資安事件新聞週報 2022/7/25 ~ 2022/7/29

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/7/25 ~ 2022/7/29 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco 近日發布更新以解決Cisco Nexus Dashboard的安全性弱點 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mhcvuln-vpsBPJ9y Zyxel修補防火牆資料夾穿越漏洞 https://portswigger.net/daily-swig/zyxel-firewall-vulnerabilities-left-business-networks-open-to-abuse Latest Critical Atlassian Confluence Vulnerability Under Active Exploitation https://thehackernews.com/2022/07/latest-critical-atlassian-confluence.html Security bulletin: Security Bulletin: OpenSSL as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2022-0778) https://reurl.cc/7po7VD Security bulletin: Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities https://reurl.cc/ERz4Q0 Security bulletin: Security Bulletin: IBM QRadar SIEM is vulnerable to local privilege escalation (CVE-2021-39088) https://reurl.cc/LMd4Qy Security bulletin: Security Bulletin: Apache Commons Email as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2017-9801, CVE-2018-1294) https://reurl.cc/Qb3e29 Dell 近日發布更新以解決 BSAFE 多版本的安全性弱點 https://nvd.nist.gov/vuln/detail/CVE-2020-35169 Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits https://thehackernews.com/2022/07/microsoft-uncover-austrian-company.html 為防堵嘗試RDP帳密的攻擊行為，微軟計畫將防範暴力破解攻擊的政策提供給所有Windows用戶 https://twitter.com/dwizzzleMSFT/status/1549870156771340288 Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11 https://thehackernews.com/2022/07/microsoft-adds-default-protection.html Microsoft 推出 2022 年 7 月 Patch Tuesday 資安更新包 https://www.tcrc.edu.tw/new/new-list/microsoft-2022-7-patch-tuesday LibreOffice Releases Software Update to Patch 3 New Vulnerabilities https://thehackernews.com/2022/07/libreoffice-releases-software-security.html Taking the Risk-Based Approach to Vulnerability Patching https://thehackernews.com/2022/07/taking-risk-based-approach-to.html Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores https://thehackernews.com/2022/07/hackers-exploit-prestashop-zero-day-to.html SonicWall修補資安治理系統GMS的重大SQL注入漏洞 https://www.bleepingcomputer.com/news/security/sonicwall-patch-critical-sql-injection-bug-immediately/ SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products https://thehackernews.com/2022/07/sonicwall-issues-patch-for-critical-bug.html 網站內容管理系統Drupal的RCE漏洞得到修補 https://www.securityweek.com/code-execution-and-other-vulnerabilities-patched-drupal 圖像化資料分析系統Grafana修補可能會導致管理員帳號遭到接管的漏洞 https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2 Google Chrome 0-day 漏洞遭用於攻擊中東新聞記者 https://www.twcert.org.tw/tw/cp-104-6319-9396f-1.html Node.js存在原型污染漏洞，恐被攻擊者用於RCE攻擊 https://arxiv.org/abs/2207.11171 研究人員指出，漏洞在取得CVE編號的15分鐘後，就可能會有駭客開始嘗試利用 https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/2022-unit42-incident-response-report-final.pdf 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安 Magecart Hacks Food Ordering Systems to Steal Payment Data from Over 300 Restaurants https://thehackernews.com/2022/07/magecart-hacks-online-food-ordering.html 全球人壽兩缺失金管會開罰120萬元 http://www.ksnews.com.tw/index.php/news/contents_page/0001632982 跨境匯款啟示錄─金融創新與監理的平衡 https://www.storm.mg/article/4435447?page=1 金融業近一年重大資安事件全都露保險業掛零表現最優 https://udn.com/news/story/7239/6495984 金管會：近1年半金融業發生3件重大資安事件 https://www.cna.com.tw/news/afe/202207280400.aspx 券商公會新理事長陳俊宏：將落實「三公」職能 https://ec.ltn.com.tw/article/breakingnews/4008386 3.