資安事件新聞週報 2022/4/11 ~ 2022/4/15

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/4/11 ~ 2022/4/15 1.重大弱點漏洞/後門/Exploit/Zero Day Apple 緊急發布2個零日漏洞補丁 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9796 Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software https://thehackernews.com/2022/04/critical-auth-bypass-bug-reported-in.html Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities https://thehackernews.com/2022/04/microsoft-issues-patches-for-2-windows.html Critical LFI Vulnerability Reported in Hashnode Blogging Platform https://thehackernews.com/2022/04/critical-lfi-vulnerability-reported-in.html 網頁伺服器Nginx傳出與LDAP有關的零時差漏洞 https://securityonline.info/nginx-zero-day-rce-vulnerability-alert/ NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation https://thehackernews.com/2022/04/nginx-shares-mitigations-for-zero-day.html 微軟CVE-2022-26809漏洞出現攻擊程式只是早晚的問題？專家警告快修補 https://www.ithome.com.tw/news/150440 Microsoft's New Autopatch Feature to Help Businesses Keep Their Systems Up-to-Date https://thehackernews.com/2022/04/microsofts-new-autopatch-feature-to.html 微軟新推Autopatch服務，Windows Enterprise E3以上企業用戶將於7月可免費使用 https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839#_note2 研究人員針對微軟甫修補的RPC漏洞提出警告，呼籲Windows用戶儘速安裝相關更新軟體 https://reurl.cc/b24Nly 微軟4月例行修補修復119個漏洞，其中有2個零時差漏洞 https://reurl.cc/o1zYvg 快更新 Windows 電腦！微軟點名有 10 個嚴重、115 個重要資安漏洞 https://3c.ltn.com.tw/news/48571 VMware於4月初公布身分管理平臺重大漏洞，本週已出現漏洞利用攻擊 https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-vmware-cve-2022-22954-bug-patch-now/ Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure https://thehackernews.com/2022/04/critical-vmware-cloud-director-bug.html 美國CISA再要求聯邦政府優先修補8項漏洞，包含WatchGuard與微軟已遭成功利用的漏洞 https://reurl.cc/A7n3yQ 開源內容管理平臺Directus修補可允許文件任意執行JS的重大漏洞 https://www.zdnet.com/article/xss-vulnerability-patched-in-directus-data-engine-platform 俄羅斯NPM開發者竄改event-source-polyfill套件，希望俄羅斯政府能結束烏克蘭戰爭 https://www.bleepingcomputer.com/news/security/third-npm-protestware-event-source-polyfill-calls-russia-out/ 圖像式WordPress網站建置外掛程式Elementor出現RCE漏洞，恐波及逾百萬網站 https://www.pluginvulnerabilities.com/2022/04/12/5-million-install-wordpress-plugin-elementor-contains-authenticated-remote-code-execution-rce-vulnerability/ HP旗下的遠端桌面解決方案Teradici存在漏洞，恐波及1,500萬臺電腦 https://www.bleepingcomputer.com/news/security/critical-hp-teradici-pcoip-flaws-impact-15-million-endpoints/ Intel更新ControlFlag，用AI可發現PHP程式碼中潛在漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9807 快更新 Chrome！Google 緊急釋出重要安全更新 https://3c.ltn.com.tw/news/48611 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安 Anonymous Just Hacked Russia’s Central Bank https://alan-12169.medium.com/anonymous-just-hacked-russias-central-bank-be2d7f91a3f4 資安頻出包被罰國泰世華銀回應了 https://wantrich.chinatimes.com/news/20220412900763-420101 系統出包國泰世華銀遭重罰增資停設ATM https://ctee.com.tw/news/finance/625814.html 量子運算如雙刃刀金融業關注資安 https://reurl.cc/g2knzp 土銀今年聚焦ESG 拚五大營運重點 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=d1e764ae-1258-40a4-ab1f-a10ee02dc230 金融世界的新戰爭型態不容小覷專家籲強化台灣金融韌性 https://times.hinet.net/topic/23858724 金融戰爭得失台灣應借鏡 https://wantrich.chinatimes.com/news/20220414900416-420501 3.電子支付/行動支付/pay/資安想當人體信用卡？