###### tags: `資安事件新聞週報` # 資安事件新聞週報 2020/1/6 ~ 2020/1/10 1.重大弱點漏洞/後門/Exploit/Zero Day Project Zero調整漏洞揭露政策，漏洞細節一律通報後90天才公開 https://www.ithome.com.tw/news/135265 Ruckus 產品多個漏洞 https://www.ruckuswireless.com/security/299/view/pdf 思科修補可繞過身分認證並執行任意行動的安全漏洞 https://ithome.com.tw/news/135203 近期多家VPN設備資安漏洞，相關單位應立即檢視以降低資安威脅 https://www.twcert.org.tw/tw/cp-15-3211-f51e9-1.html Citrix應用伺服器與閘道器產品存在安全漏洞(CVE-2019-19781) http://net.nthu.edu.tw/2009/mailing:announcement:20200109_01 Citrix部分產品存在遠端執行程式碼漏洞 https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1448 Hackers probe Citrix servers for weakness to remote code execution vulnerability https://www.zdnet.com/article/hackers-probe-unsecured-citrix-servers-for-netscaler-vulnerability/#ftag=RSSbaffb68 Cisco Data Center Network Manager存在多個漏洞 https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1447 Cisco DCNM 發布安全更新 https://www.us-cert.gov/ncas/current-activity/2020/01/07/cisco-releases-security-updates IBM Security Secret Server 信息泄露漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4634 GitLab 多個漏洞 https://www.auscert.org.au/bulletins/ESB-2020.0046/ Android 多個漏洞 https://source.android.com/security/bulletin/2020-01-01 微軟Access資料庫出現漏洞 或致8.5萬家企業面臨風險 https://news.sina.com.tw/article/20200108/33937806.html 安全預警- 華為部分產品的信息洩露漏洞 https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200108-01-phone-cn NCSC Cyber Security Advisory CSA-2020-1439 Critical Vulnerability in Citrix Products https://www.ncsc.govt.nz/newsroom/ncsc-cyber-security-advisory-csa-2020-1439/ Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy https://threatpost.com/google-ditches-patch-disclosure-90-day-policy/151626/ Mozilla Patches Critical Vulnerability https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/#CVE-2019-17026 Mozilla Foundation Security Advisory 2020-01 Security Vulnerabilities fixed in Firefox 72 https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/ Mozilla Foundation Security Advisory 2020-02 Security Vulnerabilities fixed in Firefox ESR 68.4 https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/ Mozilla patches Firefox zero-day reported by Qihoo 360 https://www.zdnet.com/article/mozilla-patches-firefox-zero-day-reported-by-qihoo-360/#ftag=RSSbaffb68 U.S. Government Confirms Critical Security Warning For Firefox Users https://www.forbes.com/sites/daveywinder/2020/01/09/us-government-confirms-critical-security-warning-for-firefox-users/#52b27f7c2ebf Google Releases Security Updates for Chrome https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html Vulnerability Spotlight: Remote code execution vulnerability in E2fsprogs https://blog.talosintelligence.com/2020/01/e2fsprogs-remote-code-execution-vuln-jan-2020.html 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 街口託付寶申購基金踩監理紅線 金管會緊盯 https://amp-news.cnyes.com/news/id/4429725 街口「託付寶」踩紅線！ 金管會：去年底已拒絕 https://reurl.cc/24G2Z9 中國地下外匯交易平台突倒閉 近200萬人投資人被坑4323億元 https://ec.ltn.com.tw/article/breakingnews/3030614 外匯變傳銷，中國百萬人遭坑殺 4 千多億 https://reurl.cc/1QVb2p 大新信用卡疑洩資料 多人中招收0蚊交易通知 香港金管局：收到事故通報 https://hk.finance.appledaily.com/finance/realtime/article/20200105/60452596 信用卡系統疑現漏洞 大新：影響數千客戶惟無金錢資料損失 https://reurl.cc/ZnkvKW 香港金管局稱已收到大新通報疑有信用卡用戶資料被盜用 http://bit.ly/2ZRrEnk 保險「大魔王」後年上線 「會計準則應與金融監理脫鉤」 https://udn.com/news/story/7239/4268006 撿到提款卡！男一招破解「6位數密碼」　爽盜領46萬多元 https://www.setn.com/News.aspx?NewsID=666386 國泰世華銀加入「SWIFT gpi」　跨境匯款即時追蹤 https://tw.finance.appledaily.com/realtime/20200106/1686955/ 亞馬遜申請手掌辨識專利，這三個國家早已將「掃手」落地 https://news.knowing.asia/news/7aaecdb0-6eba-47ff-a00b-ac445514c0d3 內部控制常見的八大漏洞 https://mp.weixin.qq.com/s/PVR6Zxpr1nIOKeNlFyGx9g 【2020 全科會將至】全世界駭客都愛攻擊台灣，資安產業怎麼養才對 https://buzzorange.com/techorange/2020/01/06/taiwan-cybersecurity/ 利用ETC信用卡辦理漏洞竊取公民信息開通金融轉賬服務 http://news.ycwb.com/2020-01/08/content_30476243.htm 新加坡金管局﹕已收21份數字銀行申請　當中7份申零售銀行牌照 http://bit.ly/35AWwd1 集保大數據分析應用平台，助建FinTech服務生態系 https://www.chinatimes.com/realtimenews/20200109002708-260410?chdtv 神奈川警方擬在銀行設置熱成像攝像頭防詐騙 https://tchina.kyodonews.net/news/2020/01/e483f11fe934.html 6秒鐘隔空測心跳！台灣新創如何玩活體偵測技術，吸引純網銀客戶買單 https://www.bnext.com.tw/article/56239/faceheart-ces2020 紐約州長提議：「給金融監管機構更多的權力。」 http://bit.ly/36Fe09H 倫敦外匯交易公司Travelex遭惡意程式入侵，被迫採用人工交易 https://www.ithome.com.tw/news/135186 Travelex被駭遭索1.8億 拿紙筆交易 https://tw.appledaily.com/finance/20200109/2W2ZYR52UT4DIYMAPSYSQPBYZA/ TRAVELEX遭入侵被逼關電腦系統　紙筆記錄交易 https://news.rthk.hk/rthk/ch/component/k2/1501550-20200108.htm Travelex遭黑客勒索未有通報客戶及政府捱批 https://news.now.com/home/international/player?newsId=375973 Travelex遭駭客勒索300萬美元 https://www.ithome.com.tw/news/135227 Travelex customers left in cashless limbo, ICO not formally alerted to data theft claims https://www.zdnet.com/article/travelex-customers-left-in-cashless-limbo-uk-regulators-now-step-in/#ftag=RSSbaffb68 Currency Exchange Travelex Held Hostage by Ransomware Attack https://www.bankinfosecurity.com/currency-exchange-travelex-held-hostage-by-ransomware-attack-a-13588 Travelex faces ransom demands following NYE malware attack https://www.zdnet.com/article/travelex-faces-ransom-demands-following-nye-malware-attack/#ftag=RSSbaffb68 