跳到主要內容

資安事件新聞週報 2019/2/25 ~ 2019/3/1

資安事件新聞週報  2019/2/25  ~  2019/3/1

1.重大弱點漏洞

Avast:數位家庭最容易有漏洞的裝置是印表機、網路裝置及監視器
https://ithome.com.tw/news/128997

F5 BIG-IP Access Policy Manager 跨站腳本漏洞  CVE-2019-6595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6595

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT
https://www.exploit-db.com/exploits/46444

報告:前十大熱門Docker映像檔都有至少30個以上的漏洞
https://www.ithome.com.tw/news/129018

有攻擊者正利用Chrome的0day漏洞偷取他人信息
https://nosec.org/home/detail/2294.html

Chrome瀏覽器被曝存在漏洞攻擊者可通過PDF收集用戶信息
http://www.sohu.com/a/298175326_114774?sec=wd

Google Chrome zero-day used in the wild to collect user data via PDF files
https://www.zdnet.com/article/google-chrome-zero-day-used-in-the-wild-to-collect-user-data-via-pdf-files/#ftag=RSSbaffb68

Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers
https://bit.ly/2H4ZAWr

研究人員揭露大批Thunderclap安全漏洞,允許惡意周邊裝置竊取記憶體機密資訊
https://www.ithome.com.tw/news/129021

新發現的thunderclap 漏洞允許黑客使用Thunderbolt/USB-C 外設攻擊PC
http://hackernews.cc/archives/24946

Thunderbolt的漏洞給黑客大開方便之門
https://www.easyaq.com/news/1927126943.shtml

Supermicro伺服器元件漏洞可使IBM雲端伺服器被植入後門
https://www.ithome.com.tw/news/129001

Microsoft fixes web server DDoS bug
https://nakedsecurity.sophos.com/2019/02/22/microsoft-fixes-ddos-bug-in-its-web-server/

Microsoft's Windows Defender Advanced Threat Protection service now available for Windows 7, 8.1 clients
https://zd.net/2tDDlik

JVN#69181574 Windows 7 における DLL 読み込みに関する脆弱性
https://jvn.jp/jp/JVN69181574/

JVN#79543573 Microsoft Teams のインストーラにおける DLL 読み込みに関する脆弱性
https://jvn.jp/jp/JVN79543573/

海康威視網路資安公告-監控商品網路資訊安全說明
http://best-cctv.com.tw/showroom.php?mode=detail&item_id=I25880135

dlink dir-878_firmware,dir-600m_firmware
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-8312
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-8313
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-8314
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-8315
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-8316
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-8318
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-8319

News Website Script 2.0.5 SQL Injection
https://cxsecurity.com/issue/WLB-2019020253

ADV190005 | Guidance to adjust HTTP/2 SETTINGS frames
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190005

Adobe patches bug that could blow up MacBook Pro speakers
https://www.zdnet.com/article/adobe-patches-bug-that-could-blow-up-macbook-pro-speakers/#ftag=RSSbaffb68

Adobe patches the same critical Reader flaw twice in one week
https://nakedsecurity.sophos.com/2019/02/25/adobe-patches-the-same-critical-reader-flaw-twice-in-one-week/

Flash “security bypass” list hidden in Microsoft Edge browser
https://nakedsecurity.sophos.com/2019/02/22/flash-security-bypass-list-hidden-in-edge/

Adobe sends out second fix for critical Reader data leak vulnerability
https://www.zdnet.com/article/adobe-sends-out-second-fix-for-critical-reader-data-leak-vulnerability/#ftag=RSSbaffb68

Cisco Elastic Services Controller 存在安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-esc

思科修補多款防火牆路由器中的重大RCE漏洞
https://www.ithome.com.tw/news/129047

思科產品多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/02/20/Cisco-Releases-Security-Updates

CVE-2018-0296思科ASA拒絕服務漏洞分析
https://www.anquanke.com/post/id/171916

aveva indusoft_web_studio CVE-2019-6543
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6543

aveva indusoft_web_studio  CVE-2019-6545
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6545

webassembly binaryen     CVE-2019-7662
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-7662

VR社交應用Bigscreen存在安全漏洞,黑客可執行MITR攻擊
https://www.sohu.com/a/296464883_114877?sec=wd

VertrigoServ 2.17 Cross Site Scripting  CVE-2019-8938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8938

谷歌研究者:軟體技術無法解決「幽靈」晶元漏洞
https://news.sina.com.tw/article/20190225/30187160.html

4G/5G再曝新漏洞,攻擊者可攔截電話和追踪用戶位置
https://www.lieyunwang.com/news/89390

New Attacks Against 4G, 5G Mobile Networks Re-Enable IMSI Catchers
https://bit.ly/2Vlx32r

Hackers Actively Exploiting Latest Drupal RCE Flaw Published Last Week
https://bit.ly/2EdykSp

Spring Framework跨站跟踪漏洞
https://pivotal.io/security/cve-2018-11039

Plug in devices make laptops and desktops vulnerable to cyber attacks
https://www.cybersecurity-insiders.com/plug-in-devices-make-laptops-and-desktops-vulnerable-to-cyber-attacks/

2.銀行/金融/保險/證券/支付系統/ 新聞及資安

國際駭客入侵金融機構頻傳 金管會要求強化11項資安
https://udn.com/news/story/7239/3662570

從開放銀行到銀行的開放
https://money.udn.com/money/story/5629/3662873

迎戰Bank 4.0,銀行IT資訊架構如何現代化,IBM首席架構師給5建議
https://www.ithome.com.tw/news/128937

玉山銀行刷臉 ATM 系統採 NEC 人臉識別系統,在全台 5 據點設立結合手機動態密碼的人臉識別提款機
https://www.cool3c.com/article/141242

西聯匯款攜手亞馬遜 台灣人可現金跨境購物
https://money.udn.com/money/story/5617/3663858

亞馬遜夥西聯滙款推跨境付款 香港有份
https://bit.ly/2GKvGY4

跨境購物用美元現金支付 西聯匯款新服務台灣列首發
https://ec.ltn.com.tw/article/breakingnews/2709345

【詐騙網站】東亞銀行呼籲勿登入以下偽冒網站
https://bit.ly/2EaHkI5

小米擬籌備虛擬銀行業務
https://www.chinatimes.com/realtimenews/20190225004196-260409

誠實ATM?領錢看到「鑰匙」 他陷天人交戰:該開嗎
https://news.tvbs.com.tw/fun/1089671

黑客騎劫網上表格竊信用卡資料 暗網兜售有價有市
https://bit.ly/2H0C393

撿到寫有密碼的銀行卡后將餘額取光,杭州一對22歲情侶被抓
https://news.sina.com.tw/article/20190226/30219100.html

