跳到主要內容

資安事件新聞週報 2019/2/18 ~ 2019/2/22

資安事件新聞週報  2019/2/18  ~  2019/2/22

1.重大弱點漏洞

多個廠商IP Camera未授權遠程命令執行漏洞
https://www.seebug.org/vuldb/ssvid-97810

Dell SonicWall SonicOS 安全漏洞  CVE-2018-9867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9867

VyOS權限提升漏洞  CVE-2018-18556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18556

WinRAR 被曝存在遺留19年的漏洞,影響全球多達5億用戶
https://www.freebuf.com/news/196281.html

存在 14 年的 WinRAR 安全漏洞終於修復
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=810

WinRAR versions released in the last 19 years impacted by severe security flaw
https://www.zdnet.com/article/winrar-versions-released-in-the-last-19-years-impacted-by-severe-security-flaw/#ftag=RSSbaffb68

Severe vulnerabilities uncovered in popular password managers
https://www.zdnet.com/article/critical-vulnerabilities-uncovered-in-popular-password-managers/#ftag=RSSbaffb68

安全播報:新型POODLE攻擊漏洞,影響TLS 1.2協議
https://wosign.com/news/news_2019021402.htm

D-Link DIR-823G無需驗證重啟漏洞  CVE-2018-17880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17880

OfficeScan XG SP1 重大更新通知 CP5294
http://www.trend.com.tw/support/downloads/OSCE/12/TC/patch/osce_xg_sp1_win_zh_tw_criticalpatch_5294_Readme.html

Polycom RealPresence Web Suite信息泄露漏洞 CVE-2018-12592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12592

JVNVU#97449410 Microsoft Exchange 2013 およびそれ以降における NTLM 中継攻撃が可能な脆弱性
https://jvn.jp/vu/JVNVU97449410/

微軟修補IIS造成CPU使用率飆到100%的漏洞
https://ithome.com.tw/news/128905

微軟 Internet Information Services (IIS) 阻斷服務漏洞
https://www.bleepingcomputer.com/news/security/windows-servers-vulnerable-to-iis-resource-exhaustion-dos-attacks/

Windows 7 users: You need SHA-2 support or no Windows updates after July 2019
https://www.zdnet.com/article/windows-7-users-you-need-sha-2-support-or-no-windows-updates-after-july-2019/#ftag=RSSbaffb68

The Windows 10 security guide: How to safeguard your business
https://www.zdnet.com/article/the-windows-10-security-guide-how-to-safeguard-your-business/#ftag=RSSbaffb68

Next Windows update brings better Linux integration
https://www.zdnet.com/article/next-windows-update-brings-better-linux-integration/#ftag=RSSbaffb68

2019 SHA-2 Code Signing Support requirement for Windows and WSUS
https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus

Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes
https://www.zdnet.com/article/microsoft-publishes-security-alert-on-iis-bug-that-causes-100-cpu-usage-spikes/#ftag=RSSbaffb68

Kali Linux 2019.1 Released — Operating System For Hackers
https://thehackernews.com/2019/02/kali-linux-hackers-os.html

Critical Flaw Uncovered In WordPress That Remained Unpatched for 6 Years
https://thehackernews.com/2019/02/wordpress-remote-code-execution.html

GitHub擴大漏洞懸賞計畫,增加獎勵範圍和獎金
https://www.ithome.com.tw/news/128844

關於MongoDB數據庫權限提升漏洞的安全預警
https://developer.huaweicloud.com/hero/thread-14464-1-1.html

思科產品多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/02/20/Cisco-Releases-Security-Updates

Cisco patches a couple of root access-granting security flaws
https://www.zdnet.com/article/cisco-patches-a-couple-of-root-access-granting-security-flaws/#ftag=RSSbaffb68

Another Critical Flaw in Drupal Discovered — Update Your Site ASAP
https://bit.ly/2VahZEX

WhatsApp新漏洞:iPhone用戶可以繞開登錄控制
https://www.ithome.com/0/410/511.htm

SAP NetWeaver SAP Basis AS ABAP權限提升漏洞
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699

Cisco HyperFlex Software 訪問控制錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1666

Adobe重新修補Acrobat與Reader可外洩機密資訊的零時差漏洞
https://bit.ly/2E2eqtp

QNAP 社製 NAS に影響を与えるマルウエアに関する情報について
https://www.jpcert.or.jp/newsflash/2019021501.html

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass
https://www.exploit-db.com/exploits/46444

FTPShell Server 6.83 - 'Account name to ban' Denial of Service (PoC)
https://www.exploit-db.com/exploits/46430

Apache CouchDB 2.3.0 - Cross-Site Scripting
https://www.exploit-db.com/exploits/46406

MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module
https://www.exploit-db.com/exploits/46401

2.銀行/金融/保險/證券/支付系統/ 新聞及資安

中國男子涉嫌提取網銀被盜錢款在日被捕
https://zh.cn.nikkei.com/politicsaeconomy/politicsasociety/34337-2019-02-15-15-39-15.html

華夏銀行內鬼曝光:伺服器植入病毒 賬戶餘額還不變
https://news.sina.com.tw/article/20190203/29947522.html

華夏銀行遭技術經理植入系統病毒 A股同行中估值最低
https://news.sina.com.tw/article/20190203/29947886.html

華夏銀行遭技術經理植系統病毒:賬戶想取多少取多少
https://news.sina.com.tw/article/20190203/29947828.html

銀行工程師用ATM漏洞竊取100萬美元
https://ek21.com/news/tech/63114/

彰銀信用卡 增雙安控機制
https://www.chinatimes.com/newspapers/20190216000294-260205

土銀、彰銀網銀大當機? 銀行:使用量大導致網路壅塞
https://udn.com/news/story/7239/3627823

中大生用程式攻擊中資銀行 終院指行為乎控罪元素 拒撤罪名
https://bit.ly/2GLIOv4

公安部:已立案偵查380餘網貸平台,查扣凍結涉案資產百億
https://news.sina.com.tw/article/20190217/30088158.html

揭秘「網貸」如何變「網騙」:自建資金池大發假標的
https://news.sina.com.tw/article/20190217/30085050.html

花旗銀行提醒使用者注意網絡安全 加強風險管理
https://bit.ly/2UZRm5A

網銀大當機? 彰銀澄清:過年交易量大 速度較慢
https://udn.com/news/story/7239/3627777

土銀網路龜速!狗年最後1個交易日 網銀與APP網路大塞車
https://ec.ltn.com.tw/article/breakingnews/2690305

土銀網路龜速!狗年最後1個交易日 網銀與APP網路大塞車
https://ec.ltn.com.tw/article/breakingnews/2690305

土銀網路銀行.APP出問題  疑似交易量過大導致
http://globalnewstv.com.tw/201902/58047/

大陸央行"三定"規定發佈:將統籌互聯網金融監管工作
https://news.sina.com.tw/article/20190202/29938240.html

中國銀行人員拍攝紀念鈔上傳網路 遭央行點名通報批評
https://news.sina.com.tw/article/20190201/29928356.html

紐約聯邦儲備銀行協助孟加拉國訴訟黑客網路搶劫案
https://news.sina.com.tw/article/20190202/29934624.html

純網銀...完備數位生態圈
https://money.udn.com/money/story/5629/3642885

KDDI宣布公開收購大型網路券商
https://fnc.ebc.net.tw/FncNews/else/69786

提款機偷裝攝錄機盜提 3華裔駭客「看熱鬧」落網
http://www.myspotnews.com/post871547

暗網出現能讓ATM變吃角子老虎的吐鈔攻擊程式
https://www.ithome.com.tw/news/128855

金融業首創!第一銀行「刷臉上班」亮相
https://www.chinatimes.com/realtimenews/20190220001878-260410

中國「隔空盜刷」頻傳 卡放錢包 錢卻1筆筆被刷走
https://bit.ly/2GAkwoH

日本將鬆綁FinTech新創等非銀行業者的匯款限制
https://udn.com/news/story/6811/3655896?from=udn-ch1_breaknews-1-cate5-news

