資安事件新聞週報 2022/11/7 ~ 2022/11/11

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/11/7 ~ 2022/11/11 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco 近日發布更新以解決多個產品的安全性弱點 https://www.cisa.gov/uscert/ncas/current-activity/2022/11/03/cisco-releases-security-updates-multiple-products 微軟Exchange伺服器的RCE零時差弱點 https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ 微軟修補6個已遭攻擊的零時差漏洞 https://www.ithome.com.tw/news/154096 Microsoft 推出 2022 年 11 月 Patch Tuesday 資安修補包 https://reurl.cc/bG2NL3 微軟11月例行修補緩解6個零時差漏洞，ProxyNotShell、MoTW漏洞終於有修補程式 https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2022-patch-tuesday-fixes-6-exploited-zero-days-68-flaws/ 微軟要在12月13日終止對Windows 10 21H1的支援 https://www.ithome.com.tw/news/154097 開發人員注意.NET SqlClient安全漏洞 CVE-2022-41064修補 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064 Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities https://thehackernews.com/2022/11/microsoft-warns-of-uptick-in-hackers.html Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days https://thehackernews.com/2022/11/install-latest-windows-update-asap.html OpenSSL 修復兩個高危險漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10160 Open SSL重大漏洞 (CVE-2022-3602、CVE-2022-3786) https://www.netranger.com.tw/threats/1860/ VMware修補遠端IT支援系統Workspace ONE Assist重大漏洞 https://www.bleepingcomputer.com/news/security/vmware-fixes-three-critical-auth-bypass-bugs-in-remote-access-tool/ VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software https://thehackernews.com/2022/11/vmware-warns-of-3-new-critical-flaws.html Citrix修補ADC與VPN閘道系統的重大漏洞 https://www.bleepingcomputer.com/news/security/citrix-urges-admins-to-patch-critical-adc-gateway-auth-bypass/ Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products https://thehackernews.com/2022/11/citrix-issues-patches-for-critical-flaw.html 25款聯想筆電再爆UEFI安全漏洞惡意程式可永久寄生電腦甩不掉 https://netmag.tw/2022/11/11/lenovo-pen-electrical-software-security-vulnerability-can-be-affected-by-malicious-programs-affecting-25 聯想修補可被用於關閉UEFI安全開機的漏洞 https://www.bleepingcomputer.com/news/security/lenovo-fixes-flaws-that-can-be-used-to-disable-uefi-secure-boot/ New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models https://thehackernews.com/2022/11/new-uefi-firmware-flaws-reported-in.html 蘋果針對Xcode開發環境修補Git的漏洞 https://www.securityweek.com/apple-rolls-out-xcode-update-patching-git-vulnerabilities SAP修補旗下商業智慧軟體BusinessObjects、應用程式開發框架SAPUI5 https://www.securityweek.com/sap-patches-critical-vulnerabilities-businessobjects-sapui5 Intel、AMD修補晶片漏洞 https://www.securityweek.com/intel-amd-address-many-vulnerabilities-patch-tuesday-advisories 建置NPM套件的框架Ember.js存在原型汙染漏洞，恐被用於跨網站指令碼攻擊 https://portswigger.net/daily-swig/prototype-pollution-bug-exposed-ember-js-applications-to-xss