資安事件新聞週報 2022/5/23 ~ 2022/5/27
1.重大弱點漏洞/後門/Exploit/Zero Day
Critical 'Pantsdown' BMC Vulnerability Affects QCT Servers Used in Data Centers
https://thehackernews.com/2022/05/critical-pantsdown-bmc-vulnerability.html
雲達修補存在3年的伺服器BMC韌體漏洞Pantsdown
https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/
Google:Cytrox開採5個零時差漏洞以植入Predator間諜程式
https://www.ithome.com.tw/news/151066
思科修補的IOS XR路由器作業系統軟體零時差漏洞,已出現攻擊行動
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK
Zyxel修補防火牆、無線基地臺、AP控制器漏洞
https://www.zyxel.com/tw/zh/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml
VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others)
https://unit42.paloaltonetworks.com/cve-2022-22954-vmware-vulnerabilities/
Security bulletin: Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App
for IBM QRadar SIEM is vulnerable to multiple vulnerabilities
https://www.ibm.com/support/pages/node/6589581?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
Security bulletin: Security Bulletin: IBM QRadar Deployment Intelligence app for
IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
https://www.ibm.com/support/pages/node/6589583?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
IBM QRadar SIEM and Apache log4j version 1 usage
https://www.ibm.com/support/pages/node/6561889?myns=swgother&mynp=OCSSBQAC&mynp=OCSSKMKU&mync=E&cm_sp=swgother-_-OCSSBQAC-OCSSKMKU-_-E
Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched
https://thehackernews.com/2022/05/tails-os-users-advised-not-to-use-tor.html
「火狐」用戶注意!Firefox 推出緊急更新修漏洞
https://3c.ltn.com.tw/news/49299
Mozilla 修復於 Pwn2Own 大賽中遭發現的 Firefox、Thunderbird 0-day 漏洞
https://www.twcert.org.tw/tw/cp-104-6167-fe6b8-1.html
Firefox修補惡意JavaScript執行的重大漏洞(CVE-2022-1802 、CVE-2022-1529)
https://www.klcg.gov.tw/tw/education/3522-255498.html
漏洞挖掘競賽Pwn2Own溫哥華賽事落幕,參賽者找出Windows 11、Ubuntu、特斯拉汽車漏洞
https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results
2.銀行/金融/保險/證券/支付系統/金融監理 新聞及資安
台新人壽強化資安獲PIMS認證
https://www.smartcpa.tw/news/content/4BFDA667ED1895CFB24499EEDC0FDE4E
證券商資安作業說明
https://reurl.cc/anx40D
我見我思-防制詐騙應列入 金融業ESG重要項目
https://reurl.cc/Yv301O
銀行公會理事長 雷仲達呼聲高
https://wantrich.chinatimes.com/news/20220527900030-420101
每天查戶頭也被盜提 未接OTP逾萬元被轉走
https://reurl.cc/OAmjv3
金控祭高薪獵人頭 高階資安警爆出走潮
https://reurl.cc/vdL621
萬事達卡推臉部辨識付款 安全隱憂再成話題
https://reurl.cc/7DV7XD
趁刷卡消費側錄內碼 KTV計時人員涉盜刷
https://reurl.cc/8o90Gy
一機在手 輕鬆報稅 列舉扣除也適用
https://times.hinet.net/news/23936836
3.電子支付/行動支付/pay/資安
New Unpatched Bug Could Let Attackers Steal Money from PayPal Users
https://thehackernews.com/2022/05/paypal-pays-hacker-200000-for.html
PayPal漏洞可被駭客用於點擊劫持攻擊,挾持用戶帳號與金錢
https://reurl.cc/ZAN9OW
台灣的支付、銀行APP要我在手機上裝防毒軟體,真有用嗎
https://www.bnext.com.tw/article/69226/appsec-mobile-security-antivirus-cell-phone-ios-android
綠色行動支付好享學 元大銀攜一卡通MONEY推無現金校園
https://udn.com/news/story/7239/6342359
LINE Pay App 迎來更新!舊版 5/31 將退場,想用一卡通支付要從 LINE 錢包開啟才行
https://agirls.aotter.net/post/60761
偽卡綁Apple Pay行動支付 至咖啡連鎖門市盜刷換現金
https://www.mirrormedia.mg/story/20220518soc004/
瑞典人在台見「這現象」直呼落後 網嘆:國情不同
https://fnc.ebc.net.tw/fncnews/life/150897
LINE Pay App 1.2.0 更新釋出:優化 3 大付款功能,付款體驗更佳
https://www.kocpc.com.tw/archives/442357
Pi拍錢包推出BNPL服務,最高上限五萬元!看PChome的金融科技野心
https://www.bnext.com.tw/article/69335/pi-bnpl
4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約 資安
重振LUNA幣有望?Terra 2.0 新區塊鏈將上線
https://www.techbang.com/posts/96662-community-passpass-the-new-terra-blockchain-will-go-live-on
虛幣老手錢包被盜、黑客一晚拋售41顆以太幣:千祈唔好做呢個動作!
