資安新聞及事件週報 2018/12/10 ~ 2018/12/14

1.重大弱點漏洞

GitLab 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18648

虛擬修補:在漏洞遭受攻擊前加以修補
https://blog.trendmicro.com.tw/?p=57893

歡迎大家來抓漏!GitLab與HackerOne聯手推動漏洞獎勵計畫
https://www.ithome.com.tw/news/127643

Micro Focus NetIQ iManager 跨站腳本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17949

K42027747: F5 BIG-IP SNMP vulnerability CVE-2018-15328
https://support.f5.com/csp/article/K42027747

容器管理系統Kubernetes(K8S)存弱點,入侵者可擴權操作
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5065

Kubernetes首個重要安全漏洞研究&百度雲全量修復報告
https://zhuanlan.zhihu.com/p/52268484

攻擊者使用新的漏洞攻擊劫持家庭和企業路由器
http://safe.zol.com.cn/704/7047150.html

新版Novidade漏洞利用工具包目標瞄準家用和SOHO路由器
https://www.secrss.com/articles/7091

某單位 購票驗證漏洞,Purchase Bypass
https://zeroday.hitcon.org/vulnerability/ZD-2018-01761

修補43個安全漏洞Chrome 71屏蔽惡意廣告
http://www.safebase.cn/article-254357-1.html

Exiv2 緩衝區錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20096

IBM Operational Decision Manager 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1821

Apple 多個產品存在安全性弱點
https://www.us-cert.gov/ncas/current-activity/2018/12/05/Apple-Releases-Multiple-Security-Updates

Mozilla 已發布安全更新,以解決 Firefox 和 Firefox ESR 中的多個安全性弱點
https://www.us-cert.gov/ncas/current-activity/2018/12/11/Mozilla-Releases-Security-Updates-Firefox

Firefox 使用者注意!11 年未解 Bug 被用來強制登入
https://www.inside.com.tw/article/14955-malware-authors-exploit-old-firefox-bug-malicious-activity

Firefox 64 released with a Windows-like task manager
https://www.zdnet.com/article/firefox-64-released-with-a-windows-like-task-manager/#ftag=RSSbaffb68

「養」了 11 年!駭客濫用 Firefox「高齡」漏洞強制用戶輸入資訊
https://technews.tw/2018/12/11/malicious-sites-abuse-11-year-old-firefox-bug-that-mozilla-failed-to-fix/

微軟發布KB4471331安全補丁以修復Flash Player零日漏洞
https://support.microsoft.com/en-us/help/4471331/security-update-for-adobe-flash-player

微軟網站登入系統有漏洞,用戶點選惡意連結帳號就被綁架
https://www.ithome.com.tw/news/127630?fbclid=IwAR1iTqVWafEG7M4Q1mknCQgRPaCiH1g4bKlpiOioF1-eM4fX1V0kno417sg

微軟帳號登錄系統漏洞曝光:用戶Office帳號受影響
https://www.ithome.com/0/399/935.htm

Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack
https://bit.ly/2LbB0mw

微軟12月安全更新修補38個漏洞,近1/4為重大漏洞、兩個零時差漏洞
https://www.ithome.com.tw/news/127631

弱點通告:微軟發佈12月份安全性公告
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/6c54acc6-2ed2-e811-a980-000d3a33a34d

Windows 0day內核特權提升(CVE-2018-8611) 漏洞預警
https://guanjia.qq.com/news/n5/2453.html

New Windows 10 19H1 test build adds more Notepad features, other tweaks
https://www.zdnet.com/article/new-windows-10-19h1-test-build-adds-more-notepad-features-other-tweaks/#ftag=RSSbaffb68

微軟反應慢!谷歌發布新Win10系統漏洞
http://www.twoeggz.com/news/12546941.html

Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command
https://bit.ly/2SC2Lam

For the fourth month in a row, Microsoft patches Windows zero-day used in the wild
https://www.zdnet.com/article/for-the-fourth-month-in-a-row-microsoft-patches-windows-zero-day-used-in-the-wild/#ftag=RSSbaffb68

谷歌解決移動操作系統中50餘個安卓漏洞
http://www.elecfans.com/d/829005.html

Amazon FreeRTOS物聯網系統的13個漏洞細節已經全部公佈了
http://www.stmcu.org.cn/module/forum/thread-618648-1-1.html

警告!Linux用戶憑藉高UID值可逕執行systemctl系統命令
https://bit.ly/2zPCgr8

Baqai Medical University Pakistan Backup File Disclosure Vulnerability - CXSecurity.com
https://www.anquanke.com/vul/id/1428751

國產網絡攝像頭Foscam C1存在大量安全漏洞
http://m.anzhixun.com/news/201711/17090548.html?_d_id=c4cd06b9179fd0a8b009f2e144f3ca

喬安JA-Q1H Wi-Fi攝影機恐有停機之虞
https://bit.ly/2ElZmZF

Adobe reports mixed Q4 results, updates outlook to include Marketo
https://www.zdnet.com/article/adobe-reports-mixed-q4-results-updates-outlook-to-include-marketo/#ftag=RSSbaffb68

New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs
https://bit.ly/2EcZjiq

Adobe 已發布安全更新以解決 Acrobat 和 Reader 中的多個弱點
https://www.us-cert.gov/ncas/current-activity/2018/12/11/Adobe-Releases-Security-Updates

Adobe's Year-End Update Patches 87 Flaws in Acrobat Software
https://bit.ly/2zXhRAn

Adobe Flash Player 存在安全性弱點
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html

Adobe updates Sign with Government ID Authentication feature
https://www.zdnet.com/article/adobe-updates-sign-with-government-id-authentication-feature/#ftag=RSSbaffb68

PHP Auctions Script v1.0 xss Vulnerability - CXSecurity.com
https://cxsecurity.com/issue/WLB-2018120069

phpMyAdmin Releases Critical Software Update — Patch Your Sites Now
https://bit.ly/2C5AjIM

PoC for CVE-2018-15133 (Laravel unserialize vulnerability)
https://github.com/kozmic/laravel-poc-CVE-2018-15133?fbclid=IwAR3FvhlA3i0drs2bLxYsZLtk2mGEVi5_26ZY5vIGD2Ip8EdgxwC0fwRYkl4

Super Micro says external security audit found no evidence of backdoor chips
https://www.zdnet.com/article/super-micro-says-external-security-audit-found-no-evidence-of-backdoor-chips/#ftag=RSSbaffb68

Bug allowed full takeover of Samsung user accounts
https://www.zdnet.com/article/bug-allowed-full-takeover-of-samsung-user-accounts/#ftag=RSSbaffb68

WordPress plugs bug that led to Google indexing some user passwords
https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/#ftag=RSSbaffb68

2.銀行/金融/保險/證券/電子支付/行動支付/支付系統/虛擬貨幣/區塊鍊 新聞及資安

加密貨幣安全嗎?最新調查:至今年第三季度已有9.27億美元被竊
https://bit.ly/2LdT13E

監管下的悲歌,知名穩定幣「Basis」確認無法逃離美國證券法,正在關閉項目,將資金退還給投資人
https://bit.ly/2UHZqZl

DHS looking into tracking Monero and Zcash transactions
https://www.zdnet.com/article/dhs-looking-into-tracking-monero-and-zcash-transactions/#ftag=RSSbaffb68

Razer faces backlash after asking gamers to mine cryptocurrency for rewards
https://www.zdnet.com/article/razer-faces-backlash-after-asking-gamers-to-mine-cryptocurrency-for-rewards/#ftag=RSSbaffb68

2018台北區塊鏈產官學高峰會 將在12月17日強勢登場
https://news.cnyes.com/news/id/4252306

區塊鏈難以理解?社群在其中扮演著重要角色
http://news.knowing.asia/news/21344509-692b-42d3-959d-a417146212f6

超商買比特幣 未來要金管會公告的平台才准
https://bit.ly/2SI8HyF

壽險業攜手醫院推區塊鏈平台 加速理賠省流程
https://tw.finance.appledaily.com/realtime/20181213/1482772/

