跳到主要內容

資安事件新聞週報 2019/5/13 ~ 2019/5/17

資安事件新聞週報  2019/5/13  ~  2019/5/17

1.重大弱點漏洞/後門/Exploit/Zero Day
Fortinet FortiSandbox跨站腳本漏洞   CVE-2018-1356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1356

GPS追蹤器的安全漏洞將允許駭客得知用戶位置或竊聽
https://www.ithome.com.tw/news/130585

Titan藍牙硬體金鑰有安全漏洞,Google將免費換新
https://ithome.com.tw/news/130673

WordPress網站的安全漏洞有98%來自外掛程式
https://www.ithome.com.tw/news/130713

VMWare 產品權限提升漏洞
https://www.us-cert.gov/ncas/current-activity/2019/05/14/VMware-Releases-Security-Updates

Toshiba 和 Brother 印表機Web Services列印存在安全漏洞
https://net.nthu.edu.tw/netsys/mailing:announcement:20190515_02

Coros announces VERTIX GPS adventure watch: 45-day battery life and extreme operating profile
https://www.zdnet.com/article/coros-announces-vertix-gps-adventure-watch-45-day-battery-life-and-extreme-operating-profile/#ftag=RSSbaffb68

HAProxy 安全漏洞 CVE-2019-11323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11323

Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder
http://bit.ly/2JGUIrH

Adobe security update released for critical Flash, Acrobat, Reader bugs
https://www.zdnet.com/article/adobe-security-updates-released-for-critical-flash-acrobat-reader-bugs/#ftag=RSSbaffb68

Samba 多個漏洞
https://www.samba.org/samba/security/CVE-2018-16860.html

cyberark -- enterprise_password_vault    CVE-2019-7442
https://nvd.nist.gov/vuln/detail/CVE-2019-7442

專家發布SQLite遠程代碼執行漏洞
https://www.77169.com/html/235675.html

Sqlite3 窗口函數UAF漏洞預警通告(CVE-2019-5018)
https://cert.360.cn/warning/detail?id=851d095dc53cc51e326552953f147367

黑客攻擊Jenkins漏洞(CVE-2018-1000861)傳播Kerberods挖礦軟件
https://nosec.org/home/detail/2569.html

曝iLnkP2P存嚴重安全漏洞你家可能用的就是這款
http://www.safebase.cn/article-256946-1.html

Vulnerability Discovered In ‘Unhackable’ eyeDisk Flash Drive – Passwords Exposed
http://bit.ly/2E1Ine7

甲骨文 WebLogic 伺服器曝關鍵漏洞,無需身份驗證即可被遠端利用
https://www.itread01.com/hkyfcey.html

Oracle Security Alert Advisory - CVE-2019-2725
https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html

Patch Rails 3修復CSRF保護漏洞
http://hk.voidcc.com/question/p-mgchgmnu-tb.html

【GeForce 驅動程式隱藏高風險漏洞!!】NVIDIA 建議更新至 430.64 WHQL 版本
http://bit.ly/2VlCaiO

這 13 款 Mac 不能修正 ZombieLoad 漏洞
https://www.newmobilelife.com/2019/05/16/zombieload-mac-issue/

Intel 再曝新漏洞 ZombieLoad
https://www.coolaler.com/threads/intel-zombieload.355473/

Intel BootGuard的TOCTOU漏洞BootGuard TOCTOU vulnerability
https://bugzilla.tianocore.org/show_bug.cgi?id=1614

英特爾晶片再爆資安漏洞 蘋果、微軟、Google都中招
https://udn.com/news/story/6811/3813549

英特爾處理器再曝安全漏洞,修補程式由各製造商發布更新中
https://technews.tw/2019/05/15/intel-zombieload/

英特爾處理器發現新安全漏洞 某些晶片恐降速
https://www.cna.com.tw/news/ait/201905150204.aspx

Intel處理器再爆MDS資安漏洞,更新處理器微碼犧牲效能換取安全
http://bit.ly/2vWUW5N

Intel 再爆嚴重安全漏洞!所有從 2011 年推出的 CPU 也中槍
https://www.newmobilelife.com/2019/05/15/intel-zobieload-security-issue/

New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011
http://bit.ly/2W4CyGN

Intel's 'ZombieLoad' Fixes May Slow Processors by 9 Percent
https://www.bankinfosecurity.com/intels-zombieload-fixes-may-slow-processors-by-9-percent-a-12484

Intel CPUs impacted by new Zombieload side-channel attack
https://www.zdnet.com/article/intel-cpus-impacted-by-new-zombieload-side-channel-attack/#ftag=RSSbaffb68

How to test MDS (Zombieload) patch status on Windows systems
https://www.zdnet.com/article/how-to-test-mds-zombieload-patch-status-on-windows-systems/#ftag=RSSbaffb68

Patch status for the new MDS attacks against Intel CPUs
https://www.zdnet.com/article/patch-status-for-the-new-mds-attacks-against-intel-cpus/#ftag=RSSbaffb68

防堵遭駭客發動攻擊!微軟罕見緊急釋出舊版 XP、Windows 7 安全補丁
https://3c.ltn.com.tw/news/36766

Windows XP 未死?微軟突提供更新修補漏洞
http://bit.ly/2E9rBcY

說好不更新 XP 破功,微軟推 Patch 修補 WannaCry 類型漏洞
https://technews.tw/2019/05/15/windows-xp-is-patched-again-microsoft-new-patch-against-wannacry-like-attack/

舊版 Windows 系統獲得對應 WannaCry 式攻擊的補丁
https://chinese.engadget.com/2019/05/14/windows-7-xp-rds-vulnerability/

快修補!微軟SharePoint Server的執行任意程式碼漏洞,已遭惡意程式攻擊 CVE-2019-0604
https://www.ithome.com.tw/news/130584

微軟Windows遠端桌面服務存在安全漏洞(CVE-2019-0708)
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1101

微軟警告新漏洞 類似勒贖病毒「想哭」
http://bit.ly/2WcXJXC

To Prevent Another WannaCry, Microsoft Patches Old OSs
https://www.bankinfosecurity.com/to-prevent-another-wannacry-microsoft-patches-old-oss-a-12483

Microsoft Releases Patches For A Critical 'Wormable Flaw' and 78 Other Issues
http://bit.ly/2WauLY2

CVE-2019-0708:Windows RDP服務蠕蟲級漏洞預警
https://www.anquanke.com/post/id/178284

Microsoft SharePoint servers are under attack
https://www.zdnet.com/article/microsoft-sharepoint-servers-are-under-attack/#ftag=RSSbaffb68

Microsoft May 2019 Patch Tuesday arrives with fix for Windows zero-day, MDS attacks
https://www.zdnet.com/article/microsoft-may-2019-patch-tuesday-arrives-with-fix-for-windows-zero-day-mds-attacks/#ftag=RSSbaffb68

Microsoft patches Windows XP, Server 2003 to try to head off 'wormable' flaw
https://www.zdnet.com/article/microsoft-patches-windows-xp-server-2003-to-try-to-head-off-wormable-flaw/#ftag=RSSbaffb68

Microsoft releases new version of Attack Surface Analyzer utility
https://www.zdnet.com/article/microsoft-releases-new-version-of-attack-surface-analyzer-utility/#ftag=RSSbaffb68

Cisco ESC軟體存在安全漏洞(CVE-2019-1867),讓遠端攻擊者繞過認證機制取得管理者權限,請儘速確認並進行修正
https://www.ilrc.edu.tw/ilrc_content.php?n=260

