資安事件新聞週報 2021/6/21 ~ 2021/6/25

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2021/6/21 ~ 2021/6/25 1.重大弱點漏洞/後門/Exploit/Zero Day VMware Releases Security Updates https://us-cert.cisa.gov/ncas/current-activity/2021/06/23/vmware-releases-security-updates VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated) https://www.exploit-db.com/exploits/50056 Solaris SunSSH 11.0 x86 - libpam Remote Root (3) https://www.exploit-db.com/exploits/50039 Cisco Releases Security Updates for Multiple Products https://us-cert.cisa.gov/ncas/current-activity/2021/06/17/cisco-releases-security-updates-multiple-products 群暉 Synology 宣布 DSM 7.0 將於 6/29 推出正式版以及 C2 公有雲四項新服務 https://news.xfastest.com/interview/96968/%E7%BE%A4%E6%9A%89-synology-%E5%AE%A3%E5%B8%83-dsm-7-0-%E5%B0%87%E6%96%BC-6-29-%E6%8E%A8%E5%87%BA%E6%AD%A3%E5%BC%8F%E7%89%88%E4%BB%A5%E5%8F%8A-c2-%E5%85%AC%E6%9C%89%E9%9B%B2%E5%9B%9B%E9%A0%85%E6%96%B0/ Dell裝置的管理軟體SupportAssist再爆4漏洞，將允許駭客自遠端執行程式 https://www.ithome.com.tw/news/145255 WD呼籲「My Book Live」用戶快把網路線拔掉，否則硬碟內容可能會被駭客清空 https://www.techbang.com/posts/87940-wd-calls-for-my-book-live 合勤警告SSL VPN、防火牆裝置遭駭客鎖定 https://www.ithome.com.tw/news/145256 一週釋出兩次更新！Google 緊急修補 4 項 Chrome 高風險漏洞 https://3c.ltn.com.tw/news/44868 Google本月二次修補已被開採的Chrome漏洞 https://www.ithome.com.tw/news/145108 微軟資安問題近五年未改善！2020年安全漏洞達1,268件創新高 https://newtalk.tw/news/view/2021-06-18/591174? SAPSprint 7.60 - 'SAPSprint' Unquoted Service Path https://www.exploit-db.com/exploits/50061 BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models https://thehackernews.com/2021/06/bios-disconnect-new-high-severity-flaws.html Patch Tor Browser Bug to Prevent Tracking of Your Online Activities https://thehackernews.com/2021/06/patch-tor-browser-bug-to-prevent.html Critical Auth Bypass Bug Affects VMware Carbon Black App Control https://thehackernews.com/2021/06/critical-auth-bypass-bug-affects-vmware.html SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks https://thehackernews.com/2021/06/sonicwall-left-vpn-flaw-partially.html Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks https://thehackernews.com/2021/06/unpatched-critical-flaw-affects-pling.html NVIDIA Jetson Chipsets Found Vulnerable to High-severity Flaws https://thehackernews.com/2021/06/nvidia-jetson-chipsets-found-vulnerable.html Update‌ ‌Your Chrome Browser to Patch Yet Another 0-Day Exploit‌ed ‌in‌-the‌-Wild https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html Reduce Business Risk By Fixing 3 Critical Endpoint-to-Cloud Security Requirements https://thehackernews.com/2021/06/reduce-business-risk-by-fixing-3.html One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account https://thehackernews.com/2021/06/one-click-exploit-could-have-let.html 2.