###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/7/29 ~ 2019/8/2 1.重大弱點漏洞/後門/Exploit/Zero Day Critical Flaws in 'OXID eShop' Software Expose eCommerce Sites to Hacking https://thehackernews.com/2019/07/oxid-eshop-ecommerce.html LibreOffice 遠端執行任意程式碼漏洞 https://nvd.nist.gov/vuln/detail/CVE-2019-9848 Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery https://www.exploit-db.com/exploits/47203 Oracle WebLogic遠程命令執行漏洞預警 http://www.oracle-training.cc/jiaocheng/8267850.html JVNVU#99222951 Oracle Solaris における任意のコード実行の脆弱性 https://jvn.jp/vu/JVNVU99222951/ Symantec Endpoint Protection 提升權限漏洞 https://support.symantec.com/us/en/article.SYMSA1487.html Fortinet 產品繞過保安限制漏洞 https://fortiguard.com/psirt/FG-IR-16-090 https://fortiguard.com/psirt/FG-IR-19-111 蘋果修補允許駭客讀取檔案的iMessage漏洞 https://ithome.com.tw/news/132119 【漏洞預警】Django JSONField，HStoreField SQL注入漏洞 https://www.freebuf.com/vuls/210257.html SanDisk SSD Dashboard 管理程式存有資安漏洞 https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5098 Google 資安團隊 Project Zero 一口氣發現多個 iOS 安全漏洞 https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5097 Just Opening A Document in LibreOffice Can Hack Your Computer (Unpatched) https://thehackernews.com/2019/07/libreoffice-vulnerability.html 微軟 Excel 存有遠端執行任意程式碼漏洞 https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5099 Windows Defender Application Control 安控機制可被跳過的漏洞 https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5100 Microsoft starts testing its new Cortana app as part of its latest Windows 10 20H1 Fast Ring build https://www.zdnet.com/article/microsoft-starts-testing-its-new-cortana-app-as-part-of-its-latest-windows-10-20h1-fast-ring-build/ How to perform a clean install of Windows 10: Here's a step-by-step checklist https://www.zdnet.com/pictures/windows-10-the-ultimate-clean-install-checklist/#ftag=RSSbaffb68 Authenticated XSS Found in WordPress Plugin Facebook Widget https://www.securityweek.com/authenticated-xss-found-wordpress-plugin-facebook-widget DHS warns about CAN bus vulnerabilities in small aircraft https://www.zdnet.com/article/dhs-warns-about-can-bus-vulnerabilities-in-small-aircraft/#ftag=RSSbaffb68 DHS Warns Small Airplanes Vulnerable to Flight Data Manipulation Attacks https://thehackernews.com/2019/07/airplane-can-bus-hacking.html Chrome 76 穩定版推出　Flash 死亡倒數 PWA 安裝更方便 http://bit.ly/2YtsILW Google Chrome 多個漏洞 https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html Chrome to Add HTTP Cache Partitioning to Block Attacks, Tracking https://www.bleepingcomputer.com/news/security/chrome-to-add-http-cache-partitioning-to-block-attacks-tracking/ Google Chrome 76 released for Windows, Mac, and Linux https://www.zdnet.com/article/google-chrome-76-released-for-windows-mac-and-linux/#ftag=RSSbaffb68 PlayStation Network 存在安全性漏洞，駭客可繞過驗證盜刷信用卡 https://www.kocpc.com.tw/archives/267793 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 中國天網籠罩台灣？合庫各分行監視器 竟是可人臉辨識的中國貨 https://news.ltn.com.tw/news/Taichung/breakingnews/2864619 合庫監視器 疑中貨改標 https://ec.ltn.com.tw/article/paper/1306136 監視器貼牌？ 合庫︰資安無疑慮才驗收 https://ec.ltn.com.tw/article/paper/1306279 監視器疑為陸貨　合庫請廠商簽保證並送檢測 https://www.ettoday.net/news/20190729/1501145.htm 中國天網監控台灣？「合作金庫」爆裝中國監視器 https://www.secretchina.com/news/b5/2019/07/27/901678.html 中國監視器滲透台灣銀行？合作金庫緊急澄清 http://bit.ly/2GDcfPb 純網銀下周將拍板定案，臺灣金融業將迎來2家競爭對手，大數據為王的生態系之戰也要開打 https://www.ithome.com.tw/news/132074 CFA、CFP證照最值錢 鼓勵員工考照 銀行獎勵拚場 https://www.chinatimes.com/newspapers/20190728000212-260202?chdtv 金融夯證照 CFP、防洗錢熱門 https://www.chinatimes.com/newspapers/20190728000208-260202?chdtv 傳統銀行拚數位轉型 央行指引5大明路 https://www.cna.com.tw/news/afe/201907280070.aspx 數位創新和核心大改造並行，凱基銀搶攻虛擬通路靠兩大關鍵 https://times.hinet.net/news/22484153 日本在線零售商樂天尋求美國的銀行執照 https://news.sina.com.tw/article/20190729/32123782.html 替用戶省下 500 億電匯手續費，歐洲 Fintech 獨角獸「TransferWise」市值破千億 https://buzzorange.com/techorange/2019/07/29/telegraphic-transfer-transferwise-how-does-transferwise-work/ 凱基銀、台灣大共創「數位行動刷卡機」 商家、顧客同享便利 https://m.ctee.com.tw/livenews/ch/a93610002019072919582813?area= 台灣即將多了兩家純網銀 傳統銀行為何老神在在 http://bit.ly/317dVZg 3家全上！純網銀執照名單終於揭曉，將來銀行、LINE Bank、樂天銀行通通取得執照！各自優勢大比較 https://www.ithome.com.tw/news/132123 純網銀名單公布 玉山金總座：前兩年營運是最大考驗 https://udn.com/news/story/7239/3959637 將來銀行 優先布建資安 https://money.udn.com/money/story/5648/3960390 將來銀行 國家隊資安保證 https://ec.ltn.com.tw/article/paper/1307211 樂天國際商銀獲准成立 將啟動台灣純網銀國際化新時代 https://udn.com/news/story/7239/3959566 台灣金融業邁向純網銀時代！樂天國際商銀也拿到門票了 https://ec.ltn.com.tw/article/breakingnews/2868565 財經巷仔內／純網銀夯什麼 與網路銀行有何不同 http://bit.ly/2YssaKt 防堵駭客 美國銀行資安預算暴增 https://www.chinatimes.com/realtimenews/20190731004511-260410?chdtv 壽險業搶攻區塊鏈技術　推一鍵快速理賠 https://tw.finance.appledaily.com/realtime/20190801/1609398/ 純網銀三家全數核准! 