資安事件新聞週報 2019/11/25 ~ 2019/11/29
1.重大弱點漏洞/後門/Exploit/Zero Day
Google 已發布安全更新以解決多個產品中的弱點
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html
CWE公布2019年最危險的25個軟體錯誤
https://www.ithome.com.tw/news/134475
Fortinet 多個產品存在加密金鑰弱點,可能造成中間人成功竊聽或披露機敏資訊
https://fortiguard.com/psirt/FG-IR-18-100
TOP25 漏洞類型 8 年後首次迎來更新
https://www.chainnews.com/zh-hant/articles/142025348603.htm
phpMyAdmin 遠端執行任意程式碼漏洞
https://www.phpmyadmin.net/security/PMASA-2019-5/
Red Hat JBoss Enterprise Application Platform 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.4484/
部份Fortinet產品加密金鑰漏洞,可讓駭客竊聽用戶活動
https://ithome.com.tw/news/134415
一加公佈個人信息安全漏洞並向受影響客戶致歉
https://www.cnbeta.com/articles/tech/913985.htm
TP-Link TL-WR841N 遠端執行程式碼漏洞
https://www.zerodayinitiative.com/advisories/ZDI-19-992/
ClamAV CVE-2013-7088
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7088
ClamAV CVE-2013-7087
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7087
Google Project Zero描述了一個Android 0day 漏洞Bad Binder
https://www.cnbeta.com/articles/tech/913821.htm
Google Project Zero詳細描述高危Android零日漏洞
http://www.360.cn/n/11343.html
Kaspersky 產品多個漏洞
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1
Kali Linux推出2019.4新版,可把Android手機用作Linux桌面電腦
https://www.ithome.com.tw/news/134489
4款VNC開源專案含有37個安全漏洞
https://www.ithome.com.tw/news/134412
37 Vulnerabilities Found in 4 Popular Open-Source VNC Remote Access Software
https://gbhackers.com/37-vulnerabilities-vnc/
Apache Solr CVE-2019-12409
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12409
Code Execution Vulnerability Found In TeamViewer – Patch Now
https://latesthackingnews.com/2019/11/18/code-execution-vulnerability-found-in-teamviewer-patch-now/
Microsoft christens Windows 10 20H1 as Windows 10 2004; preps to start testing its successor
https://www.zdnet.com/article/microsoft-christens-windows-10-20h1-as-windows-10-2004-preps-to-start-testing-its-follow-on/#ftag=RSSbaffb68
Microsoft Outlook for Android Bug Opens Door to XSS
https://threatpost.com/microsoft-outlook-android-bug-xss/150528/
Apple plans to make iOS upgrades less awful (and knew how terrible iOS 13 was)
https://www.zdnet.com/article/apple-plans-to-make-ios-upgrades-less-awful-and-knew-how-terrible-ios-13-was/#ftag=RSSbaffb68
【資安漏洞預警】Openfind MAIL2000 Webmail Pre-Auth Cross-Site Scripting and Open Redirect
https://net.nthu.edu.tw/2009/mailing:announcement:20191121_01
New bypass disclosed in Microsoft PatchGuard (KPP)
https://www.zdnet.com/article/new-bypass-disclosed-in-microsoft-patchguard-kpp/#ftag=RSSbaffb68
Instagram信息泄露漏洞
https://securityaffairs.co/wordpress/91253/hacking/instagram-bug-data-exposure.html
IBM Security Identity Manager CVE-2019-4561
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-4561
IBM WebSphere Application Server 遠端執行程式碼漏洞
https://www.ibm.com/support/pages/node/1115085
PostgreSQL CVE-2015-3166
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3166
postgresql-common CVE-2019-3466
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3466
Symantec Endpoint Protection CVE-2019-18372
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-18372
Symantec Endpoint Protection CVE-2019-12758
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12758
Symantec Endpoint Protection Manager (SEPM) CVE-2019-12759
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12759
Some Fortinet products shipped with hardcoded encryption keys
https://www.zdnet.com/article/some-fortinet-products-shipped-with-hardcoded-encryption-keys/#ftag=RSSbaffb68
Exploit code published for dangerous Apache Solr remote code execution flaw
https://www.zdnet.com/article/exploit-code-published-for-dangerous-apache-solr-remote-code-execution-flaw/#ftag=RSSbaffb68
Splunk Faces Y2K Bug-Like Problem Unless Patched
https://www.bleepingcomputer.com/news/security/splunk-faces-y2k-bug-like-problem-unless-patched/#.XdzjVczg8mQ.twitter
Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps
https://blog.trendmicro.com/trendlabs-security-intelligence/patched-gif-processing-vulnerability-cve-2019-11932-still-afflicts-multiple-mobile-apps/
Top 25 Most Dangerous Vulnerabilities Refreshed After 8 Years
https://www.bleepingcomputer.com/news/security/top-25-most-dangerous-vulnerabilities-refreshed-after-8-years/#.Xd44POT58iQ.twitter
Adobe discloses security breach impacting Magento Marketplace users
https://www.zdnet.com/article/adobe-discloses-security-breach-impacting-magento-marketplace-users/#ftag=RSSbaffb68
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
全球首張資安保險專業資格國際證書
https://ctee.com.tw/industrynews/activity/178876.html
國泰產險榮獲英國標準協會頒發資安品質精銳獎
https://www.cdns.com.tw/articles/61406
迎向開放 金管會3步推動
https://tw.appledaily.com/finance/20191124/BSJ36OJXWV2D4R6V5HIWCJGNZU/
四大數位專才 金融業搶破頭
https://www.chinatimes.com/newspapers/20191124000237-260202?chdtv
新光銀「立碼驗」 將進駐萊爾富
https://udn.com/news/story/7239/4182263
記帳App 搶開放銀行頭香 精準掌控開支 逾25萬下載
https://tw.appledaily.com/finance/20191124/YKADJG44NTU2QZZY5J2Z42GOSQ/
無障礙網銀、APP轉帳,明年6月底前上線
https://www.chinatimes.com/realtimenews/20191125001003-260410
前仆後繼搶進個人金融市場,純網銀業者看中的是什麼
https://www.thenewslens.com/article/127769
金融科技展將登場 證交所送好禮
