跳到主要內容

資安事件新聞週報 2019/4/1 ~ 2019/4/5

資安事件新聞週報  2019/4/1  ~  2019/4/5

1.重大弱點漏洞
WinRAR Zero-day Abused in Multiple Campaigns
https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html

新披露Jenkins RCE 漏洞成ImposterMiner 挖礦木馬新" 跳板"
https://www.chainnews.com/articles/931620544952.htm

因配置失誤超過1.3萬 iSCSI 存儲集群暴露在網路上
https://www.zdnet.com/article/over-13k-iscsi-storage-clusters-left-exposed-online-without-a-password/

甲骨文「通知」用戶付費取得Java 8安全修補程式,否則小心被駭
https://www.ithome.com.tw/news/129726

研究人員:HTTPS不如你想的安全,5.5%含有TLS漏洞
https://www.ithome.com.tw/news/129684

PuTTY 多個漏洞
https://thehackernews.com/2019/03/putty-software-hacking.html

Windows 10 收到奇怪的通知訊息?不是中毒,只是微軟不小心誤發的 Bug
https://www.kocpc.com.tw/archives/252222

微軟警告Windows 7用戶:安全更新即將結束
https://fnc.ebc.net.tw/FncNews/else/74214

Windows 10 1809進一步全面釋出
https://www.ithome.com.tw/news/129656

Microsoft Office Access Connectivity Engine遠程代碼執行漏洞
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0748

Microsoft Windows Kernel信息洩露漏洞
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0755

Improving the Windows 10 update experience with control, quality and transparency
https://bit.ly/2VsbI88

Microsoft Edge and Internet Explorer Zero-Days Allow Access to Confidential Session Data
https://bit.ly/2G2qKw0

Windows 10 Home edition users are big winners as Microsoft overhauls its update process
https://zd.net/2VnVLQt

Microsoft is making big Windows 10 update changes starting with the May 2019 release
https://zd.net/2uKVoUp

去年10個最常被駭客開採的漏洞中,有8個是微軟漏洞
https://www.ithome.com.tw/news/129487

微軟發現華為Matebook筆記本安全漏洞,華為已於1月份修復
https://www.expreview.com/67563.html

抓到了!華為筆電遭微軟揭露「後門」漏洞
https://bit.ly/2UmI2vH

微軟發現華為MateBook自帶PCManager程序的提權漏洞
https://www.cnbeta.com/articles/tech/831621.htm

權威認證! 微軟:發現華為電腦存在後門
https://ec.ltn.com.tw/article/breakingnews/2745338

VMware 產品多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/03/29/VMware-Releases-Security-Updates

快升級到Chrome 72!舊版行動Chrome爆有讓駭客竊取帳密的重大漏洞
https://www.ithome.com.tw/news/129490

Researcher publishes Google Chrome exploit
https://www.zdnet.com/article/researcher-publishes-google-chrome-exploit/#ftag=RSSbaffb68

Awesome Google Chrome extensions (April 2019 edition)
https://www.zdnet.com/pictures/awesome-google-chrome-extensions-april-2019-edition/#ftag=RSSbaffb68

注意!NSA逆向工程工具存在遠程代碼執行漏洞
https://www.secrss.com/articles/9269

Google Photos含有可洩露拍照時間與地點的臭蟲
https://www.ithome.com.tw/news/129491

駭客開採WordPress外掛程式漏洞以進行技術支援詐騙
https://www.ithome.com.tw/news/129525

Pwn2Own 2019駭客競賽首日:Mac版Safari瀏覽器再曝兩個零日漏洞
http://big5.pconline.com.cn/b5/news.pconline.com.cn/1242/12420857.html

IBM MQ Console跨站腳本漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10734457

IBM DB2 多個漏洞
https://www.auscert.org.au/bulletins/78346

多款IBM產品緩衝區錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1992

CUJO Smart Firewall 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4002

NetIQ eDirectory 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9166

思科通過屏蔽curl 修復安全漏洞
https://www.solidot.org/story?sid=60065

思科遭爆RV320和RV325路由器安全補丁未修復漏洞,僅是避免有漏洞裝置被發現
https://www.ithome.com.tw/news/129728

Cisco IOS和IOS XE輸入驗證漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar

Cisco IOS XE 存在安全性弱點
https://www.us-cert.gov/ncas/current-activity/2019/03/28/Cisco-Releases-Security-Update-Cisco-IOS-XE

思科 ClamAV 多個漏洞
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

Clam AntiVirus 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1785

Mikrotik RouterOS又曝出0day DDoS 漏洞
https://nosec.org/home/detail/2429.html

Dovecot 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7524

pfSense訪問限制繞過漏洞
https://redmine.pfsense.org/attachments/2690/sshguad_by_service_filtering.patch

在沒有回應後安全研究人員公開普聯路由器0day 漏洞
https://www.solidot.org/story?sid=60082

TP-Link 不回應,安全工程師公開了其路由器漏洞
https://www.oschina.net/news/105548/tplink-router-flaw

TP-Link router zero-day offers your network up to hackers
https://nakedsecurity.sophos.com/2019/04/02/tp-link-router-zero-day-that-offers-your-network-up-to-hackers/

Google security engineer discloses zero-day flaw in TP-Link smart home routers
https://www.zdnet.com/article/google-dev-discloses-zero-day-flaw-in-tp-link-smart-home-routers/#ftag=RSSbaffb68

【Gamers 有難】Nvidia GeForce Experience 漏洞喪失電腦控制權
https://bit.ly/2HOeNvZ

solarwinds serv-u_ftp_server CVE-2018-15906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15906

HPE Intelligent Management Center IMC SOM 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12555

Netis-Systems Website - Sql injection
https://www.anquanke.com/vul/id/1556599

Researchers discover and abuse new undocumented feature in Intel chipsets
https://www.zdnet.com/article/researchers-discover-and-abuse-new-undocumented-feature-in-intel-chipsets/#ftag=RSSbaffb68

Magento's Latest Patches Should Be Applied Immediately 
https://www.bankinfosecurity.com/magentos-latest-patches-should-be-applied-immediately-a-12292

Magento 2.3.1, 2.2.8 and 2.1.17 Security Update
https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update

Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly
https://bit.ly/2VcUpYu

D-link -- Dir-816_firmware  CVE-2019-10040
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10040

D-link -- Dir-816_firmware  CVE-2019-10042
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10042

Dovecot  CVE-2019-7524
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-7524

Fortinet -- Fortiportal  CVE-2017-7342
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7342

FortiOS 多個漏洞
https://www.auscert.org.au/bulletins/78226

Micro Focus  Arcsight_logger  CVE-2019-3479
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3479

Micro Focus  Arcsight_logger  CVE-2019-3481
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3481

Micro Focus  Arcsight_logger  CVE-2019-3484
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3484

Redhat -- Ansible CVE-2019-3828
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3828

CVE-2019-0192: Mitigating Unsecure Deserialization in Apache Solr
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-0192-mitigating-unsecure-deserialization-in-apache-solr/

New Apache Web Server Bug Threatens Security of Shared Web Hosts
https://thehackernews.com/2019/04/apache-web-server-security.html

Apache 服務器高危漏洞給予共享託管環境的惡意用戶root 權限
https://www.solidot.org/story?sid=60134

漏洞預警|Apache HTTP服務組件曝提權漏洞,可獲取服務器root權限
http://www.xway.cn/bug/vulnerability.php?id=38&page=1

Apache Hadoop安全繞過漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11767

Apache HTTPD 多個漏洞
https://thehackernews.com/2019/04/apache-web-server-security.html

Linux發行版Ubuntu MATE開始支援樹莓派
https://www.ithome.com.tw/news/129755

Synology MailPlus Server 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13296

Synology SSL VPN Client 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13283

SAP SRM MDM Catalog身份驗證繞過漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2449

谷歌:光靠軟件修復不能完全防禦“幽靈”漏洞
http://www.xxlinux.com/download/17272.html

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
2019金融業IT投資戰略分析
https://www.ithome.com.tw/article/129515

