資安事件新聞週報 2019/6/3 ~ 2019/6/7

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/6/3 ~ 2019/6/7 1.重大弱點漏洞/後門/Exploit/Zero Day Zimbra Collaboration Suite 信息洩露漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15131 ZyXEL P-660HN-T1 V2 Missing Authentication / Password Disclosure https://packetstormsecurity.com/files/153144/zyxelp660hn-bypass.txt Fortinet產品存在多個漏洞 https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1440 phpMyAdmin 多個漏洞 https://www.auscert.org.au/bulletins/ESB-2019.2016/ New RCE vulnerability impacts nearly half of the internet's email servers https://www.zdnet.com/article/new-rce-vulnerability-impacts-nearly-half-of-the-internets-email-servers/#ftag=RSSbaffb68 Huawei P30和Huawei P30 Pro 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5307 京晨科技(NUUO Inc.)網路監控錄影系統(Network Video Recorder, NVR)存在安全漏洞(CVE-2019-9653) http://net.nthu.edu.tw/2009/mailing:announcement:20190606_01 Apache Jenkins Exploited to Mine Monero Cryptocurrency https://medium.com/pwnpizza/apache-jenkins-exploited-to-mine-monero-cryptocurrency-dc9a7281c663 Google研究人員發現微軟記事本漏洞 https://www.ithome.com.tw/news/131044 文本編輯器Vim/Neovim被曝任意代碼執行漏洞，含POC http://bit.ly/2JZrMft 校園數位學習平台 WMP 智慧大師含有 Command Injection 漏洞 https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=3003 HTC VIVEPORT 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12176 Oracle MySQL Server組件未授權操作漏洞 https://www.cnvd.org.cn/flaw/show/CNVD-2019-07347 Cisco IOS軟件認證繞過漏洞（CVE-2019-1758） https://www.linuxidc.com/Linux/2019-06/158980.htm 思科產品多個漏洞 https://tools.cisco.com/security/center/publicationListing.x Micro Focus Service Manager 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11646 IBM PureApplication System 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4235 FreeBSD bro 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12175 Liferay Portal 7.1 CE GA4跨站脚本漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6588 Laravel 5.8 SQL 注入漏洞詳解 https://xz.aliyun.com/t/5331 macOS 0-Day Flaw Lets Hackers Bypass Security Features With Synthetic Clicks http://bit.ly/2IwAvTt macOS零日漏洞曝光，允許黑客繞過系統安全功能執行惡意代碼 https://zhuanlan.zhihu.com/p/68010379 前NSA研究員發現Mac漏洞安全提示可被“合成點擊”繞過 https://www.aqniu.com/news-views/49503.html Nvidia修補GeForce Experience漏洞 https://www.ithome.com.tw/news/131059 pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting https://www.exploit-db.com/exploits/46936 Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit) https://www.exploit-db.com/exploits/46942 HP Service Manager SQL注入漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6494 Docker暴安全漏洞主機文件有被獲取讀寫權限的風險 http://www.dalbll.com/Group/Topic/IT/8324 戴爾電腦預裝軟件嚴重漏洞使用戶易受局域網劫持 http://www.sohu.com/a/318306744_621613?sec=wd Android 多個漏洞 https://www.hkcert.org/my_url/zh/alert/19060401 Apache Hadoop遠程權限提升漏洞（CVE-2018-8029） http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029 Oracle MySQL Server拒絕服務漏洞 https://www.oracle.com/technetwork/security-advisory/cpuapr2019verbose-5072824.html OneLogin ruby-saml身份驗證繞過漏洞 https://github.com/onelogin/ruby-saml Linux Kernel 'marvell/mwifiex/scan.c'堆溢出漏洞（CVE-2019-3846） http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3846 Red Hat JBoss 多個漏洞 https://www.auscert.org.au/bulletins/ESB-2019.1949/ Lenovo Bootable Generator代碼問題漏洞 https://support.lenovo.com/us/en/product_security/LEN-25401 Artifex MuJS棧緩衝區溢出漏洞 https://github.com/ccxvii/mujs/commit/da632ca08f240590d2dec786722ed08486ce1be6 0patch出面修補了Windows工作排程器漏洞 https://www.ithome.com.tw/news/131109 微軟公告目前仍有超過 100 萬 Windows 裝置存在嚴重漏洞 http://bit.ly/2Wq45Ul 微軟警告XP、Win7用戶逾100萬裝置有惡意攻擊風險 http://www.limedia.tw/tech/4441/ 微軟視窗遠端桌面服務網路級身分驗證繞過保安限制漏洞 https://www.hkcert.org/my_url/zh/alert/19060502 為了緩解舊版win10中的這些漏洞，Microsoft今天發布了以下新更新 http://www.ylmfwin100.com/ylmf/14582.html Windows 10 RDP漏洞可讓駭客綁架連線 https://www.ithome.com.tw/news/131133?fbclid=IwAR0_Ec9EowlWa6_985hy1YKi1cFrvVo6vMlsRZk2j4T2nNC0Fl0pU6gHTNg Microsoft Word信息泄露漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0561 Microsoft Edge和ChakraCore緩衝區溢出漏洞 https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0914 Microsoft Windows內核信息洩露漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0536 Windows 10 RDP漏洞可讓駭客綁架連線 https://www.ithome.com.tw/news/131133 Microsoft issues second warning about patching BlueKeep as PoC code goes public https://zd.net/2KBic1R Microsoft Sounds Second Alarm Over BlueKeep Vulnerability https://www.bankinfosecurity.com/microsoft-sounds-second-alarm-over-bluekeep-vulnerability-a-12541 CVE-2019-0703 | Windows SMB Information Disclosure Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0703 Unpatched Bug Let Attackers Bypass Windows Lock Screen On RDP Sessions http://bit.ly/2QUDetH Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708) https://www.zdnet.com/article/even-the-nsa-is-urging-windows-users-to-patch-bluekeep-cve-2019-0708/#ftag=RSSbaffb68 Critical Vulnerability Found In Convert Plus WordPress Plugin http://bit.ly/318PgUY 網站安全狗(IIS版)存在Webshell繞過漏洞 https://www.cnvd.org.cn/flaw/show/CNVD-2018-02515 結構全版本漏洞利用總結 http://www.heibai.org/post/1352.html Cyrus IMAP 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11356 2.