跳到主要內容

資安事件新聞週報 2019/4/15 ~ 2019/4/19

資安事件新聞週報  2019/4/15  ~  2019/4/19

1.重大弱點漏洞
阿里巴巴被發現了一個可以繞過WAF的漏洞
https://nosec.org/home/detail/2483.html

中國蟻劍被曝XSS 漏洞,可導致遠程命令執行
http://www.sohu.com/a/307475721_354899?sec=wd

Electronic Arts修補含有遠端程式攻擊漏洞的客戶端程式
https://www.ithome.com.tw/news/130052

Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
https://www.exploit-db.com/exploits/46706

Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)
https://www.exploit-db.com/exploits/46693

CyberArk EPM 10.2.1.603 - Security Restrictions Bypass
https://www.exploit-db.com/exploits/46688

卡巴斯基實驗室:win32k.sys又曝出了新的零日漏洞
https://nosec.org/home/detail/2490.html

New zero-day vulnerability CVE-2019-0859 in win32k.sys
https://securelist.com/new-win32k-zero-day-cve-2019-0859/90435/

Shimo VPN 輸入驗證錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4009

Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN's helper tool
https://blog.talosintelligence.com/2019/04/vulnerability-spotlight-multiple.html

甲骨文每季修補又來了,這次補297個漏洞
https://www.ithome.com.tw/news/130078

甲骨文產品多個漏洞
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Weblogic反序列化遠程代碼執行漏洞
http://www.cnvd.org.cn/webinfo/show/4989

漏洞預警:WebLogic Blind XXE漏洞預警
http://nic.jiangnan.edu.cn/info/1046/2515.htm


【威脅預警】iSCSI未授權訪問漏洞,數万iSCSI可能受影響
https://nosec.org/home/detail/2491.html

Apache 發布Apache Tomcat安全更新
https://www.us-cert.gov/ncas/current-activity/2019/04/14/Apache-Releases-Security-Updates-Apache-Tomcat

Apache Tomcat存在遠端執行程式碼漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1436

Apache Tomcat Patches Important Remote Code Execution Flaw
http://bit.ly/2v8GMOB

Origin 桌面軟體 存在漏洞可使駭客遠端操控,EA 現已修復
https://www.kocpc.com.tw/archives/254080

多個虛擬私人網絡應用程式未經加密儲存暫存 cookies 漏洞
https://kb.cert.org/vuls/id/192371/

多款企業等級的VPN應用允許駭客繞過身分認證,思科、Palo Alto Networks及Pulse Secure被點名
https://www.ithome.com.tw/news/129986

VMWare 產品多個漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0006.html

Confluence 高危漏洞被大規模利用,阿里雲WAF接入即可防護,支持免費應急服務
https://read01.com/zy2kgK2.html

最後的延伸支援結束,Windows XP 歷經 17 年終於走入歷史
https://www.techbang.com/posts/69366-after-more-than-17-years-microsoft-sticks-a-fork-in-windows-xp-one-final-time

Windows安全修補造成跑部份防毒軟體的Windows 7 PC、Server 2012當機或無法重開機
https://www.ithome.com.tw/news/129970

Windows 7 更新後無法啟動,微軟暫停對 Sophos 防毒用戶推送四月分更新
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=836

Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation
https://www.exploit-db.com/exploits/46718

微軟動作太慢:0PATCH團隊搶先發布WIN10 IE安全漏洞修復補丁
http://bit.ly/2Uu7aN6

微軟 Internet Explorer 零日多個漏洞
https://www.zdnet.com/article/internet-explorer-zero-day-lets-hackers-steal-files-from-windows-pcs/#ftag=RSSbaffb68

研究人員在Internet Explorer中發現了新的安全漏洞
https://www.linuxidc.com/Linux/2019-04/158096.htm

IE 的存在就是資安漏洞!驚傳駭客新手法:瀏覽器改為 Chrome 都難逃
https://3c.ltn.com.tw/news/36458

IE 的安全性漏洞讓駭客得以竊取檔案
http://bit.ly/2ZadMnH

IE 11瀏覽器被爆安全漏洞:可遠程竊取本地PC文件
http://finance.sina.com/bg/tech/technews/sinacn/2019-04-13/doc-ixnpfeet7037203.shtml

IE 不使用也危險 改為 Chrome 都難逃被駭
https://www.secretchina.com/news/b5/2019/04/15/890541.html

Internet Explorer zero-day lets hackers steal files from Windows PCs
https://www.zdnet.com/article/internet-explorer-zero-day-lets-hackers-steal-files-from-windows-pcs/#ftag=RSSbaffb68

Безопасность DHCP в Windows 10: разбираем критическую уязвимость CVE-2019-0726
https://habr.com/ru/company/pt/blog/448378/

Microsoft makes Windows 10 1903 available on MSDN
https://www.zdnet.com/article/microsoft-makes-windows-10-1903-available-on-msdn/#ftag=RSSbaffb68

黑客盯上了Google相册漏洞
http://www.sohu.com/a/307735969_610671?sec=wd

Aplikasi Sistem Informasi Kelulusan [ASIK] LFI Vulnerability
https://cxsecurity.com/issue/WLB-2019040109

WiFi Protected Access III (WPA3) 多個漏洞
https://www.kb.cert.org/vuls/id/871675/

Wi-Fi WPA3 加密認證仍有安全疑慮?Wi-Fi 聯盟:已要求廠商補強
http://bit.ly/2VJI7r3

新 WPA3 無線網路加密協定內含漏洞,易遭竊取密碼與攻擊
http://bit.ly/2IjcyB9

Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password
http://bit.ly/2v5WXw8

不滿WordPress支援論壇,安全研究人員連續公布3個WordPress外掛程式漏洞
https://www.ithome.com.tw/news/129987

CloudBees Jenkins Accurev Plugin信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999028

Drupal Releases Core CMS Updates to Patch Several Vulnerabilities
http://bit.ly/2GuRUf6

Broadcom Wi-Fi晶片組驅動程式含多種安全漏洞
https://www.ithome.com.tw/news/130079

大品牌一樣失手 CERT 公布多個企業級 VPN 漏洞
http://bit.ly/2DxuEeX

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
監守自盜已非個案 銀行內控漏洞令人咋舌
https://news.sina.com.tw/article/20190412/30900600.html

金融機構創新同時,強化企業資安韌性將成為企業發展關鍵
https://ithome.com.tw/news/129935

純網銀資安座談 18日登場
https://www.chinatimes.com/newspapers/20190416000198-260202?chdtv

南韓純網銀業者 兩大挑戰
https://money.udn.com/money/story/5599/3757823

5月網路報稅 專家教戰資安自保六招
https://udn.com/news/story/7243/3758452

網路報稅成主流方式 安侯建業提6大重點防詐騙
https://udn.com/news/story/7243/3758582?from=udn-catelistnews_ch2

東亞銀行疑系統出錯 市民退款回贈5300元變53萬
http://hd.stheadline.com/news/realtime/hk/1479510/

交通銀行發展研究部原總經理李楊勇被“雙開”
http://bit.ly/2UlegDw

台灣客戶挑選往來銀行 最重視三件事
https://fnc.ebc.net.tw/FncNews/stock/77197

日本央行副行長﹕若銀行系統不穩 將以貨幣政策應對
http://bit.ly/2vaP3BW

永豐行動銀行App 轉帳、換匯二大功能用戶最愛
https://news.cnyes.com/news/id/4305643

考察新加坡監理科技及純網銀發展
https://report.nat.gov.tw/ReportFront/ReportDetail/detail?sysId=C10800230