【銀行測試】CFI 網絡安全防衛計劃 9 月中進入第三階段
https://bit.ly/2FP5HgB

小心資料遭竊!手機購物與銀行交易需留意4大風險
https://www.setn.com/News.aspx?NewsID=516459

展現拚網銀決心,LINE 資料將落地台灣
http://finance.technews.tw/2019/03/25/the-line-data-will-land-in-taiwan/

首 3 張虛擬銀行牌 財團全部有中資 京東、攜程、眾安有份
https://bit.ly/2WA6oQ6

Open Banking 趨勢來襲,台灣金融機構該如何培育即戰力人才
https://www.limitlessiq.com/news/post/view/id/9103/

行庫防駭 齊設資安團隊
https://bit.ly/2FMlPix

升級核心系統 銀行競砸重本
https://bit.ly/2FM6cH0

鎖定非24小時超商 竊盜集團偷走整台ATM
https://www.chinatimes.com/realtimenews/20190401000797-260402?chdtv

中國大陸央行:防範電信網路新型違法犯罪 構築支付安全防線
https://news.sina.com.tw/article/20190329/30698056.html

強化金融防詐工作 警銀合作聯合反詐騙
https://www.chinatimes.com/realtimenews/20190329002956-260402?chdtv

網購信用卡資料 前銀行職員被捕
http://www.udnbkk.com/article-276268-1.html

瑞典警方突擊搜查瑞典銀行總部,俄羅斯洗錢醜聞持續擴大
https://on.wsj.com/2uEjSOR

P2B網路融資媒合平台 幫助小微企業緩解短期融資不易的困境
https://news.cnyes.com/news/id/4297118

Hackers abuse Magento PayPal integration to test validity of stolen credit cards
https://www.zdnet.com/article/hackers-abuse-magento-paypal-integration-to-test-validity-of-stolen-credit-cards/

Financial Apps are Ripe for Exploit via Reverse Engineering
https://threatpost.com/financial-apps-are-ripe-for-exploit-via-reverse-engineering/143348/

In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code
https://bit.ly/2KedF7c

來捧金飯碗!華南銀行徵才428位 起薪最高直飆6萬
https://www.ettoday.net/news/20190322/1405347.htm

板信銀行實習招募事項
http://ft.takming.edu.tw/news/news.php?Sn=351

信用卡偽冒調查人員
https://www.104.com.tw/job/?jobno=6kdlv

合作金庫人壽108年儲備人員甄選
http://ptc.tabf.org.tw/tw/Ptc_108tcblife/

富邦金控 大舉徵才逾6,800人
https://money.udn.com/money/story/5636/3737888

3.電子支付/電子票證/行動支付/ 新聞及資安

行動金融暗藏危機 四大風險不可不慎
https://www.taiwannews.com.tw/ch/news/3664618

信用卡生態 「行動支付」在美行不通
https://udn.com/news/story/6813/3731015

日本正在討論向電子儲值卡“Suica”等電子支付系統提供加密貨幣充值服務
http://www.leilook.com/archives/14149

LINE PAY新活動  轉贈紅包抽點數  小心淪陷詐騙
https://times.hinet.net/news/22303315

【支付寶漏洞】跨境轉賬推出1個月即出事!港用戶無端被過數
https://hk.news.appledaily.com/local/realtime/article/20190403/59444070

支付寶香港爆漏洞!跨境轉帳開通首月 港用戶被異常交易 AlipayHK:已修復
https://bit.ly/2FYj7qm

關於CoinEgg上線電子支付通證(EPT)的公告
https://bit.ly/2CYytct

5.虛擬貨幣/區塊鍊   新聞及資安
芝加哥期權交易所將關閉比特幣期貨交易
https://ec.ltn.com.tw/article/breakingnews/2731923

加密貨幣市場如何監管?看看美國前CFTC主席怎麼說
http://news.knowing.asia/news/40329b9d-f2c0-45b2-a38e-26f9223f3e49

聲稱是公司代表,詐騙犯騙取義大利數位貨幣投資者共30萬美元
https://m.moneydj.com/f1a.aspx?a=c162cb17-30b6-4723-badd-1bf93703b1b2

軍規等級解決方案現身台灣資安大會 一張 Micro SD 讓你擁有硬體錢包安全性
https://blockcast.it/2019/03/23/cyber-security-taiwan-2019/

OK Coin的破與立:交易所真正區塊鏈化了
http://news.knowing.asia/news/68e1d331-d589-4770-8a1c-8831a3c9d3f9

卡巴斯基:駭客組織 Lazarus 再出新花招鎖定加密貨幣
https://blockcast.it/2019/03/27/cryptocurrency-businesses-still-being-targeted-by-lazarus/

縱觀各大交易所在被盜後,都做了什麼?後來又怎麼樣了
http://news.knowing.asia/news/c123a456-db93-4f24-887d-7a7d67c915ff

傳統APP存在這6大痛點,使DApps成為區塊鏈產業的重要板塊之一
http://news.knowing.asia/news/f9633957-a834-4112-9a57-f7c6eb750ccb

Bithumb交易所約1300萬美元EOS被盜,疑似有「內鬼」
http://news.knowing.asia/news/beba5415-c94d-437b-8944-6523386a9e7d

駭客連環狙擊,交易所損失逾500萬美元
http://news.knowing.asia/news/25f3d738-fe80-4272-8462-dc53527ef5a1

委內瑞拉金融崩潰 Bitcoin 成國民貨幣
https://bit.ly/2UboD1z

瑞士楚格「加密谷」區塊鏈新天堂
https://udn.com/news/story/6868/3733891

北韓駭客瘋狂作案盜竊6.7億美元加密貨幣,只為擺脫美國制裁
http://news.knowing.asia/news/9eda9d4b-c3a3-459f-9c3d-361ae9351f7b

加密貨幣竊盜案再添一樁!一分鐘弄懂韓國知名交易所Bithumb被駭事件始末
http://news.knowing.asia/news/d1d9236f-b39b-4301-a3eb-95fc2b106ade

技術媲美IBM的台灣區塊鏈新星 兩個月內登上三家世界級交易所
https://discovery.ettoday.net/news/1414153

全球不動產網路平台將上線採區塊鏈技術 降交易成本
https://money.udn.com/money/story/5602/3738178

Hackers Steal $19 Million From Bithumb Cryptocurrency Exchange
https://bit.ly/2VaaVZv

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體
新種Mirai殭屍網路死灰復燃,這次目標是企業級IoT裝置
https://www.ithome.com.tw/news/129449

新款Android木馬程式Gustuff鎖定金融程式與加密貨幣程式
https://www.ithome.com.tw/news/129672

Asus Live Update 被植入惡意軟件快檢查你的 MAC 位址
https://news.xfastest.com/asus/60791/asus-live-update-mac/

華碩資安爆漏洞! 「駭」進更新系統植病毒
https://bit.ly/2Uk5gTh

筆電更新爆資安漏洞華碩:已在管控之中
https://www.ustv.com.tw/UstvMedia/news/103/20190326A138

華碩電腦集體被植入後門病毒?卡巴斯基:恐百萬台華碩電腦中毒
https://applealmond.com/posts/50107

華碩電腦集體被植入後門病毒?卡巴斯基:恐百萬台華碩電腦中毒
https://shadowhammer.kaspersky.com/index.php

華碩釋出ShadowHammer惡意程式偵測工具,遭微軟誤判為惡意程式
https://www.ithome.com.tw/news/129613

中國360威脅情報中心分析ShadowHammer的600個攻擊目標MAC地址,超過4成使用華碩網卡
https://www.ithome.com.tw/news/129630

新款Android木馬程式Gustuff鎖定金融程式與加密貨幣程式
https://www.ithome.com.tw/news/129672

新JNEC.a勒索軟件曝光,利用WinRAR ACE漏洞傳播
https://zhuanlan.zhihu.com/p/59831084

微軟資安報告,亞太區成挖礦惡意程式的重災區
https://technews.tw/2019/03/22/microsoft-security-report-says-asia-pacifice-are-is-the-hot-spot-of-cryptocurrency-mining/

是愛還是恨?Microsoft 將 Defender 防病毒軟件帶到 Mac 平台
https://qooah.com/2019/03/21/microsoft-defender-for-mac/

Beazley:遭到勒索軟體攻擊的企業中,7成為中小型企業
https://www.ithome.com.tw/news/129565

造成烏克蘭大停電的惡意程式,可能也攻擊礦業公司與鐵路
https://twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=313

