資安事件新聞週報 2020/4/20 ~ 2020/4/24
1.重大弱點漏洞/後門/Exploit/Zero Day
Google Chrome 記憶體釋放後使用漏洞
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html
Google Chrome爆重大安全漏洞 20億用家或陷攻擊風險
https://bit.ly/3auiykn
蘋果電郵程式存漏洞 5億用戶陷資料被盜風險
http://www.takungpao.com.hk/international/text/2020/0423/440693.html
蘋果電郵應用程式有漏洞 5億iPhone用戶易受駭客攻擊
https://tw.appledaily.com/international/20200423/WQ2FFRDG6FUIRR4WV424H4E5XM/
郵件程式爆漏洞!空白郵件別亂點…五億用戶成駭客眼中大肥羊
https://cnews.com.tw/137200423a02/
iPhone郵件爆資安漏洞 蘋果研發修補程式
https://money.udn.com/money/story/5602/4515036
iPhone Mail應用程式爆資安漏洞!5億支iPhone易受攻擊
https://www.ettoday.net/news/20200423/1698054.htm
Apple investigating report of a new iOS exploit being used in the wild
https://www.zdnet.com/article/apple-investigating-report-of-a-new-ios-exploit-being-used-in-the-wild/#ftag=RSSbaffb68
iPhone與iPad有安全漏洞 收到空白電郵可能遭駭
https://www.cna.com.tw/news/firstnews/202004230046.aspx
研究:iOS Mail App爆存在8年的零時差漏洞,無需點擊就被駭
https://www.ithome.com.tw/news/137163
Liferay Portal –利用遠程執行代碼漏洞(CERT-EU安全通報2020-022)
https://digitpol.hk/zh-TW/liferay-portal-exploited-remote-code-execution-vulnerabilities-cert-eu-security-advisory-2020-022/
微軟遠端桌面用戶端漏洞可讓駭客執行遠端程式碼,但微軟不願修補
https://www.ithome.com.tw/news/137136
微軟緊急修補Office及小畫家3D的遠端程式攻擊漏洞
https://www.ithome.com.tw/news/137165
TVN/CVE漏洞資訊 - iCatch DVR
http://net.nthu.edu.tw/2009/mailing:announcement:20200420_02
TVN/CVE漏洞資訊 - HGiga C&Cmail
http://net.nthu.edu.tw/2009/mailing:announcement:20200420_01
That critical VMware vuln allowed anyone on your network to create new admin users, no creds needed
https://www.theregister.co.uk/AMP/2020/04/17/vmware_vcenter_critical_vuln_anyone_create_admin_users/
美國國土安全部督促使用者修補Pulse Secure VPN漏洞
https://www.ithome.com.tw/news/137095
CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers
https://thehackernews.com/2020/04/pulse-secure-vpn-vulnerability.html
Intel 發表四月平台資安更新,修復多個嚴重資安漏洞
https://www.twcert.org.tw/tw/cp-104-3553-6a9f7-1.html
April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
https://newsroom.trendmicro.com/blog/security-intelligence/april-patch-tuesday-fixes-font-related-microsoft-sharepoint-windows-com-0
Windows 10 KB4549951 update is causing BSOD, Bluetooth and WiFi issues, random system crashes
https://mspoweruser.com/windows-10-kb4549951-bsod-bluetooth-bug/
Windows 10 SMBGhost 漏洞 RCE PoC 公佈
https://www.chainnews.com/zh-hant/articles/366966166339.htm
Security researcher discloses four IBM zero-days after company refused to patch
https://www.zdnet.com/article/security-researcher-discloses-four-ibm-zero-days-after-company-refused-to-patch/#ftag=RSSbaffb68
多款NETGEAR產品跨站請求偽造漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18848
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
金融業超前部署!滙豐台灣隔離管理學:每通電話都錄音,提醒「不能做的事」
https://www.wealth.com.tw/home/articles/25361
澳門正研究設立人民幣計價證券交易所
https://bit.ly/3cARS2G
超前部署跑第一 金融業194家啟動異地、居家辦公
https://tw.appledaily.com/property/20200423/RLUY3IJ3WARE7RM6U2I7OCM5PY/
【防疫惹議】新光金居家辦公爭議 專家:應減少人群接觸
https://tw.appledaily.com/property/20200423/MUOFIJHBNHFSWXCMEU6Q6XLLTM/
Sustainability, data key to survival for new players eyeing Singapore's digital bank market
https://www.zdnet.com/article/sustainability-data-key-to-survival-for-new-players-eyeing-singapores-digital-bank-market/#ftag=RSSbaffb68
Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker
https://securityaffairs.co/wordpress/101637/mobile-2/portuguese-banking-android-trojan.html
Attackers are using a Brazilian hacking tool against Spanish banks
https://www.cyberscoop.com/attackers-using-brazilian-hacking-tool-spanish-banks/
Grandoreiro Malware Now Targeting Banks in Spain
https://securityintelligence.com/posts/grandoreiro-malware-now-targeting-banks-in-spain/
Payment distancing: Apple and Google, we need our cashless society even more in pandemic times
https://www.zdnet.com/article/payment-distancing-apple-and-google-we-need-our-cashless-society-even-more-now/
3.電子支付/電子票證/行動支付/ pay/新聞及資安
傳統實體代幣轉向行動支付,大魯閣改造IT要重塑顧客體驗
https://www.ithome.com.tw/people/137097
傳 Facebook 將聯合 Gojek 等印尼公司推跨平台行動支付服務
https://technews.tw/2020/04/22/facebook-three-indonesian-firms-in-early-talks-for-mobile-payment-approval/
無接觸商機、電子支付帶領台灣邁入新消費時代
https://health.udn.com/health/story/120952/4511233
北市公有停車場月票 柯文哲指示悠遊付跟上
https://www.cna.com.tw/news/aloc/202004240213.aspx
〈財經週報-電支電票二合一〉電支電票二合一 轉帳紅利共享共用
https://ec.ltn.com.tw/article/paper/1367149
4.虛擬貨幣/區塊鍊相關新聞及資安
財政部解釋令:3000萬元以下 STO 比照實體有價證券,課徵 1‰ 交易稅
https://www.blocktempo.com/sto-transfer-taxes-will-be-including-in-securities-transaction-tax-act/
