資安事件新聞週報 2022/5/16 ~ 2022/5/20
1.重大弱點漏洞/後門/Exploit/Zero Day
Oracle Security Alert for CVE-2022-21500
https://www.oracle.com/security-alerts/alert-cve-2022-21500.html
SonicWall修補SSL VPN設備的高風險漏洞
https://www.sonicwall.com/support/knowledge-base/security-notice-sma-1000-series-unauthenticated-access-control-bypass/220510172939820/
Microsoft 推出 2022 年 5 月 Patch Tuesday 資安更新修補包
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9861
微軟發佈5月份安全性公告
https://msrc.microsoft.com/update-guide/deployments
三個月前修補的SharePoint漏洞被研究人員繞過,微軟再度進行修補
https://starlabs.sg/blog/2022/05/new-wine-in-old-bottle-microsoft-sharepoint-post-auth-deserialization-rce-cve-2022-29108/
Windows Local Security Authority(LSA) 存在高風險漏洞(CVE-2022-26925)
https://www.klcg.gov.tw/tw/education/3522-255125.html
Adobe 已發布安全更新,以解決多個 Adobe 產品中的弱點
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/12/adobe-releases-security-updates-multiple-products
High-Severity Bug Reported in Google's OAuth Client Library for Java
https://thehackernews.com/2022/05/high-severity-bug-reported-in-googles.html
VMware Releases Patches for New Vulnerabilities Affecting Multiple Products
https://thehackernews.com/2022/05/vmware-releases-patches-for-new.html
VMware修補旗下產品的身分驗證繞過漏洞,美國要求公部門限期完成修補
https://www.bleepingcomputer.com/news/security/vmware-patches-critical-auth-bypass-flaw-in-multiple-products/
WordPress外掛程式Tatsu Builder漏洞遭到鎖定,出現近6百萬次攻擊
https://www.wordfence.com/blog/2022/05/millions-of-attacks-target-tatsu-builder-plugin/
WordPress外掛程式JupiterX、Junipter存在重大漏洞,恐被駭客用來接管網站
https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/
黑客覆寫靭體!超過 200 款型號出事! HP 推出 BIOS 更新籲用戶立即安裝
https://www.pcmarket.com.hk/bios-security-vulnerabilities-has-been-founded-in-over-200-models-hp-pc/
2.銀行/金融/保險/證券/支付系統/金融監理 新聞及資安
駭客利用惡意PHP程式碼截取網站的信用卡資料
https://www.zdnet.com/article/fbi-hackers-used-malicious-php-code-to-grab-credit-card-data/
Cyber Actors Scrape Credit Card Data from US Business' Online Checkout Page and Maintain Persistence by Injecting Malicious PHP Code
https://www.ic3.gov/Media/News/2022/220516.pdf
遭批遇到富邦就轉彎 金管會:兩年開罰富邦金逾3000萬元
https://news.cnyes.com/news/id/4874704?exp=a
不怕保單之亂! 染疫警專案申請理賠「備妥個人文件即可」
https://www.mirrormedia.mg/story/20220518soc003/
微笑揮手就能結帳?Mastercard 卡「生物辨識支付」便利性挑戰隱私權
https://www.inside.com.tw/article/27713-mastercard-biometric-payment
萬事達卡推臉部辨識付款 安全隱憂再成爭議
https://reurl.cc/QLRzz2
台銀「三駕馬車」戰略發威 前4月稅前淨利54億元
https://www.cna.com.tw/news/afe/202205200157.aspx
法規雖逐步鬆綁仍較他國嚴謹 海外經驗可作為參考案例 開放上雲引躍躍欲試 人才法遵成金融業挑戰
https://www.netadmin.com.tw/netadmin/zh-tw/trend/0918A23BDC774E8A91614D2F3F5FEB57
第一金台灣核心戰略建設基金 熱募
https://wantrich.chinatimes.com/news/20220517900116-420101
將來銀行帳務系統出包 發3700筆錯誤簡訊給客戶
https://tw.appledaily.com/property/20220520/N46SPH4DJND33GDILX2VPJLLYQ/
信用卡也能享有跨行交易免手續費優惠
https://www.cardu.com.tw/message/detail.php?46959
富邦媒砸3.75億元 參與LINE BANK私募案
https://udn.com/news/story/7241/6328181?from=udn-catelistnews_ch2
北富銀參與LINE Bank減增資,持股比重增至27.18%
https://reurl.cc/b2VM2o
3.電子支付/行動支付/pay/資安
美國行動支付,為什麼不如中國普遍
https://www.cw.com.tw/article/5121132
偽卡綁Apple Pay行動支付 至咖啡連鎖門市盜刷換現金
https://reurl.cc/XjGolR
Google 錢包和 Google Pay 有什麼區別
https://reurl.cc/NAQ3Z9
碰一下就付款,蘋果訪客中心開始接受 Tap To Pay
https://technews.tw/2022/05/17/tap-to-pay/
不打補貼戰降虧損!歐付寶結盟綠界整合支付版圖,下步搶攻移工商機
https://www.bnext.com.tw/article/69248/opay-2022
小米為日本當地電子票卡需求,在日本提供具備 FeliCa 的 Redmi Note 11 Pro 5G
https://reurl.cc/7D0OeD
遠東有錢卡收攤不玩 10月底終止走入歷史
https://www.cardu.com.tw/news/detail.php?46139
網購數位科技調查 消費者最重視電子支付
https://www.eettaiwan.com/20220517nt21-online-shopping/
