1月份資安社群及教育訓練活動分享


1月份資安社群及教育訓練活動分享

Android Code Club(Taipei) 1/1
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybccbcb/

From Reactive to Functional FunTh#80 1/2
https://www.meetup.com/Functional-Thursday/events/266805309/

Hacking Thursday 1/2
http://www.hackingthursday.org/invite

大數據爬蟲技術實作,使用Python實作網路爬蟲,快速有效獲取大量資料,打造自動化金融數據平台 1/4
https://www.techbang.com/posts/58613-course-python-crawler-technology-implementation

[Birthday Series] R-Ladies Taipei 五歲拉 1/6
https://www.meetup.com/rladies-taipei/events/266131216/

SDN x Cloud Native Meetup #24 1/6
https://www.meetup.com/CloudNative-Taiwan/events/267390135/

WizardAmigos CodeCamp [Taipei,JavaScript,­English] 1/6
https://www.meetup.com/WizardAmigos/events/bbdclrybccbjb/

新型郵件威脅與挑戰因應策略 1/7
https://engage2demand.cisco.com/LP=19240?dtid=oemels001119&ccid=cc000828&ecid=22859

發現 CNN 新大陸 (人工智慧小聚 - Hsinchu#20200108 ) 1/8
https://www.meetup.com/AIA-Hsinchu/events/266704469/

LISP talk: LISP in surrounding parentheses is supremely powerful #3  1/8
https://www.meetup.com/Clojure-tw/events/267468946/

#26 使用 Azure 進行文字分析與處理 1/8
https://www.meetup.com/Azure-Taiwan/events/267106591/

資安週講座-介於真假之間的假新聞 1/9
https://hackersir.kktix.cc/events/isweek-3

Python最強入門邁向數據科學之路-新書分享暨簽書會 1/9
https://tenlong.kktix.cc/events/dm1931

Fast.AI Workshop Lesson #3 1/9
https://www.meetup.com/Taipei-Agile-AI/events/267248318/

Hacking Thursday 1/9
http://www.hackingthursday.org/invite

AIS3 EOF資安搶旗競賽 1/11
https://ais3.org/eof

MLDM Monday x PyData Taiwan | TBD (about Shioaji) 1/13
https://www.meetup.com/Taiwan-R/events/266715784/

SANS Threat Hunting London Summit & Training 2020 1/13 ~ 1/18
https://www.sans.org/event/threat-hunting-europe-2020

GitLab Commit San Francisco 1/14
https://about.gitlab.com/events/commit/#attend-sanfrancisco

資安實務專題課程-Windows 惡意程式分析實務 1/14 ~ 1/17
https://isip.moe.edu.tw/wordpress/?p=1789

Build Your Security Token Blockchain - 如何打造證券型代幣區塊鏈 1/14
https://www.meetup.com/Polkadot-Taipei/events/267377249/

Elixir.tw Taipei Meetup inside 默默會(mokumokukai) 1/14
https://www.meetup.com/elixirtw-taipei/events/267421068/

Scala Taiwan #36 - Scala through lenses 1/14
https://www.meetup.com/Scala-Taiwan-Meetup/events/267314640/

Hacking Thursday 1/16
http://www.hackingthursday.org/invite

A meetup with Laurence Moroney 1/16
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/267109922/

ANSYS Workbench結構分析基礎課程 1/16 ~ 1/17
https://reurl.cc/mdjz7l

Japan Security Analyst Conference  1/17
https://jsac.jpcert.or.jp/

WizardAmigos CodeCamp [Taipei,JavaScript,­English] 1/20
https://www.meetup.com/WizardAmigos/events/bbdclrybccbbc/

Cyber Security for Critical Assets (CS4CA) MENA 1/20 ~ 1/21
https://mena.cs4ca.com/?ref=infosec-conferences.com

PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world

2020核果資訊冬季班 Python 程式語言 (Level 1) 1/22~ 2/13
https://www.accupass.com/event/1911150442131985092910

Hacking Thursday 1/23
http://www.hackingthursday.org/invite

Security Hell Conference (SH3LLCON) 1/24 ~ 1/25
https://www.sh3llcon.es/?ref=infosec-conferences.com

NextGen SCADA 1/27 ~ 1/31
https://www.smartgrid-forums.com/forums/nextgen-scada-global/

Cranfield University Cyber Symposium 1/28 ~ 1/29
https://www.cranfield.ac.uk/events/symposia/cyber

International Cyber Security Forum (FIC) 1/28 ~ 1/30
https://www.forum-fic.com/en/home.htm

Free and Safe in Cyberspace 1/29
https://www.free-and-safe.org/

Hacking Thursday 1/30
http://www.hackingthursday.org/invite

資安事件新聞週報 2019/12/23 ~ 2019/12/27






資安事件新聞週報  2019/12/23  ~  2019/12/27

1.重大弱點漏洞/後門/Exploit/Zero Day
IBM WebSphere Application Server 遠端執行任意程式碼漏洞
https://www.ibm.com/support/pages/node/1115085

Dropbox含有可取得系統權限的安全漏洞
https://www.ithome.com.tw/news/134979

360安全大腦發現並協助修復VMware遠程高危漏洞
https://finance.jrj.com.cn/2019/12/25151428585242.shtml

你找到1個大漏洞拿4500萬!蘋果撒錢擴大漏洞懸賞計畫
https://www.setn.com/News.aspx?NewsID=659037

重賞 $11,680,000 ! Apple 開放舉報保安漏洞懸賞機制
http://bit.ly/2MntKWL

OnePlus推賞金獎勵計劃 找出系統漏洞最高獎逾5萬元
https://reurl.cc/EKN48a

Citrix修補遠端程式攻擊漏洞
https://www.ithome.com.tw/news/135005

Citrix Systems Citrix ADC and NetScaler Gateway和Citrix Application Delivery Controller 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781

Citrix產品中的漏洞使80000家公司面臨風險
https://www.linuxidc.com/Linux/2019-12/161805.htm

資安事件新聞週報 2019/12/16 ~ 2019/12/20






資安事件新聞週報  2019/12/16  ~  2019/12/20

1.重大弱點漏洞/後門/Exploit/Zero Day
Micro Focus ArcSight Logger 跨站請求偽造漏洞 CVE-2019-11657
https://nvd.nist.gov/vuln/detail/CVE-2019-11657

Trend Micro HouseCall for Home Networks 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19689

TP-Link 路由器遠端執行任意程式碼漏洞
https://www.securitywizardry.com/the-radar-page/alert-details#alerts

TP-Link修補不用密碼就能登入路由器的安全漏洞
https://www.ithome.com.tw/news/134878

TP-Link Archer Router Vulnerability Voids Admin Password, Can Allow Remote Takeover
https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/

新的攻擊 CPU 手法 Plundervolt 出現,超頻降頻也能觸發漏洞
https://technews.tw/2019/12/17/cpu-plundervolt/

資安事件新聞週報 2019/12/9 ~ 2019/12/13



資安事件新聞週報  2019/12/9  ~  2019/12/13

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco DNA Spaces:Connector SQL注入漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-dna-sqlinjection

Cisco 指控 Zoom Connector for Cisco 會造成嚴重資安漏洞
https://www.twcert.org.tw/tw/cp-104-3118-53912-1.html

IBM QRadar SIEM跨站脚本漏洞
https://www.ibm.com/support/pages/node/1103499

VMware ESXi 和 Horizon DaaS 發布安全更新
https://www.vmware.com/security/advisories/VMSA-2019-0022.html

DroneSense 現安全漏洞 警用無人機監視路線被公開
http://bit.ly/2RMjPxp

資安事件新聞週報 2019/12/2 ~ 2019/12/6






資安事件新聞週報  2019/12/2  ~  2019/12/6

1.重大弱點漏洞/後門/Exploit/Zero Day
MISP 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19379

Linux漏洞將允許駭客挾持VPN連線
https://ithome.com.tw/news/134652

安全預警- 某些華為設備中存在DoS安全漏洞
https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191204-03-dos-cn

IBM WebSphere eXtreme Scale Admin Console點擊劫持漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4109

IBM DataPower Gateway 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4621

HP Workstation BIOS安全特征问题漏洞
https://support.hp.com/us-en/document/c06318199

可重複的模擬攻擊技術在漏洞管理領域的應用
https://www.chainnews.com/zh-hant/articles/215260357729.htm

索尼再現網站安全漏洞宣布關閉隱患網頁
https://nosec.org/home/detail/3252.html

GoAhead Web 服務器又現關鍵漏洞
https://www.chainnews.com/zh-hant/articles/100479860666.htm

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices
https://thehackernews.com/2019/12/goahead-web-server-hacking.html

資安事件新聞週報 2019/11/25 ~ 2019/11/29






資安事件新聞週報  2019/11/25  ~  2019/11/29

1.重大弱點漏洞/後門/Exploit/Zero Day
Google 已發布安全更新以解決多個產品中的弱點
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html

CWE公布2019年最危險的25個軟體錯誤
https://www.ithome.com.tw/news/134475

Fortinet 多個產品存在加密金鑰弱點,可能造成中間人成功竊聽或披露機敏資訊
https://fortiguard.com/psirt/FG-IR-18-100

TOP25 漏洞類型 8 年後首次迎來更新
https://www.chainnews.com/zh-hant/articles/142025348603.htm

phpMyAdmin 遠端執行任意程式碼漏洞
https://www.phpmyadmin.net/security/PMASA-2019-5/

Red Hat JBoss Enterprise Application Platform 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.4484/

部份Fortinet產品加密金鑰漏洞,可讓駭客竊聽用戶活動
https://ithome.com.tw/news/134415

一加公佈個人信息安全漏洞並向受影響客戶致歉
https://www.cnbeta.com/articles/tech/913985.htm

TP-Link TL-WR841N 遠端執行程式碼漏洞
https://www.zerodayinitiative.com/advisories/ZDI-19-992/

ClamAV CVE-2013-7088
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7088

ClamAV CVE-2013-7087
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7087

資安事件新聞週報 2019/11/18 ~ 2019/11/22






資安事件新聞週報  2019/11/18  ~  2019/11/22

1.重大弱點漏洞/後門/Exploit/Zero Day
中彈!高通晶片有漏洞 手機個資不保
https://www.chinatimes.com/realtimenews/20191118003422-260410?chdtv

透過智慧門鈴就可攻擊整個房子聯網設備!Amazon 已修補Ring Video Doorbell Pro 漏洞
https://blog.trendmicro.com.tw/?p=62657

Grin核心開發者解析Mimblewimble「漏洞」:非根本性缺陷,Grin很安全
https://news.knowing.asia/news/0cc8c2e7-222c-40e0-a7c8-5c010ede7023

Grin 隱私模型漏洞!駭客每週花費60美元的AWS服務,就能追蹤 96% 金流地址
https://www.blocktempo.com/former-google-engineer-uncovers-96-of-privacy-altcoin-addresses/

Fortinet FortOS 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19111802

Fortinet FortiClient 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19111901

Google動態郵件功能出現XSS漏洞,可讓駭客透過Gmail發動攻擊
https://www.ithome.com.tw/news/134279

IBM WebSphere Application 遠端執行任意程式碼漏洞
https://www.hkcert.org/my_url/zh/alert/19111801

HKCERT 呼籲關注Windows 7、Windows伺服器2008 及 2008 R2 終止支援服務
https://www.hkcert.org/my_url/zh/blog/19112201

引發 BSoD 的BlueKeep漏洞攻擊,造成系統崩潰的原因
https://blog.trendmicro.com.tw/?p=62621

High-Severity Windows UAC Flaw Enables Privilege Escalation
https://threatpost.com/windows-uac-flaw-privilege-escalation/150463/

資安事件新聞週報 2019/11/11 ~ 2019/11/15


資安事件新聞週報  2019/11/11  ~  2019/11/15

1.重大弱點漏洞/後門/Exploit/Zero Day
開機載入程式Das U-Boot暗藏程式攻擊漏洞
https://ithome.com.tw/news/134091

McAfee antivirus software impacted by code execution vulnerability
https://www.zdnet.com/article/mcafee-antivirus-software-impacted-by-code-execution-vulnerability/#ftag=RSSbaffb68

JVNVU#91935870 Trend Micro Anti-Threat Toolkit (ATTK) における任意のコード実行が可能な脆弱性
https://jvn.jp/vu/JVNVU91935870/

蘋果 macOS 系統內建郵件功能藏重大漏洞!快用一招防堵個資遭外洩
https://3c.ltn.com.tw/news/38577

Apple Mail on macOS leaves parts of encrypted emails in plaintext
https://www.zdnet.com/article/apple-mail-on-macos-leaves-parts-of-encrypted-emails-in-plaintext/#ftag=RSSbaffb68

思科Talos發現LEADTOOLS工具包中存在多個漏洞,可能導致遠程代碼執行
https://www.t00ls.net/articles-53771.html

思科產品遠端執行任意程式碼漏洞
https://tools.cisco.com/security/center/publicationListing.x

Pulse Secure VPN Arbitrary Command Execution
https://packetstormsecurity.com/files/155277/pulse_secure_cmd_exec.rb.txt

資安事件新聞週報 2019/11/4 ~ 2019/11/8






資安事件新聞週報  2019/11/4  ~  2019/11/8

1.重大弱點漏洞/後門/Exploit/Zero Day
BlueKeep漏洞發生第一波大規模攻擊,引發藍色死亡螢幕
https://www.ithome.com.tw/news/133987

First Cyber Attack 'Mass Exploiting' BlueKeep RDP Flaw Spotted in the Wild
https://thehackernews.com/2019/11/bluekeep-rdp-vulnerability.html

Snyk釋出最新JavaScript框架安全性報告,不少熱門框架模組存在XSS漏洞
https://www.ithome.com.tw/news/134029

JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects
https://www.exploit-db.com/exploits/47590

ZTE 9000E 權限許可和訪問控制問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3425

多款D-Link產品遠程代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16920

F5 BIG-IP AFM SQL注入漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6658

資安事件新聞週報 2019/10/28 ~ 2019/11/1



資安事件新聞週報  2019/10/28  ~  2019/11/1

1.重大弱點漏洞/後門/Exploit/Zero Day

Symantec antivirus crashes something again. This time Chrome 78 browsers
https://www.zdnet.com/article/symantec-antivirus-crashes-something-again-this-time-chrome-78-browsers/#ftag=RSSbaffb68

VMWare vCenter 伺服器設備資料洩露漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0018.html

MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
https://www.exploit-db.com/exploits/47566

主流虛擬化平臺 QEMU-KVM 被曝存在漏洞,可完全控制宿主機及其虛擬機
https://www.chainnews.com/zh-hant/articles/730633063482.htm

Google Chrome/Microsoft Edge Chromium version 78.0.x error "Aw, Snap! Something went wrong while displaying this webpage." when using Endpoint Protection
https://support.symantec.com/us/en/article.tech256047.html

Where the beep is Reopen Closed Tab in Chrome 78? (and how to get it back)
https://www.zdnet.com/article/where-the-beep-is-reopen-closed-tab-in-chrome-78-and-how-to-get-it-back/#ftag=RSSbaffb68

Samba Releases Security Updates
https://www.samba.org/samba/security/CVE-2019-10218.html
https://www.samba.org/samba/security/CVE-2019-14833.html
https://www.samba.org/samba/security/CVE-2019-14847.html

11月份資安社群及教育訓練活動分享


OWASP AppSec Day Melbourne  11/1
 https://infosec-conferences.com/events-in-2019/owasp-appsec-day-melbourne/

 Hackfest 2019  11/1 ~ 11/3
 https://infosec-conferences.com/events-in-2019/hackfest-2019/

 行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30
 https://www.accupass.com/event/1810080517061259295030

  Elite East Coast CISO Summit 11/3~11/5
 https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/

 Red Hat Forum Taipei 2019  11/5
 https://www.facebook.com/events/1390202967799392/

資安事件新聞週報 2019/10/21 ~ 2019/10/25






資安事件新聞週報  2019/10/21  ~  2019/10/25

1.重大弱點漏洞/後門/Exploit/Zero Day
SRLabs發現智能揚聲器新漏洞或變身監聽用戶的間諜設備
https://www.cnbeta.com/articles/tech/901805.htm

Google、Amazon智能喇叭偷錄密碼
http://bit.ly/2P77wue

Symantec antivirus crashes something again. This time Chrome 78 browsers
https://www.zdnet.com/article/symantec-antivirus-crashes-something-again-this-time-chrome-78-browsers/#ftag=RSSbaffb68

Apache Traffic Server 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079

Docker Hub現支援TOTP雙因素驗證
https://www.ithome.com.tw/news/133748

PHP遠程代碼執行漏洞預警(CVE-2019-11043)
https://www.huaweicloud.com/notice/2018/20191024155807348.html

PHP 遠程代碼執行漏洞(CVE-2019-11043)[附exploit]
http://vulsee.com/archives/vulsee_2019/1023_9128.html

Fortinet FortiOS 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15703

NETGEAR JNR1010訪問控制錯誤漏洞
https://kb.netgear.com/30177/JNR1010-Firmware-Version-1-0-0-32

Oracle Java SE 安全漏洞(CVE-2019-11068)
http://www.dukulong.com/article/CVE-2019-11068.html

Weblogic反序列化遠程代碼執行漏洞預警通告
https://cloud.tencent.com/developer/article/1526492

資安事件新聞週報 2019/10/14 ~ 2019/10/18






資安事件新聞週報  2019/10/14  ~  2019/10/18

1.重大弱點漏洞/後門/Exploit/Zero Day
Juniper 10月產品安全性更新公告
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES

GitHub 首席安全工程師:Linux 暗藏嚴重漏洞,存在至少4 年
https://www.infoq.cn/article/WSWoSgGNk9iz0Had5XmU?utm_source=rss&utm_medium=article

FDA對影響醫療裝置和醫院網路的URGENT/11漏洞發出警報
https://blog.trendmicro.com.tw/?p=62255

BMC Software Patrol Agent 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17043

ReportLab 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17626

BIND 多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/10/17/isc-releases-security-advisories-bind

LimeSurvey 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17660

HiNet GPON 3097 埠允許遠端執行任意指令
https://tvn.twcert.org.tw/taiwanvn/TVN-201908005

NETGEAR JNR1010 訪問控制錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-11014

TOPMeeting 全球行動視訊會議系統含有機敏資料暴露漏洞
https://tvn.twcert.org.tw/taiwanvn/TVN-201907002

Sonatype Nexus Repository Manager 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15893

Firefox部署程式碼注射攻擊保護
https://www.ithome.com.tw/news/133620

Firefox Blocks Inline and Eval JavaScript on Internal Pages to Prevent Injection Attacks
https://thehackernews.com/2019/10/firefox-javascript-injection.html

DEVCORE 剖析 Mail2000 漏洞已於去年修補正式聲明
https://www.openfind.com.tw/taiwan/news_detail.php?news_id=10198

資安事件新聞週報 2019/10/7 ~ 2019/10/11






資安事件新聞週報  2019/10/7  ~  2019/10/11

1.重大弱點漏洞/後門/Exploit/Zero Day
英國政府警告:Pulse Secure、Palo Alto和Fortinet的VPN存在APT攻擊漏洞
https://www.ithome.com.tw/news/133480

Unpatched VPN Servers Targeted by Nation-State Attackers
https://www.bankinfosecurity.com/unpatched-vpn-servers-targeted-by-nation-state-attackers-a-13202

Vulnerabilities exploited in VPN products used worldwide
https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities

Palo Alto PAN-OS 遠端執行程式碼漏洞
https://www.hkcert.org/my_url/zh/alert/19072402

Fortinet FortOS 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19100802

Juniper Networks 產品安全性漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0074

IBM WebSphere Application 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.3731/
https://www.auscert.org.au/bulletins/ESB-2019.3728/

熱門UI設計工具Figma的擴充套件系統存在漏洞,官方抽換底層基礎架構
https://www.ithome.com.tw/news/133492

Notepad++ (x64) before 7.7 CVE-2019-16294 – Remote Code Execution
https://0day.life/exploits/0day-940.html

資安事件新聞週報 2019/9/30 ~ 2019/10/4






資安事件新聞週報  2019/9/30  ~  2019/10/4

1.重大弱點漏洞/後門/Exploit/Zero Day
思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

Red Hat JBoss 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.3689/
https://www.auscert.org.au/bulletins/ESB-2019.3672/

IBM WebSphere Application Server 多個漏洞
https://www.ibm.com/support/pages/node/960171

蘋果產品多個漏洞
https://support.apple.com/en-us/HT201222

Checkm8漏洞有多恐怖永久性破解蘋果A5-A11設備
https://new.qq.com/omn/20190928/20190928A09R9900.html

谷歌Google軟件現嚴重漏洞導致部分蘋果Mac電腦無法正常啟動
http://www.sohu.com/a/343990168_499322

vBulletin緊急修補本周被揭露的零時差漏洞
https://ithome.com.tw/news/133295

物聯網裝置攻擊頻傳,戴夫寇爾揭露中華電信數據機設置不當的漏洞
https://www.ithome.com.tw/news/133322

關於CVE-2019-1367 IE瀏覽器遠程代碼執行高危漏洞安全加固的緊急通報
https://www.heibai.org/post/1526.html


IBM MQ AMQP Listeners 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4227

微軟IE瀏覽器現漏洞 惡意代碼奪取電腦控制權
http://bit.ly/2o5b98k

微軟 IE 瀏覽器被曝漏洞,可透過惡意網站操控 Windows 系統
https://technews.tw/2019/09/30/ie-is-exposed-to-major-security-vulnerabilities/

微軟緊急發佈IE零時差漏洞更新
https://www.version-2.com.tw/news/latest_news/article/20191002/

【Windows 10 KB4516071 累積更新小細節!!】 將 SSD 默認加密改為 BitLocker 軟件加密
http://bit.ly/2nVHfTT

Microsoft says Windows 10 1903 is officially 'ready for broad deployment'
https://www.zdnet.com/article/microsoft-says-windows-10-1903-is-officially-ready-for-broad-deployment/#ftag=RSSbaffb68

Microsoft to make Windows 7 Extended Security Updates available to all business users
https://www.zdnet.com/article/microsoft-to-make-windows-7-extended-security-updates-available-to-all-business-users/#ftag=RSSbaffb68

When will you get the next version of Windows 10? Here's how to take control
https://www.zdnet.com/article/when-will-you-get-the-next-version-of-windows-10/#ftag=RSSbaffb68

Windows 10 1903 KB4522016 Cumulative Update Breaks Printing
https://www.bleepingcomputer.com/news/microsoft/windows-10-1903-kb4522016-cumulative-update-breaks-printing/

Windows Server 2008 即將終止支援:您準備好了嗎
https://blog.trendmicro.com.tw/?p=62140

PDF 檔案規格資安漏洞,導致有心人能窺探加密文件
https://technews.tw/2019/10/02/pdf-file-scheme-vulanerable-makes-another-people-can-have-a-skim-on-encrypted-text/

Researchers Find New Hack to Read Content Of Password Protected PDF Files
https://thehackernews.com/2019/10/pdf-password-encryption-hacking.html

New PDFex attack can exfiltrate data from encrypted PDF files
https://www.zdnet.com/article/new-pdfex-attack-can-exfiltrate-data-from-encrypted-pdf-files/#ftag=RSSbaffb68

GAO Raises Concerns About Power Grid Vulnerabilities
https://www.bankinfosecurity.com/gao-raises-concerns-about-power-grid-vulnerabilities-a-13157

ATMIA, ASA call for stronger measures against ATM crimes
https://www.atmmarketplace.com/news/atmia-asa-call-for-stronger-measures-against-atm-crimes/

Joint Position Paper on ATM Crime Sentences
https://www.atmsecurityassociation.com/files/position-papers/position-paper-on-atm-crime-sentencing-published.pdf

Jira Server / Data Center Template Injection
https://packetstormsecurity.com/files/154611/jiraserverdc-inject.txt

Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation
https://packetstormsecurity.com/files/154702/fortisiem5-invalid.txt

tcpdump 4.9.3
https://packetstormsecurity.com/files/154679/tcpdump-4.9.3.tar.gz

pfSense 2.3.4 / 2.4.4-p3 Remote Code Injection
https://packetstormsecurity.com/files/154587/pfsense-remote-code-injection.txt

Privilege escalation vulnerability patched in Forcepoint VPN for Windows
https://www.zdnet.com/article/privilege-escalation-vulnerability-patched-in-forcepoint-vpn-for-windows/

Palo Alto Networks Cross Site Request Forgery
https://packetstormsecurity.com/files/154559/paloalto-xsrf.txt

Wireshark Analyzer 3.0.5
https://packetstormsecurity.com/files/154556/wireshark-3.0.5.tar.xz

Web-Based Firewall Logging Tool 1.1.2
https://packetstormsecurity.com/files/154555/webfwlog-1.1.2.tar.bz2

VMware Security Advisory 2019-0013
https://packetstormsecurity.com/files/154536/VMSA-2019-0013.txt

VMware Security Advisory 2019-0014
https://packetstormsecurity.com/files/154535/VMSA-2019-0014.txt

A Vulnerability in PHP Could Allow for Arbitrary Code Execution
https://www.cisecurity.org/advisory/a-vulnerability-in-php-could-allow-for-arbitrary-code-execution_2019-101/

New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released
https://thehackernews.com/2019/09/exim-email-security-vulnerability.html

forcepoint -- vpn_client    CVE-2019-6145
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6145

linux -- linux_kernel    CVE-2019-14814
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14814

linux -- linux_kernel    CVE-2019-14816
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14816

linux -- linux_kernel    CVE-2019-16746
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16746

microsoft -- internet_explorer    CVE-2019-1367
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1367

netapp -- ontap_select_deploy_administration_utility     CVE-2019-5504
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5504

suricata-ids -- suricata    CVE-2019-16411 
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-16411

Exim再度修補遠端程式攻擊漏洞
https://www.ithome.com.tw/news/133372

New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released
https://thehackernews.com/2019/09/exim-email-security-vulnerability.html

Academics find eight vulnerabilities in Android's VoIP components
https://www.zdnet.com/article/academics-find-eight-vulnerabilities-in-androids-voip-components/#ftag=RSSbaffb68

Remote access flaws found in popular routers, NAS devices
https://www.welivesecurity.com/2019/09/18/popular-routers-nas-devices-vulnerabilities/

How to get your Mac ready for macOS 10.15 Catalina
https://www.zdnet.com/article/how-to-get-your-mac-ready-for-macos-10-15-catalina/#ftag=RSSbaffb68

JVN#97845465 LINE (Android版) における複数の整数オーバーフローの脆弱性
https://jvn.jp/jp/JVN97845465/

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
金管會2020四大重點 純網銀建立「即時監理系統」、整併電子支付與電子票證都在其中
https://www.ettoday.net/news/20190929/1544948.htm

金融資安資訊分享 立院建議改收費制
https://ec.ltn.com.tw/article/paper/1322226

南山系統出包...尹衍樑:承認錯誤 我們會全力追求完善
https://udn.com/news/story/6839/4071962

買賣未上市股票小心被騙!金管會:留意三大風險
https://money.udn.com/money/story/5613/4075070

趨勢科技點出最新開放銀行法規的資安風險
https://news.sina.com.tw/article/20190930/32824544.html

開放銀行首發15家 資訊共享
https://ctee.com.tw/news/finance/152303.html

接軌新科技時代 央行成立數位貨幣小組
https://money.udn.com/money/story/5613/4076094

網路投保夯 壽險公會擬推實名認證
https://udn.com/news/story/7239/4042766?from=udn-ch1_breaknews-1-cate6-news

銀行業新崗位「金融科技師」來了 要不要申請
https://news.sina.com.tw/article/20190928/32807270.html

影子銀行死灰復燃 中國金融危機蠢動
https://ec.ltn.com.tw/article/breakingnews/2926501

SWIFT跨境瞬時支付在歐洲成功完成“秒級”測試
http://finance.caixin.com/2019-09-30/101468079.html

保險業App首創!南山人壽「直接串接」健保署資料庫
https://www.ettoday.net/news/20191001/1547317.htm

行庫動態:第一銀首創「銀行同業外幣現鈔買賣區塊鏈平台」上線
https://fnc.ebc.net.tw/FncNews/stock/101826

App綁定信用卡消費要注意 金管會提兩自保作法
https://udn.com/news/story/7239/4084238

New North Korean malware targeting ATMs spotted in India
https://www.zdnet.com/article/new-north-korean-malware-targeting-atms-spotted-in-india/

Magecart strikes again: hotel booking websites come under fire
https://www.zdnet.com/article/magecart-strikes-again-hotel-booking-websites-come-under-fire/

Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites
https://blog.trendmicro.com/trendlabs-security-intelligence/magecart-skimming-attack-targets-mobile-users-of-hotel-chain-booking-websites/

Magecart Attackers Target Mobile Hotel Booking Sites
http://passwordalert.com/magecart-attackers-target-mobile-hotel-booking-sites/

PSD2 Authentication Deadline Needs to Be Firmed Up - Now
https://www.bankinfosecurity.com/blogs/psd2-authentication-deadline-needs-to-be-firmed-up-now-p-2794

ATM stolen Monday from Walgreens in Scotts Valley
https://www.santacruzsentinel.com/2019/10/01/atm-stolen-monday-from-walgreens-in-scotts-valley/

IBM white hat hacker demonstrates how to jackpot ATM
https://www.atmmarketplace.com/news/video-shows-ibm-white-hat-hacker-demonstrating-how-to-jackpot-atm/

Panel Offers Cybersecurity Advice to Sinagpore's Banks
https://www.bankinfosecurity.asia/panel-offers-cybersecurity-advice-to-sinagpores-banks-a-13171

MAS’ Cyber Security Advisory Panel Highlights Need for Managing Cyber Risks in IT Supply Chains
https://www.mas.gov.sg/news/media-releases/2019/mas-cyber-security-advisory-panel-highlights-need-for-managing-cyber-risks-in-it-supply-chains

Evidence tying Cobalt Group to Magecart Group 4 unveiled
https://www.scmagazine.com/home/security-news/data-breach/evidence-tying-cobalt-group-to-magecart-group-4-unveiled/

Magecart Group 4: A link with Cobalt Group
https://blog.malwarebytes.com/threat-analysis/2019/10/magecart-group-4-a-link-with-cobalt-group/

ATM skimming and shimming: Is your fleet protected
https://www.atmmarketplace.com/blogs/atm-skimming-and-shimming-is-your-fleet-protected/

3.電子支付/電子票證/行動支付/ pay/新聞及資安
偷fb網民資料用「轉數快」轉走18萬元 青年欺詐兼洗黑錢今判囚22個月
https://hk.news.appledaily.com/local/realtime/article/20190930/60099936

支付系統故障 小店1.4萬元銷售額不知去向
http://www.epochtimes.com/b5/19/10/1/n11558116.htm

電子支付跨境網購 玉山銀首推行動身分識別
https://money.udn.com/money/story/5617/4078730

玉山銀行首推Mobile ID行動身分識別服務
https://m.ctee.com.tw/livenews/aj/a93610002019100112012327

中國准許首個外國支付系統進行本國市場:不怕有對手
http://news.dwnews.com/global/news/2019-10-03/60151512.html

PayPal 進軍中國電子支付市場 外商藉收購國付寶取得首張營業執照
https://www.upmedia.mg/news_info.php?SerialNo=72560

Payment card thieves hack Click2Gov bill paying portals in 8 cities
https://arstechnica.com/information-technology/2019/09/payment-card-thieves-hack-click2gov-bill-paying-portals-in-8-cities/

Samsung Pay Cash now available: Budget your spending with this prepaid virtual card
https://www.zdnet.com/article/samsung-pay-cash-now-available-budget-your-spending-with-this-prepaid-virtual-card/#ftag=RSSbaffb68

4.虛擬貨幣/區塊鍊相關新聞及資安
區塊鏈重塑服務模式 確保病患權益
https://money.udn.com/money/story/5612/4074645

諾貝爾獎得主看臉書Libra 有可行性與隱私疑慮
https://money.udn.com/money/story/5613/4072699

虛擬貨幣湧現與你無關?不經意間你就成了駭客的挖礦工具
http://168coin.com.tw/hackers-mining-tools/

比特幣的LN開發人員披露了網絡的漏洞
https://0xzx.com/201909281941292958.html

Rusty Russell 稱已修復閃電網絡安全漏洞
https://www.chainnews.com/news/598129982114.htm

Libra的「烏托邦」與中國法定數位貨幣的機遇
http://news.knowing.asia/news/da49fce7-4da1-4782-9dbb-aee38c57ecc5

台灣沒有理由置身事外!盤點央行總裁楊金龍分析數位貨幣的3個觀點
http://bit.ly/2IlJTtG

大型金融機構擬涉足託管領域,但比特幣託管正面臨這些挑戰
http://news.knowing.asia/news/413839ad-1576-4a2c-93b1-920c5c81fe49

認定交易媒介 買賣虛擬通貨 所得稅跑不掉
https://m.ctee.com.tw/dailynews/a02aa2/a02aa2/1011172

「區塊鏈+跨境支付」正夯!巴西擬放棄現有支付系統
http://news.knowing.asia/news/db74bb88-9f4c-40af-ba45-d7aeab281d95

區塊鏈五方向應用...產業邁大步
https://money.udn.com/money/story/5612/4074642

區塊鏈有多紅?連相親平臺都開始使用代幣建立社群
http://news.knowing.asia/news/4944f62b-0861-480a-9c85-9862209ba238

韓國法院針對加密交易所駭客行為,做出里程碑式判決:賠償用戶損失
http://news.knowing.asia/news/96c222ce-6fac-4180-8b37-75a7a1648b1d

30萬美元!英國警方首次將拍賣加密貨幣作為資產追回的方式
http://news.knowing.asia/news/be8ba902-0a5d-473a-bf6a-1a08284cf41f

Libra 協會出現裂痕!Visa、萬事達卡正在考慮撤出,Libra 還有辦法發行嗎
https://buzzorange.com/techorange/2019/10/02/visa-stop-cooperating-with-libra/

區塊鏈筆記:駭客攻擊方式摘要-《 Exploring the Attack Surface of Blockchain:A Systematic Overview》
http://bit.ly/2oBgTXY

盜版網站已開始接受比特幣,加密貨幣將不利於「反盜版」工作
http://news.knowing.asia/news/8dd7ac8d-1136-4c19-a34d-8eb8b7a054a1

加密貨幣無人可管?KryptoGO發展監管科技工具、協助金流透明化
http://bit.ly/2nSO3SX

臉書數位貨幣Libra能否在台發行 央行總裁楊金龍:持保守態度靜觀其變
https://www.ettoday.net/news/20191003/1548661.htm

跳脫舒適圈 潘奕彰勇闖虛擬貨幣圈
https://www.storm.mg/article/1761149

UK Police Auction TalkTalk Hacker's Cryptocurrency Stash
https://www.bankinfosecurity.com/uk-police-auction-talktalk-hackers-cryptocurrency-stash-a-13166

Details of Lightning Network security vulnerability discovered in September have been released
http://bit.ly/2m5k60Y

Cryptocurrency Shakedown: Old Tactics, New Twist
https://www.bankinfosecurity.com/cryptocurrency-shakedown-old-tactics-new-twist-a-13155

Facebook’s cryptocurrency plans make Mastercard, Visa, Libra backers nervous
https://www.zdnet.com/article/mastercard-visa-banks-get-the-jitters-over-facebooks-libra-cryptocurrency-dreams/#ftag=RSSbaffb68

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
微軟揭露新的Nodersok無檔案攻擊行動
https://www.ithome.com.tw/news/133302

病毒團伙利用phpStudy RCE漏洞批量抓雞,下發四個遠控木馬
https://www.4hou.com/system/20637.html

防範勒索病毒之道:良好的使用習慣、預防之餘更要做好備份
https://www.cool3c.com/article/148322

今年美國有621個組織遭到勒索軟體攻擊,近8成為醫療服務供應商
https://ithome.com.tw/news/133390

FBI警告:勒索軟體日益猖獗,不鼓勵支付贖金
https://www.ithome.com.tw/news/133406

趨勢科技總評2019上半年資安報告:企業無檔案式威脅暴增265%
https://www.ettoday.net/news/20191003/1549053.htm

資安研究人員發現低成本的殭屍網路MasterMana
https://www.ithome.com.tw/news/133407

惡名昭彰 Emotet 銀行木馬,偽裝成前 CIA 職員愛德華·史諾登的回憶錄再出擊
https://blog.trendmicro.com.tw/?p=62154

MasterMana BotNet
https://blog.prevailion.com/2019/10/mastermana-botnet.html

FBI Warns U.S. Organizations About High Impact Ransomware
https://www.bleepingcomputer.com/news/security/fbi-warns-us-organizations-about-high-impact-ransomware/

HIGH-IMPACT RANSOMWARE ATTACKS THREATEN U.S. BUSINESSES AND ORGANIZATIONS
https://www.ic3.gov/media/2019/191002.aspx

Microsoft Warns of a New Rare Fileless Malware Hijacking Windows Computers
https://thehackernews.com/2019/09/windows-fileless-malware-attack.html

Most malspam contains a malicious URL these days, not file attachments
https://www.zdnet.com/article/most-malspam-contains-a-malicious-url-these-days-not-file-attachments/#ftag=RSSbaffb68

Proofpoint Q2 2019 Threat Report - Emotet’s hiatus, mainstream impostor techniques, and more
https://www.proofpoint.com/us/threat-insight/post/proofpoint-q2-2019-threat-report-emotets-hiatus-mainstream-impostor-techniques

Malware infection disrupts production at defence contractor plants in three countries
https://www.zdnet.com/article/malware-infection-disrupts-production-at-defence-contractor-plants-in-three-countries/#ftag=RSSbaffb68

Ad-hoc: Rheinmetall AG: Regional disruption of production due to malware at Rheinmetall Automotive
https://www.rheinmetall.com/en/rheinmetall_ag/press/news/latest_news/index_18496.php

WhiteShadow downloader uses Microsoft SQL queries to deliver malicious payloads
https://www.zdnet.com/article/whiteshadow-malware-uses-microsoft-sql-queries-to-deliver-malicious-payloads/#ftag=RSSbaffb68

Notorious GandCrab hacker group 'returns from retirement’
https://www.bbc.com/news/technology-49817764

REvil/Sodinokibi Ransomware
https://www.secureworks.com/research/revil-sodinokibi-ransomware

Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host
https://blog.talosintelligence.com/2019/09/divergent-analysis.html

Emotet Disguises as Downloadable File of Edward Snowden’s New Book to Infect Users
https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/emotet-disguises-as-downloadable-file-of-edward-snowden-s-new-book-to-infect-users

Emotet malspam campaign uses Snowden’s new book as lure
https://blog.malwarebytes.com/botnets/2019/09/emotet-malspam-campaign-uses-snowdens-new-book-as-lure/?utm_source=pr

Ransomware incident to cost Danish company a whopping $95 million
https://www.zdnet.com/article/ransomware-incident-to-cost-danish-company-a-whopping-95-million/#ftag=RSSbaffb68

Over 500 US schools were hit by ransomware in 2019
https://www.zdnet.com/article/over-500-us-schools-were-hit-by-ransomware-in-2019/

Baltimore Ransomware Carnage Compounded by Local Storage
https://www.bankinfosecurity.com/blogs/baltimore-ransomware-carnage-compounded-by-local-storage-p-2795

Thousands of Windows PCs infected by Nodersok/Divergent fileless malware
https://www.hackread.com/windows-pcs-infected-nodersok-divergent-fileless-malware/

'WhiteShadow' Downloader Employs Microsoft SQL for Malware Delivery
https://www.securityweek.com/whiteshadow-downloader-employs-microsoft-sql-malware-delivery

Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users
https://thehackernews.com/2019/10/malvertising-webkit-hacking.html

Malvertiser exploited two browser bugs to show over one billion malicious ads
https://www.zdnet.com/article/malvertiser-exploited-two-browser-bugs-to-show-over-one-billion-malicious-ads/#ftag=RSSbaffb68

Malvertiser ‘eGobbler’ Exploits Chrome & WebKit Bugs, Infects Over 1 Billion Ads
https://blog.confiant.com/malvertiser-egobbler-exploits-chrome-webkit-bugs-infects-over-1-billion-ads-6b8ccc41b0e6

Malware: cosa sono, come riconoscerli e come rimuoverli
https://www.cybersecurity360.it/nuove-minacce/malware-cosa-sono-come-riconoscerli-e-come-rimuoverli/

2019-09-30 - DATA DUMP: HANCITOR-STYLE AMADEY
https://www.malware-traffic-analysis.net/2019/09/30/index.html

2019-10-02 - DATA DUMP: EMOTET WITH TRICKBOT (GTAG: MOR14)
https://www.malware-traffic-analysis.net/2019/10/02/index.html

2019-10-01 - DATA DUMP: EMOTET WITH TRICKBOT (GTAG: MOR13)
https://www.malware-traffic-analysis.net/2019/10/01/index.html

New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign
https://blog.trendmicro.com/trendlabs-security-intelligence/new-fileless-botnet-novter-distributed-by-kovcoreg-malvertising-campaign/

Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website
https://blog.trendmicro.com/trendlabs-security-intelligence/mac-malware-that-spoofs-trading-app-steals-user-information-uploads-it-to-website/

Fileless Cryptocurrency-Miner GhostMiner Weaponizes WMI Objects, Kills Other Cryptocurrency-Mining Payloads
https://blog.trendmicro.com/trendlabs-security-intelligence/fileless-cryptocurrency-miner-ghostminer-weaponizes-wmi-objects-kills-other-cryptocurrency-mining-payloads/

Open Document format creates twist in maldoc landscape
https://blogs.cisco.com/security/talos/open-document-format-creates-twist-in-maldoc-landscape

Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host
https://blog.talosintelligence.com/2019/09/divergent-analysis.html

How Tortoiseshell created a fake veteran hiring website to host malware
https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html

Fake Browser Updates Infect Enterprises with Ransomware, Bankers
https://www.bleepingcomputer.com/news/security/fake-browser-updates-infect-enterprises-with-ransomware-bankers/

Head Fake: Tackling Disruptive Ransomware Attacks
https://www.fireeye.com/blog/threat-research/2019/10/head-fake-tackling-disruptive-ransomware-attacks.html

Fake Office Activation Wizard Docs Used to Spread Emotet Trojan
https://www.bleepingcomputer.com/news/security/fake-office-activation-wizard-docs-used-to-spread-emotet-trojan/

OpenDocument files now being used in attacks
https://www.scmagazine.com/home/security-news/cyberattack/opendocument-files-now-being-used-in-attacks/

Open Document format creates twist in maldoc landscape
https://blog.talosintelligence.com/2019/09/odt-malware-twist.html

How SMBs Can Mitigate the Growing Risk of File-based Attacks
https://thehackernews.com/2019/10/business-cybersecurity-tips.html

Threat Spotlight: Document-Based Malware
https://blog.barracuda.com/2019/04/04/threat-spotlight-document-based-malware/

New Reductor Malware Hijacks HTTPS Traffic
https://threatpost.com/new-reductor-malware-hijacks-https-traffic/148904/

COMpfun successor Reductor infects files on the fly to compromise TLS traffic
https://securelist.com/compfun-successor-reductor/93633/

ESET Flags New Latin American Banking Trojan That Targets Crypto
https://cointelegraph.com/news/eset-flags-new-latin-american-banking-trojan-that-targets-crypto

Casbaneiro: Dangerous cooking with a secret ingredient
https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/

Android banking botnet targets thousands
https://www.techradar.com/news/android-banking-botnet-targets-thousands

Global leader in cybersecurity ESET discovers new type of banking trojans stealing cryptocurrency
https://www.unian.info/world/10708260-global-leader-in-cybersecurity-eset-discovers-new-type-of-banking-trojans-stealing-cryptocurrency.html

Ramnit Targets Japanese Shoppers, Aiming at Top Fashion Brands
https://securityintelligence.com/posts/ramnit-targets-japanese-shoppers-aiming-at-top-fashion-brands/

B.行動安全 / iPhone / Android /穿戴裝置 /App
預防無線通訊爆炸 電磁波為風險因子
https://money.udn.com/money/story/10860/4077216

Android 系統的痛?資安專家:Google Play 惡意軟體單月下載破 3.3 億次
https://3c.ltn.com.tw/news/38168

遭受駭客攻擊!臺港蘋果日報App及網站服務受影響
https://www.ithome.com.tw/news/133325

台港《蘋果》App遭駭 黎智英:絕不退縮
https://tw.appledaily.com/headline/daily/20190929/38457308/

蘋果日報App遭駭客入侵 10:30已恢復正常
https://tw.appledaily.com/hot/realtime/20190928/1640403/

蘋果日報App疑遭駭客攻擊?「叛國亂港」社長:不屈服壓力
https://www.setn.com/News.aspx?NewsID=609869

遭駭客攻擊?新聞APP現「五星旗」
https://www.ptt.cc/bbs/Gossiping/M.1569684548.A.CF3.html

蘋果動新聞APP被駭客修改留下五星紅旗
https://pincong.rocks/article/5656

下載 3 天莫名被扣款上千元!9 款惡質 Android App 千萬不要碰
https://3c.ltn.com.tw/news/38140

資安公司披露可以通過Google Play審核的「騙錢軟體」,偽裝成免費APP三天後卻偷偷向你扣款三千元
https://www.techbang.com/posts/73249-malware-masquerading-as-a-free-app-secretly-charges-you-3000-after-three-days

廣東執行資安檢查,下架逾5千個APP
http://bit.ly/2o3FPXI

試用3天後被扣天價訂閱金 小心這些偽免費App
https://www.nownews.com/news/20191002/3664751/

眾人皆肥我獨瘦,Android 10 Go維持輕巧優良傳統
https://www.techbang.com/posts/73144-everyones-fat-im-slim-android-10-go-maintains-a-fine-tradition-of-lightness

研究人員發現鎖定SIM卡攻擊遠端控制手機的WIBattack
https://www.ithome.com.tw/news/133327

Telegram 祭出 40 萬美元宣布「TON 智能合約程式設計競賽」開跑
https://news.cnyes.com/news/id/4387792

WhatsApp擬推自動銷毀訊息 保護敏感內容
https://inews.hket.com/article/2464307

十一國慶拚業績?維吾爾、西藏官員 WhatsApp 相繼被駭
http://bit.ly/2oqR1Oh

賭博應用程式以偽裝術,躲過iOS App Store和Google Play審查,爬上前百排名
https://blog.trendmicro.com.tw/?p=62148

LINE選在東京舉辦開發者大會 規模擴大探討多元主題
https://www.chinatimes.com/realtimenews/20191003002889-260412?chdtv

雲端發票APP中獎卻「沒顯示」! 遭批設計不良
https://news.tvbs.com.tw/life/1211116

資安業者揭新漏洞! SIM卡被「挾持」 iOS、安卓都中招
https://3c.ltn.com.tw/news/38149

More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed
https://thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html

防堵舊款 Apple Watch 漏洞!蘋果罕見釋出 watchOS 5.3.2 版更新
https://3c.ltn.com.tw/news/38111

研究人員宣稱iPhone X及以前的晶片含有無法修補的Bootrom漏洞
https://www.ithome.com.tw/news/133330

蘋果驚爆史詩級硬件漏洞:你的iPhone可永久越獄,無法修復
https://m.jiemian.com/article/3542940.html

修復iPhone 電池耗電問題!蘋果火速再釋出 iOS 13.1.1 版更新
https://3c.ltn.com.tw/news/38118

一插就被駭!駭客改裝Lightning線可遠距竊取iPhone資料 竟已可量產發售
https://www.ettoday.net/news/20191003/1549154.htm

iOS 設備存在永久性的不可修復漏洞,iPhone X 及以下型號均受影響
https://www.oschina.net/news/110208/unpatchable-bug-in-ios-devices

「圖」為何說Checkm8漏洞對iPhone用戶的殺傷力幾乎為零
https://kknews.cc/tech/mlxvpq2.html

iOS 13 Bug Lets 3rd-Party Keyboards Gain 'Full Access' — Even When You Deny
https://thehackernews.com/2019/09/ios-13-keyboard-apps.html

Apple iOS Has Permanent Bootrom Vulnerability
https://www.bankinfosecurity.com/apple-ios-has-permanent-bootrom-vulnerability-a-13159

Hacker Releases 'Unpatchable' Jailbreak For All iOS Devices, iPhone 4s to iPhone X
https://thehackernews.com/2019/09/bootrom-jailbreak-ios-exploit.html

New SIM card attack disclosed, similar to Simjacker
https://www.zdnet.com/article/new-sim-card-attack-disclosed-similar-to-simjacker/#ftag=RSSbaffb68

More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed
https://thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html

Hacker Releases 'Unpatchable' Jailbreak For All iOS Devices, iPhone 4s to iPhone X
https://thehackernews.com/2019/09/bootrom-jailbreak-ios-exploit.html

New Checkm8 jailbreak released for all iOS devices running A5 to A11 chips
https://www.zdnet.com/article/new-checkm8-jailbreak-released-for-all-ios-devices-running-a5-to-a11-chips/#ftag=RSSbaffb68

Huawei’s Undocumented APIs — A Backdoor to Reinstall Google Services
https://medium.com/@topjohnwu/huaweis-undocumented-apis-a-backdoor-to-reinstall-google-services-c3a5dd71a7cd

Gambling Apps Sneak into Top 100: How Hundreds of Fake Apps Spread on iOS App Store and Google Play
https://blog.trendmicro.com/trendlabs-security-intelligence/gambling-apps-sneak-top-100-hundreds-fake-apps-spread-app-store-google-play/

Just a GIF Image Could Have Hacked Your Android Phone Using WhatsApp
https://thehackernews.com/2019/10/whatsapp-rce-vulnerability.html

WhatsApp vulnerability exploited through malicious GIFs to hijack chat sessions
https://www.zdnet.com/article/whatsapp-vulnerability-exploited-through-malicious-gifs-to-hijack-chat-sessions/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
五月天售票系統又出包! 粉絲氣瘋狂幹譙
https://ent.ltn.com.tw/news/breakingnews/2929633

如何在Twitter上收集資安威脅情報,保護組織對抗威脅
https://blog.trendmicro.com.tw/?p=61613

觀念平台-建立良好的「網路衛生」習慣
http://bit.ly/2pFv6mZ

FDA 表示:數百萬使用舊程式碼的醫療裝置有遭攻擊的可能
http://technews.tw/2019/10/04/millions-of-medical-devices-using-old-code-are-open-to-attack/

中小企業比大企業更易被影響的五個資安風險
https://blog.trendmicro.com.tw/?p=62069

海角七億駭客攻擊,真的假的
http://bit.ly/2Oi3rmz

防駭 企業、資安、保險聯手大作戰
https://www.rmim.com.tw/news-detail-24331

黑客比普通程式設計師高在哪裡
https://kknews.cc/tech/99eq6a5.html

【NIST CSF導入關鍵】7步驟打造整體安全防護網,從盤點現況與成熟度評估著手
https://www.ithome.com.tw/news/133172

天才駭客 犧牲自己的一生,揭發政府監控人民的真相
https://forum.gamer.com.tw/C.php?bsn=60076&snA=5334407&tnum=4

【人工智慧 vs. 駭客智慧】駭客大賽冠軍霸氣分享:我如何讓 50 個惡意文件騙過 AI 安防系統
https://buzzorange.com/techorange/2019/09/27/hacker-break-ai-security/

國外傳出大量 YouTube 帳號遭劫持,汽車評鑑與改裝頻道受害最重
http://bit.ly/2lZQpOJ

濫用平台漏洞、延遲性套利。。。這家經紀商拒付客戶盈利資金
https://zhuanlan.zhihu.com/p/84473220

台大醫院驚爆「個資遭駭」 政院調查中
http://bit.ly/2nBAtCL

台大醫院被駭 教部︰升高為3級資安事件
https://news.ltn.com.tw/news/life/paper/1321140

台大醫院遭駭客入侵 行政院派資安單位進駐
http://bit.ly/2ojZyCN

台大醫院傳遭駭客入侵 院方:政院調查中
https://udn.com/news/story/7314/4073873

台大醫遭陸駭 國安憂元首病歷資料外洩
https://www.chinatimes.com/realtimenews/20190927003309-260402?chdtv

台大醫遭陸駭 元首病例外洩? 總統府:無關
https://udn.com/news/story/6656/4072638

台大醫遭陸駭客入侵 院方:沒有此事
https://udn.com/news/story/6656/4072798

台大醫院電腦系統遭駭 院方改口認了
http://m.match.net.tw/pc/news/5038928

駭客入侵事件 台大醫院改口「真有其事」政院調查中
https://udn.com/news/story/7266/4074199

政院證實台大醫院上月曾遭駭 元首病歷資訊未遭盜
https://tw.news.appledaily.com/new/realtime/20190927/1640303/

台大醫院遭駭?總統府澄清元首病歷有完善防護
https://news.ltn.com.tw/news/Taipei/breakingnews/2929105

台大醫院驚傳駭客入侵,院方表示:已依規定通報,無資料外洩
https://www.ithome.com.tw/news/133368

空巴供應商遭駭1年 疑中國發動竊密
https://news.ltn.com.tw/news/world/paper/1320851

空客公司連遭重大網絡攻擊 調查指向中共黑客組織
https://www.ntdtv.com/b5/2019/09/27/a102674157.html

網路攻擊戰、輿論戰悄然登場 70國上陣 分2大陣營
http://m.secretchina.com/news/b5/2019/09/28/908729.html

臺美大規模攻防演練將於11月舉行,15國共襄盛舉
https://ithome.com.tw/news/133293

台灣已進入準戰爭狀態? 專家揭秘中共對台資訊戰背後秘密
http://bit.ly/2mLaCrR

捷克去年遭網攻 元凶疑中共
https://www.ydn.com.tw/News/354154

北約5層地下碉堡 暗藏網路犯罪平台
https://udn.com/news/story/6809/4074512

北韓網軍勢力壯大
https://www.chinatimes.com/newspapers/20190929000400-260209?chdtv

中國大陸工信部再推利好政策,基本面+政策面雙重改善,網絡安全板塊早盤拉升
https://www.yicai.com/news/100350021.html

中國大陸工信部:鼓勵重點行業企業建設網絡安全基礎資源庫
https://finance.sina.com.cn/china/gncj/2019-09-27/doc-iicezueu8753009.shtml

中國大陸工信部就《關於促進網絡安全產業發展的指導意見》公開征求意見
https://www.finet.hk/newscenter/news_content/5d8dc024bde0b37e69367312

中國大陸工信部:公開徵求網絡安全產業發展指導意見
https://finance.sina.com.cn/stock/y/2019-09-27/doc-iicezzrq8792967.shtml

中國大陸工信部就網絡安全產業發展徵意見:2025年規模超2000億
https://www.cnbeta.com/articles/tech/894179.htm

中國大陸中科大發現有效抵禦量子密鑰分發系統探測器攻擊方法
http://www.ah.xinhuanet.com/2019-09/27/c_1125047583.htm

中共介入2020選舉 陸委會:慎防網路攻擊、操弄輿論
https://news.ltn.com.tw/news/politics/breakingnews/2927982

在美「中共間諜」原形畢露被攝情報活動視頻
https://www.rfa.org/cantonese/news/us-spy-10022019082353.html

美國通過可協助組織對抗網路攻擊的法案
https://ithome.com.tw/news/133326

美國 2020 大選專用投票機已被破解
https://unwire.hk/2019/09/28/us-voting-machines-hackers-2020/fun-tech/

美國 2020 大選投票機已被駭客破解,可以遙距控制操作選舉結果
https://buzzorange.com/techorange/2019/10/01/hack-voting-machine/

DEFCON Voting Village:美國上百款投票機器每台都被攻陷
https://www.ithome.com.tw/news/133335

防境外網攻 拉脫維亞明年推新資安準則
https://news.pchome.com.tw/internation/gpwb/20190929/photo-56968694031991201011.html

新加坡政府請研究人員為政府網站找漏洞,不過沒獎金
https://ithome.com.tw/news/133379

新加坡國防部:第二輪網絡漏洞懸賞計劃下週一啟動
https://www.8world.com/news/singapore/article/mindef-second-bug-bounty-933326

290名白帽黑客找出新加坡九政府網站的31個網安漏洞
https://www.zaobao.com.sg/realtime/singapore/story20191001-993489

新加坡政府推出運作科技網絡安全總藍圖
https://www.zaobao.com.sg/realtime/singapore/story20191001-993477

防恐怖分子駭飛機 美國國安部推新計畫
http://bit.ly/2ot3cKz

美英澳聯手要臉書停止傳訊程式的端對端加密
https://www.ithome.com.tw/news/133441

德警攻入地下5層碉堡 破獲巨大網路犯罪數據平台
https://news.ltn.com.tw/news/world/breakingnews/2930261

Dutch police take down hornets' nest of DDoS botnets
https://www.zdnet.com/article/dutch-police-take-down-hornets-nest-of-ddos-botnets/#ftag=RSSbaffb68

荷蘭司法部將強迫荷蘭公司加強網路安全
https://www.trademag.org.tw/page/newsid1/?id=754649&iz=6

A Look Into Continuous Efforts By Chinese Hackers to Target Foreign Governments
https://thehackernews.com/2019/10/chinese-hackers-phishing.html

Rancor: The Year of The Phish
https://research.checkpoint.com/rancor-the-year-of-the-phish/

安全軟體公司也被駭客入侵,Comodo 官方論壇遭人竊取使用者個資
https://www.techbang.com/posts/73251-comodo-forum-vbulletin-breach

macOS systems abused in DDoS attacks
https://www.zdnet.com/article/macos-systems-abused-in-ddos-attacks/#ftag=RSSbaffb68

Security Firm Comodo Hacked, as vBulletin Exploit Spawns
https://www.cbronline.com/news/comodo-hacked

Comodo Forums Hack Exposes 245,000 Users' Data — Recent vBulletin 0-day Used
https://thehackernews.com/2019/10/Comodo-vbulletin-hacked.html

China’s 500 megapixel camera is capable of mega-facial-recognition
https://nakedsecurity.sophos.com/2019/10/01/chinas-500mp-camera-will-identify-you-at-a-distance/

A Look Into Continuous Efforts By Chinese Hackers to Target Foreign Governments
https://thehackernews.com/2019/10/chinese-hackers-phishing.html

'Fancy Bear' Hacking Group Adds New Capabilities, Targets
https://www.bankinfosecurity.eu/fancy-bear-hacking-group-adds-new-capabilities-targets-a-13150

Hackers put porn on Auckland sport shop's big screen
https://news.sky.com/story/hackers-put-porn-on-auckland-sport-shops-big-screen-11822831

Singapore defence ministry runs second HackerOne bug bounty programme
https://www.zdnet.com/article/singapore-defence-ministry-runs-second-hackerone-bug-bounty/

Explained: Two-Factor vs. Multi-Factor Authentication
https://securityledger.com/2019/09/explained-two-factor-vs-multi-factor-authentication/

Report: US Voting Machines Still Prone to Hacking
https://www.bankinfosecurity.com/report-us-voting-machines-still-prone-to-hacking-a-13162

Linux to get kernel 'lockdown' feature
https://www.zdnet.com/article/linux-to-get-kernel-lockdown-feature/#ftag=RSSbaffb68

Former Army Contractor Gets Prison Term for Insider Attack
https://www.bankinfosecurity.com/former-army-contractor-gets-prison-term-for-insider-attack-a-13160

Carbon Black: Defense Capabilities Match Increased Attack Sophistication
https://www.infosecurity-magazine.com/news/carbon-black-defenders-attack/

German police storm bulletproof data center in former NATO bunker
https://www.zdnet.com/article/german-forces-storm-bulletproof-data-center-in-former-nato-bunker/

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany
https://krebsonsecurity.com/2019/10/mariposa-botnet-author-darkcode-crime-forum-admin-arrested-in-germany/

雅虎前工程師利用職務駭入超過6000名以上雅虎用戶帳號,只為了增加他個人私密情色照片蒐藏
http://bit.ly/2oL60CE

Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content
https://thehackernews.com/2019/10/yahoo-email-hacking.html

Former Yahoo engineer pleads guilty to hacking user emails in search for porn
https://www.zdnet.com/article/former-yahoo-engineer-pleads-guilty-to-hacking-user-emails-in-search-for-porn/#ftag=RSSbaffb68

Bill Calling for DHS Cyber Incident Mitigation Teams Advances
https://www.bankinfosecurity.com/bill-calling-for-dhs-cyber-incident-mitigation-teams-advances-a-13165

Guest blog: Why we should be paying more attention to Linux threats
https://www.virusbulletin.com/blog/2019/09/guest-blog-why-we-should-be-paying-more-attention-linux-threats/

【HITCON Pacific 2019 Announcement: suspension】
https://blog.hitcon.org/2019/10/hitcon-pacific-2019.html?view=flipcard

'Vendor Email Compromise': A New Attack Twist
https://www.bankinfosecurity.com/vendor-email-compromise-new-attack-twist-a-13170

V is for Vendor: The Emergence of Vendor Email Compromise
https://www.agari.com/email-security-blog/silent-starling-vendor-email-compromise/

This new hacking group is using 'island hopping' to target victims
https://www.zdnet.com/article/this-new-hacking-group-is-using-island-hopping-to-target-victims/

Minerva attack can recover private keys from smart cards, cryptographic libraries
https://www.zdnet.com/article/minerva-attack-can-recover-private-keys-from-smart-cards-cryptographic-libraries/

Report: 'PKPLUG' Espionage Campaign Targets Southeast Asia
https://www.bankinfosecurity.com/report-pkplug-espionage-campaign-targets-southeast-asia-a-13172

PKPLUG: Chinese Cyber Espionage Group Attacking Asia
https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/

Australia’s Office 365 appetite providing “huge locus of attack”
https://www.cso.com.au/article/667147/australia-office-365-appetite-providing-huge-locus-attack/

資安工程師(DEV)
https://www.cakeresume.com/companies/rakuten/jobs/security-engineer-dev

資訊部門-程式設計人員-(台北地區)
https://m.104.com.tw/job/6cwzr?jobsource=m104

B-資訊處-網路工程師-銀行
https://m.104.com.tw/job/4mpti?jobsource=m104

元大金控-期貨資訊部 資訊系統維運人員
https://m.104.com.tw/job/638gr?jobsource=m104

資訊人員
https://m.104.com.tw/job/6hlv7?jobsource=m104

資深Java 全端工程師
https://m.104.com.tw/job/4qh2a?jobsource=m104

資訊機房操作人員
https://m.104.com.tw/job/2se91?jobsource=m104

元大證券-資訊系統管理部-資安工程師
https://m.104.com.tw/job/2qj6o?jobsource=m104

【資訊處】系統分析師 System Analyst
https://m.104.com.tw/job/6p7tf?jobsource=m104

【資訊】LINUX系統管理人員
https://m.104.com.tw/job/604v6?jobsource=m104

【資訊處】資安規範管理師 Security Compliance
https://m.104.com.tw/job/6p7v6?jobsource=m104

板信商業銀行-資訊部系統管理人員
https://m.104.com.tw/job/6hxzx?jobsource=m104

B-資訊安全處-銀行資安新秀培育計畫
https://m.104.com.tw/job/4gdi0?jobsource=m104

法金_國際資訊管理人員
https://m.104.com.tw/job/5cqzk?jobsource=m104

元大銀行-資訊安全部資安人員
https://m.104.com.tw/job/2w6v4?jobsource=m104

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
Match.com放任假帳號誘拐消費者訂閱該站服務,FTC提告
https://www.ithome.com.tw/news/133290

學術單位近日內陸續收到含有釣魚內容之資安通知信件
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=3003

敲響個資警鐘!李顯龍個資外洩促星國改革,祭千萬罰金嚴控身分證濫用
https://www.bnext.com.tw/article/54929/personal-data-protection-commission-in-singapore

美國加州消費者隱私保護法2020年生效 
https://www.chinatimes.com/realtimenews/20190927004575-260410?chdtv

去年台灣遭盜刷22億 記住這9招可自保
https://theme.udn.com/theme/story/6774/4073358

中國大陸辦新門號需人臉識別認證 陸民眾吐槽:沒隱私
https://news.ebc.net.tw/News/world/179840

攻破私人訊息最後一道防線?英美訂定「Facebook條約」要求社群平台配合犯罪調查
https://www.bnext.com.tw/article/54926/us-uk-will-have-to-share-messages-for-crime-investigation

遭電子轉帳欺詐 萬錦承包商損失2,775元
http://www.epochtimes.com/b5/19/10/1/n11558107.htm

破解 台通詐騙23億手法 大秀存摺+配息3元 股市老手也上當
https://tw.finance.appledaily.com/daily/20190930/38457649/

歐盟GDPR實施一年  港企仍以為與己無關
http://bit.ly/2oMKX2A

社交平台遊戲開發商Zynga遭駭客入侵,逾2億用戶資料外洩
https://www.ithome.com.tw/news/133357

兩男女冒銀行職員提供貸款優惠 57歲女失財200萬
http://bit.ly/2nHiR8P

雲科大邀專家教大學生認識詐騙花招避免受騙
https://news.sina.com.tw/article/20191002/32838536.html

你所進行的雲視頻會議,可能正被人監聽!200億美金ToB獨角獸Zoom受挫
https://www.leiphone.com/news/201910/7Kw42kv1HX23WiJ3.html

雲端視訊會議進行時可能被人監聽!市值 200 億美元 ToB 獨角獸 Zoom 受挫
http://technews.tw/2019/10/03/zoom-security-prying-eye/

視訊會議工具爆漏洞可讓外人偷聽,影響Cisco WebEx、Zoom
https://www.ithome.com.tw/news/133401

美food panda承認500萬筆客戶資料被駭 外送個資成隱憂
https://www.ettoday.net/news/20190927/1544793.htm

食物外送服務DoorDash被駭,490萬會員與商家資料外洩
https://ithome.com.tw/news/133292

Important security notice about your DoorDash account
https://blog.doordash.com/important-security-notice-about-your-doordash-account-ddd90ddf5996#46h35gr24e

DoorDash suffered a data breach that affected 4.9 million people
https://edition.cnn.com/2019/09/26/tech/doordash-data-breach-millions/index.html

DoorDash Breach Exposes 4.9 Million Users' Personal Data
https://thehackernews.com/2019/09/doordash-data-breach.html

Comodo Forums Hack Exposes 245,000 Users' Data — Recent vBulletin 0-day Used
https://thehackernews.com/2019/10/Comodo-vbulletin-hacked.html

Guilty Pleas in $29 Million Online Ad Fraud Case
https://www.bankinfosecurity.com/guilty-pleas-in-29-million-online-ad-fraud-case-a-13156

Exclusive — Hacker Steals Over 218 Million Zynga 'Words with Friends' Gamers Data
https://thehackernews.com/2019/09/zynga-game-hacking.html

Leaky database exposes tax records of 20 million Russians
https://www.hackread.com/leaky-database-exposes-tax-records-of-20-million-russians/

Tax and PII records of 20 million Russians stored without encryption, leaked online
https://www.zdnet.com/article/plaintext-tax-records-of-20-million-russians-leaked-online/#ftag=RSSbaffb68

Zendesk discloses 2016 data breach
https://www.zdnet.com/article/zendesk-discloses-2016-data-breach/#ftag=RSSbaffb68

Important Notice regarding 2016 Security Incident
https://www.zendesk.com/blog/security-update-2019/

Singapore online falsehoods law kicks in with details on appeals process
https://www.zdnet.com/article/singapore-online-falsehoods-law-kicks-in-with-details-on-appeals-process/#ftag=RSSbaffb68

ANU incident report on massive data breach is a must-read
https://www.zdnet.com/article/anu-incident-report-on-massive-data-breach-a-must-read/#ftag=RSSbaffb68

E.研究報告
安全運維3.1—跨站腳本漏洞(XSS)之反射型XSS(get)漏洞
https://my.oschina.net/adailinux/blog/3112079

【高危漏洞預警】CVE-2019-1367遠程代碼執行漏洞
https://www.ejinshan.net/news-details-a8e318de451a13507e5658c71b41cb1d.html

騰訊安全:IE瀏覽器曝遠程執行代碼漏洞騰訊安全強勢推出漏洞修復工具
http://news.cnw.com.cn/news-china/htm2019/20190927_323950.shtml

成都鏈安揭露:FAIRWIN 智能合約漏洞技術分析
https://news.huoxing24.com/20190927200044015229.html

Palo Alto Global Protect 網關設備格式化字符串漏洞分析(CVE-2019-1579)
https://www.chainnews.com/articles/108785378612.htm

phpStudy poc漏洞復現以及漏洞修復辦法
http://blog.itpub.net/31542418/viewspace-2658500/

《漏洞戰爭》-CVE-2010-3333(上)
https://www.cnblogs.com/hell--world/p/11595818.html

通過HashMap觸發DNS檢測Java反序列化漏洞
http://rui0.cn/archives/1135

CVE-2019-16928:Exim遠程堆垛重疊PoC預測分析
https://cert.360.cn/warning/detail?id=5307d516a370e74b2ac1e529b1cde4e3

挖洞經驗| Facebook系統HTML轉PDF文檔可能引起的RCE漏洞
https://www.freebuf.com/vuls/213714.html

雲安全!一個老碼對駭客被動應戰
http://bit.ly/2mBvAtv

IOT設備漏洞挖掘從入門到入門(二)- DLink Dir 815漏洞分析及三種方式模擬復現
https://www.anquanke.com/post/id/187443

Chakra漏洞調試筆記4-Array OOB
https://www.anquanke.com/post/id/187739

美國中央情報局網路武器庫分析與披露
https://ti.qianxin.com/blog/articles/network-weapons-of-cia/

那些和185.244.25.0/24網段有關的殭屍網路
https://blog.netlab.360.com/the-botnet-cluster-on-185-244-25-0-24-2/

CVE-2018-8631 IE jscript JsArrayFunctionHeapSort 堆溢出漏洞分析
https://www.anquanke.com/post/id/187650

phpStudy後門漏洞利用複現
https://www.cnblogs.com/yuzly/p/11610061.html

Dlink getcfg.php遠程敏感信息重新分割分析
https://xz.aliyun.com/t/6453

CVE-2019-16928:Exim RCE漏洞分析
https://www.4hou.com/info/news/20685.html

挖洞經驗| 通過Shodan發現目標應用Marathon服務的RCE漏洞
https://www.freebuf.com/vuls/213855.html

Iris:一款可執行常見Windows漏洞利用檢測的WinDbg擴展
https://www.freebuf.com/sectool/214276.html

分析產品漏洞測試,逆向技術是把雙刃劍
https://zhuanlan.zhihu.com/p/85095194

內網滲透總結
http://bit.ly/31X3mII

個案分析-勒索病毒GoGaLocker攻擊事件分析報告_10809
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019092702094545603639826586556.pdf

iPhone BootROM 漏洞說明及威脅評估
http://bit.ly/2oVlhAX

CVE-2019-16941: NSA Ghidra工具RCE漏洞
https://www.4hou.com/info/news/20698.html

TL-BOTS
https://github.com/threatland/TL-BOTS

Flying A False Flag
https://github.com/monoxgas/FlyingAFalseFlag

XSS Magic tricks
https://www.slideshare.net/GarethHeyes/xss-magic-tricks

Pi-hole drops support for ad blocklists used by browser-based ad-blockers
https://www.zdnet.com/article/pi-hole-drops-support-for-ad-blocklists-used-by-browser-based-ad-blockers/#ftag=RSSbaffb68

SecurityNotFound - 404 Page Not Found Webshell
https://www.kitploit.com/2019/09/securitynotfound-404-page-not-found.html

Basic Malware Analysis Tools
https://www.hackingtutorials.org/malware-analysis-tutorials/basic-malware-analysis-tools/

medium-to-wordpress-migration
https://github.com/tensult/medium-to-wordpress-migration

F.商業
醫院HIS以外的第二套資料庫 區塊鏈大幅提升醫療資訊安全
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=70&id=0000569520_tpb4o6gw3oa3bklcvhyqf

與Acronis簽全球經銷協議 研華拚資安抗跌
https://money.udn.com/money/story/5710/4071807

數位資產安全資訊檢核表 Synology 2020 網路安全守則與NAS資安防護
https://jiemr.me/5544

微軟將新增禁止38種OWA副檔名檔案
https://ithome.com.tw/news/133291

微軟將SSD默認加密切換到BitLocker軟件加密
https://www.cnbeta.com/articles/tech/894779.htm

資安公司Emsisoft推出對抗 WannaCryFake 的免費軟體,可在解密資料並保證數據不遺失
https://www.blocktempo.com/emsisoft-releases-bug-fix-for-bitcoin-ransoming-malware-wannacryfake/

科技連接未來 德國萊因邀200 位產業菁英與業內人士齊聚參與
https://ctee.com.tw/industrynews/activity/152411.html

Phpstudy聯合各大安全廠商為用戶提供免費的安全檢測服務
http://tech.ce.cn/news/201909/27/t20190927_33242957.shtml

Red Hat Ansible Tower 功能強、易上手,自動化工具最佳選擇
https://technews.tw/2019/09/30/red-hat-ansible-tower/

遭疑市場壟斷!為避免用戶遭駭客攻擊 Google擬在Chrome瀏覽器放入加密功能
https://news.sina.com.tw/article/20191001/32830300.html

Google 推出密碼檢測服務,可讓用戶檢查現用密碼是否遭竊
https://www.twcert.org.tw/tw/cp-104-3004-c270e-1.html

Google想在Chrome瀏覽器加入DoT加密功能 避免駭客攻擊 卻引發市場壟斷疑慮
https://www.cool3c.com/article/148534

Chrome 79起將逐步封鎖HTTPS網頁中以HTTP下載的內容
https://www.ithome.com.tw/news/133442

高速保安兼備! Cloudflare 開始支援 HTTP/3 協定
http://bit.ly/2mrMYk5

Thales針對身分驗證客戶擴展進階存取管理功能,以因應不斷變化的威脅形勢
https://times.hinet.net/news/22585002

精誠(6214)第二屆資安攻防電競賽落幕,首吸海外隊伍報名
https://fnc.ebc.net.tw/FncNews/stock/101690

Google launches Password Checkup feature, will add it to Chrome later this year
https://www.zdnet.com/article/google-launches-password-checkup-feature-will-add-it-to-chrome-later-this-year/#ftag=RSSbaffb68

Google gets tougher on HTTPS with ban on mixed content
https://www.zdnet.com/article/google-gets-tougher-on-https-with-ban-on-mixed-content/#ftag=RSSbaffb68

Sophos Launches Managed Threat Response
https://www.bankinfosecurity.com/interviews/sophos-launches-managed-threat-response-i-4456

網頁版 Outlook 再度新增 38 種檔案類型,禁止加於附檔寄送
https://www.twcert.org.tw/tw/cp-104-3003-f8e32-1.html

Outlook for Web Bans 38 More File Extensions in Email Attachments
https://thehackernews.com/2019/09/email-attachment-malware.html

Intel proposes new SAPM memory type to protect against Spectre-like attacks
https://www.zdnet.com/article/intel-proposes-new-sapm-memory-type-to-protect-against-spectre-like-attacks/#ftag=RSSbaffb68

IBM and Canonical work together in financial services
https://www.zdnet.com/article/ibm-and-canonical-work-together-in-financial-services/#ftag=RSSbaffb68

G.政府
神祕網軍 軍情資安守門人
https://www.chinatimes.com/newspapers/20190930000442-260102?chdtv

資通電軍 擬納入情報機關
https://www.chinatimes.com/newspapers/20190930000445-260118?chdtv

明審查「國家情報工作法修正草案」 納經濟領域 完備國安防護網
https://news.ltn.com.tw/news/politics/paper/1321711

情工法修法初審 間諜罪最重無期徒刑終身追訴
https://www.cna.com.tw/news/aipl/201910020313.aspx

立委籲政府盡速三讀通過人工智慧發展基本法
http://bit.ly/2nh19cl

綠委憂司法院資安防護不足 林輝煌:著力提升
https://www.cna.com.tw/news/aipl/201910030165.aspx

H.ICS/SCADA 工控系統
Moxa工業物聯網軟硬體整合方案 打造客戶垂直應用開發落地成功體驗
http://bit.ly/2pAiGNl

I.教育訓練
打雜小弟的公務機關法遵面面觀(資訊彙整+彙整+筆記) 系列
https://ithelp.ithome.com.tw/users/20107398/ironman/2220

雲端科技 系列 介紹雲端技術與發展
https://ithelp.ithome.com.tw/users/20120878/ironman/2690

那個夜裡的資安
https://ithelp.ithome.com.tw/users/20006132/ironman/2508

三十日之熄燈幽談-資安百物語
https://ithelp.ithome.com.tw/users/20120299/ironman/2467

冰山一角的駭客工具介紹
https://ithelp.ithome.com.tw/users/20114110/ironman/2536

網路世界的奇怪冒險
https://ithelp.ithome.com.tw/users/20112000/ironman/2908

到處挖坑,現在該來還(填)願(坑)ㄌ !!!
https://ithelp.ithome.com.tw/users/20115060/ironman/2414

資安戰爭 三十六計
https://ithelp.ithome.com.tw/users/20107482/ironman/2795

麻瓜不敗!白魔法藍天煉金術
https://ithelp.ithome.com.tw/users/20025481/ironman/2178

Android 十全大補 系列
https://ithelp.ithome.com.tw/users/20120419/ironman/2641

資訊工程大補帖
https://ithelp.ithome.com.tw/users/20108446/ironman/2927

不小心飛進資安之旅(學習筆記)
https://ithelp.ithome.com.tw/users/20120392/ironman/2488

物聯網概論與應用
https://ithelp.ithome.com.tw/users/20120880/ironman/2688

突破困境:資安開源工具應用
https://ithelp.ithome.com.tw/users/20118848/ironman/2682

開源 IP 位址管理系統:phpIPAM
https://ithelp.ithome.com.tw/articles/10222268

入門的 GCP Cloud IAM
http://bit.ly/2lW8a1k

Exploiting Windows Active Directory Environment (An Offensive Approach)
https://www.peerlyst.com/posts/exploiting-windows-active-directory-environment-an-offensive-approach-yash-bharadwaj-1

Pay What You Wish — 9 Hacking Certification Training Courses in 1 Bundle
https://thehackernews.com/2019/09/learn-hacking-course-certification.html

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
科技連接未來 台灣德國萊因勾畫物聯網前景
https://money.udn.com/money/story/10860/4072245

物聯網設備資安大進擊 晶睿與趨勢聯手強化製造系統安全等級
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000568652_mbi7ihov4ijpk836fp6ll

5G、人工智慧與區塊鏈技術交織出的車聯網時代
https://meet.bnext.com.tw/articles/view/45476

TAICS攜手MTSFB 推廣台馬物聯網資安驗證
https://www.chinatimes.com/newspapers/20191004000368-260210?chdtv

6.近期資安活動及研討會
 我們與資安的距離 10/5
 https://hackersir.kktix.cc/events/20191005

 安全程式碼撰寫基礎 10/6
 https://www.sce.pccu.edu.tw/event/chtweb/index.html

 SecTor Security Conference 10/7
 https://infosec-conferences.com/events-in-2019/sector-security-conference/

 Australian Cyber Conference 2019 10/7
 https://infosec-conferences.com/events-in-2019/australian-cyber-conference/

 XRY Certification 教育訓練 10/7 ~ 10/8
 https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=38

 Unleashing Cyber Security  10/7 ~ 10/8
 https://infosec-conferences.com/events-in-2019/unleashing-cyber-security/

 資安檢核核心技術及進階技術研討會 10月7日至10月9日
 http://bit.ly/2TN2UtD

 2019年台灣資安通報應變年會 10/8
 https://www.informationsecurity.com.tw/Seminar/ISevent20191008/

 Cloud Native Forum 2019   10/9
 https://www.meetup.com/Cloud-Native-Taipei-User-Group/events/264613646/

 TSCHacker 功德駭客佈道講座@台北 | 20191010   10/10
 https://tdohackerparty.kktix.cc/events/tschacker-20191010-taipei

 TSCHacker 功德駭客佈道講座@台南 | 20191011  10/11
 https://tdohackerparty.kktix.cc/events/tschacker-20191011-tainan

 BSides Delhi 10/11
 https://infosec-conferences.com/events-in-2019/bsides-delhi/

 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/

 白帽駭客體驗實作 10/13
 https://www.sce.pccu.edu.tw/event/chtweb/index.html

 HAKON – International Information Security Meet 10/13
 https://infosec-conferences.com/events-in-2019/hakon/

 國家高速網路與計算中心 台灣杉一號高速計算主機使用進階課程 10/14
 https://edu.nchc.org.tw/course/one_course_introduction.asp

 M3AAWG 47th General Meeting 10/14 ~ 10/17
 https://infosec-conferences.com/events-in-2019/m3aawg-47th-general-meeting/

 數位時代,自已的權利自己顧 -- 不可不知!基礎資安教戰講座  10/15
 https://ocftw.kktix.cc/events/e0c1048b

 AWS Transformation Day 10/15
 https://amzn.to/2ksO8Lb

 智資時代 2019 科技法制前瞻論壇 10/15
 https://seminar.ithome.com.tw/live/iii20191015/index.html?eDM_iThome

 AI時代下,資安與視覺化的觀點與實例 10/16
 https://www.tiai.org.tw/tiaiActDetailClass?sno=19

 2019 IBM Cloud 用戶實作課程秋季班  10/16
 https://ibm.co/2n4VNQQ

 BSides Ahmedabad 10/16
 https://infosec-conferences.com/events-in-2019/bsides-ahmedabad/

 TFUG Taipei | TensorFlow All Around 10/16
 https://www.meetup.com/TensorFlow-User-Group-Taipei/events/264713077/

 第八屆國際程式競賽 CodeVita Season 8 即日起至10/17日報名截止
 https://bhuntr.com/tw/competitions/104724210865172005190909102w

 Data Connectors Toronto Tech-Security – October  10/17
 https://infosec-conferences.com/events-in-2019/data-connectors-toronto-october/

 Kotlin/Everywhere GDG Hsinchu - Kotlin on Cloud and Web 10/17
 https://www.meetup.com/GDG-Hsinchu/events/263741333/

 2019 Space Apps Challenge_NASA 黑客松台北場 10/18
 https://www.facebook.com/events/2112377919060176/

 2019 邊緣運算論壇 - AI + IoT 備戰台商回流潮,IIoT 智慧升級 10/18
 https://www.accupass.com/event/1909040655361186052756

 2019 CYBERSPACE聯合研討會 10/18 ~ 10/19
 https://cyberspace.ttu.edu.tw/cyber2019/

 Crosslink Taiwan 2019 10/19
 https://www.meetup.com/Taipei-Ethereum-Meetup/events/264302796/

 交通大學亥客書院-A006:數位足跡追蹤與分析 10/19
 https://hackercollege.nctu.edu.tw/?p=1088

 無痛上手-WiFi無線網路安全檢測 10/20
 https://www.sce.pccu.edu.tw/event/chtweb/index.html

 日盛金融黑客松 報名至10/20 止
 https://app.jsun.com/hackathon/Main

 DEVCORE 那些年我回報的漏洞踩雷經驗  10/21
 https://hackersir.kktix.cc/events/orange1021

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 國家高速網路與計算中心 平行計算程式設計基礎課程 10/22
 https://edu.nchc.org.tw/course/one_course_introduction.asp

  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019

 IEEE Symposium on Visualization for Cyber Security (VizSec) 10/23
 https://infosec-conferences.com/events-in-2019/vizsec/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

 從網路基礎建設安全談RPKI與DDoS  10/24
 https://twnic-icann.kktix.cc/events/108-7

 [Palo Alto Networks]-Palo Alto Networks 直播研討會Part6. MITRE ATT&CK 新資安攻防框架進階產業應用 10/24
 https://www.zerone.com.tw/TrainingDetial/Seminar/7747B901A8198AC3%7C1C130FE6FEC34700

 Cybersecurity Conference Rhein-Neckar  10/24 ~ 10/25
 https://infosec-conferences.com/events-in-2019/cybersecurity-rhein-neckar/

 Identity Days 10/24
 https://infosec-conferences.com/events-in-2019/identity-days/

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  10/25
 https://signupcybersec101.ithome.com.tw/

 國家高速網路與計算中心 大數據軟體開發平台與深度學習、HBase(大數據資料庫)開發應用案例 10/25
 https://edu.nchc.org.tw/course/one_course_introduction.asp

 交通大學亥客書院-A015:進階網頁滲透測試 10/26
 https://hackercollege.nctu.edu.tw/?p=1090

 International Conference on Networks & Communications (NETWORKS) 10/26 ~ 10/27
 https://infosec-conferences.com/events-in-2019/networks/

 亞洲‧矽谷學院108年免費認證考試 10/27
 https://college.asvda.org.tw/

 International Conference on Emerging Security Information, Systems and Technologies (SECURWARE) 10/27 ~ 10/31
 https://infosec-conferences.com/events-in-2019/securware/

 SANS Amsterdam October  10/28
 https://infosec-conferences.com/events-in-2019/sans-amsterdam-october/

 資安檢核核心技術及進階技術研討會 10月28日至10月30日
 http://bit.ly/2TN2UtD

 Foundations in Digital Forensics with EnCase® (DF120) (原CF1) 10/28 ~ 10/31
 https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=39

 International Workshop on Reliability and Security Data Analysis (RSDA)  10/28 ~ 10/31
 https://infosec-conferences.com/events-in-2019/rsda/

 International Symposium on Software Reliability Engineering (ISSRE)  10/28 ~ 11/1
 https://infosec-conferences.com/events-in-2019/issre/

 Securing New Ground 10/29 ~ 10/30
 https://infosec-conferences.com/events-in-2019/securing-new-ground/

 CEBIT Australia  10/29 ~ 10/31
 https://infosec-conferences.com/events-in-2019/cebit-australia/

 OWASP AppSec Day Melbourne  11/1
 https://infosec-conferences.com/events-in-2019/owasp-appsec-day-melbourne/

 Hackfest 2019  11/1 ~ 11/3
 https://infosec-conferences.com/events-in-2019/hackfest-2019/

 行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30
 https://www.accupass.com/event/1810080517061259295030

  Elite East Coast CISO Summit 11/3~11/5
 https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/

 Red Hat Forum Taipei 2019  11/5
 https://www.facebook.com/events/1390202967799392/

 Cyber Security Summit: Boston  11/6
 https://infosec-conferences.com/events-in-2019/cyber-security-summit-boston/

 駭客攻防暨數位鑑識系列一(第1期) 11/7
 https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=384540

 網路攻擊鏈( Cyber Kill Chain)各階段實作 (6hr)  11/7
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384540

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/8
 https://signupcybersec101.ithome.com.tw/

 BSides Charleston 11/9
 https://infosec-conferences.com/events-in-2019/bsides-charleston/

 Kotlin/Everywhere GDG Taoyuan - 運用 Ktor 建置一個以 Kotlin 打造的後端服務  11/9
 https://www.meetup.com/GDGTaoyuan/events/264776152/

 OpenInfra Day Taiwan 11/12
 http://openinfra.digitimes.com.tw/

 CLEAR Cyber Leaders Conference 11/12 ~ 11/13
 https://infosec-conferences.com/events-in-2019/clear-cyber-leaders-conference/

 Windows檔案系統及檔案還原 (6hr)  11/14
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384541

 Digital Internet Summit 11/14
 https://infosec-conferences.com/events-in-2019/digital-internet-summit/

 INTERFACE – Nebraska 11/14
 https://infosec-conferences.com/events-in-2019/interface-nebraska/

 SecureWV – Hack3rCon  11/15 ~ 11/17
 https://infosec-conferences.com/events-in-2019/securewv-hack3rcon/

 交通大學亥客書院-P006:高階網頁滲透測試 11/16
 https://hackercollege.nctu.edu.tw/?p=1092

 FS-ISAC Fall Summit 11/17 ~ 11/20
 https://infosec-conferences.com/events-in-2019/fs-isac-fall-summit/

 Microsoft IoT in Action 11/20
 https://www.iotinactionevents.com/event/taipei

 Infosecurity ISACA North America Expo and Conference 11/20 ~ 11/21
 https://infosec-conferences.com/events-in-2019/isaca-north-america-expo-conference/

 檔案特徵值比對與關鍵字搜尋 (2hr) Open Source數位鑑識工具實務操作 (5hr) 11/21
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384542

 Trend Micro CTF 2019 // Raimund Genes Cup  FINAL / NOVEMBER 23–24, 2019
 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html

 資安檢核核心技術及進階技術研討會11月26日至11月28日
 http://bit.ly/2TN2UtD

 人資人員必修的職安法規定 11/26
 https://www.accupass.com/event/1909121441141977826554

 模擬案例鑑識分析實務 (6hr)  11/28
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384543

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/29
 https://signupcybersec101.ithome.com.tw/

 交通大學亥客書院-B015:惡意程式檢測 11/30
 https://hackercollege.nctu.edu.tw/?p=1098

 亞洲‧矽谷學院108年免費認證考試 11/30
 https://college.asvda.org.tw/

 Digital Summit Dallas  12/4

資安事件新聞週報 2019/9/23 ~ 2019/9/27






資安事件新聞週報  2019/9/23  ~  2019/9/27

1.重大弱點漏洞/後門/Exploit/Zero Day
泰國司法部長就電子跟蹤器手環EM漏洞 司法部索賠逾8300萬銖
http://www.udnbkk.com/article-286128-1.html

清華大學發現ARM、Intel處理器漏洞;華為發布Mate 30系列手機
https://kknews.cc/tech/qlklg5r.html

makandra consul gem for Ruby 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16377

Agwl駭客組織再攻Phpstudy,新增Apache Solr漏洞利用
https://s.tencent.com/research/report/813.html

全球最大同性交友網站化身漏洞管理者,還有25個潛在漏洞排名
https://www.jishuwen.com/d/pmdz/zh-tw

Kubernetes Kubectl曝安全漏洞,Rancher產品不受影響
https://segmentfault.com/a/1190000020464083

10月份資安社群及教育訓練活動分享


10月份資安社群及教育訓練活動分享

 2019 NASA黑客松賽前技術分享[Microsoft]_Azure 雲端運算與認知識別服務 10/1
 https://www.facebook.com/events/421753888461417/

 技職校院物聯網創新應用賽 10/1 受理報名
 https://iot2gather.ntust.edu.tw/

 Gnss海面反射訊號之技術及應用 10/1
 https://www.facebook.com/events/384731849123773/

 GovernmentWare Conference & Exhibition  10/1
 https://infosec-conferences.com/events-in-2019/govware/

 Cyber City Conference 10/1
 https://infosec-conferences.com/events-in-2019/cyber-city-conference/

 GDG DevFest Taipei 2019 10/1
 https://www.meetup.com/GDGTaipei/events/263142255/

 IEEE International Symposium on Reliable Distributed Systems (SRDS)  10/1 ~ 10/4
 https://infosec-conferences.com/events-in-2019/srds/

資安事件新聞週報 2019/9/16 ~ 2019/9/20






資安事件新聞週報  2019/9/16  ~  2019/9/20

1.重大弱點漏洞/後門/Exploit/Zero Day
Atlassian Jira 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14996

Windows Defender malware scans are failing after a few seconds
https://www.zdnet.com/article/windows-defender-malware-scans-are-failing-after-a-few-seconds/

Haxx curl 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481

IBM WebSphere Application Server 多個漏洞
https://www.ibm.com/support/pages/security-bulletin-information-disclosure-vulnerability-websphere-application-server-cve-2019-4477
https://www.ibm.com/support/pages/security-bulletin-file-traversal-vulnerability-websphere-application-server-admin-console-cve-2019-4268
https://www.ibm.com/support/pages/security-bulletin-cross-site-scripting-vulnerability-websphere-application-server-admin-console-cve-2019-4270

CVE-2019-1579:-- #Critical Pre-Authentication #Vulnerability
https://github.com/securifera/CVE-2019-1579

Vivotek VIVOTEK IP Camera 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14458

Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions
https://thehackernews.com/2019/09/phpmyadmin-csrf-exploit.html

安全專家在多家廠商的SOHO路由器和NAS設備中發現了125個新漏洞
https://nosec.org/home/detail/2966.html

125 New Flaws Found in Routers and NAS Devices from Popular Brands
https://thehackernews.com/2019/09/hacking-soho-routers.html

資安事件新聞週報 2019/9/9 ~ 2019/9/13






資安事件新聞週報  2019/9/9  ~  2019/9/13


1.重大弱點漏洞/後門/Exploit/Zero Day
藏在純文字檔的Jenkins外掛漏洞
https://blog.trendmicro.com.tw/?p=61935

上百萬台網路收音機暗藏可遭駭客挾持的安全漏洞
https://ithome.com.tw/news/132984

Palo Alto Global  漏洞(CVE-2019-1579)
https://nosec.org/home/detail/2951.html

Pulse Secure VPN嚴重漏洞(CVE-2019-11510)警報
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution
https://www.exploit-db.com/exploits/47354

Telnet backdoor vulnerabilities impact over a million IoT radio devices
https://www.zdnet.com/article/critical-vulnerabilities-impact-over-a-million-iot-radio-devices/#ftag=RSSbaffb68

Imperial & Dabman Internet Radio - Undocumented Telnetd & Code Execution
https://www.vulnerability-db.com/?q=articles/2019/09/09/imperial-dabman-internet-radio-undocumented-telnetd-code-execution

Java finally goes all in on open source with the Jakarta EE 8 release
https://www.zdnet.com/article/java-finally-goes-all-in-on-open-source-with-the-release-of-jakarta-ee-8/#ftag=RSSbaffb68

OfficeScan 11.0 SP1終止技術服務通知
https://esupport.trendmicro.com/zh-tw/business/topic_techsupport/topic_eosproduct.aspx

Vulnerability Spotlight: Denial-of-service vulnerabilities in some NETGEAR routers
https://blog.talosintelligence.com/2019/09/vuln-spotlight-Netgear-N300-routers-DoS-sept-2019.html

IBM WebSphere Application Server 資料洩露漏洞
https://www.ibm.com/support/pages/security-bulletin-path-traversal-vulnerability-websphere-application-server-admin-console-cve-2019-4442

CVE-2019-5475/Nexus Repository Manager遠程命令執行
https://qiita.com/shimizukawasaki/items/12f0b69945498e6d5aa9

Nexus Repository Manager 2.x遠程命令執行(CVE-2019-5475)
https://www.secpulse.com/archives/112290.html

資安事件新聞週報 2019/9/2 ~ 2019/9/6


資安事件新聞週報  2019/9/2  ~  2019/9/6

1.重大弱點漏洞/後門/Exploit/Zero Day
PSV、PS3雙雙獲得韌體更新,但似乎忘了把漏洞補上
https://www.techbang.com/posts/72481-psv-ps3-double-get-stolic-update-but-seem-to-forget-to-fill-in-the-vulnerability

發現美國海軍網站的敏感信息洩露和SQL注入漏洞
https://nosec.org/home/detail/2909.html

企業修補進度慢!近期臺灣資安業者揭露的SSL VPN漏洞,傳出已遭駭客鎖定
https://www.ithome.com.tw/news/132764

SonarQube檢測出的bug、漏洞以及異味的修復整理
https://cloud.tencent.com/developer/article/1497624

Zimbra-RCE
https://github.com/rek7/Zimbra-RCE

Trend Micro OfficeScan (OSCE) DLL Side-Loading安全性弱點通告
https://nvd.nist.gov/vuln/detail/CVE-2019-9492

Hiding in Plain Text: Jenkins Plugin Vulnerabilities
https://blog.trendmicro.com/trendlabs-security-intelligence/hiding-in-plain-text-jenkins-plugin-vulnerabilities/

Lightning Network用戶敦促因漏洞而緊急更新軟件
https://0xzx.com/201908302043248275.html

SA103 : October 2015 NTP Security Vulnerabilities
https://support.symantec.com/us/en/article.SYMSA1335.html

SA98 : OpenSSL Security Advisory 11-June-2015
https://support.symantec.com/us/en/article.SYMSA1325.html

SA104 : OpenSSH Vulnerabilities
https://support.symantec.com/us/en/article.SYMSA1337.html

XSS and Information Disclosure Vulnerabilities in ASG and ProxySG
https://support.symantec.com/us/en/article.SYMSA1472.html

資安事件新聞週報 2019/8/26 ~ 2019/8/30

資安事件新聞週報  2019/8/26  ~  2019/8/30

1.重大弱點漏洞/後門/Exploit/Zero Day
2019年HITCON ZeroDay漏洞通報現況,注意弱密碼問題通報數量增,還有人才媒合新功能上線
https://www.ithome.com.tw/news/132620

企業弱密碼今年狂被駭!HITCON資安漏洞申報平台連台電、群暉都拜託「抓漏」
http://bit.ly/2PfQM5x

Kubernetes嚴重漏洞致服務器DoS攻擊
https://www.4hou.com/vulnerable/19863.html

IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10964780

台灣資安公司揭露多家企業級 VPN 服務漏洞後,駭客便用來攔截流量
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=919

Palo Alto PAN-OS 多個漏洞
https://securityadvisories.paloaltonetworks.com/Home/Detail/159
https://securityadvisories.paloaltonetworks.com/Home/Detail/160
https://securityadvisories.paloaltonetworks.com/Home/Detail/161

Palo Alto Networks PAN-OS 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1582

Cisco 多個產品發布新的安全更新
https://www.us-cert.gov/ncas/current-activity/2019/08/22/cisco-releases-security-updates

思科 NX-OS 多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

9月份資安社群及教育訓練活動分享






9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



資安事件新聞週報 2019/8/19 ~ 2019/8/23

資安事件新聞週報  2019/8/19  ~  2019/8/23

1.重大弱點漏洞/後門/Exploit/Zero Day
卡巴斯基殺毒軟件被曝出用戶上網痕跡洩露漏洞
https://zhuanlan.zhihu.com/p/78480931

被HTTP/2漏洞拖累,所有Kubernetes版本受影響
https://www.kubernetes.org.cn/5746.html

UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks
https://www.zdnet.com/article/uk-cybersecurity-agency-warns-devs-to-drop-python-2-due-to-looming-eol-security-risks/#ftag=RSSbaffb68

npm撤下含有可竊取登入憑證的bb-builder套件
https://www.ithome.com.tw/news/132572

npm Pulls Malicious Package that Stole Login Passwords
https://www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/

The NPM package that walked away with all your passwords
https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords

IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10964780

資安事件新聞週報 2019/8/12 ~ 2019/8/16

資安事件新聞週報  2019/8/12  ~  2019/8/16

1.重大弱點漏洞/後門/Exploit/Zero Day
Steam驚爆安全漏洞 逾1億玩家恐受影響
https://newtalk.tw/news/view/2019-08-11/284396

托最新藍牙漏洞的“福”,我險些把小電影和賬戶密碼親手給黑客
https://tech.ifeng.com/c/7p8gRStrlcA

JVNVU#90240762 Bluetooth BR/EDR での暗号鍵エントロピーのネゴシエーションにおける問題
https://jvn.jp/vu/JVNVU90240762/

賽門鐵克防毒軟體和Windows SHA-2不相容,微軟暫停更新
https://www.ithome.com.tw/news/132435

Kasper-Spy: Kaspersky Anti-Virus puts users at risk
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html

Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online
https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html

Trend Micro fixes privilege escalation security flaw in Password Manager
https://www.zdnet.com/article/trend-micro-fixes-hijack-security-flaw-in-password-manager/#ftag=RSSbaffb68

Trend Micro Password Manager - Privilege Escalation to SYSTEM
https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM

HTTP/2含有多個服務阻斷漏洞,亞馬遜、臉書、蘋果、微軟全遭殃
https://www.ithome.com.tw/news/132414

8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks
https://thehackernews.com/2019/08/http2-dos-vulnerability.html

New HTTP/2 Flaws Expose Unpatched Web Servers to DoS Attacks
https://www.bleepingcomputer.com/news/security/new-http-2-flaws-expose-unpatched-web-servers-to-dos-attacks/

資安事件新聞週報 2019/8/5 ~ 2019/8/9






資安事件新聞週報  2019/8/5  ~  2019/8/9

1.重大弱點漏洞/後門/Exploit/Zero Day
PuTTY繼0.71版本修正8個高風險漏洞後,再次更新0.72版本
http://bit.ly/2YDMIM5

修補 Fortigate SSL VPN Web門戶中的不正當授權漏洞
https://ithelp.ithome.com.tw/articles/10212691

研究者警告:眾多Jira伺服器的錯誤配置,讓員工及專案資訊全曝光
https://www.ithome.com.tw/news/132265

研究人員發現可劫持數百萬Android裝置的高通晶片漏洞
https://www.ithome.com.tw/news/132291

DRAGONBLOOD新漏洞劫持WPA3密碼
https://www.4hou.com/vulnerable/19554.html

IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10960159
https://www-01.ibm.com/support/docview.wss?uid=ibm10888425

NVIDIA Patches High Severity Flaws in Windows GPU Display Driver
https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-flaws-in-windows-gpu-display-driver/

NVIDIA顯卡驅動被曝5個高危漏洞官方建議升級最新版
http://www.elecfans.com/emb/dsp/201908041031073.html

VMWare 產品多個漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0012.html

資安事件新聞週報 2020/9/14 ~ 2020/9/18

    資安事件新聞週報 2020/9/14  ~  2020/9/18 1.重大弱點漏洞/後門/Exploit/Zero Day PAN-OS之Captive Portal或多因素驗證(Multi-Factor Authentication, MFA)介面存在安全漏洞(CVE-...