資安事件新聞週報 2019/1/7 ~ 2019/1/11

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2019/1/7 ~ 2019/1/11 1.重大弱點漏洞網路印表機設備未正確設置存在漏洞 https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=3003 D-Link 路由器部分產品發現可進行遠端執行程式碼漏洞 https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5077 Juniper 產品多個漏洞 https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES Juniper Networks Junos OS 存在多個安全性弱點 https://www.us-cert.gov/ncas/current-activity/2019/01/09/Juniper-Networks-Releases-Multiple-Security-Updates ESB-2019.0055 - [Linux] IBM Security Guardium: Multiple vulnerabilities https://www.auscert.org.au/bulletins/73734 ESB-2019.0054 - [Win][Linux] IBM Rational Service Tester: Multiple vulnerabilities https://www.auscert.org.au/bulletins/73730 ESB-2019.0047 - [Win][Linux][Solaris][AIX] IBM Case Manager: Multiple vulnerabilities https://www.auscert.org.au/bulletins/73702 ESB-2019.0046 - [Win][Linux] IBM Rational Publishing Engine: Multiple vulnerabilities https://www.auscert.org.au/bulletins/73698 ESB-2019.0053 - [Win][Linux] UCMDB Configuration Management Service: Access privileged data - Existing account https://www.auscert.org.au/bulletins/73726 Scapy-sploit: Python Network Tool is Vulnerable to Denial of Service (DoS) Attack CVE pending https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending/ 多款Hitachi Command Suite產品HTML注入漏洞 https://www.securityfocus.com/bid/60667 Cisco Email Security Appliances (ESA) 存在安全性弱點 https://www.us-cert.gov/ncas/current-activity/2019/01/09/Cisco-Releases-Security-Updates 思科產品多個漏洞 https://tools.cisco.com/security/center/publicationListing.x Cisco Firepower System Software安全繞過漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15443 Adobe 每月保安更新 (2019年1月) https://blogs.adobe.com/psirt/?p=1685 Adobe fixes vulnerabilities in Connect and Digital Editions, Flash left in the cold https://www.zdnet.com/article/adobe-fixes-vulnerabilities-in-connect-and-digital-editions-flash-left-in-the-cold/#ftag=RSSbaffb68 Adobe 已發布安全更新以解決 Acrobat 和 Reader 中的多個弱點 https://www.us-cert.gov/ncas/current-activity/2019/01/03/Adobe-Releases-Security-Updates Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader https://bit.ly/2RcLad5 Adobe squashes critical bugs in Acrobat, Reader https://www.zdnet.com/article/adobe-squashes-critical-bugs-in-acrobat-reader/#ftag=RSSbaffb68 Adobe Acrobat Reader 多個漏洞 https://www.us-cert.gov/ncas/current-activity/2019/01/03/Adobe-Releases-Security-Updates Foxit Reader和PhantomPDF for Windows 緩衝區錯誤漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5007 Foxit Reader和PhantomPDF for Windows 安全漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18688 Foxit Reader 多個漏洞 https://www.foxitsoftware.com/support/security-bulletins.php Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service https://www.exploit-db.com/exploits/46089 Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS) https://www.exploit-db.com/exploits/46092 DENX U-Boot緩衝區溢出漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18440 Wireshark - 'get_t61_string' Heap Out-of-Bounds Read https://www.exploit-db.com/exploits/46096 Google Partially Patches Flaw in Chrome for Android 3 Years After Disclosure https://bit.ly/2CS88gH Red Hat keycloak拒絕服務漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14637 Red Hat glusterfs任意代碼執行漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14651 Symantec Data Loss Prevention Enforce Server Administration Console Cross-site Scripting, Cross-site https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1326.html THE ELITE INTEL TEAM STILL FIGHTING MELTDOWN AND SPECTRE https://www.wired.com/story/intel-meltdown-spectre-storm/ 關於對IE瀏覽器零日漏洞及時更新補丁的通報 https://www.weibo.com/ttarticle/p/show?id=2309404324326894641736 Windows 7修補程式造成合法PC啟動失敗，網路無法共享 https://www.ithome.com.tw/news/128196 微軟每月保安更新 (2019年1月) https://portal.msrc.microsoft.com/zh-tw/security-guidance/releasenotedetail/b4384b95-e6d2-e811-a983-000d3a33c573 US-CERT警告Windows中的安全漏洞 https://www.linuxidc.com/Linux/2019-01/156237.htm 微軟今年開春安全更新首發，修補49個安全漏洞，含7個重大漏洞 https://www.ithome.com.tw/news/128150 JVNVU#92038183 Windows Kernel Transaction Manager (KTM) における競合状態に関する脆弱性 https://jvn.jp/vu/JVNVU92038183/ Microsoft Windows DHCP Client遠程代碼執行漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0547 Microsoft Exchange Server SSRF權限提升漏洞(CVE-2018-8581) https://www.secrss.com/articles/7527 Microsoft Azure IoT SDK欺騙漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8479 Microsoft Windows GDI Component信息洩露漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8422 Microsoft Jet Database Engine緩衝區溢出漏洞 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8393 Microsoft Patches RCE, Information Disclosure Vulnerabilities in Exchange Server January 10, 2019 https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-rce-information-disclosure-vulnerabilities-in-exchange-server/#.XDcRhCDA_24.twitter Unauthorized upgrade of Windows 10, Microsoft compensates users in Finland for 1,100 euros https://bit.ly/2CT583A Microsoft pulls buggy Office 2010 January updates https://zd.net/2SHCLem Microsoft Patch Tuesday — January 2019 Security Updates Released https://thehackernews.com/2019/01/windows-security-updates.html Microsoft's latest Windows 10 19H1 release adds support for coming reserved storage feature https://www.zdnet.com/article/microsofts-latest-windows-10-19h1-release-adds-support-for-coming-reserved-storage-feature/#ftag=RSSbaffb68 Microsoft Updates Administrative Templates for Windows 10 1809 https://bit.ly/2QFtuSa Microsoft Office Vulnerability Discovered That Could Leak Sensitive Information https://bit.ly/2TFNcz5 MS13-046特權提升漏洞 http://www.manongjc.com/article/40641.html Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion https://www.exploit-db.com/exploits/46104 Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit) https://www.exploit-db.com/exploits/46101 Microsoft Windows - Windows Error Reporting Local Privilege Escalation https://www.exploit-db.com/exploits/46098 WordPress WP Feed Plugin 'nid' Parameter SQL Injection Vulnerability https://www.anquanke.com/vul/id/1079266 WordPress BuddyPress Extended Friendship Request插件HTML注入漏洞 https://www.anquanke.com/vul/id/1031049 Powered by Publique! SQL Injection https://www.anquanke.com/vul/id/1044854 Atomy Maxsite 'index.php' Arbitrary File Upload Vulnerability https://www.anquanke.com/vul/id/1079304 FileCOPA FTP Server Remote Denial of Service Vulnerability https://www.securityfocus.com/bid/60909 C.P.Sub 'check.php' Authentication Security Bypass Vulnerability https://www.securityfocus.com/bid/60857 微軟向360白帽黑客發放20萬美元漏洞挖掘獎勵 http://www.sohu.com/a/287164288_115060 任何人都可分享檔案給你？