PHP Proxy 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19458
PHP 遠端執行程式碼漏洞
https://securitytracker.com/id/1042157
近1/5智能攝像頭存漏洞 三成廠商不考慮安全問題
http://finance.sina.com/bg/economy/economy_indu/chinanews/2018-11-27/doc-ivctqsww7795962.shtml
Glibc 阻斷服務漏洞
https://securitytracker.com/id/1042174
MariaDB Client 10.1.26 - Denial of Service (PoC)
https://www.exploit-db.com/exploits/45901
Mac OS X - libxpc MITM Privilege Escalation (Metasploit)
https://www.exploit-db.com/exploits/45916
思科修復Prime License Manager中的關鍵SQL注入漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15441
Cisco NX-OS拒絕服務漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0378
Cisco NX-OS拒絕服務漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0456
電子學習平台Moodle出現嚴重CSRF缺陷,TWCERT/CC籲儘速修補
https://www.ithome.com.tw/news/127237
合勤科技修補VMG1312-B10D無線閘道器Directory Traversal破綻
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5056
Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal
https://www.exploit-db.com/exploits/45904
SAP Fiori Client拒絕服務漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2488
Ruby語言存在反序列化漏洞導致Ruby 2.x任意命令執行漏洞
http://www.4hou.com/vulnerable/14547.html
Linux內核受兩個DoS漏洞影響,均源於空指針引用問題
https://www.freebuf.com/company-information/190589.html
PHP imap_open - Remote Code Execution (Metasploit)
https://www.exploit-db.com/exploits/45914
Samba 多個漏洞
https://www.us-cert.gov/ncas/current-activity/2018/11/27/Samba-Releases-Security-Updates
鎖定Samba缺陷,能終止網路服務或猜測密碼
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5058
研究人員發現 GPU 側道攻擊漏洞
https://hk.saowen.com/a/188486dce937b73409221050f271632ebc133ec6ecb95877c619146113cde7f3
WebEx Meetings漏洞沒補好,思科再補一次
https://www.ithome.com.tw/news/127328?fbclid=IwAR17ga8MytPih_cUE42C2HlyuTYdDcdMQ3lvl5sLkXJtN61jNG6TmIuQq-Y
關於漏洞利用和SCSP 漏洞利用緩解
https://symc.ly/2E5QyYr
Microsoft releases first Windows Server 19H1 test build
https://www.zdnet.com/article/microsoft-releases-first-windows-server-19h1-test-build/#ftag=RSSbaffb68
Microsoft's latest Windows 10 19H1 test build adds UI tweaks, fixes
https://www.zdnet.com/article/microsofts-latest-windows-10-19h1-test-build-adds-ui-tweaks-fixes/#ftag=RSSbaffb68
Microsoft patches several versions of Windows 10
https://www.zdnet.com/article/microsoft-patches-several-versions-of-windows-10/#ftag=RSSbaffb68
Vulnerability Report – CVE-2018-17612
https://www.secorvo.de/publikationen/headsetup-vulnerability-report-secorvo-2018.pdf
Second time lucky: Cisco pushes fix for failed Webex vulnerability patch
https://www.zdnet.com/article/cisco-pushes-new-patch-to-fix-failed-fix-for-severe-webex-vulnerability/#ftag=RSSbaffb68
2.銀行/金融/保險/證券/電子支付/行動支付/支付系統/虛擬貨幣/區塊鍊 新聞及資安
〈區塊鏈大應用〉Sony將於PS4上推出首款區塊鏈遊戲
https://news.cnyes.com/news/id/4244501
區塊鏈助保險索賠走向高效 數據加密捍衞私隱
http://startupbeat.hkej.com/?p=66473
談區塊鏈技術在未來投票上的可行性
https://vocus.cc/tuna/5bfd7a91fd89780001c51ae4
南韓實驗「區塊鏈投票」,年輕人躺著投票的夢想要成真了
https://buzzorange.com/techorange/2018/11/29/south-korea-blockchain-vote/
OKEx交易所推出「漏洞賞金計畫」、並一口氣下架27枚「低流動性」代幣
https://www.blocktempo.com/okex-security-response-center/
科技富翁Tim Draper更進一步預測「加密貨幣採用率會超過法幣」
https://bit.ly/2Q5Ho4N
研究比特幣揣摩角色 影帝劉亞仁當配角也甘願
https://bit.ly/2Q1CINg
慘烈的互聯網泡沫爆破,加密貨幣市場前車可鑒
https://bit.ly/2rb3Nib
電子憑證網上報銷試點成效顯現 有效預防鋪張浪費
https://news.sina.com.tw/article/20181128/29014276.html
以太坊token漏洞致黑客可無限修改信息
http://tech.ifeng.com/a/20181123/45234248_0.shtml
開放使用比特幣繳稅 ,美國這一州搶頭香
https://bit.ly/2TKaynY
用比特幣徵稅?美俄亥俄州政府開先河:這個可以有
https://news.sina.com.tw/article/20181128/29016904.html
漏洞曝光,以太坊代幣或可被惡意攻擊
https://www.linksfin.com/article/201607
Beosin漏洞分析:偽EOS及其變種攻擊
https://www.huoxing24.com/newsdetail/20181123152056826278
北韓擬舉辦區塊鏈國際會議,將可能實現從幣到技術的轉身
http://news.knowing.asia/news/6213dda3-b6bb-4878-b758-4207f8cfe92d
駭客鎖定BTCP加密貨幣展開51%攻擊
https://www.ptt.cc/bbs/DigiCurrency/M.1542852833.A.3A3.html
加拿大銀行組建"黑客紅隊" 堵塞網絡安全漏洞
http://www.bcbay.com/news/2018/11/24/610012.html
財金公司 化身金融業防駭第一線
https://www.chinatimes.com/newspapers/20181126000295-260202
研究:多數 ATM 都可在 20 分鐘內被攻破
https://bit.ly/2An4zMV
超脆弱!85%的ATM都能在20分鐘內被駭客攻陷
https://www.ettoday.net/news/20181127/1317191.htm
旅展首日就「斷線」!刷卡機過不了 業者上午損失數十萬
https://travel.ettoday.net/article/1313924.htm
旅展網路出包無法刷卡 中華電信搶修中
https://bit.ly/2DVErgD