勒索軟體攻擊目標:71%為中小企業
https://www.jishuwen.com/jump/aHR0cDovL3d3dy50dWljb29sLmNvbS9hcnRpY2xlcy9hMklqQXJW

紐約州阿巴尼市遭勒索軟體攻擊,致部份服務中斷
https://www.ithome.com.tw/news/129764

From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw
https://bit.ly/2HXJuON

Emotet Update: New C2 Communication Followed by New Infection Chain
https://cofense.com/emotet-update-new-c2-communication-followed-new-infection-chain/

Microsoft Takes Control of 99 Websites From APT Group
https://www.bankinfosecurity.com/microsoft-takes-control-99-websites-from-apt-group-a-12296

Researchers publish list of MAC addresses targeted in ASUS hack
https://www.zdnet.com/article/researchers-publish-list-of-mac-addresses-targeted-in-asus-hack/#ftag=RSSbaffb68

Uncovering the capabilities and activities of Anubis Android banking trojan
https://cyware.com/news/uncovering-the-capabilities-and-activities-of-anubis-android-banking-trojan-9e3d7e67

Banking Trojan Has The Potential To Target Over 100 Banking Apps
https://www.itsecurityguru.org/2019/03/29/banking-trojan-has-the-potential-to-target-over-100-banking-apps/

The Ursnif Gangs keep Threatening Italy
https://securityaffairs.co/wordpress/82921/malware/ursnif-threatening-italy.html

JACKSON COUNTY RANSOMWARE ATTACK HAS LOCAL GOVERNMENTS ON HIGH ALERT
https://wnegradio.com/jackson-county-ransomware-attack-has-local-governments-on-high-alert/

Singapore firms point to ransomware as most common attack mode
https://www.zdnet.com/article/singapore-firms-point-to-ransomware-as-most-common-attack-mode/#ftag=RSSbaffb68

New banking Trojan targets Microsoft Outlook, Internet Explorer and Mozilla Thunderbird
https://www.bullguard.com/community/blog/april-2019/new-banking-trojan-targets-microsoft-outlook,-inte

Know How To Uninstall Tinynuke Banking Trojan - malware free
http://cleanmypcvirus.blogspot.com/2019/03/know-how-to-uninstall-tinynuke-banking.html

Banking Malware Being Distributed By Hackers Via Password Protected Zip Files
http://www.ehackingnews.com/2019/04/banking-malware-being-distributed-by.html

Uncovering the capabilities and activities of Anubis Android banking trojan Hacker News
https://cybersecurityboard.com/uncovering-the-capabilities-and-activities-of-anubis-android-banking-trojan-hacker-news

Entfernen Tinynuke Banking Trojan In einfachen Schritten
http://spywareentfernungwerkzeug.blogspot.com/2019/03/entfernen-tinynuke-banking-trojan-in.html

Medical Practice to Close in Wake of Ransomware Attack
https://www.bankinfosecurity.com/medical-practice-to-close-in-wake-ransomware-attack-a-12321

City of Albany Latest Local Government Hit With Ransomware
https://www.bankinfosecurity.com/city-albany-latest-local-government-hit-ransomware-a-12312

A dozen US web servers are spreading 10 malware families, Necurs link suspected
https://www.zdnet.com/article/a-dozen-us-web-servers-are-spreading-10-malware-families-necurs-botnet-link-suspected/#ftag=RSSbaffb68

Emotet-Distributed Ransomware Loader for Nozelesn Found via Managed Detection and Response
https://blog.trendmicro.com/trendlabs-security-intelligence/emotet-distributed-ransomware-loader-for-nozelesn-found-via-managed-detection-and-response/

Malware in Smart Factories: Top Security Threats to Manufacturing Environments
https://blog.trendmicro.com/trendlabs-security-intelligence/malware-in-smart-factories-top-security-threats-to-manufacturing-environments/

Ransomware or Wiper? LockerGoga Straddles the Line
https://blogs.cisco.com/security/talos/lockergoga-straddles-the-line

IcedID Banking Trojan Spruces Up Injection Tactics to Add Stealth
https://securityintelligence.com/icedid-banking-trojan-spruces-up-injection-tactics-to-add-stealth/

Backdoor code found in popular Bootstrap-Sass Ruby library
https://www.zdnet.com/article/backdoor-code-found-in-popular-bootstrap-sass-ruby-library/#ftag=RSSbaffb68

Analysis: The Evolving Ransomware Threat
https://bit.ly/2FUTqFW

New Android Malware “BasBanke” Steal Financial Data Such as Credentials & Credit/Debit Card Numbers
https://gbhackers.com/new-android-malware-basbanke/

금성121 APT 조직, '오퍼레이션 하이 엑스퍼트(Operation High Expert)'
https://blog.alyac.co.kr/2226

B.行動安全 / iPhone / Android /穿戴裝置 /App
【智能手錶】隨時能竄改位置、陌生人致電 小心兒童手錶私隱漏洞
https://bit.ly/2HXBLQM

手機防毒 Apps 實測!23 款最佳偵測惡意程式名單出爐
https://bit.ly/2OyRlDv

Google Play 手遊藏毒!估 1.5 億 Android 用戶中招
https://3c.ltn.com.tw/news/36212

Check Point 發現多款手機遊戲內藏惡意廣告軟體 全球約有 1.5 億 Android 使用者受害
https://gnn.gamer.com.tw/9/176909.html

Google Play手遊藏毒 Google:已掌握狀況
https://bit.ly/2YyjmzL

健康存摺就醫紀錄 健保署授權App業者串連使用
https://udn.com/news/story/7266/3710298

用戶數據傳中國 諾基亞手機爆資安疑慮
https://udn.com/news/story/7098/3713024

芬蘭正調查 Nokia 手機會傳輸敏感資料到中國大陸的報導(內容更正)
https://chinese.engadget.com/2019/03/22/finland-investigating-nokia-data-china/

Nokia 部分手機驚傳漏洞!用戶個資數據偷偷傳輸到中國電信伺服器
https://3c.ltn.com.tw/news/36224

「我的手機會偷偷向中國伺服器傳資料...」諾基亞手機向中國傳送數據,芬蘭當局要查
https://www.storm.mg/article/1089568

HMD Global手機傳將用戶資訊回傳中國 可能涉及更大罰責
https://udn.com/news/story/7098/3714002

微信到底有沒有資安開後門風險
https://www.ptt.cc/bbs/MobileComm/M.1553224337.A.BC3.html

韓國"手機身份證"App被曝存在嚴重安全漏洞
https://www.cnbeta.com/articles/tech/829281.htm

2020年臺灣電信5G將釋照!NCC:如何確保5G資安將是未來一大挑戰
https://www.ithome.com.tw/news/129547

歐盟表態!不禁華為 5G資安方針下週出爐
https://ec.ltn.com.tw/article/breakingnews/2736378

歐盟不禁華為 下週促成會員國共同防範資安風險
http://www.worldpeoplenews.com/content/news/315194

無視美國要求!歐盟未封殺華為5G 僅分享資安數據因應
https://bit.ly/2OD7ecm

多國5G通訊拒華為 美前高官促推領導世界通訊戰略
http://www.epochtimes.com/b5/19/3/27/n11143293.htm

中國為了華為5G設備警告日方 日本政府這麼回應
https://fnc.ebc.net.tw/FncNews/else/75265

華為設備藏有「蟲門」!英國政府:華為的工程流程有重大安全缺陷
https://buzzorange.com/techorange/2019/03/29/huawei-risk/

英國檢查華為電信設備發現新風險,軟體工程與網路安全品質有重大缺陷
https://www.ithome.com.tw/news/129669

惦惦吃三碗公?中興在中國拿下6張5G合約
https://ec.ltn.com.tw/article/breakingnews/2740640

手機中木馬病毒後門大開?很煩但必須做的五件事
https://money.udn.com/money/story/10868/3721342

蘋果釋出iOS 12.2以修補51個安全漏洞
https://www.ithome.com.tw/news/129606

APP恐洩個資! 政大學者:安卓6.0以上快檢查
https://bit.ly/2UlLd72

App個資外洩知多少
https://iforensicsblog.blogspot.com/2019/03/app.html

手機定位APP洩個資? 專家籲認清授權存取 移動速度.電量全都露
https://www.ttv.com.tw/news/view/10803290029300L/579

