2019年2月8日 星期五

資安事件新聞週報 2/4 ~ 2/8


資安事件新聞週報  2/4  ~  2/8
1.重大弱點漏洞
Marvell Avastar Wi-Fi 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19020802
Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery
https://www.exploit-db.com/exploits/46326
pfSense 2.4.4-p1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/46316
Nessus 8.2.1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/46315
phpMyAdmin 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19020101
廈門航空客服系統任意文件下載漏洞
https://shuimugan.com/bug/view?bug_no=171322
某省出入境便民服务平台存在SQL注射漏洞
https://shuimugan.com/bug/view?bug_no=168827
研究人員發現macOS漏洞:可獲取用戶密碼
https://www.feng.com/iPhone/news/2019-02-07/The-researchers-found-that-the-macOS-to-get-the-user-password_700704.shtml
KeySteal零日漏洞曝光研究者希望蘋果提供macOS除蟲獎勵
https://m.cnbeta.com/view/816023.htm
MacOS 密碼金鑰「Keychain」現保安漏洞 研究員示範偷密碼過程
https://unwire.hk/2019/02/07/macoskeychain/tech-secure/
14歲少年發現FaceTime竊聽漏洞 蘋果9天後才理會
https://bit.ly/2RHT7Ce
漏洞修補前 蘋果暫時禁用 Face Time 群聊功能
https://bit.ly/2RGrCca
iOS 12.1.4 今天正式推出!修正 FaceTime 嚴重漏洞
https://www.newmobilelife.com/2019/02/08/ios-12-1-4-release/
智慧手機韌體更新 › iOS 12.1.4 更新 、macOS 10.14.3 補充更新正式推出,解決 FaceTime 群組通話漏洞
https://www.kocpc.com.tw/archives/242851
蘋果修補包括FaceTime在內的4個iOS漏洞,其中兩個已遭開採
https://www.ithome.com.tw/news/128659
蘋果 macOS 零日資料洩露漏洞
https://www.hkcert.org/my_url/zh/alert/19020804
蘋果產品多個漏洞
https://www.hkcert.org/my_url/zh/alert/19020803
旅遊搜索網站Skyscanner推出漏洞獎勵計劃,最高獎勵2000美元
https://www.secrss.com/articles/8136
微信7.0.3更新修復已知漏洞,但仍有一些問題,華為榮耀用戶躺槍
https://ek21.com/news/tech/57083/
Cisco 路由器存在漏洞 CVE-2019-1653
http://tech.ifeng.com/a/20190201/45305210_0.shtml
5G網路存在漏洞 號碼、文本等信息可能會泄露
https://news.sina.com.tw/article/20190202/29937064.html
研究人員警告:安全漏洞將允許基於5G網絡的間諜活動
https://www.pingwest.com/w/183294
與部份防毒軟體不相容!Mozilla暫停自動更新Firefox 65
https://www.ithome.com.tw/news/128616
Tenda AC9路由器存在命令執行漏洞
http://www.cnvd.org.cn/flaw/show/CNVD-2019-00015
Android 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19020801
Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software
https://bit.ly/2BvFvoH
CUJO Firewall User Enumeration / Authorization Bypass
https://www.anquanke.com/vul/id/1466986
Megaxus Reflectied XSS
https://www.anquanke.com/vul/id/1468791
Google releases Chrome extension to check for leaked usernames and passwords
https://www.zdnet.com/article/google-releases-chrome-extension-to-check-for-leaked-usernames-and-passwords/#ftag=RSSbaffb68
Recently patched Ubuntu needs another quick patch
https://www.zdnet.com/article/recently-patched-ubuntu-needs-another-quick-patch/#ftag=RSSbaffb68
Firefox to block auto-playing audio starting March 2019
https://www.zdnet.com/article/firefox-to-block-auto-playing-audio-starting-march-2019/#ftag=RSSbaffb68
Linux kernel gets another option to disable Spectre mitigations
https://www.zdnet.com/article/linux-kernel-gets-another-option-to-disable-spectre-mitigations/#ftag=RSSbaffb68
微軟向Windows 10各版本重發幽靈變種漏洞的緩解更新
https://www.landiannews.com/archives/55408.html
微軟推出更新修補Spectre Variant漏洞
https://m.linuxidc.com/Linux/2019-02/156755.htm
New Windows 10 19H1 test build adds more search, mixed reality tweaks
https://www.zdnet.com/article/new-windows-10-19h1-test-build-adds-more-search-mixed-reality-tweaks/#ftag=RSSbaffb68
ImageMagick CVE-2019-7397 Denial of Service Vulnerability
https://www.anquanke.com/vul/id/1471760
River Past Audio Converter 7.7.16 Denial Of Service
https://www.anquanke.com/vul/id/1472002
