資安事件新聞週報 2019/4/29 ~ 2019/5/3
1.重大弱點漏洞
Symantec 產品多個漏洞
https://www.auscert.org.au/bulletins/79594
Fortinet FortiManager 洩露敏感資料漏洞
https://www.auscert.org.au/bulletins/79762
思科修補Nexus 9000網路交換器重大漏洞
https://www.ithome.com.tw/news/130397
New Exploits for Unsecure SAP Systems
https://www.us-cert.gov/ncas/alerts/AA19-122A
九成SAP用戶權限沒關好!13年前問題設定恐讓駭客任意存取App
https://www.ithome.com.tw/news/122772
Memcached 阻斷攻擊漏洞
https://github.com/memcached/memcached/wiki/ReleaseNotes1514
CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting
https://www.exploit-db.com/exploits/46784
思科產品多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/05/01/Cisco-Releases-Security-Updates
D-Link camera vulnerability allows attackers to tap into the video stream
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
https://www.exploit-db.com/exploits/46764
Dell laptops and computers vulnerable to remote hijacks
https://www.zdnet.com/article/dell-laptops-and-computers-vulnerable-to-remote-hijacks/#ftag=RSSbaffb68
Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking
http://bit.ly/2J1Wt3p
Dell電腦內建支援軟體含有遠端攻擊漏洞
https://www.ithome.com.tw/news/130381
DSA-2019-051: Dell SupportAssist Client Multiple Vulnerabilities
https://www.dell.com/support/article/tw/zh/twbsd1/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en
Dell Remote Code Execution Demo
https://www.youtube.com/watch?time_continue=28&v=0cTfnZ04jgQ
Oracle WebLogic Server傳零時差漏洞,已遭開採植入勒索軟體、挖礦程式
https://www.ithome.com.tw/news/130363
Oracle WebLogic Server 存在反序列化弱點,可能導致遠端執行任意程式碼
https://www.us-cert.gov/ncas/current-activity/2019/04/26/Oracle-Releases-Security-Alert
Recent Oracle WebLogic zero-day used to infect servers with ransomware
https://www.zdnet.com/article/recent-oracle-weblogic-zero-day-used-to-infect-servers-with-ransomware/#ftag=RSSbaffb68
Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware
http://bit.ly/2vzaRHv
1.重大弱點漏洞
Symantec 產品多個漏洞
https://www.auscert.org.au/bulletins/79594
Fortinet FortiManager 洩露敏感資料漏洞
https://www.auscert.org.au/bulletins/79762
思科修補Nexus 9000網路交換器重大漏洞
https://www.ithome.com.tw/news/130397
New Exploits for Unsecure SAP Systems
https://www.us-cert.gov/ncas/alerts/AA19-122A
九成SAP用戶權限沒關好!13年前問題設定恐讓駭客任意存取App
https://www.ithome.com.tw/news/122772
Memcached 阻斷攻擊漏洞
https://github.com/memcached/memcached/wiki/ReleaseNotes1514
CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting
https://www.exploit-db.com/exploits/46784
思科產品多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/05/01/Cisco-Releases-Security-Updates
D-Link camera vulnerability allows attackers to tap into the video stream
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
https://www.exploit-db.com/exploits/46764
Dell laptops and computers vulnerable to remote hijacks
https://www.zdnet.com/article/dell-laptops-and-computers-vulnerable-to-remote-hijacks/#ftag=RSSbaffb68
Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking
http://bit.ly/2J1Wt3p
Dell電腦內建支援軟體含有遠端攻擊漏洞
https://www.ithome.com.tw/news/130381
DSA-2019-051: Dell SupportAssist Client Multiple Vulnerabilities
https://www.dell.com/support/article/tw/zh/twbsd1/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en
Dell Remote Code Execution Demo
https://www.youtube.com/watch?time_continue=28&v=0cTfnZ04jgQ
Oracle WebLogic Server傳零時差漏洞,已遭開採植入勒索軟體、挖礦程式
https://www.ithome.com.tw/news/130363
Oracle WebLogic Server 存在反序列化弱點,可能導致遠端執行任意程式碼
https://www.us-cert.gov/ncas/current-activity/2019/04/26/Oracle-Releases-Security-Alert
Recent Oracle WebLogic zero-day used to infect servers with ransomware
https://www.zdnet.com/article/recent-oracle-weblogic-zero-day-used-to-infect-servers-with-ransomware/#ftag=RSSbaffb68
Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware
http://bit.ly/2vzaRHv
PHP的imap_open函式存在安全漏洞(CVE-2018-19518)
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1099
IBM WebSphere Application Server拒絕服務漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4046
IBM Sterling B2B Integrator信息洩露漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10880595
IBM Sterling B2B Integrator跨站腳本漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10880591
IBM Content Navigator跨站腳本漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10869046
Xiaomi Mi 5s gyroscope 安全漏洞 CVE-2018-20823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20823
OPPO F5 安全漏洞 CVE-2018-14996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14996
'Highly Critical' Unpatched Zero-Day Flaw Discovered In Oracle WebLogic
http://bit.ly/2XQMTna
Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension
http://bit.ly/2voN64D
ISC BIND 阻斷攻擊漏洞
https://www.us-cert.gov/ncas/current-activity/2019/04/25/ICS-Releases-BIND-Security-Updates
clientResponse Responsive PHP Client Management Stored XSS Injection
https://www.anquanke.com/vul/id/1585153
微軟在1月安全更新中修復了一個Windows系統中DHCP Client服務的漏洞
https://www.thezdi.com/blog/2019/4/25/cve-2019-0726-an-rce-vulnerability-in-the-windows-10-dhcp-client
Microsoft rolls out a new Windows 10 20H1 test build with broader dictation support
https://zd.net/2ZKVNEv
dhcpcd 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11579
Apple prepares fix for crippling App Store bug
https://www.zdnet.com/article/apple-prepares-fix-for-crippling-app-store-bug/#ftag=RSSbaffb68
60 percent of enterprise codebases contain open-source vulnerabilities