UC Browser暗藏中間人攻擊能力
https://www.ithome.com.tw/news/129623

研究人員已在 LTE 通訊協定中發現了 36 個漏洞
https://chinese.engadget.com/2019/03/28/researchers-find-36-security-flaws-in-lte/

微信又現新漏洞 官方否認監控聊天記錄!網友的回覆亮了
https://kknews.cc/tech/vrmj59a.html

最新PSV越獄來了,你有6週時間準備逃出沙盒的前置作業
https://bit.ly/2V5jPra

Android常見安全漏洞匯總
http://www.twoeggz.com/news/14017269.html

義大利公司疑似散布間諜軟體,Google Play 緊急下架二十五支 App
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=831

New Settings Let Hackers Easily Pentest Facebook, Instagram Mobile Apps
https://bit.ly/2TEJ8Pj

New Version of XLoader That Disguises as Android Apps and an iOS Profile Holds New Links to FakeSpy
https://bit.ly/2HV9Vp8

Government spyware hidden in Google Play store apps
https://nakedsecurity.sophos.com/2019/04/02/government-spyware-hidden-in-google-play-store-apps/

Vulnerability found in Xiaomi phones' pre-installed security app
https://www.zdnet.com/article/vulnerability-found-in-xiaomi-phones-pre-installed-security-app/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
別讓系統更新成為資安亂源
https://www.ithome.com.tw/voice/129720

微軟揭密 「偷渡式下載」網路犯罪台灣高居第一
https://www.chinatimes.com/realtimenews/20190401002543-260412?chdtv

如何培育企業實戰資安人才?全新資安防禦競賽來了
https://www.ithome.com.tw/news/129766

趨勢科技最新年度報告 資安威脅顯著轉變 社交工程攻擊明顯增加
https://cnews.com.tw/124190401a03/

網路攻防戰 破解駭客 企業自保8守則
https://vision.udn.com/vision/story/12939/3722041

2018年網路犯罪結構年輕化 24歲到39歲佔5成3
https://www.ettoday.net/news/20190401/1413091.htm

2019年3月十大資安新聞
https://www.ithome.com.tw/news/129761

AI助力網路嚇阻 21世紀戰場主宰
https://www.ydn.com.tw/News/330894

資訊戰爭的防禦與攻擊
https://talk.ltn.com.tw/article/paper/1278222

Imperva:2018年Web應用程序漏洞與2017年相比增加了21%
http://www.xxlinux.com/win8/win8news/10789.html

Nexusguard威脅報告顯示最大DDoS受僱型網站佔全球攻擊11%
https://n.yam.com/Article/20190325526928

HTTPS 也不安全?被發現新漏洞會暴露你的數據
https://www.oschina.net/news/105532/htttps-vulnerable

【關鍵資安議題:容器安全】剖析容器的資安風險與防護
https://www.ithome.com.tw/article/129426

華碩更新伺服器驚傳遭駭,官方下午回應:鎖定特定機構用戶的攻擊
https://www.ithome.com.tw/news/129597

華碩更新伺服器遭駭客入侵 宏碁:沒接獲任何通報
https://udn.com/news/story/7240/3720352

華碩回應「 Live Update 工具程式」遭駭客入侵一事 提供檢測程式並強化資安維護
https://www.kocpc.com.tw/archives/250506

傳駭客入侵波及用戶,華碩:確保不再發生
https://technews.tw/2019/03/26/asus-says-make-sure-that-hackers-no-invaded/

駭客入侵電子郵件 假冒外商公司險詐百萬
https://tw.appledaily.com/new/realtime/20190322/1537972/

微軟成功接管伊朗駭客集團Phosphorus用來攻擊的99個網站
https://www.ithome.com.tw/news/129647

Microsoft slaps down 99 APT35/Charming Kitten domains
https://nakedsecurity.sophos.com/2019/04/01/microsoft-slaps-down-99-apt35-charming-kitten-domains/

「Soula」偽造搜尋引擎登入畫面,針對韓國網站發動水坑攻擊,竊取帳密
https://blog.trendmicro.com.tw/?p=60088

豐田汽車遭駭客集團鎖定?澳洲、日本、越南皆淪陷
https://www.ithome.com.tw/news/129693

一安全研究員在英國被指控:黑入微軟與任天堂伺服器
https://news.sina.com.tw/article/20190329/30698420.html

自閉症前安全研究員因認罪駭入微軟、Nintendo免於入監
https://www.ithome.com.tw/news/129671

惡意竊取程式碼 24歲駭客入侵任天堂伺服器判監禁15個月
https://bit.ly/2CWGAqj

從歷史老師變資安大師,他與駭客過招20年的實戰心法
https://bit.ly/2YGIap8

駭客無所不在 資安廠建議隨時更新防毒軟體
https://bit.ly/2FFBGhT

企業被駭了 裝防火牆就沒事
https://vision.udn.com/vision/story/12931/3718579

未來的合成生物學「駭客」:他們用聲音竊取DNA合成信息
https://www.mirrormedia.mg/story/20190315mit001/

Akamai網路安全現狀報告:零售商成為憑證填充攻擊的最大受害者
https://bit.ly/2TkLXVy

編程語言安全性排行榜:Ruby 最佳,C 語言漏洞最多
https://www.infoq.cn/article/VMQhWL6eH9-CRm4a7zkY

數字戰爭新時代:駭客公司如何為威權政府服務
https://cn.nytimes.com/world/20190322/government-hackers-nso-darkmatter/zh-hant/

防範攻擊要從駭客思維出發!HITCON Girls成員揭露演練工具濫用的因應對策
https://bit.ly/2Ww98y4

全球最大鋁生產商遭網路攻擊 駭客要求贖金
https://bit.ly/2I02hck

降低網路攻擊或災損從事前防範做起,澳洲政府實施八大減緩策略
https://www.ithome.com.tw/news/129541

Black Hat Asia 2019 騰訊安全首度披露Chakra JIT引擎漏洞攻擊面
https://www.4hou.com/info/news/17123.html

FBI大轉型 掃蕩網路威脅
https://news.ltn.com.tw/news/focus/paper/1278108

遏阻網攻劍指中俄 FBI啟動911恐攻以來最大組織轉型
https://udn.com/news/story/6809/3729493?from=udn-ch1_breaknews-1-cate5-news

三大威脅來自中國 美保守派組「因應中國威脅委員會」凝聚共識
https://www.cmmedia.com.tw/home/articles/14906

亞馬遜設防駭部隊 找白帽駭客滲透測試
https://ec.ltn.com.tw/article/paper/1275957

微軟最新「智慧資安報告」解密亞太地區網路犯罪四大威脅
https://technews.tw/2019/04/01/microsoft-security-intelligence-report-volume-24-is-now-available/

研究人員揭露 Facebook Fizz專案DoS攻擊漏洞,獲臉書例外頒發獎金
https://www.ithome.com.tw/news/129555

不誠實取用電腦律政司敗訴 一文看清甚麼罪受影響
https://bit.ly/2UgTr18

中國女子帶惡意程式闖海湖莊園 一度被誤認台女
https://bit.ly/2WKbhpQ

美國國土安全部:Medtronic心臟除顫器可被黑客入侵
https://www.secrss.com/articles/9311

美國土安全部:駭客可操控75萬個植入式心臟去顫器 影響病患
https://www.ettoday.net/news/20190331/1412175.htm

美國麻省理工學院宣布:終止與華為、中興合作關係
https://m.ltn.com.tw/news/world/breakingnews/2749124

北約網路防禦報告:華為5G存在國家安全風險
https://www.secretchina.com/news/b5/2019/04/04/889429.html

美國政府問責局表示,美國債務系統存在安全漏洞
https://read01.com/MJy77xG.html

中共入侵希拉里電郵 FBI忽略調查被訴
https://www.ntdtv.com/b5/2019/03/29/a102544340.html

中國平安科技中標 助建香港eID系統
http://www.passiontimes.hk/article/04-03-2019/52110

絕不容中共網軍持續綁架台灣輿論
https://talk.ltn.com.tw/article/breakingnews/2749245

中共收集美國人DNA 美專家:恐用來打造生物武器
https://m.ltn.com.tw/news/world/breakingnews/2747978

資安保衛戰!美國要求中企撤出同志交友軟體Grindr
https://www.cmmedia.com.tw/home/articles/14901

「塔利班」佛地魔東山再起 國防高研署兩項資料探勘計畫抵禦
https://udn.com/news/story/10930/3722067

又是俄國搞的鬼!北約盟國頻遭駭客攻擊
https://www.taiwannews.com.tw/ch/news/3664493

伊斯蘭國指揮官會寫 HTML!靠網路科技茁壯,IS 恐怖又驚人的「名聲賽局」
https://buzzorange.com/techorange/2019/03/28/build-the-fame/