電子支付/行動支付/pay/資安無現金社會來臨七成國人結帳選行動支付 https://news.ustv.com.tw/newsdetail/20220726A012 萊爾富拚擴大會員行動支付支援全銀行為超商唯一 https://reurl.cc/m39MY7 救火隊梅驊如何讓街口支付虧轉盈 https://www.wealth.com.tw/articles/297a8abb-47e8-423b-b317-d98b07053826 Google錢包再次復活！數位身分證、疫苗施打證明可納入，將取代僅能支付的Google Pay https://www.techbang.com/posts/98290-google-wallet-is-back-to-life-digital-id-cards-and-vaccine 台北熊好券2.0要來了，使用電子支付最高回饋500元！7大振興方案一次看，最快上路時間曝光 https://www.storm.mg/lifestyle/4447641 WeChat Pay HK夥仲量聯行及啟勝管理服務　打入物業管理支付服務、涉超過11萬個單位 https://reurl.cc/O4qMRv 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約資安 Hate NFTs? I have some bad news for you https://studioamelia.medium.com/hate-nfts-i-have-some-bad-news-for-you-74e4380b4930 加密貨幣去中心化，金融和價值界線日趨模糊 https://fc.bnext.com.tw/articles/view/2323? 幣安創辦人趙長鵬：資安團隊發現有間主要交易所出現資訊洩露，已通知對方 https://abmedia.io/20220726-cz-security-team-discoverd-a-info-leak-of-other-major-exchange 櫃買攜手TiEA、資誠辦「迎接Web3的實踐與挑戰」研討會 https://reurl.cc/m39rE1 區塊鏈音樂平台 Audius 遭駭，損失達 600 萬美元 https://www.twcert.org.tw/tw/cp-104-6346-9668a-1.html XREX 資安長開源兩套 Web3 資安工具，強化智能合約安全開發 https://www.owlting.com/news/articles/135738 公告遭駭前轉走 3 百萬美元 AXS！Axie 執行長否認內幕交易 https://blockcast.it/2022/07/29/axie-infinity-ceo-moved-3m-in-axs-before-hack-disclosure/ 就快和紙鈔、硬幣說再見? 央行CBDC數位新台幣亮相 https://money.udn.com/money/story/5613/6470071 加密貨幣可以實體消費！CSO代幣銜接旺PAY 全台吃透透 https://reurl.cc/oQdRKD 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 俄羅斯駭客在臺灣等多個國家架設C2伺服器，並用於發動勒索軟體攻擊 https://censys.io/russian-ransomware-c2-network-discovered-in-censys-data/ 烏克蘭軟體開發業者遭到GoMet變種後門程式入侵，駭客意圖對該國政府機關發動軟體供應鏈攻擊 https://reurl.cc/2mgzRE 勒索軟體攻擊鎖定開啟SMB檔案分享服務的QNAP 網路硬碟 https://www.cc.ntu.edu.tw/chinese/cert/cert20220726.asp 駭客利用惡意軟體CloudMensis，從Mac電腦竊取訊息 https://reurl.cc/ERz4q0 駭客以程式語言Rust打造竊密軟體，並免費提供他人使用 https://blog.cyble.com/2022/07/25/luca-stealer-source-code-leaked-on-a-cybercrime-forum/ 惡意軟體QBot利用舊版小算盤側載，確保能在受害電腦上正確執行 https://blog.cyble.com/2022/07/21/qakbot-resurfaces-with-new-playbook/ 北韓駭客使用木馬程式Konni攻擊歐洲國家，但俄羅斯駭客可能也參與其中 https://www.securonix.com/blog/stiffbizon-detection-new-attack-campaign-observed/ 資安業者Entrust遭到勒索軟體攻擊 https://www.bleepingcomputer.com/news/security/digital-security-giant-entrust-breached-by-ransomware-gang/ 專門管理企業臉書帳號的人士遭到竊密軟體Ducktail鎖定 https://www.withsecure.com/en/whats-new/pressroom/withsecure-detects-new-infostealer-malware-ducktail 勒索軟體LockBit攻擊義大利稅務局，竊得78 GB資料 https://securityaffairs.co/wordpress/133640/cyber-crime/lockbit-ransomware-italian-revenue-agency.html 加拿大小鎮遭到勒索軟體LockBit攻擊，外洩 67 GB資料 https://www.theverge.com/2022/7/22/23274372/st-marys-canada-lockbit-ransomware-cyber-incident 惡意軟體Amadey Bot透過下載器散布，在受害電腦進行偵察及竊密 https://asec.ahnlab.com/en/36634/ Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/ Green Stone