金融犯罪管控不力 渣打銀行被罰1億英鎊
https://money.udn.com/money/story/5599/3656053

丹麥銀行將關閉有洗錢醜聞的分行
https://www.chinatimes.com/realtimenews/20190220003355-260410

All about the cyber attack on Malta’s Bank of Valletta
https://www.peerlyst.com/posts/all-about-the-cyber-attack-on-malta-s-bank-of-valletta-kimberly-crawley

A Programmer Exploits a Crazy Bug in ATMs and Withdraws Over A Million
http://www.ehackingnews.com/2019/02/a-programmer-exploits-crazy-bug-in-atms.html

Malta’s leading bank resumes operations after cyberheist-induced shutdown
https://www.welivesecurity.com/2019/02/15/maltas-leading-bank-resumes-operations-cyberheist-induced-shutdown/

Cyber Attack on Malta’s Biggest Bank
https://www.purevpn.com/blog/cyber-attack-on-malta-bank-of-valletta/

25 million rubles disappeared from the IT Bank, again hacker group Silence
http://www.ehackingnews.com/2019/02/25-million-rubles-disappeared-from-it.html

Is-Cyber Attack fuq il-Bank of Valletta
https://www.bov.com/Pjazza/cyberattack-on-bov

BOV is still trying to recover money and establish source behind cyber attack
https://www.tvm.com.mt/en/news/bov-is-still-trying-to-recover-money-and-establish-source-behind-cyber-attack/

OLYMPIA FINANCIAL GROUP INC. ANNOUNCES RECOVERY FROM RANSOMWARE CYBER ATTACK
http://www.cbj.ca/olympia-financial-group-inc-announces-recovery-from-ransomware-cyber-attack-2/

BRIEF-Olympia Financial Group Inc. Announces Recovery From Ransomware Cyber Attack
https://bit.ly/2SaN0Xt

Metro Bank hit by cyber attack used to empty customer accounts
https://fireballcybersecurity.blogspot.com/2019/02/metro-bank-hit-by-cyber-attack-used-to.html

What Does Wi-Fi Symbol On Credit or Debit Card Mean
https://bit.ly/2Eh7Xw1

三商銀募新血 加薪大PK
https://www.chinatimes.com/newspapers/20190216000292-260205

子公司資安管理專業人員
https://www.104.com.tw/job/?jobno=6ikfm

集保結算所跨界獵才 鎖定大數據、資安菁英
https://www.chinatimes.com/realtimenews/20190218003538-260410

迎接年後轉職潮 富邦產險、台灣人壽啟動徵才計畫
https://bit.ly/2VaeY7H

3.電子支付/電子票證/行動支付/ 新聞及資安

Google Pay信用卡被取消綁定、停用、掛失 其實只是太久沒用
https://www.cool3c.com/article/140568

記名未必有保障!民眾掛失一卡通 仍遭盜用
https://news.tvbs.com.tw/life/1077499

國泰世華MasterPass電子錢包將於108/04/20起終止服務
https://www.cathaybk.com.tw/cathaybk/personal/news/announcement/2019/0125AnnounceInfo/

一卡通發卡量破2000萬張 未來走向多元行動支付服務
https://www.chinatimes.com/realtimenews/20190221003438-260410

10億支付寶用戶不淡定了:壓垮付款的三座大山來臨
https://news.sina.com.tw/article/20190222/30162572.html

香港金管局:電子錢包認證快升級
https://hk.finance.appledaily.com/finance/daily/article/20190211/20610454

4.虛擬貨幣/區塊鍊   新聞及資安

遠傳、SoftBank 完成跨國跨電信區塊鏈行動支付實測
https://money.udn.com/money/story/5617/3658909

沙地阿拉伯央行、阿聯酋銀行 將合作成立跨境加密貨幣交易計劃
https://bit.ly/2NaRLPP

可以用信用卡買加密貨幣了!幣安支援Visa、Mastercard購買
https://bit.ly/2GxXlLU

幣安與支付公司Simplex達成合作新增支持信用卡支付
http://www.sohu.com/a/292798090_114774?scm=1002.590044.0.0

〈區塊鏈大應用〉IHS Markit合作英國區塊鏈新創Cobalt 簡化交易後流程
https://fnc.ebc.net.tw/FncNews/else/69194

曾痛罵比特幣是場騙局!摩根大通將推出自家的「加密貨幣」
https://buzzorange.com/techorange/2019/02/18/jpm-coin/

重大決策!伊朗正式發行基於黃金的加密貨幣Peyman
http://news.knowing.asia/news/77b48181-87c5-4435-a56d-cbd53b0f5394

加密金融服務公司將通過Lloyd's of Bank提供加密保險
https://www.moneybar.com.tw/News/91975

ITM國際信任機器執行長陳洲任:一旦能「連網即上鏈」,這些鏈上新資料將會為台灣帶來新價值
https://bit.ly/2T7dLkc

比特大陸S15礦機被指存在致命漏洞,可修改礦工支付地址
https://www.ccvalue.cn/show/1627

比特幣ATM機從誕生至今,經歷堪稱跌宕起伏
http://news.knowing.asia/news/bec0d382-8212-4a20-be54-2375436956b6

比特幣ATM機真正的競爭力,在於其內部驅動軟體的性能
http://news.knowing.asia/news/befa8c30-9a2a-4d05-a7c2-31d5ac8b74c1

西班牙銀行報告:比特幣是建立不受審查的支付系統的解決方案
http://chainb.com/?P=Cont&id=14130

印度尼西亞正式將加密貨幣合法化
https://bit.ly/2NsoC2Z

2億美元虛擬貨幣「灰飛煙滅」!區塊鏈技術難掩致命缺陷
http://news.knowing.asia/news/9d37cb43-6fc9-47d8-a680-0766449740e7

〈區塊鏈大應用〉德商銀聯手西門子+Continental 完成貨幣市場區塊鏈試驗
https://news.cnyes.com/news/id/4282819

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體

Mac 惡意軟體現身,CookieMiner 竊取用戶密碼、信用卡,還把電腦當挖礦機
https://applealmond.com/posts/47751

駭客利用 Apple 企業開發者證書於主流應用程式植入惡意程式碼
https://unwire.pro/2019/02/16/software-pirates-use-apple-tech-to-put-hacked-apps-on-iphones/news/

報告:表單點擊劫持超越勒索軟體、挖礦劫持成2018年首要威脅
https://www.ithome.com.tw/news/128887

資安業者在Microsoft Store發現8款程式暗藏挖礦功能
https://www.ithome.com.tw/news/128817

Several Cryptojacking Apps Found on Microsoft Store
https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store

黑客不過年:steam盜號木馬再氾濫
https://www.aqniu.com/threat-alert/43558.html

暗網出現能讓ATM變吃角子老虎的吐鈔攻擊程式
https://www.ithome.com.tw/news/128855

惡意軟體安裝器 Rietspoof 透過即時通訊大量感染中
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=806

無檔案惡意程式(Fileless Malware)五種運作方式
https://blog.trendmicro.com.tw/?p=58512

繞過Mac內建保護機制的 Windows惡意執行檔,會下載資料竊取病毒跟廣告軟體
https://blog.trendmicro.com.tw/?p=59591

Mac惡意軟體,偽裝非法破解 程式Adobe Zii,竊取信用卡,還偷挖礦
https://blog.trendmicro.com.tw/?p=59576

DrainerBot infected apps play invisible videos to drain your data
https://www.zdnet.com/article/drainerbot-ad-fraud-scam-causes-infected-apps-to-use-over-10gb-a-month/#ftag=RSSbaffb68

