Your Web Applications Are More Vulnerable Than You Think
https://ibm.co/2EOZYIU
PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection
https://www.exploit-db.com/exploits/45728/
xorg-x11-server 1.20.3 - Privilege Escalation
https://www.exploit-db.com/exploits/45742/
xorg-x11-server < 1.20.3 - Local Privilege Escalation
https://www.exploit-db.com/exploits/45697/
WebDrive 18.00.5057 - Denial of Service (PoC)
https://www.exploit-db.com/exploits/45761/
蘋果更新眾多平台,修補安全漏洞
https://www.ithome.com.tw/news/126740
存在4年的LibSSH弱點,可讓駭客無須輸入密碼就能控制伺服器
https://www.ithome.com.tw/news/126764
New Privilege Escalation Flaw Affects Most Linux Distributions
https://bit.ly/2SpIo0N
近期數版X.Org Server出現Command Line參數核驗缺陷,易受入侵接管
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5040
威聯通NetBak Replicator無法承受鉅量字串輸入
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5043
Dell EMC Integrated Data Protection Appliance 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11062
Apache Tomcat JK (mod_jk) Connector 路徑遍歷漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11759
Red Hat 內核多個漏洞
https://www.auscert.org.au/bulletins/71006
Easy-to-exploit privilege escalation bug bites OpenBSD and other big name OSes
https://bit.ly/2Q1A9Xb
多款華擎產品安全漏洞
https://www.exploit-db.com/exploits/45716
X.Org的X Server含有權限擴張漏洞,波及眾多Linux與BSD系統
https://www.ithome.com.tw/news/126726
Hacker Discloses New Windows Zero-Day Exploit On Twitter
https://bit.ly/2qc8t6C
SandboxEscaper expert is back and disclosed a new Windows Zero-Day
https://bit.ly/2z8C7xZ
Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)
https://www.exploit-db.com/exploits/45743/
What comes after Windows 10 19H1? Vanadium
https://www.zdnet.com/article/what-comes-after-windows-10-19h1-vanadium/#ftag=RSSbaffb68
Microsoft's latest Windows 10 19H1 test build adds updated sign-in options for Hello, more
https://www.zdnet.com/article/microsofts-latest-windows-10-19h1-test-build-adds-updated-sign-in-options-for-hello-more/#ftag=RSSbaffb68
Microsoft provides a new way for business users to test Windows 10 Enterprise features
https://www.zdnet.com/article/microsoft-provides-a-new-way-for-business-users-to-test-windows-10-enterprise-features/#ftag=RSSbaffb68
Windows 10 Security Checklist Starter Kit
https://myitforum.com/windows-10-security-checklist-starter-kit/
Windows 10 Bug Let UWP Apps Access All Files Without Users' Consent
https://thehackernews.com/2018/10/windows10-uwp-apps.html
Windows 10臭蟲讓UWP程式能直接存取所有檔案
https://www.ithome.com.tw/news/126706?fbclid=IwAR2APqb03h2luJson1SBYPYy_sMFhbdilc-HB3ny9rGmBuqsoIVQMvTP0TU
研究人員再次披露Windows 0-day漏洞
http://www.twoeggz.com/news/11889601.html
Windows 10被曝新零日漏洞涉及3大版本
http://netsecurity.51cto.com/art/201810/585746.htm
Windows 10 19H1 Build 18267 ISO images (3rd Party) now available
https://bit.ly/2Rpv8bx
CVE-2018-14665 privilege escalation flaw affects popular Linux distros
https://securityaffairs.co/wordpress/77402/hacking/cve-2018-14665-linux-distros.html
Vulnerability In Microsoft Word Online Video Feature Allows for Phishing
https://bit.ly/2qeQzAk
離譜!微軟網站嚴重LogMeIn漏洞唔理 讓騙徒輕易呃用家金錢
https://www.winandmac.com/2018/10/tech-support-scam-with-official-microsoft-site/
Windows 10 又搞事情了!UWP API漏洞讓你的磁盤信息徹底走光
https://zhuanlan.kanxue.com/article-5308.htm
關於防範WebLogic高危漏洞的安全預警通知
http://zuits.zju.edu.cn/2018/1029/c7943a887370/pagem.htm
Cisco Patched Privilege Escalation Vulnerability In Webex Meetings Desktop App
https://bit.ly/2yCtf4g
思科修補WebEx Meetings app權限升級漏洞
https://www.ithome.com.tw/news/126660
美國調查:8 成 Wi-Fi 路由器存漏洞 D-Link、華為最不安全
https://www.techritual.com/2018/10/29/173040/
IPython 7.1.0 release, Python command line interaction
https://meterpreter.org/ipython/?fbclid=IwAR2nyjT5KRp34jAdO1KskBZPmDCYPuypI010LUaE0p84LnByX7Fz5Jxk2Es
FreeBSD 12.0-BETA2 release, Unix-like operating system
https://meterpreter.org/freebsd/?fbclid=IwAR1oJIkkYpHE9mc12nataBofbS_uR9JMclckG7pIDgcgUEYJ9KJO3OoySj8
nginx ultimate bad bot blocker v3.2018.10.1231 releases
https://bit.ly/2SsnTAL
Kali Linux 2018.4 releases: Penetration Testing Distro
https://securityonline.info/kali-linux-2018-4/?fbclid=IwAR1iC_3A4gE6dyL9D9d1E33Hmh11zmZE72LTRy68HRrnzgzOhHng-nil2WM
E-Negosyo System 1.0 - SQL Injection
https://www.exploit-db.com/exploits/45730
Linux系統容易受到X.Org服務器中的權限提升和文件覆蓋漏洞攻擊
https://www.linuxidc.com/Linux/2018-10/155067.htm
https://www.linuxidc.com/Linux/2018-10/155067.htm
Squid代理緩存服務器修復遠程拒絕服務漏洞
https://www.linuxidc.com/Linux/2018-10/155075.htm
Linux Kodachi 5.0 releases: Secure open source Linux distribution
https://bit.ly/2P2xfoA
VyOS 1.2.0-rc5 is available for download
http://blog.vyos.net/vyos-1-dot-2-0-rc5-is-available-for-download
MISP v2.4.97 released – Malware Information Sharing Platform & Threat Sharing
https://bit.ly/2DbVAlH
New Privilege Escalation Flaw Affects Most Linux Distributions
https://bit.ly/2P3qqU0
PTP Lab — Privilege Escalation with Services
https://medium.com/@bondo.mike/ptp-lab-privilege-escalation-with-services-5d14a99a28d1
Windows 10 Bug Let UWP Apps Access All Files Without Users' Consent
https://bit.ly/2Q764pd
Microsoft is developing a dark theme for Office on macOS Mojave
https://bit.ly/2DeKnAQ
CVE-2018-18649: Gitlab Wiki API Remote Code Execution Vulnerability Alert
https://bit.ly/2ETFVJw
Cisco zero-day exploited in the wild to crash and reload devices
https://www.zdnet.com/article/cisco-zero-day-exploited-in-the-wild-to-crash-and-reload-devices/#ftag=RSSbaffb68
CVE-2018-15454 Cisco ASA及FTD軟件拒絕服務漏洞
https://www.secrss.com/articles/6097
Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass
https://www.exploit-db.com/exploits/45748/
WebExec - Authenticated User Code Execution (Metasploit)
https://www.exploit-db.com/exploits/45695/
Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam Donenfeld)
https://www.exploit-db.com/papers/45745/
2.銀行/金融/保險/證券/電子支付/行動支付/支付系統/虛擬貨幣/區塊鍊 新聞及資安
面對汰弱留強的數碼轉型 金融行業如何應對
https://bit.ly/2O4xhXX
比特幣前傳:半世紀前,密碼學都還未成為一門真正的科學
http://news.knowing.asia/news/d31d1f8b-ee95-4ef7-b5e4-5890abc7975c
Bitcoin Core version 0.17.0.1 released
https://bitcoin.org/en/release/v0.17.0.1?fbclid=IwAR04O6DFqIgUnoMUtgrpkFmj4CZkAIKJi5Ypx5LXDS8d8kbU4VT2gPEjUqA
市場將會迎來首個擁有比特幣作為後盾來支撐其價值的ERC 20代幣
https://bit.ly/2ADft2M
警惕:這兩種代幣可能是北韓操控的騙局
http://news.knowing.asia/news/3a0e5492-79ca-4e92-bd71-83e5b32e76ba
怒甩580億陰霾!日虛擬貨幣交易所遭駭280日重啟新帳戶註冊
https://www.ettoday.net/news/20181030/1294014.htm
法國銀行用自己的實際行動,表達了對區塊鏈的偏愛
http://news.knowing.asia/news/14f62801-c3a8-4b6a-ae9e-6711d14dd091
全球首例!遠航推加密幣換機票
https://money.udn.com/money/story/5612/3451900
加密幣交易所遭駭 凸顯三議題
https://udn.com/news/story/7338/3446574
虛擬通貨規範 資誠:不扼殺創新並考量風險
https://money.udn.com/money/story/6710/3449413
日本金融廳:穩定幣不是幣!將要求業者持有銀行執照
https://bit.ly/2yKUauu
加拿大銀行在區塊鏈試驗中成功完成股票清算和結算
https://news.sina.com.tw/article/20181029/28637722.html
Bitcoin's Network - "語言"的變化
https://bit.ly/2Ofh7Ld
衡量成功的方式
https://bit.ly/2Q4ceXi
IOTA宣布Trinity 錢包漏洞賞金計劃
https://xcong.com/lives/1374466
電子錢包扣帳現漏洞 香港金管局急推3招補救
https://bit.ly/2PsntvB
一銀ATM跨國盜領破案揭密 國際資安合作 防駭總動員
https://www.chinatimes.com/newspapers/20181029000606-260102
一銀8,300萬ATM盜領案 退休國安高層揭破案內幕
https://bit.ly/2Sox0lY
洗錢與資安 純網銀兩大考驗
http://ec.ltn.com.tw/article/paper/1242807
警調抽絲剝繭 精準研判破一銀案
https://www.chinatimes.com/newspapers/20181029000611-260102
遙控盜領 吐到鈔盡機亡
https://www.chinatimes.com/newspapers/20181029000610-260106
4大特色 跨國智慧犯罪手法解析
https://www.chinatimes.com/newspapers/20181029000312-260202
4大特色 跨國智慧犯罪手法解析
https://www.chinatimes.com/newspapers/20181029000312-260202
香港行動支付轉數快需加強系統保安及私隱保障
http://www.thinkhk.com/article/2018-10/26/30545.html
轉數快騙案10多宗涉款逾40萬 議員轟香港電子支付落後
https://hk.on.cc/hk/bkn/cnt/news/20181030/bkn-20181030093257981-1030_00822_001.html
香港金管局暫接逾十宗騙案涉近40萬元 受害用戶將獲賠償
https://bit.ly/2P1Zxj9
香港金管局:十多宗轉數快騙案涉40萬 最快本周重開電子錢包增值
http://www.thinkhk.com/article/2018-10/30/30626.html
香港金管局出招防盜 「轉數快」eDDA改雙重認證
https://bit.ly/2OeT4Mu
香港金管局指日後設eDDA程序時需銀行雙重認證
http://www.metroradio.com.hk/news/live.aspx?NewsId=20181030090522
騙徒利用電子直接扣帳授權eDDA漏洞+電子錢包行騙
https://www.mrmiles.hk/fps-fraud/
香港金管局指10多個銀行帳號被盜用涉18萬元 用戶未授權可免責
https://bit.ly/2RmnwXc
香港金管局副總裁承認初設計轉數快時諗漏了令匪徒有機可乘
http://www.metroradio.com.hk/news/live.aspx?NewsId=20181030101325
香港金管局要求 SVF 銀行須採雙重認證 下周全面恢復轉數快
https://bit.ly/2qhrBR0
逾10宗"轉數快"騙案 金管局:與系統本身無關
http://www.hkcna.hk/content/2018/1030/719397.shtml
「轉數快」逾10宗存款未經授權被轉走 金管局指涉及金額40多萬
https://passiontimes.hk/article/10-30-2018/48986
李達志稱市民款項因「轉數快」被盜屬認證問題 或本周恢復功能
https://bit.ly/2JpIx0e
電子錢包變偷錢工具 網絡扒手化身信用卡卡主狂轉賬
https://hk.news.appledaily.com/breaking/realtime/article/20181101/58863066
電子支付的安全性
https://bit.ly/2Q4G121
北富銀行員監守自盜 挪用客戶存款罰400萬
https://bit.ly/2qhkKXq
「開放銀行」有譜 兩方式研議
https://www.ptt.cc/bbs/Bank_Service/M.1540527142.A.070.html
將來網路銀行 劉奕成將接CEO
https://bit.ly/2qhgwz9
ATM頻出包太依賴IBM?金管會要求全面盤點
https://bit.ly/2qbfNQ3
ATM頻當機,顧立雄要求總盤點
https://bit.ly/2Rg3oWC
銀行ATM頻傳當機 金管會大盤點
http://ec.ltn.com.tw/article/paper/1242201
勞退自選平臺 金管會請集保結算所研議實驗計劃
http://dailynews.sina.com/bg/tw/twlocal/bcc/2018-10-25/doc-iuvsyyet5484871.shtml
政大創新園區 國際大咖進駐
https://money.udn.com/money/story/5603/3445070
發展虛擬通貨 資誠:留意法令、資安、稅務三大挑戰
https://money.udn.com/money/story/5613/3449511
金管會明年6月擬納管ICO 會計師:ICO籌資將面臨三大挑戰
https://news.cnyes.com/news/id/4227792
LINE Bank覓新歡 富邦出線機會高
https://www.mirrormedia.mg/story/20181029fin004/
LINE純網銀洗牌!富邦砸70億擠下中信成最大股東
https://bit.ly/2RiMl6i
【熊大銀行QQ】前悠遊卡董座 因3個理由拋棄LINE
https://bit.ly/2RmXHWK
P2P借貸平台倒閉? 顧立雄:未直接監管仍需了解
https://shareba.com/module/news/293450114844379607.html
傳P2P平台倒閉?金管會:盼業者與銀行合作 強化經營健全性
https://news.cnyes.com/news/id/4228290
P2P促進會自清 盼為行業正名
https://money.udn.com/money/story/5613/3451946
P2P洗錢大漏洞?立委要求金管會納管 顧立雄這麼說
https://www.nownews.com/news/20181031/3042120/
金管會要不要管P2P 顧立雄:會全盤了解
https://www.chinatimes.com/realtimenews/20181031001592-260410
民間融資業者變身 偽P2P滿天飛
https://www.chinatimes.com/newspapers/20181031000686-260110
時間就是金錢!申辦投資人集保資料查詢系統 時時掌握投資動態
https://www.ettoday.net/news/20181030/1290371.htm
純網銀申設辦法出爐 獎落誰家明年6月揭曉
https://bit.ly/2Oh7o7j
純網銀配分出爐 營運模式+資安占比70%
https://www.ttv.com.tw/news/view/10710310019300F/579
怡富貸無預警關站 驚嚇投資人
https://www.chinatimes.com/newspapers/20181031000683-260110
金融區塊鏈函證 臺企銀即起試營運
https://www.chinatimes.com/newspapers/20181102000503-260210
Australian Cryptocurrency Theft Highlights Security Mistakes
https://www.bankinfosecurity.com/australian-cryptocurrency-theft-highlights-security-mistakes-a-11643
Zcash's Next Upgrade to Make Private Transactions 100x Lighter and 6x Faster
https://bit.ly/2Job3zy
What’s New in Sapling
https://bit.ly/2D8oP8R
$194 Million was Moved Using Bitcoin With $0.1 Fee, True Potential of Crypto
https://bit.ly/2CMK8vE
Magecart hackers change tactic and target vulnerable Magento extensions
https://securityaffairs.co/wordpress/77365/cyber-crime/magecart-new-tactic.html
New ATM Attack Uses Customer-Built Skimmers to Steal Credit Card Data and PINs
https://ibm.co/2JlbV83
Financial Industry CISOs to get a first look at Thales Data Threat Report at 2018 FinServ Data Security Summit
https://bit.ly/2EMEpsn
We're giving these out on Halloween! Each one has claimable BTC
https://bit.ly/2OgvbUO
Cobalt Gang targets banks and financial service providers by sneaking PDFs past staff
https://bit.ly/2OaKeiY
Largest Cyber Attack in Pakistan! Million Bank Heist from Bank Islami 29 Oct 2018
https://ividbuzz.com/post/2106/largest-cyber-attack-in-pakistan-6-million-bank-heist-from-bank-islami-29-oct-2018
Managing Cyber Risks: A New Tool for Banks
https://www.bankinfosecurity.com/interviews/managing-cyber-risks-new-tool-for-banks-i-4161