https://inquest.net/blog/2022/07/27/green-stone Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike https://www.trendmicro.com/en_us/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html 研究人員發現勒索軟體LockBit 3.0與BlackMatter之間的關連 https://www.trendmicro.com/en_us/research/22/g/lockbit-ransomware-group-augments-its-latest-variant--lockbit-3-.html LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool/ Experts Find Similarities Between New LockBit 3.0 and BlackMatter Ransomware https://thehackernews.com/2022/07/experts-find-similarities-between.html Log4Shell Report by CISA (MAR-10386789-1.v1 – Log4Shell) https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-203a Banana Sulfate infrastructure cluster exposed https://reurl.cc/0XO9kY IPFS: The New Hotbed of Phishing https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ipfs-the-new-hotbed-of-phishing/ SEG. ALPHV(BLACKCAT)_RANSOMWARE_IOCs https://otx.alienvault.com/pulse/62b9972cc6485b7ac0671e92 Malware Being Distributed by Disguising Itself as Icon of Ahnlab V3 Lite https://asec.ahnlab.com/en/36629/ Distribution of AppleSeed to specific military base maintenance companies https://asec.ahnlab.com/ko/36918/ RedAlert Ransomware https://otx.alienvault.com/pulse/62df97076d26370f28f1e273 中國駭客使用UEFI惡意軟體CosmicStrand，在受害電腦上執行Shell Code https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/ Experts Uncover New 'CosmicStrand' UEFI Firmware Rootkit Used by Chinese Hackers https://thehackernews.com/2022/07/experts-uncover-new-cosmicstrand-uefi.html IcedID (Bokbot) with Dark VNC and Cobalt Strike https://isc.sans.edu/diary/rss/28884 New Attack Campaign Observed Possibly Linked to Konni/APT37 (North Korea) https://www.securonix.com/blog/stiffbizon-detection-new-attack-campaign-observed/ Cyber attacks of the UAC-0010 group (Armageddon) using the malicious program GammaLoad.PS1_v2 https://cert.gov.ua/article/971405 駭客意圖透過IIS伺服器延伸套件，在Exchange伺服器植入後門 https://www.microsoft.com/security/blog/2022/07/26/malicious-iis-extensions-quietly-open-persistent-backdoors-into-servers/ Malicious IIS extensions quietly open persistent backdoors into servers https://www.microsoft.com/security/blog/2022/07/26/malicious-iis-extensions-quietly-open-persistent-backdoors-into-servers/ Malicious IIS Extensions Gaining Popularity Among Cyber Criminals for Persistent Access https://thehackernews.com/2022/07/malicious-iis-extensions-gaining.html On the FootSteps of Hive Ransomware https://otx.alienvault.com/pulse/62dff35729201774117226f7 Mass distribution of stealers (Formbook, Snake Keylogger) and use of RelicRace/RelicSource malware as a means of delivery https://cert.gov.ua/article/955924 Shortcut-based (LNK) attacks delivering malicious code on the rise https://resecurity.com/blog/article/shortcut-based-lnk-attacks-delivering-malicious-code-on-the-rise New Ducktail Infostealer Malware Targeting Facebook Business and Ad Accounts https://thehackernews.com/2022/07/new-ducktail-infostealer-malware.html SmokeLoader Infecting Targeted Systems with Amadey Info-Stealing Malware https://thehackernews.com/2022/07/smokeloader-infecting-targeted-systems.html