跳到主要內容

資安新聞及事件週報 2018/12/3 ~ 2018/12/7

1.重大弱點漏洞

WebEx Meetings漏洞沒補好,思科再補一次
https://ithome.com.tw/news/127328

Cisco Prime License Manager 存在安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181128-plm-sql-inject

IBM QRadar SIEM 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1730

2019 PHP5網站技術支援到期,恐將成為資安孤兒
https://bit.ly/2Udfh1S

高階腳本語言Perl測出多種overflow觸發情境
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5059

CVE-2018-8550widows提權漏洞預警及復現
https://www.bilibili.com/video/av37405552/

Oracle WebLogic Server存在未明漏洞  CVE-2018-3249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3249

CyberArk 9.7 - Memory Disclosure
https://old.exploit-db.com/exploits/45926/?rss

Chrome 71出爐,加強封鎖不良廣告、修補43個安全漏洞
https://www.ithome.com.tw/news/127492

儘速更新Zoom!避免駭客亂入視訊會議
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5061

libsixel 緩衝區錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19762

容器技術 Kubernetes 被回報首度重大漏洞,使用者要盡快升級修補
https://technews.tw/2018/12/05/kubernetes-first-major-security-hole-should-be-fix-as-soon-as-possible/

Kubernetes爆重大漏洞!不法人士可取得管理員權限,竊取機敏資料、癱瘓企業應用
https://www.ithome.com.tw/news/127431?fbclid=IwAR3tUTrf3UTSujDYy35tTDMDdA8pqih_BYi32VYULQtkJUpiF--X8wO11jI

Kubernetes現重大安全漏洞:唯一方法是升級
https://ek21.com/news/2/96445/

Kubernetes Alert: Security Flaw Could Enable Remote Hacking
https://www.bankinfosecurity.com/kubernetes-alert-security-flaw-could-enable-remote-hacking-a-11776

Netgear Devices - Unauthenticated Remote Command Execution (Metasploit)
https://old.exploit-db.com/exploits/45909/?rss

PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure
https://old.exploit-db.com/exploits/45929/?rss

Mac OS X - libxpc MITM Privilege Escalation (Metasploit)
https://old.exploit-db.com/exploits/45916/?rss

Researchers discover SplitSpectre, a new Spectre-like CPU attack
https://www.zdnet.com/article/researchers-discover-splitspectre-a-new-spectre-like-cpu-attack/#ftag=RSSbaffb68

Adobe releases out-of-band security update for newly discovered Flash zero-day
https://www.zdnet.com/article/adobe-releases-out-of-band-security-update-for-newly-discovered-flash-zero-day/#ftag=RSSbaffb68

New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs
https://bit.ly/2AUdBBi

Adobe Flash Player 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15982

360全球首家發現使用Adobe Flash 0day漏洞的國家級網絡攻擊行動
http://www.360.cn/n/10505.html

IBM Cloud Orchestrator信息洩露漏洞
https://www-01.ibm.com/support/docview.wss?uid=swg2C4000049

Emacs - movemail Privilege Escalation (Metasploit)
https://www.exploit-db.com/exploits/45953

HP Intelligent Management - Java Deserialization RCE (Metasploit)
https://www.exploit-db.com/exploits/45952

Wireshark - 'find_signature' Heap Out-of-Bounds Read
https://www.exploit-db.com/exploits/45951

Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption
https://www.exploit-db.com/exploits/45950



2.銀行/金融/保險/證券/電子支付/行動支付/支付系統/虛擬貨幣/區塊鍊 新聞及資安

21世紀金礦「比特幣」問世十年 近最糟熊市
https://news.tvbs.com.tw/focus/1037017

著名的比特幣盜竊與駭客侵入事
https://bit.ly/2BPF8FJ

中本聰神秘現身!他要告訴我們是堅持還是放棄
http://news.knowing.asia/news/d8fc0bd0-8568-4a30-b632-725bcf26b2ff

和區塊鏈打對台 歐洲央銀啟用泛歐即時支付結算系統
https://bit.ly/2zJpdYi

虛擬寶物貨幣化!Sony將在PS4上推首款區塊鏈遊戲
https://cnews.com.tw/005181128a02/

建構普惠金融的台灣P2P借貸平臺
https://bit.ly/2PfAWCW

開放銀行計畫 自願自律推動
https://udn.com/news/story/7239/3511865?from=udn-ch1_breaknews-1-cate6-news

民眾攢漏洞當局哭哭 「澳寶卡」虧損800萬美元
http://www.bldaily.com/international/p-349043.html

日本電商串接台新銀行身分認證API,讓台新用戶靠網銀帳號即可登入購物
https://www.ithome.com.tw/news/127376

FinTechSpace園區 進駐爆滿
https://www.chinatimes.com/newspapers/20181203000271-260205

今天起,銀行轉帳要小心了!這些行為將被盯上
https://ek21.com/news/2/85097/

美國ATM擺烏龍 客戶圖撳10美元變拎100美元 銀行:無須交還
https://bit.ly/2QA890k

跨國支付結算不用10秒!歐洲央銀啟用泛歐即時支付結算系統
https://ithome.com.tw/news/127419

合庫金旗下合庫銀完成首筆Web區塊鏈函證回覆,將推QR Code販賣機支付
https://bit.ly/2rlljAe

台灣先緊後鬆… 金管會力推電支、電票整合
https://bit.ly/2BPDrbo

打擊銀行詐騙 英電信公司將推出新系統
http://www.epochtimes.com/b5/18/12/4/n10890987.htm

英倫銀行發脫歐後預測報告遭批評 行長稱確保金融體系作準備
https://bit.ly/2zHbXmS

【PuHey!小學堂 | 普匯觀點 】大學生的小確幸-電子支付篇
https://bit.ly/2QDKLPC

This is how Docker containers can be exploited to mine for cryptocurrency
https://www.zdnet.com/article/this-is-how-docker-can-be-exploited-to-covertly-mine-for-cryptocurrency/#ftag=RSSbaffb68

