資安事件新聞週報 2019/4/22 ~ 2019/4/26
1.重大弱點漏洞
CVE-2019-3799:spring-cloud-config-server目錄遍歷漏洞警告
https://www.linuxidc.com/Linux/2019-04/158191.htm
jQuery 的“原型污染”安全漏洞
https://www.oschina.net/news/106124/jquery-impacted-by-prototype-pollution-flaw
Symantec 產品多個漏洞
https://www.auscert.org.au/bulletins/79594
Google Android System信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2021
Google Chrome 74 released with Dark Mode support for Windows users
https://www.zdnet.com/article/google-chrome-74-released-with-dark-mode-support-for-windows-users/#ftag=RSSbaffb68
CyberDairy Solutions SQLi
https://www.anquanke.com/vul/id/1576754
D-Link DI-524跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11017
甲骨文 WebLogic 遠端執行程式碼漏洞
https://www.zdnet.com/article/new-oracle-weblogic-zero-day-discovered-in-the-wild/
Oracle MySQL Server拒絕服務漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2634
Oracle WebLogic Deserialization RCE Vulnerability (0day) Alert
http://bit.ly/2vikKch
關於Oracle WebLogic反序列化遠程命令執行漏洞的預警通報
https://news.163.com/19/0425/18/EDKL1D32000189FH.html
New Oracle WebLogic zero-day discovered in the wild
https://www.zdnet.com/article/new-oracle-weblogic-zero-day-discovered-in-the-wild/#ftag=RSSbaffb68
[KnownSec 404 Team] Oracle WebLogic Deserialization RCE Vulnerability (0day) Alert
https://medium.com/@knownseczoomeye/knownsec-404-team-oracle-weblogic-deserialization-rce-vulnerability-0day-alert-90dd9a79ae93
Oracle WebLogic多個安全漏洞預警
http://www.twoeggz.com/news/14304046.html
Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - Directory Traversal
https://www.exploit-db.com/exploits/46728
Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection
https://www.exploit-db.com/exploits/46729
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4
https://www.exploit-db.com/exploits/46722
存在本生就是漏洞!專家曝駭客用IE竊資安新手法
http://bit.ly/2XwLlyt
Drupal釋出新版,修補jQuery與Symfony的跨站腳本攻擊漏洞
https://www.ithome.com.tw/news/130149
每個Outlook用戶都必須採取措施避免重大安全漏洞
https://www.cyclonis.com/zh-tw/steps-outlook-user-take-in-the-wake-security-breach/
微軟4月安全更新與多款防毒軟體相衝
https://www.ithome.com.tw/news/130179
傳微軟悄悄關閉Windows 10中分頁顯示程式的Sets功能
https://www.ithome.com.tw/news/130175
如果你的電腦上有R6、PUBG、49,微軟將不會推送新版更新(1903 19H1-18362.XX)
https://forum.gamer.com.tw/C.php?bsn=60030&snA=521266
Windows 10 1903版遇PC連接USB裝置、SD卡將鎖住無法更新
https://www.ithome.com.tw/news/130203?fbclid=IwAR0MZK7CiL5Uo0M02Z69_mm_9YVSROvbSNO-9iecSZXkkn2D2dtIeiQxvIw
Windows 7中止支援通知已開始釋出
https://www.ithome.com.tw/news/130167
Windows 10's 'Sets' feature is gone and not expected to return
https://www.zdnet.com/article/windows-10s-sets-feature-is-gone-and-not-expected-to-return/#ftag=RSSbaffb68
Hackers Actively Exploiting Widely-Used Social Share Plugin for WordPress
http://bit.ly/2W5UgXo
Vulnerability Spotlight: Symantec Endpoint Protection kernel memory information disclosure vulnerability
https://blog.talosintelligence.com/2019/04/vulnerability-spotlight-symantec.html
研究人員公布可用來竊取機密資訊的高通晶片旁路漏洞
https://www.ithome.com.tw/news/130258
IE瀏覽器的XXE零時差注入漏洞,會讓駭客竊取檔案和系統資訊
https://blog.trendmicro.com.tw/?p=60312
PHP的imap_open函式存在安全漏洞(CVE-2018-19518),允許攻擊者遠端執行任意程式碼,請儘速確認並調整設定
https://www.nccst.nat.gov.tw/VulnerabilityDetail.aspx?lang=zh&seq=1099
VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation
https://www.exploit-db.com/exploits/46747
QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service
https://www.exploit-db.com/exploits/46733
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
推外溢保單 專家建議回饋機制與資安風控並重
https://www.cna.com.tw/news/ahel/201904210112.aspx
利用保險非法集資傳銷!111份監管函揪出人身險漏洞
https://news.sina.com.tw/article/20190421/31012304.html
印度有超過320萬張支付卡資訊流落在外,僅次於美、英
https://www.ithome.com.tw/news/130141
去年黑客入侵活動損失近1.5億元 有智利銀行中招損失8500萬
https://topick.hket.com/article/2332061
資誠:共享數據,保險業與汽車業攜手邁向新紀元
https://m.moneydj.com/f1a.aspx?a=9557f606-40db-45d3-965d-4444b297b498
有葡語系國家擬加入人民幣即時支付結算平台
http://bit.ly/2UuAseM
境界之亂延燒 南山還有苦頭吃
http://bit.ly/2XDUDJ8
台灣洗錢防制措施需與時俱進
https://www.chinatimes.com/newspapers/20190426000267-260202
香港金管局:已要求複雜交易銀行採補救措施
http://bit.ly/2UCnagn
第一銀行 108 年新進人員甄選
http://bit.ly/2UvorWk
兆豐銀行108年新進行員甄選
https://wwwfile.megabank.com.tw/other/bulletin08_1.asp?sno=1030
Singapore looks to prep financial workforce for data analytics, automation era
https://www.zdnet.com/article/singapore-looks-to-prep-financial-workforce-for-data-analytics-automation-era/#ftag=RSSbaffb68
3.電子支付/電子票證/行動支付/ 新聞及資安
第三方支付、電子支付及電子票證 一張表看懂差別
http://bit.ly/2GwHnjD
手機支付或成賊人「提款機」 假電池管理App攻擊PayPal轉錢
https://hk.news.appledaily.com/local/realtime/article/20190423/59516756
假手機App偷錢 個案趨上升 警教4招防
http://bit.ly/2PtpcOU
「毒APP」免費下載 支付帳戶被盜款
http://bit.ly/2Zt4vHt
假Apps暗藏惡意軟件 偷卡資料盜款
http://www.etnet.com.hk/www/tc/lifestyle/internationalaffairs/news/59647
信用卡盜用案去年急增6成 專家揭黑客惡意程式入侵金融App轉走款項
http://bit.ly/2ZvXshh
免費遊戲App 附病毒侵手機 5秒盜款
http://bit.ly/2VjaMpD
警助市民「掃毒」 移除39萬惡意手機Apps
http://bit.ly/2Gs6hjp
街口支付讓未成年開戶不設防 金管會首糾正電支業
