資安事件新聞週報 2019/11/25 ~ 2019/11/29






資安事件新聞週報  2019/11/25  ~  2019/11/29

1.重大弱點漏洞/後門/Exploit/Zero Day
Google 已發布安全更新以解決多個產品中的弱點
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html

CWE公布2019年最危險的25個軟體錯誤
https://www.ithome.com.tw/news/134475

Fortinet 多個產品存在加密金鑰弱點,可能造成中間人成功竊聽或披露機敏資訊
https://fortiguard.com/psirt/FG-IR-18-100

TOP25 漏洞類型 8 年後首次迎來更新
https://www.chainnews.com/zh-hant/articles/142025348603.htm

phpMyAdmin 遠端執行任意程式碼漏洞
https://www.phpmyadmin.net/security/PMASA-2019-5/

Red Hat JBoss Enterprise Application Platform 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.4484/

部份Fortinet產品加密金鑰漏洞,可讓駭客竊聽用戶活動
https://ithome.com.tw/news/134415

一加公佈個人信息安全漏洞並向受影響客戶致歉
https://www.cnbeta.com/articles/tech/913985.htm

TP-Link TL-WR841N 遠端執行程式碼漏洞
https://www.zerodayinitiative.com/advisories/ZDI-19-992/

ClamAV CVE-2013-7088
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7088

ClamAV CVE-2013-7087
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7087



Google Project Zero描述了一個Android 0day 漏洞Bad Binder
https://www.cnbeta.com/articles/tech/913821.htm

Google Project Zero詳細描述高危Android零日漏洞
http://www.360.cn/n/11343.html

Kaspersky 產品多個漏洞
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1

Kali Linux推出2019.4新版,可把Android手機用作Linux桌面電腦
https://www.ithome.com.tw/news/134489

4款VNC開源專案含有37個安全漏洞
https://www.ithome.com.tw/news/134412

37 Vulnerabilities Found in 4 Popular Open-Source VNC Remote Access Software
https://gbhackers.com/37-vulnerabilities-vnc/

Apache Solr CVE-2019-12409
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12409

Code Execution Vulnerability Found In TeamViewer – Patch Now
https://latesthackingnews.com/2019/11/18/code-execution-vulnerability-found-in-teamviewer-patch-now/

Microsoft christens Windows 10 20H1 as Windows 10 2004; preps to start testing its successor
https://www.zdnet.com/article/microsoft-christens-windows-10-20h1-as-windows-10-2004-preps-to-start-testing-its-follow-on/#ftag=RSSbaffb68

Microsoft Outlook for Android Bug Opens Door to XSS
https://threatpost.com/microsoft-outlook-android-bug-xss/150528/

Apple plans to make iOS upgrades less awful (and knew how terrible iOS 13 was)
https://www.zdnet.com/article/apple-plans-to-make-ios-upgrades-less-awful-and-knew-how-terrible-ios-13-was/#ftag=RSSbaffb68

【資安漏洞預警】Openfind MAIL2000 Webmail Pre-Auth Cross-Site Scripting and Open Redirect
https://net.nthu.edu.tw/2009/mailing:announcement:20191121_01

New bypass disclosed in Microsoft PatchGuard (KPP)
https://www.zdnet.com/article/new-bypass-disclosed-in-microsoft-patchguard-kpp/#ftag=RSSbaffb68

Instagram信息泄露漏洞
https://securityaffairs.co/wordpress/91253/hacking/instagram-bug-data-exposure.html

IBM Security Identity Manager CVE-2019-4561
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-4561

IBM WebSphere Application Server 遠端執行程式碼漏洞
https://www.ibm.com/support/pages/node/1115085

PostgreSQL CVE-2015-3166
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3166

postgresql-common CVE-2019-3466
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3466

Symantec Endpoint Protection CVE-2019-18372
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-18372

Symantec Endpoint Protection CVE-2019-12758
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12758

Symantec Endpoint Protection Manager (SEPM) CVE-2019-12759
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12759

Some Fortinet products shipped with hardcoded encryption keys
https://www.zdnet.com/article/some-fortinet-products-shipped-with-hardcoded-encryption-keys/#ftag=RSSbaffb68

Exploit code published for dangerous Apache Solr remote code execution flaw
https://www.zdnet.com/article/exploit-code-published-for-dangerous-apache-solr-remote-code-execution-flaw/#ftag=RSSbaffb68

Splunk Faces Y2K Bug-Like Problem Unless Patched
https://www.bleepingcomputer.com/news/security/splunk-faces-y2k-bug-like-problem-unless-patched/#.XdzjVczg8mQ.twitter

Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps
https://blog.trendmicro.com/trendlabs-security-intelligence/patched-gif-processing-vulnerability-cve-2019-11932-still-afflicts-multiple-mobile-apps/

Top 25 Most Dangerous Vulnerabilities Refreshed After 8 Years
https://www.bleepingcomputer.com/news/security/top-25-most-dangerous-vulnerabilities-refreshed-after-8-years/#.Xd44POT58iQ.twitter

Adobe discloses security breach impacting Magento Marketplace users
https://www.zdnet.com/article/adobe-discloses-security-breach-impacting-magento-marketplace-users/#ftag=RSSbaffb68

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
全球首張資安保險專業資格國際證書
https://ctee.com.tw/industrynews/activity/178876.html

國泰產險榮獲英國標準協會頒發資安品質精銳獎
https://www.cdns.com.tw/articles/61406

迎向開放 金管會3步推動
https://tw.appledaily.com/finance/20191124/BSJ36OJXWV2D4R6V5HIWCJGNZU/

四大數位專才 金融業搶破頭
https://www.chinatimes.com/newspapers/20191124000237-260202?chdtv

新光銀「立碼驗」 將進駐萊爾富
https://udn.com/news/story/7239/4182263

記帳App 搶開放銀行頭香 精準掌控開支 逾25萬下載
https://tw.appledaily.com/finance/20191124/YKADJG44NTU2QZZY5J2Z42GOSQ/

無障礙網銀、APP轉帳,明年6月底前上線
https://www.chinatimes.com/realtimenews/20191125001003-260410

前仆後繼搶進個人金融市場,純網銀業者看中的是什麼
https://www.thenewslens.com/article/127769

金融科技展將登場 證交所送好禮
https://udn.com/news/story/7251/4186699

支付虛實整合 顧立雄:2020年銀行競爭將相當激烈
https://udn.com/news/story/7239/4187854

彰銀 規劃建立資安戰情室
http://bit.ly/2OhWZeK

銀行業 明年迎新戰國時代
http://bit.ly/2OMBUrR

顧立雄:電支電票整合、純網銀開業,明年金融業競爭將越趨激烈
https://ithome.com.tw/news/134427

金總推動FinTech 接軌國際
https://money.udn.com/money/story/5649/4189509

5,630萬美元!英國央行對花旗開出有史以來最高罰單
https://money.udn.com/money/story/5599/4189848

國泰產險 獲BSI頒資安品質精銳獎
https://money.udn.com/money/story/5636/4189261

2019金融科技展搶先看 金融創新聚焦三大領域
https://money.udn.com/money/story/5636/4187702

證交所參展「FinTech Taipei 2019 台北金融科技展」活動
https://www.cdns.com.tw/articles/64002

財金公司捍衛金融資安 滴水不漏
https://money.udn.com/money/story/8944/4189339

金融服務業數位化轉型過程中所面對的法制挑戰
https://udn.com/news/story/6871/4192826

LINE Bank結合AI創新與資安二優勢 預見未來生活金融
https://udn.com/news/story/7239/4193677

LINE Bank 現身台北金融科技展,展示「全民銀行」將結合AI與資安打造生活金融
https://www.techbang.com/posts/74603-line-bank-combines-ai-innovation-with-financial-for-future-life

