資安事件新聞週報 2019/2/18 ~ 2019/2/22
1.重大弱點漏洞
多個廠商IP Camera未授權遠程命令執行漏洞
https://www.seebug.org/vuldb/ssvid-97810
Dell SonicWall SonicOS 安全漏洞 CVE-2018-9867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9867
VyOS權限提升漏洞 CVE-2018-18556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18556
WinRAR 被曝存在遺留19年的漏洞,影響全球多達5億用戶
https://www.freebuf.com/news/196281.html
存在 14 年的 WinRAR 安全漏洞終於修復
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=810
WinRAR versions released in the last 19 years impacted by severe security flaw
https://www.zdnet.com/article/winrar-versions-released-in-the-last-19-years-impacted-by-severe-security-flaw/#ftag=RSSbaffb68
Severe vulnerabilities uncovered in popular password managers
https://www.zdnet.com/article/critical-vulnerabilities-uncovered-in-popular-password-managers/#ftag=RSSbaffb68
安全播報:新型POODLE攻擊漏洞,影響TLS 1.2協議
https://wosign.com/news/news_2019021402.htm
D-Link DIR-823G無需驗證重啟漏洞 CVE-2018-17880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17880
OfficeScan XG SP1 重大更新通知 CP5294
http://www.trend.com.tw/support/downloads/OSCE/12/TC/patch/osce_xg_sp1_win_zh_tw_criticalpatch_5294_Readme.html
Polycom RealPresence Web Suite信息泄露漏洞 CVE-2018-12592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12592
JVNVU#97449410 Microsoft Exchange 2013 およびそれ以降における NTLM 中継攻撃が可能な脆弱性
https://jvn.jp/vu/JVNVU97449410/
微軟修補IIS造成CPU使用率飆到100%的漏洞
https://ithome.com.tw/news/128905
微軟 Internet Information Services (IIS) 阻斷服務漏洞
https://www.bleepingcomputer.com/news/security/windows-servers-vulnerable-to-iis-resource-exhaustion-dos-attacks/
Windows 7 users: You need SHA-2 support or no Windows updates after July 2019
https://www.zdnet.com/article/windows-7-users-you-need-sha-2-support-or-no-windows-updates-after-july-2019/#ftag=RSSbaffb68
The Windows 10 security guide: How to safeguard your business
https://www.zdnet.com/article/the-windows-10-security-guide-how-to-safeguard-your-business/#ftag=RSSbaffb68
Next Windows update brings better Linux integration
https://www.zdnet.com/article/next-windows-update-brings-better-linux-integration/#ftag=RSSbaffb68
2019 SHA-2 Code Signing Support requirement for Windows and WSUS
https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus
Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes
https://www.zdnet.com/article/microsoft-publishes-security-alert-on-iis-bug-that-causes-100-cpu-usage-spikes/#ftag=RSSbaffb68
Kali Linux 2019.1 Released — Operating System For Hackers
https://thehackernews.com/2019/02/kali-linux-hackers-os.html
Critical Flaw Uncovered In WordPress That Remained Unpatched for 6 Years
https://thehackernews.com/2019/02/wordpress-remote-code-execution.html
GitHub擴大漏洞懸賞計畫,增加獎勵範圍和獎金
https://www.ithome.com.tw/news/128844
關於MongoDB數據庫權限提升漏洞的安全預警
https://developer.huaweicloud.com/hero/thread-14464-1-1.html
思科產品多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/02/20/Cisco-Releases-Security-Updates
Cisco patches a couple of root access-granting security flaws
https://www.zdnet.com/article/cisco-patches-a-couple-of-root-access-granting-security-flaws/#ftag=RSSbaffb68
Another Critical Flaw in Drupal Discovered — Update Your Site ASAP
https://bit.ly/2VahZEX
WhatsApp新漏洞:iPhone用戶可以繞開登錄控制
https://www.ithome.com/0/410/511.htm
SAP NetWeaver SAP Basis AS ABAP權限提升漏洞
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699
Cisco HyperFlex Software 訪問控制錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1666
Adobe重新修補Acrobat與Reader可外洩機密資訊的零時差漏洞
https://bit.ly/2E2eqtp
QNAP 社製 NAS に影響を与えるマルウエアに関する情報について
https://www.jpcert.or.jp/newsflash/2019021501.html
MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass
https://www.exploit-db.com/exploits/46444
FTPShell Server 6.83 - 'Account name to ban' Denial of Service (PoC)
https://www.exploit-db.com/exploits/46430
Apache CouchDB 2.3.0 - Cross-Site Scripting
https://www.exploit-db.com/exploits/46406
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module
https://www.exploit-db.com/exploits/46401
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
中國男子涉嫌提取網銀被盜錢款在日被捕
https://zh.cn.nikkei.com/politicsaeconomy/politicsasociety/34337-2019-02-15-15-39-15.html
華夏銀行內鬼曝光:伺服器植入病毒 賬戶餘額還不變
https://news.sina.com.tw/article/20190203/29947522.html
華夏銀行遭技術經理植入系統病毒 A股同行中估值最低
https://news.sina.com.tw/article/20190203/29947886.html
華夏銀行遭技術經理植系統病毒:賬戶想取多少取多少
https://news.sina.com.tw/article/20190203/29947828.html
銀行工程師用ATM漏洞竊取100萬美元
https://ek21.com/news/tech/63114/
彰銀信用卡 增雙安控機制
https://www.chinatimes.com/newspapers/20190216000294-260205
土銀、彰銀網銀大當機? 銀行:使用量大導致網路壅塞
https://udn.com/news/story/7239/3627823
中大生用程式攻擊中資銀行 終院指行為乎控罪元素 拒撤罪名
https://bit.ly/2GLIOv4
公安部:已立案偵查380餘網貸平台,查扣凍結涉案資產百億
https://news.sina.com.tw/article/20190217/30088158.html
揭秘「網貸」如何變「網騙」:自建資金池大發假標的
https://news.sina.com.tw/article/20190217/30085050.html
花旗銀行提醒使用者注意網絡安全 加強風險管理
https://bit.ly/2UZRm5A
網銀大當機? 彰銀澄清:過年交易量大 速度較慢
https://udn.com/news/story/7239/3627777
土銀網路龜速!狗年最後1個交易日 網銀與APP網路大塞車
https://ec.ltn.com.tw/article/breakingnews/2690305
土銀網路龜速!狗年最後1個交易日 網銀與APP網路大塞車
https://ec.ltn.com.tw/article/breakingnews/2690305
土銀網路銀行.APP出問題 疑似交易量過大導致
http://globalnewstv.com.tw/201902/58047/
大陸央行"三定"規定發佈:將統籌互聯網金融監管工作
https://news.sina.com.tw/article/20190202/29938240.html
中國銀行人員拍攝紀念鈔上傳網路 遭央行點名通報批評
https://news.sina.com.tw/article/20190201/29928356.html
紐約聯邦儲備銀行協助孟加拉國訴訟黑客網路搶劫案
https://news.sina.com.tw/article/20190202/29934624.html
純網銀...完備數位生態圈
https://money.udn.com/money/story/5629/3642885
KDDI宣布公開收購大型網路券商
https://fnc.ebc.net.tw/FncNews/else/69786
