資安新聞及事件週報 2018/11/12 ~ 2018/11/16
1.重大弱點漏洞
PostgreSQL 遠端執行任意程式碼漏洞
https://www.auscert.org.au/bulletins/71634
PS4破解新跳板,竟然是透過HDMI CEC觸發漏洞
https://www.techbang.com/posts/62562-ps4-cracked-the-new-springboard-even-through-the-hdmi-cec-trigger-vulnerability
安裝再等等!Windows 10十月更新再傳損毁磁碟映射、不相容趨勢防毒
https://bit.ly/2QMk5sX
韓研究人員驚爆 D-Link 韌體又有 10 大漏洞
https://bit.ly/2K8fU8f
小米路由器青春版存在代碼執行漏洞
http://www.cnvd.org.cn/flaw/show/CNVD-2018-21078
Nginx 漏洞致 1400 萬台伺服器受 DoS 攻擊
https://bit.ly/2DkX4t9
Nginx 漏洞(CVE-2018-16843,CVE-2018-16844)
http://blog.51cto.com/falconfei/2315598
伺服器軟體Nginx兩模組瑕疵恐衍生DoS
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5048
VMware vmxnet3 堆疊記憶體初始化漏洞
https://www.vmware.com/security/advisories/VMSA-2018-0027.html
小蟻家用攝影機27US型驚現一打嚴重漏洞
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5047
Red Hat JBoss 洩露資料漏洞
https://www.auscert.org.au/bulletins/71610
儘速更新,WordPress的GDPR套件漏洞雖修復,但已遭利用並傳出災情
https://twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=881
研究人員首次發現 GPU 存在側通道安全漏洞 NVIDIA GPU 或成攻擊目標
https://bit.ly/2QEyU0z
Nvidia遭爆GPU存在旁路攻擊漏洞, 駭客能取得CUDA應用程式內部參數
https://www.ithome.com.tw/news/127063
交換機系統Asterisk配置記憶體不足,肇生存取衝突
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5049
WordPress外掛WooCommerce爆遠端程式攻擊漏洞,逾400萬網站受累
https://www.ithome.com.tw/news/126945
Google Home 智能音響現首個無接觸攻破漏洞
https://t.cj.sina.com.cn/articles/view/2118746300/7e4980bc02000izec
Google Home 智慧喇叭被發現首個無接觸攻破漏洞,將推送安全更新
https://ccc.technews.tw/2018/11/13/google-home-tencent-blade-team/
思科 WebEx Meetings Server 資料洩露漏洞
https://securitytracker.com/id/1042085
Android通過RSSI廣播洩漏敏感數據漏洞披露(CVE-2018-9581)
https://www.anquanke.com/post/id/164186
研究人員揭露DJI漏洞,恐讓駭客偷走無人機拍攝的機密影像
https://www.ithome.com.tw/news/126944
大疆無人機曝安全漏洞,可供黑客窺探用戶數據
https://www.hackeye.net/securitytetchnology/appsec/17182.aspx
大疆網站及應用存在安全漏洞,攻擊者可獲取無人機實時視頻畫面
https://hk.saowen.com/a/3f3b148445fedaf92523131026582d83bb534725a92b1baff3e37216762036e0
大疆無人機曝數據洩露漏洞
https://nosec.org/home/detail/1951.html
大疆 DJI 無人機驚爆資安漏洞 軍用無人機拍攝機密影像恐外流
https://www.limitlessiq.com/news/post/view/id/7557/
大疆身份識別系統漏洞允許攻擊者將無人機變成間諜工具
https://news.cnblogs.com/n/611785/
IBM DB2 權限許可和訪問控制漏洞
http://www.ibm.com/support/docview.wss?uid=ibm10733122
新型邊信道漏洞來襲!英特爾芯片可洩大量敏感數據
https://www.aqniu.com/hack-geek/40491.html
具有硬件加密的固態硬碟(SSDs)多個漏洞
https://www1.crisp.govcert.gov.hk/portal/govcert/tc/alerts_detail.xhtml?id=338
固態硬盤曝加密機制漏洞,可導致用戶資料洩露
https://www.yunaq.com/news/5be4f26c796db43967ed5bfb/
Google Android Media framework權限提升漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9539
Apache Superset命令執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8021Mozilla
Apache Hive Hive EXPLAIN查詢未授權漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314
IBM Marketing Operations服務器文件路徑洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1119
IBM DB2提權漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1799
Firefox和Firefox ESR未授權訪問漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12391
谷歌發布11月Android安全更新,修復多個嚴重漏洞
https://www.secrss.com/articles/6290
IBOS企業協同管理軟件4.5.4版本存在命令執行漏洞
