###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/11/25 ~ 2019/11/29 1.重大弱點漏洞/後門/Exploit/Zero Day Google 已發布安全更新以解決多個產品中的弱點 https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html CWE公布2019年最危險的25個軟體錯誤 https://www.ithome.com.tw/news/134475 Fortinet 多個產品存在加密金鑰弱點，可能造成中間人成功竊聽或披露機敏資訊 https://fortiguard.com/psirt/FG-IR-18-100 TOP25 漏洞類型 8 年後首次迎來更新 https://www.chainnews.com/zh-hant/articles/142025348603.htm phpMyAdmin 遠端執行任意程式碼漏洞 https://www.phpmyadmin.net/security/PMASA-2019-5/ Red Hat JBoss Enterprise Application Platform 多個漏洞 https://www.auscert.org.au/bulletins/ESB-2019.4484/ 部份Fortinet產品加密金鑰漏洞，可讓駭客竊聽用戶活動 https://ithome.com.tw/news/134415 一加公佈個人信息安全漏洞並向受影響客戶致歉 https://www.cnbeta.com/articles/tech/913985.htm TP-Link TL-WR841N 遠端執行程式碼漏洞 https://www.zerodayinitiative.com/advisories/ZDI-19-992/ ClamAV CVE-2013-7088 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7088 ClamAV CVE-2013-7087 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7087 Google Project Zero描述了一個Android 0day 漏洞Bad Binder https://www.cnbeta.com/articles/tech/913821.htm Google Project Zero詳細描述高危Android零日漏洞 http://www.360.cn/n/11343.html Kaspersky 產品多個漏洞 https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 Kali Linux推出2019.4新版，可把Android手機用作Linux桌面電腦 https://www.ithome.com.tw/news/134489 4款VNC開源專案含有37個安全漏洞 https://www.ithome.com.tw/news/134412 37 Vulnerabilities Found in 4 Popular Open-Source VNC Remote Access Software https://gbhackers.com/37-vulnerabilities-vnc/ Apache Solr CVE-2019-12409 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12409 Code Execution Vulnerability Found In TeamViewer – Patch Now https://latesthackingnews.com/2019/11/18/code-execution-vulnerability-found-in-teamviewer-patch-now/ Microsoft christens Windows 10 20H1 as Windows 10 2004; preps to start testing its successor https://www.zdnet.com/article/microsoft-christens-windows-10-20h1-as-windows-10-2004-preps-to-start-testing-its-follow-on/#ftag=RSSbaffb68 Microsoft Outlook for Android Bug Opens Door to XSS https://threatpost.com/microsoft-outlook-android-bug-xss/150528/ Apple plans to make iOS upgrades less awful (and knew how terrible iOS 13 was) https://www.zdnet.com/article/apple-plans-to-make-ios-upgrades-less-awful-and-knew-how-terrible-ios-13-was/#ftag=RSSbaffb68 【資安漏洞預警】Openfind MAIL2000 Webmail Pre-Auth Cross-Site Scripting and Open Redirect https://net.nthu.edu.tw/2009/mailing:announcement:20191121_01 New bypass disclosed in Microsoft PatchGuard (KPP) https://www.zdnet.com/article/new-bypass-disclosed-in-microsoft-patchguard-kpp/#ftag=RSSbaffb68 Instagram信息泄露漏洞 https://securityaffairs.co/wordpress/91253/hacking/instagram-bug-data-exposure.html IBM Security Identity Manager CVE-2019-4561 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-4561 IBM WebSphere Application Server 遠端執行程式碼漏洞 https://www.ibm.com/support/pages/node/1115085 PostgreSQL CVE-2015-3166 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3166 postgresql-common CVE-2019-3466 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3466 Symantec Endpoint Protection CVE-2019-18372 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-18372 Symantec Endpoint Protection CVE-2019-12758 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12758 Symantec Endpoint Protection Manager (SEPM) CVE-2019-12759 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12759 Some Fortinet products shipped with hardcoded encryption keys https://www.zdnet.com/article/some-fortinet-products-shipped-with-hardcoded-encryption-keys/#ftag=RSSbaffb68 Exploit code published for dangerous Apache Solr remote code execution flaw https://www.zdnet.com/article/exploit-code-published-for-dangerous-apache-solr-remote-code-execution-flaw/#ftag=RSSbaffb68 Splunk Faces Y2K Bug-Like Problem Unless Patched https://www.bleepingcomputer.com/news/security/splunk-faces-y2k-bug-like-problem-unless-patched/#.XdzjVczg8mQ.twitter Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps https://blog.trendmicro.com/trendlabs-security-intelligence/patched-gif-processing-vulnerability-cve-2019-11932-still-afflicts-multiple-mobile-apps/ Top 25 Most Dangerous Vulnerabilities Refreshed After 8 Years https://www.bleepingcomputer.com/news/security/top-25-most-dangerous-vulnerabilities-refreshed-after-8-years/#.Xd44POT58iQ.twitter Adobe discloses security breach impacting Magento Marketplace users https://www.zdnet.com/article/adobe-discloses-security-breach-impacting-magento-marketplace-users/#ftag=RSSbaffb68 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 全球首張資安保險專業資格國際證書 https://ctee.com.tw/industrynews/activity/178876.html 國泰產險榮獲英國標準協會頒發資安品質精銳獎 https://www.cdns.com.tw/articles/61406 迎向開放 金管會3步推動 https://tw.appledaily.com/finance/20191124/BSJ36OJXWV2D4R6V5HIWCJGNZU/ 四大數位專才 金融業搶破頭 https://www.chinatimes.com/newspapers/20191124000237-260202?chdtv 新光銀「立碼驗」 將進駐萊爾富 https://udn.com/news/story/7239/4182263 記帳App 搶開放銀行頭香 精準掌控開支 逾25萬下載 https://tw.appledaily.com/finance/20191124/YKADJG44NTU2QZZY5J2Z42GOSQ/ 無障礙網銀、APP轉帳，明年6月底前上線 https://www.chinatimes.com/realtimenews/20191125001003-260410 前仆後繼搶進個人金融市場，純網銀業者看中的是什麼 https://www.thenewslens.com/article/127769 金融科技展將登場 證交所送好禮 https://udn.com/news/story/7251/4186699 支付虛實整合 顧立雄：2020年銀行競爭將相當激烈 https://udn.com/news/story/7239/4187854 彰銀 規劃建立資安戰情室 http://bit.ly/2OhWZeK 銀行業 明年迎新戰國時代 http://bit.ly/2OMBUrR 顧立雄：電支電票整合、純網銀開業，明年金融業競爭將越趨激烈 https://ithome.com.tw/news/134427 金總推動FinTech 接軌國際 https://money.udn.com/money/story/5649/4189509 5,630萬美元！