資安事件新聞週報 2021/7/26 ~ 2021/7/30

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2021/7/26 ~ 2021/7/30 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco 發布Intersight Virtual Appliance 軟體安全更新 https://us-cert.cisa.gov/ncas/current-activity/2021/07/22/cisco-releases-security-updates 國內網路産品製造大廠修復路由器密碼硬編寫暨多個RCE嚴重漏洞 https://www.twcert.org.tw/tw/cp-104-4945-a841f-1.html Oracle 近日發布更新以解決多個產品的安全性弱點 https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/oracle-releases-july-2021-critical-patch-update FortiClient for Mac 6.4.3 及以下版本 CVE-2021-26089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-26089 FortiMail 6.4.0 到 6.4.4 和 6.2.0 到 6.2.7 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-24020 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-24007 Citrix Application Delivery Controller、Citrix Gateway 和 Citrix SD-WAN WANOP Edition 的安全更新 https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/citrix-releases-security-updates D-LINK DIR-3040 1.13B03 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-21820 Kaseya VSA http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-30118 微軟七月 Patch Tuesday 資安修補包，修復 117 個漏洞，包括 9 個 0-day 漏洞 https://blog.twnic.tw/2021/07/30/19459/ Windows 11 推出第一個 Beta 版，持續改善穩定性並修除 Bug https://www.kocpc.com.tw/archives/395979 Windows 10驚傳一般使用者也能讀取SAM組態檔的弱點 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934 Microsoft Windows Defender http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-34464 Microsoft Exchange Server http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-31206 Adobe 已發布安全更新，以解決多個 Adobe 產品中的弱點 https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/adobe-releases-security-updates-multiple-products Apple 修復已遭大規模濫用的 iPhone、Mac 0-day 漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9367 Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices https://thehackernews.com/2021/07/apple-releases-urgent-0-day-bug-patch.html New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email https://thehackernews.com/2021/07/new-bug-could-let-attackers-hijack.html Several Bugs Found in 3 Open-Source Software Used by Several Businesses https://thehackernews.com/2021/07/several-bugs-found-in-3-open-source.html Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code https://thehackernews.com/2021/07/wake-up-identify-api-vulnerabilities.html How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability https://thehackernews.com/2021/07/how-to-mitigate-microsoft-windows-10-11.html 2.銀行/金融/保險/證券/支付系統/ 新聞及資安全球人壽推遠距投保資安零死角 https://stock.pchome.com.tw/report/cat0/20210729/162756897035.html 國泰金推「CaaS平台」　5數位場景搶異業商機 https://finance.ettoday.net/news/2043420 國泰人壽導入金控戰情室文化，逾300人居家辦公團隊如何打造一站式遠距投保平臺 https://www.ithome.com.tw/news/145916 國泰金跨業合作攻金融數位 https://ctee.com.tw/news/finance/495588.html CaaS生態圈整合國泰金　聯卡中心手機變刷卡機 https://www.cardu.com.tw/news/detail.php?43881 保險業接軌IFRS17衝擊大！