資安事件新聞週報 2022/7/4 ~ 2022/7/8

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/7/4 ~ 2022/7/8 1.重大弱點漏洞/後門/Exploit/Zero Day OpenSSL發布3.0.5版，修補嚴重程度可能比擬Heartbleed的漏洞 https://www.openssl.org/news/secadv/20220705.txt OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks https://thehackernews.com/2022/07/openssl-releases-patch-for-high.html Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html Google 修復 Chrome 中一個已遭用於攻擊的 0-day 漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9954 Solving the indirect vulnerability enigma - fixing indirect vulnerabilities without breaking your dependency tree https://thehackernews.com/2022/07/solving-indirect-vulnerability-enigma.html Jenkins公布近30個零時差漏洞 https://reurl.cc/1Z6KeD 研究人員發現Zoho的AD稽核管理系統存在重大RCE漏洞 https://www.horizon3.ai/red-team-blog-cve-2022-28219/ GitLab修補重大RCE漏洞CVE-2022-2185 https://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/ MITRE公布2022年最常見和最危險的25個弱點名單 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9945 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安關貿全力投入全民報稅重任圓滿成功 https://times.hinet.net/news/24004821 關貿(6183)網路報稅業務順利結束，手機報稅戶數超越原定百萬目標 https://fnc.ebc.net.tw/fncnews/content/152483 從共享到平台 FinTech資安是關鍵 https://wantrich.chinatimes.com/news/20220707900690-420501 金管會催生純網保新金融形態專家提4點建議 https://reurl.cc/Dyzqr5 3.電子支付/行動支付/pay/資安德國人為何不想用信用卡、行動支付 https://reurl.cc/zZ3qR0 行動支付越來越普及網好奇：各位還有存零錢的習慣嗎 https://reurl.cc/yrdR8E 行動支付交易筆數台灣為全球2倍多 https://www.epochtimes.com/b5/22/7/7/n13775760.htm 金管會：普惠金融有成行動支付筆數年增近六成 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=316bf977-14c7-45ae-968b-8b32ef0d9b31 無現金題材發燒欣技「亮燈」率上櫃行動支付概念股逆勢漲 https://reurl.cc/LmyaOe 一次搞懂各種數位支付概念，別再將「行動支付、電子支付、第三方支付」混為一談 https://www.thenewslens.com/article/167954 嗶一下成日常，台灣電支使用量是全球平均2.3倍！ATM數量也多3倍 https://www.bnext.com.tw/article/70536/financial-inclusion-payment0708 南韓廢除硬幣、瑞典無現金社會！法人：全球加速邁向「Pay 經濟」 https://finance.technews.tw/2022/06/14/cashless/ 聯卡中心分期交易支援行動支付 https://wantrich.chinatimes.com/news/20220622900148-420501 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約資安新台幣數位化/看起來跟我的行動支付差不多，央行CBDC到底是什麼？ https://money.udn.com/money/story/5613/6440907 楊金龍：央行數位貨幣與電子支付是互補關係 https://reurl.cc/VDAYxA 英國陸軍宣傳加密貨幣、NFT？社群遇駭資安危機 https://reurl.cc/d2NQ2D 誠研、台灣銘板聯手切入Web 3.0核心　推FortVax冷錢包個人化 https://www.appledaily.com.tw/property/20220704/78FBCCAF191E6DD12D2C89724B 搶虛擬貨幣資安商機個人化冷錢包問世 https://ec.ltn.com.tw/article/breakingnews/3981044 誠研、台灣銘板打造冷錢包「個人化」　組國家隊搶攻加密商機 https://finance.ettoday.net/news/2286898 FortVax 連線僅 5 秒防駭！