跳到主要內容

資安事件新聞週報 2019/4/8 ~ 2019/4/12

資安事件新聞週報  2019/4/8  ~  2019/4/12

1.重大弱點漏洞
多個虛擬私人網絡應用程式未經加密儲存暫存 cookies 漏洞
https://kb.cert.org/vuls/id/192371/

CloudBees Jenkins信息洩露漏洞
https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089

Juniper 產品多個漏洞
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES

Dell Networking OS10密鑰管理錯誤漏洞
https://www.dell.com/support/article/SLN316558/

CyberArk EPM 10.2.1.603 - Security Restrictions Bypass
https://www.exploit-db.com/exploits/46688

CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting
https://www.exploit-db.com/exploits/46669

KindEditor上傳漏洞導致近百個黨政網站植入
http://www.52rkl.cn/xinwenzatan/040X245502019.html

TP-LINK路由器緩衝區溢出0 day 漏洞
https://www.4hou.com/vulnerable/17280.html

TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow
https://www.exploit-db.com/exploits/46678

D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting
https://www.exploit-db.com/exploits/46687

QNAP Netatalk < 3.1.12 - Authentication Bypass
https://www.exploit-db.com/exploits/46675

關於Tenda AC系列路由器緩衝區溢出漏洞的情況通報
https://www.secrss.com/articles/9787


治標不治本,黑客仍可利用思科路由器漏洞
https://read01.com/5nzkjyK.html#.XLAAxugzbIU

Google修補Android系統11項重大及高風險安全漏洞
https://t.cj.sina.com.cn/articles/view/3022113061/b421c92500100gmju

3月macOS更新修補程序:漏洞可能會洩露受限制的信息,啟用任意代碼執行
https://bit.ly/2G8iz1o

Samba 多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/04/08/Samba-Releases-Security-Updates

Microsoft Internet Explorer 11 - XML External Entity Injection
https://www.exploit-db.com/exploits/46690

Microsoft 將於4月9日停止Windows 10 1709更新家庭版/專業版支持
https://news.xfastest.com/microsoft/61203/microsoft-4-9-windows-10-1709/

微軟將在5月釋出的Windows 10更新加入可手動延後35天升級選項
https://mashdigi.com/you-can-select-to-delayed-update-windows-10-from-may/

微軟擴大Windows 10 20H1的早期開發者測試
https://www.ithome.com.tw/news/129813

微軟Patch Tuesday修補兩個已被開採的Windows漏洞
https://www.ithome.com.tw/news/129898

微軟更新抓漏政策,外部舉報的漏洞就算官方已知情,一樣能獲得全額獎金
https://www.ithome.com.tw/news/129875

Microsoft's April Patch Tuesday comes with fixes for two Windows zero-days
https://www.zdnet.com/article/microsofts-april-patch-tuesday-comes-with-fixes-for-two-windows-zero-days/#ftag=RSSbaffb68

Microsoft Releases April 2019 Security Updates — Two Flaws Under Active Attack
https://reurl.cc/MzXQn

Microsoft is ready to move Windows 10 Fast Ring testers to build 20H1
https://www.zdnet.com/article/microsoft-is-ready-to-move-windows-10-fast-ring-testers-to-build-20h1/#ftag=RSSbaffb68

Microsoft Releases First Preview Builds of Chromium-based Edge Browser
https://bit.ly/2GdfNYP

Microsoft Edge CVE-2019-0833 Information Disclosure Vulnerability
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0833

十多個Apache HTTP Server版本含有允許駭客取得最高權限漏洞
https://bit.ly/2G5pybu

VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation
https://www.exploit-db.com/exploits/46601?utm_source=dlvr.it&utm_medium=twitter

A WINDOW OF OPPORTUNITY: EXPLOITING A CHROME 1DAY VULNERABILITY
https://blog.exodusintel.com/2019/04/03/a-window-of-opportunity/

LOADING UP A PAIR OF QT BUGS: DETAILING CVE-2019-1636 AND CVE-2019-6739
https://www.thezdi.com/blog/2019/4/3/loading-up-a-pair-of-qt-bugs-detailing-cve-2019-1636-and-cve-2019-6739

CVE-2019–5418: on WAF bypass and caching
https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981

CVE-2018-1994:IBM InfoSphere資產管理系統SQL注入漏洞
https://nvd.nist.gov/vuln/detail/CVE-2018-1994

CVE-2019-3395、CVE-2019-3396:Confluence Server 遠程代碼執行漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-3395
https://nvd.nist.gov/vuln/detail/CVE-2019-3396

CVE-2019-9490 Trend Micro InterScan 6.5 SP2未授權訪問漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-9490

在HackerOne Singapore活動中揭露了Dropbox的264個漏洞
https://www.zdnet.com/article/dropbox-uncovers-264-vulnerabilities-in-hackerone-singapore-bug-hunt/#ftag=RSSbaffb68

研究人員揭露Wi-Fi WPA3標準的多個重大漏洞
https://www.ithome.com.tw/news/129931

Dragonblood vulnerabilities disclosed in WiFi WPA3 standard
https://www.zdnet.com/article/dragonblood-vulnerabilities-disclosed-in-wifi-wpa3-standard/#ftag=RSSbaffb68

Adobe patch update squashes critical code execution bugs
https://www.zdnet.com/article/adobe-patch-update-squashes-critical-code-execution-bugs/#ftag=RSSbaffb68

Adobe Releases Security Patches for Flash, Acrobat Reader, Other Products
https://reurl.cc/koqKq

Mozilla releases beta of Firefox for ARM-based Windows 10 laptops
https://www.zdnet.com/article/mozilla-releases-beta-of-firefox-for-arm-based-windows-10-laptops/#ftag=RSSbaffb68

JVN#01119243 Android アプリ「JR東日本 列車運行情報 プッシュ通知アプリ」が使用する API サーバにアクセス制限不備の脆弱性
https://jvn.jp/jp/JVN01119243/

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
新型態交易模式備出 就怕民眾金融知識不足
https://m.ctee.com.tw/livenews/aj/a83205002019040620214674

強化防偽造、日本紙幣將改版;相關股嗨、JCM一度漲停
https://m.moneydj.com/f1a.aspx?a=5802f4b1-3df2-42ca-8b7d-0f46c5b6a883