英國公司幫你植入微晶片從此嗶手不嗶卡 https://dq.yam.com/post/14857 華為支付來了行動支付大戰開打 https://www.chinatimes.com/newspapers/20220407000690-260301?chdtv 華為殺入行動支付微信、支付寶迎新勁敵 https://ctee.com.tw/news/china/621355.html 財政部推出「手機報稅2.0」資料可修改且新增行動支付及電子支付帳戶繳稅 https://reurl.cc/o1zKRM 樂購蝦皮疑規避監理　金管會查支付交易金流 https://www.cardu.com.tw/news/detail.php?45880 電子支付APP 掃碼繳稅最便利 https://reurl.cc/e3vVzj 提高太平洋地區數碼支付的安全性：南太平洋銀行與Netcetera 合作 https://money.udn.com/money/story/12987/6242010 擴大 FinTech 版圖，PChome 子公司併購喬睿科技 https://finance.technews.tw/2022/04/13/pchome-makes-strategic-investment-in-cherri-tech-inc/ 悠遊卡越來越少人用？致命關鍵曝光 https://reurl.cc/Wra8ND 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約資安 NFT 101 https://medium.com/madworld-nft/nft-101-bc5c9bdf15 Ethereum Developer Jailed 63 Months for Helping North Korea Evade Sanctions https://thehackernews.com/2022/04/ethereum-developer-jailed-63-months-for.html Rarible NFT Marketplace Flaw Could've Let Attackers Hijack Crypto Wallets https://thehackernews.com/2022/04/rarible-nft-marketplace-flaw-couldve.html 駭客盯上NFT.加密幣風潮周杰倫.余文樂損失上千萬 https://globalnewstv.com.tw/202204/183658/ 虛擬貨幣平台「派網」帳戶遭駭　綠委憂中資背景恐引發國安問題 https://tw.appledaily.com/local/20220412/RJSAFLTUA5ECTLWLQGCUSZ2KCM/ 加密貨幣專家因向朝鮮提供規避制裁的建議而入獄 https://news.cnyes.com/news/id/4853073 Ronin 駭客事件後：Axie Infinity 正在經歷至暗時刻 https://reurl.cc/0pgWrA Coinbase 市占率遭瓜分、交易額縮水，今年股價摔 40% https://finance.technews.tw/2022/04/13/coinbase-shares-fell-40-percent-this-year/ 安全公司：TheArmorsNFT項目的discord遭受駭客入侵 https://news.cnyes.com/news/id/4853299 攻擊Ronin的駭客向中間地址轉入3302.6枚以太坊，並將1400枚以太坊轉入Tornado Cash https://news.cnyes.com/news/id/4853353?exp=a Tornado Cash：駭客最愛的混幣器與平民的隱私工具 https://reurl.cc/yr1AzM Pi Netwrok應用已經被駭客植入了木馬程式 https://www.pi0314.com/2022/04/pi-netwrok-pipi.html 打造安全資產護城河幣託台幣信託 5 月正式上線 https://money.udn.com/money/story/11799/6239859 元宇宙帶動區塊鏈金融投資，詐騙手法需注意 https://news.pts.org.tw/article/576127 美國財政部將Ronin跨鏈橋攻擊者地址與朝鮮駭客組織相關聯並納入制裁 https://news.cnyes.com/news/id/4853855 FBI：北韓駭客盜取6.2億加密貨幣 https://www.rti.org.tw/news/view/id/2130086 美國執法部門將北韓犯罪集團與5.4億美元加密貨幣失竊案關聯起來 https://reurl.cc/zZg5m6 Ronin Chain被駭超6億美元，美財政部確認由北韓駭客組織Lazarus所為 https://news.cnyes.com/news/id/4853964 美國證實是北韓駭客盜走《Axie Infinity》6.25億美元的虛擬貨幣 https://www.4gamers.com.tw/news/detail/52716/north-korean-hackers-linked-to-620-million-axie-infinity-crypto-heist NFT遊戲被駭180億元　FBI查出：北韓駭客幹的 https://www.appledaily.com.tw/international/20220415/VOF3E2H6ARAKHMRPDJ75OXGCIY/ FBI抓包金正恩派駭客偷走價值179億加密貨幣 https://ec.ltn.com.tw/article/breakingnews/3894698 Robinhood上架SOL、SHIB、COMP、MATIC，芝商所正考慮推出 SOL、ADA 期貨 https://news.cnyes.com/news/id/4852640 Fireblocks與支付巨頭FIS合作為機構級用戶提供加密入口 https://news.cnyes.com/news/id/4853015 建金融防線！北京推數位人民幣欲破美元霸權 https://reurl.cc/NA1Nl6 印度加密交易所Coin Switch Kuber在其行動應用中臨時禁用盧比存款 https://news.cnyes.com/news/id/4852192 華爾街加速擁抱加密貨幣，金融精英為何引頸期盼比特幣ETF登場 https://www.bnext.com.tw/article/68558/bitcoin-spot-etf-wall-street 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 美國汽車工具製造商Snap-on遭Conti勒索軟體攻擊 https://www.bleepingcomputer.com/news/security/snap-on-discloses-data-breach-claimed-by-conti-ransomware-gang/ 出現可攔截通話並偽冒銀行電話語音的金融木馬 https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/?web_view=true Sophos：攻擊者入侵伺服器長達5個月部署Lockbit勒索軟體 https://www.ctimes.com.tw/DispNews/tw/Sophos/2204141418LO.shtml 一台美國政府伺服器遭潛入5 個月並被部署勒索軟體 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9809 勒索軟體LockBit在美國地方政府的網路埋伏半年才發動攻擊 https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/ 微軟、ESET等多家資安業者聯手破壞殭屍網路ZLoader https://www.welivesecurity.com/2022/04/13/eset-takes-part-global-operation-disrupt-zloader-botnets/ 