資安新聞及事件週報 2018/12/17 ~ 2018/12/21



資安新聞及事件週報  2018/12/17  ~  2018/12/21

1.重大弱點漏洞


Bash 驚現年度最大安全漏洞
http://www.twoeggz.com/news/12570883.html

QEMU 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16872

VMware vRealize Operations 權限許可和訪問控制漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6978

慎防滑鼠鍵盤應用程式Logitech Options,暗開Windows後門
https://bit.ly/2EoPUok

羅技Options被曝注入攻擊漏洞,官方修復
http://www.sohu.com/a/282218580_114760

Logitech app security flaw allowed keystroke injection attacks
https://www.zdnet.com/article/logitech-app-security-flaw-allowed-keystroke-injection-attacks/#ftag=RSSbaffb68

華碩與技嘉的驅動程式遭爆含有權限擴張漏洞
https://ithome.com.tw/news/127777

SECUREAUTH LABS 證實 ASUS、GIGABYTE 於應用程式中存在安全漏洞
https://news.xfastest.com/others/56219/secureauth-labs-asus-gigabyte-privilege-vulnerabilities/

D-Link DVA-5592 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17777

Adobe's Year-End Update Patches 87 Flaws in Acrobat Software
https://bit.ly/2Gy0Cf0

50天53個漏洞:Adobe Reader 模糊測試結果驚人
https://www.aqniu.com/news-views/41988.html

IBM Event Streams 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1833

Webroot BrightCloud SDK 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4015

Artifex Software Ghostscript 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19134

公開軟件漏洞 如向黑客教路
https://hk.news.appledaily.com/international/daily/article/20181216/20569793

電子設備芯片新的高危漏洞被發現 或造成重大後果
https://pttnews.cc/80a6243e38

libexif 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030

SQLite爆重大漏洞! 數百萬App和IoT裝置資料安全拉警報
https://www.ithome.com.tw/news/127707

SQLite “Magellan” RCE漏洞影響數十億個應用程序,包括所有基於Chromium的瀏覽器
https://www.linuxidc.com/Linux/2018-12/155888.htm

SQLite爆重大漏洞! 數百萬app和IoT裝置資料安全拉警報
https://bit.ly/2Bpxa4Y

SQLite被曝存在漏洞,所有Chromium 瀏覽器受影響
https://nearathon.com/tuijian/37317

SQLite漏洞將使數以百萬計的應用程序受到黑客攻擊
https://bbs.pediy.com/thread-248430.htm

SQLite bug impacts thousands of apps, including all Chromium-based browsers
https://www.zdnet.com/article/sqlite-bug-impacts-thousands-of-apps-including-all-chromium-based-browsers/#ftag=RSSbaffb68

Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers
https://thehackernews.com/2018/12/sqlite-vulnerability.html

Chromium系列瀏覽器 SQLite 數據庫引擎存在漏洞可被遠程攻擊
https://www.landiannews.com/archives/53875.html

Magellan: Remote Code Execution Vulnerability in SQLite Disclosed
https://www.tenable.com/blog/magellan-remote-code-execution-vulnerability-in-sqlite-disclosed

Google Chrome Serviceworker信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6099

Google Chrome DevTools代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6101

Google Go 路徑遍歷漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16874

Chrome 72釋出Beta版,增加公開類別域、使用者觸發查詢API
https://www.ithome.com.tw/news/127773?fbclid=IwAR2Msg_nJWjlx5MtZabri4CNK3Bmbrl1LcKBvBhWvlZt7qgdwz6ZMTGLoCo

Google working on blocking Back button hijacking in Chrome
https://www.zdnet.com/article/google-working-on-blocking-back-button-hijacking-in-chrome/

安全加倍!亞馬遜修復智能家居13處漏洞
https://kknews.cc/tech/g384pe9.html

Responsive FileManager 9.13.4 XSS / File Manipulation / Traversal - CXSecurity.com
https://cxsecurity.com/issue/WLB-2018120148

Realtek rtl81xx SDK遠程代碼執行漏洞(CVE-2014-8361)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361

Symantec™ IT Management Suite 8.5 powered by Altiris™ technology  實施自動漏洞補救
https://symc.ly/2rBaRVk

Windows 10 更新又出事,這次輪到音效驅動程式受影響
https://technews.tw/2018/12/16/windows-10-version-1809-cumulative-update-kb4471332-breaking-down-audio/

微軟IE零時差弱點通知(CVE-2018-8653)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653

微軟12月份月度安全漏洞預警
https://bbs.huaweicloud.com/forum/thread-13318-1-1.html

微軟 Internet Explorer 執行任意程式碼漏洞
https://kb.cert.org/vuls/id/573168/

微軟緊急修補IE的遠端攻擊漏洞,Google證實有駭客已用於目標式攻擊
https://www.ithome.com.tw/news/127787

微軟緊急修補JSsript引擎,抑制IE 0-day在野攻擊
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5070

微軟發布針對IE補丁:防止攻擊者利用漏洞破壞內存
https://iview.sina.com.tw/post/17985002

多款Apple產品NetworkExtension邏輯缺陷漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4369

ARM Trusted Firmware信息洩露漏洞
https://github.com/ARM-software/arm-trusted-firmware/pull/1127

Microsoft Windows rundll32.exe code execution
https://packetstormsecurity.com/files/150772

Microsoft Issues Emergency Patch For Under-Attack IE Zero Day
https://bit.ly/2CtiUtD

UltraISO 9.7.1.3519 Output FileName Denial Of Service - CXSecurity.com
https://www.anquanke.com/vul/id/1439678

phpMyAdmin 4.8.0~4.8.3 Transformation 任意文件包含/遠程代碼執行漏洞(需登錄/PMASA-2018-6/CVE-2018-19968)
https://bit.ly/2rCZoVh

【升級PHP7與強化網站防護成焦點】不論是否升級至新版環境,PHP 5網站都不能坐以待斃
https://bit.ly/2UMdBws

Bug fix #2 in Firefox Focus for iOS
https://bit.ly/2PDYAsJ

Thousands of Jenkins servers will let anonymous users become admins
https://www.zdnet.com/article/thousands-of-jenkins-servers-will-let-anonymous-users-become-admins/#ftag=RSSbaffb68

Insider awarded $10,000 bounty for reporting enterprise software piracy
https://www.zdnet.com/article/insider-awarded-10000-bounty-for-reporting-enterprise-software-piracy/#ftag=RSSbaffb68

Thousands of Jenkins servers will let anonymous users become admins
https://zd.net/2S8RAGp

Microsoft's new Windows 10 19H1 test build paves the way for new Sandbox feature
https://www.zdnet.com/article/microsofts-new-windows-10-19h1-test-build-paves-the-way-for-new-sandbox-feature/#ftag=RSSbaffb68

IRS Linux move delayed by lingering Oracle Solaris systems
https://www.zdnet.com/article/irs-linux-move-delayed-by-lingering-oracle-solaris-systems/#ftag=RSSbaffb68

哪裡可以找到SPECTRE和MELTDOWN安全漏洞更新
https://bit.ly/2SYq6Dl

2.銀行/金融/保險/證券/電子支付/行動支付/支付系統/虛擬貨幣/區塊鍊 新聞及資安
探討區塊鏈貨幣Bitcoin的技術與風險
https://bit.ly/2Eyda3R

「什麼是比特幣?」是2018年Google最常被問到的問題
https://bit.ly/2EvrdGC

EOSMax和BetDice遭受回滾交易漏洞攻擊,損失較大
http://www.01caijing.com/article/33042.htm

關貿(6183)攜多家銀行打造供應鏈金融生態區塊鏈,有望提升放貸比例
https://bit.ly/2GuwfWs

加密貨幣監管再升級 日本金融廳發布最新監管草案
https://bit.ly/2rKy3R7

2018 台北區塊鏈產官學高峰會,近百位海內外重量級人士與會
https://technews.tw/2018/12/19/2018-blockchain-summit/