Cardtronics combats rising tide of attacks on UK ATMs
https://www.atmmarketplace.com/news/cardtronics-combats-rising-tide-of-attacks-on-uk-atms/
ATM supplier steps up security measures
https://forecourttrader.co.uk/news/fullstory.php/aid/15846/ATM_supplier_steps_up_security_measures.html
3.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體
新興殭屍網路DemonBot招兵買馬,鎖定Hadoop伺服器
https://www.ithome.com.tw/news/126669
北部醫院中勒索病毒 健保署:患者資料安全不影響就診
https://udn.com/news/story/7266/3444536
桃園某醫院疑有「勒索型病毒」入侵 資料遭加密中毒
https://udn.com/news/story/7321/3444619
微軟Windows Defender Antivirus成為第一個能在沙盒中運行的防毒產品
https://www.ithome.com.tw/news/126679
微軟 Edge 瀏覽器下載 Chrome?小心抓到病毒
https://www.inside.com.tw/2018/10/29/edge-download-malware
駭客透過曝露在外的Docker Engine API來部署挖礦程式
https://www.ithome.com.tw/news/126690?fbclid=IwAR03Z7RGQmUbyYvrKa-GA0GJchok6ugw_AeEyw9i3jP43kFixXj_CbqsAkc
當心! 插入YouTube影片的Word文件可能讓惡意程式上身
https://www.ithome.com.tw/news/126688
惡名昭彰的殭屍網路病毒Mirai作者之一被判賠償860萬美元
https://www.ithome.com.tw/news/126699
Mac用戶當心,加密貨幣價格追蹤程式CoinTicker暗藏木馬
https://bit.ly/2yFIj14
從5隻病毒到物聯網 張明正:人體可能遭駭
https://bit.ly/2EVCfHd
マルウエアTSCookieの設定情報を正常に読み込めないバグ
https://blogs.jpcert.or.jp/ja/2018/10/tscookie-1.html
Researchers find Stuxnet, Mirai, WannaCry lurking in industrial USB drives
https://www.zdnet.com/article/almost-half-of-usb-drives-in-industrial-settings-pose-severe-security-risk/#ftag=RSSbaffb68
Crypto-Locking Kraken Ransomware Looms Larger
https://www.bankinfosecurity.com/crypto-locking-kraken-ransomware-looms-larger-a-11652
Malware Analysis for Blue Teams
https://www.bankinfosecurity.com/interviews/malware-analysis-for-blue-teams-i-4157
Kraken Cryptor ransomware merges with Fallout exploit kit, fees slashed to gain followers
https://www.zdnet.com/article/kraken-cryptor-ransomware-merges-with-fallout-exploit-kit/#ftag=RSSbaffb68
GandCrab ransomware crew loses $1M after Bitdefender releases free decrypter
https://www.zdnet.com/article/gandcrab-ransomware-crew-loses-1mil-after-bitdefender-releases-free-decrypter/#ftag=RSSbaffb68
Ransomware and the Case for Software-as-a-Service
https://medium.com/@benbob/ransomware-and-the-case-for-software-as-a-service-5268621dac33
Emotet malware gang is mass-harvesting millions of emails in mysterious campaign
https://www.zdnet.com/article/emotet-malware-gang-is-mass-harvesting-millions-of-emails-in-mysterious-campaign/
GPlayed Trojan's baby brother is after your bank account
https://www.zdnet.com/article/gplayed-trojans-baby-brother-is-after-your-bank-account/#ftag=RSSbaffb68
Windows Built-in Antivirus Gets Secure Sandbox Mode – Turn It ON
https://thehackernews.com/2018/10/windows-defender-antivirus-sandbox.html
Fresh GandCrab Decryptor Frees Data for Free
https://www.bankinfosecurity.com/fresh-gandcrab-decryptor-frees-data-for-free-a-11646
FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
https://thehackernews.com/2018/10/russia-triton-ics-malware.html
DDoS-for-Hire Service Powered by Bushido Botnet
https://bit.ly/2OU91gu
Malware Theory - Oligomorphic, Polymorphic and Metamorphic Viruses
https://bit.ly/2Obst34
Windows Defender becomes first antivirus to run inside a sandbox
https://www.zdnet.com/article/windows-defender-becomes-first-antivirus-to-run-inside-a-sandbox/
Stop Using Microsoft Edge To Download Chrome -- Unless You Want Malware
https://bit.ly/2EOQduo
GlobeImposter 2.0 Ransomware extension .docx!Demonstration of attack video review
https://bit.ly/2RklAyn
Windows 10 UWP bug could give malicious devs access to all your files
https://zd.net/2StYiYb
Mirai Co-Author Gets House Arrest, $8.6 Million Fine
https://www.bankinfosecurity.com/mirai-co-author-gets-house-arrest-86-million-fine-a-11648
Android banking malware found on Google Play with over 10,000 installs targets Brazil
https://lukasstefanko.com/2018/10/android-banking-malware-found-on-google-play-with-over-10000-installs-targets-brazil.html
Android/TimpDoor Turns Mobile Devices Into Hidden Proxies | McAfee Blogs
https://paper.li/Seifreed/1536123682#/
Chalubo Bot Family Launches Distributed Denial-of-Service Attacks Against Linux Systems
https://ibm.co/2CMcyWG
Employee Watched Porn at Work via 9000 Web pages Drops Malware on U.S Government Network
https://gbhackers.com/employee-watched-porn/
Satori Botnet's Alleged Developer Rearrested
https://www.bankinfosecurity.com/satori-botnets-alleged-developer-rearrested-a-11651
Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer
https://bit.ly/2CRUx9A
Google Play Store: these 23 Android applications hide a dangerous banking malware
https://grouvytoday.com/google-play-store-these-23-android-applications-hide-a-dangerous-banking-malware/6596/
B.行動安全 / iPhone / Android / App
Google可能強制要求廠商針對熱門機種 1年內提供至少4次安全更新 以改善漏洞問題
https://bit.ly/2D7nkYz
iOS 12 似乎又擋掉了警方用的密碼破解應用
https://www.kocpc.com.tw/archives/225005
蘋果公司封鎖警方破解出來的「後門」,然而沒公佈詳細情況。
https://www.techapple.com/archives/26615
童子賢:建議政府調降5G頻譜競標拍賣的標金
https://www.chinatimes.com/realtimenews/20181029001553-260412
5G投資額龐大 童子賢籲政府調降頻譜標金
https://bit.ly/2yFVChL
兩款AudioCodes IP Phone受中間人攻擊,將洩露Skype for Business帳號隱私
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5042
香港地區 Google Play 商店應用程式保安風險報告 (2018年 10 月)
https://www.hkcert.org/my_url/zh/blog/18103101
Apple's New MacBook Disconnects Microphone "Physically" When Lid is Closed
https://thehackernews.com/2018/10/apple-macbook-microphone.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29&_m=3n.009a.1862.kl0ao0dcsu.156u
Google Makes 2 Years of Android Security Updates Mandatory for Device Makers
https://bit.ly/2Jj4LRy
New iPhone Passcode Bypass Found Hours After Apple Releases iOS 12.1
