1.重大弱點漏洞
WinRAR Zero-day Abused in Multiple Campaigns
https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html
新披露Jenkins RCE 漏洞成ImposterMiner 挖礦木馬新" 跳板"
https://www.chainnews.com/articles/931620544952.htm
因配置失誤超過1.3萬 iSCSI 存儲集群暴露在網路上
https://www.zdnet.com/article/over-13k-iscsi-storage-clusters-left-exposed-online-without-a-password/
甲骨文「通知」用戶付費取得Java 8安全修補程式,否則小心被駭
https://www.ithome.com.tw/news/129726
研究人員:HTTPS不如你想的安全,5.5%含有TLS漏洞
https://www.ithome.com.tw/news/129684
PuTTY 多個漏洞
https://thehackernews.com/2019/03/putty-software-hacking.html
Windows 10 收到奇怪的通知訊息?不是中毒,只是微軟不小心誤發的 Bug
https://www.kocpc.com.tw/archives/252222
微軟警告Windows 7用戶:安全更新即將結束
https://fnc.ebc.net.tw/FncNews/else/74214
Windows 10 1809進一步全面釋出
https://www.ithome.com.tw/news/129656
Microsoft Office Access Connectivity Engine遠程代碼執行漏洞
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0748
Microsoft Windows Kernel信息洩露漏洞
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0755
Improving the Windows 10 update experience with control, quality and transparency
https://bit.ly/2VsbI88
Microsoft Edge and Internet Explorer Zero-Days Allow Access to Confidential Session Data
https://bit.ly/2G2qKw0
Windows 10 Home edition users are big winners as Microsoft overhauls its update process
https://zd.net/2VnVLQt
Microsoft is making big Windows 10 update changes starting with the May 2019 release
https://zd.net/2uKVoUp
去年10個最常被駭客開採的漏洞中,有8個是微軟漏洞
https://www.ithome.com.tw/news/129487
微軟發現華為Matebook筆記本安全漏洞,華為已於1月份修復
https://www.expreview.com/67563.html
抓到了!華為筆電遭微軟揭露「後門」漏洞
https://bit.ly/2UmI2vH
微軟發現華為MateBook自帶PCManager程序的提權漏洞
https://www.cnbeta.com/articles/tech/831621.htm
權威認證! 微軟:發現華為電腦存在後門
https://ec.ltn.com.tw/article/breakingnews/2745338
VMware 產品多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/03/29/VMware-Releases-Security-Updates
快升級到Chrome 72!舊版行動Chrome爆有讓駭客竊取帳密的重大漏洞
https://www.ithome.com.tw/news/129490
Researcher publishes Google Chrome exploit
https://www.zdnet.com/article/researcher-publishes-google-chrome-exploit/#ftag=RSSbaffb68
Awesome Google Chrome extensions (April 2019 edition)
https://www.zdnet.com/pictures/awesome-google-chrome-extensions-april-2019-edition/#ftag=RSSbaffb68
注意!NSA逆向工程工具存在遠程代碼執行漏洞
https://www.secrss.com/articles/9269
Google Photos含有可洩露拍照時間與地點的臭蟲
https://www.ithome.com.tw/news/129491
駭客開採WordPress外掛程式漏洞以進行技術支援詐騙
https://www.ithome.com.tw/news/129525
Pwn2Own 2019駭客競賽首日:Mac版Safari瀏覽器再曝兩個零日漏洞
http://big5.pconline.com.cn/b5/news.pconline.com.cn/1242/12420857.html
IBM MQ Console跨站腳本漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10734457
IBM DB2 多個漏洞
https://www.auscert.org.au/bulletins/78346
多款IBM產品緩衝區錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1992
CUJO Smart Firewall 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4002
NetIQ eDirectory 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9166
思科通過屏蔽curl 修復安全漏洞
https://www.solidot.org/story?sid=60065
思科遭爆RV320和RV325路由器安全補丁未修復漏洞,僅是避免有漏洞裝置被發現
https://www.ithome.com.tw/news/129728
Cisco IOS和IOS XE輸入驗證漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar
Cisco IOS XE 存在安全性弱點
https://www.us-cert.gov/ncas/current-activity/2019/03/28/Cisco-Releases-Security-Update-Cisco-IOS-XE
思科 ClamAV 多個漏洞
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
Clam AntiVirus 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1785
Mikrotik RouterOS又曝出0day DDoS 漏洞
https://nosec.org/home/detail/2429.html
Dovecot 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7524
pfSense訪問限制繞過漏洞
https://redmine.pfsense.org/attachments/2690/sshguad_by_service_filtering.patch
在沒有回應後安全研究人員公開普聯路由器0day 漏洞
https://www.solidot.org/story?sid=60082
TP-Link 不回應,安全工程師公開了其路由器漏洞
https://www.oschina.net/news/105548/tplink-router-flaw
TP-Link router zero-day offers your network up to hackers
https://nakedsecurity.sophos.com/2019/04/02/tp-link-router-zero-day-that-offers-your-network-up-to-hackers/
Google security engineer discloses zero-day flaw in TP-Link smart home routers
https://www.zdnet.com/article/google-dev-discloses-zero-day-flaw-in-tp-link-smart-home-routers/#ftag=RSSbaffb68
【Gamers 有難】Nvidia GeForce Experience 漏洞喪失電腦控制權
https://bit.ly/2HOeNvZ
solarwinds serv-u_ftp_server CVE-2018-15906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15906
HPE Intelligent Management Center IMC SOM 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12555
Netis-Systems Website - Sql injection
https://www.anquanke.com/vul/id/1556599
Researchers discover and abuse new undocumented feature in Intel chipsets
https://www.zdnet.com/article/researchers-discover-and-abuse-new-undocumented-feature-in-intel-chipsets/#ftag=RSSbaffb68
Magento's Latest Patches Should Be Applied Immediately
https://www.bankinfosecurity.com/magentos-latest-patches-should-be-applied-immediately-a-12292
Magento 2.3.1, 2.2.8 and 2.1.17 Security Update
https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update
Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly
https://bit.ly/2VcUpYu
D-link -- Dir-816_firmware CVE-2019-10040
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10040
D-link -- Dir-816_firmware CVE-2019-10042
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10042
Dovecot CVE-2019-7524
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-7524
Fortinet -- Fortiportal CVE-2017-7342
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7342
FortiOS 多個漏洞
https://www.auscert.org.au/bulletins/78226
Micro Focus Arcsight_logger CVE-2019-3479
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3479
