資安事件新聞週報 2022/11/28 ~ 2022/12/2

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/11/28 ~ 2022/12/2 1.重大弱點漏洞/後門/Exploit/Zero Day 近兩年更多臺廠加入成為CVE編號管理者，涵蓋網通、IC設計、資安廠商 https://www.ithome.com.tw/news/154501 有人兜售未修補已知身分驗證漏洞的Fortinet資安系統名單 https://blog.cyble.com/2022/11/24/multiple-organisations-compromised-by-critical-authentication-bypass-vulnerability-in-fortinet-products-cve-2022-40684/ Google Chrome 存在一個高風險的零時差弱點 https://www.twcert.org.tw/tw/cp-104-6748-fb440-1.html Google發布Chrome 108，修補高風險記憶體漏洞 https://www.securityweek.com/chrome-108-patches-high-severity-memory-safety-bugs Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html 思科修補身分驗證系統ISE的命令注入漏洞 https://yoroi.company/research/cve-advisory-partial-disclosure-cisco-ise-multiple-vulnerabilities/ Dell、HP、聯想等廠牌的個人電腦韌體使用老舊版本的OpenSSL程式庫，恐因相關漏洞而曝險 https://www.binarly.io/posts/OpenSSL_Usage_in_UEFI_Firmware_Exposes_Weakness_in_SBOMs/index.html Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions https://thehackernews.com/2022/11/dell-hp-and-lenovo-devices-found-using.html 宏碁擬修補能停用安全開機的UEFI漏洞 https://www.bleepingcomputer.com/news/security/acer-fixes-uefi-bugs-that-can-be-used-to-disable-secure-boot/ New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection https://thehackernews.com/2022/11/new-flaw-in-acer-laptops-could-let.html Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services https://thehackernews.com/2022/11/researchers-detail-appsync-cross-tenant.html CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability https://thehackernews.com/2022/11/cisa-warns-of-actively-exploited.html Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection https://thehackernews.com/2022/11/researchers-find-way-malicious-npm.html Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days https://thehackernews.com/2022/12/google-accuses-spanish-spyware-vendor.html Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework https://thehackernews.com/2022/12/researchers-disclose-critical-rce.html What Developers Need to Fight the Battle Against Common Vulnerabilities https://thehackernews.com/2022/12/what-developers-need-to-fight-battle.html Java框架Quarkus存在RCE漏洞 https://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security Intel的資料中心管理主控臺存在身分驗證漏洞 https://www.rcesecurity.com/2022/11/from-zero-to-hero-part-1-bypassing-intel-dcms-authentication-cve-2022-33942/ 存在於Windows網際網路金鑰交換機制的漏洞，已被用於RCE攻擊 https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis/ Docker Hub存在逾1,600個易受攻擊的映像檔，挖礦軟體與寫死帳密最多 https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images/ AWS修補AppSync跨租戶攻擊漏洞 https://securitylabs.datadoghq.com/articles/appsync-vulnerability-disclosure/ NVIDIA 釋出新版 GPU 驅動程式，修復多達 29 個資安漏洞 https://www.twcert.org.tw/tw/cp-104-6756-eec1f-1.html 微軟：中國漏洞揭露政策可能助長國家級駭客濫用零時差漏洞 https://reurl.cc/zrpkd0 Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days https://thehackernews.com/2022/12/google-accuses-spanish-spyware-vendor.html 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安產學合作獲發明專利，聯卡中心攜手金融機構打造無密碼身分驗證金融生態圈 https://www.cardu.com.tw/message/detail.php?48168 金融業董事會資安背景者更吃香 https://ctee.com.tw/news/finance/758466.html 藉永續金融評鑑強化金融業ESG治理 https://view.ctee.com.tw/esg/46817.html 靠AI掃描可疑交易挖角檢警扮解謎偵探！