https://www.edigest.hk/353928/?utm_campaign=ED_ContentCopy&utm_source=Web-inventory&utm_medium=Content-Copy_ED
SpaceX 發射首顆加密衛星 Crypto1,Cryptosat 創辦人:駭客很難攻擊
https://technews.tw/2022/05/27/cryptosat-and-spacex-launch-first-encrypted-satellite/
嚴防駭客!SpaceX發射首顆加密貨幣衛星Crypto1
https://times.hinet.net/news/23937298
元宇宙與NFT大勢來襲 淺析NFT交易風險與糾紛
https://reurl.cc/9Gn4qa
無聊猿應用爭議|新加坡男子為借貸上法院、演員Seth Green使用版權拍節目後被盜
https://news.cnyes.com/news/id/4879661
錢包被盜了該怎麼辦
https://vocus.cc/article/6289a1a0fd89780001d45fdc
Beeple推特賬號攻擊者竊取43.8萬美元的加密貨幣和NFT
https://news.cnyes.com/news/id/4877197
DeFi駭客識別與激勵協議Lossless將於5月26日部署至Avalanche
https://news.cnyes.com/news/id/4878196?exp=a
BTCÐ因為資金問題繼續與納指偏離 流通量枯竭繼續加重
https://reurl.cc/rDY6o4
在一次駭客攻擊中29個Moonbirds NFT被盜,損失達150萬美元
https://news.cnyes.com/news/id/4878428
沒有結局的故事,MetaMask用戶遇駭損失41顆以太幣,苦思仍不知被駭原因
https://www.abmedia.io/20220526-metamask-wallets-got-hacked-and-drained
Lunaray安全團隊正式推出安全賞金服務
https://news.cnyes.com/news/id/4877710
Pizza Hut必勝客聯名設計CoolWallet Pro冷錢包組合開箱動手玩
https://zeekmagazine.com/archives/173053
三箭資本地址轉出13,435枚ETH至Bitmex
https://news.cnyes.com/news/id/4879719
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
Sysrv-K 殭屍網路以 Windows、Linux 為目標
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9866
全球勒索軟體攻擊年增14%! Check Point Software推全新反勒索軟體中心
https://reurl.cc/g2YDEV
攻擊者以提供Windows 11更新的名義散布竊密軟體Vidar
https://www.zscaler.com/blogs/security-research/vidar-distributed-through-backdoored-windows-11-downloads-and-abusing
印度廉價航空SpiceJet遭勒索軟體攻擊,導致航班延誤起飛
https://www.bleepingcomputer.com/news/security/spicejet-airline-passengers-stranded-after-ransomware-attack/
史上「最奇耙」勒索軟體現蹤! 開條件「解3任務」取代贖金才解鎖文件
https://3c.ltn.com.tw/news/49327
劫富濟貧?以慈善之名道德勒索被攻擊者?勒索軟體GoodWill要求受害者向貧民捐輸,以換取解密金鑰
https://cloudsek.com/threatintelligence/goodwill-ransomware-forces-victims-to-donate-to-the-poor-and-provides-financial-assistance-to-patients-in-need/
電腦中毒了怎麼辦?有何症狀?如何預防?
https://blog.trendmicro.com.tw/?p=72258
Linux勒索軟體Cheerscrypt鎖定VMware ESXi而來
https://www.trendmicro.com/en_us/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html
後門程式BPFDoor利用Solaris漏洞取得root權限
https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/
Conti關門大吉、化身成數個新勒索軟體
https://www.ithome.com.tw/news/151058
勒索軟體Conti停止營運,駭客成立多個組織,另起爐灶
https://www.advintel.io/post/discontinued-the-end-of-conti-s-brand-marks-new-chapter-for-cybercrime-landscape
研究人員警告小心夾帶惡意Word檔的PDF
https://www.ithome.com.tw/news/151069
攻擊者利用PDF檔案散布惡意程式Snake Keylogger
https://threatresearch.ext.hp.com/pdf-malware-is-not-yet-dead/
TeamT5於亞洲黑帽安全大會發布最新研究
https://www.techbang.com/posts/96365-teamt5-releases-latest-research-at-black-hat-asia
臺灣資安業者TeamT5於黑帽大會上揭露新的中國木馬程式
https://www.blackhat.com/asia-22/briefings/schedule/#the-next-gen-plugxshadowpad-a-dive-into-the-emerging-china-nexus-modular-trojan-pangolinrat-25950
惡意PyPI套件pymafka對Windows、macOS、Linux電腦下手
https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
網路間諜公司在2021年利用5個零時差漏洞對安卓手機植入惡意軟體
https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/
別以為概念性驗證程式不會對電腦造成危害!有駭客用來散布惡意軟體
https://blog.cyble.com/2022/05/20/malware-campaign-targets-infosec-community-threat-actor-uses-fake-proof-of-concept-to-deliver-cobalt-strike-beacon/
駭客釋出惡意Windows概念性驗證攻擊程式,企圖感染資安社群
https://www.ithome.com.tw/news/151093
俄羅斯駭客Sandworm利用惡意軟體Arguepatch變種,投放作案工具
https://www.welivesecurity.com/2022/05/20/sandworm-ukraine-new-version-arguepatch-malware-loader/
鎖定Linux主機的殭屍網路病毒Mirai變種顯著增加
https://www.crowdstrike.com/blog/linux-mirai-malware-double-on-stronger-chips/
