資安事件新聞週報 2019/7/1 ~ 2019/7/5

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/7/1 ~ 2019/7/5 1.重大弱點漏洞/後門/Exploit/Zero Day PlayStation Network 存在安全性漏洞，駭客可繞過驗證盜刷信用卡 https://www.kocpc.com.tw/archives/267793 Palo Alto PAN-OS 阻斷攻擊漏洞 https://securityadvisories.paloaltonetworks.com/Home/Detail/151 Ubuntu 內核阻斷攻擊漏洞 https://www.auscert.org.au/bulletins/ESB-2019.2378/ Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit) https://www.exploit-db.com/exploits/47073 Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit) https://www.exploit-db.com/exploits/47039 Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution https://www.exploit-db.com/exploits/47033 Symantec DLP 15.5 MP1 - Cross-Site Scripting https://www.exploit-db.com/exploits/47071 McAfee ePolicy Orchestrator 多個漏洞 http://bit.ly/2JhMfLb IBM InfoSphere Information Server 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4371 IBM WebSphere Application Server 資料洩露漏洞 https://nvd.nist.gov/vuln/detail/CVE-2019-4269 IBM WebSphere Application Server 阻斷攻擊漏洞 https://www-01.ibm.com/support/docview.wss?uid=ibm10875692 IBM Patches Critical, High-Severity Flaws in Spectrum Protect https://threatpost.com/ibm-patches-critical-high-severity-flaws-in-spectrum-protect/146201/ Multiple Vulnerabilities Spotted In Lenovo Server Infrastructure https://latesthackingnews.com/2019/07/03/multiple-vulnerabilities-spotted-in-lenovo-server-infrastructure US Cyber Command Warns of Outlook Vulnerability Exploits https://www.bankinfosecurity.com/us-cyber-command-warns-outlook-vulnerability-exploits-a-12718 Thousands Left Vulnerable in Nexus Repository https://www.infosecurity-magazine.com/news/thousands-left-vulnerable-in-nexus/ 多款F5產品安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6642 思科產品多個漏洞 https://www.us-cert.gov/ncas/current-activity/2019/07/03/cisco-releases-security-updates-multiple-products AMD霄龍安全加密虛擬化曝漏洞：已修復 https://read01.com/d0223oK.html#.XRnNHegzbIU Excel遭爆含安全漏洞 https://www.ithome.com.tw/news/131532 Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer https://blog.talosintelligence.com/2019/07/vulnerability-spotlight-SDL-PCX-RCE-vulnerabilities-july-19.html Vulnerability Spotlight: Google V8 Array.prototype memory corruption vulnerability https://blog.talosintelligence.com/2019/07/vulnerability-spotlight-Google-V8-June-19.html Firefox finally fixes the problems with antivirus apps crashing HTTPS websites https://www.zdnet.com/article/firefox-finally-fixes-the-problems-with-antivirus-apps-crashing-https-websites/#ftag=RSSbaffb68 Mimecast Threat Center discovered a weakness in the Microsoft Excel tool that allows embedding malicious payloads remotely https://www.mimecast.com/blog/2019/06/exploit-using-microsoft-excel-power-query-for-remote-dde-execution-discovered/ Account Takeover Vulnerability Found in Popular EA Games Origin Platform https://thehackernews.com/2019/06/ea-origin-game-hacking.html Bulgarian IT expert arrested after demoing vulnerability in kindergarten software https://www.zdnet.com/article/bulgarian-it-expert-arrested-after-demoing-vulnerability-in-kindergarten-software/#ftag=RSSbaffb68 Third-Party Risk Management: Asking the Right Questions https://www.bankinfosecurity.com/interviews/third-party-risk-management-asking-right-questions-i-4368 New attack campaign targets vulnerable WordPress sites to alter their titles https://cyware.com/news/new-attack-campaign-targets-vulnerable-wordpress-sites-to-alter-their-titles-a4db6036 postgresql CVE-2019-10164 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10164 Huawei Mate 20 X 路徑遍歷漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5221 多款Qualcomm產品緩衝區錯誤漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2238 qemu CVE-2019-12928 CVE-2019-12929 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12928 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12929 pivotal spring security CVE-2019-11272 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11272 Cisco Data Center Network Manager CVE-2019-1619 CVE-2019-1620 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1619 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1620 Bulgarian IT expert arrested after demoing vulnerability in kindergarten software https://www.zdnet.com/article/bulgarian-it-expert-arrested-after-demoing-vulnerability-in-kindergarten-software/ With new feature update calendar, Microsoft finally settles on a sensible Windows 10 release schedule https://zd.net/2Jtjrhm New Windows 10 20H1 test build adds new notification-settings options https://www.zdnet.com/article/new-windows-10-20h1-test-build-adds-new-notification-settings-options/#ftag=RSSbaffb68 17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device https://thehackernews.com/2019/07/firefox-same-origin-policy-hacking.html Thousands Left Vulnerable in Nexus Repository https://www.infosecurity-magazine.com/news/thousands-left-vulnerable-in-nexus/ Microsoft Exchange 2003 - base64-MIME Remote Code Execution https://www.exploit-db.com/exploits/47076 Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell) https://www.exploit-db.com/exploits/46998 Tor Project to fix bug used for DDoS attacks on Onion sites for years https://www.zdnet.com/article/tor-project-to-fix-bug-used-for-ddos-attacks-on-onion-sites-for-years/#ftag=RSSbaffb68 2.銀行/金融/保險/證券/支付系統/ 新聞及資安五家銀行「大到不能倒」合庫銀落在邊緣第六名 https://www.cmmedia.com.tw/home/articles/16282 銀行資料上雲端哪些新規定？實地查核怎麼做？金管會雲端委外8大重點一次看 https://www.ithome.com.tw/news/131678 純網銀作領頭羊！