https://www.zdnet.com/article/60-percent-of-codebases-contain-open-source-vulnerabilities/#ftag=RSSbaffb68
美國土安全部將官方機構修補重大漏洞的期限從30天縮短成15天
https://www.ithome.com.tw/news/130357
DHS gives agencies 15-day deadline to patch security flaws
https://www.zdnet.com/article/dhs-gives-agencies-15-day-deadline-to-patch-security-flaws/#ftag=RSSbaffb68
DHS Orders Federal Agencies to Patch Critical Flaws Within 15 Days
http://bit.ly/2PPi6EF
DHS: Federal Agencies Need to Patch Vulnerabilities Faster
https://www.bankinfosecurity.com/dhs-federal-agencies-need-to-patch-vulnerabilities-faster-a-12439
WANCOM BY PASS LOGIN AND UPLOAD SHELL
https://www.anquanke.com/vul/id/1590146
Spring Cloud Config 2.1.x Path Traversal
https://www.anquanke.com/vul/id/1590142
Malware: The Evolution of Exploits and Defenses
https://www.bankinfosecurity.com/interviews/malware-evolution-exploits-defenses-i-4310
Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)
https://www.exploit-db.com/exploits/46785
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
金融科技創新園區9家廠商加入 企業實驗室首波六大主題
https://www.nownews.com/news/20190426/3347310/
FIN7為來自東歐的駭客集團,金融後門Carbanak原始碼於VirusTotal上存在近兩年而未被發現
https://www.insoler.com/forum/topic/15561595373263.htm
俄儲蓄銀行列出網絡犯罪三大趨勢
http://big5.sputniknews.cn/society/201904281028331184/
設證交所?澳門金管局:研究中
http://bit.ly/2Vwh45G
香港金管局與證監會就場外衍生工具監管制度發表聯合諮詢文件
http://www.aastocks.com/tc/stocks/news/aafn-news/NOW.938288/2
新加坡金融管理局(MAS)更新電子支付用戶保護指引
http://bit.ly/2PLZxBf
全球最大 FinTech 金礦在東南亞!73% 居民沒有銀行帳戶反成「最大優勢」
https://www.limitlessiq.com/news/post/view/id/9345/
八大行庫延時營業 下半年喊卡
https://www.chinatimes.com/newspapers/20190429000424-260110?chdtv
中國大陸山東省地方金融監管局:濟南一網路科技公司偽造公文、印章
https://news.sina.com.tw/article/20190427/31096024.html
中銀香港籲客戶警惕偽冒短訊及手機銀行登入版面
http://www.aastocks.com/tc/stocks/news/aafn-news/NOW.938574/2
有關香港上海滙豐銀行有限公司的偽冒電郵
https://www.hkma.gov.hk/chi/key-information/press-releases/2019/20190429-3.shtml
彭雪芬:5/1起辭新光金董事、兒子也會辭新產董事
https://money.udn.com/money/story/5613/3783744
LINE純網銀金融團隊出爐 北富銀持股最多 另3家各5%
http://www.irnsor.com/article/RUtORUhvTk1mb2M9
純網銀資安 樂天教戰
http://bit.ly/2UTd8HS
日本樂天結合台灣AI,教戰純網銀資安
http://bit.ly/2LkUt8l
75%詐騙案在手機平台發生 樂天純網銀資安專家教你預防
https://money.udn.com/money/story/5613/3790346
6家壽險聯手「電子保單存摺」 省下紙本每年可建5座大安森林公園
https://www.ettoday.net/news/20190429/1433403.htm
農會系統連線 存提款更方便
http://bit.ly/2V2pli4
農會金融系統 八德區農會辦公大樓整修 提供優質洽公環境
https://tyenews.com/2019/04/15095/
年號改元出包 銀行ATM時光倒流
https://tw.news.appledaily.com/new/realtime/20190429/1558401/
日本ATM變「時光機」 存款回到1989年5月7日
https://hk.news.appledaily.com/international/realtime/article/20190501/59550125
臺灣保險區塊鏈平臺測試環境啟用,6家壽險5月開始試用2大主流區塊鏈
http://bit.ly/2Y0O8QR
賀鳴珩:證券商查聯徵資料有助風險管控 無關台股動能
https://money.udn.com/money/story/5607/3786068
證交所增修ETF、ETN注意規定
https://money.udn.com/money/story/5607/3785220
擴大銀行、保險業對外開放 中國擬推出12條新措施
https://ec.ltn.com.tw/article/breakingnews/2775962
國泰世華銀行儲值支付帳戶餘額提領通知
https://www.cathaybk.com.tw/cathaybk/personal/news/announcement/2019/0430-1announceinfo/
報稅倒數!注意海外所得銀行會通報
https://money.udn.com/money/story/6710/3785298
香港金融業現罕見招聘熱潮 虛擬銀行爭奪人才
http://finance.sina.com/bg/usstock/usstock_news/sinacn/2019-04-29/doc-ifzhtqix8913941.shtml
中國大陸銀保監會今年擬修訂或制定31部規章:網路小貸管理辦法在列
https://news.sina.com.tw/article/20190430/31135666.html
銀行防監守自盜 破解5大犯罪手法
https://m.ctee.com.tw/livenews/aj/a91617002019050116073483
日研發智能櫃員機 可防長者受騙匯款
http://paper.wenweipo.com/2019/05/02/GJ1905020013.htm
全球最大 FinTech 金礦在東南亞!73% 居民沒有銀行帳戶反成「最大優勢」
http://bit.ly/2Lk2LNx
中共3家銀行犯案 美國勒令:必須交出帳目
https://www.ntdtv.com/b5/2019/05/02/a102569145.html
英強制銀行培訓 去年阻350人受騙
http://paper.wenweipo.com/2019/05/02/GJ1905020011.htm
美銀行獲授權 阻長者墮騙案
http://paper.wenweipo.com/2019/05/02/GJ1905020007.htm
美國司法部以「銀行詐欺」起訴 Bitfinex 的影子銀行
https://www.blocktempo.com/two-charged-with-running-shadow-banking-service-for-crypto-exchanges/
保險公司以“網路戰”為由拒絕為網路攻擊理賠
https://www.itread01.com/hklxlcy.html
數位存款戶衝150萬戶
https://money.udn.com/money/story/5613/3790557
波特蘭ATM「掃描器」詐騙金額超1萬元
http://www.epochtimes.com/b5/19/5/2/n11228323.htm
ATM機裝讀卡器套取資料 警破假卡集團
http://bit.ly/2vxzGDC
警方稱假卡集團看準櫃員機使用磁帶卡漏洞
https://news.now.com/home/local/player?newsId=346704
傳統銀行五招 反制數位威脅
https://money.udn.com/money/story/5599/3788303
Brazil ushers in open banking model
https://www.zdnet.com/article/brazil-ushers-in-open-banking-model/#ftag=RSSbaffb68
NovaLoader, yet another Brazilian banking malware family
https://www.zscaler.com/blogs/research/novaloader-yet-another-brazilian-banking-malware-family
RBI Proposes 'Regulatory Sandbox' Approach to Testing FinTech
http://bit.ly/2PyS5Jz
GCHQ To Work With Banks To Thwart Fraud, Cyber Attacks
http://blog.extremehacking.org/blog/2019/04/26/gchq-to-work-with-banks-to-thwart-fraud-cyber-attacks/
Protection from a Cyber Exploit With the Power to Burn Financial Statements
https://www.onapsis.com/10kblaze
聯邦108年銀行行員徵才 大招420名行員
http://bit.ly/2ZN3SIL
台灣中小企業銀行招考
http://bit.ly/2Y16xwG
3.電子支付/電子票證/行動支付/ 新聞及資安
一季度第三方支付收39張罰單 罰沒金額同比增9倍
https://news.sina.com.tw/article/20190426/31079352.html
解除6個月限制!LINE Points 5/8起全面改為「一般點數」
https://money.udn.com/money/story/5613/3785785
想怎麼付款都可以!繼Apple Pay後eBay也導入Google Pay
http://bit.ly/2Vc87PH
國人交易仍習慣現金、信用卡 行動支付僅4.8%
https://www.financialhy.com.tw/?p=11582
台灣Pay繳稅目標頻上調 行庫叫苦
https://ec.ltn.com.tw/article/paper/1285645
大鬆綁 電支帳戶可繳保費
https://udn.com/news/story/7239/3790559
電子支付系統被不法分子盜用 專家建議四招保護
http://bit.ly/2PKXpt7
個人綜所稅開徵 8種繳稅管道 行動支付綁定信用卡也行
