資安事件新聞週報 2019/12/2 ~ 2019/12/6
1.重大弱點漏洞/後門/Exploit/Zero Day
MISP 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19379
Linux漏洞將允許駭客挾持VPN連線
https://ithome.com.tw/news/134652
安全預警- 某些華為設備中存在DoS安全漏洞
https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191204-03-dos-cn
IBM WebSphere eXtreme Scale Admin Console點擊劫持漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4109
IBM DataPower Gateway 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4621
HP Workstation BIOS安全特征问题漏洞
https://support.hp.com/us-en/document/c06318199
可重複的模擬攻擊技術在漏洞管理領域的應用
https://www.chainnews.com/zh-hant/articles/215260357729.htm
索尼再現網站安全漏洞宣布關閉隱患網頁
https://nosec.org/home/detail/3252.html
GoAhead Web 服務器又現關鍵漏洞
https://www.chainnews.com/zh-hant/articles/100479860666.htm
Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices
https://thehackernews.com/2019/12/goahead-web-server-hacking.html
Zmanda Management Console 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19469
CVE-2019-19082 CrOS: Vulnerability reported in Linux kernel
https://bugs.chromium.org/p/chromium/issues/detail?id=1030084
卡巴斯基安全軟件被發現漏洞可為黑客提供簽名代碼執行
https://www.cnbeta.com/articles/tech/917585.htm
Vulnerabilities Disclosed in Kaspersky, Trend Micro Products
https://www.securityweek.com/vulnerabilities-disclosed-kaspersky-trend-micro-products
Kaspersky Secure Connection - DLL Preloading and Potential Abuses (CVE-2019-15689)
http://bit.ly/2LrR5WC
Researchers disclose DLL loading vulnerabilities in Autodesk, Trend Micro, Kaspersky software
https://zd.net/38gaVhh
OpenBSD patches authentication bypass, privilege escalation vulnerabilities
https://zd.net/2OVvmIL
Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD
https://thehackernews.com/2019/12/openbsd-authentication-vulnerability.html
The most copied StackOverflow Java code snippet contains a bug
https://zd.net/2YnVHlN
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
金融科技展比炫 樂天銀行先搬日本純網銀服務搶先體驗
https://ec.ltn.com.tw/article/breakingnews/2993618
開放API第二階段望明年開放 客戶查詢帳戶資料更方便
https://money.udn.com/money/story/5613/4195075
IBM主機、中菲電腦帳務系統助攻,大昌證券推創新證券服務
https://www.cw.com.tw/article/article.action?id=5097924
樂天純網銀趕進度 最快6月開業
https://udn.com/news/story/7239/4196225
徵信科技唯一業者 CRIF中華徵信所秀TSP強項
https://www.chinatimes.com/realtimenews/20191129004544-260410?chdtv
13國FinTech新創齊聚台北金融科技展 機器人與區塊鏈吸睛
https://www.ctimes.com.tw/DispNews/tw/fintech/1911292004T3.shtml
英國來台推銷「金融科技聯盟」
https://www.chinatimes.com/realtimenews/20191129004409-260410?chdtv
純網銀最快明年第2季開業 國泰金總座李長庚不擔心衝擊
https://www.nownews.com/news/20191129/3786884/
LINE參2019台北金融科技展 秀日本用戶積分服務小額借貸
https://www.nownews.com/news/20191129/3786198/
歐洲央行副行長Guindos:全球金融穩定環境面臨挑戰
https://news.sina.com.tw/article/20191130/33496240.html
證交所推「逐筆交易」 台北金融科技展亮相
https://www.setn.com/News.aspx?NewsID=645369
FinTech Taipei2019台北金融科技展 財金公司「開放互通.數位創新」展區
https://news.sina.com.tw/article/20191129/33496004.html
LINE Bank評估推3大服務 首年拚數百萬用戶
https://udn.com/news/story/7239/4194706
金融科技展世貿競技 LINE Bank Q2底開業
https://www.cardu.com.tw/news/detail.php?39538
三家純網銀首度同臺亮相,LINE Bank拚明年6月開業、樂天商銀要緊貼樂天生態圈
https://www.ithome.com.tw/news/134518
驗證碼洩露卡被盜刷銀行擔責七成
https://www.chinanews.com/sh/2019/12-01/9021672.shtml
溢繳卡款逾50萬 金管會查洗錢 私菸案條款上路 銀行反彈:增成本惹民怨
https://tw.appledaily.com/highlight/20191202/UQGKAAVIWZXDHBF5B267OFHR5U/
FinTechSpace園區館展現8大金融共創成果
https://money.udn.com/money/story/5636/4198808
金融科技結合生態圈,樂天國際商業銀行2019科技展登場
https://ipop.sina.com.tw/posts/439200
雲端業最想爭取的客戶:開放金融資料上雲後,銀行業如何迎來數位轉型
https://www.inside.com.tw/article/18241-2019ESUN-FHC-fintech-talent2
林國良:資料交換 架高速公路
https://udn.com/news/story/7239/4201285?from=udn-ch1_breaknews-1-cate6-news
現場查獲500多張銀行卡詐騙團伙用網站漏洞獲利30餘萬元
http://news.xmnn.cn/xmnn/2019/12/03/100634282.shtml
《金融》星展銀導入API對接,自動化零時差理賠付款
http://bit.ly/2OM26V3
系統更新引風暴 南山人壽給金融業寶貴一課
https://money.udn.com/money/story/5613/4203309
數位金融的資安防護│ FinTech eMBA協力共創工作坊105期
http://bit.ly/2Rf8uFL
畢馬威:銀行網絡安全需加快升級
http://paper.wenweipo.com/2019/12/04/MC1912040005.htm
星展銀攜手安聯人壽導入API對接 零時差即時理賠付款
https://www.ettoday.net/news/20191203/1593343.htm
邁開職涯規劃起步 中國科大財金系校外教學提升學生金融科技專業
http://n.yam.com/Article/20191204920976
網路犯罪集團覬覦的銀行與金融業
https://blog.trendmicro.com.tw/?p=62446
網銀元年熱身戰 金融行動服務大打AI牌
https://tw.nextmgz.com/realtimenews/news/485316
