資安事件新聞週報 1/14 ~ 1/18
1.重大弱點漏洞
ForeScount :智慧建築含有諸多零時差漏洞
https://ithome.com.tw/news/128278
思科修補可能產生永久服務阻斷的AsyncOS漏洞
https://www.ithome.com.tw/news/128226
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation
https://www.exploit-db.com/exploits/46189
F-Secure研究員發現35年曆史的SCP客户端漏洞
https://hk.saowen.com/a/6848003ea4baf1d5b8edf2783c7e5f10055fe7aa8734828c7586f736fd4bf513
Oracle Critical Patch Update for January 2019
https://bit.ly/2ssuyPB
甲骨文產品多個漏洞
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Oracle Reports Developer 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2413
Oracle Database Server 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2547
網路印表機設備未正確設置存在漏洞
http://net.nthu.edu.tw/netsys/mailing:announcement:20190109_01
5個熱門網站代管平台皆含有安全漏洞
https://ithome.com.tw/news/128262
5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws
https://bit.ly/2DfcL4A
Linux系統systemd-journald服務本地提權漏洞分析預警
https://www.anquanke.com/post/id/169761
研究人員發現某安全漏洞提交給微軟但微軟拒絕進行修復
https://www.landiannews.com/archives/54726.html
(0day) Microsoft Windows vcf File Insufficient UI Warning Remote Code Execution Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-19-013/
PoC for Windows VCF zero-day published online
https://www.zdnet.com/article/poc-for-windows-vcf-zero-day-published-online/#ftag=RSSbaffb68
PHP Scripts Mall Advance Peer to Peer MLM Script 安全漏洞 CVE-2019-6126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6126
Metasploit, popular hacking and security tool, gets long-awaited update
https://www.zdnet.com/article/metasploit-popular-hacking-and-security-tool-gets-long-awaited-update/#ftag=RSSbaffb68
ThinkPHP5遠程命令執行漏洞
https://www.freebuf.com/vuls/194105.html
Juniper Junos Space Network Management Platform 安全漏洞 CVE-2019-0017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0017
多款Juniper產品Junos OS 安全漏洞
https://vigilance.fr/vulnerability/Junos-OS-EX-QFX-privilege-escalation-via-Stateless-Firewall-IPv6-Extension-Headers-28221
Cisco IP Phone 8800 Series代碼注入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0461
Imperva SecureSphere 安全漏洞 CVE-2018-5412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5412
Imperva SecureSphere PWS組件安全漏洞 CVE-2018-5403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5403
涉及WordPress的漏洞2018年增長了三倍
https://www.hackeye.net/threatintelligence/18499.aspx
亞馬遜旗下Ring攝像頭漏洞:支持團隊能查看隱私視頻
http://www.twoeggz.com/news/13090448.html
Imperva:2018年Web應用程序漏洞與2017年相比增加了21%
https://www.linuxidc.com/Linux/2019-01/156300.htm
The State of Web Application Vulnerabilities in 2018
https://www.imperva.com/blog/the-state-of-web-application-vulnerabilities-in-2018/
Microsoft Windows CONTACT - Remote Code Execution
https://www.exploit-db.com/exploits/46188
Microsoft Edge安全繞過漏洞 CVE-2018-8530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8530
Microsoft Windows Hyper-V遠程代碼執行漏洞 CVE-2018-8490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8490
Microsoft Windows GDI組件本地信息洩露漏洞 CVE-2018-8472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8472
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
https://www.exploit-db.com/exploits/46185
Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free
https://www.exploit-db.com/exploits/46184
Microsoft Windows JET引擎Msrd3x代碼執行漏洞
http://www.mottoin.com/tech/134107.html
Microsoft Windows DHCP Client遠程代碼執行漏洞 CVE-2019-0547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0547
Windows Update failed? Here are 10 fixes you can try
https://www.zdnet.com/article/windows-update-failed-here-are-10-fixes-you-can-try/#ftag=RSSbaffb68
Microsoft's Windows 7 has one year of free support left
https://www.zdnet.com/article/microsofts-windows-7-has-one-year-of-free-support-left/#ftag=RSSbaffb68
Microsoft's latest Windows 10 19H1 test build separates search and Cortana
https://www.zdnet.com/article/microsofts-latest-windows-10-19h1-test-build-separates-search-and-cortana/#ftag=RSSbaffb68
Linux systemd受內存損壞漏洞影響,尚無補丁
http://netsecurity.51cto.com/art/201901/590453.htm
New Systemd Privilege Escalation Flaws Affect Most Linux Distributions
https://bit.ly/2STfohV
Nelson Open Source ERP SQL注入漏洞
https://cxsecurity.com/issue/WLB-2019010115
Intel Optane SSD DC P4800X 安全漏洞 CVE-2018-12166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12166
libpng 安全漏洞 CVE-2019-6129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6129
Bodhi 跨站腳本漏洞 CVE-2017-1002152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1002152
Blob Studio 2.17拒絕服務 - CXSecurity.com
https://www.anquanke.com/vul/id/1450459
UA-Parser Denial Of Service - CXSecurity.com
https://www.anquanke.com/vul/id/1450458
Google Chrome V8緩衝區溢出漏洞 CVE-2017-15428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15428
NEC Aterm W300P操作系統命令注入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0630
libIEC61850 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6135
AudioCodes 400HD 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10091
Firefox will finally fix annoying page jumps
https://www.zdnet.com/article/firefox-will-finally-fix-annoying-page-jumps/#ftag=RSSbaffb68
SCP implementations impacted by 36-years-old security flaws
https://www.zdnet.com/article/scp-implementations-impacted-by-36-years-old-security-flaws/#ftag=RSSbaffb68
Details published about vulnerabilities in popular building access system
https://www.zdnet.com/article/details-published-about-vulnerabilities-in-popular-building-access-system/#ftag=RSSbaffb68
Desenvolvido por Fidelizarte Web Design Portugal SQL Injection - CXSecurity.com