誠研攜手台灣銘板推「個人化冷錢包」 https://finance.technews.tw/2022/07/04/fortvax/ 全球TOP7社交交易所BingX Q2綜述行情波動下交易量翻倍 https://www.thehubnews.net/archives/116263 錢包資安篇：初探 https://reurl.cc/3ogKK8 Terra 2.0 — LUNA Airdrop https://medium.com/terra-money/terra-2-0-luna-airdrop-cd08a6d9cfcd STASIS Welcomes A New Player to the Web 3 Stablecoin Arena https://medium.com/stasis-blog/stasis-welcomes-a-new-player-to-the-web-3-stablecoin-arena-a8096f47b843 The impossible is about to occur in crypto https://medium.datadriveninvestor.com/the-impossible-is-about-to-occur-in-crypto-e1f8b6234222 Ripple為CBDC互操作性和金融包容性推出197000美元的駭客馬拉松 https://news.cnyes.com/news/id/4906134 FTX達成有權以最高2.4億美元收購BlockFi的協議 https://reurl.cc/Kb78qe Meta開始讓特定創作者將NFT作品放上Facebook展示、銷售 https://udn.com/news/story/122837/6432228?from=udn-catebreaknews_ch2 Solana | Crema Finance 遭閃電貸損超600萬鎂、TVL 降70%，官方 : 已暫停展開調查 https://www.blocktempo.com/solana-liquidity-protocol-crema-finance-suspected-of-being-hacked/ Crema Finance：駭客將部分被盜資金轉移至一以太坊地址，Etherscan等已標記駭客地址 https://news.cnyes.com/news/id/4906200?exp=a 加密新手如何區塊鏈「安全生存」？Amber Group區塊鏈安全專家科普 https://3822808.com/science/16823.html 駭客透過誘騙Axie Infinity工程師成功攻擊Ronin 系統 https://reurl.cc/q57Gj3 一封「假錄取信pdf」害6億美元遭駭！駭客騙區塊鏈遊戲Axie Infinity工程師得逞 https://www.agoscan.com/post/1751.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 最容易被勒索病毒盯上的四種目標 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9944 Conti 與 LockBit：十大勒索病毒集團的機密情資外洩, 45 % 都是它們做的 https://blog.trendmicro.com.tw/?p=73177 舊版SMB檔案服務再遭鎖定！勒索軟體Checkmate攻擊提供相關服務的威聯通NAS設備 https://www.qnap.com/zh-tw/security-advisory/qsa-22-21 駭客利用Follina漏洞散布惡意軟體Rozena https://www.fortinet.com/blog/threat-research/follina-rozena-leveraging-discord-to-distribute-a-backdoor YamaBot Malware Used by Lazarus https://blogs.jpcert.or.jp/en/2022/07/yamabot.html Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server https://otx.alienvault.com/pulse/62c7f28fe2bd732167bb24dc NoMercy Stealer Adding New Features https://blog.cyble.com/2022/07/07/nomercy-stealer-adding-new-features/ YourCyanide: An Investigation into ‘The Frankenstein’ Ransomware that Sends Malware Laced Love Letters https://otx.alienvault.com/pulse/62c7e2bba76740e81eb86f73 Russian Organizations Increasingly Under Attack By Chinese APTs https://reurl.cc/Erxg61 Emotet infection with Cobalt Strike https://isc.sans.edu/diary/rss/28824 OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/ North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector https://www.cisa.gov/uscert/ncas/alerts/aa22-187a North Korean Maui Ransomware Actively Targeting U.S. Healthcare Organizations https://thehackernews.com/2022/07/north-korean-maui-ransomware-actively.html New macOS covid Malware Masquerades as Apple, Wears Face of APT https://reurl.cc/7DG4K9 Suspected APT-C-23 (two-tailed scorpion) tissue camouflage Threema communication software attack analysis https://mp.weixin.qq.com/s/1uJaPS-nuGNI8lQ1-ZekIA AsyncRAT Being Distributed to Vulnerable MySQL Servers https://asec.ahnlab.com/en/36315/ 駭客組織Lazarus濫用GitHub，遠端控制惡意軟體VSingle https://blogs.jpcert.or.jp/en/2022/07/vsingle.html VSingle malware obtains C2 server information from GitHub https://blogs.jpcert.or.jp/en/2022/07/vsingle.html