資安事件新聞週報 2019/8/12 ~ 2019/8/16

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/8/12 ~ 2019/8/16 1.重大弱點漏洞/後門/Exploit/Zero Day Steam驚爆安全漏洞逾1億玩家恐受影響 https://newtalk.tw/news/view/2019-08-11/284396 托最新藍牙漏洞的“福”，我險些把小電影和賬戶密碼親手給黑客 https://tech.ifeng.com/c/7p8gRStrlcA JVNVU#90240762 Bluetooth BR/EDR での暗号鍵エントロピーのネゴシエーションにおける問題 https://jvn.jp/vu/JVNVU90240762/ 賽門鐵克防毒軟體和Windows SHA-2不相容，微軟暫停更新 https://www.ithome.com.tw/news/132435 Kasper-Spy: Kaspersky Anti-Virus puts users at risk https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html Trend Micro fixes privilege escalation security flaw in Password Manager https://www.zdnet.com/article/trend-micro-fixes-hijack-security-flaw-in-password-manager/#ftag=RSSbaffb68 Trend Micro Password Manager - Privilege Escalation to SYSTEM https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM HTTP/2含有多個服務阻斷漏洞，亞馬遜、臉書、蘋果、微軟全遭殃 https://www.ithome.com.tw/news/132414 8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks https://thehackernews.com/2019/08/http2-dos-vulnerability.html New HTTP/2 Flaws Expose Unpatched Web Servers to DoS Attacks https://www.bleepingcomputer.com/news/security/new-http-2-flaws-expose-unpatched-web-servers-to-dos-attacks/ The cyber risk lurking in your office corner https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/august/the-cyber-risk-lurking-in-your-office-corner/ Adobe security patch update tackles Photoshop, Acrobat, Reader, and more https://www.zdnet.com/article/adobe-security-patch-update-tackles-photoshop-acrobat-reader-and-more/#ftag=RSSbaffb68 Nginx 阻斷服務漏洞 https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html Apache HTTPD 多個漏洞 https://httpd.apache.org/security/vulnerabilities_24.html Apache Tomcat Vulnerabilities Jan-Aug 2018 https://support.symantec.com/us/en/article.SYMSA1463.html SA156: Apache Tomcat Vulnerabilities Apr-Oct 2017 https://support.symantec.com/us/en/article.SYMSA1419.html SA110 : Java Deserialization Vulnerabilities https://support.symantec.com/us/en/article.SYMSA1344.html SA139 : November 2016 NTP Security Vulnerabilities https://support.symantec.com/us/en/article.SYMSA1393.html SA141 : OpenSSL Vulnerabilities 26-Jan-2017 https://support.symantec.com/us/en/article.SYMSA1395.html Google修完漏洞，但網站仍可用檔案系統API偵測出Chrome無痕模式 https://www.ithome.com.tw/news/132385 Spectre變種攻擊再現，SWAPGS漏洞幾乎讓所有Intel主流處理器中標 http://bit.ly/2z98VaB PostgreSQL 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10209 Fortinet FortiOS 資料洩露漏洞 https://fortiguard.com/psirt/FG-IR-18-173 【漏洞預警】Fortigate SSL VPN任意文件讀取（可直接登錄VPN） https://nosec.org/home/detail/2867.html 逾40款硬體驅動程式漏洞可讓駭客在Windows核心執行惡意程式，Intel、Nvidia及多家臺灣廠商上榜 https://www.ithome.com.tw/news/132355 AMD、Intel、NVIDIA 驅動程式發現嚴重漏洞數百萬用戶或面臨惡意軟件提權風險 http://bit.ly/2TqGD4B 20家供應商存在40個內核安全漏洞：包括英特爾、英偉達、華為等 https://finance.sina.cn/stock/relnews/us/2019-08-11/detail-ihytcern0128659.d.html?vt=4&pos=102&cid=76524 Researchers find security flaws in 40 kernel drivers from 20 vendors https://www.zdnet.com/article/researchers-find-security-flaws-in-40-kernel-drivers-from-20-vendors/#ftag=RSSbaffb68 英特爾處理器再出現可竊密的旁路攻擊漏洞SWAPGSAttack　Windows PC應儘速更新 http://bit.ly/33t4KEc SWIFT Alliance Web Platform 7.1.23 CVE-2018-16386 https://nvd.nist.gov/vuln/detail/CVE-2018-16386 Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/ Apple will now pay hackers up to $1 million for reporting vulnerabilities https://thehackernews.com/2019/08/apple-bug-bounty.html BlueKeep Patching Still Spotty Months After Alerts: Report https://www.bankinfosecurity.com/bluekeep-patching-still-spotty-months-after-alerts-report-a-12899 4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered https://thehackernews.com/2019/08/windows-rdp-wormable-flaws.html UPDATE: ACSC confirms potential exploitation of BlueKeep vulnerability https://www.cyber.gov.au/news/update-acsc-confirms-potential-exploitation-bluekeep-vulnerability 研究人員踢爆：微軟忽視RDP漏洞直至察覺它影響Hyper-V https://www.ithome.com.tw/news/132337 微軟警告有2個類似BlueKeep的RDS重大漏洞 https://www.ithome.com.tw/news/132413 微軟本月修補93個安全漏洞，逾20個屬於重大漏洞 https://www.ithome.com.tw/news/132428 微軟發現遠端桌面服務（RDS）新漏洞影響常用視窗版本 https://www.hkcert.org/my_url/zh/blog/19081501 Microsoft 出手：阻止裝有不兼容殺毒軟件的Win7設備更新 https://news.xfastest.com/microsoft/68230/microsoft-8/ Windows XP就存在的CTF協定權限升級漏洞，可造成電腦被接管，用記事本就能攻擊 https://www.ithome.com.tw/news/132438 Google研究人員公佈20歲的Windows CTF協議0 day漏洞 https://www.4hou.com/info/news/19701.html 微軟每月保安更新 (2019年8月) https://www.hkcert.org/my_url/zh/alert/19081401 Security update deployment: August 13, 2019 https://support.microsoft.com/en-us/help/20190813/security-update-deployment Vulnerability in Microsoft CTF protocol goes back to Windows XP https://www.zdnet.com/article/vulnerability-in-microsoft-ctf-protocol-goes-back-to-windows-xp/#ftag=RSSbaffb68 Microsoft Issues Patches for BlueKeep-Like Vulnerabilities https://www.bankinfosecurity.com/microsoft-issues-patches-for-bluekeep-like-vulnerabilities-a-12915 Critical Windows 10 Warning: Millions Of Users At Risk https://www.forbes.com/sites/daveywinder/2019/08/11/critical-windows-10-warning-confirmed-millions-of-users-are-at-risk/ Microsoft warns of two new 'wormable' flaws in Windows Remote Desktop Services https://www.zdnet.com/article/microsoft-warns-of-two-new-wormable-flaws-in-windows-remote-desktop-services/#ftag=RSSbaffb68 Windows 7 SHA-2 Updates Blocked If Symantec, Norton AVs Installed https://www.bleepingcomputer.com/news/microsoft/windows-7-sha-2-updates-blocked-if-symantec-norton-avs-installed/ Microsoft August 2019 Patch Tuesday fixes 93 security bugs https://www.zdnet.com/article/microsoft-august-2019-patch-tuesday-fixes-93-security-bugs/#ftag=RSSbaffb68 