英國央行對花旗開出有史以來最高罰單 https://money.udn.com/money/story/5599/4189848 國泰產險 獲BSI頒資安品質精銳獎 https://money.udn.com/money/story/5636/4189261 2019金融科技展搶先看 金融創新聚焦三大領域 https://money.udn.com/money/story/5636/4187702 證交所參展「FinTech Taipei 2019 台北金融科技展」活動 https://www.cdns.com.tw/articles/64002 財金公司捍衛金融資安 滴水不漏 https://money.udn.com/money/story/8944/4189339 金融服務業數位化轉型過程中所面對的法制挑戰 https://udn.com/news/story/6871/4192826 LINE Bank結合AI創新與資安二優勢 預見未來生活金融 https://udn.com/news/story/7239/4193677 LINE Bank 現身台北金融科技展，展示「全民銀行」將結合AI與資安打造生活金融 https://www.techbang.com/posts/74603-line-bank-combines-ai-innovation-with-financial-for-future-life LINE Bank明年第二季推出！保險、小額貸款都OK https://www.setn.com/News.aspx?NewsID=644678 開放銀行明年擬朝第2階段邁進　消費者可申請產品與消費資訊 https://www.ettoday.net/news/20191129/1590771.htm 金融科技隱藏資安風險　證交所研擬區塊鏈技術抵禦 https://www.ettoday.net/news/20191129/1590836.htm 純網銀明年上路掀起鯰魚效應　顧立雄讚國銀：每個人都趕上來了 https://www.ettoday.net/news/20191129/1590795.htm WILL BANKS ALWAYS BE VULNERABLE TO HACKERS https://builtin.com/cybersecurity/cybersecurity-banking-financial-services Taiwan's financial regulator: ATMs won't disappear, they'll just become smarter https://www.atmmarketplace.com/news/taiwans-financial-regulator-atms-wont-disappear-theyll-just-become-smarter/ Hackers now use web skimmers to steal credit card data https://www.hackread.com/hackers-use-web-skimmers-to-steal-credit-card-data/ Web skimmer phishes credit card data via rogue payment service platform https://blog.malwarebytes.com/web-threats/2019/11/web-skimmer-phishes-credit-card-data-via-rogue-payment-service-platform/ Two Chinese ATM skimmers arrested in Chon Buri https://www.nationthailand.com/news/30378636 Quantum Dawn Cyber Exercise Simulates a “Doomsday” Global Ransomware Attack https://www.cpomagazine.com/cyber-security/quantum-dawn-cyber-exercise-simulates-a-doomsday-global-ransomware-attack/ Full(z) House: a digital crime group using a full deck to maximize profits https://www.riskiq.com/blog/labs/fullz-house/ Fullz House hackers pivot from phishing to Magecart card skimming attacks https://www.zdnet.com/article/fullz-house-threat-group-pivots-from-phishing-to-magecart-card-skimming-attacks/#ftag=RSSbaffb68 Magecart Group Switches Up Tactics with MiTM, Phishing https://threatpost.com/magecart-variant-tactics-mitm-phishing/150628/ RiskIQ exposes MageCart group that has combined data exfiltration techniques https://www.techspot.com/news/82933-riskiq-exposes-magecart-group-has-combined-data-exfiltration.html Black Friday Alert: Financial Botnets Primarily Targeting E-Commerce Apparel Sites https://www.iafrica.com/black-friday-alert-financial-botnets-primarily-targeting-e-commerce-apparel-sites/ Carding and black box attacks: common ATM hacking techniques by Dominique René https://hakin9.org/carding-and-black-box-attacks-common-atm-hacking-techniques/ Silence APT group eyes APAC banks https://www.computerweekly.com/news/252468853/Silence-APT-group-eyes-APAC-banks Joker's Stash Advertises More Stolen Payment Card Data https://www.bankinfosecurity.com/jokers-stash-advertises-more-stolen-payment-card-data-a-13451 3.電子支付/電子票證/行動支付/ pay/新聞及資安 「行動支付聯合成果展」，行動支付創造優質消費新生活 http://n.yam.com/Article/20191122541671 情侶在超商2元「狂吃猛喝」手法曝光 全場驚：竟沒想到 http://bit.ly/2pVrOg6 4.虛擬貨幣/區塊鍊相關新聞及資安 關於近日門羅幣供應鏈攻擊事件分析 https://paper.seebug.org/1083/ 門羅幣錢包之“狸貓換太子” https://paper.seebug.org/1080/ 避免“剁手”假貨？區塊鍊鍊上鍊下數據協同分析 https://paper.seebug.org/1076/ 區塊鏈智能合約控制流識別的大規模實驗研究 https://paper.seebug.org/1072/ 加密貨幣市場市場崩潰, 因幣安的上海辦事處關閉的負面影響 http://bit.ly/34gQNta Monero官網遭植入惡意程式，用戶加密貨幣錢包被清光 https://ithome.com.tw/news/134399 無視資安風險？ 調查：92% 機構投資者在交易所存幣 https://blockcast.it/2019/11/25/institutional-investors-overwhelmingly-keep-their-cryptos-on-exchanges-despite-the-inherent-security-risks/ 區塊鏈局勢總搖擺不定，因其起源與駭客文化有著莫大的關係 https://news.knowing.asia/news/cce3a1b2-2ce7-4e24-b308-78eb41cd84f0 韓國交易所 Upbit 遭駭？公告證實「4 千萬美元異常交易」 https://blockcast.it/2019/11/27/upbit-hack-1127/ 爆資安漏洞，Upbit以太幣失竊 http://bit.ly/2OOQi2Y Upbit 交易所遭駭疑點重重？分析師：不排除「內鬼」可能性 https://blockcast.it/2019/11/28/analysts-suggested-that-upbit-hack-was-actually-an-inside-job/ 2019 年 7 大加密貨幣交易所駭客事件 http://bit.ly/2rza8qY Federal Reserve Report Raises Concerns About 'Stablecoins' https://www.bankinfosecurity.com/federal-reserve-report-raises-concerns-about-stablecoins-a-13433 Upbit cryptocurrency exchange loses $48.5 million to hackers https://www.zdnet.com/article/upbit-cryptocurrency-exchange-loses-48-5-million-to-hackers/#ftag=RSSbaffb68 Hackers Steal $49 Million in Ethereum From Upbit Exchange https://www.bankinfosecurity.com/blogs/hackers-steal-49-million-in-ethereum-from-upbit-exchange-p-2825 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 勒索軟體Dopplepaymer藉由Microsoft Teams散佈？ 