https://www.anquanke.com/vul/id/1450656
WordPress to show warnings on servers running outdated PHP versions
https://www.zdnet.com/article/wordpress-to-show-warnings-on-servers-running-outdated-php-versions/#ftag=RSSbaffb68
Docker 再曝安全漏洞,這次是PWD 的問題
https://www.infoq.cn/article/N8o1NWv6r6hgCml*u0tG
Google Android越界寫入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9551
臉書漏洞獵人每月平均發現0.87個漏洞,平均年薪為3.4萬美元
https://www.ithome.com.tw/news/128323?fbclid=IwAR3Vy-9ZheyGDkxUdB93kMCbJlRBk0_S5vgKN84UQR4o869oCUDmhUSWGFM
美國國防部數據庫代碼執行漏洞(CVE-2018-16803)
https://nosec.org/home/detail/2177.html
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
搶攻純網銀 國票金組金融隊
https://www.chinatimes.com/newspapers/20190114000485-260102
讓銀行負責保護顧客私人資料
https://www.hbrtaiwan.com/article_content_AR0008585.html
參與的金融機構數量達到 200 家 Brad Garlinghouse:銀行終究會使用 XRP
https://blockcast.it/2019/01/11/ripple-ceo-to-critics-after-obtaining-200-clients/
啟動全民保單存摺 13家壽險聯合保護5座大安森林大作戰
https://www.ettoday.net/news/20190111/1354391.htm
交由銀行自願自律化辦理 資料權open 金管會傾向星模式
https://bit.ly/2AN0zqb
台灣開放銀行腳步慢 客戶資料權恐怕只是第一道問題
https://bit.ly/2RrJ8FY
李維斌 任北富銀數位金融顧問
https://www.chinatimes.com/newspapers/20190112000298-260205
臺北市前資訊局長李維斌轉戰產業界,正式加入北富銀,將負責金融科技、大數據和雲端建設
https://ithome.com.tw/news/128187
布局純網銀 渣打:今年會很忙
https://bit.ly/2VRA6Rd
涉偽造信用卡遭泰逮捕 台嫌羈押巴達雅監獄
https://money.udn.com/money/story/5599/3590464
年關將近防搶案 中正二分局建立金融防護網
http://news.ltn.com.tw/news/society/breakingnews/2671452
財金函證區塊鏈 銀行增至27家
https://www.chinatimes.com/newspapers/20190115000310-260205
財金公司金融區塊鍊函證正式上線 百家會計師響應
https://www.ettoday.net/news/20190114/1356269.htm
又一銀行與多家P2P解約 網貸行業出清仍在繼續
https://news.sina.com.tw/article/20190116/29699926.html
台伊清算機制停擺 貿易局:持續溝通盼恢復
https://bit.ly/2SXL9Gu
安永調查:銀行加速數位轉型 首重風險管理
https://news.cnyes.com/news/id/4269270
全球84%金融業 網路安全列首要風險
https://bit.ly/2FvhfGI
人工智慧下的金融科技資安威脅情資與聯防
https://www.fisc.com.tw/Upload/2e644695-04a9-44cf-8841-80936503cc5a/TC/9403.pdf
數位轉型中 銀行業最擔心網路攻擊
https://www.ettoday.net/news/20190116/1357771.htm
加國康富儲蓄遭駭客入侵 140客戶資金被盜
http://www.epochtimes.com/b5/19/1/17/n10981978.htm
公股行庫拚消金 射五箭
https://money.udn.com/money/story/5613/3600150
US Secret Service is probing how crooks use smart credit cards for fraud
https://engt.co/2FuBJ1g
A Fraud-Fighting Strategy for P2P Payments
https://www.bankinfosecurity.com/interviews/fraud-fighting-strategy-for-p2p-payments-i-4219
Card-Not-Present Fraud Costs Mount
https://www.bankinfosecurity.asia/interviews/card-not-present-fraud-costs-mount-i-4218
Neiman Marcus Settles Lawsuit Over Payment Card Breach
https://www.databreachtoday.com/neiman-marcus-settles-lawsuit-over-payment-card-breach-a-11923
Card-Not-Present Fraud Growth: No End in Sight
https://www.bankinfosecurity.com/interviews/card-not-present-fraud-growth-no-end-in-sight-i-4217
RETAILERS TO LOSE $130BN GLOBALLY IN CARD-NOT-PRESENT FRAUD OVER THE NEXT 5 YEARS
https://www.juniperresearch.com/press/press-releases/retailers-to-lose-$130bn-globally
Mastercard boosts online payment security efforts in LatAm
https://www.zdnet.com/article/mastercard-boosts-online-payment-security-efforts-in-latam/#ftag=RSSbaffb68
North Korean hackers infiltrate Chile's ATM network after Skype job interview
https://www.zdnet.com/article/north-korean-hackers-infiltrate-chiles-atm-network-after-skype-job-interview/
Phishing expedition gives hackers entrée to Chile's ATM network
https://www.atmmarketplace.com/news/phishing-expedition-gives-hackers-entree-to-chiles-atm-network/
Google Chrome extension that steals card numbers still available on Web Store
https://www.zdnet.com/article/google-chrome-extension-that-steals-card-numbers-still-available-on-web-store/#ftag=RSSbaffb68
Advertising network compromised to deliver credit card stealing code
https://www.zdnet.com/article/advertising-network-compromised-to-deliver-credit-card-stealing-code/#ftag=RSSbaffb68
Ukrainian Police Arrest 6 Hackers Linked to DDoS and Financial Attacks
https://bit.ly/2U3Syob
Unprotected Government Server Exposes Years of FBI Investigations
https://bit.ly/2FAhGj7
West African banks hit by multiple hacking waves last year
https://www.zdnet.com/article/west-african-banks-hit-by-multiple-hacking-waves-last-year/#ftag=RSSbaffb68
徵才 - 合庫證招募資安主管 1/21截止報名
https://money.udn.com/money/story/5636/3591233
3.電子支付/行動支付/ 新聞及資安
二維碼支付殺入港鐵 八達通未驚過
http://www.hkcd.com/content/2019-01/14/content_1119207.html
街口撒銀彈 下一步打造台版餘額寶
https://www.wealth.com.tw/home/articles/19357
中銀新措施!華電商可透過跨境支付系統在美國收取人民幣
https://hk.on.cc/hk/bkn/cnt/finance/20190113/bkn-20190113182627241-0113_00842_001.html
本土行動支付「台灣Pay」 網友讚爆這家最好用
http://www.skyqzone.com/article/Qko1TmRvMVA4YWs9
悠遊卡新董座爆黑馬 傳吳嘉沅將出掌
https://money.udn.com/money/story/5613/3591930
台北市悠遊卡新董座 傳吳嘉沅接掌
http://news.ltn.com.tw/news/local/paper/1261317
悠遊卡拚電子支付執照
https://bit.ly/2TVnoPH
監獄開通電子支付服務可存錢 網民大讚方便
https://hk.on.cc/hk/bkn/cnt/cnnews/20190114/bkn-20190114220150752-0114_00952_001.html
北京監獄開通支付寶存款服務 家屬可為獄內親人存款
https://news.sina.com.tw/article/20190114/29679950.html
行動票證APP 8月上線
https://bit.ly/2QMIhup
新加坡《支付服務法案》將出爐:有三種牌照類型包含電子錢包
http://paynews.net/article-36692-1.html
電子支付搶破頭 臺灣銳付掌握加密貨幣新藍海
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000551703_UCV6M0QZ1IUZBK2VQXCVV
「轉數快」保安3招 多重認證+轉賬限額+實時通知
https://unwire.hk/2019/01/16/hase/life-tech/
智慧票證暨轉運站加值消費APP 8月上線
https://bit.ly/2RTeDbf
Account Pay 時代來臨了
https://www.fisc.com.tw/Upload/2e644695-04a9-44cf-8841-80936503cc5a/TC/9406.pdf
NFC Payments: Relay Attacks with LoRa
https://bit.ly/2ssNNbD