Micro Focus Arcsight_logger CVE-2019-3481
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3481
Micro Focus Arcsight_logger CVE-2019-3484
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3484
Redhat -- Ansible CVE-2019-3828
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3828
CVE-2019-0192: Mitigating Unsecure Deserialization in Apache Solr
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-0192-mitigating-unsecure-deserialization-in-apache-solr/
New Apache Web Server Bug Threatens Security of Shared Web Hosts
https://thehackernews.com/2019/04/apache-web-server-security.html
Apache 服務器高危漏洞給予共享託管環境的惡意用戶root 權限
https://www.solidot.org/story?sid=60134
漏洞預警|Apache HTTP服務組件曝提權漏洞,可獲取服務器root權限
http://www.xway.cn/bug/vulnerability.php?id=38&page=1
Apache Hadoop安全繞過漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11767
Apache HTTPD 多個漏洞
https://thehackernews.com/2019/04/apache-web-server-security.html
Linux發行版Ubuntu MATE開始支援樹莓派
https://www.ithome.com.tw/news/129755
Synology MailPlus Server 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13296
Synology SSL VPN Client 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13283
SAP SRM MDM Catalog身份驗證繞過漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2449
谷歌:光靠軟件修復不能完全防禦“幽靈”漏洞
http://www.xxlinux.com/download/17272.html
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
2019金融業IT投資戰略分析
https://www.ithome.com.tw/article/129515
【銀行測試】CFI 網絡安全防衛計劃 9 月中進入第三階段
https://bit.ly/2FP5HgB
小心資料遭竊!手機購物與銀行交易需留意4大風險
https://www.setn.com/News.aspx?NewsID=516459
展現拚網銀決心,LINE 資料將落地台灣
http://finance.technews.tw/2019/03/25/the-line-data-will-land-in-taiwan/
首 3 張虛擬銀行牌 財團全部有中資 京東、攜程、眾安有份
https://bit.ly/2WA6oQ6
Open Banking 趨勢來襲,台灣金融機構該如何培育即戰力人才
https://www.limitlessiq.com/news/post/view/id/9103/
行庫防駭 齊設資安團隊
https://bit.ly/2FMlPix
升級核心系統 銀行競砸重本
https://bit.ly/2FM6cH0
鎖定非24小時超商 竊盜集團偷走整台ATM
https://www.chinatimes.com/realtimenews/20190401000797-260402?chdtv
中國大陸央行:防範電信網路新型違法犯罪 構築支付安全防線
https://news.sina.com.tw/article/20190329/30698056.html
強化金融防詐工作 警銀合作聯合反詐騙
https://www.chinatimes.com/realtimenews/20190329002956-260402?chdtv
網購信用卡資料 前銀行職員被捕
http://www.udnbkk.com/article-276268-1.html
瑞典警方突擊搜查瑞典銀行總部,俄羅斯洗錢醜聞持續擴大
https://on.wsj.com/2uEjSOR
P2B網路融資媒合平台 幫助小微企業緩解短期融資不易的困境
https://news.cnyes.com/news/id/4297118
Hackers abuse Magento PayPal integration to test validity of stolen credit cards
https://www.zdnet.com/article/hackers-abuse-magento-paypal-integration-to-test-validity-of-stolen-credit-cards/
Financial Apps are Ripe for Exploit via Reverse Engineering
https://threatpost.com/financial-apps-are-ripe-for-exploit-via-reverse-engineering/143348/
In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code
https://bit.ly/2KedF7c
來捧金飯碗!華南銀行徵才428位 起薪最高直飆6萬
https://www.ettoday.net/news/20190322/1405347.htm
板信銀行實習招募事項
http://ft.takming.edu.tw/news/news.php?Sn=351
信用卡偽冒調查人員
https://www.104.com.tw/job/?jobno=6kdlv
合作金庫人壽108年儲備人員甄選
http://ptc.tabf.org.tw/tw/Ptc_108tcblife/
富邦金控 大舉徵才逾6,800人
https://money.udn.com/money/story/5636/3737888
3.電子支付/電子票證/行動支付/ 新聞及資安
行動金融暗藏危機 四大風險不可不慎
https://www.taiwannews.com.tw/ch/news/3664618
信用卡生態 「行動支付」在美行不通
https://udn.com/news/story/6813/3731015
日本正在討論向電子儲值卡“Suica”等電子支付系統提供加密貨幣充值服務
http://www.leilook.com/archives/14149
LINE PAY新活動 轉贈紅包抽點數 小心淪陷詐騙
https://times.hinet.net/news/22303315
【支付寶漏洞】跨境轉賬推出1個月即出事!港用戶無端被過數
https://hk.news.appledaily.com/local/realtime/article/20190403/59444070
支付寶香港爆漏洞!跨境轉帳開通首月 港用戶被異常交易 AlipayHK:已修復
https://bit.ly/2FYj7qm
關於CoinEgg上線電子支付通證(EPT)的公告
https://bit.ly/2CYytct
5.虛擬貨幣/區塊鍊 新聞及資安
芝加哥期權交易所將關閉比特幣期貨交易
https://ec.ltn.com.tw/article/breakingnews/2731923
加密貨幣市場如何監管?看看美國前CFTC主席怎麼說
http://news.knowing.asia/news/40329b9d-f2c0-45b2-a38e-26f9223f3e49
聲稱是公司代表,詐騙犯騙取義大利數位貨幣投資者共30萬美元
https://m.moneydj.com/f1a.aspx?a=c162cb17-30b6-4723-badd-1bf93703b1b2
軍規等級解決方案現身台灣資安大會 一張 Micro SD 讓你擁有硬體錢包安全性
https://blockcast.it/2019/03/23/cyber-security-taiwan-2019/
OK Coin的破與立:交易所真正區塊鏈化了
http://news.knowing.asia/news/68e1d331-d589-4770-8a1c-8831a3c9d3f9
卡巴斯基:駭客組織 Lazarus 再出新花招鎖定加密貨幣
https://blockcast.it/2019/03/27/cryptocurrency-businesses-still-being-targeted-by-lazarus/
縱觀各大交易所在被盜後,都做了什麼?後來又怎麼樣了
http://news.knowing.asia/news/c123a456-db93-4f24-887d-7a7d67c915ff
傳統APP存在這6大痛點,使DApps成為區塊鏈產業的重要板塊之一
http://news.knowing.asia/news/f9633957-a834-4112-9a57-f7c6eb750ccb
Bithumb交易所約1300萬美元EOS被盜,疑似有「內鬼」
http://news.knowing.asia/news/beba5415-c94d-437b-8944-6523386a9e7d
駭客連環狙擊,交易所損失逾500萬美元
http://news.knowing.asia/news/25f3d738-fe80-4272-8462-dc53527ef5a1
委內瑞拉金融崩潰 Bitcoin 成國民貨幣
https://bit.ly/2UboD1z
瑞士楚格「加密谷」區塊鏈新天堂
https://udn.com/news/story/6868/3733891
北韓駭客瘋狂作案盜竊6.7億美元加密貨幣,只為擺脫美國制裁
http://news.knowing.asia/news/9eda9d4b-c3a3-459f-9c3d-361ae9351f7b
加密貨幣竊盜案再添一樁!一分鐘弄懂韓國知名交易所Bithumb被駭事件始末
http://news.knowing.asia/news/d1d9236f-b39b-4301-a3eb-95fc2b106ade
技術媲美IBM的台灣區塊鏈新星 兩個月內登上三家世界級交易所
https://discovery.ettoday.net/news/1414153
全球不動產網路平台將上線採區塊鏈技術 降交易成本
https://money.udn.com/money/story/5602/3738178
Hackers Steal $19 Million From Bithumb Cryptocurrency Exchange
https://bit.ly/2VaaVZv
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體
新種Mirai殭屍網路死灰復燃,這次目標是企業級IoT裝置
https://www.ithome.com.tw/news/129449
新款Android木馬程式Gustuff鎖定金融程式與加密貨幣程式
https://www.ithome.com.tw/news/129672
Asus Live Update 被植入惡意軟件快檢查你的 MAC 位址
https://news.xfastest.com/asus/60791/asus-live-update-mac/
華碩資安爆漏洞! 「駭」進更新系統植病毒
https://bit.ly/2Uk5gTh
筆電更新爆資安漏洞華碩:已在管控之中
https://www.ustv.com.tw/UstvMedia/news/103/20190326A138
華碩電腦集體被植入後門病毒?卡巴斯基:恐百萬台華碩電腦中毒
https://applealmond.com/posts/50107
