資安事件新聞週報 2019/6/17 ~ 2019/6/21
1.重大弱點漏洞/後門/Exploit/Zero Day
GCHQ的漏洞裁定流程
https://www.xianjivr.com/news/46587.html
Netflix揭露FreeBSD與Linux核心漏洞
https://www.ithome.com.tw/news/131329
美國情治單位成功測試利用 BlueKeep 漏洞,於目標電腦上執行任意程式碼
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=875
售至全球50個國家的醫療用輸液幫浦含有遠端攻擊漏洞
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=30648
Critical remote execution flaw lurks in TP-Link Wi-Fi Extenders
https://www.zdnet.com/article/critical-remote-execution-flaw-lurks-in-tp-link-wi-fi-extenders/#ftag=RSSbaffb68
Critical RCE Vulnerability in TP-Link Wi-Fi Extenders Can Grant Attackers Remote Control
https://securityintelligence.com/posts/critical-rce-vulnerability-in-tp-link-wi-fi-extenders-can-grant-attackers-remote-control/
TCP SACK PANIC - Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479
https://access.redhat.com/security/vulnerabilities/tcpsack
Disgruntled security firm discloses zero-days in Facebook's WordPress plugins
https://www.zdnet.com/article/disgruntled-security-firm-discloses-zero-days-in-facebooks-wordpress-plugins/#ftag=RSSbaffb68
New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now
https://thehackernews.com/2019/06/oracle-weblogic-vulnerability.html
Weblogic最新反序列化遠程命令執行漏洞 繞過CVE-2019-2725
https://nosec.org/home/detail/2711.html
Oracle WebLogic XMLDecoder反序列化漏洞
http://www.zhuanzhi.ai/document/8986933c73508e661c8167aa5a42b83f
Oracle patches another actively-exploited WebLogic zero-day
https://www.zdnet.com/article/oracle-patches-another-actively-exploited-weblogic-zero-day/#ftag=RSSbaffb68
Spring Security OAuth - Open Redirector
https://www.exploit-db.com/exploits/47000
16歲研究人員發現Google對外網站XSS漏洞可駭入內部網站
https://www.ithome.com.tw/news/131300
【漏洞預警】PHP eval 函式可能遭利用成為後門攻擊手法,允許攻擊者遠端執行任意程式碼,請儘速確認並調整設定
http://www.cpcm.pu.edu.tw/app/news.php?Sn=144
售至全球50個國家的醫療用輸液幫浦含有遠端攻擊漏洞
https://ithome.com.tw/news/131306
D-Link 連網監視攝影機被爆資安漏洞,駭客可取得影像內容
https://blog.twnic.net.tw/2019/06/13/3991/
不只Linux伺服器,Azure也被駭客鎖定Exim漏洞攻擊
https://www.ithome.com.tw/news/131328
Exim RCE漏洞影響數百萬服務器,已有黑客發動攻擊程序
https://toutiao.ycen.com.cn/p/20190615/32185.html?m=defe3bac0e3467de8211f63d715f7745&f=index
Critical Flaw Reported in Popular Evernote Extension for Chrome Users
http://bit.ly/2ZtSyR2
Two New Microsoft Zero-Day Vulnerabilities Revealed in One Week
https://blog.skyboxsecurity.com/microsoft-zero-day-vulnerabilities/
Adobe June Patch Tuesday Addressed Critical Security Vulnerabilities In ColdFusion, Campaign And Flash
https://latesthackingnews.com/2019/06/14/adobe-june-patch-tuesday-addressed-critical-security-vulnerabilities-in-coldfusion-campaign-and-flash/
Microsoft June Patch Tuesday Addressed 88 Vulnerabilities Including Zero-Days
http://bit.ly/2RrPRMS
Microsoft delivers public preview of Azure Bastion service for remotely accessing VMs more securely
https://www.zdnet.com/article/microsoft-delivers-public-preview-of-azure-bastion-service-for-remotely-accessing-vms-more-securely/#ftag=RSSbaffb68
關於Windows 認證高危漏洞的緊急預警通報
http://www.ccw.com.cn/industry/2019-06-17/7946.html
Windows 6 月更新 安裝後,將阻止部分藍牙LE 裝置與電腦設備配對
https://www.kocpc.com.tw/archives/265275
Microsoft releases first test build of Windows Server 20H1
https://www.zdnet.com/article/microsoft-releases-first-test-build-of-windows-server-20h1/#ftag=RSSbaffb68
Docker embraces Windows Subsystem for Linux 2
https://www.zdnet.com/article/docker-embraces-windows-subsystem-for-linux-2/#ftag=RSSbaffb68
Coremail郵件系統安全漏洞的預警通報
http://www.cnnvd.org.cn/web/bulletin/bulletinById.tag?mkid=144
dlink -- dir-300_firmware CVE-2013-7471
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7471
ipswitch -- ws_ftp_server CVE-2019-12144
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12144
joomla CVE-2019-12765
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12765
sap -- advanced_business_application_programming_platform_kernel CVE-2019-0304
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0304
solarwinds -- serv-u_ftp_server
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19999
新版 Chrome 是媒體的痛,讀者繞過付費牆的好用工具
https://technews.tw/2019/06/18/new-chrome-is-the-headache-of-media-and-the-good-tools-for-readers-to-bypass-paywall/
Chrome extension caught hijacking users' search engine results
https://www.zdnet.com/article/chrome-extension-caught-hijacking-users-search-engine-results/#ftag=RSSbaffb68
Google launches Chrome extension for flagging bad URLs to the Safe Browsing team
https://www.zdnet.com/article/google-launches-chrome-extension-for-flagging-bad-urls-to-the-safe-browsing-team/#ftag=RSSbaffb68
Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks
http://bit.ly/2IW4tAm
Firefox zero-day was used in attack against Coinbase employees, not its users
https://www.zdnet.com/article/firefox-zero-day-was-used-in-attack-against-coinbase-employees-not-its-users/#ftag=RSSbaffb68
Mozilla patches Firefox zero-day abused in the wild
