跳到主要內容

資安事件新聞週報 2019/6/3 ~ 2019/6/7

資安事件新聞週報  2019/6/3  ~  2019/6/7

1.重大弱點漏洞/後門/Exploit/Zero Day
Zimbra Collaboration Suite 信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15131

ZyXEL P-660HN-T1 V2 Missing Authentication / Password Disclosure
https://packetstormsecurity.com/files/153144/zyxelp660hn-bypass.txt

Fortinet產品存在多個漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1440

phpMyAdmin 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.2016/

New RCE vulnerability impacts nearly half of the internet's email servers
https://www.zdnet.com/article/new-rce-vulnerability-impacts-nearly-half-of-the-internets-email-servers/#ftag=RSSbaffb68

Huawei P30和Huawei P30 Pro 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5307

京晨科技(NUUO Inc.)網路監控錄影系統(Network Video Recorder, NVR)存在安全漏洞(CVE-2019-9653)
http://net.nthu.edu.tw/2009/mailing:announcement:20190606_01

Apache Jenkins Exploited to Mine Monero Cryptocurrency
https://medium.com/pwnpizza/apache-jenkins-exploited-to-mine-monero-cryptocurrency-dc9a7281c663

Google研究人員發現微軟記事本漏洞
https://www.ithome.com.tw/news/131044

文本編輯器Vim/Neovim被曝任意代碼執行漏洞,含POC
http://bit.ly/2JZrMft

校園數位學習平台 WMP 智慧大師含有 Command Injection 漏洞
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=3003

HTC VIVEPORT 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12176

Oracle MySQL Server組件未授權操作漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2019-07347

Cisco IOS軟件認證繞過漏洞(CVE-2019-1758)
https://www.linuxidc.com/Linux/2019-06/158980.htm

思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

Micro Focus Service Manager 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11646

IBM PureApplication System 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4235

FreeBSD bro 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12175

Liferay Portal 7.1 CE GA4跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6588

Laravel 5.8 SQL 注入漏洞詳解
https://xz.aliyun.com/t/5331

macOS 0-Day Flaw Lets Hackers Bypass Security Features With Synthetic Clicks
http://bit.ly/2IwAvTt

macOS零日漏洞曝光,允許黑客繞過系統安全功能執行惡意代碼
https://zhuanlan.zhihu.com/p/68010379

前NSA研究員發現Mac漏洞安全提示可被“合成點擊”繞過
https://www.aqniu.com/news-views/49503.html

Nvidia修補GeForce Experience漏洞
https://www.ithome.com.tw/news/131059

pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting
https://www.exploit-db.com/exploits/46936

Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)
https://www.exploit-db.com/exploits/46942

HP Service Manager SQL注入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6494

Docker暴安全漏洞主機文件有被獲取讀寫權限的風險
http://www.dalbll.com/Group/Topic/IT/8324

戴爾電腦預裝軟件嚴重漏洞使用戶易受局域網劫持
http://www.sohu.com/a/318306744_621613?sec=wd

Android 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19060401

Apache Hadoop遠程權限提升漏洞(CVE-2018-8029)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029

Oracle MySQL Server拒絕服務漏洞
https://www.oracle.com/technetwork/security-advisory/cpuapr2019verbose-5072824.html

OneLogin ruby​​-saml身份驗證繞過漏洞
https://github.com/onelogin/ruby-saml

Linux Kernel 'marvell/mwifiex/scan.c'堆溢出漏洞(CVE-2019-3846)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3846

Red Hat JBoss 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.1949/

Lenovo Bootable Generator代碼問題漏洞
https://support.lenovo.com/us/en/product_security/LEN-25401

Artifex MuJS棧緩衝區溢出漏洞
https://github.com/ccxvii/mujs/commit/da632ca08f240590d2dec786722ed08486ce1be6

0patch出面修補了Windows工作排程器漏洞
https://www.ithome.com.tw/news/131109

微軟公告目前仍有超過 100 萬 Windows 裝置存在嚴重漏洞
http://bit.ly/2Wq45Ul

微軟警告XP、Win7用戶 逾100萬裝置有惡意攻擊風險
http://www.limedia.tw/tech/4441/

微軟視窗遠端桌面服務網路級身分驗證繞過保安限制漏洞
https://www.hkcert.org/my_url/zh/alert/19060502

為了緩解舊版win10中的這些漏洞,Microsoft今天發布了以下新更新
http://www.ylmfwin100.com/ylmf/14582.html

Windows 10 RDP漏洞可讓駭客綁架連線
https://www.ithome.com.tw/news/131133?fbclid=IwAR0_Ec9EowlWa6_985hy1YKi1cFrvVo6vMlsRZk2j4T2nNC0Fl0pU6gHTNg

Microsoft Word信息泄露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0561

Microsoft Edge和ChakraCore緩衝區溢出漏洞
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0914

Microsoft Windows內核信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0536

Windows 10 RDP漏洞可讓駭客綁架連線
https://www.ithome.com.tw/news/131133

Microsoft issues second warning about patching BlueKeep as PoC code goes public
https://zd.net/2KBic1R

Microsoft Sounds Second Alarm Over BlueKeep Vulnerability
https://www.bankinfosecurity.com/microsoft-sounds-second-alarm-over-bluekeep-vulnerability-a-12541

CVE-2019-0703 | Windows SMB Information Disclosure Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0703

Unpatched Bug Let Attackers Bypass Windows Lock Screen On RDP Sessions
http://bit.ly/2QUDetH

Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708)
https://www.zdnet.com/article/even-the-nsa-is-urging-windows-users-to-patch-bluekeep-cve-2019-0708/#ftag=RSSbaffb68

Critical Vulnerability Found In Convert Plus WordPress Plugin
http://bit.ly/318PgUY

網站安全狗(IIS版)存在Webshel​​l繞過漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2018-02515

結構全版本漏洞利用總結
http://www.heibai.org/post/1352.html

Cyrus IMAP 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11356

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
純網銀LINE Bank將推出?「資安」是關鍵核心
http://www.limedia.tw/tech/4076/

LINE信用評等機制將來台 憑分數可享金融服務
https://www.cna.com.tw/news/afe/201905300255.aspx

LINE Bank網銀有三大優勢 強化反洗錢、金融犯罪防制
https://www.wantgoo.com/news/content/index?ID=981419

Hit FinTech高峰會 6/12台北登場
https://money.udn.com/money/story/11799/3841802

Fin Tech 資安機制要跟上腳步
https://money.udn.com/money/story/12952/3857897

行政院發函!籲請金管會督導南山 6月底前改好資訊系統
https://ec.ltn.com.tw/article/breakingnews/2808601

金融創新 57%高階保守看
https://www.chinatimes.com/newspapers/20190604000240-260202?chdtv

另類外交!偵破一銀盜領案全球首例 英公司來台拍紀錄片
https://m.ltn.com.tw/news/society/breakingnews/2812372

