資安事件新聞週報 2022/6/13 ~ 2022/6/17
1.重大弱點漏洞/後門/Exploit/Zero Day
Sophos防火牆3月底的漏洞修補,傳出中國駭客在此之前就已經著手濫用
https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/
中國駭客攻擊Sophos防火牆漏洞
https://www.ithome.com.tw/news/151493
Chinese Hackers Exploited Sophos Firewall Zero-Day Flaw to Target South Asian Entity
https://thehackernews.com/2022/06/chinese-hackers-exploited-sophos.html
F5重大資安漏洞已陸續出現嚴重攻擊,請盡快修補及管控
https://www.cc.ntu.edu.tw/chinese/cert/cert20220616.asp
Splunk重大漏洞恐被攻擊者用於執行任意程式碼
https://www.securityweek.com/critical-code-execution-vulnerability-patched-splunk-enterprise?
Citrix ADM重大漏洞可讓攻擊者重設管理員密碼
https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512
SAP修補嚴重的NetWeaver漏洞
https://onapsis.com/blog/sap-security-patch-day-june-2022-improper-access-control-can-compromise-your-systems
電子郵件系統Zimbra漏洞恐讓攻擊者竊取用戶明文密碼
https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/
思科修補電子郵件防護系統可被用於繞過身分驗證的漏洞
https://www.bleepingcomputer.com/news/security/cisco-secure-email-bug-can-let-attackers-bypass-authentication/
IE瀏覽器淘汰了!微軟宣佈6/16停止支援
https://times.hinet.net/news/23967750
曾全球市占率第一!微軟今淘汰IE 仍有近3千萬人仍死守
https://www.setn.com/News.aspx?NewsID=1131089
資安業者指控微軟對Azure Synapse Analytics漏洞回應不夠積極
https://www.theregister.com/2022/06/14/security_azure_patch/
微軟修補MSDT零時差漏洞
https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2022-patch-tuesday-fixes-1-zero-day-55-flaws/
快更新Windows!微軟終於修復Follina漏洞、阻斷中國駭客攻擊
https://3c.ltn.com.tw/news/49667
俄羅斯駭客Sandworm疑在2個月前開始利用Follina漏洞攻擊烏克蘭
https://cert.gov.ua/article/160530
Microsoft 推出 2022 年 6 月 Patch Tuesday 資安更新包,修復Follina 等 55 個漏洞
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9920
Patch Tuesday: Microsoft Issues Fix for Actively Exploited 'Follina' Vulnerability
https://thehackernews.com/2022/06/patch-tuesday-microsoft-issues-fix-for.html
Technical Details Released for 'SynLapse' RCE Vulnerability Reported in Microsoft Azure
https://thehackernews.com/2022/06/technical-details-released-for-synlapse.html
Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities
https://www.ibm.com/support/pages/node/6595755?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
Security bulletin: Security Bulletin: IBM Security QRadar Event and Flow Exporter App is vulnerable to using components with known vulnerabilities (CVE-2021-31535, CVE-2020-17541)
https://www.ibm.com/support/pages/node/6595743?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
Security bulletin: Security Bulletin: Nanoid as used by IBM QRadar Use Case Manager App is vulnerable to information disclosure (CVE-2021-23566)
https://www.ibm.com/support/pages/node/6595741?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
Security bulletin: Security Bulletin: Apache Kafka as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-38153, CVE-2018-17196)
https://www.ibm.com/support/pages/node/6595739?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
Security bulletin: Security Bulletin: Pip as used by IBM QRadar Advisor With Watson is vulnerable to multiple vulnerabilities (CVE-2019-20916, CVE-2021-3572, CVE-2018-20225)