https://www.nownews.com/news/20190503/3359311/
金管會大開放 街口、LINE一卡通也能繳保費
https://www.ettoday.net/news/20190503/1436233.htm
5.虛擬貨幣/區塊鍊 新聞及資安
亞洲風險投資公司遭遇新的加密貨幣漏洞攻擊
https://0xzx.com/20190427032849062.html
駭客取得數萬個銀行帳戶資料後,勒索銀行支付100萬美元的瑞波幣
https://0nion.com/article/81643
證券型代幣規範將出爐!法界人士:台灣需要更開放的環境
http://bit.ly/2DAiVfq
虛幣平台Paxful主攻非洲 活躍度僅次美國 日均成交1.7萬宗
https://startupbeat.hkej.com/?p=72551
現存最快區塊鏈上線!DEXON要改變區塊鏈生態系
https://m.ctee.com.tw/livenews/kj/a06659002019042515315780
對加密貨幣更友善?法國新加密法授予區塊鏈企業開設銀行帳戶的權利
http://bit.ly/2ZIHctl
風光不再?穩定幣「Tether」穩定性遭疑 影響加密貨幣大跌
http://bit.ly/2UQ5lKx
伊朗第一台比特幣ATM,在德黑蘭首度亮相
http://news.knowing.asia/news/b58bb4d2-7801-487c-9fef-a41fa9ca2bea
DigiFinex與支付公司Simplex達成合作,支持用戶使用信用卡購買加密貨幣
https://www.bishijie.com/kuaixun_279714
駭客利用假更新盜走Electrum錢包中的比特幣,演變成DDoS大戰
https://www.ithome.com.tw/news/130354
台灣交易所 BitoPro 遭駭客攻擊,損失恐為 700 萬顆瑞波幣,價值 6,300 萬以上
https://www.blocktempo.com/taiwan-exchange-bitopro-got-hacked-xrp-lost/
駭客利用假更新盜走Electrum錢包中的比特幣,演變成DDoS大戰
https://ithome.com.tw/news/130354
加拿大五大主要銀行採用區塊鏈技術驗證客戶身份
https://www.tuoluocaijing.com.tw/kuaixun/detail-61556.html
亞馬遜推出託管區塊鏈服務 要讓一般企業組織輕鬆打造區塊鏈
https://news.cnyes.com/news/id/4311863
非法挪用資金爭議未歇 Bitfinex 擬下周啟動 IEO 或私募融資 10 億美元
https://news.cnyes.com/news/id/4312102
微軟 Outlook 現漏洞 導致用戶加密貨幣遭駭客竊取
https://blockcast.it/2019/05/02/microsoft-outlook-cryptocurrency-email-account/
平台出現XRP異常交易!幣託(BitoPro)祭出六項處理方案
http://bit.ly/2VBmSLf
國小學歷男臉書誆比特幣交易 投資客、工程師遭騙439萬
https://www.ettoday.net/news/20190502/1435744.htm
FB據報正構建以加密貨幣為基礎的支付系統
https://news.now.com/home/finance/player?newsId=346641
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / APT
威脅台企業惡意軟體 挖礦軟體仍居首
https://ec.ltn.com.tw/article/breakingnews/2773768
警惕“俠盜”團伙利用新型漏洞傳播GandCrab勒索“藍屏”變種
https://www.4hou.com/typ/17741.html
資安防護!日防衛省將編制、持有「國家級反擊病毒」
https://newtalk.tw/news/view/2019-04-30/240216
鎖定SAP的惡意程式被公開,90萬家企業用戶曝險機率大增
https://www.ithome.com.tw/news/130393?fbclid=IwAR034l8FBJbWgvZFP4A5sWNCCUNhFNUOoxqJESCyHs9-CCeXaYl0nMPuf9M
全球防毒軟體大會 13歲小駭客當場駭無人機
http://bit.ly/2Wa6D4G
電腦病毒再進化,能簒改電腦斷層掃描結果並誤導醫師判斷
https://technews.tw/2019/05/01/computer-virus-alters-cancer-scan-images/
金融後門Carbanak原始碼於VirusTotal上存在近兩年而未被發現
https://www.ithome.com.tw/news/130202
扒一扒CARBANAK的源代碼,看它們是如何巧妙構思並運行的
https://www.4hou.com/reverse/17598.html
挖礦蠕蟲「Beapy」對亞洲企業造成嚴重威脅
https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=904
勒索病毒襲擊美政府辦公室,迫使氣象頻道斷線
https://blog.trendmicro.com.tw/?p=60530
趨勢科技MDR(託管式偵測及回應服務)發現Emotet散播的Nozelesn勒索病毒載入程式
https://blog.trendmicro.com.tw/?p=60147
彭博爆料:歐電信龍頭2009年就發現華為設備藏漏洞
https://udn.com/news/story/6811/3785729
意電訊商揭華為設備存後門程式
http://www.orangenews.hk/finance/system/2019/04/30/010115619.shtml
Huawei denies existence of ‘backdoors’ in Vodafone networking equipment
https://zd.net/2V5j3hY
華為發聲明否認有關其軟體中有隱藏「後門」的報導
https://news.sina.com.tw/article/20190502/31148874.html
Vodafone, Huawei Dispute Report of Telnet 'Backdoor'
https://www.bankinfosecurity.com/vodafone-huawei-dispute-report-telnet-backdoor-a-12435
LockerGoga 勒索軟件家族在定向攻擊中被使用,來自McAfee Labs的分析
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/lockergoga-ransomware-family-used-in-targeted-attacks/
很多家庭使用的盜版視頻播放硬件Kodi box存在打包惡意軟件的行為
https://threatpost.com/kodi_box_malware/144191/
最新性勒索計劃要求以比特幣現金付款
https://blog.trendmicro.com.tw/?p=60532
Trojanized TeamViewer Attacks Reveal Mutating Malware
https://www.bankinfosecurity.com/trojanized-teamviewer-attacks-reveal-mutating-malware-a-12423
TA505 Group Hides Malware in Legitimate Certificates
https://www.bankinfosecurity.in/ta505-group-hides-malware-in-legitimate-certificates-a-12417
Emotet Malware’s New Evasion Technique Lets Hacked Device Used as Proxy command and control (C&C) servers
https://gbhackers.com/emotet-malwares-evasion-technique/
CARBANAK Week Part One: A Rare Occurrence
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html
CARBANAK Week Part Two: Continuing the CARBANAK Source Code Analysis
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-two-continuing-source-code-analysis.html
CARBANAK Week Part Three: Behind the CARBANAK Backdoor
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-three-behind-the-backdoor.html
CARBANAK Week Part Four: The CARBANAK Desktop Video Player
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-four-desktop-video-player.html
Rapidly Growing Electrum Botnet Infects Over 152,000 Users; Steals $4.6 Million
http://bit.ly/2V3s6zQ
Electrum DDoS botnet reaches 152,000 infected hosts
https://blog.malwarebytes.com/cybercrime/2019/04/electrum-ddos-botnet-reaches-152000-infected-hosts/
MuddyWater APT Hones an Arsenal of Custom Tools
https://threatpost.com/muddywater-apt-custom-tools/144193/
Cleveland Airport Suffers Ransomware Attack
https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/cleveland-airport-attack-update/
Buhtrap backdoor and ransomware distributed via major advertising platform
https://www.welivesecurity.com/2019/04/30/buhtrap-backdoor-ransomware-advertising-platform/
AESDDoS Botnet Malware Exploits CVE-2019-3396 to Perform Remote Code Execution, DDoS Attacks,
and Cryptocurrency Mining
http://bit.ly/2PHZmqj
Windows Server hosting provider still down a week after ransomware attack
https://www.zdnet.com/article/windows-server-hosting-provider-still-down-a-week-after-ransomware-attack/#ftag=RSSbaffb68
Mysterious hacker has been selling Windows 0-days to APT groups for three years