英國政府計劃將穩定幣納入電子支付監管範圍
https://news.cnyes.com/news/id/4873238
你支持不用鈔票更方便嗎?全球現金戰爭開打:那些率先走向無現金交易的國家,後來呢
https://www.businesstoday.com.tw/article/category/183017/post/202205040077/
第二階段消費券 改寫本地電子支付版圖
https://www.pcmarket.com.hk/2nd-phase-consumption-voucher-will-rewriting-the-local-electronic-payment-landscape/
歐付寶擬串連綠界科技收款店家
https://reurl.cc/n1Nk16
電支去年無人獲利 又有新兵殺進搶市
https://www.wealth.com.tw/articles/af1b47f4-b7e9-4547-a60a-e2878fded3d3
4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約 資安
Create NFT Market Place without any libraries like openZeppelin (part 1)
https://amirdiafi.medium.com/create-nft-market-place-without-any-libraries-like-openzeppelin-part-1-7c3bbc04c23f
虛擬貨幣是什麼?加密貨幣有哪些?加密貨幣種類、特色、風險
https://reurl.cc/x9anG4
習酒發布NFT數字藏品
https://news.cnyes.com/news/id/4875740
BTC拉升後部分高位套牢籌碼離場 ETH匯率處於較低水平 – 2022.5.20
https://reurl.cc/k1OD93
500億美元的一堂課 從UST崩盤看穩定幣的三道防線
https://www.cw.com.tw/article/5121284
LINE推出DOSI Wallet 攻全球市場NFT交易平台、註冊流程更簡化
https://udn.com/news/story/122837/6320207?from=udn-catelistnews_ch2
用社群帳號就能註冊!LINE 推「DOSI Wallet」錢包搶攻NFT商機
https://3c.ltn.com.tw/news/49179
數碼港元│零售央行數碼貨幣與現有電子支付方式有何分別
https://reurl.cc/55ve5v
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
鎖定macOS的惡意軟體UpdateAgent出現變種,被用來投放更多惡意程式
https://www.jamf.com/blog/updateagent-adapts-again/
製作勒索軟體Jigsaw、Thanos的駭客被起底
https://www.justice.gov/usao-edny/pr/hacker-and-ransomware-designer-charged-use-and-sale-ransomware-and-profit-sharing
Conti勒索軟體威脅推翻哥斯大黎加政府
https://www.ithome.com.tw/news/150993
知名勒索軟體Jigsaw、Thanos作者竟是55歲心臟科醫生,客服有口碑堪稱勒索界「絕命毒師」
https://www.techbang.com/posts/96375-in-addition-to-treating-patients-55-year-old-cardiologists
中國駭客鎖定俄羅斯航太產業下手,植入多種惡意軟體
https://www.bleepingcomputer.com/news/security/chinese-space-pirates-are-hacking-russian-aerospace-firms/
日經新聞遭到勒索軟體攻擊
https://asia.nikkei.com/Announcements/Nikkei-unit-in-Singapore-hit-by-ransomware
鎖定Linux主機的殭屍網路XorDDoS近半年攻擊次數增2.5倍
https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/
勒索軟體Chaos破壞受害電腦檔案,並表達力挺俄羅斯的訴求
https://www.fortinet.com/blog/threat-research/chaos-ransomware-variant-sides-with-russia
航空液壓設備製造商傳出遭勒索軟體Conti攻擊
https://www.bleepingcomputer.com/news/security/engineering-firm-parker-discloses-data-breach-after-ransomware-attack/
威聯通針對近期出現的勒索軟體DeadBolt攻擊行動提出警告
https://www.qnap.com/zh-tw/security-news/2022/%E7%AB%8B%E5%8D%B3%E6%8E%A1%E5%8F%96%E8%B3%87%E5%AE%89%E9%98%B2%E8%AD%B7%E8%A1%8C%E5%8B%95%E6%9B%B4%E6%96%B0-qts-%E8%87%B3%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC
駭客一口氣散布3種無檔案惡意軟體,意圖竊取受害電腦資料
https://www.fortinet.com/blog/threat-research/phishing-campaign-delivering-fileless-malware
變種Facestealer竊密程式鎖定手機用戶,截取臉書帳密或假藉挖礦服務洗劫加密貨幣錢包
https://trendmicro.com/en_us/research/22/e/fake-mobile-apps-steal-facebook-credentials--crypto-related-keys.html
駭客利用Windows事件記錄機制埋藏惡意軟體行蹤
https://securelist.com/a-new-secret-stash-for-fileless-malware/106393/
Why Remediation Alone Is Not Enough When Infected by Malware
https://asec.ahnlab.com/en/34549/
Vidar distributed through backdoored Windows 11 downloads and abusing Telegram
https://www.zscaler.com/blogs/security-research/vidar-distributed-through-backdoored-windows-11-downloads-and-abusing
Dridex Infection Chain Case Studies
https://unit42.paloaltonetworks.com/excel-add-ins-dridex-infection-chain/
https://github.com/pan-unit42/iocs/blob/master/Dridex%20Infection%20Chain%20Case%20Studies
CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware
https://www.sentinelone.com/labs/cratedepression-rust-supply-chain-attack-infects-cloud-ci-pipelines-with-go-malware/
