資安事件新聞週報 2019/10/14 ~ 2019/10/18
1.重大弱點漏洞/後門/Exploit/Zero Day
Juniper 10月產品安全性更新公告
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
GitHub 首席安全工程師:Linux 暗藏嚴重漏洞,存在至少4 年
https://www.infoq.cn/article/WSWoSgGNk9iz0Had5XmU?utm_source=rss&utm_medium=article
FDA對影響醫療裝置和醫院網路的URGENT/11漏洞發出警報
https://blog.trendmicro.com.tw/?p=62255
BMC Software Patrol Agent 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17043
ReportLab 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17626
BIND 多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/10/17/isc-releases-security-advisories-bind
LimeSurvey 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17660
HiNet GPON 3097 埠允許遠端執行任意指令
https://tvn.twcert.org.tw/taiwanvn/TVN-201908005
NETGEAR JNR1010 訪問控制錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-11014
TOPMeeting 全球行動視訊會議系統含有機敏資料暴露漏洞
https://tvn.twcert.org.tw/taiwanvn/TVN-201907002
Sonatype Nexus Repository Manager 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15893
Firefox部署程式碼注射攻擊保護
https://www.ithome.com.tw/news/133620
Firefox Blocks Inline and Eval JavaScript on Internal Pages to Prevent Injection Attacks
https://thehackernews.com/2019/10/firefox-javascript-injection.html
DEVCORE 剖析 Mail2000 漏洞已於去年修補正式聲明
https://www.openfind.com.tw/taiwan/news_detail.php?news_id=10198
賽門鐵克修補讓Windows出現藍屏的臭蟲
https://www.ithome.com.tw/news/133633
甲骨文產品多個漏洞
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Oracle Java SE和Java SE Embedded 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949
Oracle Releases October 2019 Security Bulletin
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
WebLogic 高危漏洞预警(CVE-2019-2891、CVE-2019-2890)
https://linux.cn/article-11475-1.html
CVE-2019-2890:WebLogic 反序列化漏洞預警
https://cert.360.cn/warning/detail?id=3a5202c8079525b65e79929582b64c47
Cisco Firepower Management Center 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15270
Cisco SPA100 Series Analog Telephone Adapters 緩衝區錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15240
Cisco TelePresence Collaboration Endpoint Software 權限許可和訪問控制問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15277
Cisco TelePresence Collaboration Endpoint Software 操作系统命令注入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15274
思科 Firepower Management Center 遠端執行任意程式碼漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce
思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x
GNU patch代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638
TYPO3 SLUB: Event Registration 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16700
Linux的sudo指令遭爆含有可取得最高權限的安全漏洞
https://times.hinet.net/news/22604366
Linux Sudo 指令漏洞,可使受限用戶直接取得 root 權限
https://www.twcert.org.tw/tw/cp-104-3012-e9ff5-1.html
Linux SUDO Bug Lets You Run Commands as Root, Most are Unaffected
https://www.bleepingcomputer.com/news/linux/linux-sudo-bug-lets-you-run-commands-as-root-most-are-unaffected/
Linux security hole: Much sudo about nothing
https://www.zdnet.com/article/linux-security-hole-much-sudo-about-nothing/#ftag=RSSbaffb68
CVE-2019-14287 Linux SUDO
https://access.redhat.com/security/cve/cve-2019-14287
phpMyAdmin 被發現 0-day 漏洞
https://blog.twnic.net.tw/2019/10/17/5301/
HP Touchpoint Analytics漏洞影響大量惠普電腦
https://nosec.org/home/detail/3036.html
惠普電腦的預裝應用出現漏洞,可能將允許駭客完全接管系統
https://ek21.com/news/tech/150931/
HP跟機程式漏洞 數百萬用家隨時被黑
http://bit.ly/2IRHUxs
Vulnerability found and fixed in HP bloatware
https://www.zdnet.com/article/vulnerability-found-and-fixed-in-hp-bloatware/#ftag=RSSbaffb68
Magento新的ZEND FRAMEWORK安全漏洞
http://blog.itpub.net/69950643/viewspace-2659688/
新版macOS Catalina許多App無法運作?原因在於全面升級64位元架構
http://one19810109.blogspot.com/2019/10/macos-catalinaapp64.html
macOS Catalina郵件程式現漏洞 用戶數據資訊或違失
http://bit.ly/2q9G30p
macOS Catalina warning: Don't upgrade if you rely on a Drobo 8D
https://www.zdnet.com/article/macos-catalina-warning-dont-upgrade-if-you-rely-on-a-drobo-8d/#ftag=RSSbaffb68
These are the Apple macOS Catalina 10.15 security updates you need to know about
https://www.zdnet.com/article/these-are-the-macos-catalina-10-15-security-updates-you-need-to-know-about/#ftag=RSSbaffb68
Tor Project removes 13.5% of current servers for running EOL versions
https://www.zdnet.com/article/tor-project-removes-13-5-of-current-servers-for-running-eol-versions/#ftag=RSSbaffb68
將書本知識用於實踐,實習大學生指出企業設備“漏洞”
http://news.cjn.cn/sywh/201910/t3468439.htm
警告:針對Windows PC的威脅性BlackHole漏洞利用工具包現已免費提供給黑客
https://www.enigmasoftware.com/zh-hans/blackhole-exploit-kit-available-free-hackers/
微軟Windows 10更新助手(Update Assistant)中的一個安全漏洞使攻擊者可以執行具有SYSTEM權限的代碼
https://m.cnbeta.com/view/898521.htm
Windows 10 更新小幫手暗藏漏洞,Microsoft 建議用戶盡快安裝更新
https://www.kocpc.com.tw/archives/285759
Microsoft Dynamics 365跨站脚本漏洞
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1375
Microsoft and NIST partner to create enterprise patching guide
https://www.zdnet.com/article/microsoft-and-nist-partner-to-create-enterprise-patching-guide/#ftag=RSSbaffb68
Microsoft SharePoint跨站脚本漏洞
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1070
微軟再發佈IE漏洞例外修補程式,所有版本都要安裝
https://www.ithome.com.tw/news/133453
Microsoft Internet Explorer遠程代碼執行漏洞
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1239
微軟Windows 7付費延伸支援方案,開放中小企業購買
https://www.ithome.com.tw/news/133373
What to expect from Windows 10 November 2019 Update: A pleasant surprise
https://www.zdnet.com/article/what-to-expect-from-windows-10-november-2019-update-a-pleasant-surprise/#ftag=RSSbaffb68
Microsoft Defender 'Tamper Protection' reaches general availability
https://www.zdnet.com/article/microsoft-defender-tamper-protection-reaches-general-availability/#ftag=RSSbaffb68
黑客揭露了 3 個未修補的微軟零日漏洞,微軟可能會在其下個月的安全補丁修補漏洞
https://www.chainnews.com/zh-hant/articles/077795099700.htm
Adobe Acrobat與Reader應用程式存在多個安全漏洞,允許攻擊者遠端執行任意程式碼,請儘速確認並進行更新
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1110
Exim存在安全漏洞(CVE-2019-16928),允許攻擊者遠端執行任意程式碼,請儘速確認並進行更新
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1109
Adobe修補82個安全漏洞,68個涉及Acrobat與Reader
https://www.ithome.com.tw/news/133637
Adobe Releases Out-of-Band Security Patches for 82 Flaws in Various Products
https://thehackernews.com/2019/10/adobe-software-patches.html
Adobe Releases Acrobat and Reader Security Updates
https://helpx.adobe.com/security/products/acrobat/apsb19-49.html
WordPress Releases Security Update
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
TYPO3 freeCap CAPTCHA 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16699
JVNVU#93621261 Pulse Secure VPN における複数の脆弱性
https://jvn.jp/vu/JVNVU93621261/
JVN#97845465 LINE (Android版) における複数の整数オーバーフローの脆弱性
https://jvn.jp/jp/JVN97845465/
JVNVU#91825432 Apple Swift における脆弱性に対するアップデート
https://jvn.jp/vu/JVNVU91825432/
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
百年傳統銀行出身,見證手工到網路時代,他是最資深的網銀「高年級實習生」
https://www.storm.mg/article/1760979
永豐銀行行動金融卡業務終止公告
https://mma.sinopac.com/MMA8/mma/html/news/news190726-h1.html
保發中心攜KPMG 傳授IFRS 17教戰守則
