資安事件新聞週報 2022/4/11 ~ 2022/4/15
1.重大弱點漏洞/後門/Exploit/Zero Day
Apple 緊急發布2個零日漏洞補丁
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9796
Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software
https://thehackernews.com/2022/04/critical-auth-bypass-bug-reported-in.html
Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities
https://thehackernews.com/2022/04/microsoft-issues-patches-for-2-windows.html
Critical LFI Vulnerability Reported in Hashnode Blogging Platform
https://thehackernews.com/2022/04/critical-lfi-vulnerability-reported-in.html
網頁伺服器Nginx傳出與LDAP有關的零時差漏洞
https://securityonline.info/nginx-zero-day-rce-vulnerability-alert/
NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation
https://thehackernews.com/2022/04/nginx-shares-mitigations-for-zero-day.html
微軟CVE-2022-26809漏洞出現攻擊程式只是早晚的問題?專家警告快修補
https://www.ithome.com.tw/news/150440
Microsoft's New Autopatch Feature to Help Businesses Keep Their Systems Up-to-Date
https://thehackernews.com/2022/04/microsofts-new-autopatch-feature-to.html
微軟新推Autopatch服務,Windows Enterprise E3以上企業用戶將於7月可免費使用
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839#_note2
研究人員針對微軟甫修補的RPC漏洞提出警告,呼籲Windows用戶儘速安裝相關更新軟體
https://reurl.cc/b24Nly
微軟4月例行修補修復119個漏洞,其中有2個零時差漏洞
https://reurl.cc/o1zYvg
快更新 Windows 電腦!微軟點名有 10 個嚴重、115 個重要資安漏洞
https://3c.ltn.com.tw/news/48571
VMware於4月初公布身分管理平臺重大漏洞,本週已出現漏洞利用攻擊
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-vmware-cve-2022-22954-bug-patch-now/
Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure
https://thehackernews.com/2022/04/critical-vmware-cloud-director-bug.html
美國CISA再要求聯邦政府優先修補8項漏洞,包含WatchGuard與微軟已遭成功利用的漏洞
https://reurl.cc/A7n3yQ
開源內容管理平臺Directus修補可允許文件任意執行JS的重大漏洞
https://www.zdnet.com/article/xss-vulnerability-patched-in-directus-data-engine-platform
俄羅斯NPM開發者竄改event-source-polyfill套件,希望俄羅斯政府能結束烏克蘭戰爭
https://www.bleepingcomputer.com/news/security/third-npm-protestware-event-source-polyfill-calls-russia-out/
圖像式WordPress網站建置外掛程式Elementor出現RCE漏洞,恐波及逾百萬網站
https://www.pluginvulnerabilities.com/2022/04/12/5-million-install-wordpress-plugin-elementor-contains-authenticated-remote-code-execution-rce-vulnerability/
HP旗下的遠端桌面解決方案Teradici存在漏洞,恐波及1,500萬臺電腦
https://www.bleepingcomputer.com/news/security/critical-hp-teradici-pcoip-flaws-impact-15-million-endpoints/
Intel更新ControlFlag,用AI可發現PHP程式碼中潛在漏洞
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9807
快更新 Chrome!Google 緊急釋出重要安全更新
https://3c.ltn.com.tw/news/48611
2.銀行/金融/保險/證券/支付系統/金融監理 新聞及資安
Anonymous Just Hacked Russia’s Central Bank
https://alan-12169.medium.com/anonymous-just-hacked-russias-central-bank-be2d7f91a3f4
資安頻出包被罰 國泰世華銀回應了
https://wantrich.chinatimes.com/news/20220412900763-420101
系統出包 國泰世華銀遭重罰增資停設ATM
https://ctee.com.tw/news/finance/625814.html
量子運算如雙刃刀 金融業關注資安
https://reurl.cc/g2knzp
土銀今年聚焦ESG 拚五大營運重點
https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=d1e764ae-1258-40a4-ab1f-a10ee02dc230
金融世界的新戰爭型態不容小覷 專家籲強化台灣金融韌性
https://times.hinet.net/topic/23858724
金融戰爭得失 台灣應借鏡
https://wantrich.chinatimes.com/news/20220414900416-420501
3.電子支付/行動支付/pay/資安
想當人體信用卡?英國公司幫你植入微晶片 從此嗶手不嗶卡
https://dq.yam.com/post/14857
華為支付來了 行動支付大戰開打
https://www.chinatimes.com/newspapers/20220407000690-260301?chdtv
華為殺入行動支付 微信、支付寶迎新勁敵
https://ctee.com.tw/news/china/621355.html
財政部推出「手機報稅2.0」資料可修改且新增行動支付及電子支付帳戶繳稅
https://reurl.cc/o1zKRM
樂購蝦皮疑規避監理 金管會查支付交易金流
https://www.cardu.com.tw/news/detail.php?45880