樂天引進科技生態系統 http://bit.ly/2J0z4Os 國際假卡黨再現　路氹酒店等3部ATM機被做手腳 https://hk.on.cc/hk/bkn/cnt/news/20190628/bkn-20190628125056521-0628_00822_001.html 中國大陸券商加急招聘CIO：3個月內10位首席信息官亮相 https://news.sina.com.tw/article/20190629/31796342.html 中國證監會與柬埔寨證券交易委員會簽署《證券期貨監管合作諒解備忘錄》 https://www.finet.hk/newscenter/news_content/5d1702a8bde0b35bf2ad9fe4 中國鼓勵黨政人員「合法炒股」中網友酸：為國捐軀 https://news.ltn.com.tw/news/world/breakingnews/2837128 開放銀行要來了將以「打群架」改變金融生態系 https://news.cnyes.com/news/id/4347954 虛銀招兵買馬迎大戰　恒生前Banker加盟螞蟻銀行 https://hk.finance.appledaily.com/finance/daily/article/20190702/20718303 替北韓洗錢學者：陸3銀行面臨金融死刑 http://bit.ly/2J70QZP 新加坡開放五張數位銀執照提供非銀行企業申請 https://money.udn.com/money/story/5602/3900701 通過壓力測試，美大型銀行擴大回饋股東 https://ww2.money-link.com.tw/RealtimeNews/NewsContent.aspx?sn=3909938001&pu=News_0005_2 美股收紅！投資人關注G20川習會　Fed公布「銀行壓力測試結果」 https://www.ettoday.net/news/20190629/1477884.htm LINE年會／目標成為亞洲第一FinTech平台 https://www.chinatimes.com/realtimenews/20190628001598-260412?chdtv 銀行＋壽險元大金強攻區塊鏈 https://www.chinatimes.com/newspapers/20190627000287-260202?chdtv 開放銀行啟動 13業者上架 https://money.udn.com/money/story/5613/3908504 臺灣開放銀行大進展！首版Open API標準出爐，2大準則5項安控13家銀行先支援 https://www.ithome.com.tw/news/131648 台灣開放API初步成果 13家金融業上架 https://www.chinatimes.com/realtimenews/20190703001715-260410?chdtv 開放API 13家銀行搭頭班車 https://ctee.com.tw/news/finance/113492.html 提款機大盜愛挑德國犯案一年炸毀369台ATM http://bit.ly/2XNtuqW 日本拚消費推無現金交易 https://udn.com/news/story/6811/3908334 表現好反被懲罰？銀行喊苦的新制上路 http://bit.ly/2xwTBn2 國際清算銀行將於新加坡設創新中心 http://bit.ly/2XFYHfF 第一家企金手機OTP服務星展火速上線 https://www.chinatimes.com/realtimenews/20190703004079-260410?chdtv 香港銀行公會指環聯將恢復網上查閱服務 http://www.metroradio.com.hk/News/default.aspx?NewsId=20190705175808 3.電子支付/電子票證/行動支付/ pay/新聞及資安日兩大便利店推自家手機支付　首日系統現故障 http://bit.ly/2JhY6aN 斯洛伐克4家銀行開始提供APPLE PAY行動支付及電子錢包服務 http://bit.ly/2RO5L4s 上海商業儲蓄銀行將於109年1月1日起配合臺灣行動支付(股)公司停止提供「t-wallet行動支付APP」服務。 https://www.scsb.com.tw/content/news/news_080628.jsp TSM行動金融卡服務終止公告 https://wwwfile.megabank.com.tw/other/bulletin08_1.asp?sno=1066 又一手機廠商入局移動支付遲到的OPPO Pay如何搶奪用戶 https://pttnews.cc/c3ed029241 [討論] 無印良品使用行動支付遭拒 https://www.ptt.cc/bbs/MobilePay/M.1561636038.A.3F4.html 央行：一季度網路支付58萬億元 https://news.sina.com.tw/article/20190704/31845834.html 電子支付大鬆綁三大場所開放使用 https://news.cts.com.tw/cts/life/201907/201907031966253.html LINE Pay攜手PAYCO 啟動跨境支付服務 https://www.cna.com.tw/news/afe/201907030255.aspx 日本7-Eleven手機支付新app被駭，近900名用戶損失5500萬日幣 https://www.ithome.com.tw/news/131677 7Pay 一推出即被破　重置密碼存漏洞恐損電子支付形象 http://bit.ly/2Nxwofv Wallet killer: Why Apple Card is the next best thing to getting an RFID implant https://www.zdnet.com/article/apple-card-the-next-best-thing-to-getting-an-rfid-implant/#ftag=RSSbaffb68 4.虛擬貨幣/區塊鍊新聞及資安 LINE加密貨幣交易所在星不會在台推出 https://udn.com/news/story/11316/3898809 拚全球FinTech與資安強國以色列這樣做 https://ec.ltn.com.tw/article/breakingnews/2841103 高盛擬運用區塊鏈技術將資產數碼化 https://www2.hkej.com/instantnews/international/article/2177825 新加坡虛擬通貨交易所Bitrue遭駭客攻擊，損失430萬美元 http://www.bitfunance.com/article/598 交易所 Bitrue 遭駭 1.2 億台幣，官方：用戶損失會獲得 100％退款 https://staging.blocktempo.com/singapore-exchange-bitrue-hacked-for-over-4-million-in-crypto/ STO監理規範出爐！BITPoint Taiwan執行長郭雅寧：BITPoint Taiwan將嘗試取得證券自營商許可證照 http://bit.ly/2RMflVB STO框架出爐後，MaiCoin創辦人劉世偉：將申請證券自營商許可證照，但投資人的投資方式不該只限縮於台幣交易 http://bit.ly/2NqOSy7 全球首創訂 STO 專門規範，金管會法規 10 月出爐 https://finance.technews.tw/2019/06/28/sto-specification-taiwan-october/ STO監管框架終於出爐！ACE王牌數位資產交易所總經理潘奕彰：將嘗試取得證券自營商許可證照 http://bit.ly/2FKw2M3 證券型代幣發行規範 10月上路立委擬成立推動聯盟 http://bit.ly/2NoHV0C 現在全球有超過5,000台比特幣自動櫃員機 https://cointmr.com/__trashed/?fbclid=IwAR0RiP4sjh7UpQatjjhWS6Sx18fZjXvrrMpsE7tLWXaPiwnf1moHxp2rCSo 證交所：金管會開放符合一定條件的證券商可發行證券商發行指數投資證券（ETN）今年4月上線 https://www.taiwannews.com.tw/ch/news/3736490 領先全球！證券虛擬幣納管發行規範10月正式上路 https://money.udn.com/money/story/5/3896691 拚全球FinTech與資安強國以色列這樣做 https://ec.ltn.com.tw/article/breakingnews/2841103 末日博士 Nouriel Roubini：比特幣根本不去中心，區塊鏈一點用都沒有 https://www.inside.com.tw/article/16781-Nouriel-Roubini-in-abs 全球央行紅色警戒，臉書幣Libra為何可能超越比特幣 https://money.udn.com/money/story/9740/3905372 比特幣ETF是什麼東東 https://news.sina.com.tw/article/20190702/31828016.html 虛擬貨幣納管資誠：規範過嚴恐影響業者 https://udn.com/news/story/7239/3905964 Facebook 遭多方施壓叫停 Libra美立法者、民間機構連發函籲嚴管 https://news.cnyes.com/news/id/4350471 日本央行行長：Libra可能會損害日本的金融穩定 http://news.knowing.asia/news/9bf8ad11-2481-463d-a63b-695d9b52c2eb Facebook高管為「天秤幣」辯護：我們沒有控制權 https://news.sina.com.tw/article/20190704/31846590.html 全球財富向加密貨幣領域轉移， iSunOne橫空出世，提供數字貨幣財富管理及加密社交服務 http://n.yam.com/Article/20190703385089 澳洲銀行跟IBM合作區塊鏈技術 https://m.ctee.com.tw/livenews/gj/a98601002019070411244182 由Libra引發的思考：「超主權貨幣」不可能實現 http://news.knowing.asia/news/552b6471-8b22-43f3-b3b1-bf25f5eb3569 英國金融行為監管局，批准了首個加密貨幣避險基金 http://news.knowing.asia/news/842e778c-6ac0-4900-a74e-99dd4de8b434 立法委員許毓仁：區塊鏈的廣泛使用，將使人性光輝更加放大 http://bit.ly/30gbuD7 Monero安全漏洞可能已經看到XMR從加密貨幣交易所被盜 https://0xzx.com/201907050328154351.html Facebook的Libra，就像50年前就存在的貨幣市場基金 http://news.knowing.asia/news/479e56e8-5de1-4621-b281-ad1b5acc6692 區塊鏈安全入門筆記系列一 https://paper.seebug.org/973/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 Conficker / Download病毒的偵測、清除/預防 http://bit.ly/2RNVQM1 Mirai 變種Echobot 殭屍網絡有26 個漏洞利用 https://www.chainnews.com/articles/866425028271.htm 網釣新招術：把惡意連結藏在QR Code中 https://www.ithome.com.tw/news/131603 找難的做、絕不妥協！卡巴斯基造防毒帝國：最佳防禦是攻擊 https://www.setn.com/News.aspx?NewsID=534615 讓電腦科學家難以入眠的大事：當「勒索軟體」結合人工智慧 https://www.thenewslens.com/feature/timefortune/121436 醫療郵政銀行癱瘓三週後，佛羅里達兩城市接連向駭客屈服支付超過千萬的比特幣贖金 http://bit.ly/2JhMA0p 假冒成Flash播放器的Mac惡意程式曝光 https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=30659 每五分鐘跳出全螢幕廣告! 