https://money.udn.com/money/story/5636/4103989
電商平臺再遭Magecart駭客攻擊,影響數千家網站
https://ek21.com/news/tech/151095/
APPLE CARD沒實體卡片仍爆盜刷 疑付款系統遭入侵
http://bit.ly/2MHPOKU
PSA: Despite focus on security, the physical Apple Card is still susceptible to cloning
https://9to5mac.com/2019/10/09/apple-card-security-cloning/
記帳順便繳費!FinTech新創麻布記帳翻轉金融場景,20萬用戶給4.8星評價
https://meet.bnext.com.tw/articles/view/45575
富邦產險籲建立完善公司治理與資安風險管理
https://money.udn.com/money/story/5635/4109801
開放API管理平台啟動 顧立雄期待創造三贏局面
https://udn.com/news/story/7239/4107910
開放API平台台灣正式啟動 下階段開放個資分享金管會壓力大
http://bit.ly/31plrhE
開放API平台 明年提供消費者資訊查詢 顧立雄喊壓力大
http://bit.ly/2IZvhQS
邁向開放銀行第二階段,顧立雄:兩大障礙要跨越
https://technews.tw/2019/10/17/openbanking-2-questions/
財金開放API平臺終於上路,23家銀行與6家TSP搶先布局,但下一階段才是更大的挑戰
https://ithome.com.tw/news/133650
【臺灣Open Banking銀行實例】開放API要發威,國泰世華先大力改造中臺強化IT體質
https://www.ithome.com.tw/news/133682
屏東房屋借款、屏東土地借款、屏東借錢-第一融資:金融業啟動開放API 首波6家TSP業者加入
https://www.first-bank.com.tw/news-detail-2435400.html
【開放銀行特別報導】臺灣開放銀行下一步?金管會政策方向大公開
https://www.ithome.com.tw/news/133635
遠東銀行另闢數金戰場,小銀行也能闖出金融大平臺
https://www.ithome.com.tw/people/133524
銀行公會強化競爭力,邀亞洲金融監理官來台
http://bit.ly/2VQ4tI8
花旗系統三度出包 金管會開罰累計千萬
https://m.ctee.com.tw/livenews/aj/a95645002019101717205853?area=
ATM吃卡又扣款 一信:可能網路斷訊
http://www.ksnews.com.tw/index.php/news/contents_page/0001310588
全台ATM當機20分鐘 IBM工程師惹的禍
https://ctee.com.tw/news/life/160557.html
數千個網路商店被注入 Magecart信用卡盜卡程式,今年第三起類似事件
https://blog.trendmicro.com.tw/?p=62262
販賣信用卡資料的地下網站遭駭,2600萬張卡片被救回
https://www.ithome.com.tw/news/133660
Big Discovery Bank security flaw
https://mybroadband.co.za/news/security/323350-big-discovery-bank-security-flaw.html
Discovery Bank closed a gaping credit card security hole on Monday – but says it suffered no fraud
https://www.businessinsider.co.za/discovery-bank-cvv-code-security-flaw-credit-card-fraud-2019-10
Feds arrest alleged members of international ATM skimmer ring
https://www.zdnet.com/article/feds-arrest-alleged-members-of-international-atm-skimmer-ring/#ftag=RSSbaffb68
EU: ATM jackpotting attacks earn crooks less than €1,000 in the first half of 2019
https://www.zdnet.com/article/eu-atm-jackpotting-attacks-earn-crooks-less-than-eur1000-in-the-first-half-of-2019/#ftag=RSSbaffb68
ATM malware and logical attacks fall in Europe
http://bit.ly/2nJBCsu
ATM malware, logical attacks see downward trend in Europe
https://www.atmmarketplace.com/news/report-atm-malware-and-logical-attacks-down-in-europe/
Fintech startups: Why Bulgaria is a hotbed for finance software development
https://www.zdnet.com/article/fintech-startups-why-bulgaria-is-a-hotbed-for-finance-software-development/#ftag=RSSbaffb68
Volusion Payment Platform Sites Hit by Attackers
https://www.bankinfosecurity.com/volusion-payment-platform-sites-hit-by-attackers-a-13229
FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops
http://bit.ly/2MEQWPl
FIN7 Gang Returns With New Malicious Tools: Researchers
https://www.bankinfosecurity.com/fin7-gang-returns-new-malicious-tools-researchers-a-13253
“BriansClub” Hack Rescues 26M Stolen Cards
https://krebsonsecurity.com/2019/10/briansclub-hack-rescues-26m-stolen-cards/
3 Key Risks with Employee Passwords in the Financial Services Industry
https://www.bankinfosecurity.com/blogs/3-key-risks-employee-passwords-in-financial-services-industry-p-2801
3.電子支付/電子票證/行動支付/ pay/新聞及資安
LINE Pay驚傳系統故障無法支付 官方:原因釐清中
https://www.ettoday.net/news/20191016/1558388.htm
官方證實LINE Pay掛了!用戶尷尬:後面一排人在等我結帳
https://udn.com/news/story/7086/4107941
LINE Pay掛掉!用戶結帳超尷尬 官方回應了
http://bit.ly/35FpQ3x
LINE Pay一卡通驚傳系統故障無法支付 173萬用戶受影響
https://tw.finance.appledaily.com/realtime/20191016/1649584/
LINE Pay一卡通當機2小時已修復 官方致歉
https://www.cna.com.tw/news/firstnews/201910165007.aspx
LINE Pay一卡通服務當機2小時後修復 官方致歉
http://bit.ly/2MN83ic
LINE Pay一卡通出包今祭優惠 超商付款可獲10%回饋
https://tw.finance.appledaily.com/realtime/20191017/1649938/
馬大電子支付被駭!黃彥鉻否認涉及
https://www.sinchew.com.my/content/content_2133011.html
Payment Security Software Market Solid Analyzed Segmentation, Demand, Recent Share Estimation and Growth Prospects by Regions to 2017 – 2025
http://bit.ly/32pkTtn
4.虛擬貨幣/區塊鍊相關新聞及資安
KuCoin 入駐慢霧區,發布「安全漏洞與威脅情報賞金計劃」
https://mp.weixin.qq.com/s/3WgEOJ5O05rSjhDcT8DumQ
跨國監管機構盯臉書Libra
https://money.udn.com/money/story/5599/4104319
無現金運動的下一步:一個通行全球的數位貨幣
http://news.knowing.asia/news/f6690e52-a5f0-4f0a-944a-6d66f90d3b18
Mastercard, Visa, eBay, Stripe drop out of Facebook's Libra project
https://www.zdnet.com/article/mastercard-visa-ebay-stripe-drop-out-of-facebooks-libra-project/#ftag=RSSbaffb68
Casbaneiro is a threat to cryptocurrency in Latin America
https://coinrivet.com/casbaneiro-cryptocurrency-latin-america/
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
勒索軟體攻擊事件不斷 FBI:不鼓勵交付贖金
https://cnews.com.tw/140191012a01/
Lucky勒索软件
https://www.enigmasoftware.com/zh-hans/luckyransomware-removal/
瑞星:“DTLMiner”再次更新成為首個利用BlueKeep漏洞的病毒
http://info.chinabyte.com/327/411827.shtml
多倫多牙醫診所被「勒索軟件」襲擊 要求16.5萬元贖金
http://bit.ly/31b2L5a
Windows版iTunes零時差漏洞遭用以散佈BitPaymer勒索軟體
https://www.ithome.com.tw/news/133574
騰訊安全:永恆之藍下載器木馬再添BlueKeep漏洞攻擊,多系統版本均受影響
https://s.tencent.com/research/report/823.html
北韓駭客組織HIDDEN COBRA所利用的惡意程式Joanap及Brambul,請各單位注意防範
https://lic.nuk.edu.tw/p/406-1012-15636,r73.php?Lang=zh-tw
駭客用WAV檔散佈惡意程式
https://www.ithome.com.tw/news/133654
可以攻擊ATM讓它把所有鈔票吐光的惡意軟體在歐洲盛行,專家警告最終將如勒索軟體般橫行全球
https://www.techbang.com/posts/73543-malware-allows-atms-to-spit-out-all-cash-on-demand
無檔案殭屍病毒Novter透過KovCoreG惡意廣告活動散播
https://blog.trendmicro.com.tw/?p=62259
火絨截獲新型勒索病毒Spora 通過IE、Flash漏洞等方式傳播
https://cloud.tencent.com/developer/article/1522434
Docker Hub上映像檔被發現存在挖礦綁架蠕蟲
https://www.ithome.com.tw/news/133655
騰訊安全:新型挖礦木馬“快Go礦工”猛攻企業設備IT行業成重災區
https://www.csdn.net/article/a/2019-10-17/15982628
Top Malware em Setembro de 2019
https://www.techenet.com/2019/10/check-point-top-malware-mais-procurados-em-setembro/
Malware targets individual healthcare employees, not always VIPs
https://www.healthcaredive.com/news/malware-targets-individual-healthcare-employees-not-always-vips/565209/
Pony’s C&C servers hidden inside the Bitcoin blockchain
https://research.checkpoint.com/ponys-cc-servers-hidden-inside-the-bitcoin-blockchain/
macOS users targeted with new Tarmac malware
https://www.zdnet.com/article/macos-users-targeted-with-new-tarmac-malware/#ftag=RSSbaffb68
New espionage malware found targeting Russian-speaking users in Eastern Europe
https://www.zdnet.com/article/new-espionage-malware-found-targeting-russian-speaking-users-in-eastern-europe/#ftag=RSSbaffb68
AT COMMANDS, TOR-BASED COMMUNICATIONS: MEET ATTOR, A FANTASY CREATURE AND ALSO A SPY PLATFORM
https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Attor.pdf
Man charged for running crypto mining scam under the guise of game development
https://www.zdnet.com/article/man-charged-for-running-crypto-mining-scam-under-the-guise-of-game-development/#ftag=RSSbaffb68
Campaña activa de Malware Bancario (Proxy Changer) dirigido a Chile y México.