https://newtalk.tw/news/view/2019-04-23/236981
日銀行業推Bank Pay電子支付 加盟機構最多將超過1000家
https://news.cnyes.com/news/id/4307579
PayPal電子支付App 4千萬用戶 超大部份美國銀行
http://bit.ly/2UDDqxk
日本進入無現金支付的戰國時代
https://www.chinatimes.com/realtimenews/20190425004797-260408
5.虛擬貨幣/區塊鍊 新聞及資安
Bitcoin.com wallet與Moonpay整合讓歐洲用戶可以使用信用卡購買BCH
https://www.tuoluocaijing.com.tw/kuaixun/detail-59907.html
印度央行發布監理沙盒報告,將支持區塊鏈創新測試
http://news.knowing.asia/news/829832b8-61bb-4e0d-a5ba-9e1e18eec170
日本最大銀行宣布推出自家製加密貨幣Coin
http://bit.ly/2XzeOrM
摩根大通擬擴大區塊鏈技術運用 簡化支付系統
https://udn.com/news/story/6811/3769440
日本:已制定加密貨幣監管提案相關手冊
http://news.knowing.asia/news/0d339928-d9d3-49c9-877b-88f0be2051a8
韓國金融研究院主辦討論會:ICO應該像私募基金一樣監管
http://news.knowing.asia/news/9551374f-25d9-48d4-8593-637f1d10379d
小摩將擴大區塊鏈技術在支付領域中的應用
https://news.cnyes.com/news/id/4307139
區塊鏈的本質是金融?不不不,讓我們從應用面談起
http://news.knowing.asia/news/249b8017-1495-4c11-a914-fe48c0ade1e7
區塊鏈轉賬比傳統方式快388倍 成本低127倍
https://news.sina.com.tw/article/20190423/31041188.html
這個駭客不一樣!靠猜測私鑰,竟成功竊取了4.5萬個ETH
http://news.knowing.asia/news/d96f683d-6b10-46eb-9cb8-a72efa10a1c7
區塊鏈新創網站遭駭 駭客輕鬆盜走以太幣740萬美元
https://happywin000-13.blogspot.com/2019/04/740.html
John McAfee表示:我很快會披露中本聰是誰,找到他太容易
https://www.techbang.com/posts/69643-mcafee-ill-soon-reveal-who-nakamoto-is-and-its-too-easy-for-me-to-find-him
推虛擬幣行動支付 業者邀「比特幣耶穌」合作
http://bit.ly/2ITtqhj
在非洲,加密貨幣支持的轉帳有望翻轉金融業
http://news.knowing.asia/news/71677a13-28a2-4e5e-8488-1557ce5737b4
金融巨頭法國興業銀行在「公有區塊鏈」以太坊上,發行了 1 億歐元的債券幣
https://www.blocktempo.com/societe-generale-subsidiary-issues-100-million-euro-bond-on-ethereum-blockchain
國內財經:金管會拍板!10檔ETN於4/30同步掛牌交易,首波規模22億元
http://bit.ly/2ILmQdM
台灣第一公鏈DEXON 主網正式上線
http://technews.tw/2019/04/25/dexon-online/
DEXON主網正式上線挹注產業資源驅動區塊鏈落地
https://ctee.com.tw/industrynews/78693.html
投資大神也認了!軟銀集團董事長孫正義「高點買入比特幣」虧損40 億台幣
https://news.xfastest.com/others/62014/softbank-founder-masayoshi-son-lost-130-million/
傳三星正在開發自家區塊鏈可能發行「三星幣」
https://ec.ltn.com.tw/article/breakingnews/2770378
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / APT
美國氣象電視台也成勒索軟體受害者,導致節目無法準時開播
https://www.ithome.com.tw/news/130147
金融後門Carbanak原始碼於VirusTotal上存在近兩年而未被發現
https://www.ithome.com.tw/news/130202?fbclid=IwAR30AjXI31wBdLeZ0tyr-ZMMryW2Q2PO6oqs1itvQUWq2W2h4B5S61J0dpA
警惕!利用Confluence最新漏洞傳播的Linux挖礦病毒seasame
https://www.4hou.com/system/17643.html
透過 MDR ( 託管式偵測及回應服務)檢視Ryuk勒索病毒-專攻擊大企業勒索超過60萬美元
https://blog.trendmicro.com.tw/?p=59965
貌似空白的 excel 工作表,開啟前注意三件事,嚴防內嵌AutoHotkey惡意腳本攻擊
https://blog.trendmicro.com.tw/?p=60293
Security researcher MalwareTech pleads guilty
https://www.zdnet.com/article/security-researcher-malwaretech-pleads-guilty/#ftag=RSSbaffb68
PayPal receives patent for ransomware detection technology
https://www.zdnet.com/article/paypal-receives-patent-for-ransomware-detection-technology/#ftag=RSSbaffb68
Leak Exposes OilRig APT Group's Tools
https://www.bankinfosecurity.com/leak-exposes-oilrig-apt-groups-tools-a-12397
Create FUD using NXcrypt – Python Backdoor Framework | Kali Linux 2019.1a
http://bit.ly/2UzeMy2
Source Code for CARBANAK Banking Malware Found On VirusTotal
http://bit.ly/2GAdBJx
FINTEAM: Trojanized TeamViewer Against Government Targets
https://research.checkpoint.com/finteam-trojanized-teamviewer-against-government-targets/
Ramnit Returns to its Banking Roots, Just in Time for Italian Tax Season
https://www.f5.com/labs/articles/threat-intelligence/ramnit-returns-to-its-banking-roots--just-in-time-for-italian-ta
New Malware Campaign Targets Financials, Retailers
https://www.darkreading.com/vulnerabilities---threats/new-malware-campaign-targets-financials-retailers/d/d-id/1334459
Malicious Attacks On Open Source Are Going to Get Worse; Developers Need to Take Notice
http://bit.ly/2VnOfYW
CARBANAK Week Part One: A Rare Occurrence
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html
Source Code for CARBANAK Banking Malware Found On VirusTotal
http://bit.ly/2UxZCZX
Malicious lifestyle apps found on Google Play, 30 million installs recorded
https://www.zdnet.com/article/30-million-android-users-have-installed-malicious-lifestyle-apps/#ftag=RSSbaffb68
Trojanized TeamViewer used in government, embassy attacks across Europe
https://www.zdnet.com/article/trojanized-teamviewer-used-in-government-political-attacks-across-europe/#ftag=RSSbaffb68
FINTEAM: Trojanized TeamViewer Against Government Targets
https://research.checkpoint.com/finteam-trojanized-teamviewer-against-government-targets/
'Silence' Cybercrime Gang Targets Banks in More Regions
https://www.bankinfosecurity.com/silence-cybercrime-gang-targets-banks-in-more-regions-a-12404
Silence Group Playbook
https://www.fortinet.com/blog/threat-research/silence-group-playbook.html
DNSpionage campaign releases new Karkoff malware into the wild
https://www.zdnet.com/article/dnspionage-campaign-releases-new-karkoff-malware-into-the-wild/#ftag=RSSbaffb68
'Karkoff' Is the New 'DNSpionage' With Selective Targeting Strategy
