跳到主要內容

資安新聞及事件週報 2018/10/22 ~ 2018/10/26

1.重大弱點漏洞

研究人員公布D-Link路由器漏洞,牽涉8款產品,D-Link只修補2款
https://www.ithome.com.tw/news/126513

D-Link路由器又曝安全漏洞,且暫無修復補丁可用
https://www.hackeye.net/threatintelligence/16849.aspx

D-Link多型號路由器存在任意文件下載漏洞(CVE-2018-10822)
https://zhuanlan.zhihu.com/p/47444003

Serious D-Link router security flaws may never be patched
https://nakedsecurity.sophos.com/2018/10/19/serious-d-link-router-security-flaws-may-never-be-patched/

libssh 產品存在安全性弱點
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/

Cisco 產品存在安全性弱點
https://tools.cisco.com/security/center/publicationListing.x

Advantech WebAccess 跨站脚本漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15703

jQuery知名外掛File Upload遭爆有存在超過8年的安全漏洞
https://www.ithome.com.tw/news/126529

jQuery File Upload 存在安全性弱點
https://www.anquanke.com/vul/id/1350246

Oracle MySQL Server拒絕服務漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3182

關於Oracle WebLogic Server多個高危漏洞的預警
https://bbs.huaweicloud.com/blogs/7d064cc8d36c11e8bd5a7ca23e93a891

Oracle sunos CVE-2018-3273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-3273

Oracle sunos CVE-2018-3275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-3275

Hacker Discloses New Windows Zero-Day Exploit On Twitter
https://thehackernews.com/2018/10/windows-zero-day-exploit.html

VMware 產品遠端執行程式碼漏洞
https://www.auscert.org.au/bulletins/70258

VMWare重大漏洞可讓Guest OS軟體在主機OS上執行
https://www.ithome.com.tw/news/126512

秋季更新尚未修復 Win10 再被揭刪檔案漏洞
https://bit.ly/2Rb3mPM

安全研究人員公開另一個Windows 0-day漏洞
https://news.cnblogs.com/n/610499/

Windows 10再爆新零時差漏洞,安全警報響起
https://ithome.com.tw/news/126640

Windows 191H更新將採用Google修補工具以減少Spectre修補的效能影響
https://times.hinet.net/news/22037114

Windows 191H更新將採用Google修補工具以減少Spectre修補的效能影響
https://www.ithome.com.tw/news/126527?fbclid=IwAR0g-EjbW2wT8FndBqIsFlgtbfLdIPeBHo7VCMP7UFELjFmRZb6iyU5Z3b8

Win10 19H1啟用Retpoline 幽靈補丁性能影響降至最低
https://news.sina.com.tw/article/20181020/28536916.html

Win10 19H1啟用Retpoline Ghosts修正檔性能影響降至最低
https://bit.ly/2yrEZGo

Window 10 未來的更新將會改善 Spectre 修補程式對效能的影響
https://chinese.engadget.com/2018/10/23/windows-10-gentler-spectre-fix/

Windows嚴重漏洞披露:允許黑客將管理員權限轉移給來賓賬户
https://hk.saowen.com/a/df4ff67cbdff1e83b8f4a0218bd18fd7b8a8c2d8fd4b9bcf367aa9cd1d26c2f8

微軟視窗提升權限漏洞
https://thehackernews.com/2018/10/windows-zero-day-exploit.html

Drupal Core SA-CORE-2018-006 多個漏洞(包含RCE漏洞)
https://www.anquanke.com/post/id/162287

IBM WebSphere Application Server目錄遍歷漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1770

Splunk修復數個Enterprise與Light產品安全漏洞
https://www.easyaq.com/news/1987445985.shtml

Tumblr修復洩露私人賬戶信息的安全漏洞
https://www.easyaq.com/news/424263936.shtml

Signal Desktop疏於本機資料保護,愛好者當心隱私外流
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5039

Ruby 2.5.3 和2.3.8 正式發布,包含安全漏洞修復
https://www.oschina.net/news/101023/ruby-2-5-3-and-2-3-8-released

麻省理工研究院給出英特爾漏洞參考意見
http://nb.zol.com.cn/701/7013645.html

Pivotal Spring Framework 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756

Mozilla Firefox 多個漏洞
https://www.us-cert.gov/ncas/current-activity/2018/10/23/Mozilla-Releases-Security-Updates-Firefox

SUSE LibRaw 緩衝區錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5802

近期數版X.Org Server出現Command Line參數核驗缺陷,易受入侵接管
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5040

嚴重buffer overflow恐癱瘓LIVE555串流媒體RTSP server
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5038

Critical Flaw Found in Streaming Library Used by VLC and Other Media Players
https://bit.ly/2QYRAYw

Tumblr Patches A Flaw That Could Have Exposed Users’ Account Info
https://bit.ly/2S0eTTa

CVE-2018-8460: EXPOSING A DOUBLE FREE IN INTERNET EXPLORER FOR CODE EXECUTION
https://bit.ly/2J8NpGX

Cryptojackers Keep Hacking Unpatched MikroTik Routers
https://www.bankinfosecurity.com/cryptojackers-keep-hacking-unpatched-mikrotik-routers-a-11627

Heads-Up: Patch 'Comically Bad' libSSH Flaw Now
https://www.bankinfosecurity.com/heads-up-patch-comically-bad-libssh-flaw-now-a-11626

發現微處理器FreeRTOS嚴重缺陷,危及科技工業領域
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5037

AWS修補IoT平台FreeRTOS的13個安全漏洞
https://www.ithome.com.tw/news/126540

亞馬遜FreeRTOS存在多個漏洞,黑客可接管設備發動網絡攻擊
https://zhuanlan.zhihu.com/p/47475389

亞馬遜修復了安全漏洞 防止物聯網設備遭駭
https://fnc.ebc.net.tw/FncNews/else/56012

FreeRTOS漏洞將多個系統暴露於攻擊之下
https://www.easyaq.com/news/1486159818.shtml

Drupal 發布新的安全更新
https://www.us-cert.gov/ncas/current-activity/2018/10/18/Drupal-Releases-Security-Updates

思科修補WebEx Meetings app權限升級漏洞
https://www.ithome.com.tw/news/126660?fbclid=IwAR1_bV6FP5LYhmTrAFYcb3MQZyr9C7k0VnIuJPdp311b5-H2tdxrMh0qLEU

Cisco Wireless LAN Controller (WLC) 存在多個安全性弱點
https://www.us-cert.gov/ncas/current-activity/2018/10/17/Cisco-Releases-Security-Updates

遠程代碼執行漏洞現身運行內嵌式系統的流行操作系統
https://ek21.com/news/1/133894/

ServersCheck Monitoring Software 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18552

