資安事件新聞週報 2022/5/2 ~ 2022/5/6

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/5/2 ~ 2022/5/6 1.重大弱點漏洞/後門/Exploit/Zero Day F5 BIG-IP 多版本存在安全性弱點 https://support.f5.com/csp/article/K23605346 Cisco 近日發布更新以解決多個產品的安全性弱點 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-security-bypass-JhOd29Gg Linux 系統拉警報！全新 Nimbuspwn 漏洞讓駭客成功獲取系統最高權限 https://technews.tw/2022/05/03/new-nimbuspwn-linux-vulnerability-gives-hackers-root-privileges/ Google修補Chrome逾30個漏洞，當中7個存在重大風險 https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html Google Releases Android Update to Patch Actively Exploited Vulnerability https://thehackernews.com/2022/05/google-releases-android-update-to-patch.html 微軟修補Azure PostgreSQL租戶隔離漏洞 https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/ TLStorm 2.0漏洞波及Aruba、Avaya交換器 https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/ 北韓駭客DarkSeoul利用Log4Shell漏洞入侵VMware遠距工作平臺 https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage Critical RCE Bug Reported in dotCMS Content Management Software https://thehackernews.com/2022/05/critical-rce-bug-reported-in-dotcms.html Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches https://thehackernews.com/2022/05/critical-tlstorm-20-bugs-affect-widely.html Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices https://thehackernews.com/2022/05/unpatched-dns-related-vulnerability.html Which Hole to Plug First? Solving Chronic Vulnerability Patching Overload https://thehackernews.com/2022/05/which-hole-to-plug-first-solving.html 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安報稅季線上申報留意自我資安防護檢測 https://turnnewsapp.com/livenews/finance/A07659002022050312300874 百年行庫從ATM案重生，一銀跨域挖角救火力挽狂瀾 https://times.hinet.net/news/23895014 矽谷搶華爾街午餐！　陳冲：十年來「純網銀」命運最坎坷 https://finance.ettoday.net/news/2242858?redirect=1 網攻逐年增加，「零信任安全」概念打造金融資安聯防網，徹底防駭 https://www.bnext.com.tw/article/68959/finance-security-twb 將來銀行爆帳務異常狂發「扣款未成功」簡訊硬拗系統優化 https://www.wealth.com.tw/articles/d5521c6c-5c1e-4fe8-a569-5bbbffa04e02 強化上市櫃資安措施政策大公開，提供資通安全管控指引，推動加入情資分享平臺 https://www.ithome.com.tw/news/150803 手機報稅全攻略 3認證5步驟完成 https://reurl.cc/GxEabZ 為何我的無框行動門號無法進行手機報稅? 手機報稅須知 https://www.kocpc.com.tw/archives/439491 3.電子支付/行動支付/pay/資安歐盟認為蘋果在 iOS 裝置限制 PayPal 等第三方電子錢包競爭能力讓 Apple Pay 取得電子支付競爭優勢 https://www.cool3c.com/article/176717 iPhone悠遊卡NFC功能有望實現？歐盟控蘋果NFC 行動支付壟斷 https://mrmad.com.tw/eu-controls-apples-nfc-payment-monopoly 方保僑：香港電子支付市場洗牌 https://reurl.cc/loep5Y 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約資安 Blockchain layers (L0, L1, L2, L3) in a Diagram https://medium.com/@nick.5montana/blockchain-layers-l0-l1-l2-l3-in-a-diagram-569162398db Why blockchain and Web3 user interfaces will suck for a while https://uxdesign.cc/why-blockchain-and-web-3-user-interfaces-will-suck-for-a-while-7575b7515757 驚悚趣聞？「北韓駭客」來面試區塊鏈工程師是一種怎樣的體驗 https://www.blocktempo.com/i-think-i-just-interviewed-a-north-korean-hacker/ 駭客竊取的 3 億美元等值比特幣遭沒收，暗網「絲路」創辦人的賠償金不用還了 https://www.inside.com.tw/article/27543-silk-road-ross-ulbricht-debt-bitcoin-siezure NEAR 彩虹橋攻擊始末：駭客未得逞反損失 2.5 枚以太幣 https://blockcast.it/2022/05/03/hacker-lost-2-5-eth-due-to-a-failed-attack-on-the-near-protocol-rainbow-bridge/ 一夜歸零！