資安事件新聞週報 2022/2/28 ~ 2022/3/4

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/2/28 ~ 2022/3/4 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco 近日發布更新以解決多個產品的安全性弱點 https://tools.cisco.com/security/center/publicationListing.x Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products https://thehackernews.com/2022/03/critical-patches-issued-for-cisco.html Release of QRadar 7.5.0 Update Package 1 SFS (7.5.0-QRADAR-QRSIEM-2021.6.1.20220215133427) https://reurl.cc/oeAQXV Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to buffer overflow and denial of service (CVE-2021-44790, CVE-2021-34798, CVE-2021-39275) https://reurl.cc/MbVNDm Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack https://thehackernews.com/2022/03/critical-bugs-reported-in-popular-open.html Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software https://thehackernews.com/2022/03/critical-security-bugs-uncovered-in.html Linux快很多! Google 資安團隊提軟硬體與作業系統業者修補資安漏洞平均速度 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9733 GitLab出現重大漏洞，恐被用於挾持特定Token https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ Windows 11自動更新擾民 3招內建選項無煩惱 https://reurl.cc/k7gqbG 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安國銀ATM當機常搞烏龍　金管會下令作好2件事 https://www.cardu.com.tw/news/detail.php?45560 政清輔淡逢「五校聯盟」學程名額秒殺　中信金跨校培育金融科技人才 https://www.ctwant.com/article/170842 台灣保戶淪為重災戶？金管會回應「壽險對俄曝險逾千億」質疑 https://www.gvm.com.tw/article/87571 壽險業持有俄債壽險公會：曝險占比低風險可控 https://www.rti.org.tw/news/view/id/2125981 保險集團怡安驚傳遭到網路攻擊 https://www.bleepingcomputer.com/news/security/insurance-giant-aon-hit-by-a-cyberattack-over-the-weekend/ 西方制裁俄羅斯專家：美銀行業恐遭報復性網攻 https://reurl.cc/EpeXW0 將俄逐出SWIFT 歐美出重手 https://reurl.cc/6ExL35 3.電子支付/行動支付/pay/資安一卡通Money、街口、悠遊付…8家電子支付！儲值、轉帳、提領手續費多少 https://reurl.cc/zMErYk 全聯「全支付」獲電支營業執照，PX Pay 助力電子支付服務 https://technews.tw/2022/03/01/px-mart-to-invest-in-the-electronic-payment-institutions/ LINE Bank與一卡通合作創純網銀與電子支付結盟首例 https://udn.com/news/story/7239/6131587 行動支付權益一次看！　街口5月推提領免手續費活動 https://finance.ettoday.net/news/2199092 全家拿下電子支付執照！成全台第一間零售通路結合金融產業的電子支付 https://www.inside.com.tw/article/26820-familymart-epay 迎戰雙全進逼 icash Pay續拓餐飲通路、增線上購券功能 https://udn.com/news/story/7241/6139571?from=udn-ch1_breaknews-1-cate6-news 制裁生效！俄羅斯多家銀行無法使用電子支付 https://reurl.cc/6ExLn6 愛用電子支付者注意金管會修電支存保額度 https://www.chinatimes.com/realtimenews/20220224004282-260410?chdtv 一銀宣布結盟Samsung Pay 行動支付新里程碑 https://www.chinatimes.com/realtimenews/20220301003342-260410?chdtv LINE Pay學會這2招！刷臉就能付錢 https://reurl.cc/e6AWYm 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約資安 NFTs Aren’t As Stupid As You Think https://onezero.medium.com/nfts-arent-as-stupid-as-you-think-bffab89697e3 副財長：多項原因政府不承認加密貨幣為法定貨幣 https://reurl.cc/44np2D 派盾：2月DeFi漏洞利用被盜資金達3.39億美元 https://news.cnyes.com/news/id/4822364?exp=a TreasureDAO駭客已開始歸還被盜NFT https://news.cnyes.com/news/id/4823208 TreasureDAO遭攻擊、100多個NFT被盜！MAGIC暴跌30%；駭客歸還部分盜竊NFT https://www.blocktempo.com/stolen-nfts-returned-to-users-hours-after-treasure-exploit/ 又一間NFT 平台被駭客攻撃損失200萬港幣 https://www.pinterest.com/pin/139822763421921715/ 烏克蘭官方推特帳號貼出加密貨幣籌款地址，兩天入帳上千萬美元 https://www.techbang.com/posts/94517-ukraines-official-twitter-account-posted-a-cryptocurrency 烏克蘭政府籲對俄羅斯加密貨幣用戶實施全面打擊 https://reurl.cc/RjmOoG 成人女星 Lana Rhoades 被控涉嫌 NFT 騙局 https://hypebeast.com/zh/2022/2/lana-rhoades-cryptosis-1-5-million-usd-nft-rug-pull 分析鏈上詐騙慣性！