跳到主要內容

資安事件新聞週報 2019/7/8 ~ 2019/7/12

資安事件新聞週報  2019/7/8  ~  2019/7/12

1.重大弱點漏洞/後門/Exploit/Zero Day
安全公告:LEN-27828 Intel PROSet/Wireless WiFi Software 漏洞
http://iknow.lenovo.com/detail/dc_183380.html

Juniper Junos OS 多個漏洞
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10938
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10940
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10942
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10946

Lodash 嚴重安全漏洞背後你不得不知道的JavaScript 知識
https://juejin.im/post/5d271332f265da1b934e2d48

Lodash庫爆出嚴重安全漏洞,波及400萬+項目
https://mp.weixin.qq.com/s/tfZq2PZylGfMjOp8h8eeTw

Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
https://www.exploit-db.com/exploits/47111

知名飯店Kiosk系統漏洞讓後台資料庫憑證曝險,可致客戶資料被竊
https://ithome.com.tw/news/131809

Jira Server and Data Center Update Patches Critical Vulnerability
https://www.bleepingcomputer.com/news/security/jira-server-and-data-center-update-patches-critical-vulnerability/

JIRA Security Advisory 2019-07-10
https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html

Bad McAfee Exploit Prevention Update Blocked Windows Logins
https://www.bleepingcomputer.com/news/security/bad-mcafee-exploit-prevention-update-blocked-windows-logins/

Unable to log on to Windows systems with Endpoint Security 10.2 (or earlier) after you apply Exploit Prevention content version 9418
http://bit.ly/2JvWk7a

物理黑客上線,羅技被曝出四個硬件漏洞
https://www.tuicool.com/articles/mqQFjiR

Logitech wireless USB dongles vulnerable to new hijacking flaws
https://www.zdnet.com/article/logitech-wireless-usb-dongles-vulnerable-to-new-hijacking-flaws/#ftag=RSSbaffb68

傳 PSN 現安全漏洞 黑客盜用玩家信用卡
https://unwire.hk/2019/07/04/psn-security/tech-secure/

小心被盜刷!PlayStation Network 爆發信用卡漏洞
https://www.inside.com.tw/article/16833-Security-Flaw-Allows-Hackers-To-Access-PSN-Accounts-Credit-Card-Info

火狐瀏覽器被發現某個存在17年的漏洞可竊取用戶本地存儲的文件
https://www.landiannews.com/archives/60168.html

中國大陸國家工業信息安全漏洞庫上線
https://news.sina.com.tw/article/20190708/31885498.html

Zoom Mac版安全漏洞曝光:可以讓網站劫持Mac攝像頭
https://news.sina.com.tw/article/20190709/31904184.html

Apple macOS Sierra IOFireWireFamily組件信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7608

Apple發出更新,主動移除Mac中的Zoom本地主機網頁伺服器
https://www.ithome.com.tw/news/131792

Apple Issues Silent Update to Remove Old Zoom Software
https://www.bankinfosecurity.com/apple-issues-silent-update-to-remove-old-zoom-software-a-12767

VMware 多個產品發布新的安全更新
https://www.us-cert.gov/ncas/current-activity/2019/07/02/vmware-releases-security-advisory-multiple-products

VMWare vSphere ESXi 阻斷服務漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0011.html

思科產品阻斷服務漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190710-asa-ftd-dos

Cisco 多個產品存在安全性弱點
https://www.us-cert.gov/ncas/current-activity/2019/07/03/cisco-releases-security-updates-multiple-products

Cisco delivers Patch Tuesday warmup with bundle of 18 bug fixes
https://www.theregister.co.uk/2019/07/05/cisco_patch_fix/

Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution
https://www.exploit-db.com/exploits/47112

Symantec Endpoint Encryption Privilege Escalation
https://support.symantec.com/us/en/article.SYMSA1485.html

Symantec DLP 15.5 MP1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/47071

更新前先等等!微軟承認 Windows 10 五月更新有 VPN 網路瑕疵
https://3c.ltn.com.tw/news/37319

Microsoft Exchange 2003 base64-MIME Remote Code Execution
https://packetstormsecurity.com/files/153533/msexchange2003-exec.txt

The Windows 10 misinformation machine fires up again
https://www.zdnet.com/article/the-windows-10-misinformation-machine-fires-up-again/#ftag=RSSbaffb68

Microsoft July 2019 Patch Tuesday fixes zero-day exploited by Russian hackers
https://www.zdnet.com/article/microsoft-july-2019-patch-tuesday-fixes-zero-day-exploited-by-russian-hackers/#ftag=RSSbaffb68

Windows 10 KB4507453 Cumulative Update Causes Restart Alert Loop
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4507453-cumulative-update-causes-restart-alert-loop/

在Microsoft Visual Studio 2010 Service Pack 1 信息洩露漏洞的安全更新的說明: 2019 7 月9日
https://support.microsoft.com/zh-cn/help/4506161/security-update-for-information-disclosure-vulnerability-in-vs-2010

微軟發佈07月份安全性公告
https://support.microsoft.com/en-us/help/20190709/security-update-deployment-information-july-9-2019

July’s Patch Tuesday Fixes Critical Flaws in Microsoft Edge and Internet Explorer, Including Windows DHCP Server
https://blog.trendmicro.com/trendlabs-security-intelligence/julys-patch-tuesday-fixes-critical-flaws-in-microsoft-edge-and-internet-explorer-including-windows-dhcp-server/

Windows Zero-Day Used by Buhtrap Group For Cyber-Espionage
https://www.bleepingcomputer.com/news/security/windows-zero-day-used-by-buhtrap-group-for-cyber-espionage/

Debian 10 'Buster' Linux arrives
https://www.zdnet.com/article/debian-10-buster-linux-arrives/#ftag=RSSbaffb68

最新Redis未授權訪問漏洞,該如何守護Redis安全
http://news.51cto.com/art/201907/599444.htm

ibm -- db2     CVE-2019-4057
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-4057

ibm -- db2     CVE-2019-4154
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-4154

ibm -- db2     CVE-2019-4322
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-4322

netapp -- clustered_data_ontap CVE-2019-5497
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5497

nginx -- njs CVE-2019-13067
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13067

synology -- calendar CVE-2019-11829
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11829

synology -- photo_station CVE-2019-11821
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11821

CVE-2019-13142:雷蛇影音軟件(Razer Surround)的權限提升漏洞
https://nosec.org/home/detail/2758.html

Adobe tackles vulnerabilities in Dreamweaver, Experience Manager, Bridge
https://www.zdnet.com/article/adobe-tackles-vulnerabilities-in-dreamweaver-experience-manager-bridge-cc/#ftag=RSSbaffb68

Intel Patches High-Severity Flaw in Processor Diagnostic Tool
https://threatpost.com/intel-patches-high-severity-flaw-in-processor-diagnostic-tool/146352/

Intel 發布新的安全更新
https://www.us-cert.gov/ncas/current-activity/2019/07/09/intel-releases-security-updates

Mozilla 已發布安全更新
https://www.us-cert.gov/ncas/current-activity/2019/07/09/mozilla-releases-security-updates-firefox-and-firefox-esr

Juniper updates its multi-cloud container platform Juke
https://www.zdnet.com/article/juniper-updates-its-multi-cloud-container-platform-juke/#ftag=RSSbaffb68

Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)
https://www.exploit-db.com/exploits/47073

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
香港銀行公會:環聯須提交獨立報告 恢復服務前要作詳解
https://hk.on.cc/hk/bkn/cnt/finance/20190705/bkn-20190705201332275-0705_00842_001.html

「Visa QR Code掃碼支付平台」服務上線,手機就能繳費
https://www.chinatimes.com/realtimenews/20190705001599-260410?chdtv

元大銀 進軍外幣ATM提匯業務
http://bit.ly/2S6pbln

銀聯卡全球發行逾75億張可在174個國家地區使用
https://money.udn.com/money/story/5605/3910855

日本電通成立資訊銀行 鼓勵消費者分享數據
https://money.udn.com/money/story/5602/3910763

盧希鵬:純網銀有3件傳統銀行做不到的優勢,數據、利他、弱連結生態系
https://www.ithome.com.tw/news/131709

東歐假卡集團ATM撳錢作案 骨幹成員被捕
https://hk.on.cc/hk/bkn/cnt/news/20190708/bkn-20190708114803488-0708_00822_001.html

陸客不來不怕,東協旅客來台消費 EMV 通用條碼支付漸漸增加
https://technews.tw/2019/07/09/luke-not-here-is-not-a-problem-south-east-asia-tourists-shop-in-taiwan-by-using-emv-qr-code-is-increasing/

Visa在台推EMV掃碼支付 串聯10大電子錢包
https://www.chinatimes.com/realtimenews/20190709003140-260410?chdtv

開放銀行大勢所趨 完善安全措施降低風險
https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/9F6D22BB76F54B70A83E612B7306259A

