資安新聞及事件週報 2018/12/17 ~ 2018/12/21

###### tags: `資安事件新聞週報` # 資安新聞及事件週報 2018/12/17 ~ 2018/12/21 1.重大弱點漏洞 Bash 驚現年度最大安全漏洞 http://www.twoeggz.com/news/12570883.html QEMU 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16872 VMware vRealize Operations 權限許可和訪問控制漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6978 慎防滑鼠鍵盤應用程式Logitech Options，暗開Windows後門 https://bit.ly/2EoPUok 羅技Options被曝注入攻擊漏洞，官方修復 http://www.sohu.com/a/282218580_114760 Logitech app security flaw allowed keystroke injection attacks https://www.zdnet.com/article/logitech-app-security-flaw-allowed-keystroke-injection-attacks/#ftag=RSSbaffb68 華碩與技嘉的驅動程式遭爆含有權限擴張漏洞 https://ithome.com.tw/news/127777 SECUREAUTH LABS 證實 ASUS、GIGABYTE 於應用程式中存在安全漏洞 https://news.xfastest.com/others/56219/secureauth-labs-asus-gigabyte-privilege-vulnerabilities/ D-Link DVA-5592 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17777 Adobe's Year-End Update Patches 87 Flaws in Acrobat Software https://bit.ly/2Gy0Cf0 50天53個漏洞：Adobe Reader 模糊測試結果驚人 https://www.aqniu.com/news-views/41988.html IBM Event Streams 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1833 Webroot BrightCloud SDK 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4015 Artifex Software Ghostscript 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19134 公開軟件漏洞　如向黑客教路 https://hk.news.appledaily.com/international/daily/article/20181216/20569793 電子設備芯片新的高危漏洞被發現或造成重大後果 https://pttnews.cc/80a6243e38 libexif 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030 SQLite爆重大漏洞! 數百萬App和IoT裝置資料安全拉警報 https://www.ithome.com.tw/news/127707 SQLite “Magellan” RCE漏洞影響數十億個應用程序，包括所有基於Chromium的瀏覽器 https://www.linuxidc.com/Linux/2018-12/155888.htm SQLite爆重大漏洞! 數百萬app和IoT裝置資料安全拉警報 https://bit.ly/2Bpxa4Y SQLite被曝存在漏洞，所有Chromium 瀏覽器受影響 https://nearathon.com/tuijian/37317 SQLite漏洞將使數以百萬計的應用程序受到黑客攻擊 https://bbs.pediy.com/thread-248430.htm SQLite bug impacts thousands of apps, including all Chromium-based browsers https://www.zdnet.com/article/sqlite-bug-impacts-thousands-of-apps-including-all-chromium-based-browsers/#ftag=RSSbaffb68 Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers https://thehackernews.com/2018/12/sqlite-vulnerability.html Chromium系列瀏覽器 SQLite 數據庫引擎存在漏洞可被遠程攻擊 https://www.landiannews.com/archives/53875.html Magellan: Remote Code Execution Vulnerability in SQLite Disclosed https://www.tenable.com/blog/magellan-remote-code-execution-vulnerability-in-sqlite-disclosed Google Chrome Serviceworker信息洩露漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6099 Google Chrome DevTools代碼執行漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6101 Google Go 路徑遍歷漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16874 Chrome 72釋出Beta版，增加公開類別域、使用者觸發查詢API https://www.ithome.com.tw/news/127773?fbclid=IwAR2Msg_nJWjlx5MtZabri4CNK3Bmbrl1LcKBvBhWvlZt7qgdwz6ZMTGLoCo Google working on blocking Back button hijacking in Chrome https://www.zdnet.com/article/google-working-on-blocking-back-button-hijacking-in-chrome/ 安全加倍！亞馬遜修復智能家居13處漏洞 https://kknews.cc/tech/g384pe9.html Responsive FileManager 9.13.4 XSS / File Manipulation / Traversal - CXSecurity.com https://cxsecurity.com/issue/WLB-2018120148 Realtek rtl81xx SDK遠程代碼執行漏洞(CVE-2014-8361) http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361 Symantec™ IT Management Suite 8.5 powered by Altiris™ technology 實施自動漏洞補救 https://symc.ly/2rBaRVk Windows 10 更新又出事，這次輪到音效驅動程式受影響 https://technews.tw/2018/12/16/windows-10-version-1809-cumulative-update-kb4471332-breaking-down-audio/ 微軟IE零時差弱點通知（CVE-2018-8653） https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653 微軟12月份月度安全漏洞預警 https://bbs.huaweicloud.com/forum/thread-13318-1-1.html 微軟 Internet Explorer 執行任意程式碼漏洞 https://kb.cert.org/vuls/id/573168/ 微軟緊急修補IE的遠端攻擊漏洞，Google證實有駭客已用於目標式攻擊 https://www.ithome.com.tw/news/127787 微軟緊急修補JSsript引擎，抑制IE 0-day在野攻擊 https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5070 微軟發布針對IE補丁：防止攻擊者利用漏洞破壞內存 https://iview.sina.com.tw/post/17985002 多款Apple產品NetworkExtension邏輯缺陷漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4369 ARM Trusted Firmware信息洩露漏洞 https://github.com/ARM-software/arm-trusted-firmware/pull/1127 Microsoft Windows rundll32.exe code execution https://packetstormsecurity.com/files/150772 Microsoft Issues Emergency Patch For Under-Attack IE Zero Day https://bit.ly/2CtiUtD UltraISO 9.7.1.3519 Output FileName Denial Of Service - CXSecurity.com https://www.anquanke.com/vul/id/1439678 phpMyAdmin 4.8.0~4.8.3 Transformation 任意文件包含/遠程代碼執行漏洞(需登錄/PMASA-2018-6/CVE-2018-19968) https://bit.ly/2rCZoVh 【升級PHP7與強化網站防護成焦點】不論是否升級至新版環境，PHP 5網站都不能坐以待斃 https://bit.ly/2UMdBws Bug fix #2 in Firefox Focus for iOS https://bit.ly/2PDYAsJ Thousands of Jenkins servers will let anonymous users become admins https://www.zdnet.com/article/thousands-of-jenkins-servers-will-let-anonymous-users-become-admins/#ftag=RSSbaffb68 Insider awarded $10,000 bounty for reporting enterprise software piracy https://www.zdnet.com/article/insider-awarded-10000-bounty-for-reporting-enterprise-software-piracy/#ftag=RSSbaffb68 Thousands of Jenkins servers will let anonymous users become admins https://zd.net/2S8RAGp Microsoft's new Windows 10 19H1 test build paves the way for new Sandbox feature https://www.zdnet.com/article/microsofts-new-windows-10-19h1-test-build-paves-the-way-for-new-sandbox-feature/#ftag=RSSbaffb68 IRS Linux move delayed by lingering Oracle Solaris systems https://www.zdnet.com/article/irs-linux-move-delayed-by-lingering-oracle-solaris-systems/#ftag=RSSbaffb68 哪裡可以找到SPECTRE和MELTDOWN安全漏洞更新 https://bit.ly/2SYq6Dl 2.