LINE Bank明年第二季推出!保險、小額貸款都OK
https://www.setn.com/News.aspx?NewsID=644678

開放銀行明年擬朝第2階段邁進 消費者可申請產品與消費資訊
https://www.ettoday.net/news/20191129/1590771.htm

金融科技隱藏資安風險 證交所研擬區塊鏈技術抵禦
https://www.ettoday.net/news/20191129/1590836.htm

純網銀明年上路掀起鯰魚效應 顧立雄讚國銀:每個人都趕上來了
https://www.ettoday.net/news/20191129/1590795.htm

WILL BANKS ALWAYS BE VULNERABLE TO HACKERS
https://builtin.com/cybersecurity/cybersecurity-banking-financial-services

Taiwan's financial regulator: ATMs won't disappear, they'll just become smarter
https://www.atmmarketplace.com/news/taiwans-financial-regulator-atms-wont-disappear-theyll-just-become-smarter/

Hackers now use web skimmers to steal credit card data
https://www.hackread.com/hackers-use-web-skimmers-to-steal-credit-card-data/

Web skimmer phishes credit card data via rogue payment service platform
https://blog.malwarebytes.com/web-threats/2019/11/web-skimmer-phishes-credit-card-data-via-rogue-payment-service-platform/

Two Chinese ATM skimmers arrested in Chon Buri
https://www.nationthailand.com/news/30378636

Quantum Dawn Cyber Exercise Simulates a “Doomsday” Global Ransomware Attack
https://www.cpomagazine.com/cyber-security/quantum-dawn-cyber-exercise-simulates-a-doomsday-global-ransomware-attack/

Full(z) House: a digital crime group using a full deck to maximize profits
https://www.riskiq.com/blog/labs/fullz-house/

Fullz House hackers pivot from phishing to Magecart card skimming attacks
https://www.zdnet.com/article/fullz-house-threat-group-pivots-from-phishing-to-magecart-card-skimming-attacks/#ftag=RSSbaffb68

Magecart Group Switches Up Tactics with MiTM, Phishing
https://threatpost.com/magecart-variant-tactics-mitm-phishing/150628/

RiskIQ exposes MageCart group that has combined data exfiltration techniques
https://www.techspot.com/news/82933-riskiq-exposes-magecart-group-has-combined-data-exfiltration.html

Black Friday Alert: Financial Botnets Primarily Targeting E-Commerce Apparel Sites
https://www.iafrica.com/black-friday-alert-financial-botnets-primarily-targeting-e-commerce-apparel-sites/

Carding and black box attacks: common ATM hacking techniques by Dominique René
https://hakin9.org/carding-and-black-box-attacks-common-atm-hacking-techniques/

Silence APT group eyes APAC banks
https://www.computerweekly.com/news/252468853/Silence-APT-group-eyes-APAC-banks

Joker's Stash Advertises More Stolen Payment Card Data
https://www.bankinfosecurity.com/jokers-stash-advertises-more-stolen-payment-card-data-a-13451

3.電子支付/電子票證/行動支付/ pay/新聞及資安
「行動支付聯合成果展」,行動支付創造優質消費新生活
http://n.yam.com/Article/20191122541671

情侶在超商2元「狂吃猛喝」手法曝光 全場驚:竟沒想到
http://bit.ly/2pVrOg6

4.虛擬貨幣/區塊鍊相關新聞及資安
關於近日門羅幣供應鏈攻擊事件分析
https://paper.seebug.org/1083/

門羅幣錢包之“狸貓換太子”
https://paper.seebug.org/1080/

避免“剁手”假貨?區塊鍊鍊上鍊下數據協同分析
https://paper.seebug.org/1076/

區塊鏈智能合約控制流識別的大規模實驗研究
https://paper.seebug.org/1072/

加密貨幣市場市場崩潰, 因幣安的上海辦事處關閉的負面影響
http://bit.ly/34gQNta

Monero官網遭植入惡意程式,用戶加密貨幣錢包被清光
https://ithome.com.tw/news/134399

無視資安風險? 調查:92% 機構投資者在交易所存幣
https://blockcast.it/2019/11/25/institutional-investors-overwhelmingly-keep-their-cryptos-on-exchanges-despite-the-inherent-security-risks/

區塊鏈局勢總搖擺不定,因其起源與駭客文化有著莫大的關係
https://news.knowing.asia/news/cce3a1b2-2ce7-4e24-b308-78eb41cd84f0

韓國交易所 Upbit 遭駭?公告證實「4 千萬美元異常交易」
https://blockcast.it/2019/11/27/upbit-hack-1127/

爆資安漏洞,Upbit以太幣失竊
http://bit.ly/2OOQi2Y

Upbit 交易所遭駭疑點重重?分析師:不排除「內鬼」可能性
https://blockcast.it/2019/11/28/analysts-suggested-that-upbit-hack-was-actually-an-inside-job/

2019 年 7 大加密貨幣交易所駭客事件
http://bit.ly/2rza8qY

Federal Reserve Report Raises Concerns About 'Stablecoins'
https://www.bankinfosecurity.com/federal-reserve-report-raises-concerns-about-stablecoins-a-13433

Upbit cryptocurrency exchange loses $48.5 million to hackers
https://www.zdnet.com/article/upbit-cryptocurrency-exchange-loses-48-5-million-to-hackers/#ftag=RSSbaffb68

Hackers Steal $49 Million in Ethereum From Upbit Exchange
https://www.bankinfosecurity.com/blogs/hackers-steal-49-million-in-ethereum-from-upbit-exchange-p-2825

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
勒索軟體Dopplepaymer藉由Microsoft Teams散佈? 微軟否認
https://ithome.com.tw/news/134364

