資安事件新聞週報 2022/5/9 ~ 2022/5/13
1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布 NFV 基礎軟體的安全性更新
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9
駭客透過F5的BIG-IP重大漏洞進行破壞性攻擊,意圖清除該系統上的所有檔案
https://www.bleepingcomputer.com/news/security/critical-f5-big-ip-vulnerability-targeted-by-destructive-attacks/
F5 Networks之BIG-IP產品存在高風險安全漏洞(CVE-2022-1388)
https://www.klcg.gov.tw/tw/education/3522-254843.html
F5 修補重大的BIG-IP遠端執行漏洞,概念性驗證攻擊程式即將現身
https://www.ithome.com.tw/news/150831
F5 BIG-IP 16.0.x - Remote Code Execution (RCE)
https://www.exploit-db.com/exploits/50932
兩家資安業者發現BIG-IP系統重大漏洞極為容易利用,呼籲用戶儘速修補
https://www.bleepingcomputer.com/news/security/exploits-created-for-critical-f5-big-ip-flaw-install-patch-immediately/
HP修補逾200款HP電腦與筆電的韌體漏洞,若不修補,恐被攻擊者取得作業系統核心權限執行程式碼
https://www.bleepingcomputer.com/news/security/hp-fixes-bug-letting-attackers-overwrite-firmware-in-over-200-models/
HP修補波及逾200款裝置的BIOS漏洞
https://www.ithome.com.tw/news/150889
研究人員揭露Zyxel防火牆遠端命令注入漏洞,並指控廠商未經公告就上架修補程式恐讓用戶曝險
https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/
Zyxel資安公告:針對防火牆系統命令注入漏洞 (Command Injection)
https://www.zyxel.com/tw/zh/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml
微軟發布5月例行修補,修補75個漏洞,其中3個為零時差漏洞
https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2022-patch-tuesday-fixes-3-zero-days-75-flaws/
搶修已被開採零日漏洞!微軟釋出Windows 系統最新安全更新
https://3c.ltn.com.tw/news/49044
Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory
https://thehackernews.com/2022/05/microsoft-mitigates-rce-vulnerability.html
駭客利用IceApple漏洞利用工具包攻擊Exchange伺服器
https://www.crowdstrike.com/wp-content/uploads/2022/05/crowdstrike-iceapple-a-novel-internet-information-services-post-exploitation-framework.pdf
Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (XSS) (CVE-2022-22345)
https://www.ibm.com/support/pages/node/6584451?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
ESET發現百款Lenovo(聯想)筆記型電腦內含UEFI漏洞
https://reurl.cc/Kb0RYq
Intel修補UEFI韌體高風險漏洞
https://www.securityweek.com/intel-patches-high-severity-vulnerabilities-bios-boot-guard
套件管理平臺RubyGems出現可用來竄改套件的漏洞
https://www.bleepingcomputer.com/news/security/check-your-gems-rubygems-fixes-unauthorized-package-takeover-bug/
威聯通視訊監控錄影系統存在漏洞,恐被用於RCE攻擊
https://www.qnap.com/en/security-advisory/qsa-22-07
Google Chrome 78.0.3904.70 - Remote Code Execution
https://www.exploit-db.com/exploits/50917
Apache CouchDB 3.2.1 - Remote Code Execution (RCE)
https://www.exploit-db.com/exploits/50914
ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure
https://www.exploit-db.com/exploits/50904
SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE)
https://www.exploit-db.com/exploits/50900
GitLab 14.9 - Stored Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50889
Gitlab 14.9 - Authentication Bypass
https://www.exploit-db.com/exploits/50888
2.銀行/金融/保險/證券/支付系統/金融監理 新聞及資安
法規鬆綁金融商機更寬廣 案例說明雲端成創新關鍵 主要挑戰決定轉型方向 雲服務貼近金融需求
https://www.netadmin.com.tw/netadmin/zh-tw/trend/392FF20CBA514EDEB61332CF4B8A3310
Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones
https://thehackernews.com/2022/05/blog-post.html
防信用卡個資被竊,Google推出虛擬信用卡功能
https://times.hinet.net/topic/23910266
臺灣銀行招考新進人員 正備取合計312名
https://www.1111.com.tw/news/jobns/145556
金管會副主委邱淑貞:我國電商平台保單銷售已逾5億美元
https://reurl.cc/M08gdK