http://www.cnvd.org.cn/patchInfo/show/141039
Kaspersky Announces the Details of Windows 7 Zero-Day Vulnerability
https://bit.ly/2PyPiDp
Patched Facebook Vulnerability Could Have Exposed Private Information About You and Your Friends
https://www.imperva.com/blog/facebook-privacy-bug/?fbclid=IwAR3ZBaVgwRWrN_Y3oVs6OWADG7KdhfSghQV1B2IkEUVqRfpykCM-mIj6qZw
Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online
https://bit.ly/2T1hufZ
Zero-day in popular WordPress plugin exploited in the wild to take over sites
https://www.zdnet.com/article/zero-day-in-popular-wordpress-plugin-exploited-in-the-wild-to-take-over-sites/#ftag=RSSbaffb68
Multiple Vulnerabilities Discovered In Roche Handheld Medical Devices
https://bit.ly/2OH3F3d
7 New Meltdown and Spectre-type CPU Flaws Affect Intel, AMD, ARM CPUs
https://bit.ly/2PYWojH
63 New Flaws (Including 0-Days) Windows Users Need to Patch Now
https://bit.ly/2PYWDLD
JVNVU#99875465 Apache Tomcat JK mod_jk Connector にパストラバーサルの脆弱性
https://jvn.jp/vu/JVNVU99875465/
JVNVU#90728793 ISC BIND 9 の Update policy 機能の説明が実際の挙動と異なっている問題
https://jvn.jp/vu/JVNVU90728793/
Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)
https://www.exploit-db.com/exploits/45789/
Morris Worm - fingerd Stack Buffer Overflow (Metasploit)
https://www.exploit-db.com/exploits/45791/
WebExec - Authenticated User Code Execution (Metasploit)
https://www.exploit-db.com/exploits/45695/
PHP Mass Mail 1.0 - Arbitrary File Upload
https://www.exploit-db.com/exploits/45879/
The Powerful Resource of PHP Stream Wrappers
https://www.exploit-db.com/papers/45870/
Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now
https://bit.ly/2DoR6aL
Red Hat releases Red Hat Enterprise Linux 8 beta
https://www.zdnet.com/article/red-hat-releases-red-hat-enterprise-linux-8-beta/#ftag=RSSbaffb68
2.銀行/金融/保險/證券/電子支付/行動支付/支付系統/虛擬貨幣/區塊鍊 新聞及資安
比特大陸起訴未知駭客涉嫌竊盜550萬美元加密貨幣
https://www.moneybar.com.tw/News/65784
虛擬貨幣交易騙案
https://bit.ly/2T9LIxD
中國信託攻區塊鏈 貿易融資流程大減
https://money.udn.com/money/story/5613/3482181
以太坊再現重大漏洞?發現者稱如被利用影響或不輸“The DAO”
http://finance.eastmoney.com/news/11056,20181110981786016.html
比特幣、以太幣等虛擬貨幣還有假幣圈的小鎮故事
https://www.vedfolnir.com/what-happened-to-the-virtual-currency-29210.html
漏洞預警| 交易所10086coin存在多處嚴重漏洞,可致用戶大量敏感信息洩露
https://www.freebuf.com/vuls/188823.html
Netta宣稱的重大漏洞僅與py-evm有關,影響有限
https://www.chaindd.com/nictation/3139958.html
【項目早報】以太坊或再現重大漏洞,以太坊老二位置唯恐坐不穩了
http://block.cc/news/5be6592222285b8f5a418f34
永豐金挖角李相臣 擔任資安委員會召集人
http://pchome.megatime.com.tw/news/cat1/20181114/15421886109685818003.html
富邦資安守護神李相臣跳槽 出任永豐金資安委員會召集人
https://life.tw/?app=view&no=865999
央行扔下震撼彈 攪局者來了!銀聯還能一家獨大嗎
https://news.sina.com.tw/article/20181111/28797094.html
荷蘭央行:無現金交易的社會很脆弱 須警惕
http://www.epochtimes.com/b5/18/11/9/n10841150.htm
香港匯豐銀行20個PAYME帳號被駭駭客成功盜取用戶金錢
https://www.hkgoodjobs.com/articles.php?p=3299&cat_id=1
【PayMe加固】滙豐更新系統 手機登入不能再修改號碼
https://hk.finance.appledaily.com/finance/realtime/article/20181110/58898203
PayMe刪除改手機號碼功能防黑客
https://hk.news.appledaily.com/local/daily/article/20181111/20543363
PayMe戶口電郵被盜用 葛珮帆:銀行對電子支付工具安全性缺保障
