###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/8/15 ~ 2022/8/19 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions https://thehackernews.com/2022/08/cisco-patches-high-severity.html Cisco 多個產品 ASA 和 FTD 存在私鑰外洩 (Private Key Leak) 安全性弱點 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities https://thehackernews.com/2022/08/apple-releases-security-updates-to.html 快更新 蘋果警告嚴重漏洞 駭客恐全面接管用戶設備 https://www.worldjournal.com/wj/story/121469/6548593 蘋果修補iOS裝置與Mac電腦的零時差漏洞CVE-2022-32894、CVE-2022-3289393 https://www.bleepingcomputer.com/news/security/apple-security-updates-fix-2-zero-days-used-to-hack-iphones-macs/ PaloAlto 產品存在多個安全性弱點 https://security.paloaltonetworks.com/CVE-2022-0028 QRadar: Docker services do not start when 7.2.8 or earlier appliances are updated to 7.5.0 UP2 IF2 (APAR IJ41796) https://www.ibm.com/support/pages/node/6612393?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E 微軟發佈8月份安全性公告 https://msrc.microsoft.com/update-guide/deployments Google修補瀏覽器已被用於攻擊行動的零時差漏洞CVE-2022-2856 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html 研究人員在美國黑帽大會揭露即時定位系統的零時差漏洞，恐被用於竄改地理位置資訊 https://www.nozominetworks.com/blog/nozomi-networks-researchers-reveal-zero-day-rtls-vulnerabilities-at-black-hat-22/ 2.銀行/金融/保險/證券/支付系統/金融監理 新聞及資安 PCI 6.4.3 Keeping You Up At Night? What Solutions Will Keep Your Website Compliant https://www.reflectiz.com/blog/pci-dss-6-4-3-privacy-compliance/?utm_source=email 繼立院國民黨團向政府喊話應進行「金融漢光演習」，民眾黨團也呼籲政府應進行金融戰爭的兵棋推演 https://www.tpp.org.tw/vdodetail/2204 銀行公會第3度赴以色列取經 聚焦金融科技與資安 https://udn.com/news/story/7239/6542159 金融業資安須提升警戒 https://ec.ltn.com.tw/article/paper/1533712 英通膨嚴重避免過度消費 民眾回歸現金支付 https://news.pts.org.tw/article/595862 3.電子支付/行動支付/pay/資安 台灣電子支付太落後？中國人妻暖曝：喜歡現在的生活 https://reurl.cc/1m1jpY 用LINE Pay也能買華航機票了！LINE POINTS可折抵 https://www.cardu.com.tw/mpay/detail.php?39588 行動支付熱LINE Pay上半年業績創高 擴大招募3類人才 https://www.cna.com.tw/news/afe/202208100291.aspx 資安業者分析：小米支付有漏洞，恐被駭客偷錢 https://technews.tw/2022/08/15/mi-pay-security/ 小米旗下紅米手機「這2款」驚爆行動支付漏洞！恐遭駭竊個資盜刷 https://3c.ltn.com.tw/news/50572 Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments https://thehackernews.com/2022/08/xiaomi-phones-with-mediatek-chips-found.html 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約 資安 Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer https://thehackernews.com/2022/08/tornado-cash-developer-arrested-after.html Momentum strategy — ML in the Crypto environment https://medium.com/@ivanlisi88/momentum-strategy-ml-in-the-crypto-environment-c65c9d657ee9 Momentum strategy — ML in the Crypto environment — Part 2 https://medium.com/@ivanlisi88/momentum-strategy-ml-in-the-crypto-environment-part-2-91a5ce472ad2 有比冷錢包更好的加密貨幣錢包嗎 https://reurl.cc/1m1j89 Optimism代幣今晨傳駭客攻擊暴跌10%！官方澄清安全「是謠言」 https://www.potatomedia.co/post/b2316ef6-4c99-4ce1-b5b1-6c3f4d62f821 加密幣被駭 今年失竊19億美元 https://readers.ctee.com.tw/cm/20220818/a10aa10/1199805/share 加拿大加密交易所Bitbuy和Newton實施交易限額政策 https://news.cnyes.com/news/id/4937512 EOS 網路基金會宣布推出新分叉公鏈 Antelope，取代 EOSIO 協議 https://www.blocktempo.com/eosio-rebrands-to-community-led-protocol-antelope/ 收購南韓電子支付公司！