資安事件新聞週報 1/21 ~ 1/25

資安事件新聞週報  1/21  ~  1/25

1.重大弱點漏洞

OpenBMC caught with 'pantsdown' over new security flaw
https://www.zdnet.com/article/bmc-caught-with-pantsdown-over-new-batch-of-security-flaws/#ftag=RSSbaffb68

Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
https://www.exploit-db.com/exploits/46243

思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

Juniper ATP跨站腳本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0027

Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery
https://www.exploit-db.com/exploits/46240

Splunk Enterprise 7.2.3 - Authenticated Custom App RCE
https://www.exploit-db.com/exploits/46238

Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation
https://www.exploit-db.com/exploits/46221
安全顧問揭露MySQL含有可竊取用戶檔案的設計漏洞
https://www.ithome.com.tw/news/128399

Twitter出現漏洞,公開Android用戶的私人推文
http://tech.ifeng.com/a/20190118/45293455_0.shtml

DNNSoftware EventsCalendar Modules 1.x任意文件下載 - CXSecurity.com
https://www.anquanke.com/vul/id/1452146

WiFi固件曝漏洞PS4、Xbox One和微軟Surface設備均受影響
https://tech.ifeng.com/c/7jaGAW1eNkm

無線網卡發現安全漏洞,逾62億設備中招
https://t.cj.sina.com.cn/articles/view/6662062651/18d17023b00100fljt

Wi-Fi晶片韌體漏洞恐危及數十億裝置
https://www.ithome.com.tw/news/128384

62 億台 PS4、Xbox One、Surface 齊遭殃 Marvell 無線晶片被發現存安全漏洞
https://bit.ly/2DoRBRx

Marvell Avastar漏洞影響全球62億台設備
https://ek21.com/news/tech/41855/

Marvell無線芯片曝安全漏洞,全球數十億設備受波及
https://www.eefocus.com/mcu-dsp/427806

“360代碼衛士”協助Oracle 公司修復多個WebLogic 漏洞,獲官方致謝
https://4hou.win/wordpress/?p=28318

WiFi firmware bug affects laptops, smartphones, routers, gaming devices
https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/#ftag=RSSbaffb68

Temporary fix available for one of the two Windows zero-days released in December
https://www.zdnet.com/article/temporary-fix-available-for-one-of-the-two-windows-zero-days-released-in-december/#ftag=RSSbaffb68

微軟到現在為止仍未修復Windows 10任意文件讀寫漏洞
https://www.landiannews.com/archives/54948.html

Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC)
https://www.exploit-db.com/exploits/46236

Microsoft Windows CONTACT - HTML Injection / Remote Code Execution
https://www.exploit-db.com/exploits/46222

Microsoft Windows VCF or Contact' File - URL Manipulation-Spoof Arbitrary Code Execution
https://www.exploit-db.com/exploits/46220

Windows 10 1809版更新終於開放自動更新
https://bit.ly/2RYBxhK

Exchange Server提權漏洞最新利用方式預警
https://www.secrss.com/articles/8008

Microsoft's new Windows 10 19H1 test build is taxiing toward the finish line
https://www.zdnet.com/article/microsofts-new-windows-10-19h1-test-build-is-taxiing-toward-the-finish-line/#ftag=RSSbaffb68

Microsoft launches Azure DevOps bug bounty program, $20,000 rewards on offer
https://www.zdnet.com/article/microsoft-launches-azure-devops-bug-bounty-program-20000-rewards-on-offer/#ftag=RSSbaffb68

Microsoft Team Foundation Server 信息洩露漏洞
https://www.anquanke.com/vul/id/1452266

微軟確認今年將終止更新Windows 10 Mobile
https://www.sogi.com.tw/articles/microsoft_windows_10_mobile/6252273

Windows 10 Network bug in all versions, fix are planned | Born's Tech and Windows World
https://bit.ly/2S33vch

CVE-2017-8563 | Windows提權漏洞安全更新
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=mssecurity&seq=16048

Microsoft's Dynamics 365 April '19 Update: What's new
https://www.zdnet.com/article/microsofts-dynamics-365-april-19-update-whats-new/#ftag=RSSbaffb68

WIN7走入歷史?「1個原因」微軟籲快升級WIN10
https://fnc.ebc.net.tw/FncNews/tech/67685

Xytronix Research&Design ControlByWeb X-320M 跨站脚本漏洞
https://www.anquanke.com/vul/id/1452257

Watchr 1.1.0.0 Denial Of Service - CXSecurity.com
https://www.anquanke.com/vul/id/1452811

新浪微博某處遠程命令執行漏洞(可反彈shell操作服務器)
https://shuimugan.com/bug/view?bug_no=215872

Qualcomm MDM9206和MDM9607產品緩衝區錯誤漏洞
https://www.anquanke.com/vul/id/1454466

ES文件瀏覽器CVE-2019-6447高危漏洞復現
https://www.52pojie.cn/thread-856993-1-1.html

ES文件瀏覽器被曝安全漏洞用戶資料可能被盜
https://zhuanlan.kanxue.com/article-7667.htm

January Patch Tuesday: First Bulletin of 2019 has Fixes for DHCP and Microsoft Exchange Vulnerabilities
https://bit.ly/2Fha5pw

研究顯示:Bithumb、Coincheck和Zaif最易受安全漏洞影響
https://news.sina.com.tw/article/20190123/29804762.html

Time to update your Apple Watch: watchOS 5.1.3 is out
https://www.zdnet.com/article/time-to-update-your-apple-watch-watchos-5-1-3-is-out/#ftag=RSSbaffb68

Nasty security bug found and fixed in Linux apt
https://www.zdnet.com/article/nasty-security-bug-found-and-fixed-in-linux-apt/#ftag=RSSbaffb68

Security flaws found in 26 low-end cryptocurrencies
https://www.zdnet.com/article/security-flaws-found-in-26-low-end-cryptocurrencies/#ftag=RSSbaffb68

Adobe releases third patch update of the month to squash scripting bugs
https://www.zdnet.com/article/adobe-releases-third-patch-update-of-the-month-to-squash-xss-bugs/#ftag=RSSbaffb68

Adobe Experience Manager 存在安全性弱點
https://www.us-cert.gov/ncas/current-activity/2019/01/22/Adobe-Releases-Security-Updates

NumPy Is Awaiting Fix for Critical Remote Code Execution Bug
https://bit.ly/2S7YBKX

Ghostscript 多個漏洞
https://www.ghostscript.com/documentation.html

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
https://www.exploit-db.com/exploits/46242

Apache HTTPD 多個漏洞
https://www.auscert.org.au/bulletins/74426

蘋果產品多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/01/22/Apple-Releases-Multiple-Security-Updates


2.銀行/金融/保險/證券/支付系統/ 新聞及資安

中壽擴大徵才3000人 開發大數據模型 從16種動物性格選人才
https://bit.ly/2RUQSzD

香港金融管理局呼籲籲提防新加坡銀行可疑流動應用程式
http://hd.stheadline.com/news/realtime/hk/1413979/

法規玩假的! 中共阻美國信用卡公司入華
https://bit.ly/2QVz8Qg

金管會:開放銀行政策將採自願自律制
https://www.ithome.com.tw/news/128317

開放銀行英國經驗大公開
https://www.ithome.com.tw/news/128318

給人才又砸錢57億 富邦看上Line Bank的盤算
https://www.cw.com.tw/article/article.action?id=5093766

全球84%金融業 網路安全列首要風險
https://www.chinatimes.com/newspapers/20190117000243-260202

金融圈競賽攬才 壽險業愛大數據
https://money.udn.com/money/story/6709/3603503

專竊取信用卡的駭客集團Magecart,對277 個網站發動新一波攻擊
https://blog.trendmicro.com.tw/?p=58979

監管新出175號文 稱P2P可轉型網路小貸
https://news.sina.com.tw/article/20190121/29782258.html

反洗錢 CTP申報系統上路
https://money.udn.com/money/story/6710/3608848

設公司治理人員 金融業四家達陣
https://money.udn.com/money/story/5613/3608901

全港首個跨銀行API交換平台 支援13家銀行提供200個API
https://hkitblog.com/44275-2/

監管給P2P平台划好的三條道 是出路還是盲井
https://news.sina.com.tw/article/20190122/29792214.html

網路小貸設立重啟審核 P2P網貸轉型催熱牌照需求
https://news.sina.com.tw/article/20190122/29789208.html

香港金管局將網路安全列入2019年重點監管項目
https://bit.ly/2RL61nS

香港金管局擬一季度頒發虛擬銀行牌照 網路安全成重中之重
https://news.sina.com.tw/article/20190125/29831728.html

香港金管局未擬放寬樓按 冀今季發虛擬銀行牌
https://bit.ly/2sLzNdy

銀行在乎數位金融,但網路公司根本不在乎銀行...前網銀顧問:大部分銀行將消失
https://www.businessweekly.com.tw/article.aspx?id=24902&type=Blog

