資安事件新聞週報 2019/3/11 ~ 2019/3/15

資安事件新聞週報  2019/3/11  ~  2019/3/15

1.重大弱點漏洞

F5 BIG-IP 安全漏洞  CVE-2019-6598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6598

Checkpoint Zonealarm  CVE-2018-8790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-8790

NetApp Service Processor 遠端執行程式碼漏洞
https://security.netapp.com/advisory/ntap-20190305-0001/

pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting
https://www.exploit-db.com/exploits/46538

PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution
https://www.exploit-db.com/exploits/46527

Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)
https://www.exploit-db.com/exploits/46522

FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)
https://www.exploit-db.com/exploits/46508

QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
https://www.exploit-db.com/exploits/46506

IBM DB2 提升權限漏洞
https://www.auscert.org.au/bulletins/77042


Google Chrome 瀏覽器零時差弱點，可導致遠程攻擊者執行任意程式碼並完全控制主機
https://www.anquanke.com/post/id/172383

Chrome舊版本漏洞 解決法在這
https://bit.ly/2EQrX7Z

Chrome 漏洞嚴重影響 Windows 7 用戶，官方呼籲快盡快升級
https://3c.ltn.com.tw/news/36107

Google Chrome 73 released with dark mode support on macOS
https://www.zdnet.com/article/google-chrome-73-released-with-dark-mode-support-on-macos/#ftag=RSSbaffb68

穀歌首席安全工程師警告：立即更新穀歌瀏覽器
https://zh.wenxuecity.com/news/2019/03/12/8154854.html

研究人員一時手癢，玩壞英航影音系統發現DoS漏洞
https://www.ithome.com.tw/news/129225?fbclid=IwAR29MV10DhCTZlapA-k5g15Wn2QElfTqbsJzew6ng5ZEOaEjWEP2MliggGA

價值1250 美元的ERPNext 模版註入漏洞
https://www.chainnews.com/articles/516075102439.htm

D-link Dir-825_rev.b_firmware, dir-878_firmware CVE-2019-9123
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9123

D-link Dir-825_rev.b_firmware, dir-878_firmware CVE-2019-9124
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9124

D-link Dir-825_rev.b_firmware, dir-878_firmware CVE-2019-9125
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9125

IBM QRadar SIEM內容欺騙漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10794523

Cisco  Rv110w_firmware  CVE-2019-1663
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1663

Cisco Common Services Platform Collector Static Credential Vulnerability Alert
https://meterpreter.org/cisco-common-services-platform-collector-vulnerability/

微軟發佈03月份安全性公告
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ac45e477-1019-e911-a98b-000d3a33a34d

Proof-of-concept code published for Windows 7 zero-day
https://www.zdnet.com/article/proof-of-concept-code-published-for-windows-7-zero-day/#ftag=RSSbaffb68

Microsoft Windows JScript本地安全繞過漏洞
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2018-8417

微軟修補64個安全漏洞，當中兩個已遭開採
https://www.ithome.com.tw/news/129323

Windows 10 Now Automatically Uninstalls Updates That Cause Problems
https://bit.ly/2u7jw2U

Microsoft March Patch Tuesday comes with fixes for two Windows zero-days
https://www.zdnet.com/article/microsoft-march-patch-tuesday-comes-with-fixes-for-two-windows-zero-days/#ftag=RSSbaffb68

Windows 10 Will Now Automatically Uninstall Corrupted Updates
https://bit.ly/2HsFl53

Microsoft Releases Patches for 64 Flaws — Two Under Active Attack
https://bit.ly/2T3B0Yb

Microsoft might give Windows 10 Home users the option to pause updates for 35 days
https://www.zdnet.com/article/microsoft-might-give-windows-10-home-users-the-option-to-pause-updates-for-35-days/#ftag=RSSbaffb68

Microsoft Patches Fresh Flaws Hit by Hackers
https://www.bankinfosecurity.com/microsoft-patches-fresh-flaws-hit-by-hackers-a-12162

Checkstyle 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9658

Boeing plans autopilot software update after two 737 MAX crashes
https://www.zdnet.com/article/boeing-plans-autopilot-software-update-after-two-737-max-crashes/#ftag=RSSbaffb68

Mozilla launches Firefox Send, a free, encrypted file-sharing service
https://www.zdnet.com/article/mozilla-launches-firefox-send-a-free-encrypted-file-sharing-service/#ftag=RSSbaffb68

Firefox Send — Free Encrypted File Transfer Service Now Available For All
https://bit.ly/2O0TLe3

Vulnerability in Swiss e-voting system could have led to vote alterations
https://www.zdnet.com/article/vulnerability-in-swiss-e-voting-system-could-have-led-to-vote-alterations/#ftag=RSSbaffb68

Adobe Releases Patches for Critical Flaws in Photoshop CC and Digital Edition
https://bit.ly/2UyRYPO

Adobe 存在嚴重安全性弱點
https://helpx.adobe.com/security/products/photoshop/apsb19-15.html
https://helpx.adobe.com/security/products/Digital-Editions/apsb19-16.html

Polycom Trio跨站腳本漏洞
https://support.polycom.com/PolycomService/home/home.htm

March’s Patch Tuesday Fixes Privilege Escalation Vulnerabilities Exploited in the Wild
https://blog.trendmicro.com/trendlabs-security-intelligence/marchs-patch-tuesday-fixes-privilege-escalation-vulnerabilities-exploited-in-the-wild/

The fourth horseman: CVE-2019-0797 vulnerability
https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/

CVE-2019-7238: Insufficient Access Controls in Sonatype Nexus Repository Manager 3 Allows Remote Code Execution
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-7238-insufficient-access-controls-in-sonatype-nexus-repository-manager-3-allows-remote-code-execution/

2.銀行/金融/保險/證券/支付系統/ 新聞及資安

店家禁止完全無現金交易　美國費城立法通過
https://www.ettoday.net/news/20190308/1394657.htm

金融科技新挑戰 法遵科技vs.資安應用新視野
https://www.chinatimes.com/realtimenews/20190308003530-260410

涉案人員100餘人、涉案金額達4000多萬，中國大陸巴州區公安打擊一個“信用卡”犯罪團伙
https://k.sina.com.cn/article_6142603556_16e20b12402000k5yz.html

刷我卡卻保別人車！ 車主控產險「代刷漏洞」
https://bit.ly/2TofwKJ

央行副行長：丈母娘挑女婿都用上了個人徵信報告
https://news.sina.com.tw/article/20190310/30396296.html

超危險！網購刷卡當心遭「表單劫持」
https://bit.ly/2CfGzNL

【純網銀來了】完全網路作業 再也不用大小事都跑銀行
https://bit.ly/2u39XSX

英國蘇格蘭皇家銀行宣布　將試用指紋識別銀行卡
https://hk.on.cc/hk/bkn/cnt/aeanews/20190312/bkn-20190312041038090-0312_00912_001.html

