###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/6/10 ~ 2019/6/14 1.重大弱點漏洞/後門/Exploit/Zero Day VMware 發布新的安全更新 https://www.vmware.com/security/advisories/VMSA-2019-0009.html Xen 阻斷服務漏洞 https://xenbits.xen.org/xsa/advisory-295.html D-Link 連網監視攝影機被爆資安漏洞，駭客可取得影像內容 https://blog.twnic.net.tw/2019/06/13/3991/ TP-Link 路由器多個漏洞 https://nvd.nist.gov/vuln/detail/CVE-2019-6989 Facebook CDN系统中的文件下载漏洞 http://521.li/post/872.html Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery https://www.exploit-db.com/exploits/46967 phpMyAdmin 多個漏洞 https://www.auscert.org.au/bulletins/ESB-2019.2016/ 校園英聽教材互動廣播系統 存在 資料庫注入攻擊 漏洞 https://www.kl.edu.tw/v7/eduweb/index.php?func=edu_msg&edumsg_id=68985 eClass平台 存在 任意檔案下載 漏洞，請盡速確認並進行修補作業 https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=3003 Yubico生產的USB安全金鑰裝置也傳臭蟲，將免費換新 https://www.ithome.com.tw/news/131273 If you haven’t patched Vim or NeoVim text editors, you really, really should https://arstechnica.com/information-technology/2019/06/if-you-havent-patched-vim-or-neovim-text-editors-you-really-really-should/#p3 Adobe Issues Critical Patches for ColdFusion, Flash Player, Campaign http://bit.ly/2KHTih6 Exim RCE漏洞影響數百萬伺服器，已有駭客發動攻擊程式 https://www.ithome.com.tw/news/131270 Critical Flaw Reported in Popular Evernote Extension for Chrome Users http://bit.ly/2IJh1L4 Google Researcher Details Windows Cryptographic Library Bug https://www.bankinfosecurity.eu/google-researcher-details-windows-cryptographic-library-bug-a-12622 印象筆記在谷歌瀏覽器上的擴展存在嚴重漏洞影響多達460萬名用戶 https://www.landiannews.com/archives/59545.html 研究表明只有5.5% 的被發現漏洞曾遭到利用 https://www.chainnews.com/articles/805592825471.htm 研究：駭客在這9年來所開採的公開漏洞中，只有一半利用公開攻擊程式 https://www.ithome.com.tw/news/131208 Intel 處理器再被發現嚴重資安漏洞「ZombieLoad」，用戶請速更新系統 https://blog.twnic.net.tw/2019/06/13/4014/ Intel fixes severe NUC firmware, web console vulnerabilities https://www.zdnet.com/article/intel-fixes-severe-firmware-web-console-vulnerabilities/#ftag=RSSbaffb68 New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions http://bit.ly/2I9DJxd Critical bug found in popular mail server software https://www.welivesecurity.com/2019/06/07/mail-server-software-exim-critical-bug/ huawei -- s12700_firmware CVE-2019-5285 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5285 linksys -- wrt1900acs_firmware CVE-2019-7311 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-7311 zyxel -- p-660hn-t1_firmware CVE-2019-6725 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6725 microfocus -- service_manager CVE-2019-11646 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11646 phpmyadmin CVE-2019-11768 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11768 qemu CVE-2018-20815 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20815 Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor https://thehackernews.com/2019/06/linux-vim-vulnerability.html vim CVE-2019-12735 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12735 Release Notes June 2019 Security Updates https://portal.msrc.microsoft.com/en-us/security-guidance Microsoft Releases June 2019 Security Updates to Patch 88 Vulnerabilities http://bit.ly/31vnP7K Security update deployment information: June 11, 2019 https://support.microsoft.com/en-us/help/20190611/security-update-deployment-information-june-11-2019 NSA joins chorus urging Windows users to patch ‘BlueKeep’ https://www.welivesecurity.com/2019/06/06/nsa-urging-users-patch-bluekeep/ Windows 10 zero-day details published on GitHub https://www.zdnet.com/article/windows-10-zero-day-details-published-on-github/#ftag=RSSbaffb68 Researcher Posts Demo of BlueKeep Exploit of Windows Device https://www.bankinfosecurity.com/researcher-posts-demo-bluekeep-exploit-windows-device-a-12580 Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw http://bit.ly/2WW4hKi Microsoft blocks BLE security keys with known pairing vulnerability https://www.zdnet.com/article/microsoft-blocks-ble-security-keys-with-known-pairing-vulnerability/#ftag=RSSbaffb68 微軟發表6月份Patch Tuesday修補更新 快速堵上被駭客公佈的零時差漏洞 http://bit.ly/2IFrd7G Microsoft's June 2019 Patch Tuesday fixes many of SandboxEscaper's zero-days https://www.zdnet.com/article/microsofts-june-2019-patch-tuesday-fixes-many-of-sandboxescapers-zero-days/#ftag=RSSbaffb68 June’s Patch Tuesday Fixes 88 Security Flaws, Including SandboxEscaper’s Zero Days, HoloLens https://blog.trendmicro.com/trendlabs-security-intelligence/junes-patch-tuesday-fixes-88-security-flaws-including-sandboxescapers-zero-days-hololens/ CVE-2019-0974 | Jet Database Engine Remote Code Execution Vulnerability http://bit.ly/2WHlTKy 奇安信A-TEAM團隊助微軟修復高危漏洞獲官方致謝 https://news.sina.com.tw/article/20190612/31603298.html Two hacking groups responsible for huge spike in hacked Magento 2.x stores June 12, 2019 https://www.zdnet.com/article/two-hacking-groups-responsible-for-huge-spike-in-hacked-magento-stores/#ftag=RSSbaffb68 ambionics/magento-exploits https://github.com/ambionics/magento-exploits/blob/master/magento-sqli.py MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI https://www.ambionics.io/blog/magento-sqli Liferay Portal < 7.1 CE GA4 / SimpleCaptcha API XSS https://www.exploit-db.com/exploits/46983 Cross Site Request Forgery (CSRF) https://www.exploit-db.com/exploits/46982 Intel NUC Kit 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11126 思科產品多個漏洞 https://tools.cisco.com/security/center/publicationListing.x CentOS 7.6 - 'ptrace_scope' Privilege Escalation https://www.exploit-db.com/exploits/46989 Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit) https://www.exploit-db.com/exploits/46984 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 財金資訊公司董事長林國良：掌握數位金融服務，提升競爭力 http://bit.ly/2Wpq2hi 台北富邦銀行數位長李維斌：小步快跑，跟上數位金融大趨勢 http://bit.ly/2WvZfVJ 金融科技夯 風險控管浮檯面 https://money.udn.com/money/story/6808/3861865 沙盒新案！