Google著手修補Google Drive https://bit.ly/2sgDyHo 2018年蘋果平台漏洞情況統計報告 https://www.secrss.com/articles/7516 黑客大佬曝光微軟Edge瀏覽器漏洞，能輕易獲取系統最高權限 http://www.twoeggz.com/news/12912659.html 垃圾清理工具CleanMyMac X曝多個權限提升漏洞 https://www.secrss.com/articles/7667 研究人員揭露利用作業系統頁面快取的旁路攻擊 https://www.ithome.com.tw/news/128155 New Systemd Privilege Escalation Flaws Affect Most Linux Distributions https://bit.ly/2FjsoKL Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection https://bit.ly/2THtBOR New Linux Systemd security holes uncovered https://www.zdnet.com/article/new-linux-systemd-security-holes-uncovered/#ftag=RSSbaffb68 phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting https://www.exploit-db.com/exploits/46082 2.銀行/金融/保險/證券/支付系統/ 新聞及資安全採內部升任林國良、黃昱程接財金公司董總 https://www.chinatimes.com/newspapers/20190105000303-260205 網攻第一金殭屍電腦駭客栽了 https://bit.ly/2CRNYTV 第一金遭駭案犯嫌落網，向中國購買惡意軟體犯案 https://bit.ly/2Qy4ZXb 銀公新主席：KYCU需考慮系統保安 https://bit.ly/2AylYDr 太搞笑啦！披棉被盜領ATM被發現　開不了門又撞掉安全帽 https://tw.appledaily.com/new/realtime/20190106/1495984/ 服務225萬陸客　銀聯卡可在ATM「閃付提款」 https://www.ettoday.net/news/20190106/1348380.htm 香港金管局將發出虛擬銀行牌照銀行公會料可推動業界發展 http://news.tvb.com/finance/5c327dfde60383537723aa09 LINE網上銀行傳進軍台灣 https://bit.ly/2REKQTW 雲端發票是什麼？為什麼電子發票有紙本？獺問獺答 https://agirls.aotter.net/post/54730 保險業稽核金管會列考 https://money.udn.com/money/story/5613/3578415 3分鐘讓你成為電子承兌匯票萬事通 https://read01.com/zh-tw/4GM8gPJ.html#.XDL_uFwzaUk 鄉民貸發起P2P自律規範金管會：樂觀其成 https://money.udn.com/money/story/5613/3581909 10餘家網路借貸P2P業者正式遞件成立公會 https://money.udn.com/money/story/5613/3583006 因為這一點…台灣P2P不會像中國說倒就倒 https://bit.ly/2RG0CxG 台灣P2P業者屬資訊中介避開中國倒閉潮三項元凶 https://udn.com/news/story/7239/3586060 國票金、日本樂天純網銀戰隊確定農曆年前遞件申請 https://news.cnyes.com/news/id/4265362 樂天組隊國票金，唯一純金融機構網銀隊 https://finance.technews.tw/2019/01/09/lotte-team-national-ticket-marching-into-pure-online-banking/ 滿銀設反犯罪專組加強網絡保安防詐欺 https://bit.ly/2H2Rwa3 銀聯無卡支付現安全漏洞瀋陽一女子被盜刷近九千元 https://finance.sina.cn/2019-01-08/detail-ihqhqcis4313785.d.html?pos=17 ATM跨行全台大當機財金公司創首罰紀錄 https://bit.ly/2RF6CXw 財金公司ATM跨行服務中斷所涉缺失，違反銀行間資金移轉帳務清算之金融資訊服務事業許可及管理辦法第31條規定，核處新臺幣150萬元罰鍰 https://www.ey.gov.tw/Page/AE5575EAA0A37D70/abb2fd85-582c-4a2c-ae2c-d1acdcc8fd60 兆豐銀行業務公告 https://wwwfile.megabank.com.tw/other/bulletin08_1.asp?sno=977 開放API第一階段登場 Opening Bank有咩好處 https://www.planto.hk/zh/blog/open-api-banking-advantages 港虛擬銀行釋照八強入圍 https://money.udn.com/money/story/5604/3586876 銀行業務測驗題庫彙編 https://bit.ly/2SMFaEp 徵才 - 去年獲益成長！公股行庫搶才釋3000金飯碗 https://bit.ly/2Txlkgi 徵才 - 上萬個金飯碗、鐵飯碗搶人大作戰 https://tw.appledaily.com/new/realtime/20190105/1494331/ 徵才 - 【年後轉職看這裡2】6大壽險業擴大徵才　今年增2萬生力軍 https://tw.appledaily.com/new/realtime/20190105/1494337/ 徵才 - 中壽擴大規模　今年徵才3000人 https://tw.appledaily.com/new/realtime/20190108/1496498/ 徵才 - 玉山金2018年獲利創新高今年招募500名新血 https://news.cnyes.com/news/id/4264943 徵才 - 臺銀人壽108年新進人員甄試 https://bit.ly/2SOBvGf How financial institutions can build trust with digital signage https://www.atmmarketplace.com/blogs/how-financial-institutions-can-build-trust-with-digital-signage/ FinTech banking’s nightmare frozen customer money problem https://www.zdnet.com/article/fintech-bankings-frozen-customer-account-nightmares-problem/#ftag=RSSbaffb68 St Xavier’s College in Kolkata to set up finance lab for data collection https://www.financialexpress.com/education-2/st-xaviers-college-in-kolkata-to-set-up-finance-lab-for-data-collection/1438319/ The Move to Chip Payment Cards: A Work in Progress https://www.bankinfosecurity.asia/move-to-chip-payment-cards-work-in-progress-a-11920 EMV migration timeline rolled out to Vietnam banks https://www.atmmarketplace.com/news/emv-migration-timeline-rolled-out-to-vietnam-banks/ Neiman Marcus Settles Lawsuit Over Payment Card Breach https://www.bankinfosecurity.com/neiman-marcus-settles-lawsuit-over-payment-card-breach-a-11923 3.電子支付/行動支付/ 新聞及資安麥當勞結帳可刷悠遊卡、一卡通 3月初北市全面啟動 https://udn.com/news/story/7266/3574398 麥當勞開刷悠遊卡！網友哭喊等好久肯德基支付也緊追 https://newtalk.tw/news/view/2019-01-04/189969 刷悠遊卡買漢堡！速食店開放電子支付超方便 https://bit.ly/2TvFqrn 高雄捷運正式啟用Apple Pay、Samsung Pay等行動支付乘車服務北捷還要再等等 https://ck101.com/thread-4777104-1-1.html 高雄捷運正式啟用Apple Pay、Samsung Pay等行動支付乘車服務北捷還要再等等 https://www.cool3c.com/article/140181 挺韓國瑜萬事達卡嗶進高捷 https://bit.ly/2RaGmVw 免費搭高捷今登場持這張卡綁行動支付每週這2天免錢 https://ec.ltn.com.tw/article/breakingnews/2661485 弱勢彩券商喊加薪盼導入行動支付 https://bit.ly/2Fc7rRW 不推55899叫車 LINE PAY支付 https://www.ptt.cc/bbs/MobilePay/M.1546743858.A.F2A.html 澳門“一戶通”手機App將增加服務擬接入電子支付 http://www.hkcna.hk/content/2019/0107/737645.shtml 日本電子支付靠優惠推動 https://blog.stheadline.com/article/detail/960829 涉盜6人資料用「轉數快」匯19萬男子還柙3月再訊 http://hd.stheadline.com/news/realtime/hk/1404822/ 小心使用流動裝置電子錢包袋袋平安 https://bit.ly/2shbljI 行動支付網友最愛LINE Pay https://www.chinatimes.com/newspapers/20190109000282-260202 電子支付佔比兩年僅增7%　2020年恐難達52%目標 https://tw.appledaily.com/new/realtime/20190109/1497242/ 兩種LINE Pay別搞混聯名卡連帳戶大不同 https://bit.ly/2H4vNP2 電信小額付款遭盜刷掛失前交易求償無門 https://bit.ly/2SHLgWL 泰國電子支付新執照通過審批　PChome Thai搶進社群商務 https://www.ettoday.net/news/20190109/1351983.htm 台灣Pay茁壯後…財金搭新平台 https://www.chinatimes.com/newspapers/20190110000269-260202 共用平台至少3大效益 https://www.chinatimes.com/newspapers/20190110000271-260202 行動支付引爆兆元商機　嗶經濟生意做不完 https://money.udn.com/money/story/9740/3583652 輕軌票價由香港特首批示可電子支付 https://bit.ly/2LZobw0 悠遊卡買彩券、刮刮樂財部開放了 https://ec.ltn.com.tw/article/breakingnews/2666796 從公鑰加密學談到支付寶 https://bit.ly/2FtyMhs 花蓮理想大地一月就是狂　住宿就送LINE Points500點　加補助可享2000優惠 https://n.yam.com/Article/20190110895034 4.虛擬貨幣/區塊鍊新聞及資安匿名特色「被消失」！中國區塊鏈實名制新法下月正式上路 https://bit.ly/2RqaeNX 企圖全面控管網路言論　中國黑手伸入區塊鏈 https://tw.appledaily.com/new/realtime/20190111/1498683/ 緊急！BEAM 錢包漏洞，請盡快更新客戶端 https://bit.ly/2RkkerO Beam Wallet中發現了嚴重漏洞，看到的趕緊補救 https://www.nahan.org/2019/01/10/beam-wallet-critical-vulnerability/ 第一銀行取得區塊鏈發明專利全球首創跨鏈整合 https://www.chinatimes.com/realtimenews/20190109003866-260410 日本金融監管機構可能批准加密貨幣ETF https://bit.ly/2C6rFbN 2019年區塊鏈：DAPP邁入多元化 http://news.knowing.asia/news/538bc366-d6dd-414d-a616-de1ce3089249 科威特國家銀行將支持Ripple匯款服務 http://news.knowing.asia/news/1916c72b-fce7-46ef-87a6-ecce25f0478e 金融時報：「美聯儲不應視區塊鏈為敵人」 http://news.knowing.asia/news/72e90ca0-bf0b-4079-8934-a224fcd3833a 逾20人墮幣少掘礦機陷阱已報警求助 https://bit.ly/2sckOZx 稱遭幣少誘導買掘礦機苦主最細20歲 http://www.etnet.com.hk/www/tc/lifestyle/internationalaffairs/news/57888 以太坊核心開發者對 ProgPoW 達成初步共識提高 ASIC 挖礦難度 https://bit.ly/2QrkMGZ 以太坊挖礦新算法 ProgPoW批准！