跳到主要內容

資安事件新聞週報 2019/7/1 ~ 2019/7/5


資安事件新聞週報  2019/7/1  ~  2019/7/5

1.重大弱點漏洞/後門/Exploit/Zero Day
PlayStation Network 存在安全性漏洞,駭客可繞過驗證盜刷信用卡
https://www.kocpc.com.tw/archives/267793

Palo Alto PAN-OS 阻斷攻擊漏洞
https://securityadvisories.paloaltonetworks.com/Home/Detail/151

Ubuntu 內核阻斷攻擊漏洞
https://www.auscert.org.au/bulletins/ESB-2019.2378/

Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)
https://www.exploit-db.com/exploits/47073

Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
https://www.exploit-db.com/exploits/47039

Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution
https://www.exploit-db.com/exploits/47033

Symantec DLP 15.5 MP1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/47071

McAfee ePolicy Orchestrator 多個漏洞
http://bit.ly/2JhMfLb

IBM InfoSphere Information Server 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4371

IBM WebSphere Application Server 資料洩露漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-4269

IBM WebSphere Application Server 阻斷攻擊漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10875692

IBM Patches Critical, High-Severity Flaws in Spectrum Protect
https://threatpost.com/ibm-patches-critical-high-severity-flaws-in-spectrum-protect/146201/


Multiple Vulnerabilities Spotted In Lenovo Server Infrastructure
https://latesthackingnews.com/2019/07/03/multiple-vulnerabilities-spotted-in-lenovo-server-infrastructure

US Cyber Command Warns of Outlook Vulnerability Exploits
https://www.bankinfosecurity.com/us-cyber-command-warns-outlook-vulnerability-exploits-a-12718

Thousands Left Vulnerable in Nexus Repository
https://www.infosecurity-magazine.com/news/thousands-left-vulnerable-in-nexus/

多款F5產品安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6642

思科產品多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/07/03/cisco-releases-security-updates-multiple-products

AMD霄龍安全加密虛擬化曝漏洞:已修復
https://read01.com/d0223oK.html#.XRnNHegzbIU

Excel遭爆含安全漏洞
https://www.ithome.com.tw/news/131532

Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer
https://blog.talosintelligence.com/2019/07/vulnerability-spotlight-SDL-PCX-RCE-vulnerabilities-july-19.html

Vulnerability Spotlight: Google V8 Array.prototype memory corruption vulnerability
https://blog.talosintelligence.com/2019/07/vulnerability-spotlight-Google-V8-June-19.html

Firefox finally fixes the problems with antivirus apps crashing HTTPS websites
https://www.zdnet.com/article/firefox-finally-fixes-the-problems-with-antivirus-apps-crashing-https-websites/#ftag=RSSbaffb68

Mimecast Threat Center discovered a weakness in the Microsoft Excel tool that allows embedding malicious payloads remotely
https://www.mimecast.com/blog/2019/06/exploit-using-microsoft-excel-power-query-for-remote-dde-execution-discovered/

Account Takeover Vulnerability Found in Popular EA Games Origin Platform
https://thehackernews.com/2019/06/ea-origin-game-hacking.html

Bulgarian IT expert arrested after demoing vulnerability in kindergarten software
https://www.zdnet.com/article/bulgarian-it-expert-arrested-after-demoing-vulnerability-in-kindergarten-software/#ftag=RSSbaffb68

Third-Party Risk Management: Asking the Right Questions
https://www.bankinfosecurity.com/interviews/third-party-risk-management-asking-right-questions-i-4368

New attack campaign targets vulnerable WordPress sites to alter their titles
https://cyware.com/news/new-attack-campaign-targets-vulnerable-wordpress-sites-to-alter-their-titles-a4db6036

postgresql CVE-2019-10164
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10164

Huawei Mate 20 X 路徑遍歷漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5221

多款Qualcomm產品緩衝區錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2238

qemu CVE-2019-12928 CVE-2019-12929
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12928
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12929

pivotal spring security CVE-2019-11272
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11272

Cisco Data Center Network Manager CVE-2019-1619 CVE-2019-1620
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1619
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1620

Bulgarian IT expert arrested after demoing vulnerability in kindergarten software
https://www.zdnet.com/article/bulgarian-it-expert-arrested-after-demoing-vulnerability-in-kindergarten-software/

With new feature update calendar, Microsoft finally settles on a sensible Windows 10 release schedule
https://zd.net/2Jtjrhm

New Windows 10 20H1 test build adds new notification-settings options
https://www.zdnet.com/article/new-windows-10-20h1-test-build-adds-new-notification-settings-options/#ftag=RSSbaffb68

17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device
https://thehackernews.com/2019/07/firefox-same-origin-policy-hacking.html

Thousands Left Vulnerable in Nexus Repository
https://www.infosecurity-magazine.com/news/thousands-left-vulnerable-in-nexus/

Microsoft Exchange 2003 - base64-MIME Remote Code Execution
https://www.exploit-db.com/exploits/47076

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)
https://www.exploit-db.com/exploits/46998

Tor Project to fix bug used for DDoS attacks on Onion sites for years
https://www.zdnet.com/article/tor-project-to-fix-bug-used-for-ddos-attacks-on-onion-sites-for-years/#ftag=RSSbaffb68

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
五家銀行「大到不能倒」合庫銀落在邊緣 第六名
https://www.cmmedia.com.tw/home/articles/16282

銀行資料上雲端哪些新規定?實地查核怎麼做?金管會雲端委外8大重點一次看
https://www.ithome.com.tw/news/131678

純網銀作領頭羊!樂天引進科技生態系統
http://bit.ly/2J0z4Os

國際假卡黨再現 路氹酒店等3部ATM機被做手腳
https://hk.on.cc/hk/bkn/cnt/news/20190628/bkn-20190628125056521-0628_00822_001.html

中國大陸券商加急招聘CIO:3個月內10位首席信息官亮相
https://news.sina.com.tw/article/20190629/31796342.html

中國證監會與柬埔寨證券交易委員會簽署《證券期貨監管合作諒解備忘錄》
https://www.finet.hk/newscenter/news_content/5d1702a8bde0b35bf2ad9fe4

中國鼓勵黨政人員「合法炒股」 中網友酸:為國捐軀
https://news.ltn.com.tw/news/world/breakingnews/2837128

開放銀行要來了 將以「打群架」改變金融生態系
https://news.cnyes.com/news/id/4347954

虛銀招兵買馬迎大戰 恒生前Banker加盟螞蟻銀行
https://hk.finance.appledaily.com/finance/daily/article/20190702/20718303

替北韓洗錢 學者:陸3銀行面臨金融死刑
http://bit.ly/2J70QZP

新加坡開放五張數位銀執照 提供非銀行企業申請
https://money.udn.com/money/story/5602/3900701

通過壓力測試,美大型銀行擴大回饋股東
https://ww2.money-link.com.tw/RealtimeNews/NewsContent.aspx?sn=3909938001&pu=News_0005_2

美股收紅!投資人關注G20川習會 Fed公布「銀行壓力測試結果」
https://www.ettoday.net/news/20190629/1477884.htm

LINE年會/目標成為亞洲第一FinTech平台
https://www.chinatimes.com/realtimenews/20190628001598-260412?chdtv

銀行+壽險 元大金強攻區塊鏈
https://www.chinatimes.com/newspapers/20190627000287-260202?chdtv

開放銀行啟動 13業者上架
https://money.udn.com/money/story/5613/3908504

臺灣開放銀行大進展!首版Open API標準出爐,2大準則5項安控13家銀行先支援
https://www.ithome.com.tw/news/131648

台灣開放API初步成果 13家金融業上架
https://www.chinatimes.com/realtimenews/20190703001715-260410?chdtv

