跳到主要內容

資安事件新聞週報 2019/6/10 ~ 2019/6/14

資安事件新聞週報  2019/6/10  ~  2019/6/14

1.重大弱點漏洞/後門/Exploit/Zero Day

VMware 發布新的安全更新
https://www.vmware.com/security/advisories/VMSA-2019-0009.html

Xen 阻斷服務漏洞
https://xenbits.xen.org/xsa/advisory-295.html

D-Link 連網監視攝影機被爆資安漏洞,駭客可取得影像內容
https://blog.twnic.net.tw/2019/06/13/3991/

TP-Link 路由器多個漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-6989

Facebook CDN系统中的文件下载漏洞
http://521.li/post/872.html

Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
https://www.exploit-db.com/exploits/46967

phpMyAdmin 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.2016/

校園英聽教材互動廣播系統 存在 資料庫注入攻擊 漏洞
https://www.kl.edu.tw/v7/eduweb/index.php?func=edu_msg&edumsg_id=68985

eClass平台 存在 任意檔案下載 漏洞,請盡速確認並進行修補作業
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=3003

Yubico生產的USB安全金鑰裝置也傳臭蟲,將免費換新
https://www.ithome.com.tw/news/131273

If you haven’t patched Vim or NeoVim text editors, you really, really should
https://arstechnica.com/information-technology/2019/06/if-you-havent-patched-vim-or-neovim-text-editors-you-really-really-should/#p3

Adobe Issues Critical Patches for ColdFusion, Flash Player, Campaign
http://bit.ly/2KHTih6

Exim RCE漏洞影響數百萬伺服器,已有駭客發動攻擊程式
https://www.ithome.com.tw/news/131270

Critical Flaw Reported in Popular Evernote Extension for Chrome Users
http://bit.ly/2IJh1L4

Google Researcher Details Windows Cryptographic Library Bug
https://www.bankinfosecurity.eu/google-researcher-details-windows-cryptographic-library-bug-a-12622

印象筆記在谷歌瀏覽器上的擴展存在嚴重漏洞影響多達460萬名用戶
https://www.landiannews.com/archives/59545.html

研究表明只有5.5% 的被發現漏洞曾遭到利用
https://www.chainnews.com/articles/805592825471.htm

研究:駭客在這9年來所開採的公開漏洞中,只有一半利用公開攻擊程式
https://www.ithome.com.tw/news/131208

Intel 處理器再被發現嚴重資安漏洞「ZombieLoad」,用戶請速更新系統
https://blog.twnic.net.tw/2019/06/13/4014/

Intel fixes severe NUC firmware, web console vulnerabilities
https://www.zdnet.com/article/intel-fixes-severe-firmware-web-console-vulnerabilities/#ftag=RSSbaffb68

New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions
http://bit.ly/2I9DJxd

Critical bug found in popular mail server software
https://www.welivesecurity.com/2019/06/07/mail-server-software-exim-critical-bug/

huawei -- s12700_firmware CVE-2019-5285
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5285

linksys -- wrt1900acs_firmware CVE-2019-7311
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-7311

zyxel -- p-660hn-t1_firmware CVE-2019-6725
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6725

microfocus -- service_manager CVE-2019-11646
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11646

phpmyadmin CVE-2019-11768
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11768

qemu CVE-2018-20815
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20815

Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor
https://thehackernews.com/2019/06/linux-vim-vulnerability.html

vim CVE-2019-12735
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12735

Release Notes June 2019 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance

Microsoft Releases June 2019 Security Updates to Patch 88 Vulnerabilities
http://bit.ly/31vnP7K

Security update deployment information: June 11, 2019
https://support.microsoft.com/en-us/help/20190611/security-update-deployment-information-june-11-2019

NSA joins chorus urging Windows users to patch ‘BlueKeep’
https://www.welivesecurity.com/2019/06/06/nsa-urging-users-patch-bluekeep/

Windows 10 zero-day details published on GitHub
https://www.zdnet.com/article/windows-10-zero-day-details-published-on-github/#ftag=RSSbaffb68

Researcher Posts Demo of BlueKeep Exploit of Windows Device
https://www.bankinfosecurity.com/researcher-posts-demo-bluekeep-exploit-windows-device-a-12580

Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw
http://bit.ly/2WW4hKi

Microsoft blocks BLE security keys with known pairing vulnerability
https://www.zdnet.com/article/microsoft-blocks-ble-security-keys-with-known-pairing-vulnerability/#ftag=RSSbaffb68

微軟發表6月份Patch Tuesday修補更新 快速堵上被駭客公佈的零時差漏洞
http://bit.ly/2IFrd7G

Microsoft's June 2019 Patch Tuesday fixes many of SandboxEscaper's zero-days
https://www.zdnet.com/article/microsofts-june-2019-patch-tuesday-fixes-many-of-sandboxescapers-zero-days/#ftag=RSSbaffb68

June’s Patch Tuesday Fixes 88 Security Flaws, Including SandboxEscaper’s Zero Days, HoloLens
https://blog.trendmicro.com/trendlabs-security-intelligence/junes-patch-tuesday-fixes-88-security-flaws-including-sandboxescapers-zero-days-hololens/

CVE-2019-0974 | Jet Database Engine Remote Code Execution Vulnerability
http://bit.ly/2WHlTKy

奇安信A-TEAM團隊助微軟修復高危漏洞獲官方致謝
https://news.sina.com.tw/article/20190612/31603298.html

Two hacking groups responsible for huge spike in hacked Magento 2.x stores June 12, 2019
https://www.zdnet.com/article/two-hacking-groups-responsible-for-huge-spike-in-hacked-magento-stores/#ftag=RSSbaffb68

ambionics/magento-exploits
https://github.com/ambionics/magento-exploits/blob/master/magento-sqli.py

MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI
https://www.ambionics.io/blog/magento-sqli

Liferay Portal < 7.1 CE GA4 / SimpleCaptcha API XSS
https://www.exploit-db.com/exploits/46983

Cross Site Request Forgery (CSRF)
https://www.exploit-db.com/exploits/46982

Intel NUC Kit 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11126

思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

CentOS 7.6 - 'ptrace_scope' Privilege Escalation
https://www.exploit-db.com/exploits/46989

Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)
https://www.exploit-db.com/exploits/46984

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
財金資訊公司董事長林國良:掌握數位金融服務,提升競爭力
http://bit.ly/2Wpq2hi

台北富邦銀行數位長李維斌:小步快跑,跟上數位金融大趨勢
http://bit.ly/2WvZfVJ

金融科技夯 風險控管浮檯面
https://money.udn.com/money/story/6808/3861865

沙盒新案!銀行跨行支付 挑戰財金公司
https://www.chinatimes.com/realtimenews/20190606004529-260410?chdtv

(HSM)漏洞影響銀行、雲供應商和政府
https://www.chainnews.com/articles/283509474927.htm

網上現中國銀行欺詐網頁 香港金管局呼籲市民提高警覺
http://bit.ly/2MDGcUU

香港金管局研電子錢包實名制 新開戶須身份認證 冀明年10月推
http://bit.ly/2WGMXde

純網銀執照與STO監管法規接連公布,台灣金融業準備創造奇蹟的夏天
http://bit.ly/31o87eJ

純網銀拚上路 金融服務樣貌將徹底翻轉
https://ec.ltn.com.tw/article/breakingnews/2812688

臺灣數位金融服務何去何從
https://udn.com/news/story/6853/3866694

LINE搶攻純網銀大打資安牌和日本經驗,更要打造用戶導向的整合式金融犯罪平臺
https://www.ithome.com.tw/news/131030

ATM上有一圈白白的 伸手去轉結果嚇傻人
https://www.secretchina.com/news/b5/2019/06/11/896455.html

取錢遇ATM瘋狂吐鈔:紙鈔一張張飄落 男子用大包接著
https://news.sina.com.tw/article/20190611/31592828.html

