資安事件新聞週報 2022/8/29 ~ 2022/9/2

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/8/29 ~ 2022/9/2 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco 近日發布更新以解決多個產品的安全性弱點 https://tools.cisco.com/security/center/publicationListing.x 研究人員揭露WatchGuard防火牆數個漏洞 https://www.ambionics.io/blog/hacking-watchguard-firewalls 資安研究人員發現存於 Linux 核心長達 8 年的 Dirty Cred 漏洞 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=10043 研究人員揭露Linux核心漏洞DirtyCred細節 https://www.rezilion.com/blog/dirty-cred-what-you-need-to-know/ Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center https://thehackernews.com/2022/08/critical-vulnerability-discovered-in.html Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks https://thehackernews.com/2022/08/google-launches-new-open-source-bug.html Chrome剪貼薄功能存在漏洞，恐被用於竊密 https://www.ithome.com.tw/news/152831 Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content https://thehackernews.com/2022/09/google-chrome-bug-lets-sites-silently.html Google針對旗下開源軟體祭出抓漏獎勵 https://security.googleblog.com/2023/08/Announcing-Googles-Open-Source-Software-Vulnerability-Rewards-Program%20.html CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog https://thehackernews.com/2022/08/cisa-adds-10-new-known-actively.html Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations https://thehackernews.com/2022/08/iranian-hackers-exploiting-unpatched.html WordPress修補高風險SQL注入漏洞 https://www.wordfence.com/blog/2022/08/wordpress-core-6-0-2-security-maintenance-release-what-you-need-to-know/ 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安 FBI Warns Investors to Take Precautions with Decentralized Financial Platforms https://thehackernews.com/2022/08/fbi-warns-investors-to-take-precautions.html 陳慧遊獲選掌壽險公會一個關鍵政見讓他勝過尹崇堯 https://vip.udn.com/vip/story/121938/6578350 2022國泰金控技術年會聚焦去中心化金融 https://ec.ltn.com.tw/article/breakingnews/4044640 聚焦 DeFi、區塊鏈、雲端與開源！2022 國泰金控技術年會登場 https://blockcast.it/2022/09/01/2022-cathay-financial-holdings-technology-annual-conference/ 擘劃證券市場新未來證交所提四方向 https://www.sinotrade.com.tw/richclub/news/630f77771989be9be4f1a43d 集保揭露5大行動方案，要用AI大數據分析強化基金監理 https://times.hinet.net/news/24109975 安聯人壽：全台首座雙語網路投保平台線上旅遊安平險全新推出 https://www.rmim.com.tw/news-detail-37974 3.電子支付/行動支付/pay/資安藍新金流在兩週內遭遇數波DDoS攻擊，國內至少十多家線上平臺揭露期間暫時無法交易或付款 https://www.ithome.com.tw/news/152801 嗶支付夯金管會今放寬商家確認證明申請加速流程 https://reurl.cc/ERg5Lk 簡化電支機構對店家身分確認金管會祭便民措施 https://money.udn.com/money/story/5613/6583617?from=edn_newestlist_cate_side 全支付上線首日　註冊會員破50萬 https://today.line.me/tw/v2/article/1DX5Qz8 別搞混了！秒懂行動支付、第三方支付、電子支付有什麼不同 https://www.cardu.com.tw/mpay/detail.php?39548 谷歌在南非推出錢包業務，搶攻行動支付市場 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=60cf014d-537d-4ed9-bd82-ea54f82fd3b6 行動支付熱LINE Pay上半年業績創高擴大招募3類人才 https://www.cna.com.tw/news/afe/202208100291.aspx 新北市府花5千多萬發行「新北幣」議員質疑浪費公帑做集點卡 https://news.ltn.com.tw/news/politics/breakingnews/4043534 全聯PX Pay升級全支付 9/1正式上線享回饋 https://www.sogi.com.tw/articles/px_pay/6258491 電子支付進入戰國時代　三大零售通路先後跨足 https://www.ctwant.com/article/203843 股東生態圈串起來！