Cisco's 'Thrangrycat' Router Flaw Tough to Neuter
https://www.bankinfosecurity.co.uk/ciscos-thrangrycat-router-flaw-tough-to-neuter-a-12479

Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear
https://www.zdnet.com/article/thrangrycat-flaw-lets-attackers-plant-persistent-backdoors-on-cisco-gear/#ftag=RSSbaffb68

Cisco Secure Boot Hardware Tampering Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot

Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor
http://bit.ly/2VEtHwk

研究人員公布思科硬體安全模組TAm漏洞,影響眾多產品
https://www.ithome.com.tw/news/130622

Cisco 企業級路由器 嚴重漏洞有待修補
http://bit.ly/2W3IVKy

Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices
http://bit.ly/2E1MUNF

cisco -- application_policy_infrastructure_controller     CVE-2019-1682
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1682

cisco -- firepower_management_center CVE-2019-1699
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1699

cisco -- firepower_management_center CVE-2019-1709  
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1709

cisco -- firepower_threat_defense    CVE-2018-15462
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15462

cisco -- firepower_threat_defense    CVE-2019-1703
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1703

cisco -- nexus_9000_series_application_centric_infrastructure     CVE-2019-1803
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1803

cisco -- nexus_93108tc-ex_firmware     CVE-2019-1804
https://nvd.nist.gov/vuln/detail/CVE-2019-1804

cisco -- nx-os     CVE-2019-1592
https://nvd.nist.gov/vuln/detail/CVE-2019-1592

cisco -- web_security_appliance  CVE-2019-1816
https://nvd.nist.gov/vuln/detail/CVE-2019-1816

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
純網銀即將上路 資安專家點出背後隱憂
https://ec.ltn.com.tw/article/breakingnews/2788348

純網銀成駭客眼中的肥羊!專家呼籲KYC身分認證多加一道手續
http://bit.ly/2LSpeSn

純網銀拚上路 就怕資安骨牌效應
https://ec.ltn.com.tw/article/paper/1288512

香港銀公:虛擬銀行加入屬良性競爭
http://www.aastocks.com/tc/stocks/news/aafn-news/NOW.940928/2

ATM傳當機 中信銀:壅塞已排除恢復正常
https://taronews.tw/2019/05/10/337147/

網銀、App、ATM當機 中信銀行致歉
https://money.udn.com/money/story/5613/3805999

中信ATM大當機!民眾排隊領嘸錢
http://bit.ly/2VlHWRw

中信ATM傍晚全台當機 7點半恢復正常
https://udn.com/news/story/7239/3805917?from=udn-catelistnews_ch2

超商ATM大當機!中信銀派員處理中
https://news.cts.com.tw/cts/life/201905/201905101960665.html

中信ATM大當機! 部分提款機領不了錢
http://bit.ly/30gq8ev

ATM大當機!中國信託道歉:疑因IBM主機系統壅塞
https://ec.ltn.com.tw/article/breakingnews/2786608

中信ATM當機「已全數恢復」 疑似又是IBM主機惹禍
https://www.ettoday.net/news/20190510/1441949.htm

中信銀再傳ATM當機 財金公司:該行內部系統忙碌
https://ec.ltn.com.tw/article/breakingnews/2786547

中信ATM晚間大當機!提款機螢幕「系統連線中」領不了錢
https://www.ettoday.net/news/20190510/1441905.htm

中信ATM晚間當機 目前已恢復正常
https://www.chinatimes.com/realtimenews/20190510003984-260410?chdtv

台銀網銀驚傳大當機用戶跳腳 11點已完成修復
https://tw.finance.appledaily.com/realtime/20190516/1567621/

網銀當機 台銀:問題現已排除建議重登入
https://ec.ltn.com.tw/article/breakingnews/2792005

台銀網銀當機?台銀:沒有當機,也沒有駭客
https://money.udn.com/money/story/5617/3816047

網銀傳當機無法登入 台銀:狀況已排除
https://www.ettoday.net/news/20190516/1445764.htm

南山境界系統舊版難重啟遭擱置 工會怨金管會遭綁架
https://udn.com/news/story/7239/3805856

南山系統改善最後通牒金管會擬親自找公正單位
https://www.chinatimes.com/realtimenews/20190510004287-260410?chdtv

南山恢復舊系統難度高只好「擱置」 工會控訴等於是拿保戶權益豪賭
https://www.ettoday.net/news/20190510/1441827.htm

搶救南山!15萬件停效保單最新配套措施 口頭回報39處業務中心即可
https://www.ettoday.net/news/20190510/1441605.htm

長者防身分被盜用 先設網路銀行帳戶
http://bit.ly/2E73USz

金管會︰純網銀執照審查延後公布 無關選舉
https://m.ltn.com.tw/news/politics/paper/1288490

Apple Card信用卡「開箱」 NFC配對芯片在包裝上
http://bit.ly/2YrPsfz

香港金融管理局 方保僑:信用卡業務宜統一監管
https://hk.on.cc/hk/bkn/cnt/finance/20190514/bkn-20190514000515833-0514_00842_001.html

資安險投保 2018年不到百件
https://m.ctee.com.tw/livenews/aj/a78817002019051415050075

港金管局與泰國央行加強金融合作
https://money.udn.com/money/story/5603/3812059

多人銀行卡莫名盜刷 警方:用ATM機前要做1個動作
https://news.sina.com.tw/article/20190515/31294204.html

電子轉帳匯款安全堪虞 黑客截取 銀行推搪卸責 歸咎事主電郵保安問題易被猜中
http://www.mingpaocanada.com/Tor/htm/News/20190514/tda1_r.htm

客戶電郵轉賬被盜 銀行僅賠一半損失
http://bit.ly/2VBKNuQ

AWS 搭載 TaiPay NSecured 企業雲端平台服務 解除資安威脅
https://money.udn.com/money/story/11799/3816365

多家銀行核查客戶身份 不配合者賬戶或受限
http://hk.crntt.com/crn-webapp/touch/detail.jsp?coluid=10&kindid=0&docid=105429147

南山人壽再吞第3張罰單 資安、個資缺失遭保險局開罰240萬
https://www.ettoday.net/news/20190517/1447114.htm

Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites
http://bit.ly/2VhOCjR




3.電子支付/電子票證/行動支付/ pay/新聞及資安
電子化支付佔比52%政策目標恐跳標?去年底只達38%
https://ec.ltn.com.tw/article/breakingnews/2787531

財金公司將分兩階段搭建台灣Pay清算平台
https://www.financialhy.com.tw/?p=12538

傳簡訊就轉帳 台灣電子支付落後肯亞
https://fnc.ebc.net.tw/FncNews/world/80176

台灣Pay種類大解密 信用卡金融卡都不同
http://bit.ly/2HsuOp1

Employees want flexible payment methods, pay cycles
https://www.atmmarketplace.com/news/employees-want-flexible-payment-methods-pay-cycles/

5.虛擬貨幣/區塊鍊   新聞及資安
2600 萬TRX 被盜背後的羅生門
https://paper.seebug.org/917/

2600 萬TRX 被盜背後的羅生門- 第二集
https://paper.seebug.org/918/

Coinbase揭示了為解决MakerDAO漏洞而採取的措施,而不會導致資金損失
https://0xzx.com/20190511054367338.html

區塊鏈分析公司:盜竊幣安的駭客身份仍無法確定
https://news.sina.com.tw/article/20190510/31243900.html

幣安(Binance)遭駭的 7,000 顆比特幣去哪了?還原駭客組織攻擊後的「銷贓過程」
https://www.blocktempo.com/hacked-binance-lost-7000-btc-hackers-transfer-process/