https://bit.ly/2qEBFn0
湖南首批取締53家P2P網貸機構 長沙佔了45家
https://news.sina.com.tw/article/20181110/28789818.html
無摺存款規則有漏洞,金管會將修正條文
https://bit.ly/2qGODRc
QR Code共通支付再升級 店家「1張貼紙」通通收
http://ec.ltn.com.tw/article/breakingnews/2610523
第三方支付公司勾結賭網 代收賭金達8億元
http://news.ltn.com.tw/news/society/breakingnews/2609939
「雙11」網聯平台處理跨機構交易11.7億筆 支付機構「斷直連」通過大考
https://news.sina.com.tw/article/20181113/28819366.html
P2P存管入門考要求網貸機構「拼爹、拼規模」
https://news.sina.com.tw/article/20181113/28818498.html
美國六千萬張支付卡資訊遭竊的元兇?75%資料外洩起是POS
https://www.ithome.com.tw/news/126994
美科技公司賽門鐵克:北韓駭ATM竊資金
https://bit.ly/2PNHwop
FASTCash: How the Lazarus Group is Emptying Millions from ATMs
https://www.symantec.com/blogs/threat-intelligence/fastcash-lazarus-atm-malware
South Korea will make young cryptojackers stand trial for infecting PCs
https://www.zdnet.com/article/south-korea-will-make-young-cryptojackers-stand-trial-for-infecting-pcs/#ftag=RSSbaffb68
Sybil and Satoshi
https://bit.ly/2T51dHe
Brazilian Central Bank reaches out to fintechs
https://www.zdnet.com/article/brazilian-central-bank-reaches-out-to-fintechs/#ftag=RSSbaffb68
3.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體
史上首起「蠕蟲攻擊」 高材生成功癱瘓1/10網路 一夕蒸發3億元
https://www.ettoday.net/dalemon/post/39744
蘋果爆出新漏洞可被惡意APP利用記錄用戶鍵盤輸入
http://www.mottoin.com/tech/129955.html
很會躲!研究人員發現一木馬程式竟在Google Play存活了11個月才遭禁
https://ithome.com.tw/news/126993
硬頸!馬來西亞首要媒體遭勒索軟體攻擊,果斷系統轉移並拒付贖金
https://twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=882
Google Play出現假銀行應用程式,進行簡訊釣魚(SMiShing)詐騙
https://blog.trendmicro.com.tw/?p=57929
垃圾郵件攻擊鎖定日本,使用圖像隱碼術散布 BEBLOH 金融木馬程式
https://blog.trendmicro.com.tw/?p=57932
設定不當的容器被用來散播挖礦病毒
https://blog.trendmicro.com.tw/?p=57891
2018年上半年影響企業的最大四種威脅
https://blog.trendmicro.com.tw/?p=57939
Emotet infection with IcedID banking Trojan
https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/
Linux cryptocurrency miners are installing rootkits to hide themselves
https://www.zdnet.com/article/linux-cryptocurrency-miners-are-installing-rootkits-to-hide-themselves/#ftag=RSSbaffb68
Internet Explorer scripting engine becomes North Korean APT's favorite target in 2018
https://www.zdnet.com/article/internet-explorer-scripting-engine-becomes-north-korean-apts-favorite-target-in-2018/#ftag=RSSbaffb68
Deep Analysis of TrickBot New Module pwgrab
https://www.fortinet.com/blog/threat-research/deep-analysis-of-trickbot-new-module-pwgrab.html
Perl-Based Shellbot Looks to Target Organizations via C&C
https://bit.ly/2OFNjrt
MalwareTech’s Malware Reverse Challenge Strings2
https://medium.com/@mripp/malwaretechs-malware-reverse-challenge-strings2-134e9b5c0977
B.行動安全 / iPhone / Android / App
辦公聊天軟體 駭客新目標
https://money.udn.com/money/story/5648/3471695
打熱水一個發學分一個,這些強制使用的APP是服務還是裹挾了大學生
http://big5.xinhuanet.com/gate/big5/www.xinhuanet.com/fortune/2018-11/10/c_1123694507.htm
鑽蘋果漏洞!偽造故障機換新機 中國詐騙最猖狂
http://ec.ltn.com.tw/article/breakingnews/2610151
部分 iPhone 用戶收到 Apple ID 被鎖定的訊息 疑似駭客嘗試破解
https://www.kocpc.com.tw/archives/228720
庫克打臉「臉書資安問題很恐怖」 祖克柏下令:改用安卓手機
https://www.ettoday.net/news/20181115/1307389.htm
