跳到主要內容

資安事件新聞週報 2019/3/25 ~ 2019/3/29


資安事件新聞週報  2019/3/25  ~  2019/3/29

1.重大弱點漏洞
Drupal 存在安全性弱點
https://www.drupal.org/sa-core-2019-004

思科修補產品重大RCE漏洞
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16219

思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=50#~Vulnerabilities

Windows 10 與 Windows Server 2019 DHCP 存有可遠端執行程式碼的漏洞
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5087

Mozilla Firefox瀏覽器存在安全漏洞(CVE-2019-9810與CVE-2019-9813)
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1098

Mozilla Firefox瀏覽器存在安全漏洞,允許攻擊者遠端執行任意程式碼,請儘速確認並進行更新
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5089

Apache Solr存在安全漏洞(CVE-2019-0192)
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1096

Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting
https://www.exploit-db.com/exploits/46595

Apache Tomcat 阻斷服務漏洞
https://www.auscert.org.au/bulletins/77766

PuTTY存在多個安全性漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1430

研究發現羅技M185等熱門無線鼠標易受到MouseJack漏洞攻擊
https://bit.ly/2HJAnSk


WinRAR軟體漏洞曝光:可植入惡意文件 需儘快升級
https://read01.com/6BndjD5.html

Nullsoft Scriptable Install System (NSIS)軟體含有DLL Hijacking漏洞,影響多個 web 應用程式
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5090

WinRAR 先前修補好的長年漏洞,已用於多起 APT 攻擊事件
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=824

Google fixes Chrome 'evil cursor' bug abused by tech support scam sites
https://www.zdnet.com/article/google-fixes-chrome-evil-cursor-bug-abused-by-tech-support-scam-sites/#ftag=RSSbaffb68

Cisco bungled RV320/RV325 patches, routers still exposed to hacks
https://www.zdnet.com/article/cisco-bungled-rv320rv325-patches-routers-still-exposed-to-hacks/#ftag=RSSbaffb68

Microsoft officially designates Windows 10 1809 as ready for broad deployment
https://www.zdnet.com/article/microsoft-officially-designates-windows-10-1809-as-ready-for-broad-deployment/#ftag=RSSbaffb68

Microsoft Windows 7/2008 - 'Win32k' Denial of Service (PoC)
https://www.exploit-db.com/exploits/46604

Windows 10 update: The complete guide for businesses of every size
https://www.zdnet.com/article/windows-10-update-the-complete-guide/#ftag=RSSbaffb68

JVN#63981842 PowerActPro Master Agent Windows版におけるアクセス制限不備の脆弱性
https://jvn.jp/jp/JVN63981842/

Apache Tomcat の脆弱性 (CVE-2019-0199) について
https://www.jpcert.or.jp/newsflash/2019032601.html

Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)
https://www.exploit-db.com/exploits/46628

Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH Egghunter)
https://www.exploit-db.com/exploits/46625

VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation
https://www.exploit-db.com/exploits/46601

VMware Workstation 14.1.5 / VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation
https://www.exploit-db.com/exploits/46600

Apple 多個產品存在安全性弱點
https://support.apple.com/en-us/HT201222

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
金融資安演習 11月紅藍開戰
https://www.chinatimes.com/newspapers/20190322000339-260205

香港金管局:9月中對銀行網絡保安進行第三階段測試
http://hd.stheadline.com/news/realtime/fin/1462497/

香港金管局李達志:目標年內修訂網絡防衛計劃
https://bit.ly/2HHCpT4

香港作為國際金融中心,支付、融資、STO樣樣皆宜
http://news.knowing.asia/news/0e1cc40e-ccd9-4375-b99e-5c16e29ca596

永旺信用卡驚爆熄燈 6月起退出台灣
https://bit.ly/2HFpIIk

金管會:Apple Card此卡非彼卡 「非我所管」
https://udn.com/news/story/7239/3719017

電子貨幣、虛擬貨幣、數位通貨有何不同?兩張圖一次搞懂
https://money.udn.com/money/story/5613/3721397

香港銀行業新里程 3家網路銀行誕生
https://fnc.ebc.net.tw/FncNews/Content/75105

涉洗錢,瑞典銀行總部昨遭警方搜索
https://www.chinatimes.com/realtimenews/20190328004181-260410?chdtv