https://www.ibm.com/support/pages/node/6595273?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
High-Severity RCE Vulnerability Reported in Popular Fastjson Library
https://thehackernews.com/2022/06/high-severity-rce-vulnerability.html
研究人員揭露Intel與AMD處理器的旁路攻擊漏洞
https://times.hinet.net/news/23969647
x86 CPU 最新漏洞,駭客可遠端竊取金鑰,Intel 全部處理器受影響
https://vitomag.com/tech/oyoprq.html
研究人員揭露Intel、AMD處理器旁路攻擊手法Hertzbleed
https://www.hertzbleed.com/
New Hertzbleed Side Channel Attack Affects All Modern AMD and Intel CPUs
https://thehackernews.com/2022/06/new-hertzbleed-side-channel-attack.html
Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens
https://thehackernews.com/2022/06/unpatched-travis-ci-api-bug-exposes.html
駭客還在利用3年前的Telerik UI漏洞以植入Cobalt Strike與挖礦軟體
https://www.ithome.com.tw/news/151464
多款瀏覽器外掛程式錢包存在安全性漏洞,目前MetaMask及Phantom已修復
https://www.techbang.com/posts/97208-browser-plugin-wallets
WordPress表單外掛程式Ninja Forms漏洞已遭利用
https://www.wordfence.com/blog/2022/06/psa-critical-vulnerability-patched-in-ninja-forms-wordpress-plugin/
Over a Million WordPress Sites Forcibly Updated to Patch a Critical Plugin Vulnerability
https://thehackernews.com/2022/06/over-million-wordpress-sites-forcibly.html
研究人員揭露攻擊蘋果M1晶片的手法PACMAN
https://pacmanattack.com/
研究人員發現可擊破M1晶片最後防線、執行程式碼的PACMAN漏洞
https://www.ithome.com.tw/news/151404
不能只看CVSS分數!從商業風險判斷弱點管理的優先程度
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9917
2.銀行/金融/保險/證券/支付系統/金融監理 新聞及資安
NordVPN: 台灣信用卡資料於暗網市場售價是全球平均2倍
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9904
從第一銀行遭駭客入侵盜領案 論述刑法對資安保障
https://twnewshub.com/archives/30752
創業3年獲Gogolook策略投資,日本金融廳、紐約金融署都青睞的鏈奇科技什麼來頭
https://meet.bnext.com.tw/articles/view/49186
第一金強化經營韌性;擬穩健擴張海外業務
https://www.ttv.com.tw/finance/view/062022171131C9E85CFD56344C73A509DABD761CD0A0C470/587
強化資安 元大金五子公司通過個資管理制度驗證
https://money.udn.com/money/story/5613/6386377?from=edn_newestlist_cate_side
元大金旗下5家子公司通過個資管理制度驗證
https://turnnewsapp.com/livenews/finance/A95634002022061415484577
元大金五子公司 通過PIMS驗證
https://wantrich.chinatimes.com/news/20220615900087-420101
完善法令遵循及內控內稽制度 銀行進入全面法令遵循體制
https://news.tvbs.com.tw/money/1817384
精誠資訊「智慧金融軟體學院」開跑 歡迎新鮮人加入
https://www.1111.com.tw/news/jobns/146068
國泰金控公司治理評鑑6度挺進前5% 旗下國泰人壽推業界首創眼睛保險
https://reurl.cc/7DqrEk
職員:銀行系統顯示已發出 OTP或遭駭客刪除
https://reurl.cc/anD9b4
上海解封又一亂象! 不會行動支付、ATM又故障 老年人凌晨兩點就去銀行排隊
https://reurl.cc/p1RgeQ
享受購物更要精打細算 聯卡中心讓分期付款變聰明了
https://reurl.cc/j1e80D
全台首張 萬事達卡推數位優先卡
https://www.chinatimes.com/newspapers/20220613000269-260208?chdtv
淡海輕軌新「發現」 感應信用卡就能入站
https://www.cardu.com.tw/news/detail.php?46379
3.電子支付/行動支付/pay/資安
投資趨勢! 國泰數位支付服務ETF熱門
https://reurl.cc/VDoEbY
發卡機構首推視障人士「共融卡」 配備凸字壓印、點字助電子支付原文網址: 發卡機構首推視障人士「共融卡」 配備凸字壓印、點字助電子支付 | 香港01 https://www.hk01.com/sns/article/782520
https://reurl.cc/NAorK9
91APP、Atome 拓先買後付市場
https://reurl.cc/zZkena
國泰投信:數位支付服務商機引爆
https://wantrich.chinatimes.com/news/20220615900092-420401
LINE Pay、一卡通分手,誰是贏家
https://www.bnext.com.tw/article/69965/line-pay-ipass-note
