資安新聞及事件週報 2018/11/26 ~ 2018/11/30

1.重大弱點漏洞

PHP Proxy 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19458

PHP 遠端執行程式碼漏洞
https://securitytracker.com/id/1042157

近1/5智能攝像頭存漏洞 三成廠商不考慮安全問題
http://finance.sina.com/bg/economy/economy_indu/chinanews/2018-11-27/doc-ivctqsww7795962.shtml

Glibc 阻斷服務漏洞
https://securitytracker.com/id/1042174

MariaDB Client 10.1.26 - Denial of Service (PoC)
https://www.exploit-db.com/exploits/45901

Mac OS X - libxpc MITM Privilege Escalation (Metasploit)
https://www.exploit-db.com/exploits/45916

思科修復Prime License Manager中的關鍵SQL注入漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15441

Cisco NX-OS拒絕服務漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0378

Cisco NX-OS拒絕服務漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0456

電子學習平台Moodle出現嚴重CSRF缺陷,TWCERT/CC籲儘速修補
https://www.ithome.com.tw/news/127237

合勤科技修補VMG1312-B10D無線閘道器Directory Traversal破綻
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5056

Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal
https://www.exploit-db.com/exploits/45904

SAP Fiori Client拒絕服務漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2488

Ruby語言存在反序列化漏洞導致Ruby 2.x任意命令執行漏洞
http://www.4hou.com/vulnerable/14547.html

Linux內核受兩個DoS漏洞影響,均源於空指針引用問題
https://www.freebuf.com/company-information/190589.html

PHP imap_open - Remote Code Execution (Metasploit)
https://www.exploit-db.com/exploits/45914

Samba 多個漏洞
https://www.us-cert.gov/ncas/current-activity/2018/11/27/Samba-Releases-Security-Updates

鎖定Samba缺陷,能終止網路服務或猜測密碼
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5058

研究人員發現 GPU 側道攻擊漏洞
https://hk.saowen.com/a/188486dce937b73409221050f271632ebc133ec6ecb95877c619146113cde7f3

WebEx Meetings漏洞沒補好,思科再補一次
https://www.ithome.com.tw/news/127328?fbclid=IwAR17ga8MytPih_cUE42C2HlyuTYdDcdMQ3lvl5sLkXJtN61jNG6TmIuQq-Y

關於漏洞利用和SCSP 漏洞利用緩解
https://symc.ly/2E5QyYr

Microsoft releases first Windows Server 19H1 test build
https://www.zdnet.com/article/microsoft-releases-first-windows-server-19h1-test-build/#ftag=RSSbaffb68

Microsoft's latest Windows 10 19H1 test build adds UI tweaks, fixes
https://www.zdnet.com/article/microsofts-latest-windows-10-19h1-test-build-adds-ui-tweaks-fixes/#ftag=RSSbaffb68

Microsoft patches several versions of Windows 10
https://www.zdnet.com/article/microsoft-patches-several-versions-of-windows-10/#ftag=RSSbaffb68

Vulnerability Report – CVE-2018-17612
https://www.secorvo.de/publikationen/headsetup-vulnerability-report-secorvo-2018.pdf

Second time lucky: Cisco pushes fix for failed Webex vulnerability patch
https://www.zdnet.com/article/cisco-pushes-new-patch-to-fix-failed-fix-for-severe-webex-vulnerability/#ftag=RSSbaffb68


2.銀行/金融/保險/證券/電子支付/行動支付/支付系統/虛擬貨幣/區塊鍊 新聞及資安

〈區塊鏈大應用〉Sony將於PS4上推出首款區塊鏈遊戲
https://news.cnyes.com/news/id/4244501

區塊鏈助保險索賠走向高效 數據加密捍衞私隱
http://startupbeat.hkej.com/?p=66473

談區塊鏈技術在未來投票上的可行性
https://vocus.cc/tuna/5bfd7a91fd89780001c51ae4

南韓實驗「區塊鏈投票」,年輕人躺著投票的夢想要成真了
https://buzzorange.com/techorange/2018/11/29/south-korea-blockchain-vote/

OKEx交易所推出「漏洞賞金計畫」、並一口氣下架27枚「低流動性」代幣
https://www.blocktempo.com/okex-security-response-center/

科技富翁Tim Draper更進一步預測「加密貨幣採用率會超過法幣」
https://bit.ly/2Q5Ho4N

研究比特幣揣摩角色 影帝劉亞仁當配角也甘願
https://bit.ly/2Q1CINg

慘烈的互聯網泡沫爆破,加密貨幣市場前車可鑒
https://bit.ly/2rb3Nib

電子憑證網上報銷試點成效顯現 有效預防鋪張浪費
https://news.sina.com.tw/article/20181128/29014276.html

以太坊token漏洞致黑客可無限修改信息
http://tech.ifeng.com/a/20181123/45234248_0.shtml

開放使用比特幣繳稅 ,美國這一州搶頭香
https://bit.ly/2TKaynY

用比特幣徵稅?美俄亥俄州政府開先河:這個可以有
https://news.sina.com.tw/article/20181128/29016904.html

漏洞曝光,以太坊代幣或可被惡意攻擊
https://www.linksfin.com/article/201607

Beosin漏洞分析:偽EOS及其變種攻擊
https://www.huoxing24.com/newsdetail/20181123152056826278

北韓擬舉辦區塊鏈國際會議,將可能實現從幣到技術的轉身
http://news.knowing.asia/news/6213dda3-b6bb-4878-b758-4207f8cfe92d