182個免費遊戲和相機應用程式夾帶廣告軟體,已被下載逾九百萬次 https://blog.trendmicro.com.tw/?p=61057 Crimeware for Sale: The Commoditization of ATM Malware in the Cybercriminal Underground http://bit.ly/323csnQ Kaspersky tracks down major new ransomware https://www.itproportal.com/news/kaspersky-tracks-down-major-new-ransomware/ More US Cities Battered by Ransomware https://www.bankinfosecurity.com/more-us-cities-battered-by-ransomware-a-12710 “We need to up our game”—DHS cybersecurity director on Iran and ransomware https://arstechnica.com/tech-policy/2019/06/we-need-to-up-our-game-dhs-cybersecurity-director-on-iran-and-ransomware/ Fake jquery campaign leads to malvertising and ad fraud schemes https://blog.malwarebytes.com/threat-analysis/2019/06/fake-jquery-campaign-leads-to-malvertising-and-ad-fraud-schemes/ Two Florida Cities Paid $1.1 Million to Ransomware Hackers This Month https://thehackernews.com/2019/06/florida-ransomware-attack.html Exclusive: German Police Raid OmniRAT Developer and Seize Digital Assets https://thehackernews.com/2019/06/police-raid-omnirat-developer.html Brazil leads in ransomware attacks https://www.zdnet.com/article/brazil-leads-in-ransomware-attacks/#ftag=RSSbaffb68 Sodin ransomware exploits Windows vulnerability and processor architecture https://securelist.com/sodin-ransomware/91473/ Ransomware attacks: Why and when it makes sense to pay the ransom https://www.zdnet.com/article/why-and-when-it-makes-sense-to-pay-the-ransom-in-ransomware-attacks/#ftag=RSSbaffb68 Android spyware campaign spreads across the Middle East https://www.zdnet.com/article/android-spyware-campaign-spreads-across-the-middle-east/#ftag=RSSbaffb68 QUICK POST: FAKE UPDATES CAMPAIGN SENDS CHTHONIC https://www.malware-traffic-analysis.net/2019/06/28/index.html Hackers Can Abuse Microsoft Excel Power Query For Malware Attacks https://latesthackingnews.com/2019/07/01/hackers-can-abuse-microsoft-excel-power-query-for-malware-attacks/ Facebook Removes Accounts Used to Infect Thousands With Malware https://threatpost.com/facebook-malware-laced-links/146149/ Facebook abused to spread Remote Access Trojans since 2014 https://www.zdnet.com/article/facebook-abused-to-spread-houdini-spynote-trojans-since-2014/ Researchers crack open Facebook campaign that pushed malware for years https://arstechnica.com/information-technology/2019/07/five-year-old-facebook-campaign-pushed-malware-on-100000-followers/ Facebook Takes Down Pages Loaded With Malware https://www.bankinfosecurity.com/facebook-takes-down-pages-loaded-malware-a-12715 ETERNALBLUE sextortion scam puts your password where your name should be https://nakedsecurity.sophos.com/2019/07/01/eternalblue-sextortion-scam New Silex malware is bricking IoT devices, has scary plans https://www.zdnet.com/article/new-silex-malware-is-bricking-iot-devices-has-scary-plans/ Riltok mobile Trojan: A banker with global reach https://securelist.com/mobile-banker-riltok/91374/ Exclusive: German Police Raid OmniRAT Developer and Seize Digital Assets https://thehackernews.com/2019/06/police-raid-omnirat-developer.html New Dridex Variant Evading Traditional Antivirus https://www.esentire.com/blog/new-dridex-variant-evading-traditional-antivirus/ New variant of Dridex banking Trojan implements polymorphism https://securityaffairs.co/wordpress/87828/malware/dridex-banking-trojan-polymorphism.html The Gopher in the Room: Analysis of GoLang Malware in the Wild https://unit42.paloaltonetworks.com/the-gopher-in-the-room-analysis-of-golang-malware-in-the-wild/ Analyzing Ursnif’s Behavior Using a Malware Sandbox https://www.vmray.com/cyber-security-blog/analyzing-ursnif-behavior-malware-sandbox/ SectorC08: Multi-Layered SFX in Recent Campaigns Target Ukraine https://threatrecon.nshc.net/2019/06/25/sectorc08-multi-layered-sfx-recent-campaigns-target-ukraine/ Newly discovered Spelevo exploit kit found compromising B2B site to distribute IcedID and Dridex trojans http://bit.ly/2FXuEGe Ten years later, malware authors are still abusing 'Heaven's Gate' technique https://www.zdnet.com/article/malware-authors-are-still-abusing-the-heavens-gate-technique/#ftag=RSSbaffb68 RATs and stealers rush through “Heaven’s Gate” with new loader https://blog.talosintelligence.com/2019/07/rats-and-stealers-rush-through-heavens.html First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol/ An Analysis of Godlua Backdoor https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/ WannaLocker ransomware found combined with RAT and banking trojan https://www.scmagazine.com/home/security-news/ransomware/wannalocker-ransomware-found-combined-with-rat-and-banking-trojan/ 2019-07-03 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE https://www.malware-traffic-analysis.net/2019/07/03/index.html 2019-07-02 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE https://www.malware-traffic-analysis.net/2019/07/02/index2.html Sodinokibi ransomware is now using a former Windows zero-day https://www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/#ftag=RSSbaffb68 New Golang malware plays the Linux field in quest for cryptocurrency https://www.zdnet.com/article/new-golang-malware-plays-the-field-in-quest-for-cryptocurrency/#ftag=RSSbaffb68 A Quick and Efficient Method For Locating the main() function of Linux ELF Malware Variants http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/njKDtIWkpAA/ B.