資安公司派盾(PeckShield)：應避免這些特徵的加密貨幣或NFT專案 https://news.cnyes.com/news/id/4821585 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 駭客已對烏克蘭的各大機構部署了破壞性的惡意程式 https://www.cisa.gov/uscert/ncas/alerts/aa22-057a 殭屍網路FritzFrog捲土重來鎖定醫療、教育、政府單位 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=12&aid=9738 勒索軟體駭客首度提出要求，要脅Nvidia解除顯示卡挖礦限制來換回機密資料 https://www.tomshardware.com/news/nvidia-hackers-threaten-to-release-lhr-performance-limiter Dridex 殭屍網路和 Entropy 勒索軟體的程式碼極為相似 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9740 安卓木馬TeaBot鎖定逾400個金融機構用戶，竊取帳密和簡訊內容 https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe TeaBot 木馬惡意軟體再次出現在 Google Play Store 中，目標鎖定美國用戶進行金融駭侵攻擊 https://www.twcert.org.tw/tw/cp-104-5800-c8e65-1.html 實聯制要小心！QR碼掃描器藏「木馬病毒」 https://reurl.cc/DdE3Gj Conti 和 Karma 勒索軟體同時利用 ProxyShell 漏洞攻擊醫療機構 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9741 惡意軟體FoxBlade於俄烏戰爭爆發前夕，攻擊烏克蘭軍事單位與政府機構 https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/ CERT-UA alerts of phishing campaign https://otx.alienvault.com/pulse/6222096d5505582bf113ccb7 SharkBot: A new generation Android banking Trojan being distributed on Google Play Store https://reurl.cc/RjmXEn Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement https://reurl.cc/02RXlk 俄烏戰爭爆發前夕針對烏克蘭的網路攻擊恐不只一起！惡意軟體IsaacWiper鎖定政府機關破壞資料 https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/ IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/ https://go.recordedfuture.com/hubfs/reports/mtp-2022-0302.pdf New Sandworm Malware Cyclops Blink Replaces VPNFilter https://www.ncsc.gov.uk/news/new-sandworm-malware-cyclops-blink-replaces-vpnfilter New information stealing malware “ColdStealer” being distributed https://asec.ahnlab.com/ko/31703/ Arkei Infostealer Expands Reach Using SmokeLoader to Target Crypto Wallets and MFA https://reurl.cc/qO6N20 Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks https://www.cisa.gov/uscert/ncas/alerts/aa22-055a 中國駭客將後門程式Daxin埋藏於作業系統核心，攻擊政府單位與關鍵基礎設施 https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks https://thehackernews.com/2022/03/china-linked-daxin-malware-targeted.html Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage The Hunt for the Lost Soul: Unraveling the Evolution of the SoulSearcher Malware https://www.fortinet.com/blog/threat-research/unraveling-the-evolution-of-the-soul-searcher-malware UNC1151/GhostWriter Phishing Attacks Target Ukrainian Soldiers https://community.riskiq.com/article/e3a7ceea/description OutSteel, SaintBot Delivered by Spear Phishing Attacks Targeting Ukraine https://unit42.paloaltonetworks.com/ukraine-targeted-outsteel-saintbot/ Destructive Malware Targeting Organizations in Ukraine https://reurl.cc/jkoGeL 勒索軟體Conti內部機密外洩，起因是表態支持俄羅斯 https://www.bleepingcomputer.com/news/security/conti-ransomwares-internal-chats-leaked-after-siding-with-russia/ 力挺俄羅斯引發烏克蘭人士不滿，勒索軟體Conti原始碼遭到洩露 