提款機偷裝攝錄機盜提 3華裔駭客「看熱鬧」落網
http://www.myspotnews.com/post871547
暗網出現能讓ATM變吃角子老虎的吐鈔攻擊程式
https://www.ithome.com.tw/news/128855
金融業首創!第一銀行「刷臉上班」亮相
https://www.chinatimes.com/realtimenews/20190220001878-260410
中國「隔空盜刷」頻傳 卡放錢包 錢卻1筆筆被刷走
https://bit.ly/2GAkwoH
日本將鬆綁FinTech新創等非銀行業者的匯款限制
https://udn.com/news/story/6811/3655896?from=udn-ch1_breaknews-1-cate5-news
金融犯罪管控不力 渣打銀行被罰1億英鎊
https://money.udn.com/money/story/5599/3656053
丹麥銀行將關閉有洗錢醜聞的分行
https://www.chinatimes.com/realtimenews/20190220003355-260410
All about the cyber attack on Malta’s Bank of Valletta
https://www.peerlyst.com/posts/all-about-the-cyber-attack-on-malta-s-bank-of-valletta-kimberly-crawley
A Programmer Exploits a Crazy Bug in ATMs and Withdraws Over A Million
http://www.ehackingnews.com/2019/02/a-programmer-exploits-crazy-bug-in-atms.html
Malta’s leading bank resumes operations after cyberheist-induced shutdown
https://www.welivesecurity.com/2019/02/15/maltas-leading-bank-resumes-operations-cyberheist-induced-shutdown/
Cyber Attack on Malta’s Biggest Bank
https://www.purevpn.com/blog/cyber-attack-on-malta-bank-of-valletta/
25 million rubles disappeared from the IT Bank, again hacker group Silence
http://www.ehackingnews.com/2019/02/25-million-rubles-disappeared-from-it.html
Is-Cyber Attack fuq il-Bank of Valletta
https://www.bov.com/Pjazza/cyberattack-on-bov
BOV is still trying to recover money and establish source behind cyber attack
https://www.tvm.com.mt/en/news/bov-is-still-trying-to-recover-money-and-establish-source-behind-cyber-attack/
OLYMPIA FINANCIAL GROUP INC. ANNOUNCES RECOVERY FROM RANSOMWARE CYBER ATTACK
http://www.cbj.ca/olympia-financial-group-inc-announces-recovery-from-ransomware-cyber-attack-2/
BRIEF-Olympia Financial Group Inc. Announces Recovery From Ransomware Cyber Attack
https://bit.ly/2SaN0Xt
Metro Bank hit by cyber attack used to empty customer accounts
https://fireballcybersecurity.blogspot.com/2019/02/metro-bank-hit-by-cyber-attack-used-to.html
What Does Wi-Fi Symbol On Credit or Debit Card Mean
https://bit.ly/2Eh7Xw1
三商銀募新血 加薪大PK
https://www.chinatimes.com/newspapers/20190216000292-260205
子公司資安管理專業人員
https://www.104.com.tw/job/?jobno=6ikfm
集保結算所跨界獵才 鎖定大數據、資安菁英
https://www.chinatimes.com/realtimenews/20190218003538-260410
迎接年後轉職潮 富邦產險、台灣人壽啟動徵才計畫
https://bit.ly/2VaeY7H
3.電子支付/電子票證/行動支付/ 新聞及資安
Google Pay信用卡被取消綁定、停用、掛失 其實只是太久沒用
https://www.cool3c.com/article/140568
記名未必有保障!民眾掛失一卡通 仍遭盜用
https://news.tvbs.com.tw/life/1077499
國泰世華MasterPass電子錢包將於108/04/20起終止服務
https://www.cathaybk.com.tw/cathaybk/personal/news/announcement/2019/0125AnnounceInfo/
一卡通發卡量破2000萬張 未來走向多元行動支付服務
https://www.chinatimes.com/realtimenews/20190221003438-260410
10億支付寶用戶不淡定了:壓垮付款的三座大山來臨
https://news.sina.com.tw/article/20190222/30162572.html
香港金管局:電子錢包認證快升級
https://hk.finance.appledaily.com/finance/daily/article/20190211/20610454
4.虛擬貨幣/區塊鍊 新聞及資安
遠傳、SoftBank 完成跨國跨電信區塊鏈行動支付實測
https://money.udn.com/money/story/5617/3658909
沙地阿拉伯央行、阿聯酋銀行 將合作成立跨境加密貨幣交易計劃
https://bit.ly/2NaRLPP
可以用信用卡買加密貨幣了!幣安支援Visa、Mastercard購買
https://bit.ly/2GxXlLU
幣安與支付公司Simplex達成合作新增支持信用卡支付
http://www.sohu.com/a/292798090_114774?scm=1002.590044.0.0
〈區塊鏈大應用〉IHS Markit合作英國區塊鏈新創Cobalt 簡化交易後流程
https://fnc.ebc.net.tw/FncNews/else/69194
曾痛罵比特幣是場騙局!摩根大通將推出自家的「加密貨幣」
https://buzzorange.com/techorange/2019/02/18/jpm-coin/
重大決策!伊朗正式發行基於黃金的加密貨幣Peyman
http://news.knowing.asia/news/77b48181-87c5-4435-a56d-cbd53b0f5394
加密金融服務公司將通過Lloyd's of Bank提供加密保險
https://www.moneybar.com.tw/News/91975
ITM國際信任機器執行長陳洲任:一旦能「連網即上鏈」,這些鏈上新資料將會為台灣帶來新價值
https://bit.ly/2T7dLkc
比特大陸S15礦機被指存在致命漏洞,可修改礦工支付地址
https://www.ccvalue.cn/show/1627
比特幣ATM機從誕生至今,經歷堪稱跌宕起伏
http://news.knowing.asia/news/bec0d382-8212-4a20-be54-2375436956b6
比特幣ATM機真正的競爭力,在於其內部驅動軟體的性能
http://news.knowing.asia/news/befa8c30-9a2a-4d05-a7c2-31d5ac8b74c1
西班牙銀行報告:比特幣是建立不受審查的支付系統的解決方案
http://chainb.com/?P=Cont&id=14130
印度尼西亞正式將加密貨幣合法化
https://bit.ly/2NsoC2Z
2億美元虛擬貨幣「灰飛煙滅」!區塊鏈技術難掩致命缺陷
http://news.knowing.asia/news/9d37cb43-6fc9-47d8-a680-0766449740e7
〈區塊鏈大應用〉德商銀聯手西門子+Continental 完成貨幣市場區塊鏈試驗
https://news.cnyes.com/news/id/4282819
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體
Mac 惡意軟體現身,CookieMiner 竊取用戶密碼、信用卡,還把電腦當挖礦機
https://applealmond.com/posts/47751
駭客利用 Apple 企業開發者證書於主流應用程式植入惡意程式碼
https://unwire.pro/2019/02/16/software-pirates-use-apple-tech-to-put-hacked-apps-on-iphones/news/
報告:表單點擊劫持超越勒索軟體、挖礦劫持成2018年首要威脅
https://www.ithome.com.tw/news/128887
資安業者在Microsoft Store發現8款程式暗藏挖礦功能
https://www.ithome.com.tw/news/128817
Several Cryptojacking Apps Found on Microsoft Store
https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store
黑客不過年:steam盜號木馬再氾濫
https://www.aqniu.com/threat-alert/43558.html
暗網出現能讓ATM變吃角子老虎的吐鈔攻擊程式
https://www.ithome.com.tw/news/128855
惡意軟體安裝器 Rietspoof 透過即時通訊大量感染中
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=806
無檔案惡意程式(Fileless Malware)五種運作方式
https://blog.trendmicro.com.tw/?p=58512
繞過Mac內建保護機制的 Windows惡意執行檔,會下載資料竊取病毒跟廣告軟體
https://blog.trendmicro.com.tw/?p=59591
Mac惡意軟體,偽裝非法破解 程式Adobe Zii,竊取信用卡,還偷挖礦
https://blog.trendmicro.com.tw/?p=59576
DrainerBot infected apps play invisible videos to drain your data
https://www.zdnet.com/article/drainerbot-ad-fraud-scam-causes-infected-apps-to-use-over-10gb-a-month/#ftag=RSSbaffb68
RBI Warns of Fraud That Leverages 'AnyDesk' App
https://www.bankinfosecurity.asia/rbi-warns-fraud-that-leverages-anydesk-app-a-12035
“Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web
https://www.crowdstrike.com/blog/sin-ful-spiders-wizard-spider-and-lunar-spider-sharing-the-same-web/
