資安事件新聞週報 2022/4/18 ~ 2022/4/22

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/4/18 ~ 2022/4/22 1.重大弱點漏洞/後門/Exploit/Zero Day Oracle Critical Patch Update for April 2022 https://www.oracle.com/corporate/security-practices/assurance/vulnerability/security-fixing.html Juniper 近日發布更新以解決多個產品的安全性弱點 https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=date%20descending&f:ctype=[Security%20Advisories] https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-release-2011-L4?language=en_US 思科修補可繞過身分認證的無線網路控制器韌體漏洞 https://www.ithome.com.tw/news/150464 思科資安解決方案的管理遠端存取機制存在漏洞，恐被攻擊者竊取管理員帳密 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uva-static-key-6RQTRs4c Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA https://thehackernews.com/2022/04/cisco-releases-security-patches-for.html 駭客著手開採微軟今年2月修補的Windows Print Spooler漏洞 https://www.ithome.com.tw/news/150512 美國要求聯邦機構限期修補已遭利用的Print Spooler漏洞 https://www.bleepingcomputer.com/news/security/cisa-warns-of-attackers-now-exploiting-windows-print-spooler-bug/ 聯想筆電韌體存在漏洞，攻擊者恐用於植入UEFI惡意軟體 https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/ 威聯通公告部分NAS機種可能存在Apache HTTP伺服器漏洞，並提出緩解措施 https://www.qnap.com/zh-tw/security-advisory/qsa-22-11 QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities https://thehackernews.com/2022/04/qnap-advises-users-to-update-nas.html 解壓縮軟體7-Zip出現漏洞，恐讓攻擊者獲得管理員權限 https://github.com/kagancapar/CVE-2022-29072#readme= Google資安報告驚見58個零日漏洞、全球駭客攻擊創歷史新高 https://3c.ltn.com.tw/news/48696 Amazon's Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug https://thehackernews.com/2022/04/amazons-hotpatch-for-log4j-flaw-found.html Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails https://thehackernews.com/2022/04/unpatched-bug-in-rainloop-webmail-could.html Critical Chipset Bugs Open Millions of Android Devices to Remote Spying https://thehackernews.com/2022/04/critical-chipset-bug-opens-millions-of.html New Incident Report Reveals How Hive Ransomware Targets Organizations https://thehackernews.com/2022/04/new-incident-report-reveals-how-hive.html Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021 https://thehackernews.com/2022/04/google-project-zero-detects-record.html Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild https://thehackernews.com/2022/04/hackers-exploiting-recently-reported.html New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops https://thehackernews.com/2022/04/new-lenovo-uefi-firmware.html Critical RCE Flaw Reported in WordPress Elementor Website Builder Plugin https://thehackernews.com/2022/04/critical-rce-flaw-reported-in-wordpress.html Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System https://thehackernews.com/2022/04/researchers-detail-bug-that-could.html Microsoft 已發布公告以解決關鍵的遠端程式碼執行弱點 https://docs.microsoft.com/zh-tw/windows-server/storage/file-server/smb-secure-traffic