RBI Warns of Fraud That Leverages 'AnyDesk' App
https://www.bankinfosecurity.asia/rbi-warns-fraud-that-leverages-anydesk-app-a-12035

“Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web
https://www.crowdstrike.com/blog/sin-ful-spiders-wizard-spider-and-lunar-spider-sharing-the-same-web/

WannaCry Hero Loses Key Motions in Hacking Case
https://www.bankinfosecurity.com/wannacry-hero-loses-key-motions-in-hacking-case-a-12024

Navigating the murky waters of Android banking malware
https://www.welivesecurity.com/2019/02/15/navigating-murky-waters-android-banking-malware/

ANDROID BANKING MALWARE: SOPHISTICATED TROJANS VS. FAKE BANKING APPS
https://www.welivesecurity.com/wp-content/uploads/2019/02/ESET_Android_Banking_Malware.pdf

Red flags raised over fake banking apps
http://www.fstech.co.uk/fst/Warning_Over_Fake_Banking_Apps.php

Emotet malware tweaks tactics in fresh attack wave
https://brica.de/alerts/alert/public/1247478/emotet-malware-tweaks-tactics-in-fresh-attack-wave/

Android banking malware hitting more users than ever
https://jonmichaelmoy1.wordpress.com/2019/02/15/android-banking-malware-hitting-more-users-than-ever/

ThreatList: Banking Trojans Are Still The Top Big Bad for Email
https://threatpost.com/banking-trojans-top-threat-email/141814/

White hats spread VKontakte worm after social network doesn't pay bug bounty
https://www.zdnet.com/article/white-hats-spread-vkontakte-worm-after-social-network-doesnt-pay-bug-bounty/#ftag=RSSbaffb68

Banking Trojan Attacks Dominated 10+ Billion Cybersecurity Threats in 2018
https://www.tmcnet.com/usubmit/-banking-trojan-attacks-dominated-10-billion-cybersecurity-threats-/2019/02/01/8893106.htm

Global Ransomware Attack Could Cost Businesses Nearly $200B: Study
https://www.programbusiness.com/node/221647

Popular Torrent Uploader 'CracksNow' Caught Spreading Ransomware
https://bit.ly/2T2gbQS

Rietspoof malware spreads via Facebook Messenger and Skype spam
https://www.zdnet.com/article/rietspoof-malware-spreads-via-facebook-messenger-and-skype-spam/#ftag=RSSbaffb68

Ransomware Attack on Crosby International School District IT systems
https://www.cybersecurity-insiders.com/ransomware-attack-on-crosby-international-school-district-it-systems/

APT Malware LOLBins & GTFOBins Attack users by Evading the Security Sysem
https://gbhackers.com/apt-malware-lolbins-gtfobins-attack-users-by-evading-the-security-sysem/

JavaScript bridge makes malware analysis with WinDbg easier
https://blog.talosintelligence.com/2019/02/windbg-malware-analysis-with-javascript.html

Bitdefender releases third GandCrab ransomware free decrypter in the past year
https://www.zdnet.com/article/bitdefender-releases-third-gandcrab-ransomware-free-decrypter-in-the-past-year/#ftag=RSSbaffb68

POS firm says hackers planted malware on customer networks
https://www.zdnet.com/article/pos-firm-says-hackers-planted-malware-on-customer-networks/#ftag=RSSbaffb68

Monero Miner-Malware Uses RADMIN, MIMIKATZ to Infect, Propagate via Vulnerability
https://bit.ly/2V8i4ZJ

Combing Through Brushaloader Amid Massive Detection Uptick
https://blog.talosintelligence.com/2019/02/combing-through-brushaloader.html

Malware that hunts for account credentials on adult websites tripled in 2018
https://www.zdnet.com/article/malware-that-hunts-for-account-credentials-on-adult-websites-tripled-in-2018/#ftag=RSSbaffb68

11 Takeaways: Targeted Ryuk Attacks Pummel Businesses
https://www.bankinfosecurity.com/11-takeaways-targeted-ryuk-attacks-pummel-businesses-a-12040


B.行動安全 / iPhone / Android /穿戴裝置 /App

台灣通訊軟體Jello 貼圖侵權後又引陸資疑云
http://news.dwnews.com/taiwan/big5/news/2019-02-01/60116315.html

訂房網站、航空公司等iOS版App 暗中側錄用戶操作過程
https://www.ettoday.net/news/20190211/1375512.htm

偷錄屏幕截取顧客資訊 Expedia 都有份
https://bit.ly/2tno4ls

鑽蘋果漏洞第三方應用程式業者提供破解版App
https://eunited.com.my/186623

喜歡跟Siri說話嗎?專家示警:語音助理恐被「無聲」控制解鎖、購物
https://ec.ltn.com.tw/article/breakingnews/2703000

破萬 Android App 違規追蹤用戶行為,關閉個人化廣告也沒用
https://technews.tw/2019/02/19/android-app-permanently-record-users-online-activity-for-ad/

iOS 12.1.4爆新災情! 果粉「這點」沒用別急著更新
https://www.chinatimes.com/realtimenews/20190220000017-260412

耗電、不能用Wi-Fi、當機…更新iOS 12.1.4災情頻傳
https://bit.ly/2E5jwVO

愛情銀行App簽到1年獎勵難兌現:我還怎麼相信"愛情"
https://news.sina.com.tw/article/20190222/30166764.html

Android存在與PNG相關漏洞
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16209

Google 加強對 Play Store 中惡意軟體的安全審查
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=803

Tor traffic from individual Android apps detected with 97 percent accuracy
https://www.zdnet.com/article/tor-traffic-from-individual-android-apps-detected-with-97-percent-accuracy/#ftag=RSSbaffb68




C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件

Tor專案發表使用Tor網路傳輸檔案的OnionShare 2
https://ithome.com.tw/news/128886

Chrome 將會讓無痕模式更經得起有心網站的刺探
https://chinese.engadget.com/2019/02/19/google-chrome-incognito-mode-blocking/

前程序員利用漏洞,每月非法獲取老東家多則20餘萬條客戶信息被批捕
http://www.shxwcb.com/237176.html

員工的不當使用習慣,是企業資安最大的弱點
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=805

繼USB炸彈之後,現在有人做了一條內建WiFi的USB傳輸線可以遠端遙控入侵你的電腦
https://bit.ly/2IoC6xD

躲在系統四個月沒被發現?駭客竊取資料的五個隱身術
https://blog.trendmicro.com.tw/?p=59359

卡巴斯基公布2018年第4季DDoS攻擊報告
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16207

Nest偷偷內建麥克風,但Google說不是存心隱瞞
https://www.ithome.com.tw/news/128880?fbclid=IwAR1--aJ9HXlWfNCv-HSkozwJBOomoxm3LWDe-UgOJ55L33E-SskEc9WWgl4

[6個溫習駭客攻擊的議題]資安設備管理實名化
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=71&aid=8715

駭客找到方法「遙控」小米的 M365 電動滑板車(更新官方聲明)
https://chinese.engadget.com/2019/02/15/xiaomi-m365-electric-scooter-hack-bluetooth/

雲端基礎架構之進階持續性攻擊日漸增加
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16206

【線上服務登入將可免記密碼】新型網路身分識別崛起,提升金融與政府服務安全
https://www.ithome.com.tw/news/128595

【全面解析FIDO網路身分識別】無密碼新時代將至!解決網路密碼遭竊與盜用問題
https://www.ithome.com.tw/news/128566

是你朋友嗎?「肥宅駭客」駭麥當勞 APP 帳戶,花 $1 萬台幣點薯條漢堡
https://www.cool-style.com.tw/wd2/archives/396471

