2020年11月20日 星期五

資安事件新聞週報 2020/11/16 ~ 2020/11/20

 資安事件新聞週報 2020/11/16  ~  2020/11/20

1.重大弱點漏洞/後門/Exploit/Zero Day
臺灣未修補SMBGhost漏洞電腦全球最多,存在漏洞的電腦每5臺就有1臺在臺灣
https://www.ithome.com.tw/news/141225

Apple Lets Some of its Big Sur macOS Apps Bypass Firewall and VPNs
https://thehackernews.com/2020/11/apple-lets-some-of-its-big-sur-macos.html

Researcher Discloses Critical RCE Flaws In Cisco Security Manager
https://thehackernews.com/2020/11/researcher-discloses-critical-rce-flaws.html

英特爾CPU曝出漏洞:監視功耗就能輕鬆獲取數據
https://www.techbang.com/posts/82581-intel-cpu-platypus-attack

Intel Security Advisories
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00439.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00446.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00447.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00449.html

PrestaShop 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26224

SAP Security Patch Day – November 2020
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571

IBM Security Family PAM Content Update 4011.06142
https://exchange.xforce.ibmcloud.com/collection/9a90489777df83e8b915bab3f75d39fd


Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_9.html

TCL 的Android 智能電視曝出允許遠程控制的漏洞
https://reurl.cc/yg0KWq

Citrix SD-WAN 多個高危漏洞通告
https://www.anquanke.com/post/id/222806

Citrix Security Bulletin - November 9th, 2020
https://support.citrix.com/article/CTX285061

Older High-Impact Vulnerabilities Still Prevalent
https://isc.sans.edu/diary/26798

火狐瀏覽器發現任意代碼執行漏洞,需要儘快升級
https://news.sina.com.tw/article/20201118/36909310.html

Mozilla Advisories - November 17, 2020
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/

Chrome Browser Updates - November 17
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html
https://support.google.com/chrome/thread/83557143

Western Digital My Cloud NAS Devices Security Vulnerabilities
https://www.comparitech.com/blog/information-security/security-vulnerabilities-80000-devices-update-now/

NVIDIA Security Bulletin - November 10th, 2020
https://nvidia.custhelp.com/app/answers/detail/a_id/5096

Linux內存洩露漏洞(CVE-2020-25704),攻擊者利用漏洞可致系統失去響應
https://s.tencent.com/research/bsafe/1180.html

2.銀行/金融/保險/證券/支付系統/ 新聞及資安

「烤雞王」鑽信用卡漏洞狂刷 判賠花旗6374萬
https://tw.appledaily.com/local/20201113/SZMISBG4HZAQXNATVGMKFHUYBU/

華南銀「SnY APP」 四大首創服務初體驗
https://reurl.cc/d5gqQq

這個盜領手法有那麼厲害? 攔截簡訊...破解網銀? 如何防範
https://forum.gamer.com.tw/C.php?bsn=60030&snA=563890

一銀盜領案犯嫌再一人服刑期滿 今晚遣送出境
https://news.ltn.com.tw/news/society/breakingnews/3352019

不小心轉錯帳號、轉錯金額怎麼辦?免驚!2步驟,追回匯錯的款項
http://smart.businessweekly.com.tw/Reading/IndepArticle.aspx?id=39027

從風險環節切入 兼顧員工體驗與安全 導入虛擬隔離 一銀資安拔頭籌
https://www.netadmin.com.tw/netadmin/zh-tw/market/C86E077578FE4CA690A3741636C664C6

智慧經營/群益金鼎證券總經理賈中道 提供安全交易環境 三招打造資安防護罩
https://money.udn.com/money/story/8944/5025663

永豐金數位跨大步:AI專家張天豪接數位科技長
https://udn.com/news/story/7239/5024776

鐵三角到位 永豐金數位變革下周誓師
https://www.chinatimes.com/realtimenews/20201118003745-260410?chdtv