數位身份檔案 未來銀行經營核心
http://bit.ly/2OTePoG
中信金、富邦銀混搭小新創的新銀行年代 區塊鏈錢包、超AI客服 4大金融科技明年改變你生活
https://money.udn.com/money/story/5613/4207670
排除資安、信心風險 AI助攻純網銀系統優勢
https://udn.com/news/story/6868/4209394
一小時轉移 89 億美元比特幣?!Bittrex 否認交易所遭駭客入侵
https://blockcast.it/2019/12/06/almost-9b-of-btc-moved-in-1-hour-hack-attacks-denied
2020純網銀來襲
https://udn.com/news/story/6868/4209357
全球銀行風險報告 業者憂遭網路戰波及
https://udn.com/news/story/7238/4208414
直追北韓「超級假美鈔」!美國秘勤局認證 台1100萬偽鈔與兆豐銀換鈔案同款
https://www.ettoday.net/news/20191206/1596084.htm
Web skimmer phishes credit card data via rogue payment service platform
http://bit.ly/2PjXzIh
Forget cybersecurity, it’s “hardsec” that will reinvent banking
http://bit.ly/33ZC9W1
3.電子支付/電子票證/行動支付/ pay/新聞及資安
迎接金融科技/劉燈城:電子支付 要安全便利
https://udn.com/news/story/7239/4201290
台灣人為何不愛行動支付? 行家揭暗黑真相:不敢用正常
https://www.nownews.com/news/20191203/3793722/
中小企支付系統存風險 全雲端保安部署助推動業務
http://bit.ly/2qqHyb1
4.虛擬貨幣/區塊鍊相關新聞及資安
智能合約之父:受信任第三方與安全漏洞
http://jiedion.com/portal.php?mod=view&aid=3407
教北韓用虛擬貨幣 前駭客在美被捕
https://www.cna.com.tw/news/aopl/201911300126.aspx
助北韓規避美國制裁被捕 知名駭客恐判刑20年
https://ec.ltn.com.tw/article/breakingnews/2994364
竊電挖5.41枚比特幣 判6個月沒收217萬追償6500萬
https://udn.com/news/story/7321/4197251
科技連結生活!區塊鏈技術研究團隊首度曝光
https://www.setn.com/News.aspx?NewsID=645435
他帶1500萬現金欲買泰達幣 台南高鐵站前2分鐘被劫走
http://bit.ly/2r0XFwj
泰達幣是什麼?男千萬現金交易慘被搶
http://bit.ly/2rGm3mW
台南虛擬貨幣強盜案 1嫌20萬交保3嫌聲押
http://bit.ly/2DDiKQ7
虛擬幣隱密難追蹤 犯罪集團「新歡」
https://udn.com/news/story/7315/4199304
今年前9個月全球加密貨幣盜竊量激增達44億美元
http://bit.ly/2Pgpvga
交易所遭駭不再是崩盤指標,區塊鏈標記系統可防治金融犯罪
https://blockcast.it/2019/12/02/blockchain-tracking-system-could-prevent-financial-crimes/
8家交易所持有超過195萬個BTC,加密貨幣投資者直呼太危險
https://news.knowing.asia/news/2121147c-3dbb-4427-b8f8-d2816c7765b4
安卓系統潛藏 StrandHogg 漏洞!資安業者:可讓駭客竊取加密錢包資訊
http://bit.ly/2sSQFlN
讓付款更輕鬆!開發者提議為比特幣建造一個新帳戶系統
https://news.knowing.asia/news/92354cb3-3270-419b-b089-4a518533384d
法院批准了瑞典的 Nordea 銀行禁止員工交易及持有加密貨幣的禁令
http://bit.ly/2qqr9U0
區塊鏈解東京奧運兩難題
http://bit.ly/2OTI0Im
科技連結生活!區塊鏈技術團隊曝光
http://bit.ly/2PoVnz8
智能合约安全与漏洞分析(四)
https://cloud.tencent.com/developer/article/1549563
米FBIがイーサリアム開発者を逮捕
https://crypto.watch.impress.co.jp/docs/news/1221722.html
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
Ginp銀行木馬使用螢幕覆蓋攻擊,竊取帳密和信用卡資料
https://blog.trendmicro.com.tw/?p=62820
阿根廷政府數據中心被勒索軟體攻擊,駭客要求支付比特幣
https://life.tw/?app=view&no=1007899
利用預判式機器學習技術交叉關聯靜態與動態行為特徵,實現更快、更精準的惡意程式偵測
https://blog.trendmicro.com.tw/?p=62678
Microsoft: Malware, ransomware, and cryptominer detections are down in 2019
https://zd.net/36aRqVO
Security Firm Prosegur Hit By Ryuk Ransomware
https://www.bankinfosecurity.com/security-firm-prosegur-hit-by-ryuk-ransomware-a-13456
The Threat of Ransomware and Doxing
https://www.bankinfosecurity.com/interviews/threat-ransomware-doxing-i-4528
Security Firm Prosegur Hit By Ryuk Ransomware
https://www.bankinfosecurity.com/security-firm-prosegur-hit-by-ryuk-ransomware-a-13456
Threat Analysis Unit (TAU) Threat Intelligence Notification: Ramnit Banking Trojan
https://malware.news/t/threat-analysis-unit-tau-threat-intelligence-notification-ramnit-banking-trojan/34825
New SectopRAT Trojan creates hidden second desktop to control browser sessions
https://www.zdnet.com/article/new-sectoprat-malware-creates-hidden-second-desktop-to-control-browser-sessions/
New SectopRAT: Remote access malware utilizes second desktop to control browsers
https://www.gdatasoftware.com/blog/2019/11/35548-new-sectoprat-remote-access-malware-utilizes-second-desktop-to-control-browsers
全球警方聯手摧毀惡意的遠端存取工具Imminent
https://www.ithome.com.tw/news/134548
Authorities take down 'Imminent Monitor' RAT malware operation
https://www.zdnet.com/article/authorities-take-down-imminent-monitor-rat-malware-operation/#ftag=RSSbaffb68
INTERNATIONAL CRACKDOWN ON RAT SPYWARE WHICH TAKES TOTAL CONTROL OF VICTIMS’ PCS
https://www.europol.europa.eu/newsroom/news/international-crackdown-rat-spyware-which-takes-total-control-of-victims%E2%80%99-pcs
Europol Shuts Down 'Imminent Monitor' RAT Operations With 13 Arrests
https://thehackernews.com/2019/11/europol-imminent-monitor-rat.html
Emotet - What's Changed
https://www.netscout.com/blog/asert/emotet-whats-changed
Ransomware Attacks on Businesses Have Doubled in 2019
