資安事件新聞週報 2019/7/1 ~ 2019/7/5
1.重大弱點漏洞/後門/Exploit/Zero Day
PlayStation Network 存在安全性漏洞,駭客可繞過驗證盜刷信用卡
https://www.kocpc.com.tw/archives/267793
Palo Alto PAN-OS 阻斷攻擊漏洞
https://securityadvisories.paloaltonetworks.com/Home/Detail/151
Ubuntu 內核阻斷攻擊漏洞
https://www.auscert.org.au/bulletins/ESB-2019.2378/
Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)
https://www.exploit-db.com/exploits/47073
Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
https://www.exploit-db.com/exploits/47039
Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution
https://www.exploit-db.com/exploits/47033
Symantec DLP 15.5 MP1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/47071
McAfee ePolicy Orchestrator 多個漏洞
http://bit.ly/2JhMfLb
IBM InfoSphere Information Server 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4371
IBM WebSphere Application Server 資料洩露漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-4269
IBM WebSphere Application Server 阻斷攻擊漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10875692
IBM Patches Critical, High-Severity Flaws in Spectrum Protect
https://threatpost.com/ibm-patches-critical-high-severity-flaws-in-spectrum-protect/146201/
Multiple Vulnerabilities Spotted In Lenovo Server Infrastructure
https://latesthackingnews.com/2019/07/03/multiple-vulnerabilities-spotted-in-lenovo-server-infrastructure
US Cyber Command Warns of Outlook Vulnerability Exploits
https://www.bankinfosecurity.com/us-cyber-command-warns-outlook-vulnerability-exploits-a-12718
Thousands Left Vulnerable in Nexus Repository
https://www.infosecurity-magazine.com/news/thousands-left-vulnerable-in-nexus/
多款F5產品安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6642
思科產品多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/07/03/cisco-releases-security-updates-multiple-products
AMD霄龍安全加密虛擬化曝漏洞:已修復
https://read01.com/d0223oK.html#.XRnNHegzbIU
Excel遭爆含安全漏洞
https://www.ithome.com.tw/news/131532
Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer
https://blog.talosintelligence.com/2019/07/vulnerability-spotlight-SDL-PCX-RCE-vulnerabilities-july-19.html
Vulnerability Spotlight: Google V8 Array.prototype memory corruption vulnerability
https://blog.talosintelligence.com/2019/07/vulnerability-spotlight-Google-V8-June-19.html
Firefox finally fixes the problems with antivirus apps crashing HTTPS websites
https://www.zdnet.com/article/firefox-finally-fixes-the-problems-with-antivirus-apps-crashing-https-websites/#ftag=RSSbaffb68
Mimecast Threat Center discovered a weakness in the Microsoft Excel tool that allows embedding malicious payloads remotely
https://www.mimecast.com/blog/2019/06/exploit-using-microsoft-excel-power-query-for-remote-dde-execution-discovered/
Account Takeover Vulnerability Found in Popular EA Games Origin Platform
https://thehackernews.com/2019/06/ea-origin-game-hacking.html
Bulgarian IT expert arrested after demoing vulnerability in kindergarten software
https://www.zdnet.com/article/bulgarian-it-expert-arrested-after-demoing-vulnerability-in-kindergarten-software/#ftag=RSSbaffb68
Third-Party Risk Management: Asking the Right Questions
https://www.bankinfosecurity.com/interviews/third-party-risk-management-asking-right-questions-i-4368
New attack campaign targets vulnerable WordPress sites to alter their titles
https://cyware.com/news/new-attack-campaign-targets-vulnerable-wordpress-sites-to-alter-their-titles-a4db6036
postgresql CVE-2019-10164
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10164
Huawei Mate 20 X 路徑遍歷漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5221
多款Qualcomm產品緩衝區錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2238
qemu CVE-2019-12928 CVE-2019-12929
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12928
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12929
pivotal spring security CVE-2019-11272
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11272
Cisco Data Center Network Manager CVE-2019-1619 CVE-2019-1620
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1619
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1620
Bulgarian IT expert arrested after demoing vulnerability in kindergarten software
https://www.zdnet.com/article/bulgarian-it-expert-arrested-after-demoing-vulnerability-in-kindergarten-software/
With new feature update calendar, Microsoft finally settles on a sensible Windows 10 release schedule
https://zd.net/2Jtjrhm
New Windows 10 20H1 test build adds new notification-settings options
https://www.zdnet.com/article/new-windows-10-20h1-test-build-adds-new-notification-settings-options/#ftag=RSSbaffb68
17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device
https://thehackernews.com/2019/07/firefox-same-origin-policy-hacking.html
Thousands Left Vulnerable in Nexus Repository
https://www.infosecurity-magazine.com/news/thousands-left-vulnerable-in-nexus/
Microsoft Exchange 2003 - base64-MIME Remote Code Execution
https://www.exploit-db.com/exploits/47076
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)
https://www.exploit-db.com/exploits/46998
Tor Project to fix bug used for DDoS attacks on Onion sites for years
https://www.zdnet.com/article/tor-project-to-fix-bug-used-for-ddos-attacks-on-onion-sites-for-years/#ftag=RSSbaffb68
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
五家銀行「大到不能倒」合庫銀落在邊緣 第六名
https://www.cmmedia.com.tw/home/articles/16282
銀行資料上雲端哪些新規定?實地查核怎麼做?金管會雲端委外8大重點一次看
https://www.ithome.com.tw/news/131678
純網銀作領頭羊!樂天引進科技生態系統
http://bit.ly/2J0z4Os
國際假卡黨再現 路氹酒店等3部ATM機被做手腳
https://hk.on.cc/hk/bkn/cnt/news/20190628/bkn-20190628125056521-0628_00822_001.html
中國大陸券商加急招聘CIO:3個月內10位首席信息官亮相
https://news.sina.com.tw/article/20190629/31796342.html
中國證監會與柬埔寨證券交易委員會簽署《證券期貨監管合作諒解備忘錄》
https://www.finet.hk/newscenter/news_content/5d1702a8bde0b35bf2ad9fe4
中國鼓勵黨政人員「合法炒股」 中網友酸:為國捐軀
https://news.ltn.com.tw/news/world/breakingnews/2837128
