資安事件新聞週報 2022/5/2 ~ 2022/5/6
1.重大弱點漏洞/後門/Exploit/Zero Day
F5 BIG-IP 多版本存在安全性弱點
https://support.f5.com/csp/article/K23605346
Cisco 近日發布更新以解決多個產品的安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-security-bypass-JhOd29Gg
Linux 系統拉警報!全新 Nimbuspwn 漏洞讓駭客成功獲取系統最高權限
https://technews.tw/2022/05/03/new-nimbuspwn-linux-vulnerability-gives-hackers-root-privileges/
Google修補Chrome逾30個漏洞,當中7個存在重大風險
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html
Google Releases Android Update to Patch Actively Exploited Vulnerability
https://thehackernews.com/2022/05/google-releases-android-update-to-patch.html
微軟修補Azure PostgreSQL租戶隔離漏洞
https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/
TLStorm 2.0漏洞波及Aruba、Avaya交換器
https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/
北韓駭客DarkSeoul利用Log4Shell漏洞入侵VMware遠距工作平臺
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage
Critical RCE Bug Reported in dotCMS Content Management Software
https://thehackernews.com/2022/05/critical-rce-bug-reported-in-dotcms.html
Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches
https://thehackernews.com/2022/05/critical-tlstorm-20-bugs-affect-widely.html
Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices
https://thehackernews.com/2022/05/unpatched-dns-related-vulnerability.html
Which Hole to Plug First? Solving Chronic Vulnerability Patching Overload
https://thehackernews.com/2022/05/which-hole-to-plug-first-solving.html
2.銀行/金融/保險/證券/支付系統/金融監理 新聞及資安
報稅季線上申報 留意自我資安防護檢測
https://turnnewsapp.com/livenews/finance/A07659002022050312300874
百年行庫從ATM案重生,一銀跨域挖角救火力挽狂瀾
https://times.hinet.net/news/23895014
矽谷搶華爾街午餐! 陳冲:十年來「純網銀」命運最坎坷
https://finance.ettoday.net/news/2242858?redirect=1
網攻逐年增加,「零信任安全」概念打造金融資安聯防網,徹底防駭
https://www.bnext.com.tw/article/68959/finance-security-twb
將來銀行爆帳務異常 狂發「扣款未成功」簡訊硬拗系統優化
https://www.wealth.com.tw/articles/d5521c6c-5c1e-4fe8-a569-5bbbffa04e02
強化上市櫃資安措施政策大公開,提供資通安全管控指引,推動加入情資分享平臺
https://www.ithome.com.tw/news/150803
手機報稅全攻略 3認證5步驟完成
https://reurl.cc/GxEabZ
為何我的無框行動門號無法進行手機報稅? 手機報稅須知
https://www.kocpc.com.tw/archives/439491
3.電子支付/行動支付/pay/資安
歐盟認為蘋果在 iOS 裝置限制 PayPal 等第三方電子錢包競爭能力 讓 Apple Pay 取得電子支付競爭優勢
https://www.cool3c.com/article/176717
iPhone悠遊卡NFC功能有望實現?歐盟控蘋果NFC 行動支付壟斷
https://mrmad.com.tw/eu-controls-apples-nfc-payment-monopoly
方保僑:香港電子支付市場洗牌
https://reurl.cc/loep5Y
4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約 資安
Blockchain layers (L0, L1, L2, L3) in a Diagram
https://medium.com/@nick.5montana/blockchain-layers-l0-l1-l2-l3-in-a-diagram-569162398db
Why blockchain and Web3 user interfaces will suck for a while
https://uxdesign.cc/why-blockchain-and-web-3-user-interfaces-will-suck-for-a-while-7575b7515757
驚悚趣聞?「北韓駭客」來面試區塊鏈工程師是一種怎樣的體驗
https://www.blocktempo.com/i-think-i-just-interviewed-a-north-korean-hacker/
駭客竊取的 3 億美元等值比特幣遭沒收,暗網「絲路」創辦人的賠償金不用還了
https://www.inside.com.tw/article/27543-silk-road-ross-ulbricht-debt-bitcoin-siezure
NEAR 彩虹橋攻擊始末:駭客未得逞反損失 2.5 枚以太幣
https://blockcast.it/2022/05/03/hacker-lost-2-5-eth-due-to-a-failed-attack-on-the-near-protocol-rainbow-bridge/
一夜歸零!穩定幣項目Cashio遭駭客攻擊
https://reurl.cc/QLbVEp
