跳到主要內容

資安事件新聞週報 2019/6/24 ~ 2019/6/28

資安事件新聞週報  2019/6/24  ~  2019/6/28

1.重大弱點漏洞/後門/Exploit/Zero Day
Samba 產品存在安全性弱點 CVE-2019-12435
https://www.samba.org/samba/security/CVE-2019-12435.html

TP-Link 路由器多個漏洞 CVE-2018-16119
https://nvd.nist.gov/vuln/detail/CVE-2018-16119

SAPIDO RB-1732 - Remote Command Execution
https://www.exploit-db.com/exploits/47031

Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution
https://www.exploit-db.com/exploits/47033

修補漏洞優先順序及效率研究
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16256

Exim存在遠端指令執行漏洞
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16257

UNC Path Injection with Microsoft Access
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/unc-path-injection-with-microsoft-access/

Oracle 發布安全更新 CVE-2019-2729
https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html#AppendixFMW

Oracle WebLogic伺服器存在安全漏洞(CVE-2019-2725與CVE-2019-2729)
http://net.nthu.edu.tw/netsys/mailing:announcement:20190621_01

f5 -- big-ip_access_policy_manager CVSS V3 7.8
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11477


ibm -- control_desk CVSS V3 8.5
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-4364

ibm -- tivoli_netcool/impact CVSS V3 7.7
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-4103

tp-link -- tl-wr1043nd_firmware CVE-2019-6971
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6971

sophos -- sfos CVE-2018-16117
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16117

webmin CVE-2019-12840
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12840

whatsapp
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20655
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-6350

Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
https://www.exploit-db.com/exploits/47039

多個漏洞影響Linux,FreeBSD內核
http://bit.ly/2KzBx4l

PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery
https://thehackernews.com/2019/06/microsoft-outlook-vulnerability.html

Pivotal Software Spring Security 安全漏洞 CVE-2019-11272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11272

Cisco 多個產品發布新的安全更新
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-sdwan-privesca
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass

思科修補DNA Center與SD-WAN 系統的重大漏洞
https://www.ithome.com.tw/news/131405

思科發布25個漏洞補丁,DNA中心嚴重漏洞,可打開內部服務的訪問
https://t.cj.sina.com.cn/articles/view/6586462001/188956f3100100ijuu

Firefox 0day 漏洞被用於攻擊Coinbase 僱員
https://www.solidot.org/story?sid=61075

Firefox 67.0.4 Released — Mozilla Patches Second 0-Day Flaw This Week
https://thehackernews.com/2019/06/firefox-0day-vulnerability.html

Tor Browser 8.5.2 Released — Update to Fix Critical Firefox Vulnerability
https://thehackernews.com/2019/06/tor-browser-firefox-hack.html

MongoDB 4.2 Introduces End-to-End Field Level Encryption for Databases
https://thehackernews.com/2019/06/mongodb-fle-data-encryption.html

Dell電腦預裝軟體SupportAssist含有可被接管的安全漏洞
https://www.ithome.com.tw/news/131451

Dell 呼籲數百萬使用者修補 SupportAssist 工具漏洞
https://blog.trendmicro.com.tw/?p=60961

Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers
https://thehackernews.com/2019/06/dells-supportassist-hacking.html

Linux 內核阻斷攻擊漏洞
https://www.hkcert.org/my_url/zh/alert/19062104

Apache Tomcat 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.2230/

RUBY ON RAILS的ACTIVE STORAGE 反序列化命令執行漏洞
https://nosec.org/home/detail/2723.html

Linux TCP "SACK PANIC" 遠程拒絕服務漏洞
https://www.zengjunpeng.com/?id=211

ISC BIND 阻斷攻擊漏洞
https://www.hkcert.org/my_url/zh/alert/19062101

Debian 發布安全更新修復近期披露的英特爾MDS 安全漏洞
https://www.chainnews.com/articles/029979751010.htm

MongoDB未授權訪問漏洞及加固
https://blog.csdn.net/wst0717/article/details/93479243

OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks
https://thehackernews.com/2019/06/openssh-side-channel-vulnerability.html

Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer
https://thehackernews.com/2019/06/vlc-media-player-hacking.html

FasterXML jackson-databind 安全漏洞 CVE-2019-12384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384

BlueStacks App Player 安全漏洞 CVE-2019-12936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12936

OpenJDK Docker 鏡像存在錯誤版本漏洞
https://www.infoq.cn/article/I_Wfu4eIJY7c52Prqoop

PowerDNS Authoritative Server 安全漏洞 CVE-2019-10163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10163

Microsoft is notifying users if their devices aren't ready for Windows 10 1903
https://www.zdnet.com/article/microsoft-is-notifying-users-if-their-devices-arent-ready-for-windows-10-1903/#ftag=RSSbaffb68

Account Takeover Vulnerability Found in Popular EA Games Origin Platform
https://thehackernews.com/2019/06/ea-origin-game-hacking.html

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
信用卡及金融卡身份詐欺案件在英國急遽增加
http://bit.ly/2x96BPQ

Visa亞太資安高峰會:支付資訊安全推動數位經濟發展
https://www.techbang.com/posts/70997-visa-asia-pacific-summit-payment-information-security-drives-digital-economy

金管會推開放銀行,採香港不立法模式
https://finance.technews.tw/2019/06/24/the-fsc-pushes-open-banks-and-adopts-hong-kongs-non-legislative-model/

客戶資料不再獨享…3階段「開放銀行」 下月啟動
https://udn.com/news/story/7239/3888637

倫敦地鐵站比特幣ATM瘋狂吐鈔被懷疑遭駭,該公司CEO表示:機器正常,只是客戶領太多錢罷了
https://www.techbang.com/posts/70899-london-underground-station-bitcoin-atm-spits-out-money-sparking-crowds-of-commuters

超商貨到付款 5,000 元內開放刷卡,擬年底前上路
https://finance.technews.tw/2019/06/21/convenience-store-5000-ntd-credit-card/

中國大陸深圳交易所:本周共對33起證券異常交易行為采取了自律監管措施
https://www.finet.hk/newscenter/news_content/5d0db747bde0b35bf2ad99be

保險業買ETN 金管會開放
https://money.udn.com/money/story/5607/3886169

系統性銀行 五家將入列
https://money.udn.com/money/story/5613/3890726

三中資銀行遭美點名替北韓洗錢 招商銀行股價大跌
https://money.udn.com/money/story/5599/3891646

中華民國銀行公會「銀行防制洗錢及打擊資恐注意事項範本」
https://www.selaw.com.tw/LawBasis.aspx?LawID=A040390041019800-1060628

中華民國銀行公會訂自律規範 挑合作對象首重資安
https://news.wearn.com/c255704.html

美十八大行壓測過關
http://bit.ly/2Yb7H9r

老行庫轉型拚消金 卻面臨人力流失困境
https://news.cnyes.com/news/id/4343944

日本金融業吹裁員風、傳大型保險公司將精簡4000人
https://news.cnyes.com/news/id/4345156

明台產物保險,發現 R-XSS 漏洞
https://zeroday.hitcon.org/vulnerability/ZD-2019-00377

7月起八大公股行庫分行 取消延長營業時間
http://bit.ly/2xdyMNg

中國大陸國內銀恐成美國針對對象 潛在風險有多高
http://bit.ly/2ZUJe91

中信證券eKYC線上錄影簽名功能,獲專利
https://www.chinatimes.com/realtimenews/20190626001394-260410?chdtv

中信證券eKYC線上錄影簽名功能,獲專利
https://www.chinatimes.com/realtimenews/20190626001394-260410?chdtv

2上櫃公司境外假交易逾百億 人頭公司負責人追加起訴
https://tw.news.appledaily.com/local/realtime/20190627/1590610/

