跳到主要內容

資安事件新聞週報 2019/4/29 ~ 2019/5/3

資安事件新聞週報  2019/4/29  ~  2019/5/3

1.重大弱點漏洞
Symantec 產品多個漏洞
https://www.auscert.org.au/bulletins/79594

Fortinet FortiManager 洩露敏感資料漏洞
https://www.auscert.org.au/bulletins/79762

思科修補Nexus 9000網路交換器重大漏洞
https://www.ithome.com.tw/news/130397

New Exploits for Unsecure SAP Systems
https://www.us-cert.gov/ncas/alerts/AA19-122A

九成SAP用戶權限沒關好!13年前問題設定恐讓駭客任意存取App
https://www.ithome.com.tw/news/122772

Memcached 阻斷攻擊漏洞
https://github.com/memcached/memcached/wiki/ReleaseNotes1514

CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting
https://www.exploit-db.com/exploits/46784

思科產品多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/05/01/Cisco-Releases-Security-Updates

D-Link camera vulnerability allows attackers to tap into the video stream
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/

Netgear DGN2200 / DGND3700 - Admin Password Disclosure
https://www.exploit-db.com/exploits/46764

Dell laptops and computers vulnerable to remote hijacks
https://www.zdnet.com/article/dell-laptops-and-computers-vulnerable-to-remote-hijacks/#ftag=RSSbaffb68

Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking
http://bit.ly/2J1Wt3p

Dell電腦內建支援軟體含有遠端攻擊漏洞
https://www.ithome.com.tw/news/130381

DSA-2019-051: Dell SupportAssist Client Multiple Vulnerabilities
https://www.dell.com/support/article/tw/zh/twbsd1/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en

Dell Remote Code Execution Demo
https://www.youtube.com/watch?time_continue=28&v=0cTfnZ04jgQ

Oracle WebLogic Server傳零時差漏洞,已遭開採植入勒索軟體、挖礦程式
https://www.ithome.com.tw/news/130363

Oracle WebLogic Server 存在反序列化弱點,可能導致遠端執行任意程式碼
https://www.us-cert.gov/ncas/current-activity/2019/04/26/Oracle-Releases-Security-Alert

Recent Oracle WebLogic zero-day used to infect servers with ransomware
https://www.zdnet.com/article/recent-oracle-weblogic-zero-day-used-to-infect-servers-with-ransomware/#ftag=RSSbaffb68

Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware
http://bit.ly/2vzaRHv

PHP的imap_open函式存在安全漏洞(CVE-2018-19518)
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1099

IBM WebSphere Application Server拒絕服務漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4046

IBM Sterling B2B Integrator信息洩露漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10880595

IBM Sterling B2B Integrator跨站腳本漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10880591

IBM Content Navigator跨站腳本漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10869046

Xiaomi Mi 5s gyroscope 安全漏洞 CVE-2018-20823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20823

OPPO F5 安全漏洞  CVE-2018-14996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14996

'Highly Critical' Unpatched Zero-Day Flaw Discovered In Oracle WebLogic
http://bit.ly/2XQMTna

Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension
http://bit.ly/2voN64D

ISC BIND 阻斷攻擊漏洞
https://www.us-cert.gov/ncas/current-activity/2019/04/25/ICS-Releases-BIND-Security-Updates

clientResponse Responsive PHP Client Management Stored XSS Injection
https://www.anquanke.com/vul/id/1585153

微軟在1月安全更新中修復了一個Windows系統中DHCP Client服務的漏洞
https://www.thezdi.com/blog/2019/4/25/cve-2019-0726-an-rce-vulnerability-in-the-windows-10-dhcp-client

Microsoft rolls out a new Windows 10 20H1 test build with broader dictation support
https://zd.net/2ZKVNEv

dhcpcd 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11579

Apple prepares fix for crippling App Store bug
https://www.zdnet.com/article/apple-prepares-fix-for-crippling-app-store-bug/#ftag=RSSbaffb68

60 percent of enterprise codebases contain open-source vulnerabilities
https://www.zdnet.com/article/60-percent-of-codebases-contain-open-source-vulnerabilities/#ftag=RSSbaffb68

美國土安全部將官方機構修補重大漏洞的期限從30天縮短成15天
https://www.ithome.com.tw/news/130357

DHS gives agencies 15-day deadline to patch security flaws
https://www.zdnet.com/article/dhs-gives-agencies-15-day-deadline-to-patch-security-flaws/#ftag=RSSbaffb68

DHS Orders Federal Agencies to Patch Critical Flaws Within 15 Days
http://bit.ly/2PPi6EF

DHS: Federal Agencies Need to Patch Vulnerabilities Faster
https://www.bankinfosecurity.com/dhs-federal-agencies-need-to-patch-vulnerabilities-faster-a-12439

WANCOM BY PASS LOGIN AND UPLOAD SHELL
https://www.anquanke.com/vul/id/1590146

Spring Cloud Config 2.1.x Path Traversal
https://www.anquanke.com/vul/id/1590142

Malware: The Evolution of Exploits and Defenses
https://www.bankinfosecurity.com/interviews/malware-evolution-exploits-defenses-i-4310

Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)
https://www.exploit-db.com/exploits/46785

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
金融科技創新園區9家廠商加入 企業實驗室首波六大主題
https://www.nownews.com/news/20190426/3347310/

FIN7為來自東歐的駭客集團,金融後門Carbanak原始碼於VirusTotal上存在近兩年而未被發現
https://www.insoler.com/forum/topic/15561595373263.htm

俄儲蓄銀行列出網絡犯罪三大趨勢
http://big5.sputniknews.cn/society/201904281028331184/

設證交所?澳門金管局:研究中
http://bit.ly/2Vwh45G

香港金管局與證監會就場外衍生工具監管制度發表聯合諮詢文件
http://www.aastocks.com/tc/stocks/news/aafn-news/NOW.938288/2

新加坡金融管理局(MAS)更新電子支付用戶保護指引
http://bit.ly/2PLZxBf

全球最大 FinTech 金礦在東南亞!73% 居民沒有銀行帳戶反成「最大優勢」
https://www.limitlessiq.com/news/post/view/id/9345/

八大行庫延時營業 下半年喊卡
https://www.chinatimes.com/newspapers/20190429000424-260110?chdtv

中國大陸山東省地方金融監管局:濟南一網路科技公司偽造公文、印章
https://news.sina.com.tw/article/20190427/31096024.html

中銀香港籲客戶警惕偽冒短訊及手機銀行登入版面
http://www.aastocks.com/tc/stocks/news/aafn-news/NOW.938574/2

有關香港上海滙豐銀行有限公司的偽冒電郵
https://www.hkma.gov.hk/chi/key-information/press-releases/2019/20190429-3.shtml

彭雪芬:5/1起辭新光金董事、兒子也會辭新產董事
https://money.udn.com/money/story/5613/3783744

LINE純網銀金融團隊出爐 北富銀持股最多 另3家各5%
http://www.irnsor.com/article/RUtORUhvTk1mb2M9

純網銀資安 樂天教戰
http://bit.ly/2UTd8HS

日本樂天結合台灣AI,教戰純網銀資安
http://bit.ly/2LkUt8l

75%詐騙案在手機平台發生 樂天純網銀資安專家教你預防
https://money.udn.com/money/story/5613/3790346

6家壽險聯手「電子保單存摺」 省下紙本每年可建5座大安森林公園
https://www.ettoday.net/news/20190429/1433403.htm