駭客鎖定BTCP加密貨幣展開51%攻擊
https://www.ptt.cc/bbs/DigiCurrency/M.1542852833.A.3A3.html

加拿大銀行組建"黑客紅隊" 堵塞網絡安全漏洞
http://www.bcbay.com/news/2018/11/24/610012.html

財金公司 化身金融業防駭第一線
https://www.chinatimes.com/newspapers/20181126000295-260202

研究:多數 ATM 都可在 20 分鐘內被攻破
https://bit.ly/2An4zMV

超脆弱!85%的ATM都能在20分鐘內被駭客攻陷
https://www.ettoday.net/news/20181127/1317191.htm

旅展首日就「斷線」!刷卡機過不了 業者上午損失數十萬
https://travel.ettoday.net/article/1313924.htm

旅展網路出包無法刷卡 中華電信搶修中
https://bit.ly/2DVErgD

中華電與LINE純網銀顧問名單出爐 各聘萬國、理律兩大事務所
https://bit.ly/2KyQbG1

執行長劉奕成:將來銀行3年內打平
https://bit.ly/2zuAjjI

環聯信貸疑有嚴重漏洞 環聯:已凍結受影響賬戶
https://bit.ly/2SfPVi3

環聯現漏洞 信貸報告資料外洩
https://hk.finance.appledaily.com/finance/daily/article/20181129/20557310

黃繼兒指身分認證程序存漏洞 特首辦金管局已作跟進
https://bit.ly/2TZybZK

港媒指信貸公司存漏洞 特首資料隨意看
https://www.cna.com.tw/news/acn/201811290079.aspx

港媒揭發資安漏洞 一家信貸公司可查特首資料
https://bit.ly/2PYvI3q

現保安漏洞洩信貸資料 環聯:已暫停港所有網上信貸報告查詢服務
https://bit.ly/2DRMHgz

短訊認證存漏洞 方保僑︰業界應及早準備新方法
https://bit.ly/2rbzR5k

環聯漏洞 林鄭信貸資料任睇 資料庫載500萬人信貸報告 虛構身分輕易通過核證
https://m.mingpao.com/pns/dailynews/web_tc/article/20181129/s00001/1543430717524

環聯母公司美上市 高層多資安情報專家
https://news.mingpao.com/pns/dailynews/web_tc/article/20181130/s00001/1543514997277

中銀:沒有與第三方就提供信貸服務合作
https://hk.finance.appledaily.com/finance/realtime/article/20181129/58972814

BitPay錢包受漏洞威脅用戶被告知將資金轉移至新錢包
http://www.bitcoin86.com/news/32272.html

科技進步也惹禍 南山業務員控遭變相減薪
https://www.chinatimes.com/realtimenews/20181128003501-260410

SWIFT國際匯款網絡多次被駭客攻破
https://www.ptt.cc/bbs/DigiCurrency/M.1543371179.A.E19.html

Verizon:支付卡安全標準6年來首次下跌
https://bit.ly/2reRX6y

假投保、真理財 金管會首度開罰保險公司
https://udn.com/news/story/7239/3509526

手機代替錢包?華為開放錢包服務推進物理卡片電子化
https://bit.ly/2Q3l1g7

「8591交易網」被控吸金186億 董座等3人二審仍無罪
http://news.ltn.com.tw/news/society/breakingnews/2628235

8591推T幣被控違法 法院判無罪
https://bit.ly/2rbCdkH

推虛擬貨幣遭檢方認吸金186億?數字科技老董二審無罪
https://www.ettoday.net/news/20181129/1318568.htm

涉協助洗錢上百億 德意志銀行總部遭搜索
http://ec.ltn.com.tw/article/breakingnews/2628315

Ethereum (ETH) Vulnerability Could Have Led to Exchange Drains, Report Says
https://cryptovest.com/news/ethereum-eth-vulnerability-could-have-led-to-exchange-drains-report-says/

In this country, your cryptocurrency must go through your bank
https://www.zdnet.com/article/in-this-country-your-cryptocurrency-must-go-through-your-bank/#ftag=RSSbaffb68

Card issuers make progress toward seamless mobile transaction protocols
https://www.atmmarketplace.com/articles/card-issuers-make-progress-toward-seamless-mobile-transaction-protocols/

UK watchdog investigating Nasdaq’s $190m bid for Cinnober
https://www.bankingtech.com/2018/11/uk-watchdog-investigating-nasdaqs-190m-bid-for-cinnober/

Bitcoin plunges again. Now the only currency worse than bitcoin is Venezuela’s
https://lat.ms/2E1oqWv

Rogue Developer Infects Widely Used NodeJS Module to Steal Bitcoins
https://bit.ly/2Qn0d2y


3.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體

卡巴斯基:多才多藝的Android惡意程式Rotexy在3個月內發動7萬次攻擊
https://www.ithome.com.tw/news/127239

勒索病毒家族數量減少,但感染為何持續發生
https://blog.trendmicro.com.tw/?p=57953

Mirai殭屍網路捲土重來,這次瞄準Linux伺服器
https://times.hinet.net/news/22105734

什麼是無檔案病毒(Fileless Malware)攻擊
https://blog.trendmicro.com.tw/?p=57676

“想哭”病毒還是勒索“老大” 勒索病毒蠕蟲化更加流行
http://big5.xinhuanet.com/gate/big5/www.xinhuanet.com/tech/2018-11/27/c_1123773195.htm

路由器漏洞頻發,mirai 新變種來襲
https://paper.seebug.org/749/

瑞星推勒索病毒報告:今年感染344萬次 廣州居首
https://bit.ly/2DSn7s6

利用機器學習來對 Gh0st RAT 變種的惡意網路流量分群 (Clustering)
https://blog.trendmicro.com.tw/?p=58009

Lucky雙平台勒索者樣本技術分析
https://ti.360.net/blog/articles/analysis-of-lucky-ransomware/

起死回生的Emotet銀行木馬程式,在全球建立了721個非重複的 C&C 伺服器
https://blog.trendmicro.com.tw/?p=58062

KingMiner malware hijacks the full power of Windows Server CPUs
https://www.zdnet.com/article/kingminer-cryptojacker-returns-now-new-and-improved/#ftag=RSSbaffb68

Hackers are opening SMB ports on routers so they can infect PCs with NSA malware
https://www.zdnet.com/article/hackers-are-opening-smb-ports-on-routers-so-they-can-infect-pcs-with-nsa-malware/#ftag=RSSbaffb68

Malware Companies Are Finding New Ways to Spy on iPhones
https://bit.ly/2RlXmEi

U.S Charges Two Iranian Hackers for SamSam Ransomware Attacks
https://bit.ly/2SfyNcb