Floyd Mayweather, DJ Khaled settle SEC charges over illegal endorsement of cryptocurrency ICOs
https://zd.net/2BPjKR2

Eastern European banks lose tens of millions of dollars in Hollywood-style hacks
https://www.zdnet.com/article/eastern-european-banks-lose-tens-of-millions-of-dollars-in-hollywood-style-hacks/#ftag=RSSbaffb68

Singapore Banks to Get Cybersecurity Grants
https://www.bankinfosecurity.asia/singapore-banks-to-get-cybersecurity-grants-a-11800

金控業者推聊天機器人 查卡費資訊還能繳費
https://bit.ly/2Pkz8IF

13家銀行「智能化」競賽:這家銀行竟然40%員工是科技人員
https://ek21.com/news/2/103555/

台北金融科技展  中信、永豐大秀新科技,臉提款、掌靜脈支付紛出籠
https://www.chinatimes.com/realtimenews/20181206004999-260410

「臺灣Pay」推動迄今1年 政院肯定成效
https://www.ydn.com.tw/News/315613

保險圈萌萌以1擋千萬 AI聊天機器人小新艾莉阿發小安接力上線
https://www.ettoday.net/news/20181207/1324871.htm

國內金融:保險業管理規則三項法規鬆綁,金管會估逾33萬名業務員受惠
https://bit.ly/2zO4ouL

二代健保自付額提高 醫護人員說這張保險最能減負擔
https://bit.ly/2UmxQk7

想要投入金融業? 網友點名這一家
https://n.yam.com/Article/20181206373511

悠遊卡跟進一卡通 申請兼營電子支付業務
https://money.udn.com/money/story/5613/3522657

徵才 - 合庫金徵才 新鮮人試用期滿35K 有經驗挑戰百萬年薪
https://money.udn.com/money/story/5613/3518237

徵才 -合庫銀招募金融好手 強化戰鬥力
https://bit.ly/2BTKG2i

徵才 - 合庫金旗下合庫銀二階段招募550人,新鮮人薪資福利上看70萬元
https://bit.ly/2QHpC74

徵才 - 華南銀行 107 年度新進人員甄試 簡章
https://bit.ly/2G5PAx7

3.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體

防毒日:隱藏的陷阱,認識勒索病毒與現今防毒軟體必備功能
https://www.soft4fun.net/tech/information-security/recognize-ransomware.htm

UPnP 漏洞再成黑客攻擊目標 十萬 Router 淪為殭屍網絡
https://3edition.com/news/4197

駭客入侵4.5萬台路由器,要為NSA攻擊工具開門,百萬PC和行動裝置恐成目標
https://www.ithome.com.tw/news/127384

Outlaw駭客集團散播殭屍網路來進行虛擬貨幣挖礦、網路掃描和暴力破解
https://blog.trendmicro.com.tw/?p=58093

美國政府指控伊朗籍駭客散佈勒索軟體SamSam,並揮刀斬斷駭客金流
https://www.ithome.com.tw/news/127453

傳勒索病毒受感染用戶 要用微信支付繳交贖金
https://bit.ly/2KUscBk

莫斯科纜車系統剛上線就染上勒索軟體
https://www.ithome.com.tw/news/127423

新品種勒索病毒肆虐 使用大陸支付軟體要小心
https://www.chinatimes.com/realtimenews/20181206005413-260409

中國新勒索病毒綁上「微信支付」 還竊支付寶等帳密
http://news.ltn.com.tw/news/world/breakingnews/2632507

中國出現勒索軟體首度要求受害者用微信支付繳贖金
https://ithome.com.tw/news/127504

防毒軟體與網路安全 › 首款要求 微信支付 勒索病毒現身,連帶竊取 QQ、支付寶等帳戶資訊
https://www.kocpc.com.tw/archives/232669

東莞網警偵破「12.05」特大新型勒索病毒案
https://news.sina.com.tw/article/20181207/29143920.html

New Malware Variant Is Delivered By Email
https://www.mediapost.com/publications/article/328746/new-malware-variant-is-delivered-by-email.html

U.S Charges Two Iranian Hackers for SamSam Ransomware Attacks
https://bit.ly/2PfKrlr

Moscow's new cable car system infected with ransomware two days after launch
https://www.zdnet.com/article/moscows-new-cable-car-system-infected-with-ransomware-two-days-after-launch/#ftag=RSSbaffb68

Samba Trojan becomes the bread and butter of fresh attack campaign
https://www.zdnet.com/article/samba-trojan-becomes-the-bread-and-butter-of-fresh-attack-campaign/#ftag=RSSbaffb68

McAfee Labs 2019 Threats Predictions Report
https://bit.ly/2zF8DsA

Over 20,000 PCs infected with new ransomware strain in China
https://www.zdnet.com/article/over-20000-pcs-infected-with-new-ransomware-strain-in-china/#ftag=RSSbaffb68

SNDBOX: AI-Powered Online Automated Malware Analysis Platform
https://bit.ly/2QjaWvB

New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs
https://bit.ly/2UdSsLk

A botnet of over 20,000 WordPress sites is attacking other WordPress sites
https://www.zdnet.com/article/a-botnet-of-over-20000-wordpress-sites-is-attacking-other-wordpress-sites/#ftag=RSSbaffb68

ESET discovers 21 new Linux malware families
https://www.zdnet.com/article/eset-discovers-21-new-linux-malware-families/#ftag=RSSbaffb68

Kaspersky Lab’s APT review of 2018: the most active groups, the top targets
https://www.brighttalk.com/webcast/15591/340768?utm_medium=smm&utm_source=tw_f_181203&utm_campaign=sp_leadgen

