資安事件新聞週報 2022/4/18 ~ 2022/4/22
1.重大弱點漏洞/後門/Exploit/Zero Day
Oracle Critical Patch Update for April 2022
https://www.oracle.com/corporate/security-practices/assurance/vulnerability/security-fixing.html
Juniper 近日發布更新以解決多個產品的安全性弱點
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=date%20descending&f:ctype=[Security%20Advisories]
https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-release-2011-L4?language=en_US
思科修補可繞過身分認證的無線網路控制器韌體漏洞
https://www.ithome.com.tw/news/150464
思科資安解決方案的管理遠端存取機制存在漏洞,恐被攻擊者竊取管理員帳密
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uva-static-key-6RQTRs4c
Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA
https://thehackernews.com/2022/04/cisco-releases-security-patches-for.html
駭客著手開採微軟今年2月修補的Windows Print Spooler漏洞
https://www.ithome.com.tw/news/150512
美國要求聯邦機構限期修補已遭利用的Print Spooler漏洞
https://www.bleepingcomputer.com/news/security/cisa-warns-of-attackers-now-exploiting-windows-print-spooler-bug/
聯想筆電韌體存在漏洞,攻擊者恐用於植入UEFI惡意軟體
https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/
威聯通公告部分NAS機種可能存在Apache HTTP伺服器漏洞,並提出緩解措施
https://www.qnap.com/zh-tw/security-advisory/qsa-22-11
QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities
https://thehackernews.com/2022/04/qnap-advises-users-to-update-nas.html
解壓縮軟體7-Zip出現漏洞,恐讓攻擊者獲得管理員權限
https://github.com/kagancapar/CVE-2022-29072#readme=
Google資安報告驚見58個零日漏洞、全球駭客攻擊創歷史新高
https://3c.ltn.com.tw/news/48696
Amazon's Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug
https://thehackernews.com/2022/04/amazons-hotpatch-for-log4j-flaw-found.html
Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails
https://thehackernews.com/2022/04/unpatched-bug-in-rainloop-webmail-could.html
Critical Chipset Bugs Open Millions of Android Devices to Remote Spying
https://thehackernews.com/2022/04/critical-chipset-bug-opens-millions-of.html
New Incident Report Reveals How Hive Ransomware Targets Organizations
https://thehackernews.com/2022/04/new-incident-report-reveals-how-hive.html
Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021
https://thehackernews.com/2022/04/google-project-zero-detects-record.html
Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild
https://thehackernews.com/2022/04/hackers-exploiting-recently-reported.html
New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
https://thehackernews.com/2022/04/new-lenovo-uefi-firmware.html
Critical RCE Flaw Reported in WordPress Elementor Website Builder Plugin
https://thehackernews.com/2022/04/critical-rce-flaw-reported-in-wordpress.html
Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System
https://thehackernews.com/2022/04/researchers-detail-bug-that-could.html
Microsoft 已發布公告以解決關鍵的遠端程式碼執行弱點
https://docs.microsoft.com/zh-tw/windows-server/storage/file-server/smb-secure-traffic
https://www.cisa.gov/uscert/ncas/current-activity/2022/04/13/microsoft-releases-advisory-address-critical-remote-code-execution
Researcher Releases PoC for Recent Java Cryptographic Vulnerability
https://thehackernews.com/2022/04/researcher-releases-poc-for-recent-java.html
Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud
https://thehackernews.com/2022/04/watch-out-cryptocurrency-miners.html
2.銀行/金融/保險/證券/支付系統/金融監理 新聞及資安
臺企銀行動銀行App 首推Wi-Fi安全偵測
https://wantrich.chinatimes.com/news/20220418900142-420101
駭客風暴帶來的教訓:北富銀善用瀑布式管理與敏捷導入,高效開發智能資安系統
https://www.managertoday.com.tw/articles/view/64972
擔心出門忘記帶錢包?英國新創在手上植入微晶片,讓你成為「人體信用卡」
https://meet.bnext.com.tw/articles/view/48970
手機報稅2.0升級 新增3大功能
https://ec.ltn.com.tw/article/breakingnews/3901954
統一超整合虛實通路 推繳稅服務平台
https://www.cna.com.tw/news/ahel/202204210092.aspx
3.電子支付/行動支付/pay/資安
街口電支的成長經驗:IT 團隊如何活用專案管理技術、撐過業務爆量期的陣痛
https://www.managertoday.com.tw/articles/view/64973
行動支付結帳時皮夾放一旁 3秒內就遭竊
https://reurl.cc/WrLy4D
悠遊卡公司總經理邱昱凱:「一卡一付」生態圈逐漸成形,望能實現無現金生活
https://reurl.cc/q58oDn
印度最大行動支付Paytm 誇口明年Q3前打平
https://reurl.cc/x90oDe
Meta Platforms在印度移動支付市場是如何落於人後的
https://reurl.cc/vd1onj
中華郵政i郵箱 首家電子支付上線
https://reurl.cc/o1dpLD
日本Uber Eats攜手樂天 將可使用樂天Pay電子支付服務
https://news.cnyes.com/news/id/4854994
為蝦皮放寬電子支付門檻?黃天牧怒回應
https://ctee.com.tw/news/policy/626317.html
金管會盯第三方支付 3家業者列電支預備生
https://www.cardu.com.tw/news/detail.php?45927
不只蝦皮交易超過10億元 兩家第三方支付亦逼近納管門檻
https://news.cnyes.com/news/id/4855817
Coinbase印度擴展受阻 盧比電子支付被國家機器終止
https://reurl.cc/mo97n7
電子消費券|街市不足三成檔販裝電子支付 檔販拆解一原因致卻步
https://reurl.cc/7DonXN
電子支付APP 掃碼繳稅最便利
https://reurl.cc/ZA7EO3
台灣超商揪甘心!中國人妻離開電子支付 直呼:交易不再是冰冷機器-民視新聞
https://www.ftvnews.com.tw/video/detail/EBYlzLzcTR0
4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約 資安
Beanstalk 遭閃電貸攻擊損失 1.8 億美元,穩定幣 $BEAN 脫鉤瞬崩跌 90%
https://www.blocktempo.com/attacker-drains-182m-from-beanstalk/
安全團隊:UglyPeopleNFT的Discord被駭客入侵
https://amp-news.cnyes.com/news/id/4854786
NFT項目Metaconz遭受攻擊,駭客利用惡意函數剝奪錢包權限
https://news.cnyes.com/news/id/4855024
比特幣與以太幣週一連袂下挫,比特幣盤中下滑3.57%,跌破4月低點
https://reurl.cc/QL3NLo
要價 2.5 ETH 矚目 NFT 項目《Moonbirds》發售 2 日內地板價飆升將近 8 倍
https://hypebeast.com/zh/2022/4/moonbirds-nft-proof-collective-opensea-volume-ranking
DeFi一個月竟然被偷兩次!穩定幣協議Beanstalk損失1.82億美元,創辦人回應:不該要我們負責
https://www.bnext.com.tw/article/68622/defi-attack-hacker
穩定幣協議 Beanstalk 遭閃電貸攻擊,BEAN 暴跌近 90%
https://smartrichs.com/stablecoin-protocol-beanstalk-was-attacked-by-flash-loan-bean-plummeted-by-nearly-90/
Robinhood推出加密錢包,加密資產離主流更進一步
https://hk.investing.com/analysis/article-100435
駭客鎖定加密錢包MetaMask用戶下手,竊取存放在iCloud的通關密語來掏空加密貨幣
https://www.bleepingcomputer.com/news/security/hackers-steal-655k-after-picking-metamask-seed-from-icloud-backup/
近一周Ronin駭客錢包地址累計轉出2.24萬枚ETH
https://news.cnyes.com/news/id/4855904?exp=a
Beanstalk Farms將商討項目重啟方案,並呼籲駭客返還90%被盜資金
https://news.cnyes.com/news/id/4855640
加密幣焦慮/夯到用來賄選?法務部長的憂慮有沒有道理
https://money.udn.com/money/story/5648/6253348
NFT市集Rarible存在漏洞,恐被攻擊者用於竊取NFT與Token
https://research.checkpoint.com/2022/check-point-research-detects-vulnerability-in-the-rarible-nft-marketplace-preventing-risk-of-account-take-over-and-cryptocurrency-theft/
CipherTrace報告|門羅幣正走向勒索軟體首選,駭客將比特幣贖金支付增10-20%溢價
https://www.blocktempo.com/monero-crypto-of-choice-as-ransomware/
北朝鮮電玩高手竊走NFT遊戲加密貨幣6.2億美金,驚動FBI出面調查
https://www.5richer.com/arts/42846.html
Web3時代!中國有條件開放NFT交易活動 專家:建議新手這麼做!