用LINE群組炒股要通報 金管會增訂南山條款
https://money.udn.com/money/story/5613/3853879

效益不如預期 八大行庫指定分行延長營業時間7月起將陸續取消
https://fnc.ebc.net.tw/FncNews/stock/82467

只有FinTech還不夠,王道銀行贏在金融科技背後的強大「支援」
https://www.thenewslens.com/article/120129

銀行防制洗錢及打擊資恐注意事項範本更新
https://www.aml-ba.org.tw/news-view.php?ID=11

金融科技夯 景氣循環防禦首選
http://bit.ly/2WQbJqe

金融新兵拚規模vs.大型銀行秀創新 兩大勢力誰先達陣
https://money.udn.com/money/story/5613/3855250

經理人LINE談論股票 保險業須通報金管會
https://money.udn.com/money/story/5613/3855631

比爾蓋茲也這樣做 監理科技助升金融業
http://bit.ly/2K08t5I

南山人壽「2019精算大數據研討會」發表三大研究成果
http://bit.ly/2K08Ih8

電子載具方便卻難普及 網揭暗黑原因
https://www.chinatimes.com/hottopic/20190605003365-260804?chdtv

Everything you need to know about ATM attacks and fraud: Part 1
https://blog.malwarebytes.com/101/2019/05/everything-you-need-to-know-about-atm-attacks-and-fraud-part-1/

Hollywood lie: Bank hacks take months, not seconds
https://www.zdnet.com/article/hollywood-lie-bank-hacks-take-months-not-seconds/#ftag=RSSbaffb68

PCI Compliance and Network Segmentation
http://bit.ly/2wAD7Kg

3.電子支付/電子票證/行動支付/ pay/新聞及資安
App綁支付…手機變百貨
https://money.udn.com/money/story/10868/3846112

Fitbit用戶現可於全球七大交通運輸系統使用Fitbit Pay
https://news.sina.com.tw/article/20190602/31498824.html

電子支付補貼燒太兇 上半年已3家申請增資
http://n.yam.com/Article/20190530887599

智冠加碼威肯持股 強攻第三方支付
https://ec.ltn.com.tw/article/paper/1292630

歐盟新資安規定9月上路 將衝擊線上支付業者
https://money.udn.com/money/story/5602/3853464

電子支付用戶破500萬 收付轉帳街口都奪冠
http://bit.ly/2ET9ybo

【洗黑錢】浙支付平台幫賭網結算:300部手機同時收款 涉案額7億
http://bit.ly/2WuMR8s

網購最多人愛上PChome LINE Pay卡使用率最高
http://bit.ly/2ZaM3Ca

LINE Pay電子錢包功能+1 攜手Visa整合數位支付卡
https://www.ettoday.net/news/20190606/1461430.htm

所有Visa卡都可綁進LINE Pay 強強聯手攻四大金融科技商機
https://news.cnyes.com/news/id/4332353

台灣Pay信用卡繳稅 近22萬筆
http://bit.ly/2Io53GH

4.虛擬貨幣/區塊鍊   新聞及資安
臉書與CFTC討論數位幣計畫
https://www.chinatimes.com/realtimenews/20190603001086-260410?chdtv

全台15所大學起義 共創區塊鏈大學聯盟
http://bit.ly/2wwM0ED

ETH合約溢出漏洞逆向技巧
https://www.heibai.org/post/1330.html

Cosmos安全漏洞解析:21天鎖倉資金可提前贖回
https://xcong.com/articles/3538414

Hashgard:Cosmos SDK 漏洞的觸發條件為驗證人節點宕機
https://www.chainnews.com/articles/215765303543.htm

你該知道區塊鏈改變世界的五大方式
http://news.knowing.asia/news/3f4039b0-fdb9-40f7-b0ec-36af6b7a03ac

北韓駭客攻擊南韓主要交易所 UpBit,利用「釣魚郵件」竊取用戶帳戶密碼和私鑰
https://www.blocktempo.com/north-hacker-attacked-south-koreas-upbit-crypto-exchange/

善用區塊鏈 跨境支付更方便
http://bit.ly/2Kmghhu

數寶分析 穩定幣再加密貨幣市場中的價值
https://money.udn.com/money/story/5636/3847102

區塊鏈基本知識
http://bit.ly/2QBom2Q

促進區塊鏈採用 安永公開其以太坊隱私交易解決方案開源碼
https://news.cnyes.com/news/id/4330228

Coinbase公佈BCH硬分叉漏洞引起雙花攻擊的13個地址
http://www.btc126.com/view/22068.html

稱要教育巴菲特,中國加密貨幣先驅天價與巴菲特吃午餐
https://technews.tw/2019/06/04/cyber-currency-supporter-lunch-with-warren-buffett/

G20針對虛擬貨幣要求制定新措施防止洗錢
https://tchina.kyodonews.net/news/2019/06/53814b978890-g20.html

導入區塊鏈的數位市民卡特別在哪?台北資訊局長點出3個「有感」應用
http://bit.ly/2MsSQ95

銀行攻數位幣 加速跨境結算
https://udn.com/news/story/6811/3851222

取得MSB執照!Dinngo致力成為世界頂級交易所
http://bit.ly/2XmCPm1

欲跨足支付市場 臉書與美主管機關洽談數位貨幣
https://udn.com/news/story/6811/3850024

Facebook加密貨幣據稱下個月問世 或許還有實體ATM機
https://news.sina.com.tw/article/20190606/31539066.html

90%做區塊鏈專案不佳,但台灣未來機會在區塊鏈
http://bit.ly/2wFAfvI

閃電網絡(中)|從貨幣支付發展歷史看閃電網絡核心思想
https://xcong.com/articles/3539681

陳美伶赴歐 展開台歐盟AI區塊鏈資安交流
http://bit.ly/2WpJDmp

宣布成立區塊鏈公司!Mark Karpeles:比特幣的安全需要重建
http://news.knowing.asia/news/05817694-585e-4b4a-bdf5-218df343187f

加密貨幣交易平台Cryptohopper有山寨版,可竊取受害者資料
https://www.ithome.com.tw/news/131147

GateHub的潛在安全漏洞可能導致用戶損失2300萬XRP
http://www.coinvoice.cn/39803.html

KMD:Agama錢包漏洞造成的損失不小但尚且可控,將盡可能補償用戶
https://www.tuoluocaijing.com.tw/kuaixun/detail-68109.html

Software developers are keeping an open mind about blockchain
https://www.zdnet.com/article/software-developers-see-potential-in-blockchain/#ftag=RSSbaffb68

Breaking down the Forbes Blockchain 50
https://medium.com/blockdata/breaking-down-the-forbes-blockchain-50-2f44e9902537

Cryptocurrency Firm Itself Hacked Its Customers to Protect Their Funds From Hackers
http://bit.ly/2wF68Ev

Hackers steal $9.5 million from GateHub cryptocurrency wallets
https://zd.net/2XufjmZ

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / APT
警惕Bizarro Sundown(GreenFlash)漏洞利用工具包傳播Seon勒索病毒
http://bit.ly/2HRiY9l

瞄準Linux平臺的惡意軟體HiddenWasp現身,讓駭客得以遠端控制受感染的系統,惡意軟體由中國駭客創造
https://www.insoler.com/forum/topic/15592895876534.htm

