資安事件新聞週報 2022/4/25 ~ 2022/4/29
1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布更新以解決多個產品的安全性弱點
https://tools.cisco.com/security/center/publicationListing.x
惡意軟體檢測平臺VirusTotal出現RCE漏洞
https://www.cysrc.com/blog/virus-total-blog/
仍有大量用戶使用存在Log4Shell漏洞的Log4j
https://www.rezilion.com/log4shell-4-months-later/
又有駭客鎖定4月初VMware公布身分驗證系統的漏洞,發動惡意軟體攻擊
https://blog.morphisec.com/vmware-identity-manager-attack-backdoor
Iranian Hackers Exploiting VMware RCE Bug to Deploy 'Core Impact' Backdoor
https://thehackernews.com/2022/04/iranian-hackers-exploiting-vmware-rce.html
Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers
https://thehackernews.com/2022/04/microsoft-azure-vulnerability-exposes.html
威聯通呼籲用戶停用AFP通訊協定,避免NAS遭到Netatalk元件的漏洞波及
https://www.qnap.com/zh-tw/security-advisory/qsa-22-12
Linux弱點Nimbuspwn可被攻擊者用於提升權限
https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with Known Vulnerabilities
https://www.ibm.com/support/pages/node/6574787?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
(CVE-2022-22345, CVE-2020-8022, CVE-2021-33813, CVE-2020-9488)
https://www.ibm.com/support/pages/node/6574453?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
Security Bulletin: Multiple vulnerabilities in Linux Kernel affect
IBM QRadar SIEM (CVE-2021-22543, CVE-2021-3653, CVE-2021-3656, CVE-2021-37576)
https://www.ibm.com/support/pages/node/6576215?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
Everything you need to know to create a Vulnerability Assessment Report
https://thehackernews.com/2022/04/everything-you-need-to-know-to-create.html
NPM弱點可讓駭客為套件任意新增維護者,嫁禍他人
https://blog.aquasec.com/npm-package-planting
NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages
https://thehackernews.com/2022/04/npm-bug-allowed-attackers-to-distribute.html
Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability
https://thehackernews.com/2022/04/atlassian-drops-patches-for-critical.html
7-Zip 被爆零日漏洞,攻擊者可提權並執行程式碼
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9819
Drupal 近日發布更新以解決產品的安全性弱點
https://www.drupal.org/sa-core-2022-009
2.銀行/金融/保險/證券/支付系統/金融監理 新聞及資安
台灣的銀行業務效率超低?BBC專文探討:彷彿回到1980年代
https://times.hinet.net/news/23882201
不是專業證照|金融業徵才 這張最重要
https://www.appledaily.com.tw/gadget/20220429/Z5LDRNGTZVFA3FBYDQUTVZWQ5M/
金融業求才若渴 會外語、懂資安最吃香
https://www.epochtimes.com/b5/22/4/29/n13723513.htm
手機報稅2.0,掃臉、按指紋就能直接報稅!金融業都導入的FIDO是什麼
https://www.bnext.com.tw/article/68897/cathay-holdings-fido
金管會開放證券期貨業資料共享 首案採核准制
https://www.cna.com.tw/news/afe/202204280388.aspx
架設10G高速光纖網路 彰銀建置自動化攻擊防護系統
https://reurl.cc/k1L25x
3.電子支付/行動支付/pay/資安
手機報稅刷哪張卡,哪種Pay最划算?電支、銀行優惠懶人包來了
https://www.bnext.com.tw/article/68839/file-taxes-discount
有圖!13個App、3行動支付可手機繳稅 郵局要繞道台灣Pay
https://finance.ettoday.net/news/2232729
全盈支付一上線就有1萬家店!全家如何說服玉山、網家、全聯結盟
https://www.cw.com.tw/article/5120942?template=transformers
非現金交易 行動支付占45%最高
https://ec.ltn.com.tw/article/paper/1510830
蘋果涉壟斷 歐盟再提訴訟
https://reurl.cc/6ZDML5
電子支付、禁入醫院 外送國家隊將成軍
https://reurl.cc/Xjlg5a
防疫減少現金交易議員:推電子支付
https://reurl.cc/M0kgXm
3家第三方支付快被金管會納管! 去年代收付款日均額超過10億
https://finance.ettoday.net/news/2233406
日本Uber Eats攜手樂天 將可使用樂天Pay電子支付服務