銀行/金融/保險/證券/支付系統/ 新聞及資安金融業65家企業需設「資安長」 https://wea4risk.com/index/news-post.php?news=289 台新金:公告台新金控設置資安長 https://news.cnyes.com/news/id/4665005 銀行帳戶憑空出現10億美元美國女子嚇壞了 https://www.epochtimes.com/b5/21/6/23/n13040833.htm SelfieSign影音簽名解決線上投保親簽 https://money.udn.com/money/story/11799/5550725 巴西犯罪組織偷iPhone不轉售！「駭進用戶銀行帳戶」竊取金錢 https://finance.ettoday.net/news/2011969 Livi bank伙Mastercard推代碼支付 https://reurl.cc/eEzozx 3.電子支付/行動支付/pay/資安二巨人來了金管會同日核准全聯、全家申設電子支付 https://money.udn.com/money/story/5613/5555918 電支機構生力軍全盈支付、全支付獲准設立 https://www.chinatimes.com/realtimenews/20210625000988-260410?chdtv 電子支付大拚鬥街口、LINE面臨挑戰 https://udn.com/news/story/7239/5556346 700多萬會員助攻全聯PX Pay獲電子支付許可拚年底前上線 https://udn.com/news/story/7270/5555712 全家、玉山、拍付三強結盟，金管會核准「全盈支付」專營電子支付業務 https://finance.technews.tw/2021/06/24/familymart-e-sun-bank-piapp/ 金管會准全聯、全家做電子支付最快今年底拿執照 https://udn.com/news/story/7239/5555638 HKTVmall增設3種電子支付方式　下月推7折購買現金禮券 https://reurl.cc/LbWoa7 現金難消毒電子支付堵疫情破口 https://udn.com/news/story/7339/5548412 網路替代馬路行動支付APP也能繳交通違規罰單 https://reurl.cc/Q9RoY5 4.加密貨幣/挖礦/區塊鍊/智能合約資安 MicroStrategy已購入5億美元BTC！持倉105,085枚、等值34億鎂；DCG砸5千萬鎂購ETCG https://www.blocktempo.com/microstrategy-and-dcg-group-to-expand-crypto-investment/ 四川礦場被斷電　「比特幣中國」全面退出加密貨幣交易業務 https://tw.appledaily.com/property/20210623/7M5PXDKZTRGBJN7EUIVVVVMTQA/ 中國比特幣挖礦帝國傾頹礦工出走海外潮來襲 https://news.sina.com.tw/article/20210624/38999032.html 中共打壓、美國緊盯財經名嘴出清比特幣 https://www.epochtimes.com/b5/21/6/22/n13039504.htm 加密貨幣泰坦幣暴跌歸零 NBA庫班也中招 https://ec.ltn.com.tw/article/breakingnews/3579144 今日財經市場5件大事：加密貨幣礦場開始搬家美聯儲官員將發表講話 https://hk.investing.com/news/economy/article-173052 五月飛雪？不止幣價暴跌 BSC鏈專案還頻遭攻擊 https://www.chaindaily.cc/posts/10e63261a687a23931cd8802fd2786be 南非兄弟檔人間蒸發 36億美元比特幣也消失了 https://ec.ltn.com.tw/article/breakingnews/3580489 史上最大加密幣詐騙！兄弟檔捲走千億元比特幣人間蒸發 https://udn.com/news/story/6811/5558283 美稅局默許勒索軟件贖金或可扣稅 https://reurl.cc/XWGgGM 6.9 萬枚比特幣憑空消失！南非投資平台 AfriCrypt 疑捲款跑路 https://blockcast.it/2021/06/24/69000-bitcoin-has-vanished-from-a-south-african-investment-platform-along-with-operators/ 加密貨幣交易中心Africrypt宣稱遭駭，創辦人與價值21億美元的比特幣皆消失 https://www.ithome.com.tw/news/145215 無法偽造清大發出全國首張區塊鏈加密數位畢業證書 https://udn.com/news/story/6904/5554268?from=udn-catelistnews_ch2 BSC鏈上聚合器 Eleven Finance 遭駭！邏輯漏洞連環「閃電貸攻擊」，共損失 512 萬美元 https://www.blocktempo.com/another-flash-loan-on-eleven-finance-cost-520k/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 烏克蘭警方逮捕6名涉及操作Clop勒索軟體的嫌犯 https://www.ithome.com.tw/news/145133 愈來愈多勒贖團體，自黑市買受害對象初步駭入成果，形成「駭侵産業生態系」 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9295 報導：美企業被勒索軟體勒索可減免稅賦 https://www.ithome.com.tw/news/145130 如何在沒有兩種攻擊完全相同的情況下偵測和防禦 REvil 勒索軟體 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9292 愈來愈多勒贖團體，自黑市買受害對象初步駭入成果，形成「駭侵産業生態系」 