資安事件新聞週報 2019/6/3 ~ 2019/6/7
1.重大弱點漏洞/後門/Exploit/Zero Day
Zimbra Collaboration Suite 信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15131
ZyXEL P-660HN-T1 V2 Missing Authentication / Password Disclosure
https://packetstormsecurity.com/files/153144/zyxelp660hn-bypass.txt
Fortinet產品存在多個漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1440
phpMyAdmin 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.2016/
New RCE vulnerability impacts nearly half of the internet's email servers
https://www.zdnet.com/article/new-rce-vulnerability-impacts-nearly-half-of-the-internets-email-servers/#ftag=RSSbaffb68
Huawei P30和Huawei P30 Pro 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5307
京晨科技(NUUO Inc.)網路監控錄影系統(Network Video Recorder, NVR)存在安全漏洞(CVE-2019-9653)
http://net.nthu.edu.tw/2009/mailing:announcement:20190606_01
Apache Jenkins Exploited to Mine Monero Cryptocurrency
https://medium.com/pwnpizza/apache-jenkins-exploited-to-mine-monero-cryptocurrency-dc9a7281c663
Google研究人員發現微軟記事本漏洞
https://www.ithome.com.tw/news/131044
文本編輯器Vim/Neovim被曝任意代碼執行漏洞,含POC
http://bit.ly/2JZrMft
校園數位學習平台 WMP 智慧大師含有 Command Injection 漏洞
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=3003
HTC VIVEPORT 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12176
Oracle MySQL Server組件未授權操作漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2019-07347
Cisco IOS軟件認證繞過漏洞(CVE-2019-1758)
https://www.linuxidc.com/Linux/2019-06/158980.htm
思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x
Micro Focus Service Manager 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11646
IBM PureApplication System 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4235
FreeBSD bro 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12175
Liferay Portal 7.1 CE GA4跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6588
Laravel 5.8 SQL 注入漏洞詳解
https://xz.aliyun.com/t/5331
macOS 0-Day Flaw Lets Hackers Bypass Security Features With Synthetic Clicks
http://bit.ly/2IwAvTt
macOS零日漏洞曝光,允許黑客繞過系統安全功能執行惡意代碼
https://zhuanlan.zhihu.com/p/68010379
前NSA研究員發現Mac漏洞安全提示可被“合成點擊”繞過
https://www.aqniu.com/news-views/49503.html
Nvidia修補GeForce Experience漏洞
https://www.ithome.com.tw/news/131059
pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting
https://www.exploit-db.com/exploits/46936
Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)
https://www.exploit-db.com/exploits/46942
HP Service Manager SQL注入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6494
Docker暴安全漏洞主機文件有被獲取讀寫權限的風險
http://www.dalbll.com/Group/Topic/IT/8324
戴爾電腦預裝軟件嚴重漏洞使用戶易受局域網劫持
http://www.sohu.com/a/318306744_621613?sec=wd
Android 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19060401
Apache Hadoop遠程權限提升漏洞(CVE-2018-8029)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029
Oracle MySQL Server拒絕服務漏洞
https://www.oracle.com/technetwork/security-advisory/cpuapr2019verbose-5072824.html
OneLogin ruby-saml身份驗證繞過漏洞
https://github.com/onelogin/ruby-saml
Linux Kernel 'marvell/mwifiex/scan.c'堆溢出漏洞(CVE-2019-3846)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3846
Red Hat JBoss 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.1949/
Lenovo Bootable Generator代碼問題漏洞
https://support.lenovo.com/us/en/product_security/LEN-25401
Artifex MuJS棧緩衝區溢出漏洞
https://github.com/ccxvii/mujs/commit/da632ca08f240590d2dec786722ed08486ce1be6
0patch出面修補了Windows工作排程器漏洞
https://www.ithome.com.tw/news/131109
微軟公告目前仍有超過 100 萬 Windows 裝置存在嚴重漏洞
http://bit.ly/2Wq45Ul
微軟警告XP、Win7用戶 逾100萬裝置有惡意攻擊風險
http://www.limedia.tw/tech/4441/
微軟視窗遠端桌面服務網路級身分驗證繞過保安限制漏洞
https://www.hkcert.org/my_url/zh/alert/19060502
為了緩解舊版win10中的這些漏洞,Microsoft今天發布了以下新更新
http://www.ylmfwin100.com/ylmf/14582.html
Windows 10 RDP漏洞可讓駭客綁架連線
https://www.ithome.com.tw/news/131133?fbclid=IwAR0_Ec9EowlWa6_985hy1YKi1cFrvVo6vMlsRZk2j4T2nNC0Fl0pU6gHTNg
Microsoft Word信息泄露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0561
Microsoft Edge和ChakraCore緩衝區溢出漏洞
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0914
Microsoft Windows內核信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0536
Windows 10 RDP漏洞可讓駭客綁架連線
https://www.ithome.com.tw/news/131133
Microsoft issues second warning about patching BlueKeep as PoC code goes public
https://zd.net/2KBic1R
Microsoft Sounds Second Alarm Over BlueKeep Vulnerability
https://www.bankinfosecurity.com/microsoft-sounds-second-alarm-over-bluekeep-vulnerability-a-12541
CVE-2019-0703 | Windows SMB Information Disclosure Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0703
Unpatched Bug Let Attackers Bypass Windows Lock Screen On RDP Sessions
http://bit.ly/2QUDetH
Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708)
https://www.zdnet.com/article/even-the-nsa-is-urging-windows-users-to-patch-bluekeep-cve-2019-0708/#ftag=RSSbaffb68
Critical Vulnerability Found In Convert Plus WordPress Plugin
http://bit.ly/318PgUY
網站安全狗(IIS版)存在Webshell繞過漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2018-02515
