跳到主要內容

資安事件新聞週報 2019/10/21 ~ 2019/10/25






資安事件新聞週報  2019/10/21  ~  2019/10/25

1.重大弱點漏洞/後門/Exploit/Zero Day
SRLabs發現智能揚聲器新漏洞或變身監聽用戶的間諜設備
https://www.cnbeta.com/articles/tech/901805.htm

Google、Amazon智能喇叭偷錄密碼
http://bit.ly/2P77wue

Symantec antivirus crashes something again. This time Chrome 78 browsers
https://www.zdnet.com/article/symantec-antivirus-crashes-something-again-this-time-chrome-78-browsers/#ftag=RSSbaffb68

Apache Traffic Server 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079

Docker Hub現支援TOTP雙因素驗證
https://www.ithome.com.tw/news/133748

PHP遠程代碼執行漏洞預警(CVE-2019-11043)
https://www.huaweicloud.com/notice/2018/20191024155807348.html

PHP 遠程代碼執行漏洞(CVE-2019-11043)[附exploit]
http://vulsee.com/archives/vulsee_2019/1023_9128.html

Fortinet FortiOS 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15703

NETGEAR JNR1010訪問控制錯誤漏洞
https://kb.netgear.com/30177/JNR1010-Firmware-Version-1-0-0-32

Oracle Java SE 安全漏洞(CVE-2019-11068)
http://www.dukulong.com/article/CVE-2019-11068.html

Weblogic反序列化遠程代碼執行漏洞預警通告
https://cloud.tencent.com/developer/article/1526492


Red Hat JBoss Data Virtualization 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.3899/

Linux核心含有可造成系統當機或遭駭客掌控的陳年漏洞
https://www.ithome.com.tw/news/133724

Linux 有嚴重漏洞,可導致使用 Wi-Fi 的附近設備當機
https://technews.tw/2019/10/21/unpatched-linux-bug-may-open-devices-to-serious-attacks-over-wi-fi/

Trend Micro Anti-Threat Toolkit (ATTK) 1.62.0.1218 Remote Code Execution
https://packetstormsecurity.com/files/154916/TREND-MICRO-ANTI-THREAT-TOOLKIT-ATTK-REMOTE-CODE-EXECUTION.txt

Cisco 多個產品發布多個安全更新
https://www.us-cert.gov/ncas/current-activity/2019/10/17/cisco-releases-security-updates

Cisco Identity Services Engine存儲型跨站腳本漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-store-xss

CVE-2019-12643:CISCO IOS XE身份驗證繞過漏洞
https://nosec.org/home/detail/3070.html

Cisco REST API中的認證繞過漏洞,讓黑客遠程控制Cisco路由器
http://www.51testing.com/html/04/n-4462904.html

思科 Firepower Management Center 遠端執行任意程式碼漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce

BIND 多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/10/17/isc-releases-security-advisories-bind

VMware VeloCloud Orchestrator 信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5533

Windows 10 更新小幫手暗藏漏洞,Microsoft 建議用戶盡快安裝更新
http://bit.ly/2VXpaSn

微軟推送新補丁:修復Intel四代酷睿安全漏洞
http://news.mydrivers.com/1/652/652468.htm

快遞櫃人臉辨識漏洞 照片可解鎖
https://www.ydn.com.tw/News/356800

ECPay Logistics for WooCommerce <= 1.2.181030 - Unauthenticated Reflected XSS
https://wpvulndb.com/vulnerabilities/9869

CVE-2019-16928: Exploiting an Exim Vulnerability via EHLO Strings
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-16928-exploiting-an-exim-vulnerability-via-ehlo-strings/

Short October Patch Tuesday Includes Remote Desktop Client, Browser, and Authentication Patches
http://bit.ly/2PaHaaB

Belkin Wemo Switch
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-17532

D-Link 路由器遠端執行程式碼漏洞
https://www.fortinet.com/blog/threat-research/d-link-routers-found-vulnerable-rce.html

DIR-859 A3-1.06 and DIR-850 A1.13 devices
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-17508

D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-17506

DIR-880L 1.08B04 and DIR-895 L/R 1.13b03
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14948

D-Link DIR-846 devices
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-17510

D-Link DIR-846
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-17509

Sophos Cyberoam firewall appliance with CyberoamOS
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-17059

RHEL 7和CentOS 7獲得重要Linux內核安全更新:推薦盡快安裝
https://www.cnbeta.com/articles/tech/902755.htm

Chrome is crashing on windows 10 1903 with your latest version. 78.0.3904.70
https://support.google.com/chrome/thread/17501990?hl=en

Firefox, Chrome Bugs Allow Arbitrary Code-Execution
https://threatpost.com/critical-firefox-bugs-arbitrary-code-execution/149455/

FusionPBX跨站脚本漏洞
https://github.com/fusionpbx/fusionpbx/commit/c48a160af53352ad1a43518b7d0faab16b8dfbcc

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
Open Banking上路作半套?TSP業者要合縱聯盟
https://www.chinatimes.com/realtimenews/20191018005473-260410?chdtv

財金資訊公司帶頭打造Open API平臺,下階段關鍵挑戰是身分認證
https://www.ithome.com.tw/news/133693

政大國際產學聯盟營運長王儷玲:臺灣開放銀行能走得更穩健,未來可逐步擴大到Open Finance
https://www.ithome.com.tw/news/133694

金融個資存取如何更安全?開放銀行將引進OAuth 2委任授權架構
https://www.ithome.com.tw/news/133707

國銀提報衝擊容忍度4小時...被打槍
https://money.udn.com/money/story/5613/4116077

銀行系統出包 拚2小時修復
https://money.udn.com/money/story/5613/4116074

銀行系統出包 金管會要求2小時補漏
https://udn.com/news/story/7239/4115794?from=udn-ch1_breaknews-1-cate6-news

提款機貼「不要插壞了」…男小心插還故障 再看字條昏倒
https://news.tvbs.com.tw/fun/1219501

厄利垂亞網路普及率只1% 領錢看瞴ATM管制比北韓嚴格
https://www.ettoday.net/news/20191017/1559140.htm

領不到錢!週四多地ATM傳當機 網驚呼:台灣被入侵
https://www.setn.com/News.aspx?NewsID=620161

銀行數位化風險不容忽視 穆迪示警:恐引發系統性風險
https://tw.finance.appledaily.com/realtime/20191021/1652086/

APX新技術改變傳統金流 可有效防制洗錢遏止資安問題
http://bit.ly/2W41WtR

金融業系統頻頻出包 金管會八大措施強化控管
https://ec.ltn.com.tw/article/breakingnews/2954302

國泰投信否認遭駭客勒索未遂、電腦當機
https://udn.com/news/story/7253/4119687

國泰投信電腦中毒當機關閉網路 已恢復正常
https://udn.com/news/story/7239/4119618

傳遭駭客勒索未遂大當機 國泰投信否認
https://money.udn.com/money/story/5607/4119618

傳遭駭客勒索?國泰投信:絕無此事
https://www.chinatimes.com/realtimenews/20191022004560-260410?chdtv

國泰投信官網癱瘓 國泰投信:關閉內網防止同仁中毒電腦影響系統
https://www.ettoday.net/news/20191022/1563026.htm

遭駭客勒索大當機?國泰投信澄清:明天可正常基金申贖
https://news.cnyes.com/news/id/4399329

中國銀行:將暫時關閉三星部分手機指紋登陸銀行功能
https://news.sina.com.tw/article/20191022/33036810.html

純網銀資料放海外?顧立雄:核心資料留在家裡面
https://www.chinatimes.com/realtimenews/20191022004036-260410?chdtv

資安、轉型並重 保險業因應全新挑戰
https://www.chinatimes.com/realtimenews/20191022004939-260410?chdtv