全球人壽啟動ESG教育訓練 逾千名員工線上完成
https://ec.ltn.com.tw/article/breakingnews/3924179
使用手機報稅先等等,留意「前、中、後」三大注意事項
https://orange.udn.com/orange/story/121415/6297911
金控祭高薪獵人頭 高階資安警官爆出走潮
https://times.hinet.net/news/23905626
嘆「辦案有份升官沒缺」紛轉職 他推掉千萬邀約只為3個字
https://www.mirrormedia.mg/story/20220509soc004/
3.電子支付/行動支付/pay/資安
「全盈+PAY」行動支付上線!全家 App 變身微型銀行 亮點一次看
https://applealmond.com/posts/142744
已經有 FamiPay,全家為何再推出「全盈+PAY」?拆解超商二哥的電支布局
https://www.managertoday.com.tw/articles/view/65102
支付工具太多?俏媽咪一招縮短結帳時間
https://ctee.com.tw/industrynews/technology/641428.html
歐盟認為蘋果在 iOS 裝置限制 PayPal 等第三方電子錢包競爭能力 讓 Apple Pay 取得電子支付競爭優勢
https://www.cool3c.com/article/176717
4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約 資安
As NFT Sales Continue to Plummet, Is the Bubble About To Burst
https://stephenmoore.medium.com/as-nft-sales-continue-to-plummet-is-the-bubble-about-to-burst-19b78fac4403
Stop Creating Those 10,000 NFT Collections
https://medium.com/@h.ansel/stop-creating-those-10-000-nft-collections-8f28c5b020f
幾秒內超隱私資料被看光光!解析在踏入元宇宙前,一定要知道的資安危機
https://buzzorange.com/techorange/2022/05/11/web3-information-security/
解讀拜登行政命令:影響全球加密貨幣監管的歷史性里程碑
https://www.cw.com.tw/article/5121119
可以「炫耀」NFT的冷錢包!當NFT泡沫湧現之際,SecuX為何勇敢推出新產品
https://meet.bnext.com.tw/articles/view/49067
比特幣交易額1日可達10億!台最大虛擬交易所籲政府成立目的事業主管機關
https://www.storm.mg/article/4327798?page=1
OpenSea推出NFT檢測與帳戶驗證功能!提高數位市場真實性
https://times.hinet.net/news/23910590
比特幣大騙局:竊盜、駭客、投機者,加密貨幣交易所Mt. Gox的腐敗運作與破產真相
https://www.books.com.tw/products/0010924768
三箭資本CEO談「LUNA崩盤」:相信LUNA社區,將盡我所能提供幫助
https://news.cnyes.com/news/id/4873086
法拉利官網子域被駭客劫持發布欺詐NFT騙局
https://amp-news.cnyes.com/news/id/4866387
Otherdeed系列NFT 24小時交易額增幅達49.44%
https://news.cnyes.com/news/id/4866521
數據:一匿名地址將2萬枚ETH轉移至幣安
https://news.cnyes.com/news/id/4866689
安全團隊:SeaHorseArmyNFT的discord遭駭客入侵
https://news.cnyes.com/news/id/4866863
美國制裁加密貨幣混幣平臺Blender
https://www.ithome.com.tw/news/150828
安全團隊:GraBoys NFT的管理員discord賬號遭駭客盜取
https://amp-news.cnyes.com/news/id/4866929
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
日本服飾品牌思夢樂遭網攻勒索 旗下2200家店受波及
https://www.appledaily.com.tw/international/20220511/3ZNQJIYLNRDJZF6ZJDL7E6IMTM/
日本服飾業者思夢樂傳出遭勒索軟體LockBit 2.0攻擊
https://www3.nhk.or.jp/news/html/20220510/k10013620031000.html
伊朗駭客鎖定德國汽車產業散布竊密程式
https://blog.checkpoint.com/2022/05/10/a-german-car-attack-on-german-vehicle-businesses/
美國林肯學院因勒索軟體攻擊被迫閉校
https://www.bleepingcomputer.com/news/security/lincoln-college-to-close-after-157-years-due-ransomware-attack/
安卓木馬FluBot透過多媒體簡訊向芬蘭散布
https://www.kyberturvallisuuskeskus.fi/fi/varoitus_1/2022
駭客組織Bitter鎖定孟加拉散布木馬程式
https://blog.talosintelligence.com/2022/05/bitter-apt-adds-bangladesh-to-their.html
木馬程式Nerbian RAT鎖定義大利、西班牙、英國而來
https://www.proofpoint.com/us/blog/threat-insight/nerbian-rat-using-covid-19-themes-features-sophisticated-evasion-techniques
後門程式BPFDoor鎖定Linux與Solaris主機而來
https://www.bleepingcomputer.com/news/security/bpfdoor-stealthy-linux-malware-bypasses-firewalls-for-remote-access/
伊朗駭客利用Windows內建的磁碟加密工具,對美國組織發動勒索軟體攻擊
https://www.secureworks.com/blog/cobalt-mirage-conducts-ransomware-operations-in-us
有人提供駭客打造惡意軟體KurayStealer的框架工具,使得衍生的變種接連出現
https://www.uptycs.com/blog/kuraystealer-a-bandit-using-discord-webhooks
惡意軟體工具包Eternity供駭客購買竊密程式、蠕蟲、勒索軟體
