跳到主要內容

資安事件新聞週報 2019/10/14 ~ 2019/10/18






資安事件新聞週報  2019/10/14  ~  2019/10/18

1.重大弱點漏洞/後門/Exploit/Zero Day
Juniper 10月產品安全性更新公告
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES

GitHub 首席安全工程師:Linux 暗藏嚴重漏洞,存在至少4 年
https://www.infoq.cn/article/WSWoSgGNk9iz0Had5XmU?utm_source=rss&utm_medium=article

FDA對影響醫療裝置和醫院網路的URGENT/11漏洞發出警報
https://blog.trendmicro.com.tw/?p=62255

BMC Software Patrol Agent 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17043

ReportLab 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17626

BIND 多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/10/17/isc-releases-security-advisories-bind

LimeSurvey 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17660

HiNet GPON 3097 埠允許遠端執行任意指令
https://tvn.twcert.org.tw/taiwanvn/TVN-201908005

NETGEAR JNR1010 訪問控制錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-11014

TOPMeeting 全球行動視訊會議系統含有機敏資料暴露漏洞
https://tvn.twcert.org.tw/taiwanvn/TVN-201907002

Sonatype Nexus Repository Manager 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15893

Firefox部署程式碼注射攻擊保護
https://www.ithome.com.tw/news/133620

Firefox Blocks Inline and Eval JavaScript on Internal Pages to Prevent Injection Attacks
https://thehackernews.com/2019/10/firefox-javascript-injection.html

DEVCORE 剖析 Mail2000 漏洞已於去年修補正式聲明
https://www.openfind.com.tw/taiwan/news_detail.php?news_id=10198

賽門鐵克修補讓Windows出現藍屏的臭蟲
https://www.ithome.com.tw/news/133633

甲骨文產品多個漏洞
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Oracle Java SE和Java SE Embedded 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949

Oracle Releases October 2019 Security Bulletin
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

WebLogic 高危漏洞预警(CVE-2019-2891、CVE-2019-2890)
https://linux.cn/article-11475-1.html

CVE-2019-2890:WebLogic 反序列化漏洞預警
https://cert.360.cn/warning/detail?id=3a5202c8079525b65e79929582b64c47

Cisco Firepower Management Center 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15270

Cisco SPA100 Series Analog Telephone Adapters 緩衝區錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15240

Cisco TelePresence Collaboration Endpoint Software 權限許可和訪問控制問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15277

Cisco TelePresence Collaboration Endpoint Software 操作系统命令注入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15274

思科 Firepower Management Center 遠端執行任意程式碼漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce

思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

GNU patch代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638

TYPO3 SLUB: Event Registration 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16700

Linux的sudo指令遭爆含有可取得最高權限的安全漏洞
https://times.hinet.net/news/22604366

Linux Sudo 指令漏洞,可使受限用戶直接取得 root 權限
https://www.twcert.org.tw/tw/cp-104-3012-e9ff5-1.html

Linux SUDO Bug Lets You Run Commands as Root, Most are Unaffected
https://www.bleepingcomputer.com/news/linux/linux-sudo-bug-lets-you-run-commands-as-root-most-are-unaffected/

Linux security hole: Much sudo about nothing
https://www.zdnet.com/article/linux-security-hole-much-sudo-about-nothing/#ftag=RSSbaffb68

CVE-2019-14287 Linux SUDO
https://access.redhat.com/security/cve/cve-2019-14287

phpMyAdmin 被發現 0-day 漏洞
https://blog.twnic.net.tw/2019/10/17/5301/

HP Touchpoint Analytics漏洞影響大量惠普電腦
https://nosec.org/home/detail/3036.html

惠普電腦的預裝應用出現漏洞,可能將允許駭客完全接管系統
https://ek21.com/news/tech/150931/

HP跟機程式漏洞 數百萬用家隨時被黑
http://bit.ly/2IRHUxs

Vulnerability found and fixed in HP bloatware
https://www.zdnet.com/article/vulnerability-found-and-fixed-in-hp-bloatware/#ftag=RSSbaffb68

Magento新的ZEND FRAMEWORK安全漏洞
http://blog.itpub.net/69950643/viewspace-2659688/

新版macOS Catalina許多App無法運作?原因在於全面升級64位元架構
http://one19810109.blogspot.com/2019/10/macos-catalinaapp64.html

macOS Catalina郵件程式現漏洞 用戶數據資訊或違失
http://bit.ly/2q9G30p

macOS Catalina warning: Don't upgrade if you rely on a Drobo 8D
https://www.zdnet.com/article/macos-catalina-warning-dont-upgrade-if-you-rely-on-a-drobo-8d/#ftag=RSSbaffb68

These are the Apple macOS Catalina 10.15 security updates you need to know about
https://www.zdnet.com/article/these-are-the-macos-catalina-10-15-security-updates-you-need-to-know-about/#ftag=RSSbaffb68

Tor Project removes 13.5% of current servers for running EOL versions
https://www.zdnet.com/article/tor-project-removes-13-5-of-current-servers-for-running-eol-versions/#ftag=RSSbaffb68

將書本知識用於實踐,實習大學生指出企業設備“漏洞”
http://news.cjn.cn/sywh/201910/t3468439.htm

警告:針對Windows PC的威脅性BlackHole漏洞利用工具包現已免費提供給黑客
https://www.enigmasoftware.com/zh-hans/blackhole-exploit-kit-available-free-hackers/

微軟Windows 10更新助手(Update Assistant)中的一個安全漏洞使攻擊者可以執行具有SYSTEM權限的代碼
https://m.cnbeta.com/view/898521.htm

Windows 10 更新小幫手暗藏漏洞,Microsoft 建議用戶盡快安裝更新
https://www.kocpc.com.tw/archives/285759

Microsoft Dynamics 365跨站脚本漏洞
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1375

Microsoft and NIST partner to create enterprise patching guide
https://www.zdnet.com/article/microsoft-and-nist-partner-to-create-enterprise-patching-guide/#ftag=RSSbaffb68

Microsoft SharePoint跨站脚本漏洞
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1070

微軟再發佈IE漏洞例外修補程式,所有版本都要安裝
https://www.ithome.com.tw/news/133453

Microsoft Internet Explorer遠程代碼執行漏洞
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1239

微軟Windows 7付費延伸支援方案,開放中小企業購買
https://www.ithome.com.tw/news/133373

What to expect from Windows 10 November 2019 Update: A pleasant surprise
https://www.zdnet.com/article/what-to-expect-from-windows-10-november-2019-update-a-pleasant-surprise/#ftag=RSSbaffb68

Microsoft Defender 'Tamper Protection' reaches general availability
https://www.zdnet.com/article/microsoft-defender-tamper-protection-reaches-general-availability/#ftag=RSSbaffb68

黑客揭露了 3 個未修補的微軟零日漏洞,微軟可能會在其下個月的安全補丁修補漏洞
https://www.chainnews.com/zh-hant/articles/077795099700.htm

Adobe Acrobat與Reader應用程式存在多個安全漏洞,允許攻擊者遠端執行任意程式碼,請儘速確認並進行更新
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1110

Exim存在安全漏洞(CVE-2019-16928),允許攻擊者遠端執行任意程式碼,請儘速確認並進行更新
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1109

Adobe修補82個安全漏洞,68個涉及Acrobat與Reader
https://www.ithome.com.tw/news/133637

Adobe Releases Out-of-Band Security Patches for 82 Flaws in Various Products
https://thehackernews.com/2019/10/adobe-software-patches.html

Adobe Releases Acrobat and Reader Security Updates
https://helpx.adobe.com/security/products/acrobat/apsb19-49.html

WordPress Releases Security Update
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/

TYPO3 freeCap CAPTCHA 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16699

JVNVU#93621261 Pulse Secure VPN における複数の脆弱性
https://jvn.jp/vu/JVNVU93621261/

JVN#97845465 LINE (Android版) における複数の整数オーバーフローの脆弱性
https://jvn.jp/jp/JVN97845465/

JVNVU#91825432 Apple Swift における脆弱性に対するアップデート
https://jvn.jp/vu/JVNVU91825432/

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
百年傳統銀行出身,見證手工到網路時代,他是最資深的網銀「高年級實習生」
https://www.storm.mg/article/1760979