銀行/金融/保險/證券/支付系統/ 新聞及資安純網銀LINE Bank將推出？「資安」是關鍵核心 http://www.limedia.tw/tech/4076/ LINE信用評等機制將來台憑分數可享金融服務 https://www.cna.com.tw/news/afe/201905300255.aspx LINE Bank網銀有三大優勢強化反洗錢、金融犯罪防制 https://www.wantgoo.com/news/content/index?ID=981419 Hit FinTech高峰會 6/12台北登場 https://money.udn.com/money/story/11799/3841802 Fin Tech 資安機制要跟上腳步 https://money.udn.com/money/story/12952/3857897 行政院發函！籲請金管會督導南山 6月底前改好資訊系統 https://ec.ltn.com.tw/article/breakingnews/2808601 金融創新 57％高階保守看 https://www.chinatimes.com/newspapers/20190604000240-260202?chdtv 另類外交！偵破一銀盜領案全球首例英公司來台拍紀錄片 https://m.ltn.com.tw/news/society/breakingnews/2812372 用LINE群組炒股要通報金管會增訂南山條款 https://money.udn.com/money/story/5613/3853879 效益不如預期八大行庫指定分行延長營業時間7月起將陸續取消 https://fnc.ebc.net.tw/FncNews/stock/82467 只有FinTech還不夠，王道銀行贏在金融科技背後的強大「支援」 https://www.thenewslens.com/article/120129 銀行防制洗錢及打擊資恐注意事項範本更新 https://www.aml-ba.org.tw/news-view.php?ID=11 金融科技夯景氣循環防禦首選 http://bit.ly/2WQbJqe 金融新兵拚規模vs.大型銀行秀創新兩大勢力誰先達陣 https://money.udn.com/money/story/5613/3855250 經理人LINE談論股票保險業須通報金管會 https://money.udn.com/money/story/5613/3855631 比爾蓋茲也這樣做監理科技助升金融業 http://bit.ly/2K08t5I 南山人壽「2019精算大數據研討會」發表三大研究成果 http://bit.ly/2K08Ih8 電子載具方便卻難普及網揭暗黑原因 https://www.chinatimes.com/hottopic/20190605003365-260804?chdtv Everything you need to know about ATM attacks and fraud: Part 1 https://blog.malwarebytes.com/101/2019/05/everything-you-need-to-know-about-atm-attacks-and-fraud-part-1/ Hollywood lie: Bank hacks take months, not seconds https://www.zdnet.com/article/hollywood-lie-bank-hacks-take-months-not-seconds/#ftag=RSSbaffb68 PCI Compliance and Network Segmentation http://bit.ly/2wAD7Kg 3.電子支付/電子票證/行動支付/ pay/新聞及資安 App綁支付…手機變百貨 https://money.udn.com/money/story/10868/3846112 Fitbit用戶現可於全球七大交通運輸系統使用Fitbit Pay https://news.sina.com.tw/article/20190602/31498824.html 電子支付補貼燒太兇　上半年已3家申請增資 http://n.yam.com/Article/20190530887599 智冠加碼威肯持股強攻第三方支付 https://ec.ltn.com.tw/article/paper/1292630 歐盟新資安規定9月上路將衝擊線上支付業者 https://money.udn.com/money/story/5602/3853464 電子支付用戶破500萬收付轉帳街口都奪冠 http://bit.ly/2ET9ybo 【洗黑錢】浙支付平台幫賭網結算：300部手機同時收款　涉案額7億 http://bit.ly/2WuMR8s 網購最多人愛上PChome LINE Pay卡使用率最高 http://bit.ly/2ZaM3Ca LINE Pay電子錢包功能+1　攜手Visa整合數位支付卡 https://www.ettoday.net/news/20190606/1461430.htm 所有Visa卡都可綁進LINE Pay 強強聯手攻四大金融科技商機 https://news.cnyes.com/news/id/4332353 台灣Pay信用卡繳稅近22萬筆 http://bit.ly/2Io53GH 4.虛擬貨幣/區塊鍊新聞及資安臉書與CFTC討論數位幣計畫 https://www.chinatimes.com/realtimenews/20190603001086-260410?chdtv 全台15所大學起義共創區塊鏈大學聯盟 http://bit.ly/2wwM0ED ETH合約溢出漏洞逆向技巧 https://www.heibai.org/post/1330.html Cosmos安全漏洞解析：21天鎖倉資金可提前贖回 https://xcong.com/articles/3538414 Hashgard：Cosmos SDK 漏洞的觸發條件為驗證人節點宕機 https://www.chainnews.com/articles/215765303543.htm 你該知道區塊鏈改變世界的五大方式 http://news.knowing.asia/news/3f4039b0-fdb9-40f7-b0ec-36af6b7a03ac 北韓駭客攻擊南韓主要交易所 UpBit，利用「釣魚郵件」竊取用戶帳戶密碼和私鑰 https://www.blocktempo.com/north-hacker-attacked-south-koreas-upbit-crypto-exchange/ 善用區塊鏈跨境支付更方便 http://bit.ly/2Kmghhu 數寶分析穩定幣再加密貨幣市場中的價值 https://money.udn.com/money/story/5636/3847102 區塊鏈基本知識 http://bit.ly/2QBom2Q 促進區塊鏈採用安永公開其以太坊隱私交易解決方案開源碼 https://news.cnyes.com/news/id/4330228 Coinbase公佈BCH硬分叉漏洞引起雙花攻擊的13個地址 http://www.btc126.com/view/22068.html 稱要教育巴菲特，中國加密貨幣先驅天價與巴菲特吃午餐 https://technews.tw/2019/06/04/cyber-currency-supporter-lunch-with-warren-buffett/ G20針對虛擬貨幣要求制定新措施防止洗錢 https://tchina.kyodonews.net/news/2019/06/53814b978890-g20.html 導入區塊鏈的數位市民卡特別在哪？台北資訊局長點出3個「有感」應用 http://bit.ly/2MsSQ95 銀行攻數位幣加速跨境結算 https://udn.com/news/story/6811/3851222 取得MSB執照！Dinngo致力成為世界頂級交易所 http://bit.ly/2XmCPm1 欲跨足支付市場臉書與美主管機關洽談數位貨幣 https://udn.com/news/story/6811/3850024 Facebook加密貨幣據稱下個月問世或許還有實體ATM機 https://news.sina.com.tw/article/20190606/31539066.html 90%做區塊鏈專案不佳，但台灣未來機會在區塊鏈 http://bit.ly/2wFAfvI 閃電網絡（中）｜從貨幣支付發展歷史看閃電網絡核心思想 https://xcong.com/articles/3539681 陳美伶赴歐展開台歐盟AI區塊鏈資安交流 http://bit.ly/2WpJDmp 宣布成立區塊鏈公司！Mark Karpeles：比特幣的安全需要重建 http://news.knowing.asia/news/05817694-585e-4b4a-bdf5-218df343187f 加密貨幣交易平台Cryptohopper有山寨版，可竊取受害者資料 https://www.ithome.com.tw/news/131147 GateHub的潛在安全漏洞可能導致用戶損失2300萬XRP http://www.coinvoice.cn/39803.html KMD：Agama錢包漏洞造成的損失不小但尚且可控，將盡可能補償用戶 https://www.tuoluocaijing.com.tw/kuaixun/detail-68109.html Software developers are keeping an open mind about blockchain https://www.zdnet.com/article/software-developers-see-potential-in-blockchain/#ftag=RSSbaffb68 Breaking down the Forbes Blockchain 50 https://medium.com/blockdata/breaking-down-the-forbes-blockchain-50-2f44e9902537 Cryptocurrency Firm Itself Hacked Its Customers to Protect Their Funds From Hackers http://bit.ly/2wF68Ev Hackers steal $9.5 million from GateHub cryptocurrency wallets https://zd.net/2XufjmZ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / APT 警惕Bizarro Sundown（GreenFlash）漏洞利用工具包傳播Seon勒索病毒 http://bit.ly/2HRiY9l 瞄準Linux平臺的惡意軟體HiddenWasp現身，讓駭客得以遠端控制受感染的系統，惡意軟體由中國駭客創造 https://www.insoler.com/forum/topic/15592895876534.htm GandCrab勒索軟體賺了20億美元後宣佈收山 https://www.ithome.com.tw/news/131042 網路勒索集團清除了 12,000 多個 MongoDB 資料庫 https://blog.trendmicro.com.tw/?p=60811 變種 Mirai 又再現身升級攻擊方法專烚懶人 http://bit.ly/2wzJa1J 感染勒索軟體的巴爾的摩市，雖然沒付10萬美元贖金，但後續重建成本將近2千萬美元 https://www.ithome.com.tw/news/131140 新型「挖礦」惡意軟件 BlackSquid 肆虐美國與泰國 https://unwire.pro/2019/06/05/crypto-jacking-mining-malware/security/ GandCrab 勒索病毒鎖定攻擊 MySQL 資料庫 https://blog.trendmicro.com.tw/?p=60802 惡作劇？