https://www.cisa.gov/uscert/ncas/current-activity/2022/04/13/microsoft-releases-advisory-address-critical-remote-code-execution Researcher Releases PoC for Recent Java Cryptographic Vulnerability https://thehackernews.com/2022/04/researcher-releases-poc-for-recent-java.html Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud https://thehackernews.com/2022/04/watch-out-cryptocurrency-miners.html 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安臺企銀行動銀行App 首推Wi-Fi安全偵測 https://wantrich.chinatimes.com/news/20220418900142-420101 駭客風暴帶來的教訓：北富銀善用瀑布式管理與敏捷導入，高效開發智能資安系統 https://www.managertoday.com.tw/articles/view/64972 擔心出門忘記帶錢包？英國新創在手上植入微晶片，讓你成為「人體信用卡」 https://meet.bnext.com.tw/articles/view/48970 手機報稅2.0升級新增3大功能 https://ec.ltn.com.tw/article/breakingnews/3901954 統一超整合虛實通路推繳稅服務平台 https://www.cna.com.tw/news/ahel/202204210092.aspx 3.電子支付/行動支付/pay/資安街口電支的成長經驗：IT 團隊如何活用專案管理技術、撐過業務爆量期的陣痛 https://www.managertoday.com.tw/articles/view/64973 行動支付結帳時皮夾放一旁 3秒內就遭竊 https://reurl.cc/WrLy4D 悠遊卡公司總經理邱昱凱：「一卡一付」生態圈逐漸成形，望能實現無現金生活 https://reurl.cc/q58oDn 印度最大行動支付Paytm 誇口明年Q3前打平 https://reurl.cc/x90oDe Meta Platforms在印度移動支付市場是如何落於人後的 https://reurl.cc/vd1onj 中華郵政i郵箱首家電子支付上線 https://reurl.cc/o1dpLD 日本Uber Eats攜手樂天將可使用樂天Pay電子支付服務 https://news.cnyes.com/news/id/4854994 為蝦皮放寬電子支付門檻？黃天牧怒回應 https://ctee.com.tw/news/policy/626317.html 金管會盯第三方支付　3家業者列電支預備生 https://www.cardu.com.tw/news/detail.php?45927 不只蝦皮交易超過10億元兩家第三方支付亦逼近納管門檻 https://news.cnyes.com/news/id/4855817 Coinbase印度擴展受阻盧比電子支付被國家機器終止 https://reurl.cc/mo97n7 電子消費券｜街市不足三成檔販裝電子支付　檔販拆解一原因致卻步 https://reurl.cc/7DonXN 電子支付APP 掃碼繳稅最便利 https://reurl.cc/ZA7EO3 台灣超商揪甘心！中國人妻離開電子支付　直呼：交易不再是冰冷機器－民視新聞 https://www.ftvnews.com.tw/video/detail/EBYlzLzcTR0 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約資安 Beanstalk 遭閃電貸攻擊損失 1.8 億美元，穩定幣 $BEAN 脫鉤瞬崩跌 90% https://www.blocktempo.com/attacker-drains-182m-from-beanstalk/ 安全團隊：UglyPeopleNFT的Discord被駭客入侵 https://amp-news.cnyes.com/news/id/4854786 NFT項目Metaconz遭受攻擊，駭客利用惡意函數剝奪錢包權限 https://news.cnyes.com/news/id/4855024 比特幣與以太幣週一連袂下挫，比特幣盤中下滑3.57%，跌破4月低點 https://reurl.cc/QL3NLo 要價 2.5 ETH 矚目 NFT 項目《Moonbirds》發售 2 日內地板價飆升將近 8 倍 https://hypebeast.com/zh/2022/4/moonbirds-nft-proof-collective-opensea-volume-ranking DeFi一個月竟然被偷兩次！穩定幣協議Beanstalk損失1.82億美元，創辦人回應：不該要我們負責 https://www.bnext.com.tw/article/68622/defi-attack-hacker 穩定幣協議 Beanstalk 遭閃電貸攻擊，BEAN 暴跌近 90% https://smartrichs.com/stablecoin-protocol-beanstalk-was-attacked-by-flash-loan-bean-plummeted-by-nearly-90/ Robinhood推出加密錢包，加密資產離主流更進一步 https://hk.investing.com/analysis/article-100435 駭客鎖定加密錢包MetaMask用戶下手，竊取存放在iCloud的通關密語來掏空加密貨幣 https://www.bleepingcomputer.com/news/security/hackers-steal-655k-after-picking-metamask-seed-from-icloud-backup/ 近一周Ronin駭客錢包地址累計轉出2.24萬枚ETH https://news.cnyes.com/news/id/4855904?exp=a Beanstalk Farms將商討項目重啟方案，並呼籲駭客返還90%被盜資金 https://news.cnyes.com/news/id/4855640 加密幣焦慮/夯到用來賄選？