資安事件新聞週報 2020/11/2 ~ 2020/11/6
1.重大弱點漏洞/後門/Exploit/Zero Day
Apache Tomcat WebSocket拒絕服務漏洞(CVE-2020-13935)EXP公開,黑客攻擊正迫在眉睫
https://s.tencent.com/research/report/1172.html
Trend Micro InterScan Messaging Security Virtual Appliance 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27019
Tomcat WebSocket拒絕服務漏洞(CVE-2020-13935)利用代碼公開預警
https://www.huaweicloud.com/notice/2018/20201106173340446.html
Fortinet FortiMail 授權問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15933
CloudBees Jenkins Active Directory Plugin 授權問題漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2302
Fedora 33 : yubihsm-shell (2020-8afd443d46)
https://www.tenable.com/plugins/nessus/142040
Cisco IP Phone 8800 Series和Cisco IP Phone 7800 Series 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3574
思科揭露已有攻擊程式問世的AnyConnect零時差漏洞
https://www.ithome.com.tw/news/140945
騰訊安全披露多個0day漏洞,Linux系統或陷入“被控”危機
https://www.ofweek.com/security/2020-11/ART-510011-8440-30467913.html
Ubuntu 發現讀取任意文件和拒絕服務漏洞,需要盡快升級
https://www.ithome.com/0/517/818.htm
依賴存儲庫劫持漏洞已經影響谷歌 GitHub 等 7 萬多個開源項目的供應鏈
https://www.chainnews.com/zh-hant/articles/670863310251.htm
拒絕展延修補寬限期,Google準時公布GitHub高風險漏洞
https://www.ithome.com.tw/news/140965
GitHub企業版RCE敏捷(GitHub Enterprise <2.21.4)2020.8
https://xz.aliyun.com/t/8458
Oracle Solaris重大零時差漏洞遭駭客開採,曾潛伏企業內長達2年
https://www.ithome.com.tw/news/140915
甲骨文WebLogic RCE漏洞疑似遭積極鎖定
https://www.ithome.com.tw/news/140858
Windows Kernel cng.sys pool-based buffer overflow in IOCTL 0x390400
https://bugs.chromium.org/p/project-zero/issues/detail?id=2104
CVE-2020-14383
https://www.samba.org/samba/security/CVE-2020-14383.html
CVE-2020-14323
https://www.samba.org/samba/security/CVE-2020-14323.html
CVE-2020-14318
https://www.samba.org/samba/security/CVE-2020-14318.html
PATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots
https://isc.sans.edu/diary/rss/26734
甲骨文發布緊急補丁修復WebLogic Server嚴重漏洞(CVE-2020-14750)
https://4hou.win/wordpress/?p=54729
Oracle Critical Patch Update Advisory - October 2020
https://www.oracle.com/security-alerts/cpuoct2020.html
WARNING: Google Discloses Windows Zero-Day Bug Exploited in the Wild
https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html
New Chrome Zero-Day Under Active Attacks – Update Your Browser
https://thehackernews.com/2020/11/new-chrome-zero-day-under-active.html
Adobe Acrobat 和Reader 軟件發現任意代碼執行漏洞,需盡快升級
https://finance.sina.com.cn/tech/2020-11-04/doc-iiznezxr9897052.shtml
Qualcomm HLOS 加密問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11123
CERT-In在Chrome和Safari等瀏覽器中發現多個安全漏洞
https://www.ahjcg.cn/guoji/202011/0428575.html
谷歌披露影響開發人員的GitHub 高危0day漏洞
https://www.secrss.com/articles/26765
網絡安全Google修補了適用於Android操作系統的30個漏洞
https://reurl.cc/R1QKWn
Linux kernel 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25662
SaltStack 遠程命令執行漏洞(CVE-2020-16846)
