資安事件新聞週報 2/4 ~ 2/8


資安事件新聞週報  2/4  ~  2/8

1.重大弱點漏洞

Marvell Avastar Wi-Fi 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19020802

Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery
https://www.exploit-db.com/exploits/46326

pfSense 2.4.4-p1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/46316

Nessus 8.2.1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/46315

phpMyAdmin 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19020101

廈門航空客服系統任意文件下載漏洞
https://shuimugan.com/bug/view?bug_no=171322

某省出入境便民服务平台存在SQL注射漏洞
https://shuimugan.com/bug/view?bug_no=168827

研究人員發現macOS漏洞:可獲取用戶密碼
https://www.feng.com/iPhone/news/2019-02-07/The-researchers-found-that-the-macOS-to-get-the-user-password_700704.shtml

KeySteal零日漏洞曝光研究者希望蘋果提供macOS除蟲獎勵
https://m.cnbeta.com/view/816023.htm

MacOS 密碼金鑰「Keychain」現保安漏洞 研究員示範偷密碼過程
https://unwire.hk/2019/02/07/macoskeychain/tech-secure/

14歲少年發現FaceTime竊聽漏洞 蘋果9天後才理會
https://bit.ly/2RHT7Ce

漏洞修補前 蘋果暫時禁用 Face Time 群聊功能
https://bit.ly/2RGrCca

iOS 12.1.4 今天正式推出!修正 FaceTime 嚴重漏洞
https://www.newmobilelife.com/2019/02/08/ios-12-1-4-release/

智慧手機韌體更新 › iOS 12.1.4 更新 、macOS 10.14.3 補充更新正式推出,解決 FaceTime 群組通話漏洞
https://www.kocpc.com.tw/archives/242851

蘋果修補包括FaceTime在內的4個iOS漏洞,其中兩個已遭開採
https://www.ithome.com.tw/news/128659

蘋果 macOS 零日資料洩露漏洞
https://www.hkcert.org/my_url/zh/alert/19020804

蘋果產品多個漏洞
https://www.hkcert.org/my_url/zh/alert/19020803

旅遊搜索網站Skyscanner推出漏洞獎勵計劃,最高獎勵2000美元
https://www.secrss.com/articles/8136

微信7.0.3更新修復已知漏洞,但仍有一些問題,華為榮耀用戶躺槍
https://ek21.com/news/tech/57083/

Cisco 路由器存在漏洞 CVE-2019-1653
http://tech.ifeng.com/a/20190201/45305210_0.shtml

5G網路存在漏洞 號碼、文本等信息可能會泄露
https://news.sina.com.tw/article/20190202/29937064.html

研究人員警告:安全漏洞將允許基於5G網絡的間諜活動
https://www.pingwest.com/w/183294

與部份防毒軟體不相容!Mozilla暫停自動更新Firefox 65
https://www.ithome.com.tw/news/128616

Tenda AC9路由器存在命令執行漏洞
http://www.cnvd.org.cn/flaw/show/CNVD-2019-00015

Android 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19020801

Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software
https://bit.ly/2BvFvoH

CUJO Firewall User Enumeration / Authorization Bypass
https://www.anquanke.com/vul/id/1466986

Megaxus Reflectied XSS
https://www.anquanke.com/vul/id/1468791

Google releases Chrome extension to check for leaked usernames and passwords
https://www.zdnet.com/article/google-releases-chrome-extension-to-check-for-leaked-usernames-and-passwords/#ftag=RSSbaffb68

Recently patched Ubuntu needs another quick patch
https://www.zdnet.com/article/recently-patched-ubuntu-needs-another-quick-patch/#ftag=RSSbaffb68

Firefox to block auto-playing audio starting March 2019
https://www.zdnet.com/article/firefox-to-block-auto-playing-audio-starting-march-2019/#ftag=RSSbaffb68

Linux kernel gets another option to disable Spectre mitigations
https://www.zdnet.com/article/linux-kernel-gets-another-option-to-disable-spectre-mitigations/#ftag=RSSbaffb68

微軟向Windows 10各版本重發幽靈變種漏洞的緩解更新
https://www.landiannews.com/archives/55408.html

微軟推出更新修補Spectre Variant漏洞
https://m.linuxidc.com/Linux/2019-02/156755.htm

New Windows 10 19H1 test build adds more search, mixed reality tweaks
https://www.zdnet.com/article/new-windows-10-19h1-test-build-adds-more-search-mixed-reality-tweaks/#ftag=RSSbaffb68

ImageMagick CVE-2019-7397 Denial of Service Vulnerability
https://www.anquanke.com/vul/id/1471760

River Past Audio Converter 7.7.16 Denial Of Service
https://www.anquanke.com/vul/id/1472002

Device Monitoring Studio 8.10.00.8925 Denial Of Service
https://www.anquanke.com/vul/id/1471998

Joomla WebMapPlus 1.0 SQL Injection - CXSecurity.com
https://www.anquanke.com/vul/id/1473310