Visa完成對Rambus支付業務組合的收購
https://times.hinet.net/news/22617064

數千個網路商店被注入 Magecart信用卡盜卡程式,今年第三起類似事件!
https://blog.trendmicro.com.tw/?p=62262

Thieves Using JCB to Scoop out ATM Machine Has Reminded Netizens of the Viral Meme
https://www.news18.com/news/buzz/thieves-using-jcb-to-scoop-out-atm-machine-has-reminded-netizens-of-the-viral-meme-2347025.html

Banks deny compensation when hackers steal customers' money
https://www.cbc.ca/news/business/banks-deny-compensation-online-fraud-security-1.5322982

Cyberhackers targeting banking systems, municipalities for bigger payouts, US Secret Service says
https://www.ksat.com/news/cyber-hackers-targeting-banking-systems-municipalities-for-bigger-payouts-us-secret-service-says

Payment Security Software Market Solid Analyzed Segmentation, Demand, Recent Share Estimation and Growth Prospects by Regions to 2017 – 2025
https://statsflash.com/payment-security-software-market-solid-analyzed-segmentation-demand-recent-share-estimation-and-growth-prospects-by-regions-to-2017-2025/54679/

FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops
http://bit.ly/2MEQWPl

Browser-based attacks, our customers, and us
https://www.zdnet.com/article/browser-based-attacks-our-customers-and-us/#ftag=RSSbaffb68

Magecart group linked to Dridex banking Trojan, Carbanak
https://www.zdnet.com/article/magecart-group-linked-to-dridex-banking-trojan-carbanak/#ftag=RSSbaffb68

The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT
https://blog.malwarebytes.com/threat-analysis/2019/10/the-forgotten-domain-exploring-a-link-between-magecart-group-5-and-the-carbanak-apt/

PSD2 Authentication Deadline Extended: Here's What's Next
https://www.bankinfosecurity.com/psd2-authentication-deadline-extended-heres-whats-next-a-13284

FBI Issues Payment Card Skimming Warning
https://www.bankinfosecurity.com/fbi-issues-payment-card-skimming-warning-a-13292

Banks must ditch SMS one-time passcodes – and fast
https://www.globalbankingandfinance.com/banks-must-ditch-sms-one-time-passcodes-and-fast/

Banks deny compensation when hackers steal customers’ money
http://mednewsledger.info/banks-deny-compensation-when-hackers-steal-customers-money-cbc-news/149/

3.電子支付/電子票證/行動支付/ pay/新聞及資安
為台灣Pay市占喊冤 林國良:交易額增3倍
http://bit.ly/2OZ6joO

微信支付寶雙雙叫停,指紋支付現重大漏洞
https://ek21.com/news/tech/153478/

京東金融賬戶被盜刷15萬?用戶:支付環節有安全漏洞
https://finance.sina.com.cn/money/bank/bank_hydt/2019-10-25/doc-iicezzrr4888043.shtml

4.虛擬貨幣/區塊鍊相關新聞及資安
專家傳真-台灣發展證券型代幣市場的生態剖析
http://bit.ly/2N8qm1g

Maxonrow 揮軍俄羅斯區塊鏈產業圈 擔任KuCoin 見面會重量級開場嘉賓
http://bit.ly/2MyK7jN

Blockchain helps enterprises' digital ecosystems in Asia-Pacific
https://www.zdnet.com/article/blockchain-helps-enterprises-digital-ecosystems-in-asia-pacific/#ftag=RSSbaffb68

Zcash (ZEC) Warns Users Against a Malicious Copy Of The Native ZecWallet In GitHub
https://bitcoinexchangeguide.com/zcash-zec-warns-users-against-a-malicious-copy-of-the-native-zecwallet-in-github/

Malicious Fraudulent Version Of ZecWallet Found By Community
https://cryptodaily.co.uk/2019/10/malicious-fraudulent-version-found-community

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
Emsisoft發布美國今年前三季勒索軟體調查結果
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16308

攻擊手法再翻新!駭客用音訊檔「WAV」散布惡意程式
https://cnews.com.tw/140191018a03/

黑科技!用「聲音」部署惡意挖礦程式,駭客透過 .WAV 音檔入侵挖門羅幣 XMR
https://www.blocktempo.com/hackers-use-malicious-code-in-wav-audio-files-to-mine-cryptocurrencies/

新型ATM惡意軟體Dtrack
http://bit.ly/31w8Ysw

可解鎖上百種Stop勒索軟體變種的金鑰來了
https://www.ithome.com.tw/news/133726

假冒的Tor Browser到暗網偷竊比特幣
https://ithome.com.tw/news/133731

電腦病毒你知多少?不可輕忽的資安議題,你意想不到的病毒演進史
https://www.issdu.com.tw/news_detail.php?id=95&type=security

微軟聯合PC業者防止韌體惡意程式
https://www.ithome.com.tw/news/133745

美國發現最新惡意軟體 系中共黑客所爲
https://www.bldaily.com/us-news/p-435242.html

即使漏洞修補了兩年, WannaCry 仍是 使用EternalBlue 漏洞攻擊手法中最多的
https://blog.trendmicro.com.tw/?p=62316

Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers
https://thehackernews.com/2019/10/phorpiex-botnet-sextortion-emails.html

Malicious Tor Browser Fleeces Darknet Users of Bitcoins
https://www.bankinfosecurity.com/malicious-tor-browser-fleeces-darknet-users-bitcoins-a-13272

Fake Tor Browser steals Bitcoin from Dark Web users
https://www.zdnet.com/article/malicious-tor-browser-steals-bitcoin-from-dark-web-users/#ftag=RSSbaffb68

Fleecing the onion: Darknet shoppers swindled out of bitcoins via trojanized Tor Browser
https://www.welivesecurity.com/2019/10/18/fleecing-onion-trojanized-tor-browser/

Sodinokibi Ransomware Gang Appears to Be Making a Killing
https://www.bankinfosecurity.com/sodinokibi-ransomware-gang-appears-to-be-making-killing-a-13269

Telangana third most hit by Dtrack spying malware
http://www.newindianexpress.com/states/telangana/2019/oct/21/telangana-third-most-hit-by-dtrack-spying-malware-2050610.html

This Malware is Hiding C&C Server IPs in the Blockchain
https://www.cbronline.com/news/redaman-blockchain

Top Malware em Setembro de 2019
https://www.techenet.com/2019/10/check-point-top-malware-mais-procurados-em-setembro/

2019 Healthcare Threat Report: Protecting Patients, Providers and Payers
https://www.proofpoint.com/sites/default/files/gtd-pfpt-us-tr-2019-healthcare-threat-report.pdf

New Crypto-Jacking Malware ‘Graboid' Infects Thousands of Computers to Mine Monero (XMR)
https://bitcoinexchangeguide.com/new-crypto-jacking-malware-graboid-infects-thousands-of-computers-to-mine-monero-xmr/

TA505 debuts Get2 downloader and SDBbot RAT in new phishing campaigns
https://www.scmagazine.com/home/security-news/phishing/ta505-debuts-get2-downloader-and-sdbbot-rat-in-new-phishing-campaigns/

Malware That Forces ATMs To Give All Their Money Is Gaining Popularity, Here's How It Works
https://www.indiatimes.com/technology/news/malware-that-forces-atms-to-give-all-their-money-is-gaining-popularity-here-s-how-it-works-377975.html

Malware jackpot serang jaringan mesin ATM di seluruh dunia
https://beritagar.id/artikel/berita/malware-jackpot-serang-jaringan-mesin-atm-di-seluruh-dunia

Researchers find stealthy MSSQL server backdoor developed by Chinese cyberspies
https://www.zdnet.com/article/researchers-find-stealthy-mssql-server-backdoor-developed-by-chinese-cyberspies/