開發 DApp 就是開發全世界,微軟區塊鏈開發大賽英、台、美團隊抱回國際大獎
https://buzzorange.com/techorange/2018/12/19/blockchain-competition-2/

LINE首度揭露LINK區塊鏈生態系將主攻4國市場,包括臺灣
https://www.ithome.com.tw/news/127775

〈區塊鏈大應用〉臉書招募區塊鏈開發人員 可望在未來推出加密貨幣
https://fnc.ebc.net.tw/FncNews/else/63380

當潮水退去,區塊鏈到底為我們帶來了什麼
http://news.knowing.asia/news/0bb8198d-bf18-4e5b-b6a1-a8c227b5c826

This Brazilian Bank Is Using Ethereum to Issue a Stablecoin
https://bit.ly/2S9PNRF

《區塊鏈智能合約安全審計白皮書(2018年)》發佈
https://www.finet.hk/Newscenter/news_content/5c1717f5bde0b347a45eecd1

CSPay接受加密貨幣充值 冀普及應用
https://www2.hkej.com/instantnews/hongkong/article/2018134

Fastwin遭黑客攻擊事件暴露新型漏洞, EOSIO官方已更新修復
http://www.bitecoin.com/online/2018/12/34033.html

Timothy C. May離開了,當年的「密碼龐克」孕育了如今的比特幣
http://news.knowing.asia/news/29f15235-1998-48ae-ae35-8618ae0cba4f

Blockchain, artificial intelligence top LinkedIn fastest-growing job categories
https://www.zdnet.com/article/artificial-intelligence-tops-linkedin-fastest-growing-job-categories/#ftag=RSSbaffb68

華為被控資安漏洞 國泰金總座:提出證據來
https://bit.ly/2zXbFIG

華為設備有資安漏洞?國泰金總座:要有證據不是用想像
https://bit.ly/2CdE5Qm

率先接軌國際!國泰世華自願遵循「聯合國責任銀行原則PRB」
https://www.chinatimes.com/realtimenews/20181214002777-260410

多國政府採購禁華為 顧立雄:國銀核心主機未用
https://www.cna.com.tw/news/firstnews/201812140229.aspx

金融機構清查中 顧立雄:國銀核心主機皆未採用
https://www.chinatimes.com/newspapers/20181215000225-260202

靠臉就能吃飯!支付寶推刷臉支付「蜻蜓」
https://cnews.com.tw/005181214a03/

資安、高齡化商品,納保險業安定基金計提標準
https://bit.ly/2GhaSI9

【金融業不能忽視的國家級駭客威脅】FireEye:APT 38組織發展針對SWIFT的攻擊軟體
https://ithome.com.tw/news/127650

利用「閃付」漏洞 匪徒隔空「偷錢」
http://paper.wenweipo.com/2018/12/16/YO1812160010.htm

匿名者組織針對銀行系統的OpIcarus 2018攻擊預警
https://www.easyaq.com/news/478715784.shtml

銀行惡意軟件攻擊巴西移動用戶
https://ek21.com/news/3/18527/

台灣金融研訓院董事長 吳中書放軟身段 建金融溝通平台
https://bit.ly/2A4bETp

金融業瘋考理財顧問證照 銀行業近千人最多
https://www.ettoday.net/news/20181214/1331305.htm

上海一犯罪團伙利用銀行APP漏洞非法獲利2800餘萬元
https://news.sina.com.tw/article/20181217/29287170.html

利用網銀APP漏洞非法獲利超2800萬6名嫌犯被刑拘
https://finance.sina.com.cn/money/bank/bank_hydt/2018-12-17/doc-ihqhqcir7592937.shtml

團伙利用網銀漏洞獲利數千萬女子一人佔三座睡覺被拘留
https://www.ximalaya.com/toutiao/12580759/145573021

網傳某銀行APP疑遭駭客入侵 部分用戶存款被歸零!還有網友稱:密碼錯誤也可以登陸
http://www.orgs.one/show/482603

防洗錢…銀行清理DBU帳戶
https://udn.com/news/story/7239/3542685

康和證券交易下單系統升級,因應逐筆交易新制
https://m.ctee.com.tw/livenews/aj/12172018101451639

CIMB Clicks用戶請註意!部分用戶銀行戶口遭盜用
https://bit.ly/2EtWb1V

line pay卡回饋要排除其他間電子支付了
https://www.ptt.cc/bbs/creditcard/M.1545067453.A.12C.html

西聯匯款攜手TerraPay將支付選擇擴大至數百萬行動錢包
http://www.businesswirechina.com/hk/news/39358.html

上海商銀黑客松競賽結果揭曉
https://www.chinatimes.com/newspapers/20181218000341-260210

景文科大財經高峰會暢談數位銀行與FinTech
https://n.yam.com/Article/20181217361128

京東數科與西聯匯款戰略合作 涉足跨境匯款
https://news.sina.com.tw/article/20181217/29285972.html

銀行斷直連提速,中國銀行20日關閉第三方支付合作通道
https://news.sina.com.tw/article/20181217/29288968.html

區塊鏈e-Check認證汽車保險 保單真假車主一掃便知
https://bit.ly/2UU9hve

用ATM漏洞撳$900萬 酒保變花花公子歎夠後自首
https://hk.news.appledaily.com/international/realtime/article/20181219/59042999

發票兌獎APP上路 領獎無紙化24hr兌獎
https://bit.ly/2UV5Oww

南韓 推動金融產業創新 將核准第三家純網銀
https://money.udn.com/money/story/5602/3547010

擁80萬用戶卻拒配合檢警調查 LINE Pay盜刷揪不出兇手
https://tw.news.appledaily.com/local/realtime/20181219/1485942/

LINE PAY盜刷拒絕給用戶資料 檢警抓不到兇手
https://news.tvbs.com.tw/local/1050410

信用卡莫名遭綁定 LINE Pay盜刷找嘸賊
https://tw.appledaily.com/headline/daily/20181220/38210411/

LINE PAY被盜刷 檢警調用戶資料遭拒
https://news.cts.com.tw/cts/life/201812/201812191946433.html

遭指安全性有問題 LINE 強調與其他平台綁卡方式相同
https://tw.news.appledaily.com/new/realtime/20181219/1486472/

防行動支付盜刷 銀行業:刷卡設定本人驗證
https://tw.appledaily.com/new/realtime/20181219/1486444/

台壽保產物保險股份有限公司受金管會裁罰案之說明處分案說明
https://bit.ly/2LpVCHT

俄羅斯擬立法禁止支付寶微信等為俄公民提供服務
http://shanghaibiz.sh-itc.net/article/dwtz/dwtzhwsc/201812/1463624_1.html

最多跑一次:納稅人可通過微信支付掃碼一鍵交納稅費
https://news.sina.com.tw/article/20181219/29318484.html

持卡人注意 金管會金檢發現有銀行超收違約金
https://udn.com/news/story/7239/3546590

金融業資安成本 兩年內恐激增
https://www.chinatimes.com/newspapers/20181221000344-260205

電子支付太夯 央行:現金有4大優勢有存在必要 
https://www.ettoday.net/news/20181220/1336404.htm

楊金龍挺現金支付 列四優勢
https://money.udn.com/money/story/5613/3549227

Mobile payment behaviors, biases examined in report
https://www.atmmarketplace.com/news/mobile-payment-behaviors-biases-examined-in-report/

2018 Health of Cash study: US consumers value payment choice
https://www.atmmarketplace.com/blogs/2018-health-of-cash-study-us-consumers-value-payment-choice/

徵才 - 金融業大獵才 明年逾萬人
https://udn.com/news/story/7239/3539680

徵才 - 一銀明年將徵才450人 起薪3萬6000元
https://tw.appledaily.com/new/realtime/20181215/1484173/

