跳到主要內容

資安事件新聞週報 2019/6/17 ~ 2019/6/21

資安事件新聞週報  2019/6/17  ~  2019/6/21

1.重大弱點漏洞/後門/Exploit/Zero Day
GCHQ的漏洞裁定流程
https://www.xianjivr.com/news/46587.html

Netflix揭露FreeBSD與Linux核心漏洞
https://www.ithome.com.tw/news/131329

美國情治單位成功測試利用 BlueKeep 漏洞,於目標電腦上執行任意程式碼
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=875

售至全球50個國家的醫療用輸液幫浦含有遠端攻擊漏洞
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=30648

Critical remote execution flaw lurks in TP-Link Wi-Fi Extenders
https://www.zdnet.com/article/critical-remote-execution-flaw-lurks-in-tp-link-wi-fi-extenders/#ftag=RSSbaffb68

Critical RCE Vulnerability in TP-Link Wi-Fi Extenders Can Grant Attackers Remote Control
https://securityintelligence.com/posts/critical-rce-vulnerability-in-tp-link-wi-fi-extenders-can-grant-attackers-remote-control/

TCP SACK PANIC - Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479
https://access.redhat.com/security/vulnerabilities/tcpsack

Disgruntled security firm discloses zero-days in Facebook's WordPress plugins
https://www.zdnet.com/article/disgruntled-security-firm-discloses-zero-days-in-facebooks-wordpress-plugins/#ftag=RSSbaffb68

New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now
https://thehackernews.com/2019/06/oracle-weblogic-vulnerability.html

Weblogic最新反序列化遠程命令執行漏洞 繞過CVE-2019-2725
https://nosec.org/home/detail/2711.html

Oracle WebLogic XMLDecoder反序列化漏洞
http://www.zhuanzhi.ai/document/8986933c73508e661c8167aa5a42b83f

Oracle patches another actively-exploited WebLogic zero-day
https://www.zdnet.com/article/oracle-patches-another-actively-exploited-weblogic-zero-day/#ftag=RSSbaffb68

Spring Security OAuth - Open Redirector
https://www.exploit-db.com/exploits/47000

16歲研究人員發現Google對外網站XSS漏洞可駭入內部網站
https://www.ithome.com.tw/news/131300

【漏洞預警】PHP eval 函式可能遭利用成為後門攻擊手法,允許攻擊者遠端執行任意程式碼,請儘速確認並調整設定
http://www.cpcm.pu.edu.tw/app/news.php?Sn=144

售至全球50個國家的醫療用輸液幫浦含有遠端攻擊漏洞
https://ithome.com.tw/news/131306

D-Link 連網監視攝影機被爆資安漏洞,駭客可取得影像內容
https://blog.twnic.net.tw/2019/06/13/3991/

不只Linux伺服器,Azure也被駭客鎖定Exim漏洞攻擊
https://www.ithome.com.tw/news/131328

Exim RCE漏洞影響數百萬服務器,已有黑客發動攻擊程序
https://toutiao.ycen.com.cn/p/20190615/32185.html?m=defe3bac0e3467de8211f63d715f7745&f=index

Critical Flaw Reported in Popular Evernote Extension for Chrome Users
http://bit.ly/2ZtSyR2

Two New Microsoft Zero-Day Vulnerabilities Revealed in One Week
https://blog.skyboxsecurity.com/microsoft-zero-day-vulnerabilities/

Adobe June Patch Tuesday Addressed Critical Security Vulnerabilities In ColdFusion, Campaign And Flash
https://latesthackingnews.com/2019/06/14/adobe-june-patch-tuesday-addressed-critical-security-vulnerabilities-in-coldfusion-campaign-and-flash/

Microsoft June Patch Tuesday Addressed 88 Vulnerabilities Including Zero-Days
http://bit.ly/2RrPRMS

Microsoft delivers public preview of Azure Bastion service for remotely accessing VMs more securely
https://www.zdnet.com/article/microsoft-delivers-public-preview-of-azure-bastion-service-for-remotely-accessing-vms-more-securely/#ftag=RSSbaffb68

關於Windows 認證高危漏洞的緊急預警通報
http://www.ccw.com.cn/industry/2019-06-17/7946.html

Windows 6 月更新 安裝後,將阻止部分藍牙LE 裝置與電腦設備配對
https://www.kocpc.com.tw/archives/265275

Microsoft releases first test build of Windows Server 20H1
https://www.zdnet.com/article/microsoft-releases-first-test-build-of-windows-server-20h1/#ftag=RSSbaffb68

Docker embraces Windows Subsystem for Linux 2
https://www.zdnet.com/article/docker-embraces-windows-subsystem-for-linux-2/#ftag=RSSbaffb68

Coremail郵件系統安全漏洞的預警通報
http://www.cnnvd.org.cn/web/bulletin/bulletinById.tag?mkid=144

dlink -- dir-300_firmware CVE-2013-7471
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7471

ipswitch -- ws_ftp_server CVE-2019-12144
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12144

joomla CVE-2019-12765
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12765

sap -- advanced_business_application_programming_platform_kernel CVE-2019-0304
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0304

solarwinds -- serv-u_ftp_server
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19999

新版 Chrome 是媒體的痛,讀者繞過付費牆的好用工具
https://technews.tw/2019/06/18/new-chrome-is-the-headache-of-media-and-the-good-tools-for-readers-to-bypass-paywall/

Chrome extension caught hijacking users' search engine results
https://www.zdnet.com/article/chrome-extension-caught-hijacking-users-search-engine-results/#ftag=RSSbaffb68

Google launches Chrome extension for flagging bad URLs to the Safe Browsing team
https://www.zdnet.com/article/google-launches-chrome-extension-for-flagging-bad-urls-to-the-safe-browsing-team/#ftag=RSSbaffb68

Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks
http://bit.ly/2IW4tAm

Firefox zero-day was used in attack against Coinbase employees, not its users
https://www.zdnet.com/article/firefox-zero-day-was-used-in-attack-against-coinbase-employees-not-its-users/#ftag=RSSbaffb68

Mozilla patches Firefox zero-day abused in the wild
https://www.zdnet.com/article/mozilla-patches-firefox-zero-day-abused-in-the-wild/#ftag=RSSbaffb68

被用來攻擊虛擬貨幣平台漏洞,Firefox 罕見緊急更新瀏覽器
https://technews.tw/2019/06/20/flaw-use-to-attck-cryptocurrency-platform-firefox-update-browser-in-urgancy/

Critical Flaw Reported in Popular Evernote Extension for Chrome Users
https://thehackernews.com/2019/06/evernote-extension-hacking.html

Tor Browser 8.5.2 Released — Update to Fix Critical Firefox Vulnerability
https://thehackernews.com/2019/06/tor-browser-firefox-hack.html

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
資安訊息分享 未來擬收費
https://udn.com/news/story/7239/3875796

ATM瘋狂吐鈔!男放布袋接好接滿
http://gotv.ctitv.com.tw/2019/06/1082775.htm

香港銀行公會指未見特殊情況 銀行基建運作正常
http://bit.ly/2WIknTS

神腦全面轉型 將跨刀網路投保
http://bit.ly/2IKQrRX

業界首家! 新光人壽導入「行動身分識別服務」
https://tw.finance.appledaily.com/realtime/20190617/1585174/

