資安事件新聞週報 2022/4/4 ~ 2022/4/8
1.重大弱點漏洞/後門/Exploit/Zero Day
Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave More Routers
https://thehackernews.com/2022/04/beastmode-ddos-botnet-exploiting-new.html
CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability
https://thehackernews.com/2022/04/cisa-warns-of-active-exploitation-of.html
Spring Core出現零時差遠端程式攻擊弱點
https://tanzu.vmware.com/security/cve-2022-22950
https://tanzu.vmware.com/security/cve-2022-22963
https://thehackernews.com/2022/03/unpatched-java-spring-framework-0-day.html?fbclid=IwAR2Fg7nYqASDEY1QJXVDn1OqzqqQvVeI_wxCTGlQ6m9mtH2XiDGGy4Vsdew&m=1
Java開發框架再傳Spring4Shell漏洞 是否會引發更大的資安風暴
https://reurl.cc/jkxQ62
駭客企圖開採微軟雲端服務上的SpringShell漏洞
https://www.ithome.com.tw/news/150275
有16%的企業組織面臨針對SpringShell漏洞的嘗試性攻擊
https://blog.checkpoint.com/2022/04/05/16-of-organizations-worldwide-impacted-by-spring4shell-zero-day-vulnerability-exploitation-attempts-since-outbreak/
Sophos Firewall v18.5 MR3 (含)之前版本存在驗證弱點。該弱點允許遠端攻擊者藉由用戶名稱和 Webadmin 中繞過身份驗證。
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-1040
Sonicwall 產品 SonicOS 存在阻斷服務弱點。該弱點允許攻擊者藉由 HTTP 請求的基於堆棧的緩衝區溢出,導致服務阻斷情況或執行任意程式碼。
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22274
程式碼代管平臺GitLab出現重大漏洞,攻擊者可用於接管帳號
https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/
趨勢科技修補資安防護主控臺Apex Central的RCE漏洞
https://success.trendmicro.com/dcx/s/solution/000290678
2.銀行/金融/保險/證券/支付系統/金融監理 新聞及資安
FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks
https://thehackernews.com/2022/04/fin7-hackers-leveraging-password-reuse.html
Ukrainian FIN7 Hacker Gets 5-Year Sentence in the United States
https://thehackernews.com/2022/04/ukrainian-fin7-hacker-gets-5-year.html
三無印度銀行 中門大開損失百萬盧比
https://www.wepro180.com/bank220408/
安聯集團將進軍純網路產險 鎖定電信、電商結盟合作
https://www.ftvnews.com.tw/news/detail/2022408W0138
3.電子支付/行動支付/pay/資安
美國行動支付Cash資料外洩,820萬用戶受到影響
https://techcrunch.com/2022/04/05/block-cash-app-data-breach/
英國連鎖零售商The Works遭到網路攻擊,支付系統受到波及
https://otp.tools.investis.com/clients/uk/the_works_stores_ltd/rns/regulatory-story.aspx?cid=2405&newsid=1570877
印度台商推出電子支付鑰匙圈
https://reurl.cc/qOyG8D
歐付寶成首家電子支付繳稅系統
https://reurl.cc/Go7nrd
涉嫌非法使用電子支付APP的2名中國人在日被捕
https://zh.cn.nikkei.com/politicsaeconomy/politicsasociety/48125-2022-03-31-16-18-17.html
印度最大行動支付Paytm 誇口明年Q3前打平
https://reurl.cc/OpdYqA
華為殺入行動支付 微信、支付寶迎新勁敵
https://ctee.com.tw/news/china/621355.html
4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約 資安
This Coin Will Recover All Your Losses
https://medium.com/@jessicadoosan09/this-coin-will-recover-all-your-losses-4a328bdd2580
臉書幣復活?Meta 傳要發全新虛擬貨幣,內部稱 Zuck Bucks – INSIDE
https://reurl.cc/Opd5Nv
近700萬美元被黑的Ronin資金被發送到Tornado Cash
https://news.cnyes.com/news/id/4846694?exp=a
Change the Code, Not the Climate!環團要求變更比特幣挖礦方式
https://www.inside.com.tw/article/27244-bitcoin-changethecode-greenpeaceusa
最近NFT詐騙及駭客事件頻傳,新手該注意甚麼
https://www.potatomedia.co/post/9b5c84c6-150d-4ad5-85c1-e94e8d892d5f
