資安事件新聞週報 2019/5/6 ~ 2019/5/10
1.重大弱點漏洞/後門/Exploit/Zero Day
八種無線演示系統中的關鍵漏洞
https://www.chainnews.com/articles/111363306365.htm
Dell 預載軟體成為 PC 被駭的後門
https://chinese.engadget.com/2019/05/04/supportassist-dell-vulnerability-windows/
安全研究人員發現戴爾支持助手客戶端存在安全漏洞會引發遠程攻擊
https://www.landiannews.com/archives/58210.html
Office 2016更新臭蟲引發當機,遭微軟緊急撤除
https://www.ithome.com.tw/news/130505?fbclid=IwAR1Q5Dpo1wj_lF95EFYrGqzbb0u9bJu3yG7-UoeARiAB1VAXNAcxQ1Y_zxU
華碩與技嘉的驅動程式遭爆含有權限擴張漏洞
https://0nion.com/article/27466
Jenkins外掛存在安全漏洞,衍生密碼外洩或跨站攻擊風險
https://www.ithome.com.tw/news/130412
Jenkins外掛程序存在安全漏洞,有資料外洩和跨網站攻擊等風險
http://www.twoeggz.com/news/14467228.html
黑客三年來一直向APT組織提供微軟零日漏洞
http://521.li/post/628.html
D-Link雲端監視器含有拍攝畫面可遭攔截及竄改韌體的安全漏洞
https://times.hinet.net/news/22360561
D-Link camera vulnerability allows attackers to tap into the video stream
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/
D-Link DWL-2600AP Upgrade Firmware Command Injection
https://packetstormsecurity.com/files/152771/dlinkdwl2600apuf-exec.txt
D-Link DWL-2600AP Save Configuration Command Injection
https://packetstormsecurity.com/files/152770/dlinkdwl2600apsave-exec.txt
D-Link DWL-2600AP Authenticated OS Command Injection
https://packetstormsecurity.com/files/152725/dlinkdwl2600ap-exec.txt
谷歌Chrome出現漏洞:黑客使用虛假地址欄進行網上誘騙
http://bit.ly/2H1WzWc
Symantec Gateway Security未明遠程DNS緩存中毒漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0817
《CS:GO》存漏洞或遭黑客攻擊,V社出動緊急修復
https://kknews.cc/game/jk9aqe6.html
思科修補Nexus 9000網路交換器重大漏洞
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=30610
Cisco Nexus 9000 Series ACI Mode Switch Software 存在安全性弱點
https://www.us-cert.gov/ncas/current-activity/2019/05/01/Cisco-Releases-Security-Updates
SAP's NetWeaver: New Exploits for Misconfigurations
https://www.bankinfosecurity.com/saps-netweaver-new-exploits-for-misconfigurations-a-12445
Security flaws in 100+ Jenkins plugins put enterprise networks at risk
https://zd.net/2LylO75
Sorubak Login Panel SQL BYPASS
https://www.anquanke.com/vul/id/1593141
Indonesian Government & University Admin weak password
https://www.anquanke.com/vul/id/1593144
CompletaWeb Comunicação Virtual Brazil SQL Injection
https://www.anquanke.com/vul/id/1594160
Instagram Auto Follow SQL Injection
https://www.anquanke.com/vul/id/1594223
獅航空難前一年 波音已知737 MAX警報系統存漏洞
https://hk.news.appledaily.com/international/realtime/article/20190506/59568134
IBM Jazz Reporting Service跨站腳本漏洞 CVE-2018-2004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2004
Checkpoint -- endpoint_security CVE-2019-8454
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-8454
Cisco -- nexus_93108tc-ex_firmware CVE-2019-1804
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-8454
Dhcpcd_project -- dhcpcd CVE-2019-11577
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11577
關注!攻擊者正積極利用Atlassian Confluence和Oracle WebLogic漏洞
http://www.cnetsec.com/article/29702.html
Oracle -- weblogic_server CVE-2019-2725
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2725
Oracle Weblogic Server Deserialization Remote Code Execution
https://packetstormsecurity.com/files/152756/weblogic_deserialize_asyncresponseservice.rb.txt
Oracle WebLogic存在遠端執行程式碼漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail.aspx?lang=zh&seq=1437
Cisco Elastic Services Controller REST API認證繞過漏洞CVE-2019-1867
http://blog.nsfocus.net/cve-2019-1867/
針對網絡安全信息漏洞的報告總結
https://blog.51cto.com/13941676/2391247
New Windows 10 20H1 test build brings Microsoft Search to File Explorer
https://www.zdnet.com/article/new-windows-10-20h1-test-build-brings-microsoft-search-to-file-explorer/#ftag=RSSbaffb68
Alpine Linux Docker images ship a root account with no password
https://www.zdnet.com/article/alpine-linux-docker-images-ship-a-root-account-with-no-password/#ftag=RSSbaffb68
Alphine Linux Docker映像檔,爆出根帳號無密碼登入漏洞
https://www.ithome.com.tw/news/130528
MISP 跨站脚本漏洞 CVE-2019-11812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11812
警惕“俠盜”團伙利用新型漏洞傳播GandCrab勒索“藍屏”變種
https://www.itread01.com/hkycfqq.html
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
新讀卡器攻破AEON提款機 香港地鐵尖東站提款者密碼被盜破財
http://bit.ly/2WrN1t0
超微型讀卡器 攻陷AEON ATM 7客資料被盜製假卡 失20萬
https://hk.news.appledaily.com/local/daily/article/20190504/20670819
AEON櫃員機大漏洞 東歐讀卡黨當提款機
http://bit.ly/2LrNGJR
港銀行晶片技術防盜竊
https://hk.news.appledaily.com/local/daily/article/20190504/20670821
三保加利亞漢被捕 歐洲來港做世界 讀卡盜款黨再現江湖
http://hd.stheadline.com/news/daily/hk/761015/
ATM裝鏡頭盜密碼 3外籍男還押候訊
http://bit.ly/2V5IV8g
警破跨國假卡黨 揭AEON櫃機磁帶漏洞
https://orientaldaily.on.cc/cnt/news/20190504/00176_045.html
【ATM讀卡器】香港金管局:要求銀行檢視櫃員機保安
http://bit.ly/2J1JEWD
全球網路銀行峰會 8日登場
http://bit.ly/2PPOSVQ
星展:新加坡或仿效香港允虛擬銀行
https://www2.hkej.com/instantnews/international/article/2129728
中共稱開放銀保業 卻無時間表
https://www.ntdtv.com/b5/2019/05/03/a102570342.html
一個金融業兩個世界:壽險挑戰大、銀行穩穩賺
https://www.cw.com.tw/article/article.action?id=5095050
銀行公會:綠色金融大勢所趨 港可助海外投資者聯繫亞洲市場
http://bit.ly/2vHfFdR
南山人壽兩頭燒!重啟舊系統須444天配套惹怒工會 保險局強硬要解決案
https://www.ettoday.net/news/20190507/1438555.htm
南山人壽百億「新境界」系統上線8個月 15萬件保單遭自動墊繳或停效
https://ec.ltn.com.tw/article/breakingnews/2781449
保險局促南山提零錯誤方案
http://bit.ly/2H5OXCk
一樣要轉換資訊系統 台壽保證不出包
https://www.chinatimes.com/realtimenews/20190506002560-260410?chdtv
台壽新系統軟體商中科軟 莊中慶:非中資
https://tw.finance.appledaily.com/realtime/20190507/1562396/
台灣人壽核心資訊系統 委中國中科軟(SinoSoft)負責建置
https://ec.ltn.com.tw/article/breakingnews/2781497
約法三章 金管會將與壽險業確認新監理指標
https://rmim.com.tw/news-detail-23046
銀行讓民眾用LINE傳證件 金管會緊盯安控機制
https://money.udn.com/money/story/5613/3799335
LINE傳個資若外洩 銀行恐挨罰
http://bit.ly/2LILHkL
銀行濫用新科技作生意 小心挨罰
https://www.chinatimes.com/realtimenews/20190507001478-260410?chdtv
信用卡小知識!御璽卡、無限卡有啥差別?VISA信用卡等級一篇教你分
https://www.shopback.com.tw/blog/visa-cards-class-levels