Android 系統曝零日漏洞遭駭利用散播惡意間諜軟體!Google發出警告
https://3c.ltn.com.tw/news/49283
New malware Campaign delivers Android RAT
https://blog.cyble.com/2022/05/26/new-malware-campaign-delivers-android-rat
Grandoreiro Banking Malware Resurfaces for Tax Season
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/grandoreiro-banking-malware-resurfaces-for-tax-season/
SocGholish Campaigns and Initial Access Kit
https://medium.com/walmartglobaltech/socgholish-campaigns-and-initial-access-kit-4c4283fea8ee
Use of Obfuscated Beacons in ‘pymafka’ Supply Chain Attack Signals a New Trend in macOS Attack TTPs
https://www.sentinelone.com/labs/use-of-obfuscated-beacons-in-pymafka-supply-chain-attack-signals-a-new-trend-in-macos-attack-ttps/
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/
Emotet Botnet Rises Again
https://www.bitsight.com/blog/emotet-botnet-rises-again
https://github.com/bitsight-research/threat_research/blob/main/emotet/emotet.csv
ERMAC Back In Action
https://reurl.cc/n1YDoe
PDF Malware Is Not Yet Dead
https://threatresearch.ext.hp.com/pdf-malware-is-not-yet-dead/
TURLA’s new phishing-based reconnaissance campaign in Eastern Europe
https://blog.sekoia.io/turla-new-phishing-campaign-eastern-europe/
New Nokoyawa Variant Catching Up to Peers with Blatant Code Reuse
https://www.fortinet.com/blog/threat-research/nokoyawa-variant-catching-up
ctx Python Library Updated with "Extra" Features
https://isc.sans.edu/diary/rss/28678
Yashma Ransomware, Tracing the Chaos Family Tree
https://blogs.blackberry.com/en/2022/05/yashma-ransomware-tracing-the-chaos-family-tree
Spoofed Saudi Purchase Order Drops GuLoader
https://www.fortinet.com/blog/threat-research/spoofed-saudi-purchase-order-drops-guloader
Experts Warn of Rise in ChromeLoader Malware Hijacking Users' Browsers
https://thehackernews.com/2022/05/experts-warn-of-rise-in-chromeloader.html
Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities
https://thehackernews.com/2022/05/hackers-increasingly-using-browser.html
Researchers Find New Malware Attacks Targeting Russian Government Entities
https://thehackernews.com/2022/05/researchers-find-new-malware-attacks.html
New Chaos Ransomware Builder Variant "Yashma" Discovered in the Wild
https://thehackernews.com/2022/05/new-chaos-ransomware-builder-variant.html
Conti Ransomware Operation Shut Down After Splitting into Smaller Groups
https://thehackernews.com/2022/05/conti-ransomware-gang-shut-down-after.html
Microsoft Warns of Web Skimmers Mimicking Google Analytics and Meta Pixel Code
https://thehackernews.com/2022/05/microsoft-warns-of-web-skimmers.html
Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns
https://thehackernews.com/2022/05/fronton-russian-iot-botnet-designed-to.html
Researchers Find Backdoor in School Management Plugin for WordPress
https://thehackernews.com/2022/05/researchers-find-backdoor-in-school.html
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
美國新法擬讓iPhone開放「側載」!蘋果反彈:恐危害隱私
https://reurl.cc/p1Y6V4
知道你在哪,讓我心安還是更不安?使用定位app的台灣年輕人
https://theinitium.com/article/20220526-taiwan-zenly/
Zoom修補可讓攻擊者任意傳送訊息的漏洞
https://www.ithome.com.tw/news/151131
資安疑慮 美參議員擬法案禁止蘋果等應用程式接受數位人民幣支付
https://ec.ltn.com.tw/article/breakingnews/3941174
高通8+ Gen 1問世 這些手機將搭載、特色搶先看
https://www.setn.com/News.aspx?NewsID=1119780
引進低軌衛星服務 中華電:2023年有希望
https://newtalk.tw/news/view/2022-05-27/761774
「電信平民化」立意甚佳 資訊安全防護萬不可輕忽 製造業自建5G專網 小心資安風險隨之而來
https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/1FE918FBE28845ADAEBE9F6F1154B867
