2019年2月1日 星期五

資安事件新聞週報 1/28 ~ 2/1

資安事件新聞週報  1/28  ~  2/1
1.重大弱點漏洞
偷窺別人隱私! 陸媒揭「智慧攝影機」漏洞
https://bit.ly/2FPiX5O
防毒軟體反成駭客入口,研究人員揭露ZoneAlarm的權限擴張漏洞
https://www.ithome.com.tw/news/128468
APT/APT-GET RCE Vulnerability (CVE-2019-3462) Handling Guide
https://nsfocusglobal.com/apt-RCE-Vulnerability-Handling-Guide
phpMyAdmin 多個漏洞
https://www.auscert.org.au/bulletins/74738
蘋果官方再次致謝,360成就史上最強“漏洞挖掘大滿貫”
http://www.360.cn/n/10560.html
Apple 發佈多個安全性弱點
https://support.apple.com/en-us/HT201222
蘋果 iOS 零日資料洩露漏洞
https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/
Apple Facetime資訊洩露漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1415
macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics
https://www.exploit-db.com/exploits/46300
macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic
https://www.exploit-db.com/exploits/46299
Microsoft Exchange Server提升權限漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1414
Spring Framework多個漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1413
SQLite被曝漏洞 90%以上設備可能受影響
https://ek21.com/news/tech/47911/
phpMyAdmin 4.8.5 發布,修復重要安全漏洞
https://static.oschina.net/news/103967/phpmyadmin-4-8-5-released
研究人員呼籲WordPress用戶直接砍掉有眾多漏洞的Total Donations外掛
https://www.ithome.com.tw/news/128534
能在 Linux 環境執行 Windows 程式的 Wine 推出4.0更新,支援 Vulkan、Direct3D 12等 API
https://bit.ly/2RY7449
Cisco SD-WAN 存在安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo
Oracle CVE-2018-3311
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-3311
Oracle CVE-2019-2437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2437
Oracle  CVE-2019-2511
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2511
One... Two... Three Micropatches For Three Windows 0days
https://bit.ly/2Ul6IRE
Vulnerabilities Management — 5 Ways to Find and Fix Open Source Vulnerabilities
https://levelup.gitconnected.com/vulnerabilities-management-5-ways-to-find-and-fix-open-source-vulnerabilities-ad4c046eb88
WordPress sites under attack via zero-day in abandoned plugin
https://www.zdnet.com/article/wordpress-sites-under-attack-via-zero-day-in-abandoned-plugin/#ftag=RSSbaffb68
UEFI vulnerabilities classification focused on BIOS implant delivery
https://medium.com/@matrosov/uefi-vulnerabilities-classification-4897596e60af
Vulnerability Spotlight: Python.org certificate parsing denial-of-service
https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html
Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities
https://blog.talosintelligence.com/2019/01/multiple-wibu-system-vulnerabilities.html
New Exploit Threatens Over 9,000 Hackable Cisco RV320/RV325 Routers Worldwide
https://bit.ly/2RUoz5b
Millions of PCs Found Running Outdated Versions of Popular Software
https://bit.ly/2G7PbJ2
Microsoft Exchange vulnerable to 'PrivExchange' zero-day
https://www.zdnet.com/article/microsoft-exchange-vulnerable-to-privexchange-zero-day/#ftag=RSSbaffb68
Ubuntu 18.04 needs patching
https://www.zdnet.com/article/ubuntu-18-04-needs-patching/#ftag=RSSbaffb68
Ubuntu 18.04 修復Linux 內核的11 個漏洞
https://www.oschina.net/news/104104/ubuntu-18-04-lts-to-patch-11-flaws
Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5
https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-multiple_30.html
Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities
https://blog.talosintelligence.com/2019/01/vulnerability-deep-dive-tp-link.html
HPE XP7 Automation Director身份驗證繞過漏洞
https://support.hpe.com/hpsc/doc/public/display?docId=hpesbst03879en_us
IIoT Monitor路徑遍歷漏洞
https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-354-03-IIoT+Monitor.pdf&p_Doc_Ref=SEVD-2018-354-03
YesLogic Pty PrinceXML 跨站脚本漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19858
ARM Trusted Firmware-A 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19440
賽亞安全2018年網絡安全大事記——漏洞事件篇
http://www.twoeggz.com/news/13402991.html
LibVNC 緩衝區錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20748

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
FinTech趨勢難擋!日本銀行與金融IT業者開始走向雲端平台
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000552433_TKQ5UU8N2LBWRE4Z13BLA
實支實付150萬卻只賠3萬 產險得全認賠只因業務員LINE錯
https://www.ettoday.net/news/20190128/1367305.htm
香港金管局:今年重點監察銀行網絡保安
https://m.mingpao.com/fin/instantf2.php?node=1548321605925&issue=20190124
春節長假 財金公司提醒:使用ATM時謹記五口訣
https://udn.com/news/story/7239/3620375
香港證監會及港交所  取消人手處理程序 最快2022年推證券無紙化
http://www.hkcd.com/content/2019-01/29/content_1121981.html
花旗銀行驚爆大當機! 客戶存款全部歸零
https://www.ettoday.net/news/20190130/1369365.htm
當機存款歸零 花旗:客戶權益不受影響
https://bit.ly/2D05X9A
存款忽消失 花旗出包 系統過帳檔案沒傳成功「還好錢都在」
https://tw.appledaily.com/headline/daily/20190131/38247259/
花旗銀系統當機客戶存款歸零 業者:已解決不影響客戶權益
https://tw.finance.appledaily.com/realtime/20190130/1510044/
花旗銀行存戶存款歸零驚魂 金管會:檔案未傳輸成功所致
https://www.cmoney.tw/notes/note-detail.aspx?nid=157783
花旗客戶存款歸零 找到原因了 批次作業檔案傳輸未成功
https://bit.ly/2sW9hxW
【花旗銀大當機】過帳交易客戶存款變負數 下午2點20順利解決
https://tw.appledaily.com/new/realtime/20190130/1510044/
Citibank admits glitch led to account balance errors
http://www.taipeitimes.com/News/biz/archives/2019/01/31/2003708948
境外網購交易遭取消 照收刷卡海外手續費
https://bit.ly/2RYl65J
FBI在佛州發現挖向銀行的祕密地道
http://www.epochtimes.com/b5/19/1/30/n11013871.htm
國際金融支付網路「SWIFT」宣布:將與銀行區塊鏈聯盟「R3」整合
https://www.blocktempo.com/swift-ceo-reveals-plans-to-integrate-blockchain-consortium-r3s-corda-tech/
香港科技園與騰訊合作推動香港金融科技
https://unwire.pro/2019/02/01/hkstp-tencent-collab/news/
金融資安資訊分享與分析中心(F-ISAC)近期國際駭客入侵事件樣態及資安防護注意事項
https://law.fsc.gov.tw/law/Download.ashx?FileID=17982
海通證券四川兩宗違法遭罰40萬 客戶身份識別現漏洞
https://news.sina.com.tw/article/20190131/29913388.html
土銀行庫用戶注意!年前交易量暴增 網銀、APP全塞住
https://tw.appledaily.com/new/realtime/20190201/1511760/
徵才 - 108公股銀行退休潮,預計徵才近千人,月薪3萬起,想銀趁現在
http://m.ltn.com.tw/news/politics/breakingnews/2683812
徵才 - LINE Pay【線上支付】客服專員(日班/無銷售)
https://www.104.com.tw/job/?jobno=6hrmb
徵才 - 中信金儲備幹部徵才 預計招募逾60名菁英
https://money.udn.com/money/story/5613/3625962
Millions Of Secret Bank Records Leak Online
https://www.cybersecurityintelligence.com/blog/millions-of-secret-bank-records-leak-online--4073.html
DCI publishes list of 130 suspected bank hackers 
https://www.nation.co.ke/news/DCI-releases-names-of-130-wanted-bank-hackers/1056-4957726-jo1hb7/index.html
UK Link unveils 'super premium' fee for ATMs in underserved areas
https://www.atmmarketplace.com/news/uk-link-unveils-super-premium-fee-for-atms-in-underserved-areas/