拖延多時,伊朗加密法規草案的背後發生了什麼事
http://news.knowing.asia/news/d29dbea2-e576-4d48-b366-34925fec0796

俄羅斯政府下最後通諜:VPN業者必須封鎖在該國遭禁的網站
https://www.ithome.com.tw/news/129683

美中貿易會談可能延長 白宮顧問:中方首承認竊取智財、駭客問題
https://www.ettoday.net/news/20190404/1415088.htm

德媒指遭網攻1年餘 拜耳:無資料外洩證據
https://www.rti.org.tw/news/view/id/2016666

英國調查報告指華為工程流程存在重大安全缺陷,華為回應
https://theinitium.com/article/20190329-morning-brief/

Hijacked Email Reply Chains
https://www.webroot.com/blog/2019/04/03/hijacked-email-reply-chains/

‘Long-term security risks’ from Huawei
https://www.bbc.com/news/technology-47732139

Huawei issues could pose UK security risks, say authorities
https://www.theguardian.com/technology/2019/mar/28/huawei-chinese-firm-poses-national-security-risks-says-uk-watchdog

Nation-State and Crime Groups Keep Blending, Europol Warns
https://www.bankinfosecurity.asia/nation-state-crime-groups-keep-blending-europol-warns-a-12293

Audits: Systems Used to Track US Debt Vulnerable
https://www.bankinfosecurity.com/audits-systems-used-to-track-us-debt-vulnerable-a-12291

Netherlands - Dutch Waterworks badly secured against hackers
https://brica.de/alerts/alert/public/1252343/netherlands-dutch-waterworks-badly-secured-against-hackers/

The Danger of Hacker Attacks: What Must Companies Bear in Mind
https://www.sma-sunny.com/en/the-danger-of-hacker-attacks-what-must-companies-bear-in-mind/

Security alert: pipdig insecure, DDoSing competitors
https://bit.ly/2UsbJLU

Here's the List of ~600 MAC Addresses Targeted in Recent ASUS Hack
https://bit.ly/2YJ1QJl

How Tri-Counties Regional Center Secures Sensitive Files and Maintains HIPAA Compliance
https://www.bankinfosecurity.co.uk/webinars/how-tri-counties-regional-center-secures-sensitive-files-maintains-w-1925

Chinese hacking groups to ramp up cyber attacks on some industries, experts say
https://www.csoonline.com/article/3384927/chinese-hacking-groups-to-ramp-up-cyber-attacks-on-some-industries-experts-say.html

Pharmaceutical giant Bayer targeted by cyberattack, threat 'contained'
https://www.zdnet.com/article/drug-firm-bayer-targeted-by-cyberattack-threat-contained/#ftag=RSSbaffb68

Bayer points finger at Chinese-based group after blocking cyber attack
https://bit.ly/2WMz091

Home DNA kit company asks you to upload your family tree for the FBI
https://www.zdnet.com/article/home-dna-kit-company-asks-you-to-upload-your-family-tree-for-the-fbi/#ftag=RSSbaffb68

Report: FBI Fails to Promptly Notify Cybercrime Victims
https://www.bankinfosecurity.com/report-fbi-fails-to-promptly-notify-cybercrime-victims-a-12334

Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole
https://bit.ly/2CJZ791

Hacker group has been hijacking DNS traffic on D-Link routers for three months
https://www.zdnet.com/article/hacker-group-has-been-hijacking-dns-traffic-on-d-link-routers-for-three-months/#ftag=RSSbaffb68

國立雲林科技大學【資訊中心】誠徵專案副工程師
https://www.104.com.tw/job/?jobno=6k2ar

資安協銷經理(Presales)-B22B
https://www.104.com.tw/job/?jobno=6k2lw

網路安全與滲透測試工程師
http://m.yzmedu.com/course/291

教育處(教育網路中心)徵臨時人員( 資安分析師 )
https://bit.ly/2UnzZ1P

資安工程師
https://www.104.com.tw/job/?jobno=6k3md

資安技術顧問_高雄
https://www.104.com.tw/job/?jobno=6k6em

【NCCST-技服中心】資安規劃師
https://www.104.com.tw/job/?jobno=6k87i

【國立中興大學臺中區域網路中心誠徵資安專任助理一名】
https://www.nchu.edu.tw/news-detail.php?id=45562

交通部高速公路局資訊室約聘工程師徵才公告
https://www.freeway.gov.tw/Print.aspx?cnid=193&p=12572

行政組_資訊安全管理工程師
https://www.104.com.tw/job/?jobno=6ka2g

【實習】安華聯網科技股份有限公司
http://imd.ntub.edu.tw/p/406-1043-68982,r717.php?Lang=zh-tw

麥肯錫布拉格徵資安專才
https://www.ptt.cc/bbs/Soft_Job/M.1553822763.A.487.html

「LINE開發社群計畫」擴大在台規模 LINE宣布持續招募資安、開發人才
https://www.ettoday.net/news/20190328/1409964.htm

文管人員(約聘)
https://www.104.com.tw/job/?jobno=6kcm7&jobsource=cj2008

高雄市教育局誠徵- 資安系統管理約聘人員
https://www.ptt.cc/bbs/job/M.1554193353.A.C67.html

研發中心-APP成長駭客/數據分析師
https://www.104.com.tw/job/?jobno=6kemb

Cyber Security Architect, London, Paying up to £90,000
https://beechermadden.com/cyber-security-architect-london/

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
蝸牛星際礦機騙局:一堆價值800的機器卻騙到20億
https://bit.ly/2FJCsf2

桃市議員舒翠玲質疑地政外洩個資 市府否認
https://newtalk.tw/news/view/2019-03-26/225250

詐騙犯扮廣達詐谷歌、臉書逾37億 恐判30年
https://fnc.ebc.net.tw/FncNews/life/74434

臉書6億用戶密碼變"明碼" 內部員工可搜尋到
https://www.ttv.com.tw/news/view/10803220032900M/568

FB又傳資安漏洞 6億用戶密碼被曝光
https://news.pts.org.tw/article/426426

臉書提供白帽設定以利安全研究人員尋找漏洞
https://www.ithome.com.tw/news/129624

外貿行業注意!病毒偽裝成商務郵件釣魚 中招可致機密信息外泄
https://kknews.cc/tech/r5z5r8x.html

網路騙子利用基督城恐襲悲劇騙錢
http://www.epochtimes.com/b5/19/3/20/n11126549.htm

學術網路單位所屬電子郵件帳戶疑似密碼外洩情資,請收到者立即更改密碼
https://www-ch.scu.edu.tw/october/news/9856

[資安警訊]學術網路電子郵件帳戶疑似密碼外洩,建議立即更改本校電子郵件密碼  2019/03/25
https://bit.ly/2Wx29EZ

五不五要 拒當社群透明人
https://money.udn.com/money/story/9554/3716671

網路安全出漏洞使個資外洩 飯店、航空業者首當其衝
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=50&id=0000556396_yas2acdxlvun4a5t6dcjj

愛不到就毀了妳! 竹科工程師駭援交女雲端竊性愛片
https://tw.appledaily.com/new/realtime/20190324/1538818/

「激烈掌聲」後暈船!他追援交妹滑鐵盧 竟駭入雲端散布性愛片
https://www.ettoday.net/news/20190324/1406572.htm

女同熱門約會軟體「熱拉」數據庫未加密,超過500萬使用者個資暴露風險
https://www.inside.com.tw/article/15965-rela-data-exposed

