2019年10月4日 星期五

資安事件新聞週報 2019/9/30 ~ 2019/10/4

資安事件新聞週報  2019/9/30  ~  2019/10/4

1.重大弱點漏洞/後門/Exploit/Zero Day
思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x
Red Hat JBoss 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.3689/
https://www.auscert.org.au/bulletins/ESB-2019.3672/
IBM WebSphere Application Server 多個漏洞
https://www.ibm.com/support/pages/node/960171
蘋果產品多個漏洞
https://support.apple.com/en-us/HT201222
Checkm8漏洞有多恐怖永久性破解蘋果A5-A11設備
https://new.qq.com/omn/20190928/20190928A09R9900.html
谷歌Google軟件現嚴重漏洞導致部分蘋果Mac電腦無法正常啟動
http://www.sohu.com/a/343990168_499322
vBulletin緊急修補本周被揭露的零時差漏洞
https://ithome.com.tw/news/133295
物聯網裝置攻擊頻傳,戴夫寇爾揭露中華電信數據機設置不當的漏洞
https://www.ithome.com.tw/news/133322
關於CVE-2019-1367 IE瀏覽器遠程代碼執行高危漏洞安全加固的緊急通報
https://www.heibai.org/post/1526.html
IBM MQ AMQP Listeners 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4227
微軟IE瀏覽器現漏洞 惡意代碼奪取電腦控制權
http://bit.ly/2o5b98k
微軟 IE 瀏覽器被曝漏洞,可透過惡意網站操控 Windows 系統
https://technews.tw/2019/09/30/ie-is-exposed-to-major-security-vulnerabilities/
微軟緊急發佈IE零時差漏洞更新
https://www.version-2.com.tw/news/latest_news/article/20191002/
【Windows 10 KB4516071 累積更新小細節!!】 將 SSD 默認加密改為 BitLocker 軟件加密
http://bit.ly/2nVHfTT
Microsoft says Windows 10 1903 is officially 'ready for broad deployment'
https://www.zdnet.com/article/microsoft-says-windows-10-1903-is-officially-ready-for-broad-deployment/#ftag=RSSbaffb68
Microsoft to make Windows 7 Extended Security Updates available to all business users
https://www.zdnet.com/article/microsoft-to-make-windows-7-extended-security-updates-available-to-all-business-users/#ftag=RSSbaffb68
When will you get the next version of Windows 10? Here's how to take control
https://www.zdnet.com/article/when-will-you-get-the-next-version-of-windows-10/#ftag=RSSbaffb68
Windows 10 1903 KB4522016 Cumulative Update Breaks Printing
https://www.bleepingcomputer.com/news/microsoft/windows-10-1903-kb4522016-cumulative-update-breaks-printing/
Windows Server 2008 即將終止支援:您準備好了嗎
https://blog.trendmicro.com.tw/?p=62140
PDF 檔案規格資安漏洞,導致有心人能窺探加密文件
https://technews.tw/2019/10/02/pdf-file-scheme-vulanerable-makes-another-people-can-have-a-skim-on-encrypted-text/
Researchers Find New Hack to Read Content Of Password Protected PDF Files
https://thehackernews.com/2019/10/pdf-password-encryption-hacking.html
New PDFex attack can exfiltrate data from encrypted PDF files
https://www.zdnet.com/article/new-pdfex-attack-can-exfiltrate-data-from-encrypted-pdf-files/#ftag=RSSbaffb68
GAO Raises Concerns About Power Grid Vulnerabilities
https://www.bankinfosecurity.com/gao-raises-concerns-about-power-grid-vulnerabilities-a-13157
ATMIA, ASA call for stronger measures against ATM crimes
https://www.atmmarketplace.com/news/atmia-asa-call-for-stronger-measures-against-atm-crimes/
Joint Position Paper on ATM Crime Sentences
https://www.atmsecurityassociation.com/files/position-papers/position-paper-on-atm-crime-sentencing-published.pdf
Jira Server / Data Center Template Injection
https://packetstormsecurity.com/files/154611/jiraserverdc-inject.txt
Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation
https://packetstormsecurity.com/files/154702/fortisiem5-invalid.txt
tcpdump 4.9.3
https://packetstormsecurity.com/files/154679/tcpdump-4.9.3.tar.gz
pfSense 2.3.4 / 2.4.4-p3 Remote Code Injection
https://packetstormsecurity.com/files/154587/pfsense-remote-code-injection.txt
Privilege escalation vulnerability patched in Forcepoint VPN for Windows
https://www.zdnet.com/article/privilege-escalation-vulnerability-patched-in-forcepoint-vpn-for-windows/
Palo Alto Networks Cross Site Request Forgery
https://packetstormsecurity.com/files/154559/paloalto-xsrf.txt
Wireshark Analyzer 3.0.5
https://packetstormsecurity.com/files/154556/wireshark-3.0.5.tar.xz
Web-Based Firewall Logging Tool 1.1.2
https://packetstormsecurity.com/files/154555/webfwlog-1.1.2.tar.bz2
VMware Security Advisory 2019-0013
https://packetstormsecurity.com/files/154536/VMSA-2019-0013.txt
VMware Security Advisory 2019-0014
https://packetstormsecurity.com/files/154535/VMSA-2019-0014.txt
A Vulnerability in PHP Could Allow for Arbitrary Code Execution
https://www.cisecurity.org/advisory/a-vulnerability-in-php-could-allow-for-arbitrary-code-execution_2019-101/
New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released
https://thehackernews.com/2019/09/exim-email-security-vulnerability.html
forcepoint -- vpn_client CVE-2019-6145
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6145
linux -- linux_kernel CVE-2019-14814
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14814
linux -- linux_kernel CVE-2019-14816
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14816
linux -- linux_kernel CVE-2019-16746
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16746
microsoft -- internet_explorer CVE-2019-1367
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1367
netapp -- ontap_select_deploy_administration_utility  CVE-2019-5504
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5504
suricata-ids -- suricata CVE-2019-16411 
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16411
Exim再度修補遠端程式攻擊漏洞
https://www.ithome.com.tw/news/133372
New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released
https://thehackernews.com/2019/09/exim-email-security-vulnerability.html
Academics find eight vulnerabilities in Android's VoIP components
https://www.zdnet.com/article/academics-find-eight-vulnerabilities-in-androids-voip-components/#ftag=RSSbaffb68
Remote access flaws found in popular routers, NAS devices
https://www.welivesecurity.com/2019/09/18/popular-routers-nas-devices-vulnerabilities/
How to get your Mac ready for macOS 10.15 Catalina
https://www.zdnet.com/article/how-to-get-your-mac-ready-for-macos-10-15-catalina/#ftag=RSSbaffb68
JVN#97845465 LINE (Android版) における複数の整数オーバーフローの脆弱性
https://jvn.jp/jp/JVN97845465/
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
金管會2020四大重點 純網銀建立「即時監理系統」、整併電子支付與電子票證都在其中
https://www.ettoday.net/news/20190929/1544948.htm
金融資安資訊分享 立院建議改收費制
https://ec.ltn.com.tw/article/paper/1322226
南山系統出包...尹衍樑:承認錯誤 我們會全力追求完善
https://udn.com/news/story/6839/4071962
買賣未上市股票小心被騙!金管會:留意三大風險
https://money.udn.com/money/story/5613/4075070
趨勢科技點出最新開放銀行法規的資安風險
https://news.sina.com.tw/article/20190930/32824544.html
開放銀行首發15家 資訊共享
https://ctee.com.tw/news/finance/152303.html
接軌新科技時代 央行成立數位貨幣小組
https://money.udn.com/money/story/5613/4076094
網路投保夯 壽險公會擬推實名認證
https://udn.com/news/story/7239/4042766?from=udn-ch1_breaknews-1-cate6-news
銀行業新崗位「金融科技師」來了 要不要申請
https://news.sina.com.tw/article/20190928/32807270.html
影子銀行死灰復燃 中國金融危機蠢動
https://ec.ltn.com.tw/article/breakingnews/2926501
SWIFT跨境瞬時支付在歐洲成功完成“秒級”測試