https://www.bleepingcomputer.com/news/security/conti-ransomware-source-code-leaked-by-ukrainian-researcher/ Conti Ransomware Gang's Internal Chats Leaked Online After Siding With Russia https://thehackernews.com/2022/03/conti-ransomware-gangs-internal-chats.html TrickBot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail https://thehackernews.com/2022/03/trickbot-malware-gang-upgrades-its.html Rebirth of Emotet: New Features of the Botnet and How to Detect it https://thehackernews.com/2022/02/reborn-of-emotet-new-features-of-botnet.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 100 Million Samsung Galaxy Phones Affected with Flawed Hardware Encryption Feature https://thehackernews.com/2022/02/100-million-samsung-galaxy-phones.html 三星手機爆資安漏洞！Galaxy系列機種皆遭殃 https://newtalk.tw/news/view/2022-03-01/716924 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力雅虎徹底退出中國 228起關閉電子信箱服務 https://www.rti.org.tw/news/view/id/2125720 從俄羅斯到中國，那些由政府外包的駭客攻擊行動 https://vocus.cc/article/621c44fefd897800015f70ff Taiwan Platform for Ukraine Donations Hacked 台烏募款平台上線第2天遭海外駭客攻擊 https://news.pts.org.tw/article/569881 駭客廣泛運用Log4Shell漏洞發動DDoS攻擊、挖礦攻擊 https://blog.barracuda.com/2022/03/02/threat-spotlight-attacks-on-log4shell-vulnerabilities/ 駭客濫用API發動的攻擊行動，在2021年爆增近7倍 https://reurl.cc/pWAZrx 輪胎大廠普利司通遭到網路攻擊而停工數日 https://www.zdnet.com/article/bridgestone-still-struggling-with-plant-closures-after-cyberattack/ Toyota 日本國內所有工廠，因供應商遭駭而全面停工 https://www.twcert.org.tw/tw/cp-104-5780-7b78f-1.html 駭客組織ShinyHunters非法獲取了哪些企業的使用者資料 https://bearask.com/ent/2237716.html 鎖定各國政府機構竊密美資安公司揪出中國絕密惡意軟體 https://news.ltn.com.tw/news/world/breakingnews/3844902 部分日本廠區遭駭環球晶：受影響機台逐步恢復生產 https://reurl.cc/GoOE9x 日本子公司遭網路攻擊環球晶：機密資料無影響 https://newtalk.tw/news/view/2022-03-03/718170 Nvidia證實遭網攻，有駭客團體宣稱是他們所為，恐嚇該公司若不解除限制與開放原始碼就洩密 https://www.ithome.com.tw/news/149674 Nvidia也遭攻擊！駭客竊取1TB的GPU軟硬體資料、要求開放顯卡挖礦 https://reurl.cc/qO6Nyy 駭客已竊取英偉達員工憑證、開始兜售解除顯卡挖礦限制方式 https://www.owlting.com/news/articles/62730 勒索未果，駭客公佈英偉達核心原始碼 https://uetie.com/tech/691077.html 美國參議院通過一攬子網絡安全議案，將要求公司上報駭客攻擊事件 https://reurl.cc/EpeXz1 772萬粉駭客籲全球「鍵盤教訓俄羅斯」　正反兩極聲音四起 https://www.taisounds.com/Global/Trend/Latest/uid5357371493 烏克蘭招募IT軍隊，鎖定俄羅斯31個關鍵基礎設施發動網路攻擊 https://www.bleepingcomputer.com/news/security/ukraine-recruits-it-army-to-hack-russian-entities-lists-31-targets/ 烏克蘭網軍宣布駭入多個俄羅斯關鍵網站，使其下線 https://www.twcert.org.tw/tw/cp-104-5798-fb7eb-1.html 烏克蘭網軍出擊鎖定破壞俄羅斯電力鐵路設施 https://wantrich.chinatimes.com/news/20220302900805-420201 駭客匿名者出招！俄國家電視頻道遭入侵　播放烏克蘭歌 https://today.line.me/tw/v2/article/LXOX5jM 全球最大駭客組織「匿名者」向莫斯科宣戰！駭入俄羅斯國防部資料庫、在官媒電視台播放挺烏克蘭歌曲 https://reurl.cc/veAmXk 從烏俄之戰看「在地化」情資的重要性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9739 2022 年烏克蘭網路攻擊：網路資安地緣政治 https://blog.trendmicro.com.tw/?p=71479 駭客挺烏癱瘓俄國充電站螢幕寫「普亭是傻瓜」 https://www.worldjournal.com/wj/story/121256/6136845 匿名者：俄曾洩密提醒澤倫斯基「慎防暗殺」 https://news.ltn.com.tw/news/world/breakingnews/3847353 情報單位洩密烏克蘭總統暗殺行動？　駭客「匿名者」爆料：俄國將掀內部鬥爭 https://www.upmedia.mg/news_info.php?Type=3&SerialNo=139005 匿名者：俄國洩露暗殺澤倫斯基計畫　內部權鬥將推翻普欽 https://news.tvbs.com.tw/amp/world/1730315 針對俄羅斯對烏克蘭出兵，匿名者、Conti等駭客組織選邊站 https://www.ithome.com.tw/news/149578 調查組織《Bellingcat》數位查證掌握戰況紀錄戰爭罪行 https://tfc-taiwan.org.tw/articles/7023 俄國早看透！