南韓廢除硬幣、瑞典無現金社會!法人:全球加速邁向「Pay 經濟」
https://technews.tw/2022/06/14/cashless/
Pay經濟崛起 迎數位支付百兆商機
https://money.udn.com/money/story/5636/6391214
臉書買芒果遭偷設定第三方支付 2小時被盜刷8次共19萬
https://news.pts.org.tw/article/584624
4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約 資安
Create NFT Market Place without any libraries like openZeppelin (part 1)
https://amirdiafi.medium.com/create-nft-market-place-without-any-libraries-like-openzeppelin-part-1-7c3bbc04c23f
波場聯合儲備宣布已斥資1億USDC購買TRX
https://news.cnyes.com/news/id/4892593
比特幣大騙局:竊盜、駭客、投機者,加密貨幣交易所Mt. Gox的腐敗運作與破產真相
https://ebook.hyread.com.tw/bookDetail.jsp?id=294921
安全團隊:BlockSec成功攔截針對FSWAP 的駭客攻擊
https://news.cnyes.com/news/id/4892969
Celsius暫停出金第四日,執行長首度發言狂跳針:感謝最強大的Celsius社群
https://news.cnyes.com/news/id/4893309
Fei Labs:不支持通過 FEI PCV 來償還 Fuse 平台的用戶損失
https://news.cnyes.com/news/id/4893227
三箭資本將超1.4萬枚stETH轉換為約1366萬枚USDT
https://news.cnyes.com/news/id/4894154
比特幣重挫!薩爾瓦多一夕蒸發16億 總統透露還要繼續買
https://news.tvbs.com.tw/world/1822161
「這群人」與幣安合作推NFT,作品經典元素、內容、台詞以盲盒出售
https://www.bnext.com.tw/article/69957/tgop-binance-nft
Meta Quest 2 適用的 Horizon Home 虛擬實境社群服務將於下週推出 擴展元宇宙應用發展
https://www.cool3c.com/article/178421
華碩雲端總經理吳漢章:相信台灣第一個元宇宙醫院很快就會誕生
https://news.sina.com.tw/article/20220613/42013766.html
Coinbase 宣布將裁員超過 1000 人!加密冬天真的來了
https://buzzorange.com/techorange/2022/06/15/cryptocurrency-bear-coinbase/
Optimism駭客已歸還1700萬枚OP
https://news.cnyes.com/news/id/4890007
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
18款 Windows 防毒軟體大PK!8款掃毒防護獲評為最佳
https://3c.ltn.com.tw/news/49549
Qbot 惡意軟體現正利用 Windows MSDT 0-day 漏洞發動釣魚攻擊
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9908
勒索軟體BlackCat透過ProxyLogon漏洞入侵受害組織
https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/
勒索軟體BlackCat架設個資外洩查詢網站,疑透過員工向受害組織施壓
https://www.bleepingcomputer.com/news/security/ransomware-gang-creates-site-for-employees-to-search-for-their-stolen-data/
行動裝置後門程式SeaFlower竊取加密貨幣錢包的通關密語
https://blog.confiant.com/how-seaflower-%E8%97%8F%E6%B5%B7%E8%8A%B1-installs-backdoors-in-ios-android-web3-wallets-to-steal-your-seed-phrase-d25f0ccdffce
Atlassian Confluence重大漏洞也被勒索軟體駭客利用
https://www.bleepingcomputer.com/news/security/confluence-servers-hacked-to-deploy-avoslocker-cerber2021-ransomware/
伊朗駭客利用DNS後門程式對能源組織下手
https://www.zscaler.com/blogs/security-research/lyceum-net-dns-backdoor
駭客組織Black Basta鎖定虛擬化平臺發展勒索軟體、攻擊者利用微軟Office重大漏洞對烏克蘭下手
https://reurl.cc/Erv2dK
中國駭客組織散布WinDealer惡意軟體有新手法,已具旁觀者攻擊手法能力
https://reurl.cc/0peDA6
非洲最大連鎖超市Shoprite遭勒索軟體RansomHouse攻擊
https://times.hinet.net/news/23971812
安卓用戶快刪這5款APP!木馬病毒入侵照片編輯軟體「個資盜光光」,200萬名用戶恐受害
https://www.storm.mg/lifestyle/4383846
P2P殭屍網路Panchan鎖定教育單位的Linux伺服器而來
https://www.akamai.com/blog/security/new-p2p-botnet-panchan
駭客組織8220也利用Atlassian Confluence伺服器挖礦
https://blog.checkpoint.com/2022/06/09/crypto-miners-leveraging-atlassian-zero-day-vulnerability/
Cerber2021 Ransomware Back in Action
https://blog.cyble.com/2022/06/17/cerber2021-ransomware-back-in-action
Panchan’s Mining Rig: New Golang Peer-to-Peer Botnet Says “Hi!”