New Linux crypto-miner steals your root password and disables your antivirus
https://www.zdnet.com/article/new-linux-crypto-miner-steals-your-root-password-and-disables-your-antivirus/#ftag=RSSbaffb68

Ukrainian police arrest hacker who infected over 2,000 users with DarkComet RAT
https://www.zdnet.com/article/ukrainian-police-arrest-hacker-who-infected-over-2000-users-with-darkcomet-rat/#ftag=RSSbaffb68

Hacker backdoors popular JavaScript library to steal Bitcoin funds
https://www.zdnet.com/article/hacker-backdoors-popular-javascript-library-to-steal-bitcoin-funds/#ftag=RSSbaffb68

This worm spreads a fileless version of the Trojan Bladabindi
https://www.zdnet.com/article/this-worm-spreads-fileless-trojan-bladabindi-through-removable-drives/#ftag=RSSbaffb68

Aurora / Zorro Ransomware Actively Being Distributed
https://www.bleepingcomputer.com/news/security/aurora-zorro-ransomware-actively-being-distributed/

New industrial espionage campaign leverages AutoCAD-based malware
https://www.zdnet.com/article/new-industrial-espionage-campaign-leverages-autocad-based-malware/#ftag=RSSbaffb68

Two Iranians Charged in SamSam Ransomware Attacks
https://www.bankinfosecurity.com/two-iranians-charged-in-samsam-ransomware-attacks-a-11741


B.行動安全 / iPhone / Android / App

北市議員王威中落選 這家APP首頁公告「慶祝」引熱議
http://news.ltn.com.tw/news/politics/breakingnews/2624248

《街口》賀王威中「落選」 執行長:只是恭賀他一下
https://tw.appledaily.com/new/realtime/20181125/1473154/

不符條款規定?蘋果大規模下架逾700款中國區App
http://ec.ltn.com.tw/article/breakingnews/2626061

推e化服務 國考APP已逾2萬人下載
https://udn.com/news/story/6939/3508848

獵豹移動8款行動程式遭指控詐騙數百萬美元程式下載獎勵金,股價大跌32.8%
https://www.ithome.com.tw/news/127334?fbclid=IwAR3Cv2XvxtJmIvQWeUKVfwlsusuBuTIA-6tEIGJTeVZYG-mUP2Fmmmkf614

偏愛假冒宅配公司,超過 30 萬用戶受害的 Android 惡意程式家族:XLoader 和 FakeSpy 
https://blog.trendmicro.com.tw/?p=58066

通訊達人 › 淺談Mobile ID行動身分識別服務
https://www.kocpc.com.tw/archives/231616

香港地區 Google Play 商店應用程式保安風險報告 (2018年 11 月)
https://www.hkcert.org/my_url/zh/blog/18113001

Hacking Your Ride: Risks Posed by Automotive Smartphone Apps
https://www.bankinfosecurity.com/interviews/hacking-your-ride-risks-posed-by-automotive-smartphone-apps-i-4181

Android adware has plagued the Google Play Store in the past two months
https://www.zdnet.com/article/android-adware-has-plagued-the-google-play-store-in-the-past-two-months/#ftag=RSSbaffb68

Managing the Risks Posed by Automotive Smartphone Apps
https://www.bankinfosecurity.com/interviews/managing-risks-posed-by-automotive-smartphone-apps-i-4184

Advanced iPhone USB Tethering
https://one.vg/advanced-iphone-usb-tethering/?fbclid=IwAR0liWsG5PiF1ZasyVh5p-GOZBgPvXHilZ9byCp1GD8sa83B1sToU4HbVyA

8 Popular Android Apps Caught Up In Million-Dollar Ad Fraud Scheme
https://bit.ly/2QmQ6ee

Deobfuscated libMobileGestalt keys (iOS 12)
https://bit.ly/2AvfYKY

Google's Project Fi 4G is now available on most Android devices and iPhone
https://www.zdnet.com/article/googles-project-fi-4g-is-now-available-on-most-android-devices-and-iphone/#ftag=RSSbaffb68




C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件

Chrome及Firefox都不想再支援用了超過40年的FTP
https://www.ithome.com.tw/news/127281

重慶男子網上賭博被騙 自學 DDoS 復仇反被捕
https://bit.ly/2FDeLGX

Dell遭駭客入侵,強制重設所有官網客戶密碼
https://www.ithome.com.tw/news/127357

全校師生Google Drive癱瘓 恒大︰Google表示歉意
https://hk.finance.appledaily.com/finance/realtime/article/20181122/58943580

資訊和網絡保安人員
https://bit.ly/2zwC4Ng

安全架構及保障私隱由設計做起 – 網上應用程式的關鍵
https://www.hkcert.org/my_url/zh/blog/18111001

要讓有瑕疵醫療裝置資訊公開透明,全球故障醫療裝置資料庫上線了
https://www.ithome.com.tw/news/127364?fbclid=IwAR2X4eDosxxnoOJcxQ83HOEN7PwBAU2JTVBIl_yaBUbQR31lcGtwMedGkxU

英國駭客入侵電訊客戶網竊取資料獲刑12個月
http://www.taidaily.com/?p=333525

涉開發勒索軟體 美起訴伊朗駭客
https://bit.ly/2QmPt4j

對付違規科技公司,俄羅斯擬祭高額罰金
https://bit.ly/2AqckBO

美國資安公司火眼:中國應有干預台灣選舉
https://newtalk.tw/news/view/2018-11-29/173761

投票日遭境外大規模駭客攻擊 所幸成功防堵
https://bit.ly/2Rneppy

中選會證實九合一大選網站受到攻擊,強調未波及計票結果
https://www.ithome.com.tw/news/127358

中選會證實投票日遭駭客入侵 網民:推卸責任
https://bit.ly/2Q45IE3

親口證實投票當日官網遭「境外」攻擊!中選會:DDoS 並未影響計票系統
https://buzzorange.com/techorange/2018/11/29/ddos-taiwan-vote-day/

選舉日有駭客入侵? 中選會證實境外大規模攻擊但未影響計票
http://news.ltn.com.tw/news/life/breakingnews/2627349

