跳到主要內容

資安事件新聞週報 2019/7/29 ~ 2019/8/2

資安事件新聞週報  2019/7/29  ~  2019/8/2

1.重大弱點漏洞/後門/Exploit/Zero Day
Critical Flaws in 'OXID eShop' Software Expose eCommerce Sites to Hacking
https://thehackernews.com/2019/07/oxid-eshop-ecommerce.html

LibreOffice 遠端執行任意程式碼漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-9848

Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
https://www.exploit-db.com/exploits/47203

Oracle WebLogic遠程命令執行漏洞預警
http://www.oracle-training.cc/jiaocheng/8267850.html

JVNVU#99222951 Oracle Solaris における任意のコード実行の脆弱性
https://jvn.jp/vu/JVNVU99222951/

Symantec Endpoint Protection 提升權限漏洞
https://support.symantec.com/us/en/article.SYMSA1487.html

Fortinet 產品繞過保安限制漏洞
https://fortiguard.com/psirt/FG-IR-16-090
https://fortiguard.com/psirt/FG-IR-19-111

蘋果修補允許駭客讀取檔案的iMessage漏洞
https://ithome.com.tw/news/132119

【漏洞預警】Django JSONField,HStoreField SQL注入漏洞
https://www.freebuf.com/vuls/210257.html

SanDisk SSD Dashboard 管理程式存有資安漏洞
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5098


Google 資安團隊 Project Zero 一口氣發現多個 iOS 安全漏洞
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5097

Just Opening A Document in LibreOffice Can Hack Your Computer (Unpatched)
https://thehackernews.com/2019/07/libreoffice-vulnerability.html

微軟 Excel 存有遠端執行任意程式碼漏洞
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5099

Windows Defender Application Control 安控機制可被跳過的漏洞
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5100

Microsoft starts testing its new Cortana app as part of its latest Windows 10 20H1 Fast Ring build
https://www.zdnet.com/article/microsoft-starts-testing-its-new-cortana-app-as-part-of-its-latest-windows-10-20h1-fast-ring-build/

How to perform a clean install of Windows 10: Here's a step-by-step checklist
https://www.zdnet.com/pictures/windows-10-the-ultimate-clean-install-checklist/#ftag=RSSbaffb68

Authenticated XSS Found in WordPress Plugin Facebook Widget
https://www.securityweek.com/authenticated-xss-found-wordpress-plugin-facebook-widget

DHS warns about CAN bus vulnerabilities in small aircraft
https://www.zdnet.com/article/dhs-warns-about-can-bus-vulnerabilities-in-small-aircraft/#ftag=RSSbaffb68

DHS Warns Small Airplanes Vulnerable to Flight Data Manipulation Attacks
https://thehackernews.com/2019/07/airplane-can-bus-hacking.html

Chrome 76 穩定版推出 Flash 死亡倒數 PWA 安裝更方便
http://bit.ly/2YtsILW

Google Chrome 多個漏洞
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html

Chrome to Add HTTP Cache Partitioning to Block Attacks, Tracking
https://www.bleepingcomputer.com/news/security/chrome-to-add-http-cache-partitioning-to-block-attacks-tracking/

Google Chrome 76 released for Windows, Mac, and Linux
https://www.zdnet.com/article/google-chrome-76-released-for-windows-mac-and-linux/#ftag=RSSbaffb68

PlayStation Network 存在安全性漏洞,駭客可繞過驗證盜刷信用卡
https://www.kocpc.com.tw/archives/267793

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
中國天網籠罩台灣?合庫各分行監視器 竟是可人臉辨識的中國貨
https://news.ltn.com.tw/news/Taichung/breakingnews/2864619

合庫監視器 疑中貨改標
https://ec.ltn.com.tw/article/paper/1306136

監視器貼牌? 合庫︰資安無疑慮才驗收
https://ec.ltn.com.tw/article/paper/1306279

監視器疑為陸貨 合庫請廠商簽保證並送檢測
https://www.ettoday.net/news/20190729/1501145.htm

中國天網監控台灣?「合作金庫」爆裝中國監視器
https://www.secretchina.com/news/b5/2019/07/27/901678.html

中國監視器滲透台灣銀行?合作金庫緊急澄清
http://bit.ly/2GDcfPb

純網銀下周將拍板定案,臺灣金融業將迎來2家競爭對手,大數據為王的生態系之戰也要開打
https://www.ithome.com.tw/news/132074

CFA、CFP證照最值錢 鼓勵員工考照 銀行獎勵拚場
https://www.chinatimes.com/newspapers/20190728000212-260202?chdtv

金融夯證照 CFP、防洗錢熱門
https://www.chinatimes.com/newspapers/20190728000208-260202?chdtv

傳統銀行拚數位轉型 央行指引5大明路
https://www.cna.com.tw/news/afe/201907280070.aspx

數位創新和核心大改造並行,凱基銀搶攻虛擬通路靠兩大關鍵
https://times.hinet.net/news/22484153

日本在線零售商樂天尋求美國的銀行執照
https://news.sina.com.tw/article/20190729/32123782.html

替用戶省下 500 億電匯手續費,歐洲 Fintech 獨角獸「TransferWise」市值破千億
https://buzzorange.com/techorange/2019/07/29/telegraphic-transfer-transferwise-how-does-transferwise-work/

凱基銀、台灣大共創「數位行動刷卡機」 商家、顧客同享便利
https://m.ctee.com.tw/livenews/ch/a93610002019072919582813?area=

台灣即將多了兩家純網銀 傳統銀行為何老神在在
http://bit.ly/317dVZg

3家全上!純網銀執照名單終於揭曉,將來銀行、LINE Bank、樂天銀行通通取得執照!各自優勢大比較
https://www.ithome.com.tw/news/132123

純網銀名單公布 玉山金總座:前兩年營運是最大考驗
https://udn.com/news/story/7239/3959637

將來銀行 優先布建資安
https://money.udn.com/money/story/5648/3960390

將來銀行 國家隊資安保證
https://ec.ltn.com.tw/article/paper/1307211

樂天國際商銀獲准成立 將啟動台灣純網銀國際化新時代
https://udn.com/news/story/7239/3959566

台灣金融業邁向純網銀時代!樂天國際商銀也拿到門票了
https://ec.ltn.com.tw/article/breakingnews/2868565

財經巷仔內/純網銀夯什麼 與網路銀行有何不同
http://bit.ly/2YssaKt

防堵駭客 美國銀行資安預算暴增
https://www.chinatimes.com/realtimenews/20190731004511-260410?chdtv

壽險業搶攻區塊鏈技術 推一鍵快速理賠
https://tw.finance.appledaily.com/realtime/20190801/1609398/

純網銀三家全數核准! 最快明年H1開業 營運目標初步出爐 三家各鎖定不同客群
https://www.ttv.com.tw/news/view/10807310021000F/579

