://reurl.cc/WErEKk 友訊科技宣佈正式代理Cyberbit https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9050 眾至推出OT防火牆設備，正式跨入工控安全防護領域 https://www.ithome.com.tw/review/142557 TXOne Networks榮獲亞太區10大最佳企業資安解決方案提供者 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9046 Sigma Rules to Live Your Best SOC Life https://thehackernews.com/2021/02/sigma-rules-to-live-your-best-soc-life.html Guide: How Security Consolidation Helps Small Cybersecurity Teams https://thehackernews.com/2021/02/guide-how-security-consolidation-helps.html Get Ready for CMMC: FireEye and Ardalyst Partner for Comprehensive, All-Threat Solution Set https://www.fireeye.com/blog/products-and-services/2021/01/fireeye-ardalyst-partner-for-comprehensive-all-threat-solution-set.html G.政府「大陸製資通訊產品」校園全禁？立委籲：分級處理 https://www.ptt.cc/bbs/Teacher/M.1611963489.A.69C.html 人臉辨識搭機松機春節後、桃機下半年試辦 https://www.cna.com.tw/news/ahel/202101310024.aspx 和2016年的國安局一樣，調查局也想出「香蕉」聘請資安專家 https://www.thenewslens.com/article/146670 培育女白帽駭客科技部要扭轉性別刻板印象 https://www.ocacnews.net/overseascommunity/article/article_story.jsp?id=271842 斥資八億，打造國家級資安卓越中心，培訓臺灣高階的資安前瞻研究人才 https://www.ithome.com.tw/news/142509 台電等數十家公民營機構資安納管 https://news.ltn.com.tw/news/politics/paper/1429519 行政院：關鍵基礎設施提供者遇資安事件須通報 https://www.cna.com.tw/news/aipl/202102020184.aspx H.工控系統/ICS/SCADA/IOT/物聯網/車聯網相關資安消弭資訊安全隱憂極大化智慧製造效益 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000603439_ETY58M55273TASLTHVK1D 2030年的智慧連網裝置在你的日常生活扮演什麼角色 https://www.eettaiwan.com/20210201nt21-top-10-consumer-trends-in-2030/ 1億元的曙光產業　台灣遠距醫療興利從資安做起 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=70&id=0000603659_BCS5BWQO6048Q988MTFPL 2026年全球物聯網安全服務市場達168億美元，設備管理、資安佈署、IoT獲利策略須三者須並重 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9036 58%醫療機構受訪者將資安視為數位轉型帶來的重大挑戰 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9029 富士代碼執行漏洞使工業設備面臨安全風險 https://kknews.cc/tech/v5ngov2.html 2021年全球和中國工業信息安全行業發展現狀分析安全漏洞高速增長 http://finance.eastmoney.com/a/202102041803145871.html 何積豐院士：工控安全需著重解決「驗證難」「保障難」「分析難」問題 https://news.sina.com.tw/article/20210119/37429098.html 禾伸堂藉助Nozomi 即時監測OT資安威脅 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=13&id=0000603341_AQB2CI7V52I2ZV0VV1IYY Open-source tool for hardening commonly used HMI/SCADA system https://www.helpnetsecurity.com/2021/02/05/hardening-ge-cimplicity/ Learn to Build Effective IT-OT Cybersecurity Organizations at ARC Forum https://www.arcweb.com/blog/learn-build-effective-it-ot-cybersecurity-organizations-arc-forum Supply chain insecurity threatens national security https://gcn.com/articles/2021/02/01/supply-chain-national-security.aspx Industrial Control Systems (ICS) Security Market Report The demand for the Market will drastically increase in the Future Forecast 2025 https://ksusentinel.com/2021/02/05/industrial-control-systems-ics-security-market-report-the-demand-for-the-market-will-drastically-increase-in-the-future-forecast-2025/ I.教育訓練 109資通安全管理法數位教育訓練 https://reurl.cc/e9679M 資安事件鑑識分析與應用 - 工具介紹及實作 https://cert.tanet.edu.tw/prog/opendoc.php?id=2016072611073636116181716195916.pdf 開源碼網站安全暨防護實作－modsecurity實作（實機課程講義） https://cert.tanet.edu.tw/prog/opendoc.php?id=2016072611070808281469077816844.pdf 不小心打開可疑郵件附件或連結該怎麼辦 https://blog.trendmicro.com.tw/?p=66676 為何不能重複使用密碼 https://blog.trendmicro.com.tw/?p=66438 How Does Your AD Password Policy Compare to NIST's Password Recommendations https://thehackernews.com/2021/01/creating-strong-password-policy-with.html Memory Palace CISSP Notes https://www.studynotesandtheory.com/single-post/memory-palace-cissp-notes 給行銷跟業務的 Kubernetes 101 中翻中介紹 https://blog.pichuang.com.tw/20210111-Kubernetes-for-sales-and-marketing/ WAF是什麼？