###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/6/17 ~ 2019/6/21 1.重大弱點漏洞/後門/Exploit/Zero Day GCHQ的漏洞裁定流程 https://www.xianjivr.com/news/46587.html Netflix揭露FreeBSD與Linux核心漏洞 https://www.ithome.com.tw/news/131329 美國情治單位成功測試利用 BlueKeep 漏洞，於目標電腦上執行任意程式碼 https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=875 售至全球50個國家的醫療用輸液幫浦含有遠端攻擊漏洞 https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=30648 Critical remote execution flaw lurks in TP-Link Wi-Fi Extenders https://www.zdnet.com/article/critical-remote-execution-flaw-lurks-in-tp-link-wi-fi-extenders/#ftag=RSSbaffb68 Critical RCE Vulnerability in TP-Link Wi-Fi Extenders Can Grant Attackers Remote Control https://securityintelligence.com/posts/critical-rce-vulnerability-in-tp-link-wi-fi-extenders-can-grant-attackers-remote-control/ TCP SACK PANIC - Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479 https://access.redhat.com/security/vulnerabilities/tcpsack Disgruntled security firm discloses zero-days in Facebook's WordPress plugins https://www.zdnet.com/article/disgruntled-security-firm-discloses-zero-days-in-facebooks-wordpress-plugins/#ftag=RSSbaffb68 New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now https://thehackernews.com/2019/06/oracle-weblogic-vulnerability.html Weblogic最新反序列化遠程命令執行漏洞 繞過CVE-2019-2725 https://nosec.org/home/detail/2711.html Oracle WebLogic XMLDecoder反序列化漏洞 http://www.zhuanzhi.ai/document/8986933c73508e661c8167aa5a42b83f Oracle patches another actively-exploited WebLogic zero-day https://www.zdnet.com/article/oracle-patches-another-actively-exploited-weblogic-zero-day/#ftag=RSSbaffb68 Spring Security OAuth - Open Redirector https://www.exploit-db.com/exploits/47000 16歲研究人員發現Google對外網站XSS漏洞可駭入內部網站 https://www.ithome.com.tw/news/131300 【漏洞預警】PHP eval 函式可能遭利用成為後門攻擊手法，允許攻擊者遠端執行任意程式碼，請儘速確認並調整設定 http://www.cpcm.pu.edu.tw/app/news.php?Sn=144 售至全球50個國家的醫療用輸液幫浦含有遠端攻擊漏洞 https://ithome.com.tw/news/131306 D-Link 連網監視攝影機被爆資安漏洞，駭客可取得影像內容 https://blog.twnic.net.tw/2019/06/13/3991/ 不只Linux伺服器，Azure也被駭客鎖定Exim漏洞攻擊 https://www.ithome.com.tw/news/131328 Exim RCE漏洞影響數百萬服務器，已有黑客發動攻擊程序 https://toutiao.ycen.com.cn/p/20190615/32185.html?m=defe3bac0e3467de8211f63d715f7745&f=index Critical Flaw Reported in Popular Evernote Extension for Chrome Users http://bit.ly/2ZtSyR2 Two New Microsoft Zero-Day Vulnerabilities Revealed in One Week https://blog.skyboxsecurity.com/microsoft-zero-day-vulnerabilities/ Adobe June Patch Tuesday Addressed Critical Security Vulnerabilities In ColdFusion, Campaign And Flash https://latesthackingnews.com/2019/06/14/adobe-june-patch-tuesday-addressed-critical-security-vulnerabilities-in-coldfusion-campaign-and-flash/ Microsoft June Patch Tuesday Addressed 88 Vulnerabilities Including Zero-Days http://bit.ly/2RrPRMS Microsoft delivers public preview of Azure Bastion service for remotely accessing VMs more securely https://www.zdnet.com/article/microsoft-delivers-public-preview-of-azure-bastion-service-for-remotely-accessing-vms-more-securely/#ftag=RSSbaffb68 關於Windows 認證高危漏洞的緊急預警通報 http://www.ccw.com.cn/industry/2019-06-17/7946.html Windows 6 月更新 安裝後，將阻止部分藍牙LE 裝置與電腦設備配對 https://www.kocpc.com.tw/archives/265275 Microsoft releases first test build of Windows Server 20H1 https://www.zdnet.com/article/microsoft-releases-first-test-build-of-windows-server-20h1/#ftag=RSSbaffb68 Docker embraces Windows Subsystem for Linux 2 https://www.zdnet.com/article/docker-embraces-windows-subsystem-for-linux-2/#ftag=RSSbaffb68 Coremail郵件系統安全漏洞的預警通報 http://www.cnnvd.org.cn/web/bulletin/bulletinById.tag?mkid=144 dlink -- dir-300_firmware CVE-2013-7471 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7471 ipswitch -- ws_ftp_server CVE-2019-12144 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12144 joomla CVE-2019-12765 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12765 sap -- advanced_business_application_programming_platform_kernel CVE-2019-0304 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0304 solarwinds -- serv-u_ftp_server https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19999 新版 Chrome 是媒體的痛，讀者繞過付費牆的好用工具 https://technews.tw/2019/06/18/new-chrome-is-the-headache-of-media-and-the-good-tools-for-readers-to-bypass-paywall/ Chrome extension caught hijacking users' search engine results https://www.zdnet.com/article/chrome-extension-caught-hijacking-users-search-engine-results/#ftag=RSSbaffb68 Google launches Chrome extension for flagging bad URLs to the Safe Browsing team https://www.zdnet.com/article/google-launches-chrome-extension-for-flagging-bad-urls-to-the-safe-browsing-team/#ftag=RSSbaffb68 Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks http://bit.ly/2IW4tAm Firefox zero-day was used in attack against Coinbase employees, not its users https://www.zdnet.com/article/firefox-zero-day-was-used-in-attack-against-coinbase-employees-not-its-users/#ftag=RSSbaffb68 Mozilla patches Firefox zero-day abused in the wild https://www.zdnet.com/article/mozilla-patches-firefox-zero-day-abused-in-the-wild/#ftag=RSSbaffb68 被用來攻擊虛擬貨幣平台漏洞，Firefox 罕見緊急更新瀏覽器 https://technews.tw/2019/06/20/flaw-use-to-attck-cryptocurrency-platform-firefox-update-browser-in-urgancy/ Critical Flaw Reported in Popular Evernote Extension for Chrome Users https://thehackernews.com/2019/06/evernote-extension-hacking.html Tor Browser 8.5.2 Released — Update to Fix Critical Firefox Vulnerability https://thehackernews.com/2019/06/tor-browser-firefox-hack.html 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 資安訊息分享 未來擬收費 https://udn.com/news/story/7239/3875796 ATM瘋狂吐鈔！