https://thehackernews.com/2018/10/iphone-ios-passcode-bypass.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29&_m=3n.009a.1862.kl0ao0dcsu.1570
Why 5G (and even 6G) could put your business at risk for a cyberattack
https://www.techrepublic.com/article/why-5g-and-even-6g-could-put-your-business-at-risk-for-a-cyberattack/
scrounger: Mobile application testing toolkit
https://securityonline.info/scrounge/?fbclid=IwAR0sGwht2H6PxeEplAkmt6VhQX3fuBxBdorbFphMpVVpW2do_8cAWUC0L7I
ONION3G – SIM Card that Enables You To Connect Your Mobile Data via Tor & Anonymous Browsing
https://gbhackers.com/onion3g-sim-card-anonymously/
Apple Blocks GrayKey Passcode Cracking Tech With The Latest iOS 12 Update
https://bit.ly/2CStieS
Signal Secure Messaging App Now Encrypts Sender's Identity As Well
https://bit.ly/2qm855y
C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
107年資安技能金盾獎 臺大勇奪金盃
https://money.udn.com/money/story/10860/3444864
玉山資誠論壇10月31日舉行 教戰企業構築資安防線
https://times.hinet.net/news/22051458
資安影響企業營收 周建宏:傳統設備難應付攻擊
https://www.chinatimes.com/realtimenews/20181031003470-260410
「人才就像練肌肉,要用健康的組織結構吸引」:專訪資策會資安所長毛敬豪
https://www.inside.com.tw/2018/10/31/iii_csti_2018
到底在「鬼叫」什麼?盤點駭客搞怪手法
https://blog.trendmicro.com.tw/?p=57828
企業常遇到的四種網頁注入(Web Injection)攻擊
https://blog.trendmicro.com.tw/?p=57572
資誠:提前掌握網路威脅情資 可提高資安治理
https://tw.appledaily.com/new/realtime/20181031/1457919/
牛肉麵店老闆不單純 扮駭客改電郵詐騙貨款300萬
https://www.ettoday.net/news/20181031/1294718.htm
Tomorrowland 票務系統驚傳遭到駭客入侵,影響人數超過6萬人
https://bit.ly/2RoWTkd
給想學習黑客技術朋友們的一封信
https://hk.saowen.com/a/865f8f364337b6f3fe066e7d5fe77a428875cd34b46d986c212e15636435539a
智慧城市成愁城,Alphabet 陷於隱私僵局
https://technews.tw/2018/10/30/alphabet-sidewalk-labs-toronto-smart-city-privacy-nightmare/
REST範式替代品gRPC-Web釋出正式版
https://www.ithome.com.tw/news/126704?fbclid=IwAR2dobBw1YqXgbLoQ0wMxIGEsF8aeLu2alaV3g4f6v-tpU2JKpk29Hrj7es
Google隱形reCAPTCHA技術正式版出爐
https://www.ithome.com.tw/news/126702?fbclid=IwAR2YBKXiaX4HJipuQo7unc7wt0FnJ3aCCQePlc2FB_-0_dMjCHwvO_zWoFU
香港無人機表演遭干擾半數墮海
http://www.epochtimes.com/b5/18/10/29/n10814514.htm
定位系統遭入侵 旅發局取消無人機表演
https://bit.ly/2zaHWuC
GPS遭黑客入侵 美酒佳餚被迫取消無人機表演
http://www.orangenews.hk/news/system/2018/10/27/010102052.shtml
中共駭客攻擊現新證據 中國電信當黑手
http://tw.aboluowang.com/2018/1027/1195211.html
劫持西方重要網絡 中共以入網點截取資訊
http://www.epochtimes.com/b5/18/10/27/n10812177.htm
中國電信長期挾持經過美國與加拿大的流量
https://bit.ly/2zbluSj
9月來第三起! 中國情報官員遭控竊取美民用航空機密
https://money.udn.com/money/story/10511/3452130
中國電信劫持北美網路,挑動美方資安神經
https://technews.tw/2018/10/30/china-telecoms-bgp-hijacking/
不只假新聞!中國網攻密集 年底大選成為「練兵場」
https://www.upmedia.mg/news_info.php?SerialNo=50854
中國10名情報人員與駭客被控偷竊美國飛機引擎的技術
https://www.cmmedia.com.tw/home/articles/12552
兩個月三起!美密集起訴中共情報官員
https://bit.ly/2Q89AQe
竊取飛機引擎機密 美起訴10名中國間諜駭客
https://tw.news.appledaily.com/international/realtime/20181031/1457519/
美國NCSA及Intel合作UpdateMeow專案,提醒系統更新重要性
https://twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=770
歐洲之星系統遭未授權存取,已重置客戶密碼
https://twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=878
新加坡政府建構基礎設施,國民身分數位化加速金融科技發展
http://news.knowing.asia/news/be55b904-d6c6-4510-b651-dd7336b0c051
身懷此絕技 日本給你2千萬年薪
https://www.secretchina.com/news/b5/2018/10/31/875145.html
日本自衛隊擬招聘「白帽駭客」 年薪數千萬日圓
https://www.chinatimes.com/realtimenews/20181026002490-260408
日本政府招募白帽駭客,年薪相當新台幣 550 萬元
http://technews.tw/2018/10/29/japan-government-hiring-hackers-as-internet-defense/
網路攻擊威脅日益增多 日本自衛隊擬對外招聘「白色駭客」
https://hk.aboluowang.com/2018/1029/1196155.html
Cost of cybercrime to double to $6trn by 2021
http://saudigazette.com.sa/article/546335/BUSINESS/Cost-of-cybercrime-to-double-to-$6trn-by-2021?linkId=58961114
Bleedingbit zero-day chip flaws may expose majority of enterprises to remote code execution attacks
https://www.zdnet.com/article/new-bleedingbit-zero-day-vulnerabilities-impact-majority-of-enterprises-at-the-chip-level/#ftag=RSSbaffb68
CIA Vault7 leaker to be charged for leaking more classified data while in prison
https://www.zdnet.com/article/cia-vault7-leaker-to-be-charged-for-leaking-more-classified-data-while-in-prison/#ftag=RSSbaffb68
Cloud hosting is the secure solution you've been seeking
https://www.zdnet.com/article/cloud-hosting-is-the-secure-solution-youve-been-seeking/#ftag=RSSbaffb68
AustCyber to figure out what 'cyber skills' actually are
https://www.zdnet.com/article/austcyber-to-figure-out-what-cyber-skills-actually-are/#ftag=RSSbaffb68
US-CERT issues guide on how to properly dispose of your electronic devices
https://www.zdnet.com/article/us-cert-issues-guide-on-how-to-properly-dispose-of-your-electronic-devices/#ftag=RSSbaffb68
Did Google Bow To China In Refusing To Provide AI Technology For U.S. Defense
https://bit.ly/2DeznUb
US charges two Chinese intelligence officers 'and their team of hackers'
https://www.zdnet.com/article/us-charges-two-chinese-intelligence-officers-and-their-team-of-hackers/#ftag=RSSbaffb68
Computer Hacker Who Launched Attacks On Rutgers University Ordered To Pay $8.6m Restitution;
Sentenced To Six Months Home Incarceration
https://bit.ly/2OZTLhV
Analysis of North Korea's Internet Traffic Shows a Nation Run Like a Criminal Syndicate
https://www.securityweek.com/analysis-north-koreas-internet-traffic-shows-nation-run-criminal-syndicate
Arrest Of Intelligence Officer Sparks Fears Of Chinese Hacking Attack
https://www.cybersecurityintelligence.com/blog/arrest-of-intelligence-officer-sparks-fears-of-chinese-hacking-attack-3843.html
U.S. Maritime Industry Not Prepared for Future Cyber Attacks
https://www.multivu.com/players/English/84339241-jones-walker-2018-maritime-cybersecurity-survey-results/
4 Tips to Prevent Cyber Attacks
http://www.taylordata.com/4-tips-to-prevent-cyber-attacks/
Satellites of Canadian military operations are vulnerable to Cyber Attacks