開放銀行要來了 將以「打群架」改變金融生態系
https://news.cnyes.com/news/id/4347954
虛銀招兵買馬迎大戰 恒生前Banker加盟螞蟻銀行
https://hk.finance.appledaily.com/finance/daily/article/20190702/20718303
替北韓洗錢 學者:陸3銀行面臨金融死刑
http://bit.ly/2J70QZP
新加坡開放五張數位銀執照 提供非銀行企業申請
https://money.udn.com/money/story/5602/3900701
通過壓力測試,美大型銀行擴大回饋股東
https://ww2.money-link.com.tw/RealtimeNews/NewsContent.aspx?sn=3909938001&pu=News_0005_2
美股收紅!投資人關注G20川習會 Fed公布「銀行壓力測試結果」
https://www.ettoday.net/news/20190629/1477884.htm
LINE年會/目標成為亞洲第一FinTech平台
https://www.chinatimes.com/realtimenews/20190628001598-260412?chdtv
銀行+壽險 元大金強攻區塊鏈
https://www.chinatimes.com/newspapers/20190627000287-260202?chdtv
開放銀行啟動 13業者上架
https://money.udn.com/money/story/5613/3908504
臺灣開放銀行大進展!首版Open API標準出爐,2大準則5項安控13家銀行先支援
https://www.ithome.com.tw/news/131648
台灣開放API初步成果 13家金融業上架
https://www.chinatimes.com/realtimenews/20190703001715-260410?chdtv
開放API 13家銀行搭頭班車
https://ctee.com.tw/news/finance/113492.html
提款機大盜愛挑德國犯案 一年炸毀369台ATM
http://bit.ly/2XNtuqW
日本拚消費 推無現金交易
https://udn.com/news/story/6811/3908334
表現好反被懲罰?銀行喊苦的新制上路
http://bit.ly/2xwTBn2
國際清算銀行將於新加坡設創新中心
http://bit.ly/2XFYHfF
第一家企金手機OTP服務 星展火速上線
https://www.chinatimes.com/realtimenews/20190703004079-260410?chdtv
香港銀行公會指環聯將恢復網上查閱服務
http://www.metroradio.com.hk/News/default.aspx?NewsId=20190705175808
3.電子支付/電子票證/行動支付/ pay/新聞及資安
日兩大便利店推自家手機支付 首日系統現故障
http://bit.ly/2JhY6aN
斯洛伐克4家銀行開始提供APPLE PAY行動支付及電子錢包服務
http://bit.ly/2RO5L4s
上海商業儲蓄銀行將於109年1月1日起配合臺灣行動支付(股)公司停止提供「t-wallet行動支付APP」服務。
https://www.scsb.com.tw/content/news/news_080628.jsp
TSM行動金融卡服務終止公告
https://wwwfile.megabank.com.tw/other/bulletin08_1.asp?sno=1066
又一手機廠商入局移動支付 遲到的OPPO Pay如何搶奪用戶
https://pttnews.cc/c3ed029241
[討論] 無印良品 使用行動支付遭拒
https://www.ptt.cc/bbs/MobilePay/M.1561636038.A.3F4.html
央行:一季度網路支付58萬億元
https://news.sina.com.tw/article/20190704/31845834.html
電子支付大鬆綁 三大場所開放使用
https://news.cts.com.tw/cts/life/201907/201907031966253.html
LINE Pay攜手PAYCO 啟動跨境支付服務
https://www.cna.com.tw/news/afe/201907030255.aspx
日本7-Eleven手機支付新app被駭,近900名用戶損失5500萬日幣
https://www.ithome.com.tw/news/131677
7Pay 一推出即被破 重置密碼存漏洞恐損電子支付形象
http://bit.ly/2Nxwofv
Wallet killer: Why Apple Card is the next best thing to getting an RFID implant
https://www.zdnet.com/article/apple-card-the-next-best-thing-to-getting-an-rfid-implant/#ftag=RSSbaffb68
4.虛擬貨幣/區塊鍊 新聞及資安
LINE加密貨幣交易所在星 不會在台推出
https://udn.com/news/story/11316/3898809
拚全球FinTech與資安強國 以色列這樣做
https://ec.ltn.com.tw/article/breakingnews/2841103
高盛擬運用區塊鏈技術 將資產數碼化
https://www2.hkej.com/instantnews/international/article/2177825
新加坡虛擬通貨交易所Bitrue遭駭客攻擊,損失430萬美元
http://www.bitfunance.com/article/598
交易所 Bitrue 遭駭 1.2 億台幣,官方:用戶損失會獲得 100% 退款
https://staging.blocktempo.com/singapore-exchange-bitrue-hacked-for-over-4-million-in-crypto/
STO監理規範出爐!BITPoint Taiwan執行長郭雅寧:BITPoint Taiwan將嘗試取得證券自營商許可證照
http://bit.ly/2RMflVB
STO框架出爐後,MaiCoin創辦人劉世偉:將申請證券自營商許可證照,但投資人的投資方式不該只限縮於台幣交易
http://bit.ly/2NqOSy7
全球首創訂 STO 專門規範,金管會法規 10 月出爐
https://finance.technews.tw/2019/06/28/sto-specification-taiwan-october/
STO監管框架終於出爐!ACE王牌數位資產交易所總經理潘奕彰:將嘗試取得證券自營商許可證照
http://bit.ly/2FKw2M3
證券型代幣發行規範 10月上路 立委擬成立推動聯盟
http://bit.ly/2NoHV0C
現在全球有超過5,000台比特幣自動櫃員機
https://cointmr.com/__trashed/?fbclid=IwAR0RiP4sjh7UpQatjjhWS6Sx18fZjXvrrMpsE7tLWXaPiwnf1moHxp2rCSo
證交所:金管會開放符合一定條件的證券商可發行證券商發行指數投資證券(ETN) 今年4月上線
https://www.taiwannews.com.tw/ch/news/3736490
領先全球!證券虛擬幣納管 發行規範10月正式上路
https://money.udn.com/money/story/5/3896691
拚全球FinTech與資安強國 以色列這樣做
https://ec.ltn.com.tw/article/breakingnews/2841103
末日博士 Nouriel Roubini:比特幣根本不去中心,區塊鏈一點用都沒有
https://www.inside.com.tw/article/16781-Nouriel-Roubini-in-abs
全球央行紅色警戒,臉書幣Libra為何可能超越比特幣
https://money.udn.com/money/story/9740/3905372
比特幣ETF是什麼東東
https://news.sina.com.tw/article/20190702/31828016.html
虛擬貨幣納管 資誠:規範過嚴恐影響業者
https://udn.com/news/story/7239/3905964
Facebook 遭多方施壓叫停 Libra美立法者、民間機構連發函籲嚴管
https://news.cnyes.com/news/id/4350471
日本央行行長:Libra可能會損害日本的金融穩定
http://news.knowing.asia/news/9bf8ad11-2481-463d-a63b-695d9b52c2eb
Facebook高管為「天秤幣」辯護:我們沒有控制權
https://news.sina.com.tw/article/20190704/31846590.html
全球財富向加密貨幣領域轉移, iSunOne橫空出世,提供數字貨幣財富管理及加密社交服務
http://n.yam.com/Article/20190703385089
澳洲銀行跟IBM合作區塊鏈技術
https://m.ctee.com.tw/livenews/gj/a98601002019070411244182
由Libra引發的思考:「超主權貨幣」不可能實現
http://news.knowing.asia/news/552b6471-8b22-43f3-b3b1-bf25f5eb3569
英國金融行為監管局,批准了首個加密貨幣避險基金
http://news.knowing.asia/news/842e778c-6ac0-4900-a74e-99dd4de8b434
立法委員許毓仁:區塊鏈的廣泛使用,將使人性光輝更加放大
http://bit.ly/30gbuD7
Monero安全漏洞可能已經看到XMR從加密貨幣交易所被盜
https://0xzx.com/201907050328154351.html
Facebook的Libra,就像50年前就存在的貨幣市場基金
http://news.knowing.asia/news/479e56e8-5de1-4621-b281-ad1b5acc6692
區塊鏈安全入門筆記系列一
https://paper.seebug.org/973/
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
Conficker / Download病毒的偵測、清除/預防
http://bit.ly/2RNVQM1
Mirai 變種Echobot 殭屍網絡有26 個漏洞利用
https://www.chainnews.com/articles/866425028271.htm
網釣新招術:把惡意連結藏在QR Code中
https://www.ithome.com.tw/news/131603
找難的做、絕不妥協!卡巴斯基造防毒帝國:最佳防禦是攻擊
https://www.setn.com/News.aspx?NewsID=534615
讓電腦科學家難以入眠的大事:當「勒索軟體」結合人工智慧
https://www.thenewslens.com/feature/timefortune/121436
醫療郵政銀行癱瘓三週後,佛羅里達兩城市接連向駭客屈服支付超過千萬的比特幣贖金
http://bit.ly/2JhMA0p
假冒成Flash播放器的Mac惡意程式曝光
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=30659
每五分鐘跳出全螢幕廣告! 182個免費遊戲和相機應用程式夾帶廣告軟體,已被下載逾九百萬次
https://blog.trendmicro.com.tw/?p=61057
Crimeware for Sale: The Commoditization of ATM Malware in the Cybercriminal Underground
http://bit.ly/323csnQ
Kaspersky tracks down major new ransomware
https://www.itproportal.com/news/kaspersky-tracks-down-major-new-ransomware/
More US Cities Battered by Ransomware
https://www.bankinfosecurity.com/more-us-cities-battered-by-ransomware-a-12710
“We need to up our game”—DHS cybersecurity director on Iran and ransomware
https://arstechnica.com/tech-policy/2019/06/we-need-to-up-our-game-dhs-cybersecurity-director-on-iran-and-ransomware/