NPM套件Passport-SAML出現輸入驗證漏洞，恐觸發XMLDOM物件出錯 https://portswigger.net/daily-swig/passport-saml-auth-bypass-triggers-fix-of-critical-upstream-xmldom-bug Google修補高風險層級的Android權限提升漏洞 https://www.securityweek.com/google-patches-high-severity-privilege-escalation-vulnerabilities-android 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安 OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa https://thehackernews.com/2022/11/researchers-detail-opera1er-apt-attacks.html 澳洲保險業者Medibank被駭客下通諜，限期24小時支付贖金，該公司宣布拒絕付錢 https://www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-release-stolen-medibank-data/ 澳洲保險業者Medibank證實勒索軟體駭客已洩露竊得資料 https://www.bleepingcomputer.com/news/security/medibank-warns-customers-their-data-was-leaked-by-ransomware-gang/ 駭客竊970萬客戶個資勒索不成放暗網 https://globalnewstv.com.tw/202211/195899/ 澳醫保公司遇駭拒付贖金駭客公布總理醫療紀錄 https://reurl.cc/NGAN9q Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed in Ransomware Hack https://thehackernews.com/2022/11/medibank-refuses-to-pay-ransom-after-97.html 針對印度銀行帳戶使用者的攻擊不斷，出現大規模網路釣魚行為 https://www.trendmicro.com/en_us/research/22/k/massive-phishing-campaigns-target-india-banks-clients.html 太習慣指紋登入！他嘆「永遠記不住網銀帳密」　鄉民同感：太多組一直搞混 https://www.ettoday.net/dalemon/post/63170 將來銀網路投保11月底上線首波瞄準車險國內旅平險 https://news.cts.com.tw/cna/life/202211/202211102108751.html 凱基銀中午1小時不能行動交易金管會：新購伺服器主機異常 https://reurl.cc/6LZbzr 北富銀零信任數位資安掄元 https://wantrich.chinatimes.com/news/20221107900158-420501 德國純網銀N26功能又+1，首在奧地利開放加密貨幣交易 https://www.bnext.com.tw/article/72208/digital-bank-n26-crypto-trading-service1021 永豐「DAWHO之夜」大戶方舟策略：專家分享用數位投資工具迎接未知挑戰 https://www.thenewslens.com/article/176007 3.電子支付/行動支付/pay/資安梅驊：街口支付將加強跨業合作為用戶創造服務價值，引導支付生態圈朝有機發展 https://www.ithome.com.tw/news/154154 公股銀強化行動支付成績亮眼 https://ctee.com.tw/news/finance/749537.html 全聯撒錢動員掃街拚全支付為何就是不放手綁中信、富邦卡 https://www.businessweekly.com.tw/business/blog/3011042 果然有支援！全聯全支付會員數突破200萬年底挑戰電支龍頭 https://www.wealth.com.tw/articles/b6749094-3039-454d-aa93-45e8052ed49f 無疆界、零現金便捷支付歡樂耶誕城 NewTaiPAY好禮享「限時、限量」好康優惠 https://reurl.cc/28ZlX6 iPhone用戶看過來 2招快速完成LINE Pay支付 https://www.sogi.com.tw/articles/line_pay/6257532 讓掃碼更規范更省心（網上中國） http://finance.people.com.cn/BIG5/n1/2022/1111/c1004-32563679.html 賄選手法增行動支付、境外勢力資金 30元查賄標準限文宣品 https://www.cna.com.tw/news/asoc/202210180295.aspx 中國信託以多元整合支付工具，助力中小商戶掌握每一筆交易商機 https://www.bnext.com.tw/article/72270/ctbcbank10.1 全家、全聯為何都推出第二種 pay？第三方支付、電支差在哪？4 個 QA 一次讀懂 https://www.managertoday.com.tw/articles/view/65920 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 U.S. Seizes Over 50K Bitcoin Worth $3.3 Billion Linked to Silk Road Dark Web https://thehackernews.com/2022/11/us-seizes-over-50k-bitcoin-worth-33.html FTX Crash: BTC To $10K? https://medium.com/coinmonks/ftx-crash-btc-to-10k-96006530ed4c 幣安收購FTX告吹，全球加密貨幣震盪 https://www.ithome.com.tw/news/154117 幣安併購FTX破局加密貨幣概念股盤中跌逾5% https://www.rti.org.tw/news/view/id/2150109 FTX創辦人SBF出面承認自己搞砸了，將以用戶利益為優先 https://www.ithome.com.tw/news/154152 幣圈血流成河！