中國央行數位貨幣 (DCEP) 已在內測階段,它最終會長什麼樣子
https://www.blocktempo.com/china-dcep-testing-phrase-payment-centralbank-commercialbanks/
支付寶證實參與中國「數位人民幣 DCEP 」開發,傳 5 月最先在蘇州落地
https://www.blocktempo.com/china-dcep-will-pilot-in-suzhou/
央行數字貨幣落地 蘇州用以發放交通補貼
https://www.ntdtv.com/b5/2020/04/18/a102826185.html
dForce楊民道發布「東山再起」宣言,駭客正試圖與他們聯繫
https://www.blocktempo.com/dforce-lendfme-hacked-investigation-comeback-defi/
區塊鏈金融平臺dForce的加密貨幣資產幾乎被盜領一空
https://www.ithome.com.tw/news/137106
香港證監會批准第一支比特幣基金!Arrano 放眼首年 1 億美元
https://www.blocktempo.com/hong-kong-s-first-approved-crypto-fund/
黑客已歸還Lendf.Me 幾乎所有被盜取資產
https://www.panewslab.com/zh_hk/articledetails/1587448754450049.html
Lendf.me 神轉折!駭客將「7.5億贓款」全數歸還,疑因經驗不足 IP 洩漏身份遭掌握
https://www.blocktempo.com/endf-me-attacker-screws-up-returns-all-the-stolen-funds/
信件真偽檢測 區塊鏈即時防詐
http://www.netadmin.com.tw/netadmin/zh-tw/market/E2FD1711883B493AAD45DFFBA47B0699
Hackers steal $25 million worth of cryptocurrency from Uniswap and Lendf.me
https://www.zdnet.com/article/hackers-steal-25-million-worth-of-cryptocurrency-from-uniswap-and-lendf-me/
This is what happens to cryptocurrency paid out in sextortion campaigns
https://www.zdnet.com/article/this-is-what-happens-to-the-cryptocurrency-paid-out-through-sextortion-campaigns/#ftag=RSSbaffb68
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
Google:Gmail每天擋下1,800萬封與武漢肺炎有關的惡意郵件
https://www.ithome.com.tw/news/137082
網路駭侵事件與資安提醒
https://announce.pu.edu.tw/p/404-1037-8141-1.php?Lang=zh-tw
Tomcat Server存在Ghostcat漏洞,有中國駭客在臺灣校園網站上傳BiFrost後門程式
https://www.ithome.com.tw/news/137074
TrickBot木馬將獲取交易身份驗證碼的應用推向德國銀行客戶
https://www.freebuf.com/articles/terminal/231903.html
假借武漢肺炎最新資訊名義為誘餌,間諜軟體鎖定兩大行動裝置平臺收集各式資料
https://www.ithome.com.tw/news/137061
美國多家大型航太製造業者遭勒贖攻擊,拒付贖款後機密內容遭曝光
https://www.twcert.org.tw/tw/cp-104-3555-3819e-1.html
大型IT服務業者Cognizant證實遭到Maze勒索軟體攻擊
https://www.ithome.com.tw/news/137112
快遞到貨通知,要求確認收據地址,打開ACE檔就中毒
https://blog.trendmicro.com.tw/?p=63942
駭客散布勒索恐嚇郵件詐騙使用者
https://www.twcert.org.tw/tw/cp-104-3568-0207d-1.html
PoetRAT Trojan targets energy sector using coronavirus lures
https://www.zdnet.com/article/poetrat-trojan-targets-energy-sector-using-coronavirus-lures/#ftag=RSSbaffb68
PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors
https://blog.talosintelligence.com/2020/04/poetrat-covid-19-lures.html
Deconstructing an Evasive Formbook Campaign Leveraging COVID-19 Themes
https://www.fortinet.com/blog/threat-research/deconstructing-an-evasive-formbook-campaign-leveraging-covid-19-themes.html
COVID-Themed Lures Target SCADA Sectors With Data Stealing Malware
https://thehackernews.com/2020/04/coronavirus-scada-malware.html
PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors
https://blog.talosintelligence.com/2020/04/poetrat-covid-19-lures.html
Coronavirus-themed attacks April 12 – April 18, 2020
https://securityaffairs.co/wordpress/101868/cyber-crime/coronavirus-themed-attacks-april-12-april-18-2020.html
Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository
https://thehackernews.com/2020/04/rubygem-typosquatting-malware.html
Clipboard hijacking malware found in 725 Ruby libraries
https://www.zdnet.com/article/clipboard-hijacking-malware-found-in-725-ruby-libraries/#ftag=RSSbaffb68
Ransomware Recovery in the 'New Normal'
https://www.bankinfosecurity.com/interviews/ransomware-recovery-in-new-normal-i-4658
Corporate users at most hacking risk from banking malware attacks: Report
https://www.thenewsminute.com/article/corporate-users-most-hacking-risk-banking-malware-attacks-report-122824
KPOT Analysis: Obtaining the Decrypted KPOT EXE
https://isc.sans.edu/diary/KPOT+Analysis%3A+Obtaining+the+Decrypted+KPOT+EXE/26014
Maldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store
https://isc.sans.edu/diary/rss/26036
Weaponized RTF Document Generator & Mailer in PowerShell
https://isc.sans.edu/diary/Weaponized+RTF+Document+Generator+%26+Mailer+in+PowerShell/26030
Discord users tempted by bots offering “free Nitro games”
https://blog.malwarebytes.com/cybercrime/2020/04/discord-users-tempted-by-bots-offering-free-nitro-games/
New AgentTesla variant steals WiFi credentials
https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-variant-steals-wifi-credentials/
Emotet JavaScript downloader
https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-javascript-downloader/
OSINT Investigation: Cerberus and the INPS
https://bushidotoken.blogspot.com/2020/04/osint-investigation-cerberus-and-inps.html
Linux Malware: The Truth About This Growing Threat