https://www.thehubnews.net/archives/95135
NFT、虛擬加密貨幣賺很大? 謹防騙子拿走這兩個東西,血本無歸
https://blog.trendmicro.com.tw/?p=71904
安全公司:illogicsNFT Discord兩名團隊成員的Discord帳戶被盜
https://news.cnyes.com/news/id/4857181?exp=a
盤點 13 起史上規模最大 DeFi 竊盜案,今年 Beanstalk 、Wormhole、Ronin 入列前五
https://www.blocktempo.com/13-biggest-defi-hacks-and-heists/
DeFi借貸協議YEED遭受攻擊,駭客獲利百萬卻被永久鎖定
https://news.cnyes.com/news/id/4857413
門羅幣成駭客勒索首選,比特幣同等溢價提升 20%
https://reurl.cc/VDXnd6
全方位保障交易安全 BingX交易所創下錢包零盜失歷史
https://www.thehubnews.net/archives/95642
駭客偏好從DeFi平臺盜取加密貨幣
https://blog.chainalysis.com/reports/2022-defi-hacks/
LINE開發NFT平台 首度在台招募區塊鏈技術團隊
https://www.rti.org.tw/news/view/id/2130815
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
風力發電大廠 Nordex 遭 Conti 勒贖攻擊,IT 系統與風機管理系統停擺
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9818
什麼是 RagnarLocker?FBI 發布舊勒索軟體家族的新警報
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9814
Mars Stealer惡意軟體潛藏於Google上之OpenOffice廣告
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9816
木馬程式RemcosRAT鎖定非洲銀行下手
https://threatresearch.ext.hp.com/malware-campaigns-targeting-african-banking-sector/
駭客組織Karakurt與勒索軟體Conti狼狽為奸,協助該組織後續索討贖金
https://reurl.cc/j15VR2
方便的 Google Play Store 安裝工具被發現惡意程式碼,幫忙竄改瀏覽器好讓 Windows 11 用戶連上詐騙網頁
https://www.kocpc.com.tw/archives/436715
駭客藉由提供Windows 11升級的名義來散布竊密軟體
https://www.bleepingcomputer.com/news/security/unofficial-windows-11-upgrade-installs-info-stealing-malware/
駭客建立Windows 11 下載偽官網,助你免費安裝客製「病毒化」Windows 11系統
https://www.techbang.com/posts/95710-security-personnel-discovered-a-new-fake-microsoft-win11
只要下載就會被盜!這款惡意軟體「偽裝成銀行APP」,連客服電話都是假的!
https://ebcbuzz.com/category/fun/new/244719
間諜軟體Pegasus又有新的受害者!英國政府遭到鎖定
https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/
惡意軟體Emotet攻擊行動再度急劇增加
https://www.bleepingcomputer.com/news/security/emotet-botnet-switches-to-64-bit-modules-increases-activity
殭屍網路BotenaGo變種病毒鎖定利凌視訊監視器下手
https://www.nozominetworks.com/blog/new-botenago-variant-discovered-by-nozomi-networks-labs/
資安業者提供勒索軟體「閰羅王」解密工具
http://support.kaspersky.com/8547
微軟成功接管 ZLoader 殭屍網路超過 400 個網域
https://technews.tw/2022/04/22/microsoft-successfully-takes-over-zloader-botnet/
勒索軟體鎖定農業合作社下手
https://www.ic3.gov/Media/News/2022/220420-2.pdf
勒索軟體Black Cat半年內已入侵逾60個組織
https://www.ic3.gov/Media/News/2022/220420.pdf
蠕蟲程式TeamTNT針對AWS、阿里雲發動攻擊
https://blog.talosintelligence.com/2022/04/teamtnt-targeting-aws-alibaba.html
駭客向其他網路罪犯免費提供竊密軟體Ginzo Stealer,疑似為了培養客群
https://www.gdatasoftware.com/blog/2022/03/ginzo-free-malware
兩勒索軟件組織發動今年首季逾半攻擊
https://www.wepro180.com/ransomware220422/
Kaspersky report on Emotet modules and recent attacks
https://securelist.com/emotet-modules-and-recent-attacks/106290/
Tough Times for Ukrainian Honeypot
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/tough-times-for-ukrainian-honeypot/
Lazarus Targets Chemical Sector
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
Zloader 2: The Silent Night
https://decoded.avast.io/vladimirmartyanov/zloader-the-silent-night/
https://blogs.microsoft.com/on-the-issues/2022/04/13/zloader-botnet-disrupted-malware-ukraine/
https://www.welivesecurity.com/2022/04/13/eset-takes-part-global-operation-disrupt-zloader-botnets/
"Haskers Gang" Introduces New ZingoStealer
