資安事件新聞週報 2019/5/27 ~ 2019/5/31

資安事件新聞週報  2019/5/27  ~  2019/5/31

1.重大弱點漏洞/後門/Exploit/Zero Day
Apple電腦存在重大漏洞 惡意程式可被輕鬆安裝
http://bit.ly/2W4fHfr

FreeBSD rtld execl權限提升漏洞
http://www.cnvd.org.cn/patchInfo/show/162201

Fortinet 產品多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.1899/

Fortinet FortiOS 授權問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13382

Docker 漏洞允許攻擊者獲得主機root 訪問權限
https://www.solidot.org/story?sid=60807

Researcher Describes Docker Vulnerability
https://www.bankinfosecurity.com/researcher-describes-docker-vulnerability-a-12535

隱私瀏覽器DuckDuckGo爆出漏洞,可導致URL欺騙攻擊
https://read01.com/AzNdky5.html

兆芯發布關於Zombie Load漏洞的聲明
https://xueqiu.com/9983210953/127543310

谷歌安全研究人員發現Notepad的代碼執行漏洞
https://nosec.org/home/detail/2687.html

Synology-SA-19:25 Virtual Machine Manager存在安全漏洞,請儘速確認並進行更新
http://www.cpcm.pu.edu.tw/app/news.php?Sn=139

研究人員發現可繞過Gatekeeper安全機制的macOS漏洞
https://ithome.com.tw/news/130908

大疆無人機有漏洞 專家:你可劫持它
http://bit.ly/2QCN42R

Researcher Finds New Way Around Apple's Gatekeeper
https://www.bankinfosecurity.com/researcher-finds-new-way-around-apples-gatekeeper-a-12525

macOS 10.14.5爆漏洞!略過防禦認證機制執行未辨識的App
https://udn.com/news/story/11017/3837011

蘋果產品多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.1921/

Windows RDP漏洞PoC攻擊程式問世,疑似有駭客開始掃瞄
https://www.ithome.com.tw/news/130930

Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service
https://www.exploit-db.com/exploits/46946

Spring Cloud Config目錄遍歷漏洞(CVE-2019-3799)
http://bit.ly/30ZkUnQ

Nearly 1 Million Computers Still Vulnerable to "Wormable" BlueKeep RDP Flaw
http://bit.ly/2Xcrp43

Almost one million Windows systems vulnerable to BlueKeep (CVE-2019-0708)
https://www.zdnet.com/article/almost-one-million-windows-systems-vulnerable-to-bluekeep-cve-2019-0708/#ftag=RSSbaffb68

Windows使用者注意!新版Windows 10更新即日起推送
https://www.techbang.com/posts/70374-latest-windows-10-updates-start-pushing-now

微軟於 Windows 10 安全更新中加強警示不安全 WiFi 連線
https://twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=858

最新 Windows 10 0-Day 漏洞在推特上出現,可執行任意檔案
https://twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=856

【Windows 10 1903更新災情】部份AMD電腦當機,有電腦無法Wi-Fi連網及連接藍牙裝置
https://www.ithome.com.tw/news/130927?fbclid=IwAR2-dqA1ZhdzV0p3j8zr4wUbs7wIGwqc7nfmpkZfKBENDXhz3xpqD6HT9O0

新的Windows漏洞被公開!從Win10到XP全體陷落
https://www.expreview.com/68649.html

Windows 10 發現新零日漏洞,駭客可取得管理員權限
https://technews.tw/2019/05/27/windows-zero-day/

使用Windows 10注意了 黑客惡意公開其0day漏洞
https://news.sina.com.tw/article/20190528/31443736.html

黑客發動第一波攻勢 鎖定 Windows 系統漏洞目標
http://bit.ly/30QEMsT

Windows 10 Losing Connectivity From Outdated Wi-Fi Drivers
http://bit.ly/2QvCKtx

Update: Hacker Disclosed 4 New Microsoft Zero-Day Exploits in Last 24 Hours
http://bit.ly/2HCGiYg

WhatsApp's Massive Security Flaw Serves To Remind Us The Limits Of Consumer Encryption Apps
http://bit.ly/2YWQkcH

Windows 10 1903 Being Blocked If Using Older BattlEye Software
http://bit.ly/2WqNa30

Windows 10 to warn about insecure WiFi networks using WEP or TKIP
https://www.zdnet.com/article/windows-10-to-warn-about-insecure-wifi-networks-using-wep-or-tkip/#ftag=RSSbaffb68

Windows 10 version 1903: When will you get the next big feature update?
https://www.zdnet.com/article/windows-10-when-will-you-get-the-next-big-feature-update/#ftag=RSSbaffb68

Microsoft adds more Your Phone app features; rolls out another Windows 10 20H1 test build
https://www.zdnet.com/article/microsoft-adds-more-your-phone-app-features-rolls-out-another-windows-10-20h1-test-build/#ftag=RSSbaffb68

Windows Update KB4497936 for Insiders Breaks Windows Sandbox
https://www.bleepingcomputer.com/news/microsoft/windows-update-kb4497936-for-insiders-breaks-windows-sandbox/

Beers with Talos Ep. #54: Patch after listening, RDP and wild 0-days
https://blog.talosintelligence.com/2019/05/beers-with-talos-ep-54-patch-after.html

Microsoft Says Windows 10 Your Phone App Can't Be Uninstalled
https://www.bleepingcomputer.com/news/microsoft/microsoft-says-windows-10-your-phone-app-cant-be-uninstalled/

All The Latest Features of the Windows 10 May 2019 Update
https://www.bleepingcomputer.com/news/microsoft/all-the-latest-features-of-the-windows-10-may-2019-update/

RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability CVE-2019-0708
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/rdp-stands-for-really-do-patch-understanding-the-wormable-rdp-vulnerability-cve-2019-0708/

10 years of virtual dynamite: A high-level retrospective of ATM malware
https://blog.talosintelligence.com/2019/05/10-years-of-virtual-dynamite.html

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
日本樂天 佐伯和彥 咻時代下的資安悍將
http://bit.ly/2W4YaE5

TransferWise 跨境匯款打趴傳統銀行,成歐洲最強金融科技獨角獸
http://bit.ly/2VMRLs0

陸擁抱金融科技 最大挑戰在人才
https://www.chinatimes.com/newspapers/20190527000121-260309?chdtv

富邦銀驚傳當機 ATM無法提款 網銀無法登入
https://www.ttv.com.tw/news/view/10805250012300N/579

ATM、網銀中午大當機 北富銀︰不斷電系統演練發生異常
http://bit.ly/2HBvauy

ATM網銀當機!台北富邦:系統演練時異常已全數恢復
https://www.setn.com/News.aspx?NewsID=546427

台北富邦銀行ATM全線故障2小時 民眾相當焦急
https://hk.news.appledaily.com/china/realtime/article/20190525/59640075