Device Monitoring Studio 8.10.00.8925 Denial Of Service
https://www.anquanke.com/vul/id/1471998
Joomla WebMapPlus 1.0 SQL Injection - CXSecurity.com
https://www.anquanke.com/vul/id/1473310
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
金融科技泄密增 香港私隱署年內發指引 研修例擴權力強制企業通報 最快上半年交建議
https://bit.ly/2RGiKDu
香港 資訊科技專家 方保僑預測流年網絡趨勢
https://bit.ly/2WHWNrk
華夏銀行"內鬼"給系統植病毒 以測試BUG盜取700餘萬
https://news.sina.com.tw/article/20190202/29940486.html
華夏銀行內鬼在總行伺服器植病毒 賬戶餘額取之不盡
https://news.sina.com.tw/article/20190202/29938714.html
華夏銀行技術內鬼伺服器植病毒 賬戶餘額花不完
https://www.secretchina.com/news/b5/2019/02/03/883706.html
華夏銀行內鬼曝光:伺服器植入病毒 賬戶餘額還不變
https://news.sina.com.tw/article/20190203/29947522.html
中國華夏銀行技術經理把自家銀行系統植入病毒竊得700多萬人民幣,被捕辯稱是在測試漏洞
https://bit.ly/2Bkh4dM
技術處長給自家銀行植入病毒分1300次盜取718萬
https://news.sina.com.cn/s/2019-02-02/doc-ihrfqzka3189343.shtml
程序員發現了一個荒謬的ATM漏洞,讓他可以提取100萬美元的現金
https://bit.ly/2RFMO21
將來銀行籌備處總經理梅驊:純網銀的突破點,在於去找到人與人之間的交疊處
https://bit.ly/2BsQM9c
Programmer finds ridiculous ATM loophole that let him withdraw $1 million in cash
https://www.theverge.com/2019/2/5/18212902/huaxia-bank-qin-qisheng-atm-loophole-hack-china
Chinese bank’s software chief jailed after finding way to withdraw US$1m in ‘free’ cash from ATMs
https://www.scmp.com/news/china/society/article/2184883/chinese-banks-software-chief-jailed-after-finding-way-withdraw
紐約聯邦儲備銀行協助孟加拉國訴訟駭客網絡搶劫案
https://bit.ly/2MUNsZ2
爭中標銀行KYCU 環聯暫未得手 銀公待保安漏洞報告完成才定奪
https://hk.finance.appledaily.com/finance/daily/article/20190207/20608002
Software executive exploits ATM loophole to steal $1 million
https://www.zdnet.com/article/software-exec-jailed-after-exploiting-atm-loophole-to-steal-1-million/#ftag=RSSbaffb68
Bangladesh Bank Sues to Recover Funds After Cyber Heist
https://www.bankinfosecurity.com/bangladesh-bank-sues-to-recover-funds-after-cyber-heist-a-11993
3.電子支付/電子票證/行動支付/ 新聞及資安
街口接管Jello遭網友質疑 胡亦嘉喊告
https://www.ettoday.net/news/20190201/1371844.htm
行動支付好方便 政院:留意使用安全
https://www.chinatimes.com/realtimenews/20190208000596-260407
聰明使用行動支付 兼顧安全與便利
https://www.ydn.com.tw/News/323628
手機世代來了! 行政院:行動支付普及率達50.3%
https://www.ettoday.net/news/20190208/1371493.htm
行動支付超方便 政院提醒不要隨意點選來路不明優惠
https://tw.appledaily.com/new/realtime/20190208/1509556/
Singapore banks given more time to adopt e-payment protection guidelines
https://www.zdnet.com/article/singapore-banks-given-more-time-to-adopt-e-payment-protection-guidelines/#ftag=RSSbaffb68
4.虛擬貨幣/區塊鍊   新聞及資安
交易所負責人逝世丟失冷存私鑰 1.9 億美元就此石沉大海
https://bit.ly/2UzCISs
比被駭還慘?加拿大交易所創辦人驟逝 冷錢包42 億元遭鎖死
https://www.inside.com.tw/article/15516-quadrigo-cryptocurrency-bitcoin-exchange-gerald-cotten-death
加拿大最大的數位貨幣交易所因為 CEO突然死亡,導致「找不到」保管的1.9億美元數位貨幣
https://www.techbang.com/posts/67995-quadriga-exchange-ceo-death-cold-wallet-key-lost
偷掘加密貨幣 2018 年最惡 不能視而不見
https://bit.ly/2Txus5f
報告:2018年數位貨幣被盜和詐騙金額,是2017年的300%以上
https://news.sina.com.tw/article/20190201/29928578.html
區塊鏈更臻成熟 狗年4大趨勢凸顯技術快速落地要大運用
https://www.ettoday.net/news/20190205/1373270.htm
Cryptocurrency Firm Loses $145 Million After CEO Dies With Only Password
https://bit.ly/2UJKzNk
Outlaw Shellbot infects Linux servers to mine for Monero
https://www.zdnet.com/article/outlaws-shellbot-infects-servers-for-monero-mining/#ftag=RSSbaffb68
$145 million funds frozen after death of cryptocurrency exchange admin
https://www.zdnet.com/article/145-million-funds-frozen-after-death-of-cryptocurrency-exchange-admin/#ftag=RSSbaffb68
The Persistent Threat of Nation-State Cyberattacks
