2019年4月19日 星期五

資安事件新聞週報 2019/4/15 ~ 2019/4/19

資安事件新聞週報  2019/4/15  ~  2019/4/19
1.重大弱點漏洞
阿里巴巴被發現了一個可以繞過WAF的漏洞
https://nosec.org/home/detail/2483.html
中國蟻劍被曝XSS 漏洞,可導致遠程命令執行
http://www.sohu.com/a/307475721_354899?sec=wd
Electronic Arts修補含有遠端程式攻擊漏洞的客戶端程式
https://www.ithome.com.tw/news/130052
Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
https://www.exploit-db.com/exploits/46706
Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)
https://www.exploit-db.com/exploits/46693
CyberArk EPM 10.2.1.603 - Security Restrictions Bypass
https://www.exploit-db.com/exploits/46688
卡巴斯基實驗室:win32k.sys又曝出了新的零日漏洞
https://nosec.org/home/detail/2490.html
New zero-day vulnerability CVE-2019-0859 in win32k.sys
https://securelist.com/new-win32k-zero-day-cve-2019-0859/90435/
Shimo VPN 輸入驗證錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4009
Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN's helper tool
https://blog.talosintelligence.com/2019/04/vulnerability-spotlight-multiple.html
甲骨文每季修補又來了,這次補297個漏洞
https://www.ithome.com.tw/news/130078
甲骨文產品多個漏洞
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Weblogic反序列化遠程代碼執行漏洞
http://www.cnvd.org.cn/webinfo/show/4989
漏洞預警:WebLogic Blind XXE漏洞預警
http://nic.jiangnan.edu.cn/info/1046/2515.htm

【威脅預警】iSCSI未授權訪問漏洞,數万iSCSI可能受影響
https://nosec.org/home/detail/2491.html
Apache 發布Apache Tomcat安全更新
https://www.us-cert.gov/ncas/current-activity/2019/04/14/Apache-Releases-Security-Updates-Apache-Tomcat
Apache Tomcat存在遠端執行程式碼漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1436
Apache Tomcat Patches Important Remote Code Execution Flaw
http://bit.ly/2v8GMOB
Origin 桌面軟體 存在漏洞可使駭客遠端操控,EA 現已修復
https://www.kocpc.com.tw/archives/254080
多個虛擬私人網絡應用程式未經加密儲存暫存 cookies 漏洞
https://kb.cert.org/vuls/id/192371/
多款企業等級的VPN應用允許駭客繞過身分認證,思科、Palo Alto Networks及Pulse Secure被點名
https://www.ithome.com.tw/news/129986
VMWare 產品多個漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0006.html
Confluence 高危漏洞被大規模利用,阿里雲WAF接入即可防護,支持免費應急服務
https://read01.com/zy2kgK2.html
最後的延伸支援結束,Windows XP 歷經 17 年終於走入歷史
https://www.techbang.com/posts/69366-after-more-than-17-years-microsoft-sticks-a-fork-in-windows-xp-one-final-time
Windows安全修補造成跑部份防毒軟體的Windows 7 PC、Server 2012當機或無法重開機
https://www.ithome.com.tw/news/129970
Windows 7 更新後無法啟動,微軟暫停對 Sophos 防毒用戶推送四月分更新
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=836
Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation
https://www.exploit-db.com/exploits/46718
微軟動作太慢:0PATCH團隊搶先發布WIN10 IE安全漏洞修復補丁
http://bit.ly/2Uu7aN6
微軟 Internet Explorer 零日多個漏洞
https://www.zdnet.com/article/internet-explorer-zero-day-lets-hackers-steal-files-from-windows-pcs/#ftag=RSSbaffb68
研究人員在Internet Explorer中發現了新的安全漏洞
https://www.linuxidc.com/Linux/2019-04/158096.htm
IE 的存在就是資安漏洞!驚傳駭客新手法:瀏覽器改為 Chrome 都難逃
https://3c.ltn.com.tw/news/36458
IE 的安全性漏洞讓駭客得以竊取檔案
http://bit.ly/2ZadMnH
IE 11瀏覽器被爆安全漏洞:可遠程竊取本地PC文件
http://finance.sina.com/bg/tech/technews/sinacn/2019-04-13/doc-ixnpfeet7037203.shtml
IE 不使用也危險 改為 Chrome 都難逃被駭
https://www.secretchina.com/news/b5/2019/04/15/890541.html
Internet Explorer zero-day lets hackers steal files from Windows PCs
https://www.zdnet.com/article/internet-explorer-zero-day-lets-hackers-steal-files-from-windows-pcs/#ftag=RSSbaffb68
Безопасность DHCP в Windows 10: разбираем критическую уязвимость CVE-2019-0726
https://habr.com/ru/company/pt/blog/448378/
Microsoft makes Windows 10 1903 available on MSDN
https://www.zdnet.com/article/microsoft-makes-windows-10-1903-available-on-msdn/#ftag=RSSbaffb68
黑客盯上了Google相册漏洞
http://www.sohu.com/a/307735969_610671?sec=wd
Aplikasi Sistem Informasi Kelulusan [ASIK] LFI Vulnerability
https://cxsecurity.com/issue/WLB-2019040109
WiFi Protected Access III (WPA3) 多個漏洞
https://www.kb.cert.org/vuls/id/871675/
Wi-Fi WPA3 加密認證仍有安全疑慮?Wi-Fi 聯盟:已要求廠商補強
http://bit.ly/2VJI7r3
新 WPA3 無線網路加密協定內含漏洞,易遭竊取密碼與攻擊
http://bit.ly/2IjcyB9
Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password
http://bit.ly/2v5WXw8
不滿WordPress支援論壇,安全研究人員連續公布3個WordPress外掛程式漏洞
https://www.ithome.com.tw/news/129987
CloudBees Jenkins Accurev Plugin信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999028
Drupal Releases Core CMS Updates to Patch Several Vulnerabilities
http://bit.ly/2GuRUf6
Broadcom Wi-Fi晶片組驅動程式含多種安全漏洞
https://www.ithome.com.tw/news/130079
大品牌一樣失手 CERT 公布多個企業級 VPN 漏洞
http://bit.ly/2DxuEeX
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
監守自盜已非個案 銀行內控漏洞令人咋舌
https://news.sina.com.tw/article/20190412/30900600.html
金融機構創新同時,強化企業資安韌性將成為企業發展關鍵
https://ithome.com.tw/news/129935
純網銀資安座談 18日登場
https://www.chinatimes.com/newspapers/20190416000198-260202?chdtv
南韓純網銀業者 兩大挑戰
https://money.udn.com/money/story/5599/3757823
5月網路報稅 專家教戰資安自保六招
https://udn.com/news/story/7243/3758452
網路報稅成主流方式 安侯建業提6大重點防詐騙
https://udn.com/news/story/7243/3758582?from=udn-catelistnews_ch2
東亞銀行疑系統出錯 市民退款回贈5300元變53萬
http://hd.stheadline.com/news/realtime/hk/1479510/