華碩電腦集體被植入後門病毒?卡巴斯基:恐百萬台華碩電腦中毒
https://shadowhammer.kaspersky.com/index.php
華碩釋出ShadowHammer惡意程式偵測工具,遭微軟誤判為惡意程式
https://www.ithome.com.tw/news/129613
中國360威脅情報中心分析ShadowHammer的600個攻擊目標MAC地址,超過4成使用華碩網卡
https://www.ithome.com.tw/news/129630
新款Android木馬程式Gustuff鎖定金融程式與加密貨幣程式
https://www.ithome.com.tw/news/129672
新JNEC.a勒索軟件曝光,利用WinRAR ACE漏洞傳播
https://zhuanlan.zhihu.com/p/59831084
微軟資安報告,亞太區成挖礦惡意程式的重災區
https://technews.tw/2019/03/22/microsoft-security-report-says-asia-pacifice-are-is-the-hot-spot-of-cryptocurrency-mining/
是愛還是恨?Microsoft 將 Defender 防病毒軟件帶到 Mac 平台
https://qooah.com/2019/03/21/microsoft-defender-for-mac/
Beazley:遭到勒索軟體攻擊的企業中,7成為中小型企業
https://www.ithome.com.tw/news/129565
造成烏克蘭大停電的惡意程式,可能也攻擊礦業公司與鐵路
https://twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=313
勒索軟體攻擊目標:71%為中小企業
https://www.jishuwen.com/jump/aHR0cDovL3d3dy50dWljb29sLmNvbS9hcnRpY2xlcy9hMklqQXJW
紐約州阿巴尼市遭勒索軟體攻擊,致部份服務中斷
https://www.ithome.com.tw/news/129764
From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw
https://bit.ly/2HXJuON
Emotet Update: New C2 Communication Followed by New Infection Chain
https://cofense.com/emotet-update-new-c2-communication-followed-new-infection-chain/
Microsoft Takes Control of 99 Websites From APT Group
https://www.bankinfosecurity.com/microsoft-takes-control-99-websites-from-apt-group-a-12296
Researchers publish list of MAC addresses targeted in ASUS hack
https://www.zdnet.com/article/researchers-publish-list-of-mac-addresses-targeted-in-asus-hack/#ftag=RSSbaffb68
Uncovering the capabilities and activities of Anubis Android banking trojan
https://cyware.com/news/uncovering-the-capabilities-and-activities-of-anubis-android-banking-trojan-9e3d7e67
Banking Trojan Has The Potential To Target Over 100 Banking Apps
https://www.itsecurityguru.org/2019/03/29/banking-trojan-has-the-potential-to-target-over-100-banking-apps/
The Ursnif Gangs keep Threatening Italy
https://securityaffairs.co/wordpress/82921/malware/ursnif-threatening-italy.html
JACKSON COUNTY RANSOMWARE ATTACK HAS LOCAL GOVERNMENTS ON HIGH ALERT
https://wnegradio.com/jackson-county-ransomware-attack-has-local-governments-on-high-alert/
Singapore firms point to ransomware as most common attack mode
https://www.zdnet.com/article/singapore-firms-point-to-ransomware-as-most-common-attack-mode/#ftag=RSSbaffb68
New banking Trojan targets Microsoft Outlook, Internet Explorer and Mozilla Thunderbird
https://www.bullguard.com/community/blog/april-2019/new-banking-trojan-targets-microsoft-outlook,-inte
Know How To Uninstall Tinynuke Banking Trojan - malware free
http://cleanmypcvirus.blogspot.com/2019/03/know-how-to-uninstall-tinynuke-banking.html
Banking Malware Being Distributed By Hackers Via Password Protected Zip Files
http://www.ehackingnews.com/2019/04/banking-malware-being-distributed-by.html
Uncovering the capabilities and activities of Anubis Android banking trojan Hacker News
https://cybersecurityboard.com/uncovering-the-capabilities-and-activities-of-anubis-android-banking-trojan-hacker-news
Entfernen Tinynuke Banking Trojan In einfachen Schritten
http://spywareentfernungwerkzeug.blogspot.com/2019/03/entfernen-tinynuke-banking-trojan-in.html
Medical Practice to Close in Wake of Ransomware Attack
https://www.bankinfosecurity.com/medical-practice-to-close-in-wake-ransomware-attack-a-12321
City of Albany Latest Local Government Hit With Ransomware
https://www.bankinfosecurity.com/city-albany-latest-local-government-hit-ransomware-a-12312
A dozen US web servers are spreading 10 malware families, Necurs link suspected
https://www.zdnet.com/article/a-dozen-us-web-servers-are-spreading-10-malware-families-necurs-botnet-link-suspected/#ftag=RSSbaffb68
Emotet-Distributed Ransomware Loader for Nozelesn Found via Managed Detection and Response
https://blog.trendmicro.com/trendlabs-security-intelligence/emotet-distributed-ransomware-loader-for-nozelesn-found-via-managed-detection-and-response/
Malware in Smart Factories: Top Security Threats to Manufacturing Environments
https://blog.trendmicro.com/trendlabs-security-intelligence/malware-in-smart-factories-top-security-threats-to-manufacturing-environments/
Ransomware or Wiper? LockerGoga Straddles the Line
https://blogs.cisco.com/security/talos/lockergoga-straddles-the-line
IcedID Banking Trojan Spruces Up Injection Tactics to Add Stealth
https://securityintelligence.com/icedid-banking-trojan-spruces-up-injection-tactics-to-add-stealth/
Backdoor code found in popular Bootstrap-Sass Ruby library
https://www.zdnet.com/article/backdoor-code-found-in-popular-bootstrap-sass-ruby-library/#ftag=RSSbaffb68
Analysis: The Evolving Ransomware Threat
https://bit.ly/2FUTqFW
New Android Malware “BasBanke” Steal Financial Data Such as Credentials & Credit/Debit Card Numbers
https://gbhackers.com/new-android-malware-basbanke/
금성121 APT 조직, '오퍼레이션 하이 엑스퍼트(Operation High Expert)'
https://blog.alyac.co.kr/2226
B.行動安全 / iPhone / Android /穿戴裝置 /App
【智能手錶】隨時能竄改位置、陌生人致電 小心兒童手錶私隱漏洞
https://bit.ly/2HXBLQM
手機防毒 Apps 實測!23 款最佳偵測惡意程式名單出爐
https://bit.ly/2OyRlDv
Google Play 手遊藏毒!估 1.5 億 Android 用戶中招
https://3c.ltn.com.tw/news/36212
Check Point 發現多款手機遊戲內藏惡意廣告軟體 全球約有 1.5 億 Android 使用者受害
https://gnn.gamer.com.tw/9/176909.html
Google Play手遊藏毒 Google:已掌握狀況
https://bit.ly/2YyjmzL
健康存摺就醫紀錄 健保署授權App業者串連使用
https://udn.com/news/story/7266/3710298
用戶數據傳中國 諾基亞手機爆資安疑慮
https://udn.com/news/story/7098/3713024
芬蘭正調查 Nokia 手機會傳輸敏感資料到中國大陸的報導(內容更正)
https://chinese.engadget.com/2019/03/22/finland-investigating-nokia-data-china/
Nokia 部分手機驚傳漏洞!用戶個資數據偷偷傳輸到中國電信伺服器