WizCase報告:四種流行NAS設備中發現多個漏洞
http://www.4hou.com/vulnerable/14135.html

Amanda 安全漏洞
https://www.anquanke.com/vul/id/1368079

WebExec - Authenticated User Code Execution (Metasploit)
https://www.exploit-db.com/exploits/45695/

Critical Flaws Found in Amazon FreeRTOS IoT Operating System
https://bit.ly/2PeMR7M

Critical Code Execution Flaw Found in LIVE555 Streaming Library
https://bit.ly/2Saa6i7

Serious vulnerability in CloudFlare that allows your WAF to be disabled
https://bit.ly/2Poqqxd

Popular website plugin harboured a serious 0-day for years
https://nakedsecurity.sophos.com/2018/10/22/popular-website-plugin-harboured-a-serious-0-day-for-years/

WordPress takes aim at ancient versions of its software
https://nakedsecurity.sophos.com/2018/10/24/wordpress-takes-aim-at-ancient-versions-of-its-software/

Patch now! Multiple serious flaws found in Drupal
https://nakedsecurity.sophos.com/2018/10/23/patch-now-multiple-serious-flaws-found-in-drupal/

Cisco patches local WebEx vulnerabilities and can be remotely exploited in AD deployments
Cisco Webex Meetings 33.6.0 fixes security issues
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection

Hacker Discloses New Windows Zero-Day Exploit On Twitter
https://bit.ly/2qeflRb

2.銀行/金融/保險/證券/電子支付/行動支付/支付系統/虛擬貨幣/區塊鍊 新聞及資安

印度首個加密貨幣ATM遭警方搜查,因沒有許可證
http://news.knowing.asia/news/fc912087-94f9-4ddc-a1a7-0d6d8d799497

印度警方抓住ATM運行加密交換Unocoin
https://www.coindesk.com/indian-police-seize-atm-run-by-crypto-exchange-unocoin/

西班牙通過法案要求該國公民申報加密貨幣資產
https://finance.sina.com.cn/blockchain/roll/2018-10-24/doc-ihmxrkzw1597477.shtml?fbclid=IwAR1UX8Xn_r_6DFqOAq1qBTBIEFspHdPM47LXO0-eT0kqi7aCK8A4k6B_YuI

加密貨幣今年慘兮兮 比特幣價位腰斬逾半
https://tw.appledaily.com/new/realtime/20181022/1452256/

Tether公司昨日晚間「銷毀了5億美元USDT」
https://www.blocktempo.com/newsflash-tether-destroys-500-million-usdt-1/

加密貨幣始祖「比特幣」誕生 10 年了!一起瞧瞧它的興起、衰落
https://bit.ly/2q9o72E

數位支付巨頭Square開放冷存儲系統開源碼
https://fnc.ebc.net.tw/FncNews/else/56431

日本IT巨頭與三菱銀行等合作使用區塊鏈進行電力交易
https://bit.ly/2q2LYRx

日金融巨頭SBI攜手加密公司開發加密貨幣錢包
https://bit.ly/2O1SP7A

減少逃稅 日本政府推動簡化加密幣納稅申報程序
https://blockcast.it/2018/10/21/japanese-government-to-simplify-cryptocurrency-taxation-process/

報告:超過一半的加密貨幣交易所存在安全漏洞
https://www.8btc.com/article/294804

全台最大數位資產交易所MAX推平台幣,首日交易量破5億台幣
http://news.knowing.asia/news/c5f52c0d-89a7-4fde-aa7a-9626c5569586

全台最大數位資產交易所MAX推平台幣 首日交易破5億台幣 全球獨有鎖倉機制 100%手續費返還
https://news.cnyes.com/news/id/4221654

駭客鎖定BTCP加密貨幣展開51%攻擊,還開直播告訴你有多簡單
https://www.ithome.com.tw/news/126520

防洗錢納管虛擬幣 金管會將採實名制
https://www.wantgoo.com/news/content/index?ID=873455

俄羅斯網路安全公司:駭客從加密貨幣交易所中,竊取了8.82億美元
https://m.moneydj.com/f1a.aspx?a=57aa6c5a-42e0-4045-b7d6-5854ea9e93e3&c=TRENDS

Group-IB:14起加密貨幣交易中心被駭損失共8.8億美元,過半是北韓駭客集團Lazarus偷的
https://www.ithome.com.tw/news/126536

不是駭客也非病毒 中信ATM當機原因找到了
https://udn.com/news/story/7239/3431829

中信銀ATM當機 排除駭客病毒攻擊
https://www.chinatimes.com/realtimenews/20181019004742-260410

中信系統當機3hr 彩迷無法投注直跳腳
https://www.ttv.com.tw/news/view/10710190012100I/568

永豐銀行ATM也當機 永豐:已恢復運作
https://www.ettoday.net/news/20181022/1287711.htm

永豐銀ATM也當機 一小時內修復
https://www.cna.com.tw/news/afe/201810220233.aspx

明台產險 舉辦金融資安風險管理研討會
https://udn.com/news/story/7239/3432165

業務員賣他家產險,無需公司同意 壽險業者含淚接受
https://www.chinatimes.com/newspapers/20181019000315-260202

支援27家銀行信用卡,凱基銀聯手新創推手機App付款
https://meet.bnext.com.tw/articles/view/43929

日央行警告:銀行業風險承擔創30年新高
http://www2.hkej.com/instantnews/international/article/1972677

亞太洗錢防制10天後來台 受檢名單出爐「跌破金管會眼鏡」
https://www.ettoday.net/news/20181025/1289825.htm

洗錢防制別落入加強追蹤名單 成首務
https://www.chinatimes.com/newspapers/20181025000294-260202

瑞銀等多家銀行限制員工赴中國出差
https://bit.ly/2AnKHuh

穿戴裝置行動支付 Fitbit Pay上線尬Apple Watch
https://bit.ly/2Je79cj

WeChat劫案:電子支付大行其道 內地女曾遇劫
https://hk.on.cc/hk/bkn/cnt/news/20181023/bkn-20181023130816560-1023_00822_001.html

澳洲央行:中國若爆發系統性金融風險、經濟恐遭重創
https://bit.ly/2ApTts2

行員知情隱匿2年遭踢爆 涉唆使保戶偽簽冒用印章買儲蓄險
https://www.ettoday.net/news/20181023/1288731.htm

本港首宗 WeChat Pay 劫案
https://bit.ly/2PWAbzS

「轉數快」轉賬漏洞騙案 Tap & Go、AlipayHK 回應
https://unwire.pro/2018/10/25/fps-2/news/

香港金管局上月正式推出「轉數快」服務  當日即有市民被轉走帳戶存款,損失由1萬多元到近10萬元不等
https://bit.ly/2Sfja5i

【百萬用戶】香港金管局指與系統安全性無關 方保僑:局方有責任檢視漏洞
https://hk.news.appledaily.com/local/realtime/article/20181024/58832059