Apple ID登不上?網傳大規模蘋果帳戶遭鎖定事件 原因不明
https://bit.ly/2PtJgni
嚇!iPhone X防線遭到駭客攻破 能讀取被刪照片
https://www.chinatimes.com/realtimenews/20181115002430-260412
Mobile Pwn2Own駭客競賽第一天,研究人員就把iPhone X給「宰」了
https://www.ithome.com.tw/news/127062
New Android API Lets Developers Push Updates Within their Apps
https://bit.ly/2qFwkMq
Cloudflare launches Android and iOS apps for its 1.1.1.1 service
https://www.zdnet.com/article/cloudflare-launches-android-and-ios-apps-for-its-1-1-1-1-service/#ftag=RSSbaffb68
0-Days Found in iPhone X, Samsung Galaxy S9, Xiaomi Mi6 Phones
https://bit.ly/2TdA5FU
C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
電子商務 常發生資安問題的原因
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=12&aid=8686
駭客闖入聯邦醫療保險與補助服務中心CMS竊取客戶個資
https://bit.ly/2z66zJB
23歲美國駭客被指為DDos攻擊《英雄聯盟》、《Dota 2》幕後首腦,暴雪、索尼、EA等公司都是受害者
https://bit.ly/2qNMSC5
程序漏洞 國家警總署網站被黑
http://www.udnbkk.com/article-267956-1.html
關於資安的出路
https://www.ptt.cc/bbs/Tech_Job/M.1542165897.A.CFF.html
難怪贏不了!賭博網站變更程式詐賭 5賭客慘賠提告
https://udn.com/news/story/7315/3475838?from=udn-catelistnews_ch2
業餘大叔程式心得筆記#10:幾個關於資訊安全的觀念
https://tuna.to/info-security-605f9451459c
可以做些什麼來保護您的網路攝影鏡頭
https://vpnserviceprovider99.wordpress.com/
近7成日人上網沒安全感 最令他們害怕的是
http://news.ltn.com.tw/news/world/breakingnews/2607801
扯!日本資安戰略大臣自曝從未用過電腦
https://disp.cc/b/163-aWkK
境外資安威脅 總統:雙管齊下強化防護
https://bit.ly/2PUgFXF
找不到資安人才!德州農工大學運用 AI 軟體紓緩資安問題
https://technews.tw/2018/11/12/a-cyber-skills-shortage-means-students-are-being-recruited-to-fight-off-hackers/
零售企業面臨的3種新威脅:物聯網漏洞、系統漏洞、供應鏈攻擊
https://www.iyiou.com/p/85165
看美國如何應對“來自中國的ICT供應鏈漏洞” 上篇——美國政府ICT供應鏈現狀
http://zhuanlan.51cto.com/art/201811/586543.htm
美斥中違反協議 黑客攻擊未曾間斷
https://bit.ly/2AYtBUq
中共駭美國手法升級 破壞性更大
https://bit.ly/2FkBQOx
中共狂竊軍事機密 美國全面反擊
http://www.epochtimes.com/b5/18/11/15/n10853897.htm
網路戰不間斷 美再控中國違反反駭客協定
http://news.ltn.com.tw/news/world/breakingnews/2606898
資安官員指控中國違反美中反駭客協議 美國考慮制裁行動
https://www.cmmedia.com.tw/home/articles/12749
中國違反網路安全協定 美國安單位:準備制裁
https://bit.ly/2zSr2RZ
印度情報:共軍或駭入印國防設施
https://bit.ly/2z4cdMo
中共網軍猖狂 印度官員憂國安
https://bit.ly/2DcSn4y
嚇人!日本資安大臣竟沒用過電腦
https://bit.ly/2BbhFi7
新加坡政府要求撤「假」消息 臉書拒絕
https://www.rti.org.tw/news/view/id/2001817
新加坡封殺批評網站 要求撤貼文遭臉書拒絕
https://money.udn.com/money/story/5599/3473013
澳洲海軍造船商遭駭客勒索一案有進展 網絡安全中心指其為伊朗黑客所為
http://www.epochtimes.com/b5/18/11/13/n10848280.htm
InfoWars: Magecart Infection Points to 'Industrial Sabotage'
https://www.bankinfosecurity.asia/infowars-magecart-infection-points-to-industrial-sabotage-a-11703
Romanian Hacker 'Guccifer' Extradited to US
https://www.bankinfosecurity.asia/romanian-hacker-guccifer-extradited-to-us-a-11705
Not Playing Randomly: The Sony PS3 and Bitcoin Crypto Hacks
https://bit.ly/2PS7siP
Cylance researchers discover powerful new nation-state threat
https://www.cso.com.au/article/649477/cylance-researchers-discover-powerful-new-nation-state-apt/
India's Telecom Commission to Be Guardian of Data
https://www.bankinfosecurity.asia/indias-telecom-commission-to-be-guardian-data-a-11693
Japan, ASEAN share information about cyber attacks