唯一一台ATM機失竊 紐西蘭一小鎮變無現金社會
https://news.sina.com.tw/article/20190612/31599668.html

運鈔員沉迷簽賭當內賊「偷ATM鈔匣」1337萬元 逃亡7天剩843萬
https://www.ettoday.net/news/20190612/1465691.htm

數位金融業務 金管會盯
https://money.udn.com/money/story/5613/3868614

哥斯大黎加頻遭網路攻擊 銀行和政府機構為主要目標
https://news.sina.com.tw/article/20190612/31605286.html

新加坡開放純網銀?叫車一哥Grab想搶頭香
https://tw.news.appledaily.com/new/realtime/20190612/1582650/

聯邦再向騎警撥款1,000萬元打擊洗錢犯罪
http://bit.ly/31vMaud

Hit FinTech 探討純網銀STO趨勢
https://udndata.com/ndapp/udntag/finance/Article?origid=9340906

23 Cases of Insider Bank Threats
https://medium.com/bugbountywriteup/18-cases-of-insider-bank-threats-16a29dcfca18

Major HSM vulnerabilities impact banks, cloud providers, governments
https://www.zdnet.com/article/major-hsm-vulnerabilities-impact-banks-cloud-providers-governments/#ftag=RSSbaffb68

Diebold Nixdorf warns customers of RCE bug in older ATMs
https://www.zdnet.com/article/diebold-nixdorf-warns-customers-of-rce-bug-in-older-atms/#ftag=RSSbaffb68

ATM skimming crook behind bars after draining accounts for 2 years
http://bit.ly/2I4t1b8

Over 185,000 Payment Card Details Stolen by MageCart
https://www.fortinet.com/blog/threat-research/payment-card-details-stolen-magecart.html

FIN8 hackers return after two years with attacks against hospitality sector
https://www.zdnet.com/article/fin8-hackers-return-after-two-years-with-attacks-against-hospitality-sector/#ftag=RSSbaffb68

The Shifting Sands of Financial Fraud
https://www.bankinfosecurity.com/shifting-sands-financial-fraud-a-12607

UK Taxpayers Overwhelmed with Phishing Scams
https://www.infosecurity-magazine.com/news/uk-taxpayers-overwhelmed-with-1-1

3.電子支付/電子票證/行動支付/ pay/新聞及資安
數位錢包使用便利 免受駭客攻擊
http://bit.ly/2KbRVHV

支付公司深挖跨境業務
http://paper.wenweipo.com/2019/06/07/FI1906070017.htm

俄擬禁支付寶等外國電子支付向俄羅斯人提供服務
http://www.jxydjc.com/News/keji/1685.html

網民 PayMe「轉錯數」對方不退錢兼封鎖!銀行公會指引:不交出款項或有法律後果
http://bit.ly/2I7FH0K

用非法「第四方支付」平台幫賭博網站洗錢,42名嫌犯被抓
https://news.sina.com.tw/article/20190613/31614492.html

悠遊卡公司董事長兼總經理陳亭如:結合消費場景,悠遊卡積極投入「載具多元化」
http://bit.ly/2KMXCeU

台灣三星電子三星支付總監邱淑鈴:Samsung Pay結合悠遊卡,使電子支付達到更全方位且智慧的使用場景
http://bit.ly/2ICouvy

LINE Pay行動支付收款機拓點 年底前全台可用
https://www.fountmedia.io/article/18790

小綠機「LINE Pay mini」 正式在台拓點
https://www.chinatimes.com/realtimenews/20190613003555-260410?chdtv

日推行動支付 英警覺危機開始踩煞車
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000561963_29y8w6gz7at7ul2e55cgg

4.虛擬貨幣/區塊鍊   新聞及資安
加密貨幣交易平台Cryptohopper有山寨版,可竊取受害者資料
https://ithome.com.tw/news/131147

研究:比特幣通脹漏洞仍然存在,60%的比特幣全節點或受其影響
https://www.bishijie.com/shendu_33168

Facebook 加密貨幣即將面世!有傳於本月中發佈白皮書
http://bit.ly/2WBOQTj

Facebook傳下周推加密貨幣 獲Visa及萬事達卡支持
http://bit.ly/2WKMTZK

加密貨幣初創公司湧向IEO籌資
https://on.wsj.com/2IwsCNN

觀光產業區塊鏈 6/6六點六分正式啟航
http://bit.ly/2Kc4Klx

區塊鏈相關漏洞類型匯總
https://bbs.pediy.com/thread-251878.htm

網傳Facebook穩定幣可能將在Zilliqa上進行發布
http://news.knowing.asia/news/cba50890-fa57-491f-9d0d-a1b1c06f4cd7

台東縣長饒慶鈴:我們希望能導入區塊鏈,用規模經濟創造經濟規模
http://bit.ly/2XFbEmF

解決產業痛點 Visa 推基於部分區塊鏈技術的全球跨境支付網絡
https://news.cnyes.com/news/id/4336460

John McAfee 即將發行貨幣Freedom Coin
http://bit.ly/2ZqEZBP

駭客企圖入侵帳戶次數攀升 BitMEX :強烈建議啟用 2FA
https://news.cnyes.com/news/id/4336541

巴西最大銀行:將很快推出專有區塊鏈平台
https://news.sina.com.tw/article/20190613/31618322.html

TTChain 打造跨鏈閃電支付系統 解決產業瓶頸
https://ctee.com.tw/industrynews/financesmanage/105379.html

國發會領軍 區塊鏈大聯盟7月成立
https://www.chinatimes.com/realtimenews/20190614002497-260410?chdtv

幣安被盜7,074枚BTC再次出現異動,小額資金可能已洗錢成功
https://news.sina.com.tw/article/20190614/31632178.html

Hackers steal $9.5 million from GateHub cryptocurrency wallets
https://www.zdnet.com/article/hackers-steal-9-5-million-from-gatehub-cryptocurrency-wallets/#ftag=RSSbaffb68

Cryptocurrency startup hacks itself before hacker gets a chance to steal users funds
https://www.zdnet.com/article/cryptocurrency-startup-hacks-itself-before-hacker-gets-a-chance-to-steal-users-funds/#ftag=RSSbaffb68

Cryptocurrency attack thwarted by npm team
https://nakedsecurity.sophos.com/2019/06/10/thwarted-cryptocurrency-attack-shows-importance-of-testing-open-source-code/

IBM, Walmart to pilot blockchain network for prescription drug traceability
https://www.zdnet.com/article/ibm-walmart-to-pilot-blockchain-network-for-prescription-drug-traceability/#ftag=RSSbaffb68

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / APT
新型「挖礦」惡意軟體,BlackSquid 肆虐美國與泰國
https://technews.tw/2019/06/10/new-cryptocurrency-mining-malware-is-spreading-across-thailand-and-the-us/

BlackSquid 利用八種知名漏洞潛入伺服器與磁碟,並植入 XMRig 挖礦程式
https://blog.trendmicro.com.tw/?p=60846

微軟警告垃圾郵件用Office漏洞傳木馬:瞄準歐洲用戶
https://news.sina.com.tw/article/20190610/31571822.html

資安公司Trend Micro於6月6日發布美國俄亥俄州一所學校因學校的網路及電腦遭到 Trickbot惡意程式 攻擊被迫停課一天
https://blog.trendmicro.com.tw/?p=60809