WannaCry Hero Loses Key Motions in Hacking Case
https://www.bankinfosecurity.com/wannacry-hero-loses-key-motions-in-hacking-case-a-12024
Navigating the murky waters of Android banking malware
https://www.welivesecurity.com/2019/02/15/navigating-murky-waters-android-banking-malware/
ANDROID BANKING MALWARE: SOPHISTICATED TROJANS VS. FAKE BANKING APPS
https://www.welivesecurity.com/wp-content/uploads/2019/02/ESET_Android_Banking_Malware.pdf
Red flags raised over fake banking apps
http://www.fstech.co.uk/fst/Warning_Over_Fake_Banking_Apps.php
Emotet malware tweaks tactics in fresh attack wave
https://brica.de/alerts/alert/public/1247478/emotet-malware-tweaks-tactics-in-fresh-attack-wave/
Android banking malware hitting more users than ever
https://jonmichaelmoy1.wordpress.com/2019/02/15/android-banking-malware-hitting-more-users-than-ever/
ThreatList: Banking Trojans Are Still The Top Big Bad for Email
https://threatpost.com/banking-trojans-top-threat-email/141814/
White hats spread VKontakte worm after social network doesn't pay bug bounty
https://www.zdnet.com/article/white-hats-spread-vkontakte-worm-after-social-network-doesnt-pay-bug-bounty/#ftag=RSSbaffb68
Banking Trojan Attacks Dominated 10+ Billion Cybersecurity Threats in 2018
https://www.tmcnet.com/usubmit/-banking-trojan-attacks-dominated-10-billion-cybersecurity-threats-/2019/02/01/8893106.htm
Global Ransomware Attack Could Cost Businesses Nearly $200B: Study
https://www.programbusiness.com/node/221647
Popular Torrent Uploader 'CracksNow' Caught Spreading Ransomware
https://bit.ly/2T2gbQS
Rietspoof malware spreads via Facebook Messenger and Skype spam
https://www.zdnet.com/article/rietspoof-malware-spreads-via-facebook-messenger-and-skype-spam/#ftag=RSSbaffb68
Ransomware Attack on Crosby International School District IT systems
https://www.cybersecurity-insiders.com/ransomware-attack-on-crosby-international-school-district-it-systems/
APT Malware LOLBins & GTFOBins Attack users by Evading the Security Sysem
https://gbhackers.com/apt-malware-lolbins-gtfobins-attack-users-by-evading-the-security-sysem/
JavaScript bridge makes malware analysis with WinDbg easier
https://blog.talosintelligence.com/2019/02/windbg-malware-analysis-with-javascript.html
Bitdefender releases third GandCrab ransomware free decrypter in the past year
https://www.zdnet.com/article/bitdefender-releases-third-gandcrab-ransomware-free-decrypter-in-the-past-year/#ftag=RSSbaffb68
POS firm says hackers planted malware on customer networks
https://www.zdnet.com/article/pos-firm-says-hackers-planted-malware-on-customer-networks/#ftag=RSSbaffb68
Monero Miner-Malware Uses RADMIN, MIMIKATZ to Infect, Propagate via Vulnerability
https://bit.ly/2V8i4ZJ
Combing Through Brushaloader Amid Massive Detection Uptick
https://blog.talosintelligence.com/2019/02/combing-through-brushaloader.html
Malware that hunts for account credentials on adult websites tripled in 2018
https://www.zdnet.com/article/malware-that-hunts-for-account-credentials-on-adult-websites-tripled-in-2018/#ftag=RSSbaffb68
11 Takeaways: Targeted Ryuk Attacks Pummel Businesses
https://www.bankinfosecurity.com/11-takeaways-targeted-ryuk-attacks-pummel-businesses-a-12040
B.行動安全 / iPhone / Android /穿戴裝置 /App
台灣通訊軟體Jello 貼圖侵權後又引陸資疑云
http://news.dwnews.com/taiwan/big5/news/2019-02-01/60116315.html
訂房網站、航空公司等iOS版App 暗中側錄用戶操作過程
https://www.ettoday.net/news/20190211/1375512.htm
偷錄屏幕截取顧客資訊 Expedia 都有份
https://bit.ly/2tno4ls
鑽蘋果漏洞第三方應用程式業者提供破解版App
https://eunited.com.my/186623
喜歡跟Siri說話嗎?專家示警:語音助理恐被「無聲」控制解鎖、購物
https://ec.ltn.com.tw/article/breakingnews/2703000
破萬 Android App 違規追蹤用戶行為,關閉個人化廣告也沒用
https://technews.tw/2019/02/19/android-app-permanently-record-users-online-activity-for-ad/
iOS 12.1.4爆新災情! 果粉「這點」沒用別急著更新
https://www.chinatimes.com/realtimenews/20190220000017-260412
耗電、不能用Wi-Fi、當機…更新iOS 12.1.4災情頻傳
https://bit.ly/2E5jwVO
愛情銀行App簽到1年獎勵難兌現:我還怎麼相信"愛情"
https://news.sina.com.tw/article/20190222/30166764.html
Android存在與PNG相關漏洞
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16209
Google 加強對 Play Store 中惡意軟體的安全審查
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=803
Tor traffic from individual Android apps detected with 97 percent accuracy
https://www.zdnet.com/article/tor-traffic-from-individual-android-apps-detected-with-97-percent-accuracy/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
Tor專案發表使用Tor網路傳輸檔案的OnionShare 2
https://ithome.com.tw/news/128886
Chrome 將會讓無痕模式更經得起有心網站的刺探
https://chinese.engadget.com/2019/02/19/google-chrome-incognito-mode-blocking/
前程序員利用漏洞,每月非法獲取老東家多則20餘萬條客戶信息被批捕
http://www.shxwcb.com/237176.html
員工的不當使用習慣,是企業資安最大的弱點
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=805
繼USB炸彈之後,現在有人做了一條內建WiFi的USB傳輸線可以遠端遙控入侵你的電腦
https://bit.ly/2IoC6xD
躲在系統四個月沒被發現?駭客竊取資料的五個隱身術
https://blog.trendmicro.com.tw/?p=59359
卡巴斯基公布2018年第4季DDoS攻擊報告
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16207
Nest偷偷內建麥克風,但Google說不是存心隱瞞
https://www.ithome.com.tw/news/128880?fbclid=IwAR1--aJ9HXlWfNCv-HSkozwJBOomoxm3LWDe-UgOJ55L33E-SskEc9WWgl4
[6個溫習駭客攻擊的議題]資安設備管理實名化
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=71&aid=8715
駭客找到方法「遙控」小米的 M365 電動滑板車(更新官方聲明)
https://chinese.engadget.com/2019/02/15/xiaomi-m365-electric-scooter-hack-bluetooth/
雲端基礎架構之進階持續性攻擊日漸增加
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16206
【線上服務登入將可免記密碼】新型網路身分識別崛起,提升金融與政府服務安全
https://www.ithome.com.tw/news/128595
【全面解析FIDO網路身分識別】無密碼新時代將至!解決網路密碼遭竊與盜用問題
https://www.ithome.com.tw/news/128566
