資安事件新聞週報 2018/12/31 ~ 2019/1/4

資安事件新聞週報  2018/12/31  ~  2019/1/4

1.重大弱點漏洞

鎖定Edge漏洞的攻擊程式曝光
https://www.ithome.com.tw/news/127943

Trend Micro OfficeScan XG檔案權限安全性弱點通告
http://files.trendmicro.com/products/officescan/XG/SP1/osce_xg_sp1_win_en_criticalpatch_b5261.html

新HTTP協定反成資安漏洞,後脅迫命令控制工具Merlin能以HTTP/2規避偵測
https://www.ithome.com.tw/news/127972

歐盟公布獎金懸賞計畫,盼安全研究人員找出開源軟體漏洞
https://technews.tw/2019/01/02/eu-to-fund-bug-bounty-programs-for-14-open-source-projects-starting-january-2019/

歐盟公佈獎金懸賞計劃 冀安全研究人員找出開源軟件漏洞
https://unwire.pro/2019/01/02/eu-to-fund-bug-bounty-programs-for-14-open-source-projects/news/

EU launches bug bounty programs for 15 software
https://bit.ly/2s9KWEq

針對微軟Edge瀏覽器漏洞的攻擊程序曝光
https://new.qq.com/omn/20181229/20181229A03WK6.html

安全人員公佈Microsoft Edge 的最新遠程漏洞
http://hackernews.cc/archives/24677

Microsoft ChakraCore遠程代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8391

SandboxEscaper再公布Windows 10零時差漏洞,Twitter帳號遭停用
https://www.ithome.com.tw/news/127964

Microsoft Internet Explorer遠程代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8447

近日,黑客發布第3個windows 0day漏洞
http://www.safebase.cn/article-254732-1.html

新思科技發現D-Link無線路由器存在漏洞,可繞過加密
http://www.ccidnet.com/2018/1229/10447943.shtml

IBM Security Guardium信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1272


Microsoft Exchange Server SSRF權限提升漏洞(CVE-2018-8581)
https://www.secrss.com/articles/7527

家用攝像頭藏漏洞可致用戶隱私數據遭到洩漏
https://tech.china.com/article/20181228/20181228230902.html

Twitter稱已修復賬戶劫持漏洞,黑客打臉:胡扯
https://www.ithome.com/0/403/003.htm

推特宣稱補好可挾持帳號的漏洞,研究人員駭入名人帳號打臉
https://ithome.com.tw/news/127965

LG網絡存儲設備曝嚴重RCE漏洞
http://m.anzhixun.com/news/201804/20112059.html?_d_id=c66c06b9179f89d6b509f2e144f3c8

ShareAlarmPro 2.1.4 Denial Of Service
https://www.anquanke.com/vul/id/1449720

Microsoft Issues Emergency Patch For Under-Attack IE Zero Day
https://thehackernews.com/2018/12/internet-explorer-zero-day.html

Updating to Windows 10 1809 Deactivates Built-in Admin Account
https://www.bleepingcomputer.com/news/microsoft/updating-to-windows-10-1809-deactivates-built-in-admin-account/


2.銀行/金融/保險/證券/支付系統/ 新聞及資安

超跑條款+1、機車肇事難承擔 2018熱門產險大事一次看
https://www.ettoday.net/news/20181230/1343622.htm

日防夜防 洩密難防 苦主遭黑客冒認出卡
https://hk.finance.appledaily.com/finance/daily/article/20181229/20579347

Anonymous攻擊國內金融機構: 緊急抗D48小時紀實
https://bit.ly/2TjSZdk

銀行資料不更新將凍結帳戶? 民怒嗆:你給我試試看
https://udn.com/news/story/7238/3566667

防洗錢新制 資料更新變擾民運動
https://money.udn.com/money/story/5613/3566721

一頁網路公告…銀行把全民當「嫌疑人」
https://udn.com/news/story/7238/3566653

銀行資料不更新將凍結帳戶? 民怒嗆:你給我試試看
https://udn.com/news/story/7238/3566667

不更新銀行資料將暫停服務?防洗錢新制惹民怨
https://news.ebc.net.tw/News/Article/146229

金管會:列入「制裁名單」 帳戶才會被凍結
https://udn.com/news/story/7238/3566656

「必經陣痛期」各行庫忙爆 保證個資不外洩
https://udn.com/news/story/7238/3566654

洗錢防制法上路!2/28前「更新個資」挨批 金管會下令:台銀重新公告
https://www.ettoday.net/news/20190101/1345053.htm

要求客戶更新資料遭抱怨 台銀以抽獎替代強制
https://udn.com/news/story/7239/3567594

臺灣銀行說明 防制洗錢客戶資料更新作法
https://www.chinatimes.com/realtimenews/20181231002178-260410

銀行客戶資料更新,金管會祭3措施避擾民
https://www.chinatimes.com/realtimenews/20190103001029-260410

洗錢防制遭批擾民 金管會要求銀行須「合理執行」
https://ec.ltn.com.tw/article/breakingnews/2660114

沒補資料不能領錢!防洗錢新制惹民怨
https://bit.ly/2F69k1t

防洗錢惹民怨!銀行急要求更新資料 金管會下令「要給客戶充分時間」
https://www.ettoday.net/news/20190102/1346461.htm

防洗錢惹民怨 洗防辦:客戶資料更新基於風險基礎
https://money.udn.com/money/story/7307/3573398

久未動或低金額帳戶簡便結清 國內恐掀關戶潮
https://www.chinatimes.com/realtimenews/20190102003932-260410

銀行洗防惹民怨 金管會:多元管道方便辦理
https://bit.ly/2VsCMEz

因應我國CRS,敬請客戶配合審查
https://bank.sinopac.com/sinopacBT/about/introduction/announcement/content/20181226110911275000000000000094.html

中國農業銀行 系統維護公告(12月29日)
http://www.abchina.com/zt/PersonalServices/SvcBulletin/201812/t20181228_1806039.htm

美國電訊商網絡故障兩天 911 緊急電話和 ATM 均受影響
https://unwire.hk/2018/12/30/centurylink-outage-caused-bad-networking-card-colorado/fun-tech/

輪到美國人癲狂 37個州斷網ATM沒法用打911佔線
https://news.sina.com.tw/article/20181231/29489372.html

ATM變聰明刷臉把關 沒帶卡領錢換外幣都OK
https://tw.news.appledaily.com/new/realtime/20181229/1491848/

ATM領錢不用提款卡 刷臉掃QR Code好科幻
https://bit.ly/2F1q5L4

台新銀ATM 陸客用銀聯卡「嗶」一下就領錢
https://tw.appledaily.com/new/realtime/20181229/1491149/

金控拚FinTech 今年砸120億
https://udn.com/news/story/7239/3564104?from=udn-catelistnews_ch2

CPTPP開放零售、銀行和電子商務 亞洲商業門戶大開
https://udn.com/news/story/6811/3565751

【虛擬銀行】WeLab確認獲金管局發信通知 進入下一輪遴選
https://bit.ly/2F0mHRL

AI、物聯網…國銀布局主軸
https://money.udn.com/money/story/5613/3564123

企業網銀登錄頁面被被2345劫持
http://bbs.huorong.cn/thread-52863-1-1.html

美國銀行測試信用卡「動態安全碼」冀減少盜用案件
https://hk.thenewslens.com/article/111197

發票領獎別再跑郵局 下載App一指搞定
https://news.ebc.net.tw/News/living/146343

即日起無摺存款超過3萬元 要給銀行看證件
https://udn.com/news/story/7239/3569528?from=udn-ch1_breaknews-1-cate6-news

癌症險定義標準化 金管會下令業者不得變相漲價
https://money.udn.com/money/story/5613/3568614

壽險愛債券ETF,金管會踩煞車
https://bit.ly/2CKgNBJ

金融行動講堂 周五中大開講
https://money.udn.com/money/story/5648/3569321

【幽靈信用卡】他剪卡近1年 聯徵竟列「還在使用中」
https://tw.appledaily.com/new/realtime/20190102/1492713/

從手工操作到電子銀行:信息化建設重塑銀行服務「內核」
https://news.sina.com.tw/article/20190102/29500708.html