農會系統連線 存提款更方便
http://bit.ly/2V2pli4

農會金融系統 八德區農會辦公大樓整修 提供優質洽公環境
https://tyenews.com/2019/04/15095/

年號改元出包 銀行ATM時光倒流
https://tw.news.appledaily.com/new/realtime/20190429/1558401/

日本ATM變「時光機」 存款回到1989年5月7日
https://hk.news.appledaily.com/international/realtime/article/20190501/59550125

臺灣保險區塊鏈平臺測試環境啟用,6家壽險5月開始試用2大主流區塊鏈
http://bit.ly/2Y0O8QR

賀鳴珩:證券商查聯徵資料有助風險管控 無關台股動能
https://money.udn.com/money/story/5607/3786068

證交所增修ETF、ETN注意規定
https://money.udn.com/money/story/5607/3785220

擴大銀行、保險業對外開放 中國擬推出12條新措施
https://ec.ltn.com.tw/article/breakingnews/2775962

國泰世華銀行儲值支付帳戶餘額提領通知
https://www.cathaybk.com.tw/cathaybk/personal/news/announcement/2019/0430-1announceinfo/

報稅倒數!注意海外所得銀行會通報
https://money.udn.com/money/story/6710/3785298

香港金融業現罕見招聘熱潮 虛擬銀行爭奪人才
http://finance.sina.com/bg/usstock/usstock_news/sinacn/2019-04-29/doc-ifzhtqix8913941.shtml

中國大陸銀保監會今年擬修訂或制定31部規章:網路小貸管理辦法在列
https://news.sina.com.tw/article/20190430/31135666.html

銀行防監守自盜 破解5大犯罪手法
https://m.ctee.com.tw/livenews/aj/a91617002019050116073483

日研發智能櫃員機 可防長者受騙匯款
http://paper.wenweipo.com/2019/05/02/GJ1905020013.htm

全球最大 FinTech 金礦在東南亞!73% 居民沒有銀行帳戶反成「最大優勢」
http://bit.ly/2Lk2LNx

中共3家銀行犯案 美國勒令:必須交出帳目
https://www.ntdtv.com/b5/2019/05/02/a102569145.html

英強制銀行培訓 去年阻350人受騙
http://paper.wenweipo.com/2019/05/02/GJ1905020011.htm

美銀行獲授權 阻長者墮騙案
http://paper.wenweipo.com/2019/05/02/GJ1905020007.htm

美國司法部以「銀行詐欺」起訴 Bitfinex 的影子銀行
https://www.blocktempo.com/two-charged-with-running-shadow-banking-service-for-crypto-exchanges/

保險公司以“網路戰”為由拒絕為網路攻擊理賠
https://www.itread01.com/hklxlcy.html

數位存款戶衝150萬戶
https://money.udn.com/money/story/5613/3790557

波特蘭ATM「掃描器」詐騙金額超1萬元
http://www.epochtimes.com/b5/19/5/2/n11228323.htm

ATM機裝讀卡器套取資料 警破假卡集團
http://bit.ly/2vxzGDC

警方稱假卡集團看準櫃員機使用磁帶卡漏洞
https://news.now.com/home/local/player?newsId=346704

傳統銀行五招 反制數位威脅
https://money.udn.com/money/story/5599/3788303

Brazil ushers in open banking model
https://www.zdnet.com/article/brazil-ushers-in-open-banking-model/#ftag=RSSbaffb68

NovaLoader, yet another Brazilian banking malware family
https://www.zscaler.com/blogs/research/novaloader-yet-another-brazilian-banking-malware-family

RBI Proposes 'Regulatory Sandbox' Approach to Testing FinTech
http://bit.ly/2PyS5Jz

GCHQ To Work With Banks To Thwart Fraud, Cyber Attacks
http://blog.extremehacking.org/blog/2019/04/26/gchq-to-work-with-banks-to-thwart-fraud-cyber-attacks/

Protection from a Cyber Exploit With the Power to Burn Financial Statements
https://www.onapsis.com/10kblaze

聯邦108年銀行行員徵才 大招420名行員
http://bit.ly/2ZN3SIL

台灣中小企業銀行招考
http://bit.ly/2Y16xwG

3.電子支付/電子票證/行動支付/ 新聞及資安
一季度第三方支付收39張罰單 罰沒金額同比增9倍
https://news.sina.com.tw/article/20190426/31079352.html

解除6個月限制!LINE Points 5/8起全面改為「一般點數」
https://money.udn.com/money/story/5613/3785785

想怎麼付款都可以!繼Apple Pay後eBay也導入Google Pay
http://bit.ly/2Vc87PH

國人交易仍習慣現金、信用卡 行動支付僅4.8%
https://www.financialhy.com.tw/?p=11582

台灣Pay繳稅目標頻上調 行庫叫苦
https://ec.ltn.com.tw/article/paper/1285645

大鬆綁 電支帳戶可繳保費
https://udn.com/news/story/7239/3790559

電子支付系統被不法分子盜用 專家建議四招保護
http://bit.ly/2PKXpt7

個人綜所稅開徵 8種繳稅管道 行動支付綁定信用卡也行
https://www.nownews.com/news/20190503/3359311/

金管會大開放 街口、LINE一卡通也能繳保費
https://www.ettoday.net/news/20190503/1436233.htm

5.虛擬貨幣/區塊鍊   新聞及資安
亞洲風險投資公司遭遇新的加密貨幣漏洞攻擊
https://0xzx.com/20190427032849062.html

駭客取得數萬個銀行帳戶資料後,勒索銀行支付100萬美元的瑞波幣
https://0nion.com/article/81643

證券型代幣規範將出爐!法界人士:台灣需要更開放的環境
http://bit.ly/2DAiVfq

虛幣平台Paxful主攻非洲 活躍度僅次美國 日均成交1.7萬宗
https://startupbeat.hkej.com/?p=72551

現存最快區塊鏈上線!DEXON要改變區塊鏈生態系
https://m.ctee.com.tw/livenews/kj/a06659002019042515315780

對加密貨幣更友善?法國新加密法授予區塊鏈企業開設銀行帳戶的權利
http://bit.ly/2ZIHctl

風光不再?穩定幣「Tether」穩定性遭疑 影響加密貨幣大跌
http://bit.ly/2UQ5lKx

伊朗第一台比特幣ATM,在德黑蘭首度亮相
http://news.knowing.asia/news/b58bb4d2-7801-487c-9fef-a41fa9ca2bea

DigiFinex與支付公司Simplex達成合作,支持用戶使用信用卡購買加密貨幣
https://www.bishijie.com/kuaixun_279714

駭客利用假更新盜走Electrum錢包中的比特幣,演變成DDoS大戰
https://www.ithome.com.tw/news/130354

台灣交易所 BitoPro 遭駭客攻擊,損失恐為 700 萬顆瑞波幣,價值 6,300 萬以上
https://www.blocktempo.com/taiwan-exchange-bitopro-got-hacked-xrp-lost/

