Z
    • Create new note
    • Create a note from template
      • Sharing URL Link copied
      • /edit
      • View mode
        • Edit mode
        • View mode
        • Book mode
        • Slide mode
        Edit mode View mode Book mode Slide mode
      • Customize slides
      • Note Permission
      • Read
        • Only me
        • Signed-in users
        • Everyone
        Only me Signed-in users Everyone
      • Write
        • Only me
        • Signed-in users
        • Everyone
        Only me Signed-in users Everyone
      • Engagement control Commenting, Suggest edit, Emoji Reply
    • Invite by email
      Invitee

      This note has no invitees

    • Publish Note

      Share your work with the world Congratulations! 🎉 Your note is out in the world Publish Note

      Your note will be visible on your profile and discoverable by anyone.
      Your note is now live.
      This note is visible on your profile and discoverable online.
      Everyone on the web can find and read all notes of this public team.
      See published notes
      Unpublish note
      Please check the box to agree to the Community Guidelines.
      View profile
    • Commenting
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
      • Everyone
    • Suggest edit
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
    • Emoji Reply
    • Enable
    • Versions and GitHub Sync
    • Note settings
    • Note Insights
    • Engagement control
    • Transfer ownership
    • Delete this note
    • Save as template
    • Insert from template
    • Import from
      • Dropbox
      • Google Drive
      • Gist
      • Clipboard
    • Export to
      • Dropbox
      • Google Drive
      • Gist
    • Download
      • Markdown
      • HTML
      • Raw HTML
Menu Note settings Versions and GitHub Sync Note Insights Sharing URL Create Help
Create Create new note Create a note from template
Menu
Options
Engagement control Transfer ownership Delete this note
Import from
Dropbox Google Drive Gist Clipboard
Export to
Dropbox Google Drive Gist
Download
Markdown HTML Raw HTML
Back
Sharing URL Link copied
/edit
View mode
  • Edit mode
  • View mode
  • Book mode
  • Slide mode
Edit mode View mode Book mode Slide mode
Customize slides
Note Permission
Read
Only me
  • Only me
  • Signed-in users
  • Everyone
Only me Signed-in users Everyone
Write
Only me
  • Only me
  • Signed-in users
  • Everyone
Only me Signed-in users Everyone
Engagement control Commenting, Suggest edit, Emoji Reply
  • Invite by email
    Invitee

    This note has no invitees

    • Publish Note

    Share your work with the world Congratulations! 🎉 Your note is out in the world Publish Note

