2018年10月26日 星期五

資安新聞及事件週報 2018/10/22 ~ 2018/10/26

資安新聞及事件週報  2018/10/22  ~  2018/10/26
1.重大弱點漏洞
研究人員公布D-Link路由器漏洞,牽涉8款產品,D-Link只修補2款
https://www.ithome.com.tw/news/126513
D-Link路由器又曝安全漏洞,且暫無修復補丁可用
https://www.hackeye.net/threatintelligence/16849.aspx
D-Link多型號路由器存在任意文件下載漏洞(CVE-2018-10822)
https://zhuanlan.zhihu.com/p/47444003
Serious D-Link router security flaws may never be patched
https://nakedsecurity.sophos.com/2018/10/19/serious-d-link-router-security-flaws-may-never-be-patched/
libssh 產品存在安全性弱點
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
Cisco 產品存在安全性弱點
https://tools.cisco.com/security/center/publicationListing.x
Advantech WebAccess 跨站脚本漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15703
jQuery知名外掛File Upload遭爆有存在超過8年的安全漏洞
https://www.ithome.com.tw/news/126529
jQuery File Upload 存在安全性弱點
https://www.anquanke.com/vul/id/1350246
Oracle MySQL Server拒絕服務漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3182
關於Oracle WebLogic Server多個高危漏洞的預警
https://bbs.huaweicloud.com/blogs/7d064cc8d36c11e8bd5a7ca23e93a891
Oracle sunos CVE-2018-3273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-3273
Oracle sunos CVE-2018-3275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-3275
Hacker Discloses New Windows Zero-Day Exploit On Twitter
https://thehackernews.com/2018/10/windows-zero-day-exploit.html
VMware 產品遠端執行程式碼漏洞
https://www.auscert.org.au/bulletins/70258
VMWare重大漏洞可讓Guest OS軟體在主機OS上執行
https://www.ithome.com.tw/news/126512
秋季更新尚未修復 Win10 再被揭刪檔案漏洞
https://bit.ly/2Rb3mPM
安全研究人員公開另一個Windows 0-day漏洞
https://news.cnblogs.com/n/610499/
Windows 10再爆新零時差漏洞,安全警報響起
https://ithome.com.tw/news/126640
Windows 191H更新將採用Google修補工具以減少Spectre修補的效能影響
https://times.hinet.net/news/22037114
Windows 191H更新將採用Google修補工具以減少Spectre修補的效能影響
https://www.ithome.com.tw/news/126527?fbclid=IwAR0g-EjbW2wT8FndBqIsFlgtbfLdIPeBHo7VCMP7UFELjFmRZb6iyU5Z3b8
Win10 19H1啟用Retpoline 幽靈補丁性能影響降至最低
https://news.sina.com.tw/article/20181020/28536916.html
Win10 19H1啟用Retpoline Ghosts修正檔性能影響降至最低
https://bit.ly/2yrEZGo
Window 10 未來的更新將會改善 Spectre 修補程式對效能的影響
https://chinese.engadget.com/2018/10/23/windows-10-gentler-spectre-fix/
Windows嚴重漏洞披露:允許黑客將管理員權限轉移給來賓賬户
https://hk.saowen.com/a/df4ff67cbdff1e83b8f4a0218bd18fd7b8a8c2d8fd4b9bcf367aa9cd1d26c2f8
微軟視窗提升權限漏洞
https://thehackernews.com/2018/10/windows-zero-day-exploit.html
Drupal Core SA-CORE-2018-006 多個漏洞(包含RCE漏洞)
https://www.anquanke.com/post/id/162287
IBM WebSphere Application Server目錄遍歷漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1770
Splunk修復數個Enterprise與Light產品安全漏洞
https://www.easyaq.com/news/1987445985.shtml
Tumblr修復洩露私人賬戶信息的安全漏洞
https://www.easyaq.com/news/424263936.shtml
Signal Desktop疏於本機資料保護,愛好者當心隱私外流
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5039
Ruby 2.5.3 和2.3.8 正式發布,包含安全漏洞修復
https://www.oschina.net/news/101023/ruby-2-5-3-and-2-3-8-released
麻省理工研究院給出英特爾漏洞參考意見
http://nb.zol.com.cn/701/7013645.html
Pivotal Spring Framework 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756
Mozilla Firefox 多個漏洞
https://www.us-cert.gov/ncas/current-activity/2018/10/23/Mozilla-Releases-Security-Updates-Firefox
SUSE LibRaw 緩衝區錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5802
近期數版X.Org Server出現Command Line參數核驗缺陷,易受入侵接管
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5040
嚴重buffer overflow恐癱瘓LIVE555串流媒體RTSP server
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5038
Critical Flaw Found in Streaming Library Used by VLC and Other Media Players
https://bit.ly/2QYRAYw
Tumblr Patches A Flaw That Could Have Exposed Users’ Account Info
https://bit.ly/2S0eTTa
CVE-2018-8460: EXPOSING A DOUBLE FREE IN INTERNET EXPLORER FOR CODE EXECUTION
https://bit.ly/2J8NpGX
Cryptojackers Keep Hacking Unpatched MikroTik Routers
https://www.bankinfosecurity.com/cryptojackers-keep-hacking-unpatched-mikrotik-routers-a-11627
Heads-Up: Patch 'Comically Bad' libSSH Flaw Now
https://www.bankinfosecurity.com/heads-up-patch-comically-bad-libssh-flaw-now-a-11626
發現微處理器FreeRTOS嚴重缺陷,危及科技工業領域
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5037
AWS修補IoT平台FreeRTOS的13個安全漏洞
https://www.ithome.com.tw/news/126540
亞馬遜FreeRTOS存在多個漏洞,黑客可接管設備發動網絡攻擊
https://zhuanlan.zhihu.com/p/47475389
亞馬遜修復了安全漏洞 防止物聯網設備遭駭
https://fnc.ebc.net.tw/FncNews/else/56012
FreeRTOS漏洞將多個系統暴露於攻擊之下
https://www.easyaq.com/news/1486159818.shtml
Drupal 發布新的安全更新
https://www.us-cert.gov/ncas/current-activity/2018/10/18/Drupal-Releases-Security-Updates
思科修補WebEx Meetings app權限升級漏洞
https://www.ithome.com.tw/news/126660?fbclid=IwAR1_bV6FP5LYhmTrAFYcb3MQZyr9C7k0VnIuJPdp311b5-H2tdxrMh0qLEU