中華電與LINE純網銀顧問名單出爐 各聘萬國、理律兩大事務所
https://bit.ly/2KyQbG1
執行長劉奕成:將來銀行3年內打平
https://bit.ly/2zuAjjI
環聯信貸疑有嚴重漏洞 環聯:已凍結受影響賬戶
https://bit.ly/2SfPVi3
環聯現漏洞 信貸報告資料外洩
https://hk.finance.appledaily.com/finance/daily/article/20181129/20557310
黃繼兒指身分認證程序存漏洞 特首辦金管局已作跟進
https://bit.ly/2TZybZK
港媒指信貸公司存漏洞 特首資料隨意看
https://www.cna.com.tw/news/acn/201811290079.aspx
港媒揭發資安漏洞 一家信貸公司可查特首資料
https://bit.ly/2PYvI3q
現保安漏洞洩信貸資料 環聯:已暫停港所有網上信貸報告查詢服務
https://bit.ly/2DRMHgz
短訊認證存漏洞 方保僑︰業界應及早準備新方法
https://bit.ly/2rbzR5k
環聯漏洞 林鄭信貸資料任睇 資料庫載500萬人信貸報告 虛構身分輕易通過核證
https://m.mingpao.com/pns/dailynews/web_tc/article/20181129/s00001/1543430717524
環聯母公司美上市 高層多資安情報專家
https://news.mingpao.com/pns/dailynews/web_tc/article/20181130/s00001/1543514997277
中銀:沒有與第三方就提供信貸服務合作
https://hk.finance.appledaily.com/finance/realtime/article/20181129/58972814
BitPay錢包受漏洞威脅用戶被告知將資金轉移至新錢包
http://www.bitcoin86.com/news/32272.html
科技進步也惹禍 南山業務員控遭變相減薪
https://www.chinatimes.com/realtimenews/20181128003501-260410
SWIFT國際匯款網絡多次被駭客攻破
https://www.ptt.cc/bbs/DigiCurrency/M.1543371179.A.E19.html
Verizon:支付卡安全標準6年來首次下跌
https://bit.ly/2reRX6y
假投保、真理財 金管會首度開罰保險公司
https://udn.com/news/story/7239/3509526
手機代替錢包?華為開放錢包服務推進物理卡片電子化
https://bit.ly/2Q3l1g7
「8591交易網」被控吸金186億 董座等3人二審仍無罪
http://news.ltn.com.tw/news/society/breakingnews/2628235
8591推T幣被控違法 法院判無罪
https://bit.ly/2rbCdkH
推虛擬貨幣遭檢方認吸金186億?數字科技老董二審無罪
https://www.ettoday.net/news/20181129/1318568.htm
涉協助洗錢上百億 德意志銀行總部遭搜索
http://ec.ltn.com.tw/article/breakingnews/2628315
Ethereum (ETH) Vulnerability Could Have Led to Exchange Drains, Report Says
https://cryptovest.com/news/ethereum-eth-vulnerability-could-have-led-to-exchange-drains-report-says/
In this country, your cryptocurrency must go through your bank
https://www.zdnet.com/article/in-this-country-your-cryptocurrency-must-go-through-your-bank/#ftag=RSSbaffb68
Card issuers make progress toward seamless mobile transaction protocols
https://www.atmmarketplace.com/articles/card-issuers-make-progress-toward-seamless-mobile-transaction-protocols/
UK watchdog investigating Nasdaq’s $190m bid for Cinnober
https://www.bankingtech.com/2018/11/uk-watchdog-investigating-nasdaqs-190m-bid-for-cinnober/
Bitcoin plunges again. Now the only currency worse than bitcoin is Venezuela’s
https://lat.ms/2E1oqWv
Rogue Developer Infects Widely Used NodeJS Module to Steal Bitcoins
https://bit.ly/2Qn0d2y
3.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體
卡巴斯基:多才多藝的Android惡意程式Rotexy在3個月內發動7萬次攻擊
https://www.ithome.com.tw/news/127239
勒索病毒家族數量減少,但感染為何持續發生
https://blog.trendmicro.com.tw/?p=57953
Mirai殭屍網路捲土重來,這次瞄準Linux伺服器
https://times.hinet.net/news/22105734
什麼是無檔案病毒(Fileless Malware)攻擊
https://blog.trendmicro.com.tw/?p=57676
“想哭”病毒還是勒索“老大” 勒索病毒蠕蟲化更加流行
http://big5.xinhuanet.com/gate/big5/www.xinhuanet.com/tech/2018-11/27/c_1123773195.htm
路由器漏洞頻發,mirai 新變種來襲
https://paper.seebug.org/749/
瑞星推勒索病毒報告:今年感染344萬次 廣州居首
https://bit.ly/2DSn7s6
利用機器學習來對 Gh0st RAT 變種的惡意網路流量分群 (Clustering)
https://blog.trendmicro.com.tw/?p=58009
Lucky雙平台勒索者樣本技術分析
https://ti.360.net/blog/articles/analysis-of-lucky-ransomware/
起死回生的Emotet銀行木馬程式,在全球建立了721個非重複的 C&C 伺服器
https://blog.trendmicro.com.tw/?p=58062
KingMiner malware hijacks the full power of Windows Server CPUs
https://www.zdnet.com/article/kingminer-cryptojacker-returns-now-new-and-improved/#ftag=RSSbaffb68
Hackers are opening SMB ports on routers so they can infect PCs with NSA malware
https://www.zdnet.com/article/hackers-are-opening-smb-ports-on-routers-so-they-can-infect-pcs-with-nsa-malware/#ftag=RSSbaffb68
Malware Companies Are Finding New Ways to Spy on iPhones
https://bit.ly/2RlXmEi
U.S Charges Two Iranian Hackers for SamSam Ransomware Attacks
https://bit.ly/2SfyNcb
New Linux crypto-miner steals your root password and disables your antivirus
https://www.zdnet.com/article/new-linux-crypto-miner-steals-your-root-password-and-disables-your-antivirus/#ftag=RSSbaffb68
Ukrainian police arrest hacker who infected over 2,000 users with DarkComet RAT
https://www.zdnet.com/article/ukrainian-police-arrest-hacker-who-infected-over-2000-users-with-darkcomet-rat/#ftag=RSSbaffb68
Hacker backdoors popular JavaScript library to steal Bitcoin funds
