資安事件新聞週報 2022/9/19 ~ 2022/9/23

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/9/19 ~ 2022/9/23 1.重大弱點漏洞/後門/Exploit/Zero Day Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet https://thehackernews.com/2022/09/over-39000-unauthenticated-redis.html SAP修補BusinessOne、BusinessObjects、GRC高風險漏洞 https://www.securityweek.com/sap-patches-high-severity-flaws-business-one-businessobjects-grc GPT-3推特機器人存在即時注入漏洞而被迫關閉 https://arstechnica.com/information-technology/2022/09/twitter-pranksters-derail-gpt-3-bot-with-newly-discovered-prompt-injection-hack Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure https://thehackernews.com/2022/09/researchers-disclose-critical.html 存在15年的Python漏洞恐影響35萬個開源專案 https://www.trellix.com/en-us/about/newsroom/stories/research/tarfile-exploiting-the-world.html 15-Year-Old Unpatched Python Vulnerability Potentially Affects Over 350,000 Projects https://thehackernews.com/2022/09/15-year-old-unpatched-python.html 微軟發佈9月份安全性公告 https://www.cisa.gov/uscert/ncas/current-activity/2022/09/13/microsoft-releases-september-2022-security-updates Windows 11 2022 更新即日起正式推出 https://news.microsoft.com/zh-tw/windows-11-2022-update/ Chrome瀏覽器傳出原型污染漏洞，恐導致特定防護API被繞過 https://portswigger.net/daily-swig/prototype-pollution-bug-in-chromium-bypassed-sanitizer-api 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安美證管會「傻眼」！大摩舊硬碟處理不當洩客戶個資　吞上億裁罰 https://finance.ettoday.net/news/2342860 摩根史坦利廢棄硬碟與伺服器洩露客戶資料，遭罰3,500萬美元 https://www.ithome.com.tw/news/153206 外資金融業招募新血啟動年末徵才計畫 https://news.cnyes.com/news/id/4960250 採用雲原生架構，建置融入ESG概念的法金徵審系統，推動台灣企業落實永續發展元大銀行攜手 IBM　打造雲上綠色金融服務 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/AD5E60BFB91F46619054172F103E1E78 台灣企業資安防護只拿C級分金融與半導體防護安全優於全球 https://reurl.cc/AOW8Qp 強化資安凱基攜手叡揚導入API安全平台 https://ctee.com.tw/industrynews/technology/721284.html 國泰世華銀香港分行涉防洗錢疏失舊案今遭香港金管局重罰4000萬元 https://reurl.cc/qNbmgg 銀行公會新龍頭雷仲達提7大目標 https://times.hinet.net/news/24153887 新北打詐隊聯手上海商業儲蓄銀行誓言全力阻詐建構強而有力的金警聯防 https://reurl.cc/dWbVG8 3.電子支付/行動支付/pay/資安 IT Security Takeaways from the Wiseasy Hack https://thehackernews.com/2022/09/it-security-takeaways-from-wiseasy-hack.html 全支付三方循環創新金融獲利關鍵 https://reurl.cc/jG4q8Z 全支付10天破百萬會員！靠「三招」年底達陣200萬 https://www.gvm.com.tw/article/94264 媒合行動支付業者及旅宿業者「多元支付」創造優質便利旅遊環境 https://reurl.cc/W1YE3e 新北行動支付「NewTaiPAY」年底加入新北幣逾5700家特約商店使用 https://reurl.cc/RX76b6 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安繼幣安之後，英國再度向國民警告FTX是個未經授權的交易平臺 https://www.ithome.com.tw/news/153137 以太坊合併後，GPU挖礦已幾乎無利可圖 https://www.ithome.com.tw/news/153125 Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident https://thehackernews.com/2022/09/crypto-trading-firm-wintermute-loses.html 駭客利用Profanity漏洞獲利330萬美元 https://news.cnyes.com/news/id/4957227 外媒：駭客組織TeamTNT正在試圖破解比特幣 https://news.cnyes.com/news/id/4957312 AquaSec：駭客組織 TeamTNT 發動袋鼠攻擊「想試圖破解比特幣」 https://www.surviews.com/post/5031.html Tribe DAO再次啟動社區投票以賠償Rari Capital駭客受害者 https://news.cnyes.com/news/id/4958401 算法穩定幣｜Tribe DAO 通過賠償提案，將全額補償所有 Rari 駭客案受害者 https://www.blocktempo.com/tribedao-pass-goverance-proposals-will-be-fully-compensate-all-hack-victims/ 嚴防加密貨幣詐騙！