Banco do Brasil launches cash withdrawals via WhatsApp
https://www.zdnet.com/article/banco-do-brasil-launches-cash-withdrawals-via-whatsapp/#ftag=RSSbaffb68
The Move to Tokenization Spreads
https://www.bankinfosecurity.asia/move-to-tokenization-spreads-a-11936
4.虛擬貨幣/區塊鍊 新聞及資安
報告:區塊鏈在物聯網產業內的應用量翻倍
http://news.knowing.asia/news/2d916dd0-2fe2-44a2-8264-f6823aa4d259
道高一尺魔高一丈 區塊鏈技術突破中國網路管制
https://www.rti.org.tw/news/view/id/2008023
中國區塊鏈法規實名制定案!2月正式上路
https://ec.ltn.com.tw/article/breakingnews/2670209
櫃買中心 通過統一ETN指數認可案
https://money.udn.com/money/story/5739/3588307
改變支付方式!蒙古推出首個區塊鏈支付系統「Terra」
https://news.sina.com.tw/article/20190111/29644044.html
2019區塊鏈應用大爆發,區塊鏈能助力支付系統嗎
http://news.knowing.asia/news/cbce1096-061f-418f-9319-cd0e22898a05
山寨幣交易所 「Cryptopia」公告遭駭客攻擊,成為 2019 年第一起交易所駭客事件
https://www.blocktempo.com/crypto-exchange-cryptopia-hacked-police-starts-investigation/
新西蘭加密交易所Cryptopia 發現安全漏洞,損失重大
https://www.chainnews.com/news/147427936334.htm
來自經典以太坊的攻擊者又一重磅炸彈
http://news.knowing.asia/news/f3dcf1a3-b4e0-44a3-87a2-2edf82b8d5cc
矽谷風投教父Tim Draper:比特幣革命才剛剛開始
http://news.knowing.asia/news/cfdf0011-f4a2-4f9a-ba10-0f23a841cf59
因涉嫌加密貨幣交易 印度一家銀行欲關閉客戶賬戶
https://news.sina.com.tw/article/20190116/29701728.html
大事件!以太坊升級版本發現漏洞,硬分叉被迫推遲
https://bit.ly/2stNtcX
由於安全漏洞,以太坊的君士坦丁堡升級面臨延遲
https://bit.ly/2Dh1BML
ICO、加密貨幣通通跑不掉!馬來西亞納入證券法管制範圍
https://bit.ly/2FEUnDU
約400家交易所存在高危漏洞
https://hk.saowen.com/a/b1fde09f73ac4ca1da085286a5fb81164c3a410a2f4a2dfcc7add19cacf3f484
BEAM CTO:BEAM 錢包漏洞為應用程序本身bug
https://www.chainnews.com/news/122207195797.htm
A simple guide for how to write unit tests for smart contracts
https://blog.upstate.agency/a-simple-guide-for-how-to-write-unit-tests-for-smart-contracts-8ec4b645f57b
Blockchain-based P2P betting
https://medium.com/coinmonks/blockchain-based-p2p-betting-810eadb092d
51 percent Ethereum Classic hacker returns $100,000 in stolen cryptocurrency
https://www.zdnet.com/article/51-percent-ethereum-hacker-returns-100000-in-stolen-cryptocurrency/#ftag=RSSbaffb68
New Ethereum version postponed after discovery of serious security flaw
https://www.zdnet.com/article/new-ethereum-version-postponed-after-discovery-of-serious-security-flaw/#ftag=RSSbaffb68
Cryptopia cryptocurrency exchange pulled offline due to security breach
https://www.zdnet.com/article/cryptopia-cryptocurrency-exchange-pulled-offline-cites-security-breach/#ftag=RSSbaffb68
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體
專門鎖定大型企業的Ryuk勒索軟體5個月就替駭客賺進370萬美元
https://ithome.com.tw/news/128232
18 歲了!分析 Shadow Brokers 駭客集團外流的長青惡意程式Tildeb
https://blog.trendmicro.com.tw/?p=58434
Mirai蠕蟲病毒變種正在利用12月公告的ThinkPHP高危漏洞(CNVD-2018-24942)傳播
https://s.tencent.com/research/report/635.html
「海盜灣」病毒捲土重來,劫持算力私自挖礦
http://news.knowing.asia/news/f1afe736-be3f-4a5b-b1b7-9633c16715ee
勒索病毒MongoLock變種不加密,直接刪除檔案,再格式化備份磁碟,台灣列為重大感染區
https://blog.trendmicro.com.tw/?p=58693
Ransomware attack sends City of Del Rio back to the days of pen and paper
https://www.zdnet.com/article/ransomware-attack-sends-city-of-del-rio-back-to-the-days-of-pen-and-paper/#ftag=RSSbaffb68
Malware found preinstalled on some Alcatel smartphones
https://zd.net/2H6Bqw5
PyLocky Ransomware Decryption Tool Released — Unlock Files For Free
https://bit.ly/2FxJKmu
Ryuk ransomware gang probably Russian, not North Korean
https://www.zdnet.com/article/ryuk-ransomware-gang-probably-russian-not-north-korean/#ftag=RSSbaffb68
NotPetya an ‘act of war,’ cyber insurance firm taken to task for refusing to pay out
https://www.zdnet.com/article/notpetya-an-act-of-war-cyber-insurance-firm-taken-to-task-for-refusing-to-pay-out/#ftag=RSSbaffb68
Ransomware Claims to Fund Child Cancer Treatments
https://www.bankinfosecurity.com/ransomware-claims-to-fund-child-cancer-treatments-a-11938
Emotet re-emerges after the holidays
https://blog.talosintelligence.com/2019/01/return-of-emotet.html
NanoCore Trojan is protected in memory from being killed off
https://www.zdnet.com/article/nanocore-trojan-stops-you-killing-its-process/#ftag=RSSbaffb68
4 Mobile Banking Trojan Families to Fear According to McAfee
https://financialit.net/blog/4-mobile-banking-trojan-families-fear-according-mcafee
A New Variant of Ursnif Banking Trojan Distributed Through Malicious Microsoft Word Documents
http://redsecurium.blogspot.com/search/label/ursnf%20banking%20trojan
.Net RAT Malware Being Spread by MS Word Documents
https://bit.ly/2HcAg2e
PLOT SENSE HAT DATA WITH MATPLOTLIB WITH DASHBOARD PI
https://www.raspberrypi.org/magpi/plot-sense-hat-data/?fbclid=IwAR2iB7MwkqASMQONYGsrvhSGzdEpf6RXy6F2TX-pTQZsd0QRI7kovbGdkX0
CryptoAPI in Malware
https://bit.ly/2svecph
Microsoft and VirusTotal Team Up to Detect Malicious Signed MSI Files
https://bit.ly/2Cy81p4
Manalyze : A static analyzer for PE executables
https://github.com/JusticeRage/Manalyze
B.行動安全 / iPhone / Android / App
APP,下載了方便?開始了夢魘
https://tw.news.appledaily.com/forum/realtime/20190112/1499379
警惕健康健身APP可能帶來的幾大安全隱患
https://www.bbc.com/zhongwen/trad/science-46824619
WhatsApp漏洞無故刪除用戶聊天記錄對安卓用戶造成影響
http://www.sohu.com/a/289076849_115060
旅途用公眾網路也要防資安 趨勢科技分享五大資安密技
https://bit.ly/2FtgApo
你還敢用嗎?美智庫:抖音恐成中國間諜工具
https://bit.ly/2QSj3uz
抖音疑被盯上 美警告搜集情報覆蓋全球
https://bit.ly/2QP6O1P
App檢測通過名錄
http://www.mas.org.tw/app_cert_list.php
Twitter bug revealed private tweets for some Android users for almost five years
https://www.zdnet.com/article/twitter-bug-revealed-private-tweets-for-some-android-users-for-almost-five-years/#ftag=RSSbaffb68
Police Can't Force You To Unlock Your Phone Using Face or Fingerprint Scan