https://www.zdnet.com/article/hacker-backdoors-popular-javascript-library-to-steal-bitcoin-funds/#ftag=RSSbaffb68
This worm spreads a fileless version of the Trojan Bladabindi
https://www.zdnet.com/article/this-worm-spreads-fileless-trojan-bladabindi-through-removable-drives/#ftag=RSSbaffb68
Aurora / Zorro Ransomware Actively Being Distributed
https://www.bleepingcomputer.com/news/security/aurora-zorro-ransomware-actively-being-distributed/
New industrial espionage campaign leverages AutoCAD-based malware
https://www.zdnet.com/article/new-industrial-espionage-campaign-leverages-autocad-based-malware/#ftag=RSSbaffb68
Two Iranians Charged in SamSam Ransomware Attacks
https://www.bankinfosecurity.com/two-iranians-charged-in-samsam-ransomware-attacks-a-11741
B.行動安全 / iPhone / Android / App
北市議員王威中落選 這家APP首頁公告「慶祝」引熱議
http://news.ltn.com.tw/news/politics/breakingnews/2624248
《街口》賀王威中「落選」 執行長:只是恭賀他一下
https://tw.appledaily.com/new/realtime/20181125/1473154/
不符條款規定?蘋果大規模下架逾700款中國區App
http://ec.ltn.com.tw/article/breakingnews/2626061
推e化服務 國考APP已逾2萬人下載
https://udn.com/news/story/6939/3508848
獵豹移動8款行動程式遭指控詐騙數百萬美元程式下載獎勵金,股價大跌32.8%
https://www.ithome.com.tw/news/127334?fbclid=IwAR3Cv2XvxtJmIvQWeUKVfwlsusuBuTIA-6tEIGJTeVZYG-mUP2Fmmmkf614
偏愛假冒宅配公司,超過 30 萬用戶受害的 Android 惡意程式家族:XLoader 和 FakeSpy
https://blog.trendmicro.com.tw/?p=58066
通訊達人 › 淺談Mobile ID行動身分識別服務
https://www.kocpc.com.tw/archives/231616
香港地區 Google Play 商店應用程式保安風險報告 (2018年 11 月)
https://www.hkcert.org/my_url/zh/blog/18113001
Hacking Your Ride: Risks Posed by Automotive Smartphone Apps
https://www.bankinfosecurity.com/interviews/hacking-your-ride-risks-posed-by-automotive-smartphone-apps-i-4181
Android adware has plagued the Google Play Store in the past two months
https://www.zdnet.com/article/android-adware-has-plagued-the-google-play-store-in-the-past-two-months/#ftag=RSSbaffb68
Managing the Risks Posed by Automotive Smartphone Apps
https://www.bankinfosecurity.com/interviews/managing-risks-posed-by-automotive-smartphone-apps-i-4184
Advanced iPhone USB Tethering
https://one.vg/advanced-iphone-usb-tethering/?fbclid=IwAR0liWsG5PiF1ZasyVh5p-GOZBgPvXHilZ9byCp1GD8sa83B1sToU4HbVyA
8 Popular Android Apps Caught Up In Million-Dollar Ad Fraud Scheme
https://bit.ly/2QmQ6ee
Deobfuscated libMobileGestalt keys (iOS 12)
https://bit.ly/2AvfYKY
Google's Project Fi 4G is now available on most Android devices and iPhone
https://www.zdnet.com/article/googles-project-fi-4g-is-now-available-on-most-android-devices-and-iphone/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
Chrome及Firefox都不想再支援用了超過40年的FTP
https://www.ithome.com.tw/news/127281
重慶男子網上賭博被騙 自學 DDoS 復仇反被捕
https://bit.ly/2FDeLGX
Dell遭駭客入侵,強制重設所有官網客戶密碼
https://www.ithome.com.tw/news/127357
全校師生Google Drive癱瘓 恒大︰Google表示歉意
https://hk.finance.appledaily.com/finance/realtime/article/20181122/58943580
資訊和網絡保安人員
https://bit.ly/2zwC4Ng
安全架構及保障私隱由設計做起 – 網上應用程式的關鍵
https://www.hkcert.org/my_url/zh/blog/18111001
要讓有瑕疵醫療裝置資訊公開透明,全球故障醫療裝置資料庫上線了
https://www.ithome.com.tw/news/127364?fbclid=IwAR2X4eDosxxnoOJcxQ83HOEN7PwBAU2JTVBIl_yaBUbQR31lcGtwMedGkxU
英國駭客入侵電訊客戶網竊取資料獲刑12個月
http://www.taidaily.com/?p=333525
涉開發勒索軟體 美起訴伊朗駭客
https://bit.ly/2QmPt4j
對付違規科技公司,俄羅斯擬祭高額罰金
https://bit.ly/2AqckBO
美國資安公司火眼:中國應有干預台灣選舉
https://newtalk.tw/news/view/2018-11-29/173761
投票日遭境外大規模駭客攻擊 所幸成功防堵
https://bit.ly/2Rneppy
中選會證實九合一大選網站受到攻擊,強調未波及計票結果
https://www.ithome.com.tw/news/127358
中選會證實投票日遭駭客入侵 網民:推卸責任
https://bit.ly/2Q45IE3
親口證實投票當日官網遭「境外」攻擊!中選會:DDoS 並未影響計票系統
https://buzzorange.com/techorange/2018/11/29/ddos-taiwan-vote-day/
選舉日有駭客入侵? 中選會證實境外大規模攻擊但未影響計票
http://news.ltn.com.tw/news/life/breakingnews/2627349
選舉日官網遭駭 中選會:封閉系統未受害
https://news.pts.org.tw/article/414553
證實開票日遭駭客入侵 中選會保證不影響計票
https://life.tw/?app=view&no=870925
行政院資安處:投票當天DDoS攻擊流量只有9Gbps,維持不到10分鐘
https://www.ithome.com.tw/news/127371?fbclid=IwAR1oIfyNosgLQ_SYOQHy2OFP3pm-ZrrlV2UyvbseHCp0YZNOiXwX66ztgCQ
惡意廣告攻擊行動在48小時內挾持3億次的行動瀏覽期間
https://ithome.com.tw/news/127335
黑客宣佈已破解任天堂Switch 6.2系統 將在本週放出
https://bit.ly/2Sd0d2w
美制裁兩名伊朗公民指幫助駭客敲詐
http://www.metroradio.com.hk/News/live.aspx?NewsId=20181129071021
《李忠憲專欄》資訊戰爭
https://taronews.tw/2018/11/27/187777/