ATM網銀當機 北富銀:系統演練切回時異常
https://money.udn.com/money/story/5613/3833899

網銀及ATM當機 北富銀:已恢復正常
https://m.ctee.com.tw/livenews/ch/a78817002019052515171096

萬能的超商 金管會將開放六項業務可刷卡
https://money.udn.com/money/story/5613/3832726

網上銀行被盜密碼轉帳
https://orientaldaily.on.cc/cnt/news/20190525/00176_058.html

銀行戶口未獲授權轉帳8戶被盜7萬元 專家:小心管理密碼避免接駁公共wi-fi
https://topick.hket.com/article/2358992

中國監管機構承諾加大對包商銀行支持力度
https://on.wsj.com/2wlW4jI

內地鼓勵人幣跨境收付存託憑證業務
https://www2.hkej.com/instantnews/china/article/2147480

扣不到錢就說保單失效! 南山人壽百億新系統出包工會高喊杜英宗下台
https://www.cmmedia.com.tw/home/articles/15763

〈南山人壽再遭重罰〉因炒股案再開鍘660萬元 今年已苦吞5張罰單
https://news.cnyes.com/news/id/4329071

再重罰660萬!前經理人用LINE報明牌 南山又吞罰單
https://fnc.ebc.net.tw/FncNews/else/82036

保險局「根本沒有」核准儲蓄險 決定出手斬斷行銷話術
https://www.ettoday.net/news/20190527/1454114.htm

印尼央行改革支付系統 聯手金融業開發應用程式
https://money.udn.com/money/story/5602/3837869

收發232萬紅包最大挑戰是突發爆量,北富銀CIO揭露如何靠既有IT架構也能支撐新應用
https://www.ithome.com.tw/news/130947

國台辦:台資銀行在大陸獲批籌建信用卡業務
https://www.chinatimes.com/realtimenews/20190529003151-260410?chdtv

新安東京爆程式瑕疵 92件未成年人竟可網路投保旅平險
https://tw.finance.appledaily.com/realtime/20190530/1574717/

單靠手機就讓ATM乖乖吐鈔:LINE力拚全民網銀,少了這道手續,盜領案可能再現
https://www.storm.mg/lifestyle/1342018?srcid=73746f726d2e6d675f63373766396366313733396365313337_1559287594

LINE為純網銀暖身 東京「資安高峰會」聚焦數位身份認證
https://www.ettoday.net/news/20190530/1456662.htm

LINE Bank網銀有三大優勢 強化反洗錢、金融犯罪防制
https://udn.com/news/story/7240/3843994

LINE Bank 以三優勢打造負責任的全民銀行 強化反洗錢、金融犯罪防制
https://linecorp.com/zh-hant/pr/news/zh-hant/2019/2726

LINE Bank:將在台灣推出信用評等機制LINE Score
https://udn.com/news/story/7239/3844351

金管會開罰 台灣產物保險投資等多項缺失
https://udn.com/news/story/7239/3843772

台產7大缺失 被罰60萬還被限制不能這樣
https://www.chinatimes.com/realtimenews/20190530003905-260410?chdtv

The Netherlands becomes the first country to show Amber alerts on ATMs
https://zd.net/2JHP3m8

Equifax rating outlook decimated over cybersecurity breach
https://www.zdnet.com/article/equifax-rated-outlook-decimated-over-cybersecurity-breach/#ftag=RSSbaffb68

Skimming Threat Landscape: Technology Advances Lower Barriers of Entry for Novice Skimming Operators
http://bit.ly/2JLQ8JC

Equifax stripped of ‘stable’ outlook over 2017 breach
https://www.welivesecurity.com/2019/05/28/equifax-negative-rating-outlook-breach/

3.電子支付/電子票證/行動支付/ pay/新聞及資安
電子支付 電子票證下波戰場
http://bit.ly/30LURjS

顧立雄:台灣什麼pay都不賺
https://udn.com/news/story/7239/3833090

國人最愛用這3大Pay 顧立雄:行動支付都沒賺錢
https://news.wearn.com/c231511.html

免用支付寶 轉帳免手續費還能繳税!台灣7大多功能行動支付你下載了嗎
http://bit.ly/2wu3Xn7

MTA新式感應刷卡 下週測試Google Pay
http://www.epochtimes.com/b5/19/5/24/n11276616.htm

台灣Pay綁定鼓勵變脅迫 黃國昌爆:一銀納行員考績
https://www.ettoday.net/news/20190527/1453662.htm

隔空盜刷微信QR Code偷錢案頻生 騰訊:深表歉意並將全額賠付
http://bit.ly/2wo94Fx

Global Payments, TSYS merge in $21.5 billion deal as fintech, payments market evolves to be software driven
https://www.zdnet.com/article/global-payments-tsys-merge-in-21-5-billion-deal-as-fintech-payments-market-evolves-to-be-software-driven/#ftag=RSSbaffb68

Fitbit Pay rolls out access to seven transit systems worldwide, including New York's MTA
https://www.zdnet.com/article/fitbit-pay-rolls-out-access-to-seven-worldwide-transit-systems-including-new-yorks-mta/#ftag=RSSbaffb68

4.虛擬貨幣/區塊鍊   新聞及資安
紐西蘭加密貨幣交易所遭駭 在美聲請破產保護
https://money.udn.com/money/story/5602/3834483

COBINHOOD 解散!工程副總裁 FB「解散貼文」變成徵才串,各方人馬都在下面急著搶人才
http://bit.ly/2Wl9aMV

區塊鏈代幣支付 現身國際體育賽事嘉年華活動
https://money.udn.com/money/story/5636/3835211

Facebook明年將推加密貨幣GlobalCoin 計劃年底前開始試用
https://news.sina.com.tw/article/20190527/31438528.html

以區塊鏈結合保險科技提升電商誠信
http://bit.ly/30LB0Rz

投資ETN免利息所得稅 永豐外資50N緊追外資布局
https://udn.com/news/story/7251/3836869

加密貨幣與穿戴設備完美結合Franck Muller 比特幣奢華錶「Encrypto」
https://news.cnyes.com/news/id/4326922

STO證券型代幣草案初評
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=45&id=0000559851_rsv7x6pz6i0l860xgb9xv

比特幣升穿8900美元 1年新高
http://bit.ly/2HD5A8u

雅虎日本加密貨幣交易平台終上線!TaoTao 落實 5 月 30 日營運
https://news.cnyes.com/news/id/4327338

漏洞被抓包! WalletGenerator.net 將同組密鑰重複發送給多名用戶
https://blockcast.it/2019/05/28/researcher-reveal-walletgenerator-net-vulnerability/

區塊科技 開啟數位合約新紀元
http://bit.ly/2I7V1JE

區塊鏈基本知識
http://bit.ly/2QBom2Q

Facebook set to launch own brand of cryptocurrency in 2020
https://www.zdnet.com/article/facebook-set-to-launch-own-brand-of-cryptocurrency-in-2020/#ftag=RSSbaffb68

Cryptocurrency Laundering Service, BestMixer.io, Taken Down by Law Enforcement
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/crypto-currency-laundering-service-bestmixer-io-taken-down-by-law-enforcement/

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / APT
害人害己?美城市遭軟體勒贖 來源竟是美政府網路武器
https://udn.com/news/story/6813/3834928