美國RIT學生被指控參與加密貨幣盜竊,涉案金額超過241萬美元
https://news.sina.com.tw/article/20190510/31240296.html

區塊鏈夯!黃金交易代幣化 買賣門檻大降
https://tw.finance.appledaily.com/realtime/20190513/1565628/

「幣安駭」後進行系統大更新 趙長鵬:爭取在週二恢復充值和提現
https://news.cnyes.com/news/id/4320057

加拿大銀行用區塊鏈技術驗證客戶身分
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=45&id=0000559232_4n233yny2bxwwl36c9k7r

為虛擬貨幣等平台提供支付結算通道 多家企業被舉報
https://news.sina.com.tw/article/20190511/31254832.html

使用區塊鏈真的可提高系統安全性?這得視情況而定
http://news.knowing.asia/news/7985464d-d9b9-456b-9fa8-0bcb730f2733

新犯罪浪潮?駭客透過電話號碼竊取價值百萬美元加密貨幣
https://happywin000-13.blogspot.com/2019/05/blog-post_435.html

1 月遭駭的紐西蘭交易所 Cryptopia 已經進入清算程序,停止所有交易
https://www.blocktempo.com/hacked-cryptocurrency-exchange-cryptopia-goes-into-liquidation/

當區塊鏈應用遍地開花,這些銀行到底在等什麼
http://news.knowing.asia/news/23cdc7f8-5b17-464c-8c2e-8c1af1a3617a

Cryptocurrency Hacks Still Growing — What Does That Mean for the Industry?
http://bit.ly/2VZ3CHJ

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / APT
防範勒索軟體 更不能忽視電郵詐欺
https://udn.com/news/story/6871/3810199

杠上了美國反病毒公司 俄羅斯駭客要賣它們的源代碼
http://big5.pconline.com.cn/b5/pcedu.pconline.com.cn/1257/12573980.html

WannaCry 勒索病毒回歸!微軟警告 XP 系統發現可疑的漏洞
http://bit.ly/2vWy9ao

華碩網路硬碟服務遭中間人攻擊散布後門程式
https://www.ithome.com.tw/news/130650?fbclid=IwAR0_6_dFh9XHtcbcjUAfcmk03w2Zcybg2LY03BB4djCgM3QdSzCViSDkOFk

防毒軟體程式碼驚傳外洩,Symantec、趨勢科技、McAfee遭到點名
https://www.ithome.com.tw/news/130659

微軟公司警告出現新病毒 類似勒索病毒「想哭」
https://news.sina.com.tw/article/20190516/31310584.html

Office 365被入侵帳號在3月份送出150萬封惡意郵件
https://blog.trendmicro.com.tw/?p=60613

Gootkit banking Trojan via Fake UKPC parking penalty appeals
https://myonlinesecurity.co.uk/gootkit-banking-trojan-via-fake-ukpc-parking-penalty-appeals/

Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage
https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage/

ASUS WebStorage abused to spy on users at the router level
https://www.zdnet.com/article/asus-webstorage-abused-to-spy-on-users-at-the-router-level/#ftag=RSSbaffb68

北韓駭客發動攻擊,蒐集連上Windows電腦的藍牙裝置資訊
https://www.ithome.com.tw/news/130635

ScarCruft continues to evolve, introduces Bluetooth harvester
https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/

ScarCruft APT Group Targets Bluetooth With Malware: Report
https://www.bankinfosecurity.com/scarcruft-apt-group-targets-bluetooth-malware-report-a-12485

What You Should Know About the Ursnif Banking Malware
https://telussecuritylabs.com/what-you-should-know-about-the-ursnif-banking-malware/

Ransomware Increasingly Hits State and Local Governments
https://www.bankinfosecurity.com/ransomware-increasingly-hits-state-local-governments-a-12481

Retefe Banking Trojan Hashes - Additional IOCs
https://brica.de/alerts/alert/public/1258716/retefe-banking-trojan-hashes-additional-iocs/

Nigerian BEC Scammers Use Malware to Up the Ante
https://www.bankinfosecurity.com/nigerian-bec-scammers-use-malware-to-up-ante-a-12475

Persistent Banking Trojan Virus Launches New Phishing Scam
https://www.sterlingnetworks.net/2019/05/13/persistent-banking-trojan-virus-launches-new-phishing-scam/

CYBERCRIME: GROUPS BEHIND “BANLOAD” BANKING MALWARE IMPLEMENT NEW TECHNIQUES
https://www.sentinelone.com/blog/cybercrime-banload-banking-malware-fraud/

This password-stealing malware just evolved a new tactic to remain hidden
https://www.izoologic.com/2019/05/13/this-password-stealing-malware-just-evolved-a-new-tactic-to-remain-hidden/

Linux vs. Zombieload
https://www.zdnet.com/article/linux-vs-zombieload/#ftag=RSSbaffb68

Emotet: The Banking Trojan — Malware of the Month, May 2019
https://spanning.com/blog/emotet-banking-trojan-malware-of-the-month/

Hackers Add Security Software Removal to Banload Banking Malware
https://www.securityweek.com/hackers-add-security-software-removal-banload-banking-malware

April 2019’s ‘most wanted malware’ shows return of banking trojan
https://www.intelligentciso.com/2019/05/15/april-2019s-most-wanted-malware-shows-return-of-banking-trojan/

April 2019’s Most Wanted Malware: Cybercriminals up to Old ‘TrickBots’ Again
http://bit.ly/2Ef8xKp

B.行動安全 / iPhone / Android /穿戴裝置 /App
Google於I/O大會說明多項Android Q資安措施,加密、沙盒、認證多管齊下
http://bit.ly/2vUqIR4

WhatsApp曝出漏洞 導致以色列間諜軟體入侵手機
https://news.sina.com.tw/article/20190514/31281038.html

WhatsApp遭駭! 疑以色列監控軟體作怪
http://bit.ly/2W1f9WY

WhatsApp認遭資深黑客攻擊 籲全球15億用戶更新
http://bit.ly/2Vq14xH

WhatsApp 確認通話功能存在間諜軟體漏洞
https://chinese.engadget.com/2019/05/14/whatsapp-call-exploit-allowed-spyware/

被黑客利用攻擊人權律師WhatsApp修復漏洞
https://www.aboluowang.com/2019/0515/1289203.html

WhatsApp安全漏洞恐遇駭 籲用戶更新程式
http://bit.ly/2VsacC6

WhatsApp 公佈駭人漏洞!黑客可無聲息安裝間諜軟件
http://pc3mag.com/whatsapp-exploit/

WhatApp傳有漏洞 駭客從語音通話功能植入遠端監控程式
http://bit.ly/2LILpKk

資安漏洞!WhatsApp語音通話遭駭客攻擊
http://bit.ly/2VvRYiY

臉書緊急修補WhatsApp被駭客開採的漏洞
https://www.ithome.com.tw/news/130637

黑客無痕侵WhatsApp 15億人銀行資料恐外洩
http://www.etnet.com.hk/www/tc/lifestyle/internationalaffairs/news/60009

WhatsApp黑客來電 不接聽也中毒
https://hk.news.appledaily.com/local/daily/article/20190515/20678669