3搶2?金管會16日開放純網銀申請 排除金金併規定
http://www.skyqzone.com/article/UzJXRXRGenlvWUE9
情報弱者を狙った銀行…その威光に逆らえない人々の悲劇
https://headlines.yahoo.co.jp/article?a=20190506-00021108-gonline-bus_all
香港上海匯豐銀行有限公司於4月26日發布偽冒電子郵件聲明
https://www.about.hsbc.com.hk/-/media/hong-kong/zh-hk/news-and-media/190426-hsbc-warns-against-phishing-email-chi.pdf
中國銀行香港股份有限公司4月29日發布有關偽冒短訊及詐欺手機銀行登入聲明
https://www.bochk.com/dam/bochk/desktop/top/aboutus/pressrelease2/2019/20190429_01_Press_Release_TC.pdf
香港上海匯豐銀行有限公司於5月2日發布偽冒電子郵件聲明
https://www.about.hsbc.com.hk/-/media/hong-kong/zh-hk/news-and-media/190502-hsbc-warns-against-phishing-email-chi.pdf
《中國監管》網信證券遭證監入駐檢查,此前曾傳出債券業務違約
http://bit.ly/2H52PLD
網信證券危機全面爆發:監管工作組進駐,內控漏洞百出,營收遭自營拖累巨虧逾30億
https://news.sina.com.tw/article/20190508/31215396.html
日本樂天經驗給力 台灣網銀大躍進
https://money.udn.com/money/story/5635/3790251
銀行卡、微信賬號 被買賣的賬戶去哪兒了
https://news.sina.com.tw/article/20190506/31178898.html
安徽摧毀一特大跨境賭博網路,21億元賭資被層層轉賬漂白
https://news.sina.com.tw/article/20190505/31171806.html
[爆卦] 渣打商銀疑似卡號大量外洩
https://www.ptt.cc/bbs/Gossiping/M.1557029750.A.F46.html
偽卡集團盗刷前奏 渣打卡友心驚驚接獲小額刷卡通知
https://tw.finance.appledaily.com/realtime/20190507/1562229/
只刷1元!偽卡團再進化 模擬卡號測盜刷
http://bit.ly/303ZDbM
信用卡側錄駭客已對北美 201 家校園商店進行了攻擊
https://chinese.engadget.com/2019/05/06/card-skimming-hack-targets-campus-stores/
兩名外籍男子涉行使虛假信用卡被採取羈押等強制措施
https://www.gov.mo/zh-hant/news/285597/
Saudi British Bank推出基於Ripple的跨境支付服務
http://bit.ly/2Vd3bFm
新加坡央行擬開放純網銀 相關風控是新課題
https://money.udn.com/money/story/5602/3799439
LINE共同執行長慎重熩首度訪台 宣布加碼投資台灣30億
https://tw.finance.appledaily.com/realtime/20190508/1563178/
防堵刷卡詐騙 金管會盯上ATM預繳卡費
https://udn.com/news/story/7239/3800876
數字鍵大掉色!他一看ATM面板有玄機 「這2字磨光」曝提款密碼…346少人用
https://www.ettoday.net/news/20190509/1440305.htm
ATM機取錢 需注意周圍玩手機之人
https://www.ntdtv.com/b5/2019/05/09/a102574198.html
勞退帳戶忽然被扣錢?新版明細告訴你真相
https://theme.udn.com/theme/story/6774/3802287
國稅局:農漁會改帳號 委託取款繳稅要注意
https://money.udn.com/money/story/6710/3802334
傳香港金管局最快本周多批4牌照 騰訊平保小米阿里有份
http://bit.ly/2YnZlez
執照發放倒數三個月... 三家純網銀戰略揭密
https://udn.com/news/story/7239/3802934
臺灣網路金融犯罪手法追查細節大公開,偵九隊建議銀行KYC安全驗證應納入數位資訊來防範
https://www.ithome.com.tw/news/130538
台灣純網銀 營運模式成關鍵
http://bit.ly/2VqnS5C
香港金融管理局(金管局)5月9日宣布螞蟻商家服務(香港)有限公司、貽豐有限公司、洞見金融科技有限公司及平安壹賬通有限公司授予銀行牌照以經營虛擬銀行
https://www.hkma.gov.hk/chi/key-information/press-releases/2019/20190509-3.shtml
不只15萬張保單停效!南山再爆6萬件信用卡扣錯帳
http://bit.ly/2LzLnEK
美司法部起訴2名中國駭客 涉嫌竊盜Anthem保險公司數據
https://www.cmoney.tw/notes/note-detail.aspx?nid=170098
中國駭客盜竊保險公司數據 遭美司法部起訴
https://ec.ltn.com.tw/article/breakingnews/2785595
竊美保險企業近8000萬人個資 中國駭客遭美起訴
http://bit.ly/2Yfj2Vu
US charges one of the Anthem hackers
https://www.zdnet.com/article/us-charges-one-of-the-anthem-hackers/#ftag=RSSbaffb68
Card skimming hack targets 201 campus stores in North America
https://www.engadget.com/2019/05/06/card-skimming-hack-targets-campus-stores/
Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada
http://bit.ly/2YigPIS
Cyber Insurance: Assessing the Need
https://www.bankinfosecurity.asia/cyber-insurance-assessing-need-a-12444
Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites
http://bit.ly/2Hfc6AS
Researchers expose mass credit card stealing campaign
https://www.zdnet.com/article/researchers-expose-mass-credit-card-stealing-campaign/#ftag=RSSbaffb68
New Skimmer Attack Steals Data From Over 100 Ecommerce Sites
https://www.bankinfosecurity.com/new-skimmer-attack-steals-data-from-over-100-ecommerce-sites-a-12465
1111人力銀行:郵局招考3.4萬人報名 332名碩博士進複試
http://n.yam.com/Article/20190504224591
金融監督管理委員會保險局聘用助理研究員2名徵才公告
http://bit.ly/2Jiw6Fr
銀行鐵飯碗來了!台企銀徵才224名 行員起薪3萬3600元
https://www.ettoday.net/news/20190508/1439723.htm
3.電子支付/電子票證/行動支付/ pay/新聞及資安
台灣Pay清算平台 兩階段搭建
http://bit.ly/2H8sKDz
搶行動支付市場 3大系統火併
https://www.chinatimes.com/newspapers/20190506000678-260113?chdtv
手機支付真的安全?斷開駭客靠「它」完整加密
https://tw.news.appledaily.com/life/realtime/20190507/1562034/
Apple Pay、Google Pay獲英政府採用 可作交簽證費用
http://bit.ly/2H4IF5U
電子支付「翻倍成長」!今年3月用戶數逼近5百萬人
https://ec.ltn.com.tw/article/breakingnews/2778781
香港政府2020年推「eID」數碼個人身份 日後可預約門診、支付診金
http://bit.ly/2Wsr4Ko
洽談中國與獅城公司 Sarawak Pay或通行國外
https://eunited.com.my/222413/
香港金管局﹕轉數快下一階段為個人與商戶間交易
http://bit.ly/2J72ATY
CURRENCY.COM推出全新手機應用程式並擴大香港證券交易市場
http://www.businesswirechina.com/hk/news/40489.html
賭場2.0沒現金 金流都在App
https://udn.com/news/story/11315/3793884
關于5月11-12日個人電子銀行、電子支付、中銀開放平臺等系統升級的公告
http://www.boc.cn/big5/ebanking/bi2/201905/t20190509_15237057.html
臉書打造WhatsApp支付服務 倫敦成立發展中心
https://m.ctee.com.tw/livenews/gj/8256c34a-fb44-438e-88b6-908e22f660c3
中國大陸行動支付普及率達86%
http://ieknet.iek.org.tw/ieknews/news_more.aspx?actiontype=ieknews&indu_idno=10&nsl_id=77da117e1588454da748d0f2371080f8
2019中國移動支付報告出爐,北京排第三
https://kknews.cc/tech/vrrz242.html
能挽回頹勢?金管會修法「電子支付大整合」
https://cnews.com.tw/1340508a03/
印度電子支付公司Paytm 整個跨境部門離職
https://readhub.cn/topic/7MuAl52Z596
印度行動支付龍頭Paytm計畫海外擴張 瞄準日本、加拿大
http://bit.ly/2JvO5sf
EFT Payments「免租」拓聚合支付
https://hk.on.cc/hk/bkn/cnt/finance/20190509/bkn-20190509000102860-0509_00842_001.html
Google Play將增加線上訂購 實體鄰近商店現金付款的延付交易功能
https://www.cool3c.com/article/143551
5.虛擬貨幣/區塊鍊 新聞及資安
攻擊者通過部分支付漏洞從BitoPro交易所撤回了700萬XRP
http://bit.ly/2VPIBPq
幣安遭駭客大規模攻擊 7000枚比特幣被竊
https://ec.ltn.com.tw/article/breakingnews/2783103
幣安伺服器現保安漏洞 遭黑客盜取7000個比特幣
http://bit.ly/2PRL32G
幣安又被盜,你還相信交易所嗎
http://bit.ly/2H9kN0L
全球最大加密幣平台 遇竊損失料逾3億
http://bit.ly/2DU7M9q
幣安創辦人 CZ 在駭客事件後的首次 AMA 重點整理
https://zombit.info/after-binance-hacked-cz-ama/
比特幣行情回來了,幣安卻遭駭客攻擊損失逾12億元
http://bit.ly/2H7BaLn
加密貨幣再遭駭 被竊走4100萬美元
https://cnnews.rti.org.tw/news/view/id/2020052
交易所、帳號託管系統、個人用戶」——幣安遭駭可能的安全漏洞
https://www.blocktempo.com/binance-hacked-information-technology-security/
虛擬貨幣交易所幣安遭駭!被盜走7000枚比特幣損失逾12億