https://www.webtitan.com/blog/ransomware-attacks-on-businesses-have-doubled-in-2019/
Massive Malvertising Campaign Uses Zero Day Exploit to Deliver Malware
https://www.webtitan.com/blog/massive-malvertising-campaign-uses-zero-day-exploit-to-deliver-malware/
マルウエア Emotet の感染に関する注意喚起
https://www.jpcert.or.jp/at/2019/at190044.html
Threat Analysis Unit (TAU) Threat Intelligence Notification: Ramnit Banking Trojan
https://malware.news/t/threat-analysis-unit-tau-threat-intelligence-notification-ramnit-banking-trojan/34825
Ingredion to deduct wages from employee paychecks following malware attack
http://bit.ly/2rYgkJs
61% of malicious ads target Windows users
https://www.zdnet.com/article/61-of-malicious-ads-target-windows-users/#ftag=RSSbaffb68
Beware of Thanksgiving eCard Emails Distributing Malware
https://www.bleepingcomputer.com/news/security/beware-of-thanksgiving-ecard-emails-distributing-malware/
PureLocker: the unusual ransomware that encrypts servers
https://www.pandasecurity.com/mediacenter/security/purelocker-ransomware-servers/
European International Airport Workstations Infected With Persistent Anti-CoinMiner Malware
http://bit.ly/2Lu2h5k
2019-12-02 - PCAP AND MALWARE FOR AN ISC DIARY (URSNIF INFECTION WITH DRIDEX)
https://www.malware-traffic-analysis.net/2019/12/02/index.html
TrickBot Widens Infection Campaigns in Japan Ahead of Holiday Season
https://securityintelligence.com/posts/trickbot-widens-infection-campaigns-in-japan-ahead-of-holiday-season/
A decade of malware: Top botnets of the 2010s
https://www.zdnet.com/article/a-decade-of-malware-top-botnets-of-the-2010s/#ftag=RSSbaffb68
Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
http://bit.ly/2PjDoKz
This trojan malware is being used to steal passwords and spread ransomware
https://www.zdnet.com/article/this-trojan-malware-is-being-used-to-steal-passwords-and-spread-ransomware/
Meet PyXie: A Nefarious New Python RAT
https://threatvector.cylance.com/en_us/home/meet-pyxie-a-nefarious-new-python-rat.html
PyXie RAT Trojan Malware Steals Credentials, Keylogs, Records Videos On Target Windows PCs
https://hothardware.com/news/pyxie-rat-trojan-discovered
Ginp Trojan Targets Android Banking App Users, Steals Login Credentials and Credit Card Details
http://bit.ly/2rZ4nmG
The latest variant of the new Ginp Android Trojan borrows code from Anubis
https://securityaffairs.co/wordpress/94533/cyber-crime/ginp-android-trojan-anubis.html
The Role of Evil Downloaders in the Android Mobile Malware Kill Chain
https://securityintelligence.com/posts/the-role-of-evil-downloaders-in-the-android-mobile-malware-kill-chain/
Two malicious Python libraries caught stealing SSH and GPG keys
https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/#ftag=RSSbaffb68
Microsoft: Malware, ransomware, and cryptominer detections are down in 2019
https://www.zdnet.com/article/microsoft-malware-ransomware-and-cryptominer-detections-are-down-in-2019/#ftag=RSSbaffb68
New Malware Campaign Uses Trojanized 'Tetris' Game: Report
https://www.bankinfosecurity.com/new-malware-campaign-uses-trojanized-tetris-game-report-a-13465
Notorious spy tool taken down in global operation
https://www.welivesecurity.com/2019/12/03/notorious-rat-spy-tool-global-operation/
ClamAV team shows off new Mussels dependency build automation tool
https://blog.talosintelligence.com/2019/12/clamav-team-shows-off-new-mussels.html
ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector
https://thehackernews.com/2019/12/zerocleare-data-wiper-malware.html
B.行動安全 / iPhone / Android /穿戴裝置 /App
開源廠商開發仿真器讓虛擬機秒變iPhone 蘋果:快收手
https://www.cnbeta.com/articles/tech/916345.htm
WhatsApp訊息自動刪除功能再更新 可自訂清洗時間日子
http://bit.ly/33z08LC
LINE台灣開發者大會 聚焦五大領域
http://bit.ly/2r042zS
監控再升級!中國今起買手機註冊門號得做臉部辨識
https://www.rti.org.tw/news/view/id/2043396
中國辦手機將強制「刷臉」監控 網民痛批「政府是在怕什麼?」
https://times.hinet.net/news/22677089
外/媒:中共監控國民 將手機武器化
http://bit.ly/35VDVt0
360互聯網安全中心:2019上半年安卓系統安全性生態環境研究
http://bit.ly/37Rv1yg
WhatsApp 被駭客入侵 印度準備對其進行安全審查
https://unwire.pro/2019/12/03/india-plans-security-audit-of-whatsapp/security/
可偽裝成正常應用程序,安卓又見新型漏洞Strandhogg
https://www.expreview.com/71913.html
FBI:視所有俄製Apps為潛在反間諜威脅