黃國昌爆陸資入股陽信銀行 金管會查「持股2.86%」
https://www.ettoday.net/news/20190227/1387932.htm

批金管會、國安局睡著了 黃國昌爆中資入主陽信銀行
https://udn.com/news/story/7239/3667482

大主委棍子胡蘿蔔齊出 顧立雄抄底金控家族
https://bit.ly/2Ua1NDB

惹毛顧立雄的最後一根稻草 竟是新光伯姪鬥害的
https://www.mirrormedia.mg/story/20190225fin011

陸銀行系統未升級 居住證卡關
https://www.chinatimes.com/newspapers/20190227000062-260301

網曝最新網銀詐騙手法已經入侵網銀再打電話騙賬戶信息
http://www.hnbstx.com/yhll/lilvbiao/20190225/138602.html

全台143萬企業線上開戶 金管會3個月內研議完成
https://news.cnyes.com/news/id/4284602

凱基銀行創新科技金融處搭起資安橋梁 創造IT、法遵、開發商三贏
https://www.gvm.com.tw/article.html?id=56229

信用卡被盜刷?別擔心,有「虛擬信用卡」...卡號72變,每次刷卡卡號都不同
https://wealth.businessweekly.com.tw/m/GArticle.aspx?id=ARTL000130467

樂天銀行社長:有信心拿下台灣純網銀執照 拚3年獲利
https://ec.ltn.com.tw/article/breakingnews/2712861

丟15元零錢!客戶2硬幣「害ATM故障」狂抱怨 網笑噴:當販賣機投嗎
https://www.ettoday.net/news/20190228/1388888.htm

澳洲購物中心ATM慘被「連根拔起」 途人表示超震驚
https://bit.ly/2NtYF2S

有關新加坡銀行有限公司的可疑流動應用程式(流動應用程式)
https://www.hkma.gov.hk/chi/key-information/press-releases/2019/20190228-7.shtml

70000 Pakistani banks’ cards with PINs go on sale on the dark web.
https://bit.ly/2BKDrsX

Russian hacker accused of bank cyber-attacks pleads guilty in US court
https://uawire.org/russian-hacker-accused-of-bank-cyber-attacks-pleads-guilty-in-us-court

ATM robber WinPot: a slot machine instead of cutlets
https://bit.ly/2VgR22p

BOV payments to third parties remain unavailable after cyber attack
https://theworldnews.net/mt-news/bov-payments-to-third-parties-remain-unavailable-after-cyber-attack

NEC and E.Sun create ATM with facial recognition
https://www.zdnet.com/article/nec-and-e-sun-create-atm-with-facial-recognition/

Credit Card Chips Susceptible to Unwarranted NFC Communications
https://blog.hackster.io/credit-card-chips-susceptible-to-unwarranted-nfc-communications-b790402d20dc

集保結算所徵才 想捧金飯碗者上網報名
https://bit.ly/2UaecYg

五金控校園徵才 招2.1萬人
https://money.udn.com/money/story/5648/3664998

搶人才 新光金控開出4千個職缺
https://www.chinatimes.com/realtimenews/20190225002072-260410

金控徵2.5萬人 資訊、法遵搶手
https://www.chinatimes.com/newspapers/20190226000656-260110

富邦壽業務軍團 要徵6,000人
https://udn.com/news/story/7239/3667220

3.電子支付/電子票證/行動支付/ 新聞及資安

移動支付黑馬誕生:短短一年用戶破億,它正式向微信支付寶下戰書
https://kknews.cc/tech/j943elq.html

香港金管局:未接儲值支付工具因SMS轉駁引致失竊投訴
https://hk.on.cc/hk/bkn/cnt/finance/20190225/bkn-20190225223216887-0225_00842_001.html

黑客新招 SMS飛線偷驗證碼 電子錢包任提款
https://hk.news.appledaily.com/local/daily/article/20190226/20620996

黑客盗SMS驗證碼 AlipayHK:事件不尋常 再發生機會率低
https://hk.finance.appledaily.com/finance/realtime/article/20190226/59306323

歐央行決意推動即時支付TIPS
https://www2.hkej.com/instantnews/international/article/2067954

歐央行不排除以監管手段推廣自家即時支付系統
http://www.aastocks.com/tc/stocks/news/aafn-news/NOW.925616/2

限量2000名!228起用「台灣pay」買高鐵票享現金回饋
https://newtalk.tw/news/view/2019-02-26/212450

西班牙研發「一粒沙」大小的體內微晶片,用手感應就可以開鎖和付款
https://buzzorange.com/techorange/2019/02/27/chip-implant-into-skin/

港版「支付寶」走入內地
https://news.sina.com.tw/article/20190228/30260602.html

久等了!台灣行動支付╳JCB,2019第一季A好康攻略登場
https://savingmoneyforgood.blogspot.com/2019/02/TaiwanPay-JCB.2019Q1EVENT.html

Will pay-for-privacy be the new normal
https://blog.malwarebytes.com/security-world/privacy-security-world/2019/02/will-pay-privacy-new-normal/

4.虛擬貨幣/區塊鍊   新聞及資安

「日本亞馬遜」樂天傳將接受加密貨幣付款 新服務3月上線
https://bit.ly/2tBR1KQ

高管監守自盜!韓國Coinbin交易所申請破產
http://news.knowing.asia/news/7224e1b8-83d6-4ca2-a2c4-0155519ed10a

擴大金融創新 金管會擬訂STO規範以利業者遵循
https://money.udn.com/money/story/5613/3664548

中東第1國!巴林正式推行加密貨幣交易
https://ec.ltn.com.tw/article/breakingnews/2709692

美國政府幫助Bitfinex,追回10.6萬美元被盜竊的比特幣
http://news.knowing.asia/news/c1622671-bf0c-43ce-a753-166e391a9888

比特大陸螞蟻礦機固件現漏洞:改BUG與開源選擇兩難
https://wk588.com/12809-1-1.html

Coinomi錢包嚴重漏洞導致其價值6~7萬美元的加密貨幣被盜
https://bit.ly/2EdXjF2

Coinomi錢包漏洞詳解:用戶密碼易被“中間人”竊取
https://bcsec.org/index/detail/id/493/tag/2

伊朗怒了 想用加密貨幣擺脫美國的魔爪
https://news.sina.com.tw/article/20190228/30258916.html

哈佛名教授:我們可能不需要區塊鏈 別錯把驗證當信任
https://www.mirrormedia.mg/story/20190221mit004/

瑞士杜卡斯貝銀行推出自有加密數字貨幣
https://news.sina.com.tw/article/20190301/30276600.html

Coinhive cryptojacking service to shut down in March 2019
https://www.zdnet.com/article/coinhive-cryptojacking-service-to-shut-down-in-march-2019/#ftag=RSSbaffb68

