跳到主要內容

資安事件新聞週報 2019/4/22 ~ 2019/4/26

資安事件新聞週報  2019/4/22  ~  2019/4/26

1.重大弱點漏洞
CVE-2019-3799:spring-cloud-config-server目錄遍歷漏洞警告
https://www.linuxidc.com/Linux/2019-04/158191.htm

jQuery 的“原型污染”安全漏洞
https://www.oschina.net/news/106124/jquery-impacted-by-prototype-pollution-flaw

Symantec 產品多個漏洞
https://www.auscert.org.au/bulletins/79594

Google Android System信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2021

Google Chrome 74 released with Dark Mode support for Windows users
https://www.zdnet.com/article/google-chrome-74-released-with-dark-mode-support-for-windows-users/#ftag=RSSbaffb68

CyberDairy Solutions SQLi
https://www.anquanke.com/vul/id/1576754

D-Link DI-524跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11017

甲骨文 WebLogic 遠端執行程式碼漏洞
https://www.zdnet.com/article/new-oracle-weblogic-zero-day-discovered-in-the-wild/

Oracle MySQL Server拒絕服務漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2634

Oracle WebLogic Deserialization RCE Vulnerability (0day) Alert
http://bit.ly/2vikKch

關於Oracle WebLogic反序列化遠程命令執行漏洞的預警通報
https://news.163.com/19/0425/18/EDKL1D32000189FH.html

New Oracle WebLogic zero-day discovered in the wild
https://www.zdnet.com/article/new-oracle-weblogic-zero-day-discovered-in-the-wild/#ftag=RSSbaffb68

[KnownSec 404 Team] Oracle WebLogic Deserialization RCE Vulnerability (0day) Alert
https://medium.com/@knownseczoomeye/knownsec-404-team-oracle-weblogic-deserialization-rce-vulnerability-0day-alert-90dd9a79ae93

Oracle WebLogic多個安全漏洞預警
http://www.twoeggz.com/news/14304046.html

Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - Directory Traversal
https://www.exploit-db.com/exploits/46728

Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection
https://www.exploit-db.com/exploits/46729

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4
https://www.exploit-db.com/exploits/46722

存在本生就是漏洞!專家曝駭客用IE竊資安新手法
http://bit.ly/2XwLlyt

Drupal釋出新版,修補jQuery與Symfony的跨站腳本攻擊漏洞
https://www.ithome.com.tw/news/130149

每個Outlook用戶都必須採取措施避免重大安全漏洞
https://www.cyclonis.com/zh-tw/steps-outlook-user-take-in-the-wake-security-breach/

微軟4月安全更新與多款防毒軟體相衝
https://www.ithome.com.tw/news/130179

傳微軟悄悄關閉Windows 10中分頁顯示程式的Sets功能
https://www.ithome.com.tw/news/130175

如果你的電腦上有R6、PUBG、49,微軟將不會推送新版更新(1903 19H1-18362.XX)
https://forum.gamer.com.tw/C.php?bsn=60030&snA=521266

Windows 10 1903版遇PC連接USB裝置、SD卡將鎖住無法更新
https://www.ithome.com.tw/news/130203?fbclid=IwAR0MZK7CiL5Uo0M02Z69_mm_9YVSROvbSNO-9iecSZXkkn2D2dtIeiQxvIw

Windows 7中止支援通知已開始釋出
https://www.ithome.com.tw/news/130167

Windows 10's 'Sets' feature is gone and not expected to return
https://www.zdnet.com/article/windows-10s-sets-feature-is-gone-and-not-expected-to-return/#ftag=RSSbaffb68

Hackers Actively Exploiting Widely-Used Social Share Plugin for WordPress
http://bit.ly/2W5UgXo

Vulnerability Spotlight: Symantec Endpoint Protection kernel memory information disclosure vulnerability
https://blog.talosintelligence.com/2019/04/vulnerability-spotlight-symantec.html

研究人員公布可用來竊取機密資訊的高通晶片旁路漏洞
https://www.ithome.com.tw/news/130258

IE瀏覽器的XXE零時差注入漏洞,會讓駭客竊取檔案和系統資訊
https://blog.trendmicro.com.tw/?p=60312

PHP的imap_open函式存在安全漏洞(CVE-2018-19518),允許攻擊者遠端執行任意程式碼,請儘速確認並調整設定
https://www.nccst.nat.gov.tw/VulnerabilityDetail.aspx?lang=zh&seq=1099

VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation
https://www.exploit-db.com/exploits/46747

QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service
https://www.exploit-db.com/exploits/46733

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
推外溢保單 專家建議回饋機制與資安風控並重
https://www.cna.com.tw/news/ahel/201904210112.aspx

利用保險非法集資傳銷!111份監管函揪出人身險漏洞
https://news.sina.com.tw/article/20190421/31012304.html

印度有超過320萬張支付卡資訊流落在外,僅次於美、英
https://www.ithome.com.tw/news/130141

去年黑客入侵活動損失近1.5億元 有智利銀行中招損失8500萬
https://topick.hket.com/article/2332061

資誠:共享數據,保險業與汽車業攜手邁向新紀元
https://m.moneydj.com/f1a.aspx?a=9557f606-40db-45d3-965d-4444b297b498

有葡語系國家擬加入人民幣即時支付結算平台
http://bit.ly/2UuAseM

境界之亂延燒 南山還有苦頭吃
http://bit.ly/2XDUDJ8

台灣洗錢防制措施需與時俱進
https://www.chinatimes.com/newspapers/20190426000267-260202

香港金管局:已要求複雜交易銀行採補救措施
http://bit.ly/2UCnagn

第一銀行 108 年新進人員甄選
http://bit.ly/2UvorWk

兆豐銀行108年新進行員甄選
https://wwwfile.megabank.com.tw/other/bulletin08_1.asp?sno=1030

Singapore looks to prep financial workforce for data analytics, automation era
https://www.zdnet.com/article/singapore-looks-to-prep-financial-workforce-for-data-analytics-automation-era/#ftag=RSSbaffb68

3.電子支付/電子票證/行動支付/ 新聞及資安
第三方支付、電子支付及電子票證 一張表看懂差別
http://bit.ly/2GwHnjD

手機支付或成賊人「提款機」 假電池管理App攻擊PayPal轉錢
https://hk.news.appledaily.com/local/realtime/article/20190423/59516756

假手機App偷錢 個案趨上升 警教4招防
http://bit.ly/2PtpcOU

「毒APP」免費下載 支付帳戶被盜款
http://bit.ly/2Zt4vHt

假Apps暗藏惡意軟件 偷卡資料盜款
http://www.etnet.com.hk/www/tc/lifestyle/internationalaffairs/news/59647