3.電子支付/電子票證/行動支付/ 新聞及資安
商銀信支付平台被爆出重大安全漏洞被竊取超千萬元
http://paynews.net/article-36738-1.html
銀通研手機掃QR code提款
https://hk.finance.appledaily.com/finance/daily/article/20190128/20600937
日本政府拚觀光 大力推廣無現金支付
https://money.udn.com/money/story/5602/3617996
支付寶和微信將成日本街機巨頭世嘉科樂美首選付款系統
https://news.sina.com.tw/article/20190125/29840370.html
阿里巴巴羅漢堂首份研究報告 探討數字技術
https://udn.com/news/story/7238/3618299
LINE Pay推2項新功能 擴大行動支付規模
https://bit.ly/2UoeKJK
中華電信與一卡通合推行動支付收款機服務
https://bit.ly/2G6cJOc
活動公關公司錢包印上RGB:雷蛇推出電子支付服務Razer Pay 雷蛇 電子支付 服務
https://bit.ly/2TlMA1G
奈及利亞央行 行動支付服務 開放電信加入
https://money.udn.com/money/story/5602/3615122
汽車娛樂系統漸整合語音控制及行動支付
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000552409_KCZ56GK1L03F87LC991KT
新加坡政府電子支付能力排名全球第八
http://sg.mofcom.gov.cn/article/dtxx/201901/20190102831567.shtml
South Korean Android delivery apps found to be leaking passwords and financial data 
https://rainbowtabl.es/2019/01/25/zcall-data-leak/

4.虛擬貨幣/區塊鍊   新聞及資安
到底是誰偷的!兩大駭客集團竊走10億美元加密貨幣
https://bit.ly/2MHy16d
駭客去年偷走17億美金的加密貨幣
https://www.ithome.com.tw/news/128539
被盜走 1675 ETH!紐西蘭加密貨幣交易所Cryptopia再次出現安全漏洞
https://news.sina.com.tw/article/20190130/29896646.html
區塊鏈技術開發:堵不住的漏洞
http://blog.51cto.com/13900810/2346273
挖礦瘋 讓科技麻瓜變新貴
https://udn.com/news/story/6811/3617976
Coinstar 售貨亭現可用美元紙幣兌換比特幣,使用者吐槽交易貴太貴
https://bit.ly/2B7KBHg
MaiCoin 集團創辦人 Alex 與您分享 2019年虛擬貨幣產業新展望
http://news.knowing.asia/news/fad45b87-613a-45e3-a0b3-6a786a168cc0
反美霸權?伊朗將推出國家支持的加密貨幣
https://news.sina.com.tw/article/20190128/29865938.html
〈區塊鏈大應用〉小摩:區塊鏈正取得進展 將為支付系統帶來改進
https://news.cnyes.com/news/id/4275573
伊朗央行報告:伊朗可能禁止比特幣支付
http://news.knowing.asia/news/3e3eadaf-269a-418c-9242-b3d91f4b944b
2018 年,遭到龐氏騙局、駭客攻擊等非法手段所遺失的密碼貨幣共值「17億美元」
https://www.blocktempo.com/research-reveals-17-billion-obtained-via-crypto-thefts-and-scams-in-2018/
LocalBitcoins blames security breach on forum 'third-party software'
https://www.zdnet.com/article/localbitcoins-blames-security-breach-on-forum-third-party-software/#ftag=RSSbaffb68
Bitcoin ATM company strikes placement deal with Simon malls
https://www.atmmarketplace.com/news/bitcoin-atm-company-strikes-placement-deal-with-simon-malls/
A Miner Decline: The Surprising Slowdown of Cryptomining
https://www.webroot.com/blog/2019/01/28/a-miner-decline-the-surprising-slowdown-of-cryptomining/
Cryptocurrency Money Laundering: Alarming New Trends
https://www.bankinfosecurity.in/interviews/cryptocurrency-money-laundering-alarming-new-trends-i-4235

5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體
惡意程式藏身圖片,劫持500萬蘋果用戶流量
https://www.ithome.com.tw/news/128461
勒索病毒又進階 近期猛攻擊亞洲
http://news.ltn.com.tw/news/society/paper/1264257
瑞星發佈2018年網路安全報告:挖礦病毒與勒索病毒一體化趨勢明顯
https://news.sina.com.tw/article/20190127/29856614.html
驚! 新一波勒索病毒又來 直接刪除用戶檔案
https://news.ebc.net.tw/News/society/150190
勒索病毒又來了 金額提高15倍
https://newtalk.tw/news/view/2019-01-27/200453
台灣是重點感染區!比 WannaCry 更兇猛的勒索型病毒 Mongo Lock 來襲
https://buzzorange.com/techorange/2019/01/28/mongo-lock/
AV-TEST 公佈 2018 年 12 月 Windows 10 資安防毒軟體排行榜
https://bit.ly/2HIdhMV
全球性的勒索軟體攻擊最高可造成逾1,900億美元的經濟損失
https://www.ithome.com.tw/news/128555
Google Play出現惡意相機程式
https://bit.ly/2sY5ksD
惡意軟體鎖定Mac用戶,加密貨幣錢包、Chrome密碼、iPhone訊息全都偷
https://www.ithome.com.tw/news/128592
擷取桌面截圖的JobCrypter勒索病毒變種,索1,000 歐元贖金
https://blog.trendmicro.com.tw/?p=59240
遍及93國,竊取 377 種銀行應用程式個資的Anubis 銀行木馬,偽裝匯率轉換和電池節能app,利用動作感應資料躲避偵測
https://blog.trendmicro.com.tw/?p=59014
資料竊取惡意軟體 FormBook 再次透過免費檔案儲存空間肆虐
https://twcert.org.tw/subpages/securityInfo/hackevent_details.aspx?id=894
Fileless Malware: What Mitigation Strategies Are Effective
https://www.bankinfosecurity.com/fileless-malware-what-mitigation-strategies-are-effective-a-11975
New malware found using Google Drive as its command-and-control server
https://staticnetworks.com/new-malware-found-using-google-drive-as-its-command-and-control-server/
1/24/19 DarkHydrus APT Uses Google Drive | AT&T ThreatTraq
https://www.youtube.com/watch?v=eLGbkL44CQk
GandCrab ransomware and Ursnif virus spreading via MS Word macros
https://bit.ly/2sNd9kO
New Russian Language Malspam is delivering Redaman Banking Malware
https://securityaffairs.co/wordpress/80252/malware/redaman-banking-trojan.html
Malspam Campaign Targeting Russian Speakers with Redaman Malware
https://bit.ly/2ThzjaD
Banking Malware Redaman continues to strike
https://latesthackingnews.com/2019/01/25/banking-malware-redaman-continues-to-strike/
Redaman Banking Trojan
https://www.enigmasoftware.com/redamanbankingtrojan-removal/
This malware uses debt to prey on banking victims
https://www.satoshinakamotoblog.com/this-malware-uses-debt-to-prey-on-banking-victims
Ongoing Campaign Delivers Redaman Banking Trojan
https://www.securityweek.com/ongoing-campaign-delivers-redaman-banking-trojan
Redaman Spams Russian Banking Customers with Rotating Tactics
https://threatpost.com/redaman-spams-russian-banking-customers-with-rotating-tactics/141129/
Hackers Delivering Redaman Banking Malware Disguising as a PDF Document
https://threatravens.com/hackers-delivering-redaman-banking-malware-disguising-as-a-pdf-document/
Hackers Delivering Redaman Banking Malware Disguised as a PDF Document
https://www.cwenterprises.co.uk/hackers-delivering-redaman-banking-malware-disguised-as-a-pdf-document/
Trickbot Banking-Trojaner
https://it-service.network/blog/2019/01/23/trickbot/
Banking trojan Emotet is back in a new form
http://cyber.tn/?p=7799
Android WARNING: Google Play Store apps loaded with SNEAKY strain of malware
https://www.express.co.uk/life-style/science-technology/1077949/Android-warning-Google-Play-Store-apps-sneaky-malware-January-27
This Trojan infects Chrome browser extensions, spoofs searches to steal cryptocurrency
https://www.zdnet.com/article/razy-infects-legitimate-browser-extensions-to-steal-cryptocurrency/#ftag=RSSbaffb68
This malware uses debt to prey on banking victims
https://www.zdnet.com/article/this-malware-uses-debt-to-prey-on-banking-victims/#ftag=RSSbaffb68
Cisco AMP tracks new campaign that delivers Ursnif
https://blog.talosintelligence.com/2019/01/amp-tracks-ursnif.html
What we learned by unpacking a recent wave of Imminent RAT infections using AMP
https://blog.talosintelligence.com/2019/01/what-we-learned-by-unpacking-recent.html
GandCrab ransomware and Ursnif virus spreading via MS Word macros
https://bit.ly/2sUhXoI
Redaman Banking Trojan of 2015 Resurrects, Targets Russian Email Users
https://hackercombat.com/redaman-banking-trojan-of-2015-resurrects-targets-russian-email-users/
Redaman Banking Malware Spread
http://www.hackbusters.com/news/stories/4302927-redaman-banking-malware-spread
Trickbot Banking Trojan: A deep insight into the banking trojan’s redirections attacks
https://cyware.com/news/trickbot-banking-trojan-a-deep-insight-into-the-banking-trojans-redirections-attacks-228cbeb0
Emotet: A veritable Swiss Army knife of malicious capabilities
https://www.helpnetsecurity.com/2019/01/29/emotet/
Pylocky Unlocked: Cisco Talos releases PyLocky ransomware decryptor
https://blog.talosintelligence.com/2019/01/pylocky-unlocked-cisco-talos-releases.html
Fake Cisco Job Posting Targets Korean Candidates 
https://blog.talosintelligence.com/2019/01/fake-korean-job-posting.html
라자루스 APT 조직, 오퍼레이션 익스트림 잡(Operation Extreme Job)으로 공격 수행
https://blog.alyac.co.kr/2105
Analysis of NetWiredRC trojan
https://bit.ly/2RXbp7E
Trojan Emotet and Ryuk ransomware attack companies
https://www.helvetia.com/ch/web/en/about-us/blog-and-news/guides/expert-tipps/2019/malware-emotet-ryuk.html
IoT botnet used in YouTube ad fraud scheme
https://www.zdnet.com/article/iot-botnet-used-in-youtube-ad-fraud-scheme/#ftag=RSSbaffb68
FBI Mapping 'Joanap Malware' Victims to Disrupt the North Korean Botnet
https://bit.ly/2Wz9e8Q