https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html
Cyberattack on state organizations of Ukraine using the malicious program IcedID
https://cert.gov.ua/article/39609
Eagle Monitor RAT
https://blog.cyble.com/2022/04/18/under-the-lens-eagle-monitor-rat/
Peering into A PYSA Ransomware Attack
https://www.sentinelone.com/blog/from-the-front-lines-peering-into-a-pysa-ransomware-attack/
TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
https://www.cisa.gov/uscert/ncas/alerts/aa22-108a
A new type of malware from the Lazarus attack group that exploits the INITECH process
https://asec.ahnlab.com/ko/33706/
Malware Campaigns Targeting African Banking Sector
https://threatresearch.ext.hp.com/malware-campaigns-targeting-african-banking-sector/
Nobelium - Israeli Embassy Maldoc
https://inquest.net/blog/2022/04/18/nobelium-israeli-embassy-maldoc
Public Cloud Cybersecurity Threat Intelligence (202203)
https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/
An Investigation of the BlackCat Ransomware
https://reurl.cc/rD80yk
https://www.trendmicro.com/en_us/research/22/d/an-investigation-of-the-blackcat-ransomware.html
"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
https://isc.sans.edu/diary/rss/28568
New BotenaGo Variant Discovered
https://www.nozominetworks.com/blog/new-botenago-variant-discovered-by-nozomi-networks-labs/
Information Stealer Targets Crypto Wallets Via Fake Windows 11 Update
https://cloudsek.com/whitepapers_reports/information-stealer-targets-crypto-wallets-via-fake-windows-11-update/
Cyberattack on state organizations of Ukraine using the topic "Azovstal" and the malicious program Cobalt Strike Beacon
https://www.circl.lu/doc/misp/feed-osint/1b2b6e15-3655-4648-afcb-c93214187736.json
Prynt Stealer Spotted In the Wild
https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/
Warez users fell for Certishell
https://decoded.avast.io/danielbenes/warez-users-fell-for-certishell/
https://github.com/avast/ioc/blob/master/Certishell/samples.sha256
https://github.com/avast/ioc/blob/master/Certishell/samples.sha1
https://github.com/avast/ioc/blob/master/Certishell/network.txt
Nokoyawa Ransomware | New Karma/Nemty Variant Wears Thin Disguise
https://www.sentinelone.com/labs/nokoyawa-ransomware-new-karma-nemty-variant-wears-thin-disguise/
The ink-stained trail of GOLDBACKDOOR
https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report_-The-ink-stained-trail-of-GOLDBACKDOOR.pdf
Hive Ransomware Analysis
https://www.varonis.com/blog/hive-ransomware-analysis
Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-intense-campaign-ukraine
https://github.com/Symantec/threathunters/blob/main/Shuckworm/host
https://github.com/Symantec/threathunters/blob/main/Shuckworm/network
Hackers Sneak 'More_Eggs' Malware Into Resumes Sent to Corporate Hiring Managers
https://thehackernews.com/2022/04/hackers-sneak-moreeggs-malware-into.html
Researchers Share In-Depth Analysis of PYSA Ransomware Group
https://thehackernews.com/2022/04/researchers-share-in-depth-analysis-of.html
New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar
https://thehackernews.com/2022/04/new-solarmarker-malware-variant-using.html