永豐銀行行動金融卡業務終止公告
https://mma.sinopac.com/MMA8/mma/html/news/news190726-h1.html

保發中心攜KPMG 傳授IFRS 17教戰守則
https://money.udn.com/money/story/5636/4103989

電商平臺再遭Magecart駭客攻擊,影響數千家網站
https://ek21.com/news/tech/151095/

APPLE CARD沒實體卡片仍爆盜刷 疑付款系統遭入侵
http://bit.ly/2MHPOKU

PSA: Despite focus on security, the physical Apple Card is still susceptible to cloning
https://9to5mac.com/2019/10/09/apple-card-security-cloning/

記帳順便繳費!FinTech新創麻布記帳翻轉金融場景,20萬用戶給4.8星評價
https://meet.bnext.com.tw/articles/view/45575

富邦產險籲建立完善公司治理與資安風險管理
https://money.udn.com/money/story/5635/4109801

開放API管理平台啟動 顧立雄期待創造三贏局面
https://udn.com/news/story/7239/4107910

開放API平台台灣正式啟動 下階段開放個資分享金管會壓力大
http://bit.ly/31plrhE

開放API平台 明年提供消費者資訊查詢 顧立雄喊壓力大
http://bit.ly/2IZvhQS

邁向開放銀行第二階段,顧立雄:兩大障礙要跨越
https://technews.tw/2019/10/17/openbanking-2-questions/

財金開放API平臺終於上路,23家銀行與6家TSP搶先布局,但下一階段才是更大的挑戰
https://ithome.com.tw/news/133650

【臺灣Open Banking銀行實例】開放API要發威,國泰世華先大力改造中臺強化IT體質
https://www.ithome.com.tw/news/133682

屏東房屋借款、屏東土地借款、屏東借錢-第一融資:金融業啟動開放API 首波6家TSP業者加入
https://www.first-bank.com.tw/news-detail-2435400.html

【開放銀行特別報導】臺灣開放銀行下一步?金管會政策方向大公開
https://www.ithome.com.tw/news/133635

遠東銀行另闢數金戰場,小銀行也能闖出金融大平臺
https://www.ithome.com.tw/people/133524

銀行公會強化競爭力,邀亞洲金融監理官來台
http://bit.ly/2VQ4tI8

花旗系統三度出包 金管會開罰累計千萬
https://m.ctee.com.tw/livenews/aj/a95645002019101717205853?area=

ATM吃卡又扣款 一信:可能網路斷訊
http://www.ksnews.com.tw/index.php/news/contents_page/0001310588

全台ATM當機20分鐘 IBM工程師惹的禍
https://ctee.com.tw/news/life/160557.html

數千個網路商店被注入 Magecart信用卡盜卡程式,今年第三起類似事件
https://blog.trendmicro.com.tw/?p=62262

販賣信用卡資料的地下網站遭駭,2600萬張卡片被救回
https://www.ithome.com.tw/news/133660

Big Discovery Bank security flaw
https://mybroadband.co.za/news/security/323350-big-discovery-bank-security-flaw.html

Discovery Bank closed a gaping credit card security hole on Monday – but says it suffered no fraud
https://www.businessinsider.co.za/discovery-bank-cvv-code-security-flaw-credit-card-fraud-2019-10

Feds arrest alleged members of international ATM skimmer ring
https://www.zdnet.com/article/feds-arrest-alleged-members-of-international-atm-skimmer-ring/#ftag=RSSbaffb68

EU: ATM jackpotting attacks earn crooks less than €1,000 in the first half of 2019
https://www.zdnet.com/article/eu-atm-jackpotting-attacks-earn-crooks-less-than-eur1000-in-the-first-half-of-2019/#ftag=RSSbaffb68

ATM malware and logical attacks fall in Europe
http://bit.ly/2nJBCsu

ATM malware, logical attacks see downward trend in Europe
https://www.atmmarketplace.com/news/report-atm-malware-and-logical-attacks-down-in-europe/

Fintech startups: Why Bulgaria is a hotbed for finance software development
https://www.zdnet.com/article/fintech-startups-why-bulgaria-is-a-hotbed-for-finance-software-development/#ftag=RSSbaffb68

Volusion Payment Platform Sites Hit by Attackers
https://www.bankinfosecurity.com/volusion-payment-platform-sites-hit-by-attackers-a-13229

FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops
http://bit.ly/2MEQWPl

FIN7 Gang Returns With New Malicious Tools: Researchers
https://www.bankinfosecurity.com/fin7-gang-returns-new-malicious-tools-researchers-a-13253

“BriansClub” Hack Rescues 26M Stolen Cards
https://krebsonsecurity.com/2019/10/briansclub-hack-rescues-26m-stolen-cards/

3 Key Risks with Employee Passwords in the Financial Services Industry
https://www.bankinfosecurity.com/blogs/3-key-risks-employee-passwords-in-financial-services-industry-p-2801

3.電子支付/電子票證/行動支付/ pay/新聞及資安
LINE Pay驚傳系統故障無法支付 官方:原因釐清中
https://www.ettoday.net/news/20191016/1558388.htm

官方證實LINE Pay掛了!用戶尷尬:後面一排人在等我結帳
https://udn.com/news/story/7086/4107941

LINE Pay掛掉!用戶結帳超尷尬 官方回應了
http://bit.ly/35FpQ3x

LINE Pay一卡通驚傳系統故障無法支付 173萬用戶受影響
https://tw.finance.appledaily.com/realtime/20191016/1649584/

LINE Pay一卡通當機2小時已修復 官方致歉
https://www.cna.com.tw/news/firstnews/201910165007.aspx

LINE Pay一卡通服務當機2小時後修復 官方致歉
http://bit.ly/2MN83ic

LINE Pay一卡通出包今祭優惠 超商付款可獲10%回饋
https://tw.finance.appledaily.com/realtime/20191017/1649938/

馬大電子支付被駭!黃彥鉻否認涉及
https://www.sinchew.com.my/content/content_2133011.html

Payment Security Software Market Solid Analyzed Segmentation, Demand, Recent Share Estimation and Growth Prospects by Regions to 2017 – 2025
http://bit.ly/32pkTtn

4.虛擬貨幣/區塊鍊相關新聞及資安
KuCoin 入駐慢霧區,發布「安全漏洞與威脅情報賞金計劃」
https://mp.weixin.qq.com/s/3WgEOJ5O05rSjhDcT8DumQ

跨國監管機構盯臉書Libra
https://money.udn.com/money/story/5599/4104319

無現金運動的下一步:一個通行全球的數位貨幣
http://news.knowing.asia/news/f6690e52-a5f0-4f0a-944a-6d66f90d3b18

Mastercard, Visa, eBay, Stripe drop out of Facebook's Libra project
https://www.zdnet.com/article/mastercard-visa-ebay-stripe-drop-out-of-facebooks-libra-project/#ftag=RSSbaffb68

Casbaneiro is a threat to cryptocurrency in Latin America
https://coinrivet.com/casbaneiro-cryptocurrency-latin-america/

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
勒索軟體攻擊事件不斷 FBI:不鼓勵交付贖金
https://cnews.com.tw/140191012a01/

Lucky勒索软件
https://www.enigmasoftware.com/zh-hans/luckyransomware-removal/

瑞星:“DTLMiner”再次更新成為首個利用BlueKeep漏洞的病毒
http://info.chinabyte.com/327/411827.shtml

多倫多牙醫診所被「勒索軟件」襲擊 要求16.5萬元贖金
http://bit.ly/31b2L5a

Windows版iTunes零時差漏洞遭用以散佈BitPaymer勒索軟體
https://www.ithome.com.tw/news/133574

騰訊安全:永恆之藍下載器木馬再添BlueKeep漏洞攻擊,多系統版本均受影響
https://s.tencent.com/research/report/823.html

北韓駭客組織HIDDEN COBRA所利用的惡意程式Joanap及Brambul,請各單位注意防範
https://lic.nuk.edu.tw/p/406-1012-15636,r73.php?Lang=zh-tw