廣東順德在全國首創「互聯網+食品追溯+陽光車間+電子支付+食安保險」項目
https://ek21.com/news/tech/11824/

英媒:人民幣國際支付佔比回升 創三個月新高
https://news.sina.com.tw/article/20190101/29495572.html

外媒:中國P2P網貸市場將崩潰
https://www.taiwannews.com.tw/ch/news/3608709

日圓飆漲 要換快換 創2年新高 5萬台幣少換9104日圓
https://tw.news.appledaily.com/headline/daily/20190103/38222559/

歐洲央行派員「接管」義大利銀行
https://www.chinatimes.com/realtimenews/20190102004287-260410

傳富邦主導純網銀 LINE:適當時機公布
https://money.udn.com/money/story/5613/3571486

純網銀國家隊 花旗銀傳入股7%
https://tw.news.appledaily.com/finance/daily/20190103/38222021/

富邦:刪郵事件 烏龍一場
https://money.udn.com/money/story/5613/3571265

DBS banks on data to know what customers want before they themselves know
https://www.zdnet.com/article/dbs-banks-on-data-to-know-what-customers-want-before-they-themselves-know/#ftag=RSSbaffb68

Lessons from the Equifax Data Breach Report
https://medium.com/@NickDeshpande/lessons-from-the-equifax-data-breach-report-4483914bf0ee

徵才 - 資安防護系統管理人員  考試
https://bit.ly/2R4ZeFs


3.電子支付/行動支付/ 新聞及資安

電支電票二合一 最快4月鳴槍
https://ec.ltn.com.tw/article/paper/1258368

規範電子商務 陸立專法、網上開審
https://www.chinatimes.com/newspapers/20190101000188-260309

2018年10大卡新聞(下) 電子支付雙雄大混戰
https://bit.ly/2GPFYa9

淘寶今起停八達通支付 電商路再受挫 分析:更難打入零售市場 未來定位需更清晰
https://bit.ly/2GXMlbk

八達通淘寶付款叫停 受人民銀行新政策影響
https://unwire.hk/2019/01/01/octopustaobao/life-tech/

移動支付,香港急起直追
https://news.sina.com.tw/article/20181230/29484646.html

香港大力推進移動支付,但成熟支付養成的習慣是最大阻礙
https://news.sina.com.tw/article/20181230/29484692.html

日本FamilyMart明年中推電子支付服務 下一步擬覆蓋驚安殿堂
https://bit.ly/2VmVEVM

英國大誌攜手銀行、監管當局 要讓街友用電子支付收款
https://money.udn.com/money/story/5602/3565489

行動支付全面取代傳統貨幣?學者:需思考限制因素
https://tw.appledaily.com/new/realtime/20181229/1487260/

寶太雜、PAY太多 可以整合一下嗎
https://www.chinatimes.com/realtimenews/20181230002251-260410

新光銀行目前無法用街口 linepay一卡通
https://www.ptt.cc/bbs/MobilePay/M.1546311553.A.BF2.html

不只購物網 信用卡回饋系統也藏漏洞
https://bit.ly/2s1KHLN

加拿大公車局 Metropass卡 由Presto卡全面取代
https://bit.ly/2CKfkLJ

移動電子支付時代,選擇棄用花唄的人察覺到了什麼
https://read01.com/LdBy655.html#.XCwkTlwzaUk

支付一邊一國 不能抄中國
https://ec.ltn.com.tw/article/paper/1258373

TNG推跨境支付 冀「一Code打天下」
http://hd.stheadline.com/news/realtime/hk/1400808/

日本手機支付服務「眼花繚亂」
https://zh.cn.nikkei.com/industry/tradingretail/33732-2019-01-02-05-00-40.html

KDDI「au Pay」4月上路 擁1000億日圓潛在用戶規模
https://fnc.ebc.net.tw/FncNews/else/65287

Pay-Per-Install Company Deceptively Floods Market with Unwanted Programs
https://bit.ly/2Ap0E3j

Reserve Bank of India tells banks to dump magstripe credit, debit cards for EMV
https://www.atmmarketplace.com/news/reserve-bank-of-india-tells-banks-to-dump-magstripe-credit-debit-cards-for-emv/

4.虛擬貨幣/區塊鍊   新聞及資安

研究人員宣稱發現Trezor和Ledger硬錢包漏洞
http://www.sohu.com/a/285285764_115060

研究團隊展示硬件錢包漏洞,Trezor承諾更新固件
http://www.bitecoin.com/online/2018/12/34173.html

Trezor回應錢包漏洞一事:屬於物理漏洞,不會對普通用戶造成威脅
http://www.01caijing.com/article/33896.htm

比特幣的價值,其實完全來自於「社會契約層」
http://news.knowing.asia/news/cf563d19-f47e-4c9f-830a-37d18eeef0c9

你真的要投資虛擬資產 那麼看一看劉怡翔的觀點
https://www.finet.hk/newscenter/news_content/5c285676bde0b36feb35a4f0

科威特國家銀行採用Ripple區塊鏈支付網絡,推出新匯款服務
https://www.blocktempo.com/national-bank-of-kuwait-launches-ripple-based-cross-border-payments/

區塊鏈的到來會給社會生活帶來哪些顛覆
http://news.knowing.asia/news/f574f9e5-caff-42ae-8a58-7990c696d5c6

區塊鏈對各行各業的破壞性影響可使其進一步成長
http://news.knowing.asia/news/9db3824f-131a-482e-a6f5-4c890ff38c80

2018:加密貨幣劫持元年
https://www.aqniu.com/industry/42165.html

獨立機構報告:全球前 25 大虛擬貨幣交易所 80% 量都用刷的
https://bit.ly/2RqwohX

EOS回滾攻擊手法分析之黑名單篇
https://www.freebuf.com/vuls/192935.html

瑞士加密貨幣交易所Bity宣布,將為第三方提供加密貨幣交易API
https://news.sina.com.tw/article/20190103/29521246.html

Hacked Mt. Gox Bitcoin Exchange Chief Maintains Innocence
https://www.bankinfosecurity.com/hacked-mt-gox-bitcoin-exchange-chief-maintains-innocence-a-11904


5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體

美多家媒體遭感染惡意程式影響發行,紐時、華爾街日報也受害
https://ithome.com.tw/news/127961

從“驅動人生”APT攻擊事件看企業安全建設誤區
https://www.aqniu.com/learn/42208.html

2018年勒索病毒威脅態勢全報告
https://www.aqniu.com/industry/42232.html

Windows 10 沙箱新功能“基鏡像”:可安全執行任意軟件
https://www.aqniu.com/tools-tech/42088.html

“HTTPS劫匪木馬”捲土重來單日攻擊高達190萬次
https://www.aqniu.com/threat-alert/42055.html

偽裝成“發票到期”電子郵件,傳播Neutrino殭屍網絡
https://www.freebuf.com/articles/terminal/192981.html

遲來的聖誕禮物?勒索軟體FilesLocker作者釋出解密金鑰
https://bit.ly/2s7z0TC

研究人員首次發現隱藏在 Windows UEFI 的 Rootkit 惡意軟體攻擊事件
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=778

利用Telegram通信的勒索病毒Vendetta,你有見過嗎
https://www.freebuf.com/articles/terminal/193148.html

Vendetta Ransomware
https://www.tutorialjinni.com/vendetta-ransomware-sample-download.html

Communications Authority of Kenya warns of Emotet malware targeting network systems
https://africabusinesscommunities.com/tech/tech-news/communications-authority-of-kenya-warns-of-emotet-malware-targeting-network-systems/

DanaBot Banking Trojan Gets into Spam Business
http://www.hackbusters.com/news/stories/4147400-danabot-banking-trojan-gets-into-spam-business

New ReiKey app can detect macOS keyloggers
https://www.zdnet.com/article/new-reikey-app-can-detect-macos-keyloggers/#ftag=RSSbaffb68

The Mac Malware of 2018
https://bit.ly/2F6KLSL

Revamped cryptominer strikes Asia through EternalBlue exploit
https://www.zdnet.com/article/revamped-cryptominer-is-striking-asia-through-eternal-blue-exploit/#ftag=RSSbaffb68