勞退自選實驗平台爆逾6萬人搶報名 王儷玲籲升級2.0版
https://money.udn.com/money/story/5617/3894372

大陸核電裝機容量 全球第三 核保險行業標準出爐
https://money.udn.com/money/story/5605/3894851

中國銀行隆重召開慶祝中國共產黨成立98周年大會
http://www.boc.cn/big5/aboutboc/bi1/201906/t20190626_15524325.html

美國「威脅」中資三大銀行 貿易戰火或延至金融系統
http://bit.ly/2J9WVdq

防帳戶風險 企業核查系統上線
https://udn.com/news/story/7333/3894710

證券交易等監視委擬建議就戈恩案向日產開罰單
https://tchina.kyodonews.net/news/2019/06/c8bcb612bcbd.html

買藥不需到藥房 應用程式落單 ATM取藥
http://bit.ly/2XcLCek

大陸央行8月1日起整治亂開空頭支票行為
https://udn.com/news/story/7239/3892716

中國一家銀行涉嫌違反聯合國制裁北韓禁令 可能被拒進入美國金融系統
https://www.voacantonese.com/a/Chinese-Banksia-May-Face-US-Action-In-North-Korean-Sanctions-20190615/4972786.html

Investigators Probe Attacks on At Least 3 Bangladesh Banks
https://www.bankinfosecurity.in/investigators-probe-attacks-on-at-least-3-bangladesh-banks-a-12690

Despite Shift to EMV, ATM Fraud Persists
https://www.bankinfosecurity.asia/despite-shift-to-emv-atm-fraud-persists-a-12675

Three banks hit by cyberattacks
https://www.thedailystar.net/frontpage/news/three-banks-hit-cyberattacks-1760629

ATM Shimmers Supplanting Skimmers
https://www.flashpoint-intel.com/blog/atm-shimmers-supplanting-skimmers/

Hackers Favoring Shimmers Over Skimmers for ATM Attacks
https://www.securityweek.com/hackers-favoring-shimmers-over-skimmers-atm-attacks

3.電子支付/電子票證/行動支付/ pay/新聞及資安
手機綁一堆PAY 輕忽防盜曝隱私
https://m.ltn.com.tw/news/society/paper/1297740

推電子支付力拼金融科技轉型,一卡通靠IT建立支付生態系
https://www.ithome.com.tw/people/131432

Visa 發布《未來支付安全路線圖》 推4項重點措施
http://bit.ly/2xbs2zB

VISA支付安全路綫藍圖 代碼取代信用卡帳號
http://bit.ly/2N91hXf

【支付安全】網絡欺詐潛在風險日增 Visa倡商戶交易全面代碼化
https://hk.finance.appledaily.com/finance/realtime/article/20190624/59748666

自研AI系統升級 辨識交易時間快10倍
http://bit.ly/2LgXrJ2

與星巴克、微軟合作,Bakkt被爆將推加密支付APP
http://news.knowing.asia/news/a17fd6a8-f13f-40a3-90b7-244ebad0c3e8

無現金支付在夜巿 玉山行動銀行APP推出「掃碼支付」
http://bit.ly/2Lg4oue

Razer Pay 和 VISA 合作 購物消費更方便
http://bit.ly/2WXpQpW

雷蛇「撈過界」搞Fintech 夥VISA開發虛擬預付方式 
http://bit.ly/2ZJrjSu

台灣Pay是什麼?可以綁定哪些信用卡、金融卡
http://bit.ly/2J7KVcr

菲律賓版「支付寶」上線「植樹」功能
https://news.sina.com.tw/article/20190625/31751354.html

電子支付推出至今已裝2.2萬台設備
https://www.cyberctm.com/zh_TW/news/detail/2440679#.XRR6BugzbIU

銀聯電子支付將為找鋼網提供服務
https://read01.com/d020RGd.html#.XRR6CegzbIU

【北上消費】去深圳、廣州玩  必備的5款手機APP 
http://bit.ly/2RF4hJJ

2019支付安全新趨勢:Visa引入AI防詐欺並推動線上支付新標準
https://www.ithome.com.tw/news/131496

WhatsApp Pay Faces One More Hurdle
https://www.bankinfosecurity.in/whatsapp-pay-faces-one-more-hurdle-a-12674

4.虛擬貨幣/區塊鍊   新聞及資安
史上規模最大「東京 Coincheck 交易所駭客事件」案情逆轉,主謀可能是「俄羅斯駭客」
https://www.blocktempo.com/russian-hackers-may-have-carried-out-largest-ever-crypto-exchange-theft/

安全預警:互融雲交易所繫統存在高危漏洞,100多家交易所存在數據洩露風險
http://www.coinvoice.cn/41298.html

Bitfinex 預告 26 日進行停機系統升級、2016 年駭客案主謀已落網
https://blockcast.it/2019/06/24/bitfinex-going-offline-for-upgrade-on-26-israeli-brothers-arrested-for-2016-bitfinex-hack-case/

金融科技成為洗錢新工具? ICO的匿名和去中心化技術成為監管漏洞
http://bit.ly/2WVzRUt

科技部產學小聯盟 引領區塊鏈多元應用
https://www.chinatimes.com/newspapers/20190625000485-260210?chdtv

臉書發幣比特幣應聲破萬,各國監管部門眾說紛紜
http://news.knowing.asia/news/5cd58403-5373-4778-8bf5-19f234a15578

臉書推加密貨幣 澳洲央行:許多監管問題需要解決
https://ec.ltn.com.tw/article/breakingnews/2830995

英國央行總裁:主要央行將希望監管數字貨幣Libra
https://news.sina.com.tw/article/20190623/31722116.html

Libra「抄襲」比特幣?五個方面讀懂兩者的區別
https://news.sina.com.tw/article/20190622/31715906.html

刺激消費宣導市政 新北擬推「新北幣」
https://m.ltn.com.tw/news/local/paper/1298110

關注 Facebook 幣,金管會:若涉儲值跨境匯兌就要管
https://technews.tw/2019/06/22/facebook-libra/

陳其邁:政院將成立台灣區塊鏈聯盟
https://www.chinatimes.com/newspapers/20190626000299-260202?chdtv

陳其邁:高雄幣的應用範圍應該更大!從這三個例子來看「社區貨幣」的崛起
http://bit.ly/2xfSmbP

以太坊合成資產發行平台 Synthetix 遭遇攻擊損失 3700 萬枚代幣
https://news.cnyes.com/news/id/4345623

CEO驟逝而鎖死的虛擬貨幣 會計報告指生前早挪為私用
https://www.taiwannews.com.tw/ch/news/3731790

臉書貨幣Libra 英國央行擬允「隔夜存款」
http://bit.ly/31YRRkv

「臉書幣」Libra還沒上市 各國央行已深感威脅
https://www.cmmedia.com.tw/home/articles/16248

臉書幣可在台灣用? 涉及這兩件事 必須要金管會核准
https://ec.ltn.com.tw/article/breakingnews/2829699

SWIFT 宣布開放區塊鏈公司使用 GPI 即時支付
https://news.cnyes.com/news/id/4345645

電子支票將納加密貨幣交易
http://bit.ly/2Ljve4B

末日博士魯比尼:區塊鏈真的「去中心化」?它的集中程度超越北韓啊
https://buzzorange.com/techorange/2019/06/27/roubini-say-blockchain-is-a-liar/

Forget Bitcoin, Our Future is Moneyless
https://medium.com/swlh/forget-bitcoin-our-future-is-moneyless-b2d229accef3

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
Bitdefender與警方聯手釋出勒索軟體GandCrab最新版解密工具
https://www.ithome.com.tw/news/131326

勒索軟體「GandCrab」幕後駭客狂賺20億後宣布收手
https://cnews.com.tw/140190623a02/

佛州Riviera Beach市遭勒索軟體攻擊,市議會表決同意支付60萬美元贖金
https://www.ithome.com.tw/news/131422

遭勒索軟體攻擊的佛州Lake City,也同意支付42個比特幣的贖金
https://www.ithome.com.tw/news/131506

惡意軟體利用 Android 手機跟平板漏洞,用你的手機幫駭客挖礦
https://www.blocktempo.com/trendmicro-detects-crypto-mining-malware-affecting-android-devices/