August Patch Tuesday: Update Fixes ‘Wormable’ Flaws in Remote Desktop Services, VBScript Gets Disabled by Default http://bit.ly/2KyoleP Down the Rabbit-Hole https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html Debian Security Advisory DSA-4498-1 python-django -- security update https://www.debian.org/security/2019/dsa-4498 SQLite 四年前漏洞未修正　專家指可藉 iPhone 通訊錄盜取資料 http://bit.ly/2MenDW9 SQLite Vulnerability Permits iOS Hack: Report https://www.bankinfosecurity.com/sqlite-vulnerability-permits-ios-hack-report-a-12911 【威脅通告】TortoiseSVN遠程代碼執行漏洞（CVE-2019-14422） http://blog.nsfocus.net/cve-2019-14422/ 谷歌 Project Zero 90 天截止期限：97.5% 的漏洞在披露前修复 https://www.aqniu.com/industry/53180.html 谷歌披露了影響所有Windows版本的20年未修補漏洞 https://thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections https://thehackernews.com/2019/08/bluetooth-knob-vulnerability.html Over 40 Drivers Could Let Hackers Install Persistent Backdoor On Windows PCs https://amp.thehackernews.com/thn/2019/08/windows-driver-vulnerability.html Firefox fixes “master password” security bypass bug https://nakedsecurity.sophos.com/2019/08/15/firefox-fixes-master-password-security-bypass-bug/ Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/ 2.銀行/金融/保險/證券/支付系統/ 新聞及資安金融業聘雇科技人才突破7,600人 https://money.udn.com/money/story/5613/3979758 稱「英國銀行系統出錯」　外送平台遭控欠款 https://news.tvbs.com.tw/life/1181039 中國大陸網貸試點備案落空多家銀行退出存管業務 https://news.sina.com.tw/article/20190725/32083740.html 為純網銀已燒掉上億！樂天攜手IBM建置系統，展現落地決心 http://bit.ly/2KokuAQ 樂天網銀 2020 年第二季上線，將招募 100 人 https://finance.technews.tw/2019/08/02/lotte-online-banking-online-in-2020-q2/ 14家銀行搶開放銀行頭香繳費管理開支一鍵完成 https://udn.com/news/story/7239/3982253 Moneybook 起死回生，當台灣「開放銀行」領頭羊 https://technews.tw/2019/08/10/moneybook-open-bank-bellwether/ 金融業金融科技投資今年總金額將破200億 https://times.hinet.net/news/22502032 邀證券F4協力打造雲端大數據平台 https://www.chinatimes.com/newspapers/20190812000175-260202?chdtv 被迫付現！墨西哥民眾抱怨刷卡失敗 https://ec.ltn.com.tw/article/breakingnews/2881040 墨西哥城數據中心故障匯豐等銀行交易大規模癱瘓 https://www.finet.hk/newscenter/news_content/5d502e3bbde0b3270a21d4a8 墨西哥3家大銀行處理付款系統出問題 http://www.mingpaocanada.com/Tor/htm/News/20190812/thd_r.htm 黃奇帆：整頓P2P，並不等於拒絕網路貸款 https://news.sina.com.tw/article/20190810/32268404.html 因應數位金融央行設研究小組 https://udn.com/news/story/7239/3980306?from=udn-ch1_breaknews-1-cate6-news 銀行帳號很難記？銀行推手機號碼轉帳免手續費優惠 https://money.udn.com/money/story/5613/3985851 Open Banking 進入台灣金融市場！已有 14 家銀行建置 Open API 系統 https://buzzorange.com/techorange/2019/08/12/open-banking-taiwan/ 查獲多項缺失金管會對這兩家壽險公司開罰百萬 https://udn.com/news/story/7239/3986997 忘記備份這個錄音檔元大銀行挨罰200萬 https://www.chinatimes.com/realtimenews/20190813004356-260410?chdtv 調客戶資料發現錄音檔不見元大銀被罰200萬元 https://money.udn.com/money/story/5613/3987033 保險業六缺失金管會盯 https://money.udn.com/money/story/5648/3989758 純網銀掀起臺灣金融法規大鬆綁，開業前還有7大監理最終考驗 https://www.ithome.com.tw/news/132357 P2P平台暗換存管銀行 http://capital.people.com.cn/BIG5/n1/2019/0814/c405954-31293550.html 中P2P又爆證大旗下逾百公司5千人全裁 https://ec.ltn.com.tw/article/paper/1310546 軍力對決！3家純網銀團隊戰力與人才需求大比較 https://www.ithome.com.tw/news/132362 台新銀行外幣系統演算法獲發明專利 https://udn.com/news/story/7239/3989151 金融服務機構和客戶的頭號威脅：94％的攻擊都來源於這四種 https://www.freebuf.com/news/210509.html Counterfeit Cashier’s Checks of National Bank of Blacksburg, Blacksburg, Va. https://www.occ.gov/news-issuances/alerts/2019/alert-2019-7.html 3.電子支付/電子票證/行動支付/ pay/新聞及資安電子支付、電子票證將整併，悠遊卡未來也能電子轉帳了 https://www.feed1x.com/app/post/5d4faf61462b2406480cd367 電子支付應用大解放！不只能兌外幣、未來還能互相轉帳 https://3c.ltn.com.tw/news/37667 四電子票證機構搶電支業務 https://money.udn.com/money/story/5613/3983247 中國犯罪集團一棒打死日本小七的「7pay」電子支付 https://newtalk.tw/news/view/2019-08-13/285205 電子支付敬陪末座，詹宏志的下一步！PChome集團整軍搶食「純網銀｣大餅 http://bit.ly/2MjCY7Q 4.虛擬貨幣/區塊鍊新聞及資安淺論比特幣在民事法律上之定性 http://bit.ly/2YRgFIF 調查局：虛擬通貨易淪為吸金詐騙工具 https://money.udn.com/money/story/5648/3950555 STO法規爭議難解？金管會副主委黃天牧：台灣的STO法令並非特別落後 http://bit.ly/2ZMlVyv 新加坡加密貨幣交易所預計年底將出現加密貨幣市場牛市 http://bit.ly/2Hbkp1J 墜落的以太坊！硬剛比特幣之後市值佔比已不足8% https://news.sina.com.tw/article/20190809/32262322.html 數位資產加強資安搭配硬體錢包找安心 https://m.ctee.com.tw/livenews/aj/a83205002019081117080278?area= 敲詐: Binance與「KYC駭客」的內部談判 http://bitfunance.com/article/665 擬發行兩種平台代幣！韓國SK集團將建立基於區塊鏈的捐贈平台 http://news.knowing.asia/news/dc597ba8-e1ed-4e99-aa65-66555f3c4179 萊特幣（LTC）上週末遭受「大規模粉塵攻擊」，對用戶有什麼影響 https://www.blocktempo.com/binance-academy-found-scalable-dusting-attack/ 中國央行發行數位貨幣？其實就是人民幣本尊 http://news.knowing.asia/news/48ccf0a5-b24e-4fdd-ac9f-fe76c789ba81 對加密貨幣友好的銀行並不多，但這家居然要為加密貨幣公司服務 http://news.knowing.asia/news/ee8afc3d-ef30-44aa-8643-e77fd1dfbd5c 紐西蘭稅務局已裁定，加密貨幣收入是合法的 http://news.knowing.asia/news/9feaebe6-41b5-466f-9e0f-2c233fec9602 聯合國報告：南韓交易所 Bithumb，三年內被北韓政府駭了四次 https://www.blocktempo.com/un-investigating-35-north-korean-military-funding-cyberattacks/ 公部門共識：台灣 STO 監管在國際上並不落後，將持續與業者溝通 https://blockcast.it/2019/08/12/public-legal-forum-building-consensus-with-public-sector/ 刑事局追查乙太幣竊電案　揪出台電內鬼 https://news.tvbs.com.tw/local/1183542 整個幣圈都談盜色變，數位貨幣交易所究竟是如何被盜的 http://news.knowing.asia/news/324bab83-2c30-4f06-a041-4b226aedf2a8 紐西蘭銀行 ASB 大手筆投資「貿易融資區塊鏈」 https://www.blocktempo.com/asb-bank-takes-a-stake-in-tradewindow/ 人民幣「破 7」避險效應，中國比特幣交易量激增 50% https://finance.technews.tw/2019/08/15/china-bitcoin-trading-volume-increase/ 整個幣圈都談盜色變，數位貨幣交易所究竟是如何被盜的 http://news.knowing.asia/news/324bab83-2c30-4f06-a041-4b226aedf2a8 加密分析公司報告PIVX鏈存在漏洞並質疑PIVX並無修復計劃 https://www.bishijie.com/kuaixun_372500 加密貨幣交易所監管，將面臨哪些挑戰 http://news.knowing.asia/news/94659c86-d457-4019-9f04-6c0f1c5e6164 數字貨幣行業APT一瞥: Coinbase應對Firefox在野0day攻擊詳情分析 https://www.freebuf.com/articles/blockchain-articles/211069.html The Chinese State Is Allegedly Sponsoring Attacks on Cryptocurrency