開放API 13家銀行搭頭班車
https://ctee.com.tw/news/finance/113492.html

提款機大盜愛挑德國犯案 一年炸毀369台ATM
http://bit.ly/2XNtuqW

日本拚消費 推無現金交易
https://udn.com/news/story/6811/3908334

表現好反被懲罰?銀行喊苦的新制上路
http://bit.ly/2xwTBn2

國際清算銀行將於新加坡設創新中心
http://bit.ly/2XFYHfF

第一家企金手機OTP服務 星展火速上線
https://www.chinatimes.com/realtimenews/20190703004079-260410?chdtv

香港銀行公會指環聯將恢復網上查閱服務
http://www.metroradio.com.hk/News/default.aspx?NewsId=20190705175808

3.電子支付/電子票證/行動支付/ pay/新聞及資安
日兩大便利店推自家手機支付 首日系統現故障
http://bit.ly/2JhY6aN

斯洛伐克4家銀行開始提供APPLE PAY行動支付及電子錢包服務
http://bit.ly/2RO5L4s

上海商業儲蓄銀行將於109年1月1日起配合臺灣行動支付(股)公司停止提供「t-wallet行動支付APP」服務。
https://www.scsb.com.tw/content/news/news_080628.jsp

TSM行動金融卡服務終止公告
https://wwwfile.megabank.com.tw/other/bulletin08_1.asp?sno=1066

又一手機廠商入局移動支付 遲到的OPPO Pay如何搶奪用戶
https://pttnews.cc/c3ed029241

[討論] 無印良品 使用行動支付遭拒
https://www.ptt.cc/bbs/MobilePay/M.1561636038.A.3F4.html

央行:一季度網路支付58萬億元
https://news.sina.com.tw/article/20190704/31845834.html

電子支付大鬆綁 三大場所開放使用
https://news.cts.com.tw/cts/life/201907/201907031966253.html

LINE Pay攜手PAYCO 啟動跨境支付服務
https://www.cna.com.tw/news/afe/201907030255.aspx

日本7-Eleven手機支付新app被駭,近900名用戶損失5500萬日幣
https://www.ithome.com.tw/news/131677

7Pay 一推出即被破 重置密碼存漏洞恐損電子支付形象
http://bit.ly/2Nxwofv

Wallet killer: Why Apple Card is the next best thing to getting an RFID implant
https://www.zdnet.com/article/apple-card-the-next-best-thing-to-getting-an-rfid-implant/#ftag=RSSbaffb68

4.虛擬貨幣/區塊鍊   新聞及資安
LINE加密貨幣交易所在星 不會在台推出
https://udn.com/news/story/11316/3898809

拚全球FinTech與資安強國 以色列這樣做
https://ec.ltn.com.tw/article/breakingnews/2841103

高盛擬運用區塊鏈技術 將資產數碼化
https://www2.hkej.com/instantnews/international/article/2177825

新加坡虛擬通貨交易所Bitrue遭駭客攻擊,損失430萬美元
http://www.bitfunance.com/article/598

交易所 Bitrue 遭駭 1.2 億台幣,官方:用戶損失會獲得 100% 退款
https://staging.blocktempo.com/singapore-exchange-bitrue-hacked-for-over-4-million-in-crypto/

STO監理規範出爐!BITPoint Taiwan執行長郭雅寧:BITPoint Taiwan將嘗試取得證券自營商許可證照
http://bit.ly/2RMflVB

STO框架出爐後,MaiCoin創辦人劉世偉:將申請證券自營商許可證照,但投資人的投資方式不該只限縮於台幣交易
http://bit.ly/2NqOSy7

全球首創訂 STO 專門規範,金管會法規 10 月出爐
https://finance.technews.tw/2019/06/28/sto-specification-taiwan-october/

STO監管框架終於出爐!ACE王牌數位資產交易所總經理潘奕彰:將嘗試取得證券自營商許可證照
http://bit.ly/2FKw2M3

證券型代幣發行規範 10月上路 立委擬成立推動聯盟
http://bit.ly/2NoHV0C

現在全球有超過5,000台比特幣自動櫃員機
https://cointmr.com/__trashed/?fbclid=IwAR0RiP4sjh7UpQatjjhWS6Sx18fZjXvrrMpsE7tLWXaPiwnf1moHxp2rCSo

證交所:金管會開放符合一定條件的證券商可發行證券商發行指數投資證券(ETN) 今年4月上線
https://www.taiwannews.com.tw/ch/news/3736490

領先全球!證券虛擬幣納管 發行規範10月正式上路
https://money.udn.com/money/story/5/3896691

拚全球FinTech與資安強國 以色列這樣做
https://ec.ltn.com.tw/article/breakingnews/2841103

末日博士 Nouriel Roubini:比特幣根本不去中心,區塊鏈一點用都沒有
https://www.inside.com.tw/article/16781-Nouriel-Roubini-in-abs

全球央行紅色警戒,臉書幣Libra為何可能超越比特幣
https://money.udn.com/money/story/9740/3905372

比特幣ETF是什麼東東
https://news.sina.com.tw/article/20190702/31828016.html

虛擬貨幣納管 資誠:規範過嚴恐影響業者
https://udn.com/news/story/7239/3905964

Facebook 遭多方施壓叫停 Libra美立法者、民間機構連發函籲嚴管
https://news.cnyes.com/news/id/4350471

日本央行行長:Libra可能會損害日本的金融穩定
http://news.knowing.asia/news/9bf8ad11-2481-463d-a63b-695d9b52c2eb

Facebook高管為「天秤幣」辯護:我們沒有控制權
https://news.sina.com.tw/article/20190704/31846590.html

全球財富向加密貨幣領域轉移, iSunOne橫空出世,提供數字貨幣財富管理及加密社交服務
http://n.yam.com/Article/20190703385089

澳洲銀行跟IBM合作區塊鏈技術
https://m.ctee.com.tw/livenews/gj/a98601002019070411244182

由Libra引發的思考:「超主權貨幣」不可能實現
http://news.knowing.asia/news/552b6471-8b22-43f3-b3b1-bf25f5eb3569

英國金融行為監管局,批准了首個加密貨幣避險基金
http://news.knowing.asia/news/842e778c-6ac0-4900-a74e-99dd4de8b434

立法委員許毓仁:區塊鏈的廣泛使用,將使人性光輝更加放大
http://bit.ly/30gbuD7

Monero安全漏洞可能已經看到XMR從加密貨幣交易所被盜
https://0xzx.com/201907050328154351.html

Facebook的Libra,就像50年前就存在的貨幣市場基金
http://news.knowing.asia/news/479e56e8-5de1-4621-b281-ad1b5acc6692

區塊鏈安全入門筆記系列一
https://paper.seebug.org/973/

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
Conficker / Download病毒的偵測、清除/預防
http://bit.ly/2RNVQM1

Mirai 變種Echobot 殭屍網絡有26 個漏洞利用
https://www.chainnews.com/articles/866425028271.htm

網釣新招術:把惡意連結藏在QR Code中
https://www.ithome.com.tw/news/131603

找難的做、絕不妥協!卡巴斯基造防毒帝國:最佳防禦是攻擊
https://www.setn.com/News.aspx?NewsID=534615

讓電腦科學家難以入眠的大事:當「勒索軟體」結合人工智慧
https://www.thenewslens.com/feature/timefortune/121436

醫療郵政銀行癱瘓三週後,佛羅里達兩城市接連向駭客屈服支付超過千萬的比特幣贖金
http://bit.ly/2JhMA0p

假冒成Flash播放器的Mac惡意程式曝光
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=30659