企業永續獎/富邦金治理優異 獲12大獎
https://udn.com/news/story/7241/5025973

一口氣被抓到七大缺失 這家壽險公司挨罰
https://money.udn.com/money/story/5613/5025480

網銀存款遭盜領渾然不知 專家提供3招防駭
https://times.hinet.net/news/23123971

聯徵「第二資料庫」明年底供新創介接 三大類先行
https://udn.com/news/story/7239/5028273

金融科技共創平台成立 黃天牧提4大短期目標
https://www.cna.com.tw/news/afe/202011190205.aspx

「第二資料庫」明年上線! 金管會:使用者資安需達標
https://finance.ettoday.net/news/1858502

助攻金融科技業 聯徵中心建第二資料庫明年底上線
https://money.udn.com/money/story/5613/5028754

「嘿!你今天要幹嘛!」國泰金控首次線上展開幕囉!讓你線上先知 11月27~29日金融博覽會親自體驗
https://finance.ettoday.net/news/1859196?redirect=1

Another Credit Card Stealer That Pretends to Be Sucuri
https://blog.sucuri.net/2020/11/another-credit-card-stealer-that-pretends-to-be-sucuri.html

Uncovered: APT 'Hackers For Hire' Target Financial, Entertainment Firms
https://thehackernews.com/2020/11/uncovered-apt-hackers-for-hire-target.html

3.電子支付/行動支付/pay/資安
行動支付存風險 KPMG:駭客恐5步驟打包財產
https://www.epochtimes.com/b5/20/11/18/n12558447.htm

寶雅加速數位化 明年首季推行動支付POYA PAY
https://www.chinatimes.com/realtimenews/20201120004056-260410?chdtv

揭開行動支付五大應用模式成功關鍵秘訣
https://buzzorange.com/techorange/2020/11/17/mobile-payment-model/

行動支付、網銀好方便 KPMG:留意一鍵遭駭手法
https://udn.com/news/story/7239/5025405

網友好評不斷!行動支付綁定這家銀行的信用卡,回饋超有誠意
https://www.storm.mg/article/3166661

Google大幅翻修Google Pay,明年推出數位銀行帳號服務Plex
https://www.ithome.com.tw/news/141204

電子支付修了法就沒事了嗎?借鏡日本支付法規談可能的問題
https://www.bnext.com.tw/article/59812/e-payment

蝦皮與全聯進軍電支 LINE Pay街口恐剉咧等
https://www.cardu.com.tw/news/detail.php?41997

蝦皮進軍電子支付,成首家取得執照外商!電商龍頭想給用戶哪些新服務
https://www.bnext.com.tw/article/60127/shopee-pay

首家在台外資電支業,金管會核准蝦皮支付取得執照
https://technews.tw/2020/11/18/shopee-pay-online/

未來可搭捷運? 全聯將推電子支付
https://reurl.cc/r8bL91

4.加密貨幣/挖礦/區塊鍊 資安
資安漏洞頻傳,抖音母公司將導入區塊鏈技術
https://www.abmedia.io/tiktoks-owner-pivots-to-blockchain-as-app-security-flaws

資安專欄|Value DeFi 閃電貸攻擊始末:駭客基於 AMM 價格預言機的 “神級” 操作
https://www.blocktempo.com/peckshield-insight-value-defi-flashloan-hacking/

DeFi安全漏洞|Akropolis 攻擊事件解析:駭客重現「經典重入攻擊」擄走203萬 DAI
https://www.blocktempo.com/akropolis-savingsmodule-17-attacks/

使用排版来隐藏漏洞?颤抖!文本.金融智能合约的安全漏洞分析
https://www.btc17.com/37935.html

最慘打臉!Value DeFi 宣稱「可防閃電貸」隔天被駭600萬,駭客留言:你們真的懂閃電貸
https://www.blocktempo.com/saddest-hack-in-crypto-value-defi-hacked-for-6-million/

Robinhood 驚傳駭客攻擊事件!官方無客服專線,處理速度緩慢惹爭議
https://www.abmedia.io/robinhood-users-had-accounts-looted-say-there-s-no-one-to-call

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
Intel 471:光是這兩年就有25個勒索軟體即服務問世
https://www.ithome.com.tw/news/141172

Discord.dll: successor to npm “fallguys” malware went undetected for 5 months
https://blog.sonatype.com/discord.dll-successor-to-npm-fallguys-

Cambodian Government Under APT32 Malware Campaign
https://go.recordedfuture.com/hubfs/reports/cta-2020-1110.pdf

Hungry for data, ModPipe backdoor hits POS software used in hospitality sector
https://www.welivesecurity.com/2020/11/12/hungry-data-modpipe-backdoor-hits-pos-software-hospitality-sector/