Firms https://beincrypto.com/the-chinese-state-is-allegedly-sponsoring-attacks-on-cryptocurrency-firms/ UN probing 35 North Korean cyberattacks in 17 countries https://apnews.com/ece1c6b122224bd9ac5e4cbd0c1e1d80 Many blockchain use cases need IoT to succeed, and more https://www.zdnet.com/article/many-blockchain-use-cases-need-iot-to-succeed-and-more/#ftag=RSSbaffb68 Coinbase drops UK support for privacy-focused Zcash cryptocurrency https://www.zdnet.com/article/coinbase-drops-uk-support-for-zcash/#ftag=RSSbaffb68 Bitcoin-Related Ransomware Attacks Are Up 365% Since Last Year https://beincrypto.com/bitcoin-related-ransomware-attacks-are-up-365-since-last-year/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式中惡意程式攻台逾全球平均4倍量 https://ec.ltn.com.tw/article/paper/1305549 數位相機 PTP 協定驚爆出現漏洞，駭客可發動 OTP 植入勒索軟體攻擊 https://technews.tw/2019/08/12/canon-dslr-camera-infected-with-ransomware-over-the-air/ 照片及相機被鎖！單反都會中勒索軟件 http://bit.ly/33u7tgB 檯面下的風險:認識無檔案式威脅 https://blog.trendmicro.com.tw/?p=61508 外掛藏惡意軟件作弊被盜個人資訊 http://bit.ly/2Kx79GG 勒索病毒利用Flash漏洞掛馬攻擊，色情網站為傳播源頭 https://guanjia.qq.com/news/n3/2544.html Cerberus：一個新的Android'銀行惡意軟件出租'出現 https://blog.ehcgroup.io/index.php/2019/08/13/cerberus-surge-un-nuevo-android-banking-malware-for-rent/ Gozi銀行木馬再現，針對高新製造業、進出口企業的“魚叉式攻擊” https://www.freebuf.com/articles/system/209854.html Golang蠕蟲氾濫？讓我們揪出其始作俑者 https://www.freebuf.com/articles/system/208777.html GOOTKIT BANKING TROJAN | 深入研究反分析功能 https://www.sentinelone.com/blog/gootkit-banking-trojan-deep-dive-anti-analysis-features/ Deep Dive into Guildma Malware https://decoded.avast.io/threatintel/deep-dive-into-guildma-malware/ RANSOMWARE OVERTOOK BANKING TROJANS IN H1 2019 EMAIL MALWARE CAMPAIGNS https://www.zixcorp.com/resources/blog/august-2019/ransomware-overtook-banking-trojans-in-h1-2019 New "LookBack" Malware Used in Attacks Against U.S. Utilities Sector https://www.securityweek.com/new-lookback-malware-used-attacks-against-us-utilities-sector 2019-08-12 - DATA DUMP: ICEDID (BOKBOT) INFECTION WITH TRICKBOT https://www.malware-traffic-analysis.net/2019/08/12/index.html 2019-08-14 - PCAP AND MALWARE FOR AN ISC DIARY ABOUT MEDUSAHTTP https://www.malware-traffic-analysis.net/2019/08/14/index.html Canon DSLR Cameras Can Be Hacked With Ransomware Remotely https://thehackernews.com/2019/08/dslr-camera-hacking.html Canon DSLR Camera Infected with Ransomware Over the Air https://www.bleepingcomputer.com/news/security/canon-dslr-camera-infected-with-ransomware-over-the-air/ New Saefko Trojan focuses on stealing your credit card details, crypto wallets https://www.zdnet.com/article/new-saefko-trojan-focuses-on-stealing-your-credit-card-details/#ftag=RSSbaffb68 Saefko RAT peeks at browser histories to help adversaries form optimal attack plan http://bit.ly/2YVnMDW Saefko: A new multi-layered RAT https://www.zscaler.com/blogs/research/saefko-new-multi-layered-rat New Ursnif Variant Spreads Through Infected Word Documents https://www.bankinfosecurity.com/new-ursnif-variant-spreads-through-infected-word-documents-a-12898 New Ursnif Variant Spreading by Word Document https://www.fortinet.com/blog/threat-research/ursnif-variant-spreading-word-document.html Cloud Atlas threat group updates weaponry with polymorphic malware https://www.zdnet.com/article/cloud-atlas-threat-group-updates-weaponry-with-polymorphic-malware/#ftag=RSSbaffb68 Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices http://bit.ly/2YUwken Clipsa Malware Steals Cryptocurrency By Targeting Unsecured WordPress Sites https://latesthackingnews.com/2019/08/12/clipsa-malware-steals-cryptocurrency-by-targeting-unsecured-wordpress-sites/ New variant of Troldesh Ransomware targets victims via compromised website URLs https://cyware.com/news/new-variant-of-troldesh-ransomware-targets-victims-via-compromised-website-urls-42259560 Cerberus - A new banking Trojan from the underworld https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html Cerberus: A New Android 'Banking Malware For Rent' Emerges https://thehackernews.com/2019/08/cerberus-android-banking-trojan.html Cerberus: A New Android 'Banking Malware For Rent' Emerges https://thehackernews.com/2019/08/cerberus-android-banking-trojan.html Phishing email attack against hotel industry in North America https://blog.360totalsecurity.com/en/phishing-email-attack-against-hotel-industry-in-north-america/ Cyber-attack compensation claims advice https://www.dataleaklawyers.co.uk/blog/cyber-attack-compensation-claims-advice Trojans, ransomware dominate 2018–2019 education threat landscape https://blog.malwarebytes.com/trojans/2019/08/trojans-ransomware-dominate-2018-2019-education-threat-landscape/ New Norman Cryptominer Uses Dynamic DNS for C2 Communication https://www.bleepingcomputer.com/news/security/new-norman-cryptominer-uses-dynamic-dns-for-c2-communication/ Norman Cryptominer Employs Sophisticated Obfuscation Tactics https://threatpost.com/norman-cryptomining-sophisticated-obfuscation/147310/ Varonis Uncovers New Malware Strains and a Mysterious Web Shell During a Monero Cryptojacking Investigation https://www.varonis.com/blog/monero-cryptominer/ PsiXBot Continues to Evolve with Updated DNS Infrastructure https://www.proofpoint.com/us/threat-insight/post/psixbot-continues-evolve-updated-dns-infrastructure Ursnif ups its game with sophisticated VBA and PowerShell combination Dropper https://www.deepinstinct.com/2019/08/12/ursnif-ups-its-game-with-sophisticated-vba-and-powershell-combination-dropper/ Authors of the new Android Trojan advertise their product and make fun of anti-virus vendors on Twitter