微軟否認 https://ithome.com.tw/news/134364 新版TrickBot木馬企圖竊取OpenSSH與OpenVPN金鑰 https://www.ithome.com.tw/news/134398 點開就要1.5萬！假冒Windows 10更新通知 郵件暗藏勒索軟體 https://cnews.com.tw/137191125a04/ 提供110家療養院服務的IT業者VCPI被勒索軟體纏住了 https://www.ithome.com.tw/news/134431 惡意程式Dexphot以高明手法躲避偵測，8萬台Windows PC變比特幣挖礦機 https://www.ithome.com.tw/news/134440 勒索病毒.攻擊日本中小企業　四成受害 https://news.tvbs.com.tw/focus/1240537 駭客掃瞄網路Docker植入挖礦程式，還修改設定、留下後門 https://ithome.com.tw/news/134470 盤點近幾年勒索病毒使用過的工具和漏洞 https://www.chainnews.com/zh-hant/articles/528492522935.htm 美國綜合醫院Great Plains Health遭勒索軟體攻擊 https://ithome.com.tw/news/134474 惡意挖礦程式防禦指南 https://cert.tanet.edu.tw/prog/opendoc.php?id=2019112705112323343922970986739.pdf Trickbot Updates Password Grabber Module https://unit42.paloaltonetworks.com/trickbot-updates-password-grabber-module/ TrickBot Trojan Getting Ready to Steal OpenSSH and OpenVPN Keys https://www.bleepingcomputer.com/news/security/trickbot-trojan-getting-ready-to-steal-openssh-and-openvpn-keys/ Evaluating Open Source Malware Sandboxes with Linux Malware https://pdfs.semanticscholar.org/a0c5/f13e0313011b771b80fcc2346af73a127895.pdf 2019-11-21 - DATA DUMP: EMOTET EPOCH 3 INFECTION WITH TRICKBOT GTAG MOR49 AND SPAMBOT TRAFFIC https://www.malware-traffic-analysis.net/2019/11/21/index.html Emsisoft releases a new decryptor for Hakbit ransomware https://blog.emsisoft.com/en/34716/emsisoft-releases-a-new-decryptor-for-hakbit-ransomware/ Official Monero website is hacked to deliver currency-stealing malware https://arstechnica.com/information-technology/2019/11/official-monero-website-is-hacked-to-deliver-currency-stealing-malware/ Malware creators producing more dangers to mac-OS https://www.ehackingnews.com/2019/11/malware-creators-producing-more-dangers.html THE LAZARUS’ GAZE TO THE WORLD: WHAT IS BEHIND THE SECOND STONE https://blog.telsy.com/the-lazarus-gaze-to-the-world-what-is-behind-the-second-stone/ New SectopRAT Trojan creates hidden second desktop to control browser sessions https://www.zdnet.com/article/new-sectoprat-malware-creates-hidden-second-desktop-to-control-browser-sessions/#ftag=RSSbaffb68 New SectopRAT: Remote access malware utilizes second desktop to control browsers https://www.gdatasoftware.com/blog/2019/11/35548-new-sectoprat-remote-access-malware-utilizes-second-desktop-to-control-browsers Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/ NeverQuest Banking Trojan Co-Creator Sentenced to 4 Years https://www.bankinfosecurity.com/neverquest-banking-trojan-co-creator-sentenced-to-4-years-a-13439 Ransomware Attackers Leak Stolen Data https://www.bankinfosecurity.com/ransomware-attackers-leak-stolen-data-a-13438 Microsoft Debunks Dopplepaymer Ransomware Rumors https://www.bankinfosecurity.com/microsoft-debunks-dopplepaymer-ransomware-rumors-a-13427 Ransomware Analysis: 'Shade' Surges; Other Trends Emerge https://www.bankinfosecurity.com/ransomware-analysis-shade-surges-other-trends-emerge-a-13424 Microsoft Debunks Dopplepaymer Ransomware Rumors https://www.bankinfosecurity.asia/microsoft-debunks-dopplepaymer-ransomware-rumors-a-13427 LOCAL GOVERNMENTS: RANSOMWARE ATTACK’S HOTTEST TARGET https://blog.eccouncil.org/local-governments-ransomware-attacks-hottest-target/ Threat Spotlight: Government Ransomware Attacks https://blog.barracuda.com/2019/08/28/threat-spotlight-government-ransomware-attacks/ Livingston School District in New Jersey Hit With Ransomware https://www.bleepingcomputer.com/news/security/livingston-school-district-in-new-jersey-hit-with-ransomware/#.XdtwBP6EUag.twitter FTCODE Ransomware IOC https://pastebin.com/eQU3q70z Clop Ransomware Tries to Disable Windows Defender, Malwarebytes https://www.bleepingcomputer.com/news/security/clop-ransomware-tries-to-disable-windows-defender-malwarebytes/ Attackers Demand $14 Million Ransom From IT Services Firm https://www.bankinfosecurity.com/attackers-demand-14-million-ransom-from-services-firm-a-13444 Malware Found Hiding in Fake Income Tax Department Emails, CERT-in Warns https://dailystockdish.com/malware-found-hiding-in-fake-income-tax-department-emails-cert-in-warns/ Microsoft says new Dexphot malware infected more than 80,000 computers https://www.zdnet.com/article/microsoft-says-new-dexphot-malware-infected-more-than-80000-computers/#ftag=RSSbaffb68 Insights from one year of tracking a polymorphic threat http://bit.ly/37IRfT9 Ginp, malware para Android con bancos españoles como objetivo https://blog.segu-info.com.ar/2019/11/ginp-malware-para-android-con-bancos.html Un peligroso troyano suplanta las ‘apps’ de siete bancos españoles en Android https://elpais.com/tecnologia/2019/11/22/actualidad/1574435744_271497.html Stantinko botnet adds cryptomining to its pool of criminal activities https://www.welivesecurity.com/2019/11/26/stantinko-botnet-adds-cryptomining-criminal-activities/ Stantinko Botnet nun mit Coinminer ausgestattet https://www.welivesecurity.com/deutsch/2019/11/26/stantinko-botnet-coinminer/ 2019-11-27 - EMOTET EPOCH 3 INFECTED WINDOWS CLIENT AS SPAMBOT https://www.malware-traffic-analysis.net/2019/11/27/index2.html Restaurant Chain: Malware Infected PoS Devices https://www.bankinfosecurity.com/restaurant-chain-malware-infected-pos-devices-a-13449 Dtrack: In-depth analysis of APT on a nuclear power plant https://www.cyberbit.com/blog/endpoint-security/dtrack-apt-malware-found-in-nuclear-power-plant/ New Ginp banking malware targets credit/debit card information via screen overlay https://mybrandbook.co.in/redirect.php?p=10738 CRYPSPORT Ransomware Information https://success.trendmicro.com/solution/000155798-GOSPORT-Ransomware-Information Double Loaded Zip File Delivers Nanocore https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/double-loaded-zip-file-delivers-nanocore/ B.