結構全版本漏洞利用總結
http://www.heibai.org/post/1352.html
Cyrus IMAP 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11356
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
純網銀LINE Bank將推出?「資安」是關鍵核心
http://www.limedia.tw/tech/4076/
LINE信用評等機制將來台 憑分數可享金融服務
https://www.cna.com.tw/news/afe/201905300255.aspx
LINE Bank網銀有三大優勢 強化反洗錢、金融犯罪防制
https://www.wantgoo.com/news/content/index?ID=981419
Hit FinTech高峰會 6/12台北登場
https://money.udn.com/money/story/11799/3841802
Fin Tech 資安機制要跟上腳步
https://money.udn.com/money/story/12952/3857897
行政院發函!籲請金管會督導南山 6月底前改好資訊系統
https://ec.ltn.com.tw/article/breakingnews/2808601
金融創新 57%高階保守看
https://www.chinatimes.com/newspapers/20190604000240-260202?chdtv
另類外交!偵破一銀盜領案全球首例 英公司來台拍紀錄片
https://m.ltn.com.tw/news/society/breakingnews/2812372
用LINE群組炒股要通報 金管會增訂南山條款
https://money.udn.com/money/story/5613/3853879
效益不如預期 八大行庫指定分行延長營業時間7月起將陸續取消
https://fnc.ebc.net.tw/FncNews/stock/82467
只有FinTech還不夠,王道銀行贏在金融科技背後的強大「支援」
https://www.thenewslens.com/article/120129
銀行防制洗錢及打擊資恐注意事項範本更新
https://www.aml-ba.org.tw/news-view.php?ID=11
金融科技夯 景氣循環防禦首選
http://bit.ly/2WQbJqe
金融新兵拚規模vs.大型銀行秀創新 兩大勢力誰先達陣
https://money.udn.com/money/story/5613/3855250
經理人LINE談論股票 保險業須通報金管會
https://money.udn.com/money/story/5613/3855631
比爾蓋茲也這樣做 監理科技助升金融業
http://bit.ly/2K08t5I
南山人壽「2019精算大數據研討會」發表三大研究成果
http://bit.ly/2K08Ih8
電子載具方便卻難普及 網揭暗黑原因
https://www.chinatimes.com/hottopic/20190605003365-260804?chdtv
Everything you need to know about ATM attacks and fraud: Part 1
https://blog.malwarebytes.com/101/2019/05/everything-you-need-to-know-about-atm-attacks-and-fraud-part-1/
Hollywood lie: Bank hacks take months, not seconds
https://www.zdnet.com/article/hollywood-lie-bank-hacks-take-months-not-seconds/#ftag=RSSbaffb68
PCI Compliance and Network Segmentation
http://bit.ly/2wAD7Kg
3.電子支付/電子票證/行動支付/ pay/新聞及資安
App綁支付…手機變百貨
https://money.udn.com/money/story/10868/3846112
Fitbit用戶現可於全球七大交通運輸系統使用Fitbit Pay
https://news.sina.com.tw/article/20190602/31498824.html
電子支付補貼燒太兇 上半年已3家申請增資
http://n.yam.com/Article/20190530887599
智冠加碼威肯持股 強攻第三方支付
https://ec.ltn.com.tw/article/paper/1292630
歐盟新資安規定9月上路 將衝擊線上支付業者
https://money.udn.com/money/story/5602/3853464
電子支付用戶破500萬 收付轉帳街口都奪冠
http://bit.ly/2ET9ybo
【洗黑錢】浙支付平台幫賭網結算:300部手機同時收款 涉案額7億
http://bit.ly/2WuMR8s
網購最多人愛上PChome LINE Pay卡使用率最高
http://bit.ly/2ZaM3Ca
LINE Pay電子錢包功能+1 攜手Visa整合數位支付卡
https://www.ettoday.net/news/20190606/1461430.htm
所有Visa卡都可綁進LINE Pay 強強聯手攻四大金融科技商機
https://news.cnyes.com/news/id/4332353
台灣Pay信用卡繳稅 近22萬筆
http://bit.ly/2Io53GH
4.虛擬貨幣/區塊鍊 新聞及資安
臉書與CFTC討論數位幣計畫
https://www.chinatimes.com/realtimenews/20190603001086-260410?chdtv
全台15所大學起義 共創區塊鏈大學聯盟
http://bit.ly/2wwM0ED
ETH合約溢出漏洞逆向技巧
https://www.heibai.org/post/1330.html
Cosmos安全漏洞解析:21天鎖倉資金可提前贖回
https://xcong.com/articles/3538414
Hashgard:Cosmos SDK 漏洞的觸發條件為驗證人節點宕機
https://www.chainnews.com/articles/215765303543.htm
你該知道區塊鏈改變世界的五大方式
http://news.knowing.asia/news/3f4039b0-fdb9-40f7-b0ec-36af6b7a03ac
北韓駭客攻擊南韓主要交易所 UpBit,利用「釣魚郵件」竊取用戶帳戶密碼和私鑰
https://www.blocktempo.com/north-hacker-attacked-south-koreas-upbit-crypto-exchange/
善用區塊鏈 跨境支付更方便
http://bit.ly/2Kmghhu
數寶分析 穩定幣再加密貨幣市場中的價值
https://money.udn.com/money/story/5636/3847102
區塊鏈基本知識
http://bit.ly/2QBom2Q
促進區塊鏈採用 安永公開其以太坊隱私交易解決方案開源碼
https://news.cnyes.com/news/id/4330228
Coinbase公佈BCH硬分叉漏洞引起雙花攻擊的13個地址
http://www.btc126.com/view/22068.html
稱要教育巴菲特,中國加密貨幣先驅天價與巴菲特吃午餐
https://technews.tw/2019/06/04/cyber-currency-supporter-lunch-with-warren-buffett/
G20針對虛擬貨幣要求制定新措施防止洗錢
https://tchina.kyodonews.net/news/2019/06/53814b978890-g20.html
導入區塊鏈的數位市民卡特別在哪?台北資訊局長點出3個「有感」應用
http://bit.ly/2MsSQ95
銀行攻數位幣 加速跨境結算
https://udn.com/news/story/6811/3851222
取得MSB執照!Dinngo致力成為世界頂級交易所
http://bit.ly/2XmCPm1
欲跨足支付市場 臉書與美主管機關洽談數位貨幣
https://udn.com/news/story/6811/3850024
Facebook加密貨幣據稱下個月問世 或許還有實體ATM機
https://news.sina.com.tw/article/20190606/31539066.html
90%做區塊鏈專案不佳,但台灣未來機會在區塊鏈
http://bit.ly/2wFAfvI
閃電網絡(中)|從貨幣支付發展歷史看閃電網絡核心思想
https://xcong.com/articles/3539681
陳美伶赴歐 展開台歐盟AI區塊鏈資安交流
http://bit.ly/2WpJDmp
宣布成立區塊鏈公司!Mark Karpeles:比特幣的安全需要重建
http://news.knowing.asia/news/05817694-585e-4b4a-bdf5-218df343187f
加密貨幣交易平台Cryptohopper有山寨版,可竊取受害者資料
https://www.ithome.com.tw/news/131147
GateHub的潛在安全漏洞可能導致用戶損失2300萬XRP
http://www.coinvoice.cn/39803.html
KMD:Agama錢包漏洞造成的損失不小但尚且可控,將盡可能補償用戶
https://www.tuoluocaijing.com.tw/kuaixun/detail-68109.html
Software developers are keeping an open mind about blockchain
https://www.zdnet.com/article/software-developers-see-potential-in-blockchain/#ftag=RSSbaffb68
Breaking down the Forbes Blockchain 50
https://medium.com/blockdata/breaking-down-the-forbes-blockchain-50-2f44e9902537
Cryptocurrency Firm Itself Hacked Its Customers to Protect Their Funds From Hackers
http://bit.ly/2wF68Ev
Hackers steal $9.5 million from GateHub cryptocurrency wallets
https://zd.net/2XufjmZ
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / APT