日本樂天銀行來台分享網銀實際資安運用技術
https://udn.com/news/story/7239/3764559

樂天銀行資安專家佐伯和彥:經營純網銀逾18年 可為台做貢獻
http://bit.ly/2IJHnhN

金融服務如何走進各種消費場景,將來銀行IT發展戰略大公開
https://www.ithome.com.tw/people/130092

Windows 10 ATM migration: The breaking point for banks
https://www.atmmarketplace.com/blogs/windows-10-atm-migration-the-breaking-point-for-banks/

Crooks use digger to steal ATMs in Northern Ireland as ATM physical attacks rise across the EU
https://www.zdnet.com/article/crooks-use-digger-to-steal-atms-in-northern-ireland-as-atm-physical-attacks-rise-across-the-eu/#ftag=RSSbaffb68

HOW TO DETECT SPY CAMERA’S IN TRIAL ROOMS, ATM’S, HOTELS, OTHER AREA’S
https://www.securitynewspaper.com/2019/03/26/how-to-detect-spy-cameras-in-trial-rooms-atms-hotels-other-areas/?fbclid=IwAR2FNxiGJN5aTG2msos0UyYq7xf2UC-N19OoLVzF2pd4jV9MTptmLRm-kbU

3.電子支付/電子票證/行動支付/ 新聞及資安
近6成南韓人使用行動支付 50至59歲月均消費額最高
https://ec.ltn.com.tw/article/breakingnews/2761679

AdSense忽然出現「您的款項目前處於暫緩支付狀態」
http://bit.ly/2Zit7Cz

李顯龍讚中國電子支付:我的部長在上海買栗子像個鄉巴佬
https://v.chinaqna.com/blog/82914

第三方支付、電子支付及電子票證 一張表看懂差別
https://money.udn.com/money/story/5613/3764096

預告「電子支付機構業務管理規則」部分條文修正草案
http://bit.ly/2Gv44oD

5.虛擬貨幣/區塊鍊   新聞及資安
探索區塊鏈維護電網安全 美國能源部稱取得新進展
https://news.cnyes.com/news/id/4303278

〈虛擬貨幣現況〉比特幣暴漲暴跌 專家教戰:從生態圈應用實質面挑選
https://fnc.ebc.net.tw/FncNews/else/76766

Algo Cipher宣布於第三季完成公鏈主網上線,並同時組建全球去中心化交易所聯盟
https://iview.sina.com.tw/post/19095272

波場 Dapp TronBank 遭到假幣攻擊
https://www.ptt.cc/bbs/DigiCurrency/M.1555313950.A.C48.html

讓「用比特幣買東西」成真,Coinbase攜手Visa推簽帳卡
https://meet.bnext.com.tw/articles/view/44773

大多倫多小鎮首推用比特幣交物業稅
http://www.epochtimes.com/b5/19/4/15/n11188745.htm

印度官方銀行部門計劃使用區塊鏈技術,推動支付領域的解決方案
https://www.blocktempo.com/the-national-payments-corporation-of-india-blockchain-payment/

虛擬貨幣夯 以太幣曾讓投資翻7倍
https://www.chinatimes.com/newspapers/20190415000544-260110?chdtv

區塊鏈科技台灣不缺席 3家新創公司各領風騷
http://bit.ly/2PfApSN

虛擬貨幣騙局多 中國全面禁ICO
https://www.nextmag.com.tw/realtimenews/news/467516

〈區塊鏈大應用〉韓國電信巨頭KT推區塊鏈技術5G網路服務 防範駭客攻擊
https://news.cnyes.com/news/id/4305155

熊市影響下,日本主流金融科技公司叫停加密交易所計劃
http://news.knowing.asia/news/2009f13b-da99-4e1a-8deb-fa367de53873

首家虛擬幣交易所 開幕
https://udn.com/news/story/7239/3762217

虛擬幣採低度監理 買賣自負風險
https://money.udn.com/money/story/9740/3762221

衝突的公鏈!來自 P2P 協議的異形攻擊漏洞
https://www.bishijie.com/shendu_30448

區塊鍊技術可能會阻止Microsoft Outlook漏洞
https://0xzx.com/20190418175640941.html

「達悟幣」發行改採傳統股權模式!DTCO執行長李亞鑫:金管會提出的框架,明顯對科技創新不友善
http://bit.ly/2IsiurB

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體
Bashlite IoT 惡意程式新增挖礦與後門功能,專門攻擊 WeMo 品牌裝置
https://blog.trendmicro.com.tw/?p=60149

小米的Guard Provider應用程序中的漏洞可能會將設備暴露給惡意軟件
https://www.cyclonis.com/zh-cn/vulnerability-xiaomi-guard-provider-expose-devices-malware/

勒索病毒持續「變種」攻擊 企業應加強資安與備份
https://www.chinatimes.com/realtimenews/20190415001300-260410?chdtv

一種專門偵測惡意程式變種的機器學習模型
https://blog.trendmicro.com.tw/?p=60048

AdBlock Plus廣告過濾外掛漏洞可被執行惡意程式碼
https://www.ithome.com.tw/news/129999

密碼還是1234嗎?小心了! 趨勢科技最新調查指出 弱密碼及系統漏洞成挖礦病毒攻擊企業利器
http://bit.ly/2UEiCuO

保險公司拒賠 NotPetya,視為戰爭免賠惹議
https://technews.tw/2019/04/16/insurance-company-wont-refund-notpetya-demage-they-see-it-as-war-make-controversies/

電腦突然變超慢?挖礦病毒數量暴增 400 倍,傳統防毒抓不到該如何自救
https://buzzorange.com/techorange/2019/04/17/trend-micro-malware-protection/

還在使用老舊軟體和這 61 組弱密碼? 挖礦病毒利用多重攻擊手法自中國擴散至台灣、日本等亞洲企業
https://blog.trendmicro.com.tw/?p=60232

Pre-installed malware found on an Android Gretel A7 device
http://skptr.me/gretel_preinstalled_2.html

Popular Video Editing Software Website Hacked to Spread Banking Trojan
http://bit.ly/2Z8u2pf

Sophisticated 'TajMahal APT Framework' Remained Undetected for 5 Years
http://bit.ly/2IAgLzJ

The Bayrob malware gang's rise and fall
https://www.zdnet.com/article/the-bayrob-malware-gangs-rise-and-fall/#ftag=RSSbaffb68

Two Romanian Nationals Convicted in 'Bayrob' Malware Case
https://www.bankinfosecurity.com/two-romanian-nationals-convicted-in-bayrob-malware-case-a-12375

Proactive Malware Intelligence & Increasing ROI of SIEM & SOAR Deployments
https://www.bankinfosecurity.in/webinars/proactive-malware-intelligence-increasing-roi-siem-soar-deployments-w-1957

Multimedia Editing Software Hacked to Spread Banking Trojan
https://hackercombat.com/multimedia-editing-software-hacked-to-spread-banking-trojan/