選舉日官網遭駭 中選會:封閉系統未受害
https://news.pts.org.tw/article/414553

證實開票日遭駭客入侵 中選會保證不影響計票
https://life.tw/?app=view&no=870925

行政院資安處:投票當天DDoS攻擊流量只有9Gbps,維持不到10分鐘
https://www.ithome.com.tw/news/127371?fbclid=IwAR1oIfyNosgLQ_SYOQHy2OFP3pm-ZrrlV2UyvbseHCp0YZNOiXwX66ztgCQ

惡意廣告攻擊行動在48小時內挾持3億次的行動瀏覽期間
https://ithome.com.tw/news/127335

黑客宣佈已破解任天堂Switch 6.2系統 將在本週放出
https://bit.ly/2Sd0d2w

美制裁兩名伊朗公民指幫助駭客敲詐
http://www.metroradio.com.hk/News/live.aspx?NewsId=20181129071021

《李忠憲專欄》資訊戰爭
https://taronews.tw/2018/11/27/187777/

阿里雲等7網企 有資安問題
https://udn.com/news/story/7332/3505485

軟體供應鏈攻擊再現! 熱門函式庫Event-Stream遭植入比特幣竊取程式
https://www.ithome.com.tw/news/127278

向駭客下戰帖! 中山首成立資安碩士班
http://news.nsysu.edu.tw/p/406-1120-195675,r2910.php?Lang=zh-tw

企業資訊安全頻拉警報! 資安險投保倍增 明年更旺
https://www.chinatimes.com/newspapers/20181127000437-260208

感恩節意外!駭客入侵 Drake Fortnite 帳號毀壞慈善直播活動
https://hypebeast.com/zh/2018/11/drake-fortnite-account-hacked

憂國家安全 荷蘭議員籲政府停用中國軟件
http://www.epochtimes.com/b5/18/11/28/n10878705.htm

隱藏巨大國家資安問題 紐西蘭政府拒用華為5G設備
https://www.ettoday.net/news/20181128/1317996.htm

國安威脅 紐西蘭禁華為5G設備
https://www.ydn.com.tw/News/314661

繼美、澳之後,紐西蘭也向華為網路設備說「不」
https://www.ithome.com.tw/news/127349

以色列提供駭客技術 《國土報》:助沙國王儲監控卡舒吉及政敵手機
https://bit.ly/2r762TG

竊商業機密 美點名陸駭客組織APT10
https://bit.ly/2E0CfUR

2伊朗駭客 被控網攻美政府和企業
https://bit.ly/2SkQFT3

【打擊數位威權主義】中國監控大廠海康威視被盯上 美國停止供應IC技術
https://bit.ly/2zzLYxH

中共竊他國技術 發展空軍
https://bit.ly/2P8xv0F

中共無所不「駭」 美籲盟友拒用華為
https://bit.ly/2AogjyX

中國水軍、網軍九合一練兵「制腦權」,目標2020大選
https://www.storm.mg/article/643412

中共製造假新聞 介入臺灣九合一選舉
http://www.ntdtv.com/xtr/b5/2018/11/26/a1400765.html

中國大陸工業和信息化部辦公廳關於開展網絡安全技術應用試點示范項目推薦工作的通知
http://jmjh.miit.gov.cn/newsInfoWebMessage.action?newsId=10744259

修復要7天!南韓電信龍頭KT火災成「國難」 醫院、店家全癱瘓
https://www.ettoday.net/news/20181125/1315624.htm

澳反恐資安新法 科技龍頭提出警告
https://www.rti.org.tw/news/view/id/2003725

Singapore State Courts' digital files accessed illegally due to system loophole
https://www.zdnet.com/article/singapore-state-courts-digital-files-accessed-illegally-due-to-system-loophole/#ftag=RSSbaffb68

Dunkin' Donuts accounts may have been hacked in credential stuffing attack
https://www.zdnet.com/article/dunkin-donuts-accounts-may-have-been-hacked-in-credential-stuffing-attack/#ftag=RSSbaffb68

Chrome and Firefox are planning to stop supporting the FTP server protocol completely
https://bit.ly/2BEDM0o

Orkus launches scalable cloud data security
https://www.zdnet.com/article/orkus-launches-scalable-cloud-data-security/#ftag=RSSbaffb68

Top Chinese security agency behind wave of cyber-attacks targeting Australian firms
https://www.teiss.co.uk/threats/australian-cyber-atacks-china/

How Just Opening A Site In Safari Could Have Hacked Your Apple macOS
https://bit.ly/2BwmDWL

Real Identity of Hacker Who Sold LinkedIn, Dropbox Databases Revealed
https://bit.ly/2DICymo

3 New Code Execution Flaws Discovered in Atlantis Word Processor
https://bit.ly/2KwRZQ1

Cyber Monday is on track to smash online sales records
https://www.zdnet.com/article/cyber-monday-is-on-track-to-smash-online-sales-records/#ftag=RSSbaffb68

Microsoft warns about two apps that installed root certificates then leaked the private keys
https://zd.net/2BGavCI

ADV180029 | Inadvertently Disclosed Digital Certificates Could Allow Spoofing
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180029

Hackers are using leaked NSA hacking tools to covertly hijack thousands of computers
https://tcrn.ch/2zuTk5J

Exposing the Public IPs of Tor Services Through SSL Certificates
https://bit.ly/2AwnRzv

ElasticSearch server exposed the personal data of over 57 million US citizens
https://www.zdnet.com/article/elasticsearch-server-exposed-the-personal-data-of-over-57-million-us-citizens/#ftag=RSSbaffb68

C3 updates platform to support more DevOps, clouds, data lakes
https://www.zdnet.com/article/c3-updates-platform-to-support-more-devops-clouds-data-lakes/#ftag=RSSbaffb68

FBI dismantles gigantic ad fraud scheme operating across over one million IPs
https://www.zdnet.com/article/fbi-dismantles-gigantic-ad-fraud-scheme-operating-across-over-one-million-ips/#ftag=RSSbaffb68

US Senate computers will use disk encryption
https://www.zdnet.com/article/us-senate-computers-will-use-disk-encryption/#ftag=RSSbaffb68