https://linuxsecurity.com/features/features/linux-malware-the-truth-about-this-growing-threat?showall=1
Understanding the relationship between Emotet, Ryuk and TrickBot
https://blog.intel471.com/2020/04/14/understanding-the-relationship-between-emotet-ryuk-and-trickbot/
2019 IoT Advanced Malware Threat (AMT ) Research Notes
https://docs.google.com/spreadsheets/d/1UMBFtWxfc40TAF4AIXkPZYBD8uBE6xP2HVs9dRHlTF8/edit#gid=0
Cybercriminal group mails malicious USB dongles to targeted companies
https://www.csoonline.com/article/3534693/cybercriminal-group-mails-malicious-usb-dongles-to-targeted-companies.html#tk.rss_all
IT Services Giant Cognizant Hit by Maze Ransomware Cyber Attack
https://gbhackers.com/it-services-giant-cognizant-hit-by-maze-ransomware-cyber-attack/
PSA: If You Get a 'Best Buy Gift Card' on a USB Drive in the Mail, Don't Plug It Into Your PC
https://www.pcmag.com/news/psa-if-you-get-a-best-buy-gift-card-on-a-usb-drive-in-the-mail-dont-plug
Researchers Discover Coronavirus Malicious Applications: What you Should Know
https://medium.com/@janettompson/researchers-discover-coronavirus-malicious-applications-what-you-should-know-a6273ee361f
Trickbot malware is using these unique 'macro-laced' document attachments with a coronavirus theme
https://www.zdnet.com/article/trickbot-malware-is-using-these-unique-macro-laced-document-attachments-with-a-coronavirus-theme/
Mootbot Botnet Targets Fiber Routers with Dual Zero-Days
https://threatpost.com/mootbot-fiber-routers-zero-days/154962/
Multiple fiber routers are being compromised by botnets using 0-day
https://blog.netlab.360.com/multiple-fiber-routers-are-being-compromised-by-botnets-using-0-day-en/
New Coronavirus screenlocker malware is extremely annoying
https://www.bleepingcomputer.com/news/security/new-coronavirus-screenlocker-malware-is-extremely-annoying/#.Xp7pPyK0P1M.twitter
COVID-19 Phishing Emails Mainly Contain TrickBot: Microsoft
https://www.bankinfosecurity.com/covid-19-phishing-emails-mainly-contain-trickbot-microsoft-a-14149
Unkillable xHelper and a Trojan matryoshka
https://securelist.com/unkillable-xhelper-and-a-trojan-matryoshka/96487/#comment-3112205
Hackers have breached 60 ad servers to load their own malicious ads
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/#ftag=RSSbaffb68
NSA shares list of vulnerabilities commonly exploited to plant web shells
https://www.zdnet.com/article/nsa-shares-list-of-vulnerabilities-commonly-exploited-to-plant-web-shells/#ftag=RSSbaffb68
Guidance for mitigation web shells. #nsacyber
https://github.com/nsacyber/Mitigating-Web-Shells
A look at the ATM/PoS malware landscape from 2017-2019
https://securelist.com/atm-pos-malware-landscape-2017-2019/96750/
Following ESET’s discovery, a Monero mining botnet is disrupted
https://www.welivesecurity.com/2020/04/23/eset-discovery-monero-mining-botnet-disrupted/
B.行動安全 / iPhone / Android /穿戴裝置 /App
【遠端有數,資安要顧】趨勢科技:手機釣魚軟體假冒防疫 App 偷定位、拍照
https://www.inside.com.tw/article/19555-spyware-and-phishing-notice
Zoom強調免費用戶資料不會傳回中國大陸,那台灣呢
https://www.bnext.com.tw/article/57350/zoom-privacy-policy
留著中國血液 ZOOM〈一〉:在牆內資安是黨的事情
https://bit.ly/3eyC7eA
中國基督徒用ZOOM復活節禮拜 公安上門抓人
https://newtalk.tw/news/view/2020-04-19/393981
近期Zoom的資安事件總覽
https://www.ithome.com.tw/news/137058
Zoom強化資安顯成效 新加坡教育部重新開放教師使用
https://newtalk.tw/news/view/2020-04-21/394754
Zoom達成90天資安計劃里程碑 發布Zoom 5.0
https://www.chinatimes.com/realtimenews/20200423001773-260412?chdtv
Zoom adds data center routing, security updates
https://www.zdnet.com/article/zoom-adds-data-center-routing-security-updates/#ftag=RSSbaffb68
Zoom isn’t actually end-to-end encrypted
https://www.theverge.com/2020/3/31/21201234/zoom-end-to-end-encryption-video-chats-meetings
Keep Zoombombing cybercriminals from dropping a load on your meetings
https://blog.malwarebytes.com/how-tos-2/2020/04/keep-zoombombing-cybercriminals-from-dropping-a-load-on-your-meetings/
22校長學習架設Jitsimeet伺服器
https://times.hinet.net/news/22865674
4G災防警告PWS系統介紹:細胞簡訊原理、手機警報訊息教學
https://www.cool3c.com/article/152131
Webhooks URL洩漏可致Slack用戶受釣魚攻擊
https://www.ithome.com.tw/news/137038
抖音驚傳流量傳輸未加密,恐造成中間人攻擊,並藉此傳送假訊息
https://www.ithome.com.tw/news/137083
疫情期間通訊安全-深度解析加密通訊軟體 Signal
https://www.techbang.com/posts/77913-communication-security-depth-resolution-encrypted-communication-software-signal-during-the-outbreak
Webex, Teams, Meet, Jitsi 8款視訊會議軟體需求測試比較表格
https://www.playpcesor.com/2020/04/webex-teams-meet-jitsi-8.html
不怕 GPS 定位洩漏隱私,最好用的疫情追蹤技術就是人人都有的「藍芽」
https://buzzorange.com/techorange/2020/04/23/bluetooth-virus/