華銀首家開放銀行領先公股行庫
https://www.chinatimes.com/realtimenews/20190124003747-260410

猛攻Fintech!日電信巨頭KDDI將公開收購網路券商Kabu.com
https://fnc.ebc.net.tw/FncNews/else/68140

Fintechs, digital banks reach out to workers impacted by government shutdown
https://www.atmmarketplace.com/articles/fintechs-digital-banks-reach-out-to-workers-impacted-by-government-shutdown/

West African banks suffer wave of malware attacks
https://www.atmmarketplace.com/news/west-african-banks-experience-wave-of-malware-attacks/

West African Financial Groups Hit by Cyber-attacks – Symantec
https://bizwatchnigeria.ng/west-african-financial-groups-hit-by-cyber-attacks-symantec/

West African Financial Institutions Hit by Wave of Attacks
https://www.symantec.com/blogs/threat-intelligence/african-financial-attacks

Grupo-IB reported on a large-scale cyber attack against Russian bankers :: Finance :: RBC
https://tech2.org/russia/grupo-ib-reported-on-a-large-scale-cyber-attack-against-russian-bankers-finance-rbc/

The Mondelez legal case could have a huge impact on cyber-attack insurance
https://www.compelo.com/insurance/news/mondelez-zurich-cyber-attack-insurance/

Research finds flaws in cyber insurance policies
http://www.fstech.co.uk/fst/Research_Finds_Flaws_Cyber_Insurance_Policies_Mactavish.php

Chrome Plugin that Steals Credit Card Data
https://blog.elevenpaths.com/2019/01/extension-chrome-robo-tarjetas-ciberseguridad.html

徵才 - 中國銀行澳門分行2019年1月社會招聘
http://www.bankofchina.com/mo/aboutus/ab7/201901/t20190118_14615961.html

徵才 -  Java程式設計師(網銀一部)
https://www.104.com.tw/job/?jobno=69snl&jobsource=n104bank2

徵才-MA招募首度開放大學學歷 富邦金2019徵才 招6,800新血
https://bit.ly/2RdsViy


3.電子支付/電子票證/行動支付/ 新聞及資安

金融科技業第一筆大宗收購案出現 Fintech、支付巨頭合併
https://bit.ly/2FDqFzO

電子錢包淺談
https://eastweek.my-magazine.me/main/84460

台灣悠遊卡跟進一卡通申請兼營電子支付業務
http://m.8haitao.com/zuoquandao/195.html

傳蘋果公司招募人手推進電子支付業務
http://www.blrqq.com/a/shiye/20190117/2083.html

傳易寶支付放棄香港上市計劃:轉向赴美國尋求IPO
https://news.sina.com.tw/article/20190117/29726660.html

網家旗下Pi錢包 攜手遠傳推出新支付模式
https://udn.com/news/story/7239/3598744

票交所嗶嗶繳 繳費更Easy
https://www.chinatimes.com/newspapers/20190117000390-260208

支付寶提供資料 助中國警方逮近千人
https://ec.ltn.com.tw/article/breakingnews/2677336

電子支付與電子票證專法整合後之相關問題研析
https://www.ly.gov.tw/Pages/Detail.aspx?nodeid=5249&pid=179804

公告修正本公司「一卡通電子支付機構業務定型化契約」
https://www.i-pass.com.tw/News/Detail/101479

搶搭行動支付列車 微風錢包「Breeze Pay」登場
https://tw.appledaily.com/new/realtime/20190121/1504574/

生物識別支付卡來了!Zwipe:今年推向市場
https://bit.ly/2Hqqv0G

你的臉可以付款了!面部識別成中國支付新手段
https://news.sina.com.tw/article/20190122/29794830.html

四大超商自有支付 全到位OKPay即起上線
https://www.chinatimes.com/realtimenews/20190122003697-260405

中國大陸交通部:高速公路人工收費車道手機移動支付今年將全覆蓋
https://news.sina.com.tw/article/20190124/29820096.html

街口支付攜手六銀行 推即時提領免手續費
https://money.udn.com/money/story/5613/3612573

17家銀行轉帳手續費全免 街口支付「即時提領」服務上線
https://www.chinatimes.com/realtimenews/20190124002596-260410

瞄準超方便使用場景,LINE 推行動收款「小綠機」LINE Pay mini
https://www.inside.com.tw/article/15431-LINE-Pay-mini-Taiwan

年輕人愛用手機支付 馬雲驚語:因為他們窮
https://bit.ly/2Sbe5xA

「台幣一億等你來搬!」 beanfun!全台三萬消費據點大公開
https://news.sina.com.tw/article/20190124/29830364.html

UnionPay expands mobile payments to 174 countries
https://www.atmmarketplace.com/news/unionpay-expands-mobile-payments-to-174-countries/

Contactless Payments: The New Wave
https://www.bankinfosecurity.com/contactless-payments-new-wave-a-11960

Biometric payment card provider raises $14M to support market expansion
https://www.atmmarketplace.com/news/biometric-payment-card-provider-raises-14m-to-support-market-expansion/

3D Secure : Getting Ready for Strong Customer Authentication
https://www.atmmarketplace.com/whitepapers/3d-secure-getting-ready-for-strong-customer-authentication/


4.虛擬貨幣/區塊鍊   新聞及資安

區塊鏈技術開發:堵不住的漏洞
http://blog.51cto.com/13900810/2346273

洗錢和犯罪的溫床:比特幣ATM機逆市猛漲
https://news.sina.com.tw/article/20190124/29819326.html

從航空公司角度,與區塊鏈結合將能解決這些問題
http://news.knowing.asia/news/222f2d5a-756f-423d-9c57-62357a9342aa

遭國際結算銀行點名!「PoW」究竟在區塊鏈的世界裡扮演什麼角色
http://news.knowing.asia/news/745713b4-c286-4a4c-b8ba-a63e4c0dfe42

Dapp大爆發:ETH、EOS、TRON三大公鏈誰才是王者
http://news.knowing.asia/news/21f0e724-38c7-4174-a017-03b5ec9ffe6d

醫療導入區塊鏈 解決資訊外洩風險
https://money.udn.com/money/story/5612/3603513

為什麼駭客總向幣安傳贓物
https://www.moneybar.com.tw/News/85087

曲速未來透露:幣安凍結黑客資金,但漏洞仍然存在
https://www.huoxing24.com/newsdetail/20190118180903557921.html

Beam CTO:Beam錢包漏洞為應用程式本身的bug
https://life.tw/?app=view&no=887942

以太坊現驚安全漏洞致使升級再次被推後,以太坊該被看衰嗎
https://www.chainnews.com/articles/499091372447.htm

區塊鏈支付通道USDT,支付平台C2C系統搭建
https://juejin.im/post/5c3fdc3cf265da61117a8bcb

遠航幣(ALLN)換機票遭民航局關切,遠航:今年將不再提供兌換
https://bit.ly/2AQZOws

委内瑞拉將擁有第一台加密貨幣ATM 有望緩解高通膨率
https://fnc.ebc.net.tw/FncNews/money/67597

土耳其交易所Sistemkoin存在工單遍歷漏洞
https://bcsec.org/index/detail/id/463/tag/2

土耳其交易平台Sistemkoin出现安全漏洞
https://bit.ly/2FCrA3y

暗網供應商從Bittrex等頂級交易所的KYC文件中,獲取用戶數據並進行銷售
https://news.sina.com.tw/article/20190121/29778844.html

區塊鏈如何管理客戶數據?研究顯示跟隱私有關
http://news.knowing.asia/news/d041d99b-87ff-47e7-9f4a-269aea9233a5

流程繁瑣!Coinme與Coinstar聯合推出的新服務慘遭用戶抱怨
https://news.sina.com.tw/article/20190122/29789308.html

Cryptopia交易所被盜資金,大部分被轉至Bibox、幣安和火幣
https://news.sina.com.tw/article/20190123/29808358.html

V-CAT將利用數位貨幣開創新型態的群眾募資
http://www.businesswirechina.com/hk/news/39611.html

以太坊漏洞可導致“重入攻擊”風險
https://paper.seebug.org/801/

澳洲比特幣ATM,每週營業額約50萬澳幣
http://news.knowing.asia/news/46244195-8bfe-4428-98d0-a10dbd78cc9d

比特幣基金會創辦人:如果發生核戰爭,比特幣將是唯一倖存者
https://news.sina.com.tw/article/20190123/29804766.html

2018年比特幣支付達到3.2兆美元
http://news.knowing.asia/news/3bfdb1e6-58e5-4cae-b366-18d2a6cde7b0

三星Galaxy S10漏洞暗示加密貨幣錢包
https://bit.ly/2B2qUAG

比特幣一定會歸零!業界:價值是「這個」
https://ec.ltn.com.tw/article/breakingnews/2681863

CryptoBuyer to deploy first bitcoin ATM in Venezuela
https://www.atmmarketplace.com/news/cryptobuyer-to-deploy-first-bitcoin-atm-in-venezuela/

