###### tags: `資安事件新聞週報`
# 資安事件新聞週報 2019/6/24 ~ 2019/6/28
1.重大弱點漏洞/後門/Exploit/Zero Day
Samba 產品存在安全性弱點 CVE-2019-12435
https://www.samba.org/samba/security/CVE-2019-12435.html
TP-Link 路由器多個漏洞 CVE-2018-16119
https://nvd.nist.gov/vuln/detail/CVE-2018-16119
SAPIDO RB-1732 - Remote Command Execution
https://www.exploit-db.com/exploits/47031
Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution
https://www.exploit-db.com/exploits/47033
修補漏洞優先順序及效率研究
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16256
Exim存在遠端指令執行漏洞
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16257
UNC Path Injection with Microsoft Access
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/unc-path-injection-with-microsoft-access/
Oracle 發布安全更新 CVE-2019-2729
https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html#AppendixFMW
Oracle WebLogic伺服器存在安全漏洞(CVE-2019-2725與CVE-2019-2729)
http://net.nthu.edu.tw/netsys/mailing:announcement:20190621_01
f5 -- big-ip_access_policy_manager CVSS V3 7.8
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11477
ibm -- control_desk CVSS V3 8.5
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-4364
ibm -- tivoli_netcool/impact CVSS V3 7.7
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-4103
tp-link -- tl-wr1043nd_firmware CVE-2019-6971
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6971
sophos -- sfos CVE-2018-16117
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16117
webmin CVE-2019-12840
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12840
whatsapp
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20655
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-6350
Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
https://www.exploit-db.com/exploits/47039
多個漏洞影響Linux,FreeBSD內核
http://bit.ly/2KzBx4l
PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery
https://thehackernews.com/2019/06/microsoft-outlook-vulnerability.html
Pivotal Software Spring Security 安全漏洞 CVE-2019-11272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11272
Cisco 多個產品發布新的安全更新
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-sdwan-privesca
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass
思科修補DNA Center與SD-WAN 系統的重大漏洞
https://www.ithome.com.tw/news/131405
思科發布25個漏洞補丁,DNA中心嚴重漏洞,可打開內部服務的訪問
https://t.cj.sina.com.cn/articles/view/6586462001/188956f3100100ijuu
Firefox 0day 漏洞被用於攻擊Coinbase 僱員
https://www.solidot.org/story?sid=61075
Firefox 67.0.4 Released — Mozilla Patches Second 0-Day Flaw This Week
https://thehackernews.com/2019/06/firefox-0day-vulnerability.html
Tor Browser 8.5.2 Released — Update to Fix Critical Firefox Vulnerability
https://thehackernews.com/2019/06/tor-browser-firefox-hack.html
MongoDB 4.2 Introduces End-to-End Field Level Encryption for Databases
https://thehackernews.com/2019/06/mongodb-fle-data-encryption.html
Dell電腦預裝軟體SupportAssist含有可被接管的安全漏洞
https://www.ithome.com.tw/news/131451
Dell 呼籲數百萬使用者修補 SupportAssist 工具漏洞
https://blog.trendmicro.com.tw/?p=60961
Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers
https://thehackernews.com/2019/06/dells-supportassist-hacking.html
Linux 內核阻斷攻擊漏洞
https://www.hkcert.org/my_url/zh/alert/19062104
Apache Tomcat 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.2230/
RUBY ON RAILS的ACTIVE STORAGE 反序列化命令執行漏洞
https://nosec.org/home/detail/2723.html
Linux TCP "SACK PANIC" 遠程拒絕服務漏洞
https://www.zengjunpeng.com/?id=211
ISC BIND 阻斷攻擊漏洞
https://www.hkcert.org/my_url/zh/alert/19062101
Debian 發布安全更新修復近期披露的英特爾MDS 安全漏洞
https://www.chainnews.com/articles/029979751010.htm
MongoDB未授權訪問漏洞及加固
https://blog.csdn.net/wst0717/article/details/93479243
OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks
https://thehackernews.com/2019/06/openssh-side-channel-vulnerability.html
Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer
https://thehackernews.com/2019/06/vlc-media-player-hacking.html
FasterXML jackson-databind 安全漏洞 CVE-2019-12384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384
BlueStacks App Player 安全漏洞 CVE-2019-12936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12936
OpenJDK Docker 鏡像存在錯誤版本漏洞
https://www.infoq.cn/article/I_Wfu4eIJY7c52Prqoop
PowerDNS Authoritative Server 安全漏洞 CVE-2019-10163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10163
Microsoft is notifying users if their devices aren't ready for Windows 10 1903
https://www.zdnet.com/article/microsoft-is-notifying-users-if-their-devices-arent-ready-for-windows-10-1903/#ftag=RSSbaffb68
Account Takeover Vulnerability Found in Popular EA Games Origin Platform
https://thehackernews.com/2019/06/ea-origin-game-hacking.html
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
信用卡及金融卡身份詐欺案件在英國急遽增加
http://bit.ly/2x96BPQ
Visa亞太資安高峰會:支付資訊安全推動數位經濟發展
https://www.techbang.com/posts/70997-visa-asia-pacific-summit-payment-information-security-drives-digital-economy
金管會推開放銀行,採香港不立法模式
https://finance.technews.tw/2019/06/24/the-fsc-pushes-open-banks-and-adopts-hong-kongs-non-legislative-model/
客戶資料不再獨享…3階段「開放銀行」 下月啟動
https://udn.com/news/story/7239/3888637
倫敦地鐵站比特幣ATM瘋狂吐鈔被懷疑遭駭,該公司CEO表示:機器正常,只是客戶領太多錢罷了
https://www.techbang.com/posts/70899-london-underground-station-bitcoin-atm-spits-out-money-sparking-crowds-of-commuters
超商貨到付款 5,000 元內開放刷卡,擬年底前上路
https://finance.technews.tw/2019/06/21/convenience-store-5000-ntd-credit-card/
中國大陸深圳交易所:本周共對33起證券異常交易行為采取了自律監管措施
https://www.finet.hk/newscenter/news_content/5d0db747bde0b35bf2ad99be
保險業買ETN 金管會開放
https://money.udn.com/money/story/5607/3886169
系統性銀行 五家將入列
https://money.udn.com/money/story/5613/3890726
三中資銀行遭美點名替北韓洗錢 招商銀行股價大跌