警惕Bizarro Sundown(GreenFlash)漏洞利用工具包傳播Seon勒索病毒
http://bit.ly/2HRiY9l
瞄準Linux平臺的惡意軟體HiddenWasp現身,讓駭客得以遠端控制受感染的系統,惡意軟體由中國駭客創造
https://www.insoler.com/forum/topic/15592895876534.htm
GandCrab勒索軟體賺了20億美元後宣佈收山
https://www.ithome.com.tw/news/131042
網路勒索集團清除了 12,000 多個 MongoDB 資料庫
https://blog.trendmicro.com.tw/?p=60811
變種 Mirai 又再現身 升級攻擊方法專烚懶人
http://bit.ly/2wzJa1J
感染勒索軟體的巴爾的摩市,雖然沒付10萬美元贖金,但後續重建成本將近2千萬美元
https://www.ithome.com.tw/news/131140
新型「挖礦」惡意軟件 BlackSquid 肆虐美國與泰國
https://unwire.pro/2019/06/05/crypto-jacking-mining-malware/security/
GandCrab 勒索病毒鎖定攻擊 MySQL 資料庫
https://blog.trendmicro.com.tw/?p=60802
惡作劇?駭客?議員收可疑USB 藏木馬病毒
https://news.tvbs.com.tw/politics/1144094
Trickbot 攻擊迫使俄亥俄州學校停課
https://blog.trendmicro.com.tw/?p=60809
勒索電郵攻撃新趨勢
https://www.hkcert.org/my_url/zh/blog/19060601
垃圾郵件使用 HawkEye Reborn 鍵盤側錄惡意程式攻擊企業
https://blog.trendmicro.com.tw/?p=60830
惡意虛擬貨幣挖礦容器,針對暴露API 的 Docker主機,並用 Shodan 找出其他受害目標
https://blog.trendmicro.com.tw/?p=60752
美國得來速連鎖餐廳POS系統中毒導致消費者的金融卡資訊遭駭
https://ithome.com.tw/news/131021
美國知名得來速連鎖餐廳POS系統中毒 傳駭客入侵盜走消費者個資
http://bit.ly/2Wer282
Hackers Stole Customers' Credit Cards from 103 Checkers and Rally's Restaurants
http://bit.ly/2JRF11A
MacOS Zero-Day Allows Trusted Apps to Run Malicious Code
http://bit.ly/311RNQA
Three’s a crowd: New Trickbot, Emotet & Ryuk Ransomware
https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Checkers, Rally's Burger Joints Hit By POS Malware
https://www.bankinfosecurity.com/checkers-rallys-burger-joints-hit-by-pos-malware-a-12540
Fingerpointing Over Baltimore's Ransomware Attack
https://www.bankinfosecurity.asia/interviews/fingerpointing-over-baltimores-ransomware-attack-i-4344
GandCrab ransomware operation says it's shutting down
https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/#ftag=RSSbaffb68
E-BUSINESSKaspersky Lab Reports 61% Increase in Mobile Banking Malware
https://nigeriacommunicationsweek.com.ng/kaspersky-lab-reports-61-increase-in-mobile-banking-malware/
Advanced Linux backdoor found in the wild escaped AV detection
https://arstechnica.com/information-technology/2019/05/advanced-linux-backdoor-found-in-the-wild-escaped-av-detection/
Dota Campaign: Analyzing a Coin Mining and Remote Access Hybrid Campaign
https://kindredsec.com/2019/05/31/dota-campaign-analyzing-a-coin-mining-and-backdoor-malware-hybrid-campaign/
The Emotet-ion Game (Part 3)
https://securityboulevard.com/2019/05/the-emotet-ion-game-part-3/
A dive into Turla PowerShell usage
https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/
HiddenWasp Malware Stings Targeted Linux Systems
https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/
Windows 10 security: Are ads in Microsoft's own apps pushing fake malware alerts
https://zd.net/2Z4Klm4
Pharma-testing biz Eurofins Scientific says it fell victim to 'new version' of malware
http://bit.ly/2WyzKlR
BlackSquid Slithers Into Servers and Drives With 8 Notorious Exploits to Drop XMRig Miner
http://bit.ly/319OTcz
Windows 10 Apps Hit by Malicious Ads that Blockers Won't Stop
http://bit.ly/2EUqGgT
Code Analysis of Basic Cryptomining Malware
https://kindredsec.com/2019/06/03/code-analysis-of-basic-cryptomining-malware/
GandCrab Ransomware Shutting Down After Claiming to Earn $2.5 Billion
https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-shutting-down-after-claiming-to-earn-25-billion/
BlackSquid malware uses bag of exploits to drop cryptocurrency miners
https://www.zdnet.com/article/blacksquid-malware-has-bag-of-exploits-to-drop-cryptocurrency-miners/#ftag=RSSbaffb68
The number of installed packages of malicious mobile banking Trojans increased by 58%
http://bit.ly/2XtaSc9
Malicious Mobile App Stealing Users’ Money
https://www.izoologic.com/2019/06/04/malicious-mobile-app-stealing-users-money/
Kaspersky TDSSKiller Portable
http://bit.ly/2EP6OMf
VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles
https://www.virusbulletin.com/uploads/pdf/magazine/2018/VB2018-Kalnai-Poslusny.pdf
B.行動安全 / iPhone / Android /穿戴裝置 /App
Apple ID被中國駭客成功破解
https://www.ptt.cc/bbs/MobileComm/M.1495603560.A.2CD.html
華盛頓郵報:大量 iPhone Apps 透過背景更新發送用戶數據
https://unwire.hk/2019/06/01/back-ground-app-refresh-apple/mobile-phone/
iOS軟件暗藏追蹤器 泄用戶私隱 背景App定期傳送 1個月傳1.5GB數據
http://bit.ly/315xKR8
去廁所前要向主管 WhatsApp「登記」?網民慨嘆:慘過集中營
http://bit.ly/2W4oYiQ
Line怎麼做資安?資安團隊首度對外揭露
https://www.ithome.com.tw/news/131029
跨國駭客威脅防不勝防,LINE如何把資安DNA注入員工身上
https://www.bnext.com.tw/article/53497/line-cyber-security-culture
新思斷軟體更新 華為再重創
https://ec.ltn.com.tw/article/paper/1292863
華為5G遭獵殺!爽了這家通訊大廠
https://www.chinatimes.com/realtimenews/20190605000032-260410?chdtv
華為與俄電信商MTS簽約 開發5G網絡
http://bit.ly/31eNrFN
印度是否允許華為參與其5G網絡是個未知數
https://www.voacantonese.com/a/Huawei-Role-In-5G-Network-Under-A-Cloud-20190604/4945134.html
FCC成員:華為的威脅已經存在
https://www.voacantonese.com/a/fcc-member-huawei-rural-area-20190531/4941499.html
Android 瀏覽器漏洞 助黑客發動網址列詐騙攻擊