https://blog.cyble.com/2022/05/12/a-closer-look-at-eternity-malware/
哥斯大黎加遭 Conti 勒贖攻擊,全國進入緊急狀態
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9855
跡象顯示勒索軟體REvil駭客組織復活
https://www.ithome.com.tw/news/150907
新報告發現 REvil 勒索軟件可能正捲土重來
https://unwire.pro/2022/05/13/fresh-ransomware-samples-indicate-revil-is-back/security/
美國農業設備製造商AGCO遭勒索軟體攻擊
https://news.agcocorp.com/news/agco-announces-ransomware-attack
Government Sector Cyber Threat Intel - Key Insights (April 2022)
https://otx.alienvault.com/pulse/62793cb07a4f302772f424ba
Operation (Dragon) EviLoong: The Electronic Party of "Borderless" Hackers
https://mp-weixin-qq-com.translate.goog/s/K1uBLGqD8kgsIp1yTyYBfw?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en
Massive spread of the JesterStealer malware using chemical attack themes
https://cert.gov.ua/article/40135
SEO Poisoning - A Gootloader Story
https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/
Quantum Locker Ransomware
https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware
Emotet: New Delivery Mechanism to Bypass VBA Protection
https://www.netskope.com/blog/emotet-new-delivery-mechanism-to-bypass-vba-protection
https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/Emotet/IOCs/2022-05-06
BPFDoor: Chinese tool almost undetected for FIVE years is second BPF-based attack this year
https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896
https://github.com/Neo23x0/signature-base/blob/master/yara/mal_lnx_implant_may22.yar
https://github.com/GossiTheDog/ThreatHunting/blob/master/YARA/BPFDoor-Unknown.yar
REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence
https://www.secureworks.com/blog/revil-development-adds-confidence-about-gold-southfield-reemergence
Dirty Deeds Done Dirt Cheap: Russian RAT Offers Backdoor Bargains
https://blogs.blackberry.com/en/2022/05/dirty-deeds-done-dirt-cheap-russian-rat-offers-backdoor-bargains
From the Front Lines | Unsigned macOS oRAT Malware Gambles For The Win
https://www.sentinelone.com/blog/from-the-front-lines-unsigned-macos-orat-malware-gambles-for-the-win/
Examining the Black Basta Ransomware’s Infection Routine
https://www.trendmicro.com/en_us/research/22/e/examining-the-black-basta-ransomwares-infection-routine.html
Critical F5 BIG-IP Vulnerability
https://isc.sans.edu/diary/rss/28624
https://blog.talosintelligence.com/2022/05/threat-advisory-critical-f5-big-ip-vuln.html
https://unit42.paloaltonetworks.com/cve-2022-1388/
Operation RestyLink: Targeted attack campaign targeting Japanese companies
https://insight--jp-nttsecurity-com.translate.goog/post/102ho8o/operation-restylink?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en
A closer look at Eternity Malware
https://blog.cyble.com/2022/05/12/a-closer-look-at-eternity-malware/?utm_source=Social&utm_medium=Twitter&utm_campaign=Eternity+Malware&utm_id=Malware+
APT34 targets Jordan Government using new Saitama backdoor
https://blog.malwarebytes.com/threat-intelligence/2022/05/apt34-targets-jordan-government-using-new-saitama-backdoor/
https://www.fortinet.com/blog/threat-research/please-confirm-you-received-our-apt
Bitter APT adds Bangladesh to their targets
https://blog.talosintelligence.com/2022/05/bitter-apt-adds-bangladesh-to-their.html