將來銀行攜手全聯「全支付」突破純網銀發展神級回饋活儲3.1%延長到年底 https://www.storm.mg/lifestyle/4499237 電支業者首家愛金卡獲准經營紅利積點整合 https://www.chinatimes.com/newspapers/20220818000344-260208?chdtv 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安駭客以測試遊戲為幌子，散布多種竊密軟體，已出現用戶加密錢包遭盜款的災情 https://www.bleepingcomputer.com/news/security/fake-cthulhu-world-p2e-project-used-to-push-info-stealing-malware/ 美國警告DeFi平臺漏洞成駭客竊取加密貨幣的主要目標 https://www.ic3.gov/Media/Y2022/PSA220829 駭客砸盤？疑似 Mt.Gox 攻擊者錢包轉出 1 萬顆比特幣 https://technews.tw/2022/09/01/suspected-mt-gox-attackers-transferred-more-than-10000-btc/ Mt. Gox近14萬顆BTC償還，推遲到9月中、或持續數月至數年！緩解砸盤隱憂 https://www.blocktempo.com/mt-gox-repayment-process-delayed-until-mid-september/ 巨鯨轉出 1 萬枚比特幣！休眠 9 年、最初源自 Mt. Gox 駭客事件 https://www.owlting.com/news/articles/157395 SkaleNetwork已與ETHGlobal合作，以支持ETHOnline駭客馬拉松 https://amp-news.cnyes.com/news/id/4944428 比特幣詐騙信手法：駭客監控與下流盜攝 https://www.vedfolnir.com/bitcoin-spam-mail-51366.html 直呼比特幣不能對沖通膨！「華爾街狂人」：應避免投資加密幣 https://blockcast.it/2022/09/01/jim-cramer-recommends-avoiding-crypto/ Sharding Capital與TDeFi達成戰略合作，推進區塊鏈駭客馬拉松2.0計劃BizThon https://news.cnyes.com/news/id/4944703 Web3 資安徵文：失去 1.23 ETH 的慘痛教訓 https://reurl.cc/oQVEY3 今年全球加密貨幣非法交易量與去年同期相比略微下滑，但加密貨幣被駭金額高於去年同期 https://findit.org.tw/researchPageV2.aspx?pageId=2128 FBI警告，駭客愈來愈愛開採DeFi漏洞 https://times.hinet.net/news/24108613 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 微軟: 超過 80% 勒索軟體攻擊歸因於配置錯誤 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=10033 超過1萬種變種病毒! Fortinet 洞察變種勒索病毒翻倍、端點設備仍是重點攻擊目標 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=10039 5個惡意Chrome擴充套件濫用網站Cookie，一旦使用者購物，駭客就能向電商網站收取傭金 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/ 下載免費工具也可能成為駭客的攻擊目標！駭客以提供實用軟體為由，逐步控制受害電腦並進行挖礦 https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/ 檔案挾帶的方式出現新手法！連資安人員都可能以為是憑證，而沒有發現惡意軟體的蹤跡 https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/ 惡意軟體ModernLoader被用於投放竊密軟體、挖礦軟體、RAT https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html 大型圖書館書商Baker & Taylor遭勒索軟體攻擊 https://www.bleepingcomputer.com/news/security/leading-library-services-firm-baker-and-taylor-hit-by-ransomware/ 為了埋藏攻擊意圖，駭客入侵受害電腦一個月後才部署挖礦軟體 https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/ 惡意軟體IBAN Clipper挾持電腦的剪貼簿，盜取銀行帳號資料 https://blog.cyble.com/2022/08/22/dissecting-iban-clipper/ 駭客把惡意程式藏在韋伯望遠鏡所拍攝的太空畫面中 https://www.ithome.com.tw/news/152799 思科遭駭勒索軟體駭客Evil Corp和Conti疑參與攻擊 https://www.esentire.com/security-advisories/hacker-infrastructure-used-in-cisco-breach-discovered-attacking-a-top-workforce-management-corporation-russias-evil-corp-gang-suspected-reports-esentire 葡萄牙航空公司疑遭勒索軟體Ragnar Locker攻擊 https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-claims-attack-on-portugals-flag-airline/ 蒙特內哥羅遭到俄羅斯駭客攻擊，影響關鍵基礎設施運作 https://www.bleepingcomputer.com/news/security/montenegro-says-russian-cyberattacks-threaten-key-state-functions/ 蒙特內哥羅疑遭勒索軟體Cuba攻擊 https://www.securityweek.com/cybercriminals-apparently-involved-russia-linked-attack-montenegro-government 