匿名者發起網路攻擊，普丁準備「國家級內網」應戰 https://technews.tw/2022/03/04/russia-internet/ 俄網遭駭客頻發攻擊　俄媒爆：政府準備啟動Runet內網切斷全球網路 https://www.ettoday.net/news/20220302/2199405.htm 最大駭客「匿名者」：癱瘓俄航太局關閉1500個俄網站 https://udn.com/news/story/122699/6134175 「匿名者」駭客癱瘓1500個俄網站！　俄航太局也無法聯繫自家衛星 https://www.ettoday.net/news/20220302/2199138.htm 「全球暴打俄羅斯」連駭客也來了！《匿名者》宣布癱瘓普丁的間諜衛星 https://tw.appledaily.com/international/20220302/DLBALUKPIBHRBPLNUWDPBHOJ5U/ 烏克蘭版「唐鳳」︰他組駭客軍團、要搜普丁錢包 https://www.gvm.com.tw/article/87568 駭客出手了？北溪2號傳破產裁員　官網「慘被攻擊到關閉」 https://www.setn.com/News.aspx?NewsID=1079009 Taiwan Can Help？烏克蘭宣布招募「網路義勇軍」癱瘓俄羅斯網路 https://times.hinet.net/news/23780110 烏克蘭用 Telegram 招募志願者，成立「IT 軍隊」對抗俄羅斯網路攻擊 https://technews.tw/2022/03/02/ukraine-recruits-volunteers-through-telegram/ 烏克蘭組建黑客大軍！俄羅斯錯過網攻黃金機遇期 https://buzzorange.com/techorange/2022/03/03/ukraine-it-army/ 匿名者對俄宣戰號召全球駭客網攻 https://ec.ltn.com.tw/article/breakingnews/3845123 烏俄網路大戰　專家：中國駭客也在台灣埋了「數位定時炸彈」 https://www.cw.com.tw/article/5120248 駭客組織 Anonymous 傳向俄兵喊話：交出坦克送 5 萬美元比特幣 https://www.hksilicon.com/articles/2152084 駭客組織Anonymous以比特幣作獎勵引誘俄羅斯士兵捐贈坦克 https://news.cnyes.com/news/id/4823126 俄烏戰況膠著…戰場轉往網路戰？「12萬俄軍參戰名單」疑遭匿名者外洩 https://news.sina.com.tw/article/20220302/41305674.html 俄專家：微軟若撤離俄羅斯用戶會轉向Linux https://ec.ltn.com.tw/article/breakingnews/3847621 俄烏戰爭爆發後，逾30所烏克蘭大學WordPress網站遭到入侵 https://reurl.cc/zMEr60 俄羅斯截斷烏克蘭網路馬斯克「星鏈」解救 https://www.worldjournal.com/wj/story/121256/6129329 俄烏戰爭引台海憂慮余茂春：台灣比烏克蘭安全 https://www.soundofhope.org/post/597757?lang=b5 中共趁亂南海軍演美艦駛過台海展示支持 https://www.soundofhope.org/post/597715?lang=b5 Hackers Who Broke Into NVIDIA's Network Leak DLSS Source Code Online https://thehackernews.com/2022/03/hackers-who-broke-into-nvidias-network.html Hackers Try to Target European Officials to Get Info on Ukrainian Refugees, Supplies https://thehackernews.com/2022/03/hackers-try-to-hack-european-officials.html Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks https://thehackernews.com/2022/03/hackers-begin-weaponizing-tcp-middlebox.html Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion https://thehackernews.com/2022/03/microsoft-finds-foxblade-malware-hit.html (LINE Bank) Application Security Engineer_應用系統安全工程師 http://www.104.com.tw/jb/104i/job/view?j=6ty6x 醫療資訊室(資訊組)院聘資訊工程師(資安) https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=48309&HIRE_ID=11031135 精誠資訊擴大徵才！全年召募逾1000名員工 https://ec.ltn.com.tw/article/breakingnews/3848332 疫後首場實體徵才登場五大金控徵才亮點一次看 https://wantrich.chinatimes.com/news/20220302900770-420101 【資安所】資安測試工程師 https://www.104.com.tw/jb/104i/job/view?j=7jsuc 【ISMS/PIMS】資安風險管理顧問 https://www.104.com.tw/job/7jpm6 【金融業】資安風險管理顧問 https://www.104.com.tw/job/7jpm4 大學甄選入學委員會徵聘資安人員1名 https://www.ccu.edu.tw/new_content_demo.php?type=bulletin&id=37905 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全假QR code行釣魚之實! 四大常見QR code騙術 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=9736 OL控職場霸凌！