再添一家區塊鏈加速理賠 9家保險從班機延誤擴展到醫療險
https://travel.ettoday.net/article/1329297.htm

以太坊分叉的緣由:The DAO事件究竟從何而來
http://news.knowing.asia/news/d9e7b524-a9a8-41a3-9eb7-7d03b47905a0

The DAO攻擊事件之後,以太坊那場備受矚目的硬分叉
http://news.knowing.asia/news/7f1ef982-e5ce-4773-8666-8405b52dffc2

提高清關流程的效率!區塊鏈讓進口貨物流程更為方便
http://news.knowing.asia/news/6ec1d0d6-0de1-4de3-8d01-44c4850dfa37

Blockchain Use Case Failure: 43 Projects and Zero Impact
https://bit.ly/2rwnctP

Thailand Uses Blockchain-Supported Electronic Voting System in Primaries
https://bit.ly/2QszZfL

比特幣是區塊鏈的「父親」,但區塊鏈終於擺脫比特幣的陰影了
http://news.knowing.asia/news/dbcacb40-8555-4d47-b035-d0db08000c8f

科威特擬建國家加密貨幣支付系統,離CBDC全面落地還有多遠
http://news.knowing.asia/news/02ac437f-5a8c-43b6-baf2-341524046033

EOS智能合約常見漏洞實踐
https://bcsec.org/index/detail/tag/2/id/407

BUGX區塊鏈漏洞挖掘技巧分享
https://www.linksfin.com/article/214068

探討一下以太坊智能合約安全的漏洞(上)
http://www.bitmixc.com/technology/znhy/11637.html

探討一下以太坊智能合約安全的漏洞(下)
http://www.bitmixc.com/technology/znhy/11667.html

門羅幣假充值漏洞分析
https://bbs.jutuilian.com/thread-16836-1-1.html

香港匯豐銀行行動支付應用PayMe增認證程序加強保安
https://bit.ly/2zMXG8s

香港銀行公會要求環聯補救 措施須達銀行保安水平
https://bit.ly/2PqCObV

台灣金融支付龍頭,布局 AI 技術打造智慧金融
https://buzzorange.com/techorange/2018/12/07/provision-otc/

金控壽險業兼營信託有譜 最快明年修法通過
https://udn.com/news/story/11316/3533855

FinTech交易藏資安疑慮 防範業者擱淺政府的配套是
https://boba.ettoday.net/video/243/513/126415

拜訪客戶不算加班?法院支持勞檢裁罰
https://udn.com/news/story/7321/3526231

超商ATM版圖三分天下 中國信託機台數稱霸
https://bit.ly/2C0Fqd2

CFA考照看過來 明年FinTech入題
https://bit.ly/2UwFhWe

金融區塊鏈函證平台 明年初上線
https://www.chinatimes.com/newspapers/20181210000226-260205

六都選舉後 日本樂天要設台灣研發中心 合資純網銀
https://udn.com/news/story/7239/3525469?from=udn-ch1_breaknews-1-cate6-news

費鴻泰:腦袋壞了才投資純網銀
https://www.chinatimes.com/realtimenews/20181210002162-260410

純網銀至今無人申請 立委:公股行庫說腦袋壞才會投資
https://money.udn.com/money/story/5613/3528420

轉數快下周日作系統保養 實時服務暫停3粒鐘
https://hk.on.cc/hk/bkn/cnt/news/20181210/bkn-20181210170331700-1210_00822_001.html

俄羅斯擬立法規管外國電子支付平台 支付寶微信稱會守法
https://bit.ly/2Qx8pxZ

俄擬立法禁用未註冊外國支付系統
http://www.metroradio.com.hk/news/live.aspx?NewsId=20181211045051

俄擬加強外國電子支付服務監管支付寶、微信支付或受影響
http://www.dsb.cn/91478.html

行動支付太強勢 官方整頓商家拒收現金
https://bit.ly/2QPhcL5

沒有PayPal帳戶卻收到交易信 跨國第三方支付資安出現漏洞
https://www.ettoday.net/news/20181211/1328242.htm

耶倫重磅警告:金融體系存在巨大漏洞另一場金融危機或來襲
https://finance.ifeng.com/c/7iZKpRbq5vE?_zbs_baidu_news

葉倫:系統中有些巨大漏洞 恐爆發另一個金融危機
https://money.udn.com/money/story/5599/3533621

ANA 宣布 將PayPal加入線上訂票付款方式
https://money.udn.com/money/story/5617/3533150

LINE Pay 與 LINE Pay 一卡通大不同,功能差異及應用面一次看完
http://technews.tw/2018/12/13/line-pay-vs-line-pay-card-author-ling/

臺灣金融資安聯防剛起步,日本F-ISAC在臺分享近年實務經驗
https://www.ithome.com.tw/news/127674

日本PayPay電子支付 100億日圓消費回饋金短短10天內用罄
https://news.cnyes.com/news/id/4254755

強韌的恢復能力已成為資安攻防的重要心法
https://ithome.com.tw/news/127688

華為被控資安漏洞 國泰金總座:提出證據來
https://www.ettoday.net/news/20181214/1331018.htm

銀行學會:科技網絡安全人才現「大缺口」
https://bit.ly/2EmtHHz

銀行公會香港辦自律機制會議落幕 拍板兩大決議
https://www.cmoney.tw/notes/note-detail.aspx?nid=150988

逐筆交易制度 2020年上路
https://money.udn.com/money/story/5607/3536987

金融創新無法單打獨鬥,用「實證」讓科技人成為金融科技人
https://www.thenewslens.com/article/110152

UK government wants Supreme Court to reinstate retail ATM tax
https://www.atmmarketplace.com/news/uk-government-wants-supreme-court-to-reinstate-retail-atm-tax/

Credit Card System Hack Led to HIPAA Breach Report
https://www.bankinfosecurity.com/credit-card-system-hack-led-to-hipaa-breach-report-a-11830

徵才 - 金控、銀行釋萬人職缺 百萬高薪向年輕人招手
https://www.ettoday.net/news/20181209/1326434.htm

徵才 - 華南銀行招考255名
https://www.public.com.tw/news-20181208/1

Eastern European banks lose tens of millions of dollars in Hollywood-style hacks
https://www.zdnet.com/article/eastern-european-banks-lose-tens-of-millions-of-dollars-in-hollywood-style-hacks/?fbclid=IwAR2E3XKCa6Rk3ql0ih2OveI9ZaWzjitEc6beXD7RC5FssN88l3gtm4o2Mdg

European banks bleed millions from physical cyber attacks through devices like the Raspberry Pi
https://brica.de/alerts/alert/public/1239732/european-banks-bleed-millions-from-physical-cyber-attacks-through-devices-like-the-raspberry-pi/

Hackers ramp up attacks on mining rigs before Ethereum price crashes into the gutter
https://www.zdnet.com/article/hackers-ramp-up-attacks-on-mining-rigs-before-ethereum-price-crashes-into-the-gutter/#ftag=RSSbaffb68

Itaú and Standard Chartered launch LatAm's first blockchain-based loan platform
https://www.zdnet.com/article/itau-and-standard-chartered-launch-latams-first-blockchain-based-loan-platform/#ftag=RSSbaffb68

Indian Bank Fined for Not Meeting RBI Security Guidelines
https://www.bankinfosecurity.in/indian-bank-fined-for-meeting-rbi-security-guidelines-a-11835

Wholesale banks and asset management cyber multi-firm review findings
https://www.fca.org.uk/publications/multi-firm-reviews/wholesale-banks-asset-management-cyber-multi-firm-review-findings


3.資安事件新聞


A.病毒木馬 / 殭屍網路 / 勒索軟體

AutoIt 蠕蟲透過可移除磁碟,散播無檔案後門程式BLADABINDI/njRAT
https://blog.trendmicro.com.tw/?p=58182