Security: Ransomware, Kali Linux and Cryptocurrency
https://bit.ly/2LN3Eec

Analysis of the latest Emotet propagation campaign
https://www.welivesecurity.com/2018/12/28/analysis-latest-emotet-propagation-campaign/

A Data-Stealing Malware – Emotet Is Back And It Is Targeted Kenya
https://cybersguards.com/a-data-stealing-malware-emotet-is-back-and-it-is-targeted-kenya/

Suspected Ransomware Outbreak Disrupts US Newspapers
https://www.bankinfosecurity.com/suspected-ransomware-outbreak-disrupts-us-newspapers-a-11911

Stop the Presses: Don't Rush Tribune Ransomware Attribution
https://www.bankinfosecurity.com/blogs/stop-presses-dont-rush-tribune-ransomware-attribution-p-2700

Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S.
https://www.latimes.com/local/lanow/la-me-ln-times-delivery-disruption-20181229-story.html

The Results Are In: Fake Apps and Banking Trojans Are A Cybercriminal Favorite
https://bit.ly/2RqtQAt

Ransomware suspected in cyberattack that crippled major US newspapers
https://www.zdnet.com/article/ransomware-suspected-in-cyberattack-that-crippled-major-us-newspapers/#ftag=RSSbaffb68

The Rise of Self-Concealing Steganography
https://www.bankinfosecurity.com/rise-self-concealing-steganography-a-11902

No More Ransom partners with Microsoft, Cisco for anti-ransomware tools
https://www.atmmarketplace.com/news/no-more-ransom-partners-with-microsoft-cisco-for-anti-ransomware-tools/

Cyber News Rundown: Android Trojan Steals Credentials
https://www.webroot.com/blog/2018/12/14/cyber-news-rundown-android-trojan-steals-credentials/

Cyber News Rundown: WeChat Ransomware
https://www.webroot.com/blog/2018/12/07/cyber-news-rundown-wechat-ransomware/


B.行動安全 / iPhone / Android / App

鼓勵5G私網 應兼顧公平競爭
https://money.udn.com/money/story/5612/3565295

華為5G通訊市場空缺誰來補 Nokia、愛立信多有考量
https://www.ettoday.net/news/20190102/1345656.htm

陸個稅App遭木馬盯上 元旦恐引爆發潮
https://www.chinatimes.com/realtimenews/20181230001601-260410

個稅APP有木馬上線1天發現62例
https://www.aqniu.com/threat-alert/42217.html

外圍推投注APP 吸年輕賭客
http://hd.stheadline.com/news/realtime/hk/1399518/

Android (安卓)桌布應用程式出現廣告詐騙活動
https://blog.trendmicro.com.tw/?p=58454

WhatsApp群組傳閱性侵圖 Google未察覺兼落廣告
https://bit.ly/2QfgsdQ

涉性侵App獲放廣告 fb被指審核存漏洞
https://bit.ly/2AoREuO

用APP加速搶票 有人被坑
https://www.chinatimes.com/newspapers/20190102000127-260309

報告:Spotify、Trip Advisor等20款Android app偷偷將用戶資料傳給臉書
https://www.ithome.com.tw/news/127963?fbclid=IwAR2r_jMkxy-zT9akl7gG6AvqNfQMwgiIj5f_ktSvZNmqqvekFkPXDakOE3M

小心!App Store上的「Setup for Amazon Alexa」程式是假冒的
https://www.ithome.com.tw/news/127945?fbclid=IwAR0dWQblnJMUAOd6o-nzK3j-66i_44qWXJMwvjlt6bryA_UY9lkmGFUdt4k

防iOS 12密碼暴力破解!這個安全USB配件功能一定要啟用
https://mrmad.com.tw/enable-usb-restricted-mode

傳中國開發商一款下載數上千萬的氣象預報app暗中蒐集用戶資料
https://www.ithome.com.tw/news/127987?fbclid=IwAR0B0BisOLt7d9LnS37Cy8UtR8nht9okez-CJ3sx8Go20gh5GNRYdE6AZfk

爆TCL天氣App蒐集用戶個資 當心42款中國軟件
https://www.secretchina.com/news/b5/2019/01/04/881006.html

倫敦資安公司示警,TCL 天氣預報 APP 祕密收集用戶資料
https://technews.tw/2019/01/03/app-from-tcl-collect-users-data-illegally/

「藻」控糖不再慌! 「智能血糖APP」守護糖友
https://bit.ly/2GSFgJk

別再被騙啦  自行檢視LINE設定  安全把關一起來
https://times.hinet.net/news/22175144

香港地區 Google Play 商店應用程式保安風險報告 (2018年 12 月)
https://www.hkcert.org/my_url/zh/blog/18123101

Chrome in Android Leaks Device Fingerprinting Info
https://threatpost.com/chrome-in-android-leaks-device-fingerprinting-info/140480/

Vulnerability in Chrome for Android Patched Three Years After Disclosure
https://www.securityweek.com/vulnerability-chrome-android-patched-three-years-after-disclosure

C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件

2018年網絡安全大事記
https://www.aqniu.com/industry/42318.html

Google ReCaptcha 語音驗證碼遭破解!準確率高達 85%
https://bit.ly/2CLgp5V

中國城市網約車監管:政策走向與發展前景
https://news.sina.com.tw/article/20190103/29522068.html

狂迷駭客出手:入侵 ChromeCast 只為 PewDiePie 加人氣
https://www.techapple.com/archives/28044

谷歌曾坐視不管Chromecast漏洞現遭黑客利用
http://www.sohu.com/a/286187905_115060

駭客綁架數千個 Chromecast 只為警告用戶這項安全漏洞
https://www.saydigi.com/2019/01/chromecast-bug-hackers-havoc.html

駭客挾持Chromecast等眾多連網裝置以播放任意YouTube影片
https://ithome.com.tw/news/127998

PSV全面破解時期來臨,Bootloader被Team Molecule團隊攻破
https://www.techbang.com/posts/63747-psvs-full-cracking-period-comes-and-bootloader-is-breached-by-team-molecule

2019年五大攻擊形式和數據洩露的八大預測
https://www.aqniu.com/news-views/42023.html

員工在家上班,將為企業帶來那些資安風險
https://blog.trendmicro.com.tw/?p=58393

臉書也開始試驗加密DNS,測試結果顯示加密不會增加整體延遲
https://www.ithome.com.tw/news/127903?fbclid=IwAR3IUa1W_ojqHw7iNpDBcUX75URB8bsqnwRKzniA-gX8dsKdrZRQrQadIbE

Windows 7 終止支援迫在眉睫,你的公司知道如何應對嗎
https://www.inside.com.tw/article/15165-Modern-Desktop-Microsoft-365

舊的威脅還沒解決,新的威脅卻不斷出現?解析四種企業易遭到的攻擊
https://blog.trendmicro.com.tw/?p=58321

Chrome工程師:如果不喜歡新UI,可用其他瀏覽器
https://qooah.com/2018/12/29/users-dont-like-chrome-71-ui/

功臣身退!2019年起Steam將停止支援Windows XP、Vista
https://www.upmedia.mg/news_info.php?SerialNo=55184

青松資訊:Anonymous捲土重來OpIcarus2018持續發威
https://www.aqniu.com/vendor/41932.html

BBC拿出50萬英鎊尋求頂級DDoS防護
https://www.aqniu.com/news-views/42051.html

攻擊欺騙技術助企業實現威脅情報的“一早三光”
https://www.aqniu.com/vendor/41916.html

NIST風險管理框架2.0更新網絡安全策略
https://www.aqniu.com/industry/42163.html

SDN驅動下一代NPBs產品融合發展
https://www.aqniu.com/tools-tech/42061.html

保護API安全是不可能的任務
https://www.aqniu.com/learn/42226.html

關係到你的買買買!電子商務法十大新亮點
https://news.sina.com.tw/article/20190101/29496740.html

博弈黑產,高校網站需要加速升級對抗手段
https://www.aqniu.com/vendor/41831.html

封鎖白帽子放縱黑帽子:GDPR醜陋的一面
https://www.aqniu.com/news-views/42053.html

李梓敬:「智慧城市」的最大敵人
https://bit.ly/2CIibVA

一篇文章了解Splunk的技術和業務發展方向
https://www.aqniu.com/learn/42114.html

12款頂級SIEM工具比較與評級
https://www.aqniu.com/learn/42117.html

2018消費者最愛投訴:裝修承包商、手機應用程序安全、社交媒體駭客
https://udn.com/news/story/6812/3568263

方保僑的資訊科技界大事回顧
https://bit.ly/2ThIlUt

網戰部門 未來攻防能力並重
http://news.ltn.com.tw/news/politics/paper/1257949

國泰疑系統出錯 往返越南美國頭等機票不用8000港元 已停售搶修
https://bit.ly/2GR0XcF

49萬商務艙標錯賣2萬 國泰航空認賠送大禮
https://money.udn.com/money/story/10511/3572126

生物辨識藏資安風險恐遭駭客攻擊.盜用
http://www.ustv.com.tw/UstvMedia/news/109/20190103A146

「靜脈驗證」比指紋安全?駭客以蠟製假手破解
https://www.inside.com.tw/article/15172-Hackers-defeat-vein-authentication-by-making-a-fake-hand