男放布袋接好接滿 http://gotv.ctitv.com.tw/2019/06/1082775.htm 香港銀行公會指未見特殊情況 銀行基建運作正常 http://bit.ly/2WIknTS 神腦全面轉型 將跨刀網路投保 http://bit.ly/2IKQrRX 業界首家！　新光人壽導入「行動身分識別服務」 https://tw.finance.appledaily.com/realtime/20190617/1585174/ 崴亞風險咨詢公司開辦 資安保險專才班 6／28開課 https://www.chinatimes.com/newspapers/20190618000490-260207?chdtv 美跨機構測試銀行資安能力 最快今年實施 https://money.udn.com/money/story/5602/3877636 國際財經：傳美國考慮對銀行業進行跨機構網路防禦測試 http://bit.ly/2WPoJ0g e動郵局硬體故障 手機200萬用戶受影響 https://life.taronews.tw/2019/06/18/375134/ 實體交易用戶不受影響 中華郵政App故障8.5小時 http://bit.ly/2L3KGSm 郵局網路大當機 估下午3點前修復 https://turnnewsapp.com/livenews/aj/A08616002019061813503241 磁碟硬體異常！ 郵局APP「e動郵局」服務斷 http://bit.ly/2xblAbH 中華郵政手機網路當機 預計下午3時前修復 https://udn.com/news/story/7239/3878540 e動郵局硬體故障 手機200萬用戶受影響 https://money.udn.com/money/story/5613/3878531 《金融》大出包！郵局網路當機，修復時間「未被通知」 http://bit.ly/2XlSmWx 中興高管回應自主操作系統應用適配不足：需要過程 https://news.sina.com.tw/article/20190618/31668076.html 股東要求給交代　南山人壽老董杜英宗為百億新系統出包致歉 https://www.ettoday.net/news/20190621/1472235.htm 股東砲轟「境界計畫」 杜英宗說：「若失敗我負責」 https://ec.ltn.com.tw/article/breakingnews/2829194 倫交所成立台北辦公室 將建百人團隊 https://udn.com/news/story/7251/3879238 台灣壽險業陷冰風暴？壽險公會6點聲明反駁 https://news.ebc.net.tw/News/Article/167664 壽險像第二個年金？ 金融業高層：遲早有人破產 http://bit.ly/2FlXeR2 網路安全專家在保險業吃香 http://big5.ftchinese.com/story/001083185?full=y 凱基條款可望為首例 監理沙盒業務若未涉法令禁止 其他銀行也可試辦 https://news.cnyes.com/news/id/4341136 占凱基銀便宜 手機門號辦貸款 金管會准「試辦」不必進沙盒 https://www.chinatimes.com/realtimenews/20190618004328-260410?chdtv 國泰世華銀行將使用數位簽章保護本行外寄之電子郵件 https://www.cathaybk.com.tw/cathaybk/personal/News/Announcement/2019/0620AnnounceInfo/ 5大數位帳戶卡整理包 高利存款跨轉提免費 http://bit.ly/2IXRVZk 臺灣土地銀行個人網路銀行將於108年06月27日(星期四)下午5時30分至下午7時30分期間短暫停止服務 https://www.landbank.com.tw/Bulletin/Detail/ce4a0c74-f506-43d8-92dc-aa71009dd5fd?code=H300 好方便！這7類款項開放超商「刷卡」代收 最快年底上路 https://newtalk.tw/news/view/2019-06-21/262697 南山新系統6月底後若再出包 顧立雄目3方向處置 https://www.chinatimes.com/realtimenews/20190621003564-260410?chdtv 南山境界6月後再亂 顧立雄：罰負責人 https://www.chinatimes.com/realtimenews/20190621003561-260410?chdtv 南山人壽系統改善了？顧立雄：要看第三方獨立查核報告 https://udn.com/news/story/7239/3885247 Equifax breach impacted the online ID verification process at many US govt agencies https://www.zdnet.com/article/equifax-breach-impacted-the-online-id-verification-process-at-many-us-govt-agencies/#ftag=RSSbaffb68 Europol calls for crackdown on physical ATM attacks https://www.atmmarketplace.com/news/europol-calls-for-crackdown-on-physical-atm-attacks/ Beyond Managed Security Services: SOC-as-a-Service for Financial Institutions https://www.bankinfosecurity.in/webinars/webinar-beyond-managed-security-services-soc-as-a-service-for-w-1853?rf=promotional_webinar Physical ATM attacks are violent, mostly unsuccessful https://www.atmmarketplace.com/blogs/physical-atm-attacks-are-violent-mostly-unsuccessful/ Windows 10: ATM operators readying for massive software update https://www.atmmarketplace.com/blogs/windows-10-atm-operators-prepare-for-massive-software-update/ 3.電子支付/電子票證/行動支付/ pay/新聞及資安 台鐵推電子支付買便當 17日起台灣pay先行 https://www.ptt.cc/bbs/MobilePay/M.1560836119.A.89F.html 越南正式將6月16日定為無現金日 http://bit.ly/2WOmmej 還在行動支付？中國已經開始靠「臉」辨識付款了 http://bit.ly/2WWpkse Visa亞太資安高峰會：支付資訊安全推動數位經濟發展 https://news.sina.com.tw/article/20190620/31697288.html LINE將在台灣推廣LINE Pay mini行動支付 https://www.ptt.cc/bbs/MobilePay/M.1560741991.A.952.html 台灣、泰國等地將支持韓國新世界SSG-PAY支付 http://www.coinvoice.cn/41193.html 4.虛擬貨幣/區塊鍊 新聞及資安 區域鏈專家教你如何保障網絡安全 https://fortuneinsight.com/web/posts/301509 幫企業減少跨境交易成本？VISA推出全球首個B2B區塊鏈支付平台 http://bit.ly/2IihRj8 區塊客一分鐘新聞 – 6 月 14 日重點：幣安被盜比特幣遭轉移 https://blockcast.it/2019/06/14/blockcast-daily-06-14/ 孫宇晨：歡迎阿里、騰訊進入數字貨幣支付領域 https://news.sina.com.tw/article/20190614/31635208.html 穩定幣比比特幣更穩定，但只是暫時的 http://news.knowing.asia/news/2626c12a-b95a-4c76-a05a-183a6f94856e 數據洩露醜聞爆發之後，Facebook積極佈局區塊鏈 http://news.knowing.asia/news/e6ca89d3-3ac8-4a30-8a25-48b31fbfa21c 國家級區塊鏈大聯盟 立委盼四管齊下 https://www.chinatimes.com/realtimenews/20190614003578-260410?chdtv 臉書數字貨幣獲VISA、Uber等支持，或在下周發白皮書 https://news.sina.com.tw/article/20190615/31639004.html 臉書加密通貨Libra 獲Visa、PayPal、優步投資 https://www.chinatimes.com/realtimenews/20190614004171-260410?chdtv Facebook即將推出Libra測試網 http://bit.ly/2WLWn7e 分析師：臉書加密貨幣 不會威脅到Visa、Mastercard https://times.hinet.net/news/22423984 FB加密貨幣項目曝光:共25個合作夥伴 各交1000萬美元 https://news.sina.com.tw/article/20190615/31639154.html 泰國銀行撤回:”將盡快使用XRP”的聲明 http://bit.ly/2WMC9dB 虛擬貨幣 下半年納入洗錢防制 https://udn.com/news/story/11316/3875776 防洗錢 虛擬幣交易 超商不納管 https://udn.com/news/story/7239/3875810?from=udn-catebreaknews_ch2 駭客集團所為？