US CERT Warns of N. Korean 'Hoplight' Trojan
https://www.bankinfosecurity.com/us-cert-warns-n-korean-hoplight-trojan-a-12374

Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse
https://blog.trendmicro.com/trendlabs-security-intelligence/miner-malware-spreads-beyond-china-uses-multiple-propagation-methods-including-eternalblue-powershell-abuse/

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services
https://seguranca-informatica.pt/si-lab-emotet-spread-in-chile-impacted-hundreds-of-users-and-targeted-financial-and-banking-services/#.XLSeQ-gzbIU

Hackers comprometem agente de suporte da Microsoft para aceder a contas de email do Outlook
https://seguranca-informatica.pt/hackers-comprometem-agente-de-suporte-da-microsoft-para-aceder-a-contas-de-email-do-outlook/#.XLSfGegzbIU

Criptominer usa vários métodos de propagação para infetar máquinas Windows e droppar um minerador da Monero
https://seguranca-informatica.pt/criptominer-usa-varios-metodos-de-propagacao-para-infetar-maquinas-windows-e-droppar-um-minerador-da-monero/#.XLSfHegzbIU

OceanLotus: macOS malware update
https://www.welivesecurity.com/2019/04/09/oceanlotus-macos-malware-update/

Let's Learn: In-Depth Review of FIN7 VBA Macro & Lightweight JavaScript Backdoor
https://www.vkremez.com/2018/11/in-depth-review-of-fin7-vba-macro.html

Scranos: New Rapidly Evolving Rootkit-Enabled Spyware Discovered
https://thehackernews.com/2019/04/scranos-rootkit-spyware.html

Inside Scranos – A Cross Platform, Rootkit-Enabled Spyware Operation
https://labs.bitdefender.com/2019/04/inside-scranos-a-cross-platform-rootkit-enabled-spyware-operation/

Account With Admin Privileges Abused to Install BitPaymer Ransomware via PsExec
https://paper.tuisec.win/detail/4af0e090957cb4f

Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse
https://blog.trendmicro.com/trendlabs-security-intelligence/miner-malware-spreads-beyond-china-uses-multiple-propagation-methods-including-eternalblue-powershell-abuse/

New HawkEye Reborn Variant Emerges Following Ownership Change
https://blog.talosintelligence.com/2019/04/hawkeye-reborn.html

Scranos rootkit expands operations from China to the rest of the world
https://www.zdnet.com/article/scranos-rootkit-expands-operations-from-china-to-the-rest-of-the-world/#ftag=RSSbaffb68

DNS Malware Analysis: A Forensic Approach (W39)
http://bit.ly/2vaXPQm

Banking Trojan Emotet Now Targets Legitimate Email Chains to Deploy Malware
https://latesthackingnews.com/2019/04/16/banking-trojan-emotet-now-targets-legitimate-email-chains-to-deploy-malware/

Hacking Android Smart Phone Using AhMyth Android RAT
https://cybarrior.com/blog/2019/01/25/hacking-android-smart-phone-using-ahmyth-android-rat/?fbclid=IwAR3DC3CitoixtJ1G0Jdo-ZErERXp-jEUFk5yHncCkjMllRaOk9NR8CNXl5w

Cyber-security firm Verint hit by ransomware
https://www.zdnet.com/article/cyber-security-firm-verint-hit-by-ransomware/#ftag=RSSbaffb68

Bad bots now make up 20 percent of web traffic
https://www.zdnet.com/article/bad-bots-focus-on-financial-targets-make-up-20-percent-of-web-traffic/#ftag=RSSbaffb68

Potential Targeted Attack Uses AutoHotkey and Malicious Script Embedded in Excel File to Avoid Detection
https://blog.trendmicro.com/trendlabs-security-intelligence/potential-targeted-attack-uses-autohotkey-and-malicious-script-embedded-in-excel-file-to-avoid-detection/

Malicious AutoHotkey Scripts Used to Steal Info, Remotely Access Systems
https://www.bleepingcomputer.com/news/security/malicious-autohotkey-scripts-used-to-steal-info-remotely-access-systems/#.XLdqKJqUS2k.twitter

Today's Forecast: Cloudy With a Chance of Malware
https://www.bankinfosecurity.com/todays-forecast-cloudy-chance-malware-a-12394

B.行動安全 / iPhone / Android /穿戴裝置 /App
Galaxy S10 及 Galaxy S10 Plus 屏下指紋識別器推出緊急更新
https://tw.news.yahoo.com/galaxy-s10-%E5%8F%8A-galaxy-s10-105009142.html

Apple 為 App Store 訂閱的付費過程新增了一道確認步驟
https://chinese.engadget.com/2019/04/12/apple-app-store-subscriptions-confirmation/

小米手機內建app藏漏洞 個資密碼可能被偷
http://www.soundofhope.org/b5/2019/04/12/n2801421.html

中共官方大肆整改網路 下架逾三萬款app
http://bit.ly/2G7A8gL

Android 手機防毒軟件 五款最佳推薦
http://bit.ly/2DedW3L

為幫助開發者提升付費訂戶數量,Android開發人員控制臺新增訂閱分析功能
https://www.ithome.com.tw/news/129942

如何透過iPhone「尋找朋友」分享即時位置資訊
https://blog.trendmicro.com.tw/?p=60035

評估5G安全風險 荷蘭設專案小組
https://money.udn.com/money/story/5599/3757699

手機App資安黑洞!讓蝦皮和YouTube讀你的簡訊和通訊錄,你也按下「同意」了嗎
http://bit.ly/2GfX2Td

小心,Google Play上有假的Instagram助手程式
https://www.ithome.com.tw/news/130012

今年第三次!臉書、IG及WhatsApp又當機兩小時
https://www.ithome.com.tw/news/129971

LINE以技術與服務創新 推動社會正向改變
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000557696_XTS5FHDOLD2LGU5GCQXVA&cat=50

國內Android App漏洞檢測發展簡史
http://www.chuangyejia.com/article-12892520.html

手機 App 資安黑洞!讓蝦皮和 YouTube 讀你的簡訊和通訊錄,你也按下「同意」了嗎
https://buzzorange.com/techorange/2019/04/19/app-info-security/

駭客利用iOS上的Chrome漏洞傳遞惡意廣告
https://www.ithome.com.tw/news/130090

中國假「貸款App」氾濫 受騙人數逾150萬
https://www.secretchina.com/news/b5/2019/04/19/891009.html?code=b5

香港地區 Google Play 商店應用程式保安風險報告 (2019年3月)
https://www.hkcert.org/my_url/zh/blog/19032901

Google Makes it Tough for Rogue App Developers Get Back on Android Play Store
http://bit.ly/2GrFQLO

Australian Child-Tracking Smartwatch Vulnerable to Hackers
https://www.bankinfosecurity.com/australian-child-tracking-smartwatch-vulnerable-to-hackers-a-12376

Malvertising campaign abuses Chrome for iOS bug to target iPhone users
https://www.zdnet.com/article/malvertising-campaign-abuses-chrome-for-ios-bug-to-target-iphone-users/#ftag=RSSbaffb68

Your Android phone can now double as a security key
https://www.welivesecurity.com/2019/04/16/android-phone-security-key/