https://nosec.org/home/detail/4601.html
安全預警- 涉及華為部分產品的不安全加密算法漏洞
https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20201104-01-encryption-cn
Huawei FusionCompute 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9128
CVE-2020-17087 Windows 0 day漏洞利用
http://read01.com/mz8DgyB.html
HashiCorp Consul 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25201
VoIP伺服器曝重大漏洞,黑客可以繞過管理員身份
http://read01.com/AzQEgjO.html
FreePBX仍然是全球VOIP攻擊者的最大目標
http://www.ctiforum.com/news/guonei/579790.html
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
螞蟻暫緩上市公告漏洞百出:150字公告出現3處文字錯誤
https://reurl.cc/q839rD
假避險真炒匯 外資大買反向ETF
https://www.merit-times.com.tw/NewsPage.aspx?unid=602892
臺灣F-ISAC屆滿三年,金管會揭露推動進度與成果
https://www.ithome.com.tw/news/140906
永豐數金大將萬幼筠離職
https://www.chinatimes.com/newspapers/20201105000224-260205?chdtv
《基金》趁螞蟻上市卡關 逢低布局金融科技基金
https://www.chinatimes.com/realtimenews/20201104004901-260410?chdtv
遠傳電信攜手銀行、保險業者 力推數位金融
https://money.udn.com/money/story/5617/4990840
樂天商銀拚年底試營運 將引進全套日本資安系統
https://ec.ltn.com.tw/article/breakingnews/3343466
樂天銀行力拼年底前試營運,但正式公開要等明年!為何純網銀上路時程一延再延
https://www.bnext.com.tw/article/59961/taiwan-internet-only-bank-
樂天商銀拚年底前內部試營運 不打燒錢戰略
https://news.cnyes.com/news/id/4538847
3.電子支付/行動支付/pay/資安
【電子支付】印度Whatsapp正式推出電子支付 繼巴西失敗後再接再厲
https://reurl.cc/WLVegy
建構台灣支付生態圈 電支條例11/9初審
https://ctee.com.tw/news/finance/365518.html
打通無現金社會最後一哩 電支條例11/9立法院初審
https://reurl.cc/q8392q
【電子支付】華為測試手機八達通付款服務 支援多款新機型號
https://reurl.cc/Ezaqy0
立院下周初審修法 電支機構可設海外據點、打國際盃
https://ec.ltn.com.tw/article/breakingnews/3344386
4.加密貨幣/挖礦/區塊鍊 資安
比特幣價值逼迫40萬台幣 背後神祕真相曝光
https://www.setn.com/News.aspx?NewsID=843465
瑞波|冷錢包 Ledger 驚傳大規模釣魚攻擊,駭客已盜走「28 萬美元 — 115萬顆 XRP」
https://www.blocktempo.com/ledger-users-got-hacked-1-15m-xrp-by-phishing-scam/
大選推動比特幣牛市:還會繼續漲
https://www.storm.mg/article/3173851
關於PayPal支援比特幣的未來,你信嗎
https://www.bnext.com.tw/article/59914/paypal-bitcoin-cryptocurrency
美國司法部推出加密貨幣實施框架
https://blog.twnic.tw/2020/11/05/15800/
數位人民幣最安全?加速國進民退,中國試點市場卻爆山寨危機
https://opinion.udn.com/opinion/story/120972/4991743
Persistent Actor Targets Ledger Cryptocurrency Wallets
https://www.proofpoint.com/us/blog/threat-insight/persistent-actor-targets-ledger-cryptocurrency-wallets
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
義大利酒商Campari Group遭勒索軟體攻陷,駭客要脅1,500萬美元贖金
https://www.ithome.com.tw/news/140967
贖金恐超過千萬美元!卡普空遭 Ragnar Locker 勒索軟體攻擊
https://technews.tw/2020/11/06/ransomware-hackers-hit-capcom-networks/
芭比娃娃製造商Mattel遭到勒索軟體攻擊
https://www.ithome.com.tw/news/140932
Browser Bugs Exploited to Install 2 New Backdoors on Targeted Computers
https://thehackernews.com/2020/10/browser-exploit-backdoor.html
Anchor Project for Trickbot Adds ICMP
https://labs.sentinelone.com/anchor-project-for-trickbot-adds-icmp/
Dropping the Anchor
https://www.netscout.com/blog/asert/dropping-anchor