Mirai變種加入8個漏洞利用,攻擊iot設備
https://www.4hou.com/vulnerable/18458.html

殭屍網路猛攻150萬臺RDP主機,全球皆有災情,臺灣遭駭主機也不少
https://www.ithome.com.tw/news/131203

Sophos:小心!駭客利用遠端存取把勒索軟體送到你家
https://www.ithome.com.tw/news/131201

PCASTLE門羅幣挖礦病毒利用無檔案技術,再次針對中國發動攻擊
https://blog.trendmicro.com.tw/?p=60832

HiddenWasp惡意軟體借用Mirai及Winnti程式碼攻擊Linux系統
https://blog.trendmicro.com.tw/?p=60839

新殭屍網絡GoldBrute曝光微軟NTLM協議漏洞影響所有Windows版本
https://zhuanlan.zhihu.com/p/69009583

食物銀行中勒索軟件 無錢交贖金要靠眾籌方法
http://bit.ly/2WxoP7H

How Ursnif Evolves to Keep Threatening Italy
https://blog.yoroi.company/research/how-ursnif-evolves-to-keep-threatening-italy/

Lessons learned from a call center attack
https://newsroom.cisco.com/feature-content?type=webcontent&articleId=1992860

Lessons from the Baltimore Ransomware Takedown
https://www.symantec.com/blogs/feature-stories/lessons-baltimore-ransomware-takedown

Platinum is back
https://securelist.com/platinum-is-back/91135/

IDENTIFYING VULNERABILITIES IN PHISHING KITS
https://blogs.akamai.com/sitr/2019/06/identifying-vulnerabilities-in-phishing-kits.html

Monero-Mining Malware PCASTLE Zeroes Back In on China, Now Uses Multilayered Fileless Arrival Techniques
https://blog.trendmicro.com/trendlabs-security-intelligence/monero-mining-malware-pcastle-zeroes-back-in-on-china-now-uses-multilayered-fileless-arrival-techniques/

Ancient ICEFOG APT malware spotted again in new wave of attacks
https://www.zdnet.com/article/ancient-icefog-apt-malware-spotted-again-in-new-wave-of-attacks/#ftag=RSSbaffb68

A botnet is brute-forcing over 1.5 million RDP servers all over the world
https://www.zdnet.com/article/a-botnet-is-brute-forcing-over-1-5-million-rdp-servers-all-over-the-world/#ftag=RSSbaffb68

Germany: Backdoor found in four smartphone models; 20,000 users infected
https://www.zdnet.com/article/germany-backdoor-found-in-four-smartphone-models-20000-users-infected/#ftag=RSSbaffb68

Cryptojacking campaign strikes China with fileless attacks
https://www.zdnet.com/article/cryptojacking-campaign-strikes-china-with-fileless-attacks/#ftag=RSSbaffb68

Malware Focused On Mobile Banking Greatly Increased In 2019
https://www.tneus.com/2019/06/10/malware-focused-on-mobile-banking-greatly-increased-in-2019/

Ransomware halts production for days at major airplane parts manufacturer
https://www.zdnet.com/article/ransomware-halts-production-for-days-at-major-airplane-parts-manufacturer/#ftag=RSSbaffb68

Emotet: the malware behind 45% of malicious URLs
https://www.pandasecurity.com/mediacenter/malware/emotet-evolution-botnet/

Outlaw hackers return with cryptocurrency mining botnet
https://www.zdnet.com/article/outlaw-hackers-return-with-cryptocurrency-mining-bot/#ftag=RSSbaffb68

Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns
https://blog.trendmicro.com/trendlabs-security-intelligence/shifting-tactics-breaking-down-ta505-groups-use-of-html-rats-and-other-techniques-in-latest-campaigns/

Outlaw Hacking Group’s Botnet Observed Spreading Miner, Perl-Based Backdoor
https://blog.trendmicro.com/trendlabs-security-intelligence/outlaw-hacking-groups-botnet-observed-spreading-miner-perl-based-backdoor/

Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners
https://blog.trendmicro.com/trendlabs-security-intelligence/advanced-targeted-attack-tools-used-to-distribute-cryptocurrency-miners/

MegaCortex continues trend of targeted ransomware attacks
https://blog.malwarebytes.com/threat-spotlight/2019/06/megacortex-continues-trend-of-targeted-ransomware-attacks/

B.行動安全 / iPhone / Android /穿戴裝置 /App
衝擊海外手機銷售 臉書出重拳 封殺華為安裝App
https://www.chinatimes.com/newspapers/20190608000414-260110?chdtv

傳 Google 可能也在為華為 Android 禁令尋求解套
https://www.kocpc.com.tw/archives/263664

電信行業團體叫苦:封殺中國5G供應商將導致電信公司多掏620億美元
http://bit.ly/2ItO7yx

臉書將禁止華為手機預載FB、WhatsApp與IG程式
https://www.ithome.com.tw/news/131160

華為鴻蒙系統將於 9 月上線,介面極似 Android
http://bit.ly/2EZjdNQ

美授權電信運營商默認屏蔽「騷擾電話」
https://news.sina.com.tw/article/20190607/31554068.html

手機APP應用規範發佈 金融借貸類不應強制讀取通訊錄
https://news.sina.com.tw/article/20190610/31573926.html

微信如何成為中國社群巨獸?支付、叫車一手包辦,還為第三方開發工具
https://buzzorange.com/techorange/2019/06/11/wechat-development/

智慧型手機資安認證服務
https://www.ncc.gov.tw/chinese/gradation.aspx?site_content_sn=5086

iOS 12.4 成功越獄! 越獄開發者秀 iPhone SE 成功執行 Cydia 畫面
https://mrmad.com.tw/ibsparkes-run-iphonese-ios124-jailbreak

團隊臥虎藏龍!專訪 LINE 全球資安中心
https://www.inside.com.tw/article/16617-LINE-security-center-team

Android的2FA金鑰功能延伸到iOS裝置
https://www.ithome.com.tw/news/131249?fbclid=IwAR3AsH-hTEqtL8dn1Dkto3lz3Pho1j_FHEpYv3rV7tbnoZTW8-1DUs5r-W4

Telegram 伺服器遭 DDoS 網路攻擊!網友:攻擊者不言而喻
https://buzzorange.com/techorange/2019/06/13/telegram-ddos/

香港反送中 Telegram疑遭中國駭客網攻
https://www.rti.org.tw/news/view/id/2023889

Telegram達「軍用級」保密 可「用後即焚」
http://bit.ly/2RjcenF

Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests
https://thehackernews.com/2019/06/telegram-ddos-attack.html

【送中惡法】Telegram受中國「國家級」駭客攻擊 傳與香港示威有關
https://tw.appledaily.com/new/realtime/20190613/1583322/

私訊聯絡抗爭 通訊軟體同時間遭駭
https://news.ltn.com.tw/news/world/paper/1295928

WhatsApp 緊急修補嚴重資安漏洞:一通未接來電即可植入惡意程式進行監聽
https://blog.twnic.net.tw/2019/06/13/3969/

華為作業系統加「雙保險」?傳裝置上測試Aurora OS
http://bit.ly/2wUTBgC

Facebook再出手管制「社交圖表搜尋」 關鍵原因曝光了
http://bit.ly/2XeQizs

Android平台戰場:2019年上半年安全事件總結分析
https://www.freebuf.com/articles/terminal/205274.html

NCC已審核但HomePod在台卻遲遲不推出 消息人士曝關鍵主因
http://bit.ly/2Rg95VE

iOS 12.3.2 is out with a very specific fix
https://www.zdnet.com/article/ios-12-3-2-is-out-with-a-very-specific-fix/#ftag=RSSbaffb68