Coincheck員工的電腦中被檢測出病毒 http://m.match.net.tw/pc/news/technology/20190617/4928180 FB擬推加密幣 比特幣升破9300美元 http://www.orangenews.hk/finance/system/2019/06/17/010119237.shtml 肖磊：離華爾街接管比特幣產業已經不遠了 http://news.knowing.asia/news/662e3362-bdfa-4bbf-94ba-9d30bafe4838 Cosmos 披露 5 月主網漏洞調查細節 安全負責人：這一課讓我們明白建立快速安全溝通管道的重要性 https://blockcast.it/2019/06/18/cosmos-released-a-full-disclosure-of-last-months-vulnerability/ 黑客利用Mozilla Firefox漏洞攻擊Coinbase用戶 https://www.tuoluocaijing.com.tw/kuaixun/detail-70120.html 交易所遭郵件釣魚攻擊 超40萬美元BTC或失竊 https://news.sina.com.tw/article/20190618/31671114.html Stellar行星幣被披露發現通脹漏洞，增加22.5億個非常規XLM https://www.bishijie.com/shendu_26836 一文讀懂智能合約漏洞 https://www.chainnews.com/articles/848752496059.htm 另一種中心化？我們該如何看待幣安發行的BTCB http://news.knowing.asia/news/df6de059-0e06-4523-9aad-73486fb7511b 史上規模最大「東京 Coincheck 交易所駭客事件」案情逆轉，主謀可能是「俄羅斯駭客」 https://www.blocktempo.com/russian-hackers-may-have-carried-out-largest-ever-crypto-exchange-theft/ 金融科技成為洗錢新工具？ ICO的匿名和去中心化技術成為監管漏洞 https://www.storm.mg/article/1382555?srcid=73746f726d2e6d675f63373766396366313733396365313337_1561087985 臉書：Libra背後的資產是它與現有加密貨幣之間最大的差異 https://www.ithome.com.tw/news/131342 私隱問題未解決 美國議員誓阻Facebook發展新虛擬貨幣 http://bit.ly/31MietV 臉書幣是代幣而非貨幣！盤點央行總裁楊金龍分析虛擬通貨的5個觀點 http://news.knowing.asia/news/0d6307ac-3edb-41e8-a8df-0fa45b4a01b1 我該怎麼拿到臉書幣、可以用它來買什麼？看懂祖克柏的數位貨幣夢，你該知道的11個「Libra」幣Q&A https://www.storm.mg/article/1402970?srcid=73746f726d2e6d675f63373766396366313733396365313337_1561097575 Facebook Libra 加密貨幣將至，希望打造橫跨支付、商務、App 及遊戲平台 https://finance.technews.tw/2019/06/18/why-libra-could-be-worth-billions/ 反擊Facebook！瑞波宣布與MoneyGram達成戰略合作 http://news.knowing.asia/news/6b513e6f-af3a-415f-aa30-48ab9286c385 顧立雄關切臉書幣這兩件事 如涉及就須監理 https://money.udn.com/money/story/5613/3885196 Facebook's Libra Cryptocurrency Prompts Privacy Backlash https://www.bankinfosecurity.com/facebooks-libra-cryptocurrency-prompts-privacy-backlash-a-12655 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 HiddenWasp惡意軟體借用Mirai及Winnti程式碼攻擊Linux系統 https://blog.trendmicro.com.tw/?p=60839 針對中亞地區政府部門的攻擊：通過Office漏洞傳播新型Hawkball後門 https://www.4hou.com/other/18532.html 伊朗APT 組織MuddyWater 加入新的漏洞利用 https://www.chainnews.com/articles/241516300464.htm 駭客利用23款攻擊程式來散布新一代殭屍病毒Echobot https://www.ithome.com.tw/news/131311 紐約時報披露美軍網路作戰司令部已在俄羅斯電網植入惡意程式，必要時可使其癱瘓 https://www.techbang.com/posts/70871-us-cyber-command-has-planted-malware-on-the-russian-power-grid-paralysing-it-if-necessary ESET揭露可竊取Android手機一次性密碼的惡意程式 https://www.ithome.com.tw/news/131335 僵屍網路（Botnet）攻擊布署，由 Windows 轉向 Linux 與 IoT 設備 https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=878 不夠智慧的三星電視，提醒用戶需定期掃毒引發恐慌 https://technews.tw/2019/06/18/samsung-warns-people-smart-tv-should-regularly-scan-for-malware-is-making-people-panic/ Samsung 提示用戶要定期為智能電視掃描除毒 http://bit.ly/2ZD7pbU Bitdefender與警方聯手釋出勒索軟體GandCrab最新版解密工具 https://www.ithome.com.tw/news/131326 電腦系統被駭 佛羅里達州小城付千萬贖金救資料 https://udn.com/news/story/6813/3882752 佛州市政府遭駭 同意付60萬美元贖金保護資料 https://www.cna.com.tw/news/aopl/201906200085.aspx AESDDoS 殭屍網路變種,經由暴露在外的 Docker API 滲透容器 https://blog.trendmicro.com.tw/?p=60878 新手駭客也可輕易取得“軍事級”工具，攻擊使用過時 Windows 系統的企業 https://cms.airsupport.ga/xin-shou-hai-ke-ye-ke-qing-yi-qu-de-jun-shi-ji-gong-ju-gong-ji-shi-yong-guo-shi-windows-xi-tong-de-qi-ye-3/ Xenotime Group Sets Sights on Electrical Power Plants https://www.bankinfosecurity.com/xenotime-group-sets-sights-on-electrical-power-plants-a-12637 The US planted offensive malware in Russia's power grid https://engt.co/31EdIgS JURASIK RANSOMWARE ACTIVELY SPREADING IN THE WILD https://securitynews.sonicwall.com/xmlpost/jurasik-ransomware-actively-spreading-in-the-wild/ pyLocky Decryptor Released by French Authorities https://www.bleepingcomputer.com/news/security/pylocky-decryptor-released-by-french-authorities/ Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners https://blog.trendmicro.com/trendlabs-security-intelligence/advanced-targeted-attack-tools-used-to-distribute-cryptocurrency-miners/ Adware and PUPs families add push notifications as an attack vector https://blog.malwarebytes.com/adware/2019/06/adware-and-pups-families-add-push-notifications-as-an-attack-vector/ Microsoft warns Azure customers of Exim worm https://www.zdnet.com/article/microsoft-warns-azure-customers-of-exim-worm/#ftag=RSSbaffb68 New WSH RAT Malware Targets Bank Customers with Keyloggers https://www.bleepingcomputer.com/news/security/new-wsh-rat-malware-targets-bank-customers-with-keyloggers/ Houdini Worm Transformed in New Phishing Attack https://cofense.com/houdini-worm-transformed-new-phishing-attack/ Houdini malware targets victims with keylogger, online bank account theft tools https://zd.net/2ZzJom1 Bank hackers team up to spread financial Trojans worldwide https://www.zdnet.com/article/bank-hackers-team-up-to-spread-financial-trojans-worldwide/#ftag=RSSbaffb68 New Echobot malware is a smorgasbord of vulnerabilities https://www.zdnet.com/article/new-echobot-malware-is-a-smorgasbord-of-vulnerabilities/#ftag=RSSbaffb68 New Plurox malware is a backdoor, cryptominer, and worm, all packed into one