Sodinokibi Ransomware Hits Travelex, Demands $3 Million https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-travelex-demands-3-million/ Patch or Perish: VPN Servers Hit by Ransomware Attackers https://www.bankinfosecurity.com/patch-or-perish-vpn-servers-hit-by-ransomware-attackers-a-13583 Travelex: Banks halt currency service after cyber-attack https://www.bbc.com/news/business-51034731 New evasion techniques found in web skimmers https://reurl.cc/4gzgvK Researcher Spots New Tricks in Web Payment Card Skimmers https://www.bankinfosecurity.com/researcher-spots-new-tricks-in-web-payment-card-skimmers-a-13573 Another consortium joins race for Singapore digital bank licence https://www.zdnet.com/article/another-consortium-joins-race-for-singapore-digital-bank-licence/#ftag=RSSbaffb68 ロンドン証取のシステム障害、サイバー攻撃の可能性調査 https://jp.wsj.com/articles/SB11833998325689744897304586123174226141088 Pune: Man arrested ‘red-handed’ with ATM card-cloning device at ICICI Bank kiosk https://indianexpress.com/article/cities/pune/pune-man-arrested-red-handed-with-atm-card-cloning-device-at-icici-bank-kiosk-6197764/ ATM Hackers Quizzed in Tripura, Agartala https://www.sentinelassam.com/north-east-india-news/tripura-news/atm-hackers-quizzed-in-tripura-agartala/ RBI issues Cyber Security Controls Guidelines for Third party ATM Switch Application Service Providers https://www.taxscan.in/rbi-issues-cyber-security-controls-guidelines-third-party-switch-application/42890/ Pune: Nigerian lands in cop net for card cloning ploy https://timesofindia.indiatimes.com/city/pune/pune-nigerian-lands-in-cop-net-for-card-cloning-ploy/articleshow/73077938.cms Miscreants steal Rs 23.5 lakh from ATM near central jail https://timesofindia.indiatimes.com/city/bengaluru/miscreants-steal-rs-23-5-lakh-from-atm-near-central-jail-in-bengaluru/articleshow/73078376.cms Three Chinese men exonerated in ATM skimming scams https://www.dawn.com/news/1525901/three-chinese-men-exonerated-in-atm-skimming-scams Cardknox payment gateway certified with Pax S920 https://www.atmmarketplace.com/news/cardknox-payment-gateway-certified-with-pax-s920/ Morning Brief 1.6.20: U.K. banks suffer fresh payment outages https://www.paymentssource.com/news/u-k-banks-suffer-fresh-payment-outages RBI issues Cyber Security Controls Guidelines for Third party ATM Switch Application Service Providers https://www.taxscan.in/rbi-issues-cyber-security-controls-guidelines-third-party-switch-application/42890/ Cyber Security controls for Third party ATM Switch Application Service Providers https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11773&Mode=0 Cyber Security Controls for ATM Switch Application Service Providers (ASPs) https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11773&Mode=0#AN UK government investigates possible cyberattack link to London Stock exchange outage https://www.zdnet.com/article/uk-government-investigates-possible-cyberattack-link-to-london-stock-exchange-outage/#ftag=RSSbaffb68 Cyberattack could have taken London Stock Exchange offline https://www.itproportal.com/news/cyberattack-could-have-taken-london-stock-exchange-offline/ GCHQ: A cyber-what-now? Rumours of our probe into London Stock Exchange 'cyberattack' have been greatly exaggerated https://www.theregister.co.uk/2020/01/06/gchq_london_stock_exchange_cyberattack_allegation/ Iranian hackers deface US government & African bank website https://www.hackread.com/iranian-hackers-deface-us-government-african-bank-website/ Bank of England and FCA plot internal data analytics shake-up https://www.fintechfutures.com/2020/01/bank-of-england-and-fca-plot-internal-data-analytics-shake-up/ Ukrainian cyber police exposed a fraudulent scheme of financial auctions https://www.ehackingnews.com/2020/01/ukrainian-cyber-police-exposed.html ATM skimmer sentenced for fleecing $400,000 out of US banks https://www.zdnet.com/article/atm-skimmer-sentenced-for-fleecing-400000-out-of-new-jersey-banks/ Member of ATM Skimming Conspiracy Targeting Multiple New Jersey Bank Locations Sentenced to 60 Months in Prison https://www.justice.gov/opa/pr/member-atm-skimming-conspiracy-targeting-multiple-new-jersey-bank-locations-sentenced-60 Nigerian Banks Spent N200bn Preventing Cyber Attacks In 2019 https://economicconfidential.com/2020/01/banks-n200bn-preventing-cyber-attack/ 3.電子支付/電子票證/行動支付/ pay/新聞及資安 百Pay齊放 金管會促今年電子支付達52％比重 https://reurl.cc/31E0x9 從電支電票的合併修法 ── 談支付法制之發展及本次修法特色（上） https://www.bnext.com.tw/article/56151/electronic-payment-e-ticket 4.虛擬貨幣/區塊鍊相關新聞及資安 金融小學堂／區塊鏈錢包 打破支付國界 https://money.udn.com/money/story/9740/4266484 Hardcore | 以太坊中智能合約攻擊和漏洞百科全書 https://www.zhiguf.com/focusnews_detail/29388 開發數據金礦 建議設監理沙盒 https://www.chinatimes.com/newspapers/20200106000175-260202?chdtv 證券型代幣交易所 今年上路 https://money.udn.com/money/story/5613/4262474 虛擬貨幣也能輕鬆Pay？SecuX 設計冷錢包，存錢花錢一把罩 https://meet.bnext.com.tw/articles/view/45745 中國人民銀行表示，中國央行數字貨幣「進展順利」 https://reurl.cc/RdVern 新加坡金管局就合規交易所加密貨幣衍生品的監管問題表態 http://finance.eastmoney.com/a/202001071349253542.html 虛擬幣交易所平台的網站安全加固如何防護？