https://3c.ltn.com.tw/news/36224
「我的手機會偷偷向中國伺服器傳資料...」諾基亞手機向中國傳送數據,芬蘭當局要查
https://www.storm.mg/article/1089568
HMD Global手機傳將用戶資訊回傳中國 可能涉及更大罰責
https://udn.com/news/story/7098/3714002
微信到底有沒有資安開後門風險
https://www.ptt.cc/bbs/MobileComm/M.1553224337.A.BC3.html
韓國"手機身份證"App被曝存在嚴重安全漏洞
https://www.cnbeta.com/articles/tech/829281.htm
2020年臺灣電信5G將釋照!NCC:如何確保5G資安將是未來一大挑戰
https://www.ithome.com.tw/news/129547
歐盟表態!不禁華為 5G資安方針下週出爐
https://ec.ltn.com.tw/article/breakingnews/2736378
歐盟不禁華為 下週促成會員國共同防範資安風險
http://www.worldpeoplenews.com/content/news/315194
無視美國要求!歐盟未封殺華為5G 僅分享資安數據因應
https://bit.ly/2OD7ecm
多國5G通訊拒華為 美前高官促推領導世界通訊戰略
http://www.epochtimes.com/b5/19/3/27/n11143293.htm
中國為了華為5G設備警告日方 日本政府這麼回應
https://fnc.ebc.net.tw/FncNews/else/75265
華為設備藏有「蟲門」!英國政府:華為的工程流程有重大安全缺陷
https://buzzorange.com/techorange/2019/03/29/huawei-risk/
英國檢查華為電信設備發現新風險,軟體工程與網路安全品質有重大缺陷
https://www.ithome.com.tw/news/129669
惦惦吃三碗公?中興在中國拿下6張5G合約
https://ec.ltn.com.tw/article/breakingnews/2740640
手機中木馬病毒後門大開?很煩但必須做的五件事
https://money.udn.com/money/story/10868/3721342
蘋果釋出iOS 12.2以修補51個安全漏洞
https://www.ithome.com.tw/news/129606
APP恐洩個資! 政大學者:安卓6.0以上快檢查
https://bit.ly/2UlLd72
App個資外洩知多少
https://iforensicsblog.blogspot.com/2019/03/app.html
手機定位APP洩個資? 專家籲認清授權存取 移動速度.電量全都露
https://www.ttv.com.tw/news/view/10803290029300L/579
UC Browser暗藏中間人攻擊能力
https://www.ithome.com.tw/news/129623
研究人員已在 LTE 通訊協定中發現了 36 個漏洞
https://chinese.engadget.com/2019/03/28/researchers-find-36-security-flaws-in-lte/
微信又現新漏洞 官方否認監控聊天記錄!網友的回覆亮了
https://kknews.cc/tech/vrmj59a.html
最新PSV越獄來了,你有6週時間準備逃出沙盒的前置作業
https://bit.ly/2V5jPra
Android常見安全漏洞匯總
http://www.twoeggz.com/news/14017269.html
義大利公司疑似散布間諜軟體,Google Play 緊急下架二十五支 App
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=831
New Settings Let Hackers Easily Pentest Facebook, Instagram Mobile Apps
https://bit.ly/2TEJ8Pj
New Version of XLoader That Disguises as Android Apps and an iOS Profile Holds New Links to FakeSpy
https://bit.ly/2HV9Vp8
Government spyware hidden in Google Play store apps
https://nakedsecurity.sophos.com/2019/04/02/government-spyware-hidden-in-google-play-store-apps/
Vulnerability found in Xiaomi phones' pre-installed security app
https://www.zdnet.com/article/vulnerability-found-in-xiaomi-phones-pre-installed-security-app/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
別讓系統更新成為資安亂源
https://www.ithome.com.tw/voice/129720
微軟揭密 「偷渡式下載」網路犯罪台灣高居第一
https://www.chinatimes.com/realtimenews/20190401002543-260412?chdtv
如何培育企業實戰資安人才?全新資安防禦競賽來了
https://www.ithome.com.tw/news/129766
趨勢科技最新年度報告 資安威脅顯著轉變 社交工程攻擊明顯增加
https://cnews.com.tw/124190401a03/
網路攻防戰 破解駭客 企業自保8守則
https://vision.udn.com/vision/story/12939/3722041
2018年網路犯罪結構年輕化 24歲到39歲佔5成3
https://www.ettoday.net/news/20190401/1413091.htm
2019年3月十大資安新聞
https://www.ithome.com.tw/news/129761
AI助力網路嚇阻 21世紀戰場主宰
https://www.ydn.com.tw/News/330894
資訊戰爭的防禦與攻擊
https://talk.ltn.com.tw/article/paper/1278222
Imperva:2018年Web應用程序漏洞與2017年相比增加了21%
http://www.xxlinux.com/win8/win8news/10789.html
Nexusguard威脅報告顯示最大DDoS受僱型網站佔全球攻擊11%
https://n.yam.com/Article/20190325526928
HTTPS 也不安全?被發現新漏洞會暴露你的數據
https://www.oschina.net/news/105532/htttps-vulnerable
【關鍵資安議題:容器安全】剖析容器的資安風險與防護
https://www.ithome.com.tw/article/129426
華碩更新伺服器驚傳遭駭,官方下午回應:鎖定特定機構用戶的攻擊
https://www.ithome.com.tw/news/129597
華碩更新伺服器遭駭客入侵 宏碁:沒接獲任何通報
https://udn.com/news/story/7240/3720352
華碩回應「 Live Update 工具程式」遭駭客入侵一事 提供檢測程式並強化資安維護
https://www.kocpc.com.tw/archives/250506
傳駭客入侵波及用戶,華碩:確保不再發生
https://technews.tw/2019/03/26/asus-says-make-sure-that-hackers-no-invaded/
駭客入侵電子郵件 假冒外商公司險詐百萬
https://tw.appledaily.com/new/realtime/20190322/1537972/
微軟成功接管伊朗駭客集團Phosphorus用來攻擊的99個網站
https://www.ithome.com.tw/news/129647
Microsoft slaps down 99 APT35/Charming Kitten domains
https://nakedsecurity.sophos.com/2019/04/01/microsoft-slaps-down-99-apt35-charming-kitten-domains/
「Soula」偽造搜尋引擎登入畫面,針對韓國網站發動水坑攻擊,竊取帳密
https://blog.trendmicro.com.tw/?p=60088
豐田汽車遭駭客集團鎖定?澳洲、日本、越南皆淪陷
https://www.ithome.com.tw/news/129693
一安全研究員在英國被指控:黑入微軟與任天堂伺服器
https://news.sina.com.tw/article/20190329/30698420.html
自閉症前安全研究員因認罪駭入微軟、Nintendo免於入監
https://www.ithome.com.tw/news/129671
惡意竊取程式碼 24歲駭客入侵任天堂伺服器判監禁15個月
https://bit.ly/2CWGAqj
從歷史老師變資安大師,他與駭客過招20年的實戰心法
https://bit.ly/2YGIap8
駭客無所不在 資安廠建議隨時更新防毒軟體
https://bit.ly/2FFBGhT
企業被駭了 裝防火牆就沒事
https://vision.udn.com/vision/story/12931/3718579
未來的合成生物學「駭客」:他們用聲音竊取DNA合成信息
https://www.mirrormedia.mg/story/20190315mit001/
Akamai網路安全現狀報告:零售商成為憑證填充攻擊的最大受害者
https://bit.ly/2TkLXVy
編程語言安全性排行榜:Ruby 最佳,C 語言漏洞最多
https://www.infoq.cn/article/VMQhWL6eH9-CRm4a7zkY
數字戰爭新時代:駭客公司如何為威權政府服務
https://cn.nytimes.com/world/20190322/government-hackers-nso-darkmatter/zh-hant/
防範攻擊要從駭客思維出發!HITCON Girls成員揭露演練工具濫用的因應對策
https://bit.ly/2Ww98y4
全球最大鋁生產商遭網路攻擊 駭客要求贖金
https://bit.ly/2I02hck
降低網路攻擊或災損從事前防範做起,澳洲政府實施八大減緩策略
https://www.ithome.com.tw/news/129541
Black Hat Asia 2019 騰訊安全首度披露Chakra JIT引擎漏洞攻擊面
https://www.4hou.com/info/news/17123.html
FBI大轉型 掃蕩網路威脅
https://news.ltn.com.tw/news/focus/paper/1278108
遏阻網攻劍指中俄 FBI啟動911恐攻以來最大組織轉型
https://udn.com/news/story/6809/3729493?from=udn-ch1_breaknews-1-cate5-news
三大威脅來自中國 美保守派組「因應中國威脅委員會」凝聚共識
https://www.cmmedia.com.tw/home/articles/14906
亞馬遜設防駭部隊 找白帽駭客滲透測試
https://ec.ltn.com.tw/article/paper/1275957
微軟最新「智慧資安報告」解密亞太地區網路犯罪四大威脅
https://technews.tw/2019/04/01/microsoft-security-intelligence-report-volume-24-is-now-available/
研究人員揭露 Facebook Fizz專案DoS攻擊漏洞,獲臉書例外頒發獎金
https://www.ithome.com.tw/news/129555
不誠實取用電腦律政司敗訴 一文看清甚麼罪受影響
https://bit.ly/2UgTr18
中國女子帶惡意程式闖海湖莊園 一度被誤認台女
https://bit.ly/2WKbhpQ