金融業虛實出招打擊詐騙變形蟲 https://www.wealth.com.tw/articles/7396c4ef-cba4-450a-933c-c90377dfad13 大核心戰略資安防護再升級 https://reurl.cc/336Qg0 揭密！人機卡三位一體，CUBE App 打造全新數位金融生態系 https://www.inside.com.tw/article/29770-cathaybk_CUBE%20App 「幾支異常程式」讓國泰網銀App停擺半天！多次出包，金管會怎麼懲處 https://www.bnext.com.tw/article/73031/cathaybank-shutdown-app-2022q4 又當機！網銀App出現異常國泰世華公開致歉 https://ec.ltn.com.tw/article/breakingnews/4141696 國泰世華銀一再出包金管會將召見銀行高層說明 https://reurl.cc/vmpbEj 國泰世華又當機了！網銀、APP一度全掛…聲明道歉曝原因：12/3「這時間」部分功能將暫停 https://today.line.me/tw/v2/article/RBjegMw 打造數位金融生態系！透過「上雲」迎接開放金融的新世紀 https://www.businesstoday.com.tw/article/category/183017/post/202211180045/ 3.電子支付/行動支付/pay/資安解封後首度出訪沖繩柯文哲:行銷悠遊卡迎接疫後觀光商機 https://reurl.cc/OE5og9 財訊金融獎「最佳行動支付業者」台灣Pay榮登消費者滿意度優質獎 https://udn.com/news/story/7239/6806809?from=udn-ch1_breaknews-1-cate6-news 不是主流但特別功用的台灣Pay：查詢銀行餘額方便還可以無卡ATM提款 https://www.cool3c.com/article/185997 阿佩支付輕鬆掃就醫批價免排隊 https://reurl.cc/mZRQa7 你下單我付款？網購用行動支付竟遭「誤綁誤刷」 https://reurl.cc/vmpxrj 全面搶攻行動支付家樂福「手機就是會員卡」 https://reurl.cc/de1oRM LINE Pay 用戶破1,100萬行動支付金額飆 https://ctee.com.tw/news/tech/756347.html 元大銀行金流服務再升級「統編轉帳」、「帳戶連結支付」更便利 https://reurl.cc/WqAopD 電子支付大戰白熱化！全支付42天圈粉200萬，進逼街口、一卡通雙雄 https://www.gvm.com.tw/article/96979 香港八達通Mastercard擴大應用　支援Apple Pay消費 https://reurl.cc/EXgvOm 電子錢包成詐團犯案工具銀行帳戶一夕被搬空 https://reurl.cc/qZnqMq 泰國Google錢包插旗！邁向電子支付無現金社會央行拚2026現金流減半 https://reurl.cc/pZ9RQQ 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安幣安全資收購交易所SEBC進軍日本受金融廳監管 https://news.ttv.com.tw/news/11112010004300W DeFi 協議 Ankr 被盜！駭客鑄造 20 兆枚 aBNBc、獲利 500 萬美元 https://blockcast.it/2022/12/02/ankr-procotol-has-reported-an-exploit-on-its-platform/ 安全團隊：Ankr協議疑似遭攻擊，駭客已成功提取超500萬USDC https://news.cnyes.com/news/id/5025437 Ankr私鑰外洩！10兆aBNBc代幣被鑄造，駭客已用Tornado洗出25萬鎂 https://block.cc/news/638976ac9108f8373380d0b2 Ankr 私鑰洩漏，駭客鑄造 10 兆 aBNBc 代幣後砸盤並利用 Tornado Cash 和跨鏈橋轉移資金 https://zombit.info/ankr-got-hacked-10t-abnbc-minted/# Coinbase證實「駭客」獲3.06億Coinbase用戶數據系虛假勒索 https://amp-news.cnyes.com/news/id/5024004 幣安：「中心化交易所」10年內消失！去中心化、中心化交易所差在哪 https://www.bnext.com.tw/article/73043/binance-exec-says-company-may-not-be-around-in-10-years FTX破產》北韓駭客淪最大災戶！