https://hk.on.cc/hk/bkn/cnt/amenews/20191203/bkn-20191203151021570-1203_00972_001.html
Android再爆漏洞 黑客假冒合法程式監控用戶
https://inews.hket.com/article/2512464
安卓高危漏洞讓500款應用中招,還教會了銀行木馬“隔山打牛”
https://www.leiphone.com/news/201912/yy2Xu5INwE0tQTbN.html
安卓手機存在漏洞嗎?別讓你的手機被人監視,網友:趕快去看
https://kknews.cc/tech/zylmx6p.html
安卓系統出現嚴重的漏洞,大部分亞太地區熱門的應用程序都容易受到攻擊
http://bit.ly/2RsoWT6
德國電訊叫停 5G 設備採購交易!待德政府決定會否禁華為參與
http://bit.ly/2DQBw6J
TrueDialog洩露千萬用戶數據谷歌修復安卓DoS漏洞
https://zhuanlan.zhihu.com/p/95591776
黑客藉假冒合法App 監控Android用戶
http://bit.ly/2RqekUQ
報告:Android漏洞允許黑客竊取加密錢包信息
https://kknews.cc/tech/gpxal6m.html
全球的Android系統漏洞可能會導致加密錢包和銀行數據被盜
http://www.528btc.com/blocknews/59170.html
事實證明,竊取比特幣錢包數據的漏洞對另外500個Android應用程序來說是危險的
https://0xzx.com/201912042304397751.html
逾八成購物程式不安全… 小心手機購物「賣掉」個資
https://money.udn.com/money/story/12524/4207756
IDC:5G 設施用中國,資安用另一國家方案的混合模式成部分國家的選項
http://bit.ly/34RZKtb
荷蘭將拍賣 5G 頻譜估進帳 9 億歐元,關注資安隱憂
http://technews.tw/2019/12/06/netherlands-to-auction-5g-spectrum/
iPhone 11 默默蒐集用戶定位? 蘋果官方回應:正常系統行為
https://newtalk.tw/news/view/2019-12-06/336730
Android 重大漏洞可致永久 DoS?用戶應盡快更新系統
http://bit.ly/2YoGbGl
New Facebook Tool Let Users Transfer Their Photos and Videos to Google
https://thehackernews.com/2019/12/facebook-google-photos-data.html
A Team of Hackers Created an Advanced Scheme Using SMS’s to Attack Smartphones by Phishing
https://www.msuiche.net/hackers-created-scheme-sms-attack-smartphones-phishing/
Russia's ‘Sandworm’ Hackers Also Targeted Android Phones
https://www.wired.com/story/sandworm-android-malware/
Smartphones hotspots of cyberattacks in India: Check Point
https://telecom.economictimes.indiatimes.com/news/smartphones-hotspots-of-cyberattacks-in-india-check-point/72315524
Android 'spoofing' bug helps targets bank accounts
https://www.bbc.com/news/technology-50605455?intlink_from_url=&link_location=live-reporting-story
Android: New StrandHogg vulnerability is being exploited in the wild
https://www.zdnet.com/article/android-new-strandhogg-vulnerability-is-being-exploited-in-the-wild/#ftag=RSSbaffb68
This cheap gadget can stop your smartphone or tablet being hacked at an airport, hotel or cafe
https://zd.net/33YNHZI
Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild
https://thehackernews.com/2019/12/strandhogg-android-vulnerability.html
80% of all Android apps encrypt traffic by default
https://www.welivesecurity.com/2019/12/05/80-percent-android-apps-encrypt-traffic/
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
工程師都愛的萊娜小姐 究竟是誰
https://www.digitimes.com.tw/col/article.asp?id=1129
微軟員工爆:現在Windows 7、8.1還可以免費升級Windows 10
https://ithome.com.tw/news/134543
商務人士自我保護、避免資安攻擊的10個方法:上篇
https://tuna.press/?p=13619
臉書用戶帳號遭到駭客盜用,以投放違禁品廣告
https://www.ithome.com.tw/news/134651
網路攻擊與金錢支助
https://talk.ltn.com.tw/article/paper/1337071
SF2伺服器遭受駭客攻擊,資料損壞,全體玩家道具、等級全數消失
https://forum.gamer.com.tw/C.php?bsn=60076&snA=5439362&tnum=1
《SF2 Online》玩家資料全洗白救不回,官方宣稱遭駭客入侵
https://tw.pikolive.com/news/4gamers/41362/sf2-online-user-data-all-gone
沒有節操的駭客組織排行,看這些就對了
https://ek21.com/news/tech/161544/
CIS 2019:騰訊安全聚焦前沿攻防技術,分享八大實踐經驗
https://www.csdn.net/article/a/2019-12-03/15985209
FBI警告智能電視機易被駭客攻擊
http://bit.ly/34QTjXi
FBI告誡智能電視用戶:請用黑膠帶遮鏡頭
https://www.ntdtv.com/b5/2019/12/03/a102721398.html
「薅羊毛」黑灰產鏈調查:犯罪群體低齡化明顯
https://news.sina.com.tw/article/20191203/33522098.html
獨家探訪華為布魯塞爾網絡安全透明中心能看到深圳總部源代碼
https://www.yicai.com/news/100421426.html
資安戰隊發另類年終 高貢獻度隊員可領逾5萬
https://www.cna.com.tw/news/ait/201912010114.aspx
層層掩護下的十多個 APT33 殭屍網路,鎖定亞洲在內的特定目標
https://blog.trendmicro.com.tw/?p=62824
Google發布關於國家駭客的攻擊報告
https://ek21.com/news/tech/161943/
《資訊戰爭》:網路永遠改變了混合戰,讓「格拉西莫夫準則」更為切合實際
https://www.thenewslens.com/article/127942
《資訊戰爭》導讀:我們已進入「民主危機浮現、民粹指控成常態」的準戰爭狀態
https://www.thenewslens.com/article/127941
衝著華為?印度擬限制外企參與資安產業
https://newtalk.tw/news/view/2019-12-02/334901
貿易戰下 台灣在國際資安產業凸顯角色
https://www.cna.com.tw/news/afe/201912030059.aspx
中國再祭網路大炮 試圖癱瘓香港連登論壇
https://udn.com/news/story/120538/4210163
北韓駭客小組,可能藏身於惡意軟體化身的假冒加密網站背後
http://bit.ly/2s2UPXE
調查外國干預 澳洲鎖定社群媒體平台
http://bit.ly/2qsrrtH
俄駭客網路竊取數千萬美元 在美被起訴
https://money.udn.com/money/story/5599/4209124
網攻造成1億多美元損失美FBI宣布俄頭號網絡通緝犯
https://m.soundofhope.org/post/319504
俄駭客網路竊取數千萬美元 在美被起訴
https://www.rti.org.tw/news/view/id/2043986
美懸賞500萬美元 俄高富帥駭客成全球頭號通緝犯