https://www.bankinfosecurity.com/interviews/persistent-threat-nation-state-cyberattacks-i-4236
秘密修補後再公布,Zcash含有可無限偽造加密貨幣的安全漏洞
https://www.ithome.com.tw/news/128638
Zcash Discloses Vulnerability That Could Have Allowed 'Infinite Counterfeit' Cryptocurrency
https://bit.ly/2Ddm97A
Critical Zcash Bug Could Have Allowed 'Infinite Counterfeit' Cryptocurrency
https://bit.ly/2SvFqeh
Another BBC bitcoin scam. Email is from a compromised School email account
https://bit.ly/2tkVpOd
4 Reasons to Believe the Deep State (or the NSA) Created Bitcoin
https://bit.ly/2UJ5VKs
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體
首爆新型ibus 蠕蟲,利用熱門漏洞瘋狂挖礦牟利
https://www.chainnews.com/articles/415977948341.htm
惡意程式入侵Google Play 推送欺詐色情廣告
https://news.tvbs.com.tw/life/1076741
Android手機用戶注意:多款美肌相機應用程式會發送詐欺和色情內容,下載量已高達數百萬次
https://www.cool3c.com/article/140802
Google Play出現惡意相機程式
https://bit.ly/2sY5ksD
後門程式SpeakUp瞄準Linux而來,6種OS版本遭殃、macOS也難倖免
https://ithome.com.tw/news/128631
Security researchers discover new Linux backdoor named SpeakUp
https://www.zdnet.com/article/security-researchers-discover-new-linux-backdoor-named-speakup/#ftag=RSSbaffb68
Mac 惡意軟體現身,CookieMiner 竊取用戶密碼、信用卡,還把電腦當挖礦機
https://applealmond.com/posts/47751
美國將對北韓殭屍網絡作定位及干預
https://bit.ly/2S9U9Mu
擷取桌面截圖的JobCrypter勒索病毒變種,索1,000 歐元贖金
https://blog.trendmicro.com.tw/?p=59240
2019 年 TOP 10 免費資安防毒軟體
https://bit.ly/2TyOJHz
New Mac Malware Targets Cookies to Steal From Cryptocurrency Wallets
https://bit.ly/2t6adjt
FBI Mapping 'Joanap Malware' Victims to Disrupt the North Korean Botnet
https://bit.ly/2WKjCKY
Pro-Tibet groups targeted with ExileRAT in spy campaign
https://www.zdnet.com/article/pro-tibet-groups-targeted-with-exilerat-in-spam-campaign/#ftag=RSSbaffb68
CookieMiner Malware Can Steal Crypto Exchange Cookies, Saved Passwords and iPhone SMS Messages
https://bit.ly/2WIP5gK
B.行動安全 / iPhone / Android /穿戴裝置 /App
安卓系統這麼危險嗎?99.9%存在安全漏洞
http://www.sohu.com/a/292815528_123753
香港地區 Google Play 商店應用程式保安風險報告 (2019年1月)
https://www.hkcert.org/my_url/zh/blog/19013101
過年想要拍出好氣色,當心29款美肌相機應用程式會發送色情內容,還會偷個資盜用照片
https://blog.trendmicro.com.tw/?p=59258
iOS 12~12.1.2 固定Nonce工具NonceReboot12XX使用教學技巧
https://mrmad.com.tw/noncereboot12xx
iOS 12免越獄修改iPhone電信名稱教學技巧 CarrierChanger12
https://mrmad.com.tw/carrierchanger12
iOS 12.1.1 和 iOS 12.1.2 認證關閉,蘋果完美封堵 iOS 12 越獄漏洞版本
https://mrmad.com.tw/apple-sining-ios-12-1-2
iOS 12.1.4發佈前,谷歌提醒有駭客利用零日漏洞攻擊
http://big5.pconline.com.cn/b5/news.pconline.com.cn/1229/12294396.html
日警為破案 5萬元報酬解鎖iPhone
https://bit.ly/2MOXYAH
Facebook利誘青少年裝app收集數據 單靠社交媒體自律並不足夠
https://bit.ly/2S9uJ1J
年輕人深愛的抖音,是中國的「間諜網路」
https://bit.ly/2HTX6fy
嚴防資安危機、傷身失智 智慧型手機安全守則
https://bit.ly/2I8MJVo
多支 iPhone App 遭爆側錄手機螢幕,用戶資料「裸奔」
https://www.inside.com.tw/article/15520-Many-popular-iPhone-apps-secretly-record-your-screen-without-asking
多款 iPhone 知名軟體爆出錄製使用者畫面,蘋果要求移除否則下架
https://applealmond.com/posts/48010
多款知名 iOS apps 被揭偷錄用戶操作畫面!蘋果急發下架警告
https://bit.ly/2RN2lx9
多款知名 iOS apps 被揭偷錄用戶操作畫面!蘋果急發下架警告
https://bit.ly/2RN2lx9
華為P30、P30 Pro外觀曝光了!Spigen官網直接洩露秘密
https://applealmond.com/posts/47965
德國反壟斷機構裁決 臉書不得共用旗下軟體的使用者資料
http://news.ltn.com.tw/news/world/breakingnews/2693267
蘋果遭控強逼用戶買新充電器 再面臨集體訴訟
https://www.chinatimes.com/realtimenews/20190207000598-260412
由於同性戀約會應用程序的安全漏洞,數百萬張裸照片在網上洩露
https://bit.ly/2TDRKXc
手機檢測APP受歡迎 點子科技持續投入新市場
https://bit.ly/2US7x4Z
為何華為的收訊比iPhone好呢
https://www.kocpc.com.tw/archives/242878
繞過App Store審查 濫用測試機制 「fb研究」蒐私隱 蘋果煞停