巴爾的摩遭軟體勒贖 駭客工具竟來自國安局
https://www.cna.com.tw/news/aopl/201905260113.aspx

美網路武器外流 變病毒勒贖多州政府
https://udn.com/news/story/6813/3836082

美國安局開發程式 成駭客工具 巴爾的摩拒付贖金
https://www.ntdtv.com/b5/2019/05/29/a102588790.html

美市政府電腦遭入侵 拜「自己友」所賜 國安局失竊程式 變黑客勒索軟件
https://hk.news.appledaily.com/international/daily/article/20190527/20688452

美國安局外流「攻擊微軟」網路武器 北韓用這創Wanna cry
https://www.ettoday.net/news/20190527/1453526.htm

紐時:駭客以美國安局打造的EternalBlue工具作跳板,癱瘓美國政府單位與其它組織
https://www.ithome.com.tw/news/130910

駭客綁架美市政系統,勒索比特幣贖金!上萬台政府電腦全面癱瘓邁入第三週
https://buzzorange.com/techorange/2019/05/30/baltimore-robbinhood-blackmail/

發現Mirai新變種:使用多達13種漏洞利用攻擊目標路由器和其他設備
https://www.4hou.com/malware/18225.html

ScarCruft 駭客集團開發具備藍牙裝置掃描能力的惡意程式
https://blog.trendmicro.com.tw/?p=60732

瞄準Linux平臺的惡意軟體HiddenWasp現身
https://www.ithome.com.tw/news/131017

TA505 is Expanding its Operations
https://blog.yoroi.company/research/ta505-is-expanding-its-operations/

マルウエアが含まれたショートカットファイルをダウンロードさせる攻撃
https://blogs.jpcert.or.jp/ja/2019/05/darkhotel_lnk.html

マルウエアTSCookieの設定情報を正常に読み込めないバグ(続報)
https://blogs.jpcert.or.jp/ja/2019/05/tscookie-2.html

Google adds to Baltimore’s ransomware woes
http://bit.ly/2JG3TJK

Campanha de phishing usa arquivo MSI para disseminar malware bancário no Brasil
https://morphuslabs.com/campanha-de-phishing-usa-arquivo-msi-para-disseminar-malware-bancário-no-brasil-2362439f042a

Hackers Attack MySQL Servers on Windows to Deliver GandCrab Ransomware
http://bit.ly/2Qwpxkn

Hackers are scanning for MySQL servers to deploy GandCrab ransomware
https://www.zdnet.com/article/hackers-are-scanning-for-mysql-servers-to-deploy-gandcrab-ransomware/#ftag=RSSbaffb68

WannaCry Still Causing Tears 2 Years On
https://www.bankinfosecurity.in/interviews/wannacry-still-causing-tears-2-years-on-i-4335

Malware designed to steal cash from banks grew 60 p.c in Q1
https://www.releasesoon.com/malware-designed-to-steal-cash-from-banks-grew-60-p-c-in-q1/

US City of Baltimore Under Attack by NSA Cyber Weapon – Report
https://actu.cc/story/us-city-of-baltimore-under-attack-by-nsa-cyber-weapon-report-16771

Ransomware and malware attacks decline, attackers adopting covert tactics
https://www.helpnetsecurity.com/2019/05/20/ransomware-attacks-decline/

La actividad del ransomware disminuye, pero continúa siendo una amenaza peligrosa
https://www.symantec.com/blogs/america-latina/la-actividad-de-ransomware-disminuye

Malicious Bot Attacks: Why They're More Dangerous than Ever
https://www.symantec.com/blogs/feature-stories/malicious-bot-attacks-why-theyre-more-dangerous-ever

New Bitcoin Scam Leads to Ransomware and Info-Stealing Trojans
https://www.bleepingcomputer.com/news/security/new-bitcoin-scam-leads-to-ransomware-and-info-stealing-trojans/

LockerGoga Ransomware Family Used in Targeted Attacks
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/lockergoga-ransomware-family-used-in-targeted-attacks/

Let adware be treated as malware, Canuck boffins declare after breaking open Wajam ad injector
https://www.theregister.co.uk/2019/05/20/wajam_malware_claims/

Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates
https://www.spamtitan.com/blog/emotet-malware-revives-old-email-conversations-threads-to-increase-infection-rates/

Unpack malware with Process Hollowing technique
https://www.reddit.com/r/Malware/comments/bt5whf/unpack_malware_with_process_hollowing_technique/

Shade Ransomware Hits High-Tech, Wholesale, Education Sectors in U.S, Japan, India, Thailand, Canada
https://unit42.paloaltonetworks.com/shade-ransomware-hits-high-tech-wholesale-education-sectors-in-u-s-japan-india-thailand-canada/

Surge of MegaCortex ransomware attacks detected
https://www.zdnet.com/article/sudden-surge-of-megacortex-ransomware-infections-detected/

Campanha de phishing usa arquivo MSI para disseminar malware bancário no Brasil
https://morphuslabs.com/campanha-de-phishing-usa-arquivo-msi-para-disseminar-malware-banc%C3%A1rio-no-brasil-2362439f042a

HiddenWasp Malware Stings Targeted Linux Systems
https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/

A dive into Turla PowerShell usage
https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/

Infected Cryptocurrency-Mining Containers Target Docker Hosts With Exposed APIs, Use Shodan to Find Additional Victims
https://blog.trendmicro.com/trendlabs-security-intelligence/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims/

Kaspersky Lab reports 61% jump in mobile banking malware
https://www.atmmarketplace.com/news/kaspersky-lab-reports-61-jump-in-mobile-banking-malware/

Emotet Botnet Behind Most Email-Based Threats in Q1 2019
https://www.bleepingcomputer.com/news/security/emotet-botnet-behind-most-email-based-threats-in-q1-2019/

Emotet: How to stop ‘the most destructive malware’ in existence
https://www.itgovernance.co.uk/blog/emotet-how-to-stop-the-most-destructive-malware-in-existence

B.行動安全 / iPhone / Android /穿戴裝置 /App
華為遭MicroSD協會除名、禁參與Wi-Fi事務
https://www.ithome.com.tw/news/130891

親情號被爆監聽漏洞?手機插入SIM卡定位器即可實現
https://news.sina.com.tw/article/20190527/31436728.html

南韓唯一使用華為5G設備電信商:未收到指示禁用華為
https://ec.ltn.com.tw/article/breakingnews/2803296

Line Mobile 自動扣款失敗該怎麼解決與處理? 客服處理效率不敢領教
https://mrmad.com.tw/line-mobile-automatic-deduction

權威調查:100款常用App申請收集使用個人信息權限情況
https://www.freebuf.com/news/204575.html

赫爾大學四名駭客開發APP改變了英國校園生活
https://www.xoer.cc/1268028

智能手機出現漏洞黑客可記錄手機網絡活動
https://www.chainnews.com/articles/849934724053.htm

愛瘋程式暗藏追蹤器 入夜上傳個資
https://www.chinatimes.com/hottopic/20190530003651-260804?chdtv

iOS 12.3.1 for iPhone and iPad is out
https://www.zdnet.com/article/ios-12-3-1-for-iphone-and-ipad-is-out/#ftag=RSSbaffb68

Tor Browser for Android — First Official App Released On Play Store
http://bit.ly/2whuHr9

Apple's App Store ads make finding the app you want frustrating
https://www.zdnet.com/article/apples-app-store-ads-make-finding-the-app-you-want-frustrating/#ftag=RSSbaffb68

