資安事件新聞週報 2022/5/30 ~ 2022/6/3
1.重大弱點漏洞/後門/Exploit/Zero Day
逾360萬臺MySQL伺服器曝露於網際網路,恐成為攻擊目標
https://www.shadowserver.org/news/over-3-6m-exposed-mysql-servers-on-ipv4-and-ipv6/
Microsoft 已發布安全更新,以解決服務診斷工具(MSDT)中的弱點
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190
Windows搜尋通訊協定存在零時差漏洞
https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/
Office零時差漏洞讓駭客執行惡意指令,關閉巨集也不見得擋得了
https://www.ithome.com.tw/news/151211
研究人員揭露Office零時差漏洞,駭客可藉由RTF檔案觸發
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/
中共國TA413 APT駭客組織正在利用微軟Follina漏洞進行瘋狂攻擊
https://gnews.org/zh-hant/2655908/
CVE-2022-30190: Microsoft Support Diagnostic Tool (MSDT) RCE Vulnerability “Follina”
https://www.fortinet.com/blog/threat-research/analysis-of-follina-zero-day
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
Windows 11、Server 2022功能更新恐導致部分趨勢端點防護軟體功能失常
https://success.trendmicro.com/dcx/s/solution/000291066
Watch Out! Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild
https://thehackernews.com/2022/05/watch-out-researchers-spot-new.html
Zero-Day Exploitation of Atlassian Confluence
https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation
https://thehackernews.com/2022/05/microsoft-releases-workarounds-for.html
Analyzing AsyncRAT distributed in Colombia
https://jstnk9.github.io/jstnk9/research/AsyncRAT-Analysis/
VMware identity_manager 多款產品存在授權問題弱點
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22972
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22973
Security Bulletin: IBM QRadar Data Synchronization App for
IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (2022.05.31)
https://www.ibm.com/support/pages/node/6590981?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
Citrix 發布多個產品的安全更新
https://support.citrix.com/article/CTX457048
Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability
https://thehackernews.com/2022/06/hackers-exploiting-unpatched-critical.html
Critical 'Pantsdown' BMC Vulnerability Affects QCT Servers Used in Data Centers
https://thehackernews.com/2022/05/critical-pantsdown-bmc-vulnerability.html
2.銀行/金融/保險/證券/支付系統/金融監理 新聞及資安
全球民調/泰國 數位科技盛行 78%民眾會使用數位金融、38%覺得科技使人迷茫
https://reurl.cc/QLNm7o
6月股東會旺季到 集保設戰情室掌握視訊連線狀況
https://news.cnyes.com/news/id/4881335
臨櫃改採預約制!國泰世華銀鎖定4大業務 即日啟動
https://finance.ettoday.net/news/2263798
3.電子支付/行動支付/pay/資安
電子支付從街口、一卡通Money雙雄走向百家爭鳴!重點玩家版圖一次看
https://www.bnext.com.tw/article/69561/2022-taiwans-e-payment-web-only-banking-industry-map
LINE Pay從電子支付App走向金融平台!最新改版有這三大亮點
https://www.techbang.com/posts/96568-line-pay-from-electronic-payment-app-to-financial-platform-the
鈔票變薄用「嗶」較不痛? Q1電子支付交易額年增21.3%
https://udn.com/news/story/7239/6357120
梅驊出任街口電子支付董事長
https://reurl.cc/6ZXeLb
央行預告修正「電子支付機構管理條例」
https://www.chinatimes.com/realtimenews/20220602005023-260410?chdtv
FinTech基金 可長抱
https://fund.udn.com/fund/story/5858/6357737
手機感應收款服務「Mobile Tap」登場 全港數百輛的士亦可用
https://reurl.cc/ErYaX0
數位經濟來臨,你Pay了沒? 法人:數位支付服務產業,將引爆下一個科技大趨勢
https://www.storm.mg/stylish/4362400
碰一下就付款,蘋果訪客中心開始接受 Tap To Pay
https://technews.tw/2022/05/17/tap-to-pay/
4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約 資安
Terra 2.0 — LUNA Airdrop Calculation Logic