https://newtalk.tw/news/view/2019-12-06/336573
美國起訴並制裁散布金融惡意程式的俄羅斯駭客,發出500萬美元的高額懸賞
https://www.ithome.com.tw/news/134646
懸賞160萬元獎金!新加坡政府邀白帽駭客揪12個官方系統的資安漏洞
https://www.bnext.com.tw/article/55660/hackers-to-test-singapore-12-govt-systems-in-bug-bounty-programme
中國國內首家!騰訊「TSRC安全情報平台」免費開放
https://news.sina.com.tw/article/20191206/33574640.html
Google: Government-Backed Hackers Targeted 12,000 Users
https://www.bankinfosecurity.com/google-government-backed-hackers-targeted-12000-users-a-13458
Rise in Cyberattacks on Law Firms Highlights Need for Additional Security Layers
https://www.spamtitan.com/web-filtering/cyberattacks-on-law-firms-need-additional-security-layers/
Ciberdelitos: se registran 49 amenazas por minuto en la Argentina
https://www.lanacion.com.ar/seguridad/ciberdelitos-se-registran-49-amenazas-por-minuto-en-la-argentina-nid2311456
Russian hackers switched from Russian banks to foreign ones
https://www.ehackingnews.com/2019/12/russian-hackers-switched-from-russian.html
Surviving a Breach: 8 Incident Response Essentials
https://www.bankinfosecurity.com/surviving-breach-8-incident-response-essentials-a-13460
Trend Micro alerta de una escalada de riesgo
https://www.channelpartner.es/fabricantes/noticias/1115581001102/trend-micro-alerta-de-escalada-de-riesgo.1.html
Remember the viral app that aged you? FBI slams FaceApp as counterintelligence threat
https://www.zdnet.com/article/remember-the-viral-app-that-aged-you-fbi-slams-faceapp-as-counterintelligence-threat/#ftag=RSSbaffb68
Hackers Can Access, Manipulate Your Biometric Data Using Sophisticated Malware Attack
https://www.republicworld.com/technology-news/science/hackers-biometric-data-malware-attack.html
Authorities Dismantle Transnational Cybercrime Group
https://stockdailydish.com/authorities-dismantle-transnational-cybercrime-group/
Retailers, prepare wisely: DDoS remains a holiday threat
https://www.zdnet.com/article/retailers-prepare-wisely-ddos-remains-a-holiday-threat/#ftag=RSSbaffb68
Retailers, Prepare Wisely: DDoS Remains A Holiday Threat
https://go.forrester.com/blogs/retailers-prepare-wisely-ddos-remains-a-holiday-threat/
China resurrects Great Cannon for DDoS attacks on Hong Kong forum
https://www.zdnet.com/article/china-resurrects-great-cannon-for-ddos-attacks-on-hong-kong-forum/#ftag=RSSbaffb68
Europol Shuts Down Over 30,500 Piracy Websites in Global Operation
https://thehackernews.com/2019/12/counterfeit-piracy-websites.html
Avast and AVG Browser Extensions Spying On Chrome and Firefox Users
https://thehackernews.com/2019/12/avast-and-avg-browser-plugins.html
Top 5 Cybersecurity and Cybercrime Predictions for 2020
https://thehackernews.com/2019/12/cybersecurity-predictions-2020.html
資訊工程師
https://www.104.com.tw/job/6sr0j
櫃買中心徵才 12╱18截止
http://bit.ly/2OD90M0
資安軟體研發工程師
https://www.cakeresume.com/companies/blockchain-security/jobs/software-development-engineer-b97b9e
臺中市政府社會局招聘資安人員
http://www.1111edu.com.tw/edu_mobile/civil/detail.php?autono=62733
資安維運工程師 Security Operations Engineer (SecOps)
https://www.104.com.tw/job/6p2ar?jobsource=n104bank2
資安管理師/資安主管
https://www.104.com.tw/job/6smcw?jobsource=joblist_morej
〔資訊〕資訊安全管理師(台北)
https://www.104.com.tw/job/5gcqu?jobsource=joblist_morej
招聘| 阿里巴巴招聘情報體系專家
https://www.anquanke.com/post/id/194205
新安東京海上產物保險股份有限公司 資安管理人員
https://fel.cycu.edu.tw/wSite/public/Data/f1575513125078.pdf
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
「LINE 8種貼圖免費抽」 小心詐騙個資被偷光
https://www.nownews.com/news/20191128/3784860/
假新聞網站騙廣告 網址洩端倪
https://news.ltn.com.tw/news/world/paper/1335911
網購防詐騙 趨勢科技提出三種「防詐策略」
https://udn.com/news/story/7239/4199697
上億美國人的個人數據被駭客竊取
https://ek21.com/news/tech/162210/
加州少女告抖音 沒帳號卻疑遭蒐集個資
https://www.ntdtv.com/b5/2019/12/03/a102721512.html
多重身份驗證市場:2019-2025年全球行業報告分析,機遇和預測
http://bit.ly/2OZk1Yt
日本發生有史以來最大的個資洩漏事件
https://moptt.tw/p/Tech_Job.M.1575603850.A.958
中國網上公開販售人臉數據 黑色產業鏈悄然形成
https://www.cna.com.tw/news/firstnews/201912060127.aspx
詐騙集團假冒國內企業與機關網站事件不斷,近期中華郵政、鉅亨網與經濟部相繼發出警告
https://www.ithome.com.tw/news/134619
中國電信再次被曝重大漏洞可查上億用戶信息已關停相關服務器
https://finance.sina.com.cn/stock/relnews/us/2019-12-06/doc-iihnzahi5728865.shtml
Top gadgets for the security and privacy conscious (or the super paranoid!)