穩定幣項目Cashio遭駭客攻擊 https://reurl.cc/QLbVEp 虛擬貨幣玩家必備？軍規安全等級「大螢幕」電子硬體錢包，讓你的數位資產更安全 https://www.gq.com.tw/gadget/article/secux 「無聊猿」BAYC交易總額突破20億美元 https://news.cnyes.com/news/id/4862526 Yuga Labs元宇宙Otherside虛擬地塊Otherdeed NFT交易量突破20萬枚ETH https://news.cnyes.com/news/id/4863127 買NFT沒有買到JPG嗎？談BAYC無聊猿藏家的模糊高度權利開放，到Koda的版權規則明朗化 https://news.cnyes.com/news/id/4864458 Cronos 上 DeFi 協議 MM.Finance 遭到前端攻擊，損失超 200 萬美元 https://news.cnyes.com/news/id/4864978?exp=a 什麼是加密貨幣挖礦（Crypto Mining）？新手挖礦掏金前需要知道的幾件事 https://blog.trendmicro.com.tw/?p=71744 電子支付最後一哩路央行數位貨幣見雛形 https://vip.udn.com/vip/story/121938/6262361 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 微軟關閉VBA使Emotet改用新手法感染用戶 https://www.ithome.com.tw/news/150714 殭屍網路Emotet改用Excel外掛發動攻擊 https://www.proofpoint.com/au/blog/threat-insight/emotet-tests-new-delivery-techniques 安全團隊：駭客團伙利用惡意的 npm 包盜取助記詞和數字資產 https://news.cnyes.com/news/id/4862406 中國駭客Moshen Dragon操弄防毒軟體元件，利用DLL側載的方式執行後門程式 https://reurl.cc/q5NKVg 勒索軟體Magniber以Windows 10更新名義散布 https://reurl.cc/vdWKaL OpenSSF推出能檢測惡意NPM與PyPI套件的工具 https://github.com/ossf/package-analysis/blob/main/docs/case_studies.md 勒索軟體REvil重出江湖，研究人員發現新的惡意軟體檔案 https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/ Avast防蠕蟲元件遭到勒索軟體AvosLocker濫用，用於停用防毒軟體，並掃描Log4Shell漏洞 https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html 勒索軟體Black Basta竄改傳真服務並在安全模式執行 https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service 駭客以AWS的名義上傳2個惡意NPM套件 https://www.whitesourcesoftware.com/resources/blog/aws-targeted-by-a-package-backfill-attack/ 中Windows更新勒索病毒大崩潰！別想救回網勸1退路 https://3c.ltn.com.tw/news/48972 Windows用戶小心被騙！勒索病毒利用更新入侵要贖金 https://reurl.cc/OA4R97 北韓駭客Lazarus利用多種勒索軟體發動攻擊 https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/the-hermit-kingdoms-ransomware-play.html 網路圖書館應用程式Onleihe供應商遭到勒索軟體LockBit攻擊 https://www.bleepingcomputer.com/news/security/online-library-app-onleihe-faces-issues-after-cyberattack-on-provider/ 駭客以無聊猿的名義向圖像創作者散布惡意軟體 https://blog.malwarebytes.com/scams/2022/05/fake-cyberpunk-ape-executives-target-artists-with-malware-laden-job-offer/ 研究人員發起Malvuln專案，找尋勒索軟體的漏洞來阻止攻擊行動 https://www.malvuln.com/ Mustang Panda deploys a new wave of malware targeting Europe https://blog.talosintelligence.com/2022/05/mustang-panda-targets-europe.html NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service https://www.trendmicro.com/en_us/research/22/e/netdooka-framework-distributed-via-privateloader-ppi.html Raspberry Robin gets the worm early https://redcanary.com/blog/raspberry-robin/ Old Services, New Tricks: Cloud Metadata Abuse by UNC2903 https://www.mandiant.com/resources/cloud-metadata-abuse-unc2903 The strange link between a destructive malware and a ransomware-gang linked custom loader: IsaacWiper vs Vatet https://reurl.cc/RrXk36 A new secret stash for “fileless” malware https://securelist.com/a-new-secret-stash-for-fileless-malware/106393/ Password protected Excel spreadsheet pushes Remcos RAT