Phishing Campaign Threatens Job Security, Drops Bazar and Buer Malware
https://www.area1security.com/blog/trickbot-spear-phishing-drops-bazar-buer-malware/

Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative
https://labs.sentinelone.com/ranzy-ransomware-better-encryption-among-new-features-of-thunderx-derivative/

CHAES: Novel Malware Targeting Latin American E-Commerce
https://www.cybereason.com/hubfs/dam/collateral/iocs/chaes-malware-iocs.pdf

CHAES: Novel Malware Targeting Latin American E-Commerce
https://www.cybereason.com/hubfs/dam/collateral/reports/11-2020-Chaes-e-commerce-malware-research.pdf

ELF_PLEAD - Linux Malware Used by BlackTech
https://blogs.jpcert.or.jp/en/2020/11/elf-plead.html

Lazarus supply‑chain attack in South Korea
https://www.welivesecurity.com/2020/11/16/lazarus-supply-chain-attack-south-korea/

Nibiru Ransomware and Decryptor
https://blog.talosintelligence.com/2020/11/Nibiru-ransomware.html

Anti-ransomware Protection Implemented By Thanos
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/

Holiday Season At Risk From Chaes Malware
https://www.cybereason.com/blog/novel-chaes-malware-underscores-heightened-e-commerce-risk-this-holiday-season
https://www.cybereason.com/hubfs/dam/collateral/reports/11-2020-Chaes-e-commerce-malware-research.pdf
https://www.cybereason.com/hubfs/dam/collateral/iocs/chaes-malware-iocs.pdf

Targeting of Comm Apps Continues
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/malicious-actors-target-comm-apps-such-as-zoom-slack-discord
https://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-devil-shadow-botnet-hidden-in-fake-zoom-installers/

URLs Associated with TrickBot
https://www.rewterz.com/rewterz-news/rewterz-threat-alert-trickbot-iocs-9

Evolution of Emotet: From Banking Trojan to Malware Distributor
https://thehackernews.com/2020/11/anyrun-emotet-malware-analysis.html

Trojanized Security Software Hits South Korea Users in Supply-Chain Attack
https://thehackernews.com/2020/11/trojanized-security-software-hits-south.html

New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels
https://thehackernews.com/2020/11/new-modpipe-point-of-sale-pos-malware.html

B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G
「查詢收貨」簡訊別亂點 手機惡意程式能盜轉盜刷
https://reurl.cc/A8abMp

駭客5部曲入侵手機 專家:3招自保降低風險
https://ec.ltn.com.tw/article/breakingnews/3355503

三星Galaxy智慧型手機和平板通過認證 列Android Enterprise Recommended計劃推薦名單
https://reurl.cc/N68qX9

五種被駭人,常見的社群網站使用行為
https://blog.trendmicro.com.tw/?p=66321

強密碼與簡訊式多因素驗證都沒用,微軟建議採用身分驗證器 App 才安全
https://technews.tw/2020/11/17/microsoft-warns-strong-password-doesnt-work-multi-factor-authentication/

手機轉帳怕遇駭? 專家傳授三秘訣遠離詐騙
https://news.cnyes.com/news/id/4543718

刪除APP還是被扣錢?應用程式「訂閱費」爭議多 小心別當冤大頭
http://n.yam.com/Article/20201120761348

WARNING: Unpatched Bug in GO SMS Pro App Exposes Millions of Media Messages
https://thehackernews.com/2020/11/warning-unpatched-bug-in-go-sms-pro-app.html

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
電信公會AI資通訊.智能應用展 搶攻後疫情商機
https://www.chinatimes.com/realtimenews/20201119005282-260421?chdtv

有人就有資安,永不止息的網路安全攻防史
https://technews.tw/2020/11/19/never-ending-network-security-offensive-and-defensive-war/

防堵安全漏洞,Twitter 任命知名駭客 Mudge 為資安主管
https://technews.tw/2020/11/18/famed-hacker-mudge-now-become-twitters-head-of-security/

資安人才之渴如何解?落實薪資結構調整、產學培訓
https://technews.tw/2020/11/19/fortinet-isc2/

如何建構面面俱到的資安策略?企業可從四大層面著手
https://technews.tw/2020/11/19/check-point-devcore-nist-800-39/