駭客？議員收可疑USB　藏木馬病毒 https://news.tvbs.com.tw/politics/1144094 Trickbot 攻擊迫使俄亥俄州學校停課 https://blog.trendmicro.com.tw/?p=60809 勒索電郵攻撃新趨勢 https://www.hkcert.org/my_url/zh/blog/19060601 垃圾郵件使用 HawkEye Reborn 鍵盤側錄惡意程式攻擊企業 https://blog.trendmicro.com.tw/?p=60830 惡意虛擬貨幣挖礦容器,針對暴露API 的 Docker主機，並用 Shodan 找出其他受害目標 https://blog.trendmicro.com.tw/?p=60752 美國得來速連鎖餐廳POS系統中毒導致消費者的金融卡資訊遭駭 https://ithome.com.tw/news/131021 美國知名得來速連鎖餐廳POS系統中毒傳駭客入侵盜走消費者個資 http://bit.ly/2Wer282 Hackers Stole Customers' Credit Cards from 103 Checkers and Rally's Restaurants http://bit.ly/2JRF11A MacOS Zero-Day Allows Trusted Apps to Run Malicious Code http://bit.ly/311RNQA Three’s a crowd: New Trickbot, Emotet & Ryuk Ransomware https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4 Checkers, Rally's Burger Joints Hit By POS Malware https://www.bankinfosecurity.com/checkers-rallys-burger-joints-hit-by-pos-malware-a-12540 Fingerpointing Over Baltimore's Ransomware Attack https://www.bankinfosecurity.asia/interviews/fingerpointing-over-baltimores-ransomware-attack-i-4344 GandCrab ransomware operation says it's shutting down https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/#ftag=RSSbaffb68 E-BUSINESSKaspersky Lab Reports 61% Increase in Mobile Banking Malware https://nigeriacommunicationsweek.com.ng/kaspersky-lab-reports-61-increase-in-mobile-banking-malware/ Advanced Linux backdoor found in the wild escaped AV detection https://arstechnica.com/information-technology/2019/05/advanced-linux-backdoor-found-in-the-wild-escaped-av-detection/ Dota Campaign: Analyzing a Coin Mining and Remote Access Hybrid Campaign https://kindredsec.com/2019/05/31/dota-campaign-analyzing-a-coin-mining-and-backdoor-malware-hybrid-campaign/ The Emotet-ion Game (Part 3) https://securityboulevard.com/2019/05/the-emotet-ion-game-part-3/ A dive into Turla PowerShell usage https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/ HiddenWasp Malware Stings Targeted Linux Systems https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/ Windows 10 security: Are ads in Microsoft's own apps pushing fake malware alerts https://zd.net/2Z4Klm4 Pharma-testing biz Eurofins Scientific says it fell victim to 'new version' of malware http://bit.ly/2WyzKlR BlackSquid Slithers Into Servers and Drives With 8 Notorious Exploits to Drop XMRig Miner http://bit.ly/319OTcz Windows 10 Apps Hit by Malicious Ads that Blockers Won't Stop http://bit.ly/2EUqGgT Code Analysis of Basic Cryptomining Malware https://kindredsec.com/2019/06/03/code-analysis-of-basic-cryptomining-malware/ GandCrab Ransomware Shutting Down After Claiming to Earn $2.5 Billion https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-shutting-down-after-claiming-to-earn-25-billion/ BlackSquid malware uses bag of exploits to drop cryptocurrency miners https://www.zdnet.com/article/blacksquid-malware-has-bag-of-exploits-to-drop-cryptocurrency-miners/#ftag=RSSbaffb68 The number of installed packages of malicious mobile banking Trojans increased by 58% http://bit.ly/2XtaSc9 Malicious Mobile App Stealing Users’ Money https://www.izoologic.com/2019/06/04/malicious-mobile-app-stealing-users-money/ Kaspersky TDSSKiller Portable http://bit.ly/2EP6OMf VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles https://www.virusbulletin.com/uploads/pdf/magazine/2018/VB2018-Kalnai-Poslusny.pdf B.行動安全 / iPhone / Android /穿戴裝置 /App Apple ID被中國駭客成功破解 https://www.ptt.cc/bbs/MobileComm/M.1495603560.A.2CD.html 華盛頓郵報：大量 iPhone Apps 透過背景更新發送用戶數據 https://unwire.hk/2019/06/01/back-ground-app-refresh-apple/mobile-phone/ iOS軟件暗藏追蹤器泄用戶私隱背景App定期傳送 1個月傳1.5GB數據 http://bit.ly/315xKR8 去廁所前要向主管 WhatsApp「登記」？網民慨嘆：慘過集中營 http://bit.ly/2W4oYiQ Line怎麼做資安？資安團隊首度對外揭露 https://www.ithome.com.tw/news/131029 跨國駭客威脅防不勝防，LINE如何把資安DNA注入員工身上 https://www.bnext.com.tw/article/53497/line-cyber-security-culture 新思斷軟體更新華為再重創 https://ec.ltn.com.tw/article/paper/1292863 華為5G遭獵殺！爽了這家通訊大廠 https://www.chinatimes.com/realtimenews/20190605000032-260410?chdtv 華為與俄電信商MTS簽約開發5G網絡 http://bit.ly/31eNrFN 印度是否允許華為參與其5G網絡是個未知數 https://www.voacantonese.com/a/Huawei-Role-In-5G-Network-Under-A-Cloud-20190604/4945134.html FCC成員：華為的威脅已經存在 https://www.voacantonese.com/a/fcc-member-huawei-rural-area-20190531/4941499.html Android 瀏覽器漏洞助黑客發動網址列詐騙攻擊 http://bit.ly/2Wm1HxV 中搶5G商機駭對手曝光安全漏洞 https://m.ltn.com.tw/news/focus/paper/1293241 WWDC 2019：MacOS Catalina 將 iTunes 拆成三個獨立App、使iPad成為第二顆螢幕以及所有動作都能透過語音控制 https://www.cool3c.com/article/144512 西班牙國家情報中心(CNI)警告5G恐對網路資安造成更大挑戰 http://bit.ly/2MpVigx 傳暫停華為手機生產線富士康未回應 http://bit.ly/2ERTIh5 前五大類行動裝置漏洞 https://blog.ipswitch.com/tw/top-5-types-of-mobile-device-breaches 當心個資外洩！