電子支付APP 掃碼繳稅最便利
https://reurl.cc/e3vVzj
提高太平洋地區數碼支付的安全性:南太平洋銀行與Netcetera 合作
https://money.udn.com/money/story/12987/6242010
擴大 FinTech 版圖,PChome 子公司併購喬睿科技
https://finance.technews.tw/2022/04/13/pchome-makes-strategic-investment-in-cherri-tech-inc/
悠遊卡越來越少人用?致命關鍵曝光
https://reurl.cc/Wra8ND
4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約 資安
NFT 101
https://medium.com/madworld-nft/nft-101-bc5c9bdf15
Ethereum Developer Jailed 63 Months for Helping North Korea Evade Sanctions
https://thehackernews.com/2022/04/ethereum-developer-jailed-63-months-for.html
Rarible NFT Marketplace Flaw Could've Let Attackers Hijack Crypto Wallets
https://thehackernews.com/2022/04/rarible-nft-marketplace-flaw-couldve.html
駭客盯上NFT.加密幣風潮 周杰倫.余文樂損失上千萬
https://globalnewstv.com.tw/202204/183658/
虛擬貨幣平台「派網」帳戶遭駭 綠委憂中資背景恐引發國安問題
https://tw.appledaily.com/local/20220412/RJSAFLTUA5ECTLWLQGCUSZ2KCM/
加密貨幣專家因向朝鮮提供規避制裁的建議而入獄
https://news.cnyes.com/news/id/4853073
Ronin 駭客事件後:Axie Infinity 正在經歷至暗時刻
https://reurl.cc/0pgWrA
Coinbase 市占率遭瓜分、交易額縮水,今年股價摔 40%
https://finance.technews.tw/2022/04/13/coinbase-shares-fell-40-percent-this-year/
安全公司:TheArmorsNFT項目的discord遭受駭客入侵
https://news.cnyes.com/news/id/4853299
攻擊Ronin的駭客向中間地址轉入3302.6枚以太坊,並將1400枚以太坊轉入Tornado Cash
https://news.cnyes.com/news/id/4853353?exp=a
Tornado Cash:駭客最愛的混幣器與平民的隱私工具
https://reurl.cc/yr1AzM
Pi Netwrok應用已經被駭客植入了木馬程式
https://www.pi0314.com/2022/04/pi-netwrok-pipi.html
打造安全資產護城河 幣託台幣信託 5 月正式上線
https://money.udn.com/money/story/11799/6239859
元宇宙帶動區塊鏈金融投資,詐騙手法需注意
https://news.pts.org.tw/article/576127
美國財政部將Ronin跨鏈橋攻擊者地址與朝鮮駭客組織相關聯並納入制裁
https://news.cnyes.com/news/id/4853855
FBI:北韓駭客盜取6.2億加密貨幣
https://www.rti.org.tw/news/view/id/2130086
美國執法部門將北韓犯罪集團與5.4億美元加密貨幣失竊案關聯起來
https://reurl.cc/zZg5m6
Ronin Chain被駭超6億美元,美財政部確認由北韓駭客組織Lazarus所為
https://news.cnyes.com/news/id/4853964
美國證實是北韓駭客盜走《Axie Infinity》6.25億美元的虛擬貨幣
https://www.4gamers.com.tw/news/detail/52716/north-korean-hackers-linked-to-620-million-axie-infinity-crypto-heist
NFT遊戲被駭180億元 FBI查出:北韓駭客幹的
https://www.appledaily.com.tw/international/20220415/VOF3E2H6ARAKHMRPDJ75OXGCIY/
FBI抓包 金正恩派駭客偷走價值179億加密貨幣
https://ec.ltn.com.tw/article/breakingnews/3894698
Robinhood上架SOL、SHIB、COMP、MATIC,芝商所正考慮推出 SOL、ADA 期貨
https://news.cnyes.com/news/id/4852640
Fireblocks與支付巨頭FIS合作為機構級用戶提供加密入口
https://news.cnyes.com/news/id/4853015
建金融防線!北京推數位人民幣 欲破美元霸權
https://reurl.cc/NA1Nl6
印度加密交易所Coin Switch Kuber在其行動應用中臨時禁用盧比存款
https://news.cnyes.com/news/id/4852192
華爾街加速擁抱加密貨幣,金融精英為何引頸期盼比特幣ETF登場
https://www.bnext.com.tw/article/68558/bitcoin-spot-etf-wall-street
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
美國汽車工具製造商Snap-on遭Conti勒索軟體攻擊
https://www.bleepingcomputer.com/news/security/snap-on-discloses-data-breach-claimed-by-conti-ransomware-gang/
出現可攔截通話並偽冒銀行電話語音的金融木馬
https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/?web_view=true
Sophos:攻擊者入侵伺服器長達5個月 部署Lockbit勒索軟體
https://www.ctimes.com.tw/DispNews/tw/Sophos/2204141418LO.shtml
一台美國政府伺服器遭潛入5 個月並被部署勒索軟體
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9809
勒索軟體LockBit在美國地方政府的網路埋伏半年才發動攻擊
https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/
微軟、ESET等多家資安業者聯手破壞殭屍網路ZLoader
https://www.welivesecurity.com/2022/04/13/eset-takes-part-global-operation-disrupt-zloader-botnets/
直接攻擊發電廠的惡意軟體 Industroyer 試圖切斷烏克蘭電網,ESET和微軟成功阻止網路攻擊
https://www.techbang.com/posts/95574-with-the-help-of-eset-and-microsoft-ukraine-successfully