蒙特內哥羅遭勒索軟體攻擊攻擊，美國出手協助 https://www.ithome.com.tw/news/152864 駭客免費提供竊密軟體Mini Stealer給其他網路罪犯 https://blog.cyble.com/2022/08/29/mini-stealer-possible-predecessor-of-parrot-stealer/ 勒索軟體BianLian透過Exchange伺服器、SonicWall的VPN入侵受害組織 https://redacted.com/blog/bianlian-ransomware-gang-gives-it-a-go/ 智利證實政府機關遭勒索軟體攻擊，部分服務被迫中斷 https://www.csirt.gob.cl/noticias/alerta-de-seguridad-cibernetica-incidente-en-servicio-publico/ Deep Dive into a Corporate Espionage Operation https://businessinsights.bitdefender.com/deep-dive-into-a-corporate-espionage-operation ModernLoader delivers multiple stealers, cryptominers and RATs https://raw.githubusercontent.com/Cisco-Talos/IOCs/main/2022/08/modernloader-delivers-multiple-stealers.txt https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html New Golang Attack Campaign GO#WEBBFUSCATOR Leverages Office Macros and James Webb Images to Infect Systems https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/ Mirai & Hajime Threat Activity https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai Mini Stealer: Possible Predecessor of Parrot Stealer https://blog.cyble.com/2022/08/29/mini-stealer-possible-predecessor-of-parrot-stealer/ Rising Tide: Chasing the Currents of Espionage in the South China Sea https://www.proofpoint.com/us/blog/threat-insight/chasing-currents-espionage-south-china-sea Crypto Miner malware disguised as Google translate desktop and other legitimate applications https://reurl.cc/YX4ab0 Check Point Research detects Crypto Miner malware disguised as Google translate desktop and other legitimate applications https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/ Remcos RAT New TTPS https://www.socinvestigation.com/remcos-rat-new-ttps-detection-response/ PureCrypter Loader continues to be active and has spread to more than 10 other families https://blog.netlab.360.com/purecrypter/ Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks https://thehackernews.com/2022/09/researchers-detail-emerging-cross.html Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users https://thehackernews.com/2022/08/experts-find-malicious-cookie-stuffing.html Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope https://thehackernews.com/2022/08/hackers-hide-malware-in-stunning-images.html Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers https://thehackernews.com/2022/08/hackers-use-modernloader-to-infect.html Nitrokod Crypto Miner Infected Over 111,000 Users with Copies of Popular Software https://thehackernews.com/2022/08/nitrokod-crypto-miner-infected-over.html Warning: PyPI Feature Executes Code Automatically After Python Package Download https://thehackernews.com/2022/09/warning-pypi-feature-executes-code.html New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers https://thehackernews.com/2022/09/new-evidence-links-raspberry-robin.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊老果粉看這！