阿里雲等7網企 有資安問題
https://udn.com/news/story/7332/3505485
軟體供應鏈攻擊再現! 熱門函式庫Event-Stream遭植入比特幣竊取程式
https://www.ithome.com.tw/news/127278
向駭客下戰帖! 中山首成立資安碩士班
http://news.nsysu.edu.tw/p/406-1120-195675,r2910.php?Lang=zh-tw
企業資訊安全頻拉警報! 資安險投保倍增 明年更旺
https://www.chinatimes.com/newspapers/20181127000437-260208
感恩節意外!駭客入侵 Drake Fortnite 帳號毀壞慈善直播活動
https://hypebeast.com/zh/2018/11/drake-fortnite-account-hacked
憂國家安全 荷蘭議員籲政府停用中國軟件
http://www.epochtimes.com/b5/18/11/28/n10878705.htm
隱藏巨大國家資安問題 紐西蘭政府拒用華為5G設備
https://www.ettoday.net/news/20181128/1317996.htm
國安威脅 紐西蘭禁華為5G設備
https://www.ydn.com.tw/News/314661
繼美、澳之後,紐西蘭也向華為網路設備說「不」
https://www.ithome.com.tw/news/127349
以色列提供駭客技術 《國土報》:助沙國王儲監控卡舒吉及政敵手機
https://bit.ly/2r762TG
竊商業機密 美點名陸駭客組織APT10
https://bit.ly/2E0CfUR
2伊朗駭客 被控網攻美政府和企業
https://bit.ly/2SkQFT3
【打擊數位威權主義】中國監控大廠海康威視被盯上 美國停止供應IC技術
https://bit.ly/2zzLYxH
中共竊他國技術 發展空軍
https://bit.ly/2P8xv0F
中共無所不「駭」 美籲盟友拒用華為
https://bit.ly/2AogjyX
中國水軍、網軍九合一練兵「制腦權」,目標2020大選
https://www.storm.mg/article/643412
中共製造假新聞 介入臺灣九合一選舉
http://www.ntdtv.com/xtr/b5/2018/11/26/a1400765.html
中國大陸工業和信息化部辦公廳關於開展網絡安全技術應用試點示范項目推薦工作的通知
http://jmjh.miit.gov.cn/newsInfoWebMessage.action?newsId=10744259
修復要7天!南韓電信龍頭KT火災成「國難」 醫院、店家全癱瘓
https://www.ettoday.net/news/20181125/1315624.htm
澳反恐資安新法 科技龍頭提出警告
https://www.rti.org.tw/news/view/id/2003725
Singapore State Courts' digital files accessed illegally due to system loophole
https://www.zdnet.com/article/singapore-state-courts-digital-files-accessed-illegally-due-to-system-loophole/#ftag=RSSbaffb68
Dunkin' Donuts accounts may have been hacked in credential stuffing attack
https://www.zdnet.com/article/dunkin-donuts-accounts-may-have-been-hacked-in-credential-stuffing-attack/#ftag=RSSbaffb68
Chrome and Firefox are planning to stop supporting the FTP server protocol completely
https://bit.ly/2BEDM0o
Orkus launches scalable cloud data security
https://www.zdnet.com/article/orkus-launches-scalable-cloud-data-security/#ftag=RSSbaffb68
Top Chinese security agency behind wave of cyber-attacks targeting Australian firms
https://www.teiss.co.uk/threats/australian-cyber-atacks-china/
How Just Opening A Site In Safari Could Have Hacked Your Apple macOS
https://bit.ly/2BwmDWL
Real Identity of Hacker Who Sold LinkedIn, Dropbox Databases Revealed
https://bit.ly/2DICymo
3 New Code Execution Flaws Discovered in Atlantis Word Processor
https://bit.ly/2KwRZQ1
Cyber Monday is on track to smash online sales records
https://www.zdnet.com/article/cyber-monday-is-on-track-to-smash-online-sales-records/#ftag=RSSbaffb68
Microsoft warns about two apps that installed root certificates then leaked the private keys
https://zd.net/2BGavCI
ADV180029 | Inadvertently Disclosed Digital Certificates Could Allow Spoofing
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180029
Hackers are using leaked NSA hacking tools to covertly hijack thousands of computers
https://tcrn.ch/2zuTk5J
Exposing the Public IPs of Tor Services Through SSL Certificates
https://bit.ly/2AwnRzv
ElasticSearch server exposed the personal data of over 57 million US citizens
https://www.zdnet.com/article/elasticsearch-server-exposed-the-personal-data-of-over-57-million-us-citizens/#ftag=RSSbaffb68
C3 updates platform to support more DevOps, clouds, data lakes
https://www.zdnet.com/article/c3-updates-platform-to-support-more-devops-clouds-data-lakes/#ftag=RSSbaffb68
FBI dismantles gigantic ad fraud scheme operating across over one million IPs
https://www.zdnet.com/article/fbi-dismantles-gigantic-ad-fraud-scheme-operating-across-over-one-million-ips/#ftag=RSSbaffb68
US Senate computers will use disk encryption
https://www.zdnet.com/article/us-senate-computers-will-use-disk-encryption/#ftag=RSSbaffb68
Hackers can exploit this bug in surveillance cameras to tamper with footage
https://www.zdnet.com/article/hackers-can-exploit-these-bugs-in-surveillance-cameras-to-tamper-with-footage/#ftag=RSSbaffb68
徵才 - 網路資安工程師(仁德)
https://www.104.com.tw/job/?jobno=6g02i
徵才 - 戰略分析師(總監級)
https://www.liepin.com/job/1915572960.shtml
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷
Facebook提高發現賬戶劫持漏洞的賞金金額
https://www.easyaq.com/news/1404859498.shtml