Iceapple: A novel Internet Information Services (IIS) post-exploitation framework
https://www.crowdstrike.com/wp-content/uploads/2022/05/crowdstrike-iceapple-a-novel-internet-information-services-post-exploitation-framework.pdf
Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques
https://www.proofpoint.com/us/blog/threat-insight/nerbian-rat-using-covid-19-themes-features-sophisticated-evasion-techniques
Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding
https://unit42.paloaltonetworks.com/cobalt-strike-metadata-encoding-decoding/
InfoSec Handlers Diary Blog - SANS Internet Storm Center
https://isc.sans.edu/diary/rss/28636
Public Cloud Cybersecurity Threat Intelligence (202204)
https://otx.alienvault.com/pulse/627bc2acc45f0ce91ba52a06
The Trojan subscribers Joker, MobOk, Vesub and GriftHorse
https://securelist.com/mobile-subscription-trojans-and-their-tricks/106412/
Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks
https://thehackernews.com/2022/05/iranian-hackers-leveraging-bitlocker.html
Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K
https://thehackernews.com/2022/05/researchers-warn-of-nerbian-rat.html
Malicious NPM Packages Target German Companies in Supply Chain Attack
https://thehackernews.com/2022/05/malicious-npm-packages-target-german.html
New REvil Samples Indicate Ransomware Gang is Back After Months of Inactivity
https://thehackernews.com/2022/05/new-revil-samples-indicate-ransomware.html
Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families
https://thehackernews.com/2022/05/experts-detail-saintstealer-and-prynt.html
Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store
https://thehackernews.com/2022/05/another-set-of-joker-trojan-laced.html
Ukrainian CERT Warns Citizens of a New Wave of Attacks Distributing Jester Malware
https://thehackernews.com/2022/05/ukrainian-cert-warns-citizens-of-new.html
U.S. Offering $10 Million Reward for Information on Conti Ransomware Hackers
https://thehackernews.com/2022/05/us-offering-10-million-reward-for.html
Phishing Campaign Delivering Three Fileless Malware
https://www.fortinet.com/blog/threat-research/phishing-campaign-delivering-fileless-malware
Malicious Compiled HTML Help File Delivering Agent Tesla
https://unit42.paloaltonetworks.com/malicious-compiled-html-help-file-agent-tesla/
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
發表會最大驚奇!Google 提前自爆下一代旗艦手機 Pixel 7 細節
https://3c.ltn.com.tw/news/49064
【Google I/O 2022】追求更美、更隱私、更安全,Android 13 新 Beta 版開放下載
https://www.inside.com.tw/article/27651-google-io-2022-5-android-13-beta
6款APP快刪!駭客入侵「這款藏30追蹤器」下載破9億
https://reurl.cc/d2DgDy
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
臺灣百貨業者資安曝險,電子郵件安全、帳密外洩待改善
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9844
2021年網路犯罪造成全球損失逾6兆美元
https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=dd887391-ecb5-4f3d-b098-2f081d952a83
尋找資安長/金控祭高薪挖角資安好手,為什麼波麗士大人這麼吃香
https://money.udn.com/money/story/5613/6305410
尋找資安長/不是誰來都行,資安長的條件有這三個
https://money.udn.com/money/story/5613/6305419
有人假冒德國企業的名義發布惡意NPM套件,經追查竟是紅隊演練公司所為,引起爭議
https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/
華裔美籍工程師竊可口可樂機密 意圖使中國企業獲利遭判14年徒刑
https://www.cna.com.tw/news/acn/202205100046.aspx
伊朗駭客組織APT34使用後門程式Saitama向約旦外交單位發動攻擊