https://hk.news.appledaily.com/international/daily/article/20190201/20603995
Facebook Paid Teens $20 to Install 'Research' App That Collects Private Data
https://bit.ly/2ULQpOh
Android Security Monthly Recap #1 | January 2019
https://bit.ly/2t8GF4M
Android Phones Can Get Hacked Just by Looking at a PNG Image
https://bit.ly/2HXSdSN
How to Delete Accidentally Sent Messages, Photos on Facebook Messenger
https://bit.ly/2HZG6EC
C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
《李忠憲專欄》哲學型的資安人
https://taronews.tw/2019/02/02/244186/
保安建議:加強 DNS 基建保安
https://www.hkcert.org/my_url/zh/blog/19012502
缺乏抓漏獎勵,研究人員拒絕與蘋果分享漏洞資訊
https://www.ithome.com.tw/news/128647
駭客如何在地下市場賺黑心錢
https://blog.trendmicro.com.tw/?p=58509
網站的功能可能就是駭客攻擊的弱點,資安顧問揭露網站的潛在威脅
https://www.ithome.com.tw/news/128605
揭露匈牙利營運商嚴重漏洞的白帽駭客面臨八年牢獄之災
https://www.landiannews.com/archives/55326.html
惡名昭彰的伺服器「肉雞」伺服器權限市場 xDedic 被查抄
https://www.kocpc.com.tw/archives/242561
無密碼登入已成新趨勢,未來將更常出現在生活周遭
https://www.ithome.com.tw/news/128602
現代IT環境的伺服器安全防護
https://blog.trendmicro.com.tw/?p=58720
假新聞、資訊戰亂象!學者感慨「悲劇天才」已故美國知名駭客會怎麼看
https://bit.ly/2t775UE
資通設備禁令紛爭下,你該具備的資安意識
http://news.pchome.com.tw/science/technews/20190201/index-54898714030770232005.html
華為有漏洞! 美駐歐大使籲大眾拒用
https://bit.ly/2BoTpZv
美示警歐洲盟邦:不要採購華為 5G 設備
https://technews.tw/2019/02/06/usa-warn-european-alliance-not-buying-huawei-5g/
德國政策轉彎 5G建設不將華為排除在外
https://www.ydn.com.tw/News/323635
動作一波波 美持續施壓華為中興
https://udn.com/news/story/12639/3632724
是否禁用華為5G GSMA月底辯論/國安、資安疑慮 歐盟考慮提案實質禁用
https://www.wellhawk.com/news/12944.html
美國揚言 歐盟若採用華為等中國電信設備恐遭美國反制
https://udn.com/news/story/12639/3633652
遭爆要用特殊條款封殺華為、中興 義大利政府否認
http://ec.ltn.com.tw/article/breakingnews/2693489
歐盟封殺華為 德國斯洛伐克「開綠燈」
https://bit.ly/2HRSvu4
歐洲最後防線垮了? 這國將靠秘密武器封殺華為
https://www.chinatimes.com/realtimenews/20190208000034-260410
挪威政府安全報告點名華為 陸回應:無端攻擊、荒唐
https://www.ettoday.net/news/20190205/1373429.htm
重建資安信心難,華為:需要 5 年才能消除恐懼
https://bit.ly/2MWKsLx
期待華為公正使用5G 美網路外交官:天真
https://tw.appledaily.com/new/realtime/20190208/1514098/
又一北歐國劍指華為!遭陸譏市場「小如蚊子」
https://www.chinatimes.com/realtimenews/20190205001515-260408
丹麥警方突擊檢查 華為兩員工遭驅逐出境
https://newtalk.tw/news/view/2019-02-05/204222
美警告歐盟各國 勿購華為、中興5G設備 「會有國安後遺症」
https://bit.ly/2GuDbBu
美情報首長:中國靠著竊美智財權崛起
https://ec.ltn.com.tw/article/paper/1266027
美示警歐洲盟邦:不要採購華為5G設備
https://money.udn.com/money/story/5599/3632232
澳洲國會網路遭駭 尚無證據顯示數據失竊
https://money.udn.com/money/story/5599/3633677
澳國會網路遭駭 尚無資料外洩
https://www.ydn.com.tw/News/323638
澳洲議會網絡再遭黑客入侵 疑與中共有關
http://www.epochtimes.com/b5/19/2/8/n11031860.htm
北京駭客攻擊挪威公司 企圖竊客戶機密
https://www.secretchina.com/news/b5/2019/02/07/884091.html
可惡!中國駭進挪威軟體公司 企圖竊取客戶機密
http://news.ltn.com.tw/news/world/breakingnews/2692938
搶在MWC前發佈行政命令!傳白宮將在MWC前簽署新的中國電信設備禁令
https://applealmond.com/posts/48020
日本物聯網終端防禦對策將成為義務
https://zh.cn.nikkei.com/politicsaeconomy/politicsasociety/34185-2019-02-01-02-08-02.html
日政府以奧運保安為名 准情報人員入侵民眾IP地址
https://hk.news.appledaily.com/international/realtime/article/20190202/59217391
如何檢舉翻牆的中國網民?這招幫助他們找到回家的路
https://bit.ly/2teAlc1
暗網/代客扎愛滋針、性侵、殺人 只有這裡沒人敢接案
https://www.ettoday.net/news/20190206/1362215.htm
暗網/詐團在這收台灣購物網一手個資 還註明女性為佳
https://www.ettoday.net/news/20190207/1362634.htm
Hacker who reported flaw in Hungarian Telekom faces up to 8-years in prison
https://bit.ly/2MUxVs8
Slow Loris — Rethinking DoS attacks
https://medium.com/front-end-weekly/slow-loris-rethinking-dos-attacks-bd1ca5091bfe
