2019年7月12日 星期五

資安事件新聞週報 2019/7/8 ~ 2019/7/12

資安事件新聞週報  2019/7/8  ~  2019/7/12
1.重大弱點漏洞/後門/Exploit/Zero Day
安全公告:LEN-27828 Intel PROSet/Wireless WiFi Software 漏洞
http://iknow.lenovo.com/detail/dc_183380.html
Juniper Junos OS 多個漏洞
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10938
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10940
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10942
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10946
Lodash 嚴重安全漏洞背後你不得不知道的JavaScript 知識
https://juejin.im/post/5d271332f265da1b934e2d48
Lodash庫爆出嚴重安全漏洞,波及400萬+項目
https://mp.weixin.qq.com/s/tfZq2PZylGfMjOp8h8eeTw
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
https://www.exploit-db.com/exploits/47111
知名飯店Kiosk系統漏洞讓後台資料庫憑證曝險,可致客戶資料被竊
https://ithome.com.tw/news/131809
Jira Server and Data Center Update Patches Critical Vulnerability
https://www.bleepingcomputer.com/news/security/jira-server-and-data-center-update-patches-critical-vulnerability/
JIRA Security Advisory 2019-07-10
https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html
Bad McAfee Exploit Prevention Update Blocked Windows Logins
https://www.bleepingcomputer.com/news/security/bad-mcafee-exploit-prevention-update-blocked-windows-logins/
Unable to log on to Windows systems with Endpoint Security 10.2 (or earlier) after you apply Exploit Prevention content version 9418
http://bit.ly/2JvWk7a
物理黑客上線,羅技被曝出四個硬件漏洞
https://www.tuicool.com/articles/mqQFjiR
Logitech wireless USB dongles vulnerable to new hijacking flaws
https://www.zdnet.com/article/logitech-wireless-usb-dongles-vulnerable-to-new-hijacking-flaws/#ftag=RSSbaffb68
傳 PSN 現安全漏洞 黑客盜用玩家信用卡
https://unwire.hk/2019/07/04/psn-security/tech-secure/
小心被盜刷!PlayStation Network 爆發信用卡漏洞
https://www.inside.com.tw/article/16833-Security-Flaw-Allows-Hackers-To-Access-PSN-Accounts-Credit-Card-Info
火狐瀏覽器被發現某個存在17年的漏洞可竊取用戶本地存儲的文件
https://www.landiannews.com/archives/60168.html
中國大陸國家工業信息安全漏洞庫上線
https://news.sina.com.tw/article/20190708/31885498.html
Zoom Mac版安全漏洞曝光:可以讓網站劫持Mac攝像頭
https://news.sina.com.tw/article/20190709/31904184.html
Apple macOS Sierra IOFireWireFamily組件信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7608
Apple發出更新,主動移除Mac中的Zoom本地主機網頁伺服器
https://www.ithome.com.tw/news/131792
Apple Issues Silent Update to Remove Old Zoom Software
https://www.bankinfosecurity.com/apple-issues-silent-update-to-remove-old-zoom-software-a-12767
VMware 多個產品發布新的安全更新
https://www.us-cert.gov/ncas/current-activity/2019/07/02/vmware-releases-security-advisory-multiple-products
VMWare vSphere ESXi 阻斷服務漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0011.html
思科產品阻斷服務漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190710-asa-ftd-dos
Cisco 多個產品存在安全性弱點
https://www.us-cert.gov/ncas/current-activity/2019/07/03/cisco-releases-security-updates-multiple-products
Cisco delivers Patch Tuesday warmup with bundle of 18 bug fixes
https://www.theregister.co.uk/2019/07/05/cisco_patch_fix/
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution
https://www.exploit-db.com/exploits/47112
Symantec Endpoint Encryption Privilege Escalation
https://support.symantec.com/us/en/article.SYMSA1485.html
Symantec DLP 15.5 MP1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/47071
更新前先等等!微軟承認 Windows 10 五月更新有 VPN 網路瑕疵
https://3c.ltn.com.tw/news/37319
Microsoft Exchange 2003 base64-MIME Remote Code Execution
https://packetstormsecurity.com/files/153533/msexchange2003-exec.txt
The Windows 10 misinformation machine fires up again
https://www.zdnet.com/article/the-windows-10-misinformation-machine-fires-up-again/#ftag=RSSbaffb68
Microsoft July 2019 Patch Tuesday fixes zero-day exploited by Russian hackers
https://www.zdnet.com/article/microsoft-july-2019-patch-tuesday-fixes-zero-day-exploited-by-russian-hackers/#ftag=RSSbaffb68
Windows 10 KB4507453 Cumulative Update Causes Restart Alert Loop
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4507453-cumulative-update-causes-restart-alert-loop/
在Microsoft Visual Studio 2010 Service Pack 1 信息洩露漏洞的安全更新的說明: 2019 7 月9日
https://support.microsoft.com/zh-cn/help/4506161/security-update-for-information-disclosure-vulnerability-in-vs-2010
微軟發佈07月份安全性公告
https://support.microsoft.com/en-us/help/20190709/security-update-deployment-information-july-9-2019
July’s Patch Tuesday Fixes Critical Flaws in Microsoft Edge and Internet Explorer, Including Windows DHCP Server
https://blog.trendmicro.com/trendlabs-security-intelligence/julys-patch-tuesday-fixes-critical-flaws-in-microsoft-edge-and-internet-explorer-including-windows-dhcp-server/
Windows Zero-Day Used by Buhtrap Group For Cyber-Espionage
https://www.bleepingcomputer.com/news/security/windows-zero-day-used-by-buhtrap-group-for-cyber-espionage/
Debian 10 'Buster' Linux arrives
https://www.zdnet.com/article/debian-10-buster-linux-arrives/#ftag=RSSbaffb68
最新Redis未授權訪問漏洞,該如何守護Redis安全
http://news.51cto.com/art/201907/599444.htm
ibm -- db2  CVE-2019-4057
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-4057
ibm -- db2  CVE-2019-4154
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-4154
ibm -- db2  CVE-2019-4322
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-4322
netapp -- clustered_data_ontap CVE-2019-5497
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5497
nginx -- njs CVE-2019-13067
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13067
synology -- calendar CVE-2019-11829
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11829
synology -- photo_station CVE-2019-11821
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11821
CVE-2019-13142:雷蛇影音軟件(Razer Surround)的權限提升漏洞
https://nosec.org/home/detail/2758.html
Adobe tackles vulnerabilities in Dreamweaver, Experience Manager, Bridge
https://www.zdnet.com/article/adobe-tackles-vulnerabilities-in-dreamweaver-experience-manager-bridge-cc/#ftag=RSSbaffb68
Intel Patches High-Severity Flaw in Processor Diagnostic Tool
https://threatpost.com/intel-patches-high-severity-flaw-in-processor-diagnostic-tool/146352/
Intel 發布新的安全更新
https://www.us-cert.gov/ncas/current-activity/2019/07/09/intel-releases-security-updates
Mozilla 已發布安全更新
https://www.us-cert.gov/ncas/current-activity/2019/07/09/mozilla-releases-security-updates-firefox-and-firefox-esr
Juniper updates its multi-cloud container platform Juke
https://www.zdnet.com/article/juniper-updates-its-multi-cloud-container-platform-juke/#ftag=RSSbaffb68
Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)
https://www.exploit-db.com/exploits/47073
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
香港銀行公會:環聯須提交獨立報告 恢復服務前要作詳解
https://hk.on.cc/hk/bkn/cnt/finance/20190705/bkn-20190705201332275-0705_00842_001.html
「Visa QR Code掃碼支付平台」服務上線,手機就能繳費
https://www.chinatimes.com/realtimenews/20190705001599-260410?chdtv
元大銀 進軍外幣ATM提匯業務
http://bit.ly/2S6pbln
銀聯卡全球發行逾75億張可在174個國家地區使用
https://money.udn.com/money/story/5605/3910855
日本電通成立資訊銀行 鼓勵消費者分享數據
https://money.udn.com/money/story/5602/3910763
盧希鵬:純網銀有3件傳統銀行做不到的優勢,數據、利他、弱連結生態系
https://www.ithome.com.tw/news/131709
東歐假卡集團ATM撳錢作案 骨幹成員被捕
https://hk.on.cc/hk/bkn/cnt/news/20190708/bkn-20190708114803488-0708_00822_001.html
陸客不來不怕,東協旅客來台消費 EMV 通用條碼支付漸漸增加
https://technews.tw/2019/07/09/luke-not-here-is-not-a-problem-south-east-asia-tourists-shop-in-taiwan-by-using-emv-qr-code-is-increasing/
Visa在台推EMV掃碼支付 串聯10大電子錢包
https://www.chinatimes.com/realtimenews/20190709003140-260410?chdtv
開放銀行大勢所趨 完善安全措施降低風險
https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/9F6D22BB76F54B70A83E612B7306259A
林坤正:傳統銀行數位轉型的大難題
https://www.wealth.com.tw/home/articles/21402
臺灣開放銀行大進展!首版Open API標準出爐,2大準則5項安控13家銀行先支援
https://www.ithome.com.tw/news/131648
銀行戰純網銀 央行下指導棋
https://money.udn.com/money/story/5613/3922001
英國張手迎接「數位銀行」
http://bit.ly/2XAK7Xw
中國大陸央行公佈第七批支付牌照續展結果:17家順利通過
https://news.sina.com.tw/article/20190710/31919242.html
客戶資料不再獨享…3階段「開放銀行」 下月啟動
https://udn.com/news/story/11316/3888637
英推開放銀行規範 來台探路
http://bit.ly/2XRGE6l
香港金管局要求管理信用卡業務風險
http://bit.ly/2XA83p2
網貸機構備案沒有時間表 個別地方明確不發展P2P
https://news.sina.com.tw/article/20190709/31896416.html
P2P頻爆雷 受害者聲明退出中共
http://bit.ly/2XWkQGu
國銀分行連5年減少 ATM台數資安人才需求增加
https://money.udn.com/money/story/5613/3923704
證券超業小心囉!客戶下單5分鐘內嚴禁跟單
https://ec.ltn.com.tw/article/breakingnews/2850373
German banks are moving away from SMS one-time passcodes
https://www.zdnet.com/article/german-banks-are-moving-away-from-sms-one-time-passcodes/#ftag=RSSbaffb68
Cyber Attacks Biggest Threat to Financial Sector
https://www.infosecurity-magazine.com/news/cyber-attacks-biggest-threat/
Only three global banks given top website security score by ImmuniWeb
https://www.zdnet.com/article/only-three-global-banks-given-top-website-security-score-by-immuniweb/
State of Application Security at S&P Global World's 100 Largest Banks
https://www.immuniweb.com/blog/SP-100-banks-application-security.html
Synthetic identity theft is the fastest-growing financial crime in the U.S.