WhatsApp Users To Get This Killer New Update: Just Perfect Timing
https://www.forbes.com/sites/zakdoffman/2020/04/19/whatsapp-users-to-get-this-killer-new-update-just-perfect-timing/
France asks Apple to relax iPhone security for coronavirus tracking app development
https://www.zdnet.com/article/france-asks-apple-to-relax-iphone-security-for-coronavirus-tracking-app-development/
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
分流上班、分班在家工作,疫情帶來的資安挑戰, 您準備好了嗎
https://bit.ly/3cJhcnb
任天堂驚傳大量帳號遭駭 官方建議兩步驟驗證保護資料
https://game.udn.com/game/story/10453/4508274?form=udn_ch2_common3_cate
任天堂玩家帳號爆大量外洩!官方建議補救辦法
https://3c.ltn.com.tw/news/40173
Nintendo accounts are getting hacked and used to buy Fortnite currency
https://www.zdnet.com/article/nintendo-accounts-are-getting-hacked-and-used-to-buy-fortnite-currency/#ftag=RSSbaffb68
Switch現安全漏洞?大批玩家投訴帳戶被異常登陸
https://bit.ly/2VrbG2P
美商懸賞300萬破解自家遊戲…卻遭爆料遊戲「不單純」
https://www.setn.com/News.aspx?NewsID=729690
協助研究人員度過疫情難關,Google將發給獎金1,300美元
https://www.ithome.com.tw/news/137138
紐時:Dropbox曾私下找駭客調查Zoom的安全漏洞
https://www.ithome.com.tw/news/137116
伺服器設定錯誤,臉部辨識技術公司 Clearview 不小心公開原始碼
https://technews.tw/2020/04/21/clearview-ais-source-code-and-app-data-exposed-in-cybersecurity-lapse/
反守為攻的不對稱資訊戰
https://talk.ltn.com.tw/article/paper/1367097
趨勢科技:駭客利用「冠狀病毒」進行新一波網路攻擊
https://money.udn.com/money/story/5648/4504607
教授林盈達︰中國部分軟體 有資安危機
https://m.ltn.com.tw/news/life/paper/1366697
人權團體批默許「網路監控」 聯合國暫緩與騰訊合作
https://m.ltn.com.tw/news/world/breakingnews/3137402
俄羅斯封城實施「數位通行證」 一上線就當機惹民怨
https://www.ftvnews.com.tw/news/detail/2020418I10M1
捷克接連遭網攻 布拉格機場與地區醫院都遭鎖定
https://www.ydn.com.tw/News/380423
捷克官方示警恐有網攻 隔天醫院伺服器就受攻擊
https://news.ltn.com.tw/news/world/breakingnews/3137455
駭客趁疫情作亂 捷克2座醫院遭網攻引美關切
https://money.udn.com/money/story/5599/4501137
Google:至少有12個國家級駭客組織利用疫情展開攻擊
https://www.ithome.com.tw/news/137176
Findings on COVID-19 and online security threats
https://www.blog.google/technology/safety-security/threat-analysis-group/findings-covid-19-and-online-security-threats/
對抗中國網戰 國防部射五箭
https://news.ltn.com.tw/news/politics/paper/1367371
中國網軍年後拼復工,以武漢肺炎議題為餌,鎖定臺灣政府和醫療智庫學者發動攻擊
https://www.ithome.com.tw/news/137187
FBI示警 疫苗研發機構遭駭客鎖定
https://news.ltn.com.tw/news/world/paper/1366755
Chinese hackers targeted company behind 'Ragnarok Online' MMORPG
https://www.zdnet.com/article/chinese-hackers-targeted-company-behind-ragnarok-online-mmorpg
WINNTI GROUP: Insights From the Past
https://quointelligence.eu/2020/04/winnti-group-insights-from-the-past/
CrowdStrike: Ongoing Pirate Panda operations using current event themes
https://www.scribd.com/document/451284814/CrowdStrike-Ongoing-Pirate-Panda-operations-using-current-event-themes#download
China-linked ‘Electric Panda’ hackers seek U.S. targets, intel agency warns
https://www.politico.com/amp/news/2020/04/16/china-electric-panda-hackers-seek-us-targets-191220
Gamaredon APT Group Use Covid-19 Lure in Campaigns
https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/
FBI: Hackers Targeting US COVID-19 Research Facilities
https://www.bankinfosecurity.com/fbi-hackers-targeting-us-covid-19-research-facilities-a-14138
FBI says cybercrime reports quadrupled during COVID-19 pandemic
https://www.zdnet.com/article/fbi-says-cybercrime-reports-quadrupled-during-covid-19-pandemic/#ftag=RSSbaffb68
Addressing Shadow IT Issues During COVID-19 Crisis
https://www.bankinfosecurity.com/addressing-shadow-issues-during-covid-19-crisis-a-14137
U.S. Offers Rewards up to $5 Million for Information on North Korean Hackers
https://thehackernews.com/2020/04/north-korea-hackers.html
FBI takes down hacker platform Deer.io
https://nakedsecurity.sophos.com/2020/03/27/fbi-takes-down-russia-based-hacker-platform-deer-io/
Why SaaS opens the door to so many cyber threats (and how to make it safer)
https://thehackernews.com/2020/04/saas-cybersecurity.html
Analysis: Insider Threats Posed by Remote Workforce
https://www.bankinfosecurity.com/interviews/analysis-insider-threats-posed-by-remote-workforce-i-4657
Beware of Coronavirus Dark Web Scams – Starting from Vaccine, Test Kits & Infected Blood For Sale
https://cybersecuritynews.com/coronavirus-dark-web-scams/
Spearphishing attacks hit the oil and gas industry sector
https://securityaffairs.co/wordpress/101967/cyber-crime/spearphishing-energy-oil-gas-industry.html
Cynet Issues Incident Response Challenge 2020 for IR Professionals With $5,000 Prize
https://gbhackers.com/cynet-issues-incident-response/
The Incident Response Challenge
https://incident-response-challenge.com/