Mac惡意程式OSX/Linker企圖開採Gatekeeper漏洞
https://www.ithome.com.tw/news/131485

雖然低調但依然存在的勒索病毒~使用 勒索病毒剋星 來遠離勒索病毒的威脅
https://blog.trendmicro.com.tw/?p=60927

勒索病毒導致美國俄亥俄州巴爾的摩郡政府以及兩家醫療機構服務暫時中斷
https://blog.trendmicro.com.tw/?p=60964

Two Florida Cities Paid $1.1 Million to Ransomware Hackers This Month
https://thehackernews.com/2019/06/florida-ransomware-attack.html

UK ransomware firm ‘helps’ victims by paying off hackers, tacking on massive fee
https://www.zdnet.com/article/sting-shows-ransomware-firm-helps-victims-by-paying-off-hackers-tacking-on-fee/#ftag=RSSbaffb68

Riltok banking trojan begins targeting Europe
https://www.terabitweb.com/2019/06/25/the-riltok-banking-trojan-has-set-its-sights-for-the-european-market-after-a-few-modifications/

This botnet exploits Android Debug Bridge to mine cryptocurrency on your device
https://www.zdnet.com/article/this-botnet-spreads-through-ssh-to-mine-for-cryptocurrency/#ftag=RSSbaffb68

New Bird Miner malware targets Mac pirates
https://www.zdnet.com/article/new-bird-miner-cryptocurrency-miner-targets-mac-pirates/#ftag=RSSbaffb68

New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched
https://thehackernews.com/2019/06/macos-malware-gatekeeper.html

New Mac malware abuses recently disclosed Gatekeeper zero-day
https://www.zdnet.com/article/new-mac-malware-abuses-recently-disclosed-gatekeeper-zero-day/#ftag=RSSbaffb68

New Mac cryptominer Malwarebytes detects as Bird Miner runs by emulating Linux
https://blog.malwarebytes.com/mac/2019/06/new-mac-cryptominer-malwarebytes-detects-as-bird-miner-runs-by-emulating-linux/

New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched
https://thehackernews.com/2019/06/macos-malware-gatekeeper.html

This Cryptomining Malware Launches Linux VMs On Windows and macOS
https://thehackernews.com/2019/06/emulated-malware.html

DanaBot Banking Trojan Upgraded with ‘Non Ransomware’ Module
https://www.bleepingcomputer.com/news/security/danabot-banking-trojan-upgraded-with-non-ransomware-module/

Ransomware DanaBot Banking Trojan con modulo No ransomware
https://www.clasesordenador.com/ransomware-danabot-banking-trojan-con-modulo-no-ransomware/index.html

Radiohead’s ransom response shows novel approach for ransomware victims
https://blog.malwarebytes.com/ransomware/2019/06/radioheads-ransom-response-shows-novel-approach-for-ransomware-victims/

DHS CISA warns of Iranian hackers' habit of deploying data-wiping malware
https://www.zdnet.com/article/dhs-cisa-warns-of-iranian-hackers-habit-of-deploying-data-wiping-malware/#ftag=RSSbaffb68

How past threats and technical developments influence the evolution of malware
https://www.helpnetsecurity.com/2019/06/24/evolution-of-malware/

Fake Game of Thrones Video Files Embedded with Malware
https://www.webtitan.com/blog/fake-game-of-thrones-video-files-embedded-with-malware/

Analysis of the Uroburos malware with REVEN
https://blog.tetrane.com/2019/Analysis-Uroburos-Malware-REVEN.html

Malicious SYLK Files with MS Excel 4.0 Macros
https://blog.nviso.be/2019/06/25/malicious-sylk-files-with-ms-excel-4-0-macros/

Sodinokibi Ransomware Now Pushed by Exploit Kits and Malvertising
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-now-pushed-by-exploit-kits-and-malvertising/

Riltok mobile Trojan: A banker with global reach
https://securelist.com/mobile-banker-riltok/91374/

Malicious URL attacks using HTTPS surge across the enterprise
https://www.zdnet.com/article/social-engineering-attacks-surge-across-the-enterprise/#ftag=RSSbaffb68

New Silex malware is bricking IoT devices, has scary plans
https://www.zdnet.com/article/new-silex-malware-is-bricking-iot-devices-has-scary-plans/#ftag=RSSbaffb68

'Legit Apps Turned into Spyware' Targeting Android Users in Middle East
https://thehackernews.com/2019/06/android-malware-hacking.html

Second Florida City Pays Up Following Ransomware Attack
https://www.bankinfosecurity.com/second-florida-city-pays-up-following-ransomware-attack-a-12693

Police Arrest 6 in $28 Million Cryptocurrency Fraud Probe
https://www.bankinfosecurity.com/police-arrest-6-in-28-million-cryptocurrency-fraud-probe-a-12691

MFSocket: A Chinese surveillance tool
https://medium.com/@fs0c131y/mfsocket-a-chinese-surveillance-tool-58e8850c3de4

New Silex malware is bricking IoT devices, has scary plans
https://www.zdnet.com/article/new-silex-malware-is-bricking-iot-devices-has-scary-plans/

Exclusive: German Police Raid OmniRAT Developer and Seize Digital Assets
https://thehackernews.com/2019/06/police-raid-omnirat-developer.html

ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit
https://blog.trendmicro.com/trendlabs-security-intelligence/shadowgate-returns-to-worldwide-operations-with-evolved-greenflash-sundown-exploit-kit/

Android ransomware research
https://blog.trustlook.com/android-ransomware-research/

ViceLeaker Operation: mobile espionage targeting Middle East
https://securelist.com/fanning-the-flames-viceleaker-operation/90877/

Riltok mobile Trojan: A banker with global reach
https://securelist.com/mobile-banker-riltok/91374/

B.行動安全 / iPhone / Android /穿戴裝置 /App
美國考慮禁使用中國製5G設備 諾基亞、愛立信恐受影響
http://bit.ly/2x9TQEF

華為手機很可怕?以色列駭客:從掃地機器人到iPhone,都會被駭
https://futurecity.cw.com.tw/article/719

李濠仲專欄:「隱私 就是iPhone」
https://www.upmedia.mg/news_info.php?SerialNo=65631

FB 高層開嗆蘋果:產品超貴、有錢人專用俱樂部
https://3c.ltn.com.tw/news/37202

Google Play Store 暗藏陷阱?研究指出超過 2000 款危險 App
https://3c.ltn.com.tw/news/37188

臺灣電信研發力! 國產5G兩大關鍵技術大公開
https://www.ithome.com.tw/news/131397

微信號地下交易 黑色產業鏈驚人
https://www.chinatimes.com/newspapers/20190627000220-260309?chdtv

Important Flaw in Outlook App for Android Affects Over 100 Millions Users
https://thehackernews.com/2019/06/outlook-app-android.html

Symantec Mobile Threat Defense: New Google Update Could Mitigate OAuth Misuse Risk
https://www.symantec.com/blogs/feature-stories/symantec-mobile-threat-defense-new-google-update-could-mitigate-oauth-misuse-risk

Huawei ramps up its technological Cold War propaganda
https://www.zdnet.com/article/huawei-ramps-up-its-technological-cold-war-propaganda/#ftag=RSSbaffb68

Mobile apps riddled with high-risk vulnerabilities, warns report
https://nakedsecurity.sophos.com/2019/06/24/mobile-apps-riddled-with-high-risk-vulnerabilities-warns-report/

Mobile stalkerware: a long history of detection
https://blog.malwarebytes.com/android/2019/06/mobile-stalkerware-a-long-history-of-detection/

New security challenges await 5G planners, say APAC experts
https://www.computerweekly.com/news/252465575/New-security-challenges-await-5G-planners-say-APAC-experts