https://isc.sans.edu/diary/rss/28616 A new BluStealer Loader Uses Direct Syscalls to Evade EDRs https://blog.minerva-labs.com/a-new-blustealer-loader-uses-direct-syscalls-to-evade-edrs Analyzing BlackByte Ransomware Go-Based Variants https://www.zscaler.com/blogs/security-research/analysis-blackbyte-ransomwares-go-based-variants Backdoor disguised as a document editing and messenger program (*.chm) https://asec.ahnlab.com/ko/33948/ Update on cyber activity in Eastern Europe https://otx.alienvault.com/pulse/6272996039678903e0b73dd5 UAC-0056 cyberattack using GraphSteel and GrimPlant malware and COVID-19 https://cert.gov.ua/article/39882 AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell https://reurl.cc/0pXWrA New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware https://documents.trendmicro.com/assets/txt/earth-berberoka-domains-2.txt https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/ UNC3524: Eye Spy on Your Email https://www.mandiant.com/resources/unc3524-eye-spy-email Researchers Disclose Years-Old Vulnerabilities in Avast and AVG Antivirus https://thehackernews.com/2022/05/researchers-disclose-10-year-old.html Researchers Warn of 'Raspberry Robin' Malware Spreading via External Drives https://thehackernews.com/2022/05/researchers-warn-of-raspberry-robin.html Experts Analyze Conti and Hive Ransomware Gangs' Chats With Their Victims https://thehackernews.com/2022/05/experts-analyze-conti-and-hive.html AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html Here's a New Tool That Scans Open-Source Repositories for Malicious Packages https://thehackernews.com/2022/05/heres-new-tool-that-scans-for-malicious.html Hackers Using PrivateLoader PPI Service to Distribute New NetDooka Malware https://thehackernews.com/2022/05/hackers-using-privateloader-ppi-service.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Google to Add Passwordless Authentication Support to Android and Chrome https://thehackernews.com/2022/05/google-to-add-passwordless.html Google Releases First Developer Preview of Privacy Sandbox on Android 13 https://thehackernews.com/2022/05/google-releases-first-developer-preview.html 西班牙首相和防長手機發現間諜軟體 https://reurl.cc/7Dpb7y 不再隱藏！微軟網頁版App商店終於有「最後更新日期」 https://3c.ltn.com.tw/news/48923 「使用手機等於同意接受跟監」——美國發明這 APP，讓你取回自身隱私的控制權 https://buzzorange.com/citiorange/2022/05/05/phone-privacy-information-security/ 中國京東方擅改iPhone OLED設計，遭蘋果抓包導致暫停生產 https://www.bnext.com.tw/article/69002/boe-changed-iphone-oled-design 日線上醫療「 LINE Doctor 」診療件數再創新高！3 亮點：免群聚、輕症分流、幼兒安心 https://www.inside.com.tw/article/27559-line-doctor-20times-onlinemed-omicron 蘋果Apple Silicon處理器存在Augury漏洞，恐洩露準備要執行的命令 https://www.prefetchers.info/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力台灣第一隊！如梭世代團隊入選國際資安機構弱點研究成員 https://www.ettoday.net/news/20220504/2244175.htm 台灣資安新秀成軍3年　被國際漏洞揭露計畫招為No.1管理者 https://www.ctwant.com/article/181687 前高中生黑帽駭客今變CNA資安專家漏洞通報全球資料庫 https://udn.com/news/story/7315/6291363 當雲端環境出現挖礦活動,對企業是一種警訊 https://blog.trendmicro.com.tw/?p=72183 資安長該擔心的不只資料外洩或勒索病毒, 別忽略「礦坑的金絲雀」－加密貨幣挖礦 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9843 新興地下商業模式:專賣企業網路存取權限的 AaaS ,五個資安長 (CISO) 該知道的防禦策略 https://blog.trendmicro.com.tw/?p=71956 鴻海研究院執行長李維斌：AI塑造的環境就像是廚房，駭客蟑螂找到價值就會攻擊 https://www.thenewslens.com/article/166369 評鑑台灣百貨業者資安防護力，網站、電郵安全性最弱 https://technews.tw/2022/05/03/department-store-security/ 駭客有多神祕？