手機鍵盤「預測字詞」功能完美重現助記詞,資安從業者籲清除緩存、關閉預測功能
https://news.cnyes.com/news/id/4877354
駭客利用零日漏洞攻擊安卓用戶 Google示警注意「短網址」
https://www.ettoday.net/news/20220524/2258163.htm
專偷帳密個資!Facestealer 惡意軟體挾著 200 款 App 再度圍攻 Google Play Store
https://technews.tw/2022/05/22/delete-these-android-apps-before-they-steal-your-facebook-password-and-crypto/
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
SpaceX星鏈全球用戶突破40萬 擬擴展服務|財經100秒
https://reurl.cc/e3kDRQ
WEF聚焦綠能.加密.資安 分析台自保關鍵
https://reurl.cc/9Gn49a
她用膠帶封電腦鏡頭保隱私 一票網友認同「防駭客遠端操控」
https://udn.com/news/story/7086/6339698
零時差漏洞遭濫用數量再創新高,Mandiant認為間諜駭客、中國最常這麼做
https://reurl.cc/OAmjzX
111 家公司年底前要有CISO、資安部門!除了懂技術,資安人才需要什麼本事
https://today.line.me/tw/v2/article/9mDOomK
微博微信強制標註IP屬地 意外催生灰色產業
https://reurl.cc/6ZqQNd
駭客入侵智慧農業 勒索高額贖金
https://news.pchome.com.tw/living/awakening/20220522/index-16532049409819943009.html
俄羅斯駭客Killnet攻擊義大利政府多個機關的網站
https://www.infosecurity-magazine.com/news/pro-russian-hackers-italy/
俄羅斯駭客Turla對愛沙尼亞、奧地利進行偵察
https://blog.sekoia.io/turla-new-phishing-campaign-eastern-europe/
加拿大數家醫院數據庫遭駭客入侵
https://gnews.org/zh-hant/2609299/
中資收購英最大晶片廠「心好累」!英政府出大絕:交易完成一年可回溯取消
https://technews.tw/2022/05/26/nexperia-newport-wafer-fab/
這公司有做戰機雷達系統!中資收購英最大晶片廠 英政府:將展開國安調查
https://newtalk.tw/news/view/2022-05-26/760739
軍工產業神祕面紗5》伊諾瓦加密晶片技術被相中 意外成了美軍祕密夥伴
https://www.wealth.com.tw/articles/570d9e5c-e038-4114-8373-2e4b7c0cdfda
「提升整體作戰優勢」 五角大廈攜手商用衛星公司 強化情蒐
https://www.ydn.com.tw/news/newsInsidePage?chapterID=1504304&type=vision
新成立中資公司購入安225機殘骸 購買瓦良格號航母情境翻版
https://reurl.cc/NAxy9m
美國務院澄清拜登「保衛台灣」言論:台灣感謝美方重申承諾,中國舉行軍演警告美台
https://www.storm.mg/article/4351209
令人震驚檔 德人權專家:撕開了北京宣傳的外衣
https://www.secretchina.com/news/b5/2022/05/27/1007498.html
駭客侵入中國政府內網,竊取「新疆警方檔案」!大量「再教育營」細節流出,學者研判「習近平知情且直接介入」
https://toutiaoqushi.com/archives/115948
新疆警察「不需教師爺頤指氣使」 中國急安排習近平與聯合國專員對話
https://newtalk.tw/news/view/2022-05-26/760688
黑客成功解密中共反人類罪證 5000像照片流出
https://lihkg.com/thread/3016235/page/1
「新疆警察檔案」揭露維吾爾集中營的恐怖:留鬍子會被關、逃跑的人可以開槍打死
https://www.thenewslens.com/article/167308
海量新疆警局文件被駭 陳全國下槍決令
https://www.secretchina.com/news/b5/2022/05/25/1007370.html
習下令打壓新疆維族 殘暴鐵證被駭出
https://news.ltn.com.tw/news/world/paper/1519405
一名駭客潛入新疆再教育營,揭露真實情況:反抗者可擊斃
https://news.discuss.com.hk/viewthread.php?tid=30594364
中方駁新疆警察文件「造謠說謊」 外媒事實查核打臉了
https://news.ltn.com.tw/news/world/breakingnews/3941014
【拍案驚奇】想多幹幾年 這麼難 習麻煩不斷
https://www.epochtimes.com/b5/22/5/25/n13745170.htm
新疆警察檔案外洩震驚世界 德總理:不該忽視中國迫害人權
https://news.ltn.com.tw/news/world/breakingnews/3940592
中國軍事學者指俄國出兵理由站不住腳 微信速刪
https://money.udn.com/money/story/5603/6332375
笑裡藏刀 中共駭客利用俄烏戰爭對俄下手
https://reurl.cc/6ZqQ7M
美國司法部表明不會控訴研究資安技術與漏洞的白帽駭客行為
https://reurl.cc/e3kdXb
外國網路攻擊日增!普丁:強化俄 IT 資安,將降低使用他國軟硬設備
https://www.inside.com.tw/article/27770-putin-warns-cyber-aggression-against-russia-promises-security-shakeup
北韓駭客隱瞞身分求職,美國政府警告僱主或需面臨法律制裁
https://technews.tw/2022/05/24/u-s-warns-against-inadvertently-hiring-north-korean-it-workers/
北韓駭客曝光!靠1招偷遍全球 機密全被拿去做這件事
https://wantrich.chinatimes.com/news/20220524900362-420101
美、南韓合作對抗北韓網路攻擊
https://times.hinet.net/topic/23930775
中國駭客間諜全球入侵
http://www.ksnews.com.tw/index.php/news/contents_page/0001608766
提防中國剽竊! 日本要求大學加強對留學生背景審查
https://news.ltn.com.tw/news/world/breakingnews/3936835
歐洲第二版資安指令NIS 2即將發布,更多重要中大型產業納入規範
https://www.ithome.com.tw/news/151044
Chinese "Twisted Panda" Hackers Caught Spying on Russian Defense Institutes
https://thehackernews.com/2022/05/chinese-twisted-panda-hackers-caught.html
資安產品FAE工程師