靜脈掃描認證被破解 安全研究人員指破解成本不高
https://unwire.pro/2019/01/02/vein-authentication-wax-hand-hack/news/

美大學發明人造指紋 可解鎖全球1/3手機 安全堪憂
https://www.ettoday.net/news/20190102/1346027.htm

美大學聯合開發人工指紋:全球1/3手機恐被解鎖
https://tw.news.appledaily.com/new/realtime/20190102/1493856/

少年黑客篡改平台餘額 提現80餘萬元被批捕
https://news.sina.com.tw/article/20181230/29479244.html

發出網絡安全漏洞通報663份現場處置17個信息系統網絡安全事件
http://www.gzjd.gov.cn/gzjd/gaxw_gzdt/201812/48c0f0e12f804aceaef1db612acb4630.shtml

陸資安研究員取消黑帽演講 不教破解Face ID了
https://money.udn.com/money/story/5599/3573841

駭客公開破解 iPhone 臉部辨識!因「太好學」被阻止
https://www.inside.com.tw/article/15213-face-id-breached

蘋果Face ID能被破解?安全研究員取消技術彙報
https://news.sina.com.tw/article/20190104/29535368.html

韓通訊商將引進華為設備 但資安疑慮尚未消除
https://ec.ltn.com.tw/article/breakingnews/2660951

日封殺華為產品 華為半版聲明:我們是單純的民間企業
https://www.ptt.cc/bbs/Gossiping/M.1545978852.A.36E.html

阻擋駭客竊取機密!日本將立法禁用國外資料庫 
https://www.ettoday.net/news/20190102/1346280.htm

華為風暴:一家通訊設備商,為何引發全球科技戰
https://www.gvm.com.tw/article.html?id=55380

嚴防入侵!英國兩大機場訂購反無人機設備
https://udn.com/news/story/6809/3573933

西澳能源公司遭中共駭客襲擊
http://www.epochtimes.com/b5/19/1/3/n10951152.htm

印度加強限制外國電商經營
https://www.chinatimes.com/realtimenews/20181228004493-260410

「洛杉磯時報」遭國外駭客攻擊 多家主要報紙印報停擺
https://bit.ly/2GKELkf

「洛杉磯時報」遭國外駭客攻擊 多家主要報紙印報停擺
https://bit.ly/2AoJi6y

美國大報印刷派報遇「駭」 國安部追兇
http://news.ltn.com.tw/news/world/paper/1257995

印刷商受駭客攻擊 多份美國報章無法如期印製
https://unwire.pro/2019/01/02/cyber-attack-hits-u-s-newspaper-distribution/security/

多家媒體被駭客攻擊 國安部介入追查
https://bit.ly/2BQ8Edn

印刷商受駭客攻擊 多份美國報章無法如期印製
https://unwire.pro/2019/01/02/cyber-attack-hits-u-s-newspaper-distribution/security/

北韓駭客出手? 南韓安置中心997名脫北者個資外洩
https://www.ettoday.net/news/20181228/1343010.htm

北韓駭客出手? 南韓安置中心997名脫北者個資外洩
https://bit.ly/2ViNZrc

神秘駭客盜取近千名脫北者個資
https://news.wearn.com/c114545.html

南韓安置中心脫北者個資遭駭 人數近千
https://hk.aboluowang.com/2018/1229/1224526.html

近千脫北者信息被盜 在朝家人安危堪憂
https://www.ntdtv.com/b5/2018/12/28/a102476012.html

北韓黑客改變攻擊目標 從交易所轉向散戶投資者
http://staging.blockcast.it/2018/12/03/north-korean-hackers-take-aim-at-individual-crypto-investors/

從逮捕駭客到華為 國際「反共聯盟」形成
https://bit.ly/2CGrJAl

又是華為! 歐盟將加強對中國大陸科技公司審查
https://www.ettoday.net/news/20190103/1346618.htm

任正非發布致員工信 再度強調資安、隱私
https://m.ctee.com.tw/livenews/aj/01032019113256046

假消息猛攻自由堡壘台灣 國際追中共黑影
http://www.ntdtv.com.tw/b5/20181229/video/237030.html

義媒45記者被捕 中國警嗆:整死你跟捏死螞蟻一樣
https://tw.appledaily.com/new/realtime/20181229/1491639/

「共產黨想整你,就像碾死一隻小螞蟻」
https://www.storm.mg/article/768498

45名記者揭內幕被逮 遭中國警恐嚇
https://bit.ly/2GLa8LS

愛沙尼亞推動E化政府有成 出生網路登記、投票只需2分鐘
https://bit.ly/2AmUW1y

美國防部報告:彈道導彈防禦系統存在嚴重安全問題
https://www.aqniu.com/news-views/42017.html

分析家:美陸科技冷戰打不停 世界可能裂變為兩大陣營
https://www.chinatimes.com/realtimenews/20190102002435-260408

2018重溫:十大網絡安全知識 保護私隱你要識
https://ol.mingpao.com/php/hotpick3.php?nodeid=1545385975687&issue=20181231

アフリカCSIRT構築支援 ~チュニジア編
https://blogs.jpcert.or.jp/ja/2018/12/csirt.html

Web Diary Professional を使用している Web サイトの改ざんについて
https://www.jpcert.or.jp/newsflash/2018121901.html

At least 3,226 user records compromised in Luas cyber attack
https://anticorruptiondigest.com/anti-corruption-news/2019/01/04/at-least-3226-user-records-compromised-in-luas-cyber-attack/#axzz5bcXBglMD

Brazilian government to create data protection authority
https://www.zdnet.com/article/brazilian-government-to-create-data-protection-authority/#ftag=RSSbaffb68

EU to fund bug bounty programs for 14 open source projects starting January 2019
https://www.zdnet.com/article/eu-to-fund-bug-bounty-programs-for-14-open-source-projects-starting-january-2019/#ftag=RSSbaffb68

Hackers steal personal info of 1,000 North Korean defectors
https://www.zdnet.com/article/hackers-steal-personal-info-of-1000-north-korean-defectors/#ftag=RSSbaffb68

Defense contractor: IT must embrace ‘radical transparency and culture change’
https://www.zdnet.com/article/defense-contractor-it-must-embrace-radical-transparency-and-culture-change/#ftag=RSSbaffb68

CenturyLink outage takes down several 911 emergency services across the US
https://www.zdnet.com/article/centurylink-outage-takes-down-several-911-emergency-services-across-the-us/#ftag=RSSbaffb68

Government Seeks to Tweak IT Act Rules
https://www.bankinfosecurity.asia/government-seeks-to-tweak-act-rules-a-11900

The “One Thing” in Cyber
https://medium.com/swlh/the-one-thing-in-cyber-594b9a5f2c3a

Cybersecurity in 2018: the bad, the worse and the downright nasty
https://bit.ly/2QbMGqx

Introduction to AI for Cyber Security Professionals
https://www.cybrary.it/0p3n/intro-to-ai-cyber-security-pros/

What Separates Webroot WiFi Security from Other VPNs
https://www.webroot.com/blog/2018/12/13/what-separates-webroot-wifi-security-from-other-vpns/