https://bit.ly/2QShnBa
Upgrading An Unsupported Galaxy to Android Pie
https://bit.ly/2RoWzqe
Why you should switch to Signal or Telegram from WhatsApp, Today
https://bit.ly/2RM3GZ8
Does WhatsApp Has A Privacy Bug That Could Expose Your Messages
https://bit.ly/2SUzXL3
Smartphone production decline may allow Huawei to overtake Apple to become world's second largest smartphone brand
https://zd.net/2RQ5Y9F
iOS 12.1: Does your iPhone have a battery problem? (2019 edition)
https://www.zdnet.com/pictures/ios-12-1-does-your-iphone-have-a-battery-problem-2019-edition/#ftag=RSSbaffb68
Unprotected VOIP Server Exposed Millions of SMS Messages, Call Logs
https://bit.ly/2RXzKtm
VOIPO database exposed millions of call and SMS logs, system data
https://www.zdnet.com/article/voipo-database-exposed-millions-of-call-and-sms-logs-system-data/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
賽門鐵克提出2019年資安趨勢預測,物聯網裝置防護成為首要任務
https://ithome.com.tw/news/128327
員工資安教育培訓的四個要點
https://blog.trendmicro.com.tw/?p=58431
前員工監控公司網路的抓包過程
https://bit.ly/2RBqviT
USB組織推出USB Type-C驗證方案,防止惡意USB裝置搞鬼
https://www.ithome.com.tw/news/128108
從資安威脅情資 看企業安全防禦之道
https://www.fisc.com.tw/Upload/2e644695-04a9-44cf-8841-80936503cc5a/TC/9404.pdf
資安是一個過程而非產品
https://bit.ly/2SU73dT
系統又出包 國泰航空頭等艙票價剩1/10
https://www.rti.org.tw/news/view/id/2008162
被抓的駭客與抓人的警察,17年後合作賺資安財
https://futurecity.cw.com.tw/article/444
17歲天才駭客入侵總統府 他被刑事局吸收當顧問
https://udn.com/news/story/7315/3588678
當年建中鬼才 刑事局吸收當「白帽駭客」顧問
https://bit.ly/2FqqyaT
高手曾駭總統府 警借重長才
https://www.chinatimes.com/newspapers/20190112000533-260106
駭入總統府的「超級駭客」蘇柏榕究竟是何許人也?他曾成立靠比特幣付費的台灣最強駭客網站
https://www.limitlessiq.com/news/post/view/id/8458/
40元詐高鐵20萬 駭客天才交保
https://www.chinatimes.com/newspapers/20190112000529-260106
「駭客天才」高鐵購票 花40元欲詐領20萬
https://udn.com/news/story/7321/3588877
張啟元自稱做好事 遭正牌白帽駭客打臉
https://tw.appledaily.com/new/realtime/20190111/1499184/
天才駭客入侵高鐵系統被逮 張啟元嘆:白帽駭客不被認同
https://shareba.com/module/news/303808923013782011.html
張啟元輸慘!「駭客之神」蘇柏榕17歲入侵總統府 警方:2人等級不同
https://bit.ly/2FxdQ9m
張啟元為駭高鐵出面道歉 倡設白帽駭客漏洞平台
https://tw.appledaily.com/new/realtime/20190115/1500874/
兩代天才駭客比一比!當年蘇柏榕駭入總統府網站,張啟元40元買高鐵票…警方:「兩人等級不同!」
http://chinese.efreenews.com/a/daitiancai-kebiyibi-nian-bairong-ru-fu-zhan-yuan40yuan-gao-piao-jingfang-rendeng-butong
警稱不如駭客鬼才 張啟元高EQ回應
https://bit.ly/2H8pvy1
購票APP遭駭客攻擊高鐵:未造成影響將追溯法律責任
https://m.ctee.com.tw/livenews/aj/01112019125314980
「白帽駭客抓漏洞 須對方授意」
https://tw.news.appledaily.com/headline/daily/20190112/38230582/
白帽駭客工作揭密
https://www.limitlessiq.com/news/post/view/id/8482/
「白帽駭客」小檔案
http://news.ltn.com.tw/news/life/paper/1260674
網路世界駭客無所不在
https://udn.com/news/story/7339/3593481?from=udn-catelistnews_ch2
這個118萬成員的Facebook Group竟被hack了!還沒退出的就要趕快了
https://www.twgreatdaily.com/cat98/node1998692
敵暗我明!知名駭客談資安:壞人都在用AI了,好人一定要善用AI!
https://www.cw.com.tw/article/article.action?id=5093746
全球最大線上票務系統Amadeus遭爆存在漏洞可讓駭客變更用戶記錄,近半航空公司遭殃
https://www.ithome.com.tw/news/128279
Flight Booking System Flaw Affected Customers of 141 Airlines Worldwide
https://bit.ly/2FG03xh
Airline Booking System Exposed Passenger Details
https://www.bankinfosecurity.com/airline-booking-system-exposed-passenger-details-a-11952
Amadeus訂票系統惊曝高危漏洞:影響全球近半數航企
https://m.cnbeta.com/view/809545.htm
駭客以ZWSP手法繞過Office 365 安全功能發動網釣攻擊
https://ithome.com.tw/news/128200
香港保安觀察報告 (2018年第四季度)
https://www.hkcert.org/my_url/zh/blog/19011701
中國駭客僞裝成CEO 騙走義商印度分公司1860萬美元
https://www.taiwannews.com.tw/ch/news/3614985
遭中國駭客集團山寨CEO電郵 印度公司13億盧比飛了
https://hk.aboluowang.com/2019/0111/1230492.html
中國駭客組織ART10或曾對日本經團聯發動攻擊
https://bit.ly/2FqyxVA
中國駭客組織網攻美國 網路專家:日本過去也曾受害
http://news.ltn.com.tw/news/world/breakingnews/2671470
聊天對話恐成「間諜行動」證據!美國加州大學警告師生:人在中國不要使用微信、WhatsApp
https://www.storm.mg/article/821018
揭開北韓駭客神秘面紗
https://www.taiwannews.com.tw/ch/news/3615044
南韓國防部遭駭竊取資料
https://ithome.com.tw/news/128315
南韓防衛廳遭駭 北韓是黑手
https://bit.ly/2DbyISa
南韓防衛事業廳30台電腦 遭駭客攻擊
https://udn.com/news/story/6809/3593864
Hackers breach and steal data from South Korea's Defense Ministry
https://www.zdnet.com/article/hackers-breach-and-steal-data-from-south-koreas-defense-ministry/#ftag=RSSbaffb68
吳奕軍專欄:智慧國家新加坡也對駭客無奈
https://www.upmedia.mg/news_info.php?SerialNo=55810
新加坡SingHealth遭駭案,兩名員工因怠忽職守而被革職
https://www.ithome.com.tw/news/128293
新加坡個資外洩案 政府開出逾二千萬罰款
https://www.rti.org.tw/news/view/id/2008369
政府支持的駭客竊取了新加坡總理李顯龍的醫療數據
https://on.wsj.com/2ssBhsE
新保集團網絡遭入侵暴露管理漏洞誰該被“推出午門”
https://www.redants.sg/perspective/story20190111-2298
Firms fined $1M for SingHealth data security breach
https://www.zdnet.com/article/firms-fined-1m-for-singhealth-data-security-breach/#ftag=RSSbaffb68
新加坡150萬名病患個資遭竊 政府開罰74萬美元
https://money.udn.com/money/story/5602/3595660
涉替中國情蒐 波蘭逮捕華為分公司經理
http://ec.ltn.com.tw/article/paper/1260750
華為引資安疑慮 波蘭考慮公部門禁用
https://news.pts.org.tw/article/419574
禁用華為只是資訊戰開端,下一步封殺中國APP
https://tw.appledaily.com/new/realtime/20190115/1501318/
禁華為?波蘭籲北約、歐盟表立場
https://www.chinatimes.com/newspapers/20190114000242-260203
華為5G安全陷漏洞 歐洲各國抵制行動卻爆分歧
https://ec.ltn.com.tw/article/breakingnews/2670483
憂資安漏洞 日NTT擬禁售華為手機
https://news.cts.com.tw/cts/international/201901/201901141948868.html
華為高層 間諜罪被捕 波蘭當局搜索分公司
https://tw.appledaily.com/international/daily/20190112/38230292/
華為代理商:引進台灣產品符合法規
https://money.udn.com/money/story/5612/3593219
加國華為急撇清:不為中國政府當間諜 只遵守加國法律
http://news.ltn.com.tw/news/world/breakingnews/2670007
華為駐波蘭高層涉間諜罪被捕 陸斥抹黑造謠暗指美國是黑手
https://tw.appledaily.com/new/realtime/20190113/1499788/
華為風暴掀全球資安恐慌 訊連搶當人臉辨識本土一哥
https://bit.ly/2CoJRx8