ASIC比起GPU的優勢 – 將從2x的產能降至1.2x https://bit.ly/2SELe1R 所有硬件錢包都能被攻破？這個團隊現場揭露了Trezor和Leger的漏洞 https://ek21.com/news/tech/10424/ 探討一下以太坊智能合約安全的漏洞（上） https://www.huoxing24.com/newsdetail/20190108141503207293.html Blockchain's Biggest Potential in Healthcare https://www.bankinfosecurity.asia/interviews/blockchains-biggest-potential-in-healthcare-i-4215 Ethereum Classic (ETC) Hit by Double-Spend Attack Worth $1.1 Million https://bit.ly/2Rl6xJ5 Ethereum ain’t hiding your secrets https://medium.com/swlh/ethereum-aint-hiding-your-secrets-703e89088937 好幸福！這家企業砸逾億發數位貨幣、推彈性福利 https://udn.com/news/story/7241/3580966?fbclid=IwAR2TFcLBKy1pX3v_iiM6pMSzmxUgFFjqLfm0feYxvPavm9u0q_TiuxkCENU 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 IcePick-3PC 惡意軟體，鎖定媒體、電商網站，大規模竊取用戶 IP https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=782 殭屍電腦小檔案 https://www.chinatimes.com/newspapers/20190107000664-260106 MobSTSPY間諜軟體偽裝成6款Android合法程式，殃及全球196個國家 https://bit.ly/2C2VQjW 2017各款防毒軟體技術原理剖析 https://bit.ly/2VAE3K5 FilesLocker2.1聖誕特別版勒索病毒與早期版本解密工具 https://www.freebuf.com/sectool/193554.html 防毒日：上網與電腦安全的大門，不要輕忽瀏覽器的重要 https://www.soft4fun.net/tech/information-security/defense-virus-from-browser.htm New ServHelper Backdoor and FlawedGrace RAT Pushed by Necurs Botnet https://www.bleepingcomputer.com/news/security/new-servhelper-backdoor-and-flawedgrace-rat-pushed-by-necurs-botnet/#.XDcTlZMe8Oo.twitter Here’s how you can stay safe from the Android Banking Trojan that targets banking apps https://www.palada.net/index.php/2018/01/10/news-4826/ Spyware Disguises as Android Applications on Google Play https://blog.trendmicro.com/trendlabs-security-intelligence/spyware-disguises-as-android-applications-on-google-play/ Ransom Moves: The Dark Overlord Keeps Pressuring Victims https://www.bankinfosecurity.com/ransom-moves-dark-overlord-keeps-pressuring-victims-a-11914 BANKING TROJAN DELIVERED BY LOLBINS: HOW THE RAMNIT TROJAN SPREADS VIA SLOAD IN A CYBERATTACK https://www.cybereason.com/blog/banking-trojan-delivered-by-lolbins-ramnit-trojan Danabot Banking Trojan is targeting Italian companies and users https://us9.campaign-archive.com/?u=00093dab1cf5ca5a1d3d08535&id=23429beef2 Emotet research https://github.com/d00rt/emotet_research Dissecting Malicious Network Traffic To Identify Botnet Communication https://bit.ly/2TxqEAr Dissecting Malicious Network Traffic To Identify Botnet Communication https://articles.forensicfocus.com/2019/01/07/dissecting-malicious-network-traffic-to-identify-botnet-communication/ Tracking the Hide and Seek Botnet https://www.malwaretech.com/2019/01/tracking-the-hide-and-seek-botnet.html Heartbreaking Emails: "Love You" Malspam https://isc.sans.edu/forums/diary/Heartbreaking+Emails+Love+You+Malspam/24512 Malware found preinstalled on some Alcatel smartphones https://www.zdnet.com/article/malware-found-preinstalled-on-some-alcatel-smartphones/#ftag=RSSbaffb68 B.行動安全 / iPhone / Android / App 七旬嬤也支持！3任部長催生統一發票App獲好評 https://udn.com/news/story/7266/3574555 IBM旗下天氣預報App被控騙取千萬用戶分享資訊給廣告主 https://bit.ly/2CWHPG0 小米集團斥資7.6億持股TCL集團0.48% https://money.udn.com/money/story/5604/3577823 TCL被指秘密偷數據全球手機用戶私隱被侵部份被迫訂購付費服務 https://hk.epochtimes.com/news/2019-01-04/23601871 爆TCL天氣App搜集用戶個資 42款中國軟體要當心 https://tw.aboluowang.com/2019/0104/1227335.html TCL爆資安疑慮美國盯上 https://money.udn.com/money/story/5603/3577026 陸天氣APP 疑過度收集用戶數據 https://udn.com/news/story/11323/3577070 再有中企「竊取數據」更多細節曝光 https://www.secretchina.com/news/b5/2019/01/06/881186.html 【華為中興之後】中國 TCL 手機 app 被控收集過量數據：用戶位置、電郵地址、IMEI、偷訂服務 https://bit.ly/2LR0Ts8 【深圳TCL】天氣App被指過度收集資料手機IMEI都攞埋 https://hk.news.appledaily.com/china/realtime/article/20190106/59111099 中企開發天氣App　遭控過度收集用戶數據 https://tw.appledaily.com/new/realtime/20190106/1495997/ 陸企天氣App 竟能蒐集「手機身分證」 https://tw.appledaily.com/international/daily/20190107/38226090/ City of LA sues Weather Channel app for sharing location data with advertisers https://zd.net/2CVFnzP MobSTSPY間諜軟體偽裝成6款Android合法程式，殃及全球196個國家 https://bit.ly/2C2VQjW Google Removes 85 Adware Apps That Infect 9 Million Android Users https://bit.ly/2FhnjTd 廣告軟體冒充 85款Android app，900萬用戶恐陷蓋版廣告夢魘 https://bit.ly/2VHSEDd 美國研發人工指紋指紋辨識手機逾３成恐被解鎖 https://www.chinatimes.com/newspapers/20190107000248-260202 USB Type-C 連接埠有新規範，充電更安全、可杜絕惡意攻擊 https://m.eprice.com.tw/tech/talk/1141/5177390/1/ 從Google Pixel 3 看手機安全晶片發展 https://www.chinatimes.com/newspapers/20190106000251-260204 蘋果Face ID也不安全？一安全研究員稱已破解該技術 https://bit.ly/2SEXWxD SKYPE已修復漏洞公開：不解鎖也能訪問手機數據 https://bit.ly/2QsnEDm Android版Skype漏洞允許未經授權的駭客存取裝置資料 https://www.ithome.com.tw/news/128108 AppSigner 是網頁版Cydia Impactor 替代品？為了帳號安全請勿使用 https://mrmad.com.tw/appsigner 滴滴APP上線搶進金融服務 https://turnnewsapp.com/global/culture/74467.html 最高200 萬美元，Zerodium 懸賞0Day 漏洞 https://www.chainnews.com/articles/103799018230.htm Zerodium出價200萬美元收購iOS遠端越獄程式 https://www.ithome.com.tw/news/128110 Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever https://bit.ly/2QwrefV\\ 5G基建憂後門挪威擬跟進排除華為 https://ec.ltn.com.tw/article/paper/1260517 Test Driven Development with MVVM in Android https://bit.ly/2Fh0IpS Facial recognition doesn't work as intended on 42 of 110 tested smartphones https://zd.net/2FjCrPc T-Mobile marks 5G milestone with first data call on 600 MHz spectrum https://www.zdnet.com/article/t-mobile-marks-5g-milestone-with-first-data-call-on-600-mhz-spectrum/#ftag=RSSbaffb68 Google removes 85 adware apps that were installed by millions of users https://www.zdnet.com/article/google-removes-85-adware-apps-that-were-installed-by-millions-of-users/#ftag=RSSbaffb68 C.事件 / 駭客 / DDOS / APT / 徵才 / 國際資安事件生物特徵辨識到國家資安建設計畫 https://home.gamer.com.tw/creationDetail.php?sn=4256097 飯店集團Hyatt也加入抓漏行列 https://www.ithome.com.tw/news/128177 網速比想像中慢！專家5理由建議機上Wifi最好別買 https://travel.ettoday.net/article/1348698.htm 利用最新flash漏洞通過“流量寶”對流量從業者的攻擊活動 https://guanjia.qq.com/news/n3/2463.html 利用服務器系統漏洞是網站遭受攻擊的常見方式 http://www.safebase.cn/article-254911-1.html 微軟警告南山3萬名業務員涉侵權　遭駁斥「搞錯」純屬誤會 https://www.ettoday.net/news/20190108/1349969.htm 微軟指業務員未被授權使用南山：境界非微軟系統 https://www.chinatimes.com/realtimenews/20190108002784-260410 微軟鎖定壽險公司查軟體授權費　保險業掀起智財權風暴 https://www.ettoday.net/news/20190108/1351429.htm 微軟變了！