2.銀行/金融/保險/證券/支付系統/ 新聞及資安

金融科技泄密增 香港私隱署年內發指引 研修例擴權力強制企業通報 最快上半年交建議
https://bit.ly/2RGiKDu

香港 資訊科技專家 方保僑預測流年網絡趨勢
https://bit.ly/2WHWNrk

華夏銀行"內鬼"給系統植病毒 以測試BUG盜取700餘萬
https://news.sina.com.tw/article/20190202/29940486.html

華夏銀行內鬼在總行伺服器植病毒 賬戶餘額取之不盡
https://news.sina.com.tw/article/20190202/29938714.html

華夏銀行技術內鬼伺服器植病毒 賬戶餘額花不完
https://www.secretchina.com/news/b5/2019/02/03/883706.html

華夏銀行內鬼曝光:伺服器植入病毒 賬戶餘額還不變
https://news.sina.com.tw/article/20190203/29947522.html

中國華夏銀行技術經理把自家銀行系統植入病毒竊得700多萬人民幣,被捕辯稱是在測試漏洞
https://bit.ly/2Bkh4dM

技術處長給自家銀行植入病毒分1300次盜取718萬
https://news.sina.com.cn/s/2019-02-02/doc-ihrfqzka3189343.shtml

程序員發現了一個荒謬的ATM漏洞,讓他可以提取100萬美元的現金
https://bit.ly/2RFMO21

將來銀行籌備處總經理梅驊:純網銀的突破點,在於去找到人與人之間的交疊處
https://bit.ly/2BsQM9c

Programmer finds ridiculous ATM loophole that let him withdraw $1 million in cash
https://www.theverge.com/2019/2/5/18212902/huaxia-bank-qin-qisheng-atm-loophole-hack-china

Chinese bank’s software chief jailed after finding way to withdraw US$1m in ‘free’ cash from ATMs
https://www.scmp.com/news/china/society/article/2184883/chinese-banks-software-chief-jailed-after-finding-way-withdraw

紐約聯邦儲備銀行協助孟加拉國訴訟駭客網絡搶劫案
https://bit.ly/2MUNsZ2

爭中標銀行KYCU 環聯暫未得手 銀公待保安漏洞報告完成才定奪
https://hk.finance.appledaily.com/finance/daily/article/20190207/20608002

Software executive exploits ATM loophole to steal $1 million
https://www.zdnet.com/article/software-exec-jailed-after-exploiting-atm-loophole-to-steal-1-million/#ftag=RSSbaffb68

Bangladesh Bank Sues to Recover Funds After Cyber Heist
https://www.bankinfosecurity.com/bangladesh-bank-sues-to-recover-funds-after-cyber-heist-a-11993

3.電子支付/電子票證/行動支付/ 新聞及資安

街口接管Jello遭網友質疑 胡亦嘉喊告
https://www.ettoday.net/news/20190201/1371844.htm

行動支付好方便 政院:留意使用安全
https://www.chinatimes.com/realtimenews/20190208000596-260407

聰明使用行動支付 兼顧安全與便利
https://www.ydn.com.tw/News/323628

手機世代來了! 行政院:行動支付普及率達50.3%
https://www.ettoday.net/news/20190208/1371493.htm

行動支付超方便 政院提醒不要隨意點選來路不明優惠
https://tw.appledaily.com/new/realtime/20190208/1509556/

Singapore banks given more time to adopt e-payment protection guidelines
https://www.zdnet.com/article/singapore-banks-given-more-time-to-adopt-e-payment-protection-guidelines/#ftag=RSSbaffb68

4.虛擬貨幣/區塊鍊   新聞及資安

交易所負責人逝世丟失冷存私鑰 1.9 億美元就此石沉大海
https://bit.ly/2UzCISs

比被駭還慘?加拿大交易所創辦人驟逝 冷錢包42 億元遭鎖死
https://www.inside.com.tw/article/15516-quadrigo-cryptocurrency-bitcoin-exchange-gerald-cotten-death

加拿大最大的數位貨幣交易所因為 CEO突然死亡,導致「找不到」保管的1.9億美元數位貨幣
https://www.techbang.com/posts/67995-quadriga-exchange-ceo-death-cold-wallet-key-lost

偷掘加密貨幣 2018 年最惡 不能視而不見
https://bit.ly/2Txus5f

報告:2018年數位貨幣被盜和詐騙金額,是2017年的300%以上
https://news.sina.com.tw/article/20190201/29928578.html

區塊鏈更臻成熟 狗年4大趨勢凸顯技術快速落地要大運用
https://www.ettoday.net/news/20190205/1373270.htm

Cryptocurrency Firm Loses $145 Million After CEO Dies With Only Password
https://bit.ly/2UJKzNk

Outlaw Shellbot infects Linux servers to mine for Monero
https://www.zdnet.com/article/outlaws-shellbot-infects-servers-for-monero-mining/#ftag=RSSbaffb68