http://finance.caixin.com/2019-09-30/101468079.html
保險業App首創!南山人壽「直接串接」健保署資料庫
https://www.ettoday.net/news/20191001/1547317.htm
行庫動態:第一銀首創「銀行同業外幣現鈔買賣區塊鏈平台」上線
https://fnc.ebc.net.tw/FncNews/stock/101826
App綁定信用卡消費要注意 金管會提兩自保作法
https://udn.com/news/story/7239/4084238
New North Korean malware targeting ATMs spotted in India
https://www.zdnet.com/article/new-north-korean-malware-targeting-atms-spotted-in-india/
Magecart strikes again: hotel booking websites come under fire
https://www.zdnet.com/article/magecart-strikes-again-hotel-booking-websites-come-under-fire/
Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites
https://blog.trendmicro.com/trendlabs-security-intelligence/magecart-skimming-attack-targets-mobile-users-of-hotel-chain-booking-websites/
Magecart Attackers Target Mobile Hotel Booking Sites
http://passwordalert.com/magecart-attackers-target-mobile-hotel-booking-sites/
PSD2 Authentication Deadline Needs to Be Firmed Up - Now
https://www.bankinfosecurity.com/blogs/psd2-authentication-deadline-needs-to-be-firmed-up-now-p-2794
ATM stolen Monday from Walgreens in Scotts Valley
https://www.santacruzsentinel.com/2019/10/01/atm-stolen-monday-from-walgreens-in-scotts-valley/
IBM white hat hacker demonstrates how to jackpot ATM
https://www.atmmarketplace.com/news/video-shows-ibm-white-hat-hacker-demonstrating-how-to-jackpot-atm/
Panel Offers Cybersecurity Advice to Sinagpore's Banks
https://www.bankinfosecurity.asia/panel-offers-cybersecurity-advice-to-sinagpores-banks-a-13171
MAS’ Cyber Security Advisory Panel Highlights Need for Managing Cyber Risks in IT Supply Chains
https://www.mas.gov.sg/news/media-releases/2019/mas-cyber-security-advisory-panel-highlights-need-for-managing-cyber-risks-in-it-supply-chains
Evidence tying Cobalt Group to Magecart Group 4 unveiled
https://www.scmagazine.com/home/security-news/data-breach/evidence-tying-cobalt-group-to-magecart-group-4-unveiled/
Magecart Group 4: A link with Cobalt Group
https://blog.malwarebytes.com/threat-analysis/2019/10/magecart-group-4-a-link-with-cobalt-group/
ATM skimming and shimming: Is your fleet protected
https://www.atmmarketplace.com/blogs/atm-skimming-and-shimming-is-your-fleet-protected/
3.電子支付/電子票證/行動支付/ pay/新聞及資安
偷fb網民資料用「轉數快」轉走18萬元 青年欺詐兼洗黑錢今判囚22個月
https://hk.news.appledaily.com/local/realtime/article/20190930/60099936
支付系統故障 小店1.4萬元銷售額不知去向
http://www.epochtimes.com/b5/19/10/1/n11558116.htm
電子支付跨境網購 玉山銀首推行動身分識別
https://money.udn.com/money/story/5617/4078730
玉山銀行首推Mobile ID行動身分識別服務
https://m.ctee.com.tw/livenews/aj/a93610002019100112012327
中國准許首個外國支付系統進行本國市場:不怕有對手
http://news.dwnews.com/global/news/2019-10-03/60151512.html
PayPal 進軍中國電子支付市場 外商藉收購國付寶取得首張營業執照
https://www.upmedia.mg/news_info.php?SerialNo=72560
Payment card thieves hack Click2Gov bill paying portals in 8 cities
https://arstechnica.com/information-technology/2019/09/payment-card-thieves-hack-click2gov-bill-paying-portals-in-8-cities/
Samsung Pay Cash now available: Budget your spending with this prepaid virtual card
https://www.zdnet.com/article/samsung-pay-cash-now-available-budget-your-spending-with-this-prepaid-virtual-card/#ftag=RSSbaffb68
4.虛擬貨幣/區塊鍊相關新聞及資安
區塊鏈重塑服務模式 確保病患權益
https://money.udn.com/money/story/5612/4074645
諾貝爾獎得主看臉書Libra 有可行性與隱私疑慮
https://money.udn.com/money/story/5613/4072699
虛擬貨幣湧現與你無關?不經意間你就成了駭客的挖礦工具
http://168coin.com.tw/hackers-mining-tools/
比特幣的LN開發人員披露了網絡的漏洞
https://0xzx.com/201909281941292958.html
Rusty Russell 稱已修復閃電網絡安全漏洞
https://www.chainnews.com/news/598129982114.htm
Libra的「烏托邦」與中國法定數位貨幣的機遇
http://news.knowing.asia/news/da49fce7-4da1-4782-9dbb-aee38c57ecc5
台灣沒有理由置身事外!盤點央行總裁楊金龍分析數位貨幣的3個觀點
http://bit.ly/2IlJTtG
大型金融機構擬涉足託管領域,但比特幣託管正面臨這些挑戰
http://news.knowing.asia/news/413839ad-1576-4a2c-93b1-920c5c81fe49
認定交易媒介 買賣虛擬通貨 所得稅跑不掉
https://m.ctee.com.tw/dailynews/a02aa2/a02aa2/1011172
「區塊鏈+跨境支付」正夯!巴西擬放棄現有支付系統
http://news.knowing.asia/news/db74bb88-9f4c-40af-ba45-d7aeab281d95
區塊鏈五方向應用...產業邁大步
https://money.udn.com/money/story/5612/4074642
區塊鏈有多紅?連相親平臺都開始使用代幣建立社群
http://news.knowing.asia/news/4944f62b-0861-480a-9c85-9862209ba238
韓國法院針對加密交易所駭客行為,做出里程碑式判決:賠償用戶損失
http://news.knowing.asia/news/96c222ce-6fac-4180-8b37-75a7a1648b1d
30萬美元!英國警方首次將拍賣加密貨幣作為資產追回的方式
http://news.knowing.asia/news/be8ba902-0a5d-473a-bf6a-1a08284cf41f
Libra 協會出現裂痕!Visa、萬事達卡正在考慮撤出,Libra 還有辦法發行嗎
https://buzzorange.com/techorange/2019/10/02/visa-stop-cooperating-with-libra/
區塊鏈筆記:駭客攻擊方式摘要-《 Exploring the Attack Surface of Blockchain:A Systematic Overview》
http://bit.ly/2oBgTXY
盜版網站已開始接受比特幣,加密貨幣將不利於「反盜版」工作
http://news.knowing.asia/news/8dd7ac8d-1136-4c19-a34d-8eb8b7a054a1
加密貨幣無人可管?KryptoGO發展監管科技工具、協助金流透明化
http://bit.ly/2nSO3SX
臉書數位貨幣Libra能否在台發行 央行總裁楊金龍:持保守態度靜觀其變
https://www.ettoday.net/news/20191003/1548661.htm
跳脫舒適圈 潘奕彰勇闖虛擬貨幣圈
https://www.storm.mg/article/1761149
UK Police Auction TalkTalk Hacker's Cryptocurrency Stash
https://www.bankinfosecurity.com/uk-police-auction-talktalk-hackers-cryptocurrency-stash-a-13166
Details of Lightning Network security vulnerability discovered in September have been released
http://bit.ly/2m5k60Y
Cryptocurrency Shakedown: Old Tactics, New Twist
https://www.bankinfosecurity.com/cryptocurrency-shakedown-old-tactics-new-twist-a-13155
Facebook’s cryptocurrency plans make Mastercard, Visa, Libra backers nervous
https://www.zdnet.com/article/mastercard-visa-banks-get-the-jitters-over-facebooks-libra-cryptocurrency-dreams/#ftag=RSSbaffb68
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
微軟揭露新的Nodersok無檔案攻擊行動
https://www.ithome.com.tw/news/133302
病毒團伙利用phpStudy RCE漏洞批量抓雞,下發四個遠控木馬
https://www.4hou.com/system/20637.html
防範勒索病毒之道:良好的使用習慣、預防之餘更要做好備份
https://www.cool3c.com/article/148322
今年美國有621個組織遭到勒索軟體攻擊,近8成為醫療服務供應商
https://ithome.com.tw/news/133390
FBI警告:勒索軟體日益猖獗,不鼓勵支付贖金
https://www.ithome.com.tw/news/133406
趨勢科技總評2019上半年資安報告:企業無檔案式威脅暴增265%
https://www.ettoday.net/news/20191003/1549053.htm
資安研究人員發現低成本的殭屍網路MasterMana
https://www.ithome.com.tw/news/133407
惡名昭彰 Emotet 銀行木馬,偽裝成前 CIA 職員愛德華·史諾登的回憶錄再出擊
https://blog.trendmicro.com.tw/?p=62154
MasterMana BotNet
https://blog.prevailion.com/2019/10/mastermana-botnet.html
FBI Warns U.S. Organizations About High Impact Ransomware
https://www.bleepingcomputer.com/news/security/fbi-warns-us-organizations-about-high-impact-ransomware/
HIGH-IMPACT RANSOMWARE ATTACKS THREATEN U.S. BUSINESSES AND ORGANIZATIONS
https://www.ic3.gov/media/2019/191002.aspx
Microsoft Warns of a New Rare Fileless Malware Hijacking Windows Computers
https://thehackernews.com/2019/09/windows-fileless-malware-attack.html
Most malspam contains a malicious URL these days, not file attachments
https://www.zdnet.com/article/most-malspam-contains-a-malicious-url-these-days-not-file-attachments/#ftag=RSSbaffb68
