資安事件新聞週報 2019/5/20 ~ 2019/5/24
1.重大弱點漏洞/後門/Exploit/Zero Day
Fortinet FortiClient 遠端執行任意程式碼漏洞 CVE-2019-5589
https://fortiguard.com/psirt/FG-IR-19-060
Fortinet FortiOS 緩衝區錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13381
Fortinet FortiOS VM 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5587
多款Huawei S系列交換機安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5285
揭秘“0 day漏洞”:一款強大卻脆弱的武器
https://www.4hou.com/vulnerable/18116.html
Some Elasticsearch security features are now free for everyone
https://www.zdnet.com/article/some-elasticsearch-security-features-are-now-free-for-everyone/#ftag=RSSbaffb68
McAfee 產品多個漏洞
https://kc.mcafee.com/corporate/index?page=content&id=SB10282
https://kc.mcafee.com/corporate/index?page=content&id=SB10280
女黑客SandboxEscaper又曝光4個Windows 10零日漏洞
https://www.sohu.com/a/316244133_223764?sec=wd
專家促微軟用戶修補遠端漏洞 警告黑客或發動蠕蟲攻擊
http://bit.ly/2HzCve0
最新 Windows 10 0-Day 漏洞在推特上出現,可執行任意檔案
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=856
微軟 Internet Explorer 零日繞過保安限制漏洞
https://www.bleepingcomputer.com/news/microsoft/poc-exploits-released-for-two-more-windows-vulnerabilities/
Windows漏洞獵人SandboxEscaper公布第五個零時差漏洞
https://www.ithome.com.tw/news/130814
Update: Hacker Disclosed 4 New Microsoft Zero-Day Exploits in Last 24 Hours
http://bit.ly/2wgRJhP
PoC Exploit For Unpatched Windows 10 Zero-Day Flaw Published Online
http://bit.ly/30BIVky
Systems administrators: You need to know about this Windows 10 1903 patching change
https://www.zdnet.com/article/systems-administrators-you-need-to-know-about-this-windows-10-1903-patching-change/#ftag=RSSbaffb68
Two more Microsoft zero-days uploaded on GitHub
https://www.zdnet.com/article/two-more-microsoft-zero-days-uploaded-on-github/#ftag=RSSbaffb68
Microsoft Jet Database Engine遠程代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0580
微軟沒輒了!這次更新包括Windows XP等舊版系統
https://udn.com/news/story/11017/3822250
微軟視窗權限提升漏洞
https://thehackernews.com/2019/05/windows-zero-day-vulnerability.html
Windows 10 發現新零日漏洞 駭客可取得管理員權限
https://unwire.pro/2019/05/23/windows-zero-day/security/
Microsoft 產品存在安全性弱點
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
Windows 10 Update Bricks PCs, Microsoft Offers Workarounds
http://bit.ly/2LZ5ix7
Windows 10 version 1903: Is it safe to install yet
https://www.zdnet.com/article/windows-10-latest-version-is-it-safe-to-install-yet/#ftag=RSSbaffb68
Windows 10 zero-day exploit code released online
https://www.zdnet.com/article/windows-10-zero-day-exploit-code-released-online/#ftag=RSSbaffb68
Microsoft Releases Windows Updates to Fix GOV.UK Connection Issues
http://bit.ly/2WaJTF2
Researcher publishes Windows zero-days for the third day in a row
https://www.zdnet.com/article/researcher-publishes-windows-zero-days-for-the-third-day-in-a-row/#ftag=RSSbaffb68
Microsoft Releases Patches For A Critical 'Wormable Flaw' and 78 Other Issues
http://bit.ly/2LTH87e
Microsoft to start pushing Windows 10 version 1903 automatic updates within weeks
https://www.zdnet.com/article/microsoft-to-start-pushing-windows-10-version-1903-automatic-updates-within-weeks/#ftag=RSSbaffb68
Microsoft makes Windows Server 1903 generally available
https://www.zdnet.com/article/microsoft-makes-windows-server-1903-generally-available/#ftag=RSSbaffb68
Microsoft kicks off the rollout of the Windows 10 May Update 1903
https://www.zdnet.com/article/microsoft-kicks-off-the-rollout-of-the-windows-10-may-update-1903/#ftag=RSSbaffb68
Linux 內核曝出RDS 漏洞影響Red Hat , Ubuntu , Debiand 與SuSE
https://www.heibai.org/post/1294.html
【4 萬美元獎金 + 8 萬美元禮物換保密協議?!】 傳 Intel 試圖要求調查人員隱瞞新漏洞
http://bit.ly/2YD3c7k
Intel 建議用戶可以關閉 HT 來杜絕漏洞
https://www.coolaler.com/threads/intel-mds.355482/
你被優衣庫遭到黑客攻擊與英特爾漏洞刷屏了嗎
https://zhuanlan.zhihu.com/p/66108060
ZombieLoad: How Intel’s Latest Side Channel Bug Was Discovered and Disclosed
http://bit.ly/2QgiThL
DSA-2019-051:Dell SupportAssist 客戶端多個漏洞
https://dell.to/2JRr1nK
AMD 真香?AMD 處理器面對「MDS」漏洞無所畏懼
https://exp.gg/zh_tw/exp%E7%A7%91%E6%8A%80%E5%B0%88%E5%8D%80-zh_tw/109185
GitLab輸入驗證錯誤漏洞
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
蘋果設備被曝存在PEAP認證漏洞研究人員對官方修復方案存疑
http://bit.ly/2WTnrNN
Cisco NX-OS命令注入漏洞 CVE-2019-1783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1783
思科針對Nexus 數據中心交換機發出危急安全預警
http://www.sohu.com/a/315098586_100034897?sec=wd
現如今連安全漏洞命名都用表情符了:思科路由器安全啟動漏洞
https://www.aqniu.com/threat-alert/48485.html
Ministryfocusets SQL Injection
https://www.anquanke.com/vul/id/1613759
Big Daddy's Sauces SQL Injection
https://www.anquanke.com/vul/id/1615166
Manav Vikas Seva Sangh SQL Injection
https://www.anquanke.com/vul/id/1615725
Bluetooth Flaw Found in Google Titan Security Keys; Get Free Replacement
http://bit.ly/2WRYRNb
New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011
http://bit.ly/2YAQgij
asus -- rt-ac3200_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-14714
D-Link DIR-818LW
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19986
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19987
D-Link DIR-822
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19989
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19990
D-Link DIR-868L
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19988
suricata-ids -- suricata
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10053
Google updates GKE with release channels, Windows Server Containers
https://www.zdnet.com/article/google-updates-gke-with-release-channels-windows-server-containers/#ftag=RSSbaffb68
Salesforce Says Permissions Bungle Almost Fixed
https://www.bankinfosecurity.com/salesforce-says-permissions-bungle-almost-fixed-a-12497
Google 的G Suite 漏洞讓部分密碼明文存儲達14 年之久