行動安全 / iPhone / Android /穿戴裝置 /App 一年未處理漏洞：約會應用Jack'd被處以24萬美元罰金 https://news.sina.com.tw/article/20190629/31795234.html 《還願》中國發行商被勒令停業，理由是「危害國家安全」 https://www.inside.com.tw/article/16776-Devotion-Indievent-China 【全記錄】LINE 總部 2019 年會 LINE CONFERENCE 重點整理 https://www.inside.com.tw/article/16752-LC-2019 疑遭DDoS攻擊　FB、IG、WhatsApp齊故障　無法下載圖片、錄音 http://bit.ly/2xtlxby 可怕！中國被爆強迫邊境旅客裝惡意軟體監視個人訊息 https://news.ltn.com.tw/news/world/breakingnews/2840935 進入新疆地區的外國遊客被迫安裝Android惡意程式 https://www.ithome.com.tw/news/131631 5G釋照遊戲新規則須提資安計畫、設資安長 http://bit.ly/30ejFQc 見到 QR Code 就掃?機場的 Wi-Fi很安全?暑假出國旅遊的網路安全三大備忘清單 https://blog.trendmicro.com.tw/?p=56093 【手機病毒】會竊取17 種Android手機資料的網路間諜Bouncing Golf ,透過社群媒體散播 https://blog.trendmicro.com.tw/?p=61036 Fake Samsung firmware update app tricks more than 10 million Android users https://www.zdnet.com/article/fake-samsung-firmware-update-app-tricks-more-than-10-million-android-users/#ftag=RSSbaffb68 'Legit Apps Turned into Spyware' Targeting Android Users in Middle East https://thehackernews.com/2019/06/android-malware-hacking.html Real world 5G not ready for primetime in 2019 https://www.zdnet.com/article/real-world-5g-not-ready-for-primetime-in-2019/ iOS tip: How to clear your iPhone's RAM and make it faster https://www.zdnet.com/article/ios-tip-how-to-clear-your-iphones-ram-and-make-it-faster5/#ftag=RSSbaffb68 Getnord Lynx: Super-tough Android smartphone with a massive battery https://www.zdnet.com/article/getnord-lynx-super-tough-android-smartphone-with-a-massive-battery/#ftag=RSSbaffb68 Getnord Lynx: Super-tough Android smartphone https://www.zdnet.com/pictures/getnord-lynx-super-tough-android-smartphone/#ftag=RSSbaffb68 China's Border Guards Secretly Installing Spyware App on Tourists' Phones https://thehackernews.com/2019/07/xinjiang-fengcai-spyware.html Chinese officials reportedly installed a surveillance app on tourists' phones https://www.engadget.com/2019/07/02/china-border-agents-installing-surveillance-app-tourist-phones/ China Is Forcing Tourists To Install A Smartphone App That Steals Personal Data http://bit.ly/2JekG57 Chinese border guards put secret surveillance app on tourists' phones http://bit.ly/2FSbXU4 Xinjiang: How China Uses A Spying Smartphone App To Automate Citizen Oppression http://bit.ly/2JoKjiA China’s Algorithms of Repression Reverse Engineering a Xinjiang Police Mass Surveillance App https://www.hrw.org/report/2019/05/01/chinas-algorithms-repression/reverse-engineering-xinjiang-police-mass-surveillance AppTrana — Website Security Solution That Actually Works https://thehackernews.com/2019/07/apptrana-web-application-security.html Android July 2019 Security Update Patches 33 New Vulnerabilities https://thehackernews.com/2019/07/android-security-update.html New cheaper iPhone would drop a flagship feature https://www.zdnet.com/article/new-cheaper-iphone-would-drop-a-flagship-feature/#ftag=RSSbaffb68 C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件不破解wifi密碼就出不去！HITCON推出「駭客版」密室逃脫遊戲 http://bit.ly/306ieDw 董監事需正視的資安議題 http://bit.ly/2FK46rA 這項資訊安全技術，已是駭客們的心頭好 http://bit.ly/32cQS0b 韓國瑜砲打中央不協助防疫台灣「駭客始祖」出面打臉 https://news.ltn.com.tw/news/politics/breakingnews/2839814 2020普查最怕駭客、當機、假消息 http://bit.ly/2XJYVlT 研究人員以強化學習破解reCaptcha v3 https://www.ithome.com.tw/news/131594 網路安全廠商爆 EA 資安漏洞，攻擊者可自由竊取玩家帳戶 https://tw.esports.yahoo.com/ea-090031336.html 兩名GnuPG開發人員的憑證遭垃圾簽章淹沒 https://www.ithome.com.tw/news/131674 駭客攻擊索尼開發商，被法院判賠百萬還得坐牢兩年 https://tw.esports.yahoo.com/ddos-hack-025424961.html 造成遊戲界重大傷害的 DDOS 攻擊發動駭客將入獄服刑 https://gamelife.tw/thread-47485-1-1.html 駭客因對Daybreak Game伺服器發起DDoS攻擊而被判入獄兩年 http://big5.pconline.com.cn/b5/news.pconline.com.cn/1273/12733269.html 揭發港航保安漏洞反被控未獲授權下取用資料被告判自簽$1500守行為1年 http://bit.ly/2Jir2iE 港航網上系統現漏洞　男乘客通告不果反被指取用資料　准守行為 http://bit.ly/2XMHm4E 企業上雲往往漏洞百出，專家點出資安界20年來未解的問題 http://bit.ly/2Xjz8Bt 關鍵基礎施設穩定運作的根基：網路安全 http://www.tvet3.info/20190701/ 暗網潛航——公共醫療系統的安全風險 http://bit.ly/2JtGd99 DarkHotel駭客組織針對中國外貿人士的最新攻擊活動披露 https://s.tencent.com/research/report/741.html 保加利亞駭客在公開幼兒園軟件漏洞後被捕 https://www.77169.com/html/238538.html 谷歌帳號遭入侵店家報案怨警"冷處理" 遭破解密碼企圖登入警稱"無實際損害" 薪轉資料恐遭竊警:人手不足非拒受理 https://www.ttv.com.tw/news/view/10806280017300N/573 反送中信息“樞紐”網站疑遭國家級黑客攻擊一度癱瘓 http://bit.ly/2Jv2VxE 香港多家媒體網站當機大規模網攻疑來自中國 https://www.ntdtv.com/b5/2019/07/02/a102614305.html 全球部分網站突掛點　起因Cloudflare服務大當機 https://www.nownews.com/news/20190703/3478598/ Cloudflare疑受網絡攻擊連環死機　連登、高登、立場等一度癱瘓 http://bit.ly/2XqTxoz Cloudflare全球大當機原因出爐：配置錯誤的軟體更新 https://www.ithome.com.tw/news/131630 美政府警告駭客正在攻擊Outlook漏洞 https://www.ithome.com.tw/news/131632 養虎為患！外媒揭美企洩露中共x86技術 http://www.ntdtv.com.tw/b5/20190628/video/248546.html 美研究指設備存巨大漏洞華府官員：華為沒誠意改善 http://bit.ly/2YpWUbs Nokia警告英國　華為設備存漏洞　為5G網絡構成風險 http://bit.ly/2XovEhq 荷蘭警告網絡安全威脅華為設備安全漏洞百出 http://www.51testing.com/html/32/n-4461232.html 美公共警報系統曝漏洞專家：警惕預警系統上演狼來了 https://www.4hou.com/mobile/18929.html 華為遇挫起訴美國芯片設計商竊密被判敗訴 https://www.ntdtv.com/b5/2019/06/27/a102610642.html 資安業者Finite State：近1萬款華為設備韌體中，有55%含有潛在後門 https://ithome.com.tw/news/131516 華為參與中共軍方研究計劃設備有後門 https://www.ntdtv.com/b5/2019/06/29/a102611482.html 新加坡或用華為建 5G 生態圈，將斥資近 3,000 萬美元 https://technews.tw/2019/06/28/singapore-5g-ecosystem-huawei/ 中國大陸網絡安全漏洞管理閉門研討會召開 https://www.aqniu.com/industry/50910.html 中共獲授權設域名根服務器專家：風險更多 http://www.epochtimes.com/b5/19/6/27/n11350364.htm 荷情報：中共等網路間諜活動升級 http://bit.ly/2J0BWus 澳洲強化資訊戰力漸收成效 https://www.ydn.com.tw/News/342600 英國ISP點名網路惡棍，川普、Mozilla入圍 https://www.ithome.com.tw/news/131681 陸委會報告：中共威權滲透及經社融合威脅香港自治 https://udn.com/news/story/7331/3903512 中共駭客進擊美、日、印度科技企業 https://news.pchome.com.tw/internation/gpwb/20190628/index-56165312084316201011.html 俄版Google遭駭五眼聯盟有份 https://news.ltn.com.tw/news/world/paper/1299530 駭來駭去！