新加坡加密貨幣交易所Crypto進軍韓國 https://reurl.cc/4po5Gj 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 勒索軟體BlackByte 2.0變得更加死要錢，就連暫緩資料外洩也成為收費項目 https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-gang-is-back-with-new-extortion-tactics/ 惡意程式SmokeLoader利用5年前Office漏洞入侵受害電腦 https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities 英國自來水業者遭到勒索軟體Clop攻擊，但駭客疑似一度弄錯受害的對象 https://www.bleepingcomputer.com/news/security/hackers-attack-uk-water-supplier-but-extort-wrong-company/ 惡意Python套件鎖定電玩絕對武力的伺服器，發動DDoS攻擊 https://medium.com/checkmarx-security/typosquatting-campaign-targeting-12-of-pythons-top-packages-downloading-malware-hosted-on-github-9501f35b8efb 惡意PyPI套件被用於散布無檔案Linux惡意軟體 https://blog.sonatype.com/pypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero 勒索軟體駭客透過RenBridge平臺洗錢，3年隱匿5.4億美元加密貨幣流向 https://hub.elliptic.co/analysis/cross-chain-crime-more-than-half-a-billion-dollars-has-been-laundered-through-a-cross-chain-bridge/ 俄羅斯駭客Shuckworm鎖定烏克蘭散播竊密軟體 https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/russia-ukraine-shuckworm 阿根廷司法機構遭Play勒索軟體攻擊，關閉IT系統 https://www.bleepingcomputer.com/news/security/argentinas-judiciary-of-c-rdoba-hit-by-play-ransomware-attack/ 使用惡意軟體Bumblebee的駭客企圖挾持受害組織的AD https://www.cybereason.com/blog/threat-analysis-report-bumblebee-loader-the-high-road-to-enterprise-domain-control 資安業者Entrust於6月傳出遭到勒索軟體攻擊，LockBit聲稱是他們所為 https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-security-giant-entrust/ U.S. Government Offers $10 Million Reward for Information on Conti Ransomware Gang https://thehackernews.com/2022/08/us-government-offers-10-million-reward.html Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users https://thehackernews.com/2022/08/chinese-hackers-backdoored-mimi-chat.html APT31 renews its attacks on Russian companies through cloud storage https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt31-cloud-attacks/ Bitter APT group using Dracarys Android Spyware https://blog.cyble.com/2022/08/09/bitter-apt-group-using-dracarys-android-spyware/ Cisco Talos shares insights related to recent cyber attack on Cisco https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/copperstealer-distributes-malicious-chromium-based-browser-extension-to-steal-cryptocurrencies/IOCs-CopperStealer-distributes-malicious-Chromium-browser-extension-steal-crypto.txt https://www.trendmicro.com/en_us/research/22/h/copperstealer-distributes-malicious-chromium-browser-extension-steal-cryptocurrencies.html Operation(loyalty) mercenary: a torrent of steel trapped in the plains of Eastern Europe https://mp.weixin.qq.com/s/cGS8FocPnUdBconLbbaG-g JSSLoader: the shellcode edition https://malwarebytes.app.box.com/s/ym6r7o5hq0rx2nxjbctfv2sw5vx386ni Cybercrime Group TA558 Targeting Hospitality, Hotel, and Travel Organizations https://thehackernews.com/2022/08/cybercrime-group-ta558-targeting.html Reservations Requested: TA558 Targets Hospitality and Travel https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel LuckyMouse uses a backdoored Electron app to target MacOS