蘋果釋「1更新」7款舊iPhone、iPad適用 https://www.ftvnews.com.tw/news/detail/2022901W0199 蘋果發布iOS 12.5.6，修補iPhone 5s的零時差漏洞CVE-2022-3289 https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-actively-exploited-ios-zero-day-to-older-iphones/ iOS 12.5.6 更新了什麼？7款舊iPhone 和iPad 出現重大漏洞快更新 https://mrmad.com.tw/ios-12-5-6-update 安卓版抖音App弱點恐讓攻擊者挾持用戶帳號 https://www.microsoft.com/security/blog/2022/08/31/vulnerability-in-tiktok-android-app-could-lead-to-one-click-account-hijacking/ 微軟披露可挾持TikTok及抖音帳號的安全漏洞 https://www.ithome.com.tw/news/152830 TikTok 出現嚴重資安漏洞！15 億 Android 手機用戶的帳號受威脅 https://www.inside.com.tw/article/28793-tiktok-severe-security-breach 吳奕軍專欄：玩抖音玩到毫無戒心　標準溫水煮青蛙 https://www.upmedia.mg/news_info.php?Type=2&SerialNo=152961 上千個iOS、Android應用程式曝露系統服務者的AWS帳密 https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-supply-chain-aws Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials https://thehackernews.com/2022/09/over-1800-android-and-ios-apps-found.html Microsoft Discover Severe 'One-Click' Exploit for TikTok Android App https://thehackernews.com/2022/09/microsoft-discover-severe-one-click.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力年薪破200萬！大學「限時聘用」資安教授徵才搶得贏台積 https://vip.udn.com/vip/story/122866/6581719?from=udn-category 網路遊戲Neopets遭駭調查結果出爐，攻擊者入侵IT系統時間長達一年半 https://www.neopets.com/account/breachnotice20220829.phtml 收購訴訟審理中　馬斯克傳喚推特前資安主管提供垃圾帳號資訊 https://www.appledaily.com.tw/international/20220830/42037B8AB07D009A175DB2FAD5 駭客成功破解耕耘機電腦系統並用它執行農夫版毀滅戰士 https://www.cool3c.com/article/181378 多台歐洲超級電腦連環爆出被駭客入侵，偷挖門羅幣 https://www.inside.com.tw/article/19815-supercomputers-infected-with-cryptocurrency-mining-malware-across-europe 駭客威脅上升，芬蘭政府計劃資助企業加強網絡安全 https://reurl.cc/eOGKvb 中國駭客組織鎖定澳洲政府官員，以ScanBox惡意軟體發動攻擊 https://www.proofpoint.com/us/blog/threat-insight/chasing-currents-espionage-south-china-sea 澳洲發現網絡間諜活動針對政府機構和媒體公司 https://unwire.pro/2022/09/01/scanbox/security/ 趙立堅沒否認! 網路安全公司稱陸駭客攻擊美南海公司及澳政府中國批 : 美政府白手套 https://m.match.net.tw/pc/news/international/20220831/6751694 美資安公司揭露中國駭客曾網攻台海風電設備供應商 https://news.ltn.com.tw/news/world/breakingnews/4043902 中國新疆人權報告出爐酷刑指控可信恐違反人道罪 https://www.rti.org.tw/news/view/id/2143169 聯合國官員離職前發布新疆報告！內容直指中國嚴重侵犯人權 https://www.fountmedia.io/article/162330 白俄羅斯駭客計劃出售盧卡申科被盜護照NFT https://news.cnyes.com/news/id/4944420?exp=a 「白俄羅斯總統護照 NFT」遭 OpenSea 火速下架，駭客宣稱已盜竊全國護照 https://www.blocktempo.com/hackers-plan-to-make-nft-with-lukashenko-passport-details/ 中俄間諜活躍歐洲專家憂中國人海模式更難應對 https://www.cna.com.tw/news/aopl/202209010248.aspx 報告：南中國海能源公司成中共駭客目標 https://reurl.cc/aGZKk3 微軟破壞鎖定北約國家的俄羅斯駭客集團Seaborgium https://reurl.cc/aGZKG9 北約調查駭客出售機密軍武文件，其中包括正在烏克蘭使用的飛彈系統設計圖 https://www.thenewslens.com/article/172349 全球星空爭霸戰台灣衛星通訊的挑戰與機會 https://view.ctee.com.tw/technology/43861.html 為掌控稀土市場中共創假網軍在 30 個平台上詆毀他國供應鏈 https://newtalk.tw/news/view/2022-09-01/810266 Infra Used in Cisco Hack Also Targeted Workforce Management Solution https://thehackernews.com/2022/09/infra-used-in-cisco-hack-also-targeted.html Chinese Hackers Used ScanBox Framework in Recent Cyber Espionage Attacks https://thehackernews.com/2022/08/chinese-hackers-used-scanbox-framework.html 資安工程師 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=446216&HIRE_ID=11414757 採購專員 https://www.104.com.tw/job/7qxyr 科技部約聘-ISMS資安管理專案管理師-1FS106 https://www.104.com.tw/job/7avlx?jobsource=job_same_b 資安顧問-台北.