徵才 - 鐵飯碗來了!中華郵政明年再徵千人 起薪3萬1
https://tw.news.appledaily.com/life/realtime/20181217/1485000/

徵才 - 行動支付系統工程師
https://www.1111.com.tw/job/85006375/


3.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體

「驅動人生」利用高危漏洞傳播病毒 12月14日半天感染數萬台電腦
https://ek21.com/news/3/15435/

驅動人生回應傳播蠕蟲病毒:系舊版組件漏洞被黑客利用
https://www.landiannews.com/archives/53858.html

「驅動人生」升級現木馬病毒 半天感染數萬台電腦
https://news.sina.com.tw/article/20181215/29266818.html

「驅動人生」木馬病毒爆發 建議採取六種措施應對
https://news.sina.com.tw/article/20181216/29276414.html

新病毒爆發:利用「永恆之藍」傳播,2小時感染10萬台電腦挖礦
https://kknews.cc/tech/pkxxvke.html

新款macOS惡意程式OSX.LamePyre會把螢幕畫面傳給駭客
https://www.ithome.com.tw/news/127701

曾攻擊全球最大石油公司Shamoon/Disttrack 磁碟清除病毒,出現了新變種:你需要知道什麼
https://blog.trendmicro.com.tw/?p=58260

駭客利用 Twitter 發送 Meme迷因梗圖,藉圖像隱碼術( Steganography )躲避偵測
https://blog.trendmicro.com.tw/?p=58281

趨勢科技:推特帳號淪為駭客攻擊幫兇,發送meme圖片下令惡意程式發動攻擊
https://www.ithome.com.tw/news/127735?fbclid=IwAR1DQRXXO6Qze8W3TPjJm0-cTSVAonr2qbVDmIpC_MqokdTR-mj65VJ4Y_Y

AutoIt 蠕蟲透過可移除磁碟,散播無檔案後門程式BLADABINDI/njRAT
https://blog.trendmicro.com.tw/?p=58182

Brazilian mobile users hit with banking malware
https://brica.de/alerts/alert/public/1240466/brazilian-mobile-users-hit-with-banking-malware/

CYBER | Brazilian mobile users hit with banking malware (THU-13-DEC-2018)
https://localdemo.starfishbc.com/2018/12/13/brazilian-mobile-users-hit-with-banking-malware/

Stay on Top of Zero-Day Malware Attacks With Smart Mobile Threat Defense
https://securityintelligence.com/stay-on-top-of-zero-day-malware-attacks-with-smart-mobile-threat-defense/

Fancy Bear exploits Brexit to target government groups with Zebrocy Trojan
https://www.zdnet.com/article/fancy-bear-exploits-brexit-to-target-government-groups-with-zebrocy-trojan/#ftag=RSSbaffb68

Moldovian sentenced for stealing millions using Bugat banking malware
https://cyware.com/news/moldovian-sentenced-for-stealing-millions-using-bugat-banking-malware-54126a1e

New Shamoon Malware Variant Targets Italian Oil and Gas Company
https://bit.ly/2zXRZEH

New Shamoon Malware Variant Targets Italian Oil and Gas Company
https://thehackernews.com/2018/12/shamoon-malware-attack.html

Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/?utm_content=sf204617046&utm_source=twitter&utm_campaign=McAfee#sf204617046

Shamoon data-wiping malware believed to be the work of Iranian hackers
https://www.zdnet.com/article/shamoons-data-wiping-malware-believed-to-be-the-work-of-iranian-hackers/#ftag=RSSbaffb68

Kronos banking Trojan: How does the new variant compare
https://searchsecurity.techtarget.com/answer/Kronos-banking-Trojan-How-does-the-new-variant-compare

New Malware Takes Commands From Memes Posted On Twitter
https://bit.ly/2A57xXj

APT Sidewinder complicates theirs malwares
https://medium.com/@Sebdraven/apt-sidewinder-complicates-theirs-malwares-4e15683e7e26


B.行動安全 / iPhone / Android / App


iOS 破解達人 Adam Donenfeld
https://bit.ly/2GeqNXB

關於「資安漏洞回報獎金計劃」請直接至LINE官網申請
http://official-blog.line.me/tw/archives/78459057.html

人臉辨識真的安全嗎!? 3D列印頭像成功騙過Samsung S9,但iPhone X擋住了
https://www.ithome.com.tw/news/127714

手機的臉部辨識有多不安全?外媒用3D列印的臉部模型,成功騙過這 4款 Android 手機
https://bit.ly/2Ac7Pf9

Google 為 Keystore 加入新功能,提升 Android 裝置安全性
https://bit.ly/2rMoL75

悲報!iPhone越獄必裝的「Cydia」將在年底前關閉
https://www.cool3c.com/article/139828

Cydia 停止 Jailbreak App Store 購買機制
https://unwire.hk/2018/12/16/cydia-jailbreak-app-store-purchase-feature-shuts-down/software/cydia-app/

New Keystore features keep your slice of Android Pie a little safer
https://bit.ly/2Ekp9RM

Security Best Practices: Symmetric Encryption with AES in Java and Android
https://bit.ly/2QBaVTW

Cydia app store pulls plug on purchases for jailbroken iPhones
https://www.zdnet.com/article/cydia-app-store-pulls-plug-on-purchases-for-jailbroken-iphones/#ftag=RSSbaffb68

Google announces crackdown on Play Store ratings and reviews
https://www.zdnet.com/article/google-announces-crackdown-on-play-store-ratings-and-reviews/#ftag=RSSbaffb68

5G Networks: The New Security Challenges
https://www.bankinfosecurity.asia/interviews/5g-networks-new-security-challenges-i-4197


C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件

2019資安預測 趨勢科技提出3大警示
https://bit.ly/2GteMh5

三星官網介面出現CSRF,險成會員帳號劫持途徑
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5069

趨勢科技公布2019資安預測:資料外洩攻擊白熱化、網路釣魚攻擊件數明顯大增、工控系統威脅持續升高
https://blog.trendmicro.com.tw/?p=58307

及早防患於未然,國家資安防護範圍以ISP網路為前線
https://www.ithome.com.tw/news/127761

網絡黑客利用漏洞“截胡”商家服務費牟利2500餘萬元
http://m.xinhuanet.com/2018-12/18/c_1123870817.htm

為臺灣高等資安教育努力,持續強化暑期與跨校課程,與國際結合則成新手段
https://www.ithome.com.tw/news/127704?fbclid=IwAR1xevNReQo33wMpVYdvtKWlDct_vCa_yyOjoLU_cfNANi0XO5Kgs6Tqcfg

區塊鏈、資安 下一代數位科技
https://bit.ly/2rBOYVM

雙因素驗證並非100%安全,伊朗駭客成功繞過驗證機制入侵Gmail、Yahoo帳號
https://bit.ly/2SVO8ij

HITCON Defense競賽打造企業真實資安攻防環境
https://bit.ly/2UO3Uxv

讓用戶自然而然操作才是正道,GNOME資安團隊從軟體開發強化作業系統安全
https://www.ithome.com.tw/news/127703

強韌的恢復能力已成為資安攻防的重要心法
https://ithome.com.tw/news/127688

FIDO正式成為國際標準 加速政府部門與產業導入應用
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=45&id=0000550140_qzr0od9e5kivxcleq15rh

全球FIDO標準發展 落實於銀行服務、電信與消費電子
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=40&id=0000550146_nbo2than3ovc117hs2294

新「太空國防」當道 反情報靠大數據制
https://news.tvbs.com.tw/focus/1047629

多樣的社交工程手法網紅成駭客新目標,入侵掌握帳號或是當作散佈惡意連結的管道
https://bit.ly/2SdsoyK

兩年前被Twitter輕忽的臭蟲遭到駭客開採,洩漏用戶的國碼
https://www.ithome.com.tw/news/127771?fbclid=IwAR0lEDCxmLetZ0DAUnYsp_V5LBrOisxJ9RkbEBkMfE_eR6dNZVDEI3WJYVU