美國財政部要求監管機構嚴厲執法 https://newtalk.tw/news/view/2022-09-20/819475 Wintermute未償DeFi債務逾2億鎂；CEO : 駭客若歸還1.6億鎂「願付10%賞金」 https://www.blocktempo.com/wintermute-offer-a-10-bounty-on-funds-taken-by-hacker/ 加密貨幣造市商Wintermute遭竊1.62億美元 https://www.bleepingcomputer.com/news/security/hackers-steal-162-million-from-wintermute-crypto-market-maker/ 那些駭客「教懂」我的道理與解決辦法 https://reurl.cc/pMbmdx PandaDAO 發布退款與解散提案：主因歸於治理結構問題 https://www.blocktempo.com/pandadao-disbanding-proposal-mainly-due-to-governance-issues/ Multichain遭爆「超額鑄造跨鏈DAI」；CEO駁質疑：Fantom DAI有1：1支撐 https://www.blocktempo.com/multichain-ceo-responds-to-overmint-questions/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 首破「詐騙網設計團隊」　木馬APP盜領存款 https://news.tvbs.com.tw/local/1910623 針對廣被公有雲使用的Linux 系統勒索病毒攻擊暴增 75% https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10068 駭客藏匿惡意程式於詹姆斯·韋伯太空望遠鏡拍攝之影像中 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10076 紐約救護車業者證實遭到攻擊，疑勒索軟體Hive所為 https://www.bleepingcomputer.com/news/security/new-york-ambulance-service-discloses-data-breach-after-ransomware-attack/ 紐約賽馬協會傳出遭勒索軟體Hive攻擊 https://www.bleepingcomputer.com/news/security/hive-ransomware-claims-attack-on-new-york-racing-association/ 北韓駭客透過即時通訊軟體WhatsApp，針對媒體散布惡意版PuTTY https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing 俄羅斯駭客組織Sandworm假冒電信業者，向烏克蘭散布惡意軟體 https://www.recordedfuture.com/russia-nexus-uac-0113-emulating-telecommunication-providers-in-ukraine Webworm駭客組織改造舊版木馬程式來發動攻擊 https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/webworm-espionage-rats 勒索攻擊威脅大增，趨勢科技：資安行動升級迫在眉睫 https://technews.tw/2022/09/19/software-supply-chain-attack/ 卡巴斯基揭露北韓駭客「Kimsuky」如何確保惡意軟體只被目標下載，量身打造攻擊手法 https://www.techbang.com/posts/99428-kaspersky-reveals-how-north-korean-hacker-kimsuky-ensured-that 金融木馬Ares利用與QBot相同的DGA手法攻擊墨西哥 https://www.zscaler.com/blogs/security-research/ares-banking-trojan-learns-old-tricks-adds-defunct-qakbot-dga 駭客以LinkedIn的付費版功能散布惡意連結，藉此規避偵測 https://cofense.com/blog/threat-actors-abuse-linkedin-slink-to-bypass-secure-email-gateways 勒索軟體LockBit的製作工具遭到該集團的開發者流出 https://www.bleepingcomputer.com/news/security/lockbit-ransomware-builder-leaked-online-by-angry-developer-/ 備份資料成為駭客竊取使用者帳密的新目標，勒索軟體BlackCat鎖定Veeam備份軟體竊取資料 https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps 出現命名模仿特定CSS框架的冒牌NPM套件，夾帶指令碼以散布惡意軟體 https://blog.reversinglabs.com/blog/threat-analysis-malicious-npm-package-mimicks-material-tailwind-css-tool 微軟Exchange伺服器遭植入惡意OAuth應用程式，並被用於散布垃圾郵件 