每五分鐘跳出全螢幕廣告! 182個免費遊戲和相機應用程式夾帶廣告軟體,已被下載逾九百萬次
https://blog.trendmicro.com.tw/?p=61057

Crimeware for Sale: The Commoditization of ATM Malware in the Cybercriminal Underground
http://bit.ly/323csnQ

Kaspersky tracks down major new ransomware
https://www.itproportal.com/news/kaspersky-tracks-down-major-new-ransomware/

More US Cities Battered by Ransomware
https://www.bankinfosecurity.com/more-us-cities-battered-by-ransomware-a-12710

“We need to up our game”—DHS cybersecurity director on Iran and ransomware
https://arstechnica.com/tech-policy/2019/06/we-need-to-up-our-game-dhs-cybersecurity-director-on-iran-and-ransomware/

Fake jquery campaign leads to malvertising and ad fraud schemes
https://blog.malwarebytes.com/threat-analysis/2019/06/fake-jquery-campaign-leads-to-malvertising-and-ad-fraud-schemes/

Two Florida Cities Paid $1.1 Million to Ransomware Hackers This Month
https://thehackernews.com/2019/06/florida-ransomware-attack.html

Exclusive: German Police Raid OmniRAT Developer and Seize Digital Assets
https://thehackernews.com/2019/06/police-raid-omnirat-developer.html

Brazil leads in ransomware attacks
https://www.zdnet.com/article/brazil-leads-in-ransomware-attacks/#ftag=RSSbaffb68

Sodin ransomware exploits Windows vulnerability and processor architecture
https://securelist.com/sodin-ransomware/91473/

Ransomware attacks: Why and when it makes sense to pay the ransom
https://www.zdnet.com/article/why-and-when-it-makes-sense-to-pay-the-ransom-in-ransomware-attacks/#ftag=RSSbaffb68

Android spyware campaign spreads across the Middle East
https://www.zdnet.com/article/android-spyware-campaign-spreads-across-the-middle-east/#ftag=RSSbaffb68

QUICK POST: FAKE UPDATES CAMPAIGN SENDS CHTHONIC
https://www.malware-traffic-analysis.net/2019/06/28/index.html

Hackers Can Abuse Microsoft Excel Power Query For Malware Attacks
https://latesthackingnews.com/2019/07/01/hackers-can-abuse-microsoft-excel-power-query-for-malware-attacks/

Facebook Removes Accounts Used to Infect Thousands With Malware
https://threatpost.com/facebook-malware-laced-links/146149/

Facebook abused to spread Remote Access Trojans since 2014
https://www.zdnet.com/article/facebook-abused-to-spread-houdini-spynote-trojans-since-2014/

Researchers crack open Facebook campaign that pushed malware for years
https://arstechnica.com/information-technology/2019/07/five-year-old-facebook-campaign-pushed-malware-on-100000-followers/

Facebook Takes Down Pages Loaded With Malware
https://www.bankinfosecurity.com/facebook-takes-down-pages-loaded-malware-a-12715

ETERNALBLUE sextortion scam puts your password where your name should be
https://nakedsecurity.sophos.com/2019/07/01/eternalblue-sextortion-scam

New Silex malware is bricking IoT devices, has scary plans
https://www.zdnet.com/article/new-silex-malware-is-bricking-iot-devices-has-scary-plans/

Riltok mobile Trojan: A banker with global reach
https://securelist.com/mobile-banker-riltok/91374/

Exclusive: German Police Raid OmniRAT Developer and Seize Digital Assets
https://thehackernews.com/2019/06/police-raid-omnirat-developer.html

New Dridex Variant Evading Traditional Antivirus
https://www.esentire.com/blog/new-dridex-variant-evading-traditional-antivirus/

New variant of Dridex banking Trojan implements polymorphism
https://securityaffairs.co/wordpress/87828/malware/dridex-banking-trojan-polymorphism.html

The Gopher in the Room: Analysis of GoLang Malware in the Wild
https://unit42.paloaltonetworks.com/the-gopher-in-the-room-analysis-of-golang-malware-in-the-wild/

Analyzing Ursnif’s Behavior Using a Malware Sandbox
https://www.vmray.com/cyber-security-blog/analyzing-ursnif-behavior-malware-sandbox/

SectorC08: Multi-Layered SFX in Recent Campaigns Target Ukraine
https://threatrecon.nshc.net/2019/06/25/sectorc08-multi-layered-sfx-recent-campaigns-target-ukraine/

Newly discovered Spelevo exploit kit found compromising B2B site to distribute IcedID and Dridex trojans
http://bit.ly/2FXuEGe

Ten years later, malware authors are still abusing 'Heaven's Gate' technique
https://www.zdnet.com/article/malware-authors-are-still-abusing-the-heavens-gate-technique/#ftag=RSSbaffb68

RATs and stealers rush through “Heaven’s Gate” with new loader
https://blog.talosintelligence.com/2019/07/rats-and-stealers-rush-through-heavens.html

First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol
https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol/

An Analysis of Godlua Backdoor
https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

WannaLocker ransomware found combined with RAT and banking trojan
https://www.scmagazine.com/home/security-news/ransomware/wannalocker-ransomware-found-combined-with-rat-and-banking-trojan/

2019-07-03 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE
https://www.malware-traffic-analysis.net/2019/07/03/index.html

2019-07-02 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE
https://www.malware-traffic-analysis.net/2019/07/02/index2.html

Sodinokibi ransomware is now using a former Windows zero-day
https://www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/#ftag=RSSbaffb68

New Golang malware plays the Linux field in quest for cryptocurrency
https://www.zdnet.com/article/new-golang-malware-plays-the-field-in-quest-for-cryptocurrency/#ftag=RSSbaffb68

A Quick and Efficient Method For Locating the main() function of Linux ELF Malware Variants
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/njKDtIWkpAA/

B.行動安全 / iPhone / Android /穿戴裝置 /App
一年未處理漏洞:約會應用Jack'd被處以24萬美元罰金
https://news.sina.com.tw/article/20190629/31795234.html

《還願》中國發行商被勒令停業,理由是「危害國家安全」
https://www.inside.com.tw/article/16776-Devotion-Indievent-China

【全記錄】LINE 總部 2019 年會 LINE CONFERENCE 重點整理
https://www.inside.com.tw/article/16752-LC-2019

疑遭DDoS攻擊 FB、IG、WhatsApp齊故障 無法下載圖片、錄音
http://bit.ly/2xtlxby

可怕!中國被爆強迫邊境旅客裝惡意軟體 監視個人訊息
https://news.ltn.com.tw/news/world/breakingnews/2840935

進入新疆地區的外國遊客被迫安裝Android惡意程式
https://www.ithome.com.tw/news/131631

5G釋照遊戲新規則 須提資安計畫、設資安長
http://bit.ly/30ejFQc

見到 QR Code 就掃?機場的 Wi-Fi很安全?暑假出國旅遊的網路安全三大備忘清單
https://blog.trendmicro.com.tw/?p=56093

【手機病毒 】會竊取17 種Android手機資料的網路間諜Bouncing Golf ,透過社群媒體散播
https://blog.trendmicro.com.tw/?p=61036

Fake Samsung firmware update app tricks more than 10 million Android users
https://www.zdnet.com/article/fake-samsung-firmware-update-app-tricks-more-than-10-million-android-users/#ftag=RSSbaffb68

'Legit Apps Turned into Spyware' Targeting Android Users in Middle East
https://thehackernews.com/2019/06/android-malware-hacking.html