「純網銀」的愛恨情愁
https://forum.ettoday.net/news/1502393?redirect=1

樂天純網銀將上線 拚開業後3年之內開始賺錢
https://www.ettoday.net/news/20190801/1503852.htm

Akamai威脅研究﹕憑證填充攻擊及網絡釣魚仍是金融產業的最大威脅
http://n.yam.com/Article/20190802849526

Visa存在非接觸式信用卡漏洞
http://www.360.cn/n/10855.html

Security Implications of Using AI & ML for Banking Innovations
https://www.bankinfosecurity.asia/interviews/security-implications-using-ai-ml-for-banking-innovations-i-4402

How Prepared Is the Financial Services Sector to Respond to a Systemic, Global Cyberattack
https://securityintelligence.com/posts/how-prepared-is-the-financial-services-sector-to-respond-to-a-systemic-global-cyberattack/

Exclusive: Hack Breaks Your Visa Card’s Contactless Limit For Big Frauds
https://www.forbes.com/sites/thomasbrewster/2019/07/29/exclusive-hackers-can-break-your-credit-cards-30-contactless-limit/

OCBC Bank offers cash by QR codes
https://www.zdnet.com/article/ocbc-bank-offers-cash-by-qr/#ftag=RSSbaffb68

Equifax settlement claims: The FTC says watch out for fake websites trying to scam you
https://www.usatoday.com/story/money/2019/07/30/ftc-warns-equifax-settlement-scam-involving-fake-websites/1864757001/

3.電子支付/電子票證/行動支付/ pay/新聞及資安
跨境支付“持牌”前夜“無證機構”補漏洞
https://finance.sina.com.cn/roll/2019-07-27/doc-ihytcitm4926172.shtml

日本「7pay」行動支付服務宣佈 9 月底完全停止營運
https://chinese.engadget.com/2019/08/01/7pay-end-for-good/

修不好「7pay」只能放棄:日本7-11的電子支付大潰敗
https://global.udn.com/global_vision/story/8662/3964296

4.虛擬貨幣/區塊鍊   新聞及資安
SIM 卡遭竊被駭「7.3 億台幣」加密貨幣,受害者告美國電信巨頭 AT&T「技術疏失」
https://www.blocktempo.com/court-says-att-sim-hack-plaintiffs-24m-crypto-loss-not-result-of-security-lapse-must-amend-suit/

幣寶台灣將於8/2召開說明會!三分鐘回顧整起被駭事件始末
http://bit.ly/2OEalUK

菲律賓聯合銀行推出區塊鏈穩定幣「PHX」,開放所有開戶民眾購買、使用
https://www.blocktempo.com/philippines-unionbank-launches-stablecoin-conducts-first-blockchain-transaction-by-bank/

區塊鏈革命浪潮狂捲 台灣市場先進者的佈局
https://money.udn.com/money/story/5635/3962672

打擊假新聞,揪記者、工程師組隊導入區塊鏈技術
https://www.bnext.com.tw/article/54122/new-york-times-confirms-its-using-blockchain-to-combat-fake-news

Eosfinex開放交易;在Mainnet EOS上推出
https://money.udn.com/money/story/9529/3962317

虛擬通貨交易所被駭,許毓仁要求加強資安防護與風控機制
http://bit.ly/2OKBmpA

面對幣寶被駭事件,許毓仁建議應加強監督、恪守自律
https://www.inside.com.tw/article/17098-bitpoint-got-hacked

虛擬通貨交易所頻頻遭駭 投資人恐求助無門
https://udn.com/news/story/7241/3963956

加密貨幣交易所 BitPoint 被駭,台灣分公司也宣布停止交易
https://technews.tw/2019/08/01/bitpoint-hacked-bptaiwan-stop-service/

BITPoint Japan 遭駭用戶提現受阻 幣寶台灣說明:法律途徑為最後考量
https://blockcast.it/2019/08/02/bitpoint-taiwan-0802/

Russian police investigate Bitcoin miner import scheme
https://www.zdnet.com/article/russian-police-investigate-bitcoin-miner-import-scheme/#ftag=RSSbaffb68


5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
十五年前的惡意軟體 MyDoom,今日依然肆虐
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=902

反勒索  有解藥  勒索病毒來襲免緊張
https://times.hinet.net/news/22482348

Lookout揭開由俄羅斯國防承包商STC所打造的高級間諜程式Monokle面紗
https://www.ithome.com.tw/news/132039

惡意軟體Emotet消聲匿跡是好事?資安廠:可能攜新功能捲土重來
https://www.ettoday.net/news/20190729/1501010.htm

德國百強企業遭駭!惡意軟體「Winnti」入侵多個敏感產業,調查發現程式碼埋中文字符
https://www.bnext.com.tw/article/54151/winnti-chinesehackers-germany

媒體揭露中國Winnti駭客集團長期攻擊德國多個重要企業
https://times.hinet.net/news/22485696

No More Ransom專案讓駭客少賺了1.08億美元
https://www.ithome.com.tw/news/132096

RDP漏洞可引發全球性惡意軟件大爆發
http://safe.zol.com.cn/723/7232100.html

新勒索軟體利用Android 手機簡訊傳給通訊錄友人
https://www.ithome.com.tw/news/132144

安卓用戶注意!資安業者:行動惡意軟體攻擊最常見這3類
https://3c.ltn.com.tw/news/37557

看好你的信用卡,銷售櫃台系統( PoS )惡意程式 Badhatch 來了
https://blog.trendmicro.com.tw/?p=61425

新Mirai病毒變種利用Tor網路避免偵查
https://www.ithome.com.tw/news/132213

駭侵團體 APT34 透過 LinkedIn 邀請散布惡意軟體
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=901

宅配公司發的不在府通知簡訊,夾帶病毒!揭穿五種網拍宅配包裹騙術
https://blog.trendmicro.com.tw/?p=55968

你下載的App都安全嗎?四招遠離手機病毒
https://blog.trendmicro.com.tw/?p=61205

Financial malware threat grows
https://www.techradar.com/news/financial-malware-threat-grows

Popular Malware Families Using 'Process Doppelgänging' to Evade Detection
https://thehackernews.com/2019/07/process-doppelganging-malware.html

No More Ransom project has prevented ransomware profits of at least $108 million
https://www.zdnet.com/article/no-more-ransom-project-has-prevented-ransomware-profits-of-at-least-108-million/#ftag=RSSbaffb68

Zurich police warn of rise in ransomware attacks
https://www.thelocal.ch/20190729/zurich-police-warn-of-rise-in-ransomware-attacks-switzerland-cybercrime

Ransomware crooks hit Synology NAS devices with brute-force password attacks
https://www.zdnet.com/article/ransomware-crooks-hit-synology-nas-devices-with-brute-force-password-attacks/

Ransomware infection takes some police car laptops offline in Georgia
https://www.zdnet.com/article/ransomware-infection-takes-some-police-car-laptops-offline-in-georgia/#ftag=RSSbaffb68

Ransomware Attack Caused Power Outages in the Biggest South African City
https://thehackernews.com/2019/07/cyberattack-power-outage.html

South African power company battles ransomware attack
https://www.welivesecurity.com/2019/07/26/south-africa-johannesburg-ransomware/