Hacker hijacks thousands of Chromecasts and smart TVs to play PewDiePie ad
https://www.zdnet.com/article/hacker-hijacks-thousands-of-chromecasts-and-smart-tvs-to-play-pewdiepie-ad/#ftag=RSSbaffb68

IS HACKING BACK A VIABLE STRATEGY FOR CYBER DEFENSE? A Q&A WITH MALCOLM HARKINS
https://bit.ly/2FajKxk

Research: SmarTor – Improving the security of Tor via smart contracts
https://bit.ly/2CO6BZa

The Microsoft Graph Security API is now generally available
https://bit.ly/2SI3nM0

Write your Own Virtual Machine
https://bit.ly/2F3w57f

徵才 - 9223: Sr. Engineer (FRS Infra)
https://www.104.com.tw/job/?jobno=6e20b&jobsource=hotjob_chr

徵才 - 【信義房屋】MIS 工程師 (具Linux經驗)
https://www.104.com.tw/job/?jobno=52sks&jobsource=hotjob_chr

徵才 - Java 或 PHP 資深工程師
https://www.104.com.tw/job/?jobno=5edsi&jobsource=hotjob_chr

徵才 - 維運資安工程師
https://www.104.com.tw/job/?jobno=5c6zm&jobsource=joblist_a_relevance

徵才 - 資安工程師
https://www.104.com.tw/job/?jobno=5p4ja&jobsource=joblist_a_relevance

徵才 - 資安工程師
https://www.104.com.tw/job/?jobno=6h3vr&jobsource=joblist_a_relevance

徵才 - 資安工程師
https://www.104.com.tw/job/?jobno=3xacz&jobsource=joblist_a_relevance

徵才 - 資安工程師 (Security Engineer)
https://www.104.com.tw/job/?jobno=5zrgs&jobsource=joblist_a_relevance

徵才 - 資安工程師
https://www.104.com.tw/job/?jobno=6dqk0&jobsource=joblist_a_relevance

徵才 - 資安工程師
https://www.104.com.tw/job/?jobno=6gquk&jobsource=joblist_a_relevance

徵才 - 資安工程師
https://www.104.com.tw/job/?jobno=68y3c&jobsource=joblist_a_relevance

徵才 - 資安工程師
https://www.104.com.tw/job/?jobno=6cgfw&jobsource=joblist_a_relevance

徵才 - 資安工程師
https://www.104.com.tw/job/?jobno=6dm4t&jobsource=joblist_a_relevance

徵才 - 資安工程師
https://www.104.com.tw/job/?jobno=38ae0&jobsource=joblist_a_relevance

徵才 - 網路資安工程師
https://www.104.com.tw/job/?jobno=4c8xv&jobsource=joblist_a_relevance

徵才 - 資安工程師
https://www.104.com.tw/job/?jobno=4hk7q&jobsource=joblist_a_relevance

徵才 - 資安工程師
https://www.104.com.tw/job/?jobno=6gdla&jobsource=joblist_a_relevance

徵才 - 資訊安全治理工程師
https://hunter.104.com.tw/TC/home/job_description.jsp?strCaid=FG11FT0003

徵才 - 資安業務人員
https://www.104.com.tw/job/?jobno=6gzce&jobsource=joblist_a_date

徵才 - Junior Data Engineer #2
https://bit.ly/2GREhc9

徵才 - Deep Learning/Machine Learning Engineer/Scientist
https://bit.ly/2TnHIcb


D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷

獨家:日本檢察機關可從企業獲取個人信息 隱私或暴露無遺
https://tchina.kyodonews.net/news/2019/01/4b4c571045dd--.html

憂門禁E-TAG竊個資 東華學生嗆校方「過度極權」
https://tw.appledaily.com/new/realtime/20190103/1494056/

鐵路訂票官網洩470萬用戶資料
https://hk.news.appledaily.com/international/daily/article/20190102/20581884

網路釣魚將取代漏洞攻擊套件,成為主要攻擊管道(6-1)
https://bit.ly/2SvYUvW

2018年數據洩露事故Top10
https://www.freebuf.com/news/193172.html

Bithumb 用戶被盜 35 萬美元 法院裁定:無罪、不用賠
https://www.hksilicon.com/articles/1716886

欺騙防禦入門:花最少的時間、金錢和資源得到最大效能
https://www.aqniu.com/learn/41961.html

黑客最愛用三種郵件入侵手法
https://www.aqniu.com/industry/42109.html

F5 Networks發布2018年網絡釣魚和欺詐報告網絡釣魚在節假日期間達到峰值
https://www.aqniu.com/industry/42105.html

中國法院:攜程買票不安全 個資傳輸不加密
https://money.udn.com/money/story/5604/3568515

愛情公寓有騙子 15女加入被害人群組指控騙財騙色
https://udn.com/news/story/7321/3569407

直播主分飾多角! 不同分身遭控騙財騙色
https://bit.ly/2RssQM5

12306賬號被兜售 到底誰是泄露者
https://news.sina.com.tw/article/20181229/29473932.html

中東、北非人權人士也遭駭客網釣信件鎖定,連雙因素驗證機制也被突破
https://times.hinet.net/topic/22168314

涉詐騙按揭 銀行拒評論 團體促金管局介入調查 
https://bit.ly/2rZxbrM

2018 年百大最爛密碼出爐!「123456」、「password」霸榜 5 年冠、亞軍
https://www.limitlessiq.com/news/post/view/id/8296/

調查局再破電信詐欺 豪宅透天厝逮11人
https://udn.com/news/story/7315/3563323

資料外洩事件頻生 企業須全方位網絡保安加強應對
https://unwire.pro/2018/12/29/cisco-security-suggestion/columnist/

男警私查女警個資遭懲處調職? 警分局澄清:查過往車輛未洩密
https://www.chinatimes.com/realtimenews/20181231001319-260402

女大生被騙這招落入陷阱 20萬學費全飛了
https://bit.ly/2LKCxAA

詐騙車手被逮 耍悲情稱「某有身、囝細漢」
http://news.ltn.com.tw/news/society/breakingnews/2656991

售票窗洩私隱 歹徒獲取資料騙局更真實難防
https://hk.on.cc/hk/bkn/cnt/news/20181229/bkn-20181229020020651-1229_00822_001.html

代辦信用卡詐騙880餘萬 82名被告人被判刑
https://news.sina.com.tw/article/20181228/29465680.html

社群平台融資廣告 警籲勿輕信可能為詐騙
https://udn.com/news/story/7321/3565021

陸金光黨金門現蹤 老農250萬血汗錢被騙光
https://bit.ly/2LKEOvC

網路融資小心有詐 女子借錢不成反倒貼5萬元
http://news.ltn.com.tw/news/society/breakingnews/2656723

名人自拍對照應用 Twinning 資料大漏洞 ,路人都能抓你我自拍照
https://www.kocpc.com.tw/archives/236913

Brazilian bank Inter pays fine over customer data leak
https://www.zdnet.com/article/brazilian-bank-inter-pays-fine-over-customer-data-leak/#ftag=RSSbaffb68

Dublin’s Luas tram system threatened with private data leak
https://www.zdnet.com/article/dublins-luas-tram-system-threatened-with-private-data-leak/#ftag=RSSbaffb68

'Town of Salem' game suffers data breach exposing 7.6 million user details
https://www.zdnet.com/article/town-of-salem-game-suffers-data-breach-exposing-7-6-million-user-details/#ftag=RSSbaffb68


E.研究報告

華為一號文件:網絡安全和隱私保護是最高綱領
https://www.freebuf.com/news/193484.html

甲方企業安全痛點之漏洞管理
https://www.freebuf.com/articles/es/193261.html

思路決定成敗:F12給了我黑色的眼睛我卻用它來挖洞
https://www.freebuf.com/vuls/193146.html

騰訊安全2018年高級持續性威脅(APT)研究報告
https://s.tencent.com/research/report/623.html

菜鳥學代碼審計:Xnuca2018-hardphp詳細分析
https://www.freebuf.com/articles/rookie/193118.html

ThinkPHP5 getshell漏洞被利用執行永恆之藍攻擊木馬
http://www.360.cn/n/10542.html

ThinkPHP5 RCE漏洞重現及分析
https://tw.saowen.com/a/eb221d936cd00b0d7f4d73a410606a12b95385089add7224f7dd8f33963399a6