B.行動安全 / iPhone / Android /穿戴裝置 /App
【實用 App 2019】有哪些對生活有意義的 App
http://blog.accupass.com/2019_life_apps.html
各家手機都在蒐集資料 維護資安你可以這樣做
https://www.cna.com.tw/news/firstnews/201901250314.aspx
各家手機都在蒐集資料 維護個人資安你可以這樣做
https://www.ccyp.com/ccypContents?content_id=145100
【李忠憲觀點】為什麼禁止華為等中國製手機
https://www.ithome.com.tw/guest-post/128454
台灣大學教授指華為手機暗藏後門 勿貪小便宜中招
https://ezone.ulifestyle.com.hk/article/2260264
不要貪小便宜買華為手機,學者:資料就是金錢
https://technews.tw/2019/01/25/data-is-money/
華為的手機安全嗎?駭客可能怎麼竊取你手上的資料
https://www.thenewslens.com/article/112831
便宜的最貴!學者揭密華為手機藏後門
https://bit.ly/2CMnlyE
中國手機涉資安風險 台學者:不要貪小便宜
http://www.epochtimes.com/b5/19/1/29/n11009763.htm
不只華為 手機只要上網就會洩露這些祕密
https://udn.com/news/story/7240/3614816
手機資安的重點在 APP
https://www.hi-on.org/article-single.php?At=58&An=174088
大陸手機會回傳資料?用大陸品牌手機會有資安疑慮
https://bit.ly/2sR3yJQ
成大資安中心主任李忠憲教授告訴你,為什麼所有中國製的手機和智慧家電設備通通不能買不能用
https://cofacts.g0v.tw/article/2wa160wyvu681
何時禁止中國品牌手機
https://wp.taronews.tw/2019/01/28/238660/
首款 iOS 12~12.1.2 原生越獄 OsirisJailbreak12 釋出!僅適合開發者運用
https://mrmad.com.tw/osirisjailbreak12
別亂下載美肌APP 資安業者:小心個資遭竊
http://ec.ltn.com.tw/article/breakingnews/2689875
香港地區 Google Play 商店應用程式保安風險報告 (2019年1月)
https://www.hkcert.org/my_url/zh/blog/19013101
繞過App Store審查 濫用測試機制 「fb研究」蒐私隱 蘋果煞停
https://hk.news.appledaily.com/international/daily/article/20190201/20603995
You may want to disable Apple FaceTime this week: Callers can listen and view without your consent
https://zd.net/2FTXTeA
Chinese Hacker Publishes PoC for Remote iOS 12 Jailbreak On iPhone X
https://bit.ly/2MywcZ6
iOS 12.1.2 越獄漏洞Chaos被公開釋出! 讓A12處理器也能實現網頁越獄
https://mrmad.com.tw/sorrymybad-ios1212-remote-jailbreak-poc
FB‧WhatsApp‧Instagram 通訊功能擬大合併!用家發起杯葛
https://bit.ly/2sRs1P4
不只手機!支持台獨被捕入獄的人驚爆:這軟體被監控
http://news.ltn.com.tw/news/world/breakingnews/2683731
英國電信獲陸首張外資許可證
https://www.chinatimes.com/newspapers/20190127000108-260301
iPhone 變成竊聽器!FaceTime 有大漏洞,打個電話就可以竊聽你
https://buzzorange.com/techorange/2019/01/29/iphone-wiretap/
BT first foreign telecom company to secure China licenses
https://www.zdnet.com/article/bt-first-foreign-telecom-company-to-secure-china-licenses/#ftag=RSSbaffb68
台灣10大手機品牌年度排名出爐!它首度搶進前五大、擠下 HTC
https://bit.ly/2sPxKF2
不怕資安漏洞 怎麼摔都不怕 三星這款軍規手機將上市
https://bit.ly/2CSxl9v
再嚴密的技術審查也難以保證資訊安全,那該如何信任你的手機
https://technews.tw/2019/01/30/whether-the-government-needs-to-ban-mobile-phones/
IG傳全球大當機 故障原因不明
https://bit.ly/2sZD3Sk
阿聯酋雇前美國特工駭客,實行大規模 iPhone 監控
https://www.inside.com.tw/article/15479-uae-used-cyber-super-weapon-to-spy-on-iPhones-of-foes-Project-Raven
Singapore unveils implementation guides, forms industry committee to boost telecom security
https://zd.net/2FVLre7
Apple Rushes to Fix Serious FaceTime Eavesdropping Flaw
https://www.bankinfosecurity.com/apple-rushes-to-fix-serious-facetime-eavesdropping-flaw-a-11978
Facebook Paid Teens $20 to Install 'Research' App That Collects Private Data
https://bit.ly/2UyBVBf
Facebook slammed over covert app that pays teenagers for data
https://www.zdnet.com/article/facebook-slammed-over-vpn-research-project-that-rewards-teens-for-data/#ftag=RSSbaffb68
iCloud Possibly Suffered A Privacy Breach Last Year That Apple Kept a Secret
https://bit.ly/2BbsVuq
Various Google Play “Beauty Camera” Apps Sends Users Pornographic Content
https://bit.ly/2SfFO0b
New security flaw impacts 5G, 4G, and 3G telephony protocols
https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-telephony-protocols/#ftag=RSSbaffb68