林坤正:傳統銀行數位轉型的大難題
https://www.wealth.com.tw/home/articles/21402

臺灣開放銀行大進展!首版Open API標準出爐,2大準則5項安控13家銀行先支援
https://www.ithome.com.tw/news/131648

銀行戰純網銀 央行下指導棋
https://money.udn.com/money/story/5613/3922001

英國張手迎接「數位銀行」
http://bit.ly/2XAK7Xw

中國大陸央行公佈第七批支付牌照續展結果:17家順利通過
https://news.sina.com.tw/article/20190710/31919242.html

客戶資料不再獨享…3階段「開放銀行」 下月啟動
https://udn.com/news/story/11316/3888637

英推開放銀行規範 來台探路
http://bit.ly/2XRGE6l

香港金管局要求管理信用卡業務風險
http://bit.ly/2XA83p2

網貸機構備案沒有時間表 個別地方明確不發展P2P
https://news.sina.com.tw/article/20190709/31896416.html

P2P頻爆雷 受害者聲明退出中共
http://bit.ly/2XWkQGu

國銀分行連5年減少 ATM台數資安人才需求增加
https://money.udn.com/money/story/5613/3923704

證券超業小心囉!客戶下單5分鐘內嚴禁跟單
https://ec.ltn.com.tw/article/breakingnews/2850373

German banks are moving away from SMS one-time passcodes
https://www.zdnet.com/article/german-banks-are-moving-away-from-sms-one-time-passcodes/#ftag=RSSbaffb68

Cyber Attacks Biggest Threat to Financial Sector
https://www.infosecurity-magazine.com/news/cyber-attacks-biggest-threat/

Only three global banks given top website security score by ImmuniWeb
https://www.zdnet.com/article/only-three-global-banks-given-top-website-security-score-by-immuniweb/

State of Application Security at S&P Global World's 100 Largest Banks
https://www.immuniweb.com/blog/SP-100-banks-application-security.html

Synthetic identity theft is the fastest-growing financial crime in the U.S.
https://www.cyberscoop.com/synthetic-identity-theft-stolen-fake-data/

Synthetic Identity Fraud in the U.S. Payment System
https://fedpaymentsimprovement.org/wp-content/uploads/frs-synthetic-identity-payments-fraud-white-paper-july-2019.pdf

3.電子支付/電子票證/行動支付/ pay/新聞及資安
日本7-Eleven手機支付新app被駭,近900名用戶損失5500萬日幣
https://times.hinet.net/news/22448660

日本「7Pay」出師不利 上線即遭嚴重盜刷
https://news.tvbs.com.tw/focus/1161283

日本7-11的資安風暴:超商電子支付「7pay」盜用風波
https://global.udn.com/global_vision/story/8662/3911089

日7-11手機支付軟體疑遭犯罪盜用 日逮捕2名陸嫌
https://www.chinatimes.com/realtimenews/20190705001440-260408?chdtv

密碼重設功能不嚴謹,缺乏驗證,日本7Pay用戶遭竄改密碼並盜刷
https://www.ithome.com.tw/news/131715

密碼重設功能不嚴謹,缺乏驗證,日本7Pay App用戶遭竄改密碼並盜刷
https://www.ithome.com.tw/news/131715

從日本7pay遭駭,看行動支付的資安風險
https://news.tvbs.com.tw/politics/1162387

日本7-11手機支付盜刷背後有中國團夥影子
https://zh.cn.nikkei.com/politicsaeconomy/politicsasociety/36386-2019-07-11-05-00-30.html

日本7-11推行動支付APP「7pay」 駭客竊取900人個資花光1600萬
https://news.sina.com.tw/article/20190708/31891034.html

日超商推手機支付,全家比 7-11 強在兩步驟驗證
https://technews.tw/2019/07/08/famipay-stronger-than-7pay/

日本7-11手機支付遭盜刷 日本政府要求做到這件事
https://ec.ltn.com.tw/article/breakingnews/2848446

7Pay 剛上線就被盜刷 1581 萬台幣,為什麼全家 FamiPay 沒事
https://buzzorange.com/techorange/2019/07/08/711-familymart-7pay-famipay-tokoyo-japan/

數百名用戶遭駭客竊取5,000多萬日圓 日本7-11停用手機支付App
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000564028_2m1lktxu39oun97mgwlod

印度法院稱PayPal在當地涉嫌非法運營 或被叫停
https://news.sina.com.tw/article/20190705/31870396.html

日本7-11推行動支付APP「7pay」 駭客竊取900人個資花光1600萬
https://cnews.com.tw/140190708a02/

「7-11APP」有漏洞 屏蔽外部帳號登錄
https://zh.cn.nikkei.com/industry/tradingretail/36433-2019-07-12-10-37-06.html

陸Q1網路支付達58兆人幣 支付寶位居寶座
https://www.chinatimes.com/realtimenews/20190704003692-260410?chdtv

第三方支付平台須加強對第四方支付平台監管
https://news.sina.com.tw/article/20190705/31859902.html

台水、台電合作 推動行動支付服務
http://bit.ly/30acFUo

看好掃碼支付 Visa QR Code首波合作10家銀行今上線
https://news.cnyes.com/news/id/4354008

VISA支付安全路綫藍圖 代碼取代信用卡帳號
http://bit.ly/2N91hXf

新加坡「支付寶」時代要來臨了!媽媽再也不用擔心我忘帶錢包了
http://www.orgs.one/show/739002

【電子支付】法國央行建議 建立泛歐支付系統
http://bit.ly/2xIyO04

使用電子支付更方便了 金管會開放五大措施
https://udn.com/news/story/7239/3902836

提升電子支付便利性 金管會祭3大修正重點
https://money.udn.com/money/story/5613/3903223

與星巴克、微軟合作,Bakkt被爆將推加密支付APP
http://news.knowing.asia/news/a17fd6a8-f13f-40a3-90b7-244ebad0c3e8

4.虛擬貨幣/區塊鍊   新聞及資安
在真正重構傳統金融體系之前,Libra得先解決監管難題
http://news.knowing.asia/news/de731887-8998-4837-8d2c-3db35bc50abb

Libra回應國會:接受反洗錢監督和政府監管(全文)
https://news.sina.com.tw/article/20190710/31919732.html

區塊鏈、資安 下一代數位科技
http://bit.ly/2xJXjKl

從 Libra 的誕生看網路支付工具的演進與區塊鏈代幣的未來
https://www.inside.com.tw/article/16706-Libra-and-the-future-of-blockchain

證券型代幣(STO)規範的開端!上路前的STO規範總體檢報名開跑
http://bit.ly/2XqQWGj

STO為台灣帶來新活力
https://www.gvm.com.tw/article.html?id=66948

全球首創訂 STO 專門規範,金管會法規 10 月出爐
https://finance.technews.tw/2019/06/28/sto-specification-taiwan-october/

Monero(XMR):披露了九個安全漏洞,一個暴露的加密貨幣交易所到盜竊
https://0xzx.com/201907052153155348.html

關於 Edgeware 鎖倉合約的拒絕服務漏洞
https://www.tuoluocaijing.com.tw/article/detail-50076.html

歐洲央行執行董事:金融監管機構需對Libra迅速採取行動
http://news.knowing.asia/news/39aac84f-5cbc-4ad3-a774-1e1e115a437d

資誠:虛擬貨幣平台,須符法遵
https://reurl.cc/G0Z1y

MUB美人幣將在區塊鏈資產交易平臺MBAEX交易所開放交易
http://n.yam.com/Article/20190708275028

區塊鏈技術在智慧城市之應用
http://sa.ylib.com/MagArticle.aspx?Unit=webonly&id=4422

門羅幣XMR被發現數個安全漏洞,目前多數已被修復
http://bit.ly/30n9etE

區塊鏈產業趨勢下一波~不得不被重視的加密貨幣資產託管潮
https://cnews.com.tw/152190709a01/

加密幣經紀業 SEC擬鬆綁
https://money.udn.com/money/story/5599/3919682

Electroneum重大升級使ETN成為全球最安全的去中心化和環境友善型加密貨幣,並將區塊獎勵降低75%
http://www.businesswirechina.com/hk/news/41074.html

中國是否會開始著手開發微信加密貨幣呢
http://news.knowing.asia/news/66a138ac-d6bc-4b50-b649-5fe78f53d3b8

Libra圖謀全球化貨幣 周小川談人民幣應對挑戰
https://news.sina.com.tw/article/20190711/31925080.html

謝平:如果10億人使用Libra 將會是區塊鏈的大普及
https://news.sina.com.tw/article/20190710/31915700.html

羅玫:區塊鏈應用需要技術和產業的復合型人才
https://news.sina.com.tw/article/20190701/31813486.html

臉書幣若涉儲值、跨境匯兌 須金管會核准
https://udn.com/news/story/11316/3885935

Huffpost深度分析臉書Libra:一個發行偽貨幣的笑話
https://news.sina.com.tw/article/20190622/31716626.html