虛擬貨幣玩家必備?軍規安全等級「大螢幕」電子硬體錢包,讓你的數位資產更安全
https://www.gq.com.tw/gadget/article/secux
「無聊猿」BAYC交易總額突破20億美元
https://news.cnyes.com/news/id/4862526
Yuga Labs元宇宙Otherside虛擬地塊Otherdeed NFT交易量突破20萬枚ETH
https://news.cnyes.com/news/id/4863127
買NFT沒有買到JPG嗎?談BAYC無聊猿藏家的模糊高度權利開放,到Koda的版權規則明朗化
https://news.cnyes.com/news/id/4864458
Cronos 上 DeFi 協議 MM.Finance 遭到前端攻擊,損失超 200 萬美元
https://news.cnyes.com/news/id/4864978?exp=a
什麼是加密貨幣挖礦(Crypto Mining)?新手挖礦掏金前需要知道的幾件事
https://blog.trendmicro.com.tw/?p=71744
電子支付最後一哩路 央行數位貨幣見雛形
https://vip.udn.com/vip/story/121938/6262361
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
微軟關閉VBA使Emotet改用新手法感染用戶
https://www.ithome.com.tw/news/150714
殭屍網路Emotet改用Excel外掛發動攻擊
https://www.proofpoint.com/au/blog/threat-insight/emotet-tests-new-delivery-techniques
安全團隊:駭客團伙利用惡意的 npm 包盜取助記詞和數字資產
https://news.cnyes.com/news/id/4862406
中國駭客Moshen Dragon操弄防毒軟體元件,利用DLL側載的方式執行後門程式
https://reurl.cc/q5NKVg
勒索軟體Magniber以Windows 10更新名義散布
https://reurl.cc/vdWKaL
OpenSSF推出能檢測惡意NPM與PyPI套件的工具
https://github.com/ossf/package-analysis/blob/main/docs/case_studies.md
勒索軟體REvil重出江湖,研究人員發現新的惡意軟體檔案
https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/
Avast防蠕蟲元件遭到勒索軟體AvosLocker濫用,用於停用防毒軟體,並掃描Log4Shell漏洞
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
勒索軟體Black Basta竄改傳真服務並在安全模式執行
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
駭客以AWS的名義上傳2個惡意NPM套件
https://www.whitesourcesoftware.com/resources/blog/aws-targeted-by-a-package-backfill-attack/
中Windows更新勒索病毒大崩潰!別想救回網勸1退路
https://3c.ltn.com.tw/news/48972
Windows用戶小心被騙!勒索病毒利用更新入侵要贖金
https://reurl.cc/OA4R97
北韓駭客Lazarus利用多種勒索軟體發動攻擊
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/the-hermit-kingdoms-ransomware-play.html
網路圖書館應用程式Onleihe供應商遭到勒索軟體LockBit攻擊
https://www.bleepingcomputer.com/news/security/online-library-app-onleihe-faces-issues-after-cyberattack-on-provider/
駭客以無聊猿的名義向圖像創作者散布惡意軟體
https://blog.malwarebytes.com/scams/2022/05/fake-cyberpunk-ape-executives-target-artists-with-malware-laden-job-offer/
研究人員發起Malvuln專案,找尋勒索軟體的漏洞來阻止攻擊行動
https://www.malvuln.com/
Mustang Panda deploys a new wave of malware targeting Europe
https://blog.talosintelligence.com/2022/05/mustang-panda-targets-europe.html
NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service
https://www.trendmicro.com/en_us/research/22/e/netdooka-framework-distributed-via-privateloader-ppi.html
Raspberry Robin gets the worm early
https://redcanary.com/blog/raspberry-robin/
Old Services, New Tricks: Cloud Metadata Abuse by UNC2903
https://www.mandiant.com/resources/cloud-metadata-abuse-unc2903
The strange link between a destructive malware and a ransomware-gang linked
custom loader: IsaacWiper vs Vatet
https://reurl.cc/RrXk36
A new secret stash for “fileless” malware
https://securelist.com/a-new-secret-stash-for-fileless-malware/106393/
Password protected Excel spreadsheet pushes Remcos RAT
https://isc.sans.edu/diary/rss/28616
A new BluStealer Loader Uses Direct Syscalls to Evade EDRs
https://blog.minerva-labs.com/a-new-blustealer-loader-uses-direct-syscalls-to-evade-edrs
Analyzing BlackByte Ransomware Go-Based Variants