專家：這3種資料別存在手機裡 https://fnc.ebc.net.tw/FncNews/tech/82264 讓用戶掌握更多的數據控制權 Apple顧隱私「每週拒4萬個APP上架」 http://bit.ly/2HTZbWC 被嵌入BeiTaAd廣告外掛的Android程式恐讓手機難以使用 https://www.ithome.com.tw/news/131110 貼文、留言都由他們檢查！臉書神秘的「內容審查員」做了這些事 https://3c.ltn.com.tw/news/37005 防盜帳號不簡單！直擊 LINE X Intertrust 資安大會，捍衛數位世界身份與信用 https://assets.inside.com.tw/article/16573-LINE-X-Intsertrust-2019 蘋果公司新登錄選項或對Facebook和google過濾更多個人資訊 https://on.wsj.com/31fsn1U iOS 13、MacOS Catalina終止支援SHA-1雜湊演算法 https://www.ithome.com.tw/news/131136?fbclid=IwAR0sb8CnzU9TZJAgY9sKFoffSJqo8zFiWTVqCFRHQEuP7j2X8lWSfSAmdI8 iOS 13 on the iPhone: Here's what Apple needs to fix urgently https://www.zdnet.com/article/ios-13-on-the-iphone-heres-what-apple-needs-to-fix-urgently/#ftag=RSSbaffb68 New attack creates ghost taps on modern Android smartphones https://www.zdnet.com/article/new-attack-creates-ghost-taps-on-modern-android-smartphones/#ftag=RSSbaffb68 Wave of SIM swapping attacks hit US cryptocurrency users https://www.zdnet.com/article/wave-of-sim-swapping-attacks-hit-us-cryptocurrency-users/#ftag=RSSbaffb68 Symantec Mobile Threat Defense: Reducing Risky App Threats with Robust App Vetting https://www.symantec.com/blogs/product-insights/symantec-mobile-threat-defense-reducing-risky-app-threats-robust-app-vetting C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件下一次的資安大威脅—量子時代的來臨 https://blog.twnic.net.tw/2019/05/31/3818/ 近一半的組織網路安全技術人才短缺,該怎麼辦 https://blog.trendmicro.com.tw/?p=60080 資安最大的風險是人 https://view.ctee.com.tw/technology/10222.html 從0開始成為一名黑客，必須學習C語言 https://read01.com/ezn6jRm.html#.XPh3e1wzbIU 14歲自學當駭客薛澄溱18歲當上產品經理 https://www.gvm.com.tw/article.html?id=66511 新的研究顯示網路犯罪可能被廣泛漏報——即使法律要求揭露 http://www.businesswirechina.com/hk/news/40776.html 【網站遭駭情勢日益惡化，助長利用外洩帳號密碼而成的自動化攻擊】帳號填充攻擊乘勢而起 https://www.ithome.com.tw/news/131019 【網站應用程式要防堵帳號填充攻擊，市面上已有解決方案可選】剖析因應帳號填充攻擊的3種可行做法 https://www.ithome.com.tw/news/131020 在演算法殺人之前，或許我們該先殺死它們 https://www.techbang.com/posts/70400-before-the-algorithm-kills-maybe-we-should-kill-them-first ENIAC 背後的女性程式設計師 https://talk.womany.net/t/topic/12067 替人類減少網路中毒的痛苦！非營利組織Quad9要成為全球的資安防護罩 http://bit.ly/2ERpomU 維安進化...防諜變防駭 http://udndata.com/ndapp/udntag/finance/Article?origid=9332667 Google與美2所大學研究資安防護措施，舉手之勞就能保護帳號安全 http://bit.ly/2wAxpYR 關貿 5月攔截13萬次網攻 http://bit.ly/2EPgLZY 維州審計長扮駭客侵入醫院IT系統 http://www.epochtimes.com/b5/19/6/3/n11296725.htm 這位媽媽打開嬰兒監視器,看到的卻是別人的小孩 https://blog.trendmicro.com.tw/?p=60627 在暗網世界裡，駭客可能用AI再重新創造了一個「你」 https://www.techbang.com/posts/70407-in-the-dark-web-world-hackers-may-have-re-created-a-you-with-ai 黑客鑽漏洞牟利880萬 https://news.sina.com.tw/article/20190601/31488194.html 盜幣880萬元，廣東警方打掉一盜取遊戲幣的黑客團伙 https://news.sina.com.tw/article/20190602/31496554.html 澳洲國家大學遭黑客入侵　多達19年敏感資料被盜 https://hk.on.cc/hk/bkn/cnt/aeanews/20190604/bkn-20190604113454077-0604_00912_001.html 英超李斯特城官方網店遭入侵顧客信用卡重要資料被盜 https://unwire.hk/2019/06/01/leicester-city-fc-hacked-credit-card-data/tech-secure/ 網路設備異常桃機國境大隊啟動備援 http://bit.ly/2HRMyLM Google、微軟、蘋果、WhatsApp等組織，公開反對英國情報機構提出的竊聽加密通訊計畫 https://ithome.com.tw/news/131008 美駐荷大使：荷蘭應全面禁用華為5G設備 https://ec.ltn.com.tw/article/breakingnews/2813809 中共疑為侵入澳洲國立大學電腦網絡黑手 http://www.epochtimes.com/b5/19/6/6/n11304148.htm 美國國土安全部跟國務院官員參加資安對話 https://www.ptt.cc/bbs/HatePolitics/M.1559210037.A.D5B.html 美國務卿訪歐放話：美國不與使用華為的國家共享情報 https://news.ltn.com.tw/news/world/breakingnews/2808679 若歐洲封殺中電信設備 5G建置額外成本恐破兆 https://ec.ltn.com.tw/article/breakingnews/2815494 香格里拉安全對話美再批華為與中共掛勾 https://www.taiwannews.com.tw/ch/news/3715828 中國操縱歐洲5G設備測試以掩護華為打擊對手 https://ec.ltn.com.tw/article/breakingnews/2809859 尷尬！BBC英國首次5G直播使用華為設備 http://bit.ly/2ZcTUPW 英情報機構：華為劣質安全性令人不放心 http://www.epochtimes.com/b5/19/6/3/n11296465.htm 日全面禁華為5G！樂天移動與NEC打造5G網路 http://bit.ly/2JZKtj9 華為和中共政權的真實關係 https://www.ntdtv.com/b5/2019/06/01/a102591392.html 淨灘撿瓶中信寫「國家機密」疑中國海漂到台灣 http://bit.ly/2QHEO1F 紐約科技研討會嘉賓談及中共網絡封鎖 http://www.epochtimes.com/b5/19/6/4/n11298976.htm Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services http://bit.ly/2MBz5My Despite disclosure laws, cybercrime may be widely underreported http://bit.ly/2K0ja8m Cybercrime in a post-Brexit era: Will hackers exploit our political turmoil http://bit.ly/2ETr4fy Big tech surveillance could damage democracy http://bit.ly/2Wbwhp3 BoxHosting Online Hosting: Lifetime Subscription http://bit.ly/2MyHFLV Huawei: China's State Hackers 'Rigging 5G Tests' Against Nokia And Ericsson http://bit.ly/312maGz Trends in Cybersecurity to Watch https://medium.com/rohits-perspectives/trends-in-cybersecurity-to-watch-64637ed08bdd NATO promises to be ready for cyber attacks https://www.cybersecurityjobsite.com/article/nato-promises-to-be-ready-for-cyber-attacks/ 5 reasons your organization needs to adopt a zero trust security architecture http://bit.ly/2EPtv2F SUPRA Smart TV Flaw Lets Attackers Hijack Screens With Any Video http://bit.ly/2W8Z7q1 A Manifesto for Great Security https://www.symantec.com/blogs/expert-perspectives/manifesto-great-security Why You Should Wait to Download