跳到主要內容

資安事件新聞週報 2019/8/12 ~ 2019/8/16

資安事件新聞週報  2019/8/12  ~  2019/8/16

1.重大弱點漏洞/後門/Exploit/Zero Day
Steam驚爆安全漏洞 逾1億玩家恐受影響
https://newtalk.tw/news/view/2019-08-11/284396

托最新藍牙漏洞的“福”,我險些把小電影和賬戶密碼親手給黑客
https://tech.ifeng.com/c/7p8gRStrlcA

JVNVU#90240762 Bluetooth BR/EDR での暗号鍵エントロピーのネゴシエーションにおける問題
https://jvn.jp/vu/JVNVU90240762/

賽門鐵克防毒軟體和Windows SHA-2不相容,微軟暫停更新
https://www.ithome.com.tw/news/132435

Kasper-Spy: Kaspersky Anti-Virus puts users at risk
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html

Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online
https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html

Trend Micro fixes privilege escalation security flaw in Password Manager
https://www.zdnet.com/article/trend-micro-fixes-hijack-security-flaw-in-password-manager/#ftag=RSSbaffb68

Trend Micro Password Manager - Privilege Escalation to SYSTEM
https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM

HTTP/2含有多個服務阻斷漏洞,亞馬遜、臉書、蘋果、微軟全遭殃
https://www.ithome.com.tw/news/132414

8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks
https://thehackernews.com/2019/08/http2-dos-vulnerability.html

New HTTP/2 Flaws Expose Unpatched Web Servers to DoS Attacks
https://www.bleepingcomputer.com/news/security/new-http-2-flaws-expose-unpatched-web-servers-to-dos-attacks/

The cyber risk lurking in your office corner
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/august/the-cyber-risk-lurking-in-your-office-corner/

Adobe security patch update tackles Photoshop, Acrobat, Reader, and more
https://www.zdnet.com/article/adobe-security-patch-update-tackles-photoshop-acrobat-reader-and-more/#ftag=RSSbaffb68

Nginx 阻斷服務漏洞
https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html

Apache HTTPD 多個漏洞
https://httpd.apache.org/security/vulnerabilities_24.html

Apache Tomcat Vulnerabilities Jan-Aug 2018
https://support.symantec.com/us/en/article.SYMSA1463.html

SA156: Apache Tomcat Vulnerabilities Apr-Oct 2017
https://support.symantec.com/us/en/article.SYMSA1419.html

SA110 : Java Deserialization Vulnerabilities
https://support.symantec.com/us/en/article.SYMSA1344.html

SA139 : November 2016 NTP Security Vulnerabilities
https://support.symantec.com/us/en/article.SYMSA1393.html

SA141 : OpenSSL Vulnerabilities 26-Jan-2017
https://support.symantec.com/us/en/article.SYMSA1395.html

Google修完漏洞,但網站仍可用檔案系統API偵測出Chrome無痕模式
https://www.ithome.com.tw/news/132385

Spectre變種攻擊再現,SWAPGS漏洞幾乎讓所有Intel主流處理器中標
http://bit.ly/2z98VaB

PostgreSQL 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10209

Fortinet FortiOS 資料洩露漏洞
https://fortiguard.com/psirt/FG-IR-18-173

【漏洞預警】Fortigate SSL VPN任意文件讀取(可直接登錄VPN)
https://nosec.org/home/detail/2867.html

逾40款硬體驅動程式漏洞可讓駭客在Windows核心執行惡意程式,Intel、Nvidia及多家臺灣廠商上榜
https://www.ithome.com.tw/news/132355

AMD、Intel、NVIDIA 驅動程式發現嚴重漏洞 數百萬用戶或面臨惡意軟件提權風險
http://bit.ly/2TqGD4B

20家供應商存在40個內核安全漏洞:包括英特爾、英偉達、華為等
https://finance.sina.cn/stock/relnews/us/2019-08-11/detail-ihytcern0128659.d.html?vt=4&pos=102&cid=76524

Researchers find security flaws in 40 kernel drivers from 20 vendors
https://www.zdnet.com/article/researchers-find-security-flaws-in-40-kernel-drivers-from-20-vendors/#ftag=RSSbaffb68

英特爾處理器再出現可竊密的旁路攻擊漏洞SWAPGSAttack Windows PC應儘速更新
http://bit.ly/33t4KEc

SWIFT Alliance Web Platform 7.1.23 CVE-2018-16386
https://nvd.nist.gov/vuln/detail/CVE-2018-16386

Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/

Apple will now pay hackers up to $1 million for reporting vulnerabilities
https://thehackernews.com/2019/08/apple-bug-bounty.html

BlueKeep Patching Still Spotty Months After Alerts: Report
https://www.bankinfosecurity.com/bluekeep-patching-still-spotty-months-after-alerts-report-a-12899

4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered
https://thehackernews.com/2019/08/windows-rdp-wormable-flaws.html

UPDATE: ACSC confirms potential exploitation of BlueKeep vulnerability
https://www.cyber.gov.au/news/update-acsc-confirms-potential-exploitation-bluekeep-vulnerability

研究人員踢爆:微軟忽視RDP漏洞直至察覺它影響Hyper-V
https://www.ithome.com.tw/news/132337

微軟警告有2個類似BlueKeep的RDS重大漏洞
https://www.ithome.com.tw/news/132413

微軟本月修補93個安全漏洞,逾20個屬於重大漏洞
https://www.ithome.com.tw/news/132428

微軟發現遠端桌面服務(RDS)新漏洞影響常用視窗版本
https://www.hkcert.org/my_url/zh/blog/19081501

Microsoft 出手:阻止裝有不兼容殺毒軟件的Win7設備更新
https://news.xfastest.com/microsoft/68230/microsoft-8/

Windows XP就存在的CTF協定權限升級漏洞,可造成電腦被接管,用記事本就能攻擊
https://www.ithome.com.tw/news/132438

Google研究人員公佈20歲的Windows CTF協議0 day漏洞
https://www.4hou.com/info/news/19701.html

微軟每月保安更新 (2019年8月)
https://www.hkcert.org/my_url/zh/alert/19081401

Security update deployment: August 13, 2019
https://support.microsoft.com/en-us/help/20190813/security-update-deployment

Vulnerability in Microsoft CTF protocol goes back to Windows XP
https://www.zdnet.com/article/vulnerability-in-microsoft-ctf-protocol-goes-back-to-windows-xp/#ftag=RSSbaffb68

Microsoft Issues Patches for BlueKeep-Like Vulnerabilities
https://www.bankinfosecurity.com/microsoft-issues-patches-for-bluekeep-like-vulnerabilities-a-12915

Critical Windows 10 Warning: Millions Of Users At Risk
https://www.forbes.com/sites/daveywinder/2019/08/11/critical-windows-10-warning-confirmed-millions-of-users-are-at-risk/

Microsoft warns of two new 'wormable' flaws in Windows Remote Desktop Services
https://www.zdnet.com/article/microsoft-warns-of-two-new-wormable-flaws-in-windows-remote-desktop-services/#ftag=RSSbaffb68

Windows 7 SHA-2 Updates Blocked If Symantec, Norton AVs Installed
https://www.bleepingcomputer.com/news/microsoft/windows-7-sha-2-updates-blocked-if-symantec-norton-avs-installed/

Microsoft August 2019 Patch Tuesday fixes 93 security bugs
https://www.zdnet.com/article/microsoft-august-2019-patch-tuesday-fixes-93-security-bugs/#ftag=RSSbaffb68

August Patch Tuesday: Update Fixes ‘Wormable’ Flaws in Remote Desktop Services, VBScript Gets Disabled by Default
http://bit.ly/2KyoleP

Down the Rabbit-Hole
https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html

Debian Security Advisory DSA-4498-1 python-django -- security update
https://www.debian.org/security/2019/dsa-4498

SQLite 四年前漏洞未修正 專家指可藉 iPhone 通訊錄盜取資料
http://bit.ly/2MenDW9

SQLite Vulnerability Permits iOS Hack: Report
https://www.bankinfosecurity.com/sqlite-vulnerability-permits-ios-hack-report-a-12911