Bitter APT continues to target Bangladesh https://www.secuinfra.com/en/techtalk/whatever-floats-your-boat-bitter-apt-continues-to-target-bangladesh/ Hive ransomware gets upgrades in Rust https://www.microsoft.com/security/blog/2022/07/05/hive-ransomware-gets-upgrades-in-rust/ Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method https://thehackernews.com/2022/07/hive-ransomware-upgrades-to-rust-for.html Brute Ratel C4 Red Teaming Tool Being Abused by Malicious Actors https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/ New Info-stealer Disguised as Crack Being Distributed https://asec.ahnlab.com/en/35981/ Xloader Returns with New Infection Technique https://blog.cyble.com/2022/07/01/xloader-returns-with-new-infection-technique/ 駭客組織CuteBoi發動軟體供應鏈攻擊，散布逾1,200個惡意NPM套件 https://reurl.cc/ErxVvn Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms https://thehackernews.com/2022/07/researchers-uncover-malicious-npm.html Over 1,200 NPM Packages Found Involved in "CuteBoi" Cryptomining Campaign https://thehackernews.com/2022/07/over-1200-npm-packages-found-involved.html Researchers Warn of New OrBit Linux Malware That Hijacks Execution Flow https://thehackernews.com/2022/07/researchers-warn-of-new-orbit-linux.html As New Clues Emerges, Experts Wonder: Is REvil Back https://thehackernews.com/2022/07/as-new-clues-emerges-experts-wonder-is.html Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web https://thehackernews.com/2022/07/researchers-share-techniques-to-uncover.html Microsoft Warns About Evolving Capabilities of Toll Fraud Android Malware Apps https://thehackernews.com/2022/07/microsoft-warns-about-evolving.html New 'SessionManager' Backdoor Targeting Microsoft IIS Servers in the Wild https://thehackernews.com/2022/07/new-sessionmanager-backdoor-targeting.html 勒索軟體Eternity加密各式文件檔案，並利用WMI刪除系統備份 https://reurl.cc/YvgY8a B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware https://thehackernews.com/2022/07/apples-new-lockdown-mode-protects.html 騙錢軟體可能會停用安卓手機的Wi-Fi網路，暗中訂閱服務 https://reurl.cc/3ogKxj 4款安卓App被點名是詐騙！偷錢軟體逾10萬人受害 https://newtalk.tw/news/view/2022-07-07/782023 超過10萬人下載！安卓4款惡意App　偷偷騙走用戶的錢 https://www.ettoday.net/news/20220707/2289134.htm 監管機構聲稱加拿大最喜愛的連鎖餐廳App正在收集用戶的資訊 https://blog.twnic.tw/2022/07/05/23426/ 5G專頻卡在「資安」未達共識業界：NCC拚Q4釋出 https://www.sinotrade.com.tw/richclub/news/62c55d263925f14177e57d32 還敢用微信聊天？澳洲69萬用戶數據直送中國曝風險 https://opinion.udn.com/opinion/story/120611/6442497 iOS 16最新測試版本更新　健康功能再升級 https://www.ettoday.net/news/20220708/2289627.htm C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 2022年臺灣資安產業現況與發展契機 https://job.taiwanjobs.gov.tw/internet/index/DocDetail.aspx?uk=2740&docid=39039 臺灣46家新創參加SelectUSA Tech競賽打響市場知名，1資安與2醫療新創嶄露頭角 https://www.ithome.com.tw/news/151818 上市櫃須設資安長！