Android's Built-in Security Key Now Works With iOS Devices For Secure Login
https://thehackernews.com/2019/06/android-security-key-ios.html

EFF asks for DOJ efforts to break Facebook encryption to be made public
https://www.zdnet.com/article/eff-asks-for-doj-efforts-to-break-facebook-encryption-to-be-made-public/#ftag=RSSbaffb68

Stop using terrible PIN codes
https://www.zdnet.com/article/stop-using-terrible-pin-codes/#ftag=RSSbaffb68

The top 20 most common mobile phone PINs
https://twitter.com/tarah/status/1134341170400808961

Spain’s top soccer league fined over its app’s ‘tactics’
https://www.welivesecurity.com/2019/06/12/spain-soccer-league-fine-app/

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
資安人的崛起
http://sa.ylib.com/MagArticle.aspx?Unit=webonly&id=4389

網路威脅指南:利用次世代入侵防禦技術加強網路邊界防禦
https://blog.trendmicro.com.tw/?p=60793

如何在第一時間防堵漏洞以保障企業安全
https://blog.trendmicro.com.tw/?p=60194

HITCON CMT 2019 資安舞台申請總覽
https://blog.hitcon.org/2019/06/hitcon-cmt-2019-community-sharing.html?m=0

入侵高鐵訂票系統差點騙走20萬 台灣駭客天才遭起訴
https://udn.com/news/story/7321/3862282

微軟封鎖Windows PC和不安全的藍牙版FIDO金鑰的配對
https://www.ithome.com.tw/news/131229

研究揭亞太企業網絡保安落後 八成遭重複攻擊
http://bit.ly/2F2hPKk

美國三家頂尖防毒公司疑似遭駭,駭客高價出售竊得資訊與入侵方式
https://blog.twnic.net.tw/2019/06/13/3945/

2019年5月十大資安新聞
https://www.ithome.com.tw/news/131204

冒充駭客誘騙10少女拍裸照抖動片 資料夾至少10GB
https://udn.com/news/story/7317/3865531

提升帳號安全迫在眉睫,2018年帳號填充攻擊事件暴增逾300億次
https://www.ithome.com.tw/news/131199

就是不想付!18小時音檔遭駭贖金400萬 「傳奇樂團」直接開放下載
https://star.ettoday.net/news/1465276

中國跨境色情網路直播成產業鏈 監管執法要升級換代
https://news.sina.com.tw/article/20190611/31582824.html

新華調查:5個月發展90餘萬名會員付費觀看 跨境色情網路直播緣何形成「產業鏈」
https://news.sina.com.tw/article/20190609/31565008.html

中共公安部推「護網行動」網友:封到沒底線
https://www.ntdtv.com/b5/2019/06/08/a102596443.html

BGP路由洩露將歐洲行動流量導至中國電信
http://bit.ly/2F2Cn5j

焦佑鈞:針對華為禁令,華邦電目前一切出貨正常
https://finance.technews.tw/2019/06/14/winbond-for-huawei/

川普升高科技冷戰規格,華為封殺前俄國卡巴斯基實驗室已遭報復
https://technews.tw/2019/06/09/high-tech-cold-war/

美國務卿狂批華為資安 陸外交部稱全是「謊言謬論」
https://www.ettoday.net/news/20190610/1464323.htm

核電廠網路安全人力流失 美政府籲加強招聘
https://www.ydn.com.tw/News/339457

反制美 中國再出招 設技術安全管理清單
http://bit.ly/2XENiJQ

中國大陸建立技術安全管理清單制度 防範國家安全風險
https://news.sina.com.tw/article/20190612/31597206.html

AIT砲轟中國稱讚台灣! 怒斥華為5G補貼方案恐釀禍害
https://news.ltn.com.tw/news/politics/breakingnews/2816888

反「送中」抗議與一場「貓抓老鼠」的信息戰
https://cn.nytimes.com/china/20190614/hong-kong-telegram-protests/zh-hant/

中共官方報告:2018美國3325個IP攻擊中國網絡 且有上升趨勢
https://www.ettoday.net/news/20190610/1464370.htm

中共中央網信辦等四部委聯合開展互聯網網站安全專項整治,將處罰並曝光違法違規網站
https://www.freebuf.com/news/205698.html

「監控」恐懼被掀起!德國政府要求谷歌提供用戶數據
https://news.ltn.com.tw/news/world/breakingnews/2817866

不甩川普政府警告 美公部門照用大疆無人機
https://ec.ltn.com.tw/article/breakingnews/2820067

納粹再現?德擬用數位助理蒐集個資
http://bit.ly/2R44FRE

從「想離職的工程師」下手,中國科技間諜用400萬偷走台灣75億技術
http://bit.ly/2WDSMYJ

俄羅斯打算封鎖9家不聽話的VPN業者
https://www.ithome.com.tw/news/131158?fbclid=IwAR3DfKXrCcVznssGMISuok11-8G4tKtbA1gTYRrqK8Efru-KBJ5krSP5HGg

美造最大網路武器庫 全球駭料料
https://www.chinatimes.com/newspapers/20190614000121-260301?chdtv

圍堵大陸 美呼籲建第一島鏈電子監控網
https://www.chinatimes.com/realtimenews/20190613004500-260417?fbclid=IwAR0Q3TYS74uEqfGupqoe78YEJHDo518txa4oMRRVCnTahcMvAz_p060MN5c&chdtv

Exim email servers are now under attack
https://www.zdnet.com/article/exim-email-servers-are-now-under-attack/#ftag=RSSbaffb68

Elevate Your Investigations With Collaboration & Organization: PassiveTotal Projects
https://www.riskiq.com/blog/analyst/collaboration-organization-passivetotal-projects/

RUSSIA AND IRAN PLAN TO FUNDAMENTALLY ISOLATE THE INTERNET
https://www.wired.com/story/russia-and-iran-plan-to-fundamentally-isolate-the-internet/

New Brute-Force Botnet Targeting Over 1.5 Million RDP Servers Worldwide
http://bit.ly/2ZgHLJS

Exclusive: Top Japanese chip gear firm to honor U.S. blacklist of Chinese firms - executive
https://reut.rs/2KaxQ4N

Cryptocurrency Firm Itself Hacked Its Customers to Protect Their Funds From Hackers
http://bit.ly/2wTMgxT

Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services
http://bit.ly/2KC0f3m

Remote attack flaw found in IPTV streaming service
https://www.zdnet.com/article/remote-attack-flaw-found-in-iptv-streaming-service/#ftag=RSSbaffb68

'RAMBleed' Rowhammer attack can now steal data, not just alter it
https://www.zdnet.com/article/rambleed-rowhammer-attack-can-now-steal-data-not-just-alter-it/#ftag=RSSbaffb68

When Time is of the Essence – Testing Controls Against the Latest Threats Faster
http://bit.ly/2WCzvHb

Zero Trust: Debunking Misperceptions
https://blog.paloaltonetworks.com/2019/06/network-zero-trust-debunking-misperceptions/

UK Man Sentenced for 2015 TalkTalk Hack
https://www.bankinfosecurity.com/uk-man-sentenced-for-2015-talktalk-hack-a-12611

Over 12 billion cyber attacks witnessed in the gaming industry since 2017
https://www.cybersecurity-insiders.com/over-12-billion-cyber-attacks-witnessed-in-the-gaming-industry-since-2017/

MorganPhilips Taiwan Branch
https://www.cakeresume.com/companies/morganphilips-taiwan-branch/technology-jobs?locale=zh-CN