Winnti Group’s skip‑2.0: A Microsoft SQL Server backdoor
https://www.welivesecurity.com/2019/10/21/winnti-group-skip2-0-microsoft-sql-server-backdoor/

Phishing alert: This fake email about a bank payment delivers trojan malware
https://www.zdnet.com/article/phishing-alert-this-fake-email-about-a-bank-payment-delivers-trojan-malware/

New Variant of Remcos RAT Observed In the Wild
https://www.fortinet.com/blog/threat-research/new-variant-of-remcos-rat-observed-in-the-wild.html

New Variant of Gustuff Android Banking Trojan Emerges
https://www.securityweek.com/new-variant-gustuff-android-banking-trojan-emerges

Gustuff return, new features for victims
https://blog.talosintelligence.com/2019/10/gustuffv2.html

Ransomware: The nightmare before Cyber Monday
https://www.zdnet.com/article/ransomware-the-nightmare-before-cyber-monday/#ftag=RSSbaffb68

Major German manufacturer still down a week after getting hit by ransomware
https://www.zdnet.com/article/major-german-manufacturer-still-down-a-week-after-getting-hit-by-ransomware/#ftag=RSSbaffb68

ATTK of the Pwns: Trend Micro's antivirus tools 'will run malware – if its filename is cmd.exe'
https://www.theregister.co.uk/2019/10/21/flaw_trend_micro/

Discord Turned Into an Info-Stealing Backdoor by New Malware
https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/

Report: Billtrust Recovering From Ransomware Attack
https://www.bankinfosecurity.com/report-billtrust-recovering-from-ransomware-attack-a-13289

Swedish police cleared to deploy spyware against crime suspects
https://www.zdnet.com/article/swedish-police-cleared-to-deploy-spyware-against-crime-suspects/#ftag=RSSbaffb68

ACSC warns of Windows malware Emotet spreading in Australia
https://www.itwire.com/security/acsc-warns-of-windows-malware-emotet-spreading-in-australia.html

Chubb finds ‘alarming’ rise in ransomware attacks
https://www.canadianunderwriter.ca/insurance/chubb-finds-alarming-rise-in-ransomware-attacks-1004169886/

Μια σύντομη ματιά στο Citadel Banking Trojan
https://www.secnews.gr/201778/mia-syntomi-matia-sto-citadel-banking-trojan/

Telangana third most hit by Dtrack spying malware
http://www.newindianexpress.com/states/telangana/2019/oct/21/telangana-third-most-hit-by-dtrack-spying-malware-2050610.html

UPDATED GUSTUFF ANDROID TROJAN CHANGES TACTICS
https://duo.com/decipher/updated-gustuff-android-trojan-changes-tactics

This easy-to-use information-stealing trojan malware is quickly gaining popularity among cyber criminals
https://www.zdnet.com/article/this-easy-to-use-information-stealing-trojan-malware-is-quickly-gaining-popularity-among-cyber-criminals/

Unpacking Malware Series - Maze Ransomware
https://poxyran.github.io/poxyblog/hide/pages/22-10-2019-unpacking-malware-series-maze-ransomware.html

B.行動安全 / iPhone / Android /穿戴裝置 /App
蘋果針對 Safari 安全瀏覽功能發表聲明
https://www.twcert.org.tw/tw/cp-104-3011-6428e-1.html

加州男子控告 AT&T 與駭客合作,透過 SIM 卡調換竊其多個交易所帳戶 5,500 萬資產
https://www.blocktempo.com/att-sued-sim-swap-loss-1-8-million/

中國製UC瀏覽器再傳含有中間人攻擊風險
https://ithome.com.tw/news/133712

「抖音」疑配合中國審查 美國會議員要求國安調查
https://tw.news.appledaily.com/international/realtime/20191025/1653840/

美國抖音下載破1億1000萬 「淪中國情報平台」參議員要求嚴審!
https://www.ettoday.net/news/20191025/1564920.htm

梅賽德斯·賓士APP在美爆安全漏洞 可看其他車主信息
https://news.sina.com.tw/article/20191021/33029440.html

香港工程師致力挖掘各App隱藏功能 吸引臉書、IG高管爭相追蹤
https://www.ettoday.net/news/20191023/1563397.htm

數位版毛語錄?「學習強國」App,暴露中共嚴重的亡國感
https://opinion.udn.com/opinion/story/120611/4121556

臉書又全球大當機 貼文消失、使用異常
http://bit.ly/2BFZRLB

棄守第二大手機市場?傳因「臉部辨識」技術未許可 Google Pixel 4將不在印度販售
https://news.sina.com.tw/article/20191018/32995848.html

Pixel 4 臉部解鎖存重大漏洞:閉著眼也能解鎖
https://www.techbang.com/posts/73599-pixel-4-face-unlock-has-a-major-vulnerability-close-your-eyes-to-unlock-it

三星 Galaxy S10 指紋辨識出包,貼上保護膜任何指紋都能解鎖
https://technews.tw/2019/10/18/samsung-galaxy-s10-under-screen-fingerprint-recognition-bug/

三星旗艦機S10出包 指紋辨識被輕易解鎖...官方認了
http://bit.ly/2pBMzN5

三星S10指紋辨識破功 任何人都能解
https://www.chinatimes.com/realtimenews/20191018002483-260412?chdtv

指紋辨識出包!三星下周更新軟體 要用戶先移除保護貼
https://udn.com/news/story/6811/4114209?from=udn-ch1_breaknews-1-cate5-news

三星指紋辨識現漏洞 台廠供應鏈受牽連
http://bit.ly/2N2eiyB

Galaxy S10 出現指紋辨識異常 三星:將盡速發布修補軟體
https://fnc.ebc.net.tw/FncNews/else/103179

三星Galaxy S10指紋辨識爆漏洞 多家銀行暫停指紋登入功能
https://newtalk.tw/news/view/2019-10-23/315627

三星承認指紋漏洞,支付寶微信等關閉S10等機型指紋支付
https://kknews.cc/tech/e6z8m8r.html

三星手機指紋重大漏洞遭多國停用 安全事故頻出釋放危險信號
https://kknews.cc/digital/gpzp2q8.html

S10、Note 10都傳出超聲波指紋辨識有漏洞 全球多家銀行都暫停支援指紋登入
http://bit.ly/2PfEOaG

修復指紋辨識漏洞!三星急釋出Galaxy S10軟體更新
http://bit.ly/32K4MXv

Samsung to patch S10 fingerprint sensor bug next week
https://www.zdnet.com/article/samsung-to-patch-s10-fingerprint-sensor-bug-next-week/#ftag=RSSbaffb68

Google Play上的假美肌應用程式「Yellow Camera」,會攔截簡訊驗證碼,觸發 WAP 代扣繳費功能
https://blog.trendmicro.com.tw/?p=62312

三星Galaxy S10國行版推送更新:修復指紋漏洞
http://www.sohu.com/a/349341594_114760

惡意美顏相機App,偷讀簡訊認證碼讓你賠大錢
https://www.techbang.com/posts/73698-malicious-beauty-camera-app-sneaking-through-the-newsletter-authentication-code-lets-you-lose-money

FTC出手禁售3款跟蹤程式
https://www.ithome.com.tw/news/133770

FTC Brings First Case Against Developers of “Stalking” Apps
https://www.ftc.gov/news-events/press-releases/2019/10/ftc-brings-first-case-against-developers-stalking-apps

Chrome for Android Enables Site Isolation Security Feature for All Sites with Login
https://thehackernews.com/2019/10/chrome-site-isolation-android.html

Huge rise in rogue banking apps driving fraud attacks
https://www.computerweekly.com/news/252472525/Huge-rise-in-rogue-banking-apps-driving-fraud-attacks