First Hacker Convicted of 'SIM Swapping' Attack Gets 10 Years in Prison
https://bit.ly/2DTkcia
Two hacker groups responsible for 60 percent of all publicly reported hacks
https://www.zdnet.com/article/two-hacker-groups-responsible-for-60-percent-of-all-publicly-reported-hacks/#ftag=RSSbaffb68
Digital sign systems allowed hacker access through default passwords
https://www.zdnet.com/article/digital-sign-systems-allowed-hacker-access-through-default-passwords/#ftag=RSSbaffb68
Over 485,000 Ubiquiti devices vulnerable to new attack
https://www.zdnet.com/article/over-485000-ubiquiti-devices-vulnerable-to-new-attack/#ftag=RSSbaffb68
Security firm identifies hacker behind Collection 1 leak, as Collection 2-5 become public
https://zd.net/2DUevka
Cyberbit: A military approach to training cyber security teams
https://www.zdnet.com/article/cyberbit-a-military-approach-to-training-cyber-ecurity-teams/#ftag=RSSbaffb68
Hacker discloses Magyar Telekom vulnerabilities, faces jail term
https://www.zdnet.com/article/white-hat-hacker-discloses-magyar-telekom-vulnerability-faces-jail/#ftag=RSSbaffb68
Pwnhead takes down controversial security researchers ranking after criticism
https://www.zdnet.com/article/pwnhead-takes-down-controversial-security-researchers-ranking-after-criticism/#ftag=RSSbaffb68
Embracing Digital Risk Protection: Take Your Threat Intelligence to the Next Level
https://www.bankinfosecurity.com/embracing-digital-risk-protection-take-your-threat-intelligence-to-next-level-a-11990
Stolen RDP Credentials Live On After xDedic Takedown
https://www.bankinfosecurity.com/stolen-rdp-credentials-live-on-after-xdedic-takedown-a-11987
Get a Lifetime Subscription to Unlimited VPN for just $59.99 (5 Devices)
https://bit.ly/2RKeToY
Flaws in Popular RDP Clients Allow Malicious Servers to Reverse Hack PCs
https://bit.ly/2TAyLNb
How vulnerable is the Tor Network to BGP Hijacking Attacks
https://medium.com/@nusenu/how-vulnerable-is-the-tor-network-to-bgp-hijacking-attacks-56d3b2ebfd92
Get a Lifetime Subscription to Unlimited VPN for just $59.99 (5 Devices)
https://bit.ly/2ROu1BM
IMPROVING SECURITY THROUGH LEADERSHIP AND CULTURE
https://www.eccu.edu/improving-security-through-leadership-and-culture/
科技報橘 2019 全面徵才 ── 跟我們一起找到台灣在國際中的創新產業定位
https://buzzorange.com/techorange/2019/02/01/2019-we-are-hiring/
徵才 - 資安分析工程師 (上班地點:高雄)
https://bit.ly/2HSDCrB
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
鹹濕簡訊 外流 貝佐斯怒 疑政治陰謀 幕後黑手指向川普
https://tw.appledaily.com/international/daily/20190201/38247849/
隨意下載美肌App 小心個資被竊
https://bit.ly/2WLtdS7
被控竊澳洲財富管理公司客戶個資 中國男傳潛逃被抓認罪
http://news.ltn.com.tw/news/world/breakingnews/2693426
網傳唐鳳開發"美玉姨"監控 遭斥假新聞
https://www.ttv.com.tw/news/view/10802020009600I/579
Google挨罰 凸顯個資保護重要性
https://money.udn.com/money/story/5628/3629725
內政部公布2019年詐騙前3強 「假網拍」稱王
https://bit.ly/2DTlHgd
網嗆「斬首蔡英文」觸法! 刑事局介入調查
https://bit.ly/2Bnzx99
資安研究:5個Collection #系列資料庫,總計彙整了22億組外洩的電子郵件與密碼
https://www.ithome.com.tw/news/128594
創新高! 去年遇駭個資近4.5億筆 比2017年增加126%
https://bit.ly/2Bl8nQe
加國驚現「漢堡大盜」 女子銀行卡遭刷剩1.99元
https://bit.ly/2RG6rae
Airbus Suffers Data Breach, Some Employees' Data Exposed
https://bit.ly/2RG8GKP
A Phishing Guide: Lessons Learned on the Journey to Detecting Phishing Domains
https://bit.ly/2RGEdw3
Huddle House restaurant chain announces breach of POS system
https://www.zdnet.com/article/huddle-house-restaurant-chain-announces-breach-of-pos-system/#ftag=RSSbaffb68
Aetna Fined Yet Again for Exposing HIV Information
