跳到主要內容

資安事件新聞週報 2019/5/20 ~ 2019/5/24





資安事件新聞週報  2019/5/20  ~  2019/5/24

1.重大弱點漏洞/後門/Exploit/Zero Day
Fortinet FortiClient 遠端執行任意程式碼漏洞  CVE-2019-5589
https://fortiguard.com/psirt/FG-IR-19-060

Fortinet FortiOS 緩衝區錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13381

Fortinet FortiOS VM 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5587

多款Huawei S系列交換機安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5285

揭秘“0 day漏洞”:一款強大卻脆弱的武器
https://www.4hou.com/vulnerable/18116.html

Some Elasticsearch security features are now free for everyone
https://www.zdnet.com/article/some-elasticsearch-security-features-are-now-free-for-everyone/#ftag=RSSbaffb68

McAfee 產品多個漏洞
https://kc.mcafee.com/corporate/index?page=content&id=SB10282
https://kc.mcafee.com/corporate/index?page=content&id=SB10280

女黑客SandboxEscaper又曝光4個Windows 10零日漏洞
https://www.sohu.com/a/316244133_223764?sec=wd

專家促微軟用戶修補遠端漏洞 警告黑客或發動蠕蟲攻擊
http://bit.ly/2HzCve0

最新 Windows 10 0-Day 漏洞在推特上出現,可執行任意檔案
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=856

微軟 Internet Explorer 零日繞過保安限制漏洞
https://www.bleepingcomputer.com/news/microsoft/poc-exploits-released-for-two-more-windows-vulnerabilities/

Windows漏洞獵人SandboxEscaper公布第五個零時差漏洞
https://www.ithome.com.tw/news/130814

Update: Hacker Disclosed 4 New Microsoft Zero-Day Exploits in Last 24 Hours
http://bit.ly/2wgRJhP

PoC Exploit For Unpatched Windows 10 Zero-Day Flaw Published Online
http://bit.ly/30BIVky


Systems administrators: You need to know about this Windows 10 1903 patching change
https://www.zdnet.com/article/systems-administrators-you-need-to-know-about-this-windows-10-1903-patching-change/#ftag=RSSbaffb68

Two more Microsoft zero-days uploaded on GitHub
https://www.zdnet.com/article/two-more-microsoft-zero-days-uploaded-on-github/#ftag=RSSbaffb68

Microsoft Jet Database Engine遠程代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0580

微軟沒輒了!這次更新包括Windows XP等舊版系統
https://udn.com/news/story/11017/3822250

微軟視窗權限提升漏洞
https://thehackernews.com/2019/05/windows-zero-day-vulnerability.html

Windows 10 發現新零日漏洞 駭客可取得管理員權限
https://unwire.pro/2019/05/23/windows-zero-day/security/

Microsoft 產品存在安全性弱點
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Windows 10 Update Bricks PCs, Microsoft Offers Workarounds
http://bit.ly/2LZ5ix7

Windows 10 version 1903: Is it safe to install yet
https://www.zdnet.com/article/windows-10-latest-version-is-it-safe-to-install-yet/#ftag=RSSbaffb68

Windows 10 zero-day exploit code released online
https://www.zdnet.com/article/windows-10-zero-day-exploit-code-released-online/#ftag=RSSbaffb68

Microsoft Releases Windows Updates to Fix GOV.UK Connection Issues
http://bit.ly/2WaJTF2

Researcher publishes Windows zero-days for the third day in a row
https://www.zdnet.com/article/researcher-publishes-windows-zero-days-for-the-third-day-in-a-row/#ftag=RSSbaffb68

Microsoft Releases Patches For A Critical 'Wormable Flaw' and 78 Other Issues
http://bit.ly/2LTH87e

Microsoft to start pushing Windows 10 version 1903 automatic updates within weeks
https://www.zdnet.com/article/microsoft-to-start-pushing-windows-10-version-1903-automatic-updates-within-weeks/#ftag=RSSbaffb68

Microsoft makes Windows Server 1903 generally available
https://www.zdnet.com/article/microsoft-makes-windows-server-1903-generally-available/#ftag=RSSbaffb68

Microsoft kicks off the rollout of the Windows 10 May Update 1903
https://www.zdnet.com/article/microsoft-kicks-off-the-rollout-of-the-windows-10-may-update-1903/#ftag=RSSbaffb68

Linux 內核曝出RDS 漏洞影響Red Hat , Ubuntu , Debiand 與SuSE
https://www.heibai.org/post/1294.html

【4 萬美元獎金 + 8 萬美元禮物換保密協議?!】 傳 Intel 試圖要求調查人員隱瞞新漏洞
http://bit.ly/2YD3c7k

Intel 建議用戶可以關閉 HT 來杜絕漏洞
https://www.coolaler.com/threads/intel-mds.355482/

你被優衣庫遭到黑客攻擊與英特爾漏洞刷屏了嗎
https://zhuanlan.zhihu.com/p/66108060

ZombieLoad: How Intel’s Latest Side Channel Bug Was Discovered and Disclosed
http://bit.ly/2QgiThL

DSA-2019-051:Dell SupportAssist 客戶端多個漏洞
https://dell.to/2JRr1nK

AMD 真香?AMD 處理器面對「MDS」漏洞無所畏懼
https://exp.gg/zh_tw/exp%E7%A7%91%E6%8A%80%E5%B0%88%E5%8D%80-zh_tw/109185

GitLab輸入驗證錯誤漏洞
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/

蘋果設備被曝存在PEAP認證漏洞研究人員對官方修復方案存疑
http://bit.ly/2WTnrNN

Cisco NX-OS命令注入漏洞  CVE-2019-1783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1783

思科針對Nexus 數據中心交換機發出危急安全預警
http://www.sohu.com/a/315098586_100034897?sec=wd

現如今連安全漏洞命名都用表情符了:思科路由器安全啟動漏洞
https://www.aqniu.com/threat-alert/48485.html

Ministryfocusets SQL Injection
https://www.anquanke.com/vul/id/1613759

Big Daddy's Sauces SQL Injection
https://www.anquanke.com/vul/id/1615166

Manav Vikas Seva Sangh SQL Injection
https://www.anquanke.com/vul/id/1615725

Bluetooth Flaw Found in Google Titan Security Keys; Get Free Replacement
http://bit.ly/2WRYRNb

New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011
http://bit.ly/2YAQgij

asus -- rt-ac3200_firmware   
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-14714

D-Link DIR-818LW
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19986
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19987

D-Link DIR-822
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19989
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19990

D-Link DIR-868L
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19988

suricata-ids -- suricata   
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10053

Google updates GKE with release channels, Windows Server Containers
https://www.zdnet.com/article/google-updates-gke-with-release-channels-windows-server-containers/#ftag=RSSbaffb68

Salesforce Says Permissions Bungle Almost Fixed
https://www.bankinfosecurity.com/salesforce-says-permissions-bungle-almost-fixed-a-12497

Google 的G Suite 漏洞讓部分密碼明文存儲達14 年之久
https://www.sohu.com/a/315599427_485557?sec=wd

Mozilla Firefox 多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/05/21/Mozilla-Releases-Security-Updates-Firefox

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
牽連虛擬銀行發展 客戶資訊認證平台開標延期
http://bit.ly/2w7kmhh

香港銀行公會:環聯網上信貸資料服務平台存漏洞
https://hk.on.cc/hk/bkn/cnt/finance/20190520/bkn-20190520153910276-0520_00842_001.html

香港金管局:環聯已提交報告 續暫停網上個人信貸查詢
http://bit.ly/2WcSwPn

一個月內挨罰3次 南山人壽電子商務系統業務存在7項資安、洗錢防制及內稽內控相關缺失 再吞240萬罰單
https://money.udn.com/money/story/5613/3819578