https://www.cyberscoop.com/synthetic-identity-theft-stolen-fake-data/
Synthetic Identity Fraud in the U.S. Payment System
https://fedpaymentsimprovement.org/wp-content/uploads/frs-synthetic-identity-payments-fraud-white-paper-july-2019.pdf
3.電子支付/電子票證/行動支付/ pay/新聞及資安
日本7-Eleven手機支付新app被駭,近900名用戶損失5500萬日幣
https://times.hinet.net/news/22448660
日本「7Pay」出師不利 上線即遭嚴重盜刷
https://news.tvbs.com.tw/focus/1161283
日本7-11的資安風暴:超商電子支付「7pay」盜用風波
https://global.udn.com/global_vision/story/8662/3911089
日7-11手機支付軟體疑遭犯罪盜用 日逮捕2名陸嫌
https://www.chinatimes.com/realtimenews/20190705001440-260408?chdtv
密碼重設功能不嚴謹,缺乏驗證,日本7Pay用戶遭竄改密碼並盜刷
https://www.ithome.com.tw/news/131715
密碼重設功能不嚴謹,缺乏驗證,日本7Pay App用戶遭竄改密碼並盜刷
https://www.ithome.com.tw/news/131715
從日本7pay遭駭,看行動支付的資安風險
https://news.tvbs.com.tw/politics/1162387
日本7-11手機支付盜刷背後有中國團夥影子
https://zh.cn.nikkei.com/politicsaeconomy/politicsasociety/36386-2019-07-11-05-00-30.html
日本7-11推行動支付APP「7pay」 駭客竊取900人個資花光1600萬
https://news.sina.com.tw/article/20190708/31891034.html
日超商推手機支付,全家比 7-11 強在兩步驟驗證
https://technews.tw/2019/07/08/famipay-stronger-than-7pay/
日本7-11手機支付遭盜刷 日本政府要求做到這件事
https://ec.ltn.com.tw/article/breakingnews/2848446
7Pay 剛上線就被盜刷 1581 萬台幣,為什麼全家 FamiPay 沒事
https://buzzorange.com/techorange/2019/07/08/711-familymart-7pay-famipay-tokoyo-japan/
數百名用戶遭駭客竊取5,000多萬日圓 日本7-11停用手機支付App
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000564028_2m1lktxu39oun97mgwlod
印度法院稱PayPal在當地涉嫌非法運營 或被叫停
https://news.sina.com.tw/article/20190705/31870396.html
日本7-11推行動支付APP「7pay」 駭客竊取900人個資花光1600萬
https://cnews.com.tw/140190708a02/
「7-11APP」有漏洞 屏蔽外部帳號登錄
https://zh.cn.nikkei.com/industry/tradingretail/36433-2019-07-12-10-37-06.html
陸Q1網路支付達58兆人幣 支付寶位居寶座
https://www.chinatimes.com/realtimenews/20190704003692-260410?chdtv
第三方支付平台須加強對第四方支付平台監管
https://news.sina.com.tw/article/20190705/31859902.html
台水、台電合作 推動行動支付服務
http://bit.ly/30acFUo
看好掃碼支付 Visa QR Code首波合作10家銀行今上線
https://news.cnyes.com/news/id/4354008
VISA支付安全路綫藍圖 代碼取代信用卡帳號
http://bit.ly/2N91hXf
新加坡「支付寶」時代要來臨了!媽媽再也不用擔心我忘帶錢包了
http://www.orgs.one/show/739002
【電子支付】法國央行建議 建立泛歐支付系統
http://bit.ly/2xIyO04
使用電子支付更方便了 金管會開放五大措施
https://udn.com/news/story/7239/3902836
提升電子支付便利性 金管會祭3大修正重點
https://money.udn.com/money/story/5613/3903223
與星巴克、微軟合作,Bakkt被爆將推加密支付APP
http://news.knowing.asia/news/a17fd6a8-f13f-40a3-90b7-244ebad0c3e8
4.虛擬貨幣/區塊鍊   新聞及資安
在真正重構傳統金融體系之前,Libra得先解決監管難題
http://news.knowing.asia/news/de731887-8998-4837-8d2c-3db35bc50abb
Libra回應國會:接受反洗錢監督和政府監管(全文)
https://news.sina.com.tw/article/20190710/31919732.html
區塊鏈、資安 下一代數位科技
http://bit.ly/2xJXjKl
從 Libra 的誕生看網路支付工具的演進與區塊鏈代幣的未來
https://www.inside.com.tw/article/16706-Libra-and-the-future-of-blockchain
證券型代幣(STO)規範的開端!上路前的STO規範總體檢報名開跑
http://bit.ly/2XqQWGj
STO為台灣帶來新活力
https://www.gvm.com.tw/article.html?id=66948
全球首創訂 STO 專門規範,金管會法規 10 月出爐
https://finance.technews.tw/2019/06/28/sto-specification-taiwan-october/
Monero(XMR):披露了九個安全漏洞,一個暴露的加密貨幣交易所到盜竊
https://0xzx.com/201907052153155348.html
關於 Edgeware 鎖倉合約的拒絕服務漏洞
https://www.tuoluocaijing.com.tw/article/detail-50076.html
歐洲央行執行董事:金融監管機構需對Libra迅速採取行動
http://news.knowing.asia/news/39aac84f-5cbc-4ad3-a774-1e1e115a437d
資誠:虛擬貨幣平台,須符法遵
https://reurl.cc/G0Z1y
MUB美人幣將在區塊鏈資產交易平臺MBAEX交易所開放交易
http://n.yam.com/Article/20190708275028
區塊鏈技術在智慧城市之應用
http://sa.ylib.com/MagArticle.aspx?Unit=webonly&id=4422
門羅幣XMR被發現數個安全漏洞,目前多數已被修復
http://bit.ly/30n9etE
區塊鏈產業趨勢下一波~不得不被重視的加密貨幣資產託管潮
https://cnews.com.tw/152190709a01/
加密幣經紀業 SEC擬鬆綁
https://money.udn.com/money/story/5599/3919682
Electroneum重大升級使ETN成為全球最安全的去中心化和環境友善型加密貨幣,並將區塊獎勵降低75%
http://www.businesswirechina.com/hk/news/41074.html
中國是否會開始著手開發微信加密貨幣呢
http://news.knowing.asia/news/66a138ac-d6bc-4b50-b649-5fe78f53d3b8
Libra圖謀全球化貨幣 周小川談人民幣應對挑戰
https://news.sina.com.tw/article/20190711/31925080.html
謝平:如果10億人使用Libra 將會是區塊鏈的大普及
https://news.sina.com.tw/article/20190710/31915700.html
羅玫:區塊鏈應用需要技術和產業的復合型人才
https://news.sina.com.tw/article/20190701/31813486.html
臉書幣若涉儲值、跨境匯兌 須金管會核准
https://udn.com/news/story/11316/3885935
Huffpost深度分析臉書Libra:一個發行偽貨幣的笑話
https://news.sina.com.tw/article/20190622/31716626.html
與FATF新規定有關?韓國銀行加強對加密貨幣匿名交易的監控
http://news.knowing.asia/news/cd59a16b-ae79-413b-86b0-dd48ec150696
POSCMS交易所繫統存在多個高危漏洞平台資金存在被竊風險
http://www.lingchenliang.com/post/57638.html
日本交易所BITPoint證實因駭客攻擊損失35億日元!BITPoint Taiwan客戶不受此事件影響
http://bit.ly/2LjiBr0
比特幣 ATM 或暴露了歐盟洗錢條例的漏洞
http://bit.ly/30tjWyX
Bitcoin ATMs Show Gap in EU’s Money Laundering Rules, Police Say
https://www.bloomberg.com/news/articles/2019-07-11/bitcoin-atms-show-gap-in-eu-s-money-laundering-rules-police-say
Facebook’s Libra cryptocurrency project branded of ‘serious concern’ by Federal Reserve
https://www.zdnet.com/article/facebooks-libra-cryptocurrency-project-branded-a-serious-concern-by-federal-reserve/#ftag=RSSbaffb68
Bitcoin eats as much energy as Switzerland
https://nakedsecurity.sophos.com/2019/07/05/bitcoin-eats-as-much-energy-as-switzerland/
Bitcoin Scammers Go Public With Tesco Twitter Hacking
https://www.pandasecurity.com/mediacenter/social-media/tesco-twitter-hacking/
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
惡意垃圾郵件利用 ISO 映像檔散佈夾帶兩隻木馬的假發票
https://blog.trendmicro.com.tw/?p=61108
駭客利用偽造的eFax文件遞送惡意程式
https://ithome.com.tw/news/131757
微軟警告竊密程式Astaroth來襲,攻擊過程完全使用合法工具
https://www.ithome.com.tw/news/131742
殭屍病毒GoBotKR鎖定韓劇迷
https://ithome.com.tw/news/131756
維加斯若遭駭 市長將不會付駭客贖金
https://www.lvcnn.com/news.php?id=27176
資安業者揭露有勒索軟體鎖定威聯通的NAS裝置展開攻擊
https://www.ithome.com.tw/news/131800
QNAP NAS遭勒索軟體盯上,Arm、x86處理器產品皆中鏢
https://www.techbang.com/posts/71485-qnap-nas-targeted-by-ransomware-virus-arm-x86-processor-products-are-all-dart
2,500萬支Android手機感染Agent Smith惡意程式
https://www.ithome.com.tw/news/131794
僵屍網路(Botnet)攻擊布署,由 Windows 轉向 Linux 與 IoT 設備
https://blog.twnic.net.tw/2019/07/11/4222/
Pale Moon檔案伺服器遭駭客下毒
https://www.ithome.com.tw/news/131797
ATM 意軟體在地下市場出售
https://blog.trendmicro.com.tw/
Data breach post-mortem
https://forum.palemoon.org/viewtopic.php?f=17&t=22526
A New Ransomware Is Targeting Network Attached Storage (NAS) Devices
https://thehackernews.com/2019/07/ransomware-nas-devices.html
New Malware Replaced Legit Android Apps With Fake Ones On 25 Million Devices
https://thehackernews.com/2019/07/whatsapp-android-malware.html
Pale Moon says hackers added malware to older browser versions
https://www.zdnet.com/article/pale-moon-says-hackers-added-malware-to-older-browser-versions/#ftag=RSSbaffb68
Trickbot Trojan Gets IcedID Proxy Module to Steal Banking Info
https://www.bleepingcomputer.com/news/security/trickbot-trojan-gets-icedid-proxy-module-to-steal-banking-info/
New Android malware replaces legitimate apps with ad-infested doppelgangers
https://www.zdnet.com/article/new-android-malware-replaces-legitimate-apps-with-ad-infested-doppelgangers/#ftag=RSSbaffb68