http://bit.ly/2GFsGeo
'ShadowHammer' Spreads Across Online Gaming Supply Chain
https://www.bankinfosecurity.com/shadowhammer-spreads-across-online-gaming-supply-chain-a-12409
'Operation ShadowHammer' Shows Weakness of Supply Chains
https://www.databreachtoday.com/operation-shadowhammer-shows-weakness-supply-chains-a-12251
ShadowHammer: New details
https://www.kaspersky.com/blog/details-shadow-hammer/26597/
Operation ShadowHammer: a high-profile supply chain attack
https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/
Qbot Malware Dropped via Context-Aware Phishing Campaign
https://www.bleepingcomputer.com/news/security/qbot-malware-dropped-via-context-aware-phishing-campaign/
WannaCryptor ‘accidental hero’ pleads guilty to malware charges
https://www.welivesecurity.com/2019/04/23/wannacryptor-accidental-hero-pleads-guilty-malware/
Analysis: Abuse of Custom Actions in Windows Installer MSI to Run Malicious JavaScript, VBScript, and PowerShell Scripts
http://bit.ly/2Uy57Yw
Analyzing C/C++ Runtime Library Code Tampering in Software Supply Chain Attacks
http://bit.ly/2UWmuHm
Medical Format Flaw Can Let Attackers Hide Malware in Medical Images
http://bit.ly/2PsjDQA
The Russian Shadow in Eastern Europe: Gamaredon ‘s Ukrainian MOD Campaign
http://bit.ly/2vmWPII
APT28 and Upcoming Elections: evidence of possible interference
https://blog.yoroi.company/research/apt28-and-upcoming-elections-possible-interference-signals/
Anubis II - malware and afterlife
https://www.threatfabric.com/blogs/anubis_2_malware_and_afterlife.html
THREAT ACTOR TA505 TARGETS FINANCIAL ENTERPRISES USING LOLBINS AND A NEW BACKDOOR MALWARE
https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware
TA505 Group Hides Malware in Legitimate Certificates
https://www.bankinfosecurity.com/ta505-group-hides-malware-in-legitimate-certificates-a-12417
Hackers using Google Sites to spread banking malware
https://govanguard.io/2019/04/24/hackers-using-google-sites-to-spread-banking-malware/
Top 10 Malware March 2019
https://www.cisecurity.org/blog/top-10-malware-march-2019/
GitHub遭駭客濫用以代管網釣套件
https://www.ithome.com.tw/news/130245
Threat actors abuse GitHub service to host a variety of phishing kits
http://bit.ly/2voFW0k
B.行動安全 / iPhone / Android /穿戴裝置 /App
小心!!黑客集團惡意攻擊 Apple 裝置 【詐騙廣告影響高達 5 億 iOS 用戶!!】
http://bit.ly/2GvReX0
知名熱點搜尋app可能曝露200萬用戶Wi-Fi密碼
https://www.ithome.com.tw/news/130172
這APP被發現Wi-Fi密碼沒加密 你家密碼恐被看光光
https://udn.com/news/story/11017/3775259
Android 平台 19款安全軟體測試結論:官方的 Google Play Protect 常漏抓又愛亂報、最不值得信任
https://www.techbang.com/posts/69606-av-test-anti-virus-test-shows-google-play-protect-let-people-down
App檢測通過名錄
https://mas.org.tw/app_cert_list.php
法國打造政府機關專用傳訊程式Tchap,隔天就被找到漏洞
https://www.ithome.com.tw/news/130136
法國政府專用通訊 app 在及時修補漏洞後已推出測試版本
http://bit.ly/2IRyH95
多支 Android App 內含廣告軟體,大量耗電並用光連線頻寛
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=844
French government releases in-house IM app to replace WhatsApp and Telegram use
https://zd.net/2DqEiQe
Hacker Breaks Into French Government's New Secure Messaging App
http://bit.ly/2W4kWIb
Nokia 9 PureView曝大漏洞:輕鬆攻破屏下指紋
https://www.sohu.com/a/309778022_162522?sec=wd
Nokia 9 PureView 指紋辨識 一條香口膠即可破解
https://www.eprice.com.hk/mobile/talk/4529/212836/1/
Nokia 9 buggy update lets anyone bypass fingerprint scanner with a pack of gum
https://www.zdnet.com/article/nokia-9-buggy-update-lets-anyone-bypass-fingerprint-scanner-with-a-pack-of-gum/#ftag=RSSbaffb68
Security flaw lets attackers recover private keys from Qualcomm chips
https://www.zdnet.com/article/security-flaw-lets-attackers-recover-private-keys-from-qualcomm-chips/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
YouTube的兩處漏洞及用戶勒索詳情披露
http://www.52bug.cn/hkjs/5782.html
醫療物聯網解決方案紛出籠 記錄身體資訊監控健康狀態 穿戴式裝置蒐集個資 生理資訊須確保合規適法
https://www.netadmin.com.tw/article_content.aspx?sn=1904110002
零信任網路下的資安防禦
http://bit.ly/2ILSbvS
遭 ShadowHammer 供應鏈攻擊的企業,不只華碩一家
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=843
企業雲端化之後 面對資訊安全的正確思維
http://bit.ly/2DzsKtY
提早安排準備並掌握判別事故 封鎖排除復原完成回應 資安事故前後完整對策 準備預防/處理善後都要
https://www.netadmin.com.tw/article_content.aspx?sn=1904100001
網路資安觀念看這篇 諾頓分享民眾網路安全看法調查結果
http://bit.ly/2IFSGsh
微軟正在評估是否要廢除 Windows 更改密碼政策
https://www.inside.com.tw/article/16206-windows-assess-password-changing
SecBuzzer是你的好幫手!April 2019 暗網情資整理
https://secbuzzer.co/
日本海事協會發表船舶網路資安管理系統
http://bit.ly/2UPOr3D
Google家居攝影機 遭駭客入侵
https://money.udn.com/money/story/5648/3776744
CIS Controls V7針對網路攻擊的防禦,提供一套處理動作的建議
https://www.ithome.com.tw/article/129576
NIST CSF 1.1:英美各國政府和一般企業都相繼採用的網路安全框架
https://www.ithome.com.tw/article/129614
HITCON Community 2019 徵稿公告
https://blog.hitcon.org/2019/04/hitcon-2019-cmt-cfp.html?m=0
HITCON率先取得八月DEF CO CTF奪冠資格,期待臺灣有第二隊一起入圍
https://www.ithome.com.tw/news/130112
資安英雄也曾是駭客,成功攔阻WannaCry的研究人員坦承打造及散布金融木馬
https://www.ithome.com.tw/news/130176
資安英雄淪駭客變狗熊