Real world 5G not ready for primetime in 2019
https://www.zdnet.com/article/real-world-5g-not-ready-for-primetime-in-2019/

iOS tip: How to clear your iPhone's RAM and make it faster
https://www.zdnet.com/article/ios-tip-how-to-clear-your-iphones-ram-and-make-it-faster5/#ftag=RSSbaffb68

Getnord Lynx: Super-tough Android smartphone with a massive battery
https://www.zdnet.com/article/getnord-lynx-super-tough-android-smartphone-with-a-massive-battery/#ftag=RSSbaffb68

Getnord Lynx: Super-tough Android smartphone
https://www.zdnet.com/pictures/getnord-lynx-super-tough-android-smartphone/#ftag=RSSbaffb68

China's Border Guards Secretly Installing Spyware App on Tourists' Phones
https://thehackernews.com/2019/07/xinjiang-fengcai-spyware.html

Chinese officials reportedly installed a surveillance app on tourists' phones
https://www.engadget.com/2019/07/02/china-border-agents-installing-surveillance-app-tourist-phones/

China Is Forcing Tourists To Install A Smartphone App That Steals Personal Data
http://bit.ly/2JekG57

Chinese border guards put secret surveillance app on tourists' phones
http://bit.ly/2FSbXU4

Xinjiang: How China Uses A Spying Smartphone App To Automate Citizen Oppression
http://bit.ly/2JoKjiA

China’s Algorithms of Repression Reverse Engineering a Xinjiang Police Mass Surveillance App
https://www.hrw.org/report/2019/05/01/chinas-algorithms-repression/reverse-engineering-xinjiang-police-mass-surveillance

AppTrana — Website Security Solution That Actually Works
https://thehackernews.com/2019/07/apptrana-web-application-security.html

Android July 2019 Security Update Patches 33 New Vulnerabilities
https://thehackernews.com/2019/07/android-security-update.html

New cheaper iPhone would drop a flagship feature
https://www.zdnet.com/article/new-cheaper-iphone-would-drop-a-flagship-feature/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
不破解wifi密碼就出不去!HITCON推出「駭客版」密室逃脫遊戲
http://bit.ly/306ieDw

董監事需正視的資安議題
http://bit.ly/2FK46rA

這項資訊安全技術,已是駭客們的心頭好
http://bit.ly/32cQS0b

韓國瑜砲打中央不協助防疫 台灣「駭客始祖」出面打臉
https://news.ltn.com.tw/news/politics/breakingnews/2839814

2020普查最怕駭客、當機、假消息
http://bit.ly/2XJYVlT

研究人員以強化學習破解reCaptcha v3
https://www.ithome.com.tw/news/131594

網路安全廠商爆 EA 資安漏洞,攻擊者可自由竊取玩家帳戶
https://tw.esports.yahoo.com/ea-090031336.html

兩名GnuPG開發人員的憑證遭垃圾簽章淹沒
https://www.ithome.com.tw/news/131674

駭客攻擊索尼開發商,被法院判賠百萬還得坐牢兩年
https://tw.esports.yahoo.com/ddos-hack-025424961.html

造成遊戲界重大傷害的 DDOS 攻擊發動駭客將入獄服刑
https://gamelife.tw/thread-47485-1-1.html

駭客因對Daybreak Game伺服器發起DDoS攻擊而被判入獄兩年
http://big5.pconline.com.cn/b5/news.pconline.com.cn/1273/12733269.html

揭發港航保安漏洞反被控未獲授權下取用資料 被告判自簽$1500守行為1年
http://bit.ly/2Jir2iE

港航網上系統現漏洞 男乘客通告不果反被指取用資料 准守行為
http://bit.ly/2XMHm4E

企業上雲往往漏洞百出,專家點出資安界20年來未解的問題
http://bit.ly/2Xjz8Bt

關鍵基礎施設穩定運作的根基:網路安全
http://www.tvet3.info/20190701/

暗網潛航——公共醫療系統的安全風險
http://bit.ly/2JtGd99

DarkHotel駭客組織針對中國外貿人士的最新攻擊活動披露
https://s.tencent.com/research/report/741.html

保加利亞駭客在公開幼兒園軟件漏洞後被捕
https://www.77169.com/html/238538.html

谷歌帳號遭入侵 店家報案怨警"冷處理" 遭破解密碼企圖登入 警稱"無實際損害" 薪轉資料恐遭竊 警:人手不足非拒受理
https://www.ttv.com.tw/news/view/10806280017300N/573

反送中信息“樞紐”網站疑遭國家級黑客攻擊一度癱瘓
http://bit.ly/2Jv2VxE

香港多家媒體網站當機 大規模網攻疑來自中國
https://www.ntdtv.com/b5/2019/07/02/a102614305.html

全球部分網站突掛點 起因Cloudflare服務大當機
https://www.nownews.com/news/20190703/3478598/

Cloudflare疑受網絡攻擊連環死機 連登、高登、立場等一度癱瘓
http://bit.ly/2XqTxoz

Cloudflare全球大當機原因出爐:配置錯誤的軟體更新
https://www.ithome.com.tw/news/131630

美政府警告駭客正在攻擊Outlook漏洞
https://www.ithome.com.tw/news/131632

養虎為患!外媒揭美企洩露中共x86技術
http://www.ntdtv.com.tw/b5/20190628/video/248546.html

美研究指設備存巨大漏洞 華府官員:華為沒誠意改善
http://bit.ly/2YpWUbs

Nokia警告英國 華為設備存漏洞 為5G網絡構成風險
http://bit.ly/2XovEhq

荷蘭警告網絡安全威脅華為設備安全漏洞百出
http://www.51testing.com/html/32/n-4461232.html

美公共警報系統曝漏洞專家:警惕預警系統上演狼來了
https://www.4hou.com/mobile/18929.html

華為遇挫 起訴美國芯片設計商竊密被判敗訴
https://www.ntdtv.com/b5/2019/06/27/a102610642.html

資安業者Finite State:近1萬款華為設備韌體中,有55%含有潛在後門
https://ithome.com.tw/news/131516

華為參與中共軍方研究計劃 設備有後門
https://www.ntdtv.com/b5/2019/06/29/a102611482.html

新加坡或用華為建 5G 生態圈,將斥資近 3,000 萬美元
https://technews.tw/2019/06/28/singapore-5g-ecosystem-huawei/

中國大陸網絡安全漏洞管理閉門研討會召開
https://www.aqniu.com/industry/50910.html

中共獲授權設域名根服務器 專家:風險更多
http://www.epochtimes.com/b5/19/6/27/n11350364.htm

荷情報:中共等網路間諜活動升級
http://bit.ly/2J0BWus

澳洲強化資訊戰力 漸收成效
https://www.ydn.com.tw/News/342600

英國ISP點名網路惡棍,川普、Mozilla入圍
https://www.ithome.com.tw/news/131681

陸委會報告:中共威權滲透及經社融合威脅香港自治
https://udn.com/news/story/7331/3903512

中共駭客進擊美、日、印度科技企業
https://news.pchome.com.tw/internation/gpwb/20190628/index-56165312084316201011.html

俄版Google遭駭 五眼聯盟有份
https://news.ltn.com.tw/news/world/paper/1299530

駭來駭去!傳五眼聯盟入侵俄羅斯搜尋引擎Yandex
https://www.ithome.com.tw/news/131540

G20峰會見普丁 川普開玩笑要他「別干涉選舉」
https://www.nownews.com/news/20190629/3471175/

公安上門查戶口 叮嚀台人不要談論香港
http://bit.ly/2KQ9e1Q

建立跨境數據流通及資安規範 安倍在G20推「大阪框架」
https://news.ltn.com.tw/news/world/breakingnews/2837745

