資安事件新聞週報 2019/5/6 ~ 2019/5/10

資安事件新聞週報  2019/5/6  ~  2019/5/10

1.重大弱點漏洞/後門/Exploit/Zero Day
八種無線演示系統中的關鍵漏洞
https://www.chainnews.com/articles/111363306365.htm

Dell 預載軟體成為 PC 被駭的後門
https://chinese.engadget.com/2019/05/04/supportassist-dell-vulnerability-windows/

安全研究人員發現戴爾支持助手客戶端存在安全漏洞會引發遠程攻擊
https://www.landiannews.com/archives/58210.html

Office 2016更新臭蟲引發當機,遭微軟緊急撤除
https://www.ithome.com.tw/news/130505?fbclid=IwAR1Q5Dpo1wj_lF95EFYrGqzbb0u9bJu3yG7-UoeARiAB1VAXNAcxQ1Y_zxU

華碩與技嘉的驅動程式遭爆含有權限擴張漏洞
https://0nion.com/article/27466

Jenkins外掛存在安全漏洞,衍生密碼外洩或跨站攻擊風險
https://www.ithome.com.tw/news/130412

Jenkins外掛程序存在安全漏洞,有資料外洩和跨網站攻擊等風險
http://www.twoeggz.com/news/14467228.html

黑客三年來一直向APT組織提供微軟零日漏洞
http://521.li/post/628.html

D-Link雲端監視器含有拍攝畫面可遭攔截及竄改韌體的安全漏洞
https://times.hinet.net/news/22360561

D-Link camera vulnerability allows attackers to tap into the video stream
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/

D-Link DWL-2600AP Upgrade Firmware Command Injection
https://packetstormsecurity.com/files/152771/dlinkdwl2600apuf-exec.txt

D-Link DWL-2600AP Save Configuration Command Injection
https://packetstormsecurity.com/files/152770/dlinkdwl2600apsave-exec.txt

D-Link DWL-2600AP Authenticated OS Command Injection
https://packetstormsecurity.com/files/152725/dlinkdwl2600ap-exec.txt

谷歌Chrome出現漏洞:黑客使用虛假地址欄進行網上誘騙
http://bit.ly/2H1WzWc

Symantec Gateway Security未明遠程DNS緩存中毒漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0817

《CS:GO》存漏洞或遭黑客攻擊,V社出動緊急修復
https://kknews.cc/game/jk9aqe6.html

思科修補Nexus 9000網路交換器重大漏洞
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=30610

Cisco Nexus 9000 Series ACI Mode Switch Software 存在安全性弱點
https://www.us-cert.gov/ncas/current-activity/2019/05/01/Cisco-Releases-Security-Updates

SAP's NetWeaver: New Exploits for Misconfigurations
https://www.bankinfosecurity.com/saps-netweaver-new-exploits-for-misconfigurations-a-12445

Security flaws in 100+ Jenkins plugins put enterprise networks at risk
https://zd.net/2LylO75

Sorubak Login Panel SQL BYPASS
https://www.anquanke.com/vul/id/1593141

Indonesian Government & University Admin weak password
https://www.anquanke.com/vul/id/1593144

CompletaWeb Comunicação Virtual Brazil SQL Injection
https://www.anquanke.com/vul/id/1594160

Instagram Auto Follow SQL Injection
https://www.anquanke.com/vul/id/1594223

獅航空難前一年 波音已知737 MAX警報系統存漏洞
https://hk.news.appledaily.com/international/realtime/article/20190506/59568134

IBM Jazz Reporting Service跨站腳本漏洞  CVE-2018-2004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2004

Checkpoint -- endpoint_security      CVE-2019-8454
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-8454

Cisco -- nexus_93108tc-ex_firmware      CVE-2019-1804
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-8454

Dhcpcd_project -- dhcpcd      CVE-2019-11577 
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11577

關注!攻擊者正積極利用Atlassian Confluence和Oracle WebLogic漏洞
http://www.cnetsec.com/article/29702.html

Oracle -- weblogic_server    CVE-2019-2725 
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2725

Oracle Weblogic Server Deserialization Remote Code Execution
https://packetstormsecurity.com/files/152756/weblogic_deserialize_asyncresponseservice.rb.txt

Oracle WebLogic存在遠端執行程式碼漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail.aspx?lang=zh&seq=1437

Cisco Elastic Services Controller REST API認證繞過漏洞CVE-2019-1867
http://blog.nsfocus.net/cve-2019-1867/

針對網絡安全信息漏洞的報告總結
https://blog.51cto.com/13941676/2391247

New Windows 10 20H1 test build brings Microsoft Search to File Explorer
https://www.zdnet.com/article/new-windows-10-20h1-test-build-brings-microsoft-search-to-file-explorer/#ftag=RSSbaffb68

Alpine Linux Docker images ship a root account with no password
https://www.zdnet.com/article/alpine-linux-docker-images-ship-a-root-account-with-no-password/#ftag=RSSbaffb68

Alphine Linux Docker映像檔,爆出根帳號無密碼登入漏洞
https://www.ithome.com.tw/news/130528

MISP 跨站脚本漏洞  CVE-2019-11812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11812

警惕“俠盜”團伙利用新型漏洞傳播GandCrab勒索“藍屏”變種
https://www.itread01.com/hkycfqq.html

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
新讀卡器攻破AEON提款機 香港地鐵尖東站提款者密碼被盜破財
http://bit.ly/2WrN1t0

超微型讀卡器 攻陷AEON ATM 7客資料被盜製假卡 失20萬
https://hk.news.appledaily.com/local/daily/article/20190504/20670819

AEON櫃員機大漏洞 東歐讀卡黨當提款機
http://bit.ly/2LrNGJR

港銀行晶片技術防盜竊
https://hk.news.appledaily.com/local/daily/article/20190504/20670821

三保加利亞漢被捕 歐洲來港做世界 讀卡盜款黨再現江湖
http://hd.stheadline.com/news/daily/hk/761015/

ATM裝鏡頭盜密碼 3外籍男還押候訊
http://bit.ly/2V5IV8g

警破跨國假卡黨 揭AEON櫃機磁帶漏洞
https://orientaldaily.on.cc/cnt/news/20190504/00176_045.html

【ATM讀卡器】香港金管局:要求銀行檢視櫃員機保安
http://bit.ly/2J1JEWD

全球網路銀行峰會 8日登場
http://bit.ly/2PPOSVQ

星展:新加坡或仿效香港允虛擬銀行
https://www2.hkej.com/instantnews/international/article/2129728

中共稱開放銀保業 卻無時間表
https://www.ntdtv.com/b5/2019/05/03/a102570342.html

一個金融業兩個世界:壽險挑戰大、銀行穩穩賺
https://www.cw.com.tw/article/article.action?id=5095050

銀行公會:綠色金融大勢所趨 港可助海外投資者聯繫亞洲市場
http://bit.ly/2vHfFdR

南山人壽兩頭燒!重啟舊系統須444天配套惹怒工會 保險局強硬要解決案
https://www.ettoday.net/news/20190507/1438555.htm

南山人壽百億「新境界」系統上線8個月 15萬件保單遭自動墊繳或停效
https://ec.ltn.com.tw/article/breakingnews/2781449

保險局促南山提零錯誤方案
http://bit.ly/2H5OXCk

一樣要轉換資訊系統 台壽保證不出包
https://www.chinatimes.com/realtimenews/20190506002560-260410?chdtv

台壽新系統軟體商中科軟 莊中慶:非中資
https://tw.finance.appledaily.com/realtime/20190507/1562396/

台灣人壽核心資訊系統 委中國中科軟(SinoSoft)負責建置
https://ec.ltn.com.tw/article/breakingnews/2781497

約法三章 金管會將與壽險業確認新監理指標
https://rmim.com.tw/news-detail-23046

銀行讓民眾用LINE傳證件 金管會緊盯安控機制
https://money.udn.com/money/story/5613/3799335

LINE傳個資若外洩 銀行恐挨罰
http://bit.ly/2LILHkL

銀行濫用新科技作生意 小心挨罰
https://www.chinatimes.com/realtimenews/20190507001478-260410?chdtv

信用卡小知識!御璽卡、無限卡有啥差別?VISA信用卡等級一篇教你分
https://www.shopback.com.tw/blog/visa-cards-class-levels

3搶2?金管會16日開放純網銀申請 排除金金併規定
http://www.skyqzone.com/article/UzJXRXRGenlvWUE9

情報弱者を狙った銀行…その威光に逆らえない人々の悲劇
https://headlines.yahoo.co.jp/article?a=20190506-00021108-gonline-bus_all