銀行/金融/保險/證券/電子支付/行動支付/支付系統/虛擬貨幣/區塊鍊新聞及資安探討區塊鏈貨幣Bitcoin的技術與風險 https://bit.ly/2Eyda3R 「什麼是比特幣？」是2018年Google最常被問到的問題 https://bit.ly/2EvrdGC EOSMax和BetDice遭受回滾交易漏洞攻擊，損失較大 http://www.01caijing.com/article/33042.htm 關貿(6183)攜多家銀行打造供應鏈金融生態區塊鏈，有望提升放貸比例 https://bit.ly/2GuwfWs 加密貨幣監管再升級日本金融廳發布最新監管草案 https://bit.ly/2rKy3R7 2018 台北區塊鏈產官學高峰會，近百位海內外重量級人士與會 https://technews.tw/2018/12/19/2018-blockchain-summit/ 開發 DApp 就是開發全世界，微軟區塊鏈開發大賽英、台、美團隊抱回國際大獎 https://buzzorange.com/techorange/2018/12/19/blockchain-competition-2/ LINE首度揭露LINK區塊鏈生態系將主攻4國市場，包括臺灣 https://www.ithome.com.tw/news/127775 〈區塊鏈大應用〉臉書招募區塊鏈開發人員可望在未來推出加密貨幣 https://fnc.ebc.net.tw/FncNews/else/63380 當潮水退去，區塊鏈到底為我們帶來了什麼 http://news.knowing.asia/news/0bb8198d-bf18-4e5b-b6a1-a8c227b5c826 This Brazilian Bank Is Using Ethereum to Issue a Stablecoin https://bit.ly/2S9PNRF 《區塊鏈智能合約安全審計白皮書(2018年)》發佈 https://www.finet.hk/Newscenter/news_content/5c1717f5bde0b347a45eecd1 CSPay接受加密貨幣充值冀普及應用 https://www2.hkej.com/instantnews/hongkong/article/2018134 Fastwin遭黑客攻擊事件暴露新型漏洞， EOSIO官方已更新修復 http://www.bitecoin.com/online/2018/12/34033.html Timothy C. May離開了，當年的「密碼龐克」孕育了如今的比特幣 http://news.knowing.asia/news/29f15235-1998-48ae-ae35-8618ae0cba4f Blockchain, artificial intelligence top LinkedIn fastest-growing job categories https://www.zdnet.com/article/artificial-intelligence-tops-linkedin-fastest-growing-job-categories/#ftag=RSSbaffb68 華為被控資安漏洞　國泰金總座：提出證據來 https://bit.ly/2zXbFIG 華為設備有資安漏洞？國泰金總座：要有證據不是用想像 https://bit.ly/2CdE5Qm 率先接軌國際！國泰世華自願遵循「聯合國責任銀行原則PRB」 https://www.chinatimes.com/realtimenews/20181214002777-260410 多國政府採購禁華為顧立雄：國銀核心主機未用 https://www.cna.com.tw/news/firstnews/201812140229.aspx 金融機構清查中顧立雄：國銀核心主機皆未採用 https://www.chinatimes.com/newspapers/20181215000225-260202 靠臉就能吃飯！支付寶推刷臉支付「蜻蜓」 https://cnews.com.tw/005181214a03/ 資安、高齡化商品，納保險業安定基金計提標準 https://bit.ly/2GhaSI9 【金融業不能忽視的國家級駭客威脅】FireEye：APT 38組織發展針對SWIFT的攻擊軟體 https://ithome.com.tw/news/127650 利用「閃付」漏洞匪徒隔空「偷錢」 http://paper.wenweipo.com/2018/12/16/YO1812160010.htm 匿名者組織針對銀行系統的OpIcarus 2018攻擊預警 https://www.easyaq.com/news/478715784.shtml 銀行惡意軟件攻擊巴西移動用戶 https://ek21.com/news/3/18527/ 台灣金融研訓院董事長吳中書放軟身段建金融溝通平台 https://bit.ly/2A4bETp 金融業瘋考理財顧問證照　銀行業近千人最多 https://www.ettoday.net/news/20181214/1331305.htm 上海一犯罪團伙利用銀行APP漏洞非法獲利2800餘萬元 https://news.sina.com.tw/article/20181217/29287170.html 利用網銀APP漏洞非法獲利超2800萬6名嫌犯被刑拘 https://finance.sina.com.cn/money/bank/bank_hydt/2018-12-17/doc-ihqhqcir7592937.shtml 團伙利用網銀漏洞獲利數千萬女子一人佔三座睡覺被拘留 https://www.ximalaya.com/toutiao/12580759/145573021 網傳某銀行APP疑遭駭客入侵　部分用戶存款被歸零！還有網友稱：密碼錯誤也可以登陸 http://www.orgs.one/show/482603 防洗錢…銀行清理DBU帳戶 https://udn.com/news/story/7239/3542685 康和證券交易下單系統升級，因應逐筆交易新制 https://m.ctee.com.tw/livenews/aj/12172018101451639 CIMB Clicks用戶請註意！部分用戶銀行戶口遭盜用 https://bit.ly/2EtWb1V line pay卡回饋要排除其他間電子支付了 https://www.ptt.cc/bbs/creditcard/M.1545067453.A.12C.html 西聯匯款攜手TerraPay將支付選擇擴大至數百萬行動錢包 http://www.businesswirechina.com/hk/news/39358.html 上海商銀黑客松競賽結果揭曉 https://www.chinatimes.com/newspapers/20181218000341-260210 景文科大財經高峰會暢談數位銀行與FinTech https://n.yam.com/Article/20181217361128 京東數科與西聯匯款戰略合作涉足跨境匯款 https://news.sina.com.tw/article/20181217/29285972.html 銀行斷直連提速，中國銀行20日關閉第三方支付合作通道 https://news.sina.com.tw/article/20181217/29288968.html 區塊鏈e-Check認證汽車保險保單真假車主一掃便知 https://bit.ly/2UU9hve 用ATM漏洞撳$900萬酒保變花花公子歎夠後自首 https://hk.news.appledaily.com/international/realtime/article/20181219/59042999 發票兌獎APP上路領獎無紙化24hr兌獎 https://bit.ly/2UV5Oww 南韓推動金融產業創新將核准第三家純網銀 https://money.udn.com/money/story/5602/3547010 擁80萬用戶卻拒配合檢警調查　LINE Pay盜刷揪不出兇手 https://tw.news.appledaily.com/local/realtime/20181219/1485942/ LINE PAY盜刷拒絕給用戶資料　檢警抓不到兇手 https://news.tvbs.com.tw/local/1050410 信用卡莫名遭綁定 LINE Pay盜刷找嘸賊 https://tw.appledaily.com/headline/daily/20181220/38210411/ LINE PAY被盜刷檢警調用戶資料遭拒 https://news.cts.com.tw/cts/life/201812/201812191946433.html 遭指安全性有問題　LINE 強調與其他平台綁卡方式相同 https://tw.news.appledaily.com/new/realtime/20181219/1486472/ 防行動支付盜刷　銀行業：刷卡設定本人驗證 https://tw.appledaily.com/new/realtime/20181219/1486444/ 台壽保產物保險股份有限公司受金管會裁罰案之說明處分案說明 https://bit.ly/2LpVCHT 俄羅斯擬立法禁止支付寶微信等為俄公民提供服務 http://shanghaibiz.sh-itc.net/article/dwtz/dwtzhwsc/201812/1463624_1.html 最多跑一次：納稅人可通過微信支付掃碼一鍵交納稅費 https://news.sina.com.tw/article/20181219/29318484.html 持卡人注意金管會金檢發現有銀行超收違約金 https://udn.com/news/story/7239/3546590 金融業資安成本兩年內恐激增 https://www.chinatimes.com/newspapers/20181221000344-260205 電子支付太夯　央行：現金有4大優勢有存在必要　 https://www.ettoday.net/news/20181220/1336404.htm 楊金龍挺現金支付列四優勢 https://money.udn.com/money/story/5613/3549227 Mobile payment behaviors, biases examined in report https://www.atmmarketplace.com/news/mobile-payment-behaviors-biases-examined-in-report/ 2018 Health of Cash study: US consumers value payment choice https://www.atmmarketplace.com/blogs/2018-health-of-cash-study-us-consumers-value-payment-choice/ 徵才 - 金融業大獵才明年逾萬人 https://udn.com/news/story/7239/3539680 徵才 - 一銀明年將徵才450人　起薪3萬6000元 https://tw.appledaily.com/new/realtime/20181215/1484173/ 徵才 - 鐵飯碗來了！