Lessons learned from the latest WhatsApp hack
https://blog.checkpoint.com/2019/05/14/whatsapp-lessons-learned-mobile-vulnerability-hack-security-flaw/

Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones
http://bit.ly/2JI8Fps

Attackers Exploit WhatsApp Flaw to Auto-Install Spyware
https://www.bankinfosecurity.com/attackers-exploit-whatsapp-flaw-to-auto-install-spyware-a-12480

WhatsApp Exploit Reveals 'Legalized Hacking' at Work
https://www.bankinfosecurity.com/interviews/whatsapp-exploit-reveals-legalized-hacking-at-work-i-4326

網傳APP可竄改來電顯示?實測無法下載
https://news.ebc.net.tw/News/society/163565

提防最新 WhatsApp 堆疊緩衝區溢出漏洞
https://www.hkcert.org/my_url/zh/blog/19051401

Twitter承認漏洞 向廣告客戶提供用戶位置數據
http://bit.ly/2HoQYIA

建構完善的5G市場體質 為國家競爭力鋪路
https://talk.ltn.com.tw/article/paper/1287977

威脅美國資安 中國將出售同志交友軟體Grindr
https://www.taiwannews.com.tw/ch/news/3701545

中美貿易戰打得火熱,全球最大同志交友軟體也遭殃?白宮嚴防官員個資外洩,強逼中資2020年前撤出「Grindr」
https://www.storm.mg/article/1284126?srcid=73746f726d2e6d675f63373766396366313733396365313337_1557908186

IG突跳衛生棉廣告…男驚「Siri竊聽」! 網曝巧合:毛到骨子裡
https://www.ettoday.net/news/20190517/1446598.htm

iOS 12.3: How to keep your iPhone safe from hackers and snoopers
https://www.zdnet.com/pictures/ios-12-3-how-to-keep-your-iphone-safe-from-hackers-and-snoopers/#ftag=RSSbaffb68

Google I/O wrap-up, Garmin Forerunner 245 and 945, Jabra takes on Bose & Sony (MobileTechRoundup show #469)
https://www.zdnet.com/article/google-io-wrap-up-garmin-forerunner-245-and-945-jabra-takes-on-bose-sony-mobiletechroundup-show-469/#ftag=RSSbaffb68

Unpatched Flaw in UC Browser Apps Could Let Hackers Launch Phishing Attacks
http://bit.ly/2E4iPwS

Mobile accounts for nearly half of all banking transactions in Brazil
https://www.zdnet.com/article/mobile-accounts-for-nearly-half-of-banking-transactions-in-brazil/#ftag=RSSbaffb68

Citing concerns from NASA, senators urge FCC to rein in 5G expansion
https://www.zdnet.com/article/citing-concerns-from-nasa-senators-urge-fcc-to-rein-in-5g-expansion/#ftag=RSSbaffb68

New Relic rolls out New Relic One, aims to identify codependency of containers, microservices, cloud, apps
https://www.zdnet.com/article/new-relic-rolls-out-new-relic-one-aims-identify-codependency-of-containers-microservices-cloud-apps/#ftag=RSSbaffb68

Google adds the Pixel 3a to its Android Enterprise Recommended program
https://www.zdnet.com/article/google-adds-the-pixel-3a-to-its-android-enterprise-recommended-program/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 暗網/徵才 / 國際資安事件
HITCON CMT 2019 - 學生免費專案
https://blog.hitcon.org/2019/05/cmt-hitcon-free.html?m=1

在競賽中訓練資安事件應變能力
https://blog.twnic.net.tw/2019/05/15/3653/

以Safety 為依歸用Security 堆疊資安
http://www.compotechasia.com/a/feature/2019/0513/41781.html

全澳NAPLAN考試首日 機考系統出故障
http://www.epochtimes.com/b5/19/5/15/n11259905.htm

GitHub 遭駭客入侵,刪除多支程式源碼並勒贖
https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=907

深度防護網路安全!ATP智能防火牆結合「雲端運算與AI智能」
https://ithelp.ithome.com.tw/articles/10211810?sc=rss.qu

Pwn2Own競賽讓駭客趨之若鶩的秘密?專訪ZDI計畫負責人和趨勢科技安全研究副總
https://www.inside.com.tw/article/16366-pwn2own-zdi-and-trend-micro

三大Git託管平臺聯合發布用戶遭勒索報告,皆為憑證遭竊所致
https://www.ithome.com.tw/news/130658

台灣公共DNS Quad101 遭BGP劫持,僅三分半鐘未造成太大影響
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=850

北韓駭客發動攻擊,蒐集連上Windows電腦的藍牙裝置資訊
https://www.ithome.com.tw/news/130635

Office 365被入侵帳號在3月份送出150萬封惡意郵件
https://blog.trendmicro.com.tw/?p=60613

針對 Office 365 帳號的駭侵事件不斷增加
https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=906

實控人為防爆倉違規占資 安通控股收警示函
https://news.sina.com.tw/article/20190517/31320664.html

迅銷日本購物網46萬賬戶遭黑客攻擊
https://www2.hkej.com/instantnews/international/article/2136462

Uniqlo、GU網站遭駭客入侵「46萬個資外洩」 總公司:快換密碼
https://www.ettoday.net/news/20190514/1444401.htm

Uniqlo母公司稱日本網站46萬帳戶遭駭客侵入
https://money.udn.com/money/story/5599/3811468

Hack of Japanese Retailer Exposes 460,000 Customer Accounts
https://www.bankinfosecurity.com/hack-japanese-retailer-exposes-460000-customer-accounts-a-12482

暗網沒你想像中的精采:雜亂無章、當機無序、超過8成為英文
https://www.ithome.com.tw/news/130588

人民網評:劫持瀏覽器主頁,是該改邪歸正的時候
https://news.sina.com.tw/article/20190514/31281118.html

保證無後門!華為願與各國簽「無間諜協議」
https://www.chinatimes.com/realtimenews/20190515001573-260410?chdtv

川普要求美國企業不得與由外國敵人控制的資通公司作生意,替封鎖華為舖路
https://www.ithome.com.tw/news/130693

華為設備便宜?美國官員:長期成本高得離譜
https://ec.ltn.com.tw/article/breakingnews/2792928

網攻全球公部門 國家級駭客占8成
http://bit.ly/2JBjiKx

浙江公安警示:網路黑產用新技術攻擊,效果可達傳統攻擊百倍
https://news.sina.com.tw/article/20190510/31247396.html

網分析 Garena 逐漸變毒瘤:以前跟現在不像同一間公司
https://tw.esports.yahoo.com/4609434-051040961.html

立委公布錄音.對帳信 憂智崴遭中共資本滲透
http://bit.ly/2WSlFME

為了爭奪學校午餐生意,CFO 因駭對手偷資料被捕
https://technews.tw/2019/05/13/cfo-was-arrested-for-hacking-due-to-battle-for-school-lunch-bid/

兩大挖礦駭客集團在雲端Linux環境爭地盤
https://www.ithome.com.tw/news/130581

航空網路保安國際研討會 聚焦網路防恐
https://udn.com/news/story/7266/3813819

再開槍?傳川普簽行政命令禁美企買華為設備
https://fnc.ebc.net.tw/FncNews/tech/80244

華為喊簽「無間諜協議」美官員打臉揭三風險
http://www.ntdtv.com.tw/b5/20190515/video/245660.html

美中情局指華為像KGB 川普:不禁用會有「災難性後果」
https://www.cmmedia.com.tw/home/articles/15617

「華為給了他們接近90%的折扣..」面對華為 歐洲盟友們跟美國唱反調
https://www.cmmedia.com.tw/home/articles/15633