INTRO TO RADARE2 FOR MALWARE ANALYSIS
https://bit.ly/2PnURPW

B.行動安全 / iPhone / Android / App

Dunkin’Donuts App被駭 用戶快改密碼
https://udn.com/news/story/6813/3512514

逐字稿救星降臨!AI Labs 發表台灣專用語音 APP「雅婷逐字稿」
https://www.inside.com.tw/article/14916-taiwan-speech-input-AI-Labs

女玩FB外掛遊戲"OMG" 遭強制扣2580元
https://www.ttv.com.tw/news/view/107120300016001/575

如何移除Facebook「OMG」惡質自動扣款遊戲
https://bit.ly/2rgknNs

臉書遊戲OMG強制扣款如何自保?趨勢提5大重點加強防護
https://www.ettoday.net/news/20181203/1321699.htm

亂點臉書OMG程式中毒?趨勢科技提5大建議
https://www.chinatimes.com/realtimenews/20181203002364-260412

玩臉書測驗遊戲被盜刷信用卡 真的假的
https://ntpu.org/478

玩「OMG」被強制扣款非遊戲惹禍 誤點廣告是主因
https://www.ettoday.net/news/20181203/1321888.htm

臉書OMG測驗病毒烏龍,教你申訴 Google Play 問題交易與刪除臉書遊戲
https://www.soft4fun.net/tech/news/facebook-instant-game.htm

Google Play出現假語音應用程式,竊取姓名電話住址等個資
https://blog.trendmicro.com.tw/?p=58133

iOS 12.1越獄漏洞已經找到,蘋果修補後就會公開漏洞
https://mrmad.com.tw/jailbreak-ios121-release-fix-s0rrymybad

操縱App排名有方法,iOS開發者David Barnard公布玩弄App Store的十大手法呼籲官方要重視
https://www.ithome.com.tw/news/127398?fbclid=IwAR12XSuv84HCHlIh3KB_Sj9eh5NdH_JRuj2oqRQRa6CHP3MS7bEGK4TxlwM

Google發布第一份Android生態系統安全性報告
https://www.nccst.nat.gov.tw/NewsRSSDetail.aspx?lang=zh&RSSType=news&seq=16176

徐直軍:美拒華為 斷送5G王權
https://www.chinatimes.com/newspapers/20181201000292-260203

Two simple tricks to make your iPhone battery last all day
https://www.zdnet.com/article/two-simple-tricks-to-make-your-iphone-battery-last-all-day/#ftag=RSSbaffb68

Two iOS fitness apps tricked users into making TouchID payments
https://www.zdnet.com/article/two-ios-fitness-apps-tricked-users-into-making-touchid-payments/#ftag=RSSbaffb68

How to secure your iPhone from hackers, snoopers, and thieves (iOS 12.1)
https://www.zdnet.com/pictures/how-to-secure-your-iphone-from-hackers-snoopers-and-thieves-ios-12-1/#ftag=RSSbaffb68

The 5G mobile browser problem no-one is talking about
https://www.zdnet.com/article/the-5g-mobile-browser-problem-no-one-is-talking-about/#ftag=RSSbaffb68



C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件

駭客試圖用手機登入李鍾碩的IG!也讓他發文警告:「你是誰?請不要這樣子做!」
https://bit.ly/2SpDJLD

趨勢科技歷年來打擊網路犯罪成果
https://blog.trendmicro.com.tw/?p=57956

扯!眼鏡行LED看板播成人片 鄰居批:驚世駭俗
https://bit.ly/2rkAbyJ

MIT 竟然開了全套量子電腦課!從基本原理到進階應用實作,全部線上學
https://buzzorange.com/techorange/2018/12/05/mit-quantum-computing-course/

億元設備模擬企業網路環境,HITCON首度舉辦考驗企業資安防禦能力競賽
https://www.ithome.com.tw/news/127506

2018年不可思議14個駭客入侵手法懶人包
https://blog.trendmicro.com.tw/?p=57905

BeatStars音樂平台遭網頁置換攻擊,官方表示無資料外洩
https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=887

軟銀網路大當機超崩潰 日政府要求30天內說明
https://newtalk.tw/news/view/2018-12-07/177170

運動賽事威脅:2018 世界盃足球賽帶給我們什麼啟示
https://blog.trendmicro.com.tw/?p=58015

從中攔截:能源與水資源基礎架構漏洞
https://blog.trendmicro.com.tw/?p=57888

英國推網購認證新規定 要血拼先確認手機訊號
https://udn.com/news/story/6811/3513616

英國網絡付款將需核對收款人姓名
http://www.epochtimes.com/b5/18/11/30/n10883510.htm

剛罷工又「造反」,Google 員工再連署反對「蜻蜓計畫」
https://technews.tw/2018/11/28/we-are-google-employees-google-must-drop-dragonfly/

走出舒適區:漏洞越挖越少?還是SRC 太多白帽子不夠用
http://www.geekpark.net/news/235768

德國耳機業者誤將憑證置入軟體,陷用戶於安全風險
https://www.ithome.com.tw/news/127396

駭客入侵連鎖眼鏡行LED看板 眼鏡廣告全變無碼動作片
https://www.ettoday.net/news/20181204/1322526.htm

Quora遭駭客入侵!1億用戶個資裸奔 姓名、郵件全外洩
https://www.ettoday.net/news/20181204/1322396.htm

PS4出現一位駭客,專門把那些無視他的玩家永久斷開PSN連接
https://bit.ly/2BMMIB6

台灣天才駭客發現臉書付款漏洞 爽領一萬美金獎勵
https://bit.ly/2QyQMNC

顧及隱私問題,開始有企業希望藉由5G網路取代Wi-Fi
https://mashdigi.com/for-privacy-problem-audi-may-use-5g-to-replace-wifi-network/