【威脅通告】TortoiseSVN遠程代碼執行漏洞(CVE-2019-14422)
http://blog.nsfocus.net/cve-2019-14422/

谷歌 Project Zero 90 天截止期限:97.5% 的漏洞在披露前修复
https://www.aqniu.com/industry/53180.html

谷歌披露了影響所有Windows版本的20年未修補漏洞
https://thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html

New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections
https://thehackernews.com/2019/08/bluetooth-knob-vulnerability.html

Over 40 Drivers Could Let Hackers Install Persistent Backdoor On Windows PCs
https://amp.thehackernews.com/thn/2019/08/windows-driver-vulnerability.html

Firefox fixes “master password” security bypass bug
https://nakedsecurity.sophos.com/2019/08/15/firefox-fixes-master-password-security-bypass-bug/

Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
金融業聘雇科技人才 突破7,600人
https://money.udn.com/money/story/5613/3979758

稱「英國銀行系統出錯」 外送平台遭控欠款
https://news.tvbs.com.tw/life/1181039

中國大陸網貸試點備案落空 多家銀行退出存管業務
https://news.sina.com.tw/article/20190725/32083740.html

為純網銀已燒掉上億!樂天攜手IBM建置系統,展現落地決心
http://bit.ly/2KokuAQ

樂天網銀 2020 年第二季上線,將招募 100 人
https://finance.technews.tw/2019/08/02/lotte-online-banking-online-in-2020-q2/

14家銀行搶開放銀行頭香 繳費管理開支一鍵完成
https://udn.com/news/story/7239/3982253

Moneybook 起死回生,當台灣「開放銀行」領頭羊
https://technews.tw/2019/08/10/moneybook-open-bank-bellwether/

金融業金融科技投資 今年總金額將破200億
https://times.hinet.net/news/22502032

邀證券F4協力 打造雲端大數據平台
https://www.chinatimes.com/newspapers/20190812000175-260202?chdtv

被迫付現! 墨西哥民眾抱怨刷卡失敗
https://ec.ltn.com.tw/article/breakingnews/2881040

墨西哥城數據中心故障 匯豐等銀行交易大規模癱瘓
https://www.finet.hk/newscenter/news_content/5d502e3bbde0b3270a21d4a8

墨西哥3家大銀行 處理付款系統出問題
http://www.mingpaocanada.com/Tor/htm/News/20190812/thd_r.htm

黃奇帆:整頓P2P,並不等於拒絕網路貸款
https://news.sina.com.tw/article/20190810/32268404.html

因應數位金融 央行設研究小組
https://udn.com/news/story/7239/3980306?from=udn-ch1_breaknews-1-cate6-news

銀行帳號很難記?銀行推手機號碼轉帳免手續費優惠
https://money.udn.com/money/story/5613/3985851

Open Banking 進入台灣金融市場!已有 14 家銀行建置 Open API 系統
https://buzzorange.com/techorange/2019/08/12/open-banking-taiwan/

查獲多項缺失 金管會對這兩家壽險公司開罰百萬
https://udn.com/news/story/7239/3986997

忘記備份這個錄音檔 元大銀行挨罰200萬
https://www.chinatimes.com/realtimenews/20190813004356-260410?chdtv

調客戶資料發現錄音檔不見 元大銀被罰200萬元
https://money.udn.com/money/story/5613/3987033

保險業六缺失 金管會盯
https://money.udn.com/money/story/5648/3989758

純網銀掀起臺灣金融法規大鬆綁,開業前還有7大監理最終考驗
https://www.ithome.com.tw/news/132357

P2P平台暗換存管銀行
http://capital.people.com.cn/BIG5/n1/2019/0814/c405954-31293550.html

中P2P又爆 證大旗下逾百公司5千人全裁
https://ec.ltn.com.tw/article/paper/1310546

軍力對決!3家純網銀團隊戰力與人才需求大比較
https://www.ithome.com.tw/news/132362

台新銀行外幣系統演算法 獲發明專利
https://udn.com/news/story/7239/3989151

金融服務機構和客戶的頭號威脅:94%的攻擊都來源於這四種
https://www.freebuf.com/news/210509.html

Counterfeit Cashier’s Checks of National Bank of Blacksburg, Blacksburg, Va.
https://www.occ.gov/news-issuances/alerts/2019/alert-2019-7.html

3.電子支付/電子票證/行動支付/ pay/新聞及資安
電子支付、電子票證將整併,悠遊卡未來也能電子轉帳了
https://www.feed1x.com/app/post/5d4faf61462b2406480cd367

電子支付應用大解放!不只能兌外幣、未來還能互相轉帳
https://3c.ltn.com.tw/news/37667

四電子票證機構 搶電支業務
https://money.udn.com/money/story/5613/3983247

中國犯罪集團一棒打死日本小七的「7pay」電子支付
https://newtalk.tw/news/view/2019-08-13/285205

電子支付敬陪末座,詹宏志的下一步!PChome集團整軍搶食「純網銀」大餅
http://bit.ly/2MjCY7Q

4.虛擬貨幣/區塊鍊   新聞及資安
淺論比特幣在民事法律上之定性
http://bit.ly/2YRgFIF

調查局:虛擬通貨易淪為吸金詐騙工具
https://money.udn.com/money/story/5648/3950555

STO法規爭議難解?金管會副主委黃天牧:台灣的STO法令並非特別落後
http://bit.ly/2ZMlVyv

新加坡加密貨幣交易所預計年底將出現加密貨幣市場牛市
http://bit.ly/2Hbkp1J

墜落的以太坊!硬剛比特幣之後 市值佔比已不足8%
https://news.sina.com.tw/article/20190809/32262322.html

數位資產加強資安 搭配硬體錢包找安心
https://m.ctee.com.tw/livenews/aj/a83205002019081117080278?area=

敲詐: Binance與「KYC駭客」的內部談判
http://bitfunance.com/article/665

擬發行兩種平台代幣!韓國SK集團將建立基於區塊鏈的捐贈平台
http://news.knowing.asia/news/dc597ba8-e1ed-4e99-aa65-66555f3c4179

萊特幣(LTC)上週末遭受「大規模粉塵攻擊」,對用戶有什麼影響
https://www.blocktempo.com/binance-academy-found-scalable-dusting-attack/

中國央行發行數位貨幣?其實就是人民幣本尊
http://news.knowing.asia/news/48ccf0a5-b24e-4fdd-ac9f-fe76c789ba81

對加密貨幣友好的銀行並不多,但這家居然要為加密貨幣公司服務
http://news.knowing.asia/news/ee8afc3d-ef30-44aa-8643-e77fd1dfbd5c

紐西蘭稅務局已裁定,加密貨幣收入是合法的
http://news.knowing.asia/news/9feaebe6-41b5-466f-9e0f-2c233fec9602

聯合國報告:南韓交易所 Bithumb,三年內被北韓政府駭了四次
https://www.blocktempo.com/un-investigating-35-north-korean-military-funding-cyberattacks/

公部門共識:台灣 STO 監管在國際上並不落後,將持續與業者溝通
https://blockcast.it/2019/08/12/public-legal-forum-building-consensus-with-public-sector/

刑事局追查乙太幣竊電案 揪出台電內鬼
https://news.tvbs.com.tw/local/1183542

整個幣圈都談盜色變,數位貨幣交易所究竟是如何被盜的
http://news.knowing.asia/news/324bab83-2c30-4f06-a041-4b226aedf2a8

紐西蘭銀行 ASB 大手筆投資「貿易融資區塊鏈」
https://www.blocktempo.com/asb-bank-takes-a-stake-in-tradewindow/

人民幣「破 7」避險效應,中國比特幣交易量激增 50%
https://finance.technews.tw/2019/08/15/china-bitcoin-trading-volume-increase/

整個幣圈都談盜色變,數位貨幣交易所究竟是如何被盜的
http://news.knowing.asia/news/324bab83-2c30-4f06-a041-4b226aedf2a8

