跳到主要內容

資安事件新聞週報 2019/3/4 ~ 2019/3/8


資安事件新聞週報  2019/3/4  ~  2019/3/8

1.重大弱點漏洞

NetApp SnapCenter Server 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15515

QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
https://www.exploit-db.com/exploits/46506

Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
https://www.exploit-db.com/exploits/46509

FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)
https://www.exploit-db.com/exploits/46508

部份單位「學生出入校園管理系統」存在資料庫注入攻擊漏洞
https://cert.tanet.edu.tw/images/20190306.jpg

Android TV 隱私出大包 暫停 Google Photos 連動,曝露數百帳號與資料圖片
https://www.kocpc.com.tw/archives/246931

Fortinet 產品FortiOS(5.6.0)等多個漏洞
https://www.auscert.org.au/bulletins/76446
https://www.auscert.org.au/bulletins/76450

Wireshark Radiotap解析器拒絕服務漏洞
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ac83382dc49f9f7b62bffb3cfc508cdaa1e7be5

IBM WebSphere Application Server 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4030

Xen 多個漏洞
https://www.auscert.org.au/bulletins/76554
https://www.auscert.org.au/bulletins/76550

X-Force Red在五大訪客管理系統發現19個安全漏洞
https://www.ithome.com.tw/news/129108

自動化的資安隱憂,訪客系統成竊取資料的熱點
http://technews.tw/2019/03/05/the-security-concerns-of-automation-visitor-system-might-be-the-hot-spot-of-data-thief/

Google 又在 Apple 推出修補前公開了一個 Mac 上嚴重的安全漏洞
https://chinese.engadget.com/2019/03/05/google-discloses-high-severity-mac-security-flaw/


Outdoor Tech's Chips滑雪頭盔揚聲器是一大堆安全漏洞
https://bit.ly/2IXRwt5

NVIDIA坦承驅動程式隱含高風險漏洞,建議升級至419.17之後版本
https://bit.ly/2VzkqkM

NVIDIA 公佈驅動程式潛在高風險漏洞,建議升級至 419.17 或更新版本
https://hk.xfastest.com/24346/nvidia-gpu-driver-vulnerability-419-17/

UBUNTU 16.04.6 LTS發布:緊急修復APT漏洞
https://bit.ly/2EtjPKp

威脅預警| Nexus Repository Manager三個新漏洞已被用於挖礦木馬傳播
https://www.freebuf.com/vuls/197200.html

vBulletin 3.8.x vBadvanced CMPS v3.2.3 Open Redirection
https://cxsecurity.com/issue/WLB-2019030003

McAfee Endpoint Security 後置鏈接漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3582

Huawei P20 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5306

Freeware Advanced Audio Coder無效內存地址解引用漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19888

Freeware Advanced Audio Decoder 2緩衝區溢出漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196

GNU LibreDWG零指針漏洞
https://github.com/LibreDWG/libredwg/issues/32

Cisco 多個產品存在安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-wmda-cmdinj

思科修复 RV110W、RV130W和RV215W 路由器中的 RCE 漏洞
http://www.codesafe.cn/index.php?r=news/detail&id=4738

思科修補多款防火牆路由器中的重大RCE漏洞
https://www.ithome.com.tw/news/129047

Hackers have started attacks on Cisco RV110, RV130, and RV215 routers
https://www.zdnet.com/article/hackers-have-started-attacks-on-cisco-rv110-rv130-and-rv215-routers/#ftag=RSSbaffb68

Cisco tells Nexus switch owners to disable POAP feature for security reasons
https://www.zdnet.com/article/cisco-tells-nexus-switch-owners-to-disable-poap-feature-for-security-reasons/#ftag=RSSbaffb68

Adobe 已發布安全更新以解決 ColdFusion 存在安全性弱點
https://www.us-cert.gov/ncas/current-activity/2019/03/01/Adobe-Releases-Security-Updates-ColdFusion

Adobe發布帶外更新以修補ColdFusion零日
http://www.sohu.com/a/298766939_114877

Adobe releases out-of-band update to patch ColdFusion zero-day
https://www.zdnet.com/article/adobe-releases-out-of-band-update-to-patch-coldfusion-zero-day/#ftag=RSSbaffb68

JVN#69181574 Windows 7 における DLL 読み込みに関する脆弱性
https://jvn.jp/jp/JVN69181574/

微軟釋出Spectre v2修補程式給Win 10 1809用戶
https://www.ithome.com.tw/news/129055

Windows 10漏洞可能導致駭客接管物聯網裝置
https://www.ithome.com.tw/news/129106

Drobo 5N2網絡流量攔截漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14708

Open source software breaches surge in the past 12 months
https://www.zdnet.com/article/open-source-software-breaches-surge-in-the-past-12-months/#ftag=RSSbaffb68

Google: Chrome zero-day was used together with a Windows 7 zero-day
https://www.zdnet.com/article/google-chrome-zero-day-was-used-together-with-a-windows-7-zero-day/#ftag=RSSbaffb68

Chrome攻擊程式也涉及Windows零時差漏洞
https://www.ithome.com.tw/news/129193

CVE-2019-5786:chrome在野利用0day漏洞預警
https://www.anquanke.com/post/id/172383

Chrome瀏覽器打開PDF文件即洩露信息0day預警
https://www.secrss.com/articles/8684

Google Chrome快更新!工程師爆重大漏洞 易遭駭客攻擊
https://tw.appledaily.com/new/realtime/20190308/1529607/

Google Chrome 72.0.3626.121 發布,修復PDF組件洩漏信息漏洞
https://www.linuxidc.com/Linux/2019-03/157258.htm

黑客利用 Chrome 漏洞,網上打開 PDF 即入侵
https://bit.ly/2NIQEqS

Google’s Project Zero reveals zero-day macOS vulnerability to the public
https://www.zdnet.com/article/googles-project-zero-discloses-zero-day-macos-vulnerability/#ftag=RSSbaffb68

New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild
https://bit.ly/2XFJOqC

Google Discloses Unpatched 'High-Severity' Flaw in Apple macOS Kernel
https://bit.ly/2TFJcT3

谷歌安全團隊發現蘋果macOS漏洞至今尚未修復
https://tech.sina.cn/mobile/xp/2019-03-05/detail-ihsxncvf9856383.d.html?from=wap

Dell EMC RSA Archer信息洩露漏洞
http://www.cnvd.org.cn/patchInfo/show/155099

Firefox to add Tor Browser anti-fingerprinting technique called letterboxing
https://www.zdnet.com/article/firefox-to-add-tor-browser-anti-fingerprinting-technique-called-letterboxing/#ftag=RSSbaffb68

政府推出第二個網絡安全漏洞懸賞計劃共測出26個漏洞
https://www.8world.com/news/singapore/article/bug-bounty-programme-667601

電子學習平台Moodle出現嚴重CSRF缺陷
http://120.127.48.193/mod/forum/discuss.php?d=248

360發現安卓系統內核通殺漏洞潛在安全影響極其廣泛
https://www.landiannews.com/archives/56197.html

英特爾處理器再現「推測執行」漏洞,研究人員展示攻擊手法
https://www.ithome.com.tw/news/129132

JVN#40288903 Dradis Community Edition および Dradis Professional Edition におけるクロスサイトスクリプティングの脆弱性
https://jvn.jp/jp/JVN40288903/