The winner in the war on Huawei is Samsung
https://www.zdnet.com/article/the-winner-in-the-war-on-huawei-is-samsung/#ftag=RSSbaffb68

OnePlus 7 Pro Fingerprint Reader Hacked In Matter Of Minutes
http://bit.ly/2VMkrRW

Huawei woes, OnePlus 7 Pro, Forerunner 945, and Pixel Slate improvements (MobileTechRoundup show #470)
https://www.zdnet.com/article/huawei-woes-oneplus-7-pro-forerunner-945-and-pixel-slate-improvements-mobiletechroundup-show-470/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
台灣開發者自學能力很強,但缺乏大型專案經驗
https://www.inside.com.tw/article/16517-facebook-taiwan-developer

駭客犯罪 AI 化!在暗網裡,駭客可以用 AI 創造我們的「分身」
https://buzzorange.com/techorange/2019/05/27/hacker-use-ai-to-hack/

【HITCON CMT 2019 售票】詳細資訊公吿
https://blog.hitcon.org/2019/05/hitcon-2019-cmt-reg.html?m=1

【HITCON Free - CMT 2018 問卷贈票】
https://blog.hitcon.org/2019/05/hitcon-2019-cmt-questionnaire-lottery.html

LINE資安高峰會登場 聚焦數位身分與信任
https://www.cna.com.tw/news/ait/201905290270.aspx

LINE攜手Intertrust舉辦第五屆資安高峰會,聚焦數位身分與信任
https://www.techbang.com/posts/70534-line-intertrust-to-host-the-fifth-ninth-security-summit-to-focus-on-digital-identity-and-trust

頂尖白帽駭客投入資安人才培養 推動跨國交流強化網路安全環境
https://ithome.com.tw/pr/130855

無線電遙控器潛藏5大攻擊手法
https://www.ithome.com.tw/tech/130754

「資安真經」之中途轉機篇 - HKUSPACE
http://bit.ly/2QnFpFH

撿到美國的槍…北韓、俄國駭慘全球
https://money.udn.com/money/story/5599/3836078

美官員:華為有情報機構等級祕室
http://bit.ly/2MdnQtq

美媒警告,禁華為直接衝擊美國農村無線網路服務
http://bit.ly/30OmwAn

華為「偷竊之路」大曝光 軟件漏洞也照抄
https://www.ntdtv.com/b5/2019/05/27/a102587312.html

美遭親密盟友背叛 英使用華為5G設備
https://www.chinatimes.com/realtimenews/20190531001665-260410?chdtv

任正非:我是從未來偷取美國技術
http://bit.ly/2YO9scH

中國首個大數據安全分析比賽收官,冠軍亮相
http://www.hkcna.hk/content/2019/0525/764975.shtml

DataCon大數據安全分析比賽在貴陽數博會收官
https://news.sina.com.tw/article/20190525/31420962.html

中共間諜活動五花八門 美強力反擊
http://bit.ly/2I3ymxY

彭定康視港為攻擊中國工具
http://www.hkcd.com/content/2019-05/25/content_1139570.html

重慶網安部門偵破系列涉外網絡黑客案,涉案金額高達2千餘萬元
https://www.freebuf.com/news/204427.html

中共網軍入侵華碩雲端 台政府機關遭駭
http://bit.ly/2WyVXjo

中國網軍入侵華碩雲端 資安業者:5個A級政府機關遭駭
http://bit.ly/2MdwTL2

台美日聯手 推進印太地區資安防禦網
http://bit.ly/2HKB2lz

台美日合辦GCTF網路安全營 智利墨西哥首度與會
https://udn.com/news/story/7314/3839401?from=udn-ch1_breaknews-1-cate1-news

紐西蘭預算文件提前曝光 財政部宣稱遭駭客攻擊
https://money.udn.com/money/story/5599/3841215

印太資安聯盟成立!美高層級登場
http://bit.ly/2VYqUte

成立「印太資安聯盟」!AIT官員Ryan Engen:資安問題不應被政治因素影響
http://bit.ly/2KhIq9l

印太資安聯盟成立 推動國家資安實力
https://www.chinatimes.com/realtimenews/20190530004300-260410?chdtv

錫安主義、殖民與以色列核武發展
https://www.coolloud.org.tw/node/92927

政府系統遭黑客48小時攻擊2000次 財政預算案文件外洩
https://hk.on.cc/hk/bkn/cnt/aeanews/20190530/bkn-20190530010224498-0530_00912_001.html

Hackers Stole Customers' Credit Cards from 103 Checkers and Rally's Restaurants
https://thehackernews.com/2019/05/credit-card-checkers-restaurants.html

The phenomena of targeted attacks
http://bit.ly/2XcXiK4

The dark web: Not so anonymous after all
https://medium.com/futuresin/the-dark-web-not-so-anonymous-after-all-450854d9805f

Chinese military to replace Windows OS amid fears of US hacking
https://zd.net/2VWKCFJ

Chinese Spy Group Mixes Up Its Malware Arsenal with Brand-New Loaders
http://bit.ly/2JIwdeF

U.S. Charges WikiLeaks' Julian Assange With Violating Espionage Act
http://bit.ly/2EyGoOG

As EternalBlue Racks Up Damages It Reminds Us There Is No Such Thing As A Safe Cyber Weapon
http://bit.ly/2I0PO6k

Tax delays and canceled home sales: Cyberattacks are taking a big personal toll on people’s lives
https://cnb.cx/2K4IgSR

Huawei: Beijing Retaliates, New Cyber Law Could Block U.S. Technology From China
http://bit.ly/2HRuhgg

DDoS attacks in Q1 2019
https://securelist.com/ddos-report-q1-2019/90792/

This week NATO Secretary General Jens Stoltenberg explained during a conference
at the Cyber Defence Pledge conference in London how the Alliance is countering cyber threats
https://securityaffairs.co/wordpress/86133/breaking-news/nato-cyber-offensive.html

Russia receives a stern warning from NATO for Cyber Attacks
https://www.cybersecurity-insiders.com/russia-receives-a-stern-warning-from-nato-for-cyber-attacks/

Council now able to impose sanctions for cyber attacks
http://bit.ly/2MdC3qs

Ethiopia suffers increased cyber attacks
http://apanews.net/index.php/en/news/ethiopia-suffers-increased-cyber-attacks/

Cyber attack on several Sri Lankan websites including Kuwait Embassy
http://www.themorning.lk/cyber-attack-on-several-sri-lankan-websites-including-kuwait-embassy/

Google’s security tools can shield from cyber-attacks
https://www.ehackingnews.com/2019/05/googles-security-tools-can-shield-from.html

Google Advice to Avoid Cyber Attack
https://www.collegenp.com/technology/google-advice-to-avoid-cyber-attack/

Open Source Security - How to Defend at the Speed of Attack
https://www.bankinfosecurity.asia/interviews/open-source-security-how-to-defend-at-speed-attack-i-4343

What Happens in the First 24 Hours of a Cyber Attack
https://www.realworldsurvivor.com/2019/05/20/cyber-attack/