近日爆發ThinkPHP 5.x遠程代碼執行漏洞百度雲加速升級攔截策略
https://www.zhujib.com/jinribaofathinkphp-5-xyuanchengdaimazhixingloudong-baiduyunjiasushengjilanjiecelue.html

Mirai 變種 Miori 再進化:IoT殭屍網路透過ThinkPHP遠端程式碼執行漏洞散播
https://blog.trendmicro.com.tw/?p=58459

PHP中怎樣避免SQL注入漏洞和XSS跨站腳本攻擊漏洞
http://www.manongjc.com/article/37214.html

gogs/gitea CVE-2018-20303文件上傳到RCE漏洞分析
https://xz.aliyun.com/t/3725

Linux內核發現兩個沒有被修復的DoS漏洞
http://blog.51cto.com/14123661/2336245

研究人員在Microsoft Edge中發布了遠程漏洞的POC
https://www.linuxidc.com/Linux/2018-12/156085.htm

Netatalk CVE-2018-1160越界寫漏洞分析
https://xz.aliyun.com/t/3710

WordPress.org可進行蠕蟲攻擊的存儲型XSS漏洞披露
http://www.4hou.com/vulnerable/15425.html

cve-2017-8464分析   
https://bbs.pediy.com/thread-248701.htm

Windows VBScript引擎遠程執行代碼漏洞之CVE-2018-8373分析與復現
https://www.secfree.com/article/1110.html

CVE-2017-12149 JBOSS AS 6.X 反序列化漏洞利用
https://www.secfree.com/article/571.html

Tomcat CVE-2017-12615遠程代碼執行漏洞
https://www.secfree.com/article/399.html

PHP運行時漏洞檢測
https://www.secpulse.com/archives/94199.html

公鏈安全之亦來雲多個遠程DoS漏洞詳解
https://www.anquanke.com/post/id/168711

CVE-2018-8581 | Exchange Server特權提升漏洞
https://www.anquanke.com/post/id/168795

Wordpress contact_form_7_v5.0.3 插件權限提升、任意文件讀取漏洞分析
https://paper.seebug.org/774/

Java RMI漏洞利用
http://www.4hou.com/web/15388.html

Elasticsearch核心插件Kibana本地文件包含漏洞分析(CVE-2018-17246)
https://4hou.win/wordpress/?p=27646

如何多視角發現安全問題,“淘”到不一樣的漏洞
https://www.freebuf.com/fevents/193228.html

ZDI年度五大漏洞第五彈—ZDI-18-1372,巧妙的繞過
https://paper.tuisec.win/detail/fd780ea7ede805d

總結回望 | MS08-067漏洞的十年回顧
https://hk.saowen.com/a/1f3282b47ebeb31f74150871fe5335e90ae883c6c17f9a85320358c81d364ed2

如何繞過過濾器和WAF規則實現PHP遠程漏洞利用
http://www.4hou.com/technology/15384.html

德國Sebastian Schinzel關於OpenPGP和S/MIME加密郵件漏洞的最新視頻
https://bit.ly/2LFckDo

jQuery-File-Upload < v9.22.1 任意文件上傳/遠程代碼執行漏洞
https://www.vulnspy.com/cn-jquery-file-upload-below-v9.22.1-rce/

Struts2-057/CVE-2018-11776兩個版本RCE漏洞分析(含EXP)
https://www.cnblogs.com/Ivan1ee/p/10202016.html

struts2架構網站漏洞修復詳情與利用漏洞修復方案
http://www.smepc.com/news/2018/12/30/656255.html

gogs/gitea CVE-2018-20303文檔上傳到RCE漏洞分析
https://hk.saowen.com/a/92e787f94f33e49e9656a0860b3b11c56fe00a2a671ccc7a8aa28cc5b5b98fd6

帶外信道(OOB)Bind XML外部實體注入漏洞:PayPal案例研究
https://hk.saowen.com/a/143b5bc0ebe2ca7522dade8943868e00bb22d6926d7b96c951b0755624cb9b4f

Web漏洞掃描工具(批量破殼、反序列化、CMS)
https://www.cnblogs.com/bieff-66/p/10205689.html

Windows 0day任意文件讀取漏洞POC分析
https://www.freebuf.com/vuls/192876.html

CVE-2018-5560:Guardzilla IoT攝像機硬編碼憑證漏洞
https://paper.tuisec.win/detail/36093c4aec77543

What?黑客竟然可以利用智能燈泡滲透和傳輸敏感數據
https://www.freebuf.com/articles/wireless/191927.html

利用Crazyradio獲取羅技無線鼠標權限進行重放攻擊實驗
https://www.freebuf.com/geek/192670.html

Phantom-Evasion:可以生成繞過大多數反病毒軟件的後門程序
https://www.freebuf.com/sectool/192711.html

使用HackCube-Special分析胎壓傳感器信號
https://www.freebuf.com/vuls/192949.html

QMKhuehuebr:QMK鍵盤固件後門
https://www.freebuf.com/sectool/192064.html

網絡空間測繪系列——2018年攝像頭安全報告
https://www.freebuf.com/articles/paper/193266.html

千萬級下載量的Event-Stream被植入可獲取比特幣的惡意代碼
https://www.freebuf.com/articles/database/191518.html

應急響應的整體思路和基本流程
https://www.freebuf.com/articles/terminal/192859.html

惡意文檔執行命令提取工具:CMD Watcher
https://www.freebuf.com/sectool/192065.html

WepAttack:一款功能強大的WLAN 802.11 WEP密鑰測試工具
https://www.freebuf.com/sectool/191758.html

萌新學逆向:Crackme入門之基礎操作分析
https://www.freebuf.com/articles/system/192831.html

ARM彙編之內存損壞:堆棧溢出
https://www.freebuf.com/vuls/192709.html

Windows 0 day任意數據覆寫文件漏洞
http://www.4hou.com/vulnerable/15495.html

用於漏洞排查的pocsuite驗證POC代碼
https://www.ctolib.com/hanc00l-some_pocsuite.html

Windows 10的新bug可導致任意文件被覆寫
http://netsecurity.51cto.com/art/201901/589607.htm

RAND公司:0day漏洞的前世今生
https://nosec.org/home/detail/2132.html

UEditor編輯器兩個版本任意文件上傳漏洞分析
http://www.imooc.com/article/271375?block_id=tuijian_wz

The top 5 Linux and open-source stories of 2018
https://www.zdnet.com/article/the-top-5-linux-and-open-source-stories-of-2018/#ftag=RSSbaffb68

Security researcher cracks Google's Widevine DRM (L3 only)
https://www.zdnet.com/article/security-researcher-cracks-googles-widevine-drm-l3-only/#ftag=RSSbaffb68

Real-Time Sysmon Processing via KSQL and HELK — Part 1: Initial Integration
https://bit.ly/2RvNqv6

W3brute – Automatic Web Application Brute Force Attack Tool
https://bit.ly/2CNiXR6

A Linux Sysadmin’s Guide to Network Management, Troubleshooting and Debugging
https://bit.ly/2CMcXYR

How to ETL with MongoDB and Postgres (Part 1)
https://medium.com/chingu/how-to-etl-with-mongodb-and-postgres-part-1-ef8476f0b8b2

10 Tools To Power Up Your Command Line
https://bit.ly/2saZWSu

Local kubernetes setup with minikube on Mac OS X
https://bit.ly/2Qm0Rt0

Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)
https://bit.ly/2TqYI0W

Buffer Overflow Practical Examples , Hexadecimal values and Environment Variables ! - Protostar Stack1 , Stack2
https://bit.ly/2VqgaEM

A long evening with iOS and macOS Sandbox
https://bit.ly/2VmowNE

Glibc Heap Exploitation Basics : ptmalloc2 internals (Part 2) - Fast Bins and First Fit Redirection
https://blog.k3170makan.com/2018/12/glibc-heap-exploitation-basics.html?fbclid=IwAR3itUzVi3dOjKnBe_RV_GNpS5cMQw540mxRd5X0KqPiluYMRYMAjB2gSn4