行動安全 / iPhone / Android /穿戴裝置 /App 澳門下月起「手機實名制」　警擴權可隱藏身分秘密執法 https://tw.appledaily.com/new/realtime/20191121/1666875/ CheckPoint：大量熱門Android程式仍存有已修補的安全漏洞 https://ithome.com.tw/news/134366 WhatsApp 屢傳資安問題，還是商業溝通的首選嗎？Telegram：它永遠都不會安全 https://www.kocpc.com.tw/archives/293653 Apple 決定更改 iOS 14 的開發方式！因 iOS 13 Bugs 太多 http://bit.ly/33a7NzS 為了不再內建Google Maps花數十億美元 蘋果：我們能創造更好的 http://bit.ly/34hzXds 「兩步驟驗證」出現漏洞？Twitter 取消簡訊驗證方案 https://3c.ltn.com.tw/news/38732 英國政府推特轉發「超鹹濕色情片 」 發言人急澄清 https://www.chinatimes.com/realtimenews/20191126003358-260402?chdtv Facebook 承認曾開發容貌辨識 App 予內部測試 https://unwire.pro/2019/11/26/facebook-confirms-facial-recognition-app/news/ 臉書封鎖以色列駭客公司NSO Group員工的私人帳號，被告了 https://www.ithome.com.tw/news/134447 惡意 SDK 洩露用戶 Facebook 、 Twitter 帳戶資料 http://bit.ly/34rsF7k WhatsApp是如何被利用來監控異見人士的 https://theinitium.com/article/20191127-opinion-cyber-security-whatsapp/ 果粉小心 Apple ID 遭駭！手機收到帳單異常簡訊恐藏詐騙陷阱 https://3c.ltn.com.tw/news/38750 當心！異常簡訊藏個資洩漏陷阱 點下去Apple ID恐遭駭 https://money.udn.com/money/story/5621/4193279 果粉注意！資安廠示警：留意釣魚簡訊、當心Apple ID被駭 https://www.ettoday.net/news/20191128/1590134.htm 通訊安全知多少? 抗爭前線的安全觀念不能少 https://lab.ocf.tw/2019/11/21/column/ 華為「天價156萬」懸賞黑客，尋找鴻蒙系統漏洞，已經開始滲透 https://kknews.cc/tech/naakkv2.html 臉書驚傳大當機「完全沒有畫面」 http://bit.ly/2ORmAdL 25 歲香港女工程師多次拆解 App 編碼 FB．IG 高層都要 follow 做粉絲 http://bit.ly/37L8Ycw Smartphone maker OnePlus discloses data breach https://www.zdnet.com/article/smartphone-maker-oneplus-discloses-data-breach/#ftag=RSSbaffb68 Twitter will finally let users disable SMS as default 2FA method https://www.zdnet.com/article/twitter-will-finally-let-users-disable-sms-as-default-2fa-method/#ftag=RSSbaffb68 India puts WhatsApp's impending payments service on ice due to data localisation fracas https://www.zdnet.com/article/india-puts-whatsapps-impending-payments-service-on-ice-due-to-data-localisation-fracas/#ftag=RSSbaffb68 Two third-party SDKs allowed secret harvesting of Twitter and Facebook user data https://www.zdnet.com/article/two-third-party-sdks-allowed-secret-harvesting-of-twitter-and-facebook-user-data/#ftag=RSSbaffb68 C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件 資安攻防搶旗賽 台灣隊獲第3 http://bit.ly/34mzAi8 台灣首次量子加密通訊測試 宣告加入「量子復仇者」 https://udn.com/news/story/7314/4188487?from=udn-catebreaknews_ch2 面對量子電腦時代 清大教授成功研發量子加密技術 https://www.rti.org.tw/news/view/id/2042848 多家資安業者與非營利組織聯手抵制跟蹤軟體 https://ithome.com.tw/news/134367 11/28(五)黑色星期五?為何不是 13 號的星期五也叫可以是黑色 https://blog.trendmicro.com.tw/?p=62789 Google揭露多個由政府資助的攻擊與虛假訊息行動 https://ithome.com.tw/news/134445 駭客盜用臉書私訊工程師誤陷中獎圈套遭騙500 http://bit.ly/33lg7gs 利用系統漏洞盜竊賬戶資金重慶警方搗毀跨省黑客團伙 https://www.chinanews.com/sh/2019/11-27/9018180.shtml 利用系統漏洞盜竊賬戶資金 http://www.xinhuanet.com/local/2019-11/27/c_1125278036.htm 研究人員假冒美國鎮長取得.gov網址 https://www.ithome.com.tw/news/134478 新型態爬蟲惡意攻擊來襲，企業該如何成功抵禦 https://buzzorange.com/techorange/2019/11/28/zerone-akamai/ 玩交友軟體遇「當過兵熟女」！他一句話揭「駭客入侵」真相 https://www.setn.com/news.aspx?NewsID=642190 比利時代表團訪陸 遭密集網攻 http://bit.ly/2rvdzif 比利時訪華團遭黑客密集網攻 更多細節曝光 http://www.epochtimes.com/b5/19/11/24/n11677893.htm 比利時經貿團訪問北京上海 傳遭網攻每小時135次 http://m.secretchina.com/news/b5/2019/11/24/914579.html 資安人才斷層 數位安全職缺達407萬 http://bit.ly/2qJnjW6 台灣資安人才庫小而美 國際大廠也認證 https://www.cna.com.tw/news/ait/201911240190.aspx BSI揭露2019下半年最新國際資安動態，資安與隱私保護成全球企業永續經營評比要點 https://www.ithome.com.tw/news/134466 資安疑慮未消 美陸軍學員穿制服不准玩抖音 https://www.cna.com.tw/news/aopl/201911230054.aspx 美陸軍禁軍人影像上傳抖音 我國軍暫未設防 https://udn.com/news/story/10930/4184292 優秀俄國通！希爾嚴肅務實、注重細節、凡事警戒 http://bit.ly/34ipoXU 間諜爆中建20萬假帳號滲台　資安專家：恐怕不只 https://www.setn.com/News.aspx?NewsID=641508 中20萬假帳號滲台 專家：恐怕不只 http://bit.ly/34dAkWI 共諜是逃逸詐欺犯？王丹：中共說法不足信 http://www.epochtimes.com/b5/19/11/24/n11677194.htm 【共諜滲透】王立強接受澳洲節目專訪　重申參與滲透 https://tw.news.appledaily.com/politics/realtime/20191125/1668312/ 共諜爆中國介入台灣選舉 溫朗東：可信的理由有3點 https://news.ltn.com.tw/news/politics/breakingnews/2987715 上海公安指「中國特工」王立強是詐騙犯　韓國瑜酸民進黨：這次不是塞一棟房子給我 https://www.storm.mg/article/1984225 24歲當上特工「鬼扯淡」10漏洞可疑 陳虎門：沒可能跨台港澳做諜報 https://tw.appledaily.com/highlight/20191125/4RACBNC5YJSOELAD4MPAS62EUI/ 年僅26歲竟參與橫跨台、港、澳洲諜報工作？ 這個「中國間諜」涉冒認國安 騙澳洲人辛束460萬 http://bit.ly/2D9GJX0 王立強共諜案　情報老幹部批王立強吹牛 http://www.bcc.com.tw/newsView.3780500 「共諜案」漏洞百出 台當局操弄假間諜案遭打臉 https://news.sina.com.tw/article/20191125/33435870.html 「網路作戰多為年輕人」　國安人士：翁衍慶稱王立強乳臭味乾　理解顯然有落差 https://www.ettoday.net/news/20191125/1587579.htm 五毛與他們的產地！共諜案抖出「軍委情報局」大揭密 https://www.setn.com/News.aspx?NewsID=642305 統促染紅全台30宮廟？傳利用財務漏洞恐淪中資洗錢據點 https://www.setn.com/news.aspx?NewsID=642104 盤旋在中亞上空的陰影-黃金雕（APT-C-34）組織攻擊活動揭露 http://blogs.360.cn/post/APT-C-34_Golden_Falcon.html 攻擊事件大幅增加！