信用卡盜用案去年急增6成 專家揭黑客惡意程式入侵金融App轉走款項
http://bit.ly/2ZvXshh

免費遊戲App 附病毒侵手機 5秒盜款
http://bit.ly/2VjaMpD

警助市民「掃毒」 移除39萬惡意手機Apps
http://bit.ly/2Gs6hjp

街口支付讓未成年開戶不設防 金管會首糾正電支業
https://newtalk.tw/news/view/2019-04-23/236981

日銀行業推Bank Pay電子支付 加盟機構最多將超過1000家
https://news.cnyes.com/news/id/4307579

PayPal電子支付App 4千萬用戶 超大部份美國銀行
http://bit.ly/2UDDqxk

日本進入無現金支付的戰國時代
https://www.chinatimes.com/realtimenews/20190425004797-260408

5.虛擬貨幣/區塊鍊   新聞及資安
Bitcoin.com wallet與Moonpay整合讓歐洲用戶可以使用信用卡購買BCH
https://www.tuoluocaijing.com.tw/kuaixun/detail-59907.html

印度央行發布監理沙盒報告,將支持區塊鏈創新測試
http://news.knowing.asia/news/829832b8-61bb-4e0d-a5ba-9e1e18eec170

日本最大銀行宣布推出自家製加密貨幣Coin
http://bit.ly/2XzeOrM

摩根大通擬擴大區塊鏈技術運用 簡化支付系統
https://udn.com/news/story/6811/3769440

日本:已制定加密貨幣監管提案相關手冊
http://news.knowing.asia/news/0d339928-d9d3-49c9-877b-88f0be2051a8

韓國金融研究院主辦討論會:ICO應該像私募基金一樣監管
http://news.knowing.asia/news/9551374f-25d9-48d4-8593-637f1d10379d

小摩將擴大區塊鏈技術在支付領域中的應用
https://news.cnyes.com/news/id/4307139

區塊鏈的本質是金融?不不不,讓我們從應用面談起
http://news.knowing.asia/news/249b8017-1495-4c11-a914-fe48c0ade1e7

區塊鏈轉賬比傳統方式快388倍 成本低127倍
https://news.sina.com.tw/article/20190423/31041188.html

這個駭客不一樣!靠猜測私鑰,竟成功竊取了4.5萬個ETH
http://news.knowing.asia/news/d96f683d-6b10-46eb-9cb8-a72efa10a1c7

區塊鏈新創網站遭駭 駭客輕鬆盜走以太幣740萬美元
https://happywin000-13.blogspot.com/2019/04/740.html

John McAfee表示:我很快會披露中本聰是誰,找到他太容易
https://www.techbang.com/posts/69643-mcafee-ill-soon-reveal-who-nakamoto-is-and-its-too-easy-for-me-to-find-him

推虛擬幣行動支付 業者邀「比特幣耶穌」合作
http://bit.ly/2ITtqhj

在非洲,加密貨幣支持的轉帳有望翻轉金融業
http://news.knowing.asia/news/71677a13-28a2-4e5e-8488-1557ce5737b4

金融巨頭法國興業銀行在「公有區塊鏈」以太坊上,發行了 1 億歐元的債券幣
https://www.blocktempo.com/societe-generale-subsidiary-issues-100-million-euro-bond-on-ethereum-blockchain

國內財經:金管會拍板!10檔ETN於4/30同步掛牌交易,首波規模22億元
http://bit.ly/2ILmQdM

台灣第一公鏈DEXON 主網正式上線
http://technews.tw/2019/04/25/dexon-online/

DEXON主網正式上線挹注產業資源驅動區塊鏈落地
https://ctee.com.tw/industrynews/78693.html

投資大神也認了!軟銀集團董事長孫正義「高點買入比特幣」虧損40 億台幣
https://news.xfastest.com/others/62014/softbank-founder-masayoshi-son-lost-130-million/

傳三星正在開發自家區塊鏈可能發行「三星幣」
https://ec.ltn.com.tw/article/breakingnews/2770378

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / APT
美國氣象電視台也成勒索軟體受害者,導致節目無法準時開播
https://www.ithome.com.tw/news/130147

金融後門Carbanak原始碼於VirusTotal上存在近兩年而未被發現
https://www.ithome.com.tw/news/130202?fbclid=IwAR30AjXI31wBdLeZ0tyr-ZMMryW2Q2PO6oqs1itvQUWq2W2h4B5S61J0dpA

警惕!利用Confluence最新漏洞傳播的Linux挖礦病毒seasame
https://www.4hou.com/system/17643.html

透過 MDR ( 託管式偵測及回應服務)檢視Ryuk勒索病毒-專攻擊大企業勒索超過60萬美元
https://blog.trendmicro.com.tw/?p=59965

貌似空白的 excel 工作表,開啟前注意三件事,嚴防內嵌AutoHotkey惡意腳本攻擊
https://blog.trendmicro.com.tw/?p=60293

Security researcher MalwareTech pleads guilty
https://www.zdnet.com/article/security-researcher-malwaretech-pleads-guilty/#ftag=RSSbaffb68

PayPal receives patent for ransomware detection technology
https://www.zdnet.com/article/paypal-receives-patent-for-ransomware-detection-technology/#ftag=RSSbaffb68

Leak Exposes OilRig APT Group's Tools
https://www.bankinfosecurity.com/leak-exposes-oilrig-apt-groups-tools-a-12397

Create FUD using NXcrypt – Python Backdoor Framework | Kali Linux 2019.1a
http://bit.ly/2UzeMy2

Source Code for CARBANAK Banking Malware Found On VirusTotal
http://bit.ly/2GAdBJx

FINTEAM: Trojanized TeamViewer Against Government Targets
https://research.checkpoint.com/finteam-trojanized-teamviewer-against-government-targets/

Ramnit Returns to its Banking Roots, Just in Time for Italian Tax Season
https://www.f5.com/labs/articles/threat-intelligence/ramnit-returns-to-its-banking-roots--just-in-time-for-italian-ta

New Malware Campaign Targets Financials, Retailers
https://www.darkreading.com/vulnerabilities---threats/new-malware-campaign-targets-financials-retailers/d/d-id/1334459

Malicious Attacks On Open Source Are Going to Get Worse; Developers Need to Take Notice
http://bit.ly/2VnOfYW

CARBANAK Week Part One: A Rare Occurrence
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html

Source Code for CARBANAK Banking Malware Found On VirusTotal
http://bit.ly/2UxZCZX

Malicious lifestyle apps found on Google Play, 30 million installs recorded
https://www.zdnet.com/article/30-million-android-users-have-installed-malicious-lifestyle-apps/#ftag=RSSbaffb68

Trojanized TeamViewer used in government, embassy attacks across Europe
https://www.zdnet.com/article/trojanized-teamviewer-used-in-government-political-attacks-across-europe/#ftag=RSSbaffb68

FINTEAM: Trojanized TeamViewer Against Government Targets
https://research.checkpoint.com/finteam-trojanized-teamviewer-against-government-targets/

'Silence' Cybercrime Gang Targets Banks in More Regions
https://www.bankinfosecurity.com/silence-cybercrime-gang-targets-banks-in-more-regions-a-12404