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9295 微軟發現大量挖礦惡意軟體，鎖定 Kubernetes 運算叢集進行攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=12&aid=9291 中國駭客開發新Windows後門程式，攻擊東南亞國家政府 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=9297 報導：巴西最大醫療診斷業者Grupo Fleury也遭勒索軟體REvil攻陷 https://www.ithome.com.tw/news/145223 釣魚郵件惡意軟體BazaCall鎖定微軟用戶，會在受害電腦植入勒索軟體 https://www.ithome.com.tw/news/145228 作風奇特的 Vigilante 惡意軟體，會阻止使用者連接盜版軟體網站 https://reurl.cc/1YvEgm Python專案遭挖礦程式滲透 https://www.ithome.com.tw/news/145186 PyPI 程式庫，遭植入挖礦惡意程式碼套件 https://reurl.cc/7r0NOk 麥當勞驚傳駭客攻擊！台灣區歡樂送用戶資料外洩，但稱「沒有」被勒索贖金 https://www.blocktempo.com/mcdonalds-hacked-taiwan-delivery-clients-data-breach-not-asked-for-ransom/ 5 Critical Steps to Recover From a Ransomware Attack https://thehackernews.com/2021/06/5-critical-steps-to-recovering-from.html DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps https://thehackernews.com/2021/06/droidmorph-shows-popular-android.html STOP Ransomware https://otx.alienvault.com/pulse/5e3da439c0bafefb57bfe2df https://cybleinc.com/2021/06/21/djvu-malware-of-stop-ransomware-family-back-with-new-variant/ IcedID attack: From Word to Lateral Movement in 1 Hour https://thedfirreport.com/2021/06/20/from-word-to-lateral-movement-in-1-hour/ Network filter rootkit driver signed by Microsoft https://twitter.com/struppigel/status/1405483373280235520?s=20 TA551 Campaign Q3 2021 https://github.com/pan-unit42/tweets/blob/master/2021-06-21-TA551-IOCs-for-Ursnif.txt Wormable DarkRadiation Ransomware Targets Linux and Docker Instances https://thehackernews.com/2021/06/wormable-darkradiation-ransomware.html Suspected Pakistani Actor Compromises Indian Power Company with New ReverseRat https://blog.lumen.com/suspected-pakistani-actor-compromises-indian-power-company-with-new-reverserat/ https://github.com/blacklotuslabs/IOCs/blob/main/Reverserat_iocs.csv Hancitor IOCs https://pastebin.com/tArswBep Sonatype Catches New PyPI Cryptomining Malware https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection Mirai & Hajime Threat Activity https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai Massive IcedID Campaign Aims For Stealth with Benign Macros https://labs.sentinelone.com/evasive-maneuvers-massive-icedid-campaign-aims-for-stealth-with-benign-macros/ Malicious spam campaigns delivering banking Trojans https://securelist.com/malicious-spam-campaigns-delivering-banking-trojans/102917/ New Archive Format Smuggling Malware https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/another-archive-format-smuggling-malware/ ChaChi: a New GoLang RAT https://blogs.blackberry.com/en/2021/06/pysa-loves-chachi-a-new-golang-rat Wormable DarkRadiation Ransomware Targets Linux and Docker Instances https://thehackernews.com/2021/06/wormable-darkradiation-ransomware.