https://www.sohu.com/a/315599427_485557?sec=wd
Mozilla Firefox 多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/05/21/Mozilla-Releases-Security-Updates-Firefox
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
牽連虛擬銀行發展 客戶資訊認證平台開標延期
http://bit.ly/2w7kmhh
香港銀行公會:環聯網上信貸資料服務平台存漏洞
https://hk.on.cc/hk/bkn/cnt/finance/20190520/bkn-20190520153910276-0520_00842_001.html
香港金管局:環聯已提交報告 續暫停網上個人信貸查詢
http://bit.ly/2WcSwPn
一個月內挨罰3次 南山人壽電子商務系統業務存在7項資安、洗錢防制及內稽內控相關缺失 再吞240萬罰單
https://money.udn.com/money/story/5613/3819578
國泰資安險 全方位控管防禦
https://money.udn.com/money/story/5636/3824322
不到半年當機2次 中信銀總座陳佳文:我不滿意
https://ec.ltn.com.tw/article/breakingnews/2797755
後悔了! 南韓金融機構紛紛考慮棄用華為設備
https://ec.ltn.com.tw/article/breakingnews/2797881
全球重量級銀行合資15億元 研發區塊鏈現金結算系統
https://money.udn.com/money/story/5602/3819790
到7-11門市領日圓現鈔 中信銀ATM進駐10店
https://www.ettoday.net/news/20190516/1446115.htm
挺員工!協助金融科技轉型 金融業尚有近54億元可支用
https://ec.ltn.com.tw/article/breakingnews/2792708
因應Fintech 金融業提近60億用不到一成
https://www.chinatimes.com/realtimenews/20190516003785-260410?chdtv
明台產險與資安顧問攜手推出「資安的好險plus」專案
https://www.chinatimes.com/realtimenews/20190523001078-260410?chdtv
花旗銀行向拒收直銷訊息客戶促銷 違反私隱條例判罰1萬元
http://bit.ly/2Hw2Bi2
崴亞開辦 資安保險人才培訓班
http://bit.ly/2JWuTnH
萬幼筠:臺灣純網銀將帶來7大趨勢,但銀行得先具備6項資安能力才不怕Fintech新風險
https://www.ithome.com.tw/news/130692
高儲蓄保單將消失,金管會:保險不是為了理財
http://bit.ly/2X7V3Yx
865家銀行加入人民幣跨境支付系統 去年交易額26萬億
https://news.sina.com.tw/article/20190523/31397030.html
工會赴政院陳情 南山人壽承諾3改善方案 保證新系統6月底前一定穩
https://www.cmoney.tw/notes/note-detail.aspx?nid=171814
銀保監會通報人身險產品問題 26家公司被「點名」
https://news.sina.com.tw/article/20190524/31403560.html
400名南山保戶今到行政院陳情 提2大訴求盼新舊系統並行
https://ec.ltn.com.tw/article/breakingnews/2800667
新系統出包!工會赴政院陳情 南山人壽提3承諾
https://fnc.ebc.net.tw/FncNews/headline/81327
南山新系統大亂「確定不恢復舊系統」 提3大措施拚6月底前改善
https://www.ettoday.net/news/20190524/1451770.htm
傳網銀當機 台銀澄清:重啟設備影響少數用戶
https://www.cna.com.tw/news/afe/201905160109.aspx
台銀網銀當機?台銀:沒當機也沒有駭客
https://udn.com/news/story/7239/3816047
網銀當機 台銀:問題現已排除建議重登入
https://ec.ltn.com.tw/article/breakingnews/2792005
RBI Calls for Self-Regulation for Fintech
https://www.bankinfosecurity.asia/rbi-calls-for-self-regulation-for-fintech-a-12499
ATM physical attacks: Why armor isn't enough
https://www.atmmarketplace.com/blogs/atm-physical-attacks-why-armor-isnt-enough/
The future of cards, contactless and biometrics in payments
https://www.atmmarketplace.com/blogs/the-future-of-cards-contactless-and-biometrics-in-payments-2/
India's Financial Sector Faces Numerous Cyber Challenges
https://www.bankinfosecurity.asia/indias-financial-sector-faces-numerous-cyber-challenges-a-12512
3.電子支付/電子票證/行動支付/ pay/新聞及資安
尼泊爾即日起禁用微信支付、支付寶
https://hk.news.appledaily.com/china/realtime/article/20190521/59625718
陸客一直來卻無法「發大財」,尼泊爾為何全面禁止微信、支付寶
https://www.thenewslens.com/article/119558
商家變相逃稅…尼泊爾禁中國第三方支付
https://m.ltn.com.tw/news/world/paper/1290698
(Daily Issue)印度行動支付群雄並爭 難敵UPI一統江湖
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=1&id=0000555308_VX528YHK16ZYOL7QX9I6C
鳳凰薪酬支付系統故障 料需時4載花26億解決
http://bit.ly/2QdLncf
華為若遭Google中止服務 中信銀:系統界接沒問題
https://ec.ltn.com.tw/article/breakingnews/2797509
電票機構資本額20億以上 董總不能兼任
https://www.chinatimes.com/realtimenews/20190521004569-260410?chdtv
行動支付心得文吐血整理
https://tw.observer/p/231321501
行動支付殊死戰,Line Pay聲量獲得壓倒性的勝利
http://www.feverfo.com/archives/9184
聯邦快遞於台灣推出升級版QR Pay行動支付服務
http://www.ctimes.com.tw/DispNews/tw/FedEx/1905221626Z9.shtml
電票負責人可兼掌特約商店
https://money.udn.com/money/story/5613/3826709
回鄉證 10 月起可申請大陸電子支付、銀行賬戶 使用逾 30 項公共服務
https://unwire.hk/2019/05/17/china-permit-upgrade/life-tech/
染指電子支付 WhatsApp Pay未推出注定舉步維艱
http://bit.ly/2JAveNz
6匪專偷醉漢信用卡 綁電子支付平台盜款
http://bit.ly/2wgn442
OMNY試點計劃 將測試Google Pay
http://bit.ly/2JC6VPa
Apple Pay Used By Hackers To Steal From PrePaid Cards
http://bit.ly/2HDkHxA
4.虛擬貨幣/區塊鍊 新聞及資安
駭客暨蘋果創始人遭「時間差攻擊」,被騙走 7 枚比特幣
https://0nion.com/article/158043
美林銀行:BTC暴漲表明投資者對全球經濟衰退的擔憂正在加劇
http://news.knowing.asia/news/aeae0f53-b85a-4cf9-a0f5-3739986acd10
趙長鵬:本月初的駭客攻擊事件,讓我們因禍得福
https://life.tw/?app=view&no=935879
恐慌蔓延!比特幣上週五到底出了什麼事
http://news.knowing.asia/news/26fd4cec-5323-4913-a076-1cd41d60c2d8
Bitfinex 平台幣「LEO」將於 20 日下午 4 點開放五種主流交易對
https://news.cnyes.com/news/id/4323704
通過修複加密貨幣項目中的漏洞,白帽黑客在7週內賺超32000美元
https://www.tuoluocaijing.com.tw/kuaixun/detail-64905.html
欺騙電信公司易如反掌!駭客Daniel告訴你盜幣其實很簡單
http://news.knowing.asia/news/eb3a48ad-1e74-4a4a-98e8-9daa9722112c
TRON漏洞:通過耗盡內存和CPU來引發DoS
https://bcsec.org/index/detail/tag/2/id/566
虛擬貨幣3種情況 在台課稅
http://bit.ly/2VHriMC
比特幣ATM機現身北京須臾被撤 專家稱該行為已觸碰監管紅線
https://www.finet.hk/newscenter/news_content/5ce5e2edbde0b33646b9bed2
礦機愈多不代表賺得多 學者:加密貨幣與現實無掛勾
http://bit.ly/2HyKN6d
閃電網路:與比特幣掛鉤的新興交易方式
http://news.knowing.asia/news/bfaab2fa-7ba5-41b1-9ab4-4446fb96c44a
比特幣突破八千美元大關,六週內暴漲一倍!台灣如何成為「區塊鏈之島」,朱立倫將提出發展方向
http://bit.ly/2JyR6sv
大陸財經:香港金管局稱,央行數位貨幣在零售方面好處有限
http://bit.ly/2JY17Pj
以太坊智能合約Owner相關CVE漏洞分析
https://www.chainnode.com/post/328787
HitBTC要破產?錢包中只有300萬美元BTC和ETH
http://news.knowing.asia/news/34773bac-1a1b-4819-b371-cfc661bcb238
Facebook 敲定 2020 年推出自家加密貨幣「GlobalCoin」
https://news.cnyes.com/news/id/4326009
取經區塊鏈 張德熙搞數碼黃金終圓夢
https://hk.on.cc/hk/bkn/cnt/finance/20190514/bkn-20190514213836207-0514_00842_001.html
Fake cryptocurrency apps crop up on Google Play as bitcoin price rises
https://www.welivesecurity.com/2019/05/23/fake-cryptocurrency-apps-google-play-bitcoin/
Bestmixer Cryptocurrency Laundering Site Shuttered
https://www.bankinfosecurity.com/bestmixer-cryptocurrency-laundering-site-shuttered-a-12514
Bestmixer seized by police for washing $200 million in tainted cryptocurrency clean
https://www.zdnet.com/article/bestmixer-seized-by-eu-police-over-laundering-of-200-million-in-cryptocurrency/#ftag=RSSbaffb68