給特斯拉挑錯 黑客大賺
https://bit.ly/2A1diVY

資安黑天鵝亂竄 還能鴕鳥心態
https://udn.com/news/story/11321/3542660

BTS港騷 售票網站遭駭客入侵
https://bit.ly/2Sd0pyV

網軍皮卡丘?介入美國大選,Pokémon Go成為俄國煽動媒介
https://global.udn.com/global_vision/story/8662/3543071

俄國網軍壓境!連寶可夢也遭滲透? IG成美國社群網戰主場
https://www.ettoday.net/news/20181219/1334815.htm

以桌遊模擬國家當局資安攻防!捷克資安專家首度在臺舉行相關演練
https://ithome.com.tw/news/127782

「兩階段驗證」被破解了?伊朗駭客成功繞過
https://applealmond.com/posts/45708

地標遭冠「中華台北」 疑陸網軍所為
https://bit.ly/2Lq9LVJ

天網入侵?火鍋店有60台監視器 恐資安危機
https://bit.ly/2SZgybq

川普獵殺中國科技黑名單揭密,下一家公司會是誰
https://technews.tw/2018/12/15/trump-hunts-china-science-and-technology-blacklist/

捷克總理下令 政府機關禁用華為手機
https://bit.ly/2Btsjzx

華為事件影響 資安專家:沒有槍的戰爭已開打
http://www.epochtimes.com/b5/18/12/19/n10920380.htm

不受美國影響,傳印度將和華為合作測試5G
https://www.ithome.com.tw/news/127737

印度邀華為演示5G 當地業者反彈
https://www.chinatimes.com/newspapers/20181219000326-260203

印度政府籲禁用陸設備 華為命運一波三折
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=9&cat=305&id=0000550160_sey26zle5xpnpv1f3sp2y

華為:日本與法國並未真的禁止我們的設備、為資安將投20億美元
https://applealmond.com/posts/45751

捷克資安當局警告 華為和中興設備構成國安威脅
https://www.cna.com.tw/news/afe/201812180022.aspx

遭全球封殺 華為給丹麥的「求情信」曝光
https://www.secretchina.com/news/b5/2018/12/15/879199.html

自以為聰明的英國,放任華為替中國打開歐洲資安的後門
https://www.thenewslens.com/article/110111

華為的國家安全風險:西方和盟國聯合布防
https://www.bbc.com/zhongwen/trad/46595173

華為 Huawei 資安漏洞後門大開造成全球國安危機
https://www.vedfolnir.com/huawei-security-vulnerability-national-security-crisis-29834.html

遏制華為「五眼聯盟」早有共識
https://ec.ltn.com.tw/article/breakingnews/2645418

安全擔憂日益升溫 華為在歐洲面臨盟友「圍剿」
https://news.cnyes.com/news/id/4255320

美報告:軍方導彈系統安全防護不足,漏洞未補,未加密傳輸及多因素驗證
https://www.ithome.com.tw/news/127766

美海軍網絡多漏洞中國黑客收穫大
https://www.boxun.com/news/gb/finance/2018/12/201812152038.shtml

美國海軍竭力抵禦中國駭客
https://on.wsj.com/2A1308j

傳中國駭美國海軍承包商 竊取飛彈機密
https://money.udn.com/money/story/5599/3538457

中國駭美國海軍承包商 竊取飛彈機密
https://bit.ly/2BkrWY1

杜絕中共黑客攻擊美海軍全面檢查安全漏洞
https://ogate.org/show.aspx?name=c997704

美軍承包商疑遭中國駭客攻擊 飛彈關鍵技術外流
http://news.ltn.com.tw/news/world/breakingnews/2643276

「中」駭美海軍承包商 竊飛彈等機密
https://bit.ly/2zXQlCL

中國駭客盜走緊好多美國海軍機密,海軍方面仍在努力堵大窿
https://m.hkgolden.com/view.aspx?message=6996170&type=CA

中駭客竊取美軍飛彈資料
https://udn.com/news/story/6813/3538655?from=udn-ch1_breaknews-1-cate5-news

美海軍承包商傳遭中國黑客入侵 竊取導彈機密
https://bit.ly/2SR2MYm

飛彈關鍵技術外流!中國駭走美海軍機密 美軍清查資安漏洞
https://www.ettoday.net/news/20181215/1331847.htm

中國駭客 竊美海軍機密 包商淪攻擊目標 軍方急查資安漏洞
https://tw.appledaily.com/international/daily/20181216/38207082/

中網攻美軍包商 軍艦、飛彈機密遭駭
http://news.ltn.com.tw/news/focus/paper/1254389

美軍承包商疑遭中國駭客攻擊 飛彈關鍵技術外流
https://bit.ly/2LkpSDU

【中美角力】中國黑客被批入侵網絡 竊取美軍關鍵技術
https://bit.ly/2A52VjN

美媒:華黑客竊美導彈船艦機密
https://china.hket.com/article/2232626

杜絕中共黑客攻擊 美海軍全面檢查安全漏洞
http://www.epochtimes.com/b5/18/12/14/n10911447.htm

曾竊潛艇超音速反艦導彈方案 軍方指中國黑客屢入侵承包商
https://bit.ly/2GiQ3fx

Chinese hackers stepped up their cyber attacks against companies that are contractors for the U.S. Navy
https://24-my.info/chinese-hackers-stepped-up-their-cyber-attacks-against-companies-that-are-contractors-for-the-u-s-navy/

US ballistic missile systems have very poor cyber-security
https://www.zdnet.com/article/us-ballistic-missile-systems-have-very-poor-cyber-security/#ftag=RSSbaffb68

Audit finds cyber vulnerabilities in U.S. missile defense system
https://bit.ly/2CfASQ0

美批陸千人計畫 盜竊技術
https://www.chinatimes.com/newspapers/20181216000079-260309

中國海外「千人計劃」 被指滲透美研究機構
https://bit.ly/2ChwMaj

抵禦中國資安威脅 日政府編列預算開發反駭客程式
https://times.hinet.net/news/22149068

日本 NTT : 不建議使用華為的產品
https://bit.ly/2PDNYKs

主要機具供應商 日本安川:華為已凍結所有訂單
https://www.chinatimes.com/newspapers/20181215000224-260202

日本全國警戒駭客攻擊 演習參與者破歷史新高
https://www.taiwannews.com.tw/ch/news/3596658

華為遭遇全球抵制的原因
http://www.epochtimes.com/b5/18/12/19/n10919991.htm

華為胡厚崑:美國正在製造「華為產品不安全」的恐慌
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000550257_5ko3lvtr43cmy0898hkh6

資安疑慮 法國跟進排除華為5G
http://ec.ltn.com.tw/article/paper/1254167

捷克資安當局警告 華為和中興設備構成國安威脅
https://www.bannedbook.org/bnews/zh-tw/cbnews/20181218/1048880.html

黃背心恐有俄國網軍操作 法國安單位要查
https://newtalk.tw/news/view/2018-12-15/181038

法外交部網站遭駭 出境旅客資訊洩露
http://www.chinesetoday.com/big/article/1248192

法國旅遊警示登錄網站遭駭 個資恐遭不當使用
https://news.ebc.net.tw/News/world/143749

德國資安辦公室:部份德企可能受中國駭客攻擊
https://ec.ltn.com.tw/article/breakingnews/2646904

德國資安辦公室:部份德企可能受中共駭客攻擊
http://tw.aboluowang.com/2018/1220/1220453.html

傳中國駭客攻擊德國公司
https://www.chinatimes.com/realtimenews/20181219003340-260410

Chinese hackers tap into EU diplomatic communications network
https://www.zdnet.com/article/chinese-government-taps-into-eu-diplomatic-communications-network/#ftag=RSSbaffb68