Iran-Linked Malware Shared by USCYBERCOM First Seen in December 2016: Kaspersky
https://www.securityweek.com/iran-linked-malware-shared-uscybercom-first-seen-december-2016-kaspersky
A Quick and Efficient Method For Locating the main() function of Linux ELF Malware Variants
http://bit.ly/2XmJtrC
US Coast Guard warns about malware designed to disrupt ships' computer systems
https://www.zdnet.com/article/us-coast-guard-warns-about-malware-designed-to-disrupt-ships-computer-systems/#ftag=RSSbaffb68
Two US cities opt to pay $1m to ransomware operators
https://www.welivesecurity.com/2019/06/26/cities-pay-ransom-ransomware-operators/
Crimeware for Sale:The Commoditization of ATM Malware in the Cybercriminal Underground
http://bit.ly/323csnQ
Golang-based Spreader Used in a Cryptocurrency-Mining Malware Campaign
http://bit.ly/2Xr9G8o
ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit
http://bit.ly/2JhMLZD
RATs and stealers rush through “Heaven’s Gate” with new loader
https://blog.talosintelligence.com/2019/07/rats-and-stealers-rush-through-heavens.html
Malicious Script With Multiple Payloads
https://isc.sans.edu/diary/Malicious+Script+With+Multiple+Payloads/25090
Maldoc: Payloads in User Forms
https://isc.sans.edu/diary/Maldoc%3A+Payloads+in+User+Forms/25084
Steer clear of Bitcoin Cash generators
https://blog.malwarebytes.com/crypto/2019/07/steer-clear-of-bitcoin-cash-generators/
Helping survivors of domestic abuse: What to do when you find stalkerware
https://blog.malwarebytes.com/stalkerware/2019/07/helping-survivors-of-domestic-abuse-what-to-do-when-you-find-stalkerware/
Crimeware for Sale:The Commoditization of ATM Malware in the Cybercriminal Underground
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/crimeware-for-sale-the-commoditization-of-atm-malware-in-the-cybercriminal-underground
UK's largest police forensics lab paid ransom demand to recover locked data
https://www.zdnet.com/article/uks-largest-police-forensics-lab-paid-ransom-demand-to-recover-locked-data/#ftag=RSSbaffb68
Inter: Skimmer For All
https://www.fortinet.com/blog/threat-research/inter-skimmer-for-all.html
2019-07-05 - QUICK POST: URSNIF INFECTION WITH TRICKBOT
https://www.malware-traffic-analysis.net/2019/07/05/index.html
BianLian Android Banking Malware is Back with Screen Recording and SSH Server Capabilities
https://gbhackers.com/bianlian-android-banking-malware/
Ransomware found exploiting former Windows flaw
https://www.ehackingnews.com/2019/07/ransomware-found-exploiting-former.html
More AgentTesla keylogger info-stealer campaigns hitting UK
https://myonlinesecurity.co.uk/more-agenttesla-keylogger-info-stealer-campaigns-hitting-uk/
The world's most famous and dangerous APT (state-developed) malware
https://www.zdnet.com/pictures/the-worlds-most-famous-and-dangerous-apt-state-developed-malware/#ftag=RSSbaffb68
Microsoft warns about Astaroth malware campaign
https://www.zdnet.com/article/microsoft-warns-about-astaroth-malware-campaign/#ftag=RSSbaffb68
Watch Out! Microsoft Spotted Spike in Astaroth Fileless Malware Attacks
https://thehackernews.com/2019/07/astaroth-fileless-malware.html
Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack
https://www.microsoft.com/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
Backdoor found in Ruby library for checking for strong passwords
https://www.zdnet.com/article/backdoor-found-in-ruby-library-for-checking-for-strong-passwords/#ftag=RSSbaffb68
Malicious campaign targets South Korean users with backdoor-laced torrents
https://www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/
Anubis Android Malware Returns with Over 17,000 Samples
https://blog.trendmicro.com/trendlabs-security-intelligence/anubis-android-malware-returns-with-over-17000-samples/
Fake eFax emails are now spreading Dridex Trojan, RMS RAT
https://www.zdnet.com/article/fake-efax-emails-are-now-spreading-dridex-trojan-rms-rat/#ftag=RSSbaffb68
Double Duty: Dridex Banking Malware Delivered with RMS RAT
https://cofense.com/double-duty-dridex-banking-malware-delivered-rms-rat/
2019-07-08 - QUICK POST: URSNIF INFECTION WITH DRIDEX AND POWERSHELL EMPIRE
https://www.malware-traffic-analysis.net/2019/07/08/index.html
2019-07-08 - QUICK POST: RIG EK SENDS AMADEY
https://www.malware-traffic-analysis.net/2019/07/08/index2.html
Anubis Android banking malware returns with extensive financial app hit list
https://www.zdnet.com/article/anubis-android-banking-malware-returns-with-a-bang/#ftag=RSSbaffb68
Anubis Android Malware Returns with Over 17,000 Samples
https://blog.trendmicro.com/trendlabs-security-intelligence/anubis-android-malware-returns-with-over-17000-samples/
Where Will Ransomware Go In The Second Half Of 2019
https://blog.trendmicro.com/where-will-ransomware-go-in-the-second-half-of-2019/
New versions of FinFisher mobile spyware discovered in Myanmar
https://www.zdnet.com/article/new-versions-of-finfisher-mobile-spyware-discovered-in-myanmar/#ftag=RSSbaffb68
New FinSpy iOS and Android implants revealed ITW
https://securelist.com/new-finspy-ios-and-android-implants-revealed-itw/91685/
eCh0raix — New Ransomware Targets QNAP NAS Devices
https://thehackernews.com/2019/07/ransomware-nas-devices.html
New Miori Variant Uses Unique Protocol to Communicate with C&C
https://blog.trendmicro.com/trendlabs-security-intelligence/new-miori-variant-uses-unique-protocol-to-communicate-with-cc/
Remote access — for a scammer
https://www.kaspersky.com/blog/remote-access-scams/27552/
Sodin ransomware enters through MSPs
https://www.kaspersky.com/blog/sodin-msp-ransomware/27530/
New Malware Replaced Legit Android Apps With Fake Ones On 25 Million Devices
https://thehackernews.com/2019/07/whatsapp-android-malware.html
Cybersecurity: Malware lingers in SMBs for an average of 800 days before discovery
https://www.techrepublic.com/article/cybersecurity-malware-lingers-in-smbs-for-an-average-of-800-days-before-discovery/
Wannacry ransomware attack: Industry experts offer their tips for prevention
https://www.techrepublic.com/article/wannacry-ransomware-attack-industry-experts-offer-their-tips-for-prevention/
Agent Smith Android Malware Downloaded 25m+ Times
https://www.infosecurity-magazine.com/news/agent-smith-android-malware/
New eCh0raix Ransomware Brute-Forces QNAP NAS Devices
https://www.bleepingcomputer.com/news/security/new-ech0raix-ransomware-brute-forces-qnap-nas-devices/
US mayors group adopts resolution not to pay any more ransoms to hackers
https://www.zdnet.com/article/us-mayors-group-adopts-resolution-not-to-pay-any-more-ransoms-to-hackers/#ftag=RSSbaffb68
This new ransomware is targeting network attached storage devices
https://www.zdnet.com/google-amp/article/this-new-ransomware-is-targeting-network-attached-storage-devices/
Trickbot Trojan Gets 'BokBot' Proxy Module to Steal Banking Info.