總成本達百億元　2大重點攸關轉型成敗 https://finance.ettoday.net/news/2044094 中國北京順義迎全國首家外商獨資保險資管公司開業首都金融開放持續領跑 http://bj.people.com.cn/BIG5/n2/2021/0731/c82839-34846563.html 國銀數位存款帳戶掀起風潮 https://reurl.cc/vqbzvj 擔心網路駭客勒索現在可買保險自保！以色列保險科技新創成獨角獸 https://www.chinatimes.com/realtimenews/20210731000015-260412?chdtv 壽險業試辦遠距投保金管會視情形研議常態化 https://udn.com/news/story/7239/5631894 疫情效應數位帳戶年增七成 https://money.udn.com/money/story/5613/5632009 金融機構不只要抗疫更要防堵資安威脅 https://view.ctee.com.tw/monetary/31117.html 這類公司易成網路勒贖肥羊想買資安險恐四處碰壁 https://money.udn.com/money/story/121854/5632710 金融科技創新園區首推「數位沙盒遠距eKYC實證專區」 https://money.udn.com/money/story/5613/5633610 「視訊投保」有望成投保新常態！　金管會研擬共同規範 https://finance.ettoday.net/news/2041838 國發基金系統遭中國駭客入侵 https://www.ithome.com.tw/news/145904 銀行的資安犯罪《禍駭：網路犯罪世界的第一手紀實》書摘（2） https://www.storm.mg/article/3804297?page=1 聯卡中心紓困店家不縮手 https://udn.com/news/story/7239/5639828 Deep dive into a FIN8 attack https://businessinsights.bitdefender.com/deep-dive-into-a-fin8-attack-a-forensic-investigation 3.電子支付/行動支付/pay/資安一場洪災讓依賴行動支付的中國人傻眼了 https://reurl.cc/mLbONA 立委籲發數位振興券藉以推廣行動支付 https://reurl.cc/yEb8l8 刷手機輕鬆搭車！客運9月起推行動支付公車明年加入 https://news.ltn.com.tw/news/life/breakingnews/3610349 電支電票共用平台「一嗶搞定」！　新《電子支付機構管理條例》更便利 https://finance.ettoday.net/news/2038405 電子支付業務風波不斷 PayPal遭SEC、美消保局調查 https://news.cnyes.com/news/id/4690394 香港$5000消費券首輪週日發放電子支付平台：有方法防止套現 https://unwire.hk/2021/07/30/siufaikuen/fun-tech/ 香港首輪2千元消費券明天派發有餐飲集團增設八達通支付 https://reurl.cc/83AaLR 香港18歲以上普發1.8萬元電子消費券 https://reurl.cc/LbxOL7 台專家：依賴電子支付無法應變極端氣候 https://www.epochtimes.com/b5/21/7/28/n13121728.htm 蝦皮增資台民團籲投審會駁回 https://www.epochtimes.com/b5/21/7/29/n13124393.htm 4.加密貨幣/挖礦/區塊鍊/智能合約資安烏克蘭央行正式獲准發行數字貨幣 https://news.cnyes.com/news/id/4691395 德國將允許特定機構基金持有最多20%加密貨幣 https://reurl.cc/XWr8yj 美擬對加密貨幣交易課稅為基建法案籌財源 https://news.cnyes.com/news/id/4690396 疫後虛幣大爆發！加密貨幣煉金，虛擬資產變財富實境 https://www.gvm.com.tw/article/81327 芬蘭海關尋求加密貨幣經紀商幫助其出售扣押的比特幣 https://news.cnyes.com/news/id/4690380 最大加密貨幣交易所幣安創辦人將卸任，尋求更懂法規的新任執行長 https://finance.technews.tw/2021/07/28/binance-seek-new-ceo-for-better-regulation/ PayPal將推出擁有加密貨幣功能的超級應用錢包 https://news.cnyes.com/news/id/4689446 支付巨頭 PayPal 將推出支持加密貨幣功能的錢包應用，計劃未來幾個月在美國全面推廣 https://news.cnyes.com/news/id/4689727 加密貨幣北京可能禁止持有 https://udn.com/news/story/7333/5629397 比特幣還能買嗎？給新手的加密貨幣投資指南 https://reurl.cc/yEb80y 亞馬遜有意加密貨幣但否認年底前接受比特幣付款 https://www.cna.com.tw/news/aopl/202107270108.aspx LTN經濟通》穩定幣爆發式成長成加密貨幣主流 https://ec.ltn.com.tw/article/breakingnews/3616690 加密貨幣投資安全關鍵六問！幣安平台踢鐵板投資人好像走鋼索 https://www.wealth.com.tw/home/articles/32791 加密貨幣交易量雪崩專家揭恐還有拋售潮 https://ctee.com.tw/news/global/488308.html 比特幣遲早歸零！