駭客利用假更新盜走Electrum錢包中的比特幣,演變成DDoS大戰
https://ithome.com.tw/news/130354

加拿大五大主要銀行採用區塊鏈技術驗證客戶身份
https://www.tuoluocaijing.com.tw/kuaixun/detail-61556.html

亞馬遜推出託管區塊鏈服務 要讓一般企業組織輕鬆打造區塊鏈
https://news.cnyes.com/news/id/4311863

非法挪用資金爭議未歇 Bitfinex 擬下周啟動 IEO 或私募融資 10 億美元
https://news.cnyes.com/news/id/4312102

微軟 Outlook 現漏洞 導致用戶加密貨幣遭駭客竊取
https://blockcast.it/2019/05/02/microsoft-outlook-cryptocurrency-email-account/

平台出現XRP異常交易!幣託(BitoPro)祭出六項處理方案
http://bit.ly/2VBmSLf

國小學歷男臉書誆比特幣交易 投資客、工程師遭騙439萬
https://www.ettoday.net/news/20190502/1435744.htm

FB據報正構建以加密貨幣為基礎的支付系統
https://news.now.com/home/finance/player?newsId=346641

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / APT
威脅台企業惡意軟體 挖礦軟體仍居首
https://ec.ltn.com.tw/article/breakingnews/2773768

警惕“俠盜”團伙利用新型漏洞傳播GandCrab勒索“藍屏”變種
https://www.4hou.com/typ/17741.html

資安防護!日防衛省將編制、持有「國家級反擊病毒」
https://newtalk.tw/news/view/2019-04-30/240216

鎖定SAP的惡意程式被公開,90萬家企業用戶曝險機率大增
https://www.ithome.com.tw/news/130393?fbclid=IwAR034l8FBJbWgvZFP4A5sWNCCUNhFNUOoxqJESCyHs9-CCeXaYl0nMPuf9M

全球防毒軟體大會 13歲小駭客當場駭無人機
http://bit.ly/2Wa6D4G

電腦病毒再進化,能簒改電腦斷層掃描結果並誤導醫師判斷
https://technews.tw/2019/05/01/computer-virus-alters-cancer-scan-images/

金融後門Carbanak原始碼於VirusTotal上存在近兩年而未被發現
https://www.ithome.com.tw/news/130202

扒一扒CARBANAK的源代碼,看它們是如何巧妙構思並運行的
https://www.4hou.com/reverse/17598.html

挖礦蠕蟲「Beapy」對亞洲企業造成嚴重威脅
https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=904

勒索病毒襲擊美政府辦公室,迫使氣象頻道斷線
https://blog.trendmicro.com.tw/?p=60530

趨勢科技MDR(託管式偵測及回應服務)發現Emotet散播的Nozelesn勒索病毒載入程式
https://blog.trendmicro.com.tw/?p=60147

彭博爆料:歐電信龍頭2009年就發現華為設備藏漏洞
https://udn.com/news/story/6811/3785729

意電訊商揭華為設備存後門程式
http://www.orangenews.hk/finance/system/2019/04/30/010115619.shtml

Huawei denies existence of ‘backdoors’ in Vodafone networking equipment
https://zd.net/2V5j3hY

華為發聲明否認有關其軟體中有隱藏「後門」的報導
https://news.sina.com.tw/article/20190502/31148874.html

Vodafone, Huawei Dispute Report of Telnet 'Backdoor'
https://www.bankinfosecurity.com/vodafone-huawei-dispute-report-telnet-backdoor-a-12435

LockerGoga 勒索軟件家族在定向攻擊中被使用,來自McAfee Labs的分析
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/lockergoga-ransomware-family-used-in-targeted-attacks/

很多家庭使用的盜版視頻播放硬件Kodi box存在打包惡意軟件的行為
https://threatpost.com/kodi_box_malware/144191/

最新性勒索計劃要求以比特幣現金付款
https://blog.trendmicro.com.tw/?p=60532

Trojanized TeamViewer Attacks Reveal Mutating Malware
https://www.bankinfosecurity.com/trojanized-teamviewer-attacks-reveal-mutating-malware-a-12423

TA505 Group Hides Malware in Legitimate Certificates
https://www.bankinfosecurity.in/ta505-group-hides-malware-in-legitimate-certificates-a-12417

Emotet Malware’s New Evasion Technique Lets Hacked Device Used as Proxy command and control (C&C) servers
https://gbhackers.com/emotet-malwares-evasion-technique/

CARBANAK Week Part One: A Rare Occurrence
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html

CARBANAK Week Part Two: Continuing the CARBANAK Source Code Analysis
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-two-continuing-source-code-analysis.html

CARBANAK Week Part Three: Behind the CARBANAK Backdoor
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-three-behind-the-backdoor.html

CARBANAK Week Part Four: The CARBANAK Desktop Video Player
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-four-desktop-video-player.html

Rapidly Growing Electrum Botnet Infects Over 152,000 Users; Steals $4.6 Million
http://bit.ly/2V3s6zQ

Electrum DDoS botnet reaches 152,000 infected hosts
https://blog.malwarebytes.com/cybercrime/2019/04/electrum-ddos-botnet-reaches-152000-infected-hosts/

MuddyWater APT Hones an Arsenal of Custom Tools
https://threatpost.com/muddywater-apt-custom-tools/144193/

Cleveland Airport Suffers Ransomware Attack
https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/cleveland-airport-attack-update/

Buhtrap backdoor and ransomware distributed via major advertising platform
https://www.welivesecurity.com/2019/04/30/buhtrap-backdoor-ransomware-advertising-platform/

AESDDoS Botnet Malware Exploits CVE-2019-3396 to Perform Remote Code Execution, DDoS Attacks,
and Cryptocurrency Mining
http://bit.ly/2PHZmqj

Windows Server hosting provider still down a week after ransomware attack
https://www.zdnet.com/article/windows-server-hosting-provider-still-down-a-week-after-ransomware-attack/#ftag=RSSbaffb68

Mysterious hacker has been selling Windows 0-days to APT groups for three years
https://www.zdnet.com/article/mysterious-hacker-has-been-selling-windows-0-days-to-apt-groups-for-three-years/#ftag=RSSbaffb68

Ransomware attack on Telangana and Andhra Pradesh power utilities
https://www.cybersecurity-insiders.com/ransomware-attack-on-telangana-and-andhra-pradesh-power-utilities/

Energy Firm Systems Hit by DDoS Attack
https://www.isssource.com/energy-firm-systems-hit-by-ddos-attack/

Malvertising campaign targeting accountants distributes six different malware families
https://cyware.com/news/malvertising-campaign-targeting-accountants-distributes-six-different-malware-families-9c31dd31

B.行動安全 / iPhone / Android /穿戴裝置 /App
「台電e櫃檯」App獲資安聯盟認證 再推用電分析新功能
https://udn.com/news/story/7240/3781416

劇情反轉?Apple解釋下架第三方競品App原因:侵犯隱私
http://bit.ly/2J1gIgH

因廣告欺詐及濫用權限,百度子公司數十款應用被Google Play封殺
https://paper.tuisec.win/detail/2d7122ddb64a4fe