https://medium.com/terra-money/terra-2-0-luna-airdrop-calculation-logic-3eb752c25837
炸傷幣圈的Terra穩定幣 20%利息為何變「龐氏騙局」
https://www.cw.com.tw/article/5121383
幣圈不怕暴跌、詐騙,就怕交易所被盜!這家曾遭駭失血,為何反而吸引更多用戶
https://www.storm.mg/lifestyle/4359372
安全公司:年初至今Web3由駭客攻擊等造成的損失約17.6億美元
https://news.cnyes.com/news/id/4882566
針對Bitfinex被盜案中涉嫌加密洗錢夫婦的聽證會將被推遲至8月2日
https://news.cnyes.com/news/id/4883021
Moonbeam和Moonriver通過緊急升級已解決白帽駭客披露的安全問題
https://news.cnyes.com/news/id/4882601
加密貨幣採礦蓬勃 衝擊德州電網
https://www.worldjournal.com/wj/story/121279/6358640
Balancer現已上線Optimism
https://news.cnyes.com/news/id/4883822
穩定幣協議Beanstalk將於6月6日啟動籌款活動以挽回駭客攻擊損失
https://news.cnyes.com/news/id/4883886
CertiK爆 : 微軟 Office 有零時差漏洞!可駭入 Metamask、建議改用冷錢包
https://www.blocktempo.com/because-office-bug-certik-warns-crypto-users-are-among-the-most-at-risk/
CertiK:微軟高危零日漏洞可執行任意代碼,建議用戶使用硬體錢包
https://news.cnyes.com/news/id/4883952
Terra 2.0 — LUNA Airdrop
https://medium.com/terra-money/terra-2-0-luna-airdrop-cd08a6d9cfcd
What is Web3.0 — A Deep dive, beginner level explanation of Web3.0 and Dapps
https://medium.com/coinmonks/what-is-web3-0-a-deep-dive-beginner-level-explanation-of-web3-0-and-dapps-2f372efd69ef
Web3 新創資安「才剛起步」!區塊鏈中隱含了哪些資安危機
https://buzzorange.com/techorange/2022/05/30/web3-security/
女研究員在元宇宙遭性侵 網絡人身安全議題惹關注
https://www.pcmarket.com.hk/womans-avatar-has-been-sexually-assaulted-in-the-metaverse/
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
BazarBackdoor 惡意軟體經由CSV文件感染 - 該如何預防
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9868
Google 警告 Predator 間諜惡意軟體,利用多個 0-day 漏洞感染 Android 裝置
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9876
全球勒索軟體攻擊次數年增 14%,Check Point Software 推出反勒索軟體中心
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9881
WannaCry 爆發 5 周年勒索軟體攻擊更猖狂!不只鎖定單一企業,連供應鏈夥伴、客戶都要一起拉下水
https://buzzorange.com/techorange/2022/06/01/ransomware-2022/
哥斯大黎加衛生機關遭勒索軟體Hive攻擊
https://www.bleepingcomputer.com/news/security/costa-rica-s-public-health-agency-hit-by-hive-ransomware/
逾4.7萬個惡意WordPress外掛程式出現於2.4萬個網站
https://www.usenix.org/conference/usenixsecurity22/presentation/kasturi
1,200個Elasticsearch資料庫遭到勒索
https://www.secureworks.com/blog/unsecured-elasticsearch-data-replaced-with-ransom-note
勒索軟體LockBit聲稱竊得富士康墨西哥工廠資料
https://www.securityweek.com/ransomware-group-claims-have-breached-foxconn-factory
鴻海墨西哥廠遭駭 要求11日前支付贖款
https://ctee.com.tw/news/tech/654161.html
鴻海墨西哥廠遭勒索病毒攻擊 營運漸恢復影響不大
https://money.udn.com/money/story/5599/6362378?from=edn_newest_index
墨西哥廠遭勒索病毒攻擊 鴻海:產能可調整因應
https://ec.ltn.com.tw/article/breakingnews/3948989
安卓惡意軟體FluBot遭到歐美執法單位圍剿
https://www.bleepingcomputer.com/news/security/flubot-android-malware-operation-shutdown-by-law-enforcement/
惡意軟體EnemyBot針對VMware、F5 BIG-IP重大漏洞下手
https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers
駭客鎖定視窗作業系統的WSL元件,散布Linux惡意軟體
https://blog.lumen.com/windows-subsystem-for-linux-wsl-threats/
勒索軟體駭客REvil疑發動DDoS攻擊
https://www.akamai.com/blog/security/revil-resurgence-or-copycat
勒索軟體Clop疑捲土重來,1個月出現21個受害組織
https://newsroom.nccgroup.com/news/ncc-group-monthly-threat-pulse-april-2022-448500
賽門鐵克提示Clipminer加密劫持惡意軟體風險:駭客至少已賺取170萬美元
https://news.cnyes.com/news/id/4884024