「轉數快」現漏洞兩女子失款11萬
http://hd.stheadline.com/news/daily/hk/711862/

轉帳支付現漏洞 金管局叫停電子錢包自動增值服務
https://hk.on.cc/hk/bkn/cnt/news/20181024/bkn-20181024220225870-1024_00822_001.html

騙徒可以怎樣利用 FPS 電子直接扣帳授權服務呃走你嘅金錢
https://m.oursky.com/fraud-via-fps-alipay-115984e8bda5?fbclid=IwAR1Kq3QVRrMRSbfTFvQYsSI4o6MTtkDeT2Z7-a7ywRm_JqeVuqO0vp-cmS4

騙徒借漏洞犯案 金管局叫停「轉數快」直接扣帳
https://bit.ly/2SgVehY

金管局堵電子錢包漏洞 設簡便轉帳須雙重認證
https://news.mingpao.com/pns/dailynews/web_tc/article/20181026/s00004/1540491952248

中信銀ATM當機後 金管會全面大盤點
https://tw.finance.appledaily.com/realtime/20181025/1454235/

ATM3個月當機3次 金管會下令全體銀行做盤點
https://www.ettoday.net/news/20181025/1289992.htm

ATM頻出包太依賴IBM?金管會要求全面盤點
https://bit.ly/2qbfNQ3

金融資訊系統 全面盤點
https://money.udn.com/money/story/5613/3443215

ATM老是當機挨批 顧立雄要求國銀總盤點
https://www.chinatimes.com/realtimenews/20181025002163-260410

Unocoin delivers India's first bitcoin ATM
https://www.atmmarketplace.com/news/unocoin-delivers-indias-first-bitcoin-atm/

CTBC Bank ATM crash in Taiwan cleared of hacking and malware infections
https://www.taiwannews.com.tw/en/news/3556835

Why is Elon Musk promoting this Bitcoin scam? (He’s not)
https://nakedsecurity.sophos.com/2018/10/23/why-is-elon-musk-promoting-this-bitcoin-scam-hes-not/

Indian Police Seize ATM Run By Crypto Exchange Unocoin
https://www.coindesk.com/indian-police-seize-atm-run-by-crypto-exchange-unocoin/

3.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體

這五款工具被全球黑客廣泛使用,中國菜刀入榜
http://www.freebuf.com/news/186589.html

再有路由器遭黑客入侵 透過安全漏洞下載惡意程式
https://3edition.com/brands/netgear/router/3364

封閉系統不會中毒
https://bit.ly/2JfZB8P

ESET 發現第一個 UEFI rootkit 惡意程式 LoJax,感染後連重灌系統也沒轍,駭客小組Sednit為幕後黑手
https://www.eset.tw/html/86/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/

你放假它加班 挖礦 24 小時不關機 礦工忙到「火大」了-2018年衝擊最大資安威脅:虛擬貨幣挖礦
https://blog.trendmicro.com.tw/?p=57198

「花錢洗白負評」「中斷供應鏈」,數位勒索不只有勒索病毒
https://blog.trendmicro.com.tw/?p=57166

pestudio: Malware Initial Assessment Tool
https://securityonline.info/pestudio/?fbclid=IwAR0pt-tmzWVAVBhDelnMGPVc9SV0jwRRD_KaqAO6T-rnjyVdVmccXi0FedQ

munin v0.10.0 released: Online hash checker for Virustotal and other services
https://bit.ly/2RenIaM

Bitdefender & Law Enforcement Solve for Multiple Versions of GandCrab with New Decryptor
https://bit.ly/2qaxJKL

New Android Malware Turns Your Mobile Devices into Hidden Proxies
https://gbhackers.com/new-android-malware/

Maker of LuminosityLink RAT gets 30 months in the clink
https://nakedsecurity.sophos.com/2018/10/22/maker-of-luminositylink-rat-gets-30-months-in-the-clink/

SettingContent-ms can be Abused to Drop Complex DeepLink and Icon-based Payload
https://bit.ly/2POL0Uo

Kraken Cryptor Ransomware Connecting to BleepingComputer During Encryption
https://bit.ly/2ytB0cm

Triton Malware Linked to Russian Government Research Institute
https://www.securityweek.com/triton-malware-linked-russian-government-research-institute

FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
https://thehackernews.com/2018/10/russia-triton-ics-malware.html

Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware
https://blog.talosintelligence.com/2018/10/beers-with-talos-ep40-bwt-xl-feat.html

Poorly secured SSH servers targeted by Chalubo botnet
https://nakedsecurity.sophos.com/2018/10/24/poorly-secured-ssh-servers-targeted-by-chalubo-botnet/

Mac malware intercepts encrypted web traffic for ad injection
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-malware-intercepts-encrypted-web-traffic-for-ad-injection/

Bypass an Anti Virus Detection with Encrypted Payloads using VENOM Tool
https://gbhackers.com/bypass-antivirus-using-payload/

Chalubo Botnet Compromise Your Server or IoT Device & Use it for DDOS Attack
https://gbhackers.com/chalubo-botnet/

TBAL: an (accidental?) DPAPI Backdoor for local users
https://bit.ly/2EMskUe

Decryption Tool for multiple GandCrab ransomware
https://labs.bitdefender.com/2018/10/bitdefender-law-enforcement-solve-for-multiple-versions-of-gandcrab-with-new-decryptor/

Banking Trojans sneaked into Google Play store disguised as apps
https://satoshinakamotoblog.com/banking-trojans-sneaked-into-google-play-store-disguised-as-apps


B.行動安全 / iPhone / Android / App

蘋果晶片供應商:未受貿易戰影響 會密切注意關稅
http://ec.ltn.com.tw/article/breakingnews/2586247

南韓7萬運將大罷工 抗議共乘APP奪生計
https://news.tvbs.com.tw/focus/1013017

5G規範安全性和協議漏洞分析(下篇)
http://netsecurity.51cto.com/art/201810/585293.htm

黑客如何向您的手機帳戶收取漫遊費用
http://netsecurity.51cto.com/art/201810/585276.htm

用比特幣才能買的神秘新手機,瞄準3500萬虛擬錢包用戶,能讓宏達電翻身嗎
https://www.businessweekly.com.tw/article.aspx?id=36711&type=Indep

Android 9以硬體沙盒保護簽章金鑰確保交易安全,防止用戶被詐
https://www.ithome.com.tw/news/126553

牛津大學研究發現近90%安卓App數據被傳回谷歌
https://www.ithome.com/html/it/390489.htm

超過125個Android程式及網站涉及大規模廣告點選詐騙活動
https://www.ithome.com.tw/news/126600?fbclid=IwAR3wUPIq2be_e2pGBhyxNOGV-KspE1I9BojLfmhRwsvTQzNiuOGnEx-XUYU

Google News app現漏洞狂用流量:有用戶數個小時被吞24GB
https://news.sina.com.tw/article/20181024/28584226.html