專家詳解微信勒索病毒:毒性不高範圍可控無需恐慌
https://news.sina.com.tw/article/20181209/29176364.html

由2萬個WordPress網站組成的殭屍網路正在殘害手足
https://www.ithome.com.tw/news/127562?fbclid=IwAR1ylAZX9AgIrIVnbgT3mRcRS0COfKVAGhyoo4PebQcAA6MxSJ1Uo0zg6m4

升級版TrickBot將支持獲取信用卡儲蓄卡數據的功能
https://www.freebuf.com/articles/terminal/191558.html

手電筒等22款Android程式暗藏木馬,下載已破200萬
https://www.ithome.com.tw/news/127563?fbclid=IwAR111y39HSSPI_iNfBbGDN2UeWUgnKIPL1UMxWeogxuxMM6TQh-3F-S32Ng

全球遭惡意挖礦程式感染的Mikrotik路由器數量已激增到41.5萬台
https://www.ithome.com.tw/news/127576

新款macOS惡意程式OSX.LamePyre會把螢幕畫面傳給駭客
https://www.ithome.com.tw/news/127701

你的電腦安全嗎?現代人經常忽略「挖礦病毒、勒索病毒」以及「網購安全」,不裝防毒軟體真的能安然度過嗎
https://blog.trendmicro.com.tw/?p=57794

A new Mac malware combines a backdoor and a crypto-miner
https://securityaffairs.co/wordpress/78813/malware/mac-malware-backdoor-miner.html?fbclid=IwAR25F_dUDtCaClFPjTeSvdhXn06sVVSRvMgOsgPPgKzcbcqXcNFC5R4dRiA

Fileless malware surge, warns Malwarebytes report
https://bit.ly/2EpyIQ8

Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix
https://www.zdnet.com/article/malicious-sites-abuse-11-year-old-firefox-bug-that-mozilla-failed-to-fix/#ftag=RSSbaffb68

Those annoying sextortion scams are redirecting users to ransomware now
https://www.zdnet.com/article/those-annoying-sextortion-scams-are-redirecting-users-to-ransomware-now/#ftag=RSSbaffb68

DanaBot Banking Trojan Gets into Spam Business
https://www.internetnewsblog.com/danabot-banking-trojan-gets-into-spam-business/

DanaBot Banking Trojan Evolves Again – Steals Email Address From Victim’s Mailbox
https://gbhackers.com/danabot-banking-trojan/

Banking Trojan DanaBot Now Uses Signed Email Spam as Propagation Method
https://news.softpedia.com/news/banking-trojan-danabot-now-uses-signed-email-spam-as-propagation-method-524150.shtml

Cybercrime and malware, 2019 predictions
https://www.zdnet.com/pictures/cybercrime-and-malware-2019-predictions/#ftag=RSSbaffb68

Ships infected with ransomware, USB malware, worms
https://www.zdnet.com/article/ships-infected-with-ransomware-usb-malware-worms/#ftag=RSSbaffb68

Massive email based malware campaigns using possibly compromised Godaddy name servers
https://bit.ly/2QIvFbR

Shamoon malware destroys data at Italian oil and gas company
https://www.zdnet.com/article/shamoon-malware-destroys-data-at-italian-oil-and-gas-company/#ftag=RSSbaffb68


B.行動安全 / iPhone / Android / App

健身應用程式利用 Touch ID 騙財
https://bit.ly/2G68bZT

不肖app打著健康減重的名義,誘騙iPhone 用戶在TouchID掃指紋刷卡
https://blog.trendmicro.com.tw/?p=58143&preview=true#item4

Google Play出現假語音應用程式,竊取姓名電話住址等個資
https://blog.trendmicro.com.tw/?p=58133

華為公主事件引發手機資安疑慮 7招教你如何自保
https://www.ettoday.net/news/20181210/1327232.htm

華為僅1款手機認證 NCC建議別買
https://tw.appledaily.com/headline/daily/20181210/38202072/

NCC資安初級認證?只有這 5 款通過
https://www.3cblog.idv.tw/2018/12/ncc-5.html?m=0

【獨家】華為效應揭資安漏洞 市售僅5支通過手機資安認證
https://www.ptt.cc/bbs/MobileComm/M.1544432518.A.F43.html

市售手機僅5款通過資安檢測 NCC採自願送測未強制
https://www.sogi.com.tw/articles/smartphone/6252069

小米新機登台也沒送資安檢測 小米台灣:有需要會送驗
https://tw.appledaily.com/new/realtime/20181213/1483261/

華為資安疑慮 小米:在台第一天就嚴守台灣法律
http://ec.ltn.com.tw/article/breakingnews/2641641

通訊軟體遭駭發褻瀆信 印度牧師險遭害
https://www.ct.org.tw/1334281#ixzz5ZKlh08hC

打贏專利戰 高通:蘋果7支iPhone在中國禁售
https://bit.ly/2QrdnMQ

網傳「42款中國app會竊個資」 印度要軍方禁用
http://news.ltn.com.tw/news/world/breakingnews/2641740

LINE傳故障災情 無法傳送照片下載檔案
https://bit.ly/2QuIjf1

LINE登入免密碼最快明年上路 結合生物辨識
https://bit.ly/2SKBumf

LINE登入免輸密碼 最快明年推出
https://bit.ly/2CduPeT

香港地區 Google Play 商店應用程式保安風險報告 (2018年 11 月)
https://www.hkcert.org/my_url/zh/blog/18113001

Many of 2018's most dangerous Android and iOS security flaws still threaten your mobile security
https://zd.net/2UF0sVZ

Should you leave your smartphone charger plugged in all the time
https://www.zdnet.com/article/should-you-leave-your-smartphone-charger-plugged-in-all-the-time/#ftag=RSSbaffb68

Android adware tricks ad networks into thinking it's an iPhone to make more money
https://www.zdnet.com/article/android-adware-tricks-ad-networks-into-thinking-its-an-iphone-to-make-more-money/#ftag=RSSbaffb68

Mobile Apps: Privacy Issues in India
https://www.bankinfosecurity.asia/interviews/mobile-apps-privacy-issues-in-india-i-4191

Android malware steals money from PayPal accounts while users watch helpless
https://www.zdnet.com/article/android-malware-steals-money-from-paypal-accounts-while-users-watch-helpless/#ftag=RSSbaffb68


C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件

世上沒有量子電腦破解不了的密碼!美國科學家提出 2 個關鍵資安建議
https://buzzorange.com/techorange/2018/12/07/data-security-of-quantum-computer/

第三方調查結果,Supermicro:我們的伺服器沒有被植入間諜晶片
https://www.ithome.com.tw/news/127625?fbclid=IwAR0yaBrhdGRMdk_E86SUe0v0dyid9JkoIgiSmPUYnXAFEPslUe92N6YSxJM

2018台灣成長駭客年會 高手齊聚談AI
https://money.udn.com/money/story/10860/3528932

程式營隊扎基礎 人工智慧人才夯 中金院程式創課營隊課程 學生大展身手
https://n.yam.com/Article/20181214865737

五大雲端安全趨勢與提示 企業未來何應對安全挑戰
https://bit.ly/2EkWmwl

「在Google工作,又不屬於這裡」 Google約聘人員待遇曝光
https://dq.yam.com/post.php?id=10423

資安聯防告捷 今年來擋下 8億次駭客入侵
https://www.chinatimes.com/newspapers/20181212000286-260202

「進廚房就不要怕熱」 高抗壓...交出亮眼成績單
https://www.chinatimes.com/newspapers/20181212000285-260202

善用人工智慧,扭轉資安防護劣勢,現出一線希望曙光
https://www.ithome.com.tw/news/127673

電影演的都是真的!卡巴斯基警告小心來路不明的送貨員將惡意裝置連上公司內部網路
https://bit.ly/2PwlYsb

【2019年預測】Sophos:黑客將 Windows 工具變成攻擊工具
https://bit.ly/2PAnMk8

2018台灣駭客年會登場,聚焦人工智慧、網路威脅情報、區塊鏈安全等多項主題
https://www.ithome.com.tw/news/127648?fbclid=IwAR3hPJ5lvcTcsEYvzE1LMTS2rCuki8yhNeOE5iIOufWaIfnlweg2g9UwurI