攻擊Ronin的駭客向新地址轉入超過2000枚以太坊,並向Tornado Cash轉入1000枚以太坊
https://news.cnyes.com/news/id/4848122?exp=a
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
忽必烈控館長「派人鬧場逼退費」!電腦疑遭植木馬閉館3天
https://www.setn.com/News.aspx?NewsID=1094736
來自俄羅斯的新型惡意間諜程式現蹤!偷聽Android用戶手機、竊個資
https://3c.ltn.com.tw/news/48408
勒索軟體事件激增 最新調查:企業高層對網路安全仍缺乏認識
https://cnews.com.tw/124220406a01/
中國駭客APT10透過影音播放軟體VLC Player側載惡意程式
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks
挖礦軟體罪犯目標轉向雲端
https://www.ithome.com.tw/news/150332
美國迅速移除惡意軟體!防止俄羅斯網路攻擊
https://times.hinet.net/news/23849982
美俄網戰先交火!美司法部爆秘密刪除俄羅斯惡意軟體擋下網攻
https://www.rti.org.tw/news/view/id/2129373
美先發制人 瓦解俄軍駭客殭屍網路
https://news.ltn.com.tw/news/world/breakingnews/3886007
惡意軟體Denonia鎖定無伺服器運算服務AWS Lambda下手,植入XMRig變種挖礦軟體
https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/
駭客利用惡意網頁導向服務Parrot TDS感染逾1.6萬個網站,目的是散布惡意軟體
https://decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millions/
木馬程式Borat具備竊密、DDoS攻擊能力,並讓駭客能用於部署勒索軟體
https://blog.cyble.com/2022/03/31/deep-dive-analysis-borat-rat/
全球2千萬工程師的救星!美國資安獨角獸Snyk找出安全漏洞,靠的是「惡意病毒」
https://meet.bnext.com.tw/articles/view/48920?
Conti攻擊多點開花,Panasonic、Konica Minolta、福特等公司遭駭洩露資料
https://www.ithome.com.tw/news/150302
Detecting EnemyBot – Securonix Initial Coverage Advisory
https://www.securonix.com/blog/detecting-the-enemybot-botnet-advisory
Exposing the Iranian EvilNominatus Ransomware
https://www.clearskysec.com/wp-content/uploads/2022/04/EvilNominatus_Ransomware_7.4.22.pdf
Google is on guard: sharks shall not pass
https://research.checkpoint.com/2022/google-is-on-guard-sharks-shall-not-pass/
Parrot TDS takes over web servers and threatens millions
https://decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millions/
Cyber attack of UAC-0010 group (Armageddon) on state organizations of Ukraine
https://cert.gov.ua/article/39386
Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group
https://otx.alienvault.com/pulse/624ff0af271429d152b5a27e
Adversarial Threat Report - April 2022
https://about.fb.com/wp-content/uploads/2022/04/Meta-Quarterly-Adversarial-Threat-Report_Q1-2022.pdf
Cado Discovers Denonia: The First Malware Specifically Targeting Lambda - Cado Security | Cloud Investigation
https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/
Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique
https://blog.malwarebytes.com/threat-intelligence/2022/04/colibri-loader-combines-task-scheduler-and-powershell-in-clever-persistence-technique/
FFDroider Stealer Targeting Social Media platform Zscaler
https://www.zscaler.com/blogs/security-research/ffdroider-stealer-targeting-social-media-platform-users
Fake E-shops on the prowl for banking credentials using Android malware
https://www.welivesecurity.com/2022/04/06/fake-eshops-prowl-banking-credentials-android-malware/
Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials
https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials
The Latest Remcos RAT Driven By Phishing Campaign
https://www.fortinet.com/blog/threat-research/latest-remcos-rat-phishing
Windows MetaStealer Malware Report
https://isc.sans.edu/diary/rss/28522
Peace through Pegasus: Jordanian Human Rights Defenders and Journalists Hacked with Pegasus Spyware
https://citizenlab.ca/2022/04/peace-through-pegasus-jordanian-human-rights-defenders-and-journalists-hacked-with-pegasus-spyware/
Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks
FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7
https://www.mandiant.com/resources/evolution-of-fin7
CaddyWiper Analysis: New Malware Attacking Ukraine
https://blog.morphisec.com/caddywiper-analysis-new-malware-attacking-ukraine
State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage
https://research.checkpoint.com/2022/state-sponsored-attack-groups-capitalise-on-russia-ukraine-war-for-cyber-espionage/
Complete dissection of an APK with a suspicious C2 Server
https://lab52.io/blog/complete-dissection-of-an-apk-with-a-suspicious-c2-server/
Scammers are Exploiting Ukraine Donations
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/scammers-are-exploiting-ukraine-donations/
Cyber attack by UAC-0010 (Armageddon) on state institutions of the European Union
https://otx.alienvault.com/pulse/624c210d91980fdfba0319a7
Malicious Word Documents Using MS Media Player (Impersonating AhnLab)
https://asec.ahnlab.com/en/33477/
Elephant Framework Delivered in Phishing Attacks Against Ukrainian Orgs
https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/
Fresh TOTOLINK Vulnerabilities Picked Up by Beastmode Mirai Campaign
https://www.fortinet.com/blog/threat-research/totolink-vulnerabilities-beastmode-mirai-campaign
SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps
https://thehackernews.com/2022/04/sharkbot-banking-trojan-resurfaces-on.html
Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems
https://thehackernews.com/2022/04/researchers-uncover-how-colibri-malware.html
FBI Shut Down Russia-linked "Cyclops Blink" Botnet That Infected Thousands of Devices
https://thehackernews.com/2022/04/fbi-shut-down-russia-linked-cyclops.html
U.S. Treasury Department Sanctions Russia-based Hydra Darknet Marketplace
https://thehackernews.com/2022/04/us-treasury-department-sanctions-russia.html
Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin
https://thehackernews.com/2022/04/germany-shuts-down-russian-hydra.html
Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers
https://thehackernews.com/2022/04/researchers-uncover-new-android-spyware.html
Multiple Hacker Groups Capitalizing on Ukraine Conflict for Distributing Malware
https://thehackernews.com/2022/04/multiple-hacker-groups-capitalizing-on.html
Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums
https://thehackernews.com/2022/04/experts-shed-light-on-blackguard.html