來自中國開發商DO Global的程式,因涉廣告詐騙遭Google下架
https://www.ithome.com.tw/news/130276

Google 封鎖 Play Store 最大的 Android App 開發商
https://3c.ltn.com.tw/news/36596

疑親中又分享用戶資訊!Play商店最大App開發商被 Google下架了
http://bit.ly/2Vz7Vch

App Store移除開發商的手機控制App惹議,蘋果:基於隱私與安全
https://www.ithome.com.tw/news/130313

蘋果下架控管軟體 旨在降低資安風險
https://udn.com/news/story/6811/3786085

部分家長監控 App 被下架惹爭議 Apple 指為保障私隱安全
http://bit.ly/2vtbPoz

你有麥當勞App嗎?小心帳戶被黑了
http://bit.ly/2PBVRS8

智慧型手機資安認證服務
http://www.ttida.org.tw/zh_TW/products-details/no/1556247372001

App檢測通過名錄
https://mas.org.tw/app_cert_list.php

聯合國最新統計:全球手機總數突破 80 億,正式超越人類總人口數
https://buzzorange.com/techorange/2019/04/30/cellphones-outnumber-the-population/

行動應用App基本資安認證制度推廣說明會
http://www.tca.org.tw/exhibit_info1.php?n=1070

微信中文敏感詞 網安專家:逾800個
http://bit.ly/2VzYkCj

儘管多起資安風暴,華為首季手機銷量反增 50%
https://buzzorange.com/techorange/2019/05/02/huawei-cellphone-boosts/

拚轉型!臉書F8開發者大會 推暗戀功能
http://bit.ly/2DWqxJB

手機 App 資安黑洞!讓蝦皮和 YouTube 讀你的簡訊和通訊錄,你也按下「同意」了嗎
http://bit.ly/2J1Wt3p

常用手機登錄網銀或行動支付,這 10 件事千萬別做
https://blog.trendmicro.com.tw/?p=59987

Google bans apps developed by Chinese company Baidu
https://www.cybersecurity-insiders.com/google-bans-apps-developed-by-chinese-company-baidu/

C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
QR Code截圖重複入站 偽造車票當心觸法
http://bit.ly/2ZQuLeL

蔡晶晶:人是安全的核心 網路世界的守護者越來越多
https://news.sina.com.tw/article/20190429/31115396.html

蔡玉光:網路安全是人與人的較量 攻防思維的博弈
https://news.sina.com.tw/article/20190429/31115406.html

吳謝宇持多張身份證背後:網路暗藏黑色產業鏈
https://news.sina.com.tw/article/20190426/31089730.html

資安危機將主宰政治走向!國民該注意的 4 大國家級風險有哪些
https://buzzorange.com/techorange/2019/04/30/2019-cyber-attack-prediction/

Palo Alto Networks與GoDaddy移除1.5萬個涉及詐騙的子網域
https://www.ithome.com.tw/news/130294

網站延遲上線、功能及安全問題,赫茲要求Accenture退錢並求償數百萬美元
https://www.ithome.com.tw/news/130278

擅資安管理 警官換跑道一把罩
https://udn.com/news/story/7586/3781488

GitHub遭駭客濫用以代管網釣套件
http://bit.ly/2L8bulP

面對網路資訊戰的法治策略
https://talk.ltn.com.tw/article/paper/1284822

擊敗5連霸北京清華!台清大團隊ASC19奪冠評審讚堪稱完美
https://www.ettoday.net/news/20190427/1431699.htm

林雨蒼:台灣面臨新型態資訊戰,不僅是「網軍」那麼簡單
https://theinitium.com/article/20190429-opinion-taiwan-information-warfare/

羅明才狂護航華為 她用一張圖狠打臉
http://bit.ly/2ULPFrX

中共干預台灣選舉 專家:轉混合戰略需審慎應對
http://www.ntdtv.com.tw/b5/20190430/video/244746.html

人權團體最新報告 中國大陸新疆全面監控合法日常行為
https://money.udn.com/money/story/5599/3789787

中國大陸新疆合法日常行為 也遭全面監控
http://www.ksnews.com.tw/index.php/news/contents_page/0001262907

人權組織揭新疆監控大平台 36種「可疑行為」恐入教育營
http://bit.ly/2J9hyIc

中國身份證高級監控不敵黑市簡單買賣
http://bit.ly/2PwO5ZQ

中國間諜活動令美國深感威脅
https://on.wsj.com/2ULFWSn

中共偷用美衛星 佈「軍警天網」
https://www.secretchina.com/news/b5/2019/04/27/891831.html?code=b5

中國北京「凈網行動」第一季破案兩千餘起侵犯個人信息高發
https://news.sina.com.tw/article/20190428/31108588.html

利用DNA技術 學者疑成中共迫害幫凶
http://bit.ly/2VcGHsH

中國人臉識別技術背後 引發國際爭議
http://bit.ly/2GSxSM4

中國狠招! 招募美公民當間諜
https://news.ltn.com.tw/news/world/breakingnews/2773186

美情報會議曝中共間諜新趨勢:黑客竊美公民資料再招募
https://www.ntdtv.com/b5/2019/04/28/a102566576.html

美國CIA開設IG帳號 首貼照暗藏玄機
http://bit.ly/2GPXjhh

美國資安首長警告英國允許使用華為5G設備將帶來風險
http://bit.ly/2DDVW35

美陸軍嘗試兵棋推演納AI 最快2020年上線
https://www.ydn.com.tw/News/334072

美情治網再現漏洞 前中情局雇員坦承洩密中國
https://www.taiwannews.com.tw/ch/news/3692838

防堵「深偽」影片干預美國2020大選 科技攻防戰開跑
https://tw.news.appledaily.com/new/realtime/20190427/1557713/

遭首相解僱 英國防大臣否認洩密
http://www.epochtimes.com/b5/19/5/1/n11227379.htm

蒲亭簽新法 構築俄國版「網路長城」
https://www.ydn.com.tw/News/334743

趨勢科技核心技術部資深協理張裕敏︰ 中國「水軍」傳播戰 破壞人民對政府信任
https://ec.ltn.com.tw/article/paper/1284880

哪種職業有前途?澳大利亞:網路安全是熱門
https://news.sina.com.tw/article/20190429/31119106.html

Mimikatz: “The AK47 of Cyber Attacks”
https://cyware.com/news/mimikatz-the-ak47-of-cyber-attacks-740bddac

Security Officials Were ‘Stunned’ by the Sophistication of the Sri Lanka Attack
http://bit.ly/2PBaJAe

WPA-3 Dragonfly: Out of the Frying Pan, and into the Fire
http://bit.ly/2vrMVpu

NHS offers Singapore advice on healthcare security
https://www.zdnet.com/article/nhs-offers-singapore-advice-on-healthcare-security/#ftag=RSSbaffb68

Wipro Attack: The Latest Developments
https://www.bankinfosecurity.in/wipro-attack-latest-developments-a-12413

Dawn of the Terrorbit Era - DDoS Attack Size Explodes Worldwide
https://www.bankinfosecurity.com/webinars/live-webinar-dawn-terrorbit-era-ddos-attack-size-explodes-worldwide-w-1980