Iceland’s Bitcoin bandit sentenced for stealing mining rigs
https://www.zdnet.com/article/icelands-bitcoin-bandit-sentenced-for-stealing-mining-rigs/#ftag=RSSbaffb68

Europol arrests UK man for stealing €10 million worth of IOTA cryptocurrency
https://www.zdnet.com/article/europol-arrests-uk-man-for-stealing-eur10-million-worth-of-iota-cryptocurrency/#ftag=RSSbaffb68

Police Arrest €10 Million IOTA Cryptocurrency Theft Suspect
https://www.bankinfosecurity.com/police-arrest-10-million-iota-cryptocurrency-theft-suspect-a-11971

Creating a Blueprint for Blockchain in Banking
https://www.bankinfosecurity.asia/creating-blueprint-for-blockchain-in-banking-a-11970


5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體

分析Android惡意App,瞭解Zen家族成員如何入侵你的裝置
https://bit.ly/2TUGSUy

惡意軟件瞄準阿里雲和騰訊雲服務器利用漏洞感染再挖礦
https://www.landiannews.com/archives/54928.html

病毒提前過情人節?看到「Love you 」附件別亂點! 垃圾信夾帶惡意JavaScript,散播勒索病毒 挖礦程式,台灣列全球第五大感染區
https://blog.trendmicro.com.tw/?p=58726

注意!全新勒索病毒MongoLock直接刪除檔案再要錢
https://www.setn.com/News.aspx?NewsID=487360

Mac 需要防毒軟體嗎?蘋果電腦也不要輕忽上網安全(中毒、病毒防護推薦)
https://www.cool3c.com/article/140555

勒索病毒又來 直接刪除檔案「台灣成中毒危險區」
https://tw.news.appledaily.com/new/realtime/20190124/1506795/

網路安全公司McAfee發現新型加密勒索軟體「Antova」
https://news.sina.com.tw/article/20190124/29820482.html

新型勒索軟體 Anatova 使用模組化架構,手段比 Ryuk 更加霸道
https://bit.ly/2RPAp0A

全球安全專家聯手解放近10萬個散佈惡意程式的網站,HiNet代管惡意網站數量名列第13
https://bit.ly/2sK4RKp

駭客透過網域註冊大廠 GoDaddy 安控疏失,以知名品牌域名大量發送勒索信件
https://twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=792

Security researchers take down 100,000 malware sites over the last ten months
https://www.zdnet.com/article/security-researchers-take-down-100000-malware-sites-over-the-last-ten-months/#ftag=RSSbaffb68

New malware found using Google Drive as its command-and-control server
https://staticnetworks.com/new-malware-found-using-google-drive-as-its-command-and-control-server/

Scoop.it! Malspam Delivers Loki-Bot
https://bit.ly/2U9LPZS

Emergence Of Tech Support Scam – Purchase Of Software For Fake Computer Virus Infection
https://bit.ly/2AYmpHr

Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems
https://bit.ly/2AXGRbb

PHA Family Highlights: Zen and its cousins
https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html

New Android Malware Apps Use Motion Sensor to Evade Detection
https://bit.ly/2R1qmQV

New malware found using Google Drive as its command-and-control server
https://bit.ly/2FH9zBk

Emotet Malware Returns to Work After Holiday Break
https://www.bankinfosecurity.com/emotet-malware-returns-to-work-after-holiday-break-a-11955

Ransomware: A Pervasive, Evolving Threat
https://www.bankinfosecurity.asia/interviews/ransomware-pervasive-evolving-threat-i-4224

Android apps use the motion sensor to evade detection and deliver Anubis malware
https://securityaffairs.co/wordpress/80037/malware/android-apps-motion-sensor.html

Google Play malware used telephones’ movement sensors to hide itself
https://techtipspedia.com/google-play-malware-used-phones-motion-sensors-to-conceal-itself/

Google Play Malware uses motion detectors from cell phones to hide themselves
https://newsbeezer.com/canada/google-play-malware-uses-motion-detectors-from-cell-phones-to-hide-themselves/

Google Play Apps Drop Anubis Banking Malware, Use Motion-based Evasion Tactics
https://bit.ly/2HkUbfD

#1244082: Latest version of Anubis Trojan found to be distributed via Google Play Apps
https://brica.de/alerts/alert/public/1244082/latest-version-of-anubis-trojan-found-to-be-distributed-via-google-play-apps/

2 Android Apps From Google Play Store Launching Banking Malware With Sophisticated Evasion Techniques
https://gbhackers.com/android-apps-banking-malware/

Android Apps Steal Banking Info, Use Motion Sensor to Evade Detection
https://malwaretips.com/threads/android-apps-steal-banking-info-use-motion-sensor-to-evade-detection.89688/

New Android Malware Apps Use Motion Sensor to Evade Detection
https://thehackernews.com/2019/01/android-malware-play-store.html

Apps with ability to drop Anubis Banking malware, motion-based evasion tactics found on Google Play Store
https://atoztechy.blogspot.com/2019/01/apps-with-ability-to-drop-anubis.html

TrickBot Banking Trojan-Trojan Targeting Windows Machines
https://www.antimalware.news/trickbot-banking-trojan-trojan-targeting-windows-machines/

The malware that steals and hides comes to Spain
https://www.clasesordenador.com/the-malware-that-steals-and-hides-comes-to-spain/index.html

5 Ways Modern Malware Defeats Cyber Defenses & What You Can Do About It
https://bit.ly/2CHBVaP

DarkHydrus abuses Google Drive to spread RogueRobin Trojan
https://www.zdnet.com/article/darkhydrus-abuses-windows-security-flaws-google-drive-to-deploy-roguerobin-trojan/#ftag=RSSbaffb68

Fake outstanding payment delivers Formbook and an unknown malware at same time
https://myonlinesecurity.co.uk/fake-outstanding-payment-delivers-formbook-and-an-unknown-malware-at-same-time/

More Formbook via fake order using broken .rar attachments
https://myonlinesecurity.co.uk/more-formbook-via-fake-order-using-broken-rar-attachments/

Over 4 percent of all Monero was mined by malware botnets
https://www.zdnet.com/article/over-4-percent-of-all-monero-was-mined-by-malware-botnets/#ftag=RSSbaffb68

Dharma Gang Pushes Phobos Crypto-Locking Ransomware
https://www.bankinfosecurity.com/dharma-gang-pushes-phobos-crypto-locking-ransomware-a-11961

Adware Disguised as Game, TV, Remote Control Apps Infect 9 Million Google Play Users
https://blog.trendmicro.com/trendlabs-security-intelligence/adware-disguised-as-game-tv-remote-control-apps-infect-9-million-google-play-users/

Russian Language Malspam Pushing Redaman Banking Malware
https://unit42.paloaltonetworks.com/russian-language-malspam-pushing-redaman-banking-malware/

New ransomware strain is locking up Bitcoin mining rigs in China
https://www.zdnet.com/article/new-ransomware-strain-is-locking-up-bitcoin-mining-rigs-in-china/#ftag=RSSbaffb68

5 Malware Trends: Emotet is Hot, Cryptominers Decline
https://www.bankinfosecurity.com/5-malware-trends-emotet-hot-cryptominers-decline-a-11963

2019 State of Malware.
https://resources.malwarebytes.com/files/2019/01/Malwarebytes-Labs-2019-State-of-Malware-Report-2.pdf

Malvertising campaign targets Apple users with malicious code hidden in images
https://www.zdnet.com/article/malvertising-campaign-targets-apple-users-with-malicious-code-hidden-in-images/#ftag=RSSbaffb68

New Ursnif Malware Campaign Uses Fileless Infection to Avoid Detection
https://www.bleepingcomputer.com/news/security/new-ursnif-malware-campaign-uses-fileless-infection-to-avoid-detection/

Ransomware attack on Salisbury Police Department
https://www.cybersecurity-insiders.com/ransomware-attack-on-salisbury-police-department/

Malspam with Word docs uses macro to run Powershell script and steal system data
https://bit.ly/2Ht7FWr

6 security tips for freelancers
https://www.kaspersky.com/blog/freelance-security-tips/24040/

Silence group targeting Russian Banks via Malicious CHM
https://reaqta.com/2019/01/silence-group-targeting-russian-banks/

Excel 4.0 Macro Utilized by TA505 to Target Financial Institutions Recently
https://ti.360.net/blog/articles/excel-4.0-macro-utilized-by-ta505-to-target-financial-institutions-recently-en/


B.行動安全 / iPhone / Android /穿戴裝置 /App

嬌生利用Apple Watch 偵測心律不整
https://www.chinatimes.com/newspapers/20190119000301-260203