https://www.cronup.com/post/campa%C3%B1a-activa-de-malware-bancario-proxy-changer-dirigido-a-chile-y-m%C3%A9xico
M6, one of France's biggest TV channels, hit by ransomware
https://www.zdnet.com/article/m6-one-of-frances-biggest-tv-channels-hit-by-ransomware/#ftag=RSSbaffb68
Sodinokibi Ransomware: Following the Affiliate Money Trail
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-following-the-affiliate-money-trail/
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-follow-the-money/
Cybercrime gang behind the Emotet malware is targeting organization with external SOC with emails claiming to deliver a SOC “weekly report.”
https://securityaffairs.co/wordpress/92501/malware/emotet-gang-targetes-external-soc.html
Blackremote: Money money money – a Swedish actor peddles an expensive new RAT
https://unit42.paloaltonetworks.com/blackremote-money-money-money-a-swedish-actor-peddles-an-expensive-new-rat/
Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers
https://thehackernews.com/2019/10/phorpiex-botnet-sextortion-emails.html
Phorpiex botnet made $115,000 in five months just from mass-spamming sextortion emails
https://www.zdnet.com/article/phorpiex-botnet-made-115000-in-five-months-just-from-mass-spamming-sextortion-emails/#ftag=RSSbaffb68
Phorpiex Botnet Behind Large-Scale 'Sextortion' Campaign
https://www.bankinfosecurity.com/phorpiex-botnet-behind-large-scale-sextortion-campaign-a-13264
In the Footsteps of a Sextortion Campaign
https://research.checkpoint.com/in-the-footsteps-of-a-sextortion-campaign/
WAV audio files are now being used to hide malicious code
https://www.zdnet.com/article/wav-audio-files-are-now-being-used-to-hide-malicious-code/#ftag=RSSbaffb68
Cyberbit discovers international airport riddled with Bitcoin-mining malware
https://www.zdnet.com/article/cyberbit-discovers-international-airport-riddled-with-bitcoin-mining-malware/#ftag=RSSbaffb68
Phony Company Used to Plant macOS Malware: Report
https://www.bankinfosecurity.com/phony-company-used-to-plant-macos-malware-report-a-13261
2019-10-15 - MALSPAM PUSHING SHADE (TROLDESH) RANSOMWARE
https://www.malware-traffic-analysis.net/2019/10/15/index.html
2019-10-09 - DOCUSIGN-THEMED HANCITOR MALSPAM AND INFECTION TAFFIC
https://www.malware-traffic-analysis.net/2019/10/09/index.html
'Graboid' Cryptojacking Worm Spreads Through Containers
https://www.bankinfosecurity.com/graboid-cryptojacking-worm-spreads-through-containers-a-13256
Ransomware Attacks: STOP, Dharma, Phobos Dominate
https://www.bankinfosecurity.com/ransomware-attacks-stop-dharma-phobos-dominate-a-13259
Pitney Bowes Says Ransomware Behind System Outages
https://www.bankinfosecurity.com/pitney-bowes-says-ransomware-behind-system-outages-a-13242
2019-10-17 - DATA DUMP: URSNIF INFECTION TRAFFIC FROM ITALIAN MALSPAM
https://www.malware-traffic-analysis.net/2019/10/17/index.html
2019-10-15 - MALSPAM PUSHING SHADE (TROLDESH) RANSOMWARE
https://www.malware-traffic-analysis.net/2019/10/15/index.html
Bericht zur Lage der IT-Sicherheit vorgestellt
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Lagebericht_171019.html
B.行動安全 / iPhone / Android /穿戴裝置 /App
Win10 Mobile還有2月退休 但微軟拒絕修復新發現漏洞
https://news.sina.com.tw/article/20191012/32921950.html
遠傳啟動5G招募計畫 網羅百名資通訊人才
https://news.cnyes.com/news/id/4397494
指紋密碼真安全?保全趁同事熟睡抓手解鎖,偷錢得手10多次
https://fnc.ebc.net.tw/FncNews/tech/102958
臉書將內容農場連結下架處理!違反社群守則無法張貼
https://www.mygopen.com/2019/10/facebook-community-standards.html
LINE備份攻略,換機前看這篇就對了
https://blog.trendmicro.com.tw/?p=62167
貿易制裁也擋不住,在北韓蓬勃發展的手機製造業
https://technews.tw/2019/10/13/how-a-sanctions-busting-smartphone-business-thrives-in-north-korea/
谷歌Pixel 4面部解鎖功能存在重大安全漏洞
https://tech.sina.com.cn/mobile/n/n/2019-10-18/doc-iicezuev2965189.shtml
Google Pixel 4人臉辨識有重大漏洞 閉眼竟能解鎖
https://www.chinatimes.com/realtimenews/20191018003079-260412?chdtv
三星確認Galaxy S10 指紋識別存在漏洞,將盡快發布補丁
https://cn.technode.com/post/2019-10-17/samsung-confirms-galaxy-s10-fingerprint-reader-flaw/
三星手機爆 20 多處安全漏洞
https://kknews.cc/tech/xg546x9.html
三星S10 螢幕指紋感測曝解鎖漏洞!官方證實將盡快釋出修補
https://3c.ltn.com.tw/news/38322
Samsung 證實:「零日漏洞」令S10系列及Note 10系列變高危
http://bit.ly/2VDkuAV
英婦eBay購保護貼 Galaxy S10任何指紋都可解鎖
http://bit.ly/2J5SwJp
Android 版 Chrome 瀏覽器獲得防禦 Spectre 攻擊的更新
https://engt.co/2pxzioM
2019 年安卓應用的7 大漏洞類型
https://www.infoq.cn/article/uq81ZUfcAsEAaawcWBHF?utm_source=rss&utm_medium=article
德國官員證實5G不排除華為 但安全標準提高
https://ec.ltn.com.tw/article/breakingnews/2946826
逃不出中國手掌心?微信帳號綁定 FB 之後,就算解除還是會「自動」綁回來
https://buzzorange.com/techorange/2019/10/16/wechat-bind-with-fb/
使用手機瀏覽器怕個資被傳送去中國該怎麼辦?資安專家教這2招防範
https://www.storm.mg/lifestyle/1834428
各廠牌手機電腦都在蒐集資料 3招保護個人資料
http://www.merit-times.com/newspage.aspx?unid=565419
1 億台手機全看光光,中共「學習強國」App 存在超級後門
https://www.inside.com.tw/article/17793-chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says
中國洗腦App「學習強國」爆後門 可監控數億用戶個資
https://www.rti.org.tw/news/view/id/2037896
數億手機被監控?洗腦APP藏後門 中共遠端存個資
https://times.hinet.net/news/22604281
下載後想刪都刪不了!一張圖揪出15款超會偽裝的惡意 App
https://3c.ltn.com.tw/news/38313
蘋果再度下架港人App 執行長庫克首度回應下架原因
https://newtalk.tw/news/view/2019-10-12/310539
一團伙利用結算過程漏洞開展蘋果手機非法代充業務獲刑
http://news.jcrb.com/jxsw/201910/t20191012_2059939.html
蘋果針對 Safari 安全瀏覽功能發表聲明
https://www.twcert.org.tw/tw/cp-104-3011-6428e-1.html
蘋果 Safari 瀏覽器會發送使用者隱私資訊給騰訊
https://www.inside.com.tw/article/17794-apple-safari-ip-addresses-tencent
蘋果 Safari 瀏覽器預設會傳送 IP 位置給中國騰訊
https://www.kocpc.com.tw/archives/286076
iPhone爆洩IP給騰訊 翟本喬點出更嚴重的事
https://tw.lifestyle.appledaily.com/gadget/20191015/OR62U2OZNBJ62TSTGQRVBYNKGM/
Safari回傳資料給騰訊?Apple回應三重點
https://tw.lifestyle.appledaily.com/gadget/20191015/COULORAQXIYD2BS5BC2NHXBQ2A/
對Safari資安若有疑慮 專家建議2招因應
https://www.cna.com.tw/news/firstnews/201910160093.aspx
蘋果瀏覽器連騰訊 美國防部高官:需警惕
http://www.epochtimes.com/b5/19/10/16/n11592172.htm