https://udn.com/news/story/7251/4186699
支付虛實整合 顧立雄:2020年銀行競爭將相當激烈
https://udn.com/news/story/7239/4187854
彰銀 規劃建立資安戰情室
http://bit.ly/2OhWZeK
銀行業 明年迎新戰國時代
http://bit.ly/2OMBUrR
顧立雄:電支電票整合、純網銀開業,明年金融業競爭將越趨激烈
https://ithome.com.tw/news/134427
金總推動FinTech 接軌國際
https://money.udn.com/money/story/5649/4189509
5,630萬美元!英國央行對花旗開出有史以來最高罰單
https://money.udn.com/money/story/5599/4189848
國泰產險 獲BSI頒資安品質精銳獎
https://money.udn.com/money/story/5636/4189261
2019金融科技展搶先看 金融創新聚焦三大領域
https://money.udn.com/money/story/5636/4187702
證交所參展「FinTech Taipei 2019 台北金融科技展」活動
https://www.cdns.com.tw/articles/64002
財金公司捍衛金融資安 滴水不漏
https://money.udn.com/money/story/8944/4189339
金融服務業數位化轉型過程中所面對的法制挑戰
https://udn.com/news/story/6871/4192826
LINE Bank結合AI創新與資安二優勢 預見未來生活金融
https://udn.com/news/story/7239/4193677
LINE Bank 現身台北金融科技展,展示「全民銀行」將結合AI與資安打造生活金融
https://www.techbang.com/posts/74603-line-bank-combines-ai-innovation-with-financial-for-future-life
LINE Bank明年第二季推出!保險、小額貸款都OK
https://www.setn.com/News.aspx?NewsID=644678
開放銀行明年擬朝第2階段邁進 消費者可申請產品與消費資訊
https://www.ettoday.net/news/20191129/1590771.htm
金融科技隱藏資安風險 證交所研擬區塊鏈技術抵禦
https://www.ettoday.net/news/20191129/1590836.htm
純網銀明年上路掀起鯰魚效應 顧立雄讚國銀:每個人都趕上來了
https://www.ettoday.net/news/20191129/1590795.htm
WILL BANKS ALWAYS BE VULNERABLE TO HACKERS
https://builtin.com/cybersecurity/cybersecurity-banking-financial-services
Taiwan's financial regulator: ATMs won't disappear, they'll just become smarter
https://www.atmmarketplace.com/news/taiwans-financial-regulator-atms-wont-disappear-theyll-just-become-smarter/
Hackers now use web skimmers to steal credit card data
https://www.hackread.com/hackers-use-web-skimmers-to-steal-credit-card-data/
Web skimmer phishes credit card data via rogue payment service platform
https://blog.malwarebytes.com/web-threats/2019/11/web-skimmer-phishes-credit-card-data-via-rogue-payment-service-platform/
Two Chinese ATM skimmers arrested in Chon Buri
https://www.nationthailand.com/news/30378636
Quantum Dawn Cyber Exercise Simulates a “Doomsday” Global Ransomware Attack
https://www.cpomagazine.com/cyber-security/quantum-dawn-cyber-exercise-simulates-a-doomsday-global-ransomware-attack/
Full(z) House: a digital crime group using a full deck to maximize profits
https://www.riskiq.com/blog/labs/fullz-house/
Fullz House hackers pivot from phishing to Magecart card skimming attacks
https://www.zdnet.com/article/fullz-house-threat-group-pivots-from-phishing-to-magecart-card-skimming-attacks/#ftag=RSSbaffb68
Magecart Group Switches Up Tactics with MiTM, Phishing
https://threatpost.com/magecart-variant-tactics-mitm-phishing/150628/
RiskIQ exposes MageCart group that has combined data exfiltration techniques
https://www.techspot.com/news/82933-riskiq-exposes-magecart-group-has-combined-data-exfiltration.html
Black Friday Alert: Financial Botnets Primarily Targeting E-Commerce Apparel Sites
https://www.iafrica.com/black-friday-alert-financial-botnets-primarily-targeting-e-commerce-apparel-sites/
Carding and black box attacks: common ATM hacking techniques by Dominique René
https://hakin9.org/carding-and-black-box-attacks-common-atm-hacking-techniques/
Silence APT group eyes APAC banks
https://www.computerweekly.com/news/252468853/Silence-APT-group-eyes-APAC-banks
Joker's Stash Advertises More Stolen Payment Card Data
https://www.bankinfosecurity.com/jokers-stash-advertises-more-stolen-payment-card-data-a-13451
3.電子支付/電子票證/行動支付/ pay/新聞及資安
「行動支付聯合成果展」,行動支付創造優質消費新生活
http://n.yam.com/Article/20191122541671
情侶在超商2元「狂吃猛喝」手法曝光 全場驚:竟沒想到
http://bit.ly/2pVrOg6
4.虛擬貨幣/區塊鍊相關新聞及資安
關於近日門羅幣供應鏈攻擊事件分析
https://paper.seebug.org/1083/
門羅幣錢包之“狸貓換太子”
https://paper.seebug.org/1080/
避免“剁手”假貨?區塊鍊鍊上鍊下數據協同分析
https://paper.seebug.org/1076/
區塊鏈智能合約控制流識別的大規模實驗研究
https://paper.seebug.org/1072/
加密貨幣市場市場崩潰, 因幣安的上海辦事處關閉的負面影響
http://bit.ly/34gQNta
Monero官網遭植入惡意程式,用戶加密貨幣錢包被清光
https://ithome.com.tw/news/134399
無視資安風險? 調查:92% 機構投資者在交易所存幣
https://blockcast.it/2019/11/25/institutional-investors-overwhelmingly-keep-their-cryptos-on-exchanges-despite-the-inherent-security-risks/
區塊鏈局勢總搖擺不定,因其起源與駭客文化有著莫大的關係
https://news.knowing.asia/news/cce3a1b2-2ce7-4e24-b308-78eb41cd84f0
韓國交易所 Upbit 遭駭?公告證實「4 千萬美元異常交易」
https://blockcast.it/2019/11/27/upbit-hack-1127/
爆資安漏洞,Upbit以太幣失竊
http://bit.ly/2OOQi2Y
Upbit 交易所遭駭疑點重重?分析師:不排除「內鬼」可能性
https://blockcast.it/2019/11/28/analysts-suggested-that-upbit-hack-was-actually-an-inside-job/
2019 年 7 大加密貨幣交易所駭客事件
http://bit.ly/2rza8qY
Federal Reserve Report Raises Concerns About 'Stablecoins'
https://www.bankinfosecurity.com/federal-reserve-report-raises-concerns-about-stablecoins-a-13433
Upbit cryptocurrency exchange loses $48.5 million to hackers
https://www.zdnet.com/article/upbit-cryptocurrency-exchange-loses-48-5-million-to-hackers/#ftag=RSSbaffb68
Hackers Steal $49 Million in Ethereum From Upbit Exchange
https://www.bankinfosecurity.com/blogs/hackers-steal-49-million-in-ethereum-from-upbit-exchange-p-2825
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
勒索軟體Dopplepaymer藉由Microsoft Teams散佈? 微軟否認
https://ithome.com.tw/news/134364
新版TrickBot木馬企圖竊取OpenSSH與OpenVPN金鑰