崴亞風險咨詢公司開辦 資安保險專才班 6/28開課
https://www.chinatimes.com/newspapers/20190618000490-260207?chdtv

美跨機構測試銀行資安能力 最快今年實施
https://money.udn.com/money/story/5602/3877636

國際財經:傳美國考慮對銀行業進行跨機構網路防禦測試
http://bit.ly/2WPoJ0g

e動郵局硬體故障 手機200萬用戶受影響
https://life.taronews.tw/2019/06/18/375134/

實體交易用戶不受影響 中華郵政App故障8.5小時
http://bit.ly/2L3KGSm

郵局網路大當機 估下午3點前修復
https://turnnewsapp.com/livenews/aj/A08616002019061813503241

磁碟硬體異常! 郵局APP「e動郵局」服務斷
http://bit.ly/2xblAbH

中華郵政手機網路當機 預計下午3時前修復
https://udn.com/news/story/7239/3878540

e動郵局硬體故障 手機200萬用戶受影響
https://money.udn.com/money/story/5613/3878531

《金融》大出包!郵局網路當機,修復時間「未被通知」
http://bit.ly/2XlSmWx

中興高管回應自主操作系統應用適配不足:需要過程
https://news.sina.com.tw/article/20190618/31668076.html

股東要求給交代 南山人壽老董杜英宗為百億新系統出包致歉
https://www.ettoday.net/news/20190621/1472235.htm

股東砲轟「境界計畫」 杜英宗說:「若失敗我負責」
https://ec.ltn.com.tw/article/breakingnews/2829194

倫交所成立台北辦公室 將建百人團隊
https://udn.com/news/story/7251/3879238

台灣壽險業陷冰風暴?壽險公會6點聲明反駁
https://news.ebc.net.tw/News/Article/167664

壽險像第二個年金? 金融業高層:遲早有人破產
http://bit.ly/2FlXeR2

網路安全專家在保險業吃香
http://big5.ftchinese.com/story/001083185?full=y

凱基條款可望為首例 監理沙盒業務若未涉法令禁止 其他銀行也可試辦
https://news.cnyes.com/news/id/4341136

占凱基銀便宜 手機門號辦貸款 金管會准「試辦」不必進沙盒
https://www.chinatimes.com/realtimenews/20190618004328-260410?chdtv

國泰世華銀行將使用數位簽章保護本行外寄之電子郵件
https://www.cathaybk.com.tw/cathaybk/personal/News/Announcement/2019/0620AnnounceInfo/

5大數位帳戶卡整理包 高利存款跨轉提免費
http://bit.ly/2IXRVZk

臺灣土地銀行個人網路銀行將於108年06月27日(星期四)下午5時30分至下午7時30分期間短暫停止服務
https://www.landbank.com.tw/Bulletin/Detail/ce4a0c74-f506-43d8-92dc-aa71009dd5fd?code=H300

好方便!這7類款項開放超商「刷卡」代收 最快年底上路
https://newtalk.tw/news/view/2019-06-21/262697

南山新系統6月底後若再出包 顧立雄目3方向處置
https://www.chinatimes.com/realtimenews/20190621003564-260410?chdtv

南山境界6月後再亂 顧立雄:罰負責人
https://www.chinatimes.com/realtimenews/20190621003561-260410?chdtv

南山人壽系統改善了?顧立雄:要看第三方獨立查核報告
https://udn.com/news/story/7239/3885247

Equifax breach impacted the online ID verification process at many US govt agencies
https://www.zdnet.com/article/equifax-breach-impacted-the-online-id-verification-process-at-many-us-govt-agencies/#ftag=RSSbaffb68

Europol calls for crackdown on physical ATM attacks
https://www.atmmarketplace.com/news/europol-calls-for-crackdown-on-physical-atm-attacks/

Beyond Managed Security Services: SOC-as-a-Service for Financial Institutions
https://www.bankinfosecurity.in/webinars/webinar-beyond-managed-security-services-soc-as-a-service-for-w-1853?rf=promotional_webinar

Physical ATM attacks are violent, mostly unsuccessful
https://www.atmmarketplace.com/blogs/physical-atm-attacks-are-violent-mostly-unsuccessful/

Windows 10: ATM operators readying for massive software update
https://www.atmmarketplace.com/blogs/windows-10-atm-operators-prepare-for-massive-software-update/

3.電子支付/電子票證/行動支付/ pay/新聞及資安
台鐵推電子支付買便當 17日起台灣pay先行
https://www.ptt.cc/bbs/MobilePay/M.1560836119.A.89F.html

越南正式將6月16日定為無現金日
http://bit.ly/2WOmmej

還在行動支付?中國已經開始靠「臉」辨識付款了
http://bit.ly/2WWpkse

Visa亞太資安高峰會:支付資訊安全推動數位經濟發展
https://news.sina.com.tw/article/20190620/31697288.html

LINE將在台灣推廣LINE Pay mini行動支付
https://www.ptt.cc/bbs/MobilePay/M.1560741991.A.952.html

台灣、泰國等地將支持韓國新世界SSG-PAY支付
http://www.coinvoice.cn/41193.html

4.虛擬貨幣/區塊鍊   新聞及資安
區域鏈專家教你如何保障網絡安全
https://fortuneinsight.com/web/posts/301509

幫企業減少跨境交易成本?VISA推出全球首個B2B區塊鏈支付平台
http://bit.ly/2IihRj8

區塊客一分鐘新聞 – 6 月 14 日重點:幣安被盜比特幣遭轉移
https://blockcast.it/2019/06/14/blockcast-daily-06-14/

孫宇晨:歡迎阿里、騰訊進入數字貨幣支付領域
https://news.sina.com.tw/article/20190614/31635208.html

穩定幣比比特幣更穩定,但只是暫時的
http://news.knowing.asia/news/2626c12a-b95a-4c76-a05a-183a6f94856e

數據洩露醜聞爆發之後,Facebook積極佈局區塊鏈
http://news.knowing.asia/news/e6ca89d3-3ac8-4a30-8a25-48b31fbfa21c

國家級區塊鏈大聯盟 立委盼四管齊下
https://www.chinatimes.com/realtimenews/20190614003578-260410?chdtv

臉書數字貨幣獲VISA、Uber等支持,或在下周發白皮書
https://news.sina.com.tw/article/20190615/31639004.html

臉書加密通貨Libra 獲Visa、PayPal、優步投資
https://www.chinatimes.com/realtimenews/20190614004171-260410?chdtv

Facebook即將推出Libra測試網
http://bit.ly/2WLWn7e

分析師:臉書加密貨幣 不會威脅到Visa、Mastercard
https://times.hinet.net/news/22423984

FB加密貨幣項目曝光:共25個合作夥伴 各交1000萬美元
https://news.sina.com.tw/article/20190615/31639154.html

泰國銀行撤回:”將盡快使用XRP”的聲明
http://bit.ly/2WMC9dB

虛擬貨幣 下半年納入洗錢防制
https://udn.com/news/story/11316/3875776

防洗錢 虛擬幣交易 超商不納管
https://udn.com/news/story/7239/3875810?from=udn-catebreaknews_ch2

駭客集團所為?Coincheck員工的電腦中被檢測出病毒
http://m.match.net.tw/pc/news/technology/20190617/4928180

FB擬推加密幣 比特幣升破9300美元
http://www.orangenews.hk/finance/system/2019/06/17/010119237.shtml