新種 Linux 勒贖軟體 Cheers,鎖定 VMware ESXi 伺服器發動攻擊
https://www.twcert.org.tw/tw/cp-104-6181-cdeb1-1.html
Popping Eagle: How Global Analytics Uncovered a Stealthy Threat Actor
https://unit42.paloaltonetworks.com/popping-eagle-malware/
Threat Actors Prey on Eager Travelers
https://www.fortinet.com/blog/threat-research/threat-actors-prey-on-eager-travelers
WinDealer dealing on the side
https://securelist.com/windealer-dealing-on-the-side/105946/
Clipminer Botnet Makes Operators at Least $1.7 Million
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/clipminer-bitcoin-mining-hijacking
OPERATION DARKCASINO: IN-DEPTH ANALYSIS OF RECENT ATTACKS BY APT GROUP EVILNUM
http://blog.nsfocus.net/darkcasino-apt-evilnum/
State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage
https://research.checkpoint.com/2022/state-sponsored-attack-groups-capitalise-on-russia-ukraine-war-for-cyber-espionage/
InfoSec Handlers Diary Blog - SANS Internet Storm Center
https://isc.sans.edu/diary/rss/28698
Hazard Token Grabber
https://blog.cyble.com/2022/06/01/hazard-token-grabber/?utm_source=Social&utm_medium=Twitter&utm_campaign=Stealer&utm_id=Stealer
Distributing AppleSeed disguised as Internet router installation file
https://asec.ahnlab.com/ko/34883/
OceanLotus Indicators - May'22
https://twitter.com/BaoshengbinCumt/status/1531167884273414145
Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network
https://thehackernews.com/2022/06/researchers-uncover-malware-controlling.html
Conti Leaks Reveal Ransomware Gang's Interest in Firmware-based Attacks
https://thehackernews.com/2022/06/conti-leaks-reveal-ransomware-gangs.html
Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks
https://thehackernews.com/2022/06/researchers-demonstrate-ransomware-for.html
YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites
https://thehackernews.com/2022/06/yoda-tool-found-47000-malicious.html
New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers
https://thehackernews.com/2022/06/new-xloader-botnet-version-using.html
Latest Mobile Malware Report Suggests On-Device Fraud is on the Rise
https://thehackernews.com/2022/05/latest-mobile-malware-report-suggests.html
Interpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks
https://thehackernews.com/2022/05/interpol-nabs-3-nigerian-scammers.html
EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities
https://thehackernews.com/2022/05/enemybot-linux-botnet-now-exploits-web.html
New 'GoodWill' Ransomware Forces Victims to Donate Money and Clothes to the Poor
https://thehackernews.com/2022/05/new-goodwill-ransomware-forces-victims.html
The Myths of Ransomware Attacks and How To Mitigate Risk
https://thehackernews.com/2022/05/the-myths-of-ransomware-attacks-and-how.html
Experts Warn of Rise in ChromeLoader Malware Hijacking Users' Browsers
https://thehackernews.com/2022/05/experts-warn-of-rise-in-chromeloader.html
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
Apple Watch Series 8 Will Be Revolutionary
https://medium.com/macoclock/apple-watch-series-8-will-be-revolutionary-f3eda693596a
美國新法擬要求iPhone「開放側載」 庫克怒了:乾脆去用安卓手機啊!