用華為手機翻牆上推特 內容慘被刪光
https://bit.ly/2FzOubR

中國全面打壓國内推特用戶
https://www.taiwannews.com.tw/ch/news/3620822

中國網路限制再進化?華為自動幫刪推特下載照片
https://bit.ly/2CEJgYj

「台灣駭客天才」張啟元找到LINE漏洞 官方送他60萬獎金致謝
https://www.ettoday.net/news/20190119/1360378.htm

張啟元揪LINE漏洞 累積近2萬美金!網讚:屌打魯蛇年薪
https://tw.appledaily.com/new/realtime/20190119/1503564/

抓漏成功獲LINE發60萬獎金 張啟元:只花30分鐘就找到
https://tw.appledaily.com/new/realtime/20190119/1503613/

【LINE歡迎來找碴】張啟元找到不少資安漏洞 獲累計獎金2萬美元
https://bit.ly/2RCzfFn

LINE被抓出漏洞 賞張啟元61萬
https://tw.news.appledaily.com/headline/daily/20190120/38237630/

台灣天才駭客又發威!這次揪出Line漏洞,獲頒61.7萬致謝金!他自曝拿到獎金打算這樣用
https://contentparty.org/r/e886ad35bc67767401754833612f5863

安裝數量超過1億的Android檔案管理工具遭爆含有資料竊取及中間人攻擊漏洞
https://www.ithome.com.tw/news/128351

LINE 9.0.0更新iOS先行 改善照片選擇畫面
https://bit.ly/2R1AjNX

These malicious Android apps will only strike when you move your smartphone
https://www.zdnet.com/article/these-malicious-android-apps-will-only-strike-when-you-move-your-smartphone/#ftag=RSSbaffb68

WhatsApp現漏洞 自動刪除對話記錄
https://bit.ly/2FOY2iL

A Twitter Bug Left Android Users' Private Tweets Exposed For 4 Years
https://bit.ly/2MjNMjz

還在用「Facebook 登入」各種網站和應用程式
https://blog.trendmicro.com.tw/?p=58711

尷尬!國軍智慧型手機管理系統MDM被Google Play判定為惡意程式,建議官兵移除
https://bit.ly/2U2YLkc

中科院:MDM非惡意程式 可正常使用
https://bit.ly/2FBzYQZ

中科院發布新聞稿,說明「MDM非惡意程式 更新後可正常使用確保資安」(108年1月20日)
https://www.ey.gov.tw/Page/AE5575EAA0A37D70/d772de9c-66af-41d3-a177-6a8c94be7b9f

Google判定國軍MDM可疑 中科院:非有害軟體
https://bit.ly/2Dr7ozo

越禁越要用?華為新機開賣湧排隊潮 網驚:是台灣人嗎
https://udn.com/news/story/7098/3603384

iOS 12.1.2被破解:駭客穫取iPhone XS Max底層權限
http://big5.pconline.com.cn/b5/news.pconline.com.cn/1224/12247661.html

免費Android VPN熱門程式有八成過度要求存取用戶個資
https://www.ithome.com.tw/news/128395

果粉快升級!蘋果發佈 iOS 12.1.3 版更新,提升系統穩定性與修復漏洞錯誤
https://3c.ltn.com.tw/news/35709

iPhone/Mac漏洞被攻破蘋果20萬美金重賞360安全團隊
http://tech.ifeng.com/a/20190123/45297531_0.shtml

Google被懷疑要讓某些廣告過濾軟體混不下去
https://bit.ly/2S1mp39

中國建設銀行(亞洲)系統提升後將客戶資料傳送至內地數據中心處理
https://hk.news.appledaily.com/local/daily/article/20190112/20589354

JVN#98505783 iOS アプリ「HOUSE GATE」におけるディレクトリトラバーサルの脆弱性
https://jvn.jp/jp/JVN98505783/

iOS 12.1.3 is out: Time to update your iPhones and iPads
https://www.zdnet.com/article/ios-12-1-3-is-out-time-to-update-your-iphones-and-ipads/#ftag=RSSbaffb68

WhatsApp forwarding cap prompts Brazilian president to seek mass messaging options
https://www.zdnet.com/article/whatsapp-forwarding-cap-prompts-brazilian-president-to-seek-mass-messaging-options/#ftag=RSSbaffb68

Chinese Hacker Publishes PoC for Remote iOS 12 Jailbreak On iPhone X
https://bit.ly/2Dw2jWM


C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件

暗網上不乏利用《要塞英雄》V幣的洗錢活動
https://bit.ly/2R9HOm5

報告:全球PC安裝的應用程式有半數軟體已過期未更新
https://www.ithome.com.tw/news/128413

Millions of PCs Found Running Outdated Versions of Popular Software
https://bit.ly/2Uf83t8

5 個經典兒童黑客
https://bit.ly/2DwrHvx

[6個溫習駭客攻擊的議題]雲端應用與資安意識
https://bit.ly/2RJGyLv

緊記以下5招 防止駭客盜取電子郵件資料
https://bit.ly/2CKww2q

電子商務平臺當心!雙11銷售盛況背後暗藏灰色經濟,自動化攻擊盯上網購商品優惠或紅利累積點數,轉賣獲利竟高達5千萬元
https://www.ithome.com.tw/news/128414

去年逾萬宗電腦保安事故 殭屍攻擊激增82%
https://hk.on.cc/hk/bkn/cnt/news/20190122/bkn-20190122125225149-0122_00822_001.html

2019年資安趨勢10大預測
http://www.securtec.com.tw/News/More?id=500#.XEfTc1wzbIU

駭客攻擊新手法 資安專家:晶片內藏惡意程式
https://udn.com/news/story/7240/3613123?from=udn-ch1_breaknews-1-cate6-news

黑客勒索求財 網民兩招自保 (Chinese only)
https://www.hkpc.org/en/corporate-info/media-centre/media-focus/203-corp-info/media-focus/7809-hacker-2tips

「駭客始終會找出一條路」 專家建議製造業應設立多重防禦機制
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000552570_ypi4ef898d0a6pl6jbysu

護資安遏網攻 營造公開透明資訊環境
https://www.ydn.com.tw/News/321679

百度雲加速WAF解決Thinkphp遠程代碼執行漏洞
https://www.zhujib.com/baiduyunjiasuwafjiejuethinkphpyuanchengdaimazhixingloudong.html

「暗網」流量持續攀升 「數據資產」監管保護待加強
https://news.sina.com.tw/article/20190118/29737046.html

趨勢科技Pwn2Own 2019駭客競賽,加碼保障連網世界安全
https://bit.ly/2CxuaEa

管理員被駭客盜,飛機坦克出現在海盜世界
https://www.ptt.cc/bbs/C_Chat/M.1548068486.A.3F5.html

黑產「羊毛黨」是網路惡狼 「薅羊毛」就是犯罪
https://news.sina.com.tw/article/20190122/29784804.html

1夜狂噴4500萬!拼多多遭駭「羊毛黨」瘋搶優惠券
https://fnc.ebc.net.tw/FncNews/world/67768

拼多多重大系統漏洞 任領優惠券損失千萬
https://bit.ly/2S5ixhj

測試圈大事 — 一個 bug 讓拼多多損失了 200 億要給 QA 背黑鍋嗎
https://bit.ly/2MlRGbN

拼多多遭駭 上海警方立案
https://readers.ctee.com.tw/cm/20190122/a10aa10/955445/share

拼多多Bug事件傳言滿天飛 用戶稱遭強制退款
https://money.udn.com/money/story/5604/3605367

拼多多出百元優惠券BUG 專家看風控體系欠缺
https://www.chinatimes.com/realtimenews/20190120001709-260410

拼多多爆BUG 慘損千萬人民幣
https://www.chinatimes.com/newspapers/20190121000516-260108

離職工程師不爽老東家 扮「駭客」網頁換貼清涼照
https://www.chinatimes.com/realtimenews/20190119003609-260402

大陸產業間諜猖獗 我與國際共抵禦
https://www.ydn.com.tw/News/321434

為了國家安全 德國重要電信設備招標準備踢掉華為
https://bit.ly/2W6i0ej

華為巧妙取悅歐洲國家 但開始被懷疑
https://www.cna.com.tw/news/aopl/201901240219.aspx

快禁華為! 加前情報局長:中國連人命都不在意 遑論資安
https://ec.ltn.com.tw/article/breakingnews/2679064

踢爆華為謊言 文件證實操控與伊朗有往來的空頭公司
https://tw.news.appledaily.com/international/realtime/20190125/1507011/

又一國要封殺華為?路透:法國正在考慮
https://www.ettoday.net/news/20190122/1362397.htm

法國擬加入抵制華為的「八國聯軍」,台灣也祭出禁買中國產品「黑名單」
https://www.thenewslens.com/article/112625

全球資安恐慌禁華為 究竟恐懼為哪樁
http://www.ntdtv.com.tw/b5/20190122/video/238623.html

全球抵制禁用一波波 華為強勢回應:產品會說話
https://udn.com/news/story/7098/3608421

紐西蘭總理表示,對華為的禁令相當公正客觀,並無特殊考量
https://twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=793