https://money.udn.com/money/story/5599/3891646
中華民國銀行公會「銀行防制洗錢及打擊資恐注意事項範本」
https://www.selaw.com.tw/LawBasis.aspx?LawID=A040390041019800-1060628
中華民國銀行公會訂自律規範 挑合作對象首重資安
https://news.wearn.com/c255704.html
美十八大行壓測過關
http://bit.ly/2Yb7H9r
老行庫轉型拚消金 卻面臨人力流失困境
https://news.cnyes.com/news/id/4343944
日本金融業吹裁員風、傳大型保險公司將精簡4000人
https://news.cnyes.com/news/id/4345156
明台產物保險,發現 R-XSS 漏洞
https://zeroday.hitcon.org/vulnerability/ZD-2019-00377
7月起八大公股行庫分行 取消延長營業時間
http://bit.ly/2xdyMNg
中國大陸國內銀恐成美國針對對象 潛在風險有多高
http://bit.ly/2ZUJe91
中信證券eKYC線上錄影簽名功能,獲專利
https://www.chinatimes.com/realtimenews/20190626001394-260410?chdtv
中信證券eKYC線上錄影簽名功能,獲專利
https://www.chinatimes.com/realtimenews/20190626001394-260410?chdtv
2上櫃公司境外假交易逾百億 人頭公司負責人追加起訴
https://tw.news.appledaily.com/local/realtime/20190627/1590610/
勞退自選實驗平台爆逾6萬人搶報名 王儷玲籲升級2.0版
https://money.udn.com/money/story/5617/3894372
大陸核電裝機容量 全球第三 核保險行業標準出爐
https://money.udn.com/money/story/5605/3894851
中國銀行隆重召開慶祝中國共產黨成立98周年大會
http://www.boc.cn/big5/aboutboc/bi1/201906/t20190626_15524325.html
美國「威脅」中資三大銀行 貿易戰火或延至金融系統
http://bit.ly/2J9WVdq
防帳戶風險 企業核查系統上線
https://udn.com/news/story/7333/3894710
證券交易等監視委擬建議就戈恩案向日產開罰單
https://tchina.kyodonews.net/news/2019/06/c8bcb612bcbd.html
買藥不需到藥房 應用程式落單 ATM取藥
http://bit.ly/2XcLCek
大陸央行8月1日起整治亂開空頭支票行為
https://udn.com/news/story/7239/3892716
中國一家銀行涉嫌違反聯合國制裁北韓禁令 可能被拒進入美國金融系統
https://www.voacantonese.com/a/Chinese-Banksia-May-Face-US-Action-In-North-Korean-Sanctions-20190615/4972786.html
Investigators Probe Attacks on At Least 3 Bangladesh Banks
https://www.bankinfosecurity.in/investigators-probe-attacks-on-at-least-3-bangladesh-banks-a-12690
Despite Shift to EMV, ATM Fraud Persists
https://www.bankinfosecurity.asia/despite-shift-to-emv-atm-fraud-persists-a-12675
Three banks hit by cyberattacks
https://www.thedailystar.net/frontpage/news/three-banks-hit-cyberattacks-1760629
ATM Shimmers Supplanting Skimmers
https://www.flashpoint-intel.com/blog/atm-shimmers-supplanting-skimmers/
Hackers Favoring Shimmers Over Skimmers for ATM Attacks
https://www.securityweek.com/hackers-favoring-shimmers-over-skimmers-atm-attacks
3.電子支付/電子票證/行動支付/ pay/新聞及資安
手機綁一堆PAY 輕忽防盜曝隱私
https://m.ltn.com.tw/news/society/paper/1297740
推電子支付力拼金融科技轉型,一卡通靠IT建立支付生態系
https://www.ithome.com.tw/people/131432
Visa 發布《未來支付安全路線圖》 推4項重點措施
http://bit.ly/2xbs2zB
VISA支付安全路綫藍圖 代碼取代信用卡帳號
http://bit.ly/2N91hXf
【支付安全】網絡欺詐潛在風險日增 Visa倡商戶交易全面代碼化
https://hk.finance.appledaily.com/finance/realtime/article/20190624/59748666
自研AI系統升級 辨識交易時間快10倍
http://bit.ly/2LgXrJ2
與星巴克、微軟合作,Bakkt被爆將推加密支付APP
http://news.knowing.asia/news/a17fd6a8-f13f-40a3-90b7-244ebad0c3e8
無現金支付在夜巿 玉山行動銀行APP推出「掃碼支付」
http://bit.ly/2Lg4oue
Razer Pay 和 VISA 合作 購物消費更方便
http://bit.ly/2WXpQpW
雷蛇「撈過界」搞Fintech 夥VISA開發虛擬預付方式
http://bit.ly/2ZJrjSu
台灣Pay是什麼?可以綁定哪些信用卡、金融卡
http://bit.ly/2J7KVcr
菲律賓版「支付寶」上線「植樹」功能
https://news.sina.com.tw/article/20190625/31751354.html
電子支付推出至今已裝2.2萬台設備
https://www.cyberctm.com/zh_TW/news/detail/2440679#.XRR6BugzbIU
銀聯電子支付將為找鋼網提供服務
https://read01.com/d020RGd.html#.XRR6CegzbIU
【北上消費】去深圳、廣州玩 必備的5款手機APP
http://bit.ly/2RF4hJJ
2019支付安全新趨勢:Visa引入AI防詐欺並推動線上支付新標準
https://www.ithome.com.tw/news/131496
WhatsApp Pay Faces One More Hurdle
https://www.bankinfosecurity.in/whatsapp-pay-faces-one-more-hurdle-a-12674
4.虛擬貨幣/區塊鍊 新聞及資安
史上規模最大「東京 Coincheck 交易所駭客事件」案情逆轉,主謀可能是「俄羅斯駭客」
https://www.blocktempo.com/russian-hackers-may-have-carried-out-largest-ever-crypto-exchange-theft/
安全預警:互融雲交易所繫統存在高危漏洞,100多家交易所存在數據洩露風險
http://www.coinvoice.cn/41298.html
Bitfinex 預告 26 日進行停機系統升級、2016 年駭客案主謀已落網
https://blockcast.it/2019/06/24/bitfinex-going-offline-for-upgrade-on-26-israeli-brothers-arrested-for-2016-bitfinex-hack-case/
金融科技成為洗錢新工具? ICO的匿名和去中心化技術成為監管漏洞
http://bit.ly/2WVzRUt
科技部產學小聯盟 引領區塊鏈多元應用
https://www.chinatimes.com/newspapers/20190625000485-260210?chdtv
臉書發幣比特幣應聲破萬,各國監管部門眾說紛紜
http://news.knowing.asia/news/5cd58403-5373-4778-8bf5-19f234a15578
臉書推加密貨幣 澳洲央行:許多監管問題需要解決
https://ec.ltn.com.tw/article/breakingnews/2830995
英國央行總裁:主要央行將希望監管數字貨幣Libra
https://news.sina.com.tw/article/20190623/31722116.html
Libra「抄襲」比特幣?五個方面讀懂兩者的區別
https://news.sina.com.tw/article/20190622/31715906.html
刺激消費宣導市政 新北擬推「新北幣」
https://m.ltn.com.tw/news/local/paper/1298110
關注 Facebook 幣,金管會:若涉儲值跨境匯兌就要管
https://technews.tw/2019/06/22/facebook-libra/
陳其邁:政院將成立台灣區塊鏈聯盟
https://www.chinatimes.com/newspapers/20190626000299-260202?chdtv
陳其邁:高雄幣的應用範圍應該更大!從這三個例子來看「社區貨幣」的崛起
http://bit.ly/2xfSmbP
以太坊合成資產發行平台 Synthetix 遭遇攻擊損失 3700 萬枚代幣
https://news.cnyes.com/news/id/4345623
CEO驟逝而鎖死的虛擬貨幣 會計報告指生前早挪為私用
https://www.taiwannews.com.tw/ch/news/3731790
臉書貨幣Libra 英國央行擬允「隔夜存款」
http://bit.ly/31YRRkv
「臉書幣」Libra還沒上市 各國央行已深感威脅
https://www.cmmedia.com.tw/home/articles/16248
臉書幣可在台灣用? 涉及這兩件事 必須要金管會核准
https://ec.ltn.com.tw/article/breakingnews/2829699
SWIFT 宣布開放區塊鏈公司使用 GPI 即時支付
https://news.cnyes.com/news/id/4345645
電子支票將納加密貨幣交易
http://bit.ly/2Ljve4B
末日博士魯比尼:區塊鏈真的「去中心化」?它的集中程度超越北韓啊
https://buzzorange.com/techorange/2019/06/27/roubini-say-blockchain-is-a-liar/
Forget Bitcoin, Our Future is Moneyless
https://medium.com/swlh/forget-bitcoin-our-future-is-moneyless-b2d229accef3
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
Bitdefender與警方聯手釋出勒索軟體GandCrab最新版解密工具
https://www.ithome.com.tw/news/131326
勒索軟體「GandCrab」幕後駭客狂賺20億後宣布收手
https://cnews.com.tw/140190623a02/
佛州Riviera Beach市遭勒索軟體攻擊,市議會表決同意支付60萬美元贖金
https://www.ithome.com.tw/news/131422
遭勒索軟體攻擊的佛州Lake City,也同意支付42個比特幣的贖金
https://www.ithome.com.tw/news/131506
惡意軟體利用 Android 手機跟平板漏洞,用你的手機幫駭客挖礦
https://www.blocktempo.com/trendmicro-detects-crypto-mining-malware-affecting-android-devices/