https://www.zdnet.com/article/mozilla-patches-firefox-zero-day-abused-in-the-wild/#ftag=RSSbaffb68
被用來攻擊虛擬貨幣平台漏洞,Firefox 罕見緊急更新瀏覽器
https://technews.tw/2019/06/20/flaw-use-to-attck-cryptocurrency-platform-firefox-update-browser-in-urgancy/
Critical Flaw Reported in Popular Evernote Extension for Chrome Users
https://thehackernews.com/2019/06/evernote-extension-hacking.html
Tor Browser 8.5.2 Released — Update to Fix Critical Firefox Vulnerability
https://thehackernews.com/2019/06/tor-browser-firefox-hack.html
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
資安訊息分享 未來擬收費
https://udn.com/news/story/7239/3875796
ATM瘋狂吐鈔!男放布袋接好接滿
http://gotv.ctitv.com.tw/2019/06/1082775.htm
香港銀行公會指未見特殊情況 銀行基建運作正常
http://bit.ly/2WIknTS
神腦全面轉型 將跨刀網路投保
http://bit.ly/2IKQrRX
業界首家! 新光人壽導入「行動身分識別服務」
https://tw.finance.appledaily.com/realtime/20190617/1585174/
崴亞風險咨詢公司開辦 資安保險專才班 6/28開課
https://www.chinatimes.com/newspapers/20190618000490-260207?chdtv
美跨機構測試銀行資安能力 最快今年實施
https://money.udn.com/money/story/5602/3877636
國際財經:傳美國考慮對銀行業進行跨機構網路防禦測試
http://bit.ly/2WPoJ0g
e動郵局硬體故障 手機200萬用戶受影響
https://life.taronews.tw/2019/06/18/375134/
實體交易用戶不受影響 中華郵政App故障8.5小時
http://bit.ly/2L3KGSm
郵局網路大當機 估下午3點前修復
https://turnnewsapp.com/livenews/aj/A08616002019061813503241
磁碟硬體異常! 郵局APP「e動郵局」服務斷
http://bit.ly/2xblAbH
中華郵政手機網路當機 預計下午3時前修復
https://udn.com/news/story/7239/3878540
e動郵局硬體故障 手機200萬用戶受影響
https://money.udn.com/money/story/5613/3878531
《金融》大出包!郵局網路當機,修復時間「未被通知」
http://bit.ly/2XlSmWx
中興高管回應自主操作系統應用適配不足:需要過程
https://news.sina.com.tw/article/20190618/31668076.html
股東要求給交代 南山人壽老董杜英宗為百億新系統出包致歉
https://www.ettoday.net/news/20190621/1472235.htm
股東砲轟「境界計畫」 杜英宗說:「若失敗我負責」
https://ec.ltn.com.tw/article/breakingnews/2829194
倫交所成立台北辦公室 將建百人團隊
https://udn.com/news/story/7251/3879238
台灣壽險業陷冰風暴?壽險公會6點聲明反駁
https://news.ebc.net.tw/News/Article/167664
壽險像第二個年金? 金融業高層:遲早有人破產
http://bit.ly/2FlXeR2
網路安全專家在保險業吃香
http://big5.ftchinese.com/story/001083185?full=y
凱基條款可望為首例 監理沙盒業務若未涉法令禁止 其他銀行也可試辦
https://news.cnyes.com/news/id/4341136
占凱基銀便宜 手機門號辦貸款 金管會准「試辦」不必進沙盒
https://www.chinatimes.com/realtimenews/20190618004328-260410?chdtv
國泰世華銀行將使用數位簽章保護本行外寄之電子郵件
https://www.cathaybk.com.tw/cathaybk/personal/News/Announcement/2019/0620AnnounceInfo/
5大數位帳戶卡整理包 高利存款跨轉提免費
http://bit.ly/2IXRVZk
臺灣土地銀行個人網路銀行將於108年06月27日(星期四)下午5時30分至下午7時30分期間短暫停止服務
https://www.landbank.com.tw/Bulletin/Detail/ce4a0c74-f506-43d8-92dc-aa71009dd5fd?code=H300
好方便!這7類款項開放超商「刷卡」代收 最快年底上路
https://newtalk.tw/news/view/2019-06-21/262697
南山新系統6月底後若再出包 顧立雄目3方向處置
https://www.chinatimes.com/realtimenews/20190621003564-260410?chdtv
南山境界6月後再亂 顧立雄:罰負責人
https://www.chinatimes.com/realtimenews/20190621003561-260410?chdtv
南山人壽系統改善了?顧立雄:要看第三方獨立查核報告
https://udn.com/news/story/7239/3885247
Equifax breach impacted the online ID verification process at many US govt agencies
https://www.zdnet.com/article/equifax-breach-impacted-the-online-id-verification-process-at-many-us-govt-agencies/#ftag=RSSbaffb68
Europol calls for crackdown on physical ATM attacks
https://www.atmmarketplace.com/news/europol-calls-for-crackdown-on-physical-atm-attacks/
Beyond Managed Security Services: SOC-as-a-Service for Financial Institutions
https://www.bankinfosecurity.in/webinars/webinar-beyond-managed-security-services-soc-as-a-service-for-w-1853?rf=promotional_webinar
Physical ATM attacks are violent, mostly unsuccessful
https://www.atmmarketplace.com/blogs/physical-atm-attacks-are-violent-mostly-unsuccessful/
Windows 10: ATM operators readying for massive software update
https://www.atmmarketplace.com/blogs/windows-10-atm-operators-prepare-for-massive-software-update/
3.電子支付/電子票證/行動支付/ pay/新聞及資安
台鐵推電子支付買便當 17日起台灣pay先行
https://www.ptt.cc/bbs/MobilePay/M.1560836119.A.89F.html
越南正式將6月16日定為無現金日
http://bit.ly/2WOmmej
還在行動支付?中國已經開始靠「臉」辨識付款了
http://bit.ly/2WWpkse
Visa亞太資安高峰會:支付資訊安全推動數位經濟發展
https://news.sina.com.tw/article/20190620/31697288.html
LINE將在台灣推廣LINE Pay mini行動支付
https://www.ptt.cc/bbs/MobilePay/M.1560741991.A.952.html
台灣、泰國等地將支持韓國新世界SSG-PAY支付
http://www.coinvoice.cn/41193.html
4.虛擬貨幣/區塊鍊 新聞及資安
區域鏈專家教你如何保障網絡安全
https://fortuneinsight.com/web/posts/301509
幫企業減少跨境交易成本?VISA推出全球首個B2B區塊鏈支付平台
http://bit.ly/2IihRj8
區塊客一分鐘新聞 – 6 月 14 日重點:幣安被盜比特幣遭轉移
https://blockcast.it/2019/06/14/blockcast-daily-06-14/
孫宇晨:歡迎阿里、騰訊進入數字貨幣支付領域
https://news.sina.com.tw/article/20190614/31635208.html
穩定幣比比特幣更穩定,但只是暫時的
http://news.knowing.asia/news/2626c12a-b95a-4c76-a05a-183a6f94856e
數據洩露醜聞爆發之後,Facebook積極佈局區塊鏈
http://news.knowing.asia/news/e6ca89d3-3ac8-4a30-8a25-48b31fbfa21c
國家級區塊鏈大聯盟 立委盼四管齊下
https://www.chinatimes.com/realtimenews/20190614003578-260410?chdtv
臉書數字貨幣獲VISA、Uber等支持,或在下周發白皮書
https://news.sina.com.tw/article/20190615/31639004.html
臉書加密通貨Libra 獲Visa、PayPal、優步投資
https://www.chinatimes.com/realtimenews/20190614004171-260410?chdtv
Facebook即將推出Libra測試網
http://bit.ly/2WLWn7e
分析師:臉書加密貨幣 不會威脅到Visa、Mastercard