Cisco Wireless LAN Controller (WLC) 存在多個安全性弱點
https://www.us-cert.gov/ncas/current-activity/2018/10/17/Cisco-Releases-Security-Updates
遠程代碼執行漏洞現身運行內嵌式系統的流行操作系統
https://ek21.com/news/1/133894/
ServersCheck Monitoring Software 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18552
WizCase報告:四種流行NAS設備中發現多個漏洞
http://www.4hou.com/vulnerable/14135.html
Amanda 安全漏洞
https://www.anquanke.com/vul/id/1368079
WebExec - Authenticated User Code Execution (Metasploit)
https://www.exploit-db.com/exploits/45695/
Critical Flaws Found in Amazon FreeRTOS IoT Operating System
https://bit.ly/2PeMR7M
Critical Code Execution Flaw Found in LIVE555 Streaming Library
https://bit.ly/2Saa6i7
Serious vulnerability in CloudFlare that allows your WAF to be disabled
https://bit.ly/2Poqqxd
Popular website plugin harboured a serious 0-day for years
https://nakedsecurity.sophos.com/2018/10/22/popular-website-plugin-harboured-a-serious-0-day-for-years/
WordPress takes aim at ancient versions of its software
https://nakedsecurity.sophos.com/2018/10/24/wordpress-takes-aim-at-ancient-versions-of-its-software/
Patch now! Multiple serious flaws found in Drupal
https://nakedsecurity.sophos.com/2018/10/23/patch-now-multiple-serious-flaws-found-in-drupal/
Cisco patches local WebEx vulnerabilities and can be remotely exploited in AD deployments
Cisco Webex Meetings 33.6.0 fixes security issues
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection
Hacker Discloses New Windows Zero-Day Exploit On Twitter
https://bit.ly/2qeflRb
2.銀行/金融/保險/證券/電子支付/行動支付/支付系統/虛擬貨幣/區塊鍊 新聞及資安
印度首個加密貨幣ATM遭警方搜查,因沒有許可證
http://news.knowing.asia/news/fc912087-94f9-4ddc-a1a7-0d6d8d799497
印度警方抓住ATM運行加密交換Unocoin
https://www.coindesk.com/indian-police-seize-atm-run-by-crypto-exchange-unocoin/
西班牙通過法案要求該國公民申報加密貨幣資產
https://finance.sina.com.cn/blockchain/roll/2018-10-24/doc-ihmxrkzw1597477.shtml?fbclid=IwAR1UX8Xn_r_6DFqOAq1qBTBIEFspHdPM47LXO0-eT0kqi7aCK8A4k6B_YuI
加密貨幣今年慘兮兮 比特幣價位腰斬逾半
https://tw.appledaily.com/new/realtime/20181022/1452256/
Tether公司昨日晚間「銷毀了5億美元USDT」
https://www.blocktempo.com/newsflash-tether-destroys-500-million-usdt-1/
加密貨幣始祖「比特幣」誕生 10 年了!一起瞧瞧它的興起、衰落
https://bit.ly/2q9o72E
數位支付巨頭Square開放冷存儲系統開源碼
https://fnc.ebc.net.tw/FncNews/else/56431
日本IT巨頭與三菱銀行等合作使用區塊鏈進行電力交易
https://bit.ly/2q2LYRx
日金融巨頭SBI攜手加密公司開發加密貨幣錢包
https://bit.ly/2O1SP7A
減少逃稅 日本政府推動簡化加密幣納稅申報程序
https://blockcast.it/2018/10/21/japanese-government-to-simplify-cryptocurrency-taxation-process/
報告:超過一半的加密貨幣交易所存在安全漏洞
https://www.8btc.com/article/294804
全台最大數位資產交易所MAX推平台幣,首日交易量破5億台幣
http://news.knowing.asia/news/c5f52c0d-89a7-4fde-aa7a-9626c5569586
全台最大數位資產交易所MAX推平台幣 首日交易破5億台幣 全球獨有鎖倉機制 100%手續費返還
https://news.cnyes.com/news/id/4221654
駭客鎖定BTCP加密貨幣展開51%攻擊,還開直播告訴你有多簡單
https://www.ithome.com.tw/news/126520
防洗錢納管虛擬幣 金管會將採實名制
https://www.wantgoo.com/news/content/index?ID=873455
俄羅斯網路安全公司:駭客從加密貨幣交易所中,竊取了8.82億美元
https://m.moneydj.com/f1a.aspx?a=57aa6c5a-42e0-4045-b7d6-5854ea9e93e3&c=TRENDS
Group-IB:14起加密貨幣交易中心被駭損失共8.8億美元,過半是北韓駭客集團Lazarus偷的
https://www.ithome.com.tw/news/126536
不是駭客也非病毒 中信ATM當機原因找到了
https://udn.com/news/story/7239/3431829
中信銀ATM當機 排除駭客病毒攻擊
https://www.chinatimes.com/realtimenews/20181019004742-260410
中信系統當機3hr 彩迷無法投注直跳腳
https://www.ttv.com.tw/news/view/10710190012100I/568
永豐銀行ATM也當機 永豐:已恢復運作
https://www.ettoday.net/news/20181022/1287711.htm
永豐銀ATM也當機 一小時內修復
https://www.cna.com.tw/news/afe/201810220233.aspx
明台產險 舉辦金融資安風險管理研討會
https://udn.com/news/story/7239/3432165
業務員賣他家產險,無需公司同意 壽險業者含淚接受
https://www.chinatimes.com/newspapers/20181019000315-260202
支援27家銀行信用卡,凱基銀聯手新創推手機App付款
https://meet.bnext.com.tw/articles/view/43929
日央行警告:銀行業風險承擔創30年新高
http://www2.hkej.com/instantnews/international/article/1972677
亞太洗錢防制10天後來台 受檢名單出爐「跌破金管會眼鏡」
https://www.ettoday.net/news/20181025/1289825.htm
洗錢防制別落入加強追蹤名單 成首務
https://www.chinatimes.com/newspapers/20181025000294-260202
瑞銀等多家銀行限制員工赴中國出差
https://bit.ly/2AnKHuh
穿戴裝置行動支付 Fitbit Pay上線尬Apple Watch
https://bit.ly/2Je79cj
WeChat劫案:電子支付大行其道 內地女曾遇劫
https://hk.on.cc/hk/bkn/cnt/news/20181023/bkn-20181023130816560-1023_00822_001.html
澳洲央行:中國若爆發系統性金融風險、經濟恐遭重創
https://bit.ly/2ApTts2
行員知情隱匿2年遭踢爆 涉唆使保戶偽簽冒用印章買儲蓄險
https://www.ettoday.net/news/20181023/1288731.htm
本港首宗 WeChat Pay 劫案
https://bit.ly/2PWAbzS
「轉數快」轉賬漏洞騙案 Tap & Go、AlipayHK 回應
https://unwire.pro/2018/10/25/fps-2/news/
香港金管局上月正式推出「轉數快」服務  當日即有市民被轉走帳戶存款,損失由1萬多元到近10萬元不等
https://bit.ly/2Sfja5i
【百萬用戶】香港金管局指與系統安全性無關 方保僑:局方有責任檢視漏洞
https://hk.news.appledaily.com/local/realtime/article/20181024/58832059
「轉數快」現漏洞兩女子失款11萬