New Hacking Campaign Targeting Ukrainian Government with IcedID Malware
https://thehackernews.com/2022/04/new-hacking-campaign-targeting.html
Hackers Sneak 'More_Eggs' Malware Into Resumes Sent to Corporate Hiring Managers
https://thehackernews.com/2022/04/hackers-sneak-moreeggs-malware-into.html
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
iPhone 網路不穩怎麼辦?10招解決網路變慢和上網不穩問題
https://mrmad.com.tw/iphone-network-instability-how-to-solve
Mac電腦的App Store市集出現騙錢軟體,不訂閱就無法關閉應用程式
https://reurl.cc/NA6OG5
「零點擊攻擊」讓手機躺著也中槍?還能成為全球各國大生意
https://www.bnext.com.tw/article/68371/dos-zero-click-attack
不受限制的信息平台:俄烏戰爭中的Telegram
https://cn.nytimes.com/world/20220419/russian-propaganda-telegram-ukraine/zh-hant/
蘋果開發新款HomePod!將與Apple TV和FaceTime相機結合
https://times.hinet.net/news/23868322
高通、聯發科晶片爆最新漏洞!主流 Android 手機幾乎全中標
https://3c.ltn.com.tw/news/48723
蘋果老舊 ALAC 格式有漏洞,卻危及高通、聯發科晶片手機
https://technews.tw/2022/04/22/apple-alac-qualcomm-mediatek/
高通與聯發科手機處理器晶片使用存在漏洞的聲音解碼器,恐波及三分之二安卓用戶
https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/
手機密碼「全面消失」!安卓1功能爆入侵危機 專家給答案
https://news.tvbs.com.tw/life/1773192
歐盟進一步推動以USB-C作為統一充電規格,預計2026年以前確定無線充電技術通用性
https://mashdigi.com/common-charger-meps-agree-on-proposal-to-reduce-electronic-waste/
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
黑帽公布2022年黑帽亞洲混合大會的主題演講貴賓名單
http://www.businesswirechina.com/hk/news/50257.html
「攻擊就是最好的防守!」拿下資安界奧斯卡獎的戴夫寇爾,如何解密網路戰爭背後的資安挑戰
https://buzzorange.com/techorange/2022/04/19/ppodcast-devcore-cyber-warfare/
76%台灣企業認為:未來12月內會被駭客攻擊得逞
https://udn.com/news/story/7240/6251055?from=udn-catelistnews_ch2
Trend Micro趨勢科技公布網路資安風險指標:台灣超過3/4企業機構認為自己在2022年有可能遭駭客入侵
https://zeekmagazine.com/archives/170223
呼籲企業應採用公開標準進行第三方網路資安風險量化評估
https://news.ebc.net.tw/news/living/313587
鼎峰亞太集團 呼籲公開標準進行第三方網路資安風險量化評估
https://money.udn.com/money/story/5635/6258432
遙距工作依賴雲端應用 資安風險靠SASE把關
https://www.18hall.com/sase/
疫情蔓延企業數位化轉型 DDoS資安威脅引起重視
https://www.storm.mg/localarticle/4295663
當心!駭客攻擊手法再創新 音訊檔「WAV」成犯罪工具
http://n.yam.com/Article/20220419863490
Okta公布Lapsus$駭客事件調查結果:只被駭了25分鐘
https://www.ithome.com.tw/news/150561
FBI警告:北韓駭客以拉撒路(Lazarus)為首,恐大量針對加密公司攻擊
https://www.horizonnextsumari.com/article/3815
慢霧:注意防範APT組織Lazarus Group駭客攻擊
https://news.cnyes.com/news/id/4855524?exp=a
美國揭露北韓駭客Lazarus攻擊區塊鏈業者手法
https://www.ithome.com.tw/news/150497
公民實驗室示警 英政府內部網路疑遭飛馬入侵
https://www.cna.com.tw/news/aopl/202204190278.aspx
駭客用盜來的OAuth權杖存取GitHub的私有儲存庫
https://www.ithome.com.tw/news/150462
攻擊者利用遭竊的OAuth憑證入侵NPM等數十個組織的GitHub
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/
親俄羅斯駭客集團 Conti 遭報復!烏籍研究員洩出大量內部對話、原始碼、營運資料
https://www.blocktempo.com/russian-ransomware-group-conti-hurt-by-leaks/
羞辱普丁 匿名者公佈俄國特務名單並攻擊石油相關產業
https://newtalk.tw/news/view/2022-04-19/741858
烏克蘭組網軍 施壓跨國企業撤出俄國
https://ec.ltn.com.tw/article/breakingnews/3899680
聲援烏克蘭的神秘駭客組織將推 GameFi?一款離線也獲取收益的區塊鏈資安概念遊戲
https://www.blocktempo.com/anonverse-gamefi-crypto-war-v/
俄烏苦戰敲響警鐘!日媒指陸被迫改攻台劇本 擴大核武力
https://news.tvbs.com.tw/politics/1770960
對抗飛彈最佳武器就是科技!31歲烏克蘭部長 率百人躲地窖打「第一次世界網路大戰」
https://udn.com/news/story/122663/6256349
俄媒意外曝光! 俄國防部公布俄軍死傷 網驚和烏克蘭戰報相符
https://news.ltn.com.tw/news/world/breakingnews/3902495
微軟Windows 再次受到中國Hafnium組織攻擊
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9808