報告：加密產業提高攻擊、洗錢門檻 https://www.blocktempo.com/kei-report-indicates-fallen-of-ftx-makes-north-korean-hackers-getting-hard-to-attck/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Redis伺服器重大漏洞遭到惡意軟體Redigo鎖定 https://blog.aquasec.com/redigo-redis-backdoor-malware 竊密軟體DuckLogs以訂閱服務提供，並能選用上百種應用程式的攻擊模組 https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild/ 北韓駭客組織利用惡意軟體Dolphin發動攻擊，並濫用Google Drive進行遙控 https://www.welivesecurity.com/2022/11/30/whos-swimming-south-korean-waters-meet-scarcrufts-dolphin/ 安卓木馬Schoolyard Bully竊取臉書帳號 https://www.zimperium.com/blog/schoolyard-bully-trojan-facebook-credential-stealer/ 麗臺證實遭遇勒索軟體攻擊 https://www.ithome.com.tw/news/154538 跨國醫療集團Keralty遭到勒索軟體RansomHouse攻擊，影響哥倫比亞醫院運作 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ 科威特、摩洛哥IKEA遭到網路攻擊，疑勒索軟體Vice Society所為 https://therecord.media/ikea-investigating-cyberattacks-on-outlets-in-kuwait-morocco/ 駭客藉由特製的抖音影片散布竊密程式WASP，套件供應平臺、資安研究員、開發者均有可能淪為幫兇 https://checkmarx.com/blog/attacker-uses-a-popular-tiktok-challenge-to-lure-users-into-installing-malicious-package/ 印度醫學中心AIIMS疑遭勒索軟體攻擊，相關服務中斷近一週 https://www.thehindu.com/news/cities/Delhi/aiims-continues-silence-on-media-reports-of-200-crore-demand-by-hackers/article66201742.ece 勒索軟體Trigona攻擊房地產業者 https://www.bleepingcomputer.com/news/security/trigona-ransomware-spotted-in-increasing-attacks-worldwide/ 美國北卡羅來納州學院證實遭到勒索軟體攻擊 https://therecord.media/north-carolina-college-confirms-ransomware-group-stole-sensitive-data/ 加拿大食品供應商Maple Leaf Foods證實遭勒索軟體攻擊，並表明不會支付贖金 https://cybernews.com/news/maple-leaf-foods-ransomware/ 加拿大教師公會OSSTF證實遭到勒索軟體攻擊，會員個資遭到外洩 https://www.thepeterboroughexaminer.com/ts/news/gta/2022/11/23/osstf-victim-of-ransomware-attack-notifies-members-of-personal-data-compromised.html 美國辛辛那堤州社區學院遭到勒索軟體Vice Society攻擊 https://www.bleepingcomputer.com/news/security/vice-society-ransomware-claims-attack-on-cincinnati-state-college/ 惡意軟體SocGholish攻擊WordPress網站 https://blog.sucuri.net/2022/11/new-wave-of-socgholish-cid27x-injections.html 勒索軟體RansomBoggs鎖定烏克蘭組織而來 https://thehackernews.com/2022/11/russia-based-ransomboggs-ransomware.html 美國與西班牙將共同聯手對抗勒索軟體攻擊 https://www.isda.org.tw/2022/12/01/d869ccf25b8510a181d7b3b950f9160d/ Google揭露西班牙商業間諜軟體供應商Variston IT的攻擊框架 https://times.hinet.net/news/24283559 數聯資安分享近期ERS相關IOC https://www.tcrc.edu.tw/new/new-list/ers-ioc 不意外！這些檔案類型最常被駭客用來隱藏惡意軟體 https://www.kocpc.com.tw/archives/471937 Logitech Logi+ downloads being abused with valid certificates to deliver Trojan.Ransom.Lockbit droppers. https://reurl.cc/eWGgob LockBit 3.0 attacks and leaks reveal wormable capabilities and tooling https://news.sophos.com/en-us/2022/11/30/lockbit-3-0-black-attacks-and-leaks-reveal-wormable-capabilities-and-tooling/ Fraudulent Digital Lending Android App steals sensitive data https://blog.cyble.com/2022/11/30/fraudulent-digital-lending-andriod-app-steals-users-sensitive-data/ All You Need to Know About Emotet in 2022 https://thehackernews.com/2022/11/all-you-need-to-know-about-emotet-in.html Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations https://thehackernews.com/2022/11/russia-based-ransomboggs-ransomware.html New RansomExx Ransomware Variant Rewritten in the Rust