http://bit.ly/2Wm1HxV
中搶5G商機 駭對手曝光安全漏洞
https://m.ltn.com.tw/news/focus/paper/1293241
WWDC 2019:MacOS Catalina 將 iTunes 拆成三個獨立App、使iPad成為第二顆螢幕以及所有動作都能透過語音控制
https://www.cool3c.com/article/144512
西班牙國家情報中心(CNI)警告5G恐對網路資安造成更大挑戰
http://bit.ly/2MpVigx
傳暫停華為手機生產線 富士康未回應
http://bit.ly/2ERTIh5
前五大類行動裝置漏洞
https://blog.ipswitch.com/tw/top-5-types-of-mobile-device-breaches
當心個資外洩!專家:這3種資料別存在手機裡
https://fnc.ebc.net.tw/FncNews/tech/82264
讓用戶掌握更多的數據控制權 Apple顧隱私「每週拒4萬個APP上架」
http://bit.ly/2HTZbWC
被嵌入BeiTaAd廣告外掛的Android程式恐讓手機難以使用
https://www.ithome.com.tw/news/131110
貼文、留言都由他們檢查!臉書神秘的「內容審查員」做了這些事
https://3c.ltn.com.tw/news/37005
防盜帳號不簡單!直擊 LINE X Intertrust 資安大會,捍衛數位世界身份與信用
https://assets.inside.com.tw/article/16573-LINE-X-Intsertrust-2019
蘋果公司新登錄選項或對Facebook和google過濾更多個人資訊
https://on.wsj.com/31fsn1U
iOS 13、MacOS Catalina終止支援SHA-1雜湊演算法
https://www.ithome.com.tw/news/131136?fbclid=IwAR0sb8CnzU9TZJAgY9sKFoffSJqo8zFiWTVqCFRHQEuP7j2X8lWSfSAmdI8
iOS 13 on the iPhone: Here's what Apple needs to fix urgently
https://www.zdnet.com/article/ios-13-on-the-iphone-heres-what-apple-needs-to-fix-urgently/#ftag=RSSbaffb68
New attack creates ghost taps on modern Android smartphones
https://www.zdnet.com/article/new-attack-creates-ghost-taps-on-modern-android-smartphones/#ftag=RSSbaffb68
Wave of SIM swapping attacks hit US cryptocurrency users
https://www.zdnet.com/article/wave-of-sim-swapping-attacks-hit-us-cryptocurrency-users/#ftag=RSSbaffb68
Symantec Mobile Threat Defense: Reducing Risky App Threats with Robust App Vetting
https://www.symantec.com/blogs/product-insights/symantec-mobile-threat-defense-reducing-risky-app-threats-robust-app-vetting
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
下一次的資安大威脅—量子時代的來臨
https://blog.twnic.net.tw/2019/05/31/3818/
近一半的組織網路安全技術人才短缺,該怎麼辦
https://blog.trendmicro.com.tw/?p=60080
資安最大的風險是人
https://view.ctee.com.tw/technology/10222.html
從0開始成為一名黑客,必須學習C語言
https://read01.com/ezn6jRm.html#.XPh3e1wzbIU
14歲自學當駭客 薛澄溱18歲當上產品經理
https://www.gvm.com.tw/article.html?id=66511
新的研究顯示網路犯罪可能被廣泛漏報——即使法律要求揭露
http://www.businesswirechina.com/hk/news/40776.html
【網站遭駭情勢日益惡化,助長利用外洩帳號密碼而成的自動化攻擊】帳號填充攻擊乘勢而起
https://www.ithome.com.tw/news/131019
【網站應用程式要防堵帳號填充攻擊,市面上已有解決方案可選】剖析因應帳號填充攻擊的3種可行做法
https://www.ithome.com.tw/news/131020
在演算法殺人之前,或許我們該先殺死它們
https://www.techbang.com/posts/70400-before-the-algorithm-kills-maybe-we-should-kill-them-first
ENIAC 背後的女性程式設計師
https://talk.womany.net/t/topic/12067
替人類減少網路中毒的痛苦!非營利組織Quad9要成為全球的資安防護罩
http://bit.ly/2ERpomU
維安進化...防諜變防駭
http://udndata.com/ndapp/udntag/finance/Article?origid=9332667
Google與美2所大學研究資安防護措施,舉手之勞就能保護帳號安全
http://bit.ly/2wAxpYR
關貿 5月攔截13萬次網攻
http://bit.ly/2EPgLZY
維州審計長扮駭客 侵入醫院IT系統
http://www.epochtimes.com/b5/19/6/3/n11296725.htm
這位媽媽打開嬰兒監視器,看到的卻是別人的小孩
https://blog.trendmicro.com.tw/?p=60627
在暗網世界裡,駭客可能用AI再重新創造了一個「你」
https://www.techbang.com/posts/70407-in-the-dark-web-world-hackers-may-have-re-created-a-you-with-ai
黑客鑽漏洞 牟利880萬
https://news.sina.com.tw/article/20190601/31488194.html
盜幣880萬元,廣東警方打掉一盜取遊戲幣的黑客團伙
https://news.sina.com.tw/article/20190602/31496554.html
澳洲國家大學遭黑客入侵 多達19年敏感資料被盜
https://hk.on.cc/hk/bkn/cnt/aeanews/20190604/bkn-20190604113454077-0604_00912_001.html
英超李斯特城官方網店遭入侵 顧客信用卡重要資料被盜
https://unwire.hk/2019/06/01/leicester-city-fc-hacked-credit-card-data/tech-secure/
網路設備異常 桃機國境大隊啟動備援
http://bit.ly/2HRMyLM
Google、微軟、蘋果、WhatsApp等組織,公開反對英國情報機構提出的竊聽加密通訊計畫
https://ithome.com.tw/news/131008
美駐荷大使:荷蘭應全面禁用華為5G設備
https://ec.ltn.com.tw/article/breakingnews/2813809
中共疑為侵入澳洲國立大學電腦網絡黑手
http://www.epochtimes.com/b5/19/6/6/n11304148.htm
美國國土安全部跟國務院官員參加資安對話
https://www.ptt.cc/bbs/HatePolitics/M.1559210037.A.D5B.html
美國務卿訪歐放話:美國不與使用華為的國家共享情報
https://news.ltn.com.tw/news/world/breakingnews/2808679
若歐洲封殺中電信設備 5G建置額外成本恐破兆
https://ec.ltn.com.tw/article/breakingnews/2815494
香格里拉安全對話 美再批華為與中共掛勾
https://www.taiwannews.com.tw/ch/news/3715828
中國操縱歐洲5G設備測試 以掩護華為打擊對手
https://ec.ltn.com.tw/article/breakingnews/2809859
尷尬!BBC英國首次5G直播使用華為設備
http://bit.ly/2ZcTUPW
英情報機構:華為劣質 安全性令人不放心
http://www.epochtimes.com/b5/19/6/3/n11296465.htm
日全面禁華為5G! 樂天移動與NEC打造5G網路
http://bit.ly/2JZKtj9
華為和中共政權的真實關係
https://www.ntdtv.com/b5/2019/06/01/a102591392.html
淨灘撿瓶中信寫「國家機密 」 疑中國海漂到台灣
http://bit.ly/2QHEO1F
紐約科技研討會 嘉賓談及中共網絡封鎖
http://www.epochtimes.com/b5/19/6/4/n11298976.htm
Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services
http://bit.ly/2MBz5My
Despite disclosure laws, cybercrime may be widely underreported
http://bit.ly/2K0ja8m
Cybercrime in a post-Brexit era: Will hackers exploit our political turmoil
http://bit.ly/2ETr4fy
Big tech surveillance could damage democracy
http://bit.ly/2Wbwhp3
BoxHosting Online Hosting: Lifetime Subscription
http://bit.ly/2MyHFLV
Huawei: China's State Hackers 'Rigging 5G Tests' Against Nokia And Ericsson
http://bit.ly/312maGz
Trends in Cybersecurity to Watch
https://medium.com/rohits-perspectives/trends-in-cybersecurity-to-watch-64637ed08bdd