有半數釣魚網站都會讓你以為它是安全的
https://engt.co/2Aysycj
覆水難收﹕時刻小心處理客戶資料
https://www.hkcert.org/my_url/zh/blog/18112901
亞瑪遜爆個資外洩風波 實際受影響用戶數不明
https://www.ettoday.net/news/20181126/1315993.htm
【GDPR施行後的法遵議題】從企業營運看隱私工程帶來的效益
https://www.ithome.com.tw/news/127228
一個關於Facebook用戶個人和好友隱私信息洩露的漏洞
https://www.freebuf.com/vuls/189456.html
地方政府電子信箱遭竊 解放軍邊境駐軍所有分布流出
https://www.ettoday.net/news/20181123/1314011.htm
指紋辨識可靠嗎?科學家研發「深度萬能指紋」 以近 8 成機率通過系統驗證
https://www.limitlessiq.com/news/post/view/id/7701/
美國郵政服務USPS站點緊急修復安全漏洞:能夠查看任何其它用戶的詳情
https://m.cnbeta.com/view/790937.htm
美國郵政署網站API漏洞恐使6000萬用戶資料外洩
https://www.ithome.com.tw/news/127222
偷看同事臉書訊息 小心下場悽慘
https://tw.appledaily.com/new/realtime/20181124/1471947/
偷看同事臉書訊息涉刑法 律師提醒蒐證注意兩點
https://news.tvbs.com.tw/local/1035081
個人資料外洩 如何為存款把關
https://bit.ly/2TPAz5w
請保護好你的密碼!保險業務員將客戶保單質押貸款 卷走近百萬
https://chinaqna.com/w1/5718/
黑色星期五黑客也來湊熱鬧,打折叫賣竊取的信用卡信息
http://www.cyzone.cn/article/481607.html
匯款寫錯帳號被詐騙列警示帳戶 銀行拒賠保戶利息損失
https://www.ettoday.net/news/20181127/1316833.htm
信用卡1年盜刷18.8億 謹記3要防範刷卡風險
https://bit.ly/2ByAV9i
信用卡年盜刷達18.8億 9成多被騙肥羊用電商
https://tw.lifestyle.appledaily.com/gadget/realtime/20181129/1475473
優步2016年個資外洩事件 英荷重罰
https://bit.ly/2Aozh8y
德國首樁GDPR開罰案例出爐,遭駭的聊天平台Knuddels.de因明文存放密碼遭罰2萬歐元
https://www.ithome.com.tw/news/127253?fbclid=IwAR37LcZmMX74R770jFVnGjqs5wKkmLCVkA1sKvPezliHFUHgHaaTZnMQ4YA
信用卡年遭盜刷18億!網購佔9成 3招防詐必學
https://fnc.ebc.net.tw/FncNews/life/60834
國人信用卡一年被盜刷逾18億!防詐三招助你守護荷包安心購物
https://blog.trendmicro.com.tw/?p=58078
避免兒童個資外洩 教部規定課照中心須有配套
https://udn.com/news/story/7266/3505168
病患「睡眠呼吸器」洩隱私!紀錄回傳保險公司..對方拿著喊不理賠
https://www.ettoday.net/dalemon/post/40085
環聯保安嚴重漏洞 林鄭信貸資料外泄
https://bit.ly/2zyxvC7
臉書被指2014年就知數據收集漏洞秘密文件將公佈
http://www.cyzone.cn/article/482215.html
注意!使用電子支付 不受騙四大秘訣大公開
https://www.wantgoo.com/news/content/index?ID=895871
信用卡詐騙立案門檻提高
https://news.sina.com.tw/article/20181130/29044826.html
Dell Hacked – Data Breach Exposed Names, Email addresses & Hashed Passwords
https://gbhackers.com/dell-hacked-data-breach-exposed-names-email-addresses-hashed-passwords/
Dell announces security breach
https://www.zdnet.com/article/dell-announces-security-breach/#ftag=RSSbaffb68
PhishLabs: 49 percent of all phishing sites use HTTPS
https://bit.ly/2TS8WbS
TalkTalk Hacking Due Jailed For 2015 Data Breach That Cost £77 Million
https://bit.ly/2BDJ5NZ
Half of Phishing Sites in the Wild Have SSL Certificates and Show Padlock Security Icon, Study Finds
https://bit.ly/2E2ATcn
US Postal Service Left 60 Million Users Data Exposed For Over a Year
https://bit.ly/2KwsRJf
Get paid up to $40,000 for finding ways to hack Facebook or Instagram accounts
https://bit.ly/2RfyLRu
Brazil's largest professional association suffers massive data leak
https://www.zdnet.com/article/brazils-largest-professional-association-suffers-massive-data-leak/#ftag=RSSbaffb68
Black Friday, Cyber Monday means more fraud; Machine learning to the rescue
https://www.zdnet.com/article/black-friday-cyber-monday-means-more-fraud-machine-learning-can-help/#ftag=RSSbaffb68
PageUp Breach: 'No Specific Evidence' of Data Exfiltration
https://www.bankinfosecurity.com/pageup-breach-no-specific-evidence-data-exfiltration-a-11724
Uber fined £900,000 by UK, Dutch privacy regulators over 2016 data breach
https://www.zdnet.com/article/uber-fined-900000-by-uk-dutch-privacy-regulators-over-2016-data-breach/#ftag=RSSbaffb68
Uber Fined $1.2 Million in EU for Breach Disclosure Delay
https://www.bankinfosecurity.com/uber-fined-12-million-in-eu-for-breach-disclosure-delay-a-11730
Phishing Scams in Healthcare: A Persistent Threat
https://www.bankinfosecurity.com/phishing-scams-in-healthcare-persistent-threat-a-11732
My Health Record Changes: Too Little, Too Late
https://www.bankinfosecurity.com/my-health-record-changes-too-little-too-late-a-11729
FBI Shuts Down Multimillion Dollar – 3ve – Ad Fraud Operation
https://bit.ly/2FONilW
Half of the Phishing Sites Trick Users by Displaying the HTTPS Green Padlock
https://gbhackers.com/half-phishing-sites-use-https/
Atrium Health data breach exposed 2.65 million patient records
https://www.zdnet.com/article/atrium-health-data-breach-exposed-2-65-million-patient-records/#ftag=RSSbaffb68