GandCrab勒索軟體賺了20億美元後宣佈收山
https://www.ithome.com.tw/news/131042

網路勒索集團清除了 12,000 多個 MongoDB 資料庫
https://blog.trendmicro.com.tw/?p=60811

變種 Mirai 又再現身 升級攻擊方法專烚懶人
http://bit.ly/2wzJa1J

感染勒索軟體的巴爾的摩市,雖然沒付10萬美元贖金,但後續重建成本將近2千萬美元
https://www.ithome.com.tw/news/131140

新型「挖礦」惡意軟件 BlackSquid 肆虐美國與泰國
https://unwire.pro/2019/06/05/crypto-jacking-mining-malware/security/

GandCrab 勒索病毒鎖定攻擊 MySQL 資料庫
https://blog.trendmicro.com.tw/?p=60802

惡作劇?駭客?議員收可疑USB 藏木馬病毒
https://news.tvbs.com.tw/politics/1144094

Trickbot 攻擊迫使俄亥俄州學校停課
https://blog.trendmicro.com.tw/?p=60809

勒索電郵攻撃新趨勢
https://www.hkcert.org/my_url/zh/blog/19060601

垃圾郵件使用 HawkEye Reborn 鍵盤側錄惡意程式攻擊企業
https://blog.trendmicro.com.tw/?p=60830

惡意虛擬貨幣挖礦容器,針對暴露API 的 Docker主機,並用 Shodan 找出其他受害目標
https://blog.trendmicro.com.tw/?p=60752

美國得來速連鎖餐廳POS系統中毒導致消費者的金融卡資訊遭駭
https://ithome.com.tw/news/131021

美國知名得來速連鎖餐廳POS系統中毒 傳駭客入侵盜走消費者個資
http://bit.ly/2Wer282

Hackers Stole Customers' Credit Cards from 103 Checkers and Rally's Restaurants
http://bit.ly/2JRF11A

MacOS Zero-Day Allows Trusted Apps to Run Malicious Code
http://bit.ly/311RNQA

Three’s a crowd: New Trickbot, Emotet & Ryuk Ransomware
https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4

Checkers, Rally's Burger Joints Hit By POS Malware
https://www.bankinfosecurity.com/checkers-rallys-burger-joints-hit-by-pos-malware-a-12540

Fingerpointing Over Baltimore's Ransomware Attack
https://www.bankinfosecurity.asia/interviews/fingerpointing-over-baltimores-ransomware-attack-i-4344

GandCrab ransomware operation says it's shutting down
https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/#ftag=RSSbaffb68

E-BUSINESSKaspersky Lab Reports 61% Increase in Mobile Banking Malware
https://nigeriacommunicationsweek.com.ng/kaspersky-lab-reports-61-increase-in-mobile-banking-malware/

Advanced Linux backdoor found in the wild escaped AV detection
https://arstechnica.com/information-technology/2019/05/advanced-linux-backdoor-found-in-the-wild-escaped-av-detection/

Dota Campaign: Analyzing a Coin Mining and Remote Access Hybrid Campaign
https://kindredsec.com/2019/05/31/dota-campaign-analyzing-a-coin-mining-and-backdoor-malware-hybrid-campaign/

The Emotet-ion Game (Part 3)
https://securityboulevard.com/2019/05/the-emotet-ion-game-part-3/

A dive into Turla PowerShell usage
https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/

HiddenWasp Malware Stings Targeted Linux Systems
https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/

Windows 10 security: Are ads in Microsoft's own apps pushing fake malware alerts
https://zd.net/2Z4Klm4

Pharma-testing biz Eurofins Scientific says it fell victim to 'new version' of malware
http://bit.ly/2WyzKlR

BlackSquid Slithers Into Servers and Drives With 8 Notorious Exploits to Drop XMRig Miner
http://bit.ly/319OTcz

Windows 10 Apps Hit by Malicious Ads that Blockers Won't Stop
http://bit.ly/2EUqGgT

Code Analysis of Basic Cryptomining Malware
https://kindredsec.com/2019/06/03/code-analysis-of-basic-cryptomining-malware/

GandCrab Ransomware Shutting Down After Claiming to Earn $2.5 Billion
https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-shutting-down-after-claiming-to-earn-25-billion/

BlackSquid malware uses bag of exploits to drop cryptocurrency miners
https://www.zdnet.com/article/blacksquid-malware-has-bag-of-exploits-to-drop-cryptocurrency-miners/#ftag=RSSbaffb68

The number of installed packages of malicious mobile banking Trojans increased by 58%
http://bit.ly/2XtaSc9

Malicious Mobile App Stealing Users’ Money
https://www.izoologic.com/2019/06/04/malicious-mobile-app-stealing-users-money/

Kaspersky TDSSKiller Portable
http://bit.ly/2EP6OMf

VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles
https://www.virusbulletin.com/uploads/pdf/magazine/2018/VB2018-Kalnai-Poslusny.pdf

B.行動安全 / iPhone / Android /穿戴裝置 /App
Apple ID被中國駭客成功破解
https://www.ptt.cc/bbs/MobileComm/M.1495603560.A.2CD.html

華盛頓郵報:大量 iPhone Apps 透過背景更新發送用戶數據
https://unwire.hk/2019/06/01/back-ground-app-refresh-apple/mobile-phone/

iOS軟件暗藏追蹤器 泄用戶私隱 背景App定期傳送 1個月傳1.5GB數據
http://bit.ly/315xKR8

去廁所前要向主管 WhatsApp「登記」?網民慨嘆:慘過集中營
http://bit.ly/2W4oYiQ

Line怎麼做資安?資安團隊首度對外揭露
https://www.ithome.com.tw/news/131029

跨國駭客威脅防不勝防,LINE如何把資安DNA注入員工身上
https://www.bnext.com.tw/article/53497/line-cyber-security-culture

新思斷軟體更新 華為再重創
https://ec.ltn.com.tw/article/paper/1292863

華為5G遭獵殺!爽了這家通訊大廠
https://www.chinatimes.com/realtimenews/20190605000032-260410?chdtv

華為與俄電信商MTS簽約 開發5G網絡
http://bit.ly/31eNrFN

印度是否允許華為參與其5G網絡是個未知數
https://www.voacantonese.com/a/Huawei-Role-In-5G-Network-Under-A-Cloud-20190604/4945134.html

FCC成員:華為的威脅已經存在
https://www.voacantonese.com/a/fcc-member-huawei-rural-area-20190531/4941499.html

Android 瀏覽器漏洞 助黑客發動網址列詐騙攻擊
http://bit.ly/2Wm1HxV

中搶5G商機 駭對手曝光安全漏洞
https://m.ltn.com.tw/news/focus/paper/1293241

WWDC 2019:MacOS Catalina 將 iTunes 拆成三個獨立App、使iPad成為第二顆螢幕以及所有動作都能透過語音控制
https://www.cool3c.com/article/144512