2.銀行/金融/保險/證券/支付系統/ 新聞及資安

樂天銀行社長:有信心取得純網銀執照 3年內獲利
https://taronews.tw/2019/03/01/267211/

經濟制裁缺錢!美官員示警銀行:北韓駭客恐大規模攻擊
https://ec.ltn.com.tw/article/breakingnews/2714731

美指朝鮮因缺錢 網襲全球銀行
https://bit.ly/2HdkK4v

全國政協委員江浩然:建議多部門聯合打擊涉銀行卡犯罪
https://www.finet.hk/newscenter/news_content/5c7a1b78bde0b360bf55e127

私下換匯疑渉洗錢 英國凍結中國留學生銀行帳戶
https://news.ltn.com.tw/news/world/breakingnews/2713757

內地老牌P2P公司點融大幅關店裁員 銀行加速與網貸切割
https://bit.ly/2C59wf0

王冬勝:內地防範金融風險須建立三道防線
https://bit.ly/2SJgXhJ

純網銀、網銀業務競爭?張兆順:客戶不衝突
https://tw.appledaily.com/new/realtime/20190304/1527232/

元大金旗下元大銀攜手財金公司 發展API技術介接「金融區塊鏈函證」
https://news.cnyes.com/news/id/4285182

網易金融的「加減法」:如今僅剩支付和網路小貸
https://news.sina.com.tw/article/20190305/30318790.html

提款機亭遭BB彈射擊 玻璃門碎蜘蛛網狀
https://bit.ly/2SOBe5o

10天后關門停業 又一家互聯網保險公司網易保險倒下
https://news.sina.com.tw/article/20190305/30334268.html

當美國零售巨頭棄用VISA信用卡,閃電網路將迎來上升期
http://news.knowing.asia/news/ada1ccf0-ca85-4752-9dee-938de6347401

純網銀時代 勤業眾信:資安需加強
https://www.wantgoo.com/news/content/index?id=941430

國票金董座魏啟林:純網銀打的是服務戰 非價格戰
https://news.cnyes.com/news/id/4285333

國泰金控3千坪青埔資訊中心什麼模樣?未來完工模擬圖首度曝光
https://www.ithome.com.tw/news/129130

純網銀時代 勤業眾信:資安需加強
https://udn.com/news/story/7239/3679343

金融科技新挑戰,法遵科技與資安應用的新視野
https://money.udn.com/money/story/5613/3682701

駭客愛攻擊網購平台 竊信用卡個資高價賣
https://www.cardu.com.tw/news/detail.php?37661

4金控釋2萬職缺 洗錢防制、大數據分析也可捧銀行金飯碗
https://www.ettoday.net/news/20190303/1390530.htm

銀行大舉徵才 送出國培訓
https://bit.ly/2IRvCHP

銀行金飯碗來了 四大金控釋2萬職缺
https://money.udn.com/money/story/5613/3674695

第一銀行3月招考簡章公告
https://www.public.com.tw/news-20190302/1

第一銀行儲備核心人才招募
https://firstloan.firstbank.com.tw/FCB/2019MA/ma.html

第一銀行儲備核心人員徵選 開缺50名薪資52K起
https://www.3people.com.tw/Content/News/Article?ContentID=6678f038-9af1-4dc8-9298-45e4b77c52d4

中信銀挑外派人員 三條件
https://udn.com/news/story/7239/3675701

合庫銀行今年擴大徵才 將招募680人
https://udn.com/news/story/7239/3682260

玉山金今年招募500人 MA占50位
https://money.udn.com/money/story/5613/3681015

金融業向跨領域人才招手 最愛資工、人文數理第二
https://udn.com/news/story/6842/3682570

捧銀行金飯碗不限財管背景 AI法遵成獵才目標
https://bit.ly/2tW9VMk

彰化銀行招考儲備核心業務開缺50名
https://www.3people.com.tw/Content/News/Article?ContentID=129e2e65-ae2c-40c1-a33e-8bfef2805dd9

North Korean-backed bank hacking on the rise, US officials say
https://edition.cnn.com/2019/03/01/politics/north-korea-cyberattacks-cash-bank-heists/index.html

Research Announcement: Moody's - Credit implications of cyberattacks will hinge on long-term
business disruptions and reputational impacts
https://bit.ly/2TgyD9p

5 Methods Hackers Use to Break Into Your Bank Account
https://www.makeuseof.com/tag/methods-hackers-bank-account/

Bank of England to test banks' resilience to cyber attacks
https://www.reuters.com/article/us-boe-cyber-tests/bank-of-england-to-test-banks-resilience-to-cyber-attacks-idUSKCN1QM1H7?rpc=401&

Financial Industry Getting Hammered with Cyber-Attacks
https://www.dataprivacyandsecurityinsider.com/2019/03/financial-industry-getting-hammered-with-cyber-attacks/

Could a Cyber-Attack Cause the Next Financial Crisis
https://investingmatters.co.za/could-a-cyber-attack-cause-the-next-financial-crisis/

Carbon Black and Optiv pinpoint 160% upturn in destructive cyber attacks on financial sector
https://www.risk-uk.com/carbon-black-and-optiv-pinpoint-160-upturn-in-destructive-cyber-attacks-on-financial-sector/

3.電子支付/電子票證/行動支付/ 新聞及資安

即時支付系統 在美難產
https://money.udn.com/money/story/10868/3672325

支付寶殺進 改變日本付款習慣
https://udn.com/news/story/7333/3678377

中國客遊日愛用行動支付 正在改變日本的支付習慣
https://bit.ly/2XEDKin

亞馬遜與墨西哥央行合作推廣行動支付系統
https://news.cnyes.com/news/id/4286106?exp=a

墨西哥將推官方行動支付,傳由亞馬遜提供技術
http://technews.tw/2019/03/06/mexico-will-push-official-action-payments-passed-by-amazon-to-provide-technology/

星巴克獲Bakkt股份,以支持加密支付計畫
http://news.knowing.asia/news/312c9236-55a9-46ef-acaf-cecbc94eae1e

4.虛擬貨幣/區塊鍊   新聞及資安

Coinomi 錢包存在嚴重漏洞,用戶密碼易被“中間人”竊取
https://www.chainnews.com/articles/665834946210.htm

Boost 電子錢包遭盜用RM2000多!安全漏洞與保護解決方法
https://bit.ly/2HdAvIF

Coinbase 收購「親政府駭客團隊」,用戶怒言「刪帳號」向互聯網公敵表示抗議
https://www.blocktempo.com/angry-bitcoin-fans-delete-coinbase-accounts/

MaiCoin送件 國內首例
https://money.udn.com/money/story/5613/3675743

〈區塊鏈大應用〉沙烏地阿拉伯ATM供應商開發區塊鏈生物辨識ATM
https://fnc.ebc.net.tw/FncNews/else/72014

摩根大通、Facebook發幣!將開啟通證經濟元年
http://news.knowing.asia/news/7f5dd383-d6d6-4208-8f9b-8647b4671633

基於區塊鏈技術的身分驗證方興起,強調零信任與去識別化
https://www.ithome.com.tw/news/129143

趨勢科技:虛擬貨幣挖礦攻擊日益崛起 年增237%
https://tw.appledaily.com/new/realtime/20190304/1527209/

口碑優良的Coinbase,最近陷入人們的口誅筆伐
http://news.knowing.asia/news/67d2eb10-7ae9-4f82-9aca-6398a4ce40ed