    Your note will be visible on your profile and discoverable by anyone.
    Your note is now live.
    This note is visible on your profile and discoverable online.
    Everyone on the web can find and read all notes of this public team.
    See published notes
    Unpublish note
    Please check the box to agree to the Community Guidelines.
    View profile
    Engagement control
    Commenting
    Permission
    Disabled Forbidden Owners Signed-in users Everyone
    Enable
    Permission
    • Forbidden
    • Owners
    • Signed-in users
    • Everyone
    Suggest edit
    Permission
    Disabled Forbidden Owners Signed-in users Everyone
    Enable
    Permission
    • Forbidden
    • Owners
    • Signed-in users
    Emoji Reply
    Enable
    Import from Dropbox Google Drive Gist Clipboard
       owned this note    owned this note      
    Published Linked with GitHub
    Subscribed
    • Any changes
      Be notified of any changes
    • Mention me
      Be notified of mention me
    • Unsubscribe
    Subscribe
    ###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/8/12 ~ 2019/8/16 1.重大弱點漏洞/後門/Exploit/Zero Day Steam驚爆安全漏洞 逾1億玩家恐受影響 https://newtalk.tw/news/view/2019-08-11/284396 托最新藍牙漏洞的“福”,我險些把小電影和賬戶密碼親手給黑客 https://tech.ifeng.com/c/7p8gRStrlcA JVNVU#90240762 Bluetooth BR/EDR での暗号鍵エントロピーのネゴシエーションにおける問題 https://jvn.jp/vu/JVNVU90240762/ 賽門鐵克防毒軟體和Windows SHA-2不相容,微軟暫停更新 https://www.ithome.com.tw/news/132435 Kasper-Spy: Kaspersky Anti-Virus puts users at risk https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html Trend Micro fixes privilege escalation security flaw in Password Manager https://www.zdnet.com/article/trend-micro-fixes-hijack-security-flaw-in-password-manager/#ftag=RSSbaffb68 Trend Micro Password Manager - Privilege Escalation to SYSTEM https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM HTTP/2含有多個服務阻斷漏洞,亞馬遜、臉書、蘋果、微軟全遭殃 https://www.ithome.com.tw/news/132414 8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks https://thehackernews.com/2019/08/http2-dos-vulnerability.html New HTTP/2 Flaws Expose Unpatched Web Servers to DoS Attacks https://www.bleepingcomputer.com/news/security/new-http-2-flaws-expose-unpatched-web-servers-to-dos-attacks/ The cyber risk lurking in your office corner https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/august/the-cyber-risk-lurking-in-your-office-corner/ Adobe security patch update tackles Photoshop, Acrobat, Reader, and more https://www.zdnet.com/article/adobe-security-patch-update-tackles-photoshop-acrobat-reader-and-more/#ftag=RSSbaffb68 Nginx 阻斷服務漏洞 https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html Apache HTTPD 多個漏洞 https://httpd.apache.org/security/vulnerabilities_24.html Apache Tomcat Vulnerabilities Jan-Aug 2018 https://support.symantec.com/us/en/article.SYMSA1463.html SA156: Apache Tomcat Vulnerabilities Apr-Oct 2017 https://support.symantec.com/us/en/article.SYMSA1419.html SA110 : Java Deserialization Vulnerabilities https://support.symantec.com/us/en/article.SYMSA1344.html SA139 : November 2016 NTP Security Vulnerabilities https://support.symantec.com/us/en/article.SYMSA1393.html SA141 : OpenSSL Vulnerabilities 26-Jan-2017 https://support.symantec.com/us/en/article.SYMSA1395.html Google修完漏洞,但網站仍可用檔案系統API偵測出Chrome無痕模式 https://www.ithome.com.tw/news/132385 Spectre變種攻擊再現,SWAPGS漏洞幾乎讓所有Intel主流處理器中標 http://bit.ly/2z98VaB PostgreSQL 安全漏洞 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10209 Fortinet FortiOS 資料洩露漏洞 https://fortiguard.com/psirt/FG-IR-18-173 【漏洞預警】Fortigate SSL VPN任意文件讀取(可直接登錄VPN) https://nosec.org/home/detail/2867.html 逾40款硬體驅動程式漏洞可讓駭客在Windows核心執行惡意程式,Intel、Nvidia及多家臺灣廠商上榜 https://www.ithome.com.tw/news/132355 AMD、Intel、NVIDIA 驅動程式發現嚴重漏洞 數百萬用戶或面臨惡意軟件提權風險 http://bit.ly/2TqGD4B 20家供應商存在40個內核安全漏洞:包括英特爾、英偉達、華為等 https://finance.sina.cn/stock/relnews/us/2019-08-11/detail-ihytcern0128659.d.html?vt=4&pos=102&cid=76524 Researchers find security flaws in 40 kernel drivers from 20 vendors https://www.zdnet.com/article/researchers-find-security-flaws-in-40-kernel-drivers-from-20-vendors/#ftag=RSSbaffb68 英特爾處理器再出現可竊密的旁路攻擊漏洞SWAPGSAttack Windows PC應儘速更新 http://bit.ly/33t4KEc SWIFT Alliance Web Platform 7.1.23 CVE-2018-16386 https://nvd.nist.gov/vuln/detail/CVE-2018-16386 Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/ Apple will now pay hackers up to $1 million for reporting vulnerabilities https://thehackernews.com/2019/08/apple-bug-bounty.html BlueKeep Patching Still Spotty Months After Alerts: Report https://www.bankinfosecurity.com/bluekeep-patching-still-spotty-months-after-alerts-report-a-12899 4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered https://thehackernews.com/2019/08/windows-rdp-wormable-flaws.html UPDATE: ACSC confirms potential exploitation of BlueKeep vulnerability https://www.cyber.gov.au/news/update-acsc-confirms-potential-exploitation-bluekeep-vulnerability 研究人員踢爆:微軟忽視RDP漏洞直至察覺它影響Hyper-V https://www.ithome.com.tw/news/132337 微軟警告有2個類似BlueKeep的RDS重大漏洞 https://www.ithome.com.tw/news/132413 微軟本月修補93個安全漏洞,逾20個屬於重大漏洞 https://www.ithome.com.tw/news/132428 微軟發現遠端桌面服務(RDS)新漏洞影響常用視窗版本 https://www.hkcert.org/my_url/zh/blog/19081501 Microsoft 出手:阻止裝有不兼容殺毒軟件的Win7設備更新 https://news.xfastest.com/microsoft/68230/microsoft-8/ Windows XP就存在的CTF協定權限升級漏洞,可造成電腦被接管,用記事本就能攻擊 https://www.ithome.com.tw/news/132438 Google研究人員公佈20歲的Windows CTF協議0 day漏洞 https://www.4hou.com/info/news/19701.html 微軟每月保安更新 (2019年8月) https://www.hkcert.org/my_url/zh/alert/19081401 Security update deployment: August 13, 2019 https://support.microsoft.com/en-us/help/20190813/security-update-deployment Vulnerability in Microsoft CTF protocol goes back to Windows XP https://www.zdnet.com/article/vulnerability-in-microsoft-ctf-protocol-goes-back-to-windows-xp/#ftag=RSSbaffb68 Microsoft Issues Patches for BlueKeep-Like Vulnerabilities https://www.bankinfosecurity.com/microsoft-issues-patches-for-bluekeep-like-vulnerabilities-a-12915 Critical Windows 10 Warning: Millions Of Users At Risk https://www.forbes.com/sites/daveywinder/2019/08/11/critical-windows-10-warning-confirmed-millions-of-users-are-at-risk/ Microsoft warns of two new 'wormable' flaws in Windows Remote Desktop Services https://www.zdnet.com/article/microsoft-warns-of-two-new-wormable-flaws-in-windows-remote-desktop-services/#ftag=RSSbaffb68 Windows 7 SHA-2 Updates Blocked If Symantec, Norton AVs Installed https://www.bleepingcomputer.com/news/microsoft/windows-7-sha-2-updates-blocked-if-symantec-norton-avs-installed/ Microsoft August 2019 Patch Tuesday fixes 93 security bugs https://www.zdnet.com/article/microsoft-august-2019-patch-tuesday-fixes-93-security-bugs/#ftag=RSSbaffb68 August Patch Tuesday: Update Fixes ‘Wormable’ Flaws in Remote Desktop Services, VBScript Gets Disabled by Default http://bit.ly/2KyoleP Down the Rabbit-Hole https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html Debian Security Advisory DSA-4498-1 python-django -- security update https://www.debian.org/security/2019/dsa-4498 SQLite 四年前漏洞未修正 專家指可藉 iPhone 通訊錄盜取資料 http://bit.ly/2MenDW9 SQLite Vulnerability Permits iOS Hack: Report https://www.bankinfosecurity.com/sqlite-vulnerability-permits-ios-hack-report-a-12911 【威脅通告】TortoiseSVN遠程代碼執行漏洞(CVE-2019-14422) http://blog.nsfocus.net/cve-2019-14422/ 谷歌 Project Zero 90 天截止期限:97.5% 的漏洞在披露前修复 https://www.aqniu.com/industry/53180.html 谷歌披露了影響所有Windows版本的20年未修補漏洞 https://thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections https://thehackernews.com/2019/08/bluetooth-knob-vulnerability.html Over 40 Drivers Could Let Hackers Install Persistent Backdoor On Windows PCs https://amp.thehackernews.com/thn/2019/08/windows-driver-vulnerability.html Firefox fixes “master password” security bypass bug https://nakedsecurity.sophos.com/2019/08/15/firefox-fixes-master-password-security-bypass-bug/ Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/ 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 金融業聘雇科技人才 突破7,600人 https://money.udn.com/money/story/5613/3979758 稱「英國銀行系統出錯」 外送平台遭控欠款 https://news.tvbs.com.tw/life/1181039 中國大陸網貸試點備案落空 多家銀行退出存管業務 https://news.sina.com.tw/article/20190725/32083740.html 為純網銀已燒掉上億!