香港上海匯豐銀行有限公司於4月26日發布偽冒電子郵件聲明
https://www.about.hsbc.com.hk/-/media/hong-kong/zh-hk/news-and-media/190426-hsbc-warns-against-phishing-email-chi.pdf

中國銀行香港股份有限公司4月29日發布有關偽冒短訊及詐欺手機銀行登入聲明
https://www.bochk.com/dam/bochk/desktop/top/aboutus/pressrelease2/2019/20190429_01_Press_Release_TC.pdf

香港上海匯豐銀行有限公司於5月2日發布偽冒電子郵件聲明
https://www.about.hsbc.com.hk/-/media/hong-kong/zh-hk/news-and-media/190502-hsbc-warns-against-phishing-email-chi.pdf

《中國監管》網信證券遭證監入駐檢查,此前曾傳出債券業務違約
http://bit.ly/2H52PLD

網信證券危機全面爆發:監管工作組進駐,內控漏洞百出,營收遭自營拖累巨虧逾30億
https://news.sina.com.tw/article/20190508/31215396.html

日本樂天經驗給力 台灣網銀大躍進
https://money.udn.com/money/story/5635/3790251

銀行卡、微信賬號 被買賣的賬戶去哪兒了
https://news.sina.com.tw/article/20190506/31178898.html

安徽摧毀一特大跨境賭博網路,21億元賭資被層層轉賬漂白
https://news.sina.com.tw/article/20190505/31171806.html

[爆卦] 渣打商銀疑似卡號大量外洩
https://www.ptt.cc/bbs/Gossiping/M.1557029750.A.F46.html

偽卡集團盗刷前奏 渣打卡友心驚驚接獲小額刷卡通知
https://tw.finance.appledaily.com/realtime/20190507/1562229/

只刷1元!偽卡團再進化 模擬卡號測盜刷
http://bit.ly/303ZDbM

信用卡側錄駭客已對北美 201 家校園商店進行了攻擊
https://chinese.engadget.com/2019/05/06/card-skimming-hack-targets-campus-stores/

兩名外籍男子涉行使虛假信用卡被採取羈押等強制措施
https://www.gov.mo/zh-hant/news/285597/

Saudi British Bank推出基於Ripple的跨境支付服務
http://bit.ly/2Vd3bFm

新加坡央行擬開放純網銀 相關風控是新課題
https://money.udn.com/money/story/5602/3799439

LINE共同執行長慎重熩首度訪台 宣布加碼投資台灣30億
https://tw.finance.appledaily.com/realtime/20190508/1563178/

防堵刷卡詐騙 金管會盯上ATM預繳卡費
https://udn.com/news/story/7239/3800876

數字鍵大掉色!他一看ATM面板有玄機 「這2字磨光」曝提款密碼…346少人用
https://www.ettoday.net/news/20190509/1440305.htm

ATM機取錢 需注意周圍玩手機之人
https://www.ntdtv.com/b5/2019/05/09/a102574198.html

勞退帳戶忽然被扣錢?新版明細告訴你真相
https://theme.udn.com/theme/story/6774/3802287

國稅局:農漁會改帳號 委託取款繳稅要注意
https://money.udn.com/money/story/6710/3802334

傳香港金管局最快本周多批4牌照 騰訊平保小米阿里有份
http://bit.ly/2YnZlez

執照發放倒數三個月... 三家純網銀戰略揭密
https://udn.com/news/story/7239/3802934

臺灣網路金融犯罪手法追查細節大公開,偵九隊建議銀行KYC安全驗證應納入數位資訊來防範
https://www.ithome.com.tw/news/130538

台灣純網銀 營運模式成關鍵
http://bit.ly/2VqnS5C

香港金融管理局(金管局)5月9日宣布螞蟻商家服務(香港)有限公司、貽豐有限公司、洞見金融科技有限公司及平安壹賬通有限公司授予銀行牌照以經營虛擬銀行
https://www.hkma.gov.hk/chi/key-information/press-releases/2019/20190509-3.shtml

不只15萬張保單停效!南山再爆6萬件信用卡扣錯帳
http://bit.ly/2LzLnEK

美司法部起訴2名中國駭客 涉嫌竊盜Anthem保險公司數據
https://www.cmoney.tw/notes/note-detail.aspx?nid=170098

中國駭客盜竊保險公司數據 遭美司法部起訴
https://ec.ltn.com.tw/article/breakingnews/2785595

竊美保險企業近8000萬人個資 中國駭客遭美起訴
http://bit.ly/2Yfj2Vu

US charges one of the Anthem hackers
https://www.zdnet.com/article/us-charges-one-of-the-anthem-hackers/#ftag=RSSbaffb68

Card skimming hack targets 201 campus stores in North America
https://www.engadget.com/2019/05/06/card-skimming-hack-targets-campus-stores/

Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada
http://bit.ly/2YigPIS

Cyber Insurance: Assessing the Need
https://www.bankinfosecurity.asia/cyber-insurance-assessing-need-a-12444

Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites
http://bit.ly/2Hfc6AS

Researchers expose mass credit card stealing campaign
https://www.zdnet.com/article/researchers-expose-mass-credit-card-stealing-campaign/#ftag=RSSbaffb68

New Skimmer Attack Steals Data From Over 100 Ecommerce Sites
https://www.bankinfosecurity.com/new-skimmer-attack-steals-data-from-over-100-ecommerce-sites-a-12465

1111人力銀行:郵局招考3.4萬人報名 332名碩博士進複試
http://n.yam.com/Article/20190504224591

金融監督管理委員會保險局聘用助理研究員2名徵才公告
http://bit.ly/2Jiw6Fr

銀行鐵飯碗來了!台企銀徵才224名 行員起薪3萬3600元
https://www.ettoday.net/news/20190508/1439723.htm

3.電子支付/電子票證/行動支付/ pay/新聞及資安
台灣Pay清算平台 兩階段搭建
http://bit.ly/2H8sKDz

搶行動支付市場 3大系統火併
https://www.chinatimes.com/newspapers/20190506000678-260113?chdtv

手機支付真的安全?斷開駭客靠「它」完整加密
https://tw.news.appledaily.com/life/realtime/20190507/1562034/

Apple Pay、Google Pay獲英政府採用 可作交簽證費用
http://bit.ly/2H4IF5U

電子支付「翻倍成長」!今年3月用戶數逼近5百萬人
https://ec.ltn.com.tw/article/breakingnews/2778781

香港政府2020年推「eID」數碼個人身份 日後可預約門診、支付診金
http://bit.ly/2Wsr4Ko

洽談中國與獅城公司 Sarawak Pay或通行國外
https://eunited.com.my/222413/

香港金管局﹕轉數快下一階段為個人與商戶間交易
http://bit.ly/2J72ATY

CURRENCY.COM推出全新手機應用程式並擴大香港證券交易市場
http://www.businesswirechina.com/hk/news/40489.html

賭場2.0沒現金 金流都在App
https://udn.com/news/story/11315/3793884

關于5月11-12日個人電子銀行、電子支付、中銀開放平臺等系統升級的公告
http://www.boc.cn/big5/ebanking/bi2/201905/t20190509_15237057.html

臉書打造WhatsApp支付服務 倫敦成立發展中心
https://m.ctee.com.tw/livenews/gj/8256c34a-fb44-438e-88b6-908e22f660c3

中國大陸行動支付普及率達86%
http://ieknet.iek.org.tw/ieknews/news_more.aspx?actiontype=ieknews&indu_idno=10&nsl_id=77da117e1588454da748d0f2371080f8

2019中國移動支付報告出爐,北京排第三
https://kknews.cc/tech/vrrz242.html

能挽回頹勢?金管會修法「電子支付大整合」
https://cnews.com.tw/1340508a03/

印度電子支付公司Paytm 整個跨境部門離職
https://readhub.cn/topic/7MuAl52Z596

印度行動支付龍頭Paytm計畫海外擴張 瞄準日本、加拿大
http://bit.ly/2JvO5sf

EFT Payments「免租」拓聚合支付
https://hk.on.cc/hk/bkn/cnt/finance/20190509/bkn-20190509000102860-0509_00842_001.html