https://adware.guru/authors-of-the-new-android-trojan-advertise-their-product-and-make-fun-of-anti-virus-vendors-on-twitter/ Eine neue Android-Malware namens "Cerberus" kann ausgeliehen werden https://todotech20.com/ge/eine-neue-android-malware-namens-cerberus-kann-ausgeliehen-werden/ New Android malware available for renting https://gdpr.report/news/2019/08/14/privacy-new-android-malware-available-for-renting/ DanaBot banking Trojan jumps from Australia to Germany in quest for new targets https://www.zdnet.com/article/danabot-banking-trojan-jumps-from-australia-to-german-targets/ Review of a Danabot Infection https://h3collective.io/review-of-a-danabot-infection/ Analysis: New Remcos RAT Arrives Via Phishing Email https://blog.trendmicro.com/trendlabs-security-intelligence/analysis-new-remcos-rat-arrives-via-phishing-email/ Android users menaced by pre-installed malware https://nakedsecurity.sophos.com/2019/08/13/android-users-menaced-by-pre-installed-malware/ 500,000-Victim Cryptojacking Campaign Proves Increasing Malware Sophistication https://beincrypto.com/500000-victim-cryptojacking-campaign-proves-increasing-malware-sophistication/ B.行動安全 / iPhone / Android /穿戴裝置 /App 中國大陸工信部：230萬用戶已完成「攜號轉網」 https://news.sina.com.tw/article/20190724/32079366.html 破解率達74%！手機感應器恐使PIN密碼外洩 https://fnc.ebc.net.tw/FncNews/life/94552 手機狂跳出「中獎廣告」疑是Google廣告出包 https://udn.com/news/story/7087/3983465 手機狂冒中獎訊息谷歌代理商說話了 http://bit.ly/2KxrHPn 「恭喜您獲得中獎機會！」駭客一步驟解決超煩人的釣魚頁面 https://buzzorange.com/techorange/2019/08/13/avoid-phishing-cyber-security/ iPhone通訊錄可能成為駭客攻擊目標 https://news.wearn.com/c295696.html WhatsApp資安亮紅燈　駭客可輕易篡改用戶訊息 https://www.ettoday.net/news/20190812/1510839.htm iPhone通訊錄成「攻擊目標」　駭客能直接繞過安全機制 https://ck101.com/thread-5020180-1-1.html Instagram再爆隱私問題！百萬名用戶自介、貼文全被廣告商蒐集了 https://cnews.com.tw/134190811a02/ 【自身難保】研究發現近半 Android 防毒軟件有問題 http://bit.ly/2MddhFY IOS系統bug不斷，蘋果公司豪甩700萬買漏洞！業內良心還是奸商 https://user.guancha.cn/main/content?id=156367&s=fwzxfbbt 沒有安卓鴻蒙可以救華為手機嗎 http://bit.ly/2MVI0a3 稱三星手機爆炸男子灼傷手及臉 http://www.mingpaocanada.com/Tor/htm/News/20190809/tad1_r.htm 駭客研發惡毒 Lightning 線　一插即可入侵電腦 http://bit.ly/2KtfevQ 蘋果開出百萬賞金獎勵駭客入侵iphone回報漏洞 http://bit.ly/31AbtdI 只用 120 秒破解 iPhone Face ID！駭客們怎麼做到的 https://buzzorange.com/techorange/2019/08/13/iphone-faceid-black-hat-hacker-120-seconds/ 無密碼時代來臨！Google提供Pixel手機用戶免密碼登入　近日將擴大到安卓設備 https://www.ettoday.net/news/20190813/1512037.htm Pen Test Partners：眾多品牌的4G行動網路裝置含有安全漏洞 https://ithome.com.tw/news/132406 偽裝手機在美銷售華為祕密計劃被識破 http://www.epochtimes.com/b5/19/8/13/n11450823.htm Android 手機傳耗電異常災情！外媒曝可能原因與它有關 https://3c.ltn.com.tw/news/37690 下游電信商提高網安信任度資安防禦網路端更重要 http://weekly.invest.com.tw/001.asp?artNo=2052-13-01&OC=open 近 6 成屬國產貨　報告指手機 VPN 程式風險被忽視 http://bit.ly/30bo6Mk 忍無可忍蘋果控告Corellium以安全為名行侵害iOS之實 https://udn.com/news/story/6811/3992179 蘋果、WebKit團隊合作發布最新反追蹤策略 http://www.limedia.tw/tech/9713/ 科企研監控工具牟利恐成打壓幫兇 http://bit.ly/31Nnpct 資安專家成功示範以修改過的 Lightning 連接線，透過 iPhone 駭入 Mac https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=906 大量移動App 違法蒐集用戶信息 https://udn.com/news/story/7333/3989589 Push Notifications 101: Security Risks and How to Disable Them Across Devices https://heimdalsecurity.com/blog/push-notifications-security-risks-how-to-disable/ Testing Android smartphones has made my iPhone feel old and slow https://www.zdnet.com/article/testing-android-smartphones-has-made-my-iphone-feel-old-and-slow/#ftag=RSSbaffb68 How to securely wipe your iPhones, Android devices, and PCs https://www.zdnet.com/article/how-to-securely-wipe-your-iphones-android-devices-and-pcs/ How to fix the Android bug that's draining your battery https://www.zdnet.com/article/how-to-fix-the-android-bug-thats-draining-your-battery/#ftag=RSSbaffb68 Facebook Sues Two Android App Developers for Click Injection Fraud https://thehackernews.com/2019/08/facebook-ads-click-injection.html Two weird ways your iPhone or Mac can be hacked https://www.zdnet.com/article/two-weird-ways-your-iphone-or-mac-can-be-hacked/#ftag=RSSbaffb68 No China, no choice: Why 2019 is the worst smartphone year ever https://www.zdnet.com/article/no-china-no-choice-why-2019-is-the-worst-smartphone-year-ever/#ftag=RSSbaffb68 Apple's iOS Contacts app claimed to be vulnerable to SQLite hack https://appleinsider.com/articles/19/08/10/apples-ios-contacts-app-claimed-to-be-vulnerable-to-sqlite-hack Android Users Can Now Log in to Google Services Using Fingerprint https://thehackernews.com/2019/08/android-local-user-verification.html C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件擺了乖乖，機房就會自己「乖乖」嗎 https://showipprotocols-tw.blogspot.com/2019/08/no-more-lucky-cookies-ToR.html 不甩政府法令「愛奇藝」在台徵才恐被罰 https://news.ltn.com.tw/news/life/breakingnews/2884785 美禁蘋果MacBook Pro筆記本電腦登機有著火風險 http://bit.ly/2KL4gkt 浙江名校畢業生開發賭博軟體涉案逾4000萬 90嫌落網 http://bit.ly/30g222M 售「港獨T恤」？亞馬遜官網遭中國駭客以五星旗灌爆 https://www.rti.org.tw/news/view/id/2031111 【HITCON CMT 2019 免費開放人才招募刊登專區】 https://blog.hitcon.org/2019/08/HITCON-Recruit.html 敲敲資安的大門：《HackDoor 2019 駭客密室活動》 https://vocus.cc/TeacherComment/5d540a8efd897800012b2335 資安議題熱電腦及資訊服務業營收創同期新高 https://www.fountmedia.io/article/28809 K8s第一份第三方資安稽核報告出爐！Knative滿週年使用數據大公開 https://ithome.com.tw/news/132407 安全研究人員爆料：中興 Wi-Fi 蛋成黑客溫床 https://m.eprice.com.hk/mobile/talk/4527/213780/1/ 安全研究人員爆料：中興的 4G 分享器恐成為駭客溫床 https://m.eprice.com.tw/tech/talk/1141/5376748/1/ 老師趁期中考駭進學生手機！才剛抓到證據...模範生起疑提早交卷 https://star.ettoday.net/news/1510701?redirect=1 捷報！臺灣聯隊HITCON x BFKinesiS獲得DEF CON CTF駭客競賽第二名 https://ithome.com.tw/news/132347 美國拉斯維加斯CTF資安攻防賽　台灣獲亞軍 https://www.taiwannews.com.tw/ch/news/3761981 【黑客來襲】電腦被入侵怎麼辦：立法規管VS交付贖金 http://www.etnet.com.hk/www/tc/lifestyle/officetips/larryleung/61503 駭客發威！