中國駭客入侵歐盟通訊網路,竊取歐盟成員之間的外交電報
https://www.ithome.com.tw/news/127791

歐盟外交通訊遭駭 上千敏感電文曝光了
https://udn.com/news/story/6809/3548022

中國解放軍精銳駭客遭指多年網襲歐盟外交機密
https://www.bannedbook.org/bnews/zh-tw/cbnews/20181220/1049740.html

中國駭客疑入侵歐盟外交通訊 上千敏感電文曝光
https://bit.ly/2QEXcvB

歐盟電文遭駭 暴露對「雙普」心驚驚
https://udn.com/news/story/11314/3546978

美國資安公司:解放軍偷竊大量歐盟外交文件
https://www.taiwannews.com.tw/ch/news/3600921

陸解放軍無孔不入?歐盟遭駭、上千外交機密疑外洩
https://bit.ly/2R74YOd

美組聯合陣線 譴責並制裁中國駭客與間諜
https://money.udn.com/money/story/5599/3549169

美國務院與國土安全部聯合聲明 譴責中方資助駭客
https://bit.ly/2PWlzzw

中國黑客傳先入侵惠普IBM 再攻擊其客戶
https://bit.ly/2R91RW0

路透:中國駭客入侵惠與和IBM網路 再駭人客戶電腦
https://udn.com/news/story/6813/3549446

美起訴2名陸駭客 涉竊取商業機密
https://udn.com/news/story/6813/3549358

美宣布撤軍敘利亞 庫德族:IS將重新集結
https://bit.ly/2QNq7gP

隱私被看光?澳洲通過新法 允許政府取得加密訊息
https://cnews.com.tw/005181217a04/

萬豪酒店被駭 美官員直指中方主導
https://turnnewsapp.com/global/politics/69697.html

Did China Hack Marriott, Or Is This Fake News
https://www.bankinfosecurity.asia/interviews/did-china-hack-marriott-or-this-fake-news-i-4196

別上當!北美出現勒索比特幣的炸彈勒索信
https://bit.ly/2A2wtia

美加數十處接獲炸彈威脅 歹徒要求付比特幣付贖金
https://bit.ly/2BqII89

駭客廣發炸彈恐嚇電郵,在多國勒索比特幣
https://technews.tw/2018/12/14/bomb-threats-email-for-bitcoin/

駭客廣發炸彈恐嚇電郵,在多國勒索比特幣
https://technews.tw/2018/12/14/bomb-threats-email-for-bitcoin/

19州現炸彈電郵 促以比特幣付兩萬元
https://bit.ly/2BnnVSE

「兩階段驗證」被破解了?伊朗駭客成功繞過
https://applealmond.com/posts/45708

DOD doesn't keep track of duplicate or obsolete software
https://www.zdnet.com/article/dod-doesnt-keep-track-of-duplicate-or-obsolete-software/#ftag=RSSbaffb68

Fake Bomb Threat Emails Demanding Bitcoins Sparked Chaos Across US, Canada
https://bit.ly/2BqxAYF

'Bomb threat' scammers are now threatening to throw acid on victims
https://www.zdnet.com/article/bomb-threat-scammers-are-now-threatening-to-throw-acid-on-victims/#ftag=RSSbaffb68

美台商業會長警告:若使用華為 台美難合作
https://bit.ly/2GjRWZo

美台商業會長警告:若使用華為 台美難合作
http://news.ltn.com.tw/news/focus/paper/1254188

「兩岸2019」兵棋推演:美國打台灣牌 台灣須戒慎恐懼
https://www.chinatimes.com/realtimenews/20181219003402-260409

青松資訊:Anonymous捲土重來OpIcarus2018持續發威
https://www.aqniu.com/vendor/41932.html

STATE-LEVEL RESPONSES TO MASSIVE CYBER-ATTACKS: A POLICY TOOLBOX
https://www.clingendael.org/nl/node/9766

Symantec tracks down a new hacking group Seedworm aka Muddywater
https://www.cybersecurity-insiders.com/symantec-tracks-down-a-new-hacking-group-seedworm-aka-muddywater/

Intelligence Cyber attack, ieri a Roma conclusa l’esercitazione “Cyber Shield: facing the threat”
http://www.reportdifesa.it/cyber-attack-ieri-a-roma-conclusa-lesercitazione-cyber-shield-facing-the-threat/

North Korea Launches Cyber Attack On United States
https://paletiks.com/2018/12/14/north-korea-launches-cyber-attack-on-united-states/

Save the Children Foundation duped by hackers into paying out $1 million
https://www.zdnet.com/article/save-the-children-foundation-duped-by-hackers-into-paying-out-1-million/#ftag=RSSbaffb68

The U.S. Should Use Beijing’s Social Credit System against China
https://bit.ly/2PHyjtx

Macron tente d’acheter la paix sociale
https://bit.ly/2CcKURX

British Teenager gets 3 year sentence for DDoS and False Bomb Threats
https://bit.ly/2QT1G0P

Australia's encryption laws are 'highly unlikely' to dragoon employees in secret
https://www.zdnet.com/article/australias-encryption-laws-are-highly-unlikely-to-dragoon-employees-in-secret/#ftag=RSSbaffb68

5 technologies you'll get sick of hearing about in 2019
https://www.zdnet.com/article/5-technologies-youll-get-sick-of-hearing-about-in-2019/#ftag=RSSbaffb68

Bing recommends piracy tutorial when searching for Office 2019
https://www.zdnet.com/article/bing-recommends-piracy-tutorial-when-searching-for-office-2019/#ftag=RSSbaffb68

Trump, Google, United Nations are among 2018's worst password offenders
https://www.zdnet.com/article/trump-google-un-are-among-2018s-worst-password-offenders/#ftag=RSSbaffb68

Super Micro: Audit Didn't Find Chinese Spying Chip
https://www.bankinfosecurity.asia/super-micro-audit-didnt-find-chinese-spying-chip-a-11846

WSJ website defaced by PewDiePie fan in ongoing YouTube subscribers battle
https://www.zdnet.com/article/wsj-website-defaced-by-pewdiepie-fan-in-ongoing-youtube-subscribers-battle/#ftag=RSSbaffb68

PewDiePie printer hacker strikes again: subscribe and sort out your security
https://www.zdnet.com/article/pewdiepie-printer-hacker-strikes-again-subscribe-and-sort-out-your-security/#ftag=RSSbaffb68

Twitter discloses suspected state-sponsored attack
https://www.zdnet.com/article/twitter-discloses-suspected-state-sponsored-attack/#ftag=RSSbaffb68

New attack intercepts keystrokes via graphics libraries
https://www.zdnet.com/article/new-attack-intercepts-keystrokes-via-graphics-libraries/#ftag=RSSbaffb68

Hackers Intercepted EU Diplomatic Cables for 3 Years
https://www.bankinfosecurity.com/hackers-intercepted-eu-diplomatic-cables-for-3-years-a-11872

徵才 - 【顧問部】顧問師 (新興科技資安技術)-319C
https://m.1111.com.tw/job/85208987/

徵才 - RD20329_1 軟體工程師
https://www.104.com.tw/job/?jobno=6grwd&jobsource=freshman2009

徵才 - 急徵!資安工程師(駐場地點:台北市)
https://www.104.com.tw/job/?jobno=5u8ui&jobsource

徵才 - 資安工程師
https://www.104.com.tw/job/?jobno=6gquk&jobsource=joblist_a_date

徵才 - 資安工程師 (台中市潭子區、台南市永康區)
https://www.1111.com.tw/job/85138458/

徵才 - 網路資安工程師--台北
https://www.104.com.tw/job/?jobno=3ybgp&jobsource=joblist_b_date

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷

當78%的指紋辨識儀器都被欺騙時
https://www.eettaiwan.com/news/article/20181219NT61-antispoofing-schemes-for-fingerprint-recognition-systems