Huawei's Role in 5G Networks: A Matter of Trust
https://www.bankinfosecurity.com/huaweis-role-in-5g-networks-matter-trust-a-12427

Cartoon Network websites hacked to show Arabic memes and Brazilian male strippers
https://zd.net/2vEn0uV

Dark web crime markets targeted by recurring DDoS attacks
https://www.zdnet.com/article/dark-web-crime-markets-targeted-by-recurring-ddos-attacks/#ftag=RSSbaffb68

Australia's New Infosec Regulation: A Compliance Challenge
https://www.bankinfosecurity.com/australias-new-infosec-regulation-compliance-challenge-a-12430

WikiLeaks' Julian Assange Sentenced to 50 Weeks in UK Jail
http://bit.ly/2LkEEOO

NSA surveillance of foreign nationals surges
https://www.zdnet.com/article/nsa-surveillance-of-foreign-nationals-surges/#ftag=RSSbaffb68

Hackers lurked in Citrix systems for six months
https://www.zdnet.com/article/hackers-lurked-in-citrix-systems-for-six-months/#ftag=RSSbaffb68

Citrix Hackers Camped in Tech Giant's Network for 6 Months
https://www.bankinfosecurity.com/citrix-hackers-camped-in-tech-giants-network-for-6-months-a-12436

UK Defence Secretary sacked over Huawei 5G plan leak
https://www.zdnet.com/article/uk-defence-secretary-sacked-over-huawei-5g-plan-leak/#ftag=RSSbaffb68

5 Cyberattacks That You Would Miss Without AI
https://www.bankinfosecurity.com/webinars/5-cyberattacks-that-you-would-miss-without-ai-w-1988

Two-Thirds of SMBs Have Experienced a Cyberattack. Here Are 4 Ways to Protect Your Business
https://www.smallbizdaily.com/two-thirds-of-smbs-have-experienced-a-cyberattack/

The Interview: Talking Brokers, BIBA & Cyber Attacks with Mike Smart at BAE Systems
https://insurance-edge.net/2019/05/02/the-interview-talking-brokers-biba-cyber-attacks-with-mike-smart-at-bae-systems/

China uses biometrics and digital scanning 'data doors' to track Muslim minority
https://www.zdnet.com/article/china-uses-biometrics-and-digital-scanning-data-doors-to-track-muslim-minority/#ftag=RSSbaffb68

Law enforcement seizes dark web market after moderator leaks backend credentials
https://www.zdnet.com/article/law-enforcement-seizes-dark-web-market-after-moderator-leaks-backend-credentials/#ftag=RSSbaffb68

資安工程師(資安防禦)
https://www.104.com.tw/job/?jobno=6lbnm

資安工程師(資安監控調查)
https://www.104.com.tw/job/?jobno=6lbnn

合庫證券徵才 5/6截止報名
https://money.udn.com/money/story/5636/3782380

網路工程師
https://www.cakeresume.com/companies/msig-mingtai/jobs/network-engineer-4d4511

資安管理人員
https://www.cakeresume.com/companies/msig-mingtai/jobs/security-manager

私人銀行Treasury系統程式設計師
https://www.cakeresume.com/companies/ctbc-bank-co-ltd/jobs/private-bank-treasury-system-designer

資訊_稽核人員
https://www.104.com.tw/job/?jobno=5dxlb&jobsource=freshman2009

個金/信用卡系統分析師
https://www.cakeresume.com/companies/ctbc-bank-co-ltd/jobs/gold-credit-card-system-analyst

資安工程師
https://www.cakeresume.com/companies/jetstartech/jobs/security-engineer-7eebc6

資訊安全工程師(DLP)
https://www.cakeresume.com/companies/ctbc-bank-co-ltd/jobs/information-security-engineer-dlp

精誠徵求跨界人才 釋300個職缺
https://money.udn.com/money/story/5617/3784955

【IT】資安開發工程師 - 1800878
https://www.104.com.tw/job/?jobno=6ljk4

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
8千萬個美國家庭資料在公開伺服器上曝光
https://www.ithome.com.tw/news/130342

國際特赦香港分會疑遭國家級網絡攻擊 捐款者、會員資料或外洩
http://bit.ly/2J0v7cV

馬國交通部:已就VEP網站安全漏洞展開調查
https://www.zaobao.com.sg/znews/sea/story20190428-952091

負面消息頻傳 專家:札克伯格希望政府「監管臉書」
https://ec.ltn.com.tw/article/breakingnews/2771815

駭客新釣魚手法!網址列也不可信了嗎?談模糊的 Line of Death
http://bit.ly/2GPQoEy

報告:2018年澳洲人因加密貨幣詐騙損失至少610萬美元
https://news.sina.com.tw/article/20190429/31114432.html

傳遭中國普天惡意倒帳 盛達電業重磅回擊強調無涉嫌詐貸
https://www.chinatimes.com/realtimenews/20190429001181-260410?chdtv

教你辨識與避免詐騙 馬爾他金管局公布加密投資「防詐」指南
https://news.cnyes.com/news/id/4309976

銀行與警方積極合作 機警攔阻香港證券假投資真詐財
http://bit.ly/2WdtaO6

扮國安局長 騙婚詐540萬
https://m.ltn.com.tw/news/society/paper/1284840

針對國內華僑電騙黨扮荷移民局華海關行騙
https://hk.on.cc/hk/bkn/cnt/aeanews/20190428/bkn-20190428180018491-0428_00912_001.html

中國大陸河南警方重拳反詐,刑拘電信網路詐騙嫌疑人1300餘名
https://news.sina.com.tw/article/20190426/31084614.html

網路吸金逾億上萬人受害8年級幹部遭羈押再搜索7年級共犯
https://news.ltn.com.tw/news/society/breakingnews/2770332

駭客新釣魚手法!網址列也不可信了嗎?談模糊的 Line of Death
https://www.inside.com.tw/article/16247-line-of-death

移動端CHROME發現安全漏洞:可利用假地址欄發起釣魚攻擊
http://bit.ly/2Wh8kxo

行動版 Chrome 被發現可以透過假網址欄來進行釣魚攻擊
https://chinese.engadget.com/2019/04/29/chrome-exploit-uses-a-fake-address-bar-for-phishing-attacks/

偽造信用卡印錯字母 法拉盛5華裔詐騙被捕
https://udn.com/news/story/6813/3784947

刑事局首破韓國人來台架設賭網機房 累積賭金高達6億7000萬
https://m.ltn.com.tw/news/society/breakingnews/2775008

LINE資安長怎麼看數據公司的資料運用與隱私挑戰
https://0nion.com/article/87864

我遭假訊息攻擊全球第一 國安局:中國複製俄羅斯模式
https://news.ltn.com.tw/news/politics/breakingnews/2776407

警用電話爆漏洞 徐國勇:立即防堵並依法辦理
https://www.cna.com.tw/news/aipl/201905010029.aspx

警用電話後門大開/騙個資可判5年 個資遭洩可求償
https://news.ltn.com.tw/news/society/paper/1285373

保障用戶隱私 Google 再推定期自動刪除歷史搜尋、定位紀錄
https://www.inside.com.tw/article/16262-google-automatically-delete-data