Twisted Panda: Chinese APT espionage operation against Russian’s state-owned defense institutes
https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/
Bumblebee Malware from TransferXL URLs
https://isc.sans.edu/diary/rss/28664
Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control
https://www.cisa.gov/uscert/ncas/alerts/aa22-138b
Info-stealer Campaign targets German Car Dealerships and Manufacturers - Check Point Software
https://blog.checkpoint.com/2022/05/10/a-german-car-attack-on-german-vehicle-businesses/
Briefing on the latest APT-C-24 Rattlesnake attack activity
https://mp-weixin-qq-com.translate.goog/s/qsGxZIiTsuI7o-_XmiHLHg?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en
SYK Crypter Distributing Malware Families Via Discord
https://blog.morphisec.com/syk-crypter-discord
Falcon OverWatch Detects Novel IceApple Post-Exploitation Framework
https://www.crowdstrike.com/wp-content/uploads/2022/05/crowdstrike-iceapple-a-novel-internet-information-services-post-exploitation-framework.pdf
https://www.crowdstrike.com/blog/falcon-overwatch-detects-iceapple-framework/
https://therecord.media/iceapple-post-exploitation-malware-microsoft-crowdstrike/
Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/
Operation RestyLink: APT campaign targeting Japanese companies
https://insight-jp.nttsecurity.com/post/102hojk/operation-restylink-apt-campaign-targeting-japanese-companies
Network Footprints of Gamaredon Group
https://blogs.cisco.com/security/network-footprints-of-gamaredon-group
Space Pirates: analyzing the tools and connections of a new hacker group
https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/space-pirates-tools-and-connections/
Emotet Summary: November 2021 Through January 2022
https://unit42.paloaltonetworks.com/emotet-malware-summary-epoch-4-5/
How to Protect Your Data When Ransomware Strikes
https://thehackernews.com/2022/05/how-to-protect-your-data-when.html
UpdateAgent Returns with New macOS Malware Dropper Written in Swift
https://thehackernews.com/2022/05/updateagent-returns-with-new-macos.html
U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware
https://thehackernews.com/2022/05/us-charges-venezuelan-doctor-for-using.html
New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners
https://thehackernews.com/2022/05/new-sysrv-botnet-variant-hijacking.html
Researchers Warn of "Eternity Project" Malware Service Being Sold via Telegram
https://thehackernews.com/2022/05/researchers-warn-of-eternity-project.html
New Saitama backdoor Targeted Official from Jordan's Foreign Ministry
https://thehackernews.com/2022/05/new-saitama-backdoor-targeted-official.html
Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks
https://thehackernews.com/2022/05/iranian-hackers-leveraging-bitlocker.html
Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices
https://thehackernews.com/2022/05/microsoft-warns-rise-in-xorddos-malware.html
Cytrox's Predator Spyware Targeted Android Users with Zero-Day Exploits
https://thehackernews.com/2022/05/cytroxs-predator-spyware-target-android.html
Hackers Exploiting VMware Horizon to Target South Korea with NukeSped Backdoor
https://thehackernews.com/2022/05/hackers-exploiting-vmware-horizon-to.html
Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware
https://thehackernews.com/2022/05/hackers-trick-users-with-fake-windows.html
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
iPhone關機也沒用!駭客一樣能藉低功耗模式入侵手機
https://3c.ltn.com.tw/news/49162