Programming Language https://thehackernews.com/2022/11/new-ransomexx-ransomware-variant.html Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware https://thehackernews.com/2022/11/hackers-using-trending-invisible.html Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware https://thehackernews.com/2022/11/hackers-using-trending-invisible.html Researchers 'Accidentally' Crash KmsdBot Cryptocurrency Mining Botnet Network https://thehackernews.com/2022/12/researchers-accidentally-crashed.html Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities https://thehackernews.com/2022/12/cuba-ransomware-extorted-over-60.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 U.K. Police Arrest 142 in Global Crackdown on 'iSpoof' Phone Spoofing Service https://thehackernews.com/2022/11/uk-police-arrest-142-in-global.html Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages https://thehackernews.com/2022/11/elon-musk-confirms-twitter-20-will.html This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms https://thehackernews.com/2022/11/this-malicious-app-abused-hacked.html Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users https://thehackernews.com/2022/12/schoolyard-bully-trojan-apps-stole.html Android記憶體安全漏洞數量大幅下降，Rust程式碼比例上升成關鍵 https://www.ithome.com.tw/news/154539 數百款貸款App鎖定急需用錢的人，從手機竊密並要求高額利息與費用 https://lookout.com/blog/predatory-loan-apps 可將手機當作電腦鍵盤或滑鼠的App含有能用於RCE攻擊的漏洞 https://www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/ 販售帳號的網站經營者散布惡意App，挾持受害手機來產生帳號 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ 臉書雙重認證也沒用！罔腰私人帳號遭駭客盜取　痛呼：14年回憶全沒了 https://star.setn.com/news/1216817 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力搭世足潮非法OTT機上盒狂銷5千台　侵權費逾164億 https://www.upmedia.mg/news_info.php?Type=24&SerialNo=160717 認知戰還是駭客攻擊 https://www.chinatimes.com/newspapers/20221201000552-260118?chdtv 超商看板被駭資安處理竟是「拔插頭」 https://reurl.cc/7j4qqk 資安事件頻傳 3關鍵增企業競爭力 https://reurl.cc/7j4qQl 雲端資安關鍵五大建議，保障企業資料安全、防止資料外洩 https://www.metaage.com.tw/news/technology/451 台灣缺資安人才，怎麼解？奧義智慧創辦人邱銘彰，用人體比喻讓你搞懂資安 https://buzzorange.com/techorange/2022/12/01/information-security-birdman/ 遠距工作興起，員工使用未註冊裝置增加混合工作資安風險 https://technews.tw/2022/12/01/cisco-work/ 直擊企業資安框架最核心！如何掌握資安法遵、推動下個佈建重點 https://buzzorange.com/techorange/2022/12/01/ms-to-webinar/ 雄獅旅行社公告遭駭客攻擊，呼籲消費者防範詐騙 https://www.cna.com.tw/news/ahel/202211290264.aspx Sony、Lexar、Sandisk儲存裝置的加密解決方案供應商曝露其配置與憑證超過一年 https://cybernews.com/security/encsecurity-leaked-sensitive-data/ 法國電力供應商違反GDPR受罰，起因是採用MD5演算法存放使用者密碼 https://thehackernews.com/2022/11/french-electricity-provider-fined-for.html 菲律賓組織遭到中國駭客UNC4191鎖定，利用USB裝置發動攻擊 https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia 密碼管理解決方案供應商LastPass二度遭駭 https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-accessed-customer-data-in-new-breach/ Google揭露義大利商業間諜軟體供應商Variston IT的攻擊框架 