盤點 7 種常見的資安風險,看看你犯了哪些錯
https://technews.tw/2020/11/19/trendmicro-information-security/

全球資安產值高於 IC 設計,台灣隊如何走出國際
https://technews.tw/2020/11/19/how-taiwans-digital-security-industry-develop/

我們與資安風險的距離!數十兆元地下經濟來自你我的輕忽
https://technews.tw/2020/11/19/information-security-special-story/

【資安團隊TeamT5專訪】中國資訊戰手法升級 「駭客加入戰局」偵測難度高  
https://tfc-taiwan.org.tw/articles/4744

中國APT駭客組織鎖定日本組織發動攻擊,並企圖打造濫用Zerologon漏洞的工具
https://www.ithome.com.tw/news/141219

歐盟將參與美日主導2021印太網路演習
https://www.ydn.com.tw/news/newsInsidePage?chapterID=1287171

攻擊來自俄羅斯北韓 微軟爆黑客針對疫苗公司
https://reurl.cc/6lMbkd

美國高階資安官:今年選舉最安全 投票沒問題
https://reurl.cc/Y6bkY4

川皇震怒,首席資安總管「大選無駭說」立馬被火
https://reurl.cc/VXZ865

美議員指美軍在德沒收舞弊證據 敏感時刻Scytl官網失效
https://reurl.cc/N6gNOn

香港輿論:現在的立法會體現“愛國者”主體治港
http://www.hkcna.hk/content/2020/1114/862031.shtml

港府強烈譴責「五眼聯盟」聲明:不負責任達惡意程度、雙重標準
https://reurl.cc/x0blvE

The CostaRicto Campaign: Cyber-Espionage Outsourced
https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced

Fake Microsoft Teams updates lead to Cobalt Strike deployment
https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/

Chinese APT Hackers Target Southeast Asian Government Institutions
https://thehackernews.com/2020/11/chinese-apt-hackers-target-southeast.html

SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks
https://thehackernews.com/2020/11/sad-dns-new-flaws-re-enable-dns-cache.html

資訊安全中心109年第2次專案人力進用-11.研發類
https://www.104.com.tw/job/740ic

資訊安全中心109年第2次專案人力進用-15.技術生產類
https://www.104.com.tw/job/740im

金融業資安主管 #SE
https://www.careerjet.tw/jobad/tw6cfb89f64776bf1c56e2b6ed7b5d79aa

Director Information Security 資安長
https://www.104.com.tw/job/746f7

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
Microsoft Teams 用戶遭假冒更新檔案進行攻擊
https://www.twcert.org.tw/tw/cp-104-4149-4259f-1.html

米砂突崩潰大哭求救!10年心血瞬間毀了:絕望到谷底
https://news.ebc.net.tw/news/entertainment/236041

「退錢,不退貨」 網購新詐術 千萬別相信
https://reurl.cc/GrvGad

遠距辦公降低郵件防護警覺 詐欺巨款成網路犯罪主流 趁疫情偷襲資安弱點 BEC攻擊大舉坑殺企業
https://www.netadmin.com.tw/netadmin/zh-tw/trend/94821DFE33F74195B3544D3CAE4EB31F

「123456」秒破解!今年「最爛密碼Top10」曝光 台式拼法也雷
https://finance.ettoday.net/news/1858038?redirect=1

史上首次!Instagram 向不當獲取用戶資料的仿造網站提出訴訟
https://www.inside.com.tw/article/21625-facebook-sues-operator-of-instagram-clone-sites

網購反詐騙/一頁式廣告騙人 六大特徵要注意
https://www.bcc.com.tw/newsView.4820829

不實資訊的傳播源頭識別:以 COVID-19 為例」研究結果發布會
https://blog.twnic.tw/2020/11/20/16124/

IRS Impersonation Payment Fraud
https://abnormalsecurity.com/blog/irs-impersonation-payment-fraud/

Document Sharing Services Represent a Vector for Phishing Campaigns
https://cofense.com/document-sharing-services-represent-a-vector-for-phishing-campaigns/

Smishing attack tells you “mobile payment problem” – don’t fall for it
https://nakedsecurity.sophos.com/2020/11/10/smishing-attack-tells-you-mobile-payment-problem-dont-fall-for-it/

E.研究報告
EP01 | 你可能不知道的 5 個台灣駭客等級的神人!!
https://open.spotify.com/episode/377O2HeFvSfu4DGNkQ3cAr