iPhone關機也被駭!有心人士竟藉「內建這模式」入侵手機
https://reurl.cc/9Gv25x
研究人員發現可濫用iPhone低耗電模式的漏洞
https://arxiv.org/pdf/2205.06114.pdf
修補 iPhone 近30個資安漏洞!蘋果釋出 iOS 15.5 更新
https://3c.ltn.com.tw/news/49153
預防惡意攻擊!蘋果和Google急刪150萬個2年未更新App
https://newtalk.tw/news/view/2022-05-18/756572
3款APP有毒!一掃QR Code就被駭 存款直接被偷光
https://news.ebc.net.tw/news/living/317972
惡意App盜銀行帳密 日常健身、掃QR Code就被駭
https://www.ettoday.net/news/20220518/2253666.htm
安卓用戶快刪除!7款App 暗藏變種版惡意間諜軟體「偷」手機個資
https://3c.ltn.com.tw/news/49161
快檢查手機!這6款App竊你個資
https://reurl.cc/b2V03y
手機續航測試出爐 這款入門新機續航超卓越
https://www.ettoday.net/news/20220519/2254476.htm
惡意App盜銀行帳密 日常健身、掃QR Code就被駭
https://www.ettoday.net/news/20220518/2253666.htm?from=rss
這款APP快刪除!入侵帳戶秒扣3000元 荷包恐全空
https://news.ebc.net.tw/news/living/318129
訊診看病需求暴增 醫聯網開發「視訊診療系統」協助抗疫
https://udn.com/news/story/7240/6326127?from=udn-ch1_breaknews-1-cate6-news
社交軟體看病好方便?醫聯網:恐有資安風險
https://reurl.cc/ErjEVv
iOS 15.6 beta 1 更新釋出!又帶來哪些新功能
https://mrmad.com.tw/apple-ios-15-6-beta-1-releases
加拿大跟進盟邦 5G網路將禁用華為、中興通訊設備
https://times.hinet.net/news/23924457
Twitter員工遭偷拍!內幕消息外洩,員工反對馬斯克收購,稱他患有亞斯伯格症
https://news.cnyes.com/news/id/4875298
遠傳5G遠距診療取得美國HIPAA認證,強化資安接軌國際
https://reurl.cc/9Gv2dj
Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys
https://www.trendmicro.com/en_us/research/22/e/fake-mobile-apps-steal-facebook-credentials--crypto-related-keys.html
How to make Android Studio look Awesome
https://blog.protein.tech/how-to-make-android-studio-look-awesome-ee19e3719a59
Over 200 Apps on Play Store Caught Spying on Android Users Using Facestealer
https://thehackernews.com/2022/05/over-200-apps-on-play-store-caught.html
Researchers Find Potential Way to Run Malware on iPhone Even When it's OFF
https://thehackernews.com/2022/05/researchers-find-way-to-run-malware-on.html
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
臺灣積極發展資安職務地圖,促進產官學溝通對焦,新興資安產業版首登場
https://www.ithome.com.tw/news/151029
全球企業資安人才狂缺!哪些國際專業證照可以讓你身價狂飆
https://buzzorange.com/techorange/2022/05/20/isaca-certificate/
挖礦攻擊對 DevOps 團隊的衝擊
https://blog.trendmicro.com.tw/?p=72313
多國警告 MSP 面臨網路安全威脅
https://technews.tw/2022/05/18/government-agencies-warn-of-increase-in-cyberattacks-targeting-msps/
駭客也分黑白機器人帳號目的是什麼網路安全工程師解惑網友疑問
https://reurl.cc/A7jodp
Axie Infinity、Moonbirds、RTFKT …多個項目 Discord 遭駭客攻擊
https://www.blocktempo.com/several-nft-discords-were-compromised-including-axie-moonbirds-rtfkt/
北韓駭客潛伏國際 為發展核武籌資
https://anntw.com/articles/20220518-bJsG
北韓派出數千名IT開發者潛伏於全球企業以替北韓政府賺錢
https://www.ithome.com.tw/news/150980
北韓IT人士埋伏全球企業,協助駭客進行網路攻擊
https://home.treasury.gov/system/files/126/20220516_dprk_it_worker_advisory.pdf
北韓駭客Lazarus鎖定南韓組織的VMware遠距工作平臺Log4Shell漏洞下手
https://asec.ahnlab.com/en/34461/
4中國特工1美公民涉情蒐 鎖定中國異議與民運人士
https://www.cna.com.tw/news/aopl/202205190055.aspx
中國數位絲路若建成...商業、情報,連印度發電廠都可能受控制
https://www.businessweekly.com.tw/international/blog/3009795
報告稱中國駭客試圖竊取俄羅斯國防數據
https://cn.nytimes.com/china/20220520/china-hackers-russia/zh-hant/
中國駭客間諜全球入侵 下手對象包括盟友俄羅斯
https://www.cna.com.tw/news/acn/202205200200.aspx
中共靠攏侵烏俄國 中東歐對中關係重新省思
https://reurl.cc/o1RWG3
美司法部正式承諾不控告從事安全研究的白帽駭客
https://www.ithome.com.tw/news/151026
美國將把白帽駭客行為除罪化 確保資安技術成長
https://www.cool3c.com/article/177504
瑞典和芬蘭提高網絡攻擊警戒級別,擔心因申請加入北約遭到報復
https://reurl.cc/d2n6q8
義大利國家網路安全局:將運用AI及新型軟體抵制網路犯罪
https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=dc398ba0-0e3e-42a6-bd0a-3c68060ff0b4
台商刺探法輪功情資二審無罪 最高法院發回更審
https://reurl.cc/x9anRN
歐洲推出第二版網路暨資訊系統安全指令,將擴大適用範圍
https://digital-strategy.ec.europa.eu/en/library/proposal-directive-measures-high-common-level-cybersecurity-across-union
Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang
https://thehackernews.com/2022/05/researchers-expose-inner-working-of.html
U.S. Warns Against North Korean Hackers Posing as IT Freelancers
https://thehackernews.com/2022/05/us-warns-against-north-korean-hackers.html
Europe Agrees to Adopt New NIS2 Directive Aimed at Hardening Cybersecurity
https://thehackernews.com/2022/05/europe-agrees-to-adopt-new-nis2.html
Ukrainian Hacker Jailed for 4-Years in U.S. for Selling Access to Hacked Servers
https://thehackernews.com/2022/05/ukrainian-hacker-jailed-for-4-years-in.html
Researchers Uncover Rust Supply-Chain Attack Targeting Cloud CI Pipelines
https://thehackernews.com/2022/05/researchers-uncover-rust-supply-chain.html
軟體開發工程師
https://www.104.com.tw/job/7muzf
國網中心/網路與資安組/學研總中心規劃推動計畫/專案管理計畫人員/1人(111_06_2)
https://www.104.com.tw/job/7n1q8
【視訊面試】資安工程師 --接受無經驗,但想往資安發展,有完整培訓
https://www.104.com.tw/job/7mw8c?jobsource=jolist_c_date
資訊部-資安工程師
https://job.taiwanjobs.gov.tw/internet/jobwanted/JobDetail.aspx?R2=15&EMPLOYER_ID=446216&HIRE_ID=11174009
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
Interactive Phishing: Using Chatbot-like Web Applications to Harvest Information
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/interactive-phishing-using-chatbot-like-web-applications-to-harvest-information/
金融大老籲與司法界多交流 刑事局建議做好風險評估避免被駭被騙
https://www.ctwant.com/article/184048
怕出門染疫...民眾網路交易遭騙損荷包!「這些手法」要當心
https://news.housefun.com.tw/news/article/111660335556.html
疫情期間 聯卡中心提醒留意網路詐欺或手機簡訊釣魚
https://www.chinatimes.com/realtimenews/20220518005239-260410?chdtv
網購刷卡詐騙多 聯卡中心提醒遇可疑主動向銀行查證
https://money.udn.com/money/story/5613/6323474
釣魚網站騙信用卡資料 盜刷星巴克點數洗錢1年賺近千萬元
https://news.sina.com.tw/article/20220518/41861670.html
駭客利用客服機器人進行網路釣魚,竊取信用卡資料
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/interactive-phishing-using-chatbot-like-web-applications-to-harvest-information/
主播簡立喆超崩潰 臉書遭駭信用卡又被盜刷
https://ent.ltn.com.tw/news/breakingnews/3932719
全球網絡詐騙行業今年首季有增長趨勢
https://unwire.pro/2022/05/20/arkose-labs/security/
手機報稅小心個資外洩陷阱!趨勢科技教你 3 招防止駭客攻擊
https://www.techbang.com/posts/96118-mobile-phone-tax-filing-beware-of-personal-leakage-traps-trend
【錯誤】網傳網站「填寫相關問題抽10,000超市禮券..」
https://tfc-taiwan.org.tw/articles/7509
假冒加密貨幣交易所 HKCERT 提醒市民小心短訊釣魚攻擊
https://www.pcmarket.com.hk/phishing-attack-on-fake-cryptocurrency-exchange-sms/
馬來西亞超過2千萬國民個資外洩,賣家大膽公開內政部長身分證
https://www.thenewslens.com/article/167095
稱台灣原創卻放中國盜錄片 TV Pay被起訴
https://www.epochtimes.com/b5/22/5/17/n13739289.htm
買清冠遇詐騙! 誆贈兩劑快篩 新手媽遭騙1萬
https://www.ftvnews.com.tw/news/detail/2022517N06M1
E.研究報告/工具
TeamT5 發布模組化後門程式 Pangolin8RAT 與關聯駭客團體研究
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9857
零信任資安模型與 DevOps 整合的 5 大元素
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9862
第3屆ICANN APAC-TWNIC合作交流論壇引領探索網路本質,實現全球公共利益
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9856
ICANN 開發用於監控及打擊惡意網路行為的工具
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9860
網站追蹤器元件可能會在用戶送出前截取輸入表單的資料
https://homes.esat.kuleuven.be/~asenol/leaky-forms/
巴哈駭客教你如何不因為違反兒少保護被水桶
https://forum.gamer.com.tw/C.php?bsn=60076&snA=7097054
駭客使用sqlps公用程式鎖定攻擊SQL Server
https://www.ithome.com.tw/news/150991
如果猴子拿到打字機:從柏拉圖談到《駭客任務》的小說創作心法
https://reurl.cc/ErjEmR
你的按鍵被監控了嗎?什麼是鍵盤側錄器(keylogger)? 鍵盤側錄器進入電腦的四個管道
https://blog.trendmicro.com.tw/?p=71541
CVE-2022-26923:Active Directory網域權限提升漏洞修補分析
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9870
Excel 刪除重覆值或取得唯一值
https://amingosec.blog/excel-remove-duplicates/