Attack on Billing Vendor Results in Massive Breach
https://www.bankinfosecurity.com/attack-on-billing-vendor-results-in-massive-breach-a-11740
Feds Charge Eight With Online Advertising Fraud
https://www.bankinfosecurity.com/feds-charge-eight-online-advertising-fraud-a-11738
Google Faces GDPR Complaints Over Web, Location Tracking
https://www.bankinfosecurity.com/google-faces-gdpr-complaints-over-web-location-tracking-a-11737
After Microsoft complaints, Indian police arrest tech support scammers at 26 call centers
https://www.zdnet.com/article/after-microsoft-complaints-indian-police-arrest-tech-support-scammers-at-26-call-centers/#ftag=RSSbaffb68
E.研究報告
Apple設備多個安全漏洞原理與修復方式分析(CVE-2017-13890、CVE-2018-4176、CVE-2018-4175)
http://www.4hou.com/vulnerable/14653.html
個案分析-校園勒索恐嚇信與勒索病毒攻擊事件分析報告_10711
https://cert.tanet.edu.tw/prog/opendoc.php?id=2018112311113838247549581880227.pdf
學術網路風險威脅評估報告-1
https://cert.tanet.edu.tw/prog/opendoc.php?id=2018112202114040560944506610529.pdf
大量Android第三方ROM未正確配置導致信息洩漏預警
https://www.anquanke.com/post/id/166475
ghostscript沙箱繞過遠程命令執行漏洞預警
https://www.secrss.com/articles/6604
那些年讓我們心驚膽戰的IIS漏洞
https://hk.saowen.com/a/12f7131b746504577d333dab617aa91543e240f5d199b8b1e912cb9b24a39373
通過FGO發現的Android安全漏洞
https://bbs.nga.cn/read.php?tid=15718956&rand=213
honggfuzz漏洞挖掘技術深究系列
https://bbs.pediy.com/thread-247954.htm
WordPress Plugin Quizlord 2.0 XSS漏洞復現與分析
https://hk.saowen.com/a/e01453bca6725699ac0f72ee6e2c68ff2c835f1d8f26c69bb3ae1d207ca96a46
thinkcmf 1.6.0版本從sql注入到任意代碼執行漏洞
https://xz.aliyun.com/t/3409
Windows VBScript引擎遠程執行代碼漏洞之CVE-2018-8373分析與復現
https://www.secfree.com/article-1110.html
警惕eval()的安全漏洞
http://www.safebase.cn/article-254207-1.html
6大類14款資料視覺化工具,學會其中2個就夠了
https://bit.ly/2PYjgAI
挖洞經驗 | 看我如何反覆獲取到HackerOne的漏洞測試邀請
https://hk.saowen.com/a/9616809ee6a20fae199ea126591b30b1e34bf56be970e6a5bdccfc786748d036
Linux kernel 4.20 BPF 整数溢出-堆溢出漏洞及其利用
https://www.anquanke.com/post/id/166819
一次受限環境中的Java反序列化漏洞挖掘到Get Shell
http://www.4hou.com/vulnerable/14348.html
CORS Attacks
https://www.exploit-db.com/docs/45906
SSH Auditor – Scan For Weak SSH Passwords On Your Network
https://bit.ly/2RlGAoR
NetRipper 1.1.22 release: Smart traffic sniffing for penetration testers
https://bit.ly/2P8uAFh
Why physical storage of your database tables might matter
https://bit.ly/2ra8nwU
Cracking linux full disc encryption, luks with hashcat
https://bit.ly/2TTd2AB
filebuster: An extremely fast and flexible web fuzzer
https://bit.ly/2RstV3e
Galileo – Open Source Web Application Auditing Framework
https://bit.ly/2KE10Hb
Skiptracer - OSINT Webscaping Framework
https://www.kitploit.com/2018/11/skiptracer-osint-webscaping-framework.html?utm_source=dlvr.it&utm_medium=facebook
How to Show Asterisks While Typing Sudo Password in Linux
https://bit.ly/2zsQNsE
bagder/http3-explained
https://bit.ly/2QsNzyY
MCExtractor - Intel, AMD, VIA & Freescale Microcode Extraction Tool
https://www.kitploit.com/2018/11/mcextractor-intel-amd-via-freescale.html?utm_source=dlvr.it&utm_medium=facebook
TIDoS-Framework v1.7 - The Offensive Manual Web Application Penetration Testing Framework
https://www.kitploit.com/2018/11/tidos-framework-v17-offensive-manual.html?utm_source=dlvr.it&utm_medium=facebook
YUMI – Multiboot USB Creator
https://bit.ly/2Rgdh70
A penetration tester’s guide to subdomain enumeration
https://bit.ly/2DQdSbE
How to Monitor Linux Commands Executed by System Users in Real-time
https://bit.ly/2RmcYHM
F.商業
台灣大哥大、微軟推全台首個Azure Stack落地公有雲
https://bit.ly/2Aye7F5
AI、區塊鏈皆佈局,金融支付整合商「普鴻」即將上櫃
https://www.inside.com.tw/article/14809-provision
Amazon為非關聯式資料庫DynamoDB提供ACID交易功能
https://bit.ly/2rdQu0o
TWID 身份識別中心 將聯手五大電信業者催生台灣行動實名認證
https://bit.ly/2Rnn9vZ
手機號碼就是身份證!五大電信將推 TWID 行動身份識別,明年一月上線
https://www.eprice.com.tw/mobile/talk/5035/5167058/1/
5秒一指搞定!手機門號網路實名認證,明年1月上路
http://3c.ltn.com.tw/news/35190
手機門號網路身分證 實名認證明年1月啟動
https://bit.ly/2P4HW5r
Google釋出Dart 2.1完備健全類型系統,編輯與編譯程式碼都會進行類型檢查
https://bit.ly/2SivUam
高威電信擴展網絡保安 數碼港資安中心投入服務
https://www.it-square.hk/archives/6406
《資訊服務》訊連U系列獲經部軟體採購標案
https://www.chinatimes.com/realtimenews/20181128002186-260410