中華郵政明年再徵千人　起薪3萬1 https://tw.news.appledaily.com/life/realtime/20181217/1485000/ 徵才 - 行動支付系統工程師 https://www.1111.com.tw/job/85006375/ 3.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體「驅動人生」利用高危漏洞傳播病毒 12月14日半天感染數萬台電腦 https://ek21.com/news/3/15435/ 驅動人生回應傳播蠕蟲病毒：系舊版組件漏洞被黑客利用 https://www.landiannews.com/archives/53858.html 「驅動人生」升級現木馬病毒半天感染數萬台電腦 https://news.sina.com.tw/article/20181215/29266818.html 「驅動人生」木馬病毒爆發建議採取六種措施應對 https://news.sina.com.tw/article/20181216/29276414.html 新病毒爆發：利用「永恆之藍」傳播，2小時感染10萬台電腦挖礦 https://kknews.cc/tech/pkxxvke.html 新款macOS惡意程式OSX.LamePyre會把螢幕畫面傳給駭客 https://www.ithome.com.tw/news/127701 曾攻擊全球最大石油公司Shamoon/Disttrack 磁碟清除病毒,出現了新變種：你需要知道什麼 https://blog.trendmicro.com.tw/?p=58260 駭客利用 Twitter 發送 Meme迷因梗圖,藉圖像隱碼術( Steganography )躲避偵測 https://blog.trendmicro.com.tw/?p=58281 趨勢科技：推特帳號淪為駭客攻擊幫兇，發送meme圖片下令惡意程式發動攻擊 https://www.ithome.com.tw/news/127735?fbclid=IwAR1DQRXXO6Qze8W3TPjJm0-cTSVAonr2qbVDmIpC_MqokdTR-mj65VJ4Y_Y AutoIt 蠕蟲透過可移除磁碟,散播無檔案後門程式BLADABINDI/njRAT https://blog.trendmicro.com.tw/?p=58182 Brazilian mobile users hit with banking malware https://brica.de/alerts/alert/public/1240466/brazilian-mobile-users-hit-with-banking-malware/ CYBER | Brazilian mobile users hit with banking malware (THU-13-DEC-2018) https://localdemo.starfishbc.com/2018/12/13/brazilian-mobile-users-hit-with-banking-malware/ Stay on Top of Zero-Day Malware Attacks With Smart Mobile Threat Defense https://securityintelligence.com/stay-on-top-of-zero-day-malware-attacks-with-smart-mobile-threat-defense/ Fancy Bear exploits Brexit to target government groups with Zebrocy Trojan https://www.zdnet.com/article/fancy-bear-exploits-brexit-to-target-government-groups-with-zebrocy-trojan/#ftag=RSSbaffb68 Moldovian sentenced for stealing millions using Bugat banking malware https://cyware.com/news/moldovian-sentenced-for-stealing-millions-using-bugat-banking-malware-54126a1e New Shamoon Malware Variant Targets Italian Oil and Gas Company https://bit.ly/2zXRZEH New Shamoon Malware Variant Targets Italian Oil and Gas Company https://thehackernews.com/2018/12/shamoon-malware-attack.html Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/?utm_content=sf204617046&utm_source=twitter&utm_campaign=McAfee#sf204617046 Shamoon data-wiping malware believed to be the work of Iranian hackers https://www.zdnet.com/article/shamoons-data-wiping-malware-believed-to-be-the-work-of-iranian-hackers/#ftag=RSSbaffb68 Kronos banking Trojan: How does the new variant compare https://searchsecurity.techtarget.com/answer/Kronos-banking-Trojan-How-does-the-new-variant-compare New Malware Takes Commands From Memes Posted On Twitter https://bit.ly/2A57xXj APT Sidewinder complicates theirs malwares https://medium.com/@Sebdraven/apt-sidewinder-complicates-theirs-malwares-4e15683e7e26 B.行動安全 / iPhone / Android / App iOS 破解達人 Adam Donenfeld https://bit.ly/2GeqNXB 關於「資安漏洞回報獎金計劃」請直接至LINE官網申請 http://official-blog.line.me/tw/archives/78459057.html 人臉辨識真的安全嗎!? 3D列印頭像成功騙過Samsung S9，但iPhone X擋住了 https://www.ithome.com.tw/news/127714 手機的臉部辨識有多不安全？外媒用3D列印的臉部模型，成功騙過這 4款 Android 手機 https://bit.ly/2Ac7Pf9 Google 為 Keystore 加入新功能，提升 Android 裝置安全性 https://bit.ly/2rMoL75 悲報！iPhone越獄必裝的「Cydia」將在年底前關閉 https://www.cool3c.com/article/139828 Cydia 停止 Jailbreak App Store 購買機制 https://unwire.hk/2018/12/16/cydia-jailbreak-app-store-purchase-feature-shuts-down/software/cydia-app/ New Keystore features keep your slice of Android Pie a little safer https://bit.ly/2Ekp9RM Security Best Practices: Symmetric Encryption with AES in Java and Android https://bit.ly/2QBaVTW Cydia app store pulls plug on purchases for jailbroken iPhones https://www.zdnet.com/article/cydia-app-store-pulls-plug-on-purchases-for-jailbroken-iphones/#ftag=RSSbaffb68 Google announces crackdown on Play Store ratings and reviews https://www.zdnet.com/article/google-announces-crackdown-on-play-store-ratings-and-reviews/#ftag=RSSbaffb68 5G Networks: The New Security Challenges https://www.bankinfosecurity.asia/interviews/5g-networks-new-security-challenges-i-4197 C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件 2019資安預測趨勢科技提出3大警示 https://bit.ly/2GteMh5 三星官網介面出現CSRF，險成會員帳號劫持途徑 https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5069 趨勢科技公布2019資安預測：資料外洩攻擊白熱化、網路釣魚攻擊件數明顯大增、工控系統威脅持續升高 https://blog.trendmicro.com.tw/?p=58307 及早防患於未然，國家資安防護範圍以ISP網路為前線 https://www.ithome.com.tw/news/127761 網絡黑客利用漏洞“截胡”商家服務費牟利2500餘萬元 http://m.xinhuanet.com/2018-12/18/c_1123870817.htm 為臺灣高等資安教育努力，持續強化暑期與跨校課程，與國際結合則成新手段 https://www.ithome.com.tw/news/127704?fbclid=IwAR1xevNReQo33wMpVYdvtKWlDct_vCa_yyOjoLU_cfNANi0XO5Kgs6Tqcfg 區塊鏈、資安下一代數位科技 https://bit.ly/2rBOYVM 雙因素驗證並非100%安全，伊朗駭客成功繞過驗證機制入侵Gmail、Yahoo帳號 https://bit.ly/2SVO8ij HITCON Defense競賽打造企業真實資安攻防環境 https://bit.ly/2UO3Uxv 讓用戶自然而然操作才是正道，GNOME資安團隊從軟體開發強化作業系統安全 https://www.ithome.com.tw/news/127703 強韌的恢復能力已成為資安攻防的重要心法 https://ithome.com.tw/news/127688 FIDO正式成為國際標準加速政府部門與產業導入應用 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=45&id=0000550140_qzr0od9e5kivxcleq15rh 全球FIDO標準發展落實於銀行服務、電信與消費電子 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=40&id=0000550146_nbo2than3ovc117hs2294 新「太空國防」當道　反情報靠大數據制 https://news.tvbs.com.tw/focus/1047629 多樣的社交工程手法網紅成駭客新目標，入侵掌握帳號或是當作散佈惡意連結的管道 https://bit.ly/2SdsoyK 兩年前被Twitter輕忽的臭蟲遭到駭客開採，洩漏用戶的國碼 https://www.ithome.com.tw/news/127771?fbclid=IwAR0lEDCxmLetZ0DAUnYsp_V5LBrOisxJ9RkbEBkMfE_eR6dNZVDEI3WJYVU 給特斯拉挑錯黑客大賺 https://bit.ly/2A1diVY 資安黑天鵝亂竄還能鴕鳥心態 https://udn.com/news/story/11321/3542660 BTS港騷售票網站遭駭客入侵 https://bit.ly/2Sd0pyV 網軍皮卡丘？