https://www.ithome.com.tw/news/134398
點開就要1.5萬!假冒Windows 10更新通知 郵件暗藏勒索軟體
https://cnews.com.tw/137191125a04/
提供110家療養院服務的IT業者VCPI被勒索軟體纏住了
https://www.ithome.com.tw/news/134431
惡意程式Dexphot以高明手法躲避偵測,8萬台Windows PC變比特幣挖礦機
https://www.ithome.com.tw/news/134440
勒索病毒.攻擊日本中小企業 四成受害
https://news.tvbs.com.tw/focus/1240537
駭客掃瞄網路Docker植入挖礦程式,還修改設定、留下後門
https://ithome.com.tw/news/134470
盤點近幾年勒索病毒使用過的工具和漏洞
https://www.chainnews.com/zh-hant/articles/528492522935.htm
美國綜合醫院Great Plains Health遭勒索軟體攻擊
https://ithome.com.tw/news/134474
惡意挖礦程式防禦指南
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019112705112323343922970986739.pdf
Trickbot Updates Password Grabber Module
https://unit42.paloaltonetworks.com/trickbot-updates-password-grabber-module/
TrickBot Trojan Getting Ready to Steal OpenSSH and OpenVPN Keys
https://www.bleepingcomputer.com/news/security/trickbot-trojan-getting-ready-to-steal-openssh-and-openvpn-keys/
Evaluating Open Source Malware Sandboxes with Linux Malware
https://pdfs.semanticscholar.org/a0c5/f13e0313011b771b80fcc2346af73a127895.pdf
2019-11-21 - DATA DUMP: EMOTET EPOCH 3 INFECTION WITH TRICKBOT GTAG MOR49 AND SPAMBOT TRAFFIC
https://www.malware-traffic-analysis.net/2019/11/21/index.html
Emsisoft releases a new decryptor for Hakbit ransomware
https://blog.emsisoft.com/en/34716/emsisoft-releases-a-new-decryptor-for-hakbit-ransomware/
Official Monero website is hacked to deliver currency-stealing malware
https://arstechnica.com/information-technology/2019/11/official-monero-website-is-hacked-to-deliver-currency-stealing-malware/
Malware creators producing more dangers to mac-OS
https://www.ehackingnews.com/2019/11/malware-creators-producing-more-dangers.html
THE LAZARUS’ GAZE TO THE WORLD: WHAT IS BEHIND THE SECOND STONE
https://blog.telsy.com/the-lazarus-gaze-to-the-world-what-is-behind-the-second-stone/
New SectopRAT Trojan creates hidden second desktop to control browser sessions
https://www.zdnet.com/article/new-sectoprat-malware-creates-hidden-second-desktop-to-control-browser-sessions/#ftag=RSSbaffb68
New SectopRAT: Remote access malware utilizes second desktop to control browsers
https://www.gdatasoftware.com/blog/2019/11/35548-new-sectoprat-remote-access-malware-utilizes-second-desktop-to-control-browsers
Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon
https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
NeverQuest Banking Trojan Co-Creator Sentenced to 4 Years
https://www.bankinfosecurity.com/neverquest-banking-trojan-co-creator-sentenced-to-4-years-a-13439
Ransomware Attackers Leak Stolen Data
https://www.bankinfosecurity.com/ransomware-attackers-leak-stolen-data-a-13438
Microsoft Debunks Dopplepaymer Ransomware Rumors
https://www.bankinfosecurity.com/microsoft-debunks-dopplepaymer-ransomware-rumors-a-13427
Ransomware Analysis: 'Shade' Surges; Other Trends Emerge
https://www.bankinfosecurity.com/ransomware-analysis-shade-surges-other-trends-emerge-a-13424
Microsoft Debunks Dopplepaymer Ransomware Rumors
https://www.bankinfosecurity.asia/microsoft-debunks-dopplepaymer-ransomware-rumors-a-13427
LOCAL GOVERNMENTS: RANSOMWARE ATTACK’S HOTTEST TARGET
https://blog.eccouncil.org/local-governments-ransomware-attacks-hottest-target/
Threat Spotlight: Government Ransomware Attacks
https://blog.barracuda.com/2019/08/28/threat-spotlight-government-ransomware-attacks/
Livingston School District in New Jersey Hit With Ransomware
https://www.bleepingcomputer.com/news/security/livingston-school-district-in-new-jersey-hit-with-ransomware/#.XdtwBP6EUag.twitter
FTCODE Ransomware IOC
https://pastebin.com/eQU3q70z
Clop Ransomware Tries to Disable Windows Defender, Malwarebytes
https://www.bleepingcomputer.com/news/security/clop-ransomware-tries-to-disable-windows-defender-malwarebytes/
Attackers Demand $14 Million Ransom From IT Services Firm
https://www.bankinfosecurity.com/attackers-demand-14-million-ransom-from-services-firm-a-13444
Malware Found Hiding in Fake Income Tax Department Emails, CERT-in Warns
https://dailystockdish.com/malware-found-hiding-in-fake-income-tax-department-emails-cert-in-warns/
Microsoft says new Dexphot malware infected more than 80,000 computers
https://www.zdnet.com/article/microsoft-says-new-dexphot-malware-infected-more-than-80000-computers/#ftag=RSSbaffb68
Insights from one year of tracking a polymorphic threat
http://bit.ly/37IRfT9
Ginp, malware para Android con bancos españoles como objetivo
https://blog.segu-info.com.ar/2019/11/ginp-malware-para-android-con-bancos.html
Un peligroso troyano suplanta las ‘apps’ de siete bancos españoles en Android
https://elpais.com/tecnologia/2019/11/22/actualidad/1574435744_271497.html
Stantinko botnet adds cryptomining to its pool of criminal activities
https://www.welivesecurity.com/2019/11/26/stantinko-botnet-adds-cryptomining-criminal-activities/
Stantinko Botnet nun mit Coinminer ausgestattet
https://www.welivesecurity.com/deutsch/2019/11/26/stantinko-botnet-coinminer/
2019-11-27 - EMOTET EPOCH 3 INFECTED WINDOWS CLIENT AS SPAMBOT
https://www.malware-traffic-analysis.net/2019/11/27/index2.html
Restaurant Chain: Malware Infected PoS Devices