http://hd.stheadline.com/news/daily/hk/711862/
轉帳支付現漏洞 金管局叫停電子錢包自動增值服務
https://hk.on.cc/hk/bkn/cnt/news/20181024/bkn-20181024220225870-1024_00822_001.html
騙徒可以怎樣利用 FPS 電子直接扣帳授權服務呃走你嘅金錢
https://m.oursky.com/fraud-via-fps-alipay-115984e8bda5?fbclid=IwAR1Kq3QVRrMRSbfTFvQYsSI4o6MTtkDeT2Z7-a7ywRm_JqeVuqO0vp-cmS4
騙徒借漏洞犯案 金管局叫停「轉數快」直接扣帳
https://bit.ly/2SgVehY
金管局堵電子錢包漏洞 設簡便轉帳須雙重認證
https://news.mingpao.com/pns/dailynews/web_tc/article/20181026/s00004/1540491952248
中信銀ATM當機後 金管會全面大盤點
https://tw.finance.appledaily.com/realtime/20181025/1454235/
ATM3個月當機3次 金管會下令全體銀行做盤點
https://www.ettoday.net/news/20181025/1289992.htm
ATM頻出包太依賴IBM?金管會要求全面盤點
https://bit.ly/2qbfNQ3
金融資訊系統 全面盤點
https://money.udn.com/money/story/5613/3443215
ATM老是當機挨批 顧立雄要求國銀總盤點
https://www.chinatimes.com/realtimenews/20181025002163-260410
Unocoin delivers India's first bitcoin ATM
https://www.atmmarketplace.com/news/unocoin-delivers-indias-first-bitcoin-atm/
CTBC Bank ATM crash in Taiwan cleared of hacking and malware infections
https://www.taiwannews.com.tw/en/news/3556835
Why is Elon Musk promoting this Bitcoin scam? (He’s not)
https://nakedsecurity.sophos.com/2018/10/23/why-is-elon-musk-promoting-this-bitcoin-scam-hes-not/
Indian Police Seize ATM Run By Crypto Exchange Unocoin
https://www.coindesk.com/indian-police-seize-atm-run-by-crypto-exchange-unocoin/
3.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體
這五款工具被全球黑客廣泛使用,中國菜刀入榜
http://www.freebuf.com/news/186589.html
再有路由器遭黑客入侵 透過安全漏洞下載惡意程式
https://3edition.com/brands/netgear/router/3364
封閉系統不會中毒
https://bit.ly/2JfZB8P
ESET 發現第一個 UEFI rootkit 惡意程式 LoJax,感染後連重灌系統也沒轍,駭客小組Sednit為幕後黑手
https://www.eset.tw/html/86/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
你放假它加班 挖礦 24 小時不關機 礦工忙到「火大」了-2018年衝擊最大資安威脅:虛擬貨幣挖礦
https://blog.trendmicro.com.tw/?p=57198
「花錢洗白負評」「中斷供應鏈」,數位勒索不只有勒索病毒
https://blog.trendmicro.com.tw/?p=57166
pestudio: Malware Initial Assessment Tool
https://securityonline.info/pestudio/?fbclid=IwAR0pt-tmzWVAVBhDelnMGPVc9SV0jwRRD_KaqAO6T-rnjyVdVmccXi0FedQ
munin v0.10.0 released: Online hash checker for Virustotal and other services
https://bit.ly/2RenIaM
Bitdefender & Law Enforcement Solve for Multiple Versions of GandCrab with New Decryptor
https://bit.ly/2qaxJKL
New Android Malware Turns Your Mobile Devices into Hidden Proxies
https://gbhackers.com/new-android-malware/
Maker of LuminosityLink RAT gets 30 months in the clink
https://nakedsecurity.sophos.com/2018/10/22/maker-of-luminositylink-rat-gets-30-months-in-the-clink/
SettingContent-ms can be Abused to Drop Complex DeepLink and Icon-based Payload
https://bit.ly/2POL0Uo
Kraken Cryptor Ransomware Connecting to BleepingComputer During Encryption
https://bit.ly/2ytB0cm
Triton Malware Linked to Russian Government Research Institute
https://www.securityweek.com/triton-malware-linked-russian-government-research-institute
FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
https://thehackernews.com/2018/10/russia-triton-ics-malware.html
Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware
https://blog.talosintelligence.com/2018/10/beers-with-talos-ep40-bwt-xl-feat.html
Poorly secured SSH servers targeted by Chalubo botnet
https://nakedsecurity.sophos.com/2018/10/24/poorly-secured-ssh-servers-targeted-by-chalubo-botnet/
Mac malware intercepts encrypted web traffic for ad injection
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-malware-intercepts-encrypted-web-traffic-for-ad-injection/
Bypass an Anti Virus Detection with Encrypted Payloads using VENOM Tool
https://gbhackers.com/bypass-antivirus-using-payload/
Chalubo Botnet Compromise Your Server or IoT Device & Use it for DDOS Attack
https://gbhackers.com/chalubo-botnet/
TBAL: an (accidental?) DPAPI Backdoor for local users
https://bit.ly/2EMskUe
Decryption Tool for multiple GandCrab ransomware
https://labs.bitdefender.com/2018/10/bitdefender-law-enforcement-solve-for-multiple-versions-of-gandcrab-with-new-decryptor/
Banking Trojans sneaked into Google Play store disguised as apps
https://satoshinakamotoblog.com/banking-trojans-sneaked-into-google-play-store-disguised-as-apps

B.行動安全 / iPhone / Android / App
蘋果晶片供應商:未受貿易戰影響 會密切注意關稅
http://ec.ltn.com.tw/article/breakingnews/2586247
南韓7萬運將大罷工 抗議共乘APP奪生計
https://news.tvbs.com.tw/focus/1013017
5G規範安全性和協議漏洞分析(下篇)
http://netsecurity.51cto.com/art/201810/585293.htm
黑客如何向您的手機帳戶收取漫遊費用
http://netsecurity.51cto.com/art/201810/585276.htm
用比特幣才能買的神秘新手機,瞄準3500萬虛擬錢包用戶,能讓宏達電翻身嗎
https://www.businessweekly.com.tw/article.aspx?id=36711&type=Indep