交通銀行發展研究部原總經理李楊勇被“雙開”
http://bit.ly/2UlegDw
台灣客戶挑選往來銀行 最重視三件事
https://fnc.ebc.net.tw/FncNews/stock/77197
日本央行副行長﹕若銀行系統不穩 將以貨幣政策應對
http://bit.ly/2vaP3BW
永豐行動銀行App 轉帳、換匯二大功能用戶最愛
https://news.cnyes.com/news/id/4305643
考察新加坡監理科技及純網銀發展
https://report.nat.gov.tw/ReportFront/ReportDetail/detail?sysId=C10800230
日本樂天銀行來台分享網銀實際資安運用技術
https://udn.com/news/story/7239/3764559
樂天銀行資安專家佐伯和彥:經營純網銀逾18年 可為台做貢獻
http://bit.ly/2IJHnhN
金融服務如何走進各種消費場景,將來銀行IT發展戰略大公開
https://www.ithome.com.tw/people/130092
Windows 10 ATM migration: The breaking point for banks
https://www.atmmarketplace.com/blogs/windows-10-atm-migration-the-breaking-point-for-banks/
Crooks use digger to steal ATMs in Northern Ireland as ATM physical attacks rise across the EU
https://www.zdnet.com/article/crooks-use-digger-to-steal-atms-in-northern-ireland-as-atm-physical-attacks-rise-across-the-eu/#ftag=RSSbaffb68
HOW TO DETECT SPY CAMERA’S IN TRIAL ROOMS, ATM’S, HOTELS, OTHER AREA’S
https://www.securitynewspaper.com/2019/03/26/how-to-detect-spy-cameras-in-trial-rooms-atms-hotels-other-areas/?fbclid=IwAR2FNxiGJN5aTG2msos0UyYq7xf2UC-N19OoLVzF2pd4jV9MTptmLRm-kbU
3.電子支付/電子票證/行動支付/ 新聞及資安
近6成南韓人使用行動支付 50至59歲月均消費額最高
https://ec.ltn.com.tw/article/breakingnews/2761679
AdSense忽然出現「您的款項目前處於暫緩支付狀態」
http://bit.ly/2Zit7Cz
李顯龍讚中國電子支付:我的部長在上海買栗子像個鄉巴佬
https://v.chinaqna.com/blog/82914
第三方支付、電子支付及電子票證 一張表看懂差別
https://money.udn.com/money/story/5613/3764096
預告「電子支付機構業務管理規則」部分條文修正草案
http://bit.ly/2Gv44oD
5.虛擬貨幣/區塊鍊   新聞及資安
探索區塊鏈維護電網安全 美國能源部稱取得新進展
https://news.cnyes.com/news/id/4303278
〈虛擬貨幣現況〉比特幣暴漲暴跌 專家教戰:從生態圈應用實質面挑選
https://fnc.ebc.net.tw/FncNews/else/76766
Algo Cipher宣布於第三季完成公鏈主網上線,並同時組建全球去中心化交易所聯盟
https://iview.sina.com.tw/post/19095272
波場 Dapp TronBank 遭到假幣攻擊
https://www.ptt.cc/bbs/DigiCurrency/M.1555313950.A.C48.html
讓「用比特幣買東西」成真,Coinbase攜手Visa推簽帳卡
https://meet.bnext.com.tw/articles/view/44773
大多倫多小鎮首推用比特幣交物業稅
http://www.epochtimes.com/b5/19/4/15/n11188745.htm
印度官方銀行部門計劃使用區塊鏈技術,推動支付領域的解決方案
https://www.blocktempo.com/the-national-payments-corporation-of-india-blockchain-payment/
虛擬貨幣夯 以太幣曾讓投資翻7倍
https://www.chinatimes.com/newspapers/20190415000544-260110?chdtv
區塊鏈科技台灣不缺席 3家新創公司各領風騷
http://bit.ly/2PfApSN
虛擬貨幣騙局多 中國全面禁ICO
https://www.nextmag.com.tw/realtimenews/news/467516
〈區塊鏈大應用〉韓國電信巨頭KT推區塊鏈技術5G網路服務 防範駭客攻擊
https://news.cnyes.com/news/id/4305155
熊市影響下,日本主流金融科技公司叫停加密交易所計劃
http://news.knowing.asia/news/2009f13b-da99-4e1a-8deb-fa367de53873
首家虛擬幣交易所 開幕
https://udn.com/news/story/7239/3762217
虛擬幣採低度監理 買賣自負風險
https://money.udn.com/money/story/9740/3762221
衝突的公鏈!來自 P2P 協議的異形攻擊漏洞
https://www.bishijie.com/shendu_30448
區塊鍊技術可能會阻止Microsoft Outlook漏洞
https://0xzx.com/20190418175640941.html
「達悟幣」發行改採傳統股權模式!DTCO執行長李亞鑫:金管會提出的框架,明顯對科技創新不友善
http://bit.ly/2IsiurB
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體
Bashlite IoT 惡意程式新增挖礦與後門功能,專門攻擊 WeMo 品牌裝置
https://blog.trendmicro.com.tw/?p=60149
小米的Guard Provider應用程序中的漏洞可能會將設備暴露給惡意軟件
https://www.cyclonis.com/zh-cn/vulnerability-xiaomi-guard-provider-expose-devices-malware/
勒索病毒持續「變種」攻擊 企業應加強資安與備份
https://www.chinatimes.com/realtimenews/20190415001300-260410?chdtv
一種專門偵測惡意程式變種的機器學習模型
https://blog.trendmicro.com.tw/?p=60048
AdBlock Plus廣告過濾外掛漏洞可被執行惡意程式碼
https://www.ithome.com.tw/news/129999
密碼還是1234嗎?小心了! 趨勢科技最新調查指出 弱密碼及系統漏洞成挖礦病毒攻擊企業利器
http://bit.ly/2UEiCuO
保險公司拒賠 NotPetya,視為戰爭免賠惹議
https://technews.tw/2019/04/16/insurance-company-wont-refund-notpetya-demage-they-see-it-as-war-make-controversies/
電腦突然變超慢?挖礦病毒數量暴增 400 倍,傳統防毒抓不到該如何自救
https://buzzorange.com/techorange/2019/04/17/trend-micro-malware-protection/
還在使用老舊軟體和這 61 組弱密碼? 挖礦病毒利用多重攻擊手法自中國擴散至台灣、日本等亞洲企業
https://blog.trendmicro.com.tw/?p=60232
Pre-installed malware found on an Android Gretel A7 device
http://skptr.me/gretel_preinstalled_2.html
Popular Video Editing Software Website Hacked to Spread Banking Trojan
http://bit.ly/2Z8u2pf
Sophisticated 'TajMahal APT Framework' Remained Undetected for 5 Years
http://bit.ly/2IAgLzJ
The Bayrob malware gang's rise and fall
https://www.zdnet.com/article/the-bayrob-malware-gangs-rise-and-fall/#ftag=RSSbaffb68
Two Romanian Nationals Convicted in 'Bayrob' Malware Case
https://www.bankinfosecurity.com/two-romanian-nationals-convicted-in-bayrob-malware-case-a-12375
Proactive Malware Intelligence & Increasing ROI of SIEM & SOAR Deployments
https://www.bankinfosecurity.in/webinars/proactive-malware-intelligence-increasing-roi-siem-soar-deployments-w-1957
Multimedia Editing Software Hacked to Spread Banking Trojan
https://hackercombat.com/multimedia-editing-software-hacked-to-spread-banking-trojan/
US CERT Warns of N. Korean 'Hoplight' Trojan
https://www.bankinfosecurity.com/us-cert-warns-n-korean-hoplight-trojan-a-12374
Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse
https://blog.trendmicro.com/trendlabs-security-intelligence/miner-malware-spreads-beyond-china-uses-multiple-propagation-methods-including-eternalblue-powershell-abuse/