App 開發商竟然利用這個漏洞追蹤用戶數據
https://bit.ly/2z2luE3

中國交友App 利用AI機器人聊天詐財
https://bit.ly/2D653ea

Anda app 安全漏洞
https://www.anquanke.com/vul/id/1368068

蘋果開發神秘iOS程式 阻擋駭客破解密碼
https://news.wearn.com/c51512.html

改善Android漏洞問題 Google擬強制遭求合作廠商針對熱門機種定期更新
https://mashdigi.com/google-may-ask-venders-to-update-device-regularly/

The Truth About Mobile Security Risks In Business and What To Do About It
https://www.bankinfosecurity.asia/webinars/truth-about-mobile-security-risks-in-business-what-to-do-about-it-w-1785

Are your jilted apps stalking you
https://nakedsecurity.sophos.com/2018/10/24/are-your-jilted-apps-stalking-you/

Google Makes 2 Years of Android Security Updates Mandatory for Device Makers
https://bit.ly/2D2HIKF


C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
Lazarus為何成為世界上最賺錢的加密貨幣駭客集團
http://news.knowing.asia/news/53f8e661-59ea-4d1b-92c8-031b4765861b

資安、AI開班「不能只給兵」台大院長籲教部給額外師資
https://udn.com/news/story/7266/3432526

企業常遇到的四種網頁注入(Web Injection)攻擊
https://blog.trendmicro.com.tw/?p=57572

數位國土的捍衛戰士
https://bit.ly/2O4HzqT

智慧電商雙11購物節的數位風險罩門
https://money.udn.com/money/story/10860/3439968

GeekPwn2018演示多款智能設備安全漏洞導致隱私洩露
http://www.kejilie.com/ikanchai/article/jAR7n2.html

「安卓之父」涉性騷擾...領28億爽辭!Google滅火:已開除48色狼員工
https://www.ettoday.net/news/20181026/1290588.htm

學會網路六大關鍵技術 大企業爭聘
http://market.ltn.com.tw/article/4907

NASA黑客松臺北場 冠軍隊伍Light Wonder抱走8萬獎金
https://www.taiwannews.com.tw/ch/news/3558579

「知彼知己」= 駭客角度
https://bit.ly/2yQ4H72

駭客任務導演藏了 20 年的超級彩蛋,著名的綠色程式語言其實是「壽司食譜」
https://www.hksilicon.com/articles/1690412

採用託管式偵測及回應 (MDR) 服務來防堵網路資安缺口
https://blog.trendmicro.com.tw/?p=57565

TUV NORD 聚焦車載、風能、核安及資安
https://www.chinatimes.com/newspapers/20181024000343-260204

HITCON CTF線上比賽成2019年第一場DEF CON種子賽,冠軍波蘭隊率先取得決賽門票
https://www.ithome.com.tw/news/126535

台灣產學聯軍勇奪2018 HITCON CTF季軍 刷新台灣最佳成績
http://www.ctimes.com.tw/DispNews/tw/1810231618NB.shtml

駭客猖獗 網絡保安不濟
https://news.mingpao.com/pns/dailynews/web_tc/article/20181023/s00002/1540232317476

你是黑客的菜吗?如何有效防止黑客入侵
http://netsecurity.51cto.com/art/201810/584906.htm

這個荒涼俄國小鎮 專出暗殺、駭攻高手
https://theme.udn.com/theme/story/6775/3433455

武器系統防駭 資安新挑戰
https://www.ydn.com.tw/News/309888

Diligent調查發現,董事會成員是安全和公司治理的關鍵環節
http://www.businesswirechina.com/hk/news/38839.html

你有多久沒更新家中 Wi-Fi 路由器密碼
https://www.saydigi.com/2018/10/406424.html

用駭客入侵媒體!中國網軍散播仇恨
https://bit.ly/2NW4nZR

總統蔡英文一現身 三立直播竟遭駭客入侵攻擊
http://ent.ltn.com.tw/news/breakingnews/2587120

駭客+人工智慧科技 期中選舉新隱憂
https://bit.ly/2AnMTlP

臉書上月遭駭元凶 是垃圾郵件業者
https://bit.ly/2S479j4

確定了! 臉書聘前英國副首相擔任副總裁
http://news.ltn.com.tw/news/world/breakingnews/2586442

智慧家居産品有被駭客攻擊危險?私人生活易被入侵
http://big5.china.com.cn/gate/big5/tech.china.com.cn/elec/20181019/347122.shtml

這位神秘駭客修補了 10 萬台路由器漏洞 網友:這才是真正的駭客
https://bit.ly/2CyBiSu

解放軍訊息戰新軍種 揚言2020扶植親北京政權
https://bit.ly/2CAzojX

沙國王儲拿刀斬首哈紹吉! 「沙漠達沃斯」網頁遭駭貼諷刺圖
https://www.ettoday.net/news/20181023/1288276.htm

利雅德會議網站遭駭 赫見沙王儲處決記者合成圖
https://money.udn.com/money/story/5599/3437707

中國間諜滲透太多法國剛敲響反擊鐘聲
https://bit.ly/2z12c1G

疑遭中國駭客植入惡意晶片 美企將全面調查
http://news.ltn.com.tw/news/world/breakingnews/2589073

【寰宇韜略】美強化網軍培訓 確保人才留用(上)
https://www.ydn.com.tw/News/310164

【寰宇韜略】美強化網軍培訓 確保人才留用(下)
https://www.ydn.com.tw/News/310306

川普演講Youtube直播被中共黑客攻擊
http://cn.secretchina.com/news/b5/2018/10/23/874448.html

美國情報單位憂慮 川普私人iPhone恐遭中俄竊聽
https://bit.ly/2ArSHL4

傳川普iPhone遭竊聽 中外交部建議「可改用華為」
http://ec.ltn.com.tw/article/breakingnews/2591959

紐時:川普個人使用的iPhone遭到中國及俄羅斯監聽
https://www.ithome.com.tw/news/126647?fbclid=IwAR1YzEqxf4546kAKWR4J7RJ9AejaWzLXbMOE6oR1y5753L0zSb16RQNp2uc

黑客入侵方式多 勿掉以輕心
https://www.hkpc.org/zh-HK/corporate-info/media-centre/media-focus/203-corp-info/media-focus/7655-hacker-beware

陷惡意晶片風暴 美超微檢查產品並要求撤文
https://www.inside.com.tw/2018/10/24/super-micro-computer-apple-inc

日本自衛隊擬招聘「白帽駭客」 年薪數千萬日圓
https://www.chinatimes.com/realtimenews/20181026002490-260408

中共駭客猖獗 惹來神祕組織狩獵
https://bit.ly/2Cu94rI

拒絕俄羅斯網軍干預期中選舉 美國將警告駭客小心遭起訴
https://www.taiwannews.com.tw/ch/news/3559373

美網路作戰司令部首度出手 嚇阻俄國干預美期中選舉
https://money.udn.com/money/story/5599/3439205

美國德拉瓦州逮捕駭客,查獲價值約21.7萬美元的比特幣
https://news.sina.com.tw/article/20181025/28594590.html