https://www.zdnet.com/article/new-plurox-malware-is-a-backdoor-cryptominer-and-worm-all-packed-into-one/#ftag=RSSbaffb68 Plurox: Modular backdoor https://securelist.com/plurox-modular-backdoor/91213/ Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/ Ryuk Ransomware Adds IP and Computer Name Blacklisting https://www.bleepingcomputer.com/news/security/ryuk-ransomware-adds-ip-and-computer-name-blacklisting/ Florida city pays $600,000 to ransomware gang to have its data back https://www.zdnet.com/article/florida-city-pays-600000-to-ransomware-gang-to-have-its-data-back/#ftag=RSSbaffb68 Daily News Roundup: Houdini Ziele Für Malware Ihre Bank-Konto http://allinfo.space/2019/06/18/daily-news-roundup-houdini-ziele-fur-malware-ihre-bank-konto/ GandCrab Ransomware Decryption Tool [All Versions] — Recover Files for Free https://thehackernews.com/2019/06/gandcrab-ransomware-decryption-tool.html Ransomware gang hacks MSPs to deploy ransomware on customer systems https://www.zdnet.com/article/ransomware-gang-hacks-msps-to-deploy-ransomware-on-customer-systems/#ftag=RSSbaffb68 DanaBot Banking Trojan Upgraded with ‘Non Ransomware’ Module https://www.bleepingcomputer.com/news/security/danabot-banking-trojan-upgraded-with-non-ransomware-module/ Russian APT hacked Iranian APT's infrastructure back in 2017 https://www.zdnet.com/article/russian-apt-hacked-iranian-apts-infrastructure-back-in-2017/#ftag=RSSbaffb68 LoudMiner: Cross-platform mining in cracked VST software https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/ Cryptojacking: An Unwanted Guest https://www.bromium.com/cryptojacking-coin-miner-attack-uses-nsa-developed-equation-group-tools-to-move-laterally/ The Mobile Watering Hole: How A Sip Leads to A Trojan Compromise https://blog.zimperium.com/the-mobile-watering-hole-how-a-sip-leads-to-a-trojan-compromise/ B.行動安全 / iPhone / Android /穿戴裝置 /App 五月天石頭4字留言挺香港　臉書慘遭惡意檢舉一度「被消失」 https://dailyview.tw/Popular/Detail/5210 公共Wi-Fi暗藏危機 暑假出國旅遊連網務必注意 https://times.hinet.net/news/22425253 手機NFC隱含攻擊弱點　掌握原理避免無線盜刷 https://www.netadmin.com.tw/netadmin/zh-tw/technology/160F70CE888B42F8BA0842C791F4B979 小米手環 4 NFC 版也通過 NCC 審核，25 日新品發表會見 https://saydigi-tech.com/2019/06/7513.html WhatsApp 緊急修補嚴重資安漏洞：一通未接來電即可植入惡意程式進行監聽 https://blog.twnic.net.tw/2019/06/13/3969/ 解鎖漏洞再現！以色列公司 Cellebrite 可以解鎖任何 iOS 和 Android 設備 https://mrmad.com.tw/cellebrite-ufed-premium 國外用戶替 iPhone 6 破解 iPSW 成功安裝與執行 iOS 13 beta1 https://mrmad.com.tw/ios-13-beta1-ported-to-iphone6 《Pokemon Go》開發商針對「Global++」駭客組織提出訴訟 嘗試杜絕飛人等不法行為 https://gnn.gamer.com.tw/4/181234.html iOS 13開放NFC功能　將可掃描身分證、快速支付 https://www.ettoday.net/news/20190617/1469204.htm 抗衡中共數據監控！ 港人反送中Telegram尋串聯 http://bit.ly/2WMFa8A Telegram創辦人：DDoS攻擊IP多半來自中國 https://ithome.com.tw/news/131271 被捕 Telegram 谷主原來用小米手機！網民指：咁夠膽 http://bit.ly/2ZpuT3T Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests http://bit.ly/2KS5YCc Android's Built-in Security Key Now Works With iOS Devices For Secure Login http://bit.ly/31w0bIt 5G just part of technology's 'new Cold War frontline' https://www.zdnet.com/article/5g-just-part-of-technologys-new-cold-war-frontline/#ftag=RSSbaffb68 SIM-swap attack, iPad OS, Mate X delay, Pixel 4 reveal (MobileTechRoundup show #472) https://www.zdnet.com/article/sim-swap-attack-ipad-os-mate-x-delay-pixel-4-reveal-mobiletechroundup-show-472/#ftag=RSSbaffb68 SIM swap horror story: I've lost decades of data and Google won't lift a finger https://www.zdnet.com/article/sim-swap-horror-story-ive-lost-decades-of-data-and-google-wont-lift-a-finger/#ftag=RSSbaffb68 Warning Issued For Apple's 1.4 Billion iPad And iPhone Users https://www.forbes.com/sites/gordonkelly/2019/06/16/apple-iphone-ipad-security-warning-ios-12-iphone-xs-max-xr/#76bca39a3641 iOS 13: Your iPhone could also be your passport and ID card https://www.zdnet.com/article/ios-13-your-iphone-could-also-be-your-passport-and-id-card/#ftag=RSSbaffb68 Top 10 iPhone privacy and security tips you should check today https://www.zdnet.com/pictures/top-10-iphone-privacy-and-security-tips-you-should-check-today/#ftag=RSSbaffb68 Security firm claims it can unlock any iPhone https://www.zdnet.com/article/security-firm-claims-it-can-unlock-any-iphone/#ftag=RSSbaffb68 Instagram tests new ways to recover hacked accounts https://www.welivesecurity.com/2019/06/18/instagram-new-ways-account-recovery/ You’d better change your birthday – hackers may know your PIN https://www.welivesecurity.com/2019/06/19/change-birthday-hackers-may-know-pin/ C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件 蹲點男偷連未加密WIFI被告！檢察官2個理 https://disp.cc/b/163-bsQk FireEye揭露亞太企業偵測駭客活動 落後於其他地區同業 https://www.it-square.hk/archives/8731 大漏洞！SAT生物考試前 網上驚現考題及答案 http://bit.ly/2wY2qpK 網路攻防戰 破解駭客 企業自保8守則 https://vision.udn.com/vision/story/12939/3722041 陸駭客竊美國安局程式發動網攻 http://bit.ly/31HwunA 杜絕飛人外掛　Niantic怒告駭客組織「Global++」 https://game.ettoday.net/article/1469337.htm 香港醫管局網絡周一遭黑客攻擊3小時 消息稱6.12後屢遭密集式攻擊 https://hk.news.appledaily.com/local/realtime/article/20190620/59738296 千萬小心！票務系統遭攻擊 中國大陸湖南一景區損失23萬余元 https://news.sina.com.tw/article/20190620/31693338.html 官方認證！