NUUO產品被曝0Day漏洞,黑客可遠程入侵數十萬攝像頭
https://www.easyaq.com/news/550008787.shtml
一個通殺絕大多數交易平台的XSS 0day 漏洞
https://www.anquanke.com/post/id/160193
安全公司:某第三方知名JS庫存在XSS 0day漏洞,可盜取交易所賬號
https://www.8btc.com/article/276428
Win平台Tor瀏覽器匿名機制繞過漏洞可洩露用戶IP
https://www.anquanke.com/post/id/159899
IBM DB2 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10731657
30 年前的漏洞,竟可引起2018 年的電腦操作崩潰
https://blog.csdn.net/csdnnews/article/details/82731527
新漏洞允許黑客訪問睡眠模式電腦:所有品牌都受影響
https://iview.sina.com.tw/post/17145570
ISC BIND 篡改漏洞
https://www.us-cert.gov/ncas/current-activity/2018/09/19/ISC-Releases-Security-Advisory-BIND
Imperva SecureSphere WAF 11.5 Bypass - CXSecurity.com
https://cxsecurity.com/issue/WLB-2018090136
F5 BIG-IP APM portal access 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15310
D-Link DIR-600M跨站腳本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16605
Red Hat 389-ds-base競爭條件漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10850
Silicon Graphics LibTIFF 安全漏洞
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201809-673
CCleaner再出包!擅自將用戶升級到5.46
https://www.ithome.com.tw/news/125947
微軟 Jet Database Engine 遠端程式碼執行漏洞
https://www.theregister.co.uk/2018/09/20/microsofts_jet_database_zero_day/
Microsoft Internet Explorer/Edge遠程內存破壞安全漏洞
http://www.twoeggz.com/news/10957055.html
Microsoft Windows Device Guard本地安全繞過漏洞
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200
Critical Security Update Released for Adobe Reader and Acrobat
https://malwaretips.com/threads/critical-security-update-released-for-adobe-reader-and-acrobat.86893/
Cisco Patches Network Recording Player Remote Code Execution Vulnerabilities
https://malwaretips.com/threads/cisco-patches-network-recording-player-remote-code-execution-vulnerabilities.86892/
Cisco Network Assistant拒絕服務漏洞
https://packetstormsecurity.com/files/149121/Cisco-Network-Assistant-6.3.3-Denial-Of-Service.html
Cisco SD-WAN Solution命令注入漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-injection
Intel releases firmware update for ME flaw
https://nakedsecurity.sophos.com/2018/09/18/intel-releases-firmware-update-for-me-flaw/
知道還不補!研究人員踢爆WD低階NAS有身分驗證繞過漏洞,但WD知情一年遲遲未修
https://www.ithome.com.tw/news/125993
Western Digital's My Cloud NAS Devices Turn Out to Be Easily Hacked
https://bit.ly/2DfUnLb
Western Digital My Cloud 多個漏洞
https://www.securify.nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html
A REMOTE CODE EXECUTION VULNERABILITY IN THE MICROSOFT WINDOWS JET DATABASE ENGINE
https://bit.ly/2OGkVX6
NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)
https://www.exploit-db.com/exploits/45427/
CA Release Automation NiMi 6.5 - Remote Command Execution
https://www.exploit-db.com/exploits/45425/
Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)
https://www.exploit-db.com/exploits/45367/
Tenable WAS-Scanner 7.4.1708 - Remote Command Execution
https://www.exploit-db.com/exploits/45345/
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/45422/
Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)
https://www.exploit-db.com/exploits/45424/
Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit)
https://www.exploit-db.com/exploits/45433/
Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket
https://www.exploit-db.com/exploits/45407/
Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC)
https://www.exploit-db.com/exploits/45421/
Adobe Acrobat Reader 多個漏洞
https://helpx.adobe.com/security/products/acrobat/apsb18-34.html
2.銀行/金融/保險/證券/電子支付/行動支付/虛擬貨幣/區塊鍊 新聞及資安
富士通實驗室開發出區塊鏈擴展技術「ChainedLineage」
https://bit.ly/2xtvFl1
日交易所又遭駭! 駭客從 Zaif 熱錢包盜走近 6,000 萬美元加密幣
https://blockcast.it/2018/09/20/jp-exchange-zaif-hacked/
日本交易所 Zaif 遭駭客攻擊,共損失 18 億加密資產
https://www.blocktempo.com/japanese-cryptocurrency-exchange-hacked-59-million-in-losses/
日本虛擬貨幣再出包 損失6,000萬美元
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000542751_9KL8PW5N4CQP7F2UQ81U7
日本又爆大型虛幣竊案 逾18億加密資產遭盜匯
https://news.tvbs.com.tw/world/996006
駭客現身?疑似發現攻擊Zaif交易所的比特幣位址
http://m.life.tw/?app=view&no=846439