Hackers can exploit this bug in surveillance cameras to tamper with footage
https://www.zdnet.com/article/hackers-can-exploit-these-bugs-in-surveillance-cameras-to-tamper-with-footage/#ftag=RSSbaffb68

徵才 - 網路資安工程師(仁德)
https://www.104.com.tw/job/?jobno=6g02i

徵才 - 戰略分析師(總監級)
https://www.liepin.com/job/1915572960.shtml


D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷

Facebook提高發現賬戶劫持漏洞的賞金金額
https://www.easyaq.com/news/1404859498.shtml

有半數釣魚網站都會讓你以為它是安全的
https://engt.co/2Aysycj

覆水難收﹕時刻小心處理客戶資料
https://www.hkcert.org/my_url/zh/blog/18112901

亞瑪遜爆個資外洩風波 實際受影響用戶數不明
https://www.ettoday.net/news/20181126/1315993.htm

【GDPR施行後的法遵議題】從企業營運看隱私工程帶來的效益
https://www.ithome.com.tw/news/127228

一個關於Facebook用戶個人和好友隱私信息洩露的漏洞
https://www.freebuf.com/vuls/189456.html

地方政府電子信箱遭竊 解放軍邊境駐軍所有分布流出
https://www.ettoday.net/news/20181123/1314011.htm

指紋辨識可靠嗎?科學家研發「深度萬能指紋」 以近 8 成機率通過系統驗證
https://www.limitlessiq.com/news/post/view/id/7701/

美國郵政服務USPS站點緊急修復安全漏洞:能夠查看任何其它用戶的詳情
https://m.cnbeta.com/view/790937.htm

美國郵政署網站API漏洞恐使6000萬用戶資料外洩
https://www.ithome.com.tw/news/127222

偷看同事臉書訊息 小心下場悽慘
https://tw.appledaily.com/new/realtime/20181124/1471947/

偷看同事臉書訊息涉刑法 律師提醒蒐證注意兩點
https://news.tvbs.com.tw/local/1035081

個人資料外洩 如何為存款把關
https://bit.ly/2TPAz5w

請保護好你的密碼!保險業務員將客戶保單質押貸款 卷走近百萬
https://chinaqna.com/w1/5718/

黑色星期五黑客也來湊熱鬧,打折叫賣竊取的信用卡信息
http://www.cyzone.cn/article/481607.html

匯款寫錯帳號被詐騙列警示帳戶 銀行拒賠保戶利息損失
https://www.ettoday.net/news/20181127/1316833.htm

信用卡1年盜刷18.8億 謹記3要防範刷卡風險
https://bit.ly/2ByAV9i

信用卡年盜刷達18.8億 9成多被騙肥羊用電商
https://tw.lifestyle.appledaily.com/gadget/realtime/20181129/1475473

優步2016年個資外洩事件 英荷重罰
https://bit.ly/2Aozh8y

德國首樁GDPR開罰案例出爐,遭駭的聊天平台Knuddels.de因明文存放密碼遭罰2萬歐元
https://www.ithome.com.tw/news/127253?fbclid=IwAR37LcZmMX74R770jFVnGjqs5wKkmLCVkA1sKvPezliHFUHgHaaTZnMQ4YA

信用卡年遭盜刷18億!網購佔9成 3招防詐必學
https://fnc.ebc.net.tw/FncNews/life/60834

國人信用卡一年被盜刷逾18億!防詐三招助你守護荷包安心購物
https://blog.trendmicro.com.tw/?p=58078

避免兒童個資外洩 教部規定課照中心須有配套
https://udn.com/news/story/7266/3505168

病患「睡眠呼吸器」洩隱私!紀錄回傳保險公司..對方拿著喊不理賠
https://www.ettoday.net/dalemon/post/40085

環聯保安嚴重漏洞 林鄭信貸資料外泄
https://bit.ly/2zyxvC7

臉書被指2014年就知數據收集漏洞秘密文件將公佈
http://www.cyzone.cn/article/482215.html

注意!使用電子支付 不受騙四大秘訣大公開
https://www.wantgoo.com/news/content/index?ID=895871

信用卡詐騙立案門檻提高
https://news.sina.com.tw/article/20181130/29044826.html

Dell Hacked – Data Breach Exposed Names, Email addresses & Hashed Passwords
https://gbhackers.com/dell-hacked-data-breach-exposed-names-email-addresses-hashed-passwords/

Dell announces security breach
https://www.zdnet.com/article/dell-announces-security-breach/#ftag=RSSbaffb68

PhishLabs: 49 percent of all phishing sites use HTTPS
https://bit.ly/2TS8WbS

TalkTalk Hacking Due Jailed For 2015 Data Breach That Cost £77 Million
https://bit.ly/2BDJ5NZ

Half of Phishing Sites in the Wild Have SSL Certificates and Show Padlock Security Icon, Study Finds
https://bit.ly/2E2ATcn

US Postal Service Left 60 Million Users Data Exposed For Over a Year
https://bit.ly/2KwsRJf

Get paid up to $40,000 for finding ways to hack Facebook or Instagram accounts
https://bit.ly/2RfyLRu

Brazil's largest professional association suffers massive data leak
https://www.zdnet.com/article/brazils-largest-professional-association-suffers-massive-data-leak/#ftag=RSSbaffb68

Black Friday, Cyber Monday means more fraud; Machine learning to the rescue
https://www.zdnet.com/article/black-friday-cyber-monday-means-more-fraud-machine-learning-can-help/#ftag=RSSbaffb68

PageUp Breach: 'No Specific Evidence' of Data Exfiltration
https://www.bankinfosecurity.com/pageup-breach-no-specific-evidence-data-exfiltration-a-11724

Uber fined £900,000 by UK, Dutch privacy regulators over 2016 data breach
https://www.zdnet.com/article/uber-fined-900000-by-uk-dutch-privacy-regulators-over-2016-data-breach/#ftag=RSSbaffb68

Uber Fined $1.2 Million in EU for Breach Disclosure Delay
https://www.bankinfosecurity.com/uber-fined-12-million-in-eu-for-breach-disclosure-delay-a-11730

Phishing Scams in Healthcare: A Persistent Threat
https://www.bankinfosecurity.com/phishing-scams-in-healthcare-persistent-threat-a-11732