C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
《要塞英雄》出現漏洞!Check Point 揭露駭客可盜取玩家帳號、資料與遊戲貨幣
http://technews.tw/2019/01/30/check-point-fortnite-hacker/
駭客如何在地下市場賺黑心錢
https://blog.trendmicro.com.tw/?p=58509
強化DNS安全,三大公共DNS服務商將在2月1日測試EDNS協定
https://www.ithome.com.tw/news/128576
資安需求引爆
https://magazine.chinatimes.com/moneyweekly/20190131002440-300201
資安威脅層出不窮,企業該如何填補資安漏洞
https://bit.ly/2MLMxdi
資通設備禁令紛爭下,你該具備的資安意識
http://technews.tw/2019/02/01/important-of-security-awareness/
多層次資安情資與分析
https://scitechvista.nat.gov.tw/c/sTVR.htm
谷歌地圖免費又實用?你付出的代價恐超乎預期
https://ubrand.udn.com/ubrand/story/11815/3619481
前Google女主管 挖出網路酸民真面目
https://udn.com/news/story/6812/3620101
眼見不為憑!深偽影片流竄 人人都可能是受害者
https://www.rti.org.tw/news/view/id/2009932
利用AI工具換臉!「深偽影片」成為新國安威脅
https://bit.ly/2RpW8XO
DNS Flag Day (20190201) 應變通知
https://tp2rc.tanet.edu.tw/node/296
Cyber Alert: DNS Flag Day
https://www.cisecurity.org/ms-isac/cyber-alert-dns-flag-day/
DNS flag day 2019
https://dnsflagday.net/
MS-ISAC Releases Advisory on DNS Flag Day
https://www.us-cert.gov/ncas/current-activity/2019/01/30/MS-ISAC-Releases-Advisory-DNS-Flag-Day
國際DNS服務2月1日升級測試 9%使用者不改設定恐連線失敗 中華電用戶不受影響
https://bit.ly/2RrNwQv
高職畢自學駭客 癱瘓第一金、勒索10公司
https://bit.ly/2CPDeo1
在「暗網」之前,你知道「明網黑市」的存在嗎
http://news.knowing.asia/news/dff55b57-f669-4ba9-a6bf-a21b841eb5b1
百度掩耳盜鈴 隱藏百家號網址
https://hk.news.appledaily.com/international/daily/article/20190126/20599325
安全公司Avast 報告指 電腦用戶很多人忽視了這一項安全風險
https://www.gameapps.hk/news/31883/Computer-update-protect
駭客攻擊新手法 資安專家:晶片內藏惡意程式
http://www5.cna.com.tw/news/afe/201901240379-1.aspx
使用中國科技產品 學者:當了間諜也不知
http://www.epochtimes.com/b5/19/1/25/n11001382.htm
HiNet代管網站傳遭惡意攻擊 中華電:隨時做好資安監控
https://www.ettoday.net/news/20190125/1365469.htm
資安堪憂! Vodafone加入封殺華為
https://news.cts.com.tw/cts/international/201901/201901251950133.html
全球第二大行動通訊商沃達豐 加入封殺華為
https://www.chinatimes.com/newspapers/20190128000288-260202
禁用華為杞人憂天?專家分析:資料將被中國看光光
https://bit.ly/2G0FYC5
聯絡人叫「David」華為就偷不到資料?杜先生把中國資通訊想得太簡單了
https://www.thenewslens.com/article/112723
堅決反對使用中資產品!翟本喬曝關鍵原因
http://news.ltn.com.tw/news/politics/breakingnews/2683812
背書華為後門說 綠學者無實據
https://www.chinatimes.com/newspapers/20190127000110-260301
便宜的最貴! 成大電機系教授點出為何要禁用華為
https://udn.com/news/story/6656/3613743
WSJ:美國認定從背景資料、即可知華為有間諜嫌疑
https://bit.ly/2HNv2un
一個月60億次網攻 禁華為剛好而已
https://taronews.tw/2019/01/25/237505/
全球擋華為 學者:台灣在最前線卻最落後
http://www.epochtimes.com/b5/19/1/27/n11005267.htm
不用再瞎禁中國通訊設備 先看各國的資安防護安全標準
https://bit.ly/2MB2ItN
華為資安疑慮 索羅斯警告:小心中國吃掉5G市場
https://bit.ly/2TjQ44L
政府禁用華為 翟神:只要華為交出原始碼檢查、我就能接受
https://tw.appledaily.com/new/realtime/20190126/1508036/
資安發言惹議 張善政邀網友和翟本喬對談
https://udn.com/news/story/7314/3620540
紐時:華為網控程式碼,可遠端引導資訊流
https://technews.tw/2019/01/28/huawei-can-remotely-guide-information-flow/
華為有望突破包圍網?「五眼」這國保證公平對待
https://www.chinatimes.com/realtimenews/20190126002219-260408
擔心5G設備遭滲透? 華為晶片早就遍布美國6成監視器
https://udn.com/news/story/6811/3621453
華為"裝後門"竊密?! 總部疑在深圳
https://news.cts.com.tw/cts/international/201901/201901291950480.html
華為資安論戰延燒臉書 挺美、挺中網友大打口水戰
https://newtalk.tw/news/view/2019-01-30/201859
禁止華為,歐洲的 5G 發展將延遲兩年!歐洲該如何在資安與發展間取捨
https://buzzorange.com/techorange/2019/01/30/huawei-ban-slow-down-5g-develpoment/
只有華為危險嗎
https://udn.com/news/story/7338/3622061
華為禁不禁 資訊人吵什麼
https://tw.appledaily.com/new/realtime/20190129/1509412/
批評禁用華為、期待中國灑錢 不是傻就是壞到拖人下水
https://newtalk.tw/news/view/2019-01-29/201638
華為資安引戰 杜紫宸轟林智群「別再秀白癡了,好嗎?」
https://udn.com/news/story/6656/3622581
80年代資安專家誤認「特殊關係」 臉書、PTT網友爭相補刀
https://taronews.tw/2019/01/30/241653/
華為手機很可怕?以色列駭客:從掃地機器人到iPhone,都會被駭
https://www.cw.com.tw/article/article.action?id=5093940
資安疑慮 歐盟考慮5G建設禁用華為設備
https://money.udn.com/money/story/5599/3624764
構成資安威脅!捷克財政部突改規定 「6億標案」禁華為參與
https://www.ettoday.net/news/20190131/1370552.htm
華為資安風暴持續延燒 使用者如何自保
https://news.wearn.com/c141087.html
居安思「為」 台灣是否應禁用華為設備
https://bit.ly/2MIMjn4
掩蓋陸手機資安影響 資安專家:媒體幫腔唱紅打美
https://bit.ly/2WB5LqC
台灣有本錢加入「新八國聯軍」
https://udn.com/news/story/7339/3622044?from=udn-hotnews_ch2
資安懶人包|不用華為手機,是資安還是政治問題?翟神、駭客、張善政、專家想得都不一樣
https://futurecity.cw.com.tw/article/476
站穩國際不被欺負資安很重要 張善政直播:台灣要提高警覺
https://boba.ettoday.net/video/247/284/136753
批踢踢創始神說話了:不注重中國手機危害「是奇特奴才現象」
https://tw.appledaily.com/new/realtime/20190131/1510781/
王偉晶間諜案發酵 波蘭調查指向軍方漏洞
https://bit.ly/2RliFF0
著眼多領域作戰 美低調成立首支I2CEWS營級分遣隊
https://bit.ly/2FU1c5z
委內瑞拉半數人口受「祖國卡」監控 中興提供技術
https://www.secretchina.com/news/b5/2019/01/28/883169.html
看看委內瑞拉輸入中共黑科技的下場
https://www.upmedia.mg/news_info.php?SerialNo=56961
射EMP核彈癱瘓台灣?美國會報告驚爆中國新武器
http://news.ltn.com.tw/news/world/breakingnews/2683635
防東奧駭客比較重要!日政府允許官員「入侵」民眾設備,不顧民怨強硬執行、保網路安全
https://www.storm.mg/lifestyle/886024
東奧防駭,日政府允許官員「入侵」民IoT設備
https://bit.ly/2UoDtgN
日強化網路安全 將對2億個連網裝置總體檢
https://www.rti.org.tw/news/view/id/2009869
為確保 2020 東奧安全,日本政府入侵私人物聯網裝置測試密碼強度
https://technews.tw/2019/01/30/japanese-government-hack-into-citizens-iot-devices-for-2020-tokyo-olympic/
美點名中俄網路威脅歷來最大 經濟間諜幾全涉中國
https://newtalk.tw/news/view/2019-01-30/201791
川普被自家情報頭子打臉!國家情報總監國會作戰:伊斯蘭國未被消滅、北韓不太可能放棄核武
https://www.storm.mg/article/892148
美情報巨頭警告:中俄間諜活動歷來之最
https://news.tvbs.com.tw/focus/1075435
美司法部:我們將殲滅北韓駭客網絡
https://www.taiwannews.com.tw/ch/news/3629187
這次俄羅斯駭客盯上的,是偵辦「通俄門」的特別檢察官!穆勒證實「上千份證據已遭竄改散佈」
https://www.storm.mg/article/895917
中共整治網路巨頭吹前奏 人民網三評百度已死
https://bit.ly/2CZQhDf
最大間諜幾乎全涉中國 美國點名 北京回應
https://www.secretchina.com/news/b5/2019/01/31/883444.html
Europol Now Going After People Who Bought DDoS-for-Hire Services
https://bit.ly/2DI79jJ
Police Shut Down xDedic – An Online Market for Cyber Criminals
https://bit.ly/2UymxVx
DHS: ‘Almost unprecedented’ wave of cyber attacks hitting U.S. gov domains during shutdown
https://dailysoundandfury.com/dhs-almost-unprecedented-wave-of-cyber-attacks-hitting-u-s-gov-domains-during-shutdown/
China Blocks Microsoft's Bing Search Engine, Despite Offering Censored Results
https://bit.ly/2FWuBMz
Japanese government plans to hack into citizens' IoT devices
https://www.zdnet.com/article/japanese-government-plans-to-hack-into-citizens-iot-devices/#ftag=RSSbaffb68
Hackers are going after Cisco RV320/RV325 routers using a new exploit
https://www.zdnet.com/article/hackers-are-going-after-cisco-rv320rv325-routers-using-a-new-exploit/#ftag=RSSbaffb68
Pentagon documents the military's growing domestic drone use
https://www.zdnet.com/article/pentagon-documents-the-militarys-growing-domestic-drone-use/#ftag=RSSbaffb68
How the Air Traffic Control system works and fails
https://www.zdnet.com/article/how-the-air-traffic-control-system-works-and-fails/#ftag=RSSbaffb68
Authorities shut down xDedic marketplace for buying hacked servers
https://www.zdnet.com/article/authorities-shut-down-xdedic-marketplace-for-buying-hacked-servers/#ftag=RSSbaffb68
Unsecured MongoDB databases expose Kremlin's backdoor into Russian businesses
https://www.zdnet.com/article/unsecured-mongodb-databases-expose-kremlins-backdoor-into-russian-businesses/#ftag=RSSbaffb68
Why a high-tech border wall is as silly as a physical one
https://www.zdnet.com/article/why-a-high-tech-border-wall-is-as-silly-as-a-physical-one/#ftag=RSSbaffb68
3D printing hands-on: LulzBot Mini 2 first look
https://www.zdnet.com/article/3d-printing-hands-on-lulzbot-mini-2-first-look/#ftag=RSSbaffb68
Technology supports Brazil dam collapse management
https://www.zdnet.com/article/technology-supports-brazil-dam-collapse-management/#ftag=RSSbaffb68
Threat Roundup for Jan. 18 to Jan. 25
https://blog.talosintelligence.com/2019/01/threat-roundup-0118-0125.html
Researchers Release Tool That Finds Vulnerable Robots on the Internet
https://bit.ly/2TfG1xI
APT39: An Iranian Cyber Espionage Group Focused on Personal Information
https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html
Police are now targeting former WebStresser DDoS-for-hire users
https://www.zdnet.com/article/police-are-now-targeting-former-webstresser-ddos-for-hire-users/#ftag=RSSbaffb68
The DDoS that wasn’t: a key takeaway for web domain security
https://www.zdnet.com/article/the-ddos-that-wasnt-a-key-takeaway-for-web-domain-security/#ftag=RSSbaffb68
DOJ moves to take down Joanap botnet operated by North Korean state hackers
https://www.zdnet.com/article/doj-moves-to-take-down-joanap-botnet-operated-by-north-korean-state-hackers/#ftag=RSSbaffb68
Intelligence Chiefs Expect More Cyberattacks Against US
https://www.bankinfosecurity.com/intelligence-chiefs-expect-more-cyberattacks-against-us-a-11983
This DDoS Attack Unleashed the Most Packets Per Second Ever. Here’s Why That’s Important
https://bit.ly/2RuUJ2p
This DDoS Attack Unleashed the Most Packets Per Second Ever. Here’s Why That’s Important
https://bit.ly/2RuUJ2p
New cyber attack could cost US $89B - Lloyd's
https://www.breakingthenews.net/new-cyber-attack-could-cost-us-89b-lloyd-s/news/details/46546318
Israel blocks Iran cyber-attacks ‘daily’: Netanyahu
http://www.nileinternational.net/en/?p=125473
Netanyahu: Iran Attempts "Daily" Cyber Attacks on Israeli Infrastructure
https://iranintl.com/en/world/netanyahu-iran-attempts-daily-cyber-attacks-israeli-infrastructure
The Dangerous Power of DDoS-for-Hire
https://www.corero.com/blog/908-the-dangerous-power-of-ddos-for-hire.html
National Guard Helps Akron Deal With Cyber Attack
https://wakr.net/news/item/164146-ohio-national-guard-helps-akron-handle-cyber-attack
City of Akron Hit by Cyber Attack
https://wakr.net/news/item/164145-city-of-akron-hit-by-cyber-attack
France's Altran Tech hit by cyber attack
https://wdsm710.com/news/articles/2019/jan/28/frances-altran-tech-says-it-was-hit-by-cyber-attack/
A New Massive DDoS Attack bit-and-Piece Pattern Targeting Internet Service Providers
https://gbhackers.com/ddos-attack-bit-and-piece/
Hacking Fortnite Accounts
https://research.checkpoint.com/hacking-fortnite/
What You Think You Know about the OWASP Top 10 May Be Wrong
https://bit.ly/2HIh253
NSFOCUS Releases IP Chain Gang Report on Behavior of Recidivist Hackers
https://nsfocusglobal.com/nsfocus-releases-ip-chain-gang-report-behavior-recidivist-hackers/
NSFOCUS IDENTIFIES IP CHAIN-GANGS IN NEW CYBERSECURITY INSIGHTS REPORT
https://nsfocusglobal.com/nsfocus-identifies-ip-chain-gangs-new-cybersecurity-insights-report/
Firefox will soon warn users of software that performs MitM attacks
https://www.zdnet.com/article/firefox-will-soon-warn-users-of-software-that-performs-mitm-attacks/#ftag=RSSbaffb68
How Integration, Orchestration Help in Battling Cyberthreats
https://bit.ly/2WBgp0a
Russia alleges Cyber Attack on its Presidential Elections from West
https://www.cybersecurity-insiders.com/russia-alleges-cyber-attack-on-its-presidential-elections-from-west/
How Threat Intelligence Can Help Organisations Overcome Cyber Attacks
https://blogs.sap.com/2019/01/31/how-threat-intelligence-can-help-organisations-overcome-cyber-attacks/
徵才 - 聘用人員(系統分析師)
https://www.104.com.tw/job/?jobno=6i56a&jobsource=
徵才 - 總公司資訊安全部資安管理科人員
http://www.yes123.com.tw/admin/job_refer_comp_job_detail2.asp?p_id=20130717103546_84443471&job_id=20190131142231_69689263