https://news.cnyes.com/news/id/4854994
4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約 資安
Critical Bug in Everscale Wallet Could've Let Attackers Steal Cryptocurrencies
https://thehackernews.com/2022/04/critical-bug-in-everscale-wallet.html
幣託交易所追求永續 用戶資產與個資安全為先
https://news.cnyes.com/news/id/4860601
跨國元宇宙智庫成立 期盼就科技治理規範凝聚國際共識
https://times.hinet.net/news/23888166
資安廠商發現漏洞後,Everscale 區塊鏈關閉其 web 版加密貨幣錢包
https://reurl.cc/A7RYxY
無聊猿猴IG帳號遭駭,駭客盜走粉絲近3百萬美元的NFT
https://www.ithome.com.tw/news/150623
Coinbase印度擴展受阻 盧比電子支付被國家機器終止
https://reurl.cc/k1L2qG
電子支付最後一哩路 央行數位貨幣見雛形
https://vip.udn.com/vip/story/121938/6262361
如何替加密貨幣訂出價值
https://www.ithome.com.tw/article/150702
DEUS Finance 遭攻擊、駭客竊走 1340 萬美元,代幣暴跌13%
https://www.blocktempo.com/derivatives-platform-deus-finance-exploited-for-13m/
加密貨幣背後的故事系列
https://vocus.cc/article/626a9cc6fd89780001835e49
帶動NFT熱潮再起,STEPN跑步賺幣,跑1天賺千元
https://www.gvm.com.tw/article/89419
以太坊共識層存款合約地址ETH餘額突破1200萬枚,已超當前ETH總量的 10%
https://news.cnyes.com/news/id/4861341
NFT遊戲183億加密貨幣失竊 FBI控北韓駭客犯案
https://news.tvbs.com.tw/world/1774272
史上最大加密幣竊盜案之一:北韓駭客盜走6億美元,投資人學到什麼教訓
https://www.storm.mg/lifestyle/4307830?page=1
Parity多簽錢包部分2017年被盜資金被轉入Tornado Cash
https://news.cnyes.com/news/id/4861947
派盾:DEUS Finance遭到攻擊,駭客獲利約1340萬美元
https://news.cnyes.com/news/id/4860497
Sky Mavis:長期目標是將網路驗證節點數量增加至超過 100 個
https://news.cnyes.com/news/id/4860349
「神鬼駭客」史諾登親自證實!他曾協助創建隱私幣 Zcash
https://blockcast.it/2022/04/28/edward-snowden-played-a-secret-role-in-the-creation-of-zcash/
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
駭客利用IE漏洞投放竊密軟體RedLine
https://www.bitdefender.com/blog/labs/redline-stealer-resurfaces-in-fresh-rig-exploit-kit-campaign/
俄羅斯駭客鎖定電信業者散布惡意軟體DarkWatchman
https://securityintelligence.com/posts/hive00117-fileless-malware-delivery-eastern-europe/
勒索軟體Onyx鎖定大型檔案進行破壞
https://www.bleepingcomputer.com/news/security/psa-onyx-ransomware-destroys-large-files-instead-of-encrypting-them/
勒索軟體Black Basta很有可能是Conti另起爐灶
https://www.bleepingcomputer.com/news/security/new-black-basta-ransomware-springs-into-action-with-a-dozen-breaches/
研究人員揭露Conti新的惡意軟體Bumblebee
https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
美國牙醫協會遭到勒索軟體Black Basta攻擊
https://www.bleepingcomputer.com/news/security/american-dental-association-hit-by-new-black-basta-ransomware/
北韓駭客利用惡意軟體Goldbackdoor攻擊記者
https://stairwell.com/news/threat-research-the-ink-stained-trail-of-goldbackdoor/
AWS雲端服務的Log4Shell漏洞曾出現修補不全的狀況、勒索軟體REvil疑死灰復燃
https://reurl.cc/413723
擴散速度超快的「量子」勒索軟體 不用4小時就感染全網域
https://reurl.cc/NAZd19
An Overview of the Increasing Wiper Malware Threat
https://www.fortinet.com/blog/threat-research/the-increasing-wiper-malware-threat
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
https://reurl.cc/RrbmLe
Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage
This isn't Optimus Prime's Bumblebee but it's Still Transforming
https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
Destructive Malware Targeting Organizations in Ukraine
https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
Qakbot Observed IOC - 2022-04-27
https://otx.alienvault.com/pulse/6269a15092a9c062b1c1f3f2