肖磊:離華爾街接管比特幣產業已經不遠了
http://news.knowing.asia/news/662e3362-bdfa-4bbf-94ba-9d30bafe4838

Cosmos 披露 5 月主網漏洞調查細節  安全負責人:這一課讓我們明白建立快速安全溝通管道的重要性
https://blockcast.it/2019/06/18/cosmos-released-a-full-disclosure-of-last-months-vulnerability/

黑客利用Mozilla Firefox漏洞攻擊Coinbase用戶
https://www.tuoluocaijing.com.tw/kuaixun/detail-70120.html

交易所遭郵件釣魚攻擊 超40萬美元BTC或失竊
https://news.sina.com.tw/article/20190618/31671114.html

Stellar行星幣被披露發現通脹漏洞,增加22.5億個非常規XLM
https://www.bishijie.com/shendu_26836

一文讀懂智能合約漏洞
https://www.chainnews.com/articles/848752496059.htm

另一種中心化?我們該如何看待幣安發行的BTCB
http://news.knowing.asia/news/df6de059-0e06-4523-9aad-73486fb7511b

史上規模最大「東京 Coincheck 交易所駭客事件」案情逆轉,主謀可能是「俄羅斯駭客」
https://www.blocktempo.com/russian-hackers-may-have-carried-out-largest-ever-crypto-exchange-theft/

金融科技成為洗錢新工具? ICO的匿名和去中心化技術成為監管漏洞
https://www.storm.mg/article/1382555?srcid=73746f726d2e6d675f63373766396366313733396365313337_1561087985

臉書:Libra背後的資產是它與現有加密貨幣之間最大的差異
https://www.ithome.com.tw/news/131342

私隱問題未解決 美國議員誓阻Facebook發展新虛擬貨幣
http://bit.ly/31MietV

臉書幣是代幣而非貨幣!盤點央行總裁楊金龍分析虛擬通貨的5個觀點
http://news.knowing.asia/news/0d6307ac-3edb-41e8-a8df-0fa45b4a01b1

我該怎麼拿到臉書幣、可以用它來買什麼?看懂祖克柏的數位貨幣夢,你該知道的11個「Libra」幣Q&A
https://www.storm.mg/article/1402970?srcid=73746f726d2e6d675f63373766396366313733396365313337_1561097575

Facebook Libra 加密貨幣將至,希望打造橫跨支付、商務、App 及遊戲平台
https://finance.technews.tw/2019/06/18/why-libra-could-be-worth-billions/

反擊Facebook!瑞波宣布與MoneyGram達成戰略合作
http://news.knowing.asia/news/6b513e6f-af3a-415f-aa30-48ab9286c385

顧立雄關切臉書幣這兩件事 如涉及就須監理
https://money.udn.com/money/story/5613/3885196

Facebook's Libra Cryptocurrency Prompts Privacy Backlash
https://www.bankinfosecurity.com/facebooks-libra-cryptocurrency-prompts-privacy-backlash-a-12655

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
HiddenWasp惡意軟體借用Mirai及Winnti程式碼攻擊Linux系統
https://blog.trendmicro.com.tw/?p=60839

針對中亞地區政府部門的攻擊:通過Office漏洞傳播新型Hawkball後門
https://www.4hou.com/other/18532.html

伊朗APT 組織MuddyWater 加入新的漏洞利用
https://www.chainnews.com/articles/241516300464.htm

駭客利用23款攻擊程式來散布新一代殭屍病毒Echobot
https://www.ithome.com.tw/news/131311

紐約時報披露美軍網路作戰司令部已在俄羅斯電網植入惡意程式,必要時可使其癱瘓
https://www.techbang.com/posts/70871-us-cyber-command-has-planted-malware-on-the-russian-power-grid-paralysing-it-if-necessary

ESET揭露可竊取Android手機一次性密碼的惡意程式
https://www.ithome.com.tw/news/131335

僵屍網路(Botnet)攻擊布署,由 Windows 轉向 Linux 與 IoT 設備
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=878

不夠智慧的三星電視,提醒用戶需定期掃毒引發恐慌
https://technews.tw/2019/06/18/samsung-warns-people-smart-tv-should-regularly-scan-for-malware-is-making-people-panic/

Samsung 提示用戶要定期為智能電視掃描除毒
http://bit.ly/2ZD7pbU

Bitdefender與警方聯手釋出勒索軟體GandCrab最新版解密工具
https://www.ithome.com.tw/news/131326

電腦系統被駭 佛羅里達州小城付千萬贖金救資料
https://udn.com/news/story/6813/3882752

佛州市政府遭駭 同意付60萬美元贖金保護資料
https://www.cna.com.tw/news/aopl/201906200085.aspx

AESDDoS 殭屍網路變種,經由暴露在外的 Docker API 滲透容器
https://blog.trendmicro.com.tw/?p=60878

新手駭客也可輕易取得“軍事級”工具,攻擊使用過時 Windows 系統的企業
https://cms.airsupport.ga/xin-shou-hai-ke-ye-ke-qing-yi-qu-de-jun-shi-ji-gong-ju-gong-ji-shi-yong-guo-shi-windows-xi-tong-de-qi-ye-3/

Xenotime Group Sets Sights on Electrical Power Plants
https://www.bankinfosecurity.com/xenotime-group-sets-sights-on-electrical-power-plants-a-12637

The US planted offensive malware in Russia's power grid
https://engt.co/31EdIgS

JURASIK RANSOMWARE ACTIVELY SPREADING IN THE WILD
https://securitynews.sonicwall.com/xmlpost/jurasik-ransomware-actively-spreading-in-the-wild/

pyLocky Decryptor Released by French Authorities
https://www.bleepingcomputer.com/news/security/pylocky-decryptor-released-by-french-authorities/

Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners
https://blog.trendmicro.com/trendlabs-security-intelligence/advanced-targeted-attack-tools-used-to-distribute-cryptocurrency-miners/

Adware and PUPs families add push notifications as an attack vector
https://blog.malwarebytes.com/adware/2019/06/adware-and-pups-families-add-push-notifications-as-an-attack-vector/

Microsoft warns Azure customers of Exim worm
https://www.zdnet.com/article/microsoft-warns-azure-customers-of-exim-worm/#ftag=RSSbaffb68

New WSH RAT Malware Targets Bank Customers with Keyloggers
https://www.bleepingcomputer.com/news/security/new-wsh-rat-malware-targets-bank-customers-with-keyloggers/

Houdini Worm Transformed in New Phishing Attack
https://cofense.com/houdini-worm-transformed-new-phishing-attack/

Houdini malware targets victims with keylogger, online bank account theft tools
https://zd.net/2ZzJom1

Bank hackers team up to spread financial Trojans worldwide
https://www.zdnet.com/article/bank-hackers-team-up-to-spread-financial-trojans-worldwide/#ftag=RSSbaffb68

New Echobot malware is a smorgasbord of vulnerabilities
https://www.zdnet.com/article/new-echobot-malware-is-a-smorgasbord-of-vulnerabilities/#ftag=RSSbaffb68

New Plurox malware is a backdoor, cryptominer, and worm, all packed into one
https://www.zdnet.com/article/new-plurox-malware-is-a-backdoor-cryptominer-and-worm-all-packed-into-one/#ftag=RSSbaffb68