https://blog.sekoia.io/luckymouse-uses-a-backdoored-electron-app-to-target-macos/ https://www.trendmicro.com/en_us/research/22/h/irontiger-compromises-chat-app-Mimi-targets-windows-mac-linux-users.html The Anatomy of Wiper Malware, Part 1: Common Techniques https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-1/ Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors https://www.mandiant.com/resources/suspected-iranian-actor-targeting-israeli-shipping Attackers Profiting from Proxyware https://asec.ahnlab.com/en/37276/ Phishing Gmail Spambot https://otx.alienvault.com/pulse/62fca686bc1555c2e7cfcc61 Threat in your browser: what dangers innocent-looking extensions hold for users https://securelist.com/threat-in-your-browser-extensions/107181/ SEABORGIUM’s phishing operations https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/ New Activities of Patchwork APT in South Asia https://mp.weixin.qq.com/s/egG0nORZFvo_rCY_zmTgVQ Frightening relations really as this is a hybrid clean scan https://hybrid-analysis.com/sample/c8c06a88f18d72420ac017c4b67d1e55170138a9d0f6d6046e7efc7b72ca8de0/62ef762fa396e628fa6ec076 Shuckworm: Russia-Linked Group Maintains Ukraine Focus https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/russia-ukraine-shuckworm SOVA Android Banking Trojan Returns With New Capabilities and Targets https://thehackernews.com/2022/08/sova-android-banking-trojan-returns-new.html Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware https://thehackernews.com/2022/08/russian-state-hackers-continue-to.html Researchers Detail Evasive DarkTortilla Crypter Used to Deliver Malware https://thehackernews.com/2022/08/researchers-detail-evasive-darktortilla.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Facebook Testing Default End-to-End Encryption and Encrypted Backups in Messenger https://thehackernews.com/2022/08/facebook-testing-default-end-to-end.html Cybercriminals Developing BugDrop Malware to Bypass Android Security Features https://thehackernews.com/2022/08/cybercriminals-developing-bugdrop.html Android 13防堵惡意程式提升權限的安全防護機制即將遭到破解，駭客製作能模仿合法應用程式安裝流程的工具BugDrop https://www.threatfabric.com/blogs/bugdrop-new-dropper-bypassing-google-security-measures.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 Black Hat 2022大會焦點：軟體供應鏈安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10012 台灣駭客年會：台灣位於網路戰前線 應學習生存指南 https://www.cna.com.tw/news/ait/202208190037.aspx 知駭不知防駭 台灣人應學習生存 https://www.idn.com.tw/news/news_content.aspx?catid=1&catsid=2&catdid=0&artid=20220819freeman005 合法網路公司幫非法賭博網作資安維護　警逮9嫌 https://today.line.me/tw/v2/article/60GxXq9 2021年有84%企業遭到身分竊盜有關的網路攻擊 https://www.idsalliance.org/press-release/new-study-reveals-84-of-organizations-experienced-an-identity-related-breach-in-the-last-year/ 資訊戰中國駭客入侵！台灣資安有問題？找專業的「駭駭看」就知道！feat.DEVCORE 執行長 AllenOwn https://www.youtube.com/watch?v=faB2bFoxoX4 DDoS 攻擊怎麼防？ 