Facebook to end Messenger payments in the UK, France
https://www.zdnet.com/article/facebook-to-end-messenger-payments-in-the-uk-france/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
打擊機器人帳號惡意散布訊息 推特大幅限制每日可追用戶數
https://news.sina.com.tw/article/20190413/30907220.html

ICANN:台灣的網路治理開放態度 足以做為區域楷模
https://www.taiwannews.com.tw/ch/news/3681916

Epic Games 承認帳號資安問題並承諾改善
http://bit.ly/2Ur1PpQ

拆解黑客連鎖攻擊(一):睇留言都中招
http://bit.ly/2XgsXd9

網路風險指數(CRI) – 給資訊安全長和 IT 安全團隊的指南
https://blog.trendmicro.com.tw/?p=59584

專家發現漏洞後是否公示?新報告稱已淪為黑客揮向用戶的屠刀
https://read01.com/kzgA74P.html

黑灰產規模化的背後—— 由發卡平台組成的資源交易網
https://paper.tuisec.win/detail/d918ac95649eef7

紐約執法者網路執法 搗毀黑網毒品販售
https://www.ntdtv.com/b5/2019/04/16/a102558006.html

盜版《權力遊戲:冰與火之歌》等熱門影集,成為駭侵攻擊最佳誘餌
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=838

安全專家發現漏洞PoC報告成為黑客向用戶發出網絡威脅的新武器
http://www.twoeggz.com/news/14226098.html

Encrypted Messaging Project "Matrix" Suffers Extensive Cyber Attack
http://bit.ly/2DcxQfK

新澤西破獲最大暗網賣假藥案 假藥直銷全美
http://www.epochtimes.com/b5/19/4/17/n11192091.htm

亞桑傑被捕後 厄瓜多遇4000萬次駭客攻擊
https://taronews.tw/2019/04/16/311893/

亞桑傑被控「駭入五角大廈電腦」 維基解密洩漏機密重創美國
https://www.ettoday.net/news/20190413/1421352.htm

維基解密亞桑傑倒下…但只要這技術還在 骯髒事總會見光死
https://udn.com/news/story/6809/3754290?from=udn-ch1_breaknews-1-cate5-news

亞桑傑同夥欲逃往日本 遭厄瓜多當局逮捕
http://bit.ly/2XbwzwY

撤銷政治庇護與公民權後 厄瓜多再逮與亞桑傑有關人士
https://www.ydn.com.tw/News/331962

WikiLeaks Founder Julian Assange Arrested After Ecuador Withdraws Asylum
http://bit.ly/2VJgsq8

中國警告澳洲:封殺華為使澳洲陷入「技術孤立」
https://ec.ltn.com.tw/article/breakingnews/2758047

俄護普丁惡搞GPS 數千船隻飛機大亂
https://www.chinatimes.com/realtimenews/20190415001253-260417?chdtv

What Did We Learn from the Global GPS Collapse
https://blog.trendmicro.com/what-did-we-learn-from-the-global-gps-collapse/

德國制定更嚴格法律 打擊網路性犯罪
http://bit.ly/2GmHAFY

德國表態「華為可參與5G建置」 陸外交部:證明多數國家客觀獨立
https://www.ettoday.net/news/20190418/1425359.htm

捍衛資安出招 華為將與德簽無間諜協議
http://bit.ly/2KQWhW8

美國公共電台:美資公司對中國駭客攻擊保持沉默
https://www.voacantonese.com/a/cantonese-xp-china-hack-us-business-20190414-ry/4875045.html

川普火大!中國竊取美國技術 美國每年損失1.76兆
https://ec.ltn.com.tw/article/breakingnews/2758903

美國勸說無效!德國5G設備建置將不排除華為
https://www.ettoday.net/news/20190415/1422443.htm

美國務院副助卿米德偉:5G時代建立外資篩選系統至關重要
https://ec.ltn.com.tw/article/breakingnews/2759492

美國啟動防堵間諜?FBI取消數十名中國學者美簽
https://www.thenewslens.com/article/117279

美資安報告:中共政策導向 外企被迫留後門
http://bit.ly/2UBdqaZ

英國規定色情網站必須稽核造訪者年齡,違者可能被ISP封鎖
https://ithome.com.tw/news/130077

歐盟:未發現卡巴斯基軟體通俄竊密的證據
https://www.ithome.com.tw/news/130045

思科:國家級駭客持續攻擊中東及北非國家的DNS系統
https://www.ithome.com.tw/news/130106

卡巴斯基實驗室:去年Q4偵測到的攻擊有7成鎖定Office
https://www.ithome.com.tw/news/130006

卡巴斯基報告:70%的黑客攻擊事件瞄準Office漏洞
https://m.ithome.com/html/419370.htm

Kaspersky: 70 percent of attacks now target Office vulnerabilities
https://www.zdnet.com/article/kaspersky-70-percent-of-attacks-now-target-office-vulnerabilities/#ftag=RSSbaffb68

Security: Europe's pushback against Chinese tech has only just begun
https://www.zdnet.com/article/security-europes-pushback-against-chinese-tech-has-only-just-begun/#ftag=RSSbaffb68

Building a data pipeline to defend New York from cyber threats
https://www.zdnet.com/article/building-a-data-pipeline-to-defend-new-york-from-cyber-threats/#ftag=RSSbaffb68

US probe prompts Russia-linked Pamplona to sell stake in cybersecurity firm Cofense
https://www.zdnet.com/article/us-probe-prompts-russia-linked-pamplona-to-give-up-stake-in-cybersecurity-firm-cofense/#ftag=RSSbaffb68

Encrypted Messaging Project "Matrix" Suffers Extensive Cyber Attack
http://bit.ly/2UBFWck

The Muddy Waters of APT Attacks
https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/

A hacker has dumped nearly one billion user records over the past two months
https://www.zdnet.com/article/a-hacker-has-dumped-nearly-one-billion-user-records-over-the-past-two-months/#ftag=RSSbaffb68

Hackers crack university defenses in just two hours
https://www.welivesecurity.com/2019/04/12/hackers-crack-university-cyberdefenses/

Credential-stuffing attacks behind 30 billion login attempts in 2018
https://www.welivesecurity.com/2019/04/10/credential-stuffing-attacks-login/

EU: No evidence of Kaspersky spying despite 'confirmed malicious' classification
https://www.zdnet.com/article/eu-no-evidence-of-kaspersky-spying-despite-confirmed-malicious-classification/#ftag=RSSbaffb68

Hacker Group Uses RATVERMIN Backdoor to Target Ukrainian Military
https://www.bleepingcomputer.com/news/security/hacker-group-uses-ratvermin-backdoor-to-target-ukrainian-military/

Source code of Iranian cyber-espionage tools leaked on Telegram
https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram/#ftag=RSSbaffb68

DNS Tunneling in the Wild: Overview of OilRig’s DNS Tunneling
https://unit42.paloaltonetworks.com/dns-tunneling-in-the-wild-overview-of-oilrigs-dns-tunneling/

Microsoft loses control over Windows Tiles subdomain
https://www.zdnet.com/article/microsoft-loses-control-over-windows-tiles-subdomain/

Researcher Hijacks a Microsoft Service Using Loophole in Azure Cloud Platform
https://thehackernews.com/2019/04/subdomain-microsoft-azure.html