美國公布北韓政府使用的駭客工具
https://www.ithome.com.tw/news/130573

North Korean Hackers Using ELECTRICFISH Tunnels to Exfiltrate Data
http://bit.ly/2EfDIFF

North Korea debuts new Electricfish malware in Hidden Cobra campaigns
https://www.zdnet.com/article/north-korea-debuts-new-electricfish-malware-in-hidden-cobra-campaigns/#ftag=RSSbaffb68

Feds Warn of 'Electricfish' Malware Linked to North Korea
https://www.bankinfosecurity.com/feds-warn-electricfish-malware-linked-to-north-korea-a-12469

荷蘭警方系統更新令電子監控腳鐐失去聯繫
https://unwire.hk/2019/05/13/buggy-update-crashes-ankle-monitors-netherlands/fun-tech/

以色列辦歐洲歌唱大賽 電視轉播遭駭客入侵
https://news.pchome.com.tw/internation/pts/20190516/video-15579360000296808009.html

繞過經濟部!騰訊旗下 WeTV 證實落地台灣,中國 OTT 業者將大舉攻台
https://buzzorange.com/techorange/2019/05/13/wetv-oot-china-issue/

中國「CTID」侵台個資? 徐國勇:會設防火牆
https://news.ltn.com.tw/news/politics/breakingnews/2791995

國家安全與言論自由的兩難:以美國間諜法制為中心
https://www.thenewslens.com/article/118830

歐美破獲跨國駭客犯罪集團 竊得30億
https://udn.com/news/story/6811/3817663

BBC報導台灣同婚合法化 網友分析「最憤怒國家」是巴基斯坦
https://m.ltn.com.tw/news/life/breakingnews/2793714

韓冰反同婚?台灣駭客始祖分析揭亮點
http://bit.ly/30sbCjV

瞎!間諜來台發展組織 犯罪資金我竟無權沒收
https://m.ltn.com.tw/news/politics/breakingnews/2792786

美拉歐抗陸 資安圍堵科技戰開打
https://www.chinatimes.com/newspapers/20190517000103-260309?chdtv

北韓駭客組織HIDDEN COBRA利用惡意程式ELECTRICFISH建立隱密通道進行通訊
http://net.nthu.edu.tw/2009/mailing:announcement:20190514_02

川普簽署「國家緊急狀態令」,目標估計是禁用華為產品
https://chinese.engadget.com/2019/05/16/president-trump-national-emergency-for-telecom-networks/

川普頒政令保美國資安 華為速上黑名單
https://www.ntdtv.com/b5/2019/05/16/a102580586.html

資安大戰,大陸祭出重拳 傳將擴大監管外商雲端業務
http://bit.ly/2JO38gP

U.S. Charges 9 'SIM Swapping' Attackers For Stealing $2.5 Million
http://bit.ly/2WEIgMB

SIM hijacking ring which stole millions in cryptocurrency dismantled by feds
https://www.zdnet.com/article/sim-swapping-ring-which-stole-millions-dismantled-by-feds/#ftag=RSSbaffb68

Fighting Back Against DDoS Attacks
https://medium.com/homeaway-tech-blog/fighting-back-against-ddos-attacks-8c856e0c5c64

Single server ties hacked diplomatic cables to Chinese cyberattacks worldwide
https://www.zdnet.com/article/single-server-linked-to-hacked-cables-worldwide-chinese-cyberattacks/#ftag=RSSbaffb68

Threat Spotlight: Account Takeover
https://blog.barracuda.com/2019/05/02/threat-spotlight-account-takeover/

Single server ties hacked diplomatic cables to Chinese cyberattacks worldwide
https://www.zdnet.com/article/single-server-linked-to-hacked-cables-worldwide-chinese-cyberattacks/#ftag=RSSbaffb68

Reaver: Mapping Connections Between Disparate Chinese APT Groups
https://threatvector.cylance.com/en_us/home/reaver-mapping-connections-between-disparate-chinese-apt-groups.html

Trump signs executive order banning US telcos from buying or using foreign gear
https://www.zdnet.com/article/trump-signs-executive-order-banning-us-telcos-from-buying-or-using-foreign-gear/#ftag=RSSbaffb68

UK hacking powers can be challenged in court, judge rules
https://www.zdnet.com/article/uk-hacking-powers-can-be-challenged-in-high-court-judge-rules/#ftag=RSSbaffb68

SingPost, Synagie to offer on-demand SMB warehousing services
https://www.zdnet.com/article/singpost-synagie-to-offer-on-demand-smb-warehousing-services/#ftag=RSSbaffb68

【資安所】儲備資安輔導顧問 資策會_財團法人資訊工業策進會
https://m.104.com.tw/job/6iyl6?jobsource=intern

高階資安工程師(台北技術部)
http://bit.ly/2vRYZQX

【資安所】智慧雲端平台中心-PHP工讀生
https://www.104.com.tw/job/?jobno=6lwdc

中國-福建/新大陸支付技術有限公司/嵌入系統 Android應用 開發崗位
https://tw.observer/p/231278647

【中高階-外商】NOC資安網管專案經理 #4566
https://www.kellyservices.com.tw/it-se-programming-it-related--jobs/4566/2468470

C/C++ 軟體工程師
https://www.104.com.tw/job/?jobno=6m1n7

產品處-資安產品業務經理
https://www.104.com.tw/job/?jobno=6m3gh

資安分析師(B0000C)
https://www.104.com.tw/job/?jobno=6m4hr

資安分析工程師 (上班地點:台北)
https://www.104.com.tw/job/?jobno=6m4uk

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
買房匯錢 32.5萬元飛了! 駭客攔截電郵更改帳號
http://bit.ly/2PYBRJS

歐洲議會選舉「假新聞」亂竄? 外媒:俄國相關社群網站擴大分裂
https://www.ettoday.net/news/20190513/1443374.htm

友爆不只3部性愛片!閃亮亮「車後座伸舌」再曝光
https://ent.ltn.com.tw/news/breakingnews/2786934

閃亮亮全裸性愛片外流 友人爆:兇手握的不只這些
https://www.nownews.com/news/20190511/3376083/

任意蒐集個資 最重可判5年
https://m.ltn.com.tw/news/society/paper/1287982

駭客架設「復仇者聯盟4」假網站,騙取用戶資訊
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=851

新出爐的報告顯示有25%的網路釣魚攻擊繞過Office 365的安全防護
https://blog.trendmicro.com.tw/?p=60541

防詐騙 中華郵政:ATM無退款身分驗證功能
https://money.udn.com/money/story/5621/3809805

慘奪詐騙冒充來電冠軍 中華郵政教你如何辨別
https://udn.com/news/story/7315/3809637

小心受騙!詐騙集團假冒郵局要解除ATM分期
https://news.ltn.com.tw/news/society/breakingnews/2788441

怕大尺度片遭外流?臉書一招破解
http://bit.ly/2JAqsyP

Facebook因數據泄露事件遭土耳其當局罰款27萬美元
http://bit.ly/2JfMmI5

「網路嗅探」偷看簡訊驗證碼 武漢5人深夜被刷3萬
https://news.sina.com.tw/article/20190511/31253280.html

沙電訊騙案 40高校近百學生參與
http://bit.ly/2E56Z5s

沒有天上掉下來的房子 房仲、建商臉書遭盜用
https://udn.com/news/story/7241/3817855

電信詐騙手法千奇百怪 南市7天內阻詐5件
https://udn.com/news/story/7315/3811197

小心提防!未收到驗證碼通知,華裔男子銀行帳戶RM4000不翼而飛
http://www.skyqzone.com/article/emZrcFdQTzJGUHM9