NATO promises to be ready for cyber attacks
https://www.cybersecurityjobsite.com/article/nato-promises-to-be-ready-for-cyber-attacks/
5 reasons your organization needs to adopt a zero trust security architecture
http://bit.ly/2EPtv2F
SUPRA Smart TV Flaw Lets Attackers Hijack Screens With Any Video
http://bit.ly/2W8Z7q1
A Manifesto for Great Security
https://www.symantec.com/blogs/expert-perspectives/manifesto-great-security
Why You Should Wait to Download Your NLE’s Beta Release
http://bit.ly/2HTZCAo
‘All we know is MONEY!’: US cities struggle to fight hackers
http://bit.ly/2ZaxZJd
UK’s Sophos Buys US’s Rook Security, a Managed Services and SIEM Provider
http://bit.ly/2KzU6oe
A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals
https://gbhackers.com/hacking-tools-list/?fbclid=IwAR2pvF-25IfGdsEbI4wAwb0FQD0u7BeSB4hE_du_QrGSCgszySBcCJNRIOg
Failure to patch is leaving business open to attack
http://bit.ly/2XvoKCM
US to demand five years of your social media, email account info in visa application
https://zd.net/2K3kuYk
Hong Kong, Singapore to Cooperate on Cybersecurity
https://www.bankinfosecurity.asia/hong-kong-singapore-to-cooperate-on-cybersecurity-a-12549
New Iranian hacking tool leaked on Telegram
https://www.zdnet.com/article/new-iranian-hacking-tool-leaked-on-telegram/#ftag=RSSbaffb68
China’s War on Dissidents Spreads Online
https://onezero.medium.com/chinas-war-on-dissidents-spreads-online-9bb3f2d4ff7a
Does China's route to infrastructure control run through Iceland's data centers
https://www.zdnet.com/article/does-chinas-route-to-infrastructure-control-run-through-icelands-data-centers/#ftag=RSSbaffb68
The best beach reads for hackers in 2019
https://www.zdnet.com/pictures/the-best-2019-beach-reads-for-hackers-in-pictures/#ftag=RSSbaffb68
Firefox Web Browser Now Blocks Third-Party Tracking Cookies By Default
http://bit.ly/2Xx01y0
National Cyber Security Strategy To Hit Just 1 of 12 Outcomes by 2021
http://bit.ly/2WjWtxM
Malboard: Hackers can now pose as victims through their keyboards
https://zd.net/2Mw1lQQ
Enterprise under attack: Dark web cyber criminals sell hacking tools aimed at business
https://zd.net/2KxgM8E
Large European Routing Leak Sends Traffic Through China Telecom
http://bit.ly/2Ikj73S
資通所108年第一次聯合專案人力進用-20.技術類-資安
https://www.104.com.tw/job/6mpx9
網路資安工程師-新竹
https://www.104.com.tw/job/5ylir
資訊安全高級工程師/工程師
https://www.104.com.tw/job/5rsb0
Python Web Engineer(研發替代役可)
https://www.104.com.tw/job/5wif9
法遵/ 法務人員
https://www.104.com.tw/job/6ezpe
資安維運工程師
https://www.104.com.tw/job/6mrm3
工研院資訊處_資訊工程師G4
https://www.104.com.tw/job/6ms39
【資安】資深資安管理專業人員
https://www.104.com.tw/job/67b9e
I3601 資訊安全資深工程師(板橋)
https://www.104.com.tw/job/6dd4o
電子支付 Linux/Android APP 軟體工程師_研發中心(高雄)
https://www.104.com.tw/job/6mwhw
電子支付 Android BSP / Linux Embedded OS 軟體工程師_研發中心(台中)
https://www.104.com.tw/job/6mwht
資訊安全主管/Leader
https://www.104.com.tw/job/6mvtu
資安顧問/專案經理 (華亞科技園區)
https://www.104.com.tw/job/6my44
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
蘋果保護隱私出大招:虛擬信箱幫使用者登錄第三方應用服務
http://bit.ly/2MqUlEL
東京奧運假冒網站多買飛要小心!中旅社下周四前公布香港購票詳情
http://bit.ly/2wzGL7k
駭客入侵?櫃姐買千元保養品慘被騙24萬元
https://news.ltn.com.tw/news/society/breakingnews/2809832
做貼圖綁跨國支付平台! 女控遭盜刷「52萬」
https://news.tvbs.com.tw/life/1141607
維擇科技CEO:欺詐攻擊正從互聯網行業向傳統行業延伸
https://news.sina.com.tw/article/20190602/31494884.html
失婚婦網交「大陸工程師」17萬差點送人
https://www.chinatimes.com/realtimenews/20190530003318-260402?chdtv
要救美國上校!50歲單身婦談網戀昏頭 百萬積蓄差點飛了
https://news.ltn.com.tw/news/society/breakingnews/2807134
先殺價!逢甲商圈詐騙檔 付千鈔偷收回誆騙找錢
https://news.ebc.net.tw/News/society/165957
防點數詐騙 「不多管閒事」成通報漏洞
https://news.tvbs.com.tw/life/1143524
「分心術」盜銀行卡 取走錢財 男女嫌犯被追緝
http://www.epochtimes.com/b5/19/6/4/n11300664.htm
網徵打字員「轉財務」 學生誤信幫匯款觸法
https://news.tvbs.com.tw/local/1143089?fbclid=IwAR226kAf-i5H0cgwiYffAdcSTYqtcojphMTt4gYyK5BK43FcUUdYW28FR6Y
假簡訊「亂槍打鳥、願者上鉤」桃警偵破詐騙集團
https://news.ltn.com.tw/news/society/breakingnews/2811504
研究人員再發現未保護的資料庫叢集,中國獵人頭公司資料全都露
https://www.ithome.com.tw/news/131081?fbclid=IwAR3pW2crIzB9M-RSiy58otmiQ6Da4jGtZtC-OJJj-tYPjFj4D2XcKfZ4ITc
「別打了」臉書詐騙盜電話 狂接客訴抓嘸人
http://bit.ly/2Wr0lSC
美國討債公司AMCA資料外洩,危及眾多醫療院所病患個資
https://www.ithome.com.tw/news/131139
國泰外洩940萬乘客個人資料 私隱專員批違規及管理掉以輕心
http://www.passiontimes.hk/article/06-06-2019/53461
釣魚電郵專攻焦慮心理 Google 是非題教你分詐騙破綻
http://bit.ly/2Zcdqfe
澳洲國立大學20萬筆個資遭竊 爆中國吸收間諜隱憂
https://news.ltn.com.tw/news/world/breakingnews/2814875
Detecting Breaches in Real Time
https://www.bankinfosecurity.asia/detecting-breaches-in-real-time-a-12571
This is how hackers make money from your stolen medical data
https://www.zdnet.com/article/this-is-how-hackers-make-money-from-your-stolen-medical-data/#ftag=RSSbaffb68
Credder: Fighting the scourge of online fake news
https://www.zdnet.com/article/credder-fighting-the-scourge-of-online-fake-news/#ftag=RSSbaffb68
ISPs must now ask for permission before selling your data, Maine rules