Here's how I survived a SIM swap attack after T-Mobile failed me - twice
https://www.zdnet.com/article/how-i-survived-a-sim-swap-attack-and-how-my-carrier-failed-me/#ftag=RSSbaffb68

Remote code execution bug lurked in BlueStacks Android emulator
https://www.zdnet.com/article/remote-code-execution-bug-lurked-in-bluestacks-android-emulator/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
「人」是資安問題的癥結
https://www.edntaiwan.com/news/article/20190625NT71-are-people-the-problem-with-infosec

駭客入侵,害人不淺
http://www.csbc.com.tw/Community/108/1080626-1.php

早期警報預知事故發生 立即善後恢復日常營運 活用偵測原則做好把關 構築防禦長城決戰境外
https://www.netadmin.com.tw/netadmin/zh-tw/technology/E60F9D4E98C24FEFA78A0B8926B1516A

CSC宣布媒體業的網路安全調查結果
https://news.sina.com.tw/article/20190624/31728358.html

google帳號遭入侵 她報案怨遭警「半推半就」冷處理
https://news.ltn.com.tw/news/society/breakingnews/2835874

CloudFlare 多個代管網站因 BGP 路由洩露,一度無法連線
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=882

如何「看穿」駭客攻擊手法
https://www.ithome.com.tw/voice/131279

Nexusguard威脅報告顯示DDoS受僱型網站受聯邦調查局打擊後仍捲土重來
https://money.udn.com/money/story/12987/3890972

【PwC HackaDay 2019】科大生技壓黑客大賽 解題得分三年最高
http://bit.ly/2J8zy3N

【邪惡暗網侵台1】綁架暗殺交易平台 恐怖暗網在台擴散
https://www.mirrormedia.mg/story/20190625soc001

【邪惡暗網侵台2】嗆殺美女議員綁架富商 他們都躲在暗網裡
https://www.mirrormedia.mg/story/20190625soc002/

【邪惡暗網侵台3】女學生人間蒸發 他連殺13人從暗網學溶屍
https://www.mirrormedia.mg/story/20190625soc003/

【邪惡暗網侵台4】代刨祖墳扎愛滋針 各種犯罪暗網都有賣
https://www.mirrormedia.mg/story/20190625soc004/

【邪惡暗網侵台5】連FBI都抓不到 虛擬幣成暗網幫凶
https://www.mirrormedia.mg/story/20190625soc005/

【邪惡暗網侵台6】極血腥禁忌影像 暗網都找得到
https://www.mirrormedia.mg/story/20190625soc006/

【邪惡暗網侵台7】美軍實險室流出 加密情報網淪犯罪天堂
https://www.mirrormedia.mg/story/20190625soc007/

【邪惡暗網侵台8】連鎖飯店遭駭 1.3億人個資網路便宜賣
http://bit.ly/2xdcJ9F

傳微軟以資安為由,禁止員工用Slack,不鼓勵使用AWS、Google Docs等產品
https://www.ithome.com.tw/news/131438

美網安公司報告:華為設備有隱蔽通道 從未告知客戶
https://www.ntdtv.com/b5/2019/06/26/a102609965.html

【華為危機】設備系統存隱蔽後門 《華爾街日報》:可讓華為記錄訊息
https://hk.news.appledaily.com/china/realtime/article/20190627/59761918

華為半數以上電信設備有駭客能運用的漏洞,仍無法斷言是故意設計的後門
http://bit.ly/2KGqcPW

報告顯示華為設備遠比競爭對手設備更易受駭客攻擊
https://on.wsj.com/2J7KOxk

川習會前夕!傳華為員工曾跟解放軍合作、設備易遭駭
https://www.moneydj.com/KMDJ/News/NewsViewer.aspx?a=7059644b-6146-4945-9448-a4426dd899aa

美媒揭祕:華為員工與中共軍方合作研究
http://www.epochtimes.com/b5/19/6/27/n11348734.htm

TESLA導航系統出現漏洞,駭客輕鬆遠端攻擊
https://www.lian-car.com/articles/read/29131.html

Tesla 導航系統漏洞被發現,駭客能讓車突然急轉彎
https://auto.ltn.com.tw/news/12952/3

網路戰不分平時和戰時 關鍵時候突然致命一擊
http://bit.ly/2Jga199

如何應對國家級網路攻擊?像朱日和一樣用藍軍練兵
http://bit.ly/2J8vyAe

資安冏很大/盜帳號、奪虛寶…7成駭客抓不到
https://news.ltn.com.tw/news/society/paper/1297738

網路犯罪多!莫莉、蔡哥也遭殃 IP設海外「警破案率僅2成9」
https://www.ettoday.net/news/20190622/1472854.htm

中國大陸網絡安全漏洞將何去何從——簡析《網絡安全漏洞管理規定(徵求意見稿)》
http://www.junhe.com/law-reviews/967

為防網絡攻擊 中國召開工業信息安全大會
http://economics.dwnews.com/big5/news/2019-06-24/60138530.html

全球電信業者疑遭駭侵團體滲透,長期竊取通聯資料
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=883

中國政府是幕後主謀?駭客攻擊全球電信系統從事間諜活動
https://news.cnyes.com/news/id/4345950?exp=a

駭客猛攻各國電信公司 資安報告指出與中國有關
https://news.ltn.com.tw/news/world/breakingnews/2832991

報告:中國駭客長年駭入全球多家電信公司竊取個人通話資料,臺灣、香港被當成攻擊基地
https://www.ithome.com.tw/news/131476

Hackers steal data from telcos in espionage campaign: cyber firm
https://www.reuters.com/article/us-cyber-telecoms-cybereason/hackers-hit-global-telcos-in-espionage-campaign-cyber-research-firm-idUSKCN1TQ0BC

OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers

Chinese Hackers Play Operator With Global Telcos
https://www.bankinfosecurity.com/chinese-hackers-play-operator-global-telcos-a-12684

中國國安部駭客竊取商業機密 入侵IBM等全球8家科技廠網路系統
https://www.upmedia.mg/news_info.php?SerialNo=66107

中國駭客入侵 全球知名科技大廠遭殃
https://udn.com/news/story/6811/3895057

習近平剛走川普親筆信就來 美國北韓僵局露曙光
http://bit.ly/2FuqOnF

找到華為禁運黑名單中合法漏洞,美光悄悄恢復出貨
https://www.xfastest.com/thread-229902-1-1.html

華為設備比對手更容易受駭 美官員:無法接受的風險
https://udn.com/news/story/6811/3893383

東南亞給機會... 菲國開通5G 核心設備來自華為
http://bit.ly/2L7QRVc

美報告:華為設備有巨大漏洞
http://bit.ly/2xd6lPx

川普擬禁美企5G設備用中國貨 勢將撼動全球製造業
http://bit.ly/2WW0Uza

美參院通過草案 華為與中興列「國安威脅」
https://tw.news.appledaily.com/international/realtime/20190626/1590253/

台專家:資訊戰導致內戰 中共欲「讓台灣亂」
http://www.epochtimes.com/b5/19/6/23/n11341256.htm

要贏得川普信任,大疆擬推美國政府版無人機
https://technews.tw/2019/06/25/to-win-trumps-trust-dajiang-plans-to-push-the-us-government-version-of-the-drone/

美國對伊朗祭出「重磅」新制裁,誓言斬斷德黑蘭金融命脈
https://www.storm.mg/article/1419250?srcid=73746f726d2e6d675f6e756c6c_1561425054

CISA警告要小心伊朗的網路攻擊
https://www.ithome.com.tw/news/131452

美伊網攻開打 姿態強硬不退讓
http://bit.ly/2J3oQeV

不空襲但網攻,美國網軍攻擊伊朗軍事指揮設施
https://technews.tw/2019/06/24/no-airstrike-but-still-needs-cyber-attack-us-cyber-army-attacks-iranian-military-command-structure/

美伊局勢升溫 伊朗駭客攻擊美政府單位
https://udn.com/news/story/120591/3886639?from=udn-catelistnews_ch2