一文看懂幣安、FTX廝殺大戰，全球第二大交易所會跑路嗎 https://www.storm.mg/amparticle/4605386 國泰金領軍發布首份「區塊鏈聯盟自律公約」 https://www.chinatimes.com/realtimenews/20221110003029-260410?chdtv 全台首份區塊鏈聯盟自律公約公開 https://times.hinet.net/news/24245802 幣圈大小事分享 - 中心化交易所 Deribit 被駭 https://www.potatomedia.co/post/be5b6af4-356a-4e1e-9ce7-037e9d257111 藏在爆米花罐裡的5萬枚比特幣：美國司法部披露「史上最大暗網竊案」細節 https://www.storm.mg/article/4602682 駭客在暗網盜幣美檢聲請沒收價值逾320億比特幣 https://today.line.me/tw/v2/article/60zDMBn CoinGecko 誤顯示USDT脫鉤；Mango攻擊者1.7億鎂做空USDT https://www.blocktempo.com/avraham-eisenberg-shorts-usdt-to-earn-profit/ 才剛被收購！BlockFi被FTX拖累暫停提款，還有誰也是「受害者」 https://www.bnext.com.tw/article/72568/ftx-blockfi-stop-withdraw 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 美國新聞業遭遇大規模供應鏈攻擊：數百家報紙網站被植入後門 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10163 資料破壞軟體Azov Ransomware每666位元組寫入隨機資料，並在受害電腦植入後門 https://www.bleepingcomputer.com/news/security/azov-ransomware-is-a-wiper-destroying-data-666-bytes-at-a-time/ 惡意軟體SocGholish透過影子網域或公有雲基礎設施散布 https://www.sentinelone.com/labs/socgholish-diversifies-and-expands-its-malware-staging-infrastructure-to-counter-defenders/ 澳洲學院Kilvington Grammar證實資料外洩，勒索軟體LockBit聲稱是他們所為 https://itwire.com/business-it-news/security/lockbit-ransomware-gang-hits-melbourne-school-kilvington-grammar.html 惡意擴充套件Cloud9鎖定Chrome而來，可讓攻擊者遠端控制受害電腦 https://www.zimperium.com/blog/the-case-of-cloud9-chrome-botnet/ 殭屍網路病毒Amadey Bot被用於部署勒索軟體LockBit https://asec.ahnlab.com/en/41450/ 安卓銀行木馬Vultur透過Google Play市集散布，已被下載逾10萬次 https://www.cleafy.com/cleafy-labs/the-android-malwares-journey-from-google-play-to-banking-fraud WordPress惡意軟體攻擊1.5萬個網站，將瀏覽者導向惡意網站 https://blog.sucuri.net/2022/11/massive-ois-is-black-hat-redirect-malware-campaign.html 中國駭客APT41附屬組織利用惡意程式Symatic攻擊臺灣政府、關鍵基礎設施、醫療保健產業 https://www.trendmicro.com/en_us/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html 為了躲避追緝，惡意軟體、網釣工具包濫用IPFS日益頻繁 https://blog.talosintelligence.com/ipfs-abuse/ New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader https://thehackernews.com/2022/11/new-laplas-clipper-malware-targeting.html Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines https://thehackernews.com/2022/11/amadey-bot-spotted-deploying-lockbit-30.html 有駭客利用新混淆技術將惡意藏於PyPI套件包 https://research.checkpoint.com/2022/check-point-cloudguard-spectral-exposes-new-obfuscation-techniques-for-malicious-packages-on-pypi/ Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer https://thehackernews.com/2022/11/researchers-uncover-29-malicious-pypi.html Researchers Detail New Malware Campaign