LINE Bank喊資料落地台灣 金管會:要確保資料監理得到
https://money.udn.com/money/story/5613/3723350

《金融》IFRS17對保險業衝擊,金管會:現在不能說
https://bit.ly/2TGBgwr

“Bad Tidings” Phishing Campaign Impersonates Saudi Government Agencies and a Saudi Financial Institution
https://www.anomali.com/blog/bad-tidings-phishing-campaign-impersonates-saudi-government-agencies-and-a-saudi-financial-institution

State-sponsored cyberattacks on banks on the rise: report
https://www.reuters.com/article/us-cyber-banks/state-sponsored-cyberattacks-on-banks-on-the-rise-report-idUSKCN1R32NJ

Meet Apple Card, no late fee: Apple becomes a banking player
https://www.zdnet.com/article/meet-apple-card-no-late-fee-apple-becomes-a-bank/#ftag=RSSbaffb68

Brazilian bank Bradesco reaches new AI high
https://www.zdnet.com/article/brazilian-bank-bradesco-reaches-new-ai-high/#ftag=RSSbaffb68

Hydro on Cyber ​​Gate Expert: The attempts to influence financial markets – Businesses
https://satmu.com/norway/hydro-on-cyber-%E2%80%8B%E2%80%8Bgate-expert-the-attempts-to-influence-financial-markets-businesses/

Despite arrests, FIN7 launched 2018 attack campaigns featuring new malware
https://www.scmagazine.com/home/security-news/despite-arrests-fin7-launched-2018-attack-campaigns-featuring-new-malware/

UN Security Council panel finds Cosmos Bank cyber attack motivated by N Korea
https://bit.ly/2Tyi3x7

3.電子支付/電子票證/行動支付/ 新聞及資安

搶進印度行動支付市場 小米在印度推出小米支付
https://tw.appledaily.com/new/realtime/20190321/1536710/

群創組聯盟 攻行動支付辨識
https://money.udn.com/money/story/5612/3676323

蘋果新服務搶先看 用戶隱私 滴水不漏
https://bit.ly/2Uckfic

4.支付系統 / 電子支付 / 行動支付
萬事達卡創新實驗室 要讓「萬物皆可付」成真
https://www.gvm.com.tw/article.html?id=60252

電子支付百家爭鳴 台灣普及率過半
https://bit.ly/2HW4tkO

免臨櫃結帳!全家宣布開通 Fami Pay 線上支付
https://www.inside.com.tw/article/15928-famipay-online-payment

中國人行:2019年要全面推廣移動支付系統
https://hk.on.cc/hk/bkn/cnt/finance/20190329/bkn-20190329173140726-0329_00842_001.html

5.虛擬貨幣/區塊鍊   新聞及資安
林一泓批遊戲點數卡公司不負責任 歐買尬以區塊鏈防詐騙
https://tw.appledaily.com/new/realtime/20190329/1541801/

推特創始人始終支持閃電網路、公開宣布定投比特幣、大力讚美區塊鏈
http://news.knowing.asia/news/b91f931a-0c0a-4641-918d-aa9d0f6a9a0c

區塊鏈安全 - 溢出的BEC漏洞
https://xz.aliyun.com/t/4387

資安大師大批區塊鏈其實沒那麼值得信任
https://www.ptt.cc/bbs/DigiCurrency/M.1552977689.A.74A.html

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體
病毒通告:Backdoor.Win32.SLUB.A 攻擊者透過後門執行惡意指令,以達成危害並影響系統
https://www.trendmicro.com/vinfo/tw/threat-encyclopedia/malware/Trojan.Win32.CVE20151701.E

喬治亞州傑克森郡政府遭勒索軟體攻擊
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16221

上周遭勒贖軟體癱瘓的挪威海德魯鋁業公司,部分業務已逐漸復原
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=828

新種Mirai殭屍網路死灰復燃,這次目標是企業級IoT裝置
https://www.ithome.com.tw/news/129449

假防毒軟體充斥社群媒體,誘騙點入釣魚網站
https://blog.trendmicro.com.tw/?p=59760

巨集病毒Powload 再進化:從無檔案式技巧到圖像隱碼術
https://blog.trendmicro.com.tw/?p=60072

新款Android木馬程式Gustuff鎖定金融程式與加密貨幣程式
https://www.ithome.com.tw/news/129672

VirusTotal debuts retro, simplified interface for legacy systems
https://www.zdnet.com/article/virustotal-launches-new-retro-simplified-interface/#ftag=RSSbaffb68