[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services
https://seguranca-informatica.pt/si-lab-emotet-spread-in-chile-impacted-hundreds-of-users-and-targeted-financial-and-banking-services/#.XLSeQ-gzbIU
Hackers comprometem agente de suporte da Microsoft para aceder a contas de email do Outlook
https://seguranca-informatica.pt/hackers-comprometem-agente-de-suporte-da-microsoft-para-aceder-a-contas-de-email-do-outlook/#.XLSfGegzbIU
Criptominer usa vários métodos de propagação para infetar máquinas Windows e droppar um minerador da Monero
https://seguranca-informatica.pt/criptominer-usa-varios-metodos-de-propagacao-para-infetar-maquinas-windows-e-droppar-um-minerador-da-monero/#.XLSfHegzbIU
OceanLotus: macOS malware update
https://www.welivesecurity.com/2019/04/09/oceanlotus-macos-malware-update/
Let's Learn: In-Depth Review of FIN7 VBA Macro & Lightweight JavaScript Backdoor
https://www.vkremez.com/2018/11/in-depth-review-of-fin7-vba-macro.html
Scranos: New Rapidly Evolving Rootkit-Enabled Spyware Discovered
https://thehackernews.com/2019/04/scranos-rootkit-spyware.html
Inside Scranos – A Cross Platform, Rootkit-Enabled Spyware Operation
https://labs.bitdefender.com/2019/04/inside-scranos-a-cross-platform-rootkit-enabled-spyware-operation/
Account With Admin Privileges Abused to Install BitPaymer Ransomware via PsExec
https://paper.tuisec.win/detail/4af0e090957cb4f
Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse
https://blog.trendmicro.com/trendlabs-security-intelligence/miner-malware-spreads-beyond-china-uses-multiple-propagation-methods-including-eternalblue-powershell-abuse/
New HawkEye Reborn Variant Emerges Following Ownership Change
https://blog.talosintelligence.com/2019/04/hawkeye-reborn.html
Scranos rootkit expands operations from China to the rest of the world
https://www.zdnet.com/article/scranos-rootkit-expands-operations-from-china-to-the-rest-of-the-world/#ftag=RSSbaffb68
DNS Malware Analysis: A Forensic Approach (W39)
http://bit.ly/2vaXPQm
Banking Trojan Emotet Now Targets Legitimate Email Chains to Deploy Malware
https://latesthackingnews.com/2019/04/16/banking-trojan-emotet-now-targets-legitimate-email-chains-to-deploy-malware/
Hacking Android Smart Phone Using AhMyth Android RAT
https://cybarrior.com/blog/2019/01/25/hacking-android-smart-phone-using-ahmyth-android-rat/?fbclid=IwAR3DC3CitoixtJ1G0Jdo-ZErERXp-jEUFk5yHncCkjMllRaOk9NR8CNXl5w
Cyber-security firm Verint hit by ransomware
https://www.zdnet.com/article/cyber-security-firm-verint-hit-by-ransomware/#ftag=RSSbaffb68
Bad bots now make up 20 percent of web traffic
https://www.zdnet.com/article/bad-bots-focus-on-financial-targets-make-up-20-percent-of-web-traffic/#ftag=RSSbaffb68
Potential Targeted Attack Uses AutoHotkey and Malicious Script Embedded in Excel File to Avoid Detection
https://blog.trendmicro.com/trendlabs-security-intelligence/potential-targeted-attack-uses-autohotkey-and-malicious-script-embedded-in-excel-file-to-avoid-detection/
Malicious AutoHotkey Scripts Used to Steal Info, Remotely Access Systems
https://www.bleepingcomputer.com/news/security/malicious-autohotkey-scripts-used-to-steal-info-remotely-access-systems/#.XLdqKJqUS2k.twitter
Today's Forecast: Cloudy With a Chance of Malware
https://www.bankinfosecurity.com/todays-forecast-cloudy-chance-malware-a-12394
B.行動安全 / iPhone / Android /穿戴裝置 /App
Galaxy S10 及 Galaxy S10 Plus 屏下指紋識別器推出緊急更新
https://tw.news.yahoo.com/galaxy-s10-%E5%8F%8A-galaxy-s10-105009142.html
Apple 為 App Store 訂閱的付費過程新增了一道確認步驟
https://chinese.engadget.com/2019/04/12/apple-app-store-subscriptions-confirmation/
小米手機內建app藏漏洞 個資密碼可能被偷
http://www.soundofhope.org/b5/2019/04/12/n2801421.html
中共官方大肆整改網路 下架逾三萬款app
http://bit.ly/2G7A8gL
Android 手機防毒軟件 五款最佳推薦
http://bit.ly/2DedW3L
為幫助開發者提升付費訂戶數量,Android開發人員控制臺新增訂閱分析功能
https://www.ithome.com.tw/news/129942
如何透過iPhone「尋找朋友」分享即時位置資訊
https://blog.trendmicro.com.tw/?p=60035
評估5G安全風險 荷蘭設專案小組
https://money.udn.com/money/story/5599/3757699
手機App資安黑洞!讓蝦皮和YouTube讀你的簡訊和通訊錄,你也按下「同意」了嗎
http://bit.ly/2GfX2Td
小心,Google Play上有假的Instagram助手程式
https://www.ithome.com.tw/news/130012
今年第三次!臉書、IG及WhatsApp又當機兩小時
https://www.ithome.com.tw/news/129971
LINE以技術與服務創新 推動社會正向改變
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000557696_XTS5FHDOLD2LGU5GCQXVA&cat=50
國內Android App漏洞檢測發展簡史
http://www.chuangyejia.com/article-12892520.html
手機 App 資安黑洞!讓蝦皮和 YouTube 讀你的簡訊和通訊錄,你也按下「同意」了嗎
https://buzzorange.com/techorange/2019/04/19/app-info-security/
駭客利用iOS上的Chrome漏洞傳遞惡意廣告
https://www.ithome.com.tw/news/130090
中國假「貸款App」氾濫 受騙人數逾150萬
https://www.secretchina.com/news/b5/2019/04/19/891009.html?code=b5
香港地區 Google Play 商店應用程式保安風險報告 (2019年3月)
https://www.hkcert.org/my_url/zh/blog/19032901
Google Makes it Tough for Rogue App Developers Get Back on Android Play Store
http://bit.ly/2GrFQLO
Australian Child-Tracking Smartwatch Vulnerable to Hackers
https://www.bankinfosecurity.com/australian-child-tracking-smartwatch-vulnerable-to-hackers-a-12376