https://times.hinet.net/news/22423984
FB加密貨幣項目曝光:共25個合作夥伴 各交1000萬美元
https://news.sina.com.tw/article/20190615/31639154.html
泰國銀行撤回:”將盡快使用XRP”的聲明
http://bit.ly/2WMC9dB
虛擬貨幣 下半年納入洗錢防制
https://udn.com/news/story/11316/3875776
防洗錢 虛擬幣交易 超商不納管
https://udn.com/news/story/7239/3875810?from=udn-catebreaknews_ch2
駭客集團所為?Coincheck員工的電腦中被檢測出病毒
http://m.match.net.tw/pc/news/technology/20190617/4928180
FB擬推加密幣 比特幣升破9300美元
http://www.orangenews.hk/finance/system/2019/06/17/010119237.shtml
肖磊:離華爾街接管比特幣產業已經不遠了
http://news.knowing.asia/news/662e3362-bdfa-4bbf-94ba-9d30bafe4838
Cosmos 披露 5 月主網漏洞調查細節 安全負責人:這一課讓我們明白建立快速安全溝通管道的重要性
https://blockcast.it/2019/06/18/cosmos-released-a-full-disclosure-of-last-months-vulnerability/
黑客利用Mozilla Firefox漏洞攻擊Coinbase用戶
https://www.tuoluocaijing.com.tw/kuaixun/detail-70120.html
交易所遭郵件釣魚攻擊 超40萬美元BTC或失竊
https://news.sina.com.tw/article/20190618/31671114.html
Stellar行星幣被披露發現通脹漏洞,增加22.5億個非常規XLM
https://www.bishijie.com/shendu_26836
一文讀懂智能合約漏洞
https://www.chainnews.com/articles/848752496059.htm
另一種中心化?我們該如何看待幣安發行的BTCB
http://news.knowing.asia/news/df6de059-0e06-4523-9aad-73486fb7511b
史上規模最大「東京 Coincheck 交易所駭客事件」案情逆轉,主謀可能是「俄羅斯駭客」
https://www.blocktempo.com/russian-hackers-may-have-carried-out-largest-ever-crypto-exchange-theft/
金融科技成為洗錢新工具? ICO的匿名和去中心化技術成為監管漏洞
https://www.storm.mg/article/1382555?srcid=73746f726d2e6d675f63373766396366313733396365313337_1561087985
臉書:Libra背後的資產是它與現有加密貨幣之間最大的差異
https://www.ithome.com.tw/news/131342
私隱問題未解決 美國議員誓阻Facebook發展新虛擬貨幣
http://bit.ly/31MietV
臉書幣是代幣而非貨幣!盤點央行總裁楊金龍分析虛擬通貨的5個觀點
http://news.knowing.asia/news/0d6307ac-3edb-41e8-a8df-0fa45b4a01b1
我該怎麼拿到臉書幣、可以用它來買什麼?看懂祖克柏的數位貨幣夢,你該知道的11個「Libra」幣Q&A
https://www.storm.mg/article/1402970?srcid=73746f726d2e6d675f63373766396366313733396365313337_1561097575
Facebook Libra 加密貨幣將至,希望打造橫跨支付、商務、App 及遊戲平台
https://finance.technews.tw/2019/06/18/why-libra-could-be-worth-billions/
反擊Facebook!瑞波宣布與MoneyGram達成戰略合作
http://news.knowing.asia/news/6b513e6f-af3a-415f-aa30-48ab9286c385
顧立雄關切臉書幣這兩件事 如涉及就須監理
https://money.udn.com/money/story/5613/3885196
Facebook's Libra Cryptocurrency Prompts Privacy Backlash
https://www.bankinfosecurity.com/facebooks-libra-cryptocurrency-prompts-privacy-backlash-a-12655
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
HiddenWasp惡意軟體借用Mirai及Winnti程式碼攻擊Linux系統
https://blog.trendmicro.com.tw/?p=60839
針對中亞地區政府部門的攻擊:通過Office漏洞傳播新型Hawkball後門
https://www.4hou.com/other/18532.html
伊朗APT 組織MuddyWater 加入新的漏洞利用
https://www.chainnews.com/articles/241516300464.htm
駭客利用23款攻擊程式來散布新一代殭屍病毒Echobot
https://www.ithome.com.tw/news/131311
紐約時報披露美軍網路作戰司令部已在俄羅斯電網植入惡意程式,必要時可使其癱瘓
https://www.techbang.com/posts/70871-us-cyber-command-has-planted-malware-on-the-russian-power-grid-paralysing-it-if-necessary
ESET揭露可竊取Android手機一次性密碼的惡意程式
https://www.ithome.com.tw/news/131335
僵屍網路(Botnet)攻擊布署,由 Windows 轉向 Linux 與 IoT 設備
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=878
不夠智慧的三星電視,提醒用戶需定期掃毒引發恐慌
https://technews.tw/2019/06/18/samsung-warns-people-smart-tv-should-regularly-scan-for-malware-is-making-people-panic/
Samsung 提示用戶要定期為智能電視掃描除毒
http://bit.ly/2ZD7pbU
Bitdefender與警方聯手釋出勒索軟體GandCrab最新版解密工具
https://www.ithome.com.tw/news/131326
電腦系統被駭 佛羅里達州小城付千萬贖金救資料
https://udn.com/news/story/6813/3882752
佛州市政府遭駭 同意付60萬美元贖金保護資料
https://www.cna.com.tw/news/aopl/201906200085.aspx
AESDDoS 殭屍網路變種,經由暴露在外的 Docker API 滲透容器
https://blog.trendmicro.com.tw/?p=60878
新手駭客也可輕易取得“軍事級”工具,攻擊使用過時 Windows 系統的企業
https://cms.airsupport.ga/xin-shou-hai-ke-ye-ke-qing-yi-qu-de-jun-shi-ji-gong-ju-gong-ji-shi-yong-guo-shi-windows-xi-tong-de-qi-ye-3/
Xenotime Group Sets Sights on Electrical Power Plants
https://www.bankinfosecurity.com/xenotime-group-sets-sights-on-electrical-power-plants-a-12637
The US planted offensive malware in Russia's power grid
https://engt.co/31EdIgS
JURASIK RANSOMWARE ACTIVELY SPREADING IN THE WILD
https://securitynews.sonicwall.com/xmlpost/jurasik-ransomware-actively-spreading-in-the-wild/
pyLocky Decryptor Released by French Authorities
https://www.bleepingcomputer.com/news/security/pylocky-decryptor-released-by-french-authorities/
Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners
https://blog.trendmicro.com/trendlabs-security-intelligence/advanced-targeted-attack-tools-used-to-distribute-cryptocurrency-miners/
Adware and PUPs families add push notifications as an attack vector
https://blog.malwarebytes.com/adware/2019/06/adware-and-pups-families-add-push-notifications-as-an-attack-vector/
Microsoft warns Azure customers of Exim worm
https://www.zdnet.com/article/microsoft-warns-azure-customers-of-exim-worm/#ftag=RSSbaffb68
New WSH RAT Malware Targets Bank Customers with Keyloggers
https://www.bleepingcomputer.com/news/security/new-wsh-rat-malware-targets-bank-customers-with-keyloggers/
Houdini Worm Transformed in New Phishing Attack