最快明年H1開業 營運目標初步出爐 三家各鎖定不同客群 https://www.ttv.com.tw/news/view/10807310021000F/579 「純網銀」的愛恨情愁 https://forum.ettoday.net/news/1502393?redirect=1 樂天純網銀將上線　拚開業後3年之內開始賺錢 https://www.ettoday.net/news/20190801/1503852.htm Akamai威脅研究﹕憑證填充攻擊及網絡釣魚仍是金融產業的最大威脅 http://n.yam.com/Article/20190802849526 Visa存在非接觸式信用卡漏洞 http://www.360.cn/n/10855.html Security Implications of Using AI & ML for Banking Innovations https://www.bankinfosecurity.asia/interviews/security-implications-using-ai-ml-for-banking-innovations-i-4402 How Prepared Is the Financial Services Sector to Respond to a Systemic, Global Cyberattack https://securityintelligence.com/posts/how-prepared-is-the-financial-services-sector-to-respond-to-a-systemic-global-cyberattack/ Exclusive: Hack Breaks Your Visa Card’s Contactless Limit For Big Frauds https://www.forbes.com/sites/thomasbrewster/2019/07/29/exclusive-hackers-can-break-your-credit-cards-30-contactless-limit/ OCBC Bank offers cash by QR codes https://www.zdnet.com/article/ocbc-bank-offers-cash-by-qr/#ftag=RSSbaffb68 Equifax settlement claims: The FTC says watch out for fake websites trying to scam you https://www.usatoday.com/story/money/2019/07/30/ftc-warns-equifax-settlement-scam-involving-fake-websites/1864757001/ 3.電子支付/電子票證/行動支付/ pay/新聞及資安 跨境支付“持牌”前夜“無證機構”補漏洞 https://finance.sina.com.cn/roll/2019-07-27/doc-ihytcitm4926172.shtml 日本「7pay」行動支付服務宣佈 9 月底完全停止營運 https://chinese.engadget.com/2019/08/01/7pay-end-for-good/ 修不好「7pay」只能放棄：日本7-11的電子支付大潰敗 https://global.udn.com/global_vision/story/8662/3964296 4.虛擬貨幣/區塊鍊 新聞及資安 SIM 卡遭竊被駭「7.3 億台幣」加密貨幣，受害者告美國電信巨頭 AT&T「技術疏失」 https://www.blocktempo.com/court-says-att-sim-hack-plaintiffs-24m-crypto-loss-not-result-of-security-lapse-must-amend-suit/ 幣寶台灣將於8/2召開說明會！三分鐘回顧整起被駭事件始末 http://bit.ly/2OEalUK 菲律賓聯合銀行推出區塊鏈穩定幣「PHX」，開放所有開戶民眾購買、使用 https://www.blocktempo.com/philippines-unionbank-launches-stablecoin-conducts-first-blockchain-transaction-by-bank/ 區塊鏈革命浪潮狂捲 台灣市場先進者的佈局 https://money.udn.com/money/story/5635/3962672 打擊假新聞，揪記者、工程師組隊導入區塊鏈技術 https://www.bnext.com.tw/article/54122/new-york-times-confirms-its-using-blockchain-to-combat-fake-news Eosfinex開放交易；在Mainnet EOS上推出 https://money.udn.com/money/story/9529/3962317 虛擬通貨交易所被駭，許毓仁要求加強資安防護與風控機制 http://bit.ly/2OKBmpA 面對幣寶被駭事件，許毓仁建議應加強監督、恪守自律 https://www.inside.com.tw/article/17098-bitpoint-got-hacked 虛擬通貨交易所頻頻遭駭 投資人恐求助無門 https://udn.com/news/story/7241/3963956 加密貨幣交易所 BitPoint 被駭，台灣分公司也宣布停止交易 https://technews.tw/2019/08/01/bitpoint-hacked-bptaiwan-stop-service/ BITPoint Japan 遭駭用戶提現受阻 幣寶台灣說明：法律途徑為最後考量 https://blockcast.it/2019/08/02/bitpoint-taiwan-0802/ Russian police investigate Bitcoin miner import scheme https://www.zdnet.com/article/russian-police-investigate-bitcoin-miner-import-scheme/#ftag=RSSbaffb68 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 十五年前的惡意軟體 MyDoom，今日依然肆虐 https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=902 反勒索 有解藥 勒索病毒來襲免緊張 https://times.hinet.net/news/22482348 Lookout揭開由俄羅斯國防承包商STC所打造的高級間諜程式Monokle面紗 https://www.ithome.com.tw/news/132039 惡意軟體Emotet消聲匿跡是好事？資安廠：可能攜新功能捲土重來 https://www.ettoday.net/news/20190729/1501010.htm 德國百強企業遭駭！惡意軟體「Winnti」入侵多個敏感產業，調查發現程式碼埋中文字符 https://www.bnext.com.tw/article/54151/winnti-chinesehackers-germany 媒體揭露中國Winnti駭客集團長期攻擊德國多個重要企業 https://times.hinet.net/news/22485696 No More Ransom專案讓駭客少賺了1.08億美元 https://www.ithome.com.tw/news/132096 RDP漏洞可引發全球性惡意軟件大爆發 http://safe.zol.com.cn/723/7232100.html 新勒索軟體利用Android 手機簡訊傳給通訊錄友人 https://www.ithome.com.tw/news/132144 安卓用戶注意！資安業者：行動惡意軟體攻擊最常見這3類 https://3c.ltn.com.tw/news/37557 看好你的信用卡,銷售櫃台系統( PoS )惡意程式 Badhatch 來了 https://blog.trendmicro.com.tw/?p=61425 新Mirai病毒變種利用Tor網路避免偵查 https://www.ithome.com.tw/news/132213 駭侵團體 APT34 透過 LinkedIn 邀請散布惡意軟體 https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=901 宅配公司發的不在府通知簡訊,夾帶病毒!揭穿五種網拍宅配包裹騙術 https://blog.trendmicro.com.tw/?p=55968 你下載的App都安全嗎?四招遠離手機病毒 https://blog.trendmicro.com.tw/?p=61205 Financial malware threat grows https://www.techradar.com/news/financial-malware-threat-grows Popular Malware Families Using 'Process Doppelgänging' to Evade Detection https://thehackernews.com/2019/07/process-doppelganging-malware.html No More Ransom project has prevented ransomware profits of at least $108 million https://www.zdnet.com/article/no-more-ransom-project-has-prevented-ransomware-profits-of-at-least-108-million/#ftag=RSSbaffb68 Zurich police warn of rise in ransomware attacks https://www.thelocal.ch/20190729/zurich-police-warn-of-rise-in-ransomware-attacks-switzerland-cybercrime Ransomware crooks hit Synology NAS devices with brute-force password attacks https://www.zdnet.com/article/ransomware-crooks-hit-synology-nas-devices-with-brute-force-password-attacks/ Ransomware infection takes some police car laptops offline in Georgia https://www.zdnet.com/article/ransomware-infection-takes-some-police-car-laptops-offline-in-georgia/#ftag=RSSbaffb68 Ransomware Attack Caused Power Outages in the Biggest South African City https://thehackernews.com/2019/07/cyberattack-power-outage.html South African power company battles ransomware attack https://www.welivesecurity.com/2019/07/26/south-africa-johannesburg-ransomware/ Ransomware attack leaves Johannesburg residents without electricity https://www.helpnetsecurity.com/2019/07/26/ransomware-johannesburg/ Attackers Are Wiping Iomega NAS Devices, Leaving Ransom Notes https://www.bleepingcomputer.com/news/security/attackers-are-wiping-iomega-nas-devices-leaving-ransom-notes/ Decryptiomega (NAS) Ransomware (YOUR FILES ARE the SAFE!!! txt) https://www.bleepingcomputer.com/forums/t/701380/decryptiomega-nas-ransomware-your-files-are-the-safe-txt/ Android ransomware is back https://www.welivesecurity.com/2019/07/29/android-ransomware-back/ This new Android ransomware infects you through SMS messages https://www.zdnet.com/article/this-new-android-ransomware-infects-you-through-sms-messages/#ftag=RSSbaffb68 US files lawsuit against Bitcoin exchange that helped launder ransomware profits https://www.zdnet.com/article/us-files-lawsuit-against-bitcoin-exchange-that-helped-launder-ransomware-profits/#ftag=RSSbaffb68 Utsick in Ransomware，Mobile Banking Malware https://www.infosecurity-magazine.com/news/uptick-in-ransomware-mobile/ Louisiana Declares Emergency After Malware Attacks https://www.bankinfosecurity.com/louisiana-declares-emergency-after-malware-attacks-a-12835 Johannesburg Utility Recovering After Ransomware Attack https://www.bankinfosecurity.com/johannesburg-utility-recovering-after-ransomware-attack-a-12834 Malicious campaign targets South Korean users with backdoor‑laced torrents https://www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/ Marcus 'MalwareTech' Hutchins gets no prison time, one year supervised release https://www.zdnet.com/article/marcus-malwaretech-hutchins-gets-no-prison-time-one-year-supervised-release/#ftag=RSSbaffb68 Massive Botnet Attack Used More Than 400,000 IoT Devices https://www.bankinfosecurity.asia/massive-botnet-attack-used-more-than-400000-iot-devices-a-12841 2019-07-29 - URSNIF INFECTION WITH PUSHDO https://www.malware-traffic-analysis.net/2019/07/29/index.html No More Ransom Thwarts $108 Million in Ill-Gotten Profits https://www.bankinfosecurity.eu/no-more-ransom-thwarts-108-million-in-ill-gotten-profits-a-12847 Bank-Malware ist im letzten Jahr um 50% gewachsen https://todotech20.com/ge/bank-malware-ist-im-letzten-jahr-um-50-gewachsen/ Hike in Banking Malware Attacks; Mobile Malware A Part of Cyber-Crime Too https://www.ehackingnews.com/2019/07/hike-in-banking-malware-attacks-mobile.html Why tens of thousands of Android users in the UAE fell victim to vicious malware https://www.thenational.ae/arts-culture/why-tens-of-thousands-of-android-users-in-the-uae-fell-victim-to-vicious-malware-1.891824 Mobile Anti-Malware Market Overview, Driver, Restraints, Opportunities (Growing Demand) Forecast Report 2024 http://atlasnewspaper.com/2019/07/28/mobile-anti-malware-market-overview-driver-restraints-opportunities-growing-demand-forecast-report-2024/ Banking malware aumentou 50% desde 2018 https://www.techenet.com/2019/07/banking-malware-aumentou-50-desde-2018/ Hutchins receives no jail time for Kronos banking trojan https://www.scmagazine.com/home/security-news/ransomware/hutchins-receives-no-jail-time-for-kronos-banking-trojan/ Agent Smith: The new virus to hit mobile devices https://backendnews.net/2019/07/30/agent-smith-the-new-virus-to-hit-mobile-devices/ Dridex’s Bag of Tricks: An Analysis of its Masquerading and Code Injection Techniques https://securityboulevard.com/2019/07/dridexs-bag-of-tricks-an-analysis-of-its-masquerading-and-code-injection-techniques/ Mobile malware attacks are booming in 2019: These are the most common threats https://anticorruptiondigest.com/2019/07/29/mobile-malware-attacks-are-booming-in-2019-these-are-the-most-common-threats/#axzz5vDs4IT1T Mobile Ransomware Targets Android Users Through SMS https://www.bankinfosecurity.com/mobile-ransomware-targets-android-users-through-sms-a-12864 Anul atacurilor asupra mobile banking http://www.clubitc.ro/2019/07/29/anul-atacurilor-asupra-mobile-banking/ New TrickBot Version Focuses on Microsoft's Windows Defender https://www.bleepingcomputer.com/news/security/new-trickbot-version-focuses-on-microsofts-windows-defender/ Java ATM Malware: The Insider Threat Phantom https://blog.yoroi.company/research/java-amt-malware-the-insider-threat-phantom/ Malware researchers analyzed an intriguing Java ATM Malware https://securityaffairs.co/wordpress/89125/malware/java-atm-malware.html Why nation-state hacking groups are increasingly turning to mobile malware https://www.zdnet.com/article/why-nation-state-hacking-groups-are-increasingly-turning-to-mobile-malware/ Keeping a Hidden Identity: Mirai C&Cs in Tor Network https://blog.trendmicro.com/trendlabs-security-intelligence/keeping-a-hidden-identity-mirai-ccs-in-tor-network/ B.行動安全 / iPhone / Android /穿戴裝置 /App Android登陸Switch，還能享用GPU加速功能 https://www.techbang.com/posts/71837-android-login-to-switch-and-gpu-acceleration 俄國駭客再出招 「假應用程式」騙取個資 https://www.ydn.com.tw/News/345827 "抖音"資安危機 印度議員提議禁用 https://news.cts.com.tw/cts/general/201907/201907261969035.html 售葯APP審核粗糙 沒乙肝記者假稱處方丟失買到葯 https://news.sina.com.tw/article/20190730/32132260.html 在線售葯APP調查：無處方可買處方葯、審核環節存漏洞 https://news.sina.com.tw/article/20190730/32132814.html 你下載的App都安全嗎?