Racoon Stealer is Back — How to Protect Your Organization https://thehackernews.com/2022/07/racoon-stealer-is-back-how-to-protect.html Microsoft Resumes Blocking Office VBA Macros by Default After 'Temporary Pause' https://thehackernews.com/2022/07/microsoft-resumes-blocking-office-vba.html Inside Matanbuchus: A Quirky Loader https://www.cyberark.com/resources/threat-research-blog/inside-matanbuchus-a-quirky-loader B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Critical FileWave MDM Flaws Open Organization-Managed Devices to Remote Hackers https://thehackernews.com/2022/07/critical-filewave-mdm-flaws-open.html 行動裝置管理系統FileWave存在漏洞，恐成為駭客入侵組織的管道 https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/ Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France https://thehackernews.com/2022/07/roaming-mantis-financial-hackers.html Google Bringing the Android App Permissions Section Back to the Play Store https://thehackernews.com/2022/07/google-bringing-android-app-permissions.html 用過iPhone真的不會回安卓嗎？10個理由原因告訴你不後悔 https://mrmad.com.tw/used-iphone-cant-go-back-to-android 快刪！Google又揪出50個惡意軟體App恐遭盜刷 https://today.line.me/tw/v2/article/8n3zM9K 快刪！Android爆近30款惡意病毒App、恐收高額帳單　下載量逾千萬 https://www.ettoday.net/news/20220728/2304059.htm 惡質APP掏空你錢包！專家揭名單 https://news.sina.com.tw/article/20220728/42282434.html 安卓用戶要當心！又揪出28款App恐會癱瘓手機 https://reurl.cc/O4qMvA 內地出現具竊聽及 GPS 功能　SPY x Battery 間諜充電池 https://www.pcmarket.com.hk/spy-rechargeable-battery-with-bugging-and-gps-function/ 中國充電器可竊聽定位私生活可被直播 https://www.ntdtv.com.tw/b5/20220728/video/336473.html 容許中間人攻擊 ?《安心出行》再被指存在嚴重安全漏洞 https://www.pcmarket.com.hk/leavehomesafe-again-accused-of-serious-security-breaches/ 資科辦就《安心出行》安全性作出嚴正聲明　堅決反對海外網絡安全公司報告 https://www.pcmarket.com.hk/ogcio-makes-a-solemn-statement-for-leave-home-safe-app-security-report/ VoLTE通話品質開掛！電信3雄免費放送　滿足「這3點」才能使用 https://www.ettoday.net/news/20220728/2303874.htm 打擊中國水貨手機賣家 NCC最重開罰20萬元 https://www.sogi.com.tw/articles/ncc_smartphone/6258305 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 CISA：駭客仍在使用 Log4Shell 破壞網路 https://blog.twnic.tw/2022/07/29/23703/ 資安等於國安台灣資訊安全協會腳步不懈 https://money.udn.com/money/story/10860/6486820 提升台灣資安力！台灣資訊安全協會預計如何推動革新 https://buzzorange.com/techorange/2022/07/26/taiwan-information-security-association/ 資安再嚴也敵不了一把尖嘴鉗！巴黎數千人斷網，竟是因為網路關鍵節點線纜遭人惡意剪斷 https://www.techbang.com/posts/98387-in-april-of-this-year-someone-cut-off-the-cables-at-key-nodes 涉網通太敏感工業電腦大廠新漢捨中國市場 https://reurl.cc/AO8j48 前美國土部長：建立國際夥伴關係應對亞太網路威脅 https://reurl.cc/5pq40q 中英法合資衛星網全球資安威脅恐上升 https://reurl.cc/O4qGy7 研究人員揭露白俄羅斯駭客UNC1511、俄羅斯駭客UNC2589使用惡意軟體攻擊烏克蘭 https://www.cyberscoop.com/cyber-command-malware-ukraine/ Hackers Opting New Attack Methods After Microsoft Blocked Macros by Default https://thehackernews.com/2022/07/hackers-opting-new-attack-methods-after.html 針對緝捕北韓駭客的行動，美國將懸賞獎金增加至1千萬美元 https://twitter.com/RFJ_USA/status/1551915545288663041 U.S. Offers $10 Million Reward for Information on North Korean Hackers https://thehackernews.com/2022/07/us-offers-10-million-reward-for.html 