永齡攜手小港醫院 健康ATM進駐百家小7 啟用
https://bit.ly/2OXQUTE

電子發票全自動化管理- 載具申請、自動對獎、獎金兌現,一次搞定
https://bit.ly/2U1Uc9n

八大問題拷問互聯網保險:概念不清 監管漏洞頻出
https://news.sina.com.tw/article/20190408/30832708.html

陸P2P又爆倒閉潮
https://money.udn.com/money/story/5603/3742443

誇張! 英國搶匪開挖土機 將加油站ATM整台鏟起
https://m.ltn.com.tw/news/world/breakingnews/2754906

取經日本樂天 國票金推金融資安升級 建立自身資訊安全系統
http://bit.ly/2Ifu75d

2019網銀安全報告:54%網上銀行存竊取資金漏洞
https://www.secrss.com/articles/9778

哈日族動作快 日圓換匯又見0.27字頭 這樣做匯價更優
http://bit.ly/2X2a1i4

Congressional Report Rips Equifax for Weak Security
https://bit.ly/2U8nAKR

Group-IB and NGN International: Gulf countries came under hackers’ spotlight in 2018, with more than 130 000 payment cards compromised
https://www.group-ib.com/media/gib-ngn-gulf-countries-cards/

Alleged Chief of Romanian ATM Skimming Gang Arrested in Mexico
https://krebsonsecurity.com/2019/04/alleged-chief-of-romanian-atm-skimming-gang-arrested-in-mexico/

How crooks use your doppelgangers to pay with your card
https://www.kaspersky.com/blog/digital-masks-card-fraud/26357/

Report: FIN6 Shifts From Payment Card Theft to Ransomware
https://www.bankinfosecurity.com/report-fin6-shifts-from-payment-card-theft-to-ransomware-a-12358

Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware
https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html

A NEW BREED OF ATM HACKERS GETS IN THROUGH A BANK’S NETWORK
https://www.wired.com/story/atm-hacks-swift-network/

Positive Technologies: attackers can access personal data and other sensitive information in every online bank
https://www.ptsecurity.com/ww-en/about/news/attackers-can-access-personal-data-and-other-sensitive-information-in-every-online-bank/

合庫銀行擴大徵才680人
https://www.chinatimes.com/realtimenews/20190408004040-260410?chdtv

聯邦銀行行員招募
http://grad.osa.ncku.edu.tw/p/404-1054-192197-1.php?Lang=zh-tw

3.電子支付/電子票證/行動支付/ 新聞及資安
香港移動支付推廣難點 信息安全與八達通
http://hk.crntt.com/doc/1053/9/1/0/105391018.html?coluid=7&kindid=0&docid=105391018&mdate=0406134219

泰央行警告微信支付在泰業務並未獲得授權
https://www.vvfeng.com/article/52874.htm

Samsung Pay 即將支援臺灣悠遊卡
https://bit.ly/2U8lbjj

Brazil sprints ahead in mobile payments innovation
https://www.zdnet.com/article/brazil-sprints-ahead-in-mobile-payments-innovation/#ftag=RSSbaffb68

Asia driving global mobile payments, with eight in top 10 markets
https://www.zdnet.com/article/asia-driving-global-mobile-payments-with-eight-in-top-10-markets/#ftag=RSSbaffb68

5.虛擬貨幣/區塊鍊   新聞及資安
證券型代幣發行 為誰興利
https://www.chinatimes.com/newspapers/20190408000205-260202?chdtv

挖礦退燒 業者轉攻新應用
https://money.udn.com/money/story/5710/3739473

誰在幫斯洛維尼亞和克羅埃西亞打造「比特幣城」
http://news.knowing.asia/news/677c97f1-4276-44d0-8b56-4eab188894d9

Etherium交易在6秒內完成像信用卡一樣使用
http://www.robotsky.com/technology/201904/068893.html

門羅幣開發商確認修復Ledger 錢包漏洞
http://www.sohu.com/a/306787951_114774?sec=wd

基於Tron的代幣IseriCoin存在造幣漏洞,已被攻擊者利用
https://xcong.com/lives/1489499

Coinbase推出全球首張加密貨幣簽帳卡
https://www.ithome.com.tw/news/129933

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體
英媒:惡意軟體可篡改癌症檢測影像
https://news.sina.com.tw/article/20190407/30814144.html

Bashlite IoT惡意軟件更新
https://www.4hou.com/others/17210.html

華碩供應鏈攻擊事件:針對ShadowHammer惡意活動第一階段Payload的分析
https://www.4hou.com/other/17216.html

警惕!GandCrab5.2勒索病毒偽裝國家機關發送釣魚郵件進行攻擊
https://www.4hou.com/typ/17212.html

偽裝大師——XLoader新變種分析
https://www.4hou.com/web/17182.html

TA505 APT組織通過武器化Excel文檔啟動ServHelper後門
http://t.cn/E6LVdiT

亞太地區勒索軟體發生率全球最高,微軟建議企業「3 大要素」應對
https://www.limitlessiq.com/news/post/view/id/9134/

被行星家族的勒索軟體纏住了?別怕,Emsisoft釋出解密工具了
https://www.ithome.com.tw/news/129842

【俄羅斯特制新款木馬程式 Gustuff 】目標鎖定Android手機肆虐全球
https://bit.ly/2In1SAL

Android間諜程式Exodus現身iOS平台
https://www.ithome.com.tw/news/129873

利用“永恆之藍”漏洞的Yatron勒索軟件
http://www.mottoin.com/detail/3865.html

Bashlite IoT 惡意程式新增挖礦與後門功能,專門攻擊 WeMo 品牌裝置
https://blog.trendmicro.com.tw/?p=60149

這些年鎖定智慧工廠的病毒
https://blog.trendmicro.com.tw/?p=60143

【 手機病毒】XLoader變種假冒行動電話電信商,進行簡訊釣魚,Android及 iOS 皆為攻擊目標
https://blog.trendmicro.com.tw/?p=60126

全球勒索病毒持續「變種」攻擊,企業應採用資安防禦與備份方案以保護數位資產
http://www.pcdiy.com.tw/detail/12582

Google大神開掛!Chrome能一鍵幫你掃毒
https://www.ettoday.net/news/20190412/1420916.htm

LockerGoga 勒贖軟體分析
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=833

北韓駭客組織HIDDEN COBRA所利用的惡意程式HOPLIGHT
https://www.us-cert.gov/ncas/analysis-reports/AR19-100A