Fake mobile app fraud tripled in first half of 2019, finds RSA Security
https://www.techcentral.ie/fake-mobile-app-fraud-tripled-in-first-half-of-2019-finds-rsa-security/

Chrome for Android Enables Site Isolation Security Feature for All Sites with Login
https://thehackernews.com/2019/10/chrome-site-isolation-android.html

Fake Photo Beautification Apps on Google Play can Read SMS Verification Code to Trigger Wireless Application Protocol (WAP)/Carrier Billing
http://bit.ly/2JfCpJ9

Google to roll out update 'in the coming' months to fix Pixel 4 Face Unlock bypass
https://www.zdnet.com/article/google-to-roll-out-update-in-the-coming-months-to-fix-pixel-4-face-unlock-bypass/#ftag=RSSbaffb68

42 Adware Apps with 8 Million Downloads Traced Back to Vietnamese Student
https://thehackernews.com/2019/10/42-adware-apps-with-8-million-downloads.html

Vietnamese student behind Android adware strain that infected millions
https://www.zdnet.com/article/vietnamese-student-behind-android-adware-strain-that-infected-millions/#ftag=RSSbaffb68

Mobile Anti Malware Market Share, Application Scope, Growth Rate, Top Players, Production, Sales and Next 5 Years Forecast Analysis
http://bit.ly/31Ln0GI

Mobile under attack with malicious intent
https://www.itweb.co.za/content/WnpNgq2AdBnMVrGd

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
中華資安國際提出「常見 5 種資安漏洞」,守護企業須建立「紅藍紫隊」思維
https://www.inside.com.tw/feature/atd-2019/17875-2019ATD03-CHTsecurity

Facebook 員工需透過香港駭客了解公司內部計劃
https://unwire.pro/2019/10/21/facebook-employees-turn-to-hong-kong-hacker-for-info/news/

林宗男、吳瑞北、李忠憲、孫宏民、范俊逸/建設智慧國家 有賴資安磐石
https://talk.ltn.com.tw/article/paper/1326235

DEVCORE 紅隊的進化,與下一步
https://devco.re/blog/2019/10/24/evolution-of-DEVCORE-red-team-and-the-next/

AWS數據中心裝蜜罐 每分鐘被攻擊13次印證高風險
http://bit.ly/33UTlfQ

侵犯隱私? 台大醫院爆監控電腦
https://m.ltn.com.tw/news/life/paper/1327147

他不認為自己是駭客 自稱「密碼恐怖份子」
http://bit.ly/3615q54

駭客鎖定聯合國人道援助組織 誘騙員工洩露個資
https://www.cna.com.tw/news/aopl/201910250107.aspx

鎖定UN人道援助員工攻擊 資安業者揭大規模駭客活動
http://bit.ly/2JlY9mz

有關惡意 IP 對企業 Office 365 帳號進行暴力破解攻擊
https://www.tc.edu.tw/news/show/id/143817

日本星巴克會員網站遭駭 信用卡儲值服務暫時喊停
https://fnc.ebc.net.tw/FncNews/else/103918

My Starbucks不正ログイン防止のため、パスワードを変更してください
https://www.starbucks.co.jp/notice/20203207.php

淘寶台灣捲土重來立委控英商掩護中資新漏洞
http://www.epochtimes.com/gb/19/10/24/n11608964.htm

中國製監控系統遍布 被禁設備移除難度高 
https://tw.news.appledaily.com/international/realtime/20191020/1651382/

更換華監控系統有難度 美政府部門仍使用被禁設備
https://hk.news.appledaily.com/international/realtime/article/20191020/60173943

路透:部分美企對華為5G技術感興趣 正進行初期討論
https://fnc.ebc.net.tw/FncNews/headline/103280

遠端操控軟體TeamViewer遭爆駭客入侵 結果事實讓人傻眼了
http://bit.ly/2W35T1Z

6個月嬰兒都不放過!全球最大宗兒童色情暗網遭破獲 用「比特幣」付費下載25萬支性虐影片
http://bit.ly/2W674hm

暗網與比特幣 助業者設全球最大兒童色情網
https://news.tvbs.com.tw/world/1219582

四方支付團伙落網:利用電商平台漏洞轉移非法資金
https://news.sina.com.tw/article/20191024/33063888.html

中譯語通集數據 成中共網控打手
http://bit.ly/2W8Me0V

澳前情報官被控犯保密法 妻被疑為中共間諜
http://www.epochtimes.com/b5/19/10/24/n11608504.htm

美官員:中共加強網攻美通信技術供應鏈
http://www.epochtimes.com/b5/19/10/20/n11601178.htm

美國人的錢如何通過華爾街流向中共
https://www.ntdtv.com/b5/2019/10/23/a102691983.html

德國政府掛保證:Firefox是最安全的瀏覽器
https://ithome.com.tw/news/133716

「香港解密」曝示威者個資台人也入列 台灣基進籲政府反制
http://bit.ly/2W7hT2u

利用中文來監控的駭客團伙Rocke改變犯罪策略
https://read01.com/5neoxBB.html

中共政治局委員、中宣部部長黃坤明在烏鎮互聯網大會上批「網絡霸凌」言論 遭網民潮水般抨擊
http://www.epochtimes.com/b5/19/10/21/n11602804.htm

中共升級網攻手段 攻破蘋果手機 監控海外僑民
https://www.ntdtv.com/b5/2019/10/22/a102691472.html

中國國家級駭客再升級 專攻少數族群及其海外親友手機
https://www.rti.org.tw/news/view/id/2038908

中國駭客攻擊發生劇變 外媒:針對少數民族、僑民
https://news.ltn.com.tw/news/world/breakingnews/2954868

紐時:中國國家主席習近平重組解放軍 中國駭客監控蔓延全球
http://bit.ly/2qFzTFG

2019年中國網絡安全行業市場現狀及發展前景分析三因素共振驅動市場規模將超900億
http://finance.eastmoney.com/a/201910241270819442.html

支付寶36萬招找茬程序員“年薪”無上限
http://finance.eastmoney.com/a/201910241270807142.html

Google地圖疑鑽法律漏洞 南韓4成軍事設施曝光
https://hk.on.cc/hk/bkn/cnt/aeanews/20191021/bkn-20191021200046743-1021_00912_001.html

Fb封鎖俄羅斯、伊朗4用戶網路 疑企圖干擾美總統大選
https://www.chinatimes.com/realtimenews/20191022004345-260408?chdtv

駭客入侵Avast以危害CCleaner,捷克情報機構指中國駭客最為可疑
https://www.ithome.com.tw/news/133747

敘利亞政府監控人民網路 駭客攔截警告網友
http://bit.ly/2Nl6HLZ

美國聯邦調查局FBI警告中小企業與政府組織要小心線上盜錄
https://www.ithome.com.tw/news/133805

美軍採購中國製無人機 國防部澄清:只供練靶用
https://hk.news.appledaily.com/international/realtime/article/20191025/60192426

英美安全報告:俄政府駭客利用伊朗駭客網絡駭攻20國
https://www.soundofhope.org/b5/2019/10/22/n3276558.html

俄駭客控制伊朗網路設備1年半 冒名攻擊逾20國
http://bit.ly/32DagDn

資用伊朗駭客團隊犯案 俄國黑吃黑
https://udn.com/news/story/6809/4117441

俄羅斯駭客駭進伊朗駭客的攻擊架構與工具,借刀殺人
https://www.ithome.com.tw/news/133744

俄駭客冒名伊朗網攻 20國受害
https://www.ydn.com.tw/News/357392

俄國駭客入侵伊朗網路設備 冒名攻擊其他國家1年半
https://news.pchome.com.tw/science/cnews/20191022/index-57173805502394227005.html