從滲透測試服務開始 https://www.admin5.com/article/20200110/941210.shtml Cryptocurrency exchange Poloniex issues password reset warning https://reurl.cc/K6W6Ln Characterizing and Detecting Money Laundering Activities on the Bitcoin Network https://arxiv.org/abs/1912.12060 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 羅技軟件被曝出漏洞傳播木馬：可遠程控制受害者電腦 https://haote.net/article/22-40442.html 羅技軟體被曝出漏洞傳播木馬：可遠程控制受害者電腦 https://read01.com/KD4LAML.html#.XhSStFUzY2w 國際刑警組織讓東南亞被挖礦程式綁架的路由器減少了78% https://www.ithome.com.tw/news/135275 伊朗駭客惡意程式已駭入美國電網、油氣公司 https://ithome.com.tw/news/135276 新年伊始，勒贖軟體繼續在美國各地傳出災情 https://www.twcert.org.tw/tw/cp-104-3206-227cc-1.html Landry's Restaurant Chain Suffers Payment Card Theft Via PoS Malware https://thehackernews.com/2020/01/landry-pos-malware-attack.html Win32.Stuxnet : Part 1 - Introduction, Installation and Infection https://www.youtube.com/watch?v=sEfqtET13SY&feature=youtu.be&t=520 Live Malware Analysis | Starship Bash Botnet https://www.youtube.com/watch?v=g-rNFzpUmh4&feature=emb_logo DeathRansom evolves from joke to actual ransomware https://www.zdnet.com/article/deathransom-evolves-from-joke-to-actual-ransomware/#ftag=RSSbaffb68 High-Impact Windows 10 Security Threat Revealed As App-Killing Malware Evolves https://www.forbes.com/sites/daveywinder/2020/01/05/alarming-new-windows-10-security-threat-as-app-killing-clop-malware-evolves/#5d8e7ae55a9f Maze Ransomware Victim Sues Anonymous Attackers https://www.bankinfosecurity.com/maze-ransomware-victim-sues-anonymous-attackers-a-13574 Restaurant Chain Landry's Investigates Malware Incident https://www.bankinfosecurity.com/restaurant-chain-landrys-investigates-malware-incident-a-13571 BANKING MALWARE IN ANDROID CONTINUES TO GROW. A LOOK AT THE RECENT BRAZILIAN BANKING TROJAN BASBANKE/COYBOT https://www.buguroo.com/en/blog/banking-malware-in-android-continues-to-grow.-a-look-at-the-recent-brazilian-banking-trojan-basbanke-coybot The Mac Malware of 2019 https://objective-see.com/blog/blog_0x53.html McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/ Predator the Thief: Analysis of Recent Versions https://www.fortinet.com/blog/threat-research/predator-the-thief-recent-versions.html This password-stealing malware just got updated with new tactics to help it hide better https://www.zdnet.com/article/this-password-stealing-malware-just-got-updated-with-new-tactics-to-help-it-hide-better/ Malware in the Cloud: Protecting Yourself Based on Your Cloud Environment https://www.tripwire.com/state-of-security/security-data-protection/cloud/malware-cloud-protection-cloud-environment/ Predator the Thief: Analysis of Recent Versions https://www.fortinet.com/blog/threat-research/predator-the-thief-recent-versions.html This password-stealing malware just got updated with new tactics to help it hide better https://www.zdnet.com/article/this-password-stealing-malware-just-got-updated-with-new-tactics-to-help-it-hide-better/ SNAKE Ransomware Is the Next Threat Targeting Business Networks https://www.bleepingcomputer.com/news/security/snake-ransomware-is-the-next-threat-targeting-business-networks/ Naive IoT botnet wastes its time mining cryptocurrency https://www.zdnet.com/article/naive-iot-botnet-wastes-its-time-mining-cryptocurrency/#ftag=RSSbaffb68 Drake Lyrics Used as Calling Card in Malware Attack https://threatpost.com/drake-lyrics-used-as-calling-card-in-malware-attack/151665/ PowerPoint Malware References Drake Lyrics to Drop Lokibot & Azorult https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/ REvil ransomware exploiting VPN flaws made public last April https://nakedsecurity.sophos.com/2020/01/08/revil-ransomware-exploiting-vpn-flaws-made-public-last-april/ Dubious downloads: How to check if a website and its files are malicious https://blog.malwarebytes.com/how-tos-2/2020/01/dubious-downloads-how-to-check-if-a-website-and-its-files-are-malicious/ Title: Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/#report Rising sea and spam levels? Emotet campaign uses Greta Thunberg as lure https://www.scmagazine.com/home/security-news/rising-sea-and-spam-levels-emotet-campaign-uses-greta-thunberg-as-lure/ B.行動安全 / iPhone / Android /穿戴裝置 /App 指示加強網絡安全 首長手機疑遭駭客盯上 https://eunited.com.my/332825/ 如何判斷手機是否遭安裝追蹤軟體 (Stalkerware) https://blog.trendmicro.com.tw/?p=62877 WhatsApp 通知恐怖份子帳號被駭，使歐洲政府調查受阻 https://www.inside.com.tw/article/18544-European-authorities-investigating-terror-suspect-say-WhatsApp-informed-phone-hacked 手機被駭遭勒索…《奇皇后》男星私密資料全流出！氣喊要告 https://www.setn.com/News.aspx?NewsID=667602 韓媒曝韓國10名以上頂級明星遭到駭客威脅勒索 http://n.yam.com/Article/20200108464771 發生名人三星手機駭客威脅事件 https://www.ptt.cc/bbs/KoreaStar/M.1578449276.A.93D.html 韓多名頂流藝人手機遭黑被勒索巨額，男愛豆怕影像流出被迫匯款！