Targeting Indian Government Employees https://thehackernews.com/2022/11/researchers-detail-new-malware-campaign.html Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers https://thehackernews.com/2022/11/researchers-find-links-bw-black-basta.html APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network https://thehackernews.com/2022/11/apt29-exploited-windows-feature-to.html Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network https://thehackernews.com/2022/11/experts-warn-of-browser-extensions.html New IceXLoader Malware Loader Variant Infected Thousands of Victims Worldwide https://thehackernews.com/2022/11/new-icexloader-malware-loader-variant.html 惡意軟體IceXLoader感染全球數千臺電腦 https://www.zimperium.com/blog/the-case-of-cloud9-chrome-botnet/ New updated IceXLoader claims thousands of victims around the world https://minerva-labs.com/blog/new-updated-icexloader-claims-thousands-of-victims-around-the-world/ New “Prestige” ransomware impacts organizations in Ukraine and Poland https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/ Hack the Real Box: APT41’s New Subgroup Earth Longzhi https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi/IOCs-hack-the-real-box-apt41-new-subgroup-earth-longzhi.txt https://www.trendmicro.com/en_us/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 This Hidden Facebook Tool Lets Users Remove Their Email or Phone Number Shared by Others https://thehackernews.com/2022/11/this-hidden-facebook-tool-lets-users.html 三星手機3項漏洞曾遭惡意軟體攻擊 https://www.ithome.com.tw/news/154113 間諜軟體供應商鎖定三星手機漏洞下手，製作攻擊程式 https://googleprojectzero.blogspot.com/2022/11/a-very-powerful-clipboard-samsung-in-the-wild-exploit-chain.html Apple發布iOS 16.1.1和iPadOS 16.1.1更新，修補兩個Libxml2函式庫整數溢位漏洞 https://www.ithome.com.tw/news/154122 蘋果修補可被用於執行任意程式碼的iOS及iPadOS漏洞 https://support.apple.com/en-us/HT213505 傳蘋果在中國實施AirDrop 10分鐘使用限制，明年推向全球 https://www.ithome.com.tw/news/154143 鎖定監控維族人 App植入中國間諜軟體 https://www.rti.org.tw/news/view/id/2150238 手機會偷聽你講話 https://blog.trendmicro.com.tw/?p=75032 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力資安教育專題（上） https://www.youtube.com/watch?v=TVGELZ3S-kU 資安教育專題（下） https://www.youtube.com/watch?v=L7pbgMfpcKA 美中衝突下的產業資安機會 https://udn.com/news/story/6871/6753794 強化資安防護維繫戰力確保國安 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1545445 不再是駭客的天堂企業也能利用暗網(Dark Web)立足資安 https://www.ortech.com.tw/news/cyberint-blog-20221002/ Google One VPN開放22國，臺灣也適用，近日傳出將新增支援Windows與macOS https://www.ithome.com.tw/news/154121 合勤投控資安長游政卿分享6個轉化資安投資的策略 https://www.ithome.com.tw/news/154104 臺灣國際資安認證專家協會正式成立 https://www.facebook.com/isc2TaipeiChapter/posts/pfbid031hTDF8YuK7pUNan43NFdGxQiLBAjgqnpBbG6q3BMAeJjckyk7RJFuYR7HtGeQNA1l 波音子公司遭網路攻擊，致使全球多家航班規劃中斷 