https://tw.finance.appledaily.com/realtime/20190508/1563279/
幣安交易所在今天凌晨遭駭客攻擊!損失 7,074 顆比特幣,價值 12 億台幣
https://www.blocktempo.com/binance_being_hacked_7074bitcoin/
幣安被盜的7074枚BTC,已被駭客轉移至7個主要新地址
https://news.sina.com.tw/article/20190509/31224796.html
四大網絡安全機構會診“幣安案”:一場蓄謀已久的攻擊
https://pttnews.cc/8deee2dec8
幣安交易所比特幣被竊漏洞分析
https://www.itread01.com/hkyhklyf.html
幣安被盜BTC被駭客分散至20個主要地址,目前尚未擴散
https://life.tw/?app=view&no=931090
去中心化銀行 MakerDAO 近況更新:穩定費將調漲至 19.5%;計畫用多種密碼貨幣抵押債務
https://blocktempo.com/5-5-maker-dao-current-status/
新加坡金融管理局認可區塊鏈中的跨境支付潛力 但不看好銀行零售
https://news.cnyes.com/news/id/4313532
加拿大與新加坡兩國中央銀行聯手,用「央行數字貨幣」完成「區塊鏈上的跨境支付」
https://blocktempo.com/central-banks-of-canada-and-singapore-conduct-successful-experiment-for-cross-border-payments/
新加坡和加拿大央行完成首個跨境區塊鏈支付
https://news.sina.com.tw/article/20190505/31172814.html
〈區塊鏈大應用〉兩大中央銀行首次運用區塊鏈技術進行跨境支付
https://fnc.ebc.net.tw/FncNews/else/78907
「股神」落伍了?加密社群駁斥巴菲特的「比特幣無用論」
http://news.knowing.asia/news/00f17248-36df-4c74-b03e-456f9863baa9
區塊鏈的最佳應用?韓國各大銀行皆開始接觸這項技術
http://news.knowing.asia/news/b0cc2208-3803-48b1-aea4-489615a0ad29
傳 Facebook 同 Visa、Mastercard 商討建構虛擬貨幣支付系統
https://unwire.hk/2019/05/04/facebookvirtualcurrency/life-tech/epayment/
揮軍電子商務!臉書將推加密貨幣力抗Paypal、ApplePay
http://bit.ly/2Wu3eOa
Tron(TRX)區塊鍊的嚴重漏洞可能引發大規模崩潰
https://0xzx.com/20190507135560587.html
比特幣通貨膨脹漏洞仍然存在,60%的比特幣全節點恐受其影響
http://news.knowing.asia/news/08b341ab-537e-4b21-9e70-afd6c7961dc0
回顧CVE-2018-17144:Bitcoin Core通脹漏洞
https://www.chainnode.com/post/321072
CyberCriminals通過Confluence軟件漏洞利用數字貨幣挖礦惡意軟件
https://0xzx.com/20190508034661422.html
趨勢科技:網絡犯罪分子利用Confluence軟件漏洞挖掘XMR
https://www.tuoluocaijing.com.tw/kuaixun/detail-62450.html
證券型代幣帶給台灣的好處
http://bit.ly/2H6z1ys
區塊鏈人才決裂危機
https://www.chinatimes.com/opinion/20190508004286-262104?chdtv
「比特幣耶穌」攜手RAPIDZ在台推比特幣現金支付
https://money.udn.com/money/story/10860/3801262
新華每日電訊:區塊鏈有望像行動支付一樣普及
https://news.sina.com.tw/article/20190510/31240284.html
Singapore, Canada complete blockchain trial for cross-border payments
https://www.zdnet.com/article/singapore-canada-complete-blockchain-trial-for-cross-border-payments/#ftag=RSSbaffb68
TRON critical security flaw could break the entire blockchain
https://www.zdnet.com/article/tron-critical-security-flaw-could-break-the-entire-blockchain/#ftag=RSSbaffb68
Hackers steal $41 million from cryptocurrency exchange Binance
https://www.zdnet.com/article/hackers-steal-41-million-from-cryptocurrency-exchange-binance/#ftag=RSSbaffb68
OneCoin ‘CryptoQueen’ sued over alleged $4bn cryptocurrency Ponzi scheme
https://www.zdnet.com/article/onecoin-leaders-sued-over-alleged-operation-of-4-billion-ponzi-scheme/#ftag=RSSbaffb68
Two crypto-mining groups are fighting a turf war over unsecured Linux servers
https://www.zdnet.com/article/two-crypto-mining-groups-are-fighting-a-turf-war-over-unsecured-linux-servers/#ftag=RSSbaffb68
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / APT
中勒索病毒? 基隆市政府官網掛了緊急搶修中
https://udn.com/news/story/7328/3794221
基市府網站被駭掛點3天 民眾個資未外洩
https://m.ltn.com.tw/news/life/breakingnews/2781908
基隆市府網站被勒索病毒入侵掛點3天 議員憂機密被盜
https://udn.com/news/story/6656/3797980
基隆市府官網遭不明病毒攻擊入侵
https://www.nownews.com/news/20190507/3366262/
當心!網路病毒新變種 能入侵醫院竄改患者病歷導致醫生誤判
https://cnews.com.tw/134190505a01/
恐藏黑客軟件 蘋果動新聞播毒 侵用家私隱洩密
http://bit.ly/2DQBjRs
強國公司指《蘋果》app有木馬程式 曾獲習大大讚係「國家隊」
https://hk.news.appledaily.com/local/realtime/article/20190504/59563396
中國國家互聯網應急中心開通WannaCry勒索病毒感染數據免費查詢服務
https://news.sina.com.tw/article/20190504/31166526.html
黑客正在利用Oracle WebLogic漏洞傳播勒索軟件
https://www.linuxidc.com/Linux/2019-05/158457.htm
貌似空白的 excel 工作表,開啟前注意三件事,嚴防內嵌AutoHotkey惡意腳本攻擊
https://blog.trendmicro.com.tw/?p=60293
華碩軟體更新伺服器竟成惡意後門派送幫兇
https://www.ithome.com.tw/news/130415
XWO:一款掃描互聯網漏洞的惡意軟件
https://www.chainnews.com/articles/949513062750.htm
美國又有兩個地方政府感染了勒索軟體
https://www.ithome.com.tw/news/130503?fbclid=IwAR1bMCIaEEmebDaHR1pgIXowT6_pTSS5ltKTdnDsvJfq8wwwY0vZqti9W3U
研究人員揭露可長期蟄伏於微軟Exchange Server的後門程式
https://www.ithome.com.tw/news/130532
醫療格式漏洞讓駭客可以將惡意軟體藏在醫療影像檔中
https://blog.trendmicro.com.tw/?p=60537
惡意軟件也有漏洞,Mirai C2奔潰分析
https://www.4hou.com/vulnerable/17912.html
提防 Sodinokibi 勒索軟件的來襲
https://www.hkcert.org/my_url/zh/blog/19043002
警惕“俠盜”團伙利用新型漏洞傳播GandCrab勒索“藍屏”變種
https://www.itread01.com/hkycfqq.html
Hacker takes over 29 IoT botnets
https://www.zdnet.com/article/hacker-takes-over-29-iot-botnets/#ftag=RSSbaffb68
Japanese government to create and maintain defensive malware
https://www.zdnet.com/article/japanese-government-to-create-and-maintain-defensive-malware/#ftag=RSSbaffb68
This Week in Security News: BEC Attacks and Botnet Malware
https://blog.trendmicro.com/this-week-in-security-news-bec-attacks-and-botnet-malware/
Surge of MegaCortex ransomware attacks detected
https://www.zdnet.com/article/sudden-surge-of-megacortex-ransomware-infections-detected/#ftag=RSSbaffb68
Retefe Banking Trojan resurfaces in the threat landscape with innovations
https://securityaffairs.co/wordpress/84967/malware/retefe-banking-trojan-resurfaces.html
2019: The Return of Retefe
https://www.proofpoint.com/us/threat-insight/post/2019-return-retefe
Hacker Compromised Several IoT Botnet C2 Servers and Taken Control of It Due to Weak Credentials
https://gbhackers.com/29-iot-botnet-c2-servers/
Hackers Launching Qakbot Malware to Steal Login Credentials and Wipe the Bank Accounts
https://gbhackers.com/qakbot-malware-to-steal-login-credential/
Russian cyberspies are using one hell of a clever Microsoft Exchange backdoor
https://www.zdnet.com/article/russian-cyberspies-are-using-one-hell-of-a-clever-microsoft-exchange-backdoor/#ftag=RSSbaffb68
TURLA LIGHTNEURON One email away from remote code execution
https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf
Most of the servers at City of Baltimore shut down after ransomware attack
http://bit.ly/2VPpViL
Baltimore Recovering From Second Ransomware Attack
https://www.bankinfosecurity.com/baltimore-recovering-from-second-ransomware-attack-a-12461
Researchers: Spies Exploit Microsoft Exchange Backdoor
https://www.bankinfosecurity.com/researchers-spies-exploit-microsoft-exchange-backdoor-a-12459
Japanese government to create and maintain defensive malware
https://www.zdnet.com/article/japanese-government-to-create-and-maintain-defensive-malware/
This ransomware sneakily infects victims by disguising itself with anti-virus software
https://zd.net/2YkkE0b
Crime Gang Advertises Stolen 'Anti-Virus Source Code'
https://www.bankinfosecurity.com/crime-gang-advertises-stolen-anti-virus-source-code-a-12463
Malware Knocks Out Accounting Software Giant Wolters Kluwer
https://www.bankinfosecurity.com/malware-knocks-out-accounting-software-giant-wolters-kluwer-a-12462
CB TAU Threat Intelligence Notification: Danabot Trojan Targets Financial Services Industry via Stolen Credentials
https://www.carbonblack.com/2019/04/16/cb-tau-threat-intelligence-notification-danabot-trojan-targets-financial-services-industry-via-stolen-credentials/
Danabot Trojan Targets Financial Services Industry via Stolen Credentials - Additional IOCs
https://brica.de/alerts/alert/public/1258533/danabot-trojan-targets-financial-services-industry-via-stolen-credentials-additional-iocs/
Any.Run: DanaBot Banking Trojan Demonstration - Additional IOCs
https://brica.de/alerts/alert/public/1258518/anyrun-danabot-banking-trojan-demonstration-additional-iocs/
South Africa Has Second Most Android Banking Malware Attacks As Cyber Crime Increases
https://www.forbes.com/sites/tobyshapshak/2019/05/09/south-africa-has-second-most-android-banking-malware-attacks-as-cyber-crime-increases/#6d6f09015d77
Dharma Ransomware Uses AV Tool to Distract from Malicious Activities
https://blog.trendmicro.com/trendlabs-security-intelligence/dharma-ransomware-uses-av-tool-to-distract-from-malicious-activities/
CVE-2019-3396 Redux: Confluence Vulnerability Exploited to Deliver Cryptocurrency Miner With Rootkit
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-3396-redux-confluence-vulnerability-exploited-to-deliver-cryptocurrency-miner-with-rootkit/
B.行動安全 / iPhone / Android /穿戴裝置 /App
KeenLab 安全團隊攻破 iOS 12.2 防護,展示 iPhone XS Max 越獄
https://mrmad.com.tw/keen-lab-ios-122-jailbreak
一代「交友神器」關閉! BeeTalk宣布停止營運
http://bit.ly/2WuR33I
爆料:三星Note 10傳具「超過25W」的快充技術
https://tw.lifestyle.appledaily.com/gadget/realtime/20190507/1562397/
Google I/O明登場 Android Q更重隱私
https://tw.lifestyle.appledaily.com/gadget/realtime/20190507/1561473/
Apple 自 App Store 中移除多支濫用企業布署機制的 App
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=848
iOS 12.3 程式碼顯示系統將支援更多種類的大眾運輸付費方式
https://chinese.engadget.com/2019/05/06/ios-12-3-emv-mass-transit/
不只西瓜卡, iOS 12.3 編碼暗示「交通卡」功能將支援更多類型卡片
https://www.kocpc.com.tw/archives/257469
iOS 13將借鏡更多第三方App功能 5G連網要等明年
https://www.sogi.com.tw/articles/apple_ios13/6252810
代號Yukon的iOS 13將會帶來更多「借鏡」第三方app功能,5G連網功能要等明年
https://mashdigi.com/ios-13-functions-leaked/
網絡安全﹕防毒手機App 不防毒反招黑客
http://bit.ly/2Wul6IY
內藏詐騙廣告機制,中國大型開發者 App 遭 Google 大批移除
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=846
Android Q釋出第三測試版,裝置將透過Google Play直接更新作業系統元件
http://bit.ly/2PW42Ja
蓬佩奧指華希望西方聯盟分化 美促英審慎應對中國助建5G
http://www.mingpaocanada.com/Tor/htm/News/20190509/tcba1_r.htm
布拉格5G網路會議 籲注意供應鏈安全性
http://bit.ly/2YazAOx
國際通訊安全會議 華為等恐難符合5G準則條件
https://m.ctee.com.tw/livenews/gj/a95624002019050323063553
Ericsson: 5G can boost enterprise revenue, but security controversy slowing down industry
https://zd.net/2YfqqQN
Singapore seeks public consult on 5G policies, deployment
https://www.zdnet.com/article/singapore-seeks-public-consult-on-5g-policies-deployment/#ftag=RSSbaffb68
Google I/O: 14 Android OS modules to get over-the-air security updates in real-time
https://www.zdnet.com/article/google-io-14-android-os-modules-to-get-over-the-air-security-updates-in-real-time/#ftag=RSSbaffb68
Unpatched Flaw in UC Browser Apps Could Let Hackers Launch Phishing Attacks
http://bit.ly/2LzYwgZ
C.事件 / 駭客 / DDOS / APT / 暗網/徵才 / 國際資安事件
2019年4月十大資安新聞
https://ithome.com.tw/news/130390
數位時代下的多層次防禦
http://bit.ly/2VfEfNv
學者看資安議題將打長久戰 反有利台商回流
https://news.cnyes.com/news/id/4313572
【提升軟體更新服務的安全層級,不讓駭客有機可趁】從開發到更新的流程,都要落實安全
https://www.ithome.com.tw/news/130419
更新下載伺服器遭濫用事件頻傳,防禦思維也需要跟著轉變
https://www.ithome.com.tw/news/130417
3分鐘癱瘓阿里網站 他被封為馬雲守護神
https://money.udn.com/money/story/5604/3800494
威盛判賠上億元 防駭晶片助中共監控
http://bit.ly/2PUV9Q9
威盛晶片風暴!曾遭控留後門洩個資 瑕疵晶片遭判賠上億
https://www.ettoday.net/news/20190508/1439409.htm
大連駭客攻破網站漏洞 硬碟藏近億條個人訊息
https://www.chinatimes.com/realtimenews/20190508004367-260409?chdtv
PeckShield:波場已修復「DDoS攻擊消耗CPU能力」的漏洞
http://news.pchome.com.tw/living/knowing/20190507/index-55718192036009229009.html
駭客盜用女主持社群媒體帳號,索內衣照和轉帳 5人中招
http://bit.ly/2Lu630L
靠五月天門票牟利 駭客落網拓元發聲明談補強
https://ent.ltn.com.tw/news/breakingnews/2782845
五月天門票太熱門引駭客 改資料搶票一場爆賺4百萬元
https://news.ltn.com.tw/news/society/breakingnews/2781091
偵破五月天演唱會售票系統遭駭客入侵
https://times.hinet.net/news/22360973
黃牛科技化! 駭網站後台月賺400萬
http://bit.ly/2ZYlxNM
拓元售票系統遭駭 估60多場演唱會受害
https://www.ttv.com.tw/news/view/10805060016600N/579
五月天演唱會駭客入侵系統劫票 掃551票歌迷傷心打爆客服
https://www.ettoday.net/news/20190506/1438184.htm
五月天演唱會售票系統遭入侵 警方破駭客搶票集團
http://bit.ly/2vGg2W3
炒賣五月天黃牛票獲利逾400萬 4人駭客集團依詐欺等罪送辦
http://bit.ly/2WoNxrO
黃牛科技化! 駭網站後台月賺400萬
http://bit.ly/2ZYlxNM
撈408萬! 黃牛變駭客搶票 粉絲打爆客服
http://bit.ly/2POZzYQ
微軟旗下雲端郵件駭侵事件,主要攻擊用戶加密貨幣錢包
https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=905
GitHub等代碼庫遭黑客入侵 僅索要566美元
https://news.sina.com.tw/article/20190505/31171636.html