https://www.zdnet.com/article/isps-must-now-ask-for-permission-before-selling-your-data-maine-rules/#ftag=RSSbaffb68
One of New York’s largest nonprofits suffers data breach
https://www.zdnet.com/article/one-of-new-yorks-largest-nonprofits-suffers-data-breach/#ftag=RSSbaffb68
Fake news writer: If people are stupid enough to believe this stuff
https://nakedsecurity.sophos.com/2019/06/03/fake-news-writer-if-people-are-stupid-enough-to-believe-this-stuff/
Citrix Sued For Not Securing Employee Info Before Data Breach
http://bit.ly/2WHSI9n
Phishing attacks that bypass 2-factor authentication are now easier to execute
http://bit.ly/2HW1cBO
Billing Details for 11.9M Quest Diagnostics Clients Exposed
http://bit.ly/2wMlqaV
Podcast: Behind-the-Scenes Look at Scattered Canary BEC Cybergang
http://bit.ly/2WLtKWJ
Phishing Kits Add More Vulnerabilities to Hacked Servers
http://bit.ly/2Il0RHF
E.研究報告
Windows RDP 服務高危漏洞分析(CVE-2019-0708)
https://paper.seebug.org/937/
Linux 內核SCTP 協議漏洞分析與復現(CVE-2019-8956)
https://paper.seebug.org/938/
Windows 10 Task Scheduler服務DLL注入漏洞分析
https://xz.aliyun.com/t/5286
MS08-067漏洞原理及詳盡分析過程
https://www.freebuf.com/vuls/203881.html
POC已公開!RDP遠程代碼執行漏洞被利用引發藍屏
https://www.weibo.com/ttarticle/p/show?id=2309404378115299216997
CVE-2019-9510:攻擊者利用RDP 0 day漏洞可繞過鎖屏
https://www.4hou.com/vulnerable/18422.html
CVE-2017-11176 一步一步linux内核漏洞利用 (二)(阻塞)
https://xz.aliyun.com/t/5319
詳細分析Pwn2Own 2019上曝出的Edge的Canvas 2D API漏洞(CVE-2019-0940)利用
https://www.4hou.com/vulnerable/18321.html
CVE-2019-0697:通過DHCP漏洞發現其餘兩個關鍵漏洞
https://xz.aliyun.com/t/5308
一次攻防實戰演習复盤總結
https://bithack.io/forum/265?fbclid=IwAR132FXzqAZaBsQzb0p6uEeo6HXdCtt456goRzNzrfdEbuvzOz57qVV-q9M
「白帽挖洞技能提升」ThinkPHP5 遠程代碼執行漏洞-動態分析
https://read01.com/KDE0eE4.html
2019年上半年數據庫漏洞安全威脅報告
https://www.anquanke.com/post/id/179853
BlackSquid惡意軟件分析:利用8個臭名昭著的漏洞攻擊服務器,並投放挖礦惡意軟件
https://www.4hou.com/malware/18408.html
Apache struts2漏洞又來了這一次如何機智地與中國黑客界的半壁江山賽跑
https://www.aspxmuma.com/aspmumahoumen/5207.html
Bitdefender An APT Blueprint:Gaining New Visibility into Financial Threat
http://bit.ly/2WDmX1x
Improper App Check Revives the Synthetic Clicks Issue in macOS Mojave
http://bit.ly/2IfIkN2
Kubolt : Utility For Scanning Public Kubernetes Clusters
https://kalilinuxtutorials.com/kubolt/?fbclid=IwAR1xR9i72r-4V6VIORTKAwigeVpIRz5L8dTdNCqqKDqA7WlkftJcgJYHoyI
Analysis of CVE-2019-0708 (BlueKeep)
https://www.malwaretech.com/2019/05/analysis-of-cve-2019-0708-bluekeep.html
HOW TO Tactical Nmap for Beginner Network Reconnaissance
https://null-byte.wonderhowto.com/how-to/tactical-nmap-for-beginner-network-reconnaissance-0189856/
Seccubus v2.51.1 releases: automated vulnerability scanning, reporting and analysis
https://securityonline.info/seccubus-vulnerability-scanning-reporting-analysis/
Shellcode: Loading .NET Assemblies From Memory
http://bit.ly/2XFMOCU
flare-vm v2.2.20 releases: Windows-based security distribution for malware analysis, incident response, penetration testing
http://bit.ly/2Mn6pH5
Windows-Based Exploitation —VulnServer TRUN Command Buffer Overflow
http://bit.ly/2JRXz1N
Percona herds the open source cats
https://www.zdnet.com/article/percona-herds-the-open-source-cats/#ftag=RSSbaffb68
Windows 10 - Task Scheduler service - Privilege Escalation/Persistence through DLL planting
http://bit.ly/2YXJvHA
Using Firepower to defend against encrypted RDP attacks like BlueKeep
https://blog.talosintelligence.com/2019/05/firepower-encrypted-rdp-detection.html
Someone slipped a vuln into crypto-wallets via an NPM package
http://bit.ly/2Z7lzl2
Realtek SDK Exploits on the Rise from Egypt
https://www.netscout.com/blog/asert/realtek-sdk-exploits-rise-egypt
Mr. Coffee with WeMo: Double Roast
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mr-coffee-with-wemo-double-roast/
The time I was hacked by Mr. Sh
https://medium.com/@collinalexbell/the-time-i-has-hacked-by-mr-sh-583db12b7d8f
Detecting and Analyzing Microsoft Office Online Video
https://blog.nviso.be/2019/05/29/detecting-and-analyzing-microsoft-office-online-video/
googleprojectzero/halfempty
http://bit.ly/2XifRfP
PcapXray v2.5 - A Network Forensics Tool To Visualize A Packet Capture Offline As A Network Diagram
http://bit.ly/2KrOQmt
Summary of Iranian Advanced Persistent Threat (APT) 34
https://medium.com/@JordiScrubbings/summary-of-iranian-advanced-persistent-team-apt-34-7624d213d20e
MetaSploit Module Created for BlueKeep Flaw, Private for Now
http://bit.ly/2EUkc1x
Threat Intelligence Hunter - An Open source project for threat hunting and Information gathering
http://bit.ly/2WMAXWK
Website Penetration testing: Information gathering
http://bit.ly/2IjUmFf
Windows 10 - Task Scheduler service - Privilege Escalation/Persistence through DLL planting
http://bit.ly/2Iik6lp
Planning a Red Team exercise
http://bit.ly/2JXlQDI
Modern Internet Standards provide for more reliability and further growth of the Internet.