LockerGoga bug crashes ransomware before encrypting files
https://www.zdnet.com/article/lockergoga-bug-crashes-ransomware-before-encrypting-files/#ftag=RSSbaffb68

LockerGoga Ransomware Suspected in Two More Attacks
https://www.bankinfosecurity.com/lockergoga-ransomware-suspected-in-two-more-attacks-a-12242

ASUS releases fix for Live Update tool abused in ShadowHammer attack
https://www.zdnet.com/article/asus-releases-fix-for-live-update-tool-abused-in-shadowhammer-attack/#ftag=RSSbaffb68

Analysis of the ShadowHammer backdoor
https://mauronz.github.io/shadowhammer-backdoor/

ShadowHammer: Malicious updates for ASUS laptops
https://www.kaspersky.com/blog/shadow-hammer-teaser/26149/

'Operation ShadowHammer' Shows Weakness of Supply Chains
https://www.bankinfosecurity.com/operation-shadowhammer-shows-weakness-supply-chains-a-12251

Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers
https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers

Hijacked ASUS Live Update software installs backdoors on countless PCs worldwide
https://www.zdnet.com/article/supply-chain-attack-installs-backdoors-through-hijacked-asus-live-update-software/#ftag=RSSbaffb68

華碩電腦集體被植入後門病毒?卡巴斯基:恐百萬台華碩電腦中毒
https://applealmond.com/posts/50107

華碩電腦 Live Update遭駭,百萬使用者恐安裝惡意軟體
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=827

運用 GitHub 並透過 Slack 來通訊的最新 SLUB 後門程式
https://blog.trendmicro.com.tw/?p=59923

Buhtrap新動向:針對俄羅斯、白俄羅斯金融機構的攻擊活動
https://s.tencent.com/research/report/683.html

Norsk Hydro will not pay ransom demand and will restore from backups
https://www.zdnet.com/article/norsk-hydro-will-not-pay-ransom-demand-and-will-restore-from-backups/#ftag=RSSbaffb68

Norsk Hydro ransomware incident losses reach $40 million after one week
https://www.zdnet.com/article/norsk-hydro-ransomware-incident-losses-reach-40-million-after-one-week/#ftag=RSSbaffb68

Norsk Hydro's Ransomware Headache
https://www.bankinfosecurity.com/interviews/norsk-hydros-ransomware-headache-i-4277

Ransomware Attack Costs Norsk Hydro $40 Million - So Far
https://www.bankinfosecurity.com/ransomware-attack-costs-norsk-hydro-40-million-so-far-a-12269

Interception: Dissecting BokBot’s “Man in the Browser”
https://www.crowdstrike.com/blog/bokbots-man-in-the-browser-overview/

Due to the growing demand for Android banking malware, threat actors continue using Anubis even is the creator has vanished.
Introduction
https://securityaffairs.co/wordpress/82874/malware/anubis-ii-malware.html

KBuster: Fake Bank App in South Korean
https://ti.360.net/blog/articles/kbuster-fake-bank-app-in-south-korean-en/

Malware researchers at Cybaze-Yoroi ZLab team uncovered a new Ursnif malware campaign that reached several organizations across Italy
https://securityaffairs.co/wordpress/82921/malware/ursnif-threatening-italy.html

Report: Half of Breaches Trace to Hacking, Malware Attacks
https://www.bankinfosecurity.com/report-half-breaches-trace-to-hacking-malware-attacks-a-12255

Tinynuke Banking Trojan
https://www.pcrisk.com/removal-guides/14761-tinynuke-banking-trojan

Gustuff Android banking trojan targets 125+ banking, IM, and cryptocurrency apps
https://www.zdnet.com/article/gustuff-android-banking-trojan-targets-100-banking-im-and-cryptocurrency-apps/

TRICKBOT | TECHNICAL ANALYSIS OF A BANKING TROJAN MALWARE
https://www.sentinelone.com/blog/trickbot-technical-analysis-banking-trojan-malware/

B.行動安全 / iPhone / Android /穿戴裝置 /App

最新臺灣資安產業標準發展現況揭露,已有5家認可實驗室正式上路
https://www.ithome.com.tw/news/129458

愛情銀行App:因內容違規被監管部門強制要求下架整改
https://news.sina.com.tw/article/20190325/30629662.html