法務部長的憂慮有沒有道理 https://money.udn.com/money/story/5648/6253348 NFT市集Rarible存在漏洞，恐被攻擊者用於竊取NFT與Token https://research.checkpoint.com/2022/check-point-research-detects-vulnerability-in-the-rarible-nft-marketplace-preventing-risk-of-account-take-over-and-cryptocurrency-theft/ CipherTrace報告｜門羅幣正走向勒索軟體首選，駭客將比特幣贖金支付增10-20%溢價 https://www.blocktempo.com/monero-crypto-of-choice-as-ransomware/ 北朝鮮電玩高手竊走NFT遊戲加密貨幣6.2億美金，驚動FBI出面調查 https://www.5richer.com/arts/42846.html Web3時代！中國有條件開放NFT交易活動專家:建議新手這麼做! https://www.thehubnews.net/archives/95135 NFT、虛擬加密貨幣賺很大? 謹防騙子拿走這兩個東西,血本無歸 https://blog.trendmicro.com.tw/?p=71904 安全公司：illogicsNFT Discord兩名團隊成員的Discord帳戶被盜 https://news.cnyes.com/news/id/4857181?exp=a 盤點 13 起史上規模最大 DeFi 竊盜案，今年 Beanstalk 、Wormhole、Ronin 入列前五 https://www.blocktempo.com/13-biggest-defi-hacks-and-heists/ DeFi借貸協議YEED遭受攻擊，駭客獲利百萬卻被永久鎖定 https://news.cnyes.com/news/id/4857413 門羅幣成駭客勒索首選，比特幣同等溢價提升 20% https://reurl.cc/VDXnd6 全方位保障交易安全　 BingX交易所創下錢包零盜失歷史 https://www.thehubnews.net/archives/95642 駭客偏好從DeFi平臺盜取加密貨幣 https://blog.chainalysis.com/reports/2022-defi-hacks/ LINE開發NFT平台首度在台招募區塊鏈技術團隊 https://www.rti.org.tw/news/view/id/2130815 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 風力發電大廠 Nordex 遭 Conti 勒贖攻擊，IT 系統與風機管理系統停擺 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9818 什麼是 RagnarLocker？FBI 發布舊勒索軟體家族的新警報 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9814 Mars Stealer惡意軟體潛藏於Google上之OpenOffice廣告 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9816 木馬程式RemcosRAT鎖定非洲銀行下手 https://threatresearch.ext.hp.com/malware-campaigns-targeting-african-banking-sector/ 駭客組織Karakurt與勒索軟體Conti狼狽為奸，協助該組織後續索討贖金 https://reurl.cc/j15VR2 方便的 Google Play Store 安裝工具被發現惡意程式碼，幫忙竄改瀏覽器好讓 Windows 11 用戶連上詐騙網頁 https://www.kocpc.com.tw/archives/436715 駭客藉由提供Windows 11升級的名義來散布竊密軟體 https://www.bleepingcomputer.com/news/security/unofficial-windows-11-upgrade-installs-info-stealing-malware/ 駭客建立Windows 11 下載偽官網，助你免費安裝客製「病毒化」Windows 11系統 https://www.techbang.com/posts/95710-security-personnel-discovered-a-new-fake-microsoft-win11 只要下載就會被盜！這款惡意軟體「偽裝成銀行APP」，連客服電話都是假的！ https://ebcbuzz.com/category/fun/new/244719 間諜軟體Pegasus又有新的受害者！英國政府遭到鎖定 https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/ 惡意軟體Emotet攻擊行動再度急劇增加 https://www.bleepingcomputer.com/news/security/emotet-botnet-switches-to-64-bit-modules-increases-activity 殭屍網路BotenaGo變種病毒鎖定利凌視訊監視器下手 https://www.nozominetworks.com/blog/new-botenago-variant-discovered-by-nozomi-networks-labs/ 資安業者提供勒索軟體「閰羅王」解密工具 http://support.kaspersky.com/8547 微軟成功接管 ZLoader 殭屍網路超過 400 個網域 https://technews.tw/2022/04/22/microsoft-successfully-takes-over-zloader-botnet/ 勒索軟體鎖定農業合作社下手 https://www.ic3.gov/Media/News/2022/220420-2.pdf 勒索軟體Black Cat半年內已入侵逾60個組織 https://www.ic3.gov/Media/News/2022/220420.pdf 蠕蟲程式TeamTNT針對AWS、阿里雲發動攻擊 https://blog.talosintelligence.com/2022/04/teamtnt-targeting-aws-alibaba.html 駭客向其他網路罪犯免費提供竊密軟體Ginzo Stealer，疑似為了培養客群 https://www.gdatasoftware.com/blog/