Google Adds New Option to 'Auto-Delete' Your Location History and Activity Data
http://bit.ly/2GZVAWE

越南警方破獲大型網賭集團 逮捕台籍主嫌
https://money.udn.com/money/story/5599/3788827

詐騙手法翻新 EBT持卡人莫上當
http://bit.ly/2VwZQ8j

「薅羊毛」別薅成詐騙 如此套取信用卡積分屬違法
https://news.sina.com.tw/article/20190503/31154696.html

新型 BEC 變臉詐騙手法,竄改薪資自動轉帳路徑
https://blog.trendmicro.com.tw/?p=60424

瘋傳中油「加油券」,是詐騙!Line 詐騙難以分辨,不小心點了連結會怎樣
https://blog.trendmicro.com.tw/?p=60267

DJI 前員工洩露程式碼 判監半年罰款 20 萬人民幣
https://unwire.hk/2019/04/29/dji-source-code-leaked/life-tech/drone/

DJI employee who leaked source code sent behind bars
https://www.zdnet.com/article/dji-employee-who-leaked-source-code-awarded-prison-sentence/#ftag=RSSbaffb68

Docker Hub遭入侵,外洩19萬名用戶憑證
https://www.ithome.com.tw/news/130275

Docker Hub hack exposed data of 190,000 users
https://www.zdnet.com/article/docker-hub-hack-exposed-data-of-190000-users/#ftag=RSSbaffb68

Docker Hub Suffers a Data Breach, Asks Users to Reset Password
http://bit.ly/2UQHevo

Docker Hub Breach: It's Not the Numbers; It's the Reach
https://www.bankinfosecurity.com/docker-hub-breach-its-numbers-its-reach-a-12425

Police and NCSC to Breach Victims: We Won't Tell Regulators
https://www.bankinfosecurity.co.uk/police-ncsc-to-breach-victims-we-wont-tell-regulators-a-12421

New York, Canada, Ireland Launch New Investigations Into Facebook Privacy Breaches
http://bit.ly/2PEecOH

Could a New Law Help Curb Spread of Fake News
https://www.bankinfosecurity.asia/interviews/could-new-law-help-curb-spread-fake-news-i-4308

Facebook Could Be Fined Up To $5 Billion Over Privacy Violations
http://bit.ly/2Wagh7j

Unprotected Database Exposes Personal Info of 80 Million American Households
http://bit.ly/2DHc57S

Mystery Database Exposed Info on 80 Million US Households
https://www.bankinfosecurity.com/mystery-database-exposed-info-on-80-million-us-households-a-12432

Russian Charged in $1.5 Million Cyber Tax Fraud Scheme
https://www.bankinfosecurity.com/russian-charged-in-15-million-cyber-tax-fraud-scheme-a-12431

Researcher: JustDial Had New User Data Leak
https://www.bankinfosecurity.asia/researcher-justdial-had-new-user-data-leak-a-12429

BEC fraud losses almost doubled last year
https://www.welivesecurity.com/2019/04/25/bec-fraud-losses-doubled-2018/

Failed blackmail attempt prompts hackers to leak ocean of data belonging to major companies
https://www.zdnet.com/article/hackers-publish-516gb-of-data-belonging-to-some-of-the-largest-companies-worldwide/#ftag=RSSbaffb68

Eddie Bauer reaches $9.8 million settlement deal over leak of 1 million Veridian accounts
https://www.zdnet.com/article/9-8-million-settlement-reached-over-the-leak-of-1-million-veridian-credit-union-accounts/#ftag=RSSbaffb68

Social media phishing attacks up more than 70 percent
https://betanews.com/2019/05/02/social-media-phishing/

E.研究報告
挖洞經驗| 通過密碼重置功能構造HTTP Leak實現任意賬戶劫持
https://www.freebuf.com/vuls/200748.html

IoT設備資安防護指南
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019043009042727813385094478948.pdf

Symantec終端防護內核內存信息洩漏漏洞分析(CVE-2018-18366)
https://www.4hou.com/vulnerable/17699.html

內核漏洞挖掘技術系列(3)——bochspwn-reloaded(1)
https://xz.aliyun.com/t/4921

內核漏洞挖掘技術系列(3)——bochspwn-reloaded(2)
https://xz.aliyun.com/t/4932

Weblogic CVE-2019-2725分析報告
https://paper.tuisec.win/detail/4b113550fd87872

frizb/Bypassing-Web-Application-Firewalls
https://github.com/frizb/Bypassing-Web-Application-Firewalls

MYSQL_SQL_BYPASS_WIKI
https://github.com/aleenzz/MYSQL_SQL_BYPASS_WIKI

如何挖掘SAML (安全斷言標記語言)相關漏洞的方法論
https://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/

PowerDrive - PowerShell 惡意軟件的精確反混淆
https://arxiv.org/pdf/1904.10270.pdf

利用NSA Ghidra分析Shadow Hammer供應鏈攻擊樣本(Stage 1: Setup.exe)
https://www.youtube.com/watch?v=gI0nZR4z7_M

組合Osquery、Rsyslog、VirusTotal 等多個工具,檢測惡意下載行為
http://bit.ly/2V7f2t2

利用普通域權限賬號dump 域環境中所有的DNS 解析記錄
https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/

wls9-async反序列化遠程命令執行漏洞的PoC
https://github.com/jas502n/CNVD-C-2019-48814

GitLab 11.4.7 SSRF+CRLF 注入配合Redis 遠程執行代碼
https://github.com/jas502n/gitlab-SSRF-redis-RCE

海蓮花APT組織2019年第一季度針對中國的攻擊活動技術揭秘
https://www.freebuf.com/articles/network/201940.html

systemdMiner借雞下蛋,通過DDG傳播自身
https://blog.netlab.360.com/systemdminer-propagation-through-ddg/

Android 官方對Android Q 新引入的沙箱隔離存儲安全特性Scoped Storage 的介紹
https://goo.gl/ro9Q7h

微軟開源的利用Windows Host Compute Service (HCS)管理Windows容器的軟件
https://github.com/Microsoft/hcsshim

Windows 進程注入的方法總結
https://modexp.wordpress.com/2019/04/25/seven-window-injection-methods/

使用frida hook安卓系統調用ioctl,以dump Binder流量
https://bhamza.me/2019/04/24/Frida-Android-libbinder.html

FireEye對Carbanak後門的詳細技術分析
https://feye.io/2ULNQQu

使用Radare2逆向APT32樣本
https://research.checkpoint.com/deobfuscating-apt32-flow-graphs-with-cutter-and-radare2

針對Besder 網絡攝像頭的逆向分析和漏洞挖掘
http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.html

趨勢科技TrendLabs 對Apache Tomcat 遠程代碼執行漏洞(CVE-2019-0232)的分析
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/9AJRqs7sldE/

利用Rubyzip 攻擊Metasploit
https://blog.doyensec.com/2019/04/24/rubyzip-bug.html

Venator - SpecterOps開發的一款用於macOS  平台惡意軟件行為檢測的工具
http://bit.ly/2ZFf1eF

gnutls的代碼庫中新提交了一個支持證書驗證測試的Fuzzer,這個Fuzzer可以用於重現CVE-2019-3829漏洞
https://gitlab.com/gnutls/gnutls/commit/ad27713bef613e6c4600a0fb83ae48c6d390ff5b