日本加密貨幣交易所Zaif遭駭 損失67億日圓
https://coineast.com/japanese-cryptocurrency-exchange-zaif-hacked/
俄羅斯多間大銀行皆希望與加密貨幣產業合作
https://bit.ly/2DutSBR
比特幣拋售過了頭? Trefis Team:年底前將漲回8500美元
https://bit.ly/2D0VnSY
一定限額以下 比特幣現金交易擬鬆綁
https://udn.com/news/story/11316/3379134
超商仍可買比特幣 金管會「管不了」望業者自律
https://www.chinatimes.com/realtimenews/20180920004494-260410
虛擬通貨實名制落實到超商,單日限額不超過 10 萬
https://bit.ly/2xu4xT0
虛擬貨幣交易採實名制 超商現金購買 金管會有條件放寬
https://bit.ly/2NXsqMa
交易速度大勝比特幣!加密貨幣教父推新平台
https://m.ctee.com.tw/focus/vvgc/196001
中國人民銀行再發通告 警告民眾勿沾 ICO
https://bit.ly/2xxoDeh
擁有7.2億美元比特幣的「大金主」突然甦醒 數位貨幣「嚇跌」
https://news.cnyes.com/news/id/4203418
為修復漏洞,Everipedia宣布將暫停有關「IQ合約」的服務一天
https://bit.ly/2NS5he0
加密貨幣暴露風險中 Google專家警告:別做這些事
https://www.ettoday.net/news/20180918/1261103.htm
新加坡金管局主管:證券型代幣適用於現有的新加坡證券及期貨法
https://bit.ly/2pjKIJF
從WiMAX到區塊鏈 又一個神話即將破滅
http://talk.ltn.com.tw/article/paper/1233202
新型數字資產交易所BitMax首來台 實習月薪5萬獵才
https://www.chinatimes.com/realtimenews/20180918003685-260410
加密貨幣市場面臨新一波賣壓?10億美元比特幣恐遭拋售
https://udn.com/news/story/6811/3372630
火幣、吉富兩肋插刀,加密貨幣交易所「數寶」登陸台灣
https://www.inside.com.tw/2018/09/18/taiwan-cryptocurrency-exchange-shubao-opening
在加密貨幣市場掀起波瀾,「受監管」的穩定幣究竟是怎麼一回事
https://bit.ly/2D8dPcF
中國多家大銀行將接受CADE的加密貨幣壟斷調查
https://bit.ly/2Nofcsb
中國央行數字貨幣研究所規劃部負責人彭楓:區塊鏈將建構新的「價值互聯網」
https://bit.ly/2D4Qs3y
EOSBet將熱錢包內的75%資金,轉移至冷錢包
https://bit.ly/2xx0lRN
以太坊安全漏洞最全總結及安全建議(截至現在)
https://www.coingogo.com/news/14114
立委提案修法 將虛擬通貨納入洗錢防制規範
http://news.ltn.com.tw/news/politics/breakingnews/2551960
跨行無卡提款來了 用手機命令ATM吐鈔
https://tw.appledaily.com/new/realtime/20180917/1431379/
歐洲央行:影子銀行及新興市場的風險要注意
http://www.epochtimes.com/b5/18/9/17/n10719233.htm
商業銀行「乙方換人」:再見ATM機 你好數據平台
https://news.sina.com.tw/article/20180918/28220352.html
LINE Pay 一卡通爆漏洞:未加密網址暴露使用者個資,這樣的資安標準你接受嗎
https://buzzorange.com/techorange/2018/09/18/line-pay-ipass-leaked-user-real-name/
LINE Pay 一卡通轉帳洩用戶本名,官方回覆:之後遮掉一部分就是了
https://buzzorange.com/techorange/2018/09/20/line-pay-ipass-respond-2018/
LINE Pay一卡通轉帳洩隱私?一卡通建議姓名部分隱碼
https://news.cnyes.com/news/id/4204733
台灣Pay無卡跨行提款 國泰世華ATM全支援
https://bit.ly/2xhWoRE
台灣Pay台北101園遊會 掃碼綁卡送藍芽耳機
https://bit.ly/2PQJT6f
電子支付個資恐遭盜 一卡通:依法實名制
https://bit.ly/2xhWwR8
一卡通電子支付機構業務定型化契約修正
https://www.ptt.cc/bbs/MobilePay/M.1537191986.A.7B9.html
陸P2P倒閉潮 恐連累純網銀
https://www.chinatimes.com/newspapers/20180915000270-260205
顧立雄:大陸P2P風暴若發生在台灣 金管會早就「爆掉了」
https://www.ettoday.net/news/20180918/1261538.htm
中國P2P倒閉潮在台發生 顧立雄:金管會就被包圍了
https://tw.finance.appledaily.com/realtime/20180918/1432126/
傳馬雲宣布辭職當天 支付寶被中共「收編」
http://www.epochtimes.com/b5/18/9/14/n10715698.htm
銀行信用卡廣告 金管會解禁
https://money.udn.com/money/story/5613/3373073
國家隊純網銀 泛公股股權將過半
https://www.ettoday.net/news/20180918/1261725.htm
金融科技監理 要顧四原則
https://bit.ly/2OAs23h
金融科技園區開幕 37家廠商進駐
https://udn.com/news/story/7239/3373546
金融科技創新園區開幕 監理門診問到飽
https://news.sina.com.tw/article/20180918/28225070.html
台灣金融科技園區落成,將成國際接軌單一窗口
https://bit.ly/2MIs9be
金融科技創新第二座園區,不排除落腳高雄
https://bit.ly/2xpiyBe
拚金融科技 金管會昨審查首件「監理沙盒」申請案
http://ec.ltn.com.tw/article/breakingnews/2554445
金融監理沙盒,凱基銀搶頭香
https://bit.ly/2MGHzNe
上海資安中心 制定區塊鏈安全標準
https://udn.com/news/story/7333/3377068
台灣金融科技大升級 - 關貿網路與金融研訓院打造Fintech創新聚落
http://www.trade-van.com/news/index.do?act=detail&articleId=830
部分收單機構對網路特約商戶和網路支付介面管理不到位 中國支付清算協會發佈風險提示
https://news.sina.com.tw/article/20180917/28216300.html
傳土耳其擬成立機構處理當地銀行壞帳
http://www.aastocks.com/tc/stocks/news/aafn-news/NOW.897510/2
台北金融科技展,12月登場
https://bit.ly/2xo3XWL
彰銀強化資安防護,獲ISO 22301 BCMS驗證
http://pchome.megatime.com.tw/news/cat2/20180919/9800019001084260410.html
攻互聯網金融 富邦華一銀將參與設立消費金融公司
https://udn.com/news/story/7239/3376948
一次十個 遠銀行動APP 轉帳社群通知服務上線
https://www.chinatimes.com/realtimenews/20180919003587-260410
刷臉支付考驗網安
http://www.chinatimes.com/newspapers/20180920000218-260310
第3屆T-Brain AI競賽出爐 成功挑戰保險產業AI新應用
http://ec.ltn.com.tw/article/breakingnews/2556975
摩根大通戴蒙:網路戰是金融體系的最大威脅
https://udn.com/news/story/6811/3379204
中秋連假 金管會要求保險公司保戶服務不中斷
https://www.ydn.com.tw/News/305955
iPhone為什麼還不能支援悠遊卡和一卡通原因,金管會給出獨家答案
https://mrmad.com.tw/iphone-support-easycard-ipass