加密分析公司報告PIVX鏈存在漏洞並質疑PIVX並無修復計劃
https://www.bishijie.com/kuaixun_372500

加密貨幣交易所監管,將面臨哪些挑戰
http://news.knowing.asia/news/94659c86-d457-4019-9f04-6c0f1c5e6164

數字貨幣行業APT一瞥: Coinbase應對Firefox在野0day攻擊詳情分析
https://www.freebuf.com/articles/blockchain-articles/211069.html

The Chinese State Is Allegedly Sponsoring Attacks on Cryptocurrency Firms
https://beincrypto.com/the-chinese-state-is-allegedly-sponsoring-attacks-on-cryptocurrency-firms/

UN probing 35 North Korean cyberattacks in 17 countries
https://apnews.com/ece1c6b122224bd9ac5e4cbd0c1e1d80

Many blockchain use cases need IoT to succeed, and more
https://www.zdnet.com/article/many-blockchain-use-cases-need-iot-to-succeed-and-more/#ftag=RSSbaffb68

Coinbase drops UK support for privacy-focused Zcash cryptocurrency
https://www.zdnet.com/article/coinbase-drops-uk-support-for-zcash/#ftag=RSSbaffb68

Bitcoin-Related Ransomware Attacks Are Up 365% Since Last Year
https://beincrypto.com/bitcoin-related-ransomware-attacks-are-up-365-since-last-year/

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
中惡意程式攻台 逾全球平均4倍量
https://ec.ltn.com.tw/article/paper/1305549

數位相機 PTP 協定驚爆出現漏洞,駭客可發動 OTP 植入勒索軟體攻擊
https://technews.tw/2019/08/12/canon-dslr-camera-infected-with-ransomware-over-the-air/

照片及相機被鎖!單反都會中勒索軟件
http://bit.ly/33u7tgB

檯面下的風險:認識無檔案式威脅
https://blog.trendmicro.com.tw/?p=61508

外掛藏惡意軟件 作弊被盜個人資訊
http://bit.ly/2Kx79GG

勒索病毒利用Flash漏洞掛馬攻擊,色情網站為傳播源頭
https://guanjia.qq.com/news/n3/2544.html

Cerberus:一個新的Android'銀行惡意軟件出租'出現
https://blog.ehcgroup.io/index.php/2019/08/13/cerberus-surge-un-nuevo-android-banking-malware-for-rent/

Gozi銀行木馬再現,針對高新製造業、進出口企業的“魚叉式攻擊”
https://www.freebuf.com/articles/system/209854.html

Golang蠕蟲氾濫?讓我們揪出其始作俑者
https://www.freebuf.com/articles/system/208777.html

GOOTKIT BANKING TROJAN | 深入研究反分析功能
https://www.sentinelone.com/blog/gootkit-banking-trojan-deep-dive-anti-analysis-features/

Deep Dive into Guildma Malware
https://decoded.avast.io/threatintel/deep-dive-into-guildma-malware/

RANSOMWARE OVERTOOK BANKING TROJANS IN H1 2019 EMAIL MALWARE CAMPAIGNS
https://www.zixcorp.com/resources/blog/august-2019/ransomware-overtook-banking-trojans-in-h1-2019

New "LookBack" Malware Used in Attacks Against U.S. Utilities Sector
https://www.securityweek.com/new-lookback-malware-used-attacks-against-us-utilities-sector

2019-08-12 - DATA DUMP: ICEDID (BOKBOT) INFECTION WITH TRICKBOT
https://www.malware-traffic-analysis.net/2019/08/12/index.html

2019-08-14 - PCAP AND MALWARE FOR AN ISC DIARY ABOUT MEDUSAHTTP
https://www.malware-traffic-analysis.net/2019/08/14/index.html

Canon DSLR Cameras Can Be Hacked With Ransomware Remotely
https://thehackernews.com/2019/08/dslr-camera-hacking.html

Canon DSLR Camera Infected with Ransomware Over the Air
https://www.bleepingcomputer.com/news/security/canon-dslr-camera-infected-with-ransomware-over-the-air/

New Saefko Trojan focuses on stealing your credit card details, crypto wallets
https://www.zdnet.com/article/new-saefko-trojan-focuses-on-stealing-your-credit-card-details/#ftag=RSSbaffb68

Saefko RAT peeks at browser histories to help adversaries form optimal attack plan
http://bit.ly/2YVnMDW

Saefko: A new multi-layered RAT
https://www.zscaler.com/blogs/research/saefko-new-multi-layered-rat

New Ursnif Variant Spreads Through Infected Word Documents
https://www.bankinfosecurity.com/new-ursnif-variant-spreads-through-infected-word-documents-a-12898

New Ursnif Variant Spreading by Word Document
https://www.fortinet.com/blog/threat-research/ursnif-variant-spreading-word-document.html

Cloud Atlas threat group updates weaponry with polymorphic malware
https://www.zdnet.com/article/cloud-atlas-threat-group-updates-weaponry-with-polymorphic-malware/#ftag=RSSbaffb68

Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices
http://bit.ly/2YUwken

Clipsa Malware Steals Cryptocurrency By Targeting Unsecured WordPress Sites
https://latesthackingnews.com/2019/08/12/clipsa-malware-steals-cryptocurrency-by-targeting-unsecured-wordpress-sites/

New variant of Troldesh Ransomware targets victims via compromised website URLs
https://cyware.com/news/new-variant-of-troldesh-ransomware-targets-victims-via-compromised-website-urls-42259560

Cerberus - A new banking Trojan from the underworld
https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html

Cerberus: A New Android 'Banking Malware For Rent' Emerges
https://thehackernews.com/2019/08/cerberus-android-banking-trojan.html

Cerberus: A New Android 'Banking Malware For Rent' Emerges
https://thehackernews.com/2019/08/cerberus-android-banking-trojan.html

Phishing email attack against hotel industry in North America
https://blog.360totalsecurity.com/en/phishing-email-attack-against-hotel-industry-in-north-america/

Cyber-attack compensation claims advice
https://www.dataleaklawyers.co.uk/blog/cyber-attack-compensation-claims-advice

Trojans, ransomware dominate 2018–2019 education threat landscape
https://blog.malwarebytes.com/trojans/2019/08/trojans-ransomware-dominate-2018-2019-education-threat-landscape/

New Norman Cryptominer Uses Dynamic DNS for C2 Communication
https://www.bleepingcomputer.com/news/security/new-norman-cryptominer-uses-dynamic-dns-for-c2-communication/

Norman Cryptominer Employs Sophisticated Obfuscation Tactics
https://threatpost.com/norman-cryptomining-sophisticated-obfuscation/147310/

Varonis Uncovers New Malware Strains and a Mysterious Web Shell During a Monero Cryptojacking Investigation
https://www.varonis.com/blog/monero-cryptominer/

PsiXBot Continues to Evolve with Updated DNS Infrastructure
https://www.proofpoint.com/us/threat-insight/post/psixbot-continues-evolve-updated-dns-infrastructure

Ursnif ups its game with sophisticated VBA and PowerShell combination Dropper
https://www.deepinstinct.com/2019/08/12/ursnif-ups-its-game-with-sophisticated-vba-and-powershell-combination-dropper/

Authors of the new Android Trojan advertise their product and make fun of anti-virus vendors on Twitter
https://adware.guru/authors-of-the-new-android-trojan-advertise-their-product-and-make-fun-of-anti-virus-vendors-on-twitter/

Eine neue Android-Malware namens "Cerberus" kann ausgeliehen werden
https://todotech20.com/ge/eine-neue-android-malware-namens-cerberus-kann-ausgeliehen-werden/

New Android malware available for renting
https://gdpr.report/news/2019/08/14/privacy-new-android-malware-available-for-renting/

DanaBot banking Trojan jumps from Australia to Germany in quest for new targets
https://www.zdnet.com/article/danabot-banking-trojan-jumps-from-australia-to-german-targets/

Review of a Danabot Infection
https://h3collective.io/review-of-a-danabot-infection/