Android 9以硬體沙盒保護簽章金鑰確保交易安全,防止用戶被詐
https://www.ithome.com.tw/news/126553
牛津大學研究發現近90%安卓App數據被傳回谷歌
https://www.ithome.com/html/it/390489.htm
超過125個Android程式及網站涉及大規模廣告點選詐騙活動
https://www.ithome.com.tw/news/126600?fbclid=IwAR3wUPIq2be_e2pGBhyxNOGV-KspE1I9BojLfmhRwsvTQzNiuOGnEx-XUYU
Google News app現漏洞狂用流量:有用戶數個小時被吞24GB
https://news.sina.com.tw/article/20181024/28584226.html
App 開發商竟然利用這個漏洞追蹤用戶數據
https://bit.ly/2z2luE3
中國交友App 利用AI機器人聊天詐財
https://bit.ly/2D653ea
Anda app 安全漏洞
https://www.anquanke.com/vul/id/1368068
蘋果開發神秘iOS程式 阻擋駭客破解密碼
https://news.wearn.com/c51512.html
改善Android漏洞問題 Google擬強制遭求合作廠商針對熱門機種定期更新
https://mashdigi.com/google-may-ask-venders-to-update-device-regularly/
The Truth About Mobile Security Risks In Business and What To Do About It
https://www.bankinfosecurity.asia/webinars/truth-about-mobile-security-risks-in-business-what-to-do-about-it-w-1785
Are your jilted apps stalking you
https://nakedsecurity.sophos.com/2018/10/24/are-your-jilted-apps-stalking-you/
Google Makes 2 Years of Android Security Updates Mandatory for Device Makers
https://bit.ly/2D2HIKF

C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
Lazarus為何成為世界上最賺錢的加密貨幣駭客集團
http://news.knowing.asia/news/53f8e661-59ea-4d1b-92c8-031b4765861b
資安、AI開班「不能只給兵」台大院長籲教部給額外師資
https://udn.com/news/story/7266/3432526
企業常遇到的四種網頁注入(Web Injection)攻擊
https://blog.trendmicro.com.tw/?p=57572
數位國土的捍衛戰士
https://bit.ly/2O4HzqT
智慧電商雙11購物節的數位風險罩門
https://money.udn.com/money/story/10860/3439968
GeekPwn2018演示多款智能設備安全漏洞導致隱私洩露
http://www.kejilie.com/ikanchai/article/jAR7n2.html
「安卓之父」涉性騷擾...領28億爽辭!Google滅火:已開除48色狼員工
https://www.ettoday.net/news/20181026/1290588.htm
學會網路六大關鍵技術 大企業爭聘
http://market.ltn.com.tw/article/4907
NASA黑客松臺北場 冠軍隊伍Light Wonder抱走8萬獎金
https://www.taiwannews.com.tw/ch/news/3558579
「知彼知己」= 駭客角度
https://bit.ly/2yQ4H72
駭客任務導演藏了 20 年的超級彩蛋,著名的綠色程式語言其實是「壽司食譜」
https://www.hksilicon.com/articles/1690412
採用託管式偵測及回應 (MDR) 服務來防堵網路資安缺口
https://blog.trendmicro.com.tw/?p=57565
TUV NORD 聚焦車載、風能、核安及資安
https://www.chinatimes.com/newspapers/20181024000343-260204
HITCON CTF線上比賽成2019年第一場DEF CON種子賽,冠軍波蘭隊率先取得決賽門票
https://www.ithome.com.tw/news/126535
台灣產學聯軍勇奪2018 HITCON CTF季軍 刷新台灣最佳成績
http://www.ctimes.com.tw/DispNews/tw/1810231618NB.shtml
駭客猖獗 網絡保安不濟
https://news.mingpao.com/pns/dailynews/web_tc/article/20181023/s00002/1540232317476
你是黑客的菜吗?如何有效防止黑客入侵
http://netsecurity.51cto.com/art/201810/584906.htm
這個荒涼俄國小鎮 專出暗殺、駭攻高手
https://theme.udn.com/theme/story/6775/3433455
武器系統防駭 資安新挑戰
https://www.ydn.com.tw/News/309888
Diligent調查發現,董事會成員是安全和公司治理的關鍵環節
http://www.businesswirechina.com/hk/news/38839.html
你有多久沒更新家中 Wi-Fi 路由器密碼
https://www.saydigi.com/2018/10/406424.html
用駭客入侵媒體!中國網軍散播仇恨
https://bit.ly/2NW4nZR
總統蔡英文一現身 三立直播竟遭駭客入侵攻擊
http://ent.ltn.com.tw/news/breakingnews/2587120
駭客+人工智慧科技 期中選舉新隱憂
https://bit.ly/2AnMTlP
臉書上月遭駭元凶 是垃圾郵件業者
https://bit.ly/2S479j4
確定了! 臉書聘前英國副首相擔任副總裁
http://news.ltn.com.tw/news/world/breakingnews/2586442
智慧家居産品有被駭客攻擊危險?私人生活易被入侵
http://big5.china.com.cn/gate/big5/tech.china.com.cn/elec/20181019/347122.shtml
這位神秘駭客修補了 10 萬台路由器漏洞 網友:這才是真正的駭客
https://bit.ly/2CyBiSu
解放軍訊息戰新軍種 揚言2020扶植親北京政權
https://bit.ly/2CAzojX
沙國王儲拿刀斬首哈紹吉! 「沙漠達沃斯」網頁遭駭貼諷刺圖
https://www.ettoday.net/news/20181023/1288276.htm
利雅德會議網站遭駭 赫見沙王儲處決記者合成圖
https://money.udn.com/money/story/5599/3437707
中國間諜滲透太多法國剛敲響反擊鐘聲
https://bit.ly/2z12c1G
疑遭中國駭客植入惡意晶片 美企將全面調查
http://news.ltn.com.tw/news/world/breakingnews/2589073
【寰宇韜略】美強化網軍培訓 確保人才留用(上)
https://www.ydn.com.tw/News/310164
【寰宇韜略】美強化網軍培訓 確保人才留用(下)
https://www.ydn.com.tw/News/310306
川普演講Youtube直播被中共黑客攻擊
http://cn.secretchina.com/news/b5/2018/10/23/874448.html
美國情報單位憂慮 川普私人iPhone恐遭中俄竊聽
https://bit.ly/2ArSHL4
傳川普iPhone遭竊聽 中外交部建議「可改用華為」
http://ec.ltn.com.tw/article/breakingnews/2591959
紐時:川普個人使用的iPhone遭到中國及俄羅斯監聽
https://www.ithome.com.tw/news/126647?fbclid=IwAR1YzEqxf4546kAKWR4J7RJ9AejaWzLXbMOE6oR1y5753L0zSb16RQNp2uc
黑客入侵方式多 勿掉以輕心
https://www.hkpc.org/zh-HK/corporate-info/media-centre/media-focus/203-corp-info/media-focus/7655-hacker-beware
陷惡意晶片風暴 美超微檢查產品並要求撤文
https://www.inside.com.tw/2018/10/24/super-micro-computer-apple-inc
日本自衛隊擬招聘「白帽駭客」 年薪數千萬日圓
https://www.chinatimes.com/realtimenews/20181026002490-260408
中共駭客猖獗 惹來神祕組織狩獵
https://bit.ly/2Cu94rI
拒絕俄羅斯網軍干預期中選舉 美國將警告駭客小心遭起訴
https://www.taiwannews.com.tw/ch/news/3559373
美網路作戰司令部首度出手 嚇阻俄國干預美期中選舉
https://money.udn.com/money/story/5599/3439205
美國德拉瓦州逮捕駭客,查獲價值約21.7萬美元的比特幣
https://news.sina.com.tw/article/20181025/28594590.html
美退出中導條約 對中共釋出五大戰略信息
http://www.epochtimes.com/b5/18/10/24/n10806790.htm
刺殺歐巴馬?八枚郵包炸彈連環「恐攻」民主黨事件