Russian APT Turla targets 35 countries on the back of Iranian infrastructure
https://www.zdnet.com/article/russian-apt-turla-targets-35-countries-on-the-back-of-iranian-infrastructure/#ftag=RSSbaffb68

Cybercrime Tool Prices Continue to Rise on Darknet Sites
https://www.bankinfosecurity.asia/cybercrime-tool-prices-continue-to-rise-on-darknet-sites-a-13265

A Look at the Pricing of Cybercrime Goods, Services
https://www.flashpoint-intel.com/blog/a-look-at-the-pricing-of-cybercrime-goods-services/

Russia-Linked Cyber Espionage Group APT29 Remains Active
https://www.bankinfosecurity.com/russia-linked-cyber-espionage-group-apt29-remains-active-a-13270

Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested
https://thehackernews.com/2019/10/dark-web-child-abuse.html

US stopped using floppy disks to manage nuclear weapons arsenal
https://www.zdnet.com/article/us-stopped-using-floppy-disks-to-manage-nuclear-weapons-arsenal/#ftag=RSSbaffb68

Multifactor authentication issue hitting North American Azure, Office 365 users
https://www.zdnet.com/article/multifactor-authentication-issue-hitting-north-american-azure-office-365-users/#ftag=RSSbaffb68

Avast target of cyber-security attack, company and Czech counterintelligence say
https://news.yahoo.com/avast-target-cyber-security-attack-141226927.html

Avast says hackers breached internal network through compromised VPN profile
https://www.zdnet.com/article/avast-says-hackers-breached-internal-network-through-compromised-vpn-profile/#ftag=RSSbaffb68

Avast fights off cyber-espionage attempt, Abiss
https://blog.avast.com/ccleaner-fights-off-cyberespionage-attempt-abiss

Avast: Stolen VPN Credentials Led to CCleaner Attack Redux
https://www.bankinfosecurity.com/avast-stolen-vpn-credentials-led-to-ccleaner-attack-redux-a-13283

Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested
https://thehackernews.com/2019/10/dark-web-child-abuse.html

NordVPN、TorGuard與VikingVPN三大VPN業者的金鑰外流
https://www.ithome.com.tw/news/133751

NordVPN 承認伺服器有安全漏洞,讓攻擊者得以攔截用戶流量
https://www.techbang.com/posts/73673-nordvpn-server-breach-vpn-traffic-exposed-encryption

NordVPN admits to 'isolated' server breach in Finland
https://engt.co/32E9INN

NordVPN reveals breach at datacenter provider
https://www.welivesecurity.com/2019/10/22/nordvpn-breach-datacenter-provider/

Why the NordVPN network is safe after a third-party provider breach
https://nordvpn.com/zh-tw/blog/official-response-datacenter-breach/

Bezos DDoS'd: Amazon Web Services' DNS systems knackered by hours-long cyber-attack
https://www.theregister.co.uk/2019/10/22/aws_dns_ddos/

CPDoS:一種新的Web緩存污染攻擊
https://www.anquanke.com/post/id/189507

黑客利用緩存中毒攻擊將目標鎖定CDN保護網站
https://www.freebuf.com/news/217870.html

New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites
https://thehackernews.com/2019/10/cdn-cache-poisoning-dos-attack.html

CPDoS attack can poison CDNs to deliver error pages instead of legitimate sites
https://www.zdnet.com/article/cpdos-attack-can-poison-cdns-to-deliver-error-pages-instead-of-legitimate-sites/#ftag=RSSbaffb68

FBI: Russian Hacker Indicted In Pittsburgh Wanted For Allegedly Running Worldwide Conspiracy
https://pittsburgh.cbslocal.com/2019/10/24/fbi-russian-hacker-indicted-in-pittsburgh-wanted-for-allegedly-running-worldwide-conspiracy/

Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack
https://cpdos.org/paper/Your_Cache_Has_Fallen__Cache_Poisoned_Denial_of_Service_Attack__Preprint_.pdf

Transparent Tribe – APT Targeting India
https://labs.k7computing.com/?p=17380

Brazilian government seeks data governance head
https://www.zdnet.com/article/brazilian-government-seeks-data-governance-head/#ftag=RSSbaffb68

Czech authorities dismantle alleged Russian cyber-espionage network
https://www.zdnet.com/article/czech-authorities-dismantle-alleged-russian-cyber-espionage-network/#ftag=RSSbaffb68

Chinese national sentenced for trying to smuggle military tech from US to China
https://www.zdnet.com/article/chinese-national-sentenced-for-trying-to-smuggle-military-tech-from-us-to-china/#ftag=RSSbaffb68

NCSC Investigated 658 Serious Cybersecurity Incidents
https://www.bankinfosecurity.com/ncsc-investigated-658-serious-cybersecurity-incidents-a-13286

A DDoS gang is extorting businesses posing as Russian government hackers
https://www.zdnet.com/article/a-ddos-gang-is-extorting-businesses-posing-as-russian-government-hackers/#ftag=RSSbaffb68

滲透測試工程師
https://m.104.com.tw/job/3f823?jobsource=m104

資安滲透測試專家(Q13)
https://m.104.com.tw/job/4chjb?jobsource=m104

資訊安全工程師(滲透測試)_T2
https://m.104.com.tw/job/51ik0?jobsource=m104

高級安全工程師--滲透測試
https://m.104.com.tw/job/6a198?jobsource=m104

【資安所】網駭科技研析中心-資安滲透檢測工程師
https://m.104.com.tw/job/6k11l?jobsource=m104

資安檢測工程師
https://m.104.com.tw/job/64myq?jobsource=m104

系統資安工程師
https://m.104.com.tw/job/6hr7s?jobsource=m104

網路資安工程師
https://m.104.com.tw/job/59nw1?jobsource=m104

資安服務工程師
https://m.104.com.tw/job/3biy7?jobsource=m104

資安事件調查員
https://m.104.com.tw/job/6j3cl?jobsource=m104

數位鑑識工程師 _T2
https://m.104.com.tw/job/6ptmc?jobsource=m104

數位鑑識與舞弊偵防顧問
https://m.104.com.tw/job/2wf7t?jobsource=m104

Incident Response Engineer
https://m.104.com.tw/job/6q9n9?jobsource=m104

【IT】資安系統工程師 - 1900454
https://m.104.com.tw/job/6qs9w?jobsource=m104

資安技術人員
https://m.104.com.tw/job/63m1f?jobsource=m104

[軟體系統]高級資安系統應用工程師(台南)
https://www.104.com.tw/job/6rpmd

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
錢櫃個資外洩?詐騙集團竟知身分證、消費日
http://bit.ly/32wsyGl

錢櫃回應了!客人「個資外洩」狂接詐騙電話 身分證、消費日全曝光
https://www.ettoday.net/news/20191020/1560888.htm

知名訂房網疑資料外洩 會員慘遭詐
https://penghudaily.blogspot.com/2019/10/blog-post_153.html

電信中盤商騙移工個資 辦人頭門號供詐騙集團
http://bit.ly/2BuDKYi

Mercedes-Benz App 出現問題令車主資料外洩
https://unwire.hk/2019/10/20/mercedes-benz-app-glitch/fun-tech/

西青警方連續破獲24起新型電信網絡詐騙案
http://life.eastmoney.com/a/201910181264643554.html

駭客入侵!大咖女星裸照慘遭外流 粉心疼籲「拒點拒分享」
https://www.setn.com/News.aspx?NewsID=620965

Alexa與Google Home第三方應用程式可用語音釣魚竊取用戶密碼
https://ithome.com.tw/news/133727

蔡依林門票傳黃牛詐財 女粉匯1萬2買特區一場空
https://udn.com/news/story/7320/4102849?from=udn-ch1_breaknews-1-0-news