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10166 澳洲房仲業者Harcourts遭到網路攻擊 https://www.sbs.com.au/news/article/advocates-had-warned-of-the-dangers-of-a-real-estate-data-breach-it-just-happened/6mlieq0g0 加拿大肉品供應商Maple Leaf Foods遭網路攻擊，營運被迫中斷 https://www.bleepingcomputer.com/news/security/maple-leaf-foods-suffers-outage-following-weekend-cyberattack/ 沙烏地阿拉伯遭駭客組織Justice Blade鎖定，透過IT服務業者發動供應鏈攻擊 https://securityaffairs.co/wordpress/138213/hacking/justice-blade-targets-saudi-arabia.html 印度政府組織遭APT-36發動攻擊，駭客濫用Google廣告來散布後門程式 https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations 印度國防人員遭到國家級駭客以安卓木馬攻擊 https://www.cyfirma.com/outofband/unknown-nation-based-threat-actor-using-android-rat-to-target-indian-defence-personnel-2/ 美國國防部即將公布零信任戰略 https://www.c4isrnet.com/cyber/2022/11/08/pentagon-to-unveil-zero-trust-cyber-strategy/ 俄羅斯駭客APT29在攻擊活動中利用了Windows少有人知的憑證漫遊功能 https://www.mandiant.com/resources/blog/apt29-windows-credential-roaming 芬蘭政府推動資安提供企業補助方案，並將修法改善當局資安漏洞情資交換 https://valtioneuvosto.fi/en/-/government-supports-the-development-of-information-security-in-businesses 前美飛行員在澳被捕疑與中共駭客有聯繫 https://reurl.cc/10ZkAX 歐盟網路安全局指出地緣政治衝突催化網路攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10172 日本首相岸田文雄宣布制定「綜合防衛費用」＝研究開發與防範駭客 https://www.nippon.com/hk/news/yjj2022110900915/ FBI 指俄羅斯針對美國 DDoS 攻擊效果有限 https://unwire.pro/2022/11/09/fbi-3/security/ 【瑞士等級的個人隱私保障】資料可選放歐盟或美國、還可分散成 5 副本，一舉打破雲端硬碟的疆界！ https://buzzorange.com/techorange/2022/11/10/pcloud-cloud/ Several Cyber Attacks Observed Leveraging IPFS Decentralized Network https://thehackernews.com/2022/11/several-cyber-attacks-observed.html 計畫專任資訊技術或資安人員 https://www.104.com.tw/job/7soup?jobsource=jolist_b_relevance 資安專員 (台北) https://www.104.com.tw/job/6wiw3?jobsource=jolist_b_relevance 資安檢測工程師(視訊/線上面談) https://www.104.com.tw/job/6sx90?jobsource=jolist_b_relevance 技術服務處-App資安檢測工程師 https://www.104.com.tw/job/7q31a?jobsource=jolist_b_relevance ISO27001資訊安全管理系統主任稽核員 https://www.104.com.tw/job/6xh76?jobsource=jolist_b_relevance IT網管工程師 https://www.104.com.tw/job/7o9kf?jobsource=jolist_b_relevance 資訊系統工程師(資訊安全) https://www.104.com.tw/job/6kfpq?jobsource=jolist_b_relevance 資安工程師(21012701A) https://www.104.com.tw/job/76fvf?jobsource=jolist_b_relevance 資安工程師(技術研發)_台達研究院(台北) https://www.104.com.tw/job/6h5y8?jobsource=jolist_b_relevance 資安工程師(顧問輔導)_台達研究院(台北) https://www.104.com.tw/job/7a2v3?jobsource=jolist_b_relevance 資安工程師(漏洞研究)_台達研究院(台北) https://www.104.com.tw/job/6t087?jobsource=jolist_b_relevance 主任資安工程師(漏洞研究)_台達研究院(台北) https://www.104.com.tw/job/6t09c?jobsource=jolist_b_relevance 主任資安工程師(技術研發)_台達研究院(台北) https://www.104.com.tw/job/6t08p?jobsource=jolist_b_relevance [新鮮人專區]資訊專才 https://www.104.com.tw/job/7svnx?jobsource=jolist_b_relevance 【台中】資訊安全／滲透測試（Security