Malvertising campaign abuses Chrome for iOS bug to target iPhone users
https://www.zdnet.com/article/malvertising-campaign-abuses-chrome-for-ios-bug-to-target-iphone-users/#ftag=RSSbaffb68
Your Android phone can now double as a security key
https://www.welivesecurity.com/2019/04/16/android-phone-security-key/
Facebook to end Messenger payments in the UK, France
https://www.zdnet.com/article/facebook-to-end-messenger-payments-in-the-uk-france/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件
打擊機器人帳號惡意散布訊息 推特大幅限制每日可追用戶數
https://news.sina.com.tw/article/20190413/30907220.html
ICANN:台灣的網路治理開放態度 足以做為區域楷模
https://www.taiwannews.com.tw/ch/news/3681916
Epic Games 承認帳號資安問題並承諾改善
http://bit.ly/2Ur1PpQ
拆解黑客連鎖攻擊(一):睇留言都中招
http://bit.ly/2XgsXd9
網路風險指數(CRI) – 給資訊安全長和 IT 安全團隊的指南
https://blog.trendmicro.com.tw/?p=59584
專家發現漏洞後是否公示?新報告稱已淪為黑客揮向用戶的屠刀
https://read01.com/kzgA74P.html
黑灰產規模化的背後—— 由發卡平台組成的資源交易網
https://paper.tuisec.win/detail/d918ac95649eef7
紐約執法者網路執法 搗毀黑網毒品販售
https://www.ntdtv.com/b5/2019/04/16/a102558006.html
盜版《權力遊戲:冰與火之歌》等熱門影集,成為駭侵攻擊最佳誘餌
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=838
安全專家發現漏洞PoC報告成為黑客向用戶發出網絡威脅的新武器
http://www.twoeggz.com/news/14226098.html
Encrypted Messaging Project "Matrix" Suffers Extensive Cyber Attack
http://bit.ly/2DcxQfK
新澤西破獲最大暗網賣假藥案 假藥直銷全美
http://www.epochtimes.com/b5/19/4/17/n11192091.htm
亞桑傑被捕後 厄瓜多遇4000萬次駭客攻擊
https://taronews.tw/2019/04/16/311893/
亞桑傑被控「駭入五角大廈電腦」 維基解密洩漏機密重創美國
https://www.ettoday.net/news/20190413/1421352.htm
維基解密亞桑傑倒下…但只要這技術還在 骯髒事總會見光死
https://udn.com/news/story/6809/3754290?from=udn-ch1_breaknews-1-cate5-news
亞桑傑同夥欲逃往日本 遭厄瓜多當局逮捕
http://bit.ly/2XbwzwY
撤銷政治庇護與公民權後 厄瓜多再逮與亞桑傑有關人士
https://www.ydn.com.tw/News/331962
WikiLeaks Founder Julian Assange Arrested After Ecuador Withdraws Asylum
http://bit.ly/2VJgsq8
中國警告澳洲:封殺華為使澳洲陷入「技術孤立」
https://ec.ltn.com.tw/article/breakingnews/2758047
俄護普丁惡搞GPS 數千船隻飛機大亂
https://www.chinatimes.com/realtimenews/20190415001253-260417?chdtv
What Did We Learn from the Global GPS Collapse
https://blog.trendmicro.com/what-did-we-learn-from-the-global-gps-collapse/
德國制定更嚴格法律 打擊網路性犯罪
http://bit.ly/2GmHAFY
德國表態「華為可參與5G建置」 陸外交部:證明多數國家客觀獨立
https://www.ettoday.net/news/20190418/1425359.htm
捍衛資安出招 華為將與德簽無間諜協議
http://bit.ly/2KQWhW8
美國公共電台:美資公司對中國駭客攻擊保持沉默
https://www.voacantonese.com/a/cantonese-xp-china-hack-us-business-20190414-ry/4875045.html
川普火大!中國竊取美國技術 美國每年損失1.76兆
https://ec.ltn.com.tw/article/breakingnews/2758903
美國勸說無效!德國5G設備建置將不排除華為
https://www.ettoday.net/news/20190415/1422443.htm
美國務院副助卿米德偉:5G時代建立外資篩選系統至關重要
https://ec.ltn.com.tw/article/breakingnews/2759492
美國啟動防堵間諜?FBI取消數十名中國學者美簽
https://www.thenewslens.com/article/117279
美資安報告:中共政策導向 外企被迫留後門
http://bit.ly/2UBdqaZ
英國規定色情網站必須稽核造訪者年齡,違者可能被ISP封鎖
https://ithome.com.tw/news/130077
歐盟:未發現卡巴斯基軟體通俄竊密的證據
https://www.ithome.com.tw/news/130045
思科:國家級駭客持續攻擊中東及北非國家的DNS系統
https://www.ithome.com.tw/news/130106
卡巴斯基實驗室:去年Q4偵測到的攻擊有7成鎖定Office
https://www.ithome.com.tw/news/130006
卡巴斯基報告:70%的黑客攻擊事件瞄準Office漏洞
https://m.ithome.com/html/419370.htm
Kaspersky: 70 percent of attacks now target Office vulnerabilities
https://www.zdnet.com/article/kaspersky-70-percent-of-attacks-now-target-office-vulnerabilities/#ftag=RSSbaffb68
Security: Europe's pushback against Chinese tech has only just begun
https://www.zdnet.com/article/security-europes-pushback-against-chinese-tech-has-only-just-begun/#ftag=RSSbaffb68
Building a data pipeline to defend New York from cyber threats
https://www.zdnet.com/article/building-a-data-pipeline-to-defend-new-york-from-cyber-threats/#ftag=RSSbaffb68
US probe prompts Russia-linked Pamplona to sell stake in cybersecurity firm Cofense
https://www.zdnet.com/article/us-probe-prompts-russia-linked-pamplona-to-give-up-stake-in-cybersecurity-firm-cofense/#ftag=RSSbaffb68
Encrypted Messaging Project "Matrix" Suffers Extensive Cyber Attack
http://bit.ly/2UBFWck
The Muddy Waters of APT Attacks
https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/
A hacker has dumped nearly one billion user records over the past two months
https://www.zdnet.com/article/a-hacker-has-dumped-nearly-one-billion-user-records-over-the-past-two-months/#ftag=RSSbaffb68
Hackers crack university defenses in just two hours
https://www.welivesecurity.com/2019/04/12/hackers-crack-university-cyberdefenses/
Credential-stuffing attacks behind 30 billion login attempts in 2018
https://www.welivesecurity.com/2019/04/10/credential-stuffing-attacks-login/
EU: No evidence of Kaspersky spying despite 'confirmed malicious' classification
https://www.zdnet.com/article/eu-no-evidence-of-kaspersky-spying-despite-confirmed-malicious-classification/#ftag=RSSbaffb68
Hacker Group Uses RATVERMIN Backdoor to Target Ukrainian Military
https://www.bleepingcomputer.com/news/security/hacker-group-uses-ratvermin-backdoor-to-target-ukrainian-military/
Source code of Iranian cyber-espionage tools leaked on Telegram