https://www.bankinfosecurity.com/restaurant-chain-malware-infected-pos-devices-a-13449
Dtrack: In-depth analysis of APT on a nuclear power plant
https://www.cyberbit.com/blog/endpoint-security/dtrack-apt-malware-found-in-nuclear-power-plant/
New Ginp banking malware targets credit/debit card information via screen overlay
https://mybrandbook.co.in/redirect.php?p=10738
CRYPSPORT Ransomware Information
https://success.trendmicro.com/solution/000155798-GOSPORT-Ransomware-Information
Double Loaded Zip File Delivers Nanocore
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/double-loaded-zip-file-delivers-nanocore/
B.行動安全 / iPhone / Android /穿戴裝置 /App
澳門下月起「手機實名制」 警擴權可隱藏身分秘密執法
https://tw.appledaily.com/new/realtime/20191121/1666875/
CheckPoint:大量熱門Android程式仍存有已修補的安全漏洞
https://ithome.com.tw/news/134366
WhatsApp 屢傳資安問題,還是商業溝通的首選嗎?Telegram:它永遠都不會安全
https://www.kocpc.com.tw/archives/293653
Apple 決定更改 iOS 14 的開發方式!因 iOS 13 Bugs 太多
http://bit.ly/33a7NzS
為了不再內建Google Maps花數十億美元 蘋果:我們能創造更好的
http://bit.ly/34hzXds
「兩步驟驗證」出現漏洞?Twitter 取消簡訊驗證方案
https://3c.ltn.com.tw/news/38732
英國政府推特轉發「超鹹濕色情片 」 發言人急澄清
https://www.chinatimes.com/realtimenews/20191126003358-260402?chdtv
Facebook 承認曾開發容貌辨識 App 予內部測試
https://unwire.pro/2019/11/26/facebook-confirms-facial-recognition-app/news/
臉書封鎖以色列駭客公司NSO Group員工的私人帳號,被告了
https://www.ithome.com.tw/news/134447
惡意 SDK 洩露用戶 Facebook 、 Twitter 帳戶資料
http://bit.ly/34rsF7k
WhatsApp是如何被利用來監控異見人士的
https://theinitium.com/article/20191127-opinion-cyber-security-whatsapp/
果粉小心 Apple ID 遭駭!手機收到帳單異常簡訊恐藏詐騙陷阱
https://3c.ltn.com.tw/news/38750
當心!異常簡訊藏個資洩漏陷阱 點下去Apple ID恐遭駭
https://money.udn.com/money/story/5621/4193279
果粉注意!資安廠示警:留意釣魚簡訊、當心Apple ID被駭
https://www.ettoday.net/news/20191128/1590134.htm
通訊安全知多少? 抗爭前線的安全觀念不能少
https://lab.ocf.tw/2019/11/21/column/
華為「天價156萬」懸賞黑客,尋找鴻蒙系統漏洞,已經開始滲透
https://kknews.cc/tech/naakkv2.html
臉書驚傳大當機「完全沒有畫面」
http://bit.ly/2ORmAdL
25 歲香港女工程師多次拆解 App 編碼 FB.IG 高層都要 follow 做粉絲
http://bit.ly/37L8Ycw
Smartphone maker OnePlus discloses data breach
https://www.zdnet.com/article/smartphone-maker-oneplus-discloses-data-breach/#ftag=RSSbaffb68
Twitter will finally let users disable SMS as default 2FA method
https://www.zdnet.com/article/twitter-will-finally-let-users-disable-sms-as-default-2fa-method/#ftag=RSSbaffb68
India puts WhatsApp's impending payments service on ice due to data localisation fracas
https://www.zdnet.com/article/india-puts-whatsapps-impending-payments-service-on-ice-due-to-data-localisation-fracas/#ftag=RSSbaffb68
Two third-party SDKs allowed secret harvesting of Twitter and Facebook user data
https://www.zdnet.com/article/two-third-party-sdks-allowed-secret-harvesting-of-twitter-and-facebook-user-data/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
資安攻防搶旗賽 台灣隊獲第3
http://bit.ly/34mzAi8
台灣首次量子加密通訊測試 宣告加入「量子復仇者」
https://udn.com/news/story/7314/4188487?from=udn-catebreaknews_ch2
面對量子電腦時代 清大教授成功研發量子加密技術
https://www.rti.org.tw/news/view/id/2042848
多家資安業者與非營利組織聯手抵制跟蹤軟體
https://ithome.com.tw/news/134367
11/28(五)黑色星期五?為何不是 13 號的星期五也叫可以是黑色
https://blog.trendmicro.com.tw/?p=62789
Google揭露多個由政府資助的攻擊與虛假訊息行動
https://ithome.com.tw/news/134445
駭客盜用臉書私訊工程師誤陷中獎圈套遭騙500
http://bit.ly/33lg7gs
利用系統漏洞盜竊賬戶資金重慶警方搗毀跨省黑客團伙
https://www.chinanews.com/sh/2019/11-27/9018180.shtml
利用系統漏洞盜竊賬戶資金
http://www.xinhuanet.com/local/2019-11/27/c_1125278036.htm
研究人員假冒美國鎮長取得.gov網址
https://www.ithome.com.tw/news/134478
新型態爬蟲惡意攻擊來襲,企業該如何成功抵禦
https://buzzorange.com/techorange/2019/11/28/zerone-akamai/
玩交友軟體遇「當過兵熟女」!他一句話揭「駭客入侵」真相
https://www.setn.com/news.aspx?NewsID=642190
比利時代表團訪陸 遭密集網攻
http://bit.ly/2rvdzif
比利時訪華團遭黑客密集網攻 更多細節曝光
http://www.epochtimes.com/b5/19/11/24/n11677893.htm
比利時經貿團訪問北京上海 傳遭網攻每小時135次
http://m.secretchina.com/news/b5/2019/11/24/914579.html
資安人才斷層 數位安全職缺達407萬
http://bit.ly/2qJnjW6
台灣資安人才庫小而美 國際大廠也認證
https://www.cna.com.tw/news/ait/201911240190.aspx
BSI揭露2019下半年最新國際資安動態,資安與隱私保護成全球企業永續經營評比要點
https://www.ithome.com.tw/news/134466
資安疑慮未消 美陸軍學員穿制服不准玩抖音
https://www.cna.com.tw/news/aopl/201911230054.aspx
美陸軍禁軍人影像上傳抖音 我國軍暫未設防
https://udn.com/news/story/10930/4184292
優秀俄國通!希爾嚴肅務實、注重細節、凡事警戒
http://bit.ly/34ipoXU
間諜爆中建20萬假帳號滲台 資安專家:恐怕不只
https://www.setn.com/News.aspx?NewsID=641508
中20萬假帳號滲台 專家:恐怕不只
http://bit.ly/34dAkWI
共諜是逃逸詐欺犯?王丹:中共說法不足信
http://www.epochtimes.com/b5/19/11/24/n11677194.htm
【共諜滲透】王立強接受澳洲節目專訪 重申參與滲透
https://tw.news.appledaily.com/politics/realtime/20191125/1668312/
共諜爆中國介入台灣選舉 溫朗東:可信的理由有3點
https://news.ltn.com.tw/news/politics/breakingnews/2987715
上海公安指「中國特工」王立強是詐騙犯 韓國瑜酸民進黨:這次不是塞一棟房子給我
https://www.storm.mg/article/1984225
24歲當上特工「鬼扯淡」10漏洞可疑 陳虎門:沒可能跨台港澳做諜報
https://tw.appledaily.com/highlight/20191125/4RACBNC5YJSOELAD4MPAS62EUI/
年僅26歲竟參與橫跨台、港、澳洲諜報工作? 這個「中國間諜」涉冒認國安 騙澳洲人辛束460萬
http://bit.ly/2D9GJX0
王立強共諜案 情報老幹部批王立強吹牛
http://www.bcc.com.tw/newsView.3780500
「共諜案」漏洞百出 台當局操弄假間諜案遭打臉
https://news.sina.com.tw/article/20191125/33435870.html
「網路作戰多為年輕人」 國安人士:翁衍慶稱王立強乳臭味乾 理解顯然有落差
https://www.ettoday.net/news/20191125/1587579.htm
五毛與他們的產地!共諜案抖出「軍委情報局」大揭密
https://www.setn.com/News.aspx?NewsID=642305
統促染紅全台30宮廟?傳利用財務漏洞恐淪中資洗錢據點
https://www.setn.com/news.aspx?NewsID=642104