https://blog.malwarebytes.com/threat-intelligence/2022/05/apt34-targets-jordan-government-using-new-saitama-backdoor/
美國、英國、歐盟提出證據並指控俄羅斯是衛星網路Ka-Sat攻擊事件的幕後黑手
https://www.bleepingcomputer.com/news/security/us-eu-blame-russia-for-cyberattack-on-satellite-modems-in-ukraine/
戰火延燒到太空!美軍證實:俄羅斯攻擊GPS系統
https://news.ltn.com.tw/news/world/breakingnews/3924810
俄侵烏前夕 對歐發動網攻
https://www.ydn.com.tw/news/newsInsidePage?chapterID=1502164&type=universal
俄國最大影音平台被駭 90%備份資料被毀 匿名者:會讓網站永久消失
https://news.ltn.com.tw/news/world/breakingnews/3925755
駭客入侵俄羅斯的智慧電視系統,在節目表中顯示反戰標語
https://reurl.cc/VDLg76
韓國加入CCDCOE給我們的省思
https://talk.ltn.com.tw/article/paper/1516828
匿名者告誡中國勿犯台 小心中國航母遼寧號沉沒
https://reurl.cc/vd72vN
黑客組織警告:北京不要愚蠢侵台
https://www.soundofhope.org/post/618931?lang=b5
美國中情局局長:北京正仔細研究並汲取俄烏戰爭教訓 以便應用在攻台戰計畫上
https://www.cmmedia.com.tw/home/articles/33727
中國官方發布網路直播強化未成年人保護規範 將禁止未成年人參與直播贊助
https://gnn.gamer.com.tw/detail.php?sn=231558
E.U. Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse
https://thehackernews.com/2022/05/eu-proposes-new-rules-for-tech.html
E.U. Blames Russia for Cyberattack on KA-SAT Satellite Network Operated by Viasat
https://thehackernews.com/2022/05/eu-blames-russia-for-cyberattack-on-ka.html
Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites
https://thehackernews.com/2022/05/thousands-of-wordpress-sites-hacked-to.html
Everything We Learned From the LAPSUS$ Attacks
https://thehackernews.com/2022/05/everything-we-learned-from-lapsus.html
Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia
https://thehackernews.com/2022/05/bitter-apt-hackers-add-bangladesh-to.html
U.S. Proposes $1 Million Fine on Colonial Pipeline for Safety Violations After Cyberattack
https://thehackernews.com/2022/05/us-proposes-1-million-fine-on-colonial.html
Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums
https://thehackernews.com/2022/05/experts-sound-alarm-on-dcrat-backdoor.html
資安駐點工程師-ACSI
https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E9%A7%90%E9%BB%9E%E5%B7%A5%E7%A8%8B%E5%B8%AB-acsi-at-acer-3070417652/?originalSubdomain=tw
資安系統工程師
https://www.cakeresume.com/companies/yhisec/jobs?locale=id
資安系統工程師
https://www.cakeresume.com/companies/yhisec/jobs/information-security-system-engineer
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
新一波釣魚攻擊,鎖定官方認證 Twitter 帳號
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9853
網傳圖卡:「PCR測試故意損害或破壞Amygdala(杏仁核)...如果受損,恐懼就不能被感知。永遠不要讓孩子挖鼻孔接受測試」
https://tfc-taiwan.org.tw/articles/7328
快篩劑贈友邦遭曲解 外交部籲防中共認知戰
https://reurl.cc/VDLg6A
防中收集個資 美擬推新規嚴堵
https://ctee.com.tw/news/china/642404.html
拜登政府起草新行政命令 阻中國取得美民眾個資
https://www.cna.com.tw/news/aopl/202205120067.aspx
蘋果、亞馬遜遭調查!英國會議員:秘密收集數據恐危害隱私
https://reurl.cc/1Z1Eem
Apple ID 爆出大規模帳密外流危機!開啟『 雙重認證 』來帳號提升安全性
https://agirls.aotter.net/post/60730
蘋果爆大量個資外洩「Apple ID遭駭」 3步驟提升帳號安全
https://www.ettoday.net/news/20220508/2246313.htm
蘋果爆Apple ID集體遭駭!大量網友出現登入位置在中國「3招搶救」
https://3c.ltn.com.tw/news/48996
我的帳號密碼有外洩嗎?這 4 個工具幫你檢測帳號密碼安全性
https://applealmond.com/posts/143717
國台辦稱願協助取快篩 陸委會酸:藉快篩分化 台灣仍可慶祝母親節
https://cnews.com.tw/215220508a01/
洩漏判決書草稿 大法官遭政治操作
https://www.worldjournal.com/wj/story/121201/6297218
FBI 全新 IDLE 專案透過“虛假資料”幫助公司欺騙駭客 | 每日安全資訊
https://sa123.cc/wcii6dx22h0wmgl7orpi.html
駭客釣魚郵件新工具,利用 Google SMTP服務漏洞發送欺詐郵件
