###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/10/21 ~ 2019/10/25 1.重大弱點漏洞/後門/Exploit/Zero Day SRLabs發現智能揚聲器新漏洞或變身監聽用戶的間諜設備 https://www.cnbeta.com/articles/tech/901805.htm Google、Amazon智能喇叭偷錄密碼 http://bit.ly/2P77wue Symantec antivirus crashes something again. This time Chrome 78 browsers https://www.zdnet.com/article/symantec-antivirus-crashes-something-again-this-time-chrome-78-browsers/#ftag=RSSbaffb68 Apache Traffic Server 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079 Docker Hub現支援TOTP雙因素驗證 https://www.ithome.com.tw/news/133748 PHP遠程代碼執行漏洞預警（CVE-2019-11043） https://www.huaweicloud.com/notice/2018/20191024155807348.html PHP 遠程代碼執行漏洞（CVE-2019-11043）[附exploit] http://vulsee.com/archives/vulsee_2019/1023_9128.html Fortinet FortiOS 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15703 NETGEAR JNR1010訪問控制錯誤漏洞 https://kb.netgear.com/30177/JNR1010-Firmware-Version-1-0-0-32 Oracle Java SE 安全漏洞(CVE-2019-11068) http://www.dukulong.com/article/CVE-2019-11068.html Weblogic反序列化遠程代碼執行漏洞預警通告 https://cloud.tencent.com/developer/article/1526492 Red Hat JBoss Data Virtualization 多個漏洞 https://www.auscert.org.au/bulletins/ESB-2019.3899/ Linux核心含有可造成系統當機或遭駭客掌控的陳年漏洞 https://www.ithome.com.tw/news/133724 Linux 有嚴重漏洞，可導致使用 Wi-Fi 的附近設備當機 https://technews.tw/2019/10/21/unpatched-linux-bug-may-open-devices-to-serious-attacks-over-wi-fi/ Trend Micro Anti-Threat Toolkit (ATTK) 1.62.0.1218 Remote Code Execution https://packetstormsecurity.com/files/154916/TREND-MICRO-ANTI-THREAT-TOOLKIT-ATTK-REMOTE-CODE-EXECUTION.txt Cisco 多個產品發布多個安全更新 https://www.us-cert.gov/ncas/current-activity/2019/10/17/cisco-releases-security-updates Cisco Identity Services Engine存儲型跨站腳本漏洞 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-store-xss CVE-2019-12643：CISCO IOS XE身份驗證繞過漏洞 https://nosec.org/home/detail/3070.html Cisco REST API中的認證繞過漏洞，讓黑客遠程控制Cisco路由器 http://www.51testing.com/html/04/n-4462904.html 思科 Firepower Management Center 遠端執行任意程式碼漏洞 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce BIND 多個漏洞 https://www.us-cert.gov/ncas/current-activity/2019/10/17/isc-releases-security-advisories-bind VMware VeloCloud Orchestrator 信息洩露漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5533 Windows 10 更新小幫手暗藏漏洞，Microsoft 建議用戶盡快安裝更新 http://bit.ly/2VXpaSn 微軟推送新補丁：修復Intel四代酷睿安全漏洞 http://news.mydrivers.com/1/652/652468.htm 快遞櫃人臉辨識漏洞 照片可解鎖 https://www.ydn.com.tw/News/356800 ECPay Logistics for WooCommerce <= 1.2.181030 - Unauthenticated Reflected XSS https://wpvulndb.com/vulnerabilities/9869 CVE-2019-16928: Exploiting an Exim Vulnerability via EHLO Strings https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-16928-exploiting-an-exim-vulnerability-via-ehlo-strings/ Short October Patch Tuesday Includes Remote Desktop Client, Browser, and Authentication Patches http://bit.ly/2PaHaaB Belkin Wemo Switch https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-17532 D-Link 路由器遠端執行程式碼漏洞 https://www.fortinet.com/blog/threat-research/d-link-routers-found-vulnerable-rce.html DIR-859 A3-1.06 and DIR-850 A1.13 devices https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-17508 D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-17506 DIR-880L 1.08B04 and DIR-895 L/R 1.13b03 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14948 D-Link DIR-846 devices https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-17510 D-Link DIR-846 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-17509 Sophos Cyberoam firewall appliance with CyberoamOS https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-17059 RHEL 7和CentOS 7獲得重要Linux內核安全更新：推薦盡快安裝 https://www.cnbeta.com/articles/tech/902755.htm Chrome is crashing on windows 10 1903 with your latest version. 78.0.3904.70 https://support.google.com/chrome/thread/17501990?hl=en Firefox, Chrome Bugs Allow Arbitrary Code-Execution https://threatpost.com/critical-firefox-bugs-arbitrary-code-execution/149455/ FusionPBX跨站脚本漏洞 https://github.com/fusionpbx/fusionpbx/commit/c48a160af53352ad1a43518b7d0faab16b8dfbcc 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 Open Banking上路作半套？TSP業者要合縱聯盟 https://www.chinatimes.com/realtimenews/20191018005473-260410?chdtv 財金資訊公司帶頭打造Open API平臺，下階段關鍵挑戰是身分認證 https://www.ithome.com.tw/news/133693 政大國際產學聯盟營運長王儷玲：臺灣開放銀行能走得更穩健，未來可逐步擴大到Open Finance https://www.ithome.com.tw/news/133694 金融個資存取如何更安全？開放銀行將引進OAuth 2委任授權架構 https://www.ithome.com.tw/news/133707 國銀提報衝擊容忍度4小時...被打槍 https://money.udn.com/money/story/5613/4116077 銀行系統出包 拚2小時修復 https://money.udn.com/money/story/5613/4116074 銀行系統出包 金管會要求2小時補漏 https://udn.com/news/story/7239/4115794?from=udn-ch1_breaknews-1-cate6-news 提款機貼「不要插壞了」…男小心插還故障　再看字條昏倒 https://news.tvbs.com.tw/fun/1219501 厄利垂亞網路普及率只1％　領錢看瞴ATM管制比北韓嚴格 https://www.ettoday.net/news/20191017/1559140.htm 領不到錢！週四多地ATM傳當機　網驚呼：台灣被入侵 https://www.setn.com/News.aspx?NewsID=620161 銀行數位化風險不容忽視　穆迪示警：恐引發系統性風險 https://tw.finance.appledaily.com/realtime/20191021/1652086/ APX新技術改變傳統金流 可有效防制洗錢遏止資安問題 http://bit.ly/2W41WtR 金融業系統頻頻出包 金管會八大措施強化控管 https://ec.ltn.com.tw/article/breakingnews/2954302 國泰投信否認遭駭客勒索未遂、電腦當機 https://udn.com/news/story/7253/4119687 國泰投信電腦中毒當機關閉網路 已恢復正常 https://udn.com/news/story/7239/4119618 傳遭駭客勒索未遂大當機 國泰投信否認 https://money.udn.com/money/story/5607/4119618 傳遭駭客勒索？國泰投信：絕無此事 https://www.chinatimes.com/realtimenews/20191022004560-260410?chdtv 國泰投信官網癱瘓　國泰投信：關閉內網防止同仁中毒電腦影響系統 https://www.ettoday.net/news/20191022/1563026.htm 遭駭客勒索大當機？國泰投信澄清：明天可正常基金申贖 https://news.cnyes.com/news/id/4399329 中國銀行：將暫時關閉三星部分手機指紋登陸銀行功能 https://news.sina.com.tw/article/20191022/33036810.html 純網銀資料放海外？