驚現安全漏洞 5G我們還能放心用嗎
https://iview.sina.com.tw/post/18831138

Presto手機應用漏洞 令乘車收費系統癱瘓
http://www.epochtimes.com/b5/19/3/19/n11125489.htm

資安業者:多款手機遊戲藏惡意廣告軟體 預估全球1.5億安卓使用者受害
https://www.ettoday.net/news/20190320/1403617.htm

全球1.5億安卓使用者受害!多款手機遊戲內藏惡意廣告軟體SimBad
https://newtalk.tw/news/view/2019-03-20/222414

Insecure UC Browser 'Feature' Lets Hackers Hijack Android Phones Remotely
https://bit.ly/2HZXdVm

Latest iOS 12.2 Update Patches Some Serious Security Vulnerabilities
https://bit.ly/2FJ7jrY

C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件

加密再加密!7招防盜 網路資產不外洩
https://bit.ly/2HU50Uw

英國國安單位:華為整體資安架構存有嚴重的系統化弊病
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=829

去年第四季 DDoS 攻擊量體大減 85%
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=825

巴基斯坦政府網站遭駭客植入按鍵記錄軟體
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=823

「火眼」揭秘中共網絡間諜機構APT40
https://hk.epochtimes.com/news/2019-03-18/12511001

數位戰爭 小國收編駭客戰隊
https://news.ltn.com.tw/news/world/paper/1276193

FTC asks broadband providers to disclose how they collect user data
https://www.zdnet.com/article/ftc-asks-broadband-providers-to-disclose-how-they-collect-user-data/#ftag=RSSbaffb68

Cyber attack on Dubai school network, parents warned
https://gulfnews.com/uae/cyber-attack-on-dubai-school-network-parents-warned-1.62883738

Credential stuffing attack: What is it and how to stay protected
https://cyware.com/news/credential-stuffing-attack-what-is-it-and-how-to-stay-protected-26185075

AT&T Cybersecurity Sets Sights on Threat Intelligence
https://www.bankinfosecurity.asia/att-cybersecurity-sets-sights-on-threat-intelligence-a-12246

Top dark web marketplace will shut down next month
https://www.zdnet.com/article/top-dark-web-marketplace-will-shut-down-next-month/#ftag=RSSbaffb68

Cyber attack targets Domestic Church Media audio files
https://trentonmonitor.com/main.asp?SectionID=5&SubSectionID=46&ArticleID=20394

Australia's Crypto-Cracking Law Is Spooking Big Tech
https://www.bankinfosecurity.com/australias-crypto-cracking-law-spooking-big-tech-a-12277

Leveraging Hidden DNS Information to Fight Threats
https://www.bankinfosecurity.com/leveraging-hidden-dns-information-to-fight-threats-a-12266

DOD launches milDrive, the US military's Dropbox clone
https://www.zdnet.com/article/dod-launches-mildrive-the-us-militarys-dropbox-clone/#ftag=RSSbaffb68

Report deems Russia a pioneer in GPS spoofing attacks
https://www.zdnet.com/article/report-deems-russia-a-pioneer-in-gps-spoofing-attacks/#ftag=RSSbaffb68

The Tao of Zero Trust
https://www.zdnet.com/article/the-tao-of-zero-trust/#ftag=RSSbaffb68

10 Things Security Analysts Can Do for Free in TC Open
https://threatconnect.com/10-things-security-analysts-can-do-for-free-tc-open/

Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage

New MageCart Attacks Target Bedding Retailers My Pillow and Amerisleep
https://bit.ly/2FxkPhf

Medtronic's Implantable Defibrillators Vulnerable to Life-Threatening Hacks
https://bit.ly/2FvICOk

Android WARNING: This scam could be draining your phone's battery life and data
https://www.express.co.uk/life-style/science-technology/1104566/Android-warning-smartphone-scam-draining-user-battery-and-internet-allowance

Informatica update revolves around multi-cloud, serverless, AI support
https://www.zdnet.com/article/informatica-update-revolves-around-multi-cloud-serverless-ai-support/#ftag=RSSbaffb68

Cryptocurrency platforms DragonEx and CoinBene disclose hacks
https://www.zdnet.com/article/cryptocurrency-platforms-dragonex-and-coinbene-disclose-hacks/#ftag=RSSbaffb68

North Korean hackers continue attacks on cryptocurrency businesses
https://www.zdnet.com/article/north-korean-hackers-continue-attacks-on-cryptocurrency-businesses/#ftag=RSSbaffb68