Your NLE’s Beta Release http://bit.ly/2HTZCAo ‘All we know is MONEY!’: US cities struggle to fight hackers http://bit.ly/2ZaxZJd UK’s Sophos Buys US’s Rook Security, a Managed Services and SIEM Provider http://bit.ly/2KzU6oe A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals https://gbhackers.com/hacking-tools-list/?fbclid=IwAR2pvF-25IfGdsEbI4wAwb0FQD0u7BeSB4hE_du_QrGSCgszySBcCJNRIOg Failure to patch is leaving business open to attack http://bit.ly/2XvoKCM US to demand five years of your social media, email account info in visa application https://zd.net/2K3kuYk Hong Kong, Singapore to Cooperate on Cybersecurity https://www.bankinfosecurity.asia/hong-kong-singapore-to-cooperate-on-cybersecurity-a-12549 New Iranian hacking tool leaked on Telegram https://www.zdnet.com/article/new-iranian-hacking-tool-leaked-on-telegram/#ftag=RSSbaffb68 China’s War on Dissidents Spreads Online https://onezero.medium.com/chinas-war-on-dissidents-spreads-online-9bb3f2d4ff7a Does China's route to infrastructure control run through Iceland's data centers https://www.zdnet.com/article/does-chinas-route-to-infrastructure-control-run-through-icelands-data-centers/#ftag=RSSbaffb68 The best beach reads for hackers in 2019 https://www.zdnet.com/pictures/the-best-2019-beach-reads-for-hackers-in-pictures/#ftag=RSSbaffb68 Firefox Web Browser Now Blocks Third-Party Tracking Cookies By Default http://bit.ly/2Xx01y0 National Cyber Security Strategy To Hit Just 1 of 12 Outcomes by 2021 http://bit.ly/2WjWtxM Malboard: Hackers can now pose as victims through their keyboards https://zd.net/2Mw1lQQ Enterprise under attack: Dark web cyber criminals sell hacking tools aimed at business https://zd.net/2KxgM8E Large European Routing Leak Sends Traffic Through China Telecom http://bit.ly/2Ikj73S 資通所108年第一次聯合專案人力進用-20.技術類-資安 https://www.104.com.tw/job/6mpx9 網路資安工程師-新竹 https://www.104.com.tw/job/5ylir 資訊安全高級工程師/工程師 https://www.104.com.tw/job/5rsb0 Python Web Engineer(研發替代役可) https://www.104.com.tw/job/5wif9 法遵/ 法務人員 https://www.104.com.tw/job/6ezpe 資安維運工程師 https://www.104.com.tw/job/6mrm3 工研院資訊處_資訊工程師G4 https://www.104.com.tw/job/6ms39 【資安】資深資安管理專業人員 https://www.104.com.tw/job/67b9e I3601 資訊安全資深工程師(板橋) https://www.104.com.tw/job/6dd4o 電子支付 Linux/Android APP 軟體工程師_研發中心(高雄) https://www.104.com.tw/job/6mwhw 電子支付 Android BSP / Linux Embedded OS 軟體工程師_研發中心(台中) https://www.104.com.tw/job/6mwht 資訊安全主管/Leader https://www.104.com.tw/job/6mvtu 資安顧問/專案經理 (華亞科技園區) https://www.104.com.tw/job/6my44 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞蘋果保護隱私出大招：虛擬信箱幫使用者登錄第三方應用服務 http://bit.ly/2MqUlEL 東京奧運假冒網站多買飛要小心！中旅社下周四前公布香港購票詳情 http://bit.ly/2wzGL7k 駭客入侵？櫃姐買千元保養品慘被騙24萬元 https://news.ltn.com.tw/news/society/breakingnews/2809832 做貼圖綁跨國支付平台！　女控遭盜刷「52萬」 https://news.tvbs.com.tw/life/1141607 維擇科技CEO：欺詐攻擊正從互聯網行業向傳統行業延伸 https://news.sina.com.tw/article/20190602/31494884.html 失婚婦網交「大陸工程師」17萬差點送人 https://www.chinatimes.com/realtimenews/20190530003318-260402?chdtv 要救美國上校！50歲單身婦談網戀昏頭百萬積蓄差點飛了 https://news.ltn.com.tw/news/society/breakingnews/2807134 先殺價！逢甲商圈詐騙檔付千鈔偷收回誆騙找錢 https://news.ebc.net.tw/News/society/165957 防點數詐騙　「不多管閒事」成通報漏洞 https://news.tvbs.com.tw/life/1143524 「分心術」盜銀行卡取走錢財男女嫌犯被追緝 http://www.epochtimes.com/b5/19/6/4/n11300664.htm 網徵打字員「轉財務」　學生誤信幫匯款觸法 https://news.tvbs.com.tw/local/1143089?fbclid=IwAR226kAf-i5H0cgwiYffAdcSTYqtcojphMTt4gYyK5BK43FcUUdYW28FR6Y 假簡訊「亂槍打鳥、願者上鉤」桃警偵破詐騙集團 https://news.ltn.com.tw/news/society/breakingnews/2811504 研究人員再發現未保護的資料庫叢集，中國獵人頭公司資料全都露 https://www.ithome.com.tw/news/131081?fbclid=IwAR3pW2crIzB9M-RSiy58otmiQ6Da4jGtZtC-OJJj-tYPjFj4D2XcKfZ4ITc 「別打了」臉書詐騙盜電話狂接客訴抓嘸人 http://bit.ly/2Wr0lSC 美國討債公司AMCA資料外洩，危及眾多醫療院所病患個資 https://www.ithome.com.tw/news/131139 國泰外洩940萬乘客個人資料　私隱專員批違規及管理掉以輕心 http://www.passiontimes.hk/article/06-06-2019/53461 釣魚電郵專攻焦慮心理 Google 是非題教你分詐騙破綻 http://bit.ly/2Zcdqfe 澳洲國立大學20萬筆個資遭竊爆中國吸收間諜隱憂 https://news.ltn.com.tw/news/world/breakingnews/2814875 Detecting Breaches in Real Time https://www.bankinfosecurity.asia/detecting-breaches-in-real-time-a-12571 This is how hackers make money from your stolen medical data https://www.zdnet.com/article/this-is-how-hackers-make-money-from-your-stolen-medical-data/#ftag=RSSbaffb68 Credder: Fighting the scourge of online fake news https://www.zdnet.com/article/credder-fighting-the-scourge-of-online-fake-news/#ftag=RSSbaffb68 ISPs must now ask for permission before selling your data, Maine rules https://www.zdnet.com/article/isps-must-now-ask-for-permission-before-selling-your-data-maine-rules/#ftag=RSSbaffb68 One of New York’s largest nonprofits suffers data breach https://www.zdnet.com/article/one-of-new-yorks-largest-nonprofits-suffers-data-breach/#ftag=RSSbaffb68 Fake news writer: If people are stupid enough to believe this stuff https://nakedsecurity.sophos.com/2019/06/03/fake-news-writer-if-people-are-stupid-enough-to-believe-this-stuff/ Citrix Sued For Not Securing Employee Info Before Data Breach http://bit.ly/2WHSI9n Phishing attacks that bypass 2-factor authentication are now easier to execute http://bit.ly/2HW1cBO Billing Details for 11.9M Quest Diagnostics Clients Exposed http://bit.ly/2wMlqaV Podcast: Behind-the-Scenes Look at Scattered Canary BEC Cybergang http://bit.ly/2WLtKWJ Phishing Kits Add More Vulnerabilities to Hacked Servers http://bit.ly/2Il0RHF E.