3大資安廠點出企業防護秘訣 https://ec.ltn.com.tw/article/breakingnews/3981160 安永：企業誠信受重視利用數據管控風險意願增 https://www.ttv.com.tw/finance/view/0720220414100FD2E77A0BC343B489F919F109C1BAA929D4/587 Google公布駭客租賃服務手法，並封鎖相關網域 https://blog.google/threat-analysis-group/countering-hack-for-hire-groups/ 駭客聲稱攻陷IBM與史丹佛大學 https://reurl.cc/QLrY4Z AMD被駭客竊取大量機密資料，還被嘲笑IT部門簡直是資安界的恥辱 https://www.techbang.com/posts/97648-amd-was-exposed-for-stealing-450gb-of-confidential-data-by 頭像變猴子還發文:「我們要攻擊巴勒斯坦」英陸軍Twitter、YT被盜號 https://times.hinet.net/news/24003557 英媒稱「有中國學生間諜」　中駐英使館：誰是全球頭號竊密大戶 https://www.ettoday.net/news/20220703/2285960.htm 中共掩蓋間諜工作大學生誤入神秘企業 https://www.youtube.com/watch?v=Ms1Iah5jw1U 科企當幌子中共聘員做間諜 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1510597&type=international 好兄弟還給我放間諜? 俄逮捕和中國「合作」科學家叛國罪起訴 https://reurl.cc/1Z6KzG 才傳公民個資外洩李克強主持國常會強調「信息安全」 https://money.udn.com/money/story/5604/6444563 烏最大民營能源公司疑遭俄網攻 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1510472&type=international 以色列防空警報誤發看公眾告警系統安全 https://www.upmedia.mg/news_info.php?Type=2&SerialNo=148024 漏洞懸賞平臺HackerOne員工竊取研究人員通報的漏洞牟利 https://hackerone.com/reports/1622449 HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains https://thehackernews.com/2022/07/hackerone-employee-caught-stealing.html Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection https://thehackernews.com/2022/07/hackers-abusing-brc4-red-team.html Bitter APT Hackers Continue to Target Bangladesh Military Entities https://thehackernews.com/2022/07/bitter-apt-hackers-continue-to-target.html Pro-China Group Uses Dragonbridge Campaign to Target Rare Earth Mining Companies https://thehackernews.com/2022/07/pro-china-group-uses-dragonbridge.html 資安維運工程師 https://www.104.com.tw/job/69q05?jobsource=jolist_b_date Security Security Research Engineer, Cymetrics https://www.yourator.co/companies/OneDegree/jobs/24996 資安系統工程師_台北 https://www.104.com.tw/job/7oomv 資安技術支援顧問(Pre-sales)_台北 https://www.104.com.tw/job/7oqh9 (暑期工讀生)竹科台積電資安門禁安檢員/供宿舍 https://www.518.com.tw/job-y3J7A5.html 【徵才】臺北市立聯合醫院資安人員招募 https://cd.nccu.edu.tw/news/view/63 Sr. MySQL DBA工程師_外派 https://www.104.com.tw/job/7orim 網路資安工程師 (新竹) http://spirit.tku.edu.tw:8088/job/index.php?qs=zd15mJLuq2DMvuvXjMy9qu05sszPzd1TDhLzBKC 資安顧問 https://www.104.com.tw/job/7oqa2 資安主管(內湖) https://www.104.com.tw/job/7n8bo 資訊人才戰升溫！薪資雙冠王元大金祭高福利搶徵才 https://market.ltn.com.tw/article/12748 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Ukrainian Authorities Arrested Phishing Gang That Stole 100 Million UAH https://thehackernews.com/2022/07/ukrainian-authorities-arrested-phishing.html 密碼太簡單「駭客1秒就破解」　資安專家建議這樣設才安全 https://www.ettoday.net/news/20220707/2288815.htm 網路威脅日新月異，但電子郵件仍是首要攻擊途徑 https://technews.tw/2022/07/07/cyber-security/ 美國非營利婚禮司儀培訓機構的AWS S3儲存桶不設防，曝露630 GB婚禮相關資料 https://www.websiteplanet.com/blog/amm-breach-report/ TikTok紅什麼？　