Analysis: New Remcos RAT Arrives Via Phishing Email
https://blog.trendmicro.com/trendlabs-security-intelligence/analysis-new-remcos-rat-arrives-via-phishing-email/

Android users menaced by pre-installed malware
https://nakedsecurity.sophos.com/2019/08/13/android-users-menaced-by-pre-installed-malware/

500,000-Victim Cryptojacking Campaign Proves Increasing Malware Sophistication
https://beincrypto.com/500000-victim-cryptojacking-campaign-proves-increasing-malware-sophistication/

B.行動安全 / iPhone / Android /穿戴裝置 /App
中國大陸工信部:230萬用戶已完成「攜號轉網」
https://news.sina.com.tw/article/20190724/32079366.html

破解率達74%!手機感應器恐使PIN密碼外洩
https://fnc.ebc.net.tw/FncNews/life/94552

手機狂跳出「中獎廣告」 疑是Google廣告出包
https://udn.com/news/story/7087/3983465

手機狂冒中獎訊息 谷歌代理商說話了
http://bit.ly/2KxrHPn

「恭喜您獲得中獎機會!」駭客一步驟解決超煩人的釣魚頁面
https://buzzorange.com/techorange/2019/08/13/avoid-phishing-cyber-security/

iPhone通訊錄 可能成為駭客攻擊目標
https://news.wearn.com/c295696.html

WhatsApp資安亮紅燈 駭客可輕易篡改用戶訊息
https://www.ettoday.net/news/20190812/1510839.htm

iPhone通訊錄成「攻擊目標」 駭客能直接繞過安全機制
https://ck101.com/thread-5020180-1-1.html

Instagram再爆隱私問題!百萬名用戶自介、貼文全被廣告商蒐集了
https://cnews.com.tw/134190811a02/

【自身難保】研究發現近半 Android 防毒軟件有問題
http://bit.ly/2MddhFY

IOS系統bug不斷,蘋果公司豪甩700萬買漏洞!業內良心還是奸商
https://user.guancha.cn/main/content?id=156367&s=fwzxfbbt

沒有安卓 鴻蒙可以救華為手機嗎
http://bit.ly/2MVI0a3

稱三星手機爆炸 男子灼傷手及臉
http://www.mingpaocanada.com/Tor/htm/News/20190809/tad1_r.htm

駭客研發惡毒 Lightning 線 一插即可入侵電腦
http://bit.ly/2KtfevQ

蘋果開出百萬賞金 獎勵駭客入侵iphone回報漏洞
http://bit.ly/31AbtdI

只用 120 秒破解 iPhone Face ID!駭客們怎麼做到的
https://buzzorange.com/techorange/2019/08/13/iphone-faceid-black-hat-hacker-120-seconds/

無密碼時代來臨!Google提供Pixel手機用戶免密碼登入 近日將擴大到安卓設備
https://www.ettoday.net/news/20190813/1512037.htm

Pen Test Partners:眾多品牌的4G行動網路裝置含有安全漏洞
https://ithome.com.tw/news/132406

偽裝手機在美銷售 華為祕密計劃被識破
http://www.epochtimes.com/b5/19/8/13/n11450823.htm

Android 手機傳耗電異常災情!外媒曝可能原因與它有關
https://3c.ltn.com.tw/news/37690

下游電信商提高網安信任度 資安防禦 網路端更重要
http://weekly.invest.com.tw/001.asp?artNo=2052-13-01&OC=open

近 6 成屬國產貨 報告指手機 VPN 程式風險被忽視
http://bit.ly/30bo6Mk

忍無可忍 蘋果控告Corellium以安全為名行侵害iOS之實
https://udn.com/news/story/6811/3992179

蘋果、WebKit團隊合作 發布最新反追蹤策略
http://www.limedia.tw/tech/9713/

科企研監控工具牟利 恐成打壓幫兇
http://bit.ly/31Nnpct

資安專家成功示範以修改過的 Lightning 連接線,透過 iPhone 駭入 Mac
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=906

大量移動App 違法蒐集用戶信息
https://udn.com/news/story/7333/3989589

Push Notifications 101: Security Risks and How to Disable Them Across Devices
https://heimdalsecurity.com/blog/push-notifications-security-risks-how-to-disable/

Testing Android smartphones has made my iPhone feel old and slow
https://www.zdnet.com/article/testing-android-smartphones-has-made-my-iphone-feel-old-and-slow/#ftag=RSSbaffb68

How to securely wipe your iPhones, Android devices, and PCs
https://www.zdnet.com/article/how-to-securely-wipe-your-iphones-android-devices-and-pcs/

How to fix the Android bug that's draining your battery
https://www.zdnet.com/article/how-to-fix-the-android-bug-thats-draining-your-battery/#ftag=RSSbaffb68

Facebook Sues Two Android App Developers for Click Injection Fraud
https://thehackernews.com/2019/08/facebook-ads-click-injection.html

Two weird ways your iPhone or Mac can be hacked
https://www.zdnet.com/article/two-weird-ways-your-iphone-or-mac-can-be-hacked/#ftag=RSSbaffb68

No China, no choice: Why 2019 is the worst smartphone year ever
https://www.zdnet.com/article/no-china-no-choice-why-2019-is-the-worst-smartphone-year-ever/#ftag=RSSbaffb68

Apple's iOS Contacts app claimed to be vulnerable to SQLite hack
https://appleinsider.com/articles/19/08/10/apples-ios-contacts-app-claimed-to-be-vulnerable-to-sqlite-hack

Android Users Can Now Log in to Google Services Using Fingerprint
https://thehackernews.com/2019/08/android-local-user-verification.html

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
擺了乖乖,機房就會自己「乖乖」嗎
https://showipprotocols-tw.blogspot.com/2019/08/no-more-lucky-cookies-ToR.html

不甩政府法令 「愛奇藝」在台徵才恐被罰
https://news.ltn.com.tw/news/life/breakingnews/2884785

美禁蘋果MacBook Pro筆記本電腦登機 有著火風險
http://bit.ly/2KL4gkt

浙江名校畢業生開發賭博軟體 涉案逾4000萬 90嫌落網
http://bit.ly/30g222M

售「港獨T恤」?亞馬遜官網遭中國駭客以五星旗灌爆
https://www.rti.org.tw/news/view/id/2031111

【HITCON CMT 2019 免費開放人才招募刊登專區】
https://blog.hitcon.org/2019/08/HITCON-Recruit.html

敲敲資安的大門:《HackDoor 2019 駭客密室活動》
https://vocus.cc/TeacherComment/5d540a8efd897800012b2335

資安議題熱 電腦及資訊服務業營收創同期新高
https://www.fountmedia.io/article/28809

K8s第一份第三方資安稽核報告出爐!Knative滿週年使用數據大公開
https://ithome.com.tw/news/132407

安全研究人員爆料:中興 Wi-Fi 蛋成黑客溫床
https://m.eprice.com.hk/mobile/talk/4527/213780/1/

安全研究人員爆料:中興的 4G 分享器恐成為駭客溫床
https://m.eprice.com.tw/tech/talk/1141/5376748/1/

老師趁期中考駭進學生手機!才剛抓到證據...模範生起疑提早交卷
https://star.ettoday.net/news/1510701?redirect=1

捷報!臺灣聯隊HITCON x BFKinesiS獲得DEF CON CTF駭客競賽第二名
https://ithome.com.tw/news/132347

美國拉斯維加斯CTF資安攻防賽 台灣獲亞軍
https://www.taiwannews.com.tw/ch/news/3761981

【黑客來襲】電腦被入侵怎麼辦:立法規管VS交付贖金
http://www.etnet.com.hk/www/tc/lifestyle/officetips/larryleung/61503

駭客發威! 發現美F-15戰機大罩門
https://www.chinatimes.com/realtimenews/20190815002365-260417?chdtv

7駭客花2天成功破壞「美F-15關鍵系統」 材料費僅花2萬美元
https://www.ettoday.net/news/20190815/1513863.htm