銀行跨行支付 挑戰財金公司 https://www.chinatimes.com/realtimenews/20190606004529-260410?chdtv （HSM）漏洞影響銀行、雲供應商和政府 https://www.chainnews.com/articles/283509474927.htm 網上現中國銀行欺詐網頁　香港金管局呼籲市民提高警覺 http://bit.ly/2MDGcUU 香港金管局研電子錢包實名制 新開戶須身份認證 冀明年10月推 http://bit.ly/2WGMXde 純網銀執照與STO監管法規接連公布，台灣金融業準備創造奇蹟的夏天 http://bit.ly/31o87eJ 純網銀拚上路 金融服務樣貌將徹底翻轉 https://ec.ltn.com.tw/article/breakingnews/2812688 臺灣數位金融服務何去何從 https://udn.com/news/story/6853/3866694 LINE搶攻純網銀大打資安牌和日本經驗，更要打造用戶導向的整合式金融犯罪平臺 https://www.ithome.com.tw/news/131030 ATM上有一圈白白的 伸手去轉結果嚇傻人 https://www.secretchina.com/news/b5/2019/06/11/896455.html 取錢遇ATM瘋狂吐鈔：紙鈔一張張飄落 男子用大包接著 https://news.sina.com.tw/article/20190611/31592828.html 唯一一台ATM機失竊 紐西蘭一小鎮變無現金社會 https://news.sina.com.tw/article/20190612/31599668.html 運鈔員沉迷簽賭當內賊「偷ATM鈔匣」1337萬元　逃亡7天剩843萬 https://www.ettoday.net/news/20190612/1465691.htm 數位金融業務 金管會盯 https://money.udn.com/money/story/5613/3868614 哥斯大黎加頻遭網路攻擊 銀行和政府機構為主要目標 https://news.sina.com.tw/article/20190612/31605286.html 新加坡開放純網銀？叫車一哥Grab想搶頭香 https://tw.news.appledaily.com/new/realtime/20190612/1582650/ 聯邦再向騎警撥款1,000萬元打擊洗錢犯罪 http://bit.ly/31vMaud Hit FinTech 探討純網銀STO趨勢 https://udndata.com/ndapp/udntag/finance/Article?origid=9340906 23 Cases of Insider Bank Threats https://medium.com/bugbountywriteup/18-cases-of-insider-bank-threats-16a29dcfca18 Major HSM vulnerabilities impact banks, cloud providers, governments https://www.zdnet.com/article/major-hsm-vulnerabilities-impact-banks-cloud-providers-governments/#ftag=RSSbaffb68 Diebold Nixdorf warns customers of RCE bug in older ATMs https://www.zdnet.com/article/diebold-nixdorf-warns-customers-of-rce-bug-in-older-atms/#ftag=RSSbaffb68 ATM skimming crook behind bars after draining accounts for 2 years http://bit.ly/2I4t1b8 Over 185,000 Payment Card Details Stolen by MageCart https://www.fortinet.com/blog/threat-research/payment-card-details-stolen-magecart.html FIN8 hackers return after two years with attacks against hospitality sector https://www.zdnet.com/article/fin8-hackers-return-after-two-years-with-attacks-against-hospitality-sector/#ftag=RSSbaffb68 The Shifting Sands of Financial Fraud https://www.bankinfosecurity.com/shifting-sands-financial-fraud-a-12607 UK Taxpayers Overwhelmed with Phishing Scams https://www.infosecurity-magazine.com/news/uk-taxpayers-overwhelmed-with-1-1 3.電子支付/電子票證/行動支付/ pay/新聞及資安 數位錢包使用便利 免受駭客攻擊 http://bit.ly/2KbRVHV 支付公司深挖跨境業務 http://paper.wenweipo.com/2019/06/07/FI1906070017.htm 俄擬禁支付寶等外國電子支付向俄羅斯人提供服務 http://www.jxydjc.com/News/keji/1685.html 網民 PayMe「轉錯數」對方不退錢兼封鎖！銀行公會指引：不交出款項或有法律後果 http://bit.ly/2I7FH0K 用非法「第四方支付」平台幫賭博網站洗錢，42名嫌犯被抓 https://news.sina.com.tw/article/20190613/31614492.html 悠遊卡公司董事長兼總經理陳亭如：結合消費場景，悠遊卡積極投入「載具多元化」 http://bit.ly/2KMXCeU 台灣三星電子三星支付總監邱淑鈴：Samsung Pay結合悠遊卡，使電子支付達到更全方位且智慧的使用場景 http://bit.ly/2ICouvy LINE Pay行動支付收款機拓點 年底前全台可用 https://www.fountmedia.io/article/18790 小綠機「LINE Pay mini」 正式在台拓點 https://www.chinatimes.com/realtimenews/20190613003555-260410?chdtv 日推行動支付　英警覺危機開始踩煞車 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000561963_29y8w6gz7at7ul2e55cgg 4.虛擬貨幣/區塊鍊 新聞及資安 加密貨幣交易平台Cryptohopper有山寨版，可竊取受害者資料 https://ithome.com.tw/news/131147 研究：比特幣通脹漏洞仍然存在，60%的比特幣全節點或受其影響 https://www.bishijie.com/shendu_33168 Facebook 加密貨幣即將面世！有傳於本月中發佈白皮書 http://bit.ly/2WBOQTj Facebook傳下周推加密貨幣 獲Visa及萬事達卡支持 http://bit.ly/2WKMTZK 加密貨幣初創公司湧向IEO籌資 https://on.wsj.com/2IwsCNN 觀光產業區塊鏈 6/6六點六分正式啟航 http://bit.ly/2Kc4Klx 區塊鏈相關漏洞類型匯總 https://bbs.pediy.com/thread-251878.htm 網傳Facebook穩定幣可能將在Zilliqa上進行發布 http://news.knowing.asia/news/cba50890-fa57-491f-9d0d-a1b1c06f4cd7 台東縣長饒慶鈴：我們希望能導入區塊鏈，用規模經濟創造經濟規模 http://bit.ly/2XFbEmF 解決產業痛點 Visa 推基於部分區塊鏈技術的全球跨境支付網絡 https://news.cnyes.com/news/id/4336460 John McAfee 即將發行貨幣Freedom Coin http://bit.ly/2ZqEZBP 駭客企圖入侵帳戶次數攀升 BitMEX ：強烈建議啟用 2FA https://news.cnyes.com/news/id/4336541 巴西最大銀行：將很快推出專有區塊鏈平台 https://news.sina.com.tw/article/20190613/31618322.html TTChain 打造跨鏈閃電支付系統 解決產業瓶頸 https://ctee.com.tw/industrynews/financesmanage/105379.html 國發會領軍 區塊鏈大聯盟7月成立 https://www.chinatimes.com/realtimenews/20190614002497-260410?chdtv 幣安被盜7,074枚BTC再次出現異動，小額資金可能已洗錢成功 https://news.sina.com.tw/article/20190614/31632178.html Hackers steal $9.5 million from GateHub cryptocurrency wallets https://www.zdnet.com/article/hackers-steal-9-5-million-from-gatehub-cryptocurrency-wallets/#ftag=RSSbaffb68 Cryptocurrency startup hacks itself before hacker gets a chance to steal users funds https://www.zdnet.com/article/cryptocurrency-startup-hacks-itself-before-hacker-gets-a-chance-to-steal-users-funds/#ftag=RSSbaffb68 Cryptocurrency attack thwarted by npm team https://nakedsecurity.sophos.com/2019/06/10/thwarted-cryptocurrency-attack-shows-importance-of-testing-open-source-code/ IBM, Walmart to pilot blockchain network for prescription drug traceability https://www.zdnet.com/article/ibm-walmart-to-pilot-blockchain-network-for-prescription-drug-traceability/#ftag=RSSbaffb68 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / APT 新型「挖礦」惡意軟體，BlackSquid 肆虐美國與泰國 https://technews.tw/2019/06/10/new-cryptocurrency-mining-malware-is-spreading-across-thailand-and-the-us/ BlackSquid 利用八種知名漏洞潛入伺服器與磁碟,並植入 XMRig 挖礦程式 https://blog.trendmicro.com.tw/?p=60846 微軟警告垃圾郵件用Office漏洞傳木馬：瞄準歐洲用戶 https://news.sina.com.tw/article/20190610/31571822.html 資安公司Trend Micro於6月6日發布美國俄亥俄州一所學校因學校的網路及電腦遭到 Trickbot惡意程式 攻擊被迫停課一天 https://blog.trendmicro.com.tw/?p=60809 Mirai變種加入8個漏洞利用，攻擊iot設備 https://www.4hou.com/vulnerable/18458.html 殭屍網路猛攻150萬臺RDP主機，全球皆有災情，臺灣遭駭主機也不少 https://www.ithome.com.tw/news/131203 Sophos：小心！