樂天攜手IBM建置系統,展現落地決心 http://bit.ly/2KokuAQ 樂天網銀 2020 年第二季上線,將招募 100 人 https://finance.technews.tw/2019/08/02/lotte-online-banking-online-in-2020-q2/ 14家銀行搶開放銀行頭香 繳費管理開支一鍵完成 https://udn.com/news/story/7239/3982253 Moneybook 起死回生,當台灣「開放銀行」領頭羊 https://technews.tw/2019/08/10/moneybook-open-bank-bellwether/ 金融業金融科技投資 今年總金額將破200億 https://times.hinet.net/news/22502032 邀證券F4協力 打造雲端大數據平台 https://www.chinatimes.com/newspapers/20190812000175-260202?chdtv 被迫付現! 墨西哥民眾抱怨刷卡失敗 https://ec.ltn.com.tw/article/breakingnews/2881040 墨西哥城數據中心故障 匯豐等銀行交易大規模癱瘓 https://www.finet.hk/newscenter/news_content/5d502e3bbde0b3270a21d4a8 墨西哥3家大銀行 處理付款系統出問題 http://www.mingpaocanada.com/Tor/htm/News/20190812/thd_r.htm 黃奇帆:整頓P2P,並不等於拒絕網路貸款 https://news.sina.com.tw/article/20190810/32268404.html 因應數位金融 央行設研究小組 https://udn.com/news/story/7239/3980306?from=udn-ch1_breaknews-1-cate6-news 銀行帳號很難記?銀行推手機號碼轉帳免手續費優惠 https://money.udn.com/money/story/5613/3985851 Open Banking 進入台灣金融市場!已有 14 家銀行建置 Open API 系統 https://buzzorange.com/techorange/2019/08/12/open-banking-taiwan/ 查獲多項缺失 金管會對這兩家壽險公司開罰百萬 https://udn.com/news/story/7239/3986997 忘記備份這個錄音檔 元大銀行挨罰200萬 https://www.chinatimes.com/realtimenews/20190813004356-260410?chdtv 調客戶資料發現錄音檔不見 元大銀被罰200萬元 https://money.udn.com/money/story/5613/3987033 保險業六缺失 金管會盯 https://money.udn.com/money/story/5648/3989758 純網銀掀起臺灣金融法規大鬆綁,開業前還有7大監理最終考驗 https://www.ithome.com.tw/news/132357 P2P平台暗換存管銀行 http://capital.people.com.cn/BIG5/n1/2019/0814/c405954-31293550.html 中P2P又爆 證大旗下逾百公司5千人全裁 https://ec.ltn.com.tw/article/paper/1310546 軍力對決!3家純網銀團隊戰力與人才需求大比較 https://www.ithome.com.tw/news/132362 台新銀行外幣系統演算法 獲發明專利 https://udn.com/news/story/7239/3989151 金融服務機構和客戶的頭號威脅:94%的攻擊都來源於這四種 https://www.freebuf.com/news/210509.html Counterfeit Cashier’s Checks of National Bank of Blacksburg, Blacksburg, Va. https://www.occ.gov/news-issuances/alerts/2019/alert-2019-7.html 3.電子支付/電子票證/行動支付/ pay/新聞及資安 電子支付、電子票證將整併,悠遊卡未來也能電子轉帳了 https://www.feed1x.com/app/post/5d4faf61462b2406480cd367 電子支付應用大解放!不只能兌外幣、未來還能互相轉帳 https://3c.ltn.com.tw/news/37667 四電子票證機構 搶電支業務 https://money.udn.com/money/story/5613/3983247 中國犯罪集團一棒打死日本小七的「7pay」電子支付 https://newtalk.tw/news/view/2019-08-13/285205 電子支付敬陪末座,詹宏志的下一步!PChome集團整軍搶食「純網銀」大餅 http://bit.ly/2MjCY7Q 4.虛擬貨幣/區塊鍊 新聞及資安 淺論比特幣在民事法律上之定性 http://bit.ly/2YRgFIF 調查局:虛擬通貨易淪為吸金詐騙工具 https://money.udn.com/money/story/5648/3950555 STO法規爭議難解?金管會副主委黃天牧:台灣的STO法令並非特別落後 http://bit.ly/2ZMlVyv 新加坡加密貨幣交易所預計年底將出現加密貨幣市場牛市 http://bit.ly/2Hbkp1J 墜落的以太坊!硬剛比特幣之後 市值佔比已不足8% https://news.sina.com.tw/article/20190809/32262322.html 數位資產加強資安 搭配硬體錢包找安心 https://m.ctee.com.tw/livenews/aj/a83205002019081117080278?area= 敲詐: Binance與「KYC駭客」的內部談判 http://bitfunance.com/article/665 擬發行兩種平台代幣!韓國SK集團將建立基於區塊鏈的捐贈平台 http://news.knowing.asia/news/dc597ba8-e1ed-4e99-aa65-66555f3c4179 萊特幣(LTC)上週末遭受「大規模粉塵攻擊」,對用戶有什麼影響 https://www.blocktempo.com/binance-academy-found-scalable-dusting-attack/ 中國央行發行數位貨幣?其實就是人民幣本尊 http://news.knowing.asia/news/48ccf0a5-b24e-4fdd-ac9f-fe76c789ba81 對加密貨幣友好的銀行並不多,但這家居然要為加密貨幣公司服務 http://news.knowing.asia/news/ee8afc3d-ef30-44aa-8643-e77fd1dfbd5c 紐西蘭稅務局已裁定,加密貨幣收入是合法的 http://news.knowing.asia/news/9feaebe6-41b5-466f-9e0f-2c233fec9602 聯合國報告:南韓交易所 Bithumb,三年內被北韓政府駭了四次 https://www.blocktempo.com/un-investigating-35-north-korean-military-funding-cyberattacks/ 公部門共識:台灣 STO 監管在國際上並不落後,將持續與業者溝通 https://blockcast.it/2019/08/12/public-legal-forum-building-consensus-with-public-sector/ 刑事局追查乙太幣竊電案 揪出台電內鬼 https://news.tvbs.com.tw/local/1183542 整個幣圈都談盜色變,數位貨幣交易所究竟是如何被盜的 http://news.knowing.asia/news/324bab83-2c30-4f06-a041-4b226aedf2a8 紐西蘭銀行 ASB 大手筆投資「貿易融資區塊鏈」 https://www.blocktempo.com/asb-bank-takes-a-stake-in-tradewindow/ 人民幣「破 7」避險效應,中國比特幣交易量激增 50% https://finance.technews.tw/2019/08/15/china-bitcoin-trading-volume-increase/ 整個幣圈都談盜色變,數位貨幣交易所究竟是如何被盜的 http://news.knowing.asia/news/324bab83-2c30-4f06-a041-4b226aedf2a8 加密分析公司報告PIVX鏈存在漏洞並質疑PIVX並無修復計劃 https://www.bishijie.com/kuaixun_372500 加密貨幣交易所監管,將面臨哪些挑戰 http://news.knowing.asia/news/94659c86-d457-4019-9f04-6c0f1c5e6164 數字貨幣行業APT一瞥: Coinbase應對Firefox在野0day攻擊詳情分析 https://www.freebuf.com/articles/blockchain-articles/211069.html The Chinese State Is Allegedly Sponsoring Attacks on Cryptocurrency Firms https://beincrypto.com/the-chinese-state-is-allegedly-sponsoring-attacks-on-cryptocurrency-firms/ UN probing 35 North Korean cyberattacks in 17 countries https://apnews.com/ece1c6b122224bd9ac5e4cbd0c1e1d80 Many blockchain use cases need IoT to succeed, and more https://www.zdnet.com/article/many-blockchain-use-cases-need-iot-to-succeed-and-more/#ftag=RSSbaffb68 Coinbase drops UK support for privacy-focused Zcash cryptocurrency https://www.zdnet.com/article/coinbase-drops-uk-support-for-zcash/#ftag=RSSbaffb68 Bitcoin-Related Ransomware Attacks Are Up 365% Since Last Year https://beincrypto.com/bitcoin-related-ransomware-attacks-are-up-365-since-last-year/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式 中惡意程式攻台 逾全球平均4倍量 https://ec.ltn.com.tw/article/paper/1305549 數位相機 PTP 協定驚爆出現漏洞,駭客可發動 OTP 植入勒索軟體攻擊 https://technews.tw/2019/08/12/canon-dslr-camera-infected-with-ransomware-over-the-air/ 照片及相機被鎖!單反都會中勒索軟件 http://bit.ly/33u7tgB 檯面下的風險:認識無檔案式威脅 https://blog.trendmicro.com.tw/?p=61508 外掛藏惡意軟件 作弊被盜個人資訊 http://bit.ly/2Kx79GG 勒索病毒利用Flash漏洞掛馬攻擊,色情網站為傳播源頭 https://guanjia.qq.com/news/n3/2544.html Cerberus:一個新的Android'銀行惡意軟件出租'出現 https://blog.ehcgroup.io/index.php/2019/08/13/cerberus-surge-un-nuevo-android-banking-malware-for-rent/ Gozi銀行木馬再現,針對高新製造業、進出口企業的“魚叉式攻擊” https://www.freebuf.com/articles/system/209854.html Golang蠕蟲氾濫?讓我們揪出其始作俑者 https://www.freebuf.com/articles/system/208777.html GOOTKIT BANKING TROJAN | 深入研究反分析功能 https://www.sentinelone.com/blog/gootkit-banking-trojan-deep-dive-anti-analysis-features/ Deep Dive into Guildma Malware https://decoded.avast.io/threatintel/deep-dive-into-guildma-malware/ RANSOMWARE OVERTOOK BANKING TROJANS IN H1 2019 EMAIL MALWARE CAMPAIGNS https://www.zixcorp.com/resources/blog/august-2019/ransomware-overtook-banking-trojans-in-h1-2019 New "LookBack" Malware Used in Attacks Against U.S. Utilities Sector https://www.securityweek.com/new-lookback-malware-used-attacks-against-us-utilities-sector 2019-08-12 - DATA DUMP: ICEDID (BOKBOT) INFECTION WITH TRICKBOT https://www.malware-traffic-analysis.net/2019/08/12/index.html 2019-08-14 - PCAP AND MALWARE FOR AN ISC DIARY ABOUT MEDUSAHTTP https://www.malware-traffic-analysis.net/2019/08/14/index.html Canon DSLR Cameras Can Be Hacked With Ransomware Remotely https://thehackernews.com/2019/08/dslr-camera-hacking.html Canon DSLR Camera Infected with Ransomware Over the Air https://www.bleepingcomputer.com/news/security/canon-dslr-camera-infected-with-ransomware-over-the-air/ New Saefko Trojan focuses on stealing your credit card details, crypto wallets https://www.zdnet.com/article/new-saefko-trojan-focuses-on-stealing-your-credit-card-details/#ftag=RSSbaffb68 Saefko RAT peeks at browser histories to help adversaries form optimal attack plan http://bit.ly/2YVnMDW Saefko: A new multi-layered RAT https://www.zscaler.com/blogs/research/saefko-new-multi-layered-rat New Ursnif Variant Spreads Through Infected Word Documents https://www.bankinfosecurity.com/new-ursnif-variant-spreads-through-infected-word-documents-a-12898 New Ursnif Variant