研究報告 Windows RDP 服務高危漏洞分析（CVE-2019-0708） https://paper.seebug.org/937/ Linux 內核SCTP 協議漏洞分析與復現（CVE-2019-8956） https://paper.seebug.org/938/ Windows 10 Task Scheduler服務DLL注入漏洞分析 https://xz.aliyun.com/t/5286 MS08-067漏洞原理及詳盡分析過程 https://www.freebuf.com/vuls/203881.html POC已公開！RDP遠程代碼執行漏洞被利用引發藍屏 https://www.weibo.com/ttarticle/p/show?id=2309404378115299216997 CVE-2019-9510：攻擊者利用RDP 0 day漏洞可繞過鎖屏 https://www.4hou.com/vulnerable/18422.html CVE-2017-11176 一步一步linux内核漏洞利用 (二)(阻塞) https://xz.aliyun.com/t/5319 詳細分析Pwn2Own 2019上曝出的Edge的Canvas 2D API漏洞（CVE-2019-0940）利用 https://www.4hou.com/vulnerable/18321.html CVE-2019-0697：通過DHCP漏洞發現其餘兩個關鍵漏洞 https://xz.aliyun.com/t/5308 一次攻防實戰演習复盤總結 https://bithack.io/forum/265?fbclid=IwAR132FXzqAZaBsQzb0p6uEeo6HXdCtt456goRzNzrfdEbuvzOz57qVV-q9M 「白帽挖洞技能提升」ThinkPHP5 遠程代碼執行漏洞-動態分析 https://read01.com/KDE0eE4.html 2019年上半年數據庫漏洞安全威脅報告 https://www.anquanke.com/post/id/179853 BlackSquid惡意軟件分析：利用8個臭名昭著的漏洞攻擊服務器，並投放挖礦惡意軟件 https://www.4hou.com/malware/18408.html Apache struts2漏洞又來了這一次如何機智地與中國黑客界的半壁江山賽跑 https://www.aspxmuma.com/aspmumahoumen/5207.html Bitdefender An APT Blueprint:Gaining New Visibility into Financial Threat http://bit.ly/2WDmX1x Improper App Check Revives the Synthetic Clicks Issue in macOS Mojave http://bit.ly/2IfIkN2 Kubolt : Utility For Scanning Public Kubernetes Clusters https://kalilinuxtutorials.com/kubolt/?fbclid=IwAR1xR9i72r-4V6VIORTKAwigeVpIRz5L8dTdNCqqKDqA7WlkftJcgJYHoyI Analysis of CVE-2019-0708 (BlueKeep) https://www.malwaretech.com/2019/05/analysis-of-cve-2019-0708-bluekeep.html HOW TO Tactical Nmap for Beginner Network Reconnaissance https://null-byte.wonderhowto.com/how-to/tactical-nmap-for-beginner-network-reconnaissance-0189856/ Seccubus v2.51.1 releases: automated vulnerability scanning, reporting and analysis https://securityonline.info/seccubus-vulnerability-scanning-reporting-analysis/ Shellcode: Loading .NET Assemblies From Memory http://bit.ly/2XFMOCU flare-vm v2.2.20 releases: Windows-based security distribution for malware analysis, incident response, penetration testing http://bit.ly/2Mn6pH5 Windows-Based Exploitation —VulnServer TRUN Command Buffer Overflow http://bit.ly/2JRXz1N Percona herds the open source cats https://www.zdnet.com/article/percona-herds-the-open-source-cats/#ftag=RSSbaffb68 Windows 10 - Task Scheduler service - Privilege Escalation/Persistence through DLL planting http://bit.ly/2YXJvHA Using Firepower to defend against encrypted RDP attacks like BlueKeep https://blog.talosintelligence.com/2019/05/firepower-encrypted-rdp-detection.html Someone slipped a vuln into crypto-wallets via an NPM package http://bit.ly/2Z7lzl2 Realtek SDK Exploits on the Rise from Egypt https://www.netscout.com/blog/asert/realtek-sdk-exploits-rise-egypt Mr. Coffee with WeMo: Double Roast https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mr-coffee-with-wemo-double-roast/ The time I was hacked by Mr. Sh https://medium.com/@collinalexbell/the-time-i-has-hacked-by-mr-sh-583db12b7d8f Detecting and Analyzing Microsoft Office Online Video https://blog.nviso.be/2019/05/29/detecting-and-analyzing-microsoft-office-online-video/ googleprojectzero/halfempty http://bit.ly/2XifRfP PcapXray v2.5 - A Network Forensics Tool To Visualize A Packet Capture Offline As A Network Diagram http://bit.ly/2KrOQmt Summary of Iranian Advanced Persistent Threat (APT) 34 https://medium.com/@JordiScrubbings/summary-of-iranian-advanced-persistent-team-apt-34-7624d213d20e MetaSploit Module Created for BlueKeep Flaw, Private for Now http://bit.ly/2EUkc1x Threat Intelligence Hunter - An Open source project for threat hunting and Information gathering http://bit.ly/2WMAXWK Website Penetration testing: Information gathering http://bit.ly/2IjUmFf Windows 10 - Task Scheduler service - Privilege Escalation/Persistence through DLL planting http://bit.ly/2Iik6lp Planning a Red Team exercise http://bit.ly/2JXlQDI Modern Internet Standards provide for more reliability and further growth of the Internet. https://www.internet.nl/?fbclid=IwAR1wJwSChJbDCSE6hzDwZsBelXx2c5hWFsIcCRXWFNno66I06u9FxfsD1rw Vim/Neovim Arbitrary Code Execution via Modelines http://bit.ly/2wCSIcb Why does macOS Catalina use Zsh instead of Bash? Licensing http://bit.ly/2QSvhF9 BlueKeep ‘Mega-Worm’ Looms as Fresh PoC Shows Full System Takeover http://bit.ly/2HXGgdq owasp-masvs http://bit.ly/2WLJ5qh gyoisamurai/GyoiThon GyoiThon: Next generation penetration test tool https://github.com/gyoisamurai/GyoiThon?fbclid=IwAR27UNsubLroS-hRj14QpWB-wFkmXVgUVkMjX5JWDis3Ee3JeC6-5-XYyLs Finshir : A Coroutines-Driven Low & Slow Traffic Sender https://kalilinuxtutorials.com/finshir/?fbclid=IwAR1iZ9pS8RBWyiRVm9Bvd94esnXh_K3N-uQcTEVAVZL2Cfh38YptYeYGzE8 