駭客利用遠端存取把勒索軟體送到你家 https://www.ithome.com.tw/news/131201 PCASTLE門羅幣挖礦病毒利用無檔案技術,再次針對中國發動攻擊 https://blog.trendmicro.com.tw/?p=60832 HiddenWasp惡意軟體借用Mirai及Winnti程式碼攻擊Linux系統 https://blog.trendmicro.com.tw/?p=60839 新殭屍網絡GoldBrute曝光微軟NTLM協議漏洞影響所有Windows版本 https://zhuanlan.zhihu.com/p/69009583 食物銀行中勒索軟件 無錢交贖金要靠眾籌方法 http://bit.ly/2WxoP7H How Ursnif Evolves to Keep Threatening Italy https://blog.yoroi.company/research/how-ursnif-evolves-to-keep-threatening-italy/ Lessons learned from a call center attack https://newsroom.cisco.com/feature-content?type=webcontent&articleId=1992860 Lessons from the Baltimore Ransomware Takedown https://www.symantec.com/blogs/feature-stories/lessons-baltimore-ransomware-takedown Platinum is back https://securelist.com/platinum-is-back/91135/ IDENTIFYING VULNERABILITIES IN PHISHING KITS https://blogs.akamai.com/sitr/2019/06/identifying-vulnerabilities-in-phishing-kits.html Monero-Mining Malware PCASTLE Zeroes Back In on China, Now Uses Multilayered Fileless Arrival Techniques https://blog.trendmicro.com/trendlabs-security-intelligence/monero-mining-malware-pcastle-zeroes-back-in-on-china-now-uses-multilayered-fileless-arrival-techniques/ Ancient ICEFOG APT malware spotted again in new wave of attacks https://www.zdnet.com/article/ancient-icefog-apt-malware-spotted-again-in-new-wave-of-attacks/#ftag=RSSbaffb68 A botnet is brute-forcing over 1.5 million RDP servers all over the world https://www.zdnet.com/article/a-botnet-is-brute-forcing-over-1-5-million-rdp-servers-all-over-the-world/#ftag=RSSbaffb68 Germany: Backdoor found in four smartphone models; 20,000 users infected https://www.zdnet.com/article/germany-backdoor-found-in-four-smartphone-models-20000-users-infected/#ftag=RSSbaffb68 Cryptojacking campaign strikes China with fileless attacks https://www.zdnet.com/article/cryptojacking-campaign-strikes-china-with-fileless-attacks/#ftag=RSSbaffb68 Malware Focused On Mobile Banking Greatly Increased In 2019 https://www.tneus.com/2019/06/10/malware-focused-on-mobile-banking-greatly-increased-in-2019/ Ransomware halts production for days at major airplane parts manufacturer https://www.zdnet.com/article/ransomware-halts-production-for-days-at-major-airplane-parts-manufacturer/#ftag=RSSbaffb68 Emotet: the malware behind 45% of malicious URLs https://www.pandasecurity.com/mediacenter/malware/emotet-evolution-botnet/ Outlaw hackers return with cryptocurrency mining botnet https://www.zdnet.com/article/outlaw-hackers-return-with-cryptocurrency-mining-bot/#ftag=RSSbaffb68 Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns https://blog.trendmicro.com/trendlabs-security-intelligence/shifting-tactics-breaking-down-ta505-groups-use-of-html-rats-and-other-techniques-in-latest-campaigns/ Outlaw Hacking Group’s Botnet Observed Spreading Miner, Perl-Based Backdoor https://blog.trendmicro.com/trendlabs-security-intelligence/outlaw-hacking-groups-botnet-observed-spreading-miner-perl-based-backdoor/ Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners https://blog.trendmicro.com/trendlabs-security-intelligence/advanced-targeted-attack-tools-used-to-distribute-cryptocurrency-miners/ MegaCortex continues trend of targeted ransomware attacks https://blog.malwarebytes.com/threat-spotlight/2019/06/megacortex-continues-trend-of-targeted-ransomware-attacks/ B.行動安全 / iPhone / Android /穿戴裝置 /App 衝擊海外手機銷售 臉書出重拳 封殺華為安裝App https://www.chinatimes.com/newspapers/20190608000414-260110?chdtv 傳 Google 可能也在為華為 Android 禁令尋求解套 https://www.kocpc.com.tw/archives/263664 電信行業團體叫苦：封殺中國5G供應商將導致電信公司多掏620億美元 http://bit.ly/2ItO7yx 臉書將禁止華為手機預載FB、WhatsApp與IG程式 https://www.ithome.com.tw/news/131160 華為鴻蒙系統將於 9 月上線，介面極似 Android http://bit.ly/2EZjdNQ 美授權電信運營商默認屏蔽「騷擾電話」 https://news.sina.com.tw/article/20190607/31554068.html 手機APP應用規範發佈 金融借貸類不應強制讀取通訊錄 https://news.sina.com.tw/article/20190610/31573926.html 微信如何成為中國社群巨獸？支付、叫車一手包辦，還為第三方開發工具 https://buzzorange.com/techorange/2019/06/11/wechat-development/ 智慧型手機資安認證服務 https://www.ncc.gov.tw/chinese/gradation.aspx?site_content_sn=5086 iOS 12.4 成功越獄！ 越獄開發者秀 iPhone SE 成功執行 Cydia 畫面 https://mrmad.com.tw/ibsparkes-run-iphonese-ios124-jailbreak 團隊臥虎藏龍！專訪 LINE 全球資安中心 https://www.inside.com.tw/article/16617-LINE-security-center-team Android的2FA金鑰功能延伸到iOS裝置 https://www.ithome.com.tw/news/131249?fbclid=IwAR3AsH-hTEqtL8dn1Dkto3lz3Pho1j_FHEpYv3rV7tbnoZTW8-1DUs5r-W4 Telegram 伺服器遭 DDoS 網路攻擊！網友：攻擊者不言而喻 https://buzzorange.com/techorange/2019/06/13/telegram-ddos/ 香港反送中 Telegram疑遭中國駭客網攻 https://www.rti.org.tw/news/view/id/2023889 Telegram達「軍用級」保密 可「用後即焚」 http://bit.ly/2RjcenF Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests https://thehackernews.com/2019/06/telegram-ddos-attack.html 【送中惡法】Telegram受中國「國家級」駭客攻擊　傳與香港示威有關 https://tw.appledaily.com/new/realtime/20190613/1583322/ 私訊聯絡抗爭 通訊軟體同時間遭駭 https://news.ltn.com.tw/news/world/paper/1295928 WhatsApp 緊急修補嚴重資安漏洞：一通未接來電即可植入惡意程式進行監聽 https://blog.twnic.net.tw/2019/06/13/3969/ 華為作業系統加「雙保險」？