Hacker steals $7.7 million in EOS cryptocurrency after blacklist snafu
https://www.zdnet.com/article/hacker-steals-7-7-million-in-eos-cryptocurrency-after-blacklist-snafu/#ftag=RSSbaffb68

Cryptocurrency Miners Exploit Latest Drupal Flaw
https://www.bankinfosecurity.com/cryptocurrency-miners-exploit-latest-drupal-flaw-a-12055

Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down
https://bit.ly/2Ttwbfe

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體

無檔案惡意程式(Fileless Malware)五種運作方式
https://blog.trendmicro.com.tw/?p=58512

鎖定WinRAR ACE漏洞的攻擊程式現身
https://www.ithome.com.tw/news/128995

瑞星成功截獲國內首個利用WinRAR漏洞的遠控木馬
http://www.ccidnet.com/2019/0226/10457618.shtml

黑客已經開始利用WinRAR漏洞傳播惡意軟件
https://www.linuxidc.com/Linux/2019-02/157138.htm

首個完整利用WinRAR漏洞傳播的惡意樣本分析
https://www.secrss.com/articles/8606

垃圾郵件利用WinRAR ACE漏洞安裝後門程序
http://www.mottoin.com/news/134594.html

LinkedIn 假招聘暗藏木馬程式
https://bit.ly/2tED1Qk

用編輯器漏洞植入SEO暗鏈,700個網站被植入惡意鏈接
https://pttnews.cc/2552b369d3

警方提醒:警惕手機簡訊鏈接植入病毒詐騙
https://news.sina.com.tw/article/20190227/30243840.html

盤一盤2018年那些難纏的頑固病毒木馬
https://www.freebuf.com/articles/paper/196613.html

木馬分析:分析針對意大利的Ursnif銀行木馬
https://www.freebuf.com/vuls/195909.html

ESET waarschuwt: fake bank-apps doelen op Android gebruikers
https://computertaal.info/2019/02/26/eset-waarschuwt-fake-bank-apps-doelen-op-android-gebruikers/

ESET warns of fake banking apps targeting Android users
http://www.bi-me.com/main.php?id=76766&t=1&c=61&cg=4&mset=1011

網釣郵件假冒Google的reCAPTCHA系統
https://www.ithome.com.tw/news/128974?fbclid=IwAR0FBanCQgCxFzK90o58Jy_Xrb_QpC4lIrUIe4SAMkYXsvJYfX2hmJQgWo8

Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware
https://blog.sucuri.net/2019/02/hackers-use-fake-google-recaptcha-to-cloak-banking-malware.html

Phishing Scam Cloaks Malware With Fake Google reCAPTCHA
https://threatpost.com/phishing-scam-malware-google-recaptcha/142142/

FAKE GOOGLE RECAPTCHA USED TO HIDE ANDROID BANKING MALWARE
https://7newscrunch.blogspot.com/2019/02/fake-google-recaptcha-used-to-hide.html

Hackers Deliver Banking Malware Through Fake Google reCAPTCHA
https://gbhackers.com/malware-fake-google-recaptcha/

Android banking malware distributed with fake Google reCAPTCHA
https://bit.ly/2H2uoH9

Russian nationwide, creator of NeverQuest banking trojan, pleads responsible
https://infofisher.com/russian-national-author-of-neverquest-banking-trojan-pleads-guilty

Russian national, author of NeverQuest banking trojan, pleads guilty
https://www.zdnet.com/article/russian-national-author-of-neverquest-banking-trojan-pleads-guilty/#ftag=RSSbaffb68

A Closer Look at Why the QakBot Malware Is So Dangerous
https://cofense.com/closer-look-qakbot-malware-dangerous/

Soon DNS to protect users from malware
http://www.ehackingnews.com/2019/02/soon-dns-to-protect-users-from-malware.html?utm_source=dlvr.it&utm_medium=twitter

Cyber Attack Specialists in East Lothian #Computer #Malware
https://networksecurityuk.wordpress.com/2019/02/23/cyber-attack-specialists-in-east-lothian-computer-malware-4/

Ransomware has been abandoned in favor of cryptojacking attacks against the enterprise
https://www.zdnet.com/article/ransomware-has-been-abandoned-in-favor-of-cryptojacking-attacks-against-the-enterprise/#ftag=RSSbaffb68

Targeted malware attacks against Elasticsearch servers surge
https://www.zdnet.com/article/targeted-malware-attacks-against-elasticsearch-clusters-surge/#ftag=RSSbaffb68

Farseer malware brings Windows exploits to attack group's Android arsenal
https://www.zdnet.com/article/new-farseer-malware-brings-windows-exploits-to-chinese-attacker-arsenal/#ftag=RSSbaffb68

ursnif-requestdoc-campaign-1
https://www.baco.sk/posts/ursnif-requestdoc-campaign-1/

The malspam security products miss: Emotet, Ursnif, and a spammer's blunder
https://www.virusbulletin.com/blog/2019/02/malspam-security-products-miss-emotet-ursnif-and-spammers-blunder/

YARA-rules/ATM.Malware.DispenserXFS.yar
https://github.com/fboldewin/YARA-rules/blob/master/ATM.Malware.DispenserXFS.yar

Vulnerability exposes location of thousands of malware C&C servers
https://www.zdnet.com/article/vulnerability-exposes-location-of-thousands-of-malware-c-c-servers/#ftag=RSSbaffb68

The Ransomware Threat isn’t Over. It’s Evolving
https://www.webroot.com/blog/2019/02/28/the-ransomware-threat-isnt-over-its-evolving/

B.行動安全 / iPhone / Android /穿戴裝置 /App

網路圖檔敲響行動裝置資安警鐘,Android及iOS皆受影響
http://www.qmo.tw/security20190222114/

手機正在出賣你!透視中國華為暗藏的威脅
https://bit.ly/2SX38kJ

被爆個資傳臉書 App自救封鎖
https://tw.appledaily.com/international/daily/20190226/38265876/

用臉書帳號登入App 恐曝3大風險
https://bit.ly/2GSA1IC

回應去年資安風暴 臉書今年將推出「清除歷史」功能
https://news.ltn.com.tw/news/world/breakingnews/2712914

How to Stop Facebook App From Tracking Your Location In the Background
https://bit.ly/2IB1oIQ

Opera Touch for iOS allows users to block annoying cookie dialogs
https://www.zdnet.com/article/opera-touch-for-ios-allows-users-to-block-annoying-cookie-dialogs/#ftag=RSSbaffb68

Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins
https://bit.ly/2IBGWI1

Severe Flaws in SHAREit Android App Let Hackers Steal Your Files
https://bit.ly/2UdxQCr