https://www.vietnambreakingnews.com/2018/11/japan-asean-share-information-about-cyber-attacks/
Under Attack: How Election Hacking Threatens the Midterms
https://medium.com/pcmag-access/under-attack-how-election-hacking-threatens-the-midterms-54e1142072a1
StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users
https://bit.ly/2JQLUgP
Hacker Who DDoSed Sony, EA and Steam Gaming Servers Pleads Guilty
https://bit.ly/2Qx1ile
Here's How Hackers Could Have Spied On Your DJI Drone Account
https://bit.ly/2PNkSMV
Open-Source Intelligence (OSINT) Reconnaissance
https://medium.com/@IanBarwise/open-source-intelligence-osint-reconnaissance-75edd7f7dada
The Red Team Guide - Crowdsourcing eBook on Peerlyst
https://www.peerlyst.com/posts/the-red-team-guide-crowdsourcing-ebook-on-peerlyst-chiheb-chebbi?trk=profile_page_bookmarks_panel
Windows-as-a-service fail: Microsoft keeps customers in the dark
https://www.zdnet.com/article/windows-as-a-service-fail-microsoft-keeps-customers-in-the-dark-as-it-struggles/#ftag=RSSbaffb68
HTTP-over-QUIC to be renamed HTTP/3
https://www.zdnet.com/article/http-over-quic-to-be-renamed-http3/#ftag=RSSbaffb68
Chinese Cyber Threat: NSA Confirms Attacks Have Escalated
https://www.bankinfosecurity.com/chinese-cyber-threat-nsa-confirms-attacks-have-escalated-a-11696
Top 5 Factors That Increase Cyber Security Salary The Most
https://bit.ly/2JWYDPb
New APIs Suggest WPA3 Wi-Fi Security Support Coming Soon to Windows 10
https://bit.ly/2PmqK0d
Cynet Review: Simplify Security with a True Security Platform
https://bit.ly/2qMPfVq
Cynet Review: Simplify Security with a True Security Platform
https://bit.ly/2OMlwpc
Why you need to know about Penetration Testing and Compliance Audits
https://bit.ly/2Tf4Bz4
徵才 - 資安工程師
https://www.cakeresume.com/companies/pse-is-c5eex/jobs/security-engineer-9eaf11?locale=zh-TW
徵才 - 資安技術顧問_台北
https://www.104.com.tw/job/?jobno=6fe83&jobsource=cj2008
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷
選舉將至,偽冒公告之惡意釣魚郵件開始流竄(轉載訊息)
https://twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=773
23參賽者資料外洩 LINE FRIENDS RUN致歉
https://hk.on.cc/hk/bkn/cnt/news/20181111/bkn-20181111171230944-1111_00822_001.html
銀行不會幹這個:提醒你千萬別點鏈接
https://hk.aboluowang.com/2018/1110/1202086.html
奧巴馬健保網站遇駭 7.5萬民眾資料被盜
https://bit.ly/2DmnPxv
「網路詐騙之鄉」如何剷除毒瘤?巡防宣傳凈化村風
https://news.sina.com.tw/article/20181110/28788080.html
女學生接獲可疑來電,警方協助攔阻詐騙
https://www.101newsmedia.com/news/49526
工行20億電票詐騙案:借辦公室 僱人冒充銀行董事長
http://finance.sina.com/bg/economy/economy_company/21cbh/2018-11-12/doc-ivwffhzy2880135.shtml
延公布資料外泄 國泰:攻擊精密難查
https://news.mingpao.com/pns/%E5%89%B5%E7%A7%91%E7%B7%9A/article/20181113/special/1542047241339
國泰航空數百萬個資外洩 駭客持續猛攻3個月
https://money.udn.com/money/story/5599/3478728
駭客冒用 TWICE 志效身份進行詐騙,JYP 對此採取法律行動
https://www.kpopn.com/2018/11/11/hacked-recently-twice-jihyo-id-jyp-entertainment-legal-action-against/
Microsoft Office 2016 & 365 不只傳送「軟體診斷資料」,還私下傳送了
https://bit.ly/2qNycmj
How to painlessly remember your passwords
https://medium.com/datadriveninvestor/how-to-painlessly-remember-your-passwords-845408d4ce15