結合LINE Pay 鄭文燦:桃園市民卡變得更好用
http://www.peoplenews.tw/news/f8b8fdd2-6291-4769-87d7-8f52dcde11c1
桃園市市民卡發行3周年 擬再擴大功能 與LINE Pay、一卡通合作
https://bit.ly/2xF4F1j
桃園市民卡3周年 小額消費抽石垣島郵輪雙人行
https://www.chinatimes.com/realtimenews/20180920003542-260410
手機支付好先進? 數據全被中央監控
https://hk.finance.appledaily.com/finance/realtime/article/20180920/58703918
金融科技崗“搶戲” 20家銀行總行“招賢”
http://capital.people.com.cn/BIG5/n1/2018/0921/c405954-30307135.html
權證交易稅 擬降至千分之1
https://money.udn.com/money/story/6710/3379391
越南電子支付蓬勃發展
http://vn-cs.com/_30621.html?lang=cn
銀行櫃臺也可共享了
http://big5.xinhuanet.com/gate/big5/www.xinhuanet.com/info/2018-09/21/c_137483262.htm
要有資安的危機意識
https://udn.com/news/story/7239/3380723?from=udn-ch1_breaknews-1-cate6-news
薪資匯款帳號變成駭客銀行帳戶?!美國大學員工被竊逾600萬美元
https://blog.trendmicro.com.tw/?p=57161
India Post Payments Bank taps FSS to bring banking, payment services to underserved populations
https://bit.ly/2NfOTEC
California judge determines that ATM dynamiting was an act of 'shoplifting'
https://www.atmmarketplace.com/news/california-judge-determines-that-atm-dynamiting-was-an-act-of-shoplifting/
Greece U-Turns — Now Approves Mr. Bitcoin's Extradition To Russia
https://bit.ly/2xiqF2n
Credential Stuffing Attacks Generate Billions of Login Attempts
https://www.bleepingcomputer.com/news/security/credential-stuffing-attacks-generate-billions-of-login-attempts/
3.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體
資安威脅──挖礦殭屍網路構成新型態暗黑經濟
https://technews.tw/2018/09/17/mining-dark-economy/
安全公司:勒索病毒GandCrab已升级到4.3
https://www.bianews.com/news/flash?id=20552
Fbot:一款Satori相關的、基於區塊鏈DNS的蠕蟲
http://www.freebuf.com/articles/blockchain-articles/184574.html
國外安全研究者爆料中國黑客組織針對越南政府的APT攻擊樣本
http://www.freebuf.com/articles/network/183631.html
數位貨幣非法挖礦去年暴增459% 國安局軟體洩底助長歪風
https://bit.ly/2NYbfKm
網路威脅聯盟:今年非法挖礦行為成長459%
https://www.ithome.com.tw/news/126009
薪資匯款帳號變成駭客銀行帳戶?!美國大學員工被竊逾600萬美元
https://blog.trendmicro.com.tw/?p=57161
澳洲流行非觸式付款 銀行加快技術投資
http://www.epochtimes.com/b5/18/9/19/n10725346.htm
陸修訂新規 銀行理財或投資A股
https://bit.ly/2NtJZE7
具有殭屍網路、勒索軟體等多項功能的新型蠕蟲
https://news.softpedia.com/news/researchers-found-new-worm-with-botnet-ransomware-and-coinmining-abilities-522736.shtml
新的殭屍網路藏在區塊鏈的DNS Mist中並會移除加密貨幣挖礦程式
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=30379
惡意Kodi附加元件安裝Windows和Linux加密貨幣挖掘木馬
https://www.bleepingcomputer.com/news/security/malicious-kodi-add-ons-install-windows-and-linux-coin-mining-trojans/
Urpage 與 Bahamut、Confucius 及 Patchwork 等駭客集團的關聯性
https://blog.trendmicro.com.tw/?p=57158
無檔案式挖礦惡意程式出現新技巧,並已發現變種
https://blog.trendmicro.com.tw/?p=57099
Russian Hacker Pleads Guilty to Operating Kelihos Botnet
https://bit.ly/2OvmyXC
Ransomware Attack Takes Down Bristol Airport's Flight Display Screens
https://bit.ly/2OzcoVE
Ramnit Banking Trojan, August 2018’s Top Malware
https://satoshinakamotoblog.com/ramnit-banking-trojan-august-2018s-top-malware
仮想通貨を要求する日本語の脅迫メールについて
http://www.jpcert.or.jp/newsflash/2018091901.html
Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail
https://bit.ly/2xnFn8i
公民實驗室指控:間諜程式Pegasus被部署在45國!但開發商NSO Group否認:沒這回事
https://www.ithome.com.tw/news/125971
Two New Monero Malware Attacks Target Windows and Android Users
https://securityintelligence.com/news/two-new-monero-malware-attacks-target-windows-and-android-users/
ThreatList: Malware Samples Targeting IoT More Than Double in 2018
https://threatpost.com/threatlist-malware-samples-targeting-iot-more-than-double-in-2018/137528/
Spam Campaigns Using IQY Files Infect Japanese Users With BEBLOH and URSNIF Malware
https://securityintelligence.com/news/spam-campaigns-using-iqy-files-infect-japanese-users-with-bebloh-and-ursnif-malware/
Cybercrime: 15 Top Threats and Trends
https://www.bankinfosecurity.com/cybercrime-15-top-threats-trends-a-11522
New Malware Combines Ransomware, Coin Mining and Botnet Features in One
https://bit.ly/2QMYRLO
B.行動安全 / iPhone / Android / App
5G無線技術引發安全擔憂
https://cn.wsj.com/articles/CT-BIZ-20180914154501
