資安事件新聞週報 2019/6/10 ~ 2019/6/14
1.重大弱點漏洞/後門/Exploit/Zero Day
VMware 發布新的安全更新
https://www.vmware.com/security/advisories/VMSA-2019-0009.html
Xen 阻斷服務漏洞
https://xenbits.xen.org/xsa/advisory-295.html
D-Link 連網監視攝影機被爆資安漏洞,駭客可取得影像內容
https://blog.twnic.net.tw/2019/06/13/3991/
TP-Link 路由器多個漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-6989
Facebook CDN系统中的文件下载漏洞
http://521.li/post/872.html
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
https://www.exploit-db.com/exploits/46967
phpMyAdmin 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.2016/
校園英聽教材互動廣播系統 存在 資料庫注入攻擊 漏洞
https://www.kl.edu.tw/v7/eduweb/index.php?func=edu_msg&edumsg_id=68985
eClass平台 存在 任意檔案下載 漏洞,請盡速確認並進行修補作業
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=3003
Yubico生產的USB安全金鑰裝置也傳臭蟲,將免費換新
https://www.ithome.com.tw/news/131273
If you haven’t patched Vim or NeoVim text editors, you really, really should
https://arstechnica.com/information-technology/2019/06/if-you-havent-patched-vim-or-neovim-text-editors-you-really-really-should/#p3
Adobe Issues Critical Patches for ColdFusion, Flash Player, Campaign
http://bit.ly/2KHTih6
Exim RCE漏洞影響數百萬伺服器,已有駭客發動攻擊程式
https://www.ithome.com.tw/news/131270
Critical Flaw Reported in Popular Evernote Extension for Chrome Users
http://bit.ly/2IJh1L4
Google Researcher Details Windows Cryptographic Library Bug
https://www.bankinfosecurity.eu/google-researcher-details-windows-cryptographic-library-bug-a-12622
印象筆記在谷歌瀏覽器上的擴展存在嚴重漏洞影響多達460萬名用戶
https://www.landiannews.com/archives/59545.html
研究表明只有5.5% 的被發現漏洞曾遭到利用
https://www.chainnews.com/articles/805592825471.htm
研究:駭客在這9年來所開採的公開漏洞中,只有一半利用公開攻擊程式
https://www.ithome.com.tw/news/131208
Intel 處理器再被發現嚴重資安漏洞「ZombieLoad」,用戶請速更新系統
https://blog.twnic.net.tw/2019/06/13/4014/
Intel fixes severe NUC firmware, web console vulnerabilities
https://www.zdnet.com/article/intel-fixes-severe-firmware-web-console-vulnerabilities/#ftag=RSSbaffb68
New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions
http://bit.ly/2I9DJxd
Critical bug found in popular mail server software
https://www.welivesecurity.com/2019/06/07/mail-server-software-exim-critical-bug/
huawei -- s12700_firmware CVE-2019-5285
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5285
linksys -- wrt1900acs_firmware CVE-2019-7311
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-7311
zyxel -- p-660hn-t1_firmware CVE-2019-6725
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6725
microfocus -- service_manager CVE-2019-11646
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11646
phpmyadmin CVE-2019-11768
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11768
qemu CVE-2018-20815
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20815
Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor
https://thehackernews.com/2019/06/linux-vim-vulnerability.html
vim CVE-2019-12735
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12735
Release Notes June 2019 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance
Microsoft Releases June 2019 Security Updates to Patch 88 Vulnerabilities
http://bit.ly/31vnP7K
Security update deployment information: June 11, 2019
https://support.microsoft.com/en-us/help/20190611/security-update-deployment-information-june-11-2019
NSA joins chorus urging Windows users to patch ‘BlueKeep’
https://www.welivesecurity.com/2019/06/06/nsa-urging-users-patch-bluekeep/
Windows 10 zero-day details published on GitHub
https://www.zdnet.com/article/windows-10-zero-day-details-published-on-github/#ftag=RSSbaffb68
Researcher Posts Demo of BlueKeep Exploit of Windows Device
https://www.bankinfosecurity.com/researcher-posts-demo-bluekeep-exploit-windows-device-a-12580
Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw
http://bit.ly/2WW4hKi
Microsoft blocks BLE security keys with known pairing vulnerability
https://www.zdnet.com/article/microsoft-blocks-ble-security-keys-with-known-pairing-vulnerability/#ftag=RSSbaffb68
微軟發表6月份Patch Tuesday修補更新 快速堵上被駭客公佈的零時差漏洞
http://bit.ly/2IFrd7G
Microsoft's June 2019 Patch Tuesday fixes many of SandboxEscaper's zero-days
https://www.zdnet.com/article/microsofts-june-2019-patch-tuesday-fixes-many-of-sandboxescapers-zero-days/#ftag=RSSbaffb68
June’s Patch Tuesday Fixes 88 Security Flaws, Including SandboxEscaper’s Zero Days, HoloLens
https://blog.trendmicro.com/trendlabs-security-intelligence/junes-patch-tuesday-fixes-88-security-flaws-including-sandboxescapers-zero-days-hololens/
CVE-2019-0974 | Jet Database Engine Remote Code Execution Vulnerability
http://bit.ly/2WHlTKy
奇安信A-TEAM團隊助微軟修復高危漏洞獲官方致謝
https://news.sina.com.tw/article/20190612/31603298.html
Two hacking groups responsible for huge spike in hacked Magento 2.x stores June 12, 2019
https://www.zdnet.com/article/two-hacking-groups-responsible-for-huge-spike-in-hacked-magento-stores/#ftag=RSSbaffb68
ambionics/magento-exploits
https://github.com/ambionics/magento-exploits/blob/master/magento-sqli.py
MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI
https://www.ambionics.io/blog/magento-sqli
Liferay Portal < 7.1 CE GA4 / SimpleCaptcha API XSS
https://www.exploit-db.com/exploits/46983
Cross Site Request Forgery (CSRF)
https://www.exploit-db.com/exploits/46982
Intel NUC Kit 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11126
思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x
CentOS 7.6 - 'ptrace_scope' Privilege Escalation
https://www.exploit-db.com/exploits/46989
Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)
https://www.exploit-db.com/exploits/46984
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
財金資訊公司董事長林國良:掌握數位金融服務,提升競爭力
http://bit.ly/2Wpq2hi
台北富邦銀行數位長李維斌:小步快跑,跟上數位金融大趨勢
http://bit.ly/2WvZfVJ
金融科技夯 風險控管浮檯面
https://money.udn.com/money/story/6808/3861865
沙盒新案!銀行跨行支付 挑戰財金公司
https://www.chinatimes.com/realtimenews/20190606004529-260410?chdtv
(HSM)漏洞影響銀行、雲供應商和政府
https://www.chainnews.com/articles/283509474927.htm
網上現中國銀行欺詐網頁 香港金管局呼籲市民提高警覺
http://bit.ly/2MDGcUU
香港金管局研電子錢包實名制 新開戶須身份認證 冀明年10月推
http://bit.ly/2WGMXde
純網銀執照與STO監管法規接連公布,台灣金融業準備創造奇蹟的夏天
http://bit.ly/31o87eJ
純網銀拚上路 金融服務樣貌將徹底翻轉
https://ec.ltn.com.tw/article/breakingnews/2812688
臺灣數位金融服務何去何從
https://udn.com/news/story/6853/3866694
LINE搶攻純網銀大打資安牌和日本經驗,更要打造用戶導向的整合式金融犯罪平臺
https://www.ithome.com.tw/news/131030
ATM上有一圈白白的 伸手去轉結果嚇傻人
https://www.secretchina.com/news/b5/2019/06/11/896455.html
取錢遇ATM瘋狂吐鈔:紙鈔一張張飄落 男子用大包接著
https://news.sina.com.tw/article/20190611/31592828.html
唯一一台ATM機失竊 紐西蘭一小鎮變無現金社會
https://news.sina.com.tw/article/20190612/31599668.html
運鈔員沉迷簽賭當內賊「偷ATM鈔匣」1337萬元 逃亡7天剩843萬
https://www.ettoday.net/news/20190612/1465691.htm
數位金融業務 金管會盯
https://money.udn.com/money/story/5613/3868614
哥斯大黎加頻遭網路攻擊 銀行和政府機構為主要目標
https://news.sina.com.tw/article/20190612/31605286.html
新加坡開放純網銀?叫車一哥Grab想搶頭香
https://tw.news.appledaily.com/new/realtime/20190612/1582650/
聯邦再向騎警撥款1,000萬元打擊洗錢犯罪
http://bit.ly/31vMaud
Hit FinTech 探討純網銀STO趨勢
https://udndata.com/ndapp/udntag/finance/Article?origid=9340906
23 Cases of Insider Bank Threats
https://medium.com/bugbountywriteup/18-cases-of-insider-bank-threats-16a29dcfca18
Major HSM vulnerabilities impact banks, cloud providers, governments
https://www.zdnet.com/article/major-hsm-vulnerabilities-impact-banks-cloud-providers-governments/#ftag=RSSbaffb68
Diebold Nixdorf warns customers of RCE bug in older ATMs
https://www.zdnet.com/article/diebold-nixdorf-warns-customers-of-rce-bug-in-older-atms/#ftag=RSSbaffb68
ATM skimming crook behind bars after draining accounts for 2 years
http://bit.ly/2I4t1b8
Over 185,000 Payment Card Details Stolen by MageCart
https://www.fortinet.com/blog/threat-research/payment-card-details-stolen-magecart.html
FIN8 hackers return after two years with attacks against hospitality sector
https://www.zdnet.com/article/fin8-hackers-return-after-two-years-with-attacks-against-hospitality-sector/#ftag=RSSbaffb68
The Shifting Sands of Financial Fraud
https://www.bankinfosecurity.com/shifting-sands-financial-fraud-a-12607
UK Taxpayers Overwhelmed with Phishing Scams
https://www.infosecurity-magazine.com/news/uk-taxpayers-overwhelmed-with-1-1
3.電子支付/電子票證/行動支付/ pay/新聞及資安
數位錢包使用便利 免受駭客攻擊
http://bit.ly/2KbRVHV
支付公司深挖跨境業務
http://paper.wenweipo.com/2019/06/07/FI1906070017.htm
俄擬禁支付寶等外國電子支付向俄羅斯人提供服務
http://www.jxydjc.com/News/keji/1685.html
網民 PayMe「轉錯數」對方不退錢兼封鎖!銀行公會指引:不交出款項或有法律後果
http://bit.ly/2I7FH0K
用非法「第四方支付」平台幫賭博網站洗錢,42名嫌犯被抓
https://news.sina.com.tw/article/20190613/31614492.html
悠遊卡公司董事長兼總經理陳亭如:結合消費場景,悠遊卡積極投入「載具多元化」
http://bit.ly/2KMXCeU
台灣三星電子三星支付總監邱淑鈴:Samsung Pay結合悠遊卡,使電子支付達到更全方位且智慧的使用場景
http://bit.ly/2ICouvy
LINE Pay行動支付收款機拓點 年底前全台可用
https://www.fountmedia.io/article/18790
小綠機「LINE Pay mini」 正式在台拓點
https://www.chinatimes.com/realtimenews/20190613003555-260410?chdtv
日推行動支付 英警覺危機開始踩煞車
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000561963_29y8w6gz7at7ul2e55cgg
4.虛擬貨幣/區塊鍊 新聞及資安
加密貨幣交易平台Cryptohopper有山寨版,可竊取受害者資料
https://ithome.com.tw/news/131147
研究:比特幣通脹漏洞仍然存在,60%的比特幣全節點或受其影響
https://www.bishijie.com/shendu_33168
Facebook 加密貨幣即將面世!有傳於本月中發佈白皮書
http://bit.ly/2WBOQTj
Facebook傳下周推加密貨幣 獲Visa及萬事達卡支持
http://bit.ly/2WKMTZK
加密貨幣初創公司湧向IEO籌資
https://on.wsj.com/2IwsCNN
觀光產業區塊鏈 6/6六點六分正式啟航
http://bit.ly/2Kc4Klx
區塊鏈相關漏洞類型匯總
https://bbs.pediy.com/thread-251878.htm
網傳Facebook穩定幣可能將在Zilliqa上進行發布
http://news.knowing.asia/news/cba50890-fa57-491f-9d0d-a1b1c06f4cd7
台東縣長饒慶鈴:我們希望能導入區塊鏈,用規模經濟創造經濟規模
http://bit.ly/2XFbEmF
解決產業痛點 Visa 推基於部分區塊鏈技術的全球跨境支付網絡
https://news.cnyes.com/news/id/4336460
John McAfee 即將發行貨幣Freedom Coin
http://bit.ly/2ZqEZBP
駭客企圖入侵帳戶次數攀升 BitMEX :強烈建議啟用 2FA
https://news.cnyes.com/news/id/4336541
巴西最大銀行:將很快推出專有區塊鏈平台
https://news.sina.com.tw/article/20190613/31618322.html
TTChain 打造跨鏈閃電支付系統 解決產業瓶頸
https://ctee.com.tw/industrynews/financesmanage/105379.html
國發會領軍 區塊鏈大聯盟7月成立
https://www.chinatimes.com/realtimenews/20190614002497-260410?chdtv
幣安被盜7,074枚BTC再次出現異動,小額資金可能已洗錢成功
https://news.sina.com.tw/article/20190614/31632178.html
Hackers steal $9.5 million from GateHub cryptocurrency wallets
https://www.zdnet.com/article/hackers-steal-9-5-million-from-gatehub-cryptocurrency-wallets/#ftag=RSSbaffb68
Cryptocurrency startup hacks itself before hacker gets a chance to steal users funds
https://www.zdnet.com/article/cryptocurrency-startup-hacks-itself-before-hacker-gets-a-chance-to-steal-users-funds/#ftag=RSSbaffb68
Cryptocurrency attack thwarted by npm team
https://nakedsecurity.sophos.com/2019/06/10/thwarted-cryptocurrency-attack-shows-importance-of-testing-open-source-code/
IBM, Walmart to pilot blockchain network for prescription drug traceability
https://www.zdnet.com/article/ibm-walmart-to-pilot-blockchain-network-for-prescription-drug-traceability/#ftag=RSSbaffb68
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / APT
新型「挖礦」惡意軟體,BlackSquid 肆虐美國與泰國
https://technews.tw/2019/06/10/new-cryptocurrency-mining-malware-is-spreading-across-thailand-and-the-us/