新版TrickBot木馬企圖竊取OpenSSH與OpenVPN金鑰
https://www.ithome.com.tw/news/134398

點開就要1.5萬!假冒Windows 10更新通知 郵件暗藏勒索軟體
https://cnews.com.tw/137191125a04/

提供110家療養院服務的IT業者VCPI被勒索軟體纏住了
https://www.ithome.com.tw/news/134431

惡意程式Dexphot以高明手法躲避偵測,8萬台Windows PC變比特幣挖礦機
https://www.ithome.com.tw/news/134440

勒索病毒.攻擊日本中小企業 四成受害
https://news.tvbs.com.tw/focus/1240537

駭客掃瞄網路Docker植入挖礦程式,還修改設定、留下後門
https://ithome.com.tw/news/134470

盤點近幾年勒索病毒使用過的工具和漏洞
https://www.chainnews.com/zh-hant/articles/528492522935.htm

美國綜合醫院Great Plains Health遭勒索軟體攻擊
https://ithome.com.tw/news/134474

惡意挖礦程式防禦指南
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019112705112323343922970986739.pdf

Trickbot Updates Password Grabber Module
https://unit42.paloaltonetworks.com/trickbot-updates-password-grabber-module/

TrickBot Trojan Getting Ready to Steal OpenSSH and OpenVPN Keys
https://www.bleepingcomputer.com/news/security/trickbot-trojan-getting-ready-to-steal-openssh-and-openvpn-keys/

Evaluating Open Source Malware Sandboxes with Linux Malware
https://pdfs.semanticscholar.org/a0c5/f13e0313011b771b80fcc2346af73a127895.pdf

2019-11-21 - DATA DUMP: EMOTET EPOCH 3 INFECTION WITH TRICKBOT GTAG MOR49 AND SPAMBOT TRAFFIC
https://www.malware-traffic-analysis.net/2019/11/21/index.html

Emsisoft releases a new decryptor for Hakbit ransomware
https://blog.emsisoft.com/en/34716/emsisoft-releases-a-new-decryptor-for-hakbit-ransomware/

Official Monero website is hacked to deliver currency-stealing malware
https://arstechnica.com/information-technology/2019/11/official-monero-website-is-hacked-to-deliver-currency-stealing-malware/

Malware creators producing more dangers to mac-OS
https://www.ehackingnews.com/2019/11/malware-creators-producing-more-dangers.html

THE LAZARUS’ GAZE TO THE WORLD: WHAT IS BEHIND THE SECOND STONE
https://blog.telsy.com/the-lazarus-gaze-to-the-world-what-is-behind-the-second-stone/

New SectopRAT Trojan creates hidden second desktop to control browser sessions
https://www.zdnet.com/article/new-sectoprat-malware-creates-hidden-second-desktop-to-control-browser-sessions/#ftag=RSSbaffb68

New SectopRAT: Remote access malware utilizes second desktop to control browsers
https://www.gdatasoftware.com/blog/2019/11/35548-new-sectoprat-remote-access-malware-utilizes-second-desktop-to-control-browsers

Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon
https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/

NeverQuest Banking Trojan Co-Creator Sentenced to 4 Years
https://www.bankinfosecurity.com/neverquest-banking-trojan-co-creator-sentenced-to-4-years-a-13439

Ransomware Attackers Leak Stolen Data
https://www.bankinfosecurity.com/ransomware-attackers-leak-stolen-data-a-13438

Microsoft Debunks Dopplepaymer Ransomware Rumors
https://www.bankinfosecurity.com/microsoft-debunks-dopplepaymer-ransomware-rumors-a-13427

Ransomware Analysis: 'Shade' Surges; Other Trends Emerge
https://www.bankinfosecurity.com/ransomware-analysis-shade-surges-other-trends-emerge-a-13424

Microsoft Debunks Dopplepaymer Ransomware Rumors
https://www.bankinfosecurity.asia/microsoft-debunks-dopplepaymer-ransomware-rumors-a-13427

LOCAL GOVERNMENTS: RANSOMWARE ATTACK’S HOTTEST TARGET
https://blog.eccouncil.org/local-governments-ransomware-attacks-hottest-target/

Threat Spotlight: Government Ransomware Attacks
https://blog.barracuda.com/2019/08/28/threat-spotlight-government-ransomware-attacks/

Livingston School District in New Jersey Hit With Ransomware
https://www.bleepingcomputer.com/news/security/livingston-school-district-in-new-jersey-hit-with-ransomware/#.XdtwBP6EUag.twitter

FTCODE Ransomware IOC
https://pastebin.com/eQU3q70z

Clop Ransomware Tries to Disable Windows Defender, Malwarebytes
https://www.bleepingcomputer.com/news/security/clop-ransomware-tries-to-disable-windows-defender-malwarebytes/

Attackers Demand $14 Million Ransom From IT Services Firm
https://www.bankinfosecurity.com/attackers-demand-14-million-ransom-from-services-firm-a-13444

Malware Found Hiding in Fake Income Tax Department Emails, CERT-in Warns
https://dailystockdish.com/malware-found-hiding-in-fake-income-tax-department-emails-cert-in-warns/

Microsoft says new Dexphot malware infected more than 80,000 computers
https://www.zdnet.com/article/microsoft-says-new-dexphot-malware-infected-more-than-80000-computers/#ftag=RSSbaffb68

Insights from one year of tracking a polymorphic threat
http://bit.ly/37IRfT9

Ginp, malware para Android con bancos españoles como objetivo
https://blog.segu-info.com.ar/2019/11/ginp-malware-para-android-con-bancos.html

Un peligroso troyano suplanta las ‘apps’ de siete bancos españoles en Android
https://elpais.com/tecnologia/2019/11/22/actualidad/1574435744_271497.html

Stantinko botnet adds cryptomining to its pool of criminal activities
https://www.welivesecurity.com/2019/11/26/stantinko-botnet-adds-cryptomining-criminal-activities/

Stantinko Botnet nun mit Coinminer ausgestattet
https://www.welivesecurity.com/deutsch/2019/11/26/stantinko-botnet-coinminer/

2019-11-27 - EMOTET EPOCH 3 INFECTED WINDOWS CLIENT AS SPAMBOT
https://www.malware-traffic-analysis.net/2019/11/27/index2.html

Restaurant Chain: Malware Infected PoS Devices
https://www.bankinfosecurity.com/restaurant-chain-malware-infected-pos-devices-a-13449

Dtrack: In-depth analysis of APT on a nuclear power plant
https://www.cyberbit.com/blog/endpoint-security/dtrack-apt-malware-found-in-nuclear-power-plant/

New Ginp banking malware targets credit/debit card information via screen overlay
https://mybrandbook.co.in/redirect.php?p=10738

CRYPSPORT Ransomware Information
https://success.trendmicro.com/solution/000155798-GOSPORT-Ransomware-Information

Double Loaded Zip File Delivers Nanocore
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/double-loaded-zip-file-delivers-nanocore/

B.行動安全 / iPhone / Android /穿戴裝置 /App
澳門下月起「手機實名制」 警擴權可隱藏身分秘密執法
https://tw.appledaily.com/new/realtime/20191121/1666875/

CheckPoint:大量熱門Android程式仍存有已修補的安全漏洞
https://ithome.com.tw/news/134366

WhatsApp 屢傳資安問題,還是商業溝通的首選嗎?Telegram:它永遠都不會安全
https://www.kocpc.com.tw/archives/293653