C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件

研究稱黑客可通過漏洞劫持裸金屬伺服器 IBM將修復
https://news.sina.com.tw/article/20190227/30234280.html

十週年驚喜!Redis實作Gopher協定讓使用者可以自建地洞
https://ithome.com.tw/news/128984

3GPP 5G標準會議 25日在台登場
https://bit.ly/2TjwGIv

攻擊國際民航網絡 駭客或是中共間諜組織
http://www.epochtimes.com/b5/19/2/27/n11077876.htm

攻擊ICAO網路 駭客或指向中共間諜組織
https://bit.ly/2ECrS8V

Switch破解再下一城,執行Android變身遊戲平板電腦
https://www.techbang.com/posts/68385-switch-cracking-again-next-city-performing-android-turn-game-tablet-pc

忘了密碼卻收到明文密碼,美國公用事業帳單軟體供應商SEDC的危險作法遭研究人員踢爆
https://ithome.com.tw/news/129005

不滿遭降職!日商福吉米資安委員協理 竟偷公司配方
https://news.ltn.com.tw/news/society/breakingnews/2709370

不滿降職 科技公司協理重製營業機密遭訴
https://bit.ly/2tG7E7O

FB、Google資安危機連環爆! 政大攜手博斯辦圓桌論壇
https://www.ettoday.net/news/20190226/1386861.htm

Duo Security調查:8成Chrome擴充程式缺乏隱私政策
https://www.ithome.com.tw/news/128965

ICANN警告 網路基礎建設面臨大規模攻擊
https://www.cna.com.tw/news/ait/201902230195.aspx

ICANN呼籲各網域都應全面部署DNSSEC,以避免使用者受中間人攻擊
https://www.ithome.com.tw/news/128964

駭客透過郵件勒索活動,獲得價值超過30萬美元的BTC
https://news.sina.com.tw/article/20190223/30179618.html

聯詠高級工程師盜3百筆「極機密」程式碼 辯:學習用
https://money.udn.com/money/story/5612/3670640

阿里雲洩漏原始碼 逾40企業受害
https://ec.ltn.com.tw/article/paper/1269467

Symantec 2019《網絡安全威脅報告》:網上表格攻擊牟取數百萬美元暴利
https://unwire.pro/2019/03/01/symantec-2019/security/

機密任你看!阿里雲洩漏原始碼 逾40企業受害
https://ec.ltn.com.tw/article/breakingnews/2707374

憂資安漏洞 菲國抵制華為監控項目
https://2016followme.blogspot.com/2019/02/blog-post_21.html

遍及歐洲十二國 微軟擴大政治資服務
http://hk.epochtimes.com/news/2019-02-27/13656682

愛沙尼亞成數位大國
https://www.chinatimes.com/newspapers/20190224000418-260209

華為中東突圍 部署阿聯5G網路
https://www.chinatimes.com/newspapers/20190228000292-260203

中國若成電信領域龍頭 英情報機構:恐威脅全球數十年
https://news.ltn.com.tw/news/world/breakingnews/2709701

委內瑞拉動亂 中共輸出黑科技推波助瀾
http://www.epochtimes.com/b5/19/2/25/n11070450.htm

保護用電與資訊安全,美 11 名參議員籲禁用華為太陽能逆變器
http://technews.tw/2019/02/26/ban-on-huawei-solar-inverters/

Vodafone CEO:禁用華為可能使歐洲 5G 網路進度延後兩年
https://technews.tw/2019/02/26/huawei-finds-an-ally-in-vodafone-the-worlds-second-largest-mobile-operator/

資安危機? 普廷發言人的美艷女兒遭爆在歐洲議會當助理
https://news.ltn.com.tw/news/world/breakingnews/2710727

美國多數上市公司遭網絡攻擊事件未向SEC披露
https://on.wsj.com/2GOtfUy

中共駭客手法多變 美官員強調先發制人
http://www.epochtimes.com/b5/19/2/28/n11078818.htm

中國智慧音箱 家庭資安新威脅
https://news.ltn.com.tw/news/focus/paper/1270619

資安隱私保護戰 在你家客廳
https://money.udn.com/money/story/12524/3669161

它正在蒐集、回傳、分析...中國智慧音箱家庭資安新威脅
https://bit.ly/2TnB618

智慧家電讓生活更方便 專家籲留意資安風險
https://news.wearn.com/c161038.html

專家:中共利用華為輸出監控模式 擴張權力
http://www.epochtimes.com/b5/19/2/27/n11077547.htm

籲防範間諜威脅 美官員:華為玩兩面手法搞欺騙
https://news.cnyes.com/news/id/4284748

德國傳讓華為參與5G建設 逼中國承諾不進行間諜行動
https://tw.appledaily.com/new/realtime/20190228/1525160/

傳德中擬簽「無間諜協議」 外媒細數中國無信用劣跡
https://ec.ltn.com.tw/article/breakingnews/2712481

另闢蹊徑打擊“黑廣播”: 360無線諦聽平台直擊非法廣告源
https://www.aqniu.com/hack-geek/44157.html

美資安大廠:中國駭客青銅聯盟 專竊先進軍武科技
https://news.ltn.com.tw/news/world/paper/1270913

一篇文章了解供應鏈安全:為什麼應該小心第三方供應商
https://www.aqniu.com/learn/44146.html

比“內鬼”更可怕伊朗入侵美軍指揮系統還有一種可能
https://www.aqniu.com/news-views/44081.html

俄羅斯網路安全官員及卡巴斯基實驗室資深研究員被以叛國罪名送進大牢
https://www.ithome.com.tw/news/129034

研究人員展示如何入侵Amazon Ring智慧門鈴,竊取並取代傳輸內容
https://www.ithome.com.tw/news/129035

Counter Cyber Attack 誰もが狙われる時代
https://www.keishicho.metro.tokyo.jp/about_mpd/joho/movie/cyber/cca/index.html

A Cybersecurity Checklist for Modern SMBs
https://www.webroot.com/blog/2019/02/28/a-cybersecurity-checklist-for-modern-smbs/

19-year-old makes millions from ethical hacking
https://www.zdnet.com/article/19-year-old-makes-millions-from-ethical-hacking/#ftag=RSSbaffb68

US wiped some hard drives of Russia's 'troll factory' in last year's hack
https://www.zdnet.com/article/us-wiped-some-hard-drives-of-russias-troll-factory-in-last-years-hack/#ftag=RSSbaffb68

U.S. Cyber Command operation disrupted Internet access of Russian troll factory on day of 2018 midterms
https://wapo.st/2GOS7LP

The hacker's paradise: Social networks net criminals $3bn a year in illicit profits
https://www.zdnet.com/article/social-media-becomes-hacker-paradise-3bn-earned-a-year-in-illicit-profits/#ftag=RSSbaffb68