報復油輪遇襲 美網攻伊朗間諜組織
https://www.chinatimes.com/realtimenews/20190622002592-260408?chdtv

川普下令!美軍駭客對伊朗軍用電腦展開網路攻擊
https://m.ltn.com.tw/news/world/breakingnews/2830969

美軍網戰反恐 癱瘓伊朗火箭導彈發射系統
http://www.epochtimes.com/b5/19/6/23/n11340956.htm

川普下令網攻伊朗飛彈發射系統
https://www.chinatimes.com/newspapers/20190624000507-260119?chdtv

美國癱瘓伊朗飛彈系統 伊朗駭客偷襲美國政府
https://udn.com/news/story/6811/3888921

美伊網戰開打!美癱瘓伊飛彈系統 伊駭客攻美政府和油氣
http://www.mesotw.com/bbs/viewthread.php?tid=84973

美伊駭客開打!牛彈琴:人類戰爭史上第一次的「超限戰」開始了
https://www.ettoday.net/news/20190624/1474464.htm

「藍色,是烈士最喜歡的顏色」蘇丹遭全國斷網,聲援者在社群發動「藍色革命」
http://bit.ly/2LhqDzA

韓國政黨聲援香港反送中 臉書遭攻擊
http://www.epochtimes.com/b5/19/6/21/n11337770.htm

《蘋果》網站再遭攻擊 記者被電話騷擾 壹傳媒CEO:兵來將擋
https://tw.appledaily.com/new/realtime/20190622/1588087/

美國太空總署遭駭調查:駭客以Raspberry Pi作為跳板滲透NASA網路
https://www.ithome.com.tw/news/131423

駭客只用一塊樹莓派,就成功入侵 NASA
https://www.inside.com.tw/article/16711-hackers-steal-nasa-data-raspberry-pi

JPL探測火星資料遭駭 一年後才發現
https://udn.com/news/story/6812/3889560

NASA網路曾遭駭客入侵,火星義務數據被盜
http://bit.ly/2Nisyqe

駭客在去年利用樹莓派竊取 NASA 約 500MB 資料
https://www.cool3c.com/article/145295

國際產經:資安公司報告稱駭客闖入全球數家電信系統進行間諜活動,中國涉嫌重
http://bit.ly/2RwJR5z

Nexusguard威脅報告顯示DDoS受僱型網站受聯邦調查局打擊後仍捲土重來
https://money.udn.com/money/story/12987/3890972

DDoS Threat Report 2019 Q1
https://www.nexusguard.com/threat-report-q1-2019

IRANIAN HACKERS LAUNCH A NEW US-TARGETED CAMPAIGN AS TENSIONS MOUNT
https://www.wired.com/story/iran-hackers-us-phishing-tensions/

IRAN SHOOTS DOWN A U.S. DRONE, APPLE RECALLS MACBOOK BATTERIES, AND MORE NEWS
https://www.wired.com/story/iran-drone-surveillance-apple-macbook-recall/

US launches cyber-attack aimed at Iranian rocket and missile systems
https://www.zdnet.com/article/us-launches-cyber-attack-aimed-at-iranian-rocket-and-missile-systems/#ftag=RSSbaffb68

Data of 645k Oregonians exposed after nine DHS employees fell for a phishing attack
https://www.zdnet.com/article/data-of-645k-oregonians-exposed-after-nine-dhs-employees-fell-for-a-phishing-attack/#ftag=RSSbaffb68

NASA hacked because of unauthorized Raspberry Pi connected to its network
https://www.zdnet.com/article/nasa-hacked-because-of-unauthorized-raspberry-pi-connected-to-its-network/#ftag=RSSbaffb68

Free proxy service found running on top of 2,600+ hacked WordPress sites
https://www.zdnet.com/article/free-proxy-service-found-running-on-top-of-2600-hacked-wordpress-sites/#ftag=RSSbaffb68

OpenSSH gets protection against attacks like Spectre, Meltdown, Rowhammer, and Rambleed
https://www.zdnet.com/article/openssh-gets-protection-against-attacks-like-spectre-meltdown-rowhammer-and-rambleed/#ftag=RSSbaffb68

NASA's Jet Propulsion Lab a Frequent Hack Victim: Audit
https://www.bankinfosecurity.com/nasas-jet-propulsion-lab-frequent-hack-victim-audit-a-12679

Hackers breach NASA, steal Mars mission data
https://www.welivesecurity.com/2019/06/24/nasa-breach-mars-raspberry-pi/

DHS: Conflict With Iran Could Spur 'Wiper' Attacks
https://www.bankinfosecurity.co.uk/dhs-conflict-iran-could-spur-wiper-attacks-a-12682

U.S. Government Warns of Data Wipers Used in Iranian Cyberattacks
https://www.bleepingcomputer.com/news/security/us-government-warns-of-data-wipers-used-in-iranian-cyberattacks/

Alleged AlphaBay Moderator Faces Racketeering Charges
https://www.bankinfosecurity.com/alleged-alphabay-moderator-faces-racketeering-charges-a-12683

Anonymous hacker exposed after dropping USB drive while throwing Molotov cocktail
https://www.zdnet.com/article/anonymous-hacker-exposed-after-dropping-usb-drive-while-throwing-molotov-cocktail/#ftag=RSSbaffb68

RDP Security Explained
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/rdp-security-explained/

FedEx sues US over screening requirements in Huawei dispute as China tensions rise
https://www.cnbc.com/2019/06/25/fedex-sues-us-over-screening-requirements-in-huawei-dispute-as-china-tensions-rise.html

ICO slams UK Met Police for failure to handle public data requests
https://www.zdnet.com/article/ico-slams-metropolitan-police-service-for-public-data-request-backlog/

Tech Support Scammers Target Search Ads on ISP Start Pages
https://www.bleepingcomputer.com/news/security/tech-support-scammers-target-search-ads-on-isp-start-pages/

DDoS-for-Hire Services Doubled in Q1
https://www.darkreading.com/perimeter/ddos-for-hire-services-doubled-in-q1-/d/d-id/1335042

【HITCON 找人才 X 徵夥伴】We are hiring
https://blog.hitcon.org/2019/06/hitcon-job-hiring.html?m=1

中華電信換新血戰5G 估將招募1600人
http://bit.ly/2Ydx8Hy

徵才歷年之最 中華電招募1600人
https://www.chinatimes.com/newspapers/20190627000712-260110?chdtv

中華電信招新人 要建構500人AI團隊
https://udn.com/news/story/7269/3893195?from=udn-ch1_breaknews-1-cate9-news

中華電徵才 薪資上看48K
https://udn.com/news/story/7240/3893515

中華電因應退休潮 畢業季徵才起薪最高48K
https://www.cna.com.tw/news/afe/201906260214.aspx

中華電AI戰隊 擴至500人
https://money.udn.com/money/story/5612/3894898

[徵才] AI工程師_資策會資安所
https://www.ptt.cc/bbs/Soft_Job/M.1561183911.A.EAE.html

國網中心/網路與資安組 AI前瞻專案計畫人員/1名(AI-20)
https://www.104.com.tw/job/6iw17

兆豐銀行108年大數據人員暨資訊人員甄選
https://wwwfile.megabank.com.tw/news/news_01.asp?sno=2547

全端工程師
https://www.ditstartup.com/copy-of-hiskio

資安監控工程師(約聘)
https://www.104.com.tw/job/3iqxk

資安工程師
https://www.cakeresume.com/companies/pro-104-vip-cust-custmaster-cb82dc/jobs/security-engineer-8c991f

財團法人保險事業發展中心國際事務處徵求工讀人員1名
http://www.ins.tku.edu.tw/app/news.php?Sn=1427

商科系尤佳【年度熱門職缺】銀行存匯櫃員 ★ 月薪30000起,完善訓練與福利 (新北 ) 1688-D25
https://www.104.com.tw/job/6nlov?jobsource=freshman2009