Apple 決定更改 iOS 14 的開發方式!因 iOS 13 Bugs 太多
http://bit.ly/33a7NzS

為了不再內建Google Maps花數十億美元 蘋果:我們能創造更好的
http://bit.ly/34hzXds

「兩步驟驗證」出現漏洞?Twitter 取消簡訊驗證方案
https://3c.ltn.com.tw/news/38732

英國政府推特轉發「超鹹濕色情片 」 發言人急澄清
https://www.chinatimes.com/realtimenews/20191126003358-260402?chdtv

Facebook 承認曾開發容貌辨識 App 予內部測試
https://unwire.pro/2019/11/26/facebook-confirms-facial-recognition-app/news/

臉書封鎖以色列駭客公司NSO Group員工的私人帳號,被告了
https://www.ithome.com.tw/news/134447

惡意 SDK 洩露用戶 Facebook 、 Twitter 帳戶資料
http://bit.ly/34rsF7k

WhatsApp是如何被利用來監控異見人士的
https://theinitium.com/article/20191127-opinion-cyber-security-whatsapp/

果粉小心 Apple ID 遭駭!手機收到帳單異常簡訊恐藏詐騙陷阱
https://3c.ltn.com.tw/news/38750

當心!異常簡訊藏個資洩漏陷阱 點下去Apple ID恐遭駭
https://money.udn.com/money/story/5621/4193279

果粉注意!資安廠示警:留意釣魚簡訊、當心Apple ID被駭
https://www.ettoday.net/news/20191128/1590134.htm

通訊安全知多少? 抗爭前線的安全觀念不能少
https://lab.ocf.tw/2019/11/21/column/

華為「天價156萬」懸賞黑客,尋找鴻蒙系統漏洞,已經開始滲透
https://kknews.cc/tech/naakkv2.html

臉書驚傳大當機「完全沒有畫面」
http://bit.ly/2ORmAdL

25 歲香港女工程師多次拆解 App 編碼 FB.IG 高層都要 follow 做粉絲
http://bit.ly/37L8Ycw

Smartphone maker OnePlus discloses data breach
https://www.zdnet.com/article/smartphone-maker-oneplus-discloses-data-breach/#ftag=RSSbaffb68

Twitter will finally let users disable SMS as default 2FA method
https://www.zdnet.com/article/twitter-will-finally-let-users-disable-sms-as-default-2fa-method/#ftag=RSSbaffb68

India puts WhatsApp's impending payments service on ice due to data localisation fracas
https://www.zdnet.com/article/india-puts-whatsapps-impending-payments-service-on-ice-due-to-data-localisation-fracas/#ftag=RSSbaffb68

Two third-party SDKs allowed secret harvesting of Twitter and Facebook user data
https://www.zdnet.com/article/two-third-party-sdks-allowed-secret-harvesting-of-twitter-and-facebook-user-data/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
資安攻防搶旗賽 台灣隊獲第3
http://bit.ly/34mzAi8

台灣首次量子加密通訊測試 宣告加入「量子復仇者」
https://udn.com/news/story/7314/4188487?from=udn-catebreaknews_ch2

面對量子電腦時代 清大教授成功研發量子加密技術
https://www.rti.org.tw/news/view/id/2042848

多家資安業者與非營利組織聯手抵制跟蹤軟體
https://ithome.com.tw/news/134367

11/28(五)黑色星期五?為何不是 13 號的星期五也叫可以是黑色
https://blog.trendmicro.com.tw/?p=62789

Google揭露多個由政府資助的攻擊與虛假訊息行動
https://ithome.com.tw/news/134445

駭客盜用臉書私訊工程師誤陷中獎圈套遭騙500
http://bit.ly/33lg7gs

利用系統漏洞盜竊賬戶資金重慶警方搗毀跨省黑客團伙
https://www.chinanews.com/sh/2019/11-27/9018180.shtml

利用系統漏洞盜竊賬戶資金
http://www.xinhuanet.com/local/2019-11/27/c_1125278036.htm

研究人員假冒美國鎮長取得.gov網址
https://www.ithome.com.tw/news/134478

新型態爬蟲惡意攻擊來襲,企業該如何成功抵禦
https://buzzorange.com/techorange/2019/11/28/zerone-akamai/

玩交友軟體遇「當過兵熟女」!他一句話揭「駭客入侵」真相
https://www.setn.com/news.aspx?NewsID=642190

比利時代表團訪陸 遭密集網攻
http://bit.ly/2rvdzif

比利時訪華團遭黑客密集網攻 更多細節曝光
http://www.epochtimes.com/b5/19/11/24/n11677893.htm

比利時經貿團訪問北京上海 傳遭網攻每小時135次
http://m.secretchina.com/news/b5/2019/11/24/914579.html

資安人才斷層 數位安全職缺達407萬
http://bit.ly/2qJnjW6

台灣資安人才庫小而美 國際大廠也認證
https://www.cna.com.tw/news/ait/201911240190.aspx

BSI揭露2019下半年最新國際資安動態,資安與隱私保護成全球企業永續經營評比要點
https://www.ithome.com.tw/news/134466

資安疑慮未消 美陸軍學員穿制服不准玩抖音
https://www.cna.com.tw/news/aopl/201911230054.aspx

美陸軍禁軍人影像上傳抖音 我國軍暫未設防
https://udn.com/news/story/10930/4184292

優秀俄國通!希爾嚴肅務實、注重細節、凡事警戒
http://bit.ly/34ipoXU

間諜爆中建20萬假帳號滲台 資安專家:恐怕不只
https://www.setn.com/News.aspx?NewsID=641508

中20萬假帳號滲台 專家:恐怕不只
http://bit.ly/34dAkWI

共諜是逃逸詐欺犯?王丹:中共說法不足信
http://www.epochtimes.com/b5/19/11/24/n11677194.htm

【共諜滲透】王立強接受澳洲節目專訪 重申參與滲透
https://tw.news.appledaily.com/politics/realtime/20191125/1668312/

共諜爆中國介入台灣選舉 溫朗東:可信的理由有3點
https://news.ltn.com.tw/news/politics/breakingnews/2987715

上海公安指「中國特工」王立強是詐騙犯 韓國瑜酸民進黨:這次不是塞一棟房子給我
https://www.storm.mg/article/1984225

24歲當上特工「鬼扯淡」10漏洞可疑 陳虎門:沒可能跨台港澳做諜報
https://tw.appledaily.com/highlight/20191125/4RACBNC5YJSOELAD4MPAS62EUI/

年僅26歲竟參與橫跨台、港、澳洲諜報工作? 這個「中國間諜」涉冒認國安 騙澳洲人辛束460萬
http://bit.ly/2D9GJX0

王立強共諜案 情報老幹部批王立強吹牛
http://www.bcc.com.tw/newsView.3780500

「共諜案」漏洞百出 台當局操弄假間諜案遭打臉
https://news.sina.com.tw/article/20191125/33435870.html

「網路作戰多為年輕人」 國安人士:翁衍慶稱王立強乳臭味乾 理解顯然有落差
https://www.ettoday.net/news/20191125/1587579.htm