Plurox: Modular backdoor
https://securelist.com/plurox-modular-backdoor/91213/

Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East
https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/

Ryuk Ransomware Adds IP and Computer Name Blacklisting
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-adds-ip-and-computer-name-blacklisting/

Florida city pays $600,000 to ransomware gang to have its data back
https://www.zdnet.com/article/florida-city-pays-600000-to-ransomware-gang-to-have-its-data-back/#ftag=RSSbaffb68

Daily News Roundup: Houdini Ziele Für Malware Ihre Bank-Konto
http://allinfo.space/2019/06/18/daily-news-roundup-houdini-ziele-fur-malware-ihre-bank-konto/

GandCrab Ransomware Decryption Tool [All Versions] — Recover Files for Free
https://thehackernews.com/2019/06/gandcrab-ransomware-decryption-tool.html

Ransomware gang hacks MSPs to deploy ransomware on customer systems
https://www.zdnet.com/article/ransomware-gang-hacks-msps-to-deploy-ransomware-on-customer-systems/#ftag=RSSbaffb68

DanaBot Banking Trojan Upgraded with ‘Non Ransomware’ Module
https://www.bleepingcomputer.com/news/security/danabot-banking-trojan-upgraded-with-non-ransomware-module/

Russian APT hacked Iranian APT's infrastructure back in 2017
https://www.zdnet.com/article/russian-apt-hacked-iranian-apts-infrastructure-back-in-2017/#ftag=RSSbaffb68

LoudMiner: Cross-platform mining in cracked VST software
https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/

Cryptojacking: An Unwanted Guest
https://www.bromium.com/cryptojacking-coin-miner-attack-uses-nsa-developed-equation-group-tools-to-move-laterally/

The Mobile Watering Hole: How A Sip Leads to A Trojan Compromise
https://blog.zimperium.com/the-mobile-watering-hole-how-a-sip-leads-to-a-trojan-compromise/

B.行動安全 / iPhone / Android /穿戴裝置 /App
五月天石頭4字留言挺香港 臉書慘遭惡意檢舉一度「被消失」
https://dailyview.tw/Popular/Detail/5210

公共Wi-Fi暗藏危機 暑假出國旅遊連網務必注意
https://times.hinet.net/news/22425253

手機NFC隱含攻擊弱點 掌握原理避免無線盜刷
https://www.netadmin.com.tw/netadmin/zh-tw/technology/160F70CE888B42F8BA0842C791F4B979

小米手環 4 NFC 版也通過 NCC 審核,25 日新品發表會見
https://saydigi-tech.com/2019/06/7513.html

WhatsApp 緊急修補嚴重資安漏洞:一通未接來電即可植入惡意程式進行監聽
https://blog.twnic.net.tw/2019/06/13/3969/

解鎖漏洞再現!以色列公司 Cellebrite 可以解鎖任何 iOS 和 Android 設備
https://mrmad.com.tw/cellebrite-ufed-premium

國外用戶替 iPhone 6 破解 iPSW 成功安裝與執行 iOS 13 beta1
https://mrmad.com.tw/ios-13-beta1-ported-to-iphone6

《Pokemon Go》開發商針對「Global++」駭客組織提出訴訟 嘗試杜絕飛人等不法行為
https://gnn.gamer.com.tw/4/181234.html

iOS 13開放NFC功能 將可掃描身分證、快速支付
https://www.ettoday.net/news/20190617/1469204.htm

抗衡中共數據監控! 港人反送中Telegram尋串聯
http://bit.ly/2WMFa8A

Telegram創辦人:DDoS攻擊IP多半來自中國
https://ithome.com.tw/news/131271

被捕 Telegram 谷主原來用小米手機!網民指:咁夠膽
http://bit.ly/2ZpuT3T

Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests
http://bit.ly/2KS5YCc

Android's Built-in Security Key Now Works With iOS Devices For Secure Login
http://bit.ly/31w0bIt

5G just part of technology's 'new Cold War frontline'
https://www.zdnet.com/article/5g-just-part-of-technologys-new-cold-war-frontline/#ftag=RSSbaffb68

SIM-swap attack, iPad OS, Mate X delay, Pixel 4 reveal (MobileTechRoundup show #472)
https://www.zdnet.com/article/sim-swap-attack-ipad-os-mate-x-delay-pixel-4-reveal-mobiletechroundup-show-472/#ftag=RSSbaffb68

SIM swap horror story: I've lost decades of data and Google won't lift a finger
https://www.zdnet.com/article/sim-swap-horror-story-ive-lost-decades-of-data-and-google-wont-lift-a-finger/#ftag=RSSbaffb68

Warning Issued For Apple's 1.4 Billion iPad And iPhone Users
https://www.forbes.com/sites/gordonkelly/2019/06/16/apple-iphone-ipad-security-warning-ios-12-iphone-xs-max-xr/#76bca39a3641

iOS 13: Your iPhone could also be your passport and ID card
https://www.zdnet.com/article/ios-13-your-iphone-could-also-be-your-passport-and-id-card/#ftag=RSSbaffb68

Top 10 iPhone privacy and security tips you should check today
https://www.zdnet.com/pictures/top-10-iphone-privacy-and-security-tips-you-should-check-today/#ftag=RSSbaffb68

Security firm claims it can unlock any iPhone
https://www.zdnet.com/article/security-firm-claims-it-can-unlock-any-iphone/#ftag=RSSbaffb68

Instagram tests new ways to recover hacked accounts
https://www.welivesecurity.com/2019/06/18/instagram-new-ways-account-recovery/

You’d better change your birthday – hackers may know your PIN
https://www.welivesecurity.com/2019/06/19/change-birthday-hackers-may-know-pin/

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
蹲點男偷連未加密WIFI被告!檢察官2個理
https://disp.cc/b/163-bsQk

FireEye揭露亞太企業偵測駭客活動 落後於其他地區同業
https://www.it-square.hk/archives/8731

大漏洞!SAT生物考試前 網上驚現考題及答案
http://bit.ly/2wY2qpK

網路攻防戰 破解駭客 企業自保8守則
https://vision.udn.com/vision/story/12939/3722041

陸駭客竊美國安局程式發動網攻
http://bit.ly/31HwunA

杜絕飛人外掛 Niantic怒告駭客組織「Global++」
https://game.ettoday.net/article/1469337.htm

香港醫管局網絡周一遭黑客攻擊3小時 消息稱6.12後屢遭密集式攻擊
https://hk.news.appledaily.com/local/realtime/article/20190620/59738296

千萬小心!票務系統遭攻擊 中國大陸湖南一景區損失23萬余元
https://news.sina.com.tw/article/20190620/31693338.html

官方認證!美國國土安全部成功測試Bluekeep攻擊,呼籲企業儘快修補
https://www.ithome.com.tw/news/131323

意外發生!大量歐洲網路流量被導向中國長達2小時
http://bit.ly/2wWMbcx

China Telecom Swallows Huge Amount of European Mobile Traffic For Over Two Hours
http://bit.ly/2XprncN

無視美警告 芬蘭軍方採購150架中國大疆無人機
https://news.ltn.com.tw/news/world/breakingnews/2825431

英國同意引渡「維基解密」創辦人阿桑奇 美國最高可判刑175年
http://bit.ly/2WGT9Nq

【中美貿易戰】避免遭波及 Google等外企將生產移出中國
http://bit.ly/2F8bHjq

研究:GPS 服務如果中斷一個月,每天經濟損失估計將達 10 億美元
https://technews.tw/2019/06/16/rti-international/