https://www.104.com.tw/job/7lc5v?jobsource=job_same_b
【運維】資訊安全工程師
https://www.104.com.tw/job/7lna1?jobsource=jolist_a_relevance
資安工程師
https://www.104.com.tw/job/7naxx
資安主管(內湖)
https://www.104.com.tw/job/7n8bo
醫療資訊室(資訊組)院聘資訊工程師(資安)
https://www.1111.com.tw/job/98791075/
資訊安全工程師
https://www.linkedin.com/jobs/view/%E8%B3%87%E8%A8%8A%E5%AE%89%E5%85%A8%E5%B7%A5%E7%A8%8B%E5%B8%AB-at-%E9%9B%84%E7%8D%85%E8%B3%87%E8%A8%8A%E7%A7%91%E6%8A%80%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8-3085773477/?originalSubdomain=tw
資訊安全分析師(初/中/高)級 Security Analyst (T1/T2/T3)
https://www.104.com.tw/job/79u7l?jobsource=jolist_c_date
【諮詢服務】 資安架構/技術顧問 - Staff Level
https://www.104.com.tw/job/7n6wp
資安工程師(台南)
https://www.yourator.co/companies/freedom/jobs/24279
PChome 釋出上百職缺,招聘 3 大核心領域 AI 專才
https://technews.tw/2022/05/23/pchome-2022-recruitment-plan/
中華電信大招募 集團徵才逾2,000人
https://money.udn.com/money/story/5612/6345968?from=edn_newest_index
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
FTC控Twitter以誤導資訊取得用戶電話號碼 最終結果出爐
https://udn.com/news/story/7086/6343555
中國駭客發起多次釣魚郵件攻擊,意圖對俄羅斯散布木馬程式
https://blog.malwarebytes.com/malwarebytes-news/2022/05/unknown-apt-group-has-targeted-russia-repeatedly-since-ukraine-invasion/
心血險付諸流水!頻道遭盜深夜放送「吸金詐片」 他自嘲:好險粉絲少
https://www.ftvnews.com.tw/news/detail/2022527W0204
熊熊10年臉書帳號被盜!怒譙駭客:真的有病
https://today.line.me/tw/v2/article/ZaEPME7
美國通用汽車顧客發生個人資料遭竊事件,約 5,000 人個資外洩
https://www.twcert.org.tw/tw/cp-104-6168-59e74-1.html
美高梅度假村外洩1.4億筆資料出現在Telegram頻道供人下載
https://www.vpnmentor.com/blog/mgm-leaked-on-telegram/
【錯誤】網傳「美海軍研究所雜誌《議事錄》5月刊載一篇文章,作者鼓吹大陸收台時,
美軍應當對台灣進行轟炸、破壞!讓大陸花錢重建。台灣媒體徹底封鎖這新聞」
https://tfc-taiwan.org.tw/articles/7588
【錯誤】網傳新聞影片「日本的核廢水要運到台灣來,民進黨官員說可以喝,這是什麼政府」
https://tfc-taiwan.org.tw/articles/7583
一支手機 偷走我的人生|電信商變詐騙破口!全球每年恐被偷走1.4兆
https://www.businessweekly.com.tw/focus/indep/6007336
數字藝術家Beeple推特帳戶疑似遭遇駭客攻擊,置頂釣魚鏈接
https://news.cnyes.com/news/id/4876980
Apple、Google 和 Microsoft 聯手擴大支援無密碼登入,打造更安全的網路世界
https://reurl.cc/p1Y56x
通訊部週日也上班?曾繁翀機警揭詐騙電話
https://reurl.cc/QLaZg0
俄烏戰爭也可騙?假警政署長簽名英文公文 詐3500英鎊
https://www.setn.com/News.aspx?NewsID=1119447
清境民宿旅客個資遭盜 資安專家接到詐騙電話
https://reurl.cc/loY78A
小心DeepFake詐騙!加密貨幣平台冒名馬斯克進行宣傳
https://times.hinet.net/news/23931066
Interpol Arrests Leader of SilverTerrier Cybercrime Gang Behind BEC Attacks
https://thehackernews.com/2022/05/interpol-arrest-leader-of-silverterrier.html
How Secrets Lurking in Source Code Lead to Major Breaches
https://thehackernews.com/2022/05/how-secrets-lurking-in-source-code-lead.html
Learn How Hackers Can Hijack Your Online Accounts Even Before You Create Them
https://thehackernews.com/2022/05/learn-how-hackers-can-hijack-your.html
SIM-based Authentication Aims to Transform Device Binding Security to End Phishing
https://thehackernews.com/2022/05/sim-based-authentication-aims-to.html
E.研究報告/工具
CVE-2022-26923:Active Directory網域權限提升漏洞修補分析
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9870
Sophos 揭密流動性挖礦 CryptoCrime 的手法
https://www.docutek.com.tw/newsDetail.php?id=460
用K8s解決維運負擔
https://www.netadmin.com.tw/netadmin/zh-tw/market/99E5FDED4C274E4EBAE14E568E50D055
CentOS7.6下快速部署k8s
https://pccicblog.wordpress.com/2022/05/27/centos7-6%E4%B8%8B%E5%BF%AB%E9%80%9F%E9%83%A8%E7%BD%B2k8s/
Lapsus$ 教會我的兩件事
https://hennge.com/tw/blog/two-lessons-lapsus$-taught-us.html
John the Ripper (JTR) 密碼暴力破解工具
https://hackercat.org/hacker-tools/john-the-ripper
Python駭客攻防(十三)構建SSH殭屍網路
https://tw.pythontechworld.com/article/detail/s47CXgBXi2Zd
掌握數據等同掌控未來?解構數據時代關鍵職位,資料科學家、分析師成未來趨勢!