Engineer） https://www.104.com.tw/job/7fr4j?jobsource=jolist_b_relevance 【台北】資訊安全／滲透測試（Security Engineer） https://www.104.com.tw/job/6tghm?jobsource=jolist_b_relevance 資訊安全管理人員(資訊安全部) https://www.104.com.tw/job/7ryjz?jobsource=jolist_b_relevance 數位科技風險 - 資訊安全技術檢測工程師 https://www.104.com.tw/job/48aak?jobsource=jolist_b_relevance 數位科技風險 - 資訊安全技術檢測工程師-台中所 https://www.104.com.tw/job/732qz?jobsource=jolist_b_relevance 數位科技風險 - 資訊安全技術檢測工程師-高雄所 https://www.104.com.tw/job/732r5?jobsource=jolist_b_relevance 國立中山大學圖書與資訊處誠徵資安制度規劃師(研究助理) https://www.104.com.tw/job/7rg7t D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Experts Find URLScan Security Scanner Inadvertently Leaks Sensitive URLs and Data https://thehackernews.com/2022/11/experts-find-urlscan-security-scanner.html 網路釣魚工具訂閱服務Robin Banks捲土重來 https://www.ironnet.com/blog/robin-banks-still-might-be-robbing-your-bank-part-2 Robin Banks Phishing Service for Cybercriminals Returns with Russian Server https://thehackernews.com/2022/11/robin-banks-phishing-service-for.html 駭客組織Crimson Kingsnake假冒法律事務所發動BEC攻擊 https://abnormalsecurity.com/blog/crimson-kingsnake-bec-group-attacks 澳洲科技集團Pnors遭到網路攻擊，維多利亞州居民個資恐外洩 https://7news.com.au/news/cyber-attack/victorians-data-at-risk-after-cyber-attack-on-tech-company-pnors-technology-group-c-8772485 微軟Dynamics 365 Customer Voice遭到濫用，攻擊者用於語音詐騙 https://www.avanan.com/blog/abusing-microsoft-customer-voice-to-send-phishing-links 針對Experian、T-Mobile資料外洩事故，美國各州以1,600萬美元達成和解 https://www.securityweek.com/us-states-announce-16m-settlement-experian-t-mobile-over-data-breaches 國內資安業者提醒民眾當心雙11暗藏騙錢騙個資的「4大陷阱」 https://3c.ltn.com.tw/news/51446 【查證】手機借男童打電話後就被駭客控制？資料全被盜？資安專家與警方解析 https://reurl.cc/ymrKGl 雙 11 將至，趨勢科技公布網購 4 大駭蟲圖鑑 https://technews.tw/2022/11/10/pc-cillin-pro/ 雙11駭客盯著你！網購詐騙1年2千萬筆　「4駭蟲」最危險 https://www.nownews.com/news/5968022 假檢警真詐騙! 7旬翁290萬退休金被騙光 https://today.line.me/tw/v2/article/oqkqGBy 沒有連結也能駭你進入假銀行網頁！小心以 HTML附件躲避偵測的網路釣魚手法 https://blog.trendmicro.com.tw/?p=75042 熱血警察打詐之戰！他如何和銀行、業者合作，堵住全台詐騙高峰 https://www.cw.com.tw/article/5123490 E.研究報告/工具漂綠、碳駭客、龐氏騙局　碳金融犯罪與五個碳交易潛在風險 https://csr.cw.com.tw/article/42840 微軟：全球密碼攻擊年增 74%，每秒攻擊 921 次 https://technews.tw/2022/11/10/worldwide-hacked-passwords-up-74percent-annually/ Why Identity & Access Management Governance is a Core Part of Your SaaS Security https://thehackernews.com/2022/11/why-identity-access-management.html 5 Reasons to Consolidate Your Tech Stack https://thehackernews.com/2022/11/5-reasons-to-consolidate-your-tech-stack.html Top 5 API Security Myths That Are Crushing Your Business https://thehackernews.com/2022/11/top-5-api-security-myths-that-are.html Is Cybersecurity Awareness Month Anything More Than PR https://thehackernews.com/2022/11/is-cybersecurity-awareness-month.html