Red Cross website hacked in latest Singapore cyber attack
http://www.digitaljournal.com/news/world/red-cross-website-hacked-in-latest-singapore-cyber-attack/article/549903#ixzz5pCCJ2tpA

Donald Trump emergency announcement in the United States on cyber security
http://blogsauthor.com/donald-trump-emergency-announcement-in-the-united-states-on-cyber-security/

Cyber Battle Damage Assessment Framework and Detection of Unauthorized Wireless Access Point Using Machine Learning
https://link.springer.com/chapter/10.1007/978-981-13-3648-5_59

GAME OF THRONES LEAKED IN HBO CYBER ATTACK
https://thebeat99.com/game-thrones-leaked-hbo-cyber-attack-02-08-2017

ACHD cyber attack under investigation by FBI, Homeland Security
http://bit.ly/2XgdGcQ

Iranian Nation-State APT Groups 'Black Box' Leak
https://www.clearskysec.com/wp-content/uploads/2019/05/Iranian-Nation-State-APT-Leak-Analysis-and-Overview.pdf

Governments increasingly eye social media meltdown
https://blog.malwarebytes.com/cybercrime/2019/05/governments-increasingly-eye-social-media-meltdown/

Botnet-led DDoS Attacks Are Hitting Record Intensities. Imperva is Mitigating All of Them
https://www.imperva.com/blog/botnet-led-ddos-attacks-are-hitting-record-intensities-imperva-is-mitigating-all-of-them/

Modern Database Security Buys Down More Risks for Enterprises
https://www.imperva.com/blog/modern-database-security-buys-down-more-risks-for-enterprises/

61 percent of organizations are worried about email-borne threats 
http://bit.ly/2EIJpMh

Russian military moves closer to replacing Windows with Astra Linux
https://www.zdnet.com/article/russian-military-moves-closer-to-replacing-windows-with-astra-linux/#ftag=RSSbaffb68

The FBI's most wanted cybercriminals
https://zd.net/2Wx9Gr6

安碁資訊股份有限公司-求才職缺
https://www.iiiedu.org.tw/32070/

資安工程師 - D91
https://www.104.com.tw/job/6mhcb

高雄市教育局/資安系統管理約聘人員
https://www.ptt.cc/bbs/job/M.1558943415.A.FA2.html

CMoney培訓軟體工程師
https://money.udn.com/money/story/5607/3837609

應用程式資安 助理工程師 (新竹)
https://www.104.com.tw/job/6imvc

招聘| 奇安信集團觀星實驗室招聘安全研究員(JAVA漏洞挖掘方向)
https://www.anquanke.com/post/id/179233

資安事件調查員
https://www.104.com.tw/job/6j3cl

資安系統工程師-(台中商軟)
https://www.104.com.tw/job/6jxfn

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
散播食安假消息 重罰百萬
http://bit.ly/2Wo6ZrF

美國保險公司網絡出現漏洞 8.85億交易資料或流出
http://bit.ly/2JFglt9

超大漏洞!美國房地產權巨擘 驚傳洩漏8.85億產權保險紀錄
https://news.pchome.com.tw/science/cnews/20190528/index-55903699585444227005.html

超大漏洞!美國房地產權巨擘 驚傳洩漏8.85億產權保險紀錄
https://cnews.com.tw/140190528a05/

美金融集團被指2003年起泄露數億份產權保險記錄
https://news.sina.com.tw/article/20190525/31419286.html

利用 Apple Care 漏洞騙取真 iPhone 中國騙徒被判有罪
https://unwire.hk/2019/05/26/apple-care-trick/fun-tech/

比悲傷還悲傷的故事…設置高強度密碼結果自己忘記!網推這招1秒登入
https://www.ettoday.net/news/20190527/1446751.htm

臉書打擊假帳號,大砍二十億個假帳號
http://bit.ly/2W9PwnN

印度機密文件失竊!保險柜被直接偷走,87億美元軍購要白瞎
https://kknews.cc/military/o34zmem.html

美國保險公司網絡出現漏洞 8.85億交易資料或流出
http://bit.ly/2JFglt9

一頁式詐騙廣告有6特徵 售價遠低行情就該提高警覺
https://news.ltn.com.tw/news/society/breakingnews/2802721

仔細檢查你信用卡的消費明細。iTunes 的消費是被盜刷的
https://www.backchina.com/blog/135369/article-306971.html

在LINE使用PAYPAL綁定信用卡,隔天居然被盜刷大筆金額
https://www.bc3ts.com/post/19707

新型騙局:「有人打算出價5億元購買您的網路關鍵詞」
https://news.sina.com.tw/article/20190526/31424744.html

越南警方向中方移交8名網路詐騙嫌疑人 涉案金額近億元
https://news.sina.com.tw/article/20190528/31442648.html

搭建虛假交易平台騙近億元 越南向中國移交8名網絡詐騙犯
http://bit.ly/2VPPix3

安哥拉現新型詐騙方式 華人需提高警惕
https://news.sina.com.tw/article/20190528/31445844.html

冒名專頁鎖定粉專下手 知名部落客險遭詐
https://news.tvbs.com.tw/local/1140169

詐騙高風險賣場 假網拍「臉書」最多
https://news.ltn.com.tw/news/society/breakingnews/2805198

為資料把關,隱私保護漸成為蘋果產品的真正賣點
https://technews.tw/2019/05/30/apple-selling-point/

伺服器、儲存、雲端服務組態不當,23億份高敏感資料檔曝光
https://www.ithome.com.tw/news/131016

你是Flipboard用戶嗎?該公司被駭了
https://www.ithome.com.tw/news/130951

Flipboard Database Hacked — Users' Account Information Exposed
http://bit.ly/30VGnOu

Flipboard says hackers stole user details
https://www.zdnet.com/article/flipboard-says-hackers-stole-user-details/#ftag=RSSbaffb68

NOTICE OF SECURITY INCIDENT
https://about.flipboard.com/support-information-incident-May-2019/

Unsecured database exposes 85GB in security logs of major hotel chains
https://www.zdnet.com/article/unsecured-database-exposes-security-logs-of-major-hotel-chains/#ftag=RSSbaffb68

Under GDPR, UK Data Breach Reports Quadruple
https://www.bankinfosecurity.asia/under-gdpr-uk-data-breach-reports-quadruple-a-12530

Netanyahu among millions exposed on open travel company data base
http://bit.ly/2Qp2TKE

Australian tech unicorn Canva suffers security breach
https://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/#ftag=RSSbaffb68

Snapchat internal tools abused to spy on users and pillage data
https://www.zdnet.com/article/snapchat-internal-tools-used-to-spy-on-users-pillage-their-data/#ftag=RSSbaffb68

Instagram Bans Social Media Company After Data Exposure
https://www.bankinfosecurity.com/instagram-bans-social-media-company-after-data-exposure-a-12518

Researcher: Data Leaked for 300 Million Truecaller Users
https://www.bankinfosecurity.asia/researcher-data-leaked-for-300-million-truecaller-users-a-12519

A Blurry Birthday For GDPR
http://bit.ly/2VTEWwa

Medical industry struggles with PACS data leaks
https://blog.malwarebytes.com/threat-analysis/2019/05/medical-industry-struggles-with-pacs-data-leaks/