美司法部指控2伊朗人 侵入電腦進行勒索
https://www.voacantonese.com/a/us-iran-hacking-20181130/4681137.html

韓媒:4個北韓駭客組織攻擊南韓機構和企業
https://money.udn.com/money/story/5599/3511233

揭開中共戰略支援部隊的神秘面紗
https://bit.ly/2E1cSl8

明鏡周刊:俄駭客對德政府發動網攻
https://bit.ly/2FVuqBE

澳著名智庫遭黑客襲擊 中共軍方或是黑手
http://www.epochtimes.com/b5/18/12/4/n10891020.htm

要科技公司交出加密資料 澳眾議院通過法案
https://money.udn.com/money/story/5599/3522056

澳智庫遭駭 凶手或是共軍
https://bit.ly/2PmCCdU

川普擬加強審查中國學生背景 避免駭客滲透
https://www.taiwannews.com.tw/ch/news/3586848

美共和黨眾議院全國委員會官員坦言,期中選舉遭駭,多名助理信箱受到監控
https://ithome.com.tw/news/127498

共和黨國會委員會遭駭客入侵 數千郵件洩露
http://big5.huaxia.com/xw/gjxw/2018/12/5963119.html

資安威脅 美軍機敏資訊改郵寄 作業亂
https://bit.ly/2zJXNRW

情報:川普上任後 中國「網攻」變本加厲
https://udn.com/news/story/6813/3510989

駭客攻擊全球 50,000 台印表機,只為了請網友搶救 YouTube 頻道訂閱第一的龍頭寶座
https://www.techbang.com/posts/63044-pewdiepie-printer-hack-t-series-youtube

全球打印機被入侵亂印嘢!  瘋狂Fans叫大家睇PewDiePie
https://www.winandmac.com/2018/12/printers-hacked-worldwide-for-subscribing-pewdiepie/

印表機攻擊再起?駭客入侵印表機推出廣告列印服務
https://www.ithome.com.tw/news/127458

Someone Hacked 50,000 Printers to Promote PewDiePie YouTube Channel
https://bit.ly/2zGGGAr

Twitter user hacks 50,000 printers to tell people to subscribe to PewDiePie
https://www.zdnet.com/article/twitter-user-hacks-50000-printers-to-tell-people-to-subscribe-to-pewdiepie/#ftag=RSSbaffb68

New online service will hack printers to spew out spam
https://www.zdnet.com/article/new-online-service-will-hack-printers-to-spew-out-spam/#ftag=RSSbaffb68

Czech Republic blames Russia for multiple government network hacks
https://www.zdnet.com/article/czech-republic-blames-russia-for-multiple-government-network-hacks/#ftag=RSSbaffb68

These are the worst hacks, cyberattacks, and data breaches of 2018
https://www.zdnet.com/pictures/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2018/#ftag=RSSbaffb68

The Profile of Modern-Day DDoS
https://www.bankinfosecurity.com/profile-modern-day-ddos-a-11749

Russian Hackers Are Using Brexit To Leverage Cyber Attacks
https://www.cybersecurityintelligence.com/blog/russian-hackers-are-using-brexit-to-leverage-cyber-attacks-3955.html

In the SBU said about the cyber attack from Russia
https://24-my.info/in-the-sbu-said-about-the-cyber-attack-from-russia/

Beware of Russia’s bilateral cyber world order
http://euromaidanpress.com/2018/12/04/russias-bilateral-cyber-world-order/

IMPORTANT WARNING: Cyber-attack against the Custody
http://www.custodia.org/default.asp?id=779&id_n=47774

Kaspersky Security Bulletin 2018. Top security stories
https://securelist.com/kaspersky-security-bulletin-2018-top-security-stories/89118/

Proactive Threat Hunting with A.I.
https://reaqta.com/2018/11/proactive-threat-hunting-ai/

NRCC officials hacked during 2018 election
https://www.zdnet.com/article/nrcc-officials-hacked-during-2018-election/#ftag=RSSbaffb68

14 Hot Sessions at Black Hat Europe 2018
https://www.bankinfosecurity.com/blogs/14-hot-sessions-at-black-hat-europe-2018-p-2691

The Role of Threat Intelligence in Cyber Resilience
https://www.bankinfosecurity.com/webinars/role-threat-intelligence-in-cyber-resilience-w-1843

Black Hat Europe: The Power of Attribution
https://www.bankinfosecurity.com/black-hat-europe-power-attribution-a-11802

Top Republican Email Accounts Compromised
https://www.bankinfosecurity.com/top-republican-email-accounts-compromised-a-11801

Industrial espionage fears arise over Chrome extension caught stealing browsing history
https://www.zdnet.com/article/industrial-espionage-fears-arise-over-chrome-extension-caught-stealing-browsing-history/#ftag=RSSbaffb68

徵才 - 資訊安全工程師
https://www.104.com.tw/job/?jobno=6g1kz&jobsource=freshman2009

徵才 - Cyber Threat Intelligence Analyst
https://www.linkedin.com/jobs/view/cyber-threat-intelligence-analyst-at-united-overseas-bank-limited-%28uob%29-1001043868/

徵才 - LINE資安團隊徵才 赴台灣駭客年會擺攤說明
https://bit.ly/2BSuBJU

徵才 - LINE資安團隊招臺灣人才 維護新資安技術
https://www.ydn.com.tw/News/315629



D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷

Uber消費者個資遭駭事件 遭英荷開罰117萬美元
https://money.udn.com/money/story/5599/3505811

全國打擊電信網路新型違法犯罪 三年破詐騙31.5萬起
https://news.sina.com.tw/article/20181130/29050608.html