四招遠離手機病毒 https://blog.trendmicro.com.tw/?p=61205 研究人員發現 AirDrop 可能會洩露電話號碼 http://bit.ly/2OzCMDp iPhone 藍牙功能現安全漏洞 或會洩漏個人電話號碼 http://bit.ly/338Ogkm Your Android Phone Can Get Hacked Just By Playing This Video https://thehackernews.com/2019/07/android-media-framework-hack.html Viral FaceApp Unnecessarily Requests Access to Users' Facebook Friends List https://thehackernews.com/2019/07/faceapp-facebook-privacy.html WhatsApp Security Warning Over '1000GB Of Data' Message https://www.forbes.com/sites/daveywinder/2019/07/29/whatsapp-security-warning-over-1000gb-of-data-message/ Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws https://thehackernews.com/2019/07/apple-ios-vulnerabilities.html Google researchers disclose vulnerabilities for 'interactionless' iOS attacks https://www.zdnet.com/article/google-researchers-disclose-vulnerabilities-for-interactionless-ios-attacks/#ftag=RSSbaffb68 Apple's AWDL protocol plagued by flaws that enable tracking and MitM attacks https://www.zdnet.com/article/apples-awdl-protocol-plagued-by-flaws-that-enable-tracking-and-mitm-attacks/#ftag=RSSbaffb68 MILLIONS ‘GAMBLING WITH PERSONAL DATA’ BY ACCESSING FAKE WIFI HOTSPOTS, POLL SUGGESTS https://www.independent.co.uk/life-style/gadgets-and-tech/fake-wifi-hotspots-malware-security-data-warning-a9025441.html WhatsApp And Other Encryption Under Threat After 'Five Eyes' Demand Access https://www.forbes.com/sites/zakdoffman/2019/07/30/u-s-and-u-k-propose-forcing-whatsapp-and-others-to-include-encryption-backdoor/#3d2e221c628e iOS 12.3、iOS 12.3.1、iOS 12.3.2 認證關閉！蘋果一次終結三個版本 https://mrmad.com.tw/ios123-ios1231-ios1232-shsh-close C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件 WPA3的2019上半年發展概況，裝置端已有上百產品通過驗證 https://ithome.com.tw/news/131954 62歲程序員在公司植入漏洞收修理費：稱為保護專有代碼 https://news.sina.com.cn/c/2019-07-29/doc-ihytcitm5515202.shtml 趨勢科技報告：網絡犯罪集團利用 Twitter 犯案 https://money.udn.com/money/story/12987/3960904 6成網路攻擊都是來自中國！59萬筆文官資料外洩只是一角 台灣為何深陷資安危機 http://bit.ly/2T2AHi9 阻擋WannyCry的駭客Marcus Hutchins，法院決定將功贖罪判他免服早年網路罪行 https://times.hinet.net/news/22485667 資安業者出售BlueKeep攻擊程式 https://www.ithome.com.tw/news/132105 黑客利用Ellucian Banner網站漏洞入侵了62所美國大學 https://zhuanlan.zhihu.com/p/75260994 還在亂安裝？Chrome「擴充外掛」淪網路攻擊媒介 Google下令要這麼做 https://cnews.com.tw/134190729a05/ 又被盜帳號？電子遊戲產業為什麼安全漏洞多 https://game.udn.com/game/story/10453/3957343 擁有它就進入深海資訊天堂！海底電纜承載99%海外通信訊息，易遭何種破壞，又有誰在覬覦 https://www.storm.mg/article/1524745?srcid=73746f726d2e6d675f63373766396366313733396365313337_1564153512 全球有2300萬筆信用卡號流向暗網 https://www.ithome.com.tw/news/132059 電眼後是誰在監看？ 大陸「天網」撒向台灣 http://bit.ly/2GuymHG 防堵紅色滲透　台教會再使勁：勿以公帑訂紅媒 https://www.nownews.com/news/20190729/3527619/ 反紅色滲透 台教會：國營事業應重新思考訂閱中國時報 http://bit.ly/2K8dhDW 中國大陸三大院士齊聚蓉城共話網絡信息安全新技術 http://finance.eastmoney.com/a/201907291191158916.html 有關網絡安全漏洞披露管理的現狀分析與建議 http://www.sohu.com/a/329967663_354899 被舉發賣有漏洞軟體給美政府，思科同意賠償860萬美元，吹哨者也拿到160萬 https://www.ithome.com.tw/news/132163 美國網絡安全公司正在出售BlueKeep漏洞 https://www.linuxidc.com/Linux/2019-07/159628.htm 從美國新版資安架構看發展契機 http://pchome.megatime.com.tw/industry/cat43/201907/1188.html 美兩黨議員提案要求加強科技供應鏈安全 https://www.voacantonese.com/a/supply-china-technology-huawei-20190730/5022970.html 俄干預美選舉遍及50州 比想像更嚴重 http://bit.ly/2Y7FQex 早知俄網攻2016大選 華府不敢公布 https://udn.com/news/story/6813/3953573?from=udn-ch1_breaknews-1-cate5-news 英召開「五眼聯盟」會議 5大國談網路科技威脅 https://news.ltn.com.tw/news/world/breakingnews/2867673 巴西司法部：總統手機遭駭客鎖定 https://www.rti.org.tw/news/view/id/2028722 巴西總統手機疑遭駭 犯嫌曾對調查貪汙人員下手 https://fountmedia.io/article/26103 歷來最大！越南破獲網路賭博集團逮380中國人　涉案金額高達137億 https://tw.news.appledaily.com/international/realtime/20190729/1607641/ 看光！「五眼」欲取加密通訊內容 要科技業放行 https://www.chinatimes.com/realtimenews/20190802000005-260408?chdtv 中共邊緣化台灣20年 專家：台美應成為夥伴 http://www.epochtimes.com/b5/19/8/1/n11421741.htm 中國大陸工信部網路安全管理局：《網路安全漏洞管理規定》近期將印發 https://news.sina.com.tw/article/20190731/32156102.html 有關中國大陸網路安全漏洞披露管理的現狀分析與建議 https://ek21.com/news/tech/110870/ 資安怎麼防？五角大廈有上千台大陸電子設備 https://www.chinatimes.com/realtimenews/20190731003593-260417?chdtv 美軍招募變嚴 2中國移民被汰除 https://news.ltn.com.tw/news/world/paper/1307507 保加利亞國稅局遭駭客入侵 https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16269 MICROCHIPS Act wants to secure US govt supply chain against Chinese sabotage https://www.zdnet.com/article/microchips-act-wants-to-secure-us-govt-supply-chain-against-chinese-sabotage/#ftag=RSSbaffb68 Cisco ‘Knowingly’ Sold Hackable Video Surveillance System to U.S. Government https://thehackernews.com/2019/08/cisco-surveillance-technology.html Army fights fake news with propagandists and hackers in one unit https://www.theguardian.com/technology/2019/jul/31/army-fights-fake-news-with-propagandists-and-hackers-in-one-unit The ‘Ghost User’ Ploy to Break Encryption Won’t Work http://bit.ly/2K6v6UM Over half of enterprise firms don’t have a clue if their cybersecurity solutions are working https://www.zdnet.com/article/over-half-of-enterprise-firms-dont-measure-the-performance-of-their-cybersecurity-tools/#ftag=RSSbaffb68 Cyber Attack Trends: nessun ambiente è al sicuro https://www.bitmat.it/blog/news/87833/cyber-attack-trends-nessun-ambiente-e-al-sicuro Dark Web drug kingpin charged, forfeits $4 million in Bitcoin https://www.zdnet.com/article/dark-web-drug-kingpin-charged-forced-to-forfeit-4-million-in-bitcoin/#ftag=RSSbaffb68 Telegram voicemail hack used against Brazil's president, ministers https://www.zdnet.com/article/telegram-voicemail-hack-used-against-brazils-president-ministers/#ftag=RSSbaffb68 Silk Road Admin Sentenced to 78 Months in Prison On Drug Trafficking Charges https://thehackernews.com/2019/07/silk-road-dark-web-admin.html GitHub starts blocking developers in countries facing US trade sanctions https://www.zdnet.com/article/github-starts-blocking-developers-in-countries-facing-us-trade-sanctions/ Damaging insider threats rise to new highs in the past year https://www.helpnetsecurity.com/2019/07/26/damaging-insider-threats/ Russia Targeted All 50 States During 2016 Election: Report https://www.bankinfosecurity.com/russia-targeted-all-50-states-during-2016-election-report-a-12838 Linus Torvalds prepares to wave goodbye to Linux floppy drives https://www.zdnet.com/article/linus-torvalds-prepares-to-wave-goodbye-to-linux-floppy-drives/#ftag=RSSbaffb68 Brazilian firms struggle with cloud security immaturity https://www.zdnet.com/article/brazilian-firms-struggle-with-cloud-security-immaturity/#ftag=RSSbaffb68 Singaporean IT employees more keen on skills upgrade than higher pay https://www.zdnet.com/article/singapore-tech-employees-more-keen-on-skills-upgrade-than-higher-pay/#ftag=RSSbaffb68 Cyber Security Engineer (華亞科技園區) https://www.104.com.tw/job/6ouy6 【福利佳】【運維】資安工程師/資深資安工程師 https://www.104.com.tw/job/6ovyl D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 電商平台未綁定3D認證 成盜刷集團肥羊 https://www.ttv.com.tw/news/view/10807260026000N/699 盜刷無解！甫上路就出大包 日本7-11行動支付3個月就倒 https://ec.ltn.com.tw/article/breakingnews/2870802 賣3C產品收嘸款！　4知名電商遭盜刷上千萬 https://news.tvbs.com.tw/local/1173093 網購信用卡資料 2集團網路盜刷200多萬被查獲 https://news.ltn.com.tw/news/society/breakingnews/2864862 [北部] 偵破蕭○○為首及陳○○為首共14人信用卡網路盜刷集團 http://www.8news.net/thread-1392-1-1.html 假冒Booking.com「送回饋金」騙信用卡號　見5筆盜刷老公傻：驚喜旅行 https://travel.ettoday.net/article/1498179.htm 不法分子冒充駐德使館實施詐騙 中使館詳解案例 https://news.sina.com.tw/article/20190729/32122620.html 有包裹請查收」詐團狂炸釣魚簡訊 多人中招 https://udn.com/news/story/7315/3959704?from=udn-catelistnews_ch2 一張健保卡「全家吃到飽」 陸配詐90萬 https://news.ebc.net.tw/News/business/171863 【健保卡冒用！燒史上最高 90 萬醫療費】為何醫院檢核「雙證件」也難防身份冒用 https://buzzorange.com/2019/07/29/welfare-health-idcard-tw-china/ 騙人假簡訊！「快遞已發，請您查收」 http://bit.ly/2ZhOPWZ 詐團靠網購「解除分期」 一週騙倒兩醫師 https://news.ltn.com.tw/news/society/breakingnews/2866503 美中貿易戰成詐騙梗／購台廠設備 韓商遭詐1500萬 https://news.ltn.com.tw/news/society/paper/1307437 加LINE私下交易享優惠、臉書上的「限時搶購」可以相信嗎 https://www.cmmedia.com.tw/home/articles/14104 臉書被重罰1560億之後，用戶可以安心了嗎？專家：資料監控永遠是臉書商業模式的核心 https://www.storm.mg/article/1528384?srcid=73746f726d2e6d675f63373766396366313733396365313337_1564364013 多位英國女星iCloud裸照外流，經紀人警告拍照別上傳雲端 https://www.techbang.com/posts/71844-several-british-stars-icloud-leaked-in-black-nude-photos-agentwarns-against-taking-pictures 不怎樣的駭客卻駭進Capital One 金融高牆不堪一擊 https://udn.com/news/story/6811/3961438?from=udn-catebreaknews_ch2 美國銀行Capital One承認被駭客攻擊，超1億個人數據遭竊 https://www.techbang.com/posts/71924-bank-of-america-capital-one-admits-hacking-more-than-100-million-personal-data-stolen 美國第一資本遭駭 北美逾1億筆個資外流 https://ec.ltn.com.tw/article/breakingnews/2867883 FBI調查與Capital One駭客事件相關的其他潛在數據泄露 https://on.wsj.com/2GF7DrO 藝高人膽大？美銀行「Capital One」1億用戶資料外洩，女駭客上網炫耀「傑作」後落網 https://www.storm.mg/article/1539770?srcid=73746f726d2e6d675f63373766396366313733396365313337_1564541695 Amazon 前工程師駭進第一資本，上億銀行用戶個資外洩 https://technews.tw/2019/07/30/capitalone-hacked-personal-data-breach/ 美國史上最嚴重資安漏洞影響1億人　駭客粗心用真名被逮 https://www.ettoday.net/news/20190730/1501706.htm 個資外洩！美銀行Capital one遭駭客竊取1億筆客戶資料 https://news.cnyes.com/news/id/4363037 美國第一資本銀行遭駭客竊取 1.06 億筆美加信用卡使用者個人資料 https://global.technode.com/2019/08/01/capital-one-says-breach-hit-100-million-individuals-in-us/ CAPITAL ONE被「黑」 美加逾億客戶個資外泄 http://bit.ly/2YcSTex 「第一資本」遭黑客入侵 逾1億信用卡申請人資料外洩 https://hk.news.appledaily.com/international/realtime/article/20190730/59879644 業餘駭客輕易入侵美國大銀行 震驚資安界 https://www.cna.com.tw/news/aopl/201907310352.aspx 西雅圖女黑客疑竊取Capital One數據被捕 http://bit.ly/2GHL7Pc 亞馬遜捲入Capital One數據泄露事件 美國會要求解釋 https://news.sina.com.tw/article/20190802/32175700.html 變性女駭客 駭進Capital One 想進精神病院自保 http://bit.ly/2YCpiKQ 駭客竊取信用卡個資被捕 美加1.06億用戶受害 https://www.cna.com.tw/news/aopl/201907300090.aspx 犯罪集團瞄準 Office 365 系統管理員，並利用預先駭入的帳號從事網路釣魚攻擊 https://blog.trendmicro.com.tw/?p=61369 歐盟：放臉書「讚」按鍵的網站，也有個資蒐集的法律責任 https://www.ithome.com.tw/news/132112 皇后區ATM現盜卡裝置 紐約警局提醒檢查賬戶 https://www.ntdtv.com/b5/2019/07/29/a102633541.html 逾兩萬洛市警察與警局求職者資料遭泄 http://bit.ly/2LPgI5o 網路輸入個資，「匿名」也可追到你 http://bit.ly/2ZiNC1G IBM Research：資料外洩也有長尾效應，所付出的經濟成本可能延續多年 https://www.ithome.com.tw/news/132053 本田汽車雲端資料庫未上鎖，洩露上億份全球員工電腦安全資料 https://www.ithome.com.tw/news/132162 本田汽車雲端資料庫未設密碼 全球員工信息險遭泄露 https://news.sina.com.tw/article/20190801/32168164.html 培生集團系統遭駭 逾萬帳戶資料外洩 http://bit.ly/2YEQQza 系統遭駭 培生集團：已通知客戶 http://bit.ly/2LWslrl 網釣服務套件讓社交工程郵件更難以偵測 https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16268 駭客正在覬覦您的個人資料，您該如何預防 https://blog.trendmicro.com.tw/?p=60899 Report: LAPD Data Breach Exposes 2,500 Officer Records https://www.bankinfosecurity.com/report-lapd-data-breach-exposes-2500-officer-records-a-12856 Thousands of Los Angeles police caught up in data breach, personal records stolen https://www.zdnet.com/article/thousands-of-los-angeles-police-caught-up-in-data-breach-personal-records-stolen/#ftag=RSSbaffb68 Capital One Announces Data Security Incident https://www.newswire.ca/news-releases/capital-one-announces-data-security-incident-841404225.html Woman Arrested in Massive Capital One Data Breach https://www.bankinfosecurity.com/woman-arrested-in-massive-capital-one-data-breach-a-12852 DMARC's abysmal