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
網購化妝品險被詐 付款後網頁變英文
https://news.ltn.com.tw/news/society/breakingnews/2826394

香港上海滙豐銀行有限公司6月21日發布偽冒電子郵件網路釣魚活動聲明
https://www.about.hsbc.com.hk/-/media/hong-kong/zh-hk/news-and-media/190621-hsbc-warns-against-phishing-email-chi.pdf

新加坡銀行於6月24日發布公告發現2個偽冒釣魚網站
https://www.bankofsingapore.com/media-releases/2019/alert-on-two-fraudulent-mobile-applications-24-jun.html

東亞銀行於6月24日發布公告發現偽冒釣魚網站
https://www.hkbea.com/pdf/tc/about-bea/new-release/2019/20190624tc.pdf

一頁式廣告詐騙 刑事局揭6大特徵
https://www.cna.com.tw/news/asoc/201906260208.aspx

臉書一頁式詐騙夯! 資安公司供LINE防詐機器人防堵
https://www.ettoday.net/news/20190626/1475928.htm

侯昌明、曾雅蘭照片遭盜 刑事局:一頁式廣告充滿詐騙
https://news.ltn.com.tw/news/society/breakingnews/2834465

當心! 網徵「手遊測試員」 民憂恐成盜刷幫兇
https://news.tvbs.com.tw/life/1155494

最常遭到網釣攻擊濫用的品牌前三名為微軟、OneDrive與蘋果
https://www.ithome.com.tw/news/131487

重大資安漏洞!銓敘部驚傳近60萬筆公務人員個資外洩
https://www.ftvnews.com.tw/news/detail/2019625W0001

銓敘部遭駭,超過20萬名中央及地方公務官員個資外洩
https://www.ithome.com.tw/news/131450

政府資安再傳重大漏洞!銓敘部坦承:24萬筆文官個資外泄
https://www.storm.mg/article/1419813?srcid=73746f726d2e6d675f6e756c6c_1561430554

銓敘部個資外洩通知
https://www.mocs.gov.tw/pages/detail.aspx?Node=38&Page=6144&Index=1

銓敘部外洩59萬筆個資 調查局積極追駭客
https://news.tvbs.com.tw/local/1155424

59萬個資外洩 陳其邁:力堵資安漏洞
https://udn.com/news/story/6656/3891530?from=udn-ch1_breaknews-1-cate1-news

歷史資料外洩 銓敘部全面檢視資安防護
https://www.chinesenews-tv.com/index.php?s=/Article/detail/id/5975.html

顢頇銓敘部爆狂洩個資 陳其邁說話了
http://bit.ly/2X1M5uP

獨》國安危機 銓敘部個資外洩情治人員全都露
https://www.chinatimes.com/realtimenews/20190626001266-260402?chdtv

數十萬文官個資外洩 立委:推電子投票宜三思
http://bit.ly/2xgfyqx

24萬文官資料外洩 調查局立案調查
https://udn.com/news/story/6656/3894939

銓敘部文官個資外洩 陳其邁:全力清查資安漏洞
https://news.wearn.com/c256823.html

文官資料遭駭 國安局:調查局已立案偵辦
https://udn.com/news/story/6656/3894432

銓敘部個資外洩 國安局:調查局已立案偵辦
https://www.cna.com.tw/news/aipl/201906260316.aspx

股神波克夏公司旗下房地產APP 遭爆洩漏用戶個資
https://ec.ltn.com.tw/article/breakingnews/2829924

英首相熱門人選陷暗殺疑雲 俄製假新聞被抓包
https://tw.news.appledaily.com/international/realtime/20190624/1588789/

釣魚電郵攻美政府 伊朗處決CIA間諜
https://tw.news.appledaily.com/international/realtime/20190624/1588788/

搜集喜好、記錄定位、記得你網購內衣的顏色…華郵專欄作家:Chrome是網路世界最大偷窺狂
https://www.storm.mg/article/1415413?srcid=73746f726d2e6d675f6e756c6c_1561359820

臉書小測驗 暗藏個資外洩危機
http://bit.ly/2KzUx2E

在社交媒體打卡 小心引賊入室
https://udn.com/news/story/6812/3895801

窮錯了嗎?「存款只剩一千塊」 詐騙集團嗆:可以去死了
https://www.nownews.com/news/20190623/3457347/

理財分析師1人飾多角 長沙男子假冒證券公司人員詐騙
https://news.sina.com.tw/article/20190623/31722816.html

利用「系統漏洞」刷單獲利885萬,是詐騙還是盜竊
https://kknews.cc/society/gjknbq9.html

日護衛艦長打海盜邊打卡!GPS定位全曝光
https://fnc.ebc.net.tw/FncNews/world/85886

高級督察及助理指揮官資料被公開 警方:跟進到底
http://bit.ly/2xeRZ1p

國際駭客集團向港府宣戰!公布628名港警個資
https://news.ltn.com.tw/news/world/breakingnews/2835708

遺失手機洩個資? 急清除資料「防盜刷」
http://bit.ly/2IRDozx

華美電子海外假交易掏空42億 共犯到案遭訴
https://udn.com/news/story/7321/3895316

假交友真詐騙 國壽客服成功攔阻老翁匯出50萬
https://m.ctee.com.tw/livenews/ch/a91617002019062615175242

User data stolen from ‘human hacking’ forum Social Engineered, published on rival site
https://www.zdnet.com/article/user-data-stolen-from-human-hacking-forum-social-engineered-published-on-rival-site/#ftag=RSSbaffb68

Government is exposing identities of child abuse victims
https://nakedsecurity.sophos.com/2019/06/21/government-is-exposing-identities-of-child-abuse-victims/

Fresh “video games” site welcomes new users with Steam phish
https://blog.malwarebytes.com/social-engineering/2019/06/fresh-video-games-site-welcomes-new-users-with-steam-phish/

Report shows failures at eight US agencies in following cyber-security protocols
https://www.zdnet.com/article/report-shows-failures-at-eight-us-agencies-in-following-cyber-security-protocols/#ftag=RSSbaffb68

E.研究報告
Elastic在套裝軟體加入SIEM網路安全工具
https://www.ithome.com.tw/news/131488

TP-Link Wi-Fi擴展器遠程代碼執行漏洞分析
https://zhuanlan.zhihu.com/p/70093955

CVE-2019-8452:Check Point VPN本地提權漏洞分析
https://www.anquanke.com/post/id/181006

DACL Permissions Overwrite Vulnerability in Check Point VPN CVE-2019-8452
https://bordplate.no/blog/en/post/check-point-file-permissions-overwrite/

“方程式組織”攻擊中東SWIFT服務商事件复盤分析報告
https://www.freebuf.com/articles/paper/205080.html

利用ike-scan與psk-crack破解預先共用的金鑰
https://www.uuu.com.tw/Public/content/article/19/20190624.htm

【駭客戰略定義更廣、偵測類別定義更細】快速認識ATT&CK框架的最新變化
https://www.ithome.com.tw/news/131275

CVE-2019-0948:Microsoft Management Console (MMC)漏洞
https://xz.aliyun.com/t/5439

ThinkPHP5漏洞分析之SQL注入
https://www.freebuf.com/column/206599.html

漏洞環境快速搭建_Vulhub
https://www.lizenghai.com/archives/13269.html

為什麼國際頂級黑客,幾乎都是自學成才
https://read01.com/J8DJRjG.html#.XRBmSugzbIU

Nikto漏洞掃描工具簡介
https://zhuanlan.zhihu.com/p/70225775

網站滲透測試服務之短信轟炸漏洞挖掘與修復
http://blog.itpub.net/31542418/viewspace-2648424/

Web漏洞監測及修復方案
https://www.twblogs.net/a/5d101e86bd9eee1ede048d70

路由器0day漏洞挖掘實戰
https://www.anquanke.com/post/id/180714

非對稱式Security Boot/Security Update的實作
http://www.ctimes.com.tw/DispArt/tw/1906251409D7.shtml

vSAN 6.7 Update 1 的 RSS Engine 問題導致 PSOD
https://www.weithenn.org/2019/06/vsan-67-update-1-rss-engine-psod.html