https://blog.google/threat-analysis-group/new-details-on-commercial-spyware-vendor-variston/ 西班牙警方破獲網路詐騙1,200萬歐元的攻擊行動 https://www.bleepingcomputer.com/news/security/spanish-police-dismantle-operation-that-made-12m-via-investment-scams/ 駭客以世界盃足球賽的名義發動網路攻擊，鎖定觀眾、加密貨幣投資人、賭客、當地企業而來 https://cloudsek.com/whitepapers_reports/fifa-world-cup-qatar-2022-cyber-threat-landscape/ 加拿大多倫多學區遭到網路攻擊，電話、電子郵件、學生筆電無法使用 https://www.ddsb.ca/Modules/News/index.aspx?newsId=d4ba4f9f-a3ea-46ae-b819-316a3eefd0b0&feedId=9af71d9c-32c0-44a2-b019-e3a0eb84ffd2,23903367-d258-477e-b1e0-66c8a9299356 歐盟正式通過網路安全指令NIS2 https://www.consilium.europa.eu/en/press/press-releases/2022/11/28/eu-decides-to-strengthen-cybersecurity-and-resilience-across-the-union-council-adopts-new-legislation/ 加拿大男裝業者Harry Rosen遭到網路攻擊 https://www.itworldcanada.com/article/canadian-menswear-chain-harry-rosen-confirms-cyber-attack/515325 美國國家安全局發布軟體記憶體安全指引 https://www.isda.org.tw/2022/12/01/f8aa923f0dab312ba7eab68757e06318/ 駭客攻擊癱瘓網路害太平洋島國「與世隔絕」數週 https://reurl.cc/064eNo 梵蒂岡網站遭攻擊烏大使控俄駭客所為 https://reurl.cc/kqMWzd 聲援白紙運動駭客組織攻擊中國政府網站 https://reurl.cc/oZV3GQ 駭客組織匿名者聲援「白紙革命」，為防網路監控提供技術協助 https://www.blocktempo.com/anonymous-releases-china-online-safety-package/ 駭客「匿名者」出手了！攻擊大陸政府網站要求釋放白紙革命民眾 https://udn.com/news/story/123120/6808173?from=udn_mobile_indexrecommend 最強駭客組織出手了！癱瘓「中國政府網站」公布高層個資　力挺白紙革命 https://www.setn.com/News.aspx?NewsID=1216937 美國舊金山准警方用機器人殲滅歹徒議員論述遭批散播恐懼 https://www.rti.org.tw/news/view/id/2152314 U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk https://thehackernews.com/2022/11/us-bans-chinese-telecom-equipment-and.html Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines https://thehackernews.com/2022/11/chinese-cyber-espionage-hackers-using.html Interpol Seized $130 Million from Cybercriminals in Global "HAECHI-III" Crackdown Operation https://thehackernews.com/2022/11/interpol-seized-130-million-from.html 長期年聘北基駐點資安工程師/周休 https://www.chickpt.com.tw/job-LkK5Y4v7G1VW 資安人員 https://www.104.com.tw/job/7tzxi D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全刑事局破獲投資詐騙簡訊嫌犯，駭客透過AI語音假冒金融業者客服 https://www.cna.com.tw/news/asoc/202212010236.aspx 軟性銅箔基板製造商台虹科技副總涉及竊取營業秘密，並與中國廠商私下談合作 https://udn.com/news/story/7321/6803820 BEC駭客組織Lilac Wolverine挾持個人電子郵件帳號，用於發動大規模禮物卡攻擊 https://abnormalsecurity.com/blog/lilac-wolverine-gift-card-attacks Eufy智慧門鈴擅自將影像傳至雲端 https://www.macrumors.com/2022/11/29/eufy-camera-cloud-uploads-no-user-consent/ 假冒阿拉伯聯合大公國人力資源部門的網釣攻擊越來越氾濫 https://cloudsek.com/threatintelligence/advanced-phishing-campaign-targeting-individuals-businesses-in-the-middle-east-part-2/ 西班牙警方破獲1,200萬歐元的網路詐騙事故 https://www.bleepingcomputer.com/news/security/spanish-police-dismantle-operation-that-made-12m-via-investment-scams/ 導致540萬筆用戶個資外洩的推特漏洞，災情可能比先前揭露時嚴重，因為有人將其用於收集上千萬筆個資 https://www.bleepingcomputer.com/news/security/54-million-twitter-users-stolen-data-leaked-online-more-shared-privately/ Meta因資料外洩遭愛爾蘭罰2.65億歐元 https://www.ithome.com.tw/news/143850 近5億筆WhatsApp用戶記錄在暗網兜售 https://cybernews.com/news/whatsapp-data-leak/ 都設一堆密碼了，怎麼老是被駭？