adoption explains why email spoofing is still a thing https://www.zdnet.com/article/dmarcs-abysmal-adoption-explains-why-email-spoofing-is-still-a-thing/#ftag=RSSbaffb68 160 Million Government Records Exposed in Data Breaches Since 2014, Study Finds https://fortune.com/2019/07/25/government-data-breaches-research/ Capital One: Where Did the Bank Fail on Defense https://www.bankinfosecurity.com/capital-one-where-did-bank-fail-on-defense-a-12858 Capital One Data Breach Affects 106 Million Customers; Hacker Arrested https://thehackernews.com/2019/07/capital-one-data-breach.html FormGet security lapse exposed thousands of sensitive user-uploaded documents https://techcrunch.com/2019/07/25/formget-security-lapse-exposed-documents/ Malicious 'Google' domains used in Magento card card skimmer attacks https://www.zdnet.com/article/malicious-google-domains-used-in-magento-data-skimmer/ NAB APOLOGISES TO CUSTOMERS FOR DATA BREACH https://news.nab.com.au/nab-apologises-to-customers-for-data-breach/ NAB APOLOGISES TO CUSTOMERS FOR DATA BREACH https://news.nab.com.au/nab-apologises-to-customers-for-data-breach/ NAB Apologizes After Breach of Personal Data https://www.bankinfosecurity.com/nab-apologizes-after-breach-personal-data-a-12846 A data breach forced this family to move home and change their names https://www.zdnet.com/article/a-data-breach-forced-this-family-to-move-home-and-change-their-names/#ftag=RSSbaffb68 DMARC's abysmal adoption explains why email spoofing is still a thing https://www.zdnet.com/article/dmarcs-abysmal-adoption-explains-why-email-spoofing-is-still-a-thing/#ftag=RSSbaffb68 The Prolonged Cost of a Data Breach https://www.bankinfosecurity.com/interviews/prolonged-cost-data-breach-i-4403 HACKERS SEIZE CONTROL OF BULGARIAN TAX AGENCY, SPRINKLER SYSTEM https://futurism.com/the-byte/hackers-bulgarian-tax-agency-sprinkler Russian espionage: Swiss-based email provider ProtonMail hit by cyberattack https://www.thelocal.ch/20190729/swiss-based-email-provider-protonmail-targeted-in-cyberattack Statement on the attempted phishing attack against Bellingcat https://protonmail.com/blog/bellingcat-cyberattack-phishing/ Malvertising: Online advertising's darker side https://blog.talosintelligence.com/2019/07/malvertising-deepdive.html E.研究報告 什麼是灰色軟體（Grayware） https://blog.trendmicro.com.tw/?p=61357 CVE-2019-3969：Comodo沙箱逃逸提权漏洞分析 https://juejin.im/entry/5d3ac29c518825119e385372 網絡安全態勢報告—2019年上半年 https://www.4hou.com/info/observation/19514.html HEVD 核心漏洞之IntegerOverflow https://www.itread01.com/content/1564145162.html Gorgon黑客組織再顯新招：通過在線網盤發起“三重奏”攻擊 https://ti.qianxin.com/blog/articles/gorgon-group-campaign-aggah-with-pastebin/ 網站安全滲透對OA系統越權漏洞測試與修復 https://www.admin5.com/article/20190726/917583.shtml 了解PowerShell安全性。PowerShell真的是一個漏洞嗎 https://zh.play-and-more.com/6701-understanding-powershell-security Jenkins任意文件讀取漏洞(CVE-2018-1999002) https://www.xuejiayuan.net/blog/f3b89e8f4b79432c84b891e9152d1141 CVE-2019-12384漏洞剖析 https://xz.aliyun.com/t/5792 非對稱式Security Boot/Security Update的實作 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&id=0000565197_76R21YTI84XFFC8KZO29J 網站被攻擊 該怎樣查找漏洞並進行修復 https://kknews.cc/other/2yvlmn9.html CVE-2019-9866 漏洞筆記 https://www.bilibili.com/read/cv3191436/ ASRC 2019 年第二季度電子郵件安全趨勢 http://bit.ly/2YdJHXs Jboss反序列化漏洞復現(CVE-2017-12149) https://www.cnblogs.com/yuzly/p/11240145.html CVE-2018-8423：Jet Database Engine漏洞分析 https://www.anquanke.com/post/id/183203 路由器漏洞分析系列（5）：CVE-2018-19986 DIR-818LW＆828命令注入漏洞分析及復現 https://xz.aliyun.com/t/5808 CVE-2019-11244漏洞到底該如何修復？--關於快取檔案許可權設定 https://www.itread01.com/content/1564464007.html Linux Kernel Exploit 內核漏洞學習(3)-Bypass-Smep https://bbs.pediy.com/thread-253455.htm RapidScan – 自動化多工具Web漏洞掃描器 https://www.uedbox.com/post/58815/ jboss反序列化漏洞復現(CVE-2017-7504) https://www.cnblogs.com/yuzly/archive/2019/07/31/11240101.html XXE漏洞研究分析 https://www.itread01.com/content/1564623604.html DLL劫持漏洞自動化識別工具Rattler測試 https://segmentfault.com/a/1190000019948854 Typo3 CVE-2019-12747 反序列化漏洞分析 https://paper.seebug.org/996/ 漏洞復現之JBoss 4.x JBossMQ JMS 反序列化漏洞（CVE-2017-7504） https://www.cnblogs.com/iamver/p/11282928.html Considerations on OpenShift PKIs and Certificates https://blog.openshift.com/considerations-on-openshift-pkis-and-certificates/ 15 signs you've been hacked -- and how to fight back https://www.csoonline.com/article/2457873/signs-youve-been-hacked-and-how-to-fight-back.html Microsoft Office 365 Webmail Exposes User's IP Address in Emails https://www.bleepingcomputer.com/news/microsoft/microsoft-office-365-webmail-exposes-users-ip-address-in-emails/ Essential Active Directory Security Defenses https://www.bankinfosecurity.com/essential-active-directory-security-defenses-a-12828 Eliminating the Burden of Periodic Password Reset for Active Directory https://www.bankinfosecurity.com/blogs/eliminating-burden-periodic-password-reset-for-active-directory-p-2766 Global Multi-Factor Authentication Market Insights, Growth and Overview 2019-2025 https://consumerreportsreview.com/global-multi-factor-authentication-market-insights-growth-and-overview-2019-2025/ BGP vs MPLS | Difference Between BGP and MPLS Protocols in VPN https://cciedump.spoto.net/blog-732 Nowhere to hide as cyber-attacks hit everywhere https://it-online.co.za/2019/07/29/nowhere-to-hide-cyber-attacks-hit-everywhere/ マルウエアの設定情報を抽出する ~ MalConfScan https://blogs.jpcert.or.jp/ja/2019/07/malconfscan.html マルウエアの設定情報を自動で取得するプラグイン ~MalConfScan with Cuckoo https://blogs.jpcert.or.jp/ja/2019/08/malconfscan-with-cuckoo.html F.