https://news.pchome.com.tw/internation/gpwb/20190420/index-55577174053699201011.html
擋WannaCry英資安英雄 對美駭客罪名認罪
https://money.udn.com/money/story/5599/3766636
擋病毒蔓延英雄 駭銀行系統對美認罪
https://www.ntdtv.com/b5/2019/04/20/a102560646.html
因擋下WannaCry病毒聞名,英國資安英雄Marcus Hutchins認罪曾開發木馬軟體攻擊銀行帳戶
https://www.techbang.com/posts/69571-has-blocked-the-wannacry-virus-british-security-hero-to-identify-hackers
批穆勒報告 川普律師:採納俄羅斯資訊沒錯
https://www.cna.com.tw/news/aopl/201904220024.aspx
民主黨倡誠信選戰「不用駭客黑料」 川普陣營拒承諾
https://udn.com/news/story/6813/3778720?from=udn-ch1_breaknews-1-cate5-news
CIA調查報告 稱華為接受中共資金挹注
https://www.ydn.com.tw/News/333055
CIA稱華為從中國解放軍獲取資金 外媒卻曝美方針對主因
http://bit.ly/2UT08Xt
美國曾向盟友透露華為接受中國官方金援
https://www.ithome.com.tw/news/130159
華為5G東南亞國家用定了!美國「王牌」恐也挽不回
https://ec.ltn.com.tw/article/breakingnews/2764929
歐洲首家 荷蘭最大電信商拒用華為5G設備
https://www.rti.org.tw/news/view/id/2018879
荷蘭最大電信KPN:5G核心網絡禁用華為
http://www.epochtimes.com/b5/19/4/26/n11215182.htm
不甩美國 英將有限度開放華為5G
https://ec.ltn.com.tw/article/breakingnews/2768627
英國有限開放華為5G? 資安首長:廠商國籍為次要考量
https://ec.ltn.com.tw/article/breakingnews/2769515
沒在怕?英國點頭,採用華為架設 5G「非核心」基礎建設
https://www.inside.com.tw/article/16188-uk-permit-huawei-equipment
美稱五眼聯盟將禁止華為參與敏感網路 對英國發警告
http://news.dwnews.com/global/big5/news/2019-04-24/60130782.html
中共在美間諜活動五花八門 美國強力反制
http://www.epochtimes.com/b5/19/4/23/n11207835.htm
中國滲透又一樁!傳台國防科技公司 遭中資收購億元股票
https://www.setn.com/News.aspx?NewsID=530337
美司法部官員轟《中國製造2025》是「盜竊路線圖」
https://newtalk.tw/news/view/2019-04-25/237927
中共「數位三戰」影響我大選 學者憂:結合武嚇製造恐慌
https://tw.news.appledaily.com/politics/realtime/20190423/1554845/
美媒曝中共如何鑽規管漏洞 使用美製衛星
http://www.epochtimes.com/b5/19/4/23/n11208516.htm
當高科技遭到誤用!美製衛星成中國加強鎮壓抗議活動工具
https://www.cmmedia.com.tw/home/articles/15280
恐怖攻擊讓斯里蘭卡緊急封鎖境內社交平台
https://www.ithome.com.tw/news/130146
印尼網軍撕裂2.7億人民 :「你看見的『民意』,只是我們在對戲」
https://www.twreporter.org/a/cyberwarfare-units-disinformation-fake-news-indonesia
歐洲議會通過92億歐元的科技預算,將用來研發超級電腦、AI及網路安全
https://www.ithome.com.tw/news/130223
他破解伊朗核電駭客、最早預告網路戰爭 被川普封殺的防毒狂人 卡巴斯基CEO專訪
http://photo.udn.com/money/story/5648/3776740
美國網絡安全官員:中國市場連帶風險 企業需權衡利益
https://www.voacantonese.com/a/canotnese-xcq-dhs-china-cyberattacks-20190425-ry/4891054.html
法律爭議及成本問題,傳NSA建議美政府終止電話監聽
https://www.ithome.com.tw/news/130250
斯國恐襲「八魔」 家境學歷俱佳 情報機關高層傳扣起消息 總統誓言整頓
https://www1.hkej.com/dailynews/article/id/2118745/
國際特赦香港分會 遭與中國有關的駭客攻擊
http://bit.ly/2DxUn6F
國際特赦組織:香港分會遭「國家級」駭客攻擊監控
https://newtalk.tw/news/view/2019-04-25/238337
Mueller Report: With Russian Hacking Laid Bare, What Next
https://www.bankinfosecurity.com/mueller-report-russian-hacking-laid-bare-what-next-a-12396
Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware
http://usawebreviews.com/marcus-malwaretech-hutchins-pleads-guilty-to-writing-selling-banking-malware/
Not So 'Smart' - Child Tech Has Hackable Flaws
https://www.bankinfosecurity.com/interviews/so-smart-child-tech-has-hackable-flaws-i-4296
ASD Essential Eight cybersecurity controls not essential: Canberra
https://www.zdnet.com/article/asd-essential-eight-cybersecurity-controls-not-essential-canberra/#ftag=RSSbaffb68
Another dark web marketplace bites the dust --Wall Street Market
https://www.zdnet.com/article/another-dark-web-marketplace-bites-the-dust-wall-street-market/#ftag=RSSbaffb68
Take a stand for consumer privacy: The anti-surveillance economy
https://www.zdnet.com/article/take-a-stand-for-consumer-privacy-the-anti-surveillance-economy/#ftag=RSSbaffb68
Advancing Security Operations With Managed Detection and Response
https://www.bankinfosecurity.com/advancing-security-operations-managed-detection-response-a-12410
Embracing creativity to improve cyber-readiness
https://www.welivesecurity.com/2019/04/18/embracing-creativity-cyber-readiness/
Congress Asks Google 10 Questions On Its Location Tracking Database
https://thehackernews.com/2019/04/google-location-database.html
Google Chrome tip: Block annoying web notifications
https://www.zdnet.com/article/google-chrome-tip-block-annoying-notifications/#ftag=RSSbaffb68
Wipro Attack: The Latest Developments
https://www.bankinfosecurity.asia/wipro-attack-latest-developments-a-12413
Intelligence Agencies Seek Fast Cyber Threat Dissemination
https://www.bankinfosecurity.co.uk/intelligence-agencies-seek-fast-cyber-threat-dissemination-a-12415
資安工程師
https://www.104.com.tw/jb/104i/job/view?j=6ksyo
資訊安全工程師
https://www.104.com.tw/jb/104i/job/view?j=6kro8
資訊安全主管
https://www.104.com.tw/jb/104i/job/view?j=6krom
資訊中心網路組徵行政助理(職務代理人)
https://webapp.yuntech.edu.tw/YunTechSSO/IdssBulletin/Detail?formId=0000000001170980
資訊安全分析師
https://www.104.com.tw/job/?jobno=6lb43
數聯資安正職人力需求
https://ece.ntust.edu.tw/files/14-1031-73164,r3-1.php?Lang=zh-tw
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
網紅為共軍野戰食物帶進豬瘟炒翻天 是誰在散布恐懼
https://health.udn.com/health/story/5999/3766619
網路報稅詐騙愈來愈多 掌握安全報稅6招求自保
https://news.cnyes.com/news/id/4306888
5月報稅季提高警覺 慎防網路釣魚 專家2張圖教你辨別
http://bit.ly/2Vg26k7
「讀冊生活」網購兩本書 女研究生整年生活費被騙光