顧立雄：核心資料留在家裡面 https://www.chinatimes.com/realtimenews/20191022004036-260410?chdtv 資安、轉型並重 保險業因應全新挑戰 https://www.chinatimes.com/realtimenews/20191022004939-260410?chdtv Visa完成對Rambus支付業務組合的收購 https://times.hinet.net/news/22617064 數千個網路商店被注入 Magecart信用卡盜卡程式,今年第三起類似事件! https://blog.trendmicro.com.tw/?p=62262 Thieves Using JCB to Scoop out ATM Machine Has Reminded Netizens of the Viral Meme https://www.news18.com/news/buzz/thieves-using-jcb-to-scoop-out-atm-machine-has-reminded-netizens-of-the-viral-meme-2347025.html Banks deny compensation when hackers steal customers' money https://www.cbc.ca/news/business/banks-deny-compensation-online-fraud-security-1.5322982 Cyberhackers targeting banking systems, municipalities for bigger payouts, US Secret Service says https://www.ksat.com/news/cyber-hackers-targeting-banking-systems-municipalities-for-bigger-payouts-us-secret-service-says Payment Security Software Market Solid Analyzed Segmentation, Demand, Recent Share Estimation and Growth Prospects by Regions to 2017 – 2025 https://statsflash.com/payment-security-software-market-solid-analyzed-segmentation-demand-recent-share-estimation-and-growth-prospects-by-regions-to-2017-2025/54679/ FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops http://bit.ly/2MEQWPl Browser-based attacks, our customers, and us https://www.zdnet.com/article/browser-based-attacks-our-customers-and-us/#ftag=RSSbaffb68 Magecart group linked to Dridex banking Trojan, Carbanak https://www.zdnet.com/article/magecart-group-linked-to-dridex-banking-trojan-carbanak/#ftag=RSSbaffb68 The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT https://blog.malwarebytes.com/threat-analysis/2019/10/the-forgotten-domain-exploring-a-link-between-magecart-group-5-and-the-carbanak-apt/ PSD2 Authentication Deadline Extended: Here's What's Next https://www.bankinfosecurity.com/psd2-authentication-deadline-extended-heres-whats-next-a-13284 FBI Issues Payment Card Skimming Warning https://www.bankinfosecurity.com/fbi-issues-payment-card-skimming-warning-a-13292 Banks must ditch SMS one-time passcodes – and fast https://www.globalbankingandfinance.com/banks-must-ditch-sms-one-time-passcodes-and-fast/ Banks deny compensation when hackers steal customers’ money http://mednewsledger.info/banks-deny-compensation-when-hackers-steal-customers-money-cbc-news/149/ 3.電子支付/電子票證/行動支付/ pay/新聞及資安 為台灣Pay市占喊冤 林國良：交易額增3倍 http://bit.ly/2OZ6joO 微信支付寶雙雙叫停，指紋支付現重大漏洞 https://ek21.com/news/tech/153478/ 京東金融賬戶被盜刷15萬？用戶：支付環節有安全漏洞 https://finance.sina.com.cn/money/bank/bank_hydt/2019-10-25/doc-iicezzrr4888043.shtml 4.虛擬貨幣/區塊鍊相關新聞及資安 專家傳真－台灣發展證券型代幣市場的生態剖析 http://bit.ly/2N8qm1g Maxonrow 揮軍俄羅斯區塊鏈產業圈 擔任KuCoin 見面會重量級開場嘉賓 http://bit.ly/2MyK7jN Blockchain helps enterprises' digital ecosystems in Asia-Pacific https://www.zdnet.com/article/blockchain-helps-enterprises-digital-ecosystems-in-asia-pacific/#ftag=RSSbaffb68 Zcash (ZEC) Warns Users Against a Malicious Copy Of The Native ZecWallet In GitHub https://bitcoinexchangeguide.com/zcash-zec-warns-users-against-a-malicious-copy-of-the-native-zecwallet-in-github/ Malicious Fraudulent Version Of ZecWallet Found By Community https://cryptodaily.co.uk/2019/10/malicious-fraudulent-version-found-community 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 Emsisoft發布美國今年前三季勒索軟體調查結果 https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16308 攻擊手法再翻新！駭客用音訊檔「WAV」散布惡意程式 https://cnews.com.tw/140191018a03/ 黑科技！用「聲音」部署惡意挖礦程式，駭客透過 .WAV 音檔入侵挖門羅幣 XMR https://www.blocktempo.com/hackers-use-malicious-code-in-wav-audio-files-to-mine-cryptocurrencies/ 新型ATM惡意軟體Dtrack http://bit.ly/31w8Ysw 可解鎖上百種Stop勒索軟體變種的金鑰來了 https://www.ithome.com.tw/news/133726 假冒的Tor Browser到暗網偷竊比特幣 https://ithome.com.tw/news/133731 電腦病毒你知多少？不可輕忽的資安議題，你意想不到的病毒演進史 https://www.issdu.com.tw/news_detail.php?id=95&type=security 微軟聯合PC業者防止韌體惡意程式 https://www.ithome.com.tw/news/133745 美國發現最新惡意軟體 系中共黑客所爲 https://www.bldaily.com/us-news/p-435242.html 即使漏洞修補了兩年, WannaCry 仍是 使用EternalBlue 漏洞攻擊手法中最多的 https://blog.trendmicro.com.tw/?p=62316 Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers https://thehackernews.com/2019/10/phorpiex-botnet-sextortion-emails.html Malicious Tor Browser Fleeces Darknet Users of Bitcoins https://www.bankinfosecurity.com/malicious-tor-browser-fleeces-darknet-users-bitcoins-a-13272 Fake Tor Browser steals Bitcoin from Dark Web users https://www.zdnet.com/article/malicious-tor-browser-steals-bitcoin-from-dark-web-users/#ftag=RSSbaffb68 Fleecing the onion: Darknet shoppers swindled out of bitcoins via trojanized Tor Browser https://www.welivesecurity.com/2019/10/18/fleecing-onion-trojanized-tor-browser/ Sodinokibi Ransomware Gang Appears to Be Making a Killing https://www.bankinfosecurity.com/sodinokibi-ransomware-gang-appears-to-be-making-killing-a-13269 Telangana third most hit by Dtrack spying malware http://www.newindianexpress.com/states/telangana/2019/oct/21/telangana-third-most-hit-by-dtrack-spying-malware-2050610.html This Malware is Hiding C&C Server IPs in the Blockchain https://www.cbronline.com/news/redaman-blockchain Top Malware em Setembro de 2019 https://www.techenet.com/2019/10/check-point-top-malware-mais-procurados-em-setembro/ 2019 Healthcare Threat Report: Protecting Patients, Providers and Payers https://www.proofpoint.com/sites/default/files/gtd-pfpt-us-tr-2019-healthcare-threat-report.pdf New Crypto-Jacking Malware ‘Graboid' Infects Thousands of Computers to Mine Monero (XMR) https://bitcoinexchangeguide.com/new-crypto-jacking-malware-graboid-infects-thousands-of-computers-to-mine-monero-xmr/ TA505 debuts Get2 downloader and SDBbot RAT in new phishing campaigns