發現美F-15戰機大罩門 https://www.chinatimes.com/realtimenews/20190815002365-260417?chdtv 7駭客花2天成功破壞「美F-15關鍵系統」　材料費僅花2萬美元 https://www.ettoday.net/news/20190815/1513863.htm 黑客大會舉行市民慎防駭客活動 https://www.lvcdn.com/news/vegas/20190809/25889.html 火眼報告：APT41受中共指使搞網絡間諜活動 http://bit.ly/2M7i4cd 中國駭客組織APT41利用政府資源盜走遊戲虛擬貨幣以中飽私囊 https://ithome.com.tw/news/132374 調查：陸駭客藉商業攻擊賺外快 http://bit.ly/2ZK7lrj 中共指使駭客組織攻擊特定目標讓北京受益 https://v.chinaqna.com/blog/90045 美國網絡安全公司報告：中國黑客組織獲官方保護並發動攻擊 http://bit.ly/2GZCfEB 不只香港新加坡也另有警訊 http://bit.ly/2H1UysZ 路透：國台辦砸銀彈企圖買人心　5家台媒收錢做報導 https://tw.news.appledaily.com/international/realtime/20190809/1614247 中共把貨幣當武器！盤點美方反制優勢 http://bit.ly/2MgL2qb 中共社會信用體系下人被大數據「圈養」 http://www.epochtimes.com/b5/19/8/11/n11445406.htm 中國資訊戰警報！「買台灣不如騙台灣」的資訊戰，你抵擋的了嗎 https://musou.watchout.tw/read/Qj4a0FyKYwHax0B8bJXS 「天網」將破？美國政府禁五家中企採購案後的下一步 https://opinion.udn.com/opinion/story/120611/3988917 中共索護照號碼澳學者：拒絕 http://bit.ly/306wtZs 加拿大情報局示警中共經濟間諜活動增加 http://bit.ly/2OPevcF 香港網友強力反制中國網軍曝光個資幫忙參軍 https://www.cna.com.tw/news/acn/201907240207.aspx 華郵取得密件指大陸華為疑違規暗助北韓 https://udn.com/news/story/6809/3944855 又違反美國管制禁令？華為助北韓架設無線網路 https://www.cmmedia.com.tw/home/articles/16630 華爾街日報：華為員工助非洲多國政府監控政敵 https://m.ltn.com.tw/news/world/breakingnews/2884916 涉助非洲國家政府監控政敵　華為斥報道失實 https://hk.on.cc/hk/bkn/cnt/cnnews/20190815/bkn-20190815082610644-0815_00952_001.html 美緩對中加徵關稅經部：網路交換器影響仍大 http://bit.ly/2KM81Gm 川普把中國進口的筆電與手機徵稅日延到12月 https://www.ithome.com.tw/news/132424 美聯邦檢察官指控Capital One事件駭客攻擊了更多目標 https://on.wsj.com/31Lchg9 美國掃雷艦老舊不靈軟體還用WIN2000 https://www.chinatimes.com/realtimenews/20190811002311-260417?chdtv 北韓對17國發動網路攻擊瘋狂洗劫626億 https://news.ltn.com.tw/news/world/breakingnews/2886098 美國防部列最優先事項美軍邁向5G時代 http://bit.ly/308rirI Kuwait hit in Pyongyang cyberattack https://gulflance.com/kuwait-hit-in-pyongyang-cyberattack/ Czech Republic ‘s committee blames foreign state for Foreign Ministry Cyberattack https://securityaffairs.co/wordpress/89864/cyber-warfare-2/czech-republic-cyber-attack.html Members of Chinese Espionage Group Develop a 'Side Business' https://www.bankinfosecurity.com/members-chinese-espionage-group-develop-side-business-a-12908 Clever attack uses SQLite databases to hack other apps, malware servers https://www.zdnet.com/article/clever-attack-uses-sqlite-databases-to-hack-other-apps-malware-servers/#ftag=RSSbaffb68 Canada Is Getting Ready for Quantum Cryptography https://www.venafi.com/blog/canada-getting-ready-quantum-cryptography The Black Hat cybersecurity conference app has a cybersecurity problem https://mashable.com/article/black-hat-cybersecurity-app-vulnerable/ North Dakota’s Big Cybersecurity Vision https://blog.paloaltonetworks.com/2019/08/north-dakota-cybersecurity-vision/ New Playbooks for Cyber Defense https://www.bankinfosecurity.asia/interviews/new-playbooks-for-cyber-defense-i-4412 B-電子金融處-企業網路銀行規劃營運人員 https://www.104.com.tw/job/6om5i 【NCCST-技服中心】資安鑑識工程師(台南) https://www.1111.com.tw/job/85898199/?agent=out_gds_ewo_happiness 【NCCST-技服中心】MIS工程師(台南) https://www.1111.com.tw/job/85898378/?agent=out_gds_ewo_happiness 【NCCST-技服中心】系統工程師(台南) https://www.1111.com.tw/job/85897975/?agent=out_gds_ewo_happiness 【NCCST-技服中心】資安工程師(台南) https://www.1111.com.tw/job/85898205/?agent=out_gds_ewo_happiness 【NCCST-技服中心】資安檢測工程師(台南) https://www.1111.com.tw/job/85898004/?agent=out_gds_ewo_happiness [新竹]新竹市政府教育處徵資安分析師 https://www.ptt.cc/bbs/Tech_Job/M.1565766500.A.206.html 機器學習研發工程師(Big Data/Machine Learning) https://m.104.com.tw/job/6p1qu?jobsource=m_cust_same_on 招商銀行總行信息技術部安全團隊招聘 https://www.anquanke.com/post/id/184275 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞滙豐銀行提醒慎防偽冒電郵 http://bit.ly/2KBLYlE 紐約時報：中共對香港發動「假信息戰」 https://www.ntdtv.com/b5/2019/08/14/a102644197.html 資安業者警告：Amazon EBS配置不當造成眾多機密資料曝光 https://ithome.com.tw/news/132380 點網頁出現釣魚頁面怎解決？聽專業駭客解釋 https://news.cts.com.tw/cts/life/201908/201908111970882.html 玩家信用卡遭盜刷！Epic Games面臨集體訴訟 http://bit.ly/33pydio 「你的臉被偷了嗎？」批踢踢創始神曝...玩人臉遊戲5種下場 https://www.ettoday.net/news/20190809/1509659.htm 信用卡提額騙局！一條短信就能騙光你卡里所有的錢 https://www.fengli.com/news/23385920.html 網路詐騙案如何應對？廣發信用卡來支招 https://news.sina.com.tw/article/20190809/32252326.html 幫網友銀行開戶女差點淪詐欺共犯 https://news.ltn.com.tw/news/Tainan/breakingnews/2879915 統一培訓發展下線網路交友詐騙團伙冒充女性騙錢財 https://news.sina.com.tw/article/20190809/32252242.html 男假冒胞兄辦卡盜刷盜領款判刑1年10月 https://www.cna.com.tw/news/asoc/201908090165.aspx 遭胞弟盜辦信用卡刷120萬男子提告自保 https://news.ltn.com.tw/news/society/breakingnews/2879365 弟冒用哥名義辦卡盜刷最後由老媽出來擦屁股 https://udn.com/news/story/7321/3979366 接警非緊急部門普通話電話華裔遭索個人資料信用卡號警方同日接數市民查詢稱屬詐騙 http://www.mingpaocanada.com/Tor/htm/News/20190809/tac1_r.htm 收到驗證碼，網銀遭盜刷！大渡口警方破獲首例“嗅探”技術新型盜案 http://www.sohu.com/a/331834132_355653 電信詐騙趨向精準化：「遍地撒網」變成「重點捕魚」 https://news.sina.com.tw/article/20190723/32055714.html 澳大利亞發生多起中國公民遭電信詐騙案使館吁防範 https://news.sina.com.tw/article/20190723/32059126.html 接到陌生來電「小妹妹狂道歉」！　她心軟按下一鍵...162萬全沒了 https://www.ettoday.net/news/20190723/1495508.htm 洛陽警方偵破一起詐騙案 http://news.lyd.com.cn/system/2019/07/30/031435503.shtml 遭遇騙局還不聽勸？電話打到你聽勸！支付寶推出首個防騙「叫醒熱線」 https://news.sina.com.tw/article/20190718/32011964.html 被指入侵Capital One的駭客是如何從雲端竊取數據的 https://on.wsj.com/2Mk4W3B 撿提款卡猜出密碼盜領46萬判罰1萬關半年 https://news.ltn.com.tw/news/society/breakingnews/2881623 詐騙公司員工「演技」在線，扮銀行工作人員致20多人中招 http://bit.ly/2Kvx6GF 防假保單詐騙兩管道反向查證 http://www.merit-times.com/NewsPage.aspx?unid=559584 教科書級「銀行」詐騙！他是這樣騙上市公司1.5億的，逃亡泰國4年後終究被抓 https://news.sina.com.tw/article/20190810/32268028.html 詐騙7年新壽業務員侵占保費2,000萬 https://money.udn.com/money/story/5648/3983273 保險公司查15萬人網上醫療記錄搜證以拒絕賠償 http://bit.ly/33szSUi 偽造成績單　友邦經紀判緩刑 https://hk.news.appledaily.com/local/daily/article/20190810/20746521 電騙黨手法再升級冒警專線套取個資 http://bit.ly/2H3dhnX 你的個資不再是你的：當心數位足跡留痕難抹去 https://newtalk.tw/news/view/2019-08-12/284805 網路學習「假分期、真貸款」糾紛多消保處新規範遏止 http://bit.ly/31zBs57 辦理ETC卡可能會被盜刷小心辦卡「潛規則」 https://news.sina.com.tw/article/20190812/32283724.html 派私人調查員闖YouTuber住處？