直接攻擊發電廠的惡意軟體 Industroyer 試圖切斷烏克蘭電網，ESET和微軟成功阻止網路攻擊 https://www.techbang.com/posts/95574-with-the-help-of-eset-and-microsoft-ukraine-successfully 多支惡意 Android 應用程式使用資料竊取 SDK，下載多達 4,500 萬次 https://blog.twnic.tw/2022/04/13/22781/ 挖礦程式專攻AWS Lambda 用戶外洩帳戶資料損失自負 https://www.wepro180.com/lambda220414/ 殭屍網路病毒Enemybot感染多種處理器架構的設備，以發動DDoS攻擊 https://www.fortinet.com/blog/threat-research/enemybot-a-look-into-keksecs-latest-ddos-botnet 殭屍網路Fodcha利用裝置漏洞與暴力破解工具發動攻擊 https://blog.netlab.360.com/fodcha-a-new-ddos-botnet/ 竊密軟體ZingoStealer兼具讓駭客投放其他惡意軟體的功能 https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html 駭客以提供Windows 11用戶Android子系統功能為幌子，散布惡意軟體 https://www.bleepingcomputer.com/news/security/windows-11-tool-to-add-google-play-secretly-installed-malware/ 駭客組織OldGremlin以金融卡停用為由入侵俄羅斯組織，發動勒索軟體攻擊 https://blog.group-ib.com/oldgremlin_comeback 駭客鎖定烏克蘭政府機關散布惡意軟體IcedID，並針對協作平臺Zimbra漏洞下手 https://www.bleepingcomputer.com/news/security/hackers-target-ukrainian-govt-with-icedid-malware-zimbra-exploits/ Pysa Ransomware IOC https://www.prodaft.com/resource/detail/pysa-ransomware-group-depth-analysis Kaspersky report on Emotet modules and recent attacks https://securelist.com/emotet-modules-and-recent-attacks/106290/ Enemybot: A Look into Keksec's Latest DDoS Botnet https://www.fortinet.com/blog/threat-research/enemybot-a-look-into-keksecs-latest-ddos-botnet Tarrask malware uses scheduled tasks for defense evasion https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/ The Fodcha botnet that made a fortune https://blog.netlab.360.com/men-sheng-fa-da-cai-fodchajiang-shi-wang-luo/ Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload https://www.trendmicro.com/en_no/research/22/d/Thwarting-Loaders-From-SocGholish-to-BLISTERs-LockBit-Payload.html https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/d/thwarting-loaders-from-socgholish-to-blisters-lockbit-payload/iocs-thwarting-loaders-socgholish-blister.txt Recent attacks by Bahamut group revealed https://mp.weixin.qq.com/s/YAAybJBAvxqrQWYDg31BBw?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=zh-CN CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/d/spring4shell/IOCs-Spring4Shell.txt https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html Bruteforce attack against RDP - Honeypot https://otx.alienvault.com/pulse/6255385287c2737fd13b0250 Cyberattack by Sandworm Group (UAC-0082) on energy facilities of Ukraine using malicious programs INDUSTROYER2 and CADDYWIPER https://cert.gov.ua/article/39518 SystemBC Being Used by Various Attackers https://asec.ahnlab.com/en/33600/ MoqHao Part 2: Continued European Expansion https://team-cymru.com/blog/2022/04/07/moqhao-part-2-continued-european-expansion/ Look out for Octo's tentacles! A new on-device fraud Android Banking Trojan with a rich legacy https://www.threatfabric.com/blogs/octo-new-odf-banking-trojan.html Snow abuse and gluttony: Analysis of suspected Lazarus attack activities against Korean companies https://mp.weixin.qq.com/s/kcIaoB8Yta1zI6Py-uxupA New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns https://unit42.paloaltonetworks.com/solarmarker-malware/ New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt https://thehackernews.com/2022/04/new-enemybot-ddos-botnet-borrows.html Microsoft Disrupts ZLoader Cybercrime Botnet in Global Operation