https://www.scmagazine.com/home/security-news/phishing/ta505-debuts-get2-downloader-and-sdbbot-rat-in-new-phishing-campaigns/ Malware That Forces ATMs To Give All Their Money Is Gaining Popularity, Here's How It Works https://www.indiatimes.com/technology/news/malware-that-forces-atms-to-give-all-their-money-is-gaining-popularity-here-s-how-it-works-377975.html Malware jackpot serang jaringan mesin ATM di seluruh dunia https://beritagar.id/artikel/berita/malware-jackpot-serang-jaringan-mesin-atm-di-seluruh-dunia Researchers find stealthy MSSQL server backdoor developed by Chinese cyberspies https://www.zdnet.com/article/researchers-find-stealthy-mssql-server-backdoor-developed-by-chinese-cyberspies/ Winnti Group’s skip‑2.0: A Microsoft SQL Server backdoor https://www.welivesecurity.com/2019/10/21/winnti-group-skip2-0-microsoft-sql-server-backdoor/ Phishing alert: This fake email about a bank payment delivers trojan malware https://www.zdnet.com/article/phishing-alert-this-fake-email-about-a-bank-payment-delivers-trojan-malware/ New Variant of Remcos RAT Observed In the Wild https://www.fortinet.com/blog/threat-research/new-variant-of-remcos-rat-observed-in-the-wild.html New Variant of Gustuff Android Banking Trojan Emerges https://www.securityweek.com/new-variant-gustuff-android-banking-trojan-emerges Gustuff return, new features for victims https://blog.talosintelligence.com/2019/10/gustuffv2.html Ransomware: The nightmare before Cyber Monday https://www.zdnet.com/article/ransomware-the-nightmare-before-cyber-monday/#ftag=RSSbaffb68 Major German manufacturer still down a week after getting hit by ransomware https://www.zdnet.com/article/major-german-manufacturer-still-down-a-week-after-getting-hit-by-ransomware/#ftag=RSSbaffb68 ATTK of the Pwns: Trend Micro's antivirus tools 'will run malware – if its filename is cmd.exe' https://www.theregister.co.uk/2019/10/21/flaw_trend_micro/ Discord Turned Into an Info-Stealing Backdoor by New Malware https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/ Report: Billtrust Recovering From Ransomware Attack https://www.bankinfosecurity.com/report-billtrust-recovering-from-ransomware-attack-a-13289 Swedish police cleared to deploy spyware against crime suspects https://www.zdnet.com/article/swedish-police-cleared-to-deploy-spyware-against-crime-suspects/#ftag=RSSbaffb68 ACSC warns of Windows malware Emotet spreading in Australia https://www.itwire.com/security/acsc-warns-of-windows-malware-emotet-spreading-in-australia.html Chubb finds ‘alarming’ rise in ransomware attacks https://www.canadianunderwriter.ca/insurance/chubb-finds-alarming-rise-in-ransomware-attacks-1004169886/ Μια σύντομη ματιά στο Citadel Banking Trojan https://www.secnews.gr/201778/mia-syntomi-matia-sto-citadel-banking-trojan/ Telangana third most hit by Dtrack spying malware http://www.newindianexpress.com/states/telangana/2019/oct/21/telangana-third-most-hit-by-dtrack-spying-malware-2050610.html UPDATED GUSTUFF ANDROID TROJAN CHANGES TACTICS https://duo.com/decipher/updated-gustuff-android-trojan-changes-tactics This easy-to-use information-stealing trojan malware is quickly gaining popularity among cyber criminals https://www.zdnet.com/article/this-easy-to-use-information-stealing-trojan-malware-is-quickly-gaining-popularity-among-cyber-criminals/ Unpacking Malware Series - Maze Ransomware https://poxyran.github.io/poxyblog/hide/pages/22-10-2019-unpacking-malware-series-maze-ransomware.html B.行動安全 / iPhone / Android /穿戴裝置 /App 蘋果針對 Safari 安全瀏覽功能發表聲明 https://www.twcert.org.tw/tw/cp-104-3011-6428e-1.html 加州男子控告 AT&T 與駭客合作，透過 SIM 卡調換竊其多個交易所帳戶 5,500 萬資產 https://www.blocktempo.com/att-sued-sim-swap-loss-1-8-million/ 中國製UC瀏覽器再傳含有中間人攻擊風險 https://ithome.com.tw/news/133712 「抖音」疑配合中國審查　美國會議員要求國安調查 https://tw.news.appledaily.com/international/realtime/20191025/1653840/ 美國抖音下載破1億1000萬　「淪中國情報平台」參議員要求嚴審！ https://www.ettoday.net/news/20191025/1564920.htm 梅賽德斯·賓士APP在美爆安全漏洞 可看其他車主信息 https://news.sina.com.tw/article/20191021/33029440.html 香港工程師致力挖掘各App隱藏功能　吸引臉書、IG高管爭相追蹤 https://www.ettoday.net/news/20191023/1563397.htm 數位版毛語錄？「學習強國」App，暴露中共嚴重的亡國感 https://opinion.udn.com/opinion/story/120611/4121556 臉書又全球大當機 貼文消失、使用異常 http://bit.ly/2BFZRLB 棄守第二大手機市場？傳因「臉部辨識」技術未許可 Google Pixel 4將不在印度販售 https://news.sina.com.tw/article/20191018/32995848.html Pixel 4 臉部解鎖存重大漏洞：閉著眼也能解鎖 https://www.techbang.com/posts/73599-pixel-4-face-unlock-has-a-major-vulnerability-close-your-eyes-to-unlock-it 三星 Galaxy S10 指紋辨識出包，貼上保護膜任何指紋都能解鎖 https://technews.tw/2019/10/18/samsung-galaxy-s10-under-screen-fingerprint-recognition-bug/ 三星旗艦機S10出包 指紋辨識被輕易解鎖...官方認了 http://bit.ly/2pBMzN5 三星S10指紋辨識破功 任何人都能解 https://www.chinatimes.com/realtimenews/20191018002483-260412?chdtv 指紋辨識出包！三星下周更新軟體 要用戶先移除保護貼 https://udn.com/news/story/6811/4114209?from=udn-ch1_breaknews-1-cate5-news 三星指紋辨識現漏洞 台廠供應鏈受牽連 http://bit.ly/2N2eiyB Galaxy S10 出現指紋辨識異常 三星：將盡速發布修補軟體 https://fnc.ebc.net.tw/FncNews/else/103179 三星Galaxy S10指紋辨識爆漏洞 多家銀行暫停指紋登入功能 https://newtalk.tw/news/view/2019-10-23/315627 三星承認指紋漏洞，支付寶微信等關閉S10等機型指紋支付 https://kknews.cc/tech/e6z8m8r.html 三星手機指紋重大漏洞遭多國停用 安全事故頻出釋放危險信號 https://kknews.cc/digital/gpzp2q8.html S10、Note 10都傳出超聲波指紋辨識有漏洞 全球多家銀行都暫停支援指紋登入 http://bit.ly/2PfEOaG 修復指紋辨識漏洞！