男子用美團代購機票被騙3460元 南航否認系統漏洞
https://news.sina.com.tw/article/20191021/33017716.html

用LINE的QR Code詐騙?別點不明連結!學著保護帳號
https://www.mygopen.com/2019/10/line-qr-code.html

超危險詐騙!點個連結別人就可以登入你的 LINE 帳號
https://applealmond.com/posts/60838

前1天簽約!Beauty88遭控惡倒 欠3百人6千萬
https://news.tvbs.com.tw/life/1220906

捷運置物櫃變"藏金閣" 詐19人得手1500萬
https://www.ttv.com.tw/news/view/10810210032200N/579

香港銀保監會通報騙保案件 各保險公司啟動全面自查整改
https://news.sina.com.tw/article/20191023/33047482.html

護兒少個資隱私 小心數位足跡被蒐
https://udn.com/news/story/7314/4120957

聲援反送中卻遭香港網站鎖定!台灣人個資全都曝
http://bit.ly/32JpnLP

【2019/10/24 1:00】PayPalを騙る詐欺メールに関する注意喚起
https://www.cc.uec.ac.jp/blogs/news/2019/10/20191024paypalphishing.html

Fraud attacks see huge rise in 2019
https://www.itproportal.com/news/fraud-attacks-see-huge-rise-in-2019/

Banking scams becoming more sophisticated
https://www.iol.co.za/personal-finance/my-money/banking/banking-scams-becoming-more-sophisticated-35279484

Stripe Users Targeted in Phishing Attack That Steals Banking Info
https://www.bleepingcomputer.com/news/security/stripe-users-targeted-in-phishing-attack-that-steals-banking-info/

Delhi: Ex-head constable held for ATM card fraud
http://timesofindia.indiatimes.com/articleshow/71639868.cms

Open database leaked 179GB in customer, US government, and military records
https://www.zdnet.com/article/autoclerk-database-leaked-customer-government-and-military-personal-records/#ftag=RSSbaffb68

Report: Travel Reservations Platform Leaks US Government Personnel Data
https://www.vpnmentor.com/blog/us-travel-military-leak/

Veterans' Data at Risk on Shared Network Storage Devices
https://www.bankinfosecurity.com/veterans-data-at-risk-on-shared-network-storage-devices-a-13281

Unsecure Database Exposed US Military Personnel Data: Report
https://www.bankinfosecurity.com/unsecure-database-exposed-us-military-personnel-data-report-a-13280

How to Avoid the Top Three Causes of Data Breaches in 2019
https://thehackernews.com/2019/10/data-breach-protection.html

Europe Data Exfiltration Market Industry Analysis and Market Forecast (2017-2024)
https://statsflash.com/europe-data-exfiltration-market-industry-analysis-and-market-forecast-2017-2024/183239/

New report offers insights into phishing scammers' go-to tricks
https://www.healthcareitnews.com/news/new-report-offers-insights-phishing-scammers-go-tricks

Three Charged in $11 Million BEC Scam
https://www.bankinfosecurity.com/three-charged-in-11-million-bec-scam-a-13290

Tres detenidos por estafar más de diez millones de euros a empresas extranjeras
http://www.guardiacivil.es/es/prensa/noticias/7146.html

E.研究報告
Sim卡及移動端核彈漏洞密集爆發:近期網絡戰頂級數字武器解析
http://www.sohu.com/a/348031102_354899

存在多年的Linux 漏洞被發現:可通過WiFi 攻擊目標計算機
https://linux.cn/article-11479-1.html?utm_source=rss&utm_medium=rss

境外APT組織“響尾蛇”再次對我國發起攻擊事件報告
http://it.rising.com.cn/dongtai/19655.html

Who is the superuser? CVE-2019-14287 sudo漏洞分析
https://zhuanlan.zhihu.com/p/87345893

X-Forwarded-For注入漏洞過程記錄
https://www.cnblogs.com/soldierback/p/11707035.html

Microsoft office 公式編輯器 Matrix record 棧溢出漏洞分析
https://www.chainnews.com/zh-hant/articles/473375998581.htm

Asruex 後門變種通過 Office 和 Adobe 漏洞感染 word 和 PDF 文檔
https://www.chainnews.com/zh-hant/articles/611710583547.htm

Libra的Move IR編譯器漏洞詳解
https://www.coingogo.com/news/37737

使用Ghidra 分析phpStudy 後門
https://paper.seebug.org/

Web安全Day9 - 文件下載漏洞實戰攻防
https://xz.aliyun.com/t/6590

Windows下防禦利用——SEH深入分析
https://www.anquanke.com/post/id/189093

CVE-2019-11043 / PHP-FPM在Nginx特定配置下遠程代碼執行
https://qiita.com/shimizukawasaki/items/aaac680c921a9cf1b156

在CTF比賽中發現的PHP遠程代碼執行0day漏洞
https://nosec.org/home/detail/3083.html

《XSS攻擊-XSS漏洞原理》課程文檔講解
https://zhuanlan.zhihu.com/p/87733231

對金融網站漏洞檢測的過程分享
https://www.admin5.com/article/20191024/930296.shtml

滲透測試對Java架構網站漏洞檢測方法
https://www.admin5.com/article/20191024/930295.shtml

WhatsApp UAF 漏洞分析(CVE-2019-11932)
https://paper.seebug.org/1061/

Fragscapy:通過協議Fuzz的方法探測IDS/防火牆檢測規則的漏洞
https://www.4hou.com/tools/20657.html

Tiny PE Creating the smallest possible PE executable
https://webserver2.tecgraf.puc-rio.br/~ismael/Cursos/YC++/apostilas/win32_xcoff_pe/tyne-example/Tiny%20PE.htm

Spring Security OAuth 2.3 Open Redirection(CVE-2019–3778 )分析復現篇
https://www.freebuf.com/vuls/216582.html

TWCERT/CC-2019年10月份資安情資電子報
https://www.twcert.org.tw/tw/cp-106-3023-5e111-1.html

順著鍵鼠找到你?黑客利用羅技漏洞趁虛而入
https://zhuanlan.kanxue.com/article-9636.htm

Operation Ghost: The Dukes aren’t back – they never left
https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/

Shikata Ga Nai Encoder Still Going Strong
https://www.fireeye.com/blog/threat-research/2019/10/shikata-ga-nai-encoder-still-going-strong.html

SkiPfisH Web security scanner
https://artofexploit.com/2019/10/12/skipfish-web-security-scanner/

FOCA - Tool To Find Metadata And Hidden Information In The Documents
https://www.nahidhasantechnology.com/2019/10/foca-tool-to-find-metadata-and-hidden.html

brutemap-dev/brutemap
https://github.com/brutemap-dev/brutemap

cisco/mercury
https://github.com/cisco/mercury

leebaird/discover
https://github.com/leebaird/discover

vstinner/python-security
https://github.com/vstinner/python-security

Prepare for a New Cyber Cold War in 2020, Warns Check Point
https://www.globenewswire.com/news-release/2019/10/24/1935000/0/en/Prepare-for-a-New-Cyber-Cold-War-in-2020-Warns-Check-Point.html

PowerShellRunBox: Analysing PowerShell threats using PowerShell debugging
https://blog.apnic.net/2019/10/23/powershellrunbox-analyzing-powershell-threats-using-powershell-debugging/

A Deep-Dive Analysis of the NukeSped RATs
https://feedproxy.google.com/~r/fortinet/blog/threat-research/~3/QqmLFUy4jXo/deep-analysis-nukesped-rat.html

A Deep-Dive Analysis of the NukeSped RATs
https://www.fortinet.com/blog/threat-research/deep-analysis-nukesped-rat.html