蘋果iOS Safari的弱點被發現了?打開網頁就強迫重開機、只需要15行CSS語法
https://applealmond.com/posts/40188
iOS 瀏覽器最新漏洞 程式碼即令iPhone、iPad重新開機
https://unwire.hk/2018/09/17/ios-css-attack/tech-secure/
iOS 瀏覽器最新漏洞,程式碼會讓 iPhone、iPad 重新開機
http://technews.tw/2018/09/18/a-new-css-based-web-attack-will-crash-and-restart-your-iphone/
Safari 被發現有漏洞!用這幾句 CSS 就可以令你的 iPhone 崩潰
https://www.techapple.com/archives/25609
iOS 12正式版來了,更強大的AR體驗,還修補了16個安全漏洞
https://www.ithome.com.tw/news/125956
世界最快!阿里巴巴實驗室成功越獄 iOS 12
https://www.inside.com.tw/2018/09/20/ios-12-jailbroken-hours-after-release-alibabas-cybersecurity-division
Apple已開始為iPhone漏洞利用支付黑客費用
https://www.anquanke.com/post/id/159894
強化生態系安全新對策,第三方App有漏洞,臉書抓漏方案也給獎金
https://www.ithome.com.tw/news/125945
近似灰帽駭客 蘋果若告恐觸法
https://tw.news.appledaily.com/headline/daily/20180920/38130875/
分身術?停車10分APP計時破百 民恐扣近6000
https://news.tvbs.com.tw/life/995481
維護個資安全 青報APP通過資安檢測
https://www.ydn.com.tw/News/305909
台鐵訂票當機元兇逮到了!APP設計者被送辦
http://news.ltn.com.tw/news/life/breakingnews/2556957
9 個你必須知道的 iOS 12 隱藏功能
https://www.kocpc.com.tw/archives/218754
【FinTech理財】手機支付保安存疑 6招教你自保
https://bit.ly/2PW0Lsu
推特以雙重保護防止用戶遭Silhouette技術線上線下交叉追蹤
https://www.ithome.com.tw/news/126036
eSIM功能 電信商:今年無法上
https://bit.ly/2MQ6EoV
趨勢科技聲明:針對 Mac App 商店中趨勢科技 App問題的回應
https://blog.trendmicro.com.tw/?p=57109
Watch Out! This New Web Exploit Can Crash and Restart Your iPhone
https://bit.ly/2PJjoQ8
Hackers selling research phished from universities on WhatsApp
https://nakedsecurity.sophos.com/2018/09/18/hackers-selling-research-phished-from-universities-on-whatsapp/
State Department scores an F on 2FA security
https://nakedsecurity.sophos.com/2018/09/18/state-department-scores-an-f-on-2fa-security/
Powerful Android and iOS Spyware Found Deployed in 45 Countries
https://thehackernews.com/2018/09/android-ios-hacking-tool.html
This Powerful Off-the-Shelf Phone-Hacking Tool Is Spreading
https://medium.com/fast-company/this-powerful-off-the-shelf-phone-hacking-tool-is-spreading-adab67e8590c
Nearly half of US mobile phone calls will be scams by 2019: report
https://www.smh.com.au/world/north-america/nearly-half-of-us-mobile-phone-calls-will-be-scams-by-2019-report-20180920-p504uf.html
C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
利用機器學習(Machine Learning)協助識別網頁竄改(Web Defacement)
https://blog.trendmicro.com.tw/?p=56695
強化生態系安全新對策,第三方App有漏洞,臉書抓漏方案也給獎金
https://www.ithome.com.tw/news/125945
Facebook 採用人工智慧工具協助開發者除蟲
https://technews.tw/2018/09/19/finding-and-fixing-software-bugs-automatically-with-sapfix-and-sapienz/
Google推出容器儲存庫漏洞掃描服務,加強公有雲容器環境安全
https://times.hinet.net/news/21972426
密碼字數要多長?駭客剋星告訴你
https://udn.com/news/story/7240/3380442
如何為 Tor Network 出一分力?建立 Tor Relay 分享頻寬吧
https://nicholas.hk/2018/09/tor-relay-setup/
企業抵禦駭客 防團體戰入侵
https://money.udn.com/money/story/5612/3369796
駭客竊取飛行哩程上暗網便宜賣
https://www.ithome.com.tw/news/125987
利用機器學習(Machine Learning)協助識別網頁竄改(Web Defacement)
https://blog.trendmicro.com.tw/?p=56695
駭客利用零日漏洞訪問CCTV監視器
https://threatpost.com/zero-day-bug-allows-hackers-to-access-cctv-surveillance-cameras/137499/
勞基法變程式碼 工程師一秒判讀過勞班表
https://vision.udn.com/vision/story/12425/3352655
台灣駭客破解ApplePay、用1塊錢買到502台iPhone:不知道會不會真的寄來
https://applealmond.com/posts/40288
張啟元「以駭止駭」!曾有妹私訊「願肉體換新台幣」
https://tw.news.appledaily.com/life/realtime/20180919/1432594
張啟元遭打臉改暱稱「智障駭客」 專家:努力學習才是王道
https://www.ettoday.net/news/20180919/1262536.htm
網酸:1元是驗證扣款 張啟元解嘲以後改刷「7元」
https://tw.lifestyle.appledaily.com/gadget/realtime/20180919/1432685
1元買400萬特斯拉!張啟元自爆「6駭客創舉」領賞34萬 台灣卻關60天
https://www.ettoday.net/news/20180920/1262959.htm
駭客張啟元!自爆:曾窮到快全家輕生
https://bit.ly/2QNtaBW
駭客事蹟數不完!張啟元曾破解ibon、鑽臉書漏洞刪貼文
http://webtest1.sanlih.com.tw/News.aspx?NewsID=431882
Magecart駭客集團犯案連連,除了英航和Ticketmaster售票網,Newegg也陷災情,數百萬卡號曝險一個月
https://www.ithome.com.tw/news/125991
成功黑入蘋果係統的澳洲少年或將面臨數年監禁
https://bit.ly/2PVjdkN
視頻監控出現新漏洞:駭客可以讓監控鏡頭失靈
https://bit.ly/2pgUVGP
國產監視器軟體有漏洞!數十萬台監視器恐有遭駭客控制的高風險
https://www.ithome.com.tw/news/125954
強化資安 我將組跨國聯防體系
http://news.ltn.com.tw/news/focus/paper/1233217
中國散播假訊息 蔡向國際示警