被嚴重低估的人為失誤,已成資安危機
https://ithome.com.tw/voice/127516

好強!國中就破程式漏洞 現在高三的他再奪金手獎
https://shareba.com/module/news/299784897407394001.html

建立管理機制 企業資安防護首要
https://money.udn.com/money/story/5636/3529415

廿一世紀的保密防諜
https://udn.com/news/story/7338/3536268

當駭客抓安全漏洞有多好賺?年薪逾50萬元
https://bit.ly/2Gn2yqC

當駭客抓安全漏洞有多好賺?年薪逾1,500萬元
https://udn.com/news/story/6811/3534166

Root KSK已更新 啟動DNSSEC保障網站安全的重要
https://bit.ly/2PvWFqe

數位轉型資安意識抬頭 資安防護監管成企業優先要務
https://fnc.ebc.net.tw/FncNews/stock/62435

用破億資安設備與駭客對幹 企業資安攻防賽14日登場
http://ec.ltn.com.tw/article/breakingnews/2637057

SuperMicro:第三方調查結果,產品沒有任何惡意晶片
https://technews.tw/2018/12/13/supermicro-spy-chip/

挺台!四友邦為台灣參與面洽INTERPOL秘書長
http://news.ltn.com.tw/news/politics/breakingnews/2641163

嗆「全台開戰」TNT放行李 桃機啟動「紅色警戒」恐怖駭客落網
https://www.ettoday.net/news/20181211/1328319.htm

McAfee:大規模網路間諜行動已滲透全球24個國家的87個組織
https://ithome.com.tw/news/127654

中國2位史詩級黑客,一位把國旗插到美國,一位讓日本網站癱瘓
http://gogonews.cc/article/5845359.html

國內網路安全保險暫未普及
https://news.sina.com.tw/article/20181210/29177298.html

台灣資安不能等
https://bit.ly/2PwDqgj

駭客在黑市兜售全球逾30個國家的4萬個政府服務憑證
https://ithome.com.tw/news/127637

法國旅遊警示登錄網站遭駭 個資恐遭不當使用
https://wp.taronews.tw/2018/12/13/202486/

傳印度正考慮對中國網購平台實施「限購令」
https://hk.on.cc/hk/bkn/cnt/finance/20181213/bkn-20181213183147078-1213_00842_001.html

為加軍服務零售商遭「攻擊」Canex 373用家信用卡資料或外泄
http://www.mingpaocanada.com/Tor/htm/News/20181212/tdd1_r.htm

傳應美方要求 日政府將禁採購華為技術和中興通訊
https://udn.com/news/story/6809/3524062

日本舉國拒絕中國資安威脅!四大電信業者拒用華為產品
https://www.taiwannews.com.tw/ch/news/3594076

中国「重大な懸念」 日本のファーウェイ・ZTE排除
https://bit.ly/2zVdZQB

防情報外洩 傳日本也將禁用華為設備
http://globalnewstv.com.tw/201812/51504/

日本防機密情報洩漏及駭客攻擊 將禁止向華為、中興採購
http://www.bldaily.com/china/p-354661.html

華為擬砸20億美元 保證歐企不被駭
https://udn.com/news/story/12650/3528719

華為據報擬斥逾150億修補漏洞 回應英國政府網絡安全質疑
https://bit.ly/2BZo5kY

華為資安疑慮:天下哪有白吃的「中餐」
https://bit.ly/2QLUYtt

資安風險 日本政府要求民間14種產業勿用華為產品
https://bit.ly/2BjLcow

軟銀淘汰華為設備
https://money.udn.com/money/story/10511/3536300

日本SoftBank 現有華為製基地台將陸續汰除
https://fnc.ebc.net.tw/FncNews/else/63053

防止國家安全遭威脅  日本軟銀更換華為網路設備
http://globalnewstv.com.tw/201812/52216/

避免遭英國封殺 傳華為願配合解決資安風險
http://ec.ltn.com.tw/article/breakingnews/2635650

日本舉國拒絕中國資安威脅!四大電信業者拒用華為產品
https://www.taiwannews.com.tw/ch/news/3594076

擔心華為,卻對美國不設防
https://www.ettoday.net/news/20181210/1327018.htm

華為事件:霸權下,醜陋與邪惡互鬥
https://udn.com/news/story/7339/3534027

多國圍堵華為5G防竊密 專家:台灣得選邊站
http://www.ntdtv.com.tw/b5/20181211/video/235799.html

華為將痛失日本最大客戶?傳軟銀開始評估棄用設備衝擊
https://technews.tw/2018/12/12/softbank-evaluation-deprecation-of-huawei-equipment-loss/

中國「清網」 封殺網路打手 逾千大V帳號被禁
https://udn.com/news/story/7331/3526929

中國駭客活動增,鎖定美重要基礎建設
https://technews.tw/2018/12/12/chinas-hacking-against-u-s-on-the-rise/

中安控產品有後門!台廠資安優勢政府推認證
https://bit.ly/2SKoeOq

傳美國將檢控中國駭客活動
https://bit.ly/2C0Czkn

美制裁大炮 改轟陸駭客間諜
https://www.chinatimes.com/newspapers/20181214000608-260102

中國:歡迎美方到北京展開貿易談判
https://www.rti.org.tw/news/view/id/2005098

美中高科技冷戰啟動 灰犀牛政治經濟學的興起
https://bit.ly/2EtJbtV

中國曾遭控逮捕加拿大夫婦 報復間諜被捕
https://money.udn.com/money/story/5599/3534918

華盛頓郵報:美國將公佈中國駭客惡行惡狀
https://www.taiwannews.com.tw/ch/news/3594982

川普政府將起訴多名中國駭客! 控違反「不竊取企業商業機密」約定
https://www.ettoday.net/news/20181212/1329224.htm

美傳本週起訴中國駭客!控其竊取智財權、支援間諜活動
https://technews.tw/2018/12/10/rumors-that-usa-sued-chinese-hackers-this-week/

美國準備對與中國政府有關聯的駭客提出刑事指控
https://cn.wsj.com/articles/CT-BGH-20181210074904

傳美國將起訴中國駭客 控替北京駭入技術服務商
https://bit.ly/2RKLBYj

美官員警告 中國間諜活動具重大威脅
https://news.tvbs.com.tw/world/1046597

美國安高官曝北京間諜3部曲 FBI:中國是頭號威脅
https://newtalk.tw/news/view/2018-12-13/179902

中共網攻 為美經濟、國安頭號威脅
https://bit.ly/2LhyDi2

美情報官國會聽證:中共是最大間諜威脅
https://bit.ly/2zXNw4R

FBI:中國是美頭號安全威脅、不擇手段想成國際強權
https://bit.ly/2Qtjpwn

FBI官員國會作證發警告:中國經濟間諜危及國安
https://bit.ly/2QY1Mo5

美國安局被曝曾入侵華為數年 監控總部服務器
http://news.dwnews.com/china/big5/news/2018-12-11/60104415.html

川普獵殺中國 15家科技企業被列黑名單
https://newtalk.tw/news/view/2018-12-12/179617

美日年度「山櫻花」兵棋聯演 首納網路攻防
https://www.ydn.com.tw/News/316075?fbclid=IwAR20r83Lz_yts8Awhf4-hXZ0AAnWvrcnMmbz6L7Zu6BJFFqWCbJHfaohyxg

美南加州接獲炸彈威脅 至少13起
https://udn.com/news/story/6813/3537084

別上當!北美出現勒索比特幣的炸彈勒索信
https://www.ithome.com.tw/news/127693

紐約現可疑包裹!嫌要求比特幣付款「否則全面轟炸」 FBI急查炸彈信
https://www.ettoday.net/news/20181214/1330510.htm