為蒐證用主管電腦寄email遭開除　法官：解僱違法 https://tw.appledaily.com/local/20220302/JCZPIEWW6FD7TMVRTKZ757DSTU/ 幣安（Binance）警告:加密貨幣投資者小心簡訊釣魚詐騙 https://blog.trendmicro.com.tw/?p=71399 網釣攻擊鎖定幫助烏克蘭難民的國家而來 https://reurl.cc/3j93eX 白俄羅斯駭客鎖定烏克蘭武裝部隊，發動網路釣魚攻擊 https://www.bleepingcomputer.com/news/security/ukraine-links-belarusian-hackers-to-phishing-targeting-its-military/ Facebook 封禁散播俄軍在烏不實資訊的虛假賬戶 https://chinese.engadget.com/facebook-takes-down-fake-accounts-boosting-russian-disinformation-in-ukraine-110040977.html 大量機密數據遭公開加州律師協會：正全力調查 https://www.epochtimes.com/b5/22/2/28/n13610394.htm Microsoft 365 中的Power Automate，有資料外洩的疑慮 https://blog.twnic.tw/2022/02/28/21885/ E.研究報告/工具 HENNGE 邀請資策會講師分享 2022 企業資安法規概覽及法遵建議 https://hennge.com/tw/blog/security-law-webinar.html APT36 (Earth Karkaddan) 駭客集團的攻擊手法與惡意程式分析 https://blog.trendmicro.com.tw/?p=71210 If you haven‘t heard of descriptors, you don‘t know Python https://medium.com/@florian.rieger/if-you-haven-t-heard-of-descriptors-you-don-t-know-python-1ea4fd1614c2 Python: 5 ways to make money without a job https://medium.com/@saadbenaicha/python-5-ways-to-make-money-without-a-job-377d2a8639c0 Researchers Demonstrate New Side-Channel Attack on Homomorphic Encryption https://thehackernews.com/2022/03/researchers-demonstrate-new-side.html How to Automate Offboarding to Keep Your Company Safe https://thehackernews.com/2022/03/how-to-automate-offboarding-to-keep.html Report: Nearly 75% of Infusion Pumps Affected by Severe Vulnerabilities https://thehackernews.com/2022/03/report-nearly-75-of-infusion-pumps.html Experts Create Apple AirTag Clone That Can Bypass Anti-Tracking Measures https://thehackernews.com/2022/02/experts-create-apple-airtag-clone-that.html OPENSSLDIR Privilege Escalation CVE-2021-2307 - Paper https://www.exploit-db.com/docs/50747 LightSpeed Cache Vulnerability - Paper https://www.exploit-db.com/docs/50679 Abusing LAPS - Paper https://www.exploit-db.com/docs/50680 F.商業 Fortinet 發布新世代防火牆 FortiGate 3000F 助全球企業建立混合式資安架構，加速數位創新 https://reurl.cc/KpRQGy 新惡意程式可突破防火牆　中租迪和提高端點防護顧資安 https://finance.ettoday.net/news/2199492?from=rss&redirect=1 進用退除役官兵比例22% 旭聯資安獲頒獎座表彰 https://www.mypeoplevol.com/Article/17783 雲端人資系統「Femas HR」通過國際級資安標準ISO27001驗證，創今年全台首例 https://stock.pchome.com.tw/news/cat9/20220301/64612922013934287001.html 因應 5G 網路高密度佈署模式， NXP 攜手仁寶打造整合小型基站解決方案 https://www.cool3c.com/article/173600 G.政府停電是駭客網攻？政院：調查報告完成前不排除任何可能 https://www.epochtimes.com/b5/22/3/3/n13618688.htm 追停電原因政院：人員疏失就咎責 https://reurl.cc/02RXYK 大停電、台電官網停擺刑事局：目前未有駭客入侵跡象 https://udn.com/news/story/7238/6136922 NCC打造國家通訊領域安全軟體實驗室提升資安防護力 https://www.peopo.org/news/573866 俄烏開戰政院：國安基金隨時因應 https://wantrich.chinatimes.com/news/20220301900433-420501 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 CISA Warns of High-Severity Flaws in Schneider and GE Digital's SCADA Software https://thehackernews.com/2022/02/cisa-warns-of-high-severity-flaws-in.html IoV Security車聯網資安不亞於性能安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=9735 5G智慧應用下，華電聯網推動自主研發資安平台 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9734 擘劃5G智慧應用與未來先進科技服務願景，協助企業實現數位轉型及實踐ESG責任華電聯網推動 5G 智慧應用　加速數位化願景與創新步伐 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/A366255F5EDC43C89B74317DF3C8F9EC 鴻海研究院NExT Forum 宣示守護AI生態圈 https://wantrich.chinatimes.com/news/20220303900676-420101 全球已經把 AI 安全發展當成軍備競賽，台灣跟上了嗎 https://buzzorange.com/techorange/2022/03/02/ai-security-foxconn-next-forum/ 7成5醫用輸液幫浦存在已知安全漏洞 https://unit42.paloaltonetworks.com/infusion-pump-vulnerabilities/ Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (XSS) https://www.exploit-db.com/exploits/50797 I.