數位冷戰!紐時:美國加大力度 網路入侵俄國電網系統
https://www.inside.com.tw/article/16645-trump-cyber-russia-grid

美澳加相繼被爆料 「自由」國度監控民眾不手軟
https://news.sina.com.tw/article/20190616/31648456.html

強力回擊!美國駭客攻擊俄羅斯電網
https://newtalk.tw/news/view/2019-06-17/261095

美國國家安全事務助理波頓:中共持續網攻美公私機構
http://bit.ly/2RvfWL1

美國各種公共事業遭高危險駭侵團體鎖定
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=872

聯合國安理會程式存漏洞,受制裁恐怖分子仍可使用被凍結資金
https://on.wsj.com/2KtoWzz

堵中共技術剽竊 美議員提議設關鍵技術辦公室
http://bit.ly/2IuZvvk

中國大陸公信部公開徵求對《網絡安全漏洞管理規定(徵求意見稿)》的意見
http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057724/n3057728/c7005976/content.html

中國大陸《網絡安全漏洞管理規定》逐條解讀
http://www.zhonglun.com/Content/2019/06-19/1711082330.html

日本海事協會發布軟體資安指南
http://bit.ly/2FzwMnt

韓國政黨聲援香港反送中 臉書遭攻擊
https://www.ntdtv.com/b5/2019/06/20/a102605282.html

以色列與世行簽署協議助力發展中國家網路安全建設
https://news.sina.com.tw/article/20190618/31662496.html

中共封閉網路 美記者:影響陸民世界觀
http://bit.ly/31Ma6d6

Dutton's non-denial fuels fears of domestic ASD cyber spying
https://www.zdnet.com/article/duttons-non-denial-fuels-fears-of-domestic-asd-cyber-spying/#ftag=RSSbaffb68

10 Highlights: Infosecurity Europe 2019 Keynotes
https://www.bankinfosecurity.com/10-highlights-infosecurity-europe-2019-keynotes-a-12633

A quarter of major CMSs use outdated MD5 as the default password hashing scheme
https://www.zdnet.com/article/a-quarter-of-major-cmss-use-outdated-md5-as-the-default-password-hashing-scheme/#ftag=RSSbaffb68

Two Weekend Outages, Neither a Cyberattack
https://www.bankinfosecurity.com/blogs/two-weekend-outages-neither-cyberattack-p-2758

Singapore ahead in use of digital health records, but behind in AI for diagnosis
https://www.zdnet.com/article/singapore-ahead-in-use-of-digital-health-records-but-behind-in-ai-for-diagnosis/#ftag=RSSbaffb68

FBI warning: Foreign spies using social media to target government contractors
https://www.zdnet.com/article/fbi-warning-foreign-spies-using-social-media-to-target-government-contractors/#ftag=RSSbaffb68

Google Cloud's bad month continues as Google Calendar sputters
https://www.zdnet.com/article/google-clouds-bad-month-continues-as-google-calendar-sputters/#ftag=RSSbaffb68

The dark web is nothing fancy: It's just a different set of protocols - like Tor
https://www.zdnet.com/article/the-dark-web-is-nothing-fancy-its-just-a-different-set-of-protocols-like-tor/#ftag=RSSbaffb68

就業市場最缺工程師 演算法菜鳥工程師起薪近6萬元
https://udn.com/news/story/7238/3873788

大猩猩科技公司徵才 (智能影像分析/網路資安)
https://www.cs.nctu.edu.tw/announcements/detail/4564?locale=en

資安經理
https://www.104.com.tw/job/6nc2m

資安維運實習生
https://www.104.com.tw/job/6ncai

軟體工程師(JAVA)
https://www.104.com.tw/job/6ncb7

電信業今年要徵4,000人
https://money.udn.com/money/story/5648/3881897

ISO17025實驗室建置維運工程師
https://www.104.com.tw/job/6ndz2

資訊設備管制人員(資訊安全管理工程師)
https://www.okwork.taipei/OkWorkTYS/ESO/portal/Registration/JobVacancyAction!jobDetail?HireId=9094773

中華電信大徵才 最高起薪48K
https://udn.com/news/story/7240/3883047

Android 開發工程師
https://www.yourator.co/companies/jkopay/jobs/8235

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
上街頭抗爭前,網路公民須先學會的三種個資保護技巧
http://bit.ly/2x2ZNCZ

網路釣魚及流氓行動應用程式是詐騙攻擊最常用的媒介
https://blog.trendmicro.com.tw/?p=60797

新型釣魚詐騙活動,以加密訊息為由,騙取用戶帳號密碼
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=873

電子旅行簽證 代辦網站似官網
http://www.hkcd.com/content/2019-06/18/content_1143557.html

網上辦理電子旅行簽證易被魚目混珠 香港消委會提示認清官網慎
http://www.hkcna.hk/content/2019/0617/769229.shtml

如何在抗議現場避免被監聽與跟蹤?前偵探教你安全 18 招
http://bit.ly/2wZb07G

個資是網路商業世界的通貨 消費者要強化自我保護意識
http://bit.ly/2IkaoA0

用戶個資全送中國?臉書承認與華為分享數據
https://newtalk.tw/news/view/2018-06-07/127055?

遭「網絡釣魚」詐騙 伯靈頓市府失50萬
http://bit.ly/2XlMexn

醫管局深夜改口 認急症室電腦毋須登入任睇傷者資料 頁面標明「For Police」
https://hk.news.appledaily.com/local/realtime/article/20190617/59726488

醫管局被指洩病人資料 公共醫療醫生協會:極度震驚
https://news.rthk.hk/rthk/ch/component/k2/1463595-20190618.htm

爆商標爭議!診所以「臺安」名義招攬健檢 民眾怨「若個資外洩、醫療糾紛找誰負責?」
http://bit.ly/2Xpr0i2

零售商須擬定全面性策略以確保網路安全與避免資料外洩
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000561980_MYSLUD3M7S43X61EE0B4W

台政府$2.5億撐港遊行? 刑事局立案調查假訊息
https://hk.news.appledaily.com/china/realtime/article/20190620/59737394

男子偷8保險經紀信用卡 碌卡24萬被捕
https://hk.news.appledaily.com/breaking/realtime/article/20190620/59737237

臉書玩20題IQ測驗!他被威脅討2000元測驗費「已找討債公司」
https://www.ettoday.net/news/20190621/1472056.htm

對付假新聞應與新加坡合作
https://talk.ltn.com.tw/article/paper/1297485

「祝賀!您被Google隨機選中」跳出中獎視窗 當心挨詐
https://news.ltn.com.tw/news/society/breakingnews/2828577

信用卡及金融卡身份詐欺案件在英國急遽增加
http://bit.ly/2x96BPQ

身份證買賣背後的「網路黑色江湖」
https://news.sina.com.tw/article/20190621/31703284.html

網購化妝品險被詐 付款後網頁變英文
https://news.ltn.com.tw/news/society/breakingnews/2826394

Millions of Venmo transactions scraped in warning over privacy settings
https://techcrunch.com/2019/06/16/millions-venmo-transactions-scraped/