美資安公司:越南駭客入侵中國政府系統 尋找武肺資訊
https://tw.appledaily.com/international/20200423/RSUVSVTI3H7KD22PGAMPJVEPCY/
Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage
https://www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html
Security researcher identifies new APT group mentioned in 2017 Shadow Brokers leak
https://www.zdnet.com/article/security-researcher-identifies-new-apt-group-mentioned-in-2017-shadow-brokers-leak/#ftag=RSSbaffb68
Nazar: A Lost Amulet
https://www.epicturla.com/blog/the-lost-nazar
Attackers Target Oil and Gas Industry With AgentTesla
https://www.bankinfosecurity.com/attackers-target-oil-gas-industry-agenttesla-a-14169
Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal
https://labs.bitdefender.com/2020/04/oil-&-gas-spearphishing-campaigns-drop-agent-tesla-spyware-in-advance-of-historic-opec+-deal/
《CS:GO》原始碼洩漏!Valve發聲明認了
https://newtalk.tw/news/view/2020-04-23/395954
Valve says it's safe to play CS:GO and TF2 after source code leaked online
https://www.zdnet.com/article/valve-says-its-safe-to-play-csgo-and-tf2-after-source-code-leaked-online/#ftag=RSSbaffb68
中央存保公司甄才公告 109年公開甄試正式職員7人
https://ptc.tabf.org.tw/tw/ptc_109cdic/BotDownload.asp
資安管理主管
https://www.104.com.tw/job/6x72f
資安威脅研究員(Cyber Security Analyst)
https://www.104.com.tw/job/5uley?jobsource=company_job
資安工程師 (Security Engineer)
https://www.104.com.tw/job/5zrgs?jobsource=company_job
財金資訊公司109年徵才
https://ptc.tabf.org.tw/tw/ptc_109fisc/BotDownload.asp
財金資訊公司109年系統操作人員甄試
https://ptc.tabf.org.tw/tw/ptc_10902fisc/
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
又有詐騙新花招!NeTflix 遭冒名 免費看成誘餌
https://newtalk.tw/news/view/2020-04-20/394135
< 資安報告>假的「404 Not Found」頁面等四個網路釣魚新手法
https://blog.trendmicro.com.tw/?p=63975
ubereats 被盜刷四千元
https://moptt.tw/p/Gossiping.M.1587198863.A.0F0
駭客正利用「冠狀病毒」進行新一波網路間諜與釣魚活動
https://www.techbang.com/posts/77917-trend-micro-hackers-are-using-the-coronavirus-for-a-new-wave-of-cyberespionage-and-phishing
武肺疫情成釣餌 駭客與網路間諜騙個資
https://tw.appledaily.com/property/20200418/DVDTYZB5VBU3X7F4CPTR7GLFLM/
用疫情恐慌 詐騙電子郵件大量增加
https://www.ydn.com.tw/News/380365
網路釣魚攻擊進化 最常仿冒蘋果品牌
https://www.cna.com.tw/news/ait/202004230245.aspx
商業電子郵件詐騙 台灣受攻擊次數北亞最多
https://money.udn.com/money/story/5617/4507339
針對電視串流廣告的詐騙攻擊,假冒超過200萬台裝置觀看廣告
https://www.twcert.org.tw/tw/cp-104-3566-cc502-1.html
網路水軍散播假訊息 真相查核防堵資安破口
http://www.netadmin.com.tw/netadmin/zh-tw/technology/7C0872F291FE4DDAB4243117ACDAAB82
【錯誤】重磅消息!中共絕密文件曝光,「透過自願者令香港警察英勇殉職,以吸引媒體的眼球集中在暴徒身上」
https://tfc-taiwan.org.tw/articles/930
超過一億巴基斯坦手機用戶,個資遭駭侵者於暗網出售
https://www.twcert.org.tw/tw/cp-104-3569-2ce3b-1.html
Palo Alto Networks 警告:商業電郵詐騙台灣受攻擊次數北亞最多
https://www.computerdiy.com.tw/20200420_palo-alto-networks/
「臺灣就業通」網頁有漏洞 業者討債竊個資
https://tw.appledaily.com/local/20200421/JGCFOEIY4CTHHBXO6MMSU6VF2E/
隨手一個小動作…路人竟知他老婆生日!背後真相超險惡
https://www.setn.com/News.aspx?NewsID=730405
駭客趁疫情下手? 世衛等組織傳2.5萬個電郵、密碼外洩
https://3c.ltn.com.tw/news/40183
中國網軍「出奧步」 淡化境內疫情
https://news.cts.com.tw/cts/international/202004/202004221998074.html
FBI:要在臉書上分享自己的高中照片?請三思而後行
https://www.ithome.com.tw/news/137127
PTT使用者反應帳號出現非本人嘗試登入行為,疑似對方利用自動化工具猜密碼
https://www.ithome.com.tw/news/137175
全球衛生機構捲入資安風暴 2.5萬電郵帳密遭外洩
https://newtalk.tw/news/view/2020-04-23/396068
Details of 20 million Aptoide app store users leaked on hacking forum
https://www.zdnet.com/article/details-of-20-million-aptoide-app-store-users-leaked-on-hacking-forum/#ftag=RSSbaffb68
Most consumers admit to sharing passwords with someone outside their home
https://www.zdnet.com/article/most-consumers-admit-to-sharing-passwords-with-someone-outside-their-home/#ftag=RSSbaffb68
Facebook will now warn you if you’ve interacted with fake, dangerous coronavirus posts
https://www.zdnet.com/article/facebook-will-now-warn-you-if-youve-interacted-with-fake-dangerous-coronavirus-posts/#ftag=RSSbaffb68
Demand for Phishing Kits Is Strong: Report
https://www.bankinfosecurity.com/demand-for-phishing-kits-strong-report-a-14140
Hacker leaks 23 million usernames and passwords from Webkinz children's game
https://www.zdnet.com/article/hacker-leaks-23-million-usernames-and-passwords-from-webkinz-childrens-game/#ftag=RSSbaffb68
German government might have lost tens of millions of euros in COVID-19 phishing attack
https://www.zdnet.com/article/german-government-might-have-lost-tens-of-millions-of-euros-in-covid-19-phishing-attack/#ftag=RSSbaffb68
Fraud Guides Top List of Most Frequently Sold Type of Data on Major Dark Web Marketplaces
https://terbiumlabs.com/2020/04/16/fraud-guides-top-list-of-most-frequently-sold-type-of-data-on-major-dark-web-marketplaces/