https://www.zscaler.com/blogs/security-research/analysis-blackbyte-ransomwares-go-based-variants
Backdoor disguised as a document editing and messenger program (*.chm)
https://asec.ahnlab.com/ko/33948/
Update on cyber activity in Eastern Europe
https://otx.alienvault.com/pulse/6272996039678903e0b73dd5
UAC-0056 cyberattack using GraphSteel and GrimPlant malware and COVID-19
https://cert.gov.ua/article/39882
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
https://reurl.cc/0pXWrA
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
https://documents.trendmicro.com/assets/txt/earth-berberoka-domains-2.txt
https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html
Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad
https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/
UNC3524: Eye Spy on Your Email
https://www.mandiant.com/resources/unc3524-eye-spy-email
Researchers Disclose Years-Old Vulnerabilities in Avast and AVG Antivirus
https://thehackernews.com/2022/05/researchers-disclose-10-year-old.html
Researchers Warn of 'Raspberry Robin' Malware Spreading via External Drives
https://thehackernews.com/2022/05/researchers-warn-of-raspberry-robin.html
Experts Analyze Conti and Hive Ransomware Gangs' Chats With Their Victims
https://thehackernews.com/2022/05/experts-analyze-conti-and-hive.html
AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection
https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
Here's a New Tool That Scans Open-Source Repositories for Malicious Packages
https://thehackernews.com/2022/05/heres-new-tool-that-scans-for-malicious.html
Hackers Using PrivateLoader PPI Service to Distribute New NetDooka Malware
https://thehackernews.com/2022/05/hackers-using-privateloader-ppi-service.html
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
Google to Add Passwordless Authentication Support to Android and Chrome
https://thehackernews.com/2022/05/google-to-add-passwordless.html
Google Releases First Developer Preview of Privacy Sandbox on Android 13
https://thehackernews.com/2022/05/google-releases-first-developer-preview.html
西班牙首相和防長手機 發現間諜軟體
https://reurl.cc/7Dpb7y
不再隱藏!微軟網頁版App商店終於有「最後更新日期」
https://3c.ltn.com.tw/news/48923
「使用手機等於同意接受跟監」——美國發明這 APP,讓你取回自身隱私的控制權
https://buzzorange.com/citiorange/2022/05/05/phone-privacy-information-security/
中國京東方擅改iPhone OLED設計,遭蘋果抓包導致暫停生產
https://www.bnext.com.tw/article/69002/boe-changed-iphone-oled-design
日線上醫療「 LINE Doctor 」診療件數再創新高!3 亮點:免群聚、輕症分流、幼兒安心
https://www.inside.com.tw/article/27559-line-doctor-20times-onlinemed-omicron
蘋果Apple Silicon處理器存在Augury漏洞,恐洩露準備要執行的命令
https://www.prefetchers.info/
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
台灣第一隊!如梭世代團隊入選國際資安機構弱點研究成員
https://www.ettoday.net/news/20220504/2244175.htm
台灣資安新秀成軍3年 被國際漏洞揭露計畫招為No.1管理者
https://www.ctwant.com/article/181687
前高中生黑帽駭客今變CNA資安專家 漏洞通報全球資料庫
https://udn.com/news/story/7315/6291363
當雲端環境出現挖礦活動,對企業是一種警訊
https://blog.trendmicro.com.tw/?p=72183
資安長該擔心的不只資料外洩或勒索病毒, 別忽略「礦坑的金絲雀」-加密貨幣挖礦
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9843
