資安事件新聞週報 1/28 ~ 2/1

資安事件新聞週報  1/28  ~  2/1

1.重大弱點漏洞

偷窺別人隱私! 陸媒揭「智慧攝影機」漏洞
https://bit.ly/2FPiX5O

防毒軟體反成駭客入口,研究人員揭露ZoneAlarm的權限擴張漏洞
https://www.ithome.com.tw/news/128468

APT/APT-GET RCE Vulnerability (CVE-2019-3462) Handling Guide
https://nsfocusglobal.com/apt-RCE-Vulnerability-Handling-Guide

phpMyAdmin 多個漏洞
https://www.auscert.org.au/bulletins/74738

蘋果官方再次致謝,360成就史上最強“漏洞挖掘大滿貫”
http://www.360.cn/n/10560.html

Apple 發佈多個安全性弱點
https://support.apple.com/en-us/HT201222

蘋果 iOS 零日資料洩露漏洞
https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/

Apple Facetime資訊洩露漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1415

macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics
https://www.exploit-db.com/exploits/46300

macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic
https://www.exploit-db.com/exploits/46299

Microsoft Exchange Server提升權限漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1414

Spring Framework多個漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1413

SQLite被曝漏洞 90%以上設備可能受影響
https://ek21.com/news/tech/47911/

phpMyAdmin 4.8.5 發布,修復重要安全漏洞
https://static.oschina.net/news/103967/phpmyadmin-4-8-5-released

研究人員呼籲WordPress用戶直接砍掉有眾多漏洞的Total Donations外掛
https://www.ithome.com.tw/news/128534

能在 Linux 環境執行 Windows 程式的 Wine 推出4.0更新,支援 Vulkan、Direct3D 12等 API
https://bit.ly/2RY7449

Cisco SD-WAN 存在安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo

Oracle CVE-2018-3311
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-3311

Oracle CVE-2019-2437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2437

Oracle  CVE-2019-2511
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2511

One... Two... Three Micropatches For Three Windows 0days
https://bit.ly/2Ul6IRE

Vulnerabilities Management — 5 Ways to Find and Fix Open Source Vulnerabilities
https://levelup.gitconnected.com/vulnerabilities-management-5-ways-to-find-and-fix-open-source-vulnerabilities-ad4c046eb88

WordPress sites under attack via zero-day in abandoned plugin
https://www.zdnet.com/article/wordpress-sites-under-attack-via-zero-day-in-abandoned-plugin/#ftag=RSSbaffb68

UEFI vulnerabilities classification focused on BIOS implant delivery
https://medium.com/@matrosov/uefi-vulnerabilities-classification-4897596e60af

Vulnerability Spotlight: Python.org certificate parsing denial-of-service
https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html

Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities
https://blog.talosintelligence.com/2019/01/multiple-wibu-system-vulnerabilities.html

New Exploit Threatens Over 9,000 Hackable Cisco RV320/RV325 Routers Worldwide
https://bit.ly/2RUoz5b

Millions of PCs Found Running Outdated Versions of Popular Software
https://bit.ly/2G7PbJ2

Microsoft Exchange vulnerable to 'PrivExchange' zero-day
https://www.zdnet.com/article/microsoft-exchange-vulnerable-to-privexchange-zero-day/#ftag=RSSbaffb68

Ubuntu 18.04 needs patching
https://www.zdnet.com/article/ubuntu-18-04-needs-patching/#ftag=RSSbaffb68

Ubuntu 18.04 修復Linux 內核的11 個漏洞
https://www.oschina.net/news/104104/ubuntu-18-04-lts-to-patch-11-flaws

Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5
https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-multiple_30.html

Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities
https://blog.talosintelligence.com/2019/01/vulnerability-deep-dive-tp-link.html

HPE XP7 Automation Director身份驗證繞過漏洞
https://support.hpe.com/hpsc/doc/public/display?docId=hpesbst03879en_us

IIoT Monitor路徑遍歷漏洞
https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-354-03-IIoT+Monitor.pdf&p_Doc_Ref=SEVD-2018-354-03

YesLogic Pty PrinceXML 跨站脚本漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19858

ARM Trusted Firmware-A 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19440

賽亞安全2018年網絡安全大事記——漏洞事件篇
http://www.twoeggz.com/news/13402991.html

LibVNC 緩衝區錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20748


2.銀行/金融/保險/證券/支付系統/ 新聞及資安

FinTech趨勢難擋!日本銀行與金融IT業者開始走向雲端平台
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000552433_TKQ5UU8N2LBWRE4Z13BLA

實支實付150萬卻只賠3萬 產險得全認賠只因業務員LINE錯
https://www.ettoday.net/news/20190128/1367305.htm

香港金管局:今年重點監察銀行網絡保安
https://m.mingpao.com/fin/instantf2.php?node=1548321605925&issue=20190124

春節長假 財金公司提醒:使用ATM時謹記五口訣
https://udn.com/news/story/7239/3620375

香港證監會及港交所  取消人手處理程序 最快2022年推證券無紙化
http://www.hkcd.com/content/2019-01/29/content_1121981.html

花旗銀行驚爆大當機! 客戶存款全部歸零
https://www.ettoday.net/news/20190130/1369365.htm

當機存款歸零 花旗:客戶權益不受影響
https://bit.ly/2D05X9A

存款忽消失 花旗出包 系統過帳檔案沒傳成功「還好錢都在」
https://tw.appledaily.com/headline/daily/20190131/38247259/

花旗銀系統當機客戶存款歸零 業者:已解決不影響客戶權益
https://tw.finance.appledaily.com/realtime/20190130/1510044/

花旗銀行存戶存款歸零驚魂 金管會:檔案未傳輸成功所致
https://www.cmoney.tw/notes/note-detail.aspx?nid=157783

花旗客戶存款歸零 找到原因了 批次作業檔案傳輸未成功
https://bit.ly/2sW9hxW

【花旗銀大當機】過帳交易客戶存款變負數 下午2點20順利解決
https://tw.appledaily.com/new/realtime/20190130/1510044/

Citibank admits glitch led to account balance errors
http://www.taipeitimes.com/News/biz/archives/2019/01/31/2003708948

境外網購交易遭取消 照收刷卡海外手續費
https://bit.ly/2RYl65J

FBI在佛州發現挖向銀行的祕密地道
http://www.epochtimes.com/b5/19/1/30/n11013871.htm

國際金融支付網路「SWIFT」宣布:將與銀行區塊鏈聯盟「R3」整合
https://www.blocktempo.com/swift-ceo-reveals-plans-to-integrate-blockchain-consortium-r3s-corda-tech/

香港科技園與騰訊合作推動香港金融科技
https://unwire.pro/2019/02/01/hkstp-tencent-collab/news/

金融資安資訊分享與分析中心(F-ISAC)近期國際駭客入侵事件樣態及資安防護注意事項
https://law.fsc.gov.tw/law/Download.ashx?FileID=17982

海通證券四川兩宗違法遭罰40萬 客戶身份識別現漏洞
https://news.sina.com.tw/article/20190131/29913388.html

土銀行庫用戶注意!年前交易量暴增 網銀、APP全塞住
https://tw.appledaily.com/new/realtime/20190201/1511760/

徵才 - 108公股銀行退休潮,預計徵才近千人,月薪3萬起,想銀趁現在
http://m.ltn.com.tw/news/politics/breakingnews/2683812

徵才 - LINE Pay【線上支付】客服專員(日班/無銷售)
https://www.104.com.tw/job/?jobno=6hrmb

徵才 - 中信金儲備幹部徵才 預計招募逾60名菁英
https://money.udn.com/money/story/5613/3625962

Millions Of Secret Bank Records Leak Online
https://www.cybersecurityintelligence.com/blog/millions-of-secret-bank-records-leak-online--4073.html

DCI publishes list of 130 suspected bank hackers
https://www.nation.co.ke/news/DCI-releases-names-of-130-wanted-bank-hackers/1056-4957726-jo1hb7/index.html

UK Link unveils 'super premium' fee for ATMs in underserved areas
https://www.atmmarketplace.com/news/uk-link-unveils-super-premium-fee-for-atms-in-underserved-areas/


3.電子支付/電子票證/行動支付/ 新聞及資安

商銀信支付平台被爆出重大安全漏洞被竊取超千萬元
http://paynews.net/article-36738-1.html

銀通研手機掃QR code提款
https://hk.finance.appledaily.com/finance/daily/article/20190128/20600937