美眾院情報委員會通過法案 防中國干預台灣大選
https://www.cna.com.tw/news/firstnews/201907020155.aspx

調查局再破共諜網 國軍包商涉刺探軍機遭收押
https://udn.com/news/story/7321/3908754

韓粉專頁操盤網軍...來自中國...自稱騰訊員工...中共建構的網軍已對世界各國政府發動駭客攻擊,對台灣尤甚
http://blog.udn.com/lin236868/127883514

美軍研發的資安工具 如何變成網路黑市的隱密服務
https://www.mirrormedia.mg/story/20190624intdarkwebcase

200米外的心跳聲能辨識身分!美國國防部開發從遠端偵測心跳就能辨識身分的Jetson系統
https://www.ithome.com.tw/news/131595

輕巧無聲 美陸軍啟用步兵掌上型無人偵察機
https://www.chinatimes.com/realtimenews/20190628004089-260417?chdtv

僅15公分的微型無人機 成阿富汗美軍新武器
https://udn.com/news/story/7086/3903665

美空軍升級空軍信息網網絡漏洞評估/搜尋系統
http://www.sohu.com/a/324616772_313834

日防衛相就宙斯盾調查出錯向山口縣知事道歉
https://tchina.kyodonews.net/news/2019/07/9bc2d43df364.html

美國將中國列為敵對國家!台灣怎麼遠離「邪惡軸心」
https://life.taronews.tw/2019/07/02/381148/

U.S. Government Makes Surprise Move To Secure Power Grid From Cyberattacks
http://bit.ly/2Jnzpts

PGP SKS key network poisoned by unknown hackers
https://www.zdnet.com/article/openpgp-flooded-with-spam-by-unknown-hackers/#ftag=RSSbaffb68

Huawei Offers 'No Backdoor' Assurance, But Tests Are Needed
https://www.bankinfosecurity.asia/blogs/huawei-offers-no-backdoor-assurance-but-tests-are-needed-p-2762

Alleged Cyber Attack on Russia's Yandex Used Malware Tied to Western Intelligence
https://gizmodo.com/alleged-cyber-attack-on-russias-yandex-used-malware-tie-1835990481

Singapore government to run another bug bounty
https://www.zdnet.com/article/singapore-government-to-run-another-bug-bounty/#ftag=RSSbaffb68

Almost half of US home security system owners admit their systems were switched off before a break in
https://zd.net/2xuG4fQ

Germany and the Netherlands to build the first ever joint military internet
https://www.zdnet.com/article/germany-and-the-netherlands-to-build-the-first-ever-joint-military-internet/#ftag=RSSbaffb68

Singapore unveils framework to facilitate 'trusted' data-sharing between organisations
https://www.zdnet.com/article/singapore-unveils-framework-to-facilitate-trusted-data-sharing-between-organisations/#ftag=RSSbaffb68

Cloudflare Calls Internet Outage 'Small Heart Attack'
https://www.bankinfosecurity.com/interviews/cloudflare-calls-internet-outage-small-heart-attack-i-4367

ENISA Gets Permanent Mandate as EU Tackles Cybersecurity
https://www.bankinfosecurity.eu/enisa-gets-permanent-mandate-as-eu-tackles-cybersecurity-a-12702

The Intelligence Network: BAE Systems’ 1,500-Strong Coalition to Tackle Cyber Fraud
https://www.cbronline.com/interview/the-intelligence-network-bae-systems

UK watchdog singles out Google, Facebook in advertising probe
https://www.zdnet.com/article/uk-watchdog-singles-out-google-facebook-in-advertising-probe/#ftag=RSSbaffb68

UK ISP group names Mozilla 'Internet Villain' for supporting 'DNS-over-HTTPS'
https://www.zdnet.com/article/uk-isp-group-names-mozilla-internet-villain-for-supporting-dns-over-https/#ftag=RSSbaffb68

Qatar Issues Aviation Cybersecurity Guidelines
https://www.bankinfosecurity.in/qatar-issues-aviation-cybersecurity-guidelines-a-12706

Iranian Threat Actor Amasses Large Cyber Operations Infrastructure Network to Target Saudi Organizations
https://go.recordedfuture.com/hubfs/reports/cta-2019-0626.pdf

ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit
http://bit.ly/2JhMLZD

NZ finally updates its cybersecurity strategy, so where's Australia's
https://www.zdnet.com/article/nz-finally-updates-its-cybersecurity-strategy-so-wheres-australias/#ftag=RSSbaffb68

Engineer faces 219 years in prison for smuggling US military chips to China
https://www.zdnet.com/article/engineer-found-guilty-of-trying-to-sell-military-chips-to-china/#ftag=RSSbaffb68

Internet Trends 2019 Mary Meeker Report
https://medium.com/utopiapress/internet-trends-2019-mary-meeker-report-bd70d202c845

Hacker who launched DDoS attacks on Sony, EA, and Steam gets 27 months in prison
https://www.zdnet.com/article/hacker-who-launched-ddos-attacks-on-sony-ea-and-steam-gets-27-months-in-prison/#ftag=RSSbaffb68

DDoS Attacker Who Ruined Gamers' Christmas Gets 27 Months in Prison
https://thehackernews.com/2019/07/christmas-ddos-attacks.html

【知名資安領導廠商】資深 PHP 工程師
https://m.1111.com.tw/job/85997800/

資安工程師
https://ilabor.ntpc.gov.tw/cloud/GoodJob/job_title/604431961

助理工程師
https://www.cakeresume.com/companies/jobexpress-zh_tw-about/jobs/assistant-engineer-c1a03e

【資安所】智慧雲端中心-MIS工讀
https://www.104.com.tw/job/6i1kv

資安資深管理專業人員
https://www.104.com.tw/job/6nths

資安管理專業人員
https://www.104.com.tw/job/6nthj

教育處(教育網路中心)徵臨時人員(資安分析師)
http://bit.ly/2XqFESj

Data Engineer 資料科學家
https://www.104.com.tw/job/6low3?fbclid=IwAR22gwQ9KoCmD3Opod9HR1Qc8MNka7GUnJZKiPIDAZoJEG4BpmTGKe_U__g

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
「鑽線上服務漏洞」每次只騙1.99元 信用卡盜刷新手法
http://bit.ly/2JoFoyh

神偽裝! APWG報告:近六成網路釣魚網站,使用 HTTPS 協定
https://blog.trendmicro.com.tw/?p=61049

網路用戶擔心成為身份盜用和帳戶侵權的受害者
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=&id=0000562979_Q9OLFHR96OX3LUL20182X

假新聞讓資安專家反成殺人嫌犯
http://bit.ly/2L1dbRq

研究:網釣服務與套件讓業餘駭客也能使用高級的閃避偵測技術
https://www.ithome.com.tw/news/131608

網銀有「隱藏版功能」?空姊10分鐘被騙3萬
https://www.chinatimes.com/realtimenews/20190629002825-260402?chdtv

國際假卡黨再現 路氹酒店等3部ATM機被做手腳
https://hk.on.cc/hk/bkn/cnt/news/20190628/bkn-20190628125056521-0628_00822_001.html

新北警模擬個資外洩事件演練 備而不用
https://money.udn.com/money/story/5635/3900557

老翁貪抽佣 當駭客集團人頭洗錢帳戶被訴
http://m.match.net.tw/pc/news/local/20190704/4945783

國際駭客偷電郵改帳號 貨款59萬美金全進他的帳戶
https://www.ettoday.net/news/20190704/1482003.htm

發現港航系統保安漏洞存取他人網上登機證 向傳媒報料自爆身份 公關稱無妄之災
https://hk.news.appledaily.com/local/realtime/article/20190703/59785523