4 招 DDoS Mitigation 緩解及防禦手段 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10010 駭客組織APT-C-35鎖定巴基斯坦政府部門，透過RTF檔案發動網釣攻擊 https://blog.morphisec.com/apt-c-35-new-windows-framework-revealed 美國航太製造商洛克希德·馬丁遭DDoS攻擊，俄羅斯駭客Killnet聲稱竊得員工個資 https://www.securityweek.com/killnet-releases-proof-its-attack-against-lockheed-martin 俄羅斯駭客Killnet聲稱對拉脫維亞議會發動DDoS攻擊 https://therecord.media/pro-kremlin-hackers-target-latvias-parliament-after-declaring-russia-a-sponsor-of-terrorism/ 俄羅斯駭客NoName057(16)對芬蘭議會發動DDoS攻擊，起因是芬蘭打算加入北約組織 https://cybernews.com/cyber-war/russian-hackers-target-finland-parliaments-website/ 伊朗駭客UNC3890鎖定以色列航運、醫療、政府機關發動攻擊 https://www.mandiant.com/resources/suspected-iranian-actor-targeting-israeli-shipping 美國防部推CMMC驗證 資策會協助台灣產業接軌商機 https://newtalk.tw/news/view/2022-08-18/803388 倉促上雲，把資安拋諸腦後？美國「國家級雲端資安」指引來了：扎實 6 步驟，小企業也能打造安全雲端環境 https://buzzorange.com/techorange/2022/08/19/cybersecurity-tips/ 愛沙尼亞移除蘇聯紀念碑 遭俄駭客大規模網攻 https://www.cna.com.tw/news/aopl/202208180291.aspx 中共文攻武嚇 陸委會民調：主流民意極度反感 https://www.rti.org.tw/news/view/id/2141954 揭密：中共對台認知戰再進化五種手法 https://www.secretchina.com/news/b5/2022/08/19/1014673.html 中國駭客Winnti將Cobalt Strike拆成154個檔案傳送到受害電腦，進而規避偵測 https://blog.group-ib.com/apt41-world-tour-2021 中國駭客鎖定圖博社群發起RedAlpha攻擊行動，使用ext4後門程式攻擊CentOS網頁伺服器 https://www.recordedfuture.com/chinese-cyberespionage-operations 中國駭客RedAlpha假冒美國在臺協會的名義，攻擊臺灣組織 https://www.recordedfuture.com/redalpha-credential-theft-campaign-targeting-humanitarian-thinktank RedAlpha Conducts Multi-Year Credential Theft Campaign Targeting Global Humanitarian, Think Tank, and Government Organizations https://raw.githubusercontent.com/Insikt-Group/Research/9571bd788b9ca122ffa8078a3e562da0ebe566b1/RedAlpha%20-%20June%202022/RedAlpha%20June%202022%20Indicators.txt https://go.recordedfuture.com/hubfs/reports/ta-2022-0816.pdf China-backed APT41 Hackers Targeted 13 Organisations Worldwide Last Year https://thehackernews.com/2022/08/china-backed-apt41-hackers-targeted-13.html Google攔阻每秒4,600萬次請求的大規模DDoS攻擊 https://cloud.google.com/blog/products/identity-security/how-google-cloud-blocked-largest-layer-7-ddos-attack-at-46-million-rps Google Cloud Blocks Record DDoS attack of 46 Million Requests Per Second https://thehackernews.com/2022/08/google-cloud-blocks-record-ddos-attack.html 滲透測試工程師(白帽駭客) https://www.yourator.co/companies/issdu/jobs/25805 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Microsoft Warns About Phishing Attacks by Russia-linked Hackers https://thehackernews.com/2022/08/microsoft-warns-about-phishing-attacks.html 電話客服網釣自2021年以來增加超過6倍 https://www.phishlabs.com/blog/new-report-documents-highest-volume-of-response-based-email-threats-since-2020/ 北韓駭客Lazarus鎖定Mac電腦用戶，以Coinbase職缺為幌子發動網釣攻擊 https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-signed-macos-malware-to-target-it-job-seekers/ 廣告程式為瀏覽器擴充程式的最大威脅，今年上半有百萬用戶遭到相關攻擊 https://securelist.com/threat-in-your-browser-extensions/107181/ 虛擬主機業者DigitalOcean所使用的電子郵件行銷服務MailChimp遭駭，客戶收到重置密碼的釣魚信 https://www.digitalocean.com/blog/digitalocean-response-to-mailchimp-security-incident 駭客架設冒牌的Evernote應用程式網站，對醫療保健組織發動網釣攻擊 https://www.hhs.gov/sites/default/files/secure-message-evernote-themed-phishing-campaign-tlpwhite.pdf 醫療保健業者Behavioral Health Group去年底遭到網路攻擊，近20萬人資料外洩 https://www.scmagazine.com/analysis/breach/behavioral-health-group-informs-198k-patients-of-data-theft-from-december?web_view=true 