Proofpoint Q2 2019 Threat Report - Emotet’s hiatus, mainstream impostor techniques, and more
https://www.proofpoint.com/us/threat-insight/post/proofpoint-q2-2019-threat-report-emotets-hiatus-mainstream-impostor-techniques
Malware infection disrupts production at defence contractor plants in three countries
https://www.zdnet.com/article/malware-infection-disrupts-production-at-defence-contractor-plants-in-three-countries/#ftag=RSSbaffb68
Ad-hoc: Rheinmetall AG: Regional disruption of production due to malware at Rheinmetall Automotive
https://www.rheinmetall.com/en/rheinmetall_ag/press/news/latest_news/index_18496.php
WhiteShadow downloader uses Microsoft SQL queries to deliver malicious payloads
https://www.zdnet.com/article/whiteshadow-malware-uses-microsoft-sql-queries-to-deliver-malicious-payloads/#ftag=RSSbaffb68
Notorious GandCrab hacker group 'returns from retirement’
https://www.bbc.com/news/technology-49817764
REvil/Sodinokibi Ransomware
https://www.secureworks.com/research/revil-sodinokibi-ransomware
Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host
https://blog.talosintelligence.com/2019/09/divergent-analysis.html
Emotet Disguises as Downloadable File of Edward Snowden’s New Book to Infect Users
https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/emotet-disguises-as-downloadable-file-of-edward-snowden-s-new-book-to-infect-users
Emotet malspam campaign uses Snowden’s new book as lure
https://blog.malwarebytes.com/botnets/2019/09/emotet-malspam-campaign-uses-snowdens-new-book-as-lure/?utm_source=pr
Ransomware incident to cost Danish company a whopping $95 million
https://www.zdnet.com/article/ransomware-incident-to-cost-danish-company-a-whopping-95-million/#ftag=RSSbaffb68
Over 500 US schools were hit by ransomware in 2019
https://www.zdnet.com/article/over-500-us-schools-were-hit-by-ransomware-in-2019/
Baltimore Ransomware Carnage Compounded by Local Storage
https://www.bankinfosecurity.com/blogs/baltimore-ransomware-carnage-compounded-by-local-storage-p-2795
Thousands of Windows PCs infected by Nodersok/Divergent fileless malware
https://www.hackread.com/windows-pcs-infected-nodersok-divergent-fileless-malware/
'WhiteShadow' Downloader Employs Microsoft SQL for Malware Delivery
https://www.securityweek.com/whiteshadow-downloader-employs-microsoft-sql-malware-delivery
Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users
https://thehackernews.com/2019/10/malvertising-webkit-hacking.html
Malvertiser exploited two browser bugs to show over one billion malicious ads
https://www.zdnet.com/article/malvertiser-exploited-two-browser-bugs-to-show-over-one-billion-malicious-ads/#ftag=RSSbaffb68
Malvertiser ‘eGobbler’ Exploits Chrome & WebKit Bugs, Infects Over 1 Billion Ads
https://blog.confiant.com/malvertiser-egobbler-exploits-chrome-webkit-bugs-infects-over-1-billion-ads-6b8ccc41b0e6
Malware: cosa sono, come riconoscerli e come rimuoverli
https://www.cybersecurity360.it/nuove-minacce/malware-cosa-sono-come-riconoscerli-e-come-rimuoverli/
2019-09-30 - DATA DUMP: HANCITOR-STYLE AMADEY
https://www.malware-traffic-analysis.net/2019/09/30/index.html
2019-10-02 - DATA DUMP: EMOTET WITH TRICKBOT (GTAG: MOR14)
https://www.malware-traffic-analysis.net/2019/10/02/index.html
2019-10-01 - DATA DUMP: EMOTET WITH TRICKBOT (GTAG: MOR13)
https://www.malware-traffic-analysis.net/2019/10/01/index.html
New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign
https://blog.trendmicro.com/trendlabs-security-intelligence/new-fileless-botnet-novter-distributed-by-kovcoreg-malvertising-campaign/
Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website
https://blog.trendmicro.com/trendlabs-security-intelligence/mac-malware-that-spoofs-trading-app-steals-user-information-uploads-it-to-website/
Fileless Cryptocurrency-Miner GhostMiner Weaponizes WMI Objects, Kills Other Cryptocurrency-Mining Payloads
https://blog.trendmicro.com/trendlabs-security-intelligence/fileless-cryptocurrency-miner-ghostminer-weaponizes-wmi-objects-kills-other-cryptocurrency-mining-payloads/
Open Document format creates twist in maldoc landscape
https://blogs.cisco.com/security/talos/open-document-format-creates-twist-in-maldoc-landscape
Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host
https://blog.talosintelligence.com/2019/09/divergent-analysis.html
How Tortoiseshell created a fake veteran hiring website to host malware
https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html
Fake Browser Updates Infect Enterprises with Ransomware, Bankers
https://www.bleepingcomputer.com/news/security/fake-browser-updates-infect-enterprises-with-ransomware-bankers/
Head Fake: Tackling Disruptive Ransomware Attacks
https://www.fireeye.com/blog/threat-research/2019/10/head-fake-tackling-disruptive-ransomware-attacks.html
Fake Office Activation Wizard Docs Used to Spread Emotet Trojan
https://www.bleepingcomputer.com/news/security/fake-office-activation-wizard-docs-used-to-spread-emotet-trojan/
OpenDocument files now being used in attacks
https://www.scmagazine.com/home/security-news/cyberattack/opendocument-files-now-being-used-in-attacks/
Open Document format creates twist in maldoc landscape
https://blog.talosintelligence.com/2019/09/odt-malware-twist.html
How SMBs Can Mitigate the Growing Risk of File-based Attacks
https://thehackernews.com/2019/10/business-cybersecurity-tips.html
Threat Spotlight: Document-Based Malware
https://blog.barracuda.com/2019/04/04/threat-spotlight-document-based-malware/
New Reductor Malware Hijacks HTTPS Traffic
https://threatpost.com/new-reductor-malware-hijacks-https-traffic/148904/
COMpfun successor Reductor infects files on the fly to compromise TLS traffic
https://securelist.com/compfun-successor-reductor/93633/
ESET Flags New Latin American Banking Trojan That Targets Crypto
https://cointelegraph.com/news/eset-flags-new-latin-american-banking-trojan-that-targets-crypto
Casbaneiro: Dangerous cooking with a secret ingredient
https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/
Android banking botnet targets thousands
https://www.techradar.com/news/android-banking-botnet-targets-thousands
Global leader in cybersecurity ESET discovers new type of banking trojans stealing cryptocurrency
https://www.unian.info/world/10708260-global-leader-in-cybersecurity-eset-discovers-new-type-of-banking-trojans-stealing-cryptocurrency.html
Ramnit Targets Japanese Shoppers, Aiming at Top Fashion Brands
https://securityintelligence.com/posts/ramnit-targets-japanese-shoppers-aiming-at-top-fashion-brands/
B.行動安全 / iPhone / Android /穿戴裝置 /App
預防無線通訊爆炸 電磁波為風險因子
https://money.udn.com/money/story/10860/4077216