Apple responds to reports that it sends user traffic to China's Tencent
https://www.zdnet.com/article/apple-responds-to-reports-that-it-sends-user-traffic-to-chinas-tencent/#ftag=RSSbaffb68
Google相簿出漏洞!替iPhone「開後門」 提供無限照片備份空間
https://www.ettoday.net/news/20191018/1559801.htm
Windows版iTunes零時差漏洞遭用以散佈BitPaymer勒索軟體
https://www.ithome.com.tw/news/133574
Windows 版 Bonjour 有漏洞 解除安裝 iTunes 、 iCloud 仍有風險
http://bit.ly/31b7jsm
蘋果更新Windows版iTunes 修補了勒索軟件攻擊漏洞
https://www.cnbeta.com/articles/tech/898235.htm
Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks
https://thehackernews.com/2019/10/apple-bonjour-ransomware.html
Ransomware gang uses iTunes zero-day
https://www.zdnet.com/article/ransomware-gang-uses-itunes-zero-day/#ftag=RSSbaffb68
7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
https://thehackernews.com/2019/10/iterm2-macos-terminal-rce.html
Her iPhone died. It led to her being charged as a criminal
https://www.zdnet.com/article/her-iphone-died-it-led-to-her-being-charged-as-a-criminal/#ftag=RSSbaffb68
iOS 13 tells you when apps are secretly tracking you
https://www.zdnet.com/article/ios-13-tells-you-when-apps-are-secretly-tracking-you/#ftag=RSSbaffb68
Checkm8 iOS jailbreak used as lure in online scam
https://www.zdnet.com/article/checkm8-ios-jailbreak-used-as-lure-in-online-scam/#ftag=RSSbaffb68
These are the 29 countries vulnerable to Simjacker attacks
https://www.zdnet.com/article/these-are-the-29-countries-vulnerable-to-simjacker-attacks/#ftag=RSSbaffb68
US job seekers scrub their social media accounts to get success
https://www.zdnet.com/article/us-job-seekers-scrub-their-social-media-accounts-to-get-success/#ftag=RSSbaffb68
How to fix watchOS 'Unable to Install Update' error
https://www.zdnet.com/article/how-to-fix-watchos-unable-to-install-update-error/#ftag=RSSbaffb68
Fake iOS Jailbreak Site Lures in Apple Users
https://threatpost.com/apple-fake-ios-jailbreak-site/149159/
iOS 13.1.3 brings a bunch of bug fixes to iPhone and iPad, but no relief for calls and battery bugs
https://www.zdnet.com/article/ios-13-1-3-brings-a-bunch-of-bug-fixes-to-iphone-and-ipad-but-no-relief-for-calls-and-battery-bugs/#ftag=RSSbaffb68
Singapore readies 5G rollout with potential for two additional licenses
https://www.zdnet.com/article/singapore-readies-5g-rollout-with-potential-for-two-additional-licenses/#ftag=RSSbaffb68
Facebook Now Pays Hackers for Reporting Security Bugs in 3rd-Party Apps
https://thehackernews.com/2019/10/facebook-apps-bug-bounty.html
Security researcher publishes proof-of-concept code for recent Android zero-day
https://www.zdnet.com/article/security-researcher-publishes-proof-of-concept-code-for-recent-android-zero-day/#ftag=RSSbaffb68
Fake mobile app fraud tripled in first half of 2019, finds RSA Security
https://www.techcentral.ie/fake-mobile-app-fraud-tripled-in-first-half-of-2019-finds-rsa-security/
What is the Emotet Trojan
https://www.jdsupra.com/legalnews/what-is-the-emotet-trojan-71164/
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
2019年9月十大資安新聞
https://ithome.com.tw/news/133598
瑞星連續捕獲一個高級持續性威脅的網絡攻擊
http://www.xinhuanet.com/fortune/2019-10/17/c_1125117622.htm
資安攻防戰引爆潛在商機 網路安全ETF解密
http://bit.ly/2Mo0cIM
6個月嬰兒都不放過!全球最大宗兒童色情暗網遭破獲 用「比特幣」付費下載25萬支性虐影片
https://www.storm.mg/article/1838991
遭黑客攻擊 荷蘭網站25萬用戶信息被盜
http://www.epochtimes.com/b5/19/10/16/n11592028.htm
暗網潛航——信息安全風險保險(二) 守而必固者
http://bit.ly/2Mlphnz
馬雲:阿里巴巴每天有3億次網攻 但沒損失過半毛錢
https://ec.ltn.com.tw/article/breakingnews/2948055
HITCON CTF台灣駭客線上初賽 台灣Balsn擊敗千隊摘銀
https://ec.ltn.com.tw/article/breakingnews/2947191
德5G建設向華為「亮綠燈」 美警告:考慮是否共享情報
https://www.ettoday.net/news/20191017/1559119.htm
華為防諜人事大異動 傳台籍高管離職
https://tw.appledaily.com/new/realtime/20191016/1649687/
無視美國禁令?華為獲得 32 個歐洲 5G合約
https://www.inside.com.tw/article/17849-huawei-europe
警惕!船舶網絡安全帶來的風險
http://www.eworldship.com/html/2019/ship_inside_and_outside_1011/153359.html
百度網盤會員資格突遭取消 用戶怒斥推卸責任
https://hk.on.cc/hk/bkn/cnt/cnnews/20191012/bkn-20191012123640803-1012_00952_001.html
最多200美元!駭客就能用微型晶片破解硬件防火牆
https://ek21.com/news/tech/150907/
中小企唔防範 黑客襲擊易如反掌
http://bit.ly/2oBseYi
網傳TeamViewer 遭駭客入侵 已安裝使用者注意
https://udn.com/news/story/7086/4103944
19/10/12 Teamviewer APT41事件 : Teamviewer可以被取得任意控制權限
https://ithelp.ithome.com.tw/questions/10195658?sc=rss.qu
網路傳出 TeamViewer 被駭客入侵,已安裝使用者注意
http://bit.ly/33xqEFP
TeamViewer 被指遭駭客入侵,使用者有機會被控制電腦
https://technews.tw/2019/10/18/teamviewer-hacker-computer/
網傳 TeamViewer 被駭客入侵 ?! 取得電腦的後台管理及防問權
https://hk.xfastest.com/36820/teamviewer-heaked-by-apt41/
數位身分證很安全?愛沙尼亞曾遭駭 德國反個資存手機
https://udn.com/news/story/6812/4094534
從莫雷推文看中共五毛如何「協調騷擾」
http://www.epochtimes.com/b5/19/10/16/n11593295.htm
別只顧賺中國的錢!美企業及研究單位員工成共諜利誘對象
http://bit.ly/2J1fTU8
澳門修改《打擊電腦犯罪法》一般性通過 政府強調非合法入侵或遠端取證
https://www.exmoo.com/article/128053.html
澳門修改《打擊電腦犯罪法》一般性通過 雲端取證 需先得法官批示
https://www.exmoo.com/article/128135.html
歐盟電訊網絡安全報告據報引起成員國對華為警覺
http://www.aastocks.com/tc/stocks/news/aafn-news/NOW.970148/2
美國國防高級研究計劃局發布預測網絡漏洞的AIMEE新項目
http://www.sohu.com/a/347060333_313834
網站寄存安全風險高 HKIRC免費掃描服務透視安危
http://bit.ly/2MgNThC
美報告:陸駭客竊密 用以研發商用飛機C919
https://m.ctee.com.tw/livenews/gj/a99625002019101611495336?area=
白宮認了 川普扣住軍援與請烏克蘭調查有關
https://www.cna.com.tw/news/firstnews/201910180046.aspx
資安破案能力獲肯定 台灣爭取入Interpol強調「用案件交朋友」
http://bit.ly/35K9ary
資訊戰開打 藍委提「美台資安聯防」蘇揆:全力支持
http://bit.ly/2OULNW6
我銷美資通訊產品 KPMG:應留意CCPA
https://www.chinatimes.com/realtimenews/20191017004099-260410?chdtv
A Comprehensive Guide On How to Protect Your Websites From Hackers
https://thehackernews.com/2019/10/website-security-guide.html
Most SSL certificate misissuance caused by software bugs and rule misinterpretations
https://www.zdnet.com/article/most-ssl-certificate-misissuance-caused-by-software-bugs-and-rule-misinterpretations/#ftag=RSSbaffb68
UNIX Co-Founder Ken Thompson's BSD Password Has Finally Been Cracked