https://udn.com/news/story/7098/6351579
蘋果申請realityOS新專利!AR/VR頭戴裝置有望在開發大會亮相
https://newtalk.tw/news/view/2022-05-30/762627
美民主黨議員 Apple 應開放第三方應用商店 Tim Cook 反駁 : 直接去用 Android 手機吧
https://www.pcmarket.com.hk/u-s-democrats-apple-should-open-up-third-party-app-stores/
安卓惡意軟體Ermac 2.0假冒餐點外送平臺App,竊取467個軟體帳密
https://www.bleepingcomputer.com/news/security/new-ermac-20-android-malware-steals-accounts-wallets-from-467-apps/
安卓手機又被攻擊!駭客在467個APP中竊取重要個資
https://today.line.me/tw/v2/article/QwVL2yG
微軟新發現一個 Android 漏洞,展示如何將預裝系統應用程式作為攻擊媒介
https://www.kocpc.com.tw/archives/443564
駭客濫用Telegram匿名部落格服務進行網釣攻擊
https://www.inky.com/en/blog/fresh-phish-phishers-take-advantage-of-telegraphs-loose-governance
行動應用程式框架存在嚴重漏洞,兩大平臺手機恐曝險
https://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/
Messenger 服務「通話」功能成為獨立分頁 用戶使用更方便 先針對 Android 平台 App 調整
https://www.cool3c.com/article/178041
加州真實身分證進展緩 手機行動ID試行
https://reurl.cc/o1mXgj
Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones
https://thehackernews.com/2022/06/critical-unisoc-chip-vulnerability.html
SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities
https://thehackernews.com/2022/06/sidewinder-hackers-use-fake-android-vpn.html
FluBot Android Spyware Taken Down in Global Law Enforcement Operation
https://thehackernews.com/2022/06/flubot-android-spyware-taken-down-by.html
Is 3rd Party App Access the New Executable File
https://thehackernews.com/2022/05/is-3rd-party-app-access-new-executable.html
Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely
https://thehackernews.com/2022/05/attackers-can-use-electromagnetic.html
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
臺灣聯隊DEF CON CTF搶旗賽線上初賽獲第二名,八月進軍賭城實體較勁
https://www.ithome.com.tw/news/151209
三立2離職員工扮駭客 入侵影音平台刪資料 下場曝光
https://www.chinatimes.com/realtimenews/20220531003602-260402?chdtv
三立雲端付費影音被刪光 竟是離職工程師聯手幹的!賠110萬下場出爐
https://www.appledaily.com.tw/local/20220601/AU4H2YWNDNGZZANBMKC4MMHCSE/
資安月報揭露 機關電子郵件密碼「鍵盤排序」易遭駭客破解
https://m.match.net.tw/pc/news/politics/20220604/6585168
「點我免費獲得 $ 150 元手搖飲」駭客如何得知你愛喝飲料,還精心為你客製化誘餌
https://buzzorange.com/techorange/2022/05/30/why-information-security-is-important/
義大利受駭客攻擊威脅惟短缺10萬名網路資安專家
https://reurl.cc/9G00mO
巴西里約機場受駭 螢幕播起色情片 網嘲 「有很多人要錯過飛機」
https://www.worldjournal.com/wj/story/121261/6353785
開綠燈! 白宮:任何對俄網攻都不算直接介入戰爭
https://news.ltn.com.tw/news/world/breakingnews/3947382
美國波士頓兒童醫院去年險遭伊朗駭客網攻 FBI解危
https://reurl.cc/9G0xpv
美國連日表態對台灣支持 軍事專家:習近平也會顧慮這點
https://www.setn.com/News.aspx?NewsID=1124222
美國共和黨推新法案!禁止蘋果及Google以數位人民幣交易
https://newtalk.tw/news/view/2022-05-30/762779
美國承認軍方駭客駭進俄羅斯以支援烏克蘭
https://www.ithome.com.tw/news/151281
美國「對俄作戰」支援烏克蘭!美軍上將證實:手段是戰略性地說出真相
https://times.hinet.net/news/23949458
美國FBI局長揭露中共網攻內幕 關注台海安全
https://reurl.cc/k19krd
美國FBI局長談網路戰 指中國正研究俄烏戰事以強化攻台阻美能力
https://www.ftvnews.com.tw/news/detail/2022602W0017
美:中共研究俄烏戰 模擬侵臺
https://reurl.cc/0pkQ99
立志走向全球的大陸網路安全公司罕見披露美國國安局駭客攻擊細節
https://money.udn.com/money/story/122381/6355268?from=edn_bloomberg_index_side
聯合國特使訪中BBC揭「新疆警察文件」 德拒為福斯投資陸擔保
https://reurl.cc/lonnAl
新疆警察文件流出 網紅怒批中共:血債得還
https://reurl.cc/3oyylX
新疆警察文件流出!網紅秀上千「犯人照」 怒批洪秀柱為中共洗白
https://www.ftvnews.com.tw/video/detail/YbxNtRIfuU4