多支惡意 Android 應用程式使用資料竊取 SDK,下載多達 4,500 萬次
https://blog.twnic.tw/2022/04/13/22781/
挖礦程式專攻AWS Lambda 用戶外洩帳戶資料損失自負
https://www.wepro180.com/lambda220414/
殭屍網路病毒Enemybot感染多種處理器架構的設備,以發動DDoS攻擊
https://www.fortinet.com/blog/threat-research/enemybot-a-look-into-keksecs-latest-ddos-botnet
殭屍網路Fodcha利用裝置漏洞與暴力破解工具發動攻擊
https://blog.netlab.360.com/fodcha-a-new-ddos-botnet/
竊密軟體ZingoStealer兼具讓駭客投放其他惡意軟體的功能
https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html
駭客以提供Windows 11用戶Android子系統功能為幌子,散布惡意軟體
https://www.bleepingcomputer.com/news/security/windows-11-tool-to-add-google-play-secretly-installed-malware/
駭客組織OldGremlin以金融卡停用為由入侵俄羅斯組織,發動勒索軟體攻擊
https://blog.group-ib.com/oldgremlin_comeback
駭客鎖定烏克蘭政府機關散布惡意軟體IcedID,並針對協作平臺Zimbra漏洞下手
https://www.bleepingcomputer.com/news/security/hackers-target-ukrainian-govt-with-icedid-malware-zimbra-exploits/
Pysa Ransomware IOC
https://www.prodaft.com/resource/detail/pysa-ransomware-group-depth-analysis
Kaspersky report on Emotet modules and recent attacks
https://securelist.com/emotet-modules-and-recent-attacks/106290/
Enemybot: A Look into Keksec's Latest DDoS Botnet
https://www.fortinet.com/blog/threat-research/enemybot-a-look-into-keksecs-latest-ddos-botnet
Tarrask malware uses scheduled tasks for defense evasion
https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/
The Fodcha botnet that made a fortune
https://blog.netlab.360.com/men-sheng-fa-da-cai-fodchajiang-shi-wang-luo/
Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload
https://www.trendmicro.com/en_no/research/22/d/Thwarting-Loaders-From-SocGholish-to-BLISTERs-LockBit-Payload.html
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/d/thwarting-loaders-from-socgholish-to-blisters-lockbit-payload/iocs-thwarting-loaders-socgholish-blister.txt
Recent attacks by Bahamut group revealed
https://mp.weixin.qq.com/s/YAAybJBAvxqrQWYDg31BBw?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=zh-CN
CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/d/spring4shell/IOCs-Spring4Shell.txt
https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html
Bruteforce attack against RDP - Honeypot
https://otx.alienvault.com/pulse/6255385287c2737fd13b0250
Cyberattack by Sandworm Group (UAC-0082) on energy facilities of Ukraine using malicious programs INDUSTROYER2 and CADDYWIPER
https://cert.gov.ua/article/39518
SystemBC Being Used by Various Attackers
https://asec.ahnlab.com/en/33600/
MoqHao Part 2: Continued European Expansion
https://team-cymru.com/blog/2022/04/07/moqhao-part-2-continued-european-expansion/
Look out for Octo's tentacles! A new on-device fraud Android Banking Trojan with a rich legacy
https://www.threatfabric.com/blogs/octo-new-odf-banking-trojan.html
Snow abuse and gluttony: Analysis of suspected Lazarus attack activities against Korean companies
https://mp.weixin.qq.com/s/kcIaoB8Yta1zI6Py-uxupA
New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns
https://unit42.paloaltonetworks.com/solarmarker-malware/
New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt
https://thehackernews.com/2022/04/new-enemybot-ddos-botnet-borrows.html
Microsoft Disrupts ZLoader Cybercrime Botnet in Global Operation
https://thehackernews.com/2022/04/microsoft-disrupts-zloader-cybercrime.html
Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers
https://thehackernews.com/2022/04/microsoft-exposes-evasive-chinese.html