美退出中導條約 對中共釋出五大戰略信息
http://www.epochtimes.com/b5/18/10/24/n10806790.htm

刺殺歐巴馬?八枚郵包炸彈連環「恐攻」民主黨事件
https://global.udn.com/global_vision/story/8662/3441374

FBI:一些炸彈包裹經美國郵政發送 正檢視系統漏洞
http://www.mastvnet.com/news/globe/2018-10-26/211313.html

袁斌:中共專制大廈已呈將傾之勢
http://ca.ntdtv.com/xtr/b5/2018/10/26/a1396799.html

Symantec will close the Norton ConnectSafe service on November 15th
https://bit.ly/2CAxXlG

UK Cyberattack Investigations: An Analysis
https://www.bankinfosecurity.com/interviews/uk-cyberattack-investigations-analysis-i-4150

Cyber News Rundown: Voter Records for Sale
https://www.webroot.com/blog/2018/10/19/cyber-news-rundown-voter-records-sale/

LuminosityLink Hacking Tool Author Gets 30-Months Prison Sentence
https://bit.ly/2AiUVfK

Threat Roundup for October 12 to October 19
https://blog.talosintelligence.com/2018/10/threat-roundup-1012-1019.html

Beers with Talos EP 39: VB 2018 Rundown and Prevalent Problems with PDF
https://blog.talosintelligence.com/2018/10/beers-with-talos-ep-39-vb-2018-rundown.html

Playbook Fridays: QRadar Tag Search in ThreatConnect
https://bit.ly/2JdwbII

HOW MAIL BOMBS GET INTERCEPTED—AND WHAT HAPPENS NEXT
https://www.wired.com/story/how-mail-bombs-get-intercepted-what-happens-next/

Former high school teacher pleads guilty to hacking celebrities
https://nakedsecurity.sophos.com/2018/10/24/former-high-school-teacher-pleads-guilty-to-hacking-celebrities/

Pirates! Don’t blame your illegal file sharing on family members
https://nakedsecurity.sophos.com/2018/10/23/pirates-dont-blame-your-illegal-file-sharing-on-family-members/

Compromising vital infrastructure: how voting machines and elections are vulnerable
https://blog.malwarebytes.com/cybercrime/2018/10/compromising-vital-infrastructure-voting-machines-elections-vulnerable/

BeaconGraph: Graph visualization of wireless client and access point relationships
https://securityonline.info/beacongraph/?fbclid=IwAR126dckhnx3RIdv44x209VOSjHQOrQZYBIRR04UkAAXHcpQmAfh6MpuXHk

Windows 10 Update Fixed File Deletion Flaw But Not ZIP File Overwrite Bug
https://bit.ly/2Ppy2PU

Windows 7 End-of-Life: Are You Ready
https://ubm.io/2yzTuIy

UPDATE ON BRITISH AIRWAYS CYBER ATTACK - THURSDAY 25 OCTOBER, 2018
https://bit.ly/2D2Mec5

Fighting cybercrime requires a new kind of leadership
https://bit.ly/2ETNH6i

徵才 - 資安管理專員
https://www.104.com.tw/job/?jobno=6efkl

徵才 - 數位貨幣交易所-資安長(CIO)
https://www.104.com.tw/job/?jobno=68h4g&jobsource=joblist_b_date

徵才- Research Analyst at Cisco Umbrella
https://jobs.cisco.com/jobs/ProjectDetail/Research-Analyst-at-Cisco-Umbrella/1241191

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷

退稅金成詐欺新肥羊 美國稅局傷腦筋
https://tw.news.appledaily.com/international/realtime/20181020/1450835

雅虎用戶個資外洩案賠償5,000萬美元
https://www.chinatimes.com/realtimenews/20181024004889-260408

Yahoo信箱被駭案達成和解 將支付8500萬美元賠償金額 先賠償美國、以色列用戶
https://www.cool3c.com/article/138721

雅虎將為史上最大安全漏洞案支付5000萬美元賠償金
https://news.sina.com.tw/article/20181024/28577116.html

英航訂票網站上月也被駭 承諾賠償
https://tw.news.appledaily.com/international/realtime/20181025/1454291

國泰航空系統遭入侵,940 萬名乘客資料遭不當讀取
https://technews.tw/2018/10/25/cathay-pacific-passengers-data-were-hacked/

國泰航空「940萬旅客個資」外洩 包括護照、身分證號碼、信用卡號等重要資料
https://www.ettoday.net/news/20181025/1289679.htm

國泰航空證實940萬名乘客個資遭到外洩,並成立專屬網頁供民眾查詢
https://www.ithome.com.tw/news/126623?fbclid=IwAR0h2cW4EdYgnr0RO9IuGQ9TsdfNOBVzuJteGHrfOAcTPyubOUlWdVAoWEs

國泰及港龍航空940萬乘客個資外洩
https://bit.ly/2ELwnjP

國泰港龍 940 萬乘客資料遭外洩 涉信用卡號碼 莫乃光批:太遲通報
https://bit.ly/2O5Nr35

國泰洩940萬客私隱 涉護照 身份證 信用卡資料 事隔7個月始公佈
https://hk.news.appledaily.com/local/daily/article/20181025/20530468

國泰泄940萬客資料 延半年公布 包括護照身分證信用卡號碼 私隱署調查
https://news.mingpao.com/pns/dailynews/web_tc/article/20181025/s00001/1540405459314

國泰驚爆940萬乘客資料外洩 5月確認遭攻陷 涉信用卡身份證號碼等
http://www1.hkej.com/dailynews/article/id/1974285

國泰外洩940萬乘客資料 今年3月首發現系統有可疑
https://bit.ly/2EGy1Tu

CATHAY PACIFIC AIRWAYS LIMITED 國泰航空有限公司資料外洩事件
http://www.hkexnews.hk/listedco/listconews/SEHK/2018/1024/LTN20181024758_C.pdf

乘客求自保 專家:快改帳戶換卡
https://tw.appledaily.com/international/daily/20181026/38162155/

國泰疑以客戶真實資料測試遭黑客入侵 知情者:內部系統無咩保安
https://bit.ly/2CH5wTn

政府電腦被駭 7.5萬健保個資外洩
https://bit.ly/2q5XEmQ

美政府醫療網站被駭,7.5萬筆個資被竊
https://www.ithome.com.tw/news/126554

盜用日本人信用卡訂酒店問題曝光 損失額達數十億日元
https://tchina.kyodonews.net/news/2018/10/0c929a2c3dc1--.html

興業銀行信用卡中心因電銷欺騙投保人等兩項違規被處罰
https://news.sina.com.tw/article/20181019/28529310.html