香港東亞銀行電腦系統出現故障，17間分行受影響未能提供櫃位服務
https://hk.on.cc/hk/bkn/cnt/news/20190309/bkn-20190309103843786-0309_00822_001.html

香港東亞銀行冧機17分行癱瘓　區議員促公布故障原因
https://hk.on.cc/hk/bkn/cnt/news/20190309/bkn-20190309103843786-0309_00822_001.html

香港東亞銀行表示系統陸續回復正常 正跟進網絡不穩原因
https://bit.ly/2VN1PS9

彰銀稅前盈餘創新高 下半年發數位帳戶卡
https://bit.ly/2VMuwyA

開發金控首創銀行及證券雙向數位身分認證
https://www.chinatimes.com/realtimenews/20190307003344-260410

加薪不求人 遠銀：「人人都是分行經理」月月自動加薪
https://ec.ltn.com.tw/article/breakingnews/2722834

科技人跳金融圈　將來銀行老總自爆克服3大差異
https://tw.finance.appledaily.com/realtime/20190310/1530580

英金融業去年遇駭 暴增5倍
https://www.chinatimes.com/newspapers/20190311000216-260203

駭客攻擊金融機構的手法和技巧(含歷年重大攻擊事件表)
https://blog.trendmicro.com.tw/?p=59601

【純網銀來了】資安與監理最重要 創新服務才有可能獲利
https://bit.ly/2HfDSQn

《財經觀測站》當「純網銀」遇上「金金分離」
https://ec.ltn.com.tw/article/paper/1273488

雙重認證防洩私隱 確保網上帳戶安全
https://bit.ly/2VWkdbn

虛擬銀行中資天下 6熱門4間紅色背景 開張初期料高息吸客
https://bit.ly/2u5wZIQ

金融業主動端菜搶先機
https://www.chinatimes.com/newspapers/20190313000266-260210

中國P2P網貸平臺的新風險比爆雷還危險
https://www.secretchina.com/news/b5/2019/03/13/887220.html

ATM鍵盤藏危機 塑膠鍵恐導致密碼遭破解
https://www.ttv.com.tw/news/view/10803130027400N/579

小額免簽盜刷多　英銀行邀用戶測試指紋辨識信用卡
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=45&id=0000555567_0pf6dsqm589juv8ns6wpi

蘋果踢爆：星展ATM爆食錢羅生門 事主稱存入6.6萬　銀行指無紀錄
https://hk.news.appledaily.com/local/daily/article/20190315/20633861

Advanced ATM Penetration Testing Methods
https://gbhackers.com/advanced-atm-penetration-testing-methods/

Insert Skimmer + Camera Cover PIN Stealer
https://krebsonsecurity.com/2019/03/insert-skimmer-camera-cover-pin-stealer/

Financial Cyberthreats in 2018
https://securelist.com/financial-cyberthreats-in-2018/89788/

Breaking the Bank: Weakness in Financial AI Applications
https://www.fireeye.com/blog/threat-research/2019/03/breaking-the-bank-weakness-in-financial-ai-applications.html

南山今年擬徵才6500人　提供新人專案獎金1年最高30萬
https://tw.appledaily.com/new/realtime/20190308/1529784/

〈台大校園徵才〉Fintech改寫金融業生態 金融業跨界爭搶科技高手
https://bit.ly/2tYjf2j

玉山金搶人才 科技理工、會計稅務吃香
https://www.chinatimes.com/realtimenews/20190309001698-260410

金融業向跨領域人才招手
https://news.cnyes.com/news/id/4286685

【新鮮人年薪百萬】10大金控獵3萬名好手　科技金融人才都要
https://tw.appledaily.com/new/realtime/20190309/1529913/

10大金控搶先跑 年薪上看百萬
https://tw.appledaily.com/headline/daily/20190310/38276950/

3.電子支付/電子票證/行動支付/ 新聞及資安

女用QR code付款 遭隔空盜刷8百人民幣
https://bit.ly/2TCzKQ9

巴克萊與支付寶達成協議接入英國商戶進行交易
http://www.aastocks.com/tc/stocks/news/aafn-news/NOW.928769/2

國內速食業嗶起來！麥當勞全台啟用悠遊卡等四票證支付
https://bit.ly/2Jcr8M4

8000萬張悠遊卡Q4可享線上電子支付
https://news.cnyes.com/news/id/4289535

墨攻結合4大連鎖民生消費業　提供國內及境外行動支付
https://www.ettoday.net/news/20190315/1399857.htm

純網銀、數位銀、網路銀分不清 這張表一次看懂
https://money.udn.com/money/story/5613/3698562

4.虛擬貨幣/區塊鍊   新聞及資安

非洲：一個不容小覷的加密貨幣市場
http://news.knowing.asia/news/ef9a3d62-2c4b-4cb0-8bbb-89b5da495dd3

SWIFT宣布與金融機構合作，將推出區塊鏈電子投票PoC
https://www.55coin.com/article/7020.html

躲制裁、賺外匯 聯合國：北韓駭進加密貨幣交易所
https://ec.ltn.com.tw/article/breakingnews/2721794

聯合國調查小組查出，北韓駭客不停駭進交易所、運用區塊鏈「規避經濟制裁」
https://www.blocktempo.com/north-korea-stole-cryptocurrency-via-hacking-un-panel/

損失5萬EOS！EOS非競猜類DApp遭駭客攻擊
https://news.sina.com.tw/article/20190311/30407214.html

JP摩根、高盛、富國銀行紛紛入局區塊鏈，只因這7個關鍵因素
http://news.knowing.asia/news/fc052bb5-2c17-4e7c-b908-ddcab0cf4faf

都是駭客攻擊惹的禍？日本加密投資「熱情消退」
http://news.knowing.asia/news/749a1bac-1e6a-4bca-8218-2b55c7c27d24

Ledger調查報告：Trezor硬體錢包具有五個漏洞
https://news.sina.com.tw/article/20190312/30426152.html

透過 Apple & Samsung Pay 實踐加密貨幣支付：比特現金 BSV 宣布與 Zeux 合作
https://technews.tw/2019/03/12/bsv-zeux-action-payment/

把台灣人病歷放上「區塊鏈」！健康護照 App 要打破醫院之間的數據隔閡
https://buzzorange.com/techorange/2019/03/12/healthpass-app/

波蘭國際事務研究所研究員：加密貨幣為當前國際經濟和政治體系帶來了挑戰
https://bit.ly/2FbmIBj

會 Go 語言獲得最多面試邀約！Hired 調查：區塊鏈工程師需求暴增 517%
https://technews.tw/2019/03/14/the-state-of-software-engineers/

美國一連鎖超市擬棄VISA用比特幣？ 零售業瞄準加密貨幣支付潛力 大規模應用面臨挑戰
https://iview.sina.com.tw/post/18767440