惡意軟體儲存在受感染的HTTPS網站隱藏目錄中
https://www.securityweek.com/attackers-store-malware-hidden-directories-compromised-https-sites

FAKE UPDATES CAMPAIGN PUSHES CHTHONIC BANKING TROJAN
https://www.malware-traffic-analysis.net/2019/04/05/index.html

IoT botnet targeting your enterprise? Nope. Just a kid with an ExploitDB account
https://www.zdnet.com/article/iot-botnet-targeting-your-enterprise-nope-just-a-kid-with-an-exploitdb-account/#ftag=RSSbaffb68

Ursnif: The Latest Evolution of the Most Popular Banking Malware
https://blog.yoroi.company/research/ursnif-the-latest-evolution-of-the-most-popular-banking-malware/

Newly discovered BasBanke banking trojan found targeting Brazilian users
https://cyware.com/news/newly-discovered-basbanke-banking-trojan-found-targeting-brazilian-users-f8ef334d

BasBanke: Trend-setting Brazilian banking Trojan
https://securelist.com/basbanke-trend-setting-brazilian-banking-trojan/90365/

Preparing for the Unpredictable: Security in a New World of Mobile Malware
https://securityintelligence.com/preparing-for-the-unpredictable-security-in-a-new-world-of-mobile-malware/

IcedID Banking Trojan Spruces Up Injection Tactics to Add Stealth
https://securityintelligence.com/icedid-banking-trojan-spruces-up-injection-tactics-to-add-stealth/

A dozen US web servers are spreading 10 malware families, Necurs link suspected
https://www.zdnet.com/article/a-dozen-us-web-servers-are-spreading-10-malware-families-necurs-botnet-link-suspected/#ftag=RSSbaffb68

Attackers Shift to Malware-Based Cryptominers
https://www.bankinfosecurity.com/attackers-shift-to-malware-based-cryptominers-a-12351

Security researchers discover iOS version of Exodus Android spyware
https://www.zdnet.com/article/security-researchers-discover-ios-version-of-exodus-android-spyware/#ftag=RSSbaffb68

LockerGoga: It's not all about the ransom
https://www.zdnet.com/article/industrial-malware-lockergoga-forces-victims-to-go-back-to-pen-and-paper/#ftag=RSSbaffb68

TrickBot Trojan seeks out weak human links in business to profit from the tax season
https://www.zdnet.com/article/trickbot-trojan-profits-from-the-tax-season/#ftag=RSSbaffb68

Analyzing the botnet infrastructure and threat actors behind TrickBot
https://technical.nttsecurity.com/post/102fhgo/analyzing-the-botnet-infrastructure-and-threat-actors-behind-trickbot

Securonix Threat Research: Detecting LockerGoga Targeted IT/OT Cyber Sabotage/Ransomware Attacks
https://www.securonix.com/securonix-threat-research-detecting-lockergoga-targeted-it-ot-cyber-sabotage-ransomware-attacks/

Ursnif: The Latest Evolution of the Most Popular Banking Malware
https://blog.yoroi.company/research/ursnif-the-latest-evolution-of-the-most-popular-banking-malware/

URSNIF – A POLYMORPHIC DELIVERY MECHANISM EXPLAINED
https://www.sentinelone.com/blog/ursnif-polymorphic-delivery-mechanism-explained/

Mapping Out a Malware Distribution Network
https://www.bromium.com/mapping-malware-distribution-network/

Grab-and-go Baldr malware enters the black market
https://www.zdnet.com/article/grab-and-go-info-stealer-baldr-malware-enters-the-black-market/#ftag=RSSbaffb68

Reveton ransomware distributor sentenced to six years in prison in the UK
https://www.zdnet.com/article/reveton-ransomware-distributor-sentenced-to-six-years-in-prison-in-the-uk/#ftag=RSSbaffb68

UK Man Gets Six-Year Sentence for Global Ransomware Scheme
https://www.bankinfosecurity.asia/uk-man-gets-six-year-sentence-for-global-ransomware-scheme-a-12361

'Exodus' Surveillance Malware Found Targeting Apple iOS Users
https://bit.ly/2InD1Nb

US government publishes details on North Korea's HOPLIGHT malware
https://www.zdnet.com/article/us-government-publishes-details-on-north-koreas-hoplight-malware/#ftag=RSSbaffb68

Sophisticated 'TajMahal APT Framework' Remained Undetected for 5 Years
https://reurl.cc/Y3da4

Attackers Insert Themselves into the Email Conversation to Spread Malware
https://blog.minerva-labs.com/attackers-insert-themselves-into-the-email-conversation-to-spread-malware

海蓮花APT 組織使用的macOS 惡意軟件更新分析 OceanLotus: macOS malware update
https://www.welivesecurity.com/2019/04/09/oceanlotus-macos-malware-update/

B.行動安全 / iPhone / Android /穿戴裝置 /App
底層通訊的資安,誰來看顧
http://www.compotechasia.com/a/opportunity/2019/0410/41546.html

小米手機預裝的安全程式Guard Provider暗藏中間人攻擊漏洞
https://www.ithome.com.tw/news/129805

小米安全中心Guard Provider APP漏洞分析
https://xz.aliyun.com/t/4689

網路安全廠商踢爆 小米手機內建App暗藏漏洞
https://www.chinatimes.com/realtimenews/20190412001735-260412?chdtv

小米薄荷瀏覽器URL欺騙漏洞(CVE-2019-10875)的安全修復被繞過
https://nosec.org/home/detail/2463.html

華為禍不單行 手機爆炸致用戶重傷
https://www.ntdtv.com/b5/2019/04/10/a102553090.html

Galaxy S10 指紋不止未完善,還被揭存嚴重保安漏洞
https://qooah.com/2019/04/07/samsung-galaxy-s10-fingerprint-hacked/