https://www.zdnet.com/article/mysterious-hacker-has-been-selling-windows-0-days-to-apt-groups-for-three-years/#ftag=RSSbaffb68
Ransomware attack on Telangana and Andhra Pradesh power utilities
https://www.cybersecurity-insiders.com/ransomware-attack-on-telangana-and-andhra-pradesh-power-utilities/
Energy Firm Systems Hit by DDoS Attack
https://www.isssource.com/energy-firm-systems-hit-by-ddos-attack/
Malvertising campaign targeting accountants distributes six different malware families
https://cyware.com/news/malvertising-campaign-targeting-accountants-distributes-six-different-malware-families-9c31dd31
B.行動安全 / iPhone / Android /穿戴裝置 /App
「台電e櫃檯」App獲資安聯盟認證 再推用電分析新功能
https://udn.com/news/story/7240/3781416
劇情反轉?Apple解釋下架第三方競品App原因:侵犯隱私
http://bit.ly/2J1gIgH
因廣告欺詐及濫用權限,百度子公司數十款應用被Google Play封殺
https://paper.tuisec.win/detail/2d7122ddb64a4fe
來自中國開發商DO Global的程式,因涉廣告詐騙遭Google下架
https://www.ithome.com.tw/news/130276
Google 封鎖 Play Store 最大的 Android App 開發商
https://3c.ltn.com.tw/news/36596
疑親中又分享用戶資訊!Play商店最大App開發商被 Google下架了
http://bit.ly/2Vz7Vch
App Store移除開發商的手機控制App惹議,蘋果:基於隱私與安全
https://www.ithome.com.tw/news/130313
蘋果下架控管軟體 旨在降低資安風險
https://udn.com/news/story/6811/3786085
部分家長監控 App 被下架惹爭議 Apple 指為保障私隱安全
http://bit.ly/2vtbPoz
你有麥當勞App嗎?小心帳戶被黑了
http://bit.ly/2PBVRS8
智慧型手機資安認證服務
http://www.ttida.org.tw/zh_TW/products-details/no/1556247372001
App檢測通過名錄
https://mas.org.tw/app_cert_list.php
聯合國最新統計:全球手機總數突破 80 億,正式超越人類總人口數
https://buzzorange.com/techorange/2019/04/30/cellphones-outnumber-the-population/
行動應用App基本資安認證制度推廣說明會
http://www.tca.org.tw/exhibit_info1.php?n=1070
微信中文敏感詞 網安專家:逾800個
http://bit.ly/2VzYkCj
儘管多起資安風暴,華為首季手機銷量反增 50%
https://buzzorange.com/techorange/2019/05/02/huawei-cellphone-boosts/
拚轉型!臉書F8開發者大會 推暗戀功能
http://bit.ly/2DWqxJB
手機 App 資安黑洞!讓蝦皮和 YouTube 讀你的簡訊和通訊錄,你也按下「同意」了嗎
http://bit.ly/2J1Wt3p
常用手機登錄網銀或行動支付,這 10 件事千萬別做
https://blog.trendmicro.com.tw/?p=59987
Google bans apps developed by Chinese company Baidu
https://www.cybersecurity-insiders.com/google-bans-apps-developed-by-chinese-company-baidu/
C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
QR Code截圖重複入站 偽造車票當心觸法
http://bit.ly/2ZQuLeL
蔡晶晶:人是安全的核心 網路世界的守護者越來越多
https://news.sina.com.tw/article/20190429/31115396.html
蔡玉光:網路安全是人與人的較量 攻防思維的博弈
https://news.sina.com.tw/article/20190429/31115406.html
吳謝宇持多張身份證背後:網路暗藏黑色產業鏈
https://news.sina.com.tw/article/20190426/31089730.html
資安危機將主宰政治走向!國民該注意的 4 大國家級風險有哪些
https://buzzorange.com/techorange/2019/04/30/2019-cyber-attack-prediction/
Palo Alto Networks與GoDaddy移除1.5萬個涉及詐騙的子網域
https://www.ithome.com.tw/news/130294
網站延遲上線、功能及安全問題,赫茲要求Accenture退錢並求償數百萬美元
https://www.ithome.com.tw/news/130278
擅資安管理 警官換跑道一把罩
https://udn.com/news/story/7586/3781488
GitHub遭駭客濫用以代管網釣套件
http://bit.ly/2L8bulP
面對網路資訊戰的法治策略
https://talk.ltn.com.tw/article/paper/1284822
擊敗5連霸北京清華!台清大團隊ASC19奪冠評審讚堪稱完美
https://www.ettoday.net/news/20190427/1431699.htm
林雨蒼:台灣面臨新型態資訊戰,不僅是「網軍」那麼簡單
https://theinitium.com/article/20190429-opinion-taiwan-information-warfare/
羅明才狂護航華為 她用一張圖狠打臉
http://bit.ly/2ULPFrX
中共干預台灣選舉 專家:轉混合戰略需審慎應對
http://www.ntdtv.com.tw/b5/20190430/video/244746.html
人權團體最新報告 中國大陸新疆全面監控合法日常行為
https://money.udn.com/money/story/5599/3789787
中國大陸新疆合法日常行為 也遭全面監控
http://www.ksnews.com.tw/index.php/news/contents_page/0001262907
人權組織揭新疆監控大平台 36種「可疑行為」恐入教育營
http://bit.ly/2J9hyIc
中國身份證高級監控不敵黑市簡單買賣
http://bit.ly/2PwO5ZQ
中國間諜活動令美國深感威脅
https://on.wsj.com/2ULFWSn
中共偷用美衛星 佈「軍警天網」
https://www.secretchina.com/news/b5/2019/04/27/891831.html?code=b5
中國北京「凈網行動」第一季破案兩千餘起侵犯個人信息高發
https://news.sina.com.tw/article/20190428/31108588.html
利用DNA技術 學者疑成中共迫害幫凶
http://bit.ly/2VcGHsH
中國人臉識別技術背後 引發國際爭議
http://bit.ly/2GSxSM4
中國狠招! 招募美公民當間諜
https://news.ltn.com.tw/news/world/breakingnews/2773186
美情報會議曝中共間諜新趨勢:黑客竊美公民資料再招募
https://www.ntdtv.com/b5/2019/04/28/a102566576.html
美國CIA開設IG帳號 首貼照暗藏玄機
http://bit.ly/2GPXjhh
美國資安首長警告英國允許使用華為5G設備將帶來風險
http://bit.ly/2DDVW35
美陸軍嘗試兵棋推演納AI 最快2020年上線
https://www.ydn.com.tw/News/334072
美情治網再現漏洞 前中情局雇員坦承洩密中國
https://www.taiwannews.com.tw/ch/news/3692838
防堵「深偽」影片干預美國2020大選 科技攻防戰開跑
https://tw.news.appledaily.com/new/realtime/20190427/1557713/
遭首相解僱 英國防大臣否認洩密
http://www.epochtimes.com/b5/19/5/1/n11227379.htm
蒲亭簽新法 構築俄國版「網路長城」
https://www.ydn.com.tw/News/334743
趨勢科技核心技術部資深協理張裕敏︰ 中國「水軍」傳播戰 破壞人民對政府信任
https://ec.ltn.com.tw/article/paper/1284880
哪種職業有前途?澳大利亞:網路安全是熱門
https://news.sina.com.tw/article/20190429/31119106.html
Mimikatz: “The AK47 of Cyber Attacks”
https://cyware.com/news/mimikatz-the-ak47-of-cyber-attacks-740bddac
Security Officials Were ‘Stunned’ by the Sophistication of the Sri Lanka Attack
http://bit.ly/2PBaJAe
WPA-3 Dragonfly: Out of the Frying Pan, and into the Fire
http://bit.ly/2vrMVpu
NHS offers Singapore advice on healthcare security
https://www.zdnet.com/article/nhs-offers-singapore-advice-on-healthcare-security/#ftag=RSSbaffb68
Wipro Attack: The Latest Developments
https://www.bankinfosecurity.in/wipro-attack-latest-developments-a-12413
Dawn of the Terrorbit Era - DDoS Attack Size Explodes Worldwide
https://www.bankinfosecurity.com/webinars/live-webinar-dawn-terrorbit-era-ddos-attack-size-explodes-worldwide-w-1980
Huawei's Role in 5G Networks: A Matter of Trust
https://www.bankinfosecurity.com/huaweis-role-in-5g-networks-matter-trust-a-12427
Cartoon Network websites hacked to show Arabic memes and Brazilian male strippers
https://zd.net/2vEn0uV