Google Play將增加線上訂購 實體鄰近商店現金付款的延付交易功能
https://www.cool3c.com/article/143551

5.虛擬貨幣/區塊鍊   新聞及資安
攻擊者通過部分支付漏洞從BitoPro交易所撤回了700萬XRP
http://bit.ly/2VPIBPq

幣安遭駭客大規模攻擊 7000枚比特幣被竊
https://ec.ltn.com.tw/article/breakingnews/2783103

幣安伺服器現保安漏洞 遭黑客盜取7000個比特幣
http://bit.ly/2PRL32G

幣安又被盜,你還相信交易所嗎
http://bit.ly/2H9kN0L

全球最大加密幣平台 遇竊損失料逾3億
http://bit.ly/2DU7M9q

幣安創辦人 CZ 在駭客事件後的首次 AMA 重點整理
https://zombit.info/after-binance-hacked-cz-ama/

比特幣行情回來了,幣安卻遭駭客攻擊損失逾12億元
http://bit.ly/2H7BaLn

加密貨幣再遭駭 被竊走4100萬美元
https://cnnews.rti.org.tw/news/view/id/2020052

交易所、帳號託管系統、個人用戶」——幣安遭駭可能的安全漏洞
https://www.blocktempo.com/binance-hacked-information-technology-security/

虛擬貨幣交易所幣安遭駭!被盜走7000枚比特幣損失逾12億
https://tw.finance.appledaily.com/realtime/20190508/1563279/

幣安交易所在今天凌晨遭駭客攻擊!損失 7,074 顆比特幣,價值 12 億台幣
https://www.blocktempo.com/binance_being_hacked_7074bitcoin/

幣安被盜的7074枚BTC,已被駭客轉移至7個主要新地址
https://news.sina.com.tw/article/20190509/31224796.html

四大網絡安全機構會診“幣安案”:一場蓄謀已久的攻擊
https://pttnews.cc/8deee2dec8

幣安交易所比特幣被竊漏洞分析
https://www.itread01.com/hkyhklyf.html

幣安被盜BTC被駭客分散至20個主要地址,目前尚未擴散
https://life.tw/?app=view&no=931090

去中心化銀行 MakerDAO 近況更新:穩定費將調漲至 19.5%;計畫用多種密碼貨幣抵押債務
https://blocktempo.com/5-5-maker-dao-current-status/

新加坡金融管理局認可區塊鏈中的跨境支付潛力 但不看好銀行零售
https://news.cnyes.com/news/id/4313532

加拿大與新加坡兩國中央銀行聯手,用「央行數字貨幣」完成「區塊鏈上的跨境支付」
https://blocktempo.com/central-banks-of-canada-and-singapore-conduct-successful-experiment-for-cross-border-payments/

新加坡和加拿大央行完成首個跨境區塊鏈支付
https://news.sina.com.tw/article/20190505/31172814.html

〈區塊鏈大應用〉兩大中央銀行首次運用區塊鏈技術進行跨境支付
https://fnc.ebc.net.tw/FncNews/else/78907

「股神」落伍了?加密社群駁斥巴菲特的「比特幣無用論」
http://news.knowing.asia/news/00f17248-36df-4c74-b03e-456f9863baa9

區塊鏈的最佳應用?韓國各大銀行皆開始接觸這項技術
http://news.knowing.asia/news/b0cc2208-3803-48b1-aea4-489615a0ad29

傳 Facebook 同 Visa、Mastercard 商討建構虛擬貨幣支付系統
https://unwire.hk/2019/05/04/facebookvirtualcurrency/life-tech/epayment/

揮軍電子商務!臉書將推加密貨幣力抗Paypal、ApplePay
http://bit.ly/2Wu3eOa

Tron(TRX)區塊鍊的嚴重漏洞可能引發大規模崩潰
https://0xzx.com/20190507135560587.html

比特幣通貨膨脹漏洞仍然存在,60%的比特幣全節點恐受其影響
http://news.knowing.asia/news/08b341ab-537e-4b21-9e70-afd6c7961dc0

回顧CVE-2018-17144:Bitcoin Core通脹漏洞
https://www.chainnode.com/post/321072

CyberCriminals通過Confluence軟件漏洞利用數字貨幣挖礦惡意軟件
https://0xzx.com/20190508034661422.html

趨勢科技:網絡犯罪分子利用Confluence軟件漏洞挖掘XMR
https://www.tuoluocaijing.com.tw/kuaixun/detail-62450.html

證券型代幣帶給台灣的好處
http://bit.ly/2H6z1ys

區塊鏈人才決裂危機
https://www.chinatimes.com/opinion/20190508004286-262104?chdtv

「比特幣耶穌」攜手RAPIDZ在台推比特幣現金支付
https://money.udn.com/money/story/10860/3801262

新華每日電訊:區塊鏈有望像行動支付一樣普及
https://news.sina.com.tw/article/20190510/31240284.html

Singapore, Canada complete blockchain trial for cross-border payments
https://www.zdnet.com/article/singapore-canada-complete-blockchain-trial-for-cross-border-payments/#ftag=RSSbaffb68

TRON critical security flaw could break the entire blockchain
https://www.zdnet.com/article/tron-critical-security-flaw-could-break-the-entire-blockchain/#ftag=RSSbaffb68

Hackers steal $41 million from cryptocurrency exchange Binance
https://www.zdnet.com/article/hackers-steal-41-million-from-cryptocurrency-exchange-binance/#ftag=RSSbaffb68

OneCoin ‘CryptoQueen’ sued over alleged $4bn cryptocurrency Ponzi scheme
https://www.zdnet.com/article/onecoin-leaders-sued-over-alleged-operation-of-4-billion-ponzi-scheme/#ftag=RSSbaffb68

Two crypto-mining groups are fighting a turf war over unsecured Linux servers
https://www.zdnet.com/article/two-crypto-mining-groups-are-fighting-a-turf-war-over-unsecured-linux-servers/#ftag=RSSbaffb68


5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / APT
中勒索病毒? 基隆市政府官網掛了緊急搶修中
https://udn.com/news/story/7328/3794221

基市府網站被駭掛點3天 民眾個資未外洩
https://m.ltn.com.tw/news/life/breakingnews/2781908

基隆市府網站被勒索病毒入侵掛點3天 議員憂機密被盜
https://udn.com/news/story/6656/3797980

基隆市府官網遭不明病毒攻擊入侵
https://www.nownews.com/news/20190507/3366262/

當心!網路病毒新變種  能入侵醫院竄改患者病歷導致醫生誤判
https://cnews.com.tw/134190505a01/

恐藏黑客軟件 蘋果動新聞播毒 侵用家私隱洩密
http://bit.ly/2DQBjRs

強國公司指《蘋果》app有木馬程式 曾獲習大大讚係「國家隊」
https://hk.news.appledaily.com/local/realtime/article/20190504/59563396

中國國家互聯網應急中心開通WannaCry勒索病毒感染數據免費查詢服務
https://news.sina.com.tw/article/20190504/31166526.html

黑客正在利用Oracle WebLogic漏洞傳播勒索軟件
https://www.linuxidc.com/Linux/2019-05/158457.htm

貌似空白的 excel 工作表,開啟前注意三件事,嚴防內嵌AutoHotkey惡意腳本攻擊
https://blog.trendmicro.com.tw/?p=60293

華碩軟體更新伺服器竟成惡意後門派送幫兇
https://www.ithome.com.tw/news/130415

XWO:一款掃描互聯網漏洞的惡意軟件
https://www.chainnews.com/articles/949513062750.htm

美國又有兩個地方政府感染了勒索軟體
https://www.ithome.com.tw/news/130503?fbclid=IwAR1bMCIaEEmebDaHR1pgIXowT6_pTSS5ltKTdnDsvJfq8wwwY0vZqti9W3U

研究人員揭露可長期蟄伏於微軟Exchange Server的後門程式
https://www.ithome.com.tw/news/130532

醫療格式漏洞讓駭客可以將惡意軟體藏在醫療影像檔中
https://blog.trendmicro.com.tw/?p=60537

惡意軟件也有漏洞,Mirai C2奔潰分析
https://www.4hou.com/vulnerable/17912.html

提防 Sodinokibi 勒索軟件的來襲
https://www.hkcert.org/my_url/zh/blog/19043002

警惕“俠盜”團伙利用新型漏洞傳播GandCrab勒索“藍屏”變種
https://www.itread01.com/hkycfqq.html

Hacker takes over 29 IoT botnets
https://www.zdnet.com/article/hacker-takes-over-29-iot-botnets/#ftag=RSSbaffb68

Japanese government to create and maintain defensive malware
https://www.zdnet.com/article/japanese-government-to-create-and-maintain-defensive-malware/#ftag=RSSbaffb68

This Week in Security News: BEC Attacks and Botnet Malware
https://blog.trendmicro.com/this-week-in-security-news-bec-attacks-and-botnet-malware/

Surge of MegaCortex ransomware attacks detected
https://www.zdnet.com/article/sudden-surge-of-megacortex-ransomware-infections-detected/#ftag=RSSbaffb68