用產品生命週期觀點看待區塊鏈
https://www.digitimes.com.tw/col/article.asp?id=1012

中國新挖礦集團瞄準Linux伺服器
https://www.zdnet.com/article/linux-servers-targeted-by-new-chinese-crypto-mining-group/#ftag=RSSbaffb68

Linux servers targeted by new Chinese crypto-mining group
https://www.zdnet.com/article/linux-servers-targeted-by-new-chinese-crypto-mining-group/#ftag=RSSbaffb68

Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down
https://bit.ly/2H2gVQx

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體

漏洞曝露數千個惡意程式C&C伺服器位址
http://www.xda.cn/keji/20190301/031997.html

2018資安總評 亞洲成WannaCry病毒重災區
https://ec.ltn.com.tw/article/breakingnews/2715613

首爆新型ibus蠕蟲,利用熱門漏洞瘋狂挖礦牟利
https://segmentfault.com/a/1190000018382648

威脅預警| Nexus Repository Manager三個新漏洞已被用於挖礦木馬傳播
https://www.freebuf.com/vuls/197200.html

暴露的Docker控制API及社區版本映像檔,散布挖礦病毒
https://blog.trendmicro.com.tw/?p=59754

《 電腦病毒史》 3月6日 米開朗基羅病毒 28 歲了
https://blog.trendmicro.com.tw/?p=4327

惡意軟體如何利用Intel的SGX Enclaves躲避防毒軟體偵測
https://blog.trendmicro.com.tw/?p=59709

騰訊安全:WinRAR漏洞被利用傳播木馬可“打劫”比特幣錢包
https://guanjia.qq.com/news/n3/2490.html

New SLUB Backdoor Uses GitHub, Communicates via Slack
https://bit.ly/2HlUl4P

Ursnif Trojan Was Resurrected and Now It Targets Your Passwords
https://www.cyclonis.com/ursnif-trojan-resurrected-now-targets-your-passwords/

Qbot banking malware is back – and even cybersecurity vendors are infected
https://www.verdict.co.uk/qbot-banking-malware/

Fake Browser Updates Push Ransomware and Bank Malware
https://blog.sucuri.net/2019/02/fake-browser-updates-push-ransomware-and-bank-malware.html

Breakdown of a Targeted DanaBot Attack
https://www.fortinet.com/blog/threat-research/breakdown-of-a-targeted-danabot-attack.html

Cyber News Rundown: Botnet Hijacks Browsers
https://www.webroot.com/blog/2019/03/01/cyber-news-rundown-botnet-hijacks-browsers/

Exposed Docker Control API and Community Image Abused to Deliver Cryptocurrency-Mining Malware
https://bit.ly/2C1529t

Ransomware attack on Israeli users fails miserably due to coding error
https://www.zdnet.com/article/ransomware-attack-on-israeli-users-fails-miserably-due-to-coding-error/#ftag=RSSbaffb68

Researchers uncover ring of GitHub accounts promoting 300+ backdoored apps
https://www.zdnet.com/article/researchers-uncover-ring-of-github-accounts-promoting-300-backdoored-apps/#ftag=RSSbaffb68

The Supreme Backdoor Factory
https://dfir.it/blog/2019/02/26/the-supreme-backdoor-factory/

Fileless Banking Trojan Targeting Brazilian Banks Downloads Possible Botnet Capability, Info Stealers
https://bit.ly/2IRJ1jd

Massive Ransomware Attack On Israeli Websites Foiled
https://hackercombat.com/massive-ransomware-attack-on-israeli-websites-foiled/

Attack Campaign Targets Organizations Worldwide With New Qbot Banking Malware Variant - Security Intelligence
https://bit.ly/2ECmUIg

Beware of Fake 'WhatsApp Web' Spreading Banking Trojan
https://thehackernews.com/2015/02/whatsapp-web-malware.html

Ransomware cripples Jackson County computer system
http://accesswdun.com/article/2019/3/770121/ransomware-cripples-jackson-county-computer-system

Banking Trojans flood the enterprise, Android attacks surge
https://www.zdnet.com/article/banking-trojan-attacks-flood-the-enterprise-sector/#ftag=RSSbaffb68

B.行動安全 / iPhone / Android /穿戴裝置 /App

App採臉書帳號 資安業者:蒐集個資三大風險
http://www.epochtimes.com/b5/19/3/1/n11081706.htm

越獄開發者PsychoTea 釋出iOS 11~12.1.2 內核漏洞,可用於A7~A9 設備
https://mrmad.com.tw/machswap

iOS 12 annoyances, and how to fix them
https://www.zdnet.com/pictures/ios-12-annoyances-and-how-to-fix-them/#ftag=RSSbaffb68

盜刷盛行小額多筆 手機防毒App記得裝
https://udn.com/news/story/12861/3672591

用FB也要繳稅!烏干達上百萬人停用社群軟體
https://ec.ltn.com.tw/article/breakingnews/2716773

中共今年再降手機和網路費用
https://money.udn.com/money/story/5604/3678083

駭客踢爆中國監視數據庫 這些App每天被盜數億筆個資
https://news.ltn.com.tw/news/world/breakingnews/2716291

資安專家:中國通訊軟體 聊天內容直通公安局
https://tw.appledaily.com/new/realtime/20190304/1527228/

個資可能被看光 杜奕瑾:別用中國App和設備
https://www.cna.com.tw/news/firstnews/201903040317.aspx

中國數位監控 微信聊天不安全
https://news.ltn.com.tw/news/world/paper/1271819

細思極恐!超強駭客驚爆中國監視數據、竟這樣看你聊天
https://www.setn.com/News.aspx?NewsID=507247

【別用中國設備與 App】在中國設廠還想保有隱私?杜奕瑾:可能活不下去
https://buzzorange.com/techorange/2019/03/05/ppt-father-information-security/

中國天網外洩 個資、對話記錄即時監控!杜奕瑾:別用中國 App 和設備
https://www.inside.com.tw/article/15734-Massive-Database-Leak-Gives-Us-a-Window-into-Chinas-Digital-Surveillance-State

個資全都露! PTT之父呼籲別用大陸App跟手機
https://www.chinatimes.com/realtimenews/20190306000003-260412

黑客揭露中國大陸社交媒體信息被全面監控,自由聊天為何那麼難
https://theinitium.com/roundtable/20190304-roundtable-zh-haker-OxDUDE/

手機成監控設備 杜奕瑾示警中共隱私竊密
http://www.ntdtv.com.tw/b5/20190307/video/241264.html

香港地區 Google Play 商店應用程式保安風險報告 (2019年2月)
https://www.hkcert.org/my_url/zh/blog/19022801

Android 應用安全性改進: 全面助力打造"零漏洞" 應用
https://juejin.im/post/5c807af06fb9a049eb3cb599

智慧型手機竟成了監控設備?這三項個資最容易被出賣
https://bit.ly/2tUxFkf

智慧手機太方便 恐成駭客搖錢樹
https://bit.ly/2EHGNh6

臉書轉型!將構建隱私保護通訊平台
https://www.rti.org.tw/news/view/id/2013767

Facebook 即時通也爆漏洞 :你跟誰聊天過都能被查出
https://www.kocpc.com.tw/archives/247500

驚!非 Facebook 用戶也會被追蹤!這三款 Android 系統 APP 竟會自動傳送數據給臉書
https://www.limitlessiq.com/news/post/view/id/8923/

Some Android VPN apps request access to sensitive permissions they don't need
https://www.zdnet.com/article/some-android-vpn-apps-request-access-to-sensitive-permissions-they-dont-need/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件