My Health Record Changes: Too Little, Too Late
https://www.bankinfosecurity.com/my-health-record-changes-too-little-too-late-a-11729

FBI Shuts Down Multimillion Dollar – 3ve – Ad Fraud Operation
https://bit.ly/2FONilW

Half of the Phishing Sites Trick Users by Displaying the HTTPS Green Padlock
https://gbhackers.com/half-phishing-sites-use-https/

Atrium Health data breach exposed 2.65 million patient records
https://www.zdnet.com/article/atrium-health-data-breach-exposed-2-65-million-patient-records/#ftag=RSSbaffb68

Attack on Billing Vendor Results in Massive Breach
https://www.bankinfosecurity.com/attack-on-billing-vendor-results-in-massive-breach-a-11740

Feds Charge Eight With Online Advertising Fraud
https://www.bankinfosecurity.com/feds-charge-eight-online-advertising-fraud-a-11738

Google Faces GDPR Complaints Over Web, Location Tracking
https://www.bankinfosecurity.com/google-faces-gdpr-complaints-over-web-location-tracking-a-11737

After Microsoft complaints, Indian police arrest tech support scammers at 26 call centers
https://www.zdnet.com/article/after-microsoft-complaints-indian-police-arrest-tech-support-scammers-at-26-call-centers/#ftag=RSSbaffb68


E.研究報告

Apple設備多個安全漏洞原理與修復方式分析(CVE-2017-13890、CVE-2018-4176、CVE-2018-4175)
http://www.4hou.com/vulnerable/14653.html

個案分析-校園勒索恐嚇信與勒索病毒攻擊事件分析報告_10711
https://cert.tanet.edu.tw/prog/opendoc.php?id=2018112311113838247549581880227.pdf

學術網路風險威脅評估報告-1
https://cert.tanet.edu.tw/prog/opendoc.php?id=2018112202114040560944506610529.pdf

大量Android第三方ROM未正確配置導致信息洩漏預警
https://www.anquanke.com/post/id/166475

ghostscript沙箱繞過遠程命令執行漏洞預警
https://www.secrss.com/articles/6604

那些年讓我們心驚膽戰的IIS漏洞
https://hk.saowen.com/a/12f7131b746504577d333dab617aa91543e240f5d199b8b1e912cb9b24a39373

通過FGO發現的Android安全漏洞
https://bbs.nga.cn/read.php?tid=15718956&rand=213

honggfuzz漏洞挖掘技術深究系列   
https://bbs.pediy.com/thread-247954.htm

WordPress Plugin Quizlord 2.0 XSS漏洞復現與分析
https://hk.saowen.com/a/e01453bca6725699ac0f72ee6e2c68ff2c835f1d8f26c69bb3ae1d207ca96a46

thinkcmf 1.6.0版本從sql注入到任意代碼執行漏洞
https://xz.aliyun.com/t/3409

Windows VBScript引擎遠程執行代碼漏洞之CVE-2018-8373分析與復現
https://www.secfree.com/article-1110.html

警惕eval()的安全漏洞
http://www.safebase.cn/article-254207-1.html

6大類14款資料視覺化工具,學會其中2個就夠了
https://bit.ly/2PYjgAI

挖洞經驗 | 看我如何反覆獲取到HackerOne的漏洞測試邀請
https://hk.saowen.com/a/9616809ee6a20fae199ea126591b30b1e34bf56be970e6a5bdccfc786748d036

Linux kernel 4.20 BPF 整数溢出-堆溢出漏洞及其利用
https://www.anquanke.com/post/id/166819

一次受限環境中的Java反序列化漏洞挖掘到Get Shell
http://www.4hou.com/vulnerable/14348.html

CORS Attacks
https://www.exploit-db.com/docs/45906

SSH Auditor – Scan For Weak SSH Passwords On Your Network
https://bit.ly/2RlGAoR

NetRipper 1.1.22 release: Smart traffic sniffing for penetration testers
https://bit.ly/2P8uAFh

Why physical storage of your database tables might matter
https://bit.ly/2ra8nwU

Cracking linux full disc encryption, luks with hashcat
https://bit.ly/2TTd2AB

filebuster: An extremely fast and flexible web fuzzer
https://bit.ly/2RstV3e

Galileo – Open Source Web Application Auditing Framework
https://bit.ly/2KE10Hb

Skiptracer - OSINT Webscaping Framework
https://www.kitploit.com/2018/11/skiptracer-osint-webscaping-framework.html?utm_source=dlvr.it&utm_medium=facebook

How to Show Asterisks While Typing Sudo Password in Linux
https://bit.ly/2zsQNsE

bagder/http3-explained
https://bit.ly/2QsNzyY

MCExtractor - Intel, AMD, VIA & Freescale Microcode Extraction Tool
https://www.kitploit.com/2018/11/mcextractor-intel-amd-via-freescale.html?utm_source=dlvr.it&utm_medium=facebook

TIDoS-Framework v1.7 - The Offensive Manual Web Application Penetration Testing Framework
https://www.kitploit.com/2018/11/tidos-framework-v17-offensive-manual.html?utm_source=dlvr.it&utm_medium=facebook

YUMI – Multiboot USB Creator
https://bit.ly/2Rgdh70

A penetration tester’s guide to subdomain enumeration
https://bit.ly/2DQdSbE

How to Monitor Linux Commands Executed by System Users in Real-time
https://bit.ly/2RmcYHM


F.商業

台灣大哥大、微軟推全台首個Azure Stack落地公有雲
https://bit.ly/2Aye7F5

AI、區塊鏈皆佈局,金融支付整合商「普鴻」即將上櫃
https://www.inside.com.tw/article/14809-provision

Amazon為非關聯式資料庫DynamoDB提供ACID交易功能
https://bit.ly/2rdQu0o

 TWID 身份識別中心 將聯手五大電信業者催生台灣行動實名認證
https://bit.ly/2Rnn9vZ

手機號碼就是身份證!五大電信將推 TWID 行動身份識別,明年一月上線
https://www.eprice.com.tw/mobile/talk/5035/5167058/1/