Android 系統的痛?資安專家:Google Play 惡意軟體單月下載破 3.3 億次
https://3c.ltn.com.tw/news/38168
遭受駭客攻擊!臺港蘋果日報App及網站服務受影響
https://www.ithome.com.tw/news/133325
台港《蘋果》App遭駭 黎智英:絕不退縮
https://tw.appledaily.com/headline/daily/20190929/38457308/
蘋果日報App遭駭客入侵 10:30已恢復正常
https://tw.appledaily.com/hot/realtime/20190928/1640403/
蘋果日報App疑遭駭客攻擊?「叛國亂港」社長:不屈服壓力
https://www.setn.com/News.aspx?NewsID=609869
遭駭客攻擊?新聞APP現「五星旗」
https://www.ptt.cc/bbs/Gossiping/M.1569684548.A.CF3.html
蘋果動新聞APP被駭客修改留下五星紅旗
https://pincong.rocks/article/5656
下載 3 天莫名被扣款上千元!9 款惡質 Android App 千萬不要碰
https://3c.ltn.com.tw/news/38140
資安公司披露可以通過Google Play審核的「騙錢軟體」,偽裝成免費APP三天後卻偷偷向你扣款三千元
https://www.techbang.com/posts/73249-malware-masquerading-as-a-free-app-secretly-charges-you-3000-after-three-days
廣東執行資安檢查,下架逾5千個APP
http://bit.ly/2o3FPXI
試用3天後被扣天價訂閱金 小心這些偽免費App
https://www.nownews.com/news/20191002/3664751/
眾人皆肥我獨瘦,Android 10 Go維持輕巧優良傳統
https://www.techbang.com/posts/73144-everyones-fat-im-slim-android-10-go-maintains-a-fine-tradition-of-lightness
研究人員發現鎖定SIM卡攻擊遠端控制手機的WIBattack
https://www.ithome.com.tw/news/133327
Telegram 祭出 40 萬美元宣布「TON 智能合約程式設計競賽」開跑
https://news.cnyes.com/news/id/4387792
WhatsApp擬推自動銷毀訊息 保護敏感內容
https://inews.hket.com/article/2464307
十一國慶拚業績?維吾爾、西藏官員 WhatsApp 相繼被駭
http://bit.ly/2oqR1Oh
賭博應用程式以偽裝術,躲過iOS App Store和Google Play審查,爬上前百排名
https://blog.trendmicro.com.tw/?p=62148
LINE選在東京舉辦開發者大會 規模擴大探討多元主題
https://www.chinatimes.com/realtimenews/20191003002889-260412?chdtv
雲端發票APP中獎卻「沒顯示」! 遭批設計不良
https://news.tvbs.com.tw/life/1211116
資安業者揭新漏洞! SIM卡被「挾持」 iOS、安卓都中招
https://3c.ltn.com.tw/news/38149
More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed
https://thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html
防堵舊款 Apple Watch 漏洞!蘋果罕見釋出 watchOS 5.3.2 版更新
https://3c.ltn.com.tw/news/38111
研究人員宣稱iPhone X及以前的晶片含有無法修補的Bootrom漏洞
https://www.ithome.com.tw/news/133330
蘋果驚爆史詩級硬件漏洞:你的iPhone可永久越獄,無法修復
https://m.jiemian.com/article/3542940.html
修復iPhone 電池耗電問題!蘋果火速再釋出 iOS 13.1.1 版更新
https://3c.ltn.com.tw/news/38118
一插就被駭!駭客改裝Lightning線可遠距竊取iPhone資料 竟已可量產發售
https://www.ettoday.net/news/20191003/1549154.htm
iOS 設備存在永久性的不可修復漏洞,iPhone X 及以下型號均受影響
https://www.oschina.net/news/110208/unpatchable-bug-in-ios-devices
「圖」為何說Checkm8漏洞對iPhone用戶的殺傷力幾乎為零
https://kknews.cc/tech/mlxvpq2.html
iOS 13 Bug Lets 3rd-Party Keyboards Gain 'Full Access' — Even When You Deny
https://thehackernews.com/2019/09/ios-13-keyboard-apps.html
Apple iOS Has Permanent Bootrom Vulnerability
https://www.bankinfosecurity.com/apple-ios-has-permanent-bootrom-vulnerability-a-13159
Hacker Releases 'Unpatchable' Jailbreak For All iOS Devices, iPhone 4s to iPhone X
https://thehackernews.com/2019/09/bootrom-jailbreak-ios-exploit.html
New SIM card attack disclosed, similar to Simjacker
https://www.zdnet.com/article/new-sim-card-attack-disclosed-similar-to-simjacker/#ftag=RSSbaffb68
More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed
https://thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html
Hacker Releases 'Unpatchable' Jailbreak For All iOS Devices, iPhone 4s to iPhone X
https://thehackernews.com/2019/09/bootrom-jailbreak-ios-exploit.html
New Checkm8 jailbreak released for all iOS devices running A5 to A11 chips
https://www.zdnet.com/article/new-checkm8-jailbreak-released-for-all-ios-devices-running-a5-to-a11-chips/#ftag=RSSbaffb68
Huawei’s Undocumented APIs — A Backdoor to Reinstall Google Services
https://medium.com/@topjohnwu/huaweis-undocumented-apis-a-backdoor-to-reinstall-google-services-c3a5dd71a7cd
Gambling Apps Sneak into Top 100: How Hundreds of Fake Apps Spread on iOS App Store and Google Play
https://blog.trendmicro.com/trendlabs-security-intelligence/gambling-apps-sneak-top-100-hundreds-fake-apps-spread-app-store-google-play/
Just a GIF Image Could Have Hacked Your Android Phone Using WhatsApp
https://thehackernews.com/2019/10/whatsapp-rce-vulnerability.html
WhatsApp vulnerability exploited through malicious GIFs to hijack chat sessions
https://www.zdnet.com/article/whatsapp-vulnerability-exploited-through-malicious-gifs-to-hijack-chat-sessions/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
五月天售票系統又出包! 粉絲氣瘋狂幹譙
https://ent.ltn.com.tw/news/breakingnews/2929633
如何在Twitter上收集資安威脅情報,保護組織對抗威脅
https://blog.trendmicro.com.tw/?p=61613
觀念平台-建立良好的「網路衛生」習慣
http://bit.ly/2pFv6mZ
FDA 表示:數百萬使用舊程式碼的醫療裝置有遭攻擊的可能
http://technews.tw/2019/10/04/millions-of-medical-devices-using-old-code-are-open-to-attack/
中小企業比大企業更易被影響的五個資安風險
https://blog.trendmicro.com.tw/?p=62069
海角七億駭客攻擊,真的假的
http://bit.ly/2Oi3rmz
防駭 企業、資安、保險聯手大作戰
https://www.rmim.com.tw/news-detail-24331
黑客比普通程式設計師高在哪裡
https://kknews.cc/tech/99eq6a5.html
【NIST CSF導入關鍵】7步驟打造整體安全防護網,從盤點現況與成熟度評估著手
https://www.ithome.com.tw/news/133172
天才駭客 犧牲自己的一生,揭發政府監控人民的真相
https://forum.gamer.com.tw/C.php?bsn=60076&snA=5334407&tnum=4
【人工智慧 vs. 駭客智慧】駭客大賽冠軍霸氣分享:我如何讓 50 個惡意文件騙過 AI 安防系統
https://buzzorange.com/techorange/2019/09/27/hacker-break-ai-security/
國外傳出大量 YouTube 帳號遭劫持,汽車評鑑與改裝頻道受害最重
http://bit.ly/2lZQpOJ
濫用平台漏洞、延遲性套利。。。這家經紀商拒付客戶盈利資金
https://zhuanlan.zhihu.com/p/84473220
台大醫院驚爆「個資遭駭」 政院調查中
http://bit.ly/2nBAtCL
台大醫院被駭 教部︰升高為3級資安事件
https://news.ltn.com.tw/news/life/paper/1321140
台大醫院遭駭客入侵 行政院派資安單位進駐
http://bit.ly/2ojZyCN
台大醫院傳遭駭客入侵 院方:政院調查中
https://udn.com/news/story/7314/4073873
台大醫遭陸駭 國安憂元首病歷資料外洩
https://www.chinatimes.com/realtimenews/20190927003309-260402?chdtv
台大醫遭陸駭 元首病例外洩? 總統府:無關
https://udn.com/news/story/6656/4072638
台大醫遭陸駭客入侵 院方:沒有此事
https://udn.com/news/story/6656/4072798
台大醫院電腦系統遭駭 院方改口認了
http://m.match.net.tw/pc/news/5038928
駭客入侵事件 台大醫院改口「真有其事」政院調查中
https://udn.com/news/story/7266/4074199
政院證實台大醫院上月曾遭駭 元首病歷資訊未遭盜
https://tw.news.appledaily.com/new/realtime/20190927/1640303/
台大醫院遭駭?總統府澄清元首病歷有完善防護
https://news.ltn.com.tw/news/Taipei/breakingnews/2929105
台大醫院驚傳駭客入侵,院方表示:已依規定通報,無資料外洩
https://www.ithome.com.tw/news/133368
空巴供應商遭駭1年 疑中國發動竊密
https://news.ltn.com.tw/news/world/paper/1320851
空客公司連遭重大網絡攻擊 調查指向中共黑客組織
https://www.ntdtv.com/b5/2019/09/27/a102674157.html
網路攻擊戰、輿論戰悄然登場 70國上陣 分2大陣營
http://m.secretchina.com/news/b5/2019/09/28/908729.html
臺美大規模攻防演練將於11月舉行,15國共襄盛舉
https://ithome.com.tw/news/133293
台灣已進入準戰爭狀態? 專家揭秘中共對台資訊戰背後秘密
http://bit.ly/2mLaCrR
捷克去年遭網攻 元凶疑中共
https://www.ydn.com.tw/News/354154
北約5層地下碉堡 暗藏網路犯罪平台
https://udn.com/news/story/6809/4074512
北韓網軍勢力壯大
https://www.chinatimes.com/newspapers/20190929000400-260209?chdtv
中國大陸工信部再推利好政策,基本面+政策面雙重改善,網絡安全板塊早盤拉升
https://www.yicai.com/news/100350021.html
中國大陸工信部:鼓勵重點行業企業建設網絡安全基礎資源庫
https://finance.sina.com.cn/china/gncj/2019-09-27/doc-iicezueu8753009.shtml
中國大陸工信部就《關於促進網絡安全產業發展的指導意見》公開征求意見
https://www.finet.hk/newscenter/news_content/5d8dc024bde0b37e69367312
中國大陸工信部:公開徵求網絡安全產業發展指導意見