Dark web crime markets targeted by recurring DDoS attacks
https://www.zdnet.com/article/dark-web-crime-markets-targeted-by-recurring-ddos-attacks/#ftag=RSSbaffb68
Australia's New Infosec Regulation: A Compliance Challenge
https://www.bankinfosecurity.com/australias-new-infosec-regulation-compliance-challenge-a-12430
WikiLeaks' Julian Assange Sentenced to 50 Weeks in UK Jail
http://bit.ly/2LkEEOO
NSA surveillance of foreign nationals surges
https://www.zdnet.com/article/nsa-surveillance-of-foreign-nationals-surges/#ftag=RSSbaffb68
Hackers lurked in Citrix systems for six months
https://www.zdnet.com/article/hackers-lurked-in-citrix-systems-for-six-months/#ftag=RSSbaffb68
Citrix Hackers Camped in Tech Giant's Network for 6 Months
https://www.bankinfosecurity.com/citrix-hackers-camped-in-tech-giants-network-for-6-months-a-12436
UK Defence Secretary sacked over Huawei 5G plan leak
https://www.zdnet.com/article/uk-defence-secretary-sacked-over-huawei-5g-plan-leak/#ftag=RSSbaffb68
5 Cyberattacks That You Would Miss Without AI
https://www.bankinfosecurity.com/webinars/5-cyberattacks-that-you-would-miss-without-ai-w-1988
Two-Thirds of SMBs Have Experienced a Cyberattack. Here Are 4 Ways to Protect Your Business
https://www.smallbizdaily.com/two-thirds-of-smbs-have-experienced-a-cyberattack/
The Interview: Talking Brokers, BIBA & Cyber Attacks with Mike Smart at BAE Systems
https://insurance-edge.net/2019/05/02/the-interview-talking-brokers-biba-cyber-attacks-with-mike-smart-at-bae-systems/
China uses biometrics and digital scanning 'data doors' to track Muslim minority
https://www.zdnet.com/article/china-uses-biometrics-and-digital-scanning-data-doors-to-track-muslim-minority/#ftag=RSSbaffb68
Law enforcement seizes dark web market after moderator leaks backend credentials
https://www.zdnet.com/article/law-enforcement-seizes-dark-web-market-after-moderator-leaks-backend-credentials/#ftag=RSSbaffb68
資安工程師(資安防禦)
https://www.104.com.tw/job/?jobno=6lbnm
資安工程師(資安監控調查)
https://www.104.com.tw/job/?jobno=6lbnn
合庫證券徵才 5/6截止報名
https://money.udn.com/money/story/5636/3782380
網路工程師
https://www.cakeresume.com/companies/msig-mingtai/jobs/network-engineer-4d4511
資安管理人員
https://www.cakeresume.com/companies/msig-mingtai/jobs/security-manager
私人銀行Treasury系統程式設計師
https://www.cakeresume.com/companies/ctbc-bank-co-ltd/jobs/private-bank-treasury-system-designer
資訊_稽核人員
https://www.104.com.tw/job/?jobno=5dxlb&jobsource=freshman2009
個金/信用卡系統分析師
https://www.cakeresume.com/companies/ctbc-bank-co-ltd/jobs/gold-credit-card-system-analyst
資安工程師
https://www.cakeresume.com/companies/jetstartech/jobs/security-engineer-7eebc6
資訊安全工程師(DLP)
https://www.cakeresume.com/companies/ctbc-bank-co-ltd/jobs/information-security-engineer-dlp
精誠徵求跨界人才 釋300個職缺
https://money.udn.com/money/story/5617/3784955
【IT】資安開發工程師 - 1800878
https://www.104.com.tw/job/?jobno=6ljk4
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
8千萬個美國家庭資料在公開伺服器上曝光
https://www.ithome.com.tw/news/130342
國際特赦香港分會疑遭國家級網絡攻擊 捐款者、會員資料或外洩
http://bit.ly/2J0v7cV
馬國交通部:已就VEP網站安全漏洞展開調查
https://www.zaobao.com.sg/znews/sea/story20190428-952091
負面消息頻傳 專家:札克伯格希望政府「監管臉書」
https://ec.ltn.com.tw/article/breakingnews/2771815
駭客新釣魚手法!網址列也不可信了嗎?談模糊的 Line of Death
http://bit.ly/2GPQoEy
報告:2018年澳洲人因加密貨幣詐騙損失至少610萬美元
https://news.sina.com.tw/article/20190429/31114432.html
傳遭中國普天惡意倒帳 盛達電業重磅回擊強調無涉嫌詐貸
https://www.chinatimes.com/realtimenews/20190429001181-260410?chdtv
教你辨識與避免詐騙 馬爾他金管局公布加密投資「防詐」指南
https://news.cnyes.com/news/id/4309976
銀行與警方積極合作 機警攔阻香港證券假投資真詐財
http://bit.ly/2WdtaO6
扮國安局長 騙婚詐540萬
https://m.ltn.com.tw/news/society/paper/1284840
針對國內華僑電騙黨扮荷移民局華海關行騙
https://hk.on.cc/hk/bkn/cnt/aeanews/20190428/bkn-20190428180018491-0428_00912_001.html
中國大陸河南警方重拳反詐,刑拘電信網路詐騙嫌疑人1300餘名
https://news.sina.com.tw/article/20190426/31084614.html
網路吸金逾億上萬人受害8年級幹部遭羈押再搜索7年級共犯
https://news.ltn.com.tw/news/society/breakingnews/2770332
駭客新釣魚手法!網址列也不可信了嗎?談模糊的 Line of Death
https://www.inside.com.tw/article/16247-line-of-death
移動端CHROME發現安全漏洞:可利用假地址欄發起釣魚攻擊
http://bit.ly/2Wh8kxo
行動版 Chrome 被發現可以透過假網址欄來進行釣魚攻擊
https://chinese.engadget.com/2019/04/29/chrome-exploit-uses-a-fake-address-bar-for-phishing-attacks/
偽造信用卡印錯字母 法拉盛5華裔詐騙被捕
https://udn.com/news/story/6813/3784947
刑事局首破韓國人來台架設賭網機房 累積賭金高達6億7000萬
https://m.ltn.com.tw/news/society/breakingnews/2775008
LINE資安長怎麼看數據公司的資料運用與隱私挑戰
https://0nion.com/article/87864
我遭假訊息攻擊全球第一 國安局:中國複製俄羅斯模式
https://news.ltn.com.tw/news/politics/breakingnews/2776407
警用電話爆漏洞 徐國勇:立即防堵並依法辦理
https://www.cna.com.tw/news/aipl/201905010029.aspx
警用電話後門大開/騙個資可判5年 個資遭洩可求償
https://news.ltn.com.tw/news/society/paper/1285373
保障用戶隱私 Google 再推定期自動刪除歷史搜尋、定位紀錄
https://www.inside.com.tw/article/16262-google-automatically-delete-data
Google Adds New Option to 'Auto-Delete' Your Location History and Activity Data
http://bit.ly/2GZVAWE
越南警方破獲大型網賭集團 逮捕台籍主嫌
https://money.udn.com/money/story/5599/3788827
詐騙手法翻新 EBT持卡人莫上當
http://bit.ly/2VwZQ8j
「薅羊毛」別薅成詐騙 如此套取信用卡積分屬違法
https://news.sina.com.tw/article/20190503/31154696.html
新型 BEC 變臉詐騙手法,竄改薪資自動轉帳路徑
https://blog.trendmicro.com.tw/?p=60424
瘋傳中油「加油券」,是詐騙!Line 詐騙難以分辨,不小心點了連結會怎樣
https://blog.trendmicro.com.tw/?p=60267
DJI 前員工洩露程式碼 判監半年罰款 20 萬人民幣
https://unwire.hk/2019/04/29/dji-source-code-leaked/life-tech/drone/
DJI employee who leaked source code sent behind bars
https://www.zdnet.com/article/dji-employee-who-leaked-source-code-awarded-prison-sentence/#ftag=RSSbaffb68