https://buzzorange.com/techorange/2022/05/23/become-a-data-scientist/
資安學習路上-滲透測試實務2
https://ithelp.ithome.com.tw/articles/10285284?sc=rss.qu
資安學習路上-滲透測試實務3
https://www.potatomedia.co/post/8494b9fa-56a9-47d0-818b-81f9bd0b147a
Kali Linux 升級跟版本確認
https://amingosec.blog/kali-linux-upgrade-and-check-version/
An overview of Threat Intelligence in Cybersecurity
https://4noobies.medium.com/an-overview-of-threat-intelligence-in-cybersecurity-f48ecf37c323
Flutter best practices for Improve Performance
https://inficial.medium.com/flutter-best-practices-for-improve-performance-7e21e14efebb
Edge Computing Security: Device Attestation Through A Certificate Hierarchy Approach
https://medium.com/the-edge-of-things/edge-computing-security-device-attestation-through-a-certificate-hierarchy-approach-b7a5846c7d80
Developing a Money-Making Telegram Bot on Python. Part 1
https://medium.com/codex/developing-a-money-making-telegram-bot-on-python-pt-1-a19fae54d3f
How to make real money with Python and YouTube
https://medium.com/geekculture/how-to-make-real-money-with-python-and-youtube-494bb34ca9ac
rajini++: The Superstar Programming Language
https://towardsdatascience.com/rajini-the-superstar-programming-language-db5187f2cc71
Configuring Elasticsearch Cross Cluster Search(CCS)
https://medium.com/orion-innovation-turkey/elasticsearch-cross-cluster-search-ba75825332b0
Hacking Smart Contracts: Beginners Guide
https://learn.block6.tech/hacking-smart-contracts-beginners-guide-9c84e9de7194
5 Cool Python 3.10 Features
https://medium.com/@gilharomri/5-cool-python-3-10-features-c0003d8fb218
The Email Scam That Nearly Worked On Me
https://clivethompson.medium.com/the-email-scam-that-nearly-worked-on-me-ade645bd90bc
Web3 learning platforms — Earn While You Learn
https://medium.com/@itsrakesh/web3-learning-platforms-earn-while-you-learn-b158d1ca3115
How I became a Web3 dev in just 7 days and got my first 8000$ Web3 contract
https://blog.cryptostars.is/how-i-became-a-web3-dev-in-just-7-days-and-got-my-first-8000-web3-contract-8f554bcb5352
Chat App System Design
https://medium.com/@BalajiSA/whatsapp-system-design-3d8566bb2e6c
Kotlin — Delegate Properties to Validate Value of Your Class
https://randy-arba.medium.com/kotlin-delegate-properties-to-validate-value-of-your-class-431ab976b787
How Your Metamask Got Hacked (Probably)
https://medium.com/coinmonks/how-your-metamask-got-hacked-probably-795abca4534a
How Object Recognition Is Revolutionizing the CCTV Camera industry
https://medium.com/visionary-hub/how-object-recognition-is-revolutionizing-the-cctv-camera-industry-250ade3659f7
$1000: How I could have Hack any account and become a billionaire overnight👑Top Crypto-Trading Platform
https://infosecwriteups.com/1000-how-i-could-have-hack-any-account-and-become-a-billionaire-overnight-top-crypto-trading-ff0e25b6013c
SQL Injection in Harvard’s Subdomain
https://medium.com/pentesternepal/sql-injection-in-harvards-subdomain-c3148f8be156
Mobile App Development Frameworks For 2022
https://medium.com/@salmaali2515/mobile-app-development-frameworks-for-2022-5b7b6469f3b5
10 Python Automation Scripts for Your Daily Problems
https://python.plainenglish.io/10-python-automation-scripts-for-your-daily-problems-aefb502969e2
The Added Dangers Privileged Accounts Pose to Your Active Directory
https://thehackernews.com/2022/05/the-added-dangers-privileged-accounts.html
Malware Analysis: Trickbot
https://thehackernews.com/2022/05/malware-analysis-trickbot.html
F.商業
Palo Alto Networks呼籲採用零信任、零例外 ZTNA 2.0
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9864
芬-安全企業版發佈全新品牌 WithSecure 「唯思安全」
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9873
突圍雲地資安風險,AWS提三大混合雲防護關鍵
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9863
震撼彈!博通以610億美元收購雲端運算業者VMware,創晶片業最大的購併案