聯合國人權專員17年首訪惹議 中國要對新疆議題做兩個準備原文網址: 聯合國人權專員17年首訪惹議 中國要對新疆議題做兩個準備 | 香港01 https://www.hk01.com/sns/article/776544
https://reurl.cc/3oyR5V
中國駭客假冒藏人政府機構,利用Office零時差漏洞Follina發動攻擊
https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-now-exploited-by-chinese-apt-hackers/
護網安即護國安 香港立法擬年底諮詢
https://www.wenweipo.com/a/202206/02/AP6297fb5ee4b033218a4fe30e.html
經濟學人:中國情報常突槌 對台工作易誤判
https://ec.ltn.com.tw/article/breakingnews/3947987
美國「前進防禦」網路戰略落實與變革
https://indsr.org.tw/focuslist?uid=3&typeId=18
Karakurt Data Extortion Group
https://www.cisa.gov/uscert/ncas/alerts/aa22-152a
Homeland Security Agent Reveals UAP Encounters and Video
https://medium.com/on-the-trail-of-the-saucers/homeland-security-agents-reveal-uap-encounters-and-video-ab7ec73273a6
Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor
https://thehackernews.com/2022/06/chinese-luoyu-hackers-using-man-on-side.html
Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability
https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html
Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies
https://thehackernews.com/2022/06/microsoft-blocks-iran-linked-lebanese.html
ExpressVPN Removes Servers in India After Refusing to Comply with Government Order
https://thehackernews.com/2022/06/expressvpn-removes-servers-in-india.html
SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years
https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html
FBI Warns About Hackers Selling VPN Credentials for U.S. College Networks
https://thehackernews.com/2022/05/fbi-warns-about-hackers-selling-vpn.html
台資安人口現缺口,DEVCORE 將擴大開啟資安人才培育計畫
https://technews.tw/2022/06/01/devcore-security/
挖掘直播人才 17LIVE攜手國發會開辦技術大賽
https://www.cna.com.tw/news/ait/202206010104.aspx
新手網路資安工程師
https://www.518.com.tw/job-yERA6Z.html
【資安所】系統分析規劃師
https://www.104.com.tw/job/7nfoh
資安網路工程師
https://www.518.com.tw/job-yYDaK3.html
資深網路管理/資安管理工程師
https://www.104.com.tw/job/7nguj
【諮詢服務】資安架構/技術顧問 - Staff Level
https://reurl.cc/GxgDoZ
業務代表 - 資安網路系統 (新竹)
https://www.518.com.tw/job-GxzAlx.html
元大金控萬人海選計畫-資安工程師
https://www.cakeresume.com/companies/yuanta-tw/jobs/616a66?locale=vi
矽品擴大徵才薪上看70K 多元招募履歷投起來
https://www.1111.com.tw/news/jobns/145851
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC – Part II
https://www.fortinet.com/blog/threat-research/phishing-campaign-delivering-fileless-malware-part-two
實錄片!新手媽接詐騙電話開啟「玩弄模式」 給假帳號對方瞬間爆走
https://www.ftvnews.com.tw/news/detail/2022531W0151
逾千萬用戶的Chrome視訊共享外掛程式Screencastify恐曝露用戶隱私
https://palant.info/2022/05/23/hijacking-webcams-with-screencastify/
帶你洞悉世界級駭客的思維!如何在隱私權成奢侈品的時代,拿下這樁勝利
https://buzzorange.com/techorange/2022/06/01/hoozbook-the-art-of-invisibility/
英國食物銀行遭網釣攻擊
https://blog.malwarebytes.com/scams/2022/05/double-whammy-attack-follows-fake-covid-alert-with-a-bogus-bank-call/
土耳其航空公司因AWS儲存桶配置不當,曝露6.5 TB內部資料
https://www.safetydetectives.com/news/pegasus-leak-report/
不明簡訊別亂點飆股老師「攏係假」 中市警提供辨別假網址小撇步
https://www.appledaily.com.tw/local/20220602/DA33FKDOAFAAXHXFMWO4BKC7EU/
【借鏡烏俄戰爭的3堂必修課】從茫然失措到善用科技反擊 烏克蘭對俄羅斯的假訊息抗戰之路
https://tfc-taiwan.org.tw/articles/7628
網傳南部車站4千確診 警:惡意散布假消息
https://news.cts.com.tw/cts/local/202205/202205302081434.html