電子郵箱轉帳不安全 加婦失1,700元
http://www.epochtimes.com/b5/19/5/13/n11256030.htm

e Transfer要小心 一女士抱怨被錢被盜
http://bit.ly/2Vk3CgR

還好警勸阻!180元網購裙子險被詐近16萬元
https://udn.com/news/story/7320/3811522

佯稱可兩岸匯兌 詐台商90萬元人民幣
https://www.chinatimes.com/realtimenews/20190514002450-260402?chdtv

警方搗破專偷醉漢信用卡黨拘6人 綁定電子支付系統碌卡涉款20萬
http://www.hkcd.com/content/2019-05/16/content_1138149.html

小伙詐騙后寫日記佩服自己很優秀 民警看完氣笑了
https://news.sina.com.tw/article/20190511/31255010.html

假證券主管鼓吹兄投資 妹幫匯款警及時阻詐女子銀行欲匯六萬港幣
https://www.ttv.com.tw/news/view/10805130014800N/573

「你包裹被查扣」!專騙美國華裔 3個月詐2千萬
http://bit.ly/2YrW91q

【錯誤】網傳「金融機構致電民眾配合金管會新政策…出生國家欄位直接改為【TW 台灣 Taiwan】」
https://tfc-taiwan.org.tw/articles/494

詐團躲山區民宿騙大陸人 美國女工程師上當
https://udn.com/news/story/7315/3805209

「密碼交出來」!行竊失風改用搶 男盜領12萬
http://bit.ly/2HlYvsK

捐個血個資就外泄? 這個國家出事不是第一次
https://udn.com/news/story/6811/3816647

檢舉協助警方查獲詐欺車手 即核發1萬獎勵金
https://tyenews.com/2019/05/16627/

入侵4企業 盜近8000萬個資 2中國駭客遭美司法部起訴
http://www.ipub.one/show/182741

四年前竊美八千萬個資 一中國人被美起訴
http://www.epochtimes.com/b5/19/5/9/n11246221.htm

微軟:我們去年封鎖了50億封釣魚郵件
https://www.ithome.com.tw/news/130691

Russian government sites leak passport and personal data for 2.25 million users
https://www.zdnet.com/article/russian-government-sites-leak-passport-and-personal-data-for-2-25-million-users/#ftag=RSSbaffb68

U.S. Charges Chinese Hacker For 2015 Anthem Data Breach
http://bit.ly/30d5WtT

Custodians of the Internet, book review: Content moderation under the microscope
https://www.zdnet.com/article/custodians-of-the-internet-book-review/#ftag=RSSbaffb68

Indiana Pacers disclose security breach
https://www.zdnet.com/article/indiana-pacers-disclose-security-breach/#ftag=RSSbaffb68

Over 275 Million Records Exposed by Unsecured MongoDB Database
https://www.bleepingcomputer.com/news/security/over-275-million-records-exposed-by-unsecured-mongodb-database/

Passwordless MongoDB Database Exposes 275 Million Records
https://www.bankinfosecurity.asia/passwordless-mongodb-database-exposes-275-million-records-a-12472

Equifax's Data Breach Costs Hit $1.4 Billion
https://www.bankinfosecurity.asia/equifaxs-data-breach-costs-hit-14-billion-a-12473

Verizon’s data breach report: What the numbers say
https://www.welivesecurity.com/2019/05/13/verizon-dbir-what-numbers-say/

Antivirus Makers Confirm—and Deny—Getting Breached by Hackers Looking to Sell Stolen Data
http://bit.ly/2JFN5BN

E.研究報告
年度最大病毒團伙現形記
https://www.freebuf.com/articles/network/202352.html

GandCrab勒索軟件的新感染方法
https://www.cybereason.com/blog/gandcrab-evasive-infection-chain

伊朗國家背景的APT組織“Black Box”被ClearSky團隊發現
https://www.clearskysec.com/iranian-apt-black-box/

Turla組織其中一個用於攻擊微軟Exchange郵件服務器的後門- LightNeuron
https://cdn1.esetstatic.com/ESET/US/resources/white-papers/ESET_Lightneuron_WP.pdf

奇安信RedDrip Team發布《海蓮花團伙對中南半島國家攻擊活動的總結:目標、手法及技術演進》報告
https://ti.qianxin.com/uploads/2019/05/08/e159233f9b2b714ba1e76e3e1b84deba.pdf

McAfee高級威脅研究團隊開源了一個輔助尋找ROP Gadget的工具- xbypass
https://github.com/advanced-threat-research/xbypass

CVE-2017–1000405漏洞原理分析
https://www.freebuf.com/column/203162.html

使用Rootkit實現惡意挖礦:CVE-2019-3396漏洞新型惡意利用方式分析
https://www.itread01.com/hkyecyq.html

黑客利用辦公軟件Confluence漏洞進行挖礦攻擊
http://www.okz.ltd/news/170995.html

揭秘使用Confluence未授權RCE漏洞在6小時內黑掉50+公司
https://www.freebuf.com/articles/web/202492.html

“俠盜”勒索病毒V5.3新變種全面剖析
https://paper.seebug.org/911/

Cisco Talos報告Alpine Linux Docker鏡像中的硬編碼憑據
https://paper.tuisec.win/detail/b99f202a57469ce

GitHub Ranking:GitHub 中國用戶排名& 全球倉庫Star 最多排名
https://paper.tuisec.win/detail/c5f107a978b871b

PDF雙重釋放漏洞CVE-2018-4990分析
https://xz.aliyun.com/t/5094

拆解黑客連鎖攻擊(二):睇留言都中招之 RCE Rootkit
http://bit.ly/2YpPwN1

CVE-2017–10271漏洞原理分析
https://www.freebuf.com/column/203816.html

PCMan's FTP 漏洞(CVE-2013-4730)詳細復現調試過程與exp構造
https://www.anquanke.com/post/id/177939

Feathering for SSIDs
https://medium.com/@elkentaro/feathering-for-ssids-bd69ad41165a

Source Code Security Audit
https://github.com/WhaleShark-Team/cobra

SlowLoris: DoS Attack tool for Low Bandwidth
http://bit.ly/30fy8wg

Darksearch - The 1st real search engine Dark Web (Darksearch vs Ahmia)
http://bit.ly/2HlFghL

Intelligence in Computing Machinery: Quest, approach and the future
https://towardsdatascience.com/intelligence-in-computing-machinery-quest-approach-and-the-future-deab2ce89f55

A Code of Ethics Does Little to Correct the Issues with Today’s Software
http://bit.ly/2W3tz8M

SHA-1 collision attacks are now actually practical and a looming danger
https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/#ftag=RSSbaffb68

Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure
http://bit.ly/2EaCg7o

CYBERCRIME: GROUPS BEHIND “BANLOAD” BANKING MALWARE IMPLEMENT NEW TECHNIQUES
https://www.sentinelone.com/blog/cybercrime-banload-banking-malware-fraud/