美國國土安全部:Medtronic心臟除顫器可被黑客入侵
https://www.secrss.com/articles/9311
美國土安全部:駭客可操控75萬個植入式心臟去顫器 影響病患
https://www.ettoday.net/news/20190331/1412175.htm
美國麻省理工學院宣布:終止與華為、中興合作關係
https://m.ltn.com.tw/news/world/breakingnews/2749124
北約網路防禦報告:華為5G存在國家安全風險
https://www.secretchina.com/news/b5/2019/04/04/889429.html
美國政府問責局表示,美國債務系統存在安全漏洞
https://read01.com/MJy77xG.html
中共入侵希拉里電郵 FBI忽略調查被訴
https://www.ntdtv.com/b5/2019/03/29/a102544340.html
中國平安科技中標 助建香港eID系統
http://www.passiontimes.hk/article/04-03-2019/52110
絕不容中共網軍持續綁架台灣輿論
https://talk.ltn.com.tw/article/breakingnews/2749245
中共收集美國人DNA 美專家:恐用來打造生物武器
https://m.ltn.com.tw/news/world/breakingnews/2747978
資安保衛戰!美國要求中企撤出同志交友軟體Grindr
https://www.cmmedia.com.tw/home/articles/14901
「塔利班」佛地魔東山再起 國防高研署兩項資料探勘計畫抵禦
https://udn.com/news/story/10930/3722067
又是俄國搞的鬼!北約盟國頻遭駭客攻擊
https://www.taiwannews.com.tw/ch/news/3664493
伊斯蘭國指揮官會寫 HTML!靠網路科技茁壯,IS 恐怖又驚人的「名聲賽局」
https://buzzorange.com/techorange/2019/03/28/build-the-fame/
拖延多時,伊朗加密法規草案的背後發生了什麼事
http://news.knowing.asia/news/d29dbea2-e576-4d48-b366-34925fec0796
俄羅斯政府下最後通諜:VPN業者必須封鎖在該國遭禁的網站
https://www.ithome.com.tw/news/129683
美中貿易會談可能延長 白宮顧問:中方首承認竊取智財、駭客問題
https://www.ettoday.net/news/20190404/1415088.htm
德媒指遭網攻1年餘 拜耳:無資料外洩證據
https://www.rti.org.tw/news/view/id/2016666
英國調查報告指華為工程流程存在重大安全缺陷,華為回應
https://theinitium.com/article/20190329-morning-brief/
Hijacked Email Reply Chains
https://www.webroot.com/blog/2019/04/03/hijacked-email-reply-chains/
‘Long-term security risks’ from Huawei
https://www.bbc.com/news/technology-47732139
Huawei issues could pose UK security risks, say authorities
https://www.theguardian.com/technology/2019/mar/28/huawei-chinese-firm-poses-national-security-risks-says-uk-watchdog
Nation-State and Crime Groups Keep Blending, Europol Warns
https://www.bankinfosecurity.asia/nation-state-crime-groups-keep-blending-europol-warns-a-12293
Audits: Systems Used to Track US Debt Vulnerable
https://www.bankinfosecurity.com/audits-systems-used-to-track-us-debt-vulnerable-a-12291
Netherlands - Dutch Waterworks badly secured against hackers
https://brica.de/alerts/alert/public/1252343/netherlands-dutch-waterworks-badly-secured-against-hackers/
The Danger of Hacker Attacks: What Must Companies Bear in Mind
https://www.sma-sunny.com/en/the-danger-of-hacker-attacks-what-must-companies-bear-in-mind/
Security alert: pipdig insecure, DDoSing competitors
https://bit.ly/2UsbJLU
Here's the List of ~600 MAC Addresses Targeted in Recent ASUS Hack
https://bit.ly/2YJ1QJl
How Tri-Counties Regional Center Secures Sensitive Files and Maintains HIPAA Compliance
https://www.bankinfosecurity.co.uk/webinars/how-tri-counties-regional-center-secures-sensitive-files-maintains-w-1925
Chinese hacking groups to ramp up cyber attacks on some industries, experts say
https://www.csoonline.com/article/3384927/chinese-hacking-groups-to-ramp-up-cyber-attacks-on-some-industries-experts-say.html
Pharmaceutical giant Bayer targeted by cyberattack, threat 'contained'
https://www.zdnet.com/article/drug-firm-bayer-targeted-by-cyberattack-threat-contained/#ftag=RSSbaffb68
Bayer points finger at Chinese-based group after blocking cyber attack
https://bit.ly/2WMz091
Home DNA kit company asks you to upload your family tree for the FBI
https://www.zdnet.com/article/home-dna-kit-company-asks-you-to-upload-your-family-tree-for-the-fbi/#ftag=RSSbaffb68
Report: FBI Fails to Promptly Notify Cybercrime Victims
https://www.bankinfosecurity.com/report-fbi-fails-to-promptly-notify-cybercrime-victims-a-12334
Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole
https://bit.ly/2CJZ791
Hacker group has been hijacking DNS traffic on D-Link routers for three months
https://www.zdnet.com/article/hacker-group-has-been-hijacking-dns-traffic-on-d-link-routers-for-three-months/#ftag=RSSbaffb68
國立雲林科技大學【資訊中心】誠徵專案副工程師
https://www.104.com.tw/job/?jobno=6k2ar
資安協銷經理(Presales)-B22B
https://www.104.com.tw/job/?jobno=6k2lw
網路安全與滲透測試工程師
http://m.yzmedu.com/course/291
教育處(教育網路中心)徵臨時人員( 資安分析師 )
https://bit.ly/2UnzZ1P
資安工程師
https://www.104.com.tw/job/?jobno=6k3md
資安技術顧問_高雄
https://www.104.com.tw/job/?jobno=6k6em
【NCCST-技服中心】資安規劃師
https://www.104.com.tw/job/?jobno=6k87i
【國立中興大學臺中區域網路中心誠徵資安專任助理一名】
https://www.nchu.edu.tw/news-detail.php?id=45562
交通部高速公路局資訊室約聘工程師徵才公告
https://www.freeway.gov.tw/Print.aspx?cnid=193&p=12572
行政組_資訊安全管理工程師
https://www.104.com.tw/job/?jobno=6ka2g
【實習】安華聯網科技股份有限公司
http://imd.ntub.edu.tw/p/406-1043-68982,r717.php?Lang=zh-tw
麥肯錫布拉格徵資安專才
https://www.ptt.cc/bbs/Soft_Job/M.1553822763.A.487.html
「LINE開發社群計畫」擴大在台規模 LINE宣布持續招募資安、開發人才
https://www.ettoday.net/news/20190328/1409964.htm
文管人員(約聘)
https://www.104.com.tw/job/?jobno=6kcm7&jobsource=cj2008
高雄市教育局誠徵- 資安系統管理約聘人員
https://www.ptt.cc/bbs/job/M.1554193353.A.C67.html
研發中心-APP成長駭客/數據分析師
https://www.104.com.tw/job/?jobno=6kemb
Cyber Security Architect, London, Paying up to £90,000
https://beechermadden.com/cyber-security-architect-london/
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
蝸牛星際礦機騙局:一堆價值800的機器卻騙到20億
https://bit.ly/2FJCsf2
桃市議員舒翠玲質疑地政外洩個資 市府否認
https://newtalk.tw/news/view/2019-03-26/225250
詐騙犯扮廣達詐谷歌、臉書逾37億 恐判30年
https://fnc.ebc.net.tw/FncNews/life/74434
臉書6億用戶密碼變"明碼" 內部員工可搜尋到
https://www.ttv.com.tw/news/view/10803220032900M/568
FB又傳資安漏洞 6億用戶密碼被曝光
https://news.pts.org.tw/article/426426
臉書提供白帽設定以利安全研究人員尋找漏洞
https://www.ithome.com.tw/news/129624
外貿行業注意!病毒偽裝成商務郵件釣魚 中招可致機密信息外泄
https://kknews.cc/tech/r5z5r8x.html
網路騙子利用基督城恐襲悲劇騙錢
http://www.epochtimes.com/b5/19/3/20/n11126549.htm
學術網路單位所屬電子郵件帳戶疑似密碼外洩情資,請收到者立即更改密碼