傳五眼聯盟入侵俄羅斯搜尋引擎Yandex https://www.ithome.com.tw/news/131540 G20峰會見普丁　川普開玩笑要他「別干涉選舉」 https://www.nownews.com/news/20190629/3471175/ 公安上門查戶口叮嚀台人不要談論香港 http://bit.ly/2KQ9e1Q 建立跨境數據流通及資安規範安倍在G20推「大阪框架」 https://news.ltn.com.tw/news/world/breakingnews/2837745 美眾院情報委員會通過法案防中國干預台灣大選 https://www.cna.com.tw/news/firstnews/201907020155.aspx 調查局再破共諜網國軍包商涉刺探軍機遭收押 https://udn.com/news/story/7321/3908754 韓粉專頁操盤網軍...來自中國...自稱騰訊員工...中共建構的網軍已對世界各國政府發動駭客攻擊，對台灣尤甚 http://blog.udn.com/lin236868/127883514 美軍研發的資安工具如何變成網路黑市的隱密服務 https://www.mirrormedia.mg/story/20190624intdarkwebcase 200米外的心跳聲能辨識身分！美國國防部開發從遠端偵測心跳就能辨識身分的Jetson系統 https://www.ithome.com.tw/news/131595 輕巧無聲美陸軍啟用步兵掌上型無人偵察機 https://www.chinatimes.com/realtimenews/20190628004089-260417?chdtv 僅15公分的微型無人機成阿富汗美軍新武器 https://udn.com/news/story/7086/3903665 美空軍升級空軍信息網網絡漏洞評估/搜尋系統 http://www.sohu.com/a/324616772_313834 日防衛相就宙斯盾調查出錯向山口縣知事道歉 https://tchina.kyodonews.net/news/2019/07/9bc2d43df364.html 美國將中國列為敵對國家！台灣怎麼遠離「邪惡軸心」 https://life.taronews.tw/2019/07/02/381148/ U.S. Government Makes Surprise Move To Secure Power Grid From Cyberattacks http://bit.ly/2Jnzpts PGP SKS key network poisoned by unknown hackers https://www.zdnet.com/article/openpgp-flooded-with-spam-by-unknown-hackers/#ftag=RSSbaffb68 Huawei Offers 'No Backdoor' Assurance, But Tests Are Needed https://www.bankinfosecurity.asia/blogs/huawei-offers-no-backdoor-assurance-but-tests-are-needed-p-2762 Alleged Cyber Attack on Russia's Yandex Used Malware Tied to Western Intelligence https://gizmodo.com/alleged-cyber-attack-on-russias-yandex-used-malware-tie-1835990481 Singapore government to run another bug bounty https://www.zdnet.com/article/singapore-government-to-run-another-bug-bounty/#ftag=RSSbaffb68 Almost half of US home security system owners admit their systems were switched off before a break in https://zd.net/2xuG4fQ Germany and the Netherlands to build the first ever joint military internet https://www.zdnet.com/article/germany-and-the-netherlands-to-build-the-first-ever-joint-military-internet/#ftag=RSSbaffb68 Singapore unveils framework to facilitate 'trusted' data-sharing between organisations https://www.zdnet.com/article/singapore-unveils-framework-to-facilitate-trusted-data-sharing-between-organisations/#ftag=RSSbaffb68 Cloudflare Calls Internet Outage 'Small Heart Attack' https://www.bankinfosecurity.com/interviews/cloudflare-calls-internet-outage-small-heart-attack-i-4367 ENISA Gets Permanent Mandate as EU Tackles Cybersecurity https://www.bankinfosecurity.eu/enisa-gets-permanent-mandate-as-eu-tackles-cybersecurity-a-12702 The Intelligence Network: BAE Systems’ 1,500-Strong Coalition to Tackle Cyber Fraud https://www.cbronline.com/interview/the-intelligence-network-bae-systems UK watchdog singles out Google, Facebook in advertising probe https://www.zdnet.com/article/uk-watchdog-singles-out-google-facebook-in-advertising-probe/#ftag=RSSbaffb68 UK ISP group names Mozilla 'Internet Villain' for supporting 'DNS-over-HTTPS' https://www.zdnet.com/article/uk-isp-group-names-mozilla-internet-villain-for-supporting-dns-over-https/#ftag=RSSbaffb68 Qatar Issues Aviation Cybersecurity Guidelines https://www.bankinfosecurity.in/qatar-issues-aviation-cybersecurity-guidelines-a-12706 Iranian Threat Actor Amasses Large Cyber Operations Infrastructure Network to Target Saudi Organizations https://go.recordedfuture.com/hubfs/reports/cta-2019-0626.pdf ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit http://bit.ly/2JhMLZD NZ finally updates its cybersecurity strategy, so where's Australia's https://www.zdnet.com/article/nz-finally-updates-its-cybersecurity-strategy-so-wheres-australias/#ftag=RSSbaffb68 Engineer faces 219 years in prison for smuggling US military chips to China https://www.zdnet.com/article/engineer-found-guilty-of-trying-to-sell-military-chips-to-china/#ftag=RSSbaffb68 Internet Trends 2019 Mary Meeker Report https://medium.com/utopiapress/internet-trends-2019-mary-meeker-report-bd70d202c845 Hacker who launched DDoS attacks on Sony, EA, and Steam gets 27 months in prison https://www.zdnet.com/article/hacker-who-launched-ddos-attacks-on-sony-ea-and-steam-gets-27-months-in-prison/#ftag=RSSbaffb68 DDoS Attacker Who Ruined Gamers' Christmas Gets 27 Months in Prison https://thehackernews.com/2019/07/christmas-ddos-attacks.html 【知名資安領導廠商】資深 PHP 工程師 https://m.1111.com.tw/job/85997800/ 資安工程師 https://ilabor.ntpc.gov.tw/cloud/GoodJob/job_title/604431961 助理工程師 https://www.cakeresume.com/companies/jobexpress-zh_tw-about/jobs/assistant-engineer-c1a03e 【資安所】智慧雲端中心-MIS工讀 https://www.104.com.tw/job/6i1kv 資安資深管理專業人員 https://www.104.com.tw/job/6nths 資安管理專業人員 https://www.104.com.tw/job/6nthj 教育處(教育網路中心)徵臨時人員(資安分析師) http://bit.ly/2XqFESj Data Engineer 資料科學家 https://www.104.com.tw/job/6low3?fbclid=IwAR22gwQ9KoCmD3Opod9HR1Qc8MNka7GUnJZKiPIDAZoJEG4BpmTGKe_U__g D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞「鑽線上服務漏洞」每次只騙1.99元信用卡盜刷新手法 http://bit.ly/2JoFoyh 神偽裝! APWG報告:近六成網路釣魚網站,使用 HTTPS 協定 https://blog.trendmicro.com.tw/?p=61049 網路用戶擔心成為身份盜用和帳戶侵權的受害者 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=&id=0000562979_Q9OLFHR96OX3LUL20182X 假新聞讓資安專家反成殺人嫌犯 http://bit.ly/2L1dbRq 研究：網釣服務與套件讓業餘駭客也能使用高級的閃避偵測技術 https://www.ithome.com.tw/news/131608 網銀有「隱藏版功能」？