Spreading by Word Document https://www.fortinet.com/blog/threat-research/ursnif-variant-spreading-word-document.html Cloud Atlas threat group updates weaponry with polymorphic malware https://www.zdnet.com/article/cloud-atlas-threat-group-updates-weaponry-with-polymorphic-malware/#ftag=RSSbaffb68 Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices http://bit.ly/2YUwken Clipsa Malware Steals Cryptocurrency By Targeting Unsecured WordPress Sites https://latesthackingnews.com/2019/08/12/clipsa-malware-steals-cryptocurrency-by-targeting-unsecured-wordpress-sites/ New variant of Troldesh Ransomware targets victims via compromised website URLs https://cyware.com/news/new-variant-of-troldesh-ransomware-targets-victims-via-compromised-website-urls-42259560 Cerberus - A new banking Trojan from the underworld https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html Cerberus: A New Android 'Banking Malware For Rent' Emerges https://thehackernews.com/2019/08/cerberus-android-banking-trojan.html Cerberus: A New Android 'Banking Malware For Rent' Emerges https://thehackernews.com/2019/08/cerberus-android-banking-trojan.html Phishing email attack against hotel industry in North America https://blog.360totalsecurity.com/en/phishing-email-attack-against-hotel-industry-in-north-america/ Cyber-attack compensation claims advice https://www.dataleaklawyers.co.uk/blog/cyber-attack-compensation-claims-advice Trojans, ransomware dominate 2018–2019 education threat landscape https://blog.malwarebytes.com/trojans/2019/08/trojans-ransomware-dominate-2018-2019-education-threat-landscape/ New Norman Cryptominer Uses Dynamic DNS for C2 Communication https://www.bleepingcomputer.com/news/security/new-norman-cryptominer-uses-dynamic-dns-for-c2-communication/ Norman Cryptominer Employs Sophisticated Obfuscation Tactics https://threatpost.com/norman-cryptomining-sophisticated-obfuscation/147310/ Varonis Uncovers New Malware Strains and a Mysterious Web Shell During a Monero Cryptojacking Investigation https://www.varonis.com/blog/monero-cryptominer/ PsiXBot Continues to Evolve with Updated DNS Infrastructure https://www.proofpoint.com/us/threat-insight/post/psixbot-continues-evolve-updated-dns-infrastructure Ursnif ups its game with sophisticated VBA and PowerShell combination Dropper https://www.deepinstinct.com/2019/08/12/ursnif-ups-its-game-with-sophisticated-vba-and-powershell-combination-dropper/ Authors of the new Android Trojan advertise their product and make fun of anti-virus vendors on Twitter https://adware.guru/authors-of-the-new-android-trojan-advertise-their-product-and-make-fun-of-anti-virus-vendors-on-twitter/ Eine neue Android-Malware namens "Cerberus" kann ausgeliehen werden https://todotech20.com/ge/eine-neue-android-malware-namens-cerberus-kann-ausgeliehen-werden/ New Android malware available for renting https://gdpr.report/news/2019/08/14/privacy-new-android-malware-available-for-renting/ DanaBot banking Trojan jumps from Australia to Germany in quest for new targets https://www.zdnet.com/article/danabot-banking-trojan-jumps-from-australia-to-german-targets/ Review of a Danabot Infection https://h3collective.io/review-of-a-danabot-infection/ Analysis: New Remcos RAT Arrives Via Phishing Email https://blog.trendmicro.com/trendlabs-security-intelligence/analysis-new-remcos-rat-arrives-via-phishing-email/ Android users menaced by pre-installed malware https://nakedsecurity.sophos.com/2019/08/13/android-users-menaced-by-pre-installed-malware/ 500,000-Victim Cryptojacking Campaign Proves Increasing Malware Sophistication https://beincrypto.com/500000-victim-cryptojacking-campaign-proves-increasing-malware-sophistication/ B.行動安全 / iPhone / Android /穿戴裝置 /App 中國大陸工信部:230萬用戶已完成「攜號轉網」 https://news.sina.com.tw/article/20190724/32079366.html 破解率達74%!手機感應器恐使PIN密碼外洩 https://fnc.ebc.net.tw/FncNews/life/94552 手機狂跳出「中獎廣告」 疑是Google廣告出包 https://udn.com/news/story/7087/3983465 手機狂冒中獎訊息 谷歌代理商說話了 http://bit.ly/2KxrHPn 「恭喜您獲得中獎機會!」駭客一步驟解決超煩人的釣魚頁面 https://buzzorange.com/techorange/2019/08/13/avoid-phishing-cyber-security/ iPhone通訊錄 可能成為駭客攻擊目標 https://news.wearn.com/c295696.html WhatsApp資安亮紅燈 駭客可輕易篡改用戶訊息 https://www.ettoday.net/news/20190812/1510839.htm iPhone通訊錄成「攻擊目標」 駭客能直接繞過安全機制 https://ck101.com/thread-5020180-1-1.html Instagram再爆隱私問題!百萬名用戶自介、貼文全被廣告商蒐集了 https://cnews.com.tw/134190811a02/ 【自身難保】研究發現近半 Android 防毒軟件有問題 http://bit.ly/2MddhFY IOS系統bug不斷,蘋果公司豪甩700萬買漏洞!業內良心還是奸商 https://user.guancha.cn/main/content?id=156367&s=fwzxfbbt 沒有安卓 鴻蒙可以救華為手機嗎 http://bit.ly/2MVI0a3 稱三星手機爆炸 男子灼傷手及臉 http://www.mingpaocanada.com/Tor/htm/News/20190809/tad1_r.htm 駭客研發惡毒 Lightning 線 一插即可入侵電腦 http://bit.ly/2KtfevQ 蘋果開出百萬賞金 獎勵駭客入侵iphone回報漏洞 http://bit.ly/31AbtdI 只用 120 秒破解 iPhone Face ID!駭客們怎麼做到的 https://buzzorange.com/techorange/2019/08/13/iphone-faceid-black-hat-hacker-120-seconds/ 無密碼時代來臨!Google提供Pixel手機用戶免密碼登入 近日將擴大到安卓設備 https://www.ettoday.net/news/20190813/1512037.htm Pen Test Partners:眾多品牌的4G行動網路裝置含有安全漏洞 https://ithome.com.tw/news/132406 偽裝手機在美銷售 華為祕密計劃被識破 http://www.epochtimes.com/b5/19/8/13/n11450823.htm Android 手機傳耗電異常災情!外媒曝可能原因與它有關 https://3c.ltn.com.tw/news/37690 下游電信商提高網安信任度 資安防禦 網路端更重要 http://weekly.invest.com.tw/001.asp?artNo=2052-13-01&OC=open 近 6 成屬國產貨 報告指手機 VPN 程式風險被忽視 http://bit.ly/30bo6Mk 忍無可忍 蘋果控告Corellium以安全為名行侵害iOS之實 https://udn.com/news/story/6811/3992179 蘋果、WebKit團隊合作 發布最新反追蹤策略 http://www.limedia.tw/tech/9713/ 科企研監控工具牟利 恐成打壓幫兇 http://bit.ly/31Nnpct 資安專家成功示範以修改過的 Lightning 連接線,透過 iPhone 駭入 Mac https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=906 大量移動App 違法蒐集用戶信息 https://udn.com/news/story/7333/3989589 Push Notifications 101: Security Risks and How to Disable Them Across Devices https://heimdalsecurity.com/blog/push-notifications-security-risks-how-to-disable/ Testing Android smartphones has made my iPhone feel old and slow https://www.zdnet.com/article/testing-android-smartphones-has-made-my-iphone-feel-old-and-slow/#ftag=RSSbaffb68 How to securely wipe your iPhones, Android devices, and PCs https://www.zdnet.com/article/how-to-securely-wipe-your-iphones-android-devices-and-pcs/ How to fix the Android bug that's draining your battery https://www.zdnet.com/article/how-to-fix-the-android-bug-thats-draining-your-battery/#ftag=RSSbaffb68 Facebook Sues Two Android App Developers for Click Injection Fraud https://thehackernews.com/2019/08/facebook-ads-click-injection.html Two weird ways your iPhone or Mac can be hacked https://www.zdnet.com/article/two-weird-ways-your-iphone-or-mac-can-be-hacked/#ftag=RSSbaffb68 No China, no choice: Why 2019 is the worst smartphone year ever https://www.zdnet.com/article/no-china-no-choice-why-2019-is-the-worst-smartphone-year-ever/#ftag=RSSbaffb68 Apple's iOS Contacts app claimed to be vulnerable to SQLite hack https://appleinsider.com/articles/19/08/10/apples-ios-contacts-app-claimed-to-be-vulnerable-to-sqlite-hack Android Users Can Now Log in to Google Services Using Fingerprint https://thehackernews.com/2019/08/android-local-user-verification.html C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件 擺了乖乖,機房就會自己「乖乖」嗎 https://showipprotocols-tw.blogspot.com/2019/08/no-more-lucky-cookies-ToR.html 不甩政府法令 「愛奇藝」在台徵才恐被罰 https://news.ltn.com.tw/news/life/breakingnews/2884785 美禁蘋果MacBook Pro筆記本電腦登機 有著火風險 http://bit.ly/2KL4gkt 浙江名校畢業生開發賭博軟體 涉案逾4000萬 90嫌落網 http://bit.ly/30g222M 售「港獨T恤」?亞馬遜官網遭中國駭客以五星旗灌爆 https://www.rti.org.tw/news/view/id/2031111 【HITCON CMT 2019 免費開放人才招募刊登專區】 https://blog.hitcon.org/2019/08/HITCON-Recruit.html 敲敲資安的大門:《HackDoor 2019 駭客密室活動》 https://vocus.cc/TeacherComment/5d540a8efd897800012b2335 資安議題熱 電腦及資訊服務業營收創同期新高 https://www.fountmedia.io/article/28809 K8s第一份第三方資安稽核報告出爐!Knative滿週年使用數據大公開 https://ithome.com.tw/news/132407 安全研究人員爆料:中興 Wi-Fi 蛋成黑客溫床 https://m.eprice.com.hk/mobile/talk/4527/213780/1/ 安全研究人員爆料:中興的 4G 分享器恐成為駭客溫床 https://m.eprice.com.tw/tech/talk/1141/5376748/1/ 老師趁期中考駭進學生手機!