Re-Focusing Cyber Insurance with Security Validation https://thehackernews.com/2022/11/re-focusing-cyber-insurance-with.html CSS Scroll-linked Animations Will Change How We Experience The Web https://tomaszs2.medium.com/css-scroll-linked-animations-will-change-how-we-experience-the-web-9834dfcfa77a How to Build an Income Stream with APIs https://heducate.medium.com/how-to-build-an-income-stream-with-apis-a2e0774c080e 10 Minute Bug Bounties: OSINT With Google Dorking, Censys, and Shodan https://medium.com/the-gray-area/10-minute-bug-bounties-osint-with-google-dorking-censys-and-shodan-8d567d31dfed F.商業 70%以上網攻始於端點設備！大世科整合端點安全防護讓混合工作模式下更安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10139 「十年磨一劍」Acronis超融合多層次資安防禦 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10162 SailPoint 雲端身分安全組合方案提升AI技術做到全方位脈絡化洞察 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10164 跨多雲WAAP即服務實踐雲地一致安全策略 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10161 防毒業者NortonLifeLock和Avast合併後，改名為Gen https://www.ithome.com.tw/news/154095 微軟正式發布支援.NET 7、Arm64的Visual Studio 2022 17.4 https://www.ithome.com.tw/news/154099 卡巴斯基即將關閉俄羅斯的VPN服務 https://www.ithome.com.tw/news/154155 MITRE評估計畫2022首屆MDR評比結果發布，共16家業者參與 https://mitre-engenuity.org/blog/2022/11/09/mitre-engenuity-publishes-first-ever-attack-evaluations-of-security-service-providers-their-threat-informed-defense-capabilities/ 中華電信雲端共同供應契約加速政府學校入雲轉型 https://ctee.com.tw/livenews/kj/ctee/a79860002022110920260002 數位科技、創新人才、合作夥伴打造台灣金融業數位韌性 https://news.microsoft.com/zh-tw/microsoft-fsi-day/ G.政府政府自建專用短網址服務登場，助公部門傳播資訊，使民眾易於辨認正確的政府官方網頁 https://www.ithome.com.tw/news/154119 數位部部長唐鳳採納網路意見，政府自建專用短網址服務登場 https://www.ithome.com.tw/news/154119 行政院國家資通安全會報技術服務中心發布第三季報告，資安通報能確認事因的比例增加 https://reurl.cc/jR1m6q 中國無人機登國慶表演？國科會：晶片歐美製 https://news.ttv.com.tw/news/11111090028500N/amp 關鍵零件歐美製國科會：無涉資安 https://reurl.cc/Ay7bLZ 台灣有台積電國慶無人機大陣勢卻用大陸零件引安全憂慮無話可說 https://reurl.cc/jR1mYL 國慶表演無人機產自中國？國科會澄清無資安疑慮，國防部長保證絕不使用中製產品 https://www.thenewslens.com/article/176241 國慶煙火陸製無人機掀資安疑慮唐鳳：協助建第三方驗證 https://turnnewsapp.com/livenews/finance/A11608002022111018465273 蘇貞昌：施政應提高至國安、資安角度 https://www.rti.org.tw/news/view/id/2150110 唐鳳接見英國國貿部副部長表達願就通訊、資安合作 https://ec.ltn.com.tw/article/breakingnews/4118268 防中靠認知戰奪台唐鳳：不斷網系統是關鍵 https://www.rti.org.tw/news/view/id/2150003 公視基金會連續重大資安事件監院糾正文化部、NCC https://www.chinatimes.com/realtimenews/20221111002196-260407?chdtv 數位部首展台北資訊月唐鳳：台灣數位科技可增幅世界 https://www.rti.org.tw/news/view/id/2150152 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Your OT Is No Longer Isolated: Act Fast to Protect It https://thehackernews.com/2022/11/your-ot-is-no-longer-isolated-act-fast.html CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software