Russian Hackers Tried Attacking Ukraine's Power Grid with Industroyer2 Malware
https://thehackernews.com/2022/04/russian-hackers-tried-attacking.html
E.U. Officials Reportedly Targeted with Israeli Pegasus Spyware
https://thehackernews.com/2022/04/eu-officials-reportedly-targeted-with.html
Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware
https://thehackernews.com/2022/04/hackers-exploiting-spring4shell.html
Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity
https://thehackernews.com/2022/04/researchers-connect-blackcat-ransomware.html
Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free
https://thehackernews.com/2022/04/haskers-gang-gives-away-zingostealer.html
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
How to prevent hackers from reverse engineering your Android apps
https://proandroiddev.com/how-to-prevent-hackers-from-reverse-engineering-your-android-apps-2981661ab1c2
Android — 1 Minute guide to Useful Tips and Libraries in 2022
https://blog.canopas.com/android-development-best-practices-2022-203682a440f5
烏克蘭國安部門警告新一波網路攻擊鎖定Telegram用戶,目的是騙取帳號權限
https://thehackernews.com/2022/04/ukraine-warns-of-cyber-attack-aiming-to.html
Android用戶警惕 黑客用假黑屏登銀行帳戶
https://www.ntdtv.com/b5/2022/04/12/a103398389.html
美國國防部鼓勵企業建立開源互通 5G 系統
https://unwire.pro/2022/04/12/5g-2/news/
安全團隊:Discord用戶需警惕不明來歷的私信圖片
https://news.cnyes.com/news/id/4852200
Uber加密電話背後功臣是它,雲端通訊平台Twilio助應用程式融入電話、簡訊功能
https://www.bnext.com.tw/article/68511/twilio-us-co
網曝「某款手機」安全漏洞多 惡意代碼橫行 帳密權限恐遭竊取
https://www.chinatimes.com/realtimenews/20220412004737-260405?chdtv
臺灣企銀行動銀行App 推出Wi-Fi安全偵測
https://money.udn.com/money/story/5636/6236578
無線網路進化 智慧管理抗干擾易維運 6E蓄勢待發 Wi-Fi新設備卡位
https://www.netadmin.com.tw/netadmin/zh-tw/market/35A5847BEBC84A56BA754E49720CB15F
港人常用社交媒體收集多達19種用戶資料 FB、IG及WhatsApp均上榜
https://reurl.cc/415b3V
免用實聯制 社交距離APP進化:秒通知接觸記錄
https://www.businessweekly.com.tw/focus/blog/3009537
安裝「台灣社交距離」App未來免掃實聯制:手機耗電量微乎其微,去識別化標籤保隱私
https://www.thenewslens.com/article/165475
小心!資安公司示警這2款APP 暗藏木馬病毒
https://www.chinatimes.com/realtimenews/20220415002957-260412?chdtv
TikTok 封鎖俄羅斯計畫失敗 反成烏俄戰爭宣傳利器
http://n.yam.com/Article/20220415827046
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
會將用戶導向惡意網站的重導服務,影響超過 16,500 個網站
https://www.twcert.org.tw/tw/cp-104-6003-99a7e-1.html
Panasonic證實加拿大分公司2月底遭到網路攻擊
https://techcrunch.com/2022/04/11/panasonic-canada-ransomware/
在DevOps界知名的Atlassian雲端服務斷線7天,至今仍未完全恢復
https://jira-service-management.status.atlassian.com/
「嘸蝦米輸入法」官方公告網站屢遭攻擊,暫時關閉會員服務
https://boshiamy.com/index.php
會將用戶導向惡意網站的重導服務,影響超過 16,500 個網站
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9805
北韓駭客經由惡意部落格內容攻擊南韓智庫
https://intlfocus.ncc.gov.tw/xcdoc/cont?xsmsid=0J210565885111070723&sid=0M020411383877603476&sq=
印度多個政府官方推特賬號被入侵,駭客發布NFT相關詐騙網站
https://amp-news.cnyes.com/news/id/4851974
烏克蘭遭俄羅斯駭客攻擊!微軟與網路安全公司協助脫險
https://newtalk.tw/news/view/2022-04-13/738522
烏克蘭阻止俄羅斯駭客集團Sandworm針對該國電廠的攻擊
https://www.ithome.com.tw/news/150392
黑客干擾美國發電站設備 或導致化學洩漏、爆炸
https://reurl.cc/mo6kZj
一場「全方位的網絡大戰」正籠罩烏克蘭
https://reurl.cc/VDpWWR
(Daily Issue)烏俄衝突大打資訊戰 AI技術派上用場
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=1&id=0000631951_CQX8QT5R6GFC740JNHYB0
「現在只看到二、三流的俄羅斯駭客!」普京豢養的頂級網路殺手「沙蟲」,即將絕地大反攻
https://www.storm.mg/article/4289484
第四輪ATT&CK評估計畫結果出爐,以兩大俄羅斯駭客為攻擊發動者
https://www.ithome.com.tw/news/150394
駭客組織NB65攻擊俄羅斯航太機構的事故,疑似已經利用Conti原始碼作案