新北.桃園 https://www.104.com.tw/job/6bsll?jobsource=job_same_b 資安主管(內湖) https://www.104.com.tw/job/7n8bo?jobsource=job_same_b 資安產品經理_2781 https://www.104.com.tw/job/7ih3b?jobsource=job_same_b 合規處-資安管理與金融合規資安顧問 https://www.104.com.tw/job/5nttf?jobsource=job_same_b Information Security Engineer 資訊安全工程師 https://www.104.com.tw/job/7qcwi?jobsource=job_same_b 資安專案經理/Project Manager https://www.104.com.tw/job/2w0gs?jobsource=job_same_b 資安產品暨品牌行銷經理 https://www.104.com.tw/job/7p7hq?jobsource=job_same_b 【資訊安全管理】資安顧問 https://www.104.com.tw/job/6tgi3?jobsource=job_same_b 資安工程師 (Information Security Engineer)_資訊安全部 https://www.104.com.tw/job/7jrvu?jobsource=job_same_b System Administrator (IT) https://www.104.com.tw/job/7pnqh?jobsource=job_same_b D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 BEC恐將實現AI變臉詐騙！駭客透過Deepfake假冒大型加密貨幣交易所幣安的高階主管 https://www.binance.com/en/blog/community/scammers-created-an-ai-hologram-of-me-to-scam-unsuspecting-projects-6406050849026267209 IT服務業者Nelnet Servicing遭駭，250萬學生貸款資料恐曝光 https://www.bleepingcomputer.com/news/security/nelnet-servicing-breach-exposes-data-of-25m-student-loan-accounts/ 白帽駭客! 駭入假紓困網站"狂刪3千筆個資" https://www.youtube.com/watch?v=k-NcN1uxD3c 誤觸惡意廣告驚覺資安重要性 https://ctee.com.tw/industrynews/automation/708911.html 駭客入侵Jennie手機囂張現身「有種逮捕我」粉絲擔心有跟V的親吻照會流出 https://reurl.cc/ERg5Kv 算準許多人想當網紅，駭客以藍勾勾驗證為誘餌，鎖定Instagram用戶發動網釣攻擊 https://www.vadesecure.com/en/blog/instagram-phishing-campaign-hackers-exploit-social-verification 俄羅斯串流影音平臺證實資料外洩，750萬用戶受到波及 https://www.bleepingcomputer.com/news/security/russian-streaming-platform-confirms-data-breach-affecting-75m-users/ 米砂YT頻道被駭客入侵慘遭刪除委屈喊：好歹放無碼謎片 https://reurl.cc/yMD9e2 救回95萬訂閱！米砂YT頻道回歸　樂喊：我又可以開車了 https://star.setn.com/news/1171296?from=y 防疫補助簡訊猖狂！8月詐騙爆20倍　665種變形網址竄台 https://news.tvbs.com.tw/life/1895145 好心捐款人請注意又有人冒用「鎮瀾兒童家園」行騙 https://udn.com/news/story/7320/6574144 資訊戰＋認知作戰》如果散佈假消息能嚇阻中國攻台　民主國家應該說謊嗎 https://www.cmmedia.com.tw/home/articles/35828 沒綁定帳號連「忘記密碼」也救不回網曝殺手鐧：只剩1招可解 https://udn.com/news/story/7086/6572887 誤點假紓困釣魚網址遭冒名申辦電子支付、存款遭清空 https://udn.com/news/story/7320/6552046 India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information https://thehackernews.com/2022/08/indias-newest-airline-akasa-air-suffers.html Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users https://thehackernews.com/2022/08/twilio-breach-also-compromised-authy.html 研究人員發現在雲端環境冒充Okta使用者的攻擊手法 https://permiso.io/blog/s/down-with-idp-impersonate-me/ Okta Hackers Behind Twilio and Cloudflare Attacks Hit Over 130 Organizations https://thehackernews.com/2022/08/okta-hackers-behind-twilio-and.html Hackers Breach LastPass Developer System to Steal Source Code https://thehackernews.com/2022/08/hackers-breach-lastpass-developer.html JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users https://thehackernews.com/2022/09/juiceledger-hackers-behind-recent.html PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks https://reurl.cc/60jmxZ E.