https://www.zdnet.com/article/top-gadgets-for-the-security-and-privacy-conscious-or-the-super-paranoid/#ftag=RSSbaffb68
Data of 21 million Mixcloud users put up for sale on the dark web
https://www.zdnet.com/article/data-of-21-million-mixcloud-users-put-up-for-sale-on-the-dark-web/#ftag=RSSbaffb68
Report: Millions of Americans at Risk After Huge Data and SMS Leak
https://www.vpnmentor.com/blog/report-truedialog-leak/?=truedialog-exposed-data
Mixcloud Breach Affects 21 Million Accounts
https://www.bankinfosecurity.com/mixcloud-breach-affects-21-million-accounts-a-13461
Most Brazilians believe companies don't protect their personal data
https://www.zdnet.com/article/most-brazilians-believe-companies-dont-protect-their-personal-data/#ftag=RSSbaffb68
Credit, Debit Card Fraud: Here is how you can avoid it and stay safe
https://www.financialexpress.com/money/credit-debit-card-fraud-here-is-how-you-can-avoid-it-and-stay-safe/1782078/
5 personal (and cheap) data privacy tools that scale for business
https://www.welivesecurity.com/2019/12/02/5-personal-cheap-data-privacy-tools-business/
Smith & Wesson Web Site Hacked to Steal Customer Payment Info
https://www.bleepingcomputer.com/news/security/smith-and-wesson-web-site-hacked-to-steal-customer-payment-info/
PAYMENT SKIMMERS TARGET SANGUINE
https://sansec.io/labs/2019/12/02/magecart-hackers-target-sanguine/
Most Brazilians believe companies don't protect their personal data
https://www.zdnet.com/article/most-brazilians-believe-companies-dont-protect-their-personal-data/#ftag=RSSbaffb68
Face scanning – privacy concern or identity protection
https://www.welivesecurity.com/2019/12/05/face-scanning-privacy-concern-identity-protection/
E.研究報告
Real World CTF技術論壇將啟極客嘉年華重磅來襲
https://www.csdn.net/article/a/2019-11-28/15984994
從滲透測試到漏洞掃描看我們如何對網站做安全防護
http://blog.itpub.net/31542418/viewspace-2666796/
從零淺析漏洞:文件讀取與下載漏洞
http://bit.ly/2qb41sI
CVE-2019-16759:vBulletin預認證遠程代碼執行漏洞分析
https://www.freebuf.com/vuls/218880.html
從lodash原型污染安全漏洞深入理解JavaScript原型機制
https://juejin.im/post/5ddfb304e51d4532d667b719
黑客漏洞利用知識點“Apache SoIrRCE漏洞分析”
https://zhuanlan.zhihu.com/p/94359495
Android勒索病毒分析(上)
https://paper.seebug.org/1085/
2020 年DevOps 的七大發展趨勢
https://www.cnbeta.com/articles/tech/916629.htm
Reverse Engineering iOS Applications
https://paper.seebug.org/1084/
月光再臨——MoonLight組織針對中東地區的最新攻擊活動剖析
https://ti.qianxin.com/blog/articles/anatomy-of-moonLight-attack-on-the-middle-east/
Google OpenTitan,硬件安全的泰坦之箭
https://security.tencent.com/index.php/blog/msg/138
【Java代碼審計入門-02】SQL擴展原理與實際案例介紹
https://xz.aliyun.com/t/6872
網站安全滲透測試基礎知識點大全
https://www.admin5.com/article/20191203/936171.shtml
可重複的模擬攻擊技術在漏洞管理領域的應用
https://www.4hou.com/vulnerable/21868.html
[經典技研堂] 誤打誤撞的出身 史上第一台小筆電:Asus EPC 701
https://www.cool3c.com/article/149556
追溯朝鮮APT組織Lazarus的攻擊歷程
https://www.freebuf.com/articles/system/221008.html
IIS短文件名洩露
https://cloud.tencent.com/developer/article/1547737
WebFuzzing 方法和漏洞案例總結
https://www.chainnews.com/zh-hant/articles/260879316797.htm
StrandHogg安卓漏洞分析
https://www.4hou.com/vulnerable/21903.html
揭秘美國網絡安全體系架構
https://www.freebuf.com/articles/network/221852.html
Strandhogg漏洞:Android系統上的維京海盜
https://www.freebuf.com/news/221933.html
針對Steam平台的攻擊分析
https://www.freebuf.com/articles/network/218771.html
Windows與Linux雙平台無文件攻擊:PowerGhost挖礦病毒最新變種感染多省份
https://www.freebuf.com/articles/system/219715.html
不傳之密:殺毒軟件開發,原理、設計、編程實戰
https://www.freebuf.com/articles/system/220061.html
Hack the box靶機實戰:Haystack
https://www.freebuf.com/articles/web/219163.html
挖礦處置手冊:安全研究員的套路都在這兒了
https://www.freebuf.com/articles/system/220132.html
阻擊“幻影”行動:奇安信斬斷東北亞APT組織“虎木槿”伸向國內重要機構的魔爪
https://www.freebuf.com/column/222127.html
黑客漏洞ssrf模糊匹配工具使用"Ssrfmap"
https://zhuanlan.zhihu.com/p/95590262
Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
http://bit.ly/2PjDoKz
Kilos: The Dark Web’s Newest – and Most Extensive – Search Engine
https://intsights.com/blog/kilos-the-dark-webs-newest-and-most-extensive-search-engine
Port Cybersecurity - Good practices for cybersecurity in the maritime sector
https://www.enisa.europa.eu/publications/port-cybersecurity-good-practices-for-cybersecurity-in-the-maritime-sector/
Imtiazkarimik23/ATFuzzer
https://github.com/Imtiazkarimik23/ATFuzzer
MITRE ATT&CK Website
https://attack.mitre.org
https://github.com/mitre-attack/attack-website
anonaddy/anonaddy
https://github.com/anonaddy/anonaddy
Product Warning! Chinese children’s watch reveals thousands of children’s data
https://www.iot-tests.org/2019/11/product-warning-chinese-childrens-watch-reveals-thousands-of-childrens-data/
Smartwatch exposes locations and other data on thousands of children
https://www.welivesecurity.com/2019/11/29/smartwatch-exposes-location-data-children/
Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-endtrade-finding-multi-stage-backdoors-that-tick/
Threat Hunting or Efficiency: Pick Your EDR Path
https://securingtomorrow.mcafee.com/enterprise/endpoint-security/threat-hunting-or-efficiency-pick-your-edr-path/
Sextortion scammers getting creative
https://blog.malwarebytes.com/cybercrime/2019/11/sextortion-scammers-getting-creative/
Threat Hunting with Function Imports
https://practicalsecurityanalytics.com/threat-hunting-with-function-imports/
m4ll0k/BurpSuite-Secret_Finder
https://github.com/m4ll0k/BurpSuite-Secret_Finder//
Red Team Diary, Entry #1: Making NSA’s PeddleCheap RAT Invisible