Retefe Banking Trojan resurfaces in the threat landscape with innovations
https://securityaffairs.co/wordpress/84967/malware/retefe-banking-trojan-resurfaces.html

2019: The Return of Retefe
https://www.proofpoint.com/us/threat-insight/post/2019-return-retefe

Hacker Compromised Several IoT Botnet C2 Servers and Taken Control of It Due to Weak Credentials
https://gbhackers.com/29-iot-botnet-c2-servers/

Hackers Launching Qakbot Malware to Steal Login Credentials and Wipe the Bank Accounts
https://gbhackers.com/qakbot-malware-to-steal-login-credential/

Russian cyberspies are using one hell of a clever Microsoft Exchange backdoor
https://www.zdnet.com/article/russian-cyberspies-are-using-one-hell-of-a-clever-microsoft-exchange-backdoor/#ftag=RSSbaffb68

TURLA LIGHTNEURON  One email away from  remote code execution
https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf

Most of the servers at City of Baltimore shut down after ransomware attack
http://bit.ly/2VPpViL

Baltimore Recovering From Second Ransomware Attack
https://www.bankinfosecurity.com/baltimore-recovering-from-second-ransomware-attack-a-12461

Researchers: Spies Exploit Microsoft Exchange Backdoor
https://www.bankinfosecurity.com/researchers-spies-exploit-microsoft-exchange-backdoor-a-12459

Japanese government to create and maintain defensive malware
https://www.zdnet.com/article/japanese-government-to-create-and-maintain-defensive-malware/

This ransomware sneakily infects victims by disguising itself with anti-virus software
https://zd.net/2YkkE0b

Crime Gang Advertises Stolen 'Anti-Virus Source Code'
https://www.bankinfosecurity.com/crime-gang-advertises-stolen-anti-virus-source-code-a-12463

Malware Knocks Out Accounting Software Giant Wolters Kluwer
https://www.bankinfosecurity.com/malware-knocks-out-accounting-software-giant-wolters-kluwer-a-12462

CB TAU Threat Intelligence Notification: Danabot Trojan Targets Financial Services Industry via Stolen Credentials
https://www.carbonblack.com/2019/04/16/cb-tau-threat-intelligence-notification-danabot-trojan-targets-financial-services-industry-via-stolen-credentials/

Danabot Trojan Targets Financial Services Industry via Stolen Credentials - Additional IOCs
https://brica.de/alerts/alert/public/1258533/danabot-trojan-targets-financial-services-industry-via-stolen-credentials-additional-iocs/

Any.Run: DanaBot Banking Trojan Demonstration - Additional IOCs
https://brica.de/alerts/alert/public/1258518/anyrun-danabot-banking-trojan-demonstration-additional-iocs/

South Africa Has Second Most Android Banking Malware Attacks As Cyber Crime Increases
https://www.forbes.com/sites/tobyshapshak/2019/05/09/south-africa-has-second-most-android-banking-malware-attacks-as-cyber-crime-increases/#6d6f09015d77

Dharma Ransomware Uses AV Tool to Distract from Malicious Activities
https://blog.trendmicro.com/trendlabs-security-intelligence/dharma-ransomware-uses-av-tool-to-distract-from-malicious-activities/

CVE-2019-3396 Redux: Confluence Vulnerability Exploited to Deliver Cryptocurrency Miner With Rootkit
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-3396-redux-confluence-vulnerability-exploited-to-deliver-cryptocurrency-miner-with-rootkit/

B.行動安全 / iPhone / Android /穿戴裝置 /App
KeenLab 安全團隊攻破 iOS 12.2 防護,展示 iPhone XS Max 越獄
https://mrmad.com.tw/keen-lab-ios-122-jailbreak

一代「交友神器」關閉! BeeTalk宣布停止營運
http://bit.ly/2WuR33I

爆料:三星Note 10傳具「超過25W」的快充技術
https://tw.lifestyle.appledaily.com/gadget/realtime/20190507/1562397/

Google I/O明登場 Android Q更重隱私
https://tw.lifestyle.appledaily.com/gadget/realtime/20190507/1561473/

Apple 自 App Store 中移除多支濫用企業布署機制的 App
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=848

iOS 12.3 程式碼顯示系統將支援更多種類的大眾運輸付費方式
https://chinese.engadget.com/2019/05/06/ios-12-3-emv-mass-transit/

不只西瓜卡, iOS 12.3 編碼暗示「交通卡」功能將支援更多類型卡片
https://www.kocpc.com.tw/archives/257469

iOS 13將借鏡更多第三方App功能 5G連網要等明年
https://www.sogi.com.tw/articles/apple_ios13/6252810

代號Yukon的iOS 13將會帶來更多「借鏡」第三方app功能,5G連網功能要等明年
https://mashdigi.com/ios-13-functions-leaked/

網絡安全﹕防毒手機App 不防毒反招黑客
http://bit.ly/2Wul6IY

內藏詐騙廣告機制,中國大型開發者 App 遭 Google 大批移除
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=846

Android Q釋出第三測試版,裝置將透過Google Play直接更新作業系統元件
http://bit.ly/2PW42Ja

蓬佩奧指華希望西方聯盟分化 美促英審慎應對中國助建5G
http://www.mingpaocanada.com/Tor/htm/News/20190509/tcba1_r.htm

布拉格5G網路會議 籲注意供應鏈安全性
http://bit.ly/2YazAOx

國際通訊安全會議 華為等恐難符合5G準則條件
https://m.ctee.com.tw/livenews/gj/a95624002019050323063553

Ericsson: 5G can boost enterprise revenue, but security controversy slowing down industry
https://zd.net/2YfqqQN

Singapore seeks public consult on 5G policies, deployment
https://www.zdnet.com/article/singapore-seeks-public-consult-on-5g-policies-deployment/#ftag=RSSbaffb68

Google I/O: 14 Android OS modules to get over-the-air security updates in real-time
https://www.zdnet.com/article/google-io-14-android-os-modules-to-get-over-the-air-security-updates-in-real-time/#ftag=RSSbaffb68

Unpatched Flaw in UC Browser Apps Could Let Hackers Launch Phishing Attacks
http://bit.ly/2LzYwgZ

C.事件 / 駭客 / DDOS / APT / 暗網/徵才 / 國際資安事件
2019年4月十大資安新聞
https://ithome.com.tw/news/130390

數位時代下的多層次防禦
http://bit.ly/2VfEfNv

學者看資安議題將打長久戰 反有利台商回流
https://news.cnyes.com/news/id/4313572

【提升軟體更新服務的安全層級,不讓駭客有機可趁】從開發到更新的流程,都要落實安全
https://www.ithome.com.tw/news/130419

更新下載伺服器遭濫用事件頻傳,防禦思維也需要跟著轉變
https://www.ithome.com.tw/news/130417

3分鐘癱瘓阿里網站 他被封為馬雲守護神
https://money.udn.com/money/story/5604/3800494

威盛判賠上億元 防駭晶片助中共監控
http://bit.ly/2PUV9Q9

威盛晶片風暴!曾遭控留後門洩個資 瑕疵晶片遭判賠上億
https://www.ettoday.net/news/20190508/1439409.htm

大連駭客攻破網站漏洞 硬碟藏近億條個人訊息
https://www.chinatimes.com/realtimenews/20190508004367-260409?chdtv

PeckShield:波場已修復「DDoS攻擊消耗CPU能力」的漏洞
http://news.pchome.com.tw/living/knowing/20190507/index-55718192036009229009.html

駭客盜用女主持社群媒體帳號,索內衣照和轉帳 5人中招
http://bit.ly/2Lu630L

靠五月天門票牟利 駭客落網拓元發聲明談補強
https://ent.ltn.com.tw/news/breakingnews/2782845

五月天門票太熱門引駭客 改資料搶票一場爆賺4百萬元
https://news.ltn.com.tw/news/society/breakingnews/2781091

偵破五月天演唱會售票系統遭駭客入侵
https://times.hinet.net/news/22360973

黃牛科技化! 駭網站後台月賺400萬
http://bit.ly/2ZYlxNM

拓元售票系統遭駭 估60多場演唱會受害
https://www.ttv.com.tw/news/view/10805060016600N/579

五月天演唱會駭客入侵系統劫票 掃551票歌迷傷心打爆客服
https://www.ettoday.net/news/20190506/1438184.htm

五月天演唱會售票系統遭入侵 警方破駭客搶票集團
http://bit.ly/2vGg2W3

炒賣五月天黃牛票獲利逾400萬 4人駭客集團依詐欺等罪送辦
http://bit.ly/2WoNxrO

黃牛科技化! 駭網站後台月賺400萬
http://bit.ly/2ZYlxNM

撈408萬! 黃牛變駭客搶票 粉絲打爆客服
http://bit.ly/2POZzYQ

微軟旗下雲端郵件駭侵事件,主要攻擊用戶加密貨幣錢包
https://www.twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=905