https://thehackernews.com/2022/04/microsoft-disrupts-zloader-cybercrime.html Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers https://thehackernews.com/2022/04/microsoft-exposes-evasive-chinese.html Russian Hackers Tried Attacking Ukraine's Power Grid with Industroyer2 Malware https://thehackernews.com/2022/04/russian-hackers-tried-attacking.html E.U. Officials Reportedly Targeted with Israeli Pegasus Spyware https://thehackernews.com/2022/04/eu-officials-reportedly-targeted-with.html Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware https://thehackernews.com/2022/04/hackers-exploiting-spring4shell.html Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity https://thehackernews.com/2022/04/researchers-connect-blackcat-ransomware.html Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free https://thehackernews.com/2022/04/haskers-gang-gives-away-zingostealer.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 How to prevent hackers from reverse engineering your Android apps https://proandroiddev.com/how-to-prevent-hackers-from-reverse-engineering-your-android-apps-2981661ab1c2 Android — 1 Minute guide to Useful Tips and Libraries in 2022 https://blog.canopas.com/android-development-best-practices-2022-203682a440f5 烏克蘭國安部門警告新一波網路攻擊鎖定Telegram用戶，目的是騙取帳號權限 https://thehackernews.com/2022/04/ukraine-warns-of-cyber-attack-aiming-to.html Android用戶警惕黑客用假黑屏登銀行帳戶 https://www.ntdtv.com/b5/2022/04/12/a103398389.html 美國國防部鼓勵企業建立開源互通 5G 系統 https://unwire.pro/2022/04/12/5g-2/news/ 安全團隊：Discord用戶需警惕不明來歷的私信圖片 https://news.cnyes.com/news/id/4852200 Uber加密電話背後功臣是它，雲端通訊平台Twilio助應用程式融入電話、簡訊功能 https://www.bnext.com.tw/article/68511/twilio-us-co 網曝「某款手機」安全漏洞多惡意代碼橫行帳密權限恐遭竊取 https://www.chinatimes.com/realtimenews/20220412004737-260405?chdtv 臺灣企銀行動銀行App 推出Wi-Fi安全偵測 https://money.udn.com/money/story/5636/6236578 無線網路進化　智慧管理抗干擾易維運 6E蓄勢待發　Wi-Fi新設備卡位 https://www.netadmin.com.tw/netadmin/zh-tw/market/35A5847BEBC84A56BA754E49720CB15F 港人常用社交媒體收集多達19種用戶資料 FB、IG及WhatsApp均上榜 https://reurl.cc/415b3V 免用實聯制社交距離APP進化：秒通知接觸記錄 https://www.businessweekly.com.tw/focus/blog/3009537 安裝「台灣社交距離」App未來免掃實聯制：手機耗電量微乎其微，去識別化標籤保隱私 https://www.thenewslens.com/article/165475 小心！資安公司示警這2款APP 暗藏木馬病毒 https://www.chinatimes.com/realtimenews/20220415002957-260412?chdtv TikTok 封鎖俄羅斯計畫失敗　反成烏俄戰爭宣傳利器 http://n.yam.com/Article/20220415827046 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力會將用戶導向惡意網站的重導服務，影響超過 16,500 個網站 https://www.twcert.org.tw/tw/cp-104-6003-99a7e-1.html Panasonic證實加拿大分公司2月底遭到網路攻擊 https://techcrunch.com/2022/04/11/panasonic-canada-ransomware/ 在DevOps界知名的Atlassian雲端服務斷線7天，至今仍未完全恢復 https://jira-service-management.status.atlassian.com/ 「嘸蝦米輸入法」官方公告網站屢遭攻擊，暫時關閉會員服務 https://boshiamy.com/index.php 會將用戶導向惡意網站的重導服務，影響超過 16,500 個網站 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9805 北韓駭客經由惡意部落格內容攻擊南韓智庫 https://intlfocus.ncc.gov.tw/xcdoc/cont?xsmsid=0J210565885111070723&sid=0M020411383877603476&sq= 印度多個政府官方推特賬號被入侵，駭客發布NFT相關詐騙網站 https://amp-news.cnyes.com/news/id/4851974 烏克蘭遭俄羅斯駭客攻擊！微軟與網路安全公司協助脫險 https://newtalk.tw/news/view/2022-04-13/738522 烏克蘭阻止俄羅斯駭客集團Sandworm針對該國電廠的攻擊 https://www.ithome.com.tw/news/150392 黑客干擾美國發電站設備　或導致化學洩漏、爆炸 https://reurl.cc/mo6kZj 一場「全方位的網絡大戰」正籠罩烏克蘭 https://reurl.cc/VDpWWR (Daily Issue)烏俄衝突大打資訊戰　AI技術派上用場 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=1&id=0000631951_CQX8QT5R6GFC740JNHYB0 「現在只看到二、三流的俄羅斯駭客！」