https://www.microsoft.com/security/blog/2022/09/22/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam/ 電商平臺Magento重大漏洞CVE-2022-24086遭到利用，被用於植入木馬程式 https://sansec.io/research/magento-2-template-attacks 安全業者、歐洲警方合作釋出LockerGoga解密金鑰 https://www.ithome.com.tw/news/153143 資安業者Bitdefender提供勒索軟體LockerGoga解密工具 https://www.bleepingcomputer.com/news/security/bitdefender-releases-free-decryptor-for-lockergoga-ransomware/ Emotet Botnet Started Distributing Quantum and BlackCat Ransomware https://thehackernews.com/2022/09/emotet-botnet-started-distributing.html Microsoft Teams' GIFShell Attack: What Is It and How You Can Protect Yourself from It https://thehackernews.com/2022/09/microsoft-teams-gifshell-attack-what-is.html Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware https://thehackernews.com/2022/09/europol-and-bitdefender-release-free.html Comprehensive Threat Intelligence: Gamaredon APT targets Ukrainian government agencies in new campaign https://blog.talosintelligence.com/2022/09/gamaredon-apt-targets-ukrainian-agencies.html Spam email campaign targeting businesses delivers the Agent Tesla stealer https://securelist.com/agent-tesla-malicious-spam-campaign/107478/ Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps Iranian State Actors Conduct Cyber Operations Against the Government of Albania | CISA https://www.cisa.gov/uscert/ncas/alerts/aa22-264a Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime https://unit42.paloaltonetworks.com/domain-shadowing/ Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware https://thehackernews.com/2022/09/russian-sandworm-hackers-impersonate.html 殭屍網路Emotet被用於散布勒索軟體BlackCat、Quantum https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022 Emotet Botnet Started Distributing Quantum and BlackCat Ransomware https://thehackernews.com/2022/09/emotet-botnet-started-distributing.html NFT Malware Gets New Evasion Abilities https://blog.morphisec.com/nft-malware-new-evasion-abilities Void Balaur | The Sprawling Infrastructure of a Careless Mercenary https://www.sentinelone.com/labs/the-sprawling-infrastructure-of-a-careless-mercenary/ B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊蘋果重新設計iPhone 14內部構造，使它更容易維修 https://www.ithome.com.tw/news/153136 資安拉警報！　蘋果iOS 16手機暗藏「微封城」 https://www.ettoday.net/news/20220919/2341517.htm iPhone 14 剛上市,詐騙就來了 https://blog.trendmicro.com.tw/?p=74199 Line、Twitch、任天堂都停用Facebook登入！社群巨頭影響力為何大衰退 https://www.bnext.com.tw/article/71766/facebook-login-button-disappearing-2022 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力網劇「你安全嗎」詐騙、網暴成題材 https://www.worldjournal.com/wj/story/121233/6621586 小心「黑暗元宇宙」　專家示警IoX資安風險 https://reurl.cc/NR86vm 不是錯覺，暑假期間資安事件真的比較少！