Google在幹嘛？5種詐騙手法大公開 https://www.bnext.com.tw/article/72916/google-internet-security-2022-11-28 Irish Regulator Fines Facebook $277 Million for Leak of Half a Billion Users' Data https://thehackernews.com/2022/11/irish-regulator-fines-facebook-277.html Australia Passes Bill to Fine Companies up to $50 Million for Data Breaches https://thehackernews.com/2022/11/australia-passes-bill-to-fine-companies.html Hackers Leak Another Set of Medibank Customer Data on the Dark Web https://thehackernews.com/2022/12/hackers-leak-another-set-of-medibank.html LastPass Suffers Another Security Breach; Exposed Some Customers Information https://thehackernews.com/2022/12/lastpass-suffers-another-security.html North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean Targets https://thehackernews.com/2022/12/north-korea-hackers-using-new-dolphin.html E.研究報告/工具開源威脅獵捕工具-DeepBlueCLI https://sectools.tw/deepbluecli/ 航向未來之海實現成長、資安、永續發展三軸轉型 https://www.businessweekly.com.tw/business/indep/1002891 探討惡意程式偵測機器學習模型之可解釋性 ── 以 SAFE 及 Asm2vec 為例 https://ndltd.ncl.edu.tw/cgi-bin/gs32/gsweb.cgi/login?o=dnclcdr&s=id=%22110NYCU5394131%22.&searchmode=basic Shodan — Computer Search Engine | OSINT Framework #2 https://cenabibrahimov.medium.com/shodan-computer-search-engine-osint-framework-2-ed5d9ab0980b The 5 Cornerstones for an Effective Cyber Security Awareness Training https://thehackernews.com/2022/11/the-5-cornerstones-for-effective-cyber.html 專訪：SGS 談ISO/IEC 27001改版企業因應措施 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10194 企業資安防護怎麼做？用對 ATT&CK 框架，可使防禦能量倍增 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10214 7 Cyber Security Tips for SMBs https://thehackernews.com/2022/11/7-cyber-security-tips-for-smbs.html Use SSH Port Forwarding to connect to resources https://faun.pub/use-ssh-port-forwarding-to-connect-to-resources-221534e9037 Implementing Microservice Architecture In .NET Part 1 , Project Overview https://medium.com/@rezamansouri/implementing-microservice-architecture-in-net-part-1-project-overview-2d94b79607e3 P1 Bug Hunting: A Step by Step Guide to SQL Injection https://thegrayarea.tech/p1-bug-hunting-a-step-by-step-guide-to-sql-injection-76f95c8986b0 Using Log Parsing to Stop Microsoft IIS Backdoor Attacks https://medium.com/eclecticiq/using-log-parsing-to-stop-microsoft-iis-backdoor-attacks-3bd6081dc47d Best Open Source tools for Data Engineering https://blog.devgenius.io/best-open-source-tools-for-data-engineering-f04a4b83a3e9 SSRF via DNS Rebinding (CVE-2022–4096) https://infosecwriteups.com/ssrf-via-dns-rebinding-cve-2022-4096-b7bf75928bb2 F.