BlackSquid 利用八種知名漏洞潛入伺服器與磁碟,並植入 XMRig 挖礦程式
https://blog.trendmicro.com.tw/?p=60846
微軟警告垃圾郵件用Office漏洞傳木馬:瞄準歐洲用戶
https://news.sina.com.tw/article/20190610/31571822.html
資安公司Trend Micro於6月6日發布美國俄亥俄州一所學校因學校的網路及電腦遭到 Trickbot惡意程式 攻擊被迫停課一天
https://blog.trendmicro.com.tw/?p=60809
Mirai變種加入8個漏洞利用,攻擊iot設備
https://www.4hou.com/vulnerable/18458.html
殭屍網路猛攻150萬臺RDP主機,全球皆有災情,臺灣遭駭主機也不少
https://www.ithome.com.tw/news/131203
Sophos:小心!駭客利用遠端存取把勒索軟體送到你家
https://www.ithome.com.tw/news/131201
PCASTLE門羅幣挖礦病毒利用無檔案技術,再次針對中國發動攻擊
https://blog.trendmicro.com.tw/?p=60832
HiddenWasp惡意軟體借用Mirai及Winnti程式碼攻擊Linux系統
https://blog.trendmicro.com.tw/?p=60839
新殭屍網絡GoldBrute曝光微軟NTLM協議漏洞影響所有Windows版本
https://zhuanlan.zhihu.com/p/69009583
食物銀行中勒索軟件 無錢交贖金要靠眾籌方法
http://bit.ly/2WxoP7H
How Ursnif Evolves to Keep Threatening Italy
https://blog.yoroi.company/research/how-ursnif-evolves-to-keep-threatening-italy/
Lessons learned from a call center attack
https://newsroom.cisco.com/feature-content?type=webcontent&articleId=1992860
Lessons from the Baltimore Ransomware Takedown
https://www.symantec.com/blogs/feature-stories/lessons-baltimore-ransomware-takedown
Platinum is back
https://securelist.com/platinum-is-back/91135/
IDENTIFYING VULNERABILITIES IN PHISHING KITS
https://blogs.akamai.com/sitr/2019/06/identifying-vulnerabilities-in-phishing-kits.html
Monero-Mining Malware PCASTLE Zeroes Back In on China, Now Uses Multilayered Fileless Arrival Techniques
https://blog.trendmicro.com/trendlabs-security-intelligence/monero-mining-malware-pcastle-zeroes-back-in-on-china-now-uses-multilayered-fileless-arrival-techniques/
Ancient ICEFOG APT malware spotted again in new wave of attacks
https://www.zdnet.com/article/ancient-icefog-apt-malware-spotted-again-in-new-wave-of-attacks/#ftag=RSSbaffb68
A botnet is brute-forcing over 1.5 million RDP servers all over the world
https://www.zdnet.com/article/a-botnet-is-brute-forcing-over-1-5-million-rdp-servers-all-over-the-world/#ftag=RSSbaffb68
Germany: Backdoor found in four smartphone models; 20,000 users infected
https://www.zdnet.com/article/germany-backdoor-found-in-four-smartphone-models-20000-users-infected/#ftag=RSSbaffb68
Cryptojacking campaign strikes China with fileless attacks
https://www.zdnet.com/article/cryptojacking-campaign-strikes-china-with-fileless-attacks/#ftag=RSSbaffb68
Malware Focused On Mobile Banking Greatly Increased In 2019
https://www.tneus.com/2019/06/10/malware-focused-on-mobile-banking-greatly-increased-in-2019/
Ransomware halts production for days at major airplane parts manufacturer
https://www.zdnet.com/article/ransomware-halts-production-for-days-at-major-airplane-parts-manufacturer/#ftag=RSSbaffb68
Emotet: the malware behind 45% of malicious URLs
https://www.pandasecurity.com/mediacenter/malware/emotet-evolution-botnet/
Outlaw hackers return with cryptocurrency mining botnet
https://www.zdnet.com/article/outlaw-hackers-return-with-cryptocurrency-mining-bot/#ftag=RSSbaffb68
Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns
https://blog.trendmicro.com/trendlabs-security-intelligence/shifting-tactics-breaking-down-ta505-groups-use-of-html-rats-and-other-techniques-in-latest-campaigns/
Outlaw Hacking Group’s Botnet Observed Spreading Miner, Perl-Based Backdoor
https://blog.trendmicro.com/trendlabs-security-intelligence/outlaw-hacking-groups-botnet-observed-spreading-miner-perl-based-backdoor/
Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners
https://blog.trendmicro.com/trendlabs-security-intelligence/advanced-targeted-attack-tools-used-to-distribute-cryptocurrency-miners/
MegaCortex continues trend of targeted ransomware attacks
https://blog.malwarebytes.com/threat-spotlight/2019/06/megacortex-continues-trend-of-targeted-ransomware-attacks/
B.行動安全 / iPhone / Android /穿戴裝置 /App
衝擊海外手機銷售 臉書出重拳 封殺華為安裝App
https://www.chinatimes.com/newspapers/20190608000414-260110?chdtv
傳 Google 可能也在為華為 Android 禁令尋求解套
https://www.kocpc.com.tw/archives/263664
電信行業團體叫苦:封殺中國5G供應商將導致電信公司多掏620億美元
http://bit.ly/2ItO7yx
臉書將禁止華為手機預載FB、WhatsApp與IG程式
https://www.ithome.com.tw/news/131160
華為鴻蒙系統將於 9 月上線,介面極似 Android
http://bit.ly/2EZjdNQ
美授權電信運營商默認屏蔽「騷擾電話」
https://news.sina.com.tw/article/20190607/31554068.html
手機APP應用規範發佈 金融借貸類不應強制讀取通訊錄
https://news.sina.com.tw/article/20190610/31573926.html
微信如何成為中國社群巨獸?支付、叫車一手包辦,還為第三方開發工具
https://buzzorange.com/techorange/2019/06/11/wechat-development/
智慧型手機資安認證服務
https://www.ncc.gov.tw/chinese/gradation.aspx?site_content_sn=5086
iOS 12.4 成功越獄! 越獄開發者秀 iPhone SE 成功執行 Cydia 畫面
https://mrmad.com.tw/ibsparkes-run-iphonese-ios124-jailbreak
團隊臥虎藏龍!專訪 LINE 全球資安中心
https://www.inside.com.tw/article/16617-LINE-security-center-team
Android的2FA金鑰功能延伸到iOS裝置
https://www.ithome.com.tw/news/131249?fbclid=IwAR3AsH-hTEqtL8dn1Dkto3lz3Pho1j_FHEpYv3rV7tbnoZTW8-1DUs5r-W4
Telegram 伺服器遭 DDoS 網路攻擊!網友:攻擊者不言而喻
https://buzzorange.com/techorange/2019/06/13/telegram-ddos/
香港反送中 Telegram疑遭中國駭客網攻
https://www.rti.org.tw/news/view/id/2023889
Telegram達「軍用級」保密 可「用後即焚」
http://bit.ly/2RjcenF
Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests
https://thehackernews.com/2019/06/telegram-ddos-attack.html
【送中惡法】Telegram受中國「國家級」駭客攻擊 傳與香港示威有關
https://tw.appledaily.com/new/realtime/20190613/1583322/
私訊聯絡抗爭 通訊軟體同時間遭駭
https://news.ltn.com.tw/news/world/paper/1295928
WhatsApp 緊急修補嚴重資安漏洞:一通未接來電即可植入惡意程式進行監聽
https://blog.twnic.net.tw/2019/06/13/3969/
華為作業系統加「雙保險」?傳裝置上測試Aurora OS