公部門禁用陸品牌 消費者也會跟進嗎
https://udndata.com/ndapp/udntag/finance/Article?origid=3610042

對設備資安存疑 英國牛津大學「停止接受華為捐款」
https://www.ettoday.net/news/20190118/1360121.htm

華為設備資安改善狀況恐欠佳 英國將提出批評
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000552309_r872k8rr1khlx9832rbgf

這已超出台灣能控制的範圍... 關於華為事件童子賢出面說話了
https://www.cmmedia.com.tw/home/articles/13929

傳川普政府擬頒令,扼殺中國電信大廠
https://technews.tw/2019/01/19/trump-kill-china-telecommunications-rumor/

APT10威脅全球資安 背後疑為中國主導
https://bit.ly/2W4HubS

老大哥真是無所不在!議員拒裝有國安風險的中國監視器
https://bit.ly/2B1yA6m

傳中國政府已封鎖微軟的Bing搜尋
https://bit.ly/2AUg2ov

中國防火長城發功?微軟Bing斷線惹惱網民
https://bit.ly/2Terqm6

China Blocks Microsoft's Bing Search Engine, Despite Offering Censored Results
https://bit.ly/2B5ewQi

聯邦網站成為DNS挾持目標,美國國土安全部發出緊急指令
https://www.ithome.com.tw/news/128433

美國NCSC推文宣教導企業防範國家級網路攻擊
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16197

美國或頒行政命令限制中國電訊商營運
https://bit.ly/2RYtRMn

反制中共竊密 美高官﹕司法訴訟可令公眾警覺
https://www.ntdtv.com/b5/2019/01/23/a102495721.html

九成竊密來自中共 美司法部:訴訟可警醒公眾
http://www.ntdtv.com.tw/b5/20190124/video/238768.html

保安建議:加強 DNS 基建保安
https://www.hkcert.org/my_url/zh/blog/19012502

Webcam 裝置危險多, 小心私隱被看光
https://www.hkcert.org/my_url/zh/blog/19012401

彭博作家示警:中國正透過支配網路 蒐集全球數據
https://ec.ltn.com.tw/article/breakingnews/2679964

美國資安與基礎建設安全局發出緊急公告,要求美國各單位加強防範 DNS 竄改攻擊
https://twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=791

NCSC bids to increase female representation in cyber security
https://edtechnology.co.uk/Article/ncsc-bids-to-increase-female-representation-in-cyber-security/

FBI Agents Say Shutdown Is Damaging Cyber Investigations
https://www.bankinfosecurity.asia/fbi-agents-say-shutdown-damaging-cyber-investigations-a-11969

Universities launch cyber attacks against each other to test defences
https://www.jisc.ac.uk/news/universities-launch-cyber-attacks-against-each-other-to-test-defences-22-jan-2019

DHS issues security alert about recent DNS hijacking attacks
https://www.zdnet.com/article/dhs-issues-security-alert-about-recent-dns-hijacking-attacks/#ftag=RSSbaffb68

DHS Issues More Urgent Warning on DNS Hijacking
https://www.bankinfosecurity.com/dhs-issues-more-urgent-warning-on-dns-hijacking-a-11962

DHS Orders U.S. Federal Agencies to Audit DNS Security for Their Domains
https://bit.ly/2T5qUXA

Cumbria health trust hit by 147 cyber attacks in five years
https://www.bbc.com/news/uk-england-cumbria-46931509

Someone Hacked PHP PEAR Site and Replaced the Official Package Manager
https://bit.ly/2Dvuo00

Mystery still surrounds hack of PHP PEAR website
https://www.zdnet.com/article/mystery-still-surrounds-hack-of-php-pear-website/#ftag=RSSbaffb68

The 6 Types Of Cyber Attacks To Protect Against In 2018
https://bit.ly/2RNmnwA

Alleged Russian Hacker Pleads Not Guilty After Extradition to United States
https://bit.ly/2T8Rm2K

Popular WordPress plugin hacked by angry former employee
https://www.zdnet.com/article/popular-wordpress-plugin-hacked-by-angry-former-employee/#ftag=RSSbaffb68

Concerns raised about WordPress' new 'White Screen Of Death' protection feature
https://www.zdnet.com/article/concerns-raised-about-wordpress-new-white-screen-of-death-protection-feature/#ftag=RSSbaffb68

SMEs still taking cyber attack risks too lightly: Experts
https://www.tnp.sg/news/singapore/smes-still-taking-cyber-attack-risks-too-lightly-experts

HUNGARY’S VULNERABILITY TO CYBER-ATTACKS INCREASES
https://dailynewshungary.com/hungarys-vulnerability-to-cyber-attacks-increases/

Cyber Attacks, Climate Change Are Top Global Risk for Businesses & Governments
https://www.securitynow.com/author.asp?section_id=613&doc_id=748884

Cyber attack on City Hall, an ongoing trend
http://delrionewsherald.com/news/article_14651892-1abd-11e9-9704-1b4cbd33b2af.html

ATLAS game taken offline twice after users hack admin account, find server exploit
https://www.zdnet.com/article/atlas-game-taken-offline-twice-after-users-hack-admin-account-find-server-exploit/#ftag=RSSbaffb68

Trio sent behind bars over illegal drug, painkiller trades in the Dark Web
https://www.zdnet.com/article/trio-sent-behind-bars-over-160000-painkiller-dark-web-trades/#ftag=RSSbaffb68

Cumbria NHS Trust suffered more than 150 cyber attacks in five years
https://www.teiss.co.uk/threats/cumbria-nhs-trust-cyber-attacks/

Emergency Directive 19-01  Mitigate DNS Infrastructure Tampering
https://bit.ly/2HsNUhN

Google fined $57 million by France for lack of transparency and consent
https://bit.ly/2U89Pwd

Vulnerability Threat Control Paradigm and CIA Triads — Computer Security
https://bit.ly/2CAfpjT

WordPress Plugin Hacked By Former Employee
https://bit.ly/2MsmpDP

Can State’s New Cyber Bureau Hack It
https://medium.com/foreign-policy/can-states-new-cyber-bureau-hack-it-50ab1f4b92bb

Chrome API update will kill a bunch of other extensions, not just ad blockers
https://www.zdnet.com/article/chrome-api-update-will-kill-a-bunch-of-other-extensions-not-just-ad-blockers/#ftag=RSSbaffb68

How Multi-Source Security Analytics Creates a Paradigm Shift in Enterprise Cyber Security
https://www.cxovoice.com/how-multi-source-security-analytics-creates-a-paradigm-shift-in-enterprise-cyber-security/

Vietnam both victim and source of massive cyber attacks
https://www.vietnambreakingnews.com/2019/01/vietnam-both-victim-and-source-of-massive-cyber-attacks/

THE EIGHT MAIN FORMS OF CYBER ATTACKS
https://www.bahatitech.co.za/blog/2019/01/23/the-eight-main-forms-of-cyber-attacks/

Mining and metals processor Nyrstar hit by cyber attack – International Mining
https://www.cyber-consult.org/index.php/2019/01/23/mining-and-metals-processor-nyrstar-hit-by-cyber-attack-international-mining/

Belgian metals producer Nyrstar hit by cyber-attack – Channel NewsAsia
https://www.cyber-consult.org/index.php/2019/01/22/belgian-metals-producer-nyrstar-hit-by-cyber-attack-channel-newsasia/

Nyrstar cyber attack
https://otp.tools.investis.com/clients/fi/nyrstar1/omx/omx-story.aspx?cid=250&newsid=66011&culture=en-US

Cyber Attack on Nyrstar
https://www.5cs.com.au/news/local-news/84407-cyber-attack-on-nyrstar

INDUSTRIES THAT ARE MOST AND LEAST VULNERABLE TO CYBERATTACKS
https://www.eccu.edu/industries-that-are-most-and-least-vulnerable-to-cyberattacks/

Cybersecurity as a 21st Century Frontline
https://medium.com/truman-doctrine-blog/cybersecurity-as-a-21st-century-frontline-b9ec8ddbbe5e

The Sting (2018) — The Tale of The Dark Web
https://bit.ly/2HwiIhS

Internet experiment goes wrong, takes down a bunch of Linux routers
https://www.zdnet.com/article/internet-experiment-goes-wrong-takes-down-a-bunch-of-linux-routers/#ftag=RSSbaffb68

HPE teams up with Girl Scouts to teach girls about cybersecurity
https://www.zdnet.com/article/hpe-teams-up-with-girl-scouts-to-teach-girls-about-cybersecurity/#ftag=RSSbaffb68