研究報告/工具 CAA 與 ISACA 舉辦「數位信任-企業資訊治理的關鍵驅動力」論壇 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=10040 🎩駭客們的趴踢🎊台灣駭客年會HITCON是什麼？一起來一窺究竟吧！👀 feat. 資安56哥王仁甫 https://player.soundon.fm/p/8fdc3e51-8bfb-4bfa-9c65-8ea2ce5a6eb7/episodes/247dd155-39c1-4204-b44f-1c0246caf70b 3個安全開發框架幫助企業強化資安基礎，長期遵循更可以提升開發效率 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10048 智慧家電、瀏覽器記密碼都是駭客入口？竟有練習用的「駭客工具包」？專家教你如何自保 https://www.youtube.com/watch?v=oMmaA5d-4ls 零信任，防止駭客在製造業偷拐搶騙 https://www.techbang.com/posts/99285-zero-trust-to-prevent-hackers-from-stealing-and-robbing-in-the 美國運用「多方利害關係者」協防選舉安全之分析 https://indsr.org.tw/respublicationcon?uid=12&resid=730&pid=2877&typeid=3 如何利用雲端建構SAP核心系統災難備援架構 https://www.ecloudvalley.com/tw/blog/20220831_MSP_SAP_DR 呂學錦：後量子保密技術時代來臨 https://www.wealth.com.tw/articles/a3561c7c-b8f1-4f9c-9abd-1ad3d721d339 APNIC文摘 — 團結力量大 https://blog.twnic.tw/2022/09/01/24159/ Web開發者一定要懂的駭客攻防術:告訴您駭客的手法, 同時告訴您如何進行防禦 https://pu.ebook.hyread.com.tw/bookDetail.jsp?id=260293 Day1 方向，資安治理的第一課 https://ithelp.ithome.com.tw/articles/10287216?sc=iThelpR Interested in Reducing Your Risk Profile? Jamf Has a Solution for That https://thehackernews.com/2022/08/interested-in-reducing-your-risk.html Hands-on Review: Stellar Cyber Security Operations Platform for MSSPs https://thehackernews.com/2022/08/hands-on-review-stellar-cyber-security.html A CISO's Ultimate Security Validation Checklist https://thehackernews.com/2022/08/a-cisos-ultimate-security-validation.html Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework https://thehackernews.com/2022/08/cybercrime-groups-increasingly-adopting.html GitLab Bans Employees From Using Windows https://medium.com/codex/gitlab-bans-employees-from-using-windows-a6a0190acc32 SaaS spend ratios on R&D/S&M/G&A https://blossomstreetventures.medium.com/saas-spend-ratios-on-r-d-s-m-g-a-1a0b30931b0 PHP Coding standard tools and configuration https://medium.com/php-development/php-coding-standard-tools-and-configuration-705233b672b How are Microservices different from APIs https://blog.devgenius.io/how-are-microservices-different-from-apis-614e5c02e7e8 Understanding System Design of Netflix: Backend Architecture and Cloud Services https://medium.com/@nidhiupreti99/understanding-system-design-of-netflix-backend-architecture-and-cloud-services-b077162e45bc CI/CD pipeline for React Native apps https://medium.com/@paramsingh_66174/ci-cd-pipeline-for-react-native-apps-98246237e29d How to study Cyber Security on your own for free https://medium.com/@kashishcharaya/how-to-study-cyber-security-on-your-own-for-free-a4f894dad919 Python-Pandas cheat sheet: 30 functions-methods https://jyoti05iitd.medium.com/python-pandas-cheat-sheet-30-functions-methods-b1176f2e37da How to write a Data Science blog from scratch? ~Things I did https://medium.com/dssimplified/how-to-start-a-data-science-blog-from-scratch-things-i-did-9c8c2c67dd9a The Ultimate Security Blind Spot You Don't Know You Have https://thehackernews.com/2022/09/the-ultimate-security-blind-spot-you.html F.