5秒一指搞定!手機門號網路實名認證,明年1月上路
http://3c.ltn.com.tw/news/35190

手機門號網路身分證 實名認證明年1月啟動
https://bit.ly/2P4HW5r

Google釋出Dart 2.1完備健全類型系統,編輯與編譯程式碼都會進行類型檢查
https://bit.ly/2SivUam

高威電信擴展網絡保安 數碼港資安中心投入服務
https://www.it-square.hk/archives/6406

《資訊服務》訊連U系列獲經部軟體採購標案
https://www.chinatimes.com/realtimenews/20181128002186-260410

Microsoft details the causes of its recent multi-factor authentication meltdown
https://www.zdnet.com/article/microsoft-details-the-causes-of-its-recent-multi-factor-authentication-meltdown/#ftag=RSSbaffb68

Red Hat buys hybrid-cloud, data-storage company NooBaa
https://www.zdnet.com/article/red-hat-buys-hybrid-cloud-data-storage-company-noobaa/#ftag=RSSbaffb68

Microsoft's multi-factor authentication service goes down for second week in a row
https://www.zdnet.com/article/microsofts-multi-factor-authentication-service-goes-down-for-second-week-in-a-row/#ftag=RSSbaffb68

HPE buys big data specialist BlueData
https://www.zdnet.com/article/hpe-buys-big-data-specialist-bluedata/#ftag=RSSbaffb68

Cloudflare goes InterPlanetary - Introducing Cloudflare’s IPFS Gateway
https://blog.cloudflare.com/distributed-web-gateway/#disqus_thread

Amazon Personalize, Forecast bring Amazon.com's AI techniques to AWS customers
https://www.zdnet.com/article/amazon-personalize-forecast-bring-amazon-coms-ai-techniques-to-aws-customers/#ftag=RSSbaffb68

AWS says so long developers and hello 'builders'
https://www.zdnet.com/article/aws-says-so-long-developers-and-hello-builders/#ftag=RSSbaffb68

AWS unveils Lake Formation for easy data lake building
https://www.zdnet.com/article/aws-unveils-lake-formation-for-easy-data-lake-building/#ftag=RSSbaffb68



G.政府

何謂資安即國安
http://talk.ltn.com.tw/article/paper/1249488

立法委員羅致政促反制中共網軍攻擊 盼國安局反守為攻
https://money.udn.com/money/story/7307/3502580

扯!他打臉國安局長 連這都不知道
https://bit.ly/2FJ04SV

國安局施政計畫報告 精進網安防禦應變 肆應駭客新型攻擊
https://bit.ly/2DY74tr

國安局長直言「假新聞」
https://www.chinatimes.com/newspapers/20181127000535-260102

綠營兵敗如山倒 國安局長:不影響台美關係
http://news.ltn.com.tw/news/politics/breakingnews/2625102

國安局:下任總統大選編5千萬購39輛警備車
https://www.cna.com.tw/news/aipl/201811260036.aspx

小英、綠營稱外力介入選舉? 國安局打臉:是人民對經濟民生表態
https://bit.ly/2KH6cKl

考驗賴清德?內閣改組聲響 這些部會首長都被點名下台
https://bit.ly/2FOTxGe

強化資安防護力 政府支援產業資安健診
https://n.yam.com/Article/20181127470043

108年度資安設備維護採購案
https://www.ccpb.gov.tw/news/?mode=data&id=9629&parent_id=10321&type_id=10323

107年資安職能換證評量開放報名
https://www.nccst.nat.gov.tw/NewInfoDetail?lang=zh&seq=1517

賴揆促中選會徹底檢討選務 研議公投電子投票
https://www.cna.com.tw/news/aipl/201811290137.aspx

電子投票涉及層面多 關鍵在社會信任度
https://bit.ly/2Rl8t08

網傳將花500億元改版新台幣 政院發言人:假訊息
https://bit.ly/2KFhEpT

金管會宣布 即日起超商可用信用卡繳交罰單
https://udn.com/news/story/7239/3509176

立委爆花460億元建構的國軍迅安系統 功能卻如MSN
https://bit.ly/2TYCzZe


H.工控系統/ICS/SCADA

Global Industrial Control System Security Market Extensive Research Report
https://on.mktw.net/2KJnTJd

Industrial Control Systems Market Analysis by Key Players, Growth, Size, Share, Trends, Forecast to 2024
https://www.marketwatch.com/press-release/industrial-control-systems-market-analysis-by-key-players-growth-size-share-trends-forecast-to-2024-2018-11-28

Securing The SCADA Networks And Infrastructure
https://www.expresscomputer.in/security/securing-the-scada-networks-and-infrastructure/30189/

We see ourselves as an ‘MSSP-first’ organisation, says Adi Dar, CEO of Cyberbit
https://www.crn.in/security/we-see-ourselves-as-an-mssp-first-organisation-says-adi-dar-ceo-of-cyberbit/

The Growing Importance Of Cybersecurity Skills
https://www.forbes.com/sites/adigaskell/2018/11/28/the-growing-importance-of-cyber-security-skills/#2baa06ea139d

Deliver Sensor Data Directly to SCADA and IOT Systems via OPC-UA and MQTT with Comtrol’s IO-Link Master
https://www.businesswire.com/news/home/20181127005078/en/Deliver-Sensor-Data-SCADA-IOT-Systems-OPC-UA

Manufacturing Cybersecurity Must Adapt to Emerging Technology and Threats
https://www.manufacturing.net/article/2018/11/manufacturing-cybersecurity-must-adapt-emerging-technology-and-threats


I.教育訓練類

從零學習安全測試,從XSS漏洞攻擊和防禦開始
https://testerhome.com/topics/16996

資安補帖─Day45─資安常識小題庫
https://ithelp.ithome.com.tw/articles/10210116

資安補帖─Day46─滲透測試─平行越權
https://ithelp.ithome.com.tw/articles/10210124

資安補帖─Day47─WAF
https://ithelp.ithome.com.tw/articles/10210136?sc=iThelpR

資安補帖─Day48─用XAMPP操作SQL了解SQLi-1
https://ithelp.ithome.com.tw/articles/10210153

資安補帖─Day49─推薦閱讀:PHP安全日曆(PHP SECURITY CALENDAR)
https://ithelp.ithome.com.tw/articles/10210165