$145 million funds frozen after death of cryptocurrency exchange admin
https://www.zdnet.com/article/145-million-funds-frozen-after-death-of-cryptocurrency-exchange-admin/#ftag=RSSbaffb68

The Persistent Threat of Nation-State Cyberattacks
https://www.bankinfosecurity.com/interviews/persistent-threat-nation-state-cyberattacks-i-4236

秘密修補後再公布,Zcash含有可無限偽造加密貨幣的安全漏洞
https://www.ithome.com.tw/news/128638

Zcash Discloses Vulnerability That Could Have Allowed 'Infinite Counterfeit' Cryptocurrency
https://bit.ly/2Ddm97A

Critical Zcash Bug Could Have Allowed 'Infinite Counterfeit' Cryptocurrency
https://bit.ly/2SvFqeh

Another BBC bitcoin scam. Email is from a compromised School email account
https://bit.ly/2tkVpOd

4 Reasons to Believe the Deep State (or the NSA) Created Bitcoin
https://bit.ly/2UJ5VKs

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體

首爆新型ibus 蠕蟲,利用熱門漏洞瘋狂挖礦牟利
https://www.chainnews.com/articles/415977948341.htm

惡意程式入侵Google Play 推送欺詐色情廣告
https://news.tvbs.com.tw/life/1076741

Android手機用戶注意:多款美肌相機應用程式會發送詐欺和色情內容,下載量已高達數百萬次
https://www.cool3c.com/article/140802

Google Play出現惡意相機程式
https://bit.ly/2sY5ksD

後門程式SpeakUp瞄準Linux而來,6種OS版本遭殃、macOS也難倖免
https://ithome.com.tw/news/128631

Security researchers discover new Linux backdoor named SpeakUp
https://www.zdnet.com/article/security-researchers-discover-new-linux-backdoor-named-speakup/#ftag=RSSbaffb68

Mac 惡意軟體現身,CookieMiner 竊取用戶密碼、信用卡,還把電腦當挖礦機
https://applealmond.com/posts/47751

美國將對北韓殭屍網絡作定位及干預
https://bit.ly/2S9U9Mu

擷取桌面截圖的JobCrypter勒索病毒變種,索1,000 歐元贖金
https://blog.trendmicro.com.tw/?p=59240

2019 年 TOP 10 免費資安防毒軟體
https://bit.ly/2TyOJHz

New Mac Malware Targets Cookies to Steal From Cryptocurrency Wallets
https://bit.ly/2t6adjt

FBI Mapping 'Joanap Malware' Victims to Disrupt the North Korean Botnet
https://bit.ly/2WKjCKY

Pro-Tibet groups targeted with ExileRAT in spy campaign
https://www.zdnet.com/article/pro-tibet-groups-targeted-with-exilerat-in-spam-campaign/#ftag=RSSbaffb68

CookieMiner Malware Can Steal Crypto Exchange Cookies, Saved Passwords and iPhone SMS Messages
https://bit.ly/2WIP5gK

B.行動安全 / iPhone / Android /穿戴裝置 /App

安卓系統這麼危險嗎?99.9%存在安全漏洞
http://www.sohu.com/a/292815528_123753

香港地區 Google Play 商店應用程式保安風險報告 (2019年1月)
https://www.hkcert.org/my_url/zh/blog/19013101

過年想要拍出好氣色,當心29款美肌相機應用程式會發送色情內容,還會偷個資盜用照片
https://blog.trendmicro.com.tw/?p=59258

iOS 12~12.1.2 固定Nonce工具NonceReboot12XX使用教學技巧
https://mrmad.com.tw/noncereboot12xx

iOS 12免越獄修改iPhone電信名稱教學技巧 CarrierChanger12
https://mrmad.com.tw/carrierchanger12

iOS 12.1.1 和 iOS 12.1.2 認證關閉,蘋果完美封堵 iOS 12 越獄漏洞版本
https://mrmad.com.tw/apple-sining-ios-12-1-2

iOS 12.1.4發佈前,谷歌提醒有駭客利用零日漏洞攻擊
http://big5.pconline.com.cn/b5/news.pconline.com.cn/1229/12294396.html

日警為破案 5萬元報酬解鎖iPhone
https://bit.ly/2MOXYAH

Facebook利誘青少年裝app收集數據 單靠社交媒體自律並不足夠
https://bit.ly/2S9uJ1J

年輕人深愛的抖音,是中國的「間諜網路」
https://bit.ly/2HTX6fy

嚴防資安危機、傷身失智 智慧型手機安全守則
https://bit.ly/2I8MJVo

多支 iPhone App 遭爆側錄手機螢幕,用戶資料「裸奔」
https://www.inside.com.tw/article/15520-Many-popular-iPhone-apps-secretly-record-your-screen-without-asking