是你朋友嗎?「肥宅駭客」駭麥當勞 APP 帳戶,花 $1 萬台幣點薯條漢堡
https://www.cool-style.com.tw/wd2/archives/396471
技術人員未維護 長沙一單位官網首頁被植入色情頁面
https://news.sina.com.tw/article/20190221/30154050.html
川普擬提馬爾帕斯接管世行 中共借款恐變難
http://www.epochtimes.com/b5/19/2/5/n11025872.htm
陸資插旗叫車平台 專家憂釀國安危機
https://bit.ly/2GQpDAx
瑞士電子投票系統開放全球駭客挑戰,最高獎金 150 萬
https://bit.ly/2ts4epe
紐時:中國伊朗駭客再次猛烈攻擊美國企業
https://www.cna.com.tw/news/afe/201902180310.aspx
報復美國?中國伊朗駭客猛攻 數十企業政府機關受害
https://udn.com/news/story/6811/3650892
未找到後門,德國5G網路可能不會排除華為設備
https://www.ithome.com.tw/news/128862
中共駭客再攻擊美公司 竊軍事和貿易機密
https://bit.ly/2InE2q3
資安公司證實 中國大陸駭客強化對美網攻力道
https://www.ydn.com.tw/News/325277
中國的超監控系統
https://taronews.tw/2019/02/21/261127/
澳大利亞議會遭國家級網路攻擊,三大政黨伺服器皆受影響
https://www.ithome.com.tw/news/128838
澳國會網路遭駭 總理:某一外國政府所為
https://bit.ly/2SHcKjq
澳國會網路遭駭 總理:手法熟練國家所為
https://bit.ly/2tBfeAZ
前CIA分析員:加拿大將成惡意網絡攻擊對象
https://bit.ly/2Gu3lEy
從中國購買舊芯片賣入美國軍方分銷商面臨重罪指控
https://www.aqniu.com/news-views/43759.html
中國武力犯台「軟殺」先行 國策會:應重視資安、輿論等「無形戰場」
https://www.upmedia.mg/news_info.php?SerialNo=57850
美上億個資被駭 專家:或為招募特務
https://bit.ly/2EgcwXo
紐時:陸已重啟網攻 回應美貿易戰
https://udn.com/news/story/11314/3651438
不甩老美抵制!越南仍計畫採用華為5G設備
https://cnews.com.tw/005190215a04/
歐洲運營商青睞中國電信設備,美國抵制華為行動遇阻
https://on.wsj.com/2DT7WwW
英軍情單位打臉 美封殺華為恐現破網
https://www.ydn.com.tw/News/324853
手機正在出賣你?透視美政府為何圍堵華為
http://www.epochtimes.com/b5/19/2/20/n11057019.htm
澳大利亞議會遭國家級網路攻擊,三大政黨伺服器皆受影響
https://www.ithome.com.tw/news/128838?fbclid=IwAR37IEbK_AuEoqf8uGA1aLc9Z42FeuD38WqdQQhHGkqJFkyTrF50BEXrVUE
日IoT設備新規定 2020起需提供資安防護機制與作為
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000553204_IWD1I2C01XZFGT33Z860K
日本自衛隊將加強網戰專家 抵禦中國北韓網軍攻擊
https://www.taiwannews.com.tw/ch/news/3641870
Crowdstrike:中國駭客行動回升 與美國的網絡安全協議基本已遭擯棄
https://bit.ly/2X7Ilt7
面對不同國家駭客,你有多少反應時間
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=807
中國獵豹入侵台灣資安?黃國昌爆指阿里台灣總經理當內應
https://m.ltn.com.tw/news/politics/breakingnews/2704104
叫車服務平台「TaxiGo」驚傳中資!黃國昌爆:背後為中國「獵豹移動」控制
https://www.storm.mg/article/969883
網路攻擊也要快狠準,俄羅斯駭客的攻擊速度是北韓駭客的8倍快
https://www.ithome.com.tw/news/128861
俄羅斯將學「習」 謀全面屏蔽國外網路
https://www.taiwannews.com.tw/ch/news/3642228
中國駭客捲土重來攻美 兩國網路安全協議名存實亡
https://tw.appledaily.com/new/realtime/20190221/1520997/
長沙市場監管局網站被上傳黃色頁面 警方回應
https://news.sina.com.tw/article/20190221/30159830.html
微軟發出警告:俄支持駭客攻擊歐洲智庫和非營利組織
https://bit.ly/2BNebCd
微軟指俄羅斯駭客入侵歐洲智庫
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=809
微軟:歐洲多個民主機構遭網絡攻擊
https://bit.ly/2DYtJna
微軟擴大AccountGuard服務至歐洲12國,保障當地民主組織的帳號安全
https://www.ithome.com.tw/news/128889
伊朗駭客是入侵澳洲議會電腦的幕後黑手
https://on.wsj.com/2NjmKt2
微軟提供歐洲國家安全網路服務,防止來自俄羅斯駭客攻擊
http://technews.tw/2019/02/21/microsoft-says-discovers-hacking-targeting-democratic-institutions-in-europe/
北約軍隊資安單位透過社群網站「釣魚」,發現嚴重資安弱點
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=811
攻撃グループTickによる日本の組織をターゲットにした攻撃活動
https://blogs.jpcert.or.jp/ja/2019/02/tick-activity.html
世界のCSIRTから ~ベトナム(VNCERT, AIS)
https://blogs.jpcert.or.jp/ja/2019/02/cert-vncert-ais22.html
Singapore arms up on cyberdefence experts, opens cyberdefence school
https://www.zdnet.com/article/singapore-arms-up-on-cyberdefence-experts-opens-cyberdefence-school/#ftag=RSSbaffb68
MINDEF Boosts Cyber Defence with Cyber Expert Schemes and New Training School
https://www.mindef.gov.sg/web/portal/mindef/news-and-events/latest-releases/article-detail/2019/February/20feb19_nr
Chinese, Irish hackers are escalating cyber attack against US entities: report
https://vaaju.com/chinese-irish-hackers-are-escalating-cyber-attack-against-us-entities-report/
You have around 20 minutes to contain a Russian APT attack
https://www.zdnet.com/article/you-have-around-20-minutes-to-contain-a-russian-apt-attack/#ftag=RSSbaffb68
Cyber blitzkrieg replaces cyber Pearl Harbor
https://www.zdnet.com/article/cyber-blitzkrieg-replaces-cyber-pearl-harbor/#ftag=RSSbaffb68
Ex-US Intelligence Agent Charged With Spying and Helping Iranian Hackers
https://thehackernews.com/2019/02/iran-hacker-wanted-fbi.html
Hacker puts up for sale third round of hacked databases on the Dark Web
https://www.zdnet.com/article/hacker-puts-up-for-sale-third-round-of-hacked-databases-on-the-dark-web/#ftag=RSSbaffb68
The EU's new copyright laws threaten to destroy the internet
https://www.zdnet.com/article/the-eus-new-copyright-laws-threaten-to-destroy-the-internet/#ftag=RSSbaffb68
GAO gives Congress go-ahead for a GDPR-like privacy legislation
https://www.zdnet.com/article/gao-gives-congress-go-ahead-for-a-gdpr-like-privacy-legislation/#ftag=RSSbaffb68
Thousands of Android apps permanently record your online activity for ad targeting
https://zd.net/2DQ2Y4c
Facebook tackles developer databases leaking at least one million user records
https://www.zdnet.com/article/facebook-tackles-account-takeover-data-exposure-security-failures/#ftag=RSSbaffb68
Protecting Cryptocurrency in the Era of 'Deep Fakes'
https://www.bankinfosecurity.com/interviews/protecting-cryptocurrency-in-era-deep-fakes-i-4256
In Germany, significantly increased the number of cyber attacks on critical infrastructure
https://24-my.info/in-germany-significantly-increased-the-number-of-cyber-attacks-on-critical-infrastructure/
The DDoS attack which crippled Juan Luna Blog coming from China
https://juanluna.site/2019/02/16/the-ddos-attack-which-crippled-juan-luna-blog-coming-from-china/
Indian Cyber attack on Pakistan Foreign ministry data
http://harpalpk.com/indian-cyber-attack-on-pakistan-foreign-ministry-data/
Cyber Security Myths You Must Forget, To Avoid Being Hacked!