APT attack on a telecommunications company in Kazakhstan
https://st.drweb.com/static/new-www/news/2022/march/telecom_research_en.pdf
The ink-stained trail of GOLDBACKDOOR
https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf
Quantum Ransomware
https://thedfirreport.com/2022/04/25/quantum-ransomware/
Comprehensive Threat Intelligence: TeamTNT targeting AWS, Alibaba
https://blog.talosintelligence.com/2022/04/teamtnt-targeting-aws-alibaba.html
Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild
https://thehackernews.com/2022/04/cybercriminals-using-new-malware-loader.html
New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer
https://thehackernews.com/2022/04/new-rig-exploit-kit-campaign-infecting.html
Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware
https://thehackernews.com/2022/04/chinese-hackers-targeting-russian.html
Emotet Testing New Delivery Ideas After Microsoft Disables VBA Macros by Default
https://thehackernews.com/2022/04/emotet-testing-new-delivery-ideas-after.html
Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak
https://thehackernews.com/2022/04/gold-ulrick-hackers-still-in-action.html
North Korean Hackers Target Journalists with GOLDBACKDOOR Malware
https://thehackernews.com/2022/04/north-korean-hackers-target-journalists.html
New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices
https://thehackernews.com/2022/04/new-botenago-malware-variant-targeting.html
FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide
https://thehackernews.com/2022/04/fbi-warns-of-blackcat-ransomware-that.html
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
Twitter's New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal
https://thehackernews.com/2022/04/twitters-new-owner-elon-musk-wants-dms.html
Google's New Safety Section Shows What Data Android Apps Collect About Users
https://thehackernews.com/2022/04/googles-new-safety-section-shows-what.html
蘋果被App開發商爆料!強迫30天內更新App否則永久下架
https://times.hinet.net/news/23881507
IG用戶注意!出現這2情況 恐有重大危機
https://reurl.cc/DyZE7d
夏威夷航空宣布成為第一家採用Starlink衛星連網服務的航空業者
https://mashdigi.com/hawaiian-airlines-to-offer-free-high-speed-starlink-internet-connectivity-on-transpacific-fleet/
高通、聯發科音訊解碼器有漏洞! Android手機沒更新恐被駭
https://www.ettoday.net/news/20220428/2240064.htm
Check Point Research:全球三分之二 Android 使用者恐面臨隱私洩露風險
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9839
Apple 自助維修計劃正式在美國上線
https://hypebeast.com/zh/2022/4/apple-launches-diy-device-repair-service
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
日神社推「IT界專屬護身符」 保佑電腦遠離中毒hang機惡運
https://reurl.cc/e3mAKm
駭客戳破謊言,大疆承認旗下產品資料傳輸沒加密
https://technews.tw/2022/04/29/dji-admitted-its-drones-are-not-encrypted/
上市櫃公司年報揭露資安作為,已有台積電、京城銀十多家企業公布
https://www.ithome.com.tw/news/150630
北市線上教學平臺酷課雲遭DDoS攻擊而停擺
https://tw.appledaily.com/life/20220426/KVUUKSFXO5AN5G7OQNCJAMVHQA/
駭客發動大規模的HTTPS加密流量DDoS攻擊
https://blog.cloudflare.com/15m-rps-ddos-attack/
全球約六分之一組織成為SpringShell攻擊目標
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9834
台灣資安主管聯盟正式成軍 產官學研界齊讚聲
https://udn.com/news/amp/story/7239/6276321
台灣資安主管聯盟成軍 盼縮小4萬人才缺口