新興地下商業模式:專賣企業網路存取權限的 AaaS ,五個資安長 (CISO) 該知道的防禦策略
https://blog.trendmicro.com.tw/?p=71956
鴻海研究院執行長李維斌:AI塑造的環境就像是廚房,駭客蟑螂找到價值就會攻擊
https://www.thenewslens.com/article/166369
評鑑台灣百貨業者資安防護力,網站、電郵安全性最弱
https://technews.tw/2022/05/03/department-store-security/
駭客有多神祕?可以確定跟電影演的不一樣
https://www.gvm.com.tw/article/89500
駭客到底有多賺錢?抓1個漏洞最高拿260萬元
https://www.gvm.com.tw/article/89501
曝露於網際網路的資料庫於自2021年開始不斷增加
https://www.group-ib.com/media/public-facing-db/
Atlassian斷線事件影響775家客戶
https://www.ithome.com.tw/news/150708
SolarWinds 駭客這次進攻iOS 設備,竊取果粉網站登入資訊
https://techtagtw.com/results/086674a4a51f325b63d5
OpenSea官方Discord遭遇駭客攻擊,放出與YouTube合作相關釣魚鏈接
https://news.cnyes.com/news/id/4865772
美軍方社群網站帳號遭駭客入侵
https://reurl.cc/2ZmlGa
傳真社新聞通訊系統網站及內部系統受駭客入侵 逾3700電郵被存取
https://reurl.cc/ErRbY0
網路間諜藉由Exchange伺服器竊密,並攻擊網路視訊設備
https://www.mandiant.com/resources/unc3524-eye-spy-email
俄羅斯駭客APT29濫用工作行程安排平臺Trello發動攻擊
https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns
駭客空前攻擊 俄國疲於應付
https://news.ltn.com.tw/news/world/paper/1515054
「匿名者」挺烏克蘭讓俄羅斯成「紙老虎」?慘遭3股境外駭客勢力圍剿
https://www.ftvnews.com.tw/news/detail/2022503W0046
烏情報主管:普廷死後 戰爭才能結束
https://ec.ltn.com.tw/article/breakingnews/3913914
俄遇空前駭客攻擊浪潮 普京或勝利日正式宣戰 摩爾多瓦恐遭入侵 北京開緊急會議
https://www.soundofhope.org/post/617707?lang=b5
香港無線新聞連發「詭異推播」 疑遭駭客警介入調查
https://reurl.cc/j1Gm3m
無綫新聞App連發異常推送訊息 TVB:網罪科今午已到辦公室蒐證
https://reurl.cc/yrMKvD
準備隨時接管洗腦?香港TVB連發詭異推播
https://www.ntdtv.com/b5/2022/05/03/a103416896.html
TVBS難道也有駭客入侵的問題嗎
https://www.readgov.com/8560/
中國駭客Naikon攻擊南亞軍事單位,植入滲透測試工具Viper
https://cluster25.io/2022/04/29/lotus-panda-awake-last-strike/
韓國執法部門逮捕2名朝鮮駭客資助的間諜
https://news.cnyes.com/news/id/4863410
北韓駭客利用VMware Log4j漏洞,駭入美國防、能源業的工程合作廠商
https://www.ithome.com.tw/news/150749
俄羅斯駭客針對羅馬尼亞政府發動DDoS攻擊
https://www.sri.ro/articole/atacuri-cibernetice-asupra-site-urilor-unor-institutii-publice-si-financiar-bancare.html
CrowdStrike的Docker蜜罐發現兩個可能引發阻斷服務的映像檔,疑似鎖定俄羅斯、白俄羅斯政府機關
https://www.crowdstrike.com/blog/compromised-docker-honeypots-used-for-pro-ukrainian-dos-attack/
美報告再揭中國政府駭客竊密 涉及國防產業逾30家企業受害
https://news.ltn.com.tw/news/world/breakingnews/3915448
所有單位統一用國產電腦 網民爆料中共實施安可計畫
https://www.soundofhope.org/post/618220?lang=b5
北京擬令各機關和國企全面汰除外國電腦 消除資安疑慮
https://www.worldjournal.com/wj/story/121347/6293807
美媒提前披露布林肯演講內容 仍定位中共是美最大威脅
https://www.soundofhope.org/post/618280?lang=b5
南韓加入北約網路防禦中心 強化網路防衛力
https://www.upmedia.mg/news_info.php?Type=3&SerialNo=144033
NIST Releases Updated Cybersecurity Guidance for Managing Supply Chain Risks
https://thehackernews.com/2022/05/nist-releases-updated-guidance-for.html
Chinese Hackers Caught Stealing Intellectual Property from Multinational Companies
https://thehackernews.com/2022/05/chinese-hackers-caught-stealing.html
Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers
https://thehackernews.com/2022/05/ukraine-war-themed-files-become-lure-of.html
Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector
https://thehackernews.com/2022/05/chinese-hackers-caught-exploiting.html
Chinese "Override Panda" Hackers Resurface With New Espionage Attacks
https://thehackernews.com/2022/05/chinese-override-panda-hackers.html
Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia
https://thehackernews.com/2022/05/russian-hackers-targeting-diplomatic.html
Experts Uncover New Espionage Attacks by Chinese 'Mustang Panda' Hackers
https://thehackernews.com/2022/05/experts-uncover-new-espionage-attacks.html
NIST Releases Updated Cybersecurity Guidance for Managing Supply Chain Risks
https://thehackernews.com/2022/05/nist-releases-updated-guidance-for.html
資訊系統工程師(山鶯)-IIS(OA資安)_某知名公司 (3005767)
https://headhunt.com.tw/Pages/job-description.aspx?id=3005767
【知名外商網路資安軟體公司】軟體測試工讀生
https://www.104.com.tw/job/7mek1
台中大軟體公司資安主管
https://www.104.com.tw/job/7mg0i
MIS 程式設計師
https://www.104.com.tw/job/7meew
【資安所】資安生態推動人員
https://www.104.com.tw/job/7mfx3
資安軟體-業務工程師
https://www.104.com.tw/job/7mg22
新手網路資安工程師
https://www.1111.com.tw/job/98768986/
資安威脅與調查分析工程師
https://www.104.com.tw/job/7mj3y
資訊安全主管人員_某知名公司 (3004391)
https://headhunt.com.tw/pages/job-description.aspx?id=3004391
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
SEC Plans to Hire More Staff in Crypto Enforcement Unit to Fight Frauds
https://thehackernews.com/2022/05/sec-plans-to-hire-more-staff-in-crypto.html
網購詐騙再現!5大高風險電商曝 來電出現「+」就要當心
https://www.setn.com/News.aspx?NewsID=1109208
「你被加入高級會員」 迪卡儂消費者遭詐50萬
https://reurl.cc/2Zmlm9
網路報稅成趨勢 會計師提醒:小心6跡象、駭客竊個資
https://finance.ettoday.net/news/2242689
手機報稅夯,KPMG:留意三大安全要點,防駭客竊個資
https://www.bnext.com.tw/article/68935/tax-return-0503
好萊塢名媛大量私密裸照外流 囂張駭客再盜她數百萬元
https://reurl.cc/e3OVyj
小白機蒐1.7億筆個資 17房仲灌錄程式獲緩起訴
https://www.chinatimes.com/realtimenews/20220503004876-260402?chdtv
駭客濫用Google的SMTP中繼服務發送釣魚郵件
https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit
五大高風險電商 Q1發生1127詐騙
https://udn.com/news/story/7320/6281303?from=udn_ch2_menu_v2_main_cate
英國健保局有上百名員工的帳號遭駭,被用來發送網釣郵件
https://www.ithome.com.tw/news/150772
別當詐騙集團提款機,趨勢科技教你網路報稅如何顧資安
https://technews.tw/2022/05/05/scam-tax/
網傳購物網站「緊急通知!輝瑞新冠口服特效藥正式上線 治療率達89%可降低重症感染以及死亡率」
https://tfc-taiwan.org.tw/articles/7301
網傳殯儀館燒不停 調查局:疑境外勢力造假
https://www.rti.org.tw/news/view/id/2131952
多個 NFT 平台上的創作者遭釣魚惡意軟體攻擊
https://www.twcert.org.tw/tw/cp-104-6093-de801-1.html
新一波釣魚攻擊,鎖定官方認證 Twitter 帳號
https://www.twcert.org.tw/tw/cp-104-6092-c7c57-1.html
Yahoo交易安全中心提醒:注意釣魚網站與詐騙手法
https://reurl.cc/vdWEny
第一季詐騙高風險賣場出爐 假冒客服人員3月騙529件
https://beanfun.com/articles/detail/1520762648084353024?country=tw&site=446
E.研究報告/工具
研究報告:駭客集團入侵大量雲端機器挖礦圖利,對企業造成那些影響
https://blog.trendmicro.com.tw/?p=72196
微軟 Edge 新增免費 VPN 服務,臨時安全上網的方便選擇
https://technews.tw/2022/05/05/for-security-microsoft-edge-provides-free-vpn/
GitHub 將在 2023 年前強制所有貢獻者啟用雙重驗證
https://unwire.pro/2022/05/05/github-2/security/
資安學習路上-怎麼開始的
https://ithelp.ithome.com.tw/articles/10284928?sc=rss.qu
TikTok事件,是資安保護?還是政治打劫
https://vocus.cc/article/626f9d2cfd89780001bfb8bc
資安學習路上-Linux基礎與Web基礎
https://www.potatomedia.co/post/164f7462-23df-4e82-a8c5-3ffa49105aa2
https://www.potatomedia.co/post/2b271fb6-1d12-40ab-9bba-36bf6db32f5a
如何啟用Windows的動態鎖定功能
https://www.techbang.com/posts/95157-how-to-enable-the-dynamic-lock-feature-of-windows
擔心系統「遭小偷」,怎麼靠備份還原防止駭客入侵
https://www.bnext.com.tw/article/68991/hacker-proof-dep-backup-nick