The security snapshot: 10-year challenge
https://www.zdnet.com/article/the-security-snapshot-10-year-challenge/#ftag=RSSbaffb68

Some internet outages predicted for the coming month as '768k Day' approaches
https://www.zdnet.com/article/some-internet-outages-predicted-for-the-coming-month-as-768k-day-approaches/#ftag=RSSbaffb68

Brazil to shift government sites to single domain
https://www.zdnet.com/article/brazil-to-shift-government-sites-to-single-domain/#ftag=RSSbaffb68

Former student destroys 59 university computers using USB Killer device
https://www.zdnet.com/article/former-student-destroys-59-university-computers-using-usb-killer-device/#ftag=RSSbaffb68

Released: Redacted Mueller Report on Russian Interference
https://www.bankinfosecurity.com/released-redacted-mueller-report-on-russian-interference-a-12392

資訊安全工程師SOC(銀行)-208KC 知名金控
https://www.manpower.com.tw/product/439

資訊安全工程師(防毒)(銀行)-208KC 知名銀行
https://www.manpower.com.tw/product/458

系統分析師(銀行/AML)-208KC 知名金控
https://www.manpower.com.tw/product/437

軟體研發工程師 (Network and Security) _台達研究院(台北)
https://www.104.com.tw/job/?jobno=6ks6q

網路資安工程師 (新竹竹北)
https://www.104.com.tw/job/?jobno=6kza0

產品經理(產品行銷處)
https://www.104.com.tw/job/?jobno=6kxff

資策會資安科技研究所短期日薪工讀生需求
http://bit.ly/2GnlMKz

研發處-資安研發實習生 安華聯網科技股份有限公司
http://bit.ly/2UIlBT2

最大場5+2徵才周六在台北 5000職缺半數起薪逾4萬
https://www.chinatimes.com/realtimenews/20190417004251-260410?chdtv

經濟部助企業徵才 放出5千個職缺
http://bit.ly/2IrAWRd

【知名人壽】系統工程師 (35K~50K)
https://m.1111.com.tw/job/85908785/

資安系統工程師-M128
https://m.1111.com.tw/job/85869081/

一般金融人員-北區
https://www.104.com.tw/job/?jobno=42fd3&jobsource=n104bank2

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
釣魚網站辦抽獎蒐集個資、政治傾向 綠委:為投放假新聞
https://www.ettoday.net/news/20190419/1425721.htm

網路攻防演習 反制假訊息固心防
https://www.ydn.com.tw/News/332150

台灣信用卡在澳洲被盜刷 原來是加油站員動手腳
https://www.chinatimes.com/realtimenews/20190418001791-260402?chdtv

被加油工側錄信用卡 被害人「怎有來自澳門消費?」
https://udn.com/news/story/7321/3762549

暴力集團專挑現役軍人詐騙 被榨光還揹債
https://www.chinatimes.com/realtimenews/20190418001980-260402?chdtv

Hackers Reportedly Post Data on Law Enforcement Officers
https://www.bankinfosecurity.com/hackers-reportedly-post-data-on-law-enforcement-officers-a-12380

網路恐攻?駭客集團入侵 美國警察、FBI上千筆資料外洩
http://bit.ly/2VLprHl

FBI網站被黑 駭客穫取100萬條聯邦特工身份資訊
http://big5.pconline.com.cn/b5/news.pconline.com.cn/1248/12488656.html

烏克蘭黑客入侵FBI旗下網站 盜逾千特工警察資料
https://hk.on.cc/hk/bkn/cnt/aeanews/20190413/bkn-20190413220559716-0413_00912_001.html

Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts
http://bit.ly/2KBV7xE

Microsoft reveals breach affecting webmail users
https://www.welivesecurity.com/2019/04/15/microsoft-breach-outlook-webmail-users/

駭客能透過濫用微軟用戶支援門戶網站讀取任何非公司帳戶的電子郵件
http://big5.pconline.com.cn/b5/news.pconline.com.cn/1249/12490507.html

微軟網頁郵件服務入侵災情升級,某些用戶的信件內容或已洩漏
https://chinese.engadget.com/2019/04/16/hackers-could-read-some-microsoft-webmail-messages/

微軟客服人員遭駭,致部份Outlook.com郵件用戶帳號資訊外洩
https://www.ithome.com.tw/news/129969

找飯店,洩個資?國外調查報告 飯店網站洩漏客戶資料達7成
https://news.sina.com.tw/article/20190412/30895086.html

亞馬遜證實!Alexa錄下用戶聲音 有人專門監聽
https://udn.com/news/story/6811/3752469

臺灣的假消息有很大程度是來自境外,學界提醒應注意是否造成國家主權或民主的侵蝕
https://www.ithome.com.tw/news/129927

瑞典調查:台灣「遭境外假資訊攻擊」的程度世界第一,還遙遙領先第二名
https://buzzorange.com/techorange/2019/04/16/fake-news-attack/

Yahoo將資料外洩和解金額提高到1.17億美元
https://www.ithome.com.tw/news/129948

警強注晶片操控!南韓「晶片女」直播監視自己10年 想逃就立刻睡著
https://www.ettoday.net/dalemon/post/42812

李家超感緊張心急 積極就「窺淫罪」立法針對偷拍等性罪行
https://hk.news.appledaily.com/local/realtime/article/20190412/59479670

不誠實使用電腦罪「百搭」失效 李家超:為窺淫罪立法緊張、心急
http://bit.ly/2GhFQww

萬能key控罪「失效」 葛珮帆籲效英國訂偷拍裙底刑事罪
https://hk.news.appledaily.com/local/realtime/article/20190414/59487109

印度大型資訊服務外包業者遭駭,全球眾多客戶遭殃
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=839

這些臉書粉絲團免費送貼圖都是假的,五招避免上當
https://blog.trendmicro.com.tw/?p=60197

Facebook發現新安全漏洞,數百萬Instagram用戶密碼可被員工直接閱讀
https://on.wsj.com/2V2QuAX

臉書又出包 遭爆未經同意蒐集150萬名用戶的電子郵件聯絡名單
https://www.ettoday.net/news/20190418/1425237.htm

臉書要求用戶提供 Email 密碼,然後「不小心」上傳了 150 萬人的通訊錄
https://buzzorange.com/techorange/2019/04/19/facebook-sends-out-1-5m-personal-data/

臉書說「不小心」蒐集了150萬用戶的郵件聯絡人
https://www.ithome.com.tw/news/130087

Facebook admits to storing plaintext passwords for millions of Instagram users
https://www.zdnet.com/article/facebook-admits-to-storing-plaintext-passwords-for-millions-of-instagram-users/#ftag=RSSbaffb68

教你如何在一個晚上變窮,從詐騙學 UX
https://www.inside.com.tw/article/16109-the-real-scam-case

眼見不足為真 假消息.輿論泛濫臉書出招遏止
http://bit.ly/2UhrkKq

盜用他人信用卡購物 餐廳經理涉6宗罪
https://hk.news.appledaily.com/breaking/realtime/article/20190417/59497488

盜卡網購:資訊科技界莫乃光「要每月check單」
https://hk.on.cc/hk/bkn/cnt/news/20190417/bkn-20190417123210624-0417_00822_001.html

網購刷卡詐欺 飆破22億創歷史新高
https://news.cts.com.tw/cts/society/201904/201904141957883.html