玩家發起拒買《Borderlands 3》 http://bit.ly/33xbAZi 接到自稱是銀行專員，並且詢問用卡習慣，但打去該行才發現那是詐騙 https://www.bc3ts.com/post/21665 警破網戀詐騙團夥拘11人　涉案金額逾200萬人民幣 https://hk.on.cc/hk/bkn/cnt/cnnews/20190813/bkn-20190813065058481-0813_00952_001.html 騙徒利用前新加坡總理的名字來進行比特幣投資詐騙 http://bit.ly/2KHSUxr 境外匯款小心有詐士林警識破詐騙手法機警阻詐 https://times.hinet.net/news/22505151 警籲民眾慎防手機被綁架 http://bit.ly/2H60XTH 郵儲銀行開展支付安全與防範電信網路新型欺詐宣傳 https://news.sina.com.tw/article/20190814/32308038.html 母湯用外掛，資安公司曝《要塞英雄》外掛會竊取使用者個資 https://tw.esports.yahoo.com/fortnite-065318537.html 駭客論壇Cracked.to資料庫遭競爭對手公布 https://www.ithome.com.tw/news/132427 從個人資料保護看資安 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=8751 美媒：臉書聘數百人轉錄用戶語音對話 http://bit.ly/2H4NfjV 保全公司雲端平台漏洞，讓千萬用戶指紋、人臉及個資曝險 https://ithome.com.tw/news/132441 英國爆發嚴重生物辨識資訊資安事件，百萬人指紋、面孔與帳密完全未經加密存放 https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=908 廠商持假發票詐貸銀行調查局大規模搜索 https://money.udn.com/money/story/5648/3991263 最新電話詐騙 PSE&G電氣公司發警告 http://www.epochtimes.com/b5/19/8/15/n11456066.htm 網購網戀詐騙橫行「＋」號電話、購虛擬幣勿輕信 http://bit.ly/2Nhfpwn 網絡攻擊瞄準個人銀行，談談5個典型攻擊手段 https://www.freebuf.com/articles/network/211150.html Invoice釣魚郵件姿勢多，進出口企業機密信息易洩漏 https://www.freebuf.com/articles/system/210012.html Crime Gangs Increasingly Turn to Online Fraud, UK Police Warn https://www.bankinfosecurity.eu/crime-gangs-increasingly-turn-to-online-fraud-uk-police-warn-a-12916 Security warning for software developers: You are now prime targets for phishing attacks https://www.zdnet.com/article/security-warning-for-software-developers-you-are-now-prime-targets-for-phishing-attacks/ Report: SEC Investigates First American Data Exposure https://www.bankinfosecurity.asia/report-sec-investigates-first-american-data-exposure-a-12910 SEC Investigating Data Leak at First American Financial Corp. https://krebsonsecurity.com/2019/08/sec-investigating-data-leak-at-first-american-financial-corp/ Four major dating apps expose precise locations of 10 million users https://www.zdnet.com/article/four-major-dating-apps-expose-precise-locations-of-10-million-users/#ftag=RSSbaffb68 FBI seeks to monitor Facebook, oversee mass social media data collection https://www.zdnet.com/article/fbi-seeks-to-monitor-facebook-oversee-mass-social-media-data-collection/#ftag=RSSbaffb68 Threesome app exposes user data, locations from London to the White House https://www.zdnet.com/article/threesome-app-exposes-user-data-pics-from-london-to-the-white-house/#ftag=RSSbaffb68 South Korea New Target for Payment Fraud https://www.bankinfosecurity.com/south-korea-new-target-for-payment-fraud-a-12897 Scammers increasingly hide behind legitimate company websites to spawn phishing mails https://www.scmagazineuk.com/scammers-increasingly-hide-behind-legitimate-company-websites-spawn-phishing-mails/article/1593447 Get creative: The average US user recycles online passwords at least four times https://www.zdnet.com/article/get-creative-the-average-us-user-recycles-online-passwords-at-least-four-times/#ftag=RSSbaffb68 Hundreds of exposed Amazon cloud backups found leaking sensitive data https://techcrunch.com/2019/08/09/aws-ebs-cloud-backups-leak/ SEC Investigating Data Leak at First American Financial Corp. https://krebsonsecurity.com/2019/08/sec-investigating-data-leak-at-first-american-financial-corp/ Choice Hotels: 700,000 Guest Records Exposed https://www.bankinfosecurity.asia/choice-hotels-700000-guest-records-exposed-a-12913 Fake Twitter Accounts Launch Anti-India Propaganda Campaign https://www.bankinfosecurity.asia/fake-twitter-accounts-launch-anti-india-propaganda-campaign-a-12914 Responding to Firefox 0-days in the wild https://blog.coinbase.com/responding-to-firefox-0-days-in-the-wild-d9c85a57f15b Major biometrics data leak impacts UK Metropolitan Police, banks, enterprise companies https://www.zdnet.com/article/major-biometrics-data-leak-impacts-police-banks-enterprise-companies/#ftag=RSSbaffb68 Report: Data Breach in Biometric Security Platform Affecting Millions of Users https://www.vpnmentor.com/blog/report-biostar2-leak/ White Hats Breach Biometrics Database: 27.8 Million Records Exposed https://www.cbronline.com/news/biostar-2-vpnmentor Capital One hacker took data from more than 30 companies, new court docs reveal https://www.zdnet.com/article/capital-one-hacker-took-data-from-more-than-30-companies-new-court-docs-reveal/#ftag=RSSbaffb68 E.研究報告 LiveZilla實時聊天應用7大漏洞解析 https://xz.aliyun.com/t/5902 網絡安全重大事件判定指南 https://www.freebuf.com/articles/network/211133.html 2019上半年網絡安全應急響應分析報告 https://www.freebuf.com/articles/paper/210447.html 由一道工控路由器固件逆向題目看命令執行漏洞 https://zhuanlan.zhihu.com/p/77410505 【漏洞預警】KDE Frameworks遠程命令執行（CVE-2019-14744）漏洞 https://www.secpulse.com/archives/110558.html CVE-2019-0193 Apache Solr遠程命令執行漏洞分析 https://xz.aliyun.com/t/5941 Ghostscript沙箱繞過命令執行漏洞(CVE-2019-10216) 預警 https://www.secrss.com/articles/12889 記一次xss漏洞挖掘 https://zhuanlan.zhihu.com/p/77639006 路由器漏洞挖掘之TEW_645TR_1.12 sql 注入分析 https://www.anquanke.com/post/id/183871 D-Link系列路由器漏洞挖掘 https://www.cnblogs.com/17bdw/p/11345345.html 內核漏洞挖掘技術系列(6)——使用AFL進行內核漏洞挖掘 https://xz.aliyun.com/t/5943 免殺webshell的無限生成工具（免殺一句話生成|免殺d盾|免殺安全狗護衛神河馬查殺等一切WAF） https://github.com/yzddmr6/webshell-venom 警惕Elasticsearch淪為殭屍網絡 https://www.freebuf.com/articles/network/209564.html CVE-2019-11270：Cloud Foundry UAA中的提權漏洞分析 https://www.anquanke.com/post/id/183810 CVE-2019-1181/1182：遠程桌面服務中的蠕蟲漏洞警告 https://www.linuxidc.com/Linux/2019-08/160043.htm 