https://thehackernews.com/2019/10/unix-bsd-password-cracked.html
Brazilian government to create single citizen database
https://www.zdnet.com/article/brazilian-government-to-create-single-citizen-database/#ftag=RSSbaffb68
Planes, gates, and bags: How hackers can hijack your local airport
https://www.zdnet.com/article/planes-gates-and-bags-how-hackers-can-hijack-your-local-airport/#ftag=RSSbaffb68
Escort forums in Italy and the Netherlands hacked, user data put up for sale
https://www.zdnet.com/article/escort-forums-in-italy-and-the-netherlands-hacked-user-data-put-up-for-sale/#ftag=RSSbaffb68
Most Americans can't recognize 2FA, HTTPS, or private browsing
https://www.zdnet.com/article/most-americans-cant-recognize-2fa-https-or-private-browsing/#ftag=RSSbaffb68
Schneier slams Australia's encryption laws and CyberCon speaker bans
https://www.zdnet.com/article/schneier-slams-australias-encryption-laws-cybercon-speaker-bans/#ftag=RSSbaffb68
Hacked Off: Lawsuit Alleges CafePress Used Poor Security
https://www.bankinfosecurity.com/hacked-off-lawsuit-alleges-cafepress-used-poor-security-a-13233
FBI: Cybercriminals Are Bypassing Multifactor Authentication
https://www.bankinfosecurity.com/fbi-cybercriminals-are-bypassing-multifactor-authentication-a-13226
Building China's Comac C919 airplane involved a lot of hacking, report says
https://www.zdnet.com/article/building-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says/#ftag=RSSbaffb68
Argentinian security researcher arrested after tweeting about government hack
https://www.zdnet.com/article/argentinian-security-researcher-arrested-after-tweeting-about-government-hack/#ftag=RSSbaffb68
Hacking 20 high-profile dev accounts could compromise half of the npm ecosystem
https://www.zdnet.com/article/hacking-20-high-profile-dev-accounts-could-compromise-half-of-the-npm-ecosystem/#ftag=RSSbaffb68
'Silent Librarian' Revamps Phishing Campaign: Proofpoint
https://www.bankinfosecurity.com/silent-librarian-revamps-phishing-campaign-proofpoint-a-13255
'Silent Librarian' Revamps Phishing Campaign: Proofpoint
https://www.bankinfosecurity.com/silent-librarian-revamps-phishing-campaign-proofpoint-a-13255
Stung by Takedowns, Criminals Tap Distributed Dark Markets
https://www.bankinfosecurity.com/interviews/stung-by-takedowns-criminals-tap-distributed-dark-markets-i-4477
Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested
https://thehackernews.com/2019/10/dark-web-child-abuse.html
Maybe shadow IT isn't so bad after all, study suggests
https://www.zdnet.com/article/maybe-shadow-it-isnt-so-bad-after-all-study-suggests/#ftag=RSSbaffb68
Germany's cyber-security agency recommends Firefox as most secure browser
https://www.zdnet.com/article/germanys-cyber-security-agency-recommends-firefox-as-most-secure-browser/#ftag=RSSbaffb68
Cybercrime Tool Prices Continue to Rise on Darknet Sites
https://www.bankinfosecurity.com/cybercrime-tool-prices-continue-to-rise-on-darknet-sites-a-13265
資安管理課主管(3000912)
https://m.1111.com.tw/job/80202342/
網路系統工程師(內湖總公司)
https://m.1111.com.tw/job/85960968/
資訊安全技術主管
https://m.1111.com.tw/job/91138765/
【資安所】智慧雲端平台中心-資安監控工程師
https://m.1111.com.tw/job/91157475/
網路安全分析師 (深圳)
https://m.1111.com.tw/job/85155640/
雲端應用伺服器軟體與網路安全工程 - J1797
https://m.1111.com.tw/job/91174023/
【資訊處】資安規範管理師 Security Compliance
https://m.1111.com.tw/job/91126704/
B-資訊安全處-銀行資安新秀培育計畫
https://m.1111.com.tw/job/86027458/
B-資訊安全處-銀行資安專家
https://m.1111.com.tw/job/86027457/
【資訊處】弱點分析工程師 Vulnerability Analyst
https://m.1111.com.tw/job/91126688/
資訊安全高級工程師
https://m.1111.com.tw/job/91138763/
資安產品FAE工程師
https://ilabor.ntpc.gov.tw/cloud/GoodJob/job_title/627407427
【資安】初階資安管理專業人員
https://m.104.com.tw/job/67bgp?jobsource=m104
金融安全認證工程師
https://m.104.com.tw/job/4q7ai?jobsource=m104
C.顧問類-顧問/資深顧問/經理(資訊安全管理)
https://m.104.com.tw/job/3t96f?jobsource=m104
資安鑑識工程師
https://m.104.com.tw/job/6isjn?jobsource=m104
資安人員
https://m.104.com.tw/job/5f21g?jobsource=m104
ISMS駐點資安人員
https://m.104.com.tw/job/6ob2l?jobsource=m104
內控、資安人員
https://m.104.com.tw/job/57yye?jobsource=m104
資安檢測工程師
https://m.104.com.tw/job/64myq?jobsource=m104
資安服務工程師
https://m.104.com.tw/job/3biy7?jobsource=m104
資安技術工程師
https://m.104.com.tw/job/2x79x?jobsource=m104
資安鑑識分析師
https://m.104.com.tw/job/5xtj0?jobsource=m104
ISMS資安工程師
https://m.104.com.tw/job/6ne31?jobsource=m104
資安設備工程師
https://m.104.com.tw/job/6hygw?jobsource=m104
資安事件調查員
https://m.104.com.tw/job/6j3cl?jobsource=m104
系統資安工程師
https://m.104.com.tw/job/6hr7s?jobsource=m104
資深資安設備工程師
https://m.104.com.tw/job/6hyog?jobsource=m104
SOC資安分析工程師
https://m.104.com.tw/job/6m4uk?jobsource=m104
SOC資深資安分析工程師
https://m.104.com.tw/job/5y2jm?jobsource=m104
資安研發工程師 (R&D Engineer)
https://m.104.com.tw/job/64uz1?jobsource=m104
資安健診工程師
https://m.104.com.tw/job/6b5yo?jobsource=m104
軟體安全分析師 (Code Review)
https://m.104.com.tw/job/5e01j?jobsource=m104
【資安】資深資安科技專業人員
https://m.104.com.tw/job/67cr4?jobsource=m104
【資安】資安科技專業人員
https://m.104.com.tw/job/67cru?jobsource=m104
資安專案經理/Project Manager
https://m.104.com.tw/job/2w0gs?jobsource=m104
資通安全組_資安工程師(高雄)
https://m.104.com.tw/job/5nhhu?jobsource=m104
資通安全組_資安工程師(板橋)
https://m.104.com.tw/job/5nhkd?jobsource=m104
資安鑑識工程師
https://m.104.com.tw/job/68ud0?jobsource=m104
資安技術服務工程師(正職)
https://m.104.com.tw/job/3kmxs?jobsource=m104
資安技術經理
https://www.adecco.com.tw/mis-jobs/security-technical-manager-pre-sales-/2767038
系統暨資安專案經理
https://www.cakeresume.com/companies/alpha-human-resource-consulting-co-ltd/jobs/system-and-capital-project-manager
總公司資訊安全部資安管理科人員
https://www.104.com.tw/job/6i94r?jobsource=googlejobs
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
EZ訂個資外洩客戶遭騙判決出爐,在個資法賠償外,業者並需負起7成過失責任
https://www.ithome.com.tw/news/133473
印度本地搜索應用Justdial出現嚴重漏洞洩露1.56億用戶信息
https://www.zhujib.com/yindubendisousuoyingyongjustdi.html