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊安華聯網揭露臺灣App常見3大風險，不安全的資料儲存與傳輸，是開發人員最容易疏忽的問題 https://www.ithome.com.tw/news/145196 電話手錶變手榴彈！自燃炸傷陸4歲女童 https://reurl.cc/eELWdx 安卓用戶快檢查！8款假APP竊個資　還會「後台偷你的錢」 https://www.ettoday.net/news/20210623/2014252.htm Discord和telegram這2款軟體的資安合格嗎 https://www.ptt.cc/bbs/EZsoft/M.1624256538.A.95B.html 谷歌偷偷在安卓手機裝疫情追蹤程序？用戶投訴 https://m.soundofhope.org/post/518459?lang=b5 詭異Bug！WiFi連到這串「神秘熱點」手機會壞掉 https://www.setn.com/News.aspx?NewsID=956221 小心陌生簡訊！駭客遠端監控竊取個資iPhone也淪陷 https://reurl.cc/GmjvmG 2G網路GPRS資料所使用的GEA-1加密演算法被刻意削弱了 https://www.ithome.com.tw/news/145107 Beware! Connecting to This Wireless Network Can Break Your iPhone's Wi-Fi Feature https://thehackernews.com/2021/06/beware-connecting-to-this-wireless.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件「最有格調」的駭客？當他想合法運用網路犯罪知識，卻發現：再也回不去了 https://crossing.cw.com.tw/article/14955 微軟在臺剖析Kubernetes資安風險，近年K8s攻擊技術手法有3大面向值得關注 https://www.ithome.com.tw/news/145099 是誰發動夜神模擬器供應鏈攻擊？ESET揭露幕後的駭客組織身分 https://www.ithome.com.tw/news/145138 地方父母最想搞懂之兒童與青少年網路安全 https://www.chtsecurity.com/news/2344ef82-efc6-4a78-a5e6-464414e652f1 中華資安：網購成駭客溫床攔阻量爆增3倍 https://ctee.com.tw/news/tech/477049.html 【社群雜學力：臺灣駭客協會首任秘書長李尚韋】從資安社群練出的溝通力，成勝任專案管理職務關鍵助力 https://www.ithome.com.tw/news/145014 【社群雜學力：學生計算機年會共同發起人黃一晉】從社群培養駭客精神與斜槓能力，職場協作也能派上用場 https://www.ithome.com.tw/news/145013 臺灣資安人才超搶手，政府民間紛紛出招培育人才 https://times.hinet.net/topic/23384817 一個灣區供水系統一月遭駭客闖入 https://reurl.cc/GmjYEx 才公開「雙艦島」航母模型南韓造艦商遭駭客入侵攻擊 https://newtalk.tw/news/view/2021-06-21/592383 歐盟計劃加強國際網絡安全合作，應對勒索軟體攻擊激增 https://reurl.cc/9rvq48 駭客勒贖猖獗美國FBI籲不付贖金或能有解 https://www.rti.org.tw/news/view/id/2103573 美國總統拜登簽署行政命令，中國軟體將面臨傳喚協商甚至禁用 https://m.eprice.com.tw/tech/talk/1141/5649739/1/ 美國政府報告洩出：黑客試圖污染舊金山飲用水 https://www.ntdtv.com/b5/2021/06/22/a103148739.html 美司法部長:將繼續打擊中共駭客和間諜活動;中共玩雙標籲查加拿大人權加總理怒懟;香港蘋果日報確認6月24日停運 https://sohcradio.com/70120.html 避免被駭，美軍將測試從太空用雷射傳送資料給無人機 https://technews.tw/2021/06/25/us-sda-testing-laser-communication-techs-from-satellites-to-drones/ 黑客勒索科洛尼爾，加密貨幣成為最大“幫兇” https://finance.sina.com.cn/tech/2021-05-24/doc-ikmyaawc7082203.shtml 南韓核子研究室被北韓駭客從VPN漏洞駭入 https://www.ithome.com.tw/news/145132 南韓原子能研究院遭駭驚傳部分IP位址來自北韓駭客組織 https://news.ltn.com.tw/news/world/breakingnews/3574300 因應外國網攻日警察廳設「網路局」 https://reurl.cc/9rva2j 日本警察廳擬新設網路局與大隊專辦網攻案件 https://www.cna.com.tw/news/aopl/202106240157.aspx 曾被俄癱瘓網路愛沙尼亞今變資安強權德也來取經 https://vip.udn.com/vip/story/121937/5555359?from=udn-category 美日韓對朝代表會談盼平壤重回談判桌 https://news.tvbs.com.tw/world/1532338 The Lazarus heist: How North Korea almost pulled off a billion-dollar hack https://www.bbc.com/news/stories-57520169 North Korea Exploited VPN Flaw to Hack South's Nuclear