普京豢養的頂級網路殺手「沙蟲」，即將絕地大反攻 https://www.storm.mg/article/4289484 第四輪ATT&CK評估計畫結果出爐，以兩大俄羅斯駭客為攻擊發動者 https://www.ithome.com.tw/news/150394 駭客組織NB65攻擊俄羅斯航太機構的事故，疑似已經利用Conti原始碼作案 https://www.telegraph.co.uk/business/2022/04/11/russias-space-programme-hit-western-cyber-attack/ 中國駭客Hafnium利用作業系統工作排程機制漏洞來規避偵測 https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/ 中國當局加強遊戲直播管理禁止違規遊戲直播、失德主播並強化成年人保護機制 https://gnn.gamer.com.tw/detail.php?sn=230601 FBI, Europol Seize RaidForums Hacker Forum and Arrest Admin https://thehackernews.com/2022/04/fbi-europol-seize-raidforums-hacker.html Finding Attack Paths in Cloud Environments https://thehackernews.com/2022/04/finding-attack-paths-in-cloud.html Chinese Hacker Groups Continue to Target Indian Power Grid Assets https://thehackernews.com/2022/04/chinese-hacker-groups-continue-to.html JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots https://thehackernews.com/2022/04/new-jekyllbot5-flaws-let-attackers-take.html 成長駭客_M01 https://www.104.com.tw/job/6frwd?jobsource=jlisthotkeywords [2022 資安大會] 5/17~5/19 展場工讀生 https://www.104.com.tw/job/7lm17 資安技術工程師 https://www.1111.com.tw/job/98737389/ 資安副理 (資安服務部) https://www.104.com.tw/job/7lqjo (科政中心)資安或科技政策研究人員(碩士、博士)111020 https://www.104.com.tw/job/7lpvl 資安工程師-台北/新竹(37Z) https://www.104.com.tw/job/7lqch 醫療資訊室(資訊組)院聘資訊工程師(資安) https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=48309&HIRE_ID=11116757 TS-資安人員 https://www.104.com.tw/job/7lree?jobsource=cj2008 精誠配發5元股利　今年擴大招募逾千人 https://today.line.me/tw/v2/article/1Dp0xnp D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Fake News about our Fake News Study Spread Faster than its Truth… Just as We Predicted https://sinanaral.medium.com/fake-news-about-our-fake-news-study-spread-faster-than-its-truth-just-as-we-predicted-77db6d9ca8c8 資料外洩警示! 剖析2022Q1的 3個 SaaS App攻擊事件 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9803 Google Sues Scammer for Running 'Puppy Fraud Scheme' Website https://thehackernews.com/2022/04/google-sues-scammer-for-running-puppy.html 美國福斯新聞因配置錯誤，導致1300萬條敏感記錄無保護的讓外部都可存取 https://www.hackread.com/fox-news-exposed-13-million-sensitive-records-online/ 駭客裸照恐嚇要錢受害者：拒妥協不願被威脅 https://reurl.cc/XjDQEe 最新網購詐騙手法　你銀行存款會「一次被領光光」 https://vocus.cc/article/6256405cfd89780001dff6c2 庫克全球私隱高峰會上批反壟斷法規稱開放側載危害用戶資安 https://news.cnyes.com/news/id/4852414 庫克批反壟斷監管，稱一些政策會傷害iPhone用戶隱私 https://news.knowing.asia/news/7b8979b2-0a99-400c-9ec6-5058e082815d 駭客組織匿名者攻陷俄羅斯3個大型企業，竊得逾400 GB資料 https://www.hackread.com/anonymous-hits-russian-entities-leaks-400-gb-emails/ 詐騙老梗頻現龜山警同行員合力阻詐保48萬元 https://times.hinet.net/news/23859968 假檢警騙健保卡遭冒用 8旬老婦險匯「擔保款」36萬元 https://udn.com/news/story/7320/6238253 越來越多的商業郵件詐騙手法更為詭詐，難以透過行為和意圖識破 https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/navigating-new-frontiers-trend-micro-2021-annual-cybersecurity-report 俄烏戰爭下，假消息成蔓延全球的新戰場！如何在社群上避免以訛傳訛 https://www.bnext.com.tw/article/68466/fake-news-ylib-sa 5電商名列資安高風險個資易遭盜 https://www.cyberangel.org.tw/tw/cap-news/cap-news/item/5-2 因應5/1勞動節和疫情影響，勞動部體恤勞工發放補助金5000元？惡作劇連結 https://www.mygopen.com/2022/04/515000.html 連比爾蓋茲都上當！一個華爾街騙子，如何靠「行善又能致富」騙全球菁英 https://www.businessweekly.com.tw/business/blog/3009555 網傳影片稱「德國在聯合國的發言，烏克蘭人為西方虛假的承諾付出了代價」 https://tfc-taiwan.org.tw/articles/7201 1999錄音分析恐違個資法！議員疑把關失靈　資訊局長提２解方 https://tw.appledaily.com/life/20220414/GEYEEN25KVBNJEV5FXZADWTIW4/ E.