Docker Hub遭入侵,外洩19萬名用戶憑證
https://www.ithome.com.tw/news/130275
Docker Hub hack exposed data of 190,000 users
https://www.zdnet.com/article/docker-hub-hack-exposed-data-of-190000-users/#ftag=RSSbaffb68
Docker Hub Suffers a Data Breach, Asks Users to Reset Password
http://bit.ly/2UQHevo
Docker Hub Breach: It's Not the Numbers; It's the Reach
https://www.bankinfosecurity.com/docker-hub-breach-its-numbers-its-reach-a-12425
Police and NCSC to Breach Victims: We Won't Tell Regulators
https://www.bankinfosecurity.co.uk/police-ncsc-to-breach-victims-we-wont-tell-regulators-a-12421
New York, Canada, Ireland Launch New Investigations Into Facebook Privacy Breaches
http://bit.ly/2PEecOH
Could a New Law Help Curb Spread of Fake News
https://www.bankinfosecurity.asia/interviews/could-new-law-help-curb-spread-fake-news-i-4308
Facebook Could Be Fined Up To $5 Billion Over Privacy Violations
http://bit.ly/2Wagh7j
Unprotected Database Exposes Personal Info of 80 Million American Households
http://bit.ly/2DHc57S
Mystery Database Exposed Info on 80 Million US Households
https://www.bankinfosecurity.com/mystery-database-exposed-info-on-80-million-us-households-a-12432
Russian Charged in $1.5 Million Cyber Tax Fraud Scheme
https://www.bankinfosecurity.com/russian-charged-in-15-million-cyber-tax-fraud-scheme-a-12431
Researcher: JustDial Had New User Data Leak
https://www.bankinfosecurity.asia/researcher-justdial-had-new-user-data-leak-a-12429
BEC fraud losses almost doubled last year
https://www.welivesecurity.com/2019/04/25/bec-fraud-losses-doubled-2018/
Failed blackmail attempt prompts hackers to leak ocean of data belonging to major companies
https://www.zdnet.com/article/hackers-publish-516gb-of-data-belonging-to-some-of-the-largest-companies-worldwide/#ftag=RSSbaffb68
Eddie Bauer reaches $9.8 million settlement deal over leak of 1 million Veridian accounts
https://www.zdnet.com/article/9-8-million-settlement-reached-over-the-leak-of-1-million-veridian-credit-union-accounts/#ftag=RSSbaffb68
Social media phishing attacks up more than 70 percent
https://betanews.com/2019/05/02/social-media-phishing/
E.研究報告
挖洞經驗| 通過密碼重置功能構造HTTP Leak實現任意賬戶劫持
https://www.freebuf.com/vuls/200748.html
IoT設備資安防護指南
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019043009042727813385094478948.pdf
Symantec終端防護內核內存信息洩漏漏洞分析(CVE-2018-18366)
https://www.4hou.com/vulnerable/17699.html
內核漏洞挖掘技術系列(3)——bochspwn-reloaded(1)
https://xz.aliyun.com/t/4921
內核漏洞挖掘技術系列(3)——bochspwn-reloaded(2)
https://xz.aliyun.com/t/4932
Weblogic CVE-2019-2725分析報告
https://paper.tuisec.win/detail/4b113550fd87872
frizb/Bypassing-Web-Application-Firewalls
https://github.com/frizb/Bypassing-Web-Application-Firewalls
MYSQL_SQL_BYPASS_WIKI
https://github.com/aleenzz/MYSQL_SQL_BYPASS_WIKI
如何挖掘SAML (安全斷言標記語言)相關漏洞的方法論
https://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/
PowerDrive - PowerShell 惡意軟件的精確反混淆
https://arxiv.org/pdf/1904.10270.pdf
利用NSA Ghidra分析Shadow Hammer供應鏈攻擊樣本(Stage 1: Setup.exe)
https://www.youtube.com/watch?v=gI0nZR4z7_M
組合Osquery、Rsyslog、VirusTotal 等多個工具,檢測惡意下載行為
http://bit.ly/2V7f2t2
利用普通域權限賬號dump 域環境中所有的DNS 解析記錄
https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/
wls9-async反序列化遠程命令執行漏洞的PoC
https://github.com/jas502n/CNVD-C-2019-48814
GitLab 11.4.7 SSRF+CRLF 注入配合Redis 遠程執行代碼
https://github.com/jas502n/gitlab-SSRF-redis-RCE
海蓮花APT組織2019年第一季度針對中國的攻擊活動技術揭秘
https://www.freebuf.com/articles/network/201940.html
systemdMiner借雞下蛋,通過DDG傳播自身
https://blog.netlab.360.com/systemdminer-propagation-through-ddg/
Android 官方對Android Q 新引入的沙箱隔離存儲安全特性Scoped Storage 的介紹
https://goo.gl/ro9Q7h
微軟開源的利用Windows Host Compute Service (HCS)管理Windows容器的軟件
https://github.com/Microsoft/hcsshim
Windows 進程注入的方法總結
https://modexp.wordpress.com/2019/04/25/seven-window-injection-methods/
使用frida hook安卓系統調用ioctl,以dump Binder流量
https://bhamza.me/2019/04/24/Frida-Android-libbinder.html
FireEye對Carbanak後門的詳細技術分析
https://feye.io/2ULNQQu
使用Radare2逆向APT32樣本
https://research.checkpoint.com/deobfuscating-apt32-flow-graphs-with-cutter-and-radare2
針對Besder 網絡攝像頭的逆向分析和漏洞挖掘
http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.html
趨勢科技TrendLabs 對Apache Tomcat 遠程代碼執行漏洞(CVE-2019-0232)的分析
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/9AJRqs7sldE/
利用Rubyzip 攻擊Metasploit
https://blog.doyensec.com/2019/04/24/rubyzip-bug.html
Venator - SpecterOps開發的一款用於macOS 平台惡意軟件行為檢測的工具
http://bit.ly/2ZFf1eF
gnutls的代碼庫中新提交了一個支持證書驗證測試的Fuzzer,這個Fuzzer可以用於重現CVE-2019-3829漏洞
https://gitlab.com/gnutls/gnutls/commit/ad27713bef613e6c4600a0fb83ae48c6d390ff5b
攻擊組織TA505 近期利用LOLBINs 和ServHelper 攻擊大型金融企業,來自Cybereason 的分析
https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware
APT34洩密武器分析報告
https://paper.tuisec.win/detail/8b11ecee4b21bca
要想加入紅隊,需要做好哪些準備
https://paper.tuisec.win/detail/9e6ae6dd5b17c2f
CVE-2018-8453內核漏洞分析
https://xz.aliyun.com/t/4938
利用web內徑圖譜來檢測EAR漏洞
https://xz.aliyun.com/t/4942
淺析Web應用安全如何防禦檢查應用漏洞
https://zhuanlan.zhihu.com/p/64131701
商用硬件Token設備軟件實現中的Envelope漏洞分析
https://www.4hou.com/vulnerable/17666.html
工程師技能大全:如何用 Python 寫出所有的演算法
http://bit.ly/2XZzf17
利用Chromium漏洞奪取CTF勝利:VitualBox虛擬機逃逸漏洞分析(CVE-2019-2446)
https://www.4hou.com/vulnerable/17764.html
Apache Tomcat遠程代碼執行漏洞
http://bit.ly/2vwm9Mu
Microsoft用戶帳戶漏洞允許駭客竊取加密貨幣
https://0xzx.com/20190430200752817.html
Microsoft Edge和IE瀏覽器同源策略繞過漏洞分析