微軟中槍,GitHub 數百程式碼被駭客移除用於勒索
http://technews.tw/2019/05/06/github-got-hacked/
GitHub 遭駭客攻擊!勒索交出比特幣贖金,不然就公開你的私有程式碼
https://buzzorange.com/techorange/2019/05/06/hacker-attacked-github/
為什麼改年號「令和」,竟然成了日本程式設計師的魔咒
https://technews.tw/2019/05/05/reiwa-japan-engineer-curse/
加拿大渥太華市東安省兒童醫院(CHEO)網路安全威脅增加
http://www.epochtimes.com/b5/19/5/3/n11232396.htm
俄羅斯總統蒲亭簽建俄版網路長城 遭疑監控
http://bit.ly/2H2WWzP
美國防部:中共靠間諜手段獲軍事技術
https://www.ntdtv.com/b5/2019/05/05/a102571580.html
美國會報告揭監管漏洞:中國企業多渠道轉移尖端技術
https://hk.news.appledaily.com/china/realtime/article/20190507/59572930
美國FBI 聯手歐洲破獲全球最大網路黑市平台 「華爾街市場」擁逾百萬帳戶
http://bit.ly/2J2BFsd
國際警方聯手破獲全球第二大暗網市集
https://www.ithome.com.tw/news/130420
全球次大違禁品「暗網」遭查封客戶逾百萬 毒品假文件有售
http://www.mingpaocanada.com/Tor/htm/News/20190504/ttaa1_r.htm
Europol Shuts Down Two Major Illegal 'Dark Web' Trading Platforms
http://bit.ly/2DNpX0z
Darknet Disruption: 'Wall Street Market' Closed for Business
https://www.bankinfosecurity.com/darknet-disruption-wall-street-market-closed-for-business-a-12446
智財權、網路盜竊議題 難與中國談判
https://ec.ltn.com.tw/article/breakingnews/2779091
中國網路盜竊談判 恐難有具體結果
https://ec.ltn.com.tw/article/paper/1286106
中國竊取技術6大招曝光!美報告:多數獲得北京支持
https://ec.ltn.com.tw/article/breakingnews/2782107
美USCC新報告 揭中共竊取技術6大招
http://www.epochtimes.com/b5/19/5/7/n11239933.htm
中國政府人臉辨識爆資安漏洞 北京使館區中鏢
https://m.ltn.com.tw/news/world/paper/1286561
中國「安天」獲習授「國家隊」封號
https://hk.news.appledaily.com/local/daily/article/20190505/20671235
鑽美國安局駭客工具漏洞 中國間諜發動攻擊
http://bit.ly/2JmKzQP
改造美國安局駭客工具 中國間諜攻擊占上風
https://money.udn.com/money/story/5599/3798294
中國駭客如何利用美國的網路武器庫
https://cn.nytimes.com/usa/20190507/china-hacking-cyber/zh-hant/
美國安局間諜軟體被竊
http://city.udn.com/65396/5964416
以子之矛 陸駭客截取國安局網攻大陸工具 反駭美國
https://www.ettoday.net/news/20190507/1438945.htm
美國安局駭客工具 遭中國破解
https://m.ltn.com.tw/news/world/paper/1287103
中國駭客「俘虜」美國安局軟體 借刀殺人反駭歐亞網站
https://udn.com/news/story/6809/3798866?from=udn-ch1_breaknews-1-cate5-news
中國駭客曾竊取美國安局軟體 對西歐、東南亞發起網攻
https://news.ltn.com.tw/news/world/breakingnews/2782710
中國駭客「俘虜」美國安局軟體 借刀殺人反駭歐亞網站
https://six-degrees.io/article/810648-41
俄媒:中國網際網路「鐵幕」威脅俄羅斯
https://www.secretchina.com/news/b5/2019/05/04/892475.html
南海欲經營軟體出版 官員:一股中資都不能有
https://ec.ltn.com.tw/article/paper/1287076
武力反擊網路攻擊!以色列直接空襲摧毀哈瑪斯網軍基地
https://technews.tw/2019/05/07/israel-air-strike-to-%E1%B8%A5amas-cyberattack/
網路戰奏捷 美明年大選續盯中俄4國
https://news.ltn.com.tw/news/world/paper/1287369
FCC以國家安全為由 否絕「中國移動」進入美市場
https://ec.ltn.com.tw/article/breakingnews/2785645
美司法部起訴兩名大陸駭客 痛批該駭客組織無恥
http://m.match.net.tw/pc/news/international/20190510/4890408
DeepDotWeb Dark web resource dies with FBI seizure
https://zd.net/2H6XZyK
New Cyber Agency to Battle Against Hackers
https://www.bankinfosecurity.asia/blogs/new-cyber-agency-to-battle-against-hackers-p-2743
A hacker is wiping Git repositories and asking for a ransom
https://www.zdnet.com/article/a-hacker-is-wiping-git-repositories-and-asking-for-a-ransom/#ftag=RSSbaffb68
Drug Lab Cyberattack Puts Spotlight on IP Theft Threat
https://www.bankinfosecurity.com/drug-lab-cyberattack-puts-spotlight-on-ip-theft-threat-a-12448
Israel Neutralizes Cyber Attack by Blowing Up A Building With Hackers
http://bit.ly/2Va39y0
賽門鐵克:網路間諜組織Buckeye在影子掮客之前就利用了NSA的攻擊工具
https://www.ithome.com.tw/news/130477
APT3 surprise -Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak
https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit
Artificial Intelligence in Cyber Security – Cyber Attacks and Defence Approach
https://gbhackers.com/artificial-intelligence-in-cyber-security/
Cybersecurity Drives Intelligence Agencies in From the Cold
https://www.bankinfosecurity.com/blogs/cybersecurity-drives-intelligence-agencies-in-from-cold-p-2742
APT34- Despite Doxing, OilRig APT Group Remains a Threat
https://www.bankinfosecurity.com/despite-doxing-oilrig-apt-group-remains-threat-a-12449
A MYSTERIOUS HACKER GROUP IS ON A SUPPLY CHAIN HIJACKING SPREE
https://www.wired.com/story/barium-supply-chain-hackers/
Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them
http://bit.ly/2LuTZfU
Chinese hackers were using NSA malware a year before Shadow Brokers leak
https://www.zdnet.com/article/chinese-hackers-were-using-nsa-malware-a-year-before-shadow-brokers-leak/#ftag=RSSbaffb68
Researchers: Chinese APT group used stolen NSA tools prior to Shadow Brokers leak
http://bit.ly/2VaLCWn
Report: Chinese Hackers First to Use NSA Cyberattack Tools
https://www.bankinfosecurity.com/report-chinese-hackers-first-to-use-nsa-cyberattack-tools-a-12452
JavaScript Sniffer Attacks: More Online Stores Targeted
https://www.bankinfosecurity.com/javascript-sniffer-attacks-more-online-stores-targeted-a-12453
New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web
https://www.zdnet.com/article/new-leaks-of-iranian-cyber-espionage-operations-hit-telegram-and-the-dark-web/#ftag=RSSbaffb68
Zero-power listening device for voice activated remote
https://www.zdnet.com/article/zero-power-listening-device-enables-voice-activated-remote/#ftag=RSSbaffb68
DeepDotWeb Dark web resource dies with FBI seizure
https://www.zdnet.com/article/deepdotweb-dies-with-fbi-seizure/#ftag=RSSbaffb68
CIA camps out in anonymized Tor network
https://www.zdnet.com/article/cia-camps-out-in-anonymized-tor-network/#ftag=RSSbaffb68
FBI Shutters DeepDotWeb Portal; Suspected Admins Arrested
https://www.bankinfosecurity.com/fbi-shutters-deepdotweb-portal-suspected-admins-arrested-a-12457
Hackers attack Confluence Servers, hijack power for cryptocurrency mining
https://www.zdnet.com/article/confluence-server-vulnerability-exploited-to-spread-cryptocurrency-mining-malware/#ftag=RSSbaffb68
China Publishes More Scientific Articles Than the U.S.