檢調鎖定農場文!5大熱門粉專疑中國管理員
https://www.setn.com/News.aspx?NewsID=1123533
警查25內容農場 遭爆亂源來自馬國大榴槤網站
https://www.setn.com/News.aspx?NewsID=1123754
網路用戶可以要求從 Google 搜索結果中刪除他們的個人資料
https://blog.twnic.tw/2022/06/03/23152/
疑個資洩!友收到訂購蛋糕 遭詐噴13萬
https://news.ebc.net.tw/news/society/320406
E.研究報告/工具
什麼是入侵分析鑽石模型? 對資安防禦的重要性是
https://teamt5.org/tw/posts/what-is-diamond-model-of-intrusion-analysis/
Fetch API 沒有傳送 cookies
https://reurl.cc/A7X9z8
為什麼身分安全應該成為零信任架構策略的核心
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9884
加密新技術 PGPP 能打破「有方便沒安全」的資安難題嗎
https://buzzorange.com/techorange/2022/05/31/pretty-good-phone-privacy-pgpp/
駭客攻擊了解多少,你不可不知的社交工程
https://open.firstory.me/story/cl3tr0ef4084e0109fo7fepep
駭客後滲透基礎 – 將檔案從Linux傳輸至Windows常見方法 | File Transfer for Windows
https://hackercat.org/pentesting/how-to-transfer-file-from-linux-to-windows
翻滾吧!駭客女孩
https://vocus.cc/girlsletscode/tagTab/5d3edc75fd897800013acc8a
網軍跟駭客是一樣的嗎
https://www.pttweb.cc/bbs/Gossiping/M.1654224653.A.906
請君入甕假造可攻擊目標 反客為主積極守護資訊安全 設蜜罐陷阱引誘駭客上鉤 藉Shodan現形入侵手法
https://www.netadmin.com.tw/netadmin/zh-tw/technology/E092AD9FA72044BD9AB0FA0279F7CAE0
Analysis of SideWinder's new infrastructure and tool that narrows their reach to Pakistan
https://blog.group-ib.com/sidewinder-antibot
ViewModel: One-off event antipatterns
https://medium.com/androiddevelopers/viewmodel-one-off-event-antipatterns-16a1da869b95
SQL Injection in Harvard’s Subdomain
https://medium.com/pentesternepal/sql-injection-in-harvards-subdomain-c3148f8be156
Create an Interactive Web App with PyScript and Pandas
https://towardsdatascience.com/create-an-interactive-web-app-with-pyscript-and-pandas-3918ad2dada1
Micro Apps in Flutter, does it make sense
https://medium.com/bancolombia-tech/micro-apps-in-flutter-does-it-makes-sense-d86cd0838b47
10 JavaScript hacks that developers should know
https://medium.com/xtechportugal/10-javascript-hacks-that-developers-should-know-40657b8be180
Building a Threat Intelligence Feed using the Twitter API and a bit of code
https://grimminck.medium.com/building-a-threat-intelligence-feed-using-the-twitter-api-and-a-bit-of-code-5787808e32ef
VulnHub: DeathNote: 1
https://al1z4deh.medium.com/vulnhub-deathnote-1-f81b0794bea2
Learning Python
https://selinyazicioglu99.medium.com/learning-python-905c9070553d
Learning Python 3
https://selinyazicioglu99.medium.com/learning-python-3-e02360697358
How Git truly works
https://towardsdatascience.com/how-git-truly-works-cd9c375966f6
100% Accurate Forecaster Tells Us Where Bitcoin is Headed
https://scottdebevic.medium.com/100-accurate-forecaster-tells-us-where-bitcoin-is-headed-7a8333695a0a
CSS: Absolutely positioning things relatively
https://canvatechblog.com/css-absolutely-positioning-things-relatively-964898de886b
“Stop” using state management libraries
https://medium.com/flutter-community/stop-using-state-management-libraries-48a81ed7979d
Reset the Password for Vulnerability
https://medium.com/@sathvika03/reset-the-password-for-vulnerability-b0805f7adf9c
Determining Bull & Bear Market Trends Programmatically (Python)
https://medium.com/@chris_42047/determining-bull-bear-market-trends-programmatically-python-e68f1ec18f28