安全心經| 吳承恩都不知道的《西遊記》 https://www.aqniu.com/vendor/53067.html 內網攻防備忘錄 https://www.freebuf.com/articles/network/210298.html 新型JSNEMUCOD病毒样本分析报告 https://www.freebuf.com/articles/terminal/209769.html ARP欺騙繞過Android TV BOX分析 https://www.freebuf.com/articles/network/209780.html Dockernymous：一款基於Docker容器的Whonix網關工作站安全環境搭建工具 https://www.freebuf.com/sectool/209607.html WatchBog新型變種分析 https://www.freebuf.com/articles/network/209956.html Pown-Duct：一款功能強大的盲注攻擊檢測工具 https://www.freebuf.com/sectool/209584.html Rock-ON：一款多功能合一的網絡偵察工具 https://www.freebuf.com/articles/network/208923.html Trojans, ransomware dominate 2018–2019 education threat landscape https://blog.malwarebytes.com/trojans/2019/08/trojans-ransomware-dominate-2018-2019-education-threat-landscape/ An easy ATT&CK-based Sysmon hunting tool https://github.com/baronpan/SysmonHunter LLDBFuzzer: Debugging and Fuzzing the Apple Kernel with LLDB Script http://bit.ly/2GUwFDh Seccomp Tools : Provide Powerful Tools For Seccomp Analysis https://kalilinuxtutorials.com/seccomp-tools/ HackerTarget : Tools And Network Intelligence To Help Organisations With Attack Surface Discovery https://kalilinuxtutorials.com/hackertarget-tools-and-network-intelligence/ Cloud Forensics: Google Drive https://netseedblog.com/security/cloud-forensics-google-drive/ LLDBFuzzer: Debugging and Fuzzing the Apple Kernel with LLDB Script http://bit.ly/2GUwFDh Threat Research Finding Evil in Windows 10 Compressed Memory, Part One: Volatility and Rekall Tools https://www.fireeye.com/blog/threat-research/2019/07/finding-evil-in-windows-ten-compressed-memory-part-one.html Threat Research Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive https://www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-two.html Threat Research Finding Evil in Windows 10 Compressed Memory, Part Three: Automating Undocumented Structure Extraction https://www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-three.html All-in-one bundle of MISP, TheHive and Cortex https://github.com/pe3zx/mthc F.商業訊連推出金融AI刷臉辨識　高精準度2D、3D臉部防偽 https://www.ettoday.net/news/20190718/1493196.htm Openfind發表雲端資安生態圈聯盟 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000565606_7u77pzuelrbl0g7tpds1k 關貿網路攜手中醫附醫攻醫療行動支付 https://ec.ltn.com.tw/article/breakingnews/2882244 電腦及資訊服務業 Q2營收創新高 http://bit.ly/2OU6t2n 剖析資通安全管理法綜觀資安管理國際標準新趨勢 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&cat=60&id=0000565827_vmi9wc2x1pvpdg8pbp91e 微軟中小企業授權方案將不再提供Office永久版 https://www.ithome.com.tw/news/132392 關貿網路策略性投資將來銀行2.1億元 https://www.chinatimes.com/realtimenews/20190814003524-260410?chdtv 效果不大，Chrome、Firefox將縮減EV簽章標示 https://www.ithome.com.tw/news/132416 加入純網銀國家隊展拳腳關貿投資將來爭一席董事 http://bit.ly/2Z5xT98 30而「力」！合勤從「設備研發製造商」到「解決方案服務商」的華麗轉身 https://www.techbang.com/posts/72057-30th-anniversary-of-co-attendance 思科攜手北市府　培育數位人才 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/7DEEB5510D714ABD93C0C42245EDFD86 Google推出網頁應用程式遙測工具 https://www.ithome.com.tw/news/132429 台灣大公有雲「運算雲 Plus」上線，年底前預計逾 40 家企業導入 https://technews.tw/2019/08/15/taiwan-mobile-easpnet-vmwa/ Kaspersky 亞太區設首家透明中心 http://bit.ly/2yYOi0w 區塊科技結合資安鑑識，用區塊鏈技術提升「數位蒐證」可信度 http://bit.ly/2N61yc3 Let Experts Do Their Job – Managed WAF by Indusface https://thehackernews.com/2019/08/apptrana-waf-vulnerability-scanner.html Microsoft is phasing out the Basic edition of Azure Active Directory https://www.zdnet.com/article/microsoft-is-phasing-out-the-basic-edition-of-azure-active-directory/#ftag=RSSbaffb68 Microsoft names top security researchers, zero-day contributors https://www.zdnet.com/article/microsoft-names-top-security-researchers-zero-day-contributors/#ftag=RSSbaffb68 Broadcom Reaches $10.7B Deal to Buy Symantec Enterprise https://www.bankinfosecurity.com/broadcom-reaches-107b-deal-to-buy-symantec-enterprise-a-12896 Top 10 security extensions for Google Chrome https://www.zdnet.com/article/top-10-security-extensions-for-google-chrome/#ftag=RSSbaffb68 Windows Virtual Desktop Is Feature Complete https://www.petri.com/windows-virtual-desktop-is-feature-complete G.政府明年千億元科技預算政院將投入5G、自駕車及資安 https://udn.com/news/story/7238/3980256?from=udn-ch1_breaknews-1-cate6-news 金管會宣示3大重點：理專控管、雲端委外及違約金計收 https://money.udn.com/money/story/5613/3966605 保險業應設置公司治理主管保險業內部控制及稽核制度實施辦法修正 https://www.lawbank.com.tw/news/NewsContent.aspx?NID=162319 強化資安充實資訊設備臺東縣府將汰換310台電腦 https://news.sina.com.tw/article/20190810/32267258.html NCC獲2660萬補助將投入5G實證與資安研究計畫 https://www.cna.com.tw/news/ahel/201908140233.aspx 金管會列保險業常見缺失顧立雄：再犯就不客氣了 https://udn.com/news/story/7239/3989244 5G明年上路 NCC：得標廠商須報告資安管理程度 http://bit.ly/2H7amuv 政府領域資安聯防監控說明會 https://www.nccst.nat.gov.tw/HandoutDetail?lang=zh&seq=1283 H.ICS/SCADA 工控系統雲端工控安全保衛戰 https://www.freebuf.com/articles/ics-articles/211300.html HVACking: Understanding the Delta Between Security and Reality https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/hvacking-understanding-the-delta-between-security-and-reality/ Introduction to SCADA security https://securityboulevard.com/2019/08/introduction-to-scada-security/ ICS/SCADA security overview https://securityboulevard.com/2019/08/ics-scada-security-overview/ Physical security for ICS/SCADA environments https://securityboulevard.com/2019/08/physical-security-for-ics-scada-environments/ Securing OT in the Energy and Utilities Sector https://advancedmanufacturing.org/securing-ot-in-the-energy-and-utilities-sector/ Global Cyber Alliance Unveils Free IoT Security Platform https://www.iotworldtoday.com/2019/08/15/global-cyber-alliance-unveils-free-iot-security-platform/ I.