一頁式詐騙不只臉書!就算入口網站、Yahoo新聞也有陷阱
https://zi.media/@wwwmygopencom/post/C87us7

多樣的社交工程手法網紅成駭客新目標,入侵掌握帳號或是當作散佈惡意連結的管道
https://bit.ly/2Gxs24z

Facebook 的瀏覽記錄消除工具要到明年春季才會推出
https://chinese.engadget.com/2018/12/18/facebook-browsing-history-control-delayed/

Facebook再遭打擊!科技泰斗「莫博士」宣布即將銷號
https://news.cnyes.com/news/id/4256464

台人到韓國開偽卡工廠 盜刷3200萬韓元!返台被起訴
https://www.ettoday.net/news/20181217/1333047.htm

組偽卡集團赴首爾盜刷 3台嫌遭起訴
https://www.cna.com.tw/news/asoc/201812170246.aspx

墮假公安騙案 內地女大生被騙360萬
http://www.hkcna.hk/content/2018/1219/733941.shtml

注意了!偽造的Office 365無法傳遞通知成為駭客網釣新手法
https://www.ithome.com.tw/news/127724?fbclid=IwAR2MEpOQHArp7tX7YfLmH952_oMWJPmZ63BRdePKHdlfwL32_6yfaRJEtZo

信用卡假交易套利 涉款2億
http://orientaldaily.on.cc/cnt/china_world/20181216/00178_005.html

推特爆個資漏洞 異常流量疑來自中、沙贊助的駭客
http://news.ltn.com.tw/news/world/breakingnews/2645502

Twitter 個人資料外洩,疑似遭國家支持駭客入侵
http://technews.tw/2018/12/19/twitter-leaks-chinese-and-saudi-arabia-ip/

假檢察官騙了10多年仍管用 翁領光86萬老本警神速登門攔阻
https://www.ettoday.net/news/20181216/1332412.htm

數據庫沒加密毋須密碼 大陸軟件 Boomoji 洩露大量用戶資料
https://unwire.hk/2018/12/17/boomoji-databases-leaked/tech-secure/

確保遵守隱私法 愛爾蘭主管機關調查臉書
https://bit.ly/2SMZ5mr

「勞保局」未接快回撥?竟是詐騙新招
https://bit.ly/2UODvzS

哪些密碼最容易被破解、遭駭竊取?安全機構公布十大「最不安全」密碼最新排名
http://3c.ltn.com.tw/news/35350

2018十大「最不安全」密碼 「123456」五連冠
https://www.ettoday.net/news/20181217/1332803.htm

2018年密碼觀念最差者:五角大厦、Nutella榜上有名,Google意外拿下第八
https://www.ithome.com.tw/news/127712

設定密碼別偷懶 連5年奪冠的危險密碼是這個
https://tw.appledaily.com/new/realtime/20181216/1484740/

愛爾蘭查個資外洩案 Facebook將面臨16億美元罰款
https://www.ettoday.net/news/20181217/1332714.htm

保護用戶個資不力 華盛頓特區檢察總長控告臉書
https://tw.news.appledaily.com/international/realtime/20181220/1486627/

第三方軟件可隨意存取照片 Facebook Stories 漏洞影響 680 萬人
https://bit.ly/2Espy4D

臉書又爆資安漏洞 數百萬用戶「私密照片」遭曝光
https://bit.ly/2SN47iI

臉書資安漏洞爆不完!相片應用程式出包,680萬用戶私人照片外洩
https://www.storm.mg/article/714687

臉書證實發現新Bug! 680萬用戶「私人照」外洩
https://www.ettoday.net/news/20181215/1331474.htm

臉書再爆洩漏用戶私訊!150家企業窺個資
https://news.ftv.com.tw/news/detail/2018C20I05M1

注意!臉書資安又出包 高達680萬人隱私照片恐外流
https://www.setn.com/News.aspx?NewsID=470913

Facebook再發生數據洩漏 影響6800萬用戶
http://www.metroradio.com.hk/news/default.aspx?NewsId=20181215042751

Facebook defends giving tech giants access to extensive user data
https://www.zdnet.com/article/facebook-defends-giving-tech-giants-access-to-extensive-user-data/#ftag=RSSbaffb68

臉書9月竟曾出現大漏洞 680萬名用戶照片外流
https://www.taiwannews.com.tw/ch/news/3597376

Facebook新醜聞:微軟、亞馬遜等公司甚至可以讀取用戶私信
https://news.cnyes.com/news/id/4256854

Facebook 爆用戶私隱漏洞 合作夥伴 Netflix / Spotify 可共享兼刪除帳號訊息
https://bit.ly/2GJ0OYX

Uber個資外洩案 法國處40萬歐元罰款
https://money.udn.com/money/story/10511/3549062

E乳梓梓裸照外流遭疑自導自演 嘆「沒有這麼白痴」
https://tw.news.appledaily.com/new/realtime/20181214/1483533/

伊朗駭客假冒Gmail和Yahoo Mail遭駭通知信來發送釣魚郵件,專門鎖定記者、社運人士和官員
https://bit.ly/2EsC2KF

刷卡訂機票遭疑「違法盜刷」取消 乘客控樂桃:離譜
https://news.ebc.net.tw/News/Article/144002

趨勢科技:2019憑證資料外洩遭盜用詐騙事件將增加
https://udn.com/news/story/7239/3545890

美國太空總署員工資料遭不明存取,影響範圍與數量正在調查中
https://www.zdnet.com/article/nasa-discloses-data-breach/

Mayday! NASA Warns Employees of Personal Information Breach
https://bit.ly/2T3x6yN

NASA驚爆伺服器遭駭客入侵,過去12年員工個資恐遭外流
https://www.ithome.com.tw/news/127788

NASA discloses data breach
https://www.zdnet.com/article/nasa-discloses-data-breach/#ftag=RSSbaffb68

GDPR: EU Sees More Data Breach Reports, Privacy Complaints
https://www.bankinfosecurity.com/gdpr-eu-sees-more-data-breach-reports-privacy-complaints-a-11873

Seven from ten Americans worried about holiday shopping identity theft
https://www.zdnet.com/article/seven-from-ten-americans-worried-about-holiday-shopping-identity-theft/#ftag=RSSbaffb68

Brazilian IT firm Tivit suffers data leak
https://www.zdnet.com/article/brazilian-it-firm-tivit-suffers-data-leak/#ftag=RSSbaffb68

Technologies That Help in Breach Investigations
https://www.bankinfosecurity.asia/technologies-that-help-in-breach-investigations-a-11838

Gartner's Avivah Litan on Impact of Marriott Breach
https://www.bankinfosecurity.com/gartners-avivah-litan-on-impact-marriott-breach-a-11863

Hackers have earned $1.7 million so far from trading data stolen from US gov payment portals
https://www.zdnet.com/article/hackers-have-earned-1-7-million-from-trading-stolen-us-gov-payment-portal-data/#ftag=RSSbaffb68

Data Leak Exposes Psychologists' Home Addresses
https://www.bankinfosecurity.asia/data-leak-exposes-psychologists-home-addresses-a-11871


E.研究報告

OSX Github桌面版RCE漏洞分析
http://www.4hou.com/vulnerable/15004.html

Asuswrt-merlin 自定義 dnsmasq 解析
https://bit.ly/2GlI01q

分析Pwn2Own上的一個Adobe漏洞利用
https://xz.aliyun.com/t/3595

網站安全公司對於網站邏輯漏洞的修復方案分享
https://my.oschina.net/u/3887295/blog/2988660

phpMyAdmin LOAD DATA INFILE 任意文件讀取漏洞
https://www.v2ex.com/t/517722

ThinkPHP V5高危漏洞分析騰訊禦界高級威脅檢測系統可成功檢出
https://s.tencent.com/research/report/607.html