五毛與他們的產地!共諜案抖出「軍委情報局」大揭密
https://www.setn.com/News.aspx?NewsID=642305

統促染紅全台30宮廟?傳利用財務漏洞恐淪中資洗錢據點
https://www.setn.com/news.aspx?NewsID=642104

盤旋在中亞上空的陰影-黃金雕(APT-C-34)組織攻擊活動揭露
http://blogs.360.cn/post/APT-C-34_Golden_Falcon.html

攻擊事件大幅增加!芬蘭透過網路模擬預防駭客以比特幣勒索軟體
https://news.knowing.asia/news/b4994437-200e-4ac6-9b50-db86479d6297

菲國爆國安危機!電力設備採「華為」技術 中國可遠端斷電
https://www.setn.com/News.aspx?NewsID=642675

美陸軍BCT資安、電磁通訊專才缺很大
http://bit.ly/2XUMrpd

美驗證「前進防禦」網路戰略 制敵機先
https://www.ydn.com.tw/News/361971

美國安顧問:華為就像是特洛伊木馬 德國應該把它燒掉
https://ec.ltn.com.tw/article/breakingnews/2991960

西班牙國防部禁用華為設備 華為「我們最重視資安」
https://tw.appledaily.com/gadget/20191129/M42XTLNRVXFUTZ7DF5ZYS2KE2U/

捷克情報局發布報告 點名俄中間諜活動構成威脅
https://www.cna.com.tw/news/aopl/201911260354.aspx

捷情報安全局:中共和俄羅斯對捷克安全構成威脅
https://www.soundofhope.org/post/316859?lang=b5

中俄間諜最猖獗 捷克情報局發布報告披露
https://www.secretchina.com/news/b5/2019/11/28/914903.html

2億監視器注視14億人!侵犯隱私無孔不入,但人們說「攝像頭使我感到安全」
https://www.storm.mg/article/2002352

How Cybersecurity Helps Build a Digital India
https://www.bankinfosecurity.in/how-cybersecurity-helps-build-digital-india-a-13437

Extensive hacking operation discovered in Kazakhstan
https://www.zdnet.com/article/extensive-hacking-operation-discovered-in-kazakhstan/#ftag=RSSbaffb68

Defecting Chinese spy offers information trove to Australian government
https://www.theage.com.au/national/defecting-chinese-spy-offers-information-trove-to-australian-government-20191122-p53d1l.html

Microsoft Moves Toward DNS Over HTTPS
https://www.bankinfosecurity.com/microsoft-moves-toward-dns-over-https-a-13421

Renewed calls for dedicated Australian cyber minister and cyber leadership
https://www.zdnet.com/article/renewed-calls-for-dedicated-australian-cyber-minister-and-cyber-leadership/#ftag=RSSbaffb68

The RIPE NCC has run out of IPv4 Addresses
https://www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addresses

A hacking group is hijacking Docker systems with exposed API endpoints
https://www.zdnet.com/article/a-hacking-group-is-hijacking-docker-systems-with-exposed-api-endpoints/#ftag=RSSbaffb68

Exploit kits are slowly migrating toward fileless attacks
https://www.zdnet.com/article/exploit-kits-are-slowly-migrating-toward-fileless-attacks/#ftag=RSSbaffb68

In just three months, Google sent 12k warnings about government-backed attacks
https://www.zdnet.com/article/in-just-three-months-google-sent-12k-warnings-about-government-backed-attacks/#ftag=RSSbaffb68

Cybercriminals primarily targeting e-commerce apparel sites:Kaspersky
https://www.aninews.in/news/tech/internet/cybercriminals-primarily-targeting-e-commerce-apparel-sites-kaspersky20191126233314/

Latest Kali Linux OS Added Windows-Style Undercover Theme for Hackers
https://thehackernews.com/2019/11/kali-linux-undercover-mode.html

Hacker stole unreleased music and then tried to frame someone else
https://www.zdnet.com/article/hacker-stole-unreleased-music-and-then-tried-to-frame-someone-else/#ftag=RSSbaffb68

Watchdog Finds DOE Falling Short on Cybersecurity
https://www.bankinfosecurity.com/watchdog-finds-doe-falling-short-on-cybersecurity-a-13450

The Security Interviews: Do cyber weapons need a Geneva Convention
https://www.computerweekly.com/news/252474516/The-Security-Interviews-Do-cyber-weapons-need-a-Geneva-Convention

Hotel front desks are now a hotbed for hackers
https://www.zdnet.com/article/hotel-front-desks-are-now-a-hot-target-for-hackers/

A decade of hacking: The most notable cyber-security events of the 2010s
https://www.zdnet.com/article/a-decade-of-hacking-the-most-notable-cyber-security-events-of-the-2010s/#ftag=RSSbaffb68

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
資安做半套?Disney +傳重大BUG 千名用戶帳號遭駭
https://www.ctwant.com/article/15268

美國電信大廠T-Mobile遭駭客入侵! 超過百萬用戶個資外洩
https://www.ettoday.net/news/20191125/1587620.htm

OnePlus 網站兩年內第二度外洩用戶個人資料
https://chinese.engadget.com/2019/11/24/oneplus-data-breach/

OnePlus手機用戶個資外洩! 官方證實遭駭...兩年內第二度爆發資安問題
https://www.ettoday.net/news/20191125/1587381.htm

中國手機製造商OnePlus再傳客戶資料外洩
https://www.ithome.com.tw/news/134410

OnePlus使用者資料再度外洩 恐面臨網路釣魚風險
https://www.chinatimes.com/realtimenews/20191125003228-260412?chdtv

中國如何利用假消息影響台灣選舉
https://www.youtube.com/watch?v=7FHgoNgU4d0&feature=

習慣用臉書、推特帳號註冊其他App的用戶注意了!個資恐遭不正當存取
https://www.ettoday.net/news/20191126/1588234.htm

臉書註冊其他App!當心個資大外洩
http://bit.ly/2rtJjVi

兩支 Android App 使用 Facebook、Twitter 登入機制竊取數百名用戶個資
https://www.twcert.org.tw/tw/cp-104-3098-f58a6-1.html

購物季來了,小心激增的網釣與詐騙網站
https://www.ithome.com.tw/news/134450

近年常見 3 大進階釣魚詐騙手法,企業的郵件安全跟緊節奏了嗎
https://www.openfind.com.tw/taiwan/markettrend_detail.php?news_id=24576

個資恐遭盜用 登機證別印了
http://bit.ly/2qEhCJj

保良局陳守仁小學收生資料外泄 校方已報警及加強網絡防火牆
http://bit.ly/2OqJ5XN

陳守仁小學資料庫疑被入侵 學生出生年月及住址外洩
https://hk.on.cc/hk/bkn/cnt/news/20191127/bkn-20191127213806283-1127_00822_001.html