商業 Check Point 揭 2023 年安全趨勢：協作工具成駭客目標、新興資安法規加速推動 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10201 Deloitte看2023年10大網路安全發展趨勢：更複雜的供應鏈攻擊可能出現 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10203 Palo Alto Networks 推出PAN-OS 11.0 Nova多阻止26% 零日惡意軟體 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10206 零壹科技正式代理NetScout https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10204 AWS發布統一軟體開發服務CodeCatalyst，簡化專案創建、維護和協作 https://www.ithome.com.tw/news/154540 AWS端到端加密企業即時通訊解決方案Wickr正式上線 https://www.ithome.com.tw/news/154480 提升企業資安行動力，AWS 發表資安資料湖服務 https://technews.tw/2022/12/02/amazon-security-lake/ 攜手世界級資安大廠遠傳新推「守護網」服務 https://www.chinatimes.com/realtimenews/20221201002276-260405?chdtv 卡巴斯基：2023年郵件伺服器和衛星成主要攻擊目標 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10213 Palo Alto Networks 公佈2023年網路安全趨勢預測 https://www.ctimes.com.tw/DispNews-tw.asp?O=HK6C1AV9H44SAA00NY&U=HJO577XV4AGRN-00NZ 中華電佈局智慧能源，得標台電智慧電表通訊標案 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=a41fd148-4ba0-4954-868f-b5db69a73f1e 家用連網面臨資安威脅趨勢科技祭最新網安管家 https://www.chinatimes.com/newspapers/20221202000191-260204?chdtv 軍工題材帶動網路商機爆發？亞馬遜、臉書御用網路交換器廠是這家全球龍頭！ https://www.wantgoo.com/blog/343059/post/88 聯發科設置資訊安全長，由李益青擔任 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=4722b227-4a17-4d57-a3e9-dc649be9bf0a 迎傳統標案執行認列旺季安碁資訊營運穩健向上 https://www.chinatimes.com/newspapers/20221125000201-260204?chdtv 蓋亞資訊積極佈局，協助金融業雲原生推動，加速數位化轉型 https://www.bnext.com.tw/article/72855/gaia_202211 G.政府資安研究院明年初成立，國安會、國防部將指派代表擔任董事 https://www.cna.com.tw/news/afe/202211270045.aspx 無人機資安認驗證能量數位部明年3月起全面建置 https://reurl.cc/WqAoM7 我國資安人才需求急迫，數位部如何延攬、招募及培育相關資安人才 https://moda.gov.tw/press/clarification/3216 當選新竹市長後強調Open data 高虹安：台數位經濟得跟上國際 https://www.1111.com.tw/news/jobns/148873 防駭客入侵公共電子看板納管即起生效 https://reurl.cc/nZqMMn 禁陸資訊品已燒上千萬大學強化資安績效面臨2大困境 https://vip.udn.com/vip/story/122866/6809074 中國製無人機國慶演出惹議唐鳳：「群飛」擬採更高資安驗證管理 https://news.ltn.com.tw/news/life/breakingnews/4142161 立委批政府網站遭駭後無作為？唐鳳：「零信任架構」提供各部會驗證 https://www.taisounds.com/Taiwan/Politics/uid5975829731 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks https://thehackernews.com/2022/11/over-dozen-new-bmc-firmware-flaws.html 駭侵者利用各種物聯網裝置中早已停止維護的 web server 漏洞攻擊能源產業 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10208 OT資安大挑戰 ! 洛克威爾自動化導入元宇宙提升營運安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10205 French Electricity Provider Fined for Storing Users' Passwords with Weak MD5 Algorithm https://thehackernews.com/2022/11/french-electricity-provider-fined-for.html 3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS https://thehackernews.com/2022/11/3-new-vulnerabilities-affect-ot.html 數位廣播服務供應商Sirius XM漏洞成為駭客入侵汽車的管道 https://gizmodo.com/sirius-xm-bug-honda-nissan-acura-hack-1849836987 台達電修補工控網路設備的嚴重漏洞 https://www.securityweek.com/delta-electronics-patches-serious-flaws-industrial-networking-devices Festo、Codesys工控系統存在OT:Icefall漏洞 https://www.forescout.com/blog/oticefall-continues-vedere-labs-discloses-three-new-vulnerabilities-affecting-ot-products-how-to-mitigate/ 智慧家居要小心，每三台家用連網裝置就有一台具資安風險 https://technews.tw/2022/12/01/smart-home/ 更加針對性! 