盤旋在中亞上空的陰影-黃金雕(APT-C-34)組織攻擊活動揭露
http://blogs.360.cn/post/APT-C-34_Golden_Falcon.html
攻擊事件大幅增加!芬蘭透過網路模擬預防駭客以比特幣勒索軟體
https://news.knowing.asia/news/b4994437-200e-4ac6-9b50-db86479d6297
菲國爆國安危機!電力設備採「華為」技術 中國可遠端斷電
https://www.setn.com/News.aspx?NewsID=642675
美陸軍BCT資安、電磁通訊專才缺很大
http://bit.ly/2XUMrpd
美驗證「前進防禦」網路戰略 制敵機先
https://www.ydn.com.tw/News/361971
美國安顧問:華為就像是特洛伊木馬 德國應該把它燒掉
https://ec.ltn.com.tw/article/breakingnews/2991960
西班牙國防部禁用華為設備 華為「我們最重視資安」
https://tw.appledaily.com/gadget/20191129/M42XTLNRVXFUTZ7DF5ZYS2KE2U/
捷克情報局發布報告 點名俄中間諜活動構成威脅
https://www.cna.com.tw/news/aopl/201911260354.aspx
捷情報安全局:中共和俄羅斯對捷克安全構成威脅
https://www.soundofhope.org/post/316859?lang=b5
中俄間諜最猖獗 捷克情報局發布報告披露
https://www.secretchina.com/news/b5/2019/11/28/914903.html
2億監視器注視14億人!侵犯隱私無孔不入,但人們說「攝像頭使我感到安全」
https://www.storm.mg/article/2002352
How Cybersecurity Helps Build a Digital India
https://www.bankinfosecurity.in/how-cybersecurity-helps-build-digital-india-a-13437
Extensive hacking operation discovered in Kazakhstan
https://www.zdnet.com/article/extensive-hacking-operation-discovered-in-kazakhstan/#ftag=RSSbaffb68
Defecting Chinese spy offers information trove to Australian government
https://www.theage.com.au/national/defecting-chinese-spy-offers-information-trove-to-australian-government-20191122-p53d1l.html
Microsoft Moves Toward DNS Over HTTPS
https://www.bankinfosecurity.com/microsoft-moves-toward-dns-over-https-a-13421
Renewed calls for dedicated Australian cyber minister and cyber leadership
https://www.zdnet.com/article/renewed-calls-for-dedicated-australian-cyber-minister-and-cyber-leadership/#ftag=RSSbaffb68
The RIPE NCC has run out of IPv4 Addresses
https://www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addresses
A hacking group is hijacking Docker systems with exposed API endpoints
https://www.zdnet.com/article/a-hacking-group-is-hijacking-docker-systems-with-exposed-api-endpoints/#ftag=RSSbaffb68
Exploit kits are slowly migrating toward fileless attacks
https://www.zdnet.com/article/exploit-kits-are-slowly-migrating-toward-fileless-attacks/#ftag=RSSbaffb68
In just three months, Google sent 12k warnings about government-backed attacks
https://www.zdnet.com/article/in-just-three-months-google-sent-12k-warnings-about-government-backed-attacks/#ftag=RSSbaffb68
Cybercriminals primarily targeting e-commerce apparel sites:Kaspersky
https://www.aninews.in/news/tech/internet/cybercriminals-primarily-targeting-e-commerce-apparel-sites-kaspersky20191126233314/
Latest Kali Linux OS Added Windows-Style Undercover Theme for Hackers
https://thehackernews.com/2019/11/kali-linux-undercover-mode.html
Hacker stole unreleased music and then tried to frame someone else
https://www.zdnet.com/article/hacker-stole-unreleased-music-and-then-tried-to-frame-someone-else/#ftag=RSSbaffb68
Watchdog Finds DOE Falling Short on Cybersecurity
https://www.bankinfosecurity.com/watchdog-finds-doe-falling-short-on-cybersecurity-a-13450
The Security Interviews: Do cyber weapons need a Geneva Convention
https://www.computerweekly.com/news/252474516/The-Security-Interviews-Do-cyber-weapons-need-a-Geneva-Convention
Hotel front desks are now a hotbed for hackers
https://www.zdnet.com/article/hotel-front-desks-are-now-a-hot-target-for-hackers/
A decade of hacking: The most notable cyber-security events of the 2010s
https://www.zdnet.com/article/a-decade-of-hacking-the-most-notable-cyber-security-events-of-the-2010s/#ftag=RSSbaffb68
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
資安做半套?Disney +傳重大BUG 千名用戶帳號遭駭
https://www.ctwant.com/article/15268
美國電信大廠T-Mobile遭駭客入侵! 超過百萬用戶個資外洩
https://www.ettoday.net/news/20191125/1587620.htm
OnePlus 網站兩年內第二度外洩用戶個人資料
https://chinese.engadget.com/2019/11/24/oneplus-data-breach/
OnePlus手機用戶個資外洩! 官方證實遭駭...兩年內第二度爆發資安問題
https://www.ettoday.net/news/20191125/1587381.htm
中國手機製造商OnePlus再傳客戶資料外洩
https://www.ithome.com.tw/news/134410
OnePlus使用者資料再度外洩 恐面臨網路釣魚風險
https://www.chinatimes.com/realtimenews/20191125003228-260412?chdtv
中國如何利用假消息影響台灣選舉
https://www.youtube.com/watch?v=7FHgoNgU4d0&feature=
習慣用臉書、推特帳號註冊其他App的用戶注意了!個資恐遭不正當存取
https://www.ettoday.net/news/20191126/1588234.htm
臉書註冊其他App!當心個資大外洩
http://bit.ly/2rtJjVi
兩支 Android App 使用 Facebook、Twitter 登入機制竊取數百名用戶個資
https://www.twcert.org.tw/tw/cp-104-3098-f58a6-1.html
購物季來了,小心激增的網釣與詐騙網站
https://www.ithome.com.tw/news/134450
近年常見 3 大進階釣魚詐騙手法,企業的郵件安全跟緊節奏了嗎
https://www.openfind.com.tw/taiwan/markettrend_detail.php?news_id=24576
個資恐遭盜用 登機證別印了
http://bit.ly/2qEhCJj
保良局陳守仁小學收生資料外泄 校方已報警及加強網絡防火牆
http://bit.ly/2OqJ5XN
陳守仁小學資料庫疑被入侵 學生出生年月及住址外洩
https://hk.on.cc/hk/bkn/cnt/news/20191127/bkn-20191127213806283-1127_00822_001.html
史上最大級資料外洩事件,12億人個資未經保護對外曝光
https://www.twcert.org.tw/tw/cp-104-3096-9b0ac-1.html
Facebook 與 Twitter 警告部分用家資料因惡意軟件被不當取閱
https://unwire.pro/2019/11/28/facebook-and-twitter-says-users-gave-improper-access-to-personal-data/security/
洩漏大量個資!智慧型兒童手錶存安全隱患
https://news.knowing.asia/news/065da708-95a4-4d88-9c75-e6cec1949135
廉價兒童智慧手錶洩漏超過 5000 筆兒童資訊,攻擊者還能以父母身分去電與之對話
https://www.kocpc.com.tw/archives/294412
台日聯手詐騙中國人 跨國犯罪恐成治安漏洞
https://www.mirrormedia.mg/story/20191128soc005