芬蘭透過網路模擬預防駭客以比特幣勒索軟體 https://news.knowing.asia/news/b4994437-200e-4ac6-9b50-db86479d6297 菲國爆國安危機！電力設備採「華為」技術　中國可遠端斷電 https://www.setn.com/News.aspx?NewsID=642675 美陸軍BCT資安、電磁通訊專才缺很大 http://bit.ly/2XUMrpd 美驗證「前進防禦」網路戰略 制敵機先 https://www.ydn.com.tw/News/361971 美國安顧問：華為就像是特洛伊木馬 德國應該把它燒掉 https://ec.ltn.com.tw/article/breakingnews/2991960 西班牙國防部禁用華為設備　華為「我們最重視資安」 https://tw.appledaily.com/gadget/20191129/M42XTLNRVXFUTZ7DF5ZYS2KE2U/ 捷克情報局發布報告 點名俄中間諜活動構成威脅 https://www.cna.com.tw/news/aopl/201911260354.aspx 捷情報安全局：中共和俄羅斯對捷克安全構成威脅 https://www.soundofhope.org/post/316859?lang=b5 中俄間諜最猖獗 捷克情報局發布報告披露 https://www.secretchina.com/news/b5/2019/11/28/914903.html 2億監視器注視14億人！侵犯隱私無孔不入，但人們說「攝像頭使我感到安全」 https://www.storm.mg/article/2002352 How Cybersecurity Helps Build a Digital India https://www.bankinfosecurity.in/how-cybersecurity-helps-build-digital-india-a-13437 Extensive hacking operation discovered in Kazakhstan https://www.zdnet.com/article/extensive-hacking-operation-discovered-in-kazakhstan/#ftag=RSSbaffb68 Defecting Chinese spy offers information trove to Australian government https://www.theage.com.au/national/defecting-chinese-spy-offers-information-trove-to-australian-government-20191122-p53d1l.html Microsoft Moves Toward DNS Over HTTPS https://www.bankinfosecurity.com/microsoft-moves-toward-dns-over-https-a-13421 Renewed calls for dedicated Australian cyber minister and cyber leadership https://www.zdnet.com/article/renewed-calls-for-dedicated-australian-cyber-minister-and-cyber-leadership/#ftag=RSSbaffb68 The RIPE NCC has run out of IPv4 Addresses https://www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addresses A hacking group is hijacking Docker systems with exposed API endpoints https://www.zdnet.com/article/a-hacking-group-is-hijacking-docker-systems-with-exposed-api-endpoints/#ftag=RSSbaffb68 Exploit kits are slowly migrating toward fileless attacks https://www.zdnet.com/article/exploit-kits-are-slowly-migrating-toward-fileless-attacks/#ftag=RSSbaffb68 In just three months, Google sent 12k warnings about government-backed attacks https://www.zdnet.com/article/in-just-three-months-google-sent-12k-warnings-about-government-backed-attacks/#ftag=RSSbaffb68 Cybercriminals primarily targeting e-commerce apparel sites:Kaspersky https://www.aninews.in/news/tech/internet/cybercriminals-primarily-targeting-e-commerce-apparel-sites-kaspersky20191126233314/ Latest Kali Linux OS Added Windows-Style Undercover Theme for Hackers https://thehackernews.com/2019/11/kali-linux-undercover-mode.html Hacker stole unreleased music and then tried to frame someone else https://www.zdnet.com/article/hacker-stole-unreleased-music-and-then-tried-to-frame-someone-else/#ftag=RSSbaffb68 Watchdog Finds DOE Falling Short on Cybersecurity https://www.bankinfosecurity.com/watchdog-finds-doe-falling-short-on-cybersecurity-a-13450 The Security Interviews: Do cyber weapons need a Geneva Convention https://www.computerweekly.com/news/252474516/The-Security-Interviews-Do-cyber-weapons-need-a-Geneva-Convention Hotel front desks are now a hotbed for hackers https://www.zdnet.com/article/hotel-front-desks-are-now-a-hot-target-for-hackers/ A decade of hacking: The most notable cyber-security events of the 2010s https://www.zdnet.com/article/a-decade-of-hacking-the-most-notable-cyber-security-events-of-the-2010s/#ftag=RSSbaffb68 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 資安做半套？Disney +傳重大BUG　千名用戶帳號遭駭 https://www.ctwant.com/article/15268 美國電信大廠T-Mobile遭駭客入侵！　超過百萬用戶個資外洩 https://www.ettoday.net/news/20191125/1587620.htm OnePlus 網站兩年內第二度外洩用戶個人資料 https://chinese.engadget.com/2019/11/24/oneplus-data-breach/ OnePlus手機用戶個資外洩！　官方證實遭駭...兩年內第二度爆發資安問題 https://www.ettoday.net/news/20191125/1587381.htm 中國手機製造商OnePlus再傳客戶資料外洩 https://www.ithome.com.tw/news/134410 OnePlus使用者資料再度外洩 恐面臨網路釣魚風險 https://www.chinatimes.com/realtimenews/20191125003228-260412?chdtv 中國如何利用假消息影響台灣選舉 https://www.youtube.com/watch?v=7FHgoNgU4d0&feature= 習慣用臉書、推特帳號註冊其他App的用戶注意了！個資恐遭不正當存取 https://www.ettoday.net/news/20191126/1588234.htm 臉書註冊其他App！當心個資大外洩 http://bit.ly/2rtJjVi 兩支 Android App 使用 Facebook、Twitter 登入機制竊取數百名用戶個資 https://www.twcert.org.tw/tw/cp-104-3098-f58a6-1.html 購物季來了，小心激增的網釣與詐騙網站 https://www.ithome.com.tw/news/134450 近年常見 3 大進階釣魚詐騙手法，企業的郵件安全跟緊節奏了嗎 https://www.openfind.com.tw/taiwan/markettrend_detail.php?news_id=24576 個資恐遭盜用 登機證別印了 http://bit.ly/2qEhCJj 保良局陳守仁小學收生資料外泄　校方已報警及加強網絡防火牆 http://bit.ly/2OqJ5XN 陳守仁小學資料庫疑被入侵　學生出生年月及住址外洩 https://hk.on.cc/hk/bkn/cnt/news/20191127/bkn-20191127213806283-1127_00822_001.html 史上最大級資料外洩事件，12億人個資未經保護對外曝光 https://www.twcert.org.tw/tw/cp-104-3096-9b0ac-1.html Facebook 與 Twitter 警告部分用家資料因惡意軟件被不當取閱 https://unwire.pro/2019/11/28/facebook-and-twitter-says-users-gave-improper-access-to-personal-data/security/ 洩漏大量個資！智慧型兒童手錶存安全隱患 https://news.knowing.asia/news/065da708-95a4-4d88-9c75-e6cec1949135 廉價兒童智慧手錶洩漏超過 5000 筆兒童資訊，攻擊者還能以父母身分去電與之對話 https://www.kocpc.com.tw/archives/294412 台日聯手詐騙中國人　跨國犯罪恐成治安漏洞 https://www.mirrormedia.mg/story/20191128soc005 台詐欺犯赴日騙陸人！