Stolen Images Campaign Ends in Conti Ransomware
https://thedfirreport.com/2022/04/04/stolen-images-campaign-ends-in-conti-ransomware/
New Octo Banking Trojan Spreading via Fake Apps on Google Play Store
https://thehackernews.com/2022/04/new-octo-banking-trojan-spreading-via.html
First Malware Targeting AWS Lambda Serverless Platform Discovered
https://thehackernews.com/2022/04/first-malware-targeting-aws-lambda.html
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
Hackers Distributing Fake Shopping Apps to Steal Banking Data of Malaysian Users
https://thehackernews.com/2022/04/hackers-distributing-fake-shopping-apps.html
Ukraine Warns of Cyber attack Aiming to Hack Users' Telegram Messenger Accounts
https://thehackernews.com/2022/04/ukraine-warns-of-cyber-attack-aiming-to.html
Block Admits Data Breach Involving Cash App Data Accessed by Former Employee
https://thehackernews.com/2022/04/block-admits-data-breach-involving-cash.html
微軟成立新的Android部門,打算讓Windows與Android之間的流暢度比擬macOS與iOS
https://times.hinet.net/news/23842662
小心病毒搬光你的錢?快檢視手機中毒的「7大」症狀
https://3c.ltn.com.tw/news/48410
趕快更新軟體!三星 Android 手機爆資安漏洞「可能被駭客接管」
https://3c.ltn.com.tw/news/48431
致命漏洞快更新!安卓「這4種」手機遭入侵 銀行APP危險
https://reurl.cc/EpkgDn
Android手機爆資安漏洞!4系統藏「不明代號」 網銀戶頭恐被盜光
https://www.ettoday.net/news/20220406/2224005.htm
Google 將多款內藏收集個人資料 SDK Android 軟件下架
https://www.pcmarket.com.hk/google-takes-down-several-android-apps-embedded-personal-data-collection-sdk/
11款APP快刪!官方證實「恐盜銀行帳密」 6000萬用戶崩潰
https://fnc.ebc.net.tw/fncnews/tech/148913
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
電子郵件行銷公司MailChimp遭駭,牽連加密貨幣業者
https://times.hinet.net/news/23843823
最新資料刪除軟體導致Viasat歐洲通訊衛星斷線
https://www.ithome.com.tw/news/150255
Google Analytics遭網釣駭客用來改善攻擊成效,但同樣也可用來追蹤網釣活動
https://reurl.cc/pW7aDr
美國CISA成立「Shields Up」網站列出可行的重點資安指引
https://www.ithome.com.tw/news/150239
美國國務院宣布設立「網路空間暨數位政策局」,將數位安全列入外交政策
https://www.inside.com.tw/article/27287-cdp-cyberattack-blinken
日本通訊行業龍頭 將結束與卡巴斯基的合作關係
https://news.cnyes.com/news/id/4848754
擔憂安保風險 日本NTT集團將停用俄卡巴斯基軟體
https://udn.com/news/story/122699/6224792?from=udn-catebreaknews_ch2
網路間諜行動Bearded Barbie鎖定以色列官員而來
https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials
微軟接管俄羅斯駭客Fancy Bear用於攻擊烏克蘭的網域名稱
https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/
烏克蘭危機:最新的網路攻擊「雨刷」
https://blog.twnic.tw/2022/04/07/22645/
歐盟擬透過數位服務法 向大型網路平台徵收「保護費」
https://ec.ltn.com.tw/article/breakingnews/3884068
中資收購英國晶片廠懸而未決 就業國安短中期考慮成焦點
https://www.voacantonese.com/a/6518240.html
英媒指中國開戰前網攻烏克蘭 中方:一派胡言
https://money.udn.com/money/amp/story/5599/6214981
被控烏俄開戰前網攻烏克蘭軍事及核子設施 中國:一派胡言不足為信
https://newtalk.tw/news/view/2022-04-04/734297
中方支持駭客襲擊印度電力設施?陸外交部:潑中方髒水
https://www.chinatimes.com/realtimenews/20220407004253-260409?chdtv
紐時點出「普丁開戰」真正原因 無法忍受烏克蘭1件事
https://www.ettoday.net/news/20220404/2222614.htm
戰情早被看光? 匿名者:成功駭取12萬名俄軍個資
https://news.ltn.com.tw/news/world/breakingnews/3882627