介入美國大選，Pokémon Go成為俄國煽動媒介 https://global.udn.com/global_vision/story/8662/3543071 俄國網軍壓境！連寶可夢也遭滲透？　IG成美國社群網戰主場 https://www.ettoday.net/news/20181219/1334815.htm 以桌遊模擬國家當局資安攻防！捷克資安專家首度在臺舉行相關演練 https://ithome.com.tw/news/127782 「兩階段驗證」被破解了？伊朗駭客成功繞過 https://applealmond.com/posts/45708 地標遭冠「中華台北」疑陸網軍所為 https://bit.ly/2Lq9LVJ 天網入侵？火鍋店有60台監視器恐資安危機 https://bit.ly/2SZgybq 川普獵殺中國科技黑名單揭密，下一家公司會是誰 https://technews.tw/2018/12/15/trump-hunts-china-science-and-technology-blacklist/ 捷克總理下令政府機關禁用華為手機 https://bit.ly/2Btsjzx 華為事件影響資安專家：沒有槍的戰爭已開打 http://www.epochtimes.com/b5/18/12/19/n10920380.htm 不受美國影響，傳印度將和華為合作測試5G https://www.ithome.com.tw/news/127737 印度邀華為演示5G 當地業者反彈 https://www.chinatimes.com/newspapers/20181219000326-260203 印度政府籲禁用陸設備華為命運一波三折 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=9&cat=305&id=0000550160_sey26zle5xpnpv1f3sp2y 華為：日本與法國並未真的禁止我們的設備、為資安將投20億美元 https://applealmond.com/posts/45751 捷克資安當局警告華為和中興設備構成國安威脅 https://www.cna.com.tw/news/afe/201812180022.aspx 遭全球封殺華為給丹麥的「求情信」曝光 https://www.secretchina.com/news/b5/2018/12/15/879199.html 自以為聰明的英國，放任華為替中國打開歐洲資安的後門 https://www.thenewslens.com/article/110111 華為的國家安全風險：西方和盟國聯合布防 https://www.bbc.com/zhongwen/trad/46595173 華為 Huawei 資安漏洞後門大開造成全球國安危機 https://www.vedfolnir.com/huawei-security-vulnerability-national-security-crisis-29834.html 遏制華為「五眼聯盟」早有共識 https://ec.ltn.com.tw/article/breakingnews/2645418 安全擔憂日益升溫華為在歐洲面臨盟友「圍剿」 https://news.cnyes.com/news/id/4255320 美報告：軍方導彈系統安全防護不足，漏洞未補，未加密傳輸及多因素驗證 https://www.ithome.com.tw/news/127766 美海軍網絡多漏洞中國黑客收穫大 https://www.boxun.com/news/gb/finance/2018/12/201812152038.shtml 美國海軍竭力抵禦中國駭客 https://on.wsj.com/2A1308j 傳中國駭美國海軍承包商竊取飛彈機密 https://money.udn.com/money/story/5599/3538457 中國駭美國海軍承包商竊取飛彈機密 https://bit.ly/2BkrWY1 杜絕中共黑客攻擊美海軍全面檢查安全漏洞 https://ogate.org/show.aspx?name=c997704 美軍承包商疑遭中國駭客攻擊飛彈關鍵技術外流 http://news.ltn.com.tw/news/world/breakingnews/2643276 「中」駭美海軍承包商竊飛彈等機密 https://bit.ly/2zXQlCL 中國駭客盜走緊好多美國海軍機密，海軍方面仍在努力堵大窿 https://m.hkgolden.com/view.aspx?message=6996170&type=CA 中駭客竊取美軍飛彈資料 https://udn.com/news/story/6813/3538655?from=udn-ch1_breaknews-1-cate5-news 美海軍承包商傳遭中國黑客入侵竊取導彈機密 https://bit.ly/2SR2MYm 飛彈關鍵技術外流！中國駭走美海軍機密　美軍清查資安漏洞 https://www.ettoday.net/news/20181215/1331847.htm 中國駭客竊美海軍機密包商淪攻擊目標軍方急查資安漏洞 https://tw.appledaily.com/international/daily/20181216/38207082/ 中網攻美軍包商軍艦、飛彈機密遭駭 http://news.ltn.com.tw/news/focus/paper/1254389 美軍承包商疑遭中國駭客攻擊飛彈關鍵技術外流 https://bit.ly/2LkpSDU 【中美角力】中國黑客被批入侵網絡竊取美軍關鍵技術 https://bit.ly/2A52VjN 美媒：華黑客竊美導彈船艦機密 https://china.hket.com/article/2232626 杜絕中共黑客攻擊美海軍全面檢查安全漏洞 http://www.epochtimes.com/b5/18/12/14/n10911447.htm 曾竊潛艇超音速反艦導彈方案軍方指中國黑客屢入侵承包商 https://bit.ly/2GiQ3fx Chinese hackers stepped up their cyber attacks against companies that are contractors for the U.S. Navy https://24-my.info/chinese-hackers-stepped-up-their-cyber-attacks-against-companies-that-are-contractors-for-the-u-s-navy/ US ballistic missile systems have very poor cyber-security https://www.zdnet.com/article/us-ballistic-missile-systems-have-very-poor-cyber-security/#ftag=RSSbaffb68 Audit finds cyber vulnerabilities in U.S. missile defense system https://bit.ly/2CfASQ0 美批陸千人計畫盜竊技術 https://www.chinatimes.com/newspapers/20181216000079-260309 中國海外「千人計劃」被指滲透美研究機構 https://bit.ly/2ChwMaj 抵禦中國資安威脅日政府編列預算開發反駭客程式 https://times.hinet.net/news/22149068 日本 NTT : 不建議使用華為的產品 https://bit.ly/2PDNYKs 主要機具供應商日本安川：華為已凍結所有訂單 https://www.chinatimes.com/newspapers/20181215000224-260202 日本全國警戒駭客攻擊　演習參與者破歷史新高 https://www.taiwannews.com.tw/ch/news/3596658 華為遭遇全球抵制的原因 http://www.epochtimes.com/b5/18/12/19/n10919991.htm 華為胡厚崑：美國正在製造「華為產品不安全」的恐慌 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000550257_5ko3lvtr43cmy0898hkh6 資安疑慮法國跟進排除華為5G http://ec.ltn.com.tw/article/paper/1254167 捷克資安當局警告華為和中興設備構成國安威脅 https://www.bannedbook.org/bnews/zh-tw/cbnews/20181218/1048880.html 黃背心恐有俄國網軍操作法國安單位要查 https://newtalk.tw/news/view/2018-12-15/181038 法外交部網站遭駭出境旅客資訊洩露 http://www.chinesetoday.com/big/article/1248192 法國旅遊警示登錄網站遭駭個資恐遭不當使用 https://news.ebc.net.tw/News/world/143749 德國資安辦公室：部份德企可能受中國駭客攻擊 https://ec.ltn.com.tw/article/breakingnews/2646904 德國資安辦公室：部份德企可能受中共駭客攻擊 http://tw.aboluowang.com/2018/1220/1220453.html 傳中國駭客攻擊德國公司 https://www.chinatimes.com/realtimenews/20181219003340-260410 Chinese hackers tap into EU diplomatic communications network https://www.zdnet.com/article/chinese-government-taps-into-eu-diplomatic-communications-network/#ftag=RSSbaffb68 中國駭客入侵歐盟通訊網路，竊取歐盟成員之間的外交電報 https://www.ithome.com.tw/news/127791 歐盟外交通訊遭駭上千敏感電文曝光了 https://udn.com/news/story/6809/3548022 中國解放軍精銳駭客遭指多年網襲歐盟外交機密 https://www.bannedbook.org/bnews/zh-tw/cbnews/20181220/1049740.html 中國駭客疑入侵歐盟外交通訊上千敏感電文曝光 https://bit.ly/2QEXcvB 歐盟電文遭駭暴露對「雙普」心驚驚 https://udn.com/news/story/11314/3546978 美國資安公司：解放軍偷竊大量歐盟外交文件 https://www.taiwannews.com.tw/ch/news/3600921 陸解放軍無孔不入？