Mac惡意程式OSX/Linker企圖開採Gatekeeper漏洞
https://www.ithome.com.tw/news/131485
雖然低調但依然存在的勒索病毒~使用 勒索病毒剋星 來遠離勒索病毒的威脅
https://blog.trendmicro.com.tw/?p=60927
勒索病毒導致美國俄亥俄州巴爾的摩郡政府以及兩家醫療機構服務暫時中斷
https://blog.trendmicro.com.tw/?p=60964
Two Florida Cities Paid $1.1 Million to Ransomware Hackers This Month
https://thehackernews.com/2019/06/florida-ransomware-attack.html
UK ransomware firm ‘helps’ victims by paying off hackers, tacking on massive fee
https://www.zdnet.com/article/sting-shows-ransomware-firm-helps-victims-by-paying-off-hackers-tacking-on-fee/#ftag=RSSbaffb68
Riltok banking trojan begins targeting Europe
https://www.terabitweb.com/2019/06/25/the-riltok-banking-trojan-has-set-its-sights-for-the-european-market-after-a-few-modifications/
This botnet exploits Android Debug Bridge to mine cryptocurrency on your device
https://www.zdnet.com/article/this-botnet-spreads-through-ssh-to-mine-for-cryptocurrency/#ftag=RSSbaffb68
New Bird Miner malware targets Mac pirates
https://www.zdnet.com/article/new-bird-miner-cryptocurrency-miner-targets-mac-pirates/#ftag=RSSbaffb68
New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched
https://thehackernews.com/2019/06/macos-malware-gatekeeper.html
New Mac malware abuses recently disclosed Gatekeeper zero-day
https://www.zdnet.com/article/new-mac-malware-abuses-recently-disclosed-gatekeeper-zero-day/#ftag=RSSbaffb68
New Mac cryptominer Malwarebytes detects as Bird Miner runs by emulating Linux
https://blog.malwarebytes.com/mac/2019/06/new-mac-cryptominer-malwarebytes-detects-as-bird-miner-runs-by-emulating-linux/
New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched
https://thehackernews.com/2019/06/macos-malware-gatekeeper.html
This Cryptomining Malware Launches Linux VMs On Windows and macOS
https://thehackernews.com/2019/06/emulated-malware.html
DanaBot Banking Trojan Upgraded with ‘Non Ransomware’ Module
https://www.bleepingcomputer.com/news/security/danabot-banking-trojan-upgraded-with-non-ransomware-module/
Ransomware DanaBot Banking Trojan con modulo No ransomware
https://www.clasesordenador.com/ransomware-danabot-banking-trojan-con-modulo-no-ransomware/index.html
Radiohead’s ransom response shows novel approach for ransomware victims
https://blog.malwarebytes.com/ransomware/2019/06/radioheads-ransom-response-shows-novel-approach-for-ransomware-victims/
DHS CISA warns of Iranian hackers' habit of deploying data-wiping malware
https://www.zdnet.com/article/dhs-cisa-warns-of-iranian-hackers-habit-of-deploying-data-wiping-malware/#ftag=RSSbaffb68
How past threats and technical developments influence the evolution of malware
https://www.helpnetsecurity.com/2019/06/24/evolution-of-malware/
Fake Game of Thrones Video Files Embedded with Malware
https://www.webtitan.com/blog/fake-game-of-thrones-video-files-embedded-with-malware/
Analysis of the Uroburos malware with REVEN
https://blog.tetrane.com/2019/Analysis-Uroburos-Malware-REVEN.html
Malicious SYLK Files with MS Excel 4.0 Macros
https://blog.nviso.be/2019/06/25/malicious-sylk-files-with-ms-excel-4-0-macros/
Sodinokibi Ransomware Now Pushed by Exploit Kits and Malvertising
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-now-pushed-by-exploit-kits-and-malvertising/
Riltok mobile Trojan: A banker with global reach
https://securelist.com/mobile-banker-riltok/91374/
Malicious URL attacks using HTTPS surge across the enterprise
https://www.zdnet.com/article/social-engineering-attacks-surge-across-the-enterprise/#ftag=RSSbaffb68
New Silex malware is bricking IoT devices, has scary plans
https://www.zdnet.com/article/new-silex-malware-is-bricking-iot-devices-has-scary-plans/#ftag=RSSbaffb68
'Legit Apps Turned into Spyware' Targeting Android Users in Middle East
https://thehackernews.com/2019/06/android-malware-hacking.html
Second Florida City Pays Up Following Ransomware Attack
https://www.bankinfosecurity.com/second-florida-city-pays-up-following-ransomware-attack-a-12693
Police Arrest 6 in $28 Million Cryptocurrency Fraud Probe
https://www.bankinfosecurity.com/police-arrest-6-in-28-million-cryptocurrency-fraud-probe-a-12691
MFSocket: A Chinese surveillance tool
https://medium.com/@fs0c131y/mfsocket-a-chinese-surveillance-tool-58e8850c3de4
New Silex malware is bricking IoT devices, has scary plans
https://www.zdnet.com/article/new-silex-malware-is-bricking-iot-devices-has-scary-plans/
Exclusive: German Police Raid OmniRAT Developer and Seize Digital Assets
https://thehackernews.com/2019/06/police-raid-omnirat-developer.html
ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit
https://blog.trendmicro.com/trendlabs-security-intelligence/shadowgate-returns-to-worldwide-operations-with-evolved-greenflash-sundown-exploit-kit/
Android ransomware research
https://blog.trustlook.com/android-ransomware-research/
ViceLeaker Operation: mobile espionage targeting Middle East
https://securelist.com/fanning-the-flames-viceleaker-operation/90877/
Riltok mobile Trojan: A banker with global reach
https://securelist.com/mobile-banker-riltok/91374/
B.行動安全 / iPhone / Android /穿戴裝置 /App
美國考慮禁使用中國製5G設備 諾基亞、愛立信恐受影響
http://bit.ly/2x9TQEF
華為手機很可怕?以色列駭客:從掃地機器人到iPhone,都會被駭
https://futurecity.cw.com.tw/article/719
李濠仲專欄:「隱私 就是iPhone」
https://www.upmedia.mg/news_info.php?SerialNo=65631
FB 高層開嗆蘋果:產品超貴、有錢人專用俱樂部
https://3c.ltn.com.tw/news/37202
Google Play Store 暗藏陷阱?研究指出超過 2000 款危險 App
https://3c.ltn.com.tw/news/37188
臺灣電信研發力! 國產5G兩大關鍵技術大公開
https://www.ithome.com.tw/news/131397
微信號地下交易 黑色產業鏈驚人
https://www.chinatimes.com/newspapers/20190627000220-260309?chdtv