https://cofense.com/houdini-worm-transformed-new-phishing-attack/
Houdini malware targets victims with keylogger, online bank account theft tools
https://zd.net/2ZzJom1
Bank hackers team up to spread financial Trojans worldwide
https://www.zdnet.com/article/bank-hackers-team-up-to-spread-financial-trojans-worldwide/#ftag=RSSbaffb68
New Echobot malware is a smorgasbord of vulnerabilities
https://www.zdnet.com/article/new-echobot-malware-is-a-smorgasbord-of-vulnerabilities/#ftag=RSSbaffb68
New Plurox malware is a backdoor, cryptominer, and worm, all packed into one
https://www.zdnet.com/article/new-plurox-malware-is-a-backdoor-cryptominer-and-worm-all-packed-into-one/#ftag=RSSbaffb68
Plurox: Modular backdoor
https://securelist.com/plurox-modular-backdoor/91213/
Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East
https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/
Ryuk Ransomware Adds IP and Computer Name Blacklisting
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-adds-ip-and-computer-name-blacklisting/
Florida city pays $600,000 to ransomware gang to have its data back
https://www.zdnet.com/article/florida-city-pays-600000-to-ransomware-gang-to-have-its-data-back/#ftag=RSSbaffb68
Daily News Roundup: Houdini Ziele Für Malware Ihre Bank-Konto
http://allinfo.space/2019/06/18/daily-news-roundup-houdini-ziele-fur-malware-ihre-bank-konto/
GandCrab Ransomware Decryption Tool [All Versions] — Recover Files for Free
https://thehackernews.com/2019/06/gandcrab-ransomware-decryption-tool.html
Ransomware gang hacks MSPs to deploy ransomware on customer systems
https://www.zdnet.com/article/ransomware-gang-hacks-msps-to-deploy-ransomware-on-customer-systems/#ftag=RSSbaffb68
DanaBot Banking Trojan Upgraded with ‘Non Ransomware’ Module
https://www.bleepingcomputer.com/news/security/danabot-banking-trojan-upgraded-with-non-ransomware-module/
Russian APT hacked Iranian APT's infrastructure back in 2017
https://www.zdnet.com/article/russian-apt-hacked-iranian-apts-infrastructure-back-in-2017/#ftag=RSSbaffb68
LoudMiner: Cross-platform mining in cracked VST software
https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/
Cryptojacking: An Unwanted Guest
https://www.bromium.com/cryptojacking-coin-miner-attack-uses-nsa-developed-equation-group-tools-to-move-laterally/
The Mobile Watering Hole: How A Sip Leads to A Trojan Compromise
https://blog.zimperium.com/the-mobile-watering-hole-how-a-sip-leads-to-a-trojan-compromise/
B.行動安全 / iPhone / Android /穿戴裝置 /App
五月天石頭4字留言挺香港 臉書慘遭惡意檢舉一度「被消失」
https://dailyview.tw/Popular/Detail/5210
公共Wi-Fi暗藏危機 暑假出國旅遊連網務必注意
https://times.hinet.net/news/22425253
手機NFC隱含攻擊弱點 掌握原理避免無線盜刷
https://www.netadmin.com.tw/netadmin/zh-tw/technology/160F70CE888B42F8BA0842C791F4B979
小米手環 4 NFC 版也通過 NCC 審核,25 日新品發表會見
https://saydigi-tech.com/2019/06/7513.html
WhatsApp 緊急修補嚴重資安漏洞:一通未接來電即可植入惡意程式進行監聽
https://blog.twnic.net.tw/2019/06/13/3969/
解鎖漏洞再現!以色列公司 Cellebrite 可以解鎖任何 iOS 和 Android 設備
https://mrmad.com.tw/cellebrite-ufed-premium
國外用戶替 iPhone 6 破解 iPSW 成功安裝與執行 iOS 13 beta1
https://mrmad.com.tw/ios-13-beta1-ported-to-iphone6
《Pokemon Go》開發商針對「Global++」駭客組織提出訴訟 嘗試杜絕飛人等不法行為
https://gnn.gamer.com.tw/4/181234.html
iOS 13開放NFC功能 將可掃描身分證、快速支付
https://www.ettoday.net/news/20190617/1469204.htm
抗衡中共數據監控! 港人反送中Telegram尋串聯
http://bit.ly/2WMFa8A
Telegram創辦人:DDoS攻擊IP多半來自中國
https://ithome.com.tw/news/131271
被捕 Telegram 谷主原來用小米手機!網民指:咁夠膽
http://bit.ly/2ZpuT3T
Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests
http://bit.ly/2KS5YCc
Android's Built-in Security Key Now Works With iOS Devices For Secure Login
http://bit.ly/31w0bIt
5G just part of technology's 'new Cold War frontline'
https://www.zdnet.com/article/5g-just-part-of-technologys-new-cold-war-frontline/#ftag=RSSbaffb68
SIM-swap attack, iPad OS, Mate X delay, Pixel 4 reveal (MobileTechRoundup show #472)
https://www.zdnet.com/article/sim-swap-attack-ipad-os-mate-x-delay-pixel-4-reveal-mobiletechroundup-show-472/#ftag=RSSbaffb68
SIM swap horror story: I've lost decades of data and Google won't lift a finger
https://www.zdnet.com/article/sim-swap-horror-story-ive-lost-decades-of-data-and-google-wont-lift-a-finger/#ftag=RSSbaffb68
Warning Issued For Apple's 1.4 Billion iPad And iPhone Users
https://www.forbes.com/sites/gordonkelly/2019/06/16/apple-iphone-ipad-security-warning-ios-12-iphone-xs-max-xr/#76bca39a3641
iOS 13: Your iPhone could also be your passport and ID card
https://www.zdnet.com/article/ios-13-your-iphone-could-also-be-your-passport-and-id-card/#ftag=RSSbaffb68
Top 10 iPhone privacy and security tips you should check today
https://www.zdnet.com/pictures/top-10-iphone-privacy-and-security-tips-you-should-check-today/#ftag=RSSbaffb68
Security firm claims it can unlock any iPhone
https://www.zdnet.com/article/security-firm-claims-it-can-unlock-any-iphone/#ftag=RSSbaffb68
Instagram tests new ways to recover hacked accounts