Spring Cloud Stream Application for Google Cloud Storage
https://paras301.medium.com/spring-cloud-stream-application-for-google-cloud-storage-631abd30ac9f
Methods to Bypass two-factor Authentication
https://infosecwriteups.com/methods-to-bypass-two-factor-authentication-bc2bd35bd44e
Check and locate phone number in OSINT
https://medium.com/@ibederov_en/check-and-locate-phone-number-in-osint-8beb8af50d5e
Witness the power of Intel® iGPU with Azure IoT Edge for Linux on Windows(EFLOW) & OpenVINO™ Toolkit
https://medium.com/openvino-toolkit/witness-the-power-of-intel-igpu-with-azure-iot-edge-for-linux-on-windows-eflow-openvino-f1520d60b19e
F.商業
Fortinet攜手中華資安國際提供零信任安全驅動網路服務
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9877
博通將以約 610 億美元的現金和股票收購 VMware
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9883
AI 技術成資安險利器,奧義智慧與日本 Digital Data Solution策略合作
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9880
DDoS攻擊日增 Mlytics助小三美日25分鐘內恢復營運
https://money.udn.com/money/story/5612/6354355?from=edn_newest_index
趨勢科技舉辦Pwn2Own 駭客大賽突破創新極限
https://www.techbang.com/posts/96650-trend-micro-announces-pwn2own-hacking-competition
Cybersixgill推威脅情資調查平臺,可橫跨深網、暗網查詢
https://times.hinet.net/topic/23949444
已知漏洞才是遭駭大宗,【TOPIA漏洞管理解決方案】協助企業有效率修補漏洞,阻止可能的資安攻擊
http://www.pcdiy.com.tw/detail/24030
資安病毒零容忍 IBM如何幫助企業更快從惡意攻擊復原
https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000636615_ZMI7UCAC02Y00Y6VRHHSS
引進中華資安國際的SOC服務 彌補資安人才不足缺口 融合MDR等多項創新技術 迅速回應威脅避免受駭
https://www.chtsecurity.com/news/2ebaab38-2303-4685-b94d-2095b2b4808a
大宇資跨足資安,入主安瑞-KY力拼明年開始獲利
https://reurl.cc/41Y8VX
G.政府
沙崙資安暨智慧科研專區2期動土
https://reurl.cc/55XVn7
科技部TTA南部據點 攜手農食新創圈掀科技革命
https://news.sina.com.tw/article/20220602/41969802.html
數位發展部最快7月掛牌 初期將分2地辦公
https://www.cna.com.tw/news/aipl/202206030063.aspx
數位發展部最快7月掛牌 唐鳳積極籌備
https://news.ltn.com.tw/news/politics/breakingnews/3948543
唐鳳可望接數位發展部部長 簡宏偉申請退休獲准
https://news.ltn.com.tw/news/politics/breakingnews/3948976
郵政物流中心施工進度逾九成 最快今年第四季啟用
https://news.housefun.com.tw/news/article/149520337039.html
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
Siemens SICAM P850和SICAM P855 存在安全弱點
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-29873
導入NVIDIA DGX A100專屬系統,軟硬整合加速落地 雲科大 IRIS 中心助產業 AI 化 客製專案搞定場域痛點
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/C04DED349C6F49929E92B9C7B186E151
半導體的資訊安全
https://money.udn.com/money/story/5629/6355065?from=edn_maintab_cate
裝置/系統資安不輕忽 邊緣運算力助工廠智慧化
https://www.mem.com.tw/%E8%A3%9D%E7%BD%AE-%E7%B3%BB%E7%B5%B1%E8%B3%87%E5%AE%89%E4%B8%8D%E8%BC%95%E5%BF%BD%E3%80%80%E9%82%8A%E7%B7%A3%E9%81%8B%E7%AE%97%E5%8A%9B%E5%8A%A9%E5%B7%A5%E5%BB%A0%E6%99%BA%E6%85%A7%E5%8C%96/
從網路層圍堵勒索病毒威脅—Check Point
https://www.netadmin.com.tw/netadmin/zh-tw/video/094CDC5BBB854BC794B171E9F0DA4884
Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices
https://thehackernews.com/2022/05/zyxel-issues-patches-for-4-new-flaws.html
農業機械遭駭會甩態停擺?食品商雙手奉上鉅額贖金,糧食危機再添一擊
https://buzzorange.com/techorange/2022/05/30/cyber-security-agricultural/
I.教育訓練
物聯網時代的15堂資安基礎必修課 (Practical Iot Hacking: The Definitive Guide to Attacking the Internet of Things)