黑客大會舉行市民慎防駭客活動
https://www.lvcdn.com/news/vegas/20190809/25889.html

火眼報告:APT41受中共指使搞網絡間諜活動
http://bit.ly/2M7i4cd

中國駭客組織APT41利用政府資源盜走遊戲虛擬貨幣以中飽私囊
https://ithome.com.tw/news/132374

調查:陸駭客藉商業攻擊賺外快
http://bit.ly/2ZK7lrj

中共指使駭客組織攻擊特定目標讓北京受益
https://v.chinaqna.com/blog/90045

美國網絡安全公司報告:中國黑客組織獲官方保護並發動攻擊
http://bit.ly/2GZCfEB

不只香港 新加坡也另有警訊
http://bit.ly/2H1UysZ

路透:國台辦砸銀彈企圖買人心 5家台媒收錢做報導
https://tw.news.appledaily.com/international/realtime/20190809/1614247

中共把貨幣當武器!盤點美方反制優勢
http://bit.ly/2MgL2qb

中共社會信用體系下 人被大數據「圈養」
http://www.epochtimes.com/b5/19/8/11/n11445406.htm

中國資訊戰警報!「買台灣不如騙台灣」的資訊戰,你抵擋的了嗎
https://musou.watchout.tw/read/Qj4a0FyKYwHax0B8bJXS

「天網」將破?美國政府禁五家中企採購案後的下一步
https://opinion.udn.com/opinion/story/120611/3988917

中共索護照號碼 澳學者:拒絕
http://bit.ly/306wtZs

加拿大情報局示警 中共經濟間諜活動增加
http://bit.ly/2OPevcF

香港網友強力反制中國網軍 曝光個資幫忙參軍
https://www.cna.com.tw/news/acn/201907240207.aspx

華郵取得密件 指大陸華為疑違規暗助北韓
https://udn.com/news/story/6809/3944855

又違反美國管制禁令?華為助北韓架設無線網路
https://www.cmmedia.com.tw/home/articles/16630

華爾街日報:華為員工助非洲多國政府監控政敵
https://m.ltn.com.tw/news/world/breakingnews/2884916

涉助非洲國家政府監控政敵 華為斥報道失實
https://hk.on.cc/hk/bkn/cnt/cnnews/20190815/bkn-20190815082610644-0815_00952_001.html

美緩對中加徵關稅 經部:網路交換器影響仍大
http://bit.ly/2KM81Gm

川普把中國進口的筆電與手機徵稅日延到12月
https://www.ithome.com.tw/news/132424

美聯邦檢察官指控Capital One事件駭客攻擊了更多目標
https://on.wsj.com/31Lchg9

美國掃雷艦老舊不靈 軟體還用WIN2000
https://www.chinatimes.com/realtimenews/20190811002311-260417?chdtv

北韓對17國發動網路攻擊 瘋狂洗劫626億
https://news.ltn.com.tw/news/world/breakingnews/2886098

美國防部列最優先事項 美軍邁向5G時代
http://bit.ly/308rirI

Kuwait hit in Pyongyang cyberattack
https://gulflance.com/kuwait-hit-in-pyongyang-cyberattack/

Czech Republic ‘s committee blames foreign state for Foreign Ministry Cyberattack
https://securityaffairs.co/wordpress/89864/cyber-warfare-2/czech-republic-cyber-attack.html

Members of Chinese Espionage Group Develop a 'Side Business'
https://www.bankinfosecurity.com/members-chinese-espionage-group-develop-side-business-a-12908

Clever attack uses SQLite databases to hack other apps, malware servers
https://www.zdnet.com/article/clever-attack-uses-sqlite-databases-to-hack-other-apps-malware-servers/#ftag=RSSbaffb68

Canada Is Getting Ready for Quantum Cryptography
https://www.venafi.com/blog/canada-getting-ready-quantum-cryptography

The Black Hat cybersecurity conference app has a cybersecurity problem
https://mashable.com/article/black-hat-cybersecurity-app-vulnerable/

North Dakota’s Big Cybersecurity Vision
https://blog.paloaltonetworks.com/2019/08/north-dakota-cybersecurity-vision/

New Playbooks for Cyber Defense
https://www.bankinfosecurity.asia/interviews/new-playbooks-for-cyber-defense-i-4412

B-電子金融處-企業網路銀行規劃營運人員
https://www.104.com.tw/job/6om5i

【NCCST-技服中心】資安鑑識工程師(台南)
https://www.1111.com.tw/job/85898199/?agent=out_gds_ewo_happiness

【NCCST-技服中心】MIS工程師(台南)
https://www.1111.com.tw/job/85898378/?agent=out_gds_ewo_happiness

【NCCST-技服中心】系統工程師(台南)
https://www.1111.com.tw/job/85897975/?agent=out_gds_ewo_happiness

【NCCST-技服中心】資安工程師(台南)
https://www.1111.com.tw/job/85898205/?agent=out_gds_ewo_happiness

【NCCST-技服中心】資安檢測工程師(台南)
https://www.1111.com.tw/job/85898004/?agent=out_gds_ewo_happiness

[新竹]新竹市政府教育處徵資安分析師
https://www.ptt.cc/bbs/Tech_Job/M.1565766500.A.206.html

機器學習研發工程師(Big Data/Machine Learning)
https://m.104.com.tw/job/6p1qu?jobsource=m_cust_same_on

招商銀行總行信息技術部安全團隊招聘
https://www.anquanke.com/post/id/184275

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
滙豐銀行提醒慎防偽冒電郵
http://bit.ly/2KBLYlE

紐約時報:中共對香港發動「假信息戰」
https://www.ntdtv.com/b5/2019/08/14/a102644197.html

資安業者警告:Amazon EBS配置不當造成眾多機密資料曝光
https://ithome.com.tw/news/132380

點網頁出現釣魚頁面怎解決?聽專業駭客解釋
https://news.cts.com.tw/cts/life/201908/201908111970882.html

玩家信用卡遭盜刷!Epic Games面臨集體訴訟
http://bit.ly/33pydio

「你的臉被偷了嗎?」批踢踢創始神曝...玩人臉遊戲5種下場
https://www.ettoday.net/news/20190809/1509659.htm

信用卡提額騙局!一條短信就能騙光你卡里所有的錢
https://www.fengli.com/news/23385920.html

網路詐騙案如何應對?廣發信用卡來支招
https://news.sina.com.tw/article/20190809/32252326.html

幫網友銀行開戶 女差點淪詐欺共犯
https://news.ltn.com.tw/news/Tainan/breakingnews/2879915

統一培訓發展下線 網路交友詐騙團伙冒充女性騙錢財
https://news.sina.com.tw/article/20190809/32252242.html

男假冒胞兄辦卡盜刷盜領款 判刑1年10月
https://www.cna.com.tw/news/asoc/201908090165.aspx

遭胞弟盜辦信用卡刷120萬 男子提告自保
https://news.ltn.com.tw/news/society/breakingnews/2879365

弟冒用哥名義辦卡盜刷 最後由老媽出來擦屁股
https://udn.com/news/story/7321/3979366

接警非緊急部門普通話電話 華裔遭索個人資料信用卡號 警方同日接數市民查詢 稱屬詐騙
http://www.mingpaocanada.com/Tor/htm/News/20190809/tac1_r.htm

收到驗證碼,網銀遭盜刷!大渡口警方破獲首例“嗅探”技術新型盜案
http://www.sohu.com/a/331834132_355653

電信詐騙趨向精準化:「遍地撒網」變成「重點捕魚」
https://news.sina.com.tw/article/20190723/32055714.html

澳大利亞發生多起中國公民遭電信詐騙案 使館吁防範
https://news.sina.com.tw/article/20190723/32059126.html

接到陌生來電「小妹妹狂道歉」! 她心軟按下一鍵...162萬全沒了
https://www.ettoday.net/news/20190723/1495508.htm

洛陽警方偵破一起詐騙案
http://news.lyd.com.cn/system/2019/07/30/031435503.shtml

遭遇騙局還不聽勸?電話打到你聽勸!支付寶推出首個防騙「叫醒熱線」
https://news.sina.com.tw/article/20190718/32011964.html