http://bit.ly/2wUTBgC
Facebook再出手管制「社交圖表搜尋」 關鍵原因曝光了
http://bit.ly/2XeQizs
Android平台戰場:2019年上半年安全事件總結分析
https://www.freebuf.com/articles/terminal/205274.html
NCC已審核但HomePod在台卻遲遲不推出 消息人士曝關鍵主因
http://bit.ly/2Rg95VE
iOS 12.3.2 is out with a very specific fix
https://www.zdnet.com/article/ios-12-3-2-is-out-with-a-very-specific-fix/#ftag=RSSbaffb68
Android's Built-in Security Key Now Works With iOS Devices For Secure Login
https://thehackernews.com/2019/06/android-security-key-ios.html
EFF asks for DOJ efforts to break Facebook encryption to be made public
https://www.zdnet.com/article/eff-asks-for-doj-efforts-to-break-facebook-encryption-to-be-made-public/#ftag=RSSbaffb68
Stop using terrible PIN codes
https://www.zdnet.com/article/stop-using-terrible-pin-codes/#ftag=RSSbaffb68
The top 20 most common mobile phone PINs
https://twitter.com/tarah/status/1134341170400808961
Spain’s top soccer league fined over its app’s ‘tactics’
https://www.welivesecurity.com/2019/06/12/spain-soccer-league-fine-app/
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
資安人的崛起
http://sa.ylib.com/MagArticle.aspx?Unit=webonly&id=4389
網路威脅指南:利用次世代入侵防禦技術加強網路邊界防禦
https://blog.trendmicro.com.tw/?p=60793
如何在第一時間防堵漏洞以保障企業安全
https://blog.trendmicro.com.tw/?p=60194
HITCON CMT 2019 資安舞台申請總覽
https://blog.hitcon.org/2019/06/hitcon-cmt-2019-community-sharing.html?m=0
入侵高鐵訂票系統差點騙走20萬 台灣駭客天才遭起訴
https://udn.com/news/story/7321/3862282
微軟封鎖Windows PC和不安全的藍牙版FIDO金鑰的配對
https://www.ithome.com.tw/news/131229
研究揭亞太企業網絡保安落後 八成遭重複攻擊
http://bit.ly/2F2hPKk
美國三家頂尖防毒公司疑似遭駭,駭客高價出售竊得資訊與入侵方式
https://blog.twnic.net.tw/2019/06/13/3945/
2019年5月十大資安新聞
https://www.ithome.com.tw/news/131204
冒充駭客誘騙10少女拍裸照抖動片 資料夾至少10GB
https://udn.com/news/story/7317/3865531
提升帳號安全迫在眉睫,2018年帳號填充攻擊事件暴增逾300億次
https://www.ithome.com.tw/news/131199
就是不想付!18小時音檔遭駭贖金400萬 「傳奇樂團」直接開放下載
https://star.ettoday.net/news/1465276
中國跨境色情網路直播成產業鏈 監管執法要升級換代
https://news.sina.com.tw/article/20190611/31582824.html
新華調查:5個月發展90餘萬名會員付費觀看 跨境色情網路直播緣何形成「產業鏈」
https://news.sina.com.tw/article/20190609/31565008.html
中共公安部推「護網行動」網友:封到沒底線
https://www.ntdtv.com/b5/2019/06/08/a102596443.html
BGP路由洩露將歐洲行動流量導至中國電信
http://bit.ly/2F2Cn5j
焦佑鈞:針對華為禁令,華邦電目前一切出貨正常
https://finance.technews.tw/2019/06/14/winbond-for-huawei/
川普升高科技冷戰規格,華為封殺前俄國卡巴斯基實驗室已遭報復
https://technews.tw/2019/06/09/high-tech-cold-war/
美國務卿狂批華為資安 陸外交部稱全是「謊言謬論」
https://www.ettoday.net/news/20190610/1464323.htm
核電廠網路安全人力流失 美政府籲加強招聘
https://www.ydn.com.tw/News/339457
反制美 中國再出招 設技術安全管理清單
http://bit.ly/2XENiJQ
中國大陸建立技術安全管理清單制度 防範國家安全風險
https://news.sina.com.tw/article/20190612/31597206.html
AIT砲轟中國稱讚台灣! 怒斥華為5G補貼方案恐釀禍害
https://news.ltn.com.tw/news/politics/breakingnews/2816888
反「送中」抗議與一場「貓抓老鼠」的信息戰
https://cn.nytimes.com/china/20190614/hong-kong-telegram-protests/zh-hant/
中共官方報告:2018美國3325個IP攻擊中國網絡 且有上升趨勢
https://www.ettoday.net/news/20190610/1464370.htm
中共中央網信辦等四部委聯合開展互聯網網站安全專項整治,將處罰並曝光違法違規網站
https://www.freebuf.com/news/205698.html
「監控」恐懼被掀起!德國政府要求谷歌提供用戶數據
https://news.ltn.com.tw/news/world/breakingnews/2817866
不甩川普政府警告 美公部門照用大疆無人機
https://ec.ltn.com.tw/article/breakingnews/2820067
納粹再現?德擬用數位助理蒐集個資
http://bit.ly/2R44FRE
從「想離職的工程師」下手,中國科技間諜用400萬偷走台灣75億技術
http://bit.ly/2WDSMYJ
俄羅斯打算封鎖9家不聽話的VPN業者
https://www.ithome.com.tw/news/131158?fbclid=IwAR3DfKXrCcVznssGMISuok11-8G4tKtbA1gTYRrqK8Efru-KBJ5krSP5HGg
美造最大網路武器庫 全球駭料料
https://www.chinatimes.com/newspapers/20190614000121-260301?chdtv
圍堵大陸 美呼籲建第一島鏈電子監控網
https://www.chinatimes.com/realtimenews/20190613004500-260417?fbclid=IwAR0Q3TYS74uEqfGupqoe78YEJHDo518txa4oMRRVCnTahcMvAz_p060MN5c&chdtv
Exim email servers are now under attack
https://www.zdnet.com/article/exim-email-servers-are-now-under-attack/#ftag=RSSbaffb68
Elevate Your Investigations With Collaboration & Organization: PassiveTotal Projects
https://www.riskiq.com/blog/analyst/collaboration-organization-passivetotal-projects/
RUSSIA AND IRAN PLAN TO FUNDAMENTALLY ISOLATE THE INTERNET
https://www.wired.com/story/russia-and-iran-plan-to-fundamentally-isolate-the-internet/
New Brute-Force Botnet Targeting Over 1.5 Million RDP Servers Worldwide
http://bit.ly/2ZgHLJS
Exclusive: Top Japanese chip gear firm to honor U.S. blacklist of Chinese firms - executive
https://reut.rs/2KaxQ4N
Cryptocurrency Firm Itself Hacked Its Customers to Protect Their Funds From Hackers
http://bit.ly/2wTMgxT
Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services
http://bit.ly/2KC0f3m
Remote attack flaw found in IPTV streaming service
https://www.zdnet.com/article/remote-attack-flaw-found-in-iptv-streaming-service/#ftag=RSSbaffb68
'RAMBleed' Rowhammer attack can now steal data, not just alter it
https://www.zdnet.com/article/rambleed-rowhammer-attack-can-now-steal-data-not-just-alter-it/#ftag=RSSbaffb68
When Time is of the Essence – Testing Controls Against the Latest Threats Faster
http://bit.ly/2WCzvHb
Zero Trust: Debunking Misperceptions
https://blog.paloaltonetworks.com/2019/06/network-zero-trust-debunking-misperceptions/
UK Man Sentenced for 2015 TalkTalk Hack
https://www.bankinfosecurity.com/uk-man-sentenced-for-2015-talktalk-hack-a-12611
Over 12 billion cyber attacks witnessed in the gaming industry since 2017
https://www.cybersecurity-insiders.com/over-12-billion-cyber-attacks-witnessed-in-the-gaming-industry-since-2017/
MorganPhilips Taiwan Branch
https://www.cakeresume.com/companies/morganphilips-taiwan-branch/technology-jobs?locale=zh-CN
系統工程師(銀行)