軍備藍圖失竊?報告揭中駭客竊密壯大經濟,美歐亞企業受害
https://open.firstory.me/story/cl2srswz5006i01yo0s8t9n85
疫情驅動雲端化應用成顯學 企業重新奪回資安風險控制點 SASE融合網路安全 雲端服務保護混合辦公
https://www.netadmin.com.tw/netadmin/zh-tw/trend/0553A593737F49ACAD8714E603ECE06E
收購手段補強微分段技術 持續擴展SASE框架機制 邊緣至地端東西向防護 落實零信任網路存取
https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/D0048821033D4D9EBD121A191CA68897
10 Books Every Senior Engineer Should Read
https://semaphoreci.medium.com/10-books-every-senior-engineer-should-read-a61c1917e2a7
I Switched Password Managers and It Changed Everything
https://medium.com/macoclock/i-switched-password-managers-and-it-changed-everything-9b0417fe64a
Python Alpha 5 is HERE! 5 Promising Features that will blow your mind
https://medium.com/@Sabrina-Carpenter/python-alpha-5-is-here-5-promising-features-that-will-blow-your-mind-a4abd406d0ad
Renegotiate the web “bargain” by blocking all ads
https://doctorow.medium.com/renegotiate-the-web-bargain-by-blocking-all-ads-93844287566f
LinkedIn Is No Longer a Professional Networking Site
https://medium.com/artistic-mystic-soul/linkedin-is-no-longer-a-professional-networking-site-3ed273b05872
top 10 Android libraries
https://medium.com/localazy/top-10-android-libraries-to-boost-your-development-in-2022-3ec37fce8c22
A Bug Bounty Hunter’s Guide to IDOR Vulnerabilities
https://medium.com/@daniel.j.hunt/an-bug-bounty-hunters-guide-to-idor-vulnerabilities-27012bbccd7
Published in CodeX
https://medium.com/codex/lets-learn-build-and-sell-an-api-a12b0d7b4c2
Build Your first CI/CD Pipeline in Azure DevOps
https://qatechtalks.medium.com/build-your-first-ci-cd-pipeline-in-azure-devops-5bd3408f36ff
THE 15 BEST Chrome Extensions for 2022
https://bdarfler.medium.com/the-16-bestchrome-extensions-for-2022-b14e3bd08001
Spotify: UX Research case study
https://medium.com/@jainanumeha74/spotify-ux-research-case-study-68997acf20f1
How to learn anything fast, no matter what your brain condition is
https://medium.com/illumination/how-to-learn-anything-fast-no-matter-what-your-brain-condition-is-e3ffd9bf7e12
8 amazing Open Source projects
https://medium.com/codex/part-2-8-best-open-source-projects-you-should-try-out-6de58feba631
Train your computer vision models atleast 2X faster by making these small changes
https://akhilprasannan.medium.com/train-your-computer-vision-model-least-2x-by-making-these-small-changes-db801e7b22ad
10 Automation Scripts for Your Daily Python Projects
https://python.plainenglish.io/10-automation-scripts-for-your-daily-python-projects-892a82be3f75
Everything That You Didn’t Know About The Dark Web But Should
https://medium.com/illumination/everything-that-you-didnt-know-about-the-dark-web-but-should-24ecb4c501a
The Importance of Defining Secure Code
https://thehackernews.com/2022/05/the-importance-of-defining-secure-code.html
Heroku Forces User Password Resets Following GitHub OAuth Token Theft
https://thehackernews.com/2022/05/heroku-forces-user-password-resets.html
How to make Excel look less like… Excel
https://datastudio.medium.com/how-to-make-excel-look-less-like-excel-8eb91b75ab8f