三星急釋出Galaxy S10軟體更新 http://bit.ly/32K4MXv Samsung to patch S10 fingerprint sensor bug next week https://www.zdnet.com/article/samsung-to-patch-s10-fingerprint-sensor-bug-next-week/#ftag=RSSbaffb68 Google Play上的假美肌應用程式「Yellow Camera」,會攔截簡訊驗證碼,觸發 WAP 代扣繳費功能 https://blog.trendmicro.com.tw/?p=62312 三星Galaxy S10國行版推送更新：修復指紋漏洞 http://www.sohu.com/a/349341594_114760 惡意美顏相機App，偷讀簡訊認證碼讓你賠大錢 https://www.techbang.com/posts/73698-malicious-beauty-camera-app-sneaking-through-the-newsletter-authentication-code-lets-you-lose-money FTC出手禁售3款跟蹤程式 https://www.ithome.com.tw/news/133770 FTC Brings First Case Against Developers of “Stalking” Apps https://www.ftc.gov/news-events/press-releases/2019/10/ftc-brings-first-case-against-developers-stalking-apps Chrome for Android Enables Site Isolation Security Feature for All Sites with Login https://thehackernews.com/2019/10/chrome-site-isolation-android.html Huge rise in rogue banking apps driving fraud attacks https://www.computerweekly.com/news/252472525/Huge-rise-in-rogue-banking-apps-driving-fraud-attacks Fake mobile app fraud tripled in first half of 2019, finds RSA Security https://www.techcentral.ie/fake-mobile-app-fraud-tripled-in-first-half-of-2019-finds-rsa-security/ Chrome for Android Enables Site Isolation Security Feature for All Sites with Login https://thehackernews.com/2019/10/chrome-site-isolation-android.html Fake Photo Beautification Apps on Google Play can Read SMS Verification Code to Trigger Wireless Application Protocol (WAP)/Carrier Billing http://bit.ly/2JfCpJ9 Google to roll out update 'in the coming' months to fix Pixel 4 Face Unlock bypass https://www.zdnet.com/article/google-to-roll-out-update-in-the-coming-months-to-fix-pixel-4-face-unlock-bypass/#ftag=RSSbaffb68 42 Adware Apps with 8 Million Downloads Traced Back to Vietnamese Student https://thehackernews.com/2019/10/42-adware-apps-with-8-million-downloads.html Vietnamese student behind Android adware strain that infected millions https://www.zdnet.com/article/vietnamese-student-behind-android-adware-strain-that-infected-millions/#ftag=RSSbaffb68 Mobile Anti Malware Market Share, Application Scope, Growth Rate, Top Players, Production, Sales and Next 5 Years Forecast Analysis http://bit.ly/31Ln0GI Mobile under attack with malicious intent https://www.itweb.co.za/content/WnpNgq2AdBnMVrGd C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件 中華資安國際提出「常見 5 種資安漏洞」，守護企業須建立「紅藍紫隊」思維 https://www.inside.com.tw/feature/atd-2019/17875-2019ATD03-CHTsecurity Facebook 員工需透過香港駭客了解公司內部計劃 https://unwire.pro/2019/10/21/facebook-employees-turn-to-hong-kong-hacker-for-info/news/ 林宗男、吳瑞北、李忠憲、孫宏民、范俊逸／建設智慧國家 有賴資安磐石 https://talk.ltn.com.tw/article/paper/1326235 DEVCORE 紅隊的進化，與下一步 https://devco.re/blog/2019/10/24/evolution-of-DEVCORE-red-team-and-the-next/ AWS數據中心裝蜜罐 每分鐘被攻擊13次印證高風險 http://bit.ly/33UTlfQ 侵犯隱私? 台大醫院爆監控電腦 https://m.ltn.com.tw/news/life/paper/1327147 他不認為自己是駭客 自稱「密碼恐怖份子」 http://bit.ly/3615q54 駭客鎖定聯合國人道援助組織 誘騙員工洩露個資 https://www.cna.com.tw/news/aopl/201910250107.aspx 鎖定UN人道援助員工攻擊 資安業者揭大規模駭客活動 http://bit.ly/2JlY9mz 有關惡意 IP 對企業 Office 365 帳號進行暴力破解攻擊 https://www.tc.edu.tw/news/show/id/143817 日本星巴克會員網站遭駭 信用卡儲值服務暫時喊停 https://fnc.ebc.net.tw/FncNews/else/103918 My Starbucks不正ログイン防止のため、パスワードを変更してください https://www.starbucks.co.jp/notice/20203207.php 淘寶台灣捲土重來立委控英商掩護中資新漏洞 http://www.epochtimes.com/gb/19/10/24/n11608964.htm 中國製監控系統遍布　被禁設備移除難度高　 https://tw.news.appledaily.com/international/realtime/20191020/1651382/ 更換華監控系統有難度 美政府部門仍使用被禁設備 https://hk.news.appledaily.com/international/realtime/article/20191020/60173943 路透：部分美企對華為5G技術感興趣 正進行初期討論 https://fnc.ebc.net.tw/FncNews/headline/103280 遠端操控軟體TeamViewer遭爆駭客入侵 結果事實讓人傻眼了 http://bit.ly/2W35T1Z 6個月嬰兒都不放過！全球最大宗兒童色情暗網遭破獲 用「比特幣」付費下載25萬支性虐影片 http://bit.ly/2W674hm 暗網與比特幣　助業者設全球最大兒童色情網 https://news.tvbs.com.tw/world/1219582 四方支付團伙落網：利用電商平台漏洞轉移非法資金 https://news.sina.com.tw/article/20191024/33063888.html 中譯語通集數據 成中共網控打手 http://bit.ly/2W8Me0V 澳前情報官被控犯保密法 妻被疑為中共間諜 http://www.epochtimes.com/b5/19/10/24/n11608504.htm 美官員：中共加強網攻美通信技術供應鏈 http://www.epochtimes.com/b5/19/10/20/n11601178.htm 美國人的錢如何通過華爾街流向中共 https://www.ntdtv.com/b5/2019/10/23/a102691983.html 德國政府掛保證：Firefox是最安全的瀏覽器 https://ithome.com.tw/news/133716 「香港解密」曝示威者個資台人也入列 台灣基進籲政府反制 http://bit.ly/2W7hT2u 利用中文來監控的駭客團伙Rocke改變犯罪策略 https://read01.com/5neoxBB.html 中共政治局委員、中宣部部長黃坤明在烏鎮互聯網大會上批「網絡霸凌」言論 遭網民潮水般抨擊 http://www.epochtimes.com/b5/19/10/21/n11602804.htm 中共升級網攻手段 攻破蘋果手機 監控海外僑民 https://www.ntdtv.com/b5/2019/10/22/a102691472.html 中國國家級駭客再升級 專攻少數族群及其海外親友手機 https://www.rti.org.tw/news/view/id/2038908 中國駭客攻擊發生劇變 外媒：針對少數民族、僑民 https://news.ltn.com.tw/news/world/breakingnews/2954868 紐時：中國國家主席習近平重組解放軍 中國駭客監控蔓延全球 http://bit.ly/2qFzTFG 2019年中國網絡安全行業市場現狀及發展前景分析三因素共振驅動市場規模將超900億 http://finance.eastmoney.com/a/201910241270819442.html 支付寶36萬招找茬程序員“年薪”無上限 http://finance.eastmoney.com/a/201910241270807142.html Google地圖疑鑽法律漏洞　南韓4成軍事設施曝光 https://hk.on.cc/hk/bkn/cnt/aeanews/20191021/bkn-20191021200046743-1021_00912_001.html Fb封鎖俄羅斯、伊朗4用戶網路　疑企圖干擾美總統大選 https://www.chinatimes.com/realtimenews/20191022004345-260408?chdtv 駭客入侵Avast以危害CCleaner，捷克情報機構指中國駭客最為可疑 https://www.ithome.com.tw/news/133747 敘利亞政府監控人民網路 駭客攔截警告網友 http://bit.ly/2Nl6HLZ 美國聯邦調查局FBI警告中小企業與政府組織要小心線上盜錄 https://www.ithome.com.tw/news/133805 美軍採購中國製無人機 國防部澄清：只供練靶用 https://hk.news.appledaily.com/international/realtime/article/20191025/60192426 英美安全報告：俄政府駭客利用伊朗駭客網絡駭攻20國 https://www.soundofhope.org/b5/2019/10/22/n3276558.html 俄駭客控制伊朗網路設備1年半 冒名攻擊逾20國 http://bit.ly/32DagDn 資用伊朗駭客團隊犯案 俄國黑吃黑 https://udn.com/news/story/6809/4117441 俄羅斯駭客駭進伊朗駭客的攻擊架構與工具，借刀殺人 https://www.ithome.com.tw/news/133744 俄駭客冒名伊朗網攻 20國受害 https://www.ydn.com.tw/News/357392 俄國駭客入侵伊朗網路設備 冒名攻擊其他國家1年半 https://news.pchome.com.tw/science/cnews/20191022/index-57173805502394227005.html Russian APT Turla targets 35 countries on the back of Iranian infrastructure https://www.zdnet.com/article/russian-apt-turla-targets-35-countries-on-the-back-of-iranian-infrastructure/#ftag=RSSbaffb68 Cybercrime Tool