系統工程師(銀行)
https://www.manpower.com.tw/product/674

知名銀行 ✩ 年度正職徵才 :金融服務人員 LT4-1688
https://www.104.com.tw/job/6n67j

【正職銀行櫃員】商科系無經驗可,分行櫃檯服務人員,銀行正職任用(桃園區)-B93
https://www.104.com.tw/job/6n615

投資營運風險管理人員
https://www.104.com.tw/job/6n61c?jobsource=freshman2009

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
FBI警告:不要以為HTTPS網站很安全,有些暗藏網釣攻擊
https://www.ithome.com.tw/news/131198

FBI warns users to be wary of phishing sites abusing HTTPS
https://nakedsecurity.sophos.com/2019/06/12/fbi-warns-users-to-be-wary-of-phishing-sites-abusing-https/

黑客放長線釣大魚 竄改電郵通知新匯款帳號 後因銀行間的作業問題 黑客得手15萬美元
http://www.epochtimes.com/b5/19/6/14/n11321649.htm

俄羅斯個資黑市猖獗,手機紀錄到護照資料都買得到
https://technews.tw/2019/06/09/russia-personal-data-black-market/

蘋果默認iPhone洩個資!馬後炮補救慘被噓爆
https://fnc.ebc.net.tw/FncNews/tech/83016

漏洞管理、資安措施不當,導致國泰航空950萬筆個資外洩
https://www.ithome.com.tw/news/131161

【國泰洩私隱】私隱專員裁定違私隱條例 狠批過分鬆懈、警覺性低
http://bit.ly/2WCdcBa

微軟告警利用漏洞進行的垃圾郵件釣魚活動
https://www.anquanke.com/post/id/180070

上海交大洩漏8.4TB電子郵件數據,官方稱漏洞已經修復
https://www.ithome.com/0/427/527.htm

美國海關外包商系統遭駭,國內外旅客相片及車牌個資外洩
https://ithome.com.tw/news/131190

CBP合約商電腦系統被黑 出入境旅客頭像車牌外洩
http://bit.ly/2Wwc6lG

Cyberattack exposes travelers’ photos, says US border agency
https://www.welivesecurity.com/2019/06/11/cyberattack-travelers-photos-usa-cbp/

HACK BRIEF: HACKERS STOLE A BORDER AGENCY DATABASE OF TRAVELER PHOTOS
https://www.wired.com/story/hackers-stole-traveler-photos-border-agency-database/

瀋陽黑客男篡改存款單50元變50萬 持假單據騙取3千萬貸款
http://bit.ly/2EX7vmQ

個資遭駭、點數被盜,酬賓制導入的海量資訊成駭客溫床
http://bit.ly/2XDp0zA

長城行動解密 西班牙再遣送詐騙台嫌至中國
http://bit.ly/2MHp4gM

網路訂房怕個資洩漏 專家1招預防
https://www.chinatimes.com/realtimenews/20190611003196-260405?chdtv

小心受騙!申請土耳其電子簽證要錢?攏是假的
https://newtalk.tw/news/view/2019-06-11/258311

網友扮演從金融主管到公職人員  從假投資到代管美金地契
https://times.hinet.net/news/22409686

銀行員工實名舉報:青島銀監局長生活淫亂 銀行資產損失近30億元
http://bit.ly/2I7Qng4

30億詐騙案涉銀行高層
http://bit.ly/2I7HRh6

駭客冒充微軟員工 芝夫婦失金2.5萬
https://udn.com/news/story/6813/3864608

重慶宣判一起特大電信詐騙案 3名主犯均獲刑13年以上
https://news.sina.com.tw/article/20190609/31566576.html

線上調查資料庫未加密,八百萬美國人個資外洩
https://blog.twnic.net.tw/2019/06/13/3948/

「專業辦證、上網可查」坑你沒商量 四川破獲特大網路制販假證案
https://news.sina.com.tw/article/20190613/31620560.html

Emuparadise gaming emulator website suffers data breach
https://www.zdnet.com/article/emuparadise-gaming-rom-repository-suffers-data-breach/#ftag=RSSbaffb68

8.4TB in email metadata exposed in university data leak
https://www.zdnet.com/article/8-4tb-in-email-metadata-exposed-in-university-data-leak/#ftag=RSSbaffb68

CBP says hackers stole license plate and travelers' photos
https://www.zdnet.com/article/cbp-says-hackers-stole-license-plate-and-travelers-photos/#ftag=RSSbaffb68

Fortune 500 company leaked 264GB in client, payment data
https://www.zdnet.com/article/veteran-fortune-500-company-leaked-264gb-in-client-payment-data/#ftag=RSSbaffb68

Singapore’s ‘Fake News’ Crackdown Alarms Tech Giants
https://medium.com/cheddar/singapores-fake-news-crackdown-alarms-tech-giants-65032f71473e

Scattered Canary Evolves From One-Man Operation to BEC Giant
https://www.bleepingcomputer.com/news/security/scattered-canary-evolves-from-one-man-operation-to-bec-giant/

Warning: Multiple variations of a phishing email scam spoofing NAB hit inboxes
https://www.mailguard.com.au/blog/warning-multiple-variations-of-a-phishing-email-scam-spoofing-nab-hit-inboxes

Phishing email scam spoofing Westpac claims to detect ‘unusual activity’ in users’ bank accounts
https://www.mailguard.com.au/blog/phishing-email-scam-spoofing-westpac-claims-to-detect-unusual-activity-in-users-bank-accounts

Microsoft Warns of Large Spam Campaign Hitting Europe
https://www.bankinfosecurity.com/microsoft-warns-large-spam-campaign-hitting-europe-a-12598

BioReference Laboratories Added to AMCA Breach Tally
https://www.bankinfosecurity.com/bioreference-laboratories-added-to-amca-breach-tally-a-12581

Evite e-invite website admits security breach
https://www.zdnet.com/article/evite-e-invite-website-admits-security-breach/#ftag=RSSbaffb68

3.4 billion fake emails are sent around the world every day
http://bit.ly/2WtKoWJ

Cyberattack exposes travelers’ photos, says US border agency
https://www.welivesecurity.com/2019/06/11/cyberattack-travelers-photos-usa-cbp/

E.研究報告
Apache Tika 命令注入漏洞挖掘
https://www.chainnews.com/articles/533436970799.htm

善用輕量化HSM優勢 組織物聯網資安大軍
http://www.netadmin.com.tw/netadmin/zh-tw/technology/EF6E432196B044B1A274F23EB77C6FC4

加密DNS協議DNSCrypt以及如何選擇DNS over HTTPS服務器
https://blog.thecjw.me/948.html

Talos Blog發現最近的Frankenstein攻擊活動中使用了多個GitHub開源項目代碼
http://feedproxy.google.com/~r/feedburner/Talos/~3/RSmsHWqrgpk/frankenstein-campaign.html

Hermit(隱士)活動續:繼續針對朝鮮半島進行的APT攻擊活動
https://www.freebuf.com/articles/network/204556.html

一位Rootkits作者對防御者的建議,來自CONFidence 2019會議
https://www.youtube.com/watch?v=t944evpf1WE

技術乾貨| 虛擬化軟件QEMU漏洞分析
https://zhuanlan.zhihu.com/p/68736004

redis未授權訪問漏洞利用
http://www.lsablog.com/networksec/penetration/redis-unauthorized-vulnerability/