Corp IT- 資安網管工程師 (內湖)
https://m.104.com.tw/job/6jug6?jobsource=m104

板橋〈資安〉工程師
https://www.104.com.tw/job/?jobno=6jwq9

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
狂!報稅釣魚 電話、網路騙很大
https://vision.udn.com/vision/story/12935/3719769

假新聞等關鍵基礎設施攻擊將會更加氾濫,趨勢科技呼籲全民需提高發覺異常的意識
https://www.ithome.com.tw/news/129430

關鍵基礎設施包括網路架構與網站平台?趨勢:假消息會變換型式影響各國政經情勢
https://bit.ly/2HyV57i

強如 Google、Facebook 也難逃郵件詐騙,曾因此損失 1.23 億美元
https://bit.ly/2I3alsR

繳稅旺季!基隆市警局提醒誤陷詐騙圈套
https://tw.appledaily.com/new/realtime/20190329/1541800/

2018年全球身分外洩事件數量為2017年的4倍
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16220

Facebook 承認用明碼文字檔儲存數億用戶密碼
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=826

歷年十大資料外洩事件
https://blog.trendmicro.com.tw/?p=59745

Google 移除 23 億個廣告、帳戶,以發佈廣告政策管理工具
https://blog.trendmicro.com.tw/?p=60011

GDPR: Data Breach Notification 101
https://www.bankinfosecurity.asia/gdpr-data-breach-notification-101-a-12232

Facebook Mistakenly Stored Millions of Users' Passwords in Plaintext
https://bit.ly/2HEOTL9

Facebook takes down thousands of pages, groups, and accounts in fake news war
https://www.zdnet.com/article/facebook-takes-down-thousands-of-pages-groups-and-accounts-in-fake-news-war/#ftag=RSSbaffb68

Telegram now lets you remotely delete private chats from both devices
https://www.zdnet.com/article/telegram-now-lets-you-remotely-delete-private-chats-from-both-devices/#ftag=RSSbaffb68

E.研究報告
個案分析-網頁置換攻擊事件分析報告_10803
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019032804031111927055681912994.pdf

微軟安全響應中心手把手教學:如何撰寫高質量的漏洞報告
https://www.secrss.com/articles/9151

Kunpeng:一次跨語言跨平台漏洞檢測框架使用體驗和實踐
https://www.freebuf.com/sectool/197736.html

SAP 開源SCA 工具,掃描軟件包依賴漏洞
https://www.oschina.net/news/105254/sap-opensource-vulnerability-assessment-tool

CVE-2019-0604:一個SharePoint 的RCE 漏洞
https://www.anquanke.com/post/id/173476

Microsoft Edge CVE-2019-0539漏洞分析與利用
https://www.anquanke.com/post/id/173475

CVE-2019-5786 Chrome 遠程代碼執行漏洞分析
https://paper.seebug.org/862/

elFinder遠程代碼執行漏洞(CVE-2019-9194)分析復現附:利用POC
https://zhuanlan.zhihu.com/p/59554547

Cloudflare開源能夠檢測HTTPS攔截的函式庫MITMEngine
https://www.ithome.com.tw/news/129455

Researchers find 36 new security flaws in LTE protocol
https://www.zdnet.com/article/researchers-find-36-new-security-flaws-in-lte-protocol/#ftag=RSSbaffb68

Critical flaw revealed in Facebook Fizz TLS project
https://www.zdnet.com/article/critical-flaw-revealed-in-facebook-fizz-tls-project/#ftag=RSSbaffb68

OSIF – Open Source Information Facebook
https://haxf4rall.com/2019/03/24/open-source-information-facebook/

Mac Forensics — No One Said It Would Be Easy
https://medium.com/dfir-dudes/mac-forensics-no-one-said-it-would-be-easy-8bf2f5e4956c

Over 100,000 GitHub repos have leaked API or cryptographic keys
https://www.zdnet.com/article/over-100000-github-repos-have-leaked-api-or-cryptographic-keys/

Webtech - Identify Technologies Used On Websites
https://www.kitploit.com/2019/03/webtech-identify-technologies-used-on.html

yampelo/beagle
https://github.com/yampelo/beagle

JPCERTCC/DetectLM
https://github.com/JPCERTCC/DetectLM

The Hunter Games
http://10degres.net/platform-tournament/index.html

Modlishka - An Open Source Phishing Tool With 2FA Authentication
https://www.kitploit.com/2019/02/modlishka-open-source-phishing-tool.html