多款 iPhone 知名軟體爆出錄製使用者畫面,蘋果要求移除否則下架
https://applealmond.com/posts/48010

多款知名 iOS apps 被揭偷錄用戶操作畫面!蘋果急發下架警告
https://bit.ly/2RN2lx9

多款知名 iOS apps 被揭偷錄用戶操作畫面!蘋果急發下架警告
https://bit.ly/2RN2lx9

華為P30、P30 Pro外觀曝光了!Spigen官網直接洩露秘密
https://applealmond.com/posts/47965

德國反壟斷機構裁決 臉書不得共用旗下軟體的使用者資料
http://news.ltn.com.tw/news/world/breakingnews/2693267

蘋果遭控強逼用戶買新充電器 再面臨集體訴訟
https://www.chinatimes.com/realtimenews/20190207000598-260412

由於同性戀約會應用程序的安全漏洞,數百萬張裸照片在網上洩露
https://bit.ly/2TDRKXc

手機檢測APP受歡迎 點子科技持續投入新市場
https://bit.ly/2US7x4Z

為何華為的收訊比iPhone好呢
https://www.kocpc.com.tw/archives/242878

繞過App Store審查 濫用測試機制 「fb研究」蒐私隱 蘋果煞停
https://hk.news.appledaily.com/international/daily/article/20190201/20603995

Facebook Paid Teens $20 to Install 'Research' App That Collects Private Data
https://bit.ly/2ULQpOh

Android Security Monthly Recap #1 | January 2019
https://bit.ly/2t8GF4M

Android Phones Can Get Hacked Just by Looking at a PNG Image
https://bit.ly/2HXSdSN

How to Delete Accidentally Sent Messages, Photos on Facebook Messenger
https://bit.ly/2HZG6EC

C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件

《李忠憲專欄》哲學型的資安人
https://taronews.tw/2019/02/02/244186/

保安建議:加強 DNS 基建保安
https://www.hkcert.org/my_url/zh/blog/19012502

缺乏抓漏獎勵,研究人員拒絕與蘋果分享漏洞資訊
https://www.ithome.com.tw/news/128647

駭客如何在地下市場賺黑心錢
https://blog.trendmicro.com.tw/?p=58509

網站的功能可能就是駭客攻擊的弱點,資安顧問揭露網站的潛在威脅
https://www.ithome.com.tw/news/128605

揭露匈牙利營運商嚴重漏洞的白帽駭客面臨八年牢獄之災
https://www.landiannews.com/archives/55326.html

惡名昭彰的伺服器「肉雞」伺服器權限市場 xDedic 被查抄
https://www.kocpc.com.tw/archives/242561

無密碼登入已成新趨勢,未來將更常出現在生活周遭
https://www.ithome.com.tw/news/128602

現代IT環境的伺服器安全防護
https://blog.trendmicro.com.tw/?p=58720

假新聞、資訊戰亂象!學者感慨「悲劇天才」已故美國知名駭客會怎麼看
https://bit.ly/2t775UE

資通設備禁令紛爭下,你該具備的資安意識
http://news.pchome.com.tw/science/technews/20190201/index-54898714030770232005.html

華為有漏洞! 美駐歐大使籲大眾拒用
https://bit.ly/2BoTpZv

美示警歐洲盟邦:不要採購華為 5G 設備
https://technews.tw/2019/02/06/usa-warn-european-alliance-not-buying-huawei-5g/

德國政策轉彎 5G建設不將華為排除在外
https://www.ydn.com.tw/News/323635

動作一波波 美持續施壓華為中興
https://udn.com/news/story/12639/3632724

是否禁用華為5G GSMA月底辯論/國安、資安疑慮 歐盟考慮提案實質禁用
https://www.wellhawk.com/news/12944.html

美國揚言 歐盟若採用華為等中國電信設備恐遭美國反制
https://udn.com/news/story/12639/3633652

遭爆要用特殊條款封殺華為、中興 義大利政府否認
http://ec.ltn.com.tw/article/breakingnews/2693489

歐盟封殺華為 德國斯洛伐克「開綠燈」
https://bit.ly/2HRSvu4

歐洲最後防線垮了? 這國將靠秘密武器封殺華為
https://www.chinatimes.com/realtimenews/20190208000034-260410

挪威政府安全報告點名華為 陸回應:無端攻擊、荒唐
https://www.ettoday.net/news/20190205/1373429.htm

重建資安信心難,華為:需要 5 年才能消除恐懼
https://bit.ly/2MWKsLx

期待華為公正使用5G 美網路外交官:天真
https://tw.appledaily.com/new/realtime/20190208/1514098/

又一北歐國劍指華為!遭陸譏市場「小如蚊子」
https://www.chinatimes.com/realtimenews/20190205001515-260408