https://thehackernews.com/2022/11/cisa-warns-of-critical-vulnerabilities.html High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies https://thehackernews.com/2022/11/high-severity-flaw-reported-in-critical.html 西門子、施耐德電機發布11月份例行修補 https://www.securityweek.com/ics-patch-tuesday-siemens-addresses-critical-vulnerabilities Google機器學習新研究InfiniteNature-Zero，可生成任意長度飛越自然地景的影片 https://www.ithome.com.tw/news/154108 ABB天然氣流量檢測器與分析儀關鍵系統漏洞，影響石油與天然氣產業 https://claroty.com/team82/research/an-oil-and-gas-weak-spot-flow-computers 連結標準聯盟CSA發布物聯網Matter標準，已有超過190款產品申請認證 https://www.prnewswire.com/news-releases/smart-home-innovation-set-to-accelerate-with-matter-301667485.html 趨勢科技車用資安公司VicOne推出首款車載軟體遠端診斷服務Secured RDS https://ctee.com.tw/news/tech/751120.html 科風 UPSMON PRO - Broken Authentication https://www.twcert.org.tw/tw/cp-132-6678-e9fbe-1.html 科風 UPSMON PRO - Path Traversal https://www.twcert.org.tw/tw/cp-132-6679-a0695-1.html 科風 UPSMON PRO - Cleartext Transmission of Sensitive Information https://www.twcert.org.tw/tw/cp-132-6681-e9650-1.html EV自駕資安攻防戰誰是解方？MIH聯盟提建議 https://www.digitimes.com.tw/iot/article.asp?id=0000649522_HDV685C61U1XVM3IDD0S6 三個心法檢視網路安全，部署 OT 資安少走冤枉路 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10171 黑客攻擊社會基建　Fortinet 調查：86% OT 機構曾遭入侵 https://www.pcmarket.com.hk/fortinet-86-percent-hk-ot-enterprise-infrastructure-attack-by-hackers/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 我國網路資安狂被駭監委申請自動調查 https://www.chinatimes.com/realtimenews/20220810003152-260407?chdtv 6.近期資安活動及研討會【資安講堂】『資安？知安！』系列研討會 2022/11/10 ~ 2022/11/24 https://www.accupass.com/event/2210250909372099074796 TWCERT/CC 2022 台灣資安通報年會 2022/11/15 https://twcert.informationsecurity.com.tw/2022_annual_meeting.htm 微軟 DevDays Asia 2022 亞太技術年會 2022/11/15 ~ 2022/11/17 https://news.microsoft.com/zh-tw/devdays-asia-2022/ 營業秘密防護網線上研討會 2022/11/16 https://www.accupass.com/event/2211090233131469652289 【資安系列講座】資訊系統漏洞經驗談 2022/11/16 https://hackersir.kktix.cc/events/20221116-vulnerability 【2022 BSI 國際永續標準管理年會】國際標準×永續金融共構ESG生態系 2022/11/17 https://www.accupass.com/event/2209140617181466847268 行動應用APP 安全檢測（APK/IPA）2022-11-18 09:00 ~ 2022-11-18 12:00 https://www.cisanet.org.tw/Course/Detail/2865 【資安講堂】雲端攻防戰！企業資安人才計劃全面啟動 2022/11/18 https://www.accupass.com/event/2210180843504199134720 Taipei dbt Meetup #7 (in-person 👫 & online 👨‍💻)2022/11/19 https://www.meetup.com/taipei-dbt-meetup/events/288207892/ 物聯網安全高峰論壇 2022/12/6 https://www.mem.com.tw/event/web%20test/index.html ICS 2022 WORKSHOP PROGRAM -「Ubiquitous Cybersecurity and Forensics」 2022/12/15 ~ 2022/12/17 https://ics2022.esam.io/ 一日駭客x網路弱點滲透 2022/12/17 https://www.accupass.com/event/2210270652481821159224 TANET 2022 WORKSHOP PROGRAM -「第二屆數位鑑識、醫療私密與網駭安全」 2022/12/15 ~ 2022/12/17 https://tanet2022.esam.io/