https://www.bnext.com.tw/article/69500/broadcom-to-accquire-vmware-comfirmed-2022
微軟放緩部分招聘,因經濟不確定性增加
https://reurl.cc/o1Y73Q
看好台灣AI技術 日本DDS宣布與奧義智慧合作
https://ctee.com.tw/industrynews/technology/649407.html
臺灣AI技術成資安險利器 日本Digital Data Solution與奧義智慧展開策略合作
https://turnnewsapp.com/livenews/tech/A07657002022052610171349
中華資安國際獲首屆Best Choice Award資安服務獎
https://www.taiwannews.com.tw/ch/news/4551485
Adobe 剖析 CIO 如何透過「超級自動化」增強體驗
https://technews.tw/2022/05/26/adobe-cio/
智慧客服委外廠商程曦資訊 今登戰略新板
https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=d20ab4b1-2d40-4769-8165-371e11c84316
精誠資訊:今年聚焦自有雲應用生態平台
https://news.cnyes.com/news/id/4879606
聯電新加坡新廠動工 30年土地租金約9.54億元
https://www.1111.com.tw/news/jobns/145763
中華資安國際榮獲CIO Taiwan「傑出品牌」獎
https://www.chtsecurity.com/news/5cf5489e-77fa-4c40-bbff-803d0e749522
已知漏洞才是遭駭大宗,【TOPIA漏洞管理解決方案】協助企業有效率修補漏洞,阻止可能的資安攻擊
https://reurl.cc/M0zy7m
安碁搶當政府資安守門人 施宣輝邀李紀珠當獨董
https://www.mirrormedia.mg/story/20220527fin005/
遠程工作資安風險增 NordVPN 保障企業數據安全
https://www.businessweekly.com.tw/business/indep/1002408
芬-安全企業版發佈全新品牌WithSecure 並以「唯思安全」為品牌中文命名
http://n.yam.com/Article/20220522300124
VMware Carbon Black _害怕勒索病毒?眾多駭客攻擊手法如何防禦?端點安全沒有Total Solution
https://www.sysage.com.tw/news/products/339
基於Snapdragon XR2平台,Qualcomm推出更輕薄的擴增實境裝置參考設計
https://mashdigi.com/qualcomm-introduces-thinner-augmented-reality-device-reference-design-based-on-snapdragon-xr2-platform/
助企業24小時抓網路害蟲!美國資安公司Arctic Wolf Networks估值飆破1263億
https://today.line.me/tw/v2/article/eLV76MO
G.政府
調查局清流雙月刊NO.37節錄(期別111年1月):生活中的資安
https://www.mjib.gov.tw/eBooks/eBooks_Detail?CID=3&BookID=2065
國家資通安全科技中心公有財產管理使用收益辦法
https://law.moj.gov.tw/LawClass/LawAll.aspx?pcode=H0160062&kw=%E5%85%AC%E6%9C%89%E8%B2%A1%E7%94%A2
誰任數發部長?行政院:還未確定
https://reurl.cc/yrA7Va
郭耀煌准辭回校任教 政院:暫無內閣異動規劃
https://www.rti.org.tw/news/view/id/2134041
郭耀煌月底歸建成功大學 政委人事將全面規畫
https://www.cna.com.tw/news/aipl/202205260249.aspx
數據應用研發中心啟用 運用5G發展三網
https://www.epochtimes.com/b5/22/5/26/n13745877.htm
NCC擴大列管!OTT專法草案出爐 Netflix、Line TV也在內
https://news.ebc.net.tw/news/living/319250
資安人才招募困難 立委促法務部研議提升專業加給
https://www.rti.org.tw/news/view/id/2133669
網路犯罪日趨嚴重 立委促增加資安人員人才誘因
https://www.chinatimes.com/realtimenews/20220523002463-260407?chdtv
學者:政府資安外部稽核權力應交由監察院行使
https://www.cna.com.tw/news/aipl/202205230103.aspx
台學者:防侵害數位人權 資安稽核應由監院執行
https://www.epochtimes.com/b5/22/5/23/n13743647.htm
國安法重罰重大軍品採購不法行為 學者:產生嚇阻力
https://news.ltn.com.tw/news/politics/paper/1518469
唐鳳出手更新居隔單系統 侯友宜:終於看到中央有動作
https://news.housefun.com.tw/news/article/171588335809.html
李德財:俄烏戰爭 烏克蘭的作為 值得台灣借鏡
https://www.wealth.com.tw/articles/a6307acc-4015-4b18-81fa-098ff6a05bcf
最高檢查賄中心今掛牌 嚴查虛擬貨幣、遊戲點數、行動支付賄選
https://reurl.cc/NAx4ak
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room
https://thehackernews.com/2022/05/lumos-system-can-find-hidden-cameras.html
IT 與 OT 資安的融合挑戰
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9871
智慧醫材的網路安全風險評估8大重點
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9867
AI數據分析改寫維運監控
https://www.netadmin.com.tw/netadmin/zh-tw/market/26FB9DE5B65544D0A9368DAAFB411D30
物聯網與工控設備資料自動化處理平臺OAS重大漏洞恐造成資訊洩露、服務停擺
https://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-platform.html
Silicon Labs實現物聯網人工智慧邊緣應用
https://www.ctimes.com.tw/DispNews/tw/%E8%97%8D%E7%89%99/Silicon-Labs/%E8%97%8D%E8%8A%BD/BlueTooth/2205251817AZ.shtml
瞄準資訊安全大趨勢 打造工廠製造業數位轉型新場景
https://reurl.cc/x936Z5
車用資訊娛樂系統元件 恐成駭客遠端鎖定目標
https://www.sinotrade.com.tw/richclub/news/628f3a8d30569fe1ee86baea
半導體業成勒索病毒頭號目標!做好快照加備份降低停機損失
https://www.inside.com.tw/article/27757-ransom-ware
以邊緣AI實現低成本IoT終端節點
https://www.eettaiwan.com/20220523ta71-artificial-intelligence-on-the-edge/
運用微分段、虛擬補丁及白名單管控 捍衛工控環境零信任資安
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=16&id=0000635865_FHO7IJY97W1IQJ4BDAKGK
迎向AI產業化浪潮 資安與資料運用成為當前兩大課題