https://www.bankinfosecurity.com/aetna-fined-yet-again-for-exposing-hiv-information-a-11991

E.研究報告
挖洞經驗| GitHub Desktop 在OSX系統下的RCE漏洞
https://www.freebuf.com/vuls/194579.html
Windows聯繫人文件代碼執行漏洞分析
https://www.secrss.com/articles/8152
挖洞經驗| 看我如何通過ASP Secrets讀取獲得了1.7萬美金的漏洞獎勵
https://www.freebuf.com/vuls/194997.html
PoCBox - 漏洞測試驗證輔助平台
https://github.com/gh0stkey/PoCBox
Nginx實戰(十)Nginx的漏洞修復
https://blog.csdn.net/ouyida3/article/details/86771837
Thinkphp框架filter參數漏洞解析
http://blog.hexccc.com/thinkphp-filter-code-vulnerability/
你的REST不是REST
https://bit.ly/2DZUVTK
Blazefox exploits for Windows 10 RS5 64-bit
https://bit.ly/2BarDQr
Introduction to SpiderMonkey exploitation
https://bit.ly/2G5u4HV
Astr0baby's not so random thoughts _____ rand() % 100;
https://astr0baby.wordpress.com/
REVERSE ENGINEERING WITH RADARE - FUNDAMENTALS AND BASICS
https://bit.ly/2D7wUIr
Fwknop : Single Packet Authorization & Port Knocking 
https://github.com/mrash/fwknop
10 Best Hacking Tools For Windows 10
https://bit.ly/2MOCPGR
A Guide to ARM64 / AArch64 Assembly on Linux with Shellcodes and Cryptography
https://modexp.wordpress.com/2018/10/30/arm64-assembly/
RustPython : A Python Interpreter written in Rust
https://bit.ly/2MPTBWm
Redis Unauthorized Access Vulnerability Simulation | Victor Zhu
https://bit.ly/2ULQEsF
Reversing the Rachio Smart Sprinkler Controller
https://medium.com/tenable-techblog/reversing-the-rachio3-smart-sprinkler-controller-ae7fc06aab9
What Is SSH And Do I Need It
https://medium.com/nyc-design/what-is-ssh-and-do-i-need-it-4129d963690f
Beating the OWASP Benchmark
https://blog.shiftleft.io/beating-the-owasp-benchmark-24a7b1601031
Healthcare Technologies: Reducing Risk, Increasing Access
https://tincture.io/healthcare-technologies-reducing-risk-increasing-access-fded547517e0
Nullcon-HackIM CTF 2019- MLAuth-Misc(500)Writeup
https://medium.com/bugbountywriteup/nullcon-hackim-ctf-2019-mlauth-misc-500-writeup-e6eb48c66341
JavaScript Fundamentals: Syntax & Structure
https://itnext.io/javascript-fundamentals-syntax-structure-5e9badd0cc4f
Effectively Naming Software Thingies
https://medium.com/@rabinovichsagi/effectively-naming-software-thingies-fcea9d78a699
How to perform Open-Source Intelligence (OSINT)
https://bit.ly/2UNjw3M
A list of Adversary Emulation and Threat Hunting simulation solutions (OSS or paid)
https://bit.ly/2SBxvfe
gitleaks v1.24.0 releases: Searches full repo history for secrets and keys
https://securityonline.info/gitleaks/?fbclid=IwAR2_1zslGarRpNTZcJ2uc4HAWzJiljnUjU_Xq2YjWHWyhD6pD71Wrkg-yjQ
Google Introduces Adiantum Storage Encryption to Low-End Android Devices
https://bit.ly/2Brake2
All You Need to Know about Ethical Hacking using Python
https://bit.ly/2E19fLD
machinae v1.4.7 releases: Machinae Security Intelligence Collector
https://securityonline.info/machinae/?fbclid=IwAR3ShzEVpXV0o4RCoFg7h1YNSL58aT6-McBlwlC4MTEFyKpKh92GJOv45JY
DevAudit v3.1.2 releases: Open-source, cross-platform, multi-purpose security auditing tool
https://securityonline.info/devaudit/?fbclid=IwAR32QDK7-cu-mezWvJq4ZWP0psQQP6HQfN-A90Xp7P9RseHkdeJJtasaY8Q
nightcall: Automated Enumeration Script for Pentesting
https://securityonline.info/nightcall/?fbclid=IwAR2v72xk2HPAHlSg6nG7wv5-OADRnPXrXw13-Pgadc8KX4_-UN1nyjLIWQc
A tool that automates Mac address spoofing
https://bit.ly/2GlwhiT
SSH man-in-the-middle tool
https://bit.ly/2MXva9b
Cloak can backdoor any python script with some tricks.