https://www.internet.nl/?fbclid=IwAR1wJwSChJbDCSE6hzDwZsBelXx2c5hWFsIcCRXWFNno66I06u9FxfsD1rw
Vim/Neovim Arbitrary Code Execution via Modelines
http://bit.ly/2wCSIcb
Why does macOS Catalina use Zsh instead of Bash? Licensing
http://bit.ly/2QSvhF9
BlueKeep ‘Mega-Worm’ Looms as Fresh PoC Shows Full System Takeover
http://bit.ly/2HXGgdq
owasp-masvs
http://bit.ly/2WLJ5qh
gyoisamurai/GyoiThon GyoiThon: Next generation penetration test tool
https://github.com/gyoisamurai/GyoiThon?fbclid=IwAR27UNsubLroS-hRj14QpWB-wFkmXVgUVkMjX5JWDis3Ee3JeC6-5-XYyLs
Finshir : A Coroutines-Driven Low & Slow Traffic Sender
https://kalilinuxtutorials.com/finshir/?fbclid=IwAR1iZ9pS8RBWyiRVm9Bvd94esnXh_K3N-uQcTEVAVZL2Cfh38YptYeYGzE8
Facebash : Facebook Brute Forcer In Shellscript Using TOR
http://bit.ly/2KAFsgj
Metabigor : Command Line Search Engines Without Any API Key
http://bit.ly/2K1Jpvd
How To Recover/Reset Forgotten MySQL/MariaDB root User Password On Linux
http://bit.ly/2HZN9ep
Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities
http://bit.ly/2Wr7T2U
New GoldBrute Botnet is Trying to Hack 1.5 Million RDP Servers
http://bit.ly/2wGlVDd
How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code
http://bit.ly/2Intx2S
VTHunting : A Tiny Script Used to Generate Report About Virus Total Hunting
http://bit.ly/31hWNRp
A botnet is brute-forcing over 1.5 million RDP servers all over the world
https://zd.net/2K1Fr5N
Hackers Can Now Bypass Two-Factor Authentication With a New Kind of Phishing Scam
http://bit.ly/2IqrgEd
PcapXray : Tool To Visualize A Packet Capture Offline
https://kalilinuxtutorials.com/pcapxray/?fbclid=IwAR3cu2HCB7BnO-qXrzE11K15NyFlWYasDDMqRvuUJcVdXLKC-_FJu96kye4
Microsoft Warns Against Bypassing Office 365 Spam Filters
http://bit.ly/2wR1cNf
There's a reason why my cat doesn't need two-factor authentication
http://bit.ly/31k4wOX
F.商業
Palo Alto買下二家專攻新興技術的資安公司
https://ithome.com.tw/news/130997
新方法帶來機會與挑戰 分散式運算管理有路可循 嫻熟微服務架構運作 方能建構可靠安全系統
https://www.netadmin.com.tw/article_content.aspx?sn=1905290002
趨勢攜四家資安教育機構 強化企業資安
https://udn.com/news/story/7253/3849756
瞄準企業數位轉型商機 精誠花0.9億取得藍新資訊3成股權
https://ec.ltn.com.tw/article/breakingnews/2810941
Google、FB當心了!Apple推出「快速登入」服務 不但方便還很安全
http://bit.ly/2ESvy6q
隱私安全!火狐預設強化追蹤保護功能
http://bit.ly/31cz7Om
ESET多層防禦技術 有效阻擋駭客攻擊與威脅
https://www.eset.hk/html/86/eset-multi-layer-defense-technology/
IBM雲端平臺不惜砍掉重練,改用K8s打造現代化新架構
https://www.ithome.com.tw/people/131015
Imperva to acquire bot management provider Distil Networks
https://www.zdnet.com/article/imperva-to-acquire-bot-management-provider-distil-networks/#ftag=RSSbaffb68
Equinix adds network functions virtualization to its platform, launches Network Edge
https://www.zdnet.com/article/equinix-adds-network-functions-virtualization-to-its-platform-launches-network-edge/#ftag=RSSbaffb68
Red Hat Enterprise Linux 7.7 beta is now available
https://www.zdnet.com/article/red-hat-enterprise-linux-7-7-beta-is-now-available/#ftag=RSSbaffb68
Firefox Web Browser Now Blocks Third-Party Tracking Cookies By Default
http://bit.ly/2IsyE1A
G.政府
台灣早已禁用華為!唐鳳:當時沒有其他國家這樣做,我們在國際上具有一定資安話語權
https://buzzorange.com/techorange/2019/05/31/huawei-in-tw/
電信管理法完成立法 5G可共網共頻
https://udn.com/news/story/7238/3846040
「電信管理法」三讀通過 電信執照制改為登記制
https://www.chinatimes.com/realtimenews/20190531003831-260410?chdtv
電信管理法過關 NCC:加速5G建設與更新
https://m.ltn.com.tw/news/life/breakingnews/2808670
國防產業發展條例創廠商分類分級 學者憂誰來評鑑
https://udn.com/news/story/10930/3848238
中鋼去華為元素 多管齊下
https://money.udn.com/money/story/5612/3849331
更新之資通安全專業證照清單及資通安全專業證照認可審查作業流程
https://nicst.ey.gov.tw/Page/D94EC6EDE9B10E15/f23692a6-de81-4ca8-a49d-e4cf78aa9bee
端午連假將至 金管會要求各保險公司服務不中斷
https://ec.ltn.com.tw/article/breakingnews/2812884
政府擴大辦理關鍵基礎設施演習 桌上推演本週展開
https://m.ltn.com.tw/news/politics/breakingnews/2814301
H.SCADA/ICS/工控系統
工廠資安事件頻傳 你的工業控制系統夠安全嗎
https://www.ctimes.com.tw/DispArt/tw/19060314000N.shtml
Schneider Electric AVEVA Vijeo Citect和Schneider Electric AVEVA CitectSCADA不安全憑證存儲漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10981
I.教育訓練
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊
http://bit.ly/2HOyLpa
會員系統用Session還是Cookie? 你知道其實他們常常混在一起嗎
https://progressbar.tw/posts/92?fbclid=IwAR1VpPrre8pVRRvHYvs99uDT6icprh7Lo9oIKAEXHBvej-R84jDMtE6qPd0
如何蒐集威脅情資,又該如何分析與運用
https://ithome.com.tw/pr/131006
業務邏輯漏洞安全檢查checklist
http://www.lonelyor.org/lonelyorWiki/15596178265897.html
web安全之文件上傳漏洞
https://blog.csdn.net/xlsj228/article/details/90756195
【 台灣股市資訊網】Post爬蟲大公開-附【 Python程式碼】
http://bit.ly/2Wnr8Pv
讓股票小秘書教您大掃【千】支股票 — 附贈【Python程式碼】範例
http://bit.ly/2QRJq5C
108資安--安裝ubuntu server 18.04
http://itopnet.blogspot.com/2019/06/108-ubuntu-server-1804.html
黑客工具| hydra暴力破解&Violence cracking web site
https://www.cmm.wiki/video/WHtq_5eZ4Ds/zhzy-m.html
How to Find Out Who is Using a File in Linux
http://bit.ly/2wvMA5p
Introduction to HTML -Part 1
http://bit.ly/2JXRWPZ
Process and Communication in Operating Systems
http://bit.ly/2WjwMlN
How a Quantum Computer Could Break 2048-Bit RSA Encryption in 8 Hours
http://bit.ly/2QN3ndG
How In-House Forensic Capabilities Help Detect Vulnerabilities
https://www.bankinfosecurity.asia/how-in-house-forensic-capabilities-help-detect-vulnerabilities-a-12572
CompTIA Certification Training — Get Online Courses @ 95% OFF
http://bit.ly/2KyN3wc
Introduction to Shell Scripting
http://bit.ly/2F8H2CX
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
倫敦直擊:智能家電易遭黑客監控 業界表擔憂
https://hk.on.cc/hk/bkn/cnt/aeanews/20190602/bkn-20190602060344662-0602_00912_001.html
人工智慧落地產業應用 基礎架構攸關專案成敗 截AI優勢補企業競爭力 專用硬體發揮時效價值
https://www.netadmin.com.tw/article_content.aspx?sn=1905290001
製造業資安受關注 軟硬整合提升資安強度
http://www.tca.org.tw/tca_news1.php?n=1400
英國打造5G智慧工廠 第四次工業革命來了