https://www.akamai.com/blog/security/new-p2p-botnet-panchan
Analysis of a secret theft attack against multiple institutions in South Korea
https://www-freebuf-com.translate.goog/articles/paper/329379.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=zh-TW
F5 Labs Investigates MaliBot
https://www.f5.com/labs/articles/threat-intelligence/f5-labs-investigates-malibot
GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool
https://unit42.paloaltonetworks.com/pingpull-gallium/
Telerik UI exploitation leads to cryptominer, Cobalt Strike infections
https://news.sophos.com/en-us/2022/06/15/telerik-ui-exploitation-leads-to-cryptominer-cobalt-strike-infections/
https://github.com/sophoslabs/IoCs/blob/master/Troj-Miner-AED.csv
Linux蠕蟲程式Syslogk於受害主機載入後門程式
https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
Linux Threat Hunting: Syslogk a kernel rootkit found under development in the wild
https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
New Syslogk Linux Rootkit Lets Attackers Remotely Command It Using "Magic Packets"
https://thehackernews.com/2022/06/new-syslogk-linux-rootkit-lets.html
Malware Android Software Spread by Sidewinder (APT-Q-39) Using Google Play
https://mp-weixin-qq-com.translate.goog/s/LaWE4R24D7og-d7sWvsGyg?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en
Exposing HelloXD Ransomware and x4k
https://unit42.paloaltonetworks.com/helloxd-ransomware/
微軟:勒索軟體駭客經常以盜來的憑證或Exchange漏洞入侵組織
https://www.ithome.com.tw/news/151425
BlackCat Ransomware Gang Targeting Unpatched Microsoft Exchange Servers
https://thehackernews.com/2022/06/blackcat-ransomware-gang-targeting.html
A Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage
https://thehackernews.com/2022/06/a-microsoft-office-365-feature-could.html
MaliBot: A New Android Banking Trojan Spotted in the Wild
https://thehackernews.com/2022/06/malibot-new-android-banking-trojan.html
Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers
https://thehackernews.com/2022/06/panchan-new-golang-based-peer-to-peer.html
Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware
https://thehackernews.com/2022/06/researchers-detail-purecrypter-loader.html
中國駭客組織Gallium開始利用新的PingPull木馬
https://www.ithome.com.tw/news/151426
中國駭客Gallium利用木馬程式PingPull攻擊電信業者、金融與政府單位
https://unit42.paloaltonetworks.com/pingpull-gallium/
Chinese 'Gallium' Hackers Using New PingPull Malware in Cyberespionage Attacks
https://thehackernews.com/2022/06/chinese-gallium-hackers-using-new.html
Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses
https://thehackernews.com/2022/06/researchers-disclose-rooting-backdoor.html
勒索軟體Hello XD不只加密電腦檔案,還會植入後門
https://unit42.paloaltonetworks.com/helloxd-ransomware/
HelloXD Ransomware Installing Backdoor on Targeted Windows and Linux Systems
https://thehackernews.com/2022/06/hello-xd-ransomware-installing-backdoor.html
美國紐澤西州學校因遭勒索軟體攻擊取消期末考
https://therecord.media/new-jersey-school-district-forced-to-cancel-final-exams-amid-ransomware-recovery-effort/
Researchers Uncover 'Hermit' Android Spyware Used in Kazakhstan, Syria, and Italy
https://thehackernews.com/2022/06/researchers-uncover-hermit-android.html
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
通行密鑰 Passkeys是什麼?Apple為何要推無密碼登錄技術
https://mrmad.com.tw/apple-passkeys
Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users
https://thehackernews.com/2022/06/chinese-hackers-distribute-backdoored.html
點擊 App 太慢了!Google 官方推薦 5 款超實用 Android 「桌面小工具」
https://3c.ltn.com.tw/news/49669
精誠攜手互動資通跨入EIM企業即時通訊協作市場 提升營運績效