Ransomware attack leaves Johannesburg residents without electricity
https://www.helpnetsecurity.com/2019/07/26/ransomware-johannesburg/

Attackers Are Wiping Iomega NAS Devices, Leaving Ransom Notes
https://www.bleepingcomputer.com/news/security/attackers-are-wiping-iomega-nas-devices-leaving-ransom-notes/

Decryptiomega (NAS) Ransomware (YOUR FILES ARE the SAFE!!! txt)
https://www.bleepingcomputer.com/forums/t/701380/decryptiomega-nas-ransomware-your-files-are-the-safe-txt/

Android ransomware is back
https://www.welivesecurity.com/2019/07/29/android-ransomware-back/

This new Android ransomware infects you through SMS messages
https://www.zdnet.com/article/this-new-android-ransomware-infects-you-through-sms-messages/#ftag=RSSbaffb68

US files lawsuit against Bitcoin exchange that helped launder ransomware profits
https://www.zdnet.com/article/us-files-lawsuit-against-bitcoin-exchange-that-helped-launder-ransomware-profits/#ftag=RSSbaffb68

Utsick in Ransomware,Mobile Banking Malware
https://www.infosecurity-magazine.com/news/uptick-in-ransomware-mobile/

Louisiana Declares Emergency After Malware Attacks
https://www.bankinfosecurity.com/louisiana-declares-emergency-after-malware-attacks-a-12835

Johannesburg Utility Recovering After Ransomware Attack
https://www.bankinfosecurity.com/johannesburg-utility-recovering-after-ransomware-attack-a-12834

Malicious campaign targets South Korean users with backdoor‑laced torrents
https://www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/

Marcus 'MalwareTech' Hutchins gets no prison time, one year supervised release
https://www.zdnet.com/article/marcus-malwaretech-hutchins-gets-no-prison-time-one-year-supervised-release/#ftag=RSSbaffb68

Massive Botnet Attack Used More Than 400,000 IoT Devices
https://www.bankinfosecurity.asia/massive-botnet-attack-used-more-than-400000-iot-devices-a-12841

2019-07-29 - URSNIF INFECTION WITH PUSHDO
https://www.malware-traffic-analysis.net/2019/07/29/index.html

No More Ransom Thwarts $108 Million in Ill-Gotten Profits
https://www.bankinfosecurity.eu/no-more-ransom-thwarts-108-million-in-ill-gotten-profits-a-12847

Bank-Malware ist im letzten Jahr um 50% gewachsen
https://todotech20.com/ge/bank-malware-ist-im-letzten-jahr-um-50-gewachsen/

Hike in Banking Malware Attacks; Mobile Malware A Part of Cyber-Crime Too
https://www.ehackingnews.com/2019/07/hike-in-banking-malware-attacks-mobile.html

Why tens of thousands of Android users in the UAE fell victim to vicious malware
https://www.thenational.ae/arts-culture/why-tens-of-thousands-of-android-users-in-the-uae-fell-victim-to-vicious-malware-1.891824

Mobile Anti-Malware Market Overview, Driver, Restraints, Opportunities (Growing Demand) Forecast Report 2024
http://atlasnewspaper.com/2019/07/28/mobile-anti-malware-market-overview-driver-restraints-opportunities-growing-demand-forecast-report-2024/

Banking malware aumentou 50% desde 2018
https://www.techenet.com/2019/07/banking-malware-aumentou-50-desde-2018/

Hutchins receives no jail time for Kronos banking trojan
https://www.scmagazine.com/home/security-news/ransomware/hutchins-receives-no-jail-time-for-kronos-banking-trojan/

Agent Smith: The new virus to hit mobile devices
https://backendnews.net/2019/07/30/agent-smith-the-new-virus-to-hit-mobile-devices/

Dridex’s Bag of Tricks: An Analysis of its Masquerading and Code Injection Techniques
https://securityboulevard.com/2019/07/dridexs-bag-of-tricks-an-analysis-of-its-masquerading-and-code-injection-techniques/

Mobile malware attacks are booming in 2019: These are the most common threats
https://anticorruptiondigest.com/2019/07/29/mobile-malware-attacks-are-booming-in-2019-these-are-the-most-common-threats/#axzz5vDs4IT1T

Mobile Ransomware Targets Android Users Through SMS
https://www.bankinfosecurity.com/mobile-ransomware-targets-android-users-through-sms-a-12864

Anul atacurilor asupra mobile banking
http://www.clubitc.ro/2019/07/29/anul-atacurilor-asupra-mobile-banking/

New TrickBot Version Focuses on Microsoft's Windows Defender
https://www.bleepingcomputer.com/news/security/new-trickbot-version-focuses-on-microsofts-windows-defender/

Java ATM Malware: The Insider Threat Phantom
https://blog.yoroi.company/research/java-amt-malware-the-insider-threat-phantom/

Malware researchers analyzed an intriguing Java ATM Malware
https://securityaffairs.co/wordpress/89125/malware/java-atm-malware.html

Why nation-state hacking groups are increasingly turning to mobile malware
https://www.zdnet.com/article/why-nation-state-hacking-groups-are-increasingly-turning-to-mobile-malware/

Keeping a Hidden Identity: Mirai C&Cs in Tor Network
https://blog.trendmicro.com/trendlabs-security-intelligence/keeping-a-hidden-identity-mirai-ccs-in-tor-network/

B.行動安全 / iPhone / Android /穿戴裝置 /App
Android登陸Switch,還能享用GPU加速功能
https://www.techbang.com/posts/71837-android-login-to-switch-and-gpu-acceleration

俄國駭客再出招 「假應用程式」騙取個資
https://www.ydn.com.tw/News/345827

"抖音"資安危機 印度議員提議禁用
https://news.cts.com.tw/cts/general/201907/201907261969035.html

售葯APP審核粗糙 沒乙肝記者假稱處方丟失買到葯
https://news.sina.com.tw/article/20190730/32132260.html

在線售葯APP調查:無處方可買處方葯、審核環節存漏洞
https://news.sina.com.tw/article/20190730/32132814.html

你下載的App都安全嗎?四招遠離手機病毒
https://blog.trendmicro.com.tw/?p=61205

研究人員發現 AirDrop 可能會洩露電話號碼
http://bit.ly/2OzCMDp

iPhone 藍牙功能現安全漏洞 或會洩漏個人電話號碼
http://bit.ly/338Ogkm

Your Android Phone Can Get Hacked Just By Playing This Video
https://thehackernews.com/2019/07/android-media-framework-hack.html

Viral FaceApp Unnecessarily Requests Access to Users' Facebook Friends List
https://thehackernews.com/2019/07/faceapp-facebook-privacy.html

WhatsApp Security Warning Over '1000GB Of Data' Message
https://www.forbes.com/sites/daveywinder/2019/07/29/whatsapp-security-warning-over-1000gb-of-data-message/

Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws
https://thehackernews.com/2019/07/apple-ios-vulnerabilities.html