研究報告/工具 OpenSSH 9.0開始採用後量子密碼，因應日後量子破密威脅 https://www.phoronix.com/scan.php?page=news_item&px=OpenSSH-9.0-Released 協助資安長 (CISO) 評估市場主流資安解決方案的Mitre Engenuity ATT&CK Evaluations 為何重要 https://blog.trendmicro.com.tw/?p=71898 How to make Excel look less like… Excel https://datastudio.medium.com/how-to-make-excel-look-less-like-excel-8eb91b75ab8f How to Start Bug Bounties 101 & How to Make a Million in 4 Years https://ozguralp.medium.com/how-to-start-bug-bounties-101-how-to-make-a-million-in-4-years-e15ee62d6f4 The Dark Truth about VPN https://medium.com/geekculture/the-dark-truth-about-vpn-cb2d8d9735ad DevOps Roadmap 2022 https://faun.pub/devops-roadmap-2022-340934d360f9 How I bypassed 403 forbidden domain using a simple trick https://janmuhammadzaidi.medium.com/how-i-bypassed-403-forbidden-domain-using-a-simple-trick-c2d538de04b8 Give me a browser, I’ll give you a Shell https://systemweakness.com/give-me-a-browser-ill-give-you-a-shell-de19811defa0 How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public Program https://infosecwriteups.com/how-i-was-able-to-find-50-cross-site-scripting-xss-security-vulnerabilities-on-bugcrowd-public-ba33db2b0ab1 What the Apps Ukrainians Are Downloading Tell Us About Their Situation https://debugger.medium.com/what-the-apps-ukrainians-are-downloading-tell-us-about-their-situation-2dd8d8404a1b Advanced exploratory data analysis (EDA) with Python https://medium.com/epfl-extension-school/advanced-exploratory-data-analysis-eda-with-python-536fa83c578a 3 Design Patterns Every Developer Should Learn https://blog.bitsrc.io/3-design-patterns-every-developer-should-learn-71a51568ac9d Are You a Python Developer? Check If You Have These 12 Skills https://medium.com/illumination/are-you-a-python-developer-check-if-you-have-these-12-skills-96765cdbb78f Spotify Data Analysis and Visualisation with Python https://blog.devgenius.io/spotify-data-analysis-with-python-a727542beaa7 Python: Scrape Any Website in Seconds with One Line of Code https://medium.com/@alains/python-scrape-any-website-in-seconds-with-one-line-of-code-574e4bd57005 PHP Is Dying Fast https://levelup.gitconnected.com/php-is-dying-a3805e23a3b8 DevOps & DecSecOps Roadmap [From beginner to an expert] https://faun.pub/devops-decsecops-roadmap-from-beginner-to-an-expert-c3e4fca2b347 UI/UX Roadmap for Beginners https://medium.com/@sahubablu22/ui-ux-roadmap-for-beginners-6601d15027ca Code like there is no if-statement https://medium.com/@shirkavand/code-like-there-is-no-if-statement-36ca170c2b92 Could Spain Finally Be About to Join the 21st Century https://marker.medium.com/could-spain-finally-be-about-to-join-the-21st-century-2aea9547e3e3 10 SQL Queries You Should Know as a Data Scientist https://selectfrom.dev/10-sql-queriesyou-should-know-as-a-data-scientist-8bf616204765 Stop Using JSON Web Tokens For Authentication (The wrong way) https://betterprogramming.pub/stop-using-json-web-tokens-for-authentication-use-stateful-sessions-instead-c0a803931a5d Goodbye HTML. Hello Canvas https://javascript.plainenglish.io/goodbye-html-hello-canvas-part-1-92f750961666 Cross-Regional Disaster Recovery with Elasticsearch https://thehackernews.com/2022/04/cross-regional-disaster-recovery-with.html Researchers warn of FFDroider and Lightning info-stealers targeting users in the wild https://thehackernews.com/2022/04/researchers-warn-of-ffdroider-and.html As State-Backed Cyber Threats Grow, Here's How the World Is Reacting https://thehackernews.com/2022/04/as-state-backed-cyber-threats-grow.html F.