https://www.ehackingnews.com/2019/07/trickbot-trojan-gets-bokbot-proxy.html
Trickbot gets custom proxy module from IcedID banking trojan| Cyware Hacker News
https://cybersecurityboard.com/trickbot-gets-custom-proxy-module-from-icedid-banking-trojan-cyware-hacker-news
B.行動安全 / iPhone / Android /穿戴裝置 /App
警告!「三星更新」是詐騙 APP,千萬別從 Google Play 下載
https://m.eprice.com.tw/mobile/talk/4523/5366299/1/
公共Wi-Fi暗藏危機 出國旅遊連網務必注意
http://bit.ly/2NIYZOW
駭客利用三星免費固件程式騙錢,安裝量超1000萬
http://bit.ly/2NQWqdY
Google Play 出現冒充 Samsung 更新軟件!逾千萬用戶中招
http://bit.ly/32dC2a1
趨勢科技預警182個免費App夾帶惱人廣告 百萬用戶中箭
https://www.chinatimes.com/realtimenews/20190705003637-260412?chdtv
安卓粉注意!上百款免費應用程式暗藏「進化版」惡意廣告,個資恐遭竊取
https://3c.ltn.com.tw/news/37301
用戶拒授權無用!逾千Android程式 繞後門存取用戶資料
http://www.limedia.tw/tech/7084/
谷歌挖出iMessage新漏洞運行舊系統的iPhone只能重置修復
http://bit.ly/32ak885
華為作業系統易被駭「鴻蒙」遭檢出多項漏洞
https://news.cnyes.com/news/id/4353528
華為作業系統「鴻蒙」 遭義大利網路資安公司點出多項漏洞
https://www.ettoday.net/news/20190709/1485715.htm
鴻蒙作業系統還未推出,資訊安全公司就發現 3 個危險漏洞
https://technews.tw/2019/07/09/huawei-os-information-security/
如何辨識手機內假應用程式?安裝應用程式前後須留意的事項
https://blog.trendmicro.com.tw/?p=61015
Swascan scopre criticità anche su Huawei
https://www.swascan.com/it/huawei-2/
新青年社交APP伴伴存在源代碼洩露漏洞[T00ls-2019-00073]
https://www.t00ls.net/Vuls-T00ls-2019-00073.html
市議員批台中購物節APP漏洞百出 市府:將儘速調整
https://www.chinatimes.com/realtimenews/20190710003631-260405?chdtv
台中購物節開跑 議員:APP漏洞百出 恐洩個資
https://udn.com/news/story/7325/3921759?from=udn-catebreaknews_ch2
港人「空投」傳訊息 突破中共防火牆
http://bit.ly/2xDLViT
信用卡智能還款App暗藏風險專家:套現本身違法違規
http://www.sohu.com/a/326074773_362042?scm=0.0.0.0
中國公司暗黑行動潛入手機 App 清單,掉包 App 賺取廣告費
https://technews.tw/2019/07/11/china-company-seek-into-app-list-on-phone-and-switching-app-for-ad-profit/
有竊聽疑慮,蘋果暫停 Apple Watch 對講機 App 服務
https://www.eprice.com.tw/mobile/talk/4503/5369977/1/
下載逾五萬次的Android遊戲,暗中竊取 Facebook 和 Google 登入憑證
https://blog.trendmicro.com.tw/?p=61146
如何辨識手機內假應用程式?安裝 APP 前後須留意的事項
https://blog.trendmicro.com.tw/?p=61015
These are the sneaky new ways that Android apps are tracking you
https://www.fastcompany.com/90372033/these-are-the-sneaky-new-ways-that-android-apps-are-tracking-you
50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System
https://www.ftc.gov/system/files/documents/public_events/1415032/privacycon2019_serge_egelman.pdf
Adware Campaign Identified From 182 Game and Camera Apps on Google Play and Third-Party Stores Like 9Apps
http://bit.ly/30ii24i
Symantec Mobile Threat Defense: A Snapshot of Mobile Security Incidents in Q2 2019
https://www.symantec.com/blogs/product-insights/symantec-mobile-threat-defense-snapshot-mobile-security-incidents-q2-2019
Over 150 Fake Jio Android Apps Offer Free Data but Deliver Only Ads
https://www.symantec.com/blogs/threat-intelligence/malicious-android-apps-india-jio
How to update apps on your smartphone
https://www.kaspersky.com/blog/how-to-update-ios-android-apps/27541/
Samsung Galaxy S10 update is causing huge problems for some users
https://www.zdnet.com/article/samsung-galaxy-s10-update-is-causing-huge-problems-for-some-users/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
領略 WCTF 2019 | 各國駭客豪情碰撞,「網路安全世界大戰」一觸即發
http://bit.ly/2Xp6Y3r
【HITCON CMT 2019 售票】票價變更通知
https://blog.hitcon.org/2019/07/hitcon-2019-cmt-regedit.html?m=1
2019年7月8日午,某駭客攻克小付钱包信息管理平台-内蒙古
http://www.fangongheike.com/2019/07/201978.html
谷歌、臉書乖乖把錢匯入「他的」帳戶 >>東歐駭客「代收」廣達38億驚奇
http://bit.ly/2LgXzcw
糗!美國四名高中生因自動 Wifi 登入,惡意噴漆被抓包
https://www.inside.com.tw/article/16874-police-get-mischief-students-via-free-wifi
東歐駭客「代收」廣達38億驚奇
https://magazine.chinatimes.com/wealth/20190711002883-300205
藉電訊取用電腦罪 IT業憂變「萬能Key」
http://bit.ly/2LdmVI9
2018年網攻猖獗 全球損失逾1.4兆
https://summit.rti.org.tw/news/view/id/2026884
全球3成VPN業者被中資掌控 網民翻牆恐被監控
https://www.cna.com.tw/news/acn/201907090332.aspx
調查指出:世界百大 VPN 中,29 項為六家中國公司所持有
https://www.inside.com.tw/article/16840-Top-VPNs-secretly-owned-by-Chinese-firms
別挑錯!翻牆未必安全 全球主要VPN公司近3成在中國
https://news.ltn.com.tw/news/world/breakingnews/2846658
Ubuntu Linux發行商Canonical的官方GitHub帳號被駭
https://www.ithome.com.tw/news/131721
Firefox拒絕信任安全廠商DarkMatter發的憑證,理由是該公司協助政府監控民眾
https://www.ithome.com.tw/news/131770
駭死妳! 宅男竊女網友性愛照恐嚇50萬元
https://www.chinatimes.com/realtimenews/20190708001664-260402?chdtv
駭客追女網友被打槍 竟駭入雲端竊取性愛影片勒索50萬元
https://news.ltn.com.tw/news/society/breakingnews/2846066
中駭客連你電話都聽?他呼叫電信公司
https://reurl.cc/4VZ4K
大家都還好嗎?林昶佐憂中國駭客入侵電信公司情資
https://newtalk.tw/news/view/2019-07-08/269761
闇黑部隊入侵 無聲的國安危機
https://www.wealth.com.tw/home/articles/21383
台灣部隊 靠「駭客學」挺進世界杯
https://www.wealth.com.tw/home/articles/21385
防範藏在細節的闇黑部隊 員工是最重要的防火牆
https://www.wealth.com.tw/home/articles/21386
不甩美國警告 阿根廷接受中國公司安裝監控設備
https://news.ltn.com.tw/news/world/breakingnews/2845602
中製無人機 美國會要軍方禁購
https://ec.ltn.com.tw/article/paper/1301626
最高219年徒刑!台裔教授涉嫌盜取美國晶片轉賣中國
https://n.yam.com/Article/20190708418453
英國智庫起底!百名華為員工有軍方背景
https://www.ustv.com.tw/UstvMedia/news/109/20190708A128
華為「紅色」員工 證實與攻擊西方企業駭客和間諜掛勾
https://news.ltn.com.tw/news/world/breakingnews/2846864
美網安公司再揭華為:漏洞遍及整個產品線
https://www.ntdtv.com/b5/2019/07/08/a102617683.html
川普只是口頭放過華為?美司法部要求法院駁回華為控告美政府訴訟案
https://www.cmmedia.com.tw/home/articles/16390
美反間諜官員﹕華為5G反映中共野心
http://bit.ly/2RZYONI
華為駐外代表前妻 揭華為與中共政府關係
http://www.epochtimes.com/b5/19/6/24/n11343615.htm
因應華為間諜風險 歐盟年底前將採取集體措施
https://ec.ltn.com.tw/article/breakingnews/2849859
加拿大國會議員被警告:不要使用微信
http://www.secretchina.com/news/b5/2019/07/09/899703.html?code=b5
美國會瞄準中國製無人機 擬禁軍方購買
https://ec.ltn.com.tw/article/breakingnews/2845216
巴西成為國際駭客攻擊的目標
http://bit.ly/2XtaFoN
還以顏色?伊朗疑似升高對美網攻
https://www.ydn.com.tw/News/343122
德國工業區網速慢 經濟被「拖後腿」
http://bit.ly/2YCuxHm
防洩密 印度陸軍禁加入社群平台大型群組
https://www.cna.com.tw/news/aopl/201907090129.aspx
「敵國」圖分裂友邦 英外相令徹查密電洩露案
https://udn.com/news/story/6809/3918505
美國網路犯罪手段猖獗 各地政府損失逾1.4兆
http://bit.ly/2YM3Dg2
大疆無人機 罕見通過美審核
https://www.chinatimes.com/newspapers/20190711000100-260309?chdtv
葡國駭客揚言為公義 要搞死C朗
https://hk.on.cc/hk/bkn/cnt/sport/20190707/bkn-20190707110255519-0707_00882_001.html
美軍「網路旗」演習 強化網戰攻防
https://www.ydn.com.tw/News/343688
JPL探測火星資料遭駭 一年後才發現
https://udn.com/news/story/6812/3889560