俄諧星冒充土耳其國防部長來電 南卡聯邦參議員葛理漢被騙洩情資
https://udn.com/news/story/6813/4100403
「反送中」議題成詐團套路 三銀行拒匯款她才醒悟
https://tw.appledaily.com/new/realtime/20191016/1647481
德國史上最複雜詐騙案,上百家金融機構捲入
http://news.knowing.asia/news/ec590ea8-7417-4937-bde5-21f5e6f5bd00
Imperva資料外洩原因出爐:AWS API金鑰被盜了
https://www.ithome.com.tw/news/133591
Imperva blames data breach on stolen AWS API key
https://www.zdnet.com/article/imperva-blames-data-breach-on-stolen-aws-api-key/#ftag=RSSbaffb68
Unfortunately, awareness alone won’t do it: Successful phishing defense requires a layered approach
https://zd.net/2MytiEh
Hook, line and sinker: How I fell victim to phishing attacks - again and again
https://zd.net/2B6uoSh
Online banking warning: The simple way you could reduce the risk of falling victim to scam
https://www.express.co.uk/finance/personalfinance/1190895/online-banking-security-internet-scam-fraud-tips-warning
Analysis: New ISO Privacy Standard
https://www.bankinfosecurity.asia/interviews/analysis-new-iso-privacy-standard-i-4476
A landmark German tax fraud case could ripple through the finance industry
https://www.cnbc.com/2019/10/14/cum-ex-german-tax-case-could-ripple-through-the-finance-industry.html
Security pro confessional: The time I almost got hacked
https://www.zdnet.com/article/s-r-confessional-the-time-i-almost-got-hacked/#ftag=RSSbaffb68
Zappos data breach settlement: users get 10% store discount, lawyers get $1.6m
https://www.zdnet.com/article/zappos-data-breach-settlement-users-get-10-store-discount-lawyers-get-1-6m/#ftag=RSSbaffb68
US senator introduces privacy bill that would jail CEOs for user privacy violations
https://www.zdnet.com/article/us-senator-introduces-privacy-bill-that-would-jail-ceos-for-user-privacy-violations/#ftag=RSSbaffb68
Stripe Users Targeted in Phishing Attack That Steals Banking Info
https://www.bleepingcomputer.com/news/security/stripe-users-targeted-in-phishing-attack-that-steals-banking-info/
This Credential Phish Masks the Scam Page URL to Thwart Vigilant Users
https://cofense.com/credential-phish-masks-scam-page-url-thwart-vigilant-users/
E.研究報告
MDR 找到埋伏某公司系統2年的MyKings變種
http://bit.ly/2VM1UGX
CVE-2019-17059:Cyberoam SSL VPN的RCE漏洞
https://nosec.org/home/detail/3034.html
D-Link路由器前台命令執行漏洞
https://xz.aliyun.com/t/6500
Rusty Joomla RCE漏洞分析
https://www.4hou.com/info/news/20780.html
應用安全- PHPCMS - Joomla漏洞匯總
https://www.cnblogs.com/AtesetEnginner/p/11660803.html
網站安全防護公司滲透測試執行命令漏洞
https://cloud.tencent.com/developer/article/1519950
網站漏洞檢測泛微OA系統sql注入攻擊檢測與修復
https://cloud.tencent.com/developer/article/1519884
通過進程創建模擬技術挖掘本地提權漏洞
https://nosec.org/home/detail/2955.html
Web漏洞Exploit編寫——Java篇
http://bit.ly/32ifHrc
分享兩個CVE突破的分析報告
https://cloud.tencent.com/developer/article/1521801
SSRF漏洞的利用
https://blog.csdn.net/caiqiiqi/article/details/102570918
D-Link service.cgi 遠端命令執行漏洞分析
https://xz.aliyun.com/t/6525
Jenkins臟牛漏洞FRP內網提權
https://www.freebuf.com/articles/web/215183.html
挖洞經驗| 看我如何獲取到200萬份Verizon用戶的月付賬單信息
http://www.sohu.com/a/347355917_354899
Tor檔案傳輸工具OnionShare現可用來發布匿名網站
https://www.ithome.com.tw/news/133634
【技術分享】使用MSBuild做更多(滲透中MSBuild的應用技巧)
https://www.anquanke.com/post/id/84597
移動端APP漏洞滲透測試安全檢測實施方案
https://yq.aliyun.com/articles/721111
RDP漏洞或引發大規模蠕蟲爆發,用戶可用阿里雲檢測服務自檢,建議盡快修復
http://blog.itpub.net/69915408/viewspace-2660426/
CVE-2019-16276/11253:Kubernetes漏洞分析
https://www.4hou.com/vulnerable/21001.html
打造微型間諜晶片花6千元就能辦到,兩名資安專家DIY告訴你有多簡單
https://www.bnext.com.tw/article/55150/spychip-cheap-feasible
Industrial Internet of Things (IIoT) with the Elastic Stack
https://www.elastic.co/cn/blog/industrial-internet-of-things-iiot-with-the-elastic-stack
msbuild-inline-task
https://github.com/3gstudent/msbuild-inline-task
Check Points Global Threat Index für September 2019
https://www.iavcworld.de/security/5177-check-points-global-threat-index-fuer-september-2019.html
Connecting the dots: Exposing the arsenal and methods of the Winnti Group
https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
Threat Actor Profile: TA407, the Silent Librarian
https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian
AndroBugs_Framework
https://github.com/AndroBugs/AndroBugs_Framework
The Kittens Are Back in Town 2 Charming Kitten Campaign Keeps Going on, Using New Impersonation Methods
https://www.clearskysec.com/wp-content/uploads/2019/10/The-Kittens-Are-Back-in-Town-2.pdf
LevOS
https://github.com/levex/LevOS
Illicit Cryptomining Threat Actor Rocke Changes Tactics, Now More Difficult to Detect
https://www.anomali.com/blog/illicit-cryptomining-threat-actor-rocke-changes-tactics-now-more-difficult-to-detect
Tor Snowflake turns your browser into a proxy for users in censored countries
https://www.zdnet.com/article/tor-snowflake-turns-your-browser-into-a-proxy-for-users-in-censored-countries/#ftag=RSSbaffb68
randomuserid/Tylium
https://github.com/randomuserid/Tylium/blob/master/README.md
F.商業
奧義智慧研發資安人工智慧引擎,從端點到全球網路快速防護
https://www.zerone.com.tw/Content/Product/5034A997954132BA
趨勢科技2019資安總評:無檔案式威脅成長 265%
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000570107_S5G0AVCY1WVYAK61A7FY8
趨勢科技與Snyk策略聯盟 協助軟體開發人員迅速安全地開發應用程式
https://news.sina.com.tw/article/20191011/32920068.html
Advantech聯手Acronis 深耕物聯網資安防護領域
https://kknews.cc/tech/mrm4jez.html
資安法身份驗證必備方案,軟體共約採購好方便
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000570099_Y1A1HM1C89RDDALIVXTNI
現代資安防護的關鍵:在CARTA資安概念下,合理應用自動化技術
https://times.hinet.net/news/22602922
新一代路由器登場,Google Nest WiFi 美型又可當喇叭使用
https://www.techbang.com/posts/73542-nest-wi-fi
Amazon消費業務關掉最後一台Oracle資料庫
https://ithome.com.tw/news/133632
安碁用AI防堵駭客 搶食百億商機
https://www.wealth.com.tw/home/articles/22649
Google Pixel 4/4XL登場 售價24,600 元起、讓你揮一揮手機就靜音
https://www.ettoday.net/news/20191015/1557884.htm
資安攻防戰引爆潛在商機 網路安全ETF解密
http://bit.ly/2Mo0cIM