假投資假網戀騙不膩 南港警1日擋兩詐騙保住3千萬
https://www.ettoday.net/news/20181202/1321131.htm

雲端流裸照…女星痛曝:被全世界輪姦
https://bit.ly/2QzApjK

E乳董梓甯 裸照瘋傳大翻盤 「是我本人」認外洩
https://tw.appledaily.com/entertainment/daily/20181201/38194175/

「妳收包裹時好正」宅配員盯哨70名女子 背下手機號碼再求約
https://www.ettoday.net/dalemon/post/40168

俄廣告詐騙集團橫行 美公司損失數千萬美元
https://www.rti.org.tw/news/view/id/2003632

藝人歐漢聲個資驚傳被盜 機車行千名會員外流盜刷集團
https://udn.com/news/story/7315/3518446

個人資料外泄事故頻生 公眾「人肉防火牆」自保
https://news.mingpao.com/ins/instantnews/web_tc/article/20181201/s00001/1543638262584

數據安全事件頻生 楊偉雄:開放政府數據會確保公共利益
https://news.mingpao.com/ins/instantnews/web_tc/article/20181201/s00001/1543631278064

資料外洩漏洞 環聯被促補鑊
http://www.hkcd.com/content/2018-11/30/content_1111994.html

私隱公署廢衙門
https://hk.on.cc/hk/bkn/cnt/commentary/20181201/bkn-20181201000418966-1201_00832_001.html

環聯停網上信貸資料查詢 與至少5機構合作 或共用資料 私隱署守則未涵蓋
http://www.mingpaocanada.com/Tor/htm/News/20181130/HK-gaa1_r.htm

環聯母公司美上市 高層多資安情報專家
https://m.mingpao.com/pns/dailynews/web_tc/article/20181130/s00001/1543514997277

Bethesda 被發現資安大漏洞 玩家個資外洩
https://www.ptt.cc/bbs/C_Chat/M.1544068611.A.63A.html

有半數釣魚網站都會讓你以為它是安全的
https://chinese.engadget.com/2018/11/27/half-of-phishing-sites-now-show-as-secure/

陌陌個資洩露?網爆「50美金賣3000萬條數據」...官方回應了
https://www.ettoday.net/news/20181204/1322162.htm

陸居住證個資外洩疑慮 陸委會:財產狀況易被掌握
http://www.epochtimes.com/b5/18/12/6/n10895057.htm

Elasticsearch伺服器配置不當,8,000萬名美國民眾資料外洩曝光
https://www.ithome.com.tw/news/127383

233名電信網路詐騙犯罪嫌疑人從柬埔寨被押解回國
https://news.sina.com.tw/article/20181206/29139260.html

史上第二多!Marriott飯店旗下喜達屋客戶資料庫遭駭,5億住客資料外洩
https://www.ithome.com.tw/news/127412

萬豪酒店駭客入侵是怎麼回事?駭客洩露了多少客人開房資訊
http://big5.eastday.com:82/gate/big5/tianqi.eastday.com/news/50447.html

萬豪訂房系統遭駭,5億客戶數據恐外洩,上週五股價重挫5.6%
https://bit.ly/2Uagvuw

飯店資料庫遭駭 近5億旅客個資恐外洩
https://www.ydn.com.tw/News/314917

萬豪集團資料外洩 包括W、喜來登酒店 私隱專員:展開循規調查
https://bit.ly/2zChE5o

萬豪酒店電腦系統被駭案 舒默倡集團承擔換護照錢
https://bit.ly/2Qyarx1

萬豪酒店遭駭 5億顧客個資外洩
https://tw.appledaily.com/headline/daily/20181201/38194696/

萬豪集團驚傳 5 億顧客個資外洩 駭客入侵長達4年
https://news.cnyes.com/news/id/4248341

萬豪5億個資被盜 寒舍、W飯店回應了
https://money.udn.com/money/story/5599/3511717

萬豪5億客戶個資外洩 幕後黑手疑似中國駭客
https://money.udn.com/money/story/5599/3521473

從「毛巾門」到信息泄露 酒店業陣痛如何消除
https://news.sina.com.tw/article/20181203/29078584.html

500 Million Marriott Guest Records Stolen in Starwood Data Breach
https://bit.ly/2riXgSg

Marriott breach: Starwood's hacker tier rewards millions of customer records
https://www.zdnet.com/article/marriot-breach-starwoods-hacker-tier-rewards-millions-of-customer-records/#ftag=RSSbaffb68

Marriott sued hours after announcing data breach
https://www.zdnet.com/article/marriott-sued-hours-after-announcing-data-breach/#ftag=RSSbaffb68

戴爾:發現安全漏洞
https://www.easyaq.com/news/2040501225.shtml

駭客企圖盜取 Dell 的用戶資料未果
https://chinese.engadget.com/2018/11/30/dell-hack-attempt/

Dell Resets All Customers' Passwords After Potential Security Breach
https://bit.ly/2E8POBT

Dell, Dunkin Donuts Reset Passwords After Incidents
https://www.bankinfosecurity.com/dell-dunkin-donuts-reset-passwords-after-incidents-a-11748

全國打擊電信網路新型違法犯罪 三年破詐騙31.5萬起
https://news.sina.com.tw/article/20181130/29050608.html

Uber fined $1.1 million by UK and Dutch regulators over 2016 data breach
https://bit.ly/2Q66YXc

FBI Shuts Down Multimillion Dollar – 3ve – Ad Fraud Operation
https://bit.ly/2Pf9mp2

賣花網站客戶姓名信用卡資料外洩 涉7.5萬宗交易
https://bit.ly/2QC4Tld

美國過去一年有六千萬張支付卡資料外洩
https://www.nccst.nat.gov.tw/NewsRSSDetail.aspx?lang=zh&RSSType=news&seq=16175

1 億用戶個資遭竊!美國知名 Q&A 網站 Quora 資安漏洞遭駭客入侵
https://buzzorange.com/techorange/2018/12/05/quora-is-hacked/

知名問答網站Quora遭駭,約1億用戶資料外洩
https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=886

知識問答社群網站Quora遭駭 1億用戶個資恐外洩
https://www.taiwannews.com.tw/ch/news/3589361

Quora Gets Hacked – 100 Million Users Data Stolen
https://bit.ly/2PlQN2K

Money Mule Employment scam email from Mr. Taro Yoshiyuki Omatsu Electric Co. Ltd. Human Resource Dept.
https://fraudfyi.blogspot.com/2018/12/money-mule-employment-scam-email-from.html

Phishing, Ransomware Attacks Continue to Menace Healthcare
https://www.bankinfosecurity.com/phishing-ransomware-attacks-continue-to-menace-healthcare-a-11805

E.研究報告

個案分析-校園勒索恐嚇信與勒索病毒攻擊事件分析報告_10711
https://cert.tanet.edu.tw/prog/opendoc.php?id=2018112311113838247549581880227.pdf

Beosin漏洞分析:RAM消耗漏洞及回滾交易漏洞
https://t.cj.sina.com.cn/articles/view/6487081523/182a9023302000dk9i

HackerOne平台ImageMagick漏洞导致服务器内存信息泄露
https://www.freebuf.com/vuls/189776.html

Bochspwn漏洞挖掘技術深究(1):Double Fetches 檢測
https://zhuanlan.zhihu.com/p/51315025

優步漏洞懸賞:將self-xss變成可用的xss
https://xz.aliyun.com/t/3480

nginx解析漏洞,配置不當,目錄遍歷漏洞復現
https://www.itread01.com/iifcc.html

一個CVE-2017-11882漏洞新變異樣本的調試與分析
https://paper.tuisec.win/detail/db96c1a93e21e1e

WordPress 插件 WooCommerce 任意文件删除漏洞分析
https://www.chainnews.com/articles/292505684695.htm

挖洞經驗| 藤用戶隱私信息洩露漏洞($ 7560)
https://www.freebuf.com/vuls/190129.html

0 day漏洞:多種方法繞過macOS Mojave Sandbox限制
http://www.4hou.com/system/14971.html

Flash 0day + Hacking Team遠控:利用最新Flash 0day漏洞的攻擊活動與關聯分析
https://ti.360.net/blog/articles/flash-0day-hacking-team-rat-activities-of-exploiting-latest-flash-0day-vulnerability-and-correlation-analysis/

How to Detect WebShell on PHP Web Server
https://bit.ly/2AMfFvp

F.商業

亞馬遜智慧助手遇瓶頸?WeWork暫停測試企業版Alexa
https://bit.ly/2PggfGX

協同合作共同打造容器平台 力保版本更新速度領先 網路層貫通地端與雲端 實現容器隨需遷移
https://www.netadmin.com.tw/article_content.aspx?sn=1811300004

AWS再加強無伺服Lambda布局,使用者可自選Runtime,還原生支援Ruby
https://ithome.com.tw/news/127374

行動身分識別服務簽約 5大電信董座站台
https://bit.ly/2Q8Znat

資策會研發EI-PaaS公版物聯網雲平台 助產業無痛轉型
https://bit.ly/2KODw25

關貿網路舉辦金融業資安高峰論壇,為金融業打造最佳資安防護
https://www.trade-van.com/news/index.do?act=detail&articleId=835

擴充CPU與GPU資源管理,OpenShift持續強化K8s支援
https://ithome.com.tw/review/126279

資安即國安 訊連U通訊系列打進政府標案市場
https://news.wearn.com/c88691.html

已移除或計劃要從 Windows Server 2019 開始取代的功能
https://bit.ly/2Pkeb0u

動態防護龍頭「星盾科技」發表 2018 資安報告:自動化攻擊將變得「更像人」
https://buzzorange.com/techorange/2018/12/06/2018-threat-report/

針對GitHub用戶,WhiteSource推出專屬的免費開源軟體弱點管理工具
https://www.ithome.com.tw/news/127525?fbclid=IwAR1mfZbenOgJ-eoBzJR_uks98UPHkD4KNea-kQk-FoIlxZ3GRHx9iTUb8Vg

At AWS re:Invent, Amazon gets its gun: 'Everything the tech sector does, we can do better'
https://www.zdnet.com/article/aws-reinvent-2018-recap-everything-the-tech-sector-does-aws-wants-to-do-better/#ftag=RSSbaffb68

Microsoft building Chrome-based browser to replace Edge on Windows 10
https://bit.ly/2QcfPXb

WhiteSource Bolt for GitHub: Free Open Source Vulnerability Management App for Developers
https://bit.ly/2UhFvjD

G.政府

中選會證實投票日遭駭客攻擊 行政院:成功防堵
https://tw.news.appledaily.com/politics/realtime/20181128/1474858

選舉日中選會官網遭攻擊 政院:發生在投票前
https://www.cna.com.tw/news/aipl/201811300197.aspx

行政院資安處:投票當天中選會遭DDoS攻擊流量不到10Gbps,維持不到10分鐘
https://www.ithome.com.tw/news/127371

中選會官網投票日遭攻擊?政院資安處:已即時阻擋
http://m.ltn.com.tw/news/politics/paper/1251269

行政院資安處:駭客於投票前攻擊中選會官網 僅維持5分鐘
https://www.ettoday.net/news/20181130/1319906.htm

台投票大排長龍 賴清德:用科技解決
http://www.epochtimes.com/b5/18/11/28/n10878422.htm

中選會開始研擬電子投票!但真正實現的門檻其實在「社會信任」
https://buzzorange.com/techorange/2018/11/30/implement-of-e-voting-is-trust/

政軍兵推 肆應混合型戰爭威脅
https://www.ydn.com.tw/News/314960

有關網路傳言金管會主委政商勾結乙事,絕非事實,特予澄清。
https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=201812010001&toolsflag=Y&dtable=News