可以確定跟電影演的不一樣 https://www.gvm.com.tw/article/89500 駭客到底有多賺錢？抓1個漏洞最高拿260萬元 https://www.gvm.com.tw/article/89501 曝露於網際網路的資料庫於自2021年開始不斷增加 https://www.group-ib.com/media/public-facing-db/ Atlassian斷線事件影響775家客戶 https://www.ithome.com.tw/news/150708 SolarWinds 駭客這次進攻iOS 設備，竊取果粉網站登入資訊 https://techtagtw.com/results/086674a4a51f325b63d5 OpenSea官方Discord遭遇駭客攻擊，放出與YouTube合作相關釣魚鏈接 https://news.cnyes.com/news/id/4865772 美軍方社群網站帳號遭駭客入侵 https://reurl.cc/2ZmlGa 傳真社新聞通訊系統網站及內部系統受駭客入侵逾3700電郵被存取 https://reurl.cc/ErRbY0 網路間諜藉由Exchange伺服器竊密，並攻擊網路視訊設備 https://www.mandiant.com/resources/unc3524-eye-spy-email 俄羅斯駭客APT29濫用工作行程安排平臺Trello發動攻擊 https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns 駭客空前攻擊俄國疲於應付 https://news.ltn.com.tw/news/world/paper/1515054 「匿名者」挺烏克蘭讓俄羅斯成「紙老虎」？慘遭3股境外駭客勢力圍剿 https://www.ftvnews.com.tw/news/detail/2022503W0046 烏情報主管：普廷死後戰爭才能結束 https://ec.ltn.com.tw/article/breakingnews/3913914 俄遇空前駭客攻擊浪潮普京或勝利日正式宣戰摩爾多瓦恐遭入侵北京開緊急會議 https://www.soundofhope.org/post/617707?lang=b5 香港無線新聞連發「詭異推播」疑遭駭客警介入調查 https://reurl.cc/j1Gm3m 無綫新聞App連發異常推送訊息 TVB：網罪科今午已到辦公室蒐證 https://reurl.cc/yrMKvD 準備隨時接管洗腦？香港TVB連發詭異推播 https://www.ntdtv.com/b5/2022/05/03/a103416896.html TVBS難道也有駭客入侵的問題嗎 https://www.readgov.com/8560/ 中國駭客Naikon攻擊南亞軍事單位，植入滲透測試工具Viper https://cluster25.io/2022/04/29/lotus-panda-awake-last-strike/ 韓國執法部門逮捕2名朝鮮駭客資助的間諜 https://news.cnyes.com/news/id/4863410 北韓駭客利用VMware Log4j漏洞，駭入美國防、能源業的工程合作廠商 https://www.ithome.com.tw/news/150749 俄羅斯駭客針對羅馬尼亞政府發動DDoS攻擊 https://www.sri.ro/articole/atacuri-cibernetice-asupra-site-urilor-unor-institutii-publice-si-financiar-bancare.html CrowdStrike的Docker蜜罐發現兩個可能引發阻斷服務的映像檔，疑似鎖定俄羅斯、白俄羅斯政府機關 https://www.crowdstrike.com/blog/compromised-docker-honeypots-used-for-pro-ukrainian-dos-attack/ 美報告再揭中國政府駭客竊密涉及國防產業逾30家企業受害 https://news.ltn.com.tw/news/world/breakingnews/3915448 所有單位統一用國產電腦網民爆料中共實施安可計畫 https://www.soundofhope.org/post/618220?lang=b5 北京擬令各機關和國企全面汰除外國電腦消除資安疑慮 https://www.worldjournal.com/wj/story/121347/6293807 美媒提前披露布林肯演講內容仍定位中共是美最大威脅 https://www.soundofhope.org/post/618280?lang=b5 南韓加入北約網路防禦中心　強化網路防衛力 https://www.upmedia.mg/news_info.php?Type=3&SerialNo=144033 NIST Releases Updated Cybersecurity Guidance for Managing Supply Chain Risks https://thehackernews.com/2022/05/nist-releases-updated-guidance-for.html Chinese Hackers Caught Stealing Intellectual Property from Multinational Companies https://thehackernews.com/2022/05/chinese-hackers-caught-stealing.html Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers https://thehackernews.com/2022/05/ukraine-war-themed-files-become-lure-of.html Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector https://thehackernews.com/2022/05/chinese-hackers-caught-exploiting.html Chinese "Override Panda" Hackers Resurface