西班牙國家情報中心(CNI)警告5G恐對網路資安造成更大挑戰
http://bit.ly/2MpVigx

傳暫停華為手機生產線 富士康未回應
http://bit.ly/2ERTIh5

前五大類行動裝置漏洞
https://blog.ipswitch.com/tw/top-5-types-of-mobile-device-breaches

當心個資外洩!專家:這3種資料別存在手機裡
https://fnc.ebc.net.tw/FncNews/tech/82264

讓用戶掌握更多的數據控制權 Apple顧隱私「每週拒4萬個APP上架」
http://bit.ly/2HTZbWC

被嵌入BeiTaAd廣告外掛的Android程式恐讓手機難以使用
https://www.ithome.com.tw/news/131110

貼文、留言都由他們檢查!臉書神秘的「內容審查員」做了這些事
https://3c.ltn.com.tw/news/37005

防盜帳號不簡單!直擊 LINE X Intertrust 資安大會,捍衛數位世界身份與信用
https://assets.inside.com.tw/article/16573-LINE-X-Intsertrust-2019

蘋果公司新登錄選項或對Facebook和google過濾更多個人資訊
https://on.wsj.com/31fsn1U

iOS 13、MacOS Catalina終止支援SHA-1雜湊演算法
https://www.ithome.com.tw/news/131136?fbclid=IwAR0sb8CnzU9TZJAgY9sKFoffSJqo8zFiWTVqCFRHQEuP7j2X8lWSfSAmdI8

iOS 13 on the iPhone: Here's what Apple needs to fix urgently
https://www.zdnet.com/article/ios-13-on-the-iphone-heres-what-apple-needs-to-fix-urgently/#ftag=RSSbaffb68

New attack creates ghost taps on modern Android smartphones
https://www.zdnet.com/article/new-attack-creates-ghost-taps-on-modern-android-smartphones/#ftag=RSSbaffb68

Wave of SIM swapping attacks hit US cryptocurrency users
https://www.zdnet.com/article/wave-of-sim-swapping-attacks-hit-us-cryptocurrency-users/#ftag=RSSbaffb68

Symantec Mobile Threat Defense: Reducing Risky App Threats with Robust App Vetting
https://www.symantec.com/blogs/product-insights/symantec-mobile-threat-defense-reducing-risky-app-threats-robust-app-vetting

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
下一次的資安大威脅—量子時代的來臨
https://blog.twnic.net.tw/2019/05/31/3818/

近一半的組織網路安全技術人才短缺,該怎麼辦
https://blog.trendmicro.com.tw/?p=60080

資安最大的風險是人
https://view.ctee.com.tw/technology/10222.html

從0開始成為一名黑客,必須學習C語言
https://read01.com/ezn6jRm.html#.XPh3e1wzbIU

14歲自學當駭客 薛澄溱18歲當上產品經理
https://www.gvm.com.tw/article.html?id=66511

新的研究顯示網路犯罪可能被廣泛漏報——即使法律要求揭露
http://www.businesswirechina.com/hk/news/40776.html

【網站遭駭情勢日益惡化,助長利用外洩帳號密碼而成的自動化攻擊】帳號填充攻擊乘勢而起
https://www.ithome.com.tw/news/131019

【網站應用程式要防堵帳號填充攻擊,市面上已有解決方案可選】剖析因應帳號填充攻擊的3種可行做法
https://www.ithome.com.tw/news/131020

在演算法殺人之前,或許我們該先殺死它們
https://www.techbang.com/posts/70400-before-the-algorithm-kills-maybe-we-should-kill-them-first

ENIAC 背後的女性程式設計師
https://talk.womany.net/t/topic/12067

替人類減少網路中毒的痛苦!非營利組織Quad9要成為全球的資安防護罩
http://bit.ly/2ERpomU

維安進化...防諜變防駭
http://udndata.com/ndapp/udntag/finance/Article?origid=9332667

Google與美2所大學研究資安防護措施,舉手之勞就能保護帳號安全
http://bit.ly/2wAxpYR

關貿 5月攔截13萬次網攻
http://bit.ly/2EPgLZY

維州審計長扮駭客 侵入醫院IT系統
http://www.epochtimes.com/b5/19/6/3/n11296725.htm

這位媽媽打開嬰兒監視器,看到的卻是別人的小孩
https://blog.trendmicro.com.tw/?p=60627

在暗網世界裡,駭客可能用AI再重新創造了一個「你」
https://www.techbang.com/posts/70407-in-the-dark-web-world-hackers-may-have-re-created-a-you-with-ai

黑客鑽漏洞 牟利880萬
https://news.sina.com.tw/article/20190601/31488194.html

盜幣880萬元,廣東警方打掉一盜取遊戲幣的黑客團伙
https://news.sina.com.tw/article/20190602/31496554.html

澳洲國家大學遭黑客入侵 多達19年敏感資料被盜
https://hk.on.cc/hk/bkn/cnt/aeanews/20190604/bkn-20190604113454077-0604_00912_001.html

英超李斯特城官方網店遭入侵 顧客信用卡重要資料被盜
https://unwire.hk/2019/06/01/leicester-city-fc-hacked-credit-card-data/tech-secure/

網路設備異常 桃機國境大隊啟動備援
http://bit.ly/2HRMyLM

Google、微軟、蘋果、WhatsApp等組織,公開反對英國情報機構提出的竊聽加密通訊計畫
https://ithome.com.tw/news/131008

美駐荷大使:荷蘭應全面禁用華為5G設備
https://ec.ltn.com.tw/article/breakingnews/2813809

中共疑為侵入澳洲國立大學電腦網絡黑手
http://www.epochtimes.com/b5/19/6/6/n11304148.htm

美國國土安全部跟國務院官員參加資安對話
https://www.ptt.cc/bbs/HatePolitics/M.1559210037.A.D5B.html

美國務卿訪歐放話:美國不與使用華為的國家共享情報
https://news.ltn.com.tw/news/world/breakingnews/2808679

若歐洲封殺中電信設備 5G建置額外成本恐破兆
https://ec.ltn.com.tw/article/breakingnews/2815494

香格里拉安全對話 美再批華為與中共掛勾
https://www.taiwannews.com.tw/ch/news/3715828

中國操縱歐洲5G設備測試 以掩護華為打擊對手
https://ec.ltn.com.tw/article/breakingnews/2809859

尷尬!BBC英國首次5G直播使用華為設備
http://bit.ly/2ZcTUPW

英情報機構:華為劣質 安全性令人不放心
http://www.epochtimes.com/b5/19/6/3/n11296465.htm

日全面禁華為5G! 樂天移動與NEC打造5G網路
http://bit.ly/2JZKtj9

華為和中共政權的真實關係
https://www.ntdtv.com/b5/2019/06/01/a102591392.html

淨灘撿瓶中信寫「國家機密 」 疑中國海漂到台灣
http://bit.ly/2QHEO1F

紐約科技研討會 嘉賓談及中共網絡封鎖
http://www.epochtimes.com/b5/19/6/4/n11298976.htm

Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services
http://bit.ly/2MBz5My

Despite disclosure laws, cybercrime may be widely underreported
http://bit.ly/2K0ja8m

Cybercrime in a post-Brexit era: Will hackers exploit our political turmoil
http://bit.ly/2ETr4fy

Big tech surveillance could damage democracy
http://bit.ly/2Wbwhp3

BoxHosting Online Hosting: Lifetime Subscription
http://bit.ly/2MyHFLV

Huawei: China's State Hackers 'Rigging 5G Tests' Against Nokia And Ericsson
http://bit.ly/312maGz