駭客用WAV檔散佈惡意程式
https://www.ithome.com.tw/news/133654

可以攻擊ATM讓它把所有鈔票吐光的惡意軟體在歐洲盛行,專家警告最終將如勒索軟體般橫行全球
https://www.techbang.com/posts/73543-malware-allows-atms-to-spit-out-all-cash-on-demand

無檔案殭屍病毒Novter透過KovCoreG惡意廣告活動散播
https://blog.trendmicro.com.tw/?p=62259

火絨截獲新型勒索病毒Spora 通過IE、Flash漏洞等方式傳播
https://cloud.tencent.com/developer/article/1522434

Docker Hub上映像檔被發現存在挖礦綁架蠕蟲
https://www.ithome.com.tw/news/133655

騰訊安全:新型挖礦木馬“快Go礦工”猛攻企業設備IT行業成重災區
https://www.csdn.net/article/a/2019-10-17/15982628

Top Malware em Setembro de 2019
https://www.techenet.com/2019/10/check-point-top-malware-mais-procurados-em-setembro/

Malware targets individual healthcare employees, not always VIPs
https://www.healthcaredive.com/news/malware-targets-individual-healthcare-employees-not-always-vips/565209/

Pony’s C&C servers hidden inside the Bitcoin blockchain
https://research.checkpoint.com/ponys-cc-servers-hidden-inside-the-bitcoin-blockchain/

macOS users targeted with new Tarmac malware
https://www.zdnet.com/article/macos-users-targeted-with-new-tarmac-malware/#ftag=RSSbaffb68

New espionage malware found targeting Russian-speaking users in Eastern Europe
https://www.zdnet.com/article/new-espionage-malware-found-targeting-russian-speaking-users-in-eastern-europe/#ftag=RSSbaffb68

AT COMMANDS, TOR-BASED COMMUNICATIONS: MEET ATTOR, A FANTASY CREATURE AND ALSO A SPY PLATFORM
https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Attor.pdf

Man charged for running crypto mining scam under the guise of game development
https://www.zdnet.com/article/man-charged-for-running-crypto-mining-scam-under-the-guise-of-game-development/#ftag=RSSbaffb68

Campaña activa de Malware Bancario (Proxy Changer) dirigido a Chile y México.
https://www.cronup.com/post/campa%C3%B1a-activa-de-malware-bancario-proxy-changer-dirigido-a-chile-y-m%C3%A9xico

M6, one of France's biggest TV channels, hit by ransomware
https://www.zdnet.com/article/m6-one-of-frances-biggest-tv-channels-hit-by-ransomware/#ftag=RSSbaffb68

Sodinokibi Ransomware: Following the Affiliate Money Trail
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-following-the-affiliate-money-trail/

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-follow-the-money/

Cybercrime gang behind the Emotet malware is targeting organization with external SOC with emails claiming to deliver a SOC “weekly report.”
https://securityaffairs.co/wordpress/92501/malware/emotet-gang-targetes-external-soc.html

Blackremote: Money money money – a Swedish actor peddles an expensive new RAT
https://unit42.paloaltonetworks.com/blackremote-money-money-money-a-swedish-actor-peddles-an-expensive-new-rat/

Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers
https://thehackernews.com/2019/10/phorpiex-botnet-sextortion-emails.html

Phorpiex botnet made $115,000 in five months just from mass-spamming sextortion emails
https://www.zdnet.com/article/phorpiex-botnet-made-115000-in-five-months-just-from-mass-spamming-sextortion-emails/#ftag=RSSbaffb68

Phorpiex Botnet Behind Large-Scale 'Sextortion' Campaign
https://www.bankinfosecurity.com/phorpiex-botnet-behind-large-scale-sextortion-campaign-a-13264

In the Footsteps of a Sextortion Campaign
https://research.checkpoint.com/in-the-footsteps-of-a-sextortion-campaign/

WAV audio files are now being used to hide malicious code
https://www.zdnet.com/article/wav-audio-files-are-now-being-used-to-hide-malicious-code/#ftag=RSSbaffb68

Cyberbit discovers international airport riddled with Bitcoin-mining malware
https://www.zdnet.com/article/cyberbit-discovers-international-airport-riddled-with-bitcoin-mining-malware/#ftag=RSSbaffb68

Phony Company Used to Plant macOS Malware: Report
https://www.bankinfosecurity.com/phony-company-used-to-plant-macos-malware-report-a-13261

2019-10-15 - MALSPAM PUSHING SHADE (TROLDESH) RANSOMWARE
https://www.malware-traffic-analysis.net/2019/10/15/index.html

2019-10-09 - DOCUSIGN-THEMED HANCITOR MALSPAM AND INFECTION TAFFIC
https://www.malware-traffic-analysis.net/2019/10/09/index.html

'Graboid' Cryptojacking Worm Spreads Through Containers
https://www.bankinfosecurity.com/graboid-cryptojacking-worm-spreads-through-containers-a-13256

Ransomware Attacks: STOP, Dharma, Phobos Dominate
https://www.bankinfosecurity.com/ransomware-attacks-stop-dharma-phobos-dominate-a-13259

Pitney Bowes Says Ransomware Behind System Outages
https://www.bankinfosecurity.com/pitney-bowes-says-ransomware-behind-system-outages-a-13242

2019-10-17 - DATA DUMP: URSNIF INFECTION TRAFFIC FROM ITALIAN MALSPAM
https://www.malware-traffic-analysis.net/2019/10/17/index.html

2019-10-15 - MALSPAM PUSHING SHADE (TROLDESH) RANSOMWARE
https://www.malware-traffic-analysis.net/2019/10/15/index.html

Bericht zur Lage der IT-Sicherheit vorgestellt
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Lagebericht_171019.html

B.行動安全 / iPhone / Android /穿戴裝置 /App
Win10 Mobile還有2月退休 但微軟拒絕修復新發現漏洞
https://news.sina.com.tw/article/20191012/32921950.html

遠傳啟動5G招募計畫 網羅百名資通訊人才
https://news.cnyes.com/news/id/4397494

指紋密碼真安全?保全趁同事熟睡抓手解鎖,偷錢得手10多次
https://fnc.ebc.net.tw/FncNews/tech/102958

臉書將內容農場連結下架處理!違反社群守則無法張貼
https://www.mygopen.com/2019/10/facebook-community-standards.html

LINE備份攻略,換機前看這篇就對了
https://blog.trendmicro.com.tw/?p=62167

貿易制裁也擋不住,在北韓蓬勃發展的手機製造業
https://technews.tw/2019/10/13/how-a-sanctions-busting-smartphone-business-thrives-in-north-korea/

谷歌Pixel 4面部解鎖功能存在重大安全漏洞
https://tech.sina.com.cn/mobile/n/n/2019-10-18/doc-iicezuev2965189.shtml

Google Pixel 4人臉辨識有重大漏洞 閉眼竟能解鎖
https://www.chinatimes.com/realtimenews/20191018003079-260412?chdtv

三星確認Galaxy S10 指紋識別存在漏洞,將盡快發布補丁
https://cn.technode.com/post/2019-10-17/samsung-confirms-galaxy-s10-fingerprint-reader-flaw/

三星手機爆 20 多處安全漏洞
https://kknews.cc/tech/xg546x9.html

三星S10 螢幕指紋感測曝解鎖漏洞!官方證實將盡快釋出修補
https://3c.ltn.com.tw/news/38322

Samsung 證實:「零日漏洞」令S10系列及Note 10系列變高危
http://bit.ly/2VDkuAV

英婦eBay購保護貼 Galaxy S10任何指紋都可解鎖
http://bit.ly/2J5SwJp

Android 版 Chrome 瀏覽器獲得防禦 Spectre 攻擊的更新
https://engt.co/2pxzioM

2019 年安卓應用的7 大漏洞類型
https://www.infoq.cn/article/uq81ZUfcAsEAaawcWBHF?utm_source=rss&utm_medium=article

德國官員證實5G不排除華為 但安全標準提高
https://ec.ltn.com.tw/article/breakingnews/2946826

逃不出中國手掌心?微信帳號綁定 FB 之後,就算解除還是會「自動」綁回來
https://buzzorange.com/techorange/2019/10/16/wechat-bind-with-fb/