Silence Group Playbook
https://www.fortinet.com/blog/threat-research/silence-group-playbook.html

DNSpionage campaign releases new Karkoff malware into the wild
https://www.zdnet.com/article/dnspionage-campaign-releases-new-karkoff-malware-into-the-wild/#ftag=RSSbaffb68

'Karkoff' Is the New 'DNSpionage' With Selective Targeting Strategy
http://bit.ly/2GFsGeo

'ShadowHammer' Spreads Across Online Gaming Supply Chain
https://www.bankinfosecurity.com/shadowhammer-spreads-across-online-gaming-supply-chain-a-12409

'Operation ShadowHammer' Shows Weakness of Supply Chains
https://www.databreachtoday.com/operation-shadowhammer-shows-weakness-supply-chains-a-12251

ShadowHammer: New details
https://www.kaspersky.com/blog/details-shadow-hammer/26597/

Operation ShadowHammer: a high-profile supply chain attack
https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/

Qbot Malware Dropped via Context-Aware Phishing Campaign
https://www.bleepingcomputer.com/news/security/qbot-malware-dropped-via-context-aware-phishing-campaign/

WannaCryptor ‘accidental hero’ pleads guilty to malware charges
https://www.welivesecurity.com/2019/04/23/wannacryptor-accidental-hero-pleads-guilty-malware/

Analysis: Abuse of Custom Actions in Windows Installer MSI to Run Malicious JavaScript, VBScript, and PowerShell Scripts
http://bit.ly/2Uy57Yw

Analyzing C/C++ Runtime Library Code Tampering in Software Supply Chain Attacks
http://bit.ly/2UWmuHm

Medical Format Flaw Can Let Attackers Hide Malware in Medical Images
http://bit.ly/2PsjDQA

The Russian Shadow in Eastern Europe: Gamaredon ‘s Ukrainian MOD Campaign
http://bit.ly/2vmWPII

APT28 and Upcoming Elections: evidence of possible interference
https://blog.yoroi.company/research/apt28-and-upcoming-elections-possible-interference-signals/

Anubis II - malware and afterlife
https://www.threatfabric.com/blogs/anubis_2_malware_and_afterlife.html

THREAT ACTOR TA505 TARGETS FINANCIAL ENTERPRISES USING LOLBINS AND A NEW BACKDOOR MALWARE
https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware

TA505 Group Hides Malware in Legitimate Certificates
https://www.bankinfosecurity.com/ta505-group-hides-malware-in-legitimate-certificates-a-12417

Hackers using Google Sites to spread banking malware   
https://govanguard.io/2019/04/24/hackers-using-google-sites-to-spread-banking-malware/

Top 10 Malware March 2019
https://www.cisecurity.org/blog/top-10-malware-march-2019/

GitHub遭駭客濫用以代管網釣套件
https://www.ithome.com.tw/news/130245

Threat actors abuse GitHub service to host a variety of phishing kits
http://bit.ly/2voFW0k

B.行動安全 / iPhone / Android /穿戴裝置 /App
小心!!黑客集團惡意攻擊 Apple 裝置 【詐騙廣告影響高達 5 億 iOS 用戶!!】
http://bit.ly/2GvReX0

知名熱點搜尋app可能曝露200萬用戶Wi-Fi密碼
https://www.ithome.com.tw/news/130172

這APP被發現Wi-Fi密碼沒加密 你家密碼恐被看光光
https://udn.com/news/story/11017/3775259

Android 平台 19款安全軟體測試結論:官方的 Google Play Protect 常漏抓又愛亂報、最不值得信任
https://www.techbang.com/posts/69606-av-test-anti-virus-test-shows-google-play-protect-let-people-down

App檢測通過名錄
https://mas.org.tw/app_cert_list.php

法國打造政府機關專用傳訊程式Tchap,隔天就被找到漏洞
https://www.ithome.com.tw/news/130136

法國政府專用通訊 app 在及時修補漏洞後已推出測試版本
http://bit.ly/2IRyH95

多支 Android App 內含廣告軟體,大量耗電並用光連線頻寛
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=844

French government releases in-house IM app to replace WhatsApp and Telegram use
https://zd.net/2DqEiQe

Hacker Breaks Into French Government's New Secure Messaging App
http://bit.ly/2W4kWIb

Nokia 9 PureView曝大漏洞:輕鬆攻破屏下指紋
https://www.sohu.com/a/309778022_162522?sec=wd

Nokia 9 PureView 指紋辨識   一條香口膠即可破解
https://www.eprice.com.hk/mobile/talk/4529/212836/1/

Nokia 9 buggy update lets anyone bypass fingerprint scanner with a pack of gum
https://www.zdnet.com/article/nokia-9-buggy-update-lets-anyone-bypass-fingerprint-scanner-with-a-pack-of-gum/#ftag=RSSbaffb68

Security flaw lets attackers recover private keys from Qualcomm chips
https://www.zdnet.com/article/security-flaw-lets-attackers-recover-private-keys-from-qualcomm-chips/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
YouTube的兩處漏洞及用戶勒索詳情披露
http://www.52bug.cn/hkjs/5782.html

醫療物聯網解決方案紛出籠 記錄身體資訊監控健康狀態 穿戴式裝置蒐集個資 生理資訊須確保合規適法
https://www.netadmin.com.tw/article_content.aspx?sn=1904110002

零信任網路下的資安防禦
http://bit.ly/2ILSbvS

遭 ShadowHammer 供應鏈攻擊的企業,不只華碩一家
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=843

企業雲端化之後 面對資訊安全的正確思維
http://bit.ly/2DzsKtY

提早安排準備並掌握判別事故 封鎖排除復原完成回應 資安事故前後完整對策 準備預防/處理善後都要
https://www.netadmin.com.tw/article_content.aspx?sn=1904100001

網路資安觀念看這篇 諾頓分享民眾網路安全看法調查結果
http://bit.ly/2IFSGsh

微軟正在評估是否要廢除 Windows 更改密碼政策
https://www.inside.com.tw/article/16206-windows-assess-password-changing

SecBuzzer是你的好幫手!April 2019 暗網情資整理
https://secbuzzer.co/

日本海事協會發表船舶網路資安管理系統
http://bit.ly/2UPOr3D

Google家居攝影機 遭駭客入侵
https://money.udn.com/money/story/5648/3776744

CIS Controls V7針對網路攻擊的防禦,提供一套處理動作的建議
https://www.ithome.com.tw/article/129576

NIST CSF 1.1:英美各國政府和一般企業都相繼採用的網路安全框架
https://www.ithome.com.tw/article/129614

HITCON Community 2019 徵稿公告
https://blog.hitcon.org/2019/04/hitcon-2019-cmt-cfp.html?m=0

HITCON率先取得八月DEF CO CTF奪冠資格,期待臺灣有第二隊一起入圍
https://www.ithome.com.tw/news/130112

資安英雄也曾是駭客,成功攔阻WannaCry的研究人員坦承打造及散布金融木馬
https://www.ithome.com.tw/news/130176

資安英雄淪駭客變狗熊
https://news.pchome.com.tw/internation/gpwb/20190420/index-55577174053699201011.html