New Kimsuky Module Makes North Korean Spyware More Powerful
https://thehackernews.com/2020/11/new-kimsuky-module-makes-north-korean.html
Alert (AA20-301A) North Korean Advanced Persistent Threat Focus: Kimsuky
https://us-cert.cisa.gov/ncas/alerts/aa20-301a
More suspected North Korean malware identified after US alert on Kimsuky hackers
https://www.cyberscoop.com/north-korea-espionage-kimsuky-cybereason/
Back to the Future: Inside the Kimsuky KGH Spyware Suite
https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite
Iranian hackers probed election-related websites in 10 states, US officials say
https://www.cyberscoop.com/iran-election-hacking-state-websites-probe-fbi/
Alert (AA20-304A) Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data
https://us-cert.cisa.gov/ncas/alerts/aa20-304a
Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945
https://www.fireeye.com/blog/threat-research/2020/11/live-off-the-land-an-overview-of-unc1945.html
TinyPOS and ProLocker: An Odd Relationship
https://norfolkinfosec.com/tinypos-and-prolocker-an-odd-relationship/
NEW MALWARE SAMPLES IDENTIFIED IN POINT-OF-SALE COMPROMISES
https://usa.visa.com/dam/VCOM/global/support-legal/documents/new-pos-malware-samples.pdf
ATT&CKing ProLock Ransomware
https://www.group-ib.com/blog/prolock
북한 연계 해킹조직 탈륨, 미국 대선 예측 언론 문서로 위장한 APT 공격 수행
https://blog.alyac.co.kr/3352
Hacks for sale: inside the Buer Loader malware-as-a-service
https://news.sophos.com/en-us/2020/10/28/hacks-for-sale-inside-the-buer-loader-malware-as-a-service/
IoCs/Troj-BuerLd-A.csv
https://github.com/sophoslabs/IoCs/blob/master/Troj-BuerLd-A.csv
"Front Door" into BazarBackdoor: Stealthy Cybercrime Weapon
https://www.advanced-intel.com/post/front-door-into-bazarbackdoor-stealthy-cybercrime-weapon
Gitpaste-12: a new worming botnet with reverse shell capability spreading via GitHub and Pastebin
https://blogs.juniper.net/en-us/threat-research/gitpaste-12
The Ryuk Threat: Why BazarBackdoor Matters Most
https://cofense.com/the-ryuk-threat-why-bazarbackdoor-matters-most/
A Decade of WMI Abuse – an Overview of Techniques in Modern Malware
https://www.bitdefender.com/files/News/CaseStudies/study/377/Bitdefender-Whitepaper-WMI-creat4871-en-EN-GenericUse.pdf
njRAT Rising - The Increase in Activity of the Remote Access Trojan
https://blog.cyberint.com/njrat-bulletin
ZLoader 악성코드, 사업 정지 경고로 위장해 유포중
https://blog.alyac.co.kr/3322
The Hasty Agent: Agent Tesla Attack Uses Hastebin
https://www.deepinstinct.com/2020/10/29/the-hasty-agent-agent-tesla-attack-uses-hastebin/
Turla uses HyperStack, Carbon, and Kazuar to compromise government entity
https://www.accenture.com/us-en/blogs/cyber-defense/turla-belugasturgeon-compromises-government-entity
KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms
https://thehackernews.com/2020/10/kashmirblack-botnet-hijacks-thousands.html