Top 5 FREE Cyber Security Certifications
https://medium.com/@sam5epi0l/top-5-free-cyber-security-certifications-ac06fe46309c
F.商業
雲世代的資安治理需與企業商業決策並行
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9836
Check Point Research:全球三分之二 Android 使用者恐面臨隱私洩露風險
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9839
東捷資訊一站式供應鏈整合管理平台為製造業打造合規安全的供應鏈生態系
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9842
SailPoint推出雲端身分安全治理組合方案全新模組
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9841
漢領國際總代理Perception Point 防禦即服務 Prevention as a Service
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9837
訊連加入FIDO聯盟,致力打造安全簡易的數位身份驗證
https://www.techbang.com/posts/95940-cyberlink-joins-fido-alliance
研發擴展雲端資安服務能量 統一政策監控防破口遭滲透 端到端整合安全連線存取 實踐零信任邊緣架構
https://www.netadmin.com.tw/netadmin/zh-tw/trend/B7A9171CF1774A9DB4763B41B31DC649
快速還原機制不難打造!企業如何從勒索攻擊中全身而退
https://buzzorange.com/techorange/2022/05/05/commvault-it/
Microsoft 365、Azure即將允許不同帳號間一鍵切換
https://www.ithome.com.tw/news/150709
義美高志明站台!完成近 6,000 萬元募資,池安科技瞄準「後量子密碼技術」
https://technews.tw/2022/05/03/chelpis-post-quantum-cryptography-aorta/
免費G-Suite企業版6月1日自動改成付費Workspace,新增免費使用方案
https://www.ithome.com.tw/news/150722
Nozomi Networks成為CISA首家資安合作夥伴
https://tw.systex.com/nozomi-networks-cisa/
中華電組織轉型最後一塊拼圖 成立資訊技術分公司
https://news.cnyes.com/news/id/4863678
Citrix 全新以意圖為基礎的新世代應用與安全交付解決方案
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/4EC424B8D273420D8C017FC3EA223A83
Noname Security 主動偵測找出 API 資安威脅,打造專屬的 API 資安平台
https://www.netfos.com.tw/Projects/netfos/pages/product/Noname.html
IBM 宣布推出新一代快閃儲存產品,因應當前資安挑戰
https://technews.tw/2022/05/05/ibm-flashsystem-cyber-vault/
網路即安全 Aruba ClearPass強化網路存取的安全性和合規性
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9851
G.政府
副總統:臺灣發展新安全產業是天時、地利、人和
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9840
資安威脅政府單位首當其衝 事前監控才能有效防堵
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000634250_F673SSGK47YQNK1ILPR3H
《李忠憲專欄》1922 資料庫
https://taronews.tw/2022/05/02/829215/
民調駭客頻干擾惹民怨 民進黨屏東縣黨部譴責此風不可長
https://reurl.cc/n1Oldn
調查局公布科、組長等34人職務調動
https://news.ltn.com.tw/news/society/breakingnews/3913699
PCR結果收不到? 指揮中心:手機號碼填寫一定要正確
https://news.ltn.com.tw/news/life/breakingnews/3917549
台北市補助低收入戶買華為 基進批把市民當韭菜
https://www.epochtimes.com/b5/22/5/6/n13728804.htm
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
趨勢科技攻車用資安 VicOne要做「電動車界莫德納」
https://www.chinatimes.com/realtimenews/20220504004925-260410?chdtv
用於嵌入式系統的程式庫存在DNS漏洞,恐波及數百萬物聯網設備
https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/
小心新DNS漏洞!數百萬路由器、IoT恐遭駭客攻擊
https://3c.ltn.com.tw/news/48955
大葉大學蔡渙良開發物聯網系統 監測電力減少電器虛功
https://times.hinet.net/news/23891713
I.教育訓練
中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班:全面招生中
https://www.cs.nycu.edu.tw/announcements/detail/8778
2022「證券期貨資訊安全實務養成課程」即日起開始報名
https://www.sfi.org.tw/news/news-7/3589
網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works)
https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw
不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書)
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html
【資安管理國際證照懶人包】學習心得、考試要點一次整理!2022 轉職夢幻工作看這篇