加拿大情報頭子:駭客攻擊威脅更甚恐怖主義
https://www.taiwannews.com.tw/ch/news/3591802

形同一道資安後門  澳洲新法允許政府取得加密訊息
https://dq.yam.com/post.php?id=10421

澳洲通過法案 可強制要求科技公司 交出用戶加密資料
https://bit.ly/2L5kgNS

鍵盤資安顧問是你?川普律師被一個空格衝康
https://tw.appledaily.com/new/realtime/20181207/1479592/

都是空格惹的禍?川普資安顧問堅持推特帳號遭駭
https://www.saydigi.com/2018/12/trumps-cybersecurity-advisor-rudy-giuliani-thinks-his-twitter-was-hacked.html

新智能身份證 RFID 上手實測!安全性遠勝回鄉卡
https://bit.ly/2LbdK89

Over half of Brazil's population exposed in security incident
https://www.zdnet.com/article/over-half-of-brazils-population-exposed-in-security-incident/#ftag=RSSbaffb68

GOP Hacking Incident: What Happened
https://www.bankinfosecurity.com/interviews/gop-hacking-incident-what-happened-i-4188

Australia Passes Anti-Encryption Bill—Here's Everything You Need To Know
https://bit.ly/2Us3tsB

Australia Passes Encryption-Busting Law
https://www.bankinfosecurity.com/australia-passes-encryption-busting-law-a-11812

OpSec mistake brings down network of Dark Web money counterfeiter
https://www.zdnet.com/article/opsec-mistake-brings-down-network-of-dark-web-money-counterfeiter/#ftag=RSSbaffb68

Hackers use an 11-year-old flaw on Firefox to trick users
https://bit.ly/2Ec4Ju5

Half of the Tor Project's funding now comes from the private sector
https://www.zdnet.com/article/half-of-the-tor-projects-funding-now-comes-from-the-private-sector/#ftag=RSSbaffb68

What's in an IT pro's toolbox
https://www.zdnet.com/pictures/whats-in-an-it-pros-toolbox/#ftag=RSSbaffb68

Fighting Credential Stuffing Attacks
https://www.bankinfosecurity.com/interviews/fighting-credential-stuffing-attacks-i-4190

Kubernetes etcd data project joins CNCF
https://www.zdnet.com/article/kubernetes-etcd-data-project-joins-cncf/#ftag=RSSbaffb68

Canonical makes Kubernetes moves
https://www.zdnet.com/article/canonical-makes-kubernetes-moves/#ftag=RSSbaffb68

Report: Cloud companies are paying for a growing share of internet infrastructure
https://www.zdnet.com/article/report-cloud-companies-are-paying-for-a-growing-share-of-internet-infrastructure/#ftag=RSSbaffb68

2018's most high-profile cryptocurrency catastrophes and cyberattacks
https://www.zdnet.com/article/2018s-most-high-profile-cryptocurrency-catastrophes-ico-failures-and-cyberattacks/#ftag=RSSbaffb68

The rise of Kubernetes epitomizes the transition from big data to flexible data
https://www.zdnet.com/article/the-rise-of-kubernetes-epitomizes-the-move-from-big-data-to-flexible-data/#ftag=RSSbaffb68

Bitnami Kubernetes Production Runtime released
https://www.zdnet.com/article/bitnami-kubernetes-production-runtime-released/#ftag=RSSbaffb68

Criminals, Not State Actors, Target Russian Oil Company in 3-Year Cyber Attack
https://securityledger.com/2018/12/criminals-not-state-actors-target-russian-oil-company-in-3-year-cyber-attack/

BitDam to Protect City of Las Vegas from Email-based Cyber Attacks
http://virtual-strategy.com/2018/12/12/bitdam-to-protect-city-of-las-vegas-from-email-based-cyber-attacks/

China: smart watches distributed to PLA soldiers
https://bit.ly/2EorXx8

徵才 - 網銀國際公司徵求「遊戲程式與美術實習生」
http://stat.thu.edu.tw/ths/announcement/news/item/726-2018-12-07-00-57-44

徵才 - 風險管理部 資安官
https://bit.ly/2rz8qmk

徵才 - 網路資訊部委製系統工程師
https://www.rti.org.tw/index/content/id/8?fbclid=IwAR0c3g4CqR4LYI8fW7vAsMenQqSZkQ8sCEo04BqboHXuO_ZbjUWGh3HvXaI

徵才 - 【資安所】5G檢測工程師
https://www.104.com.tw/job/?jobno=6gh0u

[徵才] 資安分析工程師_約聘 (高雄)
https://www.ptt.cc/bbs/Tech_Job/M.1544580193.A.535.html

徵才 - LINE 資安團隊 HITCON 徵才!韓資深工程師來台現場解說
https://www.inside.com.tw/article/14979-LINE-Cyber-security

徵才 - 強攻區塊鏈 LINE首度在台招募資安人才
https://www.chinatimes.com/newspapers/20181214000342-260204

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷

「你肉腳」這個詐騙購物網站 , 台語發音令受害人好崩潰!一頁式詐騙廣告夾帶在 Yahoo 首頁熱門新聞中,請小心迴避
https://blog.trendmicro.com.tw/?p=58078

【LINE惡作劇】「鈕承澤醜聞私密照曝光了」專家:人性,是最大的安全漏洞,別亂點
https://blog.trendmicro.com.tw/?p=58172

又是配置錯誤惹的禍! 不當配置的Apache網頁伺服器讓1.2億筆巴西民眾個資全都露
https://www.ithome.com.tw/news/127671

台婦渾水摸魚攜偽鈔兌換真鈔 銀行職員眼利識破
https://hd.stheadline.com/news/realtime/chi/1383333/

指紋共享 當心隱私外洩
https://money.udn.com/money/story/10868/3524797

谷歌提前關閉Google+ 私隱保障存漏洞涉5250萬用戶
https://www2.hkej.com/instantnews/international/article/2012408

再度爆發資安漏洞 Goog+提早至明年4月關閉
https://www.cmoney.tw/notes/note-detail.aspx?nid=150457

萬豪客戶個資外洩 幕後黑手中國駭客
http://mobile.chinesedaily.com/plus/view.php?aid=330648

萬豪酒店被駭 美官員直指中方主導
https://www.chinatimes.com/newspapers/20181214000118-260309

Reports: China Suspected in Marriott Database Breach
https://www.bankinfosecurity.asia/reports-china-suspected-in-marriott-database-breach-a-11843

中美間諜戰波及飯店業!萬豪酒店5億房客個資遭駭,美國疑中國政府下令動手
https://www.storm.mg/article/705499

中國疑駭萬豪5億客戶個資 美方擬出手反制
https://udn.com/news/story/6813/3532614

駭客入侵萬豪疑為中國搜情資?北京當局駁斥
https://udn.com/news/story/7332/3524002

萬豪資料失泄 分析:或屬情報收集 未出現在暗網 反映沒轉售圖利
https://bit.ly/2Uu0DDv

美飯店客戶個資被駭 紐時:中方間諜活動
https://money.udn.com/money/story/5599/3534903

佩奧證實萬豪網路被攻擊是中國所為
https://www.voacantonese.com/a/pompeo-china-hacker-20181213/4698871.html

After Mega-Breach, Marriott May Pay for New Passports
https://www.bankinfosecurity.com/after-mega-breach-marriott-may-pay-for-new-passports-a-11826

FireFox Monitor – 免費線上檢測帳號風險,看看你的資料是否被外洩
https://bit.ly/2rtIA38

美國報稅季將臨 美國國稅局分享預防詐騙方法
http://www.epochtimes.com/b5/18/12/7/n10896513.htm

解除分期3騙術輪番轟  詐  醫師慘失百萬元
https://times.hinet.net/news/22132633

內蒙古警方破獲一起涉及資金流水近5億元的網路賭博案
https://news.sina.com.tw/article/20181208/29166490.html

今年上海查凍電信詐騙案2.4億 近兩月網購類詐騙最高
https://iview.sina.com.tw/post/17879622

本港網上情緣騙案急增逾2倍 警籲市民提防社交媒體詐騙
http://www.hkcd.com/content/2018-12/10/content_1113572.html