Trends in Cybersecurity to Watch
https://medium.com/rohits-perspectives/trends-in-cybersecurity-to-watch-64637ed08bdd

NATO promises to be ready for cyber attacks
https://www.cybersecurityjobsite.com/article/nato-promises-to-be-ready-for-cyber-attacks/

5 reasons your organization needs to adopt a zero trust security architecture
http://bit.ly/2EPtv2F

SUPRA Smart TV Flaw Lets Attackers Hijack Screens With Any Video
http://bit.ly/2W8Z7q1

A Manifesto for Great Security
https://www.symantec.com/blogs/expert-perspectives/manifesto-great-security

Why You Should Wait to Download Your NLE’s Beta Release
http://bit.ly/2HTZCAo

‘All we know is MONEY!’: US cities struggle to fight hackers
http://bit.ly/2ZaxZJd

UK’s Sophos Buys US’s Rook Security, a Managed Services and SIEM Provider
http://bit.ly/2KzU6oe

A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals
https://gbhackers.com/hacking-tools-list/?fbclid=IwAR2pvF-25IfGdsEbI4wAwb0FQD0u7BeSB4hE_du_QrGSCgszySBcCJNRIOg

Failure to patch is leaving business open to attack
http://bit.ly/2XvoKCM

US to demand five years of your social media, email account info in visa application
https://zd.net/2K3kuYk

Hong Kong, Singapore to Cooperate on Cybersecurity
https://www.bankinfosecurity.asia/hong-kong-singapore-to-cooperate-on-cybersecurity-a-12549

New Iranian hacking tool leaked on Telegram
https://www.zdnet.com/article/new-iranian-hacking-tool-leaked-on-telegram/#ftag=RSSbaffb68

China’s War on Dissidents Spreads Online
https://onezero.medium.com/chinas-war-on-dissidents-spreads-online-9bb3f2d4ff7a

Does China's route to infrastructure control run through Iceland's data centers
https://www.zdnet.com/article/does-chinas-route-to-infrastructure-control-run-through-icelands-data-centers/#ftag=RSSbaffb68

The best beach reads for hackers in 2019
https://www.zdnet.com/pictures/the-best-2019-beach-reads-for-hackers-in-pictures/#ftag=RSSbaffb68

Firefox Web Browser Now Blocks Third-Party Tracking Cookies By Default
http://bit.ly/2Xx01y0

National Cyber Security Strategy To Hit Just 1 of 12 Outcomes by 2021
http://bit.ly/2WjWtxM

Malboard: Hackers can now pose as victims through their keyboards
https://zd.net/2Mw1lQQ

Enterprise under attack: Dark web cyber criminals sell hacking tools aimed at business
https://zd.net/2KxgM8E

Large European Routing Leak Sends Traffic Through China Telecom
http://bit.ly/2Ikj73S

資通所108年第一次聯合專案人力進用-20.技術類-資安
https://www.104.com.tw/job/6mpx9

網路資安工程師-新竹
https://www.104.com.tw/job/5ylir

資訊安全高級工程師/工程師
https://www.104.com.tw/job/5rsb0

Python Web Engineer(研發替代役可)
https://www.104.com.tw/job/5wif9

法遵/ 法務人員
https://www.104.com.tw/job/6ezpe

資安維運工程師
https://www.104.com.tw/job/6mrm3

工研院資訊處_資訊工程師G4
https://www.104.com.tw/job/6ms39

【資安】資深資安管理專業人員
https://www.104.com.tw/job/67b9e

I3601 資訊安全資深工程師(板橋)
https://www.104.com.tw/job/6dd4o

電子支付 Linux/Android APP 軟體工程師_研發中心(高雄)
https://www.104.com.tw/job/6mwhw

電子支付 Android BSP / Linux Embedded OS 軟體工程師_研發中心(台中)
https://www.104.com.tw/job/6mwht

資訊安全主管/Leader
https://www.104.com.tw/job/6mvtu

資安顧問/專案經理 (華亞科技園區)
https://www.104.com.tw/job/6my44

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
蘋果保護隱私出大招:虛擬信箱幫使用者登錄第三方應用服務
http://bit.ly/2MqUlEL

東京奧運假冒網站多買飛要小心!中旅社下周四前公布香港購票詳情
http://bit.ly/2wzGL7k

駭客入侵?櫃姐買千元保養品慘被騙24萬元
https://news.ltn.com.tw/news/society/breakingnews/2809832

做貼圖綁跨國支付平台! 女控遭盜刷「52萬」
https://news.tvbs.com.tw/life/1141607

維擇科技CEO:欺詐攻擊正從互聯網行業向傳統行業延伸
https://news.sina.com.tw/article/20190602/31494884.html

失婚婦網交「大陸工程師」17萬差點送人
https://www.chinatimes.com/realtimenews/20190530003318-260402?chdtv

要救美國上校!50歲單身婦談網戀昏頭 百萬積蓄差點飛了
https://news.ltn.com.tw/news/society/breakingnews/2807134

先殺價!逢甲商圈詐騙檔 付千鈔偷收回誆騙找錢
https://news.ebc.net.tw/News/society/165957

防點數詐騙 「不多管閒事」成通報漏洞
https://news.tvbs.com.tw/life/1143524

「分心術」盜銀行卡 取走錢財 男女嫌犯被追緝
http://www.epochtimes.com/b5/19/6/4/n11300664.htm

網徵打字員「轉財務」 學生誤信幫匯款觸法
https://news.tvbs.com.tw/local/1143089?fbclid=IwAR226kAf-i5H0cgwiYffAdcSTYqtcojphMTt4gYyK5BK43FcUUdYW28FR6Y

假簡訊「亂槍打鳥、願者上鉤」桃警偵破詐騙集團
https://news.ltn.com.tw/news/society/breakingnews/2811504

研究人員再發現未保護的資料庫叢集,中國獵人頭公司資料全都露
https://www.ithome.com.tw/news/131081?fbclid=IwAR3pW2crIzB9M-RSiy58otmiQ6Da4jGtZtC-OJJj-tYPjFj4D2XcKfZ4ITc

「別打了」臉書詐騙盜電話 狂接客訴抓嘸人
http://bit.ly/2Wr0lSC

美國討債公司AMCA資料外洩,危及眾多醫療院所病患個資
https://www.ithome.com.tw/news/131139

國泰外洩940萬乘客個人資料 私隱專員批違規及管理掉以輕心
http://www.passiontimes.hk/article/06-06-2019/53461

釣魚電郵專攻焦慮心理 Google 是非題教你分詐騙破綻
http://bit.ly/2Zcdqfe

澳洲國立大學20萬筆個資遭竊 爆中國吸收間諜隱憂
https://news.ltn.com.tw/news/world/breakingnews/2814875

Detecting Breaches in Real Time
https://www.bankinfosecurity.asia/detecting-breaches-in-real-time-a-12571

This is how hackers make money from your stolen medical data
https://www.zdnet.com/article/this-is-how-hackers-make-money-from-your-stolen-medical-data/#ftag=RSSbaffb68

Credder: Fighting the scourge of online fake news
https://www.zdnet.com/article/credder-fighting-the-scourge-of-online-fake-news/#ftag=RSSbaffb68