招程序員的流程完全改了 https://bit.ly/2TBVYOB Google公布2019年資安趨勢，無密碼登入將成主流、駭客瞄準原生雲端架構 https://www.ithome.com.tw/news/128039 網站主注意! Chrome封鎖入侵式網頁廣告7月將推向全球 https://bit.ly/2AFsuZb Chrome71不給改回舊UI，用戶氣炸 https://ithome.com.tw/news/127960 Some Google Chrome extensions are blocking middle-click actions https://www.zdnet.com/article/some-google-chrome-extensions-are-blocking-middle-click-actions/#ftag=RSSbaffb68 本機測試網站加密瀏覽更方便，Mkcert讓Localhost也能使用HTTPS憑證 https://bit.ly/2H0uxws unCAPTCHA再升級，破解語音版reCAPTCHA的準確率達90% https://bit.ly/2TuCv2i 【2019資安十大趨勢1】資料外洩危機吹向社群網站、觀光產業，以及雲端儲存 https://www.ithome.com.tw/news/127994 【2019資安十大趨勢2】大規模攻擊橫跨多廠牌物聯網裝置，受害範圍持續擴張 https://www.ithome.com.tw/news/127995 【2019資安十大趨勢4】臺灣政府組織受資安法規範，美國提加州隱私法與物聯網法案保護個資 https://www.ithome.com.tw/news/128033 【2019資安十大趨勢5】提升資安治理成熟度，4大標準影響力延伸到2019年 https://www.ithome.com.tw/news/128034 【2019資安十大趨勢6】身分識別安全大變革 https://www.ithome.com.tw/news/128035 【2019資安十大趨勢7】從程式開發與部署環境滲透，軟體供應鏈成駭客隱藏行跡的溫床 https://www.ithome.com.tw/news/127997 【2019資安十大趨勢8】網通基礎設施採購升格為全球各國資安與國安議題 https://www.ithome.com.tw/news/127999 【2019資安十大趨勢9】硬體安全亮紅燈，主要處理器平臺接連爆出重大漏洞 https://www.ithome.com.tw/news/128000 【2019資安十大趨勢10】網站側錄與漏洞問題更加嚴重 https://www.ithome.com.tw/news/128001 【2019 年資安預測】網路犯罪集團將運用更多魚目混珠的技巧 (6-3) https://blog.trendmicro.com.tw/?p=58407 阿里達摩院公布「2019十大科技趨勢」：機器更聰明地聽與看 https://bit.ly/2VAKa10 維基解密致函媒體詳列140個不該說亞桑傑的事 https://www.cna.com.tw/news/firstnews/201901070039.aspx 臉容辨識仍存漏洞業界研攻防術化解 https://bit.ly/2F7LF1q 資安威脅朝側面、源頭進逼 https://www.ithome.com.tw/voice/127991 中科大郭光燦團隊在量子密碼安全領域研究獲重要突破 https://news.sina.com.tw/article/20190105/29553612.html DX.Exchange上發現的洩漏用戶數據關鍵漏洞，稍後修復 https://www.coingogo.com/news/23447 欺騙類攻擊主要是利用網絡協議簇自身的漏洞發起攻擊 http://www.sohu.com/a/287908069_100302409?spm=smmt.mt-it.fd-d.6.1547078400023WRl5Apr 駭客以ZWSP手法繞過Office 365 安全功能發動網釣攻擊 https://bit.ly/2D5pnv5 調查指出，每個 PC 遊戲玩家平均遭到駭客攻擊 5 次，資安習慣仍待提升 https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=780 入侵高鐵系統詐領20萬遭罰駭客天才稱「以白帽的角度來做這件事」 https://bit.ly/2ChY4Mz 張啟元上網買高鐵票竄改退款金額　高鐵靠檢核機制抓到 https://tw.news.appledaily.com/new/realtime/20190111/1498813/ 天才駭客入侵高鐵詐20萬元退款檢諭令10萬元交保 https://bit.ly/2AFaFcC 天才駭客入侵高鐵 40元車票退票欲詐20萬元被逮 https://www.chinatimes.com/realtimenews/20190111002532-260402 【獨家】入侵票務系統吃官司　張啟元喊冤：高鐵還欠我20元 https://tw.news.appledaily.com/local/realtime/20190111/1498859/ 曾破解臉書漏洞駭客張啟元攻高鐵退票系統GG了 https://bit.ly/2D28b9H 駭客入侵Starwood酒店案涉客量較預期少 https://www2.hkej.com/instantnews/international/article/2031779 黑客去年從加密貨幣漏洞通報機制　獲得近百萬美元 https://bit.ly/2CRgvcc 遭中國駭客集團山寨CEO電郵印度公司5億元飛了 http://news.ltn.com.tw/news/world/breakingnews/2668099 駭旅行社「0元爽玩全球」！魯宅混高級派對、曬名人合照…照片全成犯罪證據 https://www.ettoday.net/dalemon/post/40950 駭客集團APT10至少入侵12國背後疑由中國主導 https://bit.ly/2M2iPjG Dark Overlord 駭客公開第一批「祕密」911 檔案 https://technews.tw/2019/01/10/dark-overlord-hackers-publish-first-batch-of-secret-911-files/ Linux版本號從4.21直跳5.0，Linux之父Linus Torvalds：指頭數完了 https://www.ithome.com.tw/news/128114 疑被通報漏洞不回應，都柏林電車網站被駭勒索1比特幣 https://www.ithome.com.tw/news/128052 保安漏洞事件環聯稱涉及有目的故意冒認　不屬洩漏數據 http://newsprd.rthk.hk/rthk/ch/component/k2/1436808-20190107.htm 保安漏洞未解決前環聯不恢復網上服務 https://bit.ly/2Ff7PPw Google Chromecast 現重大漏洞　電視畫面會被黑客挾持 https://unwire.hk/2019/01/04/googlechromecastexploit/life-tech/ 印表機駭客新年再出招　提醒資安順便「訂閱PewDiePie」 https://www.mirrormedia.mg/story/20190104gamepewdiepie 全球第一個 5G 手術成功！華為遠端操作機器人，完成肝小葉切除手術 https://bit.ly/2skHDdI 華為就採購禁令與日本政府會談，謀求化解資安疑慮 https://technews.tw/2019/01/08/huawei-talks-with-japanese-government-information-security/ 機密文件曝光：華為跟伊朗、敘利亞大有牽連 https://bit.ly/2C6lODc 中國華為高管涉嫌間諜活動被波蘭當局逮捕 https://www.bbc.com/zhongwen/trad/chinese-news-46837367?ocid=socialflow_facebook 挪威考慮5G網路升級禁用華為設備 https://www.voacantonese.com/a/norway-considers-banning-huawei-in-5g-network-20190110/4736922.html 習近平再度碰壁！路透：挪威考慮排除華為設備 https://times.hinet.net/news/22185889 美退役准將：若中掌控5G 將製造混亂與大規模監控能力 https://ec.ltn.com.tw/article/breakingnews/2665324 美國反情報機構NCSC推新一波文宣，教企業如何防範國家級網路攻擊 https://www.ithome.com.tw/news/128107 美國史上最大情報洩密案由俄國破案！這故事要從一條約炮訊息說起 https://bit.ly/2RnkcPZ 中企進軍美國大眾運輸系統專家憂心成情蒐工具 https://bit.ly/2RgFOO0 車廂監視影像傳到北京、追蹤通勤官員 https://bit.ly/2H63zUi 擔心威脅網絡安全美國州議員擬提案禁中國車承包地鐵 https://udn.com/news/story/12639/3585515 中俄政府駭客猖獗　美國企業積極阻擋入侵 https://news.tvbs.com.tw/world/1061609 中共如何發展空軍？智庫：竊美俄技術 https://bit.ly/2TshViQ 拒絕中國威脅國安！美參議員提法案要求白宮設新部門因應 https://www.taiwannews.com.tw/ch/news/3610799 貿易協商重啟前夕白宮顧問驚爆中國竊蘋果技術機密 https://tw.appledaily.com/international/daily/20190106/38225218/ 越南控臉書未移除有害內容違反網路安全法 https://www.rti.org.tw/news/view/id/2007758 Vietnam's 'Cybersecurity' Law Says Little on Security https://www.bankinfosecurity.com/blogs/vietnams-cybersecurity-law-says-little-on-security-p-2703 Visual Journal: Black Hat Europe 2018 https://www.bankinfosecurity.com/blogs/visual-journal-black-hat-europe-2018-p-2702 FBI Seizes 15 DDoS-For-Hire Websites, 3 Operators Charged https://bit.ly/2RbUDkS Thousands of Google Chromecast Devices Hijacked to Promote PewDiePie https://bit.ly/2SHMJfS Dark Overlord hackers release alleged 9/11 lawsuit documents https://bit.ly/2GVfxjj Cybersecurity risks in the unlimited world https://bit.ly/2LfIlBF Cybersecurity Trends for 2019 — The Good and The Bad https://medium.com/@aprilcwright/2019-cybersecurity-trends-cc86371de89e Tired tech workers lose 27 hours of sleep per month https://www.zdnet.com/article/tired-tech-workers-lose-27-hours-of-sleep-per-month/#ftag=RSSbaffb68 Making the Case for Zero-Trust Security https://www.bankinfosecurity.com/interviews/making-case-for-zero-trust-security-i-4214 Moving to a Next-Generation SOC: Critical Factors https://www.bankinfosecurity.asia/interviews/moving-to-next-generation-soc-critical-factors-i-4216 “India is the fastest growing market for MySQL in the APAC region” https://bit.ly/2Ax21Nq New hardware-agnostic side-channel attack works against Windows and Linux https://www.zdnet.com/article/new-hardware-agnostic-side-channel-attack-works-against-windows-and-linux/#ftag=RSSbaffb68 Singapore must be tougher on firms that treat security as value-add service https://www.zdnet.com/article/singapore-must-be-tougher-on-firms-that-treat-security-as-value-add-service/#ftag=RSSbaffb68 G Suite update warns you when someone is exporting your company's data https://www.zdnet.com/article/g-suite-update-warns-you-when-someone-is-exporting-your-companys-data/#ftag=RSSbaffb68 Encryption: Avoiding the Pitfalls That Can Lead to Breaches https://www.bankinfosecurity.com/encryption-avoiding-pitfalls-that-lead-to-breaches-a-11918 Feds Urge Private