Prices Continue to Rise on Darknet Sites https://www.bankinfosecurity.asia/cybercrime-tool-prices-continue-to-rise-on-darknet-sites-a-13265 A Look at the Pricing of Cybercrime Goods, Services https://www.flashpoint-intel.com/blog/a-look-at-the-pricing-of-cybercrime-goods-services/ Russia-Linked Cyber Espionage Group APT29 Remains Active https://www.bankinfosecurity.com/russia-linked-cyber-espionage-group-apt29-remains-active-a-13270 Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested https://thehackernews.com/2019/10/dark-web-child-abuse.html US stopped using floppy disks to manage nuclear weapons arsenal https://www.zdnet.com/article/us-stopped-using-floppy-disks-to-manage-nuclear-weapons-arsenal/#ftag=RSSbaffb68 Multifactor authentication issue hitting North American Azure, Office 365 users https://www.zdnet.com/article/multifactor-authentication-issue-hitting-north-american-azure-office-365-users/#ftag=RSSbaffb68 Avast target of cyber-security attack, company and Czech counterintelligence say https://news.yahoo.com/avast-target-cyber-security-attack-141226927.html Avast says hackers breached internal network through compromised VPN profile https://www.zdnet.com/article/avast-says-hackers-breached-internal-network-through-compromised-vpn-profile/#ftag=RSSbaffb68 Avast fights off cyber-espionage attempt, Abiss https://blog.avast.com/ccleaner-fights-off-cyberespionage-attempt-abiss Avast: Stolen VPN Credentials Led to CCleaner Attack Redux https://www.bankinfosecurity.com/avast-stolen-vpn-credentials-led-to-ccleaner-attack-redux-a-13283 Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested https://thehackernews.com/2019/10/dark-web-child-abuse.html NordVPN、TorGuard與VikingVPN三大VPN業者的金鑰外流 https://www.ithome.com.tw/news/133751 NordVPN 承認伺服器有安全漏洞，讓攻擊者得以攔截用戶流量 https://www.techbang.com/posts/73673-nordvpn-server-breach-vpn-traffic-exposed-encryption NordVPN admits to 'isolated' server breach in Finland https://engt.co/32E9INN NordVPN reveals breach at datacenter provider https://www.welivesecurity.com/2019/10/22/nordvpn-breach-datacenter-provider/ Why the NordVPN network is safe after a third-party provider breach https://nordvpn.com/zh-tw/blog/official-response-datacenter-breach/ Bezos DDoS'd: Amazon Web Services' DNS systems knackered by hours-long cyber-attack https://www.theregister.co.uk/2019/10/22/aws_dns_ddos/ CPDoS：一種新的Web緩存污染攻擊 https://www.anquanke.com/post/id/189507 黑客利用緩存中毒攻擊將目標鎖定CDN保護網站 https://www.freebuf.com/news/217870.html New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites https://thehackernews.com/2019/10/cdn-cache-poisoning-dos-attack.html CPDoS attack can poison CDNs to deliver error pages instead of legitimate sites https://www.zdnet.com/article/cpdos-attack-can-poison-cdns-to-deliver-error-pages-instead-of-legitimate-sites/#ftag=RSSbaffb68 FBI: Russian Hacker Indicted In Pittsburgh Wanted For Allegedly Running Worldwide Conspiracy https://pittsburgh.cbslocal.com/2019/10/24/fbi-russian-hacker-indicted-in-pittsburgh-wanted-for-allegedly-running-worldwide-conspiracy/ Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack https://cpdos.org/paper/Your_Cache_Has_Fallen__Cache_Poisoned_Denial_of_Service_Attack__Preprint_.pdf Transparent Tribe – APT Targeting India https://labs.k7computing.com/?p=17380 Brazilian government seeks data governance head https://www.zdnet.com/article/brazilian-government-seeks-data-governance-head/#ftag=RSSbaffb68 Czech authorities dismantle alleged Russian cyber-espionage network https://www.zdnet.com/article/czech-authorities-dismantle-alleged-russian-cyber-espionage-network/#ftag=RSSbaffb68 Chinese national sentenced for trying to smuggle military tech from US to China https://www.zdnet.com/article/chinese-national-sentenced-for-trying-to-smuggle-military-tech-from-us-to-china/#ftag=RSSbaffb68 NCSC Investigated 658 Serious Cybersecurity Incidents https://www.bankinfosecurity.com/ncsc-investigated-658-serious-cybersecurity-incidents-a-13286 A DDoS gang is extorting businesses posing as Russian government hackers https://www.zdnet.com/article/a-ddos-gang-is-extorting-businesses-posing-as-russian-government-hackers/#ftag=RSSbaffb68 滲透測試工程師 https://m.104.com.tw/job/3f823?jobsource=m104 資安滲透測試專家(Q13) https://m.104.com.tw/job/4chjb?jobsource=m104 資訊安全工程師(滲透測試)_T2 https://m.104.com.tw/job/51ik0?jobsource=m104 高級安全工程師--滲透測試 https://m.104.com.tw/job/6a198?jobsource=m104 【資安所】網駭科技研析中心-資安滲透檢測工程師 https://m.104.com.tw/job/6k11l?jobsource=m104 資安檢測工程師 https://m.104.com.tw/job/64myq?jobsource=m104 系統資安工程師 https://m.104.com.tw/job/6hr7s?jobsource=m104 網路資安工程師 https://m.104.com.tw/job/59nw1?jobsource=m104 資安服務工程師 https://m.104.com.tw/job/3biy7?jobsource=m104 資安事件調查員 https://m.104.com.tw/job/6j3cl?jobsource=m104 數位鑑識工程師 _T2 https://m.104.com.tw/job/6ptmc?jobsource=m104 數位鑑識與舞弊偵防顧問 https://m.104.com.tw/job/2wf7t?jobsource=m104 Incident Response Engineer https://m.104.com.tw/job/6q9n9?jobsource=m104 【IT】資安系統工程師 - 1900454 https://m.104.com.tw/job/6qs9w?jobsource=m104 資安技術人員 https://m.104.com.tw/job/63m1f?jobsource=m104 [軟體系統]高級資安系統應用工程師(台南) https://www.104.com.tw/job/6rpmd D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 錢櫃個資外洩？詐騙集團竟知身分證、消費日 http://bit.ly/32wsyGl 錢櫃回應了！客人「個資外洩」狂接詐騙電話　身分證、消費日全曝光 https://www.ettoday.net/news/20191020/1560888.htm 知名訂房網疑資料外洩 會員慘遭詐 https://penghudaily.blogspot.com/2019/10/blog-post_153.html 電信中盤商騙移工個資 辦人頭門號供詐騙集團 http://bit.ly/2BuDKYi Mercedes-Benz App 出現問題令車主資料外洩 https://unwire.hk/2019/10/20/mercedes-benz-app-glitch/fun-tech/ 西青警方連續破獲24起新型電信網絡詐騙案 http://life.eastmoney.com/a/201910181264643554.html 駭客入侵！