背後原因：駭客愛放暑假、也懂享受人生 https://buzzorange.com/techorange/2022/09/22/hackers-on-vacation/ 駭客準備售賣給它愛程式原始碼：要價5位數、已有人付款 https://gamemad.com/news/44451 Uber指控遭駭事故疑為駭客組織Lapsus$所為，承包商的帳號遭冒用 https://www.bleepingcomputer.com/news/security/uber-links-breach-to-lapsus-group-blames-contractor-for-hack/ Uber、R星與FBI合作調查駭客入侵事件作案詳情揭曉 https://gamemad.com/news/44534 Uber 疑遭駭侵者透過社交工程攻擊，入侵內部系統 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10078 Uber指控遭駭事故疑為駭客組織Lapsus$所為，承包商的帳號遭冒用 https://www.bleepingcomputer.com/news/security/uber-links-breach-to-lapsus-group-blames-contractor-for-hack/ Uber 遭駭！18 歲駭客稱已入侵內部網站，Uber 表示用戶資料未受影響 https://www.inside.com.tw/article/28992-uber-hacker-attack 密碼管理解決方案業者LastPass針對8月遭駭透露更多調查結果 https://s4.itho.me/sites/default/files/images/Figure-1-Fake-and-Legitimate-websites-of-the-National-Tax-Agency-.jpg 越南駭客聲稱取得飯店集團IHG的密碼庫存取權限，並破壞資料 https://www.bbc.com/news/technology-62937678 電玩業者Rockstar遭駭，駭客聲稱竊得測試版遊戲的影片與原始碼 https://www.bleepingcomputer.com/news/security/gta-6-source-code-and-videos-leaked-after-rockstar-games-hack/ 中國企業挖角臺灣高科技產業、竊密，1年查獲40起 https://www.cna.com.tw/news/asoc/202209160249.aspx 烏駭客攻陷「瓦格納」募兵網取得全部傭兵個資「秋後算帳」 https://news.ltn.com.tw/news/world/breakingnews/4064040 政府掌握入侵線索安努亞：NACSA將發表聲明 https://reurl.cc/xQb0Kz 針對阿爾巴尼亞政府7月遭駭，美國表示伊朗駭客埋伏長達14個月才動手 https://www.cisa.gov/uscert/ncas/alerts/aa22-264a 俄羅斯加強攻擊烏克蘭民用設施，以高薪招募志願役投入對烏作戰 https://www.thenewslens.com/article/173446 英國政府醞釀關閉境內31所孔子學院，傳跨黨議員洽談從台灣引進華語師資 https://www.thenewslens.com/article/173466 中國四川部分地區設「十戶長」監管民情惹議，專家：習近平二十大後將建成絕對權力控制體系 https://www.thenewslens.com/article/173723 駭客組織匿名者癱瘓伊朗政府網站，目的是抗議警方對婦女執法過當 https://thehackernews.com/2022/09/malicious-npm-package-caught-mimicking.html 中美關係改變中華電：台灣網路遭攻擊事件增加 https://taronews.tw/2022/09/21/862093/ Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners https://thehackernews.com/2022/09/hackers-targeting-unpatched-atlassian.html Rockstar Games Confirms Hacker Stole Early Grand Theft Auto VI Footage https://thehackernews.com/2022/09/rockstar-games-confirms-hacker-stole.html Record DDoS Attack with 25.3 Billion Requests Abused HTTP/2 Multiplexing https://thehackernews.com/2022/09/record-ddos-attack-with-253-billion.html 資安事件分析師 Security Event Analyst https://www.104.com.tw/job/7r028 資訊安全技術人員 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=386656&HIRE_ID=11471535 10 種資安工程師工作內容介紹，一起加入薪水成長潛力股資安產業 https://www.yourator.co/articles/317 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Uber Claims No Sensitive Data Exposed in Latest Breach… But There's More to This https://thehackernews.com/2022/09/uber-claims-no-sensitive-data-exposed.html 將帳密寫死在指令碼釀新禍！