使用手機瀏覽器怕個資被傳送去中國該怎麼辦?資安專家教這2招防範
https://www.storm.mg/lifestyle/1834428

各廠牌手機電腦都在蒐集資料 3招保護個人資料
http://www.merit-times.com/newspage.aspx?unid=565419

1 億台手機全看光光,中共「學習強國」App 存在超級後門
https://www.inside.com.tw/article/17793-chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says

中國洗腦App「學習強國」爆後門 可監控數億用戶個資
https://www.rti.org.tw/news/view/id/2037896

數億手機被監控?洗腦APP藏後門 中共遠端存個資
https://times.hinet.net/news/22604281

下載後想刪都刪不了!一張圖揪出15款超會偽裝的惡意 App
https://3c.ltn.com.tw/news/38313

蘋果再度下架港人App 執行長庫克首度回應下架原因
https://newtalk.tw/news/view/2019-10-12/310539

一團伙利用結算過程漏洞開展蘋果手機非法代充業務獲刑
http://news.jcrb.com/jxsw/201910/t20191012_2059939.html

蘋果針對 Safari 安全瀏覽功能發表聲明
https://www.twcert.org.tw/tw/cp-104-3011-6428e-1.html

蘋果 Safari 瀏覽器會發送使用者隱私資訊給騰訊
https://www.inside.com.tw/article/17794-apple-safari-ip-addresses-tencent

蘋果 Safari 瀏覽器預設會傳送 IP 位置給中國騰訊
https://www.kocpc.com.tw/archives/286076

iPhone爆洩IP給騰訊 翟本喬點出更嚴重的事
https://tw.lifestyle.appledaily.com/gadget/20191015/OR62U2OZNBJ62TSTGQRVBYNKGM/

Safari回傳資料給騰訊?Apple回應三重點
https://tw.lifestyle.appledaily.com/gadget/20191015/COULORAQXIYD2BS5BC2NHXBQ2A/

對Safari資安若有疑慮 專家建議2招因應
https://www.cna.com.tw/news/firstnews/201910160093.aspx

蘋果瀏覽器連騰訊 美國防部高官:需警惕
http://www.epochtimes.com/b5/19/10/16/n11592172.htm

Apple responds to reports that it sends user traffic to China's Tencent
https://www.zdnet.com/article/apple-responds-to-reports-that-it-sends-user-traffic-to-chinas-tencent/#ftag=RSSbaffb68

Google相簿出漏洞!替iPhone「開後門」 提供無限照片備份空間
https://www.ettoday.net/news/20191018/1559801.htm

Windows版iTunes零時差漏洞遭用以散佈BitPaymer勒索軟體
https://www.ithome.com.tw/news/133574

Windows 版 Bonjour 有漏洞 解除安裝 iTunes 、 iCloud 仍有風險
http://bit.ly/31b7jsm

蘋果更新Windows版iTunes 修補了勒索軟件攻擊漏洞
https://www.cnbeta.com/articles/tech/898235.htm

Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks
https://thehackernews.com/2019/10/apple-bonjour-ransomware.html

Ransomware gang uses iTunes zero-day
https://www.zdnet.com/article/ransomware-gang-uses-itunes-zero-day/#ftag=RSSbaffb68

7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
https://thehackernews.com/2019/10/iterm2-macos-terminal-rce.html

Her iPhone died. It led to her being charged as a criminal
https://www.zdnet.com/article/her-iphone-died-it-led-to-her-being-charged-as-a-criminal/#ftag=RSSbaffb68

iOS 13 tells you when apps are secretly tracking you
https://www.zdnet.com/article/ios-13-tells-you-when-apps-are-secretly-tracking-you/#ftag=RSSbaffb68

Checkm8 iOS jailbreak used as lure in online scam
https://www.zdnet.com/article/checkm8-ios-jailbreak-used-as-lure-in-online-scam/#ftag=RSSbaffb68

These are the 29 countries vulnerable to Simjacker attacks
https://www.zdnet.com/article/these-are-the-29-countries-vulnerable-to-simjacker-attacks/#ftag=RSSbaffb68

US job seekers scrub their social media accounts to get success
https://www.zdnet.com/article/us-job-seekers-scrub-their-social-media-accounts-to-get-success/#ftag=RSSbaffb68

How to fix watchOS 'Unable to Install Update' error
https://www.zdnet.com/article/how-to-fix-watchos-unable-to-install-update-error/#ftag=RSSbaffb68

Fake iOS Jailbreak Site Lures in Apple Users
https://threatpost.com/apple-fake-ios-jailbreak-site/149159/

iOS 13.1.3 brings a bunch of bug fixes to iPhone and iPad, but no relief for calls and battery bugs
https://www.zdnet.com/article/ios-13-1-3-brings-a-bunch-of-bug-fixes-to-iphone-and-ipad-but-no-relief-for-calls-and-battery-bugs/#ftag=RSSbaffb68

Singapore readies 5G rollout with potential for two additional licenses
https://www.zdnet.com/article/singapore-readies-5g-rollout-with-potential-for-two-additional-licenses/#ftag=RSSbaffb68

Facebook Now Pays Hackers for Reporting Security Bugs in 3rd-Party Apps
https://thehackernews.com/2019/10/facebook-apps-bug-bounty.html

Security researcher publishes proof-of-concept code for recent Android zero-day
https://www.zdnet.com/article/security-researcher-publishes-proof-of-concept-code-for-recent-android-zero-day/#ftag=RSSbaffb68

Fake mobile app fraud tripled in first half of 2019, finds RSA Security
https://www.techcentral.ie/fake-mobile-app-fraud-tripled-in-first-half-of-2019-finds-rsa-security/

What is the Emotet Trojan
https://www.jdsupra.com/legalnews/what-is-the-emotet-trojan-71164/

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
2019年9月十大資安新聞
https://ithome.com.tw/news/133598

瑞星連續捕獲一個高級持續性威脅的網絡攻擊
http://www.xinhuanet.com/fortune/2019-10/17/c_1125117622.htm

資安攻防戰引爆潛在商機 網路安全ETF解密
http://bit.ly/2Mo0cIM

6個月嬰兒都不放過!全球最大宗兒童色情暗網遭破獲 用「比特幣」付費下載25萬支性虐影片
https://www.storm.mg/article/1838991

遭黑客攻擊 荷蘭網站25萬用戶信息被盜
http://www.epochtimes.com/b5/19/10/16/n11592028.htm

暗網潛航——信息安全風險保險(二) 守而必固者
http://bit.ly/2Mlphnz

馬雲:阿里巴巴每天有3億次網攻 但沒損失過半毛錢
https://ec.ltn.com.tw/article/breakingnews/2948055

HITCON CTF台灣駭客線上初賽 台灣Balsn擊敗千隊摘銀
https://ec.ltn.com.tw/article/breakingnews/2947191

德5G建設向華為「亮綠燈」 美警告:考慮是否共享情報
https://www.ettoday.net/news/20191017/1559119.htm

華為防諜人事大異動 傳台籍高管離職
https://tw.appledaily.com/new/realtime/20191016/1649687/

無視美國禁令?華為獲得 32 個歐洲 5G合約
https://www.inside.com.tw/article/17849-huawei-europe

警惕!船舶網絡安全帶來的風險
http://www.eworldship.com/html/2019/ship_inside_and_outside_1011/153359.html

百度網盤會員資格突遭取消 用戶怒斥推卸責任
https://hk.on.cc/hk/bkn/cnt/cnnews/20191012/bkn-20191012123640803-1012_00952_001.html

最多200美元!駭客就能用微型晶片破解硬件防火牆
https://ek21.com/news/tech/150907/

中小企唔防範 黑客襲擊易如反掌
http://bit.ly/2oBseYi

網傳TeamViewer 遭駭客入侵 已安裝使用者注意
https://udn.com/news/story/7086/4103944

19/10/12 Teamviewer APT41事件 : Teamviewer可以被取得任意控制權限
https://ithelp.ithome.com.tw/questions/10195658?sc=rss.qu

網路傳出 TeamViewer 被駭客入侵,已安裝使用者注意
http://bit.ly/33xqEFP

TeamViewer 被指遭駭客入侵,使用者有機會被控制電腦
https://technews.tw/2019/10/18/teamviewer-hacker-computer/