Fake jquery campaign leads to malvertising and ad fraud schemes
https://blog.malwarebytes.com/threat-analysis/2019/06/fake-jquery-campaign-leads-to-malvertising-and-ad-fraud-schemes/
Two Florida Cities Paid $1.1 Million to Ransomware Hackers This Month
https://thehackernews.com/2019/06/florida-ransomware-attack.html
Exclusive: German Police Raid OmniRAT Developer and Seize Digital Assets
https://thehackernews.com/2019/06/police-raid-omnirat-developer.html
Brazil leads in ransomware attacks
https://www.zdnet.com/article/brazil-leads-in-ransomware-attacks/#ftag=RSSbaffb68
Sodin ransomware exploits Windows vulnerability and processor architecture
https://securelist.com/sodin-ransomware/91473/
Ransomware attacks: Why and when it makes sense to pay the ransom
https://www.zdnet.com/article/why-and-when-it-makes-sense-to-pay-the-ransom-in-ransomware-attacks/#ftag=RSSbaffb68
Android spyware campaign spreads across the Middle East
https://www.zdnet.com/article/android-spyware-campaign-spreads-across-the-middle-east/#ftag=RSSbaffb68
QUICK POST: FAKE UPDATES CAMPAIGN SENDS CHTHONIC
https://www.malware-traffic-analysis.net/2019/06/28/index.html
Hackers Can Abuse Microsoft Excel Power Query For Malware Attacks
https://latesthackingnews.com/2019/07/01/hackers-can-abuse-microsoft-excel-power-query-for-malware-attacks/
Facebook Removes Accounts Used to Infect Thousands With Malware
https://threatpost.com/facebook-malware-laced-links/146149/
Facebook abused to spread Remote Access Trojans since 2014
https://www.zdnet.com/article/facebook-abused-to-spread-houdini-spynote-trojans-since-2014/
Researchers crack open Facebook campaign that pushed malware for years
https://arstechnica.com/information-technology/2019/07/five-year-old-facebook-campaign-pushed-malware-on-100000-followers/
Facebook Takes Down Pages Loaded With Malware
https://www.bankinfosecurity.com/facebook-takes-down-pages-loaded-malware-a-12715
ETERNALBLUE sextortion scam puts your password where your name should be
https://nakedsecurity.sophos.com/2019/07/01/eternalblue-sextortion-scam
New Silex malware is bricking IoT devices, has scary plans
https://www.zdnet.com/article/new-silex-malware-is-bricking-iot-devices-has-scary-plans/
Riltok mobile Trojan: A banker with global reach
https://securelist.com/mobile-banker-riltok/91374/
Exclusive: German Police Raid OmniRAT Developer and Seize Digital Assets
https://thehackernews.com/2019/06/police-raid-omnirat-developer.html
New Dridex Variant Evading Traditional Antivirus
https://www.esentire.com/blog/new-dridex-variant-evading-traditional-antivirus/
New variant of Dridex banking Trojan implements polymorphism
https://securityaffairs.co/wordpress/87828/malware/dridex-banking-trojan-polymorphism.html
The Gopher in the Room: Analysis of GoLang Malware in the Wild
https://unit42.paloaltonetworks.com/the-gopher-in-the-room-analysis-of-golang-malware-in-the-wild/
Analyzing Ursnif’s Behavior Using a Malware Sandbox
https://www.vmray.com/cyber-security-blog/analyzing-ursnif-behavior-malware-sandbox/
SectorC08: Multi-Layered SFX in Recent Campaigns Target Ukraine
https://threatrecon.nshc.net/2019/06/25/sectorc08-multi-layered-sfx-recent-campaigns-target-ukraine/
Newly discovered Spelevo exploit kit found compromising B2B site to distribute IcedID and Dridex trojans
http://bit.ly/2FXuEGe
Ten years later, malware authors are still abusing 'Heaven's Gate' technique
https://www.zdnet.com/article/malware-authors-are-still-abusing-the-heavens-gate-technique/#ftag=RSSbaffb68
RATs and stealers rush through “Heaven’s Gate” with new loader
https://blog.talosintelligence.com/2019/07/rats-and-stealers-rush-through-heavens.html
First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol
https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol/
An Analysis of Godlua Backdoor
https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
WannaLocker ransomware found combined with RAT and banking trojan
https://www.scmagazine.com/home/security-news/ransomware/wannalocker-ransomware-found-combined-with-rat-and-banking-trojan/
2019-07-03 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE
https://www.malware-traffic-analysis.net/2019/07/03/index.html
2019-07-02 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE
https://www.malware-traffic-analysis.net/2019/07/02/index2.html
Sodinokibi ransomware is now using a former Windows zero-day
https://www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/#ftag=RSSbaffb68
New Golang malware plays the Linux field in quest for cryptocurrency
https://www.zdnet.com/article/new-golang-malware-plays-the-field-in-quest-for-cryptocurrency/#ftag=RSSbaffb68
A Quick and Efficient Method For Locating the main() function of Linux ELF Malware Variants
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/njKDtIWkpAA/
B.行動安全 / iPhone / Android /穿戴裝置 /App
一年未處理漏洞:約會應用Jack'd被處以24萬美元罰金
https://news.sina.com.tw/article/20190629/31795234.html
《還願》中國發行商被勒令停業,理由是「危害國家安全」
https://www.inside.com.tw/article/16776-Devotion-Indievent-China
【全記錄】LINE 總部 2019 年會 LINE CONFERENCE 重點整理
https://www.inside.com.tw/article/16752-LC-2019
疑遭DDoS攻擊 FB、IG、WhatsApp齊故障 無法下載圖片、錄音
http://bit.ly/2xtlxby
可怕!中國被爆強迫邊境旅客裝惡意軟體 監視個人訊息
https://news.ltn.com.tw/news/world/breakingnews/2840935
進入新疆地區的外國遊客被迫安裝Android惡意程式
https://www.ithome.com.tw/news/131631
5G釋照遊戲新規則 須提資安計畫、設資安長
http://bit.ly/30ejFQc
見到 QR Code 就掃?機場的 Wi-Fi很安全?暑假出國旅遊的網路安全三大備忘清單
https://blog.trendmicro.com.tw/?p=56093
【手機病毒 】會竊取17 種Android手機資料的網路間諜Bouncing Golf ,透過社群媒體散播
https://blog.trendmicro.com.tw/?p=61036
Fake Samsung firmware update app tricks more than 10 million Android users
https://www.zdnet.com/article/fake-samsung-firmware-update-app-tricks-more-than-10-million-android-users/#ftag=RSSbaffb68
'Legit Apps Turned into Spyware' Targeting Android Users in Middle East