https://reurl.cc/Lm7qEX
台灣資安主管聯盟成立 3年強化企業防護架構
https://ec.ltn.com.tw/article/breakingnews/3908938
因應資安成公司治理重要指標,14家上市櫃公司共同發起「臺灣資安主管聯盟」
https://www.youtube.com/watch?v=1Kyr-wyPyuU
糗了!台灣資安主管聯盟成立大會視訊斷線 唐鳳笑回這也算資安
https://ec.ltn.com.tw/article/breakingnews/3908781
中共滲透東南亞和在美間諜活動 同期被示警
https://www.epochtimes.com/b5/22/4/27/n13721723.htm
90後女生自述: 傳播翻牆了解的真相 遭中共威脅恐嚇
https://www.soundofhope.org/post/616246?lang=b5
戰爭未必有煙硝味…你手中的貨幣可能是他國的武器 若中國人行這樣做,恐成台灣威脅
https://www.businesstoday.com.tw/article/category/183025/post/202204280033/
德國多家風力發電廠遭到網路攻擊,疑與俄羅斯駭客有關
https://www.ithome.com.tw/news/150625
情報單位、谷歌發警告:美遭惡劣網攻 中國威脅最大
https://www.worldjournal.com/wj/story/121186/6276511
美國懸賞千萬美元追捕Sandworm駭客
https://www.ithome.com.tw/news/150654
美國務院懸賞千萬美金 抓捕六名俄羅斯駭客
https://www.soundofhope.org/post/615892?lang=b5
中國駭客Mustang Panda鎖定俄羅斯政府官員發動網釣攻擊
https://www.secureworks.com/blog/bronze-president-targets-russian-speakers-with-updated-plugx
駭客近半年來針對印度石油公司攻擊逾36萬次
https://www.livemint.com/technology/cyberattacks-rise-at-oil-firms-as-hackers-step-up-their-game-11650649127129.html
普丁把烏克蘭當成網攻的遊樂場?地緣政治資訊實戰
https://gvlf.gvm.com.tw/article/89393
俄大量網攻擾亂烏政軍經體系
https://www.ydn.com.tw/news/newsInsidePage?chapterID=1500107
自俄烏開戰以來,至少有6個俄羅斯駭客集團針對烏克蘭發動逾200次攻擊
https://www.ithome.com.tw/news/150664
從烏克蘭戰爭開戰至今,俄羅斯駭客已攻擊烏克蘭237次
https://blogs.microsoft.com/on-the-issues/2022/04/27/hybrid-war-ukraine-russia-cyberattacks/
微軟報告:俄羅斯武攻、網攻齊下 烏克蘭防禦力超預期
https://udn.com/news/story/122663/6276513?from=udn-catelistnews_ch2
WordPress網站再度成為駭客攻擊烏克蘭的工具,被用於感染用戶電腦發動DDoS攻擊
https://www.bleepingcomputer.com/news/security/ukraine-targeted-by-ddos-attacks-from-compromised-wordpress-sites/
涉為北韓竊情報 南韓1名現役軍人與1名商人落網
https://www.cna.com.tw/news/aopl/202204290200.aspx
兩名韓國公民因幫助間諜獲取軍事機密而被指控
https://news.cnyes.com/news/id/4861619
南韓斬首部隊向北韓駭客洩密!收受巨額虛擬貨幣 駭取軍事情報
https://www.ettoday.net/news/20220430/2241056.htm
T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code
https://thehackernews.com/2022/04/t-mobile-admits-lapsus-hackers-gained.html
Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System
https://thehackernews.com/2022/04/microsoft-discovers-new-privilege.html
Microsoft Documents Over 200 Cyberattacks by Russia Against Ukraine
https://thehackernews.com/2022/04/microsoft-documents-over-200.html
Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group
https://thehackernews.com/2022/04/experts-detail-3-hacking-teams-working.html
Indian Govt Orders Organizations to Report Security Breaches Within 6 Hours to CERT-In
https://thehackernews.com/2022/04/indian-govt-orders-organisations-to.html
U.S. Offers $10 Million Bounty for Information on 6 Russian Military Hackers
https://thehackernews.com/2022/04/us-offers-10-million-bounty-for.html
資安工程師
https://www.104.com.tw/job/7m7x7
【Architect】Linux資安研發工程師
https://www.cakeresume.com/companies/teamt5-org-tw/jobs/dcf3c5?locale=zh-TW
資安工程師
https://hunter.104.com.tw/zh-cn/job/FG00005249
資安經理/副理 (跨國金控)
https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E7%B6%93%E7%90%86-%E5%89%AF%E7%90%86-%E8%B7%A8%E5%9C%8B%E9%87%91%E6%8E%A7-at-michael-page-3035616932/?originalSubdomain=tw