Important Flaw in Outlook App for Android Affects Over 100 Millions Users
https://thehackernews.com/2019/06/outlook-app-android.html
Symantec Mobile Threat Defense: New Google Update Could Mitigate OAuth Misuse Risk
https://www.symantec.com/blogs/feature-stories/symantec-mobile-threat-defense-new-google-update-could-mitigate-oauth-misuse-risk
Huawei ramps up its technological Cold War propaganda
https://www.zdnet.com/article/huawei-ramps-up-its-technological-cold-war-propaganda/#ftag=RSSbaffb68
Mobile apps riddled with high-risk vulnerabilities, warns report
https://nakedsecurity.sophos.com/2019/06/24/mobile-apps-riddled-with-high-risk-vulnerabilities-warns-report/
Mobile stalkerware: a long history of detection
https://blog.malwarebytes.com/android/2019/06/mobile-stalkerware-a-long-history-of-detection/
New security challenges await 5G planners, say APAC experts
https://www.computerweekly.com/news/252465575/New-security-challenges-await-5G-planners-say-APAC-experts
Here's how I survived a SIM swap attack after T-Mobile failed me - twice
https://www.zdnet.com/article/how-i-survived-a-sim-swap-attack-and-how-my-carrier-failed-me/#ftag=RSSbaffb68
Remote code execution bug lurked in BlueStacks Android emulator
https://www.zdnet.com/article/remote-code-execution-bug-lurked-in-bluestacks-android-emulator/#ftag=RSSbaffb68
C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
「人」是資安問題的癥結
https://www.edntaiwan.com/news/article/20190625NT71-are-people-the-problem-with-infosec
駭客入侵,害人不淺
http://www.csbc.com.tw/Community/108/1080626-1.php
早期警報預知事故發生 立即善後恢復日常營運 活用偵測原則做好把關 構築防禦長城決戰境外
https://www.netadmin.com.tw/netadmin/zh-tw/technology/E60F9D4E98C24FEFA78A0B8926B1516A
CSC宣布媒體業的網路安全調查結果
https://news.sina.com.tw/article/20190624/31728358.html
google帳號遭入侵 她報案怨遭警「半推半就」冷處理
https://news.ltn.com.tw/news/society/breakingnews/2835874
CloudFlare 多個代管網站因 BGP 路由洩露,一度無法連線
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=882
如何「看穿」駭客攻擊手法
https://www.ithome.com.tw/voice/131279
Nexusguard威脅報告顯示DDoS受僱型網站受聯邦調查局打擊後仍捲土重來
https://money.udn.com/money/story/12987/3890972
【PwC HackaDay 2019】科大生技壓黑客大賽 解題得分三年最高
http://bit.ly/2J8zy3N
【邪惡暗網侵台1】綁架暗殺交易平台 恐怖暗網在台擴散
https://www.mirrormedia.mg/story/20190625soc001
【邪惡暗網侵台2】嗆殺美女議員綁架富商 他們都躲在暗網裡
https://www.mirrormedia.mg/story/20190625soc002/
【邪惡暗網侵台3】女學生人間蒸發 他連殺13人從暗網學溶屍
https://www.mirrormedia.mg/story/20190625soc003/
【邪惡暗網侵台4】代刨祖墳扎愛滋針 各種犯罪暗網都有賣
https://www.mirrormedia.mg/story/20190625soc004/
【邪惡暗網侵台5】連FBI都抓不到 虛擬幣成暗網幫凶
https://www.mirrormedia.mg/story/20190625soc005/
【邪惡暗網侵台6】極血腥禁忌影像 暗網都找得到
https://www.mirrormedia.mg/story/20190625soc006/
【邪惡暗網侵台7】美軍實險室流出 加密情報網淪犯罪天堂
https://www.mirrormedia.mg/story/20190625soc007/
【邪惡暗網侵台8】連鎖飯店遭駭 1.3億人個資網路便宜賣
http://bit.ly/2xdcJ9F
傳微軟以資安為由,禁止員工用Slack,不鼓勵使用AWS、Google Docs等產品
https://www.ithome.com.tw/news/131438
美網安公司報告:華為設備有隱蔽通道 從未告知客戶
https://www.ntdtv.com/b5/2019/06/26/a102609965.html
【華為危機】設備系統存隱蔽後門 《華爾街日報》:可讓華為記錄訊息
https://hk.news.appledaily.com/china/realtime/article/20190627/59761918
華為半數以上電信設備有駭客能運用的漏洞,仍無法斷言是故意設計的後門
http://bit.ly/2KGqcPW
報告顯示華為設備遠比競爭對手設備更易受駭客攻擊
https://on.wsj.com/2J7KOxk
川習會前夕!傳華為員工曾跟解放軍合作、設備易遭駭
https://www.moneydj.com/KMDJ/News/NewsViewer.aspx?a=7059644b-6146-4945-9448-a4426dd899aa
美媒揭祕:華為員工與中共軍方合作研究
http://www.epochtimes.com/b5/19/6/27/n11348734.htm
TESLA導航系統出現漏洞,駭客輕鬆遠端攻擊
https://www.lian-car.com/articles/read/29131.html
Tesla 導航系統漏洞被發現,駭客能讓車突然急轉彎
https://auto.ltn.com.tw/news/12952/3
網路戰不分平時和戰時 關鍵時候突然致命一擊
http://bit.ly/2Jga199
如何應對國家級網路攻擊?像朱日和一樣用藍軍練兵
http://bit.ly/2J8vyAe
資安冏很大/盜帳號、奪虛寶…7成駭客抓不到
https://news.ltn.com.tw/news/society/paper/1297738
網路犯罪多!莫莉、蔡哥也遭殃 IP設海外「警破案率僅2成9」
https://www.ettoday.net/news/20190622/1472854.htm
中國大陸網絡安全漏洞將何去何從——簡析《網絡安全漏洞管理規定(徵求意見稿)》
http://www.junhe.com/law-reviews/967
為防網絡攻擊 中國召開工業信息安全大會
http://economics.dwnews.com/big5/news/2019-06-24/60138530.html
全球電信業者疑遭駭侵團體滲透,長期竊取通聯資料
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=883
中國政府是幕後主謀?駭客攻擊全球電信系統從事間諜活動
https://news.cnyes.com/news/id/4345950?exp=a
駭客猛攻各國電信公司 資安報告指出與中國有關
https://news.ltn.com.tw/news/world/breakingnews/2832991
報告:中國駭客長年駭入全球多家電信公司竊取個人通話資料,臺灣、香港被當成攻擊基地
https://www.ithome.com.tw/news/131476
Hackers steal data from telcos in espionage campaign: cyber firm
https://www.reuters.com/article/us-cyber-telecoms-cybereason/hackers-hit-global-telcos-in-espionage-campaign-cyber-research-firm-idUSKCN1TQ0BC
OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers
Chinese Hackers Play Operator With Global Telcos
https://www.bankinfosecurity.com/chinese-hackers-play-operator-global-telcos-a-12684
中國國安部駭客竊取商業機密 入侵IBM等全球8家科技廠網路系統
https://www.upmedia.mg/news_info.php?SerialNo=66107
中國駭客入侵 全球知名科技大廠遭殃
https://udn.com/news/story/6811/3895057
習近平剛走川普親筆信就來 美國北韓僵局露曙光
http://bit.ly/2FuqOnF
找到華為禁運黑名單中合法漏洞,美光悄悄恢復出貨
https://www.xfastest.com/thread-229902-1-1.html
華為設備比對手更容易受駭 美官員:無法接受的風險
https://udn.com/news/story/6811/3893383
東南亞給機會... 菲國開通5G 核心設備來自華為
http://bit.ly/2L7QRVc
美報告:華為設備有巨大漏洞
http://bit.ly/2xd6lPx
川普擬禁美企5G設備用中國貨 勢將撼動全球製造業
http://bit.ly/2WW0Uza
美參院通過草案 華為與中興列「國安威脅」
https://tw.news.appledaily.com/international/realtime/20190626/1590253/
台專家:資訊戰導致內戰 中共欲「讓台灣亂」
http://www.epochtimes.com/b5/19/6/23/n11341256.htm
要贏得川普信任,大疆擬推美國政府版無人機
https://technews.tw/2019/06/25/to-win-trumps-trust-dajiang-plans-to-push-the-us-government-version-of-the-drone/
美國對伊朗祭出「重磅」新制裁,誓言斬斷德黑蘭金融命脈
https://www.storm.mg/article/1419250?srcid=73746f726d2e6d675f6e756c6c_1561425054
CISA警告要小心伊朗的網路攻擊
https://www.ithome.com.tw/news/131452
美伊網攻開打 姿態強硬不退讓
http://bit.ly/2J3oQeV
不空襲但網攻,美國網軍攻擊伊朗軍事指揮設施