GitHub等代碼庫遭黑客入侵 僅索要566美元
https://news.sina.com.tw/article/20190505/31171636.html

微軟中槍,GitHub 數百程式碼被駭客移除用於勒索
http://technews.tw/2019/05/06/github-got-hacked/

GitHub 遭駭客攻擊!勒索交出比特幣贖金,不然就公開你的私有程式碼
https://buzzorange.com/techorange/2019/05/06/hacker-attacked-github/

為什麼改年號「令和」,竟然成了日本程式設計師的魔咒
https://technews.tw/2019/05/05/reiwa-japan-engineer-curse/

加拿大渥太華市東安省兒童醫院(CHEO)網路安全威脅增加
http://www.epochtimes.com/b5/19/5/3/n11232396.htm

俄羅斯總統蒲亭簽建俄版網路長城 遭疑監控
http://bit.ly/2H2WWzP

美國防部:中共靠間諜手段獲軍事技術
https://www.ntdtv.com/b5/2019/05/05/a102571580.html

美國會報告揭監管漏洞:中國企業多渠道轉移尖端技術
https://hk.news.appledaily.com/china/realtime/article/20190507/59572930

美國FBI 聯手歐洲破獲全球最大網路黑市平台 「華爾街市場」擁逾百萬帳戶
http://bit.ly/2J2BFsd

國際警方聯手破獲全球第二大暗網市集
https://www.ithome.com.tw/news/130420

全球次大違禁品「暗網」遭查封客戶逾百萬 毒品假文件有售
http://www.mingpaocanada.com/Tor/htm/News/20190504/ttaa1_r.htm

Europol Shuts Down Two Major Illegal 'Dark Web' Trading Platforms
http://bit.ly/2DNpX0z

Darknet Disruption: 'Wall Street Market' Closed for Business
https://www.bankinfosecurity.com/darknet-disruption-wall-street-market-closed-for-business-a-12446

智財權、網路盜竊議題 難與中國談判
https://ec.ltn.com.tw/article/breakingnews/2779091

中國網路盜竊談判 恐難有具體結果
https://ec.ltn.com.tw/article/paper/1286106

中國竊取技術6大招曝光!美報告:多數獲得北京支持
https://ec.ltn.com.tw/article/breakingnews/2782107

美USCC新報告 揭中共竊取技術6大招
http://www.epochtimes.com/b5/19/5/7/n11239933.htm

中國政府人臉辨識爆資安漏洞 北京使館區中鏢
https://m.ltn.com.tw/news/world/paper/1286561

中國「安天」獲習授「國家隊」封號
https://hk.news.appledaily.com/local/daily/article/20190505/20671235

鑽美國安局駭客工具漏洞 中國間諜發動攻擊
http://bit.ly/2JmKzQP

改造美國安局駭客工具 中國間諜攻擊占上風
https://money.udn.com/money/story/5599/3798294

中國駭客如何利用美國的網路武器庫
https://cn.nytimes.com/usa/20190507/china-hacking-cyber/zh-hant/

美國安局間諜軟體被竊
http://city.udn.com/65396/5964416

以子之矛 陸駭客截取國安局網攻大陸工具 反駭美國
https://www.ettoday.net/news/20190507/1438945.htm

美國安局駭客工具 遭中國破解
https://m.ltn.com.tw/news/world/paper/1287103

中國駭客「俘虜」美國安局軟體 借刀殺人反駭歐亞網站
https://udn.com/news/story/6809/3798866?from=udn-ch1_breaknews-1-cate5-news

中國駭客曾竊取美國安局軟體 對西歐、東南亞發起網攻
https://news.ltn.com.tw/news/world/breakingnews/2782710

中國駭客「俘虜」美國安局軟體 借刀殺人反駭歐亞網站
https://six-degrees.io/article/810648-41

俄媒:中國網際網路「鐵幕」威脅俄羅斯
https://www.secretchina.com/news/b5/2019/05/04/892475.html

南海欲經營軟體出版 官員:一股中資都不能有
https://ec.ltn.com.tw/article/paper/1287076

武力反擊網路攻擊!以色列直接空襲摧毀哈瑪斯網軍基地
https://technews.tw/2019/05/07/israel-air-strike-to-%E1%B8%A5amas-cyberattack/

網路戰奏捷 美明年大選續盯中俄4國
https://news.ltn.com.tw/news/world/paper/1287369

FCC以國家安全為由 否絕「中國移動」進入美市場
https://ec.ltn.com.tw/article/breakingnews/2785645

美司法部起訴兩名大陸駭客 痛批該駭客組織無恥
http://m.match.net.tw/pc/news/international/20190510/4890408

DeepDotWeb Dark web resource dies with FBI seizure
https://zd.net/2H6XZyK

New Cyber Agency to Battle Against Hackers
https://www.bankinfosecurity.asia/blogs/new-cyber-agency-to-battle-against-hackers-p-2743

A hacker is wiping Git repositories and asking for a ransom
https://www.zdnet.com/article/a-hacker-is-wiping-git-repositories-and-asking-for-a-ransom/#ftag=RSSbaffb68

Drug Lab Cyberattack Puts Spotlight on IP Theft Threat
https://www.bankinfosecurity.com/drug-lab-cyberattack-puts-spotlight-on-ip-theft-threat-a-12448

Israel Neutralizes Cyber Attack by Blowing Up A Building With Hackers
http://bit.ly/2Va39y0

賽門鐵克:網路間諜組織Buckeye在影子掮客之前就利用了NSA的攻擊工具
https://www.ithome.com.tw/news/130477

APT3 surprise -Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak
https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit

Artificial Intelligence in Cyber Security – Cyber Attacks and Defence Approach
https://gbhackers.com/artificial-intelligence-in-cyber-security/

Cybersecurity Drives Intelligence Agencies in From the Cold
https://www.bankinfosecurity.com/blogs/cybersecurity-drives-intelligence-agencies-in-from-cold-p-2742

APT34- Despite Doxing, OilRig APT Group Remains a Threat
https://www.bankinfosecurity.com/despite-doxing-oilrig-apt-group-remains-threat-a-12449

A MYSTERIOUS HACKER GROUP IS ON A SUPPLY CHAIN HIJACKING SPREE
https://www.wired.com/story/barium-supply-chain-hackers/

Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them
http://bit.ly/2LuTZfU

Chinese hackers were using NSA malware a year before Shadow Brokers leak
https://www.zdnet.com/article/chinese-hackers-were-using-nsa-malware-a-year-before-shadow-brokers-leak/#ftag=RSSbaffb68

Researchers: Chinese APT group used stolen NSA tools prior to Shadow Brokers leak
http://bit.ly/2VaLCWn

Report: Chinese Hackers First to Use NSA Cyberattack Tools
https://www.bankinfosecurity.com/report-chinese-hackers-first-to-use-nsa-cyberattack-tools-a-12452

JavaScript Sniffer Attacks: More Online Stores Targeted
https://www.bankinfosecurity.com/javascript-sniffer-attacks-more-online-stores-targeted-a-12453

New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web
https://www.zdnet.com/article/new-leaks-of-iranian-cyber-espionage-operations-hit-telegram-and-the-dark-web/#ftag=RSSbaffb68

Zero-power listening device for voice activated remote
https://www.zdnet.com/article/zero-power-listening-device-enables-voice-activated-remote/#ftag=RSSbaffb68

DeepDotWeb Dark web resource dies with FBI seizure
https://www.zdnet.com/article/deepdotweb-dies-with-fbi-seizure/#ftag=RSSbaffb68

CIA camps out in anonymized Tor network
https://www.zdnet.com/article/cia-camps-out-in-anonymized-tor-network/#ftag=RSSbaffb68

FBI Shutters DeepDotWeb Portal; Suspected Admins Arrested
https://www.bankinfosecurity.com/fbi-shutters-deepdotweb-portal-suspected-admins-arrested-a-12457

Hackers attack Confluence Servers, hijack power for cryptocurrency mining
https://www.zdnet.com/article/confluence-server-vulnerability-exploited-to-spread-cryptocurrency-mining-malware/#ftag=RSSbaffb68

China Publishes More Scientific Articles Than the U.S.
http://bit.ly/2WxFJnF

Hackers breached 3 US antivirus companies, researchers reveal
http://bit.ly/2VvjcLB