https://www-ch.scu.edu.tw/october/news/9856
[資安警訊]學術網路電子郵件帳戶疑似密碼外洩,建議立即更改本校電子郵件密碼 2019/03/25
https://bit.ly/2Wx29EZ
五不五要 拒當社群透明人
https://money.udn.com/money/story/9554/3716671
網路安全出漏洞使個資外洩 飯店、航空業者首當其衝
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=50&id=0000556396_yas2acdxlvun4a5t6dcjj
愛不到就毀了妳! 竹科工程師駭援交女雲端竊性愛片
https://tw.appledaily.com/new/realtime/20190324/1538818/
「激烈掌聲」後暈船!他追援交妹滑鐵盧 竟駭入雲端散布性愛片
https://www.ettoday.net/news/20190324/1406572.htm
女同熱門約會軟體「熱拉」數據庫未加密,超過500萬使用者個資暴露風險
https://www.inside.com.tw/article/15965-rela-data-exposed
大陸同志交友網站資料外洩 逾 500 萬用戶受影響
https://unwire.hk/2019/03/29/rela-data-exposed/tech-secure/
淫威太可怕!詐騙集團冒充中國大使館專騙海外中國人
https://news.ltn.com.tw/news/world/breakingnews/2745110
假冒銀行相關企業詐欺 雄檢聲押4嫌獲准
https://www.cna.com.tw/news/asoc/201903290182.aspx
中國式P2P:錢多騙子多傻子更多
https://www.secretchina.com/news/b5/2019/03/30/888905.html
荷蘭公民網銀詐騙失財 華人:詐騙郵件難辨真假
https://bit.ly/2WAubPV
河南破獲電信網路詐騙案 23名嫌犯落網
https://news.sina.com.tw/article/20190327/30670400.html
新型詐騙方式出現!PS網銀轉賬截圖警方提醒警惕QQ詐騙新套路
https://bit.ly/2JTzBEn
DHL網釣網頁殃及奈及利亞國會網站
https://ithome.com.tw/news/129694
離奇!亞馬遜老闆私照外流 竟扯上華郵記者分屍案
https://www.chinatimes.com/realtimenews/20190401002709-260408?chdtv
惡意散佈假新聞要關 10 年!新加坡為了反假新聞立法,會衝擊言論自由嗎
https://buzzorange.com/2019/04/02/how-singapore-introduces-anti-fake-news-law/
變臉詐騙攻擊捲土重來,亞信安全提醒加強社交工程防範
https://www.aqniu.com/vendor/45979.html
8年級生網路吸金逾億元 吸金集團百博3幹部被聲押禁見
https://news.ltn.com.tw/news/society/breakingnews/2746439
金融詐騙涉信用卡案最多 廣東上海福建成重災區
https://hk.on.cc/hk/bkn/cnt/cnnews/20190403/bkn-20190403142904272-0403_00952_001.html
資生堂資安聲明
https://www.watashiplus.com.tw/SecurityPolicy
又被駭!豐田汽車IT系統遭入侵 310萬筆客戶資料恐外洩
https://ec.ltn.com.tw/article/breakingnews/2746461
驚!臉書兩家app開發商 用戶資料竟存公開資料庫
https://udn.com/news/story/6811/3736814?from=udn-catebreaknews_ch2
又爆資安風波!臉書於亞馬遜伺服器 5.4 億個資外洩
https://www.inside.com.tw/article/16013-540-million-facebook-user-records-exposed-online-inclu
設網站賣金礦!台中男「12天撈2919萬」下場卻超慘
https://www.setn.com/News.aspx?NewsID=521986
貼圖騙倒40萬人!用這方法可以一秒辨識
https://blog.trendmicro.com.tw/?p=60087
立陶宛男子冒充台灣知名硬體公司,詐騙Google和Facebook上億美元
https://blog.trendmicro.com.tw/?p=60074
Phishing Attack Uses Browser Extension Tool SingleFile to Obfuscate Malicious Log-in Pages
https://blog.trendmicro.com/trendlabs-security-intelligence/phishing-attack-uses-browser-extension-tool-singlefile-to-obfuscate-malicious-log-in-pages/
Maryland Man Sentenced for Leading $4.2 Million BEC Scheme
https://www.bankinfosecurity.asia/maryland-man-sentenced-for-leading-42-million-bec-scheme-a-12335
Indian govt agency left details of millions of pregnant women exposed online
https://www.zdnet.com/article/indian-govt-agency-left-details-of-millions-of-pregnant-women-exposed-online/
Large Privacy Breach In India: Millions of Pregnant Women Had Their Details Leaked
https://securitydiscovery.com/large-privacy-breach-in-india/
Card breach reported at Buca di Beppo, Planet Hollywood, and other restaurants
https://www.zdnet.com/article/card-breach-reported-at-buca-di-beppo-planet-hollywood-and-other-restaurants/#ftag=RSSbaffb68
Toyota announces second security breach in the last five weeks
https://www.zdnet.com/article/toyota-announces-second-security-breach-in-the-last-five-weeks/#ftag=RSSbaffb68
Toyota Reveals a Second Data Breach
https://www.bankinfosecurity.com/toyota-reveals-second-data-breach-a-12303
Data breach exposes diagnosis data of 34,000 medical marijuana patients
https://www.zdnet.com/article/data-breach-exposes-data-of-34000-medical-marijuana-patients/#ftag=RSSbaffb68
Tracking Common Causes of Recent Health Data Breaches
https://www.bankinfosecurity.com/tracking-common-causes-recent-health-data-breaches-a-12307
Facebook Caught Asking Some Users Passwords for Their Email Accounts
https://bit.ly/2FMYex7
Georgia Tech Data Breach Exposes 1.3 Million Users' Personal Data
https://bit.ly/2Ib1Uvl
Chinese companies have leaked over 590 million resumes via open databases
https://www.zdnet.com/article/chinese-companies-have-leaked-over-590-million-resumes-via-open-databases/#ftag=RSSbaffb68
Facebook demand for new user email passwords reveals appalling lack of security awareness
https://www.zdnet.com/article/facebook-demanded-new-user-email-passwords-in-appalling-security-misstep/#ftag=RSSbaffb68
Cybercriminals Feast on Earl Enterprises Customer Data Exposed in Data Breach
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/earl-enterprises-breach/
E.研究報告
從0到ReverseShell:路由器漏洞靶場DVAR實踐
https://www.anquanke.com/post/id/175493
Pwn2Own:研究人員成功入侵Tesla Model 3
https://www.ithome.com.tw/news/129607
Google開源C/C++函式庫沙盒專案Sandboxed API
https://times.hinet.net/topic/22282779
軟件測試趨向業務測試:不僅針對代碼漏洞過程和人也很重要
https://www.aqniu.com/news-views/45406.html
Java的反序列化漏洞的一些利用鏈分析
https://www.anquanke.com/post/id/173459
use-after-free漏洞發現之旅use-after-free漏洞發現之旅
https://my.oschina.net/u/3585265/blog/3024981
Nexus Repository Manager 3(CVE-2019-7238) 遠程代碼執行漏洞分析和復現
https://www.cnblogs.com/backlion/p/10564322.html
某通用交易所存在SQL注入漏洞
http://www.twoeggz.com/news/13828228.html
Weblogic(CVE-2017-10271)漏洞復現
http://www.manongjc.com/article/76797.html
利用Consul RCE漏洞傳播的挖礦木馬分析
https://www.anquanke.com/post/id/173818
CVE-2014-4113内核漏洞分析
https://xz.aliyun.com/t/4456
空安全意識,擼碼一時手抖elFinder-2.1.47代碼執行漏洞-CVE-2019-9194詳解
https://xz.aliyun.com/t/4444
Faraday:一款多功能協同式滲透測試工具&漏洞管理平台
http://www.sohu.com/a/302807891_354899
分析Avira VPN的兩處提權漏洞
https://www.anquanke.com/post/id/173850
iThome 資安大會 2019 駭客如何利用公開工具在內部網路中暢行無阻 - YCY
https://bit.ly/2CJVLCY
LibreOffice套件遠程代碼執行漏洞分析
http://www.sohu.com/a/303299441_354899