擋WannaCry英資安英雄 對美駭客罪名認罪
https://money.udn.com/money/story/5599/3766636

擋病毒蔓延英雄 駭銀行系統對美認罪
https://www.ntdtv.com/b5/2019/04/20/a102560646.html

因擋下WannaCry病毒聞名,英國資安英雄Marcus Hutchins認罪曾開發木馬軟體攻擊銀行帳戶
https://www.techbang.com/posts/69571-has-blocked-the-wannacry-virus-british-security-hero-to-identify-hackers

批穆勒報告 川普律師:採納俄羅斯資訊沒錯
https://www.cna.com.tw/news/aopl/201904220024.aspx

民主黨倡誠信選戰「不用駭客黑料」 川普陣營拒承諾
https://udn.com/news/story/6813/3778720?from=udn-ch1_breaknews-1-cate5-news

CIA調查報告 稱華為接受中共資金挹注
https://www.ydn.com.tw/News/333055

CIA稱華為從中國解放軍獲取資金 外媒卻曝美方針對主因
http://bit.ly/2UT08Xt

美國曾向盟友透露華為接受中國官方金援
https://www.ithome.com.tw/news/130159

華為5G東南亞國家用定了!美國「王牌」恐也挽不回
https://ec.ltn.com.tw/article/breakingnews/2764929

歐洲首家 荷蘭最大電信商拒用華為5G設備
https://www.rti.org.tw/news/view/id/2018879

荷蘭最大電信KPN:5G核心網絡禁用華為
http://www.epochtimes.com/b5/19/4/26/n11215182.htm

不甩美國 英將有限度開放華為5G
https://ec.ltn.com.tw/article/breakingnews/2768627

英國有限開放華為5G? 資安首長:廠商國籍為次要考量
https://ec.ltn.com.tw/article/breakingnews/2769515

沒在怕?英國點頭,採用華為架設 5G「非核心」基礎建設
https://www.inside.com.tw/article/16188-uk-permit-huawei-equipment

美稱五眼聯盟將禁止華為參與敏感網路 對英國發警告
http://news.dwnews.com/global/big5/news/2019-04-24/60130782.html

中共在美間諜活動五花八門 美國強力反制
http://www.epochtimes.com/b5/19/4/23/n11207835.htm

中國滲透又一樁!傳台國防科技公司 遭中資收購億元股票
https://www.setn.com/News.aspx?NewsID=530337

美司法部官員轟《中國製造2025》是「盜竊路線圖」
https://newtalk.tw/news/view/2019-04-25/237927

中共「數位三戰」影響我大選 學者憂:結合武嚇製造恐慌
https://tw.news.appledaily.com/politics/realtime/20190423/1554845/

美媒曝中共如何鑽規管漏洞 使用美製衛星
http://www.epochtimes.com/b5/19/4/23/n11208516.htm

當高科技遭到誤用!美製衛星成中國加強鎮壓抗議活動工具
https://www.cmmedia.com.tw/home/articles/15280

恐怖攻擊讓斯里蘭卡緊急封鎖境內社交平台
https://www.ithome.com.tw/news/130146

印尼網軍撕裂2.7億人民 :「你看見的『民意』,只是我們在對戲」
https://www.twreporter.org/a/cyberwarfare-units-disinformation-fake-news-indonesia

歐洲議會通過92億歐元的科技預算,將用來研發超級電腦、AI及網路安全
https://www.ithome.com.tw/news/130223

他破解伊朗核電駭客、最早預告網路戰爭 被川普封殺的防毒狂人 卡巴斯基CEO專訪
http://photo.udn.com/money/story/5648/3776740

美國網絡安全官員:中國市場連帶風險 企業需權衡利益
https://www.voacantonese.com/a/canotnese-xcq-dhs-china-cyberattacks-20190425-ry/4891054.html

法律爭議及成本問題,傳NSA建議美政府終止電話監聽
https://www.ithome.com.tw/news/130250

斯國恐襲「八魔」 家境學歷俱佳  情報機關高層傳扣起消息 總統誓言整頓
https://www1.hkej.com/dailynews/article/id/2118745/

國際特赦香港分會 遭與中國有關的駭客攻擊
http://bit.ly/2DxUn6F

國際特赦組織:香港分會遭「國家級」駭客攻擊監控
https://newtalk.tw/news/view/2019-04-25/238337

Mueller Report: With Russian Hacking Laid Bare, What Next
https://www.bankinfosecurity.com/mueller-report-russian-hacking-laid-bare-what-next-a-12396

Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware
http://usawebreviews.com/marcus-malwaretech-hutchins-pleads-guilty-to-writing-selling-banking-malware/

Not So 'Smart' - Child Tech Has Hackable Flaws
https://www.bankinfosecurity.com/interviews/so-smart-child-tech-has-hackable-flaws-i-4296

ASD Essential Eight cybersecurity controls not essential: Canberra
https://www.zdnet.com/article/asd-essential-eight-cybersecurity-controls-not-essential-canberra/#ftag=RSSbaffb68

Another dark web marketplace bites the dust --Wall Street Market
https://www.zdnet.com/article/another-dark-web-marketplace-bites-the-dust-wall-street-market/#ftag=RSSbaffb68

Take a stand for consumer privacy: The anti-surveillance economy
https://www.zdnet.com/article/take-a-stand-for-consumer-privacy-the-anti-surveillance-economy/#ftag=RSSbaffb68

Advancing Security Operations With Managed Detection and Response
https://www.bankinfosecurity.com/advancing-security-operations-managed-detection-response-a-12410

Embracing creativity to improve cyber-readiness
https://www.welivesecurity.com/2019/04/18/embracing-creativity-cyber-readiness/

Congress Asks Google 10 Questions On Its Location Tracking Database
https://thehackernews.com/2019/04/google-location-database.html

Google Chrome tip: Block annoying web notifications
https://www.zdnet.com/article/google-chrome-tip-block-annoying-notifications/#ftag=RSSbaffb68

Wipro Attack: The Latest Developments
https://www.bankinfosecurity.asia/wipro-attack-latest-developments-a-12413

Intelligence Agencies Seek Fast Cyber Threat Dissemination
https://www.bankinfosecurity.co.uk/intelligence-agencies-seek-fast-cyber-threat-dissemination-a-12415

資安工程師
https://www.104.com.tw/jb/104i/job/view?j=6ksyo

資訊安全工程師
https://www.104.com.tw/jb/104i/job/view?j=6kro8

資訊安全主管
https://www.104.com.tw/jb/104i/job/view?j=6krom

資訊中心網路組徵行政助理(職務代理人)
https://webapp.yuntech.edu.tw/YunTechSSO/IdssBulletin/Detail?formId=0000000001170980