日本政府拚觀光 大力推廣無現金支付
https://money.udn.com/money/story/5602/3617996

支付寶和微信將成日本街機巨頭世嘉科樂美首選付款系統
https://news.sina.com.tw/article/20190125/29840370.html

阿里巴巴羅漢堂首份研究報告 探討數字技術
https://udn.com/news/story/7238/3618299

LINE Pay推2項新功能 擴大行動支付規模
https://bit.ly/2UoeKJK

中華電信與一卡通合推行動支付收款機服務
https://bit.ly/2G6cJOc

活動公關公司錢包印上RGB:雷蛇推出電子支付服務Razer Pay 雷蛇 電子支付 服務
https://bit.ly/2TlMA1G

奈及利亞央行 行動支付服務 開放電信加入
https://money.udn.com/money/story/5602/3615122

汽車娛樂系統漸整合語音控制及行動支付
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000552409_KCZ56GK1L03F87LC991KT

新加坡政府電子支付能力排名全球第八
http://sg.mofcom.gov.cn/article/dtxx/201901/20190102831567.shtml

South Korean Android delivery apps found to be leaking passwords and financial data
https://rainbowtabl.es/2019/01/25/zcall-data-leak/


4.虛擬貨幣/區塊鍊   新聞及資安

到底是誰偷的!兩大駭客集團竊走10億美元加密貨幣
https://bit.ly/2MHy16d

駭客去年偷走17億美金的加密貨幣
https://www.ithome.com.tw/news/128539

被盜走 1675 ETH!紐西蘭加密貨幣交易所Cryptopia再次出現安全漏洞
https://news.sina.com.tw/article/20190130/29896646.html

區塊鏈技術開發:堵不住的漏洞
http://blog.51cto.com/13900810/2346273

挖礦瘋 讓科技麻瓜變新貴
https://udn.com/news/story/6811/3617976

Coinstar 售貨亭現可用美元紙幣兌換比特幣,使用者吐槽交易貴太貴
https://bit.ly/2B7KBHg

MaiCoin 集團創辦人 Alex 與您分享 2019年虛擬貨幣產業新展望
http://news.knowing.asia/news/fad45b87-613a-45e3-a0b3-6a786a168cc0

反美霸權?伊朗將推出國家支持的加密貨幣
https://news.sina.com.tw/article/20190128/29865938.html

〈區塊鏈大應用〉小摩:區塊鏈正取得進展 將為支付系統帶來改進
https://news.cnyes.com/news/id/4275573

伊朗央行報告:伊朗可能禁止比特幣支付
http://news.knowing.asia/news/3e3eadaf-269a-418c-9242-b3d91f4b944b

2018 年,遭到龐氏騙局、駭客攻擊等非法手段所遺失的密碼貨幣共值「17億美元」
https://www.blocktempo.com/research-reveals-17-billion-obtained-via-crypto-thefts-and-scams-in-2018/

LocalBitcoins blames security breach on forum 'third-party software'
https://www.zdnet.com/article/localbitcoins-blames-security-breach-on-forum-third-party-software/#ftag=RSSbaffb68

Bitcoin ATM company strikes placement deal with Simon malls
https://www.atmmarketplace.com/news/bitcoin-atm-company-strikes-placement-deal-with-simon-malls/

A Miner Decline: The Surprising Slowdown of Cryptomining
https://www.webroot.com/blog/2019/01/28/a-miner-decline-the-surprising-slowdown-of-cryptomining/

Cryptocurrency Money Laundering: Alarming New Trends
https://www.bankinfosecurity.in/interviews/cryptocurrency-money-laundering-alarming-new-trends-i-4235


5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體

惡意程式藏身圖片,劫持500萬蘋果用戶流量
https://www.ithome.com.tw/news/128461

勒索病毒又進階 近期猛攻擊亞洲
http://news.ltn.com.tw/news/society/paper/1264257

瑞星發佈2018年網路安全報告:挖礦病毒與勒索病毒一體化趨勢明顯
https://news.sina.com.tw/article/20190127/29856614.html

驚! 新一波勒索病毒又來 直接刪除用戶檔案
https://news.ebc.net.tw/News/society/150190

勒索病毒又來了 金額提高15倍
https://newtalk.tw/news/view/2019-01-27/200453

台灣是重點感染區!比 WannaCry 更兇猛的勒索型病毒 Mongo Lock 來襲
https://buzzorange.com/techorange/2019/01/28/mongo-lock/

AV-TEST 公佈 2018 年 12 月 Windows 10 資安防毒軟體排行榜
https://bit.ly/2HIdhMV

全球性的勒索軟體攻擊最高可造成逾1,900億美元的經濟損失
https://www.ithome.com.tw/news/128555

Google Play出現惡意相機程式
https://bit.ly/2sY5ksD

惡意軟體鎖定Mac用戶,加密貨幣錢包、Chrome密碼、iPhone訊息全都偷
https://www.ithome.com.tw/news/128592

擷取桌面截圖的JobCrypter勒索病毒變種,索1,000 歐元贖金
https://blog.trendmicro.com.tw/?p=59240

遍及93國,竊取 377 種銀行應用程式個資的Anubis 銀行木馬,偽裝匯率轉換和電池節能app,利用動作感應資料躲避偵測
https://blog.trendmicro.com.tw/?p=59014

資料竊取惡意軟體 FormBook 再次透過免費檔案儲存空間肆虐
https://twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=894

Fileless Malware: What Mitigation Strategies Are Effective
https://www.bankinfosecurity.com/fileless-malware-what-mitigation-strategies-are-effective-a-11975

New malware found using Google Drive as its command-and-control server
https://staticnetworks.com/new-malware-found-using-google-drive-as-its-command-and-control-server/

1/24/19 DarkHydrus APT Uses Google Drive | AT&T ThreatTraq
https://www.youtube.com/watch?v=eLGbkL44CQk

GandCrab ransomware and Ursnif virus spreading via MS Word macros
https://bit.ly/2sNd9kO

New Russian Language Malspam is delivering Redaman Banking Malware
https://securityaffairs.co/wordpress/80252/malware/redaman-banking-trojan.html

Malspam Campaign Targeting Russian Speakers with Redaman Malware
https://bit.ly/2ThzjaD

Banking Malware Redaman continues to strike
https://latesthackingnews.com/2019/01/25/banking-malware-redaman-continues-to-strike/

Redaman Banking Trojan
https://www.enigmasoftware.com/redamanbankingtrojan-removal/

This malware uses debt to prey on banking victims
https://www.satoshinakamotoblog.com/this-malware-uses-debt-to-prey-on-banking-victims

Ongoing Campaign Delivers Redaman Banking Trojan
https://www.securityweek.com/ongoing-campaign-delivers-redaman-banking-trojan

Redaman Spams Russian Banking Customers with Rotating Tactics
https://threatpost.com/redaman-spams-russian-banking-customers-with-rotating-tactics/141129/

Hackers Delivering Redaman Banking Malware Disguising as a PDF Document
https://threatravens.com/hackers-delivering-redaman-banking-malware-disguising-as-a-pdf-document/

Hackers Delivering Redaman Banking Malware Disguised as a PDF Document
https://www.cwenterprises.co.uk/hackers-delivering-redaman-banking-malware-disguised-as-a-pdf-document/

Trickbot Banking-Trojaner
https://it-service.network/blog/2019/01/23/trickbot/

Banking trojan Emotet is back in a new form
http://cyber.tn/?p=7799

Android WARNING: Google Play Store apps loaded with SNEAKY strain of malware
https://www.express.co.uk/life-style/science-technology/1077949/Android-warning-Google-Play-Store-apps-sneaky-malware-January-27

This Trojan infects Chrome browser extensions, spoofs searches to steal cryptocurrency
https://www.zdnet.com/article/razy-infects-legitimate-browser-extensions-to-steal-cryptocurrency/#ftag=RSSbaffb68

This malware uses debt to prey on banking victims
https://www.zdnet.com/article/this-malware-uses-debt-to-prey-on-banking-victims/#ftag=RSSbaffb68

Cisco AMP tracks new campaign that delivers Ursnif
https://blog.talosintelligence.com/2019/01/amp-tracks-ursnif.html