The aftermath of a data breach: A personal story
https://www.welivesecurity.com/2019/05/30/aftermath-data-breach-personal-story/

E.研究報告
Netflix 幕後最大功臣是 Python!工程師: 每個數據工具都靠 Python 建構
https://buzzorange.com/techorange/2019/05/27/python-at-netflix/

InfoSteal 竊聽程式攻擊事件分析報告
https://portal.cert.tanet.edu.tw/docs/pdf/2019053002054242865263875600067.pdf

CVE-2019-11815:Linux kernel漏洞
https://www.4hou.com/vulnerable/18224.html

實戰篇丨聊一聊SSRF漏洞的挖掘思路與技巧
https://read01.com/kzymKL5.html

C#winform應用程序安全性漏洞測試工具
http://hk.voidcc.com/question/p-bzddffhv-td.html

Windows版“碟中諜”:如何利用Win32k漏洞實現Chrome沙盒逃逸
https://www.anquanke.com/post/id/179234

Wormable RDP漏洞CVE-2019-0708詳細分析
https://xz.aliyun.com/t/5243

挖洞經驗| 從XSS漏洞到四步CSRF利用實現賬戶劫持
https://www.freebuf.com/vuls/203257.html

MalConfScan:從已知的惡意軟件家族中提取配置信息
https://www.freebuf.com/sectool/203732.html

揭開病毒的面紗:惡意代碼自解密技術
https://www.freebuf.com/articles/rookie/204069.html

模擬飛行:看我如何生成並分析惡意網絡流量
https://www.freebuf.com/sectool/203534.html

在沒有源代碼的情況下對Linux二進制代碼進行模糊測試
https://www.freebuf.com/articles/system/203302.html

Reverie:一款針對Parrot Linux的自動化滲透測試工具
https://www.freebuf.com/sectool/203539.html

二維碼掃碼登錄“剋星”QRLJacker攻擊向量分析及演示
https://www.freebuf.com/vuls/202192.html

某HR業務網站邏輯漏洞挖掘案例以及POC編寫思路分享
https://www.freebuf.com/articles/web/201438.html

易到用車遭遇勒索攻擊,周鴻禕隔空聲援
https://www.freebuf.com/news/204528.html

關於Metasploit 5中測試模塊的移植與驗證
https://www.freebuf.com/articles/system/203541.html

通過ee-outliers與Elasticsearch檢測TLS beaconing
https://www.freebuf.com/sectool/202735.html

小眾CMS vaeThink v1.0.1 代碼執行漏洞挖掘分析
https://www.freebuf.com/vuls/203562.html

SilkETW:一款針對Windows事件追踪的自定義C#封裝工具
https://www.freebuf.com/sectool/203531.html

挖洞經驗| 獲取Facebook Marketplace賣家精確地理位置信息
https://www.freebuf.com/vuls/202820.html

整理網絡安全措施的5個小技巧
https://www.freebuf.com/news/203807.html

原來的Java反序列化遠程執行漏洞這麼簡單
https://www.freebuf.com/articles/database/203727.html

針對國內IP發起攻擊的DDoS樣本分析
https://www.freebuf.com/articles/network/203796.html

BlueKeep RCE漏洞遭黑客利用,大規模掃描受影響Windows系統
https://zhuanlan.zhihu.com/p/67250811

跟網路安全工具 PK,網路釣魚技術愈來愈刁鑽
https://blog.trendmicro.com.tw/?p=59976

CVE-2018-12067及類似漏洞分析與相關思考
https://xz.aliyun.com/t/5248

CVE-2019-0708漏洞: RDP= Really DO Patch
https://www.4hou.com/vulnerable/18181.html

挖洞經驗| 從XSS漏洞到四步CSRF利用實現賬戶劫持
http://www.sohu.com/a/316997479_354899?sec=wd

路由器漏洞挖掘之DIR-815棧溢出漏洞分析
https://www.anquanke.com/post/id/179510

CVE-2019-0725: An Analysis of Its Exploitability
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-0725-an-analysis-of-its-exploitability/

Threat Research Learning to Rank Strings Output for Speedier Malware Analysis
http://bit.ly/2JNXlsM

THE NANSH0U CAMPAIGN – HACKERS ARSENAL GROWS STRONGER
https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/

DACL Permissions Overwrite Privilege Escalation (CVE-2019-0841)
http://bit.ly/2wlqRgL

hasherezade/pe-sieve
https://github.com/hasherezade/pe-sieve/releases/tag/v0.1.8

hasherezade/hollows_hunter
https://github.com/hasherezade/hollows_hunter/releases/tag/v0.2.1

5 Cybersecurity Tools Every Business Needs to Know
http://bit.ly/2Eym4N8

A Kubernetes Developer Workflow for MacOS
http://bit.ly/2K5Kb9D

Intense scanning activity detected for BlueKeep RDP flaw
https://www.zdnet.com/article/intense-scanning-activity-detected-for-bluekeep-rdp-flaw/#ftag=RSSbaffb68

How to Capture Keystrokes & Passwords Remotely
https://null-byte.wonderhowto.com/how-to/hacking-windows-10-capture-keystrokes-passwords-remotely-0183612/

BlackArch Linux  Penetration Testing Distribution
https://blackarch.org/index.html?fbclid=IwAR0jyQYaD5z-TVBZPJlJS9bBnTKq8LiZT-S5fQK_d72iNhKowA-p-hMvljU

GFWaaS - GFW as a Service
https://gfwaas.github.io/?fbclid=IwAR2ylgkS-xqQa7rfvx7ydjSlLVEsi-8Yc9ztIM8B_0jGicySKdcQPNZoaF4

CYBERSECURITY FOR MANAGERS: A PLAYBOOK
https://executive-ed.mit.edu/cybersecurity/index.php?fbclid=IwAR0ZOkKynpPHUgG2dSksUamR2SSMcZV6mZsEhVhjekZXlxVH4RQABpWKoMU

10 Ground Rules for Red Teams
https://www.symantec.com/blogs/expert-perspectives/10-ground-rules-red-teams

RSAC 2019: Entrando en la mente de un hacker
https://www.symantec.com/blogs/america-latina/rsac-2019-entrando-en-la-mente-de-un-hacker

Security Alert: A critical vulnerability in Microsoft RDP could lead to another WannaCry-magnitude attack
https://heimdalsecurity.com/blog/rdp-vulnerability-microsoft/

Q1 2019 Cyber Attacks Statistics
https://www.hackmageddon.com/2019/05/23/q1-2019-cyber-attacks-timeline/

Don’t Use Public USB Charging Stations, and Other Cyber Travel Tips
https://medium.com/swlh/dont-use-public-usb-charging-stations-and-other-cyber-travel-tips-6389e5371683

My Data Science Blogging Journey on Medium till now
https://towardsdatascience.com/my-technical-blogging-journey-on-medium-till-now-38aa9b9804b6

A Debugging Primer with CVE-2019–0708
https://www.vxrl.hk/2019/05/24/CVE-2019-0708/?fbclid=IwAR3r8RXv24eHtOGIQHBmbh4LJlV6-DJQ-LhF_7eaMNWMLAU7h4lZxoeBNzA