超聲波指紋辨識很安全?3分鐘不到破解Galaxy S10
https://udn.com/news/story/7098/3743860

由駭客開發、為駭客設計的手機 WiPhone ,不但能土砲客製還能當開發板使用
http://bit.ly/2IoCmv3

印度法院認為抖音「鼓勵色情內容」要求政府禁止下載
https://bit.ly/2OOUa3H

日本推動商用5G 電信商拒用中國設備
https://ec.ltn.com.tw/article/breakingnews/2755425

警告勿使用Tw3lve 越獄!完全來自複製unc0ver 代碼的工具
https://mrmad.com.tw/tw3lve-jailbreak-fake

Google Play 商店出現針對兒童客群的血腥暴力遊戲,評級機制出現漏洞
https://www.kocpc.com.tw/archives/252817

Google將讓Android 7以上手機當2FA安全金鑰
https://www.ithome.com.tw/news/129915

中共官方大肆整改網路 下架逾三萬款app
http://bit.ly/2G7A8gL

WordPress iOS App Bug Leaked Secret Access Tokens to Third-Party Sites
https://bit.ly/2OQG7dM

Vulnerability found in Xiaomi phones' pre-installed security app
https://www.zdnet.com/article/vulnerability-found-in-xiaomi-phones-pre-installed-security-app/#ftag=RSSbaffb68

Xiaomi URL spoofing w/ SSL vulnerability or, CVE-2019-10875 - Was it intentionally kept in the global versions by Xiaomi
https://bit.ly/2UAhCqx

Unpatched Flaw in Xiaomi's Built-in Browser App Lets Hackers Spoof URLs
https://bit.ly/2uMlgyX

Hackers Could Turn Pre-Installed Antivirus App on Xiaomi Phones Into Malware
https://bit.ly/2uQ9B2q

Google transforms Android phones into security keys
https://www.zdnet.com/article/google-transforms-android-phones-into-security-keys/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
機捷等車!月台螢幕跳出「這代Windows圖示」他驚呆 鄉民反推:這才好用
https://www.ettoday.net/news/20190406/1416327.htm

職場環境惡劣,「資深」程式設計師該如何延長職業壽命
https://www.techbang.com/posts/69225-how-can-older-programmers-extend-their-career-life-when-the-workplace-environment-is-harsh

IDC機房客戶遭駭客攻擊 中華電信緊急修復
https://taronews.tw/2019/04/09/305940/

IDC機房客戶遭駭客攻擊 中華電緊急修復
https://udn.com/news/story/7240/3746695

D-Link路由又被黑了?這回駭客利用的是它
http://big5.pconline.com.cn/b5/security.pconline.com.cn/1247/12470316.html

英情報機構:華為安全技術"太糟糕"
https://bit.ly/2v1v8W1

華爲電腦後門曝光 「外交家」呼籲審查微信
https://www.ntdtv.com/b5/2019/04/07/a102550937.html

Matebook 很不安全!微軟抓到華為系統漏洞,在筆電裝「後門」
https://www.limitlessiq.com/news/post/view/id/9139/

Bruce Schneier:萬物都是電腦,所有事也都變成了資安事
https://www.ithome.com.tw/news/129804

SMTP不夠安全,Gmail開始採用MTA-STS標準以驗證連線
https://www.ithome.com.tw/news/129925

資安高手有戰績 薪資容易談
https://news.ltn.com.tw/news/weeklybiz/paper/1279928

65% 製造環境,還在使用過時作業系統
https://blog.trendmicro.com.tw/?p=60162

駭客濫用Google平臺鎖定路由器展開DNS攻擊
https://www.ithome.com.tw/news/129819

駭侵組織鎖定 D-Link、TOTOLINK 等家用路由器進行 DNS 劫持
https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=903

臺灣大型組織破千臺主機紅隊演練細節首次大公開
https://www.ithome.com.tw/news/129815

趨勢科技研究顯示 65% 製造環境仍在使用過時作業系統
https://n.yam.com/Article/20190408735558

微軟發布年度資安回顧報告,提醒臺灣偷渡式下載攻擊在亞太最嚴重
https://www.ithome.com.tw/news/129806

思科:臉書暗藏由74個社團與38萬名成員組成的網路犯罪市集
https://www.ithome.com.tw/news/129820

Hiding in Plain Sight
https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html

迎戰中國資訊戰攻擊 李忠憲推荐「他」當台灣隊一線指揮官
https://news.ltn.com.tw/news/politics/breakingnews/2751574

香港保安局局長李家超:心急立法設窺淫罪堵塞漏洞
http://bit.ly/2UusjeY

俄國二讀爭議法案 政府得以切斷國外伺服器
https://www.taiwannews.com.tw/ch/news/3678675

日本海事協會發表網路資安方法
https://www.chinatimes.com/realtimenews/20190406002245-260410?chdtv

英國政府:資料駭侵造成的企業損失,兩年來增加 41%
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=832

北約「堅鎖之盾」網路實戰演習 模擬對抗網攻、假訊息
https://www.ydn.com.tw/News/331505

北約網路實戰演習 模擬網路攻擊及騷動訊息處理
https://bit.ly/2Itrxrt

俄駭客瞄準歐盟大選
https://bit.ly/2IjTfXN

美採用監聽法 搜集華為違法證據
https://bit.ly/2OPQQ8c

英國政府擬要求網站平臺負責移除有害內容,違者將處以天價罰金
https://www.ithome.com.tw/news/129858?fbclid=IwAR2CtVN_htyOfkZ9P8TXa9S2gvlDUHPFB8RQaC7boYZScmuhIzT0rzuDE7E

德國最大藥商拜耳遭駭 點名中共駭客
http://www.ntdtv.com.tw/b5/20190405/video/243106.html

美國政府要抓「維基解密」創辦人!阿桑奇政治庇護被撤銷、遭英國警方逮捕
http://bit.ly/2uWV5pA

美議員:中國發動網路攻擊 竊取美國政府人事資料
https://ec.ltn.com.tw/article/breakingnews/2756353

巴基斯坦監視系統遭安裝華為wi-fi模組 引發資安憂慮
https://bit.ly/2Gas3sX

巴基斯坦閉路電視系統藏華為WiFi組件 揭發後已遭移除
http://bit.ly/2UwqEpl

巴基斯坦政府網站遭駭客植入按鍵記錄軟體
https://blog.twnic.net.tw/2019/04/10/3255/

荷蘭情報局:勿採用頻繁進行駭客攻擊的國家技術 例如中國和俄羅斯
https://lihkg.com/thread/1096651/page/1

MIT、哈佛都在這裡 美國波士頓成為中國間諜重要活動目標
https://www.cmmedia.com.tw/home/articles/15062

中共首次承認自己是「匪類」
https://bit.ly/2OVS8Pm

中共對台資訊戰 朝野議論台灣防制策略
https://bit.ly/2D0fkac

中國透過舊勢力控制媒體網路 洗腦台灣
https://www.cna.com.tw/news/aipl/201904070097.aspx

「他們要讓民主國家更分裂!」七國集團會商防範俄羅斯與中國 日本:北京就曾利用網路干預台灣選舉
https://www.storm.mg/article/1148364