With New Espionage Attacks https://thehackernews.com/2022/05/chinese-override-panda-hackers.html Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia https://thehackernews.com/2022/05/russian-hackers-targeting-diplomatic.html Experts Uncover New Espionage Attacks by Chinese 'Mustang Panda' Hackers https://thehackernews.com/2022/05/experts-uncover-new-espionage-attacks.html NIST Releases Updated Cybersecurity Guidance for Managing Supply Chain Risks https://thehackernews.com/2022/05/nist-releases-updated-guidance-for.html 資訊系統工程師(山鶯)-IIS(OA資安)_某知名公司 (3005767) https://headhunt.com.tw/Pages/job-description.aspx?id=3005767 【知名外商網路資安軟體公司】軟體測試工讀生 https://www.104.com.tw/job/7mek1 台中大軟體公司資安主管 https://www.104.com.tw/job/7mg0i MIS 程式設計師 https://www.104.com.tw/job/7meew 【資安所】資安生態推動人員 https://www.104.com.tw/job/7mfx3 資安軟體-業務工程師 https://www.104.com.tw/job/7mg22 新手網路資安工程師 https://www.1111.com.tw/job/98768986/ 資安威脅與調查分析工程師 https://www.104.com.tw/job/7mj3y 資訊安全主管人員_某知名公司 (3004391) https://headhunt.com.tw/pages/job-description.aspx?id=3004391 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 SEC Plans to Hire More Staff in Crypto Enforcement Unit to Fight Frauds https://thehackernews.com/2022/05/sec-plans-to-hire-more-staff-in-crypto.html 網購詐騙再現！5大高風險電商曝　來電出現「+」就要當心 https://www.setn.com/News.aspx?NewsID=1109208 「你被加入高級會員」迪卡儂消費者遭詐50萬 https://reurl.cc/2Zmlm9 網路報稅成趨勢　會計師提醒：小心6跡象、駭客竊個資 https://finance.ettoday.net/news/2242689 手機報稅夯，KPMG：留意三大安全要點，防駭客竊個資 https://www.bnext.com.tw/article/68935/tax-return-0503 好萊塢名媛大量私密裸照外流囂張駭客再盜她數百萬元 https://reurl.cc/e3OVyj 小白機蒐1.7億筆個資 17房仲灌錄程式獲緩起訴 https://www.chinatimes.com/realtimenews/20220503004876-260402?chdtv 駭客濫用Google的SMTP中繼服務發送釣魚郵件 https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit 五大高風險電商 Q1發生1127詐騙 https://udn.com/news/story/7320/6281303?from=udn_ch2_menu_v2_main_cate 英國健保局有上百名員工的帳號遭駭，被用來發送網釣郵件 https://www.ithome.com.tw/news/150772 別當詐騙集團提款機，趨勢科技教你網路報稅如何顧資安 https://technews.tw/2022/05/05/scam-tax/ 網傳購物網站「緊急通知！輝瑞新冠口服特效藥正式上線治療率達89%可降低重症感染以及死亡率」 https://tfc-taiwan.org.tw/articles/7301 網傳殯儀館燒不停調查局：疑境外勢力造假 https://www.rti.org.tw/news/view/id/2131952 多個 NFT 平台上的創作者遭釣魚惡意軟體攻擊 https://www.twcert.org.tw/tw/cp-104-6093-de801-1.html 新一波釣魚攻擊，鎖定官方認證 Twitter 帳號 https://www.twcert.org.tw/tw/cp-104-6092-c7c57-1.html Yahoo交易安全中心提醒：注意釣魚網站與詐騙手法 https://reurl.cc/vdWEny 第一季詐騙高風險賣場出爐　假冒客服人員3月騙529件 https://beanfun.com/articles/detail/1520762648084353024?country=tw&site=446 E.研究報告/工具研究報告:駭客集團入侵大量雲端機器挖礦圖利,對企業造成那些影響 https://blog.trendmicro.com.tw/?p=72196 微軟 Edge 新增免費 VPN 服務，臨時安全上網的方便選擇 https://technews.tw/2022/05/05/for-security-microsoft-edge-provides-free-vpn/ GitHub 將在 2023 年前強制所有貢獻者啟用雙重驗證 https://unwire.pro/2022/05/05/github-2/security/ 資安學習路上-怎麼開始的 https://ithelp.ithome.com.tw/articles/10284928?sc=rss.qu TikTok事件，是資安保護？還是政治打劫 https://vocus.cc/article/626f9d2cfd89780001bfb8bc 資安學習路上-Linux基礎與Web基礎 https://www.potatomedia.co/post/164f7462-23df-4e82-a8c5-3ffa49105aa2 https://www.potatomedia.co/post/2b271fb6-1d12-40ab-9bba-36bf6db32f5a 如何啟用Windows的動態鎖定功能 https://www.techbang.com/posts/95157-how-to-enable-the-dynamic-lock-feature-of-windows 擔心系統「遭小偷」，怎麼靠備份還原防止駭客入侵 https://www.bnext.com.tw/article/68991/hacker-proof-dep-backup-nick 軍備藍圖失竊？