https://www.tenlong.com.tw/products/9786263241756?list_name=p-r-zh_tw
中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班:全面招生中
https://www.cs.nycu.edu.tw/announcements/detail/8778
2022「證券期貨資訊安全實務養成課程」即日起開始報名
https://www.sfi.org.tw/news/news-7/3589
網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works)
https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw
不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書)
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html
【資安管理國際證照懶人包】學習心得、考試要點一次整理!2022 轉職夢幻工作看這篇
https://buzzorange.com/techorange/2021/12/30/isaca/
CISSP考試心得 – Benson
https://reurl.cc/GbWvxd
CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/
EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8
CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh
110年新進人員「校園資訊安全講座」教材
https://cc.nccu.edu.tw/p/406-1001-740,r18.php
【訓練教材D】資訊安全技術教育訓練教材
https://iscb.nchu.edu.tw/2019/07/d.html
109資通安全管理法數位教育訓練
https://reurl.cc/ARlmqp
110-1初級資訊安全工程師-資訊安全管理概論
https://yamol.tw/exam.php?id=104050
中大信息工程學系 栽培資訊科技領導人才
https://reurl.cc/ARZKDK
伊雲谷、中山大學產學合作 累積雲端資安人才能量
https://ctee.com.tw/industrynews/technology/587459.html
SANS Cyber Aces Online Tutorials
https://tutorials.cyberaces.org/tutorials.html
Free Online Cybersecurity Courses (MOOCs)
https://www.cyberdegrees.org/resources/free-online-courses/
Develop Your Cybersecurity Skills
https://www.cybrary.it/catalog/cybersecurity/
Mobile App Security
https://www.cybrary.it/course/mobile-app-security/
Introduction to Cybersecurity
https://reurl.cc/bnaj6d
How to Tackle SaaS Security Misconfigurations
https://thehackernews.com/2021/11/how-to-tackle-saas-security.html
How to Build a Security Awareness Training Program that Yields Measurable Results
https://thehackernews.com/2021/11/how-to-build-security-awareness.html
Common Attacks
https://choson.lifenet.com.tw/?p=1174
資安學習路上-滲透測試實務4
https://www.potatomedia.co/post/4191e744-64f3-4d33-af69-e3591adc2ed0
6.近期資安活動及研討會
駭客奪旗攻防演練:金融資安人才養成專班(第1期) 2022/04/28~2022/06/09
https://www.tabf.org.tw/CourseDetail.aspx?PID=487750
HITCON FreeTalk 2022 - 烏俄網路戰 & CTF 經驗分享 2022/6/6
https://hitcon.kktix.cc/events/hitcon-freetalk-2022
經濟部工業局沙崙資安服務基地 - 手把手帶你玩資安攻防 2022/6/9
https://bit.ly/38t2aWp
經濟部工業局沙崙資安服務基地 - 新世代資安防禦-網路威脅與防禦趨勢 2022/6/9
https://www.accupass.com/event/2205240207565477386890
資訊安全系列課程系列九:機器學習與資安異常診斷實務(第1期) 2022/6/7
https://www.tabf.org.tw/CourseDetail.aspx?PID=487302
醫療資安女力論壇 2022/6/11
https://isipevent.kktix.cc/events/e58d0573-copy-1
科技力x內容力 5G Craft 菁英挑戰賽號召各路英雄 2022/6/15
https://tomorrowsci.com/technology/20225g0526/
經濟部工業局沙崙資安服務基地 - 智慧製造的痛-駭客攻擊與勒索軟體威脅 2022/6/16
https://www.cisanet.org.tw/Course/Detail/2836
經濟部工業局沙崙資安服務基地 - 日誌大數據分析實戰 2022/6/23
https://bit.ly/3sJWjmp
資訊安全管理(週日班) 2022/7/3 ~ 2022/8/28
https://mymcu.mcu.edu.tw/zh-hant/product/e022205151
創科資訊②⓪②②軟體開發實戰訓練營➠線上實習說明會 2022/7/6
https://trunk-studio.kktix.cc/events/monosparta-code-camp-2022-9
風險導向資安稽核 2022/7/20
https://www.cisanet.org.tw/Course/Detail/2756
HITCON PEACE 2022 台灣駭客年會 2022/8/19 ~ 2022/8/20
https://hitcon.kktix.cc/events/hitcon-peace-2022
2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22
https://jamf.kktix.cc/events/cybersec2022jamf
沒有留言:
張貼留言