商業 你的企業受過網攻嗎？ Check Point：25%不知道 http://bit.ly/2YyEl8i 從Fintech跨足資訊安全，精誠資訊首度扶植資安新創 https://ithome.com.tw/news/132191 芬安全與安克諾斯聯手推出資安特攻隊 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000564762_jg682zi85ha2gg3hd2dxp 資安防護，你做好做滿了嗎？別忘了「主動防護」的重要性～再推薦 G2DEAL 線上軟體購物方便又省荷包 https://axiang.cc/archives/47530 NGFW為核心搭建資安鐵三角　簡單易上手即可保安全性 掌握內網與閘道端資料　持續監看潛在惡意行徑 https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/90A7390D6AB3494588E3AC314A09FCB8 端點跟進走向雲端安全　全面加強管控強度 McAfee推出Mvision Cloud　以CASB方案解除影子IT威脅 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/F02A93A0CB004396B6EFDAA2B30DBA92 Check Point推出新安全分析解決方案 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=&id=0000564800_Y9U9LZ9QLE8UDH1AWP690 Win 7終止支援倒數計時 安克諾斯建議 企業客戶批量升級 避免成為漏洞的受害者 https://n.yam.com/Article/20190730671347 雲端安全風險增　報告：安全漏洞逾3400萬個 http://bit.ly/315DLwI 廣納外部威脅手法樣態　大數據演算輔助凸顯惡意活動 蒐集分析掌握應用行為　見招拆招防患於未然 https://www.netadmin.com.tw/netadmin/zh-tw/trend/31426023C3654D838E825737B0D50AD1 人工智慧強化工具與程序　彌補資安人力缺口 打造預防式資安體系　關鍵在先從基本功做起 https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/5091270CAC7846D7B34179B43175F7E8 Check Point推雲端威脅情資分析，可匯集比對租戶公有雲事件 https://www.ithome.com.tw/review/131915 為新型態應用奠定安全基礎　迎向下一波萬物連網世代 Infinity架構防護網　兼顧地端與雲端資安 https://www.netadmin.com.tw/netadmin/zh-tw/trend/F5C4A014581442C2B5A74FD74E549574 高整合與高效率兼具 Silicon Labs搶攻物聯網PoE市場 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&id=564904 Openfind 攜手是方電訊、群環科技、關貿網路發表雲端資安生態圈聯盟，提供企業創新的全方位資安應用服務 https://www.openfind.com.tw/taiwan/news_detail.php?news_id=10192 Anomali統合多種威脅情資與即時鑑識，兼具情報共享與分析 https://www.ithome.com.tw/review/132090 臺灣資安新創奧義智慧獲淡馬錫基金565萬美元B輪投資 https://ithome.com.tw/news/132237 Check Point Study: Cloud, Mobile or Email, No Environment is Immune to Cyber Attacks https://hostingjournalist.com/cybersecurity/check-point-study-cloud-mobile-or-email-no-environment-is-immune-to-cyber-attacks/ Check Point: ‘Elke omgeving loopt gevaar voor cyberaanvallen’ https://www.techzine.be/nieuws/41590/check-point-elke-omgeving-loopt-gevaar-voor-cyberaanvallen.html Will XDR Improve Security https://blog.trendmicro.com/will-xdr-improve-security/ Windows Server 2008 End of Support: Are you Prepared https://blog.trendmicro.com/windows-server-2008-end-of-support-are-you-prepared/ Kaspersky: Why we're ready to go to the next level https://www.techradar.com/news/kaspersky-why-were-ready-to-go-to-the-next-level G.政府 台警加入反勒索病毒平台 與國外交換防毒資訊 https://www.cna.com.tw/news/asoc/201907270116.aspx 刑事局加入歐警反勒索病毒平台 民眾可上網拿解鑰 https://udn.com/news/story/7320/3954375?from=udn-relatednews_ch2 4位國安局長、5位侍衛長渾然不覺？私菸案爆國安大漏洞 http://bit.ly/2YsxRYN 政院管制科技產品黑名單 近期內可望公布 https://www.rti.org.tw/news/view/id/2029131 工研院ICT TechDay 六大亮點超吸睛 https://udn.com/news/story/7240/3960675?from=udn-catelistnews_ch2 5G、AI、自駕車應有盡有，工研院 ICT TechDay 發表 34 項新技術 https://www.inside.com.tw/article/17075-ICT-TechDay 市府攝影賽 遭控亂改徵件日、投票網址外流 http://bit.ly/2Ytmqff 行政院技術服務中心參與亞太區2019資安演練(APCERT DRILL 2019) https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16276 H.ICS/SCADA 工控系統 工業物聯網資安危機下 五大不可不知的安全弱點 http://pages.moxa.com/TPE-Auto-Exhibition-Cyber-Registration.html Urgent11 security flaws impact routers, printers, SCADA, and many IoT devices https://www.zdnet.com/article/urgent11-security-flaws-impact-routers-printers-scada-and-many-iot-devices/#ftag=RSSbaffb68 hp -- universal_internet_of_things https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11990 qualcomm -- ipq8074_firmware https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-13924 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2269 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2279 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2287 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2305 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-13896 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-13927 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2276 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-2273 Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices https://thehackernews.com/2019/07/vxworks-rtos-vulnerability.html I.教育訓練 [Regex] 值得注意的 Regular Expression 樣式的潛在風險 https://dotblogs.com.tw/johnny/2010/09/08/17607 [探索] 門外漢的機械學習導覽 https://vocus.cc/@renewang/5cfe83a3fd8978000148fae3 超融合基礎架構與VMware vSAN https://www.uuu.com.tw/Public/content/article/19/20190722.htm 【專家主場】「資安真經」の國際專業證書CISSP篇 http://bit.ly/2JUEF9m 解決企業主最頭痛的資安問題，這些實用技術一定要會 https://ithome.com.tw/pr/132046 網路與軟體應用 › 教你 使用 Windows 10 Sandbox 沙箱 功能，降低電腦中毒的機率 https://www.kocpc.com.tw/archives/267581 What is a zero day? A powerful but fragile weapon https://www.csoonline.com/article/3284084/what-is-a-zero-day-a-powerful-but-fragile-weapon.html 最近のセキュリティ動向を知ろう https://paiza.jp/works/security/primer/beginner-security1/10401 移動安全測試 使用burpsuite進行漏洞掃描(一) https://testerhome.com/topics/20082 HTTP Security Headers - A Complete Guide https://nullsweep.com/http-security-headers-a-complete-guide/ J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 物聯網裝置也要小心被網路攻擊！