https://bit.ly/2TL7FCQ
Remote Code Execution with EL Injection Vulnerabilities
https://www.exploit-db.com/docs/46303
Veil 3.1.X (Check version info in Veil at runtime)
https://bit.ly/2RSykfC
Wikipedia Articles as part of Tech Support Scamming Campaigns
https://bit.ly/2Sk6PR5
Report: Under the Hood of Cyber Crime
https://bit.ly/2SCvdwy
Exploiting CVE-2018-19134: remote code execution through type confusion in Ghostscript
https://bit.ly/2E0UNmQ
IPFire 2.21 - Core Update 127 released
https://bit.ly/2ROiMcG
F.商業
全球資安危機 台廠商機來了
https://udn.com/news/story/7240/3629723
資安頻出包…危機就是商機
https://money.udn.com/money/story/5612/3629713
反應太慢、守口如瓶,企業與國家資安盲點怎解?專訪 Check Point 亞太、中東與非洲策略長
https://www.inside.com.tw/article/15498-check-point-tony-jarvis
Mozilla揭露允許Firefox隔離網站的Fission專案
https://www.ithome.com.tw/news/128648?fbclid=IwAR2DQTdngrkpN8NKqaOHsixtMZrEjDjrMJchhaaLg6zVhUKn7XUsK4K96Cc

G.政府
誰是行政院資安長?春節後見分曉
https://www.ithome.com.tw/news/128598
國家資安長 擬由陳其邁擔任
http://merit-times.net/2019/02/01/91626/
強化關鍵基礎設施資安 經部擬擴大實測場域
https://udn.com/news/story/7238/3629960
資通2大隊春節不懈怠 堅守崗位衛國安
https://bit.ly/2GmVete
陸企黑名單處理原則、中正紀念堂轉型案待年後政院處理
https://www.chinatimes.com/realtimenews/20190208001125-260407

H.SCADA/ICS/工控系統
Poppin’ Calc: Web Studio Edition
https://bit.ly/2Sqyxej
[The Red Team Guide] Chapter 21: ATTACKING ICS/SCADA
https://bit.ly/2GgCkoy
I.教育訓練類
Build The Next Generation of Cybersecurity Training and Academic Study
https://bit.ly/2GcteJr
What is a proxy server and how does it work
https://medium.com/@dusrin.rash9/what-is-a-proxy-server-and-how-does-it-work-302efcf2314a
Data Science Skills: Web scraping javascript using python
https://bit.ly/2UOHDil

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
八達通 遙控器 智能手錶  IoT應用廣泛
https://hk.news.appledaily.com/international/daily/article/20190203/20605551
深度學習將要終結?美國教授從 1.6 萬篇論文中看到的 AI 趨勢
https://bit.ly/2Gd011i
物聯網裝置製造商的新資安義務
https://forum.ettoday.net/news/1369268
調查:3成汽車業者尚未建立網路安全團隊
https://www.ithome.com.tw/news/128649
數據科學家必讀的五本書:重要的不是會打 Code,而是背後的資料邏輯思維
https://bit.ly/2HZNijX
智慧工廠的資安架構
https://blog.trendmicro.com.tw/?p=58494
Benchmarking the Raspberry Pi 3 A+
https://medium.com/@ghalfacree/benchmarking-the-raspberry-pi-3-a-a7d4df181244
[ Paper Summary ] Horovod: fast and easy distributed deep learning in TensorFlow
https://towardsdatascience.com/paper-summary-horovod-fast-and-easy-distributed-deep-learning-in-tensorflow-5be535c748d1
Browse state-of-the-art
https://paperswithcode.com/sota?fbclid=IwAR0pA_Uyq9_dSab0v55Z8Txm0Kj7W8UKoAjDSPCm_FvVjHDojMbXvJBZgW8
Learning NLP Language Models with Real Data
https://towardsdatascience.com/learning-nlp-language-models-with-real-data-cdff04c51c25
Understanding China's AI Strategy
https://bit.ly/2SnhJ8z

K.CTF
NeverLAN CTF 2019
https://ctftime.org/event/706
STEM CTF: Cyber Challenge 2019
https://ctftime.org/event/661
DEF CON CTF 2019 Quals
https://www.oooverflow.io/dc-ctf-2019-quals/
CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair
https://bit.ly/2CWltVm
Official Website of CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair, Qingdao, China
https://bit.ly/2VnsC8p
NeverLAN CTF
https://neverlanctf.com/

6.近期資安活動及研討會
 Elixir台灣 台北 Meetup # Wednesday, February 13, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzdbgb/
 Android Code Club(Taipei) Wednesday, February 13, 2019
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzdbrb/
 Women Join Tech Yilan Batch2 Session 3  Wednesday, February 13, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317885/