https://thehackernews.com/2019/06/android-malware-hacking.html
Real world 5G not ready for primetime in 2019
https://www.zdnet.com/article/real-world-5g-not-ready-for-primetime-in-2019/
iOS tip: How to clear your iPhone's RAM and make it faster
https://www.zdnet.com/article/ios-tip-how-to-clear-your-iphones-ram-and-make-it-faster5/#ftag=RSSbaffb68
Getnord Lynx: Super-tough Android smartphone with a massive battery
https://www.zdnet.com/article/getnord-lynx-super-tough-android-smartphone-with-a-massive-battery/#ftag=RSSbaffb68
Getnord Lynx: Super-tough Android smartphone
https://www.zdnet.com/pictures/getnord-lynx-super-tough-android-smartphone/#ftag=RSSbaffb68
China's Border Guards Secretly Installing Spyware App on Tourists' Phones
https://thehackernews.com/2019/07/xinjiang-fengcai-spyware.html
Chinese officials reportedly installed a surveillance app on tourists' phones
https://www.engadget.com/2019/07/02/china-border-agents-installing-surveillance-app-tourist-phones/
China Is Forcing Tourists To Install A Smartphone App That Steals Personal Data
http://bit.ly/2JekG57
Chinese border guards put secret surveillance app on tourists' phones
http://bit.ly/2FSbXU4
Xinjiang: How China Uses A Spying Smartphone App To Automate Citizen Oppression
http://bit.ly/2JoKjiA
China’s Algorithms of Repression Reverse Engineering a Xinjiang Police Mass Surveillance App
https://www.hrw.org/report/2019/05/01/chinas-algorithms-repression/reverse-engineering-xinjiang-police-mass-surveillance
AppTrana — Website Security Solution That Actually Works
https://thehackernews.com/2019/07/apptrana-web-application-security.html
Android July 2019 Security Update Patches 33 New Vulnerabilities
https://thehackernews.com/2019/07/android-security-update.html
New cheaper iPhone would drop a flagship feature
https://www.zdnet.com/article/new-cheaper-iphone-would-drop-a-flagship-feature/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
不破解wifi密碼就出不去!HITCON推出「駭客版」密室逃脫遊戲
http://bit.ly/306ieDw
董監事需正視的資安議題
http://bit.ly/2FK46rA
這項資訊安全技術,已是駭客們的心頭好
http://bit.ly/32cQS0b
韓國瑜砲打中央不協助防疫 台灣「駭客始祖」出面打臉
https://news.ltn.com.tw/news/politics/breakingnews/2839814
2020普查最怕駭客、當機、假消息
http://bit.ly/2XJYVlT
研究人員以強化學習破解reCaptcha v3
https://www.ithome.com.tw/news/131594
網路安全廠商爆 EA 資安漏洞,攻擊者可自由竊取玩家帳戶
https://tw.esports.yahoo.com/ea-090031336.html
兩名GnuPG開發人員的憑證遭垃圾簽章淹沒
https://www.ithome.com.tw/news/131674
駭客攻擊索尼開發商,被法院判賠百萬還得坐牢兩年
https://tw.esports.yahoo.com/ddos-hack-025424961.html
造成遊戲界重大傷害的 DDOS 攻擊發動駭客將入獄服刑
https://gamelife.tw/thread-47485-1-1.html
駭客因對Daybreak Game伺服器發起DDoS攻擊而被判入獄兩年
http://big5.pconline.com.cn/b5/news.pconline.com.cn/1273/12733269.html
揭發港航保安漏洞反被控未獲授權下取用資料 被告判自簽$1500守行為1年
http://bit.ly/2Jir2iE
港航網上系統現漏洞 男乘客通告不果反被指取用資料 准守行為
http://bit.ly/2XMHm4E
企業上雲往往漏洞百出,專家點出資安界20年來未解的問題
http://bit.ly/2Xjz8Bt
關鍵基礎施設穩定運作的根基:網路安全
http://www.tvet3.info/20190701/
暗網潛航——公共醫療系統的安全風險
http://bit.ly/2JtGd99
DarkHotel駭客組織針對中國外貿人士的最新攻擊活動披露
https://s.tencent.com/research/report/741.html
保加利亞駭客在公開幼兒園軟件漏洞後被捕
https://www.77169.com/html/238538.html
谷歌帳號遭入侵 店家報案怨警"冷處理" 遭破解密碼企圖登入 警稱"無實際損害" 薪轉資料恐遭竊 警:人手不足非拒受理
https://www.ttv.com.tw/news/view/10806280017300N/573
反送中信息“樞紐”網站疑遭國家級黑客攻擊一度癱瘓
http://bit.ly/2Jv2VxE
香港多家媒體網站當機 大規模網攻疑來自中國
https://www.ntdtv.com/b5/2019/07/02/a102614305.html
全球部分網站突掛點 起因Cloudflare服務大當機
https://www.nownews.com/news/20190703/3478598/
Cloudflare疑受網絡攻擊連環死機 連登、高登、立場等一度癱瘓
http://bit.ly/2XqTxoz
Cloudflare全球大當機原因出爐:配置錯誤的軟體更新
https://www.ithome.com.tw/news/131630
美政府警告駭客正在攻擊Outlook漏洞
https://www.ithome.com.tw/news/131632
養虎為患!外媒揭美企洩露中共x86技術
http://www.ntdtv.com.tw/b5/20190628/video/248546.html
美研究指設備存巨大漏洞 華府官員:華為沒誠意改善
http://bit.ly/2YpWUbs
Nokia警告英國 華為設備存漏洞 為5G網絡構成風險
http://bit.ly/2XovEhq
荷蘭警告網絡安全威脅華為設備安全漏洞百出
http://www.51testing.com/html/32/n-4461232.html
美公共警報系統曝漏洞專家:警惕預警系統上演狼來了
https://www.4hou.com/mobile/18929.html
華為遇挫 起訴美國芯片設計商竊密被判敗訴
https://www.ntdtv.com/b5/2019/06/27/a102610642.html
資安業者Finite State:近1萬款華為設備韌體中,有55%含有潛在後門
https://ithome.com.tw/news/131516
華為參與中共軍方研究計劃 設備有後門
https://www.ntdtv.com/b5/2019/06/29/a102611482.html
新加坡或用華為建 5G 生態圈,將斥資近 3,000 萬美元
https://technews.tw/2019/06/28/singapore-5g-ecosystem-huawei/
中國大陸網絡安全漏洞管理閉門研討會召開
https://www.aqniu.com/industry/50910.html
中共獲授權設域名根服務器 專家:風險更多
http://www.epochtimes.com/b5/19/6/27/n11350364.htm
荷情報:中共等網路間諜活動升級
http://bit.ly/2J0BWus
澳洲強化資訊戰力 漸收成效
https://www.ydn.com.tw/News/342600
英國ISP點名網路惡棍,川普、Mozilla入圍
https://www.ithome.com.tw/news/131681
陸委會報告:中共威權滲透及經社融合威脅香港自治
https://udn.com/news/story/7331/3903512
中共駭客進擊美、日、印度科技企業
https://news.pchome.com.tw/internation/gpwb/20190628/index-56165312084316201011.html
俄版Google遭駭 五眼聯盟有份
https://news.ltn.com.tw/news/world/paper/1299530
駭來駭去!傳五眼聯盟入侵俄羅斯搜尋引擎Yandex
https://www.ithome.com.tw/news/131540
G20峰會見普丁 川普開玩笑要他「別干涉選舉」
https://www.nownews.com/news/20190629/3471175/
公安上門查戶口 叮嚀台人不要談論香港
http://bit.ly/2KQ9e1Q
建立跨境數據流通及資安規範 安倍在G20推「大阪框架」
https://news.ltn.com.tw/news/world/breakingnews/2837745
美眾院情報委員會通過法案 防中國干預台灣大選
https://www.cna.com.tw/news/firstnews/201907020155.aspx
調查局再破共諜網 國軍包商涉刺探軍機遭收押
https://udn.com/news/story/7321/3908754
韓粉專頁操盤網軍...來自中國...自稱騰訊員工...中共建構的網軍已對世界各國政府發動駭客攻擊,對台灣尤甚
http://blog.udn.com/lin236868/127883514
美軍研發的資安工具 如何變成網路黑市的隱密服務
https://www.mirrormedia.mg/story/20190624intdarkwebcase
200米外的心跳聲能辨識身分!美國國防部開發從遠端偵測心跳就能辨識身分的Jetson系統
https://www.ithome.com.tw/news/131595
輕巧無聲 美陸軍啟用步兵掌上型無人偵察機
https://www.chinatimes.com/realtimenews/20190628004089-260417?chdtv
僅15公分的微型無人機 成阿富汗美軍新武器
https://udn.com/news/story/7086/3903665
美空軍升級空軍信息網網絡漏洞評估/搜尋系統
http://www.sohu.com/a/324616772_313834
日防衛相就宙斯盾調查出錯向山口縣知事道歉
https://tchina.kyodonews.net/news/2019/07/9bc2d43df364.html
美國將中國列為敵對國家!台灣怎麼遠離「邪惡軸心」
https://life.taronews.tw/2019/07/02/381148/
U.S. Government Makes Surprise Move To Secure Power Grid From Cyberattacks
http://bit.ly/2Jnzpts