比特幣大盜鑽提款漏洞 四人幫得手112次騙20萬
https://bit.ly/2O72smS

虛擬貨幣平台出事 Gatecoin遭頒令清盤
http://www.hkcd.com/content/2019-03/15/content_1128528.html

以太坊智能合約漏洞實戰詳解：整數溢出攻擊
https://www.huoxing24.com/newsdetail/20190314173040282612.html

因竊取價值1500萬日元的加密貨幣，日本駭客被起訴
https://life.tw/?app=view&no=908160

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體

McAfee 研究人員發現已披露的 WinRAR 漏洞正被利用來植入木馬
https://www.kocpc.com.tw/archives/248664

7 個常見病毒、木馬、惡意程式的來源
https://blog.trendmicro.com.tw/?p=59351
 
美國喬治亞州傑克森郡政府遭勒索軟體攻擊，選擇付錢了事
https://www.ithome.com.tw/news/129226

Georgia county pays a whopping $400,000 to get rid of a ransomware infection
https://www.zdnet.com/article/georgia-county-pays-a-whopping-400000-to-get-rid-of-a-ransomware-infection/#ftag=RSSbaffb68

RTM網銀木馬在2018年對130,000家企業實施了攻擊
https://www.weibo.com/ttarticle/p/show?id=2309404348612808162843

網路犯罪再進化：勒索病毒退流行，你該注意的是「挖礦綁架」
https://www.thenewslens.com/feature/timefortune/115174

網絡犯罪再進化：勒索軟件被「挖礦綁架」取代
https://hk.thenewslens.com/article/115359

PoS惡意程式鎖定中小企業，潛藏至少4年
https://www.ithome.com.tw/news/129333?fbclid=IwAR30kveu0HIe0uOkuDPhzlEUeYmDt_7Z90DOTb00ZKd8C6XEsx1iYwquQYE

‘DMSniff’ POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses
https://www.flashpoint-intel.com/blog/dmsniff-pos-malware-actively-leveraged-target-medium-sized-businesses/

Fileless Banking Trojan Targeting Brazilian Banks Downloads Possible Botnet Capability, Info Stealers
https://blog.trendmicro.com/trendlabs-security-intelligence/fileless-banking-trojan-targeting-brazilian-banks-downloads-possible-botnet-capability-info-stealers/

Chinese hacking group backdoors products from three Asian gaming companies
https://www.zdnet.com/article/chinese-hacking-group-backdoors-products-from-three-asian-gaming-companies/#ftag=RSSbaffb68

Gaming industry still in the scope of attackers in Asia
https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/

Avast and Emsisoft release free decrypters for BigBobRoss ransomware 
https://www.zdnet.com/article/avast-and-emsisoft-release-free-decrypters-for-bigbobross-ransomware/#ftag=RSSbaffb68

Emotet trojan implicated in Wolverine Solutions ransomware attack
https://portswigger.net/daily-swig/emotet-trojan-implicated-in-wolverine-solutions-ransomware-attack

Massive Ryuk Ransomware Attack on Entire Computers of Jackson County, Georgia – $400,000 Ransom Paid
https://gbhackers.com/jackson-county-ransomware-attack/

Transferring Backdoor Payloads with BMP Image Pixels | By Damon Mohammadbagher
https://bit.ly/2Y0xgum

Zahl der Opfer von Banking-Trojanern 2018 um 16 Prozent gestiegen
http://www.av-finance.com/geldinstitute/newsdetails-gi/artikel/334/zahl-der-opfer-von-banking-trojanern-2018-um-16-prozent-gestiegen/

NEW URSNIF VARIANT TARGETS JAPAN PACKED WITH NEW FEATURES
https://www.cybereason.com/blog/new-ursnif-variant-targets-japan-packed-with-new-features

Malicious Counter-Strike 1.6 servers used zero-days to infect users with malware
https://www.zdnet.com/article/malicious-counter-strike-1-6-servers-used-zero-days-to-infect-users-with-malware/#ftag=RSSbaffb68

Ransomware Attack on Vendor Affects 600,000
https://www.bankinfosecurity.com/ransomware-attack-on-vendor-affects-600000-a-12164

A DANGEROUS MALWARE THAT STEALS BANKING INFORMATION
https://www.securitynewspaper.com/2019/03/12/a-dangerous-malware-that-steals-banking-information/

Ursnif Banking Trojan Variant Steals More Than Financial Data
https://www.bankinfosecurity.com/ursnif-banking-trojan-variant-steals-more-than-financial-data-a-12165

4% Indian users hit by banking Trojans in 2018: Report
https://samajweekly.com/4-indian-users-hit-by-banking-trojans-in-2018-report/

This banking malware just returned with new sneaky tricks to steal your data
https://www.zdnet.com/google-amp/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/

From Fileless Techniques to Using Steganography: Examining Powload’s Evolution
https://blog.trendmicro.com/trendlabs-security-intelligence/from-fileless-techniques-to-using-steganography-examining-powloads-evolution/

A Machine Learning Model to Detect Malware Variants
https://blog.trendmicro.com/trendlabs-security-intelligence/a-machine-learning-model-to-detect-malware-variants/

GlitchPOS: New PoS malware for sale
https://blog.talosintelligence.com/2019/03/glitchpos-new-pos-malware-for-sale.html

Two-thirds of all Android antivirus apps are frauds
https://www.zdnet.com/article/two-thirds-of-all-android-antivirus-apps-are-frauds/#ftag=RSSbaffb68

Android Test 2019 – 250 Apps
https://www.av-comparatives.org/tests/android-test-2019-250-apps/

Fresh POS Malware Strikes Small and Midsize Companies
https://www.bankinfosecurity.com/fresh-pos-malware-strikes-small-midsize-companies-a-12167

Ransomware attack news trending on Google
https://www.cybersecurity-insiders.com/ransomware-attack-news-trending-on-google/

B.行動安全 / iPhone / Android /穿戴裝置 /App

面部解鎖被相片破解 Galaxy S10 用戶建議使用指紋辨識
https://unwire.hk/2019/03/09/unlock-galaxy-s10-with-photo/mobile-phone/

三星S10被曝安全漏洞，視頻就能解鎖手機，人臉識別形同擺設
https://www.sohu.com/a/300249089_100219861?sec=wd

Galaxy S10 容貌辨識有漏洞 哥哥手機被妹妹面部解鎖
https://unwire.hk/2019/03/12/sister-unlock-brother-galaxy-s10-with-her-face/mobile-phone/