網攻猖獗 全球2018年損失逾1.4兆
http://www.ksnews.com.tw/index.php/news/contents_page/0001282780
上萬億美元!這就是網路攻擊惹的禍
https://news.sina.com.tw/article/20190701/31815902.html
想癱瘓飛彈系統 美網攻伊朗失敗
https://udn.com/news/story/11314/3890732
美國網戰司令部發布警告,指有網軍透過 Outlook 老舊漏洞進行駭侵
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=888
伊朗暗示若美國解除制裁 願意協商新的讓步措施
https://udn.com/news/story/6811/3890416
避免台灣人被中國信用評分 先從禁用中國監控系統開始
https://talk.ltn.com.tw/article/breakingnews/2850480
Magento Killer
https://blog.sucuri.net/2019/07/magento-killer.html
Hackers breach Canonical GitHub account, create repositories, leave source code untouched
http://bit.ly/2G9FJnI
Wipe Away the Threat of Wiper Attacks
https://www.bankinfosecurity.com/wipe-away-threat-wiper-attacks-a-12727
NHS warned to act now to keep hackers at bay
https://www.welivesecurity.com/2019/07/03/nhs-warning-avoid-wannacryptor/
Pentagon losing recruiting battle for cybersecurity expertise
https://www.stripes.com/news/us/pentagon-losing-recruiting-battle-for-cybersecurity-expertise-1.589708
OpenPGP experts targeted by long-feared ‘poisoning’ attack
https://nakedsecurity.sophos.com/2019/07/05/openpgp-experts-targeted-by-long-feared-poisoning-attack/
Canonical GitHub account hacked, Ubuntu source code safe
https://www.zdnet.com/article/canonical-github-account-hacked-ubuntu-source-code-safe/#ftag=RSSbaffb68
Croatian government targeted by mysterious hackers
https://www.zdnet.com/article/croatian-government-targeted-by-mysterious-hackers/#ftag=RSSbaffb68
Ubuntu-Maker Canonical’s GitHub Account Gets Hacked
https://thehackernews.com/2019/07/canonical-ubuntu-github-hacked.html
Brazilians report lack of cybersecurity skills
https://www.zdnet.com/article/brazilians-report-lack-of-cybersecurity-skills/#ftag=RSSbaffb68
Dropbox: Fedora installation instructions fetch repo and validation key from insecure source, allowing mitm attack
https://vulners.com/hackerone/H1:638250?utm_source=rss&utm_medium=rss&utm_campaign=rss
Inside the NIST team working to make cybersecurity more user-friendly
https://www.helpnetsecurity.com/2019/07/11/nist-cybersecurity/
A Simple Configuration Mistake Caused GE Aviation Server To Leak Passwords and Sensitive Files
http://bit.ly/2XI4xcr
Magecart駭客集團新手法,專找配置錯誤的Amazon S3儲存貯體植入惡意程式
https://www.ithome.com.tw/news/131816
Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets
https://thehackernews.com/2019/07/magecart-amazon-s3-hacking.html
Spray and Pray: Magecart Campaign Breaches Websites En Masse Via Misconfigured Amazon S3 Buckets
https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/
Magecart group compromises 17,000 domains by overwriting Amazon S3 buckets
https://www.scmagazine.com/home/security-news/magecart-group-compromises-17000-domains-by-overwriting-amazon-s3-buckets/
資深系統工程師-資安產品
https://www.104.com.tw/job/6o0q9
前端設計師
https://www.104.com.tw/job/6o02g
資安經理
https://www.104.com.tw/job/6nbzr
資安工程師
https://www.104.com.tw/job/3fanf
兆豐銀招大數據人員暨資訊人員 薪含午膳費上看48K
https://www.1111.com.tw/news/jobns/124519/
供應鏈業務管理師
https://www.104.com.tw/job/6o6qi
數據分析師
https://www.liepin.com/job/1920264507.shtml
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
Virgil Abloh 本人 Instagram 帳號遭駭客入侵
https://hypebeast.com/zh/2019/7/virgil-abloh-instagram-hacked
約會應用程式 Jack’d 因隱私問題遭罰 24 萬;《財星 100 大》企業資料外洩,皆因安全措施不當的 AWS S3 伺服器導致
https://blog.trendmicro.com.tw/?p=61125
5大網路業者發布防制不實訊息自律準則
http://bit.ly/2YKCJW9
https://www.tahr.org.tw/sites/default/files/u87/190621_disinformation_code_of_practice_taiwan.pdf
資安研究單位指出,Email 仍是最主要的駭侵攻擊目標
https://blog.twnic.net.tw/2019/07/11/4219/
Google證實 雇用專人聽取裝置錄下的內容
https://www.cw.com.tw/article/article.action?id=5095970
詐騙新手法!簽支票才能借錢 一毛未得就欠債
https://news.ltn.com.tw/news/society/breakingnews/2837018
冒充聯邦法警「你未出席陪審團,繳錢消災」 詐財電話出新招
http://bit.ly/2XETLsh
卑詩商譽局提醒公眾留意冒稱銀行調查員的行騙手法
http://bit.ly/2XCt6ra
假鈔詐騙猖獗 苑裡人當心
http://bit.ly/2XBOOjG
「鑽線上服務漏洞」每次只騙1.99元 信用卡盜刷新手法
http://bit.ly/2JoFoyh
四川警方打掉一特大網路詐騙團伙
https://news.sina.com.tw/article/20190705/31859834.html
樂山打掉兩個網路賭博團伙 涉案賭資流水過億元
https://news.sina.com.tw/article/20190630/31799480.html
廣州工行協助警方堵截198萬涉案資金
https://news.sina.com.tw/article/20190705/31859244.html
電信詐騙「降魔之困」:高科技作案 老手段破案
https://news.sina.com.tw/article/20190704/31845990.html
提供人頭帳戶給詐騙集團使用 兩女吃官司
https://udn.com/news/story/7321/3915833
特大網路賭博平台滲透國內:年賭額為彩票收入兩倍
https://news.sina.com.tw/article/20190708/31885070.html
「最大罌粟花」侵入 特大國際網路賭博平台滲透國內
https://news.sina.com.tw/article/20190708/31883588.html
身分竊盜招數多 須常查看帳戶明細防詐
https://udn.com/news/story/6813/3920753
兩岸網路地下匯兌13億 警扣嫌資產
http://bit.ly/2Lfyi2u
台網站換匯人民幣 6年13億台幣流中國大陸
https://udn.com/news/story/7315/3918436
刑事局南打破獲網路地下匯兌 逮3嫌扣押3千多萬資產
https://news.ltn.com.tw/news/society/breakingnews/2846899
河南衛輝警方打掉一倒賣個人信息犯罪團伙
https://news.sina.com.tw/article/20190629/31796588.html
曾雅蘭、藍心湄遭盜圖賣商品 刑事局揭典型詐騙廣告
http://bit.ly/2xFvrqN
趁亂偷包!2男買點數 半小時盜刷1萬5千
https://news.tvbs.com.tw/local/1157033
我們常見信用卡詐騙主要是類型
https://read01.com/mzQyyDP.html#.XSat3ugzbIU
身分竊盜招數多 須常查看帳戶明細防詐
https://udn.com/news/story/6813/3920753
黑客侵香港私營醫療中心 7000病人資料恐外泄
http://bit.ly/2NOlh1N
社群網路一頁式廣告有詐 警公布6大破解訣竅防詐
https://news.ltn.com.tw/news/society/breakingnews/2844166
陸人力銀行員工盜賣16萬用戶個資 每份23元
https://money.udn.com/money/story/5603/3917960
英航38萬客戶個資被駭 遭判罰近3億美元
https://www.rti.org.tw/news/view/id/2026639
五十萬旅客個資遭駭客竊取 英航遭重罰2.3億美元
http://bit.ly/2xN2h9j
英國GDPR重罰再出手,萬豪國際因資料外洩遭罰9900萬英鎊
https://www.ithome.com.tw/news/131759
想靠網戀結束單身?你可能落入了「殺豬盤」陷阱
https://news.sina.com.tw/article/20190706/31877242.html
收到了微信支付關於XXE漏洞的郵件
https://developers.weixin.qq.com/community/develop/doc/0006e428458a38452cd84d40856000
EA遊戲平台漏洞恐洩用戶資料 股價挫逾
https://hk.on.cc/hk/bkn/cnt/finance/20190705/bkn-20190705231921625-0705_00842_001.html
峇厘島超商ATM盜領氾濫!專家傳授2點避免被詐
https://news.ebc.net.tw/News/business/169217
165反詐騙專線與Whoscall整合詐騙來電大數據  警民合作當反詐門神
https://times.hinet.net/news/22447130
美英5眼聯盟示警 8大情治系統個資遭中國掌控
http://bit.ly/2L5cXZl
59萬公務人員個資外洩 監委申請調查
https://udn.com/news/story/6656/3920942
59萬筆公務員個資外洩 台專家:問題嚴重
http://www.epochtimes.com/b5/19/7/5/n11365860.htm
59萬筆公務個資外洩 政院:媒體相關臆測非事實
https://udn.com/news/story/6656/3910761