https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram/#ftag=RSSbaffb68
DNS Tunneling in the Wild: Overview of OilRig’s DNS Tunneling
https://unit42.paloaltonetworks.com/dns-tunneling-in-the-wild-overview-of-oilrigs-dns-tunneling/
Microsoft loses control over Windows Tiles subdomain
https://www.zdnet.com/article/microsoft-loses-control-over-windows-tiles-subdomain/
Researcher Hijacks a Microsoft Service Using Loophole in Azure Cloud Platform
https://thehackernews.com/2019/04/subdomain-microsoft-azure.html
The security snapshot: 10-year challenge
https://www.zdnet.com/article/the-security-snapshot-10-year-challenge/#ftag=RSSbaffb68
Some internet outages predicted for the coming month as '768k Day' approaches
https://www.zdnet.com/article/some-internet-outages-predicted-for-the-coming-month-as-768k-day-approaches/#ftag=RSSbaffb68
Brazil to shift government sites to single domain
https://www.zdnet.com/article/brazil-to-shift-government-sites-to-single-domain/#ftag=RSSbaffb68
Former student destroys 59 university computers using USB Killer device
https://www.zdnet.com/article/former-student-destroys-59-university-computers-using-usb-killer-device/#ftag=RSSbaffb68
Released: Redacted Mueller Report on Russian Interference
https://www.bankinfosecurity.com/released-redacted-mueller-report-on-russian-interference-a-12392
資訊安全工程師SOC(銀行)-208KC 知名金控
https://www.manpower.com.tw/product/439
資訊安全工程師(防毒)(銀行)-208KC 知名銀行
https://www.manpower.com.tw/product/458
系統分析師(銀行/AML)-208KC 知名金控
https://www.manpower.com.tw/product/437
軟體研發工程師 (Network and Security) _台達研究院(台北)
https://www.104.com.tw/job/?jobno=6ks6q
網路資安工程師 (新竹竹北)
https://www.104.com.tw/job/?jobno=6kza0
產品經理(產品行銷處)
https://www.104.com.tw/job/?jobno=6kxff
資策會資安科技研究所短期日薪工讀生需求
http://bit.ly/2GnlMKz
研發處-資安研發實習生 安華聯網科技股份有限公司
http://bit.ly/2UIlBT2
最大場5+2徵才周六在台北 5000職缺半數起薪逾4萬
https://www.chinatimes.com/realtimenews/20190417004251-260410?chdtv
經濟部助企業徵才 放出5千個職缺
http://bit.ly/2IrAWRd
【知名人壽】系統工程師 (35K~50K)
https://m.1111.com.tw/job/85908785/
資安系統工程師-M128
https://m.1111.com.tw/job/85869081/
一般金融人員-北區
https://www.104.com.tw/job/?jobno=42fd3&jobsource=n104bank2
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
釣魚網站辦抽獎蒐集個資、政治傾向 綠委:為投放假新聞
https://www.ettoday.net/news/20190419/1425721.htm
網路攻防演習 反制假訊息固心防
https://www.ydn.com.tw/News/332150
台灣信用卡在澳洲被盜刷 原來是加油站員動手腳
https://www.chinatimes.com/realtimenews/20190418001791-260402?chdtv
被加油工側錄信用卡 被害人「怎有來自澳門消費?」
https://udn.com/news/story/7321/3762549
暴力集團專挑現役軍人詐騙 被榨光還揹債
https://www.chinatimes.com/realtimenews/20190418001980-260402?chdtv
Hackers Reportedly Post Data on Law Enforcement Officers
https://www.bankinfosecurity.com/hackers-reportedly-post-data-on-law-enforcement-officers-a-12380
網路恐攻?駭客集團入侵 美國警察、FBI上千筆資料外洩
http://bit.ly/2VLprHl
FBI網站被黑 駭客穫取100萬條聯邦特工身份資訊
http://big5.pconline.com.cn/b5/news.pconline.com.cn/1248/12488656.html
烏克蘭黑客入侵FBI旗下網站 盜逾千特工警察資料
https://hk.on.cc/hk/bkn/cnt/aeanews/20190413/bkn-20190413220559716-0413_00912_001.html
Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts
http://bit.ly/2KBV7xE
Microsoft reveals breach affecting webmail users
https://www.welivesecurity.com/2019/04/15/microsoft-breach-outlook-webmail-users/
駭客能透過濫用微軟用戶支援門戶網站讀取任何非公司帳戶的電子郵件
http://big5.pconline.com.cn/b5/news.pconline.com.cn/1249/12490507.html
微軟網頁郵件服務入侵災情升級,某些用戶的信件內容或已洩漏
https://chinese.engadget.com/2019/04/16/hackers-could-read-some-microsoft-webmail-messages/
微軟客服人員遭駭,致部份Outlook.com郵件用戶帳號資訊外洩
https://www.ithome.com.tw/news/129969
找飯店,洩個資?國外調查報告 飯店網站洩漏客戶資料達7成
https://news.sina.com.tw/article/20190412/30895086.html
亞馬遜證實!Alexa錄下用戶聲音 有人專門監聽
https://udn.com/news/story/6811/3752469
臺灣的假消息有很大程度是來自境外,學界提醒應注意是否造成國家主權或民主的侵蝕
https://www.ithome.com.tw/news/129927
瑞典調查:台灣「遭境外假資訊攻擊」的程度世界第一,還遙遙領先第二名
https://buzzorange.com/techorange/2019/04/16/fake-news-attack/
Yahoo將資料外洩和解金額提高到1.17億美元
https://www.ithome.com.tw/news/129948
警強注晶片操控!南韓「晶片女」直播監視自己10年 想逃就立刻睡著
https://www.ettoday.net/dalemon/post/42812
李家超感緊張心急 積極就「窺淫罪」立法針對偷拍等性罪行
https://hk.news.appledaily.com/local/realtime/article/20190412/59479670
不誠實使用電腦罪「百搭」失效 李家超:為窺淫罪立法緊張、心急
http://bit.ly/2GhFQww
萬能key控罪「失效」 葛珮帆籲效英國訂偷拍裙底刑事罪
https://hk.news.appledaily.com/local/realtime/article/20190414/59487109
印度大型資訊服務外包業者遭駭,全球眾多客戶遭殃
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=839
這些臉書粉絲團免費送貼圖都是假的,五招避免上當
https://blog.trendmicro.com.tw/?p=60197
Facebook發現新安全漏洞,數百萬Instagram用戶密碼可被員工直接閱讀
https://on.wsj.com/2V2QuAX
臉書又出包 遭爆未經同意蒐集150萬名用戶的電子郵件聯絡名單
https://www.ettoday.net/news/20190418/1425237.htm
臉書要求用戶提供 Email 密碼,然後「不小心」上傳了 150 萬人的通訊錄
https://buzzorange.com/techorange/2019/04/19/facebook-sends-out-1-5m-personal-data/
臉書說「不小心」蒐集了150萬用戶的郵件聯絡人
https://www.ithome.com.tw/news/130087
Facebook admits to storing plaintext passwords for millions of Instagram users
https://www.zdnet.com/article/facebook-admits-to-storing-plaintext-passwords-for-millions-of-instagram-users/#ftag=RSSbaffb68