商業 F5全新一代現代化應用平臺，建構通往分布式雲端的橋樑 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=10037 中小型企業雲端防毒防駭推薦！設置簡單、低預算就能獲得高防護的 Microsoft Defender for Business https://www.kocpc.com.tw/archives/454812 捷而思提供強化資安的整體解決方案防止駭客從製造業偷拐搶騙 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&cat=50&id=0000643104_UU42X9Y3LFRLRR54ZPZJM 打造全球聯防，以色列資安業者 Radware 在台設立新雲端安全中心 https://technews.tw/2022/09/01/radware/ 依循四大指導方針逐階段融合　提高營運敏捷度贏得競爭力分散式資料治理打底　驅動企業商業模式創新 https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/58A31015154F4EC6BE93F2BA358299DC AMD推出Pensando DPU效能分散式服務卡，搭配VMware vSphere 8帶來領先業界的效能 https://www.techbang.com/posts/99571-amd-pensando-dpu Palo Alto Networks：關鍵基礎設施現代化急需資安轉型 https://technews.tw/2022/09/01/palo-alto-networks-it-ot/ 2022 年網路交換器如何選擇？QNAP 威聯通科技點出三大關鍵重點 https://www.cool3c.com/article/182023 抵禦區域網攻！「台灣資安隊長」Spiderweb蜘蛛網守護網路安全 https://www.watchmedia01.com/clife-20220903025343.html 雲原生平台建立Data Fabric架構　提升洞察力創造商業價值 Metadata資料虛擬層　AutoAI降分析建模門檻 https://www.netadmin.com.tw/netadmin/zh-tw/trend/7F0754B2FAF946168C7D684EFBB8D01C 資安即國安以色列商Radware新雲端安全中心成立 https://www.chinatimes.com/realtimenews/20220830002760-260410?ctrack=pc_main_rtime_p02&chdtv G.政府數位發展部資通安全署副署長敲定，臺科大資工系教授鄭欣明接任副署長一職 https://www.ithome.com.tw/news/152815 數位發展部揭牌，整合5大領域成國家數位轉型引擎 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=10042 出差費預算達千萬遭質疑過高行政院數位部：積極參與國際會議活動 https://today.line.me/tw/v2/article/1DX5Na2 相差逾百倍！數位發展部人均編3650萬賴士葆：警政署每人才30多萬 https://newtalk.tw/news/view/2022-08-31/809855 郭耀煌：數位發展部是架在火山口上的許願池 https://www.peoplenews.tw/articles/5b7c6ac3d2 數發部是架在火山口上的許願池　它可以是數位聚寶盆　一不小心也會飛灰煙滅 https://www.cmmedia.com.tw/home/articles/35870 確保戰時天災緊急通訊唐鳳：挑700多處驗證 https://reurl.cc/D3KrxN 數發部看不懂的數位與資安發展藍圖民眾黨團籲：說明方針、接受監督 https://reurl.cc/4p6VYR 數發部包到外太空？把NCC、國科會業務都納入　還不確定由哪個委員會主審預算 https://www.cmmedia.com.tw/home/articles/35901 數位部掛牌1週民眾黨質疑施政方針不明 https://reurl.cc/MN6KWW 民眾黨批數發部200億預算讓人看不懂　高虹安：唐鳳別賣弄專業 https://www.ctwant.com/article/204784 因應數位政府發展的敏捷資安藍圖 https://www.metaage.com.tw/events/146 數發部薪4萬找得到什麼人才？李貴敏：最有可能來做網軍 https://www.chinatimes.com/realtimenews/20220829002302-260407?chdtv 桃園市議員林政賢就資訊局組織、資安與市府施政成效進行質詢 https://times.hinet.net/news/24107736 桃園22資訊系統停用　6千萬打水漂 https://news.housefun.com.tw/news/article/117968346967.html 數位部成立多久能解決簡訊詐騙？網酸爆：應會這樣做 https://reurl.cc/m3RKXW H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Machine learning interview preparation— popular topics https://medium.com/artificialis/ml-interview-preparation-popular-topics-223a9e00fa73 TXOne Networks 提 OT運作之廠務監控系統資安攻防方案 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=10035 美國CISA提出警告，台達電子ICS軟體漏洞已被用於攻擊行動 https://www.securityweek.com/cisa-vulnerability-delta-ics-software-exploited-attacks 燈泡也成駭客下手目標？