銓敘部公務員個資外洩 政院資安處:立案偵辦中
https://cn.rti.tw/news/view/id/2026269
文官個資外洩因境外攻擊 手法近似中國特定網軍
https://www.cna.com.tw/news/firstnews/201907030101.aspx
政院:文官個資外洩已立案偵辦 外界臆測非事實
https://taronews.tw/2019/07/05/392231/
點開網頁瞬間被竊取隱私!訪客手機號碼被賣1元1條
https://reurl.cc/vRy2j
英國航空洩露個資,遭ICO開罰2.3億美元
https://reurl.cc/yVy06
奇異航空的Jenkins伺服器沒鎖,原始碼及密碼都曝光
https://www.ithome.com.tw/news/131740
男子被同事冒名辦信用卡欠款11萬筆跡鑑定還原真相
http://m.ce.cn/sh/sgg/201907/08/t20190708_32554857.shtml
萬豪酒店3億客戶個資外洩 衰吞9920萬英鎊重罰
https://newtalk.tw/news/view/2019-07-10/270640
中國大陸教育部發佈預警:警惕電信和「校園貸」詐騙
https://news.sina.com.tw/article/20190711/31926686.html
抽iPhone誘導填個資 警:趕快到銀行換卡
https://udn.com/news/story/7321/3908054?from=udn-ch1_breaknews-1-cate2-news
個資被駭被重罰!英國開鍘英航71億元、萬豪39億元
http://www.limedia.tw/tech/7360/
MongoDB Database Exposed 188 Million Records: Researchers
https://www.bankinfosecurity.com/mongodb-database-exposed-188-million-records-researchers-a-12769
Report: Detailed personal records of 188 million people found exposed on the web
https://www.comparitech.com/blog/vpn-privacy/188-million-data-breach/
Data leak costs £183 million
https://www.kaspersky.com/blog/british-airways-fined/27580/
Facebook transfer of data from EU to US shores argued in European high court
https://www.zdnet.com/article/legal-battle-challenging-facebook-transfer-of-eu-data-to-us-shores-reaches-european-high-court/#ftag=RSSbaffb68
GE Aviation exposed internal configs via open Jenkins instance
https://securitydiscovery.com/ge-aviation-exposed/
Vulnerabilities Found in Yet Another Government Website
https://www.bankinfosecurity.asia/vulnerabilities-found-in-yet-another-government-website-a-12724
Summer Scam Alerts: Don’t Let Crooks Wreck Your Family Travel Plans
https://securingtomorrow.mcafee.com/consumer/family-safety/summer-scam-alerts-dont-let-crooks-wreck-your-family-travel-plans/
British Airways Faces Record-Setting $230 Million GDPR Fine
https://www.bankinfosecurity.com/british-airways-faces-record-setting-230-million-gdpr-fine-a-12743
Over 90 Million Records Leaked by Chinese Public Security Department
https://www.bleepingcomputer.com/news/security/over-90-million-records-leaked-by-chinese-public-security-department/
Report: Fieldwork Software Leaks Sensitive Customer Data
https://www.vpnmentor.com/blog/report-fieldwork-leak/
Fieldwork Software database leak exposed sensitive SMB records, customer credit card details
https://www.zdnet.com/article/fieldwork-software-database-exposed-full-credit-card-details-of-business-customers/#ftag=RSSbaffb68
FBI, ICE plunder DMV driver database ‘gold mine’ for facial recognition scans
https://www.zdnet.com/article/fbi-and-ice-are-using-dmv-gold-mine-for-facial-recognition-scans/#ftag=RSSbaffb68
British Airways Fined £183 Million Under GDPR Over 2018 Data Breach
https://thehackernews.com/2019/07/british-airways-breach-gdpr-fine.html
Estonia's new e-residency security focus: 'You can't launder money with a digital ID'
https://www.zdnet.com/article/estonias-new-e-residency-security-focus-you-cant-launder-money-with-a-digital-id/#ftag=RSSbaffb68
Hackers breached Greece's top-level domain registrar
https://www.zdnet.com/article/hackers-breached-greeces-top-level-domain-registrar/#ftag=RSSbaffb68
UK’s data watchdog hands out two mega-fines for breaches
https://www.welivesecurity.com/2019/07/09/ico-fines-breaches-british-marriott/
Gone phishing: Why summer brings increased security threats to the enterprise
https://www.techrepublic.com/article/gone-phishing-why-summer-brings-increased-security-threats-to-the-enterprise/
Premera Signs $10 Million Breach Settlement With 30 States
https://www.bankinfosecurity.com/premera-signs-10-million-breach-settlement-30-states-a-12772
E.研究報告
善用Apache MPM工作模式 徹底發揮主機硬體效能 開源httperf壓力測試 調出伺服器最佳服務效能
https://www.netadmin.com.tw/netadmin/zh-tw/technology/79EE785099FF4659A813C710D92834D8
提升 WordPress 安全性,防止駭客入侵網站的 12 個方法(2019)
https://networker.tw/wordpress-security/
手動挖掘漏洞(一)輸入框未加過濾引發漏洞利用
https://www.cnblogs.com/Tempt/p/11147499.html
Mozilla火狐瀏覽器中的一個Use-After-Free漏洞分析
https://xz.aliyun.com/t/5569
CVE-2019-0863漏洞分析
https://xz.aliyun.com/t/5571
分析:HackerOne的安全漏洞報告導致門羅幣價格大跌
https://xcong.com/lives/1547167
阿里“內核漏洞檢測方法”入選國際學術頂會,尚不開源
http://tech.ifeng.com/a/20190705/45609730_0.shtml
CVE-2019-9041: 從CSRF到Getshell漏洞分析
http://www.sohu.com/a/325432735_354899
使用Adidnsdump轉儲Active Directory DNS
https://www.freebuf.com/articles/network/206897.html
WebLogic XMLDecoder 漏洞分析
https://www.freebuf.com/column/207849.html
Jenkins任意文件讀取(CVE-2018-1999002)漏洞分析
https://www.freebuf.com/column/207844.html
CVE-2017-12615漏洞復現
https://xz.aliyun.com/t/5610
淺談: 建立安全成熟度模型
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=8737
一款輕量級Web漏洞教學演示系統(DSVW)
http://www.wu45.com/post/4382.html
Bypassing Web Application Firewalls with HTTP Parameter Pollution
https://www.exploit-db.com/docs/47082
Coding a remote screenshot sending malware
https://medium.com/@gnsrikanth/coding-a-remote-screenshot-sending-malware-feea50b8bf8
Whonix : Privacy Protection, Anonymity Online, Anonymous Operating System
https://kalilinuxtutorials.com/whonix-privacy-protection/
Remote tech support, yet another risk factor for business
https://www.kaspersky.com/blog/dangerous-remote-access/27538/
Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks
https://www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-exploit/
Meet the ‘Gift Cardsharks’ Behind the Massive Campaign Targeting Victims with Commercially Available Tools
https://www.riskiq.com/blog/external-threat-management/giftcard-sharks/
Using Whitelisting to Remediate an RCE Vulnerability (CVE-2019-2729) in Oracle WebLogic
http://bit.ly/2xtl3lQ
See the Unseen in AWS Mirrored Traffic With the VM-Series
https://blog.paloaltonetworks.com/cloud-see-unseen-aws-mirrored-traffic-vm-series/
Getting Started with Cloud Governance
https://securingtomorrow.mcafee.com/business/cloud-security/getting-started-with-cloud-governance/
Fake jquery campaign leads to malvertising and ad fraud schemes
https://blog.malwarebytes.com/threat-analysis/2019/06/fake-jquery-campaign-leads-to-malvertising-and-ad-fraud-schemes/