美國國土安全部成功測試Bluekeep攻擊，呼籲企業儘快修補 https://www.ithome.com.tw/news/131323 意外發生！大量歐洲網路流量被導向中國長達2小時 http://bit.ly/2wWMbcx China Telecom Swallows Huge Amount of European Mobile Traffic For Over Two Hours http://bit.ly/2XprncN 無視美警告 芬蘭軍方採購150架中國大疆無人機 https://news.ltn.com.tw/news/world/breakingnews/2825431 英國同意引渡「維基解密」創辦人阿桑奇 美國最高可判刑175年 http://bit.ly/2WGT9Nq 【中美貿易戰】避免遭波及 Google等外企將生產移出中國 http://bit.ly/2F8bHjq 研究：GPS 服務如果中斷一個月，每天經濟損失估計將達 10 億美元 https://technews.tw/2019/06/16/rti-international/ 數位冷戰！紐時：美國加大力度 網路入侵俄國電網系統 https://www.inside.com.tw/article/16645-trump-cyber-russia-grid 美澳加相繼被爆料 「自由」國度監控民眾不手軟 https://news.sina.com.tw/article/20190616/31648456.html 強力回擊！美國駭客攻擊俄羅斯電網 https://newtalk.tw/news/view/2019-06-17/261095 美國國家安全事務助理波頓：中共持續網攻美公私機構 http://bit.ly/2RvfWL1 美國各種公共事業遭高危險駭侵團體鎖定 https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=872 聯合國安理會程式存漏洞，受制裁恐怖分子仍可使用被凍結資金 https://on.wsj.com/2KtoWzz 堵中共技術剽竊 美議員提議設關鍵技術辦公室 http://bit.ly/2IuZvvk 中國大陸公信部公開徵求對《網絡安全漏洞管理規定（徵求意見稿）》的意見 http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057724/n3057728/c7005976/content.html 中國大陸《網絡安全漏洞管理規定》逐條解讀 http://www.zhonglun.com/Content/2019/06-19/1711082330.html 日本海事協會發布軟體資安指南 http://bit.ly/2FzwMnt 韓國政黨聲援香港反送中 臉書遭攻擊 https://www.ntdtv.com/b5/2019/06/20/a102605282.html 以色列與世行簽署協議助力發展中國家網路安全建設 https://news.sina.com.tw/article/20190618/31662496.html 中共封閉網路 美記者：影響陸民世界觀 http://bit.ly/31Ma6d6 Dutton's non-denial fuels fears of domestic ASD cyber spying https://www.zdnet.com/article/duttons-non-denial-fuels-fears-of-domestic-asd-cyber-spying/#ftag=RSSbaffb68 10 Highlights: Infosecurity Europe 2019 Keynotes https://www.bankinfosecurity.com/10-highlights-infosecurity-europe-2019-keynotes-a-12633 A quarter of major CMSs use outdated MD5 as the default password hashing scheme https://www.zdnet.com/article/a-quarter-of-major-cmss-use-outdated-md5-as-the-default-password-hashing-scheme/#ftag=RSSbaffb68 Two Weekend Outages, Neither a Cyberattack https://www.bankinfosecurity.com/blogs/two-weekend-outages-neither-cyberattack-p-2758 Singapore ahead in use of digital health records, but behind in AI for diagnosis https://www.zdnet.com/article/singapore-ahead-in-use-of-digital-health-records-but-behind-in-ai-for-diagnosis/#ftag=RSSbaffb68 FBI warning: Foreign spies using social media to target government contractors https://www.zdnet.com/article/fbi-warning-foreign-spies-using-social-media-to-target-government-contractors/#ftag=RSSbaffb68 Google Cloud's bad month continues as Google Calendar sputters https://www.zdnet.com/article/google-clouds-bad-month-continues-as-google-calendar-sputters/#ftag=RSSbaffb68 The dark web is nothing fancy: It's just a different set of protocols - like Tor https://www.zdnet.com/article/the-dark-web-is-nothing-fancy-its-just-a-different-set-of-protocols-like-tor/#ftag=RSSbaffb68 就業市場最缺工程師 演算法菜鳥工程師起薪近6萬元 https://udn.com/news/story/7238/3873788 大猩猩科技公司徵才 (智能影像分析/網路資安) https://www.cs.nctu.edu.tw/announcements/detail/4564?locale=en 資安經理 https://www.104.com.tw/job/6nc2m 資安維運實習生 https://www.104.com.tw/job/6ncai 軟體工程師(JAVA) https://www.104.com.tw/job/6ncb7 電信業今年要徵4,000人 https://money.udn.com/money/story/5648/3881897 ISO17025實驗室建置維運工程師 https://www.104.com.tw/job/6ndz2 資訊設備管制人員(資訊安全管理工程師) https://www.okwork.taipei/OkWorkTYS/ESO/portal/Registration/JobVacancyAction!jobDetail?HireId=9094773 中華電信大徵才 最高起薪48K https://udn.com/news/story/7240/3883047 Android 開發工程師 https://www.yourator.co/companies/jkopay/jobs/8235 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 上街頭抗爭前，網路公民須先學會的三種個資保護技巧 http://bit.ly/2x2ZNCZ 網路釣魚及流氓行動應用程式是詐騙攻擊最常用的媒介 https://blog.trendmicro.com.tw/?p=60797 新型釣魚詐騙活動，以加密訊息為由，騙取用戶帳號密碼 https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=873 電子旅行簽證 代辦網站似官網 http://www.hkcd.com/content/2019-06/18/content_1143557.html 網上辦理電子旅行簽證易被魚目混珠　香港消委會提示認清官網慎 http://www.hkcna.hk/content/2019/0617/769229.shtml 如何在抗議現場避免被監聽與跟蹤？前偵探教你安全 18 招 http://bit.ly/2wZb07G 個資是網路商業世界的通貨 消費者要強化自我保護意識 http://bit.ly/2IkaoA0 用戶個資全送中國？臉書承認與華為分享數據 https://newtalk.tw/news/view/2018-06-07/127055? 遭「網絡釣魚」詐騙 伯靈頓市府失50萬 http://bit.ly/2XlMexn 醫管局深夜改口 認急症室電腦毋須登入任睇傷者資料 頁面標明「For Police」 https://hk.news.appledaily.com/local/realtime/article/20190617/59726488 醫管局被指洩病人資料　公共醫療醫生協會：極度震驚 https://news.rthk.hk/rthk/ch/component/k2/1463595-20190618.htm 爆商標爭議！診所以「臺安」名義招攬健檢 民眾怨「若個資外洩、醫療糾紛找誰負責？」 http://bit.ly/2Xpr0i2 零售商須擬定全面性策略以確保網路安全與避免資料外洩 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000561980_MYSLUD3M7S43X61EE0B4W 台政府$2.5億撐港遊行？ 刑事局立案調查假訊息 https://hk.news.appledaily.com/china/realtime/article/20190620/59737394 男子偷8保險經紀信用卡 碌卡24萬被捕 https://hk.news.appledaily.com/breaking/realtime/article/20190620/59737237 臉書玩20題IQ測驗！他被威脅討2000元測驗費「已找討債公司」 https://www.ettoday.net/news/20190621/1472056.htm 對付假新聞應與新加坡合作 https://talk.ltn.com.tw/article/paper/1297485 「祝賀！