Oregon State University breach exposed student, family data
https://www.zdnet.com/article/oregon-state-university-breach-exposed-student-family-data/#ftag=RSSbaffb68

Mermaids transgender charity data breach exposed confidential emails
https://www.zdnet.com/article/mermaids-transgender-charity-apologizes-for-data-breach/#ftag=RSSbaffb68

Singapore Prepares for Mandatory Breach Reporting
https://www.bankinfosecurity.in/singapore-prepares-for-mandatory-breach-reporting-a-12638

Hackers Are After Your Personal Data – Here’s How to Stop Them
https://blog.trendmicro.com/hackers-are-after-your-personal-data-heres-how-to-stop-them/

Data breach forces medical debt collector AMCA to file for bankruptcy protection
https://www.zdnet.com/article/medical-debt-collector-amca-files-for-bankruptcy-protection-after-data-breach/#ftag=RSSbaffb68

Singapore sees drop in common security threats, but foresees more data breaches
https://www.zdnet.com/article/singapore-sees-drop-in-common-security-threats-but-foresees-more-data-breaches/#ftag=RSSbaffb68

Protect your online identity now: Fight hackers with these 5 security safeguards
https://www.zdnet.com/article/protect-your-online-identity-now-fight-hackers-with-these-5-security-precautions/#ftag=RSSbaffb68

Ad agency leaks data on US military veterans' combat injuries
https://www.zdnet.com/article/ad-agency-leaks-data-on-us-military-veterans-combat-injuries/#ftag=RSSbaffb68

Meds prescriptions for 78,000 patients left in a database with no password
https://www.zdnet.com/article/meds-prescriptions-for-78000-patients-left-in-a-database-with-no-password/#ftag=RSSbaffb68

E.研究報告
內網大殺器利用:CVE-2019-1040漏洞
https://www.anquanke.com/post/id/180379

WordPress插件IEAC漏洞分析及組合利用嘗試
https://www.freebuf.com/vuls/205735.html

ApacheTomca遠程執行代碼(CVE-2019-0232)漏洞淺析和復現
http://bit.ly/31LIZ1v

黑客利用XSS漏洞,可訪問谷歌的內部網絡
https://tech.ifeng.com/c/7nY0BZMmNCe

實戰介紹Windows下的PC客戶端常見漏洞挖掘
http://www.sohu.com/a/321284564_466846

CVE-2019-12498:WordPress WP Live Chat漏洞分析
https://www.4hou.com/vulnerable/18540.html

Tendermint表示上個月的Cosmos漏洞暴露出安全漏洞
http://bit.ly/2ZtFw5R

CVE-2019-1040 结合RCE和Domain Admin的漏洞
https://bbs.pediy.com/thread-252018.htm

【乾貨分享】應急響應案例分析與經驗分享
http://blog.nsfocus.net/emergency-response-case-study/

WordPress插件Form Maker SQL注入漏洞分析
https://cloud.tencent.com/developer/article/1447342

Osmedeus:用於偵察和漏洞掃描的全自動安全工具
https://cloud.tencent.com/developer/article/1447398

影響NETGEAR路由器的0-Day:KCodes NetUSB兩個安全漏洞披露(CVE-2019-5016/5017)
https://www.4hou.com/vulnerable/18655.html

EXCHANGE上冒充任意用戶--Exchange Server權限提升漏洞(CVE-2018-8581)分析
https://www.cnblogs.com/backlion/p/11047387.html

WhatsApp緩衝區溢出漏洞分析
https://juejin.im/entry/5d08a416f265da1ba84a92a2

脈輪漏洞調試筆記1 - ImplicitCall
https://www.anquanke.com/post/id/180551

Versionscan:一款專為白帽子設計的PHP漏洞掃描報告工具
https://www.freebuf.com/sectool/206015.html

【駭客戰略定義更廣、偵測類別定義更細】快速認識ATT&CK框架的最新變化
https://www.ithome.com.tw/news/131275

【不只幫助攻擊入侵行為的理解,更便於企業防禦評估】資安攻防新戰略MITRE ATT&CK
https://www.ithome.com.tw/news/131274

淺談轟炸漏洞攻防思路
https://xz.aliyun.com/t/5432

第三方寄信服務簡易分析
http://bit.ly/2J0qrlz

保障IDC 安全:分佈式HIDS 集群架構設計
https://paper.seebug.org/957/

(MuddyWater)近期針對塔吉克斯坦、土耳其等地的攻擊活動匯總
https://www.freebuf.com/articles/network/205621.html

“方程式組織”攻擊中東SWIFT服務商事件复盤分析報告
https://www.freebuf.com/articles/paper/205080.html

陌陌風控系統靜態規則引擎,零基礎簡易便捷的配置多種複雜規則,實時高效管控用戶異常行為。
https://github.com/momosecurity/aswan

Antivirus Evasion with Python
https://medium.com/bugbountywriteup/antivirus-evasion-with-python-49185295caf1

Pwning the Nokelock API
https://www.pentestpartners.com/security-blog/pwning-the-nokelock-api/

Awesome Security
https://github.com/sbilly/awesome-security

Sad SACK: Linux PCs, servers, gadgets may be crashed by 'Ping of Death' network packets
https://www.theregister.co.uk/2019/06/17/linux_tcp_sack_kernel_crash/

security-bulletins/advisories/third-party/2019-001.md
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

HackerOne's top 20 public bug bounty programs
https://www.zdnet.com/pictures/hackerones-top-20-public-bug-bounty-programs/#ftag=RSSbaffb68

BAD THINGS IN SMALL PACKAGES
https://objectivebythesea.com/v2/talks/OBTS_v2_Bradley.pdf

ATTACKING TURBOFAN
https://doar-e.github.io/presentations/typhooncon2019/AttackingTurboFan_TyphoonCon_2019.pdf

CVE-2018-20319: Why you should always have two factor authentication on your VPN  
https://labs.nettitude.com/blog/why-you-should-always-have-two-factor-authentication-on-your-vpn-cve-2018-20319/

WhibOx 2019 White-Box Cryptography and Obfuscation (2nd Edition) 18-19 May 2019, Darmstadt, Germany
https://www.cryptoexperts.com/whibox2019/

Cloud Security Research
https://github.com/RhinoSecurityLabs/Cloud-Security-Research

web_cms_exp
https://github.com/anx1ang/Poc_Pentest

HOW MALWARE PERSISTS ON MACOS
https://www.sentinelone.com/blog/how-malware-persists-on-macos/

MODERN MALWARE THREAT: HANDLING OBFUSCATED CODE
http://www.blackstormsecurity.com/CONFIDENCE_2019_ALEXANDRE.pdf

API Series: SetThreadContext
https://medium.com/tenable-techblog/api-series-setthreadcontext-d08c9f84458d

Debugging the XNU Kernel with IDA Pro
https://www.hex-rays.com/products/ida/support/tutorials/xnu_debugger_primer.pdf

Running iOS in QEMU to an interactive bash shell (1): tutorial
https://alephsecurity.com/2019/06/17/xnu-qemu-arm64-1/

PeekABoo
https://github.com/Viralmaniar/PeekABoo

Fuzzing Games with Dolphin Emulator
https://jamchamb.github.io/portfolio/fuzzydolphin