捷克資安當局宣告抵制華為 總理澄清:根本沒有證據
https://www.ettoday.net/news/20190114/1355934.htm
工研院也宣佈禁用!迅速切割在波蘭被逮高管 華為能擺脫涉間諜活動疑雲
https://www.cmmedia.com.tw/home/articles/13826
港府斥176萬採購華為產品 包括存洩密風險路由器 未驗後門程式
https://bit.ly/2MhA0hu
美議員:華為太陽能設備恐遭駭,國家電網安全堪慮
https://technews.tw/2019/01/17/huawei-solar-equipment-may-be-hacked/
美兩黨議員提案 禁止向華為中興售美晶片
http://www.ntdtv.com.tw/b5/20190117/video/238309.html
資安威脅 美德抵制華為
https://bit.ly/2TVwhbR
傳德國將全面禁用華為5G設備
https://times.hinet.net/news/22193649
國安疑慮 德設嚴格門檻 阻擋華為參與德5G建設
https://newtalk.tw/news/view/2019-01-17/195714
美資安公司示警 指伊朗資助駭客、計畫大規模網攻
https://www.ydn.com.tw/News/320362
美國國家網路安全與通訊整合中心 (NCCIC) 關注全球域名系統(DNS)基礎設施劫持 (Hijacking) 活動
https://www.us-cert.gov/ncas/current-activity/2019/01/10/DNS-Infrastructure-Hijacking-Campaign
美國史上最大情報洩密案由俄國破案!這故事要從一條約炮訊息說起
https://buzzorange.com/techorange/2019/01/11/martin-stole-american-intelligence/
美國政府停擺,聯邦網站所使用的逾80個TLS憑證失效
https://www.ithome.com.tw/news/128227
美國政府停擺導致130個聯邦政府網路證書過期,存取網站可能遭受攻擊
https://bit.ly/2CwJ2Th
如不了解駭客手法,怎麼預防駭客攻擊
https://ithome.com.tw/pr/128123
2019最新資安話題:CTIA威脅情資分析專家
https://ithome.com.tw/pr/128122
駭進SEC資料庫從事內線交易的烏克蘭駭客遭美國起訴
https://www.ithome.com.tw/news/128290
美證管會遭駭駭客不當獲利逾410萬美元
https://www.chinatimes.com/realtimenews/20190116005016-260408
Online stores for governments and multinationals hacked via new security flaw
https://www.zdnet.com/article/online-stores-for-governments-and-multinationals-hacked-via-new-security-flaw/#ftag=RSSbaffb68
Hacker behind 'Football Leaks' arrested in Hungary
https://www.zdnet.com/article/hacker-behind-football-leaks-arrested-in-hungary/#ftag=RSSbaffb68
Two Hackers Charged with Hacking SEC System in Stock-Trading Scheme
https://bit.ly/2ASnTmi
Insider Trading: SEC Describes $4.1 Million Hacking Scheme
https://www.bankinfosecurity.com/insider-trading-sec-describes-41-million-hacking-scheme-a-11951
MongoDB "open-source" Server Side Public License rejected
https://www.zdnet.com/article/mongodb-open-source-server-side-public-license-rejected/#ftag=RSSbaffb68
Unpatched vCard Flaw Could Let Attackers Hack Your Windows PCs
https://bit.ly/2QTjQeG
How to Secure Your Mid-Size Organization From the Next Cyber Attack
https://bit.ly/2QTDR4W
Liberian ISP sues rival for hiring hacker to attack its network
https://www.zdnet.com/article/liberian-isp-sues-rival-for-hiring-hacker-to-attack-its-network/#ftag=RSSbaffb68
Hacked Play-with-Docker and Remotely Ran Code on the Host
https://bit.ly/2FsQPoP
These are the courses UK police are set to take in cybersecurity
https://www.zdnet.com/article/these-are-the-courses-uk-police-are-set-to-take-in-cybersecurity/#ftag=RSSbaffb68
Hacker 'BestBuy' sentenced to prison for operating Mirai DDoS botnet
https://www.zdnet.com/article/hacker-bestbuy-sentenced-to-prison-for-operating-mirai-ddos-botnet/#ftag=RSSbaffb68
Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection
https://bit.ly/2FsExgc
Defend from hackers using computer networking fundamentals
https://bit.ly/2FqmTKg
DDoSing Hospital Networks Landed This Hacktivist in Jail for Over 10 Years
https://bit.ly/2RuP6px
Stop Using URL Shorteners In 2019
https://medium.com/millennialbusinessassociation/stop-using-url-link-shortener-in-2019-6dd840e19212
Towards Shorter Encryption Keys
https://medium.com/@borisreitman/towards-shorter-encryption-keys-91fe276aeea2
2019 WILL BE THE YEAR OF INTELLIGENT CYBERCRIME THREATS
https://medium.com/@TriumphCISO/2019-will-be-the-year-of-intelligent-cybercrime-threats-2419575bb4fd
Realtime Face Recognition in the Browser
https://medium.com/@gjovanov/realtime-face-recognition-de1ee3076878
Something to Chat About: Google Code-in 2017 with Zulip!
https://bit.ly/2RverzX
Extracting Secret Test Cases From Google Foobar Challenge
https://blog.usejournal.com/extracting-secret-test-cases-from-google-foobar-challenge-6b0a0bea61c4
Why is my keyboard connected to the cloud
https://www.zdnet.com/article/why-is-my-keyboard-connected-to-the-cloud/#ftag=RSSbaffb68
Windows 10 Expert's Guide: Everything you need to know about BitLocker
https://www.zdnet.com/article/windows-10-experts-guide-everything-you-need-to-know-about-bitlocker/#ftag=RSSbaffb68
Plans and Predictions for Cybersecurity in 2019
https://www.inforisktoday.com/interviews/plans-predictions-for-cybersecurity-in-2019-i-4209
Making the Case for Zero-Trust Security
https://www.inforisktoday.com/interviews/making-case-for-zero-trust-security-i-4214
A security conference will let you hack a Tesla car and earn cash prizes
https://www.zdnet.com/article/a-security-conference-will-let-you-hack-a-tesla-car-and-earn-cash-prizes/#ftag=RSSbaffb68
Zoom, Slack, and Twilio see expense account love from businesses, says Expensify
https://www.zdnet.com/article/zoom-slack-and-twilio-see-expense-account-love-from-businesses-says-expensify/#ftag=RSSbaffb68
GoDaddy removes JavaScript injection which tracks website performance, but might break it too
https://www.zdnet.com/article/godaddy-javascript-injection-tracks-website-performance-but-might-break-it-too/#ftag=RSSbaffb68
DevOps for the hybrid cloud: Red Hat Ansible Tower 3.4
https://www.zdnet.com/article/devops-for-the-hybrid-cloud-red-hat-ansible-tower-3-4/#ftag=RSSbaffb68
Cybercrime Gangs Advertise Fresh Jobs, Hacking Services
https://www.bankinfosecurity.com/cybercrime-gangs-advertise-fresh-jobs-hacking-services-a-11934
UK Sentences Man for Mirai DDoS Attacks Against Liberia
https://www.bankinfosecurity.com/uk-sentences-man-for-mirai-ddos-attacks-against-liberia-a-11933