PGP SKS key network poisoned by unknown hackers
https://www.zdnet.com/article/openpgp-flooded-with-spam-by-unknown-hackers/#ftag=RSSbaffb68
Huawei Offers 'No Backdoor' Assurance, But Tests Are Needed
https://www.bankinfosecurity.asia/blogs/huawei-offers-no-backdoor-assurance-but-tests-are-needed-p-2762
Alleged Cyber Attack on Russia's Yandex Used Malware Tied to Western Intelligence
https://gizmodo.com/alleged-cyber-attack-on-russias-yandex-used-malware-tie-1835990481
Singapore government to run another bug bounty
https://www.zdnet.com/article/singapore-government-to-run-another-bug-bounty/#ftag=RSSbaffb68
Almost half of US home security system owners admit their systems were switched off before a break in
https://zd.net/2xuG4fQ
Germany and the Netherlands to build the first ever joint military internet
https://www.zdnet.com/article/germany-and-the-netherlands-to-build-the-first-ever-joint-military-internet/#ftag=RSSbaffb68
Singapore unveils framework to facilitate 'trusted' data-sharing between organisations
https://www.zdnet.com/article/singapore-unveils-framework-to-facilitate-trusted-data-sharing-between-organisations/#ftag=RSSbaffb68
Cloudflare Calls Internet Outage 'Small Heart Attack'
https://www.bankinfosecurity.com/interviews/cloudflare-calls-internet-outage-small-heart-attack-i-4367
ENISA Gets Permanent Mandate as EU Tackles Cybersecurity
https://www.bankinfosecurity.eu/enisa-gets-permanent-mandate-as-eu-tackles-cybersecurity-a-12702
The Intelligence Network: BAE Systems’ 1,500-Strong Coalition to Tackle Cyber Fraud
https://www.cbronline.com/interview/the-intelligence-network-bae-systems
UK watchdog singles out Google, Facebook in advertising probe
https://www.zdnet.com/article/uk-watchdog-singles-out-google-facebook-in-advertising-probe/#ftag=RSSbaffb68
UK ISP group names Mozilla 'Internet Villain' for supporting 'DNS-over-HTTPS'
https://www.zdnet.com/article/uk-isp-group-names-mozilla-internet-villain-for-supporting-dns-over-https/#ftag=RSSbaffb68
Qatar Issues Aviation Cybersecurity Guidelines
https://www.bankinfosecurity.in/qatar-issues-aviation-cybersecurity-guidelines-a-12706
Iranian Threat Actor Amasses Large Cyber Operations Infrastructure Network to Target Saudi Organizations
https://go.recordedfuture.com/hubfs/reports/cta-2019-0626.pdf
ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit
http://bit.ly/2JhMLZD
NZ finally updates its cybersecurity strategy, so where's Australia's
https://www.zdnet.com/article/nz-finally-updates-its-cybersecurity-strategy-so-wheres-australias/#ftag=RSSbaffb68
Engineer faces 219 years in prison for smuggling US military chips to China
https://www.zdnet.com/article/engineer-found-guilty-of-trying-to-sell-military-chips-to-china/#ftag=RSSbaffb68
Internet Trends 2019 Mary Meeker Report
https://medium.com/utopiapress/internet-trends-2019-mary-meeker-report-bd70d202c845
Hacker who launched DDoS attacks on Sony, EA, and Steam gets 27 months in prison
https://www.zdnet.com/article/hacker-who-launched-ddos-attacks-on-sony-ea-and-steam-gets-27-months-in-prison/#ftag=RSSbaffb68
DDoS Attacker Who Ruined Gamers' Christmas Gets 27 Months in Prison
https://thehackernews.com/2019/07/christmas-ddos-attacks.html
【知名資安領導廠商】資深 PHP 工程師
https://m.1111.com.tw/job/85997800/
資安工程師
https://ilabor.ntpc.gov.tw/cloud/GoodJob/job_title/604431961
助理工程師
https://www.cakeresume.com/companies/jobexpress-zh_tw-about/jobs/assistant-engineer-c1a03e
【資安所】智慧雲端中心-MIS工讀
https://www.104.com.tw/job/6i1kv
資安資深管理專業人員
https://www.104.com.tw/job/6nths
資安管理專業人員
https://www.104.com.tw/job/6nthj
教育處(教育網路中心)徵臨時人員(資安分析師)
http://bit.ly/2XqFESj
Data Engineer 資料科學家
https://www.104.com.tw/job/6low3?fbclid=IwAR22gwQ9KoCmD3Opod9HR1Qc8MNka7GUnJZKiPIDAZoJEG4BpmTGKe_U__g
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
「鑽線上服務漏洞」每次只騙1.99元 信用卡盜刷新手法
http://bit.ly/2JoFoyh
神偽裝! APWG報告:近六成網路釣魚網站,使用 HTTPS 協定
https://blog.trendmicro.com.tw/?p=61049
網路用戶擔心成為身份盜用和帳戶侵權的受害者
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=&id=0000562979_Q9OLFHR96OX3LUL20182X
假新聞讓資安專家反成殺人嫌犯
http://bit.ly/2L1dbRq
研究:網釣服務與套件讓業餘駭客也能使用高級的閃避偵測技術
https://www.ithome.com.tw/news/131608
網銀有「隱藏版功能」?空姊10分鐘被騙3萬
https://www.chinatimes.com/realtimenews/20190629002825-260402?chdtv
國際假卡黨再現 路氹酒店等3部ATM機被做手腳
https://hk.on.cc/hk/bkn/cnt/news/20190628/bkn-20190628125056521-0628_00822_001.html
新北警模擬個資外洩事件演練 備而不用
https://money.udn.com/money/story/5635/3900557
老翁貪抽佣 當駭客集團人頭洗錢帳戶被訴
http://m.match.net.tw/pc/news/local/20190704/4945783
國際駭客偷電郵改帳號 貨款59萬美金全進他的帳戶
https://www.ettoday.net/news/20190704/1482003.htm
發現港航系統保安漏洞存取他人網上登機證 向傳媒報料自爆身份 公關稱無妄之災
https://hk.news.appledaily.com/local/realtime/article/20190703/59785523
批港警侵人權 國際駭客公布逾600警個資
http://bit.ly/2XhS5EX
港警個資遭洩逮8人 不排除擴大抓人
https://news.ltn.com.tw/news/world/breakingnews/2841726
不滿暴力鎮壓反送中 8人洩漏港警個資遭逮
http://bit.ly/2Jb6qKy
現實版真實上演 張文綺媽遭騙2千多萬難討回
http://bit.ly/2LxnCeO
戰地醫生借12萬要離開戰區? 原來是境外匯款詐騙
https://udn.com/news/story/7321/3901680
中國智慧家庭設備恐洩露20億筆用戶資料
https://www.ithome.com.tw/news/131605
又是弱密碼惹的禍!德國20歲學生入侵近千名公眾人物帳號並公布他們的個資
https://www.ithome.com.tw/news/128140
多數媒體誤報!銓敘部外洩個資並不含手機號碼在內
https://www.ithome.com.tw/news/131672
不是駭客!我情治人員名單曝光 是內鬼幹的
https://www.chinatimes.com/realtimenews/20190703001479-260402?chdtv
電腦主機遭植入木馬 國安8大情治人員個資全被偷光
http://bit.ly/2xyadLn
國安單位公務員個資外洩 行政院證實2012年遭洩
http://bit.ly/2XLom6I
國際神祕5眼聯盟示警 行政院緊急補破網
http://bit.ly/2JkTe4E
文官個資外洩因境外攻擊 手法近似中國特定網軍
https://news.tvbs.com.tw/politics/1159787
【情報員個資洩光光】銓敘部遭駭手法曝光 與中國網軍「攻美護主」模式雷同
https://www.mirrormedia.mg/story/20190703inv007
24萬公務員通通有獎 個資外洩可向銓敘部求償2億
http://bit.ly/2YwsPqJ
59萬個資外洩論壇 國安單位全中獎
http://bit.ly/2XQPe52
非駭客所為!銓敘部疑有內鬼 59萬筆情治人員名單外洩 受害者可求償
https://cnews.com.tw/140190704a02/
情報員個資在馬政府時期就外洩?王定宇:時任政委張善政推動資訊開放
http://bit.ly/2XHjO16
文官個資遭駭掀科技戰危機 專家:成立「混合威脅對策小組」破解
https://www.cmmedia.com.tw/home/articles/16339
台灣軍警人員個資遭外洩,在美國駭客交流網站上以「10 歐元」的價格販售!