商業鼎新電腦助企業輕鬆啟用MDR、快速有效瞬間提升資安防禦力 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9779 Dropbox 推出 HelloSign 電子簽名模板、Dropbox Backup 新備份工具 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9798 OPSWAT 為關鍵基礎設施推出資安行動實驗室 - CyberTrailer https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9801 Westcon成為 Efficient iP台灣區代理商 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9802 私募基金Thoma Bravo以69億美元收購身分安全管理業者SailPoint https://investors.sailpoint.com/news/2022/04-11-2022-114519925 HelpSystems併購資安培訓平臺業者Terranova Security https://www.helpnetsecurity.com/2022/04/09/helpsystems-terranova-security/ Cymetrics 結盟是方電訊　提供雲端資安服務 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/E391E0155EEB414C80D03ECB95E4BA46 NordVPN 免費加入全方位威脅防護功能　提供進一步安全保障 https://unwire.hk/2022/04/13/nordvpn-threat-protection/life-tech/ KKR擬收購資安企業Barracuda 交易價值估40億美元 https://turnnewsapp.com/livenews/global/A06626002022041303090922 全球最大半導體設備商AMAT入股京鼎 https://www.1111.com.tw/news/jobns/145117 Citrix 發佈全新 Citrix Virtual Apps and Desktops 2203 LTSR 長期服務版本 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/23DDA792593F46B0A1A2B7E16E3904A0 Fortinet 最新升級！FortiOS 7.2 新增超過 300 項功能，為企業打造資安基礎架構 https://news.sina.com.tw/article/20220414/41603136.html Westcon宣布成為Efficient iP台灣區代理商 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=16&id=0000633182_W100740K9JB0XI1HF5S6V 和碩聯合科技攜手微軟以 RPA 化繁為簡全面加速數位轉型 https://www.businessweekly.com.tw/business/indep/1002298 G.政府第3屆ICANN APAC-TWNIC 邀請全球網路意見領袖共同探討網路治理議題 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9800 綠委拋成立數位指揮中心防資訊戰蘇貞昌：已有防錯假訊息防制平台 https://www.rti.org.tw/news/view/id/2129813 經民連批金管會為中資蝦皮開後門：「中國武力犯臺前，臺灣恐先經濟亡國！」 https://musou.watchout.tw/read/SIeng5lR0KgO8WzqJOXf 31億蝦皮金流當機沒人管？民團批金管會放水要求立院速審法規 https://newtalk.tw/news/view/2022-04-13/738836 NCC：低軌衛星涉頻譜開放未來由數發部掌管 https://www.cna.com.tw/news/afe/202204140245.aspx 立法委員高虹安：資安成國家重要課題，望台灣能打造出自助、助人的資安國家隊 https://news.knowing.asia/news/c4073007-db73-495c-983c-7383b6466c52 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安美國警告國家級駭客鎖定ICS、SCADA系統發動攻擊 https://www.bleepingcomputer.com/news/security/us-warns-of-govt-hackers-targeting-industrial-control-systems/ 美示警：駭客已能攻擊關鍵基礎設施 https://reurl.cc/LmjnYL 美國CISA發布AA22-103A警報：關鍵基礎設施及製造業提防PLC被Pipedream攻陷 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9813 101 DATA SCIENCE with Cheat Sheets (ML, DL, Scraping, Python, R, SQL, Maths & Statistics) https://medium.com/@anushka.datascoop/101-data-science-cheat-sheets-ml-dl-scraping-python-r-sql-maths-statistics-ef30b4d786eb 工業網絡公司組建遊說團體，以應對美國政府加強監管 https://reurl.cc/x9x37V 俄羅斯駭客Sandworm鎖定烏克蘭能源供應商的ICS系統下手 https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/ 醫療機器人存在零時差漏洞JekyllBot:5，恐被攻擊者用於遠端控制 https://reurl.cc/OA7m6r D-Link 無線路由器「這5款」舊機存重大漏洞！美國土部示警盡快停用 https://today.line.me/tw/v2/article/0MpY2X3 75% 資安事件曾造成生產線停擺！TXOne：打造智慧工廠必備「這 5 大資安思維」 https://buzzorange.com/techorange/2022/04/13/smart-manufacturing-security/ 搶攻智慧醫療商機！趨勢科技執行長陳怡樺創立智趨動，加速仿生科技落地 https://www.bnext.com.tw/article/68548/smart-healthcare-trendmicro 以實現智慧城市為目標三菱電機Diamond Controls 發揮關鍵作用 https://www.businessweekly.com.tw/careers/indep/1002303 博歐如何用區塊鏈技術使汽車身份認證更安全 https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000633212_MCN1OH9L21747V1T5WT1F 無人機發展涉及資安專家：應建立資通訊安全標準 https://reurl.cc/OA7RV3 I.