技術人員未維護 長沙一單位官網首頁被植入色情頁面
https://news.sina.com.tw/article/20190221/30154050.html

川普擬提馬爾帕斯接管世行 中共借款恐變難
http://www.epochtimes.com/b5/19/2/5/n11025872.htm

陸資插旗叫車平台 專家憂釀國安危機
https://bit.ly/2GQpDAx

瑞士電子投票系統開放全球駭客挑戰,最高獎金 150 萬
https://bit.ly/2ts4epe

紐時:中國伊朗駭客再次猛烈攻擊美國企業
https://www.cna.com.tw/news/afe/201902180310.aspx

報復美國?中國伊朗駭客猛攻 數十企業政府機關受害
https://udn.com/news/story/6811/3650892

未找到後門,德國5G網路可能不會排除華為設備
https://www.ithome.com.tw/news/128862

中共駭客再攻擊美公司 竊軍事和貿易機密
https://bit.ly/2InE2q3

資安公司證實 中國大陸駭客強化對美網攻力道
https://www.ydn.com.tw/News/325277

中國的超監控系統
https://taronews.tw/2019/02/21/261127/

澳大利亞議會遭國家級網路攻擊,三大政黨伺服器皆受影響
https://www.ithome.com.tw/news/128838

澳國會網路遭駭 總理:某一外國政府所為
https://bit.ly/2SHcKjq

澳國會網路遭駭 總理:手法熟練國家所為
https://bit.ly/2tBfeAZ

前CIA分析員:加拿大將成惡意網絡攻擊對象
https://bit.ly/2Gu3lEy

從中國購買舊芯片賣入美國軍方分銷商面臨重罪指控
https://www.aqniu.com/news-views/43759.html

中國武力犯台「軟殺」先行 國策會:應重視資安、輿論等「無形戰場」
https://www.upmedia.mg/news_info.php?SerialNo=57850

美上億個資被駭 專家:或為招募特務
https://bit.ly/2EgcwXo

紐時:陸已重啟網攻 回應美貿易戰
https://udn.com/news/story/11314/3651438

不甩老美抵制!越南仍計畫採用華為5G設備
https://cnews.com.tw/005190215a04/

歐洲運營商青睞中國電信設備,美國抵制華為行動遇阻
https://on.wsj.com/2DT7WwW

英軍情單位打臉 美封殺華為恐現破網
https://www.ydn.com.tw/News/324853

手機正在出賣你?透視美政府為何圍堵華為
http://www.epochtimes.com/b5/19/2/20/n11057019.htm

澳大利亞議會遭國家級網路攻擊,三大政黨伺服器皆受影響
https://www.ithome.com.tw/news/128838?fbclid=IwAR37IEbK_AuEoqf8uGA1aLc9Z42FeuD38WqdQQhHGkqJFkyTrF50BEXrVUE

日IoT設備新規定 2020起需提供資安防護機制與作為
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000553204_IWD1I2C01XZFGT33Z860K

日本自衛隊將加強網戰專家 抵禦中國北韓網軍攻擊
https://www.taiwannews.com.tw/ch/news/3641870

Crowdstrike:中國駭客行動回升 與美國的網絡安全協議基本已遭擯棄
https://bit.ly/2X7Ilt7

面對不同國家駭客,你有多少反應時間
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=807

中國獵豹入侵台灣資安?黃國昌爆指阿里台灣總經理當內應
https://m.ltn.com.tw/news/politics/breakingnews/2704104

叫車服務平台「TaxiGo」驚傳中資!黃國昌爆:背後為中國「獵豹移動」控制
https://www.storm.mg/article/969883

網路攻擊也要快狠準,俄羅斯駭客的攻擊速度是北韓駭客的8倍快
https://www.ithome.com.tw/news/128861

俄羅斯將學「習」 謀全面屏蔽國外網路
https://www.taiwannews.com.tw/ch/news/3642228

中國駭客捲土重來攻美 兩國網路安全協議名存實亡
https://tw.appledaily.com/new/realtime/20190221/1520997/

長沙市場監管局網站被上傳黃色頁面 警方回應
https://news.sina.com.tw/article/20190221/30159830.html

微軟發出警告:俄支持駭客攻擊歐洲智庫和非營利組織
https://bit.ly/2BNebCd

微軟指俄羅斯駭客入侵歐洲智庫
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=809

微軟:歐洲多個民主機構遭網絡攻擊
https://bit.ly/2DYtJna

微軟擴大AccountGuard服務至歐洲12國,保障當地民主組織的帳號安全
https://www.ithome.com.tw/news/128889

伊朗駭客是入侵澳洲議會電腦的幕後黑手
https://on.wsj.com/2NjmKt2

微軟提供歐洲國家安全網路服務,防止來自俄羅斯駭客攻擊
http://technews.tw/2019/02/21/microsoft-says-discovers-hacking-targeting-democratic-institutions-in-europe/

北約軍隊資安單位透過社群網站「釣魚」,發現嚴重資安弱點
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=811

攻撃グループTickによる日本の組織をターゲットにした攻撃活動
https://blogs.jpcert.or.jp/ja/2019/02/tick-activity.html

世界のCSIRTから ~ベトナム(VNCERT, AIS)
https://blogs.jpcert.or.jp/ja/2019/02/cert-vncert-ais22.html

Singapore arms up on cyberdefence experts, opens cyberdefence school
https://www.zdnet.com/article/singapore-arms-up-on-cyberdefence-experts-opens-cyberdefence-school/#ftag=RSSbaffb68

MINDEF Boosts Cyber Defence with Cyber Expert Schemes and New Training School
https://www.mindef.gov.sg/web/portal/mindef/news-and-events/latest-releases/article-detail/2019/February/20feb19_nr

Chinese, Irish hackers are escalating cyber attack against US entities: report
https://vaaju.com/chinese-irish-hackers-are-escalating-cyber-attack-against-us-entities-report/

You have around 20 minutes to contain a Russian APT attack
https://www.zdnet.com/article/you-have-around-20-minutes-to-contain-a-russian-apt-attack/#ftag=RSSbaffb68

Cyber blitzkrieg replaces cyber Pearl Harbor
https://www.zdnet.com/article/cyber-blitzkrieg-replaces-cyber-pearl-harbor/#ftag=RSSbaffb68

Ex-US Intelligence Agent Charged With Spying and Helping Iranian Hackers
https://thehackernews.com/2019/02/iran-hacker-wanted-fbi.html

Hacker puts up for sale third round of hacked databases on the Dark Web
https://www.zdnet.com/article/hacker-puts-up-for-sale-third-round-of-hacked-databases-on-the-dark-web/#ftag=RSSbaffb68

The EU's new copyright laws threaten to destroy the internet
https://www.zdnet.com/article/the-eus-new-copyright-laws-threaten-to-destroy-the-internet/#ftag=RSSbaffb68

GAO gives Congress go-ahead for a GDPR-like privacy legislation
https://www.zdnet.com/article/gao-gives-congress-go-ahead-for-a-gdpr-like-privacy-legislation/#ftag=RSSbaffb68

Thousands of Android apps permanently record your online activity for ad targeting
https://zd.net/2DQ2Y4c

Facebook tackles developer databases leaking at least one million user records
https://www.zdnet.com/article/facebook-tackles-account-takeover-data-exposure-security-failures/#ftag=RSSbaffb68

Protecting Cryptocurrency in the Era of 'Deep Fakes'
https://www.bankinfosecurity.com/interviews/protecting-cryptocurrency-in-era-deep-fakes-i-4256