Sector 'Shields Up' Against Hackers https://www.bankinfosecurity.com/feds-urge-private-sector-shields-up-against-hackers-a-11919 Breaking The CAPTCHA: An Application of Enhancing Machine Learning with Large-Scale Graph https://bit.ly/2QyxZxW A Hacker’s Perspective on Cyber Security https://bit.ly/2SLrSYM Google Chrome's built-in ad blocker to roll out worldwide on July 9 https://www.zdnet.com/article/google-chromes-built-in-ad-blocker-to-roll-out-worldwide-on-july-9/#ftag=RSSbaffb68 TriggerMesh brings AWS Lambda serverless computing to Kubernetes https://www.zdnet.com/article/triggermesh-brings-aws-lambda-serverless-computing-to-kubernetes/#ftag=RSSbaffb68 Google search results listings can be manipulated for propaganda https://www.zdnet.com/article/google-search-results-listings-can-be-manipulated-for-propaganda/#ftag=RSSbaffb68 German police ask router owners for help in identifying a bomber's MAC address https://www.zdnet.com/article/german-police-ask-router-owners-for-help-in-identifying-a-bombers-mac-address/#ftag= Turns Out Kaspersky Labs Helped FBI Catch Alleged NSA Leaker https://thehackernews.com/2019/01/shadow-brokers-nsa-kaspersky.html Google公共DNS開始支援加密的DNS-over-TLS，Android 9先行 https://www.ithome.com.tw/news/128168 Google DNS Service (8.8.8.8) Now Supports DNS-over-TLS Security https://bit.ly/2D30oZi Anonymous hacker gets 10 years in prison for DDoS attacks on children's hospitals https://www.zdnet.com/article/anonymous-hacker-gets-10-years-in-prison-for-ddos-attacks-on-childrens-hospitals/#ftag=RSSbaffb68 Government shutdown: TLS certificates not renewed, many websites are down https://www.zdnet.com/article/government-shutdown-tls-certificates-not-renewed-many-websites-are-down/#ftag=RSSbaffb68 Iranian hackers suspected in worldwide DNS hijacking campaign https://www.zdnet.com/article/iranian-hackers-suspected-in-worldwide-dns-hijacking-campaign/#ftag=RSSbaffb68 徵才 - 安全漏洞研究員 http://www.aqquan.org/index.php?m=&c=jobs&a=jobs_show&id=921 徵才 - 資安技術顧問-E10B https://www.104.com.tw/job/?jobno=6he3h 徵才 - 希格斯徵軟體工程師 (.NET C#) https://mvc.tw/jobs/details/0e6ee6fc-f489-4cb5-b760-08a3f0e1c928 徵才 - 數據庫管理工程師 https://www.liepin.com/job/1914996712.shtml 徵才 - 北京10萬年薪招聘安全運維、漏洞驗證、滲透測試工程師10人 http://www.safebase.cn/article-254924-1.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷【2019 年資安預測】不只是企業高層主管，變臉詐騙也將開始鎖定一般員工 https://blog.trendmicro.com.tw/?p=58443 過年優惠陷阱多！拆穿一頁式詐騙六大陷阱 https://blog.trendmicro.com.tw/?p=58545 【MongoDB出事】超過 2 億份 CV 任攞 https://bit.ly/2FoSzig 看到這種截圖千萬別信網銀轉賬截圖也可偽造 http://news.yznews.com.cn/2019-01/11/content_7018834.htm 警方提示：防電信網路詐騙需重點提防十類手法 https://news.sina.com.tw/article/20190110/29629196.html 魁北克男子狂刷商店信用卡在Home Depot騙了16萬多 https://bit.ly/2RCKbSQ 李顯龍病歷遭駭報告出爐，直指網路維安人員未即時因應 https://asean.thenewslens.com/article/111848 李顯龍病歷遭駭調查報告：網安不敵先進駭客 https://www.cna.com.tw/news/aopl/201901100452.aspx 李顯龍病歷被駭星國政府調查：外國政府幕後指使 https://shareba.com/module/news/303662938770639510.html 涉盜用電郵冒名檢舉陸軍專科學校主管15萬交保 https://bit.ly/2sfxSxi 陸軍專校博士被控冒用帳號法界人士存疑 https://udn.com/news/story/7321/3581988 陸軍專校主管涉當駭客 https://udn.com/news/story/7321/3582435?from=udn-ch1_breaknews-1-cate2-news 臉書淪為網路詐騙濫用最嚴重平台一頁式詐騙氾濫 https://money.udn.com/money/story/5617/3580916 防詐騙最新絕招！這張信用卡連騙子都怕了 https://focus.cari.com.my/portal.php?mod=view&aid=127397&fromhome=1 湖內警分局向上溯源逾半年展成效詐欺車手11人集團首腦終落網 https://www.101newsmedia.com/news/50026 手機存前女友裸照新歡發現放生渣男 https://bit.ly/2TyJ2Jo 內神通外鬼！高階主管勾結離職員工　竊30億商業機密交對岸 https://tw.news.appledaily.com/local/realtime/20190107/1496309/ 陸企2千萬利誘台主管淪間諜 https://tw.appledaily.com/headline/daily/20190108/38226819/ 電郵詐騙藏細節刑事局傳授4招 https://udn.com/news/story/7320/3577497 就多一個「e」！歹徒詭仿冒客戶電郵　鞋品業務不察匯數十萬慘GG https://www.ettoday.net/news/20190106/1349652.htm 遇電騙反入夥 19歲大專生冒官詐3老 https://bit.ly/2QwABwk 瀏覽器存密碼好方便當心因小失大 https://www.ntdtv.com/b5/2019/01/05/a102481705.html 麗寶樂園爆個資外洩　去年12月被害件數17件 https://tw.appledaily.com/new/realtime/20190105/1494963/ 曝光假社安局電話錄音聯貿委籲民眾警覺 https://www.ntdtv.com/b5/2019/01/05/a102482123.html 誤信「蘋果」郵件帳號從德國被登入 https://bit.ly/2sfYXAo 時事拼盤：駭客曝光數百德國政治家個資 30年不遇風暴襲泰國 https://www.ntdtv.com/b5/2019/01/04/a102481484.html 駭客竊取政壇個資畫報：德政府未受波及 https://bit.ly/2TrGMn1 德國數百位政客名人資料洩露案破案，20 歲男學生遭逮捕 https://technews.tw/2019/01/09/german-man-confesses-to-hacking-of-public-figures-data-officials-say/ 德國檢方以涉嫌駭入多位大臣有關私人數據為由，逮捕一位駭客 https://bit.ly/2RFwQcc 德國政界名人個資遭駭　警方逮捕20歲嫌犯 https://newtalk.tw/news/view/2019-01-08/191579 德國數百政治人物「個資遭駭」…全PO推特上　梅克爾也在名單上 https://www.ettoday.net/news/20190104/1348379.htm 德國數百政客名流遭駭　個資被公開上網 https://tw.appledaily.com/new/realtime/20190104/1495145/ 梅克爾上網資料全外洩！　德資安局不認有被駭紀錄 https://news.tvbs.com.tw/world/1060680 德政治人物個資遭駭資安當局挨批忙辯駁 https://www.ydn.com.tw/News/319541 梅克爾與數百政客資料遭洩！德尋求美安全局援手 http://m.match.net.tw/pc/news/international/20190108/4768750 Heartbreaking Emails: "Love You" Malspam https://bit.ly/2Fr3GHy German Police Identify Suspect Behind Massive Data Leak https://www.bankinfosecurity.com/german-police-identify-suspect-behind-massive-data-leak-a-11921 Germany's Mega-Leak Takeaway: Noisy Young Hacker Got Caught https://www.bankinfosecurity.com/blogs/germanys-mega-leak-takeaway-noisy-young-hacker-got-caught-p-2704 Hackers Leak Personal Data from Hundreds of German Politicians On Twitter https://bit.ly/2Aukvhu Town of Salem Data Breach Exposes 7.6 Million Gamers' Accounts https://bit.ly/2AxD844 Hackers dump data of hundreds of German politicians on Twitter https://www.zdnet.com/article/hackers-dump-data-of-hundreds-of-german-politicians-on-twitter/#ftag=RSSbaffb68 A MAJOR HACKING SPREE GETS PERSONAL FOR GERMAN POLITICIANS https://www.wired.com/story/germany-hacking-politicians-personal-information/ 萬豪受「駭」者減少 525萬未加密個資外洩 https://bit.ly/2FfiYz8 駭客盜個資後續調查公布，萬豪酒店被盜近 4 億筆訂房紀錄及 2,555 萬組護照號碼 https://bit.ly/2RzrYWd 萬豪國際酒店集團證實數億客戶信息被盜 https://bit.ly/2SF8tsz 萬豪國際確認駭客獲取了數以百萬計的護照號碼 https://on.wsj.com/2sbOhmF Marriott 酒店集團被盜取近 4 億訂房記錄及 2,555 萬護照號碼 https://unwire.pro/2019/01/07/marriott-stolen-passport-numbers/news/ Marriott Mega-Breach: Victim Count Drops to 383 Million https://www.bankinfosecurity.com/marriott-mega-breach-victim-count-drops-to-383-million-a-11916 萬豪稱黑客竊取了超過500萬客戶護照數據 https://news.sina.com.tw/article/20190106/29559698.html Marriott says less than 383 million guests impacted by breach, not 500 million https://www.zdnet.com/article/marriott-says-less-than-383-million-guests-impacted-by-breach-not-500-million/#ftag=RSSbaffb68 Bitcoin scam spoofing