CVE-2019-8635:MacOS的提權及任意代碼執行漏洞分析
https://www.anquanke.com/post/id/180880

使用honggfuzz挖掘VLC的一個雙無RCE漏洞
https://www.anquanke.com/post/id/181017

結合CVE-2019-1040 漏洞的兩種域提權利用深度分析
https://paper.seebug.org/962/

CVE-2019-12592:印象筆記Chrome擴展漏洞分析
https://cloud.tencent.com/developer/article/1450855

TenSec 2019 安全議題ppt 公開
https://share.weiyun.com/5NJL3uq

Linux 內核TCP 協議多個SACK 功能拒絕服務漏洞分析
https://paper.seebug.org/960/

CVE-2019-11477:Linux 內核中TCP協議棧整數溢出漏洞詳細分析
https://paper.seebug.org/959/

Ptsecurity發布的《2019手機應用漏洞與威脅報告》
http://bit.ly/2FESk1K

DarkHotel 針對中國外貿人士的最新攻擊活動披露
https://s.tencent.com/research/report/741.html

Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques
https://link.springer.com/article/10.1007/s11416-019-00335-w

Operation Crack: Hacking IDA Pro Installer PRNG from an Unusual Way
https://devco.re/blog/2019/06/21/operation-crack-hacking-IDA-Pro-installer-PRNG-from-an-unusual-way-en/

CPR-Zero: The Check Point Research Vulnerability Repository - Check Point Research
https://research.checkpoint.com/cpr-zero-the-check-point-research-vulnerability-repository/

Linux.Ngioweb Malware
https://blog.netlab.360.com/an-analysis-of-linux-ngioweb-botnet/

Dark Tracer
http://darktracer.io/

mozilla/MozDef
https://github.com/mozilla/MozDef

The deep-dive into how Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Monday
https://blog.cloudflare.com/the-deep-dive-into-how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-monday/

20 Hours, $18, and 11 Million Passwords Cracked
https://hackernoon.com/20-hours-18-and-11-million-passwords-cracked-c4513f61fdb1

CVE-2019-8635: Double Free Vulnerability in Apple macOS Lets Attackers Escalate System Privileges and Execute Arbitrary Code
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-8635-double-free-vulnerability-in-apple-macos-lets-attackers-escalate-system-privileges-and-execute-arbitrary-code/

How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today
https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/#disqus_thread

Building a Malware Analysis Lab: Become a Malware Analysis Hunter in 2019
https://www.alienvault.com/blogs/security-essentials/building-a-home-lab-to-become-a-malware-hunter-a-beginners-guide

Buffer Overflows, C Programming, NSA GHIDRA and More
https://www.exploit-db.com/docs/47032

Flaws in the BlueStacks Android emulator allows remote code execution and more
https://www.chainnews.com/articles/187604605853.htm

Apple TV and Apple Watch Forensics 01: Acquisition
https://blog.elcomsoft.com/2019/06/apple-tv-and-apple-watch-forensics-01-acquisition/

Apple Watch Forensics 02: Analysis
https://blog.elcomsoft.com/2019/06/apple-watch-forensics-02-analysis/

F5 Networks Endpoint Inspector – Browser-to-RCE
https://www.pentestpartners.com/security-blog/f5-networks-endpoint-inspector-browser-to-rce/

olafhartong/sysmon-cheatsheet
https://github.com/olafhartong/sysmon-cheatsheet

VulnerableContainers.org
https://vulnerablecontainers.org/

MobilBye: Attacking ADAS with Camera Spoofing
https://arxiv.org/abs/1906.09765

Skiptracing Part 2: iOS
https://medium.com/@lerner98/skiptracing-part-2-ios-3c610205858b

Windows: Windows Font Cache Service Insecure Sections EoP - project-zero - Monorail
https://bugs.chromium.org/p/project-zero/issues/detail?id=1800

Hexext - A plugin for extending Hexrays 7.0 via microcode
https://forum.reverse4you.org/t/hexext-a-plugin-for-extending-hexrays-7-0-via-microcode/10631

tarantula-team/CVE-2019-12949
https://github.com/tarantula-team/CVE-2019-12949/

Thumbs Up: Using Machine Learning to Improve IDA’s Analysis
https://research.checkpoint.com/thumbs-up-using-machine-learning-to-improve-idas-analysis/

fox-it/cve-2019-1040-scanner
https://github.com/fox-it/cve-2019-1040-scanner

Running iOS in QEMU to an interactive bash shell (2): research
https://alephsecurity.com/2019/06/25/xnu-qemu-arm64-2/

mgeeky/Stracciatella
https://github.com/mgeeky/Stracciatella

Self-defenseless – Exploring Kaspersky’s local attack surface
https://blog.silentsignal.eu/2019/06/24/self-defenseless-exploring-kasperskys-local-attack-surface/

0xffff0800/muddyc3
https://github.com/0xffff0800/muddyc3

F.商業
中華電信攜手 Akamai,建立內容遞送網路服務策略夥伴關係
http://technews.tw/2019/06/20/cht-wz-akamai-on-cdn/

何謂託管式偵測及回應 ( MDR )
https://blog.trendmicro.com.tw/?p=60557

精誠再辦攻防電競賽 模擬企業運營資安問題
https://www.cna.com.tw/news/ait/201906250067.aspx

評估資安設備需多方考量,不能只看廠商資料表
https://ithome.com.tw/news/131386

企業的下一個挑戰:如何為全公司的容器和大型應用程式提供最佳防護
https://blog.trendmicro.com.tw/?p=60583

雲端資安需求成長空間仍大 Palo Alto藉AI與ML建立防護模型
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000562936_70z8vvey4y4gnh5y07ek5

不靠電信商自己來!Google開發新一代免收費的簡訊服務RCS
https://www.techbang.com/posts/70948-dont-rely-on-the-telecommunications-company-itself-google-develops-next-generation-fee-free-messaging-service-rcs

整合4大雲端資安防護 Palo Alto Networks推出「Prisma」
https://www.ettoday.net/news/20190625/1475134.htm

精誠宣布結盟美軟體新創 助企業加速朝雲發展
https://udn.com/news/story/7240/3895902

未來數位科技安全該如何認識合格供應商與信賴服務供應商
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=8733

讓用戶安心上雲!資安大廠Palo Alto Networks接連併購2家新創,還推出新防護工具
http://bit.ly/2Yh1Nne

企業的下一個挑戰:如何為全公司的容器和大型應用程式提供最佳防護
https://blog.trendmicro.com.tw/?p=60583

微軟為你打造 OneDrive 當中的「金庫」
http://chinese.engadget.com/2019/06/26/microsoft-onedrive-personal-vault-security-2fa-storage-increase/

Oracle adds dedicated Autonomous Database instances, developer tools
https://www.zdnet.com/article/oracle-adds-dedicated-autonomous-database-instances-developer-tools/#ftag=RSSbaffb68

Microsoft Adds 2FA-Protected "Personal Vault" Within OneDrive Cloud Storage
https://thehackernews.com/2019/06/microsoft-onedrive-personal-vault.html

Microsoft's new Windows Terminal is now available in the Store
https://www.zdnet.com/article/microsofts-new-windows-terminal-is-close-to-release-in-the-store/#ftag=RSSbaffb68

McAfee sues former sales team over alleged leak of trade secrets to rival firm
https://www.zdnet.com/article/mcafee-sues-former-employees-over-alleged-leak-of-trade-secrets-to-rival-firm/#ftag=RSSbaffb68

G.政府
打假訊息!政院通過修法 散播動植物疫情謠言者最高罰100萬
https://tw.news.appledaily.com/politics/realtime/20190627/1590696/