專家：加密貨幣是現代史上最大集體妄想 https://ec.ltn.com.tw/article/breakingnews/3612484 富國銀行已開始向高淨值客戶提供加密貨幣敞口 https://news.cnyes.com/news/id/4691500 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Sophos 發現鎖定 Discord 聊天平台的惡意軟體 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=12&aid=9359 中國駭客組織濫用Proxylogon漏洞，在Exchange伺服器植入木馬程式Thor https://www.ithome.com.tw/news/145927 SentinelLabs在伊朗火車系統攻擊事件中，發現前所未見的資料抹除程式 https://www.ithome.com.tw/news/145956 No More Ransom專案5年來已協助勒索軟體受害者省下10億歐元的成本 https://www.ithome.com.tw/news/145887 Wiper luring the Olympic Game https://www.mbsd.jp/research/20210721/blog/ Kimsuky's secret stealing activities in the first half of 2021 https://mp.weixin.qq.com/s/og8mfnqoKZsHlOJdIDKYgQ FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data https://blogs.quickheal.com/formbook-malware-returns-new-variant-uses-steganography-and-in-memory-loading-of-multiple-stages-to-steal-data/ XLoader, a macOS Malware-as-a-Service Info Stealer and Keylogger https://www.sentinelone.com/blog/detecting-xloader-a-macos-malware-as-a-service-info-stealer-and-keylogger/ https://research.checkpoint.com/2021/time-proven-tricks-in-a-new-environment-the-macos-evolution-of-formbook/ THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group https://unit42.paloaltonetworks.com/thor-plugx-variant/ Trickbot gtag rob112 spread through emails https://twitter.com/Unit42_Intel/status/1420035517668806672 https://github.com/pan-unit42/tweets/blob/master/2021-07-26-Trickbot-gtag-rob112.txt LemonDuck and LemonCat, modern mining malware infrastructure https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/ https://github.com/craiu/iocs/blob/main/lemonduck/hashes.txt Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems https://thehackernews.com/2021/07/microsoft-warns-of-lemonduck-malware.html 2021 Ransomware Families https://unit42.paloaltonetworks.com/ransomware-families/ MeteorExpress, Mysterious Wiper Paralyzes Iranian Trains with Epic Troll https://labs.sentinelone.com/meteorexpress-mysterious-wiper-paralyzes-iranian-trains-with-epic-troll/ https://github.com/SentineLabs/meteor-express/blob/main/apt_ZZ_MeteorExpress_Hashes.txt TA456 Targets Defense Contractor with Alluring Social Media Persona https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media Oscorp evolves into UBEL: an Android malware spreading across the globe https://www.cleafy.com/cleafy-labs/ubel-oscorp-evolution Crimea manifesto deploys VBA Rat using double attack vectors https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/ Experts Uncover Several C&C Servers Linked to WellMess Malware https://thehackernews.com/2021/07/experts-uncover-several-c-servers.html A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System https://thehackernews.com/2021/07/a-new-wiper-malware-was-behind-recent.html Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers https://thehackernews.com/2021/07/phony-call-centers-tricking-users-into.html New Ransomware Gangs — Haron and BlackMatter — Emerge on Cybercrime Forums https://thehackernews.com/2021/07/new-ransomware-gangs-haron-and.html New Android Malware Uses VNC to Spy and Steal Passwords from Victims https://thehackernews.com/2021/07/new-android-malware-uses-vnc-to-spy-and.html Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs https://thehackernews.com/2021/07/hackers-exploit-microsoft-browser-bug.html UBEL is the New Oscorp — Android Credential Stealing Malware Active in the Wild https://thehackernews.com/2021/07/ubel-is-new-oscorp-android-credential.html Hackers Turning to 'Exotic' Programming Languages for Malware Development https://thehackernews.com/2021/07/hackers-turning-to-exotic-programming.html Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html APT Hackers Distributed Android Trojan via Syrian e-Government Portal https://thehackernews.com/2021/07/apt-hackers-distributed-android-trojan.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊強化通訊軟體Line安全性建議 https://www.ntus.edu.tw/cht/index.php?code=list&flag=detail&ids=81&article_id=24395 手機遭駭政府三不管 https://www.chinatimes.com/opinion/20210730004149-262104?chdtv LINE 遭駭客入侵、立刻檢查2項設定！Letter Sealing、自動加好友 https://kikinote.net/160571 台灣百名政要 LINE 驚傳遭入侵！快檢查 2 項設定堵住破口 https://3c.ltn.com.tw/news/45332 讓台灣百名政要「LINE個資」淪陷！三招避免手機被「飛馬」入侵 https://3c.ltn.com.tw/news/45335 手機防駭客入侵國安局建議：每周關機1次 https://reurl.cc/a9bYq4 美政要傳授：挫敗頂級手機黑客只需簡單兩步 https://www.ntdtv.com/b5/2021/07/28/a103176667.html 手機警告「被不明來源入侵攻擊」　網曝真相：點了才出事 https://news.tvbs.com.tw/life/1555804 別怕實聯個資外洩！疫調輔助平台1周上線　讓民眾「反向追蹤」誰查你 https://tw.appledaily.com/life/20210727/2SZ4TP55URB4FIPQVERS3AZMDA/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件不只加速轉型，CIO更要面對新常態2大考驗 https://www.ithome.com.tw/news/145819 秘書、助理需留意的3種網路威脅 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9363 天才駭客張啟元後來怎麼了 https://pttgopolitics.com/gossiping/M.1627571976.A.548.html 我第一次聽到駭客入侵帳號是為了發奧運文的 https://forum.gamer.com.tw/C.php?bsn=60076&snA=6493402&tnum=6 林昀儒爭銅落敗！粉絲團貼文出包　立委撇蹭錯喊冤「駭客入侵」 https://tw.appledaily.com/sports/20210731/7Y7IIM3Q6RBLLBAUVSIXZ3EDVY/ 林昀儒爭銅牌失利卻祝賀摘銅張廖萬堅喊冤質疑遭「駭客入侵」 https://www.chinatimes.com/realtimenews/20210731003211-260407?chdtv Barracuda找出被駭客認定的「容易中招的網民」 https://reurl.cc/gWbA6L 「想哭」攻擊《禍駭：網路犯罪世界的第一手紀實》 https://www.storm.mg/article/3804597 Google 準備刪除休眠開發者帳號與沒有更新的停滯應用程式 https://www.kocpc.com.tw/archives/395767 第三次世界大戰將在網路爆發 CNN披露台灣如何厲兵秣馬 https://www.chinatimes.com/realtimenews/20210728002234-260408?ctrack=mo_main_rtime_p01&chdtv 【來自網路世界的第三次世界大戰！】台灣資安專家警告：當心半導體產業成為目標 https://buzzorange.com/2021/07/28/china-hacker-2/ 美國FBI警訊：提防駭客對東京奧運發動攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=9354 使用受害電腦現成的合法工具，掩蓋攻擊行動 https://www.ithome.com.tw/news/145950 國家級駭客策動攻擊澳洲通訊局長：中國已越界 https://www.cna.com.tw/news/aopl/202107300132.aspx 以色列政府開始調查境內駭客公司NSO Group的行為 https://www.ithome.com.tw/news/145929 美專家：中國武攻台灣恐需動員200萬軍力 https://www.secretchina.com/news/b5/2021/07/29/979484.html 美國國防部靠「自駭」來化解美軍的 AI弱點 https://www.inside.com.tw/article/24342-the-pentagon-is-bolstering-its-ai-systems-by-hacking-itself 美國總統拜登首次對情報部門講話首要關切中共威脅 https://reurl.cc/O0aNM7 公開譴責中國駭客作亂美中網路戰開打 https://www.ftvnews.com.tw/news/detail/2021729W0236 警告中俄！