稱「網路下單」騙帳戶 彩券行無辜成詐欺共犯
https://bit.ly/2S8e3nB

開免密支付被盜刷「只能自認倒楣」 中消協:蘋果應負起責任
https://www.ettoday.net/news/20181021/1286506.htm

黑客藉發送 Spotify Premium 電郵 詐騙用戶 Apple ID 資料
https://unwire.hk/2018/10/23/fake-spotify-email-phishing-scam-apple-id/tech-secure/

部分中國 Apple ID 被釣魚攻擊盜走,蘋果致歉
http://technews.tw/2018/10/19/apple-says-a-small-number-of-chinese-users-had-their-apple-ids-stolen/

意外責任險可以理賠個資外洩?產險界:只賠實體事故
https://www.ettoday.net/news/20181019/1285735.htm

沙國監控異議人士 《紐時》:買通推特員工取得個資
http://news.ltn.com.tw/news/world/breakingnews/2589246

注意! 社安署來電? 詐騙社安號等個資
https://bit.ly/2z2x2aa

二維碼詐騙花樣繁多防不勝防平台有安全管理義務
http://www.hkcd.com/content/2018-10/23/content_1106133.html

「寶特幣」啥米碗糕? 母子半年詐3268萬
https://tw.appledaily.com/new/realtime/20181023/1452693/

溫氏家族自創「寶特幣」詐3千萬 偽造蔡英文匾取信被害人
https://www.ettoday.net/news/20181023/1288327.htm

調研未來10大預測:社群媒體醜聞、安全漏洞 不如「隱私中毒」
http://ec.ltn.com.tw/article/breakingnews/2589505

詐騙案層出不窮 電信業每年損失170億美元
https://www.chinatimes.com/newspapers/20181025000321-260203

Texas Retirement Agency Portal Breach Affects 1.25 Million
https://www.bankinfosecurity.com/texas-retirement-agency-portal-breach-affects-125-million-a-11638

Yahoo Class Action Settlement: A $50 Million-Plus Sting
https://www.bankinfosecurity.com/yahoo-class-action-settlement-50-million-plus-sting-a-11635

India's Draft Data Protection Bill: The Wrong Approach
https://www.bankinfosecurity.asia/interviews/indias-draft-data-protection-bill-wrong-approach-i-4154

RBI's Data Localization Mandate: What Happens Next
https://www.bankinfosecurity.asia/rbis-data-localization-mandate-what-happens-next-a-11636

Are you Cyber Aware? How about your friends and family
https://nakedsecurity.sophos.com/2018/10/24/are-you-cyber-aware-how-about-your-friends-and-family/

Adult websites shuttered after 1.2 million user details exposed
https://nakedsecurity.sophos.com/2018/10/23/adult-websites-shuttered-after-1-2-million-user-details-exposed/

Facebook Fined £500,000 for Cambridge Analytica Data Scandal
https://bit.ly/2Sif7Fm

E.研究報告

libSSH認證繞過漏洞(CVE-2018-10933)分析
https://paper.seebug.org/720/

libSSH 認證繞過漏洞(CVE-2018-10933)分析
https://zhuanlan.zhihu.com/p/47197657

D-Link 850L&645路由漏洞分析
https://hk.saowen.com/a/300c17ede5efa643437a7358af827bbb70859c68a18f1b3c3425bd4852b1658b

挖洞經驗| 價值3133.7美金的谷歌(Google)存儲型XSS漏洞
http://www.freebuf.com/articles/web/186463.html

黑客基礎,Metasploit模塊簡介,滲透攻擊模塊、攻擊載荷模塊
http://netsecurity.51cto.com/art/201810/585354.htm

開小灶:隱藏bash歷史命令的小技巧
http://netsecurity.51cto.com/art/201810/585251.htm

深入分析MikroTik RouterOS CVE-2018-14847 & Get bash shell
http://www.freebuf.com/vuls/187272.html

MI 小米小米手環3 NFC功能探索
https://post.smzdm.com/p/akmr64o9/?fbclid=IwAR2v8Y-JFZLMYJKwKIBQsTJUIFNer6Y0cunjuEetmZy8t8OvzS21iZw6vCg

通殺絕⼤多數交易平台的Tradingview Dom XSS漏洞分析
http://www.freebuf.com/vuls/186638.html

個案分析-Pylocky勒索病毒攻擊事件分析報告_10710
https://cert.tanet.edu.tw/prog/opendoc.php?id=2018102201103030474941237511262.pdf

Micropatch for SandboxEscaper's "deletebug" 0day
https://bit.ly/2CGP3hJ

Exploit kits: fall 2018 review
https://blog.malwarebytes.com/threat-analysis/2018/10/exploit-kits-fall-2018-review/

CVE-2018–8414: A Case Study in Responsible Disclosure
https://posts.specterops.io/cve-2018-8414-a-case-study-in-responsible-disclosure-ff74c39615ba

CVE-2018–8212: Device Guard/CLM bypass using MSFT_ScriptResource
https://posts.specterops.io/cve-2018-8212-device-guard-clm-bypass-using-msft-scriptresource-b6cc2318e885

New Windows Zero-Day Bug Helps Delete Any File, Exploit Available
https://bit.ly/2CDTt9g

Discovering Hidden Email Gateways with OSINT Techniques
https://medium.com/iron-bastion/discovering-hidden-email-servers-with-osint-2dbf07559626

Code Structure and Readability Part 4 — Project Structure
https://medium.com/swift2go/code-structure-and-readability-part-4-project-structure-99f9a6671ce3

Deeplens Enabled Product Detection
https://medium.com/@ananthsrinivas/deeplens-enabled-product-detection-9e797dace8f6

GraphQL: A success story for PayPal Checkout
https://bit.ly/2AttrUO

The Fuzzing Project
https://fuzzing-project.org/?fbclid=IwAR3K_g2QFR4FF7-Za9vt-Epq7H2aSp39xWX1suVeWt3f3xgYRFDxWr7ujXk

Hawkeye scanner-cli v1.3.2 releases: security/vulnerability/risk scanning tool
https://securityonline.info/hawkeye/?fbclid=IwAR35woyvVi0yRkTS_7vrmjfJwwGPX15MOah6c6Xol2ZHqupEKQipZso-dsQ

btrForensics: Forensic Analysis Tool for Btrfs File System
https://securityonline.info/btrforensics/?fbclid=IwAR0w3cstc1f1siWMCZ9yi5hqvzf3MCRRqc3mPVxYK_cC4ovtnJrsYgYOm7c


F.商業

率先支援 WPA3 新制式 Synology MR2200ac 可能是功能最強的 Mesh Wi-Fi
https://bit.ly/2yU6Z51

IBM推出管理工具投入多雲戰局,支援AWS、微軟及紅帽
https://www.ithome.com.tw/news/126524

資安產業大逆襲 零壹搶攻資安商機
https://www.wantgoo.com/news/content/index?ID=872967

據報 Facebook 正計劃收購一家「主要」網路安全公司
https://chinese.engadget.com/2018/10/21/facebook-may-buy-large-cybersecurity-company/