Research Institute https://thehackernews.com/2021/06/north-korea-exploited-vpn-flaw-to-hack.html Cyber espionage by Chinese hackers in neighbouring nations is on the rise https://thehackernews.com/2021/06/cyber-espionage-by-chinese-hackers-in.html Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices https://content.fireeye.com/nl-gc-june-21/website-updates-on-chinese-apt-compromising-pulse-secure-vpn-devices Russia bans VyprVPN, Opera VPN services for not complying with blacklist request https://thehackernews.com/2021/06/russia-bans-vyprvpn-opera-vpn-services.html Molerats Hackers Return With New Attacks Targeting Middle Eastern Governments https://thehackernews.com/2021/06/molerats-hackers-return-with-new.html Hackers are trying to attack big companies. Small suppliers are the weakest link https://www.zdnet.com/article/hackers-are-trying-to-attack-big-companies-small-suppliers-are-the-weakest-link/ Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises https://content.fireeye.com/nl-gc-june-21/website-increasing-frequency-of-low-sophistication-operational-technology-compromises Google Releases New Framework to Prevent Software Supply Chain Attacks https://thehackernews.com/2021/06/google-releases-new-framework-to.html 防毒軟體McAfee創辦人獄中身亡數小時前遭判引渡回美 https://udn.com/news/story/6811/5554130 發明防毒軟體還參選過美國總統，John McAfee 西班牙獄中上吊身亡 https://technews.tw/2021/06/24/john-mcafee-found-dead-in-spanish-prison/ Antivirus Pioneer John McAfee Found Dead in Spanish Jail https://thehackernews.com/2021/06/antivirus-pioneer-john-mcafee-found.html 請益資安PM在做什麼 https://www.dcard.tw/f/job/p/236321955 產品處-資安工程師 https://www.104.com.tw/job/7b4ay E6 資訊安全暨系統維護主管 Information Security & System Maintenance Manager https://www.104.com.tw/job/7az71 【知名電信】資安技術專案助理工程師 https://job.taiwanjobs.gov.tw/internet/jobwanted/JobDetail.aspx?R2=6&EMPLOYER_ID=59625&HIRE_ID=10490419 DEVCORE 徵求紅隊演練工程師 https://devco.re/blog/2021/06/22/devcore-202106-recruit/ 資訊部網路資安專員 - J1987 https://www.careerjet.tw/jobad/twb235f7b6f5762578518a4ae0608790aa D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞奧義智慧揭露運用威脅情資的新作法，找出逾3成的金融詐騙威脅 https://www.ithome.com.tw/news/144968 網路釣魚攻擊新伎倆！假冒Google 文件分享網址騙帳密 https://3c.ltn.com.tw/news/44887 淘寶網被網絡爬蟲抓取數據　逾 11 億筆用戶數據被洩漏 https://unwire.pro/2021/06/19/alibaba-6/security/ Data leak marketplace pressures victims by emailing competitors https://www.bleepingcomputer.com/news/security/data-leak-marketplace-pressures-victims-by-emailing-competitors/ 2021暗網價格指數：Gmail賬戶售價比信用卡數據更貴 https://finance.sina.com.cn/tech/2021-05-28/doc-ikmyaawc8043983.shtml 俄國網站宣稱，西方疫苗帶來高致死率...