國泰資安險 全方位控管防禦
https://money.udn.com/money/story/5636/3824322

不到半年當機2次 中信銀總座陳佳文:我不滿意
https://ec.ltn.com.tw/article/breakingnews/2797755

後悔了! 南韓金融機構紛紛考慮棄用華為設備
https://ec.ltn.com.tw/article/breakingnews/2797881

全球重量級銀行合資15億元 研發區塊鏈現金結算系統
https://money.udn.com/money/story/5602/3819790

到7-11門市領日圓現鈔 中信銀ATM進駐10店
https://www.ettoday.net/news/20190516/1446115.htm

挺員工!協助金融科技轉型 金融業尚有近54億元可支用
https://ec.ltn.com.tw/article/breakingnews/2792708

因應Fintech 金融業提近60億用不到一成
https://www.chinatimes.com/realtimenews/20190516003785-260410?chdtv

明台產險與資安顧問攜手推出「資安的好險plus」專案
https://www.chinatimes.com/realtimenews/20190523001078-260410?chdtv

花旗銀行向拒收直銷訊息客戶促銷 違反私隱條例判罰1萬元
http://bit.ly/2Hw2Bi2

崴亞開辦 資安保險人才培訓班
http://bit.ly/2JWuTnH

萬幼筠:臺灣純網銀將帶來7大趨勢,但銀行得先具備6項資安能力才不怕Fintech新風險
https://www.ithome.com.tw/news/130692

高儲蓄保單將消失,金管會:保險不是為了理財
http://bit.ly/2X7V3Yx

865家銀行加入人民幣跨境支付系統 去年交易額26萬億
https://news.sina.com.tw/article/20190523/31397030.html

工會赴政院陳情 南山人壽承諾3改善方案 保證新系統6月底前一定穩
https://www.cmoney.tw/notes/note-detail.aspx?nid=171814

銀保監會通報人身險產品問題 26家公司被「點名」
https://news.sina.com.tw/article/20190524/31403560.html

400名南山保戶今到行政院陳情 提2大訴求盼新舊系統並行
https://ec.ltn.com.tw/article/breakingnews/2800667

新系統出包!工會赴政院陳情 南山人壽提3承諾
https://fnc.ebc.net.tw/FncNews/headline/81327

南山新系統大亂「確定不恢復舊系統」 提3大措施拚6月底前改善
https://www.ettoday.net/news/20190524/1451770.htm

傳網銀當機 台銀澄清:重啟設備影響少數用戶
https://www.cna.com.tw/news/afe/201905160109.aspx

台銀網銀當機?台銀:沒當機也沒有駭客
https://udn.com/news/story/7239/3816047

網銀當機 台銀:問題現已排除建議重登入
https://ec.ltn.com.tw/article/breakingnews/2792005

RBI Calls for Self-Regulation for Fintech
https://www.bankinfosecurity.asia/rbi-calls-for-self-regulation-for-fintech-a-12499

ATM physical attacks: Why armor isn't enough
https://www.atmmarketplace.com/blogs/atm-physical-attacks-why-armor-isnt-enough/

The future of cards, contactless and biometrics in payments
https://www.atmmarketplace.com/blogs/the-future-of-cards-contactless-and-biometrics-in-payments-2/

India's Financial Sector Faces Numerous Cyber Challenges
https://www.bankinfosecurity.asia/indias-financial-sector-faces-numerous-cyber-challenges-a-12512

3.電子支付/電子票證/行動支付/ pay/新聞及資安
尼泊爾即日起禁用微信支付、支付寶
https://hk.news.appledaily.com/china/realtime/article/20190521/59625718

陸客一直來卻無法「發大財」,尼泊爾為何全面禁止微信、支付寶
https://www.thenewslens.com/article/119558

商家變相逃稅…尼泊爾禁中國第三方支付
https://m.ltn.com.tw/news/world/paper/1290698

(Daily Issue)印度行動支付群雄並爭 難敵UPI一統江湖
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=1&id=0000555308_VX528YHK16ZYOL7QX9I6C

鳳凰薪酬支付系統故障 料需時4載花26億解決
http://bit.ly/2QdLncf

華為若遭Google中止服務 中信銀:系統界接沒問題
https://ec.ltn.com.tw/article/breakingnews/2797509

電票機構資本額20億以上 董總不能兼任
https://www.chinatimes.com/realtimenews/20190521004569-260410?chdtv

行動支付心得文吐血整理
https://tw.observer/p/231321501

行動支付殊死戰,Line Pay聲量獲得壓倒性的勝利
http://www.feverfo.com/archives/9184

聯邦快遞於台灣推出升級版QR Pay行動支付服務
http://www.ctimes.com.tw/DispNews/tw/FedEx/1905221626Z9.shtml

電票負責人可兼掌特約商店
https://money.udn.com/money/story/5613/3826709

回鄉證 10 月起可申請大陸電子支付、銀行賬戶 使用逾 30 項公共服務
https://unwire.hk/2019/05/17/china-permit-upgrade/life-tech/

染指電子支付 WhatsApp Pay未推出注定舉步維艱
http://bit.ly/2JAveNz

6匪專偷醉漢信用卡 綁電子支付平台盜款
http://bit.ly/2wgn442

OMNY試點計劃 將測試Google Pay
http://bit.ly/2JC6VPa

Apple Pay Used By Hackers To Steal From PrePaid Cards
http://bit.ly/2HDkHxA

4.虛擬貨幣/區塊鍊   新聞及資安
駭客暨蘋果創始人遭「時間差攻擊」,被騙走 7 枚比特幣
https://0nion.com/article/158043

美林銀行:BTC暴漲表明投資者對全球經濟衰退的擔憂正在加劇
http://news.knowing.asia/news/aeae0f53-b85a-4cf9-a0f5-3739986acd10

趙長鵬:本月初的駭客攻擊事件,讓我們因禍得福
https://life.tw/?app=view&no=935879

恐慌蔓延!比特幣上週五到底出了什麼事
http://news.knowing.asia/news/26fd4cec-5323-4913-a076-1cd41d60c2d8

Bitfinex 平台幣「LEO」將於 20 日下午 4 點開放五種主流交易對
https://news.cnyes.com/news/id/4323704

通過修複加密貨幣項目中​​的漏洞,白帽黑客在7週內賺超32000美元
https://www.tuoluocaijing.com.tw/kuaixun/detail-64905.html

欺騙電信公司易如反掌!駭客Daniel告訴你盜幣其實很簡單
http://news.knowing.asia/news/eb3a48ad-1e74-4a4a-98e8-9daa9722112c

TRON漏洞:通過耗盡內存和CPU來引發DoS
https://bcsec.org/index/detail/tag/2/id/566

虛擬貨幣3種情況 在台課稅
http://bit.ly/2VHriMC

比特幣ATM機現身北京須臾被撤 專家稱該行為已觸碰監管紅線
https://www.finet.hk/newscenter/news_content/5ce5e2edbde0b33646b9bed2

礦機愈多不代表賺得多 學者:加密貨幣與現實無掛勾
http://bit.ly/2HyKN6d

閃電網路:與比特幣掛鉤的新興交易方式
http://news.knowing.asia/news/bfaab2fa-7ba5-41b1-9ab4-4446fb96c44a

比特幣突破八千美元大關,六週內暴漲一倍!台灣如何成為「區塊鏈之島」,朱立倫將提出發展方向
http://bit.ly/2JyR6sv

大陸財經:香港金管局稱,央行數位貨幣在零售方面好處有限
http://bit.ly/2JY17Pj

以太坊智能合約Owner相關CVE漏洞分析
https://www.chainnode.com/post/328787

HitBTC要破產?錢包中只有300萬美元BTC和ETH
http://news.knowing.asia/news/34773bac-1a1b-4819-b371-cfc661bcb238