https://www.techbang.com/posts/96001-google-smtp-services-are-exploited-to-send-fraudulent-emails
駭客假借馬斯克的名義來行加密貨幣詐騙
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/crypto-scammers-exploit-talk-on-cryptocurrency/
FBI:去年網絡詐騙導致全球損失 69 億美元
https://unwire.pro/2022/05/10/fbi-cyber-scams-cost-victims-6-9b-plus-worldwide-in-2021/security/
E.研究報告/工具
企業進軍元宇宙!勤業眾信公布 2022 六大數位媒體趨勢
https://finance.technews.tw/2022/05/11/six-digital-media-trends/
烏克蘭網路攻擊事件影響分析
https://ieknet.iek.org.tw/iekrpt/rpt_more.aspx?actiontype=rpt&indu_idno=3&domain=66&rpt_idno=320942940
讓我們來告訴你 什麼是弱點掃描
https://www.pumo.com.tw/security/whatIsWebScan.jsp
Introducing Flutter 3
https://medium.com/flutter/introducing-flutter-3-5eb69151622f
10 Python Automation Scripts for Your Daily Problems
https://python.plainenglish.io/10-python-automation-scripts-for-your-daily-problems-aefb502969e2
BITB (browser in the browser)Attack
https://infosecwriteups.com/bitb-browser-in-the-browser-attack-e2008c405701
THE 15 BEST Chrome Extensions for 2022
https://bdarfler.medium.com/the-16-bestchrome-extensions-for-2022-b14e3bd08001
A Super-Fast Way to Loop in Python
https://towardsdatascience.com/a-super-fast-way-to-loop-in-python-6e58ba377a00
Python: Scrape Any Website in Seconds with One Line of Code
https://medium.com/@alains/python-scrape-any-website-in-seconds-with-one-line-of-code-574e4bd57005
Introduction to GIT
https://medium.com/ntust-aivc/introduction-to-git-66473777b9b3
What is an API
https://medium.com/codex/lets-learn-build-and-sell-an-api-a12b0d7b4c2
REST API
https://medium.com/@ugur.suicmez/rest-api-a25d6b638723
How to learn anything fast, no matter what your brain condition is
https://medium.com/illumination/how-to-learn-anything-fast-no-matter-what-your-brain-condition-is-e3ffd9bf7e12
Stop using Alpine Docker images
https://medium.com/inside-sumup/stop-using-alpine-docker-images-fbf122c63010
Why the Raspberry Pi should be your next home server
https://medium.com/the-pi-project/why-the-raspberry-pi-should-be-your-next-home-server-e901e796e7a6
Developing a Money-Making Telegram Bot on Python. Part 1
https://medium.com/codex/developing-a-money-making-telegram-bot-on-python-pt-1-a19fae54d3f
90 % of Javascript Developer fail to answer these code snippets (Asked in Interview) Part-1
https://vineetmishrahbk.medium.com/90-of-javascript-developer-fail-to-answer-these-code-snippets-asked-in-interview-436e00ec1287
Automate 4 Boring Tasks in Python with 5 Lines of Code
https://medium.com/geekculture/automate-4-boring-tasks-in-python-with-5-lines-of-code-55901b3cd5dc
Top 15 IT Certifications in 2022
https://arctutorials.medium.com/top-15-it-certifications-in-2022-97a1538f7c81
How Your Metamask Got Hacked (Probably)
https://medium.com/coinmonks/how-your-metamask-got-hacked-probably-795abca4534a
Bypassing Login Page in 2 Mins
https://aravind07.medium.com/bypassing-login-page-in-2-mins-5b773d46f4d
Automate Alert Triage and Response Tasks with Intezer EDR Connect
https://www.intezer.com/blog/incident-response/alert-triage-edr-integrations/?utm_medium=email
How to Write YARA Rules That Minimize False Positives
https://www.intezer.com/blog/threat-hunting/yara-rules-minimize-false-positives/?utm_medium=email&utm_source=hs_email