BBC news https://myonlinesecurity.co.uk/bitcoin-scam-spoofing-bbc-news/ 新加坡航空公司軟件錯誤　逾280名KrisFlyer會員資料外洩 https://bit.ly/2SE7M2M Singapore Airlines data breach affects 284 accounts, exposes travel details https://www.zdnet.com/article/singapore-airlines-data-breach-affects-284-accounts-exposes-travel-details/#ftag=RSSbaffb68 路透：新文件曝光孟晚舟詐欺證據 https://bit.ly/2skxJcg Real-time location data for over 11,000 Indian buses left exposed online https://www.zdnet.com/article/real-time-location-data-for-over-11000-indian-buses-left-exposed-online/#ftag=RSSbaffb68 Card-Not-Present Fraud Growth: No End in Sight https://www.bankinfosecurity.com/interviews/card-not-present-fraud-growth-no-end-in-sight-i-4217 Phone fraudsters are stealing billions each year through a scheme known as IRSF https://www.zdnet.com/article/phone-fraudsters-are-stealing-billions-each-year-through-a-scheme-known-as-irsf/#ftag=RSSbaffb68 Three random words or #thinkrandom https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0 俄客中環遇竊被狂碌卡29萬 https://bit.ly/2VJeDKm 屯門漢遺失信用卡被「碌」3萬元貨　重案組拘3男女 https://bit.ly/2FnF2Hz Over 202 Million Chinese Job Seekers' Details Exposed On the Internet https://bit.ly/2SPkATS Neiman Marcus agrees to $1.5 million data breach settlement https://www.zdnet.com/article/neiman-marcus-agrees-to-1-5-million-data-breach-settlement/#ftag=RSSbaffb68 OXO International discloses data breach, customer data over two years impacted https://www.zdnet.com/article/oxo-international-discloses-data-breach-customer-data-over-two-years-impacted/#ftag=RSSbaffb68 SingHealth breach review recommends remedies that should already be basic security policies https://www.zdnet.com/article/singhealth-breach-review-recommends-remedies-that-should-already-be-basic-security-policies/#ftag=RSSbaffb68 BEC Scam Leads to Theft of $18.6 Million Fraud https://www.bankinfosecurity.in/bec-scam-leads-to-theft-186-million-fraud-a-11930 Phishing Attacks Bypass Two-Factor Authentication https://www.infosecurity-magazine.com/news/phishing-attacks-bypass-two-factor/ E.研究報告 tknk_scanner：基於社區的集成惡意軟件識別系統 https://www.freebuf.com/sectool/193165.html Magento商務平台的XSS漏洞 https://xz.aliyun.com/t/3813 多層次資安情資與分析 https://bit.ly/2BZw9AH 行動寬頻資安技術的剖析 https://bit.ly/2F9cSAX T-Pot18.11的安裝與使用 https://www.freebuf.com/news/193347.html 針對密幣交易所gate.io的供應鏈攻擊技術分析 https://www.freebuf.com/articles/web/191959.html 區塊鏈安全 - 經典溢出漏洞CVE分析 https://xz.aliyun.com/t/3743 Microsoft Exchange SSRF任意用户偽造漏洞（CVE-2018-8581）處置手冊 https://hk.saowen.com/a/21591739308ed0bf01fc116892e263b6bcaead86e95acd2debc54acf69e8f855 通過web應用中的文件下載漏洞竊取NTLMv2哈希 http://www.4hou.com/system/15391.html 利用NSA鏈接EternalBlue漏洞進行新的加密攻擊 https://www.anquanke.com/post/id/169127 R3Con1Z3R：一款功能強大的輕量級Web信息收集工具 https://www.freebuf.com/sectool/193222.html 網站劫持的解決方案 https://ek21.com/news/tech/17280/ Struts2-005遠程代碼執行漏洞分析 https://www.freebuf.com/vuls/193078.html XML外部實體注入（XXE）漏洞學習資源及相關開源項目 https://nosec.org/home/detail/2139.html 滲透之——操作系統支持的管道符(在命令執行漏洞中常用) https://blog.csdn.net/l1028386804/article/details/85919481 從 Web Log 學習系統漏洞 31 https://weysnote.blogspot.com/2019/01/web-log-31.html CVE-2018-19518：PHP imap_open函數任意命令執行漏洞復現 http://www.sohu.com/a/286986335_354899?referid=001cxzs00020004 漏洞分析：解析Windows XP版永恆之藍中的一個Bug https://hk.saowen.com/a/603fca55572cfabf2673b010b78a8c2d7bfeb760456ce4b82593912ac8c6d755 生活中處處都有CVE——CVE-2019-3498 Django 404頁面漏洞淺談 https://www.anquanke.com/post/id/169218 Struts2-005遠程代碼執行漏洞分析 https://www.freebuf.com/vuls/193078.html 前端打包編譯時代來臨對漏洞挖掘的影響 https://www.freebuf.com/articles/web/193230.html 啟明星辰ADLab：Linux內核CVE-2017-11176漏洞分析與復現 https://paper.seebug.org/785/ SSMA: Python編寫的靜態病毒分析工具 http://blog.topspeedsnail.com/archives/9382 Struts2-057/CVE-2018-11776兩個版本RCE漏洞分析（含EXP） https://www.cnblogs.com/Ivan1ee/p/10202016.html gogs/gitea CVE-2018-20303文檔上傳到RCE漏洞分析 https://hk.saowen.com/a/92e787f94f33e49e9656a0860b3b11c56fe00a2a671ccc7a8aa28cc5b5b98fd6 嘗試進行RPC漏洞挖掘 https://cert.360.cn/report/detail?id=44669690fc7a8daab42472cebd8cfb88 HIMSS網絡報告：聖誕節病毒，Kubernetes的漏洞和一年中最糟糕的密碼 https://www.investank.com/news/detail/114997 Windows 0day任意文件讀取漏洞POC分析 https://www.freebuf.com/vuls/192876.html 漏洞分析：解析Windows XP版永恆之藍中的一個Bug https://www.freebuf.com/vuls/192236.html 挖洞經驗| Facebook CDN服務器的XSS漏洞 https://www.freebuf.com/vuls/191898.html CVE-2018-5560：Guardzilla IoT攝像機硬編碼憑證漏洞 https://paper.tuisec.win/detail/36093c4aec77543 用於漏洞排查的pocsuite驗證POC代碼 https://www.ctolib.com/hanc00l-some_pocsuite.html zergRush (CVE-2011-3874) 提權漏洞分析 http://www.21ic.com/tougao/article/5847.html 安全研究者的自我修養 https://bit.ly/2AAfMe9 Magento Commerce XSS漏洞分析 https://www.anquanke.com/post/id/169277 如何在 macOS Sierra 安裝 Yahoo! 奇摩輸入法 https://bit.ly/2sqzIMd How to get a free Windows (or Linux) recovery image for your OEM PC https://www.zdnet.com/article/how-to-get-a-free-windows-recovery-image-for-your-oem-pc/#ftag=RSSbaffb68 Pure In-Memory (Shell)Code Injection In Linux Userland https://bit.ly/2FaJ0Et Phishing template uses fake fonts to decode content and evade detection https://bit.ly/2FhDoaD Hidden directories and files as a source of sensitive information about web application https://bit.ly/2SFRVk5 Interactive Beginner's Guide to ROP https://bit.ly/2Fg3R8l The Practical Guide to Hacking Bluetooth Low Energy https://bit.ly/2AzDSpb pyrdp https://bit.ly/2SFNFkM SlackPirate https://bit.ly/2RClmq7 Perun 是一款主要適用於乙方安服，滲透測試人員和甲方RedTeam紅隊人員的網絡資產漏洞掃描器/掃描框架 https://github.com/WyAtu/Perun Modlishka. Reverse Proxy. Phishing NG. https://bit.ly/2AyIsUK Everything you should know about certificates and PKI but are too afraid to ask https://bit.ly/2TCU5kN RDP Man-in-the-Middle – Smile! You’re on Camera https://bit.ly/2CaToI3 IPBan v1.3.6 releases: Monitors failed logins and bans ip addresses https://bit.ly/2FgBIxZ sqlmap v1.3 releases: Update of WAF script for Cloudfront https://bit.ly/2Fb7Gwt stronghold: Easily configure macOS security settings https://bit.ly/2TAxJQR Introducing a simple and intuitive Python API for UCI machine learning repository https://bit.ly/2Qp21UN Ping Power — ICMP Tunnel https://medium.com/bugbountywriteup/ping-power-icmp-tunnel-31e2abb2aaea Tips and Tricks that you may need to know when you work in JavaScript(Q&A) https://bit.ly/2Qsh1RE Bypassing Windows User Account Control https://medium.com/@z3roTrust/bypassing-windows-user-account-control-9051c6a85734 Extracting Activity History from PowerShell Process Dumps