Cyber Attack On Toyota Australia Updates - The Inner Sane
https://cnhan.org/toyota/cyber-attack-toyota-australia-updates-08062462

Robust regulatory framework key to prevent cyber-attacks, say experts
http://qatar-tribune.com/news-details/id/156307

Hackers Targeted Retailing Industry With Malware and Selling Stolen Data On Dark Web
https://brica.de/alerts/alert/public/1248625/hackers-targeted-retailing-industry-with-malware-and-selling-stolen-data-on-dark-web/

New browser attack lets hackers run bad code even after users leave a web page
https://zd.net/2IPwxZx

ICANN: There is an ongoing and significant risk to DNS infrastructure
https://www.zdnet.com/article/icann-there-is-an-ongoing-and-significant-risk-to-dns-infrastructure/#ftag=RSSbaffb68

The lazy person’s guide to cybersecurity: minimum effort for maximum protection
https://blog.malwarebytes.com/101/2019/02/the-lazy-persons-guide-to-cybersecurity-minimum-effort-for-maximum-protection/

Hacking Virtual Reality – Researchers Exploit Popular Bigscreen VR App
https://bit.ly/2U3vA0P

The Advanced Persistent Threat Files: APT1
https://blog.malwarebytes.com/threat-analysis/2019/02/the-advanced-persistent-threat-files-apt1/

It took hackers only three days to start exploiting latest Drupal bug
https://www.zdnet.com/article/it-took-hackers-only-three-days-to-start-exploiting-latest-drupal-bug/#ftag=RSSbaffb68

MWC 2019: Your bionic hand is now at risk from hackers
https://www.zdnet.com/article/your-bionic-hand-is-now-at-risk-from-hackers/#ftag=RSSbaffb68

Hackers can hijack bare-metal cloud servers by corrupting their BMC firmware
https://www.zdnet.com/article/hackers-can-hijack-bare-metal-cloud-servers-by-corrupting-their-bmc-firmware/#ftag=RSSbaffb68

FTC launches task force to monitor competition in the tech industry
https://www.zdnet.com/article/ftc-launches-task-force-to-monitor-competition-in-the-tech-industry/#ftag=RSSbaffb68

Is India Prepared for Retaliation by Pakistani Hackers
https://www.bankinfosecurity.asia/blogs/india-prepared-for-retaliation-by-pakistani-hackers-p-2726

New Flaws Re-Enable DMA Attacks On Wide Range of Modern Computers
https://bit.ly/2H7qI7d

Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers
https://bit.ly/2XvKsaq

Retailers have become the top target for credential stuffing attacks
https://www.zdnet.com/article/retailers-have-become-the-top-target-for-credential-stuffing-attacks/#ftag=RSSbaffb68

Kremlin Says Cyber Attacks Against Russia Perpetually Initiated From US Territory
https://newsdaily.today/daily-news-kremlin-says-cyber-attacks-against-russia-perpetually-initiated-from-us-territory/

First disclosed details of a cyber attack on the US Russia
https://handofmoscow.com/2019/02/28/first-disclosed-details-of-a-cyber-attack-on-the-us-russia/

Ukraine's Security Service prevents cyber attack at Central Election Commission website
http://vectornews.eu/news/world/136541-ukraines-security-service-prevents-cyber-attack-at-central-election-commission-website.html

SBU announced the prevention of large-scale cyber attacks on the CEC website
http://www.tellerreport.com/news/--sbu-announced-the-prevention-of-large-scale-cyber-attacks-on-the-cec-website-.BJlP9RGNLE.html

Israeli trusted computing experts thwarted 2017 Iran cyber warfare attack on country’s missile warning
https://bit.ly/2Vud2qS

Israel preparing for cyber attack by Russia and China
https://endtimeheadlines.org/2019/02/israel-preparing-for-cyber-attack-by-russia-and-china/

Remove “DarkWeb Identity Theft Attack” pop-ups
https://unboxhow.com/cybersecurity/remove-darkweb-identity-theft-attack-pop-ups

Cyber Risks, Speed of Attacks Increasing
https://www.realcleardefense.com/2019/02/27/cyber_risks_speed_of_attacks_increasing_306801.html

5 Types of Cyber Attacks and How to Prepare for Them
https://www.cgsinc.com/blog/5-types-of-cyber-attacks-and-how-prepare-for-them

US pushed Russian troll factory offline during US midterm elections
https://nakedsecurity.sophos.com/2019/02/28/us-pushed-russian-troll-factory-offline-during-us-midterm-elections/

North Korea’s dangerous weapon is Cyber Attacks and not Nukes
https://www.cybersecurity-insiders.com/north-koreas-dangerous-weapon-is-cyber-attacks-and-not-nukes/

Shifting Strategies: Using Social Media, SEO in Tech Support Scams
https://blog.trendmicro.com/trendlabs-security-intelligence/shifting-strategies-using-social-media-seo-in-tech-support-scams/

徵才 - 資安人員
https://m.1111.com.tw/job/85851703/

徵才 - 國網中心/網路與資安組 AI前瞻專案計畫人員/1名(AI-20)
https://m.1111.com.tw/job/85848376/

徵才 - 助理應用程式資安工程師(新竹) 動力安全資訊股份有限公司
https://bit.ly/2U4RUqT

徵才 - 資安人員
https://www.104.com.tw/job/?jobno=6izfo

徵才 - Fw: [台北] 中研院資訊處/資安工程師
https://moptt.tw/p/sinica.M.1551150675.A.E18

徵才 - 資安工程師
https://job.vac.gov.tw/pages/job_detail.aspx?bb=he&cc=29639&js=1

徵才 - hadoop工程师 上海盛付通电子支付服务有限公司
https://www.liepin.com/job/1917718461.shtml

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞

海南反電信網路詐騙中心:微信二次實名認證為騙局
https://news.sina.com.tw/article/20190228/30259532.html

這密碼像在說「歡迎光臨」 10大最爛密碼
https://news.tvbs.com.tw/life/1090778

無碼母帶災情延燒 達人點名AV傳奇女神是壓軸
https://ent.ltn.com.tw/news/breakingnews/2710955

雇主藉穿戴裝置管理員工健康 恐有隱私疑慮
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000554147_OG402ISZ56ADJP6HQXHPS

臉書擅自收集手機戶個資 紐約州長下令查
https://money.udn.com/money/story/5599/3660559

資安報告:掘礦騎劫攻擊落後 Formjacking.變臉詐騙電郵威脅更大
https://bit.ly/2ThsU2b

臉書又傳偷抓敏感數據 月經…被看光
https://bit.ly/2SpG5ts

研究:5款密碼管理軟體都有外洩密碼之虞
https://bit.ly/2Xl2dZY

掌控男友金流! 銀行網美遭爆「私查個資」
https://bit.ly/2Iye6Zb

偽造資料騙政府840萬撥款 華裔夫婦分判33個月和緩刑
https://bit.ly/2tzx7QB

資料外洩最嚴重的一年!面對全新資安環境,未來五年的 4 個關鍵趨勢
https://buzzorange.com/techorange/2019/02/23/security-2019/