都用了三星這款手機 https://www.koreastardaily.com/tc/news/123342 多位韓國藝人手機資料遭盜並被勒索 正巧都用三星手機 https://www.chinatimes.com/realtimenews/20200109002358-260412?chdtv 安卓提權漏洞再遭利用，攻擊者疑似來自印度網軍 https://www.secrss.com/articles/16476 FBI又要求蘋果解鎖iPhone協助破案 https://www.ithome.com.tw/news/135242 瑞幸咖啡回應App被工信部點名：為防止駭客騙取首杯免費 https://ek21.com/news/tech/170801/ 資安漏洞頻傳，抖音母公司將導入區塊鏈技術 https://media.ace.io/tiktoks-owner-pivots-to-blockchain-as-app-security-flaws/ 抖音國際版TikTok被爆可被黑客竊取信息及劫持視頻 https://www.leiphone.com/news/202001/YMgTl2sshO2cfeif.html 政府が無料配布するスマートフォンに中国製らしき悪質なアプリがプリインストールされていたと判明 https://gigazine.net/news/20200110-government-funded-phone-malware/ 3 Google Play Store Apps Exploit Android Zero-Day Used by NSO Group https://thehackernews.com/2020/01/android-zero-day-malware-apps.html Researchers Demonstrate How to Hack Any TikTok Account by Sending SMS https://thehackernews.com/2020/01/hack-tiktok-account.html How to stop your iPhone and apps from tracking you 24/7 https://www.zdnet.com/article/how-to-stop-your-iphone-and-apps-from-tracking-you-247/#ftag=RSSbaffb68 Apple targets jailbreaking in lawsuit against iOS virtualization company https://news.hitb.org/content/apple-targets-jailbreaking-lawsuit-against-ios-virtualization-company FBI Asks Apple for Access to Saudi Shooter's iPhones https://www.bankinfosecurity.com/fbi-asks-apple-for-access-to-saudi-shooters-iphones-a-13586 Lawmakers Prod FCC to Act on SIM Swapping https://krebsonsecurity.com/2020/01/senators-prod-fcc-to-act-on-sim-swapping/ Unremovable malware found preinstalled on low-end smartphone sold in the US https://www.zdnet.com/article/unremovable-malware-found-preinstalled-on-low-end-smartphone-sold-in-the-us/#ftag=RSSbaffb68 C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件 2020年10大資安趨勢預測 https://www.ithome.com.tw/article/135183 2020資安趨勢重點整理 https://www.ithome.com.tw/voice/135171 嫌犯製「機械手臂」自動洗錢　不法所得破百億 https://news.tvbs.com.tw/local/1259401 香港警方過去半年閱 3721 部被捕人手機　李家超：全獲搜查令　拒答有否用駭客軟件 http://bit.ly/2T1JxyB 政府網軍竊密碼？　多名能源人士收到通知 https://news.tvbs.com.tw/politics/1259887 陳立誠扯密碼被「政府網軍」駭？Google駁「是資安提醒」 https://newtalk.tw/news/view/2020-01-08/351622 政府網軍竊密碼？ 多名能源人士收到通知 http://bit.ly/2tIPyW2 消費者對連網住宅資安與隱私風險了解不足、缺乏有效作為 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000575996_pzd8j763lp695v5nxyb1w Nexusguard研究表示，DNS放大攻擊年增近4,800% SYN洪水攻擊急增惹關注 https://times.hinet.net/news/22725538 利用url跳轉漏洞冒充公安局官網的騷操作 https://www.77169.net/html/249117.html 被駭超過20次卻不知不覺的InfoTrax與FTC和解 https://www.ithome.com.tw/news/135215 【除夕大抽獎】電郵設定兩漏洞變「垃圾」　旅發局聘獨立顧問檢討 https://reurl.cc/0zqzWM 有漏洞、頁面被篡改、非法收集個人信息…貴陽網警嚴查網絡違法 http://www.chinapeace.gov.cn/chinapeace/c53721/2020-01/06/content_12314219.shtml 源頭之戰，不斷升級的攻防對抗技術—— 軟件供應鏈攻擊防禦探索 https://security.tencent.com/index.php/blog/msg/140 翟本喬協助逮「黑韓」網軍 徐永明：時力揭弊只問是非 https://udn.com/news/story/9261/4277238 專家：大陸重構了網路能力 https://www.chinatimes.com/realtimenews/20200109001417-260409?chdtv 美國FBI最想定罪的“邪惡公司”首領：年僅32歲吸金億萬美元 https://www.freebuf.com/news/223492.html 美軍將撤離是假消息！科威特國家通訊社：遭駭客入侵 https://news.ltn.com.tw/news/world/breakingnews/3034291 消息超亂！科威特媒體稱「美軍3天內撤軍」　政府急澄清：被駭客攻擊 https://www.ettoday.net/news/20200108/1620926.htm 怕美國將撤軍消息洩露歸罪“俄駭客” 俄外交官這樣溫馨提示 http://big5.eastday.com:82/gate/big5/news.eastday.com/w/20200107/u1ai20287478_K26845.html 伊朗將領遭狙殺駭客也怒了 侵入美政府網頁誓復仇 https://www.cna.com.tw/news/aopl/202001050120.aspx 伊朗駭客侵入美政府機關網站 誓為蘇雷曼尼報仇 https://reurl.cc/rlql4k 伊朗將領遭狙殺駭客也怒了　侵入美政府網頁誓復仇 https://www.setn.com/News.aspx?NewsID=666653 伊朗將領遭狙殺 英相：不會哀嘆他的死 https://www.ntdtv.com/b5/2020/01/06/a102746042.html 白宮下設網站遭入侵長達1小時 駭客留下一張意味深長的圖 https://ek21.com/news/business/104973/ 白宮下設網站遭入侵黑客留下一張意味深長的圖 https://news.ji-qi.com/world/economics/202001/92-1710471.html 美國土安全部警告企業，伊朗可能發動網路攻擊 https://ithome.com.tw/news/135217 美聯邦官網被疑似伊朗駭客攻破 當局已實施監測 http://big5.eastday.com:82/gate/big5/news.eastday.com/w/20200107/u1ai20287381.html 美中第二階段談判將啟動 聚焦中共駭客竊盜 https://reurl.cc/lLrx9j Half of the websites using WebAssembly use it for malicious purposes https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes/#ftag=RSSbaffb68 New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild https://www.sec.cs.tu-bs.de/pubs/2019a-dimva.pdf UK man sentenced to prison for hacking and spying on victims through their webcams https://www.zdnet.com/article/uk-man-sentenced-to-prison-for-hacking-and-spying-on-victims-through-their-webcams/#ftag=RSSbaffb68 New Iranian data wiper malware hits Bapco, Bahrain's national oil company https://www.zdnet.com/article/new-iranian-data-wiper-malware-hits-bapco-bahrains-national-oil-company/#ftag=RSSbaffb68 Saudi Arabia CNA report https://www.scribd.com/document/442225568/Saudi-Arabia-CNA-report#download Austria's foreign ministry says facing 'serious cyber attack' https://www.afp.com/en/news/15/austrias-foreign-ministry-says-facing-serious-cyber-attack-doc-1ng2hj1 November 2019 Cyber Attacks Statistics https://www.hackmageddon.com/2019/12/18/november-2019-cyber-attacks-statistics/ Preparing for Potential Iranian 'Wiper' Attacks https://www.bankinfosecurity.com/interviews/preparing-for-potential-iranian-wiper-attacks-i-4566 Iranian Cyberattacks: 10 Must-Have Defenses https://www.bankinfosecurity.com/blogs/iranian-cyberattacks-10-must-have-defenses-p-2848 Global Cyber Alliance President on Iranian Cyber Threat https://www.bankinfosecurity.com/interviews/global-cyber-alliance-president-on-iranian-cyber-threat-i-4564 