Coronavirus Dark Web Scams: From infected blood to ventilators
https://www.bleepingcomputer.com/news/security/coronavirus-dark-web-scams-from-infected-blood-to-ventilators/
Economic Stimulus Payments: A Fraud Target
https://www.bankinfosecurity.com/economic-stimulus-payments-fraud-target-a-14145
WHO, Gates Foundation Credentials Dumped Online: Report
https://www.bankinfosecurity.com/who-gates-foundation-credentials-dumped-online-report-a-14167
COVID-19 campaigns highlight the need for phishing protection
https://www.zdnet.com/article/covid-19-campaigns-highlight-the-need-for-phishing-protection/#ftag=RSSbaffb68
Prevent Fraud And Phishing Attacks With DMARC
https://www.forrester.com/report/Prevent+Fraud+And+Phishing+Attacks+With+DMARC/-/E-RES160344#
Cybercriminals Using Zoom, WebEx as Phishing Lures: Report
https://www.bankinfosecurity.com/cybercriminals-using-zoom-webex-as-phishing-lures-report-a-14162
Remote Video Conferencing Themes in Credential Theft and Malware Threats
https://www.proofpoint.com/us/threat-insight/post/remote-video-conferencing-themes-credential-theft-and-malware-threats
Scammers are now taking advantage of US small business relief fund in phishing emails
https://www.zdnet.com/article/scammers-are-now-taking-advantage-of-us-small-business-relief-fund-in-phishing-emails/#ftag=RSSbaffb68
Hackers Steal 25,000 Email Addresses and Passwords From NIH, WHO, Gates Foundation And Others Are Dumped Online
https://cybersecuritynews.com/email-addresses-and-passwords/
E.研究報告
瞭解 MITRE 2020 ATT&CK 端點防衛評估 — 麻瓜版 — Part 1
https://bit.ly/2VQ9aCb
瞭解 MITRE 2020 ATT&CK 端點防衛評估 — 麻瓜版 — Part 2 主偵測類別
https://bit.ly/34ZldBc
行政院技術服務中心109年第1季資通安全技術報告
https://bit.ly/2VzjCiu
SOC日誌可視化工具:SOC Sankey Generator
https://www.freebuf.com/sectool/231106.html
Web Application核心防禦機制記要
https://www.freebuf.com/articles/web/232186.html
域控管理員帳戶架構擴展
https://www.freebuf.com/articles/es/230271.html
TEA:一款基於TAS框架的SSH客戶端蠕蟲
https://www.freebuf.com/articles/network/231963.html
Unicode同形字符域漏洞
https://www.freebuf.com/vuls/229446.html
Github中間人攻擊原理分析
https://www.freebuf.com/articles/web/231802.html
Manul:一款基於覆蓋率引導的並行模糊測試工具
https://www.freebuf.com/articles/terminal/227865.html
網絡層繞過IDSIPS的一些探索
https://www.freebuf.com/articles/system/233678.html
挖洞經驗| 用HTTP請求重寫實現JSON CSRF
https://www.freebuf.com/vuls/230243.html
多款光纖路由器設備在野0天擴展簡報
https://blog.netlab.360.com/multiple-fiber-routers-are-being-compromised-by-botnets-using-0-day/
記錄過某常見WAF最新版
https://www.freebuf.com/articles/web/231905.html
Lazarus APT組織利用新冠疫情誘餌針對某國地區的定向攻擊分析
https://www.freebuf.com/articles/system/233528.html
UEBA實踐:CISO內部威脅管理指南
https://www.freebuf.com/articles/es/234017.html
Dirble:一款高性能目錄掃描與爬取工具
https://www.freebuf.com/articles/network/231596.html
SQL注入萬能Bypass技巧
https://mp.weixin.qq.com/s/RSXc0ACv5DS-GsajdO8IRw
你知道在 Azure 上有幾種 On Demand 啟動 Spark 的方法嗎
https://lab.howie.tw/2020/04/azure-on-demand-spark.html
記一次對PUBG吃雞外掛病毒的反製過程
https://mp.weixin.qq.com/s/u0Ah-bWUnxZBBV1qH3nzcw
從 SQL 到 RCE: 利用 SessionState 反序列化攻擊 ASP.NET 網站應用程式
https://devco.re/blog/2020/04/21/from-sql-to-rce-exploit-aspnet-app-with-sessionstate/
聽說不能用明文存密碼,那到底該怎麼存
https://medium.com/starbugs/how-to-store-password-in-database-sefely-6b20f48def92
乾貨| ATT&CK滲透測試手冊
https://mp.weixin.qq.com/s/bfkSCQonYDd6bpCLzppS_Q
Pentest Notes - Approaching a Target
https://pentestmag.com/pentest-notes-approaching-a-target/
TikTok Vulnerability Enables Hackers to Show Users Fake Videos
https://www.mysk.blog/2020/04/13/tiktok-vulnerability-enables-hackers-to-show-users-fake-videos/
Hacking TikTok to Show Fraudulent Videos on WHO (DNS Attack)
https://www.youtube.com/watch?v=voTnYPfkqlY
Hacking TikTok to Show Fraudulent Videos (DNS Attack)
https://www.youtube.com/watch?v=pHt4jok7v5w
Boost UDP Transaction Performance
https://www.slideshare.net/lfevents/boost-udp-transaction-performance
Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems
https://newsroom.trendmicro.com/blog/security-intelligence/exposing-modular-adware-how-dealply-iserik-and-managex-persist-systems
Hackers Exploit Two-factor Authentication to Steal Millions and How to Fix It
https://medium.com/@sub_80999/hackers-exploit-two-factor-authentication-to-steal-millions-and-how-to-fix-it-655145722d45
Getting Started with Reverse Engineering using Ghidra
https://www.peerlyst.com/posts/getting-started-with-reverse-engineering-using-ghidra-chiheb-chebbi
A brute-force password cracker and video auto-downloader for Zoom's "Record to Cloud" functionality.