資訊安全分析師
https://www.104.com.tw/job/?jobno=6lb43

數聯資安正職人力需求
https://ece.ntust.edu.tw/files/14-1031-73164,r3-1.php?Lang=zh-tw

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
網紅為共軍野戰食物帶進豬瘟炒翻天 是誰在散布恐懼
https://health.udn.com/health/story/5999/3766619

網路報稅詐騙愈來愈多 掌握安全報稅6招求自保
https://news.cnyes.com/news/id/4306888

5月報稅季提高警覺 慎防網路釣魚 專家2張圖教你辨別
http://bit.ly/2Vg26k7

「讀冊生活」網購兩本書 女研究生整年生活費被騙光
https://news.ltn.com.tw/news/society/breakingnews/2765934

購書網「讀冊生活」個資外洩! 女研究生買書遭詐17萬
https://www.ettoday.net/news/20190421/1427393.htm

客疑被盜用信用卡 揭SoZmart泄資料未通報
http://bit.ly/2DshL5B

購物網站被黑客入侵 數十人信用卡被盜用
http://bit.ly/2IR28YO

警方提示:警惕「掃二維碼送禮」騙局
https://news.sina.com.tw/article/20190421/31012880.html

歐買尬(3687)旗下綠界科技遭惡意抹黑,盼司法介入調查
http://bit.ly/2GDDQ3i

綠界遭惡意造假檢舉 公司:已報請司法機關調查
https://tw.news.appledaily.com/new/realtime/20190424/1555732/

子公司疑捲入詐騙 歐買尬出面澄清
https://udn.com/news/story/7254/3774204

地址在台北市愛國南路七號?衛福部表示「中華民國人口福利部」年金繳費通知是詐騙
http://bit.ly/2KSeD9f

「網路購物訂單錯誤」詐騙老梗 修理機車師傅險中招
https://www.ettoday.net/news/20190422/1427608.htm

墨西哥大使館近5000份公民護照等文件遭駭客公佈於網路上
https://www.ithome.com.tw/news/130137

防堵網路釣魚攻擊,Google六月起將封鎖來自瀏覽器框架嵌入式的登入請求
https://www.ithome.com.tw/news/130097

健保卡遭冒用?正牌警阻詐
https://www.chinatimes.com/realtimenews/20190422002519-260402?chdtv

內地犯罪黨詐騙貴利集團 司警共拘12人
http://bit.ly/2IGTCwD

存50元取50萬 遊民騙貸網銀1.5億
https://udn.com/news/story/7332/3772114

B站回應工程代碼被泄露:不影響網站及用戶數據安全
https://news.sina.com.tw/article/20190422/31030684.html

提升網路隱私安全 建議設定密碼不使用連續數字
https://news.ltn.com.tw/news/world/breakingnews/2768303

別再用了!最不安全密碼 「123456」又蟬聯冠軍
http://bit.ly/2XKLsH1

你的網路密碼有多容易被破解
http://bit.ly/2VmhcEJ

假契約詐貸4銀行4.8億元 主嫌李榮華等10人遭起訴
https://udn.com/news/story/7315/3773774?from=udn-catelistnews_ch2

信用卡公司資料暗中與商家共享 科技逐步侵蝕顧客隱私 市民投訴無門徒嘆奈何
http://www.mingpaocanada.com/Tor/htm/News/20190423/tac1_r.htm

借貸請慎選  小心借款不成  反為詐嫌共犯
https://times.hinet.net/news/22336633

資安沒保障? 日企去年恐外洩268萬筆個資
https://ec.ltn.com.tw/article/breakingnews/2769006

【「想看電影嗎?」詐騙粉專也搭上《復仇者聯盟 4》熱潮】
https://blog.trendmicro.com.tw/?p=60395

FBI:去年網路犯罪投訴前三名為交易詐騙、勒索及個資外洩
https://www.ithome.com.tw/news/130225?fbclid=IwAR0bCqbi7A74qDUB_-cK9p7MfgwplIPx_cL80kwYZ6_smCDARpYEtBfFt5w

老司機暴動啦!18歲女優音梓遭駭客鎖定 無碼片傳外流
https://www.setn.com/E/news.aspx?newsid=532506

新型 BEC 變臉詐騙手法,竄改薪資自動轉帳路徑
https://blog.trendmicro.com.tw/?p=60424

藝人小禎怒斥「一定很難穿」!遭詐騙集團盜圖代言假貨
https://blog.trendmicro.com.tw/?p=60402

網路安全報稅五要訣 個人資料不外漏 惡意詐騙永Say NO
https://blog.trendmicro.com.tw/?p=60378

London Blue(倫敦藍)詐騙集團針對亞洲發動新的BEC郵件詐騙攻擊
https://blog.trendmicro.com.tw/?p=60310

Mozilla發布美國消費者隱私法案指南
https://www.nccst.nat.gov.tw/NewsRSSDetail.aspx?lang=zh&RSSType=news&seq=16233

Facebook asked to clamp down on cops creating fake accounts
https://www.zdnet.com/article/facebook-asked-to-clamp-down-on-cops-creating-fake-accounts/#ftag=RSSbaffb68

What Led to a $4.7 Million Breach Lawsuit Settlement
https://www.bankinfosecurity.com/what-led-to-47-million-breach-lawsuit-settlement-a-12401

Facebook Password, Email Contact Mishandling Worsens
https://www.bankinfosecurity.com/facebook-password-email-contact-mishandling-worsens-a-12395

Defending Against Authorised Push Payment Fraud
https://www.bankinfosecurity.eu/interviews/defending-against-authorised-push-payment-fraud-i-4299

Bodybuilding.com discloses security breach
https://www.zdnet.com/article/bodybuilding-com-discloses-security-breach/#ftag=RSSbaffb68

Facial recognition creeps up on a JetBlue passenger and she hates it
https://www.zdnet.com/article/facial-recognition-creeps-up-on-a-jetblue-passenger-and-she-hates-it/#ftag=RSSbaffb68

The FBI's RAT: Blocking Fraudulent Wire Transfers
https://www.bankinfosecurity.com/blogs/fbis-rat-blocking-fraudulent-wire-transfers-p-2740

FBI: US companies lost $1.3 billion in 2018 due to BEC scams
https://www.zdnet.com/article/fbi-us-companies-lost-1-3-billion-in-2018-due-to-bec-scams/#ftag=RSSbaffb68

Google Sensorvault Database Draws Congressional Scrutiny
https://www.bankinfosecurity.co.uk/google-sensorvault-database-draws-congressional-scrutiny-a-12411

提防 變臉詐騙 電郵 London Blue 轉攻亞洲企業
http://bit.ly/2UzxSnO

London Blue Group Using Evolving BEC Techniques in Attacks
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/london-blue-group-using-evolving-bec-techniques-in-their-attacks

Cyber News Rundown: Phishing Attack on Global IT Outsourcer
https://www.webroot.com/blog/2019/04/19/cyber-news-rundown-phishing-attack-on-global-it-outsourcer/