Mozilla offers research grant for a way to embed Tor inside Firefox
https://www.zdnet.com/article/mozilla-offers-research-grant-for-a-way-to-embed-tor-inside-firefox/#ftag=RSSbaffb68

INSIDE CHINA'S MASSIVE SURVEILLANCE OPERATION
https://www.wired.com/story/inside-chinas-massive-surveillance-operation/

資安顧問
https://www.104.com.tw/job/?jobno=6lk00

資訊安全工程師(防毒)(銀行)-208KC
https://www.manpower.com.tw/product/558

資安技術人員/資安服務工程師
https://www.104.com.tw/job/?jobno=6lpp7

【資安所】智慧雲端平台中心-資安技術工程師
https://www.104.com.tw/job/?jobno=6lqzm


D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
打擊假訊息!華視創台灣電視之先與台灣事實查核中心共組《華視打假特攻隊》
https://news.cts.com.tw/cts/general/201905/201905061960231.html

駭客釣魚新招 偽造網址列竊取個資
http://bit.ly/2vKSPCd

Samsung 內部數據不設防,涉及源代碼、密碼和員工資料
https://chinese.engadget.com/2019/05/08/samsung-exposed-source-code-gitlab/

假訊息:網「紅」大戰
https://talk.ltn.com.tw/article/paper/1286269

母親節抽新車 BMW盜版粉專詐騙新招!4萬人已分享
http://bit.ly/2H3d4Bk

安徽市民銀行卡被異地盜刷1.3萬 銀行被判全額賠償
https://news.sina.com.tw/article/20190505/31170794.html

詐團盜型男照弄山寨網站 17中國女遊台不成還破財
https://news.ltn.com.tw/news/society/breakingnews/2778789

銀行行員機警通報,內湖警成功攔阻假美軍詐騙
https://www.gov.taipei/News_Content.aspx?n=F0DDAF49B89E9413&s=14595E8A3BDBB061

中統一發票開心傳臉書 竟被人用財政部APP領走獎金
https://tw.news.appledaily.com/new/realtime/20190506/1562252/

離譜首例 fb曬中獎發票 被兌獎App盜領千元
https://tw.news.appledaily.com/headline/daily/20190507/38329479/

隨意銷售用戶位置,美國四大電信業者面臨集體訴訟
https://www.ithome.com.tw/news/130440?fbclid=IwAR1GmyfasfOs6Z3KYXHCOtwcZ3C8OgHHoSeWQdTamwhbZiSvIY1BvPKNUPw

三方詐騙!網紅巧巧遭騙10萬還險成詐騙集團
https://news.ebc.net.tw/News/society/162654

亞洲波神捲詐欺 巧巧成三方詐騙被害
http://bit.ly/2Y9Rr8b

以辦信用卡為幌子誆騙錢財,天津公安寶坻分局跨省抓獲網絡詐騙團伙
http://www.sohu.com/a/311787284_571524

「5萬港幣」就可競標港法拍屋 花蓮女險遭詐
https://tw.appledaily.com/new/realtime/20190503/1560813/

網路代銷爆惡性倒閉 宣稱「狂賣29萬包滴雞精」誘供貨 倒帳數百萬
https://tw.appledaily.com/headline/daily/20190507/38329472/

假公安機房裝成工程行 銀行女行員也被騙2300萬
https://www.ettoday.net/news/20190507/1439025.htm

詐騙集團租透天厝隔小機房 專騙中國人得手5千萬
https://tw.news.appledaily.com/new/realtime/20190507/1562786/

驚!冰與火之歌 竟引發系列惡意詐騙
http://bit.ly/2LrCDQN

Check Point:駭客利用《權力遊戲》引發一系列惡意詐騙活動
https://technews.tw/2019/05/08/check-point-hacker-use-game-of-thrones-fraud/

歐洲議會大選 兩億人收到俄製假新聞
https://news.ltn.com.tw/news/world/paper/1287368

財經碩士女涉盜卡網購上百筆 檢警通緝驚見她在飯店當櫃台
https://www.ettoday.net/news/20190508/1439655.htm

星國會通過打擊假新聞法 谷歌憂阻礙創新
https://www.rti.org.tw/news/view/id/2020159

英國國稅局蒐集聲紋違反GDPR,將刪除5百萬筆民眾紀錄
https://www.ithome.com.tw/news/130416?fbclid=IwAR3ThV3dqQJQaD7nMpXDq0cZgxuJYZRg4awzD4scVoqNsUyLwRfKYf6W_qw

【假LINE】金融機構出生國家欄位改為TW就是台灣國?謠言曲解
https://www.mygopen.com/2019/05/tw-bank.html

一直按「取消」和「關閉」彈跳視窗都關不掉! 新技術支援詐騙利用iframe 凍結瀏覽器
https://blog.trendmicro.com.tw/?p=60575

承包商來催款,才驚覺175萬美元都匯給假廠商
https://blog.trendmicro.com.tw/?p=60565

詐騙集團慶祝母親節,瘋傳「Dyson 抽獎」「櫻桃小丸子貼圖」、中油「加油券」,別上當! 詐騙難以分辨,不小心點了連結會怎樣
https://blog.trendmicro.com.tw/?p=60267

Avengers: Endgame Download Phishing Scam
http://bit.ly/2PVmCkF

Once infamous for fake news factories, this Balkan country is trying to reinvent itself
https://www.zdnet.com/article/once-infamous-for-fake-news-factories-this-balkan-country-is-trying-to-reinvent-itself/#ftag=RSSbaffb68

Are Your Passwords Secure Enough
https://blog.trendmicro.com/are-your-passwords-secure-enough/

Malvertiser behind 100+ million bad ads arrested and extradited to the US
https://www.zdnet.com/article/malvertiser-behind-100-million-bad-ads-arrested-and-extradited-to-the-us/#ftag=RSSbaffb68

Ukrainian National Charged in Malvertising, Botnet Scheme
https://www.bankinfosecurity.com/ukrainian-national-charged-in-malvertising-botnet-scheme-a-12450

Popular Online Tutoring Marketplace 'Wyzant' Suffers Data Breach
http://bit.ly/2LvoXEx

Israel Neutralizes Cyber Attack by Blowing Up A Building With Hackers
http://bit.ly/2PViHV5

Wyzant online tutoring platform suffers data breach
https://www.zdnet.com/article/wyzant-online-tutoring-platform-suffers-data-breach/#ftag=RSSbaffb68

Facebook wipes out more Russian political activity, ‘inauthentic’ accounts
https://www.zdnet.com/article/facebook-wipes-out-more-russian-political-activity-inauthentic-accounts/#ftag=RSSbaffb68

Nation state actors, affiliates behind increasing amount of data breaches
https://www.zdnet.com/article/nation-state-actors-affiliates-behind-increasing-amount-of-data-breaches/#ftag=RSSbaffb68

Over 275 Million Records Exposed by Unsecured MongoDB Database
http://bit.ly/2Vpxr4E

Canada’s Freedom Mobile Elasticsearch database exposed
http://bit.ly/30aolHV

Cybersecurity basics still the key for preventing business email compromise
https://www.zdnet.com/article/cybersecurity-basics-still-the-key-for-preventing-business-email-compromise/#ftag=RSSbaffb68

E.研究報告
想要用自己的電腦耍酷嗎?那就用 cmatrix 在類Unix作業系統上模擬駭客任務的電腦畫面吧
https://magiclen.org/cmatrix/

通過實例講解棧溢出漏洞
https://blog.csdn.net/Breeze_CAT/article/details/89788864

Weblogic 遠程命令執行漏洞分析(CVE-2019-2725)及利用payload構造詳細解讀
https://xz.aliyun.com/t/5024

允許攻擊者訪問視頻流:D-Link攝像頭漏洞分析
https://www.4hou.com/vulnerable/17822.html

VirtualBox虛擬機逃逸漏洞分析
https://xz.aliyun.com/t/5008

利用戴爾Kace K1000的RCE漏洞接管Dropbox所有客戶管理系統
https://www.freebuf.com/vuls/201673.html

ISPsystem漏洞分析
https://www.4hou.com/vulnerable/17812.html

YII框架全版本文件包含漏洞挖掘和分析
https://xz.aliyun.com/t/5051

重現TP-Link SR20本地網絡遠程代碼執行漏洞
https://cloud.tencent.com/developer/article/1422058

PDF漏洞(CVE-2018-12794)淺析
https://www.secpulse.com/archives/105459.html

Freddy:一款基於活動被動掃描方式的Java&.NET應用程序漏洞掃描工具
https://www.freebuf.com/sectool/202421.html