台詐欺犯赴日騙陸人!「日本山口組」背後疑暗中協助 邀台嫌求幫「教育訓練」
https://www.ettoday.net/news/20191128/1590428.htm
釣魚郵件換成簡訊捲土重來 資安專家提醒三原則遠離詐騙
https://newtalk.tw/news/view/2019-11-28/333168
黑色星期五將至,線上購物小心假商城App,美國前10大購物網站有超過6,000個假分身
https://ithome.com.tw/news/134493
慶祝LINE滿8歲、8種貼圖免費抽? 當心個資遭詐騙
https://www.ctwant.com/article/15977
網路釣魚以 Microsoft 用戶為大宗,其次為 PayPal、DHL 和 Dropbox
https://blog.trendmicro.com.tw/?p=62601
「黑色星期五」與「黑色星期五」有何不同
https://www.setn.com/news.aspx?NewsID=644602
「飯店復仇者」鎖定飯店PoS竊取客戶信用卡個資
https://www.ithome.com.tw/news/134508
歐洲最大級飯店訂房系統公司近 1TB 旅客資料於網路曝光
https://www.twcert.org.tw/tw/cp-104-3089-ffd48-1.html
November shopping – do it the smart way
https://blog.checkpoint.com/2019/11/26/november-shopping-do-it-the-smart-way/
Security lapse exposes personal data of 6,500 Singapore accountants
https://www.zdnet.com/article/security-lapse-exposes-personal-data-of-6500-singapore-accountants/#ftag=RSSbaffb68
Data Enrichment, People Data Labs and Another 622M Email Addresses
https://www.troyhunt.com/data-enrichment-people-data-labs-and-another-622m-email-addresses/
T-Mobile discloses security breach impacting prepaid customers
https://www.zdnet.com/article/t-mobile-discloses-security-breach-impacting-prepaid-customers/
T-Mobile
https://www.t-mobile.com/customers/6305378822
Macys.com checkout page hacked; customers advised to be vigilant of fraud
http://bit.ly/2QPKlWh
Unsecured Server Exposed Records of 1.2 Billion: Researchers
https://www.bankinfosecurity.com/unsecured-server-exposed-records-12-billion-researchers-a-13441
Target Sues Insurer Over 2013 Data Breach Costs
https://www.bankinfosecurity.com/target-sues-insurer-over-2013-data-breach-costs-a-13435
PayMyTab Exposes Restaurant Customer Data: Report
https://www.bankinfosecurity.com/paymytab-exposes-restaurant-customer-data-report-a-13425
1.2 Billion Records Found Exposed Online in a Single Server
https://www.wired.com/story/billion-records-exposed-online/
Personal And Social Information Of 1.2 Billion People Discovered In Massive Data Leak
https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/
Cheap kids smartwatch exposes the location of 5,000+ children
https://www.zdnet.com/article/cheap-kids-smartwatch-exposes-the-location-of-5000-children/#ftag=RSSbaffb68
Estafa: cuidado con las promociones falsas de hamburguesas en Facebook
http://www.agenciafe.com/nota/315776-Estafa-cuidado-con-las-promociones-falsas-de-hamburguesas-en-Facebook
Mimecast threat intelligence report analyzes 99 billion rejected emails
https://securitynewsdesk.com/mimecast-threat-intelligence-report/
Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains
https://krebsonsecurity.com/2019/11/sale-of-4-million-stolen-cards-tied-to-breaches-at-4-restaurant-chains/
The lure of PSD2
https://www.anomali.com/blog/the-lure-of-psd2
クッキー情報での個人特定防止へ 利用者同意義務付け
https://www.nikkei.com/article/DGXMZO52674070X21C19A1MM8000/
Same Phishing Risks Faced By Start-Ups and Big Corporations
https://www.ehackingnews.com/2019/11/same-phishing-risks-faced-by-start-ups.html
CERT-In Issues Advisory for OnePlus Data Breach
https://www.bankinfosecurity.in/cert-in-issues-advisory-for-oneplus-data-breach-a-13454
Tackling Vietnam’s online fraud rates
https://www.bobsguide.com/guide/news/2019/Nov/28/tackling-vietnams-online-fraud-rates/
Singapore government pledges to improve data security with new measures
https://www.zdnet.com/article/singapore-government-pledges-to-improve-data-security-with-new-measures/#ftag=RSSbaffb68
Palo Alto Networks hit by major data breach
https://www.techradar.com/news/palo-alto-networks-hit-by-major-data-breach
Facebook Breach Victims Can Sue For 'Reasonable' Security
https://www.bankinfosecurity.eu/facebook-breach-victims-sue-for-reasonable-security-a-13455
E.研究報告
jQuery 模擬網頁檔案上傳
https://blog.darkthread.net/blog/jquery-simulate-file-upload/
收藏吧!學習安裝黑Apple的11個網站
http://bit.ly/2qHbgZB
WebLogic EJBTaglibDescriptor XXE漏洞(CVE-2019-2888)分析
https://www.freebuf.com/vuls/218565.html
WebLogic 反序列化漏洞(CVE-2019-2890)分析
https://paper.seebug.org/1069/
通過RDP反向攻擊mstsc
https://paper.seebug.org/1074/
針對製藥行業及政企的黑客組織最新攻擊活動深度分析
https://paper.seebug.org/1073/
只是想學習外語,卻被拿了system shell
https://paper.seebug.org/1070/
WebShell文件上傳漏洞靶場第一關
https://www.77169.net/html/246188.html
騰訊安全:弱口令密碼再遭爆破新型木馬瞄準企業SQL數據庫下手
http://news.cnw.com.cn/news-china/htm2019/20191125_325073.shtml
勒索軟件“變形術”升級大規模垃圾郵件瞄準銀行
http://bit.ly/33hQixN
gRPC 服務使用指定 IP 做為端點的疑難排解
https://dotblogs.com.tw/supershowwei/2019/11/25/090233
迄今爲止最嚴重的容器逃逸漏洞:Docker cp 命令漏洞分析(CVE-2019-14271)
https://www.chainnews.com/zh-hant/articles/988030951825.htm
在Linux 容器中對php-fpm緩衝區溢出漏洞的複現分析( CVE-2019-11043 )
https://www.4hou.com/vulnerable/21591.html
Flan Scan:Cloudflare開源輕量級網絡漏洞掃描軟件
https://www.freebuf.com/column/221087.html
CVE-2019-14271:Docker copy漏洞分析
https://xz.aliyun.com/t/6806
在 Linux 容器中對 php-fpm 緩衝區溢出漏洞的復現分析 ( CVE-2019-11043 )
https://www.chainnews.com/zh-hant/articles/369248184808.htm
網站安全之用戶信息洩露漏洞案例分享
http://blog.itpub.net/31542418/viewspace-2665988/
無人機的資安威脅與傳輸協議》背後操控者只有一個人
https://secbuzzer.co/post/145
看我如何用一美分購買VPS服務和網站空間
https://www.freebuf.com/vuls/220623.html