https://finance.sina.com.cn/stock/y/2019-09-27/doc-iicezzrq8792967.shtml
中國大陸工信部就網絡安全產業發展徵意見:2025年規模超2000億
https://www.cnbeta.com/articles/tech/894179.htm
中國大陸中科大發現有效抵禦量子密鑰分發系統探測器攻擊方法
http://www.ah.xinhuanet.com/2019-09/27/c_1125047583.htm
中共介入2020選舉 陸委會:慎防網路攻擊、操弄輿論
https://news.ltn.com.tw/news/politics/breakingnews/2927982
在美「中共間諜」原形畢露被攝情報活動視頻
https://www.rfa.org/cantonese/news/us-spy-10022019082353.html
美國通過可協助組織對抗網路攻擊的法案
https://ithome.com.tw/news/133326
美國 2020 大選專用投票機已被破解
https://unwire.hk/2019/09/28/us-voting-machines-hackers-2020/fun-tech/
美國 2020 大選投票機已被駭客破解,可以遙距控制操作選舉結果
https://buzzorange.com/techorange/2019/10/01/hack-voting-machine/
DEFCON Voting Village:美國上百款投票機器每台都被攻陷
https://www.ithome.com.tw/news/133335
防境外網攻 拉脫維亞明年推新資安準則
https://news.pchome.com.tw/internation/gpwb/20190929/photo-56968694031991201011.html
新加坡政府請研究人員為政府網站找漏洞,不過沒獎金
https://ithome.com.tw/news/133379
新加坡國防部:第二輪網絡漏洞懸賞計劃下週一啟動
https://www.8world.com/news/singapore/article/mindef-second-bug-bounty-933326
290名白帽黑客找出新加坡九政府網站的31個網安漏洞
https://www.zaobao.com.sg/realtime/singapore/story20191001-993489
新加坡政府推出運作科技網絡安全總藍圖
https://www.zaobao.com.sg/realtime/singapore/story20191001-993477
防恐怖分子駭飛機 美國國安部推新計畫
http://bit.ly/2ot3cKz
美英澳聯手要臉書停止傳訊程式的端對端加密
https://www.ithome.com.tw/news/133441
德警攻入地下5層碉堡 破獲巨大網路犯罪數據平台
https://news.ltn.com.tw/news/world/breakingnews/2930261
Dutch police take down hornets' nest of DDoS botnets
https://www.zdnet.com/article/dutch-police-take-down-hornets-nest-of-ddos-botnets/#ftag=RSSbaffb68
荷蘭司法部將強迫荷蘭公司加強網路安全
https://www.trademag.org.tw/page/newsid1/?id=754649&iz=6
A Look Into Continuous Efforts By Chinese Hackers to Target Foreign Governments
https://thehackernews.com/2019/10/chinese-hackers-phishing.html
Rancor: The Year of The Phish
https://research.checkpoint.com/rancor-the-year-of-the-phish/
安全軟體公司也被駭客入侵,Comodo 官方論壇遭人竊取使用者個資
https://www.techbang.com/posts/73251-comodo-forum-vbulletin-breach
macOS systems abused in DDoS attacks
https://www.zdnet.com/article/macos-systems-abused-in-ddos-attacks/#ftag=RSSbaffb68
Security Firm Comodo Hacked, as vBulletin Exploit Spawns
https://www.cbronline.com/news/comodo-hacked
Comodo Forums Hack Exposes 245,000 Users' Data — Recent vBulletin 0-day Used
https://thehackernews.com/2019/10/Comodo-vbulletin-hacked.html
China’s 500 megapixel camera is capable of mega-facial-recognition
https://nakedsecurity.sophos.com/2019/10/01/chinas-500mp-camera-will-identify-you-at-a-distance/
A Look Into Continuous Efforts By Chinese Hackers to Target Foreign Governments
https://thehackernews.com/2019/10/chinese-hackers-phishing.html
'Fancy Bear' Hacking Group Adds New Capabilities, Targets
https://www.bankinfosecurity.eu/fancy-bear-hacking-group-adds-new-capabilities-targets-a-13150
Hackers put porn on Auckland sport shop's big screen
https://news.sky.com/story/hackers-put-porn-on-auckland-sport-shops-big-screen-11822831
Singapore defence ministry runs second HackerOne bug bounty programme
https://www.zdnet.com/article/singapore-defence-ministry-runs-second-hackerone-bug-bounty/
Explained: Two-Factor vs. Multi-Factor Authentication
https://securityledger.com/2019/09/explained-two-factor-vs-multi-factor-authentication/
Report: US Voting Machines Still Prone to Hacking
https://www.bankinfosecurity.com/report-us-voting-machines-still-prone-to-hacking-a-13162
Linux to get kernel 'lockdown' feature
https://www.zdnet.com/article/linux-to-get-kernel-lockdown-feature/#ftag=RSSbaffb68
Former Army Contractor Gets Prison Term for Insider Attack
https://www.bankinfosecurity.com/former-army-contractor-gets-prison-term-for-insider-attack-a-13160
Carbon Black: Defense Capabilities Match Increased Attack Sophistication
https://www.infosecurity-magazine.com/news/carbon-black-defenders-attack/
German police storm bulletproof data center in former NATO bunker
https://www.zdnet.com/article/german-forces-storm-bulletproof-data-center-in-former-nato-bunker/
Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany
https://krebsonsecurity.com/2019/10/mariposa-botnet-author-darkcode-crime-forum-admin-arrested-in-germany/
雅虎前工程師利用職務駭入超過6000名以上雅虎用戶帳號,只為了增加他個人私密情色照片蒐藏
http://bit.ly/2oL60CE
Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content
https://thehackernews.com/2019/10/yahoo-email-hacking.html
Former Yahoo engineer pleads guilty to hacking user emails in search for porn
https://www.zdnet.com/article/former-yahoo-engineer-pleads-guilty-to-hacking-user-emails-in-search-for-porn/#ftag=RSSbaffb68
Bill Calling for DHS Cyber Incident Mitigation Teams Advances
https://www.bankinfosecurity.com/bill-calling-for-dhs-cyber-incident-mitigation-teams-advances-a-13165
Guest blog: Why we should be paying more attention to Linux threats
https://www.virusbulletin.com/blog/2019/09/guest-blog-why-we-should-be-paying-more-attention-linux-threats/
【HITCON Pacific 2019 Announcement: suspension】
https://blog.hitcon.org/2019/10/hitcon-pacific-2019.html?view=flipcard
'Vendor Email Compromise': A New Attack Twist
https://www.bankinfosecurity.com/vendor-email-compromise-new-attack-twist-a-13170
V is for Vendor: The Emergence of Vendor Email Compromise
https://www.agari.com/email-security-blog/silent-starling-vendor-email-compromise/
This new hacking group is using 'island hopping' to target victims
https://www.zdnet.com/article/this-new-hacking-group-is-using-island-hopping-to-target-victims/
Minerva attack can recover private keys from smart cards, cryptographic libraries
https://www.zdnet.com/article/minerva-attack-can-recover-private-keys-from-smart-cards-cryptographic-libraries/
Report: 'PKPLUG' Espionage Campaign Targets Southeast Asia
https://www.bankinfosecurity.com/report-pkplug-espionage-campaign-targets-southeast-asia-a-13172
PKPLUG: Chinese Cyber Espionage Group Attacking Asia
https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/
Australia’s Office 365 appetite providing “huge locus of attack”
https://www.cso.com.au/article/667147/australia-office-365-appetite-providing-huge-locus-attack/
資安工程師(DEV)
https://www.cakeresume.com/companies/rakuten/jobs/security-engineer-dev
資訊部門-程式設計人員-(台北地區)
https://m.104.com.tw/job/6cwzr?jobsource=m104
B-資訊處-網路工程師-銀行
https://m.104.com.tw/job/4mpti?jobsource=m104
元大金控-期貨資訊部 資訊系統維運人員
https://m.104.com.tw/job/638gr?jobsource=m104
資訊人員
https://m.104.com.tw/job/6hlv7?jobsource=m104
資深Java 全端工程師
https://m.104.com.tw/job/4qh2a?jobsource=m104
資訊機房操作人員
https://m.104.com.tw/job/2se91?jobsource=m104
元大證券-資訊系統管理部-資安工程師
https://m.104.com.tw/job/2qj6o?jobsource=m104
【資訊處】系統分析師 System Analyst
https://m.104.com.tw/job/6p7tf?jobsource=m104
【資訊】LINUX系統管理人員
https://m.104.com.tw/job/604v6?jobsource=m104
【資訊處】資安規範管理師 Security Compliance
https://m.104.com.tw/job/6p7v6?jobsource=m104