李副總長主持東部網安講習 落實資安防護作為
https://n.yam.com/Article/20190624679685

網安巡迴講習 落實資安管控降風險
http://bit.ly/2JarNu6

通資安全即軍紀安全 國軍落實營區安全資訊管控
https://www.ettoday.net/news/20190625/1474484.htm

網安巡講到金門 落實資安防駭
http://bit.ly/2IQ1Z7O

韓國瑜「浴缸塞子說」爆資安危機 神秘人「冒充2親信」竊取講稿
https://www.ettoday.net/news/20190626/1475592.htm

冒名韓親信 駭客入侵竊講稿
https://www.chinatimes.com/newspapers/20190627000663-260102?chdtv

幕僚電郵遭冒名竊講稿 韓國瑜:非常可怕
https://udn.com/news/story/11311/3894908

駭客對韓國瑜展開攻擊
http://blog.udn.com/Horace2007/127770854

韓早就懷疑被監控? 換辦公室、不住官邸
https://udn.com/news/story/11311/3894940

募兵大躍進 國防部長嚴德發:明年可達編現90%
https://tw.news.appledaily.com/politics/realtime/20190627/1590648/

資安稽核程序與項目
http://bit.ly/2IUf14c

資通支援一大隊 漢光實兵資安保密暨行安講習
https://tnews.cc/022/newscon1_220806.htm

H.ICS/SCADA 工控系統
奇安信左英男:工業主機和工業大數據安全問題亟待解決
https://news.sina.com.tw/article/20190623/31720698.html

中國工業系統問題多 安全公司:50%中毒、100%有漏洞
http://bit.ly/2FvycyW

中國5G面臨風險 過半工控系統帶毒運行
http://www.epochtimes.com/b5/19/6/24/n11343105.htm

一個工控漏洞引發的思考
http://www.sohu.com/a/322769368_354899

advantech -- webaccess CVE-2019-3953
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3953

advantech -- webaccess CVE-2019-3954
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3954

healthnode_hospital_management_system_project CVE-2018-17393
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17393

I.教育訓練
Web安全滲透之經典漏洞解析
https://www.bilibili.com/video/av56820183/

Bypassing SSRF Protection
https://medium.com/@vickieli/bypassing-ssrf-protection-e111ae70727b

Google Docs help: How to restore your original version after collaborators make a mess
https://www.zdnet.com/article/google-docs-tip-how-to-restore-your-original-version-after-collaborators-make-a-mess/#ftag=RSSbaffb68

WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
http://bit.ly/2YaHl7B

Google CTF Quals 2019 - JIT (pwn)
https://blog.idiot.sg/2019-06-24/google-ctf-quals-2019-jit/

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
谷歌證實二手Nest安防攝像頭或被窺視 現已打上補丁
https://news.sina.com.tw/article/20190621/31714632.html

IoT 物聯網裝置的四個資安風險
https://blog.trendmicro.com.tw/?p=60834

歐盟委員會本周料發布AI指引
https://on.wsj.com/2Fwlgct

IoTセキュリティチェックリスト
https://www.jpcert.or.jp/research/IoT-SecurityCheckList.html

Labs report: Malicious AI is coming—is the security world ready
https://blog.malwarebytes.com/artificial-intelligence/2019/06/labs-report-malicious-ai-is-coming-is-the-security-world-ready/

6.近期資安活動及研討會
 JCConf Taiwan 2019 Call for Proposals  6/1 ~ 6/30
 https://twjug.kktix.cc/events/jcconf-2019-cfp

 天黑請閉眼,與駭客的對話  6/29
 https://tfc.kktix.cc/events/night-talk-hacking-hacker

 Security Transformation for Next Generation 數位資安AI化 次世代轉型研討會  7/4
 http://tw.systex.com/20190704_security_seminar_fb/

 香港浸會大學國際學院7月6日舉辦「升學資訊日」7/6
 http://bit.ly/2X77BDq

 HackingThursday 固定聚會 7/4
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/

 2019 車用電子與車聯網資安種子教師研習營  7/4 ~ 7/5
 http://www.kghs.kh.edu.tw/notice/11734

 2019國際資訊安全組織台灣高峰會  7/9 ~ 7/11
 https://csa.kktix.cc/events/2019con

 Secure Summit APAC 2019 安全峰會 6 大領域提升資安水平  7/10 ~ 7/11
 http://bit.ly/2WbONh5

 工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
 https://www.accupass.com/event/1904080311551119077841

 HackingThursday 固定聚會 7/11
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/

 智慧金屬與物聯網資安座談會  7/15
 https://seminars.tca.org.tw/D15e02242.aspx

 【資安講座】企業電子郵件資安,釣魚郵件與郵件詐騙解析、最新防護技術發展,更新大家的資安知識 7/16
 https://www.techbang.com/posts/70854-lecture-corporate-email-security

 HackingThursday 固定聚會 7/18
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/

 資安產學高峰論壇 7/18
 https://www.accupass.com/event/1906140709596176666390

 資安趨勢研討會 7/18
 https://www.accupass.com/event/1906110041444881410360

 第12屆台盧(森堡)經濟合作會議  7/19
 http://registration.cieca.org.tw/visit/?d=74

 5G+IoT美麗新世界的資安挑戰與機會研討會 7/18
 http://iekweb2.iek.org.tw/IEKConf/Client/confinfo.aspx?mode=confinfo&conf_no=384953433

 HackingThursday 固定聚會 7/25
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/

 新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站​  7/26
 https://ievents.iii.org.tw/eventS.aspx?t=0&id=547

 CDX2.0推廣活動 - 台南場次  7/26
 https://nchc-cdx.kktix.cc/events/cdxactivity-0726

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

 資安事故處理實務課程 8/7 ~ 8/8
 http://bit.ly/2VW0Lv9

 DEF CON 27  2019/8/8–8/11
 https://www.defcon.org/

 數位鑑識處理實務 8/14 ~ 8/15
 http://bit.ly/2VW0Lv9

 台灣駭客年會 HITCON Summer Training 2019 - 學生報名  2019-08-19 ~ 2019-08-22
 https://www.accupass.com/event/1906050919271598677460

 WEB應用滲透測試 8/21 ~ 8/23
 https://www.accupass.com/event/1904080221358963463590

 台灣駭客年會 HITCON Community 2019  2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8)
 https://www.accupass.com/event/1906040921594609934250

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 108年資安職能訓練-行動裝置安全(8/29-8/30)
 https://cee.ksu.edu.tw/recruitinfo/1443.html

 CDX2.0推廣活動 - 台北場次 9/10
 https://nchc-cdx.kktix.cc/events/cdxactivity-0910

 TANET 2019 - 臺灣網際網路研討會  9/25
 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310

 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/


留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…

6月份資安、社群活動分享

6月份資安、社群活動分享

 學生資安新手村 相關活動整理  淡江大學場  工作坊  6/1(六) 10:00 - 16:00
 https://forms.gle/aBgGfLUYcvJh7hzk9

 學生資安新手村 相關活動整理  高雄科技大學場 06/02(日) 08:30~18:00
 https://nkust-itc.kktix.cc/events/security-beginner-workshop

 資安新手村-網站照妖鏡 SITCON x NKUST_CSIE & ITC  6/2
 https://nkust-itc.kktix.cc/events/security-beginner-workshop

 PyTorch Tainan x CCNS 聚會 #23  6/2
 https://pytorch-tainan.kktix.cc/events/2019-06-02-m23?fbclid=IwAR1s_n_piEyMN0e8NMHk-jjP97-1mjqI-favSKBAdxAglQ3j1aN17_fMmbk

 【課程】Raspberry Pi 相機 x OpenCV 進階應用:攝影拍照、人臉偵測、影像處理與實作 6/2
 https://www.techbang.com/posts/69830-course-raspberry-pi-camera-x-opencv-photo-photography-face-detection-image-processing-and-application

 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/

 TW BECKS No.2 6/3
 https://becks.kktix.cc/events/20190603

 軟體安全性測試實務 6/3 ~ 6/4
 https://www.accupass.com/event/1904230701335964656400