網傳 TeamViewer 被駭客入侵 ?! 取得電腦的後台管理及防問權
https://hk.xfastest.com/36820/teamviewer-heaked-by-apt41/

數位身分證很安全?愛沙尼亞曾遭駭 德國反個資存手機
https://udn.com/news/story/6812/4094534

從莫雷推文看中共五毛如何「協調騷擾」
http://www.epochtimes.com/b5/19/10/16/n11593295.htm

別只顧賺中國的錢!美企業及研究單位員工成共諜利誘對象
http://bit.ly/2J1fTU8

澳門修改《打擊電腦犯罪法》一般性通過 政府強調非合法入侵或遠端取證
https://www.exmoo.com/article/128053.html

澳門修改《打擊電腦犯罪法》一般性通過 雲端取證 需先得法官批示
https://www.exmoo.com/article/128135.html

歐盟電訊網絡安全報告據報引起成員國對華為警覺
http://www.aastocks.com/tc/stocks/news/aafn-news/NOW.970148/2

美國國防高級研究計劃局發布預測網絡漏洞的AIMEE新項目
http://www.sohu.com/a/347060333_313834

網站寄存安全風險高 HKIRC免費掃描服務透視安危
http://bit.ly/2MgNThC

美報告:陸駭客竊密 用以研發商用飛機C919
https://m.ctee.com.tw/livenews/gj/a99625002019101611495336?area=

白宮認了 川普扣住軍援與請烏克蘭調查有關
https://www.cna.com.tw/news/firstnews/201910180046.aspx

資安破案能力獲肯定 台灣爭取入Interpol強調「用案件交朋友」
http://bit.ly/35K9ary

資訊戰開打 藍委提「美台資安聯防」蘇揆:全力支持
http://bit.ly/2OULNW6

我銷美資通訊產品 KPMG:應留意CCPA
https://www.chinatimes.com/realtimenews/20191017004099-260410?chdtv

A Comprehensive Guide On How to Protect Your Websites From Hackers
https://thehackernews.com/2019/10/website-security-guide.html

Most SSL certificate misissuance caused by software bugs and rule misinterpretations
https://www.zdnet.com/article/most-ssl-certificate-misissuance-caused-by-software-bugs-and-rule-misinterpretations/#ftag=RSSbaffb68

UNIX Co-Founder Ken Thompson's BSD Password Has Finally Been Cracked
https://thehackernews.com/2019/10/unix-bsd-password-cracked.html

Brazilian government to create single citizen database
https://www.zdnet.com/article/brazilian-government-to-create-single-citizen-database/#ftag=RSSbaffb68

Planes, gates, and bags: How hackers can hijack your local airport
https://www.zdnet.com/article/planes-gates-and-bags-how-hackers-can-hijack-your-local-airport/#ftag=RSSbaffb68

Escort forums in Italy and the Netherlands hacked, user data put up for sale
https://www.zdnet.com/article/escort-forums-in-italy-and-the-netherlands-hacked-user-data-put-up-for-sale/#ftag=RSSbaffb68

Most Americans can't recognize 2FA, HTTPS, or private browsing
https://www.zdnet.com/article/most-americans-cant-recognize-2fa-https-or-private-browsing/#ftag=RSSbaffb68

Schneier slams Australia's encryption laws and CyberCon speaker bans
https://www.zdnet.com/article/schneier-slams-australias-encryption-laws-cybercon-speaker-bans/#ftag=RSSbaffb68

Hacked Off: Lawsuit Alleges CafePress Used Poor Security
https://www.bankinfosecurity.com/hacked-off-lawsuit-alleges-cafepress-used-poor-security-a-13233

FBI: Cybercriminals Are Bypassing Multifactor Authentication
https://www.bankinfosecurity.com/fbi-cybercriminals-are-bypassing-multifactor-authentication-a-13226

Building China's Comac C919 airplane involved a lot of hacking, report says
https://www.zdnet.com/article/building-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says/#ftag=RSSbaffb68

Argentinian security researcher arrested after tweeting about government hack
https://www.zdnet.com/article/argentinian-security-researcher-arrested-after-tweeting-about-government-hack/#ftag=RSSbaffb68

Hacking 20 high-profile dev accounts could compromise half of the npm ecosystem
https://www.zdnet.com/article/hacking-20-high-profile-dev-accounts-could-compromise-half-of-the-npm-ecosystem/#ftag=RSSbaffb68

'Silent Librarian' Revamps Phishing Campaign: Proofpoint
https://www.bankinfosecurity.com/silent-librarian-revamps-phishing-campaign-proofpoint-a-13255

'Silent Librarian' Revamps Phishing Campaign: Proofpoint
https://www.bankinfosecurity.com/silent-librarian-revamps-phishing-campaign-proofpoint-a-13255

Stung by Takedowns, Criminals Tap Distributed Dark Markets
https://www.bankinfosecurity.com/interviews/stung-by-takedowns-criminals-tap-distributed-dark-markets-i-4477

Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested
https://thehackernews.com/2019/10/dark-web-child-abuse.html

Maybe shadow IT isn't so bad after all, study suggests
https://www.zdnet.com/article/maybe-shadow-it-isnt-so-bad-after-all-study-suggests/#ftag=RSSbaffb68

Germany's cyber-security agency recommends Firefox as most secure browser
https://www.zdnet.com/article/germanys-cyber-security-agency-recommends-firefox-as-most-secure-browser/#ftag=RSSbaffb68

Cybercrime Tool Prices Continue to Rise on Darknet Sites
https://www.bankinfosecurity.com/cybercrime-tool-prices-continue-to-rise-on-darknet-sites-a-13265