男勾結重機車行離職員工 獲利百萬 盜千筆個資 歐弟遭殃
https://tw.appledaily.com/headline/daily/20181211/38202891/

網購詐騙 避開6高風險賣場
https://bit.ly/2LbPkvp

醫網購遭詐騙上百萬 警揭6高風險賣場
https://taronews.tw/2018/12/09/197986/

網傳LINE有豆導醜聞私密照 律師:散佈觸犯刑法
https://www.nextmag.com.tw/realtimenews/news/455696

Bethesda爭議連環爆 用戶個資被看光 官方認栽「受害者聯絡中」
https://game.ettoday.net/article/1328649.htm

網購陷"下單故障"騙局 "雙12"小心中這三種詐騙圈套
https://news.sina.com.tw/article/20181212/29214260.html

中國大陸全國已建成32個省級反詐中心
https://news.sina.com.tw/article/20181213/29227016.html

歐洲臉書侵台吸金 慈濟志工誆「6千元變2400萬」
https://tw.news.appledaily.com/local/realtime/20181214/1480045/

直銷吸金不落地避刑責 個人推廣可罰500萬
https://tw.news.appledaily.com/local/realtime/20181214/1480062/

失業男網路找工作 誤當詐騙車手遭逮
https://tw.appledaily.com/new/realtime/20181214/1483664/

大學生網路兼職:交保證金后沒工作 發工資時被刪好友
https://news.sina.com.tw/article/20181213/29231550.html

Marriott to reimburse some guests for new passports after massive data breach
https://www.zdnet.com/article/marriott-to-reimburse-some-guests-for-new-passports-after-massive-data-breach/#ftag=RSSbaffb68

Google+ hit by second API bug impacting 52.5 million users
https://www.zdnet.com/article/google-hit-by-second-api-bug-impacting-52-5-million-users/#ftag=RSSbaffb68

Fresh Google+ Bug Exposed 52.2 Million Users' Data
https://www.bankinfosecurity.asia/fresh-google-bug-exposed-522-million-users-data-a-11831

Market volatility: Fake news spooks trading algorithms
https://www.zdnet.com/article/market-volatility-fake-news-spooks-trading-algorithms/#ftag=RSSbaffb68

GDPR: 8,000 Data Breach Reports Filed So Far in UK
https://www.bankinfosecurity.com/gdpr-8000-data-breach-reports-filed-so-far-in-uk-a-11828

US border agents aren't deleting travelers' data after device searches
https://www.zdnet.com/article/us-border-agents-arent-deleting-travelers-data-after-device-searches/#ftag=RSSbaffb68

Over 40,000 credentials for government portals found online
https://www.zdnet.com/article/over-40000-credentials-for-government-portals-found-online/#ftag=RSSbaffb68

Equifax Breach 'Entirely Preventable,' House Report Finds
https://www.bankinfosecurity.com/equifax-breach-entirely-preventable-house-report-finds-a-11832

'Grandparent scam' adopts low-tech payoff — mailed cash
https://www.atmmarketplace.com/news/grandparent-scam-adopts-low-tech-payoff-mailed-cash/


E.研究報告

虛擬修補:在漏洞遭受攻擊前加以修補
https://blog.trendmicro.com.tw/?p=57893

從DirectX到Windows內核——幾個CVE漏洞淺析
https://www.anquanke.com/post/id/167332

SNDBOX: AI-Powered Online Automated Malware Analysis Platform
https://bit.ly/2QhF5vg

CVE-2018-15982漏洞分析報告
https://bbs.pediy.com/thread-248272.htm

Ghostscript:基於漏洞CVE-2018-17961的-dSAFER沙盒逃逸技術
https://www.freebuf.com/vuls/190323.html

AFL漏洞挖掘技術漫談(一):用AFL開始你的第一次Fuzzing
https://paper.tuisec.win/detail/45e6d0a790d79da

如何挖掘RPC漏洞(Part 1)
https://www.anquanke.com/post/id/167427

什麼是CSRF漏洞
https://zhuanlan.zhihu.com/p/51860227

[其他安全] 漏洞信息獲取
https://bbs.ichunqiu.com/thread-48502-1-1.html

nodejs應用中的權限繞過漏洞—一個賞金漏洞的故事
https://xz.aliyun.com/t/3541

CVE-2018-1002105(k8s特權提升)原理與利用分析報告
https://paper.seebug.org/757/

D-Link DIR-850L路由器存在漏洞,可繞過加密
https://www.freebuf.com/vuls/190956.html

ThinPHP5.1代碼執行漏洞簡單分析
https://www.t00ls.net/articles-48931.html

ThinkPHP5 遠程代碼執行漏洞分析
https://paper.seebug.org/760/

威脅快報| ThinkPHP v5 新漏洞攻擊案例首曝光,阿里雲已可告警並攔截
https://www.chainnews.com/articles/640861693918.htm

ThinkPHP5遠程命令執行漏洞分析
https://paper.tuisec.win/detail/5959470bf69b799

CVE-2018-17612漏洞报告
http://www.4hou.com/vulnerable/15063.html

PbootCMS代碼審計全過程之三 - 漏洞測試 - SQL注入
https://xz.aliyun.com/t/3532

公鏈安全之比特幣首個遠程DoS漏洞詳解(CVE-2010-5137)
http://8btc.com/thread-260170-1-1.html

CVE-2017-4901 VMware虛擬機逃逸漏洞分析【Frida Windows實例】
https://bbs.pediy.com/thread-248384.htm

Python Web之瓶會話和格式化字符串漏洞
https://hk.saowen.com/a/5b30cbbd8c311a0e5d4790ebcbe109ee08310f0bd3cc79b0c2a8389408bd9b93

網絡安全漏洞挖掘的法律規制研究(上)
http://www.safebase.cn/article-254484-1.html

Saurik關閉Cydia Store功能,發現Cydia帳戶Paypal支付功能存在安全漏洞
https://mrmad.com.tw/saurik-disables-cydia-store

Deep Analysis of TrickBot New Module pwgrab
https://www.fortinet.com/blog/threat-research/deep-analysis-of-trickbot-new-module-pwgrab.html

#BugBounty — How I was able to bypass firewall to get RCE and then went from server shell to get root user account
https://bit.ly/2LbFIAV

How to break into Bob: 1.0.1 Machine- Writeup
https://www.peerlyst.com/posts/how-to-break-into-bob-1-0-1-machine-writeup-spirited-wolf

MEC v1.4.0 – Mass Exploit Console
https://bit.ly/2C7xhDM

F.商業

營收年增3倍,CloudMile擴大招募人才
https://www.chinatimes.com/realtimenews/20181207003287-260410

人工智慧非資安偵測萬靈丹,用對方法才能避開高誤判陷阱
https://www.ithome.com.tw/news/127690

容器資安工具Sysdig登上IBM雲端監控服務,支援Kubernetes環境監控
https://www.ithome.com.tw/news/127683

Graphen發表「AI 反洗錢解決方案」:用 AI 來幫助銀行防洗錢,預防高風險客戶犯罪
https://bit.ly/2UuBwjZ

黑客攻擊升級增用AI Fortinet預測3趨勢
https://bit.ly/2Uz2V4r

中華電信領先群雄 推出行動物聯網資安服務
https://bit.ly/2Ed7RGa

中華電信推行動物聯網資安服務
https://bit.ly/2C24Ffc

怕染毒 趨勢科技攜手中華電從機房防毒
https://tw.appledaily.com/new/realtime/20181211/1482125/

關貿網路董事長 許建隆帶領關貿 全方位轉骨
https://www.chinatimes.com/newspapers/20181212000283-260202

一零四資安接軌國際 系統、內控雙管齊下保障求職者個資
https://news.cnyes.com/news/id/4253715

Fortinet:企業組織將運用更多自動化技術來因應網路威脅
http://www.ctimes.com.tw/DispNews-tw.asp?O=HK2CB8YBTCGSAA00NV