https://technews.tw/2019/06/24/no-airstrike-but-still-needs-cyber-attack-us-cyber-army-attacks-iranian-military-command-structure/
美伊局勢升溫 伊朗駭客攻擊美政府單位
https://udn.com/news/story/120591/3886639?from=udn-catelistnews_ch2
報復油輪遇襲 美網攻伊朗間諜組織
https://www.chinatimes.com/realtimenews/20190622002592-260408?chdtv
川普下令!美軍駭客對伊朗軍用電腦展開網路攻擊
https://m.ltn.com.tw/news/world/breakingnews/2830969
美軍網戰反恐 癱瘓伊朗火箭導彈發射系統
http://www.epochtimes.com/b5/19/6/23/n11340956.htm
川普下令網攻伊朗飛彈發射系統
https://www.chinatimes.com/newspapers/20190624000507-260119?chdtv
美國癱瘓伊朗飛彈系統 伊朗駭客偷襲美國政府
https://udn.com/news/story/6811/3888921
美伊網戰開打!美癱瘓伊飛彈系統 伊駭客攻美政府和油氣
http://www.mesotw.com/bbs/viewthread.php?tid=84973
美伊駭客開打!牛彈琴:人類戰爭史上第一次的「超限戰」開始了
https://www.ettoday.net/news/20190624/1474464.htm
「藍色,是烈士最喜歡的顏色」蘇丹遭全國斷網,聲援者在社群發動「藍色革命」
http://bit.ly/2LhqDzA
韓國政黨聲援香港反送中 臉書遭攻擊
http://www.epochtimes.com/b5/19/6/21/n11337770.htm
《蘋果》網站再遭攻擊 記者被電話騷擾 壹傳媒CEO:兵來將擋
https://tw.appledaily.com/new/realtime/20190622/1588087/
美國太空總署遭駭調查:駭客以Raspberry Pi作為跳板滲透NASA網路
https://www.ithome.com.tw/news/131423
駭客只用一塊樹莓派,就成功入侵 NASA
https://www.inside.com.tw/article/16711-hackers-steal-nasa-data-raspberry-pi
JPL探測火星資料遭駭 一年後才發現
https://udn.com/news/story/6812/3889560
NASA網路曾遭駭客入侵,火星義務數據被盜
http://bit.ly/2Nisyqe
駭客在去年利用樹莓派竊取 NASA 約 500MB 資料
https://www.cool3c.com/article/145295
國際產經:資安公司報告稱駭客闖入全球數家電信系統進行間諜活動,中國涉嫌重
http://bit.ly/2RwJR5z
Nexusguard威脅報告顯示DDoS受僱型網站受聯邦調查局打擊後仍捲土重來
https://money.udn.com/money/story/12987/3890972
DDoS Threat Report 2019 Q1
https://www.nexusguard.com/threat-report-q1-2019
IRANIAN HACKERS LAUNCH A NEW US-TARGETED CAMPAIGN AS TENSIONS MOUNT
https://www.wired.com/story/iran-hackers-us-phishing-tensions/
IRAN SHOOTS DOWN A U.S. DRONE, APPLE RECALLS MACBOOK BATTERIES, AND MORE NEWS
https://www.wired.com/story/iran-drone-surveillance-apple-macbook-recall/
US launches cyber-attack aimed at Iranian rocket and missile systems
https://www.zdnet.com/article/us-launches-cyber-attack-aimed-at-iranian-rocket-and-missile-systems/#ftag=RSSbaffb68
Data of 645k Oregonians exposed after nine DHS employees fell for a phishing attack
https://www.zdnet.com/article/data-of-645k-oregonians-exposed-after-nine-dhs-employees-fell-for-a-phishing-attack/#ftag=RSSbaffb68
NASA hacked because of unauthorized Raspberry Pi connected to its network
https://www.zdnet.com/article/nasa-hacked-because-of-unauthorized-raspberry-pi-connected-to-its-network/#ftag=RSSbaffb68
Free proxy service found running on top of 2,600+ hacked WordPress sites
https://www.zdnet.com/article/free-proxy-service-found-running-on-top-of-2600-hacked-wordpress-sites/#ftag=RSSbaffb68
OpenSSH gets protection against attacks like Spectre, Meltdown, Rowhammer, and Rambleed
https://www.zdnet.com/article/openssh-gets-protection-against-attacks-like-spectre-meltdown-rowhammer-and-rambleed/#ftag=RSSbaffb68
NASA's Jet Propulsion Lab a Frequent Hack Victim: Audit
https://www.bankinfosecurity.com/nasas-jet-propulsion-lab-frequent-hack-victim-audit-a-12679
Hackers breach NASA, steal Mars mission data
https://www.welivesecurity.com/2019/06/24/nasa-breach-mars-raspberry-pi/
DHS: Conflict With Iran Could Spur 'Wiper' Attacks
https://www.bankinfosecurity.co.uk/dhs-conflict-iran-could-spur-wiper-attacks-a-12682
U.S. Government Warns of Data Wipers Used in Iranian Cyberattacks
https://www.bleepingcomputer.com/news/security/us-government-warns-of-data-wipers-used-in-iranian-cyberattacks/
Alleged AlphaBay Moderator Faces Racketeering Charges
https://www.bankinfosecurity.com/alleged-alphabay-moderator-faces-racketeering-charges-a-12683
Anonymous hacker exposed after dropping USB drive while throwing Molotov cocktail
https://www.zdnet.com/article/anonymous-hacker-exposed-after-dropping-usb-drive-while-throwing-molotov-cocktail/#ftag=RSSbaffb68
RDP Security Explained
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/rdp-security-explained/
FedEx sues US over screening requirements in Huawei dispute as China tensions rise
https://www.cnbc.com/2019/06/25/fedex-sues-us-over-screening-requirements-in-huawei-dispute-as-china-tensions-rise.html
ICO slams UK Met Police for failure to handle public data requests
https://www.zdnet.com/article/ico-slams-metropolitan-police-service-for-public-data-request-backlog/
Tech Support Scammers Target Search Ads on ISP Start Pages
https://www.bleepingcomputer.com/news/security/tech-support-scammers-target-search-ads-on-isp-start-pages/
DDoS-for-Hire Services Doubled in Q1
https://www.darkreading.com/perimeter/ddos-for-hire-services-doubled-in-q1-/d/d-id/1335042
【HITCON 找人才 X 徵夥伴】We are hiring
https://blog.hitcon.org/2019/06/hitcon-job-hiring.html?m=1
中華電信換新血戰5G 估將招募1600人
http://bit.ly/2Ydx8Hy
徵才歷年之最 中華電招募1600人
https://www.chinatimes.com/newspapers/20190627000712-260110?chdtv
中華電信招新人 要建構500人AI團隊
https://udn.com/news/story/7269/3893195?from=udn-ch1_breaknews-1-cate9-news
中華電徵才 薪資上看48K
https://udn.com/news/story/7240/3893515
中華電因應退休潮 畢業季徵才起薪最高48K
https://www.cna.com.tw/news/afe/201906260214.aspx
中華電AI戰隊 擴至500人
https://money.udn.com/money/story/5612/3894898
[徵才] AI工程師_資策會資安所
https://www.ptt.cc/bbs/Soft_Job/M.1561183911.A.EAE.html
國網中心/網路與資安組 AI前瞻專案計畫人員/1名(AI-20)
https://www.104.com.tw/job/6iw17
兆豐銀行108年大數據人員暨資訊人員甄選
https://wwwfile.megabank.com.tw/news/news_01.asp?sno=2547
全端工程師
https://www.ditstartup.com/copy-of-hiskio
資安監控工程師(約聘)
https://www.104.com.tw/job/3iqxk
資安工程師
https://www.cakeresume.com/companies/pro-104-vip-cust-custmaster-cb82dc/jobs/security-engineer-8c991f
財團法人保險事業發展中心國際事務處徵求工讀人員1名
http://www.ins.tku.edu.tw/app/news.php?Sn=1427
商科系尤佳【年度熱門職缺】銀行存匯櫃員 ★ 月薪30000起,完善訓練與福利 (新北 ) 1688-D25