丹麥警方突擊檢查 華為兩員工遭驅逐出境
https://newtalk.tw/news/view/2019-02-05/204222

美警告歐盟各國 勿購華為、中興5G設備 「會有國安後遺症」
https://bit.ly/2GuDbBu

美情報首長:中國靠著竊美智財權崛起
https://ec.ltn.com.tw/article/paper/1266027

美示警歐洲盟邦:不要採購華為5G設備
https://money.udn.com/money/story/5599/3632232

澳洲國會網路遭駭 尚無證據顯示數據失竊
https://money.udn.com/money/story/5599/3633677

澳國會網路遭駭 尚無資料外洩
https://www.ydn.com.tw/News/323638

澳洲議會網絡再遭黑客入侵 疑與中共有關
http://www.epochtimes.com/b5/19/2/8/n11031860.htm

北京駭客攻擊挪威公司 企圖竊客戶機密
https://www.secretchina.com/news/b5/2019/02/07/884091.html

可惡!中國駭進挪威軟體公司 企圖竊取客戶機密
http://news.ltn.com.tw/news/world/breakingnews/2692938

搶在MWC前發佈行政命令!傳白宮將在MWC前簽署新的中國電信設備禁令
https://applealmond.com/posts/48020

日本物聯網終端防禦對策將成為義務
https://zh.cn.nikkei.com/politicsaeconomy/politicsasociety/34185-2019-02-01-02-08-02.html

日政府以奧運保安為名 准情報人員入侵民眾IP地址
https://hk.news.appledaily.com/international/realtime/article/20190202/59217391

如何檢舉翻牆的中國網民?這招幫助他們找到回家的路
https://bit.ly/2teAlc1

暗網/代客扎愛滋針、性侵、殺人 只有這裡沒人敢接案
https://www.ettoday.net/news/20190206/1362215.htm

暗網/詐團在這收台灣購物網一手個資 還註明女性為佳
https://www.ettoday.net/news/20190207/1362634.htm

Hacker who reported flaw in Hungarian Telekom faces up to 8-years in prison
https://bit.ly/2MUxVs8

Slow Loris — Rethinking DoS attacks
https://medium.com/front-end-weekly/slow-loris-rethinking-dos-attacks-bd1ca5091bfe

First Hacker Convicted of 'SIM Swapping' Attack Gets 10 Years in Prison
https://bit.ly/2DTkcia

Two hacker groups responsible for 60 percent of all publicly reported hacks
https://www.zdnet.com/article/two-hacker-groups-responsible-for-60-percent-of-all-publicly-reported-hacks/#ftag=RSSbaffb68

Digital sign systems allowed hacker access through default passwords
https://www.zdnet.com/article/digital-sign-systems-allowed-hacker-access-through-default-passwords/#ftag=RSSbaffb68

Over 485,000 Ubiquiti devices vulnerable to new attack
https://www.zdnet.com/article/over-485000-ubiquiti-devices-vulnerable-to-new-attack/#ftag=RSSbaffb68

Security firm identifies hacker behind Collection 1 leak, as Collection 2-5 become public
https://zd.net/2DUevka

Cyberbit: A military approach to training cyber security teams
https://www.zdnet.com/article/cyberbit-a-military-approach-to-training-cyber-ecurity-teams/#ftag=RSSbaffb68

Hacker discloses Magyar Telekom vulnerabilities, faces jail term
https://www.zdnet.com/article/white-hat-hacker-discloses-magyar-telekom-vulnerability-faces-jail/#ftag=RSSbaffb68

Pwnhead takes down controversial security researchers ranking after criticism
https://www.zdnet.com/article/pwnhead-takes-down-controversial-security-researchers-ranking-after-criticism/#ftag=RSSbaffb68

Embracing Digital Risk Protection: Take Your Threat Intelligence to the Next Level
https://www.bankinfosecurity.com/embracing-digital-risk-protection-take-your-threat-intelligence-to-next-level-a-11990

Stolen RDP Credentials Live On After xDedic Takedown
https://www.bankinfosecurity.com/stolen-rdp-credentials-live-on-after-xdedic-takedown-a-11987

Get a Lifetime Subscription to Unlimited VPN for just $59.99 (5 Devices)
https://bit.ly/2RKeToY

Flaws in Popular RDP Clients Allow Malicious Servers to Reverse Hack PCs
https://bit.ly/2TAyLNb

How vulnerable is the Tor Network to BGP Hijacking Attacks
https://medium.com/@nusenu/how-vulnerable-is-the-tor-network-to-bgp-hijacking-attacks-56d3b2ebfd92

Get a Lifetime Subscription to Unlimited VPN for just $59.99 (5 Devices)
https://bit.ly/2ROu1BM

IMPROVING SECURITY THROUGH LEADERSHIP AND CULTURE
https://www.eccu.edu/improving-security-through-leadership-and-culture/

科技報橘 2019 全面徵才 ── 跟我們一起找到台灣在國際中的創新產業定位
https://buzzorange.com/techorange/2019/02/01/2019-we-are-hiring/

徵才 - 資安分析工程師 (上班地點:高雄)
https://bit.ly/2HSDCrB

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞

鹹濕簡訊 外流 貝佐斯怒 疑政治陰謀 幕後黑手指向川普
https://tw.appledaily.com/international/daily/20190201/38247849/