Microsoft details the causes of its recent multi-factor authentication meltdown
https://www.zdnet.com/article/microsoft-details-the-causes-of-its-recent-multi-factor-authentication-meltdown/#ftag=RSSbaffb68
Red Hat buys hybrid-cloud, data-storage company NooBaa
https://www.zdnet.com/article/red-hat-buys-hybrid-cloud-data-storage-company-noobaa/#ftag=RSSbaffb68
Microsoft's multi-factor authentication service goes down for second week in a row
https://www.zdnet.com/article/microsofts-multi-factor-authentication-service-goes-down-for-second-week-in-a-row/#ftag=RSSbaffb68
HPE buys big data specialist BlueData
https://www.zdnet.com/article/hpe-buys-big-data-specialist-bluedata/#ftag=RSSbaffb68
Cloudflare goes InterPlanetary - Introducing Cloudflare’s IPFS Gateway
https://blog.cloudflare.com/distributed-web-gateway/#disqus_thread
Amazon Personalize, Forecast bring Amazon.com's AI techniques to AWS customers
https://www.zdnet.com/article/amazon-personalize-forecast-bring-amazon-coms-ai-techniques-to-aws-customers/#ftag=RSSbaffb68
AWS says so long developers and hello 'builders'
https://www.zdnet.com/article/aws-says-so-long-developers-and-hello-builders/#ftag=RSSbaffb68
AWS unveils Lake Formation for easy data lake building
https://www.zdnet.com/article/aws-unveils-lake-formation-for-easy-data-lake-building/#ftag=RSSbaffb68
G.政府
何謂資安即國安
http://talk.ltn.com.tw/article/paper/1249488
立法委員羅致政促反制中共網軍攻擊 盼國安局反守為攻
https://money.udn.com/money/story/7307/3502580
扯!他打臉國安局長 連這都不知道
https://bit.ly/2FJ04SV
國安局施政計畫報告 精進網安防禦應變 肆應駭客新型攻擊
https://bit.ly/2DY74tr
國安局長直言「假新聞」
https://www.chinatimes.com/newspapers/20181127000535-260102
綠營兵敗如山倒 國安局長:不影響台美關係
http://news.ltn.com.tw/news/politics/breakingnews/2625102
國安局:下任總統大選編5千萬購39輛警備車
https://www.cna.com.tw/news/aipl/201811260036.aspx
小英、綠營稱外力介入選舉? 國安局打臉:是人民對經濟民生表態
https://bit.ly/2KH6cKl
考驗賴清德?內閣改組聲響 這些部會首長都被點名下台
https://bit.ly/2FOTxGe
強化資安防護力 政府支援產業資安健診
https://n.yam.com/Article/20181127470043
108年度資安設備維護採購案
https://www.ccpb.gov.tw/news/?mode=data&id=9629&parent_id=10321&type_id=10323
107年資安職能換證評量開放報名
https://www.nccst.nat.gov.tw/NewInfoDetail?lang=zh&seq=1517
賴揆促中選會徹底檢討選務 研議公投電子投票
https://www.cna.com.tw/news/aipl/201811290137.aspx
電子投票涉及層面多 關鍵在社會信任度
https://bit.ly/2Rl8t08
網傳將花500億元改版新台幣 政院發言人:假訊息
https://bit.ly/2KFhEpT
金管會宣布 即日起超商可用信用卡繳交罰單
https://udn.com/news/story/7239/3509176
立委爆花460億元建構的國軍迅安系統 功能卻如MSN
https://bit.ly/2TYCzZe
H.工控系統/ICS/SCADA
Global Industrial Control System Security Market Extensive Research Report
https://on.mktw.net/2KJnTJd
Industrial Control Systems Market Analysis by Key Players, Growth, Size, Share, Trends, Forecast to 2024
https://www.marketwatch.com/press-release/industrial-control-systems-market-analysis-by-key-players-growth-size-share-trends-forecast-to-2024-2018-11-28
Securing The SCADA Networks And Infrastructure
https://www.expresscomputer.in/security/securing-the-scada-networks-and-infrastructure/30189/
We see ourselves as an ‘MSSP-first’ organisation, says Adi Dar, CEO of Cyberbit
https://www.crn.in/security/we-see-ourselves-as-an-mssp-first-organisation-says-adi-dar-ceo-of-cyberbit/
The Growing Importance Of Cybersecurity Skills
https://www.forbes.com/sites/adigaskell/2018/11/28/the-growing-importance-of-cyber-security-skills/#2baa06ea139d
Deliver Sensor Data Directly to SCADA and IOT Systems via OPC-UA and MQTT with Comtrol’s IO-Link Master
https://www.businesswire.com/news/home/20181127005078/en/Deliver-Sensor-Data-SCADA-IOT-Systems-OPC-UA
Manufacturing Cybersecurity Must Adapt to Emerging Technology and Threats
https://www.manufacturing.net/article/2018/11/manufacturing-cybersecurity-must-adapt-emerging-technology-and-threats
I.教育訓練類
從零學習安全測試,從XSS漏洞攻擊和防禦開始
https://testerhome.com/topics/16996
資安補帖─Day45─資安常識小題庫
https://ithelp.ithome.com.tw/articles/10210116
資安補帖─Day46─滲透測試─平行越權
https://ithelp.ithome.com.tw/articles/10210124
資安補帖─Day47─WAF
https://ithelp.ithome.com.tw/articles/10210136?sc=iThelpR
資安補帖─Day48─用XAMPP操作SQL了解SQLi-1
https://ithelp.ithome.com.tw/articles/10210153
資安補帖─Day49─推薦閱讀:PHP安全日曆(PHP SECURITY CALENDAR)
https://ithelp.ithome.com.tw/articles/10210165
資安補帖─Day50─淺談GDPR
https://ithelp.ithome.com.tw/articles/10210180?sc=rss.qu