板信商業銀行-資訊部系統管理人員
https://m.104.com.tw/job/6hxzx?jobsource=m104
B-資訊安全處-銀行資安新秀培育計畫
https://m.104.com.tw/job/4gdi0?jobsource=m104
法金_國際資訊管理人員
https://m.104.com.tw/job/5cqzk?jobsource=m104
元大銀行-資訊安全部資安人員
https://m.104.com.tw/job/2w6v4?jobsource=m104
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
Match.com放任假帳號誘拐消費者訂閱該站服務,FTC提告
https://www.ithome.com.tw/news/133290
學術單位近日內陸續收到含有釣魚內容之資安通知信件
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=3003
敲響個資警鐘!李顯龍個資外洩促星國改革,祭千萬罰金嚴控身分證濫用
https://www.bnext.com.tw/article/54929/personal-data-protection-commission-in-singapore
美國加州消費者隱私保護法2020年生效 
https://www.chinatimes.com/realtimenews/20190927004575-260410?chdtv
去年台灣遭盜刷22億 記住這9招可自保
https://theme.udn.com/theme/story/6774/4073358
中國大陸辦新門號需人臉識別認證 陸民眾吐槽:沒隱私
https://news.ebc.net.tw/News/world/179840
攻破私人訊息最後一道防線?英美訂定「Facebook條約」要求社群平台配合犯罪調查
https://www.bnext.com.tw/article/54926/us-uk-will-have-to-share-messages-for-crime-investigation
遭電子轉帳欺詐 萬錦承包商損失2,775元
http://www.epochtimes.com/b5/19/10/1/n11558107.htm
破解 台通詐騙23億手法 大秀存摺+配息3元 股市老手也上當
https://tw.finance.appledaily.com/daily/20190930/38457649/
歐盟GDPR實施一年  港企仍以為與己無關
http://bit.ly/2oMKX2A
社交平台遊戲開發商Zynga遭駭客入侵,逾2億用戶資料外洩
https://www.ithome.com.tw/news/133357
兩男女冒銀行職員提供貸款優惠 57歲女失財200萬
http://bit.ly/2nHiR8P
雲科大邀專家教大學生認識詐騙花招避免受騙
https://news.sina.com.tw/article/20191002/32838536.html
你所進行的雲視頻會議,可能正被人監聽!200億美金ToB獨角獸Zoom受挫
https://www.leiphone.com/news/201910/7Kw42kv1HX23WiJ3.html
雲端視訊會議進行時可能被人監聽!市值 200 億美元 ToB 獨角獸 Zoom 受挫
http://technews.tw/2019/10/03/zoom-security-prying-eye/
視訊會議工具爆漏洞可讓外人偷聽,影響Cisco WebEx、Zoom
https://www.ithome.com.tw/news/133401
美food panda承認500萬筆客戶資料被駭 外送個資成隱憂
https://www.ettoday.net/news/20190927/1544793.htm
食物外送服務DoorDash被駭,490萬會員與商家資料外洩
https://ithome.com.tw/news/133292
Important security notice about your DoorDash account
https://blog.doordash.com/important-security-notice-about-your-doordash-account-ddd90ddf5996#46h35gr24e
DoorDash suffered a data breach that affected 4.9 million people
https://edition.cnn.com/2019/09/26/tech/doordash-data-breach-millions/index.html
DoorDash Breach Exposes 4.9 Million Users' Personal Data
https://thehackernews.com/2019/09/doordash-data-breach.html
Comodo Forums Hack Exposes 245,000 Users' Data — Recent vBulletin 0-day Used
https://thehackernews.com/2019/10/Comodo-vbulletin-hacked.html
Guilty Pleas in $29 Million Online Ad Fraud Case
https://www.bankinfosecurity.com/guilty-pleas-in-29-million-online-ad-fraud-case-a-13156
Exclusive — Hacker Steals Over 218 Million Zynga 'Words with Friends' Gamers Data
https://thehackernews.com/2019/09/zynga-game-hacking.html
Leaky database exposes tax records of 20 million Russians
https://www.hackread.com/leaky-database-exposes-tax-records-of-20-million-russians/
Tax and PII records of 20 million Russians stored without encryption, leaked online
https://www.zdnet.com/article/plaintext-tax-records-of-20-million-russians-leaked-online/#ftag=RSSbaffb68
Zendesk discloses 2016 data breach
https://www.zdnet.com/article/zendesk-discloses-2016-data-breach/#ftag=RSSbaffb68
Important Notice regarding 2016 Security Incident
https://www.zendesk.com/blog/security-update-2019/
Singapore online falsehoods law kicks in with details on appeals process
https://www.zdnet.com/article/singapore-online-falsehoods-law-kicks-in-with-details-on-appeals-process/#ftag=RSSbaffb68
ANU incident report on massive data breach is a must-read
https://www.zdnet.com/article/anu-incident-report-on-massive-data-breach-a-must-read/#ftag=RSSbaffb68
E.研究報告
安全運維3.1—跨站腳本漏洞(XSS)之反射型XSS(get)漏洞
https://my.oschina.net/adailinux/blog/3112079
【高危漏洞預警】CVE-2019-1367遠程代碼執行漏洞
https://www.ejinshan.net/news-details-a8e318de451a13507e5658c71b41cb1d.html
騰訊安全:IE瀏覽器曝遠程執行代碼漏洞騰訊安全強勢推出漏洞修復工具
http://news.cnw.com.cn/news-china/htm2019/20190927_323950.shtml
成都鏈安揭露:FAIRWIN 智能合約漏洞技術分析
https://news.huoxing24.com/20190927200044015229.html
Palo Alto Global Protect 網關設備格式化字符串漏洞分析(CVE-2019-1579)
https://www.chainnews.com/articles/108785378612.htm
phpStudy poc漏洞復現以及漏洞修復辦法
http://blog.itpub.net/31542418/viewspace-2658500/
《漏洞戰爭》-CVE-2010-3333(上)
https://www.cnblogs.com/hell--world/p/11595818.html
通過HashMap觸發DNS檢測Java反序列化漏洞
http://rui0.cn/archives/1135
CVE-2019-16928:Exim遠程堆垛重疊PoC預測分析
https://cert.360.cn/warning/detail?id=5307d516a370e74b2ac1e529b1cde4e3
挖洞經驗| Facebook系統HTML轉PDF文檔可能引起的RCE漏洞
https://www.freebuf.com/vuls/213714.html
雲安全!一個老碼對駭客被動應戰
http://bit.ly/2mBvAtv
IOT設備漏洞挖掘從入門到入門(二)- DLink Dir 815漏洞分析及三種方式模擬復現
https://www.anquanke.com/post/id/187443
Chakra漏洞調試筆記4-Array OOB
https://www.anquanke.com/post/id/187739
美國中央情報局網路武器庫分析與披露
https://ti.qianxin.com/blog/articles/network-weapons-of-cia/
那些和185.244.25.0/24網段有關的殭屍網路
https://blog.netlab.360.com/the-botnet-cluster-on-185-244-25-0-24-2/
CVE-2018-8631 IE jscript JsArrayFunctionHeapSort 堆溢出漏洞分析
https://www.anquanke.com/post/id/187650
phpStudy後門漏洞利用複現
https://www.cnblogs.com/yuzly/p/11610061.html
Dlink getcfg.php遠程敏感信息重新分割分析
https://xz.aliyun.com/t/6453
CVE-2019-16928:Exim RCE漏洞分析
https://www.4hou.com/info/news/20685.html
挖洞經驗| 通過Shodan發現目標應用Marathon服務的RCE漏洞
https://www.freebuf.com/vuls/213855.html
Iris:一款可執行常見Windows漏洞利用檢測的WinDbg擴展
https://www.freebuf.com/sectool/214276.html
分析產品漏洞測試,逆向技術是把雙刃劍
https://zhuanlan.zhihu.com/p/85095194
內網滲透總結
http://bit.ly/31X3mII
個案分析-勒索病毒GoGaLocker攻擊事件分析報告_10809
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019092702094545603639826586556.pdf
iPhone BootROM 漏洞說明及威脅評估
http://bit.ly/2oVlhAX
CVE-2019-16941: NSA Ghidra工具RCE漏洞
https://www.4hou.com/info/news/20698.html
TL-BOTS
https://github.com/threatland/TL-BOTS
Flying A False Flag
https://github.com/monoxgas/FlyingAFalseFlag
XSS Magic tricks
https://www.slideshare.net/GarethHeyes/xss-magic-tricks
Pi-hole drops support for ad blocklists used by browser-based ad-blockers
https://www.zdnet.com/article/pi-hole-drops-support-for-ad-blocklists-used-by-browser-based-ad-blockers/#ftag=RSSbaffb68
SecurityNotFound - 404 Page Not Found Webshell
https://www.kitploit.com/2019/09/securitynotfound-404-page-not-found.html
Basic Malware Analysis Tools
https://www.hackingtutorials.org/malware-analysis-tutorials/basic-malware-analysis-tools/
medium-to-wordpress-migration
https://github.com/tensult/medium-to-wordpress-migration
F.商業
醫院HIS以外的第二套資料庫 區塊鏈大幅提升醫療資訊安全
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=70&id=0000569520_tpb4o6gw3oa3bklcvhyqf
與Acronis簽全球經銷協議 研華拚資安抗跌
https://money.udn.com/money/story/5710/4071807
數位資產安全資訊檢核表 Synology 2020 網路安全守則與NAS資安防護
https://jiemr.me/5544
微軟將新增禁止38種OWA副檔名檔案
https://ithome.com.tw/news/133291
微軟將SSD默認加密切換到BitLocker軟件加密
https://www.cnbeta.com/articles/tech/894779.htm
資安公司Emsisoft推出對抗 WannaCryFake 的免費軟體,可在解密資料並保證數據不遺失