隨意下載美肌App 小心個資被竊
https://bit.ly/2WLtdS7

被控竊澳洲財富管理公司客戶個資 中國男傳潛逃被抓認罪
http://news.ltn.com.tw/news/world/breakingnews/2693426

網傳唐鳳開發"美玉姨"監控 遭斥假新聞
https://www.ttv.com.tw/news/view/10802020009600I/579

Google挨罰 凸顯個資保護重要性
https://money.udn.com/money/story/5628/3629725

內政部公布2019年詐騙前3強 「假網拍」稱王
https://bit.ly/2DTlHgd

網嗆「斬首蔡英文」觸法! 刑事局介入調查
https://bit.ly/2Bnzx99

資安研究:5個Collection #系列資料庫,總計彙整了22億組外洩的電子郵件與密碼
https://www.ithome.com.tw/news/128594

創新高! 去年遇駭個資近4.5億筆 比2017年增加126%
https://bit.ly/2Bl8nQe

加國驚現「漢堡大盜」 女子銀行卡遭刷剩1.99元
https://bit.ly/2RG6rae

Airbus Suffers Data Breach, Some Employees' Data Exposed
https://bit.ly/2RG8GKP

A Phishing Guide: Lessons Learned on the Journey to Detecting Phishing Domains
https://bit.ly/2RGEdw3

Huddle House restaurant chain announces breach of POS system
https://www.zdnet.com/article/huddle-house-restaurant-chain-announces-breach-of-pos-system/#ftag=RSSbaffb68

Aetna Fined Yet Again for Exposing HIV Information
https://www.bankinfosecurity.com/aetna-fined-yet-again-for-exposing-hiv-information-a-11991


E.研究報告

挖洞經驗| GitHub Desktop 在OSX系統下的RCE漏洞
https://www.freebuf.com/vuls/194579.html

Windows聯繫人文件代碼執行漏洞分析
https://www.secrss.com/articles/8152

挖洞經驗| 看我如何通過ASP Secrets讀取獲得了1.7萬美金的漏洞獎勵
https://www.freebuf.com/vuls/194997.html

PoCBox - 漏洞測試驗證輔助平台
https://github.com/gh0stkey/PoCBox

Nginx實戰(十)Nginx的漏洞修復
https://blog.csdn.net/ouyida3/article/details/86771837

Thinkphp框架filter參數漏洞解析
http://blog.hexccc.com/thinkphp-filter-code-vulnerability/

你的REST不是REST
https://bit.ly/2DZUVTK

Blazefox exploits for Windows 10 RS5 64-bit
https://bit.ly/2BarDQr

Introduction to SpiderMonkey exploitation
https://bit.ly/2G5u4HV

Astr0baby's not so random thoughts _____ rand() % 100;
https://astr0baby.wordpress.com/

REVERSE ENGINEERING WITH RADARE - FUNDAMENTALS AND BASICS
https://bit.ly/2D7wUIr

Fwknop : Single Packet Authorization & Port Knocking 
https://github.com/mrash/fwknop

10 Best Hacking Tools For Windows 10
https://bit.ly/2MOCPGR

A Guide to ARM64 / AArch64 Assembly on Linux with Shellcodes and Cryptography
https://modexp.wordpress.com/2018/10/30/arm64-assembly/

RustPython : A Python Interpreter written in Rust
https://bit.ly/2MPTBWm

Redis Unauthorized Access Vulnerability Simulation | Victor Zhu
https://bit.ly/2ULQEsF

Reversing the Rachio Smart Sprinkler Controller
https://medium.com/tenable-techblog/reversing-the-rachio3-smart-sprinkler-controller-ae7fc06aab9

What Is SSH And Do I Need It
https://medium.com/nyc-design/what-is-ssh-and-do-i-need-it-4129d963690f

Beating the OWASP Benchmark
https://blog.shiftleft.io/beating-the-owasp-benchmark-24a7b1601031

Healthcare Technologies: Reducing Risk, Increasing Access
https://tincture.io/healthcare-technologies-reducing-risk-increasing-access-fded547517e0

Nullcon-HackIM CTF 2019- MLAuth-Misc(500)Writeup
https://medium.com/bugbountywriteup/nullcon-hackim-ctf-2019-mlauth-misc-500-writeup-e6eb48c66341

JavaScript Fundamentals: Syntax & Structure
https://itnext.io/javascript-fundamentals-syntax-structure-5e9badd0cc4f

Effectively Naming Software Thingies
https://medium.com/@rabinovichsagi/effectively-naming-software-thingies-fcea9d78a699

How to perform Open-Source Intelligence (OSINT)
https://bit.ly/2UNjw3M

A list of Adversary Emulation and Threat Hunting simulation solutions (OSS or paid)
https://bit.ly/2SBxvfe

gitleaks v1.24.0 releases: Searches full repo history for secrets and keys
https://securityonline.info/gitleaks/?fbclid=IwAR2_1zslGarRpNTZcJ2uc4HAWzJiljnUjU_Xq2YjWHWyhD6pD71Wrkg-yjQ