https://www.cybersecurity-insiders.com/satellites-of-canadian-military-operations-are-vulnerable-to-cyber-attacks/
Cryptocurrency Clipboard Hijacker Discovered in PyPI Repository
https://bit.ly/2OX4eL1
We asked 100 people to name a backdoored router. You said 'EE's 4GEE HH70
https://bit.ly/2SoqKuz
Copyright Office Ruling Issues Sweeping Right to Repair Reforms
https://bit.ly/2Q1Wl3I
Pocket iNET ISP Exposed 73GB of Sensitive Data On Misconfigured S3 Bucket
https://bit.ly/2ObDW2o
Taiwan to share Chinese hacks data with private companies
https://on.ft.com/2Pp76Qh
Hacking Health Care: Silicon Valley’s Solutions To Elderly Care, Diabetes And More
https://bit.ly/2qei8tJ
Hackers Are So Fed Up With Twitter Bots They’re Hunting Them Down Themselves
https://bit.ly/2PshLK7
How you can improve your workflow using the JavaScript console
https://medium.freecodecamp.org/how-you-can-improve-your-workflow-using-the-javascript-console-bdd7823a9472
Army of 01101111: The Making of a Cyber Battalion
https://medium.com/@WIRED/army-of-01101111-the-making-of-a-cyber-battalion-3f1b39eed5d3
Quantum Computers Will Break the Encryption That Protects the Internet
https://medium.com/@the_economist/quantum-computers-will-break-the-encryption-that-protects-the-internet-88f6ff0aa0af
NodeJS Authentication with Password and JWT in Express
https://medium.com/@therealchrisrutherford/nodejs-authentication-with-passport-and-jwt-in-express-3820e256054f
Microsoft team members share the structure of Windows Kernel
https://bit.ly/2SrThPU
A few dollars to bring down sites with new Bushido-based DDoS-for-hire service
https://securityaffairs.co/wordpress/77413/hacking/bushido-ddos-for-hire-service.html
5 tips to keep your data safe and secure
https://bit.ly/2EPSRQE
How To Prevent Your Business Becoming Collateral Damage Of Geopolitical Cyber Conflict
https://bit.ly/2OaCvRT
Important information about the new capability of broadFileSystemAccess in UWP apps
https://bit.ly/2qguWiX
PasteJacker - Add PasteJacking To Web-Delivery Attacks
https://bit.ly/2RnKLQn
Multiple open source communities will discuss moving from mailing lists to forums
https://bit.ly/2zaV2s0
Clickjackings in Google worth 14981.7$
https://bit.ly/2qi9k66
Chrome OS 70 officially launched: Material Design style themes
https://bit.ly/2CNXV5l
Preventing Mimikatz Attacks
https://medium.com/blue-team/preventing-mimikatz-attacks-ed283e7ebdd5
How to Prevent a Cryptocurrency Exchange Hack with Kralanx
https://bit.ly/2SseZ6a
What a crane in the ass: Bug leaves construction machinery vulnerable to evil command injection
https://bit.ly/2qjNVcE
SILENTTRINITY – A Post-Exploitation Agent Powered By Python, IronPython, C#/.NET
https://bit.ly/2CPjaDG
Healthcare Security Summit Speaker on Vendor Risk Management
https://bit.ly/2AAiosR
New Internet Search Resources (OSINT)
https://inteltechniques.com/blog/2018/10/29/new-internet-search-resources-osint/
HOW CRITICAL IS INCIDENT RESPONSE MANAGEMENT TO ANY BUSINESS
https://www.eccu.edu/how-critical-is-incident-response-management-to-any-business/
US bans exports to Chinese DRAM maker citing national security risk
https://zd.net/2PtjGOI
5 Most Important Things to Consider When Selecting a VPN for Streaming
https://gbhackers.com/vpn-for-streaming/
NY Man Arrested for Cutting Wires to Red Light Cameras, Exposing Revenue Scheme
https://bit.ly/2OZUXSG
Google launches reCAPTCHA v3 that detects bad traffic without user interaction
https://www.zdnet.com/article/google-launches-recaptcha-v3-that-detects-bad-traffic-without-user-interaction/#ftag=RSSbaffb68
Password Cracker - Generating Passwords with Recurrent Neural Networks (LSTMs)
https://towardsdatascience.com/password-cracker-generating-passwords-with-recurrent-neural-networks-lstms-9583714a3310
Secure communications basics for journalists
https://medium.com/the-walkley-magazine/secure-comms-for-journalists-cryptoaustralia-3855b9c5791f
Boards have wider cyber security awareness but still struggle to manage risks
https://betanews.com/2018/10/30/board-level-security-awareness/
Introducing AdaNet: Fast and Flexible AutoML with Learning Guarantees
https://bit.ly/2F5ZY7N
THE BIGGEST CYBER HAWK AND PRYING EYE THREATS TO THE WORLD
https://bit.ly/2Ro7aNF
Google won't let you sign in if you disabled JavaScript in your browser
https://www.zdnet.com/article/google-wont-let-you-sign-in-if-you-disabled-javascript-in-your-browser/#ftag=RSSbaffb68
徵才 - 駐點資安維運工程師(外商)
https://www.104.com.tw/job/?jobno=6eofm
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷
提防網上應用程式編程漏洞 洩露個人資料
https://www.hkcert.org/my_url/zh/blog/18103001
《病毒30演變史》歷年駭客/詐騙集團經典語錄
https://blog.trendmicro.com.tw/?p=57207
航空公司爆數據洩漏 企業資訊保安要做足
https://bit.ly/2Q6ZDSY
英國航空承認再有18.5萬客戶資料遭黑客入侵外洩 包括信用卡資料
https://bit.ly/2yCurEM
國泰航空個資外洩!乘客爆信用卡被盜
https://bit.ly/2RrNyrS
國泰航空遇駭洩顧客個資 確認5個月後才認挨轟
https://money.udn.com/money/story/5599/3442625
國泰洩密補救措施 恐未對症下藥
https://bit.ly/2Q3fz90
國泰航空個資外洩!乘客爆信用卡被盜刷 受害者不止一人
https://www.setn.com/News.aspx?NewsID=449699
上月才出事!英航坦承又有18.5萬乘客個資外洩
http://news.ltn.com.tw/news/world/breakingnews/2593134
又有航空公司爆資安漏洞 乘客個資上網就能查到
http://news.ltn.com.tw/news/world/breakingnews/2596084
國泰航空驚爆資安醜聞 系統半年前被駭 940萬筆乘客個資外洩
https://news.cnyes.com/news/id/4225795
國泰私隱外洩事主收「可疑電郵」 促再提供個人資料
https://bit.ly/2CN4hSl
外洩資料永存Dark Web 保安專家︰有機會幾年後被盜用
https://hk.finance.appledaily.com/finance/realtime/article/20181031/58855534
【CX洩私隱】英航國泰先後資料外洩 「寰宇一家」會員連環中招
https://hk.news.appledaily.com/local/realtime/article/20181026/58837941
電子登機證爆漏洞 改幾隻字即睇其他乘客個人資料
https://hk.news.appledaily.com/local/realtime/article/20181030/58851244
稍改網址 私隱盡洩 港航網大漏洞 登機證資料任睇
https://hk.news.appledaily.com/local/daily/article/20181030/20534131
香港航空電子登機證洩私隱 改網址字母任睇其他乘客個人資料 方保僑:恐違 GDPR 遭重罰