https://www.manpower.com.tw/product/674
知名銀行 ✩ 年度正職徵才 :金融服務人員 LT4-1688
https://www.104.com.tw/job/6n67j
【正職銀行櫃員】商科系無經驗可,分行櫃檯服務人員,銀行正職任用(桃園區)-B93
https://www.104.com.tw/job/6n615
投資營運風險管理人員
https://www.104.com.tw/job/6n61c?jobsource=freshman2009
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
FBI警告:不要以為HTTPS網站很安全,有些暗藏網釣攻擊
https://www.ithome.com.tw/news/131198
FBI warns users to be wary of phishing sites abusing HTTPS
https://nakedsecurity.sophos.com/2019/06/12/fbi-warns-users-to-be-wary-of-phishing-sites-abusing-https/
黑客放長線釣大魚 竄改電郵通知新匯款帳號 後因銀行間的作業問題 黑客得手15萬美元
http://www.epochtimes.com/b5/19/6/14/n11321649.htm
俄羅斯個資黑市猖獗,手機紀錄到護照資料都買得到
https://technews.tw/2019/06/09/russia-personal-data-black-market/
蘋果默認iPhone洩個資!馬後炮補救慘被噓爆
https://fnc.ebc.net.tw/FncNews/tech/83016
漏洞管理、資安措施不當,導致國泰航空950萬筆個資外洩
https://www.ithome.com.tw/news/131161
【國泰洩私隱】私隱專員裁定違私隱條例 狠批過分鬆懈、警覺性低
http://bit.ly/2WCdcBa
微軟告警利用漏洞進行的垃圾郵件釣魚活動
https://www.anquanke.com/post/id/180070
上海交大洩漏8.4TB電子郵件數據,官方稱漏洞已經修復
https://www.ithome.com/0/427/527.htm
美國海關外包商系統遭駭,國內外旅客相片及車牌個資外洩
https://ithome.com.tw/news/131190
CBP合約商電腦系統被黑 出入境旅客頭像車牌外洩
http://bit.ly/2Wwc6lG
Cyberattack exposes travelers’ photos, says US border agency
https://www.welivesecurity.com/2019/06/11/cyberattack-travelers-photos-usa-cbp/
HACK BRIEF: HACKERS STOLE A BORDER AGENCY DATABASE OF TRAVELER PHOTOS
https://www.wired.com/story/hackers-stole-traveler-photos-border-agency-database/
瀋陽黑客男篡改存款單50元變50萬 持假單據騙取3千萬貸款
http://bit.ly/2EX7vmQ
個資遭駭、點數被盜,酬賓制導入的海量資訊成駭客溫床
http://bit.ly/2XDp0zA
長城行動解密 西班牙再遣送詐騙台嫌至中國
http://bit.ly/2MHp4gM
網路訂房怕個資洩漏 專家1招預防
https://www.chinatimes.com/realtimenews/20190611003196-260405?chdtv
小心受騙!申請土耳其電子簽證要錢?攏是假的
https://newtalk.tw/news/view/2019-06-11/258311
網友扮演從金融主管到公職人員 從假投資到代管美金地契
https://times.hinet.net/news/22409686
銀行員工實名舉報:青島銀監局長生活淫亂 銀行資產損失近30億元
http://bit.ly/2I7Qng4
30億詐騙案涉銀行高層
http://bit.ly/2I7HRh6
駭客冒充微軟員工 芝夫婦失金2.5萬
https://udn.com/news/story/6813/3864608
重慶宣判一起特大電信詐騙案 3名主犯均獲刑13年以上
https://news.sina.com.tw/article/20190609/31566576.html
線上調查資料庫未加密,八百萬美國人個資外洩
https://blog.twnic.net.tw/2019/06/13/3948/
「專業辦證、上網可查」坑你沒商量 四川破獲特大網路制販假證案
https://news.sina.com.tw/article/20190613/31620560.html
Emuparadise gaming emulator website suffers data breach
https://www.zdnet.com/article/emuparadise-gaming-rom-repository-suffers-data-breach/#ftag=RSSbaffb68
8.4TB in email metadata exposed in university data leak
https://www.zdnet.com/article/8-4tb-in-email-metadata-exposed-in-university-data-leak/#ftag=RSSbaffb68
CBP says hackers stole license plate and travelers' photos
https://www.zdnet.com/article/cbp-says-hackers-stole-license-plate-and-travelers-photos/#ftag=RSSbaffb68
Fortune 500 company leaked 264GB in client, payment data
https://www.zdnet.com/article/veteran-fortune-500-company-leaked-264gb-in-client-payment-data/#ftag=RSSbaffb68
Singapore’s ‘Fake News’ Crackdown Alarms Tech Giants
https://medium.com/cheddar/singapores-fake-news-crackdown-alarms-tech-giants-65032f71473e
Scattered Canary Evolves From One-Man Operation to BEC Giant
https://www.bleepingcomputer.com/news/security/scattered-canary-evolves-from-one-man-operation-to-bec-giant/
Warning: Multiple variations of a phishing email scam spoofing NAB hit inboxes
https://www.mailguard.com.au/blog/warning-multiple-variations-of-a-phishing-email-scam-spoofing-nab-hit-inboxes
Phishing email scam spoofing Westpac claims to detect ‘unusual activity’ in users’ bank accounts
https://www.mailguard.com.au/blog/phishing-email-scam-spoofing-westpac-claims-to-detect-unusual-activity-in-users-bank-accounts
Microsoft Warns of Large Spam Campaign Hitting Europe
https://www.bankinfosecurity.com/microsoft-warns-large-spam-campaign-hitting-europe-a-12598
BioReference Laboratories Added to AMCA Breach Tally
https://www.bankinfosecurity.com/bioreference-laboratories-added-to-amca-breach-tally-a-12581
Evite e-invite website admits security breach
https://www.zdnet.com/article/evite-e-invite-website-admits-security-breach/#ftag=RSSbaffb68
3.4 billion fake emails are sent around the world every day
http://bit.ly/2WtKoWJ
Cyberattack exposes travelers’ photos, says US border agency
https://www.welivesecurity.com/2019/06/11/cyberattack-travelers-photos-usa-cbp/
E.研究報告
Apache Tika 命令注入漏洞挖掘
https://www.chainnews.com/articles/533436970799.htm
善用輕量化HSM優勢 組織物聯網資安大軍
http://www.netadmin.com.tw/netadmin/zh-tw/technology/EF6E432196B044B1A274F23EB77C6FC4
加密DNS協議DNSCrypt以及如何選擇DNS over HTTPS服務器
https://blog.thecjw.me/948.html
Talos Blog發現最近的Frankenstein攻擊活動中使用了多個GitHub開源項目代碼
http://feedproxy.google.com/~r/feedburner/Talos/~3/RSmsHWqrgpk/frankenstein-campaign.html
Hermit(隱士)活動續:繼續針對朝鮮半島進行的APT攻擊活動
https://www.freebuf.com/articles/network/204556.html
一位Rootkits作者對防御者的建議,來自CONFidence 2019會議
https://www.youtube.com/watch?v=t944evpf1WE
技術乾貨| 虛擬化軟件QEMU漏洞分析
https://zhuanlan.zhihu.com/p/68736004
redis未授權訪問漏洞利用
http://www.lsablog.com/networksec/penetration/redis-unauthorized-vulnerability/
DIR-850L漏洞分析
https://xz.aliyun.com/t/5362
使用WSL欺騙Windows繞過UAC
https://tttang.com/archive/1304/
APKiD - APK樣本自我防護(加殼、混淆)產品的識別
https://github.com/enovella/cve-bio-enovella/blob/master/slides/APKiD-NowSecure-Connect19-enovella.pdf
Facebook CTF 2019比賽題目以及相關的Writeups收集
https://ctftime.org/event/781/tasks/
“方程式組織”攻擊SWIFT 服務提供商EastNets 事件复盤分析報告
https://paper.seebug.org/944/
從CVE-2018-8355零基礎學Chakracore漏洞利用
https://www.freebuf.com/vuls/205206.html
研究人員以RAMBleed攻擊,竊取存在記憶體中的機密