防杜 DNS 攔截攻擊事件,ICANN 發文敦促技術升級
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=813

更厲害的來了,透過Windows 10 on Arm在Switch上執行真正的Windows作業系統
https://bit.ly/2SQIvSd

偽造的瀏覽器更新通知再度泛濫,可能導致電腦遭勒贖
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=814

研究人員發現大量Docker主機防護不足,而淪為挖礦工具
https://www.ithome.com.tw/news/129127

網路攻擊威脅逾百億元 全球資安人力缺口達293萬人
https://ec.ltn.com.tw/article/breakingnews/2718486

《2019年網路安全報告》出爐 台灣受攻擊次數是全球平均2倍
https://ec.ltn.com.tw/article/breakingnews/2720004

Check Point發布《2019年網路安全報告》
http://www.digitalwall.com/scripts/displaypr.asp?UID=74620

駭客侵入美國三所高校入學申請數據庫並索要贖金
https://on.wsj.com/2IYvCWo

以注音按鍵排列作為密碼的方式,顯然也不會比較安全
https://udn.com/news/story/7088/3682252

台灣人用「ji32k7au4a83」當密碼很安全?這串讓老外困惑的注音符號密碼其實根本超危險
https://www.techbang.com/posts/68582-bad-password-security-data-breach-taiwan-ji32k7au4a83-have-i-been-pwned

微軟安全情報:去年電子郵件含有網釣訊息的比例增加250%
https://www.ithome.com.tw/news/129125

《網路安全威脅報告》 揭網路罪犯牟取暴利新途徑
https://udn.com/news/story/7314/3683785

YouTube兒童片禁留言 演算法漏洞 遭戀童癖濫用 企業撤廣告抵制
https://tw.appledaily.com/international/daily/20190302/38269285/

[6個溫習駭客攻擊的議題] 2019年資安可以怎麼做
https://bit.ly/2GZFttd

憂空拍機變恐攻?資安專家這麼說
https://bit.ly/2H6zses

FIDO 力推 WebAuthn 成為 W3C 網頁標準,無密碼的時代更向前邁進一大步
http://technews.tw/2019/03/06/fido-webauthn-is-a-new-w3c-standard-the-steps-to-non-password-world-is-much-closer/

再也不用記密碼了!W3C 正式批准全新網頁安全登入協定 WebAuthn
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=816

專挑名人IG ( Instagram )帳號的駭客集團現身
https://blog.trendmicro.com.tw/?p=59752

19歲漏洞獵人晉身為百萬身價駭客
https://bit.ly/2EK8lmZ

19歲黑客靠幫找網站漏洞,掙了600萬賞金,完全自學成才
https://kknews.cc/tech/k6vvz8p.html

趨勢2018資安總評:社交工程攻擊顯著增加
https://money.udn.com/money/story/5648/3676865

伊朗駭客過去兩年攻擊了全球數百家公司
https://on.wsj.com/2H6dqZf

賽門鐵克:竊取新加坡健康記錄的駭客組織曾持續攻擊該國
https://on.wsj.com/2Hk1Qcs

傳美企憂中國動手腳,要求台廠伺服器電源生產移出中國
https://technews.tw/2019/03/08/us-request-taiwan-server-power-factories-move-out-china/

釣魚、挖礦攻擊與商務電郵詐騙激增 駭客轉向特定目標的針對性攻擊
https://bit.ly/2TrUDgJ

資安威脅局勢大轉變!這3種犯罪手法成長幅度超驚人
https://newtalk.tw/news/view/2019-03-04/215005

【討論】入侵高鐵被逮 台灣天才駭客:我寧願說我是中國人
https://forum.gamer.com.tw/C.php?page=1&bsn=60076&snA=4909598&tnum=101

日經:光寶科技將加強在高雄生産 以免美國客戶擔憂資安問題
https://www.taiwannews.com.tw/ch/news/3653665

美網路安全公司披露中國駭客組織細節
https://www.rti.org.tw/news/view/id/2013369

擅傳個資給監控單位 PTT之父:別用「紅色供應鏈」產品
https://m.ltn.com.tw/news/politics/breakingnews/2716603

中國新駭侵團體 APT40 鎖定海軍科技進行網路間諜活動
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=818

美網路安全報告︰中國駭客目標增強海軍實力
https://news.ltn.com.tw/news/world/breakingnews/2716977

網絡專家:中共駭客瞄準美海軍科研情報盜竊猖獗
http://www.soundofhope.org/b5/2019/03/05/n2700715.html

找到證據了!荷蘭駭客破解中國監控「社群媒體」的神秘系統
https://buzzorange.com/techorange/2019/03/06/china-social-media-is-monitored/

外國駭客揭露 具有中國特色的「開放資料」
https://lihkg.com/thread/1047431/page/1

中國用來存放監控資料的MongoDB資料庫曝光了
https://www.ithome.com.tw/news/129102

自證清白!華為在比利時開設網路安全透明中心
https://ec.ltn.com.tw/article/breakingnews/2718142

華為全台都這樣佈點!他:你不怕滿滿的中國間諜工廠
https://www.setn.com/News.aspx?NewsID=506590

華為被爆收買美媒!他:台媒令人憂心
https://bit.ly/2TsL6pD

華為5G強到沒敵人?競敵狠嗆1句戳破神話
https://www.chinatimes.com/realtimenews/20190305003482-260410

專訪:華為設備有沒有「後門」並不重要
https://bit.ly/2C5GnAC

用MITRE ATT&CK框架識別攻擊鏈,讓入侵手法描述有一致標準
https://www.ithome.com.tw/news/129054

加碼禁用大陸產品 為資安還是為表態
https://udn.com/news/story/6844/3675991

這款模擬遊戲 引起美國國防部五角大廈的注意
https://bit.ly/2EsLzii

蔡英文《產經》專訪 揭中國網軍與「親中在野黨」合作
https://www.nownews.com/news/20190302/3250956/

老賴地圖曝光債務隱私 地下金融恐更猖獗
http://www.epochtimes.com/b5/19/3/3/n11085881.htm

中共影響5G標準制定 美議員促情報界公開
http://www.epochtimes.com/b5/19/3/2/n11084422.htm

中國大陸淨網2018專項行動 偵破網路犯罪案件5.7萬餘起
https://www.chinatimes.com/realtimenews/20190307002264-260409

中國大陸掃黃打非 嚴抓網路水軍
https://www.chinatimes.com/newspapers/20190308000187-260309

「替中國情報機構辦事」華郵專欄作家直言回絕華為招待
https://ec.ltn.com.tw/article/breakingnews/2714119

中國駭客團體APT27於近期的攻擊中使用一系列工具
https://bit.ly/2TAncZz

中國人大代表建議:多部門信息共享 堵住冒用身份信息漏洞
https://news.sina.com.tw/article/20190304/30311386.html