https://www.104.com.tw/job/6nlov?jobsource=freshman2009
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
網購化妝品險被詐 付款後網頁變英文
https://news.ltn.com.tw/news/society/breakingnews/2826394
香港上海滙豐銀行有限公司6月21日發布偽冒電子郵件網路釣魚活動聲明
https://www.about.hsbc.com.hk/-/media/hong-kong/zh-hk/news-and-media/190621-hsbc-warns-against-phishing-email-chi.pdf
新加坡銀行於6月24日發布公告發現2個偽冒釣魚網站
https://www.bankofsingapore.com/media-releases/2019/alert-on-two-fraudulent-mobile-applications-24-jun.html
東亞銀行於6月24日發布公告發現偽冒釣魚網站
https://www.hkbea.com/pdf/tc/about-bea/new-release/2019/20190624tc.pdf
一頁式廣告詐騙 刑事局揭6大特徵
https://www.cna.com.tw/news/asoc/201906260208.aspx
臉書一頁式詐騙夯! 資安公司供LINE防詐機器人防堵
https://www.ettoday.net/news/20190626/1475928.htm
侯昌明、曾雅蘭照片遭盜 刑事局:一頁式廣告充滿詐騙
https://news.ltn.com.tw/news/society/breakingnews/2834465
當心! 網徵「手遊測試員」 民憂恐成盜刷幫兇
https://news.tvbs.com.tw/life/1155494
最常遭到網釣攻擊濫用的品牌前三名為微軟、OneDrive與蘋果
https://www.ithome.com.tw/news/131487
重大資安漏洞!銓敘部驚傳近60萬筆公務人員個資外洩
https://www.ftvnews.com.tw/news/detail/2019625W0001
銓敘部遭駭,超過20萬名中央及地方公務官員個資外洩
https://www.ithome.com.tw/news/131450
政府資安再傳重大漏洞!銓敘部坦承:24萬筆文官個資外泄
https://www.storm.mg/article/1419813?srcid=73746f726d2e6d675f6e756c6c_1561430554
銓敘部個資外洩通知
https://www.mocs.gov.tw/pages/detail.aspx?Node=38&Page=6144&Index=1
銓敘部外洩59萬筆個資 調查局積極追駭客
https://news.tvbs.com.tw/local/1155424
59萬個資外洩 陳其邁:力堵資安漏洞
https://udn.com/news/story/6656/3891530?from=udn-ch1_breaknews-1-cate1-news
歷史資料外洩 銓敘部全面檢視資安防護
https://www.chinesenews-tv.com/index.php?s=/Article/detail/id/5975.html
顢頇銓敘部爆狂洩個資 陳其邁說話了
http://bit.ly/2X1M5uP
獨》國安危機 銓敘部個資外洩情治人員全都露
https://www.chinatimes.com/realtimenews/20190626001266-260402?chdtv
數十萬文官個資外洩 立委:推電子投票宜三思
http://bit.ly/2xgfyqx
24萬文官資料外洩 調查局立案調查
https://udn.com/news/story/6656/3894939
銓敘部文官個資外洩 陳其邁:全力清查資安漏洞
https://news.wearn.com/c256823.html
文官資料遭駭 國安局:調查局已立案偵辦
https://udn.com/news/story/6656/3894432
銓敘部個資外洩 國安局:調查局已立案偵辦
https://www.cna.com.tw/news/aipl/201906260316.aspx
股神波克夏公司旗下房地產APP 遭爆洩漏用戶個資
https://ec.ltn.com.tw/article/breakingnews/2829924
英首相熱門人選陷暗殺疑雲 俄製假新聞被抓包
https://tw.news.appledaily.com/international/realtime/20190624/1588789/
釣魚電郵攻美政府 伊朗處決CIA間諜
https://tw.news.appledaily.com/international/realtime/20190624/1588788/
搜集喜好、記錄定位、記得你網購內衣的顏色…華郵專欄作家:Chrome是網路世界最大偷窺狂
https://www.storm.mg/article/1415413?srcid=73746f726d2e6d675f6e756c6c_1561359820
臉書小測驗 暗藏個資外洩危機
http://bit.ly/2KzUx2E
在社交媒體打卡 小心引賊入室
https://udn.com/news/story/6812/3895801
窮錯了嗎?「存款只剩一千塊」 詐騙集團嗆:可以去死了
https://www.nownews.com/news/20190623/3457347/
理財分析師1人飾多角 長沙男子假冒證券公司人員詐騙
https://news.sina.com.tw/article/20190623/31722816.html
利用「系統漏洞」刷單獲利885萬,是詐騙還是盜竊
https://kknews.cc/society/gjknbq9.html
日護衛艦長打海盜邊打卡!GPS定位全曝光
https://fnc.ebc.net.tw/FncNews/world/85886
高級督察及助理指揮官資料被公開 警方:跟進到底
http://bit.ly/2xeRZ1p
國際駭客集團向港府宣戰!公布628名港警個資
https://news.ltn.com.tw/news/world/breakingnews/2835708
遺失手機洩個資? 急清除資料「防盜刷」
http://bit.ly/2IRDozx
華美電子海外假交易掏空42億 共犯到案遭訴
https://udn.com/news/story/7321/3895316
假交友真詐騙 國壽客服成功攔阻老翁匯出50萬
https://m.ctee.com.tw/livenews/ch/a91617002019062615175242
User data stolen from ‘human hacking’ forum Social Engineered, published on rival site
https://www.zdnet.com/article/user-data-stolen-from-human-hacking-forum-social-engineered-published-on-rival-site/#ftag=RSSbaffb68
Government is exposing identities of child abuse victims
https://nakedsecurity.sophos.com/2019/06/21/government-is-exposing-identities-of-child-abuse-victims/
Fresh “video games” site welcomes new users with Steam phish
https://blog.malwarebytes.com/social-engineering/2019/06/fresh-video-games-site-welcomes-new-users-with-steam-phish/
Report shows failures at eight US agencies in following cyber-security protocols
https://www.zdnet.com/article/report-shows-failures-at-eight-us-agencies-in-following-cyber-security-protocols/#ftag=RSSbaffb68
E.研究報告
Elastic在套裝軟體加入SIEM網路安全工具
https://www.ithome.com.tw/news/131488
TP-Link Wi-Fi擴展器遠程代碼執行漏洞分析
https://zhuanlan.zhihu.com/p/70093955
CVE-2019-8452:Check Point VPN本地提權漏洞分析
https://www.anquanke.com/post/id/181006
DACL Permissions Overwrite Vulnerability in Check Point VPN CVE-2019-8452
https://bordplate.no/blog/en/post/check-point-file-permissions-overwrite/
“方程式組織”攻擊中東SWIFT服務商事件复盤分析報告
https://www.freebuf.com/articles/paper/205080.html
利用ike-scan與psk-crack破解預先共用的金鑰
https://www.uuu.com.tw/Public/content/article/19/20190624.htm
【駭客戰略定義更廣、偵測類別定義更細】快速認識ATT&CK框架的最新變化
https://www.ithome.com.tw/news/131275
CVE-2019-0948:Microsoft Management Console (MMC)漏洞
https://xz.aliyun.com/t/5439
ThinkPHP5漏洞分析之SQL注入
https://www.freebuf.com/column/206599.html
漏洞環境快速搭建_Vulhub
https://www.lizenghai.com/archives/13269.html
為什麼國際頂級黑客,幾乎都是自學成才
https://read01.com/J8DJRjG.html#.XRBmSugzbIU
Nikto漏洞掃描工具簡介
https://zhuanlan.zhihu.com/p/70225775
網站滲透測試服務之短信轟炸漏洞挖掘與修復
http://blog.itpub.net/31542418/viewspace-2648424/
Web漏洞監測及修復方案
https://www.twblogs.net/a/5d101e86bd9eee1ede048d70
路由器0day漏洞挖掘實戰
https://www.anquanke.com/post/id/180714
非對稱式Security Boot/Security Update的實作
http://www.ctimes.com.tw/DispArt/tw/1906251409D7.shtml
vSAN 6.7 Update 1 的 RSS Engine 問題導致 PSOD
https://www.weithenn.org/2019/06/vsan-67-update-1-rss-engine-psod.html
CVE-2019-8635:MacOS的提權及任意代碼執行漏洞分析
https://www.anquanke.com/post/id/180880
使用honggfuzz挖掘VLC的一個雙無RCE漏洞
https://www.anquanke.com/post/id/181017
結合CVE-2019-1040 漏洞的兩種域提權利用深度分析
https://paper.seebug.org/962/
CVE-2019-12592:印象筆記Chrome擴展漏洞分析
https://cloud.tencent.com/developer/article/1450855
TenSec 2019 安全議題ppt 公開
https://share.weiyun.com/5NJL3uq
Linux 內核TCP 協議多個SACK 功能拒絕服務漏洞分析
https://paper.seebug.org/960/
CVE-2019-11477:Linux 內核中TCP協議棧整數溢出漏洞詳細分析
https://paper.seebug.org/959/