F.商業
自動化解析應用程式服務數據 即時打通系統運行瓶頸 APM透視效能 保障用戶體驗
https://www.netadmin.com.tw/article_content.aspx?sn=1905020003

賽門鐵克買下資安公司Laminate,二年內收購四家共7.3億鎂以色列資安公司
https://zi.media/@techbyeastcom/post/BAHZTK

貿易戰掀資安恐慌 人臉辨識台廠攻國際市場
http://bit.ly/30m6LjV

湛揚科技獨家推出「Sophos同步聯防 加『備』安全」 購買Sophos系列 贈Acronis新世代資料保護與災難復原解決方案
https://n.yam.com/Article/20190514533286

Oracle Exadata 資料庫機器問世 10 年,助企業邁向數位轉型之路
https://technews.tw/2019/05/15/oracle-exadata-tenyears-digital-transformation/

Google 密碼檢查工具 Password Checkup : 即時檢查密碼是否安全或外洩
https://mrmad.com.tw/password-checkup

App資安檢測沙箱系統-鑒真Android Sandbox的特色說明
http://iforensicsblog.blogspot.com/2019/05/app-android-sandbox.html

Google to replace faulty Titan security keys
https://www.zdnet.com/article/google-to-replace-faulty-titan-security-keys/#ftag=RSSbaffb68

The 'modular' Mac Pro is the solution to a problem that Apple itself created
https://www.zdnet.com/article/the-modular-mac-pro-is-the-solution-to-a-problem-that-apple-itself-created/#ftag=RSSbaffb68

IBM updates Watson Studio
https://www.zdnet.com/article/ibm-updates-watson-studio/#ftag=RSSbaffb68

'Project Campfire' effort for dual-booting Windows on Chromebooks is shutting down
https://www.zdnet.com/article/project-campfire-effort-for-dual-booting-windows-on-chromebooks-is-shutting-down/#ftag=RSSbaffb68

Microsoft wants its Azure servers to be as durable as tardigrades
https://www.zdnet.com/article/microsoft-wants-its-azure-servers-to-be-as-durable-as-tardigrades/#ftag=RSSbaffb68

Google Chrome to Introduce Improved Cookie Controls Against Online Tracking
http://bit.ly/2vPdN2S

Cloud, enterprise tech decisively exits the zero-sum era and enters a lovefest
https://www.zdnet.com/article/cloud-enterprise-tech-decisively-exits-the-zero-sum-era-and-enters-a-lovefest/#ftag=RSSbaffb68

Google opens hub for privacy engineering in Germany
https://www.zdnet.com/article/google-opens-hub-for-privacy-engineering-in-germany/#ftag=RSSbaffb68

Presearch extension enables private searching across on Chrome, Firefox, and Brave browsers
https://www.zdnet.com/article/presearch-extension-enables-private-searching-across-on-chrome-firefox-and-brave-browsers/#ftag=RSSbaffb68

Confluent makes Apache Kafka cloud-native
https://www.zdnet.com/article/confluent-makes-apache-kafka-cloud-native/#ftag=RSSbaffb68

Cisco slightly beats Q3 expectations
https://www.zdnet.com/article/cisco-slightly-beats-q3-expectations/#ftag=RSSbaffb68

Cybersecurity unicorn CrowdStrike files to go public on the Nasdaq
https://www.zdnet.com/article/cybersecurity-unicorn-crowdstrike-files-to-go-public-on-the-nasdaq/#ftag=RSSbaffb68

G.政府
嚴管危害資安產品 政院:不排除以「辦法」形式公布
https://udn.com/news/story/6656/3813515

危害國家資安產品 政院研擬以辦法公布清單
https://www.cna.com.tw/news/aipl/201905150066.aspx

危害國家資安產品 決戰咫尺內
https://news.pchome.com.tw/politics/idn/20190515/index-55792940478238224001.html

便民!金管會開放「非約定轉帳」可線上辦 不用再臨櫃申請
https://www.ettoday.net/news/20190514/1444413.htm

銀行監理經驗豐富 黃光熙 升任銀行局副局長
http://bit.ly/30mBgX7

F-ISAC業務說明
http://www.twse.com.tw/zh/brokerService/downloads/download/d108-11.pdf

台灣安控業創600億 蔡英文:資安就是國安
http://bit.ly/2VxVGhc

資通安全管理法施行情形 期中檢討與精進建議
http://bit.ly/2YfkVBy

美傳禁購華為 經部:資安不特別針對中國產品或單一品牌
https://udn.com/news/story/7238/3813610

巡邏箱QR碼漏洞! 懶警複製「遠端簽到」遭罰
http://bit.ly/2EbdGTE

請各單位加強宣導個資管理,並防護保有個人資料檔案之網站系統,以防杜網站個資外洩
http://www.tcrc.edu.tw/new/new-list/2019-05-13-06-53-15

被爆1200萬標案養網軍 政院駁斥:勿散播不實訊息
https://tw.news.appledaily.com/politics/realtime/20190516/1567601/

李總長視導資通電軍 勉精進職能
http://bit.ly/2w3DkVW

新版身分證「像一把鑰匙」徐國勇:可設密碼護個資
https://udn.com/news/story/7314/3816258?from=udn-catelistnews_ch2

金融研訓院辦理資訊安全暨數位鑑識系列課程 6/18 ~ 7/22
http://service.tabf.org.tw/tw/user/369833/

金融研訓院辦理資安治理講堂  8/20 ~ 11/19
http://service.tabf.org.tw/tw/user/369823/

新身分證8大功能 可設密碼防個資外洩 多卡合一!報稅.健保卡.駕照一卡搞定
https://www.ttv.com.tw/news/view/10805160024700N/579

中國鼓吹台灣人將數位身分證轉成居住證 綠委李俊俋憂成國安漏洞
https://musou.watchout.tw/read/RUWwpzFfFcFfdM4gfTWh

數位身分證有密碼保護隱私 內政部:卡片掉了可立即註銷
https://tw.appledaily.com/new/realtime/20190516/1567910/

AI國家隊TWCC試營運 陳良基盼AI成台灣兆元產業
http://bit.ly/2WaUJL2

台北市監視系統採買改租賃!陳嘉昌坦承:租比買貴
http://bit.ly/2WarLuQ

軍校盃「網路安全」競賽 國軍自主培訓資安人才
http://bit.ly/2W9GTsn

軍校盃「網路安全」競賽 國軍自主培訓資安人才
https://mna.gpwb.gov.tw/post.php?id=13&message=94439

勒索病毒入侵 議員擔心資安問題 質疑機密資料、民眾個資是否外洩 官網癱3天 基市府:個資未外洩
https://eteacher.edu.tw/ReadNews_m.aspx?id=3918

禁用華為設備 政院評估中
https://money.udn.com/money/story/5612/3817759

行政院國家資通安全會報技服中心聯防監控廠商回傳狀況清單
http://bit.ly/2YxC4GX

H.SCADA/ICS/工控系統
關鍵基礎設施安全拉警報,專家剖析網路攻擊趨勢
https://www.ithome.com.tw/people/130423

工控十大網絡攻擊武器分析報告
https://paper.seebug.org/912/

資安課題促半導體供應鏈與SEMI攜手制訂標準
https://news.wearn.com/c221244.html

超100個漏洞將3萬門禁暴露給黑客
https://www.itread01.com/hkyffhkp.html






I.教育訓練
【專家主場】「資安真經」之資安 新人王 育成計劃
http://bit.ly/2WENVCy

如何自學寫程式? — 心法是成功關鍵
http://bit.ly/30dyNOH

叡揚武功秘笈獨家報 資安程式開發課程起跑
https://money.udn.com/money/story/10860/3813288

安全程式開發攻防演練開課囉 武功秘笈報給你知不藏私
https://www.cna.com.tw/postwrite/Detail/253833.aspx#.XNgoAY4zbIU