“2018: The Year of Next Generation Cyber Attacks” asserts Carbon Black Global Threat Report
https://www.risk-uk.com/2018-the-year-of-next-generation-cyber-attacks-asserts-carbon-black-global-threat-report/

Ontario municipalities hit hardest by cyber attacks, says OPP investigator
https://www.simcoe.com/news-story/9129023-ontario-municipalities-hit-hardest-by-cyber-attacks-says-opp-investigator/

DHSS cyber attack impacts more than 100,000 Alaska households
https://www.ktuu.com/content/news/DHSS-cyber-attack-impacts-more-than-100000-Alaska-households--504776792.html

Indian IT had a solid quarter but faces unpredictable, ill winds in 2019
https://www.zdnet.com/article/indian-it-had-a-solid-quarter-but-faces-unpredictable-ill-winds-in-2019/#ftag=RSSbaffb68

Hackers Baselessly Blame Women and ‘SJWs’ for the End of DerbyCon Security Conference
https://motherboard.vice.com/en_us/article/eve4en/hackers-blame-women-and-sjws-end-of-derbycon-security-conference

徵才 - 資安管理工程師
https://www.104.com.tw/job/?jobno=6gd9a&jobsource=n104bank2

徵才 - 資訊管理中心108年專案人力進用-5.研發類-資訊安全
https://www.104.com.tw/job/?jobno=6hx5q


D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞

非營利青年組織 AIESEC 遭爆會員資料未加保護
https://twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=790

美國多家大銀行泄露貸款文件 達2400多万份
http://economics.dwnews.com/big5/news/2019-01-23/60114412.html

Millions of bank loan and mortgage documents have leaked online
https://techcrunch.com/2019/01/23/financial-files/

資安出包! 民眾登入麥當勞訂餐驚見他人個資
https://money.udn.com/money/story/5648/3601706

麥當勞訂餐網站會員個資全都露只差金流 業者否認遭駭
http://m.match.net.tw/pc/news/life/20190118/4779700

史上最大個資外洩,一口氣曝露來自近3千起攻擊竊取的個資,總計洩露逾27億組電子郵件信箱和密碼
https://www.ithome.com.tw/news/128338

MEGA 雲端空間 爆出 7.73 億筆帳號、 2,122 萬筆密碼遭外洩的近年最大宗帳密外洩事件 !(含查詢教學&解決辦法)
https://www.kocpc.com.tw/archives/239864

史上「最大規模」7.73億筆電子郵件帳密遭駭外洩!一招檢查有無中標
http://3c.ltn.com.tw/news/35663

含有逾11億筆電子郵件+密碼的Collection #1資料庫現身駭客論壇
https://bit.ly/2RBbL3M

全球10億筆電郵帳密遭駭客入侵外泄
https://tw.aboluowang.com/2019/0119/1234505.html

2019年1月のデータリーク「Collection #1」をまとめてみた
https://bit.ly/2RUa7tf

連公用Wifi前 別讓手機個資外露
https://bit.ly/2VZZmEW

可能洩露數百萬旅客信息的Amadeus機票預訂系統漏洞
http://www.4hou.com/info/news/15799.html

台推3打擊策略 阻斷詐騙產業鏈
https://www.chinatimes.com/newspapers/20190119000176-260301

物品扣留海關先匯16萬才能領? 銀行員機警阻止客戶受騙
https://bit.ly/2MpWYDf

兩岸偵防詐騙 大數據快狠準
https://www.chinatimes.com/newspapers/20190119000171-260301

陸反詐中心 建汙水池管控壞人
https://www.chinatimes.com/newspapers/20190119000175-260301

扮網上放貸 打劫借錢者 警拘兩男女 追緝南亞匪
https://bit.ly/2T0QxZv

的士司機偷龍轉鳳 盜乘客信用卡偷錢
https://bit.ly/2DjV5ol

十大詐騙話術「在家兼職可日賺XX元」出爐 被騙有9成是男性
https://www.ettoday.net/news/20190117/1358365.htm

網路扮3角假施法 性侵三女還恐嚇散裸照索財
https://udn.com/news/story/7321/3604079?from=udn-catebreaknews_ch2

烏魯木齊多家銀行聯合警方共同打擊網路詐騙
https://news.sina.com.tw/article/20190120/29766692.html

離職時工作手機忘解綁銀行卡,後任員工猜對密碼轉出近萬元
https://news.sina.com.tw/article/20190119/29759636.html

虛擬貨幣直銷騙局 吸金詐騙糾紛多
http://news.ltn.com.tw/news/weeklybiz/paper/1262838

網路信貸廣告有陷阱  遭騙金融存簿  恐淪人頭帳戶
https://times.hinet.net/news/22196341

遇黑客騙銀行帳號 墨爾本老婦警覺報案
http://www.epochtimes.com/b5/19/1/21/n10990677.htm

手機沒密碼鎖! 攤商遭盜刷1萬買點數
https://bit.ly/2R0BUnh

「劍橋事件」發生一次就夠了!臉書砸 2.3 億給德國大學,導入 AI 審查機制讓假新聞退散
https://buzzorange.com/techorange/2019/01/21/protect-fb-against-fake-news/

查發票「循環對立」異象 國稅局意外發現大型詐騙案
https://ec.ltn.com.tw/article/breakingnews/2678852

你的照片成他的數據?臉書10年挑戰藏資安危機
https://ubrand.udn.com/ubrand/story/11815/3608361

新北金融機構提高警覺 1月通報攔阻詐騙達2千餘萬元
https://udn.com/news/story/7321/3610487

假銀行幹部稱投資高獲利 30歲女險被騙
https://bit.ly/2FJwQTa

親屬組團盜刷手機支付系統資金 鄭州警方抓獲6名嫌犯
https://news.sina.com.tw/article/20190124/29820666.html

盜客信用卡資料網購 六男女就逮
https://www.exmoo.com/article/94099.html

盜取後再冒充換手機Sim卡 老千啟用信用卡提款購物
https://bit.ly/2WjCqk3

40張信用卡疑被盜用15歲學生涉案
https://tdm.com.mo/c_news/tv_news.php?id=406873

Online casino group leaks information on 108 million bets, including user details
https://www.zdnet.com/article/online-casino-group-leaks-information-on-108-million-bets-including-user-details/#ftag=RSSbaffb68

BSP investigating Cebuana Lhuillier data breach
https://www.gmanetwork.com/news/money/companies/682243/bsp-investigating-cebuana-lhuillier-data-breach/story/

Report: Federal Trade Commission Weighs Facebook Fine
https://www.bankinfosecurity.com/report-federal-trade-commission-weighs-facebook-fine-a-11956

Security researchers are planning a night of prank calls against tech support scammers
https://www.zdnet.com/article/security-researchers-are-planning-a-night-of-prank-calls-against-tech-support-scammers/#ftag=RSSbaffb68

Two thirds of US consumers say Government should do more to protect data privacy
https://www.zdnet.com/article/two-thirds-of-us-consumers-say-government-should-do-more-to-protect-data-privacy/#ftag=RSSbaffb68

Mergers & Acquisitions: Privacy and Security Considerations
https://www.bankinfosecurity.com/interviews/mergers-acquisitions-privacy-security-considerations-i-4227

2018’s Top hacks and data breaches
https://bit.ly/2WaFW09

Life Under GDPR: Data Breach Cost Unknown
https://www.bankinfosecurity.asia/interviews/life-under-gdpr-data-breach-cost-unknown-i-4226

Security & Compliance Best Practices For Application Development Teams
https://www.bankinfosecurity.eu/security-compliance-best-practices-for-application-development-teams-a-11967

Avoiding phishing attacks
https://www.ncsc.gov.uk/guidance/avoiding-phishing-attacks


E.研究報告

子網域與子目錄的選擇?從資安角度分析
https://bit.ly/2S6JzoF

一個優秀的白帽子靠挖漏洞賺了高額獎金
https://www.freebuf.com/column/194545.html

Web 安全漏洞SSRF 簡介及解決方案
https://juejin.im/post/5c466988f265da615f778eda

利用Thinkphp漏洞傳播的Mirari新變種分析
https://hk.saowen.com/a/938e7b18275b1bb2330009f88ff1cfffc458608d1f885b91358b99e7a7ac9171

Mirai蠕蟲變種借ThinkPHP漏洞傳播騰訊安全“禦界”全面檢測
https://s.tencent.com/research/report/643.html

ThinkPHP 5.0命令執行漏洞分析及復現
https://www.freebuf.com/vuls/194127.html

互聯網漏洞賞金“騙局”曝光,這點錢還不如打德撲
https://hk.saowen.com/a/45649aa1cf75836833895770f0122e0022b0b9937946b20d632a74f87e505660

Struts2歷史重大漏洞分析與總結報告
https://www.secrss.com/articles/7938

TP-Link TL-R600VPN遠程執行代碼漏洞分析
https://xz.aliyun.com/t/3877

[下篇]從補丁diff到EXP--CVE-2018-8453漏洞分析與利用
https://paper.tuisec.win/detail/9bbb01b0e399b94