https://www.ithome.com.tw/news/131222
利用Oracle WebLogic 漏洞進行的加密攻擊活動
https://www.chainnews.com/articles/849558868774.htm
利用Oracle WebLogic 漏洞進行的加密攻擊活動
https://www.chainnews.com/articles/849558868774.htm
Google 研究員披露Windows 10 0day 漏洞
https://www.oschina.net/news/107413/warning-windows-10-0day-vulnerability-outed-by-google-researcher
Vim/Neovim 基於modeline 的多個任意代碼執行漏洞分析(CVE-2002-1377、CVE-2016-1248、CVE-2019-12735)
https://paper.seebug.org/952/
Machinae:一款信息收集自動化工具
https://www.freebuf.com/sectool/204779.html
GandCrab後繼有人?Sodinoki勒索軟件接管戰場
https://www.freebuf.com/articles/system/205237.html
WordPress插件Form Maker SQL注入漏洞分析
https://www.freebuf.com/vuls/205290.html
Project iKy:一款功能強大的圖形化郵件信息收集與分析工具
https://www.freebuf.com/articles/database/204996.html
開源殭屍網絡平台LiteHttp源碼分析
https://www.freebuf.com/articles/system/205146.html
SandboxEscaper披露漏洞POC研究報告
https://www.freebuf.com/vuls/204945.html
Python安全工具源碼分析:wydomain
https://www.freebuf.com/sectool/205207.html
深入分析LAZARUS APT針對MAC用戶使用的惡意word文檔
https://www.freebuf.com/articles/network/204993.html
關於海蓮花組織針對移動設備攻擊的分析報告
https://www.freebuf.com/articles/network/204867.html
細說CVE-2010-2883從原理分析到樣本構造
https://www.freebuf.com/vuls/204874.html
GitHacker:Git源碼洩漏檢測工具可恢復整個Git Repo
https://www.freebuf.com/sectool/203542.html
PacBot:一款功能強大的雲平台自動化安全監控工具
https://www.freebuf.com/sectool/203860.html
紅藍對抗:淺談Red Team服務對防護能力的提升
https://www.freebuf.com/articles/es/205024.html
2019年第一季度DDoS攻擊報告
https://www.freebuf.com/articles/paper/205060.html
Scavenger:可在不同Paste站點爬取用戶洩露憑證的實用工具
https://www.freebuf.com/sectool/204992.html
基於OSQuery安全資產信息監控實踐
https://www.freebuf.com/sectool/204818.html
準備交贖金?當心Phobos勒索病毒二次加密
https://www.freebuf.com/articles/system/204323.html
Anevicon:一款基於UDP的負載生成器
https://www.freebuf.com/sectool/203908.html
新型勒索病毒Attention感染醫療與半導體行業
https://www.freebuf.com/articles/system/204740.html
一起殭屍網絡進行大規模DDoS攻擊的樣本分析
https://www.freebuf.com/articles/terminal/204444.html
比特幣交易追踪溯源技術介紹
https://www.freebuf.com/articles/blockchain-articles/203127.html
歐洲黑客組織通過已簽名的垃圾郵件來實現多階段惡意軟件加載
https://www.freebuf.com/articles/system/204021.html
滲透測試信息收集心得分享
https://www.freebuf.com/articles/web/204883.html
ExtAnalysis:一款瀏覽器插件安全分析框架
https://www.freebuf.com/sectool/203900.html
這款疑似來自朝鮮的新型惡意軟件為何要收集藍牙數據
https://www.freebuf.com/articles/database/205000.html
淺談IPv6的入侵與防禦
https://www.freebuf.com/articles/web/202901.html
反欺詐場景剖析丨虛假賬號的產生和流轉
https://www.freebuf.com/articles/network/204751.html
iCULeak :一款從手機配置文件中提取用戶賬號憑證的強大工具
https://www.freebuf.com/sectool/203867.html
看我如何利用Drupal漏洞並通過惡意圖片實現一鍵RCE
https://www.freebuf.com/articles/web/203573.html
警惕利用Office漏洞傳播商業間諜軟件AgentTesla
https://www.freebuf.com/articles/system/204550.html
Nmap配合Masscan實現高效率掃描資產
https://www.freebuf.com/sectool/204578.html
Trigmap:一款專用於滲透測試的Nmap封裝工具
https://www.freebuf.com/sectool/204022.html
Metasploit Payload在Linux平台的免殺
https://www.freebuf.com/articles/system/203451.html
FinalRecon:一款多功能網絡偵查OSINT工具
https://www.freebuf.com/sectool/203863.html
使用Elasticsearch與TheHive構建開源安全應急響應平台
https://www.freebuf.com/articles/es/203538.html
快訊丨Office 365出現網絡釣魚,用戶需多加註意
https://www.freebuf.com/news/204813.html
Superl-url:一款開源關鍵詞URL採集工具
https://www.freebuf.com/sectool/203724.html
基於MicroPython的自動網絡時間校準器
https://www.freebuf.com/geek/204211.html
跟我一起學習玩轉二維碼
https://www.freebuf.com/geek/204516.html
AutoSource:整合SonarQube的自動化源代碼審計框架
https://www.freebuf.com/sectool/203303.html
看我如何使用Windows域繞過防火牆獲取持卡人數據的訪問權限
https://www.freebuf.com/articles/database/203552.html
Gaining Access to Card Data Using the Windows Domain to Bypass Firewalls
https://markitzeroday.com/pci/active-directory/kerberoast/firewall/2019/04/24/gaining-access-to-card-data-using-the-windows-domain-to-bypass-firewalls.html
The Graph: An open-source query protocol for blockchains, using GraphQL
https://www.zdnet.com/article/the-graph-an-open-source-query-protocol-for-blockchains-using-graphql/#ftag=RSSbaffb68
6 ways malware can bypass endpoint protection
http://bit.ly/2MG10Lr
How to Model Risk in an Apex Predator Cyber-World
http://bit.ly/2XBolyI
Framing the Problem: Cyber Threats and Elections
https://www.fireeye.com/blog/threat-research/2019/05/framing-the-problem-cyber-threats-and-elections.html
Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities
https://www.fireeye.com/blog/threat-research/2019/06/government-in-central-asia-targeted-with-hawkball-backdoor.html
Threat Research Hunting COM Objects
https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html
Threat Research Hunting COM Objects (Part Two)
https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects-part-two.html
WAF through the eyes of hackers
https://habr.com/ru/company/dsec/blog/454592/?fbclid=IwAR2AKvWLVyWsoV97AhjwlSwc08eEb9mKuqrGDR3QHBaNfoLNct4uVmjjg9A
[ macOS ] Use zsh as the default shell on your Mac
https://support.apple.com/en-us/HT208050
How to Destroy a Hard Drive
https://www.wikihow.com/Destroy-a-Hard-Drive
Hunting COM Objects
http://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html
Curl, Slight of Hand, & Exploit Hysteria
https://medium.com/@notdan/curl-slight-of-hand-exploit-hysteria-29a82e5851d
ReverseTCPShell : PowerShell ReverseTCP Shell, Client & Server
http://bit.ly/2Xyntep
How hackers can permanently lock you out of your accounts
http://bit.ly/2F3akmm
V8 Bug Hunting Part 1: Setting up the debug environment
http://bit.ly/2ZdqfpF
How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code