Windows 內核邏輯漏洞:IO 管理器訪問模式不匹配
https://www.chainnews.com/articles/626319155046.htm
CVE-2014-4113內核漏洞分析
https://sec-wiki.com/news/17032
web安全漏洞之CSRF
https://juejin.im/post/5c961d6ee51d457eab35604c
WinRAR漏洞CVE-2018-20250攻擊樣本分析
https://paper.tuisec.win/detail/b2715856fedc9cd
MongoDB漏洞檢測最佳實踐
https://www.alibabacloud.com/help/zh/doc-detail/112026.htm
Ubuntu18.10 安裝openvas 以及使用openvas進行簡單漏洞掃描分析
https://bbs.pediy.com/thread-250398.htm
最新某某“機器人漏洞分析及安全體系研究(ISC安全訓練營)(4課時)”
http://www.manongjc.com/article/79221.html
通過漏洞利用模版使漏洞利用自動化
https://www.4hou.com/web/16902.html
Web安全— 邏輯漏洞講解
http://www.52bug.cn/hkjs/5728.html
Java序列化對象:漏洞流行性調研,滲透和安全檢測
http://www.twoeggz.com/news/13972599.html
研究人員在思科企業路由中發現安全漏洞,思科的修復方法思路清奇
https://www.landiannews.com/archives/57055.html
從session角度學習反序列化漏洞
https://xz.aliyun.com/t/4528
XSS漏洞原理及分類講解
https://www.bilibili.com/video/av47723325/
使用wmap掃描指定網站並獲取網站漏洞信息
https://blog.csdn.net/henni_719/article/details/88916528
Vuls:針對LinuxFreeBSD的無代理端型漏洞掃描工具
https://4hou.win/wordpress/?p=30607
研究人員演示英特爾VISA 漏洞
https://www.solidot.org/story?sid=60092
新世代應用架構保護新標準 SSL全面可視化
https://bit.ly/2OCLTzv
Vuls:針對LinuxFreeBSD的無代理端型漏洞掃描工具
https://www.jishuwen.com/d/2yRN/zh-tw
路由器漏洞挖掘之DIR-805L 越權文件讀取漏洞分析
https://www.anquanke.com/post/id/175625
TP-Link SR20路由器0 day漏洞
https://www.4hou.com/info/news/17096.html
基於攻擊流量和日誌對Weblogic的各類漏洞的分析思路
http://www.51888.me/post/id/175738
Google search – XXE writeup (local file read)
https://bit.ly/2UCGQV8
Ghidra SRE: The AZORult Field Test
https://blog.yoroi.company/research/ghidra-sre-the-azorult-field-test/
Commando VM — Turn Your Windows Computer Into A Hacking Machine
https://bit.ly/2OEhRvk
Security Nightmare: Users Fail to Wipe USB Drives
https://www.bankinfosecurity.com/blogs/security-nightmare-users-fail-to-wipe-usb-drives-p-2733
Updated Analysis of PatchGuard on Microsoft Windows 10 RS4
https://bit.ly/2VaR8ZO
x64 Cheat Sheet
https://bit.ly/2TKPYm4
ICMP-REACHABLE
https://bit.ly/2uAyG11
Let’s play with Qulab, an exotic malware developed in AutoIT
https://bit.ly/2uAyrTF
Running ELF executables from memory
https://bit.ly/2JSJlyG
$50 million CTF Writeup
https://bit.ly/2FCbdle
AutoMacTC: Automated Mac Forensic Triage Collector
https://bit.ly/2JUFHEz
android-restriction-bypass
https://bit.ly/2FKPOqe
[EN] Down the Rabbit Hole - Part I: A Journey into the UEFI Land
https://bit.ly/2uyCDU5
[EN] Down the Rabbit Hole - Part II: Analyzing an EFI Application with Radare2
https://bit.ly/2FNOjZq
[EN] Down the Rabbit Hole - Part III: Patching the Whitelist
https://bit.ly/2HM6uRm
FireEye debuts Windows Commando VM as Linux Kali rival
https://www.zdnet.com/article/fireeye-debuts-windows-commando-vm-as-rival-to-linux-kali/#ftag=RSSbaffb68
[BlackHat Asia 2019] CQTools: The New Ultimate Hacking Toolkit
https://cqureacademy.com/blog/no-category/black-hat-asia-2019-tools
Mattiwatti/EfiGuard
https://github.com/Mattiwatti/EfiGuard
ivRodriguezCA/RE-iOS-Apps
https://bit.ly/2Uw5xCK
NSA Releases GHIDRA Source Code — Free Reverse Engineering Tool
https://bit.ly/2Idhu9V
Analysis of a Chrome Zero Day: CVE-2019-5786
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analysis-of-a-chrome-zero-day-cve-2019-5786/
F.商業
環旭電子攜微軟推全球首款兼顧資安與傳輸模塊
https://zh.apdnews.com/prnasia/944523.html
自有核心技術 帕卡人臉考勤系統 資安有保障
https://bit.ly/2HOsPhi
《電腦設備》安碁創國內首座工控資安系統實驗平台
https://www.chinatimes.com/realtimenews/20190325001796-260410?chdtv
路由器資安、功能全面提升!Archer A9 端出競爭價
https://bit.ly/2U5netF
網路詐騙年輕化 諾頓抵禦潛在威脅對症下藥 保護您的數位生活安全
https://n.yam.com/Article/20190327417109
108年資訊安全檢測診斷服務團隊遴選申請
http://www.cisanet.org.tw/News/news_more?id=2101
報稅季將至 財部加緊申報系統壓力測試
https://bit.ly/2V4djRn
IBM以知識圖譜技術重建APT攻擊者痕跡,更要推論出企業未來容易受攻擊的潛在弱點
https://www.ithome.com.tw/news/129549
趨勢科技指出威脅情勢正在轉變,企業需重新思考資安重點
https://bit.ly/2OQ5EE8
趨勢科技 2018 年 Cloud App Security 報告: 針對進階電子郵件威脅的進階防禦
https://blog.trendmicro.com.tw/?p=59925
託管式偵測及回應服務( MDR)如何協助解決持續性的威脅
https://blog.trendmicro.com.tw/?p=59921
Cynet Offers Free Threat Assessment for Mid-Sized and Large Organizations
https://bit.ly/2OLYDnG
SUSE Linux and enterprise Raspberry Pi
https://www.zdnet.com/article/suse-linux-and-enterprise-raspberry-pi/#ftag=RSSbaffb68
G.政府
「訪美前電腦被駭」 柯文哲華府談貿易戰
http://www.epochtimes.com/b5/19/3/20/n11127713.htm
談華為手機管制 柯P自曝:北市府曾遭駭疑是內賊所致
https://tw.appledaily.com/life/realtime/20190321/1537076
訪美提及電腦被駭行程外洩 柯文哲:市府有內賊
https://m.ltn.com.tw/news/politics/breakingnews/2733979
資安防禦難度增,政院:加強區域聯防
https://www.chinatimes.com/realtimenews/20190321001026-260410?chdtv
數位身分識別證印製 徐國勇:廠商不能有中國資金
https://www.rti.org.tw/news/view/id/2015318
打擊假訊息 調查局舉辦假訊息研習班
https://udn.com/news/story/7321/3713164
防堵中國網軍等境外威脅 調查局開假訊息研習班訓練幹員
https://news.ltn.com.tw/news/society/breakingnews/2735743
打擊假訊息…調查局開辦研習班 呂文忠親上陣
https://udn.com/news/story/7321/3713826
測試金融業資安戰力 金管會將邀國際駭客來台紅藍大戰
https://udn.com/news/story/7239/3710911
政院促整合 打造資安產業國家隊
https://www.ocacnews.net/overseascommunity/article/article_story.jsp?id=243703
北市智慧城市有無華為設備? 柯:要回去查
https://bit.ly/2K2ARou
台灣學術網路月遭駭客攻擊逾29億次 科技部說安啦
https://udn.com/news/story/7314/3721384
學術網路單月遭29億次攻擊 陳良基:100%排除
https://bit.ly/2FJeWO5
學術網路遭惡意攻擊 科技部:掌控中無技術遭竊
https://udn.com/news/story/7314/3721545
行政院、LINE啟動數位當責計畫 合作對抗假訊息
https://udn.com/news/story/7251/3722572
資安即國安 禁陸資通產品防受「駭」
https://www.ydn.com.tw/News/330345
2020大選前設置網安平台 國安局:反制共軍網戰
https://udn.com/news/story/6656/3729023
防治中共干涉2020大選 國安局設置網安平台
https://newtalk.tw/news/view/2019-03-31/227240
雲端開放 金管會提3大原則
https://www.chinatimes.com/newspapers/20190401000183-260202?chdtv
STO曝險3千萬以下 擬免進沙盒
https://www.chinatimes.com/newspapers/20190401000181-260202?chdtv