How to Analyze Malicious PDF Files
https://www.intezer.com/blog/incident-response/analyze-malicious-pdf-files/?utm_medium=email&utm_source=hs_email
Top Cyber Threats to the Telecom Industry
https://www.intezer.com/blog/incident-response/cyber-threats-telecom-industry/?utm_medium=email&utm_source=hs_email
Modern SOC Analyst Workflows
https://www.youtube.com/watch?v=JZm0WwDAFM0
Threat Hunting Tutorial- Day3, Hunt for LoLbas in Splunk, Intezer
https://www.youtube.com/watch?v=P6Ozw93cHYA
Discord Infostealers: How hackers steal your password
https://www.youtube.com/watch?v=3GW1QqPNLig
5 Benefits of Detection-as-Code
https://thehackernews.com/2022/05/5-benefits-of-detection-as-code.html
SHIELDS UP in bite sized chunks
https://thehackernews.com/2022/05/shields-up-in-bite-sized-chunks.html
F.商業
網路即安全 Aruba ClearPass強化網路存取的安全性和合規性
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9851
Citrix 推出以意圖為基礎的新世代應用與安全交付解決方案
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9849
安克諾斯Acronis Cyber Protect Cloud為MSP服務供應商提供整合資安平台
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9850
精誠總代理Nozomi networks成為CISA首家資安合作夥伴
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=16&id=0000634717_LK362NT42VVJ8164QVILT
設備不只要硬規格更須看軟實力 智能儲存解救變局生存危機 中小企業靠資料逆風求勝 以PowerStore力拚未來
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/338D6780EE2E49D890EE5E6EE98EE0A4
偉康科技打造雲端身分認證SaaS服務
https://wantrich.chinatimes.com/news/20220512900063-420101
全新 Synology RT6600ax Wi-Fi 6 三頻無線路由器:超凡效能、安全連網、方便管理三位一體,以軟體多樣性實現全能化的網路控管中心
https://www.techbang.com/posts/96147-synology-rt6600ax-wi-fi-6-wireless-router-review
原IBM全球資訊科技服務部門 Kyndryl結盟夥伴拓展新業務 金融受兩大重點監管 適地適性上雲應全面考量
https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/2D5314B763174C3A926240BC40265CF4
A10 Networks公布網路威脅研究調查 2021全球DDoS攻擊暴增100%
https://reurl.cc/d2Dgq2
微軟推出網絡安全服務 協助客戶對抗勒索軟體和其他攻擊
https://news.cnyes.com/news/id/4868213
G.政府
李明哲曝中國曾暗示「認間諜罪」 國台辦:不實之詞不值一評
https://www.mirrormedia.mg/story/20220511edi014/
劉櫂豪督促NCC委辦計畫 應審慎辦理受委辦機構不得再委外
https://www.ettoday.net/news/20220512/2249703.htm
公務員初考、升官等考試 112年起刪除公文格式用語
https://www.1111.com.tw/news/jobns/145575
苗栗縣府活動官網變色情網站 簡體字宣傳「嫩模浪叫」
https://www.setn.com/News.aspx?NewsID=1110335
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
醫療轉型臨床5大資安危機,兼顧資安防護與醫療效能是關鍵
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9845
趨勢科技成立新公司VicOne,著眼車聯網資安
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9848
智慧機械、5G及資安產品投資抵減辦法出爐 資誠解析重點
https://times.hinet.net/news/23908494
車用資安產學對接 企業應以「精準資安」為目標
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000635246_Q9Y3KER53WNF5E7Y8T3VQ
是時候制定物聯網安全標準
https://www.eettaiwan.com/20220512nt31-it-s-about-time-for-iot-security-standards/
UWB、BLE、NFC,使用哪種技術的數位車鑰更安全一點
https://www.techbang.com/posts/96295-talk-about-the-potential-safety-risks-of-digital-car-keys
車聯網啟動更安全、高效率的智慧交通新時代
https://www.eettaiwan.com/20220512nt1x-techtaipei-iov-and-smartcar/
車聯網:「邊緣運算」上路奔馳
https://www.eettaiwan.com/20220513nt31-iov-become-edge-computing-equipment/
DLINK DAP-1620 A1 v1.01 - Directory Traversal
https://www.exploit-db.com/exploits/50919
DLINK DIR850 - Open Redirect
https://www.exploit-db.com/exploits/50907
DLINK DIR850 - Insecure Access Control
https://www.exploit-db.com/exploits/50906
I.教育訓練