https://www.telegraph.co.uk/business/2022/04/11/russias-space-programme-hit-western-cyber-attack/
中國駭客Hafnium利用作業系統工作排程機制漏洞來規避偵測
https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/
中國當局加強遊戲直播管理 禁止違規遊戲直播、失德主播並強化成年人保護機制
https://gnn.gamer.com.tw/detail.php?sn=230601
FBI, Europol Seize RaidForums Hacker Forum and Arrest Admin
https://thehackernews.com/2022/04/fbi-europol-seize-raidforums-hacker.html
Finding Attack Paths in Cloud Environments
https://thehackernews.com/2022/04/finding-attack-paths-in-cloud.html
Chinese Hacker Groups Continue to Target Indian Power Grid Assets
https://thehackernews.com/2022/04/chinese-hacker-groups-continue-to.html
JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots
https://thehackernews.com/2022/04/new-jekyllbot5-flaws-let-attackers-take.html
成長駭客_M01
https://www.104.com.tw/job/6frwd?jobsource=jlisthotkeywords
[2022 資安大會] 5/17~5/19 展場工讀生
https://www.104.com.tw/job/7lm17
資安技術工程師
https://www.1111.com.tw/job/98737389/
資安副理 (資安服務部)
https://www.104.com.tw/job/7lqjo
(科政中心)資安或科技政策研究人員(碩士、博士)111020
https://www.104.com.tw/job/7lpvl
資安工程師-台北/新竹(37Z)
https://www.104.com.tw/job/7lqch
醫療資訊室(資訊組)院聘資訊工程師(資安)
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=48309&HIRE_ID=11116757
TS-資安人員
https://www.104.com.tw/job/7lree?jobsource=cj2008
精誠配發5元股利 今年擴大招募逾千人
https://today.line.me/tw/v2/article/1Dp0xnp
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
Fake News about our Fake News Study Spread Faster than its Truth… Just as We Predicted
https://sinanaral.medium.com/fake-news-about-our-fake-news-study-spread-faster-than-its-truth-just-as-we-predicted-77db6d9ca8c8
資料外洩警示! 剖析2022Q1的 3個 SaaS App攻擊事件
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9803
Google Sues Scammer for Running 'Puppy Fraud Scheme' Website
https://thehackernews.com/2022/04/google-sues-scammer-for-running-puppy.html
美國福斯新聞因配置錯誤,導致1300萬條敏感記錄無保護的讓外部都可存取
https://www.hackread.com/fox-news-exposed-13-million-sensitive-records-online/
駭客裸照恐嚇要錢 受害者:拒妥協不願被威脅
https://reurl.cc/XjDQEe
最新網購詐騙手法 你銀行存款會「一次被領光光」
https://vocus.cc/article/6256405cfd89780001dff6c2
庫克全球私隱高峰會上批反壟斷法規 稱開放側載危害用戶資安
https://news.cnyes.com/news/id/4852414
庫克批反壟斷監管,稱一些政策會傷害iPhone用戶隱私
https://news.knowing.asia/news/7b8979b2-0a99-400c-9ec6-5058e082815d
駭客組織匿名者攻陷俄羅斯3個大型企業,竊得逾400 GB資料
https://www.hackread.com/anonymous-hits-russian-entities-leaks-400-gb-emails/
詐騙老梗頻現 龜山警同行員合力阻詐保48萬元
https://times.hinet.net/news/23859968
假檢警騙健保卡遭冒用 8旬老婦險匯「擔保款」36萬元
https://udn.com/news/story/7320/6238253
越來越多的商業郵件詐騙手法更為詭詐,難以透過行為和意圖識破
https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/navigating-new-frontiers-trend-micro-2021-annual-cybersecurity-report
俄烏戰爭下,假消息成蔓延全球的新戰場!如何在社群上避免以訛傳訛
https://www.bnext.com.tw/article/68466/fake-news-ylib-sa
5電商名列資安高風險 個資易遭盜
https://www.cyberangel.org.tw/tw/cap-news/cap-news/item/5-2
因應5/1勞動節和疫情影響,勞動部體恤勞工發放補助金5000元?惡作劇連結
https://www.mygopen.com/2022/04/515000.html
連比爾蓋茲都上當!一個華爾街騙子,如何靠「行善又能致富」騙全球菁英
https://www.businessweekly.com.tw/business/blog/3009555
網傳影片稱「德國在聯合國的發言,烏克蘭人為西方虛假的承諾付出了代價」
https://tfc-taiwan.org.tw/articles/7201
1999錄音分析恐違個資法!議員疑把關失靈 資訊局長提2解方
https://tw.appledaily.com/life/20220414/GEYEEN25KVBNJEV5FXZADWTIW4/
E.研究報告/工具
OpenSSH 9.0開始採用後量子密碼,因應日後量子破密威脅
https://www.phoronix.com/scan.php?page=news_item&px=OpenSSH-9.0-Released
協助資安長 (CISO) 評估市場主流資安解決方案的Mitre Engenuity ATT&CK Evaluations 為何重要
https://blog.trendmicro.com.tw/?p=71898