In Germany, significantly increased the number of cyber attacks on critical infrastructure
https://24-my.info/in-germany-significantly-increased-the-number-of-cyber-attacks-on-critical-infrastructure/

The DDoS attack which crippled Juan Luna Blog coming from China
https://juanluna.site/2019/02/16/the-ddos-attack-which-crippled-juan-luna-blog-coming-from-china/

Indian Cyber attack on Pakistan Foreign ministry data
http://harpalpk.com/indian-cyber-attack-on-pakistan-foreign-ministry-data/

Cyber Security Myths You Must Forget, To Avoid Being Hacked!
https://techeconomy.ng/2019/02/15/cyber-security-myths-you-must-forget-to-avoid-being-hacked/

Vulnerability Analysis of Interdependent Critical Infrastructures upon a Cyber-attack
https://scholarspace.manoa.hawaii.edu/handle/10125/59503

Criminals, Nation-States Keep Hijacking BGP and DNS
https://www.bankinfosecurity.com/criminals-nation-states-keep-hijacking-bgp-dns-a-12028

Cyber criminals increasingly used 'formjacking' to carry out attacks in 2018: study
https://brica.de/alerts/alert/public/1247371/cyber-criminals-increasingly-used-formjacking-to-carry-out-attacks-in-2018-study/

US Hacker Squads Constantly On the Attack in New Cyberwar Strategy
http://strategicstudyindia.blogspot.com/2019/02/us-hacker-squads-constantly-on-attack.html

Cybersecurity: 4 Ways to Prevent Cyber Attacks
https://www.mau.com/workforce-insights/cybersecurity-4-ways-to-prevent-cyber-attacks

How to Secure WordPress Website From Cyber Attacks And Hackers
https://hosting.review/tutorial/secure-wordpress/

In 2018, Ukrainian specialists have blocked about 400 of cyber attacks
http://24-my.info/in-2018-ukrainian-specialists-have-blocked-about-400-of-cyber-attacks/

Average DDoS Attack Volume Tripled in a Year, New Data Reveals
https://businessinsights.bitdefender.com/average-ddos-attack-volume-in-europe-tripled-in-a-year-new-data-reveals

SOC First Defense phase – Breaking the Attack Chain
https://gbhackers.com/soc-defense-attack-chain/

The Mind-Blowing Cost of a Typical Cyber-Attack
https://www.datex.ca/blog/the-mind-blowing-cost-of-a-typical-cyber-attack

Mexico is not prepared to stop a cyber attack, says Harvard Professor
https://www.mexicanist.com/l/mexico-is-not-prepared-to-stop-a-cyber-attack-says-harvard-professor/

A Cyber Attack Is In Your Future: Here’s What You Can Do About It
https://www.totalityservices.co.uk/cyber-attack-future-heres-can/

Australian Information Commissioner reports cyber-attack increase
https://logisticsmagazine.com.au/australian-information-commissioner-reports-cyber-attack-increase/

Cybercriminals shift from quantity to quality in DDoS attacks in 2018
https://www.networkmiddleeast.com/technology/security/85164-cybercriminals-shift-from-quantity-to-quality-in-ddos-attacks-in-2018

Airbus cyber attack believed to be conducted by hackers in China
http://blog.extremehacking.org/blog/2019/02/05/airbus-cyber-attack-believed-conducted-hackers-china/

'Chinese hackers behind cyber attack on aircraft manufacturer Airbus'
http://www.tellerreport.com/tech/---chinese-hackers-behind-cyber-attack-on-aircraft-manufacturer-airbus--.HkZ4iFr4N.html

Cyber Attack and Data Fraud: Marsh-RIMS Study Reveals Top Risks for Indian Companies
https://www.marsh.com/in/insights/research/cyber-attack-and-data-fraud-marsh-rims-study-reveals-top-risks-for-indian-companies.html

Credential Stuffing Attack Hits Dailymotion
https://hackercombat.com/credential-stuffing-attack-hits-dailymotion/

US Government Shutdown made NASA vulnerable to Cyber Attacks
https://www.cybersecurity-insiders.com/us-government-shutdown-made-nasa-vulnerable-to-cyber-attacks/

First Hacker Convicted of ‘SIM Swapping’ Attack Gets 10 Years in Prison
https://staticnetworks.com/first-hacker-convicted-of-sim-swapping-attack-gets-10-years-in-prison/

Hacker destroys VFEmail service, wipes backups
https://blog.malwarebytes.com/cybercrime/2019/02/hacker-destroys-vfemail-service-wipes-backups/

Critics Blast Proposed IT Act Modifications
https://www.bankinfosecurity.asia/critics-blast-proposed-act-modifications-a-12029

Learn How XDR Can Take Breach Protection Beyond Endpoint Security
https://thehackernews.com/2019/02/xdr-edr-solutions.html

Microsoft reveals new APT28 cyber-attacks against European political entities
https://www.zdnet.com/article/microsoft-reveals-new-apt28-cyber-attacks-against-european-political-entities/#ftag=RSSbaffb68

Australia - Hackers 'scramble' patient files in Melbourne heart clinic cyber attack
https://brica.de/alerts/alert/public/1248272/australia-hackers-scramble-patient-files-in-melbourne-heart-clinic-cyber-attack/

[軟體系統]高級資安系統應用工程師(台北)
https://m.1111.com.tw/job/85847406/

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞

英國政府的假新聞調查報告將臉書稱為「數位黑幫」
https://www.ithome.com.tw/news/128834?fbclid=IwAR2-W1DQR7CwseMEVi-mjr98VU3HsR7yrN-qqVAHn57pLT1ttwz4W7Nsk40

瑞典270萬筆病患通話紀錄在毫無防備的伺服器上曝光
https://bit.ly/2EjqGHg

ASRC 2018 郵件安全分析回顧,電子郵件攻擊只會變形不會絕跡
https://ithome.com.tw/pr/128812

他用健保卡猜中密碼 她提款卡遺失遭盜46萬
https://udn.com/news/story/7321/3651913

哈日買家要留意!日本出現 Amazon 釣魚電郵
https://bit.ly/2IyivLI

被盜刷報警!得知嫩妹幹的他秒後悔:早知就不告了
https://news.ltn.com.tw/news/society/breakingnews/2704540

駭入PayPal詐騙 華人賣車損失3000元
https://bit.ly/2V5CEdl

小心了!卡還在身上,錢卻被一筆筆刷走
https://news.sina.com.tw/article/20190217/30085036.html

個資恐遭看光光! 北門三井倉庫行動展覽惹議
https://tw.news.appledaily.com/local/realtime/20190219/1519854/

黑客入侵約會網站 600萬用戶信息外洩
https://bit.ly/2NdWTml

這家公司被曝泄露250萬人信息 工作人員:不知情
https://news.sina.com.tw/article/20190216/30077866.html

深圳人臉識別公司爆資訊漏洞 256萬筆個人資料、行蹤疑遭洩
https://www.upmedia.mg/news_info.php?SerialNo=57700

中國用來監控新疆的「天網」資料庫有漏洞,超過250萬人的資料以及詳細路徑、座標可能外洩
https://bit.ly/2BJAatH

小心被套路 信用卡詐騙簡訊不斷升級
https://ek21.com/news/tech/65076/

詐騙漏洞? Line Pay推紅包功能 反成詐騙新手法
https://www.chinatimes.com/realtimenews/20190216002947-260402