「日本山口組」背後疑暗中協助　邀台嫌求幫「教育訓練」 https://www.ettoday.net/news/20191128/1590428.htm 釣魚郵件換成簡訊捲土重來　資安專家提醒三原則遠離詐騙 https://newtalk.tw/news/view/2019-11-28/333168 黑色星期五將至，線上購物小心假商城App，美國前10大購物網站有超過6,000個假分身 https://ithome.com.tw/news/134493 慶祝LINE滿8歲、8種貼圖免費抽？　當心個資遭詐騙 https://www.ctwant.com/article/15977 網路釣魚以 Microsoft 用戶為大宗,其次為 PayPal、DHL 和 Dropbox https://blog.trendmicro.com.tw/?p=62601 「黑色星期五」與「黑色星期五」有何不同 https://www.setn.com/news.aspx?NewsID=644602 「飯店復仇者」鎖定飯店PoS竊取客戶信用卡個資 https://www.ithome.com.tw/news/134508 歐洲最大級飯店訂房系統公司近 1TB 旅客資料於網路曝光 https://www.twcert.org.tw/tw/cp-104-3089-ffd48-1.html November shopping – do it the smart way https://blog.checkpoint.com/2019/11/26/november-shopping-do-it-the-smart-way/ Security lapse exposes personal data of 6,500 Singapore accountants https://www.zdnet.com/article/security-lapse-exposes-personal-data-of-6500-singapore-accountants/#ftag=RSSbaffb68 Data Enrichment, People Data Labs and Another 622M Email Addresses https://www.troyhunt.com/data-enrichment-people-data-labs-and-another-622m-email-addresses/ T-Mobile discloses security breach impacting prepaid customers https://www.zdnet.com/article/t-mobile-discloses-security-breach-impacting-prepaid-customers/ T-Mobile https://www.t-mobile.com/customers/6305378822 Macys.com checkout page hacked; customers advised to be vigilant of fraud http://bit.ly/2QPKlWh Unsecured Server Exposed Records of 1.2 Billion: Researchers https://www.bankinfosecurity.com/unsecured-server-exposed-records-12-billion-researchers-a-13441 Target Sues Insurer Over 2013 Data Breach Costs https://www.bankinfosecurity.com/target-sues-insurer-over-2013-data-breach-costs-a-13435 PayMyTab Exposes Restaurant Customer Data: Report https://www.bankinfosecurity.com/paymytab-exposes-restaurant-customer-data-report-a-13425 1.2 Billion Records Found Exposed Online in a Single Server https://www.wired.com/story/billion-records-exposed-online/ Personal And Social Information Of 1.2 Billion People Discovered In Massive Data Leak https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/ Cheap kids smartwatch exposes the location of 5,000+ children https://www.zdnet.com/article/cheap-kids-smartwatch-exposes-the-location-of-5000-children/#ftag=RSSbaffb68 Estafa: cuidado con las promociones falsas de hamburguesas en Facebook http://www.agenciafe.com/nota/315776-Estafa-cuidado-con-las-promociones-falsas-de-hamburguesas-en-Facebook Mimecast threat intelligence report analyzes 99 billion rejected emails https://securitynewsdesk.com/mimecast-threat-intelligence-report/ Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains https://krebsonsecurity.com/2019/11/sale-of-4-million-stolen-cards-tied-to-breaches-at-4-restaurant-chains/ The lure of PSD2 https://www.anomali.com/blog/the-lure-of-psd2 クッキー情報での個人特定防止へ　利用者同意義務付け https://www.nikkei.com/article/DGXMZO52674070X21C19A1MM8000/ Same Phishing Risks Faced By Start-Ups and Big Corporations https://www.ehackingnews.com/2019/11/same-phishing-risks-faced-by-start-ups.html CERT-In Issues Advisory for OnePlus Data Breach https://www.bankinfosecurity.in/cert-in-issues-advisory-for-oneplus-data-breach-a-13454 Tackling Vietnam’s online fraud rates https://www.bobsguide.com/guide/news/2019/Nov/28/tackling-vietnams-online-fraud-rates/ Singapore government pledges to improve data security with new measures https://www.zdnet.com/article/singapore-government-pledges-to-improve-data-security-with-new-measures/#ftag=RSSbaffb68 Palo Alto Networks hit by major data breach https://www.techradar.com/news/palo-alto-networks-hit-by-major-data-breach Facebook Breach Victims Can Sue For 'Reasonable' Security https://www.bankinfosecurity.eu/facebook-breach-victims-sue-for-reasonable-security-a-13455 E.研究報告 jQuery 模擬網頁檔案上傳 https://blog.darkthread.net/blog/jquery-simulate-file-upload/ 收藏吧！學習安裝黑Apple的11個網站 http://bit.ly/2qHbgZB WebLogic EJBTaglibDescriptor XXE漏洞(CVE-2019-2888)分析 https://www.freebuf.com/vuls/218565.html WebLogic 反序列化漏洞(CVE-2019-2890)分析 https://paper.seebug.org/1069/ 通過RDP反向攻擊mstsc https://paper.seebug.org/1074/ 針對製藥行業及政企的黑客組織最新攻擊活動深度分析 https://paper.seebug.org/1073/ 只是想學習外語，卻被拿了system shell https://paper.seebug.org/1070/ WebShell文件上傳漏洞靶場第一關 https://www.77169.net/html/246188.html 騰訊安全：弱口令密碼再遭爆破新型木馬瞄準企業SQL數據庫下手 http://news.cnw.com.cn/news-china/htm2019/20191125_325073.shtml 勒索軟件“變形術”升級大規模垃圾郵件瞄準銀行 http://bit.ly/33hQixN gRPC 服務使用指定 IP 做為端點的疑難排解 https://dotblogs.com.tw/supershowwei/2019/11/25/090233 迄今爲止最嚴重的容器逃逸漏洞：Docker cp 命令漏洞分析（CVE-2019-14271） https://www.chainnews.com/zh-hant/articles/988030951825.htm 在Linux 容器中對php-fpm緩衝區溢出漏洞的複現分析（ CVE-2019-11043 ） https://www.4hou.com/vulnerable/21591.html Flan Scan：Cloudflare開源輕量級網絡漏洞掃描軟件 https://www.freebuf.com/column/221087.html CVE-2019-14271：Docker copy漏洞分析 https://xz.aliyun.com/t/6806 在 Linux 容器中對 php-fpm 緩衝區溢出漏洞的復現分析 （ CVE-2019-11043 ） https://www.chainnews.com/zh-hant/articles/369248184808.htm 網站安全之用戶信息洩露漏洞案例分享 http://blog.itpub.net/31542418/viewspace-2665988/ 無人機的資安威脅與傳輸協議》背後操控者只有一個人 https://secbuzzer.co/post/145 看我如何用一美分購買VPS服務和網站空間 https://www.freebuf.com/vuls/220623.html 漏洞驗證和利用代碼編寫指南 https://mlog.club/article/1950878 