被指入侵Capital One的駭客是如何從雲端竊取數據的
https://on.wsj.com/2Mk4W3B

撿提款卡猜出密碼盜領46萬 判罰1萬關半年
https://news.ltn.com.tw/news/society/breakingnews/2881623

詐騙公司員工「演技」在線,扮銀行工作人員致20多人中招
http://bit.ly/2Kvx6GF

防假保單詐騙 兩管道反向查證
http://www.merit-times.com/NewsPage.aspx?unid=559584

教科書級「銀行」詐騙!他是這樣騙上市公司1.5億的,逃亡泰國4年後終究被抓
https://news.sina.com.tw/article/20190810/32268028.html

詐騙7年 新壽業務員侵占保費2,000萬
https://money.udn.com/money/story/5648/3983273

保險公司查15萬人網上醫療記錄 搜證以拒絕賠償
http://bit.ly/33szSUi

偽造成績單 友邦經紀判緩刑
https://hk.news.appledaily.com/local/daily/article/20190810/20746521

電騙黨手法再升級 冒警專線套取個資
http://bit.ly/2H3dhnX

你的個資不再是你的:當心數位足跡留痕難抹去
https://newtalk.tw/news/view/2019-08-12/284805

網路學習「假分期、真貸款」糾紛多 消保處新規範遏止
http://bit.ly/31zBs57

辦理ETC卡可能會被盜刷 小心辦卡「潛規則」
https://news.sina.com.tw/article/20190812/32283724.html

派私人調查員闖YouTuber住處?玩家發起拒買《Borderlands 3》
http://bit.ly/33xbAZi

接到自稱是銀行專員,並且詢問用卡習慣,但打去該行才發現那是詐騙
https://www.bc3ts.com/post/21665

警破網戀詐騙團夥拘11人 涉案金額逾200萬人民幣
https://hk.on.cc/hk/bkn/cnt/cnnews/20190813/bkn-20190813065058481-0813_00952_001.html

騙徒利用前新加坡總理的名字來進行比特幣投資詐騙
http://bit.ly/2KHSUxr

境外匯款  小心有詐  士林警識破詐騙手法機警阻詐
https://times.hinet.net/news/22505151

警籲民眾慎防手機被綁架
http://bit.ly/2H60XTH

郵儲銀行開展支付安全與防範電信網路新型欺詐宣傳
https://news.sina.com.tw/article/20190814/32308038.html

母湯用外掛,資安公司曝《要塞英雄》外掛會竊取使用者個資
https://tw.esports.yahoo.com/fortnite-065318537.html

駭客論壇Cracked.to資料庫遭競爭對手公布
https://www.ithome.com.tw/news/132427

從個人資料保護 看資安
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=8751

美媒:臉書聘數百人 轉錄用戶語音對話
http://bit.ly/2H4NfjV

保全公司雲端平台漏洞,讓千萬用戶指紋、人臉及個資曝險
https://ithome.com.tw/news/132441

英國爆發嚴重生物辨識資訊資安事件,百萬人指紋、面孔與帳密完全未經加密存放
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=908

廠商持假發票詐貸銀行 調查局大規模搜索
https://money.udn.com/money/story/5648/3991263

最新電話詐騙 PSE&G電氣公司發警告
http://www.epochtimes.com/b5/19/8/15/n11456066.htm

網購網戀詐騙橫行 「+」號電話、購虛擬幣勿輕信
http://bit.ly/2Nhfpwn

網絡攻擊瞄準個人銀行,談談5個典型攻擊手段
https://www.freebuf.com/articles/network/211150.html

Invoice釣魚郵件姿勢多,進出口企業機密信息易洩漏
https://www.freebuf.com/articles/system/210012.html

Crime Gangs Increasingly Turn to Online Fraud, UK Police Warn
https://www.bankinfosecurity.eu/crime-gangs-increasingly-turn-to-online-fraud-uk-police-warn-a-12916

Security warning for software developers: You are now prime targets for phishing attacks
https://www.zdnet.com/article/security-warning-for-software-developers-you-are-now-prime-targets-for-phishing-attacks/

Report: SEC Investigates First American Data Exposure
https://www.bankinfosecurity.asia/report-sec-investigates-first-american-data-exposure-a-12910

SEC Investigating Data Leak at First American Financial Corp.
https://krebsonsecurity.com/2019/08/sec-investigating-data-leak-at-first-american-financial-corp/

Four major dating apps expose precise locations of 10 million users
https://www.zdnet.com/article/four-major-dating-apps-expose-precise-locations-of-10-million-users/#ftag=RSSbaffb68

FBI seeks to monitor Facebook, oversee mass social media data collection
https://www.zdnet.com/article/fbi-seeks-to-monitor-facebook-oversee-mass-social-media-data-collection/#ftag=RSSbaffb68

Threesome app exposes user data, locations from London to the White House
https://www.zdnet.com/article/threesome-app-exposes-user-data-pics-from-london-to-the-white-house/#ftag=RSSbaffb68

South Korea New Target for Payment Fraud
https://www.bankinfosecurity.com/south-korea-new-target-for-payment-fraud-a-12897

Scammers increasingly hide behind legitimate company websites to spawn phishing mails
https://www.scmagazineuk.com/scammers-increasingly-hide-behind-legitimate-company-websites-spawn-phishing-mails/article/1593447

Get creative: The average US user recycles online passwords at least four times
https://www.zdnet.com/article/get-creative-the-average-us-user-recycles-online-passwords-at-least-four-times/#ftag=RSSbaffb68

Hundreds of exposed Amazon cloud backups found leaking sensitive data
https://techcrunch.com/2019/08/09/aws-ebs-cloud-backups-leak/

SEC Investigating Data Leak at First American Financial Corp.
https://krebsonsecurity.com/2019/08/sec-investigating-data-leak-at-first-american-financial-corp/

Choice Hotels: 700,000 Guest Records Exposed
https://www.bankinfosecurity.asia/choice-hotels-700000-guest-records-exposed-a-12913

Fake Twitter Accounts Launch Anti-India Propaganda Campaign
https://www.bankinfosecurity.asia/fake-twitter-accounts-launch-anti-india-propaganda-campaign-a-12914

Responding to Firefox 0-days in the wild
https://blog.coinbase.com/responding-to-firefox-0-days-in-the-wild-d9c85a57f15b

Major biometrics data leak impacts UK Metropolitan Police, banks, enterprise companies
https://www.zdnet.com/article/major-biometrics-data-leak-impacts-police-banks-enterprise-companies/#ftag=RSSbaffb68

Report: Data Breach in Biometric Security Platform Affecting Millions of Users
https://www.vpnmentor.com/blog/report-biostar2-leak/

White Hats Breach Biometrics Database: 27.8 Million Records Exposed
https://www.cbronline.com/news/biostar-2-vpnmentor

Capital One hacker took data from more than 30 companies, new court docs reveal
https://www.zdnet.com/article/capital-one-hacker-took-data-from-more-than-30-companies-new-court-docs-reveal/#ftag=RSSbaffb68

E.研究報告
LiveZilla實時聊天應用7大漏洞解析
https://xz.aliyun.com/t/5902

網絡安全重大事件判定指南
https://www.freebuf.com/articles/network/211133.html

2019上半年網絡安全應急響應分析報告
https://www.freebuf.com/articles/paper/210447.html

由一道工控路由器固件逆向題目看命令執行漏洞
https://zhuanlan.zhihu.com/p/77410505

【漏洞預警】KDE Frameworks遠程命令執行(CVE-2019-14744)漏洞
https://www.secpulse.com/archives/110558.html