與FATF新規定有關?韓國銀行加強對加密貨幣匿名交易的監控
http://news.knowing.asia/news/cd59a16b-ae79-413b-86b0-dd48ec150696

POSCMS交易所繫統存在多個高危漏洞平台資金存在被竊風險
http://www.lingchenliang.com/post/57638.html

日本交易所BITPoint證實因駭客攻擊損失35億日元!BITPoint Taiwan客戶不受此事件影響
http://bit.ly/2LjiBr0

比特幣 ATM 或暴露了歐盟洗錢條例的漏洞
http://bit.ly/30tjWyX

Bitcoin ATMs Show Gap in EU’s Money Laundering Rules, Police Say
https://www.bloomberg.com/news/articles/2019-07-11/bitcoin-atms-show-gap-in-eu-s-money-laundering-rules-police-say

Facebook’s Libra cryptocurrency project branded of ‘serious concern’ by Federal Reserve
https://www.zdnet.com/article/facebooks-libra-cryptocurrency-project-branded-a-serious-concern-by-federal-reserve/#ftag=RSSbaffb68

Bitcoin eats as much energy as Switzerland
https://nakedsecurity.sophos.com/2019/07/05/bitcoin-eats-as-much-energy-as-switzerland/

Bitcoin Scammers Go Public With Tesco Twitter Hacking
https://www.pandasecurity.com/mediacenter/social-media/tesco-twitter-hacking/

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
惡意垃圾郵件利用 ISO 映像檔散佈夾帶兩隻木馬的假發票
https://blog.trendmicro.com.tw/?p=61108

駭客利用偽造的eFax文件遞送惡意程式
https://ithome.com.tw/news/131757

微軟警告竊密程式Astaroth來襲,攻擊過程完全使用合法工具
https://www.ithome.com.tw/news/131742

殭屍病毒GoBotKR鎖定韓劇迷
https://ithome.com.tw/news/131756

維加斯若遭駭 市長將不會付駭客贖金
https://www.lvcnn.com/news.php?id=27176

資安業者揭露有勒索軟體鎖定威聯通的NAS裝置展開攻擊
https://www.ithome.com.tw/news/131800

QNAP NAS遭勒索軟體盯上,Arm、x86處理器產品皆中鏢
https://www.techbang.com/posts/71485-qnap-nas-targeted-by-ransomware-virus-arm-x86-processor-products-are-all-dart

2,500萬支Android手機感染Agent Smith惡意程式
https://www.ithome.com.tw/news/131794

僵屍網路(Botnet)攻擊布署,由 Windows 轉向 Linux 與 IoT 設備
https://blog.twnic.net.tw/2019/07/11/4222/

Pale Moon檔案伺服器遭駭客下毒
https://www.ithome.com.tw/news/131797

ATM 意軟體在地下市場出售
https://blog.trendmicro.com.tw/

Data breach post-mortem
https://forum.palemoon.org/viewtopic.php?f=17&t=22526

A New Ransomware Is Targeting Network Attached Storage (NAS) Devices
https://thehackernews.com/2019/07/ransomware-nas-devices.html

New Malware Replaced Legit Android Apps With Fake Ones On 25 Million Devices
https://thehackernews.com/2019/07/whatsapp-android-malware.html

Pale Moon says hackers added malware to older browser versions
https://www.zdnet.com/article/pale-moon-says-hackers-added-malware-to-older-browser-versions/#ftag=RSSbaffb68

Trickbot Trojan Gets IcedID Proxy Module to Steal Banking Info
https://www.bleepingcomputer.com/news/security/trickbot-trojan-gets-icedid-proxy-module-to-steal-banking-info/

New Android malware replaces legitimate apps with ad-infested doppelgangers
https://www.zdnet.com/article/new-android-malware-replaces-legitimate-apps-with-ad-infested-doppelgangers/#ftag=RSSbaffb68

Iran-Linked Malware Shared by USCYBERCOM First Seen in December 2016: Kaspersky
https://www.securityweek.com/iran-linked-malware-shared-uscybercom-first-seen-december-2016-kaspersky

A Quick and Efficient Method For Locating the main() function of Linux ELF Malware Variants
http://bit.ly/2XmJtrC

US Coast Guard warns about malware designed to disrupt ships' computer systems
https://www.zdnet.com/article/us-coast-guard-warns-about-malware-designed-to-disrupt-ships-computer-systems/#ftag=RSSbaffb68

Two US cities opt to pay $1m to ransomware operators
https://www.welivesecurity.com/2019/06/26/cities-pay-ransom-ransomware-operators/

Crimeware for Sale:The Commoditization of ATM Malware in the Cybercriminal Underground
http://bit.ly/323csnQ

Golang-based Spreader Used in a Cryptocurrency-Mining Malware Campaign
http://bit.ly/2Xr9G8o

ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit
http://bit.ly/2JhMLZD

RATs and stealers rush through “Heaven’s Gate” with new loader
https://blog.talosintelligence.com/2019/07/rats-and-stealers-rush-through-heavens.html

Malicious Script With Multiple Payloads
https://isc.sans.edu/diary/Malicious+Script+With+Multiple+Payloads/25090

Maldoc: Payloads in User Forms
https://isc.sans.edu/diary/Maldoc%3A+Payloads+in+User+Forms/25084

Steer clear of Bitcoin Cash generators
https://blog.malwarebytes.com/crypto/2019/07/steer-clear-of-bitcoin-cash-generators/

Helping survivors of domestic abuse: What to do when you find stalkerware
https://blog.malwarebytes.com/stalkerware/2019/07/helping-survivors-of-domestic-abuse-what-to-do-when-you-find-stalkerware/

Crimeware for Sale:The Commoditization of ATM Malware in the Cybercriminal Underground
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/crimeware-for-sale-the-commoditization-of-atm-malware-in-the-cybercriminal-underground

UK's largest police forensics lab paid ransom demand to recover locked data
https://www.zdnet.com/article/uks-largest-police-forensics-lab-paid-ransom-demand-to-recover-locked-data/#ftag=RSSbaffb68

Inter: Skimmer For All
https://www.fortinet.com/blog/threat-research/inter-skimmer-for-all.html

2019-07-05 - QUICK POST: URSNIF INFECTION WITH TRICKBOT
https://www.malware-traffic-analysis.net/2019/07/05/index.html

BianLian Android Banking Malware is Back with Screen Recording and SSH Server Capabilities
https://gbhackers.com/bianlian-android-banking-malware/

Ransomware found exploiting former Windows flaw
https://www.ehackingnews.com/2019/07/ransomware-found-exploiting-former.html

More AgentTesla keylogger info-stealer campaigns hitting UK
https://myonlinesecurity.co.uk/more-agenttesla-keylogger-info-stealer-campaigns-hitting-uk/

The world's most famous and dangerous APT (state-developed) malware
https://www.zdnet.com/pictures/the-worlds-most-famous-and-dangerous-apt-state-developed-malware/#ftag=RSSbaffb68

Microsoft warns about Astaroth malware campaign
https://www.zdnet.com/article/microsoft-warns-about-astaroth-malware-campaign/#ftag=RSSbaffb68

Watch Out! Microsoft Spotted Spike in Astaroth Fileless Malware Attacks
https://thehackernews.com/2019/07/astaroth-fileless-malware.html

Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack
https://www.microsoft.com/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Backdoor found in Ruby library for checking for strong passwords
https://www.zdnet.com/article/backdoor-found-in-ruby-library-for-checking-for-strong-passwords/#ftag=RSSbaffb68

Malicious campaign targets South Korean users with backdoor-laced torrents
https://www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/

Anubis Android Malware Returns with Over 17,000 Samples
https://blog.trendmicro.com/trendlabs-security-intelligence/anubis-android-malware-returns-with-over-17000-samples/

Fake eFax emails are now spreading Dridex Trojan, RMS RAT
https://www.zdnet.com/article/fake-efax-emails-are-now-spreading-dridex-trojan-rms-rat/#ftag=RSSbaffb68

Double Duty: Dridex Banking Malware Delivered with RMS RAT
https://cofense.com/double-duty-dridex-banking-malware-delivered-rms-rat/

2019-07-08 - QUICK POST: URSNIF INFECTION WITH DRIDEX AND POWERSHELL EMPIRE
https://www.malware-traffic-analysis.net/2019/07/08/index.html

2019-07-08 - QUICK POST: RIG EK SENDS AMADEY
https://www.malware-traffic-analysis.net/2019/07/08/index2.html

Anubis Android banking malware returns with extensive financial app hit list
https://www.zdnet.com/article/anubis-android-banking-malware-returns-with-a-bang/#ftag=RSSbaffb68

Anubis Android Malware Returns with Over 17,000 Samples
https://blog.trendmicro.com/trendlabs-security-intelligence/anubis-android-malware-returns-with-over-17000-samples/

Where Will Ransomware Go In The Second Half Of 2019
https://blog.trendmicro.com/where-will-ransomware-go-in-the-second-half-of-2019/