DIR-850L漏洞分析
https://xz.aliyun.com/t/5362

使用WSL欺騙Windows繞過UAC
https://tttang.com/archive/1304/

APKiD - APK樣本自我防護(加殼、混淆)產品的識別
https://github.com/enovella/cve-bio-enovella/blob/master/slides/APKiD-NowSecure-Connect19-enovella.pdf

Facebook CTF 2019比賽題目以及相關的Writeups收集
https://ctftime.org/event/781/tasks/

“方程式組織”攻擊SWIFT 服務提供商EastNets 事件复盤分析報告
https://paper.seebug.org/944/

從CVE-2018-8355零基礎學Chakracore漏洞利用
https://www.freebuf.com/vuls/205206.html

研究人員以RAMBleed攻擊,竊取存在記憶體中的機密
https://www.ithome.com.tw/news/131222

利用Oracle WebLogic 漏洞進行的加密攻擊活動
https://www.chainnews.com/articles/849558868774.htm

利用Oracle WebLogic 漏洞進行的加密攻擊活動
https://www.chainnews.com/articles/849558868774.htm

Google 研究員披露Windows 10 0day 漏洞
https://www.oschina.net/news/107413/warning-windows-10-0day-vulnerability-outed-by-google-researcher

Vim/Neovim 基於modeline 的多個任意代碼執行漏洞分析(CVE-2002-1377、CVE-2016-1248、CVE-2019-12735)
https://paper.seebug.org/952/

Machinae:一款信息收集自動化工具
https://www.freebuf.com/sectool/204779.html

GandCrab後繼有人?Sodinoki勒索軟件接管戰場
https://www.freebuf.com/articles/system/205237.html

WordPress插件Form Maker SQL注入漏洞分析
https://www.freebuf.com/vuls/205290.html

Project iKy:一款功能強大的圖形化郵件信息收集與分析工具
https://www.freebuf.com/articles/database/204996.html

開源殭屍網絡平台LiteHttp源碼分析
https://www.freebuf.com/articles/system/205146.html

SandboxEscaper披露漏洞POC研究報告
https://www.freebuf.com/vuls/204945.html

Python安全工具源碼分析:wydomain
https://www.freebuf.com/sectool/205207.html

深入分析LAZARUS APT針對MAC用戶使用的惡意word文檔
https://www.freebuf.com/articles/network/204993.html

關於海蓮花組織針對移動設備攻擊的分析報告
https://www.freebuf.com/articles/network/204867.html

細說CVE-2010-2883從原理分析到樣本構造
https://www.freebuf.com/vuls/204874.html

GitHacker:Git源碼洩漏檢測工具可恢復整個Git Repo
https://www.freebuf.com/sectool/203542.html

PacBot:一款功能強大的雲平台自動化安全監控工具
https://www.freebuf.com/sectool/203860.html

紅藍對抗:淺談Red Team服務對防護能力的提升
https://www.freebuf.com/articles/es/205024.html

2019年第一季度DDoS攻擊報告
https://www.freebuf.com/articles/paper/205060.html

Scavenger:可在不同Paste站點爬取用戶洩露憑證的實用工具
https://www.freebuf.com/sectool/204992.html

基於OSQuery安全資產信息監控實踐
https://www.freebuf.com/sectool/204818.html

準備交贖金?當心Phobos勒索病毒二次加密
https://www.freebuf.com/articles/system/204323.html

Anevicon:一款基於UDP的負載生成器
https://www.freebuf.com/sectool/203908.html

新型勒索病毒Attention感染醫療與半導體行業
https://www.freebuf.com/articles/system/204740.html

一起殭屍網絡進行大規模DDoS攻擊的樣本分析
https://www.freebuf.com/articles/terminal/204444.html

比特幣交易追踪溯源技術介紹
https://www.freebuf.com/articles/blockchain-articles/203127.html

歐洲黑客組織通過已簽名的垃圾郵件來實現多階段惡意軟件加載
https://www.freebuf.com/articles/system/204021.html

滲透測試信息收集心得分享
https://www.freebuf.com/articles/web/204883.html

ExtAnalysis:一款瀏覽器插件安全分析框架
https://www.freebuf.com/sectool/203900.html

這款疑似來自朝鮮的新型惡意軟件為何要收集藍牙數據
https://www.freebuf.com/articles/database/205000.html

淺談IPv6的入侵與防禦
https://www.freebuf.com/articles/web/202901.html

反欺詐場景剖析丨虛假賬號的產生和流轉
https://www.freebuf.com/articles/network/204751.html

iCULeak :一款從手機配置文件中提取用戶賬號憑證的強大工具
https://www.freebuf.com/sectool/203867.html

看我如何利用Drupal漏洞並通過惡意圖片實現一鍵RCE
https://www.freebuf.com/articles/web/203573.html

警惕利用Office漏洞傳播商業間諜軟件AgentTesla
https://www.freebuf.com/articles/system/204550.html

Nmap配合Masscan實現高效率掃描資產
https://www.freebuf.com/sectool/204578.html

Trigmap:一款專用於滲透測試的Nmap封裝工具
https://www.freebuf.com/sectool/204022.html

Metasploit Payload在Linux平台的免殺
https://www.freebuf.com/articles/system/203451.html

FinalRecon:一款多功能網絡偵查OSINT工具
https://www.freebuf.com/sectool/203863.html

使用Elasticsearch與TheHive構建開源安全應急響應平台
https://www.freebuf.com/articles/es/203538.html

快訊丨Office 365出現網絡釣魚,用戶需多加註意
https://www.freebuf.com/news/204813.html

Superl-url:一款開源關鍵詞URL採集工具
https://www.freebuf.com/sectool/203724.html

基於MicroPython的自動網絡時間校準器
https://www.freebuf.com/geek/204211.html

跟我一起學習玩轉二維碼
https://www.freebuf.com/geek/204516.html

AutoSource:整合SonarQube的自動化源代碼審計框架
https://www.freebuf.com/sectool/203303.html

看我如何使用Windows域繞過防火牆獲取持卡人數據的訪問權限
https://www.freebuf.com/articles/database/203552.html

Gaining Access to Card Data Using the Windows Domain to Bypass Firewalls
https://markitzeroday.com/pci/active-directory/kerberoast/firewall/2019/04/24/gaining-access-to-card-data-using-the-windows-domain-to-bypass-firewalls.html

The Graph: An open-source query protocol for blockchains, using GraphQL
https://www.zdnet.com/article/the-graph-an-open-source-query-protocol-for-blockchains-using-graphql/#ftag=RSSbaffb68

6 ways malware can bypass endpoint protection
http://bit.ly/2MG10Lr

How to Model Risk in an Apex Predator Cyber-World
http://bit.ly/2XBolyI

Framing the Problem: Cyber Threats and Elections
https://www.fireeye.com/blog/threat-research/2019/05/framing-the-problem-cyber-threats-and-elections.html

Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities
https://www.fireeye.com/blog/threat-research/2019/06/government-in-central-asia-targeted-with-hawkball-backdoor.html

Threat Research Hunting COM Objects
https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html

Threat Research Hunting COM Objects (Part Two)
https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects-part-two.html

WAF through the eyes of hackers
https://habr.com/ru/company/dsec/blog/454592/?fbclid=IwAR2AKvWLVyWsoV97AhjwlSwc08eEb9mKuqrGDR3QHBaNfoLNct4uVmjjg9A

[ macOS ] Use zsh as the default shell on your Mac
https://support.apple.com/en-us/HT208050

How to Destroy a Hard Drive
https://www.wikihow.com/Destroy-a-Hard-Drive

Hunting COM Objects
http://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html

Curl, Slight of Hand, & Exploit Hysteria
https://medium.com/@notdan/curl-slight-of-hand-exploit-hysteria-29a82e5851d