臉書帳號登App 曝隱私3大風險
https://bit.ly/2UtbtsQ

詐騙新手法！測試app遊戲 手機被鎖還勒索你
https://udn.com/news/story/7315/3687290

刑事局電偵大隊記者會　偵破藥妝APP遭竄改詐欺案
https://www.upmedia.mg/news_info.php?SerialNo=59050

安卓粉的痛、跪求Google快點改！外媒點名 Android 手機五大缺點
https://3c.ltn.com.tw/news/36106

安卓粉心中痛！這5大缺點怒到想摔機
https://bit.ly/2u9kJal

Google快改進！盤點Android作業系統5大缺點
https://www.ettoday.net/news/20190311/1396726.htm

鑽網購APP漏洞 男沒花錢得手1500萬商品
https://www.ttv.com.tw/news/view/10803110015300N/579

曾任物流竟能取得工程師APP　警方懷疑有內賊
https://tw.appledaily.com/new/realtime/20190311/1531347/

用工程師版App 囂張男嫌爽買
https://tw.appledaily.com/headline/daily/20190312/38278858/

鑽屈臣氏APP漏洞 網拍主詐300萬元商品大做無本生意
https://news.ltn.com.tw/news/society/breakingnews/2723235

屈臣氏網購結帳程式被破解，5 天遭詐近 300 萬元
https://technews.tw/2019/03/12/watsons-e-shopping-app-hacked/

網購屈臣氏1500萬結帳0元　駭客冷笑「花100萬請我不回去」
https://www.ettoday.net/news/20190311/1396641.htm

詐財誆報復 自稱卡神第2
https://www.chinatimes.com/newspapers/20190312000549-260106

超強開發者在 Google Pixel 3 XL，成功啟動 Windows 10
https://bit.ly/2VRwLRe

手機網路掛點大當機 中華電信認故障教這招
https://bit.ly/2EWyoWS

行動裝置測試軟體 Antutu 7.2.6 釋出 ， 更新日誌直言修復部分廠商惡意利用問題
https://www.kocpc.com.tw/archives/248063

台灣超過一半人口使用手機上網 資安觀念卻十分欠缺
https://udn.com/news/story/7315/3695239?from=udn-ch1_breaknews-1-cate2-news

更多Android Q Beta的更新細節，改善隱私以及強化折疊手機App管理
https://bit.ly/2XYdTC8

Check Point：中國業者利用Android程式竊取使用者通訊錄
https://www.ithome.com.tw/news/129330?fbclid=IwAR0Vpf4CRnk2lLXIqGLeRYOOwWs9nql1AvwzjsT-0rhUlcFf-4v7rCFySTA

Operation Sheep: Pilfer-Analytics SDK in Action
https://research.checkpoint.com/operation-sheep-pilfer-analytics-sdk-in-action/

A Mobile App Scanner is Not Just Another App
https://blog.trendmicro.com/a-mobile-app-scanner-is-not-just-another-app/

Free Mobile Application Security and Privacy Test
https://medium.com/@htbridge/free-mobile-application-security-and-privacy-test-a138bbae8ba0

C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件

回顧2018年五個資安情勢
https://blog.trendmicro.com.tw/?p=59848

新發現透過 GitHub 和 Slack 進行的定位攻擊事件
https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=898

Gmail、Google硬碟大規模掛點　搶修3小時才恢復
https://tw.appledaily.com/new/realtime/20190313/1532386/

什麼日子？ Gmail當機後，FB、IG接力
https://www.cw.com.tw/article/article.action?id=5094326

【緊接Google之後】FB、IG全球大當機 官方改用推特道歉：非網路攻擊
https://bit.ly/2HhUhUv

日月光資安管理 運用人工智慧和大數據
https://money.udn.com/money/story/5612/3694944

兒童智能手錶被入侵監聽跟蹤　消委會教設高強度密碼
https://topick.hket.com/article/2294393

《刀塔自走棋》手遊官網上線，預約首日遭駭客癱瘓
https://www.4gamers.com.tw/news/detail/38267/dota-auto-chess-mobile-being-attacked-by-hacker

亞洲多款遊戲於開發階段再遭中國駭侵團體「供應鏈攻擊」植入後門
https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=900

2018年度十大網站攻擊技法出爐，臺灣資安專家研究再獲全球肯定，連續兩年蟬聯第一
https://www.ithome.com.tw/news/129314

美麻省理工期刊：量子加密技術被上海交大破解
https://www.chinatimes.com/realtimenews/20190312004882-260409

建立網路戰平台！北約在塔林打造「數字戰壕」
https://news.sina.com.tw/article/20190312/30434764.html

中國侵門踏戶 註冊台灣網域名稱宣傳 31條
https://m.ltn.com.tw/news/politics/breakingnews/2725122

美國雲端企業服務大廠 Citrix 遭駭，6TB 文件恐遭伊朗駭客竊走
https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=899

科技大廠 Citrix 遭「密碼噴灑」手法攻陷！大量白宮、FBI 機密恐被竊
http://technews.tw/2019/03/13/iranian-backed-hackers-stole-data-from-major-us-government-contractor/

網路安全專家談劍鋒委員：網路上不要輕易「刷臉」
https://news.sina.com.tw/article/20190311/30415482.html

加碼禁用大陸產品　為資安還是為表態
https://www.storm.mg/article/1002760

美國逼德國封殺華為5G 情報分享當籌碼
https://www.rti.org.tw/news/view/id/2014204

美首度警告柏林：封殺華為、否則情資分享不再暢通
https://wealth.businessweekly.com.tw/m/GArticle.aspx?id=ARTL000131799

美國警告後 梅克爾：德國將自訂5G網路安全標準
https://bit.ly/2Tzgzrh

梅克爾不吃川普那套...美國威脅德國「不可採用華為設備」，德國總理強勢回應：這是我們自己的事
https://bit.ly/2Cn9E9X

美國圍堵華為 海底通訊電纜成新戰場
https://www.cna.com.tw/news/aopl/201903130017.aspx

政府面對華為產品資安威脅應有做法
https://bit.ly/2HCTMDV

大陸產經：華為願與德國簽防諜協議，並針對資安議題進行合作
https://bit.ly/2HxJ80V

賽門鐵克：駭客對購物網站進行「表單劫持」成新主流，直接將你在網路上的信用卡刷卡資訊轉走
https://bit.ly/2UsxFDH

TWNIC首度發表臺灣網路資安態勢分析，對外攻擊是頭號威脅
https://ithome.com.tw/news/129208

臺灣面臨的10大惡意攻擊皆為全球兩倍，並是Botnet攻擊最多國家
https://www.ithome.com.tw/news/129187

瑞士和澳大利亞的電子投票系統爆嚴重漏洞，可操縱選票
https://www.secrss.com/articles/9037

瑞士電子投票系統漏洞可能遭竄改票數
https://www.ithome.com.tw/news/129311

個資被看光？杜奕瑾示警中共隱私竊密
https://bit.ly/2UtpczZ

文彩元官方否認點讚鄭俊英相關事件：帳號被駭客攻擊
http://tw.fansyes.com/content/20190314/kr3x0q513y6l.shtml