Facebash : Facebook Brute Forcer In Shellscript Using TOR http://bit.ly/2KAFsgj Metabigor : Command Line Search Engines Without Any API Key http://bit.ly/2K1Jpvd How To Recover/Reset Forgotten MySQL/MariaDB root User Password On Linux http://bit.ly/2HZN9ep Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities http://bit.ly/2Wr7T2U New GoldBrute Botnet is Trying to Hack 1.5 Million RDP Servers http://bit.ly/2wGlVDd How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code http://bit.ly/2Intx2S VTHunting : A Tiny Script Used to Generate Report About Virus Total Hunting http://bit.ly/31hWNRp A botnet is brute-forcing over 1.5 million RDP servers all over the world https://zd.net/2K1Fr5N Hackers Can Now Bypass Two-Factor Authentication With a New Kind of Phishing Scam http://bit.ly/2IqrgEd PcapXray : Tool To Visualize A Packet Capture Offline https://kalilinuxtutorials.com/pcapxray/?fbclid=IwAR3cu2HCB7BnO-qXrzE11K15NyFlWYasDDMqRvuUJcVdXLKC-_FJu96kye4 Microsoft Warns Against Bypassing Office 365 Spam Filters http://bit.ly/2wR1cNf There's a reason why my cat doesn't need two-factor authentication http://bit.ly/31k4wOX F.商業 Palo Alto買下二家專攻新興技術的資安公司 https://ithome.com.tw/news/130997 新方法帶來機會與挑戰　分散式運算管理有路可循嫻熟微服務架構運作　方能建構可靠安全系統 https://www.netadmin.com.tw/article_content.aspx?sn=1905290002 趨勢攜四家資安教育機構強化企業資安 https://udn.com/news/story/7253/3849756 瞄準企業數位轉型商機精誠花0.9億取得藍新資訊3成股權 https://ec.ltn.com.tw/article/breakingnews/2810941 Google、FB當心了！Apple推出「快速登入」服務不但方便還很安全 http://bit.ly/2ESvy6q 隱私安全！火狐預設強化追蹤保護功能 http://bit.ly/31cz7Om ESET多層防禦技術有效阻擋駭客攻擊與威脅 https://www.eset.hk/html/86/eset-multi-layer-defense-technology/ IBM雲端平臺不惜砍掉重練，改用K8s打造現代化新架構 https://www.ithome.com.tw/people/131015 Imperva to acquire bot management provider Distil Networks https://www.zdnet.com/article/imperva-to-acquire-bot-management-provider-distil-networks/#ftag=RSSbaffb68 Equinix adds network functions virtualization to its platform, launches Network Edge https://www.zdnet.com/article/equinix-adds-network-functions-virtualization-to-its-platform-launches-network-edge/#ftag=RSSbaffb68 Red Hat Enterprise Linux 7.7 beta is now available https://www.zdnet.com/article/red-hat-enterprise-linux-7-7-beta-is-now-available/#ftag=RSSbaffb68 Firefox Web Browser Now Blocks Third-Party Tracking Cookies By Default http://bit.ly/2IsyE1A G.政府台灣早已禁用華為！唐鳳：當時沒有其他國家這樣做，我們在國際上具有一定資安話語權 https://buzzorange.com/techorange/2019/05/31/huawei-in-tw/ 電信管理法完成立法 5G可共網共頻 https://udn.com/news/story/7238/3846040 「電信管理法」三讀通過電信執照制改為登記制 https://www.chinatimes.com/realtimenews/20190531003831-260410?chdtv 電信管理法過關 NCC:加速5G建設與更新 https://m.ltn.com.tw/news/life/breakingnews/2808670 國防產業發展條例創廠商分類分級學者憂誰來評鑑 https://udn.com/news/story/10930/3848238 中鋼去華為元素多管齊下 https://money.udn.com/money/story/5612/3849331 更新之資通安全專業證照清單及資通安全專業證照認可審查作業流程 https://nicst.ey.gov.tw/Page/D94EC6EDE9B10E15/f23692a6-de81-4ca8-a49d-e4cf78aa9bee 端午連假將至金管會要求各保險公司服務不中斷 https://ec.ltn.com.tw/article/breakingnews/2812884 政府擴大辦理關鍵基礎設施演習桌上推演本週展開 https://m.ltn.com.tw/news/politics/breakingnews/2814301 H.SCADA/ICS/工控系統工廠資安事件頻傳你的工業控制系統夠安全嗎 https://www.ctimes.com.tw/DispArt/tw/19060314000N.shtml Schneider Electric AVEVA Vijeo Citect和Schneider Electric AVEVA CitectSCADA不安全憑證存儲漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10981 I.教育訓練擁抱開源：企業應如何善用開源技術，才能得其利而防其弊 http://bit.ly/2HOyLpa 會員系統用Session還是Cookie? 你知道其實他們常常混在一起嗎 https://progressbar.tw/posts/92?fbclid=IwAR1VpPrre8pVRRvHYvs99uDT6icprh7Lo9oIKAEXHBvej-R84jDMtE6qPd0 如何蒐集威脅情資，又該如何分析與運用 https://ithome.com.tw/pr/131006 業務邏輯漏洞安全檢查checklist http://www.lonelyor.org/lonelyorWiki/15596178265897.html web安全之文件上傳漏洞 https://blog.csdn.net/xlsj228/article/details/90756195 【台灣股市資訊網】Post爬蟲大公開-附【 Python程式碼】 http://bit.ly/2Wnr8Pv 讓股票小秘書教您大掃【千】支股票 — 附贈【Python程式碼】範例 http://bit.ly/2QRJq5C 108資安--安裝ubuntu server 18.04 http://itopnet.blogspot.com/2019/06/108-ubuntu-server-1804.html 黑客工具| hydra暴力破解&Violence cracking web site https://www.cmm.wiki/video/WHtq_5eZ4Ds/zhzy-m.html How to Find Out Who is Using a File in Linux http://bit.ly/2wvMA5p Introduction to HTML -Part 1 http://bit.ly/2JXRWPZ Process and Communication in Operating Systems http://bit.ly/2WjwMlN How a Quantum Computer Could Break 2048-Bit RSA Encryption in 8 Hours http://bit.ly/2QN3ndG How In-House Forensic Capabilities Help Detect Vulnerabilities https://www.bankinfosecurity.asia/how-in-house-forensic-capabilities-help-detect-vulnerabilities-a-12572 CompTIA Certification Training — Get Online Courses @ 95% OFF http://bit.ly/2KyN3wc Introduction to Shell Scripting http://bit.ly/2F8H2CX J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識倫敦直擊：智能家電易遭黑客監控　業界表擔憂 https://hk.on.cc/hk/bkn/cnt/aeanews/20190602/bkn-20190602060344662-0602_00912_001.html 人工智慧落地產業應用　基礎架構攸關專案成敗截AI優勢補企業競爭力　專用硬體發揮時效價值 https://www.netadmin.com.tw/article_content.aspx?sn=1905290001 製造業資安受關注軟硬整合提升資安強度 http://www.tca.org.tw/tca_news1.php?n=1400 英國打造5G智慧工廠第四次工業革命來了 https://udn.com/news/story/6843/3851532 COMPUTEX聚焦智慧製造共論5大人物時代資安主題 