https://news.ltn.com.tw/news/society/breakingnews/2765934
購書網「讀冊生活」個資外洩! 女研究生買書遭詐17萬
https://www.ettoday.net/news/20190421/1427393.htm
客疑被盜用信用卡 揭SoZmart泄資料未通報
http://bit.ly/2DshL5B
購物網站被黑客入侵 數十人信用卡被盜用
http://bit.ly/2IR28YO
警方提示:警惕「掃二維碼送禮」騙局
https://news.sina.com.tw/article/20190421/31012880.html
歐買尬(3687)旗下綠界科技遭惡意抹黑,盼司法介入調查
http://bit.ly/2GDDQ3i
綠界遭惡意造假檢舉 公司:已報請司法機關調查
https://tw.news.appledaily.com/new/realtime/20190424/1555732/
子公司疑捲入詐騙 歐買尬出面澄清
https://udn.com/news/story/7254/3774204
地址在台北市愛國南路七號?衛福部表示「中華民國人口福利部」年金繳費通知是詐騙
http://bit.ly/2KSeD9f
「網路購物訂單錯誤」詐騙老梗 修理機車師傅險中招
https://www.ettoday.net/news/20190422/1427608.htm
墨西哥大使館近5000份公民護照等文件遭駭客公佈於網路上
https://www.ithome.com.tw/news/130137
防堵網路釣魚攻擊,Google六月起將封鎖來自瀏覽器框架嵌入式的登入請求
https://www.ithome.com.tw/news/130097
健保卡遭冒用?正牌警阻詐
https://www.chinatimes.com/realtimenews/20190422002519-260402?chdtv
內地犯罪黨詐騙貴利集團 司警共拘12人
http://bit.ly/2IGTCwD
存50元取50萬 遊民騙貸網銀1.5億
https://udn.com/news/story/7332/3772114
B站回應工程代碼被泄露:不影響網站及用戶數據安全
https://news.sina.com.tw/article/20190422/31030684.html
提升網路隱私安全 建議設定密碼不使用連續數字
https://news.ltn.com.tw/news/world/breakingnews/2768303
別再用了!最不安全密碼 「123456」又蟬聯冠軍
http://bit.ly/2XKLsH1
你的網路密碼有多容易被破解
http://bit.ly/2VmhcEJ
假契約詐貸4銀行4.8億元 主嫌李榮華等10人遭起訴
https://udn.com/news/story/7315/3773774?from=udn-catelistnews_ch2
信用卡公司資料暗中與商家共享 科技逐步侵蝕顧客隱私 市民投訴無門徒嘆奈何
http://www.mingpaocanada.com/Tor/htm/News/20190423/tac1_r.htm
借貸請慎選 小心借款不成 反為詐嫌共犯
https://times.hinet.net/news/22336633
資安沒保障? 日企去年恐外洩268萬筆個資
https://ec.ltn.com.tw/article/breakingnews/2769006
【「想看電影嗎?」詐騙粉專也搭上《復仇者聯盟 4》熱潮】
https://blog.trendmicro.com.tw/?p=60395
FBI:去年網路犯罪投訴前三名為交易詐騙、勒索及個資外洩
https://www.ithome.com.tw/news/130225?fbclid=IwAR0bCqbi7A74qDUB_-cK9p7MfgwplIPx_cL80kwYZ6_smCDARpYEtBfFt5w
老司機暴動啦!18歲女優音梓遭駭客鎖定 無碼片傳外流
https://www.setn.com/E/news.aspx?newsid=532506
新型 BEC 變臉詐騙手法,竄改薪資自動轉帳路徑
https://blog.trendmicro.com.tw/?p=60424
藝人小禎怒斥「一定很難穿」!遭詐騙集團盜圖代言假貨
https://blog.trendmicro.com.tw/?p=60402
網路安全報稅五要訣 個人資料不外漏 惡意詐騙永Say NO
https://blog.trendmicro.com.tw/?p=60378
London Blue(倫敦藍)詐騙集團針對亞洲發動新的BEC郵件詐騙攻擊
https://blog.trendmicro.com.tw/?p=60310
Mozilla發布美國消費者隱私法案指南
https://www.nccst.nat.gov.tw/NewsRSSDetail.aspx?lang=zh&RSSType=news&seq=16233
Facebook asked to clamp down on cops creating fake accounts
https://www.zdnet.com/article/facebook-asked-to-clamp-down-on-cops-creating-fake-accounts/#ftag=RSSbaffb68
What Led to a $4.7 Million Breach Lawsuit Settlement
https://www.bankinfosecurity.com/what-led-to-47-million-breach-lawsuit-settlement-a-12401
Facebook Password, Email Contact Mishandling Worsens
https://www.bankinfosecurity.com/facebook-password-email-contact-mishandling-worsens-a-12395
Defending Against Authorised Push Payment Fraud
https://www.bankinfosecurity.eu/interviews/defending-against-authorised-push-payment-fraud-i-4299
Bodybuilding.com discloses security breach
https://www.zdnet.com/article/bodybuilding-com-discloses-security-breach/#ftag=RSSbaffb68
Facial recognition creeps up on a JetBlue passenger and she hates it
https://www.zdnet.com/article/facial-recognition-creeps-up-on-a-jetblue-passenger-and-she-hates-it/#ftag=RSSbaffb68
The FBI's RAT: Blocking Fraudulent Wire Transfers
https://www.bankinfosecurity.com/blogs/fbis-rat-blocking-fraudulent-wire-transfers-p-2740
FBI: US companies lost $1.3 billion in 2018 due to BEC scams
https://www.zdnet.com/article/fbi-us-companies-lost-1-3-billion-in-2018-due-to-bec-scams/#ftag=RSSbaffb68
Google Sensorvault Database Draws Congressional Scrutiny
https://www.bankinfosecurity.co.uk/google-sensorvault-database-draws-congressional-scrutiny-a-12411
提防 變臉詐騙 電郵 London Blue 轉攻亞洲企業
http://bit.ly/2UzxSnO
London Blue Group Using Evolving BEC Techniques in Attacks
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/london-blue-group-using-evolving-bec-techniques-in-their-attacks
Cyber News Rundown: Phishing Attack on Global IT Outsourcer
https://www.webroot.com/blog/2019/04/19/cyber-news-rundown-phishing-attack-on-global-it-outsourcer/
FTC gives two companies a slap on the wrist after appalling hacks
https://www.zdnet.com/article/ftc-gives-two-companies-a-slap-on-the-wrist-after-appalling-hacks/#ftag=RSSbaffb68
E.研究報告
挖洞經驗| 一次INSERT查詢的無逗號SQL注入漏洞構造利用($ 10,000)
https://www.freebuf.com/vuls/200201.html
Drupal 1-click to RCE 分析
https://paper.seebug.org/897/
WebLogic遠程Blind XXE高危漏洞啟明星辰提供解決方案
https://www.venustech.com.cn/article/1/8809.html
「SSH香港企業網絡保安準備指數」調查2019完整報告
https://www.hkcert.org/c/document_library/get_file?uuid=3a338b0d-0e02-45ec-ad9d-f3234854d229&groupId=16
CVE-2019-0232:Apache Tomcat RCE漏洞分析
https://xz.aliyun.com/t/4875
攻擊者是如何利用SSRF漏洞讀取本地文件並濫用AWS元數據的
https://www.4hou.com/vulnerable/17543.html
我是如何在ModSecurity的核心規則集中找到ReDOS漏洞的
https://nosec.org/home/detail/2508.html
jQuery修復威脅數億網站的原型污染漏洞,內含PoC代碼
https://zhuanlan.zhihu.com/p/63402363
CVE-2018-18500:利用火狐的堆漏洞進行攻擊
https://xz.aliyun.com/t/4888
Oracle數據庫服務器'TNS Listener'遠程數據投毒漏洞