深入分析 Apache Tomcat 中的 WebSocket 漏洞
https://www.chainnews.com/zh-hant/articles/144086260832.htm

CVE-2017-12615 Tomcat PUT 任意文件上傳漏洞利用教程
https://blog.csdn.net/weixin_41924764/article/details/109684870

挖洞經驗 | 開放重定向漏洞導致的賬戶劫持
https://www.chainnews.com/zh-hant/articles/721813500747.htm

邏輯漏洞挖掘初步總結篇
https://www.freebuf.com/articles/web/195837.html

邏輯漏洞小結之SRC篇
https://www.freebuf.com/articles/web/225770.html

漏洞挖掘之個人資料處
https://zhuanlan.zhihu.com/p/276047415

MosaicRegressor:潛伏在UEFI中的漏洞
https://www.4hou.com/index.php/posts/8O52

出現在網絡上的 SMTP 漏洞
https://www.chainnews.com/zh-hant/articles/813257891108.htm

MySQL 漏洞利用與提權
https://www.sqlsec.com/2020/11/mysql.html

Operation Earth Kitsune 水坑攻擊駭入網站監控使用者系統
https://blog.trendmicro.com.tw/?p=66187

CVE-2020-17053:IE UAF漏洞分析
https://4hou.win/wordpress/?p=55805

FAMA - Forensic Analysis For Mobile Apps
https://www.kitploit.com/2020/11/fama-forensic-analysis-for-mobile-apps.html

CVE-2020-27708: Electronic Arts (EA) Origin – Local Privilege Escalation
https://labs.nettitude.com/blog/cve-2020-27708-electronic-arts-ea-origin-local-privilege-escalation/

Windows Privilege Escalations: Still abusing Service Accounts to get SYSTEM privileges
https://2020.romhack.io/dl-2020/RH2020-slides-Cocomazzi.pdf

Leonidas - Automated Attack Simulation In The Cloud, Complete With Detection Use Cases
https://www.kitploit.com/2020/11/leonidas-automated-attack-simulation-in.html

Hunting Azure Admins for Vertical Escalation
https://www.lares.com/blog/hunting-azure-admins-for-vertical-escalation/

Hunting Azure Admins for Vertical Escalation: Part 2
https://www.lares.com/blog/hunting-azure-admins-for-vertical-escalation-part-2/

Tfsec - Security Scanner For Your Terraform Code
https://www.kitploit.com/2020/11/tfsec-security-scanner-for-your.html

NeFiAS – Network Forensics and Anomaly Detection System
https://github.com/cdpxe/nefias

Attacking JSON Web Tokens (JWTs)
https://imparable.medium.com/attacking-json-web-tokens-jwts-d1d51a1e17cb

Cross Site Scripting (XSS)
https://hackersonlineclub.com/cross-site-scripting-xss/

Purgalicious VBA: Macro Obfuscation With VBA Purging
https://www.fireeye.com/blog/threat-research/2020/11/purgalicious-vba-macro-obfuscation-with-vba-purging.html

Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions
https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT.pdf

Malsmoke operators abandon exploit kits in favor of social engineering scheme
https://blog.malwarebytes.com/threat-analysis/2020/11/malsmoke-operators-abandon-exploit-kits-in-favor-of-social-engineering-scheme/

Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage

WebNavigator Chromium Browser Published by Search Hijackers
https://blog.malwarebytes.com/pups/2020/11/webnavigator-chromium-browser-published-by-search-hijackers/

Evasive Maneuvers in Data Stealing Gateways
https://blog.sucuri.net/2020/11/evasive-maneuvers-in-data-stealing-gateways.html

CursedGrabber Component Delivered via npm
https://blog.sonatype.com/npm-malware-xpc.js
https://blog.sonatype.com/discord.dll-successor-to-npm-fallguys-

Malsmoke Changes Tactics
https://reurl.cc/EzNXqk

Undervolting Can Bypass Countermeasures
https://zt-chen.github.io/voltpillager/
https://www.usenix.org/conference/usenixsecurity21/presentation/chen-zitai

Bumble's API Reversing Analysis
https://blog.securityevaluators.com/reverse-engineering-bumbles-api-a2a0d39b3a87

South Eastern Asian Government Institutions Targeted By Chinese APT Group
https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT.pdf