Iranian cyberattacks feared after killing of top general https://apnews.com/aa3ddd9dd24b79f8ec76aa1a6487e4fc US Conflict With Iran Sparks Cybersecurity Concerns https://www.bankinfosecurity.com/us-conflict-iran-sparks-cybersecurity-concerns-a-13576 5 technology trends for the roaring 20s, part 1: Blockchain, cloud, open source https://www.zdnet.com/article/5-technology-trends-for-the-roaring-20s-part-one-blockchain-cloud-open-source/#ftag=RSSbaffb68 Chrome to show error codes, similar to Windows BSOD screens https://www.zdnet.com/article/chrome-to-show-error-codes-similar-to-windows-bsod-screens/#ftag=RSSbaffb68 'Serious cyber-attack' on Austria's foreign ministry https://www.bbc.com/news/world-europe-50997773 Cybersecurity Data Sharing: A Federal Progress Report https://www.bankinfosecurity.com/cybersecurity-data-sharing-federal-progress-report-a-13575 Analysis: Countering Nation-State Attacks in 2020 https://www.bankinfosecurity.com/interviews/analysis-countering-nation-state-attacks-in-2020-i-4561 WARNING FOR INTENSE CYBERWAR: IRAN HACKS US GOVERNMENT WEBSITE FOR REVENGE https://www.analyticsinsight.net/warning-intense-cyberwar-iran-hacks-us-government-website-revenge/ HOW NORTH KOREA HACKERS ATTACK MAJOR CYBERSECURITY WEAKNESSES ACROSS THE GLOBE https://analyticsindiamag.com/how-north-korea-hackers-attack-major-cybersecurity-weaknesses-across-the-globe/ Microsoft: RDP brute-force attacks last 2-3 days on average https://www.zdnet.com/article/microsoft-rdp-brute-force-attacks-last-2-3-days-on-average/#ftag=RSSbaffb68 Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks http://bit.ly/2Fp7TKn FBI Investigating How Town Defrauded of $1 Million: Report https://www.bankinfosecurity.com/fbi-investigating-how-town-defrauded-1-million-report-a-13580 Analysis: Threat Posed by Pro-Iranian Hackers https://www.bankinfosecurity.com/analysis-threat-posed-by-pro-iranian-hackers-a-13579 US Conflict With Iran Sparks Cybersecurity Concerns https://www.bankinfosecurity.com/us-conflict-iran-sparks-cybersecurity-concerns-a-13576 The Everyday Cyber Threat Landscape: Trends from 2019 to 2020 https://newsroom.trendmicro.com/blog/simply-security/everyday-cyber-threat-landscape-trends-2019-2020 NIST 800-171 & Why Organizations Need Password Similarity Blocking in Active Directory https://www.bankinfosecurity.com/blogs/nist-800-171-organizations-need-password-similarity-blocking-in-active-p-2838 City of Las Vegas said it successfully avoided devastating cyber-attack https://www.zdnet.com/article/city-of-las-vegas-said-it-successfully-avoided-devastating-cyber-attack/#ftag=RSSbaffb68 INTERPOL Collaboration Reduces Cryptojacking by 78% https://blog.trendmicro.com/interpol-collaboration-reduces-cryptojacking-by-78/ The Six Pillars of Effective Security Operations https://blog.paloaltonetworks.com/2020/01/cortex-security-operations/ 6 ways hackers are targeting retail businesses https://blog.malwarebytes.com/web-threats/2020/01/6-ways-hackers-are-targeting-retail-businesses/ Router Cryptojacking Campaigns Disrupted https://www.bankinfosecurity.com/router-cryptojacking-campaigns-disrupted-a-13592 Automated host recon, persistence and exfiltration https://medium.com/@Bank_Security/automated-host-recon-persistence-and-exfiltration-85d49423dcc2 Threat Source newsletter (Jan. 9, 2019) https://blog.talosintelligence.com/2020/01/threat-source-newsletter-jan-9-2019.html DATA HACK Dixons Carphone fined £500,000 after hackers targeted 14million customers https://www.thesun.co.uk/money/10707151/dixons-carphone-fined-500000-hackers-customers/ 板橋〈資安〉工程師 https://www.104.com.tw/job/6jwq9 資安工程師/資深安全專家 (w0012) https://www.104.com.tw/job/6u5zn 資深資安工程師 (資安專家) https://www.104.com.tw/job/6u5p3 [招聘] 北京頂象技術有限公司招聘漏洞研究員/安全專家 https://www.52pojie.cn/thread-1084834-1-1.html 專案與資安業務專員、專案與HR產品業務人員 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=93184&HIRE_ID=9469597 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 工程師不爽抖內仍被甩 駭女網友裸照PO網判1年3月 https://www.chinatimes.com/realtimenews/20200105001055-260402?chdtv 「抖內」女網友發現養小白臉 竹科新貴駭進雲端散布性愛片 https://m.ltn.com.tw/news/society/breakingnews/3030361 發財夢遮眼！他狂匯款...堅信可預測台彩號碼　億萬富翁夢碎了 https://www.ettoday.net/news/20200103/1616729.htm 日本愛情旅館搜尋引擎資料外洩，最壞結果資料被用來勒索 http://technews.tw/2020/01/07/japanese-love-hotel-search-website-date-breach-the-worst-situation-is-user-is-blackmailed/ 美國社區醫院郵件帳號外洩波及近5萬名病患個資 https://www.ithome.com.tw/news/135245 手機自動傳百通　「星巴克請喝咖啡」急收回 https://news.tvbs.com.tw/life/1260159 去年首3季4500科技罪案 多屬網騙 http://bit.ly/35EiPyy 駭客「盜走」1000億？