資安實習工程師
https://www.104.com.tw/job/7m9wu
資安工程師(駐點基隆)
https://www.104.com.tw/job/7mcik
資安開發工程師-ACSI
https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E9%96%8B%E7%99%BC%E5%B7%A5%E7%A8%8B%E5%B8%AB-acsi-at-acer-3050940666/?originalSubdomain=tw
資安服務工程師_某知名公司 (3005192)
https://headhunt.com.tw/Pages/job-description.aspx?id=3005192
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
駭客冒充執法官員竊取數據誘騙勒索!眾多科技巨頭受害
https://times.hinet.net/news/23884072
網傳網址「蔡英文的最新投資讓專家們感到敬畏,也讓大銀行產生恐慌」、「儘管不知道麥克風已經打開,但她的言論震驚了世界」
https://tfc-taiwan.org.tw/articles/7271
想刪除網路「隱私資訊」怎辦?Google:2條件優先
https://news.ebc.net.tw/news/living/314792
維護用戶隱私!Google宣布:允許刪除個人敏感資訊
https://times.hinet.net/news/23886314
駭侵團體宣稱駭入可口可樂,竊得大量機敏資訊
https://www.twcert.org.tw/tw/cp-104-6078-825c8-1.html
駭客組織聲稱入侵可口可樂,竊得161 GB資料
https://www.bleepingcomputer.com/news/security/coca-cola-investigates-hackers-claims-of-breach-and-data-theft/
北投麗禧酒店疑客戶個資外洩 買溫泉券竟被詐騙歹徒盯上成肥羊
https://beanfun.com/articles/detail/1518936108895834112?country=tw&site=446
在咖啡廳工作也會被竊取資料?公共 Wi-Fi 釀資安風險,用關鍵步驟加值個資保護層
https://buzzorange.com/techorange/2022/04/27/wife-infor/
美國法官下令,Uber提交2016年數據洩露事件相關記錄
https://news.knowing.asia/news/4600ba2f-15e1-4267-b4f3-b37491b5a71e
網路釣魚假冒 Facebook 攻擊手法翻新!防範臉書帳密遭盜用3招破解
https://3c.ltn.com.tw/news/48835
復仇者聯盟臥底阻詐騙 香港仙股投資群組藏陷阱
https://times.hinet.net/news/23889203
E.研究報告/工具
所有人的零信任:實用指南
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9835
既有法遵面臨挑戰 雲世代資安長如何應對
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000634213_DSW3A9HZ0TK4SM4Q3M2OK
傳統網路顯露疲態 SDN開啟下世代網路新革命
https://reurl.cc/A7RYmp
資安學習路上-怎麼開始的
https://www.potatomedia.co/post/68fa09d2-6a9f-411a-88ad-3b2a33771b33
資安長 (CISO) 該擔心的不只資料外洩或勒索病毒, 別忽略「礦坑的金絲雀」-加密貨幣挖礦
https://blog.trendmicro.com.tw/?p=71910
為何資安與 DevOps 的協作如此重要
http://www.omniwaresoft.com.tw/product-news/elastic-news/how-to-build-collaboration-across-security-and-devops/
Shiro550反序列化漏洞分析
https://mp.weixin.qq.com/s?__biz=Mzg2NjU0MjA0Ng==&mid=2247485888&idx=1&sn=71385d297e97bf118f50334664be9f31
滲透測試|記一次bypass拿下主機過程
https://mp.weixin.qq.com/s?__biz=MzkwMDMxMzIzNA==&mid=2247488932&idx=1&sn=281c267970f5c0bceaefc111827827ed
Surfshark 提供 12 個方法加強資安防止智慧型電視不被駭客入侵,或者被監視
https://iqmore.tw/surfshark-smart-tv-vpn-news
The 6 Cybersecurity Certifications You Must know About
https://blog.magda-on-cyber.com/the-5-cybersecurity-certifications-you-must-know-about-ebd4c37b02b7
Top 15 IT Certifications in 2022
https://arctutorials.medium.com/top-15-it-certifications-in-2022-97a1538f7c81
20 Linux commands that every Computer Science Engineer must know
https://medium.com/@SingaramPalaniappan/20-linux-commands-that-every-computer-science-engineer-must-know-dc022674e0ee
10 Hardest Python Questions
https://medium.com/@saint_sdmn/10-hardest-python-questions-98986c8cd309
Bypassing Login Page in 2 Mins
https://aravind07.medium.com/bypassing-login-page-in-2-mins-5b773d46f4d
Remove the if-else hell
https://medium.com/javarevisited/remove-the-if-else-hell-java-7927194bd2e
Say goodbye to Let’s Encrypt, welcome Google-managed SSL certificates
https://xbery.medium.com/say-goodbye-to-lets-encrypt-welcome-google-managed-ssl-certificates-4d92831750e1