看過來!中國收購粉專、收買網紅 有這幾招可以防堵
https://m.ltn.com.tw/news/politics/breakingnews/2751858

中國網軍入侵! 大肆出價收購台粉絲專頁 人力銀行徵小編 月薪達5萬須"支持統一"
https://www.ttv.com.tw/news/view/10804060019100N/579

中國5G戰略 五角大廈:離不開中共背景
https://bit.ly/2D09c1E

FBI criticized for delaying breach notifications, including insufficient details
https://www.zdnet.com/article/fbi-criticized-for-delaying-breach-notifications-including-insufficient-details/#ftag=RSSbaffb68

Scary Bug in Burp Suite Upstream Proxy Allows Hackers to Hack Hackers
https://bit.ly/2D4V9I8

E-commerce JavaScript Sniffer Attacks Proliferate: Report
https://www.bankinfosecurity.com/e-commerce-javascript-sniffer-attacks-proliferate-report-a-12350

PayPal, Netflix, Gmail, and Uber users among targets in new wave of DNS hijacking attacks
https://bit.ly/2KpUzeq

Cyber Threat alert for Canada October Elections
https://www.cybersecurity-insiders.com/cyber-threat-alert-for-canada-october-elections/

Cybercrime market selling full digital fingerprints of over 60,000 users
https://www.zdnet.com/article/cybercrime-market-selling-full-digital-fingerprints-of-over-60000-users/#ftag=RSSbaffb68

Mailgun hacked part of massive attack on WordPress sites
https://www.zdnet.com/article/mailgun-hacked-part-of-massive-attack-on-wordpress-sites/#ftag=RSSbaffb68

Google Chrome engineers want to block some HTTP file downloads
https://www.zdnet.com/article/google-chrome-engineers-want-to-block-some-http-file-downloads/#ftag=RSSbaffb68

Huawei's surveillance system in Serbia threatens citizens' rights, watchdog warns
https://www.zdnet.com/article/huaweis-surveillance-system-in-serbia-threatens-citizens-rights-watchdog-warns/#ftag=RSSbaffb68

Women in Cybersecurity: A Progress Report
https://www.bankinfosecurity.com/interviews/women-in-cybersecurity-progress-report-i-4288

Dark Patterns: How Weaponized Usability Hurts Users
https://www.bankinfosecurity.com/dark-patterns-how-weaponized-usability-hurts-users-a-12364

WikiLeaks Founder Julian Assange Arrested After Ecuador Withdraws Asylum
http://bit.ly/2UwSP7v

Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password
http://bit.ly/2Z6PoTO

Online security 101: How to protect your privacy from hackers, spies, and the government
https://www.zdnet.com/article/online-security-101-how-to-protect-your-privacy-from-hackers-spies-and-the-government/#ftag=RSSbaffb68

Kaspersky: US security software ban just 'makes cybercriminals happy'
https://www.zdnet.com/article/kaspersky-us-security-software-ban-just-makes-cybercriminals-happy/#ftag=RSSbaffb68

Revealing the Dark Web: How to Leverage Technologies to Alert and Block Dark Web Access
https://www.bankinfosecurity.com/webinars/revealing-dark-web-how-to-leverage-technologies-to-alert-block-dark-w-1960

資安工程師
https://www.104.com.tw/job/?jobno=6kont

軟體工程師
https://www.104.com.tw/job/?jobno=21r8s&jobsource=freshman2009

(約聘)工程師【新竹】
https://www.104.com.tw/job/?jobno=6kp1n

資安工程師 (歡迎應屆畢業生)
https://www.104.com.tw/job/?jobno=6kr1p

LINE暑期實習計劃本月啟動 5月將招募50位開發工程師
https://udn.com/news/story/7240/3744921

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
假訊息像恐怖主義 學者提「資訊戰」佈署
http://www.ntdtv.com.tw/b5/20190408/video/243229.html

網路釣魚利用瀏覽器擴充套件SingleFile 複製合法網站, 避免被偵測
https://blog.trendmicro.com.tw/?p=60137

【網路釣魚 】「Soula」偽造搜尋引擎登入畫面,針對韓國網站發動水坑攻擊,竊取帳密
https://blog.trendmicro.com.tw/?p=60088

你的資料不是你的資料:如何在資訊世界求生存?數位青年談網路治理
https://www.thenewslens.com/article/115148

湖北一公職人員洩露公民信息5萬餘條,非法獲利23萬餘元
http://t.cn/E6LVdGI

政府打擊假新聞 藍立委抨排除異己
https://money.udn.com/money/story/7307/3745573

中國企業 3 個月外洩 5.9 億份履歷,資安與隱私問題堪慮
https://technews.tw/2019/04/08/chinese-companies-have-leaked-over-590-million-resumes/

用幾千台假iPhone換真機 兩學生騙蘋果600萬被起訴
https://news.sina.com.tw/article/20190406/30810390.html

假刷卡真套現!預借現金又跑銀樓 銀行舉黃牌
https://tw.appledaily.com/new/realtime/20190409/1547467/

7百萬Indane LPG用戶和分銷商數據息洩露
http://t.cn/E6LVd5A

國安及資安假新聞 應以法律規範
https://m.ltn.com.tw/news/life/paper/1279846

臺灣已是連續六年遭受假消息攻擊最嚴重的國家
https://www.ithome.com.tw/news/129922

厄瓜多總統個資外流怪罪維基解密 阿桑奇可能被趕出大使館
https://www.storm.mg/article/1143537

北京某銀行客戶經理私改客戶網銀密碼侵占資金2330萬元被抓
http://www.sohu.com/a/306489690_639898

思科最新報告:駭客組織在臉書兜售消費者個資
https://bit.ly/2TWqJxu

美俄亥俄州消防局:電力公司不接受比特幣付款,居民需警惕相關騙局
https://news.sina.com.tw/article/20190410/30857284.html