CVE-2019-17671：如何查看WordPress未授權文章 https://www.freebuf.com/vuls/218876.html PHP與JAVA之XXE漏洞詳解與審計 https://xz.aliyun.com/t/6829 個案分析-假冒寄件者回信之網路釣魚攻擊事件分析報告_10811 https://cert.tanet.edu.tw/prog/opendoc.php?id=20191122031110101466188805578.pdf マルウエア Emotet の感染活動について https://www.jpcert.or.jp/newsflash/2019112701.html 攻撃グループBlackTechが使うダウンローダIconDown https://blogs.jpcert.or.jp/ja/2019/10/IconDown.html OSINT Investigations on TikTok https://www.secjuice.com/osint-investigations-on-tiktok/ Spam and phishing in Q3 2019 https://securelist.com/spam-report-q3-2019/95177/ Impersonating JA3 Fingerprints https://medium.com/cu-cyber/impersonating-ja3-fingerprints-b9f555880e42 Google CTF 2019 Finals solutions https://github.com/google/google-ctf/blob/master/2019/finals/solutions.pdf Cross-site scripting (XSS) cheat sheet https://paper.seebug.org/1077/ SATURN Software deobfuscation framework based on LLVM https://blog.zimperium.com/saturn-software-deobfuscation-framework-based-on-llvm/ fboldewin/COM-Code-Helper https://github.com/fboldewin/COM-Code-Helper/ SQL Injection Payload List https://amp.kitploit.com/2019/11/sql-injection-payload-list.html DDoor - cross platform backdoor using dns txt records https://github.com/rek7/ddoor Ghidra Dev Series https://reversing.technology/ The Internals of AppLocker - Part 1 - Overview and Setup https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-1.html The Internals of AppLocker - Part 2 - Blocking Process Creation https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-2.html The Internals of AppLocker - Part 3 - Access Tokens and Access Checking https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-3.html The Internals of AppLocker - Part 4 - Blocking DLL Loading https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-4.html Uncommon SQL Database Alert - Informix SQL Injection https://labs.f-secure.com/blog/uncommon-sql-database-alert-informix-sql-injection Bug Hunting in Synology NAS http://powerofcommunity.net/poc2019/Qian.pdf Exploiting IOSurface 0 http://powerofcommunity.net/poc2019/Liang.pdf Safari Adventure:A Dive into Apple Browser Internals http://powerofcommunity.net/poc2019/Zhiyang.pdf Building Fast Fuzzers https://arxiv.org/pdf/1911.07707.pdf A Practical Introduction to the Code Analysis Platform Joern https://fabs.codeminers.org/talks/2019-joern.pdf CVE-2019–12757: Local Privilege Escalation in Symantec Endpoint Protection https://posts.specterops.io/cve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6 Extracting cipher key from WhatsApp on Android >= 7 without root https://plainsec.org/extracting-cipher-key-from-whatsapp-on-android-7-and-greater-without-root/ How can I encrypt with a RSA private key in python https://stackoverflow.com/questions/51228645/how-can-i-encrypt-with-a-rsa-private-key-in-python Getting Malicious Office Documents to Fire with Protected View Enabled https://medium.com/@curtbraz/getting-malicious-office-documents-to-fire-with-protected-view-4de18668c386 APT_CyberCriminal_Campagin_Collections https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections init.engineer https://github.com/init-engineer/init.engineer Anti-virus Exploitation: Local Privilege Escalation in K7 Security (CVE-2019-16897) https://0x00sec.org/t/anti-virus-exploitation-local-privilege-escalation-in-k7-security-cve-2019-16897/17655 How to check DDOS attack with command-line on Linux https://meterpreter.org/how-to-check-ddos-attack-with-command-line-on-linux/amp/ 卡巴斯基產品有漏洞，恐遭其他網站關閉防護功能，官方連修三次 https://ithome.com.tw/news/134442 Kaspersky online protection API left open to abuse by websites https://www.zdnet.com/article/kaspersky-online-protection-api-left-open-and-ripe-for-abuse-by-websites/#ftag=RSSbaffb68 Kaspersky: The art of keeping your keys under the door mat https://palant.de/2019/11/25/kaspersky-the-art-of-keeping-your-keys-under-the-door-mat/ Internal Kaspersky API exposed to websites https://palant.de/2019/11/26/internal-kaspersky-api-exposed-to-websites/ ctftraining https://hub.docker.com/u/ctftraining InfoSec Black Friday Deals 2019 https://github.com/CyberMonitor/InfoSec-Black-Friday BullsEye0/google_dork_list https://github.com/BullsEye0/google_dork_list Know your Resources, be your Knowledge https://malwareanalysis.co/ Product Warning! Chinese children’s watch reveals thousands of children’s data https://www.iot-tests.org/2019/11/product-warning-chinese-childrens-watch-reveals-thousands-of-childrens-data/ F.