Covidpapers Using Extortion Tactics to Stoke Fear
https://redskyalliance.org/xindustry/covidpapers-extort-leveraging-ddos-and-exposure-fears

How to Avoid Getting Killed by Ransomware
https://reurl.cc/ygbkD6

F.商業
在遭受猛烈的網路攻擊後, 如何準備並回應中斷的業務
https://reurl.cc/odbZX5

企業雲端安全成熟度大檢測
https://ibmcloudsecurity.techorange.com/?utm_campaign=2020IBMCloudSecurity

精誠成為郵件安全管理品牌Cellopoint台灣總代理
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=13&id=0000596762_QV28NF215FDMDJ30337O7

叡揚資訊明起競拍 估12月10日上櫃
https://www.chinatimes.com/realtimenews/20201119002482-260410?chdtv

商總、信保基金與中華電信簽署「商業三資大聯盟」MOU
https://money.udn.com/money/story/5612/5028195

趨勢科技與AWS Gateway Load Balancer整合 用訂閱方式防護資安
https://turnnewsapp.com/livenews/tech/A07657002020111709431035

打造網路防護,趨勢科技 IPS 規則與 AWS Network Firewall 整合
https://technews.tw/2020/11/20/ips-aws-network-firewall/

FireEye將獲4億美元策略投資,買下資安業者Respond Software
https://www.ithome.com.tw/news/141233

零壹總座黃素娥:資服業明年持續看到成長動能
https://money.udn.com/money/story/5612/5031193

Google推出構件註冊表服務,同時管理容器映像檔和語言套件
https://www.ithome.com.tw/news/141158

G.政府
國發會:政府經濟戰略力推數位轉型,要瞄準臺灣6大AI發展機會
https://www.ithome.com.tw/news/141109

調查局大炮打小鳥 徒惹一身腥
https://reurl.cc/m92kkY

數位身分證恐成資安破口 綠委籲暫緩
http://www.taiwantimes.com.tw/ncon.php?num=139581page=ncon.php

資安即國安,政府整合產業政策與執行細節落實資安
https://technews.tw/2020/11/19/information-security-for-government-in-taiwan/

數位身分證資安疑慮 蔡英文:防守不是叫
https://pttgopolitics.com/gossiping/M.1605751251.A.9B4.html

數位身分證引發資安疑慮 行政院:會加強溝通
https://news.campaign.yahoo.com.tw/2020election/article.php?u=e4892dc9-a804-3961-8a84-ada028c475d0

數位身分證感應就洩個資? 政院:功能已封鎖 明年先在小區域試辦
https://www.4gtv.tv/article/2020111903000004

數位身分證資安疑慮 政院保證安全
https://udn.com/news/story/6656/5027448?from=udn-ch1_breaknews-1-cate1-news

開放資料平臺 國發會:兼顧隱私與資安
https://reurl.cc/KjzMAM

開放資料平台 台國發會:兼顧隱私與資安下介接私部門應用
https://www.epochtimes.com/b5/20/11/19/n12560524.htm

數位身分證資安惹議 蔡英文表態:不是找幾個駭客測試一下就沒事
https://www.storm.mg/article/3218462

刑事局長投書印尼媒體 籲挺台參與國際刑警組織
https://money.udn.com/money/story/5599/5025759

New eID有資安疑慮?政院:明年小區域試辦 讓資訊高手挑戰
https://reurl.cc/8nAqoy

印度最大科技盛會 台官員學者分享資安AI經驗
https://www.cna.com.tw/news/ait/202011190371.aspx

政院:數位身分證資安周延 台灣應該要往前走
https://fountmedia.io/article/86151

政院執意換發數位身分證 資安疑慮各方爭論
http://www.worldpeoplenews.com/content/news/326742

數位身分證資安疑慮 高虹安:「蘇需惡補資安知識」
https://reurl.cc/8nAqpX

H.工控系統/ICS/SCADA 相關資安
ICS Medical Advisory (ICSMA-20-317-01) BD Alaris 8015 PC Unit and BD Alaris Systems Manager
https://us-cert.cisa.gov/ics/advisories/icsma-20-317-01

ICS Advisory (ICSA-20-317-01) Mitsubishi Electric MELSEC iQ-R Series
https://us-cert.cisa.gov/ics/advisories/icsa-20-317-01