空姊10分鐘被騙3萬 https://www.chinatimes.com/realtimenews/20190629002825-260402?chdtv 國際假卡黨再現　路氹酒店等3部ATM機被做手腳 https://hk.on.cc/hk/bkn/cnt/news/20190628/bkn-20190628125056521-0628_00822_001.html 新北警模擬個資外洩事件演練備而不用 https://money.udn.com/money/story/5635/3900557 老翁貪抽佣當駭客集團人頭洗錢帳戶被訴 http://m.match.net.tw/pc/news/local/20190704/4945783 國際駭客偷電郵改帳號　貨款59萬美金全進他的帳戶 https://www.ettoday.net/news/20190704/1482003.htm 發現港航系統保安漏洞存取他人網上登機證向傳媒報料自爆身份公關稱無妄之災 https://hk.news.appledaily.com/local/realtime/article/20190703/59785523 批港警侵人權國際駭客公布逾600警個資 http://bit.ly/2XhS5EX 港警個資遭洩逮8人不排除擴大抓人 https://news.ltn.com.tw/news/world/breakingnews/2841726 不滿暴力鎮壓反送中 8人洩漏港警個資遭逮 http://bit.ly/2Jb6qKy 現實版真實上演張文綺媽遭騙2千多萬難討回 http://bit.ly/2LxnCeO 戰地醫生借12萬要離開戰區？原來是境外匯款詐騙 https://udn.com/news/story/7321/3901680 中國智慧家庭設備恐洩露20億筆用戶資料 https://www.ithome.com.tw/news/131605 又是弱密碼惹的禍！德國20歲學生入侵近千名公眾人物帳號並公布他們的個資 https://www.ithome.com.tw/news/128140 多數媒體誤報！銓敘部外洩個資並不含手機號碼在內 https://www.ithome.com.tw/news/131672 不是駭客！我情治人員名單曝光是內鬼幹的 https://www.chinatimes.com/realtimenews/20190703001479-260402?chdtv 電腦主機遭植入木馬國安8大情治人員個資全被偷光 http://bit.ly/2xyadLn 國安單位公務員個資外洩行政院證實2012年遭洩 http://bit.ly/2XLom6I 國際神祕5眼聯盟示警行政院緊急補破網 http://bit.ly/2JkTe4E 文官個資外洩因境外攻擊　手法近似中國特定網軍 https://news.tvbs.com.tw/politics/1159787 【情報員個資洩光光】銓敘部遭駭手法曝光　與中國網軍「攻美護主」模式雷同 https://www.mirrormedia.mg/story/20190703inv007 24萬公務員通通有獎個資外洩可向銓敘部求償2億 http://bit.ly/2YwsPqJ 59萬個資外洩論壇國安單位全中獎 http://bit.ly/2XQPe52 非駭客所為！銓敘部疑有內鬼 59萬筆情治人員名單外洩受害者可求償 https://cnews.com.tw/140190704a02/ 情報員個資在馬政府時期就外洩？王定宇：時任政委張善政推動資訊開放 http://bit.ly/2XHjO16 文官個資遭駭掀科技戰危機專家：成立「混合威脅對策小組」破解 https://www.cmmedia.com.tw/home/articles/16339 台灣軍警人員個資遭外洩，在美國駭客交流網站上以「10 歐元」的價格販售！ https://buzzorange.com/techorange/2019/07/03/military-unit-data-leak/ 傳8大情治系統資料外洩政院：皆一般性資料 https://www.chinatimes.com/realtimenews/20190703002525-260407?chdtv 8大情治系統個資也外流？政院：被洩露的是一般公務員 http://bit.ly/327ul4Y 8大情治系統個資全都露？政院：僅一般行政人員個資 https://m.ltn.com.tw/news/politics/breakingnews/2841073 2大情報頭子身分曝光台情報網陷瓦解危機 http://bit.ly/2LCkDBW 台灣有可能用「網路實名制」打擊假新聞嗎 https://opinion.udn.com/opinion/story/11678/3909930 List of data breaches and cyber attacks in June 2019 – 39.7 million records leaked https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-june-2019-39-7-million-records-leaked Under 45s trust bots over humans with personal data https://www.zdnet.com/article/under-45s-trust-bots-over-humans-with-personal-data/#ftag=RSSbaffb68 UpGuard: Unsecured Amazon S3 Buckets Exposed 1TB of Data https://www.bankinfosecurity.com/upguard-unsecured-amazon-s3-buckets-exposed-1tb-data-a-12707 Former Equifax executive sent behind bars for insider trades, profiting on data breach https://www.zdnet.com/article/former-equifax-executive-sent-behind-bars-for-insider-trading-after-data-breach/#ftag=RSSbaffb68 Smart home maker leaks customer data, device passwords https://www.zdnet.com/article/smart-home-maker-leaks-customer-data-device-passwords/#ftag=RSSbaffb68 E.研究報告 NSA 攻擊工具事件分析報告 https://portal.cert.tanet.edu.tw/docs/pdf/201907011007565673112506470396.pdf CVE-2019-11477漏洞詳解詳玩(刪) https://blog.csdn.net/dog250/article/details/94026591 Laravel5.7反序列化漏洞之RCE鏈挖掘 https://xz.aliyun.com/t/5483 Firefox UAF漏洞分析 https://www.anquanke.com/post/id/181345 微軟RDP服務高危UAF漏洞分析(CVE-2019-0708) https://www.heibai.org/post/1427.html 路由器漏洞利用入門 https://www.lizenghai.com/archives/17801.html CVE-2019-11477 漏洞檢測腳本（影響大多數Linux內核） https://blog.csdn.net/helloexp/article/details/93101328 TCP SACK panic漏洞的解釋和思考 https://www.jishuwen.com/d/2TCn/zh-hk DVR登錄繞過漏洞_CVE-2018-9995漏洞復現 https://www.cnblogs.com/yuzly/p/11105086.html 由一段神秘文字所引發的調查與分析-- 集勒索、間諜、銀行木馬於一體的Anubis 新變種追踪 https://paper.seebug.org/963/ 檢測工控設備SNMP漏洞工具：SNMP Fuzzer https://www.freebuf.com/sectool/206417.html 研究人員發現Zipato智能網關漏洞，可被利用打開智能門鎖 http://www.zhidx.com/p/151615.html Windows Error Reporting 0day漏洞分析（CVE-2019-0863） https://www.anquanke.com/post/id/181457 CVE-2019-2729 WebLogic RCE漏洞白名單補丁分析 https://www.4hou.com/vulnerable/18801.html 關於CMSMS中SQL注入漏洞的複現與分析與利用 https://4hou.win/wordpress/?p=33777 CVE-2019-8635: Apple macOS double free漏洞分析 https://4hou.win/wordpress/?p=33790 CVE-2019-11478 Sack Slowness&Excess Resource Usage漏洞解析與利用 https://blog.csdn.net/dog250/article/details/94654620 利用ElasticSearch Groovy漏洞進行門羅幣挖礦事件分析 http://www.sohu.com/a/324256486_354899 WebLogic遠程命令執行0day漏洞 http://blog.itpub.net/30327022/viewspace-2649348/ 個案分析-NSA攻擊工具事件分析報告_10806 https://cert.tanet.edu.tw/prog/opendoc.php?id=201907011007565673112506470396.pdf OS禦見監測到“蘿莉幫”跨平台殭屍網絡，可發起DDoS攻擊 https://paper.seebug.org/974/ Godlua Backdoor 分析報告 https://paper.seebug.org/972/ 微軟RDP 服務高危UAF 漏洞分析(CVE-2019-0708) https://paper.seebug.org/971/ Shodan BinaryEdge ZoomEye 網絡空間搜索引擎測評 https://paper.seebug.org/970/ OpenCTI-Platform/opencti https://github.com/OpenCTI-Platform/opencti amass — Automated Attack Surface Mapping | Daniel Miessler https://danielmiessler.com/study/amass/ 2019 Pass the SALT Slide https://2019.pass-the-salt.org/schedule/ 1001 Ways of Implementing a System Call https://x86.lol/generic/2019/07/04/kernel-entry.html Leaked Muddyc3 C2 source. 