Facebook 敲定 2020 年推出自家加密貨幣「GlobalCoin」
https://news.cnyes.com/news/id/4326009

取經區塊鏈 張德熙搞數碼黃金終圓夢
https://hk.on.cc/hk/bkn/cnt/finance/20190514/bkn-20190514213836207-0514_00842_001.html

Fake cryptocurrency apps crop up on Google Play as bitcoin price rises
https://www.welivesecurity.com/2019/05/23/fake-cryptocurrency-apps-google-play-bitcoin/

Bestmixer Cryptocurrency Laundering Site Shuttered
https://www.bankinfosecurity.com/bestmixer-cryptocurrency-laundering-site-shuttered-a-12514

Bestmixer seized by police for washing $200 million in tainted cryptocurrency clean
https://www.zdnet.com/article/bestmixer-seized-by-eu-police-over-laundering-of-200-million-in-cryptocurrency/#ftag=RSSbaffb68

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / APT

德媒:華為設備「後門」沒找到 美國思科卻被發現有10個
https://www.ettoday.net/news/20190520/1448402.htm

華為遭荷蘭媒體爆料:有為電信商安裝後門
https://www.inside.com.tw/article/16416-dutch-authorities-investigating-alleged-huawei-backdoor

快修補!微軟SharePoint Server的執行任意程式碼漏洞,已遭惡意程式攻擊
http://bit.ly/2HtCAjq

荷蘭傳出在電信網路上發現華為暗藏後門
https://www.ithome.com.tw/news/130824

兩家美國資安公司號稱有「特殊技術」幫企業解決勒索軟體問題,被揭露其實是瞞著客戶代繳贖金
http://bit.ly/2VXVJD8

電腦突然變超慢?挖礦病毒數量暴增 400 倍,傳統防毒抓不到該如何自救
https://blog.trendmicro.com.tw/?p=60304

Dharma勒索病毒利用防毒工具掩飾惡意活動
https://blog.trendmicro.com.tw/?p=60657

Microsoft Exchange後門程式讓駭客取得前所未有的控制能力
https://blog.trendmicro.com.tw/?p=60650

網購商品搶的是比快! 搶購慢一步? 不是電腦慢而是駭客搞鬼
https://blog.trendmicro.com.tw/?p=60520

Attack Combines Phishing, Steganography, PowerShell to Deliver Malware
https://brica.de/alerts/alert/public/1260418/attack-combines-phishing-steganography-powershell-to-deliver-malware/

Cybercrime group that used malware to steal $100 million from online banking accounts shut down
https://www.digitalmunition.me/2019/05/cybercrime-group-that-used-malware-to-steal-100-million-from-online-banking-accounts-shut-down/

'GozNym' Banking Malware Gang Dismantled by International Law Enforcement
http://bit.ly/2EiZHvg

Law Enforcement Operation Dismantles GozNym Banking Malware
https://hackercombat.com/law-enforcement-operation-dismantles-goznym-banking-malware/

FBI and Europol Disrupt GozNym Malware Attack Network
https://www.bankinfosecurity.com/fbi-europol-disrupt-goznym-malware-attack-network-a-12493

GozNym Bank Malware Gang That Stole Millions Busted
https://www.threatshub.org/blog/goznym-bank-malware-gang-that-stole-millions-busted/

Gootkit banking Trojan via Fake UKPC parking penalty appeals
https://myonlinesecurity.co.uk/gootkit-banking-trojan-via-fake-ukpc-parking-penalty-appeals/

Dutch authorities investigating alleged Huawei 'backdoor'
http://bit.ly/2VRsim4

Winnti: More than just Windows and Gates
https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a

After 2 Years, WannaCry Remains a Threat
https://www.bankinfosecurity.eu/after-2-years-wannacry-remains-threat-a-12496

WhatsApp's Spyware Problem
https://www.bankinfosecurity.eu/interviews/whatsapps-spyware-problem-i-4329

Report: Bitcoin Targeted in 22% of Financial Malware Attacks
https://0nion.com/en/article/40068

Uncovering fake news bots
http://bit.ly/2VRTpgX

財經雜誌《富比士》訂閱網頁被加入惡意程式碼,盜取信用卡資料
https://technews.tw/2019/05/22/bank-card-slurping-malware-sneaks-into-forbes-mag-subscription-website/

Forbes 訂閱網頁被加入惡意代碼 盜取信用卡資料
https://unwire.pro/2019/05/21/malware-sneaks-into-forbes-mag-subscription-website/security/

Bank-card-slurping malware sneaks into Forbes' mag subscription website
https://www.theregister.co.uk/2019/05/16/forbes_magecart_infection/

Cybersecurity experts warn Baltimore to stop 'playing' with ransomware attacks
https://fxn.ws/2VOLvoy

Baltimore ransomware nightmare could last weeks more, with big consequences
https://arstechnica.com/information-technology/2019/05/baltimore-ransomware-nightmare-could-last-weeks-more-with-big-consequences/

Cybercrime: Groups Behind “Banload” Banking Malware Implement New Techniques
https://forum.anomali.com/t/cybercrime-groups-behind-banload-banking-malware-implement-new-techniques/3827

Top 10 Malware April 2019
https://www.cisecurity.org/blog/top-10-malware-april-2019/

W97M/Downloader Malware Dropper Served from Compromised Websites
https://blog.sucuri.net/2019/05/w97m-downloader-malware-dropper-served-from-compromised-websites.html

GOZNYM BANKING MALWARE: GANG BUSTED, BUT IS THAT THE END
https://www.sentinelone.com/blog/goznym-banking-malware-gang-busted/

Law Enforcement Operation Dismantles GozNym Banking Malware
https://hackercombat.com/law-enforcement-operation-dismantles-goznym-banking-malware/

Cybercriminal Gang behind $100million theft busted
https://www.ehackingnews.com/2019/05/cybercriminal-gang-behind-100million.html

Ohio school sends students home because of Trickbot malware infection
https://www.zdnet.com/article/ohio-school-sends-students-home-because-of-trickbot-malware-infection/#ftag=RSSbaffb68

MuddyWater APT Group Upgrades Tactics to Avoid Detection
https://www.bankinfosecurity.com/muddywater-apt-group-upgrades-tactics-to-avoid-detection-a-12504

Takedown Of “GozNym,, Banking Malware 2019
https://techsweed.com/goznim-banking-malware-takedown-2019/

Popular Video Editing Software Website Hacked to Spread Banking Trojan
https://pinicybersecurity.wordpress.com/2019/05/21/popular-video-editing-software-website-hacked-to-spread-banking-trojan/

Seqrite says it is detecting daily intrusions by banking malware Emotet – ETtech.com
http://qualitytechnews.com/seqrite-says-it-is-detecting-daily-intrusions-by-banking-malware-emotet-ettech-com/

EternalBlue reaching new heights since WannaCryptor outbreak
https://www.welivesecurity.com/2019/05/17/eternalblue-new-heights-wannacryptor/

One year later: The VPNFilter catastrophe that wasn't
https://blog.talosintelligence.com/2019/05/one-year-later-vpnfilter-catastrophe.html

B.行動安全 / iPhone / Android /穿戴裝置 /App
一指紋識別技術漏洞曝光:可跟蹤Android和iOS設備
https://news.sina.com.tw/article/20190523/31391240.html

研究人員找出建立Android及iOS裝置獨特指紋的方法
https://www.ithome.com.tw/news/130860

你的手機被監控了嗎?出現這5種狀況要小心
https://fnc.ebc.net.tw/FncNews/life/81000

iOS 描述檔刪除不了? 透過 macOS 或 Windows 一鍵移除所有惡意描述擋
https://mrmad.com.tw/ios-macos-apple-configurator