無法可管，美俄資訊戰恐變「地下報復」 https://reurl.cc/0jveEx 美國封閉數十個與伊朗有關新聞網站指控散播不實信息 https://reurl.cc/Gmjvmy 大量舊PS3主機序號遭駭客洩露，機主可能面臨莫名帳號被被封禁風險 https://www.techbang.com/posts/87821-a-large-number-of-old-ps3-host-serial-numbers-have-been-hacked 網傳語音檔稱「衛福部疾管署用語音電話追蹤國人健康，進行健康登記，諮詢詳情請按0」 https://tfc-taiwan.org.tw/articles/5851 直播主群組散播雙北封城假消息遭函送偵辦 https://news.pts.org.tw/article/531965 網傳高端徵人試驗假消息調查局循線抓人 https://reurl.cc/R0qoOg 散布陸軍化學兵用劇毒藥假訊息調查局溯源逮13人送辦 https://udn.com/news/story/7320/5553146?from=udn-ch1_breaknews-1-cate2-news 「嘉年華郵輪」集團遭駭員工顧客個資外洩 https://www.worldjournal.com/wj/story/121469/5544546 「謠言捕手」防堵超過三百則謠言查核網頁供民眾免費查 https://reurl.cc/xGa8xb Google App爆資安漏洞！用戶隱私數據面臨風險 https://today.line.me/tw/v2/article/Kp37v0 間諜策略、非法調查⋯⋯法國IKEA監看員工帳戶、犯罪紀錄，判賠逾3,300萬 https://www.bnext.com.tw/article/63447/france-ikea 「我的男友是基努李維」　台女將帳戶借給網路情郎下場出爐 https://tw.appledaily.com/local/20210619/NV4FT7OLR5HNHLVOI7JYFWQYO4/ E.研究報告/工具資訊技術安全評估共同準則 (CC, ISO/IEC 15408, GB/T 18336) 產品檢測與認證服務 https://www.tksg.global/mod/page/view.php?id=43792 DNS 安全協調技術研究小組（DSFI-TSG）期中更新 https://blog.twnic.tw/2021/06/21/18926/ 接收並響應第三方安全通報的六個技巧 https://www.fx361.com/page/2021/0527/8384989.shtml 關於資安駭客的五個謊言 https://opinion.cw.com.tw/blog/profile/390/article/11051 伺服器被攻擊後有哪些應對措施 https://friask.com/tech/153439.html 美國國土安全部網路安全暨基礎安全局（CISA）分享遠距工作指南 https://www.chc.edu.tw/posts/119 NCSC改版「網路安全10步驟」指南 https://blog.twnic.tw/2021/06/23/18934/ 財經起床號｜丁學文談「經濟學人：寬頻網路中的惡棍資安威脅衝擊經濟損失」 https://player.fm/series/jiu-ba-xin-wen-tai/cai-jing-qi-chuang-hao-ding-xue-wen-tan-jing-ji-PiPgKED4r89BCWTk 【前輩現身講：數聯資安資安鑑識暨服務發展部資深技術顧問周哲賢】親身分享第一線IR經驗，靠4大實戰法則找駭客入侵源頭 https://www.ithome.com.tw/news/145002 【前輩現身講：安永會計師事務所諮詢服務執行副總曾韵】6大職涯轉捩點如何抉擇，資安顧問心路歷程大公開 https://www.ithome.com.tw/news/144845 【前輩現身講：Panasonic IoT威脅情資研究員賴婕芳】家電大廠如何做資安？IoT資安研究員第一手經驗 https://www.ithome.com.tw/news/144857 【前輩現身講：戴夫寇爾紅隊隊長許復凱】想要將駭客攻擊當成工作，資安新鮮人距離紅隊還有多遠 https://www.ithome.com.tw/news/144680 【前輩現身講】【跨界資安人才】跨國跨產業資安職涯動力曲線大分享，先輩給資安新血的2大職涯發展心法 https://www.ithome.com.tw/news/144617 《個資風暴：劍橋分析事件》專家開講:資訊戰攻擊多元化，民眾識別難上加難 https://www.inside.com.tw/feature/documentary-and-digital-world/24002-the-great-hack-expert-insight 疫情嚴峻，資安威脅未曾止歇！五大郵件攻擊手法解析 https://www.openfind.com.tw/taiwan/markettrend_detail.php?news_id=24696 【分享】一招教你快速開發GUI桌面軟體（全平臺） https://forum.amebaiot.com/t/gui/618?u=xidameng WordPress 如何關閉 XML-RPC 服務，避免資安攻擊風險 https://blog.hungwin.com.tw/wordpress-disable-xmlrpc/ 資安稽核員的精神— 如何成為值得信賴的稽核員 https://medium.com/blacksecurity/goodauditor-134c07fdf0d0 神人工程師不只用 C 語言建 SQLite 資料庫，現在還用一個檔案寫出網路伺服器 https://buzzorange.com/techorange/2021/06/18/sqlite_engineer_richard_hipp/ CTF系列 1 密碼題解密網站總結(必收藏乾貨) https://ppfocus.com/0/eda641c41.html Crypto CTF 工具 https://gist.github.com/youwei0505/c51d96bc0472bb0c10a214818a72e67a Cyber Defenders Malware Traffic Analysis 2 Walkhthrough https://infosecwriteups.com/cyber-defenders-malware-traffic-analysis-2-walkhthrough-9dee33e3d5e7 Pwning Home