http://bit.ly/2WxFJnF
Hackers breached 3 US antivirus companies, researchers reveal
http://bit.ly/2VvjcLB
Mozilla offers research grant for a way to embed Tor inside Firefox
https://www.zdnet.com/article/mozilla-offers-research-grant-for-a-way-to-embed-tor-inside-firefox/#ftag=RSSbaffb68
INSIDE CHINA'S MASSIVE SURVEILLANCE OPERATION
https://www.wired.com/story/inside-chinas-massive-surveillance-operation/
資安顧問
https://www.104.com.tw/job/?jobno=6lk00
資訊安全工程師(防毒)(銀行)-208KC
https://www.manpower.com.tw/product/558
資安技術人員/資安服務工程師
https://www.104.com.tw/job/?jobno=6lpp7
【資安所】智慧雲端平台中心-資安技術工程師
https://www.104.com.tw/job/?jobno=6lqzm
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
打擊假訊息!華視創台灣電視之先與台灣事實查核中心共組《華視打假特攻隊》
https://news.cts.com.tw/cts/general/201905/201905061960231.html
駭客釣魚新招 偽造網址列竊取個資
http://bit.ly/2vKSPCd
Samsung 內部數據不設防,涉及源代碼、密碼和員工資料
https://chinese.engadget.com/2019/05/08/samsung-exposed-source-code-gitlab/
假訊息:網「紅」大戰
https://talk.ltn.com.tw/article/paper/1286269
母親節抽新車 BMW盜版粉專詐騙新招!4萬人已分享
http://bit.ly/2H3d4Bk
安徽市民銀行卡被異地盜刷1.3萬 銀行被判全額賠償
https://news.sina.com.tw/article/20190505/31170794.html
詐團盜型男照弄山寨網站 17中國女遊台不成還破財
https://news.ltn.com.tw/news/society/breakingnews/2778789
銀行行員機警通報,內湖警成功攔阻假美軍詐騙
https://www.gov.taipei/News_Content.aspx?n=F0DDAF49B89E9413&s=14595E8A3BDBB061
中統一發票開心傳臉書 竟被人用財政部APP領走獎金
https://tw.news.appledaily.com/new/realtime/20190506/1562252/
離譜首例 fb曬中獎發票 被兌獎App盜領千元
https://tw.news.appledaily.com/headline/daily/20190507/38329479/
隨意銷售用戶位置,美國四大電信業者面臨集體訴訟
https://www.ithome.com.tw/news/130440?fbclid=IwAR1GmyfasfOs6Z3KYXHCOtwcZ3C8OgHHoSeWQdTamwhbZiSvIY1BvPKNUPw
三方詐騙!網紅巧巧遭騙10萬還險成詐騙集團
https://news.ebc.net.tw/News/society/162654
亞洲波神捲詐欺 巧巧成三方詐騙被害
http://bit.ly/2Y9Rr8b
以辦信用卡為幌子誆騙錢財,天津公安寶坻分局跨省抓獲網絡詐騙團伙
http://www.sohu.com/a/311787284_571524
「5萬港幣」就可競標港法拍屋 花蓮女險遭詐
https://tw.appledaily.com/new/realtime/20190503/1560813/
網路代銷爆惡性倒閉 宣稱「狂賣29萬包滴雞精」誘供貨 倒帳數百萬
https://tw.appledaily.com/headline/daily/20190507/38329472/
假公安機房裝成工程行 銀行女行員也被騙2300萬
https://www.ettoday.net/news/20190507/1439025.htm
詐騙集團租透天厝隔小機房 專騙中國人得手5千萬
https://tw.news.appledaily.com/new/realtime/20190507/1562786/
驚!冰與火之歌 竟引發系列惡意詐騙
http://bit.ly/2LrCDQN
Check Point:駭客利用《權力遊戲》引發一系列惡意詐騙活動
https://technews.tw/2019/05/08/check-point-hacker-use-game-of-thrones-fraud/
歐洲議會大選 兩億人收到俄製假新聞
https://news.ltn.com.tw/news/world/paper/1287368
財經碩士女涉盜卡網購上百筆 檢警通緝驚見她在飯店當櫃台
https://www.ettoday.net/news/20190508/1439655.htm
星國會通過打擊假新聞法 谷歌憂阻礙創新
https://www.rti.org.tw/news/view/id/2020159
英國國稅局蒐集聲紋違反GDPR,將刪除5百萬筆民眾紀錄
https://www.ithome.com.tw/news/130416?fbclid=IwAR3ThV3dqQJQaD7nMpXDq0cZgxuJYZRg4awzD4scVoqNsUyLwRfKYf6W_qw
【假LINE】金融機構出生國家欄位改為TW就是台灣國?謠言曲解
https://www.mygopen.com/2019/05/tw-bank.html
一直按「取消」和「關閉」彈跳視窗都關不掉! 新技術支援詐騙利用iframe 凍結瀏覽器
https://blog.trendmicro.com.tw/?p=60575
承包商來催款,才驚覺175萬美元都匯給假廠商
https://blog.trendmicro.com.tw/?p=60565
詐騙集團慶祝母親節,瘋傳「Dyson 抽獎」「櫻桃小丸子貼圖」、中油「加油券」,別上當! 詐騙難以分辨,不小心點了連結會怎樣
https://blog.trendmicro.com.tw/?p=60267
Avengers: Endgame Download Phishing Scam
http://bit.ly/2PVmCkF
Once infamous for fake news factories, this Balkan country is trying to reinvent itself
https://www.zdnet.com/article/once-infamous-for-fake-news-factories-this-balkan-country-is-trying-to-reinvent-itself/#ftag=RSSbaffb68
Are Your Passwords Secure Enough
https://blog.trendmicro.com/are-your-passwords-secure-enough/
Malvertiser behind 100+ million bad ads arrested and extradited to the US
https://www.zdnet.com/article/malvertiser-behind-100-million-bad-ads-arrested-and-extradited-to-the-us/#ftag=RSSbaffb68
Ukrainian National Charged in Malvertising, Botnet Scheme
https://www.bankinfosecurity.com/ukrainian-national-charged-in-malvertising-botnet-scheme-a-12450
Popular Online Tutoring Marketplace 'Wyzant' Suffers Data Breach
http://bit.ly/2LvoXEx
Israel Neutralizes Cyber Attack by Blowing Up A Building With Hackers
http://bit.ly/2PViHV5
Wyzant online tutoring platform suffers data breach
https://www.zdnet.com/article/wyzant-online-tutoring-platform-suffers-data-breach/#ftag=RSSbaffb68
Facebook wipes out more Russian political activity, ‘inauthentic’ accounts
https://www.zdnet.com/article/facebook-wipes-out-more-russian-political-activity-inauthentic-accounts/#ftag=RSSbaffb68
Nation state actors, affiliates behind increasing amount of data breaches
https://www.zdnet.com/article/nation-state-actors-affiliates-behind-increasing-amount-of-data-breaches/#ftag=RSSbaffb68
Over 275 Million Records Exposed by Unsecured MongoDB Database
http://bit.ly/2Vpxr4E
Canada’s Freedom Mobile Elasticsearch database exposed
http://bit.ly/30aolHV
Cybersecurity basics still the key for preventing business email compromise
https://www.zdnet.com/article/cybersecurity-basics-still-the-key-for-preventing-business-email-compromise/#ftag=RSSbaffb68
E.研究報告
想要用自己的電腦耍酷嗎?那就用 cmatrix 在類Unix作業系統上模擬駭客任務的電腦畫面吧
https://magiclen.org/cmatrix/
通過實例講解棧溢出漏洞
https://blog.csdn.net/Breeze_CAT/article/details/89788864
Weblogic 遠程命令執行漏洞分析(CVE-2019-2725)及利用payload構造詳細解讀
https://xz.aliyun.com/t/5024
允許攻擊者訪問視頻流:D-Link攝像頭漏洞分析
https://www.4hou.com/vulnerable/17822.html
VirtualBox虛擬機逃逸漏洞分析
https://xz.aliyun.com/t/5008
利用戴爾Kace K1000的RCE漏洞接管Dropbox所有客戶管理系統
https://www.freebuf.com/vuls/201673.html
ISPsystem漏洞分析
https://www.4hou.com/vulnerable/17812.html
YII框架全版本文件包含漏洞挖掘和分析
https://xz.aliyun.com/t/5051
重現TP-Link SR20本地網絡遠程代碼執行漏洞
https://cloud.tencent.com/developer/article/1422058
PDF漏洞(CVE-2018-12794)淺析
https://www.secpulse.com/archives/105459.html
Freddy:一款基於活動被動掃描方式的Java&.NET應用程序漏洞掃描工具
https://www.freebuf.com/sectool/202421.html
漏洞掛馬網站趨勢分析
http://www.tiejiang.org/23866.html
Kaboom:一款功能強大的自動化滲透測試工具
http://www.sohu.com/a/312619490_609556?sec=wd
Leviathan36/kaboom
https://github.com/Leviathan36/kaboom
0day in Gmail (google accounts) Hack any Gmail account
http://bit.ly/2vLW64h
RouterSploit guide
http://bit.ly/2Y9WTIm
Useful Commands And Tools – OSCP
http://bit.ly/2vKO3ET
Most Important Cyber Threat Intelligence Tools List For Hackers and Security Professionals
https://gbhackers.com/cyber-threat-intelligence-tools/
How to Not Get Locked Out With Two-Factor Authentication
https://medium.com/pcmag-access/how-to-not-get-locked-out-with-two-factor-authentication-12ba2da79a43
How to authenticate your e-mail
https://medium.com/@Uriel1339/how-to-authenticate-your-e-mail-e85f2a538d8f