http://www.ctimes.com.tw/DispNews/tw/1905311147VP.shtml 三總AI判讀心電圖準度九成及時搶救心跳太慢的他 https://udn.com/news/story/7266/3851868?from=udn-ch1_breaknews-1-cate9-news 台積電導入 NEC 人臉辨識系統，訪客「刷臉」就可開卡進入廠房 https://buzzorange.com/techorange/2019/06/05/nec-face-recognition-in-tsmc/ 微軟大舉進攻物聯網，攜手台灣資通訊夥伴展示成果 https://technews.tw/2019/06/06/microsogt-iot-in-actionlinc-showcase-computex/ AI 機器人害我投資賠錢，我能告他嗎 http://bit.ly/31jasHY 家庭物聯存風險安全意識最重要 https://www.hkcert.org/my_url/zh/blog/19060201 Training a single AI model can emit as much carbon as five cars in their lifetimes http://bit.ly/2Xyx8Bx The Internet of Things enables a floating city of pleasure... and a vision of hell https://www.zdnet.com/article/the-internet-of-things-enables-a-floating-city-of-pleasure-and-a-vision-of-hell/#ftag=RSSbaffb68 Managing IoT Device Risks https://www.bankinfosecurity.asia/managing-iot-device-risks-a-12564 DARPA Challenge: Underground war robots https://www.zdnet.com/article/darpa-challenge-underground-war-robots/#ftag=RSSbaffb68 Using machine learning to solve your dark data nightmare https://www.zdnet.com/article/using-machine-learning-to-solve-your-dark-data-nightmare/#ftag=RSSbaffb68 6.近期資安活動及研討會 JCConf Taiwan 2019 Call for Proposals 6/1 ~ 6/30 https://twjug.kktix.cc/events/jcconf-2019-cfp?fbclid=IwAR2-Lry33FOVuXXStfSqUWlAJI25SeFgK9Q1XY6e4zJLEKvYrSkmlvv6Waw 突破困境：資安開源工具之應用分享 6/8 https://tfc.kktix.cc/events/nomoney-infosec 科技大擂台「AI資安攻防戰」決賽 6/9 https://www.huashan1914.com/w/huashan1914/exhibition_19060415062728776 Cypherpunks Taiwan 密碼龐克（5）- 區塊鏈存在證明與抗審查性 & 零知識證明 6/11 https://www.facebook.com/events/2371184796499787/ [研討會]2019 TANet資安聯防與大數據分析管理研討會 108年6月12日(三) https://reurl.cc/6xXkd 國家高速網路與計算中心教育訓練-源碼檢測實作 6/13 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3828&from_course_list_url=homepage HackingThursday 固定聚會 6/13 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbrb/ React Hooks 實戰會議室 ─ 前端工程師的潮流技能不私藏 6/14 https://www.facebook.com/events/447646755985628/ 【課程】Julia 資料科學實作，2019年強勢來襲的科學計算語言，集Python、C++、R 各家特色於一身 6/15 https://www.techbang.com/posts/70251-course-julia-data-science-practice 國立交通大學亥客書院 - 密碼系統之漏洞、修補與檢測 6/15 https://hackercollege.nctu.edu.tw/?p=1039 The Artificial Intelligence Conference 6/18 https://www.facebook.com/events/278255853036175/?event_time_id=360038254857934 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/ HackingThursday 固定聚會 6/20 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbbc/ 國家高速網路與計算中心教育訓練-資安健診 6/20 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3832&from_course_list_url=homepage JSDC台中小聚 - UX 體驗分享計畫 6/21 https://jsdc-tw.kktix.cc/events/53548f33?fbclid=IwAR3CybQML6FGnMQ_IE9dfRYFJUHWm4Knl8kJBHQ9vn_Coz2KOQW1xk_joJs Edvance Beacon 2019 6/21 https://docs.google.com/forms/d/e/1FAIpQLSe70uw8Pi862IkL_rQXDJhzd7QnGXiuhcWwttOEN2BZwUbyMw/viewform CCNS 定期聚 — 當 Python 遇上 JIT / PyPy 淺談 6/23 https://ccns.kktix.cc/events/ccns-pypy-talk?fbclid=IwAR1wa3cZuyNZQv-pGo5Eh3u5uik69nLY1t-sXb2R6wTd9HsrMBw02ybbkJw 資安前哨站-獵殺封包 6/26 https://www.it360.com.tw/live-detail.aspx?id=iT36000000000348 HackingThursday 固定聚會 6/27 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/ HackingThursday 固定聚會 7/4 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/ 2019 車用電子與車聯網資安種子教師研習營 7/4 ~ 7/5 http://www.kghs.kh.edu.tw/notice/11734 2019國際資訊安全組織台灣高峰會 7/9 ~ 7/11 https://csa.kktix.cc/events/2019con Secure Summit APAC 2019 安全峰會 6 大領域提升資安水平 7/10 ~ 7/11 http://bit.ly/2WbONh5 工業局補助網路安全檢測教育訓練 7/10 ~ 7/12 https://www.accupass.com/event/1904080311551119077841 HackingThursday 固定聚會 7/11 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/ HackingThursday 固定聚會 7/18 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/ HackingThursday 固定聚會 7/25 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/ 新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站 7/26 https://ievents.iii.org.tw/eventS.aspx?t=0&id=547 CDX2.0推廣活動 - 台南場次 7/26 https://nchc-cdx.kktix.cc/events/cdxactivity-0726 資安事故處理實務課程 8/7 ~ 8/8 http://bit.ly/2VW0Lv9 DEF CON 27 2019/8/8–8/11 https://www.defcon.org/ 數位鑑識處理實務 8/14 ~ 8/15 http://bit.ly/2VW0Lv9 WEB應用滲透測試 8/21 ~ 8/23 https://www.accupass.com/event/1904080221358963463590 台灣駭客年會 HITCON Community 2019 2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8) https://www.accupass.com/event/1906040921594609934250 資安法規與制度研析課程－108年度「資安人才培訓及國際推展計畫－資安專業人才培育深化課程」 8/29 ~ 8/30 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw== 108年資安職能訓練-行動裝置安全(8/29-8/30) https://cee.ksu.edu.tw/recruitinfo/1443.html CDX2.0推廣活動 - 台北場次 9/10 https://nchc-cdx.kktix.cc/events/cdxactivity-0910 TANET 2019 - 臺灣網際網路研討會 9/25 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310 HITB+ CYBER WEEK 2019/10/12 ~17 https://d2p.hitb.org/?fbclid=IwAR2gU17bz0Y7TH8THIIskIX1vziWBpMY152mJiwk7AAeVS752f_eNcZ0NzU Splunk .conf 19 10/21 ~ 10/24 https://conf.splunk.com/ AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22 https://ittraining.kktix.cc/events/aiot-training-2019 Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019 https://www.icscybersecurityconference.com