「臉書」研究設獨立監督委員會 管理具爭議內容
https://news.sina.com.tw/article/20190223/30181228.html

美監管機構正與臉書對個資洩漏事件進行協商,臉書可能受罰數十億美元
https://bit.ly/2EykyLE

網購 Apple iPhone 收空盒變蘋果哀諷,購物詐騙手法曝光
https://www.vedfolnir.com/apple-iphone-online-shopping-fraud-cheat-on-facebook-32230.html

日本辦假證網站增多 1份收費6千以上
https://zh.cn.nikkei.com/politicsaeconomy/politicsasociety/34403-2019-02-25-05-00-20.html

全國首宗偽電子發票詐413萬 檢依詐欺等罪起訴4人
https://udn.com/news/story/7315/3660908

網上購物風險增 駭客恐竊取顧客PIN碼
http://hk.epochtimes.com/news/2019-02-27/78070763

手機突然沒信號小心是電信詐騙
https://news.sina.com.tw/article/20190227/30232396.html

抖音非法蒐兒童個資 美重罰1.7億
https://tw.appledaily.com/international/daily/20190301/38268381/

Password Managers: Under the Hood of Secrets Management
https://www.securityevaluators.com/casestudies/password-manager-hacking/

Cyber News Rundown: Phishing through Email Filter
https://www.webroot.com/blog/2019/02/22/cyber-news-rundown-phishing-through-email-filter/

UConn Health Among the Latest Apparent Phishing Victims
https://www.bankinfosecurity.com/uconn-health-among-latest-apparent-phishing-victims-a-12048

Data Breach Notification: California Targets 'Loopholes'
https://www.bankinfosecurity.com/data-breach-notification-california-targets-loopholes-a-12047

Congress considers a national standard for data privacy
https://www.zdnet.com/article/congress-considers-a-national-standard-for-data-privacy/#ftag=RSSbaffb68

E.研究報告

網站安全管理注意事項V1
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019022704020707600991418127381.pdf

個案分析-校園網站伺服器淪為中繼站與惡意程式下載站攻擊事件分析報告_10802
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019022510023636322981987112573.pdf

2019年最佳黑客書籍盤點
http://netsecurity.51cto.com/art/201903/592687.htm

利用google hack 查找有sql注入漏洞的站點
https://zhuanlan.zhihu.com/p/57751709

google hack之sql注入
https://bit.ly/2GLR4vV

google hack 之查詢語法
https://bit.ly/2IOI4b8

“玄魂工作室--安全圈” 知識星球內資源匯總
https://github.com/xuanhun/HackingResource

DuckDuckGo上Blind XXE漏洞防護繞過
https://nosec.org/home/detail/2284.html

谷歌發布最新研究成果:Spectre 漏洞無法通過編程語言級別手段解決
https://www.infoq.cn/article/Cz_y0ExDbWUKlgg1RYxC

PenTesterが知っている危ないAWS環境の共通点
https://bit.ly/2ty8Kma

cve-2019-6453 mIRC遠程代碼執行漏洞
http://www.4hou.com/vulnerable/16336.html

從兩道CTF實例看python格式化字符串漏洞
https://zhuanlan.zhihu.com/p/57309024

MIPS漏洞調試環境安裝及棧溢出
https://xz.aliyun.com/t/4130

csrf漏洞原理
https://www.itread01.com/content/1550948289.html

天融信關於drupal8 系列框架和漏洞動態調試深入分析
https://paper.seebug.org/823/

Jenkins遠程代碼執行漏洞(CVE-2019-1003000)測試復現
https://anquan.baidu.com/article/631

AOSP常見漏洞簡介
https://bbs.pediy.com/thread-249675.htm

DNS系統原理及漏洞利用分析
http://netsecurity.51cto.com/art/201902/592542.htm

響尾蛇(SideWinder)APT組織針對南亞國家的攻擊活動披露
https://www.freebuf.com/articles/network/196788.html

探討後滲透測試工具SILENTTRINITY的工作原理與檢測技巧
https://www.freebuf.com/articles/system/195913.html

HTTP的同源策略與跨域資源共享(CORS)機制
https://www.freebuf.com/articles/web/195925.html

注入型勒索病毒Ryuk,伸向x64系統的魔爪
https://www.freebuf.com/articles/terminal/196279.html

WatchDogsMiner挖礦蠕蟲大量感染Linux服務器
https://www.freebuf.com/articles/terminal/196504.html

Linux watchdogs感染性隱藏挖礦病毒入侵還原錄
https://www.freebuf.com/articles/system/196510.html

Watch Dogs挖礦病毒分析
https://www.freebuf.com/articles/system/196515.html

基於ONVIF協議的物聯網設備參與DDoS反射攻擊
https://www.freebuf.com/articles/system/196186.html

UEFI固件解析器:可解析BIOSIntel MEUEFI固件結構
https://www.freebuf.com/sectool/195873.html

測試Android應用程序的逆向方法和尋找攻擊面的技巧
https://www.freebuf.com/articles/terminal/195840.html

常見的幾種Windows後門持久化方式
https://www.freebuf.com/vuls/195906.html

對勒索病毒GandCrab5.1的一次成功應急響應(附解密工具+加密樣本)
https://www.freebuf.com/articles/es/196278.html

對惡意軟件Dridex的流量分析
https://www.freebuf.com/articles/es/195832.html

HEVD UAF漏洞分析
https://www.anquanke.com/post/id/171871

3大Web安全漏洞防御详解:XSS、CSRF、以及SQL注入解决方案
http://www.youxia.org/2019/02/44716.html

Video Downloader(Plus)Chrome插件漏洞分析:繞過CSP實現UXSS
https://www.anquanke.com/post/id/171711

攻防最前線:Drupal漏洞PoC公開三天后被濫用攻擊
https://www.secrss.com/articles/8627

WinRAR CVE-2018-20250 漏洞-手動打造惡意文件
https://bbs.pediy.com/thread-249720.htm

Nday漏洞從挖掘到利用
http://iosre.com/t/nday/14073

windows漏洞及其防禦方法簡單總結
https://bbs.pediy.com/thread-249709.htm

Python中的10個常見安全漏洞及修復方法
http://www.twoeggz.com/news/13611464.html

攻擊遠程訪問之協議漏洞攻擊
https://www.cnblogs.com/yuleitest/p/10447105.html

對惡意樹莓派設備的取證分析
https://www.freebuf.com/articles/terminal/196085.html

盲眼鷹(APT-C-36):持續針對哥倫比亞政企機構的攻擊活動揭露
https://www.freebuf.com/articles/system/196110.html