New versions of FinFisher mobile spyware discovered in Myanmar
https://www.zdnet.com/article/new-versions-of-finfisher-mobile-spyware-discovered-in-myanmar/#ftag=RSSbaffb68

New FinSpy iOS and Android implants revealed ITW
https://securelist.com/new-finspy-ios-and-android-implants-revealed-itw/91685/

eCh0raix — New Ransomware Targets QNAP NAS Devices
https://thehackernews.com/2019/07/ransomware-nas-devices.html

New Miori Variant Uses Unique Protocol to Communicate with C&C
https://blog.trendmicro.com/trendlabs-security-intelligence/new-miori-variant-uses-unique-protocol-to-communicate-with-cc/

Remote access — for a scammer
https://www.kaspersky.com/blog/remote-access-scams/27552/

Sodin ransomware enters through MSPs
https://www.kaspersky.com/blog/sodin-msp-ransomware/27530/

New Malware Replaced Legit Android Apps With Fake Ones On 25 Million Devices
https://thehackernews.com/2019/07/whatsapp-android-malware.html

Cybersecurity: Malware lingers in SMBs for an average of 800 days before discovery
https://www.techrepublic.com/article/cybersecurity-malware-lingers-in-smbs-for-an-average-of-800-days-before-discovery/

Wannacry ransomware attack: Industry experts offer their tips for prevention
https://www.techrepublic.com/article/wannacry-ransomware-attack-industry-experts-offer-their-tips-for-prevention/

Agent Smith Android Malware Downloaded 25m+ Times
https://www.infosecurity-magazine.com/news/agent-smith-android-malware/

New eCh0raix Ransomware Brute-Forces QNAP NAS Devices
https://www.bleepingcomputer.com/news/security/new-ech0raix-ransomware-brute-forces-qnap-nas-devices/

US mayors group adopts resolution not to pay any more ransoms to hackers
https://www.zdnet.com/article/us-mayors-group-adopts-resolution-not-to-pay-any-more-ransoms-to-hackers/#ftag=RSSbaffb68

This new ransomware is targeting network attached storage devices
https://www.zdnet.com/google-amp/article/this-new-ransomware-is-targeting-network-attached-storage-devices/

Trickbot Trojan Gets 'BokBot' Proxy Module to Steal Banking Info.
https://www.ehackingnews.com/2019/07/trickbot-trojan-gets-bokbot-proxy.html

Trickbot gets custom proxy module from IcedID banking trojan| Cyware Hacker News
https://cybersecurityboard.com/trickbot-gets-custom-proxy-module-from-icedid-banking-trojan-cyware-hacker-news

B.行動安全 / iPhone / Android /穿戴裝置 /App
警告!「三星更新」是詐騙 APP,千萬別從 Google Play 下載
https://m.eprice.com.tw/mobile/talk/4523/5366299/1/

公共Wi-Fi暗藏危機 出國旅遊連網務必注意
http://bit.ly/2NIYZOW

駭客利用三星免費固件程式騙錢,安裝量超1000萬
http://bit.ly/2NQWqdY

Google Play 出現冒充 Samsung 更新軟件!逾千萬用戶中招
http://bit.ly/32dC2a1

趨勢科技預警182個免費App夾帶惱人廣告 百萬用戶中箭
https://www.chinatimes.com/realtimenews/20190705003637-260412?chdtv

安卓粉注意!上百款免費應用程式暗藏「進化版」惡意廣告,個資恐遭竊取
https://3c.ltn.com.tw/news/37301

用戶拒授權無用!逾千Android程式 繞後門存取用戶資料
http://www.limedia.tw/tech/7084/

谷歌挖出iMessage新漏洞運行舊系統的iPhone只能重置修復
http://bit.ly/32ak885

華為作業系統易被駭「鴻蒙」遭檢出多項漏洞
https://news.cnyes.com/news/id/4353528

華為作業系統「鴻蒙」 遭義大利網路資安公司點出多項漏洞
https://www.ettoday.net/news/20190709/1485715.htm

鴻蒙作業系統還未推出,資訊安全公司就發現 3 個危險漏洞
https://technews.tw/2019/07/09/huawei-os-information-security/

如何辨識手機內假應用程式?安裝應用程式前後須留意的事項
https://blog.trendmicro.com.tw/?p=61015

Swascan scopre criticità anche su Huawei
https://www.swascan.com/it/huawei-2/

新青年社交APP伴伴存在源代碼洩露漏洞[T00ls-2019-00073]
https://www.t00ls.net/Vuls-T00ls-2019-00073.html

市議員批台中購物節APP漏洞百出 市府:將儘速調整
https://www.chinatimes.com/realtimenews/20190710003631-260405?chdtv

台中購物節開跑 議員:APP漏洞百出 恐洩個資
https://udn.com/news/story/7325/3921759?from=udn-catebreaknews_ch2

港人「空投」傳訊息 突破中共防火牆
http://bit.ly/2xDLViT

信用卡智能還款App暗藏風險專家:套現本身違法違規
http://www.sohu.com/a/326074773_362042?scm=0.0.0.0

中國公司暗黑行動潛入手機 App 清單,掉包 App 賺取廣告費
https://technews.tw/2019/07/11/china-company-seek-into-app-list-on-phone-and-switching-app-for-ad-profit/

有竊聽疑慮,蘋果暫停 Apple Watch 對講機 App 服務
https://www.eprice.com.tw/mobile/talk/4503/5369977/1/

下載逾五萬次的Android遊戲,暗中竊取 Facebook 和 Google 登入憑證
https://blog.trendmicro.com.tw/?p=61146

如何辨識手機內假應用程式?安裝 APP 前後須留意的事項
https://blog.trendmicro.com.tw/?p=61015

These are the sneaky new ways that Android apps are tracking you
https://www.fastcompany.com/90372033/these-are-the-sneaky-new-ways-that-android-apps-are-tracking-you

50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System
https://www.ftc.gov/system/files/documents/public_events/1415032/privacycon2019_serge_egelman.pdf

Adware Campaign Identified From 182 Game and Camera Apps on Google Play and Third-Party Stores Like 9Apps
http://bit.ly/30ii24i

Symantec Mobile Threat Defense: A Snapshot of Mobile Security Incidents in Q2 2019
https://www.symantec.com/blogs/product-insights/symantec-mobile-threat-defense-snapshot-mobile-security-incidents-q2-2019

Over 150 Fake Jio Android Apps Offer Free Data but Deliver Only Ads
https://www.symantec.com/blogs/threat-intelligence/malicious-android-apps-india-jio

How to update apps on your smartphone
https://www.kaspersky.com/blog/how-to-update-ios-android-apps/27541/

Samsung Galaxy S10 update is causing huge problems for some users
https://www.zdnet.com/article/samsung-galaxy-s10-update-is-causing-huge-problems-for-some-users/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
領略 WCTF 2019 | 各國駭客豪情碰撞,「網路安全世界大戰」一觸即發
http://bit.ly/2Xp6Y3r

【HITCON CMT 2019 售票】票價變更通知
https://blog.hitcon.org/2019/07/hitcon-2019-cmt-regedit.html?m=1

2019年7月8日午,某駭客攻克小付钱包信息管理平台-内蒙古
http://www.fangongheike.com/2019/07/201978.html

谷歌、臉書乖乖把錢匯入「他的」帳戶 >>東歐駭客「代收」廣達38億驚奇
http://bit.ly/2LgXzcw

糗!美國四名高中生因自動 Wifi 登入,惡意噴漆被抓包
https://www.inside.com.tw/article/16874-police-get-mischief-students-via-free-wifi

東歐駭客「代收」廣達38億驚奇
https://magazine.chinatimes.com/wealth/20190711002883-300205

藉電訊取用電腦罪 IT業憂變「萬能Key」
http://bit.ly/2LdmVI9

2018年網攻猖獗 全球損失逾1.4兆
https://summit.rti.org.tw/news/view/id/2026884

全球3成VPN業者被中資掌控 網民翻牆恐被監控
https://www.cna.com.tw/news/acn/201907090332.aspx

調查指出:世界百大 VPN 中,29 項為六家中國公司所持有
https://www.inside.com.tw/article/16840-Top-VPNs-secretly-owned-by-Chinese-firms

別挑錯!翻牆未必安全 全球主要VPN公司近3成在中國
https://news.ltn.com.tw/news/world/breakingnews/2846658

Ubuntu Linux發行商Canonical的官方GitHub帳號被駭
https://www.ithome.com.tw/news/131721

Firefox拒絕信任安全廠商DarkMatter發的憑證,理由是該公司協助政府監控民眾
https://www.ithome.com.tw/news/131770

駭死妳! 宅男竊女網友性愛照恐嚇50萬元
https://www.chinatimes.com/realtimenews/20190708001664-260402?chdtv

駭客追女網友被打槍 竟駭入雲端竊取性愛影片勒索50萬元
https://news.ltn.com.tw/news/society/breakingnews/2846066