您被Google隨機選中」跳出中獎視窗 當心挨詐 https://news.ltn.com.tw/news/society/breakingnews/2828577 信用卡及金融卡身份詐欺案件在英國急遽增加 http://bit.ly/2x96BPQ 身份證買賣背後的「網路黑色江湖」 https://news.sina.com.tw/article/20190621/31703284.html 網購化妝品險被詐 付款後網頁變英文 https://news.ltn.com.tw/news/society/breakingnews/2826394 Millions of Venmo transactions scraped in warning over privacy settings https://techcrunch.com/2019/06/16/millions-venmo-transactions-scraped/ Oregon State University breach exposed student, family data https://www.zdnet.com/article/oregon-state-university-breach-exposed-student-family-data/#ftag=RSSbaffb68 Mermaids transgender charity data breach exposed confidential emails https://www.zdnet.com/article/mermaids-transgender-charity-apologizes-for-data-breach/#ftag=RSSbaffb68 Singapore Prepares for Mandatory Breach Reporting https://www.bankinfosecurity.in/singapore-prepares-for-mandatory-breach-reporting-a-12638 Hackers Are After Your Personal Data – Here’s How to Stop Them https://blog.trendmicro.com/hackers-are-after-your-personal-data-heres-how-to-stop-them/ Data breach forces medical debt collector AMCA to file for bankruptcy protection https://www.zdnet.com/article/medical-debt-collector-amca-files-for-bankruptcy-protection-after-data-breach/#ftag=RSSbaffb68 Singapore sees drop in common security threats, but foresees more data breaches https://www.zdnet.com/article/singapore-sees-drop-in-common-security-threats-but-foresees-more-data-breaches/#ftag=RSSbaffb68 Protect your online identity now: Fight hackers with these 5 security safeguards https://www.zdnet.com/article/protect-your-online-identity-now-fight-hackers-with-these-5-security-precautions/#ftag=RSSbaffb68 Ad agency leaks data on US military veterans' combat injuries https://www.zdnet.com/article/ad-agency-leaks-data-on-us-military-veterans-combat-injuries/#ftag=RSSbaffb68 Meds prescriptions for 78,000 patients left in a database with no password https://www.zdnet.com/article/meds-prescriptions-for-78000-patients-left-in-a-database-with-no-password/#ftag=RSSbaffb68 E.研究報告 內網大殺器利用：CVE-2019-1040漏洞 https://www.anquanke.com/post/id/180379 WordPress插件IEAC漏洞分析及組合利用嘗試 https://www.freebuf.com/vuls/205735.html ApacheTomca遠程執行代碼（CVE-2019-0232）漏洞淺析和復現 http://bit.ly/31LIZ1v 黑客利用XSS漏洞，可訪問谷歌的內部網絡 https://tech.ifeng.com/c/7nY0BZMmNCe 實戰介紹Windows下的PC客戶端常見漏洞挖掘 http://www.sohu.com/a/321284564_466846 CVE-2019-12498：WordPress WP Live Chat漏洞分析 https://www.4hou.com/vulnerable/18540.html Tendermint表示上個月的Cosmos漏洞暴露出安全漏洞 http://bit.ly/2ZtFw5R CVE-2019-1040 结合RCE和Domain Admin的漏洞 https://bbs.pediy.com/thread-252018.htm 【乾貨分享】應急響應案例分析與經驗分享 http://blog.nsfocus.net/emergency-response-case-study/ WordPress插件Form Maker SQL注入漏洞分析 https://cloud.tencent.com/developer/article/1447342 Osmedeus：用於偵察和漏洞掃描的全自動安全工具 https://cloud.tencent.com/developer/article/1447398 影響NETGEAR路由器的0-Day：KCodes NetUSB兩個安全漏洞披露（CVE-2019-5016/5017） https://www.4hou.com/vulnerable/18655.html EXCHANGE上冒充任意用戶--Exchange Server權限提升漏洞(CVE-2018-8581)分析 https://www.cnblogs.com/backlion/p/11047387.html WhatsApp緩衝區溢出漏洞分析 https://juejin.im/entry/5d08a416f265da1ba84a92a2 脈輪漏洞調試筆記1 - ImplicitCall https://www.anquanke.com/post/id/180551 Versionscan：一款專為白帽子設計的PHP漏洞掃描報告工具 https://www.freebuf.com/sectool/206015.html 【駭客戰略定義更廣、偵測類別定義更細】快速認識ATT＆CK框架的最新變化 https://www.ithome.com.tw/news/131275 【不只幫助攻擊入侵行為的理解，更便於企業防禦評估】資安攻防新戰略MITRE ATT&CK https://www.ithome.com.tw/news/131274 淺談轟炸漏洞攻防思路 https://xz.aliyun.com/t/5432 第三方寄信服務簡易分析 http://bit.ly/2J0qrlz 保障IDC 安全：分佈式HIDS 集群架構設計 https://paper.seebug.org/957/ （MuddyWater）近期針對塔吉克斯坦、土耳其等地的攻擊活動匯總 https://www.freebuf.com/articles/network/205621.html “方程式組織”攻擊中東SWIFT服務商事件复盤分析報告 https://www.freebuf.com/articles/paper/205080.html 陌陌風控系統靜態規則引擎，零基礎簡易便捷的配置多種複雜規則，實時高效管控用戶異常行為。 https://github.com/momosecurity/aswan Antivirus Evasion with Python https://medium.com/bugbountywriteup/antivirus-evasion-with-python-49185295caf1 Pwning the Nokelock API https://www.pentestpartners.com/security-blog/pwning-the-nokelock-api/ Awesome Security https://github.com/sbilly/awesome-security Sad SACK: Linux PCs, servers, gadgets may be crashed by 'Ping of Death' network packets https://www.theregister.co.uk/2019/06/17/linux_tcp_sack_kernel_crash/ security-bulletins/advisories/third-party/2019-001.md https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md HackerOne's top 20 public bug bounty programs https://www.zdnet.com/pictures/hackerones-top-20-public-bug-bounty-programs/#ftag=RSSbaffb68 BAD THINGS IN SMALL PACKAGES https://objectivebythesea.com/v2/talks/OBTS_v2_Bradley.pdf ATTACKING TURBOFAN https://doar-e.github.io/presentations/typhooncon2019/AttackingTurboFan_TyphoonCon_2019.pdf CVE-2018-20319: Why you should always have two factor authentication on your VPN https://labs.nettitude.com/blog/why-you-should-always-have-two-factor-authentication-on-your-vpn-cve-2018-20319/ WhibOx 2019 White-Box Cryptography and Obfuscation (2nd Edition) 18-19 May 2019, Darmstadt, Germany https://www.cryptoexperts.com/whibox2019/ Cloud Security Research https://github.com/RhinoSecurityLabs/Cloud-Security-Research web_cms_exp https://github.com/anx1ang/Poc_Pentest HOW MALWARE PERSISTS ON MACOS https://www.sentinelone.com/blog/how-malware-persists-on-macos/ MODERN MALWARE THREAT: HANDLING OBFUSCATED CODE http://www.blackstormsecurity.com/CONFIDENCE_2019_ALEXANDRE.pdf API Series: SetThreadContext https://medium.com/tenable-techblog/api-series-setthreadcontext-d08c9f84458d Debugging the XNU Kernel with IDA Pro https://www.hex-rays.com/products/ida/support/tutorials/xnu_debugger_primer.pdf Running iOS in QEMU to an interactive bash shell (1): tutorial https://alephsecurity.com/2019/06/17/xnu-qemu-arm64-1/ PeekABoo https://github.com/Viralmaniar/PeekABoo Fuzzing Games with Dolphin Emulator https://jamchamb.github.io/portfolio/fuzzydolphin Threat Hunting - Hunter or Hunted'Author https://www.exploit-db.com/docs/47018 F.