https://global.udn.com/global_vision/story/8662/3441374
FBI:一些炸彈包裹經美國郵政發送 正檢視系統漏洞
http://www.mastvnet.com/news/globe/2018-10-26/211313.html
袁斌:中共專制大廈已呈將傾之勢
http://ca.ntdtv.com/xtr/b5/2018/10/26/a1396799.html
Symantec will close the Norton ConnectSafe service on November 15th
https://bit.ly/2CAxXlG
UK Cyberattack Investigations: An Analysis
https://www.bankinfosecurity.com/interviews/uk-cyberattack-investigations-analysis-i-4150
Cyber News Rundown: Voter Records for Sale
https://www.webroot.com/blog/2018/10/19/cyber-news-rundown-voter-records-sale/
LuminosityLink Hacking Tool Author Gets 30-Months Prison Sentence
https://bit.ly/2AiUVfK
Threat Roundup for October 12 to October 19
https://blog.talosintelligence.com/2018/10/threat-roundup-1012-1019.html
Beers with Talos EP 39: VB 2018 Rundown and Prevalent Problems with PDF
https://blog.talosintelligence.com/2018/10/beers-with-talos-ep-39-vb-2018-rundown.html
Playbook Fridays: QRadar Tag Search in ThreatConnect
https://bit.ly/2JdwbII
HOW MAIL BOMBS GET INTERCEPTED—AND WHAT HAPPENS NEXT
https://www.wired.com/story/how-mail-bombs-get-intercepted-what-happens-next/
Former high school teacher pleads guilty to hacking celebrities
https://nakedsecurity.sophos.com/2018/10/24/former-high-school-teacher-pleads-guilty-to-hacking-celebrities/
Pirates! Don’t blame your illegal file sharing on family members
https://nakedsecurity.sophos.com/2018/10/23/pirates-dont-blame-your-illegal-file-sharing-on-family-members/
Compromising vital infrastructure: how voting machines and elections are vulnerable
https://blog.malwarebytes.com/cybercrime/2018/10/compromising-vital-infrastructure-voting-machines-elections-vulnerable/
BeaconGraph: Graph visualization of wireless client and access point relationships
https://securityonline.info/beacongraph/?fbclid=IwAR126dckhnx3RIdv44x209VOSjHQOrQZYBIRR04UkAAXHcpQmAfh6MpuXHk
Windows 10 Update Fixed File Deletion Flaw But Not ZIP File Overwrite Bug
https://bit.ly/2Ppy2PU
Windows 7 End-of-Life: Are You Ready
https://ubm.io/2yzTuIy
UPDATE ON BRITISH AIRWAYS CYBER ATTACK - THURSDAY 25 OCTOBER, 2018
https://bit.ly/2D2Mec5
Fighting cybercrime requires a new kind of leadership
https://bit.ly/2ETNH6i
徵才 - 資安管理專員
https://www.104.com.tw/job/?jobno=6efkl
徵才 - 數位貨幣交易所-資安長(CIO)
https://www.104.com.tw/job/?jobno=68h4g&jobsource=joblist_b_date
徵才- Research Analyst at Cisco Umbrella
https://jobs.cisco.com/jobs/ProjectDetail/Research-Analyst-at-Cisco-Umbrella/1241191
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷
退稅金成詐欺新肥羊 美國稅局傷腦筋
https://tw.news.appledaily.com/international/realtime/20181020/1450835
雅虎用戶個資外洩案賠償5,000萬美元
https://www.chinatimes.com/realtimenews/20181024004889-260408
Yahoo信箱被駭案達成和解 將支付8500萬美元賠償金額 先賠償美國、以色列用戶
https://www.cool3c.com/article/138721
雅虎將為史上最大安全漏洞案支付5000萬美元賠償金
https://news.sina.com.tw/article/20181024/28577116.html
英航訂票網站上月也被駭 承諾賠償
https://tw.news.appledaily.com/international/realtime/20181025/1454291
國泰航空系統遭入侵,940 萬名乘客資料遭不當讀取
https://technews.tw/2018/10/25/cathay-pacific-passengers-data-were-hacked/
國泰航空「940萬旅客個資」外洩 包括護照、身分證號碼、信用卡號等重要資料
https://www.ettoday.net/news/20181025/1289679.htm
國泰航空證實940萬名乘客個資遭到外洩,並成立專屬網頁供民眾查詢
https://www.ithome.com.tw/news/126623?fbclid=IwAR0h2cW4EdYgnr0RO9IuGQ9TsdfNOBVzuJteGHrfOAcTPyubOUlWdVAoWEs
國泰及港龍航空940萬乘客個資外洩
https://bit.ly/2ELwnjP
國泰港龍 940 萬乘客資料遭外洩 涉信用卡號碼 莫乃光批:太遲通報
https://bit.ly/2O5Nr35
國泰洩940萬客私隱 涉護照 身份證 信用卡資料 事隔7個月始公佈
https://hk.news.appledaily.com/local/daily/article/20181025/20530468
國泰泄940萬客資料 延半年公布 包括護照身分證信用卡號碼 私隱署調查
https://news.mingpao.com/pns/dailynews/web_tc/article/20181025/s00001/1540405459314
國泰驚爆940萬乘客資料外洩 5月確認遭攻陷 涉信用卡身份證號碼等
http://www1.hkej.com/dailynews/article/id/1974285
國泰外洩940萬乘客資料 今年3月首發現系統有可疑
https://bit.ly/2EGy1Tu
CATHAY PACIFIC AIRWAYS LIMITED 國泰航空有限公司資料外洩事件
http://www.hkexnews.hk/listedco/listconews/SEHK/2018/1024/LTN20181024758_C.pdf
乘客求自保 專家:快改帳戶換卡
https://tw.appledaily.com/international/daily/20181026/38162155/
國泰疑以客戶真實資料測試遭黑客入侵 知情者:內部系統無咩保安
https://bit.ly/2CH5wTn
政府電腦被駭 7.5萬健保個資外洩
https://bit.ly/2q5XEmQ
美政府醫療網站被駭,7.5萬筆個資被竊
https://www.ithome.com.tw/news/126554
盜用日本人信用卡訂酒店問題曝光 損失額達數十億日元
https://tchina.kyodonews.net/news/2018/10/0c929a2c3dc1--.html
興業銀行信用卡中心因電銷欺騙投保人等兩項違規被處罰
https://news.sina.com.tw/article/20181019/28529310.html
稱「網路下單」騙帳戶 彩券行無辜成詐欺共犯
https://bit.ly/2S8e3nB
開免密支付被盜刷「只能自認倒楣」 中消協:蘋果應負起責任
https://www.ettoday.net/news/20181021/1286506.htm
黑客藉發送 Spotify Premium 電郵 詐騙用戶 Apple ID 資料
https://unwire.hk/2018/10/23/fake-spotify-email-phishing-scam-apple-id/tech-secure/
部分中國 Apple ID 被釣魚攻擊盜走,蘋果致歉