STO金融監理沙盒辦法下週見真章?4/12公聽會 各交易所樂見其成
http://news.knowing.asia/news/1b111e64-e216-4253-9493-7610401c7b58
STO到底要怎麼管?除了「管定了!」金管會主委顧立雄還說過這些
http://news.knowing.asia/news/eac54809-abae-456e-a3b8-e269756aa77f
證券型代幣監理法規未明 專家籲以關注代替投注
https://www.cna.com.tw/news/afe/201904040032.aspx
政院禁大陸資通訊產品 將擴及地方政府
https://udn.com/news/story/6656/3736998?from=udn-ch1_breaknews-1-cate1-news
網路惡意內容多 立委:至今只罰3件
https://anntw.com/articles/20190401-XdB2
報稅季將開跑! 國稅局將加班延長服務時間
https://ec.ltn.com.tw/article/breakingnews/2748008
H.SCADA/ICS/工控系統
工控設備安全漏洞多 帳號管理須嚴控
https://ec.ltn.com.tw/article/paper/1275958
研究:去年有2成以上工控系統偵測到惡意程式,比前一年更活躍
https://www.ithome.com.tw/news/129642
國際工控資安發展聚焦5大面向,臺灣將在7月設置自來水處理測試平臺
https://www.ithome.com.tw/news/129756
An overview of cyber-attack vectors on SCADA systems
https://ieeexplore.ieee.org/document/8355379
I.教育訓練
使用 Android 資料庫: Room
https://bit.ly/2YJLznc
Hello Python!|Python入門詳細介紹
https://bit.ly/2Uyne4w
Learn Ethical Hacking with 180 Hours of Training — 2019 Course Bundle
https://bit.ly/2HQXOt1
Introducing the Web Security Academy
https://portswigger.net/blog/introducing-the-web-security-academy
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
汽車防盜警報系統漏洞,讓駭客能夠劫持汽車
https://blog.trendmicro.com.tw/?p=59918
工業互聯網安全開始走向消費領域
https://www.aqniu.com/news-views/46103.html
物聯網百花齊放 資安立法刻不容緩
https://www.chinatimes.com/newspapers/20190324000248-260204?chdtv
智慧監控市場商機無限 資安標準引領技術發展方向
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000547698_ROG7FOQU8QOEBA9EC97IJ
研華x StarFab物聯網加速器 攜手打造物聯網生態系
https://www.digitimes.com.tw/iot/article.asp?cat=130&id=0000556214_7X014T042OO7M43MOIUME
天羅地網監錄系統 大幅提升桃警辦案效能
https://tyenews.com/2019/03/12281/
「駭」進醫院 癱瘓救生 像在病患體內埋入不定時炸彈
https://vision.udn.com/vision/story/12939/3722038
萬物聯網挑戰安防系統 晶睿通訊兼具資安與效能
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=50&cat2=10&id=0000556536_IVR48N9H4RA1G45IMZSY3
駭客破解監視器意外看到看護工被…性侵
http://www.wifi3c.tw/2019/03/news27/
全球物聯網資安發展與廠商動態
https://bit.ly/2WzjEEK
網路攝影機資安認驗證的安全要求大公開,高標準助臺產品強化資安功能
https://www.ithome.com.tw/news/129548
新加坡物聯網展 貿協助我商串連新南向智慧城市商機
https://n.yam.com/Article/20190401744943
【不只掌控能源,駭客更試圖操控金融及媒體】關鍵基礎設施面臨更險峻的威脅
https://www.ithome.com.tw/news/129721
【霹靂遊俠來了】馬斯克打造萬能電腦車 特斯拉車都變「夥計」
https://tw.appledaily.com/new/realtime/20190404/1544769/
中國研究人員破解特斯拉自動駕駛漏洞可能誤變道駛入對向車道
https://www.sohu.com/a/305689390_162522?sec=wd
趨勢科技攜手Luxoft打造連網汽車資安防護,確保車輛與行動服務安全
https://bit.ly/2VjSly4
Seven out of ten Americans are comfortable with IoT tech in the home
https://www.zdnet.com/article/seven-out-of-ten-americans-are-comfortable-with-iot-tech-in-the-home/#ftag=RSSbaffb68
Data science, ethics, and the 'massive scumbags' problem
https://www.zdnet.com/article/data-science-ethics-and-the-massive-scumbags-problem/#ftag=RSSbaffb68
6.近期資安活動及研討會
「資訊系統分級與資安防護基準」教育訓練 4/8
http://net.nthu.edu.tw/2009/mailing:announcement:20190327_02
ANSIBLE-Automation for everyone研討會 4/9
https://www.uuu.com.tw/Public/content/Edm/190409_Ansible.htm
亞洲矽谷計畫-強化物聯網資安防護成果發表會 4/10
https://www.cs.nctu.edu.tw/announcements/detail/3881
網路封包分析實務 4/11
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3826&from_course_list_url=homepage
【課程】大數據爬蟲技術實作,使用Python實作網路爬蟲,快速有效獲取大量資料,打造自動化金融數據平台 4/13
https://www.techbang.com/posts/58613-course-python-crawler-technology-implementation
對不起駭到你 4/13
https://tfc.kktix.cc/events/hacking-you-sorry?locale=en
2019 ICANN APAC-TWNIC Engagement forum 4/16~4/17
https://forum.twnic.tw/
Industrial Control Systems (ICS) Cyber Security Conference APAC April 16-18, 2019
https://www.icscybersecurityconference.com/
Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, April 17, 2019
https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzgbwb/
國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術與談發表會 4/18
https://www.accupass.com/event/1904020622403023353630
網站弱點評估實務 4/18
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3830&from_course_list_url=homepage
資策會「網路媒體公關經營實務班」課程,善用新媒體策略擴散您的品牌! 4/18
http://www.iiiedu.org.tw/ites/MPR.htm
國立交通大學 亥客書院 - 緩衝區溢位攻擊與預防 新竹 4/20
https://hackercollege.nctu.edu.tw/?p=1052
資安健診 4/25
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3834&from_course_list_url=homepage
國立交通大學 亥客書院 - 基礎網站安全建構實務 5/4
https://hackercollege.nctu.edu.tw/?p=1045
Pwn入門 5/5
https://hackersir.kktix.cc/events/fcu190505
Elixir台灣 台北 Meetup # Monday, May 6, 2019
https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/
資安健診 5/9
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3827&from_course_list_url=homepage
國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
https://hackercollege.nctu.edu.tw/?p=1054
iTHome 台灣雲端大會 Cloud Summit 2019 2019年 5 月 15 日 (三) 09:00~17:00
https://cloudsummit.ithome.com.tw/
Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/
網路封包分析實務 5/16
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3831&from_course_list_url=homepage
源碼檢測實作 5/23
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3835&from_course_list_url=homepage
第二十九屆全國資訊安全會議 5/23 ~ 5/24
https://cisc2019.cs.pu.edu.tw/index.php
International Conference CONSTRUCTIVE THEORY OF FUNCTIONS - 2019 SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/
國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
https://hackercollege.nctu.edu.tw/?p=1039
Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/
資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」 8/29 ~ 8/30
http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==
Splunk .conf 19 10/21 ~ 10/24
https://conf.splunk.com/
Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019
https://www.icscybersecurityconference.com
沒有留言:
張貼留言