漏洞掛馬網站趨勢分析
http://www.tiejiang.org/23866.html

Kaboom:一款功能強大的自動化滲透測試工具
http://www.sohu.com/a/312619490_609556?sec=wd

Leviathan36/kaboom
https://github.com/Leviathan36/kaboom

0day in Gmail (google accounts) Hack any Gmail account
http://bit.ly/2vLW64h

RouterSploit guide
http://bit.ly/2Y9WTIm

Useful Commands And Tools – OSCP
http://bit.ly/2vKO3ET

Most Important Cyber Threat Intelligence Tools List For Hackers and Security Professionals
https://gbhackers.com/cyber-threat-intelligence-tools/

How to Not Get Locked Out With Two-Factor Authentication
https://medium.com/pcmag-access/how-to-not-get-locked-out-with-two-factor-authentication-12ba2da79a43

How to authenticate your e-mail
https://medium.com/@Uriel1339/how-to-authenticate-your-e-mail-e85f2a538d8f

Make a Raspberry Pi USB TOR-stick
https://medium.com/@jcolond/make-a-raspberry-pi-usb-tor-stick-2d494e7f81ea

Defensive PowerShell
https://medium.com/@cjkuech/defensive-powershell-with-validation-attributes-8e7303e179fd

Introducing Windows Terminal
http://bit.ly/2JyyHvl

How to code like a Hacker in the terminal
http://bit.ly/2VkmSjp

tomchop/malcom Malcom - Malware Communication Analyzer
https://github.com/tomchop/malcom

threatresearch
https://github.com/EmergingThreats/threatresearch

How to Backdoor Windows 10 Using an Android Phone & USB Rubber Ducky
https://null-byte.wonderhowto.com/how-to/android-for-hackers-backdoor-windows-10-using-android-phone-usb-rubber-ducky-0192608/

YARA in a nutshell
https://github.com/VirusTotal/yara?fbclid=IwAR3Rlce92dGY0LSRfCO-WbsBsxlyuBHZa9tn63NI6Dmjr-1xa43tOTRvbh8

Kerbrute – A Tool To Perform Kerberos Pre-Auth Bruteforcing
http://bit.ly/2VplmfF

Cynet Free IR Tool Offering Empowers Responders to Know and Act Against Active Attacks
https://www.kitploit.com/2019/05/cynet-free-ir-tool-offering-empowers.html?utm_source=dlvr.it&utm_medium=facebook

HostHunter v1.5
http://bit.ly/2VmgWq5

CONVERT ANY MALICIOUS IP INTO URL TO HACK YOUR FRIEND
http://bit.ly/2LuPkKR


F.商業
Win7跑Chrome竟比Win10快5倍 國外實測找到關鍵原因
https://www.ettoday.net/news/20190504/1436975.htm

Windows Hello獲FIDO 2認證,Windows 10即將可支援無密碼登入
https://www.ithome.com.tw/news/130493

隱私風暴襲捲全球!Google搶先臉書發新工具保護用戶資安
https://cnews.com.tw/134190505a02/

Netgear雲端管理VPN路由器上場,整合加密連線與防火牆
https://www.ithome.com.tw/review/128207

Switch消息大爆發!Ubuntu移植成功、DC模擬器效率大提升
http://bit.ly/2V6IdrH

甲骨文驚傳中國大裁員 500位工程師丟飯碗
https://tw.finance.appledaily.com/realtime/20190507/1562783/

避免陷入臉書隱私風波!Google 用三招力拚用戶資安
https://3c.ltn.com.tw/news/36693

Secutech 2019盛大登場 解密 4 大關鍵技術
http://bit.ly/2PSXlrF

善用AWS IOT平台 銓鍇國際助您實踐智慧工廠願景
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=50&cat2=20&id=0000559108_hug23a5hl6q7f89734hme

今夏Windows將開始內建Linux核心
https://www.ithome.com.tw/news/130449

Windows 10 is getting a Microsoft-built Linux kernel
https://www.zdnet.com/article/windows-10-is-getting-a-microsoft-built-linux-kernel/#ftag=RSSbaffb68

Microsoft Windows 10 will get a full built-in Linux Kernel for WSL 2
http://bit.ly/2Y6K2Xo

Google Chrome to support same-site cookies, get anti-fingerprinting protection
https://www.zdnet.com/article/google-chrome-to-support-same-site-cookies-get-anti-fingerprinting-protection/#ftag=RSSbaffb68

Google's Web Packaging standard arises as a new tool for privacy enthusiasts
https://www.zdnet.com/article/googles-web-packaging-standard-arises-as-a-new-tool-for-privacy-enthusiasts/#ftag=RSSbaffb68

Proofpoint snaps up zero trust security firm Meta Networks in $119m deal
https://www.zdnet.com/article/proofpoint-snaps-up-zero-trust-access-firm-meta-networks-in-119m-deal/#ftag=RSSbaffb68

OpenShift 4: Red Hat's on ramp for the hybrid cloud
https://www.zdnet.com/article/openshift-4-red-hats-on-ramp-for-the-hybrid-cloud/#ftag=RSSbaffb68

Orange acquires SecureLink in European enterprise security push
https://www.zdnet.com/article/orange-acquires-securelink-in-european-enterprise-security-push/#ftag=RSSbaffb68

Forcepoint 增設施加強研發能力
http://bit.ly/2PUF0Kv

G.政府
跳針答詢話題燒 杜奕瑾質疑:自經區如何保證資安安全
https://www.nownews.com/news/20190504/3361451/

高市府稱自經區「可保證資安」PTT創辦人
https://www.ptt.cc/bbs/Gossiping/M.1556959666.A.DA4.html

替韓代答!葉匡時「資安說」遭批無腦
http://bit.ly/2PPCbdE

公投電子連署恐再延期中選會:初步檢測資安上有疑慮
https://udn.com/news/story/6656/3796027

公投電子連署系統中選會:資安有疑慮尚待改進
https://m.ltn.com.tw/news/politics/breakingnews/2781155

中科院研發結合戰備需求 達國防自主目標
http://bit.ly/2LB2Cpk

中科院新進人員得任用軍職 立院初審無共識
https://taronews.tw/2019/05/06/332124/

中科院成國家機密保護法漏洞 立委要求修法
https://news.ltn.com.tw/news/politics/breakingnews/2781372

國家機密保護法三讀 學者:完善制度的開端
https://news.ltn.com.tw/news/politics/breakingnews/2781955

國家機密保護法修正 學者促繼續補強相關法規
https://news.ltn.com.tw/news/focus/paper/1287112

擋馬赴陸? 綠版國家機密法立院闖關
http://bit.ly/2H5yiie

刑法外患罪章適用中港澳 共諜可重判
https://www.cna.com.tw/news/firstnews/201905070102.aspx

強化資訊安全,高鐵汰換資安疑慮設備
https://www.chinatimes.com/realtimenews/20190507002588-260410?chdtv

資安也是經濟指標 蔡總統:去年安控創造逾600億價值
https://ec.ltn.com.tw/article/breakingnews/2783106

資安是國力象徵 總統:安控業去年出口破600億
http://www.ntdtv.com.tw/b5/20190508/video/245222.html

蔡英文今出席資安展 致詞後快閃
https://newtalk.tw/news/view/2019-05-08/243537

出席臺北國際安全科技應用博覽會 總統盼政府民間共同努力 讓臺灣擁有強而有力資安團隊
https://www.president.gov.tw/News/24360

公投 法制局:用身分證影本連署風險高
https://udn.com/news/story/6656/3800158

美通過涉台法案 台總統府:願扮好太平洋戰略和平角色
http://news.dwnews.com/taiwan/big5/news/2019-05-07/60132836.html

台廠資安疑慮 經部提醒要把信譽放心上
https://www.cna.com.tw/news/afe/201905080145.aspx

扯!共諜來台發展組織 檢方竟然無法監聽
https://news.ltn.com.tw/news/politics/breakingnews/2783522

蔡總統:智慧化政府 打造有力資安團隊
http://bit.ly/2V6jNhS

台鐵新系統漏洞 2周4469張車票重複刷卡
https://www.chinatimes.com/realtimenews/20190509002089-260405?chdtv