Ptsecurity發布的《2019手機應用漏洞與威脅報告》
http://bit.ly/2FESk1K
DarkHotel 針對中國外貿人士的最新攻擊活動披露
https://s.tencent.com/research/report/741.html
Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques
https://link.springer.com/article/10.1007/s11416-019-00335-w
Operation Crack: Hacking IDA Pro Installer PRNG from an Unusual Way
https://devco.re/blog/2019/06/21/operation-crack-hacking-IDA-Pro-installer-PRNG-from-an-unusual-way-en/
CPR-Zero: The Check Point Research Vulnerability Repository - Check Point Research
https://research.checkpoint.com/cpr-zero-the-check-point-research-vulnerability-repository/
Linux.Ngioweb Malware
https://blog.netlab.360.com/an-analysis-of-linux-ngioweb-botnet/
Dark Tracer
http://darktracer.io/
mozilla/MozDef
https://github.com/mozilla/MozDef
The deep-dive into how Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Monday
https://blog.cloudflare.com/the-deep-dive-into-how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-monday/
20 Hours, $18, and 11 Million Passwords Cracked
https://hackernoon.com/20-hours-18-and-11-million-passwords-cracked-c4513f61fdb1
CVE-2019-8635: Double Free Vulnerability in Apple macOS Lets Attackers Escalate System Privileges and Execute Arbitrary Code
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-8635-double-free-vulnerability-in-apple-macos-lets-attackers-escalate-system-privileges-and-execute-arbitrary-code/
How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today
https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/#disqus_thread
Building a Malware Analysis Lab: Become a Malware Analysis Hunter in 2019
https://www.alienvault.com/blogs/security-essentials/building-a-home-lab-to-become-a-malware-hunter-a-beginners-guide
Buffer Overflows, C Programming, NSA GHIDRA and More
https://www.exploit-db.com/docs/47032
Flaws in the BlueStacks Android emulator allows remote code execution and more
https://www.chainnews.com/articles/187604605853.htm
Apple TV and Apple Watch Forensics 01: Acquisition
https://blog.elcomsoft.com/2019/06/apple-tv-and-apple-watch-forensics-01-acquisition/
Apple Watch Forensics 02: Analysis
https://blog.elcomsoft.com/2019/06/apple-watch-forensics-02-analysis/
F5 Networks Endpoint Inspector – Browser-to-RCE
https://www.pentestpartners.com/security-blog/f5-networks-endpoint-inspector-browser-to-rce/
olafhartong/sysmon-cheatsheet
https://github.com/olafhartong/sysmon-cheatsheet
VulnerableContainers.org
https://vulnerablecontainers.org/
MobilBye: Attacking ADAS with Camera Spoofing
https://arxiv.org/abs/1906.09765
Skiptracing Part 2: iOS
https://medium.com/@lerner98/skiptracing-part-2-ios-3c610205858b
Windows: Windows Font Cache Service Insecure Sections EoP - project-zero - Monorail
https://bugs.chromium.org/p/project-zero/issues/detail?id=1800
Hexext - A plugin for extending Hexrays 7.0 via microcode
https://forum.reverse4you.org/t/hexext-a-plugin-for-extending-hexrays-7-0-via-microcode/10631
tarantula-team/CVE-2019-12949
https://github.com/tarantula-team/CVE-2019-12949/
Thumbs Up: Using Machine Learning to Improve IDA’s Analysis
https://research.checkpoint.com/thumbs-up-using-machine-learning-to-improve-idas-analysis/
fox-it/cve-2019-1040-scanner
https://github.com/fox-it/cve-2019-1040-scanner
Running iOS in QEMU to an interactive bash shell (2): research
https://alephsecurity.com/2019/06/25/xnu-qemu-arm64-2/
mgeeky/Stracciatella
https://github.com/mgeeky/Stracciatella
Self-defenseless – Exploring Kaspersky’s local attack surface
https://blog.silentsignal.eu/2019/06/24/self-defenseless-exploring-kasperskys-local-attack-surface/
0xffff0800/muddyc3
https://github.com/0xffff0800/muddyc3
F.商業
中華電信攜手 Akamai,建立內容遞送網路服務策略夥伴關係
http://technews.tw/2019/06/20/cht-wz-akamai-on-cdn/
何謂託管式偵測及回應 ( MDR )
https://blog.trendmicro.com.tw/?p=60557
精誠再辦攻防電競賽 模擬企業運營資安問題
https://www.cna.com.tw/news/ait/201906250067.aspx
評估資安設備需多方考量,不能只看廠商資料表
https://ithome.com.tw/news/131386
企業的下一個挑戰:如何為全公司的容器和大型應用程式提供最佳防護
https://blog.trendmicro.com.tw/?p=60583
雲端資安需求成長空間仍大 Palo Alto藉AI與ML建立防護模型
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000562936_70z8vvey4y4gnh5y07ek5
不靠電信商自己來!Google開發新一代免收費的簡訊服務RCS
https://www.techbang.com/posts/70948-dont-rely-on-the-telecommunications-company-itself-google-develops-next-generation-fee-free-messaging-service-rcs
整合4大雲端資安防護 Palo Alto Networks推出「Prisma」
https://www.ettoday.net/news/20190625/1475134.htm
精誠宣布結盟美軟體新創 助企業加速朝雲發展
https://udn.com/news/story/7240/3895902
未來數位科技安全該如何認識合格供應商與信賴服務供應商
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=8733
讓用戶安心上雲!資安大廠Palo Alto Networks接連併購2家新創,還推出新防護工具
http://bit.ly/2Yh1Nne
企業的下一個挑戰:如何為全公司的容器和大型應用程式提供最佳防護
https://blog.trendmicro.com.tw/?p=60583
微軟為你打造 OneDrive 當中的「金庫」
http://chinese.engadget.com/2019/06/26/microsoft-onedrive-personal-vault-security-2fa-storage-increase/
Oracle adds dedicated Autonomous Database instances, developer tools
https://www.zdnet.com/article/oracle-adds-dedicated-autonomous-database-instances-developer-tools/#ftag=RSSbaffb68
Microsoft Adds 2FA-Protected "Personal Vault" Within OneDrive Cloud Storage
https://thehackernews.com/2019/06/microsoft-onedrive-personal-vault.html
Microsoft's new Windows Terminal is now available in the Store
https://www.zdnet.com/article/microsofts-new-windows-terminal-is-close-to-release-in-the-store/#ftag=RSSbaffb68
McAfee sues former sales team over alleged leak of trade secrets to rival firm
https://www.zdnet.com/article/mcafee-sues-former-employees-over-alleged-leak-of-trade-secrets-to-rival-firm/#ftag=RSSbaffb68
G.政府
打假訊息!政院通過修法 散播動植物疫情謠言者最高罰100萬