http://www.ctimes.com.tw/DispNews-tw.asp?O=HK66F9BYCE0SAA00NC
多人會議同時講話也不怕聽不清!微軟如何靠 AI 技術打造更好的通話體驗
https://buzzorange.com/techorange/2022/06/15/microsoft-teams-ai/
iOS 16和Android 13的更新,到底將為你的手機帶來什麼改變
https://www.techbang.com/posts/97042-ios16-android13
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
網絡安全專家:小心被駭 別用公共Wi-Fi付賬
https://reurl.cc/Lmo0Oy
資安規範建立是場公司營運大挑戰,領導者沒有時間慢慢熬了
https://buzzorange.com/techorange/2022/06/13/2022-data-security-management/
IT 部門為何變成財務黑洞?除了工程師不善溝通,還有這些問題要面對
https://www.managertoday.com.tw/columns/view/65312
公有雲業者仍在客戶VM下暗中安裝軟體
https://times.hinet.net/news/23967517
任天堂駭客團夥策劃者:他賺了幾十億 我偷點又何妨
https://reurl.cc/QLo7K9
46% 資深高階資安人員因駭侵防範壓力大增而萌生辭意
https://www.twcert.org.tw/tw/cp-104-6223-bc820-1.html
臺資安業者揭露國內AD防護現況,盤點AD攻擊路徑與管理者帳號是當務之急
https://www.ithome.com.tw/news/151458
Smilodon駭客組織鎖定WordPress網站發動側錄攻擊
https://blog.sucuri.net/2022/06/smilodon-credit-card-skimming-malware-shifts-to-wordpress.html
捲土重來的 AlphaBay,將再次稱霸暗網市場
https://www.inside.com.tw/article/28035-alphabay-is-taking-over-the-dark-web-again
電商業者的人財兩失殺手:彈出式廣告劫持
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9912
美國網安公司:中國駭客攻擊澳洲與東南亞達10年
https://udn.com/news/story/7331/6386546?from=udn-catebreaknews_ch2
中國傲琴龍 駭攻亞太國家10年
https://news.ltn.com.tw/news/world/paper/1523092
中共駭客攻擊以色列、伊朗、沙烏地阿拉伯以獲取商業和技術機密
https://gnews.org/post/p1463054
中國電商公司兩名員工離職報復公司:將所有商品改為一折
https://www.techbang.com/posts/97110-the-change-of-goods-to-a-one-fold-discount-led-to-a-loss-of
香港傳真社停運涉國安否 創辦人:沒資料 聲明稱財政穩健 未交代停運原因
https://reurl.cc/6ZRaRd
駭客洩露新疆集中營內的大量檔
https://gnews.org/post/p2599493
俄羅斯駭客Sandworm疑在2個月前開始利用Follina漏洞攻擊烏克蘭
https://cert.gov.ua/article/160530
美警示中國駭客攻擊電信業態勢,16個網路設備已知漏洞最常被鎖定
https://www.ithome.com.tw/tech/151476
美國網路「觸角」伸向俄烏戰場或導致俄烏衝突升級和擴大
https://reurl.cc/6ZRy15
美國情報機構加強鎖定中國 華裔擔憂遭殃
https://udn.com/news/story/6809/6393280
美國情報總監辦公室:情報收集聚焦中國而不是華裔或亞裔美國人
https://www.voacantonese.com/a/spy-agencies-focus-on-china-could-snare-chinese-americans-20220615/6618662.html
大規模HTTPS流量DDoS攻擊鎖定Cloudflare免費用戶下手
https://blog.cloudflare.com/26m-rps-ddos/
Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second
https://thehackernews.com/2022/06/cloudflare-saw-record-breaking-ddos.html
資通訊人才先卡位,中華電今年釋出近千職缺需求
https://technews.tw/2022/06/17/cht-3/
中華電衝刺5G創新應用 釋近千名基層ICT職缺
https://www.ftvnews.com.tw/news/detail/2022617W0087
5L新光人壽-資訊安全管理師(有相關經驗、證照者從優核敘)
https://www.skfh.com.tw/hr/job_detail.aspx?id=20489
Java Engineer
https://hunter.104.com.tw/en/job/FG00005641
資安技術顧問助理_台北
https://www.104.com.tw/job/7nvua
資安產品經理
https://www.104.com.tw/job/7nvjb
REQ_2204632 AW0130資安技術工程師
https://www.104.com.tw/jobs/apply/analysis/7l7qk?channel=104rpt&jobsource=apply_analyze
未來十年,這 30 個高薪職位最缺工!根據美國勞工局預測
https://www.managertoday.com.tw/articles/view/65256
資安助理顧問
https://www.104.com.tw/job/7iyxw?jobsource=jolist_c_date
資安鑑識支援工程師-ACSI
https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E9%91%91%E8%AD%98%E6%94%AF%E6%8F%B4%E5%B7%A5%E7%A8%8B%E5%B8%AB-acsi-at-acer-3124895080/?originalSubdomain=tw
技術副理-ACSI
https://www.linkedin.com/jobs/view/%E6%8A%80%E8%A1%93%E5%89%AF%E7%90%86-acsi-at-acer-3124888995/?originalSubdomain=tw
資安管理師
https://www.104.com.tw/job/7nydp
資訊安全工程師
https://www.104.com.tw/job/7o047
【資訊】雲端資安工程師
https://www.yourator.co/companies/cathaybk/jobs/24754
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
地下市場最常見 10 大「外洩密碼」別再用!免費工具 1 秒就破解
https://3c.ltn.com.tw/news/49664
別再用這10組密碼!駭客用免費工具秒破解 加「1符號」提高安全度
https://www.ftvnews.com.tw/news/detail/2022616W0158
免費VPN服務疑資料庫配置不當,曝露2,500萬筆記錄