歐盟遭駭、上千外交機密疑外洩 https://bit.ly/2R74YOd 美組聯合陣線譴責並制裁中國駭客與間諜 https://money.udn.com/money/story/5599/3549169 美國務院與國土安全部聯合聲明譴責中方資助駭客 https://bit.ly/2PWlzzw 中國黑客傳先入侵惠普IBM 再攻擊其客戶 https://bit.ly/2R91RW0 路透：中國駭客入侵惠與和IBM網路再駭人客戶電腦 https://udn.com/news/story/6813/3549446 美起訴2名陸駭客涉竊取商業機密 https://udn.com/news/story/6813/3549358 美宣布撤軍敘利亞庫德族：IS將重新集結 https://bit.ly/2QNq7gP 隱私被看光？澳洲通過新法允許政府取得加密訊息 https://cnews.com.tw/005181217a04/ 萬豪酒店被駭美官員直指中方主導 https://turnnewsapp.com/global/politics/69697.html Did China Hack Marriott, Or Is This Fake News https://www.bankinfosecurity.asia/interviews/did-china-hack-marriott-or-this-fake-news-i-4196 別上當！北美出現勒索比特幣的炸彈勒索信 https://bit.ly/2A2wtia 美加數十處接獲炸彈威脅歹徒要求付比特幣付贖金 https://bit.ly/2BqII89 駭客廣發炸彈恐嚇電郵，在多國勒索比特幣 https://technews.tw/2018/12/14/bomb-threats-email-for-bitcoin/ 駭客廣發炸彈恐嚇電郵，在多國勒索比特幣 https://technews.tw/2018/12/14/bomb-threats-email-for-bitcoin/ 19州現炸彈電郵促以比特幣付兩萬元 https://bit.ly/2BnnVSE 「兩階段驗證」被破解了？伊朗駭客成功繞過 https://applealmond.com/posts/45708 DOD doesn't keep track of duplicate or obsolete software https://www.zdnet.com/article/dod-doesnt-keep-track-of-duplicate-or-obsolete-software/#ftag=RSSbaffb68 Fake Bomb Threat Emails Demanding Bitcoins Sparked Chaos Across US, Canada https://bit.ly/2BqxAYF 'Bomb threat' scammers are now threatening to throw acid on victims https://www.zdnet.com/article/bomb-threat-scammers-are-now-threatening-to-throw-acid-on-victims/#ftag=RSSbaffb68 美台商業會長警告：若使用華為台美難合作 https://bit.ly/2GjRWZo 美台商業會長警告：若使用華為台美難合作 http://news.ltn.com.tw/news/focus/paper/1254188 「兩岸2019」兵棋推演：美國打台灣牌台灣須戒慎恐懼 https://www.chinatimes.com/realtimenews/20181219003402-260409 青松資訊：Anonymous捲土重來OpIcarus2018持續發威 https://www.aqniu.com/vendor/41932.html STATE-LEVEL RESPONSES TO MASSIVE CYBER-ATTACKS: A POLICY TOOLBOX https://www.clingendael.org/nl/node/9766 Symantec tracks down a new hacking group Seedworm aka Muddywater https://www.cybersecurity-insiders.com/symantec-tracks-down-a-new-hacking-group-seedworm-aka-muddywater/ Intelligence Cyber attack, ieri a Roma conclusa l’esercitazione “Cyber Shield: facing the threat” http://www.reportdifesa.it/cyber-attack-ieri-a-roma-conclusa-lesercitazione-cyber-shield-facing-the-threat/ North Korea Launches Cyber Attack On United States https://paletiks.com/2018/12/14/north-korea-launches-cyber-attack-on-united-states/ Save the Children Foundation duped by hackers into paying out $1 million https://www.zdnet.com/article/save-the-children-foundation-duped-by-hackers-into-paying-out-1-million/#ftag=RSSbaffb68 The U.S. Should Use Beijing’s Social Credit System against China https://bit.ly/2PHyjtx Macron tente d’acheter la paix sociale https://bit.ly/2CcKURX British Teenager gets 3 year sentence for DDoS and False Bomb Threats https://bit.ly/2QT1G0P Australia's encryption laws are 'highly unlikely' to dragoon employees in secret https://www.zdnet.com/article/australias-encryption-laws-are-highly-unlikely-to-dragoon-employees-in-secret/#ftag=RSSbaffb68 5 technologies you'll get sick of hearing about in 2019 https://www.zdnet.com/article/5-technologies-youll-get-sick-of-hearing-about-in-2019/#ftag=RSSbaffb68 Bing recommends piracy tutorial when searching for Office 2019 https://www.zdnet.com/article/bing-recommends-piracy-tutorial-when-searching-for-office-2019/#ftag=RSSbaffb68 Trump, Google, United Nations are among 2018's worst password offenders https://www.zdnet.com/article/trump-google-un-are-among-2018s-worst-password-offenders/#ftag=RSSbaffb68 Super Micro: Audit Didn't Find Chinese Spying Chip https://www.bankinfosecurity.asia/super-micro-audit-didnt-find-chinese-spying-chip-a-11846 WSJ website defaced by PewDiePie fan in ongoing YouTube subscribers battle https://www.zdnet.com/article/wsj-website-defaced-by-pewdiepie-fan-in-ongoing-youtube-subscribers-battle/#ftag=RSSbaffb68 PewDiePie printer hacker strikes again: subscribe and sort out your security https://www.zdnet.com/article/pewdiepie-printer-hacker-strikes-again-subscribe-and-sort-out-your-security/#ftag=RSSbaffb68 Twitter discloses suspected state-sponsored attack https://www.zdnet.com/article/twitter-discloses-suspected-state-sponsored-attack/#ftag=RSSbaffb68 New attack intercepts keystrokes via graphics libraries https://www.zdnet.com/article/new-attack-intercepts-keystrokes-via-graphics-libraries/#ftag=RSSbaffb68 Hackers Intercepted EU Diplomatic Cables for 3 Years https://www.bankinfosecurity.com/hackers-intercepted-eu-diplomatic-cables-for-3-years-a-11872 徵才 - 【顧問部】顧問師 (新興科技資安技術)-319C https://m.1111.com.tw/job/85208987/ 徵才 - RD20329_1 軟體工程師 https://www.104.com.tw/job/?jobno=6grwd&jobsource=freshman2009 徵才 - 急徵!