Make a Raspberry Pi USB TOR-stick
https://medium.com/@jcolond/make-a-raspberry-pi-usb-tor-stick-2d494e7f81ea
Defensive PowerShell
https://medium.com/@cjkuech/defensive-powershell-with-validation-attributes-8e7303e179fd
Introducing Windows Terminal
http://bit.ly/2JyyHvl
How to code like a Hacker in the terminal
http://bit.ly/2VkmSjp
tomchop/malcom Malcom - Malware Communication Analyzer
https://github.com/tomchop/malcom
threatresearch
https://github.com/EmergingThreats/threatresearch
How to Backdoor Windows 10 Using an Android Phone & USB Rubber Ducky
https://null-byte.wonderhowto.com/how-to/android-for-hackers-backdoor-windows-10-using-android-phone-usb-rubber-ducky-0192608/
YARA in a nutshell
https://github.com/VirusTotal/yara?fbclid=IwAR3Rlce92dGY0LSRfCO-WbsBsxlyuBHZa9tn63NI6Dmjr-1xa43tOTRvbh8
Kerbrute – A Tool To Perform Kerberos Pre-Auth Bruteforcing
http://bit.ly/2VplmfF
Cynet Free IR Tool Offering Empowers Responders to Know and Act Against Active Attacks
https://www.kitploit.com/2019/05/cynet-free-ir-tool-offering-empowers.html?utm_source=dlvr.it&utm_medium=facebook
HostHunter v1.5
http://bit.ly/2VmgWq5
CONVERT ANY MALICIOUS IP INTO URL TO HACK YOUR FRIEND
http://bit.ly/2LuPkKR
F.商業
Win7跑Chrome竟比Win10快5倍 國外實測找到關鍵原因
https://www.ettoday.net/news/20190504/1436975.htm
Windows Hello獲FIDO 2認證,Windows 10即將可支援無密碼登入
https://www.ithome.com.tw/news/130493
隱私風暴襲捲全球!Google搶先臉書發新工具保護用戶資安
https://cnews.com.tw/134190505a02/
Netgear雲端管理VPN路由器上場,整合加密連線與防火牆
https://www.ithome.com.tw/review/128207
Switch消息大爆發!Ubuntu移植成功、DC模擬器效率大提升
http://bit.ly/2V6IdrH
甲骨文驚傳中國大裁員 500位工程師丟飯碗
https://tw.finance.appledaily.com/realtime/20190507/1562783/
避免陷入臉書隱私風波!Google 用三招力拚用戶資安
https://3c.ltn.com.tw/news/36693
Secutech 2019盛大登場 解密 4 大關鍵技術
http://bit.ly/2PSXlrF
善用AWS IOT平台 銓鍇國際助您實踐智慧工廠願景
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=50&cat2=20&id=0000559108_hug23a5hl6q7f89734hme
今夏Windows將開始內建Linux核心
https://www.ithome.com.tw/news/130449
Windows 10 is getting a Microsoft-built Linux kernel
https://www.zdnet.com/article/windows-10-is-getting-a-microsoft-built-linux-kernel/#ftag=RSSbaffb68
Microsoft Windows 10 will get a full built-in Linux Kernel for WSL 2
http://bit.ly/2Y6K2Xo
Google Chrome to support same-site cookies, get anti-fingerprinting protection
https://www.zdnet.com/article/google-chrome-to-support-same-site-cookies-get-anti-fingerprinting-protection/#ftag=RSSbaffb68
Google's Web Packaging standard arises as a new tool for privacy enthusiasts
https://www.zdnet.com/article/googles-web-packaging-standard-arises-as-a-new-tool-for-privacy-enthusiasts/#ftag=RSSbaffb68
Proofpoint snaps up zero trust security firm Meta Networks in $119m deal
https://www.zdnet.com/article/proofpoint-snaps-up-zero-trust-access-firm-meta-networks-in-119m-deal/#ftag=RSSbaffb68
OpenShift 4: Red Hat's on ramp for the hybrid cloud
https://www.zdnet.com/article/openshift-4-red-hats-on-ramp-for-the-hybrid-cloud/#ftag=RSSbaffb68
Orange acquires SecureLink in European enterprise security push
https://www.zdnet.com/article/orange-acquires-securelink-in-european-enterprise-security-push/#ftag=RSSbaffb68
Forcepoint 增設施加強研發能力
http://bit.ly/2PUF0Kv
G.政府
跳針答詢話題燒 杜奕瑾質疑:自經區如何保證資安安全
https://www.nownews.com/news/20190504/3361451/
高市府稱自經區「可保證資安」PTT創辦人
https://www.ptt.cc/bbs/Gossiping/M.1556959666.A.DA4.html
替韓代答!葉匡時「資安說」遭批無腦
http://bit.ly/2PPCbdE
公投電子連署恐再延期中選會:初步檢測資安上有疑慮
https://udn.com/news/story/6656/3796027
公投電子連署系統中選會:資安有疑慮尚待改進
https://m.ltn.com.tw/news/politics/breakingnews/2781155
中科院研發結合戰備需求 達國防自主目標
http://bit.ly/2LB2Cpk
中科院新進人員得任用軍職 立院初審無共識
https://taronews.tw/2019/05/06/332124/
中科院成國家機密保護法漏洞 立委要求修法
https://news.ltn.com.tw/news/politics/breakingnews/2781372
國家機密保護法三讀 學者:完善制度的開端
https://news.ltn.com.tw/news/politics/breakingnews/2781955
國家機密保護法修正 學者促繼續補強相關法規
https://news.ltn.com.tw/news/focus/paper/1287112
擋馬赴陸? 綠版國家機密法立院闖關
http://bit.ly/2H5yiie
刑法外患罪章適用中港澳 共諜可重判
https://www.cna.com.tw/news/firstnews/201905070102.aspx
強化資訊安全,高鐵汰換資安疑慮設備
https://www.chinatimes.com/realtimenews/20190507002588-260410?chdtv
資安也是經濟指標 蔡總統:去年安控創造逾600億價值
https://ec.ltn.com.tw/article/breakingnews/2783106
資安是國力象徵 總統:安控業去年出口破600億
http://www.ntdtv.com.tw/b5/20190508/video/245222.html
蔡英文今出席資安展 致詞後快閃
https://newtalk.tw/news/view/2019-05-08/243537
出席臺北國際安全科技應用博覽會 總統盼政府民間共同努力 讓臺灣擁有強而有力資安團隊
https://www.president.gov.tw/News/24360
公投 法制局:用身分證影本連署風險高
https://udn.com/news/story/6656/3800158
美通過涉台法案 台總統府:願扮好太平洋戰略和平角色
http://news.dwnews.com/taiwan/big5/news/2019-05-07/60132836.html
台廠資安疑慮 經部提醒要把信譽放心上
https://www.cna.com.tw/news/afe/201905080145.aspx
扯!共諜來台發展組織 檢方竟然無法監聽
https://news.ltn.com.tw/news/politics/breakingnews/2783522
蔡總統:智慧化政府 打造有力資安團隊
http://bit.ly/2V6jNhS
台鐵新系統漏洞 2周4469張車票重複刷卡
https://www.chinatimes.com/realtimenews/20190509002089-260405?chdtv
防惡意逃票!台鐵App6/30起無法憑截圖重複進站
https://newtalk.tw/news/view/2019-05-09/244089
不肖理專盜領客戶存款 顧立雄:要求銀行內控、內稽
https://money.udn.com/money/story/5613/3802316
金管會發函:金融機構與中國簽合作協議 須遵守5原則
https://ec.ltn.com.tw/article/breakingnews/2784041
108第1次政府資通安全防護巡迴研討會ー議題一:資安威脅趨勢與案例分享
http://bit.ly/2JtB2aF
108第1次政府資通安全防護巡迴研討會ー議題二:資通安全管理法施行情形期中檢討與精進建議
http://bit.ly/2YfkVBy
108第1次政府資通安全防護巡迴研討會ー議題三:因應資安法施行-資安情資分享規範說明
http://bit.ly/2PTlkqq
108第1次政府資通安全防護巡迴研討會ー議題四:政府資訊作業委外安全管理
http://bit.ly/2V8F0aR
H.SCADA/ICS/工控系統
Train up to navigate the diverse, chaotic cyber security landscape at SANS Munich
https://www.theregister.co.uk/2019/04/29/navigate_the_diverse_and_chaotic_cyber_security_landscape/
SCADA/ICS Expert Eric Byres joins Veracity Industrial Networks
https://www.globenewswire.com/news-release/2019/04/24/1808814/0/en/SCADA-ICS-Expert-Eric-Byres-joins-Veracity-Industrial-Networks.html
Despite ongoing warnings, U.S. critical infrastructure remains vulnerable
https://securityboulevard.com/2019/05/despite-ongoing-warnings-u-s-critical-infrastructure-remains-vulnerable/
I.教育訓練
非本科自學轉職資安工程師心路歷程分享會
https://www.ptt.cc/bbs/Tech_Job/M.1557231027.A.FF5.html
EC-Council ECSA資安分析專家 v10 考試心得分享
https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html
[心得] 20180817 EC-Council ECSA v10 PASS
https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html
為工程師文件協作而生的平台:HackMD 開發故事
http://bit.ly/2J960Wh
20190425 - Ethen - Log分析入門、架構、與戰情分析
http://bit.ly/2VRMsvn
Welcome to HITCON GIRLS Cat Wargame