批港警侵人權 國際駭客公布逾600警個資
http://bit.ly/2XhS5EX

港警個資遭洩逮8人 不排除擴大抓人
https://news.ltn.com.tw/news/world/breakingnews/2841726

不滿暴力鎮壓反送中 8人洩漏港警個資遭逮
http://bit.ly/2Jb6qKy

現實版真實上演 張文綺媽遭騙2千多萬難討回
http://bit.ly/2LxnCeO

戰地醫生借12萬要離開戰區? 原來是境外匯款詐騙
https://udn.com/news/story/7321/3901680

中國智慧家庭設備恐洩露20億筆用戶資料
https://www.ithome.com.tw/news/131605

又是弱密碼惹的禍!德國20歲學生入侵近千名公眾人物帳號並公布他們的個資
https://www.ithome.com.tw/news/128140

多數媒體誤報!銓敘部外洩個資並不含手機號碼在內
https://www.ithome.com.tw/news/131672

不是駭客!我情治人員名單曝光 是內鬼幹的
https://www.chinatimes.com/realtimenews/20190703001479-260402?chdtv

電腦主機遭植入木馬 國安8大情治人員個資全被偷光
http://bit.ly/2xyadLn

國安單位公務員個資外洩 行政院證實2012年遭洩
http://bit.ly/2XLom6I

國際神祕5眼聯盟示警 行政院緊急補破網
http://bit.ly/2JkTe4E

文官個資外洩因境外攻擊 手法近似中國特定網軍
https://news.tvbs.com.tw/politics/1159787

【情報員個資洩光光】銓敘部遭駭手法曝光 與中國網軍「攻美護主」模式雷同
https://www.mirrormedia.mg/story/20190703inv007

24萬公務員通通有獎 個資外洩可向銓敘部求償2億
http://bit.ly/2YwsPqJ

59萬個資外洩論壇 國安單位全中獎
http://bit.ly/2XQPe52

非駭客所為!銓敘部疑有內鬼 59萬筆情治人員名單外洩 受害者可求償
https://cnews.com.tw/140190704a02/

情報員個資在馬政府時期就外洩?王定宇:時任政委張善政推動資訊開放
http://bit.ly/2XHjO16

文官個資遭駭掀科技戰危機 專家:成立「混合威脅對策小組」破解
https://www.cmmedia.com.tw/home/articles/16339

台灣軍警人員個資遭外洩,在美國駭客交流網站上以「10 歐元」的價格販售!
https://buzzorange.com/techorange/2019/07/03/military-unit-data-leak/

傳8大情治系統資料外洩 政院:皆一般性資料
https://www.chinatimes.com/realtimenews/20190703002525-260407?chdtv

8大情治系統個資也外流?政院:被洩露的是一般公務員
http://bit.ly/327ul4Y

8大情治系統個資全都露?政院:僅一般行政人員個資
https://m.ltn.com.tw/news/politics/breakingnews/2841073

2大情報頭子身分曝光 台情報網陷瓦解危機
http://bit.ly/2LCkDBW

台灣有可能用「網路實名制」打擊假新聞嗎
https://opinion.udn.com/opinion/story/11678/3909930

List of data breaches and cyber attacks in June 2019 ­– 39.7 million records leaked
https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-june-2019-39-7-million-records-leaked

Under 45s trust bots over humans with personal data
https://www.zdnet.com/article/under-45s-trust-bots-over-humans-with-personal-data/#ftag=RSSbaffb68

UpGuard: Unsecured Amazon S3 Buckets Exposed 1TB of Data
https://www.bankinfosecurity.com/upguard-unsecured-amazon-s3-buckets-exposed-1tb-data-a-12707

Former Equifax executive sent behind bars for insider trades, profiting on data breach
https://www.zdnet.com/article/former-equifax-executive-sent-behind-bars-for-insider-trading-after-data-breach/#ftag=RSSbaffb68

Smart home maker leaks customer data, device passwords
https://www.zdnet.com/article/smart-home-maker-leaks-customer-data-device-passwords/#ftag=RSSbaffb68

E.研究報告
NSA 攻擊工具事件分析報告
https://portal.cert.tanet.edu.tw/docs/pdf/201907011007565673112506470396.pdf

CVE-2019-11477漏洞詳解詳玩(刪)
https://blog.csdn.net/dog250/article/details/94026591

Laravel5.7反序列化漏洞之RCE鏈挖掘
https://xz.aliyun.com/t/5483

Firefox UAF漏洞分析
https://www.anquanke.com/post/id/181345

微軟RDP服務高危UAF漏洞分析(CVE-2019-0708)
https://www.heibai.org/post/1427.html

路由器漏洞利用入門
https://www.lizenghai.com/archives/17801.html

CVE-2019-11477 漏洞檢測腳本(影響大多數Linux內核)
https://blog.csdn.net/helloexp/article/details/93101328

TCP SACK panic漏洞的解釋和思考
https://www.jishuwen.com/d/2TCn/zh-hk

DVR登錄繞過漏洞_CVE-2018-9995漏洞復現
https://www.cnblogs.com/yuzly/p/11105086.html

由一段神秘文字所引發的調查與分析-- 集勒索、間諜、銀行木馬於一體的Anubis 新變種追踪
https://paper.seebug.org/963/

檢測工控設備SNMP漏洞工具:SNMP Fuzzer
https://www.freebuf.com/sectool/206417.html

研究人員發現Zipato智能網關漏洞,可被利用打開智能門鎖
http://www.zhidx.com/p/151615.html

Windows Error Reporting 0day漏洞分析(CVE-2019-0863)
https://www.anquanke.com/post/id/181457

CVE-2019-2729 WebLogic RCE漏洞白名單補丁分析
https://www.4hou.com/vulnerable/18801.html

關於CMSMS中SQL注入漏洞的複現與分析與利用
https://4hou.win/wordpress/?p=33777

CVE-2019-8635: Apple macOS double free漏洞分析
https://4hou.win/wordpress/?p=33790

CVE-2019-11478 Sack Slowness&Excess Resource Usage漏洞解析與利用
https://blog.csdn.net/dog250/article/details/94654620

利用ElasticSearch Groovy漏洞進行門羅幣挖礦事件分析
http://www.sohu.com/a/324256486_354899

WebLogic遠程命令執行0day漏洞
http://blog.itpub.net/30327022/viewspace-2649348/

個案分析-NSA攻擊工具事件分析報告_10806
https://cert.tanet.edu.tw/prog/opendoc.php?id=201907011007565673112506470396.pdf

OS禦見監測到“蘿莉幫”跨平台殭屍網絡,可發起DDoS攻擊
https://paper.seebug.org/974/

Godlua Backdoor 分析報告
https://paper.seebug.org/972/

微軟RDP 服務高危UAF 漏洞分析(CVE-2019-0708)
https://paper.seebug.org/971/

Shodan BinaryEdge ZoomEye 網絡空間搜索引擎測評
https://paper.seebug.org/970/

OpenCTI-Platform/opencti
https://github.com/OpenCTI-Platform/opencti

amass — Automated Attack Surface Mapping | Daniel Miessler
https://danielmiessler.com/study/amass/

2019 Pass the SALT  Slide
https://2019.pass-the-salt.org/schedule/

1001 Ways of Implementing a System Call
https://x86.lol/generic/2019/07/04/kernel-entry.html

Leaked Muddyc3 C2 source. 0xffff0800/muddyc3
https://github.com/0xffff0800/muddyc3

Lynis : Security Auditing Tool for Unix/Linux Systems
https://kalilinuxtutorials.com/lynis-security-auditing-tool-2/

PTF : A Way For Modular Support For Up-To-Date Tools
https://kalilinuxtutorials.com/ptf-pentesters-framework/