4/6類千禧蟲再現? 資安專家:當天我不搭機
https://www.ttv.com.tw/news/view/10803100016600N/568

美內部報告坦言軍事強權受威脅，海軍遭陸駭客"圍攻"
https://bit.ly/2u5ETBU

憂網路版珍珠港事變 美學者：遠離陸製設備
https://bit.ly/2J74S6h

美海軍提高保密性「防中國駭客」　停止公布晉升軍官名單
https://www.ettoday.net/news/20190315/1399788.htm

中國OTT大舉攻台 學者：意圖影響台灣2020大選
https://news.ltn.com.tw/news/politics/breakingnews/2726253

中國騰訊擬來台「落地」　循愛奇藝走灰色地帶
https://tw.appledaily.com/new/realtime/20190314/1532869/

中共網路盜竊技術 美國開始反擊
https://bit.ly/2XMkyPP

中國全國青聯：建議明確禁止未成年人擔任網路主播
https://news.sina.com.tw/article/20190309/30387630.html

中共賬本三千億去向不明 財政報告漏洞多
https://m.secretchina.com/news/b5/2019/03/10/886947.html

2018年日本警方查獲網路犯罪逾9000起創新高
https://bit.ly/2Jj0CRt

對抗供應鏈攻擊　日政府與大公司助中小企業強化資安防禦能力
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000554957_FWULVG4I42EPMC8VPI3LR

網路攻擊日益猖獗 日本將成立亞洲第一個資安聯盟
https://news.wearn.com/c170598.html

網路攻擊日益猖獗 日本將成立亞洲第一個資安聯盟+蔡英文提七項綱領　綠稱有必要表態、藍批恐嚇民眾
https://www.anntw.com/articles/20190311-ntVI

委內瑞拉供電無法恢復 馬杜洛怪罪駭客攻擊
https://bit.ly/2u1meav

當整個國家都陷入黑暗...委內瑞拉指控遭美國網路攻擊：「已請求中國協助調查」
https://www.storm.mg/article/1052507

印尼大選4/17登場 選委會控中俄駭客捏造幽靈選民
https://newtalk.tw/news/view/2019-03-13/219119

俄網軍干擾美大選換招式 操作社媒由明轉暗
https://udn.com/news/story/6809/3688700

俄羅斯網軍改變策略，激發政治對立干擾美國總統大選
http://technews.tw/2019/03/12/russian-internet-research-agency-shift-strategy/

俄網軍假帳號 干擾美2020大選
https://bit.ly/2UuoB0T

俄國萬人上街 抗議政府以資安為由控制網路
https://lihkg.com/thread/1056151/page/1

北韓可能準備發射「衛星」 威力超出「光明星4號」
https://www.chinatimes.com/realtimenews/20190311003557-260408

聯合國報告：朝鮮規避制裁升級 獲大量資金
http://www.epochtimes.com/b5/19/3/11/n11105689.htm

聯合國報告稱朝鮮對虛擬貨幣等網路攻擊造成逾6.7億美元損失
https://tchina.kyodonews.net/news/2019/03/8935717f02f7-67.html

制裁破功 北韓靠駭客海撈7億
https://tw.appledaily.com/international/daily/20190312/38278503/

突破制裁網：竊盜6.7億美金虛擬貨幣的「北韓駭客經濟」
https://global.udn.com/global_vision/story/8662/3692257

美國雲端大廠 Citrix 遭伊朗駭客竊取 6TB 資料，白宮、FBI、NASA 機密恐遭竊
https://buzzorange.com/techorange/2019/03/13/citrix-crisis/

伊朗駭客入侵 Citrix 系統 竊取超過 6TB 資料
https://unwire.pro/2019/03/11/iranian-backed-hackers-stole-data-major-u-s-government-contractor/security/

Citrix內部網路遭國際犯罪集團駭入，傳為伊朗駭客所為
https://www.ithome.com.tw/news/129224?fbclid=IwAR1cNeCcwctUqT_kk1yndmPCQA8xLxo8bfJ-x31FO_w76eFP4ajyXHrMDC8

Citrix discloses security breach of internal network
https://www.zdnet.com/article/citrix-discloses-security-breach-of-internal-network/#ftag=RSSbaffb68

Citrix investigating unauthorized access to internal network
https://www.citrix.com/blogs/2019/03/08/citrix-investigating-unauthorized-access-to-internal-network/

Citrix Hacked by Password-Spraying Attackers, FBI Warns
https://www.bankinfosecurity.com/citrix-hacked-by-password-spraying-attackers-fbi-warns-a-12154

US senators want to know how many times they've been hacked
https://www.zdnet.com/article/us-senators-want-to-know-how-many-times-theyve-been-hacked/#ftag=RSSbaffb68

Iranian hackers behind mass cyber attack, says Microsoft
https://www.thenational.ae/world/gcc/iranian-hackers-behind-mass-cyber-attack-says-microsoft-1.834208

Marriott CEO shares post-mortem on last year's hack
https://www.zdnet.com/article/marriott-ceo-shares-post-mortem-on-last-years-hack/#ftag=RSSbaffb68

WordPress shopping sites under attack
https://www.zdnet.com/article/wordpress-shopping-sites-under-attack/#ftag=RSSbaffb68

'Yelp for conservatives' MAGA app leaks users data
https://www.zdnet.com/article/yelp-for-conservatives-maga-app-leaks-users-data/#ftag=RSSbaffb68

Open Distro for Elasticsearch is Amazon's move to show it's pro-open source
https://www.zdnet.com/article/open-distro-for-elasticsearch-is-amazons-move-to-show-its-pro-open-source/#ftag=RSSbaffb68

Chinese hackers fish for naval secrets
https://www.bbc.com/news/technology-47468443

New BitLocker attack puts laptops storing sensitive data at risk
https://www.zdnet.com/article/new-bitlocker-attack-puts-laptops-storing-sensitive-data-at-risk/#ftag=RSSbaffb68

Red Team to help secure open-source software
https://www.zdnet.com/article/red-team-to-help-secure-open-source-software/#ftag=RSSbaffb68

Apple, Google, GoDaddy misissued TLS certificates with weak serial numbers
https://www.zdnet.com/article/apple-google-godaddy-misissued-tls-certificates-with-weak-serial-numbers/#ftag=RSSbaffb68

Hackers Love to Strike on Saturday
https://www.bankinfosecurity.eu/blogs/hackers-love-to-strike-on-saturday-p-2731

Operation Comando: How to Run a Cheap and Effective Credit Card Business
https://unit42.paloaltonetworks.com/operation-comando-or-how-to-run-a-cheap-and-effective-credit-card-business/

Hackers are Ready to Exploit Zero-Day Flaws; Companies are Slow to Act
https://medium.com/readwrite/hackers-are-ready-to-exploit-zero-day-flaws-companies-are-slow-to-act-162bd6340ce5

Revisiting Election Security Threats FBI's Elvis Chan on What's Being Done to Secure the 2020 Election
https://www.bankinfosecurity.com/revisiting-election-security-threats-a-12166