http://technews.tw/2018/10/19/apple-says-a-small-number-of-chinese-users-had-their-apple-ids-stolen/
意外責任險可以理賠個資外洩?產險界:只賠實體事故
https://www.ettoday.net/news/20181019/1285735.htm
沙國監控異議人士 《紐時》:買通推特員工取得個資
http://news.ltn.com.tw/news/world/breakingnews/2589246
注意! 社安署來電? 詐騙社安號等個資
https://bit.ly/2z2x2aa
二維碼詐騙花樣繁多防不勝防平台有安全管理義務
http://www.hkcd.com/content/2018-10/23/content_1106133.html
「寶特幣」啥米碗糕? 母子半年詐3268萬
https://tw.appledaily.com/new/realtime/20181023/1452693/
溫氏家族自創「寶特幣」詐3千萬 偽造蔡英文匾取信被害人
https://www.ettoday.net/news/20181023/1288327.htm
調研未來10大預測:社群媒體醜聞、安全漏洞 不如「隱私中毒」
http://ec.ltn.com.tw/article/breakingnews/2589505
詐騙案層出不窮 電信業每年損失170億美元
https://www.chinatimes.com/newspapers/20181025000321-260203
Texas Retirement Agency Portal Breach Affects 1.25 Million
https://www.bankinfosecurity.com/texas-retirement-agency-portal-breach-affects-125-million-a-11638
Yahoo Class Action Settlement: A $50 Million-Plus Sting
https://www.bankinfosecurity.com/yahoo-class-action-settlement-50-million-plus-sting-a-11635
India's Draft Data Protection Bill: The Wrong Approach
https://www.bankinfosecurity.asia/interviews/indias-draft-data-protection-bill-wrong-approach-i-4154
RBI's Data Localization Mandate: What Happens Next
https://www.bankinfosecurity.asia/rbis-data-localization-mandate-what-happens-next-a-11636
Are you Cyber Aware? How about your friends and family
https://nakedsecurity.sophos.com/2018/10/24/are-you-cyber-aware-how-about-your-friends-and-family/
Adult websites shuttered after 1.2 million user details exposed
https://nakedsecurity.sophos.com/2018/10/23/adult-websites-shuttered-after-1-2-million-user-details-exposed/
Facebook Fined £500,000 for Cambridge Analytica Data Scandal
https://bit.ly/2Sif7Fm
E.研究報告
libSSH認證繞過漏洞(CVE-2018-10933)分析
https://paper.seebug.org/720/
libSSH 認證繞過漏洞(CVE-2018-10933)分析
https://zhuanlan.zhihu.com/p/47197657
D-Link 850L&645路由漏洞分析
https://hk.saowen.com/a/300c17ede5efa643437a7358af827bbb70859c68a18f1b3c3425bd4852b1658b
挖洞經驗| 價值3133.7美金的谷歌(Google)存儲型XSS漏洞
http://www.freebuf.com/articles/web/186463.html
黑客基礎,Metasploit模塊簡介,滲透攻擊模塊、攻擊載荷模塊
http://netsecurity.51cto.com/art/201810/585354.htm
開小灶:隱藏bash歷史命令的小技巧
http://netsecurity.51cto.com/art/201810/585251.htm
深入分析MikroTik RouterOS CVE-2018-14847 & Get bash shell
http://www.freebuf.com/vuls/187272.html
MI 小米小米手環3 NFC功能探索
https://post.smzdm.com/p/akmr64o9/?fbclid=IwAR2v8Y-JFZLMYJKwKIBQsTJUIFNer6Y0cunjuEetmZy8t8OvzS21iZw6vCg
通殺絕⼤多數交易平台的Tradingview Dom XSS漏洞分析
http://www.freebuf.com/vuls/186638.html
個案分析-Pylocky勒索病毒攻擊事件分析報告_10710
https://cert.tanet.edu.tw/prog/opendoc.php?id=2018102201103030474941237511262.pdf
Micropatch for SandboxEscaper's "deletebug" 0day
https://bit.ly/2CGP3hJ
Exploit kits: fall 2018 review
https://blog.malwarebytes.com/threat-analysis/2018/10/exploit-kits-fall-2018-review/
CVE-2018–8414: A Case Study in Responsible Disclosure
https://posts.specterops.io/cve-2018-8414-a-case-study-in-responsible-disclosure-ff74c39615ba
CVE-2018–8212: Device Guard/CLM bypass using MSFT_ScriptResource
https://posts.specterops.io/cve-2018-8212-device-guard-clm-bypass-using-msft-scriptresource-b6cc2318e885
New Windows Zero-Day Bug Helps Delete Any File, Exploit Available
https://bit.ly/2CDTt9g
Discovering Hidden Email Gateways with OSINT Techniques
https://medium.com/iron-bastion/discovering-hidden-email-servers-with-osint-2dbf07559626
Code Structure and Readability Part 4 — Project Structure
https://medium.com/swift2go/code-structure-and-readability-part-4-project-structure-99f9a6671ce3
Deeplens Enabled Product Detection
https://medium.com/@ananthsrinivas/deeplens-enabled-product-detection-9e797dace8f6
GraphQL: A success story for PayPal Checkout
https://bit.ly/2AttrUO
The Fuzzing Project
https://fuzzing-project.org/?fbclid=IwAR3K_g2QFR4FF7-Za9vt-Epq7H2aSp39xWX1suVeWt3f3xgYRFDxWr7ujXk
Hawkeye scanner-cli v1.3.2 releases: security/vulnerability/risk scanning tool
https://securityonline.info/hawkeye/?fbclid=IwAR35woyvVi0yRkTS_7vrmjfJwwGPX15MOah6c6Xol2ZHqupEKQipZso-dsQ
btrForensics: Forensic Analysis Tool for Btrfs File System
https://securityonline.info/btrforensics/?fbclid=IwAR0w3cstc1f1siWMCZ9yi5hqvzf3MCRRqc3mPVxYK_cC4ovtnJrsYgYOm7c

F.商業
率先支援 WPA3 新制式 Synology MR2200ac 可能是功能最強的 Mesh Wi-Fi
https://bit.ly/2yU6Z51
IBM推出管理工具投入多雲戰局,支援AWS、微軟及紅帽
https://www.ithome.com.tw/news/126524
資安產業大逆襲 零壹搶攻資安商機
https://www.wantgoo.com/news/content/index?ID=872967
據報 Facebook 正計劃收購一家「主要」網路安全公司
https://chinese.engadget.com/2018/10/21/facebook-may-buy-large-cybersecurity-company/