CVE-2018-8453:針對中東地區的Windows內核提權漏洞利用分析
https://paper.tuisec.win/detail/18cad00371de4fb

業務邏輯漏洞探索之繞過驗證
https://www.freebuf.com/column/194658.html

對某HWP漏洞樣本的shellcode分析
https://www.anquanke.com/post/id/169872

利用Marvell Avastar Wi-Fi中的漏洞遠程控制設備:從零知識入門到RCE漏洞挖掘利用(上)
https://www.anquanke.com/post/id/169892

挖洞經驗| 看我如何發現Pinterest的任意賬號劫持漏洞
https://www.freebuf.com/vuls/194345.html

CVE-2019-6116:ghostscript的沙箱繞過命令執行漏洞預警
https://www.secrss.com/articles/8028

業務邏輯漏洞探索之上傳漏洞
https://www.freebuf.com/column/194846.html

CVE-2019-3462:apt / apt-get遠程代碼執行漏洞預警
https://www.anquanke.com/post/id/170090

Razer Synapse 3 Windows客戶端本地提權漏洞分析
https://www.anquanke.com/post/id/170013

Bypassing Network Restrictions Through RDP Tunneling
https://bit.ly/2S3GcyS

In-Depth analysis of new Fallout Exploit Kit
https://www.nao-sec.org/2019/01/in-depth-analysis-of-new-fallout.html

Artificial Neural Network Implementation using NumPy and Classification of the Fruits360 Image Dataset
https://bit.ly/2U8cPsv

Let's Learn: Progression of APT28 AutoIt Zebrocy Downloaders: Source-Code Level Analysis
https://www.vkremez.com/2019/01/lets-learn-progression-of-apt28-autoit.html

NFC Payments: Relay Attacks with LoRa
https://salmg.net/2019/01/12/nfc-payment-relay-attacks-with-lora/

Three Byte Overwrite to Exploit Vulnserver TRUN
https://bit.ly/2AViAm9

Cameradar v3.0.0 releases: Hacking RTSP CCTV Cameras
https://bit.ly/2AZ5Jj0

mushorg/conpot
https://bit.ly/2R5y507

maliceio/malice
https://bit.ly/2R87QpN

invictus1306/beebug
https://bit.ly/2MnNcBv

invictus1306/functrace
https://bit.ly/2S4CnJQ

Optimize your configuration of SQL Server
https://bit.ly/2S2crym

dirkjanm/PrivExchange
https://bit.ly/2HuJhUy

Abusing Exchange: One API call away from Domain Admin
https://bit.ly/2FR2Gww

fcavallarin/htcap
https://bit.ly/2WehBXx

yagiz/Bagel
https://bit.ly/2R7grsI

Parallels Toolbox: The ultimate software utility for Windows 10 and macOS
https://www.zdnet.com/pictures/parallels-toolbox-the-ultimate-software-utility-for-windows-10-and-macos/#ftag=RSSbaffb68

The GitHub Development Workflow
https://itnext.io/the-github-development-workflow-fb48d9bb63f9

Sunset of Windows Server 2008: Migrate with Docker
https://www.bankinfosecurity.com/sunset-windows-server-2008-migrate-docker-a-11964

The Application Security Team's Framework For Upgrading Legacy Applications
https://www.bankinfosecurity.asia/application-security-teams-framework-for-upgrading-legacy-applications-a-11965

Yes, More Callbacks — The Kernel Extension Mechanism
https://medium.com/yarden-shafir/yes-more-callbacks-the-kernel-extension-mechanism-c7300119a37a

Event Log Auditing, Demystified
https://hackernoon.com/event-log-auditing-demystified-75b55879f069

“Fake Stake” attacks on chain-based Proof-of-Stake cryptocurrencies
https://bit.ly/2R7sGG0

BYOB – Build your own Botnet
https://haxf4rall.com/2018/08/04/build-botnet/?fbclid=IwAR3mSlIPEGn5JbuWDdZj4uAdInFBI0L4lLu7ALVoGyy_-FNeuldk4vbMFDM


F.商業

2019資安新攻略 - 提前偵測防禦時間軸 | 強化 True Identity 與回應一致性
https://www.jas-solution.com/latest-sitemap/latest-newsflash-sitemap/447-detection-trueidentity-response

資安領域行情看俏,2018年創投挹注金額比2016年增加81%
https://www.ithome.com.tw/news/128390

思科投資台灣 公開AI伺服器、車聯網技術
https://bit.ly/2DuqNzH

Microsoft Teams 出新招:三大密技提升第一線員工生產力
https://technews.tw/2019/01/22/microsoft-teams-new-function/

台中慈濟醫院攜手team+打造智慧醫院,首創重要醫令即時覆核
https://bit.ly/2FTUlbe

關貿網路大佈局 鎖定產業創新應用
https://bit.ly/2MwFmFP

資安業務成長 關貿網路增1成人力
https://ec.ltn.com.tw/article/paper/1263369

關貿 衝刺三大區塊鏈業務
https://www.chinatimes.com/newspapers/20190123000336-260205

ISACA宣佈於50週年期間為全球商業科技專業人員舉辦的2019年活動
https://bit.ly/2DqFELa

趨勢科技電信資安解決方案通過 VMware-Ready 認證
http://www.pcdiy.com.tw/detail/11911

思科揭露強化供應鏈資訊安全的機制,除了定期稽核還要一起找出弱點
https://bit.ly/2FK6IaC

新加坡國家資安系統的關鍵技術 來自台灣這家公司
https://www.cw.com.tw/article/article.action?id=5093816

合勤推出統整沙箱功能的國產次世代防火牆,強調流量事件解析
https://www.ithome.com.tw/review/128184?fbclid=IwAR3ickKnOpcem4gTfL1rq7JnAdj7s_7C7a-DUulNvvnOrfv0N5uAnjoB8EM

改善企業資安架構,思科建議採用NIST框架進行規畫
https://www.ithome.com.tw/news/128455?fbclid=IwAR0SGKalQkPkPzW-xN1RCoXpjpgnP97ZeXRRTVyQNh3LpU98j-OqMb0zy-A

結合電腦復原,Malwarebytes端點偵防系統登場
https://www.ithome.com.tw/review/128186?fbclid=IwAR0qPLeIY7LRr-2gnNvWOnbbPVzcwy5ahq0XYg0FiW0vY7AU_osRGtrWeEA

Microsoft buys Citus Data
https://www.zdnet.com/article/microsoft-buys-citus-data/#ftag=RSSbaffb68


G.政府

網路戰開始!蔡總統、蘇揆提醒民眾「有空加我LINE」
https://bit.ly/2FKHHLV

為工研院、資策會、國研院喝采
http://talk.ltn.com.tw/article/paper/1262767

資安即國安!中企黑名單3月底前出爐
https://tw.appledaily.com/new/realtime/20190123/1505531/

今年6月底前 179家公司須設公司治理人員
https://www.chinatimes.com/realtimenews/20190122004682-260410

簡政便民!金管會今發函各銀行 3大交易免身分查驗
https://ec.ltn.com.tw/article/breakingnews/2680081

金管會核准日商鹿兒島銀行(The Kagoshima Bank, Ltd.)設立在臺代表人辦事處
https://bit.ly/2TbGTmV

金管會24日在新春記者會宣布虛擬貨幣ICO 6月擬納管
https://bit.ly/2T8TTK6

推FinTech! 金管會找上大學生ICO納管上半年有譜
https://www.chinatimes.com/realtimenews/20190124004585-260410

推金融科技 金管會祭四招
https://www.chinatimes.com/newspapers/20190125000365-260205

力挺純網銀央行預告修正「銀行業辦理外匯業務管理辦法」
https://www.chinatimes.com/realtimenews/20190124004439-260410

對純網銀採開放態度 央行放寬外匯業務2大限制條件
https://fnc.ebc.net.tw/FncNews/headline/68224

便民!自行客戶轉帳到同一銀行帳戶 可不用帶身分證
https://www.ettoday.net/news/20190122/1363082.htm

強化基礎設施資安 唐鳳:政府將招募培養白帽駭客協助
https://www.cmoney.tw/notes/note-detail.aspx?nid=156728

華為抵制風潮 議員蔡筱薇提案南市府防護
http://www.epochtimes.com/b5/19/1/23/n10996766.htm

美國認為華為構成間諜威脅無需證明
https://on.wsj.com/2FJG8Pb

政府招募白帽駭客 測試資安防護
https://www.cna.com.tw/news/firstnews/201901230310.aspx

中國微博、微信、百度危險// 公務手機電腦 禁連
http://news.ltn.com.tw/news/focus/paper/1263657

確保資安,行政院擬 3 月底提中國品牌產品黑名單
https://technews.tw/2019/01/24/plans-to-introduce-a-blacklist-of-chinese-brand-products-at-the-end-of-march/