報告揭中駭客竊密壯大經濟，美歐亞企業受害 https://open.firstory.me/story/cl2srswz5006i01yo0s8t9n85 疫情驅動雲端化應用成顯學　企業重新奪回資安風險控制點 SASE融合網路安全　雲端服務保護混合辦公 https://www.netadmin.com.tw/netadmin/zh-tw/trend/0553A593737F49ACAD8714E603ECE06E 收購手段補強微分段技術　持續擴展SASE框架機制邊緣至地端東西向防護　落實零信任網路存取 https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/D0048821033D4D9EBD121A191CA68897 10 Books Every Senior Engineer Should Read https://semaphoreci.medium.com/10-books-every-senior-engineer-should-read-a61c1917e2a7 I Switched Password Managers and It Changed Everything https://medium.com/macoclock/i-switched-password-managers-and-it-changed-everything-9b0417fe64a Python Alpha 5 is HERE! 5 Promising Features that will blow your mind https://medium.com/@Sabrina-Carpenter/python-alpha-5-is-here-5-promising-features-that-will-blow-your-mind-a4abd406d0ad Renegotiate the web “bargain” by blocking all ads https://doctorow.medium.com/renegotiate-the-web-bargain-by-blocking-all-ads-93844287566f LinkedIn Is No Longer a Professional Networking Site https://medium.com/artistic-mystic-soul/linkedin-is-no-longer-a-professional-networking-site-3ed273b05872 top 10 Android libraries https://medium.com/localazy/top-10-android-libraries-to-boost-your-development-in-2022-3ec37fce8c22 A Bug Bounty Hunter’s Guide to IDOR Vulnerabilities https://medium.com/@daniel.j.hunt/an-bug-bounty-hunters-guide-to-idor-vulnerabilities-27012bbccd7 Published in CodeX https://medium.com/codex/lets-learn-build-and-sell-an-api-a12b0d7b4c2 Build Your first CI/CD Pipeline in Azure DevOps https://qatechtalks.medium.com/build-your-first-ci-cd-pipeline-in-azure-devops-5bd3408f36ff THE 15 BEST Chrome Extensions for 2022 https://bdarfler.medium.com/the-16-bestchrome-extensions-for-2022-b14e3bd08001 Spotify: UX Research case study https://medium.com/@jainanumeha74/spotify-ux-research-case-study-68997acf20f1 How to learn anything fast, no matter what your brain condition is https://medium.com/illumination/how-to-learn-anything-fast-no-matter-what-your-brain-condition-is-e3ffd9bf7e12 8 amazing Open Source projects https://medium.com/codex/part-2-8-best-open-source-projects-you-should-try-out-6de58feba631 Train your computer vision models atleast 2X faster by making these small changes https://akhilprasannan.medium.com/train-your-computer-vision-model-least-2x-by-making-these-small-changes-db801e7b22ad 10 Automation Scripts for Your Daily Python Projects https://python.plainenglish.io/10-automation-scripts-for-your-daily-python-projects-892a82be3f75 Everything That You Didn’t Know About The Dark Web But Should https://medium.com/illumination/everything-that-you-didnt-know-about-the-dark-web-but-should-24ecb4c501a The Importance of Defining Secure Code https://thehackernews.com/2022/05/the-importance-of-defining-secure-code.html Heroku Forces User Password Resets Following GitHub OAuth Token Theft https://thehackernews.com/2022/05/heroku-forces-user-password-resets.html How to make Excel look less like… Excel https://datastudio.medium.com/how-to-make-excel-look-less-like-excel-8eb91b75ab8f Top 5 FREE Cyber Security Certifications https://medium.com/@sam5epi0l/top-5-free-cyber-security-certifications-ac06fe46309c F.