教育訓練中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班：全面招生中 https://www.cs.nycu.edu.tw/announcements/detail/8778 2022「證券期貨資訊安全實務養成課程」即日起開始報名 https://www.sfi.org.tw/news/news-7/3589 網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works) https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html 【資安管理國際證照懶人包】學習心得、考試要點一次整理！2022 轉職夢幻工作看這篇 https://buzzorange.com/techorange/2021/12/30/isaca/ CISSP考試心得 – Benson https://reurl.cc/GbWvxd CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 110年新進人員「校園資訊安全講座」教材 https://cc.nccu.edu.tw/p/406-1001-740,r18.php 【訓練教材D】資訊安全技術教育訓練教材 https://iscb.nchu.edu.tw/2019/07/d.html 109資通安全管理法數位教育訓練 https://reurl.cc/ARlmqp 110-1初級資訊安全工程師-資訊安全管理概論 https://yamol.tw/exam.php?id=104050 中大信息工程學系栽培資訊科技領導人才 https://reurl.cc/ARZKDK 伊雲谷、中山大學產學合作累積雲端資安人才能量 https://ctee.com.tw/industrynews/technology/587459.html SANS Cyber Aces Online Tutorials https://tutorials.cyberaces.org/tutorials.html Free Online Cybersecurity Courses (MOOCs) https://www.cyberdegrees.org/resources/free-online-courses/ Develop Your Cybersecurity Skills https://www.cybrary.it/catalog/cybersecurity/ Mobile App Security https://www.cybrary.it/course/mobile-app-security/ Introduction to Cybersecurity https://reurl.cc/bnaj6d How to Tackle SaaS Security Misconfigurations https://thehackernews.com/2021/11/how-to-tackle-saas-security.html How to Build a Security Awareness Training Program that Yields Measurable Results https://thehackernews.com/2021/11/how-to-build-security-awareness.html Common Attacks https://choson.lifenet.com.tw/?p=1174 6.近期資安活動及研討會 WTM International Women's Day 2022 2022/3/5 https://www.meetup.com/GDGTaipei/events/284257930/ Just a chat - with no Expectations 2022/3/5 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/284285574/ Coffee & Code 2022/3/6 https://www.meetup.com/Innovate-Taiwan/events/284285192/ 區塊鏈WEB3資安管理教戰手冊 2022/3/9 https://www.accupass.com/event/2202130729525903217230 Android Code Club(Taipei) 2022/3/9 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/284070785/ 科技、媒體、組織聯手共同防制不實訊息論壇 2022/3/11 https://acfd2019.kktix.cc/events/831e3194-copy-2 2022嘉藥反毒與資安機器人競賽 2022/3/12 https://reurl.cc/9OO7kj Scala Taiwan #39 - 用Scala寫基因體醫學 2022/3/15 https://www.meetup.com/Scala-Taiwan-Meetup/events/284242666/ Flutter Festival Taipei 2022/3/16 https://www.meetup.com/Flutter-Taipei/events/283785315/ 國家高速網路與計算中心教育訓練「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/3/18 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3972&from_course_list_url=homepage OSCP 高階滲透測試精進班 2022-02-12~2022-03-20 https://college.itri.org.tw/course/all-events/35FC13F1-05A3-44CF-85B1-2D01B6F92632.html 國家高速網路與計算中心教育訓練「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=homepage 風險導向資安稽核 2022/7/20 https://www.cisanet.org.tw/Course/Detail/2756