拒絕超長函數,從兩個curl遠程漏洞說起
https://www.freebuf.com/vuls/196088.html

探討後滲透測試工具SILENTTRINITY的工作原理與檢測技巧
https://www.freebuf.com/articles/system/195913.html

什麼是DNS劫持攻擊以及如何避免此類攻擊
http://netsecurity.51cto.com/art/201902/592617.htm

扒一扒DDoS攻擊發展史
http://netsecurity.51cto.com/art/201902/592481.htm

如何全面防禦SQL注入攻擊
http://netsecurity.51cto.com/art/201902/592270.htm

被黑客掛上木馬病毒的網站,有哪些特點?程序員教你輕鬆避開
http://netsecurity.51cto.com/art/201902/592236.htm

360企業安全集團發布政企終端安全態勢月度分析報告(2019.01)
https://www.aqniu.com/vendor/43866.html

Spring Boot中Actuators的漏洞分析
https://xz.aliyun.com/t/4259

Android Security Research: Crypto Wallet Local Storage Attack
https://www.exploit-db.com/docs/46466

PROTECTING WINDOWS PRIVILEGED ACCOUNTS
https://www.exploit-db.com/docs/46447

Geolocating SSH Hackers In Real-Time
https://bit.ly/2BUCmi2

Top 500 Most Important XSS Script Cheat Sheet for Web Application Penetration Testing
https://bit.ly/2tARHA7

PoC/SMBv3 Tree Connect/
https://bit.ly/2H0HjcG

setuid0-sec/Swiss_E-Voting_Publications
https://bit.ly/2SUI5z4

Researchers break digital signatures for most desktop PDF viewers
https://www.zdnet.com/article/researchers-break-digital-signatures-for-most-desktop-pdf-viewers/#ftag=RSSbaffb68

How to break PDF Signatures
https://www.pdf-insecurity.org/

How To Spoof PDF Signatures
https://web-in-security.blogspot.com/2019/02/how-to-spoof-pdf-signatures.html

An Inside Look at a Level 4 Threat Hunting Program
https://www.bankinfosecurity.com/inside-look-at-level-4-threat-hunting-program-a-12052

Testing Visibility to Develop an Innovative Threat Hunting Program
https://www.bankinfosecurity.asia/testing-visibility-to-develop-innovative-threat-hunting-program-a-12051

How a Hacking Group is Stealing Popular Instagram Profiles
https://blog.trendmicro.com/trendlabs-security-intelligence/how-a-hacking-group-is-stealing-popular-instagram-profiles/

Drupal Vulnerability (CVE-2019-6340) Can Be Exploited for Remote Code Execution
https://blog.trendmicro.com/trendlabs-security-intelligence/drupal-vulnerability-cve-2019-6340-can-be-exploited-for-remote-code-execution/





F.商業

Chrome無痕模式其實「不無痕」? Google打算進行升級
https://bit.ly/2BNZHlA

遠東二代徐國安扮推手 裕民攜手愛立信打造船隊安全系統 保庇船隊「防颱風、避海盜都行!
https://www.ettoday.net/news/20190223/1384886.htm

轉型求生,BlackBerry買下AI新創Cylance衝刺資安事業
https://meet.bnext.com.tw/articles/view/44535

微軟被批戰爭奸商,員工要求放棄陸軍合約
https://bit.ly/2SVPq1w

趨勢科技最新解決方案讓電信廠商為用戶的數位生活昇起防護罩
https://bit.ly/2U9muQ7

Purism將為旗下Librem筆電加入高安全性啟動程序PureBoot
https://www.ithome.com.tw/news/128987

整合DNS安全服務 Palo Alto Networks升級新世代防火牆
https://www.ettoday.net/news/20190228/1388624.htm

友通啟動首波併購 聯手其陽搶攻網通資安市場
https://shareba.com/module/news/310478285130279714.html

ESET全系列資安產品均配備「網路釣魚防護」功能
http://www.pcdiy.com.tw/detail/12195

Trend Micro發表新一代電信商防護平台 重點關注智慧家庭或行動裝置
https://bit.ly/2Vu6M2m

Microsoft推出Windows Server IoT 2019,強化邊緣運算應用
https://bit.ly/2tQzTkF

廣達旗下 雲達攻5G應用
https://money.udn.com/money/story/5710/3669012

2018 年Gartner 魔力像限SIEM 領域領導者的三大安全業務優勢
https://www.aqniu.com/vendor/44115.html

Radware:現代惡意軟件戰勝網絡防禦措施的5種方式及企業應對措施
https://www.aqniu.com/vendor/43986.html

加強企業資安,微軟發布2大服務借助AI減少雜訊和網路攻擊誤報率
https://www.ithome.com.tw/news/129036

滿足行業資安需求 Palo Alto升級防火牆
https://udn.com/news/story/7240/3671630

G.政府

Google 3D地圖洩漏軍事機密 國防部花8天「抹平」
https://bit.ly/2U4VnWj

葉國興 任國安會副秘書長
https://tw.appledaily.com/new/realtime/20190223/1522178/

總統聘請專家出任國安會諮詢委員 因應國際經貿變局
https://www.ydn.com.tw/News/325426

柯文哲晚間出訪以色列 取經資安產創
https://www.rti.org.tw/news/view/id/2012385

訪問以色列60小時閃電來回 柯文哲:自駕車、資安方面可以合作
https://www.storm.mg/article/1002834

飛往以色列前夕 柯文哲的LINE競選帳號kp2020悄悄啟動了
https://www.cmmedia.com.tw/home/articles/14398

公部門用陸3C規範 政院「菜煮好再端出」
https://money.udn.com/money/story/5648/3662072

「麒麟專案」外洩案國防部長震怒 下令中科院檢討機密文件管制
https://www.upmedia.mg/news_info.php?SerialNo=58325

調查局新任科長名單出爐 瞄準總統大選備戰
https://udn.com/news/story/7320/3668823

證券周邊四合一? 顧立雄:很多人會覬覦
https://www.chinatimes.com/newspapers/20190228000251-260202




H.SCADA/ICS/工控系統

多款Moxa產品跨站腳本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6565

Schneider Electric Evlink Charging Station權限提升漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7778

Schneider Electric Modicon M221遠程安全繞過漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7789

Schneider Electric Pelco Sarix Professional 1st generation cameras緩衝區溢出漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7780

Schneider Electric Pelco Sarix Professional 1st generation cameras經過身份驗證密碼洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7782

Schneider Electric InduSoft Web Studio和InTouch Edge HMI代碼執行漏洞洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17914