https://bit.ly/2SuHmAE
4大陷阱 施小惠誘人誤成詐騙共犯
http://news.ltn.com.tw/news/society/breakingnews/2594515
偽裝成「美女」勾搭騙財 浙江臨海警方抓獲網路詐騙團伙
https://news.sina.com.tw/article/20181026/28611804.html
失業男偷OL信用卡 塗改盜刷買手機變現
https://tw.appledaily.com/new/realtime/20181028/1455552/
機械公司遭夫妻竄改電郵詐騙 差1字損失293萬
http://news.ltn.com.tw/news/society/breakingnews/2597481
遇手機信號4G變2G千萬注意,當心網銀、支付帳戶餘額全部「蒸發」
https://ek21.com/news/1/141119/
「網路購物設定錯誤」 詐騙集團得手上百萬
https://udn.com/news/story/7320/3450791
專騙一般民眾的郵件詐騙手法激增,對方聲稱知道你的密碼,並以恐嚇方式騙取比特幣
https://www.ithome.com.tw/news/126766
ATM當機匯款被吞 女子意外躲過電信詐騙
http://www.epochtimes.com/b5/18/11/1/n10822962.htm
提防網上應用程式編程漏洞 洩露個人資料
https://www.hkcert.org/my_url/zh/blog/18103001
Phishing for knowledge
https://securelist.com/phishing-for-knowledge/88268/
British Airways: additional 185,000 passengers may have been affected
https://bit.ly/2yEnjYu
British Airways Hack Update: 185,000 More Customers Found Affected
https://bit.ly/2JqKg5C
UK Facebook Fine: Just the Beginning
https://www.bankinfosecurity.com/interviews/uk-facebook-fine-just-beginning-i-4155
Cathay Pacific Suffered Data Breach Affecting 9.4 Million Customers
https://bit.ly/2O9UY0R
Cathay Pacific Breach: What Happened
https://www.bankinfosecurity.com/cathay-pacific-breach-what-happened-a-11644
British Airways Finds Hackers Stole More Payment Card Data
https://www.bankinfosecurity.com/british-airways-finds-hackers-stole-more-payment-card-data-a-11645
How to spot a phishing email
https://medium.com/@sreeram.networking/how-to-spot-a-phishing-email-d4673f6f5939
How to Block Robocalls and Spam Calls
https://medium.com/pcmag-access/how-to-block-robocalls-and-spam-calls-32a3429c3cab
Facebook Fined £500,000 for Cambridge Analytica Data Scandal
https://bit.ly/2SoctOj
Girl Scouts Alerted to Possible Data Breach
https://bit.ly/2zcATSd
E.研究報告
新一代 React API — React Hooks
https://bit.ly/2OZDzgT
WebExec漏洞原理與分析淺談
https://www.anquanke.com/post/id/162884
從Scrum到ScrumBan-實例記錄和分析
https://bit.ly/2yEzd4v
打造超省 CentOS 家用伺服器
https://bit.ly/2JpG1Y5
從WebLogic 看反序列化漏洞的利用與防禦
https://paper.seebug.org/728/
CTF編碼全家桶
https://bit.ly/2CL42r9
看!這裡有三種非Web型的XSS注入漏洞
https://xz.aliyun.com/t/3048
Gmail 和Google 的兩個XSS 老漏洞分析
https://toutiao.io/posts/s2p72q/preview
漏洞戰爭-cve-2010-2883
https://bbs.pediy.com/thread-247518.htm
賽門鐵克郵件網關身份驗證繞過漏洞(CVE-2018-12242)分析
https://www.zkaq.org/?t/1431.html
探尋Metasploit Payload模式背後的秘密
https://bit.ly/2ProvrB
OpenSSL-CVE-2015-1793漏洞分析
http://www.mottoin.com/tech/122368.html
Ping死你!| Apple CVE-2018-4407 內核漏洞利用與修復
https://www.anquanke.com/post/id/163080
對某HWP漏洞樣本的分析
https://www.anquanke.com/post/id/163085
網絡安全基礎,緩衝區溢出漏洞解析
https://hk.saowen.com/a/d5bd065eaff4c341e242ec2c49d057f68403f2435ebb7e756ed5b09d724fd946
Build a progressive web app using Vue CLI 3
https://bit.ly/2OYMsHh
JQShell - A Weaponized Version Of CVE-2018-9206
https://bit.ly/2AzTxFz
Out-of-Bounds write in systemd-networkd dhcpv6 option handling
https://bit.ly/2AzT5XT
Brass Horn Comms - Onion3G
https://bit.ly/2zccAnh
Cybersecurity Future Trends: Why More Bots Means More Jobs
https://ibm.co/2qdBCyz
Cloudflare WAF Bypass Vulnerability Discovered
https://bit.ly/2EWxFZo
Lynis 2.7.0 releases: Open source auditing in Linux system
https://bit.ly/2CK6luu
Not Your Ordinary OSCP Review
https://bit.ly/2z8EOiR
vuLnDAP: A vulnerable LDAP based web app written in Golang
https://bit.ly/2zbP4XQ
Top Five Ways the Red Team breached the External Perimeter
https://bit.ly/2RlZc7O
Top Five Ways I gained access to Your Corporate Wireless Network (Lo0tBo0ty KARMA edition)
https://bit.ly/2qecI1F
Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)
https://bit.ly/2z6tUdz
Questions RE: setting up Lightning Node on Raspberry Pi with Stadicus' guide
https://bit.ly/2CMahuz
Beginner’s Guide to ️⚡Lightning️⚡ on a Raspberry Pi
https://bit.ly/2Pqz0LQ
kemon: Open-Source Pre macOS Kernel Monitoring
https://securityonline.info/kemon/
Top 10 Penetration Testing & Ethical Hacking Linux Distributions – 2018
https://gbhackers.com/top-10-penetration-testing-ethical-hacking-linux-distributions/
maltrail v0.10.500 releases: Malicious traffic detection system
https://bit.ly/2OVGUxq
Ethical-Hacking-Resources
https://bit.ly/2z6HeyG
memtriage: quickly query a Windows machine for RAM artifacts
https://bit.ly/2JibsmO
repo-security-scanner: finds secrets accidentally
https://bit.ly/2z9tOSn
PhishX –Spear Phishing Tool for Capturing Credentials
https://bit.ly/2qfjbcS
admin-panel-finder: A powerful admin login page finder in python
https://bit.ly/2AuK56e
OWASP Mutillidae II 2.6.71 releases
https://bit.ly/2O8osMI
WMImplant: RAT powershell Tool
https://bit.ly/2Jj0cXv
HOW TO BUILD YOUR OWN ROGUE GSM BTS FOR FUN AND PROFIT
https://bit.ly/2SmjhMm
BUILD A LAPTOP WITH RASPBERRY PI
https://bit.ly/2D85ogw
Superando la carencia de talento en ciberseguridad
https://bit.ly/2OaorHW
CrabStick v2.0.0 releases: Automatic LFI/RFI vulnerablity analysis and exploit tool
https://bit.ly/2EKj6I2
Ropper v1.11.8 releases: find gadgets to build rop chains for different architectures
https://bit.ly/2OTF6os
WiFi-Pumpkin v0.8.7 beta released, Framework for Rogue Wi-Fi Access Point Attack
https://bit.ly/2EZewFQ
hate_crack v1.06 released: automating cracking methodologies through Hashcat
https://bit.ly/2zfcsno
hashcat v5.0 releases: advanced password recovery utility
https://bit.ly/2ET8KWn
API reference
https://developer.android.com/reference/
Web Architecture 101
https://bit.ly/2OS3OWi
Nemea: System for network traffic analysis and anomaly detection
https://securityonline.info/nemea/
XSStrike v3.0 beta released: advanced XSS detection and exploitation suite
https://securityonline.info/xsstrike/?fbclid=IwAR1lsVOwWOqnL0l3gpSZF-0boj7rQqembyoIvnIsq5oa6ba6s_pO-DETzWE