聊天應用程式 安全性知多少: 點對點加密
https://www.kocpc.com.tw/archives/259868

Telegram創辦人狠批WhatsApp永遠不安全
http://bit.ly/2EmlyCa

Google停止與華為合作 新機恐無法用gmail、Youtube
http://bit.ly/2HC40CK

谷歌.華為恐分手!"已上市"手機不受影響
https://www.ustv.com.tw/UstvMedia/news/103/20190521A064

跟上Google!彭博:英特爾、高通也切斷華為關鍵供應
https://ec.ltn.com.tw/article/breakingnews/2795953

谷歌終止合作 華為手機消費者恐求償無門
https://udn.com/news/story/7238/3823147

別再聽別人亂說了!Google 暫停華為 Android 授權的影響總解析
http://bit.ly/2VGiR47

Google 禁 HUAWEI 手機!?華為手機用家必知 6 大影響及自保方法
http://bit.ly/2YFD4sB

台50萬華為用戶 手動更新保資安
https://news.ltn.com.tw/news/focus/paper/1289967

華為:自有手機OS最快秋天問世,可相容於所有Android App
https://www.ithome.com.tw/news/130802

台積電停止供貨恐斷華為命脈 中國網民:收復台灣就搞定
http://bit.ly/2HHbvs4

趁火打劫「華為拋售潮」 !網友超低價徵求 P30 Pro 當相機
https://3c.ltn.com.tw/news/36844

中華電信宣布不再賣華為新機
http://bit.ly/2YG1HFB

被黑客利用攻擊 WhatsApp修復漏洞
https://hk.epochtimes.com/news/2019-05-23/35014133

華為 Android 禁令下,資安公司警告:非官方 Play Store 風險高
https://technews.tw/2019/05/23/security-concerns-of-huawei-ban/

華為自研系統堵Google 蘋果工程師曝「真相」:等於直接放棄市場
https://www.ettoday.net/news/20190524/1449816.htm

機場車站免費 USB 插座別亂用,手機充電也有可能遭駭客入侵竊資
https://www.eprice.com.tw/mobile/talk/102/5333611/1/

今年首部中高階手機有譜?HTC新機低調通過NCC認證
http://bit.ly/30GchhB

騷擾電話管控不力 中國電信被約談
http://bit.ly/2Ex7ghX

Google Restricts Huawei's Access to Android
https://www.bankinfosecurity.asia/google-restricts-huaweis-access-to-android-a-12498

US Tech Giants Google, Intel, Qualcomm, Broadcom Break Up With Huawei
http://bit.ly/2YzN1b4

US grants temporary license for Huawei to support products
https://zd.net/2JxlPWM

Google Is Cutting Huawei's Android Access: Here's What It Means
http://bit.ly/2WWePWu

Huawei’s phone business would be decimated without Google’s Android
http://bit.ly/2VRd7cN

Paranoia will destroy us: Why Huawei and other Chinese tech is not spying on Americans
https://zd.net/2EoymaZ

US Tech Giants Google, Intel, Qualcomm, Broadcom Break Up With Huawei
http://bit.ly/2EjOvyg

Google pulls Huawei's Android support following Trump blacklist, claims report
https://www.zdnet.com/article/google-pulls-huaweis-android-support-following-trump-blacklist-claims-report/#ftag=RSSbaffb68

Huawei makes smartphone comeback in Brazil
https://www.zdnet.com/article/huawei-makes-smartphone-comeback-in-brazil/#ftag=RSSbaffb68

Apple lied to me about the MacBook Air and now we have a problem
https://www.zdnet.com/article/apple-lied-to-me-about-the-macbook-air-and-now-we-have-a-problem/#ftag=RSSbaffb68

iOS App Dev and Challenge 2019
http://bit.ly/2JYzQfT

Japan telcos pull back sale of new Huawei smartphones
https://www.zdnet.com/article/japan-telcos-pull-back-sale-of-new-huawei-smartphones/#ftag=RSSbaffb68

Android and iOS devices impacted by new sensor calibration attack
https://www.zdnet.com/article/android-and-ios-devices-impacted-by-new-sensor-calibration-attack/#ftag=RSSbaffb68

Tor Browser for Android — First Official App Released On Play Store
http://bit.ly/2HygIDx

Apple needs to make it easier to update older iPhones
https://www.zdnet.com/article/apple-needs-to-make-it-easier-to-update-older-iphones/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
Google 2FA 驗證工具出錯 登入帳戶要離人 9 米
http://bit.ly/2JvVrwH

使用了「密碼管理員」,就可以百分之百放心嗎
https://www.thenewslens.com/feature/timefortune/118527

瀏覽器隔離技術 虛擬空間無顧慮上網開電郵附件
http://bit.ly/2X71B9C

善用開源軟體增加IT韌性
https://www.ithome.com.tw/tech/130492

從駭客歷史預測未來可能的攻擊
https://blog.trendmicro.com.tw/?p=60156

資安新創交流 專家齊聚
http://bit.ly/2JvHejo

沒有資安沒有真相
http://www.taiwantimes.com.tw/ncon.php?num=34830page=ncon.php

Google:帳號中新增備援電話號碼可有效預防遭駭客挾持
https://www.ithome.com.tw/news/130729

研究人員測試電子郵件挾持駭客服務,1/3是空號,部分是詐騙
https://www.ithome.com.tw/news/130849

國際警方聯手破獲全球第二大暗網市集
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16244

ProPublica:不良業者宣稱握有勒索軟體解密技術,私下卻以贖金向駭客換回檔案
https://www.ithome.com.tw/news/130798

資安專家︰全球共建網路安全 AI有利也有弊
https://ec.ltn.com.tw/article/paper/1290157

強化資安 防範國家級駭客網攻
https://www.ydn.com.tw/News/336959

IBM X-Force:自2015年以來 駭客攻擊已下降95%
http://big5.pconline.com.cn/b5/news.pconline.com.cn/1259/12592297.html

駭客威脅防不勝防 我們需要維持高度資安意識
https://news.tvbs.com.tw/politics/1134566

外國網絡攻擊者將在歐盟面臨制裁
https://on.wsj.com/2YJTv7t

川普高爾夫球成績遭駭 四場比賽被改成超慘桿數
http://bit.ly/2JNpK1f

掌握暗網流傳的企業機密與個資,Network Box提供查詢服務
https://www.ithome.com.tw/review/130592

歐盟通過新的網路攻擊制裁,將凍結駭客資產並禁止入境歐盟
https://www.ithome.com.tw/news/130728

大疆或成下個華為?美國國土安全部:中國無人機正大量竊取資料
https://www.inside.com.tw/article/16443-dhs-alert-china-drones-dji-huawei

美國對中國無人機發警告 大疆:獲美政府驗證
https://www.cna.com.tw/news/aopl/201905210091.aspx

滿洲獨立運動參與者被中國國安部門逮捕
http://bit.ly/2Hs8z3u

習近平訪俄前夕 俄資安公司控中國駭客盜竊機密
https://m.ltn.com.tw/news/world/breakingnews/2794474

防止被駭 中共全面替換解放軍的Windows電腦軟體系統
https://www.cmmedia.com.tw/home/articles/15634

被美國列入貿易黑名單 新華社:打壓中國企業不光彩
http://bit.ly/2Jupepz

美中網路戰延燒 議員促查中國中車進軍紐約地鐵
https://newtalk.tw/news/view/2019-05-20/248758

跟進封殺? 微軟商城下架華為筆電引發疑慮
https://udn.com/news/story/120490/3827593?from=udn-catebreaknews_ch2

選邊站!怨美國封殺 黃智賢:我以後都買華為手機
https://news.ltn.com.tw/news/politics/breakingnews/2799924

找華為建置5G 英前情報處長公開反對
https://ec.ltn.com.tw/article/paper/1289476

華為手機很可怕?以色列駭客:從掃地機器人到iPhone,都會被駭
http://bit.ly/30AlPuK

駁國安疑慮!華爾街日報:華為是資產非威脅
https://www.chinatimes.com/realtimenews/20190522000026-260408?chdtv