資安管理課主管(3000912)
https://m.1111.com.tw/job/80202342/

網路系統工程師(內湖總公司)
https://m.1111.com.tw/job/85960968/

資訊安全技術主管
https://m.1111.com.tw/job/91138765/

【資安所】智慧雲端平台中心-資安監控工程師
https://m.1111.com.tw/job/91157475/

網路安全分析師 (深圳)
https://m.1111.com.tw/job/85155640/

雲端應用伺服器軟體與網路安全工程 - J1797
https://m.1111.com.tw/job/91174023/

【資訊處】資安規範管理師 Security Compliance
https://m.1111.com.tw/job/91126704/

B-資訊安全處-銀行資安新秀培育計畫
https://m.1111.com.tw/job/86027458/

B-資訊安全處-銀行資安專家
https://m.1111.com.tw/job/86027457/

【資訊處】弱點分析工程師 Vulnerability Analyst
https://m.1111.com.tw/job/91126688/

資訊安全高級工程師
https://m.1111.com.tw/job/91138763/

資安產品FAE工程師
https://ilabor.ntpc.gov.tw/cloud/GoodJob/job_title/627407427

【資安】初階資安管理專業人員
https://m.104.com.tw/job/67bgp?jobsource=m104

金融安全認證工程師
https://m.104.com.tw/job/4q7ai?jobsource=m104

C.顧問類-顧問/資深顧問/經理(資訊安全管理)
https://m.104.com.tw/job/3t96f?jobsource=m104

資安鑑識工程師
https://m.104.com.tw/job/6isjn?jobsource=m104

資安人員
https://m.104.com.tw/job/5f21g?jobsource=m104

ISMS駐點資安人員
https://m.104.com.tw/job/6ob2l?jobsource=m104

內控、資安人員
https://m.104.com.tw/job/57yye?jobsource=m104

資安檢測工程師
https://m.104.com.tw/job/64myq?jobsource=m104

資安服務工程師
https://m.104.com.tw/job/3biy7?jobsource=m104

資安技術工程師
https://m.104.com.tw/job/2x79x?jobsource=m104

資安鑑識分析師
https://m.104.com.tw/job/5xtj0?jobsource=m104

ISMS資安工程師
https://m.104.com.tw/job/6ne31?jobsource=m104

資安設備工程師
https://m.104.com.tw/job/6hygw?jobsource=m104

資安事件調查員
https://m.104.com.tw/job/6j3cl?jobsource=m104

系統資安工程師
https://m.104.com.tw/job/6hr7s?jobsource=m104

資深資安設備工程師
https://m.104.com.tw/job/6hyog?jobsource=m104

SOC資安分析工程師
https://m.104.com.tw/job/6m4uk?jobsource=m104

SOC資深資安分析工程師
https://m.104.com.tw/job/5y2jm?jobsource=m104

資安研發工程師 (R&D Engineer)
https://m.104.com.tw/job/64uz1?jobsource=m104

資安健診工程師
https://m.104.com.tw/job/6b5yo?jobsource=m104

軟體安全分析師 (Code Review)
https://m.104.com.tw/job/5e01j?jobsource=m104

【資安】資深資安科技專業人員
https://m.104.com.tw/job/67cr4?jobsource=m104

【資安】資安科技專業人員
https://m.104.com.tw/job/67cru?jobsource=m104

資安專案經理/Project Manager
https://m.104.com.tw/job/2w0gs?jobsource=m104

資通安全組_資安工程師(高雄)
https://m.104.com.tw/job/5nhhu?jobsource=m104

資通安全組_資安工程師(板橋)
https://m.104.com.tw/job/5nhkd?jobsource=m104

資安鑑識工程師
https://m.104.com.tw/job/68ud0?jobsource=m104

資安技術服務工程師(正職)
https://m.104.com.tw/job/3kmxs?jobsource=m104

資安技術經理
https://www.adecco.com.tw/mis-jobs/security-technical-manager-pre-sales-/2767038

系統暨資安專案經理
https://www.cakeresume.com/companies/alpha-human-resource-consulting-co-ltd/jobs/system-and-capital-project-manager

總公司資訊安全部資安管理科人員
https://www.104.com.tw/job/6i94r?jobsource=googlejobs

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
EZ訂個資外洩客戶遭騙判決出爐,在個資法賠償外,業者並需負起7成過失責任
https://www.ithome.com.tw/news/133473

印度本地搜索應用Justdial出現嚴重漏洞洩露1.56億用戶信息
https://www.zhujib.com/yindubendisousuoyingyongjustdi.html

俄諧星冒充土耳其國防部長來電 南卡聯邦參議員葛理漢被騙洩情資
https://udn.com/news/story/6813/4100403

「反送中」議題成詐團套路 三銀行拒匯款她才醒悟
https://tw.appledaily.com/new/realtime/20191016/1647481

德國史上最複雜詐騙案,上百家金融機構捲入
http://news.knowing.asia/news/ec590ea8-7417-4937-bde5-21f5e6f5bd00

Imperva資料外洩原因出爐:AWS API金鑰被盜了
https://www.ithome.com.tw/news/133591

Imperva blames data breach on stolen AWS API key
https://www.zdnet.com/article/imperva-blames-data-breach-on-stolen-aws-api-key/#ftag=RSSbaffb68

Unfortunately, awareness alone won’t do it: Successful phishing defense requires a layered approach
https://zd.net/2MytiEh

Hook, line and sinker: How I fell victim to phishing attacks - again and again
https://zd.net/2B6uoSh

Online banking warning: The simple way you could reduce the risk of falling victim to scam
https://www.express.co.uk/finance/personalfinance/1190895/online-banking-security-internet-scam-fraud-tips-warning

Analysis: New ISO Privacy Standard
https://www.bankinfosecurity.asia/interviews/analysis-new-iso-privacy-standard-i-4476

A landmark German tax fraud case could ripple through the finance industry
https://www.cnbc.com/2019/10/14/cum-ex-german-tax-case-could-ripple-through-the-finance-industry.html

Security pro confessional: The time I almost got hacked
https://www.zdnet.com/article/s-r-confessional-the-time-i-almost-got-hacked/#ftag=RSSbaffb68

Zappos data breach settlement: users get 10% store discount, lawyers get $1.6m
https://www.zdnet.com/article/zappos-data-breach-settlement-users-get-10-store-discount-lawyers-get-1-6m/#ftag=RSSbaffb68

US senator introduces privacy bill that would jail CEOs for user privacy violations
https://www.zdnet.com/article/us-senator-introduces-privacy-bill-that-would-jail-ceos-for-user-privacy-violations/#ftag=RSSbaffb68

Stripe Users Targeted in Phishing Attack That Steals Banking Info
https://www.bleepingcomputer.com/news/security/stripe-users-targeted-in-phishing-attack-that-steals-banking-info/

This Credential Phish Masks the Scam Page URL to Thwart Vigilant Users
https://cofense.com/credential-phish-masks-scam-page-url-thwart-vigilant-users/

E.研究報告
MDR 找到埋伏某公司系統2年的MyKings變種
http://bit.ly/2VM1UGX

CVE-2019-17059:Cyber​​oam SSL VPN的RCE漏洞
https://nosec.org/home/detail/3034.html

D-Link路由器前台命令執行漏洞
https://xz.aliyun.com/t/6500

Rusty Joomla RCE漏洞分析
https://www.4hou.com/info/news/20780.html

應用安全- PHPCMS - Joomla漏洞匯總
https://www.cnblogs.com/AtesetEnginner/p/11660803.html

網站安全防護公司滲透測試執行命令漏洞
https://cloud.tencent.com/developer/article/1519950

網站漏洞檢測泛微OA系統sql注入攻擊檢測與修復
https://cloud.tencent.com/developer/article/1519884

通過進程創建模擬技術挖掘本地提權漏洞
https://nosec.org/home/detail/2955.html

Web漏洞Exploit編寫——Java篇
http://bit.ly/32ifHrc

分享兩個CVE突破的分析報告
https://cloud.tencent.com/developer/article/1521801

SSRF漏洞的利用
https://blog.csdn.net/caiqiiqi/article/details/102570918

D-Link service.cgi 遠端命令執行漏洞分析
https://xz.aliyun.com/t/6525

Jenkins臟牛漏洞FRP內網提權
https://www.freebuf.com/articles/web/215183.html

挖洞經驗| 看我如何獲取到200萬份Verizon用戶的月付賬單信息
http://www.sohu.com/a/347355917_354899

Tor檔案傳輸工具OnionShare現可用來發布匿名網站
https://www.ithome.com.tw/news/133634

【技術分享】使用MSBuild做更多(滲透中MSBuild的應用技巧)
https://www.anquanke.com/post/id/84597

移動端APP漏洞滲透測試安全檢測實施方案
https://yq.aliyun.com/articles/721111

RDP漏洞或引發大規模蠕蟲爆發,用戶可用阿里雲檢測服務自檢,建議盡快修復
http://blog.itpub.net/69915408/viewspace-2660426/

CVE-2019-16276/11253:Kubernetes漏洞分析
https://www.4hou.com/vulnerable/21001.html

打造微型間諜晶片花6千元就能辦到,兩名資安專家DIY告訴你有多簡單
https://www.bnext.com.tw/article/55150/spychip-cheap-feasible

Industrial Internet of Things (IIoT) with the Elastic Stack
https://www.elastic.co/cn/blog/industrial-internet-of-things-iiot-with-the-elastic-stack

msbuild-inline-task
https://github.com/3gstudent/msbuild-inline-task

Check Points Global Threat Index für September 2019
https://www.iavcworld.de/security/5177-check-points-global-threat-index-fuer-september-2019.html

Connecting the dots: Exposing the arsenal and methods of the Winnti Group
https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/

Threat Actor Profile: TA407, the Silent Librarian
https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian

AndroBugs_Framework
https://github.com/AndroBugs/AndroBugs_Framework

The Kittens Are Back in Town 2 Charming Kitten Campaign Keeps Going on, Using New Impersonation Methods
https://www.clearskysec.com/wp-content/uploads/2019/10/The-Kittens-Are-Back-in-Town-2.pdf

LevOS
https://github.com/levex/LevOS

Illicit Cryptomining Threat Actor Rocke Changes Tactics, Now More Difficult to Detect
https://www.anomali.com/blog/illicit-cryptomining-threat-actor-rocke-changes-tactics-now-more-difficult-to-detect