http://news.ltn.com.tw/news/focus/paper/1233814
臉書「作戰室」300壯士對抗假新聞 嚴防干預選情
https://udn.com/news/story/6812/3379137
白宮國安顧問:美台將合作對付中國網軍攻撃
https://www.cmmedia.com.tw/home/articles/11942
白宮國安顧問:美台將合作對付中國網軍攻撃
https://www.cmmedia.com.tw/home/articles/11942
白宮國安顧問波頓:網路戰威脅日甚,將助台灣等盟友一臂之力
https://www.storm.mg/article/506137
應對中網攻威脅 波頓:會與台灣在內盟邦合作
http://news.ltn.com.tw/news/world/breakingnews/2557697
新加坡副總理:星國扮演東協資安主導者,年底舉辦漏洞獎勵計畫
https://www.ithome.com.tw/news/125957
反制中俄網路攻擊 美國防部授權軍方自行殲敵
https://bit.ly/2DisJx2
中國恐在11月選前發動猛烈網攻 台灣做好準備
https://udn.com/news/story/6656/3378848
中國駭客對台灣政府炸彈式網攻,除了妨礙 11 月大選還有其他全球性陰謀
https://buzzorange.com/2018/09/21/chinese-hackers-emerge/
應對中共選前可能網攻 台灣已做好準備
http://www.epochtimes.com/b5/18/9/21/n10730269.htm
認清中共輿論戰真相 破除假新聞危害
https://www.ydn.com.tw/News/305079
破共軍假新聞 政戰局、軍聞處扛重責
http://news.ltn.com.tw/news/focus/paper/1233220
僵屍網路 Kelihos 俄籍藏鏡人在美認罪,可能得吃 52 年牢飯
https://www.inside.com.tw/2018/09/16/notorious-russian-cybercriminal-pleads-guilty-to-us-charges
中國江蘇啟動2018年網絡安全宣傳周活動
http://big5.xinhuanet.com/gate/big5/www.js.xinhuanet.com/2018-09/17/c_1123443637.htm
美媒調查發現朝鮮利用社交媒體漏洞逃避制裁
https://bit.ly/2QCyNmD
美國制裁中共中央軍委裝備發展部
https://bit.ly/2PR0RBt
《美國海外賬戶稅收遵從法》在美首起定罪涉及釣魚執法
https://cn.wsj.com/articles/CT-BIZ-20180919110011
防禦網攻 美國重要單位卯足勁遏駭客威脅
https://bit.ly/2NZ2cZv
東南亞網路安全中心 泰國揭牌
https://bit.ly/2Owwsbd
俄情報員曾密謀網攻瑞士化武實驗室
https://www.chinatimes.com/realtimenews/20180915002993-260408
疑似間諜活動接連曝光 瑞士要求俄羅斯立刻停手
https://udn.com/news/story/6809/3372472
美國控北韓駭客攻擊 朝中社:子虛烏有
https://www.taiwannews.com.tw/ch/news/3529907
美參議員電郵 谷歌警告駭客企圖入侵
https://udn.com/news/story/6813/3380086
為了挖掘加密貨幣,駭客攻擊印度政府網站
https://bit.ly/2NQfsQp
數百個印度網站遭駭客劫持 挖比特幣獲利
https://bit.ly/2Otlwv4
徵才 - 【資安所】資深系統開發工程師
https://www.104.com.tw/job/?jobno=6d206
徵才 - Specialist, Malware Analysis
https://bit.ly/2NQyi9V
Why Cybercrime Remains Impossible to Eradicate
https://www.bankinfosecurity.com/blogs/cybercrime-remains-impossible-to-eradicate-p-2662
Launching an Insider Threat Program: Practical Tips
https://www.bankinfosecurity.asia/interviews/launching-insider-threat-program-practical-tips-i-4116
Linus Torvalds Apologizes For His Rude Behavior—Takes Time Off
https://bit.ly/2xngg5z
Protecting India's Government From Cyberattacks
https://www.bankinfosecurity.asia/blogs/protecting-indias-government-from-cyberattacks-p-2665
Should There Be a Backdoor to Google’s Secret Algorithm
https://medium.com/inc./should-there-be-a-backdoor-to-googles-secret-algorithm-c2920bcacb23
New Hacker Exploits and How to Fight Them
https://www.bankinfosecurity.com/new-hacker-exploits-how-to-fight-them-a-11527
The Need for Security Collaboration
https://www.bankinfosecurity.com/need-for-security-collaboration-a-11525
Major Irish utility networks vulnerable to cyber attacks set to have security increased
https://bit.ly/2Dg7FY1
Cyber attack simulation platform, SCYTHE, gets $3 million investment
https://bit.ly/2NmF9Zn
LUTHERAN HEALTH NETWORK SUFFERED A CYBER ATTACK TUESDAY
https://www.wbcl.org/news/lutheran-health-network-suffered-a-cyber-attack-tuesday
Europol warns against these Cyber Crimes
https://www.cybersecurity-insiders.com/europol-warns-against-these-cyber-crimes/
Innovate and Attack: North Korea Doubles Down on Cyber
https://player.fm/series/the-korea-society-3129/innovate-and-attack-north-korea-doubles-down-on-cyber
Let’s Stop Pretending Our Automated Systems Are Secure
https://medium.com/inc./lets-stop-pretending-our-automated-systems-are-secure-175d264aaa2d
California Wants to Stop Hackers from Taking Control of Smart Gadgets
https://bit.ly/2xr91Kb
RESEARCHING THE FAX MACHINE ATTACK SURFACE
https://www.x41-dsec.de/lab/blog/fax/
'Magecart' Card-Sniffing Gang Cracks Newegg
https://www.bankinfosecurity.com/magecart-card-sniffing-gang-cracks-newegg-a-11530
Cryptojacking a Growing Threat to Government Sites
https://www.bankinfosecurity.asia/cryptojacking-growing-threat-to-government-sites-a-11531
Rethinking Modern-Day DDoS Attacks And Their Risk