FTC gives two companies a slap on the wrist after appalling hacks
https://www.zdnet.com/article/ftc-gives-two-companies-a-slap-on-the-wrist-after-appalling-hacks/#ftag=RSSbaffb68

E.研究報告
挖洞經驗| 一次INSERT查詢的無逗號SQL注入漏洞構造利用($ 10,000)
https://www.freebuf.com/vuls/200201.html

Drupal 1-click to RCE 分析
https://paper.seebug.org/897/

WebLogic遠程Blind XXE高危漏洞啟明星辰提供解決方案
https://www.venustech.com.cn/article/1/8809.html

「SSH香港企業網絡保安準備指數」調查2019完整報告
https://www.hkcert.org/c/document_library/get_file?uuid=3a338b0d-0e02-45ec-ad9d-f3234854d229&groupId=16

CVE-2019-0232:Apache Tomcat RCE漏洞分析
https://xz.aliyun.com/t/4875

攻擊者是如何利用SSRF漏洞讀取本地文件並濫用AWS元數據的
https://www.4hou.com/vulnerable/17543.html

我是如何在ModSecurity的核心規則集中找到ReDOS漏洞的
https://nosec.org/home/detail/2508.html

jQuery修復威脅數億網站的原型污染漏洞,內含PoC代碼
https://zhuanlan.zhihu.com/p/63402363

CVE-2018-18500:利用火狐的堆漏洞進行攻擊
https://xz.aliyun.com/t/4888

Oracle數據庫服務器'TNS Listener'遠程數據投毒漏洞
http://blog.itpub.net/25469263/viewspace-2642451/

Web 安全漏洞SSRF 簡介及解決方案
https://cloud.tencent.com/developer/article/1418078

外國騙子裝成中國黑客製造假0day漏洞視頻,騙完錢後刪號走人
https://www.freebuf.com/column/201875.html

挖洞經驗| 利用CSRF漏洞劫持的Youtube用戶的通知消息
https://www.freebuf.com/vuls/200711.html

目標URL存在跨站漏洞和目標URL存在http host頭攻擊漏洞處理方案
https://www.itread01.com/content/1556205953.html

如何打造自己的PoC框架-Pocsuite3-使用篇
https://paper.seebug.org/904/

【ZoomEye專題報告】DDoS 反射放大攻擊全球探測分析
https://paper.seebug.org/898/

Weblogic CVE-2019-2647等相關XXE漏洞分析
https://paper.seebug.org/900/

2018年我國互聯網網絡安全態勢報告
https://paper.seebug.org/894/

Vulhub一鍵搭建漏洞測試靶場初體驗
http://bit.ly/2vlIIDt

個案分析-電腦教室主機群體感染惡意程式攻擊事件分析報告_10804
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019042501043232566847961761843.pdf

android-restriction-bypass
https://github.com/quarkslab/android-restriction-bypass/blob/master/report.pdf?fbclid=IwAR3GExQ92wfmWCAp2lZCKWECEd6MpXl0jpYpcNpENXQK-WEBjvRNLSGr50c

One-liner Safari sandbox escape exploit
https://medium.com/0xcc/one-liner-safari-sandbox-escape-exploit-91082ddbe6ef?fbclid=IwAR2b4iZPdz_Q-QVsaB_SO75yUUDZLLhhWWlonfujyrpXNCLMp3fLhL3_D6o

RhinoSecurityLabs/CVEs
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-0227?fbclid=IwAR30S5-UZF8u_eDNZUIcuZMlTXDEQZU-7gZJtSJ7Lz-PR5fkuOhfQ9N7FYQ

My Personal OSINT Techniques, Part 1 of 2: Key & Layer, Contingency Seeding
https://0x00sec.org/t/my-personal-osint-techniques-part-1-of-2-key-layer-contingency-seeding/13033?fbclid=IwAR1wR8YRP9vCcZgEIMUDL8twr0dzCbdwug6Cbs1vbZXoIIYb_MwUy3W9NmY

Raspberry Jam Guidebook
https://www.raspberrypi.org/jam/guidebook/?fbclid=IwAR0FG-kVynn6wCF2-4gWIK5zjMpExUq0EaHDIz7ox9ETnaU2KZdZqERj3j4

spatie/laravel-honeypot
https://github.com/spatie/laravel-honeypot?fbclid=IwAR1kFayMEYj_ke91zbPZ87MScfZyzLhd0k-ijYvYowVKHfKOVg0nnk99A2M

Cloud Security Summit - Taiwan :: Presentations
https://www.paloaltonetworks.com/resources/presentations/cloud-security-summit-taiwan-presentations

Backdooring any android application (.apk file) for fun and profit
https://exploitstube.com/backdooring-any-android-application-apk-file-for-fun-and-profit.html?fbclid=IwAR3BHH1Eu4C0R_8mN0OkFmT9pgYYOrjP1-zMI4IXHDl6NwEezAiLUD56S8U

USB Drop Attacks: The Danger of “Lost And Found” Thumb Drives
https://www.redteamsecure.com/usb-drop-attacks-the-danger-of-lost-and-found-thumb-drives/?fbclid=IwAR2puc_JYR7vZr517M5rRmXfCkzZh_OWwuxRzLv9L0rdNzi4J4gZP6mBhTY

FLASHMINGO: The FireEye Open Source Automatic Analysis Tool for Flash
https://www.fireeye.com/blog/threat-research/2019/04/flashmingo-open-source-automatic-analysis-tool-for-flash.html

How to create your own USB stealer
https://www.hackeroyale.com/usb-stealer/?fbclid=IwAR2mH_v1B-fk8yweiVozgxzOL9w9iOnrnih4UpYt029OdYDPxPPOVIonK5o

pe3zx/huawei-block-list
https://github.com/pe3zx/huawei-block-list?fbclid=IwAR208iWSt5R6HFDFjrOxw2ZvE3rWjmGzw7YPaxenpZItDa9ZcIPhsjZTq10

CRACK WINDOWS PASSWORD WITH JOHN THE RIPPER
https://www.securitynewspaper.com/2018/11/27/crack-windows-password-with-john-the-ripper/?fbclid=IwAR0XOjI8KeIJUFZ3A4ea3ElT2_9QYRRn6uef8c6JZa1foUgFjLOOwpxjWYs

How to quickly and securely wipe your data off almost any device
https://www.zdnet.com/pictures/how-to-quickly-and-securely-wipe-your-data-off-almost-any-device/#ftag=RSSbaffb68

Finding Weaknesses Before the Attackers Do
https://www.fireeye.com/blog/threat-research/2019/04/finding-weaknesses-before-the-attackers-do.html

fireELF: opensource fileless linux malware framework
https://securityonline.info/fireelf/

ivRodriguezCA/RE-iOS-Apps
https://github.com/ivRodriguezCA/RE-iOS-Apps?fbclid=IwAR19f9Rc9GecvpfXuM_gIh1w9JErWHJahY2ajUzRK0h8gjAjH9uqzuYlJg4