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / APT
德媒:華為設備「後門」沒找到 美國思科卻被發現有10個
https://www.ettoday.net/news/20190520/1448402.htm
華為遭荷蘭媒體爆料:有為電信商安裝後門
https://www.inside.com.tw/article/16416-dutch-authorities-investigating-alleged-huawei-backdoor
快修補!微軟SharePoint Server的執行任意程式碼漏洞,已遭惡意程式攻擊
http://bit.ly/2HtCAjq
荷蘭傳出在電信網路上發現華為暗藏後門
https://www.ithome.com.tw/news/130824
兩家美國資安公司號稱有「特殊技術」幫企業解決勒索軟體問題,被揭露其實是瞞著客戶代繳贖金
http://bit.ly/2VXVJD8
電腦突然變超慢?挖礦病毒數量暴增 400 倍,傳統防毒抓不到該如何自救
https://blog.trendmicro.com.tw/?p=60304
Dharma勒索病毒利用防毒工具掩飾惡意活動
https://blog.trendmicro.com.tw/?p=60657
Microsoft Exchange後門程式讓駭客取得前所未有的控制能力
https://blog.trendmicro.com.tw/?p=60650
網購商品搶的是比快! 搶購慢一步? 不是電腦慢而是駭客搞鬼
https://blog.trendmicro.com.tw/?p=60520
Attack Combines Phishing, Steganography, PowerShell to Deliver Malware
https://brica.de/alerts/alert/public/1260418/attack-combines-phishing-steganography-powershell-to-deliver-malware/
Cybercrime group that used malware to steal $100 million from online banking accounts shut down
https://www.digitalmunition.me/2019/05/cybercrime-group-that-used-malware-to-steal-100-million-from-online-banking-accounts-shut-down/
'GozNym' Banking Malware Gang Dismantled by International Law Enforcement
http://bit.ly/2EiZHvg
Law Enforcement Operation Dismantles GozNym Banking Malware
https://hackercombat.com/law-enforcement-operation-dismantles-goznym-banking-malware/
FBI and Europol Disrupt GozNym Malware Attack Network
https://www.bankinfosecurity.com/fbi-europol-disrupt-goznym-malware-attack-network-a-12493
GozNym Bank Malware Gang That Stole Millions Busted
https://www.threatshub.org/blog/goznym-bank-malware-gang-that-stole-millions-busted/
Gootkit banking Trojan via Fake UKPC parking penalty appeals
https://myonlinesecurity.co.uk/gootkit-banking-trojan-via-fake-ukpc-parking-penalty-appeals/
Dutch authorities investigating alleged Huawei 'backdoor'
http://bit.ly/2VRsim4
Winnti: More than just Windows and Gates
https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a
After 2 Years, WannaCry Remains a Threat
https://www.bankinfosecurity.eu/after-2-years-wannacry-remains-threat-a-12496
WhatsApp's Spyware Problem
https://www.bankinfosecurity.eu/interviews/whatsapps-spyware-problem-i-4329
Report: Bitcoin Targeted in 22% of Financial Malware Attacks
https://0nion.com/en/article/40068
Uncovering fake news bots
http://bit.ly/2VRTpgX
財經雜誌《富比士》訂閱網頁被加入惡意程式碼,盜取信用卡資料
https://technews.tw/2019/05/22/bank-card-slurping-malware-sneaks-into-forbes-mag-subscription-website/
Forbes 訂閱網頁被加入惡意代碼 盜取信用卡資料
https://unwire.pro/2019/05/21/malware-sneaks-into-forbes-mag-subscription-website/security/
Bank-card-slurping malware sneaks into Forbes' mag subscription website
https://www.theregister.co.uk/2019/05/16/forbes_magecart_infection/
Cybersecurity experts warn Baltimore to stop 'playing' with ransomware attacks
https://fxn.ws/2VOLvoy
Baltimore ransomware nightmare could last weeks more, with big consequences
https://arstechnica.com/information-technology/2019/05/baltimore-ransomware-nightmare-could-last-weeks-more-with-big-consequences/
Cybercrime: Groups Behind “Banload” Banking Malware Implement New Techniques
https://forum.anomali.com/t/cybercrime-groups-behind-banload-banking-malware-implement-new-techniques/3827
Top 10 Malware April 2019
https://www.cisecurity.org/blog/top-10-malware-april-2019/
W97M/Downloader Malware Dropper Served from Compromised Websites
https://blog.sucuri.net/2019/05/w97m-downloader-malware-dropper-served-from-compromised-websites.html
GOZNYM BANKING MALWARE: GANG BUSTED, BUT IS THAT THE END
https://www.sentinelone.com/blog/goznym-banking-malware-gang-busted/
Law Enforcement Operation Dismantles GozNym Banking Malware
https://hackercombat.com/law-enforcement-operation-dismantles-goznym-banking-malware/
Cybercriminal Gang behind $100million theft busted
https://www.ehackingnews.com/2019/05/cybercriminal-gang-behind-100million.html
Ohio school sends students home because of Trickbot malware infection
https://www.zdnet.com/article/ohio-school-sends-students-home-because-of-trickbot-malware-infection/#ftag=RSSbaffb68
MuddyWater APT Group Upgrades Tactics to Avoid Detection
https://www.bankinfosecurity.com/muddywater-apt-group-upgrades-tactics-to-avoid-detection-a-12504
Takedown Of “GozNym,, Banking Malware 2019
https://techsweed.com/goznim-banking-malware-takedown-2019/
Popular Video Editing Software Website Hacked to Spread Banking Trojan
https://pinicybersecurity.wordpress.com/2019/05/21/popular-video-editing-software-website-hacked-to-spread-banking-trojan/
Seqrite says it is detecting daily intrusions by banking malware Emotet – ETtech.com
http://qualitytechnews.com/seqrite-says-it-is-detecting-daily-intrusions-by-banking-malware-emotet-ettech-com/
EternalBlue reaching new heights since WannaCryptor outbreak
https://www.welivesecurity.com/2019/05/17/eternalblue-new-heights-wannacryptor/
One year later: The VPNFilter catastrophe that wasn't
https://blog.talosintelligence.com/2019/05/one-year-later-vpnfilter-catastrophe.html
B.行動安全 / iPhone / Android /穿戴裝置 /App
一指紋識別技術漏洞曝光:可跟蹤Android和iOS設備
https://news.sina.com.tw/article/20190523/31391240.html
研究人員找出建立Android及iOS裝置獨特指紋的方法
https://www.ithome.com.tw/news/130860
你的手機被監控了嗎?出現這5種狀況要小心
https://fnc.ebc.net.tw/FncNews/life/81000
iOS 描述檔刪除不了? 透過 macOS 或 Windows 一鍵移除所有惡意描述擋
https://mrmad.com.tw/ios-macos-apple-configurator
聊天應用程式 安全性知多少: 點對點加密
https://www.kocpc.com.tw/archives/259868
Telegram創辦人狠批WhatsApp永遠不安全
http://bit.ly/2EmlyCa
Google停止與華為合作 新機恐無法用gmail、Youtube
http://bit.ly/2HC40CK
谷歌.華為恐分手!"已上市"手機不受影響