惡意軟體Mirai有新變種 http://bit.ly/2K74CS2 企業該如何部署工業物聯網（IIoT）安全解決方案 https://blog.trendmicro.com.tw/?p=61364 IoT home security camera allows hackers to listen in over HTTP https://www.zdnet.com/article/iot-home-security-camera-allows-hackers-to-listen-in-over-http/#ftag=RSSbaffb68 Inside the Smart Home: IoT Device Threats and Attack Scenarios http://bit.ly/2K32Fao Researchers Hack Surveillance Systems to Show Fake Video Feed https://www.bleepingcomputer.com/news/security/researchers-hack-surveillance-systems-to-show-fake-video-feed/ 'Urgent/11' Vulnerabilities Affect Many Embedded Systems https://www.bankinfosecurity.com/urgent11-vulnerabilities-affect-many-embedded-systems-a-12851 6.近期資安活動及研討會 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28 https://www.accupass.com/event/1906050355291064968019 【CIT週末玩程式】- (8月)認識電腦與程式邏輯訓練(I) 8/3 https://www.meetup.com/Women-Who-Code-Taipei/events/jtcjfryzlbfb/ Python 基礎工作坊@TMU 8/6 https://www.meetup.com/Women-Who-Code-Taipei/events/mfnfcryzlbjb/ FileMaker Taipei 8/6 https://www.meetup.com/Taipei-FileMaker-Meetup/events/wqfqwpyzlbjb/ 資安事故處理實務課程 8/7 ~ 8/8 http://bit.ly/2VW0Lv9 Android Code Club(Taipei) 8/7 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzlbkb/ HackingThursday 固定聚會 8/8 https://www.meetup.com/hackingthursday/events/vkhnnqyzlblb/ DEF CON 27 2019/8/8–8/11 https://www.defcon.org/ 大數據軟體開發平台與AI(人工智慧)開發應用案例 8/9 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3805&from_course_list_url=homepage Android Code Club(Taipei) 8/14 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzlbsb/ 數位鑑識處理實務 8/14 ~ 8/15 http://bit.ly/2VW0Lv9 HackingThursday 固定聚會 8/15 https://www.meetup.com/hackingthursday/events/vkhnnqyzlbtb/ 108 年度臺灣學術網路危機處理中心資安巡迴研討會 -資安趨勢暨網路安全概要 8/19 ~ 8/27 http://www.hssh.tp.edu.tw/ezfiles/1/1001/attach/42/pta_17520_7551835_06329.pdf 台灣駭客年會 HITCON Summer Training 2019 - 學生報名 2019-08-19 ~ 2019-08-22 https://www.accupass.com/event/1906050919271598677460 ￜYahoo奇摩電商專題講座ￜ 我們與詐騙的距離_電商不可承受的資安之重 8/21 https://www.accupass.com/event/1906120307261445013215 資訊安全攻防實務- 企業紅藍隊對抗演練實務 08/21 星期三 09:00 ~ 08/23 星期五 16:30 https://www.moea.gov.tw/Mns/populace/news/NewsAction.aspx?menu_id=43&news_id=86049 WEB應用滲透測試 8/21 ~ 8/23 https://www.accupass.com/event/1904080221358963463590 Thinking Thursday 第三場 8/22 https://www.meetup.com/Thinking-Thursday/events/lrqddryzlbdc/ 台灣駭客年會 HITCON Community 2019 2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8) https://www.accupass.com/event/1906040921594609934250 第四屆臺灣好厲駭~開放報名 至108年8月26日(一)下午5點截止 http://bit.ly/2ZlpP0Q NISRA Enlightened 2019 2019/08/26 ~ 2019/08/29 https://nisra.kktix.cc/events/2019enlightened 數位政府高峰會 2019 8/28 https://egov.ithome.com.tw/ ModernWeb 19 8/28 ~ 8/29 https://modernweb.tw/ 資安法規與制度研析課程－108年度「資安人才培訓及國際推展計畫－資安專業人才培育深化課程」 8/29 ~ 8/30 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw== 108年資安職能訓練-行動裝置安全(8/29-8/30) https://cee.ksu.edu.tw/recruitinfo/1443.html 2019 NGO 資安種子講師訓練 8/29 https://ocftw.kktix.cc/events/cscs2019tot Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 9/6 https://signupcybersec101.ithome.com.tw/ 交通大學亥克書院-B022:基礎網頁安全與滲透測試<新竹場次> 9/7 https://hackercollege.nctu.edu.tw/?p=1079 資訊安全管理系統-基礎課程（免費！）9/8 https://www.accupass.com/event/1907160853513957042270 【AWS資安】Security Engineering on AWS​高級課程 9/9 ~ 9/11 https://www.accupass.com/event/1905150854571147685105 CDX2.0推廣活動 - 台北場次 9/10 https://nchc-cdx.kktix.cc/events/cdxactivity-0910 Kubernetes Sumｍit 9/11 https://summit.ithome.com.tw/kubernetes/ Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 9/20 https://signupcybersec101.ithome.com.tw/ 金融資安培訓課程 9/20 https://twap.deloitte.com.tw/DTLCRA/Works/CourseDetail.aspx?CourseID=T1906002 資策會開辦「認證系統安全從業人員 SSCP 輔導班」2019/9/21 https://ithome.com.tw/pr/131772 交通大學亥克書院-A011:入侵行為發覺與應變指南 9/21 https://hackercollege.nctu.edu.tw/?p=1082 資訊安全管理系統-進階課程（免費！）9/21 https://www.accupass.com/event/1907160908138705889800 TANET 2019 - 臺灣網際網路研討會 9/25 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310 交通大學亥克書院-B022:基礎網頁安全與滲透測試 9/28 https://hackercollege.nctu.edu.tw/?p=1084 HITB+ CYBER WEEK 2019/10/12 ~17 https://d2p.hitb.org/ 交通大學亥克書院-A006:數位足跡追蹤與分析 10/19 https://hackercollege.nctu.edu.tw/?p=1088 Splunk .conf 19 10/21 ~ 10/24 https://conf.splunk.com/ AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22 https://ittraining.kktix.cc/events/aiot-training-2019 Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019 https://www.icscybersecurityconference.com Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 10/25 https://signupcybersec101.ithome.com.tw/ 交通大學亥克書院-A015:進階網頁滲透測試 10/26 https://hackercollege.nctu.edu.tw/?p=1090 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/8 https://signupcybersec101.ithome.com.tw/ 交通大學亥克書院-P006:高階網頁滲透測試 11/16 https://hackercollege.nctu.edu.tw/?p=1092 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/29 https://signupcybersec101.ithome.com.tw/ 交通大學亥克書院-B015:惡意程式檢測 11/30 https://hackercollege.nctu.edu.tw/?p=1098 交通大學亥克書院-A018:企業網域控管－Active Directory攻擊與防禦 12/14 https://hackercollege.nctu.edu.tw/?p=1094 Japan Security Analyst Conference https://jsac.jpcert.or.jp/