有駭客透過網釣取得這類資訊而滲透Uber的特權管理系統 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ 美國航空員工電子郵件帳號，旅客資料外洩 https://www.bleepingcomputer.com/news/security/american-airlines-discloses-data-breach-after-employee-email-compromise/ 刑事局破獲國內首宗詐騙釣魚網站及攔截簡訊系統開發商，逮捕參與境外詐騙的工程師及共犯 https://cib.npa.gov.tw/ch/app/news/view?module=news&id=1885&serno=136ed025-eddf-46f3-a839-506100ed5e8b 駭客假冒美國政府機關，鎖定Microsoft 365用戶發動網釣攻擊 https://cofense.com/blog/credential-phishing-targeting-government-contractors-evolves-over-time 金融科技業者Revolut資料外洩，5萬客戶受到影響 https://www.bleepingcomputer.com/news/security/revolut-hack-exposes-data-of-50-000-users-fuels-new-phishing-wave/ 微軟揭露大規模的點擊詐騙活動 https://www.ithome.com.tw/news/153142 Microsoft Warns of Large-Scale Click Fraud Campaign Targeting Gamers https://thehackernews.com/2022/09/microsoft-warns-of-large-scale-click.html 星巴克22萬新加坡客戶資料流入暗網 https://www.bleepingcomputer.com/news/security/hacker-sells-stolen-starbucks-data-of-219-000-singapore-customers/ 瀏覽器拼字檢查功能未將密碼排除在外，而導致密碼上傳到Google與微軟 https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords Uber Blames LAPSUS$ Hacking Group for Recent Security Breach https://thehackernews.com/2022/09/uber-blames-lapsus-hacking-group-for.html 影后上百張裸照遭駭「像被整個星球集體性侵」　3女星私密照外洩 https://star.ettoday.net/news/2341695 林襄、謝忻也受害！奧斯卡影后「上百張私密照外流」嘆：像被集體霸凌 https://www.ftvnews.com.tw/news/detail/2022920W0163 狂收釣魚網址？台積都曾中毒停機，你該做的「零信任」4件事 https://www.cw.com.tw/article/5122866 美國航空外洩客戶資料 https://times.hinet.net/news/24147685 駭客組織DEV-0796發起點擊詐騙活動，濫用受害電腦來賺取廣告利潤 https://twitter.com/MsftSecIntel/status/1570911625841983489 帳號填充攻擊流量占所有登入行為的三分之一 https://auth0.com/blog/top-insights-from-our-2022-state-of-secure-identity-report/ LinkedIn 的智慧連結，遭濫用於釣魚郵件攻擊 https://www.twcert.org.tw/tw/cp-104-6545-89f38-1.html 假官網詐騙訊息猖獗，不明網址勿點擊，避免個人敏感性資料遭外洩 http://www.attnerp.com.tw/attnblog20221014/ 婦遭駭客入侵詐騙幸三民一警及時救援阻詐 https://times.hinet.net/news/24151339 駭客Data在暗網出售約3.5億條Ask.FM使用者的記錄；Malwarebytes阻止使用者訪問託管在Google的服務 https://vitomag.com/code/vfihc.html 台灣虎航公告遭駭客網路攻擊，疑客戶資料外洩，是本週第二起資安事件重大訊息 https://www.ithome.com.tw/news/152084 E.研究報告/工具找駭客？Let's Go! Day03 可以去哪裡找駭客朋朋？台科資安社 https://ithelp.ithome.com.tw/articles/10293538 被資安法管轄後，會發生什麼事？（之 2 - 資安法施行細則介紹） https://ithelp.ithome.com.tw/articles/10295803 DDoS不只規模大、還可能持續數小時之久而產生暴量存取請求！資安業者Imperva揭露已出現持續長達4小時的攻擊 https://www.imperva.com/blog/record-25-3-billion-request-multiplexing-attack-mitigated-by-imperva/ 駭客鎖定Oracle WebLogic伺服器來發動挖礦攻擊 https://www.trendmicro.com/en_us/research/22/i/a-post-exploitation-look-at-coinminers-abusing-weblogic-vulnerab.html 研究人員找到1.2萬個遭駭客濫用的影子網域 https://unit42.paloaltonetworks.com/domain-shadowing/ 從零開始的工程師寫作之路 - 新人報到 https://reurl.cc/gMbmKp 資訊安全、網路安全與隱私保護的多重聯防，強化企業數位轉型與營運治理策略 https://www.bsigroup.com/zh-TW/blog/Cybersecurity-and-Information-Resilience-Blog/2022/cybersecurity-privacy-protection/ How many ways to MERGE Data Frame in Apache Spark https://medium.com/@healtech/how-many-ways-to-merge-data-frame-in-apache-spark-565e02f9a5de How To Create Auto-Saving Forms in Angular https://betterprogramming.pub/angular-auto-save-forms-1a396d17ed7d Best Coding Practices in Java