教育訓練 git提供分散式版本控制　GitHub存放個人網頁空間善用gh-pages分支功能　無料架設靜態網站 https://www.netadmin.com.tw/netadmin/zh-tw/technology/89C148A5BC09490785753668A11280B8 10個新手必知的 JavaScript 實用技巧 http://bit.ly/2YNkMKz 【機器學習懶人包】從數據分析到模型整合，各種好用的演算法全都整理給你啦 https://buzzorange.com/techorange/2019/08/13/machine-learning-algorithm-collection/ MIS想跨入資安領域，SSCP是最好的入門鑰匙 https://ithome.com.tw/pr/132405 淺談MSF滲透測試 https://www.freebuf.com/news/210292.html List of Open Source C2 Post-Exploitation Frameworks http://pentestit.com/list-of-open-source-c2-post-exploitation-frameworks/ Gaining code execution using a malicious SQLite database https://research.checkpoint.com/select-code_execution-from-using-sqlite/ Sysmon Deep Dive Part 1: EventID 1 Process Create https://www.peerlyst.com/posts/sysmon-deep-dive-part-1-eventid-1-process-create-lee-archinal FREE DOWNLOAD: the best training, courses and ebooks on cybersecurity (2019's version) https://www.peerlyst.com/posts/free-download-the-best-training-courses-and-ebooks-on-cybersecurity-2019-s-version-peerlyst Top DFIR Tools - 2019 edition https://www.peerlyst.com/posts/top-dfir-tools-2019-edition-david-dunmore Price Dropped: Get Lifetime Access to Cisco Certification Courses 2019 https://thehackernews.com/2018/06/cisco-certification-training.html J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識遙控鑰匙沒那麼安全！　網實測：1秒解鎖開走 https://news.tvbs.com.tw/life/1182516 你有多愛車？有人在手臂植入 Tesla Model 3 晶片鑰匙 https://www.kocpc.com.tw/archives/274484 電子裝置的揚聲器成了駭客的目標，還把聲音當成武器 https://technews.tw/2019/08/13/hackers-can-turn-everyday-speakers-into-acoustic-cyberweapons/ 是德科技網路安全產品全面防禦車聯網攻擊 http://bit.ly/2YFXGp4 全面檢視IT/OT資產發現可疑的網路行為 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=8748 智能喇叭成黑客攻擊對象　聲波攻擊成真 http://bit.ly/2ZZpx09 SMART ENERGY MONITORING AND CONTROLLED SMART SECURITY https://www.iot-contest.bisinfotech.com/2019/08/08/smart-energy-monitoring-and-controlled-smart-security/ 6.近期資安活動及研討會 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28 https://www.accupass.com/event/1906050355291064968019 108 年度臺灣學術網路危機處理中心資安巡迴研討會 -資安趨勢暨網路安全概要 8/19 ~ 8/27 http://www.hssh.tp.edu.tw/ezfiles/1/1001/attach/42/pta_17520_7551835_06329.pdf 台灣駭客年會 HITCON Summer Training 2019 - 學生報名 2019-08-19 ~ 2019-08-22 https://www.accupass.com/event/1906050919271598677460 工業自動化資安攻擊與防護 8/21 https://www.moea.gov.tw/MNS/populace/news/NewsAction.aspx?menu_id=43&news_id=86058 ￜYahoo奇摩電商專題講座ￜ我們與詐騙的距離_電商不可承受的資安之重 8/21 https://www.accupass.com/event/1906120307261445013215 資訊安全攻防實務- 企業紅藍隊對抗演練實務 08/21 星期三 09:00 ~ 08/23 星期五 16:30 https://www.moea.gov.tw/Mns/populace/news/NewsAction.aspx?menu_id=43&news_id=86049 WEB應用滲透測試 8/21 ~ 8/23 https://www.accupass.com/event/1904080221358963463590 Thinking Thursday 第三場 8/22 https://www.meetup.com/Thinking-Thursday/events/lrqddryzlbdc/ 台灣駭客年會 HITCON Community 2019 2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8) https://www.accupass.com/event/1906040921594609934250 第四屆臺灣好厲駭~開放報名至108年8月26日(一)下午5點截止 http://bit.ly/2ZlpP0Q NISRA Enlightened 2019 2019/08/26 ~ 2019/08/29 https://nisra.kktix.cc/events/2019enlightened 數位政府高峰會 2019 8/28 https://egov.ithome.com.tw/ ModernWeb 19 8/28 ~ 8/29 https://modernweb.tw/ 資安法規與制度研析課程－108年度「資安人才培訓及國際推展計畫－資安專業人才培育深化課程」 8/29 ~ 8/30 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw== 108年資安職能訓練-行動裝置安全(8/29-8/30) https://cee.ksu.edu.tw/recruitinfo/1443.html 2019 NGO 資安種子講師訓練 8/29 https://ocftw.kktix.cc/events/cscs2019tot Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 9/6 https://signupcybersec101.ithome.com.tw/ 交通大學亥克書院-B022:基礎網頁安全與滲透測試<新竹場次> 9/7 https://hackercollege.nctu.edu.tw/?p=1079 資訊安全管理系統-基礎課程（免費！）9/8 https://www.accupass.com/event/1907160853513957042270 【AWS資安】Security Engineering on AWS高級課程 9/9 ~ 9/11 https://www.accupass.com/event/1905150854571147685105 CDX2.0推廣活動 - 台北場次 9/10 https://nchc-cdx.kktix.cc/events/cdxactivity-0910 Kubernetes Sumｍit 9/11 https://summit.ithome.com.tw/kubernetes/ 台灣賽門鐵克年度資安論壇 9/12 https://zh.surveymonkey.com/r/symantec_0912 Cyber Attack Taipei Series 2019 9/17 https://www.eventbrite.com/e/cyber-attack-taipei-series-2019-tickets-68951581035 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 9/20 https://signupcybersec101.ithome.com.tw/ 金融資安培訓課程 9/20 https://twap.deloitte.com.tw/DTLCRA/Works/CourseDetail.aspx?CourseID=T1906002 資策會開辦「認證系統安全從業人員 SSCP 輔導班」2019/9/21 https://ithome.com.tw/pr/131772 交通大學亥克書院-A011:入侵行為發覺與應變指南 9/21 https://hackercollege.nctu.edu.tw/?p=1082 資訊安全管理系統-進階課程（免費！）9/21 https://www.accupass.com/event/1907160908138705889800 TANET 2019 - 臺灣網際網路研討會 9/25 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310 交通大學亥克書院-B022:基礎網頁安全與滲透測試 9/28 https://hackercollege.nctu.edu.tw/?p=1084 HITB+ CYBER WEEK 2019/10/12 ~17 https://d2p.hitb.org/ 交通大學亥克書院-A006:數位足跡追蹤與分析 10/19 https://hackercollege.nctu.edu.tw/?p=1088 Splunk .conf 19 10/21 ~ 10/24 https://conf.splunk.com/ AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22 https://ittraining.kktix.cc/events/aiot-training-2019 Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019 https://www.icscybersecurityconference.com Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 10/25 https://signupcybersec101.ithome.com.tw/ 交通大學亥克書院-A015:進階網頁滲透測試 10/26 https://hackercollege.nctu.edu.tw/?p=1090 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/8 https://signupcybersec101.ithome.com.tw/ 交通大學亥克書院-P006:高階網頁滲透測試 11/16 https://hackercollege.nctu.edu.tw/?p=1092 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/29 https://signupcybersec101.ithome.com.tw/ 交通大學亥克書院-B015:惡意程式檢測 11/30 https://hackercollege.nctu.edu.tw/?p=1098 交通大學亥克書院-A018:企業網域控管－Active Directory攻擊與防禦 12/14 https://hackercollege.nctu.edu.tw/?p=1094 Japan Security Analyst Conference https://jsac.jpcert.or.jp/