Cyberry: 1 Vulnhub Hacking Challenge Walkthrough
https://bit.ly/2zaJDs1
subfinder v1.2 releases: subdomain discovery tool
https://securityonline.info/subfinder/?fbclid=IwAR17WZ5D15Gs0Cem1uH9_Hp2TSXM1rpE_RmFD2SQcWrxEBZh3ymeLV5JiIk
Cyberry: 1 Vulnhub Hacking Challenge Walkthrough
https://bit.ly/2EOZkLB
Leaked: iOS 12.1 will be released on October 30th
https://bit.ly/2qfGJOL
subfinder v1.2 releases: subdomain discovery tool
https://securityonline.info/subfinder/?fbclid=IwAR3sw-DL4SDnVnyhBA24SqZMiYMqGLLEqcXYbya-rQN-1XeomL9MsZNEVl0
DependencyCheck v3.3.4 releases: detects publicly disclosed vulnerabilities in application dependencies
https://bit.ly/2PY8qqq
Hawkeye scanner-cli v1.3.3 releases: security/vulnerability/risk scanning tool
https://securityonline.info/hawkeye/?fbclid=IwAR0aheBUFniY7I8ZZFzMUqv54_kpYwqRKl9oNg2hhJ11CWlj4ZcBVi9XxdM
DOGE: Darknet Osint Graph Explorer
https://bit.ly/2JnFohp
blitz: Incident Response Automation Framework
https://securityonline.info/blitz/
Recon-ng – Open Source Intelligence (OSINT) Reconnaissance Framework
https://bit.ly/2Rn6KXS
Metadata-Attacker : A Tool To Generate Media Files With Malicious Metadata
https://kalilinuxtutorials.com/metadata-attacker/
ADRecon: Active Directory gathering information tool
https://bit.ly/2Q6rZNg
Faraday v3.2 - Collaborative Penetration Test and Vulnerability Management Platform
https://www.kitploit.com/2018/10/faraday-v32-collaborative-penetration.html?utm_source=dlvr.it&utm_medium=facebook
Dirhunt – Search and Analyze Target Domain Directories
https://bit.ly/2zdyDu6
Kotlin 1.3 Released with Coroutines, Kotlin/Native Beta, and more
https://bit.ly/2Q4s6ZH
Kodachi 5.0 The Secure OS
https://www.digi77.com/linux-kodachi/?fbclid=IwAR0bGz2WrufUNfw-lgitj1rYlj1Uc0wsFJRkDjsG5UiQtQn1wo9j_CDqu8c
Benefits of DNS Service Locality
https://ubm.io/2yBZd0k
Modern Microprocessors A 90-Minute Guide
https://bit.ly/2OYwRYo
Xori – Custom disassembly framework
https://securityonline.info/xori-custom-disassembly-framework/
hardentools v2.0-rc1 releases: disables a number of risky Windows features
https://bit.ly/2RoC3By
strace v4.25 releases: diagnostic, debugging and instructional userspace utility
https://bit.ly/2ACiGzx
Android Studio 3.4 Canary 2 Releases
https://bit.ly/2zhqhBE
munin v0.9.1 released: Online hash checker for Virustotal and other services
https://bit.ly/2DbMYvz
pcileech 3.6 releases: Direct Memory Access (DMA) Attack Software
https://bit.ly/2qmLC8M
rsyslog v8.39.0 releases: a Rocket-fast SYStem for LOG processing
https://securityonline.info/rsyslog/?fbclid=IwAR07gQN70aVKjp-ftB_bYkXcSBn5ss_fT8eR8MnGT4LoDPRREV-RPT7y1u8
manticore v0.2.2 releases: Dynamic binary analysis tool
https://bit.ly/2DfjZH8
F.商業
網路資安與雲服務成長帶動 零壹前三季獲利年增逾25% EPS 1.5元
https://news.cnyes.com/news/id/4226494
中華電打造 SDN管控及軟體式雲端資料中心方案
https://money.udn.com/money/story/5612/3444895
330億美元買下Red Hat IBM成立107年來最大手筆併購
https://udn.com/news/story/6811/3448114
遠通電收導入DynaShield 把關個資更全面
https://www.chinatimes.com/newspapers/20181030000396-260210
Mesosphere釋出DC/OS 1.12版,通吃多雲及邊緣運算環境
https://www.ithome.com.tw/news/126689
納入網址過濾與內容安全即時分析,Akamai強化網頁瀏覽防護
https://www.ithome.com.tw/review/126694
讓AMD產品時程準確到位的Infinity Fabric
https://bit.ly/2RsCSte
容器資安新創Aporeto推新產品,提供VMware Kubernetes引擎環境監控、資安服務
https://www.ithome.com.tw/news/126797
IBM Buys "Red Hat" Open-Source Software Company for $34 Billion
https://bit.ly/2Pz3TxJ
G.政府
資料被鎖在銀行公平嗎?金管會研究OpenBanking
https://bit.ly/2Ob7dKJ
亞太洗錢防制10天後來台 受檢名單出爐「跌破金管會眼鏡」
https://bit.ly/2PpFQkF
用FinTech重現台灣科技島榮耀 顧立雄鼓勵大小錢都用行動支付
https://news.cnyes.com/news/id/4228126
比特幣如何課稅 關鍵在明年金管會定義
https://www.ettoday.net/news/20181030/1293520.htm
H.工控系統 SCADA / ICS Security
周末充電課程,進階智能設備漏洞挖掘
https://read01.com/AJdNeeO.html#.W9m1x5MzbIU
智慧製造系統開始連網 流量可視化與資安需求浮現
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=50&cat2=25&id=0000545665_9pk7eqpo532sdg6v1x0mq
工業4.0高風險?台積電資安事件後,「每個工廠都很害怕!」
https://www.cw.com.tw/article/article.action?id=5092718
研華改善WebAccess HMI/SCADA遠端監控軟體數項弱點
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5041
Advisory (ICSA-18-296-01) Advantech WebAccess
https://bit.ly/2qgKHq8
What you need to know about Cybersecurity when adopting IIoT solutions
https://iiot-world.com/cybersecurity/what-to-know-about-cybersecurity-when-adopting-iiot-solutions/
This is how hackers can take down our critical energy systems through the Internet
https://www.zdnet.com/article/this-is-how-hackers-can-take-down-our-core-water-energy-systems/#ftag=RSSbaffb68
Medical Device Security Best Practices From Mayo Clinic
https://www.bankinfosecurity.com/interviews/medical-device-security-best-practices-from-mayo-clinic-i-4159
I.教育訓練類
Kali學習筆記
https://www.cnblogs.com/xuyiqing/category/1213186.html
Open Source Summit Europe & ELC + OpenIoT Summit Europe 2018
https://bit.ly/2yDYADm
An introduction to Raspberry Pi GPIO
https://bit.ly/2zbxKlz
Xcode and LLDB Advanced Debugging Tutorial: Part 1
https://medium.com/@fadiderias/xcode-and-lldb-advanced-debugging-tutorial-part-1-31919aa149e0
Introduction to LFI/RFI vulnerabilities and their mitigation - Local and Remote File Inclusion hack
https://bit.ly/2yKP2XB
How to create a Bitcoin wallet address from a private key
https://medium.freecodecamp.org/how-to-create-a-bitcoin-wallet-address-from-a-private-key-eca3ddd9c05f
How you can protect Microsoft Exchange from cyber attacks
https://medium.com/iron-bastion/protecting-microsoft-exchange-from-cyber-attacks-a8c38f68a06b
Cyberwar 101
https://medium.com/@gentrylane/cyberwar-101-4fcc98671bdf
The Complete JavaScript Handbook
https://medium.freecodecamp.org/the-complete-javascript-handbook-f26b2c71719c
How can I prevent 'grep' from showing up in ps results?