Python Web之瓶會話和格式化字符串漏洞
https://xz.aliyun.com/t/3569

基於Android組件的應用程序脆弱性分析
http://cdmd.cnki.com.cn/Article/CDMD-10013-1017291182.htm

CVE-2018-8611 Windows kernel事務管理器0 day漏洞分析
http://www.4hou.com/vulnerable/15203.html

UPnProxy:一種利用路由器UPnP漏洞的惡意代理系統
https://www.freebuf.com/articles/terminal/191013.html

挖洞經驗| 價值$7500的Google MyAccount服務端點擊劫持漏洞(Clickjacking)
https://www.freebuf.com/vuls/190709.html

使用本地DTD文件來利用XXE漏洞
https://www.anquanke.com/post/id/168012

python自動化測試人工智能
https://china-testing.github.io/practices.html

RF-14310(CVE-2018-12533)分析
https://paper.seebug.org/766/

S2-003 遠程代碼執行漏洞
https://blog.csdn.net/Fly_hps/article/details/84999857

S2-005 遠程代碼執行漏洞檢測與利用
https://blog.csdn.net/Fly_hps/article/details/85000125

S2-013 遠程代碼執行漏洞檢測與利用
https://blog.csdn.net/Fly_hps/article/details/85034215

S2-016遠程代碼執行漏洞檢測與利用
https://blog.csdn.net/Fly_hps/article/details/85035223

S2-045(CVE-2017-5638)分析
https://paper.seebug.org/767/

S2-057遠程代碼執行漏洞檢測與利用
https://blog.csdn.net/Fly_hps/article/details/85037056

Web安全漏洞分析-路徑遍歷漏洞
http://www.twoeggz.com/news/12604098.html

(Android Root)CVE-2017-7533 漏洞分析和復現
https://bbs.pediy.com/thread-248481.htm

《夢幻模擬戰》漏洞挖掘全過程
https://hk.saowen.com/a/fe09d93f538f926eb5408f746584d92ab05bc9ce4048ac7403669c01e9b20253

針對多個DirectX內核漏洞的分析
https://hk.saowen.com/a/b95196f5d1f9f16fc5d425746f6892cdf609f910bf1a4f40bb8d2e6e8d8b128d

挖洞經驗| Google服務端Referer信息洩露漏洞
https://www.freebuf.com/vuls/190605.html

驅動人生旗下應用分發惡意代碼事件分析- 一個供應鏈攻擊的案例
https://www.anquanke.com/post/id/168017

淺入淺出網站系統的信息安全
https://zhuanlan.zhihu.com/p/52518413

漏洞預警:DB2數據庫存在執行任意代碼漏洞
https://www.freebuf.com/company-information/192288.html

Web漏洞掃描器的設計與實現(一)
https://zhuanlan.zhihu.com/p/52851722

Thinkphp5 遠程代碼執行漏洞事件分析報告
https://paper.seebug.org/770/

對CVE-2018-8587(Microsoft Outlook)漏洞的深入分析
https://www.anquanke.com/post/id/168205

通過MS17_010來學習msf對滲透的利用
https://www.cnblogs.com/bmjoker/p/10151708.html

POC 2017 - Make LoadLibrary Great Again.pdf
https://github.com/f0rgetting/Presentations/blob/master/POC%202017%20-%20Make%20LoadLibrary%20Great%20Again.pdf?fbclid=IwAR2PfVE8F9h78qryPsMCRSDaEqDyJVl3mv18vy0N1_6Eyal6aeCkxwPgIW4

Ghost 2.8.0 release, modern online content professional release platform
https://meterpreter.org/ghost/?fbclid=IwAR35DWJ0Pp3ZvPOfU1hvCuhglGiT5miWsas12Myjpr_FUYegyr-rFRNJPdo

Microsoft Office has the dark mode on macOS Mojave
https://bit.ly/2Lgxzv2

Joomscan – Open Source Joomla Vulnerability Scanner
https://bit.ly/2RUsT0i

Vivaldi 2.2 release: improves accessibility, navigation and media experience
https://meterpreter.org/vivaldi-2-2/?fbclid=IwAR0b4nZEPayYxvaxyW_t37olVGj7m9tYGA_VtWizTMGg3FCQuqGYR7329XY

NoSQLMap – Open Source Audit and Attack NoSQL Databases
https://bit.ly/2UJpXpi

StalkPhish v0.9.5 releases: The Phishing kits stalker
https://securityonline.info/stalkphish-the-phishing-kits-stalker/

WhatWaf v0.11.11 releases: Detect & bypass web application firewalls and protection systems
https://securityonline.info/whatwaf/

HELK v0.1.6-alpha12132018 Releases: The Hunting ELK
https://securityonline.info/helk/

ThunderShell v2.0.2 Releases: Fully encrypted powershell RAT
https://securityonline.info/thundershell-encrypted-powershell-rat/

Laravel Collections Every Laravel Developers Goto Resource
https://laravelcollections.com/?fbclid=IwAR2rjmYvkDrrJEEOxerebbCmQNFwBH2T4L6-JmmhHDjjTys1Obp5lMQWb-E


F.商業

安碁導入AI資安防護 2019年可望雙位數成長
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000549889_qo49x8n17ve7d1lvay1oj

Fortinet 2019威脅態勢預測:網絡犯罪五大趨勢
https://www.secrss.com/articles/7078

Docker推新版Docker Hub,一次整併Docker商城、Docker Cloud服務
https://ithome.com.tw/news/127686

英特爾和TPG洽談以逾42億美元出售McAfee給私募股權Thoma Bravo
https://news.cnyes.com/news/id/4255273

日本Line強化資料防護 收購南韓網路安全公司
https://money.udn.com/money/story/5602/3539656

Fortify 源碼弱點檢測 助應用程式安全快速上線
https://marketing.ares.com.tw/dm/newsletter-2018-12-fortify/

資安整合服務平台的緣起與意義
https://bit.ly/2SQX3l9

Chrome 瀏覽器 未來將阻止網站竄改使用者瀏覽記錄,告別回不去的上一頁
https://www.kocpc.com.tw/archives/234388

中小型企業可負擔的企業級資安防護-FireEye
https://www.zerone.com.tw/Content/Product/CD62D2A1CD97EBFF

中華電信首推Android零接觸註冊機制
https://bit.ly/2Lvdx02

Microsoft officially announces 'Windows Sandbox' for running applications in isolation
https://www.zdnet.com/article/microsoft-officially-announces-windows-sandbox-for-running-applications-in-isolation/#ftag=RSSbaffb68

Microsoft's new Office app for Windows 10 is coming to all Office users for free
https://www.zdnet.com/article/microsofts-new-office-app-for-windows-10-is-coming-to-all-office-users-for-free/#ftag=RSSbaffb68


G.政府

台灣8大行業 明年禁用華為等大陸電信設備
http://www.epochtimes.com/b5/18/12/14/n10911159.htm

國安會宣布!明年起8大關鍵基礎建設禁用中國製產品
https://bit.ly/2QwOj76

1月1日起 台灣嚴禁「華為」進入八大敏感行業
https://www.secretchina.com/news/b5/2018/12/16/879316.html

網攻頻傳 國防院籲跨國資安聯防
http://news.ltn.com.tw/news/focus/paper/1254530

「共軍擬2020年侵台?」國防院報告出爐
https://www.secretchina.com/news/b5/2018/12/14/879141.html

國防院首發中共政軍報告 點出中共以「代理人」統戰台灣
https://bit.ly/2rB3e1g

NCC:已禁用中製核心網路設備
http://ec.ltn.com.tw/article/paper/1254166

全美警戒中國資安威脅 傳電信雙雄將拒用華為基地台
https://www.taiwannews.com.tw/ch/news/3597402

江雅綺:張善政的科技決勝論解決不了網路假新聞難題
https://www.upmedia.mg/news_info.php?SerialNo=54210

回應陸「人臉辨識」設備風險 金管會示警
https://bit.ly/2CdFMxa

金管會訂定商業銀行以全權委託方式辦理「銀行法」第74條之1所定有價證券投資者應符合之相關規定
https://bit.ly/2S43fX6

防範假訊息 行政院提修法最重可處無期徒刑
https://tw.appledaily.com/new/realtime/20181215/1484331/

顧立雄:不是新創就非得支持
https://bit.ly/2QABSHi

金管會下令:銀行雲端伺服器都要在台灣
https://bit.ly/2PJLY3u

政府應為雲端服務建立相關規範!雲端安全聯盟促使新加坡當局制訂COIR指南
https://www.ithome.com.tw/news/127772?fbclid=IwAR2wXziZH-w0sOI1zELhiVg9IBB42_iMhfvFPFQ8a5WeDMeouLPvPXNrC1Q