傳裝置上測試Aurora OS http://bit.ly/2wUTBgC Facebook再出手管制「社交圖表搜尋」 關鍵原因曝光了 http://bit.ly/2XeQizs Android平台戰場：2019年上半年安全事件總結分析 https://www.freebuf.com/articles/terminal/205274.html NCC已審核但HomePod在台卻遲遲不推出 消息人士曝關鍵主因 http://bit.ly/2Rg95VE iOS 12.3.2 is out with a very specific fix https://www.zdnet.com/article/ios-12-3-2-is-out-with-a-very-specific-fix/#ftag=RSSbaffb68 Android's Built-in Security Key Now Works With iOS Devices For Secure Login https://thehackernews.com/2019/06/android-security-key-ios.html EFF asks for DOJ efforts to break Facebook encryption to be made public https://www.zdnet.com/article/eff-asks-for-doj-efforts-to-break-facebook-encryption-to-be-made-public/#ftag=RSSbaffb68 Stop using terrible PIN codes https://www.zdnet.com/article/stop-using-terrible-pin-codes/#ftag=RSSbaffb68 The top 20 most common mobile phone PINs https://twitter.com/tarah/status/1134341170400808961 Spain’s top soccer league fined over its app’s ‘tactics’ https://www.welivesecurity.com/2019/06/12/spain-soccer-league-fine-app/ C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件 資安人的崛起 http://sa.ylib.com/MagArticle.aspx?Unit=webonly&id=4389 網路威脅指南：利用次世代入侵防禦技術加強網路邊界防禦 https://blog.trendmicro.com.tw/?p=60793 如何在第一時間防堵漏洞以保障企業安全 https://blog.trendmicro.com.tw/?p=60194 HITCON CMT 2019 資安舞台申請總覽 https://blog.hitcon.org/2019/06/hitcon-cmt-2019-community-sharing.html?m=0 入侵高鐵訂票系統差點騙走20萬 台灣駭客天才遭起訴 https://udn.com/news/story/7321/3862282 微軟封鎖Windows PC和不安全的藍牙版FIDO金鑰的配對 https://www.ithome.com.tw/news/131229 研究揭亞太企業網絡保安落後 八成遭重複攻擊 http://bit.ly/2F2hPKk 美國三家頂尖防毒公司疑似遭駭，駭客高價出售竊得資訊與入侵方式 https://blog.twnic.net.tw/2019/06/13/3945/ 2019年5月十大資安新聞 https://www.ithome.com.tw/news/131204 冒充駭客誘騙10少女拍裸照抖動片 資料夾至少10GB https://udn.com/news/story/7317/3865531 提升帳號安全迫在眉睫，2018年帳號填充攻擊事件暴增逾300億次 https://www.ithome.com.tw/news/131199 就是不想付！18小時音檔遭駭贖金400萬　「傳奇樂團」直接開放下載 https://star.ettoday.net/news/1465276 中國跨境色情網路直播成產業鏈 監管執法要升級換代 https://news.sina.com.tw/article/20190611/31582824.html 新華調查：5個月發展90餘萬名會員付費觀看 跨境色情網路直播緣何形成「產業鏈」 https://news.sina.com.tw/article/20190609/31565008.html 中共公安部推「護網行動」網友：封到沒底線 https://www.ntdtv.com/b5/2019/06/08/a102596443.html BGP路由洩露將歐洲行動流量導至中國電信 http://bit.ly/2F2Cn5j 焦佑鈞：針對華為禁令，華邦電目前一切出貨正常 https://finance.technews.tw/2019/06/14/winbond-for-huawei/ 川普升高科技冷戰規格，華為封殺前俄國卡巴斯基實驗室已遭報復 https://technews.tw/2019/06/09/high-tech-cold-war/ 美國務卿狂批華為資安　陸外交部稱全是「謊言謬論」 https://www.ettoday.net/news/20190610/1464323.htm 核電廠網路安全人力流失 美政府籲加強招聘 https://www.ydn.com.tw/News/339457 反制美 中國再出招 設技術安全管理清單 http://bit.ly/2XENiJQ 中國大陸建立技術安全管理清單制度 防範國家安全風險 https://news.sina.com.tw/article/20190612/31597206.html AIT砲轟中國稱讚台灣！ 怒斥華為5G補貼方案恐釀禍害 https://news.ltn.com.tw/news/politics/breakingnews/2816888 反「送中」抗議與一場「貓抓老鼠」的信息戰 https://cn.nytimes.com/china/20190614/hong-kong-telegram-protests/zh-hant/ 中共官方報告：2018美國3325個IP攻擊中國網絡　且有上升趨勢 https://www.ettoday.net/news/20190610/1464370.htm 中共中央網信辦等四部委聯合開展互聯網網站安全專項整治，將處罰並曝光違法違規網站 https://www.freebuf.com/news/205698.html 「監控」恐懼被掀起！德國政府要求谷歌提供用戶數據 https://news.ltn.com.tw/news/world/breakingnews/2817866 不甩川普政府警告 美公部門照用大疆無人機 https://ec.ltn.com.tw/article/breakingnews/2820067 納粹再現？德擬用數位助理蒐集個資 http://bit.ly/2R44FRE 從「想離職的工程師」下手，中國科技間諜用400萬偷走台灣75億技術 http://bit.ly/2WDSMYJ 俄羅斯打算封鎖9家不聽話的VPN業者 https://www.ithome.com.tw/news/131158?fbclid=IwAR3DfKXrCcVznssGMISuok11-8G4tKtbA1gTYRrqK8Efru-KBJ5krSP5HGg 美造最大網路武器庫 全球駭料料 https://www.chinatimes.com/newspapers/20190614000121-260301?chdtv 圍堵大陸 美呼籲建第一島鏈電子監控網 https://www.chinatimes.com/realtimenews/20190613004500-260417?fbclid=IwAR0Q3TYS74uEqfGupqoe78YEJHDo518txa4oMRRVCnTahcMvAz_p060MN5c&chdtv Exim email servers are now under attack https://www.zdnet.com/article/exim-email-servers-are-now-under-attack/#ftag=RSSbaffb68 Elevate Your Investigations With Collaboration & Organization: PassiveTotal Projects https://www.riskiq.com/blog/analyst/collaboration-organization-passivetotal-projects/ RUSSIA AND IRAN PLAN TO FUNDAMENTALLY ISOLATE THE INTERNET https://www.wired.com/story/russia-and-iran-plan-to-fundamentally-isolate-the-internet/ New Brute-Force Botnet Targeting Over 1.5 Million RDP Servers Worldwide http://bit.ly/2ZgHLJS Exclusive: Top Japanese chip gear firm to honor U.S. blacklist of Chinese firms - executive https://reut.rs/2KaxQ4N Cryptocurrency Firm Itself Hacked Its Customers to Protect Their Funds From Hackers http://bit.ly/2wTMgxT Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services http://bit.ly/2KC0f3m Remote attack flaw found in IPTV streaming service https://www.zdnet.com/article/remote-attack-flaw-found-in-iptv-streaming-service/#ftag=RSSbaffb68 'RAMBleed' Rowhammer attack can now steal data, not just alter it https://www.zdnet.com/article/rambleed-rowhammer-attack-can-now-steal-data-not-just-alter-it/#ftag=RSSbaffb68 When Time is of the Essence – Testing Controls Against the Latest Threats Faster http://bit.ly/2WCzvHb Zero Trust: Debunking Misperceptions https://blog.paloaltonetworks.com/2019/06/network-zero-trust-debunking-misperceptions/ UK Man Sentenced for 2015 TalkTalk Hack https://www.bankinfosecurity.com/uk-man-sentenced-for-2015-talktalk-hack-a-12611 Over 12 billion cyber attacks witnessed in the gaming industry since 2017 https://www.cybersecurity-insiders.com/over-12-billion-cyber-attacks-witnessed-in-the-gaming-industry-since-2017/ MorganPhilips Taiwan Branch https://www.cakeresume.com/companies/morganphilips-taiwan-branch/technology-jobs?locale=zh-CN 系統工程師(銀行) https://www.manpower.com.tw/product/674 知名銀行 ✩ 年度正職徵才 ：金融服務人員 LT4-1688 https://www.104.com.tw/job/6n67j 【正職銀行櫃員】商科系無經驗可，分行櫃檯服務人員，銀行正職任用(桃園區)-B93 https://www.104.com.tw/job/6n615 投資營運風險管理人員 https://www.104.com.tw/job/6n61c?jobsource=freshman2009 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 FBI警告：不要以為HTTPS網站很安全，有些暗藏網釣攻擊 https://www.ithome.com.tw/news/131198 FBI warns users to be wary of phishing sites abusing HTTPS https://nakedsecurity.sophos.com/2019/06/12/fbi-warns-users-to-be-wary-of-phishing-sites-abusing-https/ 黑客放長線釣大魚 竄改電郵通知新匯款帳號 後因銀行間的作業問題 黑客得手15萬美元 http://www.epochtimes.com/b5/19/6/14/n11321649.htm 俄羅斯個資黑市猖獗，手機紀錄到護照資料都買得到 https://technews.tw/2019/06/09/russia-personal-data-black-market/ 蘋果默認iPhone洩個資！