https://techeconomy.ng/2019/02/15/cyber-security-myths-you-must-forget-to-avoid-being-hacked/
Vulnerability Analysis of Interdependent Critical Infrastructures upon a Cyber-attack
https://scholarspace.manoa.hawaii.edu/handle/10125/59503
Criminals, Nation-States Keep Hijacking BGP and DNS
https://www.bankinfosecurity.com/criminals-nation-states-keep-hijacking-bgp-dns-a-12028
Cyber criminals increasingly used 'formjacking' to carry out attacks in 2018: study
https://brica.de/alerts/alert/public/1247371/cyber-criminals-increasingly-used-formjacking-to-carry-out-attacks-in-2018-study/
US Hacker Squads Constantly On the Attack in New Cyberwar Strategy
http://strategicstudyindia.blogspot.com/2019/02/us-hacker-squads-constantly-on-attack.html
Cybersecurity: 4 Ways to Prevent Cyber Attacks
https://www.mau.com/workforce-insights/cybersecurity-4-ways-to-prevent-cyber-attacks
How to Secure WordPress Website From Cyber Attacks And Hackers
https://hosting.review/tutorial/secure-wordpress/
In 2018, Ukrainian specialists have blocked about 400 of cyber attacks
http://24-my.info/in-2018-ukrainian-specialists-have-blocked-about-400-of-cyber-attacks/
Average DDoS Attack Volume Tripled in a Year, New Data Reveals
https://businessinsights.bitdefender.com/average-ddos-attack-volume-in-europe-tripled-in-a-year-new-data-reveals
SOC First Defense phase – Breaking the Attack Chain
https://gbhackers.com/soc-defense-attack-chain/
The Mind-Blowing Cost of a Typical Cyber-Attack
https://www.datex.ca/blog/the-mind-blowing-cost-of-a-typical-cyber-attack
Mexico is not prepared to stop a cyber attack, says Harvard Professor
https://www.mexicanist.com/l/mexico-is-not-prepared-to-stop-a-cyber-attack-says-harvard-professor/
A Cyber Attack Is In Your Future: Here’s What You Can Do About It
https://www.totalityservices.co.uk/cyber-attack-future-heres-can/
Australian Information Commissioner reports cyber-attack increase
https://logisticsmagazine.com.au/australian-information-commissioner-reports-cyber-attack-increase/
Cybercriminals shift from quantity to quality in DDoS attacks in 2018
https://www.networkmiddleeast.com/technology/security/85164-cybercriminals-shift-from-quantity-to-quality-in-ddos-attacks-in-2018
Airbus cyber attack believed to be conducted by hackers in China
http://blog.extremehacking.org/blog/2019/02/05/airbus-cyber-attack-believed-conducted-hackers-china/
'Chinese hackers behind cyber attack on aircraft manufacturer Airbus'
http://www.tellerreport.com/tech/---chinese-hackers-behind-cyber-attack-on-aircraft-manufacturer-airbus--.HkZ4iFr4N.html
Cyber Attack and Data Fraud: Marsh-RIMS Study Reveals Top Risks for Indian Companies
https://www.marsh.com/in/insights/research/cyber-attack-and-data-fraud-marsh-rims-study-reveals-top-risks-for-indian-companies.html
Credential Stuffing Attack Hits Dailymotion
https://hackercombat.com/credential-stuffing-attack-hits-dailymotion/
US Government Shutdown made NASA vulnerable to Cyber Attacks
https://www.cybersecurity-insiders.com/us-government-shutdown-made-nasa-vulnerable-to-cyber-attacks/
First Hacker Convicted of ‘SIM Swapping’ Attack Gets 10 Years in Prison
https://staticnetworks.com/first-hacker-convicted-of-sim-swapping-attack-gets-10-years-in-prison/
Hacker destroys VFEmail service, wipes backups
https://blog.malwarebytes.com/cybercrime/2019/02/hacker-destroys-vfemail-service-wipes-backups/
Critics Blast Proposed IT Act Modifications
https://www.bankinfosecurity.asia/critics-blast-proposed-act-modifications-a-12029
Learn How XDR Can Take Breach Protection Beyond Endpoint Security
https://thehackernews.com/2019/02/xdr-edr-solutions.html
Microsoft reveals new APT28 cyber-attacks against European political entities
https://www.zdnet.com/article/microsoft-reveals-new-apt28-cyber-attacks-against-european-political-entities/#ftag=RSSbaffb68
Australia - Hackers 'scramble' patient files in Melbourne heart clinic cyber attack
https://brica.de/alerts/alert/public/1248272/australia-hackers-scramble-patient-files-in-melbourne-heart-clinic-cyber-attack/
[軟體系統]高級資安系統應用工程師(台北)
https://m.1111.com.tw/job/85847406/
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
英國政府的假新聞調查報告將臉書稱為「數位黑幫」
https://www.ithome.com.tw/news/128834?fbclid=IwAR2-W1DQR7CwseMEVi-mjr98VU3HsR7yrN-qqVAHn57pLT1ttwz4W7Nsk40
瑞典270萬筆病患通話紀錄在毫無防備的伺服器上曝光
https://bit.ly/2EjqGHg
ASRC 2018 郵件安全分析回顧,電子郵件攻擊只會變形不會絕跡
https://ithome.com.tw/pr/128812
他用健保卡猜中密碼 她提款卡遺失遭盜46萬
https://udn.com/news/story/7321/3651913
哈日買家要留意!日本出現 Amazon 釣魚電郵
https://bit.ly/2IyivLI
被盜刷報警!得知嫩妹幹的他秒後悔:早知就不告了
https://news.ltn.com.tw/news/society/breakingnews/2704540
駭入PayPal詐騙 華人賣車損失3000元
https://bit.ly/2V5CEdl
小心了!卡還在身上,錢卻被一筆筆刷走
https://news.sina.com.tw/article/20190217/30085036.html
個資恐遭看光光! 北門三井倉庫行動展覽惹議
https://tw.news.appledaily.com/local/realtime/20190219/1519854/
黑客入侵約會網站 600萬用戶信息外洩
https://bit.ly/2NdWTml
這家公司被曝泄露250萬人信息 工作人員:不知情
https://news.sina.com.tw/article/20190216/30077866.html
深圳人臉識別公司爆資訊漏洞 256萬筆個人資料、行蹤疑遭洩
https://www.upmedia.mg/news_info.php?SerialNo=57700
中國用來監控新疆的「天網」資料庫有漏洞,超過250萬人的資料以及詳細路徑、座標可能外洩
https://bit.ly/2BJAatH
小心被套路 信用卡詐騙簡訊不斷升級
https://ek21.com/news/tech/65076/
詐騙漏洞? Line Pay推紅包功能 反成詐騙新手法
https://www.chinatimes.com/realtimenews/20190216002947-260402
【釣魚騙局】黑客盜取信用卡資訊低能新招切勿上當 網民:騙老人家 9 成 9 中
https://bit.ly/2V5yWjR