才剛抓到證據...模範生起疑提早交卷 https://star.ettoday.net/news/1510701?redirect=1 捷報!臺灣聯隊HITCON x BFKinesiS獲得DEF CON CTF駭客競賽第二名 https://ithome.com.tw/news/132347 美國拉斯維加斯CTF資安攻防賽 台灣獲亞軍 https://www.taiwannews.com.tw/ch/news/3761981 【黑客來襲】電腦被入侵怎麼辦:立法規管VS交付贖金 http://www.etnet.com.hk/www/tc/lifestyle/officetips/larryleung/61503 駭客發威! 發現美F-15戰機大罩門 https://www.chinatimes.com/realtimenews/20190815002365-260417?chdtv 7駭客花2天成功破壞「美F-15關鍵系統」 材料費僅花2萬美元 https://www.ettoday.net/news/20190815/1513863.htm 黑客大會舉行市民慎防駭客活動 https://www.lvcdn.com/news/vegas/20190809/25889.html 火眼報告:APT41受中共指使搞網絡間諜活動 http://bit.ly/2M7i4cd 中國駭客組織APT41利用政府資源盜走遊戲虛擬貨幣以中飽私囊 https://ithome.com.tw/news/132374 調查:陸駭客藉商業攻擊賺外快 http://bit.ly/2ZK7lrj 中共指使駭客組織攻擊特定目標讓北京受益 https://v.chinaqna.com/blog/90045 美國網絡安全公司報告:中國黑客組織獲官方保護並發動攻擊 http://bit.ly/2GZCfEB 不只香港 新加坡也另有警訊 http://bit.ly/2H1UysZ 路透:國台辦砸銀彈企圖買人心 5家台媒收錢做報導 https://tw.news.appledaily.com/international/realtime/20190809/1614247 中共把貨幣當武器!盤點美方反制優勢 http://bit.ly/2MgL2qb 中共社會信用體系下 人被大數據「圈養」 http://www.epochtimes.com/b5/19/8/11/n11445406.htm 中國資訊戰警報!「買台灣不如騙台灣」的資訊戰,你抵擋的了嗎 https://musou.watchout.tw/read/Qj4a0FyKYwHax0B8bJXS 「天網」將破?美國政府禁五家中企採購案後的下一步 https://opinion.udn.com/opinion/story/120611/3988917 中共索護照號碼 澳學者:拒絕 http://bit.ly/306wtZs 加拿大情報局示警 中共經濟間諜活動增加 http://bit.ly/2OPevcF 香港網友強力反制中國網軍 曝光個資幫忙參軍 https://www.cna.com.tw/news/acn/201907240207.aspx 華郵取得密件 指大陸華為疑違規暗助北韓 https://udn.com/news/story/6809/3944855 又違反美國管制禁令?華為助北韓架設無線網路 https://www.cmmedia.com.tw/home/articles/16630 華爾街日報:華為員工助非洲多國政府監控政敵 https://m.ltn.com.tw/news/world/breakingnews/2884916 涉助非洲國家政府監控政敵 華為斥報道失實 https://hk.on.cc/hk/bkn/cnt/cnnews/20190815/bkn-20190815082610644-0815_00952_001.html 美緩對中加徵關稅 經部:網路交換器影響仍大 http://bit.ly/2KM81Gm 川普把中國進口的筆電與手機徵稅日延到12月 https://www.ithome.com.tw/news/132424 美聯邦檢察官指控Capital One事件駭客攻擊了更多目標 https://on.wsj.com/31Lchg9 美國掃雷艦老舊不靈 軟體還用WIN2000 https://www.chinatimes.com/realtimenews/20190811002311-260417?chdtv 北韓對17國發動網路攻擊 瘋狂洗劫626億 https://news.ltn.com.tw/news/world/breakingnews/2886098 美國防部列最優先事項 美軍邁向5G時代 http://bit.ly/308rirI Kuwait hit in Pyongyang cyberattack https://gulflance.com/kuwait-hit-in-pyongyang-cyberattack/ Czech Republic ‘s committee blames foreign state for Foreign Ministry Cyberattack https://securityaffairs.co/wordpress/89864/cyber-warfare-2/czech-republic-cyber-attack.html Members of Chinese Espionage Group Develop a 'Side Business' https://www.bankinfosecurity.com/members-chinese-espionage-group-develop-side-business-a-12908 Clever attack uses SQLite databases to hack other apps, malware servers https://www.zdnet.com/article/clever-attack-uses-sqlite-databases-to-hack-other-apps-malware-servers/#ftag=RSSbaffb68 Canada Is Getting Ready for Quantum Cryptography https://www.venafi.com/blog/canada-getting-ready-quantum-cryptography The Black Hat cybersecurity conference app has a cybersecurity problem https://mashable.com/article/black-hat-cybersecurity-app-vulnerable/ North Dakota’s Big Cybersecurity Vision https://blog.paloaltonetworks.com/2019/08/north-dakota-cybersecurity-vision/ New Playbooks for Cyber Defense https://www.bankinfosecurity.asia/interviews/new-playbooks-for-cyber-defense-i-4412 B-電子金融處-企業網路銀行規劃營運人員 https://www.104.com.tw/job/6om5i 【NCCST-技服中心】資安鑑識工程師(台南) https://www.1111.com.tw/job/85898199/?agent=out_gds_ewo_happiness 【NCCST-技服中心】MIS工程師(台南) https://www.1111.com.tw/job/85898378/?agent=out_gds_ewo_happiness 【NCCST-技服中心】系統工程師(台南) https://www.1111.com.tw/job/85897975/?agent=out_gds_ewo_happiness 【NCCST-技服中心】資安工程師(台南) https://www.1111.com.tw/job/85898205/?agent=out_gds_ewo_happiness 【NCCST-技服中心】資安檢測工程師(台南) https://www.1111.com.tw/job/85898004/?agent=out_gds_ewo_happiness [新竹]新竹市政府教育處徵資安分析師 https://www.ptt.cc/bbs/Tech_Job/M.1565766500.A.206.html 機器學習研發工程師(Big Data/Machine Learning) https://m.104.com.tw/job/6p1qu?jobsource=m_cust_same_on 招商銀行總行信息技術部安全團隊招聘 https://www.anquanke.com/post/id/184275 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 滙豐銀行提醒慎防偽冒電郵 http://bit.ly/2KBLYlE 紐約時報:中共對香港發動「假信息戰」 https://www.ntdtv.com/b5/2019/08/14/a102644197.html 資安業者警告:Amazon EBS配置不當造成眾多機密資料曝光 https://ithome.com.tw/news/132380 點網頁出現釣魚頁面怎解決?聽專業駭客解釋 https://news.cts.com.tw/cts/life/201908/201908111970882.html 玩家信用卡遭盜刷!Epic Games面臨集體訴訟 http://bit.ly/33pydio 「你的臉被偷了嗎?」批踢踢創始神曝...玩人臉遊戲5種下場 https://www.ettoday.net/news/20190809/1509659.htm 信用卡提額騙局!一條短信就能騙光你卡里所有的錢 https://www.fengli.com/news/23385920.html 網路詐騙案如何應對?廣發信用卡來支招 https://news.sina.com.tw/article/20190809/32252326.html 幫網友銀行開戶 女差點淪詐欺共犯 https://news.ltn.com.tw/news/Tainan/breakingnews/2879915 統一培訓發展下線 網路交友詐騙團伙冒充女性騙錢財 https://news.sina.com.tw/article/20190809/32252242.html 男假冒胞兄辦卡盜刷盜領款 判刑1年10月 https://www.cna.com.tw/news/asoc/201908090165.aspx 遭胞弟盜辦信用卡刷120萬 男子提告自保 https://news.ltn.com.tw/news/society/breakingnews/2879365 弟冒用哥名義辦卡盜刷 最後由老媽出來擦屁股 https://udn.com/news/story/7321/3979366 接警非緊急部門普通話電話 華裔遭索個人資料信用卡號 警方同日接數市民查詢 稱屬詐騙 http://www.mingpaocanada.com/Tor/htm/News/20190809/tac1_r.htm 收到驗證碼,網銀遭盜刷!大渡口警方破獲首例“嗅探”技術新型盜案 http://www.sohu.com/a/331834132_355653 電信詐騙趨向精準化:「遍地撒網」變成「重點捕魚」 https://news.sina.com.tw/article/20190723/32055714.html 澳大利亞發生多起中國公民遭電信詐騙案 使館吁防範 https://news.sina.com.tw/article/20190723/32059126.html 接到陌生來電「小妹妹狂道歉」! 她心軟按下一鍵...162萬全沒了 https://www.ettoday.net/news/20190723/1495508.htm 洛陽警方偵破一起詐騙案 http://news.lyd.com.cn/system/2019/07/30/031435503.shtml 遭遇騙局還不聽勸?電話打到你聽勸!支付寶推出首個防騙「叫醒熱線」 https://news.sina.com.tw/article/20190718/32011964.html 被指入侵Capital One的駭客是如何從雲端竊取數據的 https://on.wsj.com/2Mk4W3B 撿提款卡猜出密碼盜領46萬 判罰1萬關半年 https://news.ltn.com.tw/news/society/breakingnews/2881623 詐騙公司員工「演技」在線,扮銀行工作人員致20多人中招 http://bit.ly/2Kvx6GF 防假保單詐騙 兩管道反向查證 http://www.merit-times.com/NewsPage.aspx?unid=559584 教科書級「銀行」詐騙!他是這樣騙上市公司1.5億的,逃亡泰國4年後終究被抓 https://news.sina.com.tw/article/20190810/32268028.html 詐騙7年 新壽業務員侵占保費2,000萬 https://money.udn.com/money/story/5648/3983273 保險公司查15萬人網上醫療記錄 搜證以拒絕賠償 http://bit.ly/33szSUi 偽造成績單 友邦經紀判緩刑 https://hk.news.appledaily.com/local/daily/article/20190810/20746521 電騙黨手法再升級 冒警專線套取個資 http://bit.ly/2H3dhnX 你的個資不再是你的:當心數位足跡留痕難抹去 https://newtalk.tw/news/view/2019-08-12/284805 網路學習「假分期、真貸款」糾紛多 消保處新規範遏止 http://bit.ly/31zBs57 辦理ETC卡可能會被盜刷 小心辦卡「潛規則」 https://news.sina.com.tw/article/20190812/32283724.html 派私人調查員闖YouTuber住處?玩家發起拒買《Borderlands 3》 http://bit.ly/33xbAZi 接到自稱是銀行專員,並且詢問用卡習慣,但打去該行才發現那是詐騙 https://www.bc3ts.com/post/21665 警破網戀詐騙團夥拘11人 涉案金額逾200萬人民幣 https://hk.on.cc/hk/bkn/cnt/cnnews/20190813/bkn-20190813065058481-0813_00952_001.html 騙徒利用前新加坡總理的名字來進行比特幣投資詐騙 http://bit.ly/2KHSUxr 境外匯款 小心有詐 士林警識破詐騙手法機警阻詐 https://times.hinet.net/news/22505151 警籲民眾慎防手機被綁架 http://bit.ly/2H60XTH 郵儲銀行開展支付安全與防範電信網路新型欺詐宣傳 https://news.sina.com.tw/article/20190814/32308038.html 母湯用外掛,資安公司曝《要塞英雄》外掛會竊取使用者個資 https://tw.esports.yahoo.com/fortnite-065318537.html 駭客論壇Cracked.to資料庫遭競爭對手公布 https://www.ithome.com.tw/news/132427 從個人資料保護 看資安 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=8751 美媒:臉書聘數百人 轉錄用戶語音對話 http://bit.ly/2H4NfjV 保全公司雲端平台漏洞,讓千萬用戶指紋、人臉及個資曝險 https://ithome.com.tw/news/132441 英國爆發嚴重生物辨識資訊資安事件,百萬人指紋、面孔與帳密完全未經加密存放 https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=908 廠商持假發票詐貸銀行 調查局大規模搜索 https://money.udn.com/money/story/5648/3991263 最新電話詐騙 PSE&G電氣公司發警告 http://www.epochtimes.com/b5/19/8/15/n11456066.htm 網購網戀詐騙橫行 「+」號電話、購虛擬幣勿輕信 http://bit.ly/2Nhfpwn 網絡攻擊瞄準個人銀行,談談5個典型攻擊手段 https://www.freebuf.com/articles/network/211150.html Invoice釣魚郵件姿勢多,進出口企業機密信息易洩漏 https://www.freebuf.com/articles/system/210012.html Crime Gangs Increasingly Turn to Online Fraud, UK Police Warn