https://buzzorange.com/techorange/2019/07/03/military-unit-data-leak/
傳8大情治系統資料外洩 政院:皆一般性資料
https://www.chinatimes.com/realtimenews/20190703002525-260407?chdtv
8大情治系統個資也外流?政院:被洩露的是一般公務員
http://bit.ly/327ul4Y
8大情治系統個資全都露?政院:僅一般行政人員個資
https://m.ltn.com.tw/news/politics/breakingnews/2841073
2大情報頭子身分曝光 台情報網陷瓦解危機
http://bit.ly/2LCkDBW
台灣有可能用「網路實名制」打擊假新聞嗎
https://opinion.udn.com/opinion/story/11678/3909930
List of data breaches and cyber attacks in June 2019 – 39.7 million records leaked
https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-june-2019-39-7-million-records-leaked
Under 45s trust bots over humans with personal data
https://www.zdnet.com/article/under-45s-trust-bots-over-humans-with-personal-data/#ftag=RSSbaffb68
UpGuard: Unsecured Amazon S3 Buckets Exposed 1TB of Data
https://www.bankinfosecurity.com/upguard-unsecured-amazon-s3-buckets-exposed-1tb-data-a-12707
Former Equifax executive sent behind bars for insider trades, profiting on data breach
https://www.zdnet.com/article/former-equifax-executive-sent-behind-bars-for-insider-trading-after-data-breach/#ftag=RSSbaffb68
Smart home maker leaks customer data, device passwords
https://www.zdnet.com/article/smart-home-maker-leaks-customer-data-device-passwords/#ftag=RSSbaffb68
E.研究報告
NSA 攻擊工具事件分析報告
https://portal.cert.tanet.edu.tw/docs/pdf/201907011007565673112506470396.pdf
CVE-2019-11477漏洞詳解詳玩(刪)
https://blog.csdn.net/dog250/article/details/94026591
Laravel5.7反序列化漏洞之RCE鏈挖掘
https://xz.aliyun.com/t/5483
Firefox UAF漏洞分析
https://www.anquanke.com/post/id/181345
微軟RDP服務高危UAF漏洞分析(CVE-2019-0708)
https://www.heibai.org/post/1427.html
路由器漏洞利用入門
https://www.lizenghai.com/archives/17801.html
CVE-2019-11477 漏洞檢測腳本(影響大多數Linux內核)
https://blog.csdn.net/helloexp/article/details/93101328
TCP SACK panic漏洞的解釋和思考
https://www.jishuwen.com/d/2TCn/zh-hk
DVR登錄繞過漏洞_CVE-2018-9995漏洞復現
https://www.cnblogs.com/yuzly/p/11105086.html
由一段神秘文字所引發的調查與分析-- 集勒索、間諜、銀行木馬於一體的Anubis 新變種追踪
https://paper.seebug.org/963/
檢測工控設備SNMP漏洞工具:SNMP Fuzzer
https://www.freebuf.com/sectool/206417.html
研究人員發現Zipato智能網關漏洞,可被利用打開智能門鎖
http://www.zhidx.com/p/151615.html
Windows Error Reporting 0day漏洞分析(CVE-2019-0863)
https://www.anquanke.com/post/id/181457
CVE-2019-2729 WebLogic RCE漏洞白名單補丁分析
https://www.4hou.com/vulnerable/18801.html
關於CMSMS中SQL注入漏洞的複現與分析與利用
https://4hou.win/wordpress/?p=33777
CVE-2019-8635: Apple macOS double free漏洞分析
https://4hou.win/wordpress/?p=33790
CVE-2019-11478 Sack Slowness&Excess Resource Usage漏洞解析與利用
https://blog.csdn.net/dog250/article/details/94654620
利用ElasticSearch Groovy漏洞進行門羅幣挖礦事件分析
http://www.sohu.com/a/324256486_354899
WebLogic遠程命令執行0day漏洞
http://blog.itpub.net/30327022/viewspace-2649348/
個案分析-NSA攻擊工具事件分析報告_10806
https://cert.tanet.edu.tw/prog/opendoc.php?id=201907011007565673112506470396.pdf
OS禦見監測到“蘿莉幫”跨平台殭屍網絡,可發起DDoS攻擊
https://paper.seebug.org/974/
Godlua Backdoor 分析報告
https://paper.seebug.org/972/
微軟RDP 服務高危UAF 漏洞分析(CVE-2019-0708)
https://paper.seebug.org/971/
Shodan BinaryEdge ZoomEye 網絡空間搜索引擎測評
https://paper.seebug.org/970/
OpenCTI-Platform/opencti
https://github.com/OpenCTI-Platform/opencti
amass — Automated Attack Surface Mapping | Daniel Miessler
https://danielmiessler.com/study/amass/
2019 Pass the SALT Slide
https://2019.pass-the-salt.org/schedule/
1001 Ways of Implementing a System Call
https://x86.lol/generic/2019/07/04/kernel-entry.html
Leaked Muddyc3 C2 source. 0xffff0800/muddyc3
https://github.com/0xffff0800/muddyc3
Lynis : Security Auditing Tool for Unix/Linux Systems
https://kalilinuxtutorials.com/lynis-security-auditing-tool-2/
PTF : A Way For Modular Support For Up-To-Date Tools
https://kalilinuxtutorials.com/ptf-pentesters-framework/
How to tell if your Windows laptop battery is worn
https://www.zdnet.com/article/how-to-tell-if-your-windows-laptop-battery-is-worn/#ftag=RSSbaffb68
Netflix, Ford, TD Bank Data Exposed by Open Amazon S3 Buckets
https://www.bleepingcomputer.com/news/security/netflix-ford-td-bank-data-exposed-by-open-amazon-s3-buckets/
Scapy : Python-Based Interactive Packet Manipulation Program & Library
https://kalilinuxtutorials.com/scapy-interactive-packet-manipulation
Aqua Security
https://github.com/aquasecurity
Red Teaming Toolkit Collection
https://0xsp.com/offensive/red-teaming-toolkit-collection
Breaking & Entering with Zipato SmartHubs
https://blackmarble.sh/zipato-smart-hub/
Nuget/Squirrel uncontrolled endpoints leads to arbitrary code execution
https://medium.com/@reegun/update-nuget-squirrel-uncontrolled-endpoints-leads-to-arbitrary-code-execution-b55295144b56
Operation Tripoli - Check Point Research
https://research.checkpoint.com/operation-tripoli/
韓國資安公司AhnLab對Ghostscript CVE-2017-8291分析
https://unit42.paloaltonetworks.com/tale-of-a-windows-error-reporting-zero-day-cve-2019-0863/
[Android] maddiestone/ConPresentations
https://github.com/maddiestone/ConPresentations/blob/master/REcon2019.PathToThePayload.pdf
F.商業
解析灰色警戒 (Gray Alerts):這些警示對企業的意義為何
https://blog.trendmicro.com.tw/?p=60873
精誠攜美商 布局資安防禦
https://money.udn.com/money/story/5710/3901753