台灣詐騙無所不在 連投資都騙 專家教防騙三招
https://www.setn.com/News.aspx?NewsID=524765

母親節詐騙活動開跑了
https://blog.trendmicro.com.tw/?p=60190

賽門鐵克:近七成飯店網站洩露住客個資
https://www.ithome.com.tw/news/129917

愛上陽光渣男慘被騙229萬元 她還被元配狠嗆「去告啊!」
https://www.ettoday.net/news/20190411/1419791.htm

信用卡詐騙成金融詐騙案主體
http://money.people.com.cn/BIG5/n1/2019/0410/c42877-31021913.html

媽媽報警抓「內鬼」 犯人竟然是兒子
https://bit.ly/2KrYVl6

美聯邦機構破獲保險詐騙案 涉案金額達12億美元
http://dailynews.sina.com/bg/international/chinanews/2019-04-09/doc-iwtzzspp1149796.shtml

齊保網涉詐騙:瞄準保險業務員3000多人被騙2000多萬
http://finance.sina.com/bg/economy/economy_company/sinacn/2019-04-10/doc-ivkrakue2456475.shtml

中文詐騙電話捲土重來 FBI發警告 受騙者多為亞裔 其中許多受害者是學生或來自中國的客座教授
http://www.epochtimes.com/b5/19/4/11/n11178564.htm

LINE/臉書留言就抽MacBook是詐騙
https://www.chinatimes.com/realtimenews/20190409003234-260412?chdtv

雅虎達數據外洩和解協議 賠逾9億
http://bit.ly/2GlLtLH

武漢警方查處45個電信網路詐騙窩點 581人落網
https://news.sina.com.tw/article/20190411/30884484.html

WhatsApp驗證碼騙案升13倍 男子失43萬
https://hk.news.appledaily.com/local/daily/article/20190409/20652097

25%的網釣郵件可以躲過Office 365內建的安全機制
https://www.ithome.com.tw/news/129921

逾5.4億筆臉書用戶紀錄在AWS上曝光
https://www.ithome.com.tw/news/129798

540 Million Facebook User Records Found On Unprotected Amazon Servers
https://bit.ly/2OUhTj2

Cyber News Rundown: Massive Data Breach at Georgia Tech
https://www.webroot.com/blog/2019/04/05/cyber-news-rundown-massive-data-breach-at-georgia-tech/

Why Singapore's 'Fake News' Bill Should Be Enacted
https://www.bankinfosecurity.asia/blogs/singapores-fake-news-bill-should-be-enacted-p-2735

Attacking Phishing With SOAR
https://www.bankinfosecurity.com/attacking-phishing-soar-a-12353

Yahoo data breach settlement effort reaches $117.5 million
https://www.zdnet.com/article/yahoo-data-breach-settlement-effort-reaches-117-5-million/#ftag=RSSbaffb68

Yahoo Takes Second Swing at Data Breach Settlement
https://www.bankinfosecurity.com/yahoo-takes-second-swing-at-data-breach-settlement-a-12363

Ahead of Election, Facebook Takes More Steps to Curb Fake News
https://www.bankinfosecurity.asia/ahead-election-facebook-takes-more-steps-to-curb-fake-news-a-12370

E.研究報告
個案分析-網頁置換攻擊事件分析報告_10803
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019032804031111927055681912994.pdf

XanXSS – 一款XSS自動檢測工具
http://t.cn/E6LVd77

Pyrit – The Famous WPA Precomputed Cracker
http://t.cn/E6LVdzm

Pe-afl:一款支持對Windows二進製程序的afl fuzz工具
http://t.cn/E6L7Hxj

主流瀏覽器阻止點擊跟踪隱私風險的措施
http://t.cn/E6LVdf3

PCILeech:動態內存分析與指紋提取工具使用與介紹
http://t.cn/E6LVdJV

雲安全- 子域名takeover漏洞原理分析與防禦(以微軟為例)
https://xz.aliyun.com/t/4673

Ruby on Rails路徑穿越與任意文件讀取漏洞分析(CVE-2019-5418)
http://www.sohu.com/a/306334931_354899?sec=wd

如何挖掘RPC漏洞
https://www.anquanke.com/post/id/176034

QT漏洞的詳細介紹:CVE-2019-1636與CVE-2019-6739
https://xz.aliyun.com/t/4677

VBScript引擎堆溢出远程代码执行漏洞分析(CVE-2019-0666)
https://www.4hou.com/vulnerable/17250.html

CVE-2019-2444漏洞利用及相關攻擊鏈介紹
https://www.anquanke.com/post/id/176093

Confluence未授權RCE(CVE-2019-3396)漏洞分析
https://paper.seebug.org/884/

CVE-2019-0211:Apache HTTP服務組件提權漏洞分析
https://paper.seebug.org/885/

Atlassian Confluence 遠程代碼執行漏洞分析
https://paper.tuisec.win/detail/cee074d9a50bba7

Ghidra插件研發系列教程1
http://t.cn/E6LVdMn

Researcher Reveals Multiple Flaws in Verizon Fios Routers — PoC Released
https://bit.ly/2P3ZRuz

NSA Releases GHIDRA Source Code — Free Reverse Engineering Tool
https://bit.ly/2TYxJcY

hlldz/APC-PPID
https://github.com/hlldz/APC-PPID

mirroredmind/Rev_shell_creator
https://bit.ly/2FWLVhK

SecureThisShit/WinPwn
https://github.com/SecureThisShit/WinPwn?fbclid=IwAR2ZIXapnrt-YJcvFOeKEPwtav2u7WDTBhE3Yatzs4jYfX3G7kR7ynroaQU

CISOfy/lynis
https://github.com/CISOfy/lynis/?fbclid=IwAR3Qun17CRAYaukuRRCUt8dS-Sf9fWoAQ6r8-WZKk1iyhkQMWFe_t6Dk-vk

Interception: Dissecting BokBot’s “Man in the Browser”
https://bit.ly/2WQXAWd

Digging into BokBot’s Core Module
https://bit.ly/2YWfdFU

Reversing the Rachio Smart Sprinkler Controller
https://bit.ly/2VwudIs

Mimikatz in the Wild: Bypassing Signature-Based Detections Using the “AK47 of Cyber”
https://www.crowdstrike.com/blog/credential-theft-mimikatz-techniques/