https://udn.com/news/story/6843/3851532
COMPUTEX聚焦智慧製造 共論5大人物時代資安主題
http://www.ctimes.com.tw/DispNews/tw/1905311147VP.shtml
三總AI判讀心電圖準度九成 及時搶救心跳太慢的他
https://udn.com/news/story/7266/3851868?from=udn-ch1_breaknews-1-cate9-news
台積電導入 NEC 人臉辨識系統,訪客「刷臉」就可開卡進入廠房
https://buzzorange.com/techorange/2019/06/05/nec-face-recognition-in-tsmc/
微軟大舉進攻物聯網,攜手台灣資通訊夥伴展示成果
https://technews.tw/2019/06/06/microsogt-iot-in-actionlinc-showcase-computex/
AI 機器人害我投資賠錢,我能告他嗎
http://bit.ly/31jasHY
家庭物聯存風險 安全意識最重要
https://www.hkcert.org/my_url/zh/blog/19060201
Training a single AI model can emit as much carbon as five cars in their lifetimes
http://bit.ly/2Xyx8Bx
The Internet of Things enables a floating city of pleasure... and a vision of hell
https://www.zdnet.com/article/the-internet-of-things-enables-a-floating-city-of-pleasure-and-a-vision-of-hell/#ftag=RSSbaffb68
Managing IoT Device Risks
https://www.bankinfosecurity.asia/managing-iot-device-risks-a-12564
DARPA Challenge: Underground war robots
https://www.zdnet.com/article/darpa-challenge-underground-war-robots/#ftag=RSSbaffb68
Using machine learning to solve your dark data nightmare
https://www.zdnet.com/article/using-machine-learning-to-solve-your-dark-data-nightmare/#ftag=RSSbaffb68
6.近期資安活動及研討會
JCConf Taiwan 2019 Call for Proposals 6/1 ~ 6/30
https://twjug.kktix.cc/events/jcconf-2019-cfp?fbclid=IwAR2-Lry33FOVuXXStfSqUWlAJI25SeFgK9Q1XY6e4zJLEKvYrSkmlvv6Waw
突破困境:資安開源工具之應用分享 6/8
https://tfc.kktix.cc/events/nomoney-infosec
科技大擂台「AI資安攻防戰」決賽 6/9
https://www.huashan1914.com/w/huashan1914/exhibition_19060415062728776
Cypherpunks Taiwan 密碼龐克 (5)- 區塊鏈存在證明與抗審查性 & 零知識證明 6/11
https://www.facebook.com/events/2371184796499787/
[研討會]2019 TANet資安聯防與大數據分析管理研討會 108年6月12日(三)
https://reurl.cc/6xXkd
國家高速網路與計算中心教育訓練-源碼檢測實作 6/13
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3828&from_course_list_url=homepage
HackingThursday 固定聚會 6/13
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbrb/
React Hooks 實戰會議室 ─ 前端工程師的潮流技能不私藏 6/14
https://www.facebook.com/events/447646755985628/
【課程】Julia 資料科學實作,2019年強勢來襲的科學計算語言,集Python、C++、R 各家特色於一身 6/15
https://www.techbang.com/posts/70251-course-julia-data-science-practice
國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
https://hackercollege.nctu.edu.tw/?p=1039
The Artificial Intelligence Conference 6/18
https://www.facebook.com/events/278255853036175/?event_time_id=360038254857934
Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/
HackingThursday 固定聚會 6/20
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbbc/
國家高速網路與計算中心教育訓練-資安健診 6/20
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3832&from_course_list_url=homepage
JSDC台中小聚 - UX 體驗分享計畫 6/21
https://jsdc-tw.kktix.cc/events/53548f33?fbclid=IwAR3CybQML6FGnMQ_IE9dfRYFJUHWm4Knl8kJBHQ9vn_Coz2KOQW1xk_joJs
Edvance Beacon 2019 6/21
https://docs.google.com/forms/d/e/1FAIpQLSe70uw8Pi862IkL_rQXDJhzd7QnGXiuhcWwttOEN2BZwUbyMw/viewform
CCNS 定期聚 — 當 Python 遇上 JIT / PyPy 淺談 6/23
https://ccns.kktix.cc/events/ccns-pypy-talk?fbclid=IwAR1wa3cZuyNZQv-pGo5Eh3u5uik69nLY1t-sXb2R6wTd9HsrMBw02ybbkJw
資安前哨站-獵殺封包 6/26
https://www.it360.com.tw/live-detail.aspx?id=iT36000000000348
HackingThursday 固定聚會 6/27
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/
HackingThursday 固定聚會 7/4
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/
2019 車用電子與車聯網資安種子教師研習營 7/4 ~ 7/5
http://www.kghs.kh.edu.tw/notice/11734
2019國際資訊安全組織台灣高峰會 7/9 ~ 7/11
https://csa.kktix.cc/events/2019con
Secure Summit APAC 2019 安全峰會 6 大領域提升資安水平 7/10 ~ 7/11
http://bit.ly/2WbONh5
工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
https://www.accupass.com/event/1904080311551119077841
HackingThursday 固定聚會 7/11
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/
HackingThursday 固定聚會 7/18
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/
HackingThursday 固定聚會 7/25
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/
新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站 7/26
https://ievents.iii.org.tw/eventS.aspx?t=0&id=547
CDX2.0推廣活動 - 台南場次 7/26
https://nchc-cdx.kktix.cc/events/cdxactivity-0726
資安事故處理實務課程 8/7 ~ 8/8
http://bit.ly/2VW0Lv9
DEF CON 27 2019/8/8–8/11
https://www.defcon.org/
數位鑑識處理實務 8/14 ~ 8/15
http://bit.ly/2VW0Lv9
WEB應用滲透測試 8/21 ~ 8/23
https://www.accupass.com/event/1904080221358963463590
台灣駭客年會 HITCON Community 2019 2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8)
https://www.accupass.com/event/1906040921594609934250
資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」 8/29 ~ 8/30
http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==
108年資安職能訓練-行動裝置安全(8/29-8/30)
https://cee.ksu.edu.tw/recruitinfo/1443.html
CDX2.0推廣活動 - 台北場次 9/10
https://nchc-cdx.kktix.cc/events/cdxactivity-0910
TANET 2019 - 臺灣網際網路研討會 9/25
https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310
HITB+ CYBER WEEK 2019/10/12 ~17
https://d2p.hitb.org/?fbclid=IwAR2gU17bz0Y7TH8THIIskIX1vziWBpMY152mJiwk7AAeVS752f_eNcZ0NzU
Splunk .conf 19 10/21 ~ 10/24
https://conf.splunk.com/
AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22
https://ittraining.kktix.cc/events/aiot-training-2019
Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019
https://www.icscybersecurityconference.com
訂閱:
張貼留言 (Atom)
2024年 12 月份資安、社群活動分享
2024年 12 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/3 https://www.meetup.com/taiwan-code-camp/e...
-
2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://b...
-
2024年 2月份資安、社群活動分享 Taipei All About API Meetup Group - Meet and Greet, 01 Feb 2024, 07:00 PM 2024/2/1 https://www.meetup.com/taipei-all-a...
-
2024年 5 月份資安、社群活動分享 資安五四三 2024/5/2 https://csa.kktix.cc/events/202405-543 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/5/2 http...
沒有留言:
張貼留言