山東公安破獲特大網路賭博案,賭資流水達數百億
https://news.sina.com.tw/article/20190216/30078828.html
變臉詐騙(BEC)將深入基層職員,員工沒看穿的騙局,造成的損失可能比病毒還大
https://blog.trendmicro.com.tw/?p=59243
偽造微信聊天截圖騙取大單,金華一快遞小哥詐騙7萬元被刑拘
https://news.sina.com.tw/article/20190203/29947864.html
創新高! 去年遇駭個資近4.5億筆 比2017年增加126%
https://bit.ly/2Bl8nQe
杭州宣判特大詐騙案:80名被告過半數剛畢業,4人未成年
https://news.sina.com.tw/article/20190202/29941458.html
澳洲信用卡詐欺達4.78億澳元
https://www.auliving.com.au/zh-tw/201902/116370.html
電騙黨訛詐新招 西捷航空遭冒名
https://bit.ly/2T6Yoby
新信用卡還未使用 卻遭盜刷近3千元
http://www.epochtimes.com/b5/19/2/1/n11017329.htm
內政部公布2019年詐騙前3強 「假網拍」稱王
https://bit.ly/2DTlHgd
傳美國多家政府機構調查Facebook:與隱私侵權相關
https://news.sina.com.tw/article/20190204/29953292.html
專家提醒:春節期間三類蹭「年味」網路騙局需提防
https://news.sina.com.tw/article/20190204/29952188.html
春節詐騙集團不休息 金管會:留意三角詐騙新手法
https://money.udn.com/money/story/5613/3631085
網路簽賭集團10人落網 營運4月簽注金逾2億
https://bit.ly/2BFJGyc
土耳其大規模打擊非法網路賭博場所
https://news.sina.com.tw/article/20190201/29931686.html
冒充熟人電話詐騙百余萬 內蒙古警方跨越10省市擒凶
https://news.sina.com.tw/article/20190202/29937840.html
【貪小便宜】中國男子使用黑客盜取積分購物 在日本被捕
https://bit.ly/2Io5Nit
「日PO80篇文月賺25K」 大學生遭騙領嘸錢
https://news.tvbs.com.tw/life/1085544
郵件攻擊手法刁鑽仍為駭客最愛 AI分析反制取代條件式規則 商業詐騙電郵肆虐慘重 機器學習偵測演算法有解
https://www.netadmin.com.tw/article_content.aspx?sn=1901310008
線上購物風險增 駭客恐竊取顧客PIN碼
https://udn.com/news/story/6811/3655887
〈詐騙喬妹3〉女星們被詐破億 她就損失4000萬
https://bit.ly/2GUHhTv
招商銀行北京宣武門支行成功攔截1筆電信詐騙
https://news.sina.com.tw/article/20190221/30143450.html
詐騙車手血淚自白!揭犯罪集團「驚人秘密」
https://news.ebc.net.tw/News/living/153317
2018年比特幣最大詐騙案 青海地頭蛇的連環收割術
https://news.sina.com.tw/article/20190220/30140348.html
首宗盜市民身份證提取強積金 警破詐騙集團拘4男女
https://hk.news.appledaily.com/breaking/realtime/article/20190221/59286693
印度國營瓦斯公司外洩逾600萬筆國民身分識別碼
https://www.ithome.com.tw/news/128864
著名交友網 泄600萬帳戶資料 連接fb 用戶恐其他資料遭盜用
https://bit.ly/2Gr16CK
Chinese facial recognition database exposes 2.5m people
https://nakedsecurity.sophos.com/2019/02/15/chinese-facial-recognition-database-exposes-25m-people/
WARNING – New Phishing Attack That Even Most Vigilant Users Could Fall For
https://thehackernews.com/2019/02/advance-phishing-login-page.html
Cyber News Rundown: Photography Site Breached
https://www.webroot.com/blog/2019/02/15/cyber-news-rundown-photography-site-breached/
Hacker Breaches Dozens of Sites, Puts 127 Million New Records Up for Sale
https://thehackernews.com/2019/02/data-breach-website.html
Google Earth accidentally reveals secret military sites
https://www.zdnet.com/article/google-maps-update-accidentally-reveals-secret-military-sites/#ftag=RSSbaffb68
Facebook's Leaky Data Bucket: App Stored User Data Online
https://www.bankinfosecurity.com/facebooks-leaky-data-bucket-app-stored-user-data-online-a-12026
How to Hack Facebook Accounts? Just Ask Your Targets to Open a Link
https://bit.ly/2GPKPGB
Over 92 Million New Accounts Up for Sale from More Unreported Breaches
https://bit.ly/2TWQxdB
Major Crypto Brokerage Coinmama Reports 450,000 Users Affected by Data Breach
https://www.cryptofinancenews.com/2019/02/16/major-crypto-brokerage-coinmama-reports-450000-users-affected-by-data-breach/
Mega-crackers back with nearly 100 million new stolen data records
https://nakedsecurity.sophos.com/2019/02/18/mega-crackers-back-with-nearly-100-million-new-stolen-data-records/
Congress wants Facebook to explain why closed groups leaked user data
https://www.zdnet.com/article/congress-wants-facebook-to-explain-why-closed-groups-leaked-user-data/#ftag=RSSbaffb68
How to protect your Google Account with the Advanced Protection Program
https://www.zdnet.com/pictures/how-to-protect-your-google-account-with-the-advanced-protection-program/#ftag=RSSbaffb68
LPG Gas Company Leaked Details, Aadhaar Numbers of 6.7 Million Indian Customers
https://thehackernews.com/2019/02/indane-aadhaar-leak.html
Fake text generator is so good its creators don’t want to release full version
https://nakedsecurity.sophos.com/2019/02/19/openai-too-scared-to-unleash-full-ai-text-generator/
NoRelationship phishing attack dances around Microsoft Office 365 email filters
https://www.zdnet.com/article/norelationship-attack-dances-around-office-365-email-filters/#ftag=RSSbaffb68
Researcher: Indane Leaks Aadhaar Data on 6.7 Million
https://www.bankinfosecurity.asia/researcher-indane-leaks-aadhaar-data-on-67-million-a-12036
Password Managers Leave Crumbs in Memory, Researchers Warn
https://www.bankinfosecurity.asia/password-managers-leave-crumbs-in-memory-researchers-warn-a-12034
Almost Half A Million Delhi Citizens' Personal Data Exposed Online
https://bit.ly/2SfDGBv
E.研究報告
Web中間件常見漏洞總結
https://www.freebuf.com/articles/web/192063.html
駭客筆記 - 當渣男與騙子遇上駭客
https://bit.ly/2GuDMEb
博雲容器雲平台針對RunC漏洞CVE-2019-5736的說明
http://www.10tiao.com/html/711/201902/2651859710/1.html
“黑客”深度學習之“漏洞挖掘分析技術詳解篇”
http://www.twoeggz.com/news/13515278.html
拒絕超長函數,從兩個curl遠程漏洞說起
https://security.tencent.com/index.php/blog/msg/129
Windows 0day任意文件覆蓋漏洞分析與驗證
https://www.codercto.com/a/51820.html
Jenkins 遠程代碼執行漏洞(CVE-2019-1003000)安全預警
http://sec.sangfor.com.cn/events/200.html
Nexus Repository Manager 3 遠程代碼執行漏洞(CVE-2019-7238) 分析及利用
https://www.anquanke.com/post/id/171116
CVE-2019-7238:Nexus Repository Manager 3 遠程代碼執行漏洞分析
https://cert.360.cn/report/detail?id=3ec687ec01cccd0854e2706590ddc215
HACKER LEXICON: WHAT IS CREDENTIAL STUFFING?