http://www.leeholmes.com/blog/2019/01/04/extracting-activity-history-from-powershell-process-dumps/ NSA準備釋出免費的逆向工程工具GHIDRA https://bit.ly/2VzznE3 NSA to release a free reverse engineering tool https://www.zdnet.com/article/nsa-to-release-a-free-reverse-engineering-tool/#ftag=RSSbaffb68 NSA Releasing the GHIDRA Reverse Engineering Tool at RSAConference https://bit.ly/2FebAF0 NSA to release its GHIDRA reverse engineering tool for free https://bit.ly/2AyC3ca New year, new GitHub: Announcing unlimited free private repos and unified Enterprise offering https://bit.ly/2TBFRk5 Unlimited free private repositories with GitHub Free and a unified business offering with GitHub Enterprise https://bit.ly/2C7iHuG M$ 收購 Github 後的善舉：免費 Private repositories https://bit.ly/2VIZfh0 Bash 5.0 Release Candidate Packing Many Changes & A Lot Of Fixes https://bit.ly/2TFRTsT 利用PNG像素隱藏PE代碼：分析PNG Dropper新樣本 https://www.freebuf.com/articles/system/191833.html DevOps健康度雷達@SAFe https://bit.ly/2Qv5rFe 用於存儲服務的輕量級 Linux 發行版 OviOS 發布 3.00 版 https://openingsource.org/5593/zh-tw/?fbclid=IwAR3HXMW-3hrXjj9TJ2WO-gTpZiaR0nZJJ8Ds9FJHEi29qvDK67tEVihd1lk ECTouch xxe漏洞分析 http://foreversong.cn/archives/1354 公鏈安全之比特幣任意盜幣漏洞淺析(CVE-2010-5141) https://www.anquanke.com/post/id/169455 Pass-the-Cache to Domain Compromise https://bit.ly/2FcuD2r FortiAppMonitor：用於監控macOS上的系統活動的強大工具 https://www.freebuf.com/sectool/193258.html patoolkit https://bit.ly/2Ff3wDT Exploiting the Math.expm1 typing bug in V8 https://bit.ly/2AytvCg docx-embeddedhtml-injection https://bit.ly/2VxRz13 luckystrike https://bit.ly/2C8YSmL Reading ASP secrets for $17,000 https://bit.ly/2Qt8y0I TUTORIAL – UNIVERSAL ANDROID SSL PINNING IN 10 MINUTES WITH FRIDA https://bit.ly/2LYew8W Knock and Pass: Kerberos Exploitation https://bit.ly/2RFzy1q Standards for Information Security Professionals https://blog.securityevaluators.com/standards-for-information-security-professionals-d8773a89ab99 Attacking end-to-end email encryption https://bit.ly/2RDdrbZ Provable Security How I learned to stop worrying and love the backdoor https://bit.ly/2SL95wG Our Friends CSV and JSON https://medium.com/@martindrapeau/the-state-of-csv-and-json-d97d1486333 Digging Up the Past: Windows Registry Forensics Revisited https://bit.ly/2RnjZwb Volatility Workbench: graphical user interface for the Volatility tool https://bit.ly/2M6DUtl Metasploit 5.0 releases: bring many features and capabilities https://bit.ly/2D4SZsx WinPwn: Automation for internal Windows Penetration Testing https://bit.ly/2Fo2MeS bypass-firewalls-by-DNS-history https://bit.ly/2D4j6Q8 F.商業從GDPR看下一代物聯網資安架構實體隔離操作環境　雲端分析阻絕高風險存取 https://www.netadmin.com.tw/article_content.aspx?sn=1812270007 可橫跨雲端服務控管應用程式派送與防護，A10推出控制器平臺 https://bit.ly/2RDIkx8 資訊系統透明度成資訊保安關鍵 https://bit.ly/2LVQcVk 過年防詐騙趨勢科技防詐達人強化功能 https://udn.com/news/story/7239/3580957 結合ADC、WAF與集中管理系統，F5應用服務平臺橫跨多雲 https://www.ithome.com.tw/review/125006 個資外洩頻傳「保護隱私」成消費電子展賣點 https://bit.ly/2VGFhTM 企業行動力的創造者 MobileReport一指搞定辦公事 https://n.yam.com/Article/20190110214410 防IoT威脅趨勢科技推出新軟體TMIS 2.0 https://money.udn.com/money/story/5612/3585404 趨勢科技 IoT Security 2.0 改善使用者防護、提升裝置製造商信譽 https://www.techbang.com/posts/64008-trend-micro-iot-security-20-improve-user-protection-boost-device-manufacturer-reputation Yubico 發表 Lightning 版安全密鑰，iPhone 用戶安全升級新選擇 https://technews.tw/2019/01/10/yubico-the-first-lightning-security-key-for-iphone/ Palo Alto提2019網路安全5大預測，電郵詐騙與供應鏈攻擊成焦點 https://www.ithome.com.tw/news/128178 微軟正式宣布放棄Win10 Mobile：今年12月10日停止支援 https://cnews.com.tw/002190110a02/?fbclid=IwAR2iEKhFemO6xEl03sKudBdrgopq_7NdZkoc6dmypNn519BMBfAs1j0Rw7g 無線路由器 Atom Inside，Asus 發表使用 Intel 802.11ax/Wi-Fi 6 晶片組的 RT-AX58U https://www.techbang.com/posts/63934 Do you really need an eGPU with a 2018 Mac mini https://www.zdnet.com/article/do-you-really-need-an-egpu-with-a-2018-mac-mini/#ftag=RSSbaffb68 More details emerge on Citrix's plans for Microsoft's Windows Virtual Desktop https://www.zdnet.com/article/more-details-emerge-on-citrixs-plans-for-microsofts-windows-virtual-desktop/#ftag=RSSbaffb68 Akamai acquires Janrain to strengthen identity access controls, bot protection https://www.zdnet.com/article/akamai-acquires-janrain-to-strengthen-identity-access-controls/#ftag=RSSbaffb68 Alibaba’s data Artisans acquisition breathes new life into Apache Flink https://www.zdnet.com/article/alibabas-data-artisans-acquisition-breathes-new-life-into-apache-flink/#ftag=RSSbaffb68 Alibaba Blinks: Building an open source, data-driven cloud empire in real-time https://www.zdnet.com/article/alibaba-blinks-building-an-open-source-data-driven-cloud-empire-in-real-time/#ftag=RSSbaffb68 Cloud Native Monitoring at Entrust Datacard with Splunk https://www.bankinfosecurity.com/webinars/cloud-native-monitoring-at-entrust-datacard-splunk-w-1856 G.政府 Super TaiRa聯盟成立中科院軍通技術釋商亮點 https://money.udn.com/money/story/5635/3579607 監控中國海漂死豬農委會啟用無人機 http://news.ltn.com.tw/news/focus/paper/1259785 意外頻傳！南澳海岸線將封鎖引水上活動業者反彈 https://news.ftv.com.tw/news/detail/2019107N03M1 政院協調成功！Expedia網站刷卡免國外交易手續費 http://news.ltn.com.tw/news/life/breakingnews/2664758 【2019資安十大趨勢4】臺灣政府組織受資安法規範，美國提加州隱私法與物聯網法案保護個資 https://www.ithome.com.tw/news/128033 澎縣調查站主任考掄元榮升　獲頒榮譽縣民證 http://www.taiwanhot.net/?p=668432 政戰局專文批習企圖瓦解國人心防 http://news.ltn.com.tw/news/focus/paper/1259971 108年度「中小企業行動支付智慧應用服務」申請須知 https://www.moea.gov.tw/MNS/populace/news/News.aspx?kind=2&menu_id=41&news_id=82443 學術界再傳論文造假科技部：修法教育雙管齊下 https://udn.com/news/story/12744/3585208 台大醫再爆論文造假　科技部：未來停權2年以上皆公布 https://tw.appledaily.com/new/realtime/20190110/1498080/ 科技部火速規定學倫違規案以公開為原則 http://news.ltn.com.tw/news/life/paper/1260411 廢「調度司法警察條例」目標是增進檢警和諧 https://tw.news.appledaily.com/forum/realtime/20190110/1498605 經濟部工業局攜手電子設備協會與工研院將於22日舉行資安解決技術論壇 http://www.investor.com.tw/onlineNews/NewsContent.asp?articleNo=14201901100122 拚經濟財經首長多數將留任 https://www.chinatimes.com/newspapers/20190111001411-260118 金管會三面向規劃「開放銀行」並研議配套措施 https://bit.ly/2RkjT8y 電子腳鐐有漏洞！ GPS定位若沒訊號難追蹤 https://news.ebc.net.tw/News/society/147922 H.