0xffff0800/muddyc3 https://github.com/0xffff0800/muddyc3 Lynis : Security Auditing Tool for Unix/Linux Systems https://kalilinuxtutorials.com/lynis-security-auditing-tool-2/ PTF : A Way For Modular Support For Up-To-Date Tools https://kalilinuxtutorials.com/ptf-pentesters-framework/ How to tell if your Windows laptop battery is worn https://www.zdnet.com/article/how-to-tell-if-your-windows-laptop-battery-is-worn/#ftag=RSSbaffb68 Netflix, Ford, TD Bank Data Exposed by Open Amazon S3 Buckets https://www.bleepingcomputer.com/news/security/netflix-ford-td-bank-data-exposed-by-open-amazon-s3-buckets/ Scapy : Python-Based Interactive Packet Manipulation Program & Library https://kalilinuxtutorials.com/scapy-interactive-packet-manipulation Aqua Security https://github.com/aquasecurity Red Teaming Toolkit Collection https://0xsp.com/offensive/red-teaming-toolkit-collection Breaking & Entering with Zipato SmartHubs https://blackmarble.sh/zipato-smart-hub/ Nuget/Squirrel uncontrolled endpoints leads to arbitrary code execution https://medium.com/@reegun/update-nuget-squirrel-uncontrolled-endpoints-leads-to-arbitrary-code-execution-b55295144b56 Operation Tripoli - Check Point Research https://research.checkpoint.com/operation-tripoli/ 韓國資安公司AhnLab對Ghostscript CVE-2017-8291分析 https://unit42.paloaltonetworks.com/tale-of-a-windows-error-reporting-zero-day-cve-2019-0863/ [Android] maddiestone/ConPresentations https://github.com/maddiestone/ConPresentations/blob/master/REcon2019.PathToThePayload.pdf F.商業解析灰色警戒 (Gray Alerts)：這些警示對企業的意義為何 https://blog.trendmicro.com.tw/?p=60873 精誠攜美商布局資安防禦 https://money.udn.com/money/story/5710/3901753 台灣大哥大台中國際級規格打造 IDC 居中南部機房之冠，7/1 正式啟用 https://technews.tw/2019/06/28/taiwancloud-idc-taichung/ Nextlink 攻雲端資安環境共創雙贏 https://money.udn.com/money/story/5635/3897409 Refirm Labs：韌體漏洞的安全防範 http://tw.systex.com/refirm-labs/ Red Hat推出RHEL安全分析服務Insights https://www.ithome.com.tw/news/131531 Nextcloud推出共筆文字編輯器 https://www.ithome.com.tw/news/131538 看準物聯網73兆元物聯網商機台灣之星明年連網數目標成長10倍 https://news.cnyes.com/news/id/4349823 Check Point提供Tbps級威脅防護機制 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=&id=0000563092_J9CLS39PLY6HRV19YGOIE 美國科技史上第三大交易！IBM 以一兆台幣收購開源軟體公司紅帽 https://buzzorange.com/techorange/2019/07/04/ibm-merge-redhat-enterpriselinux-fairtrade-permmit/ 島內雲端平台存放企業客戶資料　兼顧合規性與安全性在地化優勢掌握情資　抽絲剝繭解析異常 https://www.netadmin.com.tw/netadmin/zh-tw/trend/19DB3A018CBE44FEB788DBC679E8F450 採邏輯檢測引擎降低識別威脅誤判率，韓國WAF產品進軍臺灣 https://ithome.com.tw/review/131591 Check Point Research 與 CyberInt 協助 EA 改善旗下 Origin 遊戲平台安全漏洞 https://gnn.gamer.com.tw/1/181941.html 解析惡意郵件威脅指標提升資安防護，眾至自建團隊累積在地化情資 http://www.sharetech.com.tw/zh-tw/marketing-events/286-net-admin-162 Atmosphère 0.9.2加入圖型設定介面，在Switch上建立虛擬系統更方便 http://bit.ly/32bEpda Google大數據分析服務Cloud Dataproc終於可以直接套用現成Hadoop資安政策了 https://www.ithome.com.tw/news/131614 微軟與遠傳正式啟動戰略合作，結合5G及雲端技術加速轉型進程 https://www.techbang.com/posts/71242-taiwans-microsoft-and-away-telecom-officially-launch-strategic-cooperation 中信國際電訊CPC與Fortinet合推新一代防火牆　助公司防駭客 http://bit.ly/2L1wObX 【網路流量加密平臺可延伸解析應用程式運用情形】Gigamon推出網路應用透視模組 https://www.ithome.com.tw/news/131686 趨勢科技：手遊、相機APP夾帶惡意程式下載量近千萬次 https://ec.ltn.com.tw/article/breakingnews/2843845 資安防護的最後一哩路-特權帳號管理 https://mic.iii.org.tw/aisp/ReportS.aspx?id=CDOC20190702005 Microsoft once called Linux 'a cancer,' and that was a big mistake https://www.zdnet.com/article/microsoft-once-called-linux-a-cancer-and-that-was-a-big-mistake/#ftag=RSSbaffb68 GOOGLE TURNS TO RETRO CRYPTOGRAPHY TO KEEP DATA SETS PRIVATE https://www.wired.com/story/google-private-join-compute-database-encryption/ Google resurrects Lion of Mosul statue with 3D printing following ISIS destruction https://www.zdnet.com/article/google-resurrects-lion-of-mosul-with-3d-printing-after-isis-destruction/#ftag=RSSbaffb68 Microsoft Adds 2FA-Protected "Personal Vault" Within OneDrive Cloud Storage https://thehackernews.com/2019/06/microsoft-onedrive-personal-vault.html Microsoft asks to join private Linux security developer list https://www.zdnet.com/article/microsoft-asks-to-join-private-linux-security-developer-list/#ftag=RSSbaffb68 Microsoft developer reveals Linux is now more used on Azure than Windows Server https://www.zdnet.com/article/microsoft-developer-reveals-linux-is-now-more-used-on-azure-than-windows-server/#ftag=RSSbaffb68 Microsoft Edge gets 'Tracking Prevention' feature https://www.zdnet.com/article/microsoft-edge-gets-tracking-prevention-feature/#ftag=RSSbaffb68 Wipro's Li-Fi solution could slake the thirst of bandwidth-devouring Indians https://www.zdnet.com/article/wipros-li-fi-solution-could-slake-the-thirst-of-bandwidth-devouring-indians/#ftag=RSSbaffb68 MongoDB: The cloud keeps rolling but what about legacy modernization https://www.zdnet.com/article/mongodb-the-cloud-keeps-rolling-but-what-about-legacy-modernization/#ftag=RSSbaffb68 Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time http://bit.ly/2NJ17Gi Report: Broadcom in Discussions to Buy Symantec https://www.bankinfosecurity.com/report-broadcom-in-discussions-to-buy-symantec-a-12717 Symantec shares surge on report Broadcom considers acquisition https://www.zdnet.com/article/symantec-shares-surge-as-broadcom-considers-acquisition/#ftag=RSSbaffb68 D-Link to undergo security audits for 10 years as part of FTC settlement https://www.zdnet.com/article/d-link-to-undergo-security-audits-for-10-years-as-part-of-ftc-settlement/#ftag=RSSbaffb68 D-Link Settles With FTC Over Alleged IoT Security Failures https://www.bankinfosecurity.com/d-link-settles-ftc-over-alleged-iot-security-failures-a-12716 HP, Dell and Microsoft look to join electronics exodus from China https://asia.nikkei.com/Economy/Trade-war/HP-Dell-and-Microsoft-look-to-join-electronics-exodus-from-China G.政府昔日共軍網戰偵蒐重點國軍網路戰聯隊部址如今解密 https://udn.com/news/story/10930/3900912 資通電軍：購案目的在強化人員資安專業訓練 http://bit.ly/303DEkF 強化資安機制資通電軍採購資安攻防蒐平台 https://www.ydn.com.tw/News/342228 杜絕中科院再演烏龍洩密案國防部6月督導武器系統資安防護 http://bit.ly/2FKHVSc 金管會讓步境外雲端存個資只需3條件 https://www.chinatimes.com/realtimenews/20190628003974-260410?chdtv 銀行雲端資料可放境外顧立雄：須掌握三原則 https://www.chinatimes.com/realtimenews/20190628003772-260410?chdtv 銀行客戶個資可存境外雲端 https://www.chinatimes.com/newspapers/20190629000550-260110?chdtv 銀行資料上雲端，金管會准了！