Ransomware Wave Targets US Hospitals: What We Know So Far
https://reurl.cc/Ezaqem
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G
【小心預覽連結!】台灣人最愛用的 Messenger、LINE、IG 都有資料外洩風險
https://buzzorange.com/techorange/2020/11/05/link-preview-disadvantages/
蘋果釋出iOS 14.2,修補已被駭客開採的3個安全漏洞
https://www.ithome.com.tw/news/140964
NASA公開反對AST & Science的衛星行動網路計畫
https://www.ithome.com.tw/news/140916
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
FBI警告醫療機構遭網路攻擊!駭客稱400多家醫院遇害
https://reurl.cc/ldMEMA
電玩之大數據、大監控
https://talk.ltn.com.tw/article/paper/1410867
雙十一線上購物浪潮來襲,電商如何有效應付爆棚流量
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=40&id=0000597490_HV638WCVL2VATDLZ7GHP2
Web應用攻擊上半年激增超800%,政府機構成重災區
https://news.sina.com.tw/article/20201105/36797950.html
駭客以Google表單作為網釣跳板,竊取AT&T憑證
https://www.ithome.com.tw/news/140968
前澳洲眾議院議長警告 台海局勢牽動澳洲國家安全
https://www.cna.com.tw/news/aopl/202011060042.aspx
【威盛晶片風暴1】曾遭控留後門洩個資 威盛瑕疵晶片遭判賠
https://www.mirrormedia.mg/story/20190507inv001/
【威盛晶片風暴2】港中台求償官司三地開打 香港仲裁成關鍵
https://www.ettoday.net/news/20200508/1847950.htm?redirect=1
【威盛晶片風暴3】手機過熱害當機 立委質疑間諜晶片惹禍
https://www.ettoday.net/news/20200508/1848354.htm?redirect=1
【威盛晶片風暴4】合作商向王雪紅老公追債 北京法院自承管不到台灣
https://www.ettoday.net/news/20200508/1847833.htm?redirect=1
【威盛晶片風暴5】威勝賠償金早編列 苦主纏訟10年拿不到半毛錢
https://www.ettoday.net/news/20200508/1847948.htm?redirect=1
【威盛晶片風暴6】王雪紅創2股王 從天價崩跌下殺1折
https://www.ettoday.net/news/20200508/1847834.htm?redirect=1
以駭客為主題的《看門狗:自由軍團》原始碼真的被駭客竊取,560 GB 檔案全被偷
https://games.yahoo.com.tw/watchdogreal-112339915.html
臺灣主機託管業者再傳遭到來自國內IP位址的DDoS攻擊!捕夢網連續4天遭到攻擊
https://www.ithome.com.tw/news/140950
黃竹坑公司電腦有駭客入侵 勒索4萬元虛擬貨幣
https://reurl.cc/R1QKr9
美國司法部繳獲與網上毒品市場「絲綢之路」有關的10億美元比特幣
https://reurl.cc/Q3O1L9
值 10 億美元!美國司法部查獲暗網「絲路」相關 7 萬枚比特幣
https://www.inside.com.tw/article/21469-us-feds-seize-1-billion-in-bitcoin-from-wallet-linked-to-silk-road
美國空軍購買 DJI 無人機 議員憂敏感資料外洩中方
https://reurl.cc/k0Q4kr
威州黨部遭駭客入侵!川普競選帳戶丟失逾6千萬
https://reurl.cc/6leper
Premium-Rate Phone Fraudsters Hack VoIP Servers of 1200 Companies
https://thehackernews.com/2020/11/premium-rate-phone-fraudsters-hack-voip.html
Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/seedworm-apt-iran-middle-east
INJ3CTOR3 Operation – Leveraging Asterisk Servers for Monetization
https://research.checkpoint.com/2020/inj3ctor3-operation-leveraging-asterisk-servers-for-monetization/
New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service
https://thehackernews.com/2020/11/new-natfirewall-bypass-attack-lets.html
Taiwanese Company Admits Stealing US Trade Secrets
https://www.infosecurity-magazine.com/news/taiwanese-company-admits-stealing/
Cybersecurity expert explains alleged Wisconsin GOP hack
https://wkow.com/2020/10/29/cybersecurity-expert-explains-alleged-wisconsin-gop-hack/
Hackers stole $2.3 million from the Wisconsin Republican party