https://github.com/markbuffalo/zoombo
Manage A Remote SOC: Shift Management Tip
https://blog.paloaltonetworks.com/2020/04/cortex-shift-management/
Rise of the Sensors: Securing LoRaWAN Networks
https://research.nccgroup.com/2020/04/16/rise-of-the-sensors-securing-lorawan-networks/
Methodology for Static Reverse Engineering of Windows Kernel Drivers
https://posts.specterops.io/methodology-for-static-reverse-engineering-of-windows-kernel-drivers-3115b2efed83
MemLock: Memory Usage Guided Fuzzing
https://wcventure.github.io/MemLock
Red Team Tactics: Utilizing Syscalls in C# - Prerequisite Knowledge
https://jhalon.github.io/utilizing-syscalls-in-csharp-1/
Replay USB messages from Wireshark (.cap) files
https://github.com/JohnDMcMaster/usbrply
Simple Remote Code Execution Vulnerability Examples for Beginners
https://medium.com/bugbountywriteup/simple-remote-code-execution-vulnerability-examples-for-beginners-985867878311
Fuzzing sockets, part 1: FTP servers
https://securitylab.github.com/research/fuzzing-sockets-FTP
Null Terminated Programming 101 - x64
https://0x00sec.org/t/null-terminated-programming-101-x64/20398
Book Review: Windows Kernel Programming and Creating Drivers of Select Exercises
https://truneski.github.io/post/2020/04/03/book-review-windows-kernel-programming-and-creating-drivers-of-select-exercises/
2019 Advent Calendar, vmware pwnables
https://github.com/nafod/advent-vmpwn//
The Kernel Concurrency Sanitizer (KCSAN)
https://github.com/google/ktsan/wiki/KCSAN#upstream-fixes-of-data-races-found-by-kcsan
wasm_runtimes_fuzzing
https://github.com/pventuzelo/wasm_runtimes_fuzzing
CodeQL U-Boot Challenge (C/C++)
https://lab.github.com/githubtraining/codeql-u-boot-challenge-(cc++)
Windows Server 2008R2-2019 NetMan DLL Hijacking
https://itm4n.github.io/windows-server-netman-dll-hijacking/
【ハニーポット簡易分析】Honeypot簡易分析(2020/4/18)
https://sec-chick.hatenablog.com/entry/2020/04/19/182419
Web Application Attacks – Types, Impact & Mitigation – Part-1
https://gbhackers.com/web-application-attacks-part1/
domain_hunter
https://github.com/bit4woo/domain_hunter
Jamfing for Joy: Attacking macOS in Enterprise
https://labs.f-secure.com/blog/jamfing-for-joy-attacking-macos-in-enterprise/
SLAE Exam Assignment 1 - Creating a Bind TCP shellcode
https://slaeryan.github.io/posts/slae-assignment1-blogpost.html
SLAE Exam Assignment 2 - Creating a Reverse TCP shellcode
https://slaeryan.github.io/posts/slae-assignment2-blogpost.html
SLAE Exam Assignment 3 - Creating an Egg-hunter shellcode
https://slaeryan.github.io/posts/slae-assignment3-blogpost.html
SLAE Exam Assignment 4 - Creating a custom shellcode encoder
https://slaeryan.github.io/posts/slae-assignment4-blogpost.html
SLAE Exam Assignment 5 - Analyzing MSFVenom payloads
https://slaeryan.github.io/posts/slae-assignment5-blogpost.html
SLAE Exam Assignment 6 - Creating polymorphic shellcode
https://slaeryan.github.io/posts/slae-assignment6-blogpost.html
SLAE Exam Assignment 7 - Creating a custom shellcode crypter
https://slaeryan.github.io/posts/slae-assignment7-blogpost.html
あやしいサイトの3分調査方法(初心者向け)
https://qiita.com/moneymog/items/2205388ff18b3f89f021
あなたもFakeNetの達人:FakeNet‐NGの裏技をマスターして動的マルウェア解析を改善しませんか
https://www.fireeye.jp/blog/jp-threat-research/2020/04/improving-dynamic-malware-analysis-with-cheat-codes-for-fakenet-ng.html
Introduction to Docker and Kubernets on GCP with Hands-on Configuration (Part 1 — Docker)
https://medium.com/google-cloud/introduction-to-docker-and-kubernets-on-gcp-with-hands-on-configuration-part-1-docker-3d9709ee9f6a
How to Setup Wazuh Open Source SIEM Virtual Machine
https://thelinuxos.com/how-to-setup-wazuh-open-source-siem/
HTBenum : A Linux Enumeration Script For Hack The Box
https://kalilinuxtutorials.com/htbenum/
Now Drag & Drop Files Between Galaxy Phones and Windows 10 PCs
https://techincidents.com/drag-and-drop-galaxy-phones-and-windows-10/
GDA- Android Reverse Engineering Suite
https://hackersonlineclub.com/gda-android-reverse-engineering-suite/
Messy BurpSuite plugin for SQL Truncation vulnerabilities.
https://github.com/InitRoot/BurpSQLTruncSanner
Sherloq- Forensic Image Analysis Suite
https://hackersonlineclub.com/sherloq-forensic-image-analysis-suite/
Open source security auditing tool to search and dump system configuration
https://github.com/trimstray/otseca
Multiple Vulnerabilities in IBM Data Risk Manager
https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md
DNSProbe : Tool That Allows You To Perform Multiple DNS Queries
https://kalilinuxtutorials.com/dnsprobe/
Nazar: A Lost Amulet
https://www.epicturla.com/blog/the-lost-nazar
Researchers Discovered a New Method that Let Hackers to Run Malicious Code Via RDP
https://cybersecuritynews.com/malicious-code-via-rdp/
Sample Results From Processing a Large Feed of Shady Covid-Type Domains
https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/sample-results-processing-large-feed-shady-covid-type-domains
Webcam Hacking for any devices in one link
https://github.com/SharqanAhamed/shasnap
SOC vs MITRE APT29 evaluation – Racing with Cozy Bear
https://www.mcafee.com/blogs/enterprise/security-operations/soc-vs-mitre-apt29-evaluation-racing-with-cozy-bear
RED HAWK- All In One Suite For Information Gathering And Vulnerability Scanning
https://hackersonlineclub.com/red-hawk-all-in-one-suite-for-information-gathering-and-vulnerability-scanning/
Cyber Security - Reducing the Biggest Threat - Emails
https://www.peerlyst.com/posts/cyber-security-reducing-the-biggest-threat-emails-mitch-christian-cissp
goBox : GO Sandbox To Run Untrusted Code
https://kalilinuxtutorials.com/gobox/
A toolkit for developing high-performance HTTP reverse proxy applications.