台灣大哥大台中國際級規格打造 IDC 居中南部機房之冠,7/1 正式啟用
https://technews.tw/2019/06/28/taiwancloud-idc-taichung/
Nextlink 攻雲端資安環境 共創雙贏
https://money.udn.com/money/story/5635/3897409
Refirm Labs:韌體漏洞的安全防範
http://tw.systex.com/refirm-labs/
Red Hat推出RHEL安全分析服務Insights
https://www.ithome.com.tw/news/131531
Nextcloud推出共筆文字編輯器
https://www.ithome.com.tw/news/131538
看準物聯網73兆元物聯網商機 台灣之星明年連網數目標成長10倍
https://news.cnyes.com/news/id/4349823
Check Point提供Tbps級威脅防護機制
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=&id=0000563092_J9CLS39PLY6HRV19YGOIE
美國科技史上第三大交易!IBM 以一兆台幣收購開源軟體公司紅帽
https://buzzorange.com/techorange/2019/07/04/ibm-merge-redhat-enterpriselinux-fairtrade-permmit/
島內雲端平台存放企業客戶資料 兼顧合規性與安全性 在地化優勢掌握情資 抽絲剝繭解析異常
https://www.netadmin.com.tw/netadmin/zh-tw/trend/19DB3A018CBE44FEB788DBC679E8F450
採邏輯檢測引擎降低識別威脅誤判率,韓國WAF產品進軍臺灣
https://ithome.com.tw/review/131591
Check Point Research 與 CyberInt 協助 EA 改善旗下 Origin 遊戲平台安全漏洞
https://gnn.gamer.com.tw/1/181941.html
解析惡意郵件威脅指標 提升資安防護,眾至自建團隊 累積在地化情資
http://www.sharetech.com.tw/zh-tw/marketing-events/286-net-admin-162
Atmosphère 0.9.2加入圖型設定介面,在Switch上建立虛擬系統更方便
http://bit.ly/32bEpda
Google大數據分析服務Cloud Dataproc終於可以直接套用現成Hadoop資安政策了
https://www.ithome.com.tw/news/131614
微軟與遠傳正式啟動戰略合作,結合5G及雲端技術加速轉型進程
https://www.techbang.com/posts/71242-taiwans-microsoft-and-away-telecom-officially-launch-strategic-cooperation
中信國際電訊CPC與Fortinet合推新一代防火牆 助公司防駭客
http://bit.ly/2L1wObX
【網路流量加密平臺可延伸解析應用程式運用情形】Gigamon推出網路應用透視模組
https://www.ithome.com.tw/news/131686
趨勢科技:手遊、相機APP夾帶惡意程式 下載量近千萬次
https://ec.ltn.com.tw/article/breakingnews/2843845
資安防護的最後一哩路-特權帳號管理
https://mic.iii.org.tw/aisp/ReportS.aspx?id=CDOC20190702005
Microsoft once called Linux 'a cancer,' and that was a big mistake
https://www.zdnet.com/article/microsoft-once-called-linux-a-cancer-and-that-was-a-big-mistake/#ftag=RSSbaffb68
GOOGLE TURNS TO RETRO CRYPTOGRAPHY TO KEEP DATA SETS PRIVATE
https://www.wired.com/story/google-private-join-compute-database-encryption/
Google resurrects Lion of Mosul statue with 3D printing following ISIS destruction
https://www.zdnet.com/article/google-resurrects-lion-of-mosul-with-3d-printing-after-isis-destruction/#ftag=RSSbaffb68
Microsoft Adds 2FA-Protected "Personal Vault" Within OneDrive Cloud Storage
https://thehackernews.com/2019/06/microsoft-onedrive-personal-vault.html
Microsoft asks to join private Linux security developer list
https://www.zdnet.com/article/microsoft-asks-to-join-private-linux-security-developer-list/#ftag=RSSbaffb68
Microsoft developer reveals Linux is now more used on Azure than Windows Server
https://www.zdnet.com/article/microsoft-developer-reveals-linux-is-now-more-used-on-azure-than-windows-server/#ftag=RSSbaffb68
Microsoft Edge gets 'Tracking Prevention' feature
https://www.zdnet.com/article/microsoft-edge-gets-tracking-prevention-feature/#ftag=RSSbaffb68
Wipro's Li-Fi solution could slake the thirst of bandwidth-devouring Indians
https://www.zdnet.com/article/wipros-li-fi-solution-could-slake-the-thirst-of-bandwidth-devouring-indians/#ftag=RSSbaffb68
MongoDB: The cloud keeps rolling but what about legacy modernization
https://www.zdnet.com/article/mongodb-the-cloud-keeps-rolling-but-what-about-legacy-modernization/#ftag=RSSbaffb68
Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time
http://bit.ly/2NJ17Gi
Report: Broadcom in Discussions to Buy Symantec
https://www.bankinfosecurity.com/report-broadcom-in-discussions-to-buy-symantec-a-12717
Symantec shares surge on report Broadcom considers acquisition
https://www.zdnet.com/article/symantec-shares-surge-as-broadcom-considers-acquisition/#ftag=RSSbaffb68
D-Link to undergo security audits for 10 years as part of FTC settlement
https://www.zdnet.com/article/d-link-to-undergo-security-audits-for-10-years-as-part-of-ftc-settlement/#ftag=RSSbaffb68
D-Link Settles With FTC Over Alleged IoT Security Failures
https://www.bankinfosecurity.com/d-link-settles-ftc-over-alleged-iot-security-failures-a-12716
HP, Dell and Microsoft look to join electronics exodus from China
https://asia.nikkei.com/Economy/Trade-war/HP-Dell-and-Microsoft-look-to-join-electronics-exodus-from-China
G.政府
昔日共軍網戰偵蒐重點 國軍網路戰聯隊部址如今解密
https://udn.com/news/story/10930/3900912
資通電軍:購案目的在強化人員資安專業訓練
http://bit.ly/303DEkF
強化資安機制 資通電軍採購資安攻防蒐平台
https://www.ydn.com.tw/News/342228
杜絕中科院再演烏龍洩密案 國防部6月督導武器系統資安防護
http://bit.ly/2FKHVSc
金管會讓步 境外雲端存個資只需3條件
https://www.chinatimes.com/realtimenews/20190628003974-260410?chdtv
銀行雲端資料可放境外 顧立雄:須掌握三原則
https://www.chinatimes.com/realtimenews/20190628003772-260410?chdtv
銀行客戶個資 可存境外雲端
https://www.chinatimes.com/newspapers/20190629000550-260110?chdtv
銀行資料上雲端,金管會准了!符合條件境外公雲也能用
https://www.ithome.com.tw/news/131515
大到不能倒!金管會公布5大系統性銀行 強化監理
https://udn.com/news/story/7239/3896908?from=udn-catelistnews_ch2
看見台灣下一波競爭力,政府與產業聯手落實智慧製造與資安防護
https://futurecity.cw.com.tw/article/686
考試院暨考試委員高度重視公務資安防護
https://www.mocs.gov.tw/pages/detail.aspx?Node=489&Page=6160&Index=1
金融研訓院董事長吳中書傳統金融機構留意五優勢三缺點
http://udndata.com/ndapp/udntag/finance/Article?origid=9351831
Line群組狂轉銓敘部外洩國家情治人員個資,有違反個資法疑慮