CB TAU Threat Intelligence Notification: Hunting APT28 Downloaders
https://www.carbonblack.com/2019/04/05/cb-threat-intelligence-notification-hunting-apt28-downloaders/

RETURN TO SENDER: A TECHNICAL ANALYSIS OF A PAYPAL PHISHING SCAM
https://www.sentinelone.com/blog/technical-analysis-paypal-phishing-scam/

使用自定義PE 格式的惡意軟件分析funky_malware_formats_TheSAS2019_slides.pdf
https://drive.google.com/file/d/1k758QQLHxgIynCYhWfnizk8k7emZk_h8/view?usp=drivesdk

Dragonblood - 對WPA3 的SAE 握手流程的安全性分析(Paper)
https://papers.mathyvanhoef.com/dragonblood.pdf

Microsoft 對利用WinRar CVE-2018-20250 目錄穿越漏洞的針對性攻擊分析
https://www.microsoft.com/security/blog/2019/04/10/analysis-of-a-targeted-attack-exploiting-the-winrar-cve-2018-20250-vulnerability/

利用WMI 事件訂閱進行持久化的攻擊方式介紹與檢測
https://paper.seebug.org/886/

FireEye 對攻擊工控設備等基礎設施的TRITON 攻擊活動的詳細分析
http://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html

研究人員在調查GOSSIPGIR 的過程中再次發現了FLAME 的踪跡並對此做了跟踪分析
https://storage.googleapis.com/chronicle-research/Flame%202.0%20Risen%20from%20the%20Ashes.pdf

F.商業
強化邊緣運算資安設計 宜鼎國際建構高安全AIoT系統
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=45&cat2=10&id=0000557026_Z6O1E2J2177QNY7PB2LAB

升級 Windows 10 黃金時刻,快速增加資安防護與 IT 生產力
https://www.inside.com.tw/article/16064-the-golden-time-of-upgrading-to-windows-10

眾至郵件SandStorm防護機制 降低惡意程式滲透攻擊
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000557269_tth1ijh97x1vmk891vqd8

The Linux desktop is in trouble
https://www.zdnet.com/article/the-linux-desktop-is-in-trouble/#ftag=RSSbaffb68

Google announces fully-managed service on GCP for Microsoft SQL Server workloads
https://www.zdnet.com/article/google-announces-fully-managed-service-on-gcp-for-microsoft-sql-server-workloads/#ftag=RSSbaffb68

Gmail becomes first major email provider to support MTA-STS and TLS Reporting
https://www.zdnet.com/article/gmail-becomes-first-major-email-provider-to-support-mta-sts-and-tls-reporting/#ftag=RSSbaffb68

Google brings Cloud Security Command Center into GA, adds new services
https://www.zdnet.com/article/google-brings-cloud-security-command-center-into-ga-adds-new-services/#ftag=RSSbaffb68

Confluent, Fivetran announce deep Google Cloud integration
https://www.zdnet.com/article/confluent-fivetran-announce-google-cloud-availability/#ftag=RSSbaffb68

Google brings Assistant to G Suite
https://www.zdnet.com/article/google-brings-assistant-to-g-suite/#ftag=RSSbaffb68

Microsoft publishes SECCON framework for securing Windows 10
https://www.zdnet.com/article/microsoft-publishes-seccon-framework-for-securing-windows-10/#ftag=RSSbaffb68

SAP Ariba Live event summary: Digital transformation in procurement
https://www.zdnet.com/article/sap-ariba-live-event-summary-digital-transformation-in-procurement/#ftag=RSSbaffb68

Carlyle Group, Schneider Electric form AlphaStruxture to ramp smart infrastructure deployments
https://www.zdnet.com/article/carlyle-group-schneider-electric-form-alphastruxture-to-ramp-smart-infrastructure-deployments/#ftag=RSSbaffb68

G.政府
台灣數位部長:「西方國家警醒了是件好事」
https://bit.ly/2I28k0B

公務機關禁中國資通訊產品 本週公布
https://m.ltn.com.tw/news/focus/paper/1280129

科技部拜會德國經濟能源部 強化工業4.0合作
https://bit.ly/2Ul4whA

防洗錢 金管會盯上虛擬貨幣業者
https://udn.com/news/story/7239/3742374?fbclid=IwAR0S0P1Kb2oqD9UvmPkCegkAiVRxRimN3scroUufVzxpE8RR24xYqqJugEE

虛擬貨幣納管 月底敲定範圍
https://udn.com/news/story/7239/3742375?from=udn-catelistnews_ch2

約有200人參與STO公聽會!金管會主委顧立雄:請大家發言盡量簡短
http://bit.ly/2Ieorse

提高使用雲端發票誘因 財部擬增小額獎項
https://bit.ly/2uU9tia

設安富金融工程研究中心 清大用FinTech助金融轉型
https://bit.ly/2G6pYOz

[歡迎報名,共同防護物聯網資安] 4/10 10:00 IOT-ISAC平台服務啟動
https://www.communications.org.tw/news/policy/item/9167-0410.html

物聯網資安防護評估機制及IoT-ISAC平台正式上線
https://money.udn.com/money/story/5635/3747602

高雄國稅局嚴格執行資安稽核,保護納稅義務人個資安全
https://www.ntbk.gov.tw/etwmain/web/ETW118W/CON/934/8121117899283650753

新北公車Wi-Fi用華為設備 侯友宜:將了解使用狀況
https://news.ltn.com.tw/news/life/breakingnews/2752899

新北公車Wi-Fi用華為設備 資安出包
https://bit.ly/2YVgi0Z

公車免費WIFI竟使用華為設備 資訊安全恐出現漏洞
https://m.ltn.com.tw/news/politics/breakingnews/2752696

新北公車Wi-Fi用華為設備 恐藏「後門」危資安
https://m.ltn.com.tw/news/focus/paper/1280220

新北市公車用華為網卡有資安疑慮?業者出面回應了
https://newtalk.tw/news/view/2019-04-09/230887

公車免費WIFI竟使用華為設備 資訊安全恐出現漏洞
http://bit.ly/2InF3wS

通勤注意!公車免費WIFI竟是華為設備 你我個資恐外洩
https://www.setn.com/News.aspx?NewsID=524040

指南客運:考慮更換華為網卡
https://ec.ltn.com.tw/article/paper/1280446

【新北客運 Wifi 設備來自華為】被踢爆用中國資安大盜,客運業者:沒人反映資訊外洩
https://buzzorange.com/2019/04/11/huawei-and-new-taipei-city-wifi-trap/