符合條件境外公雲也能用 https://www.ithome.com.tw/news/131515 大到不能倒！金管會公布5大系統性銀行強化監理 https://udn.com/news/story/7239/3896908?from=udn-catelistnews_ch2 看見台灣下一波競爭力，政府與產業聯手落實智慧製造與資安防護 https://futurecity.cw.com.tw/article/686 考試院暨考試委員高度重視公務資安防護 https://www.mocs.gov.tw/pages/detail.aspx?Node=489&Page=6160&Index=1 金融研訓院董事長吳中書傳統金融機構留意五優勢三缺點 http://udndata.com/ndapp/udntag/finance/Article?origid=9351831 Line群組狂轉銓敘部外洩國家情治人員個資，有違反個資法疑慮 https://www.ithome.com.tw/news/131609 5年前就防範中國電信設備酈英傑讚台灣是模範 https://www.rti.org.tw/news/view/id/2026346 資安防範受肯定酈英傑讚台灣是模範 http://www.ksnews.com.tw/index.php/news/contents_page/0001281249 中資違法來台投資涉國安、資安、惡意挖角加重罰3倍 https://ec.ltn.com.tw/article/breakingnews/2842281 H.ICS/SCADA 工控系統工業互聯網安全是產業安全和國家安全的重要基礎和保障 https://news.sina.com.tw/article/20190628/31783728.html 關鍵基礎施設穩定運作的根基：網路安全 http://www.tvet3.info/20190701/ Medtronic召回有被駭風險的胰島素幫浦 https://www.ithome.com.tw/news/131565 可防護OT與IT網路安全，Stormshield推工控防火牆機型 https://www.ithome.com.tw/review/131546 Actiontec WEB6000Q 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15557 I.教育訓練 Splunk 攻略 https://www.weithenn.org/2019/06/splunk-journey.html Splunk Journey (01) - 基礎架構和運作元件 https://www.weithenn.org/2019/06/splunk-part01-Component.html Splunk Journey (02) - 建立 Splunk 運作環境 http://www.weithenn.org/2019/07/splunk-part02-splunk-enterprise-on-azure.html Splunk Journey (03) - Data Pipeline https://www.weithenn.org/2019/07/splunk-part03-data-pipeline.html 教你使用 Windows 10 Sandbox 沙箱功能，降低電腦中毒的機率 https://www.kocpc.com.tw/archives/267581 Malware Analysis Tutorial 8: PE Header and Export Table https://www.cnblogs.com/shangdawei/p/4785494.html J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 Unfixable Seed Extraction on Trezor - A practical and reliable attack https://ledger-donjon.github.io/Unfixable-Key-Extraction-Attack-on-Trezor/ Lair of robot sea snake: In the depths, this autonomous guardian lies ready to work https://www.zdnet.com/article/lair-of-robot-sea-snake-in-the-depths-this-autonomous-guardian-lies-ready-to-work/#ftag=RSSbaffb68 pasta-auto/PASTA1.0: PASTA: Portable Automotive Security Testbed with Adaptability https://github.com/pasta-auto/PASTA1.0 6.近期資安活動及研討會香港浸會大學國際學院7月6日舉辦「升學資訊日」7/6 http://bit.ly/2X77BDq HackingThursday 固定聚會 7/4 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/ 2019 車用電子與車聯網資安種子教師研習營 7/4 ~ 7/5 http://www.kghs.kh.edu.tw/notice/11734 2019國際資訊安全組織台灣高峰會 7/9 ~ 7/11 https://csa.kktix.cc/events/2019con Secure Summit APAC 2019 安全峰會 6 大領域提升資安水平 7/10 ~ 7/11 http://bit.ly/2WbONh5 工業局補助網路安全檢測教育訓練 7/10 ~ 7/12 https://www.accupass.com/event/1904080311551119077841 HackingThursday 固定聚會 7/11 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/ 智慧金屬與物聯網資安座談會 7/15 https://seminars.tca.org.tw/D15e02242.aspx 【資安講座】企業電子郵件資安，釣魚郵件與郵件詐騙解析、最新防護技術發展，更新大家的資安知識 7/16 https://www.techbang.com/posts/70854-lecture-corporate-email-security HackingThursday 固定聚會 7/18 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/ 資安產學高峰論壇 7/18 https://www.accupass.com/event/1906140709596176666390 資安趨勢研討會 7/18 https://www.accupass.com/event/1906110041444881410360 第12屆台盧(森堡)經濟合作會議 7/19 http://registration.cieca.org.tw/visit/?d=74 5G+IoT美麗新世界的資安挑戰與機會研討會 7/18 http://iekweb2.iek.org.tw/IEKConf/Client/confinfo.aspx?mode=confinfo&conf_no=384953433 HackingThursday 固定聚會 7/25 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/ 新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站 7/26 https://ievents.iii.org.tw/eventS.aspx?t=0&id=547 2019扭轉資安營運研討會 7/26 https://www.netfos.com.tw/event/2019event/20190726netfos/20190726-NETFOS-seminar-reg.html CDX2.0推廣活動 - 台南場次 7/26 https://nchc-cdx.kktix.cc/events/cdxactivity-0726 The Virus Bulletin Conference 2019 8/1 https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/ 資安事故處理實務課程 8/7 ~ 8/8 http://bit.ly/2VW0Lv9 DEF CON 27 2019/8/8–8/11 https://www.defcon.org/ 數位鑑識處理實務 8/14 ~ 8/15 http://bit.ly/2VW0Lv9 108 年度臺灣學術網路危機處理中心資安巡迴研討會 -資安趨勢暨網路安全概要 8/19 ~ 8/27 http://www.hssh.tp.edu.tw/ezfiles/1/1001/attach/42/pta_17520_7551835_06329.pdf 台灣駭客年會 HITCON Summer Training 2019 - 學生報名 2019-08-19 ~ 2019-08-22 https://www.accupass.com/event/1906050919271598677460 ￜYahoo奇摩電商專題講座ￜ我們與詐騙的距離_電商不可承受的資安之重 8/21 https://www.accupass.com/event/1906120307261445013215 WEB應用滲透測試 8/21 ~ 8/23 https://www.accupass.com/event/1904080221358963463590 台灣駭客年會 HITCON Community 2019 2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8) https://www.accupass.com/event/1906040921594609934250 數位政府高峰會 2019 8/28 https://egov.ithome.com.tw/ ModernWeb 19 8/28 ~ 8/29 https://modernweb.tw/ 資安法規與制度研析課程－108年度「資安人才培訓及國際推展計畫－資安專業人才培育深化課程」 8/29 ~ 8/30 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw== 108年資安職能訓練-行動裝置安全(8/29-8/30) https://cee.ksu.edu.tw/recruitinfo/1443.html 【AWS資安】Security Engineering on AWS高級課程 9/9 ~ 9/11 https://www.accupass.com/event/1905150854571147685105 CDX2.0推廣活動 - 台北場次 9/10 https://nchc-cdx.kktix.cc/events/cdxactivity-0910 Kubernetes Sumｍit 9/11 https://summit.ithome.com.tw/kubernetes/ TANET 2019 - 臺灣網際網路研討會 9/25 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310 HITB+ CYBER WEEK 2019/10/12 ~17 https://d2p.hitb.org/ Splunk .conf 19 10/21 ~ 10/24 https://conf.splunk.com/ AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22 https://ittraining.kktix.cc/events/aiot-training-2019 Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019 https://www.icscybersecurityconference.com Japan Security Analyst Conference https://jsac.jpcert.or.jp/