Google researchers disclose vulnerabilities for 'interactionless' iOS attacks
https://www.zdnet.com/article/google-researchers-disclose-vulnerabilities-for-interactionless-ios-attacks/#ftag=RSSbaffb68

Apple's AWDL protocol plagued by flaws that enable tracking and MitM attacks
https://www.zdnet.com/article/apples-awdl-protocol-plagued-by-flaws-that-enable-tracking-and-mitm-attacks/#ftag=RSSbaffb68

MILLIONS ‘GAMBLING WITH PERSONAL DATA’ BY ACCESSING FAKE WIFI HOTSPOTS, POLL SUGGESTS
https://www.independent.co.uk/life-style/gadgets-and-tech/fake-wifi-hotspots-malware-security-data-warning-a9025441.html

WhatsApp And Other Encryption Under Threat After 'Five Eyes' Demand Access
https://www.forbes.com/sites/zakdoffman/2019/07/30/u-s-and-u-k-propose-forcing-whatsapp-and-others-to-include-encryption-backdoor/#3d2e221c628e

iOS 12.3、iOS 12.3.1、iOS 12.3.2 認證關閉!蘋果一次終結三個版本
https://mrmad.com.tw/ios123-ios1231-ios1232-shsh-close

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
WPA3的2019上半年發展概況,裝置端已有上百產品通過驗證
https://ithome.com.tw/news/131954

62歲程序員在公司植入漏洞收修理費:稱為保護專有代碼
https://news.sina.com.cn/c/2019-07-29/doc-ihytcitm5515202.shtml

趨勢科技報告:網絡犯罪集團利用 Twitter 犯案
https://money.udn.com/money/story/12987/3960904

6成網路攻擊都是來自中國!59萬筆文官資料外洩只是一角 台灣為何深陷資安危機
http://bit.ly/2T2AHi9

阻擋WannyCry的駭客Marcus Hutchins,法院決定將功贖罪判他免服早年網路罪行
https://times.hinet.net/news/22485667

資安業者出售BlueKeep攻擊程式
https://www.ithome.com.tw/news/132105

黑客利用Ellucian Banner網站漏洞入侵了62所美國大學
https://zhuanlan.zhihu.com/p/75260994

還在亂安裝?Chrome「擴充外掛」淪網路攻擊媒介 Google下令要這麼做
https://cnews.com.tw/134190729a05/

又被盜帳號?電子遊戲產業為什麼安全漏洞多
https://game.udn.com/game/story/10453/3957343

擁有它就進入深海資訊天堂!海底電纜承載99%海外通信訊息,易遭何種破壞,又有誰在覬覦
https://www.storm.mg/article/1524745?srcid=73746f726d2e6d675f63373766396366313733396365313337_1564153512

全球有2300萬筆信用卡號流向暗網
https://www.ithome.com.tw/news/132059

電眼後是誰在監看? 大陸「天網」撒向台灣
http://bit.ly/2GuymHG

防堵紅色滲透 台教會再使勁:勿以公帑訂紅媒
https://www.nownews.com/news/20190729/3527619/

反紅色滲透 台教會:國營事業應重新思考訂閱中國時報
http://bit.ly/2K8dhDW

中國大陸三大院士齊聚蓉城共話網絡信息安全新技術
http://finance.eastmoney.com/a/201907291191158916.html

有關網絡安全漏洞披露管理的現狀分析與建議
http://www.sohu.com/a/329967663_354899

被舉發賣有漏洞軟體給美政府,思科同意賠償860萬美元,吹哨者也拿到160萬
https://www.ithome.com.tw/news/132163

美國網絡安全公司正在出售BlueKeep漏洞
https://www.linuxidc.com/Linux/2019-07/159628.htm

從美國新版資安架構看發展契機
http://pchome.megatime.com.tw/industry/cat43/201907/1188.html

美兩黨議員提案要求加強科技供應鏈安全
https://www.voacantonese.com/a/supply-china-technology-huawei-20190730/5022970.html

俄干預美選舉遍及50州 比想像更嚴重
http://bit.ly/2Y7FQex

早知俄網攻2016大選 華府不敢公布
https://udn.com/news/story/6813/3953573?from=udn-ch1_breaknews-1-cate5-news

英召開「五眼聯盟」會議 5大國談網路科技威脅
https://news.ltn.com.tw/news/world/breakingnews/2867673

巴西司法部:總統手機遭駭客鎖定
https://www.rti.org.tw/news/view/id/2028722

巴西總統手機疑遭駭 犯嫌曾對調查貪汙人員下手
https://fountmedia.io/article/26103

歷來最大!越南破獲網路賭博集團逮380中國人 涉案金額高達137億
https://tw.news.appledaily.com/international/realtime/20190729/1607641/

看光!「五眼」欲取加密通訊內容 要科技業放行
https://www.chinatimes.com/realtimenews/20190802000005-260408?chdtv

中共邊緣化台灣20年 專家:台美應成為夥伴
http://www.epochtimes.com/b5/19/8/1/n11421741.htm

中國大陸工信部網路安全管理局:《網路安全漏洞管理規定》近期將印發
https://news.sina.com.tw/article/20190731/32156102.html

有關中國大陸網路安全漏洞披露管理的現狀分析與建議
https://ek21.com/news/tech/110870/

資安怎麼防?五角大廈有上千台大陸電子設備
https://www.chinatimes.com/realtimenews/20190731003593-260417?chdtv

美軍招募變嚴 2中國移民被汰除
https://news.ltn.com.tw/news/world/paper/1307507

保加利亞國稅局遭駭客入侵
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16269

MICROCHIPS Act wants to secure US govt supply chain against Chinese sabotage
https://www.zdnet.com/article/microchips-act-wants-to-secure-us-govt-supply-chain-against-chinese-sabotage/#ftag=RSSbaffb68

Cisco ‘Knowingly’ Sold Hackable Video Surveillance System to U.S. Government
https://thehackernews.com/2019/08/cisco-surveillance-technology.html

Army fights fake news with propagandists and hackers in one unit
https://www.theguardian.com/technology/2019/jul/31/army-fights-fake-news-with-propagandists-and-hackers-in-one-unit

The ‘Ghost User’ Ploy to Break Encryption Won’t Work
http://bit.ly/2K6v6UM

Over half of enterprise firms don’t have a clue if their cybersecurity solutions are working
https://www.zdnet.com/article/over-half-of-enterprise-firms-dont-measure-the-performance-of-their-cybersecurity-tools/#ftag=RSSbaffb68

Cyber Attack Trends: nessun ambiente è al sicuro
https://www.bitmat.it/blog/news/87833/cyber-attack-trends-nessun-ambiente-e-al-sicuro

Dark Web drug kingpin charged, forfeits $4 million in Bitcoin
https://www.zdnet.com/article/dark-web-drug-kingpin-charged-forced-to-forfeit-4-million-in-bitcoin/#ftag=RSSbaffb68

Telegram voicemail hack used against Brazil's president, ministers
https://www.zdnet.com/article/telegram-voicemail-hack-used-against-brazils-president-ministers/#ftag=RSSbaffb68