New Comic Videos Take CISO/Security Vendor Relationship to the Extreme
https://thehackernews.com/2019/10/ciso-cyber-security-videos.html
Breaches are now commonplace, but Reason Cybersecurity lets users guard their privacy
https://thehackernews.com/2019/10/reason-antivirus-protection.html
Google announces new USB-C Titan Security Key
https://www.zdnet.com/article/google-announces-new-usb-c-titan-security-key/#ftag=RSSbaffb68
Report to Your Management with the Definitive 'Incident Response for Management' Presentation Template
https://thehackernews.com/2019/10/cybersecurity-incident-response.html
Microsoft's Desktop Analytics service for assessing compatibility of Windows endpoints is generally available
https://www.zdnet.com/article/microsofts-desktop-analytics-service-for-assessing-compatibility-of-windows-endpoints-is-generally-available/#ftag=RSSbaffb68
Microsoft introduces new open-source specs for developing cloud and edge applications
https://www.zdnet.com/article/microsoft-introduces-new-specs-for-developing-platform-agnostic-cloud-and-edge-applications/#ftag=RSSbaffb68
Databricks introduces MLflow Model Registry, brings Delta Lake to Linux Foundation
https://www.zdnet.com/article/databricks-introduces-mlflow-model-registry-brings-delta-lake-to-linux-foundation/#ftag=RSSbaffb68
IBM's third quarter a mixed bag as sales fall short, but earnings better than expected
https://www.zdnet.com/article/ibms-third-quarter-a-mixed-bag-as-sales-fall-short-but-earnings-better-than-expected/#ftag=RSSbaffb68
Yubico security keys can now be used to log into Windows computers
https://www.zdnet.com/article/yubico-security-keys-can-now-be-used-to-log-into-windows-computers/#ftag=RSSbaffb68
Google expands Chrome's Site Isolation feature to Android users
https://www.zdnet.com/article/google-expands-chromes-site-isolation-feature-to-android-users/#ftag=RSSbaffb68
G.政府
金管會明年施政 八重點聚焦
https://money.udn.com/money/story/5613/4099654
金融資安監控中心 又找銀行要錢
https://www.chinatimes.com/newspapers/20191012000468-260110?chdtv
金管會明年施政 聚焦資安監控與金融檢查科技化
https://news.wearn.com/c346219.html
國內關鍵基礎設施反制駭客、無人機恐攻 計畫超單薄
https://udn.com/news/story/10930/4101255
助監控新疆黑名單中企 竟得標台電電廠人臉辨識系統
https://disp.cc/b/163-bLFs
台電買中製人臉辨識? 得標商︰是韓貨
https://ec.ltn.com.tw/article/paper/1324907
軍醫局5年遭駭19億次 將領.軍民隱私恐流中共
http://bit.ly/2MFBtP3
設數位長沒下文? 藍綠都催不成
https://udn.com/news/story/7238/4104632
智慧醫療當道!衛福部揭露電子病例多元應用與資安管理挑戰
https://www.ithome.com.tw/news/133615
危害資安清單尚未公布 政院:正評估對產業影響
https://udn.com/news/story/6656/4106989
中國監視器都侵台了 危資安清單遲未公告
https://news.ltn.com.tw/news/politics/paper/1325402
資安產品禁購清單 政院:會評估國際作法
http://bit.ly/2IYgJkM
危害資安清單尚未公布李孟諺:評估中、參考國際作法
https://tnews.cc/06/newscon153428.htm
國安大漏洞!綠委爆:中科院涉密人員拒列管 15人赴香港未報備
https://tw.appledaily.com/new/realtime/20191016/1649376/
中科院涉密控管人員變0人 綠委爆:空窗期15人去香港 柬埔寨3人
https://newtalk.tw/news/view/2019-10-16/312191
黃國昌驚爆中製偽標品賣全台學校!成功嶺也淪陷
http://bit.ly/2IU1V6o
醫療資料交換新出路(上)10年電子病歷交換的痛點,靠區塊鏈創新授權找出新解法
https://www.ithome.com.tw/news/133599
醫療資料交換新出路(下)區塊鏈創新授權如何滿足醫療資訊交換法規要求?
https://www.ithome.com.tw/news/133600
全國首支科偵小隊成軍!新北34名科偵警培訓一年分發
https://news.ltn.com.tw/news/society/breakingnews/2950029
全台首支科偵隊建軍!嚴防大選假消息
http://bit.ly/2MX6mim
H.ICS/SCADA 工控系統
多款Schneider Electric產品訪問控制錯誤漏洞
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01
直擊第二屆工業互聯網安全大賽決賽現場:人工智能時代網絡安全漏洞多
https://finance.sina.com.cn/roll/2019-10-17/doc-iicezzrr2940222.shtml
I.教育訓練
認證信息系統安全專業人員(CISSP)學習筆記
https://ithelp.ithome.com.tw/users/20103635/ironman/2177
Cissp 系列
https://ithelp.ithome.com.tw/users/20118530/ironman/2224
Red Team Lab
https://www.pentesteracademy.com/redteamlab
CISSP BCP/DRP section
https://www.studynotesandtheory.com/single-post/BCPDRP-Quick-Notes?fbclid=IwAR1ELD3AY17WxKkLnLuMLRtoMQcfY4wWwBhEnAa5JZ8e-j4m085SVSAwkoY
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
一對夫妻發現家裡的空調莫名變熱,竟是駭客暗中操控
https://blog.trendmicro.com.tw/?p=62236
守護你的物聯網資料安全:什麼是 PSA 認證裝置
https://www.inside.com.tw/article/17806-arm-psa
Volvo XC40 Recharge 率先採用Android新系統
http://bit.ly/2MoyQT0
卡巴斯基:2019 年上半偵測到超過一億次 IoT 裝置攻擊行動
https://www.twcert.org.tw/tw/cp-104-3021-435ad-1.html
The artificial intelligence factory, coming to an enterprise near you
https://www.zdnet.com/article/making-the-ai-factory-a-reality/#ftag=RSSbaffb68
University of São Paulo wins tender for Brazil's largest AI research center
https://www.zdnet.com/article/university-of-sao-paulo-wins-tender-for-brazils-largest-ai-research-center/#ftag=RSSbaffb68
1 in 5 IT security professionals fear their connected toilets will be hacked
https://www.zdnet.com/article/1-in-5-it-professionals-fear-their-connected-toilets-will-be-hacked/#ftag=RSSbaffb68
IoT in Vehicles: The Trouble With Too Much Code
https://www.bankinfosecurity.com/interviews/iot-in-vehicles-trouble-too-much-code-i-4472
From Ohio's "baby bot" to driver's ed in Delaware: How states are using AI
https://www.zdnet.com/article/from-ohios-baby-bot-to-drivers-ed-in-delaware-how-states-are-using-ai/#ftag=RSSbaffb68
6.近期資安活動及研討會
Crosslink Taiwan 2019 10/19
https://www.meetup.com/Taipei-Ethereum-Meetup/events/264302796/
交通大學亥客書院-A006:數位足跡追蹤與分析 10/19
https://hackercollege.nctu.edu.tw/?p=1088
無痛上手-WiFi無線網路安全檢測 10/20
https://www.sce.pccu.edu.tw/event/chtweb/index.html
日盛金融黑客松 報名至10/20 止
https://app.jsun.com/hackathon/Main
DEVCORE 那些年我回報的漏洞踩雷經驗 10/21
https://hackersir.kktix.cc/events/orange1021
Splunk .conf 19 10/21 ~ 10/24
https://conf.splunk.com/
國家高速網路與計算中心 平行計算程式設計基礎課程 10/22
https://edu.nchc.org.tw/course/one_course_introduction.asp
AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22
https://ittraining.kktix.cc/events/aiot-training-2019
IEEE Symposium on Visualization for Cyber Security (VizSec) 10/23
https://infosec-conferences.com/events-in-2019/vizsec/
Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019
https://www.icscybersecurityconference.com