https://www.blocktempo.com/emsisoft-releases-bug-fix-for-bitcoin-ransoming-malware-wannacryfake/
科技連接未來 德國萊因邀200 位產業菁英與業內人士齊聚參與
https://ctee.com.tw/industrynews/activity/152411.html
Phpstudy聯合各大安全廠商為用戶提供免費的安全檢測服務
http://tech.ce.cn/news/201909/27/t20190927_33242957.shtml
Red Hat Ansible Tower 功能強、易上手,自動化工具最佳選擇
https://technews.tw/2019/09/30/red-hat-ansible-tower/
遭疑市場壟斷!為避免用戶遭駭客攻擊 Google擬在Chrome瀏覽器放入加密功能
https://news.sina.com.tw/article/20191001/32830300.html
Google 推出密碼檢測服務,可讓用戶檢查現用密碼是否遭竊
https://www.twcert.org.tw/tw/cp-104-3004-c270e-1.html
Google想在Chrome瀏覽器加入DoT加密功能 避免駭客攻擊 卻引發市場壟斷疑慮
https://www.cool3c.com/article/148534
Chrome 79起將逐步封鎖HTTPS網頁中以HTTP下載的內容
https://www.ithome.com.tw/news/133442
高速保安兼備! Cloudflare 開始支援 HTTP/3 協定
http://bit.ly/2mrMYk5
Thales針對身分驗證客戶擴展進階存取管理功能,以因應不斷變化的威脅形勢
https://times.hinet.net/news/22585002
精誠(6214)第二屆資安攻防電競賽落幕,首吸海外隊伍報名
https://fnc.ebc.net.tw/FncNews/stock/101690
Google launches Password Checkup feature, will add it to Chrome later this year
https://www.zdnet.com/article/google-launches-password-checkup-feature-will-add-it-to-chrome-later-this-year/#ftag=RSSbaffb68
Google gets tougher on HTTPS with ban on mixed content
https://www.zdnet.com/article/google-gets-tougher-on-https-with-ban-on-mixed-content/#ftag=RSSbaffb68
Sophos Launches Managed Threat Response
https://www.bankinfosecurity.com/interviews/sophos-launches-managed-threat-response-i-4456
網頁版 Outlook 再度新增 38 種檔案類型,禁止加於附檔寄送
https://www.twcert.org.tw/tw/cp-104-3003-f8e32-1.html
Outlook for Web Bans 38 More File Extensions in Email Attachments
https://thehackernews.com/2019/09/email-attachment-malware.html
Intel proposes new SAPM memory type to protect against Spectre-like attacks
https://www.zdnet.com/article/intel-proposes-new-sapm-memory-type-to-protect-against-spectre-like-attacks/#ftag=RSSbaffb68
IBM and Canonical work together in financial services
https://www.zdnet.com/article/ibm-and-canonical-work-together-in-financial-services/#ftag=RSSbaffb68
G.政府
神祕網軍 軍情資安守門人
https://www.chinatimes.com/newspapers/20190930000442-260102?chdtv
資通電軍 擬納入情報機關
https://www.chinatimes.com/newspapers/20190930000445-260118?chdtv
明審查「國家情報工作法修正草案」 納經濟領域 完備國安防護網
https://news.ltn.com.tw/news/politics/paper/1321711
情工法修法初審 間諜罪最重無期徒刑終身追訴
https://www.cna.com.tw/news/aipl/201910020313.aspx
立委籲政府盡速三讀通過人工智慧發展基本法
http://bit.ly/2nh19cl
綠委憂司法院資安防護不足 林輝煌:著力提升
https://www.cna.com.tw/news/aipl/201910030165.aspx
H.ICS/SCADA 工控系統
Moxa工業物聯網軟硬體整合方案 打造客戶垂直應用開發落地成功體驗
http://bit.ly/2pAiGNl
I.教育訓練
打雜小弟的公務機關法遵面面觀(資訊彙整+彙整+筆記) 系列
https://ithelp.ithome.com.tw/users/20107398/ironman/2220
雲端科技 系列 介紹雲端技術與發展
https://ithelp.ithome.com.tw/users/20120878/ironman/2690
那個夜裡的資安
https://ithelp.ithome.com.tw/users/20006132/ironman/2508
三十日之熄燈幽談-資安百物語
https://ithelp.ithome.com.tw/users/20120299/ironman/2467
冰山一角的駭客工具介紹
https://ithelp.ithome.com.tw/users/20114110/ironman/2536
網路世界的奇怪冒險
https://ithelp.ithome.com.tw/users/20112000/ironman/2908
到處挖坑,現在該來還(填)願(坑)ㄌ !!!
https://ithelp.ithome.com.tw/users/20115060/ironman/2414
資安戰爭 三十六計
https://ithelp.ithome.com.tw/users/20107482/ironman/2795
麻瓜不敗!白魔法藍天煉金術
https://ithelp.ithome.com.tw/users/20025481/ironman/2178
Android 十全大補 系列
https://ithelp.ithome.com.tw/users/20120419/ironman/2641
資訊工程大補帖
https://ithelp.ithome.com.tw/users/20108446/ironman/2927
不小心飛進資安之旅(學習筆記)
https://ithelp.ithome.com.tw/users/20120392/ironman/2488
物聯網概論與應用
https://ithelp.ithome.com.tw/users/20120880/ironman/2688
突破困境:資安開源工具應用
https://ithelp.ithome.com.tw/users/20118848/ironman/2682
開源 IP 位址管理系統:phpIPAM
https://ithelp.ithome.com.tw/articles/10222268
入門的 GCP Cloud IAM
http://bit.ly/2lW8a1k
Exploiting Windows Active Directory Environment (An Offensive Approach)
https://www.peerlyst.com/posts/exploiting-windows-active-directory-environment-an-offensive-approach-yash-bharadwaj-1
Pay What You Wish — 9 Hacking Certification Training Courses in 1 Bundle
https://thehackernews.com/2019/09/learn-hacking-course-certification.html
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
科技連接未來 台灣德國萊因勾畫物聯網前景
https://money.udn.com/money/story/10860/4072245
物聯網設備資安大進擊 晶睿與趨勢聯手強化製造系統安全等級
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000568652_mbi7ihov4ijpk836fp6ll
5G、人工智慧與區塊鏈技術交織出的車聯網時代
https://meet.bnext.com.tw/articles/view/45476
TAICS攜手MTSFB 推廣台馬物聯網資安驗證
https://www.chinatimes.com/newspapers/20191004000368-260210?chdtv
6.近期資安活動及研討會
 我們與資安的距離 10/5
 https://hackersir.kktix.cc/events/20191005
 安全程式碼撰寫基礎 10/6
 https://www.sce.pccu.edu.tw/event/chtweb/index.html
 SecTor Security Conference 10/7
 https://infosec-conferences.com/events-in-2019/sector-security-conference/
 Australian Cyber Conference 2019 10/7
 https://infosec-conferences.com/events-in-2019/australian-cyber-conference/
 XRY Certification 教育訓練 10/7 ~ 10/8
 https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=38
 Unleashing Cyber Security  10/7 ~ 10/8
 https://infosec-conferences.com/events-in-2019/unleashing-cyber-security/
 資安檢核核心技術及進階技術研討會 10月7日至10月9日
 http://bit.ly/2TN2UtD
 2019年台灣資安通報應變年會 10/8
 https://www.informationsecurity.com.tw/Seminar/ISevent20191008/
 Cloud Native Forum 2019   10/9
 https://www.meetup.com/Cloud-Native-Taipei-User-Group/events/264613646/
 TSCHacker 功德駭客佈道講座@台北 | 20191010   10/10
 https://tdohackerparty.kktix.cc/events/tschacker-20191010-taipei
 TSCHacker 功德駭客佈道講座@台南 | 20191011  10/11
 https://tdohackerparty.kktix.cc/events/tschacker-20191011-tainan
 BSides Delhi 10/11
 https://infosec-conferences.com/events-in-2019/bsides-delhi/
 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/
 白帽駭客體驗實作 10/13
 https://www.sce.pccu.edu.tw/event/chtweb/index.html
 HAKON – International Information Security Meet 10/13
 https://infosec-conferences.com/events-in-2019/hakon/
 國家高速網路與計算中心 台灣杉一號高速計算主機使用進階課程 10/14
 https://edu.nchc.org.tw/course/one_course_introduction.asp
 M3AAWG 47th General Meeting 10/14 ~ 10/17
 https://infosec-conferences.com/events-in-2019/m3aawg-47th-general-meeting/
 數位時代,自已的權利自己顧 -- 不可不知!基礎資安教戰講座  10/15
 https://ocftw.kktix.cc/events/e0c1048b
 AWS Transformation Day 10/15
 https://amzn.to/2ksO8Lb
 智資時代 2019 科技法制前瞻論壇 10/15
 https://seminar.ithome.com.tw/live/iii20191015/index.html?eDM_iThome
 AI時代下,資安與視覺化的觀點與實例 10/16
 https://www.tiai.org.tw/tiaiActDetailClass?sno=19
 2019 IBM Cloud 用戶實作課程秋季班  10/16
 https://ibm.co/2n4VNQQ
 BSides Ahmedabad 10/16
 https://infosec-conferences.com/events-in-2019/bsides-ahmedabad/
 TFUG Taipei | TensorFlow All Around 10/16
 https://www.meetup.com/TensorFlow-User-Group-Taipei/events/264713077/
 第八屆國際程式競賽 CodeVita Season 8 即日起至10/17日報名截止
 https://bhuntr.com/tw/competitions/104724210865172005190909102w
 Data Connectors Toronto Tech-Security – October  10/17