https://www.welivesecurity.com/2019/06/18/instagram-new-ways-account-recovery/
You’d better change your birthday – hackers may know your PIN
https://www.welivesecurity.com/2019/06/19/change-birthday-hackers-may-know-pin/
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
蹲點男偷連未加密WIFI被告!檢察官2個理
https://disp.cc/b/163-bsQk
FireEye揭露亞太企業偵測駭客活動 落後於其他地區同業
https://www.it-square.hk/archives/8731
大漏洞!SAT生物考試前 網上驚現考題及答案
http://bit.ly/2wY2qpK
網路攻防戰 破解駭客 企業自保8守則
https://vision.udn.com/vision/story/12939/3722041
陸駭客竊美國安局程式發動網攻
http://bit.ly/31HwunA
杜絕飛人外掛 Niantic怒告駭客組織「Global++」
https://game.ettoday.net/article/1469337.htm
香港醫管局網絡周一遭黑客攻擊3小時 消息稱6.12後屢遭密集式攻擊
https://hk.news.appledaily.com/local/realtime/article/20190620/59738296
千萬小心!票務系統遭攻擊 中國大陸湖南一景區損失23萬余元
https://news.sina.com.tw/article/20190620/31693338.html
官方認證!美國國土安全部成功測試Bluekeep攻擊,呼籲企業儘快修補
https://www.ithome.com.tw/news/131323
意外發生!大量歐洲網路流量被導向中國長達2小時
http://bit.ly/2wWMbcx
China Telecom Swallows Huge Amount of European Mobile Traffic For Over Two Hours
http://bit.ly/2XprncN
無視美警告 芬蘭軍方採購150架中國大疆無人機
https://news.ltn.com.tw/news/world/breakingnews/2825431
英國同意引渡「維基解密」創辦人阿桑奇 美國最高可判刑175年
http://bit.ly/2WGT9Nq
【中美貿易戰】避免遭波及 Google等外企將生產移出中國
http://bit.ly/2F8bHjq
研究:GPS 服務如果中斷一個月,每天經濟損失估計將達 10 億美元
https://technews.tw/2019/06/16/rti-international/
數位冷戰!紐時:美國加大力度 網路入侵俄國電網系統
https://www.inside.com.tw/article/16645-trump-cyber-russia-grid
美澳加相繼被爆料 「自由」國度監控民眾不手軟
https://news.sina.com.tw/article/20190616/31648456.html
強力回擊!美國駭客攻擊俄羅斯電網
https://newtalk.tw/news/view/2019-06-17/261095
美國國家安全事務助理波頓:中共持續網攻美公私機構
http://bit.ly/2RvfWL1
美國各種公共事業遭高危險駭侵團體鎖定
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=872
聯合國安理會程式存漏洞,受制裁恐怖分子仍可使用被凍結資金
https://on.wsj.com/2KtoWzz
堵中共技術剽竊 美議員提議設關鍵技術辦公室
http://bit.ly/2IuZvvk
中國大陸公信部公開徵求對《網絡安全漏洞管理規定(徵求意見稿)》的意見
http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057724/n3057728/c7005976/content.html
中國大陸《網絡安全漏洞管理規定》逐條解讀
http://www.zhonglun.com/Content/2019/06-19/1711082330.html
日本海事協會發布軟體資安指南
http://bit.ly/2FzwMnt
韓國政黨聲援香港反送中 臉書遭攻擊
https://www.ntdtv.com/b5/2019/06/20/a102605282.html
以色列與世行簽署協議助力發展中國家網路安全建設
https://news.sina.com.tw/article/20190618/31662496.html
中共封閉網路 美記者:影響陸民世界觀
http://bit.ly/31Ma6d6
Dutton's non-denial fuels fears of domestic ASD cyber spying
https://www.zdnet.com/article/duttons-non-denial-fuels-fears-of-domestic-asd-cyber-spying/#ftag=RSSbaffb68
10 Highlights: Infosecurity Europe 2019 Keynotes
https://www.bankinfosecurity.com/10-highlights-infosecurity-europe-2019-keynotes-a-12633
A quarter of major CMSs use outdated MD5 as the default password hashing scheme
https://www.zdnet.com/article/a-quarter-of-major-cmss-use-outdated-md5-as-the-default-password-hashing-scheme/#ftag=RSSbaffb68
Two Weekend Outages, Neither a Cyberattack
https://www.bankinfosecurity.com/blogs/two-weekend-outages-neither-cyberattack-p-2758
Singapore ahead in use of digital health records, but behind in AI for diagnosis
https://www.zdnet.com/article/singapore-ahead-in-use-of-digital-health-records-but-behind-in-ai-for-diagnosis/#ftag=RSSbaffb68
FBI warning: Foreign spies using social media to target government contractors
https://www.zdnet.com/article/fbi-warning-foreign-spies-using-social-media-to-target-government-contractors/#ftag=RSSbaffb68
Google Cloud's bad month continues as Google Calendar sputters
https://www.zdnet.com/article/google-clouds-bad-month-continues-as-google-calendar-sputters/#ftag=RSSbaffb68
The dark web is nothing fancy: It's just a different set of protocols - like Tor
https://www.zdnet.com/article/the-dark-web-is-nothing-fancy-its-just-a-different-set-of-protocols-like-tor/#ftag=RSSbaffb68
就業市場最缺工程師 演算法菜鳥工程師起薪近6萬元
https://udn.com/news/story/7238/3873788
大猩猩科技公司徵才 (智能影像分析/網路資安)
https://www.cs.nctu.edu.tw/announcements/detail/4564?locale=en
資安經理
https://www.104.com.tw/job/6nc2m
資安維運實習生
https://www.104.com.tw/job/6ncai
軟體工程師(JAVA)
https://www.104.com.tw/job/6ncb7
電信業今年要徵4,000人
https://money.udn.com/money/story/5648/3881897
ISO17025實驗室建置維運工程師
https://www.104.com.tw/job/6ndz2
資訊設備管制人員(資訊安全管理工程師)
https://www.okwork.taipei/OkWorkTYS/ESO/portal/Registration/JobVacancyAction!jobDetail?HireId=9094773
中華電信大徵才 最高起薪48K
https://udn.com/news/story/7240/3883047
Android 開發工程師
https://www.yourator.co/companies/jkopay/jobs/8235
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
上街頭抗爭前,網路公民須先學會的三種個資保護技巧
http://bit.ly/2x2ZNCZ
網路釣魚及流氓行動應用程式是詐騙攻擊最常用的媒介
https://blog.trendmicro.com.tw/?p=60797
新型釣魚詐騙活動,以加密訊息為由,騙取用戶帳號密碼
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=873
電子旅行簽證 代辦網站似官網
http://www.hkcd.com/content/2019-06/18/content_1143557.html
網上辦理電子旅行簽證易被魚目混珠 香港消委會提示認清官網慎
http://www.hkcna.hk/content/2019/0617/769229.shtml
如何在抗議現場避免被監聽與跟蹤?前偵探教你安全 18 招
http://bit.ly/2wZb07G
個資是網路商業世界的通貨 消費者要強化自我保護意識
http://bit.ly/2IkaoA0
用戶個資全送中國?臉書承認與華為分享數據
https://newtalk.tw/news/view/2018-06-07/127055?