Tor Snowflake turns your browser into a proxy for users in censored countries
https://www.zdnet.com/article/tor-snowflake-turns-your-browser-into-a-proxy-for-users-in-censored-countries/#ftag=RSSbaffb68

randomuserid/Tylium
https://github.com/randomuserid/Tylium/blob/master/README.md

F.商業
奧義智慧研發資安人工智慧引擎,從端點到全球網路快速防護
https://www.zerone.com.tw/Content/Product/5034A997954132BA

趨勢科技2019資安總評:無檔案式威脅成長 265%
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000570107_S5G0AVCY1WVYAK61A7FY8

趨勢科技與Snyk策略聯盟 協助軟體開發人員迅速安全地開發應用程式
https://news.sina.com.tw/article/20191011/32920068.html

Advantech聯手Acronis 深耕物聯網資安防護領域
https://kknews.cc/tech/mrm4jez.html

資安法身份驗證必備方案,軟體共約採購好方便
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000570099_Y1A1HM1C89RDDALIVXTNI

現代資安防護的關鍵:在CARTA資安概念下,合理應用自動化技術
https://times.hinet.net/news/22602922

新一代路由器登場,Google Nest WiFi 美型又可當喇叭使用
https://www.techbang.com/posts/73542-nest-wi-fi

Amazon消費業務關掉最後一台Oracle資料庫
https://ithome.com.tw/news/133632

安碁用AI防堵駭客 搶食百億商機
https://www.wealth.com.tw/home/articles/22649

Google Pixel 4/4XL登場 售價24,600 元起、讓你揮一揮手機就靜音
https://www.ettoday.net/news/20191015/1557884.htm

資安攻防戰引爆潛在商機 網路安全ETF解密
http://bit.ly/2Mo0cIM

New Comic Videos Take CISO/Security Vendor Relationship to the Extreme
https://thehackernews.com/2019/10/ciso-cyber-security-videos.html

Breaches are now commonplace, but Reason Cybersecurity lets users guard their privacy
https://thehackernews.com/2019/10/reason-antivirus-protection.html

Google announces new USB-C Titan Security Key
https://www.zdnet.com/article/google-announces-new-usb-c-titan-security-key/#ftag=RSSbaffb68

Report to Your Management with the Definitive 'Incident Response for Management' Presentation Template
https://thehackernews.com/2019/10/cybersecurity-incident-response.html

Microsoft's Desktop Analytics service for assessing compatibility of Windows endpoints is generally available
https://www.zdnet.com/article/microsofts-desktop-analytics-service-for-assessing-compatibility-of-windows-endpoints-is-generally-available/#ftag=RSSbaffb68

Microsoft introduces new open-source specs for developing cloud and edge applications
https://www.zdnet.com/article/microsoft-introduces-new-specs-for-developing-platform-agnostic-cloud-and-edge-applications/#ftag=RSSbaffb68

Databricks introduces MLflow Model Registry, brings Delta Lake to Linux Foundation
https://www.zdnet.com/article/databricks-introduces-mlflow-model-registry-brings-delta-lake-to-linux-foundation/#ftag=RSSbaffb68

IBM's third quarter a mixed bag as sales fall short, but earnings better than expected
https://www.zdnet.com/article/ibms-third-quarter-a-mixed-bag-as-sales-fall-short-but-earnings-better-than-expected/#ftag=RSSbaffb68

Yubico security keys can now be used to log into Windows computers
https://www.zdnet.com/article/yubico-security-keys-can-now-be-used-to-log-into-windows-computers/#ftag=RSSbaffb68

Google expands Chrome's Site Isolation feature to Android users
https://www.zdnet.com/article/google-expands-chromes-site-isolation-feature-to-android-users/#ftag=RSSbaffb68

G.政府
金管會明年施政 八重點聚焦
https://money.udn.com/money/story/5613/4099654

金融資安監控中心 又找銀行要錢
https://www.chinatimes.com/newspapers/20191012000468-260110?chdtv

金管會明年施政 聚焦資安監控與金融檢查科技化
https://news.wearn.com/c346219.html

國內關鍵基礎設施反制駭客、無人機恐攻 計畫超單薄
https://udn.com/news/story/10930/4101255

助監控新疆黑名單中企 竟得標台電電廠人臉辨識系統
https://disp.cc/b/163-bLFs

台電買中製人臉辨識? 得標商︰是韓貨
https://ec.ltn.com.tw/article/paper/1324907

軍醫局5年遭駭19億次 將領.軍民隱私恐流中共
http://bit.ly/2MFBtP3

設數位長沒下文? 藍綠都催不成
https://udn.com/news/story/7238/4104632

智慧醫療當道!衛福部揭露電子病例多元應用與資安管理挑戰
https://www.ithome.com.tw/news/133615

危害資安清單尚未公布 政院:正評估對產業影響
https://udn.com/news/story/6656/4106989

中國監視器都侵台了 危資安清單遲未公告
https://news.ltn.com.tw/news/politics/paper/1325402

資安產品禁購清單 政院:會評估國際作法
http://bit.ly/2IYgJkM

危害資安清單尚未公布李孟諺:評估中、參考國際作法
https://tnews.cc/06/newscon153428.htm

國安大漏洞!綠委爆:中科院涉密人員拒列管 15人赴香港未報備
https://tw.appledaily.com/new/realtime/20191016/1649376/

中科院涉密控管人員變0人 綠委爆:空窗期15人去香港 柬埔寨3人
https://newtalk.tw/news/view/2019-10-16/312191

黃國昌驚爆中製偽標品賣全台學校!成功嶺也淪陷
http://bit.ly/2IU1V6o

醫療資料交換新出路(上)10年電子病歷交換的痛點,靠區塊鏈創新授權找出新解法
https://www.ithome.com.tw/news/133599

醫療資料交換新出路(下)區塊鏈創新授權如何滿足醫療資訊交換法規要求?
https://www.ithome.com.tw/news/133600

全國首支科偵小隊成軍!新北34名科偵警培訓一年分發
https://news.ltn.com.tw/news/society/breakingnews/2950029

全台首支科偵隊建軍!嚴防大選假消息
http://bit.ly/2MX6mim

H.ICS/SCADA 工控系統
多款Schneider Electric產品訪問控制錯誤漏洞
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01

直擊第二屆工業互聯網安全大賽決賽現場:人工智能時代網絡安全漏洞多
https://finance.sina.com.cn/roll/2019-10-17/doc-iicezzrr2940222.shtml

I.教育訓練
認證信息系統安全專業人員(CISSP)學習筆記
https://ithelp.ithome.com.tw/users/20103635/ironman/2177

Cissp 系列
https://ithelp.ithome.com.tw/users/20118530/ironman/2224

Red Team Lab
https://www.pentesteracademy.com/redteamlab

CISSP BCP/DRP section
https://www.studynotesandtheory.com/single-post/BCPDRP-Quick-Notes?fbclid=IwAR1ELD3AY17WxKkLnLuMLRtoMQcfY4wWwBhEnAa5JZ8e-j4m085SVSAwkoY

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
一對夫妻發現家裡的空調莫名變熱,竟是駭客暗中操控
https://blog.trendmicro.com.tw/?p=62236

守護你的物聯網資料安全:什麼是 PSA 認證裝置
https://www.inside.com.tw/article/17806-arm-psa

Volvo XC40 Recharge 率先採用Android新系統
http://bit.ly/2MoyQT0

卡巴斯基:2019 年上半偵測到超過一億次 IoT 裝置攻擊行動
https://www.twcert.org.tw/tw/cp-104-3021-435ad-1.html

The artificial intelligence factory, coming to an enterprise near you
https://www.zdnet.com/article/making-the-ai-factory-a-reality/#ftag=RSSbaffb68

University of São Paulo wins tender for Brazil's largest AI research center
https://www.zdnet.com/article/university-of-sao-paulo-wins-tender-for-brazils-largest-ai-research-center/#ftag=RSSbaffb68

1 in 5 IT security professionals fear their connected toilets will be hacked
https://www.zdnet.com/article/1-in-5-it-professionals-fear-their-connected-toilets-will-be-hacked/#ftag=RSSbaffb68

IoT in Vehicles: The Trouble With Too Much Code
https://www.bankinfosecurity.com/interviews/iot-in-vehicles-trouble-too-much-code-i-4472