公視節目揭資安威脅與成癮危機 https://www.mirrormedia.mg/story/20220707insight001/ TikTok證實中國員工可看美國資料，掛保證個資不會交出去 https://reurl.cc/3ogKo9 TikTok Assures U.S. Lawmakers it's Working to Safeguard User Data From Chinese Staff https://thehackernews.com/2022/07/tiktok-assures-us-lawmakers-its-working.html Windows 台灣臉書官方粉專被盜了？大頭貼和封面照片全消失公司地址被改成越南胡志明 https://agirls.aotter.net/post/60899 FBI最怕駭客密碼竟是愛貓+123 https://reurl.cc/b2QWyr Google Improves Its Password Manager to Boost Security Across All Platforms https://thehackernews.com/2022/07/google-improves-its-password-manager-to.html 假訊息四處流竄！蔡易餘籲「PTT實名制」網炸鍋：限制言論自由 https://reurl.cc/ZAK44M 轉職搞爆前公司！丟失六億美金源自一份PDF，Axie Infinity工程師誤信假徵才惹禍 https://abmedia.io/20220709-axie-infinity-hack-with-fake-job 駭侵者竊取經驗證的 Twitter 帳號，發送詐騙帳號停權訊息 https://www.twcert.org.tw/tw/cp-104-6270-a1ab7-1.html 中國監控出新招！ 160顆衛星直播地球太空「人臉識別」抓罪犯 https://reurl.cc/Rr5YDG 上海公安數據庫疑被黑客入侵　10 億國民數據售 20 萬美元 https://reurl.cc/55jK4q 上海公安數據庫10億個資疑洩當局被疑掩罪惡 https://reurl.cc/7DGKM5 上海資安危機 10億人個資傳遭駭駭客開價596萬 https://udn.com/news/story/7332/6436355?from=udn-catelistnews_ch2 蝦咪！中國10億人個資竟在網路曝露1年多無從究責 https://news.ltn.com.tw/news/world/breakingnews/3985149 反習派出手？上海遭駭 10億人戶籍及幾十億警情洩漏 https://ec.ltn.com.tw/article/breakingnews/3979975 10億中國人被迫「裸奔」？史上最大被駭事件，涉及上海極機密資料；黑市拍賣價竟只20萬 https://www.storm.mg/article/4415310 「黑客兜售上海公安十億人數據庫」掀輿論潮，中國官方保持沉默讓傳聞真假莫辨 https://www.thenewslens.com/article/169412 傳公民個資外洩後李克強主持國常會要求守牢「信息安全」 https://www.worldjournal.com/wj/story/121339/6445637 上海公安數據庫疑大規模洩漏 10億人變「透明人」 https://www.ntdtv.com/b5/2022/07/03/a103470682.html 驚傳上海公安數據庫遭駭 10億人個資及10億警情外洩 https://www.secretchina.com/news/b5/2022/07/04/1010799.html 10億人個資外洩？傳上海公安數據庫被駭當局至今惦惦耐人尋味 https://udn.com/news/story/7332/6446863?from=udn-ch1_breaknews-1-0-news 保資料庫案宣判在即，終結強迫全民個資利用 https://www.coolloud.org.tw/node/96949 網傳連結「防疫註冊補助，申請領取」 https://tfc-taiwan.org.tw/articles/7794 E.研究報告/工具明日我們一起追的資安，淺談未來資安 https://open.firstory.me/story/cl59awq8206by01t367jn9kt3 10 Websites To Learn Anything For Free https://medium.com/@kesarwanipiyush2207/10-websites-to-learn-anything-for-free-348fa67609e4 Top 8 Best Open Source Development Tools https://medium.com/@codesparrow_96165/top-8-best-open-source-development-tools-33714b53b059 1 Thing Every JavaScript Developer Should Know in 2022 https://javascript.plainenglish.io/1-thing-every-javascript-developer-should-know-in-2022-218fa6c2abc3 Flutter| Using Super Constructor in Custom Widget Design(New feature of Flutter 3.0) https://medium.com/huawei-developers/flutter-using-super-constructor-in-custom-widget-design-new-feature-of-flutter-3-0-131ec52650c8 Cybersecurity: How to stop using “password” as your password. https://medium.com/@ibukunoluwamorountonu/cybersecurity-how-to-stop-using-password-as-your-password-b174b67020e9 How to write Flutter code efficiently https://medium.com/gytworkz/how-to-write-flutter-code-efficiently-ba018335d052 The most