https://www.ustv.com.tw/UstvMedia/news/103/20190521A064
跟上Google!彭博:英特爾、高通也切斷華為關鍵供應
https://ec.ltn.com.tw/article/breakingnews/2795953
谷歌終止合作 華為手機消費者恐求償無門
https://udn.com/news/story/7238/3823147
別再聽別人亂說了!Google 暫停華為 Android 授權的影響總解析
http://bit.ly/2VGiR47
Google 禁 HUAWEI 手機!?華為手機用家必知 6 大影響及自保方法
http://bit.ly/2YFD4sB
台50萬華為用戶 手動更新保資安
https://news.ltn.com.tw/news/focus/paper/1289967
華為:自有手機OS最快秋天問世,可相容於所有Android App
https://www.ithome.com.tw/news/130802
台積電停止供貨恐斷華為命脈 中國網民:收復台灣就搞定
http://bit.ly/2HHbvs4
趁火打劫「華為拋售潮」 !網友超低價徵求 P30 Pro 當相機
https://3c.ltn.com.tw/news/36844
中華電信宣布不再賣華為新機
http://bit.ly/2YG1HFB
被黑客利用攻擊 WhatsApp修復漏洞
https://hk.epochtimes.com/news/2019-05-23/35014133
華為 Android 禁令下,資安公司警告:非官方 Play Store 風險高
https://technews.tw/2019/05/23/security-concerns-of-huawei-ban/
華為自研系統堵Google 蘋果工程師曝「真相」:等於直接放棄市場
https://www.ettoday.net/news/20190524/1449816.htm
機場車站免費 USB 插座別亂用,手機充電也有可能遭駭客入侵竊資
https://www.eprice.com.tw/mobile/talk/102/5333611/1/
今年首部中高階手機有譜?HTC新機低調通過NCC認證
http://bit.ly/30GchhB
騷擾電話管控不力 中國電信被約談
http://bit.ly/2Ex7ghX
Google Restricts Huawei's Access to Android
https://www.bankinfosecurity.asia/google-restricts-huaweis-access-to-android-a-12498
US Tech Giants Google, Intel, Qualcomm, Broadcom Break Up With Huawei
http://bit.ly/2YzN1b4
US grants temporary license for Huawei to support products
https://zd.net/2JxlPWM
Google Is Cutting Huawei's Android Access: Here's What It Means
http://bit.ly/2WWePWu
Huawei’s phone business would be decimated without Google’s Android
http://bit.ly/2VRd7cN
Paranoia will destroy us: Why Huawei and other Chinese tech is not spying on Americans
https://zd.net/2EoymaZ
US Tech Giants Google, Intel, Qualcomm, Broadcom Break Up With Huawei
http://bit.ly/2EjOvyg
Google pulls Huawei's Android support following Trump blacklist, claims report
https://www.zdnet.com/article/google-pulls-huaweis-android-support-following-trump-blacklist-claims-report/#ftag=RSSbaffb68
Huawei makes smartphone comeback in Brazil
https://www.zdnet.com/article/huawei-makes-smartphone-comeback-in-brazil/#ftag=RSSbaffb68
Apple lied to me about the MacBook Air and now we have a problem
https://www.zdnet.com/article/apple-lied-to-me-about-the-macbook-air-and-now-we-have-a-problem/#ftag=RSSbaffb68
iOS App Dev and Challenge 2019
http://bit.ly/2JYzQfT
Japan telcos pull back sale of new Huawei smartphones
https://www.zdnet.com/article/japan-telcos-pull-back-sale-of-new-huawei-smartphones/#ftag=RSSbaffb68
Android and iOS devices impacted by new sensor calibration attack
https://www.zdnet.com/article/android-and-ios-devices-impacted-by-new-sensor-calibration-attack/#ftag=RSSbaffb68
Tor Browser for Android — First Official App Released On Play Store
http://bit.ly/2HygIDx
Apple needs to make it easier to update older iPhones
https://www.zdnet.com/article/apple-needs-to-make-it-easier-to-update-older-iphones/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
Google 2FA 驗證工具出錯 登入帳戶要離人 9 米
http://bit.ly/2JvVrwH
使用了「密碼管理員」,就可以百分之百放心嗎
https://www.thenewslens.com/feature/timefortune/118527
瀏覽器隔離技術 虛擬空間無顧慮上網開電郵附件
http://bit.ly/2X71B9C
善用開源軟體增加IT韌性
https://www.ithome.com.tw/tech/130492
從駭客歷史預測未來可能的攻擊
https://blog.trendmicro.com.tw/?p=60156
資安新創交流 專家齊聚
http://bit.ly/2JvHejo
沒有資安沒有真相
http://www.taiwantimes.com.tw/ncon.php?num=34830page=ncon.php
Google:帳號中新增備援電話號碼可有效預防遭駭客挾持
https://www.ithome.com.tw/news/130729
研究人員測試電子郵件挾持駭客服務,1/3是空號,部分是詐騙
https://www.ithome.com.tw/news/130849
國際警方聯手破獲全球第二大暗網市集
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16244
ProPublica:不良業者宣稱握有勒索軟體解密技術,私下卻以贖金向駭客換回檔案
https://www.ithome.com.tw/news/130798
資安專家︰全球共建網路安全 AI有利也有弊
https://ec.ltn.com.tw/article/paper/1290157
強化資安 防範國家級駭客網攻
https://www.ydn.com.tw/News/336959
IBM X-Force:自2015年以來 駭客攻擊已下降95%
http://big5.pconline.com.cn/b5/news.pconline.com.cn/1259/12592297.html
駭客威脅防不勝防 我們需要維持高度資安意識
https://news.tvbs.com.tw/politics/1134566
外國網絡攻擊者將在歐盟面臨制裁
https://on.wsj.com/2YJTv7t
川普高爾夫球成績遭駭 四場比賽被改成超慘桿數
http://bit.ly/2JNpK1f
掌握暗網流傳的企業機密與個資,Network Box提供查詢服務
https://www.ithome.com.tw/review/130592
歐盟通過新的網路攻擊制裁,將凍結駭客資產並禁止入境歐盟
https://www.ithome.com.tw/news/130728
大疆或成下個華為?美國國土安全部:中國無人機正大量竊取資料
https://www.inside.com.tw/article/16443-dhs-alert-china-drones-dji-huawei
美國對中國無人機發警告 大疆:獲美政府驗證
https://www.cna.com.tw/news/aopl/201905210091.aspx
滿洲獨立運動參與者被中國國安部門逮捕
http://bit.ly/2Hs8z3u
習近平訪俄前夕 俄資安公司控中國駭客盜竊機密
https://m.ltn.com.tw/news/world/breakingnews/2794474
防止被駭 中共全面替換解放軍的Windows電腦軟體系統
https://www.cmmedia.com.tw/home/articles/15634
被美國列入貿易黑名單 新華社:打壓中國企業不光彩
http://bit.ly/2Jupepz
美中網路戰延燒 議員促查中國中車進軍紐約地鐵
https://newtalk.tw/news/view/2019-05-20/248758
跟進封殺? 微軟商城下架華為筆電引發疑慮
https://udn.com/news/story/120490/3827593?from=udn-catebreaknews_ch2
選邊站!怨美國封殺 黃智賢:我以後都買華為手機
https://news.ltn.com.tw/news/politics/breakingnews/2799924
找華為建置5G 英前情報處長公開反對
https://ec.ltn.com.tw/article/paper/1289476
華為手機很可怕?以色列駭客:從掃地機器人到iPhone,都會被駭
http://bit.ly/30AlPuK
駁國安疑慮!華爾街日報:華為是資產非威脅
https://www.chinatimes.com/realtimenews/20190522000026-260408?chdtv
美國呼籲南韓、LG禁用華為
https://www.chinatimes.com/realtimenews/20190523001455-260410?chdtv
斬草要除根!美提220億預算 助廠商替換華為設備
https://ec.ltn.com.tw/article/breakingnews/2799347
德媒:不要盲從美國限制華為 思科更不「安全」
http://bit.ly/2Qbn3Ys
在中國茁壯、如今被視為「美國公司」的聯想,否認停止供貨給華為,進退兩難
https://chinaqna.com/a/81816?fbclid=IwAR1JiTSmT7apfhbwhN_V5C8ocxRwMEzU6kET30gfDkoeKf23Hgpk4PmyDco
基於資安考量,已有 2 家日本太陽能廠停用華為逆變器
https://technews.tw/2019/05/20/some-japan-solar-farm-reject-huawei-inverters/
中共全球戰略性網攻 國際級資安加速器看好台灣
http://bit.ly/2w8hnoH
科技戰是中國的死穴
https://talk.ltn.com.tw/article/paper/1289854
解放軍守護的華為帝國,正以「技術民族主義」威脅全球
https://www.thenewslens.com/article/119475
自爽?中國稱「華為這功能嚇死美國」 網:為何不禁望遠鏡