GreenFlash Sundown exploit kit expands via large malvertising campaign
https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-exploit-kit-expands-via-large-malvertising-campaign/
Recipe for success: tech support scammers zero in via paid search
https://blog.malwarebytes.com/tech-support-scams/2019/06/recipe-for-success-tech-support-scammers-zero-in-via-paid-search/
HACKER LEXICON: WHAT IS CREDENTIAL DUMPING
https://www.wired.com/story/hacker-lexicon-credential-dumping/
How to enable DNS-over-HTTPS (DoH) in Firefox
https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-firefox/#ftag=RSSbaffb68
Mozilla: No plans to enable DNS-over-HTTPS by default in the UK
https://www.zdnet.com/article/mozilla-no-plans-to-enable-dns-over-https-by-default-in-the-uk/#ftag=RSSbaffb68
Coding a remote screenshot sending malware
https://medium.com/@gnsrikanth/coding-a-remote-screenshot-sending-malware-feea50b8bf8
F.商業
亞利安攜手原廠夥伴,助用戶落實資安法、提升威脅防禦能量
https://ithome.com.tw/pr/131679
數位媒體偷渡機密資訊 資安鑑識把守最後關卡  破解資訊隱藏伎倆 力阻數位影像藏密外流
https://www.netadmin.com.tw/netadmin/zh-tw/technology/C97145B13825464CB1F293223D009A7B
奧義智慧研發資安人工智慧引擎,從端點到全球網路快速防護
https://technews.tw/2019/07/08/cycarrier-developed-an-ai-engine-with-forensic-platform-to-provide-security-from-endpoints-to-global-networks/
微軟:如果你兩年內沒有登入微軟帳號,帳號將會自動刪除並且不會發送提醒郵件
https://www.techbang.com/posts/71371-microsoft-says-that-if-you-dont-log-in-to-your-microsoft-account-in-two-years-the-account-will-be-automatically-deleted-and-no-reminder-emails-will-be-sent
解析惡意郵件威脅指標 提升資安防護 眾至自建團隊 累積在地化情資
https://www.netadmin.com.tw/netadmin/zh-tw/market/9C3E2EA5EA2944F69FFD7494B09B3F4A
穆迪公司和Team8成立合資公司以制定全球網路風險標準
https://times.hinet.net/topic/22438194
趨勢科技率先利用 AWS Transit Gateway,提供高效能在線式網路資安防護,協助簡化並有效率解決企業在應用程式移轉至雲端時的網路資安需求
http://www.pcdiy.com.tw/detail/13470
McAfee準備重新上市
https://www.ithome.com.tw/news/131791
McAfee plots return to public markets with IPO
https://www.zdnet.com/article/mcafee-plots-return-to-public-markets-with-ipo/
Dashboards to Use on Palo Alto Networks for Effective Management
https://thehackernews.com/2019/07/log-management-analysis.html
Cynet Launches Free Offering For Incident Response Service Providers
https://thehackernews.com/2019/07/cynet-incident-response.html
Microsoft enhances OneDrive to secure your sensitive files
https://www.welivesecurity.com/2019/06/27/microsoft-onedrive-personal-vault-files/
Review: XM Cyber HaXM makes automated penetration testing more accessible, reliable
https://www.csoonline.com/article/3406464/review-xm-cyber-haxm-makes-automated-penetration-testing-more-accessible-reliable.html
Hackers' Operating System Kali Linux Released for Raspberry Pi 4
https://thehackernews.com/2019/07/kali-linux-raspberry-pi-4.html
Microsoft adds new 'passwordless' sign-in option with latest Windows 10 20H1 test build
https://www.zdnet.com/article/microsoft-adds-new-passwordless-sign-in-option-with-latest-windows-10-20h1-test-build/#ftag=RSSbaffb68
Microsoft is closing its Remix3D.com site early next year
https://www.zdnet.com/article/microsoft-is-closing-its-remix3d-com-site-early-next-year/#ftag=RSSbaffb68
Microsoft is reorging its field sales team, laying off some 'Modern Desktop' salespeople
https://www.zdnet.com/article/microsoft-is-reorging-its-field-sales-team-laying-off-some-modern-desktop-salespeople/#ftag=RSSbaffb68
Microsoft stirs suspicions by adding telemetry files to security-only update
https://www.zdnet.com/article/microsoft-stirs-suspicions-by-adding-telemetry-files-to-security-only-update/#ftag=RSSbaffb68
G.政府
不信任公部門?打假…為何越打越反感
https://udn.com/news/story/11311/3912764
傳鎖定網站清查假訊息影響大選 調查局澄清
https://udn.com/news/story/7321/3912934
內政部:數位身分證將結合自然人憑證,明年10月換發
https://www.ithome.com.tw/news/131711
晶片身分證明年十月將發行,上路倒數前3大疑慮待解
https://www.techbang.com/posts/71385-chip-id-will-be-released-in-october-top-3-doubts-to-be-resolved
「國安五法」完成 蔡英文:續拚「中共代理人」修法
http://bit.ly/32cwxZ4
台月底公布危害資安產品清單 華為中興料被禁
https://hk.on.cc/hk/bkn/cnt/cnnews/20190707/bkn-20190707154016375-0707_00952_001.html
誤送開山里登革熱警示傳損千萬 疾管署:免費發送
https://www.cna.com.tw/news/firstnews/201907095006.aspx
危害國家資安產品清單 擬7月底公布
https://www.cna.com.tw/news/aipl/201907070033.aspx
發布核定具證券性質之虛擬通貨為證券交易法所稱之有價證券之令。(金管證發字第1080321164號)                 
https://reurl.cc/j0M3p
金管會公布系統性銀行名單,上榜銀行面臨增資壓力
https://finance.technews.tw/2019/07/08/the-fsc-announces-a-list-of-systemic-banks-and-the-listed-banks-are-facing-pressure-to-increase-capital/
銀行資料上雲端哪些新規定?實地查核怎麼做?金管會雲端委外8大重點一次看
https://www.ithome.com.tw/news/131678
開發App,請依「行政院及所屬各機關行動化服務發展作業原則」進行
https://inc.ntub.edu.tw/p/405-1011-69591,c4009.php?Lang=zh-tw
5G頻譜戰/清除路障 NCC有方案
https://reurl.cc/XnXgM
中共代理人修法為選舉?綠委反擊藍:中共滲透讓民眾產生亡國感
http://bit.ly/2Jln0HI
電子支付機構業務管理規則
http://www.rootlaw.com.tw/LawArticle.aspx?LawID=A040390040026700-1080702&ShowType=Ref&FLNO=20000
科技賄選? 警方布線偵查行動支付、虛擬貨幣買票
https://news.ltn.com.tw/news/politics/breakingnews/2848979
大選查賄起跑 嚴查假消息、境外資金
https://news.ltn.com.tw/news/politics/paper/1302139
智慧巴士資通訊系統資安標準上路,產業防護再升級
http://www.ttia-tw.org/news.php?wshop=ttia&Opt=detailed&tp=News&lang=zh-tw&news_id=22654
亞矽執行中心參訪美NIST 強化雙邊連結
https://money.udn.com/money/story/5612/3923038
韓才稱不考量!高雄亞洲好玩卡爆中資
http://bit.ly/2LhkuVc
修正「南投縣政府資通安全處理小組設置及作業要點」第二點、第四點、第五點及第七點,並自即日生效
http://link.nantou.gov.tw/glrsout/NewsContent.aspx?id=967
前陸軍副司令劉湘濱:做好資訊戰 攻台戰爭就打不起來
https://news.ltn.com.tw/news/politics/breakingnews/2850206
H.ICS/SCADA 工控系統
研究人員發現醫療軟件漏洞將導致診斷結果有誤
http://bit.ly/2Jo9naI
美國醫院麻醉機、呼吸機現安全漏洞:極易遭遠程篡改
https://news.sina.com.tw/article/20190710/31919198.html
Researchers Disclose Vulnerability in Siemens' ICS Software
https://www.bankinfosecurity.in/researchers-disclose-vulnerability-in-siemens-ics-software-a-12765
Vulnerabilities found in GE anesthesia machines
https://www.zdnet.com/article/vulnerabilities-found-in-ge-anesthesia-machines/#ftag=RSSbaffb68
advantech -- webaccess CVE-2019-10989
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10989
advantech -- webaccess CVE-2019-10991
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10991