How to make Excel look less like… Excel
https://datastudio.medium.com/how-to-make-excel-look-less-like-excel-8eb91b75ab8f
How to Start Bug Bounties 101 & How to Make a Million in 4 Years
https://ozguralp.medium.com/how-to-start-bug-bounties-101-how-to-make-a-million-in-4-years-e15ee62d6f4
The Dark Truth about VPN
https://medium.com/geekculture/the-dark-truth-about-vpn-cb2d8d9735ad
DevOps Roadmap 2022
https://faun.pub/devops-roadmap-2022-340934d360f9
How I bypassed 403 forbidden domain using a simple trick
https://janmuhammadzaidi.medium.com/how-i-bypassed-403-forbidden-domain-using-a-simple-trick-c2d538de04b8
Give me a browser, I’ll give you a Shell
https://systemweakness.com/give-me-a-browser-ill-give-you-a-shell-de19811defa0
How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public Program
https://infosecwriteups.com/how-i-was-able-to-find-50-cross-site-scripting-xss-security-vulnerabilities-on-bugcrowd-public-ba33db2b0ab1
What the Apps Ukrainians Are Downloading Tell Us About Their Situation
https://debugger.medium.com/what-the-apps-ukrainians-are-downloading-tell-us-about-their-situation-2dd8d8404a1b
Advanced exploratory data analysis (EDA) with Python
https://medium.com/epfl-extension-school/advanced-exploratory-data-analysis-eda-with-python-536fa83c578a
3 Design Patterns Every Developer Should Learn
https://blog.bitsrc.io/3-design-patterns-every-developer-should-learn-71a51568ac9d
Are You a Python Developer? Check If You Have These 12 Skills
https://medium.com/illumination/are-you-a-python-developer-check-if-you-have-these-12-skills-96765cdbb78f
Spotify Data Analysis and Visualisation with Python
https://blog.devgenius.io/spotify-data-analysis-with-python-a727542beaa7
Python: Scrape Any Website in Seconds with One Line of Code
https://medium.com/@alains/python-scrape-any-website-in-seconds-with-one-line-of-code-574e4bd57005
PHP Is Dying Fast
https://levelup.gitconnected.com/php-is-dying-a3805e23a3b8
DevOps & DecSecOps Roadmap [From beginner to an expert]
https://faun.pub/devops-decsecops-roadmap-from-beginner-to-an-expert-c3e4fca2b347
UI/UX Roadmap for Beginners
https://medium.com/@sahubablu22/ui-ux-roadmap-for-beginners-6601d15027ca
Code like there is no if-statement
https://medium.com/@shirkavand/code-like-there-is-no-if-statement-36ca170c2b92
Could Spain Finally Be About to Join the 21st Century
https://marker.medium.com/could-spain-finally-be-about-to-join-the-21st-century-2aea9547e3e3
10 SQL Queries You Should Know as a Data Scientist
https://selectfrom.dev/10-sql-queriesyou-should-know-as-a-data-scientist-8bf616204765
Stop Using JSON Web Tokens For Authentication (The wrong way)
https://betterprogramming.pub/stop-using-json-web-tokens-for-authentication-use-stateful-sessions-instead-c0a803931a5d
Goodbye HTML. Hello Canvas
https://javascript.plainenglish.io/goodbye-html-hello-canvas-part-1-92f750961666
Cross-Regional Disaster Recovery with Elasticsearch
https://thehackernews.com/2022/04/cross-regional-disaster-recovery-with.html
Researchers warn of FFDroider and Lightning info-stealers targeting users in the wild
https://thehackernews.com/2022/04/researchers-warn-of-ffdroider-and.html
As State-Backed Cyber Threats Grow, Here's How the World Is Reacting
https://thehackernews.com/2022/04/as-state-backed-cyber-threats-grow.html
F.商業
鼎新電腦助企業輕鬆啟用MDR、快速有效瞬間提升資安防禦力
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9779