愛駭客/巧用CSS3漸變色實現動畫/手記
https://bit.ly/2QoXyFK
WEB安全入門系列之文件上傳漏洞詳解
https://www.secpulse.com/archives/78800.html
程式範例 - 快速列出 Windows 執行中程式 CPU%、記憶體用量與執行身分
https://bit.ly/2r9uZ0z
Installation of “RHEL 8” Beta with Screenshots
https://bit.ly/2FQYPkD
HITCON-Training for Linux binary Exploitation
https://bit.ly/2E2Z3Dw
PySyft/examples/tutorials/
https://github.com/OpenMined/PySyft/tree/master/examples/tutorials
How to perform reverse engineering using IDA Pro
https://bit.ly/2RnGnS0
J.玄武安全推送
每日安全動態推送(11-26)
https://tw.weibo.com/xuanwulab/4310588156620178
每日安全動態推送(11-27)
https://tw.weibo.com/xuanwulab/4310955644687823
每日安全動態推送(11-28)
https://tw.weibo.com/xuanwulab/4311318703731854
每日安全動態推送(11-29)
https://tw.weibo.com/xuanwulab/4311679620347500
每日安全動態推送(11-30)
https://tw.weibo.com/xuanwulab/4312042091198200
K.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
強化資安,物聯網行業卡年底前完成核查整改
https://bit.ly/2ApTZ7R
物聯網設備需安全預警:2019年漏洞增長率將達28.6%
http://industry.people.com.cn/n1/2018/1128/c413883-30429283.html
可幫客戶減少45%成本!亞馬遜AWS推出首款自家設計的ARM晶片
https://bit.ly/2FLlTRR
360發布《IoT設備網絡安全報告》:IoT漏洞增長率高於整體14.7%
https://zhuanlan.zhihu.com/p/51056784
大舉投入車聯網研發前,台灣政府跟產業有信心「資安零危機」嗎
https://buzzorange.com/techorange/2018/11/29/internet-of-vehicle/
RASPBERRY PI SPECS AND BENCHMARKS: 3A+, 3B+, ZERO W
https://bit.ly/2TT7nKN
Benchmarking Amazon's ARM Graviton CPU With EC2's A1 Instances
https://bit.ly/2DOBBJn
Singapore ISPs ordered to block access to TV boxes preloaded with content apps
https://www.zdnet.com/article/singapore-isps-ordered-to-block-access-to-tv-boxes-preloaded-with-content-apps/#ftag=RSSbaffb68
Germany proposes router security guidelines
https://www.zdnet.com/article/germany-proposes-router-security-guidelines/#ftag=RSSbaffb68
IoT to drive growth in connected devices through 2022: Cisco
https://www.zdnet.com/article/iot-to-drive-growth-in-connected-devices-through-2022-cisco/#ftag=RSSbaffb68
Pattern Recognition and Machine Learning
https://bit.ly/2AwhFYr
A Survey on Data Collection for Machine Learning: a Big Data - AI Integration Perspective
https://arxiv.org/abs/1811.03402?fbclid=IwAR3j0jzB8dlYnWNscD8r2uvI6Ey9tR3Ve-4eErp9ifau2eT3UVMJbrygkKA
NYU, Facebook release massive MRI dataset as part of ongoing AI project
https://bit.ly/2ztzlEw
L.CTF
Meepwn CTF 2018
https://ctf.meepwn.team/
CODE BLUE CTF 2018
http://ctf.codeblue.jp/
RITSEC CTF 2018 WriteUp (Web) – Aj Dumanhug – Medium
https://medium.com/@ajdumanhug/ritsec-ctf-2018-writeup-web-72a0e5aa01ad
Teaser Dragon CTF 2018 Writeup by r3kapig
https://xz.aliyun.com/t/2831
4.近期資安活動及研討會
Python 應用教學課程-平行處理 1~3 11/30 ~ 12/14
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3750&from_course_list_url=homepage
【課程】Kubernetes(K8S)實戰班,容器編排管理絕佳工具,理論實作並重,有效打造企業級 DevOps 環境 12/1 12/2
https://bit.ly/2rAkB2q
ABAQUS基礎訓練課程 12/4 ~ 12/6
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3709&from_course_list_url=homepage
EnCase EnCE 認證考試 Preparation 課程 12/5 ~ 12/7
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=44
TANet/TWAREN監控平台與即時流量異常偵測系統介紹 12/6
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3766&from_course_list_url=homepage
駭客入侵調查暨資安緊急應變實務 12/10 ~ 12/11
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=45
TANet/TWAREN監控平台與即時流量異常偵測系統介紹 12/11
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3767&from_course_list_url=homepage
網路封包分析 12/13
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3654&from_course_list_url=homepage
眺望2019 物聯網安全高峰論壇 12/13
https://www.2cm.com.tw/files/event/2018IoT_Security_Forum/index.html
台灣駭客年會 HITCON Pacific 2018 12/13 ~ 12/14
https://hitcon.kktix.cc/events/hitcon-pacific-2018
亥客書院 - 進階網頁滲透測試 12/15
https://hackercollege.nctu.edu.tw/?p=323
Python 應用教學課程-雲端服務 1~3 12/21 ~ 1/4
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3753&from_course_list_url=homepage
專業手機暨硬碟資料救援教育訓練課程 12/26 ~ 12/28
http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=46
系統日誌分析實務 12/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3653&from_course_list_url=homepage
亥客書院 - 高階網頁滲透測試 2019/1/5
https://hackercollege.nctu.edu.tw/?p=768
資策會2019/1/5開辦CompTIA Security+ 國際網路資安認證班
https://n.yam.com/Article/20181129286231
沒有留言:
張貼留言