http://139.162.79.241/?fbclid=IwAR0W23q_uhNqi2Tg8MaumxopdULd8EGogUSLjLzvLAc7TSIGh2iYHgBJoZo
How to hack website using sql injection (waf bypass)
http://bit.ly/2VnG2ot
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
聯網汽車 未來發展與挑戰
http://bit.ly/2H1dfgy
進入物聯網時代,資安威脅更難應付
http://www.naipo.com/Portals/1/web_tw/Knowledge_Center/Industry_Economy/IPNC_190508_0704.htm
駭客掌控車輛可遠程控制引擎 自駕車安全問題成隱憂
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=50&id=0000558602_gmr7ixzply3ca93zgwtm0
研華衝物聯網 攻軟硬整合
https://money.udn.com/money/story/5710/3792259
知名IoT公司Sierra 4G網關產品Wireless AirLink ES450多個漏洞詳細分析
https://www.4hou.com/vulnerable/17703.html
智慧門鎖好方便!手機感應可幫你自動開關門
http://bit.ly/2LC6UNc
AI智慧音箱中文也通 本土業者資安優勢競爭
http://www.ntdtv.com.tw/b5/20190509/video/245343.html
iLnkP2P 漏洞讓 200 多萬台 IoT 裝置暴露在遠端攻擊的風險中
https://blog.trendmicro.com.tw/?p=60580
IoT Security- it's complicated
https://medium.com/@DotanBarNoy/iot-security-its-complicated-fb6d7b3cf4f3
Fun and functional Raspberry Pi accessories
https://www.zdnet.com/pictures/fun-and-functional-raspberry-pi-accessories/#ftag=RSSbaffb68
Splice Machine doubles down on managing machine learning
https://www.zdnet.com/article/splice-machine-doubles-down-on-managing-machine-learning/#ftag=RSSbaffb68
Fortinet : Cyber attacks target Operational Technology
https://www.marketscreener.com/FORTINET-5716262/news/Fortinet-Cyber-attacks-target-Operational-Technology-28563438/
6.近期資安活動及研討會
國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
https://hackercollege.nctu.edu.tw/?p=1054
行動應用App基本資安認證制度推廣說明會 5/13
https://seminars.tca.org.tw/D15e02218.aspx
AWS 機器學習戰鬥營 5/13
https://email.awscloud.com/u5k900jZkO0tck00LrsTMo0
AIS3 2019 新型態資安暑期課程 報名107 年 5 月 14 日上午 10 點至 107 年 5 月 27 日下午 6 點
https://ais3.org/
iTHome 台灣雲端大會 Cloud Summit 2019 2019年 5 月 15 日 (三) 09:00~17:00
https://cloudsummit.ithome.com.tw/
Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/
「SQL Server 2008 EOS」研討會 5/15
https://cosa.kktix.cc/events/bb128a58
HackingThursday 固定聚會 5/16
https://www.meetup.com/hackingthursday/events/vkhnnqyzhbvb/
國家高速網路與計算中心教育訓練-網路封包分析實務 5/16
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3831&from_course_list_url=homepage
2019 HP資安對策論壇 5/17
http://bit.ly/2H2vJMo
教育部資安人才培育計畫 – 總期程期中成果展暨企業實習及就業媒合交流會
https://isip.moe.edu.tw/wordpress/?p=1668
《我們與資安的距離》給高中生的一堂資安課-高中職資安體驗課程 5/18
http://gg.gg/dueuq
DevDays Asia 2019 @Taipei 亞太技術年會 2019/5/21-2019/5/23 | 9:00 AM - 5:00 PM
https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x6811311abcd
CDX2.0推廣活動 5/22
https://nchc-cdx.kktix.cc/events/cdxactivity-0522
工研院進修園地-樹莓派影像 5/22
http://bit.ly/2Ld3QH3
HackingThursday 固定聚會 5/23
https://www.meetup.com/hackingthursday/events/vkhnnqyzhbfc/
國家高速網路與計算中心教育訓練-源碼檢測實作 5/23
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3835&from_course_list_url=homepage
第二十九屆全國資訊安全會議 5/23 ~ 5/24
https://cisc2019.cs.pu.edu.tw/index.php
硬體資安研討會 108年5月24日
https://eenctu.nctu.edu.tw/tw/news/p1.php?num=273
Docker Birthday #5 - Taipei 5/25
https://www.meetup.com/Docker-Taipei/events/248974949/
[K8S學程] Kubernetes 容器遷移實戰 5/25
https://broadmission.kktix.cc/events/migration?fbclid=IwAR3HE5E_DgL4qe8wv1j12QvEhO9_i9qj7e7mWF6Z5I_m6itcVwTJV-7jl30
今年首場資安社群論壇 - 駭客過招,實戰分享 5/25(六)
https://www.digicentre.com.tw/news_detail.php?id=56&fbclid=IwAR1Qsa6ehY00EJk4tGPfxZ1HqvrcX2eVNZ2Htets23i_qiKZCCI9-H1plZw
《我們與資安的距離》給高中生的一堂資安課-用Python進行資安解題 5/26
http://gg.gg/dueuq
OWASP TechDay Taiwan 2019 2019/05/28
https://csa.kktix.cc/events/owasp0528
「智慧資安主題論壇-智慧製造」論壇(5/29)
http://www.twiota.org/eventDetails.aspx?id=c0ce0559-496a-4d32-b481-14221f75d791
HackingThursday 固定聚會 5/30
https://www.meetup.com/hackingthursday/events/vkhnnqyzhbnc/
International Conference CONSTRUCTIVE THEORY OF FUNCTIONS - 2019 SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/
軟體安全性測試實務 6/3 ~ 6/4
https://www.accupass.com/event/1904230701335964656400
HackingThursday 固定聚會 6/6
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbjb/
國家高速網路與計算中心教育訓練-源碼檢測實作 6/13
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3828&from_course_list_url=homepage
HackingThursday 固定聚會 6/13
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbrb/
國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
https://hackercollege.nctu.edu.tw/?p=1039
Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/
HackingThursday 固定聚會 6/20
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbbc/
國家高速網路與計算中心教育訓練-資安健診 6/20
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3832&from_course_list_url=homepage
Edvance Beacon 2019 6/21
https://docs.google.com/forms/d/e/1FAIpQLSe70uw8Pi862IkL_rQXDJhzd7QnGXiuhcWwttOEN2BZwUbyMw/viewform
HackingThursday 固定聚會 6/27
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/
HackingThursday 固定聚會 7/4
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/
2019國際資訊安全組織台灣高峰會 7/9 ~ 7/11
https://csa.kktix.cc/events/2019con
工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
https://www.accupass.com/event/1904080311551119077841
HackingThursday 固定聚會 7/11
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/
HackingThursday 固定聚會 7/18
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/
HackingThursday 固定聚會 7/25
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/
WEB應用滲透測試 8/21 ~ 8/23
https://www.accupass.com/event/1904080221358963463590
資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」 8/29 ~ 8/30
http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==
TANET 2019 - 臺灣網際網路研討會 9/25
https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310
HITB+ CYBER WEEK 2019/10/12 ~17
https://d2p.hitb.org/?fbclid=IwAR2gU17bz0Y7TH8THIIskIX1vziWBpMY152mJiwk7AAeVS752f_eNcZ0NzU
Splunk .conf 19 10/21 ~ 10/24
https://conf.splunk.com/
Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019
https://www.icscybersecurityconference.com
訂閱:
張貼留言 (Atom)
2024年 12 月份資安、社群活動分享
2024年 12 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/3 https://www.meetup.com/taiwan-code-camp/e...
-
2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://b...
-
2024年 2月份資安、社群活動分享 Taipei All About API Meetup Group - Meet and Greet, 01 Feb 2024, 07:00 PM 2024/2/1 https://www.meetup.com/taipei-all-a...
-
2024年 5 月份資安、社群活動分享 資安五四三 2024/5/2 https://csa.kktix.cc/events/202405-543 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/5/2 http...
沒有留言:
張貼留言