ISPs must now ask for permission before selling your data, Maine rules
https://www.zdnet.com/article/isps-must-now-ask-for-permission-before-selling-your-data-maine-rules/#ftag=RSSbaffb68

One of New York’s largest nonprofits suffers data breach
https://www.zdnet.com/article/one-of-new-yorks-largest-nonprofits-suffers-data-breach/#ftag=RSSbaffb68

Fake news writer: If people are stupid enough to believe this stuff
https://nakedsecurity.sophos.com/2019/06/03/fake-news-writer-if-people-are-stupid-enough-to-believe-this-stuff/

Citrix Sued For Not Securing Employee Info Before Data Breach
http://bit.ly/2WHSI9n

Phishing attacks that bypass 2-factor authentication are now easier to execute
http://bit.ly/2HW1cBO

Billing Details for 11.9M Quest Diagnostics Clients Exposed
http://bit.ly/2wMlqaV

Podcast: Behind-the-Scenes Look at Scattered Canary BEC Cybergang
http://bit.ly/2WLtKWJ

Phishing Kits Add More Vulnerabilities to Hacked Servers
http://bit.ly/2Il0RHF

E.研究報告
Windows RDP 服務高危漏洞分析(CVE-2019-0708)
https://paper.seebug.org/937/

Linux 內核SCTP 協議漏洞分析與復現(CVE-2019-8956)
https://paper.seebug.org/938/

Windows 10 Task Scheduler服務DLL注入漏洞分析
https://xz.aliyun.com/t/5286

MS08-067漏洞原理及詳盡分析過程
https://www.freebuf.com/vuls/203881.html

POC已公開!RDP遠程代碼執行漏洞被利用引發藍屏
https://www.weibo.com/ttarticle/p/show?id=2309404378115299216997

CVE-2019-9510:攻擊者利用RDP 0 day漏洞可繞過鎖屏
https://www.4hou.com/vulnerable/18422.html

CVE-2017-11176 一步一步linux内核漏洞利用 (二)(阻塞)
https://xz.aliyun.com/t/5319

詳細分析Pwn2Own 2019上曝出的Edge的Canvas 2D API漏洞(CVE-2019-0940)利用
https://www.4hou.com/vulnerable/18321.html

CVE-2019-0697:通過DHCP漏洞發現其餘兩個關鍵漏洞
https://xz.aliyun.com/t/5308

一次攻防實戰演習复盤總結
https://bithack.io/forum/265?fbclid=IwAR132FXzqAZaBsQzb0p6uEeo6HXdCtt456goRzNzrfdEbuvzOz57qVV-q9M

「白帽挖洞技能提升」ThinkPHP5 遠程代碼執行漏洞-動態分析
https://read01.com/KDE0eE4.html

2019年上半年數據庫漏洞安全威脅報告
https://www.anquanke.com/post/id/179853

BlackSquid惡意軟件分析:利用8個臭名昭著的漏洞攻擊服務器,並投放挖礦惡意軟件
https://www.4hou.com/malware/18408.html

Apache struts2漏洞又來了這一次如何機智地與中國黑客界的半壁江山賽跑
https://www.aspxmuma.com/aspmumahoumen/5207.html

Bitdefender An APT Blueprint:Gaining New Visibility into Financial Threat
http://bit.ly/2WDmX1x

Improper App Check Revives the Synthetic Clicks Issue in macOS Mojave
http://bit.ly/2IfIkN2

Kubolt : Utility For Scanning Public Kubernetes Clusters
https://kalilinuxtutorials.com/kubolt/?fbclid=IwAR1xR9i72r-4V6VIORTKAwigeVpIRz5L8dTdNCqqKDqA7WlkftJcgJYHoyI

Analysis of CVE-2019-0708 (BlueKeep)
https://www.malwaretech.com/2019/05/analysis-of-cve-2019-0708-bluekeep.html

HOW TO Tactical Nmap for Beginner Network Reconnaissance
https://null-byte.wonderhowto.com/how-to/tactical-nmap-for-beginner-network-reconnaissance-0189856/

Seccubus v2.51.1 releases: automated vulnerability scanning, reporting and analysis
https://securityonline.info/seccubus-vulnerability-scanning-reporting-analysis/

Shellcode: Loading .NET Assemblies From Memory
http://bit.ly/2XFMOCU

flare-vm v2.2.20 releases: Windows-based security distribution for malware analysis, incident response, penetration testing
http://bit.ly/2Mn6pH5

Windows-Based Exploitation —VulnServer TRUN Command Buffer Overflow
http://bit.ly/2JRXz1N

Percona herds the open source cats
https://www.zdnet.com/article/percona-herds-the-open-source-cats/#ftag=RSSbaffb68

Windows 10 - Task Scheduler service - Privilege Escalation/Persistence through DLL planting
http://bit.ly/2YXJvHA

Using Firepower to defend against encrypted RDP attacks like BlueKeep
https://blog.talosintelligence.com/2019/05/firepower-encrypted-rdp-detection.html

Someone slipped a vuln into crypto-wallets via an NPM package
http://bit.ly/2Z7lzl2

Realtek SDK Exploits on the Rise from Egypt
https://www.netscout.com/blog/asert/realtek-sdk-exploits-rise-egypt

Mr. Coffee with WeMo: Double Roast
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mr-coffee-with-wemo-double-roast/

The time I was hacked by Mr. Sh
https://medium.com/@collinalexbell/the-time-i-has-hacked-by-mr-sh-583db12b7d8f

Detecting and Analyzing Microsoft Office Online Video
https://blog.nviso.be/2019/05/29/detecting-and-analyzing-microsoft-office-online-video/

googleprojectzero/halfempty
http://bit.ly/2XifRfP

PcapXray v2.5 - A Network Forensics Tool To Visualize A Packet Capture Offline As A Network Diagram
http://bit.ly/2KrOQmt

Summary of Iranian Advanced Persistent Threat (APT) 34
https://medium.com/@JordiScrubbings/summary-of-iranian-advanced-persistent-team-apt-34-7624d213d20e

MetaSploit Module Created for BlueKeep Flaw, Private for Now
http://bit.ly/2EUkc1x

Threat Intelligence Hunter - An Open source project for threat hunting and Information gathering
http://bit.ly/2WMAXWK

Website Penetration testing: Information gathering
http://bit.ly/2IjUmFf

Windows 10 - Task Scheduler service - Privilege Escalation/Persistence through DLL planting
http://bit.ly/2Iik6lp

Planning a Red Team exercise
http://bit.ly/2JXlQDI

Modern Internet Standards provide for more reliability and further growth of the Internet.
https://www.internet.nl/?fbclid=IwAR1wJwSChJbDCSE6hzDwZsBelXx2c5hWFsIcCRXWFNno66I06u9FxfsD1rw

Vim/Neovim Arbitrary Code Execution via Modelines
http://bit.ly/2wCSIcb

Why does macOS Catalina use Zsh instead of Bash? Licensing
http://bit.ly/2QSvhF9

BlueKeep ‘Mega-Worm’ Looms as Fresh PoC Shows Full System Takeover
http://bit.ly/2HXGgdq

owasp-masvs
http://bit.ly/2WLJ5qh

gyoisamurai/GyoiThon GyoiThon: Next generation penetration test tool
https://github.com/gyoisamurai/GyoiThon?fbclid=IwAR27UNsubLroS-hRj14QpWB-wFkmXVgUVkMjX5JWDis3Ee3JeC6-5-XYyLs