中駭客連你電話都聽?他呼叫電信公司
https://reurl.cc/4VZ4K

大家都還好嗎?林昶佐憂中國駭客入侵電信公司情資
https://newtalk.tw/news/view/2019-07-08/269761

闇黑部隊入侵 無聲的國安危機
https://www.wealth.com.tw/home/articles/21383

台灣部隊 靠「駭客學」挺進世界杯
https://www.wealth.com.tw/home/articles/21385

防範藏在細節的闇黑部隊 員工是最重要的防火牆
https://www.wealth.com.tw/home/articles/21386

不甩美國警告 阿根廷接受中國公司安裝監控設備
https://news.ltn.com.tw/news/world/breakingnews/2845602

中製無人機 美國會要軍方禁購
https://ec.ltn.com.tw/article/paper/1301626

最高219年徒刑!台裔教授涉嫌盜取美國晶片轉賣中國
https://n.yam.com/Article/20190708418453

英國智庫起底!百名華為員工有軍方背景
https://www.ustv.com.tw/UstvMedia/news/109/20190708A128

華為「紅色」員工 證實與攻擊西方企業駭客和間諜掛勾
https://news.ltn.com.tw/news/world/breakingnews/2846864

美網安公司再揭華為:漏洞遍及整個產品線
https://www.ntdtv.com/b5/2019/07/08/a102617683.html

川普只是口頭放過華為?美司法部要求法院駁回華為控告美政府訴訟案
https://www.cmmedia.com.tw/home/articles/16390

美反間諜官員﹕華為5G反映中共野心
http://bit.ly/2RZYONI

華為駐外代表前妻 揭華為與中共政府關係
http://www.epochtimes.com/b5/19/6/24/n11343615.htm

因應華為間諜風險 歐盟年底前將採取集體措施
https://ec.ltn.com.tw/article/breakingnews/2849859

加拿大國會議員被警告:不要使用微信
http://www.secretchina.com/news/b5/2019/07/09/899703.html?code=b5

美國會瞄準中國製無人機 擬禁軍方購買
https://ec.ltn.com.tw/article/breakingnews/2845216

巴西成為國際駭客攻擊的目標
http://bit.ly/2XtaFoN

還以顏色?伊朗疑似升高對美網攻
https://www.ydn.com.tw/News/343122

德國工業區網速慢 經濟被「拖後腿」
http://bit.ly/2YCuxHm

防洩密 印度陸軍禁加入社群平台大型群組
https://www.cna.com.tw/news/aopl/201907090129.aspx

「敵國」圖分裂友邦 英外相令徹查密電洩露案
https://udn.com/news/story/6809/3918505

美國網路犯罪手段猖獗 各地政府損失逾1.4兆
http://bit.ly/2YM3Dg2

大疆無人機 罕見通過美審核
https://www.chinatimes.com/newspapers/20190711000100-260309?chdtv

葡國駭客揚言為公義 要搞死C朗
https://hk.on.cc/hk/bkn/cnt/sport/20190707/bkn-20190707110255519-0707_00882_001.html

美軍「網路旗」演習 強化網戰攻防
https://www.ydn.com.tw/News/343688

JPL探測火星資料遭駭 一年後才發現
https://udn.com/news/story/6812/3889560

網攻猖獗 全球2018年損失逾1.4兆
http://www.ksnews.com.tw/index.php/news/contents_page/0001282780

上萬億美元!這就是網路攻擊惹的禍
https://news.sina.com.tw/article/20190701/31815902.html

想癱瘓飛彈系統 美網攻伊朗失敗
https://udn.com/news/story/11314/3890732

美國網戰司令部發布警告,指有網軍透過 Outlook 老舊漏洞進行駭侵
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=888

伊朗暗示若美國解除制裁 願意協商新的讓步措施
https://udn.com/news/story/6811/3890416

避免台灣人被中國信用評分 先從禁用中國監控系統開始
https://talk.ltn.com.tw/article/breakingnews/2850480

Magento Killer
https://blog.sucuri.net/2019/07/magento-killer.html

Hackers breach Canonical GitHub account, create repositories, leave source code untouched
http://bit.ly/2G9FJnI

Wipe Away the Threat of Wiper Attacks
https://www.bankinfosecurity.com/wipe-away-threat-wiper-attacks-a-12727

NHS warned to act now to keep hackers at bay
https://www.welivesecurity.com/2019/07/03/nhs-warning-avoid-wannacryptor/

Pentagon losing recruiting battle for cybersecurity expertise
https://www.stripes.com/news/us/pentagon-losing-recruiting-battle-for-cybersecurity-expertise-1.589708

OpenPGP experts targeted by long-feared ‘poisoning’ attack
https://nakedsecurity.sophos.com/2019/07/05/openpgp-experts-targeted-by-long-feared-poisoning-attack/

Canonical GitHub account hacked, Ubuntu source code safe
https://www.zdnet.com/article/canonical-github-account-hacked-ubuntu-source-code-safe/#ftag=RSSbaffb68

Croatian government targeted by mysterious hackers
https://www.zdnet.com/article/croatian-government-targeted-by-mysterious-hackers/#ftag=RSSbaffb68

Ubuntu-Maker Canonical’s GitHub Account Gets Hacked
https://thehackernews.com/2019/07/canonical-ubuntu-github-hacked.html

Brazilians report lack of cybersecurity skills
https://www.zdnet.com/article/brazilians-report-lack-of-cybersecurity-skills/#ftag=RSSbaffb68

Dropbox: Fedora installation instructions fetch repo and validation key from insecure source, allowing mitm attack
https://vulners.com/hackerone/H1:638250?utm_source=rss&utm_medium=rss&utm_campaign=rss

Inside the NIST team working to make cybersecurity more user-friendly
https://www.helpnetsecurity.com/2019/07/11/nist-cybersecurity/

A Simple Configuration Mistake Caused GE Aviation Server To Leak Passwords and Sensitive Files
http://bit.ly/2XI4xcr

Magecart駭客集團新手法,專找配置錯誤的Amazon S3儲存貯體植入惡意程式
https://www.ithome.com.tw/news/131816

Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets
https://thehackernews.com/2019/07/magecart-amazon-s3-hacking.html

Spray and Pray: Magecart Campaign Breaches Websites En Masse Via Misconfigured Amazon S3 Buckets
https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/

Magecart group compromises 17,000 domains by overwriting Amazon S3 buckets
https://www.scmagazine.com/home/security-news/magecart-group-compromises-17000-domains-by-overwriting-amazon-s3-buckets/

資深系統工程師-資安產品
https://www.104.com.tw/job/6o0q9

前端設計師
https://www.104.com.tw/job/6o02g

資安經理
https://www.104.com.tw/job/6nbzr

資安工程師
https://www.104.com.tw/job/3fanf

兆豐銀招大數據人員暨資訊人員 薪含午膳費上看48K
https://www.1111.com.tw/news/jobns/124519/

供應鏈業務管理師
https://www.104.com.tw/job/6o6qi

數據分析師
https://www.liepin.com/job/1920264507.shtml

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
Virgil Abloh 本人 Instagram 帳號遭駭客入侵
https://hypebeast.com/zh/2019/7/virgil-abloh-instagram-hacked

約會應用程式 Jack’d 因隱私問題遭罰 24 萬;《財星 100 大》企業資料外洩,皆因安全措施不當的 AWS S3 伺服器導致
https://blog.trendmicro.com.tw/?p=61125

5大網路業者發布防制不實訊息自律準則
http://bit.ly/2YKCJW9
https://www.tahr.org.tw/sites/default/files/u87/190621_disinformation_code_of_practice_taiwan.pdf

資安研究單位指出,Email 仍是最主要的駭侵攻擊目標
https://blog.twnic.net.tw/2019/07/11/4219/

Google證實 雇用專人聽取裝置錄下的內容
https://www.cw.com.tw/article/article.action?id=5095970

詐騙新手法!簽支票才能借錢 一毛未得就欠債
https://news.ltn.com.tw/news/society/breakingnews/2837018

冒充聯邦法警「你未出席陪審團,繳錢消災」 詐財電話出新招
http://bit.ly/2XETLsh

卑詩商譽局提醒公眾留意冒稱銀行調查員的行騙手法
http://bit.ly/2XCt6ra

假鈔詐騙猖獗 苑裡人當心
http://bit.ly/2XBOOjG

「鑽線上服務漏洞」每次只騙1.99元 信用卡盜刷新手法
http://bit.ly/2JoFoyh

四川警方打掉一特大網路詐騙團伙
https://news.sina.com.tw/article/20190705/31859834.html

樂山打掉兩個網路賭博團伙 涉案賭資流水過億元
https://news.sina.com.tw/article/20190630/31799480.html

廣州工行協助警方堵截198萬涉案資金
https://news.sina.com.tw/article/20190705/31859244.html

電信詐騙「降魔之困」:高科技作案 老手段破案
https://news.sina.com.tw/article/20190704/31845990.html

提供人頭帳戶給詐騙集團使用 兩女吃官司
https://udn.com/news/story/7321/3915833

特大網路賭博平台滲透國內:年賭額為彩票收入兩倍
https://news.sina.com.tw/article/20190708/31885070.html

「最大罌粟花」侵入 特大國際網路賭博平台滲透國內
https://news.sina.com.tw/article/20190708/31883588.html

身分竊盜招數多 須常查看帳戶明細防詐
https://udn.com/news/story/6813/3920753

兩岸網路地下匯兌13億 警扣嫌資產
http://bit.ly/2Lfyi2u

台網站換匯人民幣 6年13億台幣流中國大陸
https://udn.com/news/story/7315/3918436

刑事局南打破獲網路地下匯兌 逮3嫌扣押3千多萬資產
https://news.ltn.com.tw/news/society/breakingnews/2846899