【釣魚騙局】黑客盜取信用卡資訊低能新招切勿上當 網民:騙老人家 9 成 9 中
https://bit.ly/2V5yWjR

山東公安破獲特大網路賭博案,賭資流水達數百億
https://news.sina.com.tw/article/20190216/30078828.html

變臉詐騙(BEC)將深入基層職員,員工沒看穿的騙局,造成的損失可能比病毒還大
https://blog.trendmicro.com.tw/?p=59243

偽造微信聊天截圖騙取大單,金華一快遞小哥詐騙7萬元被刑拘
https://news.sina.com.tw/article/20190203/29947864.html

創新高! 去年遇駭個資近4.5億筆 比2017年增加126%
https://bit.ly/2Bl8nQe

杭州宣判特大詐騙案:80名被告過半數剛畢業,4人未成年
https://news.sina.com.tw/article/20190202/29941458.html

澳洲信用卡詐欺達4.78億澳元
https://www.auliving.com.au/zh-tw/201902/116370.html

電騙黨訛詐新招 西捷航空遭冒名
https://bit.ly/2T6Yoby

新信用卡還未使用 卻遭盜刷近3千元
http://www.epochtimes.com/b5/19/2/1/n11017329.htm

內政部公布2019年詐騙前3強 「假網拍」稱王
https://bit.ly/2DTlHgd

傳美國多家政府機構調查Facebook:與隱私侵權相關
https://news.sina.com.tw/article/20190204/29953292.html

專家提醒:春節期間三類蹭「年味」網路騙局需提防
https://news.sina.com.tw/article/20190204/29952188.html

春節詐騙集團不休息 金管會:留意三角詐騙新手法
https://money.udn.com/money/story/5613/3631085

網路簽賭集團10人落網 營運4月簽注金逾2億
https://bit.ly/2BFJGyc

土耳其大規模打擊非法網路賭博場所
https://news.sina.com.tw/article/20190201/29931686.html

冒充熟人電話詐騙百余萬 內蒙古警方跨越10省市擒凶
https://news.sina.com.tw/article/20190202/29937840.html

【貪小便宜】中國男子使用黑客盜取積分購物 在日本被捕
https://bit.ly/2Io5Nit

「日PO80篇文月賺25K」 大學生遭騙領嘸錢
https://news.tvbs.com.tw/life/1085544

郵件攻擊手法刁鑽仍為駭客最愛 AI分析反制取代條件式規則 商業詐騙電郵肆虐慘重 機器學習偵測演算法有解
https://www.netadmin.com.tw/article_content.aspx?sn=1901310008

線上購物風險增 駭客恐竊取顧客PIN碼
https://udn.com/news/story/6811/3655887

〈詐騙喬妹3〉女星們被詐破億 她就損失4000萬
https://bit.ly/2GUHhTv

招商銀行北京宣武門支行成功攔截1筆電信詐騙
https://news.sina.com.tw/article/20190221/30143450.html

詐騙車手血淚自白!揭犯罪集團「驚人秘密」
https://news.ebc.net.tw/News/living/153317

2018年比特幣最大詐騙案 青海地頭蛇的連環收割術
https://news.sina.com.tw/article/20190220/30140348.html

首宗盜市民身份證提取強積金 警破詐騙集團拘4男女
https://hk.news.appledaily.com/breaking/realtime/article/20190221/59286693

印度國營瓦斯公司外洩逾600萬筆國民身分識別碼
https://www.ithome.com.tw/news/128864

著名交友網 泄600萬帳戶資料 連接fb 用戶恐其他資料遭盜用
https://bit.ly/2Gr16CK

Chinese facial recognition database exposes 2.5m people
https://nakedsecurity.sophos.com/2019/02/15/chinese-facial-recognition-database-exposes-25m-people/

WARNING – New Phishing Attack That Even Most Vigilant Users Could Fall For
https://thehackernews.com/2019/02/advance-phishing-login-page.html

Cyber News Rundown: Photography Site Breached
https://www.webroot.com/blog/2019/02/15/cyber-news-rundown-photography-site-breached/

Hacker Breaches Dozens of Sites, Puts 127 Million New Records Up for Sale
https://thehackernews.com/2019/02/data-breach-website.html

Google Earth accidentally reveals secret military sites
https://www.zdnet.com/article/google-maps-update-accidentally-reveals-secret-military-sites/#ftag=RSSbaffb68

Facebook's Leaky Data Bucket: App Stored User Data Online
https://www.bankinfosecurity.com/facebooks-leaky-data-bucket-app-stored-user-data-online-a-12026

How to Hack Facebook Accounts? Just Ask Your Targets to Open a Link
https://bit.ly/2GPKPGB

Over 92 Million New Accounts Up for Sale from More Unreported Breaches
https://bit.ly/2TWQxdB

Major Crypto Brokerage Coinmama Reports 450,000 Users Affected by Data Breach
https://www.cryptofinancenews.com/2019/02/16/major-crypto-brokerage-coinmama-reports-450000-users-affected-by-data-breach/

Mega-crackers back with nearly 100 million new stolen data records
https://nakedsecurity.sophos.com/2019/02/18/mega-crackers-back-with-nearly-100-million-new-stolen-data-records/

Congress wants Facebook to explain why closed groups leaked user data
https://www.zdnet.com/article/congress-wants-facebook-to-explain-why-closed-groups-leaked-user-data/#ftag=RSSbaffb68

How to protect your Google Account with the Advanced Protection Program
https://www.zdnet.com/pictures/how-to-protect-your-google-account-with-the-advanced-protection-program/#ftag=RSSbaffb68

LPG Gas Company Leaked Details, Aadhaar Numbers of 6.7 Million Indian Customers
https://thehackernews.com/2019/02/indane-aadhaar-leak.html

Fake text generator is so good its creators don’t want to release full version
https://nakedsecurity.sophos.com/2019/02/19/openai-too-scared-to-unleash-full-ai-text-generator/

NoRelationship phishing attack dances around Microsoft Office 365 email filters
https://www.zdnet.com/article/norelationship-attack-dances-around-office-365-email-filters/#ftag=RSSbaffb68

Researcher: Indane Leaks Aadhaar Data on 6.7 Million
https://www.bankinfosecurity.asia/researcher-indane-leaks-aadhaar-data-on-67-million-a-12036

Password Managers Leave Crumbs in Memory, Researchers Warn
https://www.bankinfosecurity.asia/password-managers-leave-crumbs-in-memory-researchers-warn-a-12034

Almost Half A Million Delhi Citizens' Personal Data Exposed Online
https://bit.ly/2SfDGBv

E.研究報告

Web中間件常見漏洞總結
https://www.freebuf.com/articles/web/192063.html

駭客筆記 - 當渣男與騙子遇上駭客
https://bit.ly/2GuDMEb

博雲容器雲平台針對RunC漏洞CVE-2019-5736的說明
http://www.10tiao.com/html/711/201902/2651859710/1.html

“黑客”深度學習之“漏洞挖掘分析技術詳解篇”
http://www.twoeggz.com/news/13515278.html

拒絕超長函數,從兩個curl遠程漏洞說起
https://security.tencent.com/index.php/blog/msg/129

Windows 0day任意文件覆蓋漏洞分析與驗證
https://www.codercto.com/a/51820.html

Jenkins 遠程代碼執行漏洞(CVE-2019-1003000)安全預警
http://sec.sangfor.com.cn/events/200.html

Nexus Repository Manager 3 遠程代碼執行漏洞(CVE-2019-7238) 分析及利用
https://www.anquanke.com/post/id/171116

CVE-2019-7238:Nexus Repository Manager 3 遠程代碼執行漏洞分析
https://cert.360.cn/report/detail?id=3ec687ec01cccd0854e2706590ddc215

HACKER LEXICON: WHAT IS CREDENTIAL STUFFING?
https://www.wired.com/story/what-is-credential-stuffing/