important Linux commands that nobody teaches you. https://medium.com/@joelbelton/the-most-important-linux-commands-that-nobody-teaches-you-ce423ef2ae28 Building a Threat Intelligence Feed using the Twitter API and a bit of code https://grimminck.medium.com/building-a-threat-intelligence-feed-using-the-twitter-api-and-a-bit-of-code-5787808e32ef How to access the Dark Web https://medium.com/@StarDust770/how-to-access-the-dark-web-straightforward-guide-37415cc5b299 Goodbye Excel. Hello Spreadsheets in Python! https://medium.com/geekculture/goodbye-excel-hello-spreadsheets-in-python-df41408dafd4 Multi-tenancy Architecture with shared schema using Django https://medium.com/@opeoluborode_9605/multi-tenancy-architecture-with-shared-schema-using-django-17559b35820 Python 3.11: Unpacking Five New Features. https://medium.com/codex/python-3-11-unpacking-five-new-features-ca05925f5495 The Latest Angular 14 Features Will Change the Way You Code! https://medium.com/@Luna-Rojas/the-latest-angular-14-features-will-change-the-way-you-code-460aa21d68c7 5 Hacking Gadgets everyone should be aware of in 2022. https://medium.com/@sudra_shyam/5-hacking-gadgets-everyone-should-be-aware-of-in-2022-96ba461b1d8c The Age of Collaborative Security: What Tens of Thousands of Machines Witness https://thehackernews.com/2022/07/the-age-of-collaborative-security-what.html Some Worms Use Their Powers for Good https://thehackernews.com/2022/07/some-worms-use-their-powers-for-good.html 遊戲開發者Cliffski抱怨現在程式碼誇張膨脹「可能有99%的內容都是垃圾」 https://www.techbang.com/posts/97483-game-developer-cliffski-is-overwhelmed-by-code-bloat-that F.商業 The End of False Positives for Web and API Security Scanning https://thehackernews.com/2022/07/the-end-of-false-positives-for-web-and.html 駭客思維助攻台灣資安！ DEVCORE 首度與微軟共同探討 CISO 資安投資策略 https://reurl.cc/anOea4 可偵測並封鎖上傳至網路應用程式和API的惡意檔案 Akamai 全新惡意軟體防護功能 Malware Protection https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/FDB5EE91B95A4C609A853DDFDFAF5EB0 資安弱點管理領導品牌Tenable 成功收購對外部攻擊面管理領導品牌Bit Discovery https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=140&id=0000638937_ST6L5M5X2UWBLK81F0JPR CLAROTY 獲美國國土安全部《安全法案》認證之 OT 工業網路安全供應商 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9940 HPE GreenLake發表多項雲端新服務，深化安全性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9939 衡崴科技正式代理TeamT5 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9936 G.政府產創條例抵減辦法納入資安財、經2部會公告上路 https://money.udn.com/money/story/5613/6436110 執政黨控制網路的最後一哩路 https://www.chinatimes.com/amp/opinion/20220702003342-262103 資安卓越中心公布建置成果 https://ccoe.narlabs.org.tw/activity/37 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安智慧車相機被中國嚴管！