Google Introduces Adiantum Storage Encryption to Low-End Android Devices
https://bit.ly/2Brake2

All You Need to Know about Ethical Hacking using Python
https://bit.ly/2E19fLD

machinae v1.4.7 releases: Machinae Security Intelligence Collector
https://securityonline.info/machinae/?fbclid=IwAR3ShzEVpXV0o4RCoFg7h1YNSL58aT6-McBlwlC4MTEFyKpKh92GJOv45JY

DevAudit v3.1.2 releases: Open-source, cross-platform, multi-purpose security auditing tool
https://securityonline.info/devaudit/?fbclid=IwAR32QDK7-cu-mezWvJq4ZWP0psQQP6HQfN-A90Xp7P9RseHkdeJJtasaY8Q

nightcall: Automated Enumeration Script for Pentesting
https://securityonline.info/nightcall/?fbclid=IwAR2v72xk2HPAHlSg6nG7wv5-OADRnPXrXw13-Pgadc8KX4_-UN1nyjLIWQc

A tool that automates Mac address spoofing
https://bit.ly/2GlwhiT

SSH man-in-the-middle tool
https://bit.ly/2MXva9b

Cloak can backdoor any python script with some tricks.
https://bit.ly/2TL7FCQ

Remote Code Execution with EL Injection Vulnerabilities
https://www.exploit-db.com/docs/46303

Veil 3.1.X (Check version info in Veil at runtime)
https://bit.ly/2RSykfC

Wikipedia Articles as part of Tech Support Scamming Campaigns
https://bit.ly/2Sk6PR5

Report: Under the Hood of Cyber Crime
https://bit.ly/2SCvdwy

Exploiting CVE-2018-19134: remote code execution through type confusion in Ghostscript
https://bit.ly/2E0UNmQ

IPFire 2.21 - Core Update 127 released
https://bit.ly/2ROiMcG

F.商業

全球資安危機 台廠商機來了
https://udn.com/news/story/7240/3629723

資安頻出包…危機就是商機
https://money.udn.com/money/story/5612/3629713

反應太慢、守口如瓶,企業與國家資安盲點怎解?專訪 Check Point 亞太、中東與非洲策略長
https://www.inside.com.tw/article/15498-check-point-tony-jarvis

Mozilla揭露允許Firefox隔離網站的Fission專案
https://www.ithome.com.tw/news/128648?fbclid=IwAR2DQTdngrkpN8NKqaOHsixtMZrEjDjrMJchhaaLg6zVhUKn7XUsK4K96Cc


G.政府

誰是行政院資安長?春節後見分曉
https://www.ithome.com.tw/news/128598

國家資安長 擬由陳其邁擔任
http://merit-times.net/2019/02/01/91626/

強化關鍵基礎設施資安 經部擬擴大實測場域
https://udn.com/news/story/7238/3629960

資通2大隊春節不懈怠 堅守崗位衛國安
https://bit.ly/2GmVete

陸企黑名單處理原則、中正紀念堂轉型案待年後政院處理
https://www.chinatimes.com/realtimenews/20190208001125-260407


H.SCADA/ICS/工控系統

Poppin’ Calc: Web Studio Edition
https://bit.ly/2Sqyxej

[The Red Team Guide] Chapter 21: ATTACKING ICS/SCADA
https://bit.ly/2GgCkoy

I.教育訓練類

Build The Next Generation of Cybersecurity Training and Academic Study
https://bit.ly/2GcteJr

What is a proxy server and how does it work
https://medium.com/@dusrin.rash9/what-is-a-proxy-server-and-how-does-it-work-302efcf2314a

Data Science Skills: Web scraping javascript using python
https://bit.ly/2UOHDil


J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機

八達通 遙控器 智能手錶  IoT應用廣泛
https://hk.news.appledaily.com/international/daily/article/20190203/20605551

深度學習將要終結?美國教授從 1.6 萬篇論文中看到的 AI 趨勢
https://bit.ly/2Gd011i

物聯網裝置製造商的新資安義務
https://forum.ettoday.net/news/1369268

調查:3成汽車業者尚未建立網路安全團隊
https://www.ithome.com.tw/news/128649

數據科學家必讀的五本書:重要的不是會打 Code,而是背後的資料邏輯思維
https://bit.ly/2HZNijX

智慧工廠的資安架構
https://blog.trendmicro.com.tw/?p=58494

Benchmarking the Raspberry Pi 3 A+
https://medium.com/@ghalfacree/benchmarking-the-raspberry-pi-3-a-a7d4df181244

[ Paper Summary ] Horovod: fast and easy distributed deep learning in TensorFlow
https://towardsdatascience.com/paper-summary-horovod-fast-and-easy-distributed-deep-learning-in-tensorflow-5be535c748d1