馬後炮補救慘被噓爆 https://fnc.ebc.net.tw/FncNews/tech/83016 漏洞管理、資安措施不當，導致國泰航空950萬筆個資外洩 https://www.ithome.com.tw/news/131161 【國泰洩私隱】私隱專員裁定違私隱條例　狠批過分鬆懈、警覺性低 http://bit.ly/2WCdcBa 微軟告警利用漏洞進行的垃圾郵件釣魚活動 https://www.anquanke.com/post/id/180070 上海交大洩漏8.4TB電子郵件數據，官方稱漏洞已經修復 https://www.ithome.com/0/427/527.htm 美國海關外包商系統遭駭，國內外旅客相片及車牌個資外洩 https://ithome.com.tw/news/131190 CBP合約商電腦系統被黑 出入境旅客頭像車牌外洩 http://bit.ly/2Wwc6lG Cyberattack exposes travelers’ photos, says US border agency https://www.welivesecurity.com/2019/06/11/cyberattack-travelers-photos-usa-cbp/ HACK BRIEF: HACKERS STOLE A BORDER AGENCY DATABASE OF TRAVELER PHOTOS https://www.wired.com/story/hackers-stole-traveler-photos-border-agency-database/ 瀋陽黑客男篡改存款單50元變50萬　持假單據騙取3千萬貸款 http://bit.ly/2EX7vmQ 個資遭駭、點數被盜，酬賓制導入的海量資訊成駭客溫床 http://bit.ly/2XDp0zA 長城行動解密 西班牙再遣送詐騙台嫌至中國 http://bit.ly/2MHp4gM 網路訂房怕個資洩漏 專家1招預防 https://www.chinatimes.com/realtimenews/20190611003196-260405?chdtv 小心受騙！申請土耳其電子簽證要錢？攏是假的 https://newtalk.tw/news/view/2019-06-11/258311 網友扮演從金融主管到公職人員 從假投資到代管美金地契 https://times.hinet.net/news/22409686 銀行員工實名舉報：青島銀監局長生活淫亂　銀行資產損失近30億元 http://bit.ly/2I7Qng4 30億詐騙案涉銀行高層 http://bit.ly/2I7HRh6 駭客冒充微軟員工 芝夫婦失金2.5萬 https://udn.com/news/story/6813/3864608 重慶宣判一起特大電信詐騙案 3名主犯均獲刑13年以上 https://news.sina.com.tw/article/20190609/31566576.html 線上調查資料庫未加密，八百萬美國人個資外洩 https://blog.twnic.net.tw/2019/06/13/3948/ 「專業辦證、上網可查」坑你沒商量 四川破獲特大網路制販假證案 https://news.sina.com.tw/article/20190613/31620560.html Emuparadise gaming emulator website suffers data breach https://www.zdnet.com/article/emuparadise-gaming-rom-repository-suffers-data-breach/#ftag=RSSbaffb68 8.4TB in email metadata exposed in university data leak https://www.zdnet.com/article/8-4tb-in-email-metadata-exposed-in-university-data-leak/#ftag=RSSbaffb68 CBP says hackers stole license plate and travelers' photos https://www.zdnet.com/article/cbp-says-hackers-stole-license-plate-and-travelers-photos/#ftag=RSSbaffb68 Fortune 500 company leaked 264GB in client, payment data https://www.zdnet.com/article/veteran-fortune-500-company-leaked-264gb-in-client-payment-data/#ftag=RSSbaffb68 Singapore’s ‘Fake News’ Crackdown Alarms Tech Giants https://medium.com/cheddar/singapores-fake-news-crackdown-alarms-tech-giants-65032f71473e Scattered Canary Evolves From One-Man Operation to BEC Giant https://www.bleepingcomputer.com/news/security/scattered-canary-evolves-from-one-man-operation-to-bec-giant/ Warning: Multiple variations of a phishing email scam spoofing NAB hit inboxes https://www.mailguard.com.au/blog/warning-multiple-variations-of-a-phishing-email-scam-spoofing-nab-hit-inboxes Phishing email scam spoofing Westpac claims to detect ‘unusual activity’ in users’ bank accounts https://www.mailguard.com.au/blog/phishing-email-scam-spoofing-westpac-claims-to-detect-unusual-activity-in-users-bank-accounts Microsoft Warns of Large Spam Campaign Hitting Europe https://www.bankinfosecurity.com/microsoft-warns-large-spam-campaign-hitting-europe-a-12598 BioReference Laboratories Added to AMCA Breach Tally https://www.bankinfosecurity.com/bioreference-laboratories-added-to-amca-breach-tally-a-12581 Evite e-invite website admits security breach https://www.zdnet.com/article/evite-e-invite-website-admits-security-breach/#ftag=RSSbaffb68 3.4 billion fake emails are sent around the world every day http://bit.ly/2WtKoWJ Cyberattack exposes travelers’ photos, says US border agency https://www.welivesecurity.com/2019/06/11/cyberattack-travelers-photos-usa-cbp/ E.研究報告 Apache Tika 命令注入漏洞挖掘 https://www.chainnews.com/articles/533436970799.htm 善用輕量化HSM優勢　組織物聯網資安大軍 http://www.netadmin.com.tw/netadmin/zh-tw/technology/EF6E432196B044B1A274F23EB77C6FC4 加密DNS協議DNSCrypt以及如何選擇DNS over HTTPS服務器 https://blog.thecjw.me/948.html Talos Blog發現最近的Frankenstein攻擊活動中使用了多個GitHub開源項目代碼 http://feedproxy.google.com/~r/feedburner/Talos/~3/RSmsHWqrgpk/frankenstein-campaign.html Hermit（隱士）活動續：繼續針對朝鮮半島進行的APT攻擊活動 https://www.freebuf.com/articles/network/204556.html 一位Rootkits作者對防御者的建議，來自CONFidence 2019會議 https://www.youtube.com/watch?v=t944evpf1WE 技術乾貨| 虛擬化軟件QEMU漏洞分析 https://zhuanlan.zhihu.com/p/68736004 redis未授權訪問漏洞利用 http://www.lsablog.com/networksec/penetration/redis-unauthorized-vulnerability/ DIR-850L漏洞分析 https://xz.aliyun.com/t/5362 使用WSL欺騙Windows繞過UAC https://tttang.com/archive/1304/ APKiD - APK樣本自我防護（加殼、混淆）產品的識別 https://github.com/enovella/cve-bio-enovella/blob/master/slides/APKiD-NowSecure-Connect19-enovella.pdf Facebook CTF 2019比賽題目以及相關的Writeups收集 https://ctftime.org/event/781/tasks/ “方程式組織”攻擊SWIFT 服務提供商EastNets 事件复盤分析報告 https://paper.seebug.org/944/ 從CVE-2018-8355零基礎學Chakracore漏洞利用 https://www.freebuf.com/vuls/205206.html 研究人員以RAMBleed攻擊，竊取存在記憶體中的機密 https://www.ithome.com.tw/news/131222 利用Oracle WebLogic 漏洞進行的加密攻擊活動 https://www.chainnews.com/articles/849558868774.htm 利用Oracle WebLogic 漏洞進行的加密攻擊活動 https://www.chainnews.com/articles/849558868774.htm Google 研究員披露Windows 10 0day 漏洞 https://www.oschina.net/news/107413/warning-windows-10-0day-vulnerability-outed-by-google-researcher Vim/Neovim 基於modeline 的多個任意代碼執行漏洞分析（CVE-2002-1377、CVE-2016-1248、CVE-2019-12735） https://paper.seebug.org/952/ Machinae：一款信息收集自動化工具 https://www.freebuf.com/sectool/204779.html GandCrab後繼有人？