advantech -- webaccess CVE-2019-10993
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10993
I.教育訓練
駭客的 Linux 基礎入門必修課 (Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali)
https://www.tenlong.com.tw/products/9789865021993?list_name=c-linux
教你 使用 Windows 10 Sandbox 沙箱 功能,降低電腦中毒的機率
http://bit.ly/2XAN1vy
XXE漏洞學習
https://www.cnblogs.com/liqik/p/11167019.html
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
物聯網中自由、便利與安全的恐怖三角關係,您選擇了誰
https://www.allion.com.tw/article-cybersecurity-2/
機器學習:現代網路安全英雄
https://www.symantec.com/blogs/chinese-traditional/tw-machine-learning-modern-day-cyber-security-hero
2019台灣資安產業與IoT發展現況大公開
http://m.ccs-cbm.org.cn/kexue/7914.html
航拍機投射假路牌資訊   黑客爆自動駕駛系統漏洞
https://unwire.hk/2019/07/08/flickering-car-ghosts/life-tech/auto/
強化資安及深度學習,安控網路攝影機 AI 應用更上層樓
https://technews.tw/2019/07/08/strengthen-ai-application-of-ip-camera-by-cyber-security-and-deep-learning/                                                    
知名動畫,IOT資安恐攻議題
http://www.digorlon.com/home/post/928
暗網潛航——物聯網、勿聯網(中)
http://bit.ly/2LfOxg2
又是弱密碼惹的禍!Silex 一天就癱瘓數千台物聯網設備
https://blog.trendmicro.com.tw/?p=61131
Smart waste management system highlights potential for narrowband IoT deployments
https://www.zdnet.com/article/smart-waste-management-system-highlights-potential-for-narrowband-iot-deployments/#ftag=RSSbaffb68
Automated Peril: Researchers Hack 'Smart Home' Hubs
https://www.bankinfosecurity.com/automated-peril-researchers-hack-smart-home-hubs-a-12723
Two billion user logs leaked by smart home vendor
https://www.welivesecurity.com/2019/07/02/two-billion-logs-leaked-smart-home/
Israel warns of AI cyber-attacks by voice impersonating of senior executives
http://www.xinhuanet.com/english/2019-07/10/c_138212768.htm
Forescout Positioned For Growth In Burgeoning IoT/OT Security Market
https://www.forbes.com/sites/robertdefrancesco/2019/07/11/forescout-positioned-for-growth-in-burgeoning-iotot-security-market/
Hacked surveillance firm pitches NYC with invasive camera tech to track driver journeys
https://www.zdnet.com/article/hacked-surveillance-firm-pitches-nyc-with-ml-cameras-to-track-driver-journeys/
6.近期資安活動及研討會
 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019
 智慧金屬與物聯網資安座談會  7/15
 https://seminars.tca.org.tw/D15e02242.aspx
 【資安講座】企業電子郵件資安,釣魚郵件與郵件詐騙解析、最新防護技術發展,更新大家的資安知識 7/16
 https://www.techbang.com/posts/70854-lecture-corporate-email-security
 HackingThursday 固定聚會 7/18
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/
 資安產學高峰論壇 7/18
 https://www.accupass.com/event/1906140709596176666390
 資安趨勢研討會 7/18
 https://www.accupass.com/event/1906110041444881410360
 第12屆台盧(森堡)經濟合作會議  7/19
 http://registration.cieca.org.tw/visit/?d=74
 5G+IoT美麗新世界的資安挑戰與機會研討會 7/18
 http://iekweb2.iek.org.tw/IEKConf/Client/confinfo.aspx?mode=confinfo&conf_no=384953433
 HackingThursday 固定聚會 7/25
 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/
 新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站​  7/26
 https://ievents.iii.org.tw/eventS.aspx?t=0&id=547
 2019扭轉資安營運研討會  7/26
 https://www.netfos.com.tw/event/2019event/20190726netfos/20190726-NETFOS-seminar-reg.html
 CDX2.0推廣活動 - 台南場次  7/26
 https://nchc-cdx.kktix.cc/events/cdxactivity-0726
 Agile Hsinchu 七月聚會: 當領域驅動上了雲 7/27
 https://agilecommtw.kktix.cc/events/dddcloud
 The Virus Bulletin Conference 2019 8/1
 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/
 資安事故處理實務課程 8/7 ~ 8/8
 http://bit.ly/2VW0Lv9
 DEF CON 27  2019/8/8–8/11
 https://www.defcon.org/
 大數據軟體開發平台與AI(人工智慧)開發應用案例 8/9
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3805&from_course_list_url=homepage
 數位鑑識處理實務 8/14 ~ 8/15
 http://bit.ly/2VW0Lv9
 108 年度臺灣學術網路危機處理中心資安巡迴研討會 -資安趨勢暨網路安全概要  8/19 ~ 8/27
 http://www.hssh.tp.edu.tw/ezfiles/1/1001/attach/42/pta_17520_7551835_06329.pdf
 台灣駭客年會 HITCON Summer Training 2019 - 學生報名  2019-08-19 ~ 2019-08-22
 https://www.accupass.com/event/1906050919271598677460
 ᅵYahoo奇摩電商專題講座ᅵ 我們與詐騙的距離_電商不可承受的資安之重  8/21
 https://www.accupass.com/event/1906120307261445013215
 WEB應用滲透測試 8/21 ~ 8/23
 https://www.accupass.com/event/1904080221358963463590
 台灣駭客年會 HITCON Community 2019  2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8)
 https://www.accupass.com/event/1906040921594609934250
 數位政府高峰會 2019  8/28
 https://egov.ithome.com.tw/
 ModernWeb 19  8/28 ~ 8/29
 https://modernweb.tw/
 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」  8/29 ~ 8/30
 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==
 108年資安職能訓練-行動裝置安全(8/29-8/30)
 https://cee.ksu.edu.tw/recruitinfo/1443.html
 2019 NGO 資安種子講師訓練 8/29
 https://ocftw.kktix.cc/events/cscs2019tot
 交通大學亥克書院-B022:基礎網頁安全與滲透測試<新竹場次> 9/7
 https://hackercollege.nctu.edu.tw/?p=1079
 【AWS資安】Security Engineering on AWS​高級課程 9/9 ~ 9/11
 https://www.accupass.com/event/1905150854571147685105
 CDX2.0推廣活動 - 台北場次 9/10
 https://nchc-cdx.kktix.cc/events/cdxactivity-0910
 Kubernetes Summit 9/11
 https://summit.ithome.com.tw/kubernetes/
 交通大學亥克書院-A011:入侵行為發覺與應變指南 9/21
 https://hackercollege.nctu.edu.tw/?p=1082
 TANET 2019 - 臺灣網際網路研討會  9/25
 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310
 交通大學亥克書院-B022:基礎網頁安全與滲透測試 9/28
 https://hackercollege.nctu.edu.tw/?p=1084
 HITB+ CYBER WEEK 2019/10/12 ~17
 https://d2p.hitb.org/
 交通大學亥克書院-A006:數位足跡追蹤與分析 10/19
 https://hackercollege.nctu.edu.tw/?p=1088
 Splunk .conf 19  10/21 ~ 10/24
 https://conf.splunk.com/
  AIoT智能物聯網開發人才就業養成班[免費諮詢]  10/22
 https://ittraining.kktix.cc/events/aiot-training-2019
 Industrial Control Systems (ICS) Cyber Security Conference  USA   October 21 – 24, 2019
 https://www.icscybersecurityconference.com
 交通大學亥克書院-A015:進階網頁滲透測試 10/26
 https://hackercollege.nctu.edu.tw/?p=1090
 交通大學亥克書院-P006:高階網頁滲透測試 11/16
 https://hackercollege.nctu.edu.tw/?p=1092
 交通大學亥克書院-B015:惡意程式檢測 11/30
 https://hackercollege.nctu.edu.tw/?p=1098
 交通大學亥克書院-A018:企業網域控管-Active Directory攻擊與防禦  12/14
 https://hackercollege.nctu.edu.tw/?p=1094
 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

1 則留言:

  1. . Hey Thanks for sharing this blog its very helpful to implement in our work
    Regards
    Hacker for cell phone

    回覆刪除