Hacking And Cyber Attack Ruled Out As Cause Of Mystery 14-Hour Facebook Outage
https://start.att.net/news/read/article/fortune-hacking_and_cyber_attack_ruled_out_as_cause_of_mys-rtime/category/finance

Hackers used the Roskomnadzor registry for attacks on Yandex
http://www.ehackingnews.com/2019/03/hackers-used-roskomnadzor-registry-for.html

宏碁今年徵才500人 釋出電競資安多元職缺
https://www.cna.com.tw/news/afe/201903090170.aspx

中華電信前進校園 招募500新血
https://udn.com/news/story/7005/3687496

鐵飯碗來了！中華電徵才開跑 底薪最高49K
https://www.chinatimes.com/realtimenews/20190309001691-260410

中華電信徵才團隊南下交大、成大校園
https://tw.news.appledaily.com/new/realtime/20190311/1530936/

【資安所】網駭科技研析中心-程式開發工讀
https://www.104.com.tw/job/?jobno=6ji1z

軟體研發工程師
https://www.cakeresume.com/companies/onwardsecurity/jobs/software-r-amp-d-engineer

7C03_網路資安工程師
https://m.1111.com.tw/job/85869764/

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞

中國電商網站Gearbest洩露150多萬筆消費者個資、訂單資料
https://www.ithome.com.tw/news/129364

網絡攻擊者使用GoDaddy漏洞來詐騙用戶
https://www.cyclonis.com/zh-cn/cyber-attackers-used-godaddy-vulnerability-scam-users/

富士精工陸籍員工涉竊密！被捕時稱：為了學習
https://fnc.ebc.net.tw/FncNews/else/72751

Facebook 控告兩名開發者藉瀏覽器擴展偷竊用戶資料
https://technews.tw/2019/03/14/facebook-sues-two-ukranians-over-data-stealing-browser-add-ons/

擅自與150家公司分享用戶資訊 傳臉書遭刑事調查
https://www.chinatimes.com/realtimenews/20190314003068-260408

刑事局打擊詐騙列重點工作
https://bit.ly/2TLsyBe

浙江警方跨省破獲特大網路詐騙案
https://news.sina.com.tw/article/20190311/30415476.html

北京警方打擊防範電詐 1300餘萬電詐攔截資金被返還
https://news.sina.com.tw/article/20190309/30388502.html

打擊電信網路詐騙犯罪 警方提示有竅門
https://news.sina.com.tw/article/20190309/30387938.html

赴日本與哥斯大黎加設詐騙機房 檢方起訴7人
https://taronews.tw/2019/03/07/273795/

玩10分鐘領1000！女應徵測試手遊APP　手機慘遭鎖再被勒索1500
https://www.ettoday.net/news/20190310/1395737.htm

中國180萬女性個資外洩　連生育能力都紀錄
https://tw.appledaily.com/new/realtime/20190312/1531535/

中國數據庫列出180萬名女性於「可配種」狀態
https://news.ltn.com.tw/news/world/breakingnews/2723642

荷蘭專家揭露毛骨悚然的中國女人個資：有關 180 萬「可生育」的女人
https://buzzorange.com/2019/03/12/dutch-found-creepy-databases-about-1-8-million-chinese-woman/

臉書控告兩名開發人員搜括用戶資訊並覆蓋臉書廣告
https://www.ithome.com.tw/news/129223

醫院洩密 新加坡總理都中招
https://bit.ly/2UxYm9T

會員控疑個資外洩害盜刷 海帝斯健身房：釐清中
https://bit.ly/2HvF8OE

1堂英語課竟要4萬元！　女大生無卡分期成冤大頭
https://tw.news.appledaily.com/new/realtime/20190314/1533091/

網購DimBuy資料庫被入侵　顧客信用卡電話外洩
https://hk.on.cc/hk/bkn/cnt/news/20190314/bkn-20190314111028586-0314_00822_001.html

《BEC 詐騙 》一封信丟了工作,還被雇主索賠 400 多萬台幣
https://blog.trendmicro.com.tw/?p=59718

809 million records exposed by email marketing giant
https://www.zdnet.com/article/809-million-records-exposed-by-email-marketing-giant/#ftag=RSSbaffb68

Breach of 'Verifications.io' Exposes 763 Million Records
https://www.bankinfosecurity.com/breach-verificationsio-exposes-763-million-records-a-12158

BEWARE – New 'Creative' Phishing Attack You Really Should Pay Attention To
https://bit.ly/2UzSUmS

Report: Facebook faces criminal probe for sharing user data
https://www.zdnet.com/article/report-facebook-faces-criminal-probe-for-sharing-user-data/#ftag=RSSbaffb68

Data Breaches 101: How They Happen, What Gets Stolen, and Where It All Goes
https://bit.ly/2J8yGiS


E.研究報告

開源無線網路與管理方案 OpenWRT & OpenWISP
https://bit.ly/2XRJlBV

NSA逆向分析工具-Ghidra 使用心得與實例展示
https://bit.ly/2XUtJ0H

微軟Word中新漏洞允許攻擊者繞過所有防惡意軟體防禦
https://read01.com/P5zLPDa.html

路由器漏洞挖掘之命令執行
https://xz.aliyun.com/t/4291

[原創]“深入”探索CVE-2018-8174  
https://bbs.pediy.com/thread-249933.htm

WinRAR遠程代碼執行漏洞結合Metasploit+Ngrok實現遠程上線
https://www.freebuf.com/articles/network/197025.html

BuleHero蠕蟲病毒變種新增thinkphp5漏洞攻擊方式
https://s.tencent.com/research/report/675.html

AFL 漏洞挖掘技術漫談（一）：用AFL 開始你的第一次Fuzzing
https://paper.seebug.org/841/

CVE-2018-15982任意代碼執行漏洞復現
https://www.freebuf.com/column/197760.html

PXE Dust：Windows Servers Deployment Services漏洞分析
https://www.anquanke.com/post/id/172888

Phpshe v1.7 SQL盲注漏洞(CVE-2019-9626)分析
https://anquan.baidu.com/article/684

ThinkPHP5核心類Request遠程代碼漏洞分析
https://www.freebuf.com/vuls/196934.html

Microsoft Word OLE模塊再次出現已被黑客利用的漏洞
https://www.landiannews.com/archives/56379.html

Pompem ：一款功能强大的漏洞利用&挖洞工具
https://www.freebuf.com/sectool/197478.html

Xsuite遠程代碼執行漏洞：代碼筆誤導致獲得域管理權限（CVE-2018-9022）
https://www.4hou.com/vulnerable/16664.html

Q1, 2019 SPECIAL REPORT BY A10 SECURITY RESEARCH
https://www.a10networks.com/sites/default/files/A10-EB-14115-EN.pdf