https://www.ithome.com.tw/news/131609
5年前就防範中國電信設備 酈英傑讚台灣是模範
https://www.rti.org.tw/news/view/id/2026346
資安防範受肯定 酈英傑讚台灣是模範
http://www.ksnews.com.tw/index.php/news/contents_page/0001281249
中資違法來台投資 涉國安、資安、惡意挖角加重罰3倍
https://ec.ltn.com.tw/article/breakingnews/2842281
H.ICS/SCADA 工控系統
工業互聯網安全是產業安全和國家安全的重要基礎和保障
https://news.sina.com.tw/article/20190628/31783728.html
關鍵基礎施設穩定運作的根基:網路安全
http://www.tvet3.info/20190701/
Medtronic召回有被駭風險的胰島素幫浦
https://www.ithome.com.tw/news/131565
可防護OT與IT網路安全,Stormshield推工控防火牆機型
https://www.ithome.com.tw/review/131546
Actiontec WEB6000Q 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15557
I.教育訓練
Splunk 攻略
https://www.weithenn.org/2019/06/splunk-journey.html
Splunk Journey (01) - 基礎架構和運作元件
https://www.weithenn.org/2019/06/splunk-part01-Component.html
Splunk Journey (02) - 建立 Splunk 運作環境
http://www.weithenn.org/2019/07/splunk-part02-splunk-enterprise-on-azure.html
Splunk Journey (03) - Data Pipeline
https://www.weithenn.org/2019/07/splunk-part03-data-pipeline.html
教你 使用 Windows 10 Sandbox 沙箱 功能,降低電腦中毒的機率
https://www.kocpc.com.tw/archives/267581
Malware Analysis Tutorial 8: PE Header and Export Table
https://www.cnblogs.com/shangdawei/p/4785494.html
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
Unfixable Seed Extraction on Trezor - A practical and reliable attack
https://ledger-donjon.github.io/Unfixable-Key-Extraction-Attack-on-Trezor/
Lair of robot sea snake: In the depths, this autonomous guardian lies ready to work
https://www.zdnet.com/article/lair-of-robot-sea-snake-in-the-depths-this-autonomous-guardian-lies-ready-to-work/#ftag=RSSbaffb68
pasta-auto/PASTA1.0: PASTA: Portable Automotive Security Testbed with Adaptability
https://github.com/pasta-auto/PASTA1.0
6.近期資安活動及研討會
香港浸會大學國際學院7月6日舉辦「升學資訊日」7/6
http://bit.ly/2X77BDq
HackingThursday 固定聚會 7/4
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/
2019 車用電子與車聯網資安種子教師研習營 7/4 ~ 7/5
http://www.kghs.kh.edu.tw/notice/11734
2019國際資訊安全組織台灣高峰會 7/9 ~ 7/11
https://csa.kktix.cc/events/2019con
Secure Summit APAC 2019 安全峰會 6 大領域提升資安水平 7/10 ~ 7/11
http://bit.ly/2WbONh5
工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
https://www.accupass.com/event/1904080311551119077841
HackingThursday 固定聚會 7/11
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/
智慧金屬與物聯網資安座談會 7/15
https://seminars.tca.org.tw/D15e02242.aspx
【資安講座】企業電子郵件資安,釣魚郵件與郵件詐騙解析、最新防護技術發展,更新大家的資安知識 7/16
https://www.techbang.com/posts/70854-lecture-corporate-email-security
HackingThursday 固定聚會 7/18
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/
資安產學高峰論壇 7/18
https://www.accupass.com/event/1906140709596176666390
資安趨勢研討會 7/18
https://www.accupass.com/event/1906110041444881410360
第12屆台盧(森堡)經濟合作會議 7/19
http://registration.cieca.org.tw/visit/?d=74
5G+IoT美麗新世界的資安挑戰與機會研討會 7/18
http://iekweb2.iek.org.tw/IEKConf/Client/confinfo.aspx?mode=confinfo&conf_no=384953433
HackingThursday 固定聚會 7/25
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/
新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站 7/26
https://ievents.iii.org.tw/eventS.aspx?t=0&id=547
2019扭轉資安營運研討會 7/26
https://www.netfos.com.tw/event/2019event/20190726netfos/20190726-NETFOS-seminar-reg.html
CDX2.0推廣活動 - 台南場次 7/26
https://nchc-cdx.kktix.cc/events/cdxactivity-0726
The Virus Bulletin Conference 2019 8/1
https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/
資安事故處理實務課程 8/7 ~ 8/8
http://bit.ly/2VW0Lv9
DEF CON 27 2019/8/8–8/11
https://www.defcon.org/
數位鑑識處理實務 8/14 ~ 8/15
http://bit.ly/2VW0Lv9
108 年度臺灣學術網路危機處理中心資安巡迴研討會 -資安趨勢暨網路安全概要 8/19 ~ 8/27
http://www.hssh.tp.edu.tw/ezfiles/1/1001/attach/42/pta_17520_7551835_06329.pdf
台灣駭客年會 HITCON Summer Training 2019 - 學生報名 2019-08-19 ~ 2019-08-22
https://www.accupass.com/event/1906050919271598677460
ᅵYahoo奇摩電商專題講座ᅵ 我們與詐騙的距離_電商不可承受的資安之重 8/21
https://www.accupass.com/event/1906120307261445013215
WEB應用滲透測試 8/21 ~ 8/23
https://www.accupass.com/event/1904080221358963463590
台灣駭客年會 HITCON Community 2019 2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8)
https://www.accupass.com/event/1906040921594609934250
數位政府高峰會 2019 8/28
https://egov.ithome.com.tw/
ModernWeb 19 8/28 ~ 8/29
https://modernweb.tw/
資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」 8/29 ~ 8/30
http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==
108年資安職能訓練-行動裝置安全(8/29-8/30)
https://cee.ksu.edu.tw/recruitinfo/1443.html
【AWS資安】Security Engineering on AWS高級課程 9/9 ~ 9/11
https://www.accupass.com/event/1905150854571147685105
CDX2.0推廣活動 - 台北場次 9/10
https://nchc-cdx.kktix.cc/events/cdxactivity-0910
Kubernetes Summit 9/11
https://summit.ithome.com.tw/kubernetes/
TANET 2019 - 臺灣網際網路研討會 9/25
https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310
HITB+ CYBER WEEK 2019/10/12 ~17
https://d2p.hitb.org/
Splunk .conf 19 10/21 ~ 10/24
https://conf.splunk.com/
AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22
https://ittraining.kktix.cc/events/aiot-training-2019
Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019
https://www.icscybersecurityconference.com
Japan Security Analyst Conference
https://jsac.jpcert.or.jp/
沒有留言:
張貼留言