Sodinoki勒索軟件接管戰場 https://www.freebuf.com/articles/system/205237.html WordPress插件Form Maker SQL注入漏洞分析 https://www.freebuf.com/vuls/205290.html Project iKy：一款功能強大的圖形化郵件信息收集與分析工具 https://www.freebuf.com/articles/database/204996.html 開源殭屍網絡平台LiteHttp源碼分析 https://www.freebuf.com/articles/system/205146.html SandboxEscaper披露漏洞POC研究報告 https://www.freebuf.com/vuls/204945.html Python安全工具源碼分析：wydomain https://www.freebuf.com/sectool/205207.html 深入分析LAZARUS APT針對MAC用戶使用的惡意word文檔 https://www.freebuf.com/articles/network/204993.html 關於海蓮花組織針對移動設備攻擊的分析報告 https://www.freebuf.com/articles/network/204867.html 細說CVE-2010-2883從原理分析到樣本構造 https://www.freebuf.com/vuls/204874.html GitHacker：Git源碼洩漏檢測工具可恢復整個Git Repo https://www.freebuf.com/sectool/203542.html PacBot：一款功能強大的雲平台自動化安全監控工具 https://www.freebuf.com/sectool/203860.html 紅藍對抗：淺談Red Team服務對防護能力的提升 https://www.freebuf.com/articles/es/205024.html 2019年第一季度DDoS攻擊報告 https://www.freebuf.com/articles/paper/205060.html Scavenger：可在不同Paste站點爬取用戶洩露憑證的實用工具 https://www.freebuf.com/sectool/204992.html 基於OSQuery安全資產信息監控實踐 https://www.freebuf.com/sectool/204818.html 準備交贖金？當心Phobos勒索病毒二次加密 https://www.freebuf.com/articles/system/204323.html Anevicon：一款基於UDP的負載生成器 https://www.freebuf.com/sectool/203908.html 新型勒索病毒Attention感染醫療與半導體行業 https://www.freebuf.com/articles/system/204740.html 一起殭屍網絡進行大規模DDoS攻擊的樣本分析 https://www.freebuf.com/articles/terminal/204444.html 比特幣交易追踪溯源技術介紹 https://www.freebuf.com/articles/blockchain-articles/203127.html 歐洲黑客組織通過已簽名的垃圾郵件來實現多階段惡意軟件加載 https://www.freebuf.com/articles/system/204021.html 滲透測試信息收集心得分享 https://www.freebuf.com/articles/web/204883.html ExtAnalysis：一款瀏覽器插件安全分析框架 https://www.freebuf.com/sectool/203900.html 這款疑似來自朝鮮的新型惡意軟件為何要收集藍牙數據 https://www.freebuf.com/articles/database/205000.html 淺談IPv6的入侵與防禦 https://www.freebuf.com/articles/web/202901.html 反欺詐場景剖析丨虛假賬號的產生和流轉 https://www.freebuf.com/articles/network/204751.html iCULeak ：一款從手機配置文件中提取用戶賬號憑證的強大工具 https://www.freebuf.com/sectool/203867.html 看我如何利用Drupal漏洞並通過惡意圖片實現一鍵RCE https://www.freebuf.com/articles/web/203573.html 警惕利用Office漏洞傳播商業間諜軟件AgentTesla https://www.freebuf.com/articles/system/204550.html Nmap配合Masscan實現高效率掃描資產 https://www.freebuf.com/sectool/204578.html Trigmap：一款專用於滲透測試的Nmap封裝工具 https://www.freebuf.com/sectool/204022.html Metasploit Payload在Linux平台的免殺 https://www.freebuf.com/articles/system/203451.html FinalRecon：一款多功能網絡偵查OSINT工具 https://www.freebuf.com/sectool/203863.html 使用Elasticsearch與TheHive構建開源安全應急響應平台 https://www.freebuf.com/articles/es/203538.html 快訊丨Office 365出現網絡釣魚，用戶需多加註意 https://www.freebuf.com/news/204813.html Superl-url：一款開源關鍵詞URL採集工具 https://www.freebuf.com/sectool/203724.html 基於MicroPython的自動網絡時間校準器 https://www.freebuf.com/geek/204211.html 跟我一起學習玩轉二維碼 https://www.freebuf.com/geek/204516.html AutoSource：整合SonarQube的自動化源代碼審計框架 https://www.freebuf.com/sectool/203303.html 看我如何使用Windows域繞過防火牆獲取持卡人數據的訪問權限 https://www.freebuf.com/articles/database/203552.html Gaining Access to Card Data Using the Windows Domain to Bypass Firewalls https://markitzeroday.com/pci/active-directory/kerberoast/firewall/2019/04/24/gaining-access-to-card-data-using-the-windows-domain-to-bypass-firewalls.html The Graph: An open-source query protocol for blockchains, using GraphQL https://www.zdnet.com/article/the-graph-an-open-source-query-protocol-for-blockchains-using-graphql/#ftag=RSSbaffb68 6 ways malware can bypass endpoint protection http://bit.ly/2MG10Lr How to Model Risk in an Apex Predator Cyber-World http://bit.ly/2XBolyI Framing the Problem: Cyber Threats and Elections https://www.fireeye.com/blog/threat-research/2019/05/framing-the-problem-cyber-threats-and-elections.html Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities https://www.fireeye.com/blog/threat-research/2019/06/government-in-central-asia-targeted-with-hawkball-backdoor.html Threat Research Hunting COM Objects https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html Threat Research Hunting COM Objects (Part Two) https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects-part-two.html WAF through the eyes of hackers https://habr.com/ru/company/dsec/blog/454592/?fbclid=IwAR2AKvWLVyWsoV97AhjwlSwc08eEb9mKuqrGDR3QHBaNfoLNct4uVmjjg9A [ macOS ] Use zsh as the default shell on your Mac https://support.apple.com/en-us/HT208050 How to Destroy a Hard Drive https://www.wikihow.com/Destroy-a-Hard-Drive Hunting COM Objects http://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html Curl, Slight of Hand, & Exploit Hysteria https://medium.com/@notdan/curl-slight-of-hand-exploit-hysteria-29a82e5851d ReverseTCPShell : PowerShell ReverseTCP Shell, Client & Server http://bit.ly/2Xyntep How hackers can permanently lock you out of your accounts http://bit.ly/2F3akmm V8 Bug Hunting Part 1: Setting up the debug environment http://bit.ly/2ZdqfpF