Microsoft says all U.S. government customers are sanctioned to use Outlook Mobile
https://www.zdnet.com/article/microsoft-says-all-u-s-government-customers-are-sanctioned-to-use-outlook-mobile/#ftag=RSSbaffb68
Getting Smarter About Threat Intelligence
https://www.bankinfosecurity.in/interviews/getting-smarter-about-threat-intelligence-i-4220
Quantum Computing: Sizing Up the Risks to Security
https://www.bankinfosecurity.in/interviews/quantum-computing-sizing-up-risks-to-security-i-4222
Hackers infect e-commerce sites by compromising their advertising partner
https://bit.ly/2RZBToo
New Year, Same Magecart: The Continuation of Web-based Supply Chain Attacks
https://www.riskiq.com/blog/labs/magecart-adverline/
研究人員表示,Fortnite漏洞讓黑客可以訪問數百萬玩家賬號
https://bit.ly/2SZ9jkf
Fortnite Flaws Allowed Hackers to Takeover Gamers' Accounts
https://bit.ly/2QWeb7X
徵才 - 業務助理-資安領域(ISS)
https://www.104.com.tw/job/?jobno=6hls2
徵才- 後端工程師
https://www.yourator.co/companies/GliaCloud/jobs/4716
徵才 - 軟件測試工程師(深圳市錢海電子支付有限公司)
https://www.liepin.com/job/21400889464.shtml
徵才 - Software Engineer - Frontend
https://www.yourator.co/companies/Dinngo/jobs/5580
徵才 - 業務代表_資安系統(18051703A)(業務人員)
https://bit.ly/2AKGroO
徵才 - 福建新大陸支付技術公司2019屆招聘信息
http://jyzd.xmu.edu.cn/platform/require_detail/2877
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
麥當勞訂餐網站會員個資全都露只差金流 業者否認遭駭
https://www.chinatimes.com/realtimenews/20190118004232-260405
7 億個人資料在暗網流出 立即查看你是否受害者
https://bit.ly/2swotle
10億筆電郵帳密遭駭 專家建議一招檢查有無中標
https://udn.com/news/story/7086/3601191
史上最大個資外洩,一口氣曝露來自近3千起攻擊竊取的個資,總計洩露逾27億組電子郵件信箱和密碼
https://www.ithome.com.tw/news/128338
MongoDB資料庫門戶大開,逾2億中國民眾履歷外洩
https://www.ithome.com.tw/news/128225
日厚生勞動省數據疏漏 兩千萬人少領補貼
http://www.hkcd.com/content/2019-01/13/content_1119128.html
研究:抖音收集用戶數據回傳中國 有如另一個華為
https://bit.ly/2QG6QJr
越南控臉書 未移除有害內容
http://www.udnbkk.com/article-271548-1.html
詐騙集團最愛冒用網購平台 「瘋狂賣客」526件居首
http://news.ltn.com.tw/news/society/breakingnews/2669634
防堵高科技廠房機密外洩 RFID、Beacon確實掌握廠內具體動向
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000551707_rwt8x9m9l4f88t8e490hb
全台超過40人被騙!臉書購物「給你看雙證件」...他得手100萬
https://www.ettoday.net/news/20190112/1354537.htm
191名利用網路刷單實施詐騙的嫌犯,從寮國被押解回國
https://news.sina.com.tw/article/20190112/29655868.html
東森、中天報導不實訊息 NCC各罰20萬元
http://www.epochtimes.com/b5/19/1/16/n10979294.htm
「福人幣」遭控詐萬人 業者吸金2億藏中國
https://tw.news.appledaily.com/local/realtime/20190118/1500953/
英國電商軟件Fashion Nexus爆漏洞,多個品牌網站140萬購物者隱私洩露
http://www.100ec.cn/detail--6492041.html
偷換乘客銀行卡取光存款 警偵破的士詐騙集團拘6人
https://bit.ly/2TZE3Sf
Employees sacked, CEO fined in SingHealth security breach
https://www.zdnet.com/article/employees-sacked-ceo-fined-in-singhealth-security-breach/#ftag=RSSbaffb68
Staff Disciplined in Wake of SingHealth Breach
https://www.bankinfosecurity.com/staff-disciplined-in-wake-singhealth-breach-a-11935
The Fine Line Between Government and Data Privacy
https://medium.com/criptext/the-fine-line-between-government-and-data-privacy-6972c350726
Data, Privacy and Power
https://medium.com/predict/data-privacy-and-power-ace9a9ec3415
Over 202 Million Chinese Job Seekers' Details Exposed On the Internet
https://bit.ly/2D7fQDZ
Germany's Mega-Leak Takeaway: Noisy Young Hacker Got Caught
https://www.databreachtoday.com/blogs/germanys-mega-leak-takeaway-noisy-young-hacker-got-caught-p-2704
Why Are We So Stupid About Passwords? German Edition
https://www.bankinfosecurity.asia/blogs/are-we-so-stupid-about-passwords-german-edition-p-2705
Formbook via fake statement of account
https://myonlinesecurity.co.uk/formbook-via-fake-statement-of-account/
The 773 Million Record "Collection #1" Data Breach
https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/
Data Breach Collection Contains 773 Million Unique Emails
https://www.bankinfosecurity.com/blogs/data-breach-collection-contains-773-million-unique-emails-p-2713
E.研究報告
路由器漏洞挖掘測試環境的搭建之問題總結
https://xz.aliyun.com/t/3826
校園伺服器主機群遭受駭客入侵攻擊事件分析報告
https://portal.cert.tanet.edu.tw/docs/pdf/2018122702120303220430325285175.pdf
【茶包射手日記】TransactionScope Oracle 分散式交易故障排除經驗一則
https://bit.ly/2H4UWJl
CRLF注入
https://bit.ly/2CcPIWp
Windows 0day 任意文件覆蓋漏洞分析與驗證
https://www.chainnews.com/articles/664503742972.htm
ThinkPHP5 核心類Request 遠程代碼漏洞分析
https://paper.seebug.org/787/
CVE-2018-8653分析—IE腳本仍存在漏洞威脅
https://xz.aliyun.com/t/3834
精細化掃描XSS 漏洞– 智能化場景分析
https://zhuanlan.zhihu.com/p/54732352
IE VBScript 漏洞之CVE-2018-8174
https://bbs.pediy.com/thread-248930.htm
Nmap掃描漏洞
https://blog.csdn.net/qq_33468857/article/details/86424354
Nmap的漏洞利用腳本初探
https://blog.csdn.net/qq_33468857/article/details/86424291
Springboot之actuator配置不當的漏洞利用
https://www.freebuf.com/news/193509.html
jQuery-File-Upload—三個漏洞的故事
https://xz.aliyun.com/t/3819
Linux中create_elf_tables函数整型溢出漏洞分析(CVE-2018-14634)
https://www.freebuf.com/vuls/192659.html
知道創宇404實驗室2018年網絡空間安全報告
https://paper.seebug.org/788/
在 CentOS 中使用 Fail2ban 阻止暴力攻擊 WordPress
https://www.4rbj4.com/1148
3大Web安全漏洞防禦詳解:XSS、CSRF、以及SQL注入解決方案
http://www.twoeggz.com/news/13142902.html
微軟JET引擎中Msrd3x代碼執行漏洞分析
https://xz.aliyun.com/t/3844
IE脚本漏洞CVE-2018-8653分析
http://www.4hou.com/vulnerable/15756.html
CVE-2017-11882復現及編寫腳本實現自動化
https://xz.aliyun.com/t/3838
路由器漏洞挖掘之棧溢出入門
https://www.anquanke.com/post/id/169689
二進制漏洞挖掘之插樁、靜態分析、調試、模糊測試辨析之二插樁DynamoRIO
https://bbs.pediy.com/thread-248995.htm
利用分塊傳輸吊打所有WAF
https://bit.ly/2AROXlU
TP-Link TL-R600VPN遠程代碼執行漏洞分析
https://www.anquanke.com/post/id/169793
Gradle Plugin Portal:結合點擊劫持和CSRF漏洞實現帳戶接管
http://www.4hou.com/web/15753.html