商業雲世代的資安治理需與企業商業決策並行 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9836 Check Point Research：全球三分之二 Android 使用者恐面臨隱私洩露風險 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9839 東捷資訊一站式供應鏈整合管理平台為製造業打造合規安全的供應鏈生態系 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9842 SailPoint推出雲端身分安全治理組合方案全新模組 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9841 漢領國際總代理Perception Point 防禦即服務 Prevention as a Service https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9837 訊連加入FIDO聯盟，致力打造安全簡易的數位身份驗證 https://www.techbang.com/posts/95940-cyberlink-joins-fido-alliance 研發擴展雲端資安服務能量　統一政策監控防破口遭滲透端到端整合安全連線存取　實踐零信任邊緣架構 https://www.netadmin.com.tw/netadmin/zh-tw/trend/B7A9171CF1774A9DB4763B41B31DC649 快速還原機制不難打造！企業如何從勒索攻擊中全身而退 https://buzzorange.com/techorange/2022/05/05/commvault-it/ Microsoft 365、Azure即將允許不同帳號間一鍵切換 https://www.ithome.com.tw/news/150709 義美高志明站台！完成近 6,000 萬元募資，池安科技瞄準「後量子密碼技術」 https://technews.tw/2022/05/03/chelpis-post-quantum-cryptography-aorta/ 免費G-Suite企業版6月1日自動改成付費Workspace，新增免費使用方案 https://www.ithome.com.tw/news/150722 Nozomi Networks成為CISA首家資安合作夥伴 https://tw.systex.com/nozomi-networks-cisa/ 中華電組織轉型最後一塊拼圖成立資訊技術分公司 https://news.cnyes.com/news/id/4863678 Citrix 全新以意圖為基礎的新世代應用與安全交付解決方案 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/4EC424B8D273420D8C017FC3EA223A83 Noname Security 主動偵測找出 API 資安威脅，打造專屬的 API 資安平台 https://www.netfos.com.tw/Projects/netfos/pages/product/Noname.html IBM 宣布推出新一代快閃儲存產品，因應當前資安挑戰 https://technews.tw/2022/05/05/ibm-flashsystem-cyber-vault/ 網路即安全 Aruba ClearPass強化網路存取的安全性和合規性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9851 G.政府副總統：臺灣發展新安全產業是天時、地利、人和 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9840 資安威脅政府單位首當其衝事前監控才能有效防堵 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000634250_F673SSGK47YQNK1ILPR3H 《李忠憲專欄》1922 資料庫 https://taronews.tw/2022/05/02/829215/ 民調駭客頻干擾惹民怨民進黨屏東縣黨部譴責此風不可長 https://reurl.cc/n1Oldn 調查局公布科、組長等34人職務調動 https://news.ltn.com.tw/news/society/breakingnews/3913699 PCR結果收不到？指揮中心：手機號碼填寫一定要正確 https://news.ltn.com.tw/news/life/breakingnews/3917549 台北市補助低收入戶買華為基進批把市民當韭菜 https://www.epochtimes.com/b5/22/5/6/n13728804.htm H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安趨勢科技攻車用資安 VicOne要做「電動車界莫德納」 https://www.chinatimes.com/realtimenews/20220504004925-260410?chdtv 用於嵌入式系統的程式庫存在DNS漏洞，恐波及數百萬物聯網設備 https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/ 小心新DNS漏洞！數百萬路由器、IoT恐遭駭客攻擊 https://3c.ltn.com.tw/news/48955 大葉大學蔡渙良開發物聯網系統監測電力減少電器虛功 https://times.hinet.net/news/23891713 I.教育訓練中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班：全面招生中 https://www.cs.nycu.edu.tw/announcements/detail/8778 2022「證券期貨資訊安全實務養成課程」即日起開始報名 https://www.sfi.org.tw/news/news-7/3589 網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works) https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html 【資安管理國際證照懶人包】學習心得、考試要點一次整理！