ReverseTCPShell : PowerShell ReverseTCP Shell, Client & Server
http://bit.ly/2Xyntep

How hackers can permanently lock you out of your accounts
http://bit.ly/2F3akmm

V8 Bug Hunting Part 1: Setting up the debug environment
http://bit.ly/2ZdqfpF

How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code
https://modexp.wordpress.com/2019/06/03/disable-amsi-wldp-dotnet/

NorthSec 2019 — Windows Track Writeup
https://blog.ettic.ca/northsec-2019-windows-track-writeup-69d5bcf06abd

Bad Meets Evil
https://www.slideshare.net/HuyKha2/bad-meets-evil

HDFS Erasure Coding in Production
http://bit.ly/2R0Ygqv

Sigma-Hunting-App
https://github.com/P4T12ICK/Sigma-Hunting-App

Inside a Google Titan Bluetooth security key – high security, low durability
https://www.zdnet.com/article/inside-a-google-titan-bluetooth-security-key-high-security-low-durability/#ftag=RSSbaffb68

Inside a Google Titan Bluetooth security key
https://www.zdnet.com/pictures/inside-a-google-titan-bluetooth-security-key/#ftag=RSSbaffb68

Network of Social Media Accounts Impersonates U.S. Political Candidates, Leverages U.S. and Israeli Media in Support of Iranian Interests
https://www.fireeye.com/blog/threat-research/2019/05/social-media-network-impersonates-us-political-candidates-supports-iranian-interests.html

Active Directory Enumeration with PowerShell
https://www.exploit-db.com/docs/46990

LDAP Swiss Army Knife
https://www.exploit-db.com/docs/46986

Analysis of CVE-2019-0708 (BlueKeep)
https://www.exploit-db.com/docs/46947

A Debugging Primer with CVE-2019-0708
https://www.exploit-db.com/docs/46944

F.商業
【一圖弄懂安控產業】台灣安控業者如何發揮優勢
https://technews.tw/2019/06/09/vivotek-ip-cameras-and-the-cyber-security-of-digital-surveillance-solutions/

中芯數據技術長吳耿宏:企業需要更智慧平價的資安鑑識服務
http://bit.ly/2R5sqcc

全盤掌握相關威脅情資 資安團隊以逸待勞隨時反擊  強化資安監控密技 對抗網路駭客不落下風
http://www.netadmin.com.tw/netadmin/zh-tw/trend/178EE9AB04054BF2A040C0753BCC942A

中華電信學院首開夏令營 聚焦AI資安物聯網
http://bit.ly/2F37AVS

中華電信學院首辦高中職生暑期科學營
http://bit.ly/2XEpu8J

Elastic買下終端安全業者Endgame Stack
https://www.ithome.com.tw/news/131174

勤業眾信:透析5G時代,聚焦商業模式五大制勝關鍵
https://m.moneydj.com/f1a.aspx?a=f3eb032c-4109-439f-9762-7f22df337064

穩定AI運算和產業應用 奧義推智慧資安平台
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=50&id=0000561614_dec7vwv40akch05gul6ku

大立光資安管控嚴 小黃都知道
https://money.udn.com/money/story/5612/3868652

智慧化中央網管方案 普萊德將於歐亞同步發表
http://bit.ly/2KfXNQA

網絡安全公司FireEye:港企比預期更易受網絡攻擊 建議加強過濾電子郵件
http://www.aastocks.com/tc/stocks/news/aafn-news/NOW.946196/2

趨勢科技與業界領先的教育機構合作提供免費資安意識訓練教材
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/EB0C8F7F2F5D455C9A51911CA5D4DDB8

中美貿易戰利多 研勤人臉辨識下半年大爆發 
https://www.ettoday.net/news/20190613/1466617.htm

Fortinet於Security 361°數位轉型資安研討會中強調 : 安全為企業數位轉型的基礎
https://netmag.tw/tag/security-361%E6%95%B8%E4%BD%8D%E8%BD%89%E5%9E%8B%E8%B3%87%E5%AE%89%E7%A0%94%E8%A8%8E%E6%9C%83

儲存新技術即將爆發,擁有完整供應鏈的台灣記憶體產業準備好了嗎
https://buzzorange.com/techorange/2019/06/14/snia-taiwanese-memory-industry/

AI應用爆發 精誠成長看俏
https://money.udn.com/money/story/5612/3869488

Cisco to acquire industrial IoT company Sentryo
https://www.zdnet.com/article/cisco-to-acquire-industrial-iot-company-sentryo/#ftag=RSSbaffb68

Cynet Free Visibility Experience – Unmatched Insight into IT Assets and Activities
https://thehackernews.com/2019/06/cynet-free-visibility-tool.html

Google's language techniques help O2 Czech Republic reveal network secrets
https://www.zdnet.com/article/googles-language-techniques-help-o2-czech-republic-reveal-network-secrets/#ftag=RSSbaffb68

G.政府
科技部資安賽 這家靠威脅解決方案奪500萬獎金
https://money.udn.com/money/story/5612/3861536

打造更安全的數位世界 科技大擂台決賽揭曉
http://bit.ly/2WWG32H

創新 vs. 監理 難平衡的翹翹板--專訪金融監督管理委員會主任委員顧立雄
https://udn.com/news/story/6877/3864441

國際資訊安全會議(RSA Conference 2019)出國報告
https://report.nat.gov.tw/ReportFront/PageSystem/reportFileDownload/C10801207/001

發展資安科技 桃園虎頭山創新園區6月18日啟用
https://udn.com/news/story/7324/3866748

臺美日再度在「全球合作暨訓練架構」下合辦「網路安全與新興科技國際研習營」,深化跨國資安合作能量
https://fsi.mofa.gov.tw/News_Content_M_2.aspx?n=8742DCE7A2A28761&sms=491D0E5BF5F4BC36&s=4590A623615048C8

北醫數位e化 便民系統資安共存
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=15&id=0000561634_li57lud22nlim15ctfv83

打擊金融犯罪 南檢首創檢察銀行聯繫平台
https://www.chinatimes.com/realtimenews/20190612004543-260402?chdtv

李副總長主持網通安全巡迴講習 落實資安管控
https://mna.gpwb.gov.tw/post.php?id=9&message=94921

國防部強化資安防護 確保安全
https://www.ydn.com.tw/News/340092

高市府和高雄在地大學合作 簽署「網站檢核暨資安攻防合作意向書」
http://www.taiwanhot.net/?p=718489

政院:5G釋照要扶植本土企業
https://money.udn.com/money/story/5648/3871005

政院4年投入204億 打造台灣5G競爭力
https://ec.ltn.com.tw/article/paper/1295906

H.SCADA/ICS/工控系統
融合IT與OT領域知識 全面防治針對性攻擊入侵 多重防禦工業場域 降低惡意程式感染風險
https://www.netadmin.com.tw/netadmin/zh-tw/trend/FD05B8998ED342EF9B59DE21E1946D16

Siemens Siveillance VMS 授權問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6580

油罐監控設備存在嚴重漏洞,易受黑客攻擊
http://www.gxbbs.cc/8410-1.html

Vulnerability Spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580
https://blog.talosintelligence.com/2019/06/vulnerability-spotlight-multiple.html

I.教育訓練
Clean Code 無瑕的程式碼
http://bit.ly/2WTWL2x

Linux 技術面試問答 2019
http://bit.ly/2KGOkB6

CompTIA Certification Training — Get Online Courses @ 95% OFF
http://bit.ly/2R1XhGr