美國呼籲南韓、LG禁用華為
https://www.chinatimes.com/realtimenews/20190523001455-260410?chdtv

斬草要除根!美提220億預算 助廠商替換華為設備
https://ec.ltn.com.tw/article/breakingnews/2799347

德媒:不要盲從美國限制華為 思科更不「安全」
http://bit.ly/2Qbn3Ys

在中國茁壯、如今被視為「美國公司」的聯想,否認停止供貨給華為,進退兩難
https://chinaqna.com/a/81816?fbclid=IwAR1JiTSmT7apfhbwhN_V5C8ocxRwMEzU6kET30gfDkoeKf23Hgpk4PmyDco

基於資安考量,已有 2 家日本太陽能廠停用華為逆變器
https://technews.tw/2019/05/20/some-japan-solar-farm-reject-huawei-inverters/

中共全球戰略性網攻 國際級資安加速器看好台灣
http://bit.ly/2w8hnoH

科技戰是中國的死穴
https://talk.ltn.com.tw/article/paper/1289854

解放軍守護的華為帝國,正以「技術民族主義」威脅全球
https://www.thenewslens.com/article/119475

自爽?中國稱「華為這功能嚇死美國」 網:為何不禁望遠鏡
https://www.setn.com/News.aspx?NewsID=544606

華為之後再傳川普將向5間中國公司開刀,包括在烏魯木齊有3萬支監視器的「海康威視」
https://www.thenewslens.com/article/119538

防範資安威脅 美國擬封鎖中國監視器「海康威視」
https://news.pchome.com.tw/living/ftv/20190522/photo-15585179815478319009.html

美國有智庫發現北韓透過海外餐館經營電腦軟件生意
http://www.metroradio.com.hk/news/live.aspx?NewsId=20190519171412

冷麵與泡菜背後…北韓餐廳涉販售高科技軟體 金正恩躲過制裁
https://www.ettoday.net/news/20190519/1447827.htm

5/20~24荷蘭資安新創團訪台,歡迎了解海牙資安三角洲資源
https://www.acw.org.tw/News/Detail.aspx?id=72

台灣/英國/香港 國際資安創投與加速器交流論壇
http://bit.ly/2VDQW4x

印度監督飆風戰機採購辦公室 傳遭人試圖闖入 目前尚不清楚是否涉及間諜活動
https://news.sina.com.tw/article/20190522/31387564.html

中國可用開源躲過貿易戰技術限制?美商或美方技術均要配合美國出口法規
http://bit.ly/2WZEiyB

漢和:解放軍全面替換Windows作業系統 防電腦漏洞與病毒
https://www.ettoday.net/news/20190524/1451800.htm

陸工信部:2015年後大陸網速提升六倍 網費下降九成
https://udn.com/news/story/7333/3827681

London Underground to begin tracking passengers through Wi-Fi hotspots
https://www.zdnet.com/article/london-underground-to-begin-tracking-passengers-through-wi-fi-hotspots/#ftag=RSSbaffb68

New FAA rules for recreational drone flyers introduce temporary no-fly zones and a training requirement
https://zd.net/2W1lRgB

Lack of Secure Coding Called a National Security Threat
https://www.bankinfosecurity.asia/interviews/lack-secure-coding-called-national-security-threat-i-4332

Google research: Most hacker-for-hire services are frauds
https://www.zdnet.com/article/google-research-most-hacker-for-hire-services-are-frauds/#ftag=RSSbaffb68

Over half of all reported vulnerabilities in Q1 2019 have a remote attack vector
http://bit.ly/2X1BHnS

CEO told to hand back 757,000 fraudulently obtained IP addresses
http://bit.ly/2JyKhHs

OSINT Recon Great? — Unique Usernames Are Better Than Unique Passwords
http://bit.ly/2WSEboo

Trump Signs Executive Order That Could Ban Huawei
https://www.bankinfosecurity.com/trump-signs-executive-order-that-could-ban-huawei-a-12488

Cybersecurity's Week From Hell
https://www.bankinfosecurity.com/blogs/cybersecuritys-week-from-hell-p-2746

Yes, there are security ramifications to serverless computing
https://www.zdnet.com/article/the-security-ramifications-of-serverless-computing/#ftag=RSSbaffb68

At least 186 EU ISPs use deep-packet inspection to shape traffic, break net neutrality
https://www.zdnet.com/article/186-eu-isps-use-deep-packet-inspection-to-shape-traffic-break-net-neutrality/#ftag=RSSbaffb68

Teamviewer 2016年曾遭中國駭客入侵,但廠商閉口不提
https://ithome.com.tw/news/130782

Report Reveals TeamViewer Was Breached By Chinese Hackers In 2016
http://bit.ly/2we3qFY

Chinese cyberspies breached TeamViewer in 2016
https://www.zdnet.com/article/chinese-cyberspies-breached-teamviewer-in-2016/#ftag=RSSbaffb68

Singapore targets lawyers in digital transformation drive
https://www.zdnet.com/article/singapore-targets-lawyers-in-digital-transformation-drive/#ftag=RSSbaffb68

Hacktivist attacks dropped by 95% since 2015
https://www.zdnet.com/article/hacktivist-attacks-dropped-by-95-since-2015/#ftag=RSSbaffb68

Sharing Threat Intelligence: Time for an Overhaul
http://bit.ly/2VzdZOd

Chess legend Garry Kasparov warns of a ‘cyber Cold War,’ says Western ‘political will’ needed
https://cnb.cx/30A3j5p

PowerHub: bypassing endpoint protection and application whitelisting
https://securityonline.info/powerhub/

Will the U.S. government draft cybersecurity professionals
http://bit.ly/2JPQ4HQ

Tech trade war: After Huawei, which Chinese firms are next on US enemies list
https://www.zdnet.com/article/tech-trade-war-after-huawei-which-chinese-firms-are-next-on-us-enemies-list/#ftag=RSSbaffb68

Cyber Security NSW to boost state capabilities
https://zd.net/2w8KIPY

Wie Hacker aus Fernost Teamviewer ausspionierten
http://bit.ly/30B8Tor

Hackers turn tables on account hijackers by stealing forum data
https://engt.co/2JraCXO

Companies investing in advanced forensic capabilities to identify attackers in greater detail
http://bit.ly/2JRu4MY

White Hat Hackers Earn $32,000 for Finding Crypto Security Exploits in Last Two Months
http://bit.ly/2LZnGG1

Account Hijacking Forum OGusers Hacked
https://krebsonsecurity.com/2019/05/account-hijacking-forum-ogusers-hacked/

Root account misconfigurations found in 20% of top 1,000 Docker containers
https://www.zdnet.com/article/root-account-misconfigurations-found-in-20-of-top-1000-docker-containers/#ftag=RSSbaffb68

First official version of Tor Browser for Android released on the Play Store
https://www.zdnet.com/article/first-official-version-of-tor-browser-for-android-released-on-the-play-store/#ftag=RSSbaffb68

DNS Flag Day 2020: DNS servers must support both UDP and TCP queries
https://www.zdnet.com/article/dns-flag-day-2020-dns-servers-must-support-both-udp-and-tcp-queries/#ftag=RSSbaffb68

A Cybersecurity Guide for Digital Nomads
https://www.webroot.com/blog/2019/05/21/a-cybersecurity-guide-for-digital-nomads/

UK says it warned 16 NATO allies of Russian hacking activities
https://www.zdnet.com/article/uk-says-it-warned-16-nato-allies-of-russian-hacking-activities/#ftag=RSSbaffb68

Career Opportunities: Security Researcher (Red Team) (9595)
https://career10.successfactors.com/sfcareer/jobreqcareer?jobId=9595&company=trendmicro&username=

Sr. Security Engineer
https://www.cakeresume.com/companies/morgan-philips-7d9513/jobs/sr-security-engineer-1b65fc