Threat Research Framing the Problem: Cyber Threats and Elections
http://bit.ly/2YYY51r

情報セキュリティ早期警戒パートナーシップガイドライン2019年版
https://www.jpcert.or.jp/vh/partnership_guideline2019.pdf

F.商業
零壹推四大方案 搶攻數位轉型商機
http://bit.ly/2WpqGj0

資訊安全技術服務機構服務能量登錄通過名單
https://www.acw.org.tw/News/Detail.aspx?id=73

中華電信前進COMPUTEX 首次秀超越1Gbps 5G無線下載
https://udn.com/news/story/7240/3835042

微軟Windows 傳也封殺華為 「藍牙技術聯盟」下一個跟進
https://udn.com/news/story/120490/3836486

ILCoin抗量子攻擊C2P協議成功通過Palo Alto Networks Partner認證
https://money.udn.com/money/story/9529/3838261

承租雲空間成資料管理新趨勢 適切保證承諾贏得客戶信心 避免營業秘密暴露 雲端租賃首重資料安全
https://www.netadmin.com.tw/article_content.aspx?sn=1905080003

FireEye買下安全檢測新創,強化滲透測試技術
https://www.ithome.com.tw/news/130955

Google Chrome、Drive將限制外掛程式存取用戶資料
https://www.ithome.com.tw/news/131010

Palo Alto買下二家專攻新興技術的資安公司
https://www.ithome.com.tw/news/130997

CrowdStrike, NSS Labs resolve court battle over product testing
https://www.zdnet.com/article/crowdstrike-nss-labs-withdraw-court-battle-over-product-testing/#ftag=RSSbaffb68

Palo Alto Networks announces Prisma for cloud security
https://www.zdnet.com/article/palo-alto-networks-announces-prisma-for-cloud-security/?fbclid=IwAR23dk231np3hcY-HYJohKUqT57ZewvRV7UG6UWRiEs1qnEeXf-ml-IvZDA

G.政府
臺灣資安業者揭露:5個A級政府機關及地方政府於4月被植入Plead惡意程式
https://www.ithome.com.tw/news/130895

朱立倫提資安國防 不主動引戰、不畏懼作戰、不存僥倖
https://udn.com/news/story/6656/3832884?from=udn-ch1_breaknews-1-cate1-news

中共駭全球 國際級資安加速器看好台灣
http://bit.ly/2M6Gymp

馬來西亞、新加坡資安周 徵集臺灣資安解決方案商進駐
https://www.acw.org.tw/News/Detail.aspx?id=74

桃園資安員額 擴大爭取
http://bit.ly/2W1gRIy

「資安認證」全推臨時人員 陳海山曝原因:沒加薪恐還倒貼
https://penghudaily.blogspot.com/2019/05/blog-post_177.html

唐鳳:台灣善用社群媒體打假消息 反制迅速
https://www.cna.com.tw/news/aopl/201905240335.aspx

唐鳳訪加 將宣布啟動研議開放政府國家行動方案
https://www.cna.com.tw/news/aipl/201905260038.aspx?fbclid=IwAR1sFkvFCXAuePmO8fYPUqmAfSZQrefv6pWhpF7OljKuwNJz0oWo9iC-TtE

防中國駭客上萬機關資安訂5級 外交部等列A級
https://news.ltn.com.tw/news/politics/breakingnews/2804097

金融研訓院開辦資訊安全暨數位鑑識系列課程
http://service.tabf.org.tw/tw/user/369833/

工研院:台灣是網攻熱點,造就資安人才經實戰演練素質高
https://technews.tw/2019/05/20/irti-taiwan-is-small-but-a-hotspot-cyber-attack-taiwan-have-good-quality-of-security-talants/

對付台版水門案!老馬拆手機電池... 韓國瑜除了擔心還能做什麼
https://udn.com/news/story/6656/3840079?from=udn-catelistnews_ch2

行政院公告:預告「資通安全責任等級分級辦法」部分條文修正草案
https://join.gov.tw/policies/detail/9b69f9ab-fff8-4072-85c4-257e2953de7c

跟進美國禁用華為?經濟部:關鍵基礎設施已停用華為設備
https://www.storm.mg/article/1335418?srcid=73746f726d2e6d675f6e756c6c_1559119164

華為被封殺 沈榮津:我影響有限
https://udn.com/news/story/7238/3840811

唐鳳:中國電信設備私營國營不分 台灣5年前已禁用華為
http://bit.ly/30VKREv

桃市青年局網站有資安危機 議員要求改善
http://bit.ly/2wt2TQM

數位人才需求高 政院拍板每年新增培育7500名資通訊人才
https://www.rti.org.tw/news/view/id/2022420

培育8.3萬資通訊人才 109學年起相關科系名額外加10%
https://www.cna.com.tw/news/firstnews/201905300137.aspx

精進資通訊數位人才培育策略
http://bit.ly/2JLLcV6

跟進美國禁用華為?經濟部:關鍵基礎設施已停用華為設備
http://bit.ly/2VYrzuI

「5年前建4G就禁止中國組件」唐鳳:所以台灣在國際上很有話語權
https://www.ftvnews.com.tw/news/detail/2019530W0004

離譜!國安局上校「手賤」 侵入機密電腦遭查獲
https://www.chinatimes.com/realtimenews/20190531002453-260402?chdtv

H.SCADA/ICS/工控系統
標準/嵌入式保護元件並行 工業系統網路安全有保障
https://www.mem.com.tw/arti.php?sn=1905240009

某工控4G路由器存在大量弱口令
https://www.freebuf.com/articles/ics-articles/203802.html

臺灣帶頭推動半導體資安標準,解決高科技產業資安防護難題
https://www.ithome.com.tw/news/130943

工控系統資安防護 ( 應用理論、進階實務 ) 課程
http://bit.ly/2wukt6R

多款Schneider Electric產品拒絕服務漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6807

Modicon Quantum權限和訪問控制漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6815

JVNVU#93268101 三菱電機製 MELSEC-Q シリーズ Ethernet インタフェースユニットにおけるサービス運用妨害(DoS)の脆弱性
https://jvn.jp/vu/JVNVU93268101/

IoT cyber attacks cost the UK economy £1 billion
https://gdpr.report/news/2019/05/24/iot-cyber-attacks-cost-the-uk-economy-1-billion/

I.教育訓練
JavaScript | ES6 中最容易誤會的語法糖 Class - 基本用法
http://bit.ly/2HFxkcU

從一道CTF題零基礎學V8漏洞利用
https://www.freebuf.com/vuls/203721.html

高科大資研社 Flutter社課資源
https://hackmd.io/s/rkLScjudE?fbclid=IwAR1xDJcOP2CShGdlDSwL8v2CDy-C-ERfMJP3_qb8-lNWtBBKZCQE93n61No

Web安全漏洞系列:跨站請求偽造
https://www.freebuf.com/video/204952.html

How to Set Up an SSH Server with Tor to Hide It from Shodan & Hackers
http://bit.ly/30PNNm5

Hacking and Cyber Security Certification Training Bundle 2019 (10 Courses)
http://bit.ly/2Wl7a7n