美國政府表示朝鮮支持的駭客組織以加密和區塊鏈公司為攻擊目標
https://news.cnyes.com/news/id/4855435
英相官邸遭「間諜軟體」入侵、外交部也被駭 阿聯疑策畫
https://www.worldjournal.com/wj/story/121257/6252905
北約在俄烏戰爭背景下舉行「鎖盾」網絡安全演習
https://reurl.cc/yrgWW2
Experts Uncover Spyware Attacks Against Catalan Politicians and Activists
https://thehackernews.com/2022/04/experts-uncover-spyware-attacks-against.html
FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies
https://thehackernews.com/2022/04/fbi-us-treasury-and-cisa-warns-of-north.html
資安管理師
https://www.cakeresume.com/companies/presco-ws/jobs/information-security-manager?locale=fr
資安鑑識分析師
https://www.104.com.tw/job/5xtj0?jobsource=cs_custlist
網路資安解決方案工程師
https://www.104.com.tw/job/6hygw?jobsource=cs_custlist
資深網路資安解決方案工程師
https://www.104.com.tw/job/6hyog?jobsource=cs_custlist
資安檢測工程師
https://www.104.com.tw/job/64myq?jobsource=cs_custlist
ICS工控資安工程師 (工業控制系統)
https://www.104.com.tw/job/6j369?jobsource=cs_custlist
資安事件調查員
https://www.104.com.tw/job/6j3cl?jobsource=cs_custlist
資深網路安全工程師
https://www.104.com.tw/job/5xo6u?jobsource=cs_custlist
ICS工控資安工程師(資訊/資安)
https://www.104.com.tw/job/6ne28?jobsource=cs_custlist
資安系統工程師
https://www.104.com.tw/job/7m18m
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
Okta Says Security Breach by Lapsus$ Hackers Impacted Only Two of Its Customers
https://thehackernews.com/2022/04/okta-says-security-breach-by-lapsus.html
蘆竹傳「假警察、真碰瓷」團伙犯案 警關切原Po竟刪文
https://udn.com/news/amp/story/7320/6246848
公衛資安遭駭入?超過百萬個資被詐騙集團所接收
https://reurl.cc/QL3Nb0
美國警告鎖定T-Mobile用戶來的簡訊網釣攻擊
https://www.cyber.nj.gov/alerts-advisories/new-smishing-campaign-targets-t-mobile-customers
美國警告鎖定行動支付的網釣簡訊攻擊
https://www.ic3.gov/Media/Y2022/PSA220414
肉票變綁匪!不肖兒詐48萬贖金露餡 母崩潰
https://news.cts.com.tw/cts/society/202204/202204182077649.html
華人失業金遭盜刷 紐約布魯克林再爆多案
https://www.worldjournal.com/wj/story/121381/6249485
大馬才子來台收入歸零 4月初帳號還被盜
https://www.epochtimes.com/b5/22/4/19/n13715265.htm
強制全民參與研究,個資法默許-健保資料庫釋憲在即
https://www.civilmedia.tw/archives/110271
他回撥「蘋果來電」慘了!才2秒鐘 1900萬加密貨幣全被偷光
https://www.ettoday.net/news/20220421/2234959.htm
蘋果用戶提供驗證碼竟損失1900萬?資安專家揭網路詐騙新招
https://news.ltn.com.tw/news/world/breakingnews/3901639
嚴防認知作戰威脅 強化全民媒體識讀
https://www.ydn.com.tw/news/newsInsidePage?chapterID=1498675&type=forum
Whoscall警告假冒虛擬貨幣交易所釣魚簡訊連日來達上百封,成最新詐騙手法
https://www.techbang.com/posts/95784-attention-investors-phishing-newsletters-on-virtual-currency
多名網友PTT帳號被盜,疑似採用與其他網站服務相同的密碼,或使用不安全連線所致
https://www.facebook.com/PttTW/posts/10158226494581364
E.研究報告/工具
防駭客的基本認知 : 備份與還原
https://tech-blog.cymetrics.io/posts/nick/backup/
VPN在安全領域的使用優勢
https://qooah.com/2022/04/19/advantages-of-vpn-in-the-field-of-security/
免費的最貴?!VPN的安全危機
https://player.soundon.fm/p/8fdc3e51-8bfb-4bfa-9c65-8ea2ce5a6eb7/episodes/0912e433-7c6f-4414-9797-d19270e3c790
Automate Alert Triage and Response Tasks with Intezer EDR Connect
https://www.intezer.com/blog/incident-response/alert-triage-edr-integrations/?utm_medium=email&utm_source=hs_email
Why WAF and Firewall Solutions Will Not Help Against Third-Party Website Attacks
https://www.reflectiz.com/blog/why-your-web-application-firewall-waf-will-not-help-against-third-party-website-attacks/?utm_medium=paved
GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens
https://thehackernews.com/2022/04/github-notifies-victims-whose-private.html
Benchmarking Linux Security – Latest Research Findings
https://thehackernews.com/2022/04/benchmarking-linux-security-latest.html
Gatekeepers in Machine Learning
https://themeansquare.medium.com/gatekeepers-in-machine-learning-98375d1d6e90
How I’m using Machine Learning to Trade in the Stock Market
https://medium.com/analytics-vidhya/how-im-using-machine-learning-to-trade-in-the-stock-market-3ba981a2ffc2
Advanced exploratory data analysis (EDA) with Python
https://medium.com/epfl-extension-school/advanced-exploratory-data-analysis-eda-with-python-536fa83c578a
How to convert TensorFlow model and run it with OpenVINO™ Toolkit
https://medium.com/openvino-toolkit/how-to-convert-tensorflow-model-and-run-it-with-openvino-toolkit-519e4277ccdb
Blockchain layers (L0, L1, L2, L3) in a Diagram
https://medium.com/@nick.5montana/blockchain-layers-l0-l1-l2-l3-in-a-diagram-569162398db
Say goodbye to Let’s Encrypt, welcome Google-managed SSL certificates
https://xbery.medium.com/say-goodbye-to-lets-encrypt-welcome-google-managed-ssl-certificates-4d92831750e1
F.商業
FortiOS 7.2 新增超過 300 項功能,保護分散式基礎架構
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9811
Westcon-Comstor和 Broadcom 宣佈簽屬專屬 Symantec 銷售代理協議
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9810
思科:台灣企業平均花費200萬美元在隱私保護
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9815
台灣微軟藉 Azure HPC 助攻,加速鴻海人工智慧研究成果
https://technews.tw/2022/04/19/cooperation-between-microsoft-taiwan-and-hon-hai-in-artificial-intelligence/
新職缺顯示亞馬遜也計畫投入結合擴增實境、混合實境的元宇宙佈局
https://mashdigi.com/amazon-is-working-on-a-mysterious-ar-smart-home-product-according-to-job-listings/
資安威脅政府單位首當其衝,Openfind 提供縱深防禦方案
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9822
Palo Alto Networks 深度剖析2022 年勒索軟體威脅趨勢
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9829
偉康科技推雲端身分認證服務 以高規架構堅實資安防護網
http://n.yam.com/Article/20220422518121
偉康科技數位身份SaaS 助NPO建構主動資安防禦網
https://money.udn.com/money/story/11799/6258236
G.政府
華視新聞誤播台海戰爭快訊 緊急道歉召開自律委員會懲處
https://www.cna.com.tw/news/ahel/202204200044.aspx
誤報共軍襲台 鄭麗文:蔡政府先錄好,打算選前大賣芒果乾
https://www.storm.mg/article/4296731
調查局追華視誤植「導彈攻台」假訊息!2導播招:單純失誤
https://www.setn.com/News.aspx?NewsID=1103451
華視誤報「兩岸開戰」!調查局約談2導播 失誤原因曝光
https://tw.appledaily.com/life/20220421/D6RI26V6BRFOBGJQJSUZ6COV34/
華視誤播「新北市遭共軍導彈擊中」 調查局通知導播、字幕人員說明
https://newtalk.tw/news/view/2022-04-21/742683
華視導彈烏龍內幕曝光 調查局資安站第一時間趕抵查境外勢力
https://wantrich.chinatimes.com/news/20220421900356-420501
華視「導彈攻台」烏龍 法務部說話了!涉國安偵辦中
https://www.chinatimes.com/realtimenews/20220421002721-260407?chdtv
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
五眼聯盟警告俄羅斯駭客集團針對全球重大基礎設施展開報復性攻擊
https://www.ithome.com.tw/news/150539
美國CISA發布AA22-103A警報:關鍵基礎設施及製造業提防PLC被 Pipedream攻陷
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9813
疑報復經濟制裁,俄羅斯駭客鎖定全球關鍵基礎設施展開網路攻擊
https://www.cisa.gov/uscert/ncas/alerts/aa22-110a
保障IoT節點安全性的「硬」方法
https://www.eettaiwan.com/20220419nt31-securing-the-iot-technical-approaches-to-defend-and-protect-iot-nodes/
居家安裝室內監控鏡頭 小心家人影像駭客看光光
https://www.worldjournal.com/wj/story/121473/6252077
這款居家監控鏡頭有漏洞 駭客全看光 專家:軟體須定期更新
https://reurl.cc/WrLzzy
車用資安防衛戰開打!法遵尚且不足 台廠仍需努力