Facebook 拯救資安,傳聞年底前收購網路安全公司
https://technews.tw/2018/10/22/facebook-cybersecurity-company-acquisition/
KPMG安侯建業專欄-CEO也要了解的網路安全知識
https://bit.ly/2CZvu5s
與新加坡競爭資料中心商機,印尼搶亞馬遜、Google 進駐
https://finance.technews.tw/2018/10/23/data-center-in-southeast-market/
國際科技顧問公司TaskUs正式來台進駐
https://money.udn.com/money/story/10860/3436933
把安全總部設在卡車裡!IBM 推出業界首款行動式網路安全作業中心、根本就是電影FBI的特勤戰術中心
https://www.techbang.com/posts/62077-ibm-launches-the-industrys-first-ever-mobile-network-security-operations-center
資安即國安 IBM 推國防等級「網路安全作業中心」行動車
http://ec.ltn.com.tw/article/breakingnews/2590280
華為設資安實驗室博取德政府信賴 為5G設備銷售鋪路
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000545430_5g95z91v2ffa6h1f4kzao
思科新版ACI加強支援OpenStack及Kubernetes
https://www.ithome.com.tw/news/126649
G.政府
警政署力推智慧警政,打造大數據分析平臺以提高網路犯罪偵查率
https://www.ithome.com.tw/news/126521
國防部前副處長:川普政府的「中國威脅論」
https://tw.appledaily.com/new/realtime/20181019/1450589/
國際刑警組織拒邀台灣 賴清德:中國打壓
http://news.ltn.com.tw/news/politics/breakingnews/2585565
機械公會5大決議 籲政府防堵漏洞
https://www.chinatimes.com/newspapers/20181019000305-260202
金管會納入央行理事 顧立雄:沒推動此事
https://tw.appledaily.com/new/realtime/20181022/1452040/
金管會主委去當央行理事 中央銀行公開說不要
https://money.udn.com/money/story/5613/3435570
金管會主委 不須列央行理事
https://udn.com/news/story/7239/3436783
金融帳戶資料自己帶著走 金管會研擬「打開銀行」
https://tw.finance.appledaily.com/realtime/20181026/1454481
金管會:已無多餘預算,南部金融園區恐須自籌財源
https://bit.ly/2SgczYu
虛擬貨幣ICO 金管會將納管
http://ec.ltn.com.tw/article/paper/1241426
顧立雄:ICO如涉有價證券擬納管 最快明年6月制定辦法
https://m.moneydj.com/f1a.aspx?a=8946b723-93e1-4e4f-a51f-5ba05fd8d023
首次代幣發行若涉有價證券或股權 金管會最快明年納管
https://shareba.com/module/news/292299892011761704.html
國家資安人才培訓新戰略,行政院資安學院本周開跑
https://www.ithome.com.tw/news/126584
經濟部建立資安服務共用機制 強化資安聯防 舒緩預算與人力
https://bit.ly/2qdSsgM

H.工控系統  SCADA / ICS Security
正視工廠生產線上的資安威脅,徹底改變防護概念為當務之急
https://www.ithome.com.tw/news/126417
惡意威脅無孔不入,機臺安全從4大防護面向做起
https://www.ithome.com.tw/news/126418
IoT e SCADA Security: CHECK POINT e AXIANS insieme
https://www.zerounoweb.it/techtarget/searchsecurity/iot-e-scada-security-check-point-e-axians-insieme/
OT security key to bringing expansion plans to fruition
https://www.itweb.co.za/content/KPNG878dp1474mwD
DHS warns of another dangerous flaw in Advantech WebAccess SCADA software
https://www.cso.com.au/article/648657/dhs-warns-another-dangerous-flaw-advantech-webaccess-scada-software/
Security in the driving seat for IT innovation in UAE: experts
https://www.tahawultech.com/industry/technology/rsa-security-driving-seat-innovation/
More exploits: the great PLC hack
https://www.controldesign.com/articles/2018/more-exploits-the-great-plc-hack/
EclecticIQ strengthens threat intelligence for critical infrastructures with new integrations
https://prn.to/2PnCnTF
STATE & LOCALBIG DATACLOUDCYBERSECURITYDATA CENTERSEMERGING TECHMOBILERESOURCESEVENTS
https://gcn.com/articles/2018/10/19/critical-infrastructure-security.aspx
Industrial Control Systems Security Market Global Growth, Opportunities, Industry Analysis & Forecast to 2023
https://bit.ly/2PnCsXt
Brown And Caldwell Strengthens Smart Utility Offering With BC Blue
https://paymentweek.com/2018-10-24-brown-caldwell-strengthens-smart-utility-offering-bc-blue/
APT Group GreyEnergy Sparks Worry About BlackEnergy Successor
https://securityintelligence.com/news/apt-group-greyenergy-sparks-worry-about-blackenergy-successor/

I.教育訓練類
WordPress筆記:初始安裝的原始文件檔案和資料夾目錄列表
https://www.vedfolnir.com/wordpress-original-files-and-directory-list-29834.html
CS:APP 學習指引
https://hackmd.io/c/S1vGugaDQ/https%3A%2F%2Fhackmd.io%2Fs%2FSJ7V-qikG%23
三十篇資安實例分享及解析DAY 11-- TAAZE"讀冊生活"二手書平台,個資外洩遭詐騙。
https://ithelp.ithome.com.tw/articles/10202362?sc=iThelpR
三十篇資安實例分享及解析DAY 12--科技董座扮「白帽駭客」,竄改高鐵票價,判賠15萬寫悔過書
https://ithelp.ithome.com.tw/articles/10202684?sc=iThelpR
三十篇資安實例分享及解析DAY 13--羽球球后戴資穎IG被駭,駭客詐騙募款
https://ithelp.ithome.com.tw/articles/10203118
三十篇資安實例分享及解析DAY 14--京晨科技,國產監視器軟體漏洞,監視器恐有被駭風險
https://ithelp.ithome.com.tw/articles/10204042
三十篇資安實例分享及解析DAY 15--智樂堂『刀龍傳說』遭殭屍病毒攻擊
https://ithelp.ithome.com.tw/articles/10204251
三十篇資安實例分享及解析DAY 16--高雄十全果菜市場遭『WannaCry 』勒索,付贖金才得已解鎖
https://ithelp.ithome.com.tw/articles/10204560
三十篇資安實例分享及解析DAY 17--嫌犯利用民眾設定密碼習性,破解Google雲端竊取個資,轉走銀行存款
https://ithelp.ithome.com.tw/articles/10205054?sc=rss.qu
[Day05]各部門的角色與職責
https://ithelp.ithome.com.tw/articles/10202918
Day8-學校資安健檢
https://ithelp.ithome.com.tw/articles/10204419
資安補帖─Day9─Web Security
https://ithelp.ithome.com.tw/articles/10203821?sc=iThelpR
資安補帖─Day10─簡單CTF套路工具使用
https://ithelp.ithome.com.tw/articles/10203454?sc=iThelpR