F.商業

不用寫程式採拖拉式設計分析流程,AI Labs 與微軟合作推 TaiGenomics 基因分析平台
https://bit.ly/2EXBKeR

Radware與全球金融技術服務提供商簽署數百萬美元的協議
https://www.aqniu.com/vendor/42078.html

英特爾擬出售邁克菲全部股份
https://www.aqniu.com/industry/42004.html

LINE收購反黑客保安公司GrayHash
https://bit.ly/2AvYPl8

簡化APT偵測與網路分析,趨勢防護系統可整合外部威脅情報
https://www.ithome.com.tw/review/126403

Trend Micro發表2019年資安展望,網路釣魚成主要威脅
https://www.techbang.com/posts/63770-trend-micro-publishes-2019-security-outlook-phishing-as-a-major-threat

訊連U系列產品再傳捷報 獲科技部導入
https://www.chinatimes.com/realtimenews/20190104001504-260410

從GDPR看下一代物聯網資安架構  實體隔離操作環境 雲端分析阻絕高風險存取
https://www.netadmin.com.tw/article_content.aspx?sn=1812270007

Win7走入歷史! 2020年將停止主流支援
https://fnc.ebc.net.tw/FncNews/tech/65469

Microsoft's Top 3 Cybersecurity Concerns for 2019
https://www.bankinfosecurity.com/interviews/microsofts-top-3-cybersecurity-concerns-for-2019-i-4212


G.政府

駭客弄癱北市衛政系統近3個月 仍有15個網站年底無法上線
https://tw.appledaily.com/new/realtime/20181228/1491381/

調查局偵獲大陸駭客攻擊北市府 手中握有90億筆個資
https://udn.com/news/story/7321/3570155

北市衛生局遭大陸駭客攻擊! IP來自上海「手握90億筆個資」
https://www.ettoday.net/news/20190102/1346090.htm

【情報】中國網軍攻台40要塞 北市衛生局298萬筆個資遭竊
https://forum.gamer.com.tw/C.php?bsn=60076&snA=4895275&tnum=4

陸駭客入侵 衛生局3百萬筆個資外洩
https://bit.ly/2BYw9AT

北市衛生局個資遭駭 傳20機關學校也受害
https://www.ttv.com.tw/news/view/10801020030600N/575

北市衛生局遭中國駭客入侵 國內十多個機關醫院也受害
https://bit.ly/2AuyfJ1

竊北市衛生局298萬筆個資 中國網軍隔年才曝光
http://news.ltn.com.tw/news/society/paper/1258548

中共駭客竊台衛生局298萬個資 台會同FBI追查
http://www.epochtimes.com/b5/19/1/2/n10948636.htm

台北衛生局證實被中國駭客入侵 超過 298 萬個人資料被盜
https://unwire.pro/2019/01/03/taiwan-breach-china/news/

北市衛生局遭駭一案調查公布,298萬個資被竊,10多個公部門與企業網站也遇害
https://ithome.com.tw/news/127981

系統遭駭洩個資 北市衛生局增資安經費與人力
https://news.tvbs.com.tw/local/1058443

北市衛生局遭竊百萬筆個資 衛局:爭取資安經費與人力
https://money.udn.com/money/story/12524/3570372

每年加碼2000萬元 補資安漏洞
https://www.chinatimes.com/newspapers/20190103000569-260106

臺北市公衛系統個資外洩通知
https://bit.ly/2F0og1S

身分證號碼被賣錢?中國駭客攻破衛生局系統,近 300 萬台灣人民個資外洩
https://bit.ly/2RCy1cN

法務部調查局公布北市衛生局去年遭駭一案:共298萬個資被竊、還有10多個公部門遭駭
https://bit.ly/2F6OmAf

政院核定 邱豐光接任移民署長
https://bit.ly/2Qd0rVF

科技部率新創前進CES 助攻8資安團隊搶商機
https://bit.ly/2Rw4bGR

福建省政府將走入歷史
https://bit.ly/2Ap9qht

政府資安計畫元旦上路 公務員小心被記大過
https://bit.ly/2RkRApP

「資通安全管理法」1月1日上路 公務機關積極整備
https://www.ydn.com.tw/News/318470

政院:「資通安全管理法」1月1日上路 公務機關積極整備
https://www.ey.gov.tw/Page/9277F759E41CCD91/18f581d0-19a2-4583-b8ad-f7fc38701856

跨年連假倒數,金管會:保戶服務不中斷
https://www.chinatimes.com/realtimenews/20181228002943-260410

金管會澄清因應癌症保險癌症定義標準化、新保單變相漲價之報導
https://www.ey.gov.tw/Page/F727E84105F1E83A/3e2a818e-7bcc-4a79-8b3d-22b4e2e73726

2019年癌症險全面改版 完善規劃保險有一套
https://www.wantgoo.com/blog/article/content?blogname=30856&articleid=18408

內政部:數位身分識別證將兼具包容性選擇性
https://udn.com/news/story/7314/3563759

2020換發數位身分證 健保卡、護照資料皆可併入
https://www.taiwannews.com.tw/ch/news/3606406

前瞻二期預算通過 各機關通案刪2%
https://udn.com/news/story/6656/3562952

統一發票可以24小時領 2019年新政策一次看懂
https://www.cmmedia.com.tw/home/articles/13567

戰警機器人 緝毒成果豐碩
https://bit.ly/2TiFf2M

「107年國家資安資訊分享與分析中心(N-ISAC)年會」
https://nicst.ey.gov.tw/Page/25AB0A3BA0F607CF/ff4f91f0-9682-4196-bc7d-3f938ca3d11e

107年第2次政府資通安全防護巡迴研討會
https://nicst.ey.gov.tw/Page/B4E803E45469068B/973c10de-16e4-40d6-b203-cbcc93489b33

地方政府資安區域聯防最佳實務 及GCB導入精進作為
https://bit.ly/2R2sQDl

資安危機通報中心 TWNIC接手營運
https://ec.ltn.com.tw/article/paper/1258622

企業資安通報業務 NCC:今年起由TWNIC執行
https://money.udn.com/money/story/5613/3573083

「台灣電腦網路危機處理暨協調中心(TWCERT/CC)」業務自108年起由(TWNIC)執行
https://www.ey.gov.tw/Page/AE5575EAA0A37D70/9e7d34ee-3d3c-4f79-bded-0c6ee72b3835

小英防護網難擋對岸統戰
https://www.storm.mg/article/779649

H.工控系統/ICS/SCADA 安全相關

安全專家發現施耐德汽車充電站存在致命漏洞(CVE-2018-7800)
https://nosec.org/home/detail/2115.html

工業系統防護停看聽 4階段生命週期提升網路安全性
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000550603_68J56TPE14W4DQ2J2BZVU

Evolving Zero Trust to Secure IIoT
https://www.sensorsmag.com/embedded/evolving-zero-trust-to-secure-iiot

Industrial Control Systems (ICS) Security Market
https://bit.ly/2Vtwt3R

Industriële sector moet werk maken van goede cybersecurity aldus Applied Risk
https://www.techzine.nl/blogs/415699/industriele-sector-moet-werk-maken-van-goede-cybersecurity-aldus-applied-risk.html

Ryuk ransomware blamed for attack on cloud provider
https://portswigger.net/daily-swig/ryuk-ransomware-blamed-for-attack-on-cloud-provider


I.教育訓練類

DVWA 黑客攻防實戰(一) 介紹及安裝
https://www.cnblogs.com/jojo-feed/p/10171255.html

DVWA 黑客攻防實戰(二)暴力破解Brute Froce
https://www.cnblogs.com/jojo-feed/p/10172459.html

DVWA 黑客攻防实战(三)命令行注入(Command Injection)
https://www.cnblogs.com/jojo-feed/p/10172770.html

DVWA 黑客攻防實戰(四)文件包含File Inclusion
https://www.cnblogs.com/jojo-feed/p/10172970.html

DVWA黑客攻擊實戰(五)文件上傳漏洞文件上傳 File Upload
https://www.cnblogs.com/jojo-feed/p/10173026.html

DVWA 黑客攻防實戰(六)不安全的驗證碼Insecure CAPTCHA
https://www.cnblogs.com/jojo-feed/p/10173225.html