大陸同志交友網站資料外洩 逾 500 萬用戶受影響
https://unwire.hk/2019/03/29/rela-data-exposed/tech-secure/

淫威太可怕!詐騙集團冒充中國大使館專騙海外中國人
https://news.ltn.com.tw/news/world/breakingnews/2745110

假冒銀行相關企業詐欺 雄檢聲押4嫌獲准
https://www.cna.com.tw/news/asoc/201903290182.aspx

中國式P2P:錢多騙子多傻子更多
https://www.secretchina.com/news/b5/2019/03/30/888905.html

荷蘭公民網銀詐騙失財 華人:詐騙郵件難辨真假
https://bit.ly/2WAubPV

河南破獲電信網路詐騙案 23名嫌犯落網
https://news.sina.com.tw/article/20190327/30670400.html

新型詐騙方式出現!PS網銀轉賬截圖警方提醒警惕QQ詐騙新套路
https://bit.ly/2JTzBEn

DHL網釣網頁殃及奈及利亞國會網站
https://ithome.com.tw/news/129694

離奇!亞馬遜老闆私照外流 竟扯上華郵記者分屍案
https://www.chinatimes.com/realtimenews/20190401002709-260408?chdtv

惡意散佈假新聞要關 10 年!新加坡為了反假新聞立法,會衝擊言論自由嗎
https://buzzorange.com/2019/04/02/how-singapore-introduces-anti-fake-news-law/

變臉詐騙攻擊捲土重來,亞信安全提醒加強社交工程防範
https://www.aqniu.com/vendor/45979.html

8年級生網路吸金逾億元 吸金集團百博3幹部被聲押禁見
https://news.ltn.com.tw/news/society/breakingnews/2746439

金融詐騙涉信用卡案最多 廣東上海福建成重災區
https://hk.on.cc/hk/bkn/cnt/cnnews/20190403/bkn-20190403142904272-0403_00952_001.html

資生堂資安聲明
https://www.watashiplus.com.tw/SecurityPolicy

又被駭!豐田汽車IT系統遭入侵 310萬筆客戶資料恐外洩
https://ec.ltn.com.tw/article/breakingnews/2746461

驚!臉書兩家app開發商 用戶資料竟存公開資料庫
https://udn.com/news/story/6811/3736814?from=udn-catebreaknews_ch2

又爆資安風波!臉書於亞馬遜伺服器 5.4 億個資外洩
https://www.inside.com.tw/article/16013-540-million-facebook-user-records-exposed-online-inclu

設網站賣金礦!台中男「12天撈2919萬」下場卻超慘
https://www.setn.com/News.aspx?NewsID=521986

貼圖騙倒40萬人!用這方法可以一秒辨識
https://blog.trendmicro.com.tw/?p=60087

立陶宛男子冒充台灣知名硬體公司,詐騙Google和Facebook上億美元
https://blog.trendmicro.com.tw/?p=60074

Phishing Attack Uses Browser Extension Tool SingleFile to Obfuscate Malicious Log-in Pages
https://blog.trendmicro.com/trendlabs-security-intelligence/phishing-attack-uses-browser-extension-tool-singlefile-to-obfuscate-malicious-log-in-pages/

Maryland Man Sentenced for Leading $4.2 Million BEC Scheme
https://www.bankinfosecurity.asia/maryland-man-sentenced-for-leading-42-million-bec-scheme-a-12335

Indian govt agency left details of millions of pregnant women exposed online
https://www.zdnet.com/article/indian-govt-agency-left-details-of-millions-of-pregnant-women-exposed-online/

Large Privacy Breach In India: Millions of Pregnant Women Had Their Details Leaked
https://securitydiscovery.com/large-privacy-breach-in-india/

Card breach reported at Buca di Beppo, Planet Hollywood, and other restaurants
https://www.zdnet.com/article/card-breach-reported-at-buca-di-beppo-planet-hollywood-and-other-restaurants/#ftag=RSSbaffb68

Toyota announces second security breach in the last five weeks
https://www.zdnet.com/article/toyota-announces-second-security-breach-in-the-last-five-weeks/#ftag=RSSbaffb68

Toyota Reveals a Second Data Breach
https://www.bankinfosecurity.com/toyota-reveals-second-data-breach-a-12303

Data breach exposes diagnosis data of 34,000 medical marijuana patients
https://www.zdnet.com/article/data-breach-exposes-data-of-34000-medical-marijuana-patients/#ftag=RSSbaffb68

Tracking Common Causes of Recent Health Data Breaches
https://www.bankinfosecurity.com/tracking-common-causes-recent-health-data-breaches-a-12307

Facebook Caught Asking Some Users Passwords for Their Email Accounts
https://bit.ly/2FMYex7

Georgia Tech Data Breach Exposes 1.3 Million Users' Personal Data
https://bit.ly/2Ib1Uvl

Chinese companies have leaked over 590 million resumes via open databases
https://www.zdnet.com/article/chinese-companies-have-leaked-over-590-million-resumes-via-open-databases/#ftag=RSSbaffb68

Facebook demand for new user email passwords reveals appalling lack of security awareness
https://www.zdnet.com/article/facebook-demanded-new-user-email-passwords-in-appalling-security-misstep/#ftag=RSSbaffb68

Cybercriminals Feast on Earl Enterprises Customer Data Exposed in Data Breach
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/earl-enterprises-breach/

E.研究報告
從0到ReverseShell:路由器漏洞靶場DVAR實踐
https://www.anquanke.com/post/id/175493

Pwn2Own:研究人員成功入侵Tesla Model 3
https://www.ithome.com.tw/news/129607

Google開源C/C++函式庫沙盒專案Sandboxed API
https://times.hinet.net/topic/22282779

軟件測試趨向業務測試:不僅針對代碼漏洞過程和人也很重要
https://www.aqniu.com/news-views/45406.html

Java的反序列化漏洞的一些利用鏈分析
https://www.anquanke.com/post/id/173459

use-after-free漏洞發現之旅use-after-free漏洞發現之旅
https://my.oschina.net/u/3585265/blog/3024981

Nexus Repository Manager 3(CVE-2019-7238) 遠程代碼執行漏洞分析和復現
https://www.cnblogs.com/backlion/p/10564322.html

某通用交易所存在SQL注入漏洞
http://www.twoeggz.com/news/13828228.html

Weblogic(CVE-2017-10271)漏洞復現
http://www.manongjc.com/article/76797.html

利用Consul RCE漏洞傳播的挖礦木馬分析
https://www.anquanke.com/post/id/173818

CVE-2014-4113内核漏洞分析
https://xz.aliyun.com/t/4456

空安全意識,擼碼一時手抖elFinder-2.1.47代碼執行漏洞-CVE-2019-9194詳解
https://xz.aliyun.com/t/4444

Faraday:一款多功能協同式滲透測試工具&漏洞管理平台
http://www.sohu.com/a/302807891_354899

分析Avira VPN的兩處提權漏洞
https://www.anquanke.com/post/id/173850

iThome 資安大會 2019 駭客如何利用公開工具在內部網路中暢行無阻 - YCY
https://bit.ly/2CJVLCY

LibreOffice套件遠程代碼執行漏洞分析
http://www.sohu.com/a/303299441_354899

Windows 內核邏輯漏洞:IO 管理器訪問模式不匹配
https://www.chainnews.com/articles/626319155046.htm

CVE-2014-4113內核漏洞分析
https://sec-wiki.com/news/17032

web安全漏洞之CSRF
https://juejin.im/post/5c961d6ee51d457eab35604c

WinRAR漏洞CVE-2018-20250攻擊樣本分析
https://paper.tuisec.win/detail/b2715856fedc9cd

MongoDB漏洞檢測最佳實踐
https://www.alibabacloud.com/help/zh/doc-detail/112026.htm

Ubuntu18.10 安裝openvas 以及使用openvas進行簡單漏洞掃描分析
https://bbs.pediy.com/thread-250398.htm