國家互聯網應急中心:虛假和仿冒移動應用成網路詐騙新渠道
https://news.sina.com.tw/article/20190416/30951738.html

鑽「時差」漏洞 假本票網購騙財 3落網
http://bit.ly/2Geihot

以假銀行本票網購騙37萬 商罪科拉兩女騙徒
http://bit.ly/2DgurMG

認證系統漏洞明顯 百度搜索再爆醜聞
http://bit.ly/2IyZg2Y

郭家麒指電子健康紀錄互通系統有保安漏洞
http://www.metroradio.com.hk/news/live.aspx?SearchText=&NewsId=20190416173012&page=0

Mozilla向Apple發起隱私保障請願,建議使用者限制廣告追蹤
https://www.techbang.com/posts/69471-mozilla-launches-privacy-protection-petition-to-apple-advising-users-to-turn-off-ad-tracking

網路報稅防詐騙 6招自保
https://ec.ltn.com.tw/article/paper/1282118

報導:駭客在黑市銷售近10億筆使用者資料
https://www.ithome.com.tw/news/130013

111分局轄區Macy’s信用卡被盜頻發 華裔涉嫌作案
http://www.epochtimes.com/b5/19/4/17/n11192253.htm

香港29歲餐廳經理涉6宗盜用他人資料網購案被捕
http://www.hkcna.hk/content/2019/0417/757951.shtml

台灣詐騙集團利用日本空屋電信詐騙 日警再逮捕10男女
https://times.hinet.net/topic/22329617

填網路問卷小心個資外流 政院提醒國人注意資安
http://bit.ly/2IIumoL

個人化假訊息來了?林俊憲提醒港籍釣魚網站騙個資
https://taronews.tw/2019/04/19/314775/

用iphone抽獎問總統選誰? 綠委質疑影響台灣總統大選
https://news.ltn.com.tw/news/politics/breakingnews/2764136

詐騙集團謊稱「提款機操作錯誤」 49人受騙共得款500多萬
https://www.ettoday.net/news/20190419/1425857.htm

A hacker has dumped nearly one billion user records over the past two months
https://www.zdnet.com/article/a-hacker-has-dumped-nearly-one-billion-user-records-over-the-past-two-months/

Report: Healthcare Is No. 1 - For Breaches
https://www.bankinfosecurity.com/blogs/report-healthcare-no-1-for-breaches-p-2736

Another Scathing Equifax Post-Breach Report
https://www.bankinfosecurity.co.uk/interviews/another-scathing-equifax-post-breach-report-i-4291

Russia Fines Facebook $47 Over Citizens' Data Privacy Dispute
http://bit.ly/2IySOJa

Facebook Collected Contacts from 1.5 Million Email Accounts Without Users' Permission
http://bit.ly/2ZoZCPJ

Brazil's Itaú rolls out facial biometrics to tackle auto loan fraud
https://www.zdnet.com/article/brazils-itau-rolls-out-facial-biometrics-to-tackle-auto-loan-fraud/#ftag=RSSbaffb68

Pregnancy club fined £400,000 for illegally sharing data of over 14 million people
https://www.zdnet.com/article/pregnancy-club-fined-400000-for-sharing-data-of-over-14-million-people/#ftag=RSSbaffb68

The Anatomy of a Spear Phishing Attack: How Hackers Build Targeted Attacks (and why they're so effective)
https://www.bankinfosecurity.com/webinars/anatomy-spear-phishing-attack-how-hackers-build-targeted-attacks-and-w-1968

How Likely Is Your Organization to Be Breached
https://blog.trendmicro.com/how-likely-is-your-organization-to-be-breached/

Over 100 Million JustDial Users' Personal Data Found Exposed On the Internet
http://bit.ly/2ZsnvG2

E.研究報告
Samba遠程代碼執行漏洞分析(CVE-2017-7494)
https://bbs.pediy.com/thread-250746.htm

TransferMint 漏洞詳解:超20個波場合約存無限增發代幣風險
https://www.bishijie.com/shendu_29474

滲透測試——利用IIS漏洞,獲取對靶機建立遠程桌面連接
https://segmentfault.com/a/1190000018857317

使用Sboxr實現DOM XSS漏洞的自動挖掘與利用
http://www.sohu.com/a/307675752_354899?sec=wd

挖洞經驗| 利用Semmle QL查詢語言發現Facebook Fizz的DoS漏洞($10k)
https://www.freebuf.com/vuls/199563.html

SSRF漏洞原理、利用方式及修復方案?Java和PHP的SS
http://bit.ly/2Ikypbo

組合漏洞+繞道waf拿下阿里數個網站
https://www.anquanke.com/post/id/176569

VMware Fusion 11通過WebSocket接口控制虛擬機RCE漏洞分析(CVE-2019-5514)
https://www.4hou.com/vulnerable/17204.html

Office棧溢出漏洞詳細分析(CVE-2012-0158)
https://bbs.pediy.com/thread-250823.htm

Avira VPN的兩處提權漏洞分析
http://www.sohu.com/a/308241875_354899?sec=wd

IOST公鏈P2P遠程拒絕服務漏洞
https://www.anquanke.com/post/id/176475

淺析基於人格特徵的內部高風險用戶識別方法
https://www.freebuf.com/articles/network/200564.html

Drupal漏洞組合拳:通過惡意圖片實現一鍵式RCE
https://www.anquanke.com/post/id/176470

Confluence 未授權RCE 分析(CVE-2019-3396)
https://paper.seebug.org/893/

利用 GHIDRA 逆向 Tytera MD380
https://github.com/travisgoodspeed/md380tools/wiki/GHIDRA

Spring Cloud Config Server路徑穿越與任意文件讀取漏洞分析 - 【CVE-2019-3799】
https://xz.aliyun.com/t/4844

使用 IDA Pro 的 REobjc 模块逆向 Objective-C 二进制文件
https://paper.seebug.org/887/

重現TP-Link SR20本地網絡遠程代碼執行漏洞
https://paper.seebug.org/879/

CVE-2017-17215-HG532命令注入漏洞分析
https://xz.aliyun.com/t/4819

0 day:詳細分析macOS平台Shimo VPN多個權限提升漏洞
https://www.4hou.com/vulnerable/17507.html

ftp協議類漏洞研究-結合snort
https://blog.csdn.net/yalecaltech/article/details/89383258

ZoomEye 網絡空間測繪——委內瑞拉停電事件對其網絡關鍵基礎設施和重要信息系統影響
https://paper.seebug.org/869/

Zoomeye Cyberspace Mapping——Impact of 2019 Venezuelan Blackouts on Its Network Critical Infrastructure and Important Information Systems
https://paper.seebug.org/871/

Basic Android Security Testing lab — 1
http://bit.ly/2GnxmFx

Rootpipe Reborn (Part I) CVE-2019–8513 TimeMachine root command injection
https://medium.com/0xcc/rootpipe-reborn-part-i-cve-2019-8513-timemachine-root-command-injection-47e056b3cb43?sk=3970823f97714fac1d04d75325e3cbac

Here Be Dragons: Reverse Engineering with Ghidra - Part 0 [Main Windows & CrackMe]
https://www.shogunlab.com/blog/2019/04/12/here-be-dragons-ghidra-0.html