How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code https://modexp.wordpress.com/2019/06/03/disable-amsi-wldp-dotnet/ NorthSec 2019 — Windows Track Writeup https://blog.ettic.ca/northsec-2019-windows-track-writeup-69d5bcf06abd Bad Meets Evil https://www.slideshare.net/HuyKha2/bad-meets-evil HDFS Erasure Coding in Production http://bit.ly/2R0Ygqv Sigma-Hunting-App https://github.com/P4T12ICK/Sigma-Hunting-App Inside a Google Titan Bluetooth security key – high security, low durability https://www.zdnet.com/article/inside-a-google-titan-bluetooth-security-key-high-security-low-durability/#ftag=RSSbaffb68 Inside a Google Titan Bluetooth security key https://www.zdnet.com/pictures/inside-a-google-titan-bluetooth-security-key/#ftag=RSSbaffb68 Network of Social Media Accounts Impersonates U.S. Political Candidates, Leverages U.S. and Israeli Media in Support of Iranian Interests https://www.fireeye.com/blog/threat-research/2019/05/social-media-network-impersonates-us-political-candidates-supports-iranian-interests.html Active Directory Enumeration with PowerShell https://www.exploit-db.com/docs/46990 LDAP Swiss Army Knife https://www.exploit-db.com/docs/46986 Analysis of CVE-2019-0708 (BlueKeep) https://www.exploit-db.com/docs/46947 A Debugging Primer with CVE-2019-0708 https://www.exploit-db.com/docs/46944 F.商業 【一圖弄懂安控產業】台灣安控業者如何發揮優勢 https://technews.tw/2019/06/09/vivotek-ip-cameras-and-the-cyber-security-of-digital-surveillance-solutions/ 中芯數據技術長吳耿宏：企業需要更智慧平價的資安鑑識服務 http://bit.ly/2R5sqcc 全盤掌握相關威脅情資　資安團隊以逸待勞隨時反擊 強化資安監控密技　對抗網路駭客不落下風 http://www.netadmin.com.tw/netadmin/zh-tw/trend/178EE9AB04054BF2A040C0753BCC942A 中華電信學院首開夏令營 聚焦AI資安物聯網 http://bit.ly/2F37AVS 中華電信學院首辦高中職生暑期科學營 http://bit.ly/2XEpu8J Elastic買下終端安全業者Endgame Stack https://www.ithome.com.tw/news/131174 勤業眾信：透析5G時代，聚焦商業模式五大制勝關鍵 https://m.moneydj.com/f1a.aspx?a=f3eb032c-4109-439f-9762-7f22df337064 穩定AI運算和產業應用 奧義推智慧資安平台 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=50&id=0000561614_dec7vwv40akch05gul6ku 大立光資安管控嚴 小黃都知道 https://money.udn.com/money/story/5612/3868652 智慧化中央網管方案 普萊德將於歐亞同步發表 http://bit.ly/2KfXNQA 網絡安全公司FireEye：港企比預期更易受網絡攻擊 建議加強過濾電子郵件 http://www.aastocks.com/tc/stocks/news/aafn-news/NOW.946196/2 趨勢科技與業界領先的教育機構合作提供免費資安意識訓練教材 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/EB0C8F7F2F5D455C9A51911CA5D4DDB8 中美貿易戰利多　研勤人臉辨識下半年大爆發　 https://www.ettoday.net/news/20190613/1466617.htm Fortinet於Security 361°數位轉型資安研討會中強調 : 安全為企業數位轉型的基礎 https://netmag.tw/tag/security-361%E6%95%B8%E4%BD%8D%E8%BD%89%E5%9E%8B%E8%B3%87%E5%AE%89%E7%A0%94%E8%A8%8E%E6%9C%83 儲存新技術即將爆發，擁有完整供應鏈的台灣記憶體產業準備好了嗎 https://buzzorange.com/techorange/2019/06/14/snia-taiwanese-memory-industry/ AI應用爆發 精誠成長看俏 https://money.udn.com/money/story/5612/3869488 Cisco to acquire industrial IoT company Sentryo https://www.zdnet.com/article/cisco-to-acquire-industrial-iot-company-sentryo/#ftag=RSSbaffb68 Cynet Free Visibility Experience – Unmatched Insight into IT Assets and Activities https://thehackernews.com/2019/06/cynet-free-visibility-tool.html Google's language techniques help O2 Czech Republic reveal network secrets https://www.zdnet.com/article/googles-language-techniques-help-o2-czech-republic-reveal-network-secrets/#ftag=RSSbaffb68 G.政府 科技部資安賽 這家靠威脅解決方案奪500萬獎金 https://money.udn.com/money/story/5612/3861536 打造更安全的數位世界 科技大擂台決賽揭曉 http://bit.ly/2WWG32H 創新 vs. 監理 難平衡的翹翹板-－專訪金融監督管理委員會主任委員顧立雄 https://udn.com/news/story/6877/3864441 國際資訊安全會議(RSA Conference 2019)出國報告 https://report.nat.gov.tw/ReportFront/PageSystem/reportFileDownload/C10801207/001 發展資安科技 桃園虎頭山創新園區6月18日啟用 https://udn.com/news/story/7324/3866748 臺美日再度在「全球合作暨訓練架構」下合辦「網路安全與新興科技國際研習營」，深化跨國資安合作能量 https://fsi.mofa.gov.tw/News_Content_M_2.aspx?n=8742DCE7A2A28761&sms=491D0E5BF5F4BC36&s=4590A623615048C8 北醫數位e化 便民系統資安共存 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=15&id=0000561634_li57lud22nlim15ctfv83 打擊金融犯罪　南檢首創檢察銀行聯繫平台 https://www.chinatimes.com/realtimenews/20190612004543-260402?chdtv 李副總長主持網通安全巡迴講習　落實資安管控 https://mna.gpwb.gov.tw/post.php?id=9&message=94921 國防部強化資安防護 確保安全 https://www.ydn.com.tw/News/340092 高市府和高雄在地大學合作　簽署「網站檢核暨資安攻防合作意向書」 http://www.taiwanhot.net/?p=718489 政院：5G釋照要扶植本土企業 https://money.udn.com/money/story/5648/3871005 政院4年投入204億 打造台灣5G競爭力 https://ec.ltn.com.tw/article/paper/1295906 H.SCADA/ICS/工控系統 融合IT與OT領域知識　全面防治針對性攻擊入侵 多重防禦工業場域　降低惡意程式感染風險 https://www.netadmin.com.tw/netadmin/zh-tw/trend/FD05B8998ED342EF9B59DE21E1946D16 Siemens Siveillance VMS 授權問題漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6580 油罐監控設備存在嚴重漏洞，易受黑客攻擊 http://www.gxbbs.cc/8410-1.html Vulnerability Spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580 https://blog.talosintelligence.com/2019/06/vulnerability-spotlight-multiple.html I.