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
購物網個資被竊 只在官網公告 HOLA遭駭 客險被詐
https://tw.appledaily.com/headline/daily/20190128/38244700/
購物網被駭客資外洩 消費者險被詐騙
https://tw.appledaily.com/new/realtime/20190127/1508106/
HOLA網購配送資料遭駭 客戶機警阻詐騙
https://bit.ly/2S8JFfA
家具購物網個資遭竊! 業者:其他廠商被駭
https://bit.ly/2MBS7yD
誆買1個變5個!民眾控HOLA洩資 訂商品接詐騙電話
https://bit.ly/2MDKwQf
趨勢科技響應國際數據隱私日,四招讓孩子變成個資捍衛戰士
https://blog.trendmicro.com.tw/?p=59161
蘋果詐騙郵件:Another Eden Games 收到訂單
https://www.vedfolnir.com/apple-app-store-scam-mail-another-eden-games-invoice-32049.html
新加坡1.4萬名愛滋病患個資遭洩漏,美國籍詐欺犯為幕後推手
https://asean.thenewslens.com/article/112900
詐欺犯的報復?新加坡HIV帶原者資料庫外洩,14,200個資曝光
https://global.udn.com/global_vision/story/8662/3620972
新加坡 HIV 帶原者資料庫外洩 影響 14,200 當地及外國帶原者
https://unwire.pro/2019/01/30/u-s-citizen-leaks-data-on-14200-people-in-singapore-with-hiv/news/
Data of 14,200 diagnosed with HIV in Singapore leaked online
https://www.zdnet.com/article/data-of-14200-diagnosed-with-hiv-in-singapore-leaked-online/#ftag=RSSbaffb68
滑手機買過年新衣 女大生個資外洩被騙40萬
https://bit.ly/2G2IlV2
北市網路詐騙總額達300萬 詐團都這樣騙
https://udn.com/news/story/7321/3614399
紐約市警局止罪小組探員監守自盜 詐騙銀行150萬
https://bit.ly/2FSCZfZ
偽造銀行本票網購5手袋共142萬 警荃灣擒兩廿歲騙徒
https://bit.ly/2MCnklw
黑幫搞詐欺 放炮恐嚇防抓耙子
https://www.chinatimes.com/newspapers/20190129000574-260106
假檢警來電交出帳戶密碼 婦嚇到睡不著...警助更改保老本
https://www.ettoday.net/news/20190128/1367972.htm
中國盜卡黨攻郵輪犯案 瘋狂刷卡得手逾千萬
https://tw.appledaily.com/new/realtime/20190128/1508510/
被控性侵兒童華裔男 再涉信用卡身分盜竊
https://bit.ly/2Sg9eva
揭開華裔網球教練性侵 「信用卡大軍」詐騙主謀也是他
https://bit.ly/2RUoz5b
技術支援詐騙是什麼,該如何保護自己
https://blog.trendmicro.com.tw/?p=58718
深偽影片流竄 恐加劇假新聞招致混亂
https://money.udn.com/money/story/5599/3619673
臉書發文洩密走光 4招教孩子搞懂資安
https://tw.appledaily.com/new/realtime/20190128/1508814/
網購信用卡被盜用 7澳居民涉案
http://www.mastvnet.com/news/Television/2019-01-25/260455.html
江西去年偵破電信網路詐騙案1.3萬起 集中返還涉案資金
https://news.sina.com.tw/article/20190126/29851544.html
彰警執行斬手行動 掃盪詐騙前線22天逮130名車手
https://bit.ly/2RqJurn
「解除分期付款」已經落伍啦! 最常詐騙手法是這項
https://udn.com/news/story/7239/3622578
阻絕假訊息 臉書擬組監督委員會
https://bit.ly/2sW6CUY
假網拍列詐騙手法之首 內政部呼籲民眾小心查證
https://www.chinatimes.com/realtimenews/20190130002633-260405
扯!6萬人追蹤粉專 網路換匯竟是詐騙
https://news.ebc.net.tw/News/society/150787
歹徒「郵筒釣魚」 華男險失7000美元
https://udn.com/news/story/6813/3627139?from=udn-ch1_breaknews-1-cate5-news
詐騙集團超多 台灣嘉義縣警方17天抓102詐騙犯
https://news.sina.com.tw/article/20190131/29908982.html
涉串謀詐騙6間保險公司18萬賠償 警員與散工遭廉署起訴
http://www.hkcd.com/content/2019-02/01/content_1122703.html
涉詐騙喬州政府財政廳2500萬美元 19歲青少年落網
https://bit.ly/2WvZ4G1
資安研究:5個Collection #系列資料庫,總計彙整了22億組外洩的電子郵件與密碼
https://www.ithome.com.tw/news/128594
黑客入侵!內部身分資料外洩 空中巴士:不會影響營運
https://www.ettoday.net/news/20190131/1370174.htm
Airbus data breach impacts employees in Europe
https://www.zdnet.com/article/airbus-data-breach-impacts-employees-in-europe/#ftag=RSSbaffb68
Airbus Hacked: Aircraft Giant Discloses Data Breach
https://www.bankinfosecurity.com/airbus-hacked-aircraft-giant-discloses-data-breach-a-11985
Airbus Suffers Data Breach, Some Employees' Data Exposed
https://bit.ly/2WBtQxd
Yahoo's Proposed Data Breach Lawsuit Settlement: Rejected
https://www.bankinfosecurity.com/yahoos-proposed-data-breach-lawsuit-settlement-rejected-a-11981
SBI Investigates Reported Massive Data Leak
https://www.bankinfosecurity.asia/sbi-investigates-reported-massive-data-leak-a-11986