史上最大級資料外洩事件,12億人個資未經保護對外曝光
https://www.twcert.org.tw/tw/cp-104-3096-9b0ac-1.html

Facebook 與 Twitter 警告部分用家資料因惡意軟件被不當取閱
https://unwire.pro/2019/11/28/facebook-and-twitter-says-users-gave-improper-access-to-personal-data/security/

洩漏大量個資!智慧型兒童手錶存安全隱患
https://news.knowing.asia/news/065da708-95a4-4d88-9c75-e6cec1949135

廉價兒童智慧手錶洩漏超過 5000 筆兒童資訊,攻擊者還能以父母身分去電與之對話
https://www.kocpc.com.tw/archives/294412

台日聯手詐騙中國人 跨國犯罪恐成治安漏洞
https://www.mirrormedia.mg/story/20191128soc005

台詐欺犯赴日騙陸人!「日本山口組」背後疑暗中協助 邀台嫌求幫「教育訓練」
https://www.ettoday.net/news/20191128/1590428.htm

釣魚郵件換成簡訊捲土重來 資安專家提醒三原則遠離詐騙
https://newtalk.tw/news/view/2019-11-28/333168

黑色星期五將至,線上購物小心假商城App,美國前10大購物網站有超過6,000個假分身
https://ithome.com.tw/news/134493

慶祝LINE滿8歲、8種貼圖免費抽? 當心個資遭詐騙
https://www.ctwant.com/article/15977

網路釣魚以 Microsoft 用戶為大宗,其次為 PayPal、DHL 和 Dropbox
https://blog.trendmicro.com.tw/?p=62601

「黑色星期五」與「黑色星期五」有何不同
https://www.setn.com/news.aspx?NewsID=644602

「飯店復仇者」鎖定飯店PoS竊取客戶信用卡個資
https://www.ithome.com.tw/news/134508

歐洲最大級飯店訂房系統公司近 1TB 旅客資料於網路曝光
https://www.twcert.org.tw/tw/cp-104-3089-ffd48-1.html

November shopping – do it the smart way
https://blog.checkpoint.com/2019/11/26/november-shopping-do-it-the-smart-way/

Security lapse exposes personal data of 6,500 Singapore accountants
https://www.zdnet.com/article/security-lapse-exposes-personal-data-of-6500-singapore-accountants/#ftag=RSSbaffb68

Data Enrichment, People Data Labs and Another 622M Email Addresses
https://www.troyhunt.com/data-enrichment-people-data-labs-and-another-622m-email-addresses/

T-Mobile discloses security breach impacting prepaid customers
https://www.zdnet.com/article/t-mobile-discloses-security-breach-impacting-prepaid-customers/

T-Mobile
https://www.t-mobile.com/customers/6305378822

Macys.com checkout page hacked; customers advised to be vigilant of fraud
http://bit.ly/2QPKlWh

Unsecured Server Exposed Records of 1.2 Billion: Researchers
https://www.bankinfosecurity.com/unsecured-server-exposed-records-12-billion-researchers-a-13441

Target Sues Insurer Over 2013 Data Breach Costs
https://www.bankinfosecurity.com/target-sues-insurer-over-2013-data-breach-costs-a-13435

PayMyTab Exposes Restaurant Customer Data: Report
https://www.bankinfosecurity.com/paymytab-exposes-restaurant-customer-data-report-a-13425

1.2 Billion Records Found Exposed Online in a Single Server
https://www.wired.com/story/billion-records-exposed-online/

Personal And Social Information Of 1.2 Billion People Discovered In Massive Data Leak
https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/

Cheap kids smartwatch exposes the location of 5,000+ children
https://www.zdnet.com/article/cheap-kids-smartwatch-exposes-the-location-of-5000-children/#ftag=RSSbaffb68

Estafa: cuidado con las promociones falsas de hamburguesas en Facebook
http://www.agenciafe.com/nota/315776-Estafa-cuidado-con-las-promociones-falsas-de-hamburguesas-en-Facebook

Mimecast threat intelligence report analyzes 99 billion rejected emails
https://securitynewsdesk.com/mimecast-threat-intelligence-report/

Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains
https://krebsonsecurity.com/2019/11/sale-of-4-million-stolen-cards-tied-to-breaches-at-4-restaurant-chains/

The lure of PSD2
https://www.anomali.com/blog/the-lure-of-psd2

クッキー情報での個人特定防止へ 利用者同意義務付け
https://www.nikkei.com/article/DGXMZO52674070X21C19A1MM8000/

Same Phishing Risks Faced By Start-Ups and Big Corporations
https://www.ehackingnews.com/2019/11/same-phishing-risks-faced-by-start-ups.html

CERT-In Issues Advisory for OnePlus Data Breach
https://www.bankinfosecurity.in/cert-in-issues-advisory-for-oneplus-data-breach-a-13454

Tackling Vietnam’s online fraud rates
https://www.bobsguide.com/guide/news/2019/Nov/28/tackling-vietnams-online-fraud-rates/

Singapore government pledges to improve data security with new measures
https://www.zdnet.com/article/singapore-government-pledges-to-improve-data-security-with-new-measures/#ftag=RSSbaffb68

Palo Alto Networks hit by major data breach
https://www.techradar.com/news/palo-alto-networks-hit-by-major-data-breach

Facebook Breach Victims Can Sue For 'Reasonable' Security
https://www.bankinfosecurity.eu/facebook-breach-victims-sue-for-reasonable-security-a-13455

E.研究報告
jQuery 模擬網頁檔案上傳
https://blog.darkthread.net/blog/jquery-simulate-file-upload/

收藏吧!學習安裝黑Apple的11個網站
http://bit.ly/2qHbgZB

WebLogic EJBTaglibDescriptor XXE漏洞(CVE-2019-2888)分析
https://www.freebuf.com/vuls/218565.html

WebLogic 反序列化漏洞(CVE-2019-2890)分析
https://paper.seebug.org/1069/

通過RDP反向攻擊mstsc
https://paper.seebug.org/1074/

針對製藥行業及政企的黑客組織最新攻擊活動深度分析
https://paper.seebug.org/1073/

只是想學習外語,卻被拿了system shell
https://paper.seebug.org/1070/

WebShell文件上傳漏洞靶場第一關
https://www.77169.net/html/246188.html

騰訊安全:弱口令密碼再遭爆破新型木馬瞄準企業SQL數據庫下手
http://news.cnw.com.cn/news-china/htm2019/20191125_325073.shtml

勒索軟件“變形術”升級大規模垃圾郵件瞄準銀行
http://bit.ly/33hQixN

gRPC 服務使用指定 IP 做為端點的疑難排解
https://dotblogs.com.tw/supershowwei/2019/11/25/090233

迄今爲止最嚴重的容器逃逸漏洞:Docker cp 命令漏洞分析(CVE-2019-14271)
https://www.chainnews.com/zh-hant/articles/988030951825.htm

在Linux 容器中對php-fpm緩衝區溢出漏洞的複現分析( CVE-2019-11043 )
https://www.4hou.com/vulnerable/21591.html