Finshir : A Coroutines-Driven Low & Slow Traffic Sender
https://kalilinuxtutorials.com/finshir/?fbclid=IwAR1iZ9pS8RBWyiRVm9Bvd94esnXh_K3N-uQcTEVAVZL2Cfh38YptYeYGzE8

Facebash : Facebook Brute Forcer In Shellscript Using TOR
http://bit.ly/2KAFsgj

Metabigor : Command Line Search Engines Without Any API Key
http://bit.ly/2K1Jpvd

How To Recover/Reset Forgotten MySQL/MariaDB root User Password On Linux
http://bit.ly/2HZN9ep

Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities
http://bit.ly/2Wr7T2U

New GoldBrute Botnet is Trying to Hack 1.5 Million RDP Servers
http://bit.ly/2wGlVDd

How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code
http://bit.ly/2Intx2S

VTHunting : A Tiny Script Used to Generate Report About Virus Total Hunting
http://bit.ly/31hWNRp

A botnet is brute-forcing over 1.5 million RDP servers all over the world
https://zd.net/2K1Fr5N

Hackers Can Now Bypass Two-Factor Authentication With a New Kind of Phishing Scam
http://bit.ly/2IqrgEd

PcapXray : Tool To Visualize A Packet Capture Offline
https://kalilinuxtutorials.com/pcapxray/?fbclid=IwAR3cu2HCB7BnO-qXrzE11K15NyFlWYasDDMqRvuUJcVdXLKC-_FJu96kye4

Microsoft Warns Against Bypassing Office 365 Spam Filters
http://bit.ly/2wR1cNf

There's a reason why my cat doesn't need two-factor authentication
http://bit.ly/31k4wOX

F.商業
Palo Alto買下二家專攻新興技術的資安公司
https://ithome.com.tw/news/130997

新方法帶來機會與挑戰 分散式運算管理有路可循 嫻熟微服務架構運作 方能建構可靠安全系統
https://www.netadmin.com.tw/article_content.aspx?sn=1905290002

趨勢攜四家資安教育機構 強化企業資安
https://udn.com/news/story/7253/3849756

瞄準企業數位轉型商機 精誠花0.9億取得藍新資訊3成股權
https://ec.ltn.com.tw/article/breakingnews/2810941

Google、FB當心了!Apple推出「快速登入」服務 不但方便還很安全
http://bit.ly/2ESvy6q

隱私安全!火狐預設強化追蹤保護功能
http://bit.ly/31cz7Om

ESET多層防禦技術 有效阻擋駭客攻擊與威脅
https://www.eset.hk/html/86/eset-multi-layer-defense-technology/

IBM雲端平臺不惜砍掉重練,改用K8s打造現代化新架構
https://www.ithome.com.tw/people/131015

Imperva to acquire bot management provider Distil Networks
https://www.zdnet.com/article/imperva-to-acquire-bot-management-provider-distil-networks/#ftag=RSSbaffb68

Equinix adds network functions virtualization to its platform, launches Network Edge
https://www.zdnet.com/article/equinix-adds-network-functions-virtualization-to-its-platform-launches-network-edge/#ftag=RSSbaffb68

Red Hat Enterprise Linux 7.7 beta is now available
https://www.zdnet.com/article/red-hat-enterprise-linux-7-7-beta-is-now-available/#ftag=RSSbaffb68

Firefox Web Browser Now Blocks Third-Party Tracking Cookies By Default
http://bit.ly/2IsyE1A

G.政府
台灣早已禁用華為!唐鳳:當時沒有其他國家這樣做,我們在國際上具有一定資安話語權
https://buzzorange.com/techorange/2019/05/31/huawei-in-tw/

電信管理法完成立法 5G可共網共頻
https://udn.com/news/story/7238/3846040

「電信管理法」三讀通過 電信執照制改為登記制
https://www.chinatimes.com/realtimenews/20190531003831-260410?chdtv

電信管理法過關 NCC:加速5G建設與更新
https://m.ltn.com.tw/news/life/breakingnews/2808670

國防產業發展條例創廠商分類分級 學者憂誰來評鑑
https://udn.com/news/story/10930/3848238

中鋼去華為元素 多管齊下
https://money.udn.com/money/story/5612/3849331

更新之資通安全專業證照清單及資通安全專業證照認可審查作業流程
https://nicst.ey.gov.tw/Page/D94EC6EDE9B10E15/f23692a6-de81-4ca8-a49d-e4cf78aa9bee

端午連假將至 金管會要求各保險公司服務不中斷
https://ec.ltn.com.tw/article/breakingnews/2812884

政府擴大辦理關鍵基礎設施演習 桌上推演本週展開
https://m.ltn.com.tw/news/politics/breakingnews/2814301

H.SCADA/ICS/工控系統
工廠資安事件頻傳 你的工業控制系統夠安全嗎
https://www.ctimes.com.tw/DispArt/tw/19060314000N.shtml

Schneider Electric AVEVA Vijeo Citect和Schneider Electric AVEVA CitectSCADA不安全憑證存儲漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10981

I.教育訓練
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊
http://bit.ly/2HOyLpa

會員系統用Session還是Cookie? 你知道其實他們常常混在一起嗎
https://progressbar.tw/posts/92?fbclid=IwAR1VpPrre8pVRRvHYvs99uDT6icprh7Lo9oIKAEXHBvej-R84jDMtE6qPd0

如何蒐集威脅情資,又該如何分析與運用
https://ithome.com.tw/pr/131006

業務邏輯漏洞安全檢查checklist
http://www.lonelyor.org/lonelyorWiki/15596178265897.html

web安全之文件上傳漏洞
https://blog.csdn.net/xlsj228/article/details/90756195

【 台灣股市資訊網】Post爬蟲大公開-附【 Python程式碼】
http://bit.ly/2Wnr8Pv

讓股票小秘書教您大掃【千】支股票 — 附贈【Python程式碼】範例
http://bit.ly/2QRJq5C

108資安--安裝ubuntu server 18.04
http://itopnet.blogspot.com/2019/06/108-ubuntu-server-1804.html

黑客工具| hydra暴力破解&Violence cracking web site
https://www.cmm.wiki/video/WHtq_5eZ4Ds/zhzy-m.html

How to Find Out Who is Using a File in Linux
http://bit.ly/2wvMA5p

Introduction to HTML -Part 1
http://bit.ly/2JXRWPZ

Process and Communication in Operating Systems
http://bit.ly/2WjwMlN

How a Quantum Computer Could Break 2048-Bit RSA Encryption in 8 Hours
http://bit.ly/2QN3ndG

How In-House Forensic Capabilities Help Detect Vulnerabilities
https://www.bankinfosecurity.asia/how-in-house-forensic-capabilities-help-detect-vulnerabilities-a-12572

CompTIA Certification Training — Get Online Courses @ 95% OFF
http://bit.ly/2KyN3wc