Facebook 拯救資安,傳聞年底前收購網路安全公司
https://technews.tw/2018/10/22/facebook-cybersecurity-company-acquisition/

KPMG安侯建業專欄-CEO也要了解的網路安全知識
https://bit.ly/2CZvu5s

與新加坡競爭資料中心商機,印尼搶亞馬遜、Google 進駐
https://finance.technews.tw/2018/10/23/data-center-in-southeast-market/

國際科技顧問公司TaskUs正式來台進駐
https://money.udn.com/money/story/10860/3436933

把安全總部設在卡車裡!IBM 推出業界首款行動式網路安全作業中心、根本就是電影FBI的特勤戰術中心
https://www.techbang.com/posts/62077-ibm-launches-the-industrys-first-ever-mobile-network-security-operations-center

資安即國安 IBM 推國防等級「網路安全作業中心」行動車
http://ec.ltn.com.tw/article/breakingnews/2590280

華為設資安實驗室博取德政府信賴 為5G設備銷售鋪路
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000545430_5g95z91v2ffa6h1f4kzao

思科新版ACI加強支援OpenStack及Kubernetes
https://www.ithome.com.tw/news/126649

G.政府

警政署力推智慧警政,打造大數據分析平臺以提高網路犯罪偵查率
https://www.ithome.com.tw/news/126521

國防部前副處長:川普政府的「中國威脅論」
https://tw.appledaily.com/new/realtime/20181019/1450589/

國際刑警組織拒邀台灣 賴清德:中國打壓
http://news.ltn.com.tw/news/politics/breakingnews/2585565

機械公會5大決議 籲政府防堵漏洞
https://www.chinatimes.com/newspapers/20181019000305-260202

金管會納入央行理事 顧立雄:沒推動此事
https://tw.appledaily.com/new/realtime/20181022/1452040/

金管會主委去當央行理事 中央銀行公開說不要
https://money.udn.com/money/story/5613/3435570

金管會主委 不須列央行理事
https://udn.com/news/story/7239/3436783

金融帳戶資料自己帶著走 金管會研擬「打開銀行」
https://tw.finance.appledaily.com/realtime/20181026/1454481

金管會:已無多餘預算,南部金融園區恐須自籌財源
https://bit.ly/2SgczYu

虛擬貨幣ICO 金管會將納管
http://ec.ltn.com.tw/article/paper/1241426

顧立雄:ICO如涉有價證券擬納管 最快明年6月制定辦法
https://m.moneydj.com/f1a.aspx?a=8946b723-93e1-4e4f-a51f-5ba05fd8d023

首次代幣發行若涉有價證券或股權 金管會最快明年納管
https://shareba.com/module/news/292299892011761704.html

國家資安人才培訓新戰略,行政院資安學院本周開跑
https://www.ithome.com.tw/news/126584

經濟部建立資安服務共用機制 強化資安聯防 舒緩預算與人力
https://bit.ly/2qdSsgM


H.工控系統  SCADA / ICS Security


正視工廠生產線上的資安威脅,徹底改變防護概念為當務之急
https://www.ithome.com.tw/news/126417

惡意威脅無孔不入,機臺安全從4大防護面向做起
https://www.ithome.com.tw/news/126418

IoT e SCADA Security: CHECK POINT e AXIANS insieme
https://www.zerounoweb.it/techtarget/searchsecurity/iot-e-scada-security-check-point-e-axians-insieme/

OT security key to bringing expansion plans to fruition
https://www.itweb.co.za/content/KPNG878dp1474mwD

DHS warns of another dangerous flaw in Advantech WebAccess SCADA software
https://www.cso.com.au/article/648657/dhs-warns-another-dangerous-flaw-advantech-webaccess-scada-software/

Security in the driving seat for IT innovation in UAE: experts
https://www.tahawultech.com/industry/technology/rsa-security-driving-seat-innovation/

More exploits: the great PLC hack
https://www.controldesign.com/articles/2018/more-exploits-the-great-plc-hack/

EclecticIQ strengthens threat intelligence for critical infrastructures with new integrations
https://prn.to/2PnCnTF

STATE & LOCALBIG DATACLOUDCYBERSECURITYDATA CENTERSEMERGING TECHMOBILERESOURCESEVENTS
https://gcn.com/articles/2018/10/19/critical-infrastructure-security.aspx

Industrial Control Systems Security Market Global Growth, Opportunities, Industry Analysis & Forecast to 2023
https://bit.ly/2PnCsXt

Brown And Caldwell Strengthens Smart Utility Offering With BC Blue
https://paymentweek.com/2018-10-24-brown-caldwell-strengthens-smart-utility-offering-bc-blue/

APT Group GreyEnergy Sparks Worry About BlackEnergy Successor
https://securityintelligence.com/news/apt-group-greyenergy-sparks-worry-about-blackenergy-successor/


I.教育訓練類

WordPress筆記:初始安裝的原始文件檔案和資料夾目錄列表
https://www.vedfolnir.com/wordpress-original-files-and-directory-list-29834.html

CS:APP 學習指引
https://hackmd.io/c/S1vGugaDQ/https%3A%2F%2Fhackmd.io%2Fs%2FSJ7V-qikG%23

三十篇資安實例分享及解析DAY 11-- TAAZE"讀冊生活"二手書平台,個資外洩遭詐騙。
https://ithelp.ithome.com.tw/articles/10202362?sc=iThelpR

三十篇資安實例分享及解析DAY 12--科技董座扮「白帽駭客」,竄改高鐵票價,判賠15萬寫悔過書
https://ithelp.ithome.com.tw/articles/10202684?sc=iThelpR

三十篇資安實例分享及解析DAY 13--羽球球后戴資穎IG被駭,駭客詐騙募款
https://ithelp.ithome.com.tw/articles/10203118

三十篇資安實例分享及解析DAY 14--京晨科技,國產監視器軟體漏洞,監視器恐有被駭風險
https://ithelp.ithome.com.tw/articles/10204042

三十篇資安實例分享及解析DAY 15--智樂堂『刀龍傳說』遭殭屍病毒攻擊
https://ithelp.ithome.com.tw/articles/10204251

三十篇資安實例分享及解析DAY 16--高雄十全果菜市場遭『WannaCry 』勒索,付贖金才得已解鎖
https://ithelp.ithome.com.tw/articles/10204560

三十篇資安實例分享及解析DAY 17--嫌犯利用民眾設定密碼習性,破解Google雲端竊取個資,轉走銀行存款
https://ithelp.ithome.com.tw/articles/10205054?sc=rss.qu