介接專攻中日韓語系引擎 行欄位面向高效資料庫索引 MySQL外掛Mroonga 全文檢索搜尋中文更有力
https://www.netadmin.com.tw/netadmin/zh-tw/technology/A383340B3A934B92938826D76380D9AE
【反面教材】解構勒索集團LAPSUS$入侵事件科技巨企網絡安全超脆弱
https://www.wepro180.com/lapsus220523/
無線滲透–wifiphisher之wifi釣魚獲取wifi密碼
https://reurl.cc/9Gv2Mj
Mirantis OpenStack 9.0 在 VirtualBox上的部署安装
https://reurl.cc/RrqA6e
Can analyzing javascript files lead to remote code execution
https://melotover.medium.com/can-analyzing-javascript-files-lead-to-remote-code-execution-f24112f1aa1f
What’s new in Flutter 3.0, let’s discuss the top 10 new things
https://shirsh94.medium.com/whats-new-in-flutter-3-0-let-s-discuss-the-top-10-new-things-839aba69929b
Build Your first CI/CD Pipeline in Azure DevOps
https://qatechtalks.medium.com/build-your-first-ci-cd-pipeline-in-azure-devops-5bd3408f36ff
2022 Custom VSCode Setup
https://medium.com/@crstnmac/2022-custom-vscode-setup-b72b10ef1e0a
Reset the Password for Vulnerability
https://medium.com/@sathvika03/reset-the-password-for-vulnerability-b0805f7adf9c
An overview of Threat Intelligence in Cybersecurity
https://4noobies.medium.com/an-overview-of-threat-intelligence-in-cybersecurity-f48ecf37c323
Why the Raspberry Pi should be your next home server
https://medium.com/the-pi-project/why-the-raspberry-pi-should-be-your-next-home-server-e901e796e7a6
12 Awesome Linux Commands && Utilities
https://medium.com/codex/12-awesome-linux-commands-utilities-49ab56588a84
How to make real money with Python and YouTube
https://medium.com/geekculture/how-to-make-real-money-with-python-and-youtube-494bb34ca9ac
How I managed to take over any account visits my profile with Stored XSS
https://0xmahmoudjo0.medium.com/how-i-managed-to-take-over-any-account-visits-my-profile-with-stored-xss-6b378d33e90f
7 Best GitHub Repositories to Learn Any Programming Language
https://javascript.plainenglish.io/7-best-github-repositories-to-learn-any-programming-language-5843e5a3c8d8
My Mac OS essential tools list at work
https://medium.com/@spawnrider/my-mac-os-essential-tools-list-at-work-391792dfcd1d
90 % of Javascript Developer fail to answer these code snippets (Asked in Interview) Part-1
https://vineetmishrahbk.medium.com/90-of-javascript-developer-fail-to-answer-these-code-snippets-asked-in-interview-436e00ec1287
How I became a Web3 dev in just 7 days and got my first 8000$ Web3 contract
https://blog.cryptostars.is/how-i-became-a-web3-dev-in-just-7-days-and-got-my-first-8000-web3-contract-8f554bcb5352
Hacking Smart Contracts: Beginners Guide
https://learn.block6.tech/hacking-smart-contracts-beginners-guide-9c84e9de7194
7 Key Findings from the 2022 SaaS Security Survey Report
https://thehackernews.com/2022/05/7-key-findings-from-2022-saas-security.html
Web Trackers Caught Intercepting Online Forms Even Before Users Hit Submit
https://thehackernews.com/2022/05/web-trackers-caught-intercepting-online.html
Hackers Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility
https://thehackernews.com/2022/05/hackers-gain-fileless-persistence-on.html
Are You Investing in Securing Your Data in the Cloud
https://thehackernews.com/2022/05/are-you-investing-in-securing-your-data.html
Fake Clickjacking Bug Bounty Reports: The Key Facts
https://thehackernews.com/2022/05/fake-clickjacking-bug-bounty-reports.html
Google Created 'Open Source Maintenance Crew' to Help Secure Critical Projects
https://thehackernews.com/2022/05/google-created-open-source-maintenance.html
2022 Cybersecurity Skills Gap