https://www.freebuf.com/vuls/200131.html
SpringBoot 學習| raibaby Halo v0.4.3 漏洞分析
https://juejin.im/post/5cc84ce25188252ddf4bfe6f
CVE-2019-0726:Win10 DHCP客户端RCE漏洞
https://www.4hou.com/vulnerable/17758.html
LockerGoga勒索軟件家族分析
https://paper.tuisec.win/detail/d1ecadf3bc7359c
DLL injection - Developing a simple injector
http://bit.ly/2GMiIXr
Apache hooks up with GitHub
https://www.zdnet.com/article/apache-hooks-up-with-github/#ftag=RSSbaffb68
WebLogic CVE-2019-2647、CVE-2019-2648、CVE-2019-2649、CVE-2019-2650 XXE漏洞分析
https://paper.seebug.org/906/
Gaining Access to Card Data Using the Windows Domain to Bypass Firewalls
http://bit.ly/2INZ2pj
XSS-Auditor — the protector of unprotected
https://medium.com/bugbountywriteup/xss-auditor-the-protector-of-unprotected-f900a5e15b7b
Remote Code Execution for Java Developers
https://medium.com/cisco-amp-technology/remote-code-execution-for-java-developers-84adb8e23652
How to Steal & Decrypt Passwords Stored in Chrome & Firefox Remotely
https://null-byte.wonderhowto.com/how-to/hacking-windows-10-steal-decrypt-passwords-stored-chrome-firefox-remotely-0183600/
How to Remotely Record & Listen to the Microphone of a Hacked Computer
https://null-byte.wonderhowto.com/how-to/hacking-windows-10-remotely-record-listen-microphone-hacked-computer-0183723/
F.商業
ImmuniWeb推出免費的網站安全和PCI DSS合規性測試
https://www.businesswirechina.com/hk/news/40439.html
Mozilla即將封鎖含有混淆程式碼的附加元件
https://www.ithome.com.tw/news/130398
快速精準辨識活體人臉 光明遠大讓機房安全大幅提升
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=50&cat2=10&id=0000558442_pan3sg2j5i4n7p1h594q9
Congress Asks Google 10 Questions On Its Location Tracking Database
http://bit.ly/2GSGDEL
Microsoft, Dell unveil new Azure-VMware integrations
https://www.zdnet.com/article/microsoft-dell-unveil-new-azure-vmware-integrations/#ftag=RSSbaffb68
Dell Technologies makes VMware linchpin of hybrid cloud, data center as a service, end user strategies
https://zd.net/2vtMYBe
Splunk aims to use augmented reality to monitor server racks, equipment to bring data to multiple screens
https://zd.net/2PGygjf
G.政府
唐鳳:資安防護,美需要台扮要角
https://m.ctee.com.tw/livenews/aj/a08614002019042711320417
台灣數碼政委與美官員討論守護選舉安全避免境外勢力操縱
https://www.voacantonese.com/a/taiwan-digital-minister-us-election-security-20190426/4893889.html
唐鳳訪華府:會面層級「超乎預期」
https://udn.com/news/story/6656/3779967
政院核定 王立群升任財金處長
https://www.chinatimes.com/realtimenews/20190429002242-260410?chdtv
資安即國安政策推動,關貿(6183)與法務部調查局簽署資安聯防合作協議
https://fnc.ebc.net.tw/FncNews/Content/78172
關貿網路與調局再續資安聯防合作
http://bit.ly/2PCWone
財政部旗下關貿網路將進軍醫療區塊鏈
https://www.chinatimes.com/realtimenews/20190429002218-260410?chdtv
北市稅處全國首家獲資安及個資國際標準四合一認證
http://www.wejapango.com/article/RXpSeldTd2JaSEk9
陸委會要查涉違法刊中國職缺人力銀行急改網頁
https://news.ltn.com.tw/news/politics/breakingnews/2770624
立院三讀 放寬藝文採購不受政府採購法限制
https://www.cna.com.tw/news/aipl/201904300189.aspx
唐鳳透露:政院擬推資安產品「白名單」
https://www.chinatimes.com/realtimenews/20190430001676-260407?chdtv
強化資安 唐鳳:政院研擬產品白名單
https://www.rti.org.tw/news/view/id/2019258
備戰大選資安? 政院擬推資安白名單
http://bit.ly/2XVNaFy
維護資安 唐鳳:政院研擬推薦白名單
https://www.cna.com.tw/news/aipl/201904300214.aspx
採購涉國安資安可限制廠商 政院擬另議白名單
https://news.pchome.com.tw/politics/pts/20190501/video-15566400008204608001.html
禁用陸製資通產品 殃及台廠
https://www.chinatimes.com/opinion/20190430004171-262101?chdtv
國防院成立週年 馮世寬細數成果
https://www.chinatimes.com/realtimenews/20190430001850-260407?chdtv
防「假外資真中資」在台投資《政府採購法》增訂國家安全採購限制辦法
http://bit.ly/2Wen9k8
採購法修正 國安採購可設防中條款
https://ec.ltn.com.tw/article/paper/1285428
打擊假消息遭質疑「言論箝制」 唐鳳:同時符合三個定義才算
https://www.storm.mg/article/1234262?srcid=73746f726d2e6d675f6e756c6c_1556671459
健全獨董制度 金管會要求設置公司治理主管
https://fnc.ebc.net.tw/FncNews/Content/78605
蔡政府的資安狂想
https://www.chinatimes.com/opinion/20190501002788-262103?chdtv
台灣遭受假訊息攻擊全球第一!國防部組反制小組因應
https://newtalk.tw/news/view/2019-05-01/240735
國安局:中國指導在台同路媒體帶風向
https://news.ltn.com.tw/news/focus/paper/1285632
金管會「十誡」 防理專舞弊
https://money.udn.com/money/story/5613/3788355
國網中心結合AI國家隊 打造高效節能的AI雲端機房
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=110&id=0000558690_gif7fft48s6e6h1suedpi
銀行員學英文 顧立雄:這筆錢可以報帳
http://bit.ly/2GWi7DV
立委推電支帳戶18歲可開戶顧立雄:卡關在法務部
https://money.udn.com/money/story/5613/3787591
開發App,請依「行政院及所屬各機關行動化服務發展作業原則」進行
http://inc.ntub.edu.tw/p/404-1011-69591.php?Lang=zh-tw
歷年來首次! 我國金管會當選IFIAR理事
https://www.ettoday.net/news/20190503/1436251.htm
H.SCADA/ICS/工控系統
Siemens SIMATIC S7-300存在信息泄露漏洞
http://www.cnvd.org.cn/flaw/show/CNVD-2019-10130
Industry 4.0 Brings Total Productive Maintenance into the Digital Age
http://bit.ly/2IZhuLa
Taking the Cyberattack Target Off Manufacturers' Backs
http://www.comspark.tech/comSpark/Taking-the-Cyberattack-Target-Off-Manufacturers-Backs/
I.教育訓練
一個台灣資安研究員的奇幻漂流
https://www.slideshare.net/slideshow/embed_code/key/B6bwk85SwxExfs
防微杜漸:使用Protected Port隔離網路主機
https://www.uuu.com.tw/Public/content/article/19/20190429.htm
大數據雲端資安實務契合式學分學程
http://www.csie.uch.edu.tw/zh_TW/courselink/groupcourse001/course11
A Crash Course in Everything Cryptographic
https://medium.com/@lduck11007/a-crash-course-in-everything-cryptographic-50daa0fda482
Learn Ethical Hacking With 180 Hours of Training — 2019 Online Course
http://bit.ly/2J0Qlr8
CompTIA Certification Training Courses — Avail Awesome 95% Discount
http://bit.ly/2UU6LUm
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
澳洲共享電動滑板車中招 黑客入侵播猥褻語音
http://bit.ly/2vu9KIQ