https://www.bankinfosecurity.eu/crime-gangs-increasingly-turn-to-online-fraud-uk-police-warn-a-12916 Security warning for software developers: You are now prime targets for phishing attacks https://www.zdnet.com/article/security-warning-for-software-developers-you-are-now-prime-targets-for-phishing-attacks/ Report: SEC Investigates First American Data Exposure https://www.bankinfosecurity.asia/report-sec-investigates-first-american-data-exposure-a-12910 SEC Investigating Data Leak at First American Financial Corp. https://krebsonsecurity.com/2019/08/sec-investigating-data-leak-at-first-american-financial-corp/ Four major dating apps expose precise locations of 10 million users https://www.zdnet.com/article/four-major-dating-apps-expose-precise-locations-of-10-million-users/#ftag=RSSbaffb68 FBI seeks to monitor Facebook, oversee mass social media data collection https://www.zdnet.com/article/fbi-seeks-to-monitor-facebook-oversee-mass-social-media-data-collection/#ftag=RSSbaffb68 Threesome app exposes user data, locations from London to the White House https://www.zdnet.com/article/threesome-app-exposes-user-data-pics-from-london-to-the-white-house/#ftag=RSSbaffb68 South Korea New Target for Payment Fraud https://www.bankinfosecurity.com/south-korea-new-target-for-payment-fraud-a-12897 Scammers increasingly hide behind legitimate company websites to spawn phishing mails https://www.scmagazineuk.com/scammers-increasingly-hide-behind-legitimate-company-websites-spawn-phishing-mails/article/1593447 Get creative: The average US user recycles online passwords at least four times https://www.zdnet.com/article/get-creative-the-average-us-user-recycles-online-passwords-at-least-four-times/#ftag=RSSbaffb68 Hundreds of exposed Amazon cloud backups found leaking sensitive data https://techcrunch.com/2019/08/09/aws-ebs-cloud-backups-leak/ SEC Investigating Data Leak at First American Financial Corp. https://krebsonsecurity.com/2019/08/sec-investigating-data-leak-at-first-american-financial-corp/ Choice Hotels: 700,000 Guest Records Exposed https://www.bankinfosecurity.asia/choice-hotels-700000-guest-records-exposed-a-12913 Fake Twitter Accounts Launch Anti-India Propaganda Campaign https://www.bankinfosecurity.asia/fake-twitter-accounts-launch-anti-india-propaganda-campaign-a-12914 Responding to Firefox 0-days in the wild https://blog.coinbase.com/responding-to-firefox-0-days-in-the-wild-d9c85a57f15b Major biometrics data leak impacts UK Metropolitan Police, banks, enterprise companies https://www.zdnet.com/article/major-biometrics-data-leak-impacts-police-banks-enterprise-companies/#ftag=RSSbaffb68 Report: Data Breach in Biometric Security Platform Affecting Millions of Users https://www.vpnmentor.com/blog/report-biostar2-leak/ White Hats Breach Biometrics Database: 27.8 Million Records Exposed https://www.cbronline.com/news/biostar-2-vpnmentor Capital One hacker took data from more than 30 companies, new court docs reveal https://www.zdnet.com/article/capital-one-hacker-took-data-from-more-than-30-companies-new-court-docs-reveal/#ftag=RSSbaffb68 E.研究報告 LiveZilla實時聊天應用7大漏洞解析 https://xz.aliyun.com/t/5902 網絡安全重大事件判定指南 https://www.freebuf.com/articles/network/211133.html 2019上半年網絡安全應急響應分析報告 https://www.freebuf.com/articles/paper/210447.html 由一道工控路由器固件逆向題目看命令執行漏洞 https://zhuanlan.zhihu.com/p/77410505 【漏洞預警】KDE Frameworks遠程命令執行(CVE-2019-14744)漏洞 https://www.secpulse.com/archives/110558.html CVE-2019-0193 Apache Solr遠程命令執行漏洞分析 https://xz.aliyun.com/t/5941 Ghostscript沙箱繞過命令執行漏洞(CVE-2019-10216) 預警 https://www.secrss.com/articles/12889 記一次xss漏洞挖掘 https://zhuanlan.zhihu.com/p/77639006 路由器漏洞挖掘之TEW_645TR_1.12 sql 注入分析 https://www.anquanke.com/post/id/183871 D-Link系列路由器漏洞挖掘 https://www.cnblogs.com/17bdw/p/11345345.html 內核漏洞挖掘技術系列(6)——使用AFL進行內核漏洞挖掘 https://xz.aliyun.com/t/5943 免殺webshel​​l的無限生成工具(免殺一句話生成|免殺d盾|免殺安全狗護衛神河馬查殺等一切WAF) https://github.com/yzddmr6/webshell-venom 警惕Elasticsearch淪為殭屍網絡 https://www.freebuf.com/articles/network/209564.html CVE-2019-11270:Cloud Foundry UAA中的提權漏洞分析 https://www.anquanke.com/post/id/183810 CVE-2019-1181/1182:遠程桌面服務中的蠕蟲漏洞警告 https://www.linuxidc.com/Linux/2019-08/160043.htm 安全心經| 吳承恩都不知道的《西遊記》 https://www.aqniu.com/vendor/53067.html 內網攻防備忘錄 https://www.freebuf.com/articles/network/210298.html 新型JSNEMUCOD病毒样本分析报告 https://www.freebuf.com/articles/terminal/209769.html ARP欺騙繞過Android TV BOX分析 https://www.freebuf.com/articles/network/209780.html Dockernymous:一款基於Docker容器的Whonix網關工作站安全環境搭建工具 https://www.freebuf.com/sectool/209607.html WatchBog新型變種分析 https://www.freebuf.com/articles/network/209956.html Pown-Duct:一款功能強大的盲注攻擊檢測工具 https://www.freebuf.com/sectool/209584.html Rock-ON:一款多功能合一的網絡偵察工具 https://www.freebuf.com/articles/network/208923.html Trojans, ransomware dominate 2018–2019 education threat landscape https://blog.malwarebytes.com/trojans/2019/08/trojans-ransomware-dominate-2018-2019-education-threat-landscape/ An easy ATT&CK-based Sysmon hunting tool https://github.com/baronpan/SysmonHunter LLDBFuzzer: Debugging and Fuzzing the Apple Kernel with LLDB Script http://bit.ly/2GUwFDh Seccomp Tools : Provide Powerful Tools For Seccomp Analysis https://kalilinuxtutorials.com/seccomp-tools/ HackerTarget : Tools And Network Intelligence To Help Organisations With Attack Surface Discovery https://kalilinuxtutorials.com/hackertarget-tools-and-network-intelligence/ Cloud Forensics: Google Drive https://netseedblog.com/security/cloud-forensics-google-drive/ LLDBFuzzer: Debugging and Fuzzing the Apple Kernel with LLDB Script http://bit.ly/2GUwFDh Threat Research Finding Evil in Windows 10 Compressed Memory, Part One: Volatility and Rekall Tools https://www.fireeye.com/blog/threat-research/2019/07/finding-evil-in-windows-ten-compressed-memory-part-one.html Threat Research Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive https://www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-two.html Threat Research Finding Evil in Windows 10 Compressed Memory, Part Three: Automating Undocumented Structure Extraction https://www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-three.html All-in-one bundle of MISP, TheHive and Cortex https://github.com/pe3zx/mthc F.商業 訊連推出金融AI刷臉辨識 高精準度2D、3D臉部防偽 https://www.ettoday.net/news/20190718/1493196.htm Openfind發表雲端資安生態圈聯盟 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000565606_7u77pzuelrbl0g7tpds1k 關貿網路攜手中醫附醫 攻醫療行動支付 https://ec.ltn.com.tw/article/breakingnews/2882244 電腦及資訊服務業 Q2營收創新高 http://bit.ly/2OU6t2n 剖析資通安全管理法 綜觀資安管理國際標準新趨勢 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&cat=60&id=0000565827_vmi9wc2x1pvpdg8pbp91e 微軟中小企業授權方案將不再提供Office永久版 https://www.ithome.com.tw/news/132392 關貿網路 策略性投資將來銀行2.1億元 https://www.chinatimes.com/realtimenews/20190814003524-260410?chdtv 效果不大,Chrome、Firefox將縮減EV簽章標示 https://www.ithome.com.tw/news/132416 加入純網銀國家隊展拳腳 關貿投資將來 爭一席董事 http://bit.ly/2Z5xT98 30而「力」!合勤從「設備研發製造商」到「解決方案服務商」的華麗轉身 https://www.techbang.com/posts/72057-30th-anniversary-of-co-attendance 思科攜手北市府 培育數位人才 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/7DEEB5510D714ABD93C0C42245EDFD86 Google推出網頁應用程式遙測工具 https://www.ithome.com.tw/news/132429 台灣大公有雲「運算雲 Plus」上線,年底前預計逾 40 家企業導入 https://technews.tw/2019/08/15/taiwan-mobile-easpnet-vmwa/ Kaspersky 亞太區設首家透明中心 http://bit.ly/2yYOi0w 區塊科技結合資安鑑識,用區塊鏈技術提升「數位蒐證」可信度 http://bit.ly/2N61yc3 Let Experts Do Their Job – Managed WAF by Indusface https://thehackernews.com/2019/08/apptrana-waf-vulnerability-scanner.html Microsoft is phasing out the Basic edition of Azure Active Directory https://www.zdnet.com/article/microsoft-is-phasing-out-the-basic-edition-of-azure-active-directory/#ftag=RSSbaffb68 Microsoft names top security researchers, zero-day contributors https://www.zdnet.com/article/microsoft-names-top-security-researchers-zero-day-contributors/#ftag=RSSbaffb68 Broadcom Reaches $10.7B Deal to Buy Symantec Enterprise https://www.bankinfosecurity.com/broadcom-reaches-107b-deal-to-buy-symantec-enterprise-a-12896 Top 10 security extensions for Google Chrome https://www.zdnet.com/article/top-10-security-extensions-for-google-chrome/#ftag=RSSbaffb68 Windows Virtual Desktop Is Feature Complete https://www.petri.com/windows-virtual-desktop-is-feature-complete G.