Adobe Flash security tool Flashmingo debuts in open source community
https://www.zdnet.com/article/security-tool-for-flash-flashmingo-released-to-open-source-community/#ftag=RSSbaffb68

JonCooperWorks/implant
https://github.com/JonCooperWorks/implant/?fbclid=IwAR1PgxKxsrW60uw_pNZu-rjEcrIFhO9ElQ5jZFTee6noMdSZxAEAgZ6I_U8

Pirates of Brazil: Integrating the Strengths of Russian and Chinese Hacking Communities
https://go.recordedfuture.com/hubfs/reports/cta-2019-0416.pdf

Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign
https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign/

fireELF: opensource fileless linux malware framework
https://securityonline.info/fireelf/

F.商業
Google新推出多種身份驗證與存取控制功能,助企業部署零信任安全架構
https://www.ithome.com.tw/news/129950

趨勢科技發表創新技術,提升Google Cloud Platform、Kubernetes與G Suite Gmail安全
http://bit.ly/2DcFDtW

SecureCircle 為外部共享加密資料推出 Send Secure 新功能
http://technews.tw/2019/04/16/netbridge-securecircle-send-secure-information-security/

Google釋出服務網格的控制平面Traffic Director
https://www.ithome.com.tw/news/129992

優利系統調查顯示,資料安全是臺灣消費者在選擇銀行時的首要考慮要素
http://bit.ly/2vaHqLG

mlytics結盟宏洲科技 推廣Multi CDN與網安防護服務
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=50&cat2=10&id=0000557907_G8T8SDYG1MXIDD6BOASYG

MetaDefender 惡意程式偵測系統(多防毒引擎單選)
https://www.cloudmarketplace.org.tw/order/Match/Software/1080201/10021/36953

思科ACI、HyperFlex將延伸至邊緣/遠端、多雲環境
https://www.ithome.com.tw/news/130056

思科推出創新架構實現資料中心無處不在願景
http://bit.ly/2Gobh8m

開源軟體的商業模式分析 (一)
https://www.bnext.com.tw/article/52845/open-source--business-model-1

開源軟體的商業模式分析(二):從使用者、開發者角度,談開源模式效益
https://meet.bnext.com.tw/articles/view/44790

2019資誠臺灣企業領袖調查系列專欄二 – 資安防禦 企業贏得客戶信任的神隊友
https://www.pwc.tw/zh/topics/risk-management/risk-management-20190416.html

F5推出新SaaS方案為應用開發與DevOps團隊提供最佳化與隨需購買服務
http://bit.ly/2UqEnJo

Aruba以3S網路技術策略 打造體驗新經濟
https://www.ettoday.net/news/20190418/1425339.htm

網路公司Aruba 用AI助企業用抓內賊
https://ec.ltn.com.tw/article/breakingnews/2763509

Android Studio 3.4新增視覺化資源管理工具,預設程式碼壓縮器改用R8
https://ithome.com.tw/news/130063

NoScript extension officially released for Google Chrome
https://www.zdnet.com/article/noscript-extension-officially-released-for-google-chrome/#ftag=RSSbaffb68

Google Helps Police Identify Devices Close to Crime Scenes Using Location Data
http://bit.ly/2v7lqkI

Google bans logins from embedded browser frameworks to prevent MitM phishing
https://www.zdnet.com/article/google-bans-logins-from-embedded-browser-frameworks-to-prevent-mitm-phishing/#ftag=RSSbaffb68

Red Hat survey finds we're living in an open-source world
https://www.zdnet.com/article/red-hat-survey-finds-were-living-in-an-open-source-world/#ftag=RSSbaffb68

Microsoft buys real-time operating system vendor Express Logic
https://www.zdnet.com/article/microsoft-buys-real-time-operating-system-vendor-express-logic/#ftag=RSSbaffb68

G.政府
金管會研商證券型代幣發行監理規範 6月完成草案修正
https://udn.com/news/story/7239/3752558

金管會初步擬定STO監理規範架構,將採分級管理,適用門檻是三千萬元內
https://www.ithome.com.tw/news/129953

證券型代幣規範 6月出爐
https://udn.com/news/story/7239/3753013

證券型代幣發行規範草案6月出爐 立委業者籲放寬
https://money.udn.com/money/story/5613/3752768

新創不滿證券型代幣5限制 顧立雄:可進沙盒
https://www.chinatimes.com/realtimenews/20190412003764-260410?chdtv

證券型代幣規範 金管會召開公聽會
http://bit.ly/2ZdsKcp

金管會主委顧立雄話中有話,證券型代幣「STO官方交易所」待產中
http://bit.ly/2UH9BB9

STO募資逾3000萬元 擬規範進金融監理沙盒實驗
https://news.cnyes.com/news/id/4303435

STO在吵甚麼?金管會主導金融科技大戲 業者給2點無感
https://udn.com/news/story/7239/3760762

金管會研擬證券型代幣五大限制可望上路
http://www.epochtimes.com/b5/19/4/12/n11181904.htm

臺鐵新一代票務系統、App遭質疑,軟體自由協會籲政府立法開源公部門開發的軟體及系統
https://www.ithome.com.tw/news/129947

訂票系統被批「把民眾當白老鼠」 台鐵副局長:這樣我會完蛋
https://www.ettoday.net/news/20190416/1423662.htm

台北大學犯罪學研究所助理教授沈伯洋:因應中國資訊戰 速定反滲透法
https://talk.ltn.com.tw/article/paper/1281582

柯文哲開設微博 議員:應解除瀏覽大陸網頁限制
https://udn.com/news/story/7323/3753980?from=udn-ch1_breaknews-1-cate3-news

108年政府組態基準GCB說明文件(預告版)ー開放下載
https://www.nccst.nat.gov.tw/NewInfoDetail?lang=zh&seq=1521

金融機構防詐騙成效佳 去年成功攔下近千件詐騙案
https://news.cnyes.com/news/id/4304265

外交部:台灣應對假新聞經驗 能與國際分享
https://money.udn.com/money/story/7307/3758996

純網銀執照 金管會傾向發3張
http://bit.ly/2VOPsW6

純網銀3家競逐 人人有獎? 金管會:仍以2家為限
http://bit.ly/2DeNlDS

政院說明公務機關行動支付及刷卡手續費事宜
https://www.ey.gov.tw/Page/9277F759E41CCD91/82849a86-497c-414c-9616-f839be69d338

國軍神秘網路戰聯隊 進駐國內外公私營機構抗敵
https://udn.com/news/story/10930/3760671

雲端資料庫設中國恐遭全都露 立委促部會正視個資法
https://www.rti.org.tw/news/view/id/2017870

資料庫後門恐通中國 林昶佐爆8成部會未評估
https://news.ltn.com.tw/news/politics/breakingnews/2761622

網路雲端恐通中國! 時力立委林昶佐:八成中央機關未評估外國資安狀況
https://tw.news.appledaily.com/new/realtime/20190417/1551895/

推數位國家公投 張善政:政府應成立新部會作為數位時代「火車頭」
https://www.taiwannews.com.tw/ch/news/3682481

線上報稅 Windows版嘛也通
https://money.udn.com/money/story/11994/3762117

中華電董座鄭優退休 由總經理謝繼茂升任
https://www.chinatimes.com/newspapers/20190418000230-260202?chdtv