From Ohio's "baby bot" to driver's ed in Delaware: How states are using AI
https://www.zdnet.com/article/from-ohios-baby-bot-to-drivers-ed-in-delaware-how-states-are-using-ai/#ftag=RSSbaffb68

6.近期資安活動及研討會
 Crosslink Taiwan 2019 10/19
 https://www.meetup.com/Taipei-Ethereum-Meetup/events/264302796/

 交通大學亥客書院-A006:數位足跡追蹤與分析 10/19
 https://hackercollege.nctu.edu.tw/?p=1088

 無痛上手-WiFi無線網路安全檢測 10/20
 https://www.sce.pccu.edu.tw/event/chtweb/index.html

 日盛金融黑客松 報名至10/20 止
 https://app.jsun.com/hackathon/Main

 DEVCORE 那些年我回報的漏洞踩雷經驗  10/21
 https://hackersir.kktix.cc/events/orange1021

 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/

 國家高速網路與計算中心 平行計算程式設計基礎課程 10/22
 https://edu.nchc.org.tw/course/one_course_introduction.asp

  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019

 IEEE Symposium on Visualization for Cyber Security (VizSec) 10/23
 https://infosec-conferences.com/events-in-2019/vizsec/

 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

 從網路基礎建設安全談RPKI與DDoS  10/24
 https://twnic-icann.kktix.cc/events/108-7

 [Palo Alto Networks]-Palo Alto Networks 直播研討會Part6. MITRE ATT&CK 新資安攻防框架進階產業應用 10/24
 https://www.zerone.com.tw/TrainingDetial/Seminar/7747B901A8198AC3%7C1C130FE6FEC34700

 Cybersecurity Conference Rhein-Neckar  10/24 ~ 10/25
 https://infosec-conferences.com/events-in-2019/cybersecurity-rhein-neckar/

 Identity Days 10/24
 https://infosec-conferences.com/events-in-2019/identity-days/

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  10/25
 https://signupcybersec101.ithome.com.tw/

 國家高速網路與計算中心 大數據軟體開發平台與深度學習、HBase(大數據資料庫)開發應用案例 10/25
 https://edu.nchc.org.tw/course/one_course_introduction.asp

 交通大學亥客書院-A015:進階網頁滲透測試 10/26
 https://hackercollege.nctu.edu.tw/?p=1090

 International Conference on Networks & Communications (NETWORKS) 10/26 ~ 10/27
 https://infosec-conferences.com/events-in-2019/networks/

 亞洲‧矽谷學院108年免費認證考試 10/27
 https://college.asvda.org.tw/

 Nspa實作課程「惡意巨集文件與惡意程式下載器」 10/27
 https://www.facebook.com/events/459141201342125/

 International Conference on Emerging Security Information, Systems and Technologies (SECURWARE) 10/27 ~ 10/31
 https://infosec-conferences.com/events-in-2019/securware/

 SANS Amsterdam October  10/28
 https://infosec-conferences.com/events-in-2019/sans-amsterdam-october/

 工業自動化資安管理與實務 10/29 ~ 10/30
 https://www.ivendor.com.tw/website/featured_detial/91

 資安檢核核心技術及進階技術研討會 10月28日至10月30日
 http://bit.ly/2TN2UtD

 Foundations in Digital Forensics with EnCase® (DF120) (原CF1) 10/28 ~ 10/31
 https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=39

 International Workshop on Reliability and Security Data Analysis (RSDA)  10/28 ~ 10/31
 https://infosec-conferences.com/events-in-2019/rsda/

 International Symposium on Software Reliability Engineering (ISSRE)  10/28 ~ 11/1
 https://infosec-conferences.com/events-in-2019/issre/

 Securing New Ground 10/29 ~ 10/30
 https://infosec-conferences.com/events-in-2019/securing-new-ground/

 CEBIT Australia  10/29 ~ 10/31
 https://infosec-conferences.com/events-in-2019/cebit-australia/

 Nspa實作課程「加密勒索攻擊」 10/31
 https://www.facebook.com/events/391437314853475/

 OWASP AppSec Day Melbourne  11/1
 https://infosec-conferences.com/events-in-2019/owasp-appsec-day-melbourne/

 Hackfest 2019  11/1 ~ 11/3
 https://infosec-conferences.com/events-in-2019/hackfest-2019/

 行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30
 https://www.accupass.com/event/1810080517061259295030

  Elite East Coast CISO Summit 11/3~11/5
 https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/

 Red Hat Forum Taipei 2019  11/5
 https://www.facebook.com/events/1390202967799392/

 Cyber Security Summit: Boston  11/6
 https://infosec-conferences.com/events-in-2019/cyber-security-summit-boston/

 駭客攻防暨數位鑑識系列一(第1期) 11/7
 https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=384540

 網路攻擊鏈( Cyber Kill Chain)各階段實作 (6hr)  11/7
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384540

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/8
 https://signupcybersec101.ithome.com.tw/

 BSides Charleston 11/9
 https://infosec-conferences.com/events-in-2019/bsides-charleston/

 Kotlin/Everywhere GDG Taoyuan - 運用 Ktor 建置一個以 Kotlin 打造的後端服務  11/9
 https://www.meetup.com/GDGTaoyuan/events/264776152/

 OpenInfra Day Taiwan 11/12
 http://openinfra.digitimes.com.tw/

 CLEAR Cyber Leaders Conference 11/12 ~ 11/13
 https://infosec-conferences.com/events-in-2019/clear-cyber-leaders-conference/

 Windows檔案系統及檔案還原 (6hr)  11/14
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384541

 Digital Internet Summit 11/14
 https://infosec-conferences.com/events-in-2019/digital-internet-summit/

 INTERFACE – Nebraska 11/14
 https://infosec-conferences.com/events-in-2019/interface-nebraska/

 SecureWV – Hack3rCon  11/15 ~ 11/17
 https://infosec-conferences.com/events-in-2019/securewv-hack3rcon/

 交通大學亥客書院-P006:高階網頁滲透測試 11/16
 https://hackercollege.nctu.edu.tw/?p=1092

 FS-ISAC Fall Summit 11/17 ~ 11/20
 https://infosec-conferences.com/events-in-2019/fs-isac-fall-summit/

 Microsoft IoT in Action 11/20
 https://www.iotinactionevents.com/event/taipei

 LINE將於11月舉辦LINE DEVELOPER DAY 2019  11/20 ~ 11/21
 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000570636_HL57CPQM2H1ZHE71YVI2W

 Infosecurity ISACA North America Expo and Conference 11/20 ~ 11/21
 https://infosec-conferences.com/events-in-2019/isaca-north-america-expo-conference/

 檔案特徵值比對與關鍵字搜尋 (2hr) Open Source數位鑑識工具實務操作 (5hr) 11/21
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384542
 2019 BSI 國際資安標準管理年會  11/22
 https://www.accupass.com/event/1910070533451342891420

 Trend Micro CTF 2019 // Raimund Genes Cup  FINAL / NOVEMBER 23–24, 2019
 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html

 資安檢核核心技術及進階技術研討會11月26日至11月28日
 http://bit.ly/2TN2UtD

 人資人員必修的職安法規定 11/26
 https://www.accupass.com/event/1909121441141977826554

 模擬案例鑑識分析實務 (6hr)  11/28
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384543

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/29
 https://signupcybersec101.ithome.com.tw/

 交通大學亥客書院-B015:惡意程式檢測 11/30
 https://hackercollege.nctu.edu.tw/?p=1098

 亞洲‧矽谷學院108年免費認證考試 11/30
 https://college.asvda.org.tw/

 Digital Summit Dallas  12/4
 https://infosec-conferences.com/events-in-2019/digital-summit-dallas/

 Kansas City Cyber Security Conference 12/5
 https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/

 CyberMaryland Conference 12/5 ~ 12/6
 https://infosec-conferences.com/events-in-2019/cybermaryland-conference/

 FutureCon Nashville Cyber Security Conference 12/11
 https://infosec-conferences.com/events-in-2019/futurecon-nashville/

 Utility Cyber Security Forum December 12/11
 https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/

 交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦  12/14
 https://hackercollege.nctu.edu.tw/?p=1094

 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

留言

這個網誌中的熱門文章

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…