漏洞驗證和利用代碼編寫指南
https://mlog.club/article/1950878
CVE-2019-17671:如何查看WordPress未授權文章
https://www.freebuf.com/vuls/218876.html
PHP與JAVA之XXE漏洞詳解與審計
https://xz.aliyun.com/t/6829
個案分析-假冒寄件者回信之網路釣魚攻擊事件分析報告_10811
https://cert.tanet.edu.tw/prog/opendoc.php?id=20191122031110101466188805578.pdf
マルウエア Emotet の感染活動について
https://www.jpcert.or.jp/newsflash/2019112701.html
攻撃グループBlackTechが使うダウンローダIconDown
https://blogs.jpcert.or.jp/ja/2019/10/IconDown.html
OSINT Investigations on TikTok
https://www.secjuice.com/osint-investigations-on-tiktok/
Spam and phishing in Q3 2019
https://securelist.com/spam-report-q3-2019/95177/
Impersonating JA3 Fingerprints
https://medium.com/cu-cyber/impersonating-ja3-fingerprints-b9f555880e42
Google CTF 2019 Finals solutions
https://github.com/google/google-ctf/blob/master/2019/finals/solutions.pdf
Cross-site scripting (XSS) cheat sheet
https://paper.seebug.org/1077/
SATURN Software deobfuscation framework based on LLVM
https://blog.zimperium.com/saturn-software-deobfuscation-framework-based-on-llvm/
fboldewin/COM-Code-Helper
https://github.com/fboldewin/COM-Code-Helper/
SQL Injection Payload List
https://amp.kitploit.com/2019/11/sql-injection-payload-list.html
DDoor - cross platform backdoor using dns txt records
https://github.com/rek7/ddoor
Ghidra Dev Series
https://reversing.technology/
The Internals of AppLocker - Part 1 - Overview and Setup
https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-1.html
The Internals of AppLocker - Part 2 - Blocking Process Creation
https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-2.html
The Internals of AppLocker - Part 3 - Access Tokens and Access Checking
https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-3.html
The Internals of AppLocker - Part 4 - Blocking DLL Loading
https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-4.html
Uncommon SQL Database Alert - Informix SQL Injection
https://labs.f-secure.com/blog/uncommon-sql-database-alert-informix-sql-injection
Bug Hunting in Synology NAS
http://powerofcommunity.net/poc2019/Qian.pdf
Exploiting IOSurface 0
http://powerofcommunity.net/poc2019/Liang.pdf
Safari Adventure:A Dive into Apple Browser Internals
http://powerofcommunity.net/poc2019/Zhiyang.pdf
Building Fast Fuzzers
https://arxiv.org/pdf/1911.07707.pdf
A Practical Introduction to the Code Analysis Platform Joern
https://fabs.codeminers.org/talks/2019-joern.pdf
CVE-2019–12757: Local Privilege Escalation in Symantec Endpoint Protection
https://posts.specterops.io/cve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6
Extracting cipher key from WhatsApp on Android >= 7 without root
https://plainsec.org/extracting-cipher-key-from-whatsapp-on-android-7-and-greater-without-root/
How can I encrypt with a RSA private key in python
https://stackoverflow.com/questions/51228645/how-can-i-encrypt-with-a-rsa-private-key-in-python
Getting Malicious Office Documents to Fire with Protected View Enabled
https://medium.com/@curtbraz/getting-malicious-office-documents-to-fire-with-protected-view-4de18668c386
APT_CyberCriminal_Campagin_Collections
https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
init.engineer
https://github.com/init-engineer/init.engineer
Anti-virus Exploitation: Local Privilege Escalation in K7 Security (CVE-2019-16897)
https://0x00sec.org/t/anti-virus-exploitation-local-privilege-escalation-in-k7-security-cve-2019-16897/17655
How to check DDOS attack with command-line on Linux
https://meterpreter.org/how-to-check-ddos-attack-with-command-line-on-linux/amp/
卡巴斯基產品有漏洞,恐遭其他網站關閉防護功能,官方連修三次
https://ithome.com.tw/news/134442
Kaspersky online protection API left open to abuse by websites
https://www.zdnet.com/article/kaspersky-online-protection-api-left-open-and-ripe-for-abuse-by-websites/#ftag=RSSbaffb68
Kaspersky: The art of keeping your keys under the door mat
https://palant.de/2019/11/25/kaspersky-the-art-of-keeping-your-keys-under-the-door-mat/
Internal Kaspersky API exposed to websites
https://palant.de/2019/11/26/internal-kaspersky-api-exposed-to-websites/
ctftraining
https://hub.docker.com/u/ctftraining
InfoSec Black Friday Deals 2019
https://github.com/CyberMonitor/InfoSec-Black-Friday
BullsEye0/google_dork_list
https://github.com/BullsEye0/google_dork_list
Know your Resources, be your Knowledge
https://malwareanalysis.co/
Product Warning! Chinese children’s watch reveals thousands of children’s data
https://www.iot-tests.org/2019/11/product-warning-chinese-childrens-watch-reveals-thousands-of-childrens-data/
F.商業
Google 大手筆推出 Pixel 漏洞賞金計畫,最高獎金 150 萬美元
https://technews.tw/2019/11/22/google-pixel-bug-bounty-1-5-million-dollars/
做好「隨時被駭」準備,App資安先驅果核數位:滴水不漏的資安保護過時了
https://www.bnext.com.tw/article/55625/digicentre-cybersecurity-app
SaltStack推SecOps解決方案可自動發現並修復安全漏洞
https://ithome.com.tw/news/134400
思科揪台廠 強攻智慧城市
https://money.udn.com/money/story/5612/4189530
關貿網路推動校園資安--資安意識從小落實
https://www.trade-van.com/news/index.do?act=detail&articleId=876
迎接物聯網時代 資策會推出零距離裝置管理服務
https://www.chinatimes.com/realtimenews/20191127003915-260412?chdtv
思科攜手8大台廠推「智慧城市」,為什麼創新應用示範中心選定落腳桃園
https://www.bnext.com.tw/article/55679/cisco-taoyuan-smartcity