E.研究報告
《2018 年雲上挖礦分析報告》發布,熱點漏洞利用成挖礦團伙" 武器庫"
https://www.chainnews.com/articles/635968519729.htm
永恆之藍漏洞復現(ms17-010) 及windows日誌對比分析
https://blog.csdn.net/wy_97/article/details/86665566
有多少漏洞都會重來:從ElasticSearch到MongoDB和Redis
http://www.10tiao.com/html/188/201901/2650280665/1.html
國內安全團隊360Vulcan公佈iOS 12.1越獄漏洞細節
https://www.secrss.com/articles/8034
個案分析-銀行木馬emotet攻擊事件分析報告_10801
https://cert.tanet.edu.tw/prog/opendoc.php?id=2019013111012727689476429621886.pdf
2018年中國網絡安全報告
http://it.rising.com.cn/dongtai/19507.html
Microsoft Exchange 任意用戶偽造漏洞(CVE-2018-8581)分析
https://paper.seebug.org/804/
測試 100% 自動化可行嗎
https://bit.ly/2WpqXPZ
ThinkPHP 5.0命令執行漏洞分析及復現
https://www.freebuf.com/vuls/194127.html
Razer Synapse 3 Windows客戶端本地提權漏洞分析
https://www.anquanke.com/post/id/170013
CVE-2019-6116:ghostscript的沙箱繞過命令執行漏洞預警
https://www.secrss.com/articles/8028
Mirai蠕蟲變種借ThinkPHP漏洞傳播騰訊安全“禦界”全面檢測
https://s.tencent.com/research/report/643.html
[經驗分享]Proxmox VE 複製虛擬機的幾種方法
https://bit.ly/2WoaCLm
[經驗分享]檢測 Proxmox VE 叢集連線健康狀態
https://bit.ly/2SfMziE
CVE-2019-3462 漏洞並不會造成越獄平台 Cydia 受到威脅和影響
https://mrmad.com.tw/cve-2019-3462-vulnerability
MACOS / iOS的漏洞之CVE-2019-6231詳細分析
https://xz.aliyun.com/t/3964
Meltdown 簡單分析:Intel 的漏洞
https://zhuanlan.zhihu.com/p/32778071
WordPress 捐贈插件漏洞,導致網站遭受零日攻擊
https://www.oschina.net/news/104011/wordpress-sites-under-attack-via-zero-day-in-abandoned-plugin
挖洞帶給我快樂,也帶我財富| 全球頂尖漏洞獵人Pranav Hivarekar專訪
https://www.freebuf.com/articles/people/194357.html
有多少漏洞都會重來:從ElasticSearch到MongoDB和Redis
http://www.10tiao.com/html/188/201901/2650280665/1.html
不想看 Google 給你的訂房、購物、銀行廣告?這樣改設定就可以了
https://www.newmobilelife.com/2019/01/26/ad-personalization/
Web滲透實驗:基於Weblogic的一系列漏洞
https://www.freebuf.com/vuls/194811.html
從低危OAuth漏洞到高危存儲型XSS
https://zhuanlan.zhihu.com/p/56043248
超簡單!十分鐘打造漂亮又好用的 zsh command line 環境
https://medium.com/statementdog-engineering/prettify-your-zsh-command-line-prompt-3ca2acc967f?fbclid=IwAR2gN82k7NLtpsfBrSYmyoYycZ7GkaJlIiRo_vSEmnSDHbax9HQVYgj-BHI
Windows Privilege Abuse: Auditing, Detection, and Defense
https://bit.ly/2UuKlt0
2019 Official Annual Cybercrime Report
https://bit.ly/2TouUT2
Sh00T - A Testing Environment for Manual Security Testers
https://bit.ly/2HAlMti
Ethical Hackers Are Working Tirelessly To Protect Your Data
https://hackernoon.com/ethical-hackers-are-working-tirelessly-to-protect-your-data-9170d336a35e
SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1
https://bit.ly/2RiQaIk
SSRF — Server Side Request Forgery (Types and ways to exploit it) Part-2
https://bit.ly/2ScEgnE
SSRF — Server Side Request Forgery (Types and ways to exploit it) Part-3
https://bit.ly/2UksSU8
dirkjanm/PrivExchange
https://github.com/dirkjanm/PrivExchange
Abusing Exchange: One API call away from Domain Admin
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
Union SQLi Challenges (Zixem Write-up)
https://medium.com/ctf-writeups/union-sqli-challenges-zixem-write-up-4e74ad4e88b4
Static analysis of .net framework binary — IDA Pro newb practice
https://bit.ly/2DGIhZy
Building a Port Scanner in 16 Lines of Code
https://medium.com/ediblesec/building-a-port-scanner-in-16-lines-of-code-26793f53f0b5
Dynamic Data Resolver (DDR) - IDA Plugin
https://blog.talosintelligence.com/2019/01/ddr.html
UEBA in Enterprise SecOps
https://medium.com/@eeubanks/user-and-entity-behavior-analytics-101-3aa5e6c5f63f
4 Tips for Better API Security in 2019
https://medium.com/apis-and-digital-transformation/4-tips-for-better-api-security-in-2019-7d3a3b852a45
Two-Factor Authentication Might Not Keep You Safe
https://medium.com/new-york-times-opinion/two-factor-authentication-might-not-keep-you-safe-191c4533c8e2
Docker and Kubernetes in high security environments
https://medium.com/@chrismessiah/docker-and-kubernetes-in-high-security-environments-d851645e8b99
kpcyrd/rshijack
https://github.com/kpcyrd/rshijack?fbclid=IwAR31K5quRSr9pXCOVEaQh9hPh8YKLrHardwleqDsJsvMJVKalkQSJ_9j0-I
kpcyrd/sn0int
https://github.com/kpcyrd/sn0int?fbclid=IwAR0pCVck525EQrQLsWu-JIngEn6zmGH9Q7YhdY_BSb3W_yjc99JBrma25Bo
0x03 Learning about Universal Links and Fuzzing URL Schemes on iOS with Frida
https://bit.ly/2SfMziE
Starting Embedded Reverse Engineering: FreeRTOS, libopencm3 on STM32F103C8T6
https://bit.ly/2Wtuddb
CTF Writeup: Complex Drupal POP Chain
https://blog.ripstech.com/2019/complex-drupal-pop-chain/?fbclid=IwAR1H9Jgdn_Ll3i6UrWt8cdhjkUF0cGBDxDYifFggTPSVcAUb1sPoceMao3M
Writeup – Samsung Galaxy Apps Store RCE via MITM
https://bit.ly/2CSYcSY