從網路基礎建設安全談RPKI與DDoS 10/24
https://twnic-icann.kktix.cc/events/108-7
[Palo Alto Networks]-Palo Alto Networks 直播研討會Part6. MITRE ATT&CK 新資安攻防框架進階產業應用 10/24
https://www.zerone.com.tw/TrainingDetial/Seminar/7747B901A8198AC3%7C1C130FE6FEC34700
Cybersecurity Conference Rhein-Neckar 10/24 ~ 10/25
https://infosec-conferences.com/events-in-2019/cybersecurity-rhein-neckar/
Identity Days 10/24
https://infosec-conferences.com/events-in-2019/identity-days/
Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 10/25
https://signupcybersec101.ithome.com.tw/
國家高速網路與計算中心 大數據軟體開發平台與深度學習、HBase(大數據資料庫)開發應用案例 10/25
https://edu.nchc.org.tw/course/one_course_introduction.asp
交通大學亥客書院-A015:進階網頁滲透測試 10/26
https://hackercollege.nctu.edu.tw/?p=1090
International Conference on Networks & Communications (NETWORKS) 10/26 ~ 10/27
https://infosec-conferences.com/events-in-2019/networks/
亞洲‧矽谷學院108年免費認證考試 10/27
https://college.asvda.org.tw/
Nspa實作課程「惡意巨集文件與惡意程式下載器」 10/27
https://www.facebook.com/events/459141201342125/
International Conference on Emerging Security Information, Systems and Technologies (SECURWARE) 10/27 ~ 10/31
https://infosec-conferences.com/events-in-2019/securware/
SANS Amsterdam October 10/28
https://infosec-conferences.com/events-in-2019/sans-amsterdam-october/
工業自動化資安管理與實務 10/29 ~ 10/30
https://www.ivendor.com.tw/website/featured_detial/91
資安檢核核心技術及進階技術研討會 10月28日至10月30日
http://bit.ly/2TN2UtD
Foundations in Digital Forensics with EnCase® (DF120) (原CF1) 10/28 ~ 10/31
https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=39
International Workshop on Reliability and Security Data Analysis (RSDA) 10/28 ~ 10/31
https://infosec-conferences.com/events-in-2019/rsda/
International Symposium on Software Reliability Engineering (ISSRE) 10/28 ~ 11/1
https://infosec-conferences.com/events-in-2019/issre/
Securing New Ground 10/29 ~ 10/30
https://infosec-conferences.com/events-in-2019/securing-new-ground/
CEBIT Australia 10/29 ~ 10/31
https://infosec-conferences.com/events-in-2019/cebit-australia/
Nspa實作課程「加密勒索攻擊」 10/31
https://www.facebook.com/events/391437314853475/
OWASP AppSec Day Melbourne 11/1
https://infosec-conferences.com/events-in-2019/owasp-appsec-day-melbourne/
Hackfest 2019 11/1 ~ 11/3
https://infosec-conferences.com/events-in-2019/hackfest-2019/
行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30
https://www.accupass.com/event/1810080517061259295030
Elite East Coast CISO Summit 11/3~11/5
https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/
Red Hat Forum Taipei 2019 11/5
https://www.facebook.com/events/1390202967799392/
Cyber Security Summit: Boston 11/6
https://infosec-conferences.com/events-in-2019/cyber-security-summit-boston/
駭客攻防暨數位鑑識系列一(第1期) 11/7
https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=384540
網路攻擊鏈( Cyber Kill Chain)各階段實作 (6hr) 11/7
http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384540
Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/8
https://signupcybersec101.ithome.com.tw/
BSides Charleston 11/9
https://infosec-conferences.com/events-in-2019/bsides-charleston/
Kotlin/Everywhere GDG Taoyuan - 運用 Ktor 建置一個以 Kotlin 打造的後端服務 11/9
https://www.meetup.com/GDGTaoyuan/events/264776152/
OpenInfra Day Taiwan 11/12
http://openinfra.digitimes.com.tw/
CLEAR Cyber Leaders Conference 11/12 ~ 11/13
https://infosec-conferences.com/events-in-2019/clear-cyber-leaders-conference/
Windows檔案系統及檔案還原 (6hr) 11/14
http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384541
Digital Internet Summit 11/14
https://infosec-conferences.com/events-in-2019/digital-internet-summit/
INTERFACE – Nebraska 11/14
https://infosec-conferences.com/events-in-2019/interface-nebraska/
SecureWV – Hack3rCon 11/15 ~ 11/17
https://infosec-conferences.com/events-in-2019/securewv-hack3rcon/
交通大學亥客書院-P006:高階網頁滲透測試 11/16
https://hackercollege.nctu.edu.tw/?p=1092
FS-ISAC Fall Summit 11/17 ~ 11/20
https://infosec-conferences.com/events-in-2019/fs-isac-fall-summit/
Microsoft IoT in Action 11/20
https://www.iotinactionevents.com/event/taipei
LINE將於11月舉辦LINE DEVELOPER DAY 2019 11/20 ~ 11/21
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000570636_HL57CPQM2H1ZHE71YVI2W
Infosecurity ISACA North America Expo and Conference 11/20 ~ 11/21
https://infosec-conferences.com/events-in-2019/isaca-north-america-expo-conference/
檔案特徵值比對與關鍵字搜尋 (2hr) Open Source數位鑑識工具實務操作 (5hr) 11/21
http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384542
2019 BSI 國際資安標準管理年會 11/22
https://www.accupass.com/event/1910070533451342891420
Trend Micro CTF 2019 // Raimund Genes Cup FINAL / NOVEMBER 23–24, 2019
https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html
資安檢核核心技術及進階技術研討會11月26日至11月28日
http://bit.ly/2TN2UtD
人資人員必修的職安法規定 11/26
https://www.accupass.com/event/1909121441141977826554
模擬案例鑑識分析實務 (6hr) 11/28
http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384543
Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/29
https://signupcybersec101.ithome.com.tw/
交通大學亥客書院-B015:惡意程式檢測 11/30
https://hackercollege.nctu.edu.tw/?p=1098
亞洲‧矽谷學院108年免費認證考試 11/30
https://college.asvda.org.tw/
Digital Summit Dallas 12/4
https://infosec-conferences.com/events-in-2019/digital-summit-dallas/
Kansas City Cyber Security Conference 12/5
https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/
CyberMaryland Conference 12/5 ~ 12/6
https://infosec-conferences.com/events-in-2019/cybermaryland-conference/
FutureCon Nashville Cyber Security Conference 12/11
https://infosec-conferences.com/events-in-2019/futurecon-nashville/
Utility Cyber Security Forum December 12/11
https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/
交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦 12/14
https://hackercollege.nctu.edu.tw/?p=1094
Japan Security Analyst Conference
https://jsac.jpcert.or.jp/
沒有留言:
張貼留言