中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班:全面招生中
https://www.cs.nycu.edu.tw/announcements/detail/8778
2022「證券期貨資訊安全實務養成課程」即日起開始報名
https://www.sfi.org.tw/news/news-7/3589
網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works)
https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw
不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書)
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html
【資安管理國際證照懶人包】學習心得、考試要點一次整理!2022 轉職夢幻工作看這篇
https://buzzorange.com/techorange/2021/12/30/isaca/
CISSP考試心得 – Benson
https://reurl.cc/GbWvxd
CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/
EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8
CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh
110年新進人員「校園資訊安全講座」教材
https://cc.nccu.edu.tw/p/406-1001-740,r18.php
【訓練教材D】資訊安全技術教育訓練教材
https://iscb.nchu.edu.tw/2019/07/d.html
109資通安全管理法數位教育訓練
https://reurl.cc/ARlmqp
110-1初級資訊安全工程師-資訊安全管理概論
https://yamol.tw/exam.php?id=104050
中大信息工程學系 栽培資訊科技領導人才
https://reurl.cc/ARZKDK
伊雲谷、中山大學產學合作 累積雲端資安人才能量
https://ctee.com.tw/industrynews/technology/587459.html
SANS Cyber Aces Online Tutorials
https://tutorials.cyberaces.org/tutorials.html
Free Online Cybersecurity Courses (MOOCs)
https://www.cyberdegrees.org/resources/free-online-courses/
Develop Your Cybersecurity Skills
https://www.cybrary.it/catalog/cybersecurity/
Mobile App Security
https://www.cybrary.it/course/mobile-app-security/
Introduction to Cybersecurity
https://reurl.cc/bnaj6d
How to Tackle SaaS Security Misconfigurations
https://thehackernews.com/2021/11/how-to-tackle-saas-security.html
How to Build a Security Awareness Training Program that Yields Measurable Results
https://thehackernews.com/2021/11/how-to-build-security-awareness.html
Common Attacks
https://choson.lifenet.com.tw/?p=1174
6.近期資安活動及研討會
駭客奪旗攻防演練:金融資安人才養成專班(第1期) 2022/04/28~2022/06/09
https://www.tabf.org.tw/CourseDetail.aspx?PID=487750
元智資工高中生短期資訊課程-微插電資安體驗工作坊 2022/5/14
https://cse-yzu.kktix.cc/events/yzcs7
工控系統資安安全線上論壇 2022/5/16
https://www.ctsp.gov.tw/chinese/01-News/01-online_view.aspx?v=1&fr=1000&no=1001&sn=15005
網路自由小聚 [5月] 大家來開講:數位發展部行不行 2022/5/19
https://ocftw.kktix.cc/events/internetfreedom-may2022
沙崙資安基地 線上免費資安課程 多的是你不知道的事-揭秘OSINT 2022/5/24
https://bit.ly/3vDkjYO
釣魚釣魚釣到你_白帽駭客教你如何利用人性弱點突破防禦 2022/5/25
http://www.cs.thu.edu.tw/web/news/detail.php?id=4129
資安政策法規標準 2022/5/25 ~ 2022/5/26
https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19873
從 ISO 合規看企業設備資安管理 - 線上研討會 2022/5/26
https://jamf.kktix.cc/events/jamfnation-compliance-webinar
國家高速網路與計算中心教育訓練 「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=course_index
HITCON FreeTalk 2022 - 烏俄網路戰 & CTF 經驗分享 2022/6/6
https://hitcon.kktix.cc/events/hitcon-freetalk-2022
資訊安全系列課程系列九:機器學習與資安異常診斷實務(第1期) 2022/6/7
https://www.tabf.org.tw/CourseDetail.aspx?PID=487302
醫療資安女力論壇 2022/6/11
https://isipevent.kktix.cc/events/e58d0573-copy-1
創科資訊②⓪②②軟體開發實戰訓練營➠線上實習說明會 2022/7/6
https://trunk-studio.kktix.cc/events/monosparta-code-camp-2022-9
風險導向資安稽核 2022/7/20
https://www.cisanet.org.tw/Course/Detail/2756
HITCON PEACE 2022 台灣駭客年會 2022/8/19 ~ 2022/8/20
https://hitcon.kktix.cc/events/hitcon-peace-2022
2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22
https://jamf.kktix.cc/events/cybersec2022jamf
沒有留言:
張貼留言