資訊部資安課-資安工程師
https://www.104.com.tw/job/?jobno=6m8u3

資安管理人員
https://www.imc.com.tw/job/viewJob/IMC404863F65

國網中心/應用開發服務組-資安/佐理工程師/1人
https://www.104.com.tw/job/?jobno=6m9ls

中研院資訊處/資安工程師
https://moptt.tw/p/Tech_Job.M.1558324162.A.68C

網頁資安工程師 Web Security Engineer
https://www.cakeresume.com/companies/unnotech/jobs/web-security-engineer

資安管理師
https://www.104.com.tw/job/?jobno=6m54y

系統維​​護工程師
http://cug.91wllm.com/job/view/id/1034107

S006-網路資安工程師(台中)
https://www.104.com.tw/job/?jobno=6mc9k

資安工程師
https://www.104.com.tw/job/?jobno=6meax

資訊安全管理師
https://www.104.com.tw/job/?jobno=6mej8

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
被追蹤了還難以刪除!外媒爆 Gmail 默默記下用戶的購物紀錄
https://3c.ltn.com.tw/news/36804

盜竊及詐騙集團利用事主未關閉手機信息彈出功能 獲得信用卡驗證碼
https://topick.hket.com/article/2350868

人肉搜索,有中國特色的doxxing
https://cn.nytimes.com/culture/20190520/wod-doxxing/zh-hant/

微軟、PayPal和Netflix是2019年第一季最常被盜用進行網路釣魚攻擊的品牌
https://blog.trendmicro.com.tw/?p=60647

超過 21,000 台 Linksys 路由器外洩連接歷史記錄
https://chinese.engadget.com/2019/05/19/linksys-routers-leak-device-connection-histories/

Bad Packets:逾2萬臺Linksys路由器外洩連結歷史紀錄
https://www.ithome.com.tw/news/130766

個資疑慮!驚爆4900多萬筆未加密Instagram帳戶被看光
http://bit.ly/2Wg8yb8

Instagram 用戶個資外洩,原來是原始碼惹得禍
https://technews.tw/2019/05/23/instagram-account-data-leaked-due-to-source-code-problem/

買賣盜用帳號討論區 自洩十萬會員資料
http://bit.ly/2VDcMFE

有夠血汗 詐欺集團全年只休「這幾天」
https://news.ltn.com.tw/news/society/breakingnews/2799038

FBI:冒充中使館詐騙 致四千萬美元損失
http://www.epochtimes.com/b5/19/5/20/n11267749.htm

應聘不看工作待遇 飯店一服務員克隆顧客信用卡盜刷套現
http://dailynews.sina.com/bg/international/chinanews/2019-05-20/doc-ifzikfzn1705256.shtml

假冒公安誘陸民眾匯款 台詐騙集團8疑犯落網
https://hk.on.cc/hk/bkn/cnt/cnnews/20190518/bkn-20190518101250715-0518_00952_001.html

詐團南漂高雄 假冒公安騙卡費
https://www.chinatimes.com/newspapers/20190518000651-260107?chdtv

中國製串流影音下載軟體 VidMate 被發現暗藏廣告詐騙
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=855

Mobile Chrome, Safari, and Firefox failed to show phishing warnings for more than a year
https://www.zdnet.com/article/mobile-chrome-safari-and-firefox-failed-to-show-phishing-warnings-for-more-than-a-year/#ftag=RSSbaffb68

TalkTalk data breach customer details found online
https://www.bbc.com/news/business-48351900

TalkTalk customer bank details found through Google search
https://www.zdnet.com/article/talktalk-customer-financial-details-found-through-google-search/#ftag=RSSbaffb68

Google Stored G Suite Users' Passwords in Plain-Text for 14 Years
http://bit.ly/2M35MlC

Singapore updates guidelines on data breach notification, accountability
https://www.zdnet.com/article/singapore-updates-guidelines-on-data-breach-notification-accountability/#ftag=RSSbaffb68

US telcos say they stopped selling user location data, with a few exceptions
https://www.zdnet.com/article/us-telcos-say-they-stopped-selling-user-location-data-with-a-few-exceptions/#ftag=RSSbaffb68

Over 25,000 Linksys Smart Wi-Fi routers vulnerable to sensitive information disclosure flaw
https://badpackets.net/over-25000-linksys-smart-wi-fi-routers-vulnerable-to-sensitive-information-disclosure-flaw/

Company behind LeakedSource pleads guilty in Canada
https://www.zdnet.com/article/company-behind-leakedsource-pleads-guilty-in-canada/#ftag=RSSbaffb68

Hackers Breach Stack Overflow Q&A Site, Some Users' Data Exposed
http://bit.ly/2Hr6cOk

Stack Overflow says hackers breached production systems
https://www.zdnet.com/article/stack-overflow-says-hackers-breached-production-systems/#ftag=RSSbaffb68

Stack Overflow hacker went undetected for a week
https://www.zdnet.com/article/stack-overflow-hacker-went-undetected-for-a-week/#ftag=RSSbaffb68

The growing legal and regulatory implications of collecting biometric data
https://www.zdnet.com/article/the-growing-legal-and-regulatory-implications-of-collecting-biometric-data/#ftag=RSSbaffb68

Watch what you install: Fraudulent ads in apps increase 159% year on year
https://www.zdnet.com/article/watch-what-you-install-fraudulent-apps-increase-159-percent-year-on-year/#ftag=RSSbaffb68

Privacy concerns raised about upcoming Client-Hints web standard
https://www.zdnet.com/article/privacy-concerns-raised-about-upcoming-client-hints-web-standard/#ftag=RSSbaffb68

GDPR: Europe Counts 65,000 Data Breach Notifications So Far
https://www.bankinfosecurity.com/gdpr-europe-counts-65000-data-breach-notifications-so-far-a-12489

Phishing targeting SaaS and webmail services increased to 36% of all phishing attacks
http://bit.ly/2Jvk7oT

YOUR ISP KNOWS EVERYTHING ABOUT YOU. HERE’S HOW TO SECURE YOUR PRIVACY IN 2019
https://digital.com/blog/isp-tracking/?fbclid=IwAR0XJFTY4vuX-QpM24OKJfGTFSqq3u-OJmJlZQwA8xFTl9mm2GUqLCb4wZU

DHS Reportedly Warns of Chinese-Made Drones Stealing Data
https://www.bankinfosecurity.com/dhs-reportedly-warns-chinese-made-drones-stealing-data-a-12502

E.研究報告
CVE-2015-0057内核漏洞分析及利用
https://xz.aliyun.com/t/4549

CVE-2019-0708,又一個“WannaCry”級漏洞?優衣庫遭到黑客攻擊
https://www.chainnews.com/articles/497633745111.htm

CVE-2017-7269 IIS6.0遠端程式碼執行漏洞復現
https://www.itread01.com/content/1558299663.html

內核漏洞挖掘技術系列(4)——syzkaller(3)
https://xz.aliyun.com/t/5154

一個曾經的Zabbix SQL注入漏洞分析
https://zhuanlan.zhihu.com/p/66248991

Mesh無線技術是甚麼 如何輕鬆解決網路訊號問題看這篇
https://www.nownews.com/news/20190521/3391650/

實戰介紹Windows下的PC客戶端常見漏洞挖掘
https://www.freebuf.com/vuls/203227.html

SQL Server 使用 FIRST_VALUE 及 LAST_VALUE 來取得第一筆資料列及最後一筆資料列的資料
https://dotblogs.com.tw/supershowwei/2019/05/20/155113?fbclid=IwAR0JY5piCZ0OPo5QgHCJ2jzE4s7cHY7ciop-vTKKF4rTwOKSfDZtvThuWCk