Update: HealthCare.gov Breach Exposed Extensive Data
https://www.bankinfosecurity.com/update-healthcaregov-breach-exposed-extensive-data-a-11698
Another Facebook Bug Could Have Exposed Your Private Information
https://bit.ly/2QLGQgB
E.研究報告
WordPress設計漏洞導致WooCommerce RCE
https://xz.aliyun.com/t/3192
小白學習CVE-2017-11882漏洞過程
https://bbs.pediy.com/thread-247740.htm
Adobe ColdFusion最新文件上傳漏洞實際利用在公網被發現(CVE-2018-15961)
https://nosec.org/home/detail/1953.html
Java反序列化漏洞:在受限環境中從漏洞發現到獲取反向Shell
https://www.freebuf.com/vuls/188569.html
看黑客如何利用安全漏洞窺探你的DJI無人機帳戶
https://www.anquanke.com/post/id/163910
Discuz!X升級/轉換程序GETSHELL漏洞分析
http://www.mottoin.com/tech/129855.html
VirtualBox 0 day漏洞詳情和利用公佈
http://www.4hou.com/vulnerable/14413.html
未修補的VirtualBox漏洞
https://bit.ly/2OBe14G
Microsoft SQL Server漏洞淺析
https://4hou.win/wordpress/?p=26022
一個weblogic漏洞掃描工具
https://xz.aliyun.com/t/3215
Windows10 提權漏洞復現及武器化利用
https://blog.gzsec.org/?p=446
PHP漏洞挖掘思路+實例
http://www.mottoin.com/tech/129735.html
知名交易所gate.io受JS代碼劫持
https://www.freebuf.com/articles/blockchain-articles/188856.html
BitcoinCore CVE-2018-17144 漏洞研究與分析
https://paper.seebug.org/742/
CVE-2012-0158分析調試
https://bbs.pediy.com/thread-247762.htm
軟件漏洞分析技巧分享
http://www.mottoin.com/tech/130399.html
Lion Air 610和Docker+Consul
https://bit.ly/2PoU2vc
OSINT tool for visualizing relationships between domains, IPs and email addresses
https://bit.ly/2DD1zQS
Refactoring python-nmap — Part 1
https://medium.com/@nicolas.rod/refactoring-python-nmap-part-1-87fd0011996c
Detect a touch device with only CSS
https://medium.com/@ferie/detect-a-touch-device-with-only-css-9f8e30fa1134
Technical Advisory: Bypassing Microsoft XOML Workflows Protection Mechanisms using Deserialisation of Untrusted Data
https://bit.ly/2QJdRda
Inside Magecart
https://cdn.riskiq.com/wp-content/uploads/2018/11/RiskIQ-Flashpoint-Inside-MageCart-Report.pdf
How to transparently use a proxy with any application (Docker) using Iptables and RedSocks
https://bit.ly/2DGS1Em
F.商業
思科結盟AWS,擴大Kubernetes混合雲布局
https://www.ithome.com.tw/news/126924
Docker釋出新企業版產品,大舉支援Windows Server
https://www.ithome.com.tw/news/126926
希捷與IBM合作運用區塊鏈技術 打擊全球硬碟偽造問題
https://bit.ly/2FbTCDx
科技進步同時兼顧網站安全,落實「資安弱點掃描」檢測0風險
https://bit.ly/2PsWqky
從工業偵防到暗網情蒐,資策會助企業阻斷潛在資安風險
http://technews.tw/2018/11/15/iii-security-system-from-industry-to-dark-web/
微軟Azure資安中心服務再升級,加強支援Linux容器安全,提高基礎架構可視度
https://ithome.com.tw/news/127026
趨勢科技和 Moxa 宣布共組公司,致力開發工業物聯網資安防護應用
http://technews.tw/2018/11/15/trend-micro-moxa-txone-networks/
Google launches VisBug, a Chrome extension for point-and-click web design
https://www.zdnet.com/article/google-launches-visbug-a-chrome-extension-for-point-and-click-web-design/#ftag=RSSbaffb68
Western Digital jumps into in-memory computing segment
https://www.zdnet.com/article/western-digital-jumps-into-in-memory-computing-segment/#ftag=RSSbaffb68
G.政府
廢止「銀行業及電子支付機構電子票證發行機構防制洗錢及打擊資恐內部控制要點」
https://bit.ly/2FhyyvJ
金管會再修法 個人保經代 納防洗錢對象
https://www.chinatimes.com/newspapers/20181112000241-260205
駭客世界大賽好成績 總統開心