防惡意逃票!台鐵App6/30起無法憑截圖重複進站
https://newtalk.tw/news/view/2019-05-09/244089

不肖理專盜領客戶存款 顧立雄:要求銀行內控、內稽
https://money.udn.com/money/story/5613/3802316

金管會發函:金融機構與中國簽合作協議 須遵守5原則
https://ec.ltn.com.tw/article/breakingnews/2784041

108第1次政府資通安全防護巡迴研討會ー議題一:資安威脅趨勢與案例分享
http://bit.ly/2JtB2aF

108第1次政府資通安全防護巡迴研討會ー議題二:資通安全管理法施行情形期中檢討與精進建議
http://bit.ly/2YfkVBy

108第1次政府資通安全防護巡迴研討會ー議題三:因應資安法施行-資安情資分享規範說明
http://bit.ly/2PTlkqq

108第1次政府資通安全防護巡迴研討會ー議題四:政府資訊作業委外安全管理
http://bit.ly/2V8F0aR

H.SCADA/ICS/工控系統
Train up to navigate the diverse, chaotic cyber security landscape at SANS Munich
https://www.theregister.co.uk/2019/04/29/navigate_the_diverse_and_chaotic_cyber_security_landscape/

SCADA/ICS Expert Eric Byres joins Veracity Industrial Networks
https://www.globenewswire.com/news-release/2019/04/24/1808814/0/en/SCADA-ICS-Expert-Eric-Byres-joins-Veracity-Industrial-Networks.html

Despite ongoing warnings, U.S. critical infrastructure remains vulnerable
https://securityboulevard.com/2019/05/despite-ongoing-warnings-u-s-critical-infrastructure-remains-vulnerable/

I.教育訓練
非本科自學轉職資安工程師心路歷程分享會
https://www.ptt.cc/bbs/Tech_Job/M.1557231027.A.FF5.html

EC-Council ECSA資安分析專家 v10 考試心得分享
https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html

[心得] 20180817 EC-Council ECSA v10 PASS
https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html

為工程師文件協作而生的平台:HackMD 開發故事
http://bit.ly/2J960Wh

20190425 - Ethen - Log分析入門、架構、與戰情分析
http://bit.ly/2VRMsvn

Welcome to HITCON GIRLS Cat Wargame
http://139.162.79.241/?fbclid=IwAR0W23q_uhNqi2Tg8MaumxopdULd8EGogUSLjLzvLAc7TSIGh2iYHgBJoZo

How to hack website using sql injection (waf bypass)
http://bit.ly/2VnG2ot

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
聯網汽車 未來發展與挑戰
http://bit.ly/2H1dfgy

進入物聯網時代,資安威脅更難應付
http://www.naipo.com/Portals/1/web_tw/Knowledge_Center/Industry_Economy/IPNC_190508_0704.htm

駭客掌控車輛可遠程控制引擎 自駕車安全問題成隱憂
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=50&id=0000558602_gmr7ixzply3ca93zgwtm0

研華衝物聯網 攻軟硬整合
https://money.udn.com/money/story/5710/3792259

知名IoT公司Sierra 4G網關產品Wireless AirLink ES450多個漏洞詳細分析
https://www.4hou.com/vulnerable/17703.html

智慧門鎖好方便!手機感應可幫你自動開關門
http://bit.ly/2LC6UNc

AI智慧音箱中文也通 本土業者資安優勢競爭
http://www.ntdtv.com.tw/b5/20190509/video/245343.html

iLnkP2P 漏洞讓 200 多萬台 IoT 裝置暴露在遠端攻擊的風險中
https://blog.trendmicro.com.tw/?p=60580

IoT Security- it's complicated
https://medium.com/@DotanBarNoy/iot-security-its-complicated-fb6d7b3cf4f3

Fun and functional Raspberry Pi accessories
https://www.zdnet.com/pictures/fun-and-functional-raspberry-pi-accessories/#ftag=RSSbaffb68

Splice Machine doubles down on managing machine learning
https://www.zdnet.com/article/splice-machine-doubles-down-on-managing-machine-learning/#ftag=RSSbaffb68

Fortinet : Cyber attacks target Operational Technology
https://www.marketscreener.com/FORTINET-5716262/news/Fortinet-Cyber-attacks-target-Operational-Technology-28563438/

6.近期資安活動及研討會
 國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
 https://hackercollege.nctu.edu.tw/?p=1054

 行動應用App基本資安認證制度推廣說明會   5/13
 https://seminars.tca.org.tw/D15e02218.aspx

 AWS 機器學習戰鬥營 5/13
 https://email.awscloud.com/u5k900jZkO0tck00LrsTMo0

 AIS3 2019 新型態資安暑期課程 報名107 年 5 月 14 日上午 10 點至 107 年 5 月 27 日下午 6 點
 https://ais3.org/

  iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
 https://cloudsummit.ithome.com.tw/

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/

 「SQL Server 2008 EOS」研討會 5/15
 https://cosa.kktix.cc/events/bb128a58

 HackingThursday 固定聚會  5/16
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbvb/

 國家高速網路與計算中心教育訓練-網路封包分析實務  5/16
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3831&from_course_list_url=homepage

 2019 HP資安對策論壇  5/17
 http://bit.ly/2H2vJMo

 教育部資安人才培育計畫 – 總期程期中成果展暨企業實習及就業媒合交流會
 https://isip.moe.edu.tw/wordpress/?p=1668

 《我們與資安的距離》給高中生的一堂資安課-高中職資安體驗課程  5/18
 http://gg.gg/dueuq

 DevDays Asia 2019 @Taipei 亞太技術年會  2019/5/21-2019/5/23 | 9:00 AM - 5:00 PM
 https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x6811311abcd

 CDX2.0推廣活動  5/22
 https://nchc-cdx.kktix.cc/events/cdxactivity-0522

 工研院進修園地-樹莓派影像 5/22
 http://bit.ly/2Ld3QH3

 HackingThursday 固定聚會 5/23
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbfc/

 國家高速網路與計算中心教育訓練-源碼檢測實作  5/23
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3835&from_course_list_url=homepage

 第二十九屆全國資訊安全會議  5/23  ~ 5/24
 https://cisc2019.cs.pu.edu.tw/index.php

 硬體資安研討會  108年5月24日
 https://eenctu.nctu.edu.tw/tw/news/p1.php?num=273

 Docker Birthday #5 - Taipei  5/25
 https://www.meetup.com/Docker-Taipei/events/248974949/

 [K8S學程] Kubernetes 容器遷移實戰 5/25
 https://broadmission.kktix.cc/events/migration?fbclid=IwAR3HE5E_DgL4qe8wv1j12QvEhO9_i9qj7e7mWF6Z5I_m6itcVwTJV-7jl30

 今年首場資安社群論壇 - 駭客過招,實戰分享 5/25(六)
 https://www.digicentre.com.tw/news_detail.php?id=56&fbclid=IwAR1Qsa6ehY00EJk4tGPfxZ1HqvrcX2eVNZ2Htets23i_qiKZCCI9-H1plZw

 《我們與資安的距離》給高中生的一堂資安課-用Python進行資安解題  5/26
 http://gg.gg/dueuq

 OWASP TechDay Taiwan 2019  2019/05/28
 https://csa.kktix.cc/events/owasp0528

 「智慧資安主題論壇-智慧製造」論壇(5/29)
 http://www.twiota.org/eventDetails.aspx?id=c0ce0559-496a-4d32-b481-14221f75d791

 HackingThursday 固定聚會 5/30
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbnc/

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 軟體安全性測試實務 6/3 ~ 6/4
 https://www.accupass.com/event/1904230701335964656400

 HackingThursday 固定聚會 6/6
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbjb/

 國家高速網路與計算中心教育訓練-源碼檢測實作 6/13
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3828&from_course_list_url=homepage

 HackingThursday 固定聚會  6/13
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbrb/

 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 HackingThursday 固定聚會 6/20
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbbc/

 國家高速網路與計算中心教育訓練-資安健診  6/20
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3832&from_course_list_url=homepage

 Edvance Beacon 2019  6/21
 https://docs.google.com/forms/d/e/1FAIpQLSe70uw8Pi862IkL_rQXDJhzd7QnGXiuhcWwttOEN2BZwUbyMw/viewform

 HackingThursday 固定聚會 6/27
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/

 HackingThursday 固定聚會 7/4
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/

 2019國際資訊安全組織台灣高峰會  7/9 ~ 7/11
 https://csa.kktix.cc/events/2019con

 工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
 https://www.accupass.com/event/1904080311551119077841

 HackingThursday 固定聚會 7/11
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/

 HackingThursday 固定聚會 7/18
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/

 HackingThursday 固定聚會 7/25
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/

 WEB應用滲透測試 8/21 ~ 8/23
 https://www.accupass.com/event/1904080221358963463590

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 TANET 2019 - 臺灣網際網路研討會  9/25
 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310

 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/?fbclid=IwAR2gU17bz0Y7TH8THIIskIX1vziWBpMY152mJiwk7AAeVS752f_eNcZ0NzU

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com


沒有留言:

張貼留言

2024年 3月份資安、社群活動分享

  2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演  2024/3/6 https://b...