Creating Custom Vue.js Plugins
https://alligator.io/vuejs/creating-custom-plugins/?fbclid=IwAR2k4HT1uHnVwX0u0i0Aeo2GZrgZCjJWIam0Mhw5k4wuWgWqErlvsejtPgo

Converto : Installing Kali Linux on VPS Server
https://kalilinuxtutorials.com/converto/?fbclid=IwAR0OgzBEIEA8gXtcqQooIFWpEb1LAIVbsVGHJiyCPYWRXQlKtsiUe9L5WCY

Tales From the SOC: Hunting for Persistent Malware
https://blog.paloaltonetworks.com/2019/05/xdr-tales-from-the-soc-hunting-for-persistent-malware/

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
周鴻禕:如果不能解決網路安全問題,物聯網可能會讓世界走向悲觀
https://news.sina.com.tw/article/20190525/31422546.html

2019臺灣資安產業與IoT發展現況大公開
https://www.ithome.com.tw/news/130936

Synaptics智能SoC晶片 迎接安全AI智慧家庭
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=55&id=0000560017_5pkladvy2yfy1m6l0gz1e

微軟提出開放式語言 IoT Plug and Play,物聯網裝置將可無縫連線雲端
https://buzzorange.com/techorange/2019/05/29/microsoft-keynote-forum-in-computex-2019/

圓民眾無人機攝影夢 台工程師創無人機共享平台
https://ec.ltn.com.tw/article/breakingnews/2805613

「約有 8% 的醫療裝置是假的! 」是時候正視裝置造假所衍生的資安問題了
https://blog.trendmicro.com.tw/?p=60619

【Edvance Beacon 2019】 學習人工智能思考方法 緊急調整企業防禦策略
http://bit.ly/2EKhlbB

産業用IoT導入のためのセキュリティファーストステップ英語版リリース
https://blogs.jpcert.or.jp/ja/2019/04/ICSR_2019-01.html

Your Smart Home is Vulnerable to Cyber Attacks
https://heimdalsecurity.com/blog/smart-home-vulnerable-hacking/

Artificial intelligence, cybersecurity talent top list of hard-to-find skills
https://www.zdnet.com/article/artificial-intelligence-cybersecurity-talent-top-list-of-hard-to-find-skills/#ftag=RSSbaffb68

6.近期資安活動及研討會
 學生資安新手村 相關活動整理  淡江大學場  工作坊  6/1(六) 10:00 - 16:00
 https://forms.gle/aBgGfLUYcvJh7hzk9

 學生資安新手村 相關活動整理  高雄科技大學場 06/02(日) 08:30~18:00
 https://nkust-itc.kktix.cc/events/security-beginner-workshop

 資安新手村-網站照妖鏡 SITCON x NKUST_CSIE & ITC  6/2
 https://nkust-itc.kktix.cc/events/security-beginner-workshop

 PyTorch Tainan x CCNS 聚會 #23  6/2
 https://pytorch-tainan.kktix.cc/events/2019-06-02-m23?fbclid=IwAR1s_n_piEyMN0e8NMHk-jjP97-1mjqI-favSKBAdxAglQ3j1aN17_fMmbk

 【課程】Raspberry Pi 相機 x OpenCV 進階應用:攝影拍照、人臉偵測、影像處理與實作 6/2
 https://www.techbang.com/posts/69830-course-raspberry-pi-camera-x-opencv-photo-photography-face-detection-image-processing-and-application

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 TW BECKS No.2 6/3
 https://becks.kktix.cc/events/20190603

 軟體安全性測試實務 6/3 ~ 6/4
 https://www.accupass.com/event/1904230701335964656400

 c++ array library: xtensor and xtensor-python  6/5
 https://www.meetup.com/pythonhug/events/261778921/?fbclid=IwAR3W1Eo0Xk-ZZLhwSbRuoU_WomifnbLU61G8PgystESPX-tWLGKAosu_n40

 HackingThursday 固定聚會 6/6
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbjb/

 突破困境:資安開源工具之應用分享  6/8
 https://tfc.kktix.cc/events/nomoney-infosec

 Cypherpunks Taiwan 密碼龐克 (5)- 區塊鏈存在證明與抗審查性 & 零知識證明  6/11
 https://www.facebook.com/events/2371184796499787/

 國家高速網路與計算中心教育訓練-源碼檢測實作 6/13
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3828&from_course_list_url=homepage

 HackingThursday 固定聚會  6/13
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbrb/

 React Hooks 實戰會議室 ─ 前端工程師的潮流技能不私藏  6/14
 https://www.facebook.com/events/447646755985628/

 【課程】Julia 資料科學實作,2019年強勢來襲的科學計算語言,集Python、C++、R 各家特色於一身  6/15
 https://www.techbang.com/posts/70251-course-julia-data-science-practice

 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039

 The Artificial Intelligence Conference  6/18
 https://www.facebook.com/events/278255853036175/?event_time_id=360038254857934

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 HackingThursday 固定聚會 6/20
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbbc/

 國家高速網路與計算中心教育訓練-資安健診  6/20
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3832&from_course_list_url=homepage

 Edvance Beacon 2019  6/21
 https://docs.google.com/forms/d/e/1FAIpQLSe70uw8Pi862IkL_rQXDJhzd7QnGXiuhcWwttOEN2BZwUbyMw/viewform

 CCNS 定期聚 — 當 Python 遇上 JIT / PyPy 淺談  6/23
 https://ccns.kktix.cc/events/ccns-pypy-talk?fbclid=IwAR1wa3cZuyNZQv-pGo5Eh3u5uik69nLY1t-sXb2R6wTd9HsrMBw02ybbkJw

 HackingThursday 固定聚會 6/27
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/

 HackingThursday 固定聚會 7/4
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/

 2019國際資訊安全組織台灣高峰會  7/9 ~ 7/11
 https://csa.kktix.cc/events/2019con

 工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
 https://www.accupass.com/event/1904080311551119077841

 HackingThursday 固定聚會 7/11
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/

 HackingThursday 固定聚會 7/18
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/

 HackingThursday 固定聚會 7/25
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/

 CDX2.0推廣活動 - 台南場次  7/26
 https://nchc-cdx.kktix.cc/events/cdxactivity-0726

 資安事故處理實務課程 8/7 ~ 8/8
 http://bit.ly/2VW0Lv9

 DEF CON 27  2019/8/8–8/11
 https://www.defcon.org/

 數位鑑識處理實務 8/14 ~ 8/15
 http://bit.ly/2VW0Lv9

 WEB應用滲透測試 8/21 ~ 8/23
 https://www.accupass.com/event/1904080221358963463590

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 108年資安職能訓練-行動裝置安全(8/29-8/30)
 https://cee.ksu.edu.tw/recruitinfo/1443.html

 CDX2.0推廣活動 - 台北場次 9/10
 https://nchc-cdx.kktix.cc/events/cdxactivity-0910

 TANET 2019 - 臺灣網際網路研討會  9/25
 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310

 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/?fbclid=IwAR2gU17bz0Y7TH8THIIskIX1vziWBpMY152mJiwk7AAeVS752f_eNcZ0NzU

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com









沒有留言:

張貼留言

2024年 12 月份資安、社群活動分享

  2024年 12 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/3 https://www.meetup.com/taiwan-code-camp/e...