資安工程師(駐場地點:台北市) https://www.104.com.tw/job/?jobno=5u8ui&jobsource 徵才 - 資安工程師 https://www.104.com.tw/job/?jobno=6gquk&jobsource=joblist_a_date 徵才 - 資安工程師 (台中市潭子區、台南市永康區) https://www.1111.com.tw/job/85138458/ 徵才 - 網路資安工程師--台北 https://www.104.com.tw/job/?jobno=3ybgp&jobsource=joblist_b_date D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷當78%的指紋辨識儀器都被欺騙時 https://www.eettaiwan.com/news/article/20181219NT61-antispoofing-schemes-for-fingerprint-recognition-systems 一頁式詐騙不只臉書！就算入口網站、Yahoo新聞也有陷阱 https://zi.media/@wwwmygopencom/post/C87us7 多樣的社交工程手法網紅成駭客新目標，入侵掌握帳號或是當作散佈惡意連結的管道 https://bit.ly/2Gxs24z Facebook 的瀏覽記錄消除工具要到明年春季才會推出 https://chinese.engadget.com/2018/12/18/facebook-browsing-history-control-delayed/ Facebook再遭打擊！科技泰斗「莫博士」宣布即將銷號 https://news.cnyes.com/news/id/4256464 台人到韓國開偽卡工廠　盜刷3200萬韓元！返台被起訴 https://www.ettoday.net/news/20181217/1333047.htm 組偽卡集團赴首爾盜刷 3台嫌遭起訴 https://www.cna.com.tw/news/asoc/201812170246.aspx 墮假公安騙案內地女大生被騙360萬 http://www.hkcna.hk/content/2018/1219/733941.shtml 注意了！偽造的Office 365無法傳遞通知成為駭客網釣新手法 https://www.ithome.com.tw/news/127724?fbclid=IwAR2MEpOQHArp7tX7YfLmH952_oMWJPmZ63BRdePKHdlfwL32_6yfaRJEtZo 信用卡假交易套利涉款2億 http://orientaldaily.on.cc/cnt/china_world/20181216/00178_005.html 推特爆個資漏洞異常流量疑來自中、沙贊助的駭客 http://news.ltn.com.tw/news/world/breakingnews/2645502 Twitter 個人資料外洩，疑似遭國家支持駭客入侵 http://technews.tw/2018/12/19/twitter-leaks-chinese-and-saudi-arabia-ip/ 假檢察官騙了10多年仍管用　翁領光86萬老本警神速登門攔阻 https://www.ettoday.net/news/20181216/1332412.htm 數據庫沒加密毋須密碼大陸軟件 Boomoji 洩露大量用戶資料 https://unwire.hk/2018/12/17/boomoji-databases-leaked/tech-secure/ 確保遵守隱私法愛爾蘭主管機關調查臉書 https://bit.ly/2SMZ5mr 「勞保局」未接快回撥？竟是詐騙新招 https://bit.ly/2UODvzS 哪些密碼最容易被破解、遭駭竊取？安全機構公布十大「最不安全」密碼最新排名 http://3c.ltn.com.tw/news/35350 2018十大「最不安全」密碼　「123456」五連冠 https://www.ettoday.net/news/20181217/1332803.htm 2018年密碼觀念最差者：五角大厦、Nutella榜上有名，Google意外拿下第八 https://www.ithome.com.tw/news/127712 設定密碼別偷懶　連5年奪冠的危險密碼是這個 https://tw.appledaily.com/new/realtime/20181216/1484740/ 愛爾蘭查個資外洩案　Facebook將面臨16億美元罰款 https://www.ettoday.net/news/20181217/1332714.htm 保護用戶個資不力　華盛頓特區檢察總長控告臉書 https://tw.news.appledaily.com/international/realtime/20181220/1486627/ 第三方軟件可隨意存取照片　Facebook Stories 漏洞影響 680 萬人 https://bit.ly/2Espy4D 臉書又爆資安漏洞數百萬用戶「私密照片」遭曝光 https://bit.ly/2SN47iI 臉書資安漏洞爆不完！相片應用程式出包，680萬用戶私人照片外洩 https://www.storm.mg/article/714687 臉書證實發現新Bug！　680萬用戶「私人照」外洩 https://www.ettoday.net/news/20181215/1331474.htm 臉書再爆洩漏用戶私訊！150家企業窺個資 https://news.ftv.com.tw/news/detail/2018C20I05M1 注意！臉書資安又出包　高達680萬人隱私照片恐外流 https://www.setn.com/News.aspx?NewsID=470913 Facebook再發生數據洩漏影響6800萬用戶 http://www.metroradio.com.hk/news/default.aspx?NewsId=20181215042751 Facebook defends giving tech giants access to extensive user data https://www.zdnet.com/article/facebook-defends-giving-tech-giants-access-to-extensive-user-data/#ftag=RSSbaffb68 臉書9月竟曾出現大漏洞　680萬名用戶照片外流 https://www.taiwannews.com.tw/ch/news/3597376 Facebook新醜聞：微軟、亞馬遜等公司甚至可以讀取用戶私信 https://news.cnyes.com/news/id/4256854 Facebook 爆用戶私隱漏洞合作夥伴 Netflix / Spotify 可共享兼刪除帳號訊息 https://bit.ly/2GJ0OYX Uber個資外洩案法國處40萬歐元罰款 https://money.udn.com/money/story/10511/3549062 E乳梓梓裸照外流遭疑自導自演　嘆「沒有這麼白痴」 https://tw.news.appledaily.com/new/realtime/20181214/1483533/ 伊朗駭客假冒Gmail和Yahoo Mail遭駭通知信來發送釣魚郵件，專門鎖定記者、社運人士和官員 https://bit.ly/2EsC2KF 刷卡訂機票遭疑「違法盜刷」取消乘客控樂桃：離譜 https://news.ebc.net.tw/News/Article/144002 趨勢科技：2019憑證資料外洩遭盜用詐騙事件將增加 https://udn.com/news/story/7239/3545890 美國太空總署員工資料遭不明存取，影響範圍與數量正在調查中 https://www.zdnet.com/article/nasa-discloses-data-breach/ Mayday! NASA Warns Employees of Personal Information Breach https://bit.ly/2T3x6yN NASA驚爆伺服器遭駭客入侵，過去12年員工個資恐遭外流 https://www.ithome.com.tw/news/127788 NASA discloses data breach https://www.zdnet.com/article/nasa-discloses-data-breach/#ftag=RSSbaffb68 GDPR: EU Sees More Data Breach Reports, Privacy Complaints https://www.bankinfosecurity.com/gdpr-eu-sees-more-data-breach-reports-privacy-complaints-a-11873 Seven from ten Americans worried about holiday shopping identity theft https://www.zdnet.com/article/seven-from-ten-americans-worried-about-holiday-shopping-identity-theft/#ftag=RSSbaffb68 Brazilian IT firm Tivit suffers data leak https://www.zdnet.com/article/brazilian-it-firm-tivit-suffers-data-leak/#ftag=RSSbaffb68 Technologies That Help in Breach Investigations https://www.bankinfosecurity.asia/technologies-that-help-in-breach-investigations-a-11838 Gartner's Avivah Litan on Impact of Marriott Breach https://www.bankinfosecurity.com/gartners-avivah-litan-on-impact-marriott-breach-a-11863 Hackers have earned $1.7 million so far from trading data stolen from US gov payment portals https://www.zdnet.com/article/hackers-have-earned-1-7-million-from-trading-stolen-us-gov-payment-portal-data/#ftag=RSSbaffb68 Data Leak Exposes Psychologists' Home Addresses https://www.bankinfosecurity.asia/data-leak-exposes-psychologists-home-addresses-a-11871 E.