中國駭侵全球20餘所大學 竊取軍用海事科技
https://bit.ly/2EFuRfy

中國駭客攻擊名校竊海事機密 鎖定MIT、華大、杜克
https://bit.ly/2TELcKY

荷蘭駭客再揭中國網路監控 「創世神」杜奕瑾警告:別用中國設備
https://bit.ly/2EGWcOC

維尼小熊偷聽中?中國通訊軟體聊天訊息曝光為何資安專家都驚呆了
https://bit.ly/2EVBrQs

傳德中擬簽「無間諜」協議 外媒揭中共無信用
https://bit.ly/2EtndVD

全球資安會前夕 中共黑客組織曝光
http://www.epochtimes.com/b5/19/3/5/n11090758.htm

德擬用開放華為,換陸簽無間諜協議
https://bit.ly/2IQnN5n

前美國安官員:美國封殺華為出於擔憂 而非證據
https://www.rti.org.tw/news/view/id/2013392

華為控美政府入侵伺服器 環時:盼透過訴訟「贏得西方更多人心」
https://www.ettoday.net/news/20190308/1394192.htm

加碼反擊!華為控美駭伺服器竊電郵
https://www.chinatimes.com/realtimenews/20190307002836-260408

華為主導5G網路? 思科:美國無需擔心
https://bit.ly/2XIWGwm

華為真不走後門?專家:它別無選擇
https://ec.ltn.com.tw/article/breakingnews/2716503

絕不上繳數據?專家:華為根本無力抵抗
https://www.chinatimes.com/realtimenews/20190305003262-260408

英國傳限制華為設備比例 「不超過50%」降資安風險
https://www.ettoday.net/news/20190304/1390958.htm

英國審查報告將出爐 擬限制過半電信商使用華為
https://ec.ltn.com.tw/article/breakingnews/2715458

以色列8200部隊退役軍官企業家
https://www.ptt.cc/bbs/HatePolitics/M.1551539566.A.40D.html

【台灣要如何戰勝中國網軍】以色列每天被網路攻擊都沒事,就靠這支「8200 部隊」
https://buzzorange.com/2019/03/04/how-does-israel-cyber-8200-security-works/

干預歐洲議會選舉 俄羅斯駭客虎視眈眈
https://bit.ly/2C2XFhL

全球資安會 專家曝光中共黑客組織
https://www.ntdtv.com/b5/2019/03/05/a102525864.html?fbclid=IwAR14wuu9pShjl4vWDNgV_lS8r8He76I8oNywBw2i6IQKwzhWM0llxqGFrt4

泰國會通過《網路安全法》 擴大搜索權限
https://www.ydn.com.tw/News/326343

川金會進行時,北韓駭客持續攻擊美國與盟國單位
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=817

泰國政府通過允許存取網路用戶資料的網路安全法案
https://www.ithome.com.tw/news/129048?fbclid=IwAR2f4hog9_6M3qM6g8Sh-Kk_6VG7eLugRBiv8MSrTEB9FugCiIke-jW0E30

微軟指俄羅斯駭客入侵歐洲智庫
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=809

Egypt government used Gmail third-party apps to phish activists
https://www.zdnet.com/article/egypt-government-used-gmail-third-party-apps-to-phish-activists/#ftag=RSSbaffb68

FBI's Wray on China's Counterintelligence Capabilities
https://www.bankinfosecurity.com/fbis-wray-on-chinas-counterintelligence-capabilities-a-12125

Exposed Docker hosts can be exploited for cryptojacking attacks
https://www.zdnet.com/article/exposed-docker-hosts-can-be-used-in-cryptocurrency-mining/#ftag=RSSbaffb68

Japanese police charge 13-year-old for sharing 'unclosable popup' prank online
https://www.zdnet.com/article/japanese-police-charge-13-year-old-for-sharing-unclosable-popup-prank-online/#ftag=RSSbaffb68

Chinese hackers strike US universities in bid for military technology
https://www.zdnet.com/article/chinese-hackers-strike-us-universities-in-bid-for-military-technology/#ftag=RSSbaffb68

Russia limits operations of foreign communications satellite operators
https://www.zdnet.com/article/russia-limits-operations-of-foreign-communications-satellite-operators/#ftag=RSSbaffb68

Retail industry endures new point-of-sale cybercrime spree
https://www.zdnet.com/article/retail-industry-endures-new-point-of-sale-cybercrime-spree/#ftag=RSSbaffb68

Hackers target UN and IMF using ‘sophisticated’ cyber attacks as global Ddos hacking attempts grow
https://bit.ly/2ENM0Fc

APT Lucky Mouse Group targets Canada ICAO via Cyber Attack
https://www.cybersecurity-insiders.com/apt-lucky-mouse-group-targets-canada-icao-via-cyber-attack/

[March 2019] Four Misconceptions about Cyber Attacks
https://austchamthailandadvance.com/2019/02/28/march-2019-four-misconceptions-about-cyber-attacks/

New and Common Cyber Attack Types of 2018
https://www.ivoryintel.com/inside-the-intel/new-and-common-cyber-attack-types-of-2018

Identifying Cobalt Strike team servers in the wild
https://blog.fox-it.com/2019/02/26/identifying-cobalt-strike-team-servers-in-the-wild/

cobaltstrike-extraneous-space/cobaltstrike-servers.csv
https://github.com/fox-it/cobaltstrike-extraneous-space/blob/master/cobaltstrike-servers.csv

Researchers granted server by gov officials link Sharpshooter attacks to North Korea
https://zd.net/2SFpAK4

Researchers Link 'Sharpshooter' Cyber Attacks to North Korean Hackers
https://bit.ly/2Uk1sOJ

SOCs shift to threat detection and response: Gartner
https://www.zdnet.com/article/socs-shift-to-threat-detection-and-response-gartner/#ftag=RSSbaffb68

WDS bug lets hackers hijack Windows Servers via malformed TFTP packets
https://www.zdnet.com/article/wds-bug-lets-hackers-hijack-windows-servers-via-malformed-tftp-packets/#ftag=RSSbaffb68

Ten Alleged Nation-State Cyber-Attacks
https://www.htbridge.com/blog/ten-alleged-nation-state-cyber-attacks.html

Cybercrime report shows increased attacks on mobile financial services
https://www.atmmarketplace.com/news/cybercrime-report-shows-increased-attacks-on-mobile-financial-services/

Ukrainian News Agency Hit by DDOS Attacks After Publishing Information About Poroshenko’s Voter Bribery Schemes
https://bit.ly/2XIgYWT

USCYBERCOM v. the Internet Research Agency
https://dzone.com/articles/uscybercom-v-the-internet-research-agency-details

13-Yr-Old Girl Arrested In Japan For Posting Infinite Loop Code
https://bit.ly/2TmswAq

電信轉型搶人才 中華電祭起薪4.8萬招手新鮮人
https://bit.ly/2XDr9Mp

五家電信招募人才 大數據、AI人才最搶手
https://udn.com/news/story/7240/3681829

趨勢科技校園徵才起跑 開放250個資安職缺
https://money.udn.com/money/story/5612/3678469

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞

北約軍隊資安單位透過社群網站「釣魚」,發現嚴重資安弱點
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=811

微軟安全情報:去年電子郵件含有網釣訊息的比例增加250%
https://www.ithome.com.tw/news/129125

去年全球發生1.2萬起身分外洩事件,是2017年的4倍
https://www.ithome.com.tw/news/129191

收到來自老闆的轉帳信 當心你被詐騙了
https://money.udn.com/money/story/10868/3678420

假客服問個資 掛失手機收嘸簡訊盜刷卡
https://bit.ly/2UknUqO

7成國民稱能識破詐騙 銀行實測96%不及格
https://bit.ly/2IQsMmi

下流!對女職員健康診斷書「有性趣」 日本課長偷拍保存
https://news.ltn.com.tw/news/world/breakingnews/2714809

攜走6335名居民檔案!課長還偷拍「女同事健康報告」身高體重全存檔
https://www.ettoday.net/news/20190303/1390425.htm