https://www.setn.com/News.aspx?NewsID=544606
華為之後再傳川普將向5間中國公司開刀,包括在烏魯木齊有3萬支監視器的「海康威視」
https://www.thenewslens.com/article/119538
防範資安威脅 美國擬封鎖中國監視器「海康威視」
https://news.pchome.com.tw/living/ftv/20190522/photo-15585179815478319009.html
美國有智庫發現北韓透過海外餐館經營電腦軟件生意
http://www.metroradio.com.hk/news/live.aspx?NewsId=20190519171412
冷麵與泡菜背後…北韓餐廳涉販售高科技軟體 金正恩躲過制裁
https://www.ettoday.net/news/20190519/1447827.htm
5/20~24荷蘭資安新創團訪台,歡迎了解海牙資安三角洲資源
https://www.acw.org.tw/News/Detail.aspx?id=72
台灣/英國/香港 國際資安創投與加速器交流論壇
http://bit.ly/2VDQW4x
印度監督飆風戰機採購辦公室 傳遭人試圖闖入 目前尚不清楚是否涉及間諜活動
https://news.sina.com.tw/article/20190522/31387564.html
中國可用開源躲過貿易戰技術限制?美商或美方技術均要配合美國出口法規
http://bit.ly/2WZEiyB
漢和:解放軍全面替換Windows作業系統 防電腦漏洞與病毒
https://www.ettoday.net/news/20190524/1451800.htm
陸工信部:2015年後大陸網速提升六倍 網費下降九成
https://udn.com/news/story/7333/3827681
London Underground to begin tracking passengers through Wi-Fi hotspots
https://www.zdnet.com/article/london-underground-to-begin-tracking-passengers-through-wi-fi-hotspots/#ftag=RSSbaffb68
New FAA rules for recreational drone flyers introduce temporary no-fly zones and a training requirement
https://zd.net/2W1lRgB
Lack of Secure Coding Called a National Security Threat
https://www.bankinfosecurity.asia/interviews/lack-secure-coding-called-national-security-threat-i-4332
Google research: Most hacker-for-hire services are frauds
https://www.zdnet.com/article/google-research-most-hacker-for-hire-services-are-frauds/#ftag=RSSbaffb68
Over half of all reported vulnerabilities in Q1 2019 have a remote attack vector
http://bit.ly/2X1BHnS
CEO told to hand back 757,000 fraudulently obtained IP addresses
http://bit.ly/2JyKhHs
OSINT Recon Great? — Unique Usernames Are Better Than Unique Passwords
http://bit.ly/2WSEboo
Trump Signs Executive Order That Could Ban Huawei
https://www.bankinfosecurity.com/trump-signs-executive-order-that-could-ban-huawei-a-12488
Cybersecurity's Week From Hell
https://www.bankinfosecurity.com/blogs/cybersecuritys-week-from-hell-p-2746
Yes, there are security ramifications to serverless computing
https://www.zdnet.com/article/the-security-ramifications-of-serverless-computing/#ftag=RSSbaffb68
At least 186 EU ISPs use deep-packet inspection to shape traffic, break net neutrality
https://www.zdnet.com/article/186-eu-isps-use-deep-packet-inspection-to-shape-traffic-break-net-neutrality/#ftag=RSSbaffb68
Teamviewer 2016年曾遭中國駭客入侵,但廠商閉口不提
https://ithome.com.tw/news/130782
Report Reveals TeamViewer Was Breached By Chinese Hackers In 2016
http://bit.ly/2we3qFY
Chinese cyberspies breached TeamViewer in 2016
https://www.zdnet.com/article/chinese-cyberspies-breached-teamviewer-in-2016/#ftag=RSSbaffb68
Singapore targets lawyers in digital transformation drive
https://www.zdnet.com/article/singapore-targets-lawyers-in-digital-transformation-drive/#ftag=RSSbaffb68
Hacktivist attacks dropped by 95% since 2015
https://www.zdnet.com/article/hacktivist-attacks-dropped-by-95-since-2015/#ftag=RSSbaffb68
Sharing Threat Intelligence: Time for an Overhaul
http://bit.ly/2VzdZOd
Chess legend Garry Kasparov warns of a ‘cyber Cold War,’ says Western ‘political will’ needed
https://cnb.cx/30A3j5p
PowerHub: bypassing endpoint protection and application whitelisting
https://securityonline.info/powerhub/
Will the U.S. government draft cybersecurity professionals
http://bit.ly/2JPQ4HQ
Tech trade war: After Huawei, which Chinese firms are next on US enemies list
https://www.zdnet.com/article/tech-trade-war-after-huawei-which-chinese-firms-are-next-on-us-enemies-list/#ftag=RSSbaffb68
Cyber Security NSW to boost state capabilities
https://zd.net/2w8KIPY
Wie Hacker aus Fernost Teamviewer ausspionierten
http://bit.ly/30B8Tor
Hackers turn tables on account hijackers by stealing forum data
https://engt.co/2JraCXO
Companies investing in advanced forensic capabilities to identify attackers in greater detail
http://bit.ly/2JRu4MY
White Hat Hackers Earn $32,000 for Finding Crypto Security Exploits in Last Two Months
http://bit.ly/2LZnGG1
Account Hijacking Forum OGusers Hacked
https://krebsonsecurity.com/2019/05/account-hijacking-forum-ogusers-hacked/
Root account misconfigurations found in 20% of top 1,000 Docker containers
https://www.zdnet.com/article/root-account-misconfigurations-found-in-20-of-top-1000-docker-containers/#ftag=RSSbaffb68
First official version of Tor Browser for Android released on the Play Store
https://www.zdnet.com/article/first-official-version-of-tor-browser-for-android-released-on-the-play-store/#ftag=RSSbaffb68
DNS Flag Day 2020: DNS servers must support both UDP and TCP queries
https://www.zdnet.com/article/dns-flag-day-2020-dns-servers-must-support-both-udp-and-tcp-queries/#ftag=RSSbaffb68
A Cybersecurity Guide for Digital Nomads
https://www.webroot.com/blog/2019/05/21/a-cybersecurity-guide-for-digital-nomads/
UK says it warned 16 NATO allies of Russian hacking activities
https://www.zdnet.com/article/uk-says-it-warned-16-nato-allies-of-russian-hacking-activities/#ftag=RSSbaffb68
Career Opportunities: Security Researcher (Red Team) (9595)
https://career10.successfactors.com/sfcareer/jobreqcareer?jobId=9595&company=trendmicro&username=
Sr. Security Engineer
https://www.cakeresume.com/companies/morgan-philips-7d9513/jobs/sr-security-engineer-1b65fc
資訊部資安課-資安工程師
https://www.104.com.tw/job/?jobno=6m8u3
資安管理人員
https://www.imc.com.tw/job/viewJob/IMC404863F65
國網中心/應用開發服務組-資安/佐理工程師/1人
https://www.104.com.tw/job/?jobno=6m9ls
中研院資訊處/資安工程師
https://moptt.tw/p/Tech_Job.M.1558324162.A.68C
網頁資安工程師 Web Security Engineer
https://www.cakeresume.com/companies/unnotech/jobs/web-security-engineer
資安管理師
https://www.104.com.tw/job/?jobno=6m54y