2022 轉職夢幻工作看這篇 https://buzzorange.com/techorange/2021/12/30/isaca/ CISSP考試心得 – Benson https://reurl.cc/GbWvxd CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 110年新進人員「校園資訊安全講座」教材 https://cc.nccu.edu.tw/p/406-1001-740,r18.php 【訓練教材D】資訊安全技術教育訓練教材 https://iscb.nchu.edu.tw/2019/07/d.html 109資通安全管理法數位教育訓練 https://reurl.cc/ARlmqp 110-1初級資訊安全工程師-資訊安全管理概論 https://yamol.tw/exam.php?id=104050 中大信息工程學系栽培資訊科技領導人才 https://reurl.cc/ARZKDK 伊雲谷、中山大學產學合作累積雲端資安人才能量 https://ctee.com.tw/industrynews/technology/587459.html SANS Cyber Aces Online Tutorials https://tutorials.cyberaces.org/tutorials.html Free Online Cybersecurity Courses (MOOCs) https://www.cyberdegrees.org/resources/free-online-courses/ Develop Your Cybersecurity Skills https://www.cybrary.it/catalog/cybersecurity/ Mobile App Security https://www.cybrary.it/course/mobile-app-security/ Introduction to Cybersecurity https://reurl.cc/bnaj6d How to Tackle SaaS Security Misconfigurations https://thehackernews.com/2021/11/how-to-tackle-saas-security.html How to Build a Security Awareness Training Program that Yields Measurable Results https://thehackernews.com/2021/11/how-to-build-security-awareness.html Common Attacks https://choson.lifenet.com.tw/?p=1174 6.近期資安活動及研討會【資安系列講座】去中心化神話也暗藏危機? 區塊鏈安全線上講座 2022/5/7 https://hackersir.kktix.cc/events/20220507blockchain Scala Taiwan Mokumoku #15 2022/5/7 https://www.meetup.com/Scala-Taiwan-Meetup/events/285310131/ Just a chat - with no Expectations 2022/5/7 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/285326731/ Empowering Yourself, Empowering Others | 一場蛻變的旅程 | Part 1 2022/5/8 https://www.meetup.com/Women-Who-Code-Taipei/events/285321784/ K12的科技教育-除了程式還可以教什麼 2022/5/9 https://www.meetup.com/rladies-taipei/events/284421238/ 資安社 - 大學之道: 數位時代的資安素養入門-認識資安搶旗賽、參賽經驗分享 2022/5/11 https://nsysuisc.kktix.cc/events/20220511ctf 沙崙資安基地線上免費資安課程個人資料盤點暨風險評鑑實務 2022/5/12 https://bit.ly/3kcdoRg Taipei Creative Coders Meetup #17 2022/5/13 https://www.meetup.com/tpecreativecoders/events/285540074/ 元智資工高中生短期資訊課程-微插電資安體驗工作坊 2022/5/14 https://cse-yzu.kktix.cc/events/yzcs7 工控系統資安安全線上論壇 2022/5/16 https://www.ctsp.gov.tw/chinese/01-News/01-online_view.aspx?v=1&fr=1000&no=1001&sn=15005 沙崙資安基地線上免費資安課程多的是你不知道的事-揭秘OSINT 2022/5/24 https://bit.ly/3vDkjYO 釣魚釣魚釣到你_白帽駭客教你如何利用人性弱點突破防禦 2022/5/25 http://www.cs.thu.edu.tw/web/news/detail.php?id=4129 資安政策法規標準 2022/5/25 ~ 2022/5/26 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19873 國家高速網路與計算中心教育訓練「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=course_index 資訊安全系列課程系列九：機器學習與資安異常診斷實務(第1期) 2022/6/7 https://www.tabf.org.tw/CourseDetail.aspx?PID=487302 駭客奪旗攻防演練：金融資安人才養成專班(第1期) 2022/04/28~2022/06/09 https://www.tabf.org.tw/CourseDetail.aspx?PID=487750 國家高速網路與計算中心教育訓練「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=homepage 風險導向資安稽核 2022/7/20 https://www.cisanet.org.tw/Course/Detail/2756 2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22 https://jamf.kktix.cc/events/cybersec2022jamf