2022上半資料外洩事故出現近2千起 https://flashpoint.io/resources/report/state-of-data-breach-intelligence-2022-midyear/ 勒索軟體駭客傾向將竊得資料用於BEC詐騙 https://www.accenture.com/us-en/blogs/security/cybercriminals-weaponizing-leaked-ransomware-data 勒索軟體駭客竊得的資料逾9成會外流，多半用於BEC、VEC詐騙 https://www.accenture.com/us-en/blogs/security/cybercriminals-weaponizing-leaked-ransomware-data 2,300萬AT&T用戶資料流入暗網，但該公司聲稱可能是信貸業者遭駭而外洩相關資料 https://holdsecurity.com/news/2022/08/att-customer-data-found-on-the-dark-web/ 微軟封鎖俄羅斯駭客Seaborgium網釣攻擊帳號 https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/ 雲端通訊服務業者Twilio洩露近1,900名Signal用戶的電話號碼 https://support.signal.org/hc/en-us/articles/4850133017242 7 月釣魚郵件假稱疫情應變計畫，藉疫情侵擾政府資安 https://www.inside.com.tw/article/28646-hacker-attacks-government-officals 點擊惡意連結、被盜走個資　台灣受害者排全球第3 https://www.storm.mg/article/452901 多名微軟員工疑似在GitHub曝露公司基礎設施的帳密 https://www.vice.com/en/article/m7gb43/microsoft-employees-exposed-login-credentials-azure-github 悠遊卡教你反詐騙 教育博覽會設學堂 https://www.chinatimes.com/realtimenews/20220819004171-260410?chdtv 注意！行動支付帳戶盜領風險激增！紓困4.0詐騙實際操作！LINE Pay最安全！街口支付、悠遊付最危險 https://reurl.cc/W1GaVO E.研究報告/工具 當 XDR 遇上身份威脅檢測和響應 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10007 沉默的戰爭 資安就是國安 https://reurl.cc/ERo86a 完善資安防護 無懼網路攻擊 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1526602 網路攻擊增加 IDC：亞太資安支出估逾9千億 https://www.epochtimes.com/b5/22/8/18/n13805391.htm 近日爆紅的「唬爛產生器」，為何讓長輩們玩上癮了 https://www.gvm.com.tw/article/93238 進階多變的電子郵件攻擊，如何利用零信任機制有效防禦 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10025 主動攻擊者利用竊來的工作階段 Cookie 繞過多因素驗證 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10027 從烏俄戰爭看現代化戰爭資訊戰之資安解決方案 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10028 Fast and Secure VPN on a Budget? Private Internet Access VPN Has You Covered https://thehackernews.com/2022/08/fast-and-secure-vpn-on-budget-private.html Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders https://thehackernews.com/2022/08/researchers-uncover-uefi-secure-boot.html 研究人員揭露會散布竊密軟體的PyPI套件，偽裝成音效驅動程式常駐受害電腦 https://securelist.com/two-more-malicious-python-packages-in-the-pypi/107218/ 惡意PyPI套件竊取Discord、Roblox帳密 https://snyk.io/blog/pypi-malware-discord-roblox-credential-payment-info/ Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems https://thehackernews.com/2022/08/newly-uncovered-pypi-package-drops.html Unified Threat Management: The All-in-One Cybersecurity Solution https://thehackernews.com/2022/08/unified-threat-management-all-in-one.html Hackers Using Bumblebee Loader to Compromise Active Directory Services https://thehackernews.com/2022/08/hackers-using-bumblebee-loader-to.html Penetration Testing or Vulnerability Scanning? What's the Difference https://thehackernews.com/2022/08/penetration-testing-or-vulnerability.html Linux 6.0 debuts, Linus Torvalds laments: Rust for Linux not yet merged https://medium.com/@Aaron0928/linux-6-0-debuts-linus-torvalds-laments-rust-for-linux-not-yet-merged-6845056f29d1 REST APIs with Python https://ashishmj.medium.com/rest-apis-with-python-f330c7ffc6ab My Data Analysis Portfolio https://medium.com/@musataofik01/my-data-analysis-portfolio-ba9d9d1ffdad Exploratory Data Analysis(EDA) Simplified. https://medium.com/@shivam.tiwari01905/eda-exploratory-data-analysis-662c091fb2fc F.