拜登：駭客攻擊會導致真槍實彈 https://ptthito.com/ia/m-1627430043-a-749/ 中國大陸工信部與12家網企座談要求資安責任 https://turnnewsapp.com/livenews/china/A09622002021073016354629 Chinese Hackers Implant PlugX Variant on Compromised MS Exchange Servers https://thehackernews.com/2021/07/chinese-hackers-implant-plugx-variant.html Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees https://thehackernews.com/2021/07/hackers-posed-as-aerobics-instructors.html New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains https://thehackernews.com/2021/07/new-petitpotam-ntlm-relay-attack-lets.html Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims https://thehackernews.com/2021/07/kaseya-gets-universal-decryptor-to-help.html 資安專案管理人員 https://www.518.com.tw/job-y3qWq5.html 資安維運工程師(高雄) https://www.104.com.tw/job/7c53r 海外資安管理人員 https://www.104.com.tw/job/7c4jx 資安駐點工程師(台中霧峰)-無經驗可 https://www.104.com.tw/job/7c457 資安管理工程師(台灣山葉機車關係企業) https://www.518.com.tw/job-yOZ5JE.html 資安管理師 https://www.1111.com.tw/job/97484269/ D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌風靡一時的 Clubhouse 爆出資安危機 38億組電話號碼流入暗網 https://reurl.cc/pgbNYQ 臉書將以 AI 蒐集未成年個資，嚴格審查謊報年齡註冊問題 https://www.inside.com.tw/article/24333-facebook-and-instagram-update-policy-in-order-to-protect-teen-safety 中國籍配偶散布淡大情侶、老師確診等謠言遭調查局法辦 https://news.ltn.com.tw/news/society/breakingnews/3616909 比起假新聞，浸泡在「歐威爾式」言論環境對真相才是更大傷害 https://www.thenewslens.com/article/154310 韓擬立假新聞法爭下月通過 https://reurl.cc/eEb2bR 假新聞和新冠病毒一樣，無法消滅只能共存 https://reurl.cc/Q9lql0 專訪劉致昕《真相製造》：假新聞的仇恨操弄可以化解嗎 https://global.udn.com/global_vision/story/8664/5611597 破碎的自由…港記協反訂立「假新聞法」 https://udn.com/news/story/7331/5604845 BBC籲中國停止騷擾外國記者趙立堅竟批散布假新聞 https://news.ltn.com.tw/news/world/breakingnews/3621111 印度媒體炮製假新聞攻擊中國舉重 WADA：一無所知 https://news.sina.com.tw/article/20210731/39418756.html 網路詐騙、不雅照恐嚇班森賀華人頻受害 https://www.worldjournal.com/wj/story/121390/5640369 相信愛情7旬老婦掉入網路詐騙家屬來信感謝警即時攔阻 https://tyenews.com/2021/07/135608/ 交友、網購、投資網頁都有可能是詐騙！安裝一個功能，幫你秒篩檢可疑網址 https://www.storm.mg/lifestyle/3823123 台中女差點當上陳其邁兒媳！超爆笑網路詐騙高市府回應了 https://www.chinatimes.com/realtimenews/20210718002136-260402?chdtv 愛情來了？網路詐騙交友買3萬點數可跟台灣辣妹見面 https://www.chinatimes.com/realtimenews/20210720002468-260402?chdtv 網路假交友真詐騙崙背警即時成功攔詐 https://reurl.cc/qgbRqR 瞎爆！網路購物超取詐騙多　包裹出現「這3字」千萬別拿 https://news.housefun.com.tw/news/article/119852305452.html 郭婞淳「婞念」T恤照遭盜詐騙網站買1送1優惠拐粉絲上當 https://www.chinatimes.com/realtimenews/20210731002099-260402?chdtv 電信詐騙網路賭博大要案驚現高學歷犯罪 https://news.sina.com.tw/article/20210728/39362402.html 不請自來包裹藏危機　貨到付款詐騙新手法 https://www.cardu.com.tw/news/detail.php?43887 詐騙新招! 網購手機"調虎離山"詐領 https://news.cts.com.tw/cts/society/202107/202107312051356.html Best Practices to Thwart Business Email Compromise (BEC) Attacks https://thehackernews.com/2021/07/best-practices-to-thwart-business-email_29.html Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring https://thehackernews.com/2021/07/dutch-police-arrest-two-hackers-tied-to.html Bank of New Zealand response to the data breach https://www.rbnz.govt.nz/our-response-to-data-breach Reserve Bank of New Zealand Incident Assessment https://www.rbnz.govt.nz/-/media/ReserveBank/Files/data-breach/kpmg-incident-assessment.pdf E.