教你如何在一個晚上變窮,從詐騙學 UX
https://www.inside.com.tw/article/16109-the-real-scam-case
眼見不足為真 假消息.輿論泛濫臉書出招遏止
http://bit.ly/2UhrkKq
盜用他人信用卡購物 餐廳經理涉6宗罪
https://hk.news.appledaily.com/breaking/realtime/article/20190417/59497488
盜卡網購:資訊科技界莫乃光「要每月check單」
https://hk.on.cc/hk/bkn/cnt/news/20190417/bkn-20190417123210624-0417_00822_001.html
網購刷卡詐欺 飆破22億創歷史新高
https://news.cts.com.tw/cts/society/201904/201904141957883.html
國家互聯網應急中心:虛假和仿冒移動應用成網路詐騙新渠道
https://news.sina.com.tw/article/20190416/30951738.html
鑽「時差」漏洞 假本票網購騙財 3落網
http://bit.ly/2Geihot
以假銀行本票網購騙37萬 商罪科拉兩女騙徒
http://bit.ly/2DgurMG
認證系統漏洞明顯 百度搜索再爆醜聞
http://bit.ly/2IyZg2Y
郭家麒指電子健康紀錄互通系統有保安漏洞
http://www.metroradio.com.hk/news/live.aspx?SearchText=&NewsId=20190416173012&page=0
Mozilla向Apple發起隱私保障請願,建議使用者限制廣告追蹤
https://www.techbang.com/posts/69471-mozilla-launches-privacy-protection-petition-to-apple-advising-users-to-turn-off-ad-tracking
網路報稅防詐騙 6招自保
https://ec.ltn.com.tw/article/paper/1282118
報導:駭客在黑市銷售近10億筆使用者資料
https://www.ithome.com.tw/news/130013
111分局轄區Macy’s信用卡被盜頻發 華裔涉嫌作案
http://www.epochtimes.com/b5/19/4/17/n11192253.htm
香港29歲餐廳經理涉6宗盜用他人資料網購案被捕
http://www.hkcna.hk/content/2019/0417/757951.shtml
台灣詐騙集團利用日本空屋電信詐騙 日警再逮捕10男女
https://times.hinet.net/topic/22329617
填網路問卷小心個資外流 政院提醒國人注意資安
http://bit.ly/2IIumoL
個人化假訊息來了?林俊憲提醒港籍釣魚網站騙個資
https://taronews.tw/2019/04/19/314775/
用iphone抽獎問總統選誰? 綠委質疑影響台灣總統大選
https://news.ltn.com.tw/news/politics/breakingnews/2764136
詐騙集團謊稱「提款機操作錯誤」 49人受騙共得款500多萬
https://www.ettoday.net/news/20190419/1425857.htm
A hacker has dumped nearly one billion user records over the past two months
https://www.zdnet.com/article/a-hacker-has-dumped-nearly-one-billion-user-records-over-the-past-two-months/
Report: Healthcare Is No. 1 - For Breaches
https://www.bankinfosecurity.com/blogs/report-healthcare-no-1-for-breaches-p-2736
Another Scathing Equifax Post-Breach Report
https://www.bankinfosecurity.co.uk/interviews/another-scathing-equifax-post-breach-report-i-4291
Russia Fines Facebook $47 Over Citizens' Data Privacy Dispute
http://bit.ly/2IySOJa
Facebook Collected Contacts from 1.5 Million Email Accounts Without Users' Permission
http://bit.ly/2ZoZCPJ
Brazil's Itaú rolls out facial biometrics to tackle auto loan fraud
https://www.zdnet.com/article/brazils-itau-rolls-out-facial-biometrics-to-tackle-auto-loan-fraud/#ftag=RSSbaffb68
Pregnancy club fined £400,000 for illegally sharing data of over 14 million people
https://www.zdnet.com/article/pregnancy-club-fined-400000-for-sharing-data-of-over-14-million-people/#ftag=RSSbaffb68
The Anatomy of a Spear Phishing Attack: How Hackers Build Targeted Attacks (and why they're so effective)
https://www.bankinfosecurity.com/webinars/anatomy-spear-phishing-attack-how-hackers-build-targeted-attacks-and-w-1968
How Likely Is Your Organization to Be Breached
https://blog.trendmicro.com/how-likely-is-your-organization-to-be-breached/
Over 100 Million JustDial Users' Personal Data Found Exposed On the Internet
http://bit.ly/2ZsnvG2
E.研究報告
Samba遠程代碼執行漏洞分析(CVE-2017-7494)
https://bbs.pediy.com/thread-250746.htm
TransferMint 漏洞詳解:超20個波場合約存無限增發代幣風險
https://www.bishijie.com/shendu_29474
滲透測試——利用IIS漏洞,獲取對靶機建立遠程桌面連接
https://segmentfault.com/a/1190000018857317
使用Sboxr實現DOM XSS漏洞的自動挖掘與利用
http://www.sohu.com/a/307675752_354899?sec=wd
挖洞經驗| 利用Semmle QL查詢語言發現Facebook Fizz的DoS漏洞($10k)
https://www.freebuf.com/vuls/199563.html
SSRF漏洞原理、利用方式及修復方案?Java和PHP的SS
http://bit.ly/2Ikypbo
組合漏洞+繞道waf拿下阿里數個網站
https://www.anquanke.com/post/id/176569
VMware Fusion 11通過WebSocket接口控制虛擬機RCE漏洞分析(CVE-2019-5514)
https://www.4hou.com/vulnerable/17204.html
Office棧溢出漏洞詳細分析(CVE-2012-0158)
https://bbs.pediy.com/thread-250823.htm
Avira VPN的兩處提權漏洞分析
http://www.sohu.com/a/308241875_354899?sec=wd
IOST公鏈P2P遠程拒絕服務漏洞
https://www.anquanke.com/post/id/176475
淺析基於人格特徵的內部高風險用戶識別方法
https://www.freebuf.com/articles/network/200564.html
Drupal漏洞組合拳:通過惡意圖片實現一鍵式RCE
https://www.anquanke.com/post/id/176470
Confluence 未授權RCE 分析(CVE-2019-3396)
https://paper.seebug.org/893/
利用 GHIDRA 逆向 Tytera MD380
https://github.com/travisgoodspeed/md380tools/wiki/GHIDRA
Spring Cloud Config Server路徑穿越與任意文件讀取漏洞分析 - 【CVE-2019-3799】
https://xz.aliyun.com/t/4844
使用 IDA Pro 的 REobjc 模块逆向 Objective-C 二进制文件
https://paper.seebug.org/887/
重現TP-Link SR20本地網絡遠程代碼執行漏洞
https://paper.seebug.org/879/
CVE-2017-17215-HG532命令注入漏洞分析
https://xz.aliyun.com/t/4819
0 day:詳細分析macOS平台Shimo VPN多個權限提升漏洞
https://www.4hou.com/vulnerable/17507.html
ftp協議類漏洞研究-結合snort
https://blog.csdn.net/yalecaltech/article/details/89383258
ZoomEye 網絡空間測繪——委內瑞拉停電事件對其網絡關鍵基礎設施和重要信息系統影響
https://paper.seebug.org/869/
Zoomeye Cyberspace Mapping——Impact of 2019 Venezuelan Blackouts on Its Network Critical Infrastructure and Important Information Systems
https://paper.seebug.org/871/
Basic Android Security Testing lab — 1
http://bit.ly/2GnxmFx
Rootpipe Reborn (Part I) CVE-2019–8513 TimeMachine root command injection