智慧醫院將在台灣興起!物聯網打破醫院圍牆,醫療服務深入患者生活
https://buzzorange.com/techorange/2019/04/30/digital-medication-trend/
iLnkP2P漏洞曝光,200萬台物聯網設備易被遠程入侵
https://zhuanlan.zhihu.com/p/64256304
AIoT 實現自駕車多元應用
http://bit.ly/2VCYSYc
國內某P2P軟體存在關鍵漏洞,200萬物聯網設備易受遠程入侵
https://read01.com/xmAgKKN.html
IoT裝置易遭駭 須強化軟硬體防護能力觀念
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=50&id=0000558406_72i5z666l83xvg7num2p6
2 Million IoT Devices Have P2P Software Flaw: Researcher
https://www.bankinfosecurity.com/2-million-iot-devices-have-p2p-software-flaw-researcher-a-12428
What keeps IoT executives up at night
https://www.zdnet.com/article/what-keeps-iot-executives-up-at-night/#ftag=RSSbaffb68
Over two million IoT devices vulnerable because of P2P component flaws
https://www.zdnet.com/article/over-two-million-iot-devices-vulnerable-because-of-p2p-component-flaws/#ftag=RSSbaffb68
工場における産業用IoT導入のためのセキュリティ ファーストステップ
https://www.jpcert.or.jp/ics/information06.html
産業用IoT導入のためのセキュリティファーストステップ英語版リリース
https://blogs.jpcert.or.jp/ja/2019/04/ICSR_2019-01.html
6.近期資安活動及研討會
108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
https://ais3.org/mfctf/
國立交通大學 亥客書院 - 基礎網站安全建構實務 5/4
https://hackercollege.nctu.edu.tw/?p=1045
ISDA 白帽菁英萌芽計劃II 0505
https://reg.shield.org.tw/info.php?no=54
TDOH-PIPE 北區聚 & 業界職涯分享講座 | 201905 5/5
http://bit.ly/2PHfatC
Pwn入門 5/5
https://hackersir.kktix.cc/events/fcu190505
Elixir台灣 台北 Meetup # Monday, May 6, 2019
https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/
公部門之AI資安防護新思維研討會 5/7
http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==
向資安服務看齊 我們一起讓資安從「有做」到「有效」 5/8 ~ 5/10
https://www.informationsecurity.com.tw/Seminar/2019_all/
資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
https://www.accupass.com/event/1904170343547477698390
HackingThursday 固定聚會 5/9
https://www.meetup.com/hackingthursday/events/vkhnnqyzhbmb/
國家高速網路與計算中心教育訓練-資安健診 5/9
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3827&from_course_list_url=homepage
國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
https://hackercollege.nctu.edu.tw/?p=1054
行動應用App基本資安認證制度推廣說明會 5/13
https://seminars.tca.org.tw/D15e02218.aspx
AWS 機器學習戰鬥營 5/13
https://email.awscloud.com/u5k900jZkO0tck00LrsTMo0
AIS3 2019 新型態資安暑期課程 報名107 年 5 月 14 日上午 10 點至 107 年 5 月 27 日下午 6 點
https://ais3.org/
iTHome 台灣雲端大會 Cloud Summit 2019 2019年 5 月 15 日 (三) 09:00~17:00
https://cloudsummit.ithome.com.tw/
Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/
「SQL Server 2008 EOS」研討會 5/15
https://cosa.kktix.cc/events/bb128a58
HackingThursday 固定聚會 5/16
https://www.meetup.com/hackingthursday/events/vkhnnqyzhbvb/
國家高速網路與計算中心教育訓練-網路封包分析實務 5/16
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3831&from_course_list_url=homepage
DevDays Asia 2019 @Taipei 亞太技術年會 2019/5/21-2019/5/23 | 9:00 AM - 5:00 PM
https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x6811311abcd
CDX2.0推廣活動 5/22
https://nchc-cdx.kktix.cc/events/cdxactivity-0522
工研院進修園地-樹莓派影像 5/22
http://bit.ly/2Ld3QH3
HackingThursday 固定聚會 5/23
https://www.meetup.com/hackingthursday/events/vkhnnqyzhbfc/
國家高速網路與計算中心教育訓練-源碼檢測實作 5/23
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3835&from_course_list_url=homepage
第二十九屆全國資訊安全會議 5/23 ~ 5/24
https://cisc2019.cs.pu.edu.tw/index.php
Docker Birthday #5 - Taipei 5/25
https://www.meetup.com/Docker-Taipei/events/248974949/
OWASP TechDay Taiwan 2019 2019/05/28
https://csa.kktix.cc/events/owasp0528
HackingThursday 固定聚會 5/30
https://www.meetup.com/hackingthursday/events/vkhnnqyzhbnc/
International Conference CONSTRUCTIVE THEORY OF FUNCTIONS - 2019 SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/
軟體安全性測試實務 6/3 ~ 6/4
https://www.accupass.com/event/1904230701335964656400
HackingThursday 固定聚會 6/6
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbjb/
國家高速網路與計算中心教育訓練-源碼檢測實作 6/13
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3828&from_course_list_url=homepage
HackingThursday 固定聚會 6/13
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbrb/
國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
https://hackercollege.nctu.edu.tw/?p=1039
Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/
HackingThursday 固定聚會 6/20
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbbc/
國家高速網路與計算中心教育訓練-資安健診 6/20
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3832&from_course_list_url=homepage
HackingThursday 固定聚會 6/27
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/
HackingThursday 固定聚會 7/4
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/
2019國際資訊安全組織台灣高峰會 7/9 ~ 7/11
https://csa.kktix.cc/events/2019con
工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
https://www.accupass.com/event/1904080311551119077841
HackingThursday 固定聚會 7/11
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/
HackingThursday 固定聚會 7/18
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/
HackingThursday 固定聚會 7/25
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/
WEB應用滲透測試 8/21 ~ 8/23
https://www.accupass.com/event/1904080221358963463590
資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」 8/29 ~ 8/30
http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==
TANET 2019 - 臺灣網際網路研討會 9/25
https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310
Splunk .conf 19 10/21 ~ 10/24
https://conf.splunk.com/
Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019
https://www.icscybersecurityconference.com
沒有留言:
張貼留言