新北公車WiFi用華為網卡報資安疑慮 林佳龍下令各運輸全面徹查
https://tw.appledaily.com/new/realtime/20190410/1548078/

會議談話頻外流 柯文哲找市刑大入府秘搜竊聽器
https://www.ettoday.net/news/20190411/1419996.htm

國家級資安長揭露施政方針,持續強化整體資安與推動產業自主
https://www.ithome.com.tw/article/129424

新版數位身分證 可擴充性、資安受關注
https://news.pts.org.tw/article/428672

H.SCADA/ICS/工控系統
趨勢科技推出工業機械資安解決方案 有效提升智慧工廠安全防護
https://bit.ly/2Ik9WSK

趨勢攜夥伴成立工業物聯網公司 秀新資安解決方案
https://udn.com/news/story/7240/3744696

趨勢科技、Moxa合資成立TXOne Networks,預先展示工業機械資安解決方案
https://bit.ly/2X1ErBf

Delta Industrial Automation TPEditor越界寫入漏洞
http://www.deltaww.com/Products/PluginWebUserControl/downloadCenterCounter.aspx?DID=4536&DocPath=1&hl=en-US

工業互聯網安全應急響應中心:關於Advantech WebAccess多個漏洞的情況通報
https://www.secrss.com/articles/9684

Siemens 多個產品漏洞威脅預警通告
http://copyfuture.com/blogs-details/3ac427e0c4ac6326dff4ef4c1382049b

Schneider Electric launches EcoStruxture IT Advisor for data center monitoring, analytics
https://www.zdnet.com/article/schneider-electric-launches-ecostruxture-it-advisor-for-data-center-monitoring-analytics/#ftag=RSSbaffb68

Triton hackers return with new, covert industrial attack
https://www.zdnet.com/article/triton-hackers-return-with-new-industrial-attack/#ftag=RSSbaffb68

I.教育訓練
Hashcat Tutorial – Rule Writing
https://laconicwolf.com/2019/03/29/hashcat-tutorial-rule-writing/

Termux Hacks Guide [2019] : Tutorial, Commands List, Tools, Apk, Uses, Packages
https://bit.ly/2WQLnAR

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
慎防自駕車系統駭客 美國大學研究防禦措施
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&cat3=50&id=0000556799_p8i8e4u58aay84l29pof3

強化邊緣運算資安設計 如何建構高安全AIoT系統
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=100&id=0000557323_4sk49wtq1evz5j4fghiq2

連網汽車飽受威脅 趨勢科技推出車聯網入侵防護系統
https://bit.ly/2G6FCcE

汽車MOBI聯盟推廣區塊鏈平台 加速實現跨製造商自駕數據共享
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=35&id=0000557409_vsd51daulrzhp8ljw7jjl

海康威視在杭州舉行第二屆AI Cloud生態大會
https://n.yam.com/Article/20190408891384

Raspberry Pi accessories to take your single-board projects to the next level
https://www.zdnet.com/pictures/raspberry-pi-accessories-to-take-your-single-board-projects-to-the-next-level/#ftag=RSSbaffb68

6.近期資安活動及研討會
 【課程】大數據爬蟲技術實作,使用Python實作網路爬蟲,快速有效獲取大量資料,打造自動化金融數據平台  4/13
 https://www.techbang.com/posts/58613-course-python-crawler-technology-implementation

 對不起駭到你  4/13
 https://tfc.kktix.cc/events/hacking-you-sorry?locale=en

 2019 ICANN APAC-TWNIC Engagement forum  4/16~4/17
 https://forum.twnic.tw/

 Industrial Control Systems (ICS) Cyber Security Conference  APAC  April 16-18, 2019
 https://www.icscybersecurityconference.com/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, April 17, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzgbwb/

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術與談發表會 4/18
 https://www.accupass.com/event/1904020622403023353630

 網站弱點評估實務  4/18
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3830&from_course_list_url=homepage

 資策會「網路媒體公關經營實務班」課程,善用新媒體策略擴散您的品牌! 4/18
 http://www.iiiedu.org.tw/ites/MPR.htm

 國立交通大學 亥客書院 - 緩衝區溢位攻擊與預防 新竹  4/20
 https://hackercollege.nctu.edu.tw/?p=1052

 資安健診  4/25
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3834&from_course_list_url=homepage

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安健診  5/9
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3827&from_course_list_url=homepage

 國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
 https://hackercollege.nctu.edu.tw/?p=1054

  iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
 https://cloudsummit.ithome.com.tw/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/

 網路封包分析實務  5/16
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3831&from_course_list_url=homepage

 源碼檢測實作  5/23
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3835&from_course_list_url=homepage

 第二十九屆全國資訊安全會議  5/23  ~ 5/24
 https://cisc2019.cs.pu.edu.tw/index.php

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…

6月份資安、社群活動分享

6月份資安、社群活動分享

 學生資安新手村 相關活動整理  淡江大學場  工作坊  6/1(六) 10:00 - 16:00
 https://forms.gle/aBgGfLUYcvJh7hzk9

 學生資安新手村 相關活動整理  高雄科技大學場 06/02(日) 08:30~18:00
 https://nkust-itc.kktix.cc/events/security-beginner-workshop

 資安新手村-網站照妖鏡 SITCON x NKUST_CSIE & ITC  6/2
 https://nkust-itc.kktix.cc/events/security-beginner-workshop

 PyTorch Tainan x CCNS 聚會 #23  6/2
 https://pytorch-tainan.kktix.cc/events/2019-06-02-m23?fbclid=IwAR1s_n_piEyMN0e8NMHk-jjP97-1mjqI-favSKBAdxAglQ3j1aN17_fMmbk

 【課程】Raspberry Pi 相機 x OpenCV 進階應用:攝影拍照、人臉偵測、影像處理與實作 6/2
 https://www.techbang.com/posts/69830-course-raspberry-pi-camera-x-opencv-photo-photography-face-detection-image-processing-and-application

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 TW BECKS No.2 6/3
 https://becks.kktix.cc/events/20190603

 軟體安全性測試實務 6/3 ~ 6/4
 https://www.accupass.com/event/1904230701335964656400