中國砂輪攜力悅資訊 落實郵件無害化
https://bit.ly/2QzhWVh

Microsoft to stop supporting its Azure Container Service in January 2020
https://www.zdnet.com/article/microsoft-to-stop-supporting-its-azure-container-service-in-january-2020/#ftag=RSSbaffb68

WhiteSource Bolt for GitHub: Free Open Source Vulnerability Management App for Developers
https://bit.ly/2EdEIef

IBM, Nvidia pair up on AI-optimized converged storage system
https://www.zdnet.com/article/ibm-nvidia-pair-up-on-ai-optimized-converged-storage-system/#ftag=RSSbaffb68

New HoloLens to feature Snapdragon 850: Report
https://www.zdnet.com/article/new-hololens-to-feature-snapdragon-850-report/#ftag=RSSbaffb68

GoPro to shift camera production out of China
https://www.zdnet.com/article/gopro-to-shift-camera-production-out-of-china/#ftag=RSSbaffb68

Alas, poor Lotus/IBM Notes, we knew ye well
https://www.zdnet.com/article/alas-poor-lotusibm-notes-we-knew-ye-well/#ftag=RSSbaffb68

Salesforce adds JavaScript support to Lightning platform
https://www.zdnet.com/article/salesforce-adds-javascript-support-to-lightning-platform/#ftag=RSSbaffb68



G.政府

華為是國安漏洞?NCC:已禁業者用陸製設備
https://tw.news.appledaily.com/life/realtime/20181208/1480393

外媒:台灣大量使用華為產品 恐有國安漏洞
https://bit.ly/2RJ7ZRN

外媒指華為恐危害國安 NCC:早已禁用陸製設備
https://udn.com/news/story/6656/3525541

受中國威脅仍愛用華為 外媒憂成台灣「特洛伊木馬」
http://news.ltn.com.tw/news/politics/breakingnews/2636492

「華為:藏在台灣內的特洛伊木馬」?外媒警告了
https://www.chinatimes.com/realtimenews/20181208002732-260408

台立委關切政府機構是否全面禁用華為產品
https://www.voacantonese.com/a/taiwan-national-securityand-chinese-huawei/4697223.html

國銀資安產品禁用陸貨? 顧立雄:要找法源
https://www.chinatimes.com/newspapers/20181211000306-260205

政院辦研討會 盼強化國家關鍵基礎設施防護整備
https://www.chinatimes.com/realtimenews/20181207003134-260407

加速數位金融發展 金管會鬆綁法規
https://news.pts.org.tw/article/415472

假訊息成國安問題 總統多次籲國內外因應
https://www.rti.org.tw/news/view/id/2004503

顧立雄:Fintech一定要化繁為簡 才能達成普惠金融
https://www.ettoday.net/news/20181207/1325437.htm

開放網路手機認證開戶?顧立雄:關鍵在技術穩定不在法規
https://bit.ly/2BZZlcj

年改通知函大錯寄 國防部退輔會被列資安稽核重點單位
https://udn.com/news/story/10930/3526824

陸航飛官違反資安竟僅輕懲 遭批官官相護
https://tw.news.appledaily.com/politics/realtime/20181210/1480613/

航特部發布新聞稿「飛官資安違規 航特部依規定檢討議處」
https://www.ey.gov.tw/Page/F727E84105F1E83A/98d5a43a-0836-4b57-87a5-f515fd081b5a

航特部:依規定檢討議處資安違規事件
http://mna.gpwb.gov.tw/post.php?id=13&message=92117

陸軍航特飛官違反資安 遭記大過
https://www.chinatimes.com/realtimenews/20181210002764-260417

泛公股行庫董總座 立委要求不得用微信
https://money.udn.com/money/story/5613/3528379

華為資安風暴發酵 立委建議泛公股董總禁用WeChat
https://www.ettoday.net/news/20181210/1327114.htm

華為贊助新北耶誕城 國安會:透過商業行為影響
https://money.udn.com/money/story/7307/3532910

華為贊助新北耶誕城恐資安外洩?一張圖狠打臉蘇巧慧
https://www.chinatimes.com/realtimenews/20181210001012-260407

蘇巧慧指控新北市府接受華為贊助 葉元之舉例打臉
https://udn.com/news/story/6656/3529028

反中變反智的蘇巧慧們
https://www.chinatimes.com/newspapers/20181212000782-260109

新北連三年接受華為贊助 國安局警資通疑慮
https://bit.ly/2RPESMJ

蘇巧慧臨時取消記者會 葉元之批:烏龍立委
https://bit.ly/2L9sVyT

立委盼政府禁用華為 吳澤成:法令本來就可做
https://www.cna.com.tw/news/aipl/201812100136.aspx

華為贊助新北耶誕城 國安局:有掌握
https://www.cna.com.tw/news/firstnews/201812100032.aspx

華為連3年贊助新北耶誕城 立委憂資安外洩
https://shareba.com/module/news/299143765555887912.html

華為贊助耶誕城危及資安? 朱立倫嗆國安局
https://udn.com/news/story/7323/3529689

華為贊助新北活動疑有資安問題? 朱立倫反嗆:乾脆禁止在台販售快一點
http://www.hssszn.com/archives/48677

華為成國安漏洞?府:國安單位不用資安疑慮設備
https://udn.com/news/story/6656/3528826

各國研議禁用華為防資安外洩「耶誕城卻幫廣告」陳國君:新北接受贊助非首例
https://www.ettoday.net/news/20181209/1326567.htm

新北市府大樓赫見華為標誌 蘇巧慧:到底贊助多少錢
http://www.peoplenews.tw/news/597f8d73-1b25-4b1b-849d-d7edcf2c51fa

蘇巧慧炮轟華為 劍指2022新北市長
https://bit.ly/2SEupDQ

蘇不甘願?新北耶誕城贊助商也能政治鬥爭
https://bit.ly/2RO31TI

立委提政府禁用華為 工程會:採購法有防範
http://www.epochtimes.com/b5/18/12/10/n10901657.htm

打擊不實訊息 維護國安與資訊隱私
https://www.ydn.com.tw/News/316153

維護資安 國軍營區禁用華為等大陸品牌手機
https://shareba.com/module/news/299242050679855305.html

華為資安疑慮 外交部:採購通訊產品以台灣品牌優先
https://bit.ly/2RMtnpc

台政府採購涉機密、資安 經部:排除華為產品
http://www.epochtimes.com/b5/18/12/11/n10903464.htm

憂心華為危政府、銀行資安!綠委要求禁用
https://bit.ly/2LboLXf

智慧型手機系統內建軟體資通安全自主檢測規定 V1.0
https://bit.ly/2LdQYgc

智慧型手機系統內建軟體資通安全檢測技術規範
https://www.ncc.gov.tw/chinese/files/17030/566_37087_170303_2.pdf

公投電子連署建置完成 盼2020年大選上路
https://www.rti.org.tw/news/view/id/2004800

108年度國軍資安防護管理系統維護案
http://www.cisanet.org.tw/News/newsBusiness_more?id=3766

經濟部推動資安產業發展 培育關鍵基礎設施資安專業人才
http://www.twiota.org/eventDetails.aspx?id=72ab24c0-34ba-40a5-bb4b-975e8cf597fb

經部推資安產業發展 培育關鍵基礎設施專業人才
https://money.udn.com/money/story/10860/3533741

防護資安漏洞 經部培育779資安人才
https://www.economic-news.tw/2018/12/information-security.html

擔心資安漏洞發生 綠委:金融業禁用中國電腦設備
https://bit.ly/2GalmsX

台灣資安法明年施行 監察5G通訊早有準備
https://bit.ly/2LbOIpv

嘉義市政府前瞻基礎建設-強化政府基層機關資安防護及區域聯防計畫
https://it.chiayi.gov.tw/show_important.aspx?id=11

嚴打假訊息!行政院釋出7分鐘影片「我們有放假話害人的自由嗎?」
https://www.ettoday.net/news/20181212/1328165.htm