Browse state-of-the-art
https://paperswithcode.com/sota?fbclid=IwAR0pA_Uyq9_dSab0v55Z8Txm0Kj7W8UKoAjDSPCm_FvVjHDojMbXvJBZgW8

Learning NLP Language Models with Real Data
https://towardsdatascience.com/learning-nlp-language-models-with-real-data-cdff04c51c25

Understanding China's AI Strategy
https://bit.ly/2SnhJ8z


K.CTF

NeverLAN CTF 2019
https://ctftime.org/event/706

STEM CTF: Cyber Challenge 2019
https://ctftime.org/event/661

DEF CON CTF 2019 Quals
https://www.oooverflow.io/dc-ctf-2019-quals/

CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair
https://bit.ly/2CWltVm

Official Website of CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair, Qingdao, China
https://bit.ly/2VnsC8p

NeverLAN CTF
https://neverlanctf.com/


6.近期資安活動及研討會

 Elixir台灣 台北 Meetup # Wednesday, February 13, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzdbgb/

 Android Code Club(Taipei) Wednesday, February 13, 2019
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzdbrb/

 Women Join Tech Yilan Batch2 Session 3  Wednesday, February 13, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317885/

 Multilayer Perceptron (MLP), Artificial Neural Network (ANN), and Deep Learning  Wednesday, February 13, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257483663/

 HackingThursday 固定聚會 Thursday, February 14, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzdbsb/

 資策會開辦ISO27002資訊安全管理國際認證班 2019/2/16
 https://ithome.com.tw/pr/128353

 Raspberry Pi 3+Google AIY Voice Kit 實作,打造智慧語音助理,學習自然語言理解  2/17
 https://www.techbang.com/posts/58439-raspberry-pi-3-google-aiy-voice-kit

 Golang Taipei Gathering #37  2/18
 https://www.meetup.com/golang-taipei-meetup/events/256740786/

 Android Code Club(Taipei)  Wednesday, February 20, 2019
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzdbbc/

 Women Join Tech Yilan Batch2 Session 4  Wednesday, February 20, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317920/

 Weight Initialization, Under-/Over-Fitting, & Evaluation of Deep Learning Models  Wednesday, February 20, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257483906/

 第二屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會  2019-02-20(三) 09:00 ~ 17:30 (GMT+8)
 https://www.accupass.com/event/1811190218087771003780

【PowerPoint簡報極限使用】2月主題:十倍速PPT製作  2019-02-20(三) 19:00 ~ 22:00 (GMT+8)
 https://www.accupass.com/event/1810161307265689597830

 HackingThursday 固定聚會 Thursday, February 21, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzdbcc/

  Flutter Codelabs 讀書會 (報名請參閱活動說明)  Thursday, February 21, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258377586/

  [資安專業人才培訓] 108年度培訓單位甄選公告 2/22
  https://www.acw.org.tw/News/Detail.aspx?id=55

 iTHome 台灣雲端大會 Cloud Summit  2019  Call for paper  截止日 2 月 22 日
 https://cloudsummit.ithome.com.tw/cfp/

 【課程】NLP自然語言處理分析實戰,學習非結構化文字分析技術,大幅提升人機溝通的精準與效率  2/23
 https://www.techbang.com/posts/59536-course-nlp-natural-language-processing-analysis-actual-combat

 [Visualization Series] 公投資料視覺化與選舉分析   2/24
 https://www.meetup.com/R-Ladies-Taipei/events/256933448/

 Women Join Tech Coding Club新竹場第二梯營隊-「魔法種子老師培訓」session5  Tuesday, February 26, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317875/

 如何導入區塊鏈  Tuesday, February 26, 2019
 https://www.meetup.com/Taipei-Blockchain/events/258326339/

 Elixir台灣 台北 Meetup # Monday, March 4, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzfbgb/

 Arduino四軸飛行器開發實作,無人機硬體、無線遙控器、飛控軟體整合、飛行教學,一天學會  3/9
 https://bit.ly/2LdYJ5H

 【補助專班】AI人工智慧應用系列- AIoT智能物聯網開發人才就業養成班[免費諮詢]  3/12
 https://ittraining.kktix.cc/events/aiot-training-2019

 Building and Training Convolutional Neural Networks, CNN  Wednesday, March 13, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484158/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, March 20, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzfbbc/

 Elixir台灣 台北 Meetup # Monday, April 1, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzgbcb/

 Modeling Sequences with Recurrent Neural Networks, RNN  Wednesday, April 3, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484461/

 Industrial Control Systems (ICS) Cyber Security Conference  APAC  April 16-18, 2019
 https://www.icscybersecurityconference.com/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, April 17, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzgbwb/

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
 https://cloudsummit.ithome.com.tw/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

沒有留言:

張貼留言

2024年 10 月份資安、社群活動分享

  2024年 10  月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/10/1 https://www.meetup.com/taiwan-code-camp/...