俄政府最大喉舌被「匿名者」洩露近百萬封電郵
https://www.secretchina.com/news/b5/2022/04/08/1002883.html
美、德攜手破獲俄超大暗網 Hydra Market,沒收 543 枚比特幣
https://technews.tw/2022/04/06/worlds-biggest-darknet-marketplace-russia-linked-hydra-market-seized-and-shut-down/
Meta制止俄駭客 美司法部制裁俄寡頭及網絡犯罪
https://www.soundofhope.org/post/610190?lang=b5
俄羅斯盜烏軍臉書發投降文!Meta公布駭客入侵手段
https://reurl.cc/qOyGdD
加拿大冀提升數位防禦,推出免費中小企業網路安全認證服務
https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=0c747a5e-6fd5-4ed1-9fee-2be212d2b0c7
Hamas-linked Hackers Targeting High-Ranking Israelis Using 'Catfish' Lures
https://thehackernews.com/2022/04/hamas-linked-hackers-targeting-high.html
Researchers Trace Widespread Espionage Attacks Back to Chinese 'Cicada' Hackers
https://thehackernews.com/2022/04/researchers-trace-widespread-espionage.html
Brokenwire Hack Could Let Remote Attackers Disrupt Charging for Electric Vehicles
https://thehackernews.com/2022/04/brokenwire-hack-could-let-remote.html
Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine
https://thehackernews.com/2022/04/microsoft-obtains-court-order-to-take.html
Hamas-linked Hackers Targeting High-Ranking Israelis Using 'Catfish' Lures
https://thehackernews.com/2022/04/hamas-linked-hackers-targeting-high.html
短期駐點資訊安全人員
https://www.104.com.tw/job/7kdk6
網管工程師
https://www.104.com.tw/job/7lbf5
【集團】資安網管工程師
https://www.104.com.tw/job/7kwc1?jobsource=jolist_d_relevance
網路管理資安工程師
https://www.518.com.tw/job-yMAjvv.html
中華資安國際行政助理
https://worknowapp.com/jobs/a9717268-4db0-4090-9263-6b7b5ef8de4e
資安工程師
https://www.518.com.tw/job-G7o0p6.html
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams
https://thehackernews.com/2022/04/hackers-breach-mailchimp-email.html
防個資被盜 律師:社安、信用卡號 勿同時給他人
https://www.worldjournal.com/wj/story/121360/6212357
你儲值出錯!摩斯個資洩「消費隔日詐騙集團就有資料」 女慘遭騙30萬
https://news.tvbs.com.tw/life/1757656
誠品網路書店再爆個資外洩 民眾接一通電話後慘噴10多萬
https://www.appledaily.com.tw/property/20220404/HMU4XIER3FCZTBJABCPUQTVVCA/
Discord上包括無聊猿猴在內的多個NFT專案遭駭客入侵並廣播詐騙訊息
https://www.ithome.com.tw/news/150257
黃明志60億點擊YouTube帳號遭駭 玻璃心等MV全消失
https://www.rti.org.tw/news/view/id/2129144
一頁式詐騙又來!謊稱蔡宏圖投資加密貨幣致富
https://www.ftvnews.com.tw/news/detail/2022405F04M1
資安專家6招 防魚叉式釣魚攻擊
https://reurl.cc/yQ2Dol
驚!最新網購詐騙手法 你銀行存款會「一次被領光光」
https://www.setn.com/News.aspx?NewsID=1096539
遭投資群組拐走150萬 她怒控165專線沒用害賣屋還債
https://reurl.cc/e6qG07
雀巢公司數據泄露凸顯與戰爭相關的駭客活動風險
https://reurl.cc/8WQ6rd
E.研究報告/工具
Golang — 1 Minute guide to Useful Tips and Libraries in 2022
https://blog.canopas.com/1-min-guide-to-golang-development-best-practices-in-2022-b50d846fd6c
Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022
https://thehackernews.com/2022/04/into-breach-breaking-down-3-saas-app.html
Is API Security on Your Radar
https://thehackernews.com/2022/04/is-api-security-on-your-radar.html
MITRE ATT&CK第四輪評估計畫結果出爐
https://attackevals.mitre-engenuity.org/enterprise/participants/?adversaries=wizard-spider-sandworm