https://medium.com/@d.bougioukas/red-team-diary-entry-1-making-nsas-peddlecheap-rat-invisible-f88ccbdc484d
Red Team Diary, Entry #2: Stealthily Backdooring CMS Through Redis’ Memory Space
https://medium.com/@d.bougioukas/red-team-diary-entry-2-stealthily-backdooring-cms-through-redis-memory-space-5813c62f8add
Red Team Diary, Entry #3: Custom Malware Development (Establishing A Shell Through the Target’s Browser)
https://medium.com/@d.bougioukas/red-team-diary-entry-3-custom-malware-development-establish-a-shell-through-the-browser-bed97c6398a5
Blue Team Diary, Entry #1: Leveraging Osquery For Enhanced Incident Response & Threat Hunting (Free Video Training)
https://medium.com/@d.bougioukas/blue-team-diary-entry-1-leveraging-osquery-for-enhanced-incident-response-threat-hunting-70935538c9c3
To Survive a Data Breach, Create a Response Playbook
https://www.bankinfosecurity.com/to-survive-data-breach-create-response-playbook-a-13459
Report: APT gang increased cyberattacks on businesses in Q3
https://www.techrepublic.com/article/report-apt-gang-increased-cyberattacks-on-businesses-in-q3/
Teardown: Windows 10 on ARM - x86 Emulation
https://threatvector.cylance.com/en_us/home/teardown-windows-10-on-arm-x86-emulation.html
Analysis of Malicious ElectrumX Servers Source Code
http://www.peppermalware.com/2019/12/analysis-of-malicious-electrumx-servers.html
Newlib Unlink Heap Exploitation
https://blog.infosectcbr.com.au/2019/12/newlib-unlink-heap-exploitation.html
ATT&CK Website Docker
https://blacksmith.readthedocs.io/en/latest/attack_website_docker.html
SASM - simple crossplatform IDE for NASM, MASM, GAS and FASM assembly languages
https://github.com/Dman95/SASM
pdb++, a drop-in replacement for pdb (the Python debugger)
https://github.com/pdbpp/pdbpp
relentless-warrior/5GReasoner
https://github.com/relentless-warrior/5GReasoner
Exploiting XSS with 20 characters limitation
https://jlajara.gitlab.io/posts/2019/11/30/XSS_20_characters.html
Public SSH keys can leak your private infrastructure
https://rushter.com/blog/public-ssh-keys/
A tool for in-depth analysis of USB HID devices communication
https://github.com/ondrejbudai/hidviz
Easier Node.js streams via async iteration
https://2ality.com/2019/11/nodejs-streams-async-iteration.html
CTF box with most tools installed
https://github.com/boogy/ctfbox
Kerberos Domain Username Enumeration
https://www.attackdebris.com/?p=311
Backreferences in JavaScript regular expressions
https://www.stefanjudis.com/today-i-learned/backreferences-in-javascript-regular-expressions/
Extending IDA processor modules for GDB debugging
http://www.hexblog.com/?p=1371
dsdump
https://derekselander.github.io/dsdump/
Attack Monitor - Endpoint Detection And Malware Analysis Software
https://www.kitploit.com/2019/11/attack-monitor-endpoint-detection-and.html
Shellcoding: Finding EIP/RIP
https://blog.xenoscr.net/Finding-EIP/
Checkm8, Checkra1n and the new "golden age" for iOS Forensics
https://blog.digital-forensics.it/2019/11/checkm8-checkra1n-and-new-golden-age.html
MINDSHARE: HARDWARE REVERSING WITH THE TP-LINK TL-WR841N ROUTER - PART 2
https://www.thezdi.com/blog/2019/12/2/mindshare-hardware-reversing-with-the-tp-link-tl-wr841n-router-part-2
Win32 Shellcode - Hashed Reverse Shell
https://blackcloud.me/Win32-shellcode-hashed/
SMS Replacement is Exposing Users to Text, Call Interception Thanks to Sloppy Telecos
https://www.vice.com/en_us/article/j5ywxb/rcs-rich-communications-services-text-call-interception
BlueHat-2019-Seattle
https://github.com/ga1ois/BlueHat-2019-Seattle
Threat Research FIDL: FLARE’s IDA Decompiler Library
https://www.fireeye.com/blog/threat-research/2019/11/fidl-flare-ida-decompiler-library.html
Threat Research Excelerating Analysis – Tips and Tricks to Analyze Data with Microsoft Excel
https://www.fireeye.com/blog/threat-research/2019/12/tips-and-tricks-to-analyze-data-with-microsoft-excel.html
Threat Research Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)
https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html
Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
http://bit.ly/2YpgpBY
Iranian hackers deploy new ZeroCleare data-wiping malware
https://www.zdnet.com/article/iranian-hackers-deploy-new-zerocleare-data-wiping-malware/#ftag=RSSbaffb68
New Destructive Wiper “ZeroCleare” Targets Energy Sector in the Middle East
https://www.ibm.com/downloads/cas/OAJ4VZNJ
F.商業
SecBuzzer雲端資安情資服務平台
https://www.iii.org.tw/Product/TechLensDtl.aspx?tp_sqno=nhuy3AsZDkIy73PMgWUHLw__&fm_sqno=72
KubAnomaly:容器應用軟體資安診測與攻擊防禦系統
https://www.iii.org.tw/Product/TechLensDtl.aspx?tp_sqno=n9wnPK4y9LqvmWsiqrfoeg__&fm_sqno=72
資安業找新血 趨勢科技人資長:熱情學不來
https://www.cna.com.tw/news/afe/201912010075.aspx
GitHub 開源代碼分析引擎 CodeQL,同步啓動 3000 美元漏洞獎勵計劃
https://www.chainnews.com/zh-hant/articles/281213551749.htm
Check Point推出可加強IoT裝置韌體安全解決方案
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000573636_YB85W9164UEW205LH6EEC
0.3 秒快速領錢的關鍵在人臉辨識!NEC 強勢展出六大金融科技解決方案
https://buzzorange.com/techorange/2019/12/02/nec-facial-recognition/
【GREYCORTEX MENDEL人工智慧監控軟體】可補強SOC之不足 即時監控內部網路發現漏洞及提出警訊
https://www.bnext.com.tw/article/55720/greycortex-mendel-soc
UL:足夠資安評估 才能讓物聯遠離駭客攻擊
http://www.ctimes.com.tw/DispNews/tw/IOT/UL/1912031353N3.shtml
精誠攜手nCipher 進軍5G資安市場
https://udn.com/news/story/7240/4203242
精誠揪伴 攻資安防護
https://news.wearn.com/c392186.html