https://tw.news.appledaily.com/politics/realtime/20190627/1590696/
李副總長主持東部網安講習 落實資安防護作為
https://n.yam.com/Article/20190624679685
網安巡迴講習 落實資安管控降風險
http://bit.ly/2JarNu6
通資安全即軍紀安全 國軍落實營區安全資訊管控
https://www.ettoday.net/news/20190625/1474484.htm
網安巡講到金門 落實資安防駭
http://bit.ly/2IQ1Z7O
韓國瑜「浴缸塞子說」爆資安危機 神秘人「冒充2親信」竊取講稿
https://www.ettoday.net/news/20190626/1475592.htm
冒名韓親信 駭客入侵竊講稿
https://www.chinatimes.com/newspapers/20190627000663-260102?chdtv
幕僚電郵遭冒名竊講稿 韓國瑜:非常可怕
https://udn.com/news/story/11311/3894908
駭客對韓國瑜展開攻擊
http://blog.udn.com/Horace2007/127770854
韓早就懷疑被監控? 換辦公室、不住官邸
https://udn.com/news/story/11311/3894940
募兵大躍進 國防部長嚴德發:明年可達編現90%
https://tw.news.appledaily.com/politics/realtime/20190627/1590648/
資安稽核程序與項目
http://bit.ly/2IUf14c
資通支援一大隊 漢光實兵資安保密暨行安講習
https://tnews.cc/022/newscon1_220806.htm
H.ICS/SCADA 工控系統
奇安信左英男:工業主機和工業大數據安全問題亟待解決
https://news.sina.com.tw/article/20190623/31720698.html
中國工業系統問題多 安全公司:50%中毒、100%有漏洞
http://bit.ly/2FvycyW
中國5G面臨風險 過半工控系統帶毒運行
http://www.epochtimes.com/b5/19/6/24/n11343105.htm
一個工控漏洞引發的思考
http://www.sohu.com/a/322769368_354899
advantech -- webaccess CVE-2019-3953
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3953
advantech -- webaccess CVE-2019-3954
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3954
healthnode_hospital_management_system_project CVE-2018-17393
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17393
I.教育訓練
Web安全滲透之經典漏洞解析
https://www.bilibili.com/video/av56820183/
Bypassing SSRF Protection
https://medium.com/@vickieli/bypassing-ssrf-protection-e111ae70727b
Google Docs help: How to restore your original version after collaborators make a mess
https://www.zdnet.com/article/google-docs-tip-how-to-restore-your-original-version-after-collaborators-make-a-mess/#ftag=RSSbaffb68
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
http://bit.ly/2YaHl7B
Google CTF Quals 2019 - JIT (pwn)
https://blog.idiot.sg/2019-06-24/google-ctf-quals-2019-jit/
J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
谷歌證實二手Nest安防攝像頭或被窺視 現已打上補丁
https://news.sina.com.tw/article/20190621/31714632.html
IoT 物聯網裝置的四個資安風險
https://blog.trendmicro.com.tw/?p=60834
歐盟委員會本周料發布AI指引
https://on.wsj.com/2Fwlgct
IoTセキュリティチェックリスト
https://www.jpcert.or.jp/research/IoT-SecurityCheckList.html
Labs report: Malicious AI is coming—is the security world ready
https://blog.malwarebytes.com/artificial-intelligence/2019/06/labs-report-malicious-ai-is-coming-is-the-security-world-ready/
6.近期資安活動及研討會
JCConf Taiwan 2019 Call for Proposals 6/1 ~ 6/30
https://twjug.kktix.cc/events/jcconf-2019-cfp
天黑請閉眼,與駭客的對話 6/29
https://tfc.kktix.cc/events/night-talk-hacking-hacker
Security Transformation for Next Generation 數位資安AI化 次世代轉型研討會 7/4
http://tw.systex.com/20190704_security_seminar_fb/
香港浸會大學國際學院7月6日舉辦「升學資訊日」7/6
http://bit.ly/2X77BDq
HackingThursday 固定聚會 7/4
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbgb/
2019 車用電子與車聯網資安種子教師研習營 7/4 ~ 7/5
http://www.kghs.kh.edu.tw/notice/11734
2019國際資訊安全組織台灣高峰會 7/9 ~ 7/11
https://csa.kktix.cc/events/2019con
Secure Summit APAC 2019 安全峰會 6 大領域提升資安水平 7/10 ~ 7/11
http://bit.ly/2WbONh5
工業局補助網路安全檢測教育訓練 7/10 ~ 7/12
https://www.accupass.com/event/1904080311551119077841
HackingThursday 固定聚會 7/11
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbpb/
智慧金屬與物聯網資安座談會 7/15
https://seminars.tca.org.tw/D15e02242.aspx
【資安講座】企業電子郵件資安,釣魚郵件與郵件詐騙解析、最新防護技術發展,更新大家的資安知識 7/16
https://www.techbang.com/posts/70854-lecture-corporate-email-security
HackingThursday 固定聚會 7/18
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbxb/
資安產學高峰論壇 7/18
https://www.accupass.com/event/1906140709596176666390
資安趨勢研討會 7/18
https://www.accupass.com/event/1906110041444881410360
第12屆台盧(森堡)經濟合作會議 7/19
http://registration.cieca.org.tw/visit/?d=74
5G+IoT美麗新世界的資安挑戰與機會研討會 7/18
http://iekweb2.iek.org.tw/IEKConf/Client/confinfo.aspx?mode=confinfo&conf_no=384953433
HackingThursday 固定聚會 7/25
https://www.meetup.com/hackingthursday/events/vkhnnqyzkbhc/
新加坡資安市場解密講座: 台灣資安浴血東南亞叢林戰鬥之起點-獅城站 7/26
https://ievents.iii.org.tw/eventS.aspx?t=0&id=547
CDX2.0推廣活動 - 台南場次 7/26
https://nchc-cdx.kktix.cc/events/cdxactivity-0726
The Virus Bulletin Conference 2019 8/1
https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/
資安事故處理實務課程 8/7 ~ 8/8
http://bit.ly/2VW0Lv9
DEF CON 27 2019/8/8–8/11
https://www.defcon.org/
數位鑑識處理實務 8/14 ~ 8/15
http://bit.ly/2VW0Lv9
台灣駭客年會 HITCON Summer Training 2019 - 學生報名 2019-08-19 ~ 2019-08-22
https://www.accupass.com/event/1906050919271598677460
WEB應用滲透測試 8/21 ~ 8/23
https://www.accupass.com/event/1904080221358963463590
台灣駭客年會 HITCON Community 2019 2019-08-23(五) 09:00 ~ 2019-08-24(六) 17:00 (GMT+8)
https://www.accupass.com/event/1906040921594609934250
資安法規與制度研析課程-108年度「資安人才培訓及國際推展計畫-資安專業人才培育深化課程」 8/29 ~ 8/30
http://www.cisanet.org.tw/News/activity_more?id=MTQzMw==
108年資安職能訓練-行動裝置安全(8/29-8/30)
https://cee.ksu.edu.tw/recruitinfo/1443.html
CDX2.0推廣活動 - 台北場次 9/10
https://nchc-cdx.kktix.cc/events/cdxactivity-0910
TANET 2019 - 臺灣網際網路研討會 9/25
https://www.twcert.org.tw/subpages/securityInfo/securityactivity_details.aspx?id=310
HITB+ CYBER WEEK 2019/10/12 ~17
https://d2p.hitb.org/
Splunk .conf 19 10/21 ~ 10/24
https://conf.splunk.com/
AIoT智能物聯網開發人才就業養成班[免費諮詢] 10/22
https://ittraining.kktix.cc/events/aiot-training-2019
Industrial Control Systems (ICS) Cyber Security Conference USA October 21 – 24, 2019
https://www.icscybersecurityconference.com
Japan Security Analyst Conference
https://jsac.jpcert.or.jp/
Google Drive
Gist
Clipboard
Sign in via Google
Sign in via Facebook
Sign in via X(Twitter)
Sign in via GitHub
Sign in via Dropbox
Sign in with Wallet