Threat Hunting - Hunter or Hunted'Author
https://www.exploit-db.com/docs/47018

F.商業
以資安為核心出發 賦予行動用戶信譽評價
https://www.netadmin.com.tw/netadmin/zh-tw/trend/0D32569CCCD741F4A8B3F9D51E56E9B1

2019數位應用週 看見台灣軟實力
http://bit.ly/2WPCtrJ

開源負載平衡器HAProxy 2.0釋出,支援更完善的動態配置功能
https://www.ithome.com.tw/news/131309

趨勢科技強化網路攝影機安全 攔截500萬次攻擊
https://www.techbang.com/posts/70925-trend-micro-enhances-webcam-security-to-intercept-5-million-attacks

利用 Google 漏洞來避免負擔廣告費?The North Face 運動品牌被罵翻
http://bit.ly/2Y0P2NC

全景軟體2019下半年主推「多因素認證」與「手寫簽名系統」資安防護產品
http://bit.ly/2N0RL8O

搭建原生雲端應用安全性 推動企業轉型接軌數位經濟時代 API呼叫IT資源 促進開發與維運協同合作
https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/23DFAF3C6976452BB8AD2EC34B515733

OTT引爆高流量 中華電攜手Akamai助陣
https://money.udn.com/money/story/5612/3883499

中華電信攜手 Akamai,建立內容遞送網路服務策略夥伴關係
https://technews.tw/2019/06/20/cht-wz-akamai-on-cdn/

VMware收購Avi Networks 深化資安部署
https://money.udn.com/money/story/5640/3883788

Cloudflare發表「熵聯盟」分散式隨機數產生器開源專案
https://www.ithome.com.tw/news/131337

谷歌:停止開發陸版搜尋引擎
http://bit.ly/2XYjjMW

安碁資訊估今年營收成長 擴大布局東南亞
https://money.udn.com/money/story/5612/3884496

Cloudflare aims to make HTTPS certificates safe from BGP hijacking attacks
https://arstechnica.com/information-technology/2019/06/cloudflare-aims-to-make-https-certificates-safe-from-bgp-hijacking-attacks/

Inside F5’s cyber security playbook
http://bit.ly/31FypZQ

Microsoft acquires Pull Panda for code-review collaboration
https://www.zdnet.com/article/microsoft-acquires-pull-panda-for-code-review-collaboration/#ftag=RSSbaffb68

Microsoft finally releases Hyper-V Server 2019
https://www.zdnet.com/article/microsoft-finally-releases-hyper-v-server-2019/#ftag=RSSbaffb68

Hazelcast open source in-memory data grid secures $21.5 million funding, expands platform to real-time streaming data
https://www.zdnet.com/article/hazelcast-open-source-in-memory-data-grid-secures-21-5-million-funding-expands-platform-to-real-time-streaming-data/#ftag=RSSbaffb68

MongoDB moves beyond the database with new cloud services
https://www.zdnet.com/article/mongodb-moves-beyond-the-database-with-new-cloud-services/#ftag=RSSbaffb68

Azure Data Lake Storage gets Okera security and governance platform support
https://www.zdnet.com/article/azure-data-lake-storage-gets-okera-security-and-governance-platform-support/#ftag=RSSbaffb68

Microsoft rolls out previews of Chromium-based Edge for Windows 7, 8 and 8.1
https://www.zdnet.com/article/microsoft-rolls-out-previews-of-chromium-based-edge-for-windows-7-8-and-8-1/#ftag=RSSbaffb68

IPVanish review: VPN delivers a wealth of options and browsing controls
https://www.zdnet.com/article/ipvanish-review-a-rich-wealth-of-options-and-surfing-controls/#ftag=RSSbaffb68

G.政府
臺灣行動5G發展戰略大揭露!行政院:2020年將培育4千名5G應用人才
https://ithome.com.tw/news/131272

金融監督管理委員會公告:預告「電子支付機構清償基金組織及管理辦法」第11條之1修正草案
https://law.fsc.gov.tw/law/DraftOpinion.aspx?id=7725

調查局內的區塊鏈高手 ─ 專訪資安鑑識實驗室周士楨調查官
http://bit.ly/31z5WoN

電子連署今年可行? 中選會:已進入資安測試階段
https://newtalk.tw/news/view/2019-06-17/260971

中選會:明年大選確定不綁公投 電子連署進入最終測試
https://tronice.rti.org.tw/news/view/id/2024365

用手機門號辦貸款 銀行可向金管會申請試辦6個月
https://www.ettoday.net/news/20190618/1470209.htm

立院臨時會 明處理「國安法」防駭客入侵
http://bit.ly/2L3awWp

網路共諜行為 納入國安法規範
http://bit.ly/2KvmaK6

國安法納入網路共諜 朝野協商達成共識
https://news.ltn.com.tw/news/politics/breakingnews/2826946

國安法納網際空間 共諜可判7年重罰1億
https://udn.com/news/story/12584/3881952

網路納國安範疇 管碧玲:確立反資訊戰法源
https://www.cna.com.tw/news/aipl/201906200218.aspx

法界:「網際空間」概念模糊 執法有爭議
https://udn.com/news/story/12584/3881943

立院三讀 為中國發展組織可關7年以上罰1億元
https://www.cna.com.tw/news/firstnews/201906195006.aspx

立院三讀/ 防中駭入 網路納入國安規範
https://m.ltn.com.tw/news/focus/paper/1297258

經濟部工業局辦理資訊安全應用實務人才養成班(台北)
https://www.moea.gov.tw/MNS/populace/news/NewsAction.aspx?menu_id=43&news_id=85156

都市更新入口網站改版上架 強化資安防護
https://www.ydn.com.tw/News/340299

金管會另闢FinTech試辦 讓銀行「抄捷徑」
https://www.chinatimes.com/realtimenews/20190618004283-260410?chdtv

稽核人員研習班-保險代理人及保險經紀人(108年第二期)
https://edu.tii.org.tw/pt_training/mpage/index/info/1072673711

有關媒體報導我國壽險業因應保險合約(IFRS17)影響及因應情形之說明
http://bit.ly/2ItBCUQ

金管會訂定「銀行申請業務試辦作業要點」
http://bit.ly/2IRuDE8

顧立雄談金融發展:我們鼓勵負責任的創新
https://udn.com/news/story/6871/3882930

H.ICS/SCADA 工控系統
布局工業網路安全 補強OT環境的防護缺口成新趨勢
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000561903_roi8jmxg1zom1i2heek57

工業3.5準智慧系統就位 工業4.0方能乘勢起飛
https://udn.com/news/story/11726/3883427

moxa -- awk-3121_firmware CVE-2018-10697
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-10697

moxa -- awk-3121_firmware CVE-2018-10698
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-10698

I.教育訓練
SLMT's Tutorial Blog
http://slmtsite.blogspot.com/2014/09/security-table-of-contents.html

初探漏洞挖掘基礎
https://xz.aliyun.com/t/5428

整合 Android Paging Library: Part 1
https://enginebai.com/2019/04/22/android-paging-part1/
整合 Android Paging Library: Part 2
https://enginebai.com/2019/06/17/android-paging-part2/

資訊安全工程師證照輔導班
http://bit.ly/2WK13Wm

How to Hack Wi-Fi: Get Anyone’s Wi-Fi Password Without Cracking Using Wifiphisher
http://bit.ly/31GcZfe

Digital Forensics and Incident Response
https://jpminty.github.io/cheatsheet/DFIR/