河南衛輝警方打掉一倒賣個人信息犯罪團伙
https://news.sina.com.tw/article/20190629/31796588.html

曾雅蘭、藍心湄遭盜圖賣商品 刑事局揭典型詐騙廣告
http://bit.ly/2xFvrqN

趁亂偷包!2男買點數 半小時盜刷1萬5千
https://news.tvbs.com.tw/local/1157033

我們常見信用卡詐騙主要是類型
https://read01.com/mzQyyDP.html#.XSat3ugzbIU

身分竊盜招數多 須常查看帳戶明細防詐
https://udn.com/news/story/6813/3920753

黑客侵香港私營醫療中心 7000病人資料恐外泄
http://bit.ly/2NOlh1N

社群網路一頁式廣告有詐 警公布6大破解訣竅防詐
https://news.ltn.com.tw/news/society/breakingnews/2844166

陸人力銀行員工盜賣16萬用戶個資 每份23元
https://money.udn.com/money/story/5603/3917960

英航38萬客戶個資被駭 遭判罰近3億美元
https://www.rti.org.tw/news/view/id/2026639

五十萬旅客個資遭駭客竊取 英航遭重罰2.3億美元
http://bit.ly/2xN2h9j

英國GDPR重罰再出手,萬豪國際因資料外洩遭罰9900萬英鎊
https://www.ithome.com.tw/news/131759

想靠網戀結束單身?你可能落入了「殺豬盤」陷阱
https://news.sina.com.tw/article/20190706/31877242.html

收到了微信支付關於XXE漏洞的郵件
https://developers.weixin.qq.com/community/develop/doc/0006e428458a38452cd84d40856000

EA遊戲平台漏洞恐洩用戶資料 股價挫逾
https://hk.on.cc/hk/bkn/cnt/finance/20190705/bkn-20190705231921625-0705_00842_001.html

峇厘島超商ATM盜領氾濫!專家傳授2點避免被詐
https://news.ebc.net.tw/News/business/169217

165反詐騙專線與Whoscall整合詐騙來電大數據  警民合作當反詐門神
https://times.hinet.net/news/22447130

美英5眼聯盟示警 8大情治系統個資遭中國掌控
http://bit.ly/2L5cXZl

59萬公務人員個資外洩 監委申請調查
https://udn.com/news/story/6656/3920942

59萬筆公務員個資外洩 台專家:問題嚴重
http://www.epochtimes.com/b5/19/7/5/n11365860.htm

59萬筆公務個資外洩 政院:媒體相關臆測非事實
https://udn.com/news/story/6656/3910761

銓敘部公務員個資外洩 政院資安處:立案偵辦中
https://cn.rti.tw/news/view/id/2026269

文官個資外洩因境外攻擊 手法近似中國特定網軍
https://www.cna.com.tw/news/firstnews/201907030101.aspx

政院:文官個資外洩已立案偵辦 外界臆測非事實
https://taronews.tw/2019/07/05/392231/

點開網頁瞬間被竊取隱私!訪客手機號碼被賣1元1條
https://reurl.cc/vRy2j

英國航空洩露個資,遭ICO開罰2.3億美元
https://reurl.cc/yVy06

奇異航空的Jenkins伺服器沒鎖,原始碼及密碼都曝光
https://www.ithome.com.tw/news/131740

男子被同事冒名辦信用卡欠款11萬筆跡鑑定還原真相
http://m.ce.cn/sh/sgg/201907/08/t20190708_32554857.shtml

萬豪酒店3億客戶個資外洩 衰吞9920萬英鎊重罰
https://newtalk.tw/news/view/2019-07-10/270640

中國大陸教育部發佈預警:警惕電信和「校園貸」詐騙
https://news.sina.com.tw/article/20190711/31926686.html

抽iPhone誘導填個資 警:趕快到銀行換卡
https://udn.com/news/story/7321/3908054?from=udn-ch1_breaknews-1-cate2-news

個資被駭被重罰!英國開鍘英航71億元、萬豪39億元
http://www.limedia.tw/tech/7360/

MongoDB Database Exposed 188 Million Records: Researchers
https://www.bankinfosecurity.com/mongodb-database-exposed-188-million-records-researchers-a-12769

Report: Detailed personal records of 188 million people found exposed on the web
https://www.comparitech.com/blog/vpn-privacy/188-million-data-breach/

Data leak costs £183 million
https://www.kaspersky.com/blog/british-airways-fined/27580/

Facebook transfer of data from EU to US shores argued in European high court
https://www.zdnet.com/article/legal-battle-challenging-facebook-transfer-of-eu-data-to-us-shores-reaches-european-high-court/#ftag=RSSbaffb68

GE Aviation exposed internal configs via open Jenkins instance
https://securitydiscovery.com/ge-aviation-exposed/

Vulnerabilities Found in Yet Another Government Website
https://www.bankinfosecurity.asia/vulnerabilities-found-in-yet-another-government-website-a-12724

Summer Scam Alerts: Don’t Let Crooks Wreck Your Family Travel Plans
https://securingtomorrow.mcafee.com/consumer/family-safety/summer-scam-alerts-dont-let-crooks-wreck-your-family-travel-plans/

British Airways Faces Record-Setting $230 Million GDPR Fine
https://www.bankinfosecurity.com/british-airways-faces-record-setting-230-million-gdpr-fine-a-12743

Over 90 Million Records Leaked by Chinese Public Security Department
https://www.bleepingcomputer.com/news/security/over-90-million-records-leaked-by-chinese-public-security-department/

Report: Fieldwork Software Leaks Sensitive Customer Data
https://www.vpnmentor.com/blog/report-fieldwork-leak/

Fieldwork Software database leak exposed sensitive SMB records, customer credit card details
https://www.zdnet.com/article/fieldwork-software-database-exposed-full-credit-card-details-of-business-customers/#ftag=RSSbaffb68

FBI, ICE plunder DMV driver database ‘gold mine’ for facial recognition scans
https://www.zdnet.com/article/fbi-and-ice-are-using-dmv-gold-mine-for-facial-recognition-scans/#ftag=RSSbaffb68

British Airways Fined £183 Million Under GDPR Over 2018 Data Breach
https://thehackernews.com/2019/07/british-airways-breach-gdpr-fine.html

Estonia's new e-residency security focus: 'You can't launder money with a digital ID'
https://www.zdnet.com/article/estonias-new-e-residency-security-focus-you-cant-launder-money-with-a-digital-id/#ftag=RSSbaffb68

Hackers breached Greece's top-level domain registrar
https://www.zdnet.com/article/hackers-breached-greeces-top-level-domain-registrar/#ftag=RSSbaffb68

UK’s data watchdog hands out two mega-fines for breaches
https://www.welivesecurity.com/2019/07/09/ico-fines-breaches-british-marriott/

Gone phishing: Why summer brings increased security threats to the enterprise
https://www.techrepublic.com/article/gone-phishing-why-summer-brings-increased-security-threats-to-the-enterprise/

Premera Signs $10 Million Breach Settlement With 30 States
https://www.bankinfosecurity.com/premera-signs-10-million-breach-settlement-30-states-a-12772

E.研究報告
善用Apache MPM工作模式 徹底發揮主機硬體效能 開源httperf壓力測試 調出伺服器最佳服務效能
https://www.netadmin.com.tw/netadmin/zh-tw/technology/79EE785099FF4659A813C710D92834D8

提升 WordPress 安全性,防止駭客入侵網站的 12 個方法(2019)
https://networker.tw/wordpress-security/

手動挖掘漏洞(一)輸入框未加過濾引發漏洞利用
https://www.cnblogs.com/Tempt/p/11147499.html

Mozilla火狐瀏覽器中的一個Use-After-Free漏洞分析
https://xz.aliyun.com/t/5569

CVE-2019-0863漏洞分析
https://xz.aliyun.com/t/5571

分析:HackerOne的安全漏洞報告導致門羅幣價格大跌
https://xcong.com/lives/1547167

阿里“內核漏洞檢測方法”入選國際學術頂會,尚不開源
http://tech.ifeng.com/a/20190705/45609730_0.shtml

CVE-2019-9041: 從CSRF到Getshell漏洞分析
http://www.sohu.com/a/325432735_354899

使用Adidnsdump轉儲Active Directory DNS
https://www.freebuf.com/articles/network/206897.html