研究報告/工具讓企業陷入風險的五大ACTIVE DIRECTORY 設定錯誤 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9353 #32 / S2EP007 / 主題：政府請做好簡訊實聯制與疫苗平台的資安工作 (1100718-社會事正經撩-第32集) https://open.firstory.me/story/ckrq6wtnd735y0910qoemg961 讓專業的來: AppleJeus惡意程式分享 Feat.王仁甫 https://player.soundon.fm/p/8fdc3e51-8bfb-4bfa-9c65-8ea2ce5a6eb7/episodes/74827719-752a-4573-805a-f640ee2225ed EP2-駭客攻擊這麼狠，企業你準備好了嗎?(資安系列1) https://podcasts.apple.com/podcast/id1570591707?i=1000530121965 Several Malicious Typosquatted Python Libraries Found On PyPI Repository https://thehackernews.com/2021/07/several-malicious-typosquatted-python.html BIMI: A Visual Take on Email Authentication and Security https://thehackernews.com/2021/07/bimi-visual-take-on-email.html ProtOSINT - Python script that helps you investigate Protonmail accounts and ProtonVPN IP addresses https://hakin9.org/protosint-python-script-that-helps-you-investigate-protonmail-accounts-and-protonvpn-ip-addresses/ Windows 10 now lets you install WSL with a single command https://cybersecdn.com/index.php/2021/07/31/windows-10-now-lets-you-install-wsl-with-a-single-command/ 「IE」の脆弱性を利用した新たなサイバー攻撃が見つかる　ソーシャルエンジニアリングとの併用も確認 https://www.itmedia.co.jp/enterprise/articles/2107/30/news132.html#utm_term=share_sp bilalmerokhel / bugbounty https://github.com/bilalmerokhel/bugbounty/blob/main/HTTP-Headers-And-Tricks LightMe - HTTP Server Serving Obfuscated Powershell Scripts/Payloads https://www.kitploit.com/2021/07/lightme-http-server-serving-obfuscated.html CVE-2021-3490 – Pwning Linux kernel eBPF on Ubuntu machines https://securityaffairs.co/wordpress/120688/hacking/cve-2021-3490-linux-kernel-bug.html The Incredible Rise of North Korea’s Hacking Army https://www.newyorker.com/magazine/2021/04/26/the-incredible-rise-of-north-koreas-hacking-army F.商業碩天科技通過 CREST滲透測試強化PowerPanel Cloud 雲服務的資安信心 https://www.onwardsecurity.com/laboratory/item/57 精誠雲服務平台Q3上線估營收占比上看2成 https://money.udn.com/money/story/5613/5636605 Sophos強化資安推網路攻擊模擬及培訓方案 https://reurl.cc/j84Evm 奧義智慧居家辦公專案 AI即時資安防護 https://money.udn.com/money/story/5640/5634367 蓋亞資訊成功防禦Tb級惡意流量DDoS攻擊 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000615770_YWP6UJZA8ZNCBRL4TGWCK 迎接混合工作模式時代！惠普收購遠端訪問軟體商Teradici https://news.cnyes.com/news/id/4688553 熵碼科技助聯網裝置符合最新FIDO標準滿足資安需求 https://udn.com/news/story/7240/5633697 Openfind 攜手中華電信提供 S/MIME 電子郵件簽章服務，疫情下守護企業資安 https://www.openfind.com.tw/taiwan/news_detail.php?news_id=10286 G.政府針對政府機關發動的「此類型」攻擊佔今年第一季70% https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9350 資策會研發工控資安的防疫利器－ICTD 參加國際評測MITRE ATT&CK for ICS 表現亮眼 https://www.iii.org.tw/Press/NewsDtl.aspx?nsp_sqno=2362&fm_sqno=14 國考因應疫情考選部次長建議8項數位轉型 https://www.cna.com.tw/news/aipl/202107300093.aspx 傳政要LINE遭駭資安專家提醒2招自保 https://reurl.cc/kZbe79 台灣百名政要通訊軟件遭攻擊專家：資安人才嚴重不足 https://udn.com/news/story/6656/5639460 政府高層LINE驚傳遭入侵！