系統維護工程師
http://cug.91wllm.com/job/view/id/1034107
S006-網路資安工程師(台中)
https://www.104.com.tw/job/?jobno=6mc9k
資安工程師
https://www.104.com.tw/job/?jobno=6meax
資訊安全管理師
https://www.104.com.tw/job/?jobno=6mej8
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
被追蹤了還難以刪除!外媒爆 Gmail 默默記下用戶的購物紀錄
https://3c.ltn.com.tw/news/36804
盜竊及詐騙集團利用事主未關閉手機信息彈出功能 獲得信用卡驗證碼
https://topick.hket.com/article/2350868
人肉搜索,有中國特色的doxxing
https://cn.nytimes.com/culture/20190520/wod-doxxing/zh-hant/
微軟、PayPal和Netflix是2019年第一季最常被盜用進行網路釣魚攻擊的品牌
https://blog.trendmicro.com.tw/?p=60647
超過 21,000 台 Linksys 路由器外洩連接歷史記錄
https://chinese.engadget.com/2019/05/19/linksys-routers-leak-device-connection-histories/
Bad Packets:逾2萬臺Linksys路由器外洩連結歷史紀錄
https://www.ithome.com.tw/news/130766
個資疑慮!驚爆4900多萬筆未加密Instagram帳戶被看光
http://bit.ly/2Wg8yb8
Instagram 用戶個資外洩,原來是原始碼惹得禍
https://technews.tw/2019/05/23/instagram-account-data-leaked-due-to-source-code-problem/
買賣盜用帳號討論區 自洩十萬會員資料
http://bit.ly/2VDcMFE
有夠血汗 詐欺集團全年只休「這幾天」
https://news.ltn.com.tw/news/society/breakingnews/2799038
FBI:冒充中使館詐騙 致四千萬美元損失
http://www.epochtimes.com/b5/19/5/20/n11267749.htm
應聘不看工作待遇 飯店一服務員克隆顧客信用卡盜刷套現
http://dailynews.sina.com/bg/international/chinanews/2019-05-20/doc-ifzikfzn1705256.shtml
假冒公安誘陸民眾匯款 台詐騙集團8疑犯落網
https://hk.on.cc/hk/bkn/cnt/cnnews/20190518/bkn-20190518101250715-0518_00952_001.html
詐團南漂高雄 假冒公安騙卡費
https://www.chinatimes.com/newspapers/20190518000651-260107?chdtv
中國製串流影音下載軟體 VidMate 被發現暗藏廣告詐騙
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=855
Mobile Chrome, Safari, and Firefox failed to show phishing warnings for more than a year
https://www.zdnet.com/article/mobile-chrome-safari-and-firefox-failed-to-show-phishing-warnings-for-more-than-a-year/#ftag=RSSbaffb68
TalkTalk data breach customer details found online
https://www.bbc.com/news/business-48351900
TalkTalk customer bank details found through Google search
https://www.zdnet.com/article/talktalk-customer-financial-details-found-through-google-search/#ftag=RSSbaffb68
Google Stored G Suite Users' Passwords in Plain-Text for 14 Years
http://bit.ly/2M35MlC
Singapore updates guidelines on data breach notification, accountability
https://www.zdnet.com/article/singapore-updates-guidelines-on-data-breach-notification-accountability/#ftag=RSSbaffb68
US telcos say they stopped selling user location data, with a few exceptions
https://www.zdnet.com/article/us-telcos-say-they-stopped-selling-user-location-data-with-a-few-exceptions/#ftag=RSSbaffb68
Over 25,000 Linksys Smart Wi-Fi routers vulnerable to sensitive information disclosure flaw
https://badpackets.net/over-25000-linksys-smart-wi-fi-routers-vulnerable-to-sensitive-information-disclosure-flaw/
Company behind LeakedSource pleads guilty in Canada
https://www.zdnet.com/article/company-behind-leakedsource-pleads-guilty-in-canada/#ftag=RSSbaffb68
Hackers Breach Stack Overflow Q&A Site, Some Users' Data Exposed
http://bit.ly/2Hr6cOk
Stack Overflow says hackers breached production systems
https://www.zdnet.com/article/stack-overflow-says-hackers-breached-production-systems/#ftag=RSSbaffb68
Stack Overflow hacker went undetected for a week
https://www.zdnet.com/article/stack-overflow-hacker-went-undetected-for-a-week/#ftag=RSSbaffb68
The growing legal and regulatory implications of collecting biometric data
https://www.zdnet.com/article/the-growing-legal-and-regulatory-implications-of-collecting-biometric-data/#ftag=RSSbaffb68
Watch what you install: Fraudulent ads in apps increase 159% year on year
https://www.zdnet.com/article/watch-what-you-install-fraudulent-apps-increase-159-percent-year-on-year/#ftag=RSSbaffb68
Privacy concerns raised about upcoming Client-Hints web standard
https://www.zdnet.com/article/privacy-concerns-raised-about-upcoming-client-hints-web-standard/#ftag=RSSbaffb68
GDPR: Europe Counts 65,000 Data Breach Notifications So Far
https://www.bankinfosecurity.com/gdpr-europe-counts-65000-data-breach-notifications-so-far-a-12489
Phishing targeting SaaS and webmail services increased to 36% of all phishing attacks
http://bit.ly/2Jvk7oT
YOUR ISP KNOWS EVERYTHING ABOUT YOU. HERE’S HOW TO SECURE YOUR PRIVACY IN 2019
https://digital.com/blog/isp-tracking/?fbclid=IwAR0XJFTY4vuX-QpM24OKJfGTFSqq3u-OJmJlZQwA8xFTl9mm2GUqLCb4wZU
DHS Reportedly Warns of Chinese-Made Drones Stealing Data
https://www.bankinfosecurity.com/dhs-reportedly-warns-chinese-made-drones-stealing-data-a-12502
E.研究報告
CVE-2015-0057内核漏洞分析及利用
https://xz.aliyun.com/t/4549
CVE-2019-0708,又一個“WannaCry”級漏洞?優衣庫遭到黑客攻擊
https://www.chainnews.com/articles/497633745111.htm
CVE-2017-7269 IIS6.0遠端程式碼執行漏洞復現
https://www.itread01.com/content/1558299663.html
內核漏洞挖掘技術系列(4)——syzkaller(3)
https://xz.aliyun.com/t/5154
一個曾經的Zabbix SQL注入漏洞分析
https://zhuanlan.zhihu.com/p/66248991
Mesh無線技術是甚麼 如何輕鬆解決網路訊號問題看這篇
https://www.nownews.com/news/20190521/3391650/
實戰介紹Windows下的PC客戶端常見漏洞挖掘
https://www.freebuf.com/vuls/203227.html
SQL Server 使用 FIRST_VALUE 及 LAST_VALUE 來取得第一筆資料列及最後一筆資料列的資料
https://dotblogs.com.tw/supershowwei/2019/05/20/155113?fbclid=IwAR0JY5piCZ0OPo5QgHCJ2jzE4s7cHY7ciop-vTKKF4rTwOKSfDZtvThuWCk
利用CVE-2018-1000861漏洞來傳播Kerberods挖礦機
https://www.4hou.com/vulnerable/17964.html
Ubiquiti AmpliFi Gamer’s Edition 評測:Mesh WiFi 低延遲網路優化
http://bit.ly/2JvO9sU
CVE-2015-1635-HTTP.SYS遠程執行代碼漏洞復現
http://copyfuture.com/blogs-details/73a4beb63902c3a6a9904b140bba98f8
APP漏洞利用組合拳——應用克隆案例分析
http://copyfuture.com/blogs-details/d10018d675b6aa2532657019cce82d4f
CVE-2019-0708漏洞利用工具
https://www.agesec.com/1864.html
How to Upgrade Your XSS Bug from Medium to Critical
https://medium.com/@hakluke/upgrade-xss-from-medium-to-critical-cb96597b6cc4