Comments: How Google Developers write their comments
https://paigeshin1991.medium.com/comments-how-google-developers-write-their-comments-5443657ecc4b
From File Upload to Command Injection to AWS compromise
https://systemweakness.com/from-file-upload-to-command-injection-to-aws-compromise-e937271bff2e
BITB (browser in the browser)Attack
https://infosecwriteups.com/bitb-browser-in-the-browser-attack-e2008c405701
8 Visual Studio Code extensions: I’m in Love with
https://medium.com/codex/8-visual-studio-code-extensions-im-in-love-with-4d07786801cc
Dependency Inversion Principle: How Google Developers write code
https://paigeshin1991.medium.com/dependency-inversion-principle-how-google-developers-write-code-f6cbd3b530a6
How I Got an Interview with Microsoft
https://medium.com/@gertrude.kaneah.abagale/how-i-got-an-interview-with-microsoft-ccd6d37a3d87
My Raspberry Pi + ESP32 drone (or my first steps into robotics)
https://medium.com/@tohntobshi/my-raspberry-pi-esp32-drone-or-my-first-steps-into-robotics-64c7e35b4777
Microservices Design Patterns
https://learncsdesign.medium.com/microservices-design-patterns-91fe56a33a47
7 (Extreme) Performance Tips in JavaScript
https://towardsdev.com/7-extreme-performance-tips-in-javascript-1544b3a9d03d
How to Create One-Page Reports With Python
https://python.plainenglish.io/one-page-reports-with-python-adf58432ae46
Becoming a “real” data analyst
https://towardsdatascience.com/becoming-a-real-data-analyst-dcaf5f48bc34
3 Web Observers Every Web Developer Should Know
https://levelup.gitconnected.com/3-web-observers-every-web-developer-should-know-c2f65302b5df
I Switched Password Managers and It Changed Everything
https://medium.com/macoclock/i-switched-password-managers-and-it-changed-everything-9b0417fe64a
Git commands nobody has told you
https://bootcamp.uxdesign.cc/git-commands-nobody-has-told-you-cd7025bea8db
Valuable GitHub Repositories for Beginner Developer’s
https://vatsalchauhan.medium.com/valuable-github-repositories-for-beginner-developers-f59d2a453902
Automate WhatsApp Messages with Python in 3 Steps
https://towardsdatascience.com/automate-whatsapp-messages-with-python-in-3-steps-d64cf0de4539
F.商業
Palo Alto Networks 深度剖析2022 年勒索軟體威脅趨勢
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9829
F5:台灣對IT/OT、零信任和威脅情報技術整合最感興趣
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9826
Menlo雲端安全防護平台確保行動辦公安全
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9832
偉康科技擴張數位身份SaaS市場版圖,助NPO整合平台建構資安防禦網
https://www.techbang.com/posts/95796-webcomm-successfully-expands-the-digital-identity-saas-market
中華電信前進Secutech 2022 打造跨域智慧安全平台
https://udn.com/news/story/7240/6268740
東捷提供整合管理平台 為製造業打造靈活供應鏈生態系
https://udn.com/news/story/7240/6268643
應用程式更易招入侵 Synopsys三招「源頭保護」免程式被黑客控制
https://www.wepro180.com/synopsys220331/
SailPoint:做好身分帳號管理才能做好企業資安
https://today.line.me/tw/v2/article/eLaXgPO
逾9成資安破口來自身分!SailPoint用AI提高身分安全管理,瞄準金融、供應鏈需求
https://www.bnext.com.tw/article/68854/sailpoint-iam
領先全球!Fortinet 連續 9 年居全球資安設備出貨量之冠
https://www.thehubnews.net/archives/96856
安碁資訊獨董 提名李紀珠