大咖女星裸照慘遭外流　粉心疼籲「拒點拒分享」 https://www.setn.com/News.aspx?NewsID=620965 Alexa與Google Home第三方應用程式可用語音釣魚竊取用戶密碼 https://ithome.com.tw/news/133727 蔡依林門票傳黃牛詐財 女粉匯1萬2買特區一場空 https://udn.com/news/story/7320/4102849?from=udn-ch1_breaknews-1-0-news 男子用美團代購機票被騙3460元 南航否認系統漏洞 https://news.sina.com.tw/article/20191021/33017716.html 用LINE的QR Code詐騙？別點不明連結！學著保護帳號 https://www.mygopen.com/2019/10/line-qr-code.html 超危險詐騙！點個連結別人就可以登入你的 LINE 帳號 https://applealmond.com/posts/60838 前1天簽約！Beauty88遭控惡倒　欠3百人6千萬 https://news.tvbs.com.tw/life/1220906 捷運置物櫃變"藏金閣" 詐19人得手1500萬 https://www.ttv.com.tw/news/view/10810210032200N/579 香港銀保監會通報騙保案件 各保險公司啟動全面自查整改 https://news.sina.com.tw/article/20191023/33047482.html 護兒少個資隱私 小心數位足跡被蒐 https://udn.com/news/story/7314/4120957 聲援反送中卻遭香港網站鎖定！台灣人個資全都曝 http://bit.ly/32JpnLP 【2019/10/24 1:00】PayPalを騙る詐欺メールに関する注意喚起 https://www.cc.uec.ac.jp/blogs/news/2019/10/20191024paypalphishing.html Fraud attacks see huge rise in 2019 https://www.itproportal.com/news/fraud-attacks-see-huge-rise-in-2019/ Banking scams becoming more sophisticated https://www.iol.co.za/personal-finance/my-money/banking/banking-scams-becoming-more-sophisticated-35279484 Stripe Users Targeted in Phishing Attack That Steals Banking Info https://www.bleepingcomputer.com/news/security/stripe-users-targeted-in-phishing-attack-that-steals-banking-info/ Delhi: Ex-head constable held for ATM card fraud http://timesofindia.indiatimes.com/articleshow/71639868.cms Open database leaked 179GB in customer, US government, and military records https://www.zdnet.com/article/autoclerk-database-leaked-customer-government-and-military-personal-records/#ftag=RSSbaffb68 Report: Travel Reservations Platform Leaks US Government Personnel Data https://www.vpnmentor.com/blog/us-travel-military-leak/ Veterans' Data at Risk on Shared Network Storage Devices https://www.bankinfosecurity.com/veterans-data-at-risk-on-shared-network-storage-devices-a-13281 Unsecure Database Exposed US Military Personnel Data: Report https://www.bankinfosecurity.com/unsecure-database-exposed-us-military-personnel-data-report-a-13280 How to Avoid the Top Three Causes of Data Breaches in 2019 https://thehackernews.com/2019/10/data-breach-protection.html Europe Data Exfiltration Market Industry Analysis and Market Forecast (2017-2024) https://statsflash.com/europe-data-exfiltration-market-industry-analysis-and-market-forecast-2017-2024/183239/ New report offers insights into phishing scammers' go-to tricks https://www.healthcareitnews.com/news/new-report-offers-insights-phishing-scammers-go-tricks Three Charged in $11 Million BEC Scam https://www.bankinfosecurity.com/three-charged-in-11-million-bec-scam-a-13290 Tres detenidos por estafar más de diez millones de euros a empresas extranjeras http://www.guardiacivil.es/es/prensa/noticias/7146.html E.研究報告 Sim卡及移動端核彈漏洞密集爆發：近期網絡戰頂級數字武器解析 http://www.sohu.com/a/348031102_354899 存在多年的Linux 漏洞被發現：可通過WiFi 攻擊目標計算機 https://linux.cn/article-11479-1.html?utm_source=rss&utm_medium=rss 境外APT組織“響尾蛇”再次對我國發起攻擊事件報告 http://it.rising.com.cn/dongtai/19655.html Who is the superuser? CVE-2019-14287 sudo漏洞分析 https://zhuanlan.zhihu.com/p/87345893 X-Forwarded-For注入漏洞過程記錄 https://www.cnblogs.com/soldierback/p/11707035.html Microsoft office 公式編輯器 Matrix record 棧溢出漏洞分析 https://www.chainnews.com/zh-hant/articles/473375998581.htm Asruex 後門變種通過 Office 和 Adobe 漏洞感染 word 和 PDF 文檔 https://www.chainnews.com/zh-hant/articles/611710583547.htm Libra的Move IR編譯器漏洞詳解 https://www.coingogo.com/news/37737 使用Ghidra 分析phpStudy 後門 https://paper.seebug.org/ Web安全Day9 - 文件下載漏洞實戰攻防 https://xz.aliyun.com/t/6590 Windows下防禦利用——SEH深入分析 https://www.anquanke.com/post/id/189093 CVE-2019-11043 / PHP-FPM在Nginx特定配置下遠程代碼執行 https://qiita.com/shimizukawasaki/items/aaac680c921a9cf1b156 在CTF比賽中發現的PHP遠程代碼執行0day漏洞 https://nosec.org/home/detail/3083.html 《XSS攻擊-XSS漏洞原理》課程文檔講解 https://zhuanlan.zhihu.com/p/87733231 對金融網站漏洞檢測的過程分享 https://www.admin5.com/article/20191024/930296.shtml 滲透測試對Java架構網站漏洞檢測方法 https://www.admin5.com/article/20191024/930295.shtml WhatsApp UAF 漏洞分析（CVE-2019-11932） https://paper.seebug.org/1061/ Fragscapy：通過協議Fuzz的方法探測IDS/防火牆檢測規則的漏洞 https://www.4hou.com/tools/20657.html Tiny PE Creating the smallest possible PE executable https://webserver2.tecgraf.puc-rio.br/~ismael/Cursos/YC++/apostilas/win32_xcoff_pe/tyne-example/Tiny%20PE.htm Spring Security OAuth 2.3 Open Redirection（CVE-2019–3778 ）分析復現篇 https://www.freebuf.com/vuls/216582.html TWCERT/CC-2019年10月份資安情資電子報 https://www.twcert.org.tw/tw/cp-106-3023-5e111-1.html 順著鍵鼠找到你？黑客利用羅技漏洞趁虛而入 https://zhuanlan.kanxue.com/article-9636.htm Operation Ghost: The Dukes aren’t back – they never left https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/ Shikata Ga Nai Encoder Still Going Strong https://www.fireeye.com/blog/threat-research/2019/10/shikata-ga-nai-encoder-still-going-strong.html SkiPfisH Web security scanner https://artofexploit.com/2019/10/12/skipfish-web-security-scanner/ FOCA - Tool To Find Metadata And Hidden Information In The Documents https://www.nahidhasantechnology.com/2019/10/foca-tool-to-find-metadata-and-hidden.html brutemap-dev/brutemap https://github.com/brutemap-dev/brutemap cisco/mercury https://github.com/cisco/mercury leebaird/discover https://github.com/leebaird/discover vstinner/python-security https://github.com/vstinner/python-security Prepare for a New Cyber Cold War in 2020, Warns Check Point https://www.globenewswire.com/news-release/2019/10/24/1935000/0/en/Prepare-for-a-New-Cyber-Cold-War-in-2020-Warns-Check-Point.html PowerShellRunBox: Analysing PowerShell threats using PowerShell debugging