遭「網絡釣魚」詐騙 伯靈頓市府失50萬
http://bit.ly/2XlMexn
醫管局深夜改口 認急症室電腦毋須登入任睇傷者資料 頁面標明「For Police」
https://hk.news.appledaily.com/local/realtime/article/20190617/59726488
醫管局被指洩病人資料 公共醫療醫生協會:極度震驚
https://news.rthk.hk/rthk/ch/component/k2/1463595-20190618.htm
爆商標爭議!診所以「臺安」名義招攬健檢 民眾怨「若個資外洩、醫療糾紛找誰負責?」
http://bit.ly/2Xpr0i2
零售商須擬定全面性策略以確保網路安全與避免資料外洩
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000561980_MYSLUD3M7S43X61EE0B4W
台政府$2.5億撐港遊行? 刑事局立案調查假訊息
https://hk.news.appledaily.com/china/realtime/article/20190620/59737394
男子偷8保險經紀信用卡 碌卡24萬被捕
https://hk.news.appledaily.com/breaking/realtime/article/20190620/59737237
臉書玩20題IQ測驗!他被威脅討2000元測驗費「已找討債公司」
https://www.ettoday.net/news/20190621/1472056.htm
對付假新聞應與新加坡合作
https://talk.ltn.com.tw/article/paper/1297485
「祝賀!您被Google隨機選中」跳出中獎視窗 當心挨詐
https://news.ltn.com.tw/news/society/breakingnews/2828577
信用卡及金融卡身份詐欺案件在英國急遽增加
http://bit.ly/2x96BPQ
身份證買賣背後的「網路黑色江湖」
https://news.sina.com.tw/article/20190621/31703284.html
網購化妝品險被詐 付款後網頁變英文
https://news.ltn.com.tw/news/society/breakingnews/2826394
Millions of Venmo transactions scraped in warning over privacy settings
https://techcrunch.com/2019/06/16/millions-venmo-transactions-scraped/
Oregon State University breach exposed student, family data
https://www.zdnet.com/article/oregon-state-university-breach-exposed-student-family-data/#ftag=RSSbaffb68
Mermaids transgender charity data breach exposed confidential emails
https://www.zdnet.com/article/mermaids-transgender-charity-apologizes-for-data-breach/#ftag=RSSbaffb68
Singapore Prepares for Mandatory Breach Reporting
https://www.bankinfosecurity.in/singapore-prepares-for-mandatory-breach-reporting-a-12638
Hackers Are After Your Personal Data – Here’s How to Stop Them
https://blog.trendmicro.com/hackers-are-after-your-personal-data-heres-how-to-stop-them/
Data breach forces medical debt collector AMCA to file for bankruptcy protection
https://www.zdnet.com/article/medical-debt-collector-amca-files-for-bankruptcy-protection-after-data-breach/#ftag=RSSbaffb68
Singapore sees drop in common security threats, but foresees more data breaches
https://www.zdnet.com/article/singapore-sees-drop-in-common-security-threats-but-foresees-more-data-breaches/#ftag=RSSbaffb68
Protect your online identity now: Fight hackers with these 5 security safeguards
https://www.zdnet.com/article/protect-your-online-identity-now-fight-hackers-with-these-5-security-precautions/#ftag=RSSbaffb68
Ad agency leaks data on US military veterans' combat injuries
https://www.zdnet.com/article/ad-agency-leaks-data-on-us-military-veterans-combat-injuries/#ftag=RSSbaffb68
Meds prescriptions for 78,000 patients left in a database with no password
https://www.zdnet.com/article/meds-prescriptions-for-78000-patients-left-in-a-database-with-no-password/#ftag=RSSbaffb68
E.研究報告
內網大殺器利用:CVE-2019-1040漏洞
https://www.anquanke.com/post/id/180379
WordPress插件IEAC漏洞分析及組合利用嘗試
https://www.freebuf.com/vuls/205735.html
ApacheTomca遠程執行代碼(CVE-2019-0232)漏洞淺析和復現
http://bit.ly/31LIZ1v
黑客利用XSS漏洞,可訪問谷歌的內部網絡
https://tech.ifeng.com/c/7nY0BZMmNCe
實戰介紹Windows下的PC客戶端常見漏洞挖掘
http://www.sohu.com/a/321284564_466846
CVE-2019-12498:WordPress WP Live Chat漏洞分析
https://www.4hou.com/vulnerable/18540.html
Tendermint表示上個月的Cosmos漏洞暴露出安全漏洞
http://bit.ly/2ZtFw5R
CVE-2019-1040 结合RCE和Domain Admin的漏洞
https://bbs.pediy.com/thread-252018.htm
【乾貨分享】應急響應案例分析與經驗分享
http://blog.nsfocus.net/emergency-response-case-study/
WordPress插件Form Maker SQL注入漏洞分析
https://cloud.tencent.com/developer/article/1447342
Osmedeus:用於偵察和漏洞掃描的全自動安全工具
https://cloud.tencent.com/developer/article/1447398
影響NETGEAR路由器的0-Day:KCodes NetUSB兩個安全漏洞披露(CVE-2019-5016/5017)
https://www.4hou.com/vulnerable/18655.html
EXCHANGE上冒充任意用戶--Exchange Server權限提升漏洞(CVE-2018-8581)分析
https://www.cnblogs.com/backlion/p/11047387.html
WhatsApp緩衝區溢出漏洞分析
https://juejin.im/entry/5d08a416f265da1ba84a92a2
脈輪漏洞調試筆記1 - ImplicitCall
https://www.anquanke.com/post/id/180551
Versionscan:一款專為白帽子設計的PHP漏洞掃描報告工具
https://www.freebuf.com/sectool/206015.html
【駭客戰略定義更廣、偵測類別定義更細】快速認識ATT&CK框架的最新變化
https://www.ithome.com.tw/news/131275
【不只幫助攻擊入侵行為的理解,更便於企業防禦評估】資安攻防新戰略MITRE ATT&CK
https://www.ithome.com.tw/news/131274
淺談轟炸漏洞攻防思路
https://xz.aliyun.com/t/5432
第三方寄信服務簡易分析
http://bit.ly/2J0qrlz
保障IDC 安全:分佈式HIDS 集群架構設計
https://paper.seebug.org/957/
(MuddyWater)近期針對塔吉克斯坦、土耳其等地的攻擊活動匯總
https://www.freebuf.com/articles/network/205621.html
“方程式組織”攻擊中東SWIFT服務商事件复盤分析報告
https://www.freebuf.com/articles/paper/205080.html
陌陌風控系統靜態規則引擎,零基礎簡易便捷的配置多種複雜規則,實時高效管控用戶異常行為。
https://github.com/momosecurity/aswan
Antivirus Evasion with Python
https://medium.com/bugbountywriteup/antivirus-evasion-with-python-49185295caf1
Pwning the Nokelock API
https://www.pentestpartners.com/security-blog/pwning-the-nokelock-api/
Awesome Security
https://github.com/sbilly/awesome-security
Sad SACK: Linux PCs, servers, gadgets may be crashed by 'Ping of Death' network packets
https://www.theregister.co.uk/2019/06/17/linux_tcp_sack_kernel_crash/
security-bulletins/advisories/third-party/2019-001.md
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
HackerOne's top 20 public bug bounty programs
https://www.zdnet.com/pictures/hackerones-top-20-public-bug-bounty-programs/#ftag=RSSbaffb68
BAD THINGS IN SMALL PACKAGES
https://objectivebythesea.com/v2/talks/OBTS_v2_Bradley.pdf
ATTACKING TURBOFAN
https://doar-e.github.io/presentations/typhooncon2019/AttackingTurboFan_TyphoonCon_2019.pdf
CVE-2018-20319: Why you should always have two factor authentication on your VPN
https://labs.nettitude.com/blog/why-you-should-always-have-two-factor-authentication-on-your-vpn-cve-2018-20319/