Silk Road Admin Sentenced to 78 Months in Prison On Drug Trafficking Charges
https://thehackernews.com/2019/07/silk-road-dark-web-admin.html

GitHub starts blocking developers in countries facing US trade sanctions
https://www.zdnet.com/article/github-starts-blocking-developers-in-countries-facing-us-trade-sanctions/

Damaging insider threats rise to new highs in the past year
https://www.helpnetsecurity.com/2019/07/26/damaging-insider-threats/

Russia Targeted All 50 States During 2016 Election: Report
https://www.bankinfosecurity.com/russia-targeted-all-50-states-during-2016-election-report-a-12838

Linus Torvalds prepares to wave goodbye to Linux floppy drives
https://www.zdnet.com/article/linus-torvalds-prepares-to-wave-goodbye-to-linux-floppy-drives/#ftag=RSSbaffb68

Brazilian firms struggle with cloud security immaturity
https://www.zdnet.com/article/brazilian-firms-struggle-with-cloud-security-immaturity/#ftag=RSSbaffb68

Singaporean IT employees more keen on skills upgrade than higher pay
https://www.zdnet.com/article/singapore-tech-employees-more-keen-on-skills-upgrade-than-higher-pay/#ftag=RSSbaffb68

Cyber Security Engineer (華亞科技園區)
https://www.104.com.tw/job/6ouy6

【福利佳】【運維】資安工程師/資深資安工程師
https://www.104.com.tw/job/6ovyl

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
電商平台未綁定3D認證 成盜刷集團肥羊
https://www.ttv.com.tw/news/view/10807260026000N/699

盜刷無解!甫上路就出大包 日本7-11行動支付3個月就倒
https://ec.ltn.com.tw/article/breakingnews/2870802

賣3C產品收嘸款! 4知名電商遭盜刷上千萬
https://news.tvbs.com.tw/local/1173093

網購信用卡資料 2集團網路盜刷200多萬被查獲
https://news.ltn.com.tw/news/society/breakingnews/2864862

[北部] 偵破蕭○○為首及陳○○為首共14人信用卡網路盜刷集團
http://www.8news.net/thread-1392-1-1.html

假冒Booking.com「送回饋金」騙信用卡號 見5筆盜刷老公傻:驚喜旅行
https://travel.ettoday.net/article/1498179.htm

不法分子冒充駐德使館實施詐騙 中使館詳解案例
https://news.sina.com.tw/article/20190729/32122620.html

有包裹請查收」詐團狂炸釣魚簡訊 多人中招
https://udn.com/news/story/7315/3959704?from=udn-catelistnews_ch2

一張健保卡「全家吃到飽」 陸配詐90萬
https://news.ebc.net.tw/News/business/171863

【健保卡冒用!燒史上最高 90 萬醫療費】為何醫院檢核「雙證件」也難防身份冒用
https://buzzorange.com/2019/07/29/welfare-health-idcard-tw-china/

騙人假簡訊!「快遞已發,請您查收」
http://bit.ly/2ZhOPWZ

詐團靠網購「解除分期」 一週騙倒兩醫師
https://news.ltn.com.tw/news/society/breakingnews/2866503

美中貿易戰成詐騙梗/購台廠設備 韓商遭詐1500萬
https://news.ltn.com.tw/news/society/paper/1307437

加LINE私下交易享優惠、臉書上的「限時搶購」可以相信嗎
https://www.cmmedia.com.tw/home/articles/14104

臉書被重罰1560億之後,用戶可以安心了嗎?專家:資料監控永遠是臉書商業模式的核心
https://www.storm.mg/article/1528384?srcid=73746f726d2e6d675f63373766396366313733396365313337_1564364013

多位英國女星iCloud裸照外流,經紀人警告拍照別上傳雲端
https://www.techbang.com/posts/71844-several-british-stars-icloud-leaked-in-black-nude-photos-agentwarns-against-taking-pictures

不怎樣的駭客卻駭進Capital One 金融高牆不堪一擊
https://udn.com/news/story/6811/3961438?from=udn-catebreaknews_ch2

美國銀行Capital One承認被駭客攻擊,超1億個人數據遭竊
https://www.techbang.com/posts/71924-bank-of-america-capital-one-admits-hacking-more-than-100-million-personal-data-stolen

美國第一資本遭駭 北美逾1億筆個資外流
https://ec.ltn.com.tw/article/breakingnews/2867883

FBI調查與Capital One駭客事件相關的其他潛在數據泄露
https://on.wsj.com/2GF7DrO

藝高人膽大?美銀行「Capital One」1億用戶資料外洩,女駭客上網炫耀「傑作」後落網
https://www.storm.mg/article/1539770?srcid=73746f726d2e6d675f63373766396366313733396365313337_1564541695

Amazon 前工程師駭進第一資本,上億銀行用戶個資外洩
https://technews.tw/2019/07/30/capitalone-hacked-personal-data-breach/

美國史上最嚴重資安漏洞影響1億人 駭客粗心用真名被逮
https://www.ettoday.net/news/20190730/1501706.htm

個資外洩!美銀行Capital one遭駭客竊取1億筆客戶資料
https://news.cnyes.com/news/id/4363037

美國第一資本銀行遭駭客竊取 1.06 億筆美加信用卡使用者個人資料
https://global.technode.com/2019/08/01/capital-one-says-breach-hit-100-million-individuals-in-us/

CAPITAL ONE被「黑」 美加逾億客戶個資外泄
http://bit.ly/2YcSTex

「第一資本」遭黑客入侵 逾1億信用卡申請人資料外洩
https://hk.news.appledaily.com/international/realtime/article/20190730/59879644

業餘駭客輕易入侵美國大銀行 震驚資安界
https://www.cna.com.tw/news/aopl/201907310352.aspx

西雅圖女黑客疑竊取Capital One數據被捕
http://bit.ly/2GHL7Pc

亞馬遜捲入Capital One數據泄露事件 美國會要求解釋
https://news.sina.com.tw/article/20190802/32175700.html

變性女駭客 駭進Capital One 想進精神病院自保
http://bit.ly/2YCpiKQ

駭客竊取信用卡個資被捕 美加1.06億用戶受害
https://www.cna.com.tw/news/aopl/201907300090.aspx

犯罪集團瞄準 Office 365 系統管理員,並利用預先駭入的帳號從事網路釣魚攻擊
https://blog.trendmicro.com.tw/?p=61369