台灣大HIPO計畫百萬年薪延攬資安、電腦科學人才 https://reurl.cc/eO8LYb 資深專案工程師-ACSI https://www.linkedin.com/jobs/view/%E8%B3%87%E6%B7%B1%E5%B0%88%E6%A1%88%E5%B7%A5%E7%A8%8B%E5%B8%AB-acsi-at-%E5%AE%8F%E7%A2%81-3179842815/?originalSubdomain=tw 【資安所研習生】工控資安工程師 https://www.104.com.tw/job/7pjcc 【資安所研習生】資安測試工程師 https://www.104.com.tw/job/7pjvs 財金資訊股份有限公司111年系統操作及資安儲備人員甄試 https://www.vac.gov.tw/cp-1328-129563-108.html 資安系統工程師 https://www.104.com.tw/job/7nhcv?jobsource=jolist_c_relevance 資安監控輪值人員 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=528812&HIRE_ID=11343333 【日商樂天】資安工程師Security Engineer (DEV) https://www.104.com.tw/job/6l6pd?jobsource=jolist_c_relevance 資安工程師 (資安技術服務)- 11009863、11009864 https://www.104.com.tw/job/76nfl?jobsource=jolist_c_relevance 資安工程師-M111 https://www.104.com.tw/job/7glc4?jobsource=jolist_c_relevance 資安工程師 (資安技術服務)- 11009865 https://www.104.com.tw/job/7737z?jobsource=jolist_c_relevance 網路資安工程師--台北 https://www.104.com.tw/job/3ybgp?jobsource=jolist_d_date 資安威脅研究員(Cyber Security Analyst) https://www.yourator.co/companies/CYCRAFT/jobs/25482 資安工程師 (Security Engineer) https://www.yourator.co/companies/CYCRAFT/jobs/25480 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全烏克蘭電臺播放總統將政權移交的不實訊息，起因是遭到網路攻擊 https://www.ithome.com.tw/news/152079 Ukrainian Radio Stations Hacked to Broadcast Fake News About Zelenskyy's Health https://thehackernews.com/2022/07/ukrainian-radio-stations-hacked-to.html 駭客外洩近550萬推特用戶資料，疑與行動裝置App漏洞有關 https://restoreprivacy.com/twitter-vulnerability-exposes-5-million-accounts/ 針對去年遭網路攻擊的資料外洩事件，T-Mobile決定支付3.5億美元進行和解 https://fortune.com/2022/07/24/t-mobile-to-pay-350m-to-customers-due-to-data-breach/ 臺灣虎航公告遭網路攻擊，客戶資料恐遭外洩 https://www.ithome.com.tw/news/152084 失控的人臉辨識與數據竊取──從《焚書》一窺數位洪災面貌 https://www.twreporter.org/a/bookreview-a-history-of-knowledge-under-attack 推特540萬用戶被盜！駭客出價3萬美元出售個資 https://times.hinet.net/news/24042692 全球民調／美國抖音一響個資漏光？過半美人支持刪TikTok護安全 https://reurl.cc/0XO9rl 資安統計指出，2022 年第 2 季遭冒名用於釣魚攻擊的最大品牌仍為 LinkedIn https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9979 網路釣魚郵件最常被冒用十大熱門品牌排名揭曉！求職社群平台居冠 https://3c.ltn.com.tw/news/50301 Netflix上榜！釣魚網站最愛冒用十大品牌　這社交平台超危險 https://www.ftvnews.com.tw/news/detail/2022726W0292 詐騙之島…連結別亂點三關鍵阻詐 https://udn.com/news/story/12861/6487714 鬼門開開關關,它未曾離開,一直都在網路上遊蕩 https://blog.trendmicro.com.tw/?p=73457 以PrestaShop系統架設的電商網站遭到鎖定，駭客疑似透過SQL注入手法側錄交易資料 https://reurl.cc/0XOvob 網路詐騙隨旅遊假期到來　資安廠商盤點三大常見手段 https://www.ettoday.net/news/20220727/2303373.htm 國旅報復性出遊！揭3大旅遊詐騙陷阱　個資、錢財兩失 https://news.tvbs.com.tw/life/1860477 網路訂房後詐騙電話響不停？資安廠商曝3大常見網路陷阱 https://www.setn.com/News.aspx?NewsID=1152310 「防疫補助」簡訊別亂點，血汗錢恐被盜光光！專家列騙子3大陷阱　網驚呼：快傳給長輩 https://www.businesstoday.com.tw/article/category/183027/post/202207280011/ 慎防釣魚｜統計 : 6月Discord NFT詐騙增55%、損失2200萬美元、攻擊源疑自中國 https://www.blocktempo.com/trm-labs-said-june-discord-nft-phising-increasing-55/ 有急事找你！把詐騙警覺轉化為資安行動力 https://www.openfind.com.tw/taiwan/markettrend_detail.php?news_id=24800 臺灣線上教育平台業者資安態勢：網站、電郵及帳密為主要曝險 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9981 小心上當！假eTag發詐騙郵件　一點網址個資就外洩 https://www.mnews.tw/story/20220729news006 「你本週被搜尋8次」這是詐騙郵件！ LinkedIn求職平台遭駭客冒用NO.1 https://3c.ltn.com.tw/news/50313 詐騙新招電子支付轉帳騙錢民眾3招自保 https://udn.com/news/story/7320/6489111 Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network https://thehackernews.com/2022/07/researchers-warns-of-increase-in.html E.研究報告/工具次世代端點管理：６個典型３大趨勢 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9977 從資安專家眼睛看GitHub公測Copilot碼農神器核心人工智慧Codex幫寫程式　程式員想用駭客也想用 https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/8053A0905B72491983A44BE71CCE9573 資訊安全五大招！自己的安全牆自己造 https://isafe.moe.edu.tw/article/2601?user_type=4&topic=9 疫情嚴峻駭客攻擊益發猖獗　傳統密碼強度防護力有未逮無密碼身分識別登入　整合雙因素認證更牢靠 https://www.netadmin.com.tw/netadmin/zh-tw/technology/3D2EDFDAADE94E3C8BF89C8A28025208 將 AI 分析遷徙至雲端，全託管服務助攻企業搭上敏捷轉型浪潮 https://news.sina.com.tw/article/20220726/42267540.html 智慧資安? 與傳統資安的差異為何? 數位轉型的安全盾 https://open.firstory.me/story/cl5qzt2d303xg01zx915fe6tx Android App常見安全問題演練分析系統-DIVA-Part1 https://reurl.cc/NR6QXx 攻擊面管理：2022年何以成主流 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9983 人流、金流、資訊流，從俄烏戰爭拆解中共認知作戰手法與因應之道 https://open.firstory.me/story/cl0ix42trayvr0972bkeo55ov/platforms How to Combat the Biggest Security Risks Posed by Machine Identities https://thehackernews.com/2022/07/how-to-combat-biggest-security-risks_29.html Google’s New Programming Language is Called Carbon https://medium.com/geekculture/googles-new-programming-language-is-called-carbon-43b2b859ff63 What is REST API https://medium.com/@meghanap1196/rest-api-698c230d2aa7 41 Dot Net (.NET) Framework Interview Questions and Answers https://itcertifications.medium.com/41-dot-net-net-framework-interview-questions-and-answers-a87ff466fca5 .NET 7 is on the way! 5 Features that will blow your mind https://medium.com/dotnetsafer/net-7-is-on-the-way-5-features-that-will-blow-your-mind-7b57e9820aa2 Things to avoid while writing Java https://medium.com/@b.stoilov/things-to-avoid-while-writing-java-cd078e5aa61c Automation with Bash: How To Monitor Disk Storage and Send Email Alerts https://medium.com/techtofreedom/automation-with-bash-how-to-monitor-disk-storage-and-send-email-alerts-4795fe9dc638 How To Clean Data With SQL https://medium.com/codex/how-to-clean-data-with-sql-613d1e9ebbb1 Lock Screen Bypass Exploit of Android Devices (CVE-2022–20006) https://medium.com/maverislabs/lock-screen-bypass-exploit-of-android-devices-cve-2022-20006-604958fcee3a Gmail Data Analysis using Python https://medium.com/@hemanthponnada23/gmail-data-analysis-using-python-184cc4a8f35b Top MSSP CEOs Share 7 Must-Do Tips for Higher MSSP Revenue and Margin https://thehackernews.com/2022/07/top-mssp-ceos-share-7-must-do-tips-for.html 4 Steps the Financial Industry Can Take to Cope With Their Growing Attack Surface https://thehackernews.com/2022/07/4-steps-financial-industry-can-take-to.html An Easier Way to Keep Old Python Code Healthy and Secure https://thehackernews.com/2022/07/an-easier-way-to-keep-old-python-code.html F.