https://bit.ly/2Dgdkwm
Python to PHP Communication — How to Connect to PHP services using Python
https://medium.com/@rossbulat/python-to-php-communication-how-to-connect-to-php-services-using-python-f48893a2c98e
三十篇資安實例分享及解析DAY 18--三立電視台離職工程師,涉嫌利用「洋蔥網路」,駭入三立的網路影音平台
https://ithelp.ithome.com.tw/articles/10205355
三十篇資安實例分享及解析DAY 19--個資蟑螂集團
https://ithelp.ithome.com.tw/articles/10205547
三十篇資安實例分享及解析DAY 22--內政部舉辦「身分證明文件再設計徵選活動」,遭對案駭客攻擊
https://ithelp.ithome.com.tw/articles/10206573?sc=rss.qu
1.45億條個人資訊被洩露?看看裡面有你嗎?【鐵人挑戰13天】
https://ithelp.ithome.com.tw/articles/10204786
J.玄武實驗室每日安全動態推送
每日安全動態推送(10-29)
https://tw.weibo.com/xuanwulab/4300462834379282
每日安全動態推送(10-30)
https://tw.weibo.com/xuanwulab/4300804028367372
每日安全動態推送(10-31)
https://tw.weibo.com/xuanwulab/4301169909596672
每日安全動態推送(11-01)
https://tw.weibo.com/xuanwulab/4301529848430711
每日安全動態推送(11-02)
https://tw.weibo.com/xuanwulab/4301896077828442
K.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
為企業物聯網而生,BlackBerry Spark 超安全連接設計,讓隱私保護不再妥協
https://bit.ly/2JrcEVe
虎頭山物聯網基地動土 亞洲矽谷計畫再邁步
https://bit.ly/2P4uxzj
美國會報告:中共將「物聯網漏洞」武器化
http://www.epochtimes.com/b5/18/10/30/n10818464.htm
物聯網時代資安風險遽增 專家:防不勝防
https://bit.ly/2JymOU7
Ceiling Analysis in Deep Learning and Software Development
https://bit.ly/2z5Gbz1
IoT: Solving the problem of connectivity on the move
https://www.zdnet.com/article/iot-solving-the-problem-of-connectivity-on-the-move/#ftag=RSSbaffb68
L.CTF
Lampião: 1 Vulnhub CTF Challenge Walkthrough
https://bit.ly/2yI1SFN
Jarbas: 1 Vulnhub CTF Challenge Walkthrough
https://bit.ly/2yAZ51d
SECCON 2018 – Web Ghostkingdom 題解
https://bit.ly/2P4UJd3
CTFs
https://ctftime.org/ctfs
Google CTF
https://capturetheflag.withgoogle.com/
4.近期資安活動及研討會
ISDA 白帽駭客巡迴入門〈1〉11/03
https://reg.isda.org.tw/info.php?no=28
【課程】機器視覺原理與實作,從影像處理到動態分析物體追蹤,用Python+OpenCV打造實際應用 11/3
https://bit.ly/2ReY6dQ
Machine Learning Study Group Session#7: Deep Learning with Python 11/3
https://www.meetup.com/Women-Who-Code-Taipei/events/255844670/
Building and Investigation with EnCase? (DF210) (原CF2) 11/5 ~ 11/8
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=41
Imperva 2018 資安趨勢論壇 11/7
https://seminar.ithome.com.tw/live/20181107Imperva/index.html
ANSYS CFX進階訓練課程 11/7 ~ 11/8
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3705&from_course_list_url=homepage
Functional Thursday #69 (時間更動:11/8)
https://www.meetup.com/Functional-Thursday/events/255503800/
【課程】Apache Spark 大數據處理平台技術實務,企業主流、超高速運算,結合機器學習套件進行實作 11/9
https://www.techbang.com/posts/59350-apache-spark-large-data-analysis-combat
亥客書院 - DDoS原理與實務 11/10
https://hackercollege.nctu.edu.tw/?p=774
認證系統安全從業人員SSCP輔導班 11月10日至11月18日
https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=277
新型態資安實務示範課程教學教師研習營 11/10 ~ 11/11
https://docs.google.com/forms/d/e/1FAIpQLScCByNq_aQ6kIXawayMQPq9yMTtlFXkQ6JVTPrtpBh3TVGzoA/viewform
Magnet原廠授權認證課程Magnet AXIOM Examinations 11/12 ~ 11/15
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=42
SQL Migration to Azure Data service實作課 11/13
https://bit.ly/2Nx6tiy
資安趨勢與企業因應管理(可抵內稽) 11月13日
https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=280
Amber MD 軟體訓練課程 11/14 ~ 11/15
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3706&from_course_list_url=homepage
DRBL與Clonezilla「集中管理環境」進階課程 11/14 ~ 11/15
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3697&from_course_list_url=homepage
主機系統效能監控 11/15
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3726&from_course_list_url=homepage
TANet區/縣(市)網路效能量測系統建置實務+雲端量測之介紹與實務 11/16
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3758&from_course_list_url=homepage
原廠認證Cellebrite Certified Operator (CCO) 11/19 ~ 11/20
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=43
Fortinet 2018 數位 X 資安 轉型論壇 11/15
https://seminar.ithome.com.tw/live/2018fortinet/index.html?eDM_V1
Python 應用教學課程-微分方程求解 1~2 11/16 ~ 11/23
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3749&from_course_list_url=homepage
【課程】Raspberry Pi 3樹莓派遊戲機實作,GPIO教學、傳感器應用、系統整合,入門到應用一天學會 11/17
https://bit.ly/2qelKfh
網站安全與稽核簡介(Ⅰ)(可抵內稽) 11月15日
https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=281
系統弱點分析與安全測試實務 11/20
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3764&from_course_list_url=homepage
網站安全與稽核簡介(Ⅱ)(可抵內稽) 11月23日
https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=282
認證資訊系統安全專家 CISSP 輔導班 11月24日至12月8日
https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=278
Metasploit與滲透測試實務 11/25 ~ 11/26
https://hackercollege.nctu.edu.tw/?p=641
【課程】區塊鏈技術實作,學習DApp去中心化應用、動手寫智能合約、發行自己專屬的代幣 11/26 11/28
https://www.techbang.com/posts/61972-courses-blockchain-dapp-smart-contracts
平行計算程式設計基礎課程 11/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3701&from_course_list_url=homepage
Taipei.py 十一月月會 (Monthly Meeting) 2018 11/29
https://www.meetup.com/Taipei-py/events/255543630/
開源碼WAF實作 11/29
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3765&from_course_list_url=homepage
網路攻防實務 11/29
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3539&from_course_list_url=homepage
Python 應用教學課程-平行處理 1~3 11/30 ~ 12/14
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3750&from_course_list_url=homepage
【課程】Kubernetes(K8S)實戰班,容器編排管理絕佳工具,理論實作並重,有效打造企業級 DevOps 環境 12/1 12/2
https://bit.ly/2rAkB2q
ABAQUS基礎訓練課程 12/4 ~ 12/6
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3709&from_course_list_url=homepage
EnCase EnCE 認證考試 Preparation 課程 12/5 ~ 12/7
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=44
TANet/TWAREN監控平台與即時流量異常偵測系統介紹 12/6
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3766&from_course_list_url=homepage
駭客入侵調查暨資安緊急應變實務 12/10 ~ 12/11
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=45
TANet/TWAREN監控平台與即時流量異常偵測系統介紹 12/11
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3767&from_course_list_url=homepage
網路封包分析 12/13
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3654&from_course_list_url=homepage
台灣駭客年會 HITCON Pacific 2018 12/13 ~ 12/14
https://hitcon.kktix.cc/events/hitcon-pacific-2018
亥客書院 - 進階網頁滲透測試 12/15
https://hackercollege.nctu.edu.tw/?p=323
Python 應用教學課程-雲端服務 1~3 12/21 ~ 1/4
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3753&from_course_list_url=homepage
專業手機暨硬碟資料救援教育訓練課程 12/26 ~ 12/28
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=46
系統日誌分析實務 12/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3653&from_course_list_url=homepage
亥客書院 - 高階網頁滲透測試 2019/1/5
https://hackercollege.nctu.edu.tw/?p=768
沒有留言:
張貼留言