https://www.theverge.com/2020/10/29/21540135/wisconsin-republican-party-hack-2-3-million-stolen
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
暗網搶手貨?駭客熱衷兜售Robinhood相關個資 本周近萬筆電郵資料遭洩
https://tw.appledaily.com/property/20201101/MDDNBWOWUZHOTI6ETK3U747RF4/
奎丁加入「神秘色情片群組」驚見自己! 一翻長串名單怒了:這是數位性暴力
https://star.ettoday.net/news/1844135
美情報官員:伊朗黑客入侵一州選民數據庫
https://www.epochtimes.com/b5/20/10/31/n12515588.htm
女子誤信博彩網站存“漏洞時段”被騙19萬人民幣
https://reurl.cc/gmEg4p
萬豪因泄露3億客人信息被罰1.6億 歷經4年漏洞才被發現
https://news.sina.com.tw/article/20201104/36786296.html
利用招商銀行“閃電貸”徵信系統漏洞詐騙團伙騙得貸款400餘萬元
http://finance.caijing.com.cn/20201104/4711505.shtml
慎防詐騙集團周末蠢動 好物市集提5大防詐提醒
https://reurl.cc/e8Z0WL
日本電玩開發商卡普空疑遭勒索軟體攻擊,被盜走1TB資料
https://www.ithome.com.tw/news/140960
雙11防詐騙 趨勢科技:三招嚴堵駭客竊個資
https://money.udn.com/money/story/5612/4993782
兩名交易員了結與SEC公司數據庫遭駭客攻擊有關的案件
https://reurl.cc/bRyZEE
阿里巴巴旗下的Lazada稱駭客竊取了客戶數據
https://reurl.cc/Y6nMna
阿里巴巴旗下新加坡電商 Lazada 遭駭客入侵,110 萬客戶數據外洩
https://technews.tw/2020/11/06/alibaba-owned-lazada-suffers-data-breach-for-its-grocery-delivery-business-in-singapore/
Purchase Order Phishing, the Everlasting Phishing Tactic
https://cofense.com/purchase-order-phishing-the-everlasting-phishing-tactic/
Online Leader Invites You to This Webex Phish
https://cofense.com/online-leader-invites-you-to-this-webex-phish/
해외 로그인 문자메시지로 위장된 국내 암호화폐 피싱 사이트 주의
https://blog.alyac.co.kr/3321
E.研究報告
肚腦蟲組織( APT-C-35)疑似針對巴基斯坦軍事人員的最新攻擊活動
https://blogs.360.cn/post/APT-C-35_target_at_armed_forces_in_Pakistan.html
如何通過查找惡意開發者的線索來尋找漏洞(上)
https://www.chainnews.com/zh-hant/articles/975983726494.htm
如何通過查找惡意開發者的線索來尋找漏洞(中)
https://www.chainnews.com/zh-hant/articles/632568220307.htm
CVE-2020-27194:Linux內核eBPF模塊提權突破的分析與利用
https://www.anquanke.com/post/id/221545
挖洞經驗| 價值6k$的星巴克官網賬戶劫持漏洞
https://netsecurity.51cto.com/art/202011/630914.htm
CVE-2020-16898 TCP/IP遠程代碼執行漏洞
https://zhuanlan.zhihu.com/p/274622102
WebLogic-XMLDecoder反序列化漏洞分析
https://xz.aliyun.com/t/8465
全球量子加密通訊發展現況與趨勢 [趨勢新知]
https://www.moea.gov.tw/MNS/doit/bulletin/Bulletin.aspx?kind=4&html=1&menu_id=13553&bull_id=7935
SD-WAN安全網路新架構 助製造業於決勝千里之外
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=13&id=0000596464_ZTA5BO7V5K651I56VZFH6
旅行路上的資安交戰守則!ft.旅行熱炒店
https://infosecdecompress.com/posts/patches_security_tips_for_traveling
[Kali]--攻擊PDF漏洞
https://blog.csdn.net/weixin_42633229/article/details/109535367
Attacks on industrial enterprises using RMS and TeamViewer:new data
https://ics-cert.kaspersky.com/media/Kaspersky-Attacks-on-industrial-enterprises-using-RMS-and-TeamViewer-EN.pdf
Attacks on industrial enterprises using RMS and TeamViewer: new data
https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer-new-data/99206/
P.A.S. Fork v. 1.0 — A Web Shell Revival
https://blog.sucuri.net/2020/10/p-a-s-fork-v-1-0-a-web-shell-revival.html