GitHub key leaks and how to prevent them
https://www.kaspersky.com/blog/tokens-on-github/26238/?utm_source=dlvr.it&utm_medium=twitter

mkYARA – Writing YARA rules for the lazy analyst
https://blog.fox-it.com/2019/03/28/mkyara-writing-yara-rules-for-the-lazy-analyst/

Threat Hunting in Linux for Indicators of Rocke Cryptojacking
https://redcanary.com/blog/rocke-cryptominer/?utm_content=88188781&utm_medium=social&utm_source=linkedin&hss_channel=lcp-3621373

Threat Research Commando VM: The First of Its Kind Windows Offensive Distribution
https://www.fireeye.com/blog/threat-research/2019/03/commando-vm-windows-offensive-distribution.html

fireeye/commando-vm
https://github.com/fireeye/commando-vm

F.商業
LINE將在臺建置網路資料中心,預計今年第三季建置完成
https://www.ithome.com.tw/news/129579

趨勢科技籲:潛在資安風險不容小覷
https://www.chinatimes.com/realtimenews/20190319001472-260410?chdtv

橋接國內業者與東南亞夥伴,跨出臺灣資安產業國際化的關鍵大步
https://ithome.com.tw/pr/129388

思科資安總工程師:應對雲端、多雲新威脅,企業防禦不僅要綜觀全局,更得要採取新一代資安防護架構迎戰
https://www.ithome.com.tw/news/129440

台灣自主研發資安產品 強攻國際市場
https://money.udn.com/money/story/5613/3705507

Windows Calculator will get a 'graphing mode'
https://www.zdnet.com/article/windows-calculator-will-get-a-graphing-mode/#ftag=RSSbaffb68

Microsoft Brings Defender ATP Platform to macOS
https://www.bankinfosecurity.com/microsoft-brings-defender-atp-platform-to-macos-a-12227

Microsoft expands its patent protection program to include Azure-powered IoT devices
https://www.zdnet.com/article/microsoft-expands-its-patent-protection-program-to-include-azure-powered-iot-devices/#ftag=RSSbaffb68

Facebook charged with violating Fair Housing Act through discriminatory ad targeting
https://www.zdnet.com/article/facebook-charged-with-violating-fair-housing-act-through-discriminatory-ad-targeting/#ftag=RSSbaffb68

Get 4 Essential CyberSecurity Software For Less Than $10 Per Month
https://bit.ly/2U0578n

G.政府
立院三讀通過銀行法、證券交易法修正案
https://bit.ly/2HTmznA

民間版鐵路訂票APP侵權 研發者賺70萬罰6萬
https://www.chinatimes.com/realtimenews/20190319002532-260402?chdtv

雲端個資 金管會3防線保護
https://ec.ltn.com.tw/article/paper/1277404

雲端資料管理辦法 兩原則出爐
https://bit.ly/2FA5TyU

防無人機闖機場 立委提加裝GPS及電子圍籬
https://udn.com/news/story/6656/3707747?from=udn-ch1_breaknews-1-cate1-news

騰訊入侵走愛奇藝模式部會踢皮球 開十次會無法度
https://ec.ltn.com.tw/article/breakingnews/2732751

中國OTT鑽漏洞攻台 沈榮津:跨部會研擬防堵
https://bit.ly/2UjIfjt

有關「政府機關(構)資通安全責任等級分級作業規定」、
「資訊系統分級與資安防護基準作業規定」、「國家資通安全通報應變作業綱要」自即日停止適用
https://www.thu.edu.tw/web/announcement/announcement_detail.php?cid=10&id=14225

台立委警告:中資包辦台鐵 高鐵 北捷Wi-Fi
http://www.epochtimes.com/b5/19/3/18/n11122129.htm

陸資取得公共無線網路標案? 政院:暫無疑慮
https://www.chinatimes.com/realtimenews/20190319004311-260407?chdtv

台鐵捷運WiFi標案 政院:未使用陸資設備
https://www.cna.com.tw/news/aie/201903190308.aspx

中科院:武器銷售依規範 勿信假訊息
https://bit.ly/2TJ02MG

政府攜手民間 建構堅強資安防禦力
https://bit.ly/2FEqlOO

政院強化公部門資安維護 資安長會議登場
https://m.ltn.com.tw/news/politics/breakingnews/2732725

「中國是資安最大威脅」 陳其邁:檢討採購法讓預算合理編列
https://tw.appledaily.com/new/realtime/20190320/1536911/