商業 Check Point Software：2022H2勒索攻擊升級國家級，元宇宙攻擊恐浮現 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10004 換個角度想！ F5看網頁置換攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10011 Amazon Web Services舉辦2022 AWS台灣雲端高峰會 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10003 緯謙打造「SaaS雲平台」推雲端服務新生態　共譜智造新未來 https://finance.ettoday.net/news/2319794 曜祥網技：企業內網控管「全面落實零信任防禦」是關鍵 https://ctee.com.tw/industrynews/technology/700695.html 中華電信助攻，為零售業找出轉型數據驅動的成功方程式 https://www.bnext.com.tw/article/71150/cht_20220727 Flashpoint 統計：數據洩漏首要原因為駭客入侵 https://unwire.pro/2022/08/18/flashpoint/security/ 匿名寄送便便網站 ShitExpress 遭駭，客戶名單慘被外流 https://www.kocpc.com.tw/archives/455144 G.政府 110年國家資通安全報告出爐，APT攻擊與社交工程仍為資安重點項目 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10014 衛生福利部首度舉辦醫院資安攻防演練 https://www.mohw.gov.tw/cp-5271-71073-1.html 臺灣政府零信任網路戰略成形，首波推動A級公務機關導入 https://www.ithome.com.tw/news/152538 護資安！營業場所電子看板 禁中國軟體 https://ec.ltn.com.tw/article/paper/1535169 防中共駭客 經部：百貨、超商不得使用中製軟體 https://reurl.cc/LMAj5a 中國駭客駭入電子看板PO「偉大華夏終將統一」　經濟部擋中國製軟、硬體 https://www.upmedia.mg/news_info.php?Type=24&SerialNo=152139 唐鳳拜會電信協會 業者提建言 https://ctee.com.tw/news/tech/700509.html 首任部長唐鳳、預算員額近600人　一表看數位部發展重點 https://futurecity.cw.com.tw/article/2717 總統：網攻混合戰在台上演 盼全民強化辨識錯假訊息 https://www.cna.com.tw/news/aipl/202208190042.aspx 蔡總統：將強化資安應變能力 因應網路攻擊及資訊戰爭 https://udn.com/news/story/6656/6548917 網路攻擊與中國軍演頻傳 蔡總統：強化國家資安聯防體系、辨識假訊息 https://news.pts.org.tw/article/595845 蔡英文：國家資安由數位部主導 https://ec.ltn.com.tw/article/breakingnews/4030382 總統：產官學跨界育才 強化國家資安聯防體系 https://times.hinet.net/news/24090196 出席台灣駭客年會 總統：落實資安，打造更安全供應鏈 https://www.economic-news.tw/news_content.php?id=3585 中國軍演加資訊戰 總統：數位發展部將統合因應 https://www.rti.org.tw/news/view/id/2142002 攜手台灣駭客協會 經濟部促進資安產業與社群交流 https://turnnewsapp.com/livenews/finance/A08609002022081914180946 工業局攜台灣駭客協會，促進資安產業與社群交流 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=01155d08-4adc-4937-ba4a-a8db3c2da1db 強化總統治理國政，林鶴明：總統府新增「資安科」 https://www.storm.mg/article/320457 由健保資料庫釋憲案判決，看台灣如何良善治理健康大數據 https://www.twreporter.org/a/opinion-health-insurance-constitutional-debate-3 反制中網攻　政府跨部會組「TRUST」資安團隊 https://www.mnews.tw/story/20220819sot12013 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks https://thehackernews.com/2022/08/new-evil-plc-attack-weaponizes-plcs-to.html New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings https://thehackernews.com/2022/08/new-amazon-ring-vulnerability-could.html TXOne Networks完成21億元B輪募資，瞄準百億工控資安市場 https://www.bnext.com.tw/article/71296/txone-networks-b-round 研究人員竄改拖拉機配置來執行其他功能 https://www.theverge.com/2022/8/15/23306650/def-con-hacker-john-deere-tractors-run-doom-right-to-repair 勤崴國際與VicOne攜手合作成功導入車用IDPS，提升自駕巴士控制系統安全性 https://reurl.cc/yM71Dy I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 我國網路資安狂被駭 監委申請自動調查 https://www.chinatimes.com/realtimenews/20220810003152-260407?chdtv 6.