政府 明年千億元科技預算 政院將投入5G、自駕車及資安 https://udn.com/news/story/7238/3980256?from=udn-ch1_breaknews-1-cate6-news 金管會宣示3大重點:理專控管、雲端委外及違約金計收 https://money.udn.com/money/story/5613/3966605 保險業應設置公司治理主管 保險業內部控制及稽核制度實施辦法修正 https://www.lawbank.com.tw/news/NewsContent.aspx?NID=162319 強化資安 充實資訊設備 臺東縣府將汰換310台電腦 https://news.sina.com.tw/article/20190810/32267258.html NCC獲2660萬補助 將投入5G實證與資安研究計畫 https://www.cna.com.tw/news/ahel/201908140233.aspx 金管會列保險業常見缺失 顧立雄:再犯就不客氣了 https://udn.com/news/story/7239/3989244 5G明年上路 NCC:得標廠商須報告資安管理程度 http://bit.ly/2H7amuv 政府領域資安聯防監控說明會 https://www.nccst.nat.gov.tw/HandoutDetail?lang=zh&seq=1283 H.ICS/SCADA 工控系統 雲端工控安全保衛戰 https://www.freebuf.com/articles/ics-articles/211300.html HVACking: Understanding the Delta Between Security and Reality https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/hvacking-understanding-the-delta-between-security-and-reality/ Introduction to SCADA security https://securityboulevard.com/2019/08/introduction-to-scada-security/ ICS/SCADA security overview https://securityboulevard.com/2019/08/ics-scada-security-overview/ Physical security for ICS/SCADA environments https://securityboulevard.com/2019/08/physical-security-for-ics-scada-environments/ Securing OT in the Energy and Utilities Sector https://advancedmanufacturing.org/securing-ot-in-the-energy-and-utilities-sector/ Global Cyber Alliance Unveils Free IoT Security Platform https://www.iotworldtoday.com/2019/08/15/global-cyber-alliance-unveils-free-iot-security-platform/ I.教育訓練 git提供分散式版本控制 GitHub存放個人網頁空間 善用gh-pages分支功能 無料架設靜態網站 https://www.netadmin.com.tw/netadmin/zh-tw/technology/89C148A5BC09490785753668A11280B8 10個新手必知的 JavaScript 實用技巧 http://bit.ly/2YNkMKz 【機器學習懶人包】從數據分析到模型整合,各種好用的演算法全都整理給你啦 https://buzzorange.com/techorange/2019/08/13/machine-learning-algorithm-collection/ MIS想跨入資安領域,SSCP是最好的入門鑰匙 https://ithome.com.tw/pr/132405 淺談MSF滲透測試 https://www.freebuf.com/news/210292.html List of Open Source C2 Post-Exploitation Frameworks http://pentestit.com/list-of-open-source-c2-post-exploitation-frameworks/ Gaining code execution using a malicious SQLite database https://research.checkpoint.com/select-code_execution-from-using-sqlite/ Sysmon Deep Dive Part 1: EventID 1 Process Create https://www.peerlyst.com/posts/sysmon-deep-dive-part-1-eventid-1-process-create-lee-archinal FREE DOWNLOAD: the best training, courses and ebooks on cybersecurity (2019's version) https://www.peerlyst.com/posts/free-download-the-best-training-courses-and-ebooks-on-cybersecurity-2019-s-version-peerlyst Top DFIR Tools - 2019 edition https://www.peerlyst.com/posts/top-dfir-tools-2019-edition-david-dunmore Price Dropped: Get Lifetime Access to Cisco Certification Courses 2019 https://thehackernews.com/2018/06/cisco-certification-training.html J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識 遙控鑰匙沒那麼安全! 網實測:1秒解鎖開走 https://news.tvbs.com.tw/life/1182516 你有多愛車? 有人在手臂植入 Tesla Model 3 晶片鑰匙 https://www.kocpc.com.tw/archives/274484 電子裝置的揚聲器成了駭客的目標,還把聲音當成武器 https://technews.tw/2019/08/13/hackers-can-turn-everyday-speakers-into-acoustic-cyberweapons/ 是德科技網路安全產品全面防禦車聯網攻擊 http://bit.ly/2YFXGp4 全面檢視IT/OT資產 發現可疑的網路行為 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=8748 智能喇叭成黑客攻擊對象 聲波攻擊成真 http://bit.ly/2ZZpx09 SMART ENERGY MONITORING AND CONTROLLED SMART SECURITY https://www.iot-contest.bisinfotech.com/2019/08/08/smart-energy-monitoring-and-controlled-smart-security/ 6.近期資安活動及研討會 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28 https://www.accupass.com/event/1906050355291064968019 108 年度臺灣學術網路危機處理中心資安巡迴研討會 -資安趨勢暨網路安全概要 8/19 ~ 8/27 http://www.hssh.tp.edu.tw/ezfiles/1/1001/attach/42/pta_17520_7551835_06329.pdf 台灣駭客年會 HITCON Summer Training 2019 - 學生報名 2019-08-19 ~ 2019-08-22 https://www.accupass.com/event/1906050919271598677460 工業自動化資安攻擊與防護 8/21 https://www.moea.gov.tw/MNS/populace/news/NewsAction.aspx?menu_id=43&news_id=86058 ᅵYahoo奇摩電商專題講座ᅵ 我們與詐騙的距離_電商不可承受的資安之重 8/21 https://www.accupass.com/event/1906120307261445013215 資訊安全攻防實務- 企業紅藍隊對抗演練實務 08/21 星期三 09:00 ~ 08/23 星期五 16:30 https://www.moea.gov.tw/Mns/populace/news/NewsAction.aspx?menu_id=43&news_id=86049 WEB應用滲透測試 8/21 ~ 8/23 https://www.accupass.com/event/1904080221358963463590 Thinking Thursday 第三場 8/22 https://www.meetup.com/Thinking-Thursday/events/lrqddryzlbdc/ 台灣駭客年會 HITCON Community 2019 2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8) https://www.accupass.com/event/1906040921594609934250 第四屆臺灣好厲駭~開放報名 至108年8月26日(一)下午5點截止 http://bit.ly/2ZlpP0Q NISRA Enlightened 2019 2019/08/26 ~ 2019/08/29 https://nisra.kktix.cc/events/2019enlightened 數位政府高峰會 2019 8/28 https://egov.ithome.com.tw/ ModernWeb 19 8/28 ~ 8/29 https://modernweb.tw/ 資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」 8/29 ~ 8/30 http://www.cisanet.org.tw/News/activity_more?id=MTQzMw== 108年資安職能訓練-行動裝置安全(8/29-8/30) https://cee.ksu.edu.tw/recruitinfo/1443.html 2019 NGO 資安種子講師訓練 8/29 https://ocftw.kktix.cc/events/cscs2019tot Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 9/6 https://signupcybersec101.ithome.com.tw/ 交通大學亥克書院-B022:基礎網頁安全與滲透測試<新竹場次> 9/7 https://hackercollege.nctu.edu.tw/?p=1079 資訊安全管理系統-基礎課程(免費!)9/8 https://www.accupass.com/event/1907160853513957042270 【AWS資安】Security Engineering on AWS​高級課程 9/9 ~ 9/11 https://www.accupass.com/event/1905150854571147685105 CDX2.0推廣活動 - 台北場次 9/10 https://nchc-cdx.kktix.cc/events/cdxactivity-0910 Kubernetes Summit 9/11 https://summit.ithome.com.tw/kubernetes/ 台灣賽門鐵克年度資安論壇 9/12 https://zh.surveymonkey.com/r/symantec_0912 Cyber Attack Taipei Series 2019 9/17 https://www.eventbrite.com/e/cyber-attack-taipei-series-2019-tickets-68951581035 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 9/20 https://signupcybersec101.ithome.com.tw/ 金融資安培訓課程 9/20 https://twap.deloitte.com.tw/DTLCRA/Works/CourseDetail.aspx?CourseID=T1906002 資策會開辦「認證系統安全從業人員 SSCP 輔導班」2019/9/21 https://ithome.com.tw/pr/131772 交通大學亥克書院-A011:入侵行為發覺與應變指南 9/21 https://hackercollege.nctu.edu.tw/?p=1082 資訊安全管理系統-進階課程(免費!)9/21 https://www.accupass.com/event/1907160908138705889800 TANET 2019 - 臺灣網際網路研討會 9/25 https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310 交通大學亥克書院-B022:基礎網頁安全與滲透測試 9/28 https://hackercollege.nctu.edu.tw/?p=1084 HITB+ CYBER WEEK 2019/10/12 ~17 https://d2p.hitb.org/ 交通大學亥克書院-A006:數位足跡追蹤與分析 10/19 https://hackercollege.nctu.edu.tw/?p=1088 Splunk .conf 19 10/21 ~ 10/24 https://conf.splunk.com/ AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22 https://ittraining.kktix.cc/events/aiot-training-2019 Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019 https://www.icscybersecurityconference.com Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 10/25 https://signupcybersec101.ithome.com.tw/ 交通大學亥克書院-A015:進階網頁滲透測試 10/26 https://hackercollege.nctu.edu.tw/?p=1090 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/8 https://signupcybersec101.ithome.com.tw/ 交通大學亥克書院-P006:高階網頁滲透測試 11/16 https://hackercollege.nctu.edu.tw/?p=1092 Cybersecurity Framework 擴大資安視野 Seminar CYBERSEC 101 研討會 11/29 https://signupcybersec101.ithome.com.tw/ 交通大學亥克書院-B015:惡意程式檢測 11/30 https://hackercollege.nctu.edu.tw/?p=1098 交通大學亥克書院-A018:企業網域控管-Active Directory攻擊與防禦 12/14 https://hackercollege.nctu.edu.tw/?p=1094 Japan Security Analyst Conference https://jsac.jpcert.or.jp/