政院拼資安 擴大禁用中資產品
https://tw.news.appledaily.com/headline/daily/20190125/38241764/

行政院研擬中國科技業「黑名單」最晚3月公布!《日經》:華為、聯想、中興通訊榜上有名
https://www.storm.mg/article/860995

禁用大陸網站與App 政府資安層級再升高將公布禁用設備
https://newtalk.tw/news/view/2019-01-24/199459

政府單位禁用中國資通產品 蘇貞昌:資安就是國安
https://cnnews.rti.org.tw/news/view/id/2009338

蘇貞昌:資安就是國安 民眾要有警覺
https://bit.ly/2sIavgc

跟進政院資安黑名單?柯P:中央確定政策再跟就好
http://m.ltn.com.tw/news/politics/breakingnews/2681574

禁購陸電信設備 張善政批政府外行籲協尋資安長
https://money.udn.com/money/story/5648/3613728

華為產品資安疑慮 台南市府全面禁用
https://news.tvbs.com.tw/politics/1072182

政院宣示資安風險控管 中央全面禁用陸資產品
http://m.match.net.tw/pc/news/international/20190124/4786002

以資安之名選邊?沾政治味的行政命令
https://udn.com/news/story/11311/3613450

政院推中資產品處理原則 鄭文燦:沒理由網路門戶洞開
https://udn.com/news/story/6656/3612349?from=udn-catebreaknews_ch2

刑事局精挑50人打假消息 立委質疑「如何定義」
https://udn.com/news/story/11311/3608993

藍委批官員,資安意識超薄弱
https://bit.ly/2B2dZyx

禁連.cn 不能完全阻隔風險
https://udn.com/news/story/12795/3613452

中國資通訊產品疑慮 南市府全面禁止
http://www.epochtimes.com/b5/19/1/24/n10999386.htm

中國微博、微信與百度網路 政府機關電腦公務手機禁止連結
https://tw.news.appledaily.com/politics/realtime/20190124/1506797

台灣研擬中國科技品牌禁止採購黑名單
https://www.bbc.com/zhongwen/trad/46990139

台電中油盤點未用中製資通產品 國產美日是主力
https://bit.ly/2FWyIHu

大陸製科技產品 公營事業包括在內政府擴大禁用
https://money.udn.com/money/story/7307/3612054

政府禁用中國資訊產品,資安處擬明確原則與禁用清單
https://ithome.com.tw/news/128444

金管會列10大工作重點 估6月完成純網銀審核
https://bit.ly/2WiTd6L

H.工控系統/ICS/SCADA 安全相關

智慧廠辦成全球主流 工安環控議題受關注
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000552168_8PN0RNP57WIHUW7JS17BN

工業機器人面臨網絡攻擊風險上升
https://on.wsj.com/2sKfrBg

機器人自動化攻擊再進化 同時可竊取OT與IT交換資訊 動態幻象技術混淆程式碼 提高滲透難度逼退駭客
https://www.netadmin.com.tw/article_content.aspx?sn=1901030007

I.教育訓練類

資安啟蒙第1步 解題挑戰初體驗
https://www.edu.tw/News_Content.aspx?n=9E7AC85F1954DDA8&s=92F43DF2AA57F583

資安試題
https://www.nowcoder.com/questionCenter?mutiTagIds=608

在雲端伺服器上利用 Python Selenium 擷取網站資料 以 AWS Lightsail 為例
https://bit.ly/2R9ckwm

web 應用常見安全漏洞一覽
https://segmentfault.com/a/1190000018004657

First steps to volatile memory analysis
https://medium.com/@zemelusa/first-steps-to-volatile-memory-analysis-dcbd4d2d56a1

Rock64 SIEM using Graylog, Pi-Hole, and Wireless AP
https://medium.com/@fbotes2/secure-dns-ids-and-wifi-ap-using-arm64-rock64-a0faa85bd833

Our learnings from adopting GraphQL
https://medium.com/netflix-techblog/our-learnings-from-adopting-graphql-f099de39ae5f

Beyond experts: jobs, tasks, and skills for a data driven Future of Work
https://www.zdnet.com/article/beyond-experts-jobs-tasks-and-skills-for-a-data-driven-future-of-work/#ftag=RSSbaffb68

Introduction to Matplotlib — Data Visualization in Python
https://heartbeat.fritz.ai/introduction-to-matplotlib-data-visualization-in-python-d9143287ae39

Packet Editing Live Connections with Python
https://bit.ly/2sG94yN

Installing CUDA and cuDNN on windows 10
https://bit.ly/2Uep472

Learn Python Programming – 7 Courses Video Training Bundle
https://bit.ly/2CJAxEh

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機

台灣準備好跟上 2019 年 AI 重要趨勢了嗎
https://bit.ly/2UhhU1Y

防範物聯網裝置衍生的威脅,思科呼籲應重視OT的資訊安全
https://www.ithome.com.tw/news/128426

物聯網資安未受重視!多數公司被駭都不知
https://bit.ly/2Mj9OTw

AI 開年翻車事件:Yelp 訓練神經網路除 bug,結果把整個程式庫刪了
https://technews.tw/2019/01/19/yelp-ai-debug-case/

實現IoT智慧工廠沒你想像中那麼簡單
https://www.eettaiwan.com/news/article/20190121NT31-Translators-Wanted

工業物聯網面臨數據挑戰,如何減少風險和漏洞
https://www.iyiou.com/p/90645.html

鄭貞茂:自駕車擬明年在台上路
https://udn.com/news/story/7240/3607544

智慧監視器被駭發假警報 美苦主以為飛彈來襲
https://bit.ly/2DvSGas

「北韓飛彈打來了」 居家監視器遭駭 假警報驚嚇屋主
https://bit.ly/2S52FLW

駭客入侵美居家保全系統 騙「北韓飛彈來惹!」
https://tw.appledaily.com/new/realtime/20190125/1507005/

網絡保安由系統設計做起 生產力促進局籲企業勿忽視細節
https://bit.ly/2sHu9c2

為物聯網裝置設計的Ubuntu Core 18釋出,企業能對邊緣運算裝置進行持續部署
https://ithome.com.tw/news/128418

The CIA wants to spy on you through your TV: Agency director says it will 'transform' surveillance
https://dailym.ai/2sAewDp

Gemalto study unveils only half of businesses can detect IoT security breaches
https://www.atmmarketplace.com/news/gemalto-study-unveils-only-half-of-businesses-can-detect-iot-security-breaches/

New cyber security standard for self-driving vehicles
https://bit.ly/2FMe4L5

Debunking Google’s Death AI
https://blog.usejournal.com/debunking-googles-death-ai-de9d59f9ce1c

Delivery wars: Amazon's new delivery robot VS Starship's college munchie robot
https://www.zdnet.com/article/amazons-new-delivery-robot-vs-starships-college-munchie-robot/#ftag=RSSbaffb68

K.CTF

NeverLAN CTF 2019
https://ctftime.org/event/706

STEM CTF: Cyber Challenge 2019
https://ctftime.org/event/661

DEF CON CTF 2019 Quals
https://www.oooverflow.io/dc-ctf-2019-quals/

CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair
https://bit.ly/2CWltVm

Official Website of CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair, Qingdao, China
https://bit.ly/2VnsC8p

International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

NeverLAN CTF
https://neverlanctf.com/


6.近期資安活動及研討會

 攀岩創客駭客松半日營 Saturday  26 January  2019  2:00 PM ~ 7:00 PM
 https://bit.ly/2sJbxsx

 超強區塊鏈應用開發實戰課程(週六班)  2019-01-26(六) 13:00 ~ 17:00 (GMT+8)
 https://www.accupass.com/event/1812030821059275625140

 資策會2019/2/16開辦ISO27002資訊安全管理國際認證班
 https://ithome.com.tw/pr/128353

 第二屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會  2019-02-20(三) 09:00 ~ 17:30 (GMT+8)
 https://www.accupass.com/event/1811190218087771003780

【PowerPoint簡報極限使用】2月主題:十倍速PPT製作  2019-02-20(三) 19:00 ~ 22:00 (GMT+8)
https://www.accupass.com/event/1810161307265689597830

iTHome 台灣雲端大會 Cloud Summit  2019  Call for paper  截止日 2 月 22 日
https://cloudsummit.ithome.com.tw/cfp/

Industrial Control Systems (ICS) Cyber Security Conference  APAC  April 16-18, 2019
https://www.icscybersecurityconference.com/

iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
https://cloudsummit.ithome.com.tw/

Splunk .conf 19  10/21 ~ 10/24
https://conf.splunk.com/

Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
https://www.icscybersecurityconference.com

沒有留言:

張貼留言

2024年 12 月份資安、社群活動分享

  2024年 12 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/3 https://www.meetup.com/taiwan-code-camp/e...