WebLogic XMLDecoder 漏洞分析
https://www.freebuf.com/column/207849.html

Jenkins任意文件讀取(CVE-2018-1999002)漏洞分析
https://www.freebuf.com/column/207844.html

CVE-2017-12615漏洞復現
https://xz.aliyun.com/t/5610

淺談: 建立安全成熟度模型
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=8737

一款輕量級Web漏洞教學演示系統(DSVW)
http://www.wu45.com/post/4382.html

Bypassing Web Application Firewalls with HTTP Parameter Pollution
https://www.exploit-db.com/docs/47082

Coding a remote screenshot sending malware
https://medium.com/@gnsrikanth/coding-a-remote-screenshot-sending-malware-feea50b8bf8

Whonix : Privacy Protection, Anonymity Online, Anonymous Operating System
https://kalilinuxtutorials.com/whonix-privacy-protection/

Remote tech support, yet another risk factor for business
https://www.kaspersky.com/blog/dangerous-remote-access/27538/

Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks
https://www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-exploit/

Meet the ‘Gift Cardsharks’ Behind the Massive Campaign Targeting Victims with Commercially Available Tools
https://www.riskiq.com/blog/external-threat-management/giftcard-sharks/

Using Whitelisting to Remediate an RCE Vulnerability (CVE-2019-2729) in Oracle WebLogic
http://bit.ly/2xtl3lQ

See the Unseen in AWS Mirrored Traffic With the VM-Series
https://blog.paloaltonetworks.com/cloud-see-unseen-aws-mirrored-traffic-vm-series/

Getting Started with Cloud Governance
https://securingtomorrow.mcafee.com/business/cloud-security/getting-started-with-cloud-governance/

Fake jquery campaign leads to malvertising and ad fraud schemes
https://blog.malwarebytes.com/threat-analysis/2019/06/fake-jquery-campaign-leads-to-malvertising-and-ad-fraud-schemes/

GreenFlash Sundown exploit kit expands via large malvertising campaign
https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-exploit-kit-expands-via-large-malvertising-campaign/

Recipe for success: tech support scammers zero in via paid search
https://blog.malwarebytes.com/tech-support-scams/2019/06/recipe-for-success-tech-support-scammers-zero-in-via-paid-search/

HACKER LEXICON: WHAT IS CREDENTIAL DUMPING
https://www.wired.com/story/hacker-lexicon-credential-dumping/

How to enable DNS-over-HTTPS (DoH) in Firefox
https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-firefox/#ftag=RSSbaffb68

Mozilla: No plans to enable DNS-over-HTTPS by default in the UK
https://www.zdnet.com/article/mozilla-no-plans-to-enable-dns-over-https-by-default-in-the-uk/#ftag=RSSbaffb68

Coding a remote screenshot sending malware
https://medium.com/@gnsrikanth/coding-a-remote-screenshot-sending-malware-feea50b8bf8

F.商業
亞利安攜手原廠夥伴,助用戶落實資安法、提升威脅防禦能量
https://ithome.com.tw/pr/131679

數位媒體偷渡機密資訊 資安鑑識把守最後關卡  破解資訊隱藏伎倆 力阻數位影像藏密外流
https://www.netadmin.com.tw/netadmin/zh-tw/technology/C97145B13825464CB1F293223D009A7B

奧義智慧研發資安人工智慧引擎,從端點到全球網路快速防護
https://technews.tw/2019/07/08/cycarrier-developed-an-ai-engine-with-forensic-platform-to-provide-security-from-endpoints-to-global-networks/

微軟:如果你兩年內沒有登入微軟帳號,帳號將會自動刪除並且不會發送提醒郵件
https://www.techbang.com/posts/71371-microsoft-says-that-if-you-dont-log-in-to-your-microsoft-account-in-two-years-the-account-will-be-automatically-deleted-and-no-reminder-emails-will-be-sent

解析惡意郵件威脅指標 提升資安防護 眾至自建團隊 累積在地化情資
https://www.netadmin.com.tw/netadmin/zh-tw/market/9C3E2EA5EA2944F69FFD7494B09B3F4A

穆迪公司和Team8成立合資公司以制定全球網路風險標準
https://times.hinet.net/topic/22438194

趨勢科技率先利用 AWS Transit Gateway,提供高效能在線式網路資安防護,協助簡化並有效率解決企業在應用程式移轉至雲端時的網路資安需求
http://www.pcdiy.com.tw/detail/13470

McAfee準備重新上市
https://www.ithome.com.tw/news/131791

McAfee plots return to public markets with IPO
https://www.zdnet.com/article/mcafee-plots-return-to-public-markets-with-ipo/

Dashboards to Use on Palo Alto Networks for Effective Management
https://thehackernews.com/2019/07/log-management-analysis.html

Cynet Launches Free Offering For Incident Response Service Providers
https://thehackernews.com/2019/07/cynet-incident-response.html

Microsoft enhances OneDrive to secure your sensitive files
https://www.welivesecurity.com/2019/06/27/microsoft-onedrive-personal-vault-files/

Review: XM Cyber HaXM makes automated penetration testing more accessible, reliable
https://www.csoonline.com/article/3406464/review-xm-cyber-haxm-makes-automated-penetration-testing-more-accessible-reliable.html

Hackers' Operating System Kali Linux Released for Raspberry Pi 4
https://thehackernews.com/2019/07/kali-linux-raspberry-pi-4.html

Microsoft adds new 'passwordless' sign-in option with latest Windows 10 20H1 test build
https://www.zdnet.com/article/microsoft-adds-new-passwordless-sign-in-option-with-latest-windows-10-20h1-test-build/#ftag=RSSbaffb68

Microsoft is closing its Remix3D.com site early next year
https://www.zdnet.com/article/microsoft-is-closing-its-remix3d-com-site-early-next-year/#ftag=RSSbaffb68

Microsoft is reorging its field sales team, laying off some 'Modern Desktop' salespeople
https://www.zdnet.com/article/microsoft-is-reorging-its-field-sales-team-laying-off-some-modern-desktop-salespeople/#ftag=RSSbaffb68

Microsoft stirs suspicions by adding telemetry files to security-only update
https://www.zdnet.com/article/microsoft-stirs-suspicions-by-adding-telemetry-files-to-security-only-update/#ftag=RSSbaffb68

G.政府
不信任公部門?打假…為何越打越反感
https://udn.com/news/story/11311/3912764

傳鎖定網站清查假訊息影響大選 調查局澄清
https://udn.com/news/story/7321/3912934

內政部:數位身分證將結合自然人憑證,明年10月換發
https://www.ithome.com.tw/news/131711

晶片身分證明年十月將發行,上路倒數前3大疑慮待解
https://www.techbang.com/posts/71385-chip-id-will-be-released-in-october-top-3-doubts-to-be-resolved

「國安五法」完成 蔡英文:續拚「中共代理人」修法
http://bit.ly/32cwxZ4

台月底公布危害資安產品清單 華為中興料被禁
https://hk.on.cc/hk/bkn/cnt/cnnews/20190707/bkn-20190707154016375-0707_00952_001.html

誤送開山里登革熱警示傳損千萬 疾管署:免費發送
https://www.cna.com.tw/news/firstnews/201907095006.aspx

危害國家資安產品清單 擬7月底公布
https://www.cna.com.tw/news/aipl/201907070033.aspx

發布核定具證券性質之虛擬通貨為證券交易法所稱之有價證券之令。(金管證發字第1080321164號)                
https://reurl.cc/j0M3p

金管會公布系統性銀行名單,上榜銀行面臨增資壓力
https://finance.technews.tw/2019/07/08/the-fsc-announces-a-list-of-systemic-banks-and-the-listed-banks-are-facing-pressure-to-increase-capital/

銀行資料上雲端哪些新規定?實地查核怎麼做?金管會雲端委外8大重點一次看
https://www.ithome.com.tw/news/131678

開發App,請依「行政院及所屬各機關行動化服務發展作業原則」進行
https://inc.ntub.edu.tw/p/405-1011-69591,c4009.php?Lang=zh-tw

5G頻譜戰/清除路障 NCC有方案
https://reurl.cc/XnXgM

中共代理人修法為選舉?綠委反擊藍:中共滲透讓民眾產生亡國感
http://bit.ly/2Jln0HI

電子支付機構業務管理規則
http://www.rootlaw.com.tw/LawArticle.aspx?LawID=A040390040026700-1080702&ShowType=Ref&FLNO=20000

科技賄選? 警方布線偵查行動支付、虛擬貨幣買票
https://news.ltn.com.tw/news/politics/breakingnews/2848979

大選查賄起跑 嚴查假消息、境外資金
https://news.ltn.com.tw/news/politics/paper/1302139

智慧巴士資通訊系統資安標準上路,產業防護再升級
http://www.ttia-tw.org/news.php?wshop=ttia&Opt=detailed&tp=News&lang=zh-tw&news_id=22654