吳釗燮、唐鳳投書外媒呼籲「團結對抗網安威脅」 https://www.fountmedia.io/article/123667 德媒：台灣百名政要通訊軟件遭攻擊凸顯台資安隱憂 https://www.ntdtv.com/b5/2021/07/30/a103178538.html LINE 驚傳遭到駭客入侵，府院高層等 100 多人帳號被鎖定 https://today.line.me/tw/v2/article/PRVzE0 蔡英文核心圈防駭路數解密　駭客入侵LINE也拿不到重要情資 https://www.storm.mg/article/3843872 傳朝野百餘名政要LINE遭駭綠營：通訊分流提升安全 https://money.udn.com/money/story/5648/5633545?from=edn_breaknewstab_index 政要LINE遭駭民進黨高層：早已使用不同通訊軟體保持分流 https://news.ltn.com.tw/news/politics/breakingnews/3619113 我國政要高層Line遭駭客入侵執法單位已著手調查 https://pourquoi.tw/2021/07/29/taiwan-news-20210729-2/ 上百名府院與軍方高層政要LINE疑似遭駭國安會介入調查 https://www.chinatimes.com/realtimenews/20210728001954-260412?chdtv 台灣百餘政要LINE遭駭日本政府：國內未傳災情 https://udn.com/news/story/6809/5636556 內神通外鬼？！台灣上百位政要「LINE紀錄」遭駭客入侵 https://reurl.cc/VEZxYY 上百名政要被駭客攻擊民進黨團：恐涉及間諜組織 https://udn.com/news/story/6656/5632872?from=udn-ch1_breaknews-1-cate1-news 柯文哲LINE也出狀況　「只能收不能發」 https://www.ettoday.net/news/20210728/2042197.htm?from=amp_newslist 柯文哲自爆 LINE 帳號「故障災況」！直言：都假設全天下看得到 https://3c.ltn.com.tw/news/45342 政要LINE遭駭人事總處︰資安考量用Juiker聯繫公務 https://news.ltn.com.tw/news/politics/breakingnews/3619389 傳百餘名政要LINE遭駭立委要求NCC及法務部嚴查 https://money.udn.com/money/story/7307/5633234?from=edn_breaknewstab_index 金防部小兵把營區內清水溝片PO上抖音　遭陸軍以違反資安規定懲處 https://tw.appledaily.com/politics/20210728/4MAZBCLBIJBBNKDOMINQKK44RQ/ 境外勢力滲透嚴重調查局公開徵求國安微電影拍攝 https://udn.com/news/story/7321/5639501 針對有關盤點大陸廠牌資通訊產品(含軟體、硬體及服務)汰換與經費爭取，請詳如說明 https://cnc.ntut.edu.tw/p/404-1004-110610.php?Lang=zh-tw H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識相關資安 Fortinet：惡意軟體與釣魚郵件攻擊幅度大增，OT業者資安挑戰加劇 https://www.techbang.com/posts/88747-fortinet-releases-2021-state-of-operational-technology-and 通訊架構/資訊安全雙管齊下　無人工廠運行IIoT自主防疫 https://www.2cm.com.tw/2cm/zh-tw/market/A401D4DAE5244DA48D08E636D3463761 Understanding and Minimizing HMI/SCADA System Security Gaps https://www.automation.com/en-us/articles/july-2021/minimizing-hmi-scada-system-security-gaps Industrial Networks Exposed Through Cloud-Based Operational Tech https://threatpost.com/industrial-networks-exposed-cloud-operational-tech/168024/ President Biden Issues National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems https://www.jdsupra.com/legalnews/president-biden-issues-national-3901424/ The Next Disruptive ICS Attack: 3 Likely Sources for Major Disruptions https://securityboulevard.com/2021/07/the-next-disruptive-ics-attack-3-likely-sources-for-major-disruptions/ ICS Advisory (ICSA-21-210-01) Hitachi ABB Power Grids eSOMS https://us-cert.cisa.gov/ics/advisories/icsa-21-210-01 ICS Advisory (ICSA-21-210-02) Wibu-Systems CodeMeter Runtime https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02 ICS Advisory (ICSA-21-049-02) Mitsubishi Electric FA engineering software products (Update B) https://us-cert.cisa.gov/ics/advisories/icsa-21-049-02 ICS Advisory (ICSA-21-208-02) Mitsubishi Electric GOT2000 series and GT SoftGOT2000 https://us-cert.cisa.gov/ics/advisories/icsa-21-208-02 ICS Advisory (ICSA-21-208-04) LCDS LAquis SCADA https://us-cert.cisa.gov/ics/advisories/icsa-21-208-04 I.