歐盟:放臉書「讚」按鍵的網站,也有個資蒐集的法律責任
https://www.ithome.com.tw/news/132112

皇后區ATM現盜卡裝置 紐約警局提醒檢查賬戶
https://www.ntdtv.com/b5/2019/07/29/a102633541.html

逾兩萬洛市警察與警局求職者資料遭泄
http://bit.ly/2LPgI5o

網路輸入個資,「匿名」也可追到你
http://bit.ly/2ZiNC1G

IBM Research:資料外洩也有長尾效應,所付出的經濟成本可能延續多年
https://www.ithome.com.tw/news/132053

本田汽車雲端資料庫未上鎖,洩露上億份全球員工電腦安全資料
https://www.ithome.com.tw/news/132162

本田汽車雲端資料庫未設密碼 全球員工信息險遭泄露
https://news.sina.com.tw/article/20190801/32168164.html

培生集團系統遭駭 逾萬帳戶資料外洩
http://bit.ly/2YEQQza

系統遭駭 培生集團:已通知客戶
http://bit.ly/2LWslrl

網釣服務套件讓社交工程郵件更難以偵測
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16268

駭客正在覬覦您的個人資料,您該如何預防
https://blog.trendmicro.com.tw/?p=60899

Report: LAPD Data Breach Exposes 2,500 Officer Records
https://www.bankinfosecurity.com/report-lapd-data-breach-exposes-2500-officer-records-a-12856

Thousands of Los Angeles police caught up in data breach, personal records stolen
https://www.zdnet.com/article/thousands-of-los-angeles-police-caught-up-in-data-breach-personal-records-stolen/#ftag=RSSbaffb68

Capital One Announces Data Security Incident
https://www.newswire.ca/news-releases/capital-one-announces-data-security-incident-841404225.html

Woman Arrested in Massive Capital One Data Breach
https://www.bankinfosecurity.com/woman-arrested-in-massive-capital-one-data-breach-a-12852

DMARC's abysmal adoption explains why email spoofing is still a thing
https://www.zdnet.com/article/dmarcs-abysmal-adoption-explains-why-email-spoofing-is-still-a-thing/#ftag=RSSbaffb68

160 Million Government Records Exposed in Data Breaches Since 2014, Study Finds
https://fortune.com/2019/07/25/government-data-breaches-research/

Capital One: Where Did the Bank Fail on Defense
https://www.bankinfosecurity.com/capital-one-where-did-bank-fail-on-defense-a-12858

Capital One Data Breach Affects 106 Million Customers; Hacker Arrested
https://thehackernews.com/2019/07/capital-one-data-breach.html

FormGet security lapse exposed thousands of sensitive user-uploaded documents
https://techcrunch.com/2019/07/25/formget-security-lapse-exposed-documents/

Malicious 'Google' domains used in Magento card card skimmer attacks
https://www.zdnet.com/article/malicious-google-domains-used-in-magento-data-skimmer/

NAB APOLOGISES TO CUSTOMERS FOR DATA BREACH
https://news.nab.com.au/nab-apologises-to-customers-for-data-breach/

NAB APOLOGISES TO CUSTOMERS FOR DATA BREACH
https://news.nab.com.au/nab-apologises-to-customers-for-data-breach/

NAB Apologizes After Breach of Personal Data
https://www.bankinfosecurity.com/nab-apologizes-after-breach-personal-data-a-12846

A data breach forced this family to move home and change their names
https://www.zdnet.com/article/a-data-breach-forced-this-family-to-move-home-and-change-their-names/#ftag=RSSbaffb68

DMARC's abysmal adoption explains why email spoofing is still a thing
https://www.zdnet.com/article/dmarcs-abysmal-adoption-explains-why-email-spoofing-is-still-a-thing/#ftag=RSSbaffb68

The Prolonged Cost of a Data Breach
https://www.bankinfosecurity.com/interviews/prolonged-cost-data-breach-i-4403

HACKERS SEIZE CONTROL OF BULGARIAN TAX AGENCY, SPRINKLER SYSTEM
https://futurism.com/the-byte/hackers-bulgarian-tax-agency-sprinkler

Russian espionage: Swiss-based email provider ProtonMail hit by cyberattack
https://www.thelocal.ch/20190729/swiss-based-email-provider-protonmail-targeted-in-cyberattack

Statement on the attempted phishing attack against Bellingcat
https://protonmail.com/blog/bellingcat-cyberattack-phishing/

Malvertising: Online advertising's darker side
https://blog.talosintelligence.com/2019/07/malvertising-deepdive.html


E.研究報告
什麼是灰色軟體(Grayware)
https://blog.trendmicro.com.tw/?p=61357

CVE-2019-3969:Comodo沙箱逃逸提权漏洞分析
https://juejin.im/entry/5d3ac29c518825119e385372

網絡安全態勢報告—2019年上半年
https://www.4hou.com/info/observation/19514.html

HEVD 核心漏洞之IntegerOverflow
https://www.itread01.com/content/1564145162.html

Gorgon黑客組織再顯新招:通過在線網盤發起“三重奏”攻擊
https://ti.qianxin.com/blog/articles/gorgon-group-campaign-aggah-with-pastebin/

網站安全滲透對OA系統越權漏洞測試與修復
https://www.admin5.com/article/20190726/917583.shtml

了解PowerShell安全性。PowerShell真的是一個漏洞嗎
https://zh.play-and-more.com/6701-understanding-powershell-security

Jenkins任意文件讀取漏洞(CVE-2018-1999002)
https://www.xuejiayuan.net/blog/f3b89e8f4b79432c84b891e9152d1141

CVE-2019-12384漏洞剖析
https://xz.aliyun.com/t/5792

非對稱式Security Boot/Security Update的實作
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&id=0000565197_76R21YTI84XFFC8KZO29J

網站被攻擊 該怎樣查找漏洞並進行修復
https://kknews.cc/other/2yvlmn9.html

CVE-2019-9866 漏洞筆記
https://www.bilibili.com/read/cv3191436/

ASRC 2019 年第二季度電子郵件安全趨勢
http://bit.ly/2YdJHXs

Jboss反序列化漏洞復現(CVE-2017-12149)
https://www.cnblogs.com/yuzly/p/11240145.html

CVE-2018-8423:Jet Database Engine漏洞分析
https://www.anquanke.com/post/id/183203

路由器漏洞分析系列(5):CVE-2018-19986 DIR-818LW&828命令注入漏洞分析及復現
https://xz.aliyun.com/t/5808

CVE-2019-11244漏洞到底該如何修復?--關於快取檔案許可權設定
https://www.itread01.com/content/1564464007.html

Linux Kernel Exploit 內核漏洞學習(3)-Bypass-Smep
https://bbs.pediy.com/thread-253455.htm

RapidScan – 自動化多工具Web漏洞掃描器
https://www.uedbox.com/post/58815/

jboss反序列化漏洞復現(CVE-2017-7504)
https://www.cnblogs.com/yuzly/archive/2019/07/31/11240101.html

XXE漏洞研究分析
https://www.itread01.com/content/1564623604.html

DLL劫持漏洞自動化識別工具Rattler測試
https://segmentfault.com/a/1190000019948854

Typo3 CVE-2019-12747 反序列化漏洞分析
https://paper.seebug.org/996/

漏洞復現之JBoss 4.x JBossMQ JMS 反序列化漏洞(CVE-2017-7504)
https://www.cnblogs.com/iamver/p/11282928.html

Considerations on OpenShift PKIs and Certificates
https://blog.openshift.com/considerations-on-openshift-pkis-and-certificates/

15 signs you've been hacked -- and how to fight back
https://www.csoonline.com/article/2457873/signs-youve-been-hacked-and-how-to-fight-back.html