資安補帖─Day50─淺談GDPR
https://ithelp.ithome.com.tw/articles/10210180?sc=rss.qu

愛駭客/巧用CSS3漸變色實現動畫/手記
https://bit.ly/2QoXyFK

WEB安全入門系列之文件上傳漏洞詳解
https://www.secpulse.com/archives/78800.html

程式範例 - 快速列出 Windows 執行中程式 CPU%、記憶體用量與執行身分
https://bit.ly/2r9uZ0z

Installation of “RHEL 8” Beta with Screenshots
https://bit.ly/2FQYPkD

HITCON-Training for Linux binary Exploitation
https://bit.ly/2E2Z3Dw

PySyft/examples/tutorials/
https://github.com/OpenMined/PySyft/tree/master/examples/tutorials

How to perform reverse engineering using IDA Pro
https://bit.ly/2RnGnS0


J.玄武安全推送

每日安全動態推送(11-26)
https://tw.weibo.com/xuanwulab/4310588156620178

每日安全動態推送(11-27)
https://tw.weibo.com/xuanwulab/4310955644687823

每日安全動態推送(11-28)
https://tw.weibo.com/xuanwulab/4311318703731854

每日安全動態推送(11-29)
https://tw.weibo.com/xuanwulab/4311679620347500

每日安全動態推送(11-30)
https://tw.weibo.com/xuanwulab/4312042091198200


K.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機

強化資安,物聯網行業卡年底前完成核查整改
https://bit.ly/2ApTZ7R

物聯網設備需安全預警:2019年漏洞增長率將達28.6%
http://industry.people.com.cn/n1/2018/1128/c413883-30429283.html

可幫客戶減少45%成本!亞馬遜AWS推出首款自家設計的ARM晶片
https://bit.ly/2FLlTRR

360發布《IoT設備網絡安全報告》:IoT漏洞增長率高於整體14.7%
https://zhuanlan.zhihu.com/p/51056784

大舉投入車聯網研發前,台灣政府跟產業有信心「資安零危機」嗎
https://buzzorange.com/techorange/2018/11/29/internet-of-vehicle/

RASPBERRY PI SPECS AND BENCHMARKS: 3A+, 3B+, ZERO W
https://bit.ly/2TT7nKN

Benchmarking Amazon's ARM Graviton CPU With EC2's A1 Instances
https://bit.ly/2DOBBJn

Singapore ISPs ordered to block access to TV boxes preloaded with content apps
https://www.zdnet.com/article/singapore-isps-ordered-to-block-access-to-tv-boxes-preloaded-with-content-apps/#ftag=RSSbaffb68

Germany proposes router security guidelines
https://www.zdnet.com/article/germany-proposes-router-security-guidelines/#ftag=RSSbaffb68

IoT to drive growth in connected devices through 2022: Cisco
https://www.zdnet.com/article/iot-to-drive-growth-in-connected-devices-through-2022-cisco/#ftag=RSSbaffb68

Pattern Recognition and Machine Learning
https://bit.ly/2AwhFYr

A Survey on Data Collection for Machine Learning: a Big Data - AI Integration Perspective
https://arxiv.org/abs/1811.03402?fbclid=IwAR3j0jzB8dlYnWNscD8r2uvI6Ey9tR3Ve-4eErp9ifau2eT3UVMJbrygkKA

NYU, Facebook release massive MRI dataset as part of ongoing AI project
https://bit.ly/2ztzlEw

L.CTF

Meepwn CTF 2018
https://ctf.meepwn.team/

CODE BLUE CTF 2018
http://ctf.codeblue.jp/

RITSEC CTF 2018 WriteUp (Web) – Aj Dumanhug – Medium
https://medium.com/@ajdumanhug/ritsec-ctf-2018-writeup-web-72a0e5aa01ad

Teaser Dragon CTF 2018 Writeup by r3kapig
https://xz.aliyun.com/t/2831


4.近期資安活動及研討會
 
   Python 應用教學課程-平行處理 1~3 11/30 ~ 12/14
  https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3750&from_course_list_url=homepage

  【課程】Kubernetes(K8S)實戰班,容器編排管理絕佳工具,理論實作並重,有效打造企業級 DevOps 環境 12/1 12/2
  https://bit.ly/2rAkB2q

  ABAQUS基礎訓練課程 12/4 ~ 12/6
  https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3709&from_course_list_url=homepage

  EnCase EnCE 認證考試 Preparation 課程  12/5 ~ 12/7
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=44

  TANet/TWAREN監控平台與即時流量異常偵測系統介紹 12/6
  https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3766&from_course_list_url=homepage

  駭客入侵調查暨資安緊急應變實務 12/10 ~ 12/11
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=45

  TANet/TWAREN監控平台與即時流量異常偵測系統介紹 12/11
  https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3767&from_course_list_url=homepage

  網路封包分析 12/13
  https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3654&from_course_list_url=homepage

  眺望2019 物聯網安全高峰論壇  12/13
  https://www.2cm.com.tw/files/event/2018IoT_Security_Forum/index.html

  台灣駭客年會 HITCON Pacific 2018 12/13 ~ 12/14
  https://hitcon.kktix.cc/events/hitcon-pacific-2018

  亥客書院 - 進階網頁滲透測試  12/15
  https://hackercollege.nctu.edu.tw/?p=323

  Python 應用教學課程-雲端服務 1~3 12/21 ~ 1/4
  https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3753&from_course_list_url=homepage

  專業手機暨硬碟資料救援教育訓練課程 12/26 ~ 12/28
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=46

  系統日誌分析實務  12/27
  https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3653&from_course_list_url=homepage

  亥客書院 - 高階網頁滲透測試    2019/1/5
  https://hackercollege.nctu.edu.tw/?p=768

  資策會2019/1/5開辦CompTIA Security+ 國際網路資安認證班
  https://n.yam.com/Article/20181129286231

沒有留言:

張貼留言

資安事件新聞週報 2021/4/12 ~ 2021/4/16

 資安事件新聞週報 2021/4/12  ~  2021/4/16 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers...