資安事件新聞週報 1/14 ~ 1/18

資安事件新聞週報  1/14 ~  1/18

1.重大弱點漏洞

ForeScount :智慧建築含有諸多零時差漏洞
https://ithome.com.tw/news/128278

思科修補可能產生永久服務阻斷的AsyncOS漏洞
https://www.ithome.com.tw/news/128226

Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation
https://www.exploit-db.com/exploits/46189

F-Secure研究員發現35年曆史的SCP客户端漏洞
https://hk.saowen.com/a/6848003ea4baf1d5b8edf2783c7e5f10055fe7aa8734828c7586f736fd4bf513

Oracle Critical Patch Update for January 2019
https://bit.ly/2ssuyPB

甲骨文產品多個漏洞
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Oracle Reports Developer 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2413

Oracle Database Server 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2547

網路印表機設備未正確設置存在漏洞
http://net.nthu.edu.tw/netsys/mailing:announcement:20190109_01

5個熱門網站代管平台皆含有安全漏洞
https://ithome.com.tw/news/128262

5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws
https://bit.ly/2DfcL4A

Linux系統systemd-journald服務本地提權漏洞分析預警
https://www.anquanke.com/post/id/169761

研究人員發現某安全漏洞提交給微軟但微軟拒絕進行修復
https://www.landiannews.com/archives/54726.html

(0day) Microsoft Windows vcf File Insufficient UI Warning Remote Code Execution Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-19-013/

PoC for Windows VCF zero-day published online
https://www.zdnet.com/article/poc-for-windows-vcf-zero-day-published-online/#ftag=RSSbaffb68

PHP Scripts Mall Advance Peer to Peer MLM Script 安全漏洞  CVE-2019-6126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6126

Metasploit, popular hacking and security tool, gets long-awaited update
https://www.zdnet.com/article/metasploit-popular-hacking-and-security-tool-gets-long-awaited-update/#ftag=RSSbaffb68

ThinkPHP5遠程命令執行漏洞
https://www.freebuf.com/vuls/194105.html

Juniper Junos Space Network Management Platform 安全漏洞  CVE-2019-0017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0017

多款Juniper產品Junos OS 安全漏洞
https://vigilance.fr/vulnerability/Junos-OS-EX-QFX-privilege-escalation-via-Stateless-Firewall-IPv6-Extension-Headers-28221

Cisco IP Phone 8800 Series代碼注入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0461

Imperva SecureSphere 安全漏洞  CVE-2018-5412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5412

Imperva SecureSphere PWS組件安全漏洞  CVE-2018-5403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5403

涉及WordPress的漏洞2018年增長了三倍
https://www.hackeye.net/threatintelligence/18499.aspx

亞馬遜旗下Ring攝像頭漏洞:支持團隊能查看隱私視頻
http://www.twoeggz.com/news/13090448.html

Imperva:2018年Web應用程序漏洞與2017年相比增加了21%
https://www.linuxidc.com/Linux/2019-01/156300.htm

The State of Web Application Vulnerabilities in 2018
https://www.imperva.com/blog/the-state-of-web-application-vulnerabilities-in-2018/

Microsoft Windows CONTACT - Remote Code Execution
https://www.exploit-db.com/exploits/46188

Microsoft Edge安全繞過漏洞   CVE-2018-8530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8530

Microsoft Windows Hyper-V遠程代碼執行漏洞  CVE-2018-8490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8490

Microsoft Windows GDI組件本地信息洩露漏洞   CVE-2018-8472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8472

Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
https://www.exploit-db.com/exploits/46185

Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free
https://www.exploit-db.com/exploits/46184

Microsoft Windows JET引擎Msrd3x代碼執行漏洞
http://www.mottoin.com/tech/134107.html

Microsoft Windows DHCP Client遠程代碼執行漏洞  CVE-2019-0547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0547

Windows Update failed? Here are 10 fixes you can try
https://www.zdnet.com/article/windows-update-failed-here-are-10-fixes-you-can-try/#ftag=RSSbaffb68

Microsoft's Windows 7 has one year of free support left
https://www.zdnet.com/article/microsofts-windows-7-has-one-year-of-free-support-left/#ftag=RSSbaffb68

Microsoft's latest Windows 10 19H1 test build separates search and Cortana
https://www.zdnet.com/article/microsofts-latest-windows-10-19h1-test-build-separates-search-and-cortana/#ftag=RSSbaffb68

Linux systemd受內存損壞漏洞影響,尚無補丁
http://netsecurity.51cto.com/art/201901/590453.htm

New Systemd Privilege Escalation Flaws Affect Most Linux Distributions
https://bit.ly/2STfohV

Nelson Open Source ERP SQL注入漏洞
https://cxsecurity.com/issue/WLB-2019010115

Intel Optane SSD DC P4800X 安全漏洞  CVE-2018-12166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12166

libpng 安全漏洞  CVE-2019-6129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6129

Bodhi 跨站腳本漏洞  CVE-2017-1002152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1002152

Blob Studio 2.17拒絕服務 - CXSecurity.com
https://www.anquanke.com/vul/id/1450459

UA-Parser Denial Of Service - CXSecurity.com
https://www.anquanke.com/vul/id/1450458

Google Chrome V8緩衝區溢出漏洞 CVE-2017-15428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15428

NEC Aterm W300P操作系統命令注入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0630

libIEC61850 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6135

AudioCodes 400HD 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10091

Firefox will finally fix annoying page jumps
https://www.zdnet.com/article/firefox-will-finally-fix-annoying-page-jumps/#ftag=RSSbaffb68

SCP implementations impacted by 36-years-old security flaws
https://www.zdnet.com/article/scp-implementations-impacted-by-36-years-old-security-flaws/#ftag=RSSbaffb68

Details published about vulnerabilities in popular building access system
https://www.zdnet.com/article/details-published-about-vulnerabilities-in-popular-building-access-system/#ftag=RSSbaffb68

Desenvolvido por Fidelizarte Web Design Portugal SQL Injection - CXSecurity.com
https://www.anquanke.com/vul/id/1450656

WordPress to show warnings on servers running outdated PHP versions
https://www.zdnet.com/article/wordpress-to-show-warnings-on-servers-running-outdated-php-versions/#ftag=RSSbaffb68

Docker 再曝安全漏洞,這次是PWD 的問題
https://www.infoq.cn/article/N8o1NWv6r6hgCml*u0tG

Google Android越界寫入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9551

臉書漏洞獵人每月平均發現0.87個漏洞,平均年薪為3.4萬美元
https://www.ithome.com.tw/news/128323?fbclid=IwAR3Vy-9ZheyGDkxUdB93kMCbJlRBk0_S5vgKN84UQR4o869oCUDmhUSWGFM

美國國防部數據庫代碼執行漏洞(CVE-2018-16803)
https://nosec.org/home/detail/2177.html

2.銀行/金融/保險/證券/支付系統/ 新聞及資安

搶攻純網銀 國票金組金融隊
https://www.chinatimes.com/newspapers/20190114000485-260102

讓銀行負責保護顧客私人資料
https://www.hbrtaiwan.com/article_content_AR0008585.html

參與的金融機構數量達到 200 家 Brad Garlinghouse:銀行終究會使用 XRP
https://blockcast.it/2019/01/11/ripple-ceo-to-critics-after-obtaining-200-clients/

啟動全民保單存摺 13家壽險聯合保護5座大安森林大作戰
https://www.ettoday.net/news/20190111/1354391.htm

交由銀行自願自律化辦理 資料權open 金管會傾向星模式
https://bit.ly/2AN0zqb

台灣開放銀行腳步慢 客戶資料權恐怕只是第一道問題
https://bit.ly/2RrJ8FY

李維斌 任北富銀數位金融顧問
https://www.chinatimes.com/newspapers/20190112000298-260205

臺北市前資訊局長李維斌轉戰產業界,正式加入北富銀,將負責金融科技、大數據和雲端建設
https://ithome.com.tw/news/128187

布局純網銀 渣打:今年會很忙
https://bit.ly/2VRA6Rd

涉偽造信用卡遭泰逮捕 台嫌羈押巴達雅監獄
https://money.udn.com/money/story/5599/3590464

年關將近防搶案 中正二分局建立金融防護網
http://news.ltn.com.tw/news/society/breakingnews/2671452

財金函證區塊鏈 銀行增至27家
https://www.chinatimes.com/newspapers/20190115000310-260205

財金公司金融區塊鍊函證正式上線 百家會計師響應
https://www.ettoday.net/news/20190114/1356269.htm

又一銀行與多家P2P解約 網貸行業出清仍在繼續
https://news.sina.com.tw/article/20190116/29699926.html

台伊清算機制停擺 貿易局:持續溝通盼恢復
https://bit.ly/2SXL9Gu

安永調查:銀行加速數位轉型 首重風險管理
https://news.cnyes.com/news/id/4269270

全球84%金融業 網路安全列首要風險
https://bit.ly/2FvhfGI

人工智慧下的金融科技資安威脅情資與聯防
https://www.fisc.com.tw/Upload/2e644695-04a9-44cf-8841-80936503cc5a/TC/9403.pdf

數位轉型中 銀行業最擔心網路攻擊
https://www.ettoday.net/news/20190116/1357771.htm

加國康富儲蓄遭駭客入侵 140客戶資金被盜
http://www.epochtimes.com/b5/19/1/17/n10981978.htm

公股行庫拚消金 射五箭
https://money.udn.com/money/story/5613/3600150

US Secret Service is probing how crooks use smart credit cards for fraud
https://engt.co/2FuBJ1g

A Fraud-Fighting Strategy for P2P Payments
https://www.bankinfosecurity.com/interviews/fraud-fighting-strategy-for-p2p-payments-i-4219

Card-Not-Present Fraud Costs Mount
https://www.bankinfosecurity.asia/interviews/card-not-present-fraud-costs-mount-i-4218

Neiman Marcus Settles Lawsuit Over Payment Card Breach
https://www.databreachtoday.com/neiman-marcus-settles-lawsuit-over-payment-card-breach-a-11923

Card-Not-Present Fraud Growth: No End in Sight
https://www.bankinfosecurity.com/interviews/card-not-present-fraud-growth-no-end-in-sight-i-4217

RETAILERS TO LOSE $130BN GLOBALLY IN CARD-NOT-PRESENT FRAUD OVER THE NEXT 5 YEARS
https://www.juniperresearch.com/press/press-releases/retailers-to-lose-$130bn-globally

Mastercard boosts online payment security efforts in LatAm
https://www.zdnet.com/article/mastercard-boosts-online-payment-security-efforts-in-latam/#ftag=RSSbaffb68

North Korean hackers infiltrate Chile's ATM network after Skype job interview
https://www.zdnet.com/article/north-korean-hackers-infiltrate-chiles-atm-network-after-skype-job-interview/

Phishing expedition gives hackers entrée to Chile's ATM network
https://www.atmmarketplace.com/news/phishing-expedition-gives-hackers-entree-to-chiles-atm-network/

Google Chrome extension that steals card numbers still available on Web Store
https://www.zdnet.com/article/google-chrome-extension-that-steals-card-numbers-still-available-on-web-store/#ftag=RSSbaffb68

Advertising network compromised to deliver credit card stealing code
https://www.zdnet.com/article/advertising-network-compromised-to-deliver-credit-card-stealing-code/#ftag=RSSbaffb68

Ukrainian Police Arrest 6 Hackers Linked to DDoS and Financial Attacks
https://bit.ly/2U3Syob

Unprotected Government Server Exposes Years of FBI Investigations
https://bit.ly/2FAhGj7

West African banks hit by multiple hacking waves last year
https://www.zdnet.com/article/west-african-banks-hit-by-multiple-hacking-waves-last-year/#ftag=RSSbaffb68

徵才 - 合庫證招募資安主管 1/21截止報名
https://money.udn.com/money/story/5636/3591233

3.電子支付/行動支付/ 新聞及資安

二維碼支付殺入港鐵 八達通未驚過
http://www.hkcd.com/content/2019-01/14/content_1119207.html

街口撒銀彈  下一步打造台版餘額寶
https://www.wealth.com.tw/home/articles/19357

中銀新措施!華電商可透過跨境支付系統在美國收取人民幣
https://hk.on.cc/hk/bkn/cnt/finance/20190113/bkn-20190113182627241-0113_00842_001.html

本土行動支付「台灣Pay」 網友讚爆這家最好用
http://www.skyqzone.com/article/Qko1TmRvMVA4YWs9

悠遊卡新董座爆黑馬 傳吳嘉沅將出掌
https://money.udn.com/money/story/5613/3591930

台北市悠遊卡新董座 傳吳嘉沅接掌
http://news.ltn.com.tw/news/local/paper/1261317

悠遊卡拚電子支付執照
https://bit.ly/2TVnoPH

監獄開通電子支付服務可存錢 網民大讚方便
https://hk.on.cc/hk/bkn/cnt/cnnews/20190114/bkn-20190114220150752-0114_00952_001.html

北京監獄開通支付寶存款服務 家屬可為獄內親人存款
https://news.sina.com.tw/article/20190114/29679950.html

行動票證APP 8月上線
https://bit.ly/2QMIhup

新加坡《支付服務法案》將出爐:有三種牌照類型包含電子錢包
http://paynews.net/article-36692-1.html

電子支付搶破頭 臺灣銳付掌握加密貨幣新藍海
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000551703_UCV6M0QZ1IUZBK2VQXCVV

「轉數快」保安3招 多重認證+轉賬限額+實時通知
https://unwire.hk/2019/01/16/hase/life-tech/

智慧票證暨轉運站加值消費APP 8月上線
https://bit.ly/2RTeDbf

Account Pay 時代來臨了
https://www.fisc.com.tw/Upload/2e644695-04a9-44cf-8841-80936503cc5a/TC/9406.pdf

NFC Payments: Relay Attacks with LoRa
https://bit.ly/2ssNNbD

Banco do Brasil launches cash withdrawals via WhatsApp
https://www.zdnet.com/article/banco-do-brasil-launches-cash-withdrawals-via-whatsapp/#ftag=RSSbaffb68

The Move to Tokenization Spreads
https://www.bankinfosecurity.asia/move-to-tokenization-spreads-a-11936


4.虛擬貨幣/區塊鍊   新聞及資安

報告:區塊鏈在物聯網產業內的應用量翻倍
http://news.knowing.asia/news/2d916dd0-2fe2-44a2-8264-f6823aa4d259

道高一尺魔高一丈 區塊鏈技術突破中國網路管制
https://www.rti.org.tw/news/view/id/2008023

中國區塊鏈法規實名制定案!2月正式上路
https://ec.ltn.com.tw/article/breakingnews/2670209

櫃買中心 通過統一ETN指數認可案
https://money.udn.com/money/story/5739/3588307

改變支付方式!蒙古推出首個區塊鏈支付系統「Terra」
https://news.sina.com.tw/article/20190111/29644044.html

2019區塊鏈應用大爆發,區塊鏈能助力支付系統嗎
http://news.knowing.asia/news/cbce1096-061f-418f-9319-cd0e22898a05

山寨幣交易所 「Cryptopia」公告遭駭客攻擊,成為 2019 年第一起交易所駭客事件
https://www.blocktempo.com/crypto-exchange-cryptopia-hacked-police-starts-investigation/

新西蘭加密交易所Cryptopia 發現安全漏洞,損失重大
https://www.chainnews.com/news/147427936334.htm

來自經典以太坊的攻擊者又一重磅炸彈
http://news.knowing.asia/news/f3dcf1a3-b4e0-44a3-87a2-2edf82b8d5cc

矽谷風投教父Tim Draper:比特幣革命才剛剛開始
http://news.knowing.asia/news/cfdf0011-f4a2-4f9a-ba10-0f23a841cf59

因涉嫌加密貨幣交易 印度一家銀行欲關閉客戶賬戶
https://news.sina.com.tw/article/20190116/29701728.html

大事件!以太坊升級版本發現漏洞,硬分叉被迫推遲
https://bit.ly/2stNtcX

由於安全漏洞,以太坊的君士坦丁堡升級面臨延遲
https://bit.ly/2Dh1BML

ICO、加密貨幣通通跑不掉!馬來西亞納入證券法管制範圍
https://bit.ly/2FEUnDU

約400家交易所存在高危漏洞
https://hk.saowen.com/a/b1fde09f73ac4ca1da085286a5fb81164c3a410a2f4a2dfcc7add19cacf3f484

BEAM CTO:BEAM 錢包漏洞為應用程序本身bug
https://www.chainnews.com/news/122207195797.htm

A simple guide for how to write unit tests for smart contracts
https://blog.upstate.agency/a-simple-guide-for-how-to-write-unit-tests-for-smart-contracts-8ec4b645f57b

Blockchain-based P2P betting
https://medium.com/coinmonks/blockchain-based-p2p-betting-810eadb092d

51 percent Ethereum Classic hacker returns $100,000 in stolen cryptocurrency
https://www.zdnet.com/article/51-percent-ethereum-hacker-returns-100000-in-stolen-cryptocurrency/#ftag=RSSbaffb68

New Ethereum version postponed after discovery of serious security flaw
https://www.zdnet.com/article/new-ethereum-version-postponed-after-discovery-of-serious-security-flaw/#ftag=RSSbaffb68

Cryptopia cryptocurrency exchange pulled offline due to security breach
https://www.zdnet.com/article/cryptopia-cryptocurrency-exchange-pulled-offline-cites-security-breach/#ftag=RSSbaffb68

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體

專門鎖定大型企業的Ryuk勒索軟體5個月就替駭客賺進370萬美元
https://ithome.com.tw/news/128232

18 歲了!分析 Shadow Brokers 駭客集團外流的長青惡意程式Tildeb
https://blog.trendmicro.com.tw/?p=58434

Mirai蠕蟲病毒變種正在利用12月公告的ThinkPHP高危漏洞(CNVD-2018-24942)傳播
https://s.tencent.com/research/report/635.html

「海盜灣」病毒捲土重來,劫持算力私自挖礦
http://news.knowing.asia/news/f1afe736-be3f-4a5b-b1b7-9633c16715ee

勒索病毒MongoLock變種不加密,直接刪除檔案,再格式化備份磁碟,台灣列為重大感染區
https://blog.trendmicro.com.tw/?p=58693

Ransomware attack sends City of Del Rio back to the days of pen and paper
https://www.zdnet.com/article/ransomware-attack-sends-city-of-del-rio-back-to-the-days-of-pen-and-paper/#ftag=RSSbaffb68

Malware found preinstalled on some Alcatel smartphones
https://zd.net/2H6Bqw5

PyLocky Ransomware Decryption Tool Released — Unlock Files For Free
https://bit.ly/2FxJKmu

Ryuk ransomware gang probably Russian, not North Korean
https://www.zdnet.com/article/ryuk-ransomware-gang-probably-russian-not-north-korean/#ftag=RSSbaffb68

NotPetya an ‘act of war,’ cyber insurance firm taken to task for refusing to pay out
https://www.zdnet.com/article/notpetya-an-act-of-war-cyber-insurance-firm-taken-to-task-for-refusing-to-pay-out/#ftag=RSSbaffb68

Ransomware Claims to Fund Child Cancer Treatments
https://www.bankinfosecurity.com/ransomware-claims-to-fund-child-cancer-treatments-a-11938

Emotet re-emerges after the holidays
https://blog.talosintelligence.com/2019/01/return-of-emotet.html

NanoCore Trojan is protected in memory from being killed off
https://www.zdnet.com/article/nanocore-trojan-stops-you-killing-its-process/#ftag=RSSbaffb68

4 Mobile Banking Trojan Families to Fear According to McAfee
https://financialit.net/blog/4-mobile-banking-trojan-families-fear-according-mcafee

A New Variant of Ursnif Banking Trojan Distributed Through Malicious Microsoft Word Documents
http://redsecurium.blogspot.com/search/label/ursnf%20banking%20trojan

.Net RAT Malware Being Spread by MS Word Documents
https://bit.ly/2HcAg2e

PLOT SENSE HAT DATA WITH MATPLOTLIB WITH DASHBOARD PI
https://www.raspberrypi.org/magpi/plot-sense-hat-data/?fbclid=IwAR2iB7MwkqASMQONYGsrvhSGzdEpf6RXy6F2TX-pTQZsd0QRI7kovbGdkX0

CryptoAPI in Malware
https://bit.ly/2svecph

Microsoft and VirusTotal Team Up to Detect Malicious Signed MSI Files
https://bit.ly/2Cy81p4

Manalyze : A static analyzer for PE executables
https://github.com/JusticeRage/Manalyze



B.行動安全 / iPhone / Android / App

APP,下載了方便?開始了夢魘
https://tw.news.appledaily.com/forum/realtime/20190112/1499379

警惕健康健身APP可能帶來的幾大安全隱患
https://www.bbc.com/zhongwen/trad/science-46824619

WhatsApp漏洞無故刪除用戶聊天記錄對安卓用戶造成影響
http://www.sohu.com/a/289076849_115060

旅途用公眾網路也要防資安 趨勢科技分享五大資安密技
https://bit.ly/2FtgApo

你還敢用嗎?美智庫:抖音恐成中國間諜工具
https://bit.ly/2QSj3uz

抖音疑被盯上 美警告搜集情報覆蓋全球
https://bit.ly/2QP6O1P

App檢測通過名錄
http://www.mas.org.tw/app_cert_list.php

Twitter bug revealed private tweets for some Android users for almost five years
https://www.zdnet.com/article/twitter-bug-revealed-private-tweets-for-some-android-users-for-almost-five-years/#ftag=RSSbaffb68

Police Can't Force You To Unlock Your Phone Using Face or Fingerprint Scan
https://bit.ly/2QShnBa

Upgrading An Unsupported Galaxy to Android Pie
https://bit.ly/2RoWzqe

Why you should switch to Signal or Telegram from WhatsApp, Today
https://bit.ly/2RM3GZ8

Does WhatsApp Has A Privacy Bug That Could Expose Your Messages
https://bit.ly/2SUzXL3

Smartphone production decline may allow Huawei to overtake Apple to become world's second largest smartphone brand
https://zd.net/2RQ5Y9F

iOS 12.1: Does your iPhone have a battery problem? (2019 edition)
https://www.zdnet.com/pictures/ios-12-1-does-your-iphone-have-a-battery-problem-2019-edition/#ftag=RSSbaffb68

Unprotected VOIP Server Exposed Millions of SMS Messages, Call Logs
https://bit.ly/2RXzKtm

VOIPO database exposed millions of call and SMS logs, system data
https://www.zdnet.com/article/voipo-database-exposed-millions-of-call-and-sms-logs-system-data/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件

賽門鐵克提出2019年資安趨勢預測,物聯網裝置防護成為首要任務
https://ithome.com.tw/news/128327

員工資安教育培訓的四個要點
https://blog.trendmicro.com.tw/?p=58431

前員工監控公司網路的抓包過程
https://bit.ly/2RBqviT

USB組織推出USB Type-C驗證方案,防止惡意USB裝置搞鬼
https://www.ithome.com.tw/news/128108

從資安威脅情資 看企業安全防禦之道
https://www.fisc.com.tw/Upload/2e644695-04a9-44cf-8841-80936503cc5a/TC/9404.pdf

資安是一個過程而非產品
https://bit.ly/2SU73dT

系統又出包 國泰航空頭等艙票價剩1/10
https://www.rti.org.tw/news/view/id/2008162

被抓的駭客與抓人的警察,17年後合作賺資安財
https://futurecity.cw.com.tw/article/444

17歲天才駭客入侵總統府 他被刑事局吸收當顧問
https://udn.com/news/story/7315/3588678

當年建中鬼才 刑事局吸收當「白帽駭客」顧問
https://bit.ly/2FqqyaT

高手曾駭總統府 警借重長才
https://www.chinatimes.com/newspapers/20190112000533-260106

駭入總統府的「超級駭客」蘇柏榕究竟是何許人也?他曾成立靠比特幣付費的台灣最強駭客網站
https://www.limitlessiq.com/news/post/view/id/8458/

40元詐高鐵20萬 駭客天才交保
https://www.chinatimes.com/newspapers/20190112000529-260106

「駭客天才」高鐵購票 花40元欲詐領20萬
https://udn.com/news/story/7321/3588877

張啟元自稱做好事 遭正牌白帽駭客打臉
https://tw.appledaily.com/new/realtime/20190111/1499184/

天才駭客入侵高鐵系統被逮 張啟元嘆:白帽駭客不被認同
https://shareba.com/module/news/303808923013782011.html

張啟元輸慘!「駭客之神」蘇柏榕17歲入侵總統府 警方:2人等級不同
https://bit.ly/2FxdQ9m

張啟元為駭高鐵出面道歉 倡設白帽駭客漏洞平台
https://tw.appledaily.com/new/realtime/20190115/1500874/

兩代天才駭客比一比!當年蘇柏榕駭入總統府網站,張啟元40元買高鐵票…警方:「兩人等級不同!」
http://chinese.efreenews.com/a/daitiancai-kebiyibi-nian-bairong-ru-fu-zhan-yuan40yuan-gao-piao-jingfang-rendeng-butong

警稱不如駭客鬼才 張啟元高EQ回應
https://bit.ly/2H8pvy1

購票APP遭駭客攻擊高鐵:未造成影響將追溯法律責任
https://m.ctee.com.tw/livenews/aj/01112019125314980

「白帽駭客抓漏洞 須對方授意」
https://tw.news.appledaily.com/headline/daily/20190112/38230582/

白帽駭客工作揭密
https://www.limitlessiq.com/news/post/view/id/8482/

「白帽駭客」小檔案
http://news.ltn.com.tw/news/life/paper/1260674

網路世界駭客無所不在
https://udn.com/news/story/7339/3593481?from=udn-catelistnews_ch2

這個118萬成員的Facebook Group竟被hack了!還沒退出的就要趕快了
https://www.twgreatdaily.com/cat98/node1998692

敵暗我明!知名駭客談資安:壞人都在用AI了,好人一定要善用AI!
https://www.cw.com.tw/article/article.action?id=5093746

全球最大線上票務系統Amadeus遭爆存在漏洞可讓駭客變更用戶記錄,近半航空公司遭殃
https://www.ithome.com.tw/news/128279

Flight Booking System Flaw Affected Customers of 141 Airlines Worldwide
https://bit.ly/2FG03xh

Airline Booking System Exposed Passenger Details
https://www.bankinfosecurity.com/airline-booking-system-exposed-passenger-details-a-11952

Amadeus訂票系統惊曝高危漏洞:影響全球近半數航企
https://m.cnbeta.com/view/809545.htm

駭客以ZWSP手法繞過Office 365 安全功能發動網釣攻擊
https://ithome.com.tw/news/128200

香港保安觀察報告 (2018年第四季度)
https://www.hkcert.org/my_url/zh/blog/19011701

中國駭客僞裝成CEO 騙走義商印度分公司1860萬美元
https://www.taiwannews.com.tw/ch/news/3614985

遭中國駭客集團山寨CEO電郵 印度公司13億盧比飛了
https://hk.aboluowang.com/2019/0111/1230492.html

中國駭客組織ART10或曾對日本經團聯發動攻擊
https://bit.ly/2FqyxVA

中國駭客組織網攻美國 網路專家:日本過去也曾受害
http://news.ltn.com.tw/news/world/breakingnews/2671470

聊天對話恐成「間諜行動」證據!美國加州大學警告師生:人在中國不要使用微信、WhatsApp
https://www.storm.mg/article/821018

揭開北韓駭客神秘面紗
https://www.taiwannews.com.tw/ch/news/3615044

南韓國防部遭駭竊取資料
https://ithome.com.tw/news/128315

南韓防衛廳遭駭 北韓是黑手
https://bit.ly/2DbyISa

南韓防衛事業廳30台電腦 遭駭客攻擊
https://udn.com/news/story/6809/3593864

Hackers breach and steal data from South Korea's Defense Ministry
https://www.zdnet.com/article/hackers-breach-and-steal-data-from-south-koreas-defense-ministry/#ftag=RSSbaffb68

吳奕軍專欄:智慧國家新加坡也對駭客無奈
https://www.upmedia.mg/news_info.php?SerialNo=55810

新加坡SingHealth遭駭案,兩名員工因怠忽職守而被革職
https://www.ithome.com.tw/news/128293

新加坡個資外洩案 政府開出逾二千萬罰款
https://www.rti.org.tw/news/view/id/2008369

政府支持的駭客竊取了新加坡總理李顯龍的醫療數據
https://on.wsj.com/2ssBhsE

新保集團網絡遭入侵暴露管理漏洞誰該被“推出午門”
https://www.redants.sg/perspective/story20190111-2298

Firms fined $1M for SingHealth data security breach
https://www.zdnet.com/article/firms-fined-1m-for-singhealth-data-security-breach/#ftag=RSSbaffb68

新加坡150萬名病患個資遭竊 政府開罰74萬美元
https://money.udn.com/money/story/5602/3595660

涉替中國情蒐 波蘭逮捕華為分公司經理
http://ec.ltn.com.tw/article/paper/1260750

華為引資安疑慮 波蘭考慮公部門禁用
https://news.pts.org.tw/article/419574

禁用華為只是資訊戰開端,下一步封殺中國APP
https://tw.appledaily.com/new/realtime/20190115/1501318/

禁華為?波蘭籲北約、歐盟表立場
https://www.chinatimes.com/newspapers/20190114000242-260203

華為5G安全陷漏洞 歐洲各國抵制行動卻爆分歧
https://ec.ltn.com.tw/article/breakingnews/2670483

憂資安漏洞 日NTT擬禁售華為手機
https://news.cts.com.tw/cts/international/201901/201901141948868.html

華為高層 間諜罪被捕 波蘭當局搜索分公司
https://tw.appledaily.com/international/daily/20190112/38230292/

華為代理商:引進台灣產品符合法規
https://money.udn.com/money/story/5612/3593219

加國華為急撇清:不為中國政府當間諜 只遵守加國法律
http://news.ltn.com.tw/news/world/breakingnews/2670007

華為駐波蘭高層涉間諜罪被捕 陸斥抹黑造謠暗指美國是黑手
https://tw.appledaily.com/new/realtime/20190113/1499788/

華為風暴掀全球資安恐慌 訊連搶當人臉辨識本土一哥
https://bit.ly/2CoJRx8

捷克資安當局宣告抵制華為 總理澄清:根本沒有證據
https://www.ettoday.net/news/20190114/1355934.htm

工研院也宣佈禁用!迅速切割在波蘭被逮高管 華為能擺脫涉間諜活動疑雲
https://www.cmmedia.com.tw/home/articles/13826

港府斥176萬採購華為產品 包括存洩密風險路由器 未驗後門程式
https://bit.ly/2MhA0hu

美議員:華為太陽能設備恐遭駭,國家電網安全堪慮
https://technews.tw/2019/01/17/huawei-solar-equipment-may-be-hacked/

美兩黨議員提案 禁止向華為中興售美晶片
http://www.ntdtv.com.tw/b5/20190117/video/238309.html

資安威脅 美德抵制華為
https://bit.ly/2TVwhbR

傳德國將全面禁用華為5G設備
https://times.hinet.net/news/22193649

國安疑慮 德設嚴格門檻 阻擋華為參與德5G建設
https://newtalk.tw/news/view/2019-01-17/195714

美資安公司示警 指伊朗資助駭客、計畫大規模網攻
https://www.ydn.com.tw/News/320362

美國國家網路安全與通訊整合中心 (NCCIC) 關注全球域名系統(DNS)基礎設施劫持 (Hijacking) 活動
https://www.us-cert.gov/ncas/current-activity/2019/01/10/DNS-Infrastructure-Hijacking-Campaign

美國史上最大情報洩密案由俄國破案!這故事要從一條約炮訊息說起
https://buzzorange.com/techorange/2019/01/11/martin-stole-american-intelligence/

美國政府停擺,聯邦網站所使用的逾80個TLS憑證失效
https://www.ithome.com.tw/news/128227

美國政府停擺導致130個聯邦政府網路證書過期,存取網站可能遭受攻擊
https://bit.ly/2CwJ2Th

如不了解駭客手法,怎麼預防駭客攻擊
https://ithome.com.tw/pr/128123

2019最新資安話題:CTIA威脅情資分析專家
https://ithome.com.tw/pr/128122

駭進SEC資料庫從事內線交易的烏克蘭駭客遭美國起訴
https://www.ithome.com.tw/news/128290

美證管會遭駭駭客不當獲利逾410萬美元
https://www.chinatimes.com/realtimenews/20190116005016-260408

Online stores for governments and multinationals hacked via new security flaw
https://www.zdnet.com/article/online-stores-for-governments-and-multinationals-hacked-via-new-security-flaw/#ftag=RSSbaffb68

Hacker behind 'Football Leaks' arrested in Hungary
https://www.zdnet.com/article/hacker-behind-football-leaks-arrested-in-hungary/#ftag=RSSbaffb68

Two Hackers Charged with Hacking SEC System in Stock-Trading Scheme
https://bit.ly/2ASnTmi

Insider Trading: SEC Describes $4.1 Million Hacking Scheme
https://www.bankinfosecurity.com/insider-trading-sec-describes-41-million-hacking-scheme-a-11951

MongoDB "open-source" Server Side Public License rejected
https://www.zdnet.com/article/mongodb-open-source-server-side-public-license-rejected/#ftag=RSSbaffb68

Unpatched vCard Flaw Could Let Attackers Hack Your Windows PCs
https://bit.ly/2QTjQeG

How to Secure Your Mid-Size Organization From the Next Cyber Attack
https://bit.ly/2QTDR4W

Liberian ISP sues rival for hiring hacker to attack its network
https://www.zdnet.com/article/liberian-isp-sues-rival-for-hiring-hacker-to-attack-its-network/#ftag=RSSbaffb68

Hacked Play-with-Docker and Remotely Ran Code on the Host
https://bit.ly/2FsQPoP

These are the courses UK police are set to take in cybersecurity
https://www.zdnet.com/article/these-are-the-courses-uk-police-are-set-to-take-in-cybersecurity/#ftag=RSSbaffb68

Hacker 'BestBuy' sentenced to prison for operating Mirai DDoS botnet
https://www.zdnet.com/article/hacker-bestbuy-sentenced-to-prison-for-operating-mirai-ddos-botnet/#ftag=RSSbaffb68

Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection
https://bit.ly/2FsExgc

Defend from hackers using computer networking fundamentals
https://bit.ly/2FqmTKg

DDoSing Hospital Networks Landed This Hacktivist in Jail for Over 10 Years
https://bit.ly/2RuP6px

Stop Using URL Shorteners In 2019
https://medium.com/millennialbusinessassociation/stop-using-url-link-shortener-in-2019-6dd840e19212

Towards Shorter Encryption Keys
https://medium.com/@borisreitman/towards-shorter-encryption-keys-91fe276aeea2

2019 WILL BE THE YEAR OF INTELLIGENT CYBERCRIME THREATS
https://medium.com/@TriumphCISO/2019-will-be-the-year-of-intelligent-cybercrime-threats-2419575bb4fd

Realtime Face Recognition in the Browser
https://medium.com/@gjovanov/realtime-face-recognition-de1ee3076878

Something to Chat About: Google Code-in 2017 with Zulip!
https://bit.ly/2RverzX

Extracting Secret Test Cases From Google Foobar Challenge
https://blog.usejournal.com/extracting-secret-test-cases-from-google-foobar-challenge-6b0a0bea61c4

Why is my keyboard connected to the cloud
https://www.zdnet.com/article/why-is-my-keyboard-connected-to-the-cloud/#ftag=RSSbaffb68

Windows 10 Expert's Guide: Everything you need to know about BitLocker
https://www.zdnet.com/article/windows-10-experts-guide-everything-you-need-to-know-about-bitlocker/#ftag=RSSbaffb68

Plans and Predictions for Cybersecurity in 2019
https://www.inforisktoday.com/interviews/plans-predictions-for-cybersecurity-in-2019-i-4209

Making the Case for Zero-Trust Security
https://www.inforisktoday.com/interviews/making-case-for-zero-trust-security-i-4214

A security conference will let you hack a Tesla car and earn cash prizes
https://www.zdnet.com/article/a-security-conference-will-let-you-hack-a-tesla-car-and-earn-cash-prizes/#ftag=RSSbaffb68

Zoom, Slack, and Twilio see expense account love from businesses, says Expensify
https://www.zdnet.com/article/zoom-slack-and-twilio-see-expense-account-love-from-businesses-says-expensify/#ftag=RSSbaffb68

GoDaddy removes JavaScript injection which tracks website performance, but might break it too
https://www.zdnet.com/article/godaddy-javascript-injection-tracks-website-performance-but-might-break-it-too/#ftag=RSSbaffb68

DevOps for the hybrid cloud: Red Hat Ansible Tower 3.4
https://www.zdnet.com/article/devops-for-the-hybrid-cloud-red-hat-ansible-tower-3-4/#ftag=RSSbaffb68

Cybercrime Gangs Advertise Fresh Jobs, Hacking Services
https://www.bankinfosecurity.com/cybercrime-gangs-advertise-fresh-jobs-hacking-services-a-11934

UK Sentences Man for Mirai DDoS Attacks Against Liberia
https://www.bankinfosecurity.com/uk-sentences-man-for-mirai-ddos-attacks-against-liberia-a-11933

Microsoft says all U.S. government customers are sanctioned to use Outlook Mobile
https://www.zdnet.com/article/microsoft-says-all-u-s-government-customers-are-sanctioned-to-use-outlook-mobile/#ftag=RSSbaffb68

Getting Smarter About Threat Intelligence
https://www.bankinfosecurity.in/interviews/getting-smarter-about-threat-intelligence-i-4220

Quantum Computing: Sizing Up the Risks to Security
https://www.bankinfosecurity.in/interviews/quantum-computing-sizing-up-risks-to-security-i-4222

Hackers infect e-commerce sites by compromising their advertising partner
https://bit.ly/2RZBToo

New Year, Same Magecart: The Continuation of Web-based Supply Chain Attacks
https://www.riskiq.com/blog/labs/magecart-adverline/

研究人員表示,Fortnite漏洞讓黑客可以訪問數百萬玩家賬號
https://bit.ly/2SZ9jkf

Fortnite Flaws Allowed Hackers to Takeover Gamers' Accounts
https://bit.ly/2QWeb7X

徵才 - 業務助理-資安領域(ISS)
https://www.104.com.tw/job/?jobno=6hls2

徵才- 後端工程師
https://www.yourator.co/companies/GliaCloud/jobs/4716

徵才 - 軟件測試工程師(深圳市錢海電子支付有限公司)
https://www.liepin.com/job/21400889464.shtml

徵才 - Software Engineer - Frontend
https://www.yourator.co/companies/Dinngo/jobs/5580

徵才 - 業務代表_資安系統(18051703A)(業務人員)
https://bit.ly/2AKGroO

徵才 - 福建新大陸支付技術公司2019屆招聘信息
http://jyzd.xmu.edu.cn/platform/require_detail/2877

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞

麥當勞訂餐網站會員個資全都露只差金流 業者否認遭駭
https://www.chinatimes.com/realtimenews/20190118004232-260405

7 億個人資料在暗網流出 立即查看你是否受害者
https://bit.ly/2swotle

10億筆電郵帳密遭駭 專家建議一招檢查有無中標
https://udn.com/news/story/7086/3601191

史上最大個資外洩,一口氣曝露來自近3千起攻擊竊取的個資,總計洩露逾27億組電子郵件信箱和密碼
https://www.ithome.com.tw/news/128338

MongoDB資料庫門戶大開,逾2億中國民眾履歷外洩
https://www.ithome.com.tw/news/128225

日厚生勞動省數據疏漏 兩千萬人少領補貼
http://www.hkcd.com/content/2019-01/13/content_1119128.html

研究:抖音收集用戶數據回傳中國 有如另一個華為
https://bit.ly/2QG6QJr

越南控臉書 未移除有害內容
http://www.udnbkk.com/article-271548-1.html

詐騙集團最愛冒用網購平台 「瘋狂賣客」526件居首
http://news.ltn.com.tw/news/society/breakingnews/2669634

防堵高科技廠房機密外洩 RFID、Beacon確實掌握廠內具體動向
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000551707_rwt8x9m9l4f88t8e490hb

全台超過40人被騙!臉書購物「給你看雙證件」...他得手100萬
https://www.ettoday.net/news/20190112/1354537.htm

191名利用網路刷單實施詐騙的嫌犯,從寮國被押解回國
https://news.sina.com.tw/article/20190112/29655868.html

東森、中天報導不實訊息 NCC各罰20萬元
http://www.epochtimes.com/b5/19/1/16/n10979294.htm

「福人幣」遭控詐萬人 業者吸金2億藏中國
https://tw.news.appledaily.com/local/realtime/20190118/1500953/

英國電商軟件Fashion Nexus爆漏洞,多個品牌網站140萬購物者隱私洩露
http://www.100ec.cn/detail--6492041.html

偷換乘客銀行卡取光存款 警偵破的士詐騙集團拘6人
https://bit.ly/2TZE3Sf

Employees sacked, CEO fined in SingHealth security breach
https://www.zdnet.com/article/employees-sacked-ceo-fined-in-singhealth-security-breach/#ftag=RSSbaffb68

Staff Disciplined in Wake of SingHealth Breach
https://www.bankinfosecurity.com/staff-disciplined-in-wake-singhealth-breach-a-11935

The Fine Line Between Government and Data Privacy
https://medium.com/criptext/the-fine-line-between-government-and-data-privacy-6972c350726

Data, Privacy and Power
https://medium.com/predict/data-privacy-and-power-ace9a9ec3415

Over 202 Million Chinese Job Seekers' Details Exposed On the Internet
https://bit.ly/2D7fQDZ

Germany's Mega-Leak Takeaway: Noisy Young Hacker Got Caught
https://www.databreachtoday.com/blogs/germanys-mega-leak-takeaway-noisy-young-hacker-got-caught-p-2704

Why Are We So Stupid About Passwords? German Edition
https://www.bankinfosecurity.asia/blogs/are-we-so-stupid-about-passwords-german-edition-p-2705

Formbook via fake statement of account
https://myonlinesecurity.co.uk/formbook-via-fake-statement-of-account/

The 773 Million Record "Collection #1" Data Breach
https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/

Data Breach Collection Contains 773 Million Unique Emails
https://www.bankinfosecurity.com/blogs/data-breach-collection-contains-773-million-unique-emails-p-2713

E.研究報告

路由器漏洞挖掘測試環境的搭建之問題總結
https://xz.aliyun.com/t/3826

校園伺服器主機群遭受駭客入侵攻擊事件分析報告
https://portal.cert.tanet.edu.tw/docs/pdf/2018122702120303220430325285175.pdf

【茶包射手日記】TransactionScope Oracle 分散式交易故障排除經驗一則
https://bit.ly/2H4UWJl

CRLF注入
https://bit.ly/2CcPIWp

Windows 0day 任意文件覆蓋漏洞分析與驗證
https://www.chainnews.com/articles/664503742972.htm

ThinkPHP5 核心類Request 遠程代碼漏洞分析
https://paper.seebug.org/787/

CVE-2018-8653分析—IE腳本仍存在漏洞威脅
https://xz.aliyun.com/t/3834

精細化掃描XSS 漏洞– 智能化場景分析
https://zhuanlan.zhihu.com/p/54732352

IE VBScript 漏洞之CVE-2018-8174
https://bbs.pediy.com/thread-248930.htm

Nmap掃描漏洞
https://blog.csdn.net/qq_33468857/article/details/86424354

Nmap的漏洞利用腳本初探
https://blog.csdn.net/qq_33468857/article/details/86424291

Springboot之actuator配置不當的漏洞利用
https://www.freebuf.com/news/193509.html

jQuery-File-Upload—三個漏洞的故事
https://xz.aliyun.com/t/3819

Linux中create_elf_tables函数整型溢出漏洞分析(CVE-2018-14634)
https://www.freebuf.com/vuls/192659.html

知道創宇404實驗室2018年網絡空間安全報告
https://paper.seebug.org/788/

在 CentOS 中使用 Fail2ban 阻止暴力攻擊 WordPress
https://www.4rbj4.com/1148

3大Web安全漏洞防禦詳解:XSS、CSRF、以及SQL注入解決方案
http://www.twoeggz.com/news/13142902.html

微軟JET引擎中Msrd3x代碼執行漏洞分析
https://xz.aliyun.com/t/3844

IE脚本漏洞CVE-2018-8653分析
http://www.4hou.com/vulnerable/15756.html

CVE-2017-11882復現及編寫腳本實現自動化
https://xz.aliyun.com/t/3838

路由器漏洞挖掘之棧溢出入門
https://www.anquanke.com/post/id/169689

二進制漏洞挖掘之插樁、靜態分析、調試、模糊測試辨析之二插樁DynamoRIO
https://bbs.pediy.com/thread-248995.htm

利用分塊傳輸吊打所有WAF
https://bit.ly/2AROXlU

TP-Link TL-R600VPN遠程代碼執行漏洞分析
https://www.anquanke.com/post/id/169793

Gradle Plugin Portal:結合點擊劫持和CSRF漏洞實現帳戶接管
http://www.4hou.com/web/15753.html

如何在Windows ALPC中找到本地提權漏洞(CVE-2018-8440分析)
https://zhuanlan.zhihu.com/p/55020544

多種設備基於SNMP 協議的敏感信息洩露漏洞數據分析報告
https://paper.seebug.org/795/

Windows Debugging 101
https://www.exploit-db.com/docs/46169

Bypass Firewalls By DNS History
https://bit.ly/2TLhPTK

Tampering with Windows Event Tracing: Background, Offense, and Defense
https://bit.ly/2slRkZm

The Architecture and History of Git: A Distributed Version Control System
https://bit.ly/2H6x08x

trimstray/the-book-of-secret-knowledge
https://bit.ly/2RH9B1x

How to use Decorators with Factory Functions
https://bit.ly/2Fkjlch

Choosing A Text Editor
https://medium.com/@theoldercoder/choosing-a-text-editor-3e56f71bd636

Zen and the Art of Application Maintenance
https://medium.com/@shawnstafford/zen-and-the-art-of-application-maintenance-a3526766ea07

NewRelic+SpringBoot+Elastic Beanstalk
https://medium.com/@ashishp13/i-just-went-through-the-arduous-task-of-configuring-newrelic-on-aws-eddaf7cffcb6

Handling NetCDF files using XArray for absolute beginners
https://towardsdatascience.com/handling-netcdf-files-using-xarray-for-absolute-beginners-111a8ab4463f

Neatly bypassing CSP How to trick CSP in letting you run whatever you want
https://bit.ly/2T0fynB

PLOT SENSE HAT DATA WITH MATPLOTLIB WITH DASHBOARD PI
https://bit.ly/2TUJ7Hc

The curious case of the Raspberry Pi in the network closet
https://blog.haschek.at/2018/the-curious-case-of-the-RasPi-in-our-network.html?fbclid=IwAR21kzyA6S0fJR_gfkkcZ5QfIlq2i-w2PZoJQu7Th6GS0iJBvNmChml3tTM

F.商業

Device Authority為3D Systems的雲端3D列印服務提供IoT安全方案
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000551566_u1h4xj847jc6mb5f02cif

Reminder: Microsoft to end support for Windows 7 in 1-year from today
https://bit.ly/2HhIEO2

Win7 保安支援結束一年倒數 美保安機構呼籲升級 Win10
https://bit.ly/2MdHSAn

宏碁轉投資全波 進軍IoT
https://www.chinatimes.com/newspapers/20190118000319-260204

台灣有望搶下物聯網通訊主導權 宏碁轉投資推LoRa新技術
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=1&cat=50&id=0000552111_1mn01n3l2g4t8c07cgd5u

合勤科搶攻資安 火力全開
https://bit.ly/2DhptzI

Microsoft's LinkedIn report card: Technology integration continues, but at a slow pace
https://www.zdnet.com/article/microsofts-linkedin-report-card-technology-integration-continues-but-at-a-slow-pace/#ftag=RSSbaffb68

Radware acquires ShieldSquare in botnet, cloud security push
https://www.zdnet.com/article/radware-acquires-shieldsquare-in-cloud-security-push/#ftag=RSSbaffb68

〈免費資安健檢〉Check Point Security CheckUp
http://www.sysage.com.tw/Guest/Promotion/promotionOne.aspx?promoteid=1291

引進人工智慧確保資安與法遵 資料互通滿足多雲環境需求 一體機納入資料管理傘下 軟體定義兼具擴充優勢
https://www.netadmin.com.tw/article_content.aspx?sn=1901030003

Microsoft looks to instill app-compatibility confidence in Windows 7 users with Desktop App Assure
https://zd.net/2SSnXcR

MariaDB unifies its platform
https://www.zdnet.com/article/mariadb-unifies-its-platform/#ftag=RSSbaffb68

WANdisco announces GA of LiveData for MultiCloud
https://www.zdnet.com/article/wandisco-announces-ga-of-livedata-for-multicloud/#ftag=RSSbaffb68

G.政府

保險業跟進開放 需要修法
https://money.udn.com/money/story/5613/3588867

金管會推開放銀行 三路並進
https://money.udn.com/money/story/5613/3588855

金管會:純網銀業務申請 不能補件
https://money.udn.com/money/story/5613/3591703

金管會揭露開放銀行進展,將定API標準,傾向採用自律,由銀行自願參加
https://www.ithome.com.tw/news/128204

金管會鬆綁 信合社可承作非社員3業務
https://udn.com/news/story/11316/3593296

把保單資料權還給保戶 金管會擬建置「保險聯合資訊中心」
https://bit.ly/2RsfMXV

保單刷卡記帳整合一戶頭 馬拉松4小時公聽會把資料權還給人民
https://www.ettoday.net/news/20190111/1354369.htm

搞不清楚買了哪些保險? 金管會將建置「保險聯合資訊中心」
https://www.ettoday.net/news/20190111/1354127.htm

黑機關會監看訊息內容? NCC闢謠
http://news.ltn.com.tw/news/politics/paper/1260944

中國限制網路言論 我外交部長發推特嗆爆:你們在怕什麼
http://news.ltn.com.tw/news/politics/breakingnews/2669200

國軍自創手機APP僅能被動監控 學者憂成資安大漏洞
https://tw.appledaily.com/new/realtime/20190114/1500070/

電展室:資安違規依規定懲處 同時強化資安宣導
https://bit.ly/2H8qrT3

電展室侯姓士官違反資安 法辦汰除
https://bit.ly/2sqD9m4

情蒐單位變軍中樂園 3C達人教你做
https://bit.ly/2AIERDU

台灣的電子腳鐐為什麼這麼不堪一擊
https://tw.appledaily.com/new/realtime/20190113/1500067/

工研院防資安風險 15日中午起內網不支援華為產品
https://www.cna.com.tw/news/firstnews/201901145003.aspx

工研院強化資安控管,華為設備禁連內部網路
https://m.moneydj.com/f1a.aspx?a=a98b7638-0f6e-4a54-a917-437c73785c54

工研院資策會防堵華為 工商界:企業很早就重視資安
https://www.ettoday.net/news/20190116/1357806.htm

禁華為 工研院髮夾彎 下午公告全面禁用 傍晚修正限連內網
https://tw.news.appledaily.com/headline/daily/20190115/38232729/

政院:政府機關公務已禁用中國資通訊產品
https://bit.ly/2FtocIn

政院:各機關已禁用中國資通訊產品 包括華為
https://www.rti.org.tw/news/view/id/2008287

NCC:電信業5G也禁陸製設備
https://www.chinatimes.com/newspapers/20190115000252-260202

中央銀行總裁楊金龍開放改革第三彈!央行龍龍哥,揪民眾FB按讚
https://bit.ly/2D9m3iG

保險理賠與銀行貸款有疑問?金融消費評議中心駐點中市府免費服務
https://www.chinatimes.com/realtimenews/20190115000072-260405

華為遭禁 江啟臣:政治考量或資安要講清楚
http://hk.crntt.com/crn-webapp/touch/detail.jsp?coluid=46&kindid=0&docid=105308106

台灣工研院和資策會下令禁止華為手機接入內網
https://www.voacantonese.com/a/taiwan-agencies-ban-huawei-/4743446.html

禁用華為手機 不如建立精準資安
https://udndata.com/ndapp/udntag/finance/Article?origid=9229393

資策會補槍!跟進工研院禁止華為設備使用內網
https://fnc.ebc.net.tw/FncNews/tech/66891

維護資訊安全 工研院內網不支援華為產品
http://www.worldpeoplenews.com/content/news/313930

工研院禁用華為 防技術及資安外流
http://www.ectimes.org.tw/Shownews.aspx?id=190115204329

維護資安,國研院:阻絕中國製設備使用內網
https://technews.tw/2019/01/16/narlab-prohibited-china-net-equipments-too/

慢半拍?中國資通訊產品不受採用多年 工研院:持華為通訊設備進入辦公院區皆無法連上內網
https://www.fountmedia.io/article/3004

蔡政府加碼 陸續禁用大陸資通產品
http://hk.crntt.com/doc/1053/0/8/7/105308759.html?coluid=93&kindid=19232&docid=105308759

北市府禁用華為?柯文哲:茲事體大 要想一下
https://udn.com/news/story/7323/3596248

加強資安!資策會最快5月列管陸產品用內網
http://www.ustv.com.tw/UstvMedia/news/103/20190116A143

公部門禁華為 業界認太政治
https://www.chinatimes.com/newspapers/20190117000613-260108

華為產品引資安疑慮 陸委會:A級防護、禁用中國產品
https://bit.ly/2RPo6R6

年輕軍官赴美觀察 籲國軍解除於智慧手機安裝軟體限制
https://bit.ly/2RRO1aG

資安疑慮 海基會:與台商「微信」不得涉機敏資訊
http://www.epochtimes.com/b5/19/1/16/n10979839.htm

H.工控系統/ICS/SCADA 安全相關

EVlink Parking充電站安全漏洞可能讓攻擊者控制充電站
http://tech.ifeng.com/a/20190115/45290707_0.shtml

Tenable發布PremiSys門禁系統中安全漏洞的詳細信息
http://www.cnmo.com/news/653498.html

Hard-Coded Credentials Found in ID, Access Control Software
https://www.bankinfosecurity.com/hard-coded-credentials-found-in-id-access-control-software-a-11937

Ockam provides easy to deploy identity, trust, and interoperability for IoT developers
https://www.zdnet.com/article/ockam-provides-easy-to-deploy-identity-trust-and-interoperability-for-iot-developers/#ftag=RSSbaffb68

SIEMENS CP1604和CP1616設備拒絕服務漏洞    CVE-2018-13808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13808

Attacks Against Industrial Machines via Vulnerable Radio Remote Controllers: Security Analysis and Recommendations
https://bit.ly/2SSBj8W


I.教育訓練類

開發人員安全程式學習指南
https://www.gss.com.tw/index.php/focus/security/1912-gss-0160-checkmarx

Naked dynamic array through Python list
https://medium.com/@yasufumy/data-structure-dynamic-array-3370cd7088ec

Computer and Network Security
https://bit.ly/2Rmmsai

Introduction To Python Type Annotations
https://medium.com/@alexmaisiura/introduction-to-python-type-annotations-7e2964e7f464

Learning how to code without the jargon
https://medium.com/@nirajmenon/learning-how-to-code-without-the-jargon-9676a9df1773

Simple Image Steganography in Python
https://hackernoon.com/simple-image-steganography-in-python-18c7b534854f

How to choose a programming language
https://medium.com/@tassiapaschoal/how-to-choose-a-programming-language-180875d9d7bc

How To Create A Serverless REST API Just In Five Minutes!
https://medium.com/@alexmaisiura/how-to-create-a-serverless-rest-api-just-in-five-minutes-5beb93f57514

How to Create A Cloud Dataflow Pipeline Using Java and Apache Maven
https://datascience.com.co/how-to-create-a-cloud-dataflow-pipeline-using-java-and-apache-maven-fc53279e9424

Learn Enough Docker to be Useful
https://towardsdatascience.com/learn-enough-docker-to-be-useful-b7ba70caeb4b

Learning Go — from zero to hero
https://medium.freecodecamp.org/learning-go-from-zero-to-hero-d2a3223b3d86


J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機

[趨勢情報] 經濟部技術處規劃「AI新創領航計畫」 聚焦AIoT資安與AI高齡醫療
http://www.twiota.org/eventDetails.aspx?id=4a83f2bf-f6e6-412e-a44b-9d58a523a709

特斯拉:黑客如找出旗下汽車軟體漏洞 將獲贈Model 3
https://news.sina.com.tw/article/20190115/29684642.html

挑戰最安全汽車 特斯拉參加駭客大賽
https://bit.ly/2T6Inz7

解讀2018 OWASP TOP10物聯網安全漏洞
http://netsecurity.51cto.com/art/201901/590728.htm

New $16 Raspberry Pi case offers built-in touchscreen for the tiny Linux computer
https://zd.net/2FuvStb

A step-by-step guide to building a simple chess AI
https://medium.freecodecamp.org/simple-chess-ai-step-by-step-1d55a9266977

RASPBERRY PI SUMMER PROJECTS PART 1
https://bit.ly/2QRRfq1

GE is piloting 'humble AI' to introduce business risk to algorithms
https://www.zdnet.com/article/ge-is-piloting-humble-ai-to-introduce-business-risk-to-algorithms/#ftag=RSSbaffb68

Artificial Intelligence in Medicine
https://towardsdatascience.com/artificial-intelligence-in-medicine-1fd2748a9f87

K.CTF

NeverLAN CTF 2019
https://ctftime.org/event/706

STEM CTF: Cyber Challenge 2019
https://ctftime.org/event/661

DEF CON CTF 2019 Quals
https://www.oooverflow.io/dc-ctf-2019-quals/

CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair
https://bit.ly/2CWltVm

Official Website of CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair, Qingdao, China
https://bit.ly/2VnsC8p

International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

NeverLAN CTF
https://neverlanctf.com/


6.近期資安活動及研討會

【課程】Webduino x AIoT 影像辨識實作,自製 Camera 雲台機構、實作影像處理與物體追蹤,打造 AIoT 應用 1/19
 https://www.techbang.com/posts/63282-course-webduino-x-aiot-image-identification-practice

 【講座】2019年5G通訊產業趨勢(台北場) 2019-01-19(六) 18:30 ~ 21:30 (GMT+8)
 https://www.accupass.com/event/1811300349581657089441

 Binance Blockchain Week Singapore 2019 - Binance Conference   2019-01-21(一) 08:30 ~ 2019-01-22(二) 18:00 (GMT+8)
 https://www.accupass.com/event/1812051911121792888735

 Taipei 暗号通貨 (Cryptocurrency) Meetup  Wednesday, January 23, 2019
https://bit.ly/2VgDPr1

 Deep Learning Conversations and the Happy Hour  Wednesday, January 23, 2019
 https://www.meetup.com/Deep-Learning-Conversations/events/vqkwnqyzcbfc/

 Taipei.py 一月月會 (Monthly Meeting) 2019  Thursday, January 24, 2019
 https://www.meetup.com/Taipei-py/events/257299890/

 程式不再是風潮,是未來趨勢【7年級以上.國高中】C++程式設計專題班 2019-01-21 ~ 2019-01-30
 https://www.accupass.com/event/1810250742361123352640

 超強區塊鏈應用開發實戰課程(週六班)  2019-01-26(六) 13:00 ~ 17:00 (GMT+8)
 https://www.accupass.com/event/1812030821059275625140

 第二屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會  2019-02-20(三) 09:00 ~ 17:30 (GMT+8)
 https://www.accupass.com/event/1811190218087771003780

【PowerPoint簡報極限使用】2月主題:十倍速PPT製作  2019-02-20(三) 19:00 ~ 22:00 (GMT+8)
https://www.accupass.com/event/1810161307265689597830

iTHome 台灣雲端大會 Cloud Summit  2019  Call for paper  截止日 2 月 22 日
https://cloudsummit.ithome.com.tw/cfp/

iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
https://cloudsummit.ithome.com.tw/

Splunk .conf 19  10/21 ~ 10/24
https://conf.splunk.com/



沒有留言:

張貼留言

2024年 12 月份資安、社群活動分享

  2024年 12 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/3 https://www.meetup.com/taiwan-code-camp/e...