最新某某“機器人漏洞分析及安全體系研究(ISC安全訓練營)(4課時)”
http://www.manongjc.com/article/79221.html

通過漏洞利用模版使漏洞利用自動化
https://www.4hou.com/web/16902.html

Web安全— 邏輯漏洞講解
http://www.52bug.cn/hkjs/5728.html

Java序列化對象:漏洞流行性調研,滲透和安全檢測
http://www.twoeggz.com/news/13972599.html

研究人員在思科企業路由中發現安全漏洞,思科的修復方法思路清奇
https://www.landiannews.com/archives/57055.html

從session角度學習反序列化漏洞
https://xz.aliyun.com/t/4528

XSS漏洞原理及分類講解
https://www.bilibili.com/video/av47723325/

使用wmap掃描指定網站並獲取網站漏洞信息
https://blog.csdn.net/henni_719/article/details/88916528

Vuls:針對LinuxFreeBSD的無代理端型漏洞掃描工具
https://4hou.win/wordpress/?p=30607

研究人員演示英特爾VISA 漏洞
https://www.solidot.org/story?sid=60092

新世代應用架構保護新標準 SSL全面可視化
https://bit.ly/2OCLTzv

Vuls:針對LinuxFreeBSD的無代理端型漏洞掃描工具
https://www.jishuwen.com/d/2yRN/zh-tw

路由器漏洞挖掘之DIR-805L 越權文件讀取漏洞分析
https://www.anquanke.com/post/id/175625

TP-Link SR20路由器0 day漏洞
https://www.4hou.com/info/news/17096.html

基於攻擊流量和日誌對Weblogic的各類漏洞的分析思路
http://www.51888.me/post/id/175738

Google search – XXE writeup (local file read)
https://bit.ly/2UCGQV8

Ghidra SRE: The AZORult Field Test
https://blog.yoroi.company/research/ghidra-sre-the-azorult-field-test/

Commando VM — Turn Your Windows Computer Into A Hacking Machine
https://bit.ly/2OEhRvk

Security Nightmare: Users Fail to Wipe USB Drives
https://www.bankinfosecurity.com/blogs/security-nightmare-users-fail-to-wipe-usb-drives-p-2733

Updated Analysis of PatchGuard on Microsoft Windows 10 RS4
https://bit.ly/2VaR8ZO

x64 Cheat Sheet
https://bit.ly/2TKPYm4

ICMP-REACHABLE
https://bit.ly/2uAyG11

Let’s play with Qulab, an exotic malware developed in AutoIT
https://bit.ly/2uAyrTF

Running ELF executables from memory
https://bit.ly/2JSJlyG

$50 million CTF Writeup
https://bit.ly/2FCbdle

AutoMacTC: Automated Mac Forensic Triage Collector
https://bit.ly/2JUFHEz

android-restriction-bypass
https://bit.ly/2FKPOqe

[EN] Down the Rabbit Hole - Part I: A Journey into the UEFI Land
https://bit.ly/2uyCDU5

[EN] Down the Rabbit Hole - Part II: Analyzing an EFI Application with Radare2
https://bit.ly/2FNOjZq

[EN] Down the Rabbit Hole - Part III: Patching the Whitelist
https://bit.ly/2HM6uRm

FireEye debuts Windows Commando VM as Linux Kali rival
https://www.zdnet.com/article/fireeye-debuts-windows-commando-vm-as-rival-to-linux-kali/#ftag=RSSbaffb68

[BlackHat Asia 2019] CQTools: The New Ultimate Hacking Toolkit
https://cqureacademy.com/blog/no-category/black-hat-asia-2019-tools

Mattiwatti/EfiGuard
https://github.com/Mattiwatti/EfiGuard

ivRodriguezCA/RE-iOS-Apps
https://bit.ly/2Uw5xCK

NSA Releases GHIDRA Source Code — Free Reverse Engineering Tool
https://bit.ly/2Idhu9V

Analysis of a Chrome Zero Day: CVE-2019-5786
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analysis-of-a-chrome-zero-day-cve-2019-5786/

F.商業
環旭電子攜微軟推全球首款兼顧資安與傳輸模塊
https://zh.apdnews.com/prnasia/944523.html

自有核心技術 帕卡人臉考勤系統 資安有保障
https://bit.ly/2HOsPhi

《電腦設備》安碁創國內首座工控資安系統實驗平台
https://www.chinatimes.com/realtimenews/20190325001796-260410?chdtv

路由器資安、功能全面提升!Archer A9 端出競爭價
https://bit.ly/2U5netF

網路詐騙年輕化 諾頓抵禦潛在威脅對症下藥 保護您的數位生活安全
https://n.yam.com/Article/20190327417109

108年資訊安全檢測診斷服務團隊遴選申請
http://www.cisanet.org.tw/News/news_more?id=2101

報稅季將至 財部加緊申報系統壓力測試
https://bit.ly/2V4djRn

IBM以知識圖譜技術重建APT攻擊者痕跡,更要推論出企業未來容易受攻擊的潛在弱點
https://www.ithome.com.tw/news/129549

趨勢科技指出威脅情勢正在轉變,企業需重新思考資安重點
https://bit.ly/2OQ5EE8

趨勢科技 2018 年 Cloud App Security 報告: 針對進階電子郵件威脅的進階防禦
https://blog.trendmicro.com.tw/?p=59925

託管式偵測及回應服務( MDR)如何協助解決持續性的威脅
https://blog.trendmicro.com.tw/?p=59921

Cynet Offers Free Threat Assessment for Mid-Sized and Large Organizations
https://bit.ly/2OLYDnG

SUSE Linux and enterprise Raspberry Pi
https://www.zdnet.com/article/suse-linux-and-enterprise-raspberry-pi/#ftag=RSSbaffb68

G.政府
「訪美前電腦被駭」 柯文哲華府談貿易戰
http://www.epochtimes.com/b5/19/3/20/n11127713.htm

談華為手機管制 柯P自曝:北市府曾遭駭疑是內賊所致
https://tw.appledaily.com/life/realtime/20190321/1537076

訪美提及電腦被駭行程外洩 柯文哲:市府有內賊
https://m.ltn.com.tw/news/politics/breakingnews/2733979

資安防禦難度增,政院:加強區域聯防
https://www.chinatimes.com/realtimenews/20190321001026-260410?chdtv

數位身分識別證印製 徐國勇:廠商不能有中國資金
https://www.rti.org.tw/news/view/id/2015318

打擊假訊息 調查局舉辦假訊息研習班
https://udn.com/news/story/7321/3713164

防堵中國網軍等境外威脅 調查局開假訊息研習班訓練幹員
https://news.ltn.com.tw/news/society/breakingnews/2735743

打擊假訊息…調查局開辦研習班 呂文忠親上陣
https://udn.com/news/story/7321/3713826

測試金融業資安戰力 金管會將邀國際駭客來台紅藍大戰
https://udn.com/news/story/7239/3710911

政院促整合 打造資安產業國家隊
https://www.ocacnews.net/overseascommunity/article/article_story.jsp?id=243703

北市智慧城市有無華為設備? 柯:要回去查
https://bit.ly/2K2ARou

台灣學術網路月遭駭客攻擊逾29億次 科技部說安啦
https://udn.com/news/story/7314/3721384

學術網路單月遭29億次攻擊 陳良基:100%排除
https://bit.ly/2FJeWO5

學術網路遭惡意攻擊 科技部:掌控中無技術遭竊
https://udn.com/news/story/7314/3721545

行政院、LINE啟動數位當責計畫 合作對抗假訊息
https://udn.com/news/story/7251/3722572

資安即國安 禁陸資通產品防受「駭」
https://www.ydn.com.tw/News/330345

2020大選前設置網安平台 國安局:反制共軍網戰
https://udn.com/news/story/6656/3729023

防治中共干涉2020大選 國安局設置網安平台
https://newtalk.tw/news/view/2019-03-31/227240

雲端開放 金管會提3大原則
https://www.chinatimes.com/newspapers/20190401000183-260202?chdtv

STO曝險3千萬以下 擬免進沙盒
https://www.chinatimes.com/newspapers/20190401000181-260202?chdtv

STO金融監理沙盒辦法下週見真章?4/12公聽會 各交易所樂見其成
http://news.knowing.asia/news/1b111e64-e216-4253-9493-7610401c7b58

STO到底要怎麼管?除了「管定了!」金管會主委顧立雄還說過這些
http://news.knowing.asia/news/eac54809-abae-456e-a3b8-e269756aa77f