AiShield 在家戶網路大門設立網路檢查哨,讓家中所有連網設備都有防護罩
https://www.techbang.com/posts/74574-set-up-checkpoints-at-the-doors-of-the-homes-net-aishield
零壹科技積極參與台美跨國資安攻防演練 為捍衛資安防禦再創新頁
https://www.zerone.com.tw/Content/Product/7B74CD9ED3C72967
關貿網路新開發「資安閘門防護」 拚中小企業務
https://www.chinatimes.com/realtimenews/20191204003547-260410?chdtv
關貿網路搶資安商機 看準中小企業需求
https://www.setn.com/News.aspx?NewsID=648110
企業採用ISO 27001稽核程序,讓資安管理事半功倍
https://ithome.com.tw/pr/134604
大陸資安巨頭360 擬募資人民幣108億元
https://www.chinatimes.com/realtimenews/20191205005021-260410?chdtv
IBM 新專利防無人機包裹被盜 憑高度改變得知包裹動向
http://bit.ly/2PjjhMr
中華資安國際助企業抵禦多重威脅
https://www.digitimes.com.tw/iot/article.asp?cat=130&id=0000574156_T500D9LR63CR4S54Z39TT
缺技術、缺市場、缺人才都找他?專訪資策會,台灣數位內容產業幕後推手
https://technews.tw/2019/12/06/iii-digital-content-industry/
AWS公佈雲端防資料外洩、防詐欺工具
https://www.ithome.com.tw/news/134624
HackerOne awards $20,000 bug bounty for private data access vulnerability on its own platform
https://zd.net/2PlhHJX
Network security simplified with Amazon VPC Ingress Routing and Trend Micro
https://blog.trendmicro.com/network-security-simplified/
G.政府
教育部與趨勢科技攜手合作,打造網路守護天使2.0
https://www.techbang.com/posts/74575-ministry-of-education-and-trend-micro-work-together-to-create-cyberguardian-angel-20
國家資通安全情勢報告
http://bit.ly/2Y9vqaT
106-109年國家資通安全發展方案
http://bit.ly/360q5Wj
107年公務機關資安稽核概況報告
http://bit.ly/35IdPcK
國防部:營區平板有線連結軍網 不需無線網路
https://www.cna.com.tw/news/aipl/201912020232.aspx
值星官能用「接線」平板排哨了 國防部:部隊急需
https://udn.com/news/story/10930/4200915
買平板沒Wi-Fi無用? 國軍澄清:是用軍網
https://news.ltn.com.tw/news/politics/paper/1336351
不懂市價行情?國軍出手買平板一台預算近 5 萬元
https://3c.ltn.com.tw/news/38794
行政院5G專網頻譜規劃出爐
https://ithome.com.tw/news/134638
保障病安 強化資安 健保醫療資訊雲端系統為您把關
https://www.mohw.gov.tw/cp-16-50429-1.html
專家傳真-發行晶片身分證 請政府停看聽
http://bit.ly/34WAstL
防中共介選 台嚴查假訊息、地下匯兌
http://www.epochtimes.com/b5/19/12/6/n11704410.htm
因應5G時代 蔡總統:研議設立數位發展主管機關
https://www.ydn.com.tw/News/362792
5G專網頻譜政院通過 蘇貞昌:台灣將邁入5G世代
https://living.taronews.tw/2019/12/05/549912/
H.ICS/SCADA 工控系統
Schneider Electric Modbus Serial Driver資源管理錯誤漏洞
https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/
利用震網三代和某PLC漏洞組合攻擊工控系統
https://www.ics-cert.org.cn/portal/page/111/e0c2891ce6b948f5b291d68d2e3ed83d.html
防黑客攻擊車聯網聯合安全實驗室啟動
https://www.autohome.com.cn/news/201912/953885.html
ICS Advisory (ICSA-19-330-01) ABB Relion 670 Series
https://www.us-cert.gov/ics/advisories/icsa-19-330-01
LEN-27687 FPT Software 應對Texas Instruments TPS65988 USB Type-C Power Delivery Controller Driver 漏洞
http://iknow.lenovo.com/detail/dc_185930.html
A Notorious Iranian Hacking Crew Is Targeting Industrial Control Systems
https://www.wired.com/story/iran-apt33-industrial-control-systems/
I.教育訓練
簡明 Linux Shell Script 入門教學
https://blog.techbridge.cc/2019/11/15/linux-shell-script-tutorial/
e科技的資安分析與關鍵證據: 數位鑑識
http://bit.ly/33RmYOZ
108 年度全國職場達人盃 資安實戰攻防競賽公開題目
http://bit.ly/33UOyKY
How to perform reverse engineering using IDA Pro
https://www.peerlyst.com/posts/how-to-perform-reverse-engineering-using-ida-pro-abhinav-singh?trk=search_page_search_result
Malware Analysis | Legion Credential Stealer/Backdoor [PowerShell]
https://www.youtube.com/watch?v=aj56VYpbhzQ&feature=youtu.be
Excel 4.0 Macros Analysis - Cobalt Strike Shellcode Injection
https://www.youtube.com/watch?v=XnN_UWfHlNM&feature=youtu.be&t=905
CTHoW v2.0 - Cyber Threat Hunting on Windows
https://www.peerlyst.com/posts/cthow-v2-0-cyber-threat-hunting-on-windows-huy-kha?trk=explore_page_posts_recent_feed_entry
How to perform Open-Source Intelligence (OSINT)
https://www.peerlyst.com/posts/how-to-perform-open-source-intelligence-osint-chiheb-chebbi
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
IoT 物聯網隱私被「駭」?UL 分享 IoT 安全評等揭密產品資安能力
http://bit.ly/2OZnRzz
駭入門檻低 居家監看憂隱私外洩
http://bit.ly/35QBAiP
印尼將以 AI 取代兩名高官 望增加政府運作流暢度
https://unwire.hk/2019/12/01/indonesia-will-replace-some-civil-servants-with-ai/fun-tech/
新AI職業誕生!未來75%大型企業必須僱用「人工智慧檢查官」
https://www.bnext.com.tw/article/55773/artificial-intelligence-specialist
IoT安全評等把關連網裝置安全
https://www.eettaiwan.com/news/article/20191202NT12-IoT-security-rating-ensures-connected-device-security
推動更安全的移動服務,從驗證與資安看自駕車發展
http://bit.ly/350IsKs
IoT bills and guidelines: a global response
https://blog.malwarebytes.com/cybercrime/privacy/2019/11/iot-bills-and-guidelines-a-global-response/
Explained: juice jacking
https://blog.malwarebytes.com/explained/2019/11/explained-juice-jacking/
Top Raspberry Pi alternatives for 2020
https://www.zdnet.com/article/top-raspberry-pi-alternatives-for-2020/#ftag=RSSbaffb68
6.近期資安活動及研討會
Vue.js 新手村,前端實戰入門 12/7
https://hackersir.kktix.cc/events/20191112vuejs
FutureCon Nashville Cyber Security Conference 12/11
https://infosec-conferences.com/events-in-2019/futurecon-nashville/
「Log管理 x 營業秘密」研討會 12/11
https://www.accupass.com/event/1911110922137590408650
Utility Cyber Security Forum December 12/11
https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/
交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦 12/14
https://hackercollege.nctu.edu.tw/?p=1094
台灣駭客年會 HITCON Winter Training 2019 12/16
https://hitcon.kktix.cc/events/hitcon-winter-training-2019
台灣駭客年會 HITCON Winter Training 2019 - 學生報名 12/16
https://hitcon.kktix.cc/events/hitcon-winter-training-2019-student
Japan Security Analyst Conference
https://jsac.jpcert.or.jp/
PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world
沒有留言:
張貼留言