Finding Vulnerabilities in Closed Source Windows Software by Applying Fuzzing
https://www.apriorit.com/dev-blog/640-qa-fuzzing-for-closed-source-windows-software

HITCON CTF Quals 2019 - Path of Exploitation
https://david942j.blogspot.com/2019/10/official-write-up-hitcon-ctf-quals-2019.html

benoitsevens/applying-ttd-to-malware-analysis
https://github.com/benoitsevens/applying-ttd-to-malware-analysis

ByePg: Defeating Patchguard Using Exception-Hooking
https://blog.can.ac/2019/10/19/byepg-defeating-patchguard-using-exception-hooking/

The SWAX Benchmark: Attacking Biometric Systems with Wax Figures
https://arxiv.org/abs/1910.09642

Possible New BadPatch Campaign Uses Multi-Component Python Compiled Malware
https://www.fortinet.com/blog/threat-research/badpatch-campaign-uses-python-malware.html

Red Team Tactics: Active Directory Recon using ADSI and Reflective DLLs
https://outflank.nl/blog/2019/10/20/red-team-tactics-active-directory-recon-using-adsi-and-reflective-dlls/

Obfuscating Java bytecode with LLVM and Epona
https://blog.quarkslab.com/obfuscating-java-bytecode-with-llvm-and-epona.html

F.商業
Windows 7 終止支援倒數 88 天 微軟推出電腦分析服務、協助有效部署 Windows 10 版本更新
https://gnn.gamer.com.tw/detail.php?sn=187315

Google改善Chrome 77的網站隔離機制,首度進駐Android版
https://ithome.com.tw/news/133710

免疫幽靈入侵 - Google Chrome 加入網站分離功能加強保安防禦
https://hk.xfastest.com/37296/google-chrome-safety-update/

資安漏洞恐釀每年百億損失!中華資安國際:數位轉型須具備資安管理意識
https://www.thenewslens.com/feature/atd-2019/126292

互聯安睿:擁有iPAS 非名校出身也能是資安紅人
https://www.cheers.com.tw/article/article.action?id=5095469&eturec=1

叡揚資通安全稽核系統協助機關建立資安病歷
http://n.yam.com/Article/20191021823606

趨勢科技併購Cloud Conformity 強化雲端資安領先地位
https://tw.appledaily.com/new/realtime/20191022/1652343/

微軟有新方式來防止駭客從韌體入侵
https://chinese.engadget.com/2019/10/22/microsoft-secured-core-pc/

東捷資訊服務強化智能、平台及IoT服務 深耕六大商機
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&id=571062

A Comprehensive Guide On How to Protect Your Websites From Hackers
https://thehackernews.com/2019/10/website-security-guide.html

Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software
https://thehackernews.com/2019/10/election-software-hacking.html

Cynet's Vulnerability Assessment Enables Organizations to Dramatically Reduce their Risk Exposure
https://thehackernews.com/2019/10/cynet-vulnerability-assessment.html

G.政府
新北警成立全國首支科偵小隊 科技建警偵防並重
https://udn.com/news/story/7320/4111697

資通黑名單不公布?蘇貞昌:做通體檢視 非針對中國產品
http://www.epochtimes.com/b5/19/10/18/n11597062.htm

資通黑名單 蘇揆盼做通體檢視
http://bit.ly/2J7vUbg

資訊戰開打 藍委提「美台資安聯防」蘇揆:全力支持
http://www.epochtimes.com/b5/19/10/18/n11596307.htm

調查局抓到了!2大陸假訊息欲影響我國選情
https://udn.com/news/story/7321/4117009

調查局查獲大陸人士散布蔡總統賣台假訊息
https://www.cna.com.tw/news/asoc/201910210172.aspx

造謠英文賣台?調查局查獲中國央廣記者惡意傳遞假消息
https://newtalk.tw/news/view/2019-10-21/314850

造謠蔡英文賣台給日本訊息 竟是中國央廣記者惡意散布
https://news.ltn.com.tw/news/politics/breakingnews/2952901

「蔡英文是中共地下黨員」是假新聞還是「真段子」
http://bit.ly/31AkV0l

iPAS人才認證,為iPASS一卡通資安人才做後盾
https://web.cheers.com.tw/issue/2019/emba/article/school4.php

快速偵測網路攻擊 企業資安防衛利器 [成果新知]
https://www.moea.gov.tw/MNS/doit/bulletin/Bulletin.aspx?kind=4&html=1&menu_id=13553&bull_id=6332

許毓仁暴怒...問資安拒讓顧立雄答詢 怒嗆蘇貞昌「閉嘴!」
https://www.ettoday.net/news/20191022/1562477.htm

北市府網路連2天當機 王世堅質疑沒有防火牆
https://news.ltn.com.tw/news/Taipei/breakingnews/2953830

首善之都台北市府網路2天內當機2次 資訊局:設備老舊
https://tw.appledaily.com/new/realtime/20191022/1652389/

駭客又入侵? 北市府各局處網路全癱瘓 各局處公文系統全停擺 資訊局緊急追查
https://www.ttv.com.tw/news/view/10810220012600N/568

網路系統異常 北市府:與駭客攻擊無關
https://www.cna.com.tw/news/aloc/201910220187.aspx

駭客入侵北市府?王世堅酸柯不要被害妄想症
https://www.chinatimes.com/realtimenews/20191022003000-260407?chdtv

智慧城市?北市府網路當機半天 因設備舊
https://news.tvbs.com.tw/politics/1221483

電腦兩天兩次大當機 北市府:非駭客攻擊
https://www.cdns.com.tw/articles/39161

中共統戰變種「準戰爭」立委學者推兩法案聯防
http://bit.ly/2W7ujYs

2018政府機關資安通報現況大公開,6起3級事件最嚴重
https://www.ithome.com.tw/news/133776

手機綁定自然人憑證 申辦政府服務線上搞定
http://bit.ly/2ohuKTs

自然人憑證綁定手機 免插卡就能網路報稅
http://bit.ly/2qFCRdk

工研院:無密碼身分辨識結合終端,為台製造業新商機
https://www.moneydj.com/KMDJ/News/NewsViewer.aspx?a=1e3a8fbc-ea61-4306-aa21-127a0fbcf629

訂定「教育機構資安審議會設置要點」,並自即日生效
https://edu.law.moe.gov.tw/NewsContent.aspx?id=95839

空軍前參謀長遭吸收發展共諜組織 輕判6個月
https://news.ltn.com.tw/news/society/breakingnews/2956660

行政院技術服務中心108年第3季資通安全技術報告
https://download.nccst.nat.gov.tw/attachfilenew/108_Q3_Cyber%20Security%20Technology%20Report.pdf

H.ICS/SCADA 工控系統
工廠已成駭客最愛目標,建立完整資安組織與 SOP 是台廠當務之急
https://buzzorange.com/techorange/2019/10/23/2019-aiot-techorange/

Outdated OSs Still Present in Many Industrial Organizations: Report
https://www.securityweek.com/outdated-oss-still-present-many-industrial-organizations-report

I.教育訓練
ASP.net mvc面試49題
http://bit.ly/2MBnHy6

slavaim/mac-notes
https://github.com/slavaim/mac-notes

RootUp/PHDays9
https://github.com/RootUp/PHDays9

LinuxForensic
https://github.com/ashemery/LinuxForensics/blob/master/OSDFCon19-Final.pdf

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
日本連鎖酒店HIS Group稱黑客可能通過室內機器人偷窺客人
https://www.cnbeta.com/articles/tech/902535.htm