電磁紀錄怎麼刑事扣押
https://www.ettoday.net/news/20220407/2223595.htm
資料外洩警示! 剖析2022Q1的 3個 SaaS App攻擊事件
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9803
F.商業
微軟推資安規格Office 365 Government Secret 政府處理數位文件更安全
https://m.333dushi.com/post/96935.html
傳歐盟反托拉斯主管機關盯上微軟雲端業務
https://www.ithome.com.tw/news/150265
OPSWAT 為關鍵基礎設施推出資安行動實驗室
https://www.docutek.com.tw/newsDetail.php?id=443
IBM 推出 z16 新一代大型主機系統,具備量子加密技術防止資安風險
https://technews.tw/2022/04/07/ibm-unveils-z16-next-generation-mainframe-system/
G.政府
數發部將掛牌 朝野立委盼成為數位科技領頭羊
https://www.cna.com.tw/news/aipl/202204030170.aspx
中共侵台手段盡出!蔡英文示警:加強防範「裡應外合」
https://www.setn.com/News.aspx?NewsID=1096117
羅智強發起徵「百萬TikTok粉絲」活動!劉仕傑示警:輕忽中共資訊戰
https://www.ftvnews.com.tw/news/detail/2022407W0190
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
程式語言Go以5招式防禦軟體供應鏈攻擊
https://www.ithome.com.tw/news/150235
椰棗、友嘉聯手 強化工控資安防護
https://readers.ctee.com.tw/cm/20220407/a25ab1/1178126/share
DLink DAP-1360 F1硬體版本<=v6.10中的“webupg”二進製文件裡,
攻擊者在“name=deleteFile”參數為“name=deleteFile”的情況下,經過授權後,
攻擊者可以使用“file”參數執行任意系統命令。
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-44127
D-Link 產品 DIR-820L 1.05B03 版本存在 RCE 弱點。該弱點藉由 /lan.asp 的名稱參數可能導致遠端執行任意程式碼。
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-26258
NETGEAR 產品設備 R8500 1.0.2.158 版本組件 (.cgi) 的 sysNewPasswd
和 sysConfirmPasswd 參數存在遠端執行程式碼弱點。該弱點允許攻擊者由 shell 元字符執行任意命令。
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-27945
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-27946
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-27947
Totolink 產品 T10 V2 韌體版本 V4.1.8cu.5207_B20210320 存在
緩衝區溢出弱點。該弱點可能在 HTTP 請求過程中處理 http_request_parse 函數的主機資訊造成 Buffer Overflow 情況。
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-43636
ASUS RT-AC86U - Heap-based buffer overflow
https://www.twcert.org.tw/tw/cp-132-5793-4f9d3-1.html
I.教育訓練
中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班:全面招生中
https://www.cs.nycu.edu.tw/announcements/detail/8778
2022「證券期貨資訊安全實務養成課程」即日起開始報名
https://www.sfi.org.tw/news/news-7/3589
網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works)
https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw
不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書)
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html
【資安管理國際證照懶人包】學習心得、考試要點一次整理!2022 轉職夢幻工作看這篇
https://buzzorange.com/techorange/2021/12/30/isaca/
CISSP考試心得 – Benson
https://reurl.cc/GbWvxd
CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/
EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8
CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh
110年新進人員「校園資訊安全講座」教材
https://cc.nccu.edu.tw/p/406-1001-740,r18.php
【訓練教材D】資訊安全技術教育訓練教材
https://iscb.nchu.edu.tw/2019/07/d.html
109資通安全管理法數位教育訓練
https://reurl.cc/ARlmqp
110-1初級資訊安全工程師-資訊安全管理概論
https://yamol.tw/exam.php?id=104050
中大信息工程學系 栽培資訊科技領導人才
https://reurl.cc/ARZKDK
伊雲谷、中山大學產學合作 累積雲端資安人才能量
https://ctee.com.tw/industrynews/technology/587459.html