What we learned by unpacking a recent wave of Imminent RAT infections using AMP
https://blog.talosintelligence.com/2019/01/what-we-learned-by-unpacking-recent.html

GandCrab ransomware and Ursnif virus spreading via MS Word macros
https://bit.ly/2sUhXoI

Redaman Banking Trojan of 2015 Resurrects, Targets Russian Email Users
https://hackercombat.com/redaman-banking-trojan-of-2015-resurrects-targets-russian-email-users/

Redaman Banking Malware Spread
http://www.hackbusters.com/news/stories/4302927-redaman-banking-malware-spread

Trickbot Banking Trojan: A deep insight into the banking trojan’s redirections attacks
https://cyware.com/news/trickbot-banking-trojan-a-deep-insight-into-the-banking-trojans-redirections-attacks-228cbeb0

Emotet: A veritable Swiss Army knife of malicious capabilities
https://www.helpnetsecurity.com/2019/01/29/emotet/

Pylocky Unlocked: Cisco Talos releases PyLocky ransomware decryptor
https://blog.talosintelligence.com/2019/01/pylocky-unlocked-cisco-talos-releases.html

Fake Cisco Job Posting Targets Korean Candidates
https://blog.talosintelligence.com/2019/01/fake-korean-job-posting.html

라자루스 APT 조직, 오퍼레이션 익스트림 잡(Operation Extreme Job)으로 공격 수행
https://blog.alyac.co.kr/2105

Analysis of NetWiredRC trojan
https://bit.ly/2RXbp7E

Trojan Emotet and Ryuk ransomware attack companies
https://www.helvetia.com/ch/web/en/about-us/blog-and-news/guides/expert-tipps/2019/malware-emotet-ryuk.html

IoT botnet used in YouTube ad fraud scheme
https://www.zdnet.com/article/iot-botnet-used-in-youtube-ad-fraud-scheme/#ftag=RSSbaffb68

FBI Mapping 'Joanap Malware' Victims to Disrupt the North Korean Botnet
https://bit.ly/2Wz9e8Q


B.行動安全 / iPhone / Android /穿戴裝置 /App

【實用 App 2019】有哪些對生活有意義的 App
http://blog.accupass.com/2019_life_apps.html

各家手機都在蒐集資料 維護資安你可以這樣做
https://www.cna.com.tw/news/firstnews/201901250314.aspx

各家手機都在蒐集資料 維護個人資安你可以這樣做
https://www.ccyp.com/ccypContents?content_id=145100

【李忠憲觀點】為什麼禁止華為等中國製手機
https://www.ithome.com.tw/guest-post/128454

台灣大學教授指華為手機暗藏後門 勿貪小便宜中招
https://ezone.ulifestyle.com.hk/article/2260264

不要貪小便宜買華為手機,學者:資料就是金錢
https://technews.tw/2019/01/25/data-is-money/

華為的手機安全嗎?駭客可能怎麼竊取你手上的資料
https://www.thenewslens.com/article/112831

便宜的最貴!學者揭密華為手機藏後門
https://bit.ly/2CMnlyE

中國手機涉資安風險 台學者:不要貪小便宜
http://www.epochtimes.com/b5/19/1/29/n11009763.htm

不只華為 手機只要上網就會洩露這些祕密
https://udn.com/news/story/7240/3614816

手機資安的重點在 APP
https://www.hi-on.org/article-single.php?At=58&An=174088

大陸手機會回傳資料?用大陸品牌手機會有資安疑慮
https://bit.ly/2sR3yJQ

成大資安中心主任李忠憲教授告訴你,為什麼所有中國製的手機和智慧家電設備通通不能買不能用
https://cofacts.g0v.tw/article/2wa160wyvu681

何時禁止中國品牌手機
https://wp.taronews.tw/2019/01/28/238660/

首款 iOS 12~12.1.2 原生越獄 OsirisJailbreak12 釋出!僅適合開發者運用
https://mrmad.com.tw/osirisjailbreak12

別亂下載美肌APP 資安業者:小心個資遭竊
http://ec.ltn.com.tw/article/breakingnews/2689875

香港地區 Google Play 商店應用程式保安風險報告 (2019年1月)
https://www.hkcert.org/my_url/zh/blog/19013101

繞過App Store審查 濫用測試機制 「fb研究」蒐私隱 蘋果煞停
https://hk.news.appledaily.com/international/daily/article/20190201/20603995

You may want to disable Apple FaceTime this week: Callers can listen and view without your consent
https://zd.net/2FTXTeA

Chinese Hacker Publishes PoC for Remote iOS 12 Jailbreak On iPhone X
https://bit.ly/2MywcZ6

iOS 12.1.2 越獄漏洞Chaos被公開釋出! 讓A12處理器也能實現網頁越獄
https://mrmad.com.tw/sorrymybad-ios1212-remote-jailbreak-poc

FB‧WhatsApp‧Instagram 通訊功能擬大合併!用家發起杯葛
https://bit.ly/2sRs1P4

不只手機!支持台獨被捕入獄的人驚爆:這軟體被監控
http://news.ltn.com.tw/news/world/breakingnews/2683731

英國電信獲陸首張外資許可證
https://www.chinatimes.com/newspapers/20190127000108-260301

iPhone 變成竊聽器!FaceTime 有大漏洞,打個電話就可以竊聽你
https://buzzorange.com/techorange/2019/01/29/iphone-wiretap/

BT first foreign telecom company to secure China licenses
https://www.zdnet.com/article/bt-first-foreign-telecom-company-to-secure-china-licenses/#ftag=RSSbaffb68

台灣10大手機品牌年度排名出爐!它首度搶進前五大、擠下 HTC
https://bit.ly/2sPxKF2

不怕資安漏洞 怎麼摔都不怕 三星這款軍規手機將上市
https://bit.ly/2CSxl9v

再嚴密的技術審查也難以保證資訊安全,那該如何信任你的手機
https://technews.tw/2019/01/30/whether-the-government-needs-to-ban-mobile-phones/

IG傳全球大當機 故障原因不明
https://bit.ly/2sZD3Sk

阿聯酋雇前美國特工駭客,實行大規模 iPhone 監控
https://www.inside.com.tw/article/15479-uae-used-cyber-super-weapon-to-spy-on-iPhones-of-foes-Project-Raven

Singapore unveils implementation guides, forms industry committee to boost telecom security
https://zd.net/2FVLre7

Apple Rushes to Fix Serious FaceTime Eavesdropping Flaw
https://www.bankinfosecurity.com/apple-rushes-to-fix-serious-facetime-eavesdropping-flaw-a-11978

Facebook Paid Teens $20 to Install 'Research' App That Collects Private Data
https://bit.ly/2UyBVBf

Facebook slammed over covert app that pays teenagers for data
https://www.zdnet.com/article/facebook-slammed-over-vpn-research-project-that-rewards-teens-for-data/#ftag=RSSbaffb68

iCloud Possibly Suffered A Privacy Breach Last Year That Apple Kept a Secret
https://bit.ly/2BbsVuq

Various Google Play “Beauty Camera” Apps Sends Users Pornographic Content
https://bit.ly/2SfFO0b

New security flaw impacts 5G, 4G, and 3G telephony protocols
https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-telephony-protocols/#ftag=RSSbaffb68


C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件

《要塞英雄》出現漏洞!Check Point 揭露駭客可盜取玩家帳號、資料與遊戲貨幣
http://technews.tw/2019/01/30/check-point-fortnite-hacker/

駭客如何在地下市場賺黑心錢
https://blog.trendmicro.com.tw/?p=58509

強化DNS安全,三大公共DNS服務商將在2月1日測試EDNS協定
https://www.ithome.com.tw/news/128576

資安需求引爆
https://magazine.chinatimes.com/moneyweekly/20190131002440-300201

資安威脅層出不窮,企業該如何填補資安漏洞
https://bit.ly/2MLMxdi

資通設備禁令紛爭下,你該具備的資安意識
http://technews.tw/2019/02/01/important-of-security-awareness/