Flan Scan:Cloudflare開源輕量級網絡漏洞掃描軟件
https://www.freebuf.com/column/221087.html

CVE-2019-14271:Docker copy漏洞分析
https://xz.aliyun.com/t/6806

在 Linux 容器中對 php-fpm 緩衝區溢出漏洞的復現分析 ( CVE-2019-11043 )
https://www.chainnews.com/zh-hant/articles/369248184808.htm

網站安全之用戶信息洩露漏洞案例分享
http://blog.itpub.net/31542418/viewspace-2665988/

無人機的資安威脅與傳輸協議》背後操控者只有一個人
https://secbuzzer.co/post/145

看我如何用一美分購買VPS服務和網站空間
https://www.freebuf.com/vuls/220623.html

漏洞驗證和利用代碼編寫指南
https://mlog.club/article/1950878

CVE-2019-17671:如何查看WordPress未授權文章
https://www.freebuf.com/vuls/218876.html

PHP與JAVA之XXE漏洞詳解與審計
https://xz.aliyun.com/t/6829

個案分析-假冒寄件者回信之網路釣魚攻擊事件分析報告_10811
https://cert.tanet.edu.tw/prog/opendoc.php?id=20191122031110101466188805578.pdf

マルウエア Emotet の感染活動について
https://www.jpcert.or.jp/newsflash/2019112701.html

攻撃グループBlackTechが使うダウンローダIconDown
https://blogs.jpcert.or.jp/ja/2019/10/IconDown.html

OSINT Investigations on TikTok
https://www.secjuice.com/osint-investigations-on-tiktok/

Spam and phishing in Q3 2019
https://securelist.com/spam-report-q3-2019/95177/

Impersonating JA3 Fingerprints
https://medium.com/cu-cyber/impersonating-ja3-fingerprints-b9f555880e42

Google CTF 2019 Finals solutions
https://github.com/google/google-ctf/blob/master/2019/finals/solutions.pdf

Cross-site scripting (XSS) cheat sheet
https://paper.seebug.org/1077/

SATURN Software deobfuscation framework based on LLVM
https://blog.zimperium.com/saturn-software-deobfuscation-framework-based-on-llvm/

fboldewin/COM-Code-Helper
https://github.com/fboldewin/COM-Code-Helper/

SQL Injection Payload List
https://amp.kitploit.com/2019/11/sql-injection-payload-list.html

DDoor - cross platform backdoor using dns txt records
https://github.com/rek7/ddoor

Ghidra Dev Series
https://reversing.technology/

The Internals of AppLocker - Part 1 - Overview and Setup
https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-1.html

The Internals of AppLocker - Part 2 - Blocking Process Creation
https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-2.html

The Internals of AppLocker - Part 3 - Access Tokens and Access Checking
https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-3.html

The Internals of AppLocker - Part 4 - Blocking DLL Loading
https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-4.html

Uncommon SQL Database Alert - Informix SQL Injection
https://labs.f-secure.com/blog/uncommon-sql-database-alert-informix-sql-injection

Bug Hunting in Synology NAS
http://powerofcommunity.net/poc2019/Qian.pdf

Exploiting IOSurface 0
http://powerofcommunity.net/poc2019/Liang.pdf

Safari Adventure:A Dive into Apple Browser Internals
http://powerofcommunity.net/poc2019/Zhiyang.pdf

Building Fast Fuzzers
https://arxiv.org/pdf/1911.07707.pdf

A Practical Introduction to the Code Analysis Platform Joern
https://fabs.codeminers.org/talks/2019-joern.pdf

CVE-2019–12757: Local Privilege Escalation in Symantec Endpoint Protection
https://posts.specterops.io/cve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6

Extracting cipher key from WhatsApp on Android >= 7 without root
https://plainsec.org/extracting-cipher-key-from-whatsapp-on-android-7-and-greater-without-root/

How can I encrypt with a RSA private key in python
https://stackoverflow.com/questions/51228645/how-can-i-encrypt-with-a-rsa-private-key-in-python

Getting Malicious Office Documents to Fire with Protected View Enabled
https://medium.com/@curtbraz/getting-malicious-office-documents-to-fire-with-protected-view-4de18668c386

APT_CyberCriminal_Campagin_Collections
https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections

init.engineer
https://github.com/init-engineer/init.engineer

Anti-virus Exploitation: Local Privilege Escalation in K7 Security (CVE-2019-16897)
https://0x00sec.org/t/anti-virus-exploitation-local-privilege-escalation-in-k7-security-cve-2019-16897/17655

How to check DDOS attack with command-line on Linux
https://meterpreter.org/how-to-check-ddos-attack-with-command-line-on-linux/amp/

卡巴斯基產品有漏洞,恐遭其他網站關閉防護功能,官方連修三次
https://ithome.com.tw/news/134442

Kaspersky online protection API left open to abuse by websites
https://www.zdnet.com/article/kaspersky-online-protection-api-left-open-and-ripe-for-abuse-by-websites/#ftag=RSSbaffb68

Kaspersky: The art of keeping your keys under the door mat
https://palant.de/2019/11/25/kaspersky-the-art-of-keeping-your-keys-under-the-door-mat/

Internal Kaspersky API exposed to websites
https://palant.de/2019/11/26/internal-kaspersky-api-exposed-to-websites/

ctftraining
https://hub.docker.com/u/ctftraining

InfoSec Black Friday Deals 2019
https://github.com/CyberMonitor/InfoSec-Black-Friday

BullsEye0/google_dork_list
https://github.com/BullsEye0/google_dork_list

Know your Resources, be your Knowledge
https://malwareanalysis.co/

Product Warning! Chinese children’s watch reveals thousands of children’s data
https://www.iot-tests.org/2019/11/product-warning-chinese-childrens-watch-reveals-thousands-of-childrens-data/

F.商業
Google 大手筆推出 Pixel 漏洞賞金計畫,最高獎金 150 萬美元
https://technews.tw/2019/11/22/google-pixel-bug-bounty-1-5-million-dollars/

做好「隨時被駭」準備,App資安先驅果核數位:滴水不漏的資安保護過時了
https://www.bnext.com.tw/article/55625/digicentre-cybersecurity-app

SaltStack推SecOps解決方案可自動發現並修復安全漏洞
https://ithome.com.tw/news/134400

思科揪台廠 強攻智慧城市
https://money.udn.com/money/story/5612/4189530

關貿網路推動校園資安--資安意識從小落實
https://www.trade-van.com/news/index.do?act=detail&articleId=876

迎接物聯網時代 資策會推出零距離裝置管理服務
https://www.chinatimes.com/realtimenews/20191127003915-260412?chdtv

思科攜手8大台廠推「智慧城市」,為什麼創新應用示範中心選定落腳桃園
https://www.bnext.com.tw/article/55679/cisco-taoyuan-smartcity

零壹攜手Akamai共推360度資安防護 全方位抵禦駭客威脅
https://www.zerone.com.tw/Content/Product/CBCABE42C4188833