顧立雄:網路訊息零碎化 是民主發展隱憂
https://udn.com/news/story/7238/3518969

被開票到半夜嚇歪,柯文哲提 E 化改革:讓台北無紙化、無現金成真
https://buzzorange.com/2018/12/05/ko-p-i-cant-stand-with-the-long-lineup-for-voting/

107 第2次政府資通安全防護巡迴研討會ー教材開放下載
https://www.nccst.nat.gov.tw/HandoutDetail.aspx?lang=zh&seq=1281

H.工控系統/ICS/SCADA

鼎陽SDS 1202X-E示波器易遭入侵竄改測試數據
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5060

Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting
https://old.exploit-db.com/exploits/45928/?rss

Schneider Electric PLC - Session Calculation Authentication Bypass
https://old.exploit-db.com/exploits/45918/?rss

Respond Software Partners with ForeScout to Strengthen ICS Cybersecurity Programs
https://www.businesswire.com/news/home/20181204005300/en/Respond-Software-Partners-ForeScout-Strengthen-ICS-Cybersecurity

Three Things ICS Security Pros Can Do to Maximize Uptime
https://www.powermag.com/three-things-ics-security-pros-can-do-to-maximize-uptime/

CyberX Joins McAfee Security Innovation Alliance (SIA)
https://globenewswire.com/news-release/2018/12/06/1662926/0/en/CyberX-Joins-McAfee-Security-Innovation-Alliance-SIA.html

Industrial cybersecurity: un obbligo per fare Industria 4.0
https://www.zerounoweb.it/techtarget/searchsecurity/cybersecurity/industrial-cybersecurity-per-industria-4-0/

Mine security in the digital age With more mines being connected, how are they being protected
http://magazine.cim.org/en/technology/mine-security-in-the-digital-age-en/

Skkynet Cloud Systems helps Siemens enhance digitalization and remote monitoring for Argentinian power plants
https://www.automation.com/automation-news/skkynet-cloud-systems-helps-siemens-enhance-digitalization-and-remote-monitoring-for-argentinian-power-plants

I.教育訓練類

資安補帖─Day51─Bug Bounty
https://ithelp.ithome.com.tw/articles/10210209

資安補帖─Day52─漏洞環境測試與部屬
https://ithelp.ithome.com.tw/articles/10210213

初次接觸基礎漏洞OWASP丨Web安全掃盲
https://www.bilibili.com/video/av37156780/

Become a Certified Hacker With This Hands-On Training Course
https://bit.ly/2zF5Gbo

J.玄武安全推送

每日安全動態推送(12-03)
https://tw.weibo.com/xuanwulab/4313133176560142

每日安全動態推送(12-04)
https://tw.weibo.com/xuanwulab/4313490699814071

每日安全動態推送(12-05)
https://tw.weibo.com/xuanwulab/4313857692140840

每日安全動態推送(12-06)
https://tw.weibo.com/xuanwulab/4314216778820430

每日安全動態推送(12-07)
https://tw.weibo.com/xuanwulab/4314577460261519

K.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機

AI 複製思維舉止還能思考!個性化人工智能將成為另類「複製人」
https://www.limitlessiq.com/news/post/view/id/7763/

自駕車測試場域資安防護 未發現漏洞
https://udn.com/news/story/7266/3514075

高手聯手考驗沙崙自駕車測試場域資安防護
https://money.udn.com/money/story/10860/3513707

AI資安攻防戰 高手雲集
https://bit.ly/2Q9wbzU

全球員工籌組500隊,趨勢AI競賽4日福岡決賽
https://bit.ly/2rk8LJi


L.CTF


ICON 2018 CTF
https://ctf.icon-2018.org/

FAUST CTF 2018
https://2018.faustctf.net/

CODE BLUE CTF 2018
http://ctf.codeblue.jp/

SFA-CTF 2018 « Duccio Cavalieri
http://www.duccioknights.org/?page_id=1113

CTF - 2019
http://tourismexpo.ge/

CTF 2019 - The 16th China International Tire and Wheel
http://www.chinaexhibition.com/trade_events/9771-CTF_2019_-_The_16th_China_International_Tire_and_Wheel_%28Qingdao%29_Fair.html

4.近期資安活動及研討會
 
  行動支付的基礎框架、創新應用與案例解析研習班  2018/12/08 09:30(+0800)~16:30
  https://cyber-training.kktix.cc/events/404221c0

  【StarRocket】Python web crawler 網路爬蟲與資訊處理  12/8
  https://www.accupass.com/event/1810080844071408192583

  ISDA 教育訓練 SDR與無線通訊  12/8
  https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=297

  駭客入侵調查暨資安緊急應變實務 12/10 ~ 12/11
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=45

  TANet/TWAREN監控平台與即時流量異常偵測系統介紹 12/11
  https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3767&from_course_list_url=homepage

  Deep Learning and the Happy Hour  12/12
  https://www.meetup.com/Deep-Learning-Conversations/events/bcvpbqyxqbqb/

  GCPUG Taipei Meetup #43  12/12
  https://www.meetup.com/GCPUG-Taipei/events/256832723/

  眺望2019 物聯網安全高峰論壇  12/13
  https://www.accupass.com/event/1811070402401864369691

  網路封包分析 12/13
  https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3654&from_course_list_url=homepage

  眺望2019 物聯網安全高峰論壇  12/13
  https://www.2cm.com.tw/files/event/2018IoT_Security_Forum/index.html

  台灣駭客年會 HITCON Pacific 2018 12/13 ~ 12/14
  https://hitcon.kktix.cc/events/hitcon-pacific-2018

  ISDA 教育訓練 我的黑帽女友之WIFI入門   12/15
  https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=298