https://cybernews.com/security/25-million-free-vpn-user-records-exposed/
【部分錯誤】網傳「BT網站能夠免費下載電影、軟體、電玩,十年前因沒有金錢交易,純自己觀賞,上傳下載的人都不違法,現在這個下載方式被改變,會自動上傳,變成犯法」
https://tfc-taiwan.org.tw/articles/7679
【基輔連線】用真實來打這場俄國資訊戰 烏克蘭查核組織《Vox Check》
https://tfc-taiwan.org.tw/articles/7674
疫情宅家上網釀個資破口 狂接投資詐騙電話...刑大曝3招防詐
https://www.ettoday.net/news/20220613/2271885.htm
資安零信任 防詐先查證
https://times.hinet.net/news/23965247
Messenger 點擊網址詐騙達高峰!數百萬用戶FB 帳密遭盜洩個資
https://3c.ltn.com.tw/news/49590
網購芒果遭假小編騙個資 盜刷19萬
https://news.ebc.net.tw/news/society/321873
網路購物平台易淪洩漏個資管道 刑大提醒慎選投資標的
https://www.chinatimes.com/realtimenews/20220613002038-260402?chdtv
真有老大哥在背後監視我們?專家破解 21 個關於國家資料隱私的傳言
https://buzzorange.com/techorange/2022/06/16/hoozbook-i-have-nothing-to-hide/
個資外洩名人經驗慘 專家:送修前鎖硬碟|#鏡新聞
https://reurl.cc/vdxq8l
軟體開發測試平臺Travis CI恐曝露數千個GitHub、AWS、Docker憑證
https://blog.aquasec.com/travis-ci-security
投資詐騙局中局 中市4被害人遭扒2次皮
https://reurl.cc/GxYmYW
被騙金錢能追回?網紅親砸12萬為粉絲買教訓 直呼:別再2次上當
https://www.ftvnews.com.tw/news/detail/2022611W0128
E.研究報告/工具
python駭客攻防入門下載-Python鍵盤鉤取的自我理解
https://tw.pythontechworld.com/article/detail/ZeAw4IpJ7SM8
123個hacker必備的Python工具
https://tw.pythontechworld.com/article/detail/eidD1gnQHN3I
網路資安溯源 (cyber attribution),只是單純找出幕後駭客而已嗎
https://blog.trendmicro.com.tw/?p=72744
假投資詐騙橫行 北市警提醒注意網路安全
https://udn.com/news/story/7320/6384973
開源工具減輕維運負擔 從頭示範如何安裝、設定及使用 Icinga2自動監控 隨時掌控系統網路服務
https://www.netadmin.com.tw/netadmin/zh-tw/technology/8B9958055B1E4BC7BE5ED3EACD383D10
The Latest .NET 7 Features Will Change the Way You Code
https://medium.com/dotnetsafer/the-latest-net-7-features-will-change-the-way-you-code-b62b2611b910
Security Notice: Extension Disk Encryption Issue
https://medium.com/metamask/security-notice-extension-disk-encryption-issue-d437d4250863
Going Behind the Scenes of Foursquare’s Places API
https://medium.com/foursquare-direct/going-behind-the-scenes-of-foursquares-places-api-bed74f8f1d14
What is LaMDA and What Does it Want
https://cajundiscordian.medium.com/what-is-lamda-and-what-does-it-want-688632134489
Stop using Alpine Docker images
https://medium.com/inside-sumup/stop-using-alpine-docker-images-fbf122c63010
Automatic Feature Selection in python
https://danilzherebtsov.medium.com/automatic-feature-selection-in-python-f72ec69215fe
How I Found a company’s internal S3 Bucket with 41k Files
https://infosecwriteups.com/how-i-found-a-companys-internal-s3-bucket-with-41k-files-94b453e588b5
The Do’s and Don’ts of Try-Catch in JavaScript
https://javascript.plainenglish.io/the-dos-and-don-ts-of-try-catch-in-javascript-75c4e8c82200
Advanced Interactive Dashboard in Python
https://medium.com/@jairotunior/advanced-interactive-dashboards-in-python-cc2927dcde07
Difference Between Agent-Based and Network-Based Internal Vulnerability Scanning
https://thehackernews.com/2022/06/difference-between-agent-based-and.html
Quick and Simple: BPFDoor Explained
https://thehackernews.com/2022/06/quick-and-simple-bpfdoor-explained.html
Reimagine Hybrid Work: Same CyberSec in Office and at Home
https://thehackernews.com/2022/06/reimagine-hybrid-work-same-cybersec-in.html
F.商業
趨勢科技:石油及天然氣產業遭受工業設備網路攻擊損失最嚴重
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9907
攻擊停留時間平均超過10天!IAB「隱形」入侵讓多個攻擊者可能鎖定同一目標
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9909
Fortinet 發布新產品 FortiNDR,以人工智慧偵測並回應威脅攻擊
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9903
Check Point Harmony Mobile 4.0整合三星安全平台 Samsung Knox
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9905