https://www.sinotrade.com.tw/richclub/news/62697d995e4b846361c7ae19
趨勢科技整合產業技術推出Trend Micro One網路資安平台
https://www.techbang.com/posts/95865-trend-micro-launches-trend-micro-one-platform
CyberArk調查報告指出暴漲的數位身分導致「資安債」持續擴大
http://www.compotechasia.com/a/press/2022/0428/51060.html
Nozomi Networks成為CISA首家資安合作夥伴
https://ctee.com.tw/industrynews/technology/635734.html
漏洞管理解決方案業者Tenable買下外部攻擊面管理廠商Bit Discovery
https://www.tenable.com/press-releases/Tenable-Agrees-To-Acquire-Bit-Discovery
Radware 推出Terabit 等級 DDoS 緩解平台: DefensePro 800
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9838
中華電信佳績頻傳 再度蟬聯臺灣證券交易所公司治理評鑑Top 5%
https://times.hinet.net/news/23887634
耀睿引進中華電信核心網路 率台灣O-RAN生態系邁大步
https://www.moneyweekly.com.tw/ArticleData/Info/Article/80590
訊連加入FIDO聯盟 強化生物辨識技術
https://wantrich.chinatimes.com/news/20220428900778-420101
微軟測試將 VPN 安全網路深度導入 Edge 瀏覽器
https://www.kocpc.com.tw/archives/438184
G.政府
華視「共軍開戰」出包案 調查局「災防法」報北檢指揮偵辦
https://www.setn.com/News.aspx?NewsID=1106410
掰了實聯制!防疫邁入下一階段 蔡英文:展現台灣堅強韌性
https://www.setn.com/News.aspx?NewsID=1107457
簡訊實聯制取消 台中副市長、經發局長竟未用社交距離APP
https://newtalk.tw/news/view/2022-04-28/746514
社交距離APP 議場備詢官員僅1/3下載
https://news.ltn.com.tw/news/life/paper/1514428
劉櫂豪要求NCC嚴懲華視重大疏失 重視假訊息防範 加強無人機連網資安
https://www.ly.gov.tw/Pages/Detail.aspx?nodeid=38917&pid=219145
資通安全網路月報(111年3月)
https://nicst.ey.gov.tw/Page/8770AD7511CB8DC9/86891dc5-377f-4aad-ac4c-20a5eaa101ee
府遭駭變偽文件照劇本走 但時間序難辨真假分不清
https://rwnews.tw/Article/Detail/3481
終結總統府駭客電郵風暴 北檢「查無入侵來源」低調簽結
https://rwnews.tw/Article/Detail/3479
蔡英文連任就職前夕驚魂 連三封電郵挑動綠營內鬥敏感神經
https://rwnews.tw/Article/Detail/3480
新北線上疫調驚見正妹照? 衛生局:惡意轉傳重罰
https://www.ftvnews.com.tw/news/detail/2022429S08M1
快篩實名系統異常!單號今賣出3092份 陳時中:不會要求退貨
https://www.upmedia.mg/news_info.php?Type=24&SerialNo=143636
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
奧義智慧聯手菱鏡,共建車聯網資安生態系
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9831
Arm全方位物聯網解方亮相 加速產品開發流程
https://www.mem.com.tw/arti.php?sn=2204270007
Arm發表Cortex-M85微處理器,強化物聯網全面解決方案提升產品研發效率
https://www.techbang.com/posts/95883-arm-cortex-m85
車聯網興起但消費者付費意願低
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=220&id=0000634238_3TH3FAG02KYM5C97B17CX
Alert (AA22-103A) APT Cyber Tools Targeting ICS/SCADA Devices
https://www.cisa.gov/uscert/ncas/alerts/aa22-103a
I.教育訓練
中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班:全面招生中
https://www.cs.nycu.edu.tw/announcements/detail/8778
2022「證券期貨資訊安全實務養成課程」即日起開始報名
https://www.sfi.org.tw/news/news-7/3589
網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works)
https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw
不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書)
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html
【資安管理國際證照懶人包】學習心得、考試要點一次整理!2022 轉職夢幻工作看這篇
https://buzzorange.com/techorange/2021/12/30/isaca/
CISSP考試心得 – Benson
https://reurl.cc/GbWvxd
CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/
EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8
CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh
110年新進人員「校園資訊安全講座」教材
https://cc.nccu.edu.tw/p/406-1001-740,r18.php
【訓練教材D】資訊安全技術教育訓練教材
https://iscb.nchu.edu.tw/2019/07/d.html