16種方法利用遠程桌面協議漏洞
https://www.aqniu.com/learn/43737.html

Reverse RDP Attack: Code Execution on RDP Clients
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/

研究人員鎖定Collection #1 大型數據洩露背後黑客
https://www.aqniu.com/news-views/43679.html

Threat Actor Behind Collection #1 Data Breach Identified
https://www.recordedfuture.com/collection-1-data-breach/

Dolus:研究人員發布SDN入侵檢測新方法
https://www.aqniu.com/tools-tech/43672.html

Defending against cyberattacks by giving attackers ‘false hope’
https://munews.missouri.edu/news-releases/2019/0128-defending-against-cyberattacks-by-giving-attackers-false-hope/

GSM Sniffing嗅探設備組裝之短信嗅探
https://www.aqniu.com/vendor/43609.html

身份管理的15個安全開發實踐
https://www.aqniu.com/learn/43621.html

史上最大型DDoS攻擊:每秒5億個數據包
https://www.aqniu.com/news-views/43593.html

突發消息|6.17億賬戶信息暗網出售
https://www.aqniu.com/industry/43584.html

70%的公開漏洞出自3家供應商
https://www.aqniu.com/industry/43591.html

一封郵件就能捕獲你的口令散列值
https://www.aqniu.com/hack-geek/43548.html

高交互蜜罐和低交互蜜罐之間有什麼區別
http://netsecurity.51cto.com/art/201901/591256.htm

成為物理黑客吧!利用樹莓派實現P4wnP1項目進行滲透測試
https://www.freebuf.com/geek/195631.html

Malcom:一款功能強大的圖形化惡意軟件通信分析工具
https://www.freebuf.com/sectool/195704.html

通過Webshel​​l遠程導出域控ntds.dit的方法
https://www.freebuf.com/articles/web/195709.html

系統安全之SSH入侵的檢測與響應
https://www.freebuf.com/articles/es/194775.html

為Nginx加入一個使用深度學習的軟WAF
https://www.freebuf.com/articles/web/195563.html

淺談CSV注入漏洞
https://www.freebuf.com/vuls/195656.html

蠕蟲病毒“RoseKernel”迅速蔓延,政企單位網絡易被攻擊
https://www.freebuf.com/articles/paper/195466.html

雷克斯:棧溢出之漏洞利用自動生成
https://www.freebuf.com/vuls/195514.html

“暗流II”再次席捲:多玩旗下“遊戲盒子”疑遭供應鏈攻擊
https://www.freebuf.com/articles/paper/195669.html

分佈式Web漏洞掃描平台WDScanner
https://www.freebuf.com/sectool/195642.html

挖洞经验丨看我如何挖到多个D-LINK高危漏洞
https://www.freebuf.com/vuls/195309.html

某疑似針對中東地區的APT攻擊事件分析
https://www.freebuf.com/articles/web/195481.html

疑似DarkHydrus APT組織針對中東地區的定向攻擊活動分析
https://www.freebuf.com/articles/system/194556.html

威脅快報| 首爆新型ibus蠕蟲利用熱門漏洞瘋狂挖礦牟利
https://www.freebuf.com/vuls/195489.html

郵件釣魚攻擊與溯源
https://www.freebuf.com/vuls/195090.html

rtfraptor:從惡意RTF文件中提取OLEv1對象的工具
https://www.freebuf.com/sectool/194589.html

我所了解的物聯網設備滲透測試手段(硬件篇)
https://www.freebuf.com/articles/wireless/195129.html

電信、百度客戶端源碼疑遭洩漏,驅魔家族竊取隱私再起波瀾
https://www.freebuf.com/articles/system/195274.html

微軟Exchange爆出0day漏洞,來看POC和技術細節
https://www.freebuf.com/vuls/195162.html

分析TLS 1.3降級攻擊以及主要TLS庫中的漏洞
https://www.anquanke.com/post/id/171190

Slack網站上SSRF漏洞的挖掘和防護繞過
https://nosec.org/home/detail/2259.html

Scanning for OWASP Top 10 Vulnerabilities with Metasploit for the Web(w3af)
https://bit.ly/2DVpA3n

360企業安全集團發布《2018勒索病毒白皮書(政企篇)》,去年430萬台電腦遭勒索病毒攻擊
https://www.aqniu.com/vendor/43821.html

通過RDP隧道繞過網絡限制
https://www.freebuf.com/articles/system/195692.html

三星Galaxy App商店漏洞導致中間人攻擊實現遠程代碼執行
https://www.freebuf.com/articles/terminal/195484.html

Radare2:一款類Unix命令行逆向安全框架
https://www.freebuf.com/sectool/195703.html

ATT&CKized Splunk – Threat Hunting with MITRE’s ATT&CK using Splunk
https://bit.ly/2Sb81kF

Windows DHCP Server遠程代碼執行漏洞分析(CVE-2019-0626)
https://paper.seebug.org/819/

struts2漏洞s2-045漏洞利用測試
https://blog.csdn.net/feinifi/article/details/87793420

研究發現對抗攻擊方法可在多個人工智能模型上適用
https://bit.ly/2tA2uu5

BoNeSi - The DDoS Botnet Simulator
https://www.kitploit.com/2019/02/bonesi-ddos-botnet-simulator.html?utm_source=dlvr.it&utm_medium=facebook

DNS Routing for Specific Domains on macOS
https://one.vg/dns-routing-on-macos/?fbclid=IwAR3jvzVpEd3dokdNEs2_kwJqiKFcnhV_2GQ9krcUDhyeEQa4w2t5ugGiLlg


F.商業

在威脅出現之前乾掉它! IBM開發最新虛擬修補漏洞技術
https://pttnews.cc/f8e8d12563

中華電 強攻數位身分認證
https://money.udn.com/money/story/5612/3653571

遍及歐洲12國 微軟擴大政治資安服務
https://www.cna.com.tw/news/ait/201902200234.aspx

國內資安年損8100億!零壹揪奧義智慧 用AI抗駭客
https://ec.ltn.com.tw/article/breakingnews/2704836

NTT 與 Orange 將共同研發5G、AI、IoT等技術
https://news.cnyes.com/news/id/4282363

國內首創資安雲上路 資安防護零時差
https://www.chinatimes.com/realtimenews/20190221003033-260412

BlackBerry獲得加拿大政府資助 BlackBerry QNX將開發全新自動控制系統與概念車型
https://zeekmagazine.com/archives/89271

Cisco tops Q2 targets with revenue of $12.4 billion
https://www.zdnet.com/article/cisco-tops-q2-targets-with-revenue-of-12-4-billion/#ftag=RSSbaffb68

Microsoft removes eight cryptojacking apps from official store
https://www.zdnet.com/article/microsoft-removes-eight-cryptojacking-apps-from-official-store/#ftag=RSSbaffb68

Microsoft is going all-in on 'Inner Source'
https://www.zdnet.com/article/microsoft-is-going-all-in-on-inner-source/#ftag=RSSbaffb68

Microsoft Edge lets Facebook run Flash code behind users' backs
https://www.zdnet.com/article/microsoft-edge-lets-facebook-run-flash-code-behind-users-backs/#ftag=RSSbaffb68

Cisco expects just 422 million 5G connections by 2022
https://www.zdnet.com/article/cisco-expects-just-422-million-5g-connections-by-2022/#ftag=RSSbaffb68

Splunk pulls out of Russia with mysterious statement
https://www.zdnet.com/article/splunk-pulls-out-of-russia-with-mysterious-statement/#ftag=RSSbaffb68

K2 claims victory over zero-day attacks
https://www.zdnet.com/article/k2-claims-victory-over-zero-day-attacks/#ftag=RSSbaffb68