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=41&id=0000635905_D3ELM41BLS31S369IOQLT
全球供應鏈波動大,新創公司用AI預測風險,降低時局干擾搶商機
https://reurl.cc/Lmn6ox
2022年人工智慧五大趨勢 HPC/自動化/醫療帶旺AI
https://www.mem.com.tw/2022%E5%B9%B4%E4%BA%BA%E5%B7%A5%E6%99%BA%E6%85%A7%E4%BA%94%E5%A4%A7%E8%B6%A8%E5%8B%A2%E3%80%80hpc-%E8%87%AA%E5%8B%95%E5%8C%96-%E9%86%AB%E7%99%82%E5%B8%B6%E6%97%BAai/
I.教育訓練
物聯網時代的15堂資安基礎必修課 (Practical Iot Hacking: The Definitive Guide to Attacking the Internet of Things)
https://www.tenlong.com.tw/products/9786263241756?list_name=p-r-zh_tw
中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班:全面招生中
https://www.cs.nycu.edu.tw/announcements/detail/8778
2022「證券期貨資訊安全實務養成課程」即日起開始報名
https://www.sfi.org.tw/news/news-7/3589
網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works)
https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw
不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書)
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html
【資安管理國際證照懶人包】學習心得、考試要點一次整理!2022 轉職夢幻工作看這篇
https://buzzorange.com/techorange/2021/12/30/isaca/
CISSP考試心得 – Benson
https://reurl.cc/GbWvxd
CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/
EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8
CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh
110年新進人員「校園資訊安全講座」教材
https://cc.nccu.edu.tw/p/406-1001-740,r18.php
【訓練教材D】資訊安全技術教育訓練教材
https://iscb.nchu.edu.tw/2019/07/d.html
109資通安全管理法數位教育訓練
https://reurl.cc/ARlmqp
110-1初級資訊安全工程師-資訊安全管理概論
https://yamol.tw/exam.php?id=104050
中大信息工程學系 栽培資訊科技領導人才
https://reurl.cc/ARZKDK
伊雲谷、中山大學產學合作 累積雲端資安人才能量
https://ctee.com.tw/industrynews/technology/587459.html
SANS Cyber Aces Online Tutorials
https://tutorials.cyberaces.org/tutorials.html
Free Online Cybersecurity Courses (MOOCs)
https://www.cyberdegrees.org/resources/free-online-courses/
Develop Your Cybersecurity Skills
https://www.cybrary.it/catalog/cybersecurity/
Mobile App Security
https://www.cybrary.it/course/mobile-app-security/
Introduction to Cybersecurity
https://reurl.cc/bnaj6d
How to Tackle SaaS Security Misconfigurations
https://thehackernews.com/2021/11/how-to-tackle-saas-security.html
How to Build a Security Awareness Training Program that Yields Measurable Results
https://thehackernews.com/2021/11/how-to-build-security-awareness.html
Common Attacks
https://choson.lifenet.com.tw/?p=1174
資安學習路上-滲透測試實務4
https://www.potatomedia.co/post/4191e744-64f3-4d33-af69-e3591adc2ed0
6.近期資安活動及研討會
駭客奪旗攻防演練:金融資安人才養成專班(第1期) 2022/04/28~2022/06/09
https://www.tabf.org.tw/CourseDetail.aspx?PID=487750
【公益資訊安全講座】-【非營利組織的個資與資安防護觀念建立】 2022/06/01
https://taiwanngo.tw/Post/81845
經濟部工業局沙崙資安服務基地 - 零信任(Zero Trust)-從意識到行動的資安防護變革 2022/6/2
https://www.accupass.com/event/2205240207565477386890
HITCON FreeTalk 2022 - 烏俄網路戰 & CTF 經驗分享 2022/6/6
https://hitcon.kktix.cc/events/hitcon-freetalk-2022
經濟部工業局沙崙資安服務基地 - 手把手帶你玩資安攻防 2022/6/9
https://bit.ly/38t2aWp
經濟部工業局沙崙資安服務基地 - 新世代資安防禦-網路威脅與防禦趨勢 2022/6/9
https://www.accupass.com/event/2205240207565477386890
資訊安全系列課程系列九:機器學習與資安異常診斷實務(第1期) 2022/6/7
https://www.tabf.org.tw/CourseDetail.aspx?PID=487302
醫療資安女力論壇 2022/6/11
https://isipevent.kktix.cc/events/e58d0573-copy-1
科技力x內容力 5G Craft 菁英挑戰賽號召各路英雄 2022/6/15
https://tomorrowsci.com/technology/20225g0526/
經濟部工業局沙崙資安服務基地 - 智慧製造的痛-駭客攻擊與勒索軟體威脅 2022/6/16
https://www.cisanet.org.tw/Course/Detail/2836
經濟部工業局沙崙資安服務基地 - 日誌大數據分析實戰 2022/6/23
https://bit.ly/3sJWjmp
資訊安全管理(週日班) 2022/7/3 ~ 2022/8/28
https://mymcu.mcu.edu.tw/zh-hant/product/e022205151
創科資訊②⓪②②軟體開發實戰訓練營➠線上實習說明會 2022/7/6
https://trunk-studio.kktix.cc/events/monosparta-code-camp-2022-9
風險導向資安稽核 2022/7/20
https://www.cisanet.org.tw/Course/Detail/2756
HITCON PEACE 2022 台灣駭客年會 2022/8/19 ~ 2022/8/20
https://hitcon.kktix.cc/events/hitcon-peace-2022
2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22
https://jamf.kktix.cc/events/cybersec2022jamf
沒有留言:
張貼留言