http://blog.itpub.net/25469263/viewspace-2642451/
Web 安全漏洞SSRF 簡介及解決方案
https://cloud.tencent.com/developer/article/1418078
外國騙子裝成中國黑客製造假0day漏洞視頻,騙完錢後刪號走人
https://www.freebuf.com/column/201875.html
挖洞經驗| 利用CSRF漏洞劫持的Youtube用戶的通知消息
https://www.freebuf.com/vuls/200711.html
目標URL存在跨站漏洞和目標URL存在http host頭攻擊漏洞處理方案
https://www.itread01.com/content/1556205953.html
如何打造自己的PoC框架-Pocsuite3-使用篇
https://paper.seebug.org/904/
【ZoomEye專題報告】DDoS 反射放大攻擊全球探測分析
https://paper.seebug.org/898/
Weblogic CVE-2019-2647等相關XXE漏洞分析
https://paper.seebug.org/900/
2018年我國互聯網網絡安全態勢報告
https://paper.seebug.org/894/
Vulhub一鍵搭建漏洞測試靶場初體驗
http://bit.ly/2vlIIDt
個案分析-電腦教室主機群體感染惡意程式攻擊事件分析報告_10804
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019042501043232566847961761843.pdf
android-restriction-bypass
https://github.com/quarkslab/android-restriction-bypass/blob/master/report.pdf?fbclid=IwAR3GExQ92wfmWCAp2lZCKWECEd6MpXl0jpYpcNpENXQK-WEBjvRNLSGr50c
One-liner Safari sandbox escape exploit
https://medium.com/0xcc/one-liner-safari-sandbox-escape-exploit-91082ddbe6ef?fbclid=IwAR2b4iZPdz_Q-QVsaB_SO75yUUDZLLhhWWlonfujyrpXNCLMp3fLhL3_D6o
RhinoSecurityLabs/CVEs
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-0227?fbclid=IwAR30S5-UZF8u_eDNZUIcuZMlTXDEQZU-7gZJtSJ7Lz-PR5fkuOhfQ9N7FYQ
My Personal OSINT Techniques, Part 1 of 2: Key & Layer, Contingency Seeding
https://0x00sec.org/t/my-personal-osint-techniques-part-1-of-2-key-layer-contingency-seeding/13033?fbclid=IwAR1wR8YRP9vCcZgEIMUDL8twr0dzCbdwug6Cbs1vbZXoIIYb_MwUy3W9NmY
Raspberry Jam Guidebook
https://www.raspberrypi.org/jam/guidebook/?fbclid=IwAR0FG-kVynn6wCF2-4gWIK5zjMpExUq0EaHDIz7ox9ETnaU2KZdZqERj3j4
spatie/laravel-honeypot
https://github.com/spatie/laravel-honeypot?fbclid=IwAR1kFayMEYj_ke91zbPZ87MScfZyzLhd0k-ijYvYowVKHfKOVg0nnk99A2M
Cloud Security Summit - Taiwan :: Presentations
https://www.paloaltonetworks.com/resources/presentations/cloud-security-summit-taiwan-presentations
Backdooring any android application (.apk file) for fun and profit
https://exploitstube.com/backdooring-any-android-application-apk-file-for-fun-and-profit.html?fbclid=IwAR3BHH1Eu4C0R_8mN0OkFmT9pgYYOrjP1-zMI4IXHDl6NwEezAiLUD56S8U
USB Drop Attacks: The Danger of “Lost And Found” Thumb Drives
https://www.redteamsecure.com/usb-drop-attacks-the-danger-of-lost-and-found-thumb-drives/?fbclid=IwAR2puc_JYR7vZr517M5rRmXfCkzZh_OWwuxRzLv9L0rdNzi4J4gZP6mBhTY
FLASHMINGO: The FireEye Open Source Automatic Analysis Tool for Flash
https://www.fireeye.com/blog/threat-research/2019/04/flashmingo-open-source-automatic-analysis-tool-for-flash.html
How to create your own USB stealer
https://www.hackeroyale.com/usb-stealer/?fbclid=IwAR2mH_v1B-fk8yweiVozgxzOL9w9iOnrnih4UpYt029OdYDPxPPOVIonK5o
pe3zx/huawei-block-list
https://github.com/pe3zx/huawei-block-list?fbclid=IwAR208iWSt5R6HFDFjrOxw2ZvE3rWjmGzw7YPaxenpZItDa9ZcIPhsjZTq10
CRACK WINDOWS PASSWORD WITH JOHN THE RIPPER
https://www.securitynewspaper.com/2018/11/27/crack-windows-password-with-john-the-ripper/?fbclid=IwAR0XOjI8KeIJUFZ3A4ea3ElT2_9QYRRn6uef8c6JZa1foUgFjLOOwpxjWYs
How to quickly and securely wipe your data off almost any device
https://www.zdnet.com/pictures/how-to-quickly-and-securely-wipe-your-data-off-almost-any-device/#ftag=RSSbaffb68
Finding Weaknesses Before the Attackers Do
https://www.fireeye.com/blog/threat-research/2019/04/finding-weaknesses-before-the-attackers-do.html
fireELF: opensource fileless linux malware framework
https://securityonline.info/fireelf/
ivRodriguezCA/RE-iOS-Apps
https://github.com/ivRodriguezCA/RE-iOS-Apps?fbclid=IwAR19f9Rc9GecvpfXuM_gIh1w9JErWHJahY2ajUzRK0h8gjAjH9uqzuYlJg4
Fuzzing the MSXML6 library with WinAFL
https://movaxbx.ru/2019/04/09/fuzzing-the-msxml6-library-with-winafl/?fbclid=IwAR1GDx2BnZo3X5yKzNmdIeY9iOESZrdSbiRO-OUyPt3_dR8al32EjdcTXhk
AM vs FM: The battle brewing in lidar technology
https://www.zdnet.com/article/am-vs-fm-the-battle-brewing-in-lidar-technology/#ftag=RSSbaffb68
How to Crack Online Passwords with Tamper Data & THC Hydra
https://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-online-passwords-with-tamper-data-thc-hydra-0155374/
Writing a Password Protected Reverse Shell (Linux/x64)
http://bit.ly/2Vif014
Logging Made Easy
https://github.com/ukncsc/lme?fbclid=IwAR3OOFnZckhEE6ZBCrsfsk8Ed9h0WdE_HsocG6AEXdsX1__IfinM2xcQBd4
logzero: Python logging made easy
https://logzero.readthedocs.io/en/latest/
How to enable Google Chrome Incognito Mode detection blocking
https://www.zdnet.com/article/how-to-enable-google-chrome-incognito-mode-detection-blocking/#ftag=RSSbaffb68
Paper: Alternative communication channel over NTP
https://www.virusbulletin.com/blog/2019/04/paper-alternative-communication-channel-over-ntp/
Uncovering CVE-2019-0232: A Remote Code Execution Vulnerability in Apache Tomcat
http://bit.ly/2UCfqLl
Zero-day XML External Entity (XXE) Injection Vulnerability in Internet Explorer Can Let Attackers Steal Files, System Info