攻擊組織TA505 近期利用LOLBINs 和ServHelper 攻擊大型金融企業,來自Cyber​​eason 的分析
https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware

APT34洩密武器分析報告
https://paper.tuisec.win/detail/8b11ecee4b21bca

要想加入紅隊,需要做好哪些準備
https://paper.tuisec.win/detail/9e6ae6dd5b17c2f

CVE-2018-8453內核漏洞分析
https://xz.aliyun.com/t/4938

利用web內徑圖譜來檢測EAR漏洞
https://xz.aliyun.com/t/4942

淺析Web應用安全如何防禦檢查應用漏洞
https://zhuanlan.zhihu.com/p/64131701

商用硬件Token設備軟件實現中的Envelope漏洞分析
https://www.4hou.com/vulnerable/17666.html

工程師技能大全:如何用 Python 寫出所有的演算法
http://bit.ly/2XZzf17

利用Chromium漏洞奪取CTF勝利:VitualBox虛擬機逃逸漏洞分析(CVE-2019-2446)
https://www.4hou.com/vulnerable/17764.html

Apache Tomcat遠程代碼執行漏洞
http://bit.ly/2vwm9Mu

Microsoft用戶帳戶漏洞允許駭客竊取加密貨幣
https://0xzx.com/20190430200752817.html

Microsoft Edge和IE瀏覽器同源策略繞過漏洞分析
https://www.freebuf.com/vuls/200131.html

SpringBoot 學習| raibaby Halo v0.4.3 漏洞分析
https://juejin.im/post/5cc84ce25188252ddf4bfe6f

CVE-2019-0726:Win10 DHCP客户端RCE漏洞
https://www.4hou.com/vulnerable/17758.html

LockerGoga勒索軟件家族分析
https://paper.tuisec.win/detail/d1ecadf3bc7359c

DLL injection - Developing a simple injector
http://bit.ly/2GMiIXr

Apache hooks up with GitHub
https://www.zdnet.com/article/apache-hooks-up-with-github/#ftag=RSSbaffb68

WebLogic CVE-2019-2647、CVE-2019-2648、CVE-2019-2649、CVE-2019-2650 XXE漏洞分析
https://paper.seebug.org/906/

Gaining Access to Card Data Using the Windows Domain to Bypass  Firewalls
http://bit.ly/2INZ2pj

XSS-Auditor — the protector of unprotected
https://medium.com/bugbountywriteup/xss-auditor-the-protector-of-unprotected-f900a5e15b7b

Remote Code Execution for Java Developers
https://medium.com/cisco-amp-technology/remote-code-execution-for-java-developers-84adb8e23652

How to Steal & Decrypt Passwords Stored in Chrome & Firefox Remotely
https://null-byte.wonderhowto.com/how-to/hacking-windows-10-steal-decrypt-passwords-stored-chrome-firefox-remotely-0183600/

How to Remotely Record & Listen to the Microphone of a Hacked Computer
https://null-byte.wonderhowto.com/how-to/hacking-windows-10-remotely-record-listen-microphone-hacked-computer-0183723/

F.商業
ImmuniWeb推出免費的網站安全和PCI DSS合規性測試
https://www.businesswirechina.com/hk/news/40439.html

Mozilla即將封鎖含有混淆程式碼的附加元件
https://www.ithome.com.tw/news/130398

快速精準辨識活體人臉 光明遠大讓機房安全大幅提升
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=50&cat2=10&id=0000558442_pan3sg2j5i4n7p1h594q9

Congress Asks Google 10 Questions On Its Location Tracking Database
http://bit.ly/2GSGDEL

Microsoft, Dell unveil new Azure-VMware integrations
https://www.zdnet.com/article/microsoft-dell-unveil-new-azure-vmware-integrations/#ftag=RSSbaffb68

Dell Technologies makes VMware linchpin of hybrid cloud, data center as a service, end user strategies
https://zd.net/2vtMYBe

Splunk aims to use augmented reality to monitor server racks, equipment to bring data to multiple screens
https://zd.net/2PGygjf

G.政府
唐鳳:資安防護,美需要台扮要角
https://m.ctee.com.tw/livenews/aj/a08614002019042711320417

台灣數碼政委與美官員討論守護選舉安全避免境外勢力操縱
https://www.voacantonese.com/a/taiwan-digital-minister-us-election-security-20190426/4893889.html

唐鳳訪華府:會面層級「超乎預期」
https://udn.com/news/story/6656/3779967

政院核定 王立群升任財金處長
https://www.chinatimes.com/realtimenews/20190429002242-260410?chdtv

資安即國安政策推動,關貿(6183)與法務部調查局簽署資安聯防合作協議
https://fnc.ebc.net.tw/FncNews/Content/78172

關貿網路與調局再續資安聯防合作
http://bit.ly/2PCWone

財政部旗下關貿網路將進軍醫療區塊鏈
https://www.chinatimes.com/realtimenews/20190429002218-260410?chdtv

北市稅處全國首家獲資安及個資國際標準四合一認證
http://www.wejapango.com/article/RXpSeldTd2JaSEk9

陸委會要查涉違法刊中國職缺人力銀行急改網頁
https://news.ltn.com.tw/news/politics/breakingnews/2770624

立院三讀 放寬藝文採購不受政府採購法限制
https://www.cna.com.tw/news/aipl/201904300189.aspx

唐鳳透露:政院擬推資安產品「白名單」
https://www.chinatimes.com/realtimenews/20190430001676-260407?chdtv

強化資安 唐鳳:政院研擬產品白名單
https://www.rti.org.tw/news/view/id/2019258

備戰大選資安? 政院擬推資安白名單
http://bit.ly/2XVNaFy

維護資安 唐鳳:政院研擬推薦白名單
https://www.cna.com.tw/news/aipl/201904300214.aspx

採購涉國安資安可限制廠商 政院擬另議白名單
https://news.pchome.com.tw/politics/pts/20190501/video-15566400008204608001.html

禁用陸製資通產品 殃及台廠
https://www.chinatimes.com/opinion/20190430004171-262101?chdtv

國防院成立週年 馮世寬細數成果
https://www.chinatimes.com/realtimenews/20190430001850-260407?chdtv

防「假外資真中資」在台投資《政府採購法》增訂國家安全採購限制辦法
http://bit.ly/2Wen9k8

採購法修正 國安採購可設防中條款
https://ec.ltn.com.tw/article/paper/1285428

打擊假消息遭質疑「言論箝制」 唐鳳:同時符合三個定義才算
https://www.storm.mg/article/1234262?srcid=73746f726d2e6d675f6e756c6c_1556671459