https://www.itspmagazine.com/from-the-newsroom/rethinking-modern-day-ddos-attacks-and-their-risk
Hackers Say Windows 8 and 10 Easiest Entry Points
https://www.infosecurity-magazine.com/news/hackers-say-windows-8-10-easiest/
Experts at the CSE Cybsec Z-Lab have found a Gafgyt variant implementing the “Non Un-Packable” technique recently presented in a cyber security conference
https://securityaffairs.co/wordpress/76362/malware/gafgyt-bot-nup-technique.html
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷
「比特幣挖礦機」詐財 14人被騙230萬元
https://tw.appledaily.com/new/realtime/20180915/1430419/
LINE 成詐騙溫床,只因暗黑勢力動員加上 AI 能耐越來越強大
https://technews.tw/2018/09/15/line-fraud-trouble/
留言幫小戴! 戴資穎帳號被駭20萬粉絲放水流
https://bit.ly/2NML9Kb
LINE Pay 一卡通恐洩隱私,網傳撈個資攻略
https://technews.tw/2018/09/17/line-pay-a-card-venting-privacy/
強化郵件帳號及認證機制 導入偽造信偵測及加密DLP技術 拆解五大BEC攻擊手法 防範商業電郵詐騙有撇步
https://www.netadmin.com.tw/article_content.aspx?sn=1809060002
詐騙翻新 陸民睡夢中慘遭網貸
https://www.ydn.com.tw/News/305070
「刷卡買自己的課」健康APP淪老鼠會騙局!捲款135億倒閉
https://fnc.ebc.net.tw/FncNews/world/51685
FB帳號狂被刪!改名「蜘蛛人」約妹都被當詐騙 怪男哭:人生毀了
https://www.ettoday.net/dalemon/post/38484
疑似方正集團子公司簽名洩露,遭黑客利用盜取Steam賬號
http://www.freebuf.com/news/184400.html
詐騙者冒充美國電力服務公司,威脅受害者交出比特幣
https://bit.ly/2xkjx5W
PayMe帳戶失竊 3人報案 綑綁信用卡被過數再遭提走
https://m.mingpao.com/pns/dailynews/web_tc/article/20180920/s00002/1537380587482
PayMe 綁定信用卡資料被盜用失款! 方保僑:SVF、發卡銀行應深化合作加強保安
https://bit.ly/2DfKj4J
【PayMe用戶注意】離奇增值 5千元不翼而飛 警方列「以欺騙手段取得財產」
https://hk.finance.appledaily.com/finance/realtime/article/20180919/58701562
無申請PayMe都被轉走錢 專家:個別信用卡資料被盜用
https://bit.ly/2Ns1AMS
數名PayMe客疑遭盜取信用卡增值
http://www.aastocks.com/tc/stocks/news/aafn-news/NOW.897906/2
老梗詐騙橫行騙全台 12名成員落網
https://tw.appledaily.com/new/realtime/20180920/1433607/
PayMe客被盜$5,000 警揭多人中招
https://hk.news.appledaily.com/local/daily/article/20180920/20503731
非PayMe用戶突收銀行過數短訊 疑無故被轉帳$5000
http://hk.on.cc/hk/bkn/cnt/news/20180920/bkn-20180920132004374-0920_00822_001.html
美國政府支付網站存漏洞 1400萬用戶信息遭泄露
https://bit.ly/2QOwvAY
Magecart駭客集團犯案連連,除了英航和Ticketmaster售票網,Newegg也陷災情,數百萬卡號曝險一個月
https://www.ithome.com.tw/news/125991
刑事局公布 9/03~9/09 詐騙高風險網站
https://blog.trendmicro.com.tw/?p=57229
Flood Your ISP with Random, Noisy Data to Protect Your Privacy on the Internet
https://null-byte.wonderhowto.com/how-to/flood-your-isp-with-random-noisy-data-protect-your-privacy-internet-0186193/
Europe Catches GDPR Breach Notification Fever
https://www.bankinfosecurity.com/europe-catches-gdpr-breach-notification-fever-a-11515
UK Regulator Fines Equifax £500,000 Over 2017 Data Breach
https://bit.ly/2PTdtb7
Hackers Steal Customers' Credit Cards From Newegg Electronics Retailer
https://bit.ly/2xDEmZh
Equifax Hit With Maximum UK Privacy Fine After Mega-Breach
https://www.bankinfosecurity.com/equifax-hit-maximum-uk-privacy-fine-after-mega-breach-a-11532
Equifax fined £500,000 for failing to protect customer details in cyber attack
http://www.cybersecurity-review.com/news-september-2018/equifax-fined-500000-for-failing-to-protect-customer-details-in-cyber-attack/
Equifax fined by ICO over data breach that hit Britons
https://stockmarket.london/equifax-fined-by-ico-over-data-breach-that-hit-britons/
Data breach bill is really a fight about federal preemption
https://www.ecommercedailynews.com/data-breach-bill-is-really-a-fight-about-federal-preemption/
E.研究報告
白名單繞過UAC方法原理介紹
http://www.freebuf.com/vuls/183914.html
利用了Office公式編輯器特殊處理邏輯的最新免殺技術分析(CVE-2017-11882)
http://www.freebuf.com/vuls/183734.html
技術討論| 信息外帶漏洞(OOB)利用技巧
http://www.freebuf.com/articles/database/183997.html
Facebook的安卓客戶端任意的JavaScript代碼執行漏洞分析
https://www.aqbeta.com/data/201809/153689040814630.html
TTLScan 一款插件化的漏洞掃描器框架
https://www.ctolib.com/tiaotiaolong-TTLScan.html
中國工程院院士鄔江興院士:網絡空間擬態防禦原理簡介(上)
https://read01.com/J0Bxx0Q.html
中國工程院院士鄔江興院士:網絡空間擬態防禦原理簡介(下)
https://read01.com/zh-tw/E8mPGoM.html#.W6BxfegzbIU
Alpine Linux APK包管理器遠程代碼執行漏洞分析
http://www.4hou.com/vulnerable/13640.html
疑似“海蓮花”組織早期針對國內高校的攻擊活動分析
http://www.freebuf.com/articles/system/184120.html