WhibOx 2019 White-Box Cryptography and Obfuscation (2nd Edition) 18-19 May 2019, Darmstadt, Germany
https://www.cryptoexperts.com/whibox2019/
Cloud Security Research
https://github.com/RhinoSecurityLabs/Cloud-Security-Research
web_cms_exp
https://github.com/anx1ang/Poc_Pentest
HOW MALWARE PERSISTS ON MACOS
https://www.sentinelone.com/blog/how-malware-persists-on-macos/
MODERN MALWARE THREAT: HANDLING OBFUSCATED CODE
http://www.blackstormsecurity.com/CONFIDENCE_2019_ALEXANDRE.pdf
API Series: SetThreadContext
https://medium.com/tenable-techblog/api-series-setthreadcontext-d08c9f84458d
Debugging the XNU Kernel with IDA Pro
https://www.hex-rays.com/products/ida/support/tutorials/xnu_debugger_primer.pdf
Running iOS in QEMU to an interactive bash shell (1): tutorial
https://alephsecurity.com/2019/06/17/xnu-qemu-arm64-1/
PeekABoo
https://github.com/Viralmaniar/PeekABoo
Fuzzing Games with Dolphin Emulator
https://jamchamb.github.io/portfolio/fuzzydolphin
Threat Hunting - Hunter or Hunted'Author
https://www.exploit-db.com/docs/47018
F.商業
以資安為核心出發 賦予行動用戶信譽評價
https://www.netadmin.com.tw/netadmin/zh-tw/trend/0D32569CCCD741F4A8B3F9D51E56E9B1
2019數位應用週 看見台灣軟實力
http://bit.ly/2WPCtrJ
開源負載平衡器HAProxy 2.0釋出,支援更完善的動態配置功能
https://www.ithome.com.tw/news/131309
趨勢科技強化網路攝影機安全 攔截500萬次攻擊
https://www.techbang.com/posts/70925-trend-micro-enhances-webcam-security-to-intercept-5-million-attacks
利用 Google 漏洞來避免負擔廣告費?The North Face 運動品牌被罵翻
http://bit.ly/2Y0P2NC
全景軟體2019下半年主推「多因素認證」與「手寫簽名系統」資安防護產品
http://bit.ly/2N0RL8O
搭建原生雲端應用安全性 推動企業轉型接軌數位經濟時代 API呼叫IT資源 促進開發與維運協同合作
https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/23DFAF3C6976452BB8AD2EC34B515733
OTT引爆高流量 中華電攜手Akamai助陣
https://money.udn.com/money/story/5612/3883499
中華電信攜手 Akamai,建立內容遞送網路服務策略夥伴關係
https://technews.tw/2019/06/20/cht-wz-akamai-on-cdn/
VMware收購Avi Networks 深化資安部署
https://money.udn.com/money/story/5640/3883788
Cloudflare發表「熵聯盟」分散式隨機數產生器開源專案
https://www.ithome.com.tw/news/131337
谷歌:停止開發陸版搜尋引擎
http://bit.ly/2XYjjMW
安碁資訊估今年營收成長 擴大布局東南亞
https://money.udn.com/money/story/5612/3884496
Cloudflare aims to make HTTPS certificates safe from BGP hijacking attacks
https://arstechnica.com/information-technology/2019/06/cloudflare-aims-to-make-https-certificates-safe-from-bgp-hijacking-attacks/
Inside F5’s cyber security playbook
http://bit.ly/31FypZQ
Microsoft acquires Pull Panda for code-review collaboration
https://www.zdnet.com/article/microsoft-acquires-pull-panda-for-code-review-collaboration/#ftag=RSSbaffb68
Microsoft finally releases Hyper-V Server 2019
https://www.zdnet.com/article/microsoft-finally-releases-hyper-v-server-2019/#ftag=RSSbaffb68
Hazelcast open source in-memory data grid secures $21.5 million funding, expands platform to real-time streaming data
https://www.zdnet.com/article/hazelcast-open-source-in-memory-data-grid-secures-21-5-million-funding-expands-platform-to-real-time-streaming-data/#ftag=RSSbaffb68
MongoDB moves beyond the database with new cloud services
https://www.zdnet.com/article/mongodb-moves-beyond-the-database-with-new-cloud-services/#ftag=RSSbaffb68
Azure Data Lake Storage gets Okera security and governance platform support
https://www.zdnet.com/article/azure-data-lake-storage-gets-okera-security-and-governance-platform-support/#ftag=RSSbaffb68
Microsoft rolls out previews of Chromium-based Edge for Windows 7, 8 and 8.1
https://www.zdnet.com/article/microsoft-rolls-out-previews-of-chromium-based-edge-for-windows-7-8-and-8-1/#ftag=RSSbaffb68
IPVanish review: VPN delivers a wealth of options and browsing controls
https://www.zdnet.com/article/ipvanish-review-a-rich-wealth-of-options-and-surfing-controls/#ftag=RSSbaffb68
G.政府
臺灣行動5G發展戰略大揭露!行政院:2020年將培育4千名5G應用人才
https://ithome.com.tw/news/131272
金融監督管理委員會公告:預告「電子支付機構清償基金組織及管理辦法」第11條之1修正草案
https://law.fsc.gov.tw/law/DraftOpinion.aspx?id=7725
調查局內的區塊鏈高手 ─ 專訪資安鑑識實驗室周士楨調查官
http://bit.ly/31z5WoN
電子連署今年可行? 中選會:已進入資安測試階段
https://newtalk.tw/news/view/2019-06-17/260971
中選會:明年大選確定不綁公投 電子連署進入最終測試
https://tronice.rti.org.tw/news/view/id/2024365
用手機門號辦貸款 銀行可向金管會申請試辦6個月
https://www.ettoday.net/news/20190618/1470209.htm
立院臨時會 明處理「國安法」防駭客入侵
http://bit.ly/2L3awWp
網路共諜行為 納入國安法規範
http://bit.ly/2KvmaK6
國安法納入網路共諜 朝野協商達成共識
https://news.ltn.com.tw/news/politics/breakingnews/2826946
國安法納網際空間 共諜可判7年重罰1億
https://udn.com/news/story/12584/3881952
網路納國安範疇 管碧玲:確立反資訊戰法源
https://www.cna.com.tw/news/aipl/201906200218.aspx
法界:「網際空間」概念模糊 執法有爭議
https://udn.com/news/story/12584/3881943
立院三讀 為中國發展組織可關7年以上罰1億元
https://www.cna.com.tw/news/firstnews/201906195006.aspx
立院三讀/ 防中駭入 網路納入國安規範
https://m.ltn.com.tw/news/focus/paper/1297258
經濟部工業局辦理資訊安全應用實務人才養成班(台北)
https://www.moea.gov.tw/MNS/populace/news/NewsAction.aspx?menu_id=43&news_id=85156
都市更新入口網站改版上架 強化資安防護
https://www.ydn.com.tw/News/340299
金管會另闢FinTech試辦 讓銀行「抄捷徑」
https://www.chinatimes.com/realtimenews/20190618004283-260410?chdtv
稽核人員研習班-保險代理人及保險經紀人(108年第二期)
https://edu.tii.org.tw/pt_training/mpage/index/info/1072673711
有關媒體報導我國壽險業因應保險合約(IFRS17)影響及因應情形之說明
http://bit.ly/2ItBCUQ
金管會訂定「銀行申請業務試辦作業要點」
http://bit.ly/2IRuDE8
顧立雄談金融發展:我們鼓勵負責任的創新
https://udn.com/news/story/6871/3882930
H.ICS/SCADA 工控系統
布局工業網路安全 補強OT環境的防護缺口成新趨勢
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000561903_roi8jmxg1zom1i2heek57
工業3.5準智慧系統就位 工業4.0方能乘勢起飛
https://udn.com/news/story/11726/3883427
moxa -- awk-3121_firmware CVE-2018-10697
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-10697
moxa -- awk-3121_firmware CVE-2018-10698
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-10698
I.教育訓練
SLMT's Tutorial Blog
http://slmtsite.blogspot.com/2014/09/security-table-of-contents.html