176萬人受害 手法與5年前「犯事」非法平臺雷同 https://ek21.com/news/business/105413/ School management software provider discloses severe security breach https://www.zdnet.com/article/school-management-software-provider-discloses-severe-security-breach/#ftag=RSSbaffb68 Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’ https://www.theguardian.com/uk-news/2020/jan/04/cambridge-analytica-data-leak-global-election-manipulation Search engine for Japanese sex hotels announces security breach https://www.zdnet.com/article/search-engine-for-japanese-sex-hotels-announces-security-breach/ Hackers steal sensitive data from Japanese search engine for sex hotels https://www.hackread.com/hackers-steal-data-japanese-search-engine-sex-hotels/ Microsoft Phishing Scam Exploits Iran Cyberattack Scare https://www.bleepingcomputer.com/news/security/microsoft-phishing-scam-exploits-iran-cyberattack-scare/ TEXT SCAM Bank of Ireland warn customers of scam messages after fraudsters send texts to customers seeking personal information https://www.thesun.ie/news/4971635/bank-of-ireland-warn-fraud-scam-messages/ E.研究報告 108年第3季資通安全技術報告 https://download.nccst.nat.gov.tw/attachfilenew/108_Q3_Cyber%20Security%20Technology%20Report.pdf 淺析通過操縱BGP Communities影響路由選路 https://www.freebuf.com/articles/network/223879.html D-Link DIR-859的RCE漏洞（CVE-2019–17621） https://www.freebuf.com/column/224459.html Spelevo EK 使用社會工程技術 https://www.chainnews.com/zh-hant/articles/085401388235.htm Nagios XI遠程命令執行漏洞(CVE-2019-20197) https://s.tencent.com/research/bsafe/868.html 【代碼審計】某JA網站內容管理系統模板注入漏洞 https://zhuanlan.zhihu.com/p/100864935 107 年 12月份 TWCERT/CC資安情資電子報 https://reurl.cc/5gxqry 濫用ThinkPHP 漏洞的殭屍網絡Hakai 和Yowai https://zhuanlan.zhihu.com/p/100574038 網絡空間安全時代的紅藍對抗建設 https://security.tencent.com/index.php/blog/msg/139 挖洞經驗| 用空字節（Null Byte）觸發內存洩露的4萬美金漏洞 https://www.freebuf.com/vuls/224088.html 深度研究Pass-the-Hash攻擊與防禦 https://xz.aliyun.com/t/7051 為何在 Docker 中執行特權容器不是個好主意 https://blog.trendmicro.com.tw/?p=62986 要如何找出無線設備獨一無二的射頻指紋 https://secbuzzer.co/post/85 [資訊安全] Web Application Security Testing Note https://github.com/MksYi/Web-Application-Security-Testing-Note 震網三代CVE-2017-8464漏洞復現 https://zhuanlan.zhihu.com/p/101608776 挖洞經驗| 利用越權漏洞竊取Airbnb房東的收款資金 https://www.freebuf.com/vuls/224431.html 教你利用繞過 UAC 對話框的漏洞 https://www.chainnews.com/zh-hant/articles/687022389326.htm CVE-2019-10758 mongo-express RCE漏洞分析 https://xz.aliyun.com/t/7066 Open Webmail郵件系統安全管理與防護指南 https://cert.tanet.edu.tw/prog/opendoc.php?id=2020010610014343586025745412569.pdf LINE Taiwan Security Meetup – BECKS #4 https://engineering.linecorp.com/zh-hant/blog/becks-meetup-0918/ Brief Analysis of the FDLP.gov Deface https://medium.com/@sshell_/brief-analysis-of-the-fdlp-gov-deface-980caba9c786 Bypassing AV via in-memory PE execution https://blog.dylan.codes/bypassing-av-via/ Top 10 Dangerous DNS Attacks Types and The Prevention Measures https://cybersecuritynews.com/dns-attacks/ First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group http://bit.ly/2Qt9MME Fasten your Recon process using Shell Scripting https://reurl.cc/D121L5 ahmetb/kubectl-tree https://github.com/ahmetb/kubectl-tree shodansploit https://github.com/shodansploit/shodansploit Open Redirect Payloads https://github.com/cujanovic/Open-Redirect-Payloads Blind WAF identification tool https://github.com/stamparm/identYwaf yeyintminthuhtut/Awesome-Red-Teaming https://github.com/yeyintminthuhtut/Awesome-Red-Teaming/blob/master/README.md Command Injection Through BLH https://medium.com/@trapp3rhat/command-injection-through-blh-3c32614bb395? DomLink https://github.com/vysecurity/DomLink Gather urls from wayback machine https://github.com/ghostlulzhacks/waybackSqliScanner Awesome Security https://github.com/sbilly/awesome-security/blob/master/README.md awesome-forensics https://github.com/alphaSeclab/awesome-forensics/blob/master/Readme_en.md xingkong123600/AngelSword https://github.com/xingkong123600/AngelSword cnlh/nps https://github.com/cnlh/nps EmotetについてATT&CKを使って調べてみた https://qiita.com/IK_PE/items/201e6b900e0de1d9fc89 AIOOSCP/hash-identifier https://github.com/AIOOSCP/hash-identifier 3gstudent/pyKerbrute https://github.com/3gstudent/pyKerbrute// PandoraFMS v7.0NG authenticated Remote Code Execution (CVE-2019-15029) https://shells.systems/pandorafms-v7-0ng-authenticated-remote-code-execution-cve-2019-15029/ December honeypot report https://bontchev.nlcv.bas.bg/articles/?y=2020&m=01 Active Directory forest trusts part 1 - How does SID filtering work https://dirkjanm.io/active-directory-forest-trusts-part-one-how-does-sid-filtering-work/ Updated: Basic IPv6 Troubleshooting Commands / IPv6 Rosetta Stone 2019 https://theinternetprotocolblog.wordpress.com/2019/11/04/basic-ipv6-troubleshooting-commands-i-ipv6-rosetta-stone-2019/ GHC + GDB https://asciinema.org/a/mzQFrJefYQyIYA5MyappydgzP iOS Application Injection https://arjunbrar.com/post/ios-application-injection CyberTruck Challenge 2019 — Android CTF https://medium.com/bugbountywriteup/cybertruck-challenge-2019-android-ctf-e39c7f796530 DNS Hijacking: A New Method of MitM Attack Observed in the Wild https://www.airoav.com/dns-hijacking-a-new-method-of-mitm-attack-observed-in-the-wild/ cat ~/footstep.ninja/blog.txt https://footstep.ninja/posts/exploiting-self-xss/ cseagle/blc https://github.com/cseagle/blc HTML Injection https://www.hackingcastle.com/2020/01/html-injection-tutorial.html Alert Alarm SMS exploit - English version https://jyx.github.io/alert-alarm-exploit.html Decrypting