Regipy: Automating registry forensics with python
https://bit.ly/2O0Nxuq

利用網頁套接字跨站劫持（CSWH）漏洞接管帳戶
https://nosec.org/home/detail/2335.html

SSRFmap：一款功能強大的自動化SSRF模糊測試和漏洞利用工具
https://www.freebuf.com/sectool/197353.html

找到盲XSS漏洞的簡單方法
https://nosec.org/home/detail/2339.html

WinRAR目錄穿越漏洞淺析及復現（CVE-2018-20250）
https://www.freebuf.com/vuls/197745.html

CVE-2019-0797 windows 0 day漏洞分析
https://www.4hou.com/vulnerable/16768.html

CVE-2019-9213——linux內核用戶空間0虛擬地址映射漏洞分析
https://www.anquanke.com/post/id/173356

HACKING WEB SOCKETS: ALL WEB PENTEST TOOLS WELCOMED
https://bit.ly/2HfTvqS

HiSilicon DVR hack pwn-hisilicon-dvr
https://github.com/mcw0/pwn-hisilicon-dvr/blob/master/README.adoc

Playing with CloudGoat part 1: hacking AWS EC2 service for privilege escalation
https://medium.com/@rzepsky/playing-with-cloudgoat-part-1-hacking-aws-ec2-service-for-privilege-escalation-4c42cc83f9da

Playing with CloudGoat part 2: fooling AWS CloudTrail and getting persistent access
https://medium.com/@rzepsky/playing-with-cloudgoat-part-2-fooling-cloudtrail-and-getting-persistence-access-6a1257bb3f7c

Playing with CloudGoat part 3: using AWS Lambda for privilege escalation and exploring a LightSail service
https://medium.com/@rzepsky/playing-with-cloudgoat-part-3-using-aws-lambda-for-privilege-escalation-and-exploring-a-lightsail-4a48688335fa

Playing with CloudGoat part 4: security nuances of AWS Glue, CodeBuild and S3 services
https://medium.com/@rzepsky/playing-with-cloudgoat-part-4-security-nuances-of-aws-glue-codebuild-and-s3-services-cc67fb88cc46

Playing with CloudGoat part 5: hacking AWS with Pacu
https://medium.com/@rzepsky/playing-with-cloudgoat-part-5-hacking-aws-with-pacu-6abe1cf5780d

Post 0x18.1: Analysing ISFB – The First Loader
https://0ffset.net/reverse-engineering/malware-analysis/analysing-isfb-loader/


F.商業

打造全台第一座！　中台灣全新國際高防數據中心
https://www.nownews.com/news/20190311/3264363/

資安廠商 F5 Networks 宣布以 6 億 7,000 萬美元，朝應用服務業務轉型
https://technews.tw/2019/03/12/security-company-f5-networks-buy-ngnix-fox-670-million/

中華電信攜手日本軟銀公司簽署合作備忘錄 共同發展物聯網與人工智能
http://n.yam.com/Article/20190314767291

BlackBerry 強化與美國政府資安解決方案合作，成立全資子公司 BlackBerry Goverment Solution
https://www.cool3c.com/article/141807

【打破傳統主控臺條列呈現，端點攻擊事件調查也可以非常酷炫】臺灣3大EDR系統功能總覽
https://www.ithome.com.tw/tech/129302

國際雲端信箱服務異常 Openfind 雲服務提供緊急收發救援
https://times.hinet.net/news/22274884

善用 Fortify 檢測工具建立應用程式安全性
https://marketing.ares.com.tw/dm/newsletter-2019-03-cyber-security/it

Fortify 程式碼檢測 全方位防範網路安全威脅與攻擊
https://marketing.ares.com.tw/dm/newsletter-2019-03-cyber-security/focus

F5 Acquires NGINX to Bridge NetOps & DevOps, Providing Customers with Consistent
Application Services Across Every Environment
https://bit.ly/2CicWeu

F5 Networks Acquires NGINX For $670 Million
https://bit.ly/2CjMhxU

G.政府

金融業雲端服務委外 金管會要求備退場機制
https://bit.ly/2NVjNiE

政院成立即時新聞澄清專區　公部門卻相互打臉
https://tw.appledaily.com/new/realtime/20190310/1530406/

雲嘉嘉南四縣市 智慧資安區域聯防啟動
https://udn.com/news/story/7326/3690497

防業界高薪挖角，行政院資安處竟想出
https://www.ptt.cc/bbs/Tech_Job/M.1517194818.A.7BD.html

5G國安監控比照大陸無所遁形？　蘇貞昌：用來服務人民不是監控
https://www.ettoday.net/news/20190312/1397150.htm

資訊系統分級與資安防護基準作業規定 108年3月5日停止適用
http://www.rootlaw.com.tw/LawArticle.aspx?LawID=A040020001004100-1080305

宜蘭縣政府強化資安，投入四千一百餘萬預算
https://bit.ly/2F6s4xj

世界第一新技術 蔡英文臉書高喊「台灣難波萬」
https://m.ltn.com.tw/news/politics/breakingnews/2726030

NCC：國安機制已啟動調查「關注31條」
https://bit.ly/2VXYOhR

有線電視收費上限600元、2台機上盒免費提供　業者盼不設限
https://tw.news.appledaily.com/life/realtime/20190314/1533048/

電信管理法初審通過　偏鄉將開放國內漫遊
https://tw.news.appledaily.com/life/realtime/20190314/1533047/

電信管理法初審 增訂國安條款
https://news.ltn.com.tw/news/focus/paper/1274264

反制一國兩制，蔡英文提指導綱領因應新型態國安威脅
https://www.ithome.com.tw/news/129322

國防安全研究院網路作戰講座　強化安全能量
https://n.yam.com/Article/20190314655994

中國騰訊疑鑽法律漏洞來台 陸委會：將與NCC、文化部等嚴格把關
https://bit.ly/2HnmA3B

中共邏輯異於常人 陸委會：應多翻牆
https://bit.ly/2HnhsfS

傳騰訊5月進軍台灣　陸委會示警：恐挾帶中國戰略指示
https://www.taiwannews.com.tw/ch/news/3658576

中國國台辦註冊台灣網域NCC軟綿綿無作為？ 綠委痛批：歐美都已加強戒備，「只有台灣繼續裝睡！」
https://bit.ly/2Y0Cy9g

ICO升級STO 金管會：相關法規預計6月出爐
https://bit.ly/2Co7HKk

Kolas：扯到「養網軍」太離譜了 政院新媒體勞務預算449萬
https://udn.com/news/story/12789/3698308

H.SCADA/ICS/工控系統

Kunbus工業網關爆高危漏洞，可被黑客控制
https://www.secrss.com/articles/8881

工控機與物聯網裝置所面臨的安全挑戰
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=8719

工業以太網交換機中的漏洞允許黑客攻擊
https://bit.ly/2JdYYjR

2018 A Defining Year for ICS Cyber Security Leader Nozomi Networks
https://www.apnews.com/Globe%20Newswire/deac1159f17c7bd52defbe6c207e7f46