健全獨董制度 金管會要求設置公司治理主管
https://fnc.ebc.net.tw/FncNews/Content/78605

蔡政府的資安狂想
https://www.chinatimes.com/opinion/20190501002788-262103?chdtv

台灣遭受假訊息攻擊全球第一!國防部組反制小組因應
https://newtalk.tw/news/view/2019-05-01/240735

國安局:中國指導在台同路媒體帶風向
https://news.ltn.com.tw/news/focus/paper/1285632

金管會「十誡」 防理專舞弊
https://money.udn.com/money/story/5613/3788355

國網中心結合AI國家隊 打造高效節能的AI雲端機房
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=110&id=0000558690_gif7fft48s6e6h1suedpi

銀行員學英文 顧立雄:這筆錢可以報帳
http://bit.ly/2GWi7DV

立委推電支帳戶18歲可開戶顧立雄:卡關在法務部
https://money.udn.com/money/story/5613/3787591

開發App,請依「行政院及所屬各機關行動化服務發展作業原則」進行
http://inc.ntub.edu.tw/p/404-1011-69591.php?Lang=zh-tw

歷年來首次! 我國金管會當選IFIAR理事
https://www.ettoday.net/news/20190503/1436251.htm

H.SCADA/ICS/工控系統
Siemens SIMATIC S7-300存在信息泄露漏洞
http://www.cnvd.org.cn/flaw/show/CNVD-2019-10130

Industry 4.0 Brings Total Productive Maintenance into the Digital Age
http://bit.ly/2IZhuLa

Taking the Cyberattack Target Off Manufacturers' Backs
http://www.comspark.tech/comSpark/Taking-the-Cyberattack-Target-Off-Manufacturers-Backs/

I.教育訓練
一個台灣資安研究員的奇幻漂流
https://www.slideshare.net/slideshow/embed_code/key/B6bwk85SwxExfs

防微杜漸:使用Protected Port隔離網路主機
https://www.uuu.com.tw/Public/content/article/19/20190429.htm

大數據雲端資安實務契合式學分學程
http://www.csie.uch.edu.tw/zh_TW/courselink/groupcourse001/course11

A Crash Course in Everything Cryptographic
https://medium.com/@lduck11007/a-crash-course-in-everything-cryptographic-50daa0fda482

Learn Ethical Hacking With 180 Hours of Training — 2019 Online Course
http://bit.ly/2J0Qlr8

CompTIA Certification Training Courses — Avail Awesome 95% Discount
http://bit.ly/2UU6LUm

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
澳洲共享電動滑板車中招 黑客入侵播猥褻語音
http://bit.ly/2vu9KIQ

智慧醫院將在台灣興起!物聯網打破醫院圍牆,醫療服務深入患者生活
https://buzzorange.com/techorange/2019/04/30/digital-medication-trend/

iLnkP2P漏洞曝光,200萬台物聯網設備易被遠程入侵
https://zhuanlan.zhihu.com/p/64256304

AIoT 實現自駕車多元應用
http://bit.ly/2VCYSYc

國內某P2P軟體存在關鍵漏洞,200萬物聯網設備易受遠程入侵
https://read01.com/xmAgKKN.html

IoT裝置易遭駭 須強化軟硬體防護能力觀念
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=50&id=0000558406_72i5z666l83xvg7num2p6

2 Million IoT Devices Have P2P Software Flaw: Researcher
https://www.bankinfosecurity.com/2-million-iot-devices-have-p2p-software-flaw-researcher-a-12428

What keeps IoT executives up at night
https://www.zdnet.com/article/what-keeps-iot-executives-up-at-night/#ftag=RSSbaffb68

Over two million IoT devices vulnerable because of P2P component flaws
https://www.zdnet.com/article/over-two-million-iot-devices-vulnerable-because-of-p2p-component-flaws/#ftag=RSSbaffb68

工場における産業用IoT導入のためのセキュリティ ファーストステップ
https://www.jpcert.or.jp/ics/information06.html

産業用IoT導入のためのセキュリティファーストステップ英語版リリース
https://blogs.jpcert.or.jp/ja/2019/04/ICSR_2019-01.html

6.近期資安活動及研討會

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 TDOH-PIPE 北區聚 & 業界職涯分享講座 | 201905 5/5
 http://bit.ly/2PHfatC

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/1904170343547477698390

 HackingThursday 固定聚會 5/9
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbmb/

 國家高速網路與計算中心教育訓練-資安健診  5/9
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3827&from_course_list_url=homepage

 國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
 https://hackercollege.nctu.edu.tw/?p=1054

 行動應用App基本資安認證制度推廣說明會   5/13
 https://seminars.tca.org.tw/D15e02218.aspx

 AWS 機器學習戰鬥營 5/13
 https://email.awscloud.com/u5k900jZkO0tck00LrsTMo0

 AIS3 2019 新型態資安暑期課程 報名107 年 5 月 14 日上午 10 點至 107 年 5 月 27 日下午 6 點
 https://ais3.org/

  iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
 https://cloudsummit.ithome.com.tw/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/

 「SQL Server 2008 EOS」研討會 5/15
 https://cosa.kktix.cc/events/bb128a58

 HackingThursday 固定聚會  5/16
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbvb/

 國家高速網路與計算中心教育訓練-網路封包分析實務  5/16
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3831&from_course_list_url=homepage

 DevDays Asia 2019 @Taipei 亞太技術年會  2019/5/21-2019/5/23 | 9:00 AM - 5:00 PM
 https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x6811311abcd

 CDX2.0推廣活動  5/22
 https://nchc-cdx.kktix.cc/events/cdxactivity-0522

 工研院進修園地-樹莓派影像 5/22
 http://bit.ly/2Ld3QH3

 HackingThursday 固定聚會 5/23
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbfc/

 國家高速網路與計算中心教育訓練-源碼檢測實作  5/23
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3835&from_course_list_url=homepage

 第二十九屆全國資訊安全會議  5/23  ~ 5/24
 https://cisc2019.cs.pu.edu.tw/index.php

 Docker Birthday #5 - Taipei  5/25
 https://www.meetup.com/Docker-Taipei/events/248974949/

 OWASP TechDay Taiwan 2019  2019/05/28
 https://csa.kktix.cc/events/owasp0528

 HackingThursday 固定聚會 5/30
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbnc/

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 軟體安全性測試實務 6/3 ~ 6/4
 https://www.accupass.com/event/1904230701335964656400

 HackingThursday 固定聚會 6/6
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbjb/

 國家高速網路與計算中心教育訓練-源碼檢測實作 6/13
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3828&from_course_list_url=homepage

 HackingThursday 固定聚會  6/13
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbrb/

 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 HackingThursday 固定聚會 6/20
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbbc/

 國家高速網路與計算中心教育訓練-資安健診  6/20
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3832&from_course_list_url=homepage

 HackingThursday 固定聚會 6/27
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/

 HackingThursday 固定聚會 7/4
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/

 2019國際資訊安全組織台灣高峰會  7/9 ~ 7/11
 https://csa.kktix.cc/events/2019con

 工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
 https://www.accupass.com/event/1904080311551119077841

 HackingThursday 固定聚會 7/11
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/

 HackingThursday 固定聚會 7/18
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/

 HackingThursday 固定聚會 7/25
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/

 WEB應用滲透測試 8/21 ~ 8/23
 https://www.accupass.com/event/1904080221358963463590

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 TANET 2019 - 臺灣網際網路研討會  9/25
 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com


留言

這個網誌中的熱門文章

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…