多層次資安情資與分析
https://scitechvista.nat.gov.tw/c/sTVR.htm

谷歌地圖免費又實用?你付出的代價恐超乎預期
https://ubrand.udn.com/ubrand/story/11815/3619481

前Google女主管 挖出網路酸民真面目
https://udn.com/news/story/6812/3620101

眼見不為憑!深偽影片流竄 人人都可能是受害者
https://www.rti.org.tw/news/view/id/2009932

利用AI工具換臉!「深偽影片」成為新國安威脅
https://bit.ly/2RpW8XO

DNS Flag Day (20190201) 應變通知
https://tp2rc.tanet.edu.tw/node/296

Cyber Alert: DNS Flag Day
https://www.cisecurity.org/ms-isac/cyber-alert-dns-flag-day/

DNS flag day 2019
https://dnsflagday.net/

MS-ISAC Releases Advisory on DNS Flag Day
https://www.us-cert.gov/ncas/current-activity/2019/01/30/MS-ISAC-Releases-Advisory-DNS-Flag-Day

國際DNS服務2月1日升級測試 9%使用者不改設定恐連線失敗 中華電用戶不受影響
https://bit.ly/2RrNwQv

高職畢自學駭客 癱瘓第一金、勒索10公司
https://bit.ly/2CPDeo1

在「暗網」之前,你知道「明網黑市」的存在嗎
http://news.knowing.asia/news/dff55b57-f669-4ba9-a6bf-a21b841eb5b1

百度掩耳盜鈴 隱藏百家號網址
https://hk.news.appledaily.com/international/daily/article/20190126/20599325

安全公司Avast 報告指 電腦用戶很多人忽視了這一項安全風險
https://www.gameapps.hk/news/31883/Computer-update-protect

駭客攻擊新手法 資安專家:晶片內藏惡意程式
http://www5.cna.com.tw/news/afe/201901240379-1.aspx

使用中國科技產品 學者:當了間諜也不知
http://www.epochtimes.com/b5/19/1/25/n11001382.htm

HiNet代管網站傳遭惡意攻擊 中華電:隨時做好資安監控
https://www.ettoday.net/news/20190125/1365469.htm

資安堪憂! Vodafone加入封殺華為
https://news.cts.com.tw/cts/international/201901/201901251950133.html

全球第二大行動通訊商沃達豐 加入封殺華為
https://www.chinatimes.com/newspapers/20190128000288-260202

禁用華為杞人憂天?專家分析:資料將被中國看光光
https://bit.ly/2G0FYC5

聯絡人叫「David」華為就偷不到資料?杜先生把中國資通訊想得太簡單了
https://www.thenewslens.com/article/112723

堅決反對使用中資產品!翟本喬曝關鍵原因
http://news.ltn.com.tw/news/politics/breakingnews/2683812

背書華為後門說 綠學者無實據
https://www.chinatimes.com/newspapers/20190127000110-260301

便宜的最貴! 成大電機系教授點出為何要禁用華為
https://udn.com/news/story/6656/3613743

WSJ:美國認定從背景資料、即可知華為有間諜嫌疑
https://bit.ly/2HNv2un

一個月60億次網攻 禁華為剛好而已
https://taronews.tw/2019/01/25/237505/

全球擋華為 學者:台灣在最前線卻最落後
http://www.epochtimes.com/b5/19/1/27/n11005267.htm

不用再瞎禁中國通訊設備 先看各國的資安防護安全標準
https://bit.ly/2MB2ItN

華為資安疑慮 索羅斯警告:小心中國吃掉5G市場
https://bit.ly/2TjQ44L

政府禁用華為 翟神:只要華為交出原始碼檢查、我就能接受
https://tw.appledaily.com/new/realtime/20190126/1508036/

資安發言惹議 張善政邀網友和翟本喬對談
https://udn.com/news/story/7314/3620540

紐時:華為網控程式碼,可遠端引導資訊流
https://technews.tw/2019/01/28/huawei-can-remotely-guide-information-flow/

華為有望突破包圍網?「五眼」這國保證公平對待
https://www.chinatimes.com/realtimenews/20190126002219-260408

擔心5G設備遭滲透? 華為晶片早就遍布美國6成監視器
https://udn.com/news/story/6811/3621453

華為"裝後門"竊密?! 總部疑在深圳
https://news.cts.com.tw/cts/international/201901/201901291950480.html

華為資安論戰延燒臉書 挺美、挺中網友大打口水戰
https://newtalk.tw/news/view/2019-01-30/201859

禁止華為,歐洲的 5G 發展將延遲兩年!歐洲該如何在資安與發展間取捨
https://buzzorange.com/techorange/2019/01/30/huawei-ban-slow-down-5g-develpoment/

只有華為危險嗎
https://udn.com/news/story/7338/3622061

華為禁不禁 資訊人吵什麼
https://tw.appledaily.com/new/realtime/20190129/1509412/

批評禁用華為、期待中國灑錢 不是傻就是壞到拖人下水
https://newtalk.tw/news/view/2019-01-29/201638

華為資安引戰 杜紫宸轟林智群「別再秀白癡了,好嗎?」
https://udn.com/news/story/6656/3622581

80年代資安專家誤認「特殊關係」 臉書、PTT網友爭相補刀
https://taronews.tw/2019/01/30/241653/

華為手機很可怕?以色列駭客:從掃地機器人到iPhone,都會被駭
https://www.cw.com.tw/article/article.action?id=5093940

資安疑慮 歐盟考慮5G建設禁用華為設備
https://money.udn.com/money/story/5599/3624764

構成資安威脅!捷克財政部突改規定 「6億標案」禁華為參與
https://www.ettoday.net/news/20190131/1370552.htm

華為資安風暴持續延燒 使用者如何自保
https://news.wearn.com/c141087.html

居安思「為」 台灣是否應禁用華為設備
https://bit.ly/2MIMjn4

掩蓋陸手機資安影響 資安專家:媒體幫腔唱紅打美
https://bit.ly/2WB5LqC

台灣有本錢加入「新八國聯軍」
https://udn.com/news/story/7339/3622044?from=udn-hotnews_ch2

資安懶人包|不用華為手機,是資安還是政治問題?翟神、駭客、張善政、專家想得都不一樣
https://futurecity.cw.com.tw/article/476

站穩國際不被欺負資安很重要 張善政直播:台灣要提高警覺
https://boba.ettoday.net/video/247/284/136753

批踢踢創始神說話了:不注重中國手機危害「是奇特奴才現象」
https://tw.appledaily.com/new/realtime/20190131/1510781/

王偉晶間諜案發酵 波蘭調查指向軍方漏洞
https://bit.ly/2RliFF0

著眼多領域作戰 美低調成立首支I2CEWS營級分遣隊
https://bit.ly/2FU1c5z

委內瑞拉半數人口受「祖國卡」監控 中興提供技術
https://www.secretchina.com/news/b5/2019/01/28/883169.html

看看委內瑞拉輸入中共黑科技的下場
https://www.upmedia.mg/news_info.php?SerialNo=56961

射EMP核彈癱瘓台灣?美國會報告驚爆中國新武器
http://news.ltn.com.tw/news/world/breakingnews/2683635

防東奧駭客比較重要!日政府允許官員「入侵」民眾設備,不顧民怨強硬執行、保網路安全
https://www.storm.mg/lifestyle/886024

東奧防駭,日政府允許官員「入侵」民IoT設備
https://bit.ly/2UoDtgN

日強化網路安全 將對2億個連網裝置總體檢
https://www.rti.org.tw/news/view/id/2009869

為確保 2020 東奧安全,日本政府入侵私人物聯網裝置測試密碼強度
https://technews.tw/2019/01/30/japanese-government-hack-into-citizens-iot-devices-for-2020-tokyo-olympic/

美點名中俄網路威脅歷來最大 經濟間諜幾全涉中國
https://newtalk.tw/news/view/2019-01-30/201791

川普被自家情報頭子打臉!國家情報總監國會作戰:伊斯蘭國未被消滅、北韓不太可能放棄核武
https://www.storm.mg/article/892148

美情報巨頭警告:中俄間諜活動歷來之最
https://news.tvbs.com.tw/focus/1075435

美司法部:我們將殲滅北韓駭客網絡
https://www.taiwannews.com.tw/ch/news/3629187

這次俄羅斯駭客盯上的,是偵辦「通俄門」的特別檢察官!穆勒證實「上千份證據已遭竄改散佈」
https://www.storm.mg/article/895917

中共整治網路巨頭吹前奏 人民網三評百度已死
https://bit.ly/2CZQhDf

最大間諜幾乎全涉中國 美國點名 北京回應
https://www.secretchina.com/news/b5/2019/01/31/883444.html

Europol Now Going After People Who Bought DDoS-for-Hire Services
https://bit.ly/2DI79jJ