config.bin files for TP-Link WR841N, WA855RE, and probably https://assemblyofsecrets.blogspot.com/2020/01/decrypting-configbin-files-for-tp-link.html How to Break PDFs Breaking PDF Encryption and PDF Signatures https://media.ccc.de/v/36c3-10832-how_to_break_pdfs Burp Suite Series – Demonstrate Runtime File Payload https://hackersonlineclub.com/burp-suite-series-demonstrate-runtime-file-payload/ Kali Linux Announced New Kali 2020.1 Comes With “Non-Root Users By Default” https://reurl.cc/b6rYkr VB2019 paper: Catch me if you can: detection of injection exploitation by validating query and API integrity https://www.virusbulletin.com/blog/2020/01/vb2019-paper-catch-me-if-you-can-detection-injection-exploitation-validating-query-and-api-integrity/ cyberark/SkyArk https://github.com/cyberark/SkyArk/blob/master/README.md Virtualization Forensics: Live Acquisition of VMs https://netseedblog.com/security/usb-forensics/ Tishna Automated pentest framework for Servers, Application Layer to Web Security https://hackingpassion.com/tishna-automated-pentest-framework/ HTTP Request Smuggling + IDOR https://hipotermia.pw/bb/http-desync-idor Threat Hunting: Detecting Web Shells https://medium.com/@alpinoacademy/threat-hunting-detecting-web-shells-d9e1e8c6de2a Advanced Mobile Forensics Investigation Software https://hackersonlineclub.com/advanced-mobile-forensics-investigation-software/ Graylog2/graylog-plugin-threatintel https://github.com/Graylog2/graylog-plugin-threatintel Energetic Bear/Crouching Yeti: attacks on servers https://securelist.com/energetic-bear-crouching-yeti/85345/ Difference Between IDS, IPS, Anti-virus https://www.studynotesandtheory.com/blog/category/Communications%20and%20Network%20Security CyberTruck Challenge 2019 — Android CTF https://medium.com/bugbountywriteup/cybertruck-challenge-2019-android-ctf-e39c7f796530 sundowndev/PhoneInfoga https://github.com/sundowndev/PhoneInfoga aquasecurity/harbor-scanner-aqua https://github.com/aquasecurity/harbor-scanner-aqua Installing SystemWebView https://github.com/bromite/bromite/wiki/Installing-SystemWebView Bash for Everyone — Part 1 https://medium.com/@ehsahil/bash-cookbook-for-everyone-part-1-cc98251e2887 Enviro pHAT Raspberry Pi review https://magpi.raspberrypi.org/articles/enviro-phat-raspberry-pi-review MSAdministrator/apt33_apt34_possible_commands.md https://gist.github.com/MSAdministrator/7a61025263e279a740835da4b205e6d0 maldevel/PenTestKit https://github.com/maldevel/PenTestKit Neo23x0/ sigma https://github.com/Neo23x0/sigma/blob/master/rules/web/web_citrix_cve_2019_19781_exploit.yml nongiach/pyrofipass https://github.com/nongiach/pyrofipass/blob/master/pyrofipass.py XposedOrNot - Tool To Search An Aggregated Repository Of Xposed Passwords Comprising Of ~850 Million Real Time Passwords https://www.kitploit.com/2020/01/xposedornot-tool-to-search-aggregated.html xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/ Hold My Beer Mirai – Spinoff Named ‘LiquorBot’ Incorporates Cryptomining https://labs.bitdefender.com/2020/01/hold-my-beer-mirai-spinoff-named-liquorbot-incorporates-cryptomining/ Getting Started with ATT&CK https://www.mitre.org/sites/default/files/publications/mitre-getting-started-with-attack-october-2019.pdf jas502n/CVE-2019-20197 https://github.com/jas502n/CVE-2019-20197 Continued Escalation of Tensions in the Middle East https://blog.talosintelligence.com/2020/01/mideast-tensions-preparations.html log2timeline/dftimewolf https://github.com/log2timeline/dftimewolf Smartphone shopaholic https://securelist.com/smartphone-shopaholic/95544/ AD Fly Tool https://0xsp.com/secploit-exploits-terminal/ad-fly-tool offensive-hub/black-widow https://github.com/offensive-hub/black-widow KnightSec-Official/Phlexish https://github.com/KnightSec-Official/Phlexish securethelogs/Bluechecker https://github.com/securethelogs/Bluechecker F.商業 關貿網路武功強，去年抵禦30億次駭客攻擊 http://bit.ly/37ExBGU 安華聯網 Secure by Design 榮獲亞太區10大資安新創企業 https://ithome.com.tw/pr/135232 博通將原賽門鐵克網路安全服務部門賣給Accenture https://www.ithome.com.tw/news/135235 物聯網隱藏資安風險 果核數位 AI SOC服務 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=8777 Cloudflare釋出零信任安全工具組Cloudflare for Teams https://ithome.com.tw/news/135241 叡揚資訊10日興櫃掛牌 持續創新企業軟體應用與雲端服務 http://n.yam.com/Article/20200108177659 上月業績快報／安碁資訊+56% 攀峰 https://money.udn.com/money/story/11120/4275892 Extrahop網路偵測與回應系統能解析網路第2至第7層流量 https://www.ithome.com.tw/review/133851 Palo Alto Networks分享最新2020年資安趨勢預測報告　5G資安問題要關注 https://www.computerdiy.com.tw/20200109_palo-alto-networks/ 中華電信板橋雲端資料中心成功取得SOC報告認證 https://times.hinet.net/news/22731291 雲端服務業者提供使用者帳戶安全保護 https://www.twcert.org.tw/tw/cp-104-3208-ca6d1-1.html Are You Ready for Microsoft Windows 7 End of Support on 14th January 2020 https://thehackernews.com/2020/01/windows-7-support-ends.html New Windows 10 Fast Ring test build adds new Task Manager, Notification options https://www.zdnet.com/article/new-windows-10-fast-ring-test-build-adds-new-task-manager-notification-options/#ftag=RSSbaffb68 G.