SANS Cyber Aces Online Tutorials
https://tutorials.cyberaces.org/tutorials.html
Free Online Cybersecurity Courses (MOOCs)
https://www.cyberdegrees.org/resources/free-online-courses/
Develop Your Cybersecurity Skills
https://www.cybrary.it/catalog/cybersecurity/
Mobile App Security
https://www.cybrary.it/course/mobile-app-security/
Introduction to Cybersecurity
https://reurl.cc/bnaj6d
How to Tackle SaaS Security Misconfigurations
https://thehackernews.com/2021/11/how-to-tackle-saas-security.html
How to Build a Security Awareness Training Program that Yields Measurable Results
https://thehackernews.com/2021/11/how-to-build-security-awareness.html
Common Attacks
https://choson.lifenet.com.tw/?p=1174
6.近期資安活動及研討會
Just a chat - with no Expectations 2022/4/9
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/284734457/
Coffee & Code 2022/4/10
https://www.meetup.com/Innovate-Taiwan/events/284921441/
2022 數位轉型論壇(二) 無懼威脅的天堂--後疫情時代的資訊安全 2022/4/12
https://www.cisanet.org.tw/Services/MemberActivityServiceDetail/685
從Python到TensorFlow線上讀書會-Python基礎導讀(4) -第四章 用 if 來選擇 2022/4/12
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/284265342/
SyntaxError 2022/4/13
https://www.meetup.com/pythonhug/events/284820898/
中部場-公部門如何揪出潛伏資安威脅研討會(限政府機關報名)2022/4/13
https://www.cisanet.org.tw/Course/Detail/2783
只要有心,人人都能成為雲端人才!AWSome Day線上雲端培訓日 2022/4/14
https://lihi1.com/FE09M
AIAA講座【台北場】:資安思維 X 政府應用AI案例 X 數位轉型 2022/4/16
https://www.accupass.com/event/2203031213512786993470
SP-ISAC【資安專題講座】網站安全面面觀 2022/04/19
https://reurl.cc/6EWjRM
網站應用程式安全 2022/04/19
https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19881
SDN x Cloud Native Meetup #47 2022/4/19
https://www.meetup.com/CloudNative-Taiwan/events/284821277/
Quarterly Professional Networking Event 2022/4/21
https://www.meetup.com/taiwan-digital-drinks/events/284733775/
2022 美台金融資安論壇 數位轉型下的資安再造 2022/04/21 ~ 2022/04/22
https://event.netmag.tw/202204ait/
南部場-公部門如何揪出潛伏資安威脅研討會(限政府機關報名) 2022/4/21
https://www.cisanet.org.tw/Course/Detail/2784
Python 數據分析一日工作坊 - 電商、Airbnb分析實戰 2022/4/23
https://www.meetup.com/PyLadiesTW/events/284972118/
區塊鏈與智慧資安女力論壇 2022/4/24
https://isipevent.kktix.cc/events/e58d0573
SEMI E187設備資安標準導入與實務研討會 2022/4/29
https://www.semi.org/zh/cybersecurity-standards-seminar
「資安鑑識課程-系列Ⅰ初級課程:資安科技基礎養成:滑鼠鍵盤敲起來【從密碼到資安】」線上研習 2022/4/29
https://docs.google.com/forms/d/1yS8JontNqGinMYUOaYj9aQ-Ov92yda7eFldgjotOAUs
K12的科技教育-除了程式還可以教什麼 2022/5/9
https://www.meetup.com/rladies-taipei/events/284421238/
元智資工高中生短期資訊課程-微插電資安體驗工作坊 2022/5/14
https://cse-yzu.kktix.cc/events/yzcs7
資安政策法規標準 2022/5/25 ~ 2022/5/26
https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19873
駭客奪旗攻防演練:金融資安人才養成專班(第1期) 2022/04/28~2022/06/09
https://www.tabf.org.tw/CourseDetail.aspx?PID=487750
國家高速網路與計算中心教育訓練 「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=homepage
風險導向資安稽核 2022/7/20
https://www.cisanet.org.tw/Course/Detail/2756
沒有留言:
張貼留言