Police Shut Down xDedic – An Online Market for Cyber Criminals
https://bit.ly/2UymxVx

DHS: ‘Almost unprecedented’ wave of cyber attacks hitting U.S. gov domains during shutdown
https://dailysoundandfury.com/dhs-almost-unprecedented-wave-of-cyber-attacks-hitting-u-s-gov-domains-during-shutdown/

China Blocks Microsoft's Bing Search Engine, Despite Offering Censored Results
https://bit.ly/2FWuBMz

Japanese government plans to hack into citizens' IoT devices
https://www.zdnet.com/article/japanese-government-plans-to-hack-into-citizens-iot-devices/#ftag=RSSbaffb68

Hackers are going after Cisco RV320/RV325 routers using a new exploit
https://www.zdnet.com/article/hackers-are-going-after-cisco-rv320rv325-routers-using-a-new-exploit/#ftag=RSSbaffb68

Pentagon documents the military's growing domestic drone use
https://www.zdnet.com/article/pentagon-documents-the-militarys-growing-domestic-drone-use/#ftag=RSSbaffb68

How the Air Traffic Control system works and fails
https://www.zdnet.com/article/how-the-air-traffic-control-system-works-and-fails/#ftag=RSSbaffb68

Authorities shut down xDedic marketplace for buying hacked servers
https://www.zdnet.com/article/authorities-shut-down-xdedic-marketplace-for-buying-hacked-servers/#ftag=RSSbaffb68

Unsecured MongoDB databases expose Kremlin's backdoor into Russian businesses
https://www.zdnet.com/article/unsecured-mongodb-databases-expose-kremlins-backdoor-into-russian-businesses/#ftag=RSSbaffb68

Why a high-tech border wall is as silly as a physical one
https://www.zdnet.com/article/why-a-high-tech-border-wall-is-as-silly-as-a-physical-one/#ftag=RSSbaffb68

3D printing hands-on: LulzBot Mini 2 first look
https://www.zdnet.com/article/3d-printing-hands-on-lulzbot-mini-2-first-look/#ftag=RSSbaffb68

Technology supports Brazil dam collapse management
https://www.zdnet.com/article/technology-supports-brazil-dam-collapse-management/#ftag=RSSbaffb68

Threat Roundup for Jan. 18 to Jan. 25
https://blog.talosintelligence.com/2019/01/threat-roundup-0118-0125.html

Researchers Release Tool That Finds Vulnerable Robots on the Internet
https://bit.ly/2TfG1xI

APT39: An Iranian Cyber Espionage Group Focused on Personal Information
https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html

Police are now targeting former WebStresser DDoS-for-hire users
https://www.zdnet.com/article/police-are-now-targeting-former-webstresser-ddos-for-hire-users/#ftag=RSSbaffb68

The DDoS that wasn’t: a key takeaway for web domain security
https://www.zdnet.com/article/the-ddos-that-wasnt-a-key-takeaway-for-web-domain-security/#ftag=RSSbaffb68

DOJ moves to take down Joanap botnet operated by North Korean state hackers
https://www.zdnet.com/article/doj-moves-to-take-down-joanap-botnet-operated-by-north-korean-state-hackers/#ftag=RSSbaffb68

Intelligence Chiefs Expect More Cyberattacks Against US
https://www.bankinfosecurity.com/intelligence-chiefs-expect-more-cyberattacks-against-us-a-11983

This DDoS Attack Unleashed the Most Packets Per Second Ever. Here’s Why That’s Important
https://bit.ly/2RuUJ2p

This DDoS Attack Unleashed the Most Packets Per Second Ever. Here’s Why That’s Important
https://bit.ly/2RuUJ2p

New cyber attack could cost US $89B - Lloyd's
https://www.breakingthenews.net/new-cyber-attack-could-cost-us-89b-lloyd-s/news/details/46546318

Israel blocks Iran cyber-attacks ‘daily’: Netanyahu
http://www.nileinternational.net/en/?p=125473

Netanyahu: Iran Attempts "Daily" Cyber Attacks on Israeli Infrastructure
https://iranintl.com/en/world/netanyahu-iran-attempts-daily-cyber-attacks-israeli-infrastructure

The Dangerous Power of DDoS-for-Hire
https://www.corero.com/blog/908-the-dangerous-power-of-ddos-for-hire.html

National Guard Helps Akron Deal With Cyber Attack
https://wakr.net/news/item/164146-ohio-national-guard-helps-akron-handle-cyber-attack

City of Akron Hit by Cyber Attack
https://wakr.net/news/item/164145-city-of-akron-hit-by-cyber-attack

France's Altran Tech hit by cyber attack
https://wdsm710.com/news/articles/2019/jan/28/frances-altran-tech-says-it-was-hit-by-cyber-attack/

A New Massive DDoS Attack bit-and-Piece Pattern Targeting Internet Service Providers
https://gbhackers.com/ddos-attack-bit-and-piece/

Hacking Fortnite Accounts
https://research.checkpoint.com/hacking-fortnite/

What You Think You Know about the OWASP Top 10 May Be Wrong
https://bit.ly/2HIh253

NSFOCUS Releases IP Chain Gang Report on Behavior of Recidivist Hackers
https://nsfocusglobal.com/nsfocus-releases-ip-chain-gang-report-behavior-recidivist-hackers/

NSFOCUS IDENTIFIES IP CHAIN-GANGS IN NEW CYBERSECURITY INSIGHTS REPORT
https://nsfocusglobal.com/nsfocus-identifies-ip-chain-gangs-new-cybersecurity-insights-report/

Firefox will soon warn users of software that performs MitM attacks
https://www.zdnet.com/article/firefox-will-soon-warn-users-of-software-that-performs-mitm-attacks/#ftag=RSSbaffb68

How Integration, Orchestration Help in Battling Cyberthreats
https://bit.ly/2WBgp0a

Russia alleges Cyber Attack on its Presidential Elections from West
https://www.cybersecurity-insiders.com/russia-alleges-cyber-attack-on-its-presidential-elections-from-west/

How Threat Intelligence Can Help Organisations Overcome Cyber Attacks
https://blogs.sap.com/2019/01/31/how-threat-intelligence-can-help-organisations-overcome-cyber-attacks/

徵才 - 聘用人員(系統分析師)
https://www.104.com.tw/job/?jobno=6i56a&jobsource=

徵才 - 總公司資訊安全部資安管理科人員
http://www.yes123.com.tw/admin/job_refer_comp_job_detail2.asp?p_id=20130717103546_84443471&job_id=20190131142231_69689263



D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞

購物網個資被竊 只在官網公告 HOLA遭駭 客險被詐
https://tw.appledaily.com/headline/daily/20190128/38244700/

購物網被駭客資外洩 消費者險被詐騙
https://tw.appledaily.com/new/realtime/20190127/1508106/

HOLA網購配送資料遭駭 客戶機警阻詐騙
https://bit.ly/2S8JFfA

家具購物網個資遭竊! 業者:其他廠商被駭
https://bit.ly/2MBS7yD

誆買1個變5個!民眾控HOLA洩資 訂商品接詐騙電話
https://bit.ly/2MDKwQf

趨勢科技響應國際數據隱私日,四招讓孩子變成個資捍衛戰士
https://blog.trendmicro.com.tw/?p=59161

蘋果詐騙郵件:Another Eden Games 收到訂單
https://www.vedfolnir.com/apple-app-store-scam-mail-another-eden-games-invoice-32049.html

新加坡1.4萬名愛滋病患個資遭洩漏,美國籍詐欺犯為幕後推手
https://asean.thenewslens.com/article/112900

詐欺犯的報復?新加坡HIV帶原者資料庫外洩,14,200個資曝光
https://global.udn.com/global_vision/story/8662/3620972

新加坡 HIV 帶原者資料庫外洩 影響 14,200 當地及外國帶原者
https://unwire.pro/2019/01/30/u-s-citizen-leaks-data-on-14200-people-in-singapore-with-hiv/news/

Data of 14,200 diagnosed with HIV in Singapore leaked online
https://www.zdnet.com/article/data-of-14200-diagnosed-with-hiv-in-singapore-leaked-online/#ftag=RSSbaffb68