商業 以資安為核心出發 賦予行動用戶信譽評價 https://www.netadmin.com.tw/netadmin/zh-tw/trend/0D32569CCCD741F4A8B3F9D51E56E9B1 2019數位應用週 看見台灣軟實力 http://bit.ly/2WPCtrJ 開源負載平衡器HAProxy 2.0釋出，支援更完善的動態配置功能 https://www.ithome.com.tw/news/131309 趨勢科技強化網路攝影機安全 攔截500萬次攻擊 https://www.techbang.com/posts/70925-trend-micro-enhances-webcam-security-to-intercept-5-million-attacks 利用 Google 漏洞來避免負擔廣告費？The North Face 運動品牌被罵翻 http://bit.ly/2Y0P2NC 全景軟體2019下半年主推「多因素認證」與「手寫簽名系統」資安防護產品 http://bit.ly/2N0RL8O 搭建原生雲端應用安全性　推動企業轉型接軌數位經濟時代 API呼叫IT資源　促進開發與維運協同合作 https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/23DFAF3C6976452BB8AD2EC34B515733 OTT引爆高流量 中華電攜手Akamai助陣 https://money.udn.com/money/story/5612/3883499 中華電信攜手 Akamai，建立內容遞送網路服務策略夥伴關係 https://technews.tw/2019/06/20/cht-wz-akamai-on-cdn/ VMware收購Avi Networks 深化資安部署 https://money.udn.com/money/story/5640/3883788 Cloudflare發表「熵聯盟」分散式隨機數產生器開源專案 https://www.ithome.com.tw/news/131337 谷歌：停止開發陸版搜尋引擎 http://bit.ly/2XYjjMW 安碁資訊估今年營收成長 擴大布局東南亞 https://money.udn.com/money/story/5612/3884496 Cloudflare aims to make HTTPS certificates safe from BGP hijacking attacks https://arstechnica.com/information-technology/2019/06/cloudflare-aims-to-make-https-certificates-safe-from-bgp-hijacking-attacks/ Inside F5’s cyber security playbook http://bit.ly/31FypZQ Microsoft acquires Pull Panda for code-review collaboration https://www.zdnet.com/article/microsoft-acquires-pull-panda-for-code-review-collaboration/#ftag=RSSbaffb68 Microsoft finally releases Hyper-V Server 2019 https://www.zdnet.com/article/microsoft-finally-releases-hyper-v-server-2019/#ftag=RSSbaffb68 Hazelcast open source in-memory data grid secures $21.5 million funding, expands platform to real-time streaming data https://www.zdnet.com/article/hazelcast-open-source-in-memory-data-grid-secures-21-5-million-funding-expands-platform-to-real-time-streaming-data/#ftag=RSSbaffb68 MongoDB moves beyond the database with new cloud services https://www.zdnet.com/article/mongodb-moves-beyond-the-database-with-new-cloud-services/#ftag=RSSbaffb68 Azure Data Lake Storage gets Okera security and governance platform support https://www.zdnet.com/article/azure-data-lake-storage-gets-okera-security-and-governance-platform-support/#ftag=RSSbaffb68 Microsoft rolls out previews of Chromium-based Edge for Windows 7, 8 and 8.1 https://www.zdnet.com/article/microsoft-rolls-out-previews-of-chromium-based-edge-for-windows-7-8-and-8-1/#ftag=RSSbaffb68 IPVanish review: VPN delivers a wealth of options and browsing controls https://www.zdnet.com/article/ipvanish-review-a-rich-wealth-of-options-and-surfing-controls/#ftag=RSSbaffb68 G.政府 臺灣行動5G發展戰略大揭露！行政院：2020年將培育4千名5G應用人才 https://ithome.com.tw/news/131272 金融監督管理委員會公告：預告「電子支付機構清償基金組織及管理辦法」第11條之1修正草案 https://law.fsc.gov.tw/law/DraftOpinion.aspx?id=7725 調查局內的區塊鏈高手 ─ 專訪資安鑑識實驗室周士楨調查官 http://bit.ly/31z5WoN 電子連署今年可行？ 中選會：已進入資安測試階段 https://newtalk.tw/news/view/2019-06-17/260971 中選會：明年大選確定不綁公投 電子連署進入最終測試 https://tronice.rti.org.tw/news/view/id/2024365 用手機門號辦貸款　銀行可向金管會申請試辦6個月 https://www.ettoday.net/news/20190618/1470209.htm 立院臨時會 明處理「國安法」防駭客入侵 http://bit.ly/2L3awWp 網路共諜行為 納入國安法規範 http://bit.ly/2KvmaK6 國安法納入網路共諜 朝野協商達成共識 https://news.ltn.com.tw/news/politics/breakingnews/2826946 國安法納網際空間 共諜可判7年重罰1億 https://udn.com/news/story/12584/3881952 網路納國安範疇 管碧玲：確立反資訊戰法源 https://www.cna.com.tw/news/aipl/201906200218.aspx 法界：「網際空間」概念模糊 執法有爭議 https://udn.com/news/story/12584/3881943 立院三讀 為中國發展組織可關7年以上罰1億元 https://www.cna.com.tw/news/firstnews/201906195006.aspx 立院三讀／ 防中駭入 網路納入國安規範 https://m.ltn.com.tw/news/focus/paper/1297258 經濟部工業局辦理資訊安全應用實務人才養成班(台北) https://www.moea.gov.tw/MNS/populace/news/NewsAction.aspx?menu_id=43&news_id=85156 都市更新入口網站改版上架 強化資安防護 https://www.ydn.com.tw/News/340299 金管會另闢FinTech試辦 讓銀行「抄捷徑」 https://www.chinatimes.com/realtimenews/20190618004283-260410?chdtv 稽核人員研習班-保險代理人及保險經紀人(108年第二期) https://edu.tii.org.tw/pt_training/mpage/index/info/1072673711 有關媒體報導我國壽險業因應保險合約(IFRS17)影響及因應情形之說明 http://bit.ly/2ItBCUQ 金管會訂定「銀行申請業務試辦作業要點」 http://bit.ly/2IRuDE8 顧立雄談金融發展：我們鼓勵負責任的創新 https://udn.com/news/story/6871/3882930 H.ICS/SCADA 工控系統 布局工業網路安全 補強OT環境的防護缺口成新趨勢 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000561903_roi8jmxg1zom1i2heek57 工業3.5準智慧系統就位 工業4.0方能乘勢起飛 https://udn.com/news/story/11726/3883427 moxa -- awk-3121_firmware CVE-2018-10697 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-10697 moxa -- awk-3121_firmware CVE-2018-10698 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-10698 I.