資安補帖─Day13─社交工程
https://ithelp.ithome.com.tw/articles/10204414
資安補帖─Day14─Awesome資安資源介紹
https://ithelp.ithome.com.tw/articles/10204751
資安補帖─Day15─如何增進CTF能力
https://ithelp.ithome.com.tw/articles/10205234?sc=rss.qu
[Day 5] 這個漏洞有多嚴重? [上]
https://ithelp.ithome.com.tw/articles/10203313?sc=iThelpR
[Day 6] 這個漏洞有多嚴重? [下]
https://ithelp.ithome.com.tw/articles/10203906
[Day 9] 找到漏洞好興奮,我想給他一個名份 [上]
https://ithelp.ithome.com.tw/articles/10204617
[Day 11] 挖漏洞補錢包洞
https://ithelp.ithome.com.tw/articles/10205215?sc=rss.qu
Day-8 社交工程
https://ithelp.ithome.com.tw/articles/10204537
挖洞姿勢:淺析命令注入漏洞
https://www.secpulse.com/archives/76588.html
8 Popular Courses to Learn Ethical Hacking – 2018 Bundle
https://bit.ly/2AjnQQH
Malware Analysis Using Memory Forensics
https://www.secjuice.com/malware-analysis-memory-forensics/

J.玄武實驗室每日安全動態推送
每日安全動態推送(10-22)
https://tw.weibo.com/xuanwulab/4297916007523896
每日安全動態推送(10-23)
https://tw.weibo.com/xuanwulab/4298268290449593
每日安全動態推送(10-24)
https://tw.weibo.com/xuanwulab/4298636638420333
每日安全動態推送(10-25)
https://tw.weibo.com/xuanwulab/4298998238099174
每日安全動態推送(10-26)
https://tw.weibo.com/xuanwulab/4299369413160473

K.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
Arm將與Cybereason攜手開發強調安全性的IoT晶片
https://www.ithome.com.tw/news/126525
資安標準論壇 聚焦物聯網
https://www.chinatimes.com/newspapers/20181019000524-260210
連網裝置需要更安全的記憶體
https://www.eettaiwan.com/news/article/20181023NT01-connected-devices-need-more-secure-memory
要偷特斯拉 Model S,手機+平板即可複製車鑰匙
https://technews.tw/2018/10/25/thieves-steal-a-tesla-model-s-by-hacking-the-entry-fob/
Botnets Keep Brute-Forcing Internet of Things Devices  October 24, 2018 
https://www.bankinfosecurity.com/botnets-keep-brute-forcing-internet-things-devices-a-11637

4.近期資安活動及研討會
  
  物聯網資安培訓課程(中華民國資訊軟體協會) 10/26 ~ 11/9
  https://w3.iiiedu.org.tw/coursedetail.php?id=ICSA01I&l=35&c=ICSA01I1801
  金融資安培訓課程(台灣雲端安全聯盟) 10/26 ~ 11/3
  https://w3.iiiedu.org.tw/coursedetail.php?id=FCSA02I&l=30&c=FCSA02I1801
  亥客書院 -惡意程式檢測實務 10/27
  https://hackercollege.nctu.edu.tw/?p=885
  ISDA 白帽駭客巡迴入門〈1〉10/27
  https://reg.isda.org.tw/info.php?no=27
  TANET 2018-台灣網際網路研討會 暨資訊工程X智慧計算學門成果發表會 10/21 ~ 10/26
  https://cis.ncu.edu.tw/SeminarSys/activity/TANET2018/home
  Azure TechDay 年度盛會 10/30 台北場
  https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x4963751abcd
  Red Hat Forum 2018 TAIPEI  11/2
  https://www.redhat.com/en/events/red-hat-forum-taipei-2018?sc_cid=701f2000001OEJMAA4
  物聯網資安實務課程(台灣雲端安全聯盟) 11/2 ~ 11/10
  https://w3.iiiedu.org.tw/coursedetail.php?id=ICSA03I&l=30&c=ICSA03I1801
  ISDA 白帽駭客巡迴入門〈1〉11/03
  https://reg.isda.org.tw/info.php?no=28
  Building and Investigation with EnCase? (DF210) (原CF2)  11/5 ~ 11/8
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=41
  Imperva 2018 資安趨勢論壇 11/7
  https://seminar.ithome.com.tw/live/20181107Imperva/index.html
  亥客書院 - DDoS原理與實務  11/10
  https://hackercollege.nctu.edu.tw/?p=774
  認證系統安全從業人員SSCP輔導班  11月10日至11月18日
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=277
  新型態資安實務示範課程教學教師研習營  11/10 ~ 11/11
  https://docs.google.com/forms/d/e/1FAIpQLScCByNq_aQ6kIXawayMQPq9yMTtlFXkQ6JVTPrtpBh3TVGzoA/viewform
  Magnet原廠授權認證課程Magnet AXIOM Examinations 11/12 ~ 11/15
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=42
  SQL Migration to Azure Data service實作課 11/13
  https://bit.ly/2Nx6tiy
  資安趨勢與企業因應管理(可抵內稽)  11月13日
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=280
  原廠認證Cellebrite Certified Operator (CCO)  11/19 ~ 11/20
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=43
  Fortinet 2018 數位 X 資安 轉型論壇  11/15
  https://seminar.ithome.com.tw/live/2018fortinet/index.html?eDM_V1
  網站安全與稽核簡介(Ⅰ)(可抵內稽)  11月15日
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=281
  網站安全與稽核簡介(Ⅱ)(可抵內稽)  11月23日
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=282
  認證資訊系統安全專家 CISSP 輔導班 11月24日至12月8日
  https://twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=278
  Metasploit與滲透測試實務 11/25 ~ 11/26
  https://hackercollege.nctu.edu.tw/?p=641
  EnCase EnCE 認證考試 Preparation 課程  12/5 ~ 12/7
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=44
  駭客入侵調查暨資安緊急應變實務 12/10 ~ 12/11
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=45
  台灣駭客年會 HITCON Pacific 2018 12/13 ~ 12/14
  https://hitcon.kktix.cc/events/hitcon-pacific-2018
  亥客書院 - 進階網頁滲透測試  12/15
  https://hackercollege.nctu.edu.tw/?p=323
  專業手機暨硬碟資料救援教育訓練課程 12/26 ~ 12/28
  http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=46
  亥客書院 - 高階網頁滲透測試    2019/1/5
  https://hackercollege.nctu.edu.tw/?p=768

沒有留言:

張貼留言