教育訓練中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班：全面招生中 https://www.cs.nycu.edu.tw/announcements/detail/8778 2022「證券期貨資訊安全實務養成課程」即日起開始報名 https://www.sfi.org.tw/news/news-7/3589 網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works) https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html 【資安管理國際證照懶人包】學習心得、考試要點一次整理！2022 轉職夢幻工作看這篇 https://buzzorange.com/techorange/2021/12/30/isaca/ CISSP考試心得 – Benson https://reurl.cc/GbWvxd CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 110年新進人員「校園資訊安全講座」教材 https://cc.nccu.edu.tw/p/406-1001-740,r18.php 【訓練教材D】資訊安全技術教育訓練教材 https://iscb.nchu.edu.tw/2019/07/d.html 109資通安全管理法數位教育訓練 https://reurl.cc/ARlmqp 110-1初級資訊安全工程師-資訊安全管理概論 https://yamol.tw/exam.php?id=104050 中大信息工程學系栽培資訊科技領導人才 https://reurl.cc/ARZKDK 伊雲谷、中山大學產學合作累積雲端資安人才能量 https://ctee.com.tw/industrynews/technology/587459.html SANS Cyber Aces Online Tutorials https://tutorials.cyberaces.org/tutorials.html Free Online Cybersecurity Courses (MOOCs) https://www.cyberdegrees.org/resources/free-online-courses/ Develop Your Cybersecurity Skills https://www.cybrary.it/catalog/cybersecurity/ Mobile App Security https://www.cybrary.it/course/mobile-app-security/ Introduction to Cybersecurity https://reurl.cc/bnaj6d How to Tackle SaaS Security Misconfigurations https://thehackernews.com/2021/11/how-to-tackle-saas-security.html How to Build a Security Awareness Training Program that Yields Measurable Results https://thehackernews.com/2021/11/how-to-build-security-awareness.html Common Attacks https://choson.lifenet.com.tw/?p=1174 6.近期資安活動及研討會 AIAA講座【台北場】：資安思維 X 政府應用AI案例 X 數位轉型 2022/4/16 https://www.accupass.com/event/2203031213512786993470 SP-ISAC【資安專題講座】網站安全面面觀 2022/04/19 https://reurl.cc/6EWjRM 網站應用程式安全 2022/04/19 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19881 SDN x Cloud Native Meetup #47 2022/4/19 https://www.meetup.com/CloudNative-Taiwan/events/284821277/ Quarterly Professional Networking Event 2022/4/21 https://www.meetup.com/taiwan-digital-drinks/events/284733775/ 2022 美台金融資安論壇數位轉型下的資安再造 2022/04/21 ~ 2022/04/22 https://event.netmag.tw/202204ait/ 南部場-公部門如何揪出潛伏資安威脅研討會（限政府機關報名） 2022/4/21 https://www.cisanet.org.tw/Course/Detail/2784 Python 數據分析一日工作坊 - 電商、Airbnb分析實戰 2022/4/23 https://www.meetup.com/PyLadiesTW/events/284972118/ 區塊鏈與智慧資安女力論壇 2022/4/24 https://isipevent.kktix.cc/events/e58d0573 沙崙資安基地線上免費課程：【資產盤點暨風險評鑑實務】 2022/04/26 https://bit.ly/3KmFTqW 資通安全電腦稽核-防火牆管理查核實例演練~稽核最佳實務演練 2022/04/28 https://www.acl.com.tw/news/news_display.php?id=1802 SEMI E187設備資安標準導入與實務研討會 2022/4/29 https://www.semi.org/zh/cybersecurity-standards-seminar 「資安鑑識課程-系列Ⅰ初級課程：資安科技基礎養成：滑鼠鍵盤敲起來【從密碼到資安】」線上研習 2022/4/29 https://docs.google.com/forms/d/1yS8JontNqGinMYUOaYj9aQ-Ov92yda7eFldgjotOAUs K12的科技教育-除了程式還可以教什麼 2022/5/9 https://www.meetup.com/rladies-taipei/events/284421238/ 元智資工高中生短期資訊課程-微插電資安體驗工作坊 2022/5/14 https://cse-yzu.kktix.cc/events/yzcs7 資安政策法規標準 2022/5/25 ~ 2022/5/26 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19873 資訊安全系列課程系列九：機器學習與資安異常診斷實務(第1期) 2022/6/7 https://www.tabf.org.tw/CourseDetail.aspx?PID=487302 駭客奪旗攻防演練：金融資安人才養成專班(第1期) 2022/04/28~2022/06/09 https://www.tabf.org.tw/CourseDetail.aspx?PID=487750 國家高速網路與計算中心教育訓練「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=homepage 風險導向資安稽核 2022/7/20 https://www.cisanet.org.tw/Course/Detail/2756