GRIZZLY STEPPE – Russian Malicious Cyber Activity
https://us-cert.cisa.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf
If You Don't Have A SASE Cloud Service, You Don't Have SASE At All
https://thehackernews.com/2020/11/if-you-dont-have-sase-cloud-service-you.html
F.商業
產官學共同攜手破解場域和人才缺口 兆勤力促資安從產業化走向國際化
https://www.bnext.com.tw/article/59945/zyxel
Arm 打造 Cortex-A78C CPU 設計,推動運算效能更高的筆電產品
https://www.eprice.com.tw/tech/talk/1184/5569726/1
專家系統測知水準 提供循序補強建議 製造業資安體檢 評估改善有據
http://www.netadmin.com.tw/netadmin/zh-tw/market/A4A9B593906141EA8DE2FF1F9A594E79
宏碁2020年特色新品陸續開賣 滿足多元商務客群
https://zeekmagazine.com/archives/135044
新漢公司超前部署智慧製造、智慧醫療新契機
https://ctee.com.tw/industrynews/technology/364593.html
專家系統測知水準 提供循序補強建議 製造業資安體檢 評估改善有據
http://www.netadmin.com.tw/netadmin/zh-tw/market/A4A9B593906141EA8DE2FF1F9A594E79
臺灣資安新創奧義智慧唯一加入日本資安通報應變體系
https://www.zerone.com.tw/Content/Product/04B67D0FF38F7FB3
微軟IBM大廠爭相投入 科技部擬提高量子技術經費
https://www.cna.com.tw/news/ait/202011030272.aspx
G.政府
卡式台胞證與數位身分證?其實問題在晶片
https://www.inside.com.tw/article/21470-eMRTD
數位身分證安全疑慮 中研院學者提三大解方
https://news.ltn.com.tw/news/politics/breakingnews/3342108
數位身分證 內政部︰資安控管 國際安全認證
https://news.ltn.com.tw/news/life/paper/1410544
數位身分證會不會有資安疑慮?中研院學者提出3大問題,呼籲政府暫緩換發
https://www.storm.mg/lifestyle/3176477
臺灣人權促進會針對數位身分證提出集體訴訟,資安疑慮、法源不足是民間團體質疑焦點
https://www.ithome.com.tw/news/140925
中研院學者籲暫緩數位身分證 內政部:有風險管控
https://udn.com/news/story/6656/4990489?from=udn-catebreaknews_ch2
首任「數位發展部」部長由郭耀煌出線?立委高虹安喊話:新任部長必須針對這四大面向做統籌規劃
https://reurl.cc/av7pE4
行政院欲強化資安,擬在數位發展部下設資安署
http://www.yucc.org.tw/news/domestic/20201106-1
李副總長主持資安鑑識實驗室授證典禮 國軍資安能量獲國際肯定
https://www.ydn.com.tw/news/newsInsidePage?chapterID=1283441&type=immediate
李廷盛見證國軍資安新里程碑
https://reurl.cc/ldMEXA
關務署高雄關 獲得資安認證
https://www.chinatimes.com/realtimenews/20201105004399-260410?chdtv
H.工控系統/ICS/SCADA 相關資安
HGC環電與CyberSecurity Malaysia簽署諒解備忘錄
https://times.hinet.net/news/23106802
聯醫率先設置獨立資安中心,自建資安IT還兼顧OT法遵
https://www.ithome.com.tw/people/140837
ICS Advisory (ICSA-20-303-01) Mitsubishi Electric MELSEC iQ-R, Q and L Series
https://us-cert.cisa.gov/ics/advisories/icsa-20-303-01
ICS Advisory (ICSA-20-303-02) Mitsubishi Electric MELSEC iQ-R
https://us-cert.cisa.gov/ics/advisories/icsa-20-303-02
Mitsubishi Electric FR Configurator2 資源管理錯誤漏洞(CICSVD-2020-0003550)
https://www.cics-vd.org.cn/publish/main/list/leakInfo/leakInfo_12384.html
I.教育訓練
大葉資管系大三生宋昕岳考取國際資安證照
https://reurl.cc/ldMEZE
CIA-資安的目標
https://ithelp.ithome.com.tw/articles/10254104?sc=rss.qu
How to Prevent Pwned and Reused Passwords in Your Active Directory
https://thehackernews.com/2020/11/how-to-protect-yourself-from-pwned-and.html
5 Essential Steps to Improve Cybersecurity Maturity
https://www.tripwire.com/state-of-security/featured/5-essential-steps-improve-cybersecurity-maturity/
Real-Time Observability with Redis and Grafana