https://bit.ly/2FiTWjW
國家通訊暨網際安全中心啟用 總統:這是國家安全的第一道防線
https://www.president.gov.tw/News/23892
「國家通訊暨網際安全中心」揭幕 蔡英文:「資安即國安」具體實現
https://www.storm.mg/article/626271
資安秒攻 小英憂國安受威脅
https://bit.ly/2DoYy5J
境外資安威脅 蔡:政府雙管齊下防護
http://news.ltn.com.tw/news/politics/paper/1246706
全國地政機關強化資訊安全防護觀摩會 嘉義創新學院登場
https://bit.ly/2PuTT9I
蔡總統:落實資通訊防護 確保國安
https://bit.ly/2TiETtv
要網路平台下架假新聞? NCC:不涉內容
https://bit.ly/2Psfors
H.工控系統 SCADA / ICS Security
別讓資安 成為智慧工廠的罩門
https://www.chinatimes.com/newspapers/20181113000226-260202
CONPOT ICS/SCADA Honeypot
http://conpot.org/
ICS cybersecurity startup Dragos raises $37M in new funding
https://siliconangle.com/2018/11/14/ics-cybersecurity-startup-dragos-raises-37m-new-funding/
Carpet (IT) to Concrete (OT) – The Evolution of Internet-Based Malware
https://securityboulevard.com/2018/11/carpet-it-to-concrete-ot-the-evolution-of-internet-based-malware/
Securing the SCADA networks and infrastructure
https://www.expresscomputer.in/security/securing-the-scada-networks-and-infrastructure/30189/
I.教育訓練類
資安補帖─Day21─DVWA初探
https://ithelp.ithome.com.tw/articles/10207050
資安補帖─Day22─常見的攻擊
https://ithelp.ithome.com.tw/articles/10207307
資安補帖─Day23─資安相關書籍
https://ithelp.ithome.com.tw/articles/10207573
資安補帖─Day24─資安相關學習方式
https://ithelp.ithome.com.tw/articles/10207715
資安補帖─Day25─校外實習(資安篇)
https://ithelp.ithome.com.tw/articles/10208034
資安補帖─Day26─最好的程式語言PHP
https://ithelp.ithome.com.tw/articles/10208276
資安補帖─Day27─SQL injection
https://ithelp.ithome.com.tw/articles/10208475
資安補帖─Day28─Crypto
https://ithelp.ithome.com.tw/articles/10208681
資安補帖─Day29─Crypto2
https://ithelp.ithome.com.tw/articles/10208825
資安補帖─Day30─不是最後一篇─論資安技能點
https://ithelp.ithome.com.tw/articles/10209025?sc=iThelpR
資安補帖─Day31─鐵人賽所使用的工具
https://ithelp.ithome.com.tw/articles/10209084
資安補帖─Day32─初探LOG
https://ithelp.ithome.com.tw/articles/10209436?sc=iThelpR
[D28] 資安常見攻擊( Web ) 與學習方法
https://ithelp.ithome.com.tw/articles/10209227
J.玄武安全推送
每日安全動態推送(11-12)
https://tw.weibo.com/xuanwulab/4305522419050496
每日安全動態推送(11-13)
https://tw.weibo.com/xuanwulab/4305877471718651
每日安全動態推送(11-14)
https://tw.weibo.com/xuanwulab/4306258489864948
每日安全動態推送(11-15)
https://tw.weibo.com/xuanwulab/4306601659644843
K.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
小米 IoT 破解專家 Dennis Giese
https://bit.ly/2QF8fk0
電影劇情真實上演!區塊鏈能解決物聯網的安全問題嗎
http://news.knowing.asia/news/9c4dfe60-160e-46cc-93ef-eda95ebcf06d
IoT security and Linux: Why IncludeOS thinks it has the edge
https://www.zdnet.com/article/iot-security-and-linux-why-includeos-thinks-it-has-the-edge/#ftag=RSSbaffb68
L.CTF
OverTheWire: Wargames
http://overthewire.org/
Practice CTF - Captf
http://captf.com/practice-ctf/
Writeup oriented CTF
https://github.com/2O2L2H/awesome-ctf-wargame
Pwnable.kr
http://pwnable.kr/
4.近期資安活動及研討會
原廠認證Cellebrite Certified Operator (CCO) 11/19 ~ 11/20
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=43
Python 應用教學課程-微分方程求解 1~2 11/16 ~ 11/23
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3749&from_course_list_url=homepage
1071119專班seminar演講資訊 11/19