https://www.wired.com/story/what-is-credential-stuffing/
16種方法利用遠程桌面協議漏洞
https://www.aqniu.com/learn/43737.html
Reverse RDP Attack: Code Execution on RDP Clients
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
研究人員鎖定Collection #1 大型數據洩露背後黑客
https://www.aqniu.com/news-views/43679.html
Threat Actor Behind Collection #1 Data Breach Identified
https://www.recordedfuture.com/collection-1-data-breach/
Dolus:研究人員發布SDN入侵檢測新方法
https://www.aqniu.com/tools-tech/43672.html
Defending against cyberattacks by giving attackers ‘false hope’
https://munews.missouri.edu/news-releases/2019/0128-defending-against-cyberattacks-by-giving-attackers-false-hope/
GSM Sniffing嗅探設備組裝之短信嗅探
https://www.aqniu.com/vendor/43609.html
身份管理的15個安全開發實踐
https://www.aqniu.com/learn/43621.html
史上最大型DDoS攻擊:每秒5億個數據包
https://www.aqniu.com/news-views/43593.html
突發消息|6.17億賬戶信息暗網出售
https://www.aqniu.com/industry/43584.html
70%的公開漏洞出自3家供應商
https://www.aqniu.com/industry/43591.html
一封郵件就能捕獲你的口令散列值
https://www.aqniu.com/hack-geek/43548.html
高交互蜜罐和低交互蜜罐之間有什麼區別
http://netsecurity.51cto.com/art/201901/591256.htm
成為物理黑客吧!利用樹莓派實現P4wnP1項目進行滲透測試
https://www.freebuf.com/geek/195631.html
Malcom:一款功能強大的圖形化惡意軟件通信分析工具
https://www.freebuf.com/sectool/195704.html
通過Webshell遠程導出域控ntds.dit的方法
https://www.freebuf.com/articles/web/195709.html
系統安全之SSH入侵的檢測與響應
https://www.freebuf.com/articles/es/194775.html
為Nginx加入一個使用深度學習的軟WAF
https://www.freebuf.com/articles/web/195563.html
淺談CSV注入漏洞
https://www.freebuf.com/vuls/195656.html
蠕蟲病毒“RoseKernel”迅速蔓延,政企單位網絡易被攻擊
https://www.freebuf.com/articles/paper/195466.html
雷克斯:棧溢出之漏洞利用自動生成
https://www.freebuf.com/vuls/195514.html
“暗流II”再次席捲:多玩旗下“遊戲盒子”疑遭供應鏈攻擊
https://www.freebuf.com/articles/paper/195669.html
分佈式Web漏洞掃描平台WDScanner
https://www.freebuf.com/sectool/195642.html
挖洞经验丨看我如何挖到多个D-LINK高危漏洞
https://www.freebuf.com/vuls/195309.html
某疑似針對中東地區的APT攻擊事件分析
https://www.freebuf.com/articles/web/195481.html
疑似DarkHydrus APT組織針對中東地區的定向攻擊活動分析
https://www.freebuf.com/articles/system/194556.html
威脅快報| 首爆新型ibus蠕蟲利用熱門漏洞瘋狂挖礦牟利
https://www.freebuf.com/vuls/195489.html
郵件釣魚攻擊與溯源
https://www.freebuf.com/vuls/195090.html
rtfraptor:從惡意RTF文件中提取OLEv1對象的工具
https://www.freebuf.com/sectool/194589.html
我所了解的物聯網設備滲透測試手段(硬件篇)
https://www.freebuf.com/articles/wireless/195129.html
電信、百度客戶端源碼疑遭洩漏,驅魔家族竊取隱私再起波瀾
https://www.freebuf.com/articles/system/195274.html
微軟Exchange爆出0day漏洞,來看POC和技術細節
https://www.freebuf.com/vuls/195162.html
分析TLS 1.3降級攻擊以及主要TLS庫中的漏洞
https://www.anquanke.com/post/id/171190
Slack網站上SSRF漏洞的挖掘和防護繞過
https://nosec.org/home/detail/2259.html
Scanning for OWASP Top 10 Vulnerabilities with Metasploit for the Web(w3af)
https://bit.ly/2DVpA3n
360企業安全集團發布《2018勒索病毒白皮書(政企篇)》,去年430萬台電腦遭勒索病毒攻擊
https://www.aqniu.com/vendor/43821.html
通過RDP隧道繞過網絡限制
https://www.freebuf.com/articles/system/195692.html
三星Galaxy App商店漏洞導致中間人攻擊實現遠程代碼執行
https://www.freebuf.com/articles/terminal/195484.html
Radare2:一款類Unix命令行逆向安全框架
https://www.freebuf.com/sectool/195703.html
ATT&CKized Splunk – Threat Hunting with MITRE’s ATT&CK using Splunk
https://bit.ly/2Sb81kF
Windows DHCP Server遠程代碼執行漏洞分析(CVE-2019-0626)
https://paper.seebug.org/819/
struts2漏洞s2-045漏洞利用測試
https://blog.csdn.net/feinifi/article/details/87793420
研究發現對抗攻擊方法可在多個人工智能模型上適用
https://bit.ly/2tA2uu5
BoNeSi - The DDoS Botnet Simulator
https://www.kitploit.com/2019/02/bonesi-ddos-botnet-simulator.html?utm_source=dlvr.it&utm_medium=facebook
DNS Routing for Specific Domains on macOS
https://one.vg/dns-routing-on-macos/?fbclid=IwAR3jvzVpEd3dokdNEs2_kwJqiKFcnhV_2GQ9krcUDhyeEQa4w2t5ugGiLlg
F.商業
在威脅出現之前乾掉它! IBM開發最新虛擬修補漏洞技術
https://pttnews.cc/f8e8d12563
中華電 強攻數位身分認證
https://money.udn.com/money/story/5612/3653571
遍及歐洲12國 微軟擴大政治資安服務
https://www.cna.com.tw/news/ait/201902200234.aspx
國內資安年損8100億!零壹揪奧義智慧 用AI抗駭客
https://ec.ltn.com.tw/article/breakingnews/2704836
NTT 與 Orange 將共同研發5G、AI、IoT等技術
https://news.cnyes.com/news/id/4282363
國內首創資安雲上路 資安防護零時差
https://www.chinatimes.com/realtimenews/20190221003033-260412
BlackBerry獲得加拿大政府資助 BlackBerry QNX將開發全新自動控制系統與概念車型
https://zeekmagazine.com/archives/89271
Cisco tops Q2 targets with revenue of $12.4 billion
https://www.zdnet.com/article/cisco-tops-q2-targets-with-revenue-of-12-4-billion/#ftag=RSSbaffb68
Microsoft removes eight cryptojacking apps from official store
https://www.zdnet.com/article/microsoft-removes-eight-cryptojacking-apps-from-official-store/#ftag=RSSbaffb68
Microsoft is going all-in on 'Inner Source'
https://www.zdnet.com/article/microsoft-is-going-all-in-on-inner-source/#ftag=RSSbaffb68
Microsoft Edge lets Facebook run Flash code behind users' backs
https://www.zdnet.com/article/microsoft-edge-lets-facebook-run-flash-code-behind-users-backs/#ftag=RSSbaffb68
Cisco expects just 422 million 5G connections by 2022
https://www.zdnet.com/article/cisco-expects-just-422-million-5g-connections-by-2022/#ftag=RSSbaffb68
Splunk pulls out of Russia with mysterious statement
https://www.zdnet.com/article/splunk-pulls-out-of-russia-with-mysterious-statement/#ftag=RSSbaffb68
K2 claims victory over zero-day attacks
https://www.zdnet.com/article/k2-claims-victory-over-zero-day-attacks/#ftag=RSSbaffb68
Redis Labs drops Commons Clause for a new license
https://www.zdnet.com/article/redis-labs-drops-commons-clause-for-a-new-license/#ftag=RSSbaffb68
G.政府
【獨家】健保系統今早全台連線異常 民眾看診大塞車
https://tw.news.appledaily.com/life/realtime/20190218/1519235/
健保系統故障全台2萬診所大塞車 健保署:機房更新非駭客攻擊
https://heho.com.tw/archives/39733
健保卡刷不了!健保署:例行性維修
https://bit.ly/2DRDcwk
行政院:副院長兼任資安長 主導跨部會資安政策
https://bit.ly/2GOWs0D
蘇貞昌核定陳其邁兼任行政體系資安長
https://bit.ly/2DU83Z9
臺灣資通安全管理法上路一個月,行政院資安處公布實施現況
https://www.ithome.com.tw/news/128789
23日出訪以色列 柯文哲:要去看看以色列的資安和網軍
https://udn.com/news/story/10930/3651584
行政院技術服務中心 107年第4季資通安全技術報告
https://bit.ly/2tqglDr
確保潛艦國造資安 台船建構獨立辦公室與人員網路管制
https://bit.ly/2V7h3kv
修正行政院國家資通安全會報設置要點第三點、第五點、第七點
https://bit.ly/2NedDd1
行政院國家資通安全會報組織架構圖
https://bit.ly/2TYH2KP
公投電子連署擬6月上線 自然人憑證當認證
https://money.udn.com/money/story/5648/3654350
H.SCADA/ICS/工控系統
西門子工業控制系統SICAM230出現嚴重漏洞
https://www.secrss.com/articles/8399
Phoenix工業交換機曝漏洞石油、能源和海事受影響
https://www.aqniu.com/news-views/43757.html
I.教育訓練類
“黑客”深度學習之“Socket網絡編程詳解”
http://netsecurity.51cto.com/art/201902/591904.htm
如何使用DNS和SQLi從數據庫中獲取數據樣本
https://www.freebuf.com/articles/database/195470.html
AlienVault-OTX及OTX Endpoint Security使用及介绍
https://www.freebuf.com/news/195452.html
從PowerShell內存轉儲中提取執行的腳本內容
https://www.freebuf.com/articles/system/195334.html
全流程信息收集方法總結
https://www.freebuf.com/articles/database/195169.html
suricata下的挖礦行為檢測
https://www.freebuf.com/articles/network/195171.html
asnlookup.py:用於搜索特定組織的ASN 和擁有的IP 地址工具
https://www.freebuf.com/sectool/194590.html
Effective Security Awareness Training For The Enterprise.