Microsoft Office 365 Webmail Exposes User's IP Address in Emails
https://www.bleepingcomputer.com/news/microsoft/microsoft-office-365-webmail-exposes-users-ip-address-in-emails/

Essential Active Directory Security Defenses
https://www.bankinfosecurity.com/essential-active-directory-security-defenses-a-12828

Eliminating the Burden of Periodic Password Reset for Active Directory
https://www.bankinfosecurity.com/blogs/eliminating-burden-periodic-password-reset-for-active-directory-p-2766

Global Multi-Factor Authentication Market Insights, Growth and Overview 2019-2025
https://consumerreportsreview.com/global-multi-factor-authentication-market-insights-growth-and-overview-2019-2025/

BGP vs MPLS | Difference Between BGP and MPLS Protocols in VPN
https://cciedump.spoto.net/blog-732

Nowhere to hide as cyber-attacks hit everywhere
https://it-online.co.za/2019/07/29/nowhere-to-hide-cyber-attacks-hit-everywhere/

マルウエアの設定情報を抽出する ~ MalConfScan
https://blogs.jpcert.or.jp/ja/2019/07/malconfscan.html

マルウエアの設定情報を自動で取得するプラグイン ~MalConfScan with Cuckoo
https://blogs.jpcert.or.jp/ja/2019/08/malconfscan-with-cuckoo.html

F.商業
你的企業受過網攻嗎? Check Point:25%不知道
http://bit.ly/2YyEl8i

從Fintech跨足資訊安全,精誠資訊首度扶植資安新創
https://ithome.com.tw/news/132191

芬安全與安克諾斯聯手推出資安特攻隊
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000564762_jg682zi85ha2gg3hd2dxp

資安防護,你做好做滿了嗎?別忘了「主動防護」的重要性~再推薦 G2DEAL 線上軟體購物方便又省荷包
https://axiang.cc/archives/47530

NGFW為核心搭建資安鐵三角 簡單易上手即可保安全性  掌握內網與閘道端資料 持續監看潛在惡意行徑
https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/90A7390D6AB3494588E3AC314A09FCB8

端點跟進走向雲端安全 全面加強管控強度  McAfee推出Mvision Cloud 以CASB方案解除影子IT威脅
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/F02A93A0CB004396B6EFDAA2B30DBA92

Check Point推出新安全分析解決方案
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=&id=0000564800_Y9U9LZ9QLE8UDH1AWP690

Win 7終止支援倒數計時 安克諾斯建議 企業客戶批量升級 避免成為漏洞的受害者
https://n.yam.com/Article/20190730671347

雲端安全風險增 報告:安全漏洞逾3400萬個
http://bit.ly/315DLwI

廣納外部威脅手法樣態 大數據演算輔助凸顯惡意活動  蒐集分析掌握應用行為 見招拆招防患於未然
https://www.netadmin.com.tw/netadmin/zh-tw/trend/31426023C3654D838E825737B0D50AD1

人工智慧強化工具與程序 彌補資安人力缺口 打造預防式資安體系 關鍵在先從基本功做起
https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/5091270CAC7846D7B34179B43175F7E8

Check Point推雲端威脅情資分析,可匯集比對租戶公有雲事件
https://www.ithome.com.tw/review/131915

為新型態應用奠定安全基礎 迎向下一波萬物連網世代 Infinity架構防護網 兼顧地端與雲端資安
https://www.netadmin.com.tw/netadmin/zh-tw/trend/F5C4A014581442C2B5A74FD74E549574

高整合與高效率兼具 Silicon Labs搶攻物聯網PoE市場
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&id=564904

Openfind 攜手是方電訊、群環科技、關貿網路發表雲端資安生態圈聯盟,提供企業創新的全方位資安應用服務
https://www.openfind.com.tw/taiwan/news_detail.php?news_id=10192

Anomali統合多種威脅情資與即時鑑識,兼具情報共享與分析
https://www.ithome.com.tw/review/132090

臺灣資安新創奧義智慧獲淡馬錫基金565萬美元B輪投資
https://ithome.com.tw/news/132237

Check Point Study: Cloud, Mobile or Email, No Environment is Immune to Cyber Attacks
https://hostingjournalist.com/cybersecurity/check-point-study-cloud-mobile-or-email-no-environment-is-immune-to-cyber-attacks/

Check Point: ‘Elke omgeving loopt gevaar voor cyberaanvallen’
https://www.techzine.be/nieuws/41590/check-point-elke-omgeving-loopt-gevaar-voor-cyberaanvallen.html

Will XDR Improve Security
https://blog.trendmicro.com/will-xdr-improve-security/

Windows Server 2008 End of Support: Are you Prepared
https://blog.trendmicro.com/windows-server-2008-end-of-support-are-you-prepared/

Kaspersky: Why we're ready to go to the next level
https://www.techradar.com/news/kaspersky-why-were-ready-to-go-to-the-next-level

G.政府
台警加入反勒索病毒平台 與國外交換防毒資訊
https://www.cna.com.tw/news/asoc/201907270116.aspx

刑事局加入歐警反勒索病毒平台 民眾可上網拿解鑰
https://udn.com/news/story/7320/3954375?from=udn-relatednews_ch2

4位國安局長、5位侍衛長渾然不覺?私菸案爆國安大漏洞
http://bit.ly/2YsxRYN

政院管制科技產品黑名單 近期內可望公布
https://www.rti.org.tw/news/view/id/2029131

工研院ICT TechDay 六大亮點超吸睛
https://udn.com/news/story/7240/3960675?from=udn-catelistnews_ch2

5G、AI、自駕車應有盡有,工研院 ICT TechDay 發表 34 項新技術
https://www.inside.com.tw/article/17075-ICT-TechDay

市府攝影賽 遭控亂改徵件日、投票網址外流
http://bit.ly/2Ytmqff

行政院技術服務中心參與亞太區2019資安演練(APCERT DRILL 2019)
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16276

H.ICS/SCADA 工控系統
工業物聯網資安危機下 五大不可不知的安全弱點
http://pages.moxa.com/TPE-Auto-Exhibition-Cyber-Registration.html

Urgent11 security flaws impact routers, printers, SCADA, and many IoT devices
https://www.zdnet.com/article/urgent11-security-flaws-impact-routers-printers-scada-and-many-iot-devices/#ftag=RSSbaffb68

hp -- universal_internet_of_things
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11990

qualcomm -- ipq8074_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-13924
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2269
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2279
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2287
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2305
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-13896
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-13927
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2276
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2273

Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices
https://thehackernews.com/2019/07/vxworks-rtos-vulnerability.html

I.教育訓練
[Regex] 值得注意的 Regular Expression 樣式的潛在風險
https://dotblogs.com.tw/johnny/2010/09/08/17607

[探索] 門外漢的機械學習導覽
https://vocus.cc/@renewang/5cfe83a3fd8978000148fae3

超融合基礎架構與VMware vSAN
https://www.uuu.com.tw/Public/content/article/19/20190722.htm