https://www.fortinet.com/content/dam/fortinet/assets/reports/report-2022-skills-gap-survey.pdf
F.商業
Noname Security成立台灣辦事處擴展亞太市場
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9859
Google推出經過安全驗證的開源軟體套件
https://cloud.google.com/blog/products/identity-security/introducing-assured-open-source-software-service
駭客猖獗網安股夯 Palo Alto盤後噴10% 同業跟漲
https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=789c444f-77d8-4a85-b480-29f6c039595f
芬-安全企業版發佈全新品牌WithSecure™ 並以「唯思安全」為品牌中文命名 WithSecure™象徵
「Co-security協同安全」的理念,共創可信賴的數位安全社會
https://times.hinet.net/topic/23925044
Fortinet 資安能力報告:八成企業因資安知識不足導致安全威脅
http://n.yam.com/Article/20220518741552
資安鬧人才荒、公司技術不足!Fortinet:8成企業遭受資安威脅
https://www.bnext.com.tw/article/69257/cybersecurity-fortinet-report
華邦電推進45奈米Nor flash製程開發 資安產品需求看好
https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=c5c74867-8480-4226-9fac-10c95ad688bb
微軟加碼在台投資 透過首座微軟雲端資料中心加速培育數位轉型人才
https://www.managertoday.com.tw/articles/view/65106
微軟與財團法人電信技術中心雙管齊下推動5G專網資安
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=41&id=0000635152_Z6628WXK4EO1583WIFEJB
精誠(6214)旗下恆逸成台灣首家Aruba國際認證授權教育訓練中心
https://fnc.ebc.net.tw/fncnews/content/150641
恆逸成為首家台灣Aruba國際認證授權教育訓練中心
https://www.storm.mg/stylish/4341920
中華電信500M以上客戶淨增3成 WiFi全屋通淨增台數55%
https://turnnewsapp.com/livenews/finance/A79860002022051816345041
逸盈科技成為 Noname Security 臺灣授權代理商
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/906C2FDE919A47FCA15D60F741822220
AI、HPC、資安 將成COMPUTEX數位轉型解決方案熱門項目
https://wantrich.chinatimes.com/news/20220519900420-420501
全面升級!MailGates 6.0 高效抵禦社交工程、BEC、APT 攻擊守護企業資安
https://www.openfind.com.tw/taiwan/news_detail.php?news_id=10317
Palo Alto Networks呼籲網安產業採用零信任、零例外ZTNA 2.0
https://news.sina.com.tw/article/20220519/41866934.html
中華電信連續兩年取得Azure Expert MSP最高階專業認證
https://times.hinet.net/news/23923260
Sophos 2022年勒索軟體現況報告 揭露勒索軟體攻擊
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&cat=60&id=0000635343_4J44YW4V39A5GP4LJP2KT
Sophos 揭密流動性挖礦 CryptoCrime 的手法
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9869
中華資安國際:結合滲透測試、紅隊演練服務,提高資安防線的強韌度
https://www.owlting.com/news/articles/97832
最先進的防護與效能,以滿足5G、邊緣運算與持續增加頻寬的規定。Radware 推出 Terabit 等級 DDoS 緩解平台
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/3E323235C03C4949B03651321676B887
Superhub x VMware助各類企業 打造Work Smarter雲端方案
https://www.wepro180.com/superhub_vmware_220505/
G.政府
「單一性別做決策會產生盲點」國防院學者杜貞儀:國安領域也需男女平等參與
https://watchout.tw/reports/5EhBdt76F2Ko2LW6JHb9
資策會大改組織架構,宣示轉型為第三方協力機構
https://technews.tw/2022/05/19/organizational-adjustment-of-the-iii/
資策會設2大研究院 拚薪資看齊國際
https://wantrich.chinatimes.com/news/20220520900048-420501
資安螺絲鬆了? 「台灣好玩卡」官網驚見五星旗
https://www.ftvnews.com.tw/news/detail/2022519P12M1
台波舉行經貿諮商會議 簽署三份合作備忘錄達成共識
https://beanfun.com/articles/detail/1526507736206938112?country=tw&site=1
台波蘭簽訂三大合作備忘錄 聚焦半導體、電動車盼台商投資
https://finance.ettoday.net/news/2253224
我布建低軌衛星 專家示警與國際接軌問題
https://www.rti.org.tw/news/view/id/2133114
低軌通訊衛星 技術、人才與資安不可缺
https://reurl.cc/GxjWzv
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability
https://thehackernews.com/2022/05/zyxel-releases-patch-for-critical.html
駭客可遠端解鎖特斯拉還開走!研究員推估:至少 200 萬輛受威脅
https://auto.ltn.com.tw/news/20340/3
手機鑰匙很方便,駭客偷車更easy ! 來看如何在10 秒內開走一輛Tesla Model Y
https://reurl.cc/55vYOy
藍牙 LE 被發現有資安問題,恐衝擊包括家用與車用的智慧門鎖
https://www.cool3c.com/article/177395
SEMI E187 訂下半導體資安標準,為何這可能是台灣半導體設備商競爭力突破點
https://buzzorange.com/techorange/2022/05/18/semi-e187/
電動車轉型腳步跟不上歐洲車廠!英國智庫:倒數三名全是日本品牌
https://auto.ltn.com.tw/news/20324/3
網絡安全專家發現特斯拉無鑰匙系統可被攻破 部分功能可被強制控制
https://reurl.cc/q5VQGE
憂台海危機造成半導體斷鏈,傳美日將深化先進半導體合作研發與製造、防止中國竊密