政府 內政部補助地方政府強化戶役政基層機關資安防護及區域聯防計畫作業要點 https://glrs.moi.gov.tw/LawContent.aspx?id=GL001038#lawmenu 推進數位發展 政府擬設專責部會 https://money.udn.com/money/story/5648/4269662 國發會計劃年底提出「開放資料專法」草案　強化數位治理 https://newtalk.tw/news/view/2020-01-02/348950 【2020十大資安趨勢7：法規遵循】資安法適用範圍擴及關鍵基礎設施，個資法為了因應GDPR將修法 https://ithome.com.tw/news/135179 【2020十大資安趨勢9：5G資安】NCC要求所有電信業者，5G資安要做到Security By Design https://www.ithome.com.tw/news/135181 【2020十大資安趨勢10：資安人才】培育學校生根有成，資安人才與產業接軌是關鍵 https://times.hinet.net/topic/22730677 三總與中科院通過資安管理驗證 環奧頒證 https://money.udn.com/money/story/5635/4276466 中東局勢緊張 國安機制啟動 https://ec.ltn.com.tw/article/paper/1344754 Windows 7終止支援服務專區 https://www.nccst.nat.gov.tw/Win7EndOfSupportIntro?lang=zh H.工控系統/SCADA/ICS MITRE正式發布針對工業控制系統的ATT&CK for ICS https://www.ithome.com.tw/news/135243 提高智慧電錶全生命週期的隱私性與安全性 https://www.eettaiwan.com/news/article/20200109TA31-Enhancing-Privacy-and-Security-in-the-Smart-Meter-Life-Cycle 工業製造業者遭網路間諜鎖定 https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16339 I.教育訓練 社交工程資安教育訓練(108上半年) https://elearn.hrd.gov.tw/info/10014130 你對資訊安全了解多少? 快利用1 Day學習網路上查不到的專業資安基礎知識 https://ithome.com.tw/pr/135223 [Trend Micro]-【資安防護直播研討會】全面晉級資安防衛戰 2/12 https://reurl.cc/0zqzll SSCP從七大領域提昇資安知識，解決各種常見難題 https://ithome.com.tw/pr/135220 Web漏洞總結: OWASP Top 10 https://www.cnblogs.com/pengdai/p/12169534.html OSCP Goldmine (not clickbait) http://0xc0ffee.io/blog/OSCP-Goldmine SSH Pentesting Guide https://community.turgensec.com/ssh-hacking-guide/ Updated: Basic IPv6 Troubleshooting Commands / IPv6 Rosetta Stone 2019 https://theinternetprotocolblog.wordpress.com/2019/11/04/basic-ipv6-troubleshooting-commands-i-ipv6-rosetta-stone-2019/ 【Webエンジニアど素人から３年生ぐらいになるまでに読むと良い本】を段階的にまとめた https://qiita.com/JunyaShibato/items/3aa5f7f3fc991de17f3f Wireshark Tutorial: Examining Ursnif Infections https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-ursnif-infections/ J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 歐盟網路資安局發表 IoT 資安報告，聚焦軟體開發設計安全 https://koin.kcg.gov.tw/?p=2586 網路攻擊事件頻傳 資安已成嵌入式系統重大挑戰 https://smartauto.ctimes.com.tw/DispArt-tw.asp?O=200107113050 央視曝數十萬個家用cam被入侵　黑客靠網售帳號牟利 https://reurl.cc/1QNoVG 中國數十萬只家用監視器帳號遭破解 通過網絡銷售 https://reurl.cc/D1rZ2O FBI recommends keeping your IoT devices on a separate network https://www.iottechnews.com/news/2019/dec/06/fbi-recommends-iot-devices-separate-network/ Xiaomi Cameras Connected to Google Nest Expose Video Feeds From Others https://thehackernews.com/2020/01/google-nest-xiaomi-camera.html Insight Partners' Latest Purchase: IoT Security Firm Armis https://www.bankinfosecurity.com/insight-partners-latest-purchase-iot-security-firm-armis-a-13584 6.近期資安活動及研討會 AIS3 EOF資安搶旗競賽 1/11 https://ais3.org/eof MLDM Monday x PyData Taiwan | TBD (about Shioaji) 1/13 https://www.meetup.com/Taiwan-R/events/266715784/ SANS Threat Hunting London Summit & Training 2020 1/13 ~ 1/18 https://www.sans.org/event/threat-hunting-europe-2020 GitLab Commit San Francisco 1/14 https://about.gitlab.com/events/commit/#attend-sanfrancisco 資安實務專題課程-Windows 惡意程式分析實務 1/14 ~ 1/17 https://isip.moe.edu.tw/wordpress/?p=1789 Build Your Security Token Blockchain - 如何打造證券型代幣區塊鏈 1/14 https://www.meetup.com/Polkadot-Taipei/events/267377249/ Elixir.tw Taipei Meetup inside 默默會(mokumokukai) 1/14 https://www.meetup.com/elixirtw-taipei/events/267421068/ Scala Taiwan #36 - Scala through lenses 1/14 https://www.meetup.com/Scala-Taiwan-Meetup/events/267314640/ Hacking Thursday 1/16 http://www.hackingthursday.org/invite A meetup with Laurence Moroney 1/16 https://www.meetup.com/TensorFlow-User-Group-Taipei/events/267109922/ ANSYS Workbench結構分析基礎課程 1/16 ~ 1/17 https://reurl.cc/mdjz7l Japan Security Analyst Conference 1/17 https://jsac.jpcert.or.jp/ WizardAmigos CodeCamp [Taipei,JavaScript,­English] 1/20 https://www.meetup.com/WizardAmigos/events/bbdclrybccbbc/ Cyber Security for Critical Assets (CS4CA) MENA 1/20 ~ 1/21 https://mena.cs4ca.com/?ref=infosec-conferences.com PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23 https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world 2020核果資訊冬季班 Python 程式語言 (Level 1) 1/22~ 2/13 https://www.accupass.com/event/1911150442131985092910 Hacking Thursday 1/23 http://www.hackingthursday.org/invite Security Hell Conference (SH3LLCON) 1/24 ~ 1/25 https://www.sh3llcon.es/?ref=infosec-conferences.com NextGen SCADA 1/27 ~ 1/31 https://www.smartgrid-forums.com/forums/nextgen-scada-global/ Cranfield University Cyber Symposium 1/28 ~ 1/29 https://www.cranfield.ac.uk/events/symposia/cyber International Cyber Security Forum (FIC) 1/28 ~ 1/30 https://www.forum-fic.com/en/home.htm Free and Safe in Cyberspace 1/29 https://www.free-and-safe.org/ Hacking Thursday 1/30 http://www.hackingthursday.org/invite 制御システムセキュリティカンファレンス 2020 2020年2月14日 https://www.jpcert.or.jp/event/ics-conference2020.html CYBERSEC 2020 臺灣資安大會 3/17 ~ 3/19 https://cyber.ithome.com.tw/ black ASIA 2020 Singapore 3/31 ~ 4/3 https://www.blackhat.com/asia-20/briefings/schedule/ 2020 Industrial Control Systems (ICS) Cyber Security Conference | Singapore https://www.icscybersecurityconference.com/singapore/