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=220&id=0000633036_7W61SE4K2S6TIX7WB9EPJ
奧義智慧攜手菱鏡 共建車聯網資安生態系
https://ctee.com.tw/industrynews/technology/631175.html
ASUS RT-AX88U - Format String
https://www.twcert.org.tw/tw/cp-132-6043-0f72c-1.html
I.教育訓練
中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班:全面招生中
https://www.cs.nycu.edu.tw/announcements/detail/8778
2022「證券期貨資訊安全實務養成課程」即日起開始報名
https://www.sfi.org.tw/news/news-7/3589
網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works)
https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw
不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書)
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html
【資安管理國際證照懶人包】學習心得、考試要點一次整理!2022 轉職夢幻工作看這篇
https://buzzorange.com/techorange/2021/12/30/isaca/
CISSP考試心得 – Benson
https://reurl.cc/GbWvxd
CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/
EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8
CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh
110年新進人員「校園資訊安全講座」教材
https://cc.nccu.edu.tw/p/406-1001-740,r18.php
【訓練教材D】資訊安全技術教育訓練教材
https://iscb.nchu.edu.tw/2019/07/d.html
109資通安全管理法數位教育訓練
https://reurl.cc/ARlmqp
110-1初級資訊安全工程師-資訊安全管理概論
https://yamol.tw/exam.php?id=104050
中大信息工程學系 栽培資訊科技領導人才
https://reurl.cc/ARZKDK
伊雲谷、中山大學產學合作 累積雲端資安人才能量
https://ctee.com.tw/industrynews/technology/587459.html
SANS Cyber Aces Online Tutorials
https://tutorials.cyberaces.org/tutorials.html
Free Online Cybersecurity Courses (MOOCs)
https://www.cyberdegrees.org/resources/free-online-courses/
Develop Your Cybersecurity Skills
https://www.cybrary.it/catalog/cybersecurity/
Mobile App Security
https://www.cybrary.it/course/mobile-app-security/
Introduction to Cybersecurity
https://reurl.cc/bnaj6d
How to Tackle SaaS Security Misconfigurations
https://thehackernews.com/2021/11/how-to-tackle-saas-security.html
How to Build a Security Awareness Training Program that Yields Measurable Results
https://thehackernews.com/2021/11/how-to-build-security-awareness.html
Common Attacks
https://choson.lifenet.com.tw/?p=1174
6.近期資安活動及研討會
Python 數據分析一日工作坊 - 電商、Airbnb分析實戰 2022/4/23
https://www.meetup.com/PyLadiesTW/events/284972118/
區塊鏈與智慧資安女力論壇 2022/4/24
https://isipevent.kktix.cc/events/e58d0573
沙崙資安基地 線上免費課程:【資產盤點暨風險評鑑實務】 2022/04/26
https://bit.ly/3KmFTqW
資通安全電腦稽核-防火牆管理查核實例演練~稽核最佳實務演練 2022/04/28
https://www.acl.com.tw/news/news_display.php?id=1802
SEMI E187設備資安標準導入與實務研討會 2022/4/29
https://www.semi.org/zh/cybersecurity-standards-seminar
「資安鑑識課程-系列Ⅰ初級課程:資安科技基礎養成:滑鼠鍵盤敲起來【從密碼到資安】」線上研習 2022/4/29
https://docs.google.com/forms/d/1yS8JontNqGinMYUOaYj9aQ-Ov92yda7eFldgjotOAUs
K12的科技教育-除了程式還可以教什麼 2022/5/9
https://www.meetup.com/rladies-taipei/events/284421238/
元智資工高中生短期資訊課程-微插電資安體驗工作坊 2022/5/14
https://cse-yzu.kktix.cc/events/yzcs7
資安政策法規標準 2022/5/25 ~ 2022/5/26
https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19873
資訊安全系列課程系列九:機器學習與資安異常診斷實務(第1期) 2022/6/7
https://www.tabf.org.tw/CourseDetail.aspx?PID=487302
駭客奪旗攻防演練:金融資安人才養成專班(第1期) 2022/04/28~2022/06/09
https://www.tabf.org.tw/CourseDetail.aspx?PID=487750
國家高速網路與計算中心教育訓練 「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=homepage
風險導向資安稽核 2022/7/20
https://www.cisanet.org.tw/Course/Detail/2756
沒有留言:
張貼留言