Fuzzing the MSXML6 library with WinAFL
https://movaxbx.ru/2019/04/09/fuzzing-the-msxml6-library-with-winafl/?fbclid=IwAR1GDx2BnZo3X5yKzNmdIeY9iOESZrdSbiRO-OUyPt3_dR8al32EjdcTXhk

AM vs FM: The battle brewing in lidar technology
https://www.zdnet.com/article/am-vs-fm-the-battle-brewing-in-lidar-technology/#ftag=RSSbaffb68

How to Crack Online Passwords with Tamper Data & THC Hydra
https://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-online-passwords-with-tamper-data-thc-hydra-0155374/

Writing a Password Protected Reverse Shell (Linux/x64)
http://bit.ly/2Vif014

Logging Made Easy
https://github.com/ukncsc/lme?fbclid=IwAR3OOFnZckhEE6ZBCrsfsk8Ed9h0WdE_HsocG6AEXdsX1__IfinM2xcQBd4

logzero: Python logging made easy
https://logzero.readthedocs.io/en/latest/

How to enable Google Chrome Incognito Mode detection blocking
https://www.zdnet.com/article/how-to-enable-google-chrome-incognito-mode-detection-blocking/#ftag=RSSbaffb68

Paper: Alternative communication channel over NTP
https://www.virusbulletin.com/blog/2019/04/paper-alternative-communication-channel-over-ntp/

Uncovering CVE-2019-0232: A Remote Code Execution Vulnerability in Apache Tomcat
http://bit.ly/2UCfqLl

Zero-day XML External Entity (XXE) Injection Vulnerability in Internet Explorer Can Let Attackers Steal Files, System Info
http://bit.ly/2GvziKP

F.商業
Ubuntu 19.04出爐!使用最新GNOME 3.32還支援豐富程式開發工具
https://www.ithome.com.tw/news/130107

Mozilla更名物聯網平臺專案為WebThings,新版閘道器提供日誌紀錄功能
https://www.ithome.com.tw/news/130096

GCP一站式資安管理平臺Cloud SCC正式上線
https://www.ithome.com.tw/news/130110

芬-安全F-Secure Total跨平台全方位安全軟體,透過虛擬位置技術防止被追蹤
http://bit.ly/2ve5Io6

微軟買下即時作業系統開發商Express Logic
https://www.ithome.com.tw/news/130118

微軟正開發沒有迴圈的程式語言Bosque
https://www.ithome.com.tw/news/130153

Microsoft releases version 2.0 of its PWA Builder tool
https://www.zdnet.com/article/microsoft-releases-version-2-0-of-its-pwa-builder-tool/#ftag=RSSbaffb68

Microsoft starts rolling out Google G Suite to Office 365 migration tools
https://www.zdnet.com/article/microsoft-starts-rolling-out-google-g-suite-to-office-365-migration-tools/#ftag=RSSbaffb68

Kaspersky CEO: Open your source codes to win governments' trust
https://www.zdnet.com/article/kaspersky-ceo-open-your-source-codes-to-win-governments-trust/#ftag=RSSbaffb68

G.政府
政院拍板:各機關不得購危害資安產品 「非限制民間消費」
https://www.ettoday.net/news/20190419/1426245.htm

資通產品禁用原則出爐 政院:無關民眾消費
https://udn.com/news/story/6656/3766452

行政院發布「危害國家資安產品限制原則」,將不僅限於中國商品
https://www.thenewslens.com/article/117602

行政院說明禁止公務機關採購危害資安的資通產品
https://udn.com/news/story/6656/3765763

防資安外洩 政院拍版:各機關不得購危害資安產品
https://news.pchome.com.tw/living/nownews/20190419/index-55565812971528207009.html

行政院說明危害國家資安產品限制
https://news.sina.com.tw/article/20190419/31001474.html

禁用中國製資安產品 科學園區廠商的伺服器、網路攝影機也在規範範疇
http://bit.ly/2PifwGK

政院拍板資通產品禁購原則 7月公布管制清單
http://www.ntdtv.com.tw/b5/20190419/video/244072.html

政院公布資通產品禁購原則 避中國、陸資字眼
https://news.pts.org.tw/article/429396

資安產品黑名單 下季公布
https://money.udn.com/money/story/5648/3766431

3個月內提資安黑名單 政院封殺陸資3C 包山包海
https://www.chinatimes.com/newspapers/20190420000459-260102?chdtv

業者:建立國家資安政策
https://ec.ltn.com.tw/article/paper/1282834

禁中國資通產品 政院通令盤點清單
https://ec.ltn.com.tw/article/paper/1282832

中興、聯想、海康威視 可能列黑名單
https://ec.ltn.com.tw/article/paper/1282833

8大關鍵基礎設施資通納管範圍 政院將訂指定原則
https://news.ltn.com.tw/news/politics/breakingnews/2765268

禁中國資通產品》陳其邁:縣市不配合可處罰
https://ec.ltn.com.tw/article/paper/1283048

潘翰聲、陳家宏:開放源碼 讓大家救台鐵訂票系統
https://tw.news.appledaily.com/new/realtime/20190420/1553567/

金管會對行動支付業務鬆綁 列6大重點
https://www.tdcpress.com/Article/Index/1907

有關議員質詢智慧支付平台,台北市政府資訊局回應
http://bit.ly/2VZxTms

有關議員質詢市府使用中國品牌資通訊產品一事,資訊局回應
http://bit.ly/2W0uSCf

資安新法正式上路4個月,醫院如何落實醫療資安
https://www.ithome.com.tw/news/130157

因應中國訊息戰 國安局設平台反假新聞
http://bit.ly/2ViukL5

唐鳳華府行 就大選資安與美方交換意見
https://taronews.tw/2019/04/24/319741/

陸對台軍事威脅?唐鳳這麼看
https://www.chinatimes.com/realtimenews/20190424001693-260410?chdtv

唐鳳華府行 酸大陸用網路監控大眾
https://udn.com/news/story/6656/3773971

美喬治華盛頓大學演講 唐鳳:北京對台軍事威脅顯示缺乏自信
https://m.ltn.com.tw/news/politics/breakingnews/2768860

我國保險業引進「公司治理人員」 6月底全面適用
https://ec.ltn.com.tw/article/breakingnews/2768441

金管會開放了!海外趴趴走 電子支付在國外也能嗶
https://ec.ltn.com.tw/article/breakingnews/2768432

電支法規鬆綁下一步 顧立雄:打破電支電票界線
http://bit.ly/2vkVnH2

街口、LINE Pay海外也通 顧立雄下一步推電票電支整合
https://www.chinatimes.com/realtimenews/20190424001564-260410?chdtv

金檢曝六大缺失 26日約談國銀老總
https://www.chinatimes.com/newspapers/20190425000227-260202?chdtv