教育訓練 Clean Code 無瑕的程式碼 http://bit.ly/2WTWL2x Linux 技術面試問答 2019 http://bit.ly/2KGOkB6 CompTIA Certification Training — Get Online Courses @ 95% OFF http://bit.ly/2R1XhGr LevelUp 0x04 2019 https://www.youtube.com/playlist?list=PLIK9nm3mu-S6YoUjPrKtmBliUS4J5YOGl BSidesBUD2019安全會議 http://bit.ly/2Wc5ysn How to Control Network Traffic with Evil Limiter to Throttle or Kick Off Devices http://bit.ly/2K7tUSC Stories of a CISSP: TCP Handshake http://bit.ly/2R2ULjj What is SQL Injection and how to fix it https://medium.com/@bootsity/what-is-sql-injection-and-how-to-fix-it-dfac181ce09c How Hackers Can Permanently Lock You out of Your Accounts https://medium.com/the-guardian/how-hackers-can-permanently-lock-you-out-of-your-accounts-ca82c79dcd3 Metasploit — Pivoting https://medium.com/swlh/metasploit-pivoting-281636b23279 An Introduction to Public Key Cryptosystems with RSA https://medium.com/@andrewjoliver3/an-introduction-to-public-key-cryptosystems-with-rsa-7e34cc67cf22 Android靜態分析之初級篇 https://www.freebuf.com/articles/terminal/204504.html Android靜態分析之初級篇（二） https://www.freebuf.com/articles/rookie/205045.html 面向新手的CTF實戰教學（一） https://www.freebuf.com/articles/network/203992.html Learning to Rank Strings Output for Speedier Malware Analysis https://www.fireeye.com/blog/threat-research/2019/05/learning-to-rank-strings-output-for-speedier-malware-analysis.html J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 Amazon Ring自行將錄下的可疑人物影像公布聲稱要幫警察抓賊，引發爭議 https://www.ithome.com.tw/news/131159?fbclid=IwAR3Fw1w6yX8hCSt-_j8_IwihcKWZCs6shFOKnlQxreHt_lqI7bp4-0QBIeg 微軟刪除人臉識別資料庫 源於「倫理」識別 https://news.sina.com.tw/article/20190612/31596606.html 人工智慧及機器學習讓網路更智慧，管理簡便與安全強化一次到位 https://technews.tw/2019/06/12/cisco-ai-manage-internet 偽造技術納入AI 合成影像恐釀假新聞之亂 影像聲音無違和搭配 "深度偽造"以假亂真 https://www.ttv.com.tw/news/view/108061300078005/579 筆跡複製機器人出現啦！精準度 93%，以後筆記、草圖就拜託代寫囉 https://buzzorange.com/techorange/2019/06/13/robot-copy-your-writing/ Akamai targets IoT devices with launch of IoT Edge Connect https://www.zdnet.com/article/akamai-targets-iot-devices-with-launch-of-iot-edge-connect/#ftag=RSSbaffb68 Why cybercriminals are eyeing smart buildings https://www.welivesecurity.com/2019/06/12/cybercriminals-eyeing-smart-buildings/ 6.近期資安活動及研討會 JCConf Taiwan 2019 Call for Proposals 6/1 ~ 6/30 https://twjug.kktix.cc/events/jcconf-2019-cfp?fbclid=IwAR2-Lry33FOVuXXStfSqUWlAJI25SeFgK9Q1XY6e4zJLEKvYrSkmlvv6Waw 【課程】Julia 資料科學實作，2019年強勢來襲的科學計算語言，集Python、C++、R 各家特色於一身 6/15 https://www.techbang.com/posts/70251-course-julia-data-science-practice 國立交通大學 亥客書院 - 密碼系統之漏洞、修補與檢測 6/15 https://hackercollege.nctu.edu.tw/?p=1039 The Artificial Intelligence Conference 6/18 https://www.facebook.com/events/278255853036175/?event_time_id=360038254857934 Casual Meetup - IoT Talk & Drinks (Monthly) Wednesday, June 19, 2019 https://www.meetup.com/Taipei-Sigfox-User-Group/events/ctqnkpyzjbzb/ HackingThursday 固定聚會 6/20 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbbc/ 國家高速網路與計算中心教育訓練-資安健診 6/20 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3832&from_course_list_url=homepage JSDC台中小聚 - UX 體驗分享計畫 6/21 https://jsdc-tw.kktix.cc/events/53548f33?fbclid=IwAR3CybQML6FGnMQ_IE9dfRYFJUHWm4Knl8kJBHQ9vn_Coz2KOQW1xk_joJs Edvance Beacon 2019 6/21 https://docs.google.com/forms/d/e/1FAIpQLSe70uw8Pi862IkL_rQXDJhzd7QnGXiuhcWwttOEN2BZwUbyMw/viewform 2019 6月份 SA@Taipei 6/22(六) Working with PowerShell https://studyarea.kktix.cc/events/8a726f12-copy-1?fbclid=IwAR1AoE9V_SGpizemU1moKpU62I5vgyEoZAN9cnLtkZz9l1c5MrnsVpfhsJk CCNS 定期聚 — 當 Python 遇上 JIT / PyPy 淺談 6/23 https://ccns.kktix.cc/events/ccns-pypy-talk?fbclid=IwAR1wa3cZuyNZQv-pGo5Eh3u5uik69nLY1t-sXb2R6wTd9HsrMBw02ybbkJw 資安前哨站-獵殺封包 6/26 https://www.it360.com.tw/live-detail.aspx?id=iT36000000000348 智慧家庭IoT資安與個人隱私資安，如何防駭客，如何做防禦 6/27 https://www.techbang.com/posts/70549-lecture-smart-home-network-security HackingThursday 固定聚會 6/27 https://www.meetup.com/hackingthursday/events/vkhnnqyzjbkc/ 天黑請閉眼，與駭客的對話 6/29 https://tfc.kktix.cc/events/night-talk-hacking-hacker?fbclid=IwAR2ejWoW3lNyQ2X7basa8zkjcoBR6Kn02jXYiFYeWWluY91uWw9FCSJDEoo HackingThursday 固定聚會 7/4 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/ 2019 車用電子與車聯網資安種子教師研習營 7/4 ~ 7/5 http://www.kghs.kh.edu.tw/notice/11734 2019國際資訊安全組織台灣高峰會 7/9 ~ 7/11 https://csa.kktix.cc/events/2019con Secure Summit APAC 2019 安全峰會 6 大領域提升資安水平 7/10 ~ 7/11 http://bit.ly/2WbONh5 工業局補助網路安全檢測教育訓練 7/10 ~ 7/12 https://www.accupass.com/event/1904080311551119077841 HackingThursday 固定聚會 7/11 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/ HackingThursday 固定聚會 7/18 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/ HackingThursday 固定聚會 7/25 https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/ 新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站​ 7/26 https://ievents.iii.org.tw/eventS.aspx?t=0&id=547 CDX2.0推廣活動 - 台南場次 7/26 https://nchc-cdx.kktix.cc/events/cdxactivity-0726 資安事故處理實務課程 8/7 ~ 8/8 http://bit.ly/2VW0Lv9 DEF CON 27 2019/8/8–8/11 https://www.defcon.org/ 數位鑑識處理實務 8/14 ~ 8/15 http://bit.ly/2VW0Lv9 台灣駭客年會 HITCON Summer Training 2019 - 學生報名 2019-08-19 ~ 2019-08-22 https://www.accupass.com/event/1906050919271598677460 WEB應用滲透測試 8/21 ~ 8/23 https://www.accupass.com/event/1904080221358963463590 台灣駭客年會 HITCON Community 2019 2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8) https://www.accupass.com/event/1906040921594609934250 資安法規與制度研析課程－108年度「資安人才培訓及國際推展計畫－資安專業人才培育深化課程」 8/29 ~ 8/30 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw== 108年資安職能訓練-行動裝置安全(8/29-8/30) https://cee.ksu.edu.tw/recruitinfo/1443.html CDX2.0推廣活動 - 台北場次 9/10 https://nchc-cdx.kktix.cc/events/cdxactivity-0910 TANET 2019 - 臺灣網際網路研討會 9/25 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310 HITB+ CYBER WEEK 2019/10/12 ~17 https://d2p.hitb.org/?fbclid=IwAR2gU17bz0Y7TH8THIIskIX1vziWBpMY152mJiwk7AAeVS752f_eNcZ0NzU Splunk .conf 19 10/21 ~ 10/24 https://conf.splunk.com/ AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22 https://ittraining.kktix.cc/events/aiot-training-2019 Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019 https://www.icscybersecurityconference.com