F.商業
實體金鑰安全升級 台業者推雙讀寫頭
https://money.udn.com/money/story/5612/3618279
異康密鑰安全升級 整合行動支付利器
https://money.udn.com/money/story/5613/3618147
改善企業資安架構,思科建議採用NIST框架進行規畫
https://ithome.com.tw/news/128455
透過網路釣魚防護與連網安全軟體保障旅行連線安全
https://www.digitimes.com.tw/iot/article.asp?cat=130&id=0000552472_7E23A4MX8IE8Y01E2CLP3
遠傳歷時4年打造第4代BSS,更要靠IT經驗變身為科技公司
https://www.ithome.com.tw/people/128336
經長一分鐘談經濟 說明Google投資台灣3大意義
https://www.cna.com.tw/news/firstnews/201901270210.aspx
5G顛覆電信營運供應鏈 伺服器、網通廠搶大餅
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000552763_CBP8PCVM5CE30A4LMIRFN
HTC DESIRE 12s推出新色綻放紅 符合GDPR資安標準、同級品唯一搭載 NFC 雙CA
https://www.kocpc.com.tw/archives/241446
不只是假議題!2018 全球資安公司募資金額創新高
https://technews.tw/2019/01/29/vc-funding-of-cybersecurity-companies-2018/
CheckPoint發表第六代網路安全構想 提出奈米安全策略
https://www.chinatimes.com/realtimenews/20190129001356-260412
macOS 10.14.4將帶來新功能:Touch ID自動填寫網頁表單
https://applealmond.com/posts/47427
雲端平台彙整分析取得智慧 呼叫地端防禦配置應有措施 端點防護擴展延伸 逐步落實全視野願景
https://www.netadmin.com.tw/article_content.aspx?sn=1901290010
微軟研究發現,有6成亞太地區零售業因資安疑慮而猶豫是否要數位轉型
https://www.techbang.com/posts/67892-roppongi-asia-pacific-retail-industry-due-to-cyber-security-doubts-delay-digital-transformation
Google Chrome to add drive-by-download protection
https://www.zdnet.com/article/google-chrome-to-add-drive-by-download-protection/#ftag=RSSbaffb68
Mozilla publishes official Firefox anti-tracking policy
https://www.zdnet.com/article/mozilla-publishes-official-firefox-anti-tracking-policy/#ftag=RSSbaffb68

G.政府
華為資通產品有資安疑慮 台南資訊硬體全面禁用
https://www.ettoday.net/news/20190125/1365972.htm
禁華為產品被妹批蠢 黃偉哲強調:遵行中央政策
http://news.ltn.com.tw/news/politics/breakingnews/2684965
痛批哥哥禁中國貨蠢 黃智賢堅持用華為「這就是我比台獨腦殘優秀的原因」
https://www.mirrormedia.mg/story/20190127edi008
名嘴稱用華為讓她「比台獨腦殘優秀」 網友看完都笑了
http://news.ltn.com.tw/news/politics/breakingnews/2684306
國安不容漏洞 嘉義縣市跟進中央禁華為
https://disp.cc/b/163-b8bv
政府懂資安? 張善政:尋找資安長
https://bit.ly/2MzMNMc
台灣公部門將禁用中國手機!張善政批:資安政策紊亂,充滿政治干預
https://bit.ly/2G3aZp3
政府機關禁用中國3C軟硬體 蘇揆:國安不容打折
https://newtalk.tw/news/view/2019-01-25/199675
談資通安全 陳明通:我是果粉 不用微信
http://www.epochtimes.com/b5/19/1/25/n11001794.htm
資安疑慮 政院何不帶頭用國貨
https://udn.com/news/story/11321/3615333
國安無灰色與紅色供應鏈
https://forum.ettoday.net/news/1365327
台政府禁陸設備 美台商會:正確!有益美台合作
http://www.epochtimes.com/b5/19/1/25/n11001280.htm
「看小國怎麼活」 柯文哲訪美前先訪以色列
https://udn.com/news/story/6656/3614249
政院擬禁陸3C產品 陳良基:政府有義務防護
http://www.epochtimes.com/b5/19/1/25/n11001755.htm
唐鳳︰資安法上路 與美密切合作
https://disp.cc/b/163-b7PK
張善政再論對陸管制 國網資安長:硬拗的政客
https://bit.ly/2UgFBr4
張善政力挺華為引論戰 專家:你的個資就是這樣被偷偷的傳送出去的
https://www.cmmedia.com.tw/home/articles/14027
稱禁華為假議題張善政臉書變「資安吐槽大會」 連駭客始祖都暈倒
https://wp.taronews.tw/2019/01/27/238751/
資安發言惹議 張善政邀網友和翟本喬對談
https://money.udn.com/money/story/7307/3620540
公家機關使用中資產品規範 31日公布
http://m.ltn.com.tw/news/politics/paper/1264506
善政啊!你是真的待過宏碁跟GOOGLE,還做過科技部長嗎
https://bit.ly/2RTcsFM
邀業界專家談APP資安漏洞 張善政:中國經常對台灣毛手毛腳
https://bit.ly/2HHSsku
陸製產品資安引疑慮 陳良基:政府法規要跟上
https://bit.ly/2FWxfSm
台政府禁陸資產品 Kolas重申國安無灰色地帶
http://www.epochtimes.com/b5/19/1/28/n11007215.htm
行政院今將公布 禁買中國資通產品原則
https://tw.news.appledaily.com/politics/realtime/20190131/1510538/
政院將公布中國資通品規範 原則全面禁止
https://news.pts.org.tw/article/421222
一銀盜領案建功 調查局新北處資安科長升站主任
https://udn.com/news/story/6656/3623788?fbclid=IwAR37b-YjoZUqcFqVqP2yqZu2e3hQWuflmK2Hm2ZeDNHiG8eHGMaUMN6hP78
NCC:台4G已禁中製設備5G將比照
https://tw.news.appledaily.com/headline/daily/20190130/38246329/
臉書隱私設定都不會?杜紫宸挺華為 網友:聽說是資安專家
https://www.setn.com/News.aspx?NewsID=492628
金管會107年重要施政成果及108年工作重點
https://bit.ly/2Sk8WDq
金管會公布2019年Fintech施政重點
https://www.ithome.com.tw/news/128541
金管會要求各保險公司春節連續假期期間保戶服務不中斷
https://bit.ly/2Ur7wVe
臺北市政府開始推動10萬元以下小額採購全面電子化作業
https://www.ithome.com.tw/news/128527
政院資安長 副秘書長宋餘俠兼任
https://www.cna.com.tw/news/firstnews/201901310054.aspx
各機關使用陸3C產品原則 延至年後公布
https://udn.com/news/story/6656/3624983
財政部補助地方政府強化資安防護作業要點
https://bit.ly/2UwJJn2
H.SCADA/ICS/工控系統
建構多層次防禦機制 同時保護IT、OT安全
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=50&cat2=25&id=0000552715_BS36H3T12PD6IO4H9K4LN
智慧工廠的資安架構
https://blog.trendmicro.com.tw/?p=58494
A new taxonomy for SCADA attacks
https://www.helpnetsecurity.com/2019/01/15/analyze-scada-attacks/
IT Security Vulnerability Roundup – January 2019
https://www.esecurityplanet.com/threats/it-security-vulnerability-roundup-january-2019.html
SCADA System For Oil & Gas Support Management
https://www.cso.com.au/mediareleases/33671/scada-system-for-oil-gas-support-management-of/
GEI: US energy security improved for sixth straight year
https://www.ogj.com/articles/2019/01/gei-us-energy-security-improved-for-sixth-straight-year.html
Security alert for vulnerabilities in Siemens PLCs
https://www.computerweekly.com/news/252456552/Security-alert-for-vulnerabilities-in-Siemens-PLCs