    Import from clipboard

    Paste your markdown or webpage here...

    Advanced permission required

    Your current role can only read. Ask the system administrator to acquire write and comment permission.

    This team is disabled

    Sorry, this team is disabled. You can't edit this note.

    This note is locked

    Sorry, only owner can edit this note.

    Reach the limit

    Sorry, you've reached the max length this note can be.
    Please reduce the content or divide it to more notes, thank you!

    Import from Gist

    Import from Snippet

    or

    Export to Snippet

    Are you sure?

    Do you really want to delete this note?
    All users will lose their connection.

    Create a note from template

    Create a note from template

    Oops...
    This template has been removed or transferred.
    Upgrade
    All
    • All
    • Team
    No template.

    Create a template

    Upgrade

    Delete template

    Do you really want to delete this template?
    Turn this template into a regular note and keep its content, versions, and comments.

    This page need refresh

    You have an incompatible client version.
    Refresh to update.
    New version available!
    See releases notes here
    Refresh to enjoy new features.
    Your user state has changed.
    Refresh to load new user state.

    Sign in

    Forgot password

    or

    By clicking below, you agree to our terms of service.

    Sign in via Facebook Sign in via Twitter Sign in via GitHub Sign in via Dropbox Sign in with Wallet
    Wallet ( )
    Connect another wallet

    New to HackMD? Sign up

    Help

    • English
    • 中文
    • Français
    • Deutsch
    • 日本語
    • Español
    • Català
    • Ελληνικά
    • Português
    • italiano
    • Türkçe
    • Русский
    • Nederlands
    • hrvatski jezik
    • język polski
    • Українська
    • हिन्दी
    • svenska
    • Esperanto
    • dansk

    Documents

    Help & Tutorial

    How to use Book mode

    Slide Example

    API Docs

    Edit in VSCode

    Install browser extension

    Contacts

    Feedback

    Discord

    Send us email

    Resources

    Releases

    Pricing

    Blog

    Policy

    Terms

    Privacy

    Cheatsheet

    Syntax Example Reference
    # Header Header 基本排版
    - Unordered List
    • Unordered List
    1. Ordered List
    1. Ordered List
    - [ ] Todo List
    • Todo List
    > Blockquote
    Blockquote
    **Bold font** Bold font
    *Italics font* Italics font
    ~~Strikethrough~~ Strikethrough
    19^th^ 19th
    H~2~O H2O
    ++Inserted text++ Inserted text
    ==Marked text== Marked text
    [link text](https:// "title") Link
    ![image alt](https:// "title") Image
    `Code` Code 在筆記中貼入程式碼
    ```javascript
    var i = 0;
    ```    		 
    var i = 0;
    :smile: :smile: Emoji list
    {%youtube youtube_id %} Externals
    $L^aT_eX$ LaTeX
    :::info
    This is a alert area.
    :::

    This is a alert area.
    Versions and GitHub Sync
    Get Full History Access

    • Edit version name
    • Delete

    revision author avatar     named on  

    More Less

    Note content is identical to the latest version.
    Compare
      Choose a version
      No search result
      Version not found
    Sign in to link this note to GitHub
    Learn more
    This note is not linked with GitHub
     

    Feedback

    Submission failed, please try again

    Thanks for your support.

    On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?

    Please give us some advice and help us improve HackMD.

     

    Thanks for your feedback

    Remove version name

    Do you want to remove this version name and description?

    Transfer ownership

    Transfer to
      Warning: is a public team. If you transfer note to this team, everyone on the web can find and read this note.

        Link with GitHub

        Please authorize HackMD on GitHub
        • Please sign in to GitHub and install the HackMD app on your GitHub repo.
        • HackMD links with GitHub through a GitHub App. You can choose which repo to install our App.
        Learn more  Sign in to GitHub

        Push the note to GitHub Push to GitHub Pull a file from GitHub

          Authorize again
         

        Choose which file to push to

        Select repo
        Refresh Authorize more repos
        Select branch
        Select file
        Select branch
        Choose version(s) to push
        • Save a new version and push
        • Choose from existing versions
        Include title and tags
        Available push count

        Pull from GitHub

         
        File from GitHub
        File from HackMD

        GitHub Link Settings

        File linked

        Linked by
        File path
        Last synced branch
        Available push count

        Danger Zone

        Unlink
        You will no longer receive notification when GitHub file changes after unlink.

        Syncing

        Push failed

        Push successfully