機器人供客房服務 可能遭駭變偷拍工具
https://news.tvbs.com.tw/world/1220138

IoT 技術中心斥資上億 德國萊因用物聯三箭打造連網用戶安全體驗
https://times.hinet.net/topic/22619421

Singapore expands test site for autonomous vehicles
https://www.zdnet.com/article/singapore-expands-test-site-for-autonomous-vehicles/#ftag=RSSbaffb68

6.近期資安活動及研討會
 交通大學亥客書院-A015:進階網頁滲透測試 10/26
 https://hackercollege.nctu.edu.tw/?p=1090

 International Conference on Networks & Communications (NETWORKS) 10/26 ~ 10/27
 https://infosec-conferences.com/events-in-2019/networks/

 亞洲‧矽谷學院108年免費認證考試 10/27
 https://college.asvda.org.tw/

 Nspa實作課程「惡意巨集文件與惡意程式下載器」 10/27
 https://www.facebook.com/events/459141201342125/

 International Conference on Emerging Security Information, Systems and Technologies (SECURWARE) 10/27 ~ 10/31
 https://infosec-conferences.com/events-in-2019/securware/

 SANS Amsterdam October  10/28
 https://infosec-conferences.com/events-in-2019/sans-amsterdam-october/

 行動應用App基本資安認證制度推廣說明會 10/28
 https://www.tca.org.tw/exhibit_info1.php?n=1154

 工業自動化資安管理與實務 10/29 ~ 10/30
 https://www.ivendor.com.tw/website/featured_detial/91

 資安檢核核心技術及進階技術研討會 10月28日至10月30日
 http://bit.ly/2TN2UtD

 Foundations in Digital Forensics with EnCase® (DF120) (原CF1) 10/28 ~ 10/31
 https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=39

 International Workshop on Reliability and Security Data Analysis (RSDA)  10/28 ~ 10/31
 https://infosec-conferences.com/events-in-2019/rsda/

 International Symposium on Software Reliability Engineering (ISSRE)  10/28 ~ 11/1
 https://infosec-conferences.com/events-in-2019/issre/

 Securing New Ground 10/29 ~ 10/30
 https://infosec-conferences.com/events-in-2019/securing-new-ground/

 CEBIT Australia  10/29 ~ 10/31
 https://infosec-conferences.com/events-in-2019/cebit-australia/

 SSCP資訊安全專業人員認證 課程說明會  10/30
 https://www.accupass.com/event/1910180803231516519793

 Nspa實作課程「加密勒索攻擊」 10/31
 https://www.facebook.com/events/391437314853475/

 OWASP AppSec Day Melbourne  11/1
 https://infosec-conferences.com/events-in-2019/owasp-appsec-day-melbourne/

 Hackfest 2019  11/1 ~ 11/3
 https://infosec-conferences.com/events-in-2019/hackfest-2019/

 行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30
 https://www.accupass.com/event/1810080517061259295030

  Elite East Coast CISO Summit 11/3~11/5
 https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/

 Red Hat Forum Taipei 2019  11/5
 https://www.facebook.com/events/1390202967799392/

 資安人才培育成果發表暨就業媒合會 11/5
 https://ievents.iii.org.tw/eventS.aspx?t=0&id=733

 Cyber Security Summit: Boston  11/6
 https://infosec-conferences.com/events-in-2019/cyber-security-summit-boston/

 駭客攻防暨數位鑑識系列一(第1期) 11/7
 https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=384540

 網路攻擊鏈( Cyber Kill Chain)各階段實作 (6hr)  11/7
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384540

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/8
 https://signupcybersec101.ithome.com.tw/

 BSides Charleston 11/9
 https://infosec-conferences.com/events-in-2019/bsides-charleston/

 Kotlin/Everywhere GDG Taoyuan - 運用 Ktor 建置一個以 Kotlin 打造的後端服務  11/9
 https://www.meetup.com/GDGTaoyuan/events/264776152/

 OpenInfra Day Taiwan 11/12
 http://openinfra.digitimes.com.tw/

 108年政府組態基準(GCB)實作研習 11/12 ~ 11/22
 https://register.nccst.nat.gov.tw/Active/registerDetail.do?activeId=1285&activeType=course

 CLEAR Cyber Leaders Conference 11/12 ~ 11/13
 https://infosec-conferences.com/events-in-2019/clear-cyber-leaders-conference/

 108年資安法律案例分享說明會 11/13
 https://register.nccst.nat.gov.tw/Active/registerDetail.do?activeId=1286&activeType=conf

 Windows檔案系統及檔案還原 (6hr)  11/14
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384541

 Digital Internet Summit 11/14
 https://infosec-conferences.com/events-in-2019/digital-internet-summit/

 INTERFACE – Nebraska 11/14
 https://infosec-conferences.com/events-in-2019/interface-nebraska/

 SecureWV – Hack3rCon  11/15 ~ 11/17
 https://infosec-conferences.com/events-in-2019/securewv-hack3rcon/

 交通大學亥客書院-P006:高階網頁滲透測試 11/16
 https://hackercollege.nctu.edu.tw/?p=1092

 FS-ISAC Fall Summit 11/17 ~ 11/20
 https://infosec-conferences.com/events-in-2019/fs-isac-fall-summit/

 Microsoft IoT in Action 11/20
 https://www.iotinactionevents.com/event/taipei

 LINE將於11月舉辦LINE DEVELOPER DAY 2019  11/20 ~ 11/21
 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000570636_HL57CPQM2H1ZHE71YVI2W

 Infosecurity ISACA North America Expo and Conference 11/20 ~ 11/21
 https://infosec-conferences.com/events-in-2019/isaca-north-america-expo-conference/

 檔案特徵值比對與關鍵字搜尋 (2hr) Open Source數位鑑識工具實務操作 (5hr) 11/21
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384542

 2019 BSI 國際資安標準管理年會  11/22
 https://www.accupass.com/event/1910070533451342891420

 Trend Micro CTF 2019 // Raimund Genes Cup  FINAL / NOVEMBER 23–24, 2019
 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html

 資安檢核核心技術及進階技術研討會11月26日至11月28日
 http://bit.ly/2TN2UtD

 人資人員必修的職安法規定 11/26
 https://www.accupass.com/event/1909121441141977826554

 模擬案例鑑識分析實務 (6hr)  11/28
 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384543

 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會  11/29
 https://signupcybersec101.ithome.com.tw/

 交通大學亥客書院-B015:惡意程式檢測 11/30
 https://hackercollege.nctu.edu.tw/?p=1098

 亞洲‧矽谷學院108年免費認證考試 11/30
 https://college.asvda.org.tw/

 Digital Summit Dallas  12/4
 https://infosec-conferences.com/events-in-2019/digital-summit-dallas/

 Kansas City Cyber Security Conference 12/5
 https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/

 CyberMaryland Conference 12/5 ~ 12/6
 https://infosec-conferences.com/events-in-2019/cybermaryland-conference/

 FutureCon Nashville Cyber Security Conference 12/11
 https://infosec-conferences.com/events-in-2019/futurecon-nashville/

 Utility Cyber Security Forum December 12/11
 https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/

 交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦  12/14
 https://hackercollege.nctu.edu.tw/?p=1094

 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

留言

這個網誌中的熱門文章

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



8月份資安社群及教育訓練活動分享

8月份資安社群及教育訓練活動分享

 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

【社群】8/1(四) RASPBERRY PI + ROS,實現無人自駕
 https://ctsphub.tw/20190801_robotnight/

 HackingThursday 固定聚會 8/1
 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbcb/

 資安事件調查實務(上)  8/2
 https://tp2rc.tanet.edu.tw/node/306?fbclid=IwAR11YQmw-28fOA6LUrsNiFKd7ccaAiMa5cZsYf22iRfTUR5LPYXwjqZNo2I

 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3
 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/

 Python 基礎工作坊@TMU 8/6
 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…