商業美國准許Google、Mandiant合併案 https://times.hinet.net/news/24044023 BIZ勝派丨企業轉型資安制勝 Fortinet：公眾須建立網絡認知 https://reurl.cc/YX6VLl Sophos 發表新的跨業務團隊 Sophos X-Ops https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9975 Amazon收購One Medical擴大布局智慧醫療，但個資與隱私保護是否經得起考驗 https://www.thenewslens.com/article/170531 七成銀行都是客戶！FinTech大廠偉康科技進軍「身分認證」，搶製造業轉型商機 https://www.bnext.com.tw/article/70891/webcomm-security-oeth G.政府【漢光38號實兵演習】鄭榮豐視導網路戰操演盼官兵提升實戰力 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1521200 公務機關資安人力不足政院：可約聘僱或委外 https://news.ltn.com.tw/news/politics/breakingnews/4005119 新國科會今掛牌蔡總統交辦三大任務 https://www.rti.org.tw/news/view/id/2139782 國軍委外辦理資通系統服務資安管理說明 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1521781&type=military 監院邀學者談認知作戰建議立法追查金流 https://reurl.cc/D36jle H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 VR工安教學 10項危險預先體驗 https://www.1111.com.tw/news/jobns/146673 以色列資安新創Siga　將OT資安提升至「零層級」 https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000640000_8RL1T84KLUHIDV1AQ14XT 9 成 OT 企業一年內被駭過！資安大廠：CSIO 權責不明、層級太低將成隱憂 https://www.managertoday.com.tw/articles/view/65485 淺談車載資安國際標準 : TISAX https://cybersecurenews.com.tw/policy-002/ 美國2022上半揭露逾600個ICS設備的漏洞 https://14520070.fs1.hubspotusercontent-na1.net/hubfs/14520070/Collateral/ICS-Vulnerabilities-CVEs_SynSaber-2022-H1-Report.pdf 物聯網資訊安全實務入門 https://www.tenlong.com.tw/products/9786267146279?list_name=r-zh_tw Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices https://thehackernews.com/2022/07/dahua-ip-camera-vulnerability-could-let.html Spanish Police Arrest 2 Nuclear Power Workers for Cyberattacking the Radiation Alert System https://thehackernews.com/2022/07/spanish-police-arrest-2-nuclear-power.html I.教育訓練 Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj 6.近期資安活動及研討會 COSCUP x KCD 2022 Taiwan 2022/7/30 ~ 2022/7/31 https://coscup.org/2022/zh-TW/ 關鍵基礎設施實作課程(含攻防演練實作) 2022/8/1 https://www.acw.org.tw/News/Detail.aspx?id=3229 資安管理(ISO27001)與資安保險(ISO27102)之整合應用與發展趨勢 8/4 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X20262 【資安演訓實作課程】智慧製造攻防演練課程 2022/8/5 https://www.accupass.com/event/2207130617395907703790 111年下半年資安職能訓練－【第58班次】網路架構與部署安全 2022/8/8 ~ 2022/8/10 https://cee.ksu.edu.tw/CourseInfo.aspx?id=2473 政府資訊委外安全（資安專業課程訓練） 2022/8/11 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X20275 【資安演訓實作課程】IoT資安檢測實務 2022/8/16 https://www.accupass.com/event/2207210707117495644880 資安檢測實務 2022/8/17 http://www.asia-learning.com/course/itemlist/104256 資安策略規劃（資安專業課程訓練） 2022/8/18 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X20278 HITCON PEACE 2022 台灣駭客年會 2022/8/19 ~ 2022/8/20 https://hitcon.kktix.cc/events/hitcon-peace-2022 NISRA Enlightened 2022 2022/8/22 ~ 2022/8/26 https://nisra.kktix.cc/events/2022enlightened PyCon APAC 2022 2022/9/3 ~ 2022/9/4 https://tw.pycon.org/2022/zh-hant 2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22 https://jamf.kktix.cc/events/cybersec2022jamf 關鍵基礎設施實作課程(含攻防演練實作) 2022/9/27 https://www.acw.org.tw/News/Detail.aspx?id=3229 Kubernetes Summit 2022 2022/10/18 ~ 2022/10/19 https://k8s.ithome.com.tw/ 資訊安全與人工智慧實作 2022/10/28 https://www.cisanet.org.tw/Course/Detail/2867 行動應用APP 安全檢測（APK/IPA）2022-11-18 09:00 ~ 2022-11-18 12:00 https://www.cisanet.org.tw/Course/Detail/2865