德明科大資科系與數聯資安公 簽訂實習備忘錄
https://news.sina.com.tw/article/20191129/33488348.html

趨勢強攻軟體定義運算工作負載防護 市占率第一
https://money.udn.com/money/story/5613/4194719

Industrial Threat Detector, ITD工控安全威脅偵測設備
https://www.iii.org.tw/Product/TechLensDtl.aspx?tp_sqno=t2vJaO%2FvNBeeQTGZyDcp%2FQ__&fm_sqno=72

Edge vs. Chrome: Microsoft's Tracking Prevention hits Google the hardest
https://www.zdnet.com/article/with-its-new-edge-browser-microsoft-takes-dead-aim-at-google/#ftag=RSSbaffb68

DocuSign: How it plans to expand from e-signature to digital transformation engine, agreement cloud
https://zd.net/2OcwNlL

Expanding the Android Security Rewards Program
https://security.googleblog.com/2019/11/expanding-android-security-rewards.html

Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software
https://thehackernews.com/2019/11/vnc-remote-software-hacking.html

Buguroo raises $11 million to detect banking fraud with deep learning and behavioral biometrics
https://venturebeat.com/2019/11/26/buguroo-raises-11-million-to-detect-banking-fraud-with-deep-learning-and-behavioral-biometrics/

G.政府
調查局長呂文忠:國安問題進階至假訊息滲透
https://udn.com/news/story/7321/4181820

財政資訊中心培養資安自主人力,解決過度委外所面臨的風險問題
https://ithome.com.tw/news/134370

民進黨莫一意孤行!30個民團籲「晶片身分證」33億印製案應暫停結標
https://www.coolloud.org.tw/node/93726

民進黨推反滲透法草案 29日逕付二讀
http://www.epochtimes.com/b5/19/11/24/n11677196.htm

稅式支出報告未落實 藏漏洞
https://money.udn.com/money/story/6710/4185332

陸資買大同恐成國安漏洞? 金管會重啟調查
https://udn.com/news/story/7238/4185922

資安就是國安,資策會協助台灣科技製造業外銷,建立國際級資安防護
https://www.inside.com.tw/article/18205-iiiorg2019-info-secure

經濟部水利署109年度數位管理系統-表單及差勤資安強化計畫
https://www.wra.gov.tw/6950/6951/7215/7216/429520/

中國大陸滲透台灣選戰? 柯文哲:每天只喊賊來了沒有用
https://www.nownews.com/news/20191125/3777360/

空軍嵩山雷達站反制無人機入侵 槍械硬殺擊落
https://udn.com/news/story/10930/4188050

張善政:官民合作才能抗對岸網軍
https://www.chinatimes.com/realtimenews/20191127001768-260407?chdtv

張善政:資安不能與國際脫軌 兩岸資安戰無一日平靜
https://udn.com/news/story/6656/4189927

攜手國際組織提升資安聯防!立委許毓仁促成CSCIS亞太總部落地台灣
http://bit.ly/2KZodVD

資安組織落地台灣 張善政:強化人力編制
https://anntw.com/articles/20191127-1xH8

有話好說 20191128 明年換數位身分證!資安疑慮?隱私保障
http://bit.ly/2Dn5gIf

批民進黨傲慢 徐永明:反滲透法只做半套
https://udn.com/news/story/6656/4194811

政府機關資安弱點通報機制 推廣說明會_機關分享 勞動部分享
http://bit.ly/2XYTFs4

政府機關資安弱點通報機制推動規劃
http://bit.ly/2L5GZul

政府機關資安弱點通報機制 推廣說明會_機關分享 交通部分享
http://bit.ly/2P0WGEy

H.ICS/SCADA 工控系統
Siemens Polarion webclient 跨站脚本漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13935

I.教育訓練
CEH vs. CompTIA PenTest+: Thoughts from a Penetration Tester
http://bit.ly/2XBRJWw

邁向 Linux 工程師之路:Superuser 一定要懂的技術與運用, 2/e (How Linux Works: What Every Superuser Should Know, 2/e)
https://www.tenlong.com.tw/products/9789864344383

進入駭客的思考領域 — 從 DEVCORE CONF 學駭客思維
https://medium.com/starbugs/learn-hacker-thinking-b6bb4f189e3a

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
台灣藝人錯誤示範!一邊吃麵「試驗」自動駕駛
http://bit.ly/2OfZ0IA

有效的 IoT 資安該從何著手
https://blog.trendmicro.com.tw/?p=62594

No stars for Australia's missing IoT cyber stars
https://www.zdnet.com/article/no-stars-for-australias-missing-iot-cyber-stars/#ftag=RSSbaffb68

IoT Security: 20 Years Behind Enterprise Computing
https://www.bankinfosecurity.asia/interviews/iot-security-20-years-behind-enterprise-computing-i-4516

Finns Label Cyber-Secure IoT Devices
https://www.infosecurity-magazine.com/news/finns-label-cybersecure-iot-devices/

6.近期資安活動及研討會
 交通大學亥客書院-B015:惡意程式檢測 11/30
 https://hackercollege.nctu.edu.tw/?p=1098

 亞洲‧矽谷學院108年免費認證考試 11/30
 https://college.asvda.org.tw/

 Docker 容器技術實作(201911)  11/30
 https://buy.techbang.com/products/97b497fb?from=home_news

 The Dungeons of Hackers Conference 2019 - 駭客的地下城 11/30
 https://tdohackerparty.kktix.cc/events/tdoh-conf-2019

 5G x AI資安關鍵技術研討會 Cybersecurity 5G x AI Workshop 12/2
 https://ievents.iii.org.tw/EventS.aspx?t=0&id=763

 新竹網絡安全日 Cybersecurity Day Hsinchu 108年 邀请函 12/3
 https://www.accupass.com/event/1911080348403103587380

 Digital Summit Dallas  12/4
 https://infosec-conferences.com/events-in-2019/digital-summit-dallas/

 Kansas City Cyber Security Conference 12/5
 https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/

 CyberMaryland Conference 12/5 ~ 12/6
 https://infosec-conferences.com/events-in-2019/cybermaryland-conference/

 Vue.js 新手村,前端實戰入門 12/7
 https://hackersir.kktix.cc/events/20191112vuejs

 FutureCon Nashville Cyber Security Conference 12/11
 https://infosec-conferences.com/events-in-2019/futurecon-nashville/

 「Log管理 x 營業秘密」研討會 12/11
https://www.accupass.com/event/1911110922137590408650

 Utility Cyber Security Forum December 12/11
 https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/

 交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦  12/14
 https://hackercollege.nctu.edu.tw/?p=1094

 台灣駭客年會 HITCON Winter Training 2019 12/16
 https://hitcon.kktix.cc/events/hitcon-winter-training-2019

 台灣駭客年會 HITCON Winter Training 2019 - 學生報名 12/16
 https://hitcon.kktix.cc/events/hitcon-winter-training-2019-student

 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

 PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
 https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world

沒有留言:

張貼留言

2024年 12 月份資安、社群活動分享

  2024年 12 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/3 https://www.meetup.com/taiwan-code-camp/e...