利用CVE-2018-1000861漏洞來傳播Kerberods挖礦機
https://www.4hou.com/vulnerable/17964.html

Ubiquiti AmpliFi Gamer’s Edition 評測:Mesh WiFi 低延遲網路優化
http://bit.ly/2JvO9sU

CVE-2015-1635-HTTP.SYS遠程執行代碼漏洞復現
http://copyfuture.com/blogs-details/73a4beb63902c3a6a9904b140bba98f8

APP漏洞利用組合拳——應用克隆案例分析
http://copyfuture.com/blogs-details/d10018d675b6aa2532657019cce82d4f

CVE-2019-0708漏洞利用工具
https://www.agesec.com/1864.html

How to Upgrade Your XSS Bug from Medium to Critical
https://medium.com/@hakluke/upgrade-xss-from-medium-to-critical-cb96597b6cc4

Passwords Are Dead, Long Live The Password
https://medium.com/@PrescientSecurity/passwords-are-dead-long-live-the-password-683a6099244f

Hacking around with JavaScript and Shortcuts in iOS 12
https://medium.com/@chrishutchinson/hacking-around-with-javascript-and-shortcuts-in-ios-12-95f8d7190777

Russia Clearly Knew Assad’s Latest Chemical Attack in Syria Was Coming
https://medium.com/s/story/russia-clearly-knew-assads-latest-chemical-attack-in-syria-was-coming-a0f6c670c694

ThreatHunting v1.3 releases: A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
https://securityonline.info/threathunting/?fbclid=IwAR25-yUy9WLQQZVvPf3Bq5L2FaBhgiSV1x8QO2ei-nyQH94JGBWbxqvf0X4

Mapping Iran’s Rana Institute to MITRE Pre-ATT&CK™ and ATT&CK™
http://bit.ly/30x5hDA

Cisco Prime基礎設施未授權遠程代碼執行漏洞分析
https://www.anquanke.com/post/id/178700

CVE-2019-0708: Windows RDP遠程漏洞無損檢測工具下載
https://cert.360.cn/warning/detail?id=1caed77a5620fc7da993fea91c237ed5

深入分析Windows系統DHCP漏洞(CVE-2019-0726)
https://www.anquanke.com/post/id/178687

Weblogic-SSRF漏洞復現
https://www.itread01.com/content/1558542304.html

CVE-2019-0708RDP漏洞PoC
https://bbs.pediy.com/thread-251487.htm

WD MyCloud NAS命令執行漏洞
https://nosec.org/home/detail/2664.html

RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability CVE-2019-0708
http://bit.ly/2VXVp7p

5 Cybersecurity Tools Every Business Needs to Know
http://bit.ly/2VLLmxl

F.商業
趨勢科技推出業界最全面的雲端及容器工作負載防護
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000559857_72698MWV4XNNCI81FCQX7

採用託管式偵測及回應服務,從資安自動化受惠
https://blog.trendmicro.com.tw/?p=60535

D-Link & McAfee 各司其職 內置資安防護的WiFi Mesh路由器新品體
https://apk.tw/thread-908965-1-1.html

D-Link & McAfee 各司其職 內置資安防護的WiFi Mesh路由器新品體驗會 活動心得分享
https://www.xfastest.com/forum.php?mod=viewthread&tid=228984&cp=4

零壹科技宣布建構企業IT夥伴平台生態圈
https://news.sina.com.tw/article/20190521/31374356.html

零壹自辦「解決方案日大會」 致力轉型解決方案供應商
https://udn.com/news/story/7240/3826975

5G應用面向多元 TUV NORD提供客製化解決方案
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&id=0000559962_9HJ8SH0U7E5OSU1CUJB0S

加速雲端開發並提升服務品質,資策會揭露第三方驗測經驗
https://www.ithome.com.tw/news/130821

開源軟體的商業模式分析(三):開源不等於免費
https://meet.bnext.com.tw/articles/view/44932

網站鎖頭還不夠! 芬-安全給您網站安全和隱私身份的5種方法
https://news.sina.com.tw/article/20190523/31393064.html

採用託管式偵測及回應服務,從資安自動化受惠
https://blog.trendmicro.com.tw/?p=60535

Apple admits it's changing its MacBook keyboard again (oh, great)
https://www.zdnet.com/article/apple-admits-its-changing-its-macbook-keyboard-again-oh-great/#ftag=RSSbaffb68

Apple offers free keyboard replacement program for MacBook, MacBook Pro, refreshes MacBook Pro lineup
https://zd.net/2YGoPnq

Google changes how the Escape key is handled in Chrome to fight popup ads
https://zd.net/2QcKOzr

Core Elastic Stack Security Features Now Available For Free Users As Well
http://bit.ly/2HwfHft

Citrix deepens cloud integrations with Google, Microsoft
https://www.zdnet.com/article/citrix-deepens-cloud-integrations-with-google-microsoft/#ftag=RSSbaffb68

Siemens, Alphabet's Chronicle forge cybersecurity partnership
https://www.zdnet.com/article/siemens-alphabets-chronicle-forge-cybersecurity-partnership/#ftag=RSSbaffb68

VMware talks up multi-cloud era, need to transform security
https://www.zdnet.com/article/vmware-talks-up-multi-cloud-era-need-to-transform-security/#ftag=RSSbaffb68

G.政府
曾參與海軍蒐集資料 海釣船蘭嶼走私安毒
https://www.cna.com.tw/news/asoc/201905180180.aspx

衛福部大刀闊斧推醫療資安聯防,更要用資料治理打AI基礎
https://www.ithome.com.tw/people/130644

21日赴政院 工商協進會建言 首重穩能源
https://www.chinatimes.com/newspapers/20190519000207-260202?chdtv

國家資安疑慮 蔡政府禁用中興通訊產品
https://m.ltn.com.tw/news/politics/breakingnews/2794306

捍衛資通安全「中興」也禁? 政院:7月底公布清單
https://tw.news.appledaily.com/new/realtime/20190518/1568976/

金融研訓院 11月19日辦理資安治理講堂(第4期)
https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=369954

中國騰訊WeTV變身登台 財長:該課的稅跑不掉
https://www.rti.org.tw/news/view/id/2021285

資通電軍拜會調查處 建立穩固保防安全網
http://bit.ly/2JtXeCh

工研院:台灣是網攻熱點,造就資安人才經實戰演練素質高
https://technews.tw/2019/05/20/irti-taiwan-is-small-but-a-hotspot-cyber-attack-taiwan-have-good-quality-of-security-talants/

防止中共滲透台灣媒體 時代力量提修法三部曲
http://bit.ly/2M2afFj

破冰!睽違3年半 兩岸證券監理將啟動交流
https://ec.ltn.com.tw/article/breakingnews/2796193

證基會開辦 「證券期貨機構法人實務操作進階研習課程」 報名截止日7月5日
https://ctee.com.tw/industrynews/93594.html

臺灣司法證據保全引進區塊鏈技術
https://www.ithome.com.tw/news/130738

防堵資安疑慮廠商 採購法有明確規範
http://bit.ly/2HwptOB

EP.23 調查局內的區塊鏈高手 ─ 專訪資安鑑識實驗室周士楨調查官
https://apple.co/2WqE8mV

金管會參考國際 STO門檻沒下調
https://www.chinatimes.com/realtimenews/20190519001550-260410?chdtv

STO監理規範出爐 國際資金關注3,000萬元門檻
https://money.udn.com/money/story/5617/3826220

金管會將密切觀察銀行線上授信業務 普匯導入AI審核快速又安全
http://bit.ly/2HxEDTP

利用LINE傳個資 金管會列金檢
https://eteacher.edu.tw/ReadNews_m.aspx?id=3908

金管會要修法導正 高儲蓄型保單掰了
https://ec.ltn.com.tw/article/paper/1290682

業務員勸誘保戶貸款買投資型保單 金管會將重罰「最高罰1200萬」
https://www.ettoday.net/news/20190522/1450582.htm