「影像脫敏」新禁令疑似導致 NISSAN 等多家車廠取消遠端監控功能 https://www.kocpc.com.tw/archives/448280 工業4.0資安最佳實踐：零信任＋自動化 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9941 IoT 安全已成大多數企業首要任務，微軟 Edge 安全核心計畫擴大支援 IoT 裝置 https://technews.tw/2022/07/08/microsoft-extends-secured-core-program-to-iot-devices/ Fortinet：安全與網路應雙管齊下、OT與IT融合需分段進行 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9942 I.教育訓練 CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 6.近期資安活動及研討會關鍵基礎設施實作課程(含攻防演練實作) 2022/7/11 https://www.acw.org.tw/News/Detail.aspx?id=3229 工控資安環境認知課程 2022/7/12 https://www.acw.org.tw/News/Detail.aspx?id=3228 JMUG - Jamf 資安召集令 (IDC 2022 No1.) 2022/7/14 https://jamf.kktix.cc/events/jmug2022july 中華電信學院委外廠商安全程式碼撰寫基礎測驗班 111年度第3梯次 2022/7/15 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=486 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=487 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=488 中華電信學院創客智慧應用研習營-自走車動手玩一天班 2022/7/19 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=510 中華電信學院 5G企業專網技術與應用實務班 2022/7/19 ~ 2022/7/20 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=504 中華電信學院創客智慧應用研習營-3D列印與雷射雕刻初體驗一天班 2022/7/20 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=511 【Asus Cloud 線上技術練工坊】7月場：工控資安健診打造OT防護罩 2022/7/21 https://www.asuscloud.com/20220706/14099/ 中華電信學院 Python人工智慧科學營四天班 2022/7/19 ~ 2022/7/22 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=507 風險導向資安稽核 2022/7/20 https://www.cisanet.org.tw/Course/Detail/2756 沙崙資安基地7月份線上免費資安課程多的是你不知道的事(Part II) 2022/7/21（四）13:30-16:30 https://bit.ly/3HIQdZQ 中華電信學院數位金融團隊共識營(線上) 二天班 2022/7/21 ~ 2022/7/22 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=508 台灣駭客年會 HITCON Summer Training 2022 2022/7/24 ~ 2022/7/26 https://hitcon.kktix.cc/events/hitcon-summer-training-2022-paid https://hitcon.kktix.cc/events/hitcon-summer-training-2022 關鍵基礎設施實作課程(含攻防演練實作) 2022/7/25 https://www.acw.org.tw/News/Detail.aspx?id=3229 中華電信學院 5G智慧生活與無人機操控及應用三天班 2022/7/25 ~ 2022/7/27 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=506 中華電信學院智慧科技新生活夏令營四天班 2022/7/26 ~ 2022/7/29 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=512 資產不洩密電商資安論壇 2022/7/27 https://www.ptt.cc/bbs/toberich/M.1657177501.A.2BB.html 中華電信學院資安實作挑戰營二天班 2022/7/27 ~ 2022/7/28 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=509 物聯網資安立法搶攻歐美供應鏈市場線上研討會 2022/7/27 (三) 14:00 ~ 15:30 https://www.onwardsecurity.com/news/item/147 關鍵基礎設施實作課程(含攻防演練實作) 2022/8/1 https://www.acw.org.tw/News/Detail.aspx?id=3229 資安管理(ISO27001)與資安保險(ISO27102)之整合應用與發展趨勢 8/4 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X20262 HITCON PEACE 2022 台灣駭客年會 2022/8/19 ~ 2022/8/20 https://hitcon.kktix.cc/events/hitcon-peace-2022 2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22 https://jamf.kktix.cc/events/cybersec2022jamf 關鍵基礎設施實作課程(含攻防演練實作) 2022/9/27 https://www.acw.org.tw/News/Detail.aspx?id=3229 資訊安全與人工智慧實作 2022/10/28 https://www.cisanet.org.tw/Course/Detail/2867 行動應用APP 安全檢測（APK/IPA）2022-11-18 09:00 ~ 2022-11-18 12:00 https://www.cisanet.org.tw/Course/Detail/2865