https://medium.com/@rvranjan905/best-coding-practices-in-java-ddf8fbe7034c How to Generate Mock Data In Java https://medium.com/javarevisited/how-to-generate-mock-data-in-java-ff3b5f66f167 Logs and Distributed Systems https://levelup.gitconnected.com/logs-and-distributed-systems-ebd3902732bd Optimising Trading Strategies by Using a Genetic Algorithm https://medium.com/geekculture/optimising-trading-strategies-by-using-a-genetic-algorithm-bc90d7ddbefd U.S. Adds 2 More Chinese Telecom Firms to National Security Threat List https://thehackernews.com/2022/09/us-adds-2-more-chinese-telecom-firms-to.html F.商業資安智慧轉型，IBM提永不信任、始終驗證、善用AI工具提升資安規劃與防禦成效 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10074 TeamT5 杜浦數位安全獲日商投資，強化布局日本與亞太市場 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10075 中華電信攜手中華資安國際協助企業提升台灣資安力 https://www.chinatimes.com/realtimenews/20220921005613-260410?chdtv 中華電攜手中華資安國際，共助企業提升資安力 https://www.ttv.com.tw/finance/view/092022211756B613E112A5CA449197D77A2A8134125F0AEF/700 KPMG大調查台灣資安隱藏「盲斷層」現象 https://udn.com/news/story/7239/6632324?from=udn-ch1_breaknews-1-0-news SaaS配置錯誤恐釀嚴重資安威脅! Palo Alto Networks提SSPM 安全狀況管理 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10086 G.政府數位部產業署與半導體產業共同推動半導體設備資安標準與供應鏈安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10069 台立委：民用設施遭駭嚴重性不亞於軍事威脅 https://www.epochtimes.com/b5/22/9/18/n13827675.htm 關鍵基礎設施現代化急需資安轉型 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/D4B20A86B6C04D74867E73173407C34B 陳明通赴泰遭曝綠稱「認知戰」　退將：檢討自己 https://today.line.me/tw/v2/article/JPYzmLM 陳明通行程遭中共披露╱泰機場採「中製監視系統」資安陷風險 https://news.ltn.com.tw/news/politics/paper/1541465 總統蔡英文：資安不能單打獨鬥政府將打造聯防體系 https://news.pts.org.tw/article/600685 台灣資安館亮相，唐鳳對電子簽章技術感興趣 https://technews.tw/2022/09/20/digital-signature/ 沒特權最標準！唐鳳籲全民落實資安 https://reurl.cc/8pAnaX 唐鳳：韌性建設、資安是當務之急 https://ctee.com.tw/people/interview/721063.html 建構全民數位韌性唐鳳：每個人都能發現資安破口 https://newtalk.tw/news/view/2022-09-21/820275 數位部長唐鳳揭露打造堅韌安全的智慧國家的3目標、4大策略 https://www.ithome.com.tw/news/153174 戰爭凸顯通訊重要性唐鳳：確保基地台不斷電 https://www.rti.org.tw/news/view/id/2145191 國科會明年成立TACC 強化資安國際科技交流 https://udn.com/news/story/7266/6629276 國科會明年將成立臺灣資安科研中心 https://reurl.cc/8pAnxR 捷克政府訪台取經　借鏡資安及防疫經驗 https://www.1111.com.tw/news/jobns/147764 法國參議院代表團與國防院學者研討資安供應鏈議題 https://indsr.org.tw/information?uid=6&pid=2190 賴清德副總統參訪臺灣資安大會及臺灣資安館 http://www.digitalwall.com/scripts/displaypr.asp?UID=86615 總統出席台灣資安大會開幕式 https://today.line.me/tw/v2/article/x2VzMWq 黃敏惠採購中國大疆無人機引發國安疑慮 │綠營網軍慣用套路抹黑抹爛抹紅 https://n.yam.com/Article/20220922712243 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Top Deep Learning Projects for Final year with source code https://naemazam.medium.com/top-deep-learning-projects-for-final-year-with-source-code-7540f6f17d87 TXOne Networks 睿控網安釋出「SEMI E187標準導入參考指南」助企業與供應鏈依循落實 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10070 