Router - Linksys WRT54G https://elongl.github.io/exploitation/2021/05/30/pwning-home-router.html PCI Penetration Testing – What Should You Know? A Detailed Guide https://cybersecuritynews.com/pci-penetration-testing/ Libinjection : SQL / SQLI Tokenizer Parser Analyzer https://kalilinuxtutorials.com/libinjection/ SN1PER – A Detailed Explanation of Most Advanced Automated Information Gathering & Penetration Testing Tool https://gbhackers.com/sn1per-a-detailed-explanation-of-most-advanced-automated-information-gathering-penetration-testing-tool/ JNLP Injection to Muli-OS Code Execution - Paper https://www.exploit-db.com/docs/50060 F.商業 Trend Micro Vision One 快速攔截威脅、簡化營運並降低成本 http://www.pcdiy.com.tw/detail/20569 奧義智慧強化資安防勒索病毒 https://readers.ctee.com.tw/cm/20210624/a77asb3/1131766/share Winbond AI TechDay線上研討會力助產業掌握AI發展 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&cat=10&id=0000613227_BXA13KBS3OS6Z161KPJWZ 基於OpenShift與多種防護軟體，IBM推出資安預先整合套件 https://www.ithome.com.tw/review/145129 微軟新一代Windows 11來了，不只介面全新改版還能支援Android App https://www.ithome.com.tw/news/145242 Windows 11今晚線上開箱！4大重點搶先看 https://finance.ettoday.net/news/2014402 HKT、微軟推 Azure Sentinel 托管服務 https://reurl.cc/AkjYGj Google 宣布強制更新企業 Google Workspace 雲端硬碟資安權限 https://www.inside.com.tw/article/23973-google-drive-update-might-break-all-your-links 中華資安推出國際高階資安攻防訓練認證，助企業強化資安能量 https://ctee.com.tw/industrynews/technology/479094.html 中華資安推出國際高階資安攻防訓練認證，助企業強化資安能量 https://ctee.com.tw/industrynews/technology/479094.html Check Point Software 推出自動化雲端工作負載防護 http://n.yam.com/Article/20210624174211 強化Secure Flash效能華邦電子不讓AI成為資安破口 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=13&id=0000612531_dp56udw32pzmiy2x00mnw 擁抱Edge AI新時代　運算/儲存更貼近資料所在 https://www.eettaiwan.com/20210624nt41-edge-ai-moving-computing-storage-closer-to-data/ 懶理中美之爭！微軟擬在內地大肆擴張　壯大亞洲雲端服務業務 https://hk.on.cc/hk/bkn/cnt/finance/20210618/bkn-20210618164247987-0618_00842_001.html 密碼強制定期更換美意變質　繁瑣難記反造成懶人設定 KeePass密碼管理神器　只記一組確保帳密安全 https://www.netadmin.com.tw/netadmin/zh-tw/technology/B8943038A4E94BC2BB1FC06CE53BDDD3 提供更多運算資源、強化氣冷與液冷，Dell發表第15代伺服器 https://www.ithome.com.tw/review/145111 Google推動軟體供應鏈安全框架SLSA https://www.ithome.com.tw/news/145101 G.政府手機安裝MDM軟體管制部分功能防洩密 https://reurl.cc/R0qmK6 資通安全防線就是台灣的生命線！嚴管中國科技通訊美國能我們更該能 https://www.rti.org.tw/news/view/id/2103622 民眾黨團籲：實聯制應明確公告禁用偵查　保障個資安全 https://tw.appledaily.com/politics/20210625/K252C7AQQVBKXEENTA35R2W3H4/ 研析ICT產業供應鏈國際資安發展趨勢資策會科法所助我國產品競逐全球市場 https://times.hinet.net/topic/23376355 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識相關資安 Low Sophistication Threat Actors Continue to Target OT https://www.fireeye.com/blog/executive-perspective/2021/06/low-sophistication-threat-actors-continue-to-target-ot.html 