https://www.thenewslens.com/article/166929
防半導體供應斷鏈 美歐將設早期預警系統
https://www.worldjournal.com/wj/story/121209/6317647
I.教育訓練
物聯網時代的15堂資安基礎必修課 (Practical Iot Hacking: The Definitive Guide to Attacking the Internet of Things)
https://www.tenlong.com.tw/products/9786263241756?list_name=p-r-zh_tw
中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班:全面招生中
https://www.cs.nycu.edu.tw/announcements/detail/8778
2022「證券期貨資訊安全實務養成課程」即日起開始報名
https://www.sfi.org.tw/news/news-7/3589
網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works)
https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw
不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書)
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html
【資安管理國際證照懶人包】學習心得、考試要點一次整理!2022 轉職夢幻工作看這篇
https://buzzorange.com/techorange/2021/12/30/isaca/
CISSP考試心得 – Benson
https://reurl.cc/GbWvxd
CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/
EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8
CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh
110年新進人員「校園資訊安全講座」教材
https://cc.nccu.edu.tw/p/406-1001-740,r18.php
【訓練教材D】資訊安全技術教育訓練教材
https://iscb.nchu.edu.tw/2019/07/d.html
109資通安全管理法數位教育訓練
https://reurl.cc/ARlmqp
110-1初級資訊安全工程師-資訊安全管理概論
https://yamol.tw/exam.php?id=104050
中大信息工程學系 栽培資訊科技領導人才
https://reurl.cc/ARZKDK
伊雲谷、中山大學產學合作 累積雲端資安人才能量
https://ctee.com.tw/industrynews/technology/587459.html
SANS Cyber Aces Online Tutorials
https://tutorials.cyberaces.org/tutorials.html
Free Online Cybersecurity Courses (MOOCs)
https://www.cyberdegrees.org/resources/free-online-courses/
Develop Your Cybersecurity Skills
https://www.cybrary.it/catalog/cybersecurity/
Mobile App Security
https://www.cybrary.it/course/mobile-app-security/
Introduction to Cybersecurity
https://reurl.cc/bnaj6d
How to Tackle SaaS Security Misconfigurations
https://thehackernews.com/2021/11/how-to-tackle-saas-security.html
How to Build a Security Awareness Training Program that Yields Measurable Results
https://thehackernews.com/2021/11/how-to-build-security-awareness.html
Common Attacks
https://choson.lifenet.com.tw/?p=1174
6.近期資安活動及研討會
駭客奪旗攻防演練:金融資安人才養成專班(第1期) 2022/04/28~2022/06/09
https://www.tabf.org.tw/CourseDetail.aspx?PID=487750
沙崙資安基地 線上免費資安課程 多的是你不知道的事-揭秘OSINT 2022/5/24
https://bit.ly/3vDkjYO
釣魚釣魚釣到你_白帽駭客教你如何利用人性弱點突破防禦 2022/5/25
http://www.cs.thu.edu.tw/web/news/detail.php?id=4129
資安政策法規標準 2022/5/25 ~ 2022/5/26
https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19873
「零信任資安時代下的機會與挑戰」論壇 (線上) 2022/5/26
https://seminars.tca.org.tw/D15t00933.aspx
從 ISO 合規看企業設備資安管理 - 線上研討會 2022/5/26
https://jamf.kktix.cc/events/jamfnation-compliance-webinar
國家高速網路與計算中心教育訓練 「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=course_index
【公益資訊安全講座】-【非營利組織的個資與資安防護觀念建立】 2022/06/01
https://taiwanngo.tw/Post/81845
HITCON FreeTalk 2022 - 烏俄網路戰 & CTF 經驗分享 2022/6/6
https://hitcon.kktix.cc/events/hitcon-freetalk-2022
資訊安全系列課程系列九:機器學習與資安異常診斷實務(第1期) 2022/6/7
https://www.tabf.org.tw/CourseDetail.aspx?PID=487302
醫療資安女力論壇 2022/6/11
https://isipevent.kktix.cc/events/e58d0573-copy-1
資訊安全管理(週日班) 2022/7/3 ~ 2022/8/28
https://mymcu.mcu.edu.tw/zh-hant/product/e022205151
創科資訊②⓪②②軟體開發實戰訓練營➠線上實習說明會 2022/7/6
https://trunk-studio.kktix.cc/events/monosparta-code-camp-2022-9
風險導向資安稽核 2022/7/20
https://www.cisanet.org.tw/Course/Detail/2756
HITCON PEACE 2022 台灣駭客年會 2022/8/19 ~ 2022/8/20
https://hitcon.kktix.cc/events/hitcon-peace-2022
2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22
https://jamf.kktix.cc/events/cybersec2022jamf
沒有留言:
張貼留言