H.SCADA/ICS/工控系統
【港鐵出事警號】 SCADA/ICS 系統失陷引爆大災難
https://bit.ly/2Uo7D7S

拒絕成為下個受駭者! 全球關鍵基礎設施成資安攻防重點
https://bit.ly/2JOBRg6

I.教育訓練
看新聞學資安
https://www-ws.gov.taipei/001/Upload/305/relfile/11455/4360/cb3baf9e-604e-4809-9a31-b6864995ab8f.pdf

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
工業資安潛在風險要警覺 趨勢科技分享應防這些駭客技術
https://www.nownews.com/news/20190318/3277296/

搶攻IIoT全球標準 日Edgecross整合同業並朝東亞擴大市場
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000555854_QV670IDB6ZKJ6H3ZT124Y

6.近期資安活動及研討會

  【課程】Webduino x AIoT 深度學習實作,自製 Camera 雲台機構、實作影像處理與物體追蹤,打造 AIoT 應用  3/30
 https://www.techbang.com/posts/63282-course-webduino-x-aiot-image-identification-practice

 Elixir台灣 台北 Meetup # Monday, April 1, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzgbcb/

 Modeling Sequences with Recurrent Neural Networks, RNN  Wednesday, April 3, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484461/

 網路封包分析實務  4/11
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3826&from_course_list_url=homepage

 【課程】大數據爬蟲技術實作,使用Python實作網路爬蟲,快速有效獲取大量資料,打造自動化金融數據平台  4/13
 https://www.techbang.com/posts/58613-course-python-crawler-technology-implementation

 對不起駭到你  4/13
 https://tfc.kktix.cc/events/hacking-you-sorry?locale=en

 2019 ICANN APAC-TWNIC Engagement forum  4/16~4/17
 https://forum.twnic.tw/

 Industrial Control Systems (ICS) Cyber Security Conference  APAC  April 16-18, 2019
 https://www.icscybersecurityconference.com/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, April 17, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzgbwb/

 網站弱點評估實務  4/18
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3830&from_course_list_url=homepage

 國立交通大學 亥客書院 - 緩衝區溢位攻擊與預防 新竹  4/20
 https://hackercollege.nctu.edu.tw/?p=1052

 資安健診  4/25
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3834&from_course_list_url=homepage

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 資安健診  5/9
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3827&from_course_list_url=homepage

 國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
 https://hackercollege.nctu.edu.tw/?p=1054

  iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
 https://cloudsummit.ithome.com.tw/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/

 網路封包分析實務  5/16
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3831&from_course_list_url=homepage

 源碼檢測實作  5/23
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3835&from_course_list_url=homepage

 第二十九屆全國資訊安全會議  5/23  ~ 5/24
 https://cisc2019.cs.pu.edu.tw/index.php

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com





留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…

6月份資安、社群活動分享

6月份資安、社群活動分享

 學生資安新手村 相關活動整理  淡江大學場  工作坊  6/1(六) 10:00 - 16:00
 https://forms.gle/aBgGfLUYcvJh7hzk9

 學生資安新手村 相關活動整理  高雄科技大學場 06/02(日) 08:30~18:00
 https://nkust-itc.kktix.cc/events/security-beginner-workshop

 資安新手村-網站照妖鏡 SITCON x NKUST_CSIE & ITC  6/2
 https://nkust-itc.kktix.cc/events/security-beginner-workshop

 PyTorch Tainan x CCNS 聚會 #23  6/2
 https://pytorch-tainan.kktix.cc/events/2019-06-02-m23?fbclid=IwAR1s_n_piEyMN0e8NMHk-jjP97-1mjqI-favSKBAdxAglQ3j1aN17_fMmbk

 【課程】Raspberry Pi 相機 x OpenCV 進階應用:攝影拍照、人臉偵測、影像處理與實作 6/2
 https://www.techbang.com/posts/69830-course-raspberry-pi-camera-x-opencv-photo-photography-face-detection-image-processing-and-application

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 TW BECKS No.2 6/3
 https://becks.kktix.cc/events/20190603

 軟體安全性測試實務 6/3 ~ 6/4
 https://www.accupass.com/event/1904230701335964656400