109資通安全管理法數位教育訓練
https://reurl.cc/ARlmqp
110-1初級資訊安全工程師-資訊安全管理概論
https://yamol.tw/exam.php?id=104050
中大信息工程學系 栽培資訊科技領導人才
https://reurl.cc/ARZKDK
伊雲谷、中山大學產學合作 累積雲端資安人才能量
https://ctee.com.tw/industrynews/technology/587459.html
SANS Cyber Aces Online Tutorials
https://tutorials.cyberaces.org/tutorials.html
Free Online Cybersecurity Courses (MOOCs)
https://www.cyberdegrees.org/resources/free-online-courses/
Develop Your Cybersecurity Skills
https://www.cybrary.it/catalog/cybersecurity/
Mobile App Security
https://www.cybrary.it/course/mobile-app-security/
Introduction to Cybersecurity
https://reurl.cc/bnaj6d
How to Tackle SaaS Security Misconfigurations
https://thehackernews.com/2021/11/how-to-tackle-saas-security.html
How to Build a Security Awareness Training Program that Yields Measurable Results
https://thehackernews.com/2021/11/how-to-build-security-awareness.html
Common Attacks
https://choson.lifenet.com.tw/?p=1174
6.近期資安活動及研討會
從Python到TensorFlow線上讀書會-Python基礎導讀(7) -第七章 tuple與串列 2022/5/3
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/284265348/
資安社 - 大學之道: 新興資安威脅下的主動出擊-淺談 Honeynet 誘捕技術 2022/5/4
https://nsysuisc.kktix.cc/events/20220504
Android Code Club(Taipei) 2022/5/4
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/285269125/
SyntaxError 2022/5/4
https://www.meetup.com/pythonhug/events/285269148/
HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2022/5/5
https://www.meetup.com/hackingthursday/events/285290707/
【資安系列講座】去中心化神話也暗藏危機? 區塊鏈安全線上講座 2022/5/7
https://hackersir.kktix.cc/events/20220507blockchain
Scala Taiwan Mokumoku #15 2022/5/7
https://www.meetup.com/Scala-Taiwan-Meetup/events/285310131/
Just a chat - with no Expectations 2022/5/7
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/285326731/
Empowering Yourself, Empowering Others | 一場蛻變的旅程 | Part 1 2022/5/8
https://www.meetup.com/Women-Who-Code-Taipei/events/285321784/
K12的科技教育-除了程式還可以教什麼 2022/5/9
https://www.meetup.com/rladies-taipei/events/284421238/
資安社 - 大學之道: 數位時代的資安素養入門-認識資安搶旗賽、參賽經驗分享 2022/5/11
https://nsysuisc.kktix.cc/events/20220511ctf
沙崙資安基地 線上免費資安課程 個人資料盤點暨風險評鑑實務 2022/5/12
https://bit.ly/3kcdoRg
Taipei Creative Coders Meetup #17 2022/5/13
https://www.meetup.com/tpecreativecoders/events/285540074/
元智資工高中生短期資訊課程-微插電資安體驗工作坊 2022/5/14
https://cse-yzu.kktix.cc/events/yzcs7
沙崙資安基地 線上免費資安課程 多的是你不知道的事-揭秘OSINT 2022/5/24
https://bit.ly/3vDkjYO
釣魚釣魚釣到你_白帽駭客教你如何利用人性弱點突破防禦 2022/5/25
http://www.cs.thu.edu.tw/web/news/detail.php?id=4129
資安政策法規標準 2022/5/25 ~ 2022/5/26
https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19873
國家高速網路與計算中心教育訓練 「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=course_index
資訊安全系列課程系列九:機器學習與資安異常診斷實務(第1期) 2022/6/7
https://www.tabf.org.tw/CourseDetail.aspx?PID=487302
駭客奪旗攻防演練:金融資安人才養成專班(第1期) 2022/04/28~2022/06/09
https://www.tabf.org.tw/CourseDetail.aspx?PID=487750
國家高速網路與計算中心教育訓練 「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=homepage
風險導向資安稽核 2022/7/20
https://www.cisanet.org.tw/Course/Detail/2756
2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22
https://jamf.kktix.cc/events/cybersec2022jamf
沒有留言:
張貼留言