滑手機買過年新衣 女大生個資外洩被騙40萬
https://bit.ly/2G2IlV2

北市網路詐騙總額達300萬 詐團都這樣騙
https://udn.com/news/story/7321/3614399

紐約市警局止罪小組探員監守自盜 詐騙銀行150萬
https://bit.ly/2FSCZfZ

偽造銀行本票網購5手袋共142萬 警荃灣擒兩廿歲騙徒
https://bit.ly/2MCnklw

黑幫搞詐欺 放炮恐嚇防抓耙子
https://www.chinatimes.com/newspapers/20190129000574-260106

假檢警來電交出帳戶密碼 婦嚇到睡不著...警助更改保老本
https://www.ettoday.net/news/20190128/1367972.htm

中國盜卡黨攻郵輪犯案 瘋狂刷卡得手逾千萬
https://tw.appledaily.com/new/realtime/20190128/1508510/

被控性侵兒童華裔男 再涉信用卡身分盜竊
https://bit.ly/2Sg9eva

揭開華裔網球教練性侵 「信用卡大軍」詐騙主謀也是他
https://bit.ly/2RUoz5b

技術支援詐騙是什麼,該如何保護自己
https://blog.trendmicro.com.tw/?p=58718

深偽影片流竄 恐加劇假新聞招致混亂
https://money.udn.com/money/story/5599/3619673

臉書發文洩密走光 4招教孩子搞懂資安
https://tw.appledaily.com/new/realtime/20190128/1508814/

網購信用卡被盜用 7澳居民涉案
http://www.mastvnet.com/news/Television/2019-01-25/260455.html

江西去年偵破電信網路詐騙案1.3萬起 集中返還涉案資金
https://news.sina.com.tw/article/20190126/29851544.html

彰警執行斬手行動 掃盪詐騙前線22天逮130名車手
https://bit.ly/2RqJurn

「解除分期付款」已經落伍啦! 最常詐騙手法是這項
https://udn.com/news/story/7239/3622578

阻絕假訊息 臉書擬組監督委員會
https://bit.ly/2sW6CUY

假網拍列詐騙手法之首 內政部呼籲民眾小心查證
https://www.chinatimes.com/realtimenews/20190130002633-260405

扯!6萬人追蹤粉專 網路換匯竟是詐騙
https://news.ebc.net.tw/News/society/150787

歹徒「郵筒釣魚」 華男險失7000美元
https://udn.com/news/story/6813/3627139?from=udn-ch1_breaknews-1-cate5-news

詐騙集團超多 台灣嘉義縣警方17天抓102詐騙犯
https://news.sina.com.tw/article/20190131/29908982.html

涉串謀詐騙6間保險公司18萬賠償 警員與散工遭廉署起訴
http://www.hkcd.com/content/2019-02/01/content_1122703.html

涉詐騙喬州政府財政廳2500萬美元 19歲青少年落網
https://bit.ly/2WvZ4G1

資安研究:5個Collection #系列資料庫,總計彙整了22億組外洩的電子郵件與密碼
https://www.ithome.com.tw/news/128594

黑客入侵!內部身分資料外洩 空中巴士:不會影響營運
https://www.ettoday.net/news/20190131/1370174.htm

Airbus data breach impacts employees in Europe
https://www.zdnet.com/article/airbus-data-breach-impacts-employees-in-europe/#ftag=RSSbaffb68

Airbus Hacked: Aircraft Giant Discloses Data Breach
https://www.bankinfosecurity.com/airbus-hacked-aircraft-giant-discloses-data-breach-a-11985

Airbus Suffers Data Breach, Some Employees' Data Exposed
https://bit.ly/2WBtQxd

Yahoo's Proposed Data Breach Lawsuit Settlement: Rejected
https://www.bankinfosecurity.com/yahoos-proposed-data-breach-lawsuit-settlement-rejected-a-11981

SBI Investigates Reported Massive Data Leak
https://www.bankinfosecurity.asia/sbi-investigates-reported-massive-data-leak-a-11986


E.研究報告

《2018 年雲上挖礦分析報告》發布,熱點漏洞利用成挖礦團伙" 武器庫"
https://www.chainnews.com/articles/635968519729.htm

永恆之藍漏洞復現(ms17-010) 及windows日誌對比分析
https://blog.csdn.net/wy_97/article/details/86665566

有多少漏洞都會重來:從ElasticSearch到MongoDB和Redis
http://www.10tiao.com/html/188/201901/2650280665/1.html

國內安全團隊360Vulcan公佈iOS 12.1越獄漏洞細節
https://www.secrss.com/articles/8034

個案分析-銀行木馬emotet攻擊事件分析報告_10801
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019013111012727689476429621886.pdf

2018年中國網絡安全報告
http://it.rising.com.cn/dongtai/19507.html

Microsoft Exchange 任意用戶偽造漏洞(CVE-2018-8581)分析
https://paper.seebug.org/804/

測試 100% 自動化可行嗎
https://bit.ly/2WpqXPZ

ThinkPHP 5.0命令執行漏洞分析及復現
https://www.freebuf.com/vuls/194127.html

Razer Synapse 3 Windows客戶端本地提權漏洞分析
https://www.anquanke.com/post/id/170013

CVE-2019-6116:ghostscript的沙箱繞過命令執行漏洞預警
https://www.secrss.com/articles/8028

Mirai蠕蟲變種借ThinkPHP漏洞傳播騰訊安全“禦界”全面檢測
https://s.tencent.com/research/report/643.html

[經驗分享]Proxmox VE 複製虛擬機的幾種方法
https://bit.ly/2WoaCLm

[經驗分享]檢測 Proxmox VE 叢集連線健康狀態
https://bit.ly/2SfMziE

CVE-2019-3462 漏洞並不會造成越獄平台 Cydia 受到威脅和影響
https://mrmad.com.tw/cve-2019-3462-vulnerability

MACOS / iOS的漏洞之CVE-2019-6231詳細分析
https://xz.aliyun.com/t/3964

Meltdown 簡單分析:Intel 的漏洞
https://zhuanlan.zhihu.com/p/32778071

WordPress 捐贈插件漏洞,導致網站遭受零日攻擊
https://www.oschina.net/news/104011/wordpress-sites-under-attack-via-zero-day-in-abandoned-plugin

挖洞帶給我快樂,也帶我財富| 全球頂尖漏洞獵人Pranav Hivarekar專訪
https://www.freebuf.com/articles/people/194357.html

有多少漏洞都會重來:從ElasticSearch到MongoDB和Redis
http://www.10tiao.com/html/188/201901/2650280665/1.html

不想看 Google 給你的訂房、購物、銀行廣告?這樣改設定就可以了
https://www.newmobilelife.com/2019/01/26/ad-personalization/

Web滲透實驗:基於Weblogic的一系列漏洞
https://www.freebuf.com/vuls/194811.html

從低危OAuth漏洞到高危存儲型XSS
https://zhuanlan.zhihu.com/p/56043248

超簡單!十分鐘打造漂亮又好用的 zsh command line 環境
https://medium.com/statementdog-engineering/prettify-your-zsh-command-line-prompt-3ca2acc967f?fbclid=IwAR2gN82k7NLtpsfBrSYmyoYycZ7GkaJlIiRo_vSEmnSDHbax9HQVYgj-BHI

Windows Privilege Abuse: Auditing, Detection, and Defense
https://bit.ly/2UuKlt0

2019 Official Annual Cybercrime Report
https://bit.ly/2TouUT2

Sh00T - A Testing Environment for Manual Security Testers
https://bit.ly/2HAlMti

Ethical Hackers Are Working Tirelessly To Protect Your Data
https://hackernoon.com/ethical-hackers-are-working-tirelessly-to-protect-your-data-9170d336a35e

SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1
https://bit.ly/2RiQaIk

SSRF — Server Side Request Forgery (Types and ways to exploit it) Part-2
https://bit.ly/2ScEgnE

SSRF — Server Side Request Forgery (Types and ways to exploit it) Part-3
https://bit.ly/2UksSU8

dirkjanm/PrivExchange
https://github.com/dirkjanm/PrivExchange

Abusing Exchange: One API call away from Domain Admin
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/

Union SQLi Challenges (Zixem Write-up)
https://medium.com/ctf-writeups/union-sqli-challenges-zixem-write-up-4e74ad4e88b4