DVWA 黑客攻防實戰(七)Weak Session IDs
https://www.cnblogs.com/jojo-feed/p/10174011.html

DVWA 黑客攻防實戰(八)SQL 注入SQL Injection
https://www.cnblogs.com/jojo-feed/p/10173241.html

DVWA 黑客攻防實戰(九) SQL 盲注SQL Injection (Blind)
https://www.cnblogs.com/jojo-feed/p/10173292.html

DVWA 黑客攻防實戰(十)反射型XSS 攻擊Reflected Cross Site Scripting
https://www.cnblogs.com/jojo-feed/p/10174762.html

DVWA 黑客攻防實戰(十一) 存儲型XSS 攻擊Stored Cross Site Scripting
https://www.cnblogs.com/jojo-feed/p/10188358.html

DVWA 黑客攻防實戰(十二) DOM型XSS 攻擊DOM Based Cross Site Scripting
https://www.cnblogs.com/jojo-feed/p/10188380.html

SOC Analyst – Cyber Attack Intrusion Training | From Scratch To Advanced
https://gbhackers.com/soc-training-from-scratch/

What is a cyber security incident
https://www.itgovernance.co.uk/blog/what-is-a-cyber-security-incident?utm_source=social&utm_medium=twitter

道德駭客與 CompTIA 滲透測試( PenTest)+ 與 2 個練習測試
https://softnshare.com/ethical-hacking-comptia-pentest-with-2-practice-tests/

記憶體不夠怎麼辦?一條程式碼,幫你節省 50% 以上的空間
https://bit.ly/2R7fGoD


J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機

燈泡成為資安漏洞
https://bit.ly/2QjrQFB

全球汽車行業網絡安全報告:5年內黑客攻擊可導致損失240億美元
https://www.aqniu.com/news-views/42046.html

大數據預測五大困境 八位專家共同提解方
https://www.rmim.com.tw/news-detail-21881

人工智慧「降門檻」須警惕安全風險
https://news.sina.com.tw/article/20181207/29145286.html?utm_source=dable

十大趨勢對抗機器學習 保障網絡安全
https://bit.ly/2QY5K0C

工研院無人機 智慧維安
https://bit.ly/2BURqMa

網絡安全2018:機器智能元年
https://www.aqniu.com/news-views/42221.html

8千個城市2千萬攝像頭暴露:2018攝像頭安全報告
https://www.aqniu.com/industry/42210.html

做OT的事件響應是不可能的任務
https://www.aqniu.com/news-views/42206.html

南韓陸軍設人工智慧研究中心
https://bit.ly/2LNOQvV

How drone forensics can reveal pilot identity
https://www.zdnet.com/article/how-drone-forensics-can-reveal-pilot-identity/#ftag=RSSbaffb68

The best Raspberry Pi alternatives (2019 edition)
https://www.zdnet.com/pictures/the-best-raspberry-pi-alternatives-2019-edition/

K.CTF

NeverLAN CTF 2019
https://ctftime.org/event/706

STEM CTF: Cyber Challenge 2019
https://ctftime.org/event/661

DEF CON CTF 2019 Quals
https://www.oooverflow.io/dc-ctf-2019-quals/

CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair
http://www.chinaexhibition.com/trade_events/9771-CTF_2019_-_The_16th_China_International_Tire_and_Wheel_%28Qingdao%29_Fair.html

Official Website of CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair, Qingdao, China
https://bit.ly/2VnsC8p

International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

NeverLAN CTF
https://neverlanctf.com/


6.近期資安活動及研討會

  亥客書院 - 高階網頁滲透測試    2019/1/5
  https://hackercollege.nctu.edu.tw/?p=768

  資策會2019/1/5開辦CompTIA Security+ 國際網路資安認證班
  https://n.yam.com/Article/20181129286231

  2019 政府資安戰略論壇  2019/01/03 13:00(+0800)~16:30
  https://csa.kktix.cc/events/csa190103

  【課程】Arduino四軸飛行器開發實作,無人機硬體、無線遙控器、飛控軟體整合、飛行教學,一天學會 1/5
   https://bit.ly/2LdYJ5H
 
  ISDA 白帽入門讀書會 黑帽python入門  1/5
  https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=299

  MLDM Monday|自駕車學走路 - 從 Donkey Car 蹣跚學步談起 [Part 2]  January 7, 2019
  https://www.meetup.com/Taiwan-R/events/256199982/

  本班Interview air將於舊金山降落  Tuesday, January 8, 2019
  https://www.meetup.com/Women-Who-Code-Taipei/events/257561240/

  Introduction to Deep Learning (DL) and Setting up of Pytorch DL Environments  Wednesday, January 9, 2019
  https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257483594/

  企業資訊安全講座活動  1/11
  https://www.accupass.com/event/1812200405434385278940

  【課程】用Google TensorFlow實作推薦系統,讓機器學習應用各種商務情境、提升商品曝光達到精準行銷 1/12
  https://bit.ly/2PysEaH

 【課程】自製Tinker Board、小車跟著走。ASUS開發板Tinker Board智慧工作坊,第一節~開課  1/12
 https://www.techbang.com/posts/63531-asus-high-performance-sbc-tinker-board-smart-robot-car-making-course

 COBINHOOD x INSIDE 虛擬貨幣暨區塊鏈新知交流會 2019-01-12(六) 14:00 ~ 17:30 (GMT+8)
 https://www.accupass.com/event/1812280802071741265805

 Amber MD 軟體訓練課程 ( 延後至 2019/01/14 開課)  2019/01/14 (一) ~ 2019/01/15 (二)
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3706&from_course_list_url=homepage

 Corda Taipei Meetup #8 - firechat with Ben Tan( R3 Solution Architect 解決方案架構師)  Wednesday, January 16, 2019
 https://www.meetup.com/Taipei-Corda-Meetup/events/257129225/

 易禧創意|【AR/VR擴增虛擬實境】實戰課(6hr)  2019-01-14(一) 19:00 ~ 2019-01-16(三) 22:00 (GMT+8)
 https://www.accupass.com/event/1811300243489098237350

【課程】Webduino x AIoT 影像辨識實作,自製 Camera 雲台機構、實作影像處理與物體追蹤,打造 AIoT 應用 1/19
 https://www.techbang.com/posts/63282-course-webduino-x-aiot-image-identification-practice

 【講座】2019年5G通訊產業趨勢(台北場) 2019-01-19(六) 18:30 ~ 21:30 (GMT+8)
 https://www.accupass.com/event/1811300349581657089441

 Binance Blockchain Week Singapore 2019 - Binance Conference   2019-01-21(一) 08:30 ~ 2019-01-22(二) 18:00 (GMT+8)
 https://www.accupass.com/event/1812051911121792888735

 Taipei 暗号通貨 (Cryptocurrency) Meetup  Wednesday, January 23, 2019
https://bit.ly/2VgDPr1

 Deep Learning Conversations and the Happy Hour  Wednesday, January 23, 2019
 https://www.meetup.com/Deep-Learning-Conversations/events/vqkwnqyzcbfc/

 Taipei.py 一月月會 (Monthly Meeting) 2019  Thursday, January 24, 2019
 https://www.meetup.com/Taipei-py/events/257299890/

 程式不再是風潮,是未來趨勢【7年級以上.國高中】C++程式設計專題班 2019-01-21 ~ 2019-01-30
 https://www.accupass.com/event/1810250742361123352640

 超強區塊鏈應用開發實戰課程(週六班)  2019-01-26(六) 13:00 ~ 17:00 (GMT+8)
 https://www.accupass.com/event/1812030821059275625140

 第二屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會  2019-02-20(三) 09:00 ~ 17:30 (GMT+8)
 https://www.accupass.com/event/1811190218087771003780

【PowerPoint簡報極限使用】2月主題:十倍速PPT製作  2019-02-20(三) 19:00 ~ 22:00 (GMT+8)
https://www.accupass.com/event/1810161307265689597830

Splunk .conf 19  10/21 ~ 10/24
https://conf.splunk.com/


沒有留言:

張貼留言

資安事件新聞週報 2021/9/6 ~ 2021/9/10

  資安事件新聞週報 2021/9/6  ~  2021/9/10 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco 發布Enterprise NFV Infrastructure Software(NFVIS)軟體安全更新 https://us-cert.c...