https://blog.apnic.net/2019/10/23/powershellrunbox-analyzing-powershell-threats-using-powershell-debugging/ A Deep-Dive Analysis of the NukeSped RATs https://feedproxy.google.com/~r/fortinet/blog/threat-research/~3/QqmLFUy4jXo/deep-analysis-nukesped-rat.html A Deep-Dive Analysis of the NukeSped RATs https://www.fortinet.com/blog/threat-research/deep-analysis-nukesped-rat.html Finding Vulnerabilities in Closed Source Windows Software by Applying Fuzzing https://www.apriorit.com/dev-blog/640-qa-fuzzing-for-closed-source-windows-software HITCON CTF Quals 2019 - Path of Exploitation https://david942j.blogspot.com/2019/10/official-write-up-hitcon-ctf-quals-2019.html benoitsevens/applying-ttd-to-malware-analysis https://github.com/benoitsevens/applying-ttd-to-malware-analysis ByePg: Defeating Patchguard Using Exception-Hooking https://blog.can.ac/2019/10/19/byepg-defeating-patchguard-using-exception-hooking/ The SWAX Benchmark: Attacking Biometric Systems with Wax Figures https://arxiv.org/abs/1910.09642 Possible New BadPatch Campaign Uses Multi-Component Python Compiled Malware https://www.fortinet.com/blog/threat-research/badpatch-campaign-uses-python-malware.html Red Team Tactics: Active Directory Recon using ADSI and Reflective DLLs https://outflank.nl/blog/2019/10/20/red-team-tactics-active-directory-recon-using-adsi-and-reflective-dlls/ Obfuscating Java bytecode with LLVM and Epona https://blog.quarkslab.com/obfuscating-java-bytecode-with-llvm-and-epona.html F.商業 Windows 7 終止支援倒數 88 天　微軟推出電腦分析服務、協助有效部署 Windows 10 版本更新 https://gnn.gamer.com.tw/detail.php?sn=187315 Google改善Chrome 77的網站隔離機制，首度進駐Android版 https://ithome.com.tw/news/133710 免疫幽靈入侵 - Google Chrome 加入網站分離功能加強保安防禦 https://hk.xfastest.com/37296/google-chrome-safety-update/ 資安漏洞恐釀每年百億損失！中華資安國際：數位轉型須具備資安管理意識 https://www.thenewslens.com/feature/atd-2019/126292 互聯安睿：擁有iPAS 非名校出身也能是資安紅人 https://www.cheers.com.tw/article/article.action?id=5095469&eturec=1 叡揚資通安全稽核系統協助機關建立資安病歷 http://n.yam.com/Article/20191021823606 趨勢科技併購Cloud Conformity　強化雲端資安領先地位 https://tw.appledaily.com/new/realtime/20191022/1652343/ 微軟有新方式來防止駭客從韌體入侵 https://chinese.engadget.com/2019/10/22/microsoft-secured-core-pc/ 東捷資訊服務強化智能、平台及IoT服務 深耕六大商機 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&id=571062 A Comprehensive Guide On How to Protect Your Websites From Hackers https://thehackernews.com/2019/10/website-security-guide.html Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software https://thehackernews.com/2019/10/election-software-hacking.html Cynet's Vulnerability Assessment Enables Organizations to Dramatically Reduce their Risk Exposure https://thehackernews.com/2019/10/cynet-vulnerability-assessment.html G.政府 新北警成立全國首支科偵小隊 科技建警偵防並重 https://udn.com/news/story/7320/4111697 資通黑名單不公布？蘇貞昌：做通體檢視 非針對中國產品 http://www.epochtimes.com/b5/19/10/18/n11597062.htm 資通黑名單 蘇揆盼做通體檢視 http://bit.ly/2J7vUbg 資訊戰開打 藍委提「美台資安聯防」蘇揆：全力支持 http://www.epochtimes.com/b5/19/10/18/n11596307.htm 調查局抓到了！2大陸假訊息欲影響我國選情 https://udn.com/news/story/7321/4117009 調查局查獲大陸人士散布蔡總統賣台假訊息 https://www.cna.com.tw/news/asoc/201910210172.aspx 造謠英文賣台？調查局查獲中國央廣記者惡意傳遞假消息 https://newtalk.tw/news/view/2019-10-21/314850 造謠蔡英文賣台給日本訊息 竟是中國央廣記者惡意散布 https://news.ltn.com.tw/news/politics/breakingnews/2952901 「蔡英文是中共地下黨員」是假新聞還是「真段子」 http://bit.ly/31AkV0l iPAS人才認證，為iPASS一卡通資安人才做後盾 https://web.cheers.com.tw/issue/2019/emba/article/school4.php 快速偵測網路攻擊 企業資安防衛利器 [成果新知] https://www.moea.gov.tw/MNS/doit/bulletin/Bulletin.aspx?kind=4&html=1&menu_id=13553&bull_id=6332 許毓仁暴怒...問資安拒讓顧立雄答詢　怒嗆蘇貞昌「閉嘴！」 https://www.ettoday.net/news/20191022/1562477.htm 北市府網路連2天當機 王世堅質疑沒有防火牆 https://news.ltn.com.tw/news/Taipei/breakingnews/2953830 首善之都台北市府網路2天內當機2次　資訊局：設備老舊 https://tw.appledaily.com/new/realtime/20191022/1652389/ 駭客又入侵? 北市府各局處網路全癱瘓 各局處公文系統全停擺 資訊局緊急追查 https://www.ttv.com.tw/news/view/10810220012600N/568 網路系統異常 北市府：與駭客攻擊無關 https://www.cna.com.tw/news/aloc/201910220187.aspx 駭客入侵北市府？王世堅酸柯不要被害妄想症 https://www.chinatimes.com/realtimenews/20191022003000-260407?chdtv 智慧城市？北市府網路當機半天　因設備舊 https://news.tvbs.com.tw/politics/1221483 電腦兩天兩次大當機 北市府:非駭客攻擊 https://www.cdns.com.tw/articles/39161 中共統戰變種「準戰爭」立委學者推兩法案聯防 http://bit.ly/2W7ujYs 2018政府機關資安通報現況大公開，6起3級事件最嚴重 https://www.ithome.com.tw/news/133776 手機綁定自然人憑證 申辦政府服務線上搞定 http://bit.ly/2ohuKTs 自然人憑證綁定手機 免插卡就能網路報稅 http://bit.ly/2qFCRdk 工研院：無密碼身分辨識結合終端，為台製造業新商機 https://www.moneydj.com/KMDJ/News/NewsViewer.aspx?a=1e3a8fbc-ea61-4306-aa21-127a0fbcf629 訂定「教育機構資安審議會設置要點」，並自即日生效 https://edu.law.moe.gov.tw/NewsContent.aspx?id=95839 空軍前參謀長遭吸收發展共諜組織 輕判6個月 https://news.ltn.com.tw/news/society/breakingnews/2956660 行政院技術服務中心108年第3季資通安全技術報告 https://download.nccst.nat.gov.tw/attachfilenew/108_Q3_Cyber%20Security%20Technology%20Report.pdf H.ICS/SCADA 工控系統 工廠已成駭客最愛目標，建立完整資安組織與 SOP 是台廠當務之急 https://buzzorange.com/techorange/2019/10/23/2019-aiot-techorange/ Outdated OSs Still Present in Many Industrial Organizations: Report https://www.securityweek.com/outdated-oss-still-present-many-industrial-organizations-report I.教育訓練 ASP.net mvc面試49題 http://bit.ly/2MBnHy6 slavaim/mac-notes https://github.com/slavaim/mac-notes RootUp/PHDays9 https://github.com/RootUp/PHDays9 LinuxForensic https://github.com/ashemery/LinuxForensics/blob/master/OSDFCon19-Final.pdf J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 日本連鎖酒店HIS Group稱黑客可能通過室內機器人偷窺客人 https://www.cnbeta.com/articles/tech/902535.htm 機器人供客房服務　可能遭駭變偷拍工具 https://news.tvbs.com.tw/world/1220138 IoT 技術中心斥資上億 德國萊因用物聯三箭打造連網用戶安全體驗 https://times.hinet.net/topic/22619421 Singapore expands test site for autonomous vehicles https://www.zdnet.com/article/singapore-expands-test-site-for-autonomous-vehicles/#ftag=RSSbaffb68 6.