https://medium.com/0xcc/rootpipe-reborn-part-i-cve-2019-8513-timemachine-root-command-injection-47e056b3cb43?sk=3970823f97714fac1d04d75325e3cbac
Here Be Dragons: Reverse Engineering with Ghidra - Part 0 [Main Windows & CrackMe]
https://www.shogunlab.com/blog/2019/04/12/here-be-dragons-ghidra-0.html
Adobe Flash security tool Flashmingo debuts in open source community
https://www.zdnet.com/article/security-tool-for-flash-flashmingo-released-to-open-source-community/#ftag=RSSbaffb68
JonCooperWorks/implant
https://github.com/JonCooperWorks/implant/?fbclid=IwAR1PgxKxsrW60uw_pNZu-rjEcrIFhO9ElQ5jZFTee6noMdSZxAEAgZ6I_U8
Pirates of Brazil: Integrating the Strengths of Russian and Chinese Hacking Communities
https://go.recordedfuture.com/hubfs/reports/cta-2019-0416.pdf
Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign
https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign/
fireELF: opensource fileless linux malware framework
https://securityonline.info/fireelf/
F.商業
Google新推出多種身份驗證與存取控制功能,助企業部署零信任安全架構
https://www.ithome.com.tw/news/129950
趨勢科技發表創新技術,提升Google Cloud Platform、Kubernetes與G Suite Gmail安全
http://bit.ly/2DcFDtW
SecureCircle 為外部共享加密資料推出 Send Secure 新功能
http://technews.tw/2019/04/16/netbridge-securecircle-send-secure-information-security/
Google釋出服務網格的控制平面Traffic Director
https://www.ithome.com.tw/news/129992
優利系統調查顯示,資料安全是臺灣消費者在選擇銀行時的首要考慮要素
http://bit.ly/2vaHqLG
mlytics結盟宏洲科技 推廣Multi CDN與網安防護服務
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=50&cat2=10&id=0000557907_G8T8SDYG1MXIDD6BOASYG
MetaDefender 惡意程式偵測系統(多防毒引擎單選)
https://www.cloudmarketplace.org.tw/order/Match/Software/1080201/10021/36953
思科ACI、HyperFlex將延伸至邊緣/遠端、多雲環境
https://www.ithome.com.tw/news/130056
思科推出創新架構實現資料中心無處不在願景
http://bit.ly/2Gobh8m
開源軟體的商業模式分析 (一)
https://www.bnext.com.tw/article/52845/open-source--business-model-1
開源軟體的商業模式分析(二):從使用者、開發者角度,談開源模式效益
https://meet.bnext.com.tw/articles/view/44790
2019資誠臺灣企業領袖調查系列專欄二 – 資安防禦 企業贏得客戶信任的神隊友
https://www.pwc.tw/zh/topics/risk-management/risk-management-20190416.html
F5推出新SaaS方案為應用開發與DevOps團隊提供最佳化與隨需購買服務
http://bit.ly/2UqEnJo
Aruba以3S網路技術策略 打造體驗新經濟
https://www.ettoday.net/news/20190418/1425339.htm
網路公司Aruba 用AI助企業用抓內賊
https://ec.ltn.com.tw/article/breakingnews/2763509
Android Studio 3.4新增視覺化資源管理工具,預設程式碼壓縮器改用R8
https://ithome.com.tw/news/130063
NoScript extension officially released for Google Chrome
https://www.zdnet.com/article/noscript-extension-officially-released-for-google-chrome/#ftag=RSSbaffb68
Google Helps Police Identify Devices Close to Crime Scenes Using Location Data
http://bit.ly/2v7lqkI
Google bans logins from embedded browser frameworks to prevent MitM phishing
https://www.zdnet.com/article/google-bans-logins-from-embedded-browser-frameworks-to-prevent-mitm-phishing/#ftag=RSSbaffb68
Red Hat survey finds we're living in an open-source world
https://www.zdnet.com/article/red-hat-survey-finds-were-living-in-an-open-source-world/#ftag=RSSbaffb68
Microsoft buys real-time operating system vendor Express Logic
https://www.zdnet.com/article/microsoft-buys-real-time-operating-system-vendor-express-logic/#ftag=RSSbaffb68
G.政府
金管會研商證券型代幣發行監理規範 6月完成草案修正
https://udn.com/news/story/7239/3752558
金管會初步擬定STO監理規範架構,將採分級管理,適用門檻是三千萬元內
https://www.ithome.com.tw/news/129953
證券型代幣規範 6月出爐
https://udn.com/news/story/7239/3753013
證券型代幣發行規範草案6月出爐 立委業者籲放寬
https://money.udn.com/money/story/5613/3752768
新創不滿證券型代幣5限制 顧立雄:可進沙盒
https://www.chinatimes.com/realtimenews/20190412003764-260410?chdtv
證券型代幣規範 金管會召開公聽會
http://bit.ly/2ZdsKcp
金管會主委顧立雄話中有話,證券型代幣「STO官方交易所」待產中
http://bit.ly/2UH9BB9
STO募資逾3000萬元 擬規範進金融監理沙盒實驗
https://news.cnyes.com/news/id/4303435
STO在吵甚麼?金管會主導金融科技大戲 業者給2點無感
https://udn.com/news/story/7239/3760762
金管會研擬證券型代幣五大限制可望上路
http://www.epochtimes.com/b5/19/4/12/n11181904.htm
臺鐵新一代票務系統、App遭質疑,軟體自由協會籲政府立法開源公部門開發的軟體及系統
https://www.ithome.com.tw/news/129947
訂票系統被批「把民眾當白老鼠」 台鐵副局長:這樣我會完蛋
https://www.ettoday.net/news/20190416/1423662.htm
台北大學犯罪學研究所助理教授沈伯洋:因應中國資訊戰 速定反滲透法
https://talk.ltn.com.tw/article/paper/1281582
柯文哲開設微博 議員:應解除瀏覽大陸網頁限制
https://udn.com/news/story/7323/3753980?from=udn-ch1_breaknews-1-cate3-news
108年政府組態基準GCB說明文件(預告版)ー開放下載
https://www.nccst.nat.gov.tw/NewInfoDetail?lang=zh&seq=1521
金融機構防詐騙成效佳 去年成功攔下近千件詐騙案
https://news.cnyes.com/news/id/4304265
外交部:台灣應對假新聞經驗 能與國際分享
https://money.udn.com/money/story/7307/3758996
純網銀執照 金管會傾向發3張
http://bit.ly/2VOPsW6
純網銀3家競逐 人人有獎? 金管會:仍以2家為限
http://bit.ly/2DeNlDS
政院說明公務機關行動支付及刷卡手續費事宜
https://www.ey.gov.tw/Page/9277F759E41CCD91/82849a86-497c-414c-9616-f839be69d338
國軍神秘網路戰聯隊 進駐國內外公私營機構抗敵
https://udn.com/news/story/10930/3760671
雲端資料庫設中國恐遭全都露 立委促部會正視個資法
https://www.rti.org.tw/news/view/id/2017870
資料庫後門恐通中國 林昶佐爆8成部會未評估
https://news.ltn.com.tw/news/politics/breakingnews/2761622
網路雲端恐通中國! 時力立委林昶佐:八成中央機關未評估外國資安狀況
https://tw.news.appledaily.com/new/realtime/20190417/1551895/
推數位國家公投 張善政:政府應成立新部會作為數位時代「火車頭」
https://www.taiwannews.com.tw/ch/news/3682481