Dropbox 推出 HelloSign 電子簽名模板、Dropbox Backup 新備份工具
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9798
OPSWAT 為關鍵基礎設施推出資安行動實驗室 - CyberTrailer
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9801
Westcon成為 Efficient iP台灣區代理商
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9802
私募基金Thoma Bravo以69億美元收購身分安全管理業者SailPoint
https://investors.sailpoint.com/news/2022/04-11-2022-114519925
HelpSystems併購資安培訓平臺業者Terranova Security
https://www.helpnetsecurity.com/2022/04/09/helpsystems-terranova-security/
Cymetrics 結盟是方電訊 提供雲端資安服務
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/E391E0155EEB414C80D03ECB95E4BA46
NordVPN 免費加入全方位威脅防護功能 提供進一步安全保障
https://unwire.hk/2022/04/13/nordvpn-threat-protection/life-tech/
KKR擬收購資安企業Barracuda 交易價值估40億美元
https://turnnewsapp.com/livenews/global/A06626002022041303090922
全球最大半導體設備商AMAT入股京鼎
https://www.1111.com.tw/news/jobns/145117
Citrix 發佈全新 Citrix Virtual Apps and Desktops 2203 LTSR 長期服務版本
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/23DDA792593F46B0A1A2B7E16E3904A0
Fortinet 最新升級!FortiOS 7.2 新增超過 300 項功能,為企業打造資安基礎架構
https://news.sina.com.tw/article/20220414/41603136.html
Westcon宣布成為Efficient iP台灣區代理商
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=16&id=0000633182_W100740K9JB0XI1HF5S6V
和碩聯合科技攜手微軟 以 RPA 化繁為簡全面加速數位轉型
https://www.businessweekly.com.tw/business/indep/1002298
G.政府
第3屆ICANN APAC-TWNIC 邀請全球網路意見領袖共同探討網路治理議題
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9800
綠委拋成立數位指揮中心防資訊戰 蘇貞昌:已有防錯假訊息防制平台
https://www.rti.org.tw/news/view/id/2129813
經民連批金管會為中資蝦皮開後門:「中國武力犯臺前,臺灣恐先經濟亡國!」
https://musou.watchout.tw/read/SIeng5lR0KgO8WzqJOXf
31億蝦皮金流當機沒人管?民團批金管會放水 要求立院速審法規
https://newtalk.tw/news/view/2022-04-13/738836
NCC:低軌衛星涉頻譜開放 未來由數發部掌管
https://www.cna.com.tw/news/afe/202204140245.aspx
立法委員高虹安:資安成國家重要課題,望台灣能打造出自助、助人的資安國家隊
https://news.knowing.asia/news/c4073007-db73-495c-983c-7383b6466c52
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
美國警告國家級駭客鎖定ICS、SCADA系統發動攻擊
https://www.bleepingcomputer.com/news/security/us-warns-of-govt-hackers-targeting-industrial-control-systems/
美示警:駭客已能攻擊關鍵基礎設施
https://reurl.cc/LmjnYL
美國CISA發布AA22-103A警報:關鍵基礎設施及製造業提防PLC被Pipedream攻陷
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9813
101 DATA SCIENCE with Cheat Sheets (ML, DL, Scraping, Python, R, SQL, Maths & Statistics)
https://medium.com/@anushka.datascoop/101-data-science-cheat-sheets-ml-dl-scraping-python-r-sql-maths-statistics-ef30b4d786eb
工業網絡公司組建遊說團體,以應對美國政府加強監管
https://reurl.cc/x9x37V
俄羅斯駭客Sandworm鎖定烏克蘭能源供應商的ICS系統下手
https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
醫療機器人存在零時差漏洞JekyllBot:5,恐被攻擊者用於遠端控制
https://reurl.cc/OA7m6r
D-Link 無線路由器「這5款」舊機存重大漏洞!美國土部示警盡快停用
https://today.line.me/tw/v2/article/0MpY2X3
75% 資安事件曾造成生產線停擺!TXOne:打造智慧工廠必備「這 5 大資安思維」
https://buzzorange.com/techorange/2022/04/13/smart-manufacturing-security/
搶攻智慧醫療商機!趨勢科技執行長陳怡樺創立智趨動,加速仿生科技落地
https://www.bnext.com.tw/article/68548/smart-healthcare-trendmicro
以實現智慧城市為目標 三菱電機Diamond Controls 發揮關鍵作用
https://www.businessweekly.com.tw/careers/indep/1002303
博歐如何用區塊鏈技術使汽車身份認證更安全
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000633212_MCN1OH9L21747V1T5WT1F
無人機發展涉及資安 專家:應建立資通訊安全標準
https://reurl.cc/OA7RV3
I.教育訓練
中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班:全面招生中
https://www.cs.nycu.edu.tw/announcements/detail/8778
2022「證券期貨資訊安全實務養成課程」即日起開始報名
https://www.sfi.org.tw/news/news-7/3589