如何在Windows ALPC中找到本地提權漏洞(CVE-2018-8440分析)
https://zhuanlan.zhihu.com/p/55020544
多種設備基於SNMP 協議的敏感信息洩露漏洞數據分析報告
https://paper.seebug.org/795/
Windows Debugging 101
https://www.exploit-db.com/docs/46169
Bypass Firewalls By DNS History
https://bit.ly/2TLhPTK
Tampering with Windows Event Tracing: Background, Offense, and Defense
https://bit.ly/2slRkZm
The Architecture and History of Git: A Distributed Version Control System
https://bit.ly/2H6x08x
trimstray/the-book-of-secret-knowledge
https://bit.ly/2RH9B1x
How to use Decorators with Factory Functions
https://bit.ly/2Fkjlch
Choosing A Text Editor
https://medium.com/@theoldercoder/choosing-a-text-editor-3e56f71bd636
Zen and the Art of Application Maintenance
https://medium.com/@shawnstafford/zen-and-the-art-of-application-maintenance-a3526766ea07
NewRelic+SpringBoot+Elastic Beanstalk
https://medium.com/@ashishp13/i-just-went-through-the-arduous-task-of-configuring-newrelic-on-aws-eddaf7cffcb6
Handling NetCDF files using XArray for absolute beginners
https://towardsdatascience.com/handling-netcdf-files-using-xarray-for-absolute-beginners-111a8ab4463f
Neatly bypassing CSP How to trick CSP in letting you run whatever you want
https://bit.ly/2T0fynB
PLOT SENSE HAT DATA WITH MATPLOTLIB WITH DASHBOARD PI
https://bit.ly/2TUJ7Hc
The curious case of the Raspberry Pi in the network closet
https://blog.haschek.at/2018/the-curious-case-of-the-RasPi-in-our-network.html?fbclid=IwAR21kzyA6S0fJR_gfkkcZ5QfIlq2i-w2PZoJQu7Th6GS0iJBvNmChml3tTM
F.商業
Device Authority為3D Systems的雲端3D列印服務提供IoT安全方案
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000551566_u1h4xj847jc6mb5f02cif
Reminder: Microsoft to end support for Windows 7 in 1-year from today
https://bit.ly/2HhIEO2
Win7 保安支援結束一年倒數 美保安機構呼籲升級 Win10
https://bit.ly/2MdHSAn
宏碁轉投資全波 進軍IoT
https://www.chinatimes.com/newspapers/20190118000319-260204
台灣有望搶下物聯網通訊主導權 宏碁轉投資推LoRa新技術
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=1&cat=50&id=0000552111_1mn01n3l2g4t8c07cgd5u
合勤科搶攻資安 火力全開
https://bit.ly/2DhptzI
Microsoft's LinkedIn report card: Technology integration continues, but at a slow pace
https://www.zdnet.com/article/microsofts-linkedin-report-card-technology-integration-continues-but-at-a-slow-pace/#ftag=RSSbaffb68
Radware acquires ShieldSquare in botnet, cloud security push
https://www.zdnet.com/article/radware-acquires-shieldsquare-in-cloud-security-push/#ftag=RSSbaffb68
〈免費資安健檢〉Check Point Security CheckUp
http://www.sysage.com.tw/Guest/Promotion/promotionOne.aspx?promoteid=1291
引進人工智慧確保資安與法遵 資料互通滿足多雲環境需求 一體機納入資料管理傘下 軟體定義兼具擴充優勢
https://www.netadmin.com.tw/article_content.aspx?sn=1901030003
Microsoft looks to instill app-compatibility confidence in Windows 7 users with Desktop App Assure
https://zd.net/2SSnXcR
MariaDB unifies its platform
https://www.zdnet.com/article/mariadb-unifies-its-platform/#ftag=RSSbaffb68
WANdisco announces GA of LiveData for MultiCloud
https://www.zdnet.com/article/wandisco-announces-ga-of-livedata-for-multicloud/#ftag=RSSbaffb68
G.政府
保險業跟進開放 需要修法
https://money.udn.com/money/story/5613/3588867
金管會推開放銀行 三路並進
https://money.udn.com/money/story/5613/3588855
金管會:純網銀業務申請 不能補件
https://money.udn.com/money/story/5613/3591703
金管會揭露開放銀行進展,將定API標準,傾向採用自律,由銀行自願參加
https://www.ithome.com.tw/news/128204
金管會鬆綁 信合社可承作非社員3業務
https://udn.com/news/story/11316/3593296
把保單資料權還給保戶 金管會擬建置「保險聯合資訊中心」
https://bit.ly/2RsfMXV
保單刷卡記帳整合一戶頭 馬拉松4小時公聽會把資料權還給人民
https://www.ettoday.net/news/20190111/1354369.htm
搞不清楚買了哪些保險? 金管會將建置「保險聯合資訊中心」
https://www.ettoday.net/news/20190111/1354127.htm
黑機關會監看訊息內容? NCC闢謠
http://news.ltn.com.tw/news/politics/paper/1260944
中國限制網路言論 我外交部長發推特嗆爆:你們在怕什麼
http://news.ltn.com.tw/news/politics/breakingnews/2669200
國軍自創手機APP僅能被動監控 學者憂成資安大漏洞
https://tw.appledaily.com/new/realtime/20190114/1500070/
電展室:資安違規依規定懲處 同時強化資安宣導
https://bit.ly/2H8qrT3
電展室侯姓士官違反資安 法辦汰除
https://bit.ly/2sqD9m4
情蒐單位變軍中樂園 3C達人教你做
https://bit.ly/2AIERDU
台灣的電子腳鐐為什麼這麼不堪一擊
https://tw.appledaily.com/new/realtime/20190113/1500067/
工研院防資安風險 15日中午起內網不支援華為產品
https://www.cna.com.tw/news/firstnews/201901145003.aspx
工研院強化資安控管,華為設備禁連內部網路
https://m.moneydj.com/f1a.aspx?a=a98b7638-0f6e-4a54-a917-437c73785c54
工研院資策會防堵華為 工商界:企業很早就重視資安
https://www.ettoday.net/news/20190116/1357806.htm
禁華為 工研院髮夾彎 下午公告全面禁用 傍晚修正限連內網
https://tw.news.appledaily.com/headline/daily/20190115/38232729/
政院:政府機關公務已禁用中國資通訊產品
https://bit.ly/2FtocIn
政院:各機關已禁用中國資通訊產品 包括華為
https://www.rti.org.tw/news/view/id/2008287
NCC:電信業5G也禁陸製設備
https://www.chinatimes.com/newspapers/20190115000252-260202
中央銀行總裁楊金龍開放改革第三彈!央行龍龍哥,揪民眾FB按讚
https://bit.ly/2D9m3iG
保險理賠與銀行貸款有疑問?金融消費評議中心駐點中市府免費服務
https://www.chinatimes.com/realtimenews/20190115000072-260405
華為遭禁 江啟臣:政治考量或資安要講清楚
http://hk.crntt.com/crn-webapp/touch/detail.jsp?coluid=46&kindid=0&docid=105308106
台灣工研院和資策會下令禁止華為手機接入內網
https://www.voacantonese.com/a/taiwan-agencies-ban-huawei-/4743446.html
禁用華為手機 不如建立精準資安
https://udndata.com/ndapp/udntag/finance/Article?origid=9229393
資策會補槍!跟進工研院禁止華為設備使用內網
https://fnc.ebc.net.tw/FncNews/tech/66891
維護資訊安全 工研院內網不支援華為產品
http://www.worldpeoplenews.com/content/news/313930
工研院禁用華為 防技術及資安外流
http://www.ectimes.org.tw/Shownews.aspx?id=190115204329
維護資安,國研院:阻絕中國製設備使用內網
https://technews.tw/2019/01/16/narlab-prohibited-china-net-equipments-too/
慢半拍?中國資通訊產品不受採用多年 工研院:持華為通訊設備進入辦公院區皆無法連上內網
https://www.fountmedia.io/article/3004
蔡政府加碼 陸續禁用大陸資通產品
http://hk.crntt.com/doc/1053/0/8/7/105308759.html?coluid=93&kindid=19232&docid=105308759
北市府禁用華為?柯文哲:茲事體大 要想一下
https://udn.com/news/story/7323/3596248