CVE-2019-0193 Apache Solr遠程命令執行漏洞分析
https://xz.aliyun.com/t/5941

Ghostscript沙箱繞過命令執行漏洞(CVE-2019-10216) 預警
https://www.secrss.com/articles/12889

記一次xss漏洞挖掘
https://zhuanlan.zhihu.com/p/77639006

路由器漏洞挖掘之TEW_645TR_1.12 sql 注入分析
https://www.anquanke.com/post/id/183871

D-Link系列路由器漏洞挖掘
https://www.cnblogs.com/17bdw/p/11345345.html

內核漏洞挖掘技術系列(6)——使用AFL進行內核漏洞挖掘
https://xz.aliyun.com/t/5943

免殺webshel​​l的無限生成工具(免殺一句話生成|免殺d盾|免殺安全狗護衛神河馬查殺等一切WAF)
https://github.com/yzddmr6/webshell-venom

警惕Elasticsearch淪為殭屍網絡
https://www.freebuf.com/articles/network/209564.html

CVE-2019-11270:Cloud Foundry UAA中的提權漏洞分析
https://www.anquanke.com/post/id/183810

CVE-2019-1181/1182:遠程桌面服務中的蠕蟲漏洞警告
https://www.linuxidc.com/Linux/2019-08/160043.htm

安全心經| 吳承恩都不知道的《西遊記》
https://www.aqniu.com/vendor/53067.html

內網攻防備忘錄
https://www.freebuf.com/articles/network/210298.html

新型JSNEMUCOD病毒样本分析报告
https://www.freebuf.com/articles/terminal/209769.html

ARP欺騙繞過Android TV BOX分析
https://www.freebuf.com/articles/network/209780.html

Dockernymous:一款基於Docker容器的Whonix網關工作站安全環境搭建工具
https://www.freebuf.com/sectool/209607.html

WatchBog新型變種分析
https://www.freebuf.com/articles/network/209956.html

Pown-Duct:一款功能強大的盲注攻擊檢測工具
https://www.freebuf.com/sectool/209584.html

Rock-ON:一款多功能合一的網絡偵察工具
https://www.freebuf.com/articles/network/208923.html

Trojans, ransomware dominate 2018–2019 education threat landscape
https://blog.malwarebytes.com/trojans/2019/08/trojans-ransomware-dominate-2018-2019-education-threat-landscape/

An easy ATT&CK-based Sysmon hunting tool
https://github.com/baronpan/SysmonHunter

LLDBFuzzer: Debugging and Fuzzing the Apple Kernel with LLDB Script
http://bit.ly/2GUwFDh

Seccomp Tools : Provide Powerful Tools For Seccomp Analysis
https://kalilinuxtutorials.com/seccomp-tools/

HackerTarget : Tools And Network Intelligence To Help Organisations With Attack Surface Discovery
https://kalilinuxtutorials.com/hackertarget-tools-and-network-intelligence/

Cloud Forensics: Google Drive
https://netseedblog.com/security/cloud-forensics-google-drive/

LLDBFuzzer: Debugging and Fuzzing the Apple Kernel with LLDB Script
http://bit.ly/2GUwFDh

Threat Research Finding Evil in Windows 10 Compressed Memory, Part One: Volatility and Rekall Tools
https://www.fireeye.com/blog/threat-research/2019/07/finding-evil-in-windows-ten-compressed-memory-part-one.html

Threat Research Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive
https://www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-two.html

Threat Research Finding Evil in Windows 10 Compressed Memory, Part Three: Automating Undocumented Structure Extraction
https://www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-three.html

All-in-one bundle of MISP, TheHive and Cortex
https://github.com/pe3zx/mthc

F.商業
訊連推出金融AI刷臉辨識 高精準度2D、3D臉部防偽
https://www.ettoday.net/news/20190718/1493196.htm

Openfind發表雲端資安生態圈聯盟
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000565606_7u77pzuelrbl0g7tpds1k

關貿網路攜手中醫附醫 攻醫療行動支付
https://ec.ltn.com.tw/article/breakingnews/2882244

電腦及資訊服務業 Q2營收創新高
http://bit.ly/2OU6t2n

剖析資通安全管理法 綜觀資安管理國際標準新趨勢
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&cat=60&id=0000565827_vmi9wc2x1pvpdg8pbp91e

微軟中小企業授權方案將不再提供Office永久版
https://www.ithome.com.tw/news/132392

關貿網路 策略性投資將來銀行2.1億元
https://www.chinatimes.com/realtimenews/20190814003524-260410?chdtv

效果不大,Chrome、Firefox將縮減EV簽章標示
https://www.ithome.com.tw/news/132416

加入純網銀國家隊展拳腳 關貿投資將來 爭一席董事
http://bit.ly/2Z5xT98

30而「力」!合勤從「設備研發製造商」到「解決方案服務商」的華麗轉身
https://www.techbang.com/posts/72057-30th-anniversary-of-co-attendance

思科攜手北市府 培育數位人才
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/7DEEB5510D714ABD93C0C42245EDFD86

Google推出網頁應用程式遙測工具
https://www.ithome.com.tw/news/132429

台灣大公有雲「運算雲 Plus」上線,年底前預計逾 40 家企業導入
https://technews.tw/2019/08/15/taiwan-mobile-easpnet-vmwa/

Kaspersky 亞太區設首家透明中心
http://bit.ly/2yYOi0w

區塊科技結合資安鑑識,用區塊鏈技術提升「數位蒐證」可信度
http://bit.ly/2N61yc3

Let Experts Do Their Job – Managed WAF by Indusface
https://thehackernews.com/2019/08/apptrana-waf-vulnerability-scanner.html

Microsoft is phasing out the Basic edition of Azure Active Directory
https://www.zdnet.com/article/microsoft-is-phasing-out-the-basic-edition-of-azure-active-directory/#ftag=RSSbaffb68

Microsoft names top security researchers, zero-day contributors
https://www.zdnet.com/article/microsoft-names-top-security-researchers-zero-day-contributors/#ftag=RSSbaffb68

Broadcom Reaches $10.7B Deal to Buy Symantec Enterprise
https://www.bankinfosecurity.com/broadcom-reaches-107b-deal-to-buy-symantec-enterprise-a-12896

Top 10 security extensions for Google Chrome
https://www.zdnet.com/article/top-10-security-extensions-for-google-chrome/#ftag=RSSbaffb68

Windows Virtual Desktop Is Feature Complete
https://www.petri.com/windows-virtual-desktop-is-feature-complete

G.政府
明年千億元科技預算 政院將投入5G、自駕車及資安
https://udn.com/news/story/7238/3980256?from=udn-ch1_breaknews-1-cate6-news

金管會宣示3大重點:理專控管、雲端委外及違約金計收
https://money.udn.com/money/story/5613/3966605

保險業應設置公司治理主管 保險業內部控制及稽核制度實施辦法修正
https://www.lawbank.com.tw/news/NewsContent.aspx?NID=162319

強化資安 充實資訊設備 臺東縣府將汰換310台電腦
https://news.sina.com.tw/article/20190810/32267258.html

NCC獲2660萬補助 將投入5G實證與資安研究計畫
https://www.cna.com.tw/news/ahel/201908140233.aspx

金管會列保險業常見缺失 顧立雄:再犯就不客氣了
https://udn.com/news/story/7239/3989244

5G明年上路 NCC:得標廠商須報告資安管理程度
http://bit.ly/2H7amuv

政府領域資安聯防監控說明會
https://www.nccst.nat.gov.tw/HandoutDetail?lang=zh&seq=1283

H.ICS/SCADA 工控系統
雲端工控安全保衛戰
https://www.freebuf.com/articles/ics-articles/211300.html

HVACking: Understanding the Delta Between Security and Reality
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/hvacking-understanding-the-delta-between-security-and-reality/

Introduction to SCADA security
https://securityboulevard.com/2019/08/introduction-to-scada-security/

ICS/SCADA security overview
https://securityboulevard.com/2019/08/ics-scada-security-overview/

Physical security for ICS/SCADA environments
https://securityboulevard.com/2019/08/physical-security-for-ics-scada-environments/

Securing OT in the Energy and Utilities Sector
https://advancedmanufacturing.org/securing-ot-in-the-energy-and-utilities-sector/

Global Cyber Alliance Unveils Free IoT Security Platform
https://www.iotworldtoday.com/2019/08/15/global-cyber-alliance-unveils-free-iot-security-platform/