近期資安活動及研討會 GO! Jira Community Taipei Meetup Aug 2022/8/20 https://www.meetup.com/taipei-atlassian-community-events/events/287421661/ 資通安全成熟度合規(CMMC)研討會 2022/8/23 https://www.accupass.com/event/2207220933091173574427 Microsoft Azure 虛擬培訓日：基礎知識 2022/8/23 ~ 2022/8/24 https://mktoevents.com/Microsoft+Event/352900/157-GQE-382?wt.mc_id=AID3052368_QSG_EML_604761&wt.mc_id=AID3052916_EML_8087805 【資安演訓實作課程】太陽光電系統資安風險評估機制之建立與應用 2022/8/25 https://www.accupass.com/event/2207211030451484008829 迎戰駭客威脅，建構製造業資安防禦網 2022/8/25 https://www.accupass.com/event/2207130547201900731660 NISRA Enlightened 2022 2022/8/22 ~ 2022/8/26 https://nisra.kktix.cc/events/2022enlightened 讀書會 The Software Craftsman ( by Sandro Mancuso) 2022/8/26 https://www.meetup.com/taipei-swift-language-meetup-group/events/287393101/ 體驗高效雲端作業環境！Chrome x Google Workspace 辦公攻略 2022/8/26 https://www.accupass.com/event/2207150626088107856280 Microsoft Power Platform 虛擬培訓日：基礎知識 2022/8/26 https://mktoevents.com/Microsoft+Event/354361/157-GQE-382?wt.mc_id=AID3052916_QSG_EML_605321&wt.mc_id=AID3052916_EML_8087805 【創客小聚】影像辨識 x MQTT，趣玩 AIoT 2022/8/27 https://www.accupass.com/event/2207211250569268478070 資策會舉辦「2022第一屆資安新秀大賽」（報名至111年8月28日止） https://www.csie.ntnu.edu.tw/index.php/2022/08/11/2022-08-11/ 自拜登數位資產政策，一探臺灣數位金融之機會與挑戰 2022/8/29 https://reurl.cc/m33d2A Microsoft 安全性虛擬培訓日：安全性、合規性和身分識別基礎知識 2022/8/29 ~ 2022/8/30 https://mktoevents.com/Microsoft+Event/354526/157-GQE-382?wt.mc_id=AID3053062_QSG_EML_605550&wt.mc_id=AID3052916_EML_8087805 Microsoft Azure 虛擬培訓日：雲端原生應用程式 2022/8/29 ~ 2022/8/30 https://mktoevents.com/Microsoft+Event/352885/157-GQE-382?wt.mc_id=AID3052230_QSG_EML_604768&wt.mc_id=AID3052916_EML_8087805 Microsoft 365 虛擬培訓日： 管理您的前線工作團隊 2022/8/31 https://mktoevents.com/Microsoft+Event/354545/157-GQE-382?wt.mc_id=AID3052915_QSG_EML_605590&wt.mc_id=AID3052916_EML_8087805 2022國泰金控技術年會－DeFi開源創世紀 2022/9/1 https://edm.bnext.com.tw/2022cathaycon/ 遠距辦公資安趨勢｜以零信任安全模型迎接後疫情時代 2022/9/2 https://www.accupass.com/event/2207290127311257987165 PyCon APAC 2022 2022/9/3 ~ 2022/9/4 https://tw.pycon.org/2022/zh-hant Quarterly Professional Networking Event (Q3) 2022/9/15 https://www.meetup.com/taiwan-digital-drinks/events/287479309/ DevOpsDays Taipei 2022 2022/9/15 ~ 2022/9/16 https://devopsdays.tw/ 2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22 https://jamf.kktix.cc/events/cybersec2022jamf 關鍵基礎設施實作課程(含攻防演練實作) 2022/9/27 https://www.acw.org.tw/News/Detail.aspx?id=3229 OCF 培訓活動: 如何建立安全的網路架構 2022/10/1 https://ocftw.kktix.cc/events/ocftot2022 MOPCON 2022 2022/10/15 ~ 2022/10/16 https://mopcon.org/ 金融資安案例研習 2022/10/17 https://www.sitca.org.tw/OPF/B0000/PPT049_2022_01.asp Kubernetes Summit 2022 2022/10/18 ~ 2022/10/19 https://k8s.ithome.com.tw/ 資訊安全與人工智慧實作 2022/10/28 https://www.cisanet.org.tw/Course/Detail/2867 行動應用APP 安全檢測（APK/IPA）2022-11-18 09:00 ~ 2022-11-18 12:00 https://www.cisanet.org.tw/Course/Detail/2865 ICS 2022 WORKSHOP PROGRAM -「Ubiquitous Cybersecurity and Forensics」 2022/12/15 ~ 2022/12/17 https://ics2022.esam.io/ TANET 2022 WORKSHOP PROGRAM -「第二屆數位鑑識、醫療私密與網駭安全」 2022/12/15 ~ 2022/12/17 https://tanet2022.esam.io/