https://modexp.wordpress.com/2019/06/03/disable-amsi-wldp-dotnet/
NorthSec 2019 — Windows Track Writeup
https://blog.ettic.ca/northsec-2019-windows-track-writeup-69d5bcf06abd
Bad Meets Evil
https://www.slideshare.net/HuyKha2/bad-meets-evil
HDFS Erasure Coding in Production
http://bit.ly/2R0Ygqv
Sigma-Hunting-App
https://github.com/P4T12ICK/Sigma-Hunting-App
Inside a Google Titan Bluetooth security key – high security, low durability
https://www.zdnet.com/article/inside-a-google-titan-bluetooth-security-key-high-security-low-durability/#ftag=RSSbaffb68
Inside a Google Titan Bluetooth security key
https://www.zdnet.com/pictures/inside-a-google-titan-bluetooth-security-key/#ftag=RSSbaffb68
Network of Social Media Accounts Impersonates U.S. Political Candidates, Leverages U.S. and Israeli Media in Support of Iranian Interests
https://www.fireeye.com/blog/threat-research/2019/05/social-media-network-impersonates-us-political-candidates-supports-iranian-interests.html
Active Directory Enumeration with PowerShell
https://www.exploit-db.com/docs/46990
LDAP Swiss Army Knife
https://www.exploit-db.com/docs/46986
Analysis of CVE-2019-0708 (BlueKeep)
https://www.exploit-db.com/docs/46947
A Debugging Primer with CVE-2019-0708
https://www.exploit-db.com/docs/46944
F.商業
【一圖弄懂安控產業】台灣安控業者如何發揮優勢
https://technews.tw/2019/06/09/vivotek-ip-cameras-and-the-cyber-security-of-digital-surveillance-solutions/
中芯數據技術長吳耿宏:企業需要更智慧平價的資安鑑識服務
http://bit.ly/2R5sqcc
全盤掌握相關威脅情資 資安團隊以逸待勞隨時反擊 強化資安監控密技 對抗網路駭客不落下風
http://www.netadmin.com.tw/netadmin/zh-tw/trend/178EE9AB04054BF2A040C0753BCC942A
中華電信學院首開夏令營 聚焦AI資安物聯網
http://bit.ly/2F37AVS
中華電信學院首辦高中職生暑期科學營
http://bit.ly/2XEpu8J
Elastic買下終端安全業者Endgame Stack
https://www.ithome.com.tw/news/131174
勤業眾信:透析5G時代,聚焦商業模式五大制勝關鍵
https://m.moneydj.com/f1a.aspx?a=f3eb032c-4109-439f-9762-7f22df337064
穩定AI運算和產業應用 奧義推智慧資安平台
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=50&id=0000561614_dec7vwv40akch05gul6ku
大立光資安管控嚴 小黃都知道
https://money.udn.com/money/story/5612/3868652
智慧化中央網管方案 普萊德將於歐亞同步發表
http://bit.ly/2KfXNQA
網絡安全公司FireEye:港企比預期更易受網絡攻擊 建議加強過濾電子郵件
http://www.aastocks.com/tc/stocks/news/aafn-news/NOW.946196/2
趨勢科技與業界領先的教育機構合作提供免費資安意識訓練教材
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/EB0C8F7F2F5D455C9A51911CA5D4DDB8
中美貿易戰利多 研勤人臉辨識下半年大爆發
https://www.ettoday.net/news/20190613/1466617.htm
Fortinet於Security 361°數位轉型資安研討會中強調 : 安全為企業數位轉型的基礎
https://netmag.tw/tag/security-361%E6%95%B8%E4%BD%8D%E8%BD%89%E5%9E%8B%E8%B3%87%E5%AE%89%E7%A0%94%E8%A8%8E%E6%9C%83
儲存新技術即將爆發,擁有完整供應鏈的台灣記憶體產業準備好了嗎
https://buzzorange.com/techorange/2019/06/14/snia-taiwanese-memory-industry/
AI應用爆發 精誠成長看俏
https://money.udn.com/money/story/5612/3869488
Cisco to acquire industrial IoT company Sentryo
https://www.zdnet.com/article/cisco-to-acquire-industrial-iot-company-sentryo/#ftag=RSSbaffb68
Cynet Free Visibility Experience – Unmatched Insight into IT Assets and Activities
https://thehackernews.com/2019/06/cynet-free-visibility-tool.html
Google's language techniques help O2 Czech Republic reveal network secrets
https://www.zdnet.com/article/googles-language-techniques-help-o2-czech-republic-reveal-network-secrets/#ftag=RSSbaffb68
G.政府
科技部資安賽 這家靠威脅解決方案奪500萬獎金
https://money.udn.com/money/story/5612/3861536
打造更安全的數位世界 科技大擂台決賽揭曉
http://bit.ly/2WWG32H
創新 vs. 監理 難平衡的翹翹板--專訪金融監督管理委員會主任委員顧立雄
https://udn.com/news/story/6877/3864441
國際資訊安全會議(RSA Conference 2019)出國報告
https://report.nat.gov.tw/ReportFront/PageSystem/reportFileDownload/C10801207/001
發展資安科技 桃園虎頭山創新園區6月18日啟用
https://udn.com/news/story/7324/3866748
臺美日再度在「全球合作暨訓練架構」下合辦「網路安全與新興科技國際研習營」,深化跨國資安合作能量
https://fsi.mofa.gov.tw/News_Content_M_2.aspx?n=8742DCE7A2A28761&sms=491D0E5BF5F4BC36&s=4590A623615048C8
北醫數位e化 便民系統資安共存
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=15&id=0000561634_li57lud22nlim15ctfv83
打擊金融犯罪 南檢首創檢察銀行聯繫平台
https://www.chinatimes.com/realtimenews/20190612004543-260402?chdtv
李副總長主持網通安全巡迴講習 落實資安管控
https://mna.gpwb.gov.tw/post.php?id=9&message=94921
國防部強化資安防護 確保安全
https://www.ydn.com.tw/News/340092
高市府和高雄在地大學合作 簽署「網站檢核暨資安攻防合作意向書」
http://www.taiwanhot.net/?p=718489
政院:5G釋照要扶植本土企業
https://money.udn.com/money/story/5648/3871005
政院4年投入204億 打造台灣5G競爭力
https://ec.ltn.com.tw/article/paper/1295906
H.SCADA/ICS/工控系統
融合IT與OT領域知識 全面防治針對性攻擊入侵 多重防禦工業場域 降低惡意程式感染風險
https://www.netadmin.com.tw/netadmin/zh-tw/trend/FD05B8998ED342EF9B59DE21E1946D16
Siemens Siveillance VMS 授權問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6580
油罐監控設備存在嚴重漏洞,易受黑客攻擊
http://www.gxbbs.cc/8410-1.html
Vulnerability Spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580
https://blog.talosintelligence.com/2019/06/vulnerability-spotlight-multiple.html
I.教育訓練
Clean Code 無瑕的程式碼
http://bit.ly/2WTWL2x
Linux 技術面試問答 2019
http://bit.ly/2KGOkB6
CompTIA Certification Training — Get Online Courses @ 95% OFF
http://bit.ly/2R1XhGr
LevelUp 0x04 2019
https://www.youtube.com/playlist?list=PLIK9nm3mu-S6YoUjPrKtmBliUS4J5YOGl
BSidesBUD2019安全會議
http://bit.ly/2Wc5ysn
How to Control Network Traffic with Evil Limiter to Throttle or Kick Off Devices
http://bit.ly/2K7tUSC
Stories of a CISSP: TCP Handshake
http://bit.ly/2R2ULjj
What is SQL Injection and how to fix it
https://medium.com/@bootsity/what-is-sql-injection-and-how-to-fix-it-dfac181ce09c
How Hackers Can Permanently Lock You out of Your Accounts
https://medium.com/the-guardian/how-hackers-can-permanently-lock-you-out-of-your-accounts-ca82c79dcd3