https://www.knowbe4.com/products/enterprise-security-awareness-training/
JavaScript bridge makes malware analysis with WinDbg easier
https://blog.talosintelligence.com/2019/02/windbg-malware-analysis-with-javascript.html
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
【臺灣中文知識庫實例:中研院中文詞知識庫小組】4年將建百萬詞規模,中研院要打造本土語音應用最大軍火庫
https://www.ithome.com.tw/news/128782
聯網資訊分享及分析中心(IoT-ISAC)成立
https://bit.ly/2GTL4Re
保護重大基礎設施和道路:智慧城市如何出現新風險
https://blog.trendmicro.com.tw/?p=59311
趨勢捐100台AI自走車 供教學與研究
https://money.udn.com/money/story/5612/3654072
物聯網最驚悚之處:我們的生活數據都被記錄,如果賣給廣告業者
https://buzzorange.com/techorange/2019/02/18/iot-data-security/
IoT安全噩夢:Skill Squatting
https://www.aqniu.com/hack-geek/43734.html
配備安全金鑰配置功能的端對端LoRa方案
https://www.eettaiwan.com/news/article/20190219NP21
AI將滲透到IT基礎架構之中
https://www.ithome.com.tw/voice/128800
改善OT應用環境 健全資安產業發展
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=8717
物聯網薪酬平均逾6萬 新農業平均可領46K
https://www.gvm.com.tw/article.html?id=56085
汽車業者尚未重視網路安全
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16208
Avoid Unsecure IoT: Smart Device Shopping Tips
https://www.webroot.com/blog/2019/02/21/avoid-unsecure-iot-smart-device-shopping-tips/
IBM to launch AI research center in Brazil
https://www.zdnet.com/article/ibm-to-launch-ai-research-center-in-brazil/#ftag=RSSbaffb68
Key Security Considerations for AI and Robotics
https://www.bankinfosecurity.com/interviews/key-security-considerations-for-ai-robotics-i-4258
K.CTF
NeverLAN CTF 2019
https://ctftime.org/event/706
STEM CTF: Cyber Challenge 2019
https://ctftime.org/event/661
DEF CON CTF 2019 Quals
https://www.oooverflow.io/dc-ctf-2019-quals/
CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair
https://bit.ly/2CWltVm
Official Website of CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair, Qingdao, China
https://bit.ly/2VnsC8p
NeverLAN CTF
https://neverlanctf.com/
6.近期資安活動及研討會
【課程】NLP自然語言處理分析實戰,學習非結構化文字分析技術,大幅提升人機溝通的精準與效率 2/23
https://www.techbang.com/posts/59536-course-nlp-natural-language-processing-analysis-actual-combat
[Visualization Series] 公投資料視覺化與選舉分析 2/24
https://www.meetup.com/R-Ladies-Taipei/events/256933448/
EnCase EnCE認證考試Preparation課程 2019/02/25 (一)~2019/02/27(三) AM09:00~PM05:00
https://bit.ly/2U2FXSA
Women Join Tech Coding Club新竹場第二梯營隊-「魔法種子老師培訓」session5 Tuesday, February 26, 2019
https://www.meetup.com/Women-Who-Code-Taipei/events/258317875/
如何導入區塊鏈 Tuesday, February 26, 2019
https://www.meetup.com/Taipei-Blockchain/events/258326339/
Elixir台灣 台北 Meetup # Monday, March 4, 2019
https://www.meetup.com/elixirtw-taipei/events/njjhvpyzfbgb/
如何推動關鍵基礎設施之醫療及工控系統的資安防護 3/6
http://www.cisanet.org.tw/Services/express_more?id=2814
Arduino四軸飛行器開發實作,無人機硬體、無線遙控器、飛控軟體整合、飛行教學,一天學會 3/9
https://bit.ly/2LdYJ5H
AI於資訊安全之應用 3/9
https://hackercollege.nctu.edu.tw/?p=1042
【補助專班】AI人工智慧應用系列- AIoT智能物聯網開發人才就業養成班[免費諮詢] 3/12
https://ittraining.kktix.cc/events/aiot-training-2019
Building and Training Convolutional Neural Networks, CNN Wednesday, March 13, 2019
https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484158/
Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, March 20, 2019
https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzfbbc/
國立交通大學 亥客書院 - 網路流量分析與檢測 3/23
https://hackercollege.nctu.edu.tw/?p=1036
Black Hat Asia 2019 2019年3月26-29日
https://ubm.io/2zZu87q
Elixir台灣 台北 Meetup # Monday, April 1, 2019
https://www.meetup.com/elixirtw-taipei/events/njjhvpyzgbcb/
Modeling Sequences with Recurrent Neural Networks, RNN Wednesday, April 3, 2019
https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484461/
2019 ICANN APAC-TWNIC Engagement forum 4/16~4/17
https://forum.twnic.tw/
Industrial Control Systems (ICS) Cyber Security Conference APAC April 16-18, 2019
https://www.icscybersecurityconference.com/
Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, April 17, 2019
https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzgbwb/
國立交通大學 亥客書院 - 緩衝區溢位攻擊與預防 新竹 4/20
https://hackercollege.nctu.edu.tw/?p=1052
國立交通大學 亥客書院 - 基礎網站安全建構實務 5/4
https://hackercollege.nctu.edu.tw/?p=1045
Elixir台灣 台北 Meetup # Monday, May 6, 2019
https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/
國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
https://hackercollege.nctu.edu.tw/?p=1054
iTHome 台灣雲端大會 Cloud Summit 2019 2019年 5 月 15 日 (三) 09:00~17:00
https://cloudsummit.ithome.com.tw/
Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/
International Conference CONSTRUCTIVE THEORY OF FUNCTIONS - 2019 SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/
國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
https://hackercollege.nctu.edu.tw/?p=1039
Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/
Splunk .conf 19 10/21 ~ 10/24
https://conf.splunk.com/
Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019
https://www.icscybersecurityconference.com
沒有留言:
張貼留言