LevelUp 0x04 2019
https://www.youtube.com/playlist?list=PLIK9nm3mu-S6YoUjPrKtmBliUS4J5YOGl

BSidesBUD2019安全會議
http://bit.ly/2Wc5ysn

How to Control Network Traffic with Evil Limiter to Throttle or Kick Off Devices
http://bit.ly/2K7tUSC

Stories of a CISSP: TCP Handshake
http://bit.ly/2R2ULjj

What is SQL Injection and how to fix it
https://medium.com/@bootsity/what-is-sql-injection-and-how-to-fix-it-dfac181ce09c

How Hackers Can Permanently Lock You out of Your Accounts
https://medium.com/the-guardian/how-hackers-can-permanently-lock-you-out-of-your-accounts-ca82c79dcd3

Metasploit — Pivoting
https://medium.com/swlh/metasploit-pivoting-281636b23279

An Introduction to Public Key Cryptosystems with RSA
https://medium.com/@andrewjoliver3/an-introduction-to-public-key-cryptosystems-with-rsa-7e34cc67cf22

Android靜態分析之初級篇
https://www.freebuf.com/articles/terminal/204504.html

Android靜態分析之初級篇(二)
https://www.freebuf.com/articles/rookie/205045.html

面向新手的CTF實戰教學(一)
https://www.freebuf.com/articles/network/203992.html

Learning to Rank Strings Output for Speedier Malware Analysis
https://www.fireeye.com/blog/threat-research/2019/05/learning-to-rank-strings-output-for-speedier-malware-analysis.html

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
Amazon Ring自行將錄下的可疑人物影像公布聲稱要幫警察抓賊,引發爭議
https://www.ithome.com.tw/news/131159?fbclid=IwAR3Fw1w6yX8hCSt-_j8_IwihcKWZCs6shFOKnlQxreHt_lqI7bp4-0QBIeg

微軟刪除人臉識別資料庫 源於「倫理」識別
https://news.sina.com.tw/article/20190612/31596606.html

人工智慧及機器學習讓網路更智慧,管理簡便與安全強化一次到位
https://technews.tw/2019/06/12/cisco-ai-manage-internet

偽造技術納入AI 合成影像恐釀假新聞之亂 影像聲音無違和搭配 "深度偽造"以假亂真
https://www.ttv.com.tw/news/view/108061300078005/579

筆跡複製機器人出現啦!精準度 93%,以後筆記、草圖就拜託代寫囉
https://buzzorange.com/techorange/2019/06/13/robot-copy-your-writing/

Akamai targets IoT devices with launch of IoT Edge Connect
https://www.zdnet.com/article/akamai-targets-iot-devices-with-launch-of-iot-edge-connect/#ftag=RSSbaffb68

Why cybercriminals are eyeing smart buildings
https://www.welivesecurity.com/2019/06/12/cybercriminals-eyeing-smart-buildings/

6.近期資安活動及研討會
 JCConf Taiwan 2019 Call for Proposals  6/1 ~ 6/30
 https://twjug.kktix.cc/events/jcconf-2019-cfp?fbclid=IwAR2-Lry33FOVuXXStfSqUWlAJI25SeFgK9Q1XY6e4zJLEKvYrSkmlvv6Waw

 【課程】Julia 資料科學實作,2019年強勢來襲的科學計算語言,集Python、C++、R 各家特色於一身  6/15
 https://www.techbang.com/posts/70251-course-julia-data-science-practice

 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039

 The Artificial Intelligence Conference  6/18
 https://www.facebook.com/events/278255853036175/?event_time_id=360038254857934

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 HackingThursday 固定聚會 6/20
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbbc/

 國家高速網路與計算中心教育訓練-資安健診  6/20
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3832&from_course_list_url=homepage

 JSDC台中小聚 - UX 體驗分享計畫  6/21
 https://jsdc-tw.kktix.cc/events/53548f33?fbclid=IwAR3CybQML6FGnMQ_IE9dfRYFJUHWm4Knl8kJBHQ9vn_Coz2KOQW1xk_joJs

 Edvance Beacon 2019  6/21
 https://docs.google.com/forms/d/e/1FAIpQLSe70uw8Pi862IkL_rQXDJhzd7QnGXiuhcWwttOEN2BZwUbyMw/viewform

 2019 6月份 [email protected] 6/22(六) Working with PowerShell
 https://studyarea.kktix.cc/events/8a726f12-copy-1?fbclid=IwAR1AoE9V_SGpizemU1moKpU62I5vgyEoZAN9cnLtkZz9l1c5MrnsVpfhsJk

 CCNS 定期聚 — 當 Python 遇上 JIT / PyPy 淺談  6/23
 https://ccns.kktix.cc/events/ccns-pypy-talk?fbclid=IwAR1wa3cZuyNZQv-pGo5Eh3u5uik69nLY1t-sXb2R6wTd9HsrMBw02ybbkJw

 資安前哨站-獵殺封包 6/26
 https://www.it360.com.tw/live-detail.aspx?id=iT36000000000348

 智慧家庭IoT資安與個人隱私資安,如何防駭客,如何做防禦  6/27
 https://www.techbang.com/posts/70549-lecture-smart-home-network-security

 HackingThursday 固定聚會 6/27
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/

 天黑請閉眼,與駭客的對話  6/29
 https://tfc.kktix.cc/events/night-talk-hacking-hacker?fbclid=IwAR2ejWoW3lNyQ2X7basa8zkjcoBR6Kn02jXYiFYeWWluY91uWw9FCSJDEoo

 HackingThursday 固定聚會 7/4
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/

 2019 車用電子與車聯網資安種子教師研習營  7/4 ~ 7/5
 http://www.kghs.kh.edu.tw/notice/11734

 2019國際資訊安全組織台灣高峰會  7/9 ~ 7/11
 https://csa.kktix.cc/events/2019con

 Secure Summit APAC 2019 安全峰會 6 大領域提升資安水平  7/10 ~ 7/11
 http://bit.ly/2WbONh5

 工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
 https://www.accupass.com/event/1904080311551119077841

 HackingThursday 固定聚會 7/11
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/

 HackingThursday 固定聚會 7/18
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/

 HackingThursday 固定聚會 7/25
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/

 新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站​  7/26
 https://ievents.iii.org.tw/eventS.aspx?t=0&id=547

 CDX2.0推廣活動 - 台南場次  7/26
 https://nchc-cdx.kktix.cc/events/cdxactivity-0726

 資安事故處理實務課程 8/7 ~ 8/8
 http://bit.ly/2VW0Lv9

 DEF CON 27  2019/8/8–8/11
 https://www.defcon.org/

 數位鑑識處理實務 8/14 ~ 8/15
 http://bit.ly/2VW0Lv9

 台灣駭客年會 HITCON Summer Training 2019 - 學生報名  2019-08-19 ~ 2019-08-22
 https://www.accupass.com/event/1906050919271598677460

 WEB應用滲透測試 8/21 ~ 8/23
 https://www.accupass.com/event/1904080221358963463590

 台灣駭客年會 HITCON Community 2019  2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8)
 https://www.accupass.com/event/1906040921594609934250

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 108年資安職能訓練-行動裝置安全(8/29-8/30)
 https://cee.ksu.edu.tw/recruitinfo/1443.html

 CDX2.0推廣活動 - 台北場次 9/10
 https://nchc-cdx.kktix.cc/events/cdxactivity-0910

 TANET 2019 - 臺灣網際網路研討會  9/25
 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310

 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/?fbclid=IwAR2gU17bz0Y7TH8THIIskIX1vziWBpMY152mJiwk7AAeVS752f_eNcZ0NzU

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com


留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…