H.工控系統/ICS/SCADA
Siemens TIM 1531 IRC security bypass CVE-2018-13816
https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf

Three Things ICS Security Pros Can Do to Maximize Uptime
https://www.powermag.com/three-things-ics-security-pros-can-do-to-maximize-uptime/

ICS Security Risks For 2019 Revealed
https://www.sensorsmag.com/embedded/ics-security-risks-for-2019-revealed

Indegy Publishes Industrial Cyber Security Predictions for 2019
https://www.businesswire.com/news/home/20181218005097/en/Indegy-Publishes-Industrial-Cyber-Security-Predictions-2019

I.教育訓練類
一篇文章讓你理解SQL注入漏洞的原理
http://www.safebase.cn/article-254519-1.html

一篇文章讓你理解CSRF、點擊劫持和url跳轉的攻擊原理
http://www.safebase.cn/article-254502-1.html

網絡安全入門的16個基本問題
http://www.safebase.cn/article-254521-1.html

GRE一戰327 兩星期衝刺心得分享
https://bit.ly/2A05WSG

網路直播危機多 教育部推直播二三事懶人包
https://money.udn.com/money/story/7307/3547704

Building a Smart Card Transit Ticketing System with Redis and Raspberry Pi
https://bit.ly/2S1vLZi

Designing Multi-Threaded Applications Using Swift
https://bit.ly/2rBHmTn

Improving code testability with Swift protocols
https://bit.ly/2QyL3bl

What Is Microservices Architecture
https://medium.com/fintechexplained/what-is-microservices-architecture-1da41a94a29b

Turning Python Scripts into CLI Commands
https://bit.ly/2EAtxgH



J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機

防特網公司 揭露物聯網資安關鍵
https://readers.ctee.com.tw/cm/20181214/a43ac7/946642/share

安全漏洞 5G 網路將會對自動駕駛造成威脅
https://www.7car.tw/articles/read/54430

為對付跟蹤狂,Taylor Swift 演唱會使用臉部辨識技術
http://technews.tw/2018/12/14/taylor-swift-tracked-stalkers-with-facial-recognition-tech-at-her-concert/

全球物聯網大會TIOTA成立物聯網區塊鏈委員會
https://bit.ly/2S3DSoj

你以為是填 reCAPTCHA 驗證碼,其實在幫 Google 訓練 AI
https://technews.tw/2018/12/17/keying-recaptcha-working-for-google/

物聯網時代「資安防禦網」不可少!工控系統不灌防毒軟體怎麼防毒?就讓它來把關
https://www.damanwoo.com/node/92532

卡巴斯基:可連網的家用電動車充電器漏洞,可讓駭客隨意控制充電甚至引發火災
https://www.ithome.com.tw/news/127731

這廠商人臉辨識 失誤率僅0.3%
https://bit.ly/2QXrrND

艾拉物聯:台灣發展物聯網 要放眼全球商機
https://udn.com/news/story/7240/3546469

艾拉物聯聯合創始人張南雄 發展物聯網 放眼全球
https://money.udn.com/money/story/5648/3547046

智慧城鄉蘊含產業商機 下世代潛力股待孵育
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000550321_QZX208II3U4VKM08GDQH9

研華建立共創生態系統,描繪物聯網新世界
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000550200_jc112c8h1klhzhlmfmlng

趨勢科技的 2019 資安年度大預測:駭客攻擊由 IT 轉向 OT,人機界面是主要漏洞
https://buzzorange.com/techorange/2018/12/19/2019-trend-micro-security-predict/

趨勢科技結盟夥伴 攻物聯網資安商機
https://www.chinatimes.com/realtimenews/20181220002563-260410

陸車聯網市場料維持高成長,2025年規模估逾2千億RMB
https://bit.ly/2R7seLJ

智慧工廠浪潮下的六種潛在資安威脅
https://blog.trendmicro.com.tw/?p=58195

智慧製造衍生隱憂 資安防護須從晶片端導入
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000550433_2k15m5462vh1t34kr44z8

This Wearable Patch Detects Stress Hormone in Sweat
https://bit.ly/2UJV4AX

New machine learning algorithm breaks text CAPTCHAs easier than ever
https://www.zdnet.com/article/new-machine-learning-algorithm-breaks-text-captchas-easier-than-ever/#ftag=RSSbaffb68

K.CTF

CTF-Writeup/browser/PlaidCTF_2018_Roll-a-d8/
https://bit.ly/2GiGaP7

CTF-Writeup/browser/Blaze_CTF_2018_blazefox/
https://github.com/wwkenwong/CTF-Writeup/tree/master/browser/Blaze_CTF_2018_blazefox

CTF-Writeup/browser/Codegate_CTF_2017_Preliminary_jsworld/
https://github.com/wwkenwong/CTF-Writeup/tree/master/browser/Codegate_CTF_2017_Preliminary_jsworld

4.近期資安活動及研討會

  物聯網應用發展策略與安全設計-1天,假日速成班  2018/12/22 09:30(+0800)~18:30
  https://cyber-training.kktix.cc/events/404221c0-copy-2

  【課程】AI 人工智慧實戰班,類神經網路 DNN、CNN、RNN 通通傳授,兩天時間專家帶你進入Deep Learning 的大門  12/22 ~  12/23
  https://www.techbang.com/posts/62515-course-ai-artificial-intelligence-practical-class-deep-learning-machine-learning-image-recognition

  入門UI設計!Adobe Xd 快速上手工作坊 (台北假日場) 12/23
  https://www.accupass.com/event/1811221341231138544404

  專業手機暨硬碟資料救援教育訓練課程 12/26 ~ 12/28
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=46

  Taipei 暗号通貨 (Cryptocurrency) Meetup  12/26
 https://bit.ly/2Ercv4p

  Taipei.py 十二月月會 (Monthly Meeting) 2018  12/27
  https://www.meetup.com/Taipei-py/events/256337705/

  系統日誌分析實務  12/27
  https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3653&from_course_list_url=homepage

  亥客書院 - 高階網頁滲透測試    2019/1/5
  https://hackercollege.nctu.edu.tw/?p=768

  資策會2019/1/5開辦CompTIA Security+ 國際網路資安認證班
  https://n.yam.com/Article/20181129286231

  2019 政府資安戰略論壇  2019/01/03 13:00(+0800)~16:30
  https://csa.kktix.cc/events/csa190103

  【課程】Arduino四軸飛行器開發實作,無人機硬體、無線遙控器、飛控軟體整合、飛行教學,一天學會 1/5
   https://bit.ly/2LdYJ5H
 
  ISDA 白帽入門讀書會 黑帽python入門  1/5
  https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=299

  【課程】用Google TensorFlow實作推薦系統,讓機器學習應用各種商務情境、提升商品曝光達到精準行銷 1/12
  https://bit.ly/2PysEaH


沒有留言:

張貼留言

資安事件新聞週報 2021/9/6 ~ 2021/9/10

  資安事件新聞週報 2021/9/6  ~  2021/9/10 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco 發布Enterprise NFV Infrastructure Software(NFVIS)軟體安全更新 https://us-cert.c...