https://www.cs.nccu.edu.tw/hci/01_news_detail.php?date=1541581002
系統弱點分析與安全測試實務 11/20
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3764&from_course_list_url=homepage
網站安全與稽核簡介(Ⅱ)(可抵內稽) 11月23日
https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=282
認證資訊系統安全專家 CISSP 輔導班 11月24日至12月8日
https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=278
Metasploit與滲透測試實務 11/25 ~ 11/26
https://hackercollege.nctu.edu.tw/?p=641
新興資安產業生態系推動計畫 資訊安全檢測診斷成果發表會 11/26
http://www.cisanet.org.tw/News/activity_more?id=Mzk2
【課程】區塊鏈技術實作,學習DApp去中心化應用、動手寫智能合約、發行自己專屬的代幣 11/26 11/28
https://www.techbang.com/posts/61972-courses-blockchain-dapp-smart-contracts
平行計算程式設計基礎課程 11/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3701&from_course_list_url=homepage
Taipei.py 十一月月會 (Monthly Meeting) 2018 11/29
https://www.meetup.com/Taipei-py/events/255543630/
開源碼WAF實作 11/29
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3765&from_course_list_url=homepage
網路攻防實務 11/29
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3539&from_course_list_url=homepage
Python 應用教學課程-平行處理 1~3 11/30 ~ 12/14
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3750&from_course_list_url=homepage
【課程】Kubernetes(K8S)實戰班,容器編排管理絕佳工具,理論實作並重,有效打造企業級 DevOps 環境 12/1 12/2
https://bit.ly/2rAkB2q
ABAQUS基礎訓練課程 12/4 ~ 12/6
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3709&from_course_list_url=homepage
EnCase EnCE 認證考試 Preparation 課程 12/5 ~ 12/7
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=44
TANet/TWAREN監控平台與即時流量異常偵測系統介紹 12/6
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3766&from_course_list_url=homepage
駭客入侵調查暨資安緊急應變實務 12/10 ~ 12/11
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=45
TANet/TWAREN監控平台與即時流量異常偵測系統介紹 12/11
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3767&from_course_list_url=homepage
網路封包分析 12/13
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3654&from_course_list_url=homepage
眺望2019 物聯網安全高峰論壇 12/13
https://www.2cm.com.tw/files/event/2018IoT_Security_Forum/index.html
台灣駭客年會 HITCON Pacific 2018 12/13 ~ 12/14
https://hitcon.kktix.cc/events/hitcon-pacific-2018
亥客書院 - 進階網頁滲透測試 12/15
https://hackercollege.nctu.edu.tw/?p=323
Python 應用教學課程-雲端服務 1~3 12/21 ~ 1/4
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3753&from_course_list_url=homepage
專業手機暨硬碟資料救援教育訓練課程 12/26 ~ 12/28
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=46
系統日誌分析實務 12/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3653&from_course_list_url=homepage
亥客書院 - 高階網頁滲透測試 2019/1/5
https://hackercollege.nctu.edu.tw/?p=768
訂閱:
張貼留言 (Atom)
2024年 12 月份資安、社群活動分享
2024年 12 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/3 https://www.meetup.com/taiwan-code-camp/e...
-
2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://b...
-
2024年 2月份資安、社群活動分享 Taipei All About API Meetup Group - Meet and Greet, 01 Feb 2024, 07:00 PM 2024/2/1 https://www.meetup.com/taipei-all-a...
-
2024年 5 月份資安、社群活動分享 資安五四三 2024/5/2 https://csa.kktix.cc/events/202405-543 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/5/2 http...
沒有留言:
張貼留言