  亥客書院 - 進階網頁滲透測試  12/15
  https://hackercollege.nctu.edu.tw/?p=323

  【課程】IoT 雲端自動澆花系統實作,玩開發板、硬體組裝、雲端自動化系統建立、水位監控,一天學會 12/15
  https://www.techbang.com/posts/47625-the-course-motoduino-cloud-monitoring-and-automatic-watering-system-motoblockly

  一日學會區塊鏈與智能合約 2018/12/16 09:30(+0800)~18:30
  https://cyber-training.kktix.cc/events/404221c0-copy-1

  Python 應用教學課程-雲端服務 1~3 12/21 ~ 1/4
  https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3753&from_course_list_url=homepage

  直擊!高塔上的聖誕寶藏 - COBINHOOD 最狂聖誕同樂會  12/21
  https://www.meetup.com/COBINHOOD-Taipei-Meetup/events/256799481/

  物聯網應用發展策略與安全設計-1天,假日速成班  2018/12/22 09:30(+0800)~18:30
  https://cyber-training.kktix.cc/events/404221c0-copy-2

  【課程】AI 人工智慧實戰班,類神經網路 DNN、CNN、RNN 通通傳授,兩天時間專家帶你進入Deep Learning 的大門  12/22 ~  12/23
  https://www.techbang.com/posts/62515-course-ai-artificial-intelligence-practical-class-deep-learning-machine-learning-image-recognition

  入門UI設計!Adobe Xd 快速上手工作坊 (台北假日場) 12/23
  https://www.accupass.com/event/1811221341231138544404

  專業手機暨硬碟資料救援教育訓練課程 12/26 ~ 12/28
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=46

  Taipei 暗号通貨 (Cryptocurrency) Meetup  12/26
  https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/pjlnwpyxqbjc/

  Taipei.py 十二月月會 (Monthly Meeting) 2018  12/27
  https://www.meetup.com/Taipei-py/events/256337705/

  系統日誌分析實務  12/27
  https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3653&from_course_list_url=homepage

  亥客書院 - 高階網頁滲透測試    2019/1/5
  https://hackercollege.nctu.edu.tw/?p=768

  資策會2019/1/5開辦CompTIA Security+ 國際網路資安認證班
  https://n.yam.com/Article/20181129286231

  2019 政府資安戰略論壇  2019/01/03 13:00(+0800)~16:30
  https://csa.kktix.cc/events/csa190103

  【課程】Arduino四軸飛行器開發實作,無人機硬體、無線遙控器、飛控軟體整合、飛行教學,一天學會 1/5
  https://www.techbang.com/posts/48599-course-real-workshop-arduino-four-axis-aircraft-the-body-assembly-writing-control-programs-self-made-remote-control-app-flight-instruction-day-institute
 
  ISDA 白帽入門讀書會 黑帽python入門  1/5
  https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=299

  【課程】用Google TensorFlow實作推薦系統,讓機器學習應用各種商務情境、提升商品曝光達到精準行銷 1/12
  https://www.techbang.com/posts/57689-course-with-the-google-tensorflow-implementation-of-the-recommendation-system-so-that-machine-learning-to-apply-a-variety-of-business-situations-improve-the-exposure-of-goods-to-achieve-precision-marketing


留言

這個網誌中的熱門文章

資安事件新聞週報 2019/2/25 ~ 2019/3/1

資安事件新聞週報  2019/2/25  ~  2019/3/1

1.重大弱點漏洞

Avast:數位家庭最容易有漏洞的裝置是印表機、網路裝置及監視器
https://ithome.com.tw/news/128997

F5 BIG-IP Access Policy Manager 跨站腳本漏洞  CVE-2019-6595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6595

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT
https://www.exploit-db.com/exploits/46444

報告:前十大熱門Docker映像檔都有至少30個以上的漏洞
https://www.ithome.com.tw/news/129018

有攻擊者正利用Chrome的0day漏洞偷取他人信息
https://nosec.org/home/detail/2294.html

Chrome瀏覽器被曝存在漏洞攻擊者可通過PDF收集用戶信息
http://www.sohu.com/a/298175326_114774?sec=wd

Google Chrome zero-day used in the wild to collect user data via PDF files
https://www.zdnet.com/article/google-chrome-zero-day-used-in-the-wild-to-collect-user-data-via-pdf-files/#ftag=RSSbaffb68

Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers
https://bit.ly/2H4ZAWr

研究人員揭露大批Thunderclap安全漏洞,允許惡意周邊裝置竊取記憶體機密資訊
https://www.ithome.com.tw/news/129021

新發現的thunderclap 漏洞允許黑客使用Thunderbolt/USB-C 外設攻擊PC
http://hackernews.cc/archives/24…

資安事件新聞週報 2019/7/8 ~ 2019/7/12

資安事件新聞週報  2019/7/8  ~  2019/7/12

1.重大弱點漏洞/後門/Exploit/Zero Day
安全公告:LEN-27828 Intel PROSet/Wireless WiFi Software 漏洞
http://iknow.lenovo.com/detail/dc_183380.html

Juniper Junos OS 多個漏洞
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10938
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10940
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10942
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10946

Lodash 嚴重安全漏洞背後你不得不知道的JavaScript 知識
https://juejin.im/post/5d271332f265da1b934e2d48

Lodash庫爆出嚴重安全漏洞,波及400萬+項目
https://mp.weixin.qq.com/s/tfZq2PZylGfMjOp8h8eeTw

Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
https://www.exploit-db.com/exploits/47111

知名飯店Kiosk系統漏洞讓後台資料庫憑證曝險,可致客戶資料被竊
https://ithome.com.tw/news/131809

Jira Server and Data Center Update Patches Critical Vulnerability
https://www.bleepingcomputer.com/news/security/jira-server-and-data-center-update-patches-critical-vulnerability/

JIRA Security Advisory 2019-07-1…