WAF能幹嘛？我網站需要WAF 嗎 https://blog.pumo.com.tw/archives/1384 什麼是安全漏洞掃描 https://zhuanlan.zhihu.com/p/340391948 [Burp Suite 完整教學] 利用 Autorize 測試角色權限區分與IDOR漏洞 https://hackercat.org/burp-suite-tutorial/burp-suite-autorize [Burp Suite 完整教學] Find comments 當個乖寶寶好好寫註解，我看你是沒有遇過壞人 https://hackercat.org/burp-suite-tutorial/burp-suite-find-comments [Burp Suite 完整教學] Comparer 大家來找碴，不如讓工具幫你解答 https://hackercat.org/burp-suite-tutorial/burp-suite-comparer [Burp Suite 完整教學] 看似平凡卻最常被使用 – Repeater 手動挖掘與驗證漏洞 https://hackercat.org/burp-suite-tutorial/burp-suite-repeater [Burp Suite 完整教學] ActiveScan++ 提升 Scanner 的弱點掃描能力 https://hackercat.org/burp-suite-tutorial/burp-suite-activescan-plus [Burp Suite 完整教學] JSON Beautifier – 美化你的JSON格式資料，讓一切看得更清楚 https://hackercat.org/burp-suite-tutorial/burp-suite-json-beautifier [Burp Suite 完整教學] 這些功能還不夠嗎？來開外掛吧！Burp Extender擴充功能 – BApp Store https://hackercat.org/burp-suite-tutorial/burp-suite-extender-bapp-store [Burp Suite 完整教學] 滲透測試從來不是一件簡單的事 https://hackercat.org/burp-suite-tutorial/burp-suite-pentesting-is-not-easy [Burp Suite 完整教學] Intruder 如何觀察與判斷堆積如山的結果 https://hackercat.org/burp-suite-tutorial/burp-suite-intruder-results [Burp Suite 完整教學] Intruder Attack type & Payloads – 擁有千種姿態的攻擊模式 https://hackercat.org/burp-suite-tutorial/burp-suite-intruder-attack-type-and-payloads EC-Council ECSA v10 滲透測試認證 – 考試準備心得分享 https://www.hackercat.org/pentesting/ec-council-ecsa-v10-experience 6.近期資安活動及研討會 User Interface and User Experience Design Weekend Crash Course Feb 6-7, 1-4pm 2/6 ~ 2/7 https://www.meetup.com/taiwan-code-camp/events/275764480 2021 All 駭 Yo 寒假資安訓練營 2/6 ~ 2/7 https://www.nchc.org.tw/Active/ActiveView?id=457&menutype=0&sitemenuid=3&mid=47 你所不知道的 Apple 設備管理秘笈 2/21 https://www.accupass.com/event/2101121212224382042200 [2021 Feb] Voice of Data 如何為你手中的數據發聲 2/22 https://www.meetup.com/rladies-taipei/events/275622681 國家高速網路與計算中心教育訓練【資安中階課程】資安健診弱點實證 2/25 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3940&from_course_list_url=course_index 人工智慧與資安保險論壇暨ACFD第二屆第二次會員大會及第二屆第三次理監事聯席會議 2/26 https://acfd2019.kktix.cc/events/1cac1bef-copy-1 台灣商戶如何使用Woo Commerce 2/26 https://www.meetup.com/Taipei-WooCommerce-Meetup-Group/events/275860646 2021嘉藥反毒與資安機器人競賽至110年2月28日（星期日）晚上12時，或額滿為止 http://203.72.21.13/prac/index.php/2017-01-17-07-19-47/2017-02-07-01-41-33/1905-2021-15 TC5/ WG1#11無線寬頻分享器資安標準與測試規範產業專家會議(第二場) 3/4 https://www.taics.org.tw/TCMeetInfoForm.aspx?tcCat_id=5&tcMeetInfo_id=10223 吱吱盃黑客松 2021/04/02 18:30 ~ 2021/04/04 18:30 https://nsysuisc.kktix.cc/events/hackathon2020

Syntax	Example	Reference
# Header	Header	基本排版
- Unordered List	Unordered List
1. Ordered List	Ordered List
- [ ] Todo List	Todo List
> Blockquote	Blockquote
Bold font	Bold font
Italics font	Italics font
~~Strikethrough~~	~~Strikethrough~~
19^th^	19^th
H~2~O	H₂O
++Inserted text++	Inserted text
==Marked text==	Marked text
[link text](https:// "title")	Link
![image alt](https:// "title")	Image
`Code`	`Code`	在筆記中貼入程式碼
```javascript var i = 0; ```	`var i = 0;`
:smile:		Emoji list
{%youtube youtube_id %}	Externals
$L^aT_eX$	L^aT_eX
:::info This is a alert area. :::	This is a alert area.