網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works)
https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw
不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書)
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html
【資安管理國際證照懶人包】學習心得、考試要點一次整理!2022 轉職夢幻工作看這篇
https://buzzorange.com/techorange/2021/12/30/isaca/
CISSP考試心得 – Benson
https://reurl.cc/GbWvxd
CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/
EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8
CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh
110年新進人員「校園資訊安全講座」教材
https://cc.nccu.edu.tw/p/406-1001-740,r18.php
【訓練教材D】資訊安全技術教育訓練教材
https://iscb.nchu.edu.tw/2019/07/d.html
109資通安全管理法數位教育訓練
https://reurl.cc/ARlmqp
110-1初級資訊安全工程師-資訊安全管理概論
https://yamol.tw/exam.php?id=104050
中大信息工程學系 栽培資訊科技領導人才
https://reurl.cc/ARZKDK
伊雲谷、中山大學產學合作 累積雲端資安人才能量
https://ctee.com.tw/industrynews/technology/587459.html
SANS Cyber Aces Online Tutorials
https://tutorials.cyberaces.org/tutorials.html
Free Online Cybersecurity Courses (MOOCs)
https://www.cyberdegrees.org/resources/free-online-courses/
Develop Your Cybersecurity Skills
https://www.cybrary.it/catalog/cybersecurity/
Mobile App Security
https://www.cybrary.it/course/mobile-app-security/
Introduction to Cybersecurity
https://reurl.cc/bnaj6d
How to Tackle SaaS Security Misconfigurations
https://thehackernews.com/2021/11/how-to-tackle-saas-security.html
How to Build a Security Awareness Training Program that Yields Measurable Results
https://thehackernews.com/2021/11/how-to-build-security-awareness.html
Common Attacks
https://choson.lifenet.com.tw/?p=1174
6.近期資安活動及研討會
AIAA講座【台北場】:資安思維 X 政府應用AI案例 X 數位轉型 2022/4/16
https://www.accupass.com/event/2203031213512786993470
SP-ISAC【資安專題講座】網站安全面面觀 2022/04/19
https://reurl.cc/6EWjRM
網站應用程式安全 2022/04/19
https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19881
SDN x Cloud Native Meetup #47 2022/4/19
https://www.meetup.com/CloudNative-Taiwan/events/284821277/
Quarterly Professional Networking Event 2022/4/21
https://www.meetup.com/taiwan-digital-drinks/events/284733775/
2022 美台金融資安論壇 數位轉型下的資安再造 2022/04/21 ~ 2022/04/22
https://event.netmag.tw/202204ait/
南部場-公部門如何揪出潛伏資安威脅研討會(限政府機關報名) 2022/4/21
https://www.cisanet.org.tw/Course/Detail/2784
Python 數據分析一日工作坊 - 電商、Airbnb分析實戰 2022/4/23
https://www.meetup.com/PyLadiesTW/events/284972118/
區塊鏈與智慧資安女力論壇 2022/4/24
https://isipevent.kktix.cc/events/e58d0573
沙崙資安基地 線上免費課程:【資產盤點暨風險評鑑實務】 2022/04/26
https://bit.ly/3KmFTqW
資通安全電腦稽核-防火牆管理查核實例演練~稽核最佳實務演練 2022/04/28
https://www.acl.com.tw/news/news_display.php?id=1802
SEMI E187設備資安標準導入與實務研討會 2022/4/29
https://www.semi.org/zh/cybersecurity-standards-seminar
「資安鑑識課程-系列Ⅰ初級課程:資安科技基礎養成:滑鼠鍵盤敲起來【從密碼到資安】」線上研習 2022/4/29
https://docs.google.com/forms/d/1yS8JontNqGinMYUOaYj9aQ-Ov92yda7eFldgjotOAUs
K12的科技教育-除了程式還可以教什麼 2022/5/9
https://www.meetup.com/rladies-taipei/events/284421238/
元智資工高中生短期資訊課程-微插電資安體驗工作坊 2022/5/14
https://cse-yzu.kktix.cc/events/yzcs7
資安政策法規標準 2022/5/25 ~ 2022/5/26
https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19873
資訊安全系列課程系列九:機器學習與資安異常診斷實務(第1期) 2022/6/7
https://www.tabf.org.tw/CourseDetail.aspx?PID=487302
駭客奪旗攻防演練:金融資安人才養成專班(第1期) 2022/04/28~2022/06/09
https://www.tabf.org.tw/CourseDetail.aspx?PID=487750
國家高速網路與計算中心教育訓練 「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=homepage
風險導向資安稽核 2022/7/20
https://www.cisanet.org.tw/Course/Detail/2756
沒有留言:
張貼留言