商業 Google 大手筆推出 Pixel 漏洞賞金計畫，最高獎金 150 萬美元 https://technews.tw/2019/11/22/google-pixel-bug-bounty-1-5-million-dollars/ 做好「隨時被駭」準備，App資安先驅果核數位：滴水不漏的資安保護過時了 https://www.bnext.com.tw/article/55625/digicentre-cybersecurity-app SaltStack推SecOps解決方案可自動發現並修復安全漏洞 https://ithome.com.tw/news/134400 思科揪台廠 強攻智慧城市 https://money.udn.com/money/story/5612/4189530 關貿網路推動校園資安--資安意識從小落實 https://www.trade-van.com/news/index.do?act=detail&articleId=876 迎接物聯網時代 資策會推出零距離裝置管理服務 https://www.chinatimes.com/realtimenews/20191127003915-260412?chdtv 思科攜手8大台廠推「智慧城市」，為什麼創新應用示範中心選定落腳桃園 https://www.bnext.com.tw/article/55679/cisco-taoyuan-smartcity 零壹攜手Akamai共推360度資安防護 全方位抵禦駭客威脅 https://www.zerone.com.tw/Content/Product/CBCABE42C4188833 德明科大資科系與數聯資安公　簽訂實習備忘錄 https://news.sina.com.tw/article/20191129/33488348.html 趨勢強攻軟體定義運算工作負載防護 市占率第一 https://money.udn.com/money/story/5613/4194719 Industrial Threat Detector, ITD工控安全威脅偵測設備 https://www.iii.org.tw/Product/TechLensDtl.aspx?tp_sqno=t2vJaO%2FvNBeeQTGZyDcp%2FQ__&fm_sqno=72 Edge vs. Chrome: Microsoft's Tracking Prevention hits Google the hardest https://www.zdnet.com/article/with-its-new-edge-browser-microsoft-takes-dead-aim-at-google/#ftag=RSSbaffb68 DocuSign: How it plans to expand from e-signature to digital transformation engine, agreement cloud https://zd.net/2OcwNlL Expanding the Android Security Rewards Program https://security.googleblog.com/2019/11/expanding-android-security-rewards.html Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software https://thehackernews.com/2019/11/vnc-remote-software-hacking.html Buguroo raises $11 million to detect banking fraud with deep learning and behavioral biometrics https://venturebeat.com/2019/11/26/buguroo-raises-11-million-to-detect-banking-fraud-with-deep-learning-and-behavioral-biometrics/ G.政府 調查局長呂文忠：國安問題進階至假訊息滲透 https://udn.com/news/story/7321/4181820 財政資訊中心培養資安自主人力，解決過度委外所面臨的風險問題 https://ithome.com.tw/news/134370 民進黨莫一意孤行！30個民團籲「晶片身分證」33億印製案應暫停結標 https://www.coolloud.org.tw/node/93726 民進黨推反滲透法草案 29日逕付二讀 http://www.epochtimes.com/b5/19/11/24/n11677196.htm 稅式支出報告未落實 藏漏洞 https://money.udn.com/money/story/6710/4185332 陸資買大同恐成國安漏洞？ 金管會重啟調查 https://udn.com/news/story/7238/4185922 資安就是國安，資策會協助台灣科技製造業外銷，建立國際級資安防護 https://www.inside.com.tw/article/18205-iiiorg2019-info-secure 經濟部水利署109年度數位管理系統-表單及差勤資安強化計畫 https://www.wra.gov.tw/6950/6951/7215/7216/429520/ 中國大陸滲透台灣選戰？　柯文哲：每天只喊賊來了沒有用 https://www.nownews.com/news/20191125/3777360/ 空軍嵩山雷達站反制無人機入侵 槍械硬殺擊落 https://udn.com/news/story/10930/4188050 張善政：官民合作才能抗對岸網軍 https://www.chinatimes.com/realtimenews/20191127001768-260407?chdtv 張善政：資安不能與國際脫軌 兩岸資安戰無一日平靜 https://udn.com/news/story/6656/4189927 攜手國際組織提升資安聯防！立委許毓仁促成CSCIS亞太總部落地台灣 http://bit.ly/2KZodVD 資安組織落地台灣 張善政：強化人力編制 https://anntw.com/articles/20191127-1xH8 有話好說 20191128 明年換數位身分證！資安疑慮？隱私保障 http://bit.ly/2Dn5gIf 批民進黨傲慢 徐永明：反滲透法只做半套 https://udn.com/news/story/6656/4194811 政府機關資安弱點通報機制 推廣說明會_機關分享 勞動部分享 http://bit.ly/2XYTFs4 政府機關資安弱點通報機制推動規劃 http://bit.ly/2L5GZul 政府機關資安弱點通報機制 推廣說明會_機關分享 交通部分享 http://bit.ly/2P0WGEy H.ICS/SCADA 工控系統 Siemens Polarion webclient 跨站脚本漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13935 I.教育訓練 CEH vs. CompTIA PenTest+: Thoughts from a Penetration Tester http://bit.ly/2XBRJWw 邁向 Linux 工程師之路：Superuser 一定要懂的技術與運用, 2/e (How Linux Works: What Every Superuser Should Know, 2/e) https://www.tenlong.com.tw/products/9789864344383 進入駭客的思考領域 — 從 DEVCORE CONF 學駭客思維 https://medium.com/starbugs/learn-hacker-thinking-b6bb4f189e3a J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 台灣藝人錯誤示範！一邊吃麵「試驗」自動駕駛 http://bit.ly/2OfZ0IA 有效的 IoT 資安該從何著手 https://blog.trendmicro.com.tw/?p=62594 No stars for Australia's missing IoT cyber stars https://www.zdnet.com/article/no-stars-for-australias-missing-iot-cyber-stars/#ftag=RSSbaffb68 IoT Security: 20 Years Behind Enterprise Computing https://www.bankinfosecurity.asia/interviews/iot-security-20-years-behind-enterprise-computing-i-4516 Finns Label Cyber-Secure IoT Devices https://www.infosecurity-magazine.com/news/finns-label-cybersecure-iot-devices/ 6.近期資安活動及研討會 交通大學亥客書院-B015:惡意程式檢測 11/30 https://hackercollege.nctu.edu.tw/?p=1098 亞洲‧矽谷學院108年免費認證考試 11/30 https://college.asvda.org.tw/ Docker 容器技術實作(201911) 11/30 https://buy.techbang.com/products/97b497fb?from=home_news The Dungeons of Hackers Conference 2019 - 駭客的地下城 11/30 https://tdohackerparty.kktix.cc/events/tdoh-conf-2019 5G x AI資安關鍵技術研討會　Cybersecurity 5G x AI Workshop 12/2 https://ievents.iii.org.tw/EventS.aspx?t=0&id=763 新竹網絡安全日 Cybersecurity Day Hsinchu 108年 邀请函 12/3 https://www.accupass.com/event/1911080348403103587380 Digital Summit Dallas 12/4 https://infosec-conferences.com/events-in-2019/digital-summit-dallas/ Kansas City Cyber Security Conference 12/5 https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/ CyberMaryland Conference 12/5 ~ 12/6 https://infosec-conferences.com/events-in-2019/cybermaryland-conference/ Vue.js 新手村，前端實戰入門 12/7 https://hackersir.kktix.cc/events/20191112vuejs FutureCon Nashville Cyber Security Conference 12/11 https://infosec-conferences.com/events-in-2019/futurecon-nashville/ 「Log管理 x 營業秘密」研討會 12/11 https://www.accupass.com/event/1911110922137590408650 Utility Cyber Security Forum December 12/11 https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/ 交通大學亥客書院-A018:企業網域控管－Active Directory攻擊與防禦 12/14 https://hackercollege.nctu.edu.tw/?p=1094 台灣駭客年會 HITCON Winter Training 2019 12/16 https://hitcon.kktix.cc/events/hitcon-winter-training-2019 台灣駭客年會 HITCON Winter Training 2019 - 學生報名 12/16 https://hitcon.kktix.cc/events/hitcon-winter-training-2019-student Japan Security Analyst Conference https://jsac.jpcert.or.jp/ PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23 https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world