http://bit.ly/2GvziKP
F.商業
Ubuntu 19.04出爐!使用最新GNOME 3.32還支援豐富程式開發工具
https://www.ithome.com.tw/news/130107
Mozilla更名物聯網平臺專案為WebThings,新版閘道器提供日誌紀錄功能
https://www.ithome.com.tw/news/130096
GCP一站式資安管理平臺Cloud SCC正式上線
https://www.ithome.com.tw/news/130110
芬-安全F-Secure Total跨平台全方位安全軟體,透過虛擬位置技術防止被追蹤
http://bit.ly/2ve5Io6
微軟買下即時作業系統開發商Express Logic
https://www.ithome.com.tw/news/130118
微軟正開發沒有迴圈的程式語言Bosque
https://www.ithome.com.tw/news/130153
Microsoft releases version 2.0 of its PWA Builder tool
https://www.zdnet.com/article/microsoft-releases-version-2-0-of-its-pwa-builder-tool/#ftag=RSSbaffb68
Microsoft starts rolling out Google G Suite to Office 365 migration tools
https://www.zdnet.com/article/microsoft-starts-rolling-out-google-g-suite-to-office-365-migration-tools/#ftag=RSSbaffb68
Kaspersky CEO: Open your source codes to win governments' trust
https://www.zdnet.com/article/kaspersky-ceo-open-your-source-codes-to-win-governments-trust/#ftag=RSSbaffb68
G.政府
政院拍板:各機關不得購危害資安產品 「非限制民間消費」
https://www.ettoday.net/news/20190419/1426245.htm
資通產品禁用原則出爐 政院:無關民眾消費
https://udn.com/news/story/6656/3766452
行政院發布「危害國家資安產品限制原則」,將不僅限於中國商品
https://www.thenewslens.com/article/117602
行政院說明禁止公務機關採購危害資安的資通產品
https://udn.com/news/story/6656/3765763
防資安外洩 政院拍版:各機關不得購危害資安產品
https://news.pchome.com.tw/living/nownews/20190419/index-55565812971528207009.html
行政院說明危害國家資安產品限制
https://news.sina.com.tw/article/20190419/31001474.html
禁用中國製資安產品 科學園區廠商的伺服器、網路攝影機也在規範範疇
http://bit.ly/2PifwGK
政院拍板資通產品禁購原則 7月公布管制清單
http://www.ntdtv.com.tw/b5/20190419/video/244072.html
政院公布資通產品禁購原則 避中國、陸資字眼
https://news.pts.org.tw/article/429396
資安產品黑名單 下季公布
https://money.udn.com/money/story/5648/3766431
3個月內提資安黑名單 政院封殺陸資3C 包山包海
https://www.chinatimes.com/newspapers/20190420000459-260102?chdtv
業者:建立國家資安政策
https://ec.ltn.com.tw/article/paper/1282834
禁中國資通產品 政院通令盤點清單
https://ec.ltn.com.tw/article/paper/1282832
中興、聯想、海康威視 可能列黑名單
https://ec.ltn.com.tw/article/paper/1282833
8大關鍵基礎設施資通納管範圍 政院將訂指定原則
https://news.ltn.com.tw/news/politics/breakingnews/2765268
禁中國資通產品》陳其邁:縣市不配合可處罰
https://ec.ltn.com.tw/article/paper/1283048
潘翰聲、陳家宏:開放源碼 讓大家救台鐵訂票系統
https://tw.news.appledaily.com/new/realtime/20190420/1553567/
金管會對行動支付業務鬆綁 列6大重點
https://www.tdcpress.com/Article/Index/1907
有關議員質詢智慧支付平台,台北市政府資訊局回應
http://bit.ly/2VZxTms
有關議員質詢市府使用中國品牌資通訊產品一事,資訊局回應
http://bit.ly/2W0uSCf
資安新法正式上路4個月,醫院如何落實醫療資安
https://www.ithome.com.tw/news/130157
因應中國訊息戰 國安局設平台反假新聞
http://bit.ly/2ViukL5
唐鳳華府行 就大選資安與美方交換意見
https://taronews.tw/2019/04/24/319741/
陸對台軍事威脅?唐鳳這麼看
https://www.chinatimes.com/realtimenews/20190424001693-260410?chdtv
唐鳳華府行 酸大陸用網路監控大眾
https://udn.com/news/story/6656/3773971
美喬治華盛頓大學演講 唐鳳:北京對台軍事威脅顯示缺乏自信
https://m.ltn.com.tw/news/politics/breakingnews/2768860
我國保險業引進「公司治理人員」 6月底全面適用
https://ec.ltn.com.tw/article/breakingnews/2768441
金管會開放了!海外趴趴走 電子支付在國外也能嗶
https://ec.ltn.com.tw/article/breakingnews/2768432
電支法規鬆綁下一步 顧立雄:打破電支電票界線
http://bit.ly/2vkVnH2
街口、LINE Pay海外也通 顧立雄下一步推電票電支整合
https://www.chinatimes.com/realtimenews/20190424001564-260410?chdtv
金檢曝六大缺失 26日約談國銀老總
https://www.chinatimes.com/newspapers/20190425000227-260202?chdtv
邀產官學界與會 調查局明舉辦區塊鍊保護數位證據研討會
https://udn.com/news/story/7314/3774724
數位證據怎麼保護 調查局明公布
https://www.chinatimes.com/realtimenews/20190424003515-260402?chdtv
盧秀燕促保護個資 活化運用
http://bit.ly/2GxKpTz
照顧勞工專責勞檢 台南市將成立資安健康處
https://udn.com/news/story/7326/3776994
2019 報稅網站:開放報稅資料下載
https://applealmond.com/posts/51645
打造國家級資安服務 關貿網路與調查局進行聯防合作
https://ec.ltn.com.tw/article/breakingnews/2771057
108年政府組態基準GCB說明文件(預告版)已發布於GCB專區,並進行意見徵詢作業
https://www.nccst.nat.gov.tw/NewInfoDetail.aspx?lang=zh&seq=1524
108年第1次政府資通安全防護巡迴研討會ー開放報名
https://www.nccst.nat.gov.tw/NewInfoDetail.aspx?lang=zh&seq=1523
H.SCADA/ICS/工控系統
是德科技Ixia部門發佈2019年安全報告 未修補漏洞影響大
http://bit.ly/2ZtGEay
強化資安體質 製造業積極轉進工業4.0時代
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=110&id=0000556449_kqt356z15v5w128c9eqbo
motorola -- cx2_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11319
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11320
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11322
siemens -- simatic_s7-1500_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16558
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16559
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6575
siemens -- simatic_s7-300_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16561
siemens -- spectrum_power_4
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6579
I.教育訓練
4/25 Log分析入門、架構、與戰情分析
http://bit.ly/2Gyq6FL
【FreeBuf字幕組】Web安全漏洞系列:不安全的直接物件引用漏洞IDOR
https://www.itread01.com/hkllcqi.html
Learn Ethical Hacking With 180 Hours of Training — 2019 Online Course
http://bit.ly/2KZYXRt
HACKS LAND Ethical Hacker's Playground
https://hacksland.net/
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
Eclipse基金會IoT開發者大調查:安全性仍是開發者最關注議題
https://www.ithome.com.tw/news/130113
鼓勵創新更要作好資安把關 新加坡網路安全聯盟管控物聯網風險