[Day05]各部門的角色與職責
https://ithelp.ithome.com.tw/articles/10202918

Day8-學校資安健檢
https://ithelp.ithome.com.tw/articles/10204419

資安補帖─Day9─Web Security
https://ithelp.ithome.com.tw/articles/10203821?sc=iThelpR

資安補帖─Day10─簡單CTF套路工具使用
https://ithelp.ithome.com.tw/articles/10203454?sc=iThelpR

資安補帖─Day13─社交工程
https://ithelp.ithome.com.tw/articles/10204414

資安補帖─Day14─Awesome資安資源介紹
https://ithelp.ithome.com.tw/articles/10204751

資安補帖─Day15─如何增進CTF能力
https://ithelp.ithome.com.tw/articles/10205234?sc=rss.qu

[Day 5] 這個漏洞有多嚴重? [上]
https://ithelp.ithome.com.tw/articles/10203313?sc=iThelpR

[Day 6] 這個漏洞有多嚴重? [下]
https://ithelp.ithome.com.tw/articles/10203906

[Day 9] 找到漏洞好興奮,我想給他一個名份 [上]
https://ithelp.ithome.com.tw/articles/10204617

[Day 11] 挖漏洞補錢包洞
https://ithelp.ithome.com.tw/articles/10205215?sc=rss.qu

Day-8 社交工程
https://ithelp.ithome.com.tw/articles/10204537

挖洞姿勢:淺析命令注入漏洞
https://www.secpulse.com/archives/76588.html

8 Popular Courses to Learn Ethical Hacking – 2018 Bundle
https://bit.ly/2AjnQQH

Malware Analysis Using Memory Forensics
https://www.secjuice.com/malware-analysis-memory-forensics/


J.玄武實驗室每日安全動態推送

每日安全動態推送(10-22)
https://tw.weibo.com/xuanwulab/4297916007523896

每日安全動態推送(10-23)
https://tw.weibo.com/xuanwulab/4298268290449593

每日安全動態推送(10-24)
https://tw.weibo.com/xuanwulab/4298636638420333

每日安全動態推送(10-25)
https://tw.weibo.com/xuanwulab/4298998238099174

每日安全動態推送(10-26)
https://tw.weibo.com/xuanwulab/4299369413160473


K.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機

Arm將與Cybereason攜手開發強調安全性的IoT晶片
https://www.ithome.com.tw/news/126525

資安標準論壇 聚焦物聯網
https://www.chinatimes.com/newspapers/20181019000524-260210

連網裝置需要更安全的記憶體
https://www.eettaiwan.com/news/article/20181023NT01-connected-devices-need-more-secure-memory

要偷特斯拉 Model S,手機+平板即可複製車鑰匙
https://technews.tw/2018/10/25/thieves-steal-a-tesla-model-s-by-hacking-the-entry-fob/

Botnets Keep Brute-Forcing Internet of Things Devices  October 24, 2018 
https://www.bankinfosecurity.com/botnets-keep-brute-forcing-internet-things-devices-a-11637


4.近期資安活動及研討會
  
  物聯網資安培訓課程(中華民國資訊軟體協會) 10/26 ~ 11/9
  https://w3.iiiedu.org.tw/coursedetail.php?id=ICSA01I&l=35&c=ICSA01I1801

  金融資安培訓課程(台灣雲端安全聯盟) 10/26 ~ 11/3
  https://w3.iiiedu.org.tw/coursedetail.php?id=FCSA02I&l=30&c=FCSA02I1801

  亥客書院 -惡意程式檢測實務 10/27
  https://hackercollege.nctu.edu.tw/?p=885

  ISDA 白帽駭客巡迴入門〈1〉10/27
  https://reg.isda.org.tw/info.php?no=27

  TANET 2018-台灣網際網路研討會 暨資訊工程X智慧計算學門成果發表會 10/21 ~ 10/26
  https://cis.ncu.edu.tw/SeminarSys/activity/TANET2018/home

  Azure TechDay 年度盛會 10/30 台北場
  https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x4963751abcd

  Red Hat Forum 2018 TAIPEI  11/2
  https://www.redhat.com/en/events/red-hat-forum-taipei-2018?sc_cid=701f2000001OEJMAA4

  物聯網資安實務課程(台灣雲端安全聯盟) 11/2 ~ 11/10
  https://w3.iiiedu.org.tw/coursedetail.php?id=ICSA03I&l=30&c=ICSA03I1801

  ISDA 白帽駭客巡迴入門〈1〉11/03
  https://reg.isda.org.tw/info.php?no=28

  Building and Investigation with EnCase? (DF210) (原CF2)  11/5 ~ 11/8
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=41

  Imperva 2018 資安趨勢論壇 11/7
  https://seminar.ithome.com.tw/live/20181107Imperva/index.html

  亥客書院 - DDoS原理與實務  11/10
  https://hackercollege.nctu.edu.tw/?p=774

  認證系統安全從業人員SSCP輔導班  11月10日至11月18日
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=277

  新型態資安實務示範課程教學教師研習營  11/10 ~ 11/11
  https://docs.google.com/forms/d/e/1FAIpQLScCByNq_aQ6kIXawayMQPq9yMTtlFXkQ6JVTPrtpBh3TVGzoA/viewform

  Magnet原廠授權認證課程Magnet AXIOM Examinations 11/12 ~ 11/15
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=42

  SQL Migration to Azure Data service實作課 11/13
  https://bit.ly/2Nx6tiy

  資安趨勢與企業因應管理(可抵內稽)  11月13日
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=280

  原廠認證Cellebrite Certified Operator (CCO)  11/19 ~ 11/20
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=43

  Fortinet 2018 數位 X 資安 轉型論壇  11/15
  https://seminar.ithome.com.tw/live/2018fortinet/index.html?eDM_V1

  網站安全與稽核簡介(Ⅰ)(可抵內稽)  11月15日
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=281

  網站安全與稽核簡介(Ⅱ)(可抵內稽)  11月23日
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=282

  認證資訊系統安全專家 CISSP 輔導班 11月24日至12月8日
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=278

  Metasploit與滲透測試實務 11/25 ~ 11/26
  https://hackercollege.nctu.edu.tw/?p=641

  EnCase EnCE 認證考試 Preparation 課程  12/5 ~ 12/7
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=44

  駭客入侵調查暨資安緊急應變實務 12/10 ~ 12/11
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=45

  台灣駭客年會 HITCON Pacific 2018 12/13 ~ 12/14
  https://hitcon.kktix.cc/events/hitcon-pacific-2018

  亥客書院 - 進階網頁滲透測試  12/15
  https://hackercollege.nctu.edu.tw/?p=323

  專業手機暨硬碟資料救援教育訓練課程 12/26 ~ 12/28
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=46

  亥客書院 - 高階網頁滲透測試    2019/1/5
  https://hackercollege.nctu.edu.tw/?p=768

留言

這個網誌中的熱門文章

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…