線上報稅 Windows版嘛也通
https://money.udn.com/money/story/11994/3762117
中華電董座鄭優退休 由總經理謝繼茂升任
https://www.chinatimes.com/newspapers/20190418000230-260202?chdtv
純網銀三搶二 金管會:七月放榜
http://news.pchome.com.tw/politics/cdns/20190416/index-55537280049332243001.html
行政院主計總處1080410修正個人信用卡支付款項處理原則
http://www.lksh.chc.edu.tw/files/14-1000-12037,r14-1.php?Lang=zh-tw
金管會送電子支付業五大開放
https://www.chinatimes.com/realtimenews/20190418003842-260410?chdtv
拚電子支付2.0!金管會預告修法祭5利多
https://fnc.ebc.net.tw/FncNews/life/77436
行李箱裝現金辦保恐成絕響 北檢開放電子支付交保金
https://news.ltn.com.tw/news/society/breakingnews/2763343
「行動支付繳納綜合所得稅發送簡訊宣導」委外服務案
https://twbuying.com.tw/showdetail.php?recno=52803654
研擬人工智慧基本法草案 立院辦公聽會
https://news.pts.org.tw/article/429359
蘇揆核定資通產品禁購原則 避中國、陸資字眼
https://news.ltn.com.tw/news/politics/breakingnews/2764196
陸資3C產品「處理原則」政院下午說明
https://www.chinatimes.com/realtimenews/20190419002291-260407?chdtv
防資安外洩 政院拍版:各機關不得購危害資安產品
https://www.nownews.com/news/20190419/3333752/


H.SCADA/ICS/工控系統
有了實體隔離OT就安全嗎?中華資安國際:醫院儀器暗藏10年前的古老惡意軟體
https://www.ithome.com.tw/news/129939
為何射頻技術使工業領域置身風險
https://blog.trendmicro.com.tw/?p=60002
全台首座工業4.0示範工廠曝光 激似電影太空中心能秒算毛利成本
https://www.ettoday.net/news/20190414/1421268.htm
創新科技持續湧現 助製造業實踐智慧工廠願景
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=45&cat2=25&id=0000557630_6G85ICVK46VYCPLQ891RF
I.教育訓練
Bash scripting Tutorial
https://linuxconfig.org/bash-scripting-tutorial?fbclid=IwAR3bNE-YOgp9blliVRGmygZ4WxehgQrtsgHCY0gNaxk6PA6fSjMxUqkJc74
My Fight for the OSCP
https://alphacybersecurity.tech/my-fight-for-the-oscp/
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機
https://read01.com/0MGkm4D.html#.XLRU_-gzbIU
Fitbits for cows? Building IOT for the industry technology left behind
https://www.zdnet.com/article/building-iot-for-the-industry-technology-left-behind/#ftag=RSSbaffb68
物聯網資安立法及智慧城市韌性應用分析
https://technews.tw/2019/04/17/iot-law-and-resilient-cities/
普林斯頓大學開發IoT Inspector 保護家庭智慧裝置資料不外洩
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=50&id=0000557781_oci814xk7rglq522n5fuq
網路數位安全是物聯網能順利運作的重要元素
https://tw.news.appledaily.com/new/realtime/20190417/1551046/
IoT development matures, according to Eclipse Foundation survey
https://www.zdnet.com/article/iot-development-matures-according-to-eclipse-foundation-survey/#ftag=RSSbaffb68
林坤正:台灣將淪為外國人的AI次殖民地
https://www.wealth.com.tw/home/articles/20457
Is Your Baby Monitor Susceptible to Hacking
https://blog.trendmicro.com/is-your-baby-monitor-susceptible-to-hacking/
6.近期資安活動及研討會
 國立交通大學 亥客書院 - 緩衝區溢位攻擊與預防   4/20
 https://hackercollege.nctu.edu.tw/?p=1052
 DevOps Taiwan - CI / CD / DevOps Pipeline Tools 大亂鬥  4/20
 https://devops.kktix.cc/events/pipeline-tools-battle
 資策會開辦「CompTIA Security+ 國際網路資安認證班」 4/20
 https://ithome.com.tw/pr/129904
 TECH(K)NOW DAY TAIPEI  4/20
 https://www.meetup.com/TaipeiWomeninTech/events/258526627/
 Digital Transformation Lab 技術交流會 - 殺手級 Kubernetes : PKS  4/23
 http://bit.ly/2Ill0Qe
 HackingThursday 固定聚會  4/25
 https://www.meetup.com/hackingthursday/events/vkhnnqyzgbhc/
 資安健診  4/25
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3834&from_course_list_url=homepage
 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/
 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502
 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045
 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505
 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/
 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/
 資安危機 - 進擊的勒索加密軟體
 https://www.accupass.com/event/1904170343547477698390
 HackingThursday 固定聚會 5/9
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbmb/
 資安健診  5/9
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3827&from_course_list_url=homepage
 國立交通大學 亥客書院 -電子郵件之偽造攻擊與防護措施安全通訊協定 5/11
 https://hackercollege.nctu.edu.tw/?p=1054
  iTHome 台灣雲端大會 Cloud Summit  2019   2019年 5 月 15 日 (三) 09:00~17:00
 https://cloudsummit.ithome.com.tw/
 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, May 15, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzhbtb/
 網路封包分析實務  5/16
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3831&from_course_list_url=homepage
 源碼檢測實作  5/23
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3835&from_course_list_url=homepage
 第二十九屆全國資訊安全會議  5/23  ~ 5/24
 https://cisc2019.cs.pu.edu.tw/index.php
 Docker Birthday #5 - Taipei  5/25
 https://www.meetup.com/Docker-Taipei/events/248974949/
 International Conference  CONSTRUCTIVE THEORY OF FUNCTIONS - 2019  SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/
 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
 https://hackercollege.nctu.edu.tw/?p=1039
 2019國際資訊安全組織台灣高峰會  7/9 ~ 7/11
 https://csa.kktix.cc/events/2019con
 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/
 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==
 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/
 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com

沒有留言:

張貼留言