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=50&id=0000557815_zl57soec2n1s2z4p3fdge
IoT 0 day漏洞啟示
https://www.itread01.com/hklyyef.html
針對物聯網及5G的電信犯罪
https://blog.trendmicro.com.tw/?p=60140
不怕多繞路!計程車、電信合作智慧車聯網
http://bit.ly/2UCxa92
VXRL 專家實戰示範 輕鬆攻擊 IoT 產品漏洞
http://bit.ly/2IGjfxm
北市教育局與台大簽AI人工智慧教育MOU 2高中將開AI學程
https://www.chinatimes.com/realtimenews/20190425003309-260405?chdtv
Microsoft is readying AI-powered Azure digital inking services
https://www.zdnet.com/article/microsoft-is-readying-ai-powered-azure-ink-services/#ftag=RSSbaffb68
Microsoft to join MLflow project, add native support to Azure Machine Learning
https://www.zdnet.com/article/microsoft-to-join-mlflow-project-add-native-support-to-azure-machine-learning/#ftag=RSSbaffb68
Docker, Arm partner to streamline development for cloud, edge and IoT
https://www.zdnet.com/article/docker-arm-partner-to-streamline-development-for-cloud-edge-and-iot/#ftag=RSSbaffb68
6.近期資安活動及研討會
Gartner分析師交流會:Magic Quadrant資安報告幕後大公開 4/29
https://www.acw.org.tw/News/Detail.aspx?id=67
HackingThursday 固定聚會 5/2
https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/
資安法 X 技術實務論壇 5/2
https://csa.kktix.cc/events/csa190502
國立交通大學 亥客書院 - 基礎網站安全建構實務 5/4
https://hackercollege.nctu.edu.tw/?p=1045
Pwn入門 5/5
https://hackersir.kktix.cc/events/fcu190505
Elixir台灣 台北 Meetup # Monday, May 6, 2019
https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/
公部門之AI資安防護新思維研討會 5/7
http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==
向資安服務看齊 我們一起讓資安從「有做」到「有效」 5/8 ~ 5/10
https://www.informationsecurity.com.tw/Seminar/2019_all/
資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
https://www.accupass.com/event/1904170343547477698390
HackingThursday 固定聚會 5/9
https://www.meetup.com/hackingthursday/events/vkhnnqyzhbmb/
資安健診 5/9
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3827&from_course_list_url=homepage
國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
https://hackercollege.nctu.edu.tw/?p=1054
AIS3 2019 新型態資安暑期課程 報名107 年 5 月 14 日上午 10 點至 107 年 5 月 27 日下午 6 點
https://ais3.org/
iTHome 台灣雲端大會 Cloud Summit 2019 2019年 5 月 15 日 (三) 09:00~17:00
https://cloudsummit.ithome.com.tw/
Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/
「SQL Server 2008 EOS」研討會 5/15
https://cosa.kktix.cc/events/bb128a58
HackingThursday 固定聚會 5/16
https://www.meetup.com/hackingthursday/events/vkhnnqyzhbvb/
網路封包分析實務 5/16
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3831&from_course_list_url=homepage
DevDays Asia 2019 @Taipei 亞太技術年會 2019/5/21-2019/5/23 | 9:00 AM - 5:00 PM
https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x6811311abcd
HackingThursday 固定聚會 5/23
https://www.meetup.com/hackingthursday/events/vkhnnqyzhbfc/
源碼檢測實作 5/23
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3835&from_course_list_url=homepage
第二十九屆全國資訊安全會議 5/23 ~ 5/24
https://cisc2019.cs.pu.edu.tw/index.php
Docker Birthday #5 - Taipei 5/25
https://www.meetup.com/Docker-Taipei/events/248974949/
OWASP TechDay Taiwan 2019 2019/05/28
https://csa.kktix.cc/events/owasp0528
HackingThursday 固定聚會 5/30
https://www.meetup.com/hackingthursday/events/vkhnnqyzhbnc/
International Conference CONSTRUCTIVE THEORY OF FUNCTIONS - 2019 SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/
HackingThursday 固定聚會 6/6
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbjb/
HackingThursday 固定聚會 6/13
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbrb/
國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
https://hackercollege.nctu.edu.tw/?p=1039
Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/
HackingThursday 固定聚會 6/20
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbbc/
HackingThursday 固定聚會 6/27
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/
HackingThursday 固定聚會 7/4
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/
2019國際資訊安全組織台灣高峰會 7/9 ~ 7/11
https://csa.kktix.cc/events/2019con
HackingThursday 固定聚會 7/11
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/
HackingThursday 固定聚會 7/18
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/
HackingThursday 固定聚會 7/25
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/
資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」 8/29 ~ 8/30
http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==
Splunk .conf 19 10/21 ~ 10/24
https://conf.splunk.com/
Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019
https://www.icscybersecurityconference.com
訂閱:
張貼留言 (Atom)
2024年 12 月份資安、社群活動分享
2024年 12 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/3 https://www.meetup.com/taiwan-code-camp/e...
-
2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://b...
-
2024年 2月份資安、社群活動分享 Taipei All About API Meetup Group - Meet and Greet, 01 Feb 2024, 07:00 PM 2024/2/1 https://www.meetup.com/taipei-all-a...
-
2024年 5 月份資安、社群活動分享 資安五四三 2024/5/2 https://csa.kktix.cc/events/202405-543 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/5/2 http...
沒有留言:
張貼留言