 https://infosec-conferences.com/events-in-2019/data-connectors-toronto-october/
 Kotlin/Everywhere GDG Hsinchu - Kotlin on Cloud and Web 10/17
 https://www.meetup.com/GDG-Hsinchu/events/263741333/
 2019 Space Apps Challenge_NASA 黑客松台北場 10/18
 https://www.facebook.com/events/2112377919060176/
 2019 邊緣運算論壇 - AI + IoT 備戰台商回流潮,IIoT 智慧升級 10/18
 https://www.accupass.com/event/1909040655361186052756
 2019 CYBERSPACE聯合研討會 10/18 ~ 10/19
 https://cyberspace.ttu.edu.tw/cyber2019/
 Crosslink Taiwan 2019 10/19
 https://www.meetup.com/Taipei-Ethereum-Meetup/events/264302796/
 交通大學亥客書院-A006:數位足跡追蹤與分析 10/19
 https://hackercollege.nctu.edu.tw/?p=1088
 無痛上手-WiFi無線網路安全檢測 10/20
 https://www.sce.pccu.edu.tw/event/chtweb/index.html
 日盛金融黑客松 報名至10/20 止
 https://app.jsun.com/hackathon/Main
 DEVCORE 那些年我回報的漏洞踩雷經驗  10/21
 https://hackersir.kktix.cc/events/orange1021
 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/
 國家高速網路與計算中心 平行計算程式設計基礎課程 10/22
 https://edu.nchc.org.tw/course/one_course_introduction.asp
  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019
 IEEE Symposium on Visualization for Cyber Security (VizSec) 10/23
 https://infosec-conferences.com/events-in-2019/vizsec/
 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com
 從網路基礎建設安全談RPKI與DDoS  10/24
 https://twnic-icann.kktix.cc/events/108-7
 [Palo Alto Networks]-Palo Alto Networks 直播研討會Part6. MITRE ATT&CK 新資安攻防框架進階產業應用 10/24
 https://www.zerone.com.tw/TrainingDetial/Seminar/7747B901A8198AC3%7C1C130FE6FEC34700
 Cybersecurity Conference Rhein-Neckar  10/24 ~ 10/25
 https://infosec-conferences.com/events-in-2019/cybersecurity-rhein-neckar/
 Identity Days 10/24
 https://infosec-conferences.com/events-in-2019/identity-days/
 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  10/25
 https://signupcybersec101.ithome.com.tw/
 國家高速網路與計算中心 大數據軟體開發平台與深度學習、HBase(大數據資料庫)開發應用案例 10/25
 https://edu.nchc.org.tw/course/one_course_introduction.asp
 交通大學亥客書院-A015:進階網頁滲透測試 10/26
 https://hackercollege.nctu.edu.tw/?p=1090
 International Conference on Networks & Communications (NETWORKS) 10/26 ~ 10/27
 https://infosec-conferences.com/events-in-2019/networks/
 亞洲‧矽谷學院108年免費認證考試 10/27
 https://college.asvda.org.tw/
 International Conference on Emerging Security Information, Systems and Technologies (SECURWARE) 10/27 ~ 10/31
 https://infosec-conferences.com/events-in-2019/securware/
 SANS Amsterdam October  10/28
 https://infosec-conferences.com/events-in-2019/sans-amsterdam-october/
 資安檢核核心技術及進階技術研討會 10月28日至10月30日
 http://bit.ly/2TN2UtD
 Foundations in Digital Forensics with EnCase® (DF120) (原CF1) 10/28 ~ 10/31
 https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=39
 International Workshop on Reliability and Security Data Analysis (RSDA)  10/28 ~ 10/31
 https://infosec-conferences.com/events-in-2019/rsda/
 International Symposium on Software Reliability Engineering (ISSRE)  10/28 ~ 11/1
 https://infosec-conferences.com/events-in-2019/issre/
 Securing New Ground 10/29 ~ 10/30
 https://infosec-conferences.com/events-in-2019/securing-new-ground/
 CEBIT Australia  10/29 ~ 10/31
 https://infosec-conferences.com/events-in-2019/cebit-australia/
 OWASP AppSec Day Melbourne  11/1
 https://infosec-conferences.com/events-in-2019/owasp-appsec-day-melbourne/
 Hackfest 2019  11/1 ~ 11/3
 https://infosec-conferences.com/events-in-2019/hackfest-2019/
 行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30
 https://www.accupass.com/event/1810080517061259295030
  Elite East Coast CISO Summit 11/3~11/5
 https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/
 Red Hat Forum Taipei 2019  11/5
 https://www.facebook.com/events/1390202967799392/
 Cyber Security Summit: Boston  11/6
 https://infosec-conferences.com/events-in-2019/cyber-security-summit-boston/
 駭客攻防暨數位鑑識系列一(第1期) 11/7
 https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=384540
 網路攻擊鏈( Cyber Kill Chain)各階段實作 (6hr)  11/7
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384540
 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/8
 https://signupcybersec101.ithome.com.tw/
 BSides Charleston 11/9
 https://infosec-conferences.com/events-in-2019/bsides-charleston/
 Kotlin/Everywhere GDG Taoyuan - 運用 Ktor 建置一個以 Kotlin 打造的後端服務  11/9
 https://www.meetup.com/GDGTaoyuan/events/264776152/
 OpenInfra Day Taiwan 11/12
 http://openinfra.digitimes.com.tw/
 CLEAR Cyber Leaders Conference 11/12 ~ 11/13
 https://infosec-conferences.com/events-in-2019/clear-cyber-leaders-conference/
 Windows檔案系統及檔案還原 (6hr)  11/14
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384541
 Digital Internet Summit 11/14
 https://infosec-conferences.com/events-in-2019/digital-internet-summit/
 INTERFACE – Nebraska 11/14
 https://infosec-conferences.com/events-in-2019/interface-nebraska/
 SecureWV – Hack3rCon  11/15 ~ 11/17
 https://infosec-conferences.com/events-in-2019/securewv-hack3rcon/
 交通大學亥客書院-P006:高階網頁滲透測試 11/16
 https://hackercollege.nctu.edu.tw/?p=1092
 FS-ISAC Fall Summit 11/17 ~ 11/20
 https://infosec-conferences.com/events-in-2019/fs-isac-fall-summit/
 Microsoft IoT in Action 11/20
 https://www.iotinactionevents.com/event/taipei
 Infosecurity ISACA North America Expo and Conference 11/20 ~ 11/21
 https://infosec-conferences.com/events-in-2019/isaca-north-america-expo-conference/
 檔案特徵值比對與關鍵字搜尋 (2hr) Open Source數位鑑識工具實務操作 (5hr) 11/21
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384542
 Trend Micro CTF 2019 // Raimund Genes Cup  FINAL / NOVEMBER 23–24, 2019
 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html
 資安檢核核心技術及進階技術研討會11月26日至11月28日
 http://bit.ly/2TN2UtD
 人資人員必修的職安法規定 11/26
 https://www.accupass.com/event/1909121441141977826554
 模擬案例鑑識分析實務 (6hr)  11/28
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384543
 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/29
 https://signupcybersec101.ithome.com.tw/
 交通大學亥客書院-B015:惡意程式檢測 11/30
 https://hackercollege.nctu.edu.tw/?p=1098
 亞洲‧矽谷學院108年免費認證考試 11/30
 https://college.asvda.org.tw/
 Digital Summit Dallas  12/4
 https://infosec-conferences.com/events-in-2019/digital-summit-dallas/
 Kansas City Cyber Security Conference 12/5
 https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/
 CyberMaryland Conference 12/5 ~ 12/6
 https://infosec-conferences.com/events-in-2019/cybermaryland-conference/
 FutureCon Nashville Cyber Security Conference 12/11
 https://infosec-conferences.com/events-in-2019/futurecon-nashville/
 Utility Cyber Security Forum December 12/11
 https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/
 交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦  12/14
 https://hackercollege.nctu.edu.tw/?p=1094
 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

沒有留言:

張貼留言