送你禮券誘你上勾...網購分錯期 請去ATM「改回來」
https://udn.com/news/story/11315/3672589

信用卡被盜刷好幾萬!詐騙新招 讓你沒接到電話
https://bit.ly/2UihOaH

瞬間損失數萬! 盜刷新手法曝光
https://bit.ly/2tM9u7d

匯豐聲稱被人冒名轉走220萬 向1女15華人及數銀行索償
http://www.mingpaocanada.com/tor/htm/News/20190303/tdb1_r.htm

手機突然接不到來電?當心信用卡恐被盜刷好幾萬
https://fnc.ebc.net.tw/FncNews/life/71915

又是健保卡遭盜用! 求證警方免遭騙
https://udn.com/news/story/7320/3675995

山東破獲涉多省網路詐騙案:複製克隆他人QQ、冒充親人詐騙
https://news.sina.com.tw/article/20190305/30330288.html

美國詐騙電話升級 不要錢只要華人個人信息
http://hk.crntt.com/doc/1053/5/2/9/105352910.html?coluid=7&kindid=0&docid=105352910&mdate=0303161520

一頁式廣告風險高 貨到付款未必安全
https://udn.com/news/story/12861/3672597?from=udn-ch1_breaknews-1-cate2-news

多人陷「低門檻辦信用卡套現」騙局 交錢后微信被拉黑
https://news.sina.com.tw/article/20190301/30281256.html

用手機號碼找到你!Facebook 不能取消搜尋綁定引怨
https://www.inside.com.tw/article/15725-Facebook-wont-let-you-opt-out-of-its-phone-number-look-up-setting

臉書強迫拿你的手機號碼搜尋好友!不能取消引怨
https://udn.com/news/story/7088/3676860

臉書曾要脅多國政要 阻止就保護個人隱私立法
https://www.ettoday.net/news/20190304/1391037.htm

報稅季節 民眾如何提防稅務詐騙
http://www.epochtimes.com/b5/19/3/4/n11089373.htm

【真假難分】釣魚網站都有安全認證
https://bit.ly/2VEdwuf

保險詐騙勞民傷財 當局呼籲提高警覺
https://bit.ly/2SJYTDT

「跟妳結婚送你禮」要求匯款71萬買保險箱 詐騙手法再翻新
https://www.ettoday.net/news/20190306/1392978.htm

假冒親人借款、跨國騙婚詐財 桃園警方一天攔截兩起詐騙案
https://www.taiwanhot.net/?p=685409

看網路拍賣流程 假冒直播主行騙
https://bit.ly/2UpDim2

2019 Webroot Threat Report: Forty Percent of Malicious URLs Found on Good Domains
https://www.webroot.com/us/en/about/press-room/releases/2019-webroot-threat-report

Dow Jones watchlist of high-risk financial connections leaked online
https://www.zdnet.com/article/dow-jones-watchlist-leaked-online/#ftag=RSSbaffb68

Data leaks, default passwords exposed in visitor management systems
https://www.zdnet.com/article/19-vulnerabilities-exposed-in-visitor-management-systems/#ftag=RSSbaffb68

The reason why ji32k7au4a83 is a common and terrible password
https://www.zdnet.com/article/the-reason-why-ji32k7au4a83-is-a-common-password/#ftag=RSSbaffb68

Saudi caller ID app leaves data of 5+ million users in unsecured MongoDB server
https://www.zdnet.com/article/saudi-caller-id-app-leaves-data-of-5-million-users-in-unsecured-mongodb-server/#ftag=RSSbaffb68

18 percent of Americans admit to having their identity stolen
https://www.zdnet.com/article/18-percent-of-americans-admit-to-having-their-identity-stolen-another-17-percent-dont-know/#ftag=RSSbaffb68

Hacker group behind SingHealth data breach identified, targeted mainly Singapore firms
https://www.zdnet.com/article/hacker-group-behind-singhealth-data-breach-identified-targeted-mainly-singapore-firms/#ftag=RSSbaffb68

Facebook's privacy pivot vs Microsoft's 2002 security pivot: Facebook has more to prove
https://www.zdnet.com/article/facebooks-privacy-pivot-vs-microsofts-2002-security-pivot-facebook-has-more-to-prove/#ftag=RSSbaffb68

Facebook to refocus messaging around encryption and privacy
https://www.zdnet.com/article/facebook-to-refocus-messaging-around-encryption-and-privacy/#ftag=RSSbaffb68

E.研究報告

Double fetch漏洞挖掘技術
http://www.secfree.com/a/2.html

安全漏洞使環形門鈴和攝像機容易受到間諜活動的影響數字趨勢
https://bit.ly/2SDXYoI

路由器漏洞挖掘之棧溢出入門(二)
https://www.anquanke.com/post/id/171918

漏洞分析:對CVE-2018-8587(Microsoft Outlook)漏洞的深入分析
https://www.freebuf.com/vuls/195902.html

分析WordPress 遠程執行代碼漏洞CVE-2019-8942 和CVE-2019-8943
https://www.chainnews.com/articles/906121769790.htm

微軟旗下協同平台Azure DevOps的存儲型XSS漏洞(繞過CSP)
https://zhuanlan.zhihu.com/p/58049536

LINQ to SQL EntitySet中的漏洞抽象
https://codeday.me/bug/20190301/733184.html

黑客大佬曝光微軟Edge瀏覽器漏洞,能輕易獲取系統最高權限
https://t.cj.sina.com.cn/articles/view/3173426954/bd26a70a00100hziy

Solr漏洞分析(一).md
https://paper.tuisec.win/detail/2e213b84bb83901

蘋果iOS kernel.backtrace 信息洩漏漏洞分析
https://www.chainnews.com/articles/615194136368.htm

簡單拍照就可以把表格數據匯入 Excel
https://chinese.engadget.com/2019/03/03/microsoft-excel-import-data-from-picture-android/

從補丁DIFF 到EXP:CVE-2019-0623 漏洞分析與利用
https://paper.seebug.org/832/

網銀撞庫安全問題簡析
https://www.freebuf.com/articles/es/196513.html

web項目---webShell漏洞
http://www.manongjc.com/article/64900.html

利用Exchange SSRF 漏洞和NTLM 中繼淪陷域控
https://paper.seebug.org/833/

APP網站安全漏洞檢測服務的詳細介紹
https://www.sohu.com/a/299137247_100192631

漏洞分析之——順瓜摸藤
https://xz.aliyun.com/t/4231

SMB服務漏洞MS17-010滲透測試
https://www.twblogs.net/a/5b83370f2b71771e35c194aa

.NET高級代碼審計(第一課)XmlSerializer反序列化漏洞
https://www.anquanke.com/post/id/172316

SEIG Modbus 3.4 CVE-2013-0662 漏洞分析與利用
https://xz.aliyun.com/t/4240

補丁也不好使,CVE-2019-1663漏洞利用仍然在繼續
https://www.4hou.com/vulnerable/16542.html

命令過濾功能漏洞 - shell腳本繞過 #2479
https://github.com/jumpserver/jumpserver/issues/2479

Analyzing a Windows DHCP Server Bug (CVE-2019-0626)
https://www.malwaretech.com/2019/03/analyzing-a-windows-dhcp-server-bug-cve-2019-0626.html

MS Excel Weaponization Techniques
https://medium.com/@Bank_Security/ms-excel-weaponization-techniques-79ac51610bf5

$100,000/year if you can solve this reverse engineering test
https://bit.ly/2IODaem