How to tell if your Windows laptop battery is worn
https://www.zdnet.com/article/how-to-tell-if-your-windows-laptop-battery-is-worn/#ftag=RSSbaffb68

Netflix, Ford, TD Bank Data Exposed by Open Amazon S3 Buckets
https://www.bleepingcomputer.com/news/security/netflix-ford-td-bank-data-exposed-by-open-amazon-s3-buckets/

Scapy : Python-Based Interactive Packet Manipulation Program & Library
https://kalilinuxtutorials.com/scapy-interactive-packet-manipulation

Aqua Security
https://github.com/aquasecurity

Red Teaming Toolkit Collection
https://0xsp.com/offensive/red-teaming-toolkit-collection

Breaking & Entering with Zipato SmartHubs
https://blackmarble.sh/zipato-smart-hub/

Nuget/Squirrel uncontrolled endpoints leads to arbitrary code execution
https://medium.com/@reegun/update-nuget-squirrel-uncontrolled-endpoints-leads-to-arbitrary-code-execution-b55295144b56

Operation Tripoli - Check Point Research
https://research.checkpoint.com/operation-tripoli/

韓國資安公司AhnLab對Ghostscript CVE-2017-8291分析
https://unit42.paloaltonetworks.com/tale-of-a-windows-error-reporting-zero-day-cve-2019-0863/

[Android] maddiestone/ConPresentations
https://github.com/maddiestone/ConPresentations/blob/master/REcon2019.PathToThePayload.pdf

F.商業
解析灰色警戒 (Gray Alerts):這些警示對企業的意義為何
https://blog.trendmicro.com.tw/?p=60873

精誠攜美商 布局資安防禦
https://money.udn.com/money/story/5710/3901753

台灣大哥大台中國際級規格打造 IDC 居中南部機房之冠,7/1 正式啟用
https://technews.tw/2019/06/28/taiwancloud-idc-taichung/

Nextlink 攻雲端資安環境 共創雙贏
https://money.udn.com/money/story/5635/3897409

Refirm Labs:韌體漏洞的安全防範
http://tw.systex.com/refirm-labs/

Red Hat推出RHEL安全分析服務Insights
https://www.ithome.com.tw/news/131531

Nextcloud推出共筆文字編輯器
https://www.ithome.com.tw/news/131538

看準物聯網73兆元物聯網商機 台灣之星明年連網數目標成長10倍
https://news.cnyes.com/news/id/4349823

Check Point提供Tbps級威脅防護機制
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=&id=0000563092_J9CLS39PLY6HRV19YGOIE

美國科技史上第三大交易!IBM 以一兆台幣收購開源軟體公司紅帽
https://buzzorange.com/techorange/2019/07/04/ibm-merge-redhat-enterpriselinux-fairtrade-permmit/

島內雲端平台存放企業客戶資料 兼顧合規性與安全性  在地化優勢掌握情資 抽絲剝繭解析異常
https://www.netadmin.com.tw/netadmin/zh-tw/trend/19DB3A018CBE44FEB788DBC679E8F450

採邏輯檢測引擎降低識別威脅誤判率,韓國WAF產品進軍臺灣
https://ithome.com.tw/review/131591

Check Point Research 與 CyberInt 協助 EA 改善旗下 Origin 遊戲平台安全漏洞
https://gnn.gamer.com.tw/1/181941.html

解析惡意郵件威脅指標 提升資安防護,眾至自建團隊 累積在地化情資
http://www.sharetech.com.tw/zh-tw/marketing-events/286-net-admin-162

Atmosphère 0.9.2加入圖型設定介面,在Switch上建立虛擬系統更方便
http://bit.ly/32bEpda

Google大數據分析服務Cloud Dataproc終於可以直接套用現成Hadoop資安政策了
https://www.ithome.com.tw/news/131614

微軟與遠傳正式啟動戰略合作,結合5G及雲端技術加速轉型進程
https://www.techbang.com/posts/71242-taiwans-microsoft-and-away-telecom-officially-launch-strategic-cooperation

中信國際電訊CPC與Fortinet合推新一代防火牆 助公司防駭客
http://bit.ly/2L1wObX

【網路流量加密平臺可延伸解析應用程式運用情形】Gigamon推出網路應用透視模組
https://www.ithome.com.tw/news/131686

趨勢科技:手遊、相機APP夾帶惡意程式 下載量近千萬次
https://ec.ltn.com.tw/article/breakingnews/2843845

資安防護的最後一哩路-特權帳號管理
https://mic.iii.org.tw/aisp/ReportS.aspx?id=CDOC20190702005

Microsoft once called Linux 'a cancer,' and that was a big mistake
https://www.zdnet.com/article/microsoft-once-called-linux-a-cancer-and-that-was-a-big-mistake/#ftag=RSSbaffb68

GOOGLE TURNS TO RETRO CRYPTOGRAPHY TO KEEP DATA SETS PRIVATE
https://www.wired.com/story/google-private-join-compute-database-encryption/

Google resurrects Lion of Mosul statue with 3D printing following ISIS destruction
https://www.zdnet.com/article/google-resurrects-lion-of-mosul-with-3d-printing-after-isis-destruction/#ftag=RSSbaffb68

Microsoft Adds 2FA-Protected "Personal Vault" Within OneDrive Cloud Storage
https://thehackernews.com/2019/06/microsoft-onedrive-personal-vault.html

Microsoft asks to join private Linux security developer list
https://www.zdnet.com/article/microsoft-asks-to-join-private-linux-security-developer-list/#ftag=RSSbaffb68

Microsoft developer reveals Linux is now more used on Azure than Windows Server
https://www.zdnet.com/article/microsoft-developer-reveals-linux-is-now-more-used-on-azure-than-windows-server/#ftag=RSSbaffb68

Microsoft Edge gets 'Tracking Prevention' feature
https://www.zdnet.com/article/microsoft-edge-gets-tracking-prevention-feature/#ftag=RSSbaffb68

Wipro's Li-Fi solution could slake the thirst of bandwidth-devouring Indians
https://www.zdnet.com/article/wipros-li-fi-solution-could-slake-the-thirst-of-bandwidth-devouring-indians/#ftag=RSSbaffb68

MongoDB: The cloud keeps rolling but what about legacy modernization
https://www.zdnet.com/article/mongodb-the-cloud-keeps-rolling-but-what-about-legacy-modernization/#ftag=RSSbaffb68

Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time
http://bit.ly/2NJ17Gi

Report: Broadcom in Discussions to Buy Symantec
https://www.bankinfosecurity.com/report-broadcom-in-discussions-to-buy-symantec-a-12717

Symantec shares surge on report Broadcom considers acquisition
https://www.zdnet.com/article/symantec-shares-surge-as-broadcom-considers-acquisition/#ftag=RSSbaffb68

D-Link to undergo security audits for 10 years as part of FTC settlement
https://www.zdnet.com/article/d-link-to-undergo-security-audits-for-10-years-as-part-of-ftc-settlement/#ftag=RSSbaffb68

D-Link Settles With FTC Over Alleged IoT Security Failures
https://www.bankinfosecurity.com/d-link-settles-ftc-over-alleged-iot-security-failures-a-12716

HP, Dell and Microsoft look to join electronics exodus from China
https://asia.nikkei.com/Economy/Trade-war/HP-Dell-and-Microsoft-look-to-join-electronics-exodus-from-China

G.政府
昔日共軍網戰偵蒐重點 國軍網路戰聯隊部址如今解密
https://udn.com/news/story/10930/3900912

資通電軍:購案目的在強化人員資安專業訓練
http://bit.ly/303DEkF

強化資安機制 資通電軍採購資安攻防蒐平台
https://www.ydn.com.tw/News/342228

杜絕中科院再演烏龍洩密案 國防部6月督導武器系統資安防護
http://bit.ly/2FKHVSc

金管會讓步 境外雲端存個資只需3條件
https://www.chinatimes.com/realtimenews/20190628003974-260410?chdtv