I.教育訓練類
web 應用常見安全漏洞一覽
https://segmentfault.com/a/1190000018004657
OSCP/OSCE – 考前資源整理(持續更新)
https://bit.ly/2B7eyqV
跨網站指令碼( XSS )駭客課程: 從初學者到專家
https://softnshare.com/cross-site-scripting-xss-website-hacking-course/
Learn Python Programming – 7 Courses Video Training Bundle
https://bit.ly/2ThgcNK
How to Recover Lost or Deleted Files
https://bit.ly/2Unedre

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
網路攝影機的資安標準
https://scitechvista.nat.gov.tw/c/sTGa.htm
意法半導體與Arilou合作開發 汽車駭客攻擊專用檢測方案
https://tw.finance.appledaily.com/realtime/20190129/1509276
壞人都在用AI了,好人一定要善用
https://www.cw.com.tw/article/article.action?id=5093864
Beers with Talos Ep. #45: SoHo attacks, IoT devices, and the cesspool setting
https://blog.talosintelligence.com/2019/01/beers-with-talos-ep-45-soho-attacks-iot.html
Davos develops drone regulation How-To for governments (and the FAA should pay attention)
https://www.zdnet.com/article/davos-develops-drone-how-to-for-governments-and-the-faa-should-pay-attention/#ftag=RSSbaffb68
The internet of human things: Implants for everybody and how we get there
https://www.zdnet.com/article/the-internet-of-human-things-implants-for-everybody-and-how-we-get-there/#ftag=RSSbaffb68
The Davos crowd had highminded talk about AI, stay tuned for the action
https://www.zdnet.com/article/the-davos-crowd-had-highminded-talk-about-ai-stay-tuned-for-the-action/#ftag=RSSbaffb68
GyoiThon – Machine Learning Penetration Testing
https://bit.ly/2RmEpQU
Adversarial AI: Cybersecurity battles are coming
https://www.zdnet.com/article/adversarial-ai-cybersecurity-battles-are-coming/#ftag=RSSbaffb68
Inside China’s Dystopian Dreams: AI, Shame and Lots of Cameras
https://medium.com/the-new-york-times/inside-chinas-dystopian-dreams-ai-shame-and-lots-of-cameras-ff18d45bfc13
Japan's IoT Security Strategy: Break Into Devices
https://www.bankinfosecurity.com/japans-iot-security-strategy-break-into-devices-a-11977
Car hacking: Are car makers prepared for cyber attacks
https://www.carsifu.my/news/car-hacking-are-car-makers-prepared-for-cyber-attacks

K.CTF
NeverLAN CTF 2019
https://ctftime.org/event/706
STEM CTF: Cyber Challenge 2019
https://ctftime.org/event/661
DEF CON CTF 2019 Quals
https://www.oooverflow.io/dc-ctf-2019-quals/
CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair
https://bit.ly/2CWltVm
Official Website of CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair, Qingdao, China
https://bit.ly/2VnsC8p
NeverLAN CTF
https://neverlanctf.com/

6.近期資安活動及研討會
  Fishackathon Taipei, A Global Sustainability Hackahton  2/3
 https://www.meetup.com/HackerNestTPE/events/242387792/
 Taipei Rails Meetup Tuesday, February 5, 2019
 https://www.meetup.com/rails-taiwan/events/dlgzljyzdbhb/
 高雄 Rails Meetup Wednesday, February 6, 2019
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzdbjb/
 Android Code Club(Taipei) Wednesday, February 6, 2019
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzdbjb/
 HackingThursday 固定聚會 Thursday, February 7, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzdbkb/
 Elixir台灣 台北 Meetup # Wednesday, February 13, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzdbgb/
 Android Code Club(Taipei) Wednesday, February 13, 2019
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzdbrb/
 Women Join Tech Yilan Batch2 Session 3  Wednesday, February 13, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317885/
 Multilayer Perceptron (MLP), Artificial Neural Network (ANN), and Deep Learning  Wednesday, February 13, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257483663/
 HackingThursday 固定聚會 Thursday, February 14, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzdbsb/
 資策會開辦ISO27002資訊安全管理國際認證班 2019/2/16
 https://ithome.com.tw/pr/128353
 Golang Taipei Gathering #37  2/18
 https://www.meetup.com/golang-taipei-meetup/events/256740786/
 Android Code Club(Taipei)  Wednesday, February 20, 2019
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzdbbc/
 Women Join Tech Yilan Batch2 Session 4  Wednesday, February 20, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317920/
 Weight Initialization, Under-/Over-Fitting, & Evaluation of Deep Learning Models  Wednesday, February 20, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257483906/
 第二屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會  2019-02-20(三) 09:00 ~ 17:30 (GMT+8)
 https://www.accupass.com/event/1811190218087771003780
【PowerPoint簡報極限使用】2月主題:十倍速PPT製作  2019-02-20(三) 19:00 ~ 22:00 (GMT+8)
 https://www.accupass.com/event/1810161307265689597830
 HackingThursday 固定聚會 Thursday, February 21, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzdbcc/
  Flutter Codelabs 讀書會 (報名請參閱活動說明)  Thursday, February 21, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258377586/
  [資安專業人才培訓] 108年度培訓單位甄選公告 2/22
  https://www.acw.org.tw/News/Detail.aspx?id=55
 iTHome 台灣雲端大會 Cloud Summit  2019  Call for paper  截止日 2 月 22 日
 https://cloudsummit.ithome.com.tw/cfp/
 [Visualization Series] 公投資料視覺化與選舉分析   2/24
 https://www.meetup.com/R-Ladies-Taipei/events/256933448/
 Women Join Tech Coding Club新竹場第二梯營隊-「魔法種子老師培訓」session5  Tuesday, February 26, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317875/
 如何導入區塊鏈  Tuesday, February 26, 2019
 https://www.meetup.com/Taipei-Blockchain/events/258326339/
 Elixir台灣 台北 Meetup # Monday, March 4, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzfbgb/
 Building and Training Convolutional Neural Networks, CNN  Wednesday, March 13, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484158/
 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, March 20, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzfbbc/
 Elixir台灣 台北 Meetup # Monday, April 1, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzgbcb/
 Modeling Sequences with Recurrent Neural Networks, RNN  Wednesday, April 3, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484461/
 Industrial Control Systems (ICS) Cyber Security Conference  APAC  April 16-18, 2019
 https://www.icscybersecurityconference.com/
 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, April 17, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzgbwb/
 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/
 iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
 https://cloudsummit.ithome.com.tw/
 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/
 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/
 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/
 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/
 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

沒有留言:

張貼留言