lynis插件編寫:從入門到放棄
http://www.freebuf.com/articles/system/183977.html
淺析智能助手真正的價值和風險
http://www.freebuf.com/articles/network/183645.html
解析漏洞管理的五個階段
http://www.freebuf.com/articles/security-management/183647.html
某客服系統任意文件讀取漏洞分析
https://xz.aliyun.com/t/2763
Malicious Command Execution via bash-completion (CVE-2018-7738)
https://blog.grimm-co.com/post/malicious-command-execution-via-bash-completion-cve-2018-7738/
Is two-factor authentication (2FA) as secure as it seems
https://blog.malwarebytes.com/101/2018/09/two-factor-authentication-2fa-secure-seems/
BULK SQL Injection Test on Burp Requests
https://www.exploit-db.com/docs/english/45428-bulk-sql-injection-using-burp-to-sqlmap.pdf
F.商業
AI護身 果核全方位防駭
https://bit.ly/2Ou4a1j
中華電數位轉型由內而外,讓「連結」不是問題
https://bit.ly/2xsIprr
中華電攜凱基銀,首件金融監理沙盒創新計畫起跑
https://bit.ly/2OBJiVE
衝刺企業客戶 中華電大數據處接案逾百件涵蓋公私機關
https://news.cnyes.com/news/id/4203653
中華電信0800免費客服電話總整理:光世代、手機、漫遊、MOD
https://www.cool3c.com/article/137832
力推分散式網路架構,Cloudflare發表星際檔案系統IPFS閘道
https://www.ithome.com.tw/news/125953
中華電信AWS Direct Connect 服務上線
https://www.chinatimes.com/realtimenews/20180920003106-260410
G.政府
北市公衛系統遭駭 資訊局:已封存系統
https://tw.appledaily.com/new/realtime/20180917/1431351/
北市公衛系統成駭客「練功房」 70多個網站全下架檢查
http://news.ltn.com.tw/news/politics/breakingnews/2553694
北市公衛系統被駭 李明賢:百萬個資外洩=百萬帳戶遭盜
https://bit.ly/2OyW7jR
資安破了個大洞 可以怎麼補
https://tw.appledaily.com/new/realtime/20180917/1431621/
綠委促修國安法管網路 政院:言論自由及國安求平衡
https://udn.com/news/story/6656/3374878
打擊犯罪 總統:台灣是國際安全網不可或缺一環
https://bit.ly/2pnI3Pb
行政院誤算假新聞 中華郵政澄清稿也入列
https://newtalk.tw/news/view/2018-09-20/141998
戴資穎心得文、慰安婦銅像遭踹 竟被政院列為「假新聞」
http://news.ltn.com.tw/news/politics/breakingnews/2556713
虛擬通貨交易監管 政府不能再互推責任
https://udn.com/news/story/6871/3378232
推行動支付 國發會:市場機制較租稅優惠有效
https://bit.ly/2NXjh6i
保險法大修 鎖定八大面向
https://money.udn.com/money/story/5613/3379378
談保險法修法 顧立雄:上任以來最難的修法
https://udn.com/news/story/7239/3379224
南山人壽勞資紛爭 金管會將啟動金檢
https://tw.news.appledaily.com/new/realtime/20180920/1433476/
行政院會通過「簡易人壽保險法」第7條、第8條、第20條修正草案
https://www.ey.gov.tw/Page/9277F759E41CCD91/81ed1fee-49c3-4dc5-ae13-aadccfb10890
財政部:多元繳庫管道歡迎選擇採用
https://n.yam.com/Article/20180920771042
H.工控系統 SCADA / ICS Security
德國製造業遭駭現況!2/3德國製造商曾遭受攻擊,47%的損失源自網路攻擊行動
https://www.ithome.com.tw/news/125910
工業互聯網安全| 台積電之後,下一個“中毒”的會是誰
http://www.freebuf.com/articles/neopoints/184129.html
工業互聯網信息安全漏洞逐年激增
http://dz.jjckb.cn/www/pages/webpage2009/html/2018-09/19/content_46976.htm
工業物聯網黑客炮製了哪些糟糕場景
http://netsecurity.51cto.com/art/201809/583681.htm
I.教育訓練類
基於機器學習的WEB攻擊分類檢測模型
http://www.freebuf.com/news/184687.html
Web安全漏洞之CSRF
https://cnodejs.org/topic/5ba1a93a8f5b0c1c59ea0fb0
完整的 Web 開發初級到高級修煉地圖 (2018)
https://softnshare.com/2018/07/19/completejunior-to-senior-web-developer-roadmap-2018/
學習 DevOps : 運用 Terraform 做基礎架構的自動化
https://softnshare.com/2018/01/22/devops-infrastructure-automation-with-terraform/
[Raspberry Pi] 電腦跨網段,也可遠端連線樹莓派喔
https://bit.ly/2QPI8aS
從基礎學習 Python 與道德駭客
https://softnshare.com/2018/07/11/learn-python-ethical-hacking-from-scratch/
Learn Ethical Hacking Online – A to Z Online Training Pack
https://bit.ly/2xsgIPl
J.玄武實驗室每日安全動態推送
每日安全動態推送(09-17)
https://tw.weibo.com/xuanwulab/4285315315396972
每日安全動態推送(09-18)
https://tw.weibo.com/xuanwulab/4285581662542541
每日安全動態推送(09-19)
https://tw.weibo.com/xuanwulab/4285945232363171
每日安全動態推送(09-20)
https://tw.weibo.com/xuanwulab/4286310468535583
每日安全動態推送(09-21)
https://tw.weibo.com/xuanwulab/4286669518089844
K.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
加州議會通過全美首個IoT法案,要求每個IoT裝置都要有獨立密碼
https://www.ithome.com.tw/news/125921
Week In Review: IoT, Security, Auto
https://semiengineering.com/week-in-review-iot-security-auto-11/
IoT Marks the Convergence of Physical Security and Cybersecurity
https://www.iotforall.com/iot-physical-security-cybersecurity/
IoT Security Concerns Remain
https://www.eetasia.com/news/article/18092104-iot-security-concerns-remain
IoT security in the spotlight
https://www.channelnomics.com/channelnomics-us/analysis/3063061/iot-security-in-the-spotlight