An Instant Guide to Firewall Builder
http://bit.ly/2MTphxx

Kali Linux滲透測試篇:Nessus主機漏洞掃描工具配置【附工具】
https://www.bilibili.com/video/av55933035/

Container and Test Automation Management Practices in TrendMicro
https://www.slideshare.net/ssusere62027/container-and-test-automation-management-practices-in-trendmicro

108 年 - 108 一般警察二等 網路與資訊安全(包括資訊安全技術與應用、資安事件處理)#76980
https://yamol.tw/exam.php?id=76980

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
7/9 物聯網資安產業標準之「智慧巴士廠商」輔導及推廣說明會
http://www.ttia-tw.org/news.php?wshop=ttia&Opt=detailed&tp=News&lang=zh-tw&news_id=22644

虎頭山創新園區開幕 蔡英文:搶先佈局AI物聯網
https://udn.com/news/story/6656/3878432

虎頭山創新園區 蔡英文:打造資安物聯網中心
http://bit.ly/2L2S7sR

蔡總統:AIoT是台灣產業方向
https://udn.com/news/story/7240/3879632

虎頭山創新園區 總統:布局人工智慧結合物聯網
https://news.tvbs.com.tw/politics/1151454

勒索蠕蟲病毒無孔不入 醫療服務停擺時有所聞 醫療物聯網易遭鎖定 機敏資料防護最關鍵
https://www.netadmin.com.tw/netadmin/zh-tw/trend/D2C851E0075A4F88AF8C8FA9A5E684CD

感測通訊走向數位化 IO-LINK奠定機聯網基礎
https://udn.com/news/story/11726/3883256

解決物聯網應用3大瓶頸,ITM國際信任機器開發區塊鏈IC解決方案
https://meet.bnext.com.tw/articles/view/45010

物聯網大商機!智慧聯網玩具爆炸性成長
https://technews.tw/2019/06/20/connected-play-toy-market-growth/

TensorFlow is dead, long live TensorFlow
https://hackernoon.com/tensorflow-is-dead-long-live-tensorflow-49d3e975cf04

Edge of tomorrow: Industrial IoT slowly assembles new modes of production
https://www.zdnet.com/article/edge-of-tomorrow-industrial-iot-slowly-assembles-new-modes-of-production/#ftag=RSSbaffb68

IoT devices to generate 79.4ZB of data in 2025, says IDC
https://www.zdnet.com/article/iot-devices-to-generate-79-4zb-of-data-in-2025-says-idc/#ftag=RSSbaffb68

6.近期資安活動及研討會
 JCConf Taiwan 2019 Call for Proposals  6/1 ~ 6/30
 https://twjug.kktix.cc/events/jcconf-2019-cfp

 2019 6月份 [email protected] 6/22(六) Working with PowerShell
 https://studyarea.kktix.cc/events/8a726f12-copy-1

 CCNS 定期聚 — 當 Python 遇上 JIT / PyPy 淺談  6/23
 https://ccns.kktix.cc/events/ccns-pypy-talk

 資安前哨站-獵殺封包 6/26
 https://www.it360.com.tw/live-detail.aspx?id=iT36000000000348

 智慧家庭IoT資安與個人隱私資安,如何防駭客,如何做防禦  6/27
 https://www.techbang.com/posts/70549-lecture-smart-home-network-security

 HackingThursday 固定聚會 6/27
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/

 天黑請閉眼,與駭客的對話  6/29
 https://tfc.kktix.cc/events/night-talk-hacking-hacker

 HackingThursday 固定聚會 7/4
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/

 2019 車用電子與車聯網資安種子教師研習營  7/4 ~ 7/5
 http://www.kghs.kh.edu.tw/notice/11734

 2019國際資訊安全組織台灣高峰會  7/9 ~ 7/11
 https://csa.kktix.cc/events/2019con

 Secure Summit APAC 2019 安全峰會 6 大領域提升資安水平  7/10 ~ 7/11
 http://bit.ly/2WbONh5

 工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
 https://www.accupass.com/event/1904080311551119077841

 HackingThursday 固定聚會 7/11
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/

 HackingThursday 固定聚會 7/18
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/

 資安產學高峰論壇 7/18
 https://www.accupass.com/event/1906140709596176666390

 資安趨勢研討會 7/18
 https://www.accupass.com/event/1906110041444881410360

 第12屆台盧(森堡)經濟合作會議  7/19
 http://registration.cieca.org.tw/visit/?d=74

 5G+IoT美麗新世界的資安挑戰與機會研討會 7/18
 http://iekweb2.iek.org.tw/IEKConf/Client/confinfo.aspx?mode=confinfo&conf_no=384953433

 HackingThursday 固定聚會 7/25
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/

 新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站​  7/26
 https://ievents.iii.org.tw/eventS.aspx?t=0&id=547

 CDX2.0推廣活動 - 台南場次  7/26
 https://nchc-cdx.kktix.cc/events/cdxactivity-0726

 資安事故處理實務課程 8/7 ~ 8/8
 http://bit.ly/2VW0Lv9

 DEF CON 27  2019/8/8–8/11
 https://www.defcon.org/

 數位鑑識處理實務 8/14 ~ 8/15
 http://bit.ly/2VW0Lv9

 台灣駭客年會 HITCON Summer Training 2019 - 學生報名  2019-08-19 ~ 2019-08-22
 https://www.accupass.com/event/1906050919271598677460

 WEB應用滲透測試 8/21 ~ 8/23
 https://www.accupass.com/event/1904080221358963463590

 台灣駭客年會 HITCON Community 2019  2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8)
 https://www.accupass.com/event/1906040921594609934250

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 108年資安職能訓練-行動裝置安全(8/29-8/30)
 https://cee.ksu.edu.tw/recruitinfo/1443.html

 CDX2.0推廣活動 - 台北場次 9/10
 https://nchc-cdx.kktix.cc/events/cdxactivity-0910

 TANET 2019 - 臺灣網際網路研討會  9/25
 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310

 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com


留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…

6月份資安、社群活動分享

6月份資安、社群活動分享

 學生資安新手村 相關活動整理  淡江大學場  工作坊  6/1(六) 10:00 - 16:00
 https://forms.gle/aBgGfLUYcvJh7hzk9

 學生資安新手村 相關活動整理  高雄科技大學場 06/02(日) 08:30~18:00
 https://nkust-itc.kktix.cc/events/security-beginner-workshop

 資安新手村-網站照妖鏡 SITCON x NKUST_CSIE & ITC  6/2
 https://nkust-itc.kktix.cc/events/security-beginner-workshop

 PyTorch Tainan x CCNS 聚會 #23  6/2
 https://pytorch-tainan.kktix.cc/events/2019-06-02-m23?fbclid=IwAR1s_n_piEyMN0e8NMHk-jjP97-1mjqI-favSKBAdxAglQ3j1aN17_fMmbk

 【課程】Raspberry Pi 相機 x OpenCV 進階應用:攝影拍照、人臉偵測、影像處理與實作 6/2
 https://www.techbang.com/posts/69830-course-raspberry-pi-camera-x-opencv-photo-photography-face-detection-image-processing-and-application

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 TW BECKS No.2 6/3
 https://becks.kktix.cc/events/20190603

 軟體安全性測試實務 6/3 ~ 6/4
 https://www.accupass.com/event/1904230701335964656400