微軟攜手英業達啟動5G智慧工廠策略合作 https://www.techbang.com/posts/87738-microsoft-signs-mou-with-inventec-launch-inventec-5g-smart Arm 公布作為下一代指令集 Armv9 安全功能之機密運算架構初步規格 https://www.cool3c.com/article/162526 Arm 公布機密運算架構，智慧應用資安防護更上層樓 https://technews.tw/2021/06/24/arm-cca/ [U-EV]建立開放式EV電動車生態系統、超過1,680家會員，MIH Consortium電動車聯盟正式成立 https://news.u-car.com.tw/news/article/66624 釐清物聯網資安規範安華聯網協助客戶與國際接軌 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000612983_2ZE8RYVB9CGTFI2P9SF4O 「物聯軟體業龍頭」物聯智慧破除資安疑慮更上層樓 https://money.udn.com/money/story/5635/5546292 Dlink DSL2750U - 'Reboot' Command Injection https://www.exploit-db.com/exploits/50034 TP-Link TL-WR841N - Command Injection https://www.exploit-db.com/exploits/50058 I.教育訓練生活資安五四三！：從生活周遭看風險與資訊安全（iT邦幫忙鐵人賽系列書） https://books.rakuten.co.jp/rk/88be4aaecf503c259a96f5a94acdc923/ 深度計劃｜深度學習駭客的Linux基礎知識第二部分 https://uizha.com/tech/202070.html EP52 - 非科技公司的資安應對與難處 https://open.firstory.me/story/ckq5o0rvlwcx00846ofgq50ih EP50 - 從遊戲外掛到逆向工程大師 | 資安研究員馬聖豪 https://infosecdecompress.com/posts/ep50_interview_with_aaaddress1 成大率先發出全國第一張通過教育部驗證數位學位證書 https://udn.com/news/story/6885/5549838 6.近期資安活動及研討會國家高速網路與計算中心教育訓練【資安進階課程】實體滲透與手法研究 6/29 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3950&from_course_list_url=homepage 「金資遇夜之安安你好」∞ Lab ╳ HITCON GIRLS 聯名社群小聚 6/29 https://theinfinitylab.kktix.cc/events/labxhitcongirls0629 NYC FinOps June Meetup: Building a FinOps Practice at Datadog Dann B. 6/29 https://www.meetup.com/New-York-City-Cloud-FinOps/events/277606730 New York Augmented Reality 6/28 https://www.meetup.com/new-york-augmented-reality/events/278571030 Cyber Security Global Summit 21 6/29 ~ 6/30 https://cs.geekle.us/?utm_content=INFO_SEC_TIER2 Distributed Systems: Expressing Code & Concurrency & Async Processing w/CI/CD 6/30 https://www.meetup.com/golanguagenewyork/events/278183946 Brooklyn Javascripters Meetup 7/6 https://www.meetup.com/brooklyn-javascripters/events/277409602 Taipei Creative Coders Meetup #10 7/7 https://www.meetup.com/tpecreativecoders/events/278994915 Intro to Coding (HTML, CSS, JavaScript & React) 7/8 https://www.meetup.com/paperspace/events/278167616 TensorFlow Everywhere | From 0 to 1 7/10 https://www.meetup.com/TensorFlow-User-Group-Taipei/events/277170902 元智資工夏令營-由programming邁入AI大數據與資安世界 7/15 ~ 7/17 https://cse-yzu.kktix.cc/events/yzcsapcs5 國立臺灣科技大學執行教育部「先進資通安全實務人才培育計畫」，將於110年7月26日至8月1日舉辦「110年新型態資安暑期課程(AIS3 2021) http://cc.ncku.edu.tw/p/406-1002-220949,r804.php?Lang=zh-tw 學生計算機年會 SITCON 2021 9/4 https://sitcon.org/2021/ Golang Taipei Gathering #58 9/28 https://www.meetup.com/golang-taipei-meetup/events/277604159/ Cyber Defense Summit 2021 Oct. 4-7, 2021 https://summit.fireeye.com/ HITCON 2021 台灣駭客年會 11/26 ~ 11/27 https://kktix.com/events/hitcon-2021/