Redis Labs drops Commons Clause for a new license
https://www.zdnet.com/article/redis-labs-drops-commons-clause-for-a-new-license/#ftag=RSSbaffb68

G.政府

【獨家】健保系統今早全台連線異常 民眾看診大塞車
https://tw.news.appledaily.com/life/realtime/20190218/1519235/

健保系統故障全台2萬診所大塞車 健保署:機房更新非駭客攻擊
https://heho.com.tw/archives/39733

健保卡刷不了!健保署:例行性維修
https://bit.ly/2DRDcwk

行政院:副院長兼任資安長 主導跨部會資安政策
https://bit.ly/2GOWs0D

蘇貞昌核定陳其邁兼任行政體系資安長
https://bit.ly/2DU83Z9

臺灣資通安全管理法上路一個月,行政院資安處公布實施現況
https://www.ithome.com.tw/news/128789

23日出訪以色列 柯文哲:要去看看以色列的資安和網軍
https://udn.com/news/story/10930/3651584

行政院技術服務中心 107年第4季資通安全技術報告
https://bit.ly/2tqglDr

確保潛艦國造資安 台船建構獨立辦公室與人員網路管制
https://bit.ly/2V7h3kv

修正行政院國家資通安全會報設置要點第三點、第五點、第七點
https://bit.ly/2NedDd1

行政院國家資通安全會報組織架構圖
https://bit.ly/2TYH2KP

公投電子連署擬6月上線 自然人憑證當認證
https://money.udn.com/money/story/5648/3654350

H.SCADA/ICS/工控系統

西門子工業控制系統SICAM230出現嚴重漏洞
https://www.secrss.com/articles/8399

Phoenix工業交換機曝漏洞石油、能源和海事受影響
https://www.aqniu.com/news-views/43757.html

I.教育訓練類

“黑客”深度學習之“Socket網絡編程詳解”
http://netsecurity.51cto.com/art/201902/591904.htm

如何使用DNS和SQLi從數據庫中獲取數據樣本
https://www.freebuf.com/articles/database/195470.html

AlienVault-OTX及OTX Endpoint Security使用及介绍
https://www.freebuf.com/news/195452.html

從PowerShell內存轉儲中提取執行的腳本內容
https://www.freebuf.com/articles/system/195334.html

全流程信息收集方法總結
https://www.freebuf.com/articles/database/195169.html

suricata下的挖礦行為檢測
https://www.freebuf.com/articles/network/195171.html

asnlookup.py:用於搜索特定組織的ASN 和擁有的IP 地址工具
https://www.freebuf.com/sectool/194590.html

Effective Security Awareness Training  For The Enterprise.
https://www.knowbe4.com/products/enterprise-security-awareness-training/

JavaScript bridge makes malware analysis with WinDbg easier
https://blog.talosintelligence.com/2019/02/windbg-malware-analysis-with-javascript.html

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機

【臺灣中文知識庫實例:中研院中文詞知識庫小組】4年將建百萬詞規模,中研院要打造本土語音應用最大軍火庫
https://www.ithome.com.tw/news/128782

聯網資訊分享及分析中心(IoT-ISAC)成立
https://bit.ly/2GTL4Re

保護重大基礎設施和道路:智慧城市如何出現新風險
https://blog.trendmicro.com.tw/?p=59311

趨勢捐100台AI自走車 供教學與研究
https://money.udn.com/money/story/5612/3654072

物聯網最驚悚之處:我們的生活數據都被記錄,如果賣給廣告業者
https://buzzorange.com/techorange/2019/02/18/iot-data-security/

IoT安全噩夢:Skill Squatting
https://www.aqniu.com/hack-geek/43734.html

配備安全金鑰配置功能的端對端LoRa方案
https://www.eettaiwan.com/news/article/20190219NP21

AI將滲透到IT基礎架構之中
https://www.ithome.com.tw/voice/128800

改善OT應用環境 健全資安產業發展
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=8717

物聯網薪酬平均逾6萬 新農業平均可領46K
https://www.gvm.com.tw/article.html?id=56085

汽車業者尚未重視網路安全
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16208

Avoid Unsecure IoT: Smart Device Shopping Tips
https://www.webroot.com/blog/2019/02/21/avoid-unsecure-iot-smart-device-shopping-tips/

IBM to launch AI research center in Brazil
https://www.zdnet.com/article/ibm-to-launch-ai-research-center-in-brazil/#ftag=RSSbaffb68

Key Security Considerations for AI and Robotics
https://www.bankinfosecurity.com/interviews/key-security-considerations-for-ai-robotics-i-4258

K.CTF

NeverLAN CTF 2019
https://ctftime.org/event/706

STEM CTF: Cyber Challenge 2019
https://ctftime.org/event/661

DEF CON CTF 2019 Quals
https://www.oooverflow.io/dc-ctf-2019-quals/

CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair
https://bit.ly/2CWltVm

Official Website of CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair, Qingdao, China
https://bit.ly/2VnsC8p

NeverLAN CTF
https://neverlanctf.com/

6.近期資安活動及研討會

 【課程】NLP自然語言處理分析實戰,學習非結構化文字分析技術,大幅提升人機溝通的精準與效率  2/23
 https://www.techbang.com/posts/59536-course-nlp-natural-language-processing-analysis-actual-combat

 [Visualization Series] 公投資料視覺化與選舉分析   2/24
 https://www.meetup.com/R-Ladies-Taipei/events/256933448/

 EnCase EnCE認證考試Preparation課程    2019/02/25 (一)~2019/02/27(三)  AM09:00~PM05:00
 https://bit.ly/2U2FXSA

 Women Join Tech Coding Club新竹場第二梯營隊-「魔法種子老師培訓」session5  Tuesday, February 26, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317875/

 如何導入區塊鏈  Tuesday, February 26, 2019
 https://www.meetup.com/Taipei-Blockchain/events/258326339/

 Elixir台灣 台北 Meetup # Monday, March 4, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzfbgb/

 如何推動關鍵基礎設施之醫療及工控系統的資安防護  3/6
 http://www.cisanet.org.tw/Services/express_more?id=2814

 Arduino四軸飛行器開發實作,無人機硬體、無線遙控器、飛控軟體整合、飛行教學,一天學會  3/9
 https://bit.ly/2LdYJ5H

 AI於資訊安全之應用  3/9
 https://hackercollege.nctu.edu.tw/?p=1042

 【補助專班】AI人工智慧應用系列- AIoT智能物聯網開發人才就業養成班[免費諮詢]  3/12
 https://ittraining.kktix.cc/events/aiot-training-2019

 Building and Training Convolutional Neural Networks, CNN  Wednesday, March 13, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484158/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, March 20, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzfbbc/

 國立交通大學 亥客書院 - 網路流量分析與檢測  3/23
 https://hackercollege.nctu.edu.tw/?p=1036

 Black Hat Asia 2019  2019年3月26-29日
 https://ubm.io/2zZu87q 

 Elixir台灣 台北 Meetup # Monday, April 1, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzgbcb/

 Modeling Sequences with Recurrent Neural Networks, RNN  Wednesday, April 3, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484461/

 2019 ICANN APAC-TWNIC Engagement forum  4/16~4/17
 https://forum.twnic.tw/

 Industrial Control Systems (ICS) Cyber Security Conference  APAC  April 16-18, 2019
 https://www.icscybersecurityconference.com/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, April 17, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzgbwb/

 國立交通大學 亥客書院 - 緩衝區溢位攻擊與預防 新竹  4/20
 https://hackercollege.nctu.edu.tw/?p=1052

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
 https://hackercollege.nctu.edu.tw/?p=1054

  iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
 https://cloudsummit.ithome.com.tw/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

留言

這個網誌中的熱門文章

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…