The Best MLOps Training Courses https://medium.com/@elliotwangml/four-mlops-training-courses-best-of-the-best-7deeb16cf078 資安展聚焦車用資安　鴻海李維斌：資安不好的車以後難賣 https://www.eettaiwan.com/20220921-ev-cybersecurity-should-be-first-priority/ 台灣資安鑄造攜手無線通訊大廠啟碁科技　推出輕巧型資安監控設備 https://ctee.com.tw/industrynews/technology/720104.html 供應鏈安全重中之重　SBOM防護OT資安有撇步 https://www.mem.com.tw/%E4%BE%9B%E6%87%89%E9%8F%88%E5%AE%89%E5%85%A8%E9%87%8D%E4%B8%AD%E4%B9%8B%E9%87%8D%E3%80%80sbom%E9%98%B2%E8%AD%B7ot%E8%B3%87%E5%AE%89%E6%9C%89%E6%92%87%E6%AD%A5/ Netgear路由器存在任意程式碼執行漏洞，與採用的第三方線上遊戲加速模組有關 https://onekey.com/blog/security-advisory-netgear-routers-funjsq-vulnerabilities/ TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE) https://www.exploit-db.com/exploits/51017 I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 我國網路資安狂被駭監委申請自動調查 https://www.chinatimes.com/realtimenews/20220810003152-260407?chdtv 6.近期資安活動及研討會 2022玉山 · 安碁資訊資安論壇【企業營運制勝關鍵，資安治理創價佈局】 2022/9/27 https://www.accupass.com/event/2208180737041036993111 TWIGF 2022 網路韌性的挑戰與契機：地緣政治、WEB 3.0 與中介者治理 2022/9/27 https://www.twcert.org.tw/tw/cp-105-6487-f6953-1.html 關鍵基礎設施實作課程(含攻防演練實作) 2022/9/27 https://www.acw.org.tw/News/Detail.aspx?id=3229 網路韌性的挑戰與契機：地緣政治、WEB 3.0 與中介者治理 2022 TWIGF 年會 2022/9/27 ~ 2022/9/28 https://cs.ezmail.com.tw/news/read/id/bh6311606baa4e4 Taipei.py 2022. 9 月聚會 2022/9/29 https://www.meetup.com/taipei-py/events/288391957/ 《歐立威科技 2022 研討會》|Elastic Security : 監測 x 告警，揪出潛在威脅 2022/9/29 https://www.accupass.com/event/2208310346161209105423 讀書會 Testing Swift (by Paul Hudson) 2022/9/30 https://www.meetup.com/taipei-swift-language-meetup-group/events/287393562/ OCF 培訓活動: 如何建立安全的網路架構 2022/10/1 https://ocftw.kktix.cc/events/ocftot2022 Blue Team Summit & Training 2022 2022/10/3 ~ 2022/10/10 https://www.sans.org/cyber-security-training-events/blue-team-summit-2022/?msc=free-events-mlp 數位轉型浪潮下資安新思維與布局 2022/10/6 https://www.accupass.com/event/2209210154443572722760 資安演訓實作課程－零信任網路PKI認證及安全晶片信任根應用 2022/10/7 https://www.acw.org.tw/News/Detail.aspx?id=3258 MOPCON 2022 2022/10/15 ~ 2022/10/16 https://mopcon.org/ 金融資安案例研習 2022/10/17 https://www.sitca.org.tw/OPF/B0000/PPT049_2022_01.asp Kubernetes Summit 2022 2022/10/18 ~ 2022/10/19 https://k8s.ithome.com.tw/ CODE BLUE 2022 @TOKYO 2022/10/27 ~ 2022/10/28 https://codeblue.jp/2022/en/ 資訊安全與人工智慧實作 2022/10/28 https://www.cisanet.org.tw/Course/Detail/2867 資訊安全發展趨勢| 數位社會與資訊安全 - 董監事系列認證課程 2022/11/5 https://www.accupass.com/event/2208120843261385349231 行動應用APP 安全檢測（APK/IPA）2022-11-18 09:00 ~ 2022-11-18 12:00 https://www.cisanet.org.tw/Course/Detail/2865 ICS 2022 WORKSHOP PROGRAM -「Ubiquitous Cybersecurity and Forensics」 2022/12/15 ~ 2022/12/17 https://ics2022.esam.io/ TANET 2022 WORKSHOP PROGRAM -「第二屆數位鑑識、醫療私密與網駭安全」 2022/12/15 ~ 2022/12/17 https://tanet2022.esam.io/