NSA releases Ghidra, a free software reverse engineering toolkit
https://www.zdnet.com/article/nsa-release-ghidra-a-free-software-reverse-engineering-toolkit/#ftag=RSSbaffb68

NSA Releases GHIDRA 9.0 — Free, Powerful Reverse Engineering Tool
https://bit.ly/2UpuVXD

NSA釋出逆向工程工具包及防供應鏈攻擊的軟體
https://www.ithome.com.tw/news/129196

PXE Dust: Finding a Vulnerability in Windows Servers Deployment Services
https://research.checkpoint.com/pxe-dust-finding-a-vulnerability-in-windows-servers-deployment-services/

Microsoft is open-sourcing Windows Calculator on GitHub
https://www.zdnet.com/article/microsoft-is-open-sourcing-windows-calculator-on-github/#ftag=RSSbaffb68

Google rolls out Web Risk API in beta to help businesses protect their users
https://www.zdnet.com/article/google-rolls-out-web-risk-api-in-beta-to-help-businesses-protect-their-users/#ftag=RSSbaffb68

Abusing Exchange: One API call away from Domain Admin
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/

Ghidra: A quick overview for the curious
https://bit.ly/2EI2X2F

攻撃グループTickによる日本の組織をターゲットにした攻撃活動
https://blogs.jpcert.or.jp/ja/2019/02/tick-activity.html

F.商業

賽門鐵克併購以色列資安公司LUMINATE
https://bit.ly/2HcZcoL

賽門鐵克發表《網絡安全威脅報告》駭客透過騎劫網上表格及騎劫掘礦牟利數百萬美元
https://www.hksilicon.com/articles/1740062

聯想一口氣推出多款新品 新款ThinkPad筆電有這些特色
https://bit.ly/2GXgjeU

HTC再打資安牌 首款區塊鏈手機開賣竟有這些特色
http://news.pchome.com.tw/living/nownews/20190302/photo-55151633803814207009.html

Dell EMC 推 Cyber Recovery 軟件方案 保護數據抵禦網絡攻擊
https://unwire.pro/2019/03/02/dell-emc-cyber-recovery/security/

趨勢科技指出威脅情勢正在轉變,企業需重新思考資安重點
https://bit.ly/2HekkLa

專為Google雲端物聯網核心打造的快速開發板
https://www.eettaiwan.com/news/article/20190304NP21

全面轉型發展雲端服務 助企業逐階段落實數位化 零信任模式配置行動終端 降低安全措施複雜度
https://www.netadmin.com.tw/article_content.aspx?sn=1902260004

資安保護新趨勢 法遵科技發展不可忽視
https://www.digitimes.com.tw/iot/article.asp?cat=130&id=0000554642_D5S5H7GM5XA9EA1I5GB0X

記錄企業內網使用軌跡!Google X實驗室催生大數據資安新創Chronicle
https://meet.bnext.com.tw/articles/view/44580

Chronicle發表即時安全分析服務Backstory
https://www.ithome.com.tw/news/129104

Azure防火牆提供基於威脅情報的過濾功能,能夠主動封鎖惡意IP與網域
https://ithome.com.tw/news/129107

臺灣資安產業自主的需求日益提升
https://www.ithome.com.tw/voice/129111

ManageEngine幫您避免由瀏覽器漏洞引起的網絡攻擊
https://zhuanlan.zhihu.com/p/58271219

Alphabet新創公司推大數據資安軟體
https://www.chinatimes.com/realtimenews/20190305004756-260408

宏碁雲架構服務 接單旺
https://udn.com/news/story/7240/3684054

Comcast buys BluVector, an AI cybersecurity firm
https://www.zdnet.com/article/comcast-buys-bluvector-an-ai-cybersecurity-firm/#ftag=RSSbaffb68

Juniper Networks buys Mist Systems for $405 million
https://www.zdnet.com/article/juniper-networks-buys-mist-systems-for-405-million/#ftag=RSSbaffb68

VMware aims for security market, launches service defined firewall
https://www.zdnet.com/article/vmware-aims-for-security-market-launches-service-defined-firewall/#ftag=RSSbaffb68

Google Launches Backstory — A New Cyber Security Tool for Businesses
https://bit.ly/2IVIf4L

Google launches TensorFlow 2.0 Alpha
https://www.zdnet.com/article/google-launches-tensorflow-2-0-alpha/#ftag=RSSbaffb68

Microsoft has a plan to clean up its overlapping project-management services
https://www.zdnet.com/article/microsoft-has-a-plan-to-clean-up-its-overlapping-project-management-services/#ftag=RSSbaffb68

VMware Linux lawsuit moves closer to a resolution
https://www.zdnet.com/article/vmware-linux-lawsuit-moves-closer-to-a-resolution/#ftag=RSSbaffb68

Microsoft says Windows 10 is now on more than 800 million devices
https://www.zdnet.com/article/microsoft-says-windows-10-is-now-on-more-than-800-million-devices/#ftag=RSSbaffb68

G.政府

央行暫不考慮發行數位貨幣 先推快捷支付
https://udn.com/news/story/7239/3679098?from=udn-ch1_breaknews-1-cate6-news

〈央行報告搶先看〉數位貨幣尚無急迫性 快捷支付可替代
https://news.cnyes.com/news/id/4285789

回歸傳統貨幣框架?央行數位貨幣到底是什麼
http://news.knowing.asia/news/9198fb84-e9ce-4f55-8001-6d7c1adf8bc1

韓柯出訪前都遭洩密…被駭?或另有隱情
https://udn.com/news/story/10958/3682182

北市府電腦再遭駭客入侵 秘書處文件外流
https://bit.ly/2ITTydF

北市府又被駭! 柯文哲訪美行程恐外洩
https://news.tvbs.com.tw/politics/1094075

北市府11台電腦遭駭 柯文哲市政、訪美行程逃過一劫
https://www.ettoday.net/news/20190306/1392983.htm

駭客竊柯文哲訪美行程 台北市府:非最終版
http://www.epochtimes.com/b5/19/3/6/n11093239.htm

北市府電腦遭駭客入侵 已通報調查局
https://www.chinatimes.com/realtimenews/20190306003188-260402

北市府又遭駭客攻擊 柯文哲辦公室也中招
https://udn.com/news/story/6656/3680330

台版餘額寶正式起跑 金管會同意公會自律規範了
https://shareba.com/module/news/311318769433676712.html

國庫署攜手財金公司 簡便企業通匯程序
https://www.chinatimes.com/realtimenews/20190306003760-260410

國銀皮繃緊,金管會棍子變多
https://bit.ly/2NK485E

小英盼台日共享解放軍情報 《環時》:日方回應「不考慮」
https://www.ettoday.net/news/20190304/1391178.htm

出席 2018 年物聯網安全會議(IOTSF)與歐洲黑帽會議(Black Hat Europe)報告
https://report.nat.gov.tw/ReportFront/PageSystem/reportFileDownload/C10703700/001

陳其邁:發展資安產業生態鏈 補足人才缺口
https://www.cna.com.tw/news/aipl/201903050352.aspx

陳其邁:將建構國家資安聯防體系
https://www.chinatimes.com/realtimenews/20190305004790-260407

陳其邁下午接受台灣專業資安網路媒體平台 iThome 專訪,也就資安課題彼此交流意見
https://www.facebook.com/122936517768637/posts/2311915675537366/