NetApp 簡化混合雲操作,因應勒索軟體威脅,協助加速 VMware 工作負載上雲
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9906
傳聞美國國防承包商L3Harris有意買下以色列駭客公司NSO Group
https://times.hinet.net/news/23969443
全球企業憂心數位受攻擊面控管問題將影響資安風險
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000637455_WVW5RLEV4MW0J66UI9MY3
再創佳績!蓋亞資訊連續兩年獲頒IMPERVA年度全球傑出業務獎
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=16&id=0000637350_4ZY2P27C6QP8K3LOHOK6M
軟體供應鏈必學資安課題,如何拉近開發與資安的距離
https://buzzorange.com/techorange/2022/06/17/gss-checkmarx/
趨勢科技推出TMMNS方案 落實5G專網點對點聯合防禦
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&cat=80&id=0000637288_3IN1N2B890QFYU7E51B6E
F5發表NGINX for Microsoft Azure提供安全高效能的應用交付
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9914
A10 Networks資安系統降低DDoS攻擊
https://www.mem.com.tw/a10-networks%E8%B3%87%E5%AE%89%E7%B3%BB%E7%B5%B1%E9%99%8D%E4%BD%8E/
平衡才是王道!後疫時代下企業關注資安防禦和商業敏捷性的平衡
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9918
美國Fintech業者併購臺灣資安新創Cybavo
https://www.ithome.com.tw/news/151406
微軟併購外國網路威脅情資業者Miburo
https://blogs.microsoft.com/blog/2022/06/14/microsoft-to-acquire-miburo/
宏碁集團也搶儲能商機 旗下智頻、展碁國際聯手布局
https://news.cnyes.com/news/id/4890167?exp=a
魚與熊掌可兼得!AWS 助資安長打造可兼顧企業效率的資安架構
https://buzzorange.com/techorange/2022/06/13/aws-cso/
趨勢科技最新研究顯示:可視性與控管上的漏洞正在侵蝕企業資安
https://www.techbang.com/posts/96980-trendmicro-research-reveals-struggle-control-cyber-risks
Google Cloud計算出π小數點位後第100兆位數,再次打破世界紀錄
https://www.ithome.com.tw/news/151400
Google、SAP 都有!為員工爭取幸福的 CHO,為何在近年格外重要
https://www.managertoday.com.tw/articles/view/65257
G.政府
員工罵恩爸「塔綠班」 新北市府封網禁上PTT
https://www.youtube.com/watch?v=V3dqDl5EYf0
網紅四叉貓指新北封PTT 市府:正常網管作為
https://newtalk.tw/news/view/2022-06-13/769764
口罩國家隊疑遭網軍攻擊 她被控操控「24帳號」誹謗結果出爐
https://www.ettoday.net/news/20220616/2274244.htm
學習歷程檔案遺失「虛擲8千萬公帑」 監察院糾正國教署:要究責
https://www.ettoday.net/news/20220617/2274889.htm
台北通取得ISO 27701認證 首創三項資安及個資保護認證市政APP
https://doit.gov.taipei/News_Content.aspx?n=4B2B1AB4B23E7EA8&sms=72544237BBE4C5F6&s=9E612EF2ACE463DD
林佳龍提北市政見「元宇宙、NFT入列」 4年投100億拚觀光
https://www.mirrormedia.mg/story/20220613edi016/
設置智慧與綠能產業服務共創基地 桃市府攜手北科大簽署MOU
https://reurl.cc/p1RgKd
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
智慧監控效益不打折 威剛工控「軟硬兼施」為場域安全把關
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=16&id=0000637276_LT11N4AK8DCPEW5WWKIX7
豐田遭「羅賓漢」網路攻擊 汽車生產受影響
https://ec.ltn.com.tw/article/breakingnews/3960957
豐田車廂感知系統運用毫米波雷達偵測車內生物
https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000637241_GRX12UAF5O01MZ0MTMZUX
DEKRA德凱攜手趨勢科技子公司VicOne打造車用資安認證整合服務
https://zeekmagazine.com/archives/174999
工業設備網路攻擊造成企業數百萬美元損失
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=16&id=0000637456_43258QSJ4ESBBK74V4RVX
TXOne EdgeIPS Pro 216 為中小型製造業確保營運安全不中斷
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/27BAD4503BFD47C59CBD5A76BB339241
趨勢旗下VicOne、德凱 推車用資安認證
https://wantrich.chinatimes.com/amp/news/20220617900037-420501
催生超低功耗邊緣AI應用 tinyML賦予MCU產業新契機
https://www.eettaiwan.com/20220617nt31-tinyml-gives-mcu-industry-new-opportunities/
法國FIC論壇示警:產業OT資安遠遠落後於資訊科技
https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=4b8db8dc-f3f9-4c7d-85f5-352848748a79
意法/AWS合作開發IoT AWS雲端連接方案
https://www.mem.com.tw/%E6%84%8F%E6%B3%95-aws%E5%90%88%E4%BD%9C%E9%96%8B%E7%99%BCiot-aws%E9%9B%B2%E7%AB%AF%E9%80%A3%E6%8E%A5%E6%96%B9%E6%A1%88/
台日工控資安交流 捷而思分享身份認證再進化
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000636966_VLIL0J0K5AKD6M7C42OB0
製造業做淨零,只能手抄機台數據、再鍵入電腦?一個聰明的新方法
https://www.businessweekly.com.tw/carbon-reduction/blog/3009982
華碩建構OT資安工控,鞏固智慧製造防護網