I.教育訓練

107年度資安教育訓練-區塊鍊與虛擬貨幣發展趨勢
http://ic.cgu.edu.tw/ezfiles/18/1018/img/322/152228104.pdf

107年度資安教育訓練-智慧型行動裝置安全管理
http://ic.cgu.edu.tw/ezfiles/18/1018/img/322/746328414.pdf

108年度上半年資訊安全教育訓練教材
https://www.boaf.gov.tw/site/boaf/public/Attachment/931515585371.pdf

惡意程式發展趨勢及防範機制
https://bit.ly/2HleloP

AWS Certification Training Courses – Get 2019 Bundle @ 96% OFF
https://bit.ly/2UzTjFU


J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機

賽迪機器人報告：多款服務機器人存安全漏洞
https://news.sina.com.tw/article/20190315/30480188.html

消委會：家電引入通訊功能　籲慎用智能裝置保私隱
https://hk.on.cc/hk/bkn/cnt/news/20190314/bkn-20190314100027534-0314_00822_001.html

資安專家：汽車防盜系統可被遠端挾持，可能讓汽車更不安全
https://www.ithome.com.tw/news/129241

Pandora Viper 汽車防盜系統被曝漏洞，黑客可挾持車輛中途停車
http://www.sohu.com/a/300653890_100028490?sec=wd

培養第三語言能力 成大AI課程正流行
https://bit.ly/2F57uxr

邊緣運算在工業物聯網扮演的角色
https://tw.appledaily.com/new/realtime/20190313/1532042/

日月光整合資安、數位轉型 推動半導體工業4.0風險管理思維
https://news.cnyes.com/news/id/4288674?exp=b

風險與資安管理 SEMI：發展工業4.0的核心技術與挑戰
https://times.hinet.net/news/22272168

全球智能產品231億個 不設防小心成實境秀被看光光
https://udn.com/news/story/7240/3698851

居家遭陌生人看光光　消保處籲智能產品務必更改密碼
https://tw.appledaily.com/new/realtime/20190315/1533701/

網路攝影機恐讓私密外漏 消基會籲：別買白牌產品
https://news.ltn.com.tw/news/life/breakingnews/2727813

物聯網興起 智能產品隱私保護成課題
https://news.pts.org.tw/article/425654

物聯網怎麼防被「駭」？智能產品密碼確保複雜度
https://bit.ly/2O2YFac

駭客看光光！OL上班嚇傻「套房攝影機自轉」　消保處：別買白牌
https://www.ettoday.net/news/20190315/1400015.htm

This Week in Security News: IoT Threats and Risks
https://blog.trendmicro.com/this-week-in-security-news-iot-threats-and-risks/

Smart 'unhackable' car alarms open the doors of 3 million vehicles to hackers
https://www.zdnet.com/article/smart-car-alarms-opened-the-doors-of-3-million-vehicles-to-hackers/#ftag=RSSbaffb68

This Week in Security News: IoT Threats and Risks
https://blog.trendmicro.com/this-week-in-security-news-iot-threats-and-risks/

6.近期資安活動及研討會

 臺灣好厲駭資安實務培訓暨資安實務攻防研習營Hacking Weekend  3/16
 https://docs.google.com/forms/d/e/1FAIpQLSeGLmh8DnV3dvJpyDD1XF9wxQ9bM-yC6VYeJpR0XnCgSmWzYg/viewform

 【課程】社群力：Instagram 行銷策略，熱門 IG 必勝操作公式、平台關鍵數據分析，打造優質內容行銷  3/16
 https://www.techbang.com/posts/68116-course-society-qunli-instagram-marketing-strategy

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, March 20, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzfbbc/

 網路封包分析實務  3/20
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3833&from_course_list_url=homepage

 HackingThursday 固定聚會  March 21, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzfbcc/

 網路封包分析實務  3/21
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3833&from_course_list_url=homepage

 iOS反編譯及繞過相關檢測概念  3/22
 https://hackersir.kktix.cc/events/fcu190322

 【課程】深度學習 x 語意分析實戰，學習自然語言處理、語意分析的深入概念，從零打造真正懂語意的人工智慧  3/23
 https://www.techbang.com/posts/60588-course-deep-learning-practice-as-a-chat-robot

 國立交通大學 亥客書院 - 網路流量分析與檢測  3/23
 https://hackercollege.nctu.edu.tw/?p=1036

 UCCU 2019 技術交流小聚 3月  3/23
 https://kktix.com/events?utf8=%E2%9C%93&search=%E8%B3%87%E5%AE%89&start_at=2019%2F03%2F15

 Black Hat Asia 2019  2019年3月26-29日
 https://ubm.io/2zZu87q 

 「以AI之矛，攻AI之盾」研討會 3/27
 https://twnic-icann.kktix.cc/events/108-1

 kubernetes 入門實作  3/28
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3789&from_course_list_url=homepage

 HackingThursday 固定聚會  March 28, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzfblc/

 【課程】Webduino x AIoT 深度學習實作，自製 Camera 雲台機構、實作影像處理與物體追蹤，打造 AIoT 應用  3/30
 https://www.techbang.com/posts/63282-course-webduino-x-aiot-image-identification-practice

 Elixir台灣 台北 Meetup # Monday, April 1, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzgbcb/

 Modeling Sequences with Recurrent Neural Networks, RNN  Wednesday, April 3, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484461/

 網路封包分析實務  4/11
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3826&from_course_list_url=homepage

 【課程】大數據爬蟲技術實作，使用Python實作網路爬蟲，快速有效獲取大量資料，打造自動化金融數據平台  4/13
 https://www.techbang.com/posts/58613-course-python-crawler-technology-implementation

 2019 ICANN APAC-TWNIC Engagement forum  4/16~4/17
 https://forum.twnic.tw/

 Industrial Control Systems (ICS) Cyber Security Conference  APAC  April 16-18, 2019
 https://www.icscybersecurityconference.com/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, April 17, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzgbwb/

 網站弱點評估實務  4/18
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3830&from_course_list_url=homepage

 國立交通大學 亥客書院 - 緩衝區溢位攻擊與預防 新竹  4/20
 https://hackercollege.nctu.edu.tw/?p=1052

 資安健診  4/25
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3834&from_course_list_url=homepage

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 資安健診  5/9
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3827&from_course_list_url=homepage

 國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
 https://hackercollege.nctu.edu.tw/?p=1054

  iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
 https://cloudsummit.ithome.com.tw/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/

 網路封包分析實務  5/16
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3831&from_course_list_url=homepage

 源碼檢測實作  5/23
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3835&from_course_list_url=homepage

 第二十九屆全國資訊安全會議  5/23  ~ 5/24
 https://cisc2019.cs.pu.edu.tw/index.php

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com