https://redislabs.com/blog/real-time-observability-with-redis-and-grafana/
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
u-blox推出IoT安全即服務產品組合
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=35&id=0000596700_Q1J6R9NH1YVJYBLGT7J7S
芯科擴展IoT模組 實現應用預認證無線連接
https://www.mem.com.tw/arti.php?sn=2011040006
IoT security 101: Understanding the basics
https://www.itproportal.com/features/iot-security-101-understanding-the-basics/
Understanding the Impact of COVID-19 on IoT Security
https://securityboulevard.com/2020/11/understanding-the-impact-of-covid-19-on-iot-security/
IoT Security in the Medical Industry
https://www.iotforall.com/iot-security-medical
6.近期資安活動及研討會
交通大學亥客書院 阻斷服務攻擊/分散式阻斷服務攻擊/Botnet 11/7
https://hackercollege.nctu.edu.tw/?p=1218
2020北區資安體驗營-資安人生 No Information Security No Life 11/8 (日)
活動報名時間自109年10月19日上午10點至109年11月4日下午6點止,一律採網路報名
https://docs.google.com/forms/d/1IwTdfwEbQmKMUmsEUiqTkQPumygDbKU0JxJ4Ktti6Z0/viewform?edit_requested=true
資安防護實務與情境演練 2020-11-11 至 2020-11-13
https://cybersecurity.tisnet.com.tw/Home/SignUp/1082
交通大學亥客書院 基礎網站安全建構實務 11/14
https://hackercollege.nctu.edu.tw/?p=1220
Gopher Conference Taiwan 2020 11/14
https://www.meetup.com/golang-taipei-meetup/events/272815117/
交通大學亥客書院 系統防護及內網威脅通報應變實戰班 11/17、11/24
http://service.tabf.org.tw/tw/user/409646/course1-4.htm
Open Source Digital Forensics Conference 11/18
https://www.osdfcon.org/
資安社 - VR 大學之道 11/18
https://nsysuisc.kktix.cc/events/vr2020
為了未來的資安創業家的經驗分享及日本市場的機會 11/18
https://www.accupass.com/event/2010211439595871812200
資訊安全防護及案例分享研討會 2020-11-20
https://www.accupass.com/event/2010280613402068809507
Google Cloud 資安攻略,打造更安全的雲端環境|Google Cloud Security Overview 11/20
https://www.accupass.com/event/2008100235425139714960
[台灣網路講堂]功能變數名稱之扣押與沒收 以司法實務操作為中心 11/20
https://www.ihub.tw/Calendar/ihub20201120
Google Cloud 資安攻略,打造更安全的雲端環境|Google Cloud Security Overview 11/20
https://www.accupass.com/event/2008100235425139714960
Cyberspace 2020聯合研討會 11/20
https://cyber2020.cc-isac.org/announce.php
第一屆『E-Security 2020 資安科技-政府策略&企產資源&學研實務demo論壇』 11/20
https://www.esam.io/e-security-index/
交通大學亥客書院 惡意程式檢測實務 11/21 11/28
https://hackercollege.nctu.edu.tw/?p=1222
電腦稽核協會11月臺北例會_數位化時代-企業內部資訊安全防護及管理機制 11/27
https://www.caa.org.tw/coursedetail-3420.html
物聯網資安標章成果發表會 2020/12/01
https://www.taics.org.tw/RecentACTForm.aspx?ACTCat_id=1&ACT_id=11148
AWS 開發者的年末盛會 2020 年 12 月 4 日 (五)
https://aws.amazon.com/tw/events/taiwan/devday/?sc_category=mult
吱吱盃駭客松 2020/12/11
https://nsysuisc.kktix.cc/events/hackathon2020
交通大學亥客書院 高階網頁滲透測試 12/5 12/12
https://hackercollege.nctu.edu.tw/?p=1224
交通大學亥客書院 系統滲透測試與漏洞利用 12/19
https://hackercollege.nctu.edu.tw/?p=1226
交通大學亥客書院 AI於資訊安全之應用 2021/1/9 1/16
https://hackercollege.nctu.edu.tw/?p=1228
交通大學亥客書院 企業網域控管-Active Directory攻擊與防禦 2021/1/23
https://hackercollege.nctu.edu.tw/?p=1230
沒有留言:
張貼留言