亞矽執行中心參訪美NIST 強化雙邊連結
https://money.udn.com/money/story/5612/3923038

韓才稱不考量!高雄亞洲好玩卡爆中資
http://bit.ly/2LhkuVc

修正「南投縣政府資通安全處理小組設置及作業要點」第二點、第四點、第五點及第七點,並自即日生效
http://link.nantou.gov.tw/glrsout/NewsContent.aspx?id=967

前陸軍副司令劉湘濱:做好資訊戰 攻台戰爭就打不起來
https://news.ltn.com.tw/news/politics/breakingnews/2850206

H.ICS/SCADA 工控系統
研究人員發現醫療軟件漏洞將導致診斷結果有誤
http://bit.ly/2Jo9naI

美國醫院麻醉機、呼吸機現安全漏洞:極易遭遠程篡改
https://news.sina.com.tw/article/20190710/31919198.html

Researchers Disclose Vulnerability in Siemens' ICS Software
https://www.bankinfosecurity.in/researchers-disclose-vulnerability-in-siemens-ics-software-a-12765

Vulnerabilities found in GE anesthesia machines
https://www.zdnet.com/article/vulnerabilities-found-in-ge-anesthesia-machines/#ftag=RSSbaffb68

advantech -- webaccess CVE-2019-10989
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10989

advantech -- webaccess CVE-2019-10991
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10991

advantech -- webaccess CVE-2019-10993
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10993

I.教育訓練
駭客的 Linux 基礎入門必修課 (Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali)
https://www.tenlong.com.tw/products/9789865021993?list_name=c-linux

教你 使用 Windows 10 Sandbox 沙箱 功能,降低電腦中毒的機率
http://bit.ly/2XAN1vy

XXE漏洞學習
https://www.cnblogs.com/liqik/p/11167019.html

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
物聯網中自由、便利與安全的恐怖三角關係,您選擇了誰
https://www.allion.com.tw/article-cybersecurity-2/

機器學習:現代網路安全英雄
https://www.symantec.com/blogs/chinese-traditional/tw-machine-learning-modern-day-cyber-security-hero

2019台灣資安產業與IoT發展現況大公開
http://m.ccs-cbm.org.cn/kexue/7914.html

航拍機投射假路牌資訊   黑客爆自動駕駛系統漏洞
https://unwire.hk/2019/07/08/flickering-car-ghosts/life-tech/auto/

強化資安及深度學習,安控網路攝影機 AI 應用更上層樓
https://technews.tw/2019/07/08/strengthen-ai-application-of-ip-camera-by-cyber-security-and-deep-learning/                                                   

知名動畫,IOT資安恐攻議題
http://www.digorlon.com/home/post/928

暗網潛航——物聯網、勿聯網(中)
http://bit.ly/2LfOxg2

又是弱密碼惹的禍!Silex 一天就癱瘓數千台物聯網設備
https://blog.trendmicro.com.tw/?p=61131

Smart waste management system highlights potential for narrowband IoT deployments
https://www.zdnet.com/article/smart-waste-management-system-highlights-potential-for-narrowband-iot-deployments/#ftag=RSSbaffb68

Automated Peril: Researchers Hack 'Smart Home' Hubs
https://www.bankinfosecurity.com/automated-peril-researchers-hack-smart-home-hubs-a-12723

Two billion user logs leaked by smart home vendor
https://www.welivesecurity.com/2019/07/02/two-billion-logs-leaked-smart-home/

Israel warns of AI cyber-attacks by voice impersonating of senior executives
http://www.xinhuanet.com/english/2019-07/10/c_138212768.htm

Forescout Positioned For Growth In Burgeoning IoT/OT Security Market
https://www.forbes.com/sites/robertdefrancesco/2019/07/11/forescout-positioned-for-growth-in-burgeoning-iotot-security-market/

Hacked surveillance firm pitches NYC with invasive camera tech to track driver journeys
https://www.zdnet.com/article/hacked-surveillance-firm-pitches-nyc-with-ml-cameras-to-track-driver-journeys/

6.近期資安活動及研討會
 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 智慧金屬與物聯網資安座談會  7/15
 https://seminars.tca.org.tw/D15e02242.aspx

 【資安講座】企業電子郵件資安,釣魚郵件與郵件詐騙解析、最新防護技術發展,更新大家的資安知識 7/16
 https://www.techbang.com/posts/70854-lecture-corporate-email-security

 HackingThursday 固定聚會 7/18
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/

 資安產學高峰論壇 7/18
 https://www.accupass.com/event/1906140709596176666390

 資安趨勢研討會 7/18
 https://www.accupass.com/event/1906110041444881410360

 第12屆台盧(森堡)經濟合作會議  7/19
 http://registration.cieca.org.tw/visit/?d=74

 5G+IoT美麗新世界的資安挑戰與機會研討會 7/18
 http://iekweb2.iek.org.tw/IEKConf/Client/confinfo.aspx?mode=confinfo&conf_no=384953433

 HackingThursday 固定聚會 7/25
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/

 新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站​  7/26
 https://ievents.iii.org.tw/eventS.aspx?t=0&id=547

 2019扭轉資安營運研討會  7/26
 https://www.netfos.com.tw/event/2019event/20190726netfos/20190726-NETFOS-seminar-reg.html

 CDX2.0推廣活動 - 台南場次  7/26
 https://nchc-cdx.kktix.cc/events/cdxactivity-0726

 Agile Hsinchu 七月聚會: 當領域驅動上了雲 7/27
 https://agilecommtw.kktix.cc/events/dddcloud

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

 資安事故處理實務課程 8/7 ~ 8/8
 http://bit.ly/2VW0Lv9

 DEF CON 27  2019/8/8–8/11
 https://www.defcon.org/

 大數據軟體開發平台與AI(人工智慧)開發應用案例 8/9
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3805&from_course_list_url=homepage

 數位鑑識處理實務 8/14 ~ 8/15
 http://bit.ly/2VW0Lv9

 108 年度臺灣學術網路危機處理中心資安巡迴研討會 -資安趨勢暨網路安全概要  8/19 ~ 8/27
 http://www.hssh.tp.edu.tw/ezfiles/1/1001/attach/42/pta_17520_7551835_06329.pdf

 台灣駭客年會 HITCON Summer Training 2019 - 學生報名  2019-08-19 ~ 2019-08-22
 https://www.accupass.com/event/1906050919271598677460

 ᅵYahoo奇摩電商專題講座ᅵ 我們與詐騙的距離_電商不可承受的資安之重  8/21
 https://www.accupass.com/event/1906120307261445013215

 WEB應用滲透測試 8/21 ~ 8/23
 https://www.accupass.com/event/1904080221358963463590

 台灣駭客年會 HITCON Community 2019  2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8)
 https://www.accupass.com/event/1906040921594609934250

 數位政府高峰會 2019  8/28
 https://egov.ithome.com.tw/

 ModernWeb 19  8/28 ~ 8/29
 https://modernweb.tw/

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 108年資安職能訓練-行動裝置安全(8/29-8/30)
 https://cee.ksu.edu.tw/recruitinfo/1443.html

 2019 NGO 資安種子講師訓練 8/29
 https://ocftw.kktix.cc/events/cscs2019tot

 交通大學亥克書院-B022:基礎網頁安全與滲透測試<新竹場次> 9/7
 https://hackercollege.nctu.edu.tw/?p=1079

 【AWS資安】Security Engineering on AWS​高級課程 9/9 ~ 9/11
 https://www.accupass.com/event/1905150854571147685105

 CDX2.0推廣活動 - 台北場次 9/10
 https://nchc-cdx.kktix.cc/events/cdxactivity-0910

 Kubernetes Summit 9/11
 https://summit.ithome.com.tw/kubernetes/

 交通大學亥克書院-A011:入侵行為發覺與應變指南 9/21
 https://hackercollege.nctu.edu.tw/?p=1082

 TANET 2019 - 臺灣網際網路研討會  9/25
 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310

 交通大學亥克書院-B022:基礎網頁安全與滲透測試 9/28
 https://hackercollege.nctu.edu.tw/?p=1084

 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/

 交通大學亥克書院-A006:數位足跡追蹤與分析 10/19
 https://hackercollege.nctu.edu.tw/?p=1088

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

 交通大學亥克書院-A015:進階網頁滲透測試 10/26
 https://hackercollege.nctu.edu.tw/?p=1090

 交通大學亥克書院-P006:高階網頁滲透測試 11/16
 https://hackercollege.nctu.edu.tw/?p=1092

 交通大學亥克書院-B015:惡意程式檢測 11/30
 https://hackercollege.nctu.edu.tw/?p=1098

 交通大學亥克書院-A018:企業網域控管-Active Directory攻擊與防禦  12/14
 https://hackercollege.nctu.edu.tw/?p=1094

 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

留言

這個網誌中的熱門文章

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…