Static analysis of .net framework binary — IDA Pro newb practice
https://bit.ly/2DGIhZy

Building a Port Scanner in 16 Lines of Code
https://medium.com/ediblesec/building-a-port-scanner-in-16-lines-of-code-26793f53f0b5

Dynamic Data Resolver (DDR) - IDA Plugin
https://blog.talosintelligence.com/2019/01/ddr.html

UEBA in Enterprise SecOps
https://medium.com/@eeubanks/user-and-entity-behavior-analytics-101-3aa5e6c5f63f

4 Tips for Better API Security in 2019
https://medium.com/apis-and-digital-transformation/4-tips-for-better-api-security-in-2019-7d3a3b852a45

Two-Factor Authentication Might Not Keep You Safe
https://medium.com/new-york-times-opinion/two-factor-authentication-might-not-keep-you-safe-191c4533c8e2

Docker and Kubernetes in high security environments
https://medium.com/@chrismessiah/docker-and-kubernetes-in-high-security-environments-d851645e8b99

kpcyrd/rshijack
https://github.com/kpcyrd/rshijack?fbclid=IwAR31K5quRSr9pXCOVEaQh9hPh8YKLrHardwleqDsJsvMJVKalkQSJ_9j0-I

kpcyrd/sn0int
https://github.com/kpcyrd/sn0int?fbclid=IwAR0pCVck525EQrQLsWu-JIngEn6zmGH9Q7YhdY_BSb3W_yjc99JBrma25Bo

0x03 Learning about Universal Links and Fuzzing URL Schemes on iOS with Frida
https://bit.ly/2SfMziE

Starting Embedded Reverse Engineering: FreeRTOS, libopencm3 on STM32F103C8T6
https://bit.ly/2Wtuddb

CTF Writeup: Complex Drupal POP Chain
https://blog.ripstech.com/2019/complex-drupal-pop-chain/?fbclid=IwAR1H9Jgdn_Ll3i6UrWt8cdhjkUF0cGBDxDYifFggTPSVcAUb1sPoceMao3M

Writeup – Samsung Galaxy Apps Store RCE via MITM
https://bit.ly/2CSYcSY


F.商業

實體金鑰安全升級 台業者推雙讀寫頭
https://money.udn.com/money/story/5612/3618279

異康密鑰安全升級 整合行動支付利器
https://money.udn.com/money/story/5613/3618147

改善企業資安架構,思科建議採用NIST框架進行規畫
https://ithome.com.tw/news/128455

透過網路釣魚防護與連網安全軟體保障旅行連線安全
https://www.digitimes.com.tw/iot/article.asp?cat=130&id=0000552472_7E23A4MX8IE8Y01E2CLP3

遠傳歷時4年打造第4代BSS,更要靠IT經驗變身為科技公司
https://www.ithome.com.tw/people/128336

經長一分鐘談經濟 說明Google投資台灣3大意義
https://www.cna.com.tw/news/firstnews/201901270210.aspx

5G顛覆電信營運供應鏈 伺服器、網通廠搶大餅
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000552763_CBP8PCVM5CE30A4LMIRFN

HTC DESIRE 12s推出新色綻放紅 符合GDPR資安標準、同級品唯一搭載 NFC 雙CA
https://www.kocpc.com.tw/archives/241446

不只是假議題!2018 全球資安公司募資金額創新高
https://technews.tw/2019/01/29/vc-funding-of-cybersecurity-companies-2018/

CheckPoint發表第六代網路安全構想 提出奈米安全策略
https://www.chinatimes.com/realtimenews/20190129001356-260412

macOS 10.14.4將帶來新功能:Touch ID自動填寫網頁表單
https://applealmond.com/posts/47427

雲端平台彙整分析取得智慧 呼叫地端防禦配置應有措施 端點防護擴展延伸 逐步落實全視野願景
https://www.netadmin.com.tw/article_content.aspx?sn=1901290010

微軟研究發現,有6成亞太地區零售業因資安疑慮而猶豫是否要數位轉型
https://www.techbang.com/posts/67892-roppongi-asia-pacific-retail-industry-due-to-cyber-security-doubts-delay-digital-transformation

Google Chrome to add drive-by-download protection
https://www.zdnet.com/article/google-chrome-to-add-drive-by-download-protection/#ftag=RSSbaffb68

Mozilla publishes official Firefox anti-tracking policy
https://www.zdnet.com/article/mozilla-publishes-official-firefox-anti-tracking-policy/#ftag=RSSbaffb68


G.政府

華為資通產品有資安疑慮 台南資訊硬體全面禁用
https://www.ettoday.net/news/20190125/1365972.htm

禁華為產品被妹批蠢 黃偉哲強調:遵行中央政策
http://news.ltn.com.tw/news/politics/breakingnews/2684965

痛批哥哥禁中國貨蠢 黃智賢堅持用華為「這就是我比台獨腦殘優秀的原因」
https://www.mirrormedia.mg/story/20190127edi008

名嘴稱用華為讓她「比台獨腦殘優秀」 網友看完都笑了
http://news.ltn.com.tw/news/politics/breakingnews/2684306

國安不容漏洞 嘉義縣市跟進中央禁華為
https://disp.cc/b/163-b8bv

政府懂資安? 張善政:尋找資安長
https://bit.ly/2MzMNMc

台灣公部門將禁用中國手機!張善政批:資安政策紊亂,充滿政治干預
https://bit.ly/2G3aZp3

政府機關禁用中國3C軟硬體 蘇揆:國安不容打折
https://newtalk.tw/news/view/2019-01-25/199675

談資通安全 陳明通:我是果粉 不用微信
http://www.epochtimes.com/b5/19/1/25/n11001794.htm

資安疑慮 政院何不帶頭用國貨
https://udn.com/news/story/11321/3615333

國安無灰色與紅色供應鏈
https://forum.ettoday.net/news/1365327

台政府禁陸設備 美台商會:正確!有益美台合作
http://www.epochtimes.com/b5/19/1/25/n11001280.htm

「看小國怎麼活」 柯文哲訪美前先訪以色列
https://udn.com/news/story/6656/3614249

政院擬禁陸3C產品 陳良基:政府有義務防護
http://www.epochtimes.com/b5/19/1/25/n11001755.htm

唐鳳︰資安法上路 與美密切合作
https://disp.cc/b/163-b7PK

張善政再論對陸管制 國網資安長:硬拗的政客
https://bit.ly/2UgFBr4

張善政力挺華為引論戰 專家:你的個資就是這樣被偷偷的傳送出去的
https://www.cmmedia.com.tw/home/articles/14027

稱禁華為假議題張善政臉書變「資安吐槽大會」 連駭客始祖都暈倒
https://wp.taronews.tw/2019/01/27/238751/

資安發言惹議 張善政邀網友和翟本喬對談
https://money.udn.com/money/story/7307/3620540

公家機關使用中資產品規範 31日公布
http://m.ltn.com.tw/news/politics/paper/1264506

善政啊!你是真的待過宏碁跟GOOGLE,還做過科技部長嗎
https://bit.ly/2RTcsFM

邀業界專家談APP資安漏洞 張善政:中國經常對台灣毛手毛腳
https://bit.ly/2HHSsku

陸製產品資安引疑慮 陳良基:政府法規要跟上
https://bit.ly/2FWxfSm

台政府禁陸資產品 Kolas重申國安無灰色地帶
http://www.epochtimes.com/b5/19/1/28/n11007215.htm

行政院今將公布 禁買中國資通產品原則
https://tw.news.appledaily.com/politics/realtime/20190131/1510538/

政院將公布中國資通品規範 原則全面禁止
https://news.pts.org.tw/article/421222

一銀盜領案建功 調查局新北處資安科長升站主任
https://udn.com/news/story/6656/3623788?fbclid=IwAR37b-YjoZUqcFqVqP2yqZu2e3hQWuflmK2Hm2ZeDNHiG8eHGMaUMN6hP78

NCC:台4G已禁中製設備5G將比照
https://tw.news.appledaily.com/headline/daily/20190130/38246329/