銀行雲端資料可放境外 顧立雄:須掌握三原則
https://www.chinatimes.com/realtimenews/20190628003772-260410?chdtv

銀行客戶個資 可存境外雲端
https://www.chinatimes.com/newspapers/20190629000550-260110?chdtv

銀行資料上雲端,金管會准了!符合條件境外公雲也能用
https://www.ithome.com.tw/news/131515

大到不能倒!金管會公布5大系統性銀行 強化監理
https://udn.com/news/story/7239/3896908?from=udn-catelistnews_ch2

看見台灣下一波競爭力,政府與產業聯手落實智慧製造與資安防護
https://futurecity.cw.com.tw/article/686

考試院暨考試委員高度重視公務資安防護
https://www.mocs.gov.tw/pages/detail.aspx?Node=489&Page=6160&Index=1

金融研訓院董事長吳中書傳統金融機構留意五優勢三缺點
http://udndata.com/ndapp/udntag/finance/Article?origid=9351831

Line群組狂轉銓敘部外洩國家情治人員個資,有違反個資法疑慮
https://www.ithome.com.tw/news/131609

5年前就防範中國電信設備 酈英傑讚台灣是模範
https://www.rti.org.tw/news/view/id/2026346

資安防範受肯定 酈英傑讚台灣是模範
http://www.ksnews.com.tw/index.php/news/contents_page/0001281249

中資違法來台投資 涉國安、資安、惡意挖角加重罰3倍
https://ec.ltn.com.tw/article/breakingnews/2842281

H.ICS/SCADA 工控系統
工業互聯網安全是產業安全和國家安全的重要基礎和保障
https://news.sina.com.tw/article/20190628/31783728.html

關鍵基礎施設穩定運作的根基:網路安全
http://www.tvet3.info/20190701/

Medtronic召回有被駭風險的胰島素幫浦
https://www.ithome.com.tw/news/131565

可防護OT與IT網路安全,Stormshield推工控防火牆機型
https://www.ithome.com.tw/review/131546

Actiontec WEB6000Q 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15557

I.教育訓練
Splunk 攻略
https://www.weithenn.org/2019/06/splunk-journey.html

Splunk Journey (01) - 基礎架構和運作元件
https://www.weithenn.org/2019/06/splunk-part01-Component.html

Splunk Journey (02) - 建立 Splunk 運作環境
http://www.weithenn.org/2019/07/splunk-part02-splunk-enterprise-on-azure.html

Splunk Journey (03) - Data Pipeline
https://www.weithenn.org/2019/07/splunk-part03-data-pipeline.html

教你 使用 Windows 10 Sandbox 沙箱 功能,降低電腦中毒的機率
https://www.kocpc.com.tw/archives/267581

Malware Analysis Tutorial 8: PE Header and Export Table
https://www.cnblogs.com/shangdawei/p/4785494.html

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
Unfixable Seed Extraction on Trezor - A practical and reliable attack
https://ledger-donjon.github.io/Unfixable-Key-Extraction-Attack-on-Trezor/

Lair of robot sea snake: In the depths, this autonomous guardian lies ready to work
https://www.zdnet.com/article/lair-of-robot-sea-snake-in-the-depths-this-autonomous-guardian-lies-ready-to-work/#ftag=RSSbaffb68

pasta-auto/PASTA1.0: PASTA: Portable Automotive Security Testbed with Adaptability
https://github.com/pasta-auto/PASTA1.0

6.近期資安活動及研討會
香港浸會大學國際學院7月6日舉辦「升學資訊日」7/6
 http://bit.ly/2X77BDq

 HackingThursday 固定聚會 7/4
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/

 2019 車用電子與車聯網資安種子教師研習營  7/4 ~ 7/5
 http://www.kghs.kh.edu.tw/notice/11734

 2019國際資訊安全組織台灣高峰會  7/9 ~ 7/11
 https://csa.kktix.cc/events/2019con

 Secure Summit APAC 2019 安全峰會 6 大領域提升資安水平  7/10 ~ 7/11
 http://bit.ly/2WbONh5

 工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
 https://www.accupass.com/event/1904080311551119077841

 HackingThursday 固定聚會 7/11
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/

 智慧金屬與物聯網資安座談會  7/15
 https://seminars.tca.org.tw/D15e02242.aspx

 【資安講座】企業電子郵件資安,釣魚郵件與郵件詐騙解析、最新防護技術發展,更新大家的資安知識 7/16
 https://www.techbang.com/posts/70854-lecture-corporate-email-security

 HackingThursday 固定聚會 7/18
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/

 資安產學高峰論壇 7/18
 https://www.accupass.com/event/1906140709596176666390

 資安趨勢研討會 7/18
 https://www.accupass.com/event/1906110041444881410360

 第12屆台盧(森堡)經濟合作會議  7/19
 http://registration.cieca.org.tw/visit/?d=74

 5G+IoT美麗新世界的資安挑戰與機會研討會 7/18
 http://iekweb2.iek.org.tw/IEKConf/Client/confinfo.aspx?mode=confinfo&conf_no=384953433

 HackingThursday 固定聚會 7/25
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/

 新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站​  7/26
 https://ievents.iii.org.tw/eventS.aspx?t=0&id=547

 2019扭轉資安營運研討會  7/26
 https://www.netfos.com.tw/event/2019event/20190726netfos/20190726-NETFOS-seminar-reg.html

 CDX2.0推廣活動 - 台南場次  7/26
 https://nchc-cdx.kktix.cc/events/cdxactivity-0726

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

 資安事故處理實務課程 8/7 ~ 8/8
 http://bit.ly/2VW0Lv9

 DEF CON 27  2019/8/8–8/11
 https://www.defcon.org/

 數位鑑識處理實務 8/14 ~ 8/15
 http://bit.ly/2VW0Lv9

 108 年度臺灣學術網路危機處理中心資安巡迴研討會 -資安趨勢暨網路安全概要  8/19 ~ 8/27
 http://www.hssh.tp.edu.tw/ezfiles/1/1001/attach/42/pta_17520_7551835_06329.pdf

 台灣駭客年會 HITCON Summer Training 2019 - 學生報名  2019-08-19 ~ 2019-08-22
 https://www.accupass.com/event/1906050919271598677460

 ᅵYahoo奇摩電商專題講座ᅵ 我們與詐騙的距離_電商不可承受的資安之重  8/21
 https://www.accupass.com/event/1906120307261445013215

 WEB應用滲透測試 8/21 ~ 8/23
 https://www.accupass.com/event/1904080221358963463590

 台灣駭客年會 HITCON Community 2019  2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8)
 https://www.accupass.com/event/1906040921594609934250

 數位政府高峰會 2019  8/28
 https://egov.ithome.com.tw/

 ModernWeb 19  8/28 ~ 8/29
 https://modernweb.tw/

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 108年資安職能訓練-行動裝置安全(8/29-8/30)
 https://cee.ksu.edu.tw/recruitinfo/1443.html

 【AWS資安】Security Engineering on AWS​高級課程 9/9 ~ 9/11
 https://www.accupass.com/event/1905150854571147685105

 CDX2.0推廣活動 - 台北場次 9/10
 https://nchc-cdx.kktix.cc/events/cdxactivity-0910

 Kubernetes Summit 9/11
 https://summit.ithome.com.tw/kubernetes/


 TANET 2019 - 臺灣網際網路研討會  9/25
 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310

 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/