https://www.techbang.com/posts/96972-asus-builds-ot-information-security-industrial-control
I.教育訓練
物聯網時代的15堂資安基礎必修課 (Practical Iot Hacking: The Definitive Guide to Attacking the Internet of Things)
https://www.tenlong.com.tw/products/9786263241756?list_name=p-r-zh_tw
中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班:全面招生中
https://www.cs.nycu.edu.tw/announcements/detail/8778
2022「證券期貨資訊安全實務養成課程」即日起開始報名
https://www.sfi.org.tw/news/news-7/3589
網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works)
https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw
不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書)
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html
【資安管理國際證照懶人包】學習心得、考試要點一次整理!2022 轉職夢幻工作看這篇
https://buzzorange.com/techorange/2021/12/30/isaca/
CISSP考試心得 – Benson
https://reurl.cc/GbWvxd
CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/
EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8
CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh
110年新進人員「校園資訊安全講座」教材
https://cc.nccu.edu.tw/p/406-1001-740,r18.php
【訓練教材D】資訊安全技術教育訓練教材
https://iscb.nchu.edu.tw/2019/07/d.html
109資通安全管理法數位教育訓練
https://reurl.cc/ARlmqp
110-1初級資訊安全工程師-資訊安全管理概論
https://yamol.tw/exam.php?id=104050
中大信息工程學系 栽培資訊科技領導人才
https://reurl.cc/ARZKDK
伊雲谷、中山大學產學合作 累積雲端資安人才能量
https://ctee.com.tw/industrynews/technology/587459.html
SANS Cyber Aces Online Tutorials
https://tutorials.cyberaces.org/tutorials.html
Free Online Cybersecurity Courses (MOOCs)
https://www.cyberdegrees.org/resources/free-online-courses/
Develop Your Cybersecurity Skills
https://www.cybrary.it/catalog/cybersecurity/
Mobile App Security
https://www.cybrary.it/course/mobile-app-security/
Introduction to Cybersecurity
https://reurl.cc/bnaj6d
How to Tackle SaaS Security Misconfigurations
https://thehackernews.com/2021/11/how-to-tackle-saas-security.html
How to Build a Security Awareness Training Program that Yields Measurable Results
https://thehackernews.com/2021/11/how-to-build-security-awareness.html
Common Attacks
https://choson.lifenet.com.tw/?p=1174
資安學習路上-滲透測試實務4
https://www.potatomedia.co/post/4191e744-64f3-4d33-af69-e3591adc2ed0
6.近期資安活動及研討會
科技力x內容力 5G Craft 菁英挑戰賽號召各路英雄 2022/6/15
https://tomorrowsci.com/technology/20225g0526/
經濟部工業局沙崙資安服務基地 - 智慧製造的痛-駭客攻擊與勒索軟體威脅 2022/6/16
https://www.cisanet.org.tw/Course/Detail/2836
【滲透與入侵 - 供應鏈資安威脅】資安跨域交流活動 2022/6/20
https://www.tca.org.tw/exhibit_info1.php?n=1716
經濟部工業局沙崙資安服務基地 - 日誌大數據分析實戰 2022/6/23
https://bit.ly/3sJWjmp
資安沙龍-「把科技力量化為智慧製造供應鏈安全的靠山」 2022/6/27
http://www.twcloud.org.tw/xmevent/cont?xsmsid=0I194031315298462880&sid=0M167435346971609077
資訊安全管理(週日班) 2022/7/3 ~ 2022/8/28
https://mymcu.mcu.edu.tw/zh-hant/product/e022205151
工控資安環境認知課程 2022/7/5
https://www.acw.org.tw/News/Detail.aspx?id=3228
創科資訊②⓪②②軟體開發實戰訓練營➠線上實習說明會 2022/7/6
https://trunk-studio.kktix.cc/events/monosparta-code-camp-2022-9
關鍵基礎設施實作課程(含攻防演練實作) 2022/7/11
https://www.acw.org.tw/News/Detail.aspx?id=3229
工控資安環境認知課程 2022/7/12
https://www.acw.org.tw/News/Detail.aspx?id=3228
風險導向資安稽核 2022/7/20
https://www.cisanet.org.tw/Course/Detail/2756
關鍵基礎設施實作課程(含攻防演練實作) 2022/7/25
https://www.acw.org.tw/News/Detail.aspx?id=3229
關鍵基礎設施實作課程(含攻防演練實作) 2022/8/1
https://www.acw.org.tw/News/Detail.aspx?id=3229
HITCON PEACE 2022 台灣駭客年會 2022/8/19 ~ 2022/8/20
https://hitcon.kktix.cc/events/hitcon-peace-2022
2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22
https://jamf.kktix.cc/events/cybersec2022jamf
關鍵基礎設施實作課程(含攻防演練實作) 2022/9/27
https://www.acw.org.tw/News/Detail.aspx?id=3229
沒有留言:
張貼留言