不會 C也是資安高手:用 Python 和駭客大戰三百回合
https://www.tenlong.com.tw/products/9789869772624?list_name=c-computer-security

資策會2019/5/23開辦「ISO27005資安與個資風險管理認證班」
https://ithome.com.tw/pr/130558

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
挾帶資安優勢 本土AI智慧音箱LUCIA加入戰局
http://bit.ly/2vU7GdG

科技生活出一張嘴 智慧音箱恐有資安隱憂
https://news.pchome.com.tw/finance/cna/20190512/index-15576307841988418003.html

進入物聯網時代 資安威脅更難應付
https://udn.com/news/story/6871/3809304

舊金山開全美之先 禁用面部辨識系統
http://bit.ly/2W89Nci

智慧音箱 暗藏資安隱憂
http://bit.ly/2EdINxV

什麼是工業物聯網(IIoT)
https://blog.trendmicro.com.tw/?p=60237

台灣AI超級電腦上線 第4季開放產業使用
https://www.chinatimes.com/realtimenews/20190516002096-260410?chdtv

台灣終於有AI超級電腦!有望打造AI兆元產業
https://money.udn.com/money/story/5612/3817256

世界第20名超級電腦 「台灣杉二號」6月開放使用
https://news.ltn.com.tw/news/life/breakingnews/2791992

智慧製造促使OT與IT匯流 生產線前端資料易成駭客攻擊目標
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=13&id=0000559985_zqa8shmo9iqtjy4j82crk

確保智慧家庭與智慧建築安全:複雜 IoT 環境的威脅與風險
https://blog.trendmicro.com.tw/?p=59959

智慧製造下的資安風險不容忽視 有賴產業鏈協力化解
https://www.digitimes.com.tw/iot/article.asp?cat=130&id=0000559644_vlr7p5z33fysb05ui1bo3

國網中心AI軟硬資源鎖定生命科學與智慧城市領域
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=15&id=0000559651_jap5yg3v6whk1u0hg17mj

Machine vision is the newest weapon against crop loss
https://www.zdnet.com/article/machine-vision-is-the-newest-weapon-against-crop-loss/#ftag=RSSbaffb68

How Twilio SendGrid uses machine learning to thwart phishing attacks
https://www.zdnet.com/article/how-twilio-sendgrid-uses-machine-learning-to-thwart-phishing-attacks/#ftag=RSSbaffb68

6.近期資安活動及研討會
 教育部資安人才培育計畫 – 總期程期中成果展暨企業實習及就業媒合交流會 5/18
 https://isip.moe.edu.tw/wordpress/?p=1668

 《我們與資安的距離》給高中生的一堂資安課-高中職資安體驗課程  5/18
 http://gg.gg/dueuq

 DevDays Asia 2019 @Taipei 亞太技術年會  2019/5/21-2019/5/23 | 9:00 AM - 5:00 PM
 https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x6811311abcd

 國立嘉義高中學生資安深耕營  5/22
 https://forms.gle/hhmqnnhdLrxG38oD7

 CDX2.0推廣活動  5/22
 https://nchc-cdx.kktix.cc/events/cdxactivity-0522

 工研院進修園地-樹莓派影像 5/22
 http://bit.ly/2Ld3QH3

 HackingThursday 固定聚會 5/23
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbfc/

 國家高速網路與計算中心教育訓練-源碼檢測實作  5/23
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3835&from_course_list_url=homepage

 第二十九屆全國資訊安全會議  5/23  ~ 5/24
 https://cisc2019.cs.pu.edu.tw/index.php

 The Dungeons of Hackers [email protected] 2019 - 駭客的地下工作坊@花蓮  5/24
 https://tdohackerparty.kktix.cc/events/4908125d?fbclid=IwAR39uCZNCuuzlOZGz0NhIhqfahs5D4GjaLWXpbbsda6xah3_CIU-3MGl2Ac

 硬體資安研討會  108年5月24日
 https://eenctu.nctu.edu.tw/tw/news/p1.php?num=273

 2019年首場資安社群論壇 - 駭客過招,實戰分享   5/25
 https://forms.gle/965PMChQD82qYAmM7

 Docker Birthday #5 - Taipei  5/25
 https://www.meetup.com/Docker-Taipei/events/248974949/

 [K8S學程] Kubernetes 容器遷移實戰 5/25
 https://broadmission.kktix.cc/events/migration?fbclid=IwAR3HE5E_DgL4qe8wv1j12QvEhO9_i9qj7e7mWF6Z5I_m6itcVwTJV-7jl30

 今年首場資安社群論壇 - 駭客過招,實戰分享 5/25(六)
 https://www.digicentre.com.tw/news_detail.php?id=56&fbclid=IwAR1Qsa6ehY00EJk4tGPfxZ1HqvrcX2eVNZ2Htets23i_qiKZCCI9-H1plZw

 《我們與資安的距離》給高中生的一堂資安課-用Python進行資安解題  5/26
 http://gg.gg/dueuq

 OWASP TechDay Taiwan 2019  2019/05/28
 https://csa.kktix.cc/events/owasp0528

 「智慧資安主題論壇-智慧製造」論壇(5/29)
 http://www.twiota.org/eventDetails.aspx?id=c0ce0559-496a-4d32-b481-14221f75d791

 HackingThursday 固定聚會 5/30
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbnc/

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 軟體安全性測試實務 6/3 ~ 6/4
 https://www.accupass.com/event/1904230701335964656400

 HackingThursday 固定聚會 6/6
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbjb/

 國家高速網路與計算中心教育訓練-源碼檢測實作 6/13
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3828&from_course_list_url=homepage

 HackingThursday 固定聚會  6/13
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbrb/

 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 HackingThursday 固定聚會 6/20
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbbc/

 國家高速網路與計算中心教育訓練-資安健診  6/20
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3832&from_course_list_url=homepage

 Edvance Beacon 2019  6/21
 https://docs.google.com/forms/d/e/1FAIpQLSe70uw8Pi862IkL_rQXDJhzd7QnGXiuhcWwttOEN2BZwUbyMw/viewform

 HackingThursday 固定聚會 6/27
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/

 HackingThursday 固定聚會 7/4
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/

 2019國際資訊安全組織台灣高峰會  7/9 ~ 7/11
 https://csa.kktix.cc/events/2019con

 工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
 https://www.accupass.com/event/1904080311551119077841

 HackingThursday 固定聚會 7/11
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/

 HackingThursday 固定聚會 7/18
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/

 HackingThursday 固定聚會 7/25
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/

 DEF CON 27  2019/8/8–8/11
 https://www.defcon.org/

 WEB應用滲透測試 8/21 ~ 8/23
 https://www.accupass.com/event/1904080221358963463590

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 108年資安職能訓練-行動裝置安全(8/29-8/30)
 https://cee.ksu.edu.tw/recruitinfo/1443.html

 TANET 2019 - 臺灣網際網路研討會  9/25
 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310

 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/?fbclid=IwAR2gU17bz0Y7TH8THIIskIX1vziWBpMY152mJiwk7AAeVS752f_eNcZ0NzU

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com


留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…