臉書隱私設定都不會?杜紫宸挺華為 網友:聽說是資安專家
https://www.setn.com/News.aspx?NewsID=492628

金管會107年重要施政成果及108年工作重點
https://bit.ly/2Sk8WDq

金管會公布2019年Fintech施政重點
https://www.ithome.com.tw/news/128541

金管會要求各保險公司春節連續假期期間保戶服務不中斷
https://bit.ly/2Ur7wVe

臺北市政府開始推動10萬元以下小額採購全面電子化作業
https://www.ithome.com.tw/news/128527

政院資安長 副秘書長宋餘俠兼任
https://www.cna.com.tw/news/firstnews/201901310054.aspx

各機關使用陸3C產品原則 延至年後公布
https://udn.com/news/story/6656/3624983

財政部補助地方政府強化資安防護作業要點
https://bit.ly/2UwJJn2

H.SCADA/ICS/工控系統

建構多層次防禦機制 同時保護IT、OT安全
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=50&cat2=25&id=0000552715_BS36H3T12PD6IO4H9K4LN

智慧工廠的資安架構
https://blog.trendmicro.com.tw/?p=58494

A new taxonomy for SCADA attacks
https://www.helpnetsecurity.com/2019/01/15/analyze-scada-attacks/

IT Security Vulnerability Roundup – January 2019
https://www.esecurityplanet.com/threats/it-security-vulnerability-roundup-january-2019.html

SCADA System For Oil & Gas Support Management
https://www.cso.com.au/mediareleases/33671/scada-system-for-oil-gas-support-management-of/

GEI: US energy security improved for sixth straight year
https://www.ogj.com/articles/2019/01/gei-us-energy-security-improved-for-sixth-straight-year.html

Security alert for vulnerabilities in Siemens PLCs
https://www.computerweekly.com/news/252456552/Security-alert-for-vulnerabilities-in-Siemens-PLCs


I.教育訓練類

web 應用常見安全漏洞一覽
https://segmentfault.com/a/1190000018004657

OSCP/OSCE – 考前資源整理(持續更新)
https://bit.ly/2B7eyqV

跨網站指令碼( XSS )駭客課程: 從初學者到專家
https://softnshare.com/cross-site-scripting-xss-website-hacking-course/

Learn Python Programming – 7 Courses Video Training Bundle
https://bit.ly/2ThgcNK

How to Recover Lost or Deleted Files
https://bit.ly/2Unedre


J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機

網路攝影機的資安標準
https://scitechvista.nat.gov.tw/c/sTGa.htm

意法半導體與Arilou合作開發 汽車駭客攻擊專用檢測方案
https://tw.finance.appledaily.com/realtime/20190129/1509276

壞人都在用AI了,好人一定要善用
https://www.cw.com.tw/article/article.action?id=5093864

Beers with Talos Ep. #45: SoHo attacks, IoT devices, and the cesspool setting
https://blog.talosintelligence.com/2019/01/beers-with-talos-ep-45-soho-attacks-iot.html

Davos develops drone regulation How-To for governments (and the FAA should pay attention)
https://www.zdnet.com/article/davos-develops-drone-how-to-for-governments-and-the-faa-should-pay-attention/#ftag=RSSbaffb68

The internet of human things: Implants for everybody and how we get there
https://www.zdnet.com/article/the-internet-of-human-things-implants-for-everybody-and-how-we-get-there/#ftag=RSSbaffb68

The Davos crowd had highminded talk about AI, stay tuned for the action
https://www.zdnet.com/article/the-davos-crowd-had-highminded-talk-about-ai-stay-tuned-for-the-action/#ftag=RSSbaffb68

GyoiThon – Machine Learning Penetration Testing
https://bit.ly/2RmEpQU

Adversarial AI: Cybersecurity battles are coming
https://www.zdnet.com/article/adversarial-ai-cybersecurity-battles-are-coming/#ftag=RSSbaffb68

Inside China’s Dystopian Dreams: AI, Shame and Lots of Cameras
https://medium.com/the-new-york-times/inside-chinas-dystopian-dreams-ai-shame-and-lots-of-cameras-ff18d45bfc13

Japan's IoT Security Strategy: Break Into Devices
https://www.bankinfosecurity.com/japans-iot-security-strategy-break-into-devices-a-11977

Car hacking: Are car makers prepared for cyber attacks
https://www.carsifu.my/news/car-hacking-are-car-makers-prepared-for-cyber-attacks


K.CTF

NeverLAN CTF 2019
https://ctftime.org/event/706

STEM CTF: Cyber Challenge 2019
https://ctftime.org/event/661

DEF CON CTF 2019 Quals
https://www.oooverflow.io/dc-ctf-2019-quals/

CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair
https://bit.ly/2CWltVm

Official Website of CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair, Qingdao, China
https://bit.ly/2VnsC8p

NeverLAN CTF
https://neverlanctf.com/


6.近期資安活動及研討會
  Fishackathon Taipei, A Global Sustainability Hackahton  2/3
 https://www.meetup.com/HackerNestTPE/events/242387792/

 Taipei Rails Meetup Tuesday, February 5, 2019
 https://www.meetup.com/rails-taiwan/events/dlgzljyzdbhb/

 高雄 Rails Meetup Wednesday, February 6, 2019
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzdbjb/

 Android Code Club(Taipei) Wednesday, February 6, 2019
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzdbjb/

 HackingThursday 固定聚會 Thursday, February 7, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzdbkb/

 Elixir台灣 台北 Meetup # Wednesday, February 13, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzdbgb/

 Android Code Club(Taipei) Wednesday, February 13, 2019
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzdbrb/

 Women Join Tech Yilan Batch2 Session 3  Wednesday, February 13, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317885/

 Multilayer Perceptron (MLP), Artificial Neural Network (ANN), and Deep Learning  Wednesday, February 13, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257483663/

 HackingThursday 固定聚會 Thursday, February 14, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzdbsb/

 資策會開辦ISO27002資訊安全管理國際認證班 2019/2/16
 https://ithome.com.tw/pr/128353

 Golang Taipei Gathering #37  2/18
 https://www.meetup.com/golang-taipei-meetup/events/256740786/

 Android Code Club(Taipei)  Wednesday, February 20, 2019
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzdbbc/

 Women Join Tech Yilan Batch2 Session 4  Wednesday, February 20, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317920/

 Weight Initialization, Under-/Over-Fitting, & Evaluation of Deep Learning Models  Wednesday, February 20, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257483906/

 第二屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會  2019-02-20(三) 09:00 ~ 17:30 (GMT+8)
 https://www.accupass.com/event/1811190218087771003780

【PowerPoint簡報極限使用】2月主題:十倍速PPT製作  2019-02-20(三) 19:00 ~ 22:00 (GMT+8)
 https://www.accupass.com/event/1810161307265689597830

 HackingThursday 固定聚會 Thursday, February 21, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzdbcc/

  Flutter Codelabs 讀書會 (報名請參閱活動說明)  Thursday, February 21, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258377586/

  [資安專業人才培訓] 108年度培訓單位甄選公告 2/22
  https://www.acw.org.tw/News/Detail.aspx?id=55

 iTHome 台灣雲端大會 Cloud Summit  2019  Call for paper  截止日 2 月 22 日
 https://cloudsummit.ithome.com.tw/cfp/

 [Visualization Series] 公投資料視覺化與選舉分析   2/24
 https://www.meetup.com/R-Ladies-Taipei/events/256933448/

 Women Join Tech Coding Club新竹場第二梯營隊-「魔法種子老師培訓」session5  Tuesday, February 26, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317875/

 如何導入區塊鏈  Tuesday, February 26, 2019
 https://www.meetup.com/Taipei-Blockchain/events/258326339/

 Elixir台灣 台北 Meetup # Monday, March 4, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzfbgb/

 Building and Training Convolutional Neural Networks, CNN  Wednesday, March 13, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484158/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, March 20, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzfbbc/

 Elixir台灣 台北 Meetup # Monday, April 1, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzgbcb/

 Modeling Sequences with Recurrent Neural Networks, RNN  Wednesday, April 3, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484461/

 Industrial Control Systems (ICS) Cyber Security Conference  APAC  April 16-18, 2019
 https://www.icscybersecurityconference.com/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, April 17, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzgbwb/

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
 https://cloudsummit.ithome.com.tw/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

沒有留言:

張貼留言

資安事件新聞週報 2021/9/6 ~ 2021/9/10

  資安事件新聞週報 2021/9/6  ~  2021/9/10 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco 發布Enterprise NFV Infrastructure Software(NFVIS)軟體安全更新 https://us-cert.c...