工控系統/ICS/SCADA 安全相關【2019資安十大趨勢3】ICS系統漏洞激增，暴露在外的數量眾多 https://www.ithome.com.tw/news/127996 【2019 年資安預測】工業控制系統 (ICS) 的攻擊將成為一項日益嚴重的問題 https://blog.trendmicro.com.tw/?p=58410 Bedrock Automation Receives Achilles® Certification for Cyber Hardening on OSA® Remote https://bit.ly/2RAkJND New IIoT Application Gateway Technology Enhances DER and Smart-Grid Monitoring https://www.powermag.com/press-releases/new-iiot-application-gateway-technology-enhances-der-and-smart-grid-monitoring/ Interview Udo Schneider, Trend Micro, zu Security im IIoT-UmfeldMehr Sicherheit für die vernetzte Industrie https://www.lanline.de/mehr-sicherheit-fuer-die-vernetzte-industrie/ How Will Cyber Risk Evolve In 2019 https://www.forbes.com/sites/dantedisparte/2019/01/07/how-will-cyber-risk-evolve-in-2019/#38db72d45bd5 ICS Built-in Security in Today’s Connected Enterprise https://www.automation.com/ics-built-in-security-in-todays-connected-enterprise Industrial Control System (ICS) Security Market Overview and Market Application 2018-2023 in Information and Communication Technology https://bit.ly/2H97tMe OT Threat Shamoon Returns with its Biggest Attack Yet https://blog.skyboxsecurity.com/shamoon-ot-attack/ PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting https://www.exploit-db.com/exploits/46081 I.教育訓練類黑帽 Python ：給駭客與滲透測試者的 Python 開發指南 https://bit.ly/2RhOELl 資安防禦指南：資訊安全架構實務典範 https://bit.ly/2HaWMsy CTF中區塊鏈入門教程 https://www.freebuf.com/articles/blockchain-articles/193357.html Python Flask：REST API筆記 https://bit.ly/2ABFnTV Windows Sandbox：輕量級桌面環境專為安全運行應用程序而設計 https://www.freebuf.com/sectool/193164.html How to debug Node.js in a Docker container https://bit.ly/2LXDN3p Secure socket programming in Python https://medium.com/@md.julfikar.mahmud/secure-socket-programming-in-python-d37b93233c69 Get 10 Popular Books To Learn Advanced Hacking [2018 Bundle] https://bit.ly/2AFjkvy Dispatch Tables in Python https://medium.com/@andreacolangelo/dispatch-tables-in-python-d37bcc443b0b The React Handbook https://bit.ly/2FogUVw J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機 IT/OT/IoT數據全面匯流　莫讓物聯網成為網路威脅互聯網 https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000551515_TML40DD82EC8OA4CKTRK6 【2019 年資安預測】銀髮族可能成為智慧裝置攻擊的第一個受害者 https://blog.trendmicro.com.tw/?p=58415 非萬靈丹！AI完整訓練才能不出錯 https://bit.ly/2TsWhva AI 偽造色情影片流竄，女星 Scarlett Johansson 坦言無能為力 http://technews.tw/2019/01/04/scarlett-johansson-can-not-stop-deepfakes-fake-porn/ 物聯網裝置存漏洞 3貼士保安全 https://www.hkpc.org/zh-HK/corporate-info/media-centre/media-focus/203-corp-info/media-focus/7794-iot3st 防駭客入侵　日本 Denso 與 Dellfer 簽訂車聯網資安協議 https://www.7car.tw/articles/read/54982 本年首個科技趨勢預測人工智能及數據安全獨領風騷 https://bit.ly/2SMSQiE 15%智慧門鎖　小黑盒能破解.它一出:輕易開 https://bit.ly/2LXF4rd 從晶片、系統到雲端全面備戰　物聯網資安危機/商機並呈 https://www.mem.com.tw/arti.php?sn=1901080004 DTA 2019創新創業論壇邀麻省理工教授開講 https://www.chinatimes.com/newspapers/20190109000390-260210 2018年IoT那些事 https://www.freebuf.com/articles/terminal/193303.html Most home routers don't take advantage of Linux's improved security features https://zd.net/2RxWj7n Expert View: Building a Future-Proof Smart Home https://medium.com/edtech-trends/expert-view-building-a-future-proof-smart-home-70ddb60e3611 Raspberry Pi 3: Testing out Manjaro ARM 18.12 https://www.zdnet.com/article/raspberry-pi-3-testing-out-manjaro-arm-18-12/#ftag=RSSbaffb68 Autonomous Robot Hit And ‘Killed’ By Self-Driving Tesla https://www.unilad.co.uk/technology/autonomous-robot-hit-and-killed-by-self-driving-tesla/ Worldwide spending on IoT to reach $745 billion in 2019 https://www.helpnetsecurity.com/2019/01/09/worldwide-iot-spending-2019/ Singapore utility group rolls out first batch of electric vehicle charging points https://www.zdnet.com/article/singapore-utility-group-rolls-out-first-batch-of-electric-vehicle-charging-points/#ftag=RSSbaffb68 K.CTF NeverLAN CTF 2019 https://ctftime.org/event/706 STEM CTF: Cyber Challenge 2019 https://ctftime.org/event/661 DEF CON CTF 2019 Quals https://www.oooverflow.io/dc-ctf-2019-quals/ CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair https://bit.ly/2CWltVm Official Website of CTF 2019 - The 16th China International Tire and Wheel (Qingdao) Fair, Qingdao, China https://bit.ly/2VnsC8p International Conference CONSTRUCTIVE THEORY OF FUNCTIONS - 2019 SOZOPOL, June 2 - 8, 2019 http://www.math.bas.bg/mathmod/CTF-2019/ NeverLAN CTF https://neverlanctf.com/ 6.近期資安活動及研討會【課程】用Google TensorFlow實作推薦系統，讓機器學習應用各種商務情境、提升商品曝光達到精準行銷 1/12 https://bit.ly/2PysEaH 【課程】自製Tinker Board、小車跟著走。ASUS開發板Tinker Board智慧工作坊，第一節～開課 1/12 https://www.techbang.com/posts/63531-asus-high-performance-sbc-tinker-board-smart-robot-car-making-course COBINHOOD x INSIDE 虛擬貨幣暨區塊鏈新知交流會 2019-01-12(六) 14:00 ~ 17:30 (GMT+8) https://www.accupass.com/event/1812280802071741265805 Amber MD 軟體訓練課程 ( 延後至 2019/01/14 開課) 2019/01/14 (一) ～ 2019/01/15 (二) https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3706&from_course_list_url=homepage Corda Taipei Meetup #8 - firechat with Ben Tan( R3 Solution Architect 解決方案架構師) Wednesday, January 16, 2019 https://www.meetup.com/Taipei-Corda-Meetup/events/257129225/ 易禧創意｜【AR/VR擴增虛擬實境】實戰課(6hr) 2019-01-14(一) 19:00 ~ 2019-01-16(三) 22:00 (GMT+8) https://www.accupass.com/event/1811300243489098237350 【課程】Webduino x AIoT 影像辨識實作，自製 Camera 雲台機構、實作影像處理與物體追蹤，打造 AIoT 應用 1/19 https://www.techbang.com/posts/63282-course-webduino-x-aiot-image-identification-practice 【講座】2019年5G通訊產業趨勢(台北場) 2019-01-19(六) 18:30 ~ 21:30 (GMT+8) https://www.accupass.com/event/1811300349581657089441 Binance Blockchain Week Singapore 2019 - Binance Conference 2019-01-21(一) 08:30 ~ 2019-01-22(二) 18:00 (GMT+8) https://www.accupass.com/event/1812051911121792888735 Taipei 暗号通貨 (Cryptocurrency) Meetup Wednesday, January 23, 2019 https://bit.ly/2VgDPr1 Deep Learning Conversations and the Happy Hour Wednesday, January 23, 2019 https://www.meetup.com/Deep-Learning-Conversations/events/vqkwnqyzcbfc/ Taipei.py 一月月會 (Monthly Meeting) 2019 Thursday, January 24, 2019 https://www.meetup.com/Taipei-py/events/257299890/ 程式不再是風潮，是未來趨勢【7年級以上.國高中】C++程式設計專題班 2019-01-21 ~ 2019-01-30 https://www.accupass.com/event/1810250742361123352640 超強區塊鏈應用開發實戰課程(週六班) 2019-01-26(六) 13:00 ~ 17:00 (GMT+8) https://www.accupass.com/event/1812030821059275625140 第二屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會 2019-02-20(三) 09:00 ~ 17:30 (GMT+8) https://www.accupass.com/event/1811190218087771003780 【PowerPoint簡報極限使用】2月主題：十倍速PPT製作 2019-02-20(三) 19:00 ~ 22:00 (GMT+8) https://www.accupass.com/event/1810161307265689597830 iTHome 台灣雲端大會 Cloud Summit 2019 Call for paper 截止日 2 月 22 日 https://cloudsummit.ithome.com.tw/cfp/ iTHome 台灣雲端大會 Cloud Summit 2019 2019年 5 月 15 日 (三) 09:00~17:00 https://cloudsummit.ithome.com.tw/ Splunk .conf 19 10/21 ~ 10/24 https://conf.splunk.com/