https://buzzorange.com/techorange/2021/12/30/isaca/
CISSP考試心得 – Benson
https://reurl.cc/GbWvxd
CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/
EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8
CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh
110年新進人員「校園資訊安全講座」教材
https://cc.nccu.edu.tw/p/406-1001-740,r18.php
【訓練教材D】資訊安全技術教育訓練教材
https://iscb.nchu.edu.tw/2019/07/d.html
109資通安全管理法數位教育訓練
https://reurl.cc/ARlmqp
110-1初級資訊安全工程師-資訊安全管理概論
https://yamol.tw/exam.php?id=104050
中大信息工程學系 栽培資訊科技領導人才
https://reurl.cc/ARZKDK
伊雲谷、中山大學產學合作 累積雲端資安人才能量
https://ctee.com.tw/industrynews/technology/587459.html
SANS Cyber Aces Online Tutorials
https://tutorials.cyberaces.org/tutorials.html
Free Online Cybersecurity Courses (MOOCs)
https://www.cyberdegrees.org/resources/free-online-courses/
Develop Your Cybersecurity Skills
https://www.cybrary.it/catalog/cybersecurity/
Mobile App Security
https://www.cybrary.it/course/mobile-app-security/
Introduction to Cybersecurity
https://reurl.cc/bnaj6d
How to Tackle SaaS Security Misconfigurations
https://thehackernews.com/2021/11/how-to-tackle-saas-security.html
How to Build a Security Awareness Training Program that Yields Measurable Results
https://thehackernews.com/2021/11/how-to-build-security-awareness.html
Common Attacks
https://choson.lifenet.com.tw/?p=1174
6.近期資安活動及研討會
【資安系列講座】去中心化神話也暗藏危機? 區塊鏈安全線上講座 2022/5/7
https://hackersir.kktix.cc/events/20220507blockchain
Scala Taiwan Mokumoku #15 2022/5/7
https://www.meetup.com/Scala-Taiwan-Meetup/events/285310131/
Just a chat - with no Expectations 2022/5/7
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/285326731/
Empowering Yourself, Empowering Others | 一場蛻變的旅程 | Part 1 2022/5/8
https://www.meetup.com/Women-Who-Code-Taipei/events/285321784/
K12的科技教育-除了程式還可以教什麼 2022/5/9
https://www.meetup.com/rladies-taipei/events/284421238/
資安社 - 大學之道: 數位時代的資安素養入門-認識資安搶旗賽、參賽經驗分享 2022/5/11
https://nsysuisc.kktix.cc/events/20220511ctf
沙崙資安基地 線上免費資安課程 個人資料盤點暨風險評鑑實務 2022/5/12
https://bit.ly/3kcdoRg
Taipei Creative Coders Meetup #17 2022/5/13
https://www.meetup.com/tpecreativecoders/events/285540074/
元智資工高中生短期資訊課程-微插電資安體驗工作坊 2022/5/14
https://cse-yzu.kktix.cc/events/yzcs7
工控系統資安安全線上論壇 2022/5/16
https://www.ctsp.gov.tw/chinese/01-News/01-online_view.aspx?v=1&fr=1000&no=1001&sn=15005
沙崙資安基地 線上免費資安課程 多的是你不知道的事-揭秘OSINT 2022/5/24
https://bit.ly/3vDkjYO
釣魚釣魚釣到你_白帽駭客教你如何利用人性弱點突破防禦 2022/5/25
http://www.cs.thu.edu.tw/web/news/detail.php?id=4129
資安政策法規標準 2022/5/25 ~ 2022/5/26
https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19873
國家高速網路與計算中心教育訓練 「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=course_index
資訊安全系列課程系列九:機器學習與資安異常診斷實務(第1期) 2022/6/7
https://www.tabf.org.tw/CourseDetail.aspx?PID=487302
駭客奪旗攻防演練:金融資安人才養成專班(第1期) 2022/04/28~2022/06/09
https://www.tabf.org.tw/CourseDetail.aspx?PID=487750
國家高速網路與計算中心教育訓練 「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=homepage
風險導向資安稽核 2022/7/20
https://www.cisanet.org.tw/Course/Detail/2756
2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22
https://jamf.kktix.cc/events/cybersec2022jamf
沒有留言:
張貼留言