教育訓練 NAS 全攻略：不懂如何做 NAS 保安 ? 你的 NAS 保安主管 Security Counselor，為你檢查安全設定 https://hk.xfastest.com/125079/qnap-nas-security-counselor/ Cybrary: Free Cybersecurity Training and Career Development https://www.cybrary.it/ Free Online Cybersecurity Courses (MOOCs) https://www.cyberdegrees.org/resources/free-online-courses/ 6.近期資安活動及研討會 2021農業開放資料論壇 8/1 https://www.accupass.com/event/2107140612063453095840 Water Cooler Conversation #28 by #TechLearnEng 8/3 https://www.meetup.com/tech-learn-en/events/279587758 BUiLT Paid into Tech 8/4 https://www.meetup.com/blacks-united-in-leading-technology-greater-china/events/279619371 搶攻 LINE OA 跨境招生潮 / 課程代號 LA3 8/10 https://www.accupass.com/event/2103310827012203476660 中華電信學院創客智慧應用研習班第三梯 8/10 ~ 8/11 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=349 PH Tech Community Leads Meetup #52: Phone me A Code - Game Night 8/13 https://www.meetup.com/Philippine-Tech-Community-Leaders/events/279778390 【創客小聚】物聯日常的崛起，Chatbot x IoT一網打盡！ 8/14 https://www.accupass.com/event/2104231345071268826835 【Arm DevTalks 2021】當MCU遇上AI：Embedded ML大有可為 8/14 https://www.accupass.com/event/2107291203058890029980 第六屆臺灣好厲駭徵選活動 8 月 16 日(一)中午 12 點截止 https://isip.moe.edu.tw/wordpress/?p=2201 解鎖MarTech關鍵戰略 8/18 https://www.accupass.com/event/2107280956181066268985 中華電信學院物聯網實作研習班 (3天班)第9梯 8/18 ~ 8/20 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=353 2021兒童邏輯程式營│不插電程式× Dash機器人 8/23 ~ 8/27 https://www.accupass.com/event/2104200927355518736600 【數位同步】資安事件處理與數位鑑識實務 8/23 ~ 8/24 https://college.itri.org.tw/course/all-events/A5D5BF91-59FC-40D5-BE97-B7FE58AD612E.html 聊天機器人開發－你的口袋電影百科 8/25 https://www.accupass.com/event/2107300457311258309333 學生計算機年會 SITCON 2021 9/4 https://sitcon.org/2021/ 一日資訊人體驗 / 程式驅動「資安工程師職涯體驗工作坊」 9/11 https://www.accupass.com/event/2103311106541674023956 中華電信學院自主式移動機器人ROS開發實戰班 09/22、09/23、10/07、10/08 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=318 Golang Taipei Gathering #58 9/28 https://www.meetup.com/golang-taipei-meetup/events/277604159/ Cyber Defense Summit 2021 Oct. 4-7, 2021 https://summit.fireeye.com/ 中華電信學院委外廠商安全程式碼撰寫基礎測驗班 10/12 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=424 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=425 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=426 中華電信學院樹莓派學開車，手把手實做人工智慧自駕車板橋第四梯 10/21 ~ 10/22 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=317 2021 MOPCON 行動科技年會 10/23 ~ 10/24 https://www.accupass.com/event/2107211505081465802842 HITCON 2021 台灣駭客年會 11/26 ~ 11/27 https://kktix.com/events/hitcon-2021/ 中華電信學院委外廠商安全程式碼撰寫基礎測驗班 12/14 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=427 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=428 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=429