近期資安活動及研討會 交通大學亥客書院-A015:進階網頁滲透測試 10/26 https://hackercollege.nctu.edu.tw/?p=1090 International Conference on Networks & Communications (NETWORKS) 10/26 ~ 10/27 https://infosec-conferences.com/events-in-2019/networks/ 亞洲‧矽谷學院108年免費認證考試 10/27 https://college.asvda.org.tw/ Nspa實作課程「惡意巨集文件與惡意程式下載器」 10/27 https://www.facebook.com/events/459141201342125/ International Conference on Emerging Security Information, Systems and Technologies (SECURWARE) 10/27 ~ 10/31 https://infosec-conferences.com/events-in-2019/securware/ SANS Amsterdam October 10/28 https://infosec-conferences.com/events-in-2019/sans-amsterdam-october/ 行動應用App基本資安認證制度推廣說明會 10/28 https://www.tca.org.tw/exhibit_info1.php?n=1154 工業自動化資安管理與實務 10/29 ~ 10/30 https://www.ivendor.com.tw/website/featured_detial/91 資安檢核核心技術及進階技術研討會 10月28日至10月30日 http://bit.ly/2TN2UtD Foundations in Digital Forensics with EnCase® (DF120) (原CF1) 10/28 ~ 10/31 https://www.iforensics.com.tw/cgi-bin/registform.cgi?pick=39 International Workshop on Reliability and Security Data Analysis (RSDA) 10/28 ~ 10/31 https://infosec-conferences.com/events-in-2019/rsda/ International Symposium on Software Reliability Engineering (ISSRE) 10/28 ~ 11/1 https://infosec-conferences.com/events-in-2019/issre/ Securing New Ground 10/29 ~ 10/30 https://infosec-conferences.com/events-in-2019/securing-new-ground/ CEBIT Australia 10/29 ~ 10/31 https://infosec-conferences.com/events-in-2019/cebit-australia/ SSCP資訊安全專業人員認證　課程說明會 10/30 https://www.accupass.com/event/1910180803231516519793 Nspa實作課程「加密勒索攻擊」 10/31 https://www.facebook.com/events/391437314853475/ OWASP AppSec Day Melbourne 11/1 https://infosec-conferences.com/events-in-2019/owasp-appsec-day-melbourne/ Hackfest 2019 11/1 ~ 11/3 https://infosec-conferences.com/events-in-2019/hackfest-2019/ 行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30 https://www.accupass.com/event/1810080517061259295030 Elite East Coast CISO Summit 11/3~11/5 https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/ Red Hat Forum Taipei 2019 11/5 https://www.facebook.com/events/1390202967799392/ 資安人才培育成果發表暨就業媒合會 11/5 https://ievents.iii.org.tw/eventS.aspx?t=0&id=733 Cyber Security Summit: Boston 11/6 https://infosec-conferences.com/events-in-2019/cyber-security-summit-boston/ 駭客攻防暨數位鑑識系列一(第1期) 11/7 https://service.tabf.org.tw/Training/CourseDetail.aspx?PID=384540 網路攻擊鏈( Cyber Kill Chain)各階段實作 (6hr) 11/7 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384540 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/8 https://signupcybersec101.ithome.com.tw/ BSides Charleston 11/9 https://infosec-conferences.com/events-in-2019/bsides-charleston/ Kotlin/Everywhere GDG Taoyuan - 運用 Ktor 建置一個以 Kotlin 打造的後端服務 11/9 https://www.meetup.com/GDGTaoyuan/events/264776152/ OpenInfra Day Taiwan 11/12 http://openinfra.digitimes.com.tw/ 108年政府組態基準(GCB)實作研習 11/12 ~ 11/22 https://register.nccst.nat.gov.tw/Active/registerDetail.do?activeId=1285&activeType=course CLEAR Cyber Leaders Conference 11/12 ~ 11/13 https://infosec-conferences.com/events-in-2019/clear-cyber-leaders-conference/ 108年資安法律案例分享說明會 11/13 https://register.nccst.nat.gov.tw/Active/registerDetail.do?activeId=1286&activeType=conf Windows檔案系統及檔案還原 (6hr) 11/14 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384541 Digital Internet Summit 11/14 https://infosec-conferences.com/events-in-2019/digital-internet-summit/ INTERFACE – Nebraska 11/14 https://infosec-conferences.com/events-in-2019/interface-nebraska/ SecureWV – Hack3rCon 11/15 ~ 11/17 https://infosec-conferences.com/events-in-2019/securewv-hack3rcon/ 交通大學亥客書院-P006:高階網頁滲透測試 11/16 https://hackercollege.nctu.edu.tw/?p=1092 FS-ISAC Fall Summit 11/17 ~ 11/20 https://infosec-conferences.com/events-in-2019/fs-isac-fall-summit/ Microsoft IoT in Action 11/20 https://www.iotinactionevents.com/event/taipei LINE將於11月舉辦LINE DEVELOPER DAY 2019 11/20 ~ 11/21 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000570636_HL57CPQM2H1ZHE71YVI2W Infosecurity ISACA North America Expo and Conference 11/20 ~ 11/21 https://infosec-conferences.com/events-in-2019/isaca-north-america-expo-conference/ 檔案特徵值比對與關鍵字搜尋 (2hr) Open Source數位鑑識工具實務操作 (5hr) 11/21 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384542 2019 BSI 國際資安標準管理年會 11/22 https://www.accupass.com/event/1910070533451342891420 Trend Micro CTF 2019 // Raimund Genes Cup FINAL / NOVEMBER 23–24, 2019 https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html 資安檢核核心技術及進階技術研討會11月26日至11月28日 http://bit.ly/2TN2UtD 人資人員必修的職安法規定 11/26 https://www.accupass.com/event/1909121441141977826554 模擬案例鑑識分析實務 (6hr) 11/28 http://www.tabf.org.tw/Training/CourseDetail.aspx?PID=384543 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/29 https://signupcybersec101.ithome.com.tw/ 交通大學亥客書院-B015:惡意程式檢測 11/30 https://hackercollege.nctu.edu.tw/?p=1098 亞洲‧矽谷學院108年免費認證考試 11/30 https://college.asvda.org.tw/ Digital Summit Dallas 12/4 https://infosec-conferences.com/events-in-2019/digital-summit-dallas/ Kansas City Cyber Security Conference 12/5 https://infosec-conferences.com/events-in-2019/kc-cyber-security-conference/ CyberMaryland Conference 12/5 ~ 12/6 https://infosec-conferences.com/events-in-2019/cybermaryland-conference/ FutureCon Nashville Cyber Security Conference 12/11 https://infosec-conferences.com/events-in-2019/futurecon-nashville/ Utility Cyber Security Forum December 12/11 https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/ 交通大學亥客書院-A018:企業網域控管－Active Directory攻擊與防禦 12/14 https://hackercollege.nctu.edu.tw/?p=1094 Japan Security Analyst Conference https://jsac.jpcert.or.jp/