Passwords Are Dead, Long Live The Password
https://medium.com/@PrescientSecurity/passwords-are-dead-long-live-the-password-683a6099244f
Hacking around with JavaScript and Shortcuts in iOS 12
https://medium.com/@chrishutchinson/hacking-around-with-javascript-and-shortcuts-in-ios-12-95f8d7190777
Russia Clearly Knew Assad’s Latest Chemical Attack in Syria Was Coming
https://medium.com/s/story/russia-clearly-knew-assads-latest-chemical-attack-in-syria-was-coming-a0f6c670c694
ThreatHunting v1.3 releases: A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
https://securityonline.info/threathunting/?fbclid=IwAR25-yUy9WLQQZVvPf3Bq5L2FaBhgiSV1x8QO2ei-nyQH94JGBWbxqvf0X4
Mapping Iran’s Rana Institute to MITRE Pre-ATT&CK™ and ATT&CK™
http://bit.ly/30x5hDA
Cisco Prime基礎設施未授權遠程代碼執行漏洞分析
https://www.anquanke.com/post/id/178700
CVE-2019-0708: Windows RDP遠程漏洞無損檢測工具下載
https://cert.360.cn/warning/detail?id=1caed77a5620fc7da993fea91c237ed5
深入分析Windows系統DHCP漏洞(CVE-2019-0726)
https://www.anquanke.com/post/id/178687
Weblogic-SSRF漏洞復現
https://www.itread01.com/content/1558542304.html
CVE-2019-0708RDP漏洞PoC
https://bbs.pediy.com/thread-251487.htm
WD MyCloud NAS命令執行漏洞
https://nosec.org/home/detail/2664.html
RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability CVE-2019-0708
http://bit.ly/2VXVp7p
5 Cybersecurity Tools Every Business Needs to Know
http://bit.ly/2VLLmxl
F.商業
趨勢科技推出業界最全面的雲端及容器工作負載防護
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000559857_72698MWV4XNNCI81FCQX7
採用託管式偵測及回應服務,從資安自動化受惠
https://blog.trendmicro.com.tw/?p=60535
D-Link & McAfee 各司其職 內置資安防護的WiFi Mesh路由器新品體
https://apk.tw/thread-908965-1-1.html
D-Link & McAfee 各司其職 內置資安防護的WiFi Mesh路由器新品體驗會 活動心得分享
https://www.xfastest.com/forum.php?mod=viewthread&tid=228984&cp=4
零壹科技宣布建構企業IT夥伴平台生態圈
https://news.sina.com.tw/article/20190521/31374356.html
零壹自辦「解決方案日大會」 致力轉型解決方案供應商
https://udn.com/news/story/7240/3826975
5G應用面向多元 TUV NORD提供客製化解決方案
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&id=0000559962_9HJ8SH0U7E5OSU1CUJB0S
加速雲端開發並提升服務品質,資策會揭露第三方驗測經驗
https://www.ithome.com.tw/news/130821
開源軟體的商業模式分析(三):開源不等於免費
https://meet.bnext.com.tw/articles/view/44932
網站鎖頭還不夠! 芬-安全給您網站安全和隱私身份的5種方法
https://news.sina.com.tw/article/20190523/31393064.html
採用託管式偵測及回應服務,從資安自動化受惠
https://blog.trendmicro.com.tw/?p=60535
Apple admits it's changing its MacBook keyboard again (oh, great)
https://www.zdnet.com/article/apple-admits-its-changing-its-macbook-keyboard-again-oh-great/#ftag=RSSbaffb68
Apple offers free keyboard replacement program for MacBook, MacBook Pro, refreshes MacBook Pro lineup
https://zd.net/2YGoPnq
Google changes how the Escape key is handled in Chrome to fight popup ads
https://zd.net/2QcKOzr
Core Elastic Stack Security Features Now Available For Free Users As Well
http://bit.ly/2HwfHft
Citrix deepens cloud integrations with Google, Microsoft
https://www.zdnet.com/article/citrix-deepens-cloud-integrations-with-google-microsoft/#ftag=RSSbaffb68
Siemens, Alphabet's Chronicle forge cybersecurity partnership
https://www.zdnet.com/article/siemens-alphabets-chronicle-forge-cybersecurity-partnership/#ftag=RSSbaffb68
VMware talks up multi-cloud era, need to transform security
https://www.zdnet.com/article/vmware-talks-up-multi-cloud-era-need-to-transform-security/#ftag=RSSbaffb68
G.政府
曾參與海軍蒐集資料 海釣船蘭嶼走私安毒
https://www.cna.com.tw/news/asoc/201905180180.aspx
衛福部大刀闊斧推醫療資安聯防,更要用資料治理打AI基礎
https://www.ithome.com.tw/people/130644
21日赴政院 工商協進會建言 首重穩能源
https://www.chinatimes.com/newspapers/20190519000207-260202?chdtv
國家資安疑慮 蔡政府禁用中興通訊產品
https://m.ltn.com.tw/news/politics/breakingnews/2794306
捍衛資通安全「中興」也禁? 政院:7月底公布清單
https://tw.news.appledaily.com/new/realtime/20190518/1568976/
金融研訓院 11月19日辦理資安治理講堂(第4期)
https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=369954
中國騰訊WeTV變身登台 財長:該課的稅跑不掉
https://www.rti.org.tw/news/view/id/2021285
資通電軍拜會調查處 建立穩固保防安全網
http://bit.ly/2JtXeCh
工研院:台灣是網攻熱點,造就資安人才經實戰演練素質高
https://technews.tw/2019/05/20/irti-taiwan-is-small-but-a-hotspot-cyber-attack-taiwan-have-good-quality-of-security-talants/
防止中共滲透台灣媒體 時代力量提修法三部曲
http://bit.ly/2M2afFj
破冰!睽違3年半 兩岸證券監理將啟動交流
https://ec.ltn.com.tw/article/breakingnews/2796193
證基會開辦 「證券期貨機構法人實務操作進階研習課程」 報名截止日7月5日
https://ctee.com.tw/industrynews/93594.html
臺灣司法證據保全引進區塊鏈技術
https://www.ithome.com.tw/news/130738
防堵資安疑慮廠商 採購法有明確規範
http://bit.ly/2HwptOB
EP.23 調查局內的區塊鏈高手 ─ 專訪資安鑑識實驗室周士楨調查官
https://apple.co/2WqE8mV
金管會參考國際 STO門檻沒下調
https://www.chinatimes.com/realtimenews/20190519001550-260410?chdtv
STO監理規範出爐 國際資金關注3,000萬元門檻
https://money.udn.com/money/story/5617/3826220
金管會將密切觀察銀行線上授信業務 普匯導入AI審核快速又安全
http://bit.ly/2HxEDTP
利用LINE傳個資 金管會列金檢
https://eteacher.edu.tw/ReadNews_m.aspx?id=3908
金管會要修法導正 高儲蓄型保單掰了
https://ec.ltn.com.tw/article/paper/1290682
業務員勸誘保戶貸款買投資型保單 金管會將重罰「最高罰1200萬」
https://www.ettoday.net/news/20190522/1450582.htm
高雄打造智慧城市 明年設科技資訊局
https://news.ltn.com.tw/news/local/paper/1289208
防堵資安疑慮廠商 工程會:採購法有規範
http://www.epochtimes.com/b5/19/5/22/n11272796.htm
海康威視等監視設備 經長:台電、中油已移除
http://bit.ly/2QgZBJi
從公務員開始培養資安意識 建立安全可靠資訊系統
https://tyenews.com/2019/05/17188/
華為供應鏈小心了 經長:手機網通生態將重整
http://bit.ly/2HwVyG2
2019年RSA資訊安全大會暨展覽會 出國報告
https://report.nat.gov.tw/ReportFront/ReportDetail/detail?sysId=C10800555
H.SCADA/ICS/工控系統
siemens -- logo!8_bm_firmware
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10919
siemens -- simatic_pcs_7
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10916
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10918
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10922
I.教育訓練
衝上 GitHub 熱門第四名!Python 機器學習最強教學資源,新手工程師快存起來
http://bit.ly/2WRiepO
Practice with Ghidra