Introduction to Shell Scripting
http://bit.ly/2F8H2CX

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
倫敦直擊:智能家電易遭黑客監控 業界表擔憂
https://hk.on.cc/hk/bkn/cnt/aeanews/20190602/bkn-20190602060344662-0602_00912_001.html

人工智慧落地產業應用 基礎架構攸關專案成敗 截AI優勢補企業競爭力 專用硬體發揮時效價值
https://www.netadmin.com.tw/article_content.aspx?sn=1905290001

製造業資安受關注 軟硬整合提升資安強度
http://www.tca.org.tw/tca_news1.php?n=1400

英國打造5G智慧工廠 第四次工業革命來了
https://udn.com/news/story/6843/3851532

COMPUTEX聚焦智慧製造 共論5大人物時代資安主題
http://www.ctimes.com.tw/DispNews/tw/1905311147VP.shtml

三總AI判讀心電圖準度九成 及時搶救心跳太慢的他
https://udn.com/news/story/7266/3851868?from=udn-ch1_breaknews-1-cate9-news

台積電導入 NEC 人臉辨識系統,訪客「刷臉」就可開卡進入廠房
https://buzzorange.com/techorange/2019/06/05/nec-face-recognition-in-tsmc/

微軟大舉進攻物聯網,攜手台灣資通訊夥伴展示成果
https://technews.tw/2019/06/06/microsogt-iot-in-actionlinc-showcase-computex/

AI 機器人害我投資賠錢,我能告他嗎
http://bit.ly/31jasHY

家庭物聯存風險 安全意識最重要
https://www.hkcert.org/my_url/zh/blog/19060201

Training a single AI model can emit as much carbon as five cars in their lifetimes
http://bit.ly/2Xyx8Bx

The Internet of Things enables a floating city of pleasure... and a vision of hell
https://www.zdnet.com/article/the-internet-of-things-enables-a-floating-city-of-pleasure-and-a-vision-of-hell/#ftag=RSSbaffb68

Managing IoT Device Risks
https://www.bankinfosecurity.asia/managing-iot-device-risks-a-12564

DARPA Challenge: Underground war robots
https://www.zdnet.com/article/darpa-challenge-underground-war-robots/#ftag=RSSbaffb68

Using machine learning to solve your dark data nightmare
https://www.zdnet.com/article/using-machine-learning-to-solve-your-dark-data-nightmare/#ftag=RSSbaffb68

6.近期資安活動及研討會
 JCConf Taiwan 2019 Call for Proposals  6/1 ~ 6/30
 https://twjug.kktix.cc/events/jcconf-2019-cfp?fbclid=IwAR2-Lry33FOVuXXStfSqUWlAJI25SeFgK9Q1XY6e4zJLEKvYrSkmlvv6Waw

 突破困境:資安開源工具之應用分享  6/8
 https://tfc.kktix.cc/events/nomoney-infosec

 科技大擂台「AI資安攻防戰」決賽  6/9
 https://www.huashan1914.com/w/huashan1914/exhibition_19060415062728776

 Cypherpunks Taiwan 密碼龐克 (5)- 區塊鏈存在證明與抗審查性 & 零知識證明  6/11
 https://www.facebook.com/events/2371184796499787/

 [研討會]2019 TANet資安聯防與大數據分析管理研討會  108年6月12日(三)
 https://reurl.cc/6xXkd

 國家高速網路與計算中心教育訓練-源碼檢測實作 6/13
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3828&from_course_list_url=homepage

 HackingThursday 固定聚會  6/13
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbrb/

 React Hooks 實戰會議室 ─ 前端工程師的潮流技能不私藏  6/14
 https://www.facebook.com/events/447646755985628/

 【課程】Julia 資料科學實作,2019年強勢來襲的科學計算語言,集Python、C++、R 各家特色於一身  6/15
 https://www.techbang.com/posts/70251-course-julia-data-science-practice

 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039

 The Artificial Intelligence Conference  6/18
 https://www.facebook.com/events/278255853036175/?event_time_id=360038254857934

 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/

 HackingThursday 固定聚會 6/20
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbbc/

 國家高速網路與計算中心教育訓練-資安健診  6/20
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3832&from_course_list_url=homepage

 JSDC台中小聚 - UX 體驗分享計畫  6/21
 https://jsdc-tw.kktix.cc/events/53548f33?fbclid=IwAR3CybQML6FGnMQ_IE9dfRYFJUHWm4Knl8kJBHQ9vn_Coz2KOQW1xk_joJs

 Edvance Beacon 2019  6/21
 https://docs.google.com/forms/d/e/1FAIpQLSe70uw8Pi862IkL_rQXDJhzd7QnGXiuhcWwttOEN2BZwUbyMw/viewform

 CCNS 定期聚 — 當 Python 遇上 JIT / PyPy 淺談  6/23
 https://ccns.kktix.cc/events/ccns-pypy-talk?fbclid=IwAR1wa3cZuyNZQv-pGo5Eh3u5uik69nLY1t-sXb2R6wTd9HsrMBw02ybbkJw

 資安前哨站-獵殺封包 6/26
 https://www.it360.com.tw/live-detail.aspx?id=iT36000000000348

 HackingThursday 固定聚會 6/27
 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/

 HackingThursday 固定聚會 7/4
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/

 2019 車用電子與車聯網資安種子教師研習營  7/4 ~ 7/5
 http://www.kghs.kh.edu.tw/notice/11734

 2019國際資訊安全組織台灣高峰會  7/9 ~ 7/11
 https://csa.kktix.cc/events/2019con

 Secure Summit APAC 2019 安全峰會 6 大領域提升資安水平  7/10 ~ 7/11
 http://bit.ly/2WbONh5

 工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
 https://www.accupass.com/event/1904080311551119077841

 HackingThursday 固定聚會 7/11
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/

 HackingThursday 固定聚會 7/18
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/

 HackingThursday 固定聚會 7/25
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/

 新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站​  7/26
 https://ievents.iii.org.tw/eventS.aspx?t=0&id=547

 CDX2.0推廣活動 - 台南場次  7/26
 https://nchc-cdx.kktix.cc/events/cdxactivity-0726

 資安事故處理實務課程 8/7 ~ 8/8
 http://bit.ly/2VW0Lv9

 DEF CON 27  2019/8/8–8/11
 https://www.defcon.org/

 數位鑑識處理實務 8/14 ~ 8/15
 http://bit.ly/2VW0Lv9

 WEB應用滲透測試 8/21 ~ 8/23
 https://www.accupass.com/event/1904080221358963463590

 台灣駭客年會 HITCON Community 2019  2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8)
 https://www.accupass.com/event/1906040921594609934250

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 108年資安職能訓練-行動裝置安全(8/29-8/30)
 https://cee.ksu.edu.tw/recruitinfo/1443.html

 CDX2.0推廣活動 - 台北場次 9/10
 https://nchc-cdx.kktix.cc/events/cdxactivity-0910

 TANET 2019 - 臺灣網際網路研討會  9/25
 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310

 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/?fbclid=IwAR2gU17bz0Y7TH8THIIskIX1vziWBpMY152mJiwk7AAeVS752f_eNcZ0NzU

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com


留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…