首位資安長 陳其邁:資安即國安 刻不容緩
https://m.ltn.com.tw/news/politics/breakingnews/2717443

查「誰」在洩漏中科院的機密
https://forum.ettoday.net/news/1391666

禁中國3C產品原則 行政院:細節仍在討論中
https://tw.news.appledaily.com/politics/realtime/20190306/1528337

禁用大陸3C產品原則 行政院:國安會有參與討論
https://www.ettoday.net/news/20190306/1392816.htm

國安考量,NCC 擬規定電信廣播關鍵設施禁用中國製
https://technews.tw/2019/03/06/ncc-telecommunications-facility-ban-china/

NCC護國安.資安 關鍵基礎設施擬禁中國製
https://bit.ly/2UtoSkM

NCC考量國安 擴大禁用陸製設備
https://udn.com/news/story/7238/3682106

電信、廣播電台、衛星電視 將禁用中國製設備
https://news.pts.org.tw/article/424803

擴大禁用中國資通設備 國安會介入整合
https://news.ltn.com.tw/news/focus/paper/1272259

NCC擴大限縮陸製設備範圍 從4G擴大至廣播電視二類電信
https://udn.com/news/story/7238/3681101

中國資通設備 台糖、台水還在用
https://bit.ly/2NNqXWg

「不是把人送去當兵就好」李兆立:全民要有資安意識
https://bit.ly/2J1VaCa

華為產品涉國安 陳良基:CPU都可能被駭
https://www.rti.org.tw/news/view/id/2013715

陳其邁小心「讀卡機民怨」
https://talk.ltn.com.tw/article/paper/1272482

政府散播假訊息更可怕
https://www.chinatimes.com/newspapers/20190306000715-260109

余天曾想讓兒子在他旁邊學習 唐鳳今晚直播輔選
https://www.storm.mg/article/1032633

有國安疑慮政府購案,如何兼顧興利與防弊
https://forum.ettoday.net/news/1393437

金融監督管理委員會所管特定非公務機關資通安全管理作業辦法
http://law.fsc.gov.tw/law/LawContent.aspx?id=GL002646

支持合理軍購 朱立倫也推資安國防概念
https://news.ltn.com.tw/news/politics/breakingnews/2720529

H.SCADA/ICS/工控系統

Moxa IKS和EDS越界讀取漏洞
https://www.moxa.com/support/request_support.aspx

Towards a Framework for Analyzing Cyber Attacks Impact Against Smart Power Grid on SCADA System
https://ieeexplore.ieee.org/document/8524195

I.教育訓練

FortiGate火牆介紹 v5.6
https://www.ilrc.edu.tw/data/Fortigate-V5.6.pdf

Cisco Switch 基礎操作
https://www.ilrc.edu.tw/data/Cisco-Switch.pdf

The Dude 分享
https://www.ilrc.edu.tw/data/1051102-dude.pdf

MISP Training
https://github.com/MISP/misp-training

misp-galaxy
https://www.misp-project.org/misp-training/3.2-misp-galaxy.pdf

Learn Ethical Hacking with 180 Hours of Training — 2019 Course Bundle
https://bit.ly/2tQ8CPc

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機

居家連網裝置恐成資安漏洞
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=55&id=0000554137_te80016o4fre6w6po77oe

Windows IoT Core設備易受黑客控制
http://www.heijing.co/eaqapp/2019030408300091449

AI新創公司看過來!經濟部補助最高2千萬
https://tw.finance.appledaily.com/realtime/20190307/1528505

資安攻擊事件頻傳 物聯網安全防護湧現商機
https://www.2cm.com.tw/2cm/zh-tw/market/ED01FA5446EB47D6AC9D01313211A803

New exploit lets attackers take control of Windows IoT Core devices
https://www.zdnet.com/article/new-exploit-lets-attackers-take-control-of-windows-iot-core-devices/

AI starting to yield results in influencer campaigns
https://www.zdnet.com/article/ai-starting-to-yield-results-in-influencer-campaigns/#ftag=RSSbaffb68

The Convergence of IT and OT: The Cyber Implications
https://www.bankinfosecurity.eu/convergence-ot-cyber-implications-a-12129

台市售八成智慧音箱來自陸 資安數據潛藏疑慮
https://www.ntdtv.com/b5/2019/03/01/a102523051.html

6.近期資安活動及研討會

 Arduino四軸飛行器開發實作,無人機硬體、無線遙控器、飛控軟體整合、飛行教學,一天學會  3/9
 https://bit.ly/2LdYJ5H

 AI於資訊安全之應用  3/9
 https://hackercollege.nctu.edu.tw/?p=1042

 【補助專班】AI人工智慧應用系列- AIoT智能物聯網開發人才就業養成班[免費諮詢]  3/12
 https://ittraining.kktix.cc/events/aiot-training-2019

 Building and Training Convolutional Neural Networks, CNN  Wednesday, March 13, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484158/

 HackingThursday 固定聚會  March 14, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzfbsb/

 源碼檢測實作  3/14
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3829&from_course_list_url=homepage

 資安攻防演練主題講座  2019/03/14
 https://hackersir.kktix.cc/events/fcu190314

 活動宣傳─2019.03.14資安攻防演練主題講座
 https://ithelp.ithome.com.tw/articles/10211070

 臺灣好厲駭資安實務培訓暨資安實務攻防研習營Hacking Weekend  3/16
 https://docs.google.com/forms/d/e/1FAIpQLSeGLmh8DnV3dvJpyDD1XF9wxQ9bM-yC6VYeJpR0XnCgSmWzYg/viewform

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, March 20, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzfbbc/

 網路封包分析實務  3/20
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3833&from_course_list_url=homepage

 HackingThursday 固定聚會  March 21, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzfbcc/

 網路封包分析實務  3/21
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3833&from_course_list_url=homepage

 國立交通大學 亥客書院 - 網路流量分析與檢測  3/23
 https://hackercollege.nctu.edu.tw/?p=1036

 Black Hat Asia 2019  2019年3月26-29日
 https://ubm.io/2zZu87q 

 「以AI之矛,攻AI之盾」研討會 3/27
 https://twnic-icann.kktix.cc/events/108-1

 kubernetes 入門實作  3/28
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3789&from_course_list_url=homepage

 HackingThursday 固定聚會  March 28, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzfblc/

 Elixir台灣 台北 Meetup # Monday, April 1, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzgbcb/

 Modeling Sequences with Recurrent Neural Networks, RNN  Wednesday, April 3, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484461/

 網路封包分析實務  4/11
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3826&from_course_list_url=homepage

 2019 ICANN APAC-TWNIC Engagement forum  4/16~4/17
 https://forum.twnic.tw/

 Industrial Control Systems (ICS) Cyber Security Conference  APAC  April 16-18, 2019
 https://www.icscybersecurityconference.com/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, April 17, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzgbwb/

 網站弱點評估實務  4/18
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3830&from_course_list_url=homepage

 國立交通大學 亥客書院 - 緩衝區溢位攻擊與預防 新竹  4/20
 https://hackercollege.nctu.edu.tw/?p=1052

 資安健診  4/25
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3834&from_course_list_url=homepage

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 資安健診  5/9
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3827&from_course_list_url=homepage

 國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
 https://hackercollege.nctu.edu.tw/?p=1054

  iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
 https://cloudsummit.ithome.com.tw/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/

 網路封包分析實務  5/16
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3831&from_course_list_url=homepage

 源碼檢測實作  5/23
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3835&from_course_list_url=homepage

 第二十九屆全國資訊安全會議  5/23  ~ 5/24
 https://cisc2019.cs.pu.edu.tw/index.php

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…