教育訓練 SLMT's Tutorial Blog http://slmtsite.blogspot.com/2014/09/security-table-of-contents.html 初探漏洞挖掘基礎 https://xz.aliyun.com/t/5428 整合 Android Paging Library: Part 1 https://enginebai.com/2019/04/22/android-paging-part1/ 整合 Android Paging Library: Part 2 https://enginebai.com/2019/06/17/android-paging-part2/ 資訊安全工程師證照輔導班 http://bit.ly/2WK13Wm How to Hack Wi-Fi: Get Anyone’s Wi-Fi Password Without Cracking Using Wifiphisher http://bit.ly/31GcZfe Digital Forensics and Incident Response https://jpminty.github.io/cheatsheet/DFIR/ An Instant Guide to Firewall Builder http://bit.ly/2MTphxx Kali Linux滲透測試篇：Nessus主機漏洞掃描工具配置【附工具】 https://www.bilibili.com/video/av55933035/ Container and Test Automation Management Practices in TrendMicro https://www.slideshare.net/ssusere62027/container-and-test-automation-management-practices-in-trendmicro 108 年 - 108 一般警察二等 網路與資訊安全(包括資訊安全技術與應用、資安事件處理)#76980 https://yamol.tw/exam.php?id=76980 J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 7/9 物聯網資安產業標準之「智慧巴士廠商」輔導及推廣說明會 http://www.ttia-tw.org/news.php?wshop=ttia&Opt=detailed&tp=News&lang=zh-tw&news_id=22644 虎頭山創新園區開幕 蔡英文：搶先佈局AI物聯網 https://udn.com/news/story/6656/3878432 虎頭山創新園區 蔡英文：打造資安物聯網中心 http://bit.ly/2L2S7sR 蔡總統：AIoT是台灣產業方向 https://udn.com/news/story/7240/3879632 虎頭山創新園區　總統：布局人工智慧結合物聯網 https://news.tvbs.com.tw/politics/1151454 勒索蠕蟲病毒無孔不入　醫療服務停擺時有所聞 醫療物聯網易遭鎖定　機敏資料防護最關鍵 https://www.netadmin.com.tw/netadmin/zh-tw/trend/D2C851E0075A4F88AF8C8FA9A5E684CD 感測通訊走向數位化 IO-LINK奠定機聯網基礎 https://udn.com/news/story/11726/3883256 解決物聯網應用3大瓶頸，ITM國際信任機器開發區塊鏈IC解決方案 https://meet.bnext.com.tw/articles/view/45010 物聯網大商機！智慧聯網玩具爆炸性成長 https://technews.tw/2019/06/20/connected-play-toy-market-growth/ TensorFlow is dead, long live TensorFlow https://hackernoon.com/tensorflow-is-dead-long-live-tensorflow-49d3e975cf04 Edge of tomorrow: Industrial IoT slowly assembles new modes of production https://www.zdnet.com/article/edge-of-tomorrow-industrial-iot-slowly-assembles-new-modes-of-production/#ftag=RSSbaffb68 IoT devices to generate 79.4ZB of data in 2025, says IDC https://www.zdnet.com/article/iot-devices-to-generate-79-4zb-of-data-in-2025-says-idc/#ftag=RSSbaffb68 6.近期資安活動及研討會 JCConf Taiwan 2019 Call for Proposals 6/1 ~ 6/30 https://twjug.kktix.cc/events/jcconf-2019-cfp 2019 6月份 SA@Taipei 6/22(六) Working with PowerShell https://studyarea.kktix.cc/events/8a726f12-copy-1 CCNS 定期聚 — 當 Python 遇上 JIT / PyPy 淺談 6/23 https://ccns.kktix.cc/events/ccns-pypy-talk 資安前哨站-獵殺封包 6/26 https://www.it360.com.tw/live-detail.aspx?id=iT36000000000348 智慧家庭IoT資安與個人隱私資安，如何防駭客，如何做防禦 6/27 https://www.techbang.com/posts/70549-lecture-smart-home-network-security HackingThursday 固定聚會 6/27 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/ 天黑請閉眼，與駭客的對話 6/29 https://tfc.kktix.cc/events/night-talk-hacking-hacker HackingThursday 固定聚會 7/4 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/ 2019 車用電子與車聯網資安種子教師研習營 7/4 ~ 7/5 http://www.kghs.kh.edu.tw/notice/11734 2019國際資訊安全組織台灣高峰會 7/9 ~ 7/11 https://csa.kktix.cc/events/2019con Secure Summit APAC 2019 安全峰會 6 大領域提升資安水平 7/10 ~ 7/11 http://bit.ly/2WbONh5 工業局補助網路安全檢測教育訓練 7/10 ~ 7/12 https://www.accupass.com/event/1904080311551119077841 HackingThursday 固定聚會 7/11 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/ HackingThursday 固定聚會 7/18 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/ 資安產學高峰論壇 7/18 https://www.accupass.com/event/1906140709596176666390 資安趨勢研討會 7/18 https://www.accupass.com/event/1906110041444881410360 第12屆台盧(森堡)經濟合作會議 7/19 http://registration.cieca.org.tw/visit/?d=74 5G+IoT美麗新世界的資安挑戰與機會研討會 7/18 http://iekweb2.iek.org.tw/IEKConf/Client/confinfo.aspx?mode=confinfo&conf_no=384953433 HackingThursday 固定聚會 7/25 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/ 新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站​ 7/26 https://ievents.iii.org.tw/eventS.aspx?t=0&id=547 CDX2.0推廣活動 - 台南場次 7/26 https://nchc-cdx.kktix.cc/events/cdxactivity-0726 資安事故處理實務課程 8/7 ~ 8/8 http://bit.ly/2VW0Lv9 DEF CON 27 2019/8/8–8/11 https://www.defcon.org/ 數位鑑識處理實務 8/14 ~ 8/15 http://bit.ly/2VW0Lv9 台灣駭客年會 HITCON Summer Training 2019 - 學生報名 2019-08-19 ~ 2019-08-22 https://www.accupass.com/event/1906050919271598677460 WEB應用滲透測試 8/21 ~ 8/23 https://www.accupass.com/event/1904080221358963463590 台灣駭客年會 HITCON Community 2019 2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8) https://www.accupass.com/event/1906040921594609934250 資安法規與制度研析課程－108年度「資安人才培訓及國際推展計畫－資安專業人才培育深化課程」 8/29 ~ 8/30 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw== 108年資安職能訓練-行動裝置安全(8/29-8/30) https://cee.ksu.edu.tw/recruitinfo/1443.html CDX2.0推廣活動 - 台北場次 9/10 https://nchc-cdx.kktix.cc/events/cdxactivity-0910 TANET 2019 - 臺灣網際網路研討會 9/25 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310 HITB+ CYBER WEEK 2019/10/12 ~17 https://d2p.hitb.org/ Splunk .conf 19 10/21 ~ 10/24 https://conf.splunk.com/ AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22 https://ittraining.kktix.cc/events/aiot-training-2019 Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019 https://www.icscybersecurityconference.com