https://github.com/microsoft/reverse-proxy
Azure Skeleton Key: Exploiting Pass-Through Auth to Steal Credentials
https://blogvaronis2.wpengine.com/azure-skeleton-key/
F.商業
來毅瞄準資安商機 網路帳戶 加上防盜鎖
https://money.udn.com/money/story/8889/4502195
知名資安公司 Wordfence 推出免費的【Fast or Slow】檢測網站效能和速度工具
https://ithelp.ithome.com.tw/articles/10230962?sc=rss.qu
濎通提供加密架構組網 強化物聯網資安
https://www.2cm.com.tw/2cm/zh-tw/news/BD1DA69439B844199CF01BBDEAAD1B8D
佛心!宏碁雲架構 免費供中小企業檢測服務
https://money.udn.com/money/story/5613/4507434
奧義智慧 獲MITRE ATT&CK年度評測告警最高分
https://money.udn.com/money/story/5613/4511202
國際資安大賽,奧義智慧多項告警技冠群雄
https://ec.ltn.com.tw/article/breakingnews/3142543
免額外裝軟體就能登入!Google推BeyondCorp Remote Access免受VPN之苦
https://udn.com/news/story/7088/4510258
甲骨文整合管理軟體提供資料庫自動遷移工具,簡化混合雲管理
https://www.ithome.com.tw/review/137084
Microsoft 365全新更名 加速驅動數位轉型
https://money.udn.com/money/story/5640/4508936
廣告求轉換 內容攬新客! PIXNET發布2020年社群藍皮書
https://cnews.com.tw/178200422a01/
Delivering the Detections: MITRE ATT&CK Evaluation Demonstrates FireEye Endpoint Security and Mandiant Managed Defense Detection Leadership
https://bit.ly/3eMiik3
G.政府
反毒比賽用抖音遭疑資安漏洞 新北市教育局:已立即停用
https://www.chinatimes.com/realtimenews/20200417003469-260407?chdtv
交通部109年關鍵基礎設施資安資訊分享與分析中心平台擴充維運案
https://bit.ly/2KhwgfE
交通部資安推動計畫專業服務委外案
https://bit.ly/2ROik0T
呂文忠:調查局資安站 維護國家資安生力軍
https://udn.com/news/story/7314/4504715
調查局成立資安站護網域安全 調查官平均年齡僅31歲
https://web01.rti.org.tw/news/view/id/2060535
打擊網路犯罪、假訊息 確維資安
https://bit.ly/2VsYH0G
國防部:積極建立資安應處機制 防杜假訊息危害
https://bit.ly/2KgCZqh
「台北運動吧」粉專遭駭發A片 議員要求檢討資安
https://udn.com/news/story/7323/4505463
圖書館LED燈控制器的IP位址成攻擊跳板,法務部調查局與資安業者合力破獲
https://ithome.com.tw/news/137154
調查局聯手微軟破獲40萬裝置組成的殭屍網路,散毒源頭是一個LED燈控制器
https://www.ithome.com.tw/news/137110
微軟聯手 35 國摧毀 Necurs 殭屍網路,與調查局共享情資攻破非法 IP 位址
https://technews.tw/2020/04/22/microsoft-new-action-to-disrupt-the-largest-online-criminal-network/
國軍強化資安教育 綿密管控機制
https://www.ydn.com.tw/News/380565
由數位身分證New eID談起
https://www.peoplenews.tw/news/bcf95661-d0c4-4615-bd75-908457f20a84
澄清「數位身分證」資安疑慮 內政部:可選是否附憑證功能
https://www.chinatimes.com/realtimenews/20200423005656-260405?chdtv
禁用Zoom之後 教育部全新遠距教學影片上架
https://udn.com/news/story/6885/4510352
工研院虛擬化APP服務平台在疫情檢測獲驗證
https://www.chinatimes.com/realtimenews/20200422003519-260412?chdtv
美國RSA Conference 2020資安研討會 公務出國報告
https://report.nat.gov.tw/ReportFront/ReportDetail/detail?sysId=C10900391
經濟部能源及水資源領域工業控制系統資安防護基準
https://www.rootlaw.com.tw/LawContent.aspx?LawID=A040100021016500-1090420
H.工控系統/SCADA/ICS
Rockwell Automation RSLinx Classic
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-10642
I.教育訓練
VMware VCP-NV(2V0–642)網路虛擬化 — 自修考試準備心得與抵免上課教學(Network Virtualization)
https://medium.com/blacksecurity/vmware-network-virtualization-e52b09b526c8
What does it take to become a good reverse engineer
https://securelist.com/become-a-good-reverse-engineer/96743/
How To Analyse And Capture The Packets In Wireshark
https://hackersonlineclub.com/how-to-analyse-and-capture-the-packets-in-wireshark/
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
物聯網地理資訊整合開發,工業監控系統開發的第一步:取得圖資
https://bit.ly/3axrTrG
聯網車藏安全漏洞 恐致資料外洩及生命危險
https://bit.ly/2wTUEAY
福特、大眾暢銷車曝安全漏洞,黑客可竊取隱私、操控車輛
https://www.freebuf.com/news/233955.html
推物聯網資安標章 德國萊因獲網路攝影機資安檢測實驗室資格
https://n.yam.com/Article/20200422929040
多重破口、攻擊手法進化夾擊 弱點激增防護機制失靈頻傳 物聯網時代掀資安課題 導入新思維避免攻擊威脅
http://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/2BA306A3922C42AB87634330063C5558
Starbleed bug impacts FPGA chips used in data centers, IoT devices, industrial equipment
https://www.zdnet.com/article/starbleed-bug-impacts-fpga-chips-used-in-data-centers-iot-devices-industrial-equipment/
Smart IoT home hubs vulnerable to remote code execution attacks
https://www.zdnet.com/article/smart-iot-home-hubs-vulnerable-to-remote-code-execution-attacks/#ftag=RSSbaffb68
6.近期資安活動及研討會
交通大學駭客書院 - 基礎網頁安全與滲透測試 4/25
https://hackercollege.nctu.edu.tw/?p=1147
2020 LINE Taiwan Developers Recruitment Day 4/25
https://engineering.linecorp.com/zh-hant/blog/2020-line-taiwan-technical-recruitment-day/
金融數據應用 統計+視覺化 4/26
https://tw.pyladies.com/events/event.html?id=179
交通大學駭客書院 - 基礎網站安全建構實務 5/16
https://hackercollege.nctu.edu.tw/?p=1151
資安社 - Forensic(一) 5/20
https://nsysuisc.kktix.cc/events/2020forensic1
交通大學駭客書院 - 電子郵件之偽造攻擊與防護措施 5/23
https://hackercollege.nctu.edu.tw/?p=1156
Taipei 暗号通貨 (Cryptocurrency) Meetup 5/27
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/nrxgwqybchbkc/
交通大學駭客書院 - 進階網頁滲透測試 5/30
https://hackercollege.nctu.edu.tw/?p=1159
109年智能物聯網與資訊安全碩士學分班 5/30 ~ 8/8
https://www.accupass.com/event/2003160837472127685300
邊緣計算系統之大數據與深度學習應用 6/5
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index
交通大學駭客書院 - 高階網頁滲透測試 6/13 6/20
https://hackercollege.nctu.edu.tw/?p=1161
交通大學駭客書院 - 企業網域控管-Active Directory攻擊與防禦 6/27
https://hackercollege.nctu.edu.tw/?p=1164
CYBERSEC 2020 臺灣資安大會 8/12
https://cyber.ithome.com.tw/
沒有留言:
張貼留言