趨勢科技車用資安新公司VicOne預測OTA將成攻擊標的 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10210 整合平台安全標準　SESIP促物聯網資安生態系成形 https://www.digitimes.com.tw/iot/article.asp?id=0000651387_5D349FVZ7PYX138FX6GCI 中華軟協資安長聯誼會驚艷臺南沙崙資安基地場域完善 https://www.cna.com.tw/postwrite/chi/330272 強韌智慧電網專家Moxa 淨零國家隊最佳隊友 https://www.businesstoday.com.tw/article/category/183015/post/202212020051/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 我國網路資安狂被駭監委申請自動調查 https://www.chinatimes.com/realtimenews/20220810003152-260407?chdtv 6.近期資安活動及研討會 [Python 入門] 線上 2022/12 月份 2022/12/3 https://www.meetup.com/pyladiestw/events/289602296/ Taipei Video Tech #8 2022/12/5 https://www.meetup.com/taipei-video-technology/events/289181348/ 物聯網安全高峰論壇 2022/12/6 https://www.mem.com.tw/event/web%20test/index.html Digital Drinks Q4 Professional Networking 2022/12/8 https://www.meetup.com/taiwan-digital-drinks/events/289763244/ 【2022 BSI國際資安標準管理年會】國際資安標準轉版登場建構數位信任生態系 X ISO 27001: 2022開啟資訊安全新篇章 2022/12/9 https://www.accupass.com/event/2209140534491861303029 Taipei dbt Meetup #8 (in-person 👫 & online 👨‍💻)2022/12/10 https://www.meetup.com/taipei-dbt-meetup/events/289554036/ 鴻海研究院-NExT Forum：量子通信技術與應用 2022/12/12 https://www.accupass.com/event/2211140443441110230297 Networking Happy Hour @ Taipei Blockchain Week - Barcade 2022/12/13 https://www.meetup.com/taiwan-blockchain-cryptocurrency/events/289618006/ 強化郵件與雲端資安！Google Workspace & HENNGE 線上研討會 2022/12/13 https://www.accupass.com/event/2211150553486394682940 Jamf Nation Taipei｜2023 全球資安模型 CIO/CISO 高峰會 2022/12/15 https://jamf.kktix.cc/events/jamfnation2022 TANET 2022 WORKSHOP PROGRAM -「第二屆數位鑑識、醫療私密與網駭安全」 2022/12/15 ~ 2022/12/17 https://tanet2022.esam.io/ ICS 2022 WORKSHOP PROGRAM -「Ubiquitous Cybersecurity and Forensics」 2022/12/15 ~ 2022/12/17 https://ics2022.esam.io/ HITCON GIRLS 2022 女性主管經驗談 2022/12/17 https://hitcon.kktix.cc/events/hitcongirlsworkexperience2022 【新竹限定】一日駭客體驗營｜６小時了解資安滲透 2022/12/17 https://www.accupass.com/event/2211150642209239161690 全球視野解鎖未來工作趨勢! Atlassian Work Life 大會精華分享 2022/12/17 https://www.meetup.com/taipei-atlassian-community-events/events/289787941/ 一日駭客x網路弱點滲透 2022/12/17 https://www.accupass.com/event/2210270652481821159224 幣圈資安必備知識，如何安全投資加密貨幣 2022/12/18 https://www.accupass.com/event/2212010638041616746126 製造業資安防禦新攻略！從邊緣到 IT 全面守護供應鏈 2022/12/21 https://www.accupass.com/event/2211180201203157149490 一鍵完成設備部署、資安、合規的實作秘笈 | In Taipei Apple Office 2022/12/23 https://jamf.kktix.cc/events/onetouch2022-2 【線上研討會】ISO/IEC 27001：2022 改版研討會 2022/12/23 https://www.accupass.com/event/2211090318242100958423 【高雄限定】一日駭客體驗營｜６小時了解資安滲透 2023/1/14 https://www.accupass.com/event/2211150721101457239234