Mitsubishi Electric GT14 Model資源管理錯誤漏洞
https://www.cics-vd.org.cn/publish/main/list/leakInfo/leakInfo_12516.html

ICS-CERT Security Advisories - November 17th, 2020
https://us-cert.cisa.gov/ics/advisories/icsa-20-324-01
https://us-cert.cisa.gov/ics/advisories/icsa-20-324-02
https://us-cert.cisa.gov/ics/advisories/icsa-20-324-03
https://us-cert.cisa.gov/ics/advisories/icsa-20-324-04

Researchers Warn of Critical Flaw Affecting Industrial Automation Systems
https://thehackernews.com/2020/11/researchers-warn-of-critical-flaws.html

Dialog推出SmartServer IoT合作夥伴生態系統 用於智慧建築和工廠的邊緣解決方案
https://www.chinatimes.com/realtimenews/20201120001505-260410?chdtv

I.教育訓練
Computer Hacking Forensic Investigator (CHFI) Prep Course
https://niccs.cisa.gov/training/search/cybertraining-365/computer-hacking-forensic-investigator-chfi-prep-course

Certified Hacking Forensic Investigator (CHFI)
https://niccs.cisa.gov/training/search/pc-professor-technical-institute/certified-hacking-forensic-investigator-chfi

Cybersecurity Courses
https://www.classcentral.com/subject/cybersecurity

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
車聯網時代的技術安全,究竟該如何保證
https://nev.ofweek.com/2020-11/ART-77014-8480-30469409.html

IoT security 101: Understanding the basics
https://www.itproportal.com/features/iot-security-101-understanding-the-basics/

India needs IoT security standards
https://www.financialexpress.com/industry/technology/india-needs-iot-security-standards/2118812/

6.近期資安活動及研討會
交通大學亥客書院 惡意程式檢測實務 11/21 11/28
https://hackercollege.nctu.edu.tw/?p=1222

DevSecOps 研討會,防堵企業資安漏洞,自動化再升級 11/25
https://www.nextlink.cloud/info/aws-devsecops-seminar-news-20201113/

電腦稽核協會11月臺北例會_數位化時代-企業內部資訊安全防護及管理機制 11/27
https://www.caa.org.tw/coursedetail-3420.html

物聯網資安標章成果發表會 2020/12/01
https://www.taics.org.tw/RecentACTForm.aspx?ACTCat_id=1&ACT_id=11148

AWS 開發者的年末盛會 2020 年 12 月 4 日 (五)  
https://aws.amazon.com/tw/events/taiwan/devday/?sc_category=mult

g0v Summit 2020 台灣零時政府雙年會 12/4 ~ 12/6
https://g0v-summit-2020.kktix.cc/events/c0nf
https://g0v-summit-2020.kktix.cc/events/eat-table

吱吱盃駭客松 2020/12/11
https://nsysuisc.kktix.cc/events/hackathon2020

Cyber Next , Security First 產業交流活動 12/11
https://www.acw.org.tw/News/Detail.aspx?id=1161

智慧製造工控資安研討會 12/11
https://docs.google.com/forms/d/e/1FAIpQLSf0eOAJls_h9QjOeS5I4AiZO2KrPWsKtsM7EQZ1KQNQutREiw/viewform

交通大學亥客書院 高階網頁滲透測試 12/5 12/12
https://hackercollege.nctu.edu.tw/?p=1224

【智慧資安】超前部署AI機器學習 提升資安防護力 【Power of X 科技講堂】 12/17
http://tw.systex.com/powerofx-webinar-1217/

LINE TAIWAN TECHPULSE 2020 大會12/18
https://www.computerdiy.com.tw/20201120_line/

交通大學亥客書院 系統滲透測試與漏洞利用 12/19
https://hackercollege.nctu.edu.tw/?p=1226

利用NAC系統進行資安聯防 提升企業資安與競爭力【Power of X 科技講堂】 12/28
http://tw.systex.com/powerofx-webinar-1228/

交通大學亥客書院 AI於資訊安全之應用 2021/1/9 1/16
https://hackercollege.nctu.edu.tw/?p=1228

交通大學亥客書院 企業網域控管-Active Directory攻擊與防禦 2021/1/23
https://hackercollege.nctu.edu.tw/?p=1230



沒有留言:

張貼留言