加強資安!資策會最快5月列管陸產品用內網
http://www.ustv.com.tw/UstvMedia/news/103/20190116A143
公部門禁華為 業界認太政治
https://www.chinatimes.com/newspapers/20190117000613-260108
華為產品引資安疑慮 陸委會:A級防護、禁用中國產品
https://bit.ly/2RPo6R6
年輕軍官赴美觀察 籲國軍解除於智慧手機安裝軟體限制
https://bit.ly/2RRO1aG
資安疑慮 海基會:與台商「微信」不得涉機敏資訊
http://www.epochtimes.com/b5/19/1/16/n10979839.htm
H.工控系統/ICS/SCADA 安全相關
EVlink Parking充電站安全漏洞可能讓攻擊者控制充電站
http://tech.ifeng.com/a/20190115/45290707_0.shtml
Tenable發布PremiSys門禁系統中安全漏洞的詳細信息
http://www.cnmo.com/news/653498.html
Hard-Coded Credentials Found in ID, Access Control Software
https://www.bankinfosecurity.com/hard-coded-credentials-found-in-id-access-control-software-a-11937
Ockam provides easy to deploy identity, trust, and interoperability for IoT developers
https://www.zdnet.com/article/ockam-provides-easy-to-deploy-identity-trust-and-interoperability-for-iot-developers/#ftag=RSSbaffb68
SIEMENS CP1604和CP1616設備拒絕服務漏洞 CVE-2018-13808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13808
Attacks Against Industrial Machines via Vulnerable Radio Remote Controllers: Security Analysis and Recommendations
https://bit.ly/2SSBj8W
I.教育訓練類
開發人員安全程式學習指南
https://www.gss.com.tw/index.php/focus/security/1912-gss-0160-checkmarx
Naked dynamic array through Python list
https://medium.com/@yasufumy/data-structure-dynamic-array-3370cd7088ec
Computer and Network Security
https://bit.ly/2Rmmsai
Introduction To Python Type Annotations
https://medium.com/@alexmaisiura/introduction-to-python-type-annotations-7e2964e7f464
Learning how to code without the jargon
https://medium.com/@nirajmenon/learning-how-to-code-without-the-jargon-9676a9df1773
Simple Image Steganography in Python
https://hackernoon.com/simple-image-steganography-in-python-18c7b534854f
How to choose a programming language
https://medium.com/@tassiapaschoal/how-to-choose-a-programming-language-180875d9d7bc
How To Create A Serverless REST API Just In Five Minutes!
https://medium.com/@alexmaisiura/how-to-create-a-serverless-rest-api-just-in-five-minutes-5beb93f57514
How to Create A Cloud Dataflow Pipeline Using Java and Apache Maven
https://datascience.com.co/how-to-create-a-cloud-dataflow-pipeline-using-java-and-apache-maven-fc53279e9424
Learn Enough Docker to be Useful
https://towardsdatascience.com/learn-enough-docker-to-be-useful-b7ba70caeb4b
Learning Go — from zero to hero
https://medium.freecodecamp.org/learning-go-from-zero-to-hero-d2a3223b3d86
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
[趨勢情報] 經濟部技術處規劃「AI新創領航計畫」 聚焦AIoT資安與AI高齡醫療
http://www.twiota.org/eventDetails.aspx?id=4a83f2bf-f6e6-412e-a44b-9d58a523a709
特斯拉:黑客如找出旗下汽車軟體漏洞 將獲贈Model 3
https://news.sina.com.tw/article/20190115/29684642.html
挑戰最安全汽車 特斯拉參加駭客大賽
https://bit.ly/2T6Inz7
解讀2018 OWASP TOP10物聯網安全漏洞
http://netsecurity.51cto.com/art/201901/590728.htm
New $16 Raspberry Pi case offers built-in touchscreen for the tiny Linux computer
https://zd.net/2FuvStb
A step-by-step guide to building a simple chess AI
https://medium.freecodecamp.org/simple-chess-ai-step-by-step-1d55a9266977
RASPBERRY PI SUMMER PROJECTS PART 1
https://bit.ly/2QRRfq1
GE is piloting 'humble AI' to introduce business risk to algorithms
https://www.zdnet.com/article/ge-is-piloting-humble-ai-to-introduce-business-risk-to-algorithms/#ftag=RSSbaffb68
Artificial Intelligence in Medicine
https://towardsdatascience.com/artificial-intelligence-in-medicine-1fd2748a9f87
K.CTF
NeverLAN CTF 2019
https://ctftime.org/event/706
STEM CTF: Cyber Challenge 2019
https://ctftime.org/event/661
DEF CON CTF 2019 Quals
https://www.oooverflow.io/dc-ctf-2019-quals/
CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair
https://bit.ly/2CWltVm
Official Website of CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair, Qingdao, China
https://bit.ly/2VnsC8p
International Conference CONSTRUCTIVE THEORY OF FUNCTIONS - 2019 SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/
NeverLAN CTF
https://neverlanctf.com/
6.近期資安活動及研討會
【課程】Webduino x AIoT 影像辨識實作,自製 Camera 雲台機構、實作影像處理與物體追蹤,打造 AIoT 應用 1/19
https://www.techbang.com/posts/63282-course-webduino-x-aiot-image-identification-practice
【講座】2019年5G通訊產業趨勢(台北場) 2019-01-19(六) 18:30 ~ 21:30 (GMT+8)
https://www.accupass.com/event/1811300349581657089441
Binance Blockchain Week Singapore 2019 - Binance Conference 2019-01-21(一) 08:30 ~ 2019-01-22(二) 18:00 (GMT+8)
https://www.accupass.com/event/1812051911121792888735
Taipei 暗号通貨 (Cryptocurrency) Meetup Wednesday, January 23, 2019
https://bit.ly/2VgDPr1
Deep Learning Conversations and the Happy Hour Wednesday, January 23, 2019
https://www.meetup.com/Deep-Learning-Conversations/events/vqkwnqyzcbfc/
Taipei.py 一月月會 (Monthly Meeting) 2019 Thursday, January 24, 2019
https://www.meetup.com/Taipei-py/events/257299890/
程式不再是風潮,是未來趨勢【7年級以上.國高中】C++程式設計專題班 2019-01-21 ~ 2019-01-30
https://www.accupass.com/event/1810250742361123352640
超強區塊鏈應用開發實戰課程(週六班) 2019-01-26(六) 13:00 ~ 17:00 (GMT+8)
https://www.accupass.com/event/1812030821059275625140
第二屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會 2019-02-20(三) 09:00 ~ 17:30 (GMT+8)
https://www.accupass.com/event/1811190218087771003780
【PowerPoint簡報極限使用】2月主題:十倍速PPT製作 2019-02-20(三) 19:00 ~ 22:00 (GMT+8)
https://www.accupass.com/event/1810161307265689597830
iTHome 台灣雲端大會 Cloud Summit 2019 Call for paper 截止日 2 月 22 日
https://cloudsummit.ithome.com.tw/cfp/
iTHome 台灣雲端大會 Cloud Summit 2019 2019年 5 月 15 日 (三) 09:00~17:00
https://cloudsummit.ithome.com.tw/
Splunk .conf 19 10/21 ~ 10/24
https://conf.splunk.com/
沒有留言:
張貼留言