零壹攜手Akamai共推360度資安防護 全方位抵禦駭客威脅
https://www.zerone.com.tw/Content/Product/CBCABE42C4188833
德明科大資科系與數聯資安公 簽訂實習備忘錄
https://news.sina.com.tw/article/20191129/33488348.html
趨勢強攻軟體定義運算工作負載防護 市占率第一
https://money.udn.com/money/story/5613/4194719
Industrial Threat Detector, ITD工控安全威脅偵測設備
https://www.iii.org.tw/Product/TechLensDtl.aspx?tp_sqno=t2vJaO%2FvNBeeQTGZyDcp%2FQ__&fm_sqno=72
Edge vs. Chrome: Microsoft's Tracking Prevention hits Google the hardest
https://www.zdnet.com/article/with-its-new-edge-browser-microsoft-takes-dead-aim-at-google/#ftag=RSSbaffb68
DocuSign: How it plans to expand from e-signature to digital transformation engine, agreement cloud
https://zd.net/2OcwNlL
Expanding the Android Security Rewards Program
https://security.googleblog.com/2019/11/expanding-android-security-rewards.html
Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software
https://thehackernews.com/2019/11/vnc-remote-software-hacking.html
Buguroo raises $11 million to detect banking fraud with deep learning and behavioral biometrics
https://venturebeat.com/2019/11/26/buguroo-raises-11-million-to-detect-banking-fraud-with-deep-learning-and-behavioral-biometrics/
G.政府
調查局長呂文忠:國安問題進階至假訊息滲透
https://udn.com/news/story/7321/4181820
財政資訊中心培養資安自主人力,解決過度委外所面臨的風險問題
https://ithome.com.tw/news/134370
民進黨莫一意孤行!30個民團籲「晶片身分證」33億印製案應暫停結標
https://www.coolloud.org.tw/node/93726
民進黨推反滲透法草案 29日逕付二讀
http://www.epochtimes.com/b5/19/11/24/n11677196.htm
稅式支出報告未落實 藏漏洞
https://money.udn.com/money/story/6710/4185332
陸資買大同恐成國安漏洞? 金管會重啟調查
https://udn.com/news/story/7238/4185922
資安就是國安,資策會協助台灣科技製造業外銷,建立國際級資安防護
https://www.inside.com.tw/article/18205-iiiorg2019-info-secure
經濟部水利署109年度數位管理系統-表單及差勤資安強化計畫
https://www.wra.gov.tw/6950/6951/7215/7216/429520/
中國大陸滲透台灣選戰? 柯文哲:每天只喊賊來了沒有用
https://www.nownews.com/news/20191125/3777360/
空軍嵩山雷達站反制無人機入侵 槍械硬殺擊落
https://udn.com/news/story/10930/4188050
張善政:官民合作才能抗對岸網軍
https://www.chinatimes.com/realtimenews/20191127001768-260407?chdtv
張善政:資安不能與國際脫軌 兩岸資安戰無一日平靜
https://udn.com/news/story/6656/4189927
攜手國際組織提升資安聯防!立委許毓仁促成CSCIS亞太總部落地台灣
http://bit.ly/2KZodVD
資安組織落地台灣 張善政:強化人力編制
https://anntw.com/articles/20191127-1xH8
有話好說 20191128 明年換數位身分證!資安疑慮?隱私保障
http://bit.ly/2Dn5gIf
批民進黨傲慢 徐永明:反滲透法只做半套
https://udn.com/news/story/6656/4194811
政府機關資安弱點通報機制 推廣說明會_機關分享 勞動部分享
http://bit.ly/2XYTFs4
政府機關資安弱點通報機制推動規劃
http://bit.ly/2L5GZul
政府機關資安弱點通報機制 推廣說明會_機關分享 交通部分享
http://bit.ly/2P0WGEy
H.ICS/SCADA 工控系統
Siemens Polarion webclient 跨站脚本漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13935
I.教育訓練
CEH vs. CompTIA PenTest+: Thoughts from a Penetration Tester
http://bit.ly/2XBRJWw
邁向 Linux 工程師之路:Superuser 一定要懂的技術與運用, 2/e (How Linux Works: What Every Superuser Should Know, 2/e)
https://www.tenlong.com.tw/products/9789864344383
進入駭客的思考領域 — 從 DEVCORE CONF 學駭客思維
https://medium.com/starbugs/learn-hacker-thinking-b6bb4f189e3a
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
台灣藝人錯誤示範!一邊吃麵「試驗」自動駕駛
http://bit.ly/2OfZ0IA
有效的 IoT 資安該從何著手
https://blog.trendmicro.com.tw/?p=62594
No stars for Australia's missing IoT cyber stars
https://www.zdnet.com/article/no-stars-for-australias-missing-iot-cyber-stars/#ftag=RSSbaffb68
IoT Security: 20 Years Behind Enterprise Computing
https://www.bankinfosecurity.asia/interviews/iot-security-20-years-behind-enterprise-computing-i-4516
Finns Label Cyber-Secure IoT Devices
https://www.infosecurity-magazine.com/news/finns-label-cybersecure-iot-devices/
6.近期資安活動及研討會
交通大學亥客書院-B015:惡意程式檢測 11/30
https://hackercollege.nctu.edu.tw/?p=1098
亞洲‧矽谷學院108年免費認證考試 11/30
https://college.asvda.org.tw/
Docker 容器技術實作(201911) 11/30
https://buy.techbang.com/products/97b497fb?from=home_news
The Dungeons of Hackers Conference 2019 - 駭客的地下城 11/30
https://tdohackerparty.kktix.cc/events/tdoh-conf-2019
5G x AI資安關鍵技術研討會 Cybersecurity 5G x AI Workshop 12/2
https://ievents.iii.org.tw/EventS.aspx?t=0&id=763
新竹網絡安全日 Cybersecurity Day Hsinchu 108年 邀请函 12/3
https://www.accupass.com/event/1911080348403103587380
Digital Summit Dallas 12/4
https://infosec-conferences.com/events-in-2019/digital-summit-dallas/
Kansas City Cyber Security Conference 12/5
https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/
CyberMaryland Conference 12/5 ~ 12/6
https://infosec-conferences.com/events-in-2019/cybermaryland-conference/
Vue.js 新手村,前端實戰入門 12/7
https://hackersir.kktix.cc/events/20191112vuejs
FutureCon Nashville Cyber Security Conference 12/11
https://infosec-conferences.com/events-in-2019/futurecon-nashville/
「Log管理 x 營業秘密」研討會 12/11
https://www.accupass.com/event/1911110922137590408650
Utility Cyber Security Forum December 12/11
https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/
交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦 12/14
https://hackercollege.nctu.edu.tw/?p=1094
台灣駭客年會 HITCON Winter Training 2019 12/16
https://hitcon.kktix.cc/events/hitcon-winter-training-2019
台灣駭客年會 HITCON Winter Training 2019 - 學生報名 12/16
https://hitcon.kktix.cc/events/hitcon-winter-training-2019-student
Japan Security Analyst Conference
https://jsac.jpcert.or.jp/
PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world
沒有留言:
張貼留言