 Multilayer Perceptron (MLP), Artificial Neural Network (ANN), and Deep Learning  Wednesday, February 13, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257483663/
 HackingThursday 固定聚會 Thursday, February 14, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzdbsb/
 資策會開辦ISO27002資訊安全管理國際認證班 2019/2/16
 https://ithome.com.tw/pr/128353
 Raspberry Pi 3+Google AIY Voice Kit 實作,打造智慧語音助理,學習自然語言理解  2/17
 https://www.techbang.com/posts/58439-raspberry-pi-3-google-aiy-voice-kit
 Golang Taipei Gathering #37  2/18
 https://www.meetup.com/golang-taipei-meetup/events/256740786/
 Android Code Club(Taipei)  Wednesday, February 20, 2019
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzdbbc/
 Women Join Tech Yilan Batch2 Session 4  Wednesday, February 20, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317920/
 Weight Initialization, Under-/Over-Fitting, & Evaluation of Deep Learning Models  Wednesday, February 20, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257483906/
 第二屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會  2019-02-20(三) 09:00 ~ 17:30 (GMT+8)
 https://www.accupass.com/event/1811190218087771003780
【PowerPoint簡報極限使用】2月主題:十倍速PPT製作  2019-02-20(三) 19:00 ~ 22:00 (GMT+8)
 https://www.accupass.com/event/1810161307265689597830
 HackingThursday 固定聚會 Thursday, February 21, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzdbcc/
  Flutter Codelabs 讀書會 (報名請參閱活動說明)  Thursday, February 21, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258377586/
  [資安專業人才培訓] 108年度培訓單位甄選公告 2/22
  https://www.acw.org.tw/News/Detail.aspx?id=55
 iTHome 台灣雲端大會 Cloud Summit  2019  Call for paper  截止日 2 月 22 日
 https://cloudsummit.ithome.com.tw/cfp/
 【課程】NLP自然語言處理分析實戰,學習非結構化文字分析技術,大幅提升人機溝通的精準與效率  2/23
 https://www.techbang.com/posts/59536-course-nlp-natural-language-processing-analysis-actual-combat
 [Visualization Series] 公投資料視覺化與選舉分析   2/24
 https://www.meetup.com/R-Ladies-Taipei/events/256933448/
 Women Join Tech Coding Club新竹場第二梯營隊-「魔法種子老師培訓」session5  Tuesday, February 26, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317875/
 如何導入區塊鏈  Tuesday, February 26, 2019
 https://www.meetup.com/Taipei-Blockchain/events/258326339/
 Elixir台灣 台北 Meetup # Monday, March 4, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzfbgb/
 Arduino四軸飛行器開發實作,無人機硬體、無線遙控器、飛控軟體整合、飛行教學,一天學會  3/9
 https://bit.ly/2LdYJ5H
 【補助專班】AI人工智慧應用系列- AIoT智能物聯網開發人才就業養成班[免費諮詢]  3/12
 https://ittraining.kktix.cc/events/aiot-training-2019
 Building and Training Convolutional Neural Networks, CNN  Wednesday, March 13, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484158/
 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, March 20, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzfbbc/
 Elixir台灣 台北 Meetup # Monday, April 1, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzgbcb/
 Modeling Sequences with Recurrent Neural Networks, RNN  Wednesday, April 3, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484461/
 Industrial Control Systems (ICS) Cyber Security Conference  APAC  April 16-18, 2019
 https://www.icscybersecurityconference.com/
 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, April 17, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzgbwb/
 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/
 iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
 https://cloudsummit.ithome.com.tw/
 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/
 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/
 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/
 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/
 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

沒有留言:

張貼留言