Metasploit — Pivoting
https://medium.com/swlh/metasploit-pivoting-281636b23279
An Introduction to Public Key Cryptosystems with RSA
https://medium.com/@andrewjoliver3/an-introduction-to-public-key-cryptosystems-with-rsa-7e34cc67cf22
Android靜態分析之初級篇
https://www.freebuf.com/articles/terminal/204504.html
Android靜態分析之初級篇(二)
https://www.freebuf.com/articles/rookie/205045.html
面向新手的CTF實戰教學(一)
https://www.freebuf.com/articles/network/203992.html
Learning to Rank Strings Output for Speedier Malware Analysis
https://www.fireeye.com/blog/threat-research/2019/05/learning-to-rank-strings-output-for-speedier-malware-analysis.html
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
Amazon Ring自行將錄下的可疑人物影像公布聲稱要幫警察抓賊,引發爭議
https://www.ithome.com.tw/news/131159?fbclid=IwAR3Fw1w6yX8hCSt-_j8_IwihcKWZCs6shFOKnlQxreHt_lqI7bp4-0QBIeg
微軟刪除人臉識別資料庫 源於「倫理」識別
https://news.sina.com.tw/article/20190612/31596606.html
人工智慧及機器學習讓網路更智慧,管理簡便與安全強化一次到位
https://technews.tw/2019/06/12/cisco-ai-manage-internet
偽造技術納入AI 合成影像恐釀假新聞之亂 影像聲音無違和搭配 "深度偽造"以假亂真
https://www.ttv.com.tw/news/view/108061300078005/579
筆跡複製機器人出現啦!精準度 93%,以後筆記、草圖就拜託代寫囉
https://buzzorange.com/techorange/2019/06/13/robot-copy-your-writing/
Akamai targets IoT devices with launch of IoT Edge Connect
https://www.zdnet.com/article/akamai-targets-iot-devices-with-launch-of-iot-edge-connect/#ftag=RSSbaffb68
Why cybercriminals are eyeing smart buildings
https://www.welivesecurity.com/2019/06/12/cybercriminals-eyeing-smart-buildings/
6.近期資安活動及研討會
JCConf Taiwan 2019 Call for Proposals 6/1 ~ 6/30
https://twjug.kktix.cc/events/jcconf-2019-cfp?fbclid=IwAR2-Lry33FOVuXXStfSqUWlAJI25SeFgK9Q1XY6e4zJLEKvYrSkmlvv6Waw
【課程】Julia 資料科學實作,2019年強勢來襲的科學計算語言,集Python、C++、R 各家特色於一身 6/15
https://www.techbang.com/posts/70251-course-julia-data-science-practice
國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15
https://hackercollege.nctu.edu.tw/?p=1039
The Artificial Intelligence Conference 6/18
https://www.facebook.com/events/278255853036175/?event_time_id=360038254857934
Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019
https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/
HackingThursday 固定聚會 6/20
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbbc/
國家高速網路與計算中心教育訓練-資安健診 6/20
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3832&from_course_list_url=homepage
JSDC台中小聚 - UX 體驗分享計畫 6/21
https://jsdc-tw.kktix.cc/events/53548f33?fbclid=IwAR3CybQML6FGnMQ_IE9dfRYFJUHWm4Knl8kJBHQ9vn_Coz2KOQW1xk_joJs
Edvance Beacon 2019 6/21
https://docs.google.com/forms/d/e/1FAIpQLSe70uw8Pi862IkL_rQXDJhzd7QnGXiuhcWwttOEN2BZwUbyMw/viewform
2019 6月份 SA@Taipei 6/22(六) Working with PowerShell
https://studyarea.kktix.cc/events/8a726f12-copy-1?fbclid=IwAR1AoE9V_SGpizemU1moKpU62I5vgyEoZAN9cnLtkZz9l1c5MrnsVpfhsJk
CCNS 定期聚 — 當 Python 遇上 JIT / PyPy 淺談 6/23
https://ccns.kktix.cc/events/ccns-pypy-talk?fbclid=IwAR1wa3cZuyNZQv-pGo5Eh3u5uik69nLY1t-sXb2R6wTd9HsrMBw02ybbkJw
資安前哨站-獵殺封包 6/26
https://www.it360.com.tw/live-detail.aspx?id=iT36000000000348
智慧家庭IoT資安與個人隱私資安,如何防駭客,如何做防禦 6/27
https://www.techbang.com/posts/70549-lecture-smart-home-network-security
HackingThursday 固定聚會 6/27
https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/
天黑請閉眼,與駭客的對話 6/29
https://tfc.kktix.cc/events/night-talk-hacking-hacker?fbclid=IwAR2ejWoW3lNyQ2X7basa8zkjcoBR6Kn02jXYiFYeWWluY91uWw9FCSJDEoo
HackingThursday 固定聚會 7/4
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/
2019 車用電子與車聯網資安種子教師研習營 7/4 ~ 7/5
http://www.kghs.kh.edu.tw/notice/11734
2019國際資訊安全組織台灣高峰會 7/9 ~ 7/11
https://csa.kktix.cc/events/2019con
Secure Summit APAC 2019 安全峰會 6 大領域提升資安水平 7/10 ~ 7/11
http://bit.ly/2WbONh5
工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
https://www.accupass.com/event/1904080311551119077841
HackingThursday 固定聚會 7/11
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/
HackingThursday 固定聚會 7/18
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/
HackingThursday 固定聚會 7/25
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/
新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站 7/26
https://ievents.iii.org.tw/eventS.aspx?t=0&id=547
CDX2.0推廣活動 - 台南場次 7/26
https://nchc-cdx.kktix.cc/events/cdxactivity-0726
資安事故處理實務課程 8/7 ~ 8/8
http://bit.ly/2VW0Lv9
DEF CON 27 2019/8/8–8/11
https://www.defcon.org/
數位鑑識處理實務 8/14 ~ 8/15
http://bit.ly/2VW0Lv9
台灣駭客年會 HITCON Summer Training 2019 - 學生報名 2019-08-19 ~ 2019-08-22
https://www.accupass.com/event/1906050919271598677460
WEB應用滲透測試 8/21 ~ 8/23
https://www.accupass.com/event/1904080221358963463590
台灣駭客年會 HITCON Community 2019 2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8)
https://www.accupass.com/event/1906040921594609934250
資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」 8/29 ~ 8/30
http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==
108年資安職能訓練-行動裝置安全(8/29-8/30)
https://cee.ksu.edu.tw/recruitinfo/1443.html
CDX2.0推廣活動 - 台北場次 9/10
https://nchc-cdx.kktix.cc/events/cdxactivity-0910
TANET 2019 - 臺灣網際網路研討會 9/25
https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310
HITB+ CYBER WEEK 2019/10/12 ~17
https://d2p.hitb.org/?fbclid=IwAR2gU17bz0Y7TH8THIIskIX1vziWBpMY152mJiwk7AAeVS752f_eNcZ0NzU
Splunk .conf 19 10/21 ~ 10/24
https://conf.splunk.com/
AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22
https://ittraining.kktix.cc/events/aiot-training-2019
Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019
https://www.icscybersecurityconference.com
沒有留言:
張貼留言