邀產官學界與會 調查局明舉辦區塊鍊保護數位證據研討會
https://udn.com/news/story/7314/3774724

數位證據怎麼保護 調查局明公布
https://www.chinatimes.com/realtimenews/20190424003515-260402?chdtv

盧秀燕促保護個資 活化運用
http://bit.ly/2GxKpTz

照顧勞工專責勞檢 台南市將成立資安健康處
https://udn.com/news/story/7326/3776994

2019 報稅網站:開放報稅資料下載
https://applealmond.com/posts/51645

打造國家級資安服務 關貿網路與調查局進行聯防合作
https://ec.ltn.com.tw/article/breakingnews/2771057

108年政府組態基準GCB說明文件(預告版)已發布於GCB專區,並進行意見徵詢作業
https://www.nccst.nat.gov.tw/NewInfoDetail.aspx?lang=zh&seq=1524

108年第1次政府資通安全防護巡迴研討會ー開放報名
https://www.nccst.nat.gov.tw/NewInfoDetail.aspx?lang=zh&seq=1523

H.SCADA/ICS/工控系統
是德科技Ixia部門發佈2019年安全報告 未修補漏洞影響大
http://bit.ly/2ZtGEay

強化資安體質 製造業積極轉進工業4.0時代
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=110&id=0000556449_kqt356z15v5w128c9eqbo

motorola -- cx2_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11319
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11320
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11322

siemens -- simatic_s7-1500_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16558
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16559
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6575

siemens -- simatic_s7-300_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16561

siemens -- spectrum_power_4   
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6579

I.教育訓練
4/25 Log分析入門、架構、與戰情分析
http://bit.ly/2Gyq6FL

【FreeBuf字幕組】Web安全漏洞系列:不安全的直接物件引用漏洞IDOR
https://www.itread01.com/hkllcqi.html

Learn Ethical Hacking With 180 Hours of Training — 2019 Online Course
http://bit.ly/2KZYXRt

HACKS LAND Ethical Hacker's Playground
https://hacksland.net/

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
Eclipse基金會IoT開發者大調查:安全性仍是開發者最關注議題
https://www.ithome.com.tw/news/130113

鼓勵創新更要作好資安把關 新加坡網路安全聯盟管控物聯網風險
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=50&id=0000557815_zl57soec2n1s2z4p3fdge

IoT 0 day漏洞啟示
https://www.itread01.com/hklyyef.html

針對物聯網及5G的電信犯罪
https://blog.trendmicro.com.tw/?p=60140

不怕多繞路!計程車、電信合作智慧車聯網
http://bit.ly/2UCxa92

VXRL 專家實戰示範 輕鬆攻擊 IoT 產品漏洞
http://bit.ly/2IGjfxm

北市教育局與台大簽AI人工智慧教育MOU 2高中將開AI學程
https://www.chinatimes.com/realtimenews/20190425003309-260405?chdtv

Microsoft is readying AI-powered Azure digital inking services
https://www.zdnet.com/article/microsoft-is-readying-ai-powered-azure-ink-services/#ftag=RSSbaffb68

Microsoft to join MLflow project, add native support to Azure Machine Learning
https://www.zdnet.com/article/microsoft-to-join-mlflow-project-add-native-support-to-azure-machine-learning/#ftag=RSSbaffb68

Docker, Arm partner to streamline development for cloud, edge and IoT
https://www.zdnet.com/article/docker-arm-partner-to-streamline-development-for-cloud-edge-and-iot/#ftag=RSSbaffb68

6.近期資安活動及研討會
Gartner分析師交流會:Magic Quadrant資安報告幕後大公開  4/29
https://www.acw.org.tw/News/Detail.aspx?id=67

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/1904170343547477698390

 HackingThursday 固定聚會 5/9
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbmb/

 資安健診  5/9
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3827&from_course_list_url=homepage

 國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
 https://hackercollege.nctu.edu.tw/?p=1054

 AIS3 2019 新型態資安暑期課程 報名107 年 5 月 14 日上午 10 點至 107 年 5 月 27 日下午 6 點
 https://ais3.org/

  iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
 https://cloudsummit.ithome.com.tw/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/

 「SQL Server 2008 EOS」研討會 5/15
 https://cosa.kktix.cc/events/bb128a58

 HackingThursday 固定聚會  5/16
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbvb/

 網路封包分析實務  5/16
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3831&from_course_list_url=homepage

 DevDays Asia 2019 @Taipei 亞太技術年會  2019/5/21-2019/5/23 | 9:00 AM - 5:00 PM
 https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x6811311abcd

 HackingThursday 固定聚會 5/23
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbfc/

 源碼檢測實作  5/23
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3835&from_course_list_url=homepage

 第二十九屆全國資訊安全會議  5/23  ~ 5/24
 https://cisc2019.cs.pu.edu.tw/index.php

 Docker Birthday #5 - Taipei  5/25
 https://www.meetup.com/Docker-Taipei/events/248974949/

 OWASP TechDay Taiwan 2019  2019/05/28
 https://csa.kktix.cc/events/owasp0528

 HackingThursday 固定聚會 5/30
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbnc/

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 HackingThursday 固定聚會 6/6
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbjb/

 HackingThursday 固定聚會  6/13
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbrb/

 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 HackingThursday 固定聚會 6/20
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbbc/

 HackingThursday 固定聚會 6/27
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/

 HackingThursday 固定聚會 7/4
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/

 2019國際資訊安全組織台灣高峰會  7/9 ~ 7/11
 https://csa.kktix.cc/events/2019con

 HackingThursday 固定聚會 7/11
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/

 HackingThursday 固定聚會 7/18
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/

 HackingThursday 固定聚會 7/25
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com


留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…

6月份資安、社群活動分享

6月份資安、社群活動分享

 學生資安新手村 相關活動整理  淡江大學場  工作坊  6/1(六) 10:00 - 16:00
 https://forms.gle/aBgGfLUYcvJh7hzk9

 學生資安新手村 相關活動整理  高雄科技大學場 06/02(日) 08:30~18:00
 https://nkust-itc.kktix.cc/events/security-beginner-workshop

 資安新手村-網站照妖鏡 SITCON x NKUST_CSIE & ITC  6/2
 https://nkust-itc.kktix.cc/events/security-beginner-workshop

 PyTorch Tainan x CCNS 聚會 #23  6/2
 https://pytorch-tainan.kktix.cc/events/2019-06-02-m23?fbclid=IwAR1s_n_piEyMN0e8NMHk-jjP97-1mjqI-favSKBAdxAglQ3j1aN17_fMmbk

 【課程】Raspberry Pi 相機 x OpenCV 進階應用:攝影拍照、人臉偵測、影像處理與實作 6/2
 https://www.techbang.com/posts/69830-course-raspberry-pi-camera-x-opencv-photo-photography-face-detection-image-processing-and-application

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 TW BECKS No.2 6/3
 https://becks.kktix.cc/events/20190603

 軟體安全性測試實務 6/3 ~ 6/4
 https://www.accupass.com/event/1904230701335964656400