初探漏洞挖掘基礎
https://xz.aliyun.com/t/5428
整合 Android Paging Library: Part 1
https://enginebai.com/2019/04/22/android-paging-part1/
整合 Android Paging Library: Part 2
https://enginebai.com/2019/06/17/android-paging-part2/
資訊安全工程師證照輔導班
http://bit.ly/2WK13Wm
How to Hack Wi-Fi: Get Anyone’s Wi-Fi Password Without Cracking Using Wifiphisher
http://bit.ly/31GcZfe
Digital Forensics and Incident Response
https://jpminty.github.io/cheatsheet/DFIR/
An Instant Guide to Firewall Builder
http://bit.ly/2MTphxx
Kali Linux滲透測試篇:Nessus主機漏洞掃描工具配置【附工具】
https://www.bilibili.com/video/av55933035/
Container and Test Automation Management Practices in TrendMicro
https://www.slideshare.net/ssusere62027/container-and-test-automation-management-practices-in-trendmicro
108 年 - 108 一般警察二等 網路與資訊安全(包括資訊安全技術與應用、資安事件處理)#76980
https://yamol.tw/exam.php?id=76980
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
7/9 物聯網資安產業標準之「智慧巴士廠商」輔導及推廣說明會
http://www.ttia-tw.org/news.php?wshop=ttia&Opt=detailed&tp=News&lang=zh-tw&news_id=22644
虎頭山創新園區開幕 蔡英文:搶先佈局AI物聯網
https://udn.com/news/story/6656/3878432
虎頭山創新園區 蔡英文:打造資安物聯網中心
http://bit.ly/2L2S7sR
蔡總統:AIoT是台灣產業方向
https://udn.com/news/story/7240/3879632
虎頭山創新園區 總統:布局人工智慧結合物聯網
https://news.tvbs.com.tw/politics/1151454
勒索蠕蟲病毒無孔不入 醫療服務停擺時有所聞 醫療物聯網易遭鎖定 機敏資料防護最關鍵
https://www.netadmin.com.tw/netadmin/zh-tw/trend/D2C851E0075A4F88AF8C8FA9A5E684CD
感測通訊走向數位化 IO-LINK奠定機聯網基礎
https://udn.com/news/story/11726/3883256
解決物聯網應用3大瓶頸,ITM國際信任機器開發區塊鏈IC解決方案
https://meet.bnext.com.tw/articles/view/45010
物聯網大商機!智慧聯網玩具爆炸性成長
https://technews.tw/2019/06/20/connected-play-toy-market-growth/
TensorFlow is dead, long live TensorFlow
https://hackernoon.com/tensorflow-is-dead-long-live-tensorflow-49d3e975cf04
Edge of tomorrow: Industrial IoT slowly assembles new modes of production
https://www.zdnet.com/article/edge-of-tomorrow-industrial-iot-slowly-assembles-new-modes-of-production/#ftag=RSSbaffb68
IoT devices to generate 79.4ZB of data in 2025, says IDC
https://www.zdnet.com/article/iot-devices-to-generate-79-4zb-of-data-in-2025-says-idc/#ftag=RSSbaffb68
6.近期資安活動及研討會
JCConf Taiwan 2019 Call for Proposals 6/1 ~ 6/30
https://twjug.kktix.cc/events/jcconf-2019-cfp
2019 6月份 SA@Taipei 6/22(六) Working with PowerShell
https://studyarea.kktix.cc/events/8a726f12-copy-1
CCNS 定期聚 — 當 Python 遇上 JIT / PyPy 淺談 6/23
https://ccns.kktix.cc/events/ccns-pypy-talk
資安前哨站-獵殺封包 6/26
https://www.it360.com.tw/live-detail.aspx?id=iT36000000000348
智慧家庭IoT資安與個人隱私資安,如何防駭客,如何做防禦 6/27
https://www.techbang.com/posts/70549-lecture-smart-home-network-security
HackingThursday 固定聚會 6/27
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/
天黑請閉眼,與駭客的對話 6/29
https://tfc.kktix.cc/events/night-talk-hacking-hacker
HackingThursday 固定聚會 7/4
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/
2019 車用電子與車聯網資安種子教師研習營 7/4 ~ 7/5
http://www.kghs.kh.edu.tw/notice/11734
2019國際資訊安全組織台灣高峰會 7/9 ~ 7/11
https://csa.kktix.cc/events/2019con
Secure Summit APAC 2019 安全峰會 6 大領域提升資安水平 7/10 ~ 7/11
http://bit.ly/2WbONh5
工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
https://www.accupass.com/event/1904080311551119077841
HackingThursday 固定聚會 7/11
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/
HackingThursday 固定聚會 7/18
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/
資安產學高峰論壇 7/18
https://www.accupass.com/event/1906140709596176666390
資安趨勢研討會 7/18
https://www.accupass.com/event/1906110041444881410360
第12屆台盧(森堡)經濟合作會議 7/19
http://registration.cieca.org.tw/visit/?d=74
5G+IoT美麗新世界的資安挑戰與機會研討會 7/18
http://iekweb2.iek.org.tw/IEKConf/Client/confinfo.aspx?mode=confinfo&conf_no=384953433
HackingThursday 固定聚會 7/25
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/
新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站 7/26
https://ievents.iii.org.tw/eventS.aspx?t=0&id=547
CDX2.0推廣活動 - 台南場次 7/26
https://nchc-cdx.kktix.cc/events/cdxactivity-0726
資安事故處理實務課程 8/7 ~ 8/8
http://bit.ly/2VW0Lv9
DEF CON 27 2019/8/8–8/11
https://www.defcon.org/
數位鑑識處理實務 8/14 ~ 8/15
http://bit.ly/2VW0Lv9
台灣駭客年會 HITCON Summer Training 2019 - 學生報名 2019-08-19 ~ 2019-08-22
https://www.accupass.com/event/1906050919271598677460
WEB應用滲透測試 8/21 ~ 8/23
https://www.accupass.com/event/1904080221358963463590
台灣駭客年會 HITCON Community 2019 2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8)
https://www.accupass.com/event/1906040921594609934250
資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」 8/29 ~ 8/30
http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==
108年資安職能訓練-行動裝置安全(8/29-8/30)
https://cee.ksu.edu.tw/recruitinfo/1443.html
CDX2.0推廣活動 - 台北場次 9/10
https://nchc-cdx.kktix.cc/events/cdxactivity-0910
TANET 2019 - 臺灣網際網路研討會 9/25
https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310
HITB+ CYBER WEEK 2019/10/12 ~17
https://d2p.hitb.org/
Splunk .conf 19 10/21 ~ 10/24
https://conf.splunk.com/
AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22
https://ittraining.kktix.cc/events/aiot-training-2019
Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019
https://www.icscybersecurityconference.com
訂閱:
張貼留言 (Atom)
2024年 11 月份資安、社群活動分享
2024年 11 月份資安、社群活動分享 FinTech Taipei 2024 台北金融科技展 2024/11/1 https://www.accupass.com/event/2409220219552125240836 2024台以金融科技交流座談會:AI新紀元 Is...
-
2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://b...
-
2023年 12月份資安、社群活動分享 零信任身份認證與存取控管 2023/12/1 https://web.tabf.org.tw/page/407020/course11.htm 線上資安專題講座-以攻擊策略演練角度協助企業評估、強化與呈現資安投資成效 2023/12/...
-
2024年 2月份資安、社群活動分享 Taipei All About API Meetup Group - Meet and Greet, 01 Feb 2024, 07:00 PM 2024/2/1 https://www.meetup.com/taipei-all-a...
沒有留言:
張貼留言