政院打假新聞專案出爐 第一波主打農產、食安等假訊息 社維法國安法暫不修
https://www.storm.mg/article/708066

科技大擂台高門檻惹議 2千萬通過華語托福程度就好
https://udn.com/news/story/7266/3533341

中科院表揚12家國防優良供應商
https://money.udn.com/money/story/10860/3533388

8大基礎設施 禁用中國產品
http://ec.ltn.com.tw/article/breakingnews/2640998

政府單位有什麼資通安全管理措施
https://nicst.ey.gov.tw/Page/16FFA138E66A0905/337d5566-e5b9-467b-9aea-920b6c721351

被抓洗錢防制缺失 金管會一口氣開罰5家金融業
https://www.ettoday.net/news/20181212/1329372.htm

NCC再處分緯來 黨政軍涉入不改善將撤照
https://tw.appledaily.com/new/realtime/20181212/1482653/

國安院共軍犯台評估報告曝光 提「破解美軍未到戰事已定」解方
https://tw.news.appledaily.com/politics/realtime/20181213/1483107/

政院修法管制假新聞惹議 國民黨團籲先開公聽會
https://tw.news.appledaily.com/politics/realtime/20181213/1483020/

拚資安、高齡化商品 保險局端牛肉
https://www.chinatimes.com/realtimenews/20181213004375-260410

縣府召開機關安全維護會報 提升資安管控措施
https://bit.ly/2ryYJEr

多國政府採購禁華為 顧立雄:國銀核心主機未用
https://www.cna.com.tw/news/firstnews/201812140229.aspx

回應陸「人臉辨識」設備風險 金管會示警
https://bit.ly/2CdFMxa

H.工控系統/ICS/SCADA

Six 2019 Predictions for Industrial Security Professionals
https://www.automation.com/automation-news/six-2019-predictions-for-industrial-security-professionals

Dragos Selected as SC Media 2019 SCADA Security Award Finalist
https://www.businesswire.com/news/home/20181213005601/en/Dragos-Selected-SC-Media-2019-SCADA-Security

SANS Heads to Scottsdale, Arizona for Cyber Security Training Event
https://www.prnewswire.com/news-releases/sans-heads-to-scottsdale-arizona-for-cyber-security-training-event-300763476.html

The Security Event 2019
https://securitynewsdesk.com/security-event-2019/


I.教育訓練類

SOC Analyst Cyber Security Intrusion Training from Scratch
https://tutsgalaxy.com/soc-analyst-cyber-security-intrusion-training-from-scratch/

J.玄武安全推送

每日安全動態推送(12-10)
https://tw.weibo.com/xuanwulab/4315668424343751

每日安全動態推送(12-11)
https://tw.weibo.com/xuanwulab/4316027376071973

每日安全動態推送(12-12)
https://tw.weibo.com/xuanwulab/4316395674137960

每日安全動態推送(12-13)
https://tw.weibo.com/xuanwulab/4316751673596387

每日安全動態推送(12-14)
https://tw.weibo.com/xuanwulab/4317114787179956


K.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機


星盾資安報告 物聯網設備 駭客主要攻擊目標
https://www.chinatimes.com/newspapers/20181210000236-260204

加州立法禁用「預設密碼」,IoT 產品全得強制改密碼
https://buzzorange.com/techorange/2018/12/12/california-iot-security-law/

掌握3,000億美元商機 物聯網醫療鏈接保險與政府
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=15&id=0000549413_vyl3fbj927sp6h264b3h5

物聯網資安標章首頒發 4認可實驗室正式上路
https://money.udn.com/money/story/5612/3532498

奇偶人臉攝影機 獲物聯網資安驗證合格標章
https://money.udn.com/money/story/5612/3533716

物聯網資安標章首發上路 影像監控系統成首要目標
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000549815_0UF9Z48H0E8UUQ63XZGW3

經濟部推動物聯網資安標章 將建構完整認證生態系統
https://bit.ly/2rBkKCE

防特網公司 揭露物聯網資安關鍵
https://www.chinatimes.com/newspapers/20181214000546-260210

JD.com, Intel set up IoT lab to explore 'smart retail' applications
https://www.zdnet.com/article/jd-com-intel-set-up-iot-lab-to-explore-smart-retail-applications/#ftag=RSSbaffb68

GE plans to launch independent industrial IoT company, unloads ServiceMax: Too little, too late
https://www.zdnet.com/article/ge-plans-to-launch-independent-industrial-iot-company-unloads-servicemax-too-little-too-late/#ftag=RSSbaffb68


L.CTF


CTF - 2019
http://tourismexpo.ge/

CTFtime.org / All about CTF (Capture The Flag)
https://ctftime.org/event/oldlist/upcoming

CTFtime.org / FireShell CTF 2019
https://ctftime.org/event/727

DEF CON CTF 2019 Quals - OOO — DEF CON CTF
https://www.oooverflow.io/dc-ctf-2019-quals/


4.近期資安活動及研討會

  ISDA 教育訓練 我的黑帽女友之WIFI入門   12/15
  https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=298

  亥客書院 - 進階網頁滲透測試  12/15
  https://hackercollege.nctu.edu.tw/?p=323

  【課程】IoT 雲端自動澆花系統實作,玩開發板、硬體組裝、雲端自動化系統建立、水位監控,一天學會 12/15
  https://www.techbang.com/posts/47625-the-course-motoduino-cloud-monitoring-and-automatic-watering-system-motoblockly

  一日學會區塊鏈與智能合約 2018/12/16 09:30(+0800)~18:30
  https://cyber-training.kktix.cc/events/404221c0-copy-1

  Python 應用教學課程-雲端服務 1~3 12/21 ~ 1/4
  https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3753&from_course_list_url=homepage

  直擊!高塔上的聖誕寶藏 - COBINHOOD 最狂聖誕同樂會  12/21
  https://www.meetup.com/COBINHOOD-Taipei-Meetup/events/256799481/

  物聯網應用發展策略與安全設計-1天,假日速成班  2018/12/22 09:30(+0800)~18:30
  https://cyber-training.kktix.cc/events/404221c0-copy-2

  【課程】AI 人工智慧實戰班,類神經網路 DNN、CNN、RNN 通通傳授,兩天時間專家帶你進入Deep Learning 的大門  12/22 ~  12/23
  https://www.techbang.com/posts/62515-course-ai-artificial-intelligence-practical-class-deep-learning-machine-learning-image-recognition

  入門UI設計!Adobe Xd 快速上手工作坊 (台北假日場) 12/23
  https://www.accupass.com/event/1811221341231138544404

  專業手機暨硬碟資料救援教育訓練課程 12/26 ~ 12/28
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=46

  Taipei 暗号通貨 (Cryptocurrency) Meetup  12/26
 https://bit.ly/2Ercv4p

  Taipei.py 十二月月會 (Monthly Meeting) 2018  12/27
  https://www.meetup.com/Taipei-py/events/256337705/

  系統日誌分析實務  12/27
  https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3653&from_course_list_url=homepage

  亥客書院 - 高階網頁滲透測試    2019/1/5
  https://hackercollege.nctu.edu.tw/?p=768

  資策會2019/1/5開辦CompTIA Security+ 國際網路資安認證班
  https://n.yam.com/Article/20181129286231

  2019 政府資安戰略論壇  2019/01/03 13:00(+0800)~16:30
  https://csa.kktix.cc/events/csa190103

  【課程】Arduino四軸飛行器開發實作,無人機硬體、無線遙控器、飛控軟體整合、飛行教學,一天學會 1/5
   https://bit.ly/2LdYJ5H
 
  ISDA 白帽入門讀書會 黑帽python入門  1/5
  https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=299

  【課程】用Google TensorFlow實作推薦系統,讓機器學習應用各種商務情境、提升商品曝光達到精準行銷 1/12
  https://bit.ly/2PysEaH



沒有留言:

張貼留言

資安事件新聞週報 2021/9/6 ~ 2021/9/10

  資安事件新聞週報 2021/9/6  ~  2021/9/10 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco 發布Enterprise NFV Infrastructure Software(NFVIS)軟體安全更新 https://us-cert.c...