IoT malware grew significantly during the first half of 2018
https://www.techradar.com/news/iot-malware-grew-significantly-during-the-first-half-of-2018
Thales announces advanced security for automotive, FinTech and IoT
https://www.cambridgenetwork.co.uk/news/thales-advanced-security-automotive-fintech-iot/
LoRa Alliance comes prepared to talk IoT security
https://www.fiercewireless.com/wireless/lora-alliance-comes-prepared-to-talk-iot-security
Who foots the bill for medical IoT security
https://www.the-parallax.com/2018/09/21/billing-code-medical-iot-security-opinion-domas/
Fortinet Launches Network Access Control for IoT Security
https://www.rtinsights.com/fortinet-launches-network-access-control-for-iot-security/
4.近期資安活動及研討會
Call For Paper | HITCON PACIFIC 2018 9/17 ~ 10/14
https://blog.hitcon.org/2018/09/call-for-paper-hitcon-pacific-2018.html
資訊安全-駭客攻防入門班 9/24 前
https://aps.ncue.edu.tw/cee/show_crs.php?crs_no=3336
企業如何面對新世代破壞式攻擊 9/25
http://www.caa.org.tw/news-detail.asp?id=1017
台大電機系 資訊安全碩士班 碩士甄試說明會
https://www.ptt.cc/bbs/NTU/M.1537152503.A.122.html
國家高速網路與計算中心教育訓練 - 系統監控 9/26
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3645&from_course_list_url=homepage
以色列資安政府高峰會議 9/27
https://www.ticc.org.tw/archives/1620
網路與系統及資料實務查核 9/27
http://www.caa.org.tw/news-detail.asp?id=1010
從遵循和實務角度談內控內稽 9/28
http://www.caa.org.tw/news-detail.asp?id=1015
智慧型手機破密 9/28
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=38
【課程】金融大數據分析技術與演算法實戰,用 Python + 機器學習技術,分析房價、股價、匯率數據及預測趨勢 9/29
https://bit.ly/2PwvT2g
亥客書院 - 數位鑑識概念與實作 9/29
https://hackercollege.nctu.edu.tw/?p=594
ISDA 教育訓練 Burpsuite實戰百分百 9/29
https://reg.isda.org.tw/info.php?no=36
TDOH Conf 2018 9/29
https://tdoh-conf.online/
TWCERT / CC 2018年台灣資安通報應變年會 10/3
https://www.informationsecurity.com.tw/edm/IS_EDM_181003/
亥客書院 -網路流量分析與檢測 10/6
https://hackercollege.nctu.edu.tw/?p=891
國家高速網路與計算中心教育訓練 - 惡意程式分析 10/9
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3646&from_course_list_url=homepage
Windows Server 高峰會 10/9
https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x4938443abcd&wt.mc_id=AID738824_EML_5710125
中部科學園區管理局 - 跨平台資安防範全面啟動研討會 10/11
http://www.fstopsoft.com/DynamicContent.aspx?id=3DB42D1290F9C34F
XRY Certification 教育訓練 10/17 ~ 10/18
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=39
JCCONF 2018 10/19
https://jcconf.tw/2018/
2018 健康物聯網黑客松 10/19 ~ 10/21
http://hack.tmu.edu.tw/2018.php
Foundations in Digital Forensics with EnCase? (DF120) (原CF1) 10/23 ~ 10/26
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=40
國家高速網路與計算中心教育訓練 - 網路封包分析 10/23
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3650&from_course_list_url=homepage
亥客書院 -惡意程式檢測實務 10/27
https://hackercollege.nctu.edu.tw/?p=885
ISDA 白帽駭客巡迴入門〈1〉10/27
https://reg.isda.org.tw/info.php?no=27
TANET 2018-台灣網際網路研討會 暨資訊工程X智慧計算學門成果發表會 10/21 ~ 10/26
https://cis.ncu.edu.tw/SeminarSys/activity/TANET2018/home
Red Hat Forum 2018 TAIPEI 11/2
https://www.redhat.com/en/events/red-hat-forum-taipei-2018?sc_cid=701f2000001OEJMAA4
ISDA 白帽駭客巡迴入門〈1〉11/03
https://reg.isda.org.tw/info.php?no=28
Building and Investigation with EnCase? (DF210) (原CF2) 11/5 ~ 11/8
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=41
亥客書院 - DDoS原理與實務 11/10
https://hackercollege.nctu.edu.tw/?p=774
Magnet原廠授權認證課程Magnet AXIOM Examinations 11/12 ~ 11/15
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=42
原廠認證Cellebrite Certified Operator (CCO) 11/19 ~ 11/20
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=43
Metasploit與滲透測試實務 11/25 ~ 11/26
https://hackercollege.nctu.edu.tw/?p=641
EnCase EnCE 認證考試 Preparation 課程 12/5 ~ 12/7
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=44
駭客入侵調查暨資安緊急應變實務 12/10 ~ 12/11
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=45
亥客書院 - 進階網頁滲透測試 12/15
https://hackercollege.nctu.edu.tw/?p=323
專業手機暨硬碟資料救援教育訓練課程 12/26 ~ 12/28
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=46
亥客書院 - 高階網頁滲透測試 2019/1/5
https://hackercollege.nctu.edu.tw/?p=768
沒有留言:
張貼留言