高雄打造智慧城市 明年設科技資訊局
https://news.ltn.com.tw/news/local/paper/1289208

防堵資安疑慮廠商 工程會:採購法有規範
http://www.epochtimes.com/b5/19/5/22/n11272796.htm

海康威視等監視設備 經長:台電、中油已移除
http://bit.ly/2QgZBJi

從公務員開始培養資安意識 建立安全可靠資訊系統
https://tyenews.com/2019/05/17188/

華為供應鏈小心了 經長:手機網通生態將重整
http://bit.ly/2HwVyG2

2019年RSA資訊安全大會暨展覽會 出國報告
https://report.nat.gov.tw/ReportFront/ReportDetail/detail?sysId=C10800555

H.SCADA/ICS/工控系統
siemens -- logo!8_bm_firmware   
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10919

siemens -- simatic_pcs_7   
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10916
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10918
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10922

I.教育訓練

衝上 GitHub 熱門第四名!Python 機器學習最強教學資源,新手工程師快存起來
http://bit.ly/2WRiepO

Practice with Ghidra
https://medium.com/@nowayout/practice-with-ghidra-c23fba84db66

Learn how to deploy a Honeypot and visualise its data step by step
https://medium.com/@galolbardes/learn-how-to-deploy-a-honeypot-and-visualise-its-data-step-by-step-ea3cd3f25822

Hacking and Cyber Security Certification Training Bundle 2019 (10 Courses)
http://bit.ly/2JxXIY5

How to Protect Your Business and Yourself from Formjacking
https://teresarothaar.com/how-to-protect-your-business-and-yourself-from-formjacking-bd166c41fe88

How to Set Up a Secure Phone
https://medium.com/@TheTechTutor/how-to-set-up-a-secure-phone-c8f3ad090871

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
資安標章技術診斷及輔導專家團隊
https://www.taics.org.tw/index.php/news/show/id/0b805e27ce7e1037b756acd21801bba8

當「車聯網」遇上「黑客」,安全難題怎麼破
https://news.sina.com.tw/article/20190518/31338210.html

眾「智」凌雲,台灣AI計算雲TWCC開始試營運
https://www.techbang.com/posts/70184-zhi-lingyun-taiwan-ai-computing-cloud-twcc-began-trial-operation

科技戰掀資安恐慌 台廠人臉辨識有競爭力
http://bit.ly/2JtjRXB

製造業所面臨的資安管理挑戰及趨勢
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=12&aid=8729

Internet of Things — Leap towards a hyper-connected world
https://medium.com/@swati.siddhartha/internet-of-things-leap-towards-a-hyper-connected-world-6b6a90960a06

Report slams police for using "garbage" data with facial recognition tools
https://www.zdnet.com/article/report-slams-police-for-using-garbage-data-with-facial-recognition-tools/#ftag=RSSbaffb68

Congress: "It's time for a time out" on facial recognition
https://www.zdnet.com/article/congress-its-time-for-a-time-out-on-facial-recognition/#ftag=RSSbaffb68

6.近期資安活動及研討會
 The Dungeons of Hackers [email protected] 2019 - 駭客的地下工作坊@花蓮  5/24
 https://tdohackerparty.kktix.cc/events/4908125d?fbclid=IwAR39uCZNCuuzlOZGz0NhIhqfahs5D4GjaLWXpbbsda6xah3_CIU-3MGl2Ac

 硬體資安研討會  108年5月24日
 https://eenctu.nctu.edu.tw/tw/news/p1.php?num=273

 學生資安新手村 相關活動整理 台灣大學場 5/24 (五) 19:00 - 21:00
 https://forms.gle/EySe1PkyW2ZRyLyQA

 2019年首場資安社群論壇 - 駭客過招,實戰分享   5/25
 https://forms.gle/965PMChQD82qYAmM7

 Docker Birthday #5 - Taipei  5/25
 https://www.meetup.com/Docker-Taipei/events/248974949/

 [K8S學程] Kubernetes 容器遷移實戰 5/25
 https://broadmission.kktix.cc/events/migration?fbclid=IwAR3HE5E_DgL4qe8wv1j12QvEhO9_i9qj7e7mWF6Z5I_m6itcVwTJV-7jl30

 今年首場資安社群論壇 - 駭客過招,實戰分享 5/25(六)
 https://www.digicentre.com.tw/news_detail.php?id=56&fbclid=IwAR1Qsa6ehY00EJk4tGPfxZ1HqvrcX2eVNZ2Htets23i_qiKZCCI9-H1plZw

 學生資安新手村 相關活動整理 逢甲大學黑客社場  5/25(六)13:00-16:00
 https://hackersir.kktix.cc/events/fcu190525

 《我們與資安的距離》給高中生的一堂資安課-用Python進行資安解題  5/26
 http://gg.gg/dueuq

 OWASP TechDay Taiwan 2019  2019/05/28
 https://csa.kktix.cc/events/owasp0528

 「智慧資安主題論壇-智慧製造」論壇(5/29)
 http://www.twiota.org/eventDetails.aspx?id=c0ce0559-496a-4d32-b481-14221f75d791

 HackingThursday 固定聚會 5/30
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbnc/

 學生資安新手村 相關活動整理 台灣大學場 5/31 (五) 19:00 - 21:00
 https://forms.gle/EySe1PkyW2ZRyLyQA

 學生資安新手村 相關活動整理  高雄科技大學場  05/31(五) 18:30~21:30
 https://nkust-itc.kktix.cc/events/security-beginner-speech

 學生資安新手村 相關活動整理  淡江大學場  工作坊  6/1(六) 10:00 - 16:00
 https://forms.gle/aBgGfLUYcvJh7hzk9

 學生資安新手村 相關活動整理  高雄科技大學場 06/02(日) 08:30~18:00
 https://nkust-itc.kktix.cc/events/security-beginner-workshop

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 軟體安全性測試實務 6/3 ~ 6/4
 https://www.accupass.com/event/1904230701335964656400

 HackingThursday 固定聚會 6/6
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbjb/

 國家高速網路與計算中心教育訓練-源碼檢測實作 6/13
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3828&from_course_list_url=homepage

 HackingThursday 固定聚會  6/13
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbrb/

 React Hooks 實戰會議室 ─ 前端工程師的潮流技能不私藏  6/14
 https://www.facebook.com/events/447646755985628/

 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039

 The Artificial Intelligence Conference  6/18
 https://www.facebook.com/events/278255853036175/?event_time_id=360038254857934

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 HackingThursday 固定聚會 6/20
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbbc/

 國家高速網路與計算中心教育訓練-資安健診  6/20
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3832&from_course_list_url=homepage

 Edvance Beacon 2019  6/21
 https://docs.google.com/forms/d/e/1FAIpQLSe70uw8Pi862IkL_rQXDJhzd7QnGXiuhcWwttOEN2BZwUbyMw/viewform

 HackingThursday 固定聚會 6/27
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/

 HackingThursday 固定聚會 7/4
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/

 2019國際資訊安全組織台灣高峰會  7/9 ~ 7/11
 https://csa.kktix.cc/events/2019con

 工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
 https://www.accupass.com/event/1904080311551119077841

 HackingThursday 固定聚會 7/11
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/

 HackingThursday 固定聚會 7/18
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/

 HackingThursday 固定聚會 7/25
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/

 DEF CON 27  2019/8/8–8/11
 https://www.defcon.org/

 WEB應用滲透測試 8/21 ~ 8/23
 https://www.accupass.com/event/1904080221358963463590

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 108年資安職能訓練-行動裝置安全(8/29-8/30)
 https://cee.ksu.edu.tw/recruitinfo/1443.html

 TANET 2019 - 臺灣網際網路研討會  9/25
 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310

 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/?fbclid=IwAR2gU17bz0Y7TH8THIIskIX1vziWBpMY152mJiwk7AAeVS752f_eNcZ0NzU

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com



留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…