I.教育訓練
git提供分散式版本控制 GitHub存放個人網頁空間  善用gh-pages分支功能 無料架設靜態網站
https://www.netadmin.com.tw/netadmin/zh-tw/technology/89C148A5BC09490785753668A11280B8

10個新手必知的 JavaScript 實用技巧
http://bit.ly/2YNkMKz

【機器學習懶人包】從數據分析到模型整合,各種好用的演算法全都整理給你啦
https://buzzorange.com/techorange/2019/08/13/machine-learning-algorithm-collection/

MIS想跨入資安領域,SSCP是最好的入門鑰匙
https://ithome.com.tw/pr/132405

淺談MSF滲透測試
https://www.freebuf.com/news/210292.html

List of Open Source C2 Post-Exploitation Frameworks
http://pentestit.com/list-of-open-source-c2-post-exploitation-frameworks/

Gaining code execution using a malicious SQLite database
https://research.checkpoint.com/select-code_execution-from-using-sqlite/

Sysmon Deep Dive Part 1: EventID 1 Process Create
https://www.peerlyst.com/posts/sysmon-deep-dive-part-1-eventid-1-process-create-lee-archinal

FREE DOWNLOAD: the best training, courses and ebooks on cybersecurity (2019's version)
https://www.peerlyst.com/posts/free-download-the-best-training-courses-and-ebooks-on-cybersecurity-2019-s-version-peerlyst

Top DFIR Tools - 2019 edition
https://www.peerlyst.com/posts/top-dfir-tools-2019-edition-david-dunmore

Price Dropped: Get Lifetime Access to Cisco Certification Courses 2019
https://thehackernews.com/2018/06/cisco-certification-training.html

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
遙控鑰匙沒那麼安全! 網實測:1秒解鎖開走
https://news.tvbs.com.tw/life/1182516

你有多愛車? 有人在手臂植入 Tesla Model 3 晶片鑰匙
https://www.kocpc.com.tw/archives/274484

電子裝置的揚聲器成了駭客的目標,還把聲音當成武器
https://technews.tw/2019/08/13/hackers-can-turn-everyday-speakers-into-acoustic-cyberweapons/

是德科技網路安全產品全面防禦車聯網攻擊
http://bit.ly/2YFXGp4

全面檢視IT/OT資產 發現可疑的網路行為
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=8748

智能喇叭成黑客攻擊對象 聲波攻擊成真
http://bit.ly/2ZZpx09

SMART ENERGY MONITORING AND CONTROLLED SMART SECURITY
https://www.iot-contest.bisinfotech.com/2019/08/08/smart-energy-monitoring-and-controlled-smart-security/

6.近期資安活動及研討會
 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 108 年度臺灣學術網路危機處理中心資安巡迴研討會 -資安趨勢暨網路安全概要  8/19 ~ 8/27
 http://www.hssh.tp.edu.tw/ezfiles/1/1001/attach/42/pta_17520_7551835_06329.pdf

 台灣駭客年會 HITCON Summer Training 2019 - 學生報名  2019-08-19 ~ 2019-08-22
 https://www.accupass.com/event/1906050919271598677460

 工業自動化資安攻擊與防護 8/21
 https://www.moea.gov.tw/MNS/populace/news/NewsAction.aspx?menu_id=43&news_id=86058

 ᅵYahoo奇摩電商專題講座ᅵ 我們與詐騙的距離_電商不可承受的資安之重  8/21
 https://www.accupass.com/event/1906120307261445013215

 資訊安全攻防實務- 企業紅藍隊對抗演練實務  08/21 星期三 09:00 ~ 08/23 星期五 16:30
 https://www.moea.gov.tw/Mns/populace/news/NewsAction.aspx?menu_id=43&news_id=86049

 WEB應用滲透測試 8/21 ~ 8/23
 https://www.accupass.com/event/1904080221358963463590

 Thinking Thursday 第三場 8/22
 https://www.meetup.com/Thinking-Thursday/events/lrqddryzlbdc/

 台灣駭客年會 HITCON Community 2019  2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8)
 https://www.accupass.com/event/1906040921594609934250

 第四屆臺灣好厲駭~開放報名 至108年8月26日(一)下午5點截止
 http://bit.ly/2ZlpP0Q

 NISRA Enlightened 2019 2019/08/26 ~ 2019/08/29
 https://nisra.kktix.cc/events/2019enlightened

 數位政府高峰會 2019  8/28
 https://egov.ithome.com.tw/

 ModernWeb 19  8/28 ~ 8/29
 https://modernweb.tw/

 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==

 108年資安職能訓練-行動裝置安全(8/29-8/30)
 https://cee.ksu.edu.tw/recruitinfo/1443.html

 2019 NGO 資安種子講師訓練 8/29
 https://ocftw.kktix.cc/events/cscs2019tot

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  9/6
 https://signupcybersec101.ithome.com.tw/

 交通大學亥克書院-B022:基礎網頁安全與滲透測試<新竹場次> 9/7
 https://hackercollege.nctu.edu.tw/?p=1079

 資訊安全管理系統-基礎課程(免費!)9/8
 https://www.accupass.com/event/1907160853513957042270

 【AWS資安】Security Engineering on AWS​高級課程 9/9 ~ 9/11
 https://www.accupass.com/event/1905150854571147685105

 CDX2.0推廣活動 - 台北場次 9/10
 https://nchc-cdx.kktix.cc/events/cdxactivity-0910

 Kubernetes Summit 9/11
 https://summit.ithome.com.tw/kubernetes/

 台灣賽門鐵克年度資安論壇  9/12
 https://zh.surveymonkey.com/r/symantec_0912

 Cyber Attack Taipei Series 2019  9/17
 https://www.eventbrite.com/e/cyber-attack-taipei-series-2019-tickets-68951581035

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  9/20
 https://signupcybersec101.ithome.com.tw/

 金融資安培訓課程 9/20
 https://twap.deloitte.com.tw/DTLCRA/Works/CourseDetail.aspx?CourseID=T1906002

 資策會開辦「認證系統安全從業人員 SSCP 輔導班」2019/9/21
 https://ithome.com.tw/pr/131772

 交通大學亥克書院-A011:入侵行為發覺與應變指南 9/21
 https://hackercollege.nctu.edu.tw/?p=1082

 資訊安全管理系統-進階課程(免費!)9/21
 https://www.accupass.com/event/1907160908138705889800

 TANET 2019 - 臺灣網際網路研討會  9/25
 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310

 交通大學亥克書院-B022:基礎網頁安全與滲透測試 9/28
 https://hackercollege.nctu.edu.tw/?p=1084

 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/

 交通大學亥克書院-A006:數位足跡追蹤與分析 10/19
 https://hackercollege.nctu.edu.tw/?p=1088

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  10/25
 https://signupcybersec101.ithome.com.tw/

 交通大學亥克書院-A015:進階網頁滲透測試 10/26
 https://hackercollege.nctu.edu.tw/?p=1090

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/8
 https://signupcybersec101.ithome.com.tw/

 交通大學亥克書院-P006:高階網頁滲透測試 11/16
 https://hackercollege.nctu.edu.tw/?p=1092

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/29
 https://signupcybersec101.ithome.com.tw/

 交通大學亥克書院-B015:惡意程式檢測 11/30
 https://hackercollege.nctu.edu.tw/?p=1098

 交通大學亥克書院-A018:企業網域控管-Active Directory攻擊與防禦  12/14
 https://hackercollege.nctu.edu.tw/?p=1094

 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

留言

這個網誌中的熱門文章

Capture the flag資源分享綜整

Capture the flag, CTF,是由古代軍事戰爭演變而來。軍旗在戰場上象徵兩軍戰況,當有一方軍旗被敵軍奪取或落在地上,代表該方戰敗。當這樣的攻防搶旗演變到現代的電子遊戲裡,通常就演變成團隊遊戲模式,由兩隊人馬互相前往對方的基地奪旗,奪旗成功回合次數多者得勝。

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/