【專家主場】「資安真經」の國際專業證書CISSP篇
http://bit.ly/2JUEF9m

解決企業主最頭痛的資安問題,這些實用技術一定要會
https://ithome.com.tw/pr/132046

網路與軟體應用 › 教你 使用 Windows 10 Sandbox 沙箱 功能,降低電腦中毒的機率
https://www.kocpc.com.tw/archives/267581

What is a zero day? A powerful but fragile weapon
https://www.csoonline.com/article/3284084/what-is-a-zero-day-a-powerful-but-fragile-weapon.html

最近のセキュリティ動向を知ろう
https://paiza.jp/works/security/primer/beginner-security1/10401

移動安全測試 使用burpsuite進行漏洞掃描(一)
https://testerhome.com/topics/20082

HTTP Security Headers - A Complete Guide
https://nullsweep.com/http-security-headers-a-complete-guide/

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
物聯網裝置也要小心被網路攻擊!惡意軟體Mirai有新變種
http://bit.ly/2K74CS2

企業該如何部署工業物聯網(IIoT)安全解決方案
https://blog.trendmicro.com.tw/?p=61364

IoT home security camera allows hackers to listen in over HTTP
https://www.zdnet.com/article/iot-home-security-camera-allows-hackers-to-listen-in-over-http/#ftag=RSSbaffb68

Inside the Smart Home: IoT Device Threats and Attack Scenarios
http://bit.ly/2K32Fao

Researchers Hack Surveillance Systems to Show Fake Video Feed
https://www.bleepingcomputer.com/news/security/researchers-hack-surveillance-systems-to-show-fake-video-feed/

'Urgent/11' Vulnerabilities Affect Many Embedded Systems
https://www.bankinfosecurity.com/urgent11-vulnerabilities-affect-many-embedded-systems-a-12851

6.近期資安活動及研討會
 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/

 FileMaker Taipei  8/6
 https://www.meetup.com/Taipei-FileMaker-Meetup/events/wqfqwpyzlbjb/

 資安事故處理實務課程 8/7 ~ 8/8
 http://bit.ly/2VW0Lv9

 Android Code Club(Taipei) 8/7
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzlbkb/

 HackingThursday 固定聚會 8/8
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlblb/

 DEF CON 27  2019/8/8–8/11
 https://www.defcon.org/

 大數據軟體開發平台與AI(人工智慧)開發應用案例 8/9
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3805&from_course_list_url=homepage

 Android Code Club(Taipei)  8/14
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzlbsb/

 數位鑑識處理實務 8/14 ~ 8/15
 http://bit.ly/2VW0Lv9

 HackingThursday 固定聚會 8/15
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbtb/

 108 年度臺灣學術網路危機處理中心資安巡迴研討會 -資安趨勢暨網路安全概要  8/19 ~ 8/27
 http://www.hssh.tp.edu.tw/ezfiles/1/1001/attach/42/pta_17520_7551835_06329.pdf

 台灣駭客年會 HITCON Summer Training 2019 - 學生報名  2019-08-19 ~ 2019-08-22
 https://www.accupass.com/event/1906050919271598677460

 ᅵYahoo奇摩電商專題講座ᅵ 我們與詐騙的距離_電商不可承受的資安之重  8/21
 https://www.accupass.com/event/1906120307261445013215

 資訊安全攻防實務- 企業紅藍隊對抗演練實務  08/21 星期三 09:00 ~ 08/23 星期五 16:30
 https://www.moea.gov.tw/Mns/populace/news/NewsAction.aspx?menu_id=43&news_id=86049

 WEB應用滲透測試 8/21 ~ 8/23
 https://www.accupass.com/event/1904080221358963463590

 Thinking Thursday 第三場 8/22
 https://www.meetup.com/Thinking-Thursday/events/lrqddryzlbdc/

 台灣駭客年會 HITCON Community 2019  2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8)
 https://www.accupass.com/event/1906040921594609934250

 第四屆臺灣好厲駭~開放報名 至108年8月26日(一)下午5點截止
 http://bit.ly/2ZlpP0Q

 NISRA Enlightened 2019 2019/08/26 ~ 2019/08/29
 https://nisra.kktix.cc/events/2019enlightened

 數位政府高峰會 2019  8/28
 https://egov.ithome.com.tw/

 ModernWeb 19  8/28 ~ 8/29
 https://modernweb.tw/

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 108年資安職能訓練-行動裝置安全(8/29-8/30)
 https://cee.ksu.edu.tw/recruitinfo/1443.html

 2019 NGO 資安種子講師訓練 8/29
 https://ocftw.kktix.cc/events/cscs2019tot

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  9/6
 https://signupcybersec101.ithome.com.tw/

 交通大學亥克書院-B022:基礎網頁安全與滲透測試<新竹場次> 9/7
 https://hackercollege.nctu.edu.tw/?p=1079

 資訊安全管理系統-基礎課程(免費!)9/8
 https://www.accupass.com/event/1907160853513957042270

 【AWS資安】Security Engineering on AWS​高級課程 9/9 ~ 9/11
 https://www.accupass.com/event/1905150854571147685105

 CDX2.0推廣活動 - 台北場次 9/10
 https://nchc-cdx.kktix.cc/events/cdxactivity-0910

 Kubernetes Summit 9/11
 https://summit.ithome.com.tw/kubernetes/

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  9/20
 https://signupcybersec101.ithome.com.tw/

 金融資安培訓課程 9/20
 https://twap.deloitte.com.tw/DTLCRA/Works/CourseDetail.aspx?CourseID=T1906002

 資策會開辦「認證系統安全從業人員 SSCP 輔導班」2019/9/21
 https://ithome.com.tw/pr/131772

 交通大學亥克書院-A011:入侵行為發覺與應變指南 9/21
 https://hackercollege.nctu.edu.tw/?p=1082

 資訊安全管理系統-進階課程(免費!)9/21
 https://www.accupass.com/event/1907160908138705889800

 TANET 2019 - 臺灣網際網路研討會  9/25
 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310

 交通大學亥克書院-B022:基礎網頁安全與滲透測試 9/28
 https://hackercollege.nctu.edu.tw/?p=1084

 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/

 交通大學亥克書院-A006:數位足跡追蹤與分析 10/19
 https://hackercollege.nctu.edu.tw/?p=1088

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  10/25
 https://signupcybersec101.ithome.com.tw/

 交通大學亥克書院-A015:進階網頁滲透測試 10/26
 https://hackercollege.nctu.edu.tw/?p=1090

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/8
 https://signupcybersec101.ithome.com.tw/

 交通大學亥克書院-P006:高階網頁滲透測試 11/16
 https://hackercollege.nctu.edu.tw/?p=1092

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/29
 https://signupcybersec101.ithome.com.tw/

 交通大學亥克書院-B015:惡意程式檢測 11/30
 https://hackercollege.nctu.edu.tw/?p=1098

 交通大學亥克書院-A018:企業網域控管-Active Directory攻擊與防禦  12/14
 https://hackercollege.nctu.edu.tw/?p=1094

 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…