純網銀三搶二 金管會:七月放榜
http://news.pchome.com.tw/politics/cdns/20190416/index-55537280049332243001.html

行政院主計總處1080410修正個人信用卡支付款項處理原則
http://www.lksh.chc.edu.tw/files/14-1000-12037,r14-1.php?Lang=zh-tw

金管會送電子支付業五大開放
https://www.chinatimes.com/realtimenews/20190418003842-260410?chdtv

拚電子支付2.0!金管會預告修法祭5利多
https://fnc.ebc.net.tw/FncNews/life/77436

行李箱裝現金辦保恐成絕響 北檢開放電子支付交保金
https://news.ltn.com.tw/news/society/breakingnews/2763343

「行動支付繳納綜合所得稅發送簡訊宣導」委外服務案
https://twbuying.com.tw/showdetail.php?recno=52803654

研擬人工智慧基本法草案 立院辦公聽會
https://news.pts.org.tw/article/429359

蘇揆核定資通產品禁購原則 避中國、陸資字眼
https://news.ltn.com.tw/news/politics/breakingnews/2764196

陸資3C產品「處理原則」政院下午說明
https://www.chinatimes.com/realtimenews/20190419002291-260407?chdtv

防資安外洩 政院拍版:各機關不得購危害資安產品
https://www.nownews.com/news/20190419/3333752/




H.SCADA/ICS/工控系統
有了實體隔離OT就安全嗎?中華資安國際:醫院儀器暗藏10年前的古老惡意軟體
https://www.ithome.com.tw/news/129939

為何射頻技術使工業領域置身風險
https://blog.trendmicro.com.tw/?p=60002

全台首座工業4.0示範工廠曝光 激似電影太空中心能秒算毛利成本
https://www.ettoday.net/news/20190414/1421268.htm

創新科技持續湧現 助製造業實踐智慧工廠願景
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=45&cat2=25&id=0000557630_6G85ICVK46VYCPLQ891RF

I.教育訓練
Bash scripting Tutorial
https://linuxconfig.org/bash-scripting-tutorial?fbclid=IwAR3bNE-YOgp9blliVRGmygZ4WxehgQrtsgHCY0gNaxk6PA6fSjMxUqkJc74

My Fight for the OSCP
https://alphacybersecurity.tech/my-fight-for-the-oscp/

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
https://read01.com/0MGkm4D.html#.XLRU_-gzbIU

Fitbits for cows? Building IOT for the industry technology left behind
https://www.zdnet.com/article/building-iot-for-the-industry-technology-left-behind/#ftag=RSSbaffb68

物聯網資安立法及智慧城市韌性應用分析
https://technews.tw/2019/04/17/iot-law-and-resilient-cities/

普林斯頓大學開發IoT Inspector 保護家庭智慧裝置資料不外洩
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=50&id=0000557781_oci814xk7rglq522n5fuq

網路數位安全是物聯網能順利運作的重要元素
https://tw.news.appledaily.com/new/realtime/20190417/1551046/

IoT development matures, according to Eclipse Foundation survey
https://www.zdnet.com/article/iot-development-matures-according-to-eclipse-foundation-survey/#ftag=RSSbaffb68

林坤正:台灣將淪為外國人的AI次殖民地
https://www.wealth.com.tw/home/articles/20457

Is Your Baby Monitor Susceptible to Hacking
https://blog.trendmicro.com/is-your-baby-monitor-susceptible-to-hacking/

6.近期資安活動及研討會
 國立交通大學 亥客書院 - 緩衝區溢位攻擊與預防   4/20
 https://hackercollege.nctu.edu.tw/?p=1052

 DevOps Taiwan - CI / CD / DevOps Pipeline Tools 大亂鬥  4/20
 https://devops.kktix.cc/events/pipeline-tools-battle

 資策會開辦「CompTIA Security+ 國際網路資安認證班」 4/20
 https://ithome.com.tw/pr/129904

 TECH(K)NOW DAY TAIPEI  4/20
 https://www.meetup.com/TaipeiWomeninTech/events/258526627/

 Digital Transformation Lab 技術交流會 - 殺手級 Kubernetes : PKS  4/23
 http://bit.ly/2Ill0Qe

 HackingThursday 固定聚會  4/25
 https://www.meetup.com/hackingthursday/events/vkhnnqyzgbhc/

 資安健診  4/25
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3834&from_course_list_url=homepage

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體
 https://www.accupass.com/event/1904170343547477698390

 HackingThursday 固定聚會 5/9
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbmb/

 資安健診  5/9
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3827&from_course_list_url=homepage

 國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
 https://hackercollege.nctu.edu.tw/?p=1054

  iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
 https://cloudsummit.ithome.com.tw/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/

 網路封包分析實務  5/16
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3831&from_course_list_url=homepage

 源碼檢測實作  5/23
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3835&from_course_list_url=homepage

 第二十九屆全國資訊安全會議  5/23  ~ 5/24
 https://cisc2019.cs.pu.edu.tw/index.php

 Docker Birthday #5 - Taipei  5/25
 https://www.meetup.com/Docker-Taipei/events/248974949/

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039

 2019國際資訊安全組織台灣高峰會  7/9 ~ 7/11
 https://csa.kktix.cc/events/2019con

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

TDOH Conf 2018 Call for paper

# Underground Hacking——駭客地下城 TDOH Conf 2018  Call for paper


年度主題 —— 駭客地下城(Underground Hacking),舉凡機器學習資訊安全相關技術或研究CTF 競賽經驗社群參與資訊安全相關經驗等各式題材皆歡迎您與我們一同分享;除上述所提及之類型外,其他資訊安全相關題材亦均可自由投稿。

內容須基於資訊安全技術,可以是 Coding 技巧工具使用資安推廣與資安人才培育等等。


7月份資安活動分享

七月份資安活動分享
TDOH-PIPE 南區聚 & 業界職涯分享講座 | 201806   6/30
  https://blog.tdohacker.org/2018/06/tdoh-pipe-201806_17.html

  UCCU 2018 技術交流小聚 6/30
  https://uccu.kktix.cc/events/6796c24d-06332a-10dc19-a9c8d6-4cf8ec-72b47d-c48bc2-d99dad-379bc8-copy-5

  【課程】UI/UX設計到網頁極速製作工作坊,從UX規畫、 UI設計到WordPress架設,一天搞定 6/30
  https://www.techbang.com/posts/58335-wordpress-landing-page?from=flash_message

  科技大擂台2:AI資安攻防戰 6/30
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=226

  TANET 2018-台灣網際網路研討會 暨資訊工程X智慧計算學門成果發表會 CFP 7/1 ~ 8/15
  https://cis.ncu.edu.tw/SeminarSys/activity/TANET2018/home

  交大x教育部x科技業 暑期培訓資訊科技種子師資提升下一代競爭力  7月  8 月
  https://n.yam.com/Article/20180609467130

 107年度新興資安產業生態系推動計畫-資安專業人才培育委外人才培訓-ICS/SCADA資訊安全實務課程  7/2 ~ 7/4
 http://www.cisanet.org.tw/News/activity_more?id=MzM2

  Symantec《網路安全威脅報告》網路研討會 7/4
  https://seminar.ithome.com.tw/live/Symantec20180704/index.html?eDM_1