研究報告 OSX Github桌面版RCE漏洞分析 http://www.4hou.com/vulnerable/15004.html Asuswrt-merlin 自定義 dnsmasq 解析 https://bit.ly/2GlI01q 分析Pwn2Own上的一個Adobe漏洞利用 https://xz.aliyun.com/t/3595 網站安全公司對於網站邏輯漏洞的修復方案分享 https://my.oschina.net/u/3887295/blog/2988660 phpMyAdmin LOAD DATA INFILE 任意文件讀取漏洞 https://www.v2ex.com/t/517722 ThinkPHP V5高危漏洞分析騰訊禦界高級威脅檢測系統可成功檢出 https://s.tencent.com/research/report/607.html Python Web之瓶會話和格式化字符串漏洞 https://xz.aliyun.com/t/3569 基於Android組件的應用程序脆弱性分析 http://cdmd.cnki.com.cn/Article/CDMD-10013-1017291182.htm CVE-2018-8611 Windows kernel事務管理器0 day漏洞分析 http://www.4hou.com/vulnerable/15203.html UPnProxy：一種利用路由器UPnP漏洞的惡意代理系統 https://www.freebuf.com/articles/terminal/191013.html 挖洞經驗| 價值$7500的Google MyAccount服務端點擊劫持漏洞（Clickjacking） https://www.freebuf.com/vuls/190709.html 使用本地DTD文件來利用XXE漏洞 https://www.anquanke.com/post/id/168012 python自動化測試人工智能 https://china-testing.github.io/practices.html RF-14310（CVE-2018-12533）分析 https://paper.seebug.org/766/ S2-003 遠程代碼執行漏洞 https://blog.csdn.net/Fly_hps/article/details/84999857 S2-005 遠程代碼執行漏洞檢測與利用 https://blog.csdn.net/Fly_hps/article/details/85000125 S2-013 遠程代碼執行漏洞檢測與利用 https://blog.csdn.net/Fly_hps/article/details/85034215 S2-016遠程代碼執行漏洞檢測與利用 https://blog.csdn.net/Fly_hps/article/details/85035223 S2-045（CVE-2017-5638）分析 https://paper.seebug.org/767/ S2-057遠程代碼執行漏洞檢測與利用 https://blog.csdn.net/Fly_hps/article/details/85037056 Web安全漏洞分析-路徑遍歷漏洞 http://www.twoeggz.com/news/12604098.html (Android Root)CVE-2017-7533 漏洞分析和復現 https://bbs.pediy.com/thread-248481.htm 《夢幻模擬戰》漏洞挖掘全過程 https://hk.saowen.com/a/fe09d93f538f926eb5408f746584d92ab05bc9ce4048ac7403669c01e9b20253 針對多個DirectX內核漏洞的分析 https://hk.saowen.com/a/b95196f5d1f9f16fc5d425746f6892cdf609f910bf1a4f40bb8d2e6e8d8b128d 挖洞經驗| Google服務端Referer信息洩露漏洞 https://www.freebuf.com/vuls/190605.html 驅動人生旗下應用分發惡意代碼事件分析- 一個供應鏈攻擊的案例 https://www.anquanke.com/post/id/168017 淺入淺出網站系統的信息安全 https://zhuanlan.zhihu.com/p/52518413 漏洞預警：DB2數據庫存在執行任意代碼漏洞 https://www.freebuf.com/company-information/192288.html Web漏洞掃描器的設計與實現（一） https://zhuanlan.zhihu.com/p/52851722 Thinkphp5 遠程代碼執行漏洞事件分析報告 https://paper.seebug.org/770/ 對CVE-2018-8587（Microsoft Outlook）漏洞的深入分析 https://www.anquanke.com/post/id/168205 通過MS17_010來學習msf對滲透的利用 https://www.cnblogs.com/bmjoker/p/10151708.html POC 2017 - Make LoadLibrary Great Again.pdf https://github.com/f0rgetting/Presentations/blob/master/POC%202017%20-%20Make%20LoadLibrary%20Great%20Again.pdf?fbclid=IwAR2PfVE8F9h78qryPsMCRSDaEqDyJVl3mv18vy0N1_6Eyal6aeCkxwPgIW4 Ghost 2.8.0 release, modern online content professional release platform https://meterpreter.org/ghost/?fbclid=IwAR35DWJ0Pp3ZvPOfU1hvCuhglGiT5miWsas12Myjpr_FUYegyr-rFRNJPdo Microsoft Office has the dark mode on macOS Mojave https://bit.ly/2Lgxzv2 Joomscan – Open Source Joomla Vulnerability Scanner https://bit.ly/2RUsT0i Vivaldi 2.2 release: improves accessibility, navigation and media experience https://meterpreter.org/vivaldi-2-2/?fbclid=IwAR0b4nZEPayYxvaxyW_t37olVGj7m9tYGA_VtWizTMGg3FCQuqGYR7329XY NoSQLMap – Open Source Audit and Attack NoSQL Databases https://bit.ly/2UJpXpi StalkPhish v0.9.5 releases: The Phishing kits stalker https://securityonline.info/stalkphish-the-phishing-kits-stalker/ WhatWaf v0.11.11 releases: Detect & bypass web application firewalls and protection systems https://securityonline.info/whatwaf/ HELK v0.1.6-alpha12132018 Releases: The Hunting ELK https://securityonline.info/helk/ ThunderShell v2.0.2 Releases: Fully encrypted powershell RAT https://securityonline.info/thundershell-encrypted-powershell-rat/ Laravel Collections Every Laravel Developers Goto Resource https://laravelcollections.com/?fbclid=IwAR2rjmYvkDrrJEEOxerebbCmQNFwBH2T4L6-JmmhHDjjTys1Obp5lMQWb-E F.商業安碁導入AI資安防護　2019年可望雙位數成長 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000549889_qo49x8n17ve7d1lvay1oj Fortinet 2019威脅態勢預測：網絡犯罪五大趨勢 https://www.secrss.com/articles/7078 Docker推新版Docker Hub，一次整併Docker商城、Docker Cloud服務 https://ithome.com.tw/news/127686 英特爾和TPG洽談以逾42億美元出售McAfee給私募股權Thoma Bravo https://news.cnyes.com/news/id/4255273 日本Line強化資料防護收購南韓網路安全公司 https://money.udn.com/money/story/5602/3539656 Fortify 源碼弱點檢測助應用程式安全快速上線 https://marketing.ares.com.tw/dm/newsletter-2018-12-fortify/ 資安整合服務平台的緣起與意義 https://bit.ly/2SQX3l9 Chrome 瀏覽器未來將阻止網站竄改使用者瀏覽記錄，告別回不去的上一頁 https://www.kocpc.com.tw/archives/234388 中小型企業可負擔的企業級資安防護-FireEye https://www.zerone.com.tw/Content/Product/CD62D2A1CD97EBFF 中華電信首推Android零接觸註冊機制 https://bit.ly/2Lvdx02 Microsoft officially announces 'Windows Sandbox' for running applications in isolation https://www.zdnet.com/article/microsoft-officially-announces-windows-sandbox-for-running-applications-in-isolation/#ftag=RSSbaffb68 Microsoft's new Office app for Windows 10 is coming to all Office users for free https://www.zdnet.com/article/microsofts-new-office-app-for-windows-10-is-coming-to-all-office-users-for-free/#ftag=RSSbaffb68 G.政府台灣8大行業明年禁用華為等大陸電信設備 http://www.epochtimes.com/b5/18/12/14/n10911159.htm 國安會宣布！明年起8大關鍵基礎建設禁用中國製產品 https://bit.ly/2QwOj76 1月1日起　台灣嚴禁「華為」進入八大敏感行業 https://www.secretchina.com/news/b5/2018/12/16/879316.html 網攻頻傳國防院籲跨國資安聯防 http://news.ltn.com.tw/news/focus/paper/1254530 「共軍擬2020年侵台？」