證券型代幣監理法規未明 專家籲以關注代替投注
https://www.cna.com.tw/news/afe/201904040032.aspx

政院禁大陸資通訊產品 將擴及地方政府
https://udn.com/news/story/6656/3736998?from=udn-ch1_breaknews-1-cate1-news

網路惡意內容多 立委:至今只罰3件
https://anntw.com/articles/20190401-XdB2

報稅季將開跑! 國稅局將加班延長服務時間
https://ec.ltn.com.tw/article/breakingnews/2748008


H.SCADA/ICS/工控系統
工控設備安全漏洞多 帳號管理須嚴控
https://ec.ltn.com.tw/article/paper/1275958

研究:去年有2成以上工控系統偵測到惡意程式,比前一年更活躍
https://www.ithome.com.tw/news/129642

國際工控資安發展聚焦5大面向,臺灣將在7月設置自來水處理測試平臺
https://www.ithome.com.tw/news/129756

An overview of cyber-attack vectors on SCADA systems
https://ieeexplore.ieee.org/document/8355379

I.教育訓練
使用 Android 資料庫: Room
https://bit.ly/2YJLznc

Hello Python!|Python入門詳細介紹
https://bit.ly/2Uyne4w

Learn Ethical Hacking with 180 Hours of Training — 2019 Course Bundle
https://bit.ly/2HQXOt1

Introducing the Web Security Academy
https://portswigger.net/blog/introducing-the-web-security-academy

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
汽車防盜警報系統漏洞,讓駭客能夠劫持汽車
https://blog.trendmicro.com.tw/?p=59918

工業互聯網安全開始走向消費領域
https://www.aqniu.com/news-views/46103.html

物聯網百花齊放 資安立法刻不容緩
https://www.chinatimes.com/newspapers/20190324000248-260204?chdtv

智慧監控市場商機無限 資安標準引領技術發展方向
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000547698_ROG7FOQU8QOEBA9EC97IJ

研華x StarFab物聯網加速器 攜手打造物聯網生態系
https://www.digitimes.com.tw/iot/article.asp?cat=130&id=0000556214_7X014T042OO7M43MOIUME

天羅地網監錄系統 大幅提升桃警辦案效能
https://tyenews.com/2019/03/12281/

「駭」進醫院 癱瘓救生 像在病患體內埋入不定時炸彈
https://vision.udn.com/vision/story/12939/3722038

萬物聯網挑戰安防系統 晶睿通訊兼具資安與效能
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=50&cat2=10&id=0000556536_IVR48N9H4RA1G45IMZSY3

駭客破解監視器意外看到看護工被…性侵
http://www.wifi3c.tw/2019/03/news27/

全球物聯網資安發展與廠商動態
https://bit.ly/2WzjEEK

網路攝影機資安認驗證的安全要求大公開,高標準助臺產品強化資安功能
https://www.ithome.com.tw/news/129548

新加坡物聯網展 貿協助我商串連新南向智慧城市商機
https://n.yam.com/Article/20190401744943

【不只掌控能源,駭客更試圖操控金融及媒體】關鍵基礎設施面臨更險峻的威脅
https://www.ithome.com.tw/news/129721

【霹靂遊俠來了】馬斯克打造萬能電腦車 特斯拉車都變「夥計」
https://tw.appledaily.com/new/realtime/20190404/1544769/

中國研究人員破解特斯拉自動駕駛漏洞可能誤變道駛入對向車道
https://www.sohu.com/a/305689390_162522?sec=wd

趨勢科技攜手Luxoft打造連網汽車資安防護,確保車輛與行動服務安全
https://bit.ly/2VjSly4

Seven out of ten Americans are comfortable with IoT tech in the home
https://www.zdnet.com/article/seven-out-of-ten-americans-are-comfortable-with-iot-tech-in-the-home/#ftag=RSSbaffb68

Data science, ethics, and the 'massive scumbags' problem
https://www.zdnet.com/article/data-science-ethics-and-the-massive-scumbags-problem/#ftag=RSSbaffb68

6.近期資安活動及研討會
 「資訊系統分級與資安防護基準」教育訓練  4/8
 http://net.nthu.edu.tw/2009/mailing:announcement:20190327_02

 ANSIBLE-Automation for everyone研討會  4/9
 https://www.uuu.com.tw/Public/content/Edm/190409_Ansible.htm

 亞洲矽谷計畫-強化物聯網資安防護成果發表會  4/10
 https://www.cs.nctu.edu.tw/announcements/detail/3881

 網路封包分析實務  4/11
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3826&from_course_list_url=homepage

 【課程】大數據爬蟲技術實作,使用Python實作網路爬蟲,快速有效獲取大量資料,打造自動化金融數據平台  4/13
 https://www.techbang.com/posts/58613-course-python-crawler-technology-implementation

 對不起駭到你  4/13
 https://tfc.kktix.cc/events/hacking-you-sorry?locale=en

 2019 ICANN APAC-TWNIC Engagement forum  4/16~4/17
 https://forum.twnic.tw/

 Industrial Control Systems (ICS) Cyber Security Conference  APAC  April 16-18, 2019
 https://www.icscybersecurityconference.com/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, April 17, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzgbwb/

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術與談發表會 4/18
 https://www.accupass.com/event/1904020622403023353630

 網站弱點評估實務  4/18
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3830&from_course_list_url=homepage

 資策會「網路媒體公關經營實務班」課程,善用新媒體策略擴散您的品牌! 4/18
 http://www.iiiedu.org.tw/ites/MPR.htm

 國立交通大學 亥客書院 - 緩衝區溢位攻擊與預防 新竹  4/20
 https://hackercollege.nctu.edu.tw/?p=1052

 資安健診  4/25
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3834&from_course_list_url=homepage

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 資安健診  5/9
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3827&from_course_list_url=homepage

 國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
 https://hackercollege.nctu.edu.tw/?p=1054

  iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
 https://cloudsummit.ithome.com.tw/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/

 網路封包分析實務  5/16
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3831&from_course_list_url=homepage

 源碼檢測實作  5/23
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3835&from_course_list_url=homepage

 第二十九屆全國資訊安全會議  5/23  ~ 5/24
 https://cisc2019.cs.pu.edu.tw/index.php

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

TDOH Conf 2018 Call for paper

# Underground Hacking——駭客地下城 TDOH Conf 2018  Call for paper


年度主題 —— 駭客地下城(Underground Hacking),舉凡機器學習資訊安全相關技術或研究CTF 競賽經驗社群參與資訊安全相關經驗等各式題材皆歡迎您與我們一同分享;除上述所提及之類型外,其他資訊安全相關題材亦均可自由投稿。

內容須基於資訊安全技術,可以是 Coding 技巧工具使用資安推廣與資安人才培育等等。


7月份資安活動分享

七月份資安活動分享
TDOH-PIPE 南區聚 & 業界職涯分享講座 | 201806   6/30
  https://blog.tdohacker.org/2018/06/tdoh-pipe-201806_17.html

  UCCU 2018 技術交流小聚 6/30
  https://uccu.kktix.cc/events/6796c24d-06332a-10dc19-a9c8d6-4cf8ec-72b47d-c48bc2-d99dad-379bc8-copy-5

  【課程】UI/UX設計到網頁極速製作工作坊,從UX規畫、 UI設計到WordPress架設,一天搞定 6/30
  https://www.techbang.com/posts/58335-wordpress-landing-page?from=flash_message

  科技大擂台2:AI資安攻防戰 6/30
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=226

  TANET 2018-台灣網際網路研討會 暨資訊工程X智慧計算學門成果發表會 CFP 7/1 ~ 8/15
  https://cis.ncu.edu.tw/SeminarSys/activity/TANET2018/home

  交大x教育部x科技業 暑期培訓資訊科技種子師資提升下一代競爭力  7月  8 月
  https://n.yam.com/Article/20180609467130

 107年度新興資安產業生態系推動計畫-資安專業人才培育委外人才培訓-ICS/SCADA資訊安全實務課程  7/2 ~ 7/4
 http://www.cisanet.org.tw/News/activity_more?id=MzM2

  Symantec《網路安全威脅報告》網路研討會 7/4
  https://seminar.ithome.com.tw/live/Symantec20180704/index.html?eDM_1