智慧家電漏洞多想買得先注意資安隱憂 https://reurl.cc/9p6moj VicOne/台達電聯手強化充電設施資安 https://www.mem.com.tw/vicone-%E5%8F%B0%E9%81%94%E9%9B%BB%E8%81%AF%E6%89%8B%E5%BC%B7%E5%8C%96%E5%85%85%E9%9B%BB%E8%A8%AD%E6%96%BD%E8%B3%87%E5%AE%89/ 車聯網「內外有別」　TCROS開創台灣智慧交通新局 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=30&cat3=35&id=0000643479_2EX3B3W88E49398C97O47 I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 我國網路資安狂被駭監委申請自動調查 https://www.chinatimes.com/realtimenews/20220810003152-260407?chdtv 6.近期資安活動及研討會 PyCon APAC 2022 2022/9/3 ~ 2022/9/4 https://tw.pycon.org/2022/zh-hant SITCON X 學生計算機年會 2022/9/4 https://sitcon.org/2022/ SyntaxError 2022/9/7 https://www.meetup.com/pythonhug/events/287900537/ 半導體資安標準研討會暨場域參訪 2022/9/8 https://www.acw.org.tw/News/Detail.aspx?id=3252 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會淡水 2022/9/8 https://www.meetup.com/hackingthursday/events/287923648/ Capture the Flag 101 Workshop 2022/9/14 https://go.snyk.io/capture-the-flag-101-workshop.html Taipei dbt Meetup #6 (online 👨‍💻)2022/9/14 https://www.meetup.com/taipei-dbt-meetup/events/287873509/ Quarterly Professional Networking Event (Q3) 2022/9/15 https://www.meetup.com/taiwan-digital-drinks/events/287479309/ DevOpsDays Taipei 2022 2022/9/15 ~ 2022/9/16 https://devopsdays.tw/ 【ACAD安碁學苑】滲透測試實務課程 2022/9/16 ~ 2022/9/30 https://www.accupass.com/event/2208120632081721449360 線上資安專題講座-金融資安政策與人才培育 2022/9/17 https://isipevent.kktix.cc/events/e58d0573-copy-6 【SP-ISAC會員廠商限定】資安中階課程-手把手帶你玩網頁滲透－實體課程 2022/9/19 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4006&from_course_list_url=homepage 臺灣資安大會_ISIP校友活動 2022/9/20 https://isipevent.kktix.cc/events/52fe828d-copy-1 2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22 https://jamf.kktix.cc/events/cybersec2022jamf CISCO 資安講堂 2022/9/23 https://www.accupass.com/event/2208311218281666263594 2022玉山 · 安碁資訊資安論壇【企業營運制勝關鍵，資安治理創價佈局】 2022/9/27 https://www.accupass.com/event/2208180737041036993111 關鍵基礎設施實作課程(含攻防演練實作) 2022/9/27 https://www.acw.org.tw/News/Detail.aspx?id=3229 網路韌性的挑戰與契機：地緣政治、WEB 3.0 與中介者治理 2022 TWIGF 年會 2022/9/27 ~ 2022/9/28 https://cs.ezmail.com.tw/news/read/id/bh6311606baa4e4 《歐立威科技 2022 研討會》|Elastic Security : 監測 x 告警，揪出潛在威脅 2022/9/29 https://www.accupass.com/event/2208310346161209105423 讀書會 Testing Swift (by Paul Hudson) 2022/9/30 https://www.meetup.com/taipei-swift-language-meetup-group/events/287393562/ OCF 培訓活動: 如何建立安全的網路架構 2022/10/1 https://ocftw.kktix.cc/events/ocftot2022 MOPCON 2022 2022/10/15 ~ 2022/10/16 https://mopcon.org/ 金融資安案例研習 2022/10/17 https://www.sitca.org.tw/OPF/B0000/PPT049_2022_01.asp Kubernetes Summit 2022 2022/10/18 ~ 2022/10/19 https://k8s.ithome.com.tw/ 資訊安全與人工智慧實作 2022/10/28 https://www.cisanet.org.tw/Course/Detail/2867 資訊安全發展趨勢| 數位社會與資訊安全 - 董監事系列認證課程 2022/11/5 https://www.accupass.com/event/2208120843261385349231 行動應用APP 安全檢測（APK/IPA）2022-11-18 09:00 ~ 2022-11-18 12:00 https://www.cisanet.org.tw/Course/Detail/2865 ICS 2022 WORKSHOP PROGRAM -「Ubiquitous Cybersecurity and Forensics」 2022/12/15 ~ 2022/12/17 https://ics2022.esam.io/ TANET 2022 WORKSHOP PROGRAM -「第二屆數位鑑識、醫療私密與網駭安全」 2022/12/15 ~ 2022/12/17 https://tanet2022.esam.io/