Schneider Electric SoMachine Basic XML外部實體注入漏洞的補丁
https://www.schneider-electric.com/en/download/document/SEVD-2018-142-01/

Power systems in data centers are vulnerable to Cyber Attacks
https://www.cybersecurity-insiders.com/power-systems-in-data-centers-are-vulnerable-to-cyber-attacks/

I.教育訓練

簡單的安卓漏洞挖掘學習(一)
https://xz.aliyun.com/t/4197

How to Make File and Directory Undeletable, Even By Root in Linux
https://bit.ly/2EsxKld

How to Send a Message to Logged Users in Linux Terminal
https://bit.ly/2GYJHAO

How to Show Asterisks While Typing Sudo Password in Linux
https://bit.ly/2GKWg3g

6 Online Tools for Generating and Testing Cron Jobs for Linux
https://bit.ly/2Terbuy

Learn Ethical Hacking with 180 Hours of Training — 2019 Course Bundle
https://bit.ly/2Vs79dz

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機

歐洲電信標準協會訂立全球物聯網安全標準
https://www.etsi.org/deliver/etsi_ts/103600_103699/103645/01.01.01_60/ts_103645v010101p.pdf

新型資安威脅要靠AI來解
https://www.ithome.com.tw/article/128805

當 5G 加上邊緣運算,「智慧工廠」概念將被重新顛覆一次
https://buzzorange.com/techorange/2019/02/23/5g-aiot/

智能酒店時代來臨:AI 負責Check-in搬行李丶手機取代房卡
https://bit.ly/2tzkzIH

陸工業互聯網規模 將達4,800億人民幣
https://www.chinatimes.com/newspapers/20190224000273-260203

曠視科技 人工智慧領跑者
https://www.chinatimes.com/newspapers/20190225000120-260301

Arm與各大測試實驗室針對物聯網裝置推出獨立安全認證
https://news.sina.com.tw/article/20190227/30238888.html

改善OT應用環境 健全資安產業發展
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=71&aid=8717

Singtel inks IoT partnership deals with China Mobile, Microsoft
https://www.zdnet.com/article/singtel-inks-iot-partnership-deals-with-china-mobile-microsoft/#ftag=RSSbaffb68

Open source AI chips making Green Waves: Bringing energy efficiency to IoT architecture
https://zd.net/2EbHU8v

Internet of Things: Lenovo's new edge server isn't much bigger than a notebook
https://zd.net/2EbqGbf

Arm partners with testing labs to provide IOT security certification
https://zd.net/2Vkuxtk

2.8M UK businesses vulnerable to IoT and OT cyber-attacks
https://digitalisationworld.com/news/56399/28m-uk-businesses-vulnerable-to-iot-and-ot-cyber-attacks

IBM rolls out asset performance management tools to better target industrial IoT
https://www.zdnet.com/article/ibm-rolls-out-asset-performance-management-tools-to-better-target-industrial-iot/#ftag=RSSbaffb68

K.CTF

NeverLAN CTF 2019
https://ctftime.org/event/706

STEM CTF: Cyber Challenge 2019
https://ctftime.org/event/661

DEF CON CTF 2019 Quals
https://www.oooverflow.io/dc-ctf-2019-quals/

CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair
https://bit.ly/2CWltVm

Official Website of CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair, Qingdao, China
https://bit.ly/2VnsC8p

NeverLAN CTF
https://neverlanctf.com/

6.近期資安活動及研討會

 Elixir台灣 台北 Meetup # Monday, March 4, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzfbgb/

 Greenhost 如何建立獨立且開放的雲端主機平台?主題二:網路資源及路由管理: IP, AS Number, DNS  3/4
 https://ocftw.kktix.cc/events/greenhost2

 如何推動關鍵基礎設施之醫療及工控系統的資安防護  3/6
 http://www.cisanet.org.tw/Services/express_more?id=2814

 網站弱點評估實務  3/7
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3825&from_course_list_url=homepage

 HackingThursday 固定聚會  March 7, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzfbkb/

 Arduino四軸飛行器開發實作,無人機硬體、無線遙控器、飛控軟體整合、飛行教學,一天學會  3/9
 https://bit.ly/2LdYJ5H

 AI於資訊安全之應用  3/9
 https://hackercollege.nctu.edu.tw/?p=1042

 【補助專班】AI人工智慧應用系列- AIoT智能物聯網開發人才就業養成班[免費諮詢]  3/12
 https://ittraining.kktix.cc/events/aiot-training-2019

 Building and Training Convolutional Neural Networks, CNN  Wednesday, March 13, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484158/

 HackingThursday 固定聚會  March 14, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzfbsb/

 源碼檢測實作  3/14
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3829&from_course_list_url=homepage

 資安攻防演練主題講座  2019/03/14
 https://hackersir.kktix.cc/events/fcu190314

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, March 20, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzfbbc/

 網路封包分析實務  3/20
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3833&from_course_list_url=homepage

 HackingThursday 固定聚會  March 21, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzfbcc/

 網路封包分析實務  3/21
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3833&from_course_list_url=homepage

 國立交通大學 亥客書院 - 網路流量分析與檢測  3/23
 https://hackercollege.nctu.edu.tw/?p=1036

 Black Hat Asia 2019  2019年3月26-29日
 https://ubm.io/2zZu87q 

 kubernetes 入門實作  3/28
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3789&from_course_list_url=homepage

 HackingThursday 固定聚會  March 28, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzfblc/

 Elixir台灣 台北 Meetup # Monday, April 1, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzgbcb/

 Modeling Sequences with Recurrent Neural Networks, RNN  Wednesday, April 3, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484461/

 網路封包分析實務  4/11
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3826&from_course_list_url=homepage

 2019 ICANN APAC-TWNIC Engagement forum  4/16~4/17
 https://forum.twnic.tw/

 Industrial Control Systems (ICS) Cyber Security Conference  APAC  April 16-18, 2019
 https://www.icscybersecurityconference.com/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, April 17, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzgbwb/

 網站弱點評估實務  4/18
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3830&from_course_list_url=homepage

 國立交通大學 亥客書院 - 緩衝區溢位攻擊與預防 新竹  4/20
 https://hackercollege.nctu.edu.tw/?p=1052

 資安健診  4/25
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3834&from_course_list_url=homepage

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 資安健診  5/9
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3827&from_course_list_url=homepage

 國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
 https://hackercollege.nctu.edu.tw/?p=1054

  iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
 https://cloudsummit.ithome.com.tw/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/

 網路封包分析實務  5/16
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3831&from_course_list_url=homepage

 源碼檢測實作  5/23
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3835&from_course_list_url=homepage

 第二十九屆全國資訊安全會議  5/23  ~ 5/24
 https://cisc2019.cs.pu.edu.tw/index.php

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/