https://medium.com/@nowayout/practice-with-ghidra-c23fba84db66
Learn how to deploy a Honeypot and visualise its data step by step
https://medium.com/@galolbardes/learn-how-to-deploy-a-honeypot-and-visualise-its-data-step-by-step-ea3cd3f25822
Hacking and Cyber Security Certification Training Bundle 2019 (10 Courses)
http://bit.ly/2JxXIY5
How to Protect Your Business and Yourself from Formjacking
https://teresarothaar.com/how-to-protect-your-business-and-yourself-from-formjacking-bd166c41fe88
How to Set Up a Secure Phone
https://medium.com/@TheTechTutor/how-to-set-up-a-secure-phone-c8f3ad090871
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
資安標章技術診斷及輔導專家團隊
https://www.taics.org.tw/index.php/news/show/id/0b805e27ce7e1037b756acd21801bba8
當「車聯網」遇上「黑客」,安全難題怎麼破
https://news.sina.com.tw/article/20190518/31338210.html
眾「智」凌雲,台灣AI計算雲TWCC開始試營運
https://www.techbang.com/posts/70184-zhi-lingyun-taiwan-ai-computing-cloud-twcc-began-trial-operation
科技戰掀資安恐慌 台廠人臉辨識有競爭力
http://bit.ly/2JtjRXB
製造業所面臨的資安管理挑戰及趨勢
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=12&aid=8729
Internet of Things — Leap towards a hyper-connected world
https://medium.com/@swati.siddhartha/internet-of-things-leap-towards-a-hyper-connected-world-6b6a90960a06
Report slams police for using "garbage" data with facial recognition tools
https://www.zdnet.com/article/report-slams-police-for-using-garbage-data-with-facial-recognition-tools/#ftag=RSSbaffb68
Congress: "It's time for a time out" on facial recognition
https://www.zdnet.com/article/congress-its-time-for-a-time-out-on-facial-recognition/#ftag=RSSbaffb68
6.近期資安活動及研討會
The Dungeons of Hackers Workshop@Hualien 2019 - 駭客的地下工作坊@花蓮 5/24
https://tdohackerparty.kktix.cc/events/4908125d?fbclid=IwAR39uCZNCuuzlOZGz0NhIhqfahs5D4GjaLWXpbbsda6xah3_CIU-3MGl2Ac
硬體資安研討會 108年5月24日
https://eenctu.nctu.edu.tw/tw/news/p1.php?num=273
學生資安新手村 相關活動整理 台灣大學場 5/24 (五) 19:00 - 21:00
https://forms.gle/EySe1PkyW2ZRyLyQA
2019年首場資安社群論壇 - 駭客過招,實戰分享 5/25
https://forms.gle/965PMChQD82qYAmM7
Docker Birthday #5 - Taipei 5/25
https://www.meetup.com/Docker-Taipei/events/248974949/
[K8S學程] Kubernetes 容器遷移實戰 5/25
https://broadmission.kktix.cc/events/migration?fbclid=IwAR3HE5E_DgL4qe8wv1j12QvEhO9_i9qj7e7mWF6Z5I_m6itcVwTJV-7jl30
今年首場資安社群論壇 - 駭客過招,實戰分享 5/25(六)
https://www.digicentre.com.tw/news_detail.php?id=56&fbclid=IwAR1Qsa6ehY00EJk4tGPfxZ1HqvrcX2eVNZ2Htets23i_qiKZCCI9-H1plZw
學生資安新手村 相關活動整理 逢甲大學黑客社場 5/25(六)13:00-16:00
https://hackersir.kktix.cc/events/fcu190525
《我們與資安的距離》給高中生的一堂資安課-用Python進行資安解題 5/26
http://gg.gg/dueuq
OWASP TechDay Taiwan 2019 2019/05/28
https://csa.kktix.cc/events/owasp0528
「智慧資安主題論壇-智慧製造」論壇(5/29)
http://www.twiota.org/eventDetails.aspx?id=c0ce0559-496a-4d32-b481-14221f75d791
HackingThursday 固定聚會 5/30
https://www.meetup.com/hackingthursday/events/vkhnnqyzhbnc/
學生資安新手村 相關活動整理 台灣大學場 5/31 (五) 19:00 - 21:00
https://forms.gle/EySe1PkyW2ZRyLyQA
學生資安新手村 相關活動整理 高雄科技大學場 05/31(五) 18:30~21:30
https://nkust-itc.kktix.cc/events/security-beginner-speech
學生資安新手村 相關活動整理 淡江大學場 工作坊 6/1(六) 10:00 - 16:00
https://forms.gle/aBgGfLUYcvJh7hzk9
學生資安新手村 相關活動整理 高雄科技大學場 06/02(日) 08:30~18:00
https://nkust-itc.kktix.cc/events/security-beginner-workshop
International Conference CONSTRUCTIVE THEORY OF FUNCTIONS - 2019 SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/
軟體安全性測試實務 6/3 ~ 6/4
https://www.accupass.com/event/1904230701335964656400
HackingThursday 固定聚會 6/6
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbjb/
國家高速網路與計算中心教育訓練-源碼檢測實作 6/13
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3828&from_course_list_url=homepage
HackingThursday 固定聚會 6/13
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbrb/
React Hooks 實戰會議室 ─ 前端工程師的潮流技能不私藏 6/14
https://www.facebook.com/events/447646755985628/
國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
https://hackercollege.nctu.edu.tw/?p=1039
The Artificial Intelligence Conference 6/18
https://www.facebook.com/events/278255853036175/?event_time_id=360038254857934
Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/
HackingThursday 固定聚會 6/20
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbbc/
國家高速網路與計算中心教育訓練-資安健診 6/20
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3832&from_course_list_url=homepage
Edvance Beacon 2019 6/21
https://docs.google.com/forms/d/e/1FAIpQLSe70uw8Pi862IkL_rQXDJhzd7QnGXiuhcWwttOEN2BZwUbyMw/viewform
HackingThursday 固定聚會 6/27
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/
HackingThursday 固定聚會 7/4
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/
2019國際資訊安全組織台灣高峰會 7/9 ~ 7/11
https://csa.kktix.cc/events/2019con
工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
https://www.accupass.com/event/1904080311551119077841
HackingThursday 固定聚會 7/11
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/
HackingThursday 固定聚會 7/18
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/
HackingThursday 固定聚會 7/25
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/
DEF CON 27 2019/8/8–8/11
https://www.defcon.org/
WEB應用滲透測試 8/21 ~ 8/23
https://www.accupass.com/event/1904080221358963463590
資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」 8/29 ~ 8/30
http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==
108年資安職能訓練-行動裝置安全(8/29-8/30)
https://cee.ksu.edu.tw/recruitinfo/1443.html
TANET 2019 - 臺灣網際網路研討會 9/25
https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310
HITB+ CYBER WEEK 2019/10/12 ~17
https://d2p.hitb.org/?fbclid=IwAR2gU17bz0Y7TH8THIIskIX1vziWBpMY152mJiwk7AAeVS752f_eNcZ0NzU
Splunk .conf 19 10/21 ~ 10/24
https://conf.splunk.com/
Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019
https://www.icscybersecurityconference.com
沒有留言:
張貼留言