國防院報告出爐 https://www.secretchina.com/news/b5/2018/12/14/879141.html 國防院首發中共政軍報告點出中共以「代理人」統戰台灣 https://bit.ly/2rB3e1g ＮＣＣ：已禁用中製核心網路設備 http://ec.ltn.com.tw/article/paper/1254166 全美警戒中國資安威脅　傳電信雙雄將拒用華為基地台 https://www.taiwannews.com.tw/ch/news/3597402 江雅綺：張善政的科技決勝論解決不了網路假新聞難題 https://www.upmedia.mg/news_info.php?SerialNo=54210 回應陸「人臉辨識」設備風險金管會示警 https://bit.ly/2CdFMxa 金管會訂定商業銀行以全權委託方式辦理「銀行法」第74條之1所定有價證券投資者應符合之相關規定 https://bit.ly/2S43fX6 防範假訊息　行政院提修法最重可處無期徒刑 https://tw.appledaily.com/new/realtime/20181215/1484331/ 顧立雄：不是新創就非得支持 https://bit.ly/2QABSHi 金管會下令：銀行雲端伺服器都要在台灣 https://bit.ly/2PJLY3u 政府應為雲端服務建立相關規範！雲端安全聯盟促使新加坡當局制訂COIR指南 https://www.ithome.com.tw/news/127772?fbclid=IwAR2wXziZH-w0sOI1zELhiVg9IBB42_iMhfvFPFQ8a5WeDMeouLPvPXNrC1Q H.工控系統/ICS/SCADA Siemens TIM 1531 IRC security bypass CVE-2018-13816 https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf Three Things ICS Security Pros Can Do to Maximize Uptime https://www.powermag.com/three-things-ics-security-pros-can-do-to-maximize-uptime/ ICS Security Risks For 2019 Revealed https://www.sensorsmag.com/embedded/ics-security-risks-for-2019-revealed Indegy Publishes Industrial Cyber Security Predictions for 2019 https://www.businesswire.com/news/home/20181218005097/en/Indegy-Publishes-Industrial-Cyber-Security-Predictions-2019 I.教育訓練類一篇文章讓你理解SQL注入漏洞的原理 http://www.safebase.cn/article-254519-1.html 一篇文章讓你理解CSRF、點擊劫持和url跳轉的攻擊原理 http://www.safebase.cn/article-254502-1.html 網絡安全入門的16個基本問題 http://www.safebase.cn/article-254521-1.html GRE一戰327 兩星期衝刺心得分享 https://bit.ly/2A05WSG 網路直播危機多教育部推直播二三事懶人包 https://money.udn.com/money/story/7307/3547704 Building a Smart Card Transit Ticketing System with Redis and Raspberry Pi https://bit.ly/2S1vLZi Designing Multi-Threaded Applications Using Swift https://bit.ly/2rBHmTn Improving code testability with Swift protocols https://bit.ly/2QyL3bl What Is Microservices Architecture https://medium.com/fintechexplained/what-is-microservices-architecture-1da41a94a29b Turning Python Scripts into CLI Commands https://bit.ly/2EAtxgH J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機防特網公司揭露物聯網資安關鍵 https://readers.ctee.com.tw/cm/20181214/a43ac7/946642/share 安全漏洞 5G 網路將會對自動駕駛造成威脅 https://www.7car.tw/articles/read/54430 為對付跟蹤狂，Taylor Swift 演唱會使用臉部辨識技術 http://technews.tw/2018/12/14/taylor-swift-tracked-stalkers-with-facial-recognition-tech-at-her-concert/ 全球物聯網大會TIOTA成立物聯網區塊鏈委員會 https://bit.ly/2S3DSoj 你以為是填 reCAPTCHA 驗證碼，其實在幫 Google 訓練 AI https://technews.tw/2018/12/17/keying-recaptcha-working-for-google/ 物聯網時代「資安防禦網」不可少！工控系統不灌防毒軟體怎麼防毒？就讓它來把關 https://www.damanwoo.com/node/92532 卡巴斯基：可連網的家用電動車充電器漏洞，可讓駭客隨意控制充電甚至引發火災 https://www.ithome.com.tw/news/127731 這廠商人臉辨識失誤率僅0.3% https://bit.ly/2QXrrND 艾拉物聯：台灣發展物聯網要放眼全球商機 https://udn.com/news/story/7240/3546469 艾拉物聯聯合創始人張南雄發展物聯網放眼全球 https://money.udn.com/money/story/5648/3547046 智慧城鄉蘊含產業商機　下世代潛力股待孵育 https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000550321_QZX208II3U4VKM08GDQH9 研華建立共創生態系統，描繪物聯網新世界 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000550200_jc112c8h1klhzhlmfmlng 趨勢科技的 2019 資安年度大預測：駭客攻擊由 IT 轉向 OT，人機界面是主要漏洞 https://buzzorange.com/techorange/2018/12/19/2019-trend-micro-security-predict/ 趨勢科技結盟夥伴攻物聯網資安商機 https://www.chinatimes.com/realtimenews/20181220002563-260410 陸車聯網市場料維持高成長，2025年規模估逾2千億RMB https://bit.ly/2R7seLJ 智慧工廠浪潮下的六種潛在資安威脅 https://blog.trendmicro.com.tw/?p=58195 智慧製造衍生隱憂　資安防護須從晶片端導入 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000550433_2k15m5462vh1t34kr44z8 This Wearable Patch Detects Stress Hormone in Sweat https://bit.ly/2UJV4AX New machine learning algorithm breaks text CAPTCHAs easier than ever https://www.zdnet.com/article/new-machine-learning-algorithm-breaks-text-captchas-easier-than-ever/#ftag=RSSbaffb68 K.CTF CTF-Writeup/browser/PlaidCTF_2018_Roll-a-d8/ https://bit.ly/2GiGaP7 CTF-Writeup/browser/Blaze_CTF_2018_blazefox/ https://github.com/wwkenwong/CTF-Writeup/tree/master/browser/Blaze_CTF_2018_blazefox CTF-Writeup/browser/Codegate_CTF_2017_Preliminary_jsworld/ https://github.com/wwkenwong/CTF-Writeup/tree/master/browser/Codegate_CTF_2017_Preliminary_jsworld 4.近期資安活動及研討會物聯網應用發展策略與安全設計-1天，假日速成班 2018/12/22 09:30(+0800)~18:30 https://cyber-training.kktix.cc/events/404221c0-copy-2 【課程】AI 人工智慧實戰班，類神經網路 DNN、CNN、RNN 通通傳授，兩天時間專家帶你進入Deep Learning 的大門 12/22 ~ 12/23 https://www.techbang.com/posts/62515-course-ai-artificial-intelligence-practical-class-deep-learning-machine-learning-image-recognition 入門UI設計！Adobe Xd 快速上手工作坊 (台北假日場) 12/23 https://www.accupass.com/event/1811221341231138544404 專業手機暨硬碟資料救援教育訓練課程 12/26 ~ 12/28 http://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=46 Taipei 暗号通貨 (Cryptocurrency) Meetup 12/26 https://bit.ly/2Ercv4p Taipei.py 十二月月會 (Monthly Meeting) 2018 12/27 https://www.meetup.com/Taipei-py/events/256337705/ 系統日誌分析實務 12/27 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3653&from_course_list_url=homepage 亥客書院 - 高階網頁滲透測試 2019/1/5 https://hackercollege.nctu.edu.tw/?p=768 資策會2019/1/5開辦CompTIA Security+ 國際網路資安認證班 https://n.yam.com/Article/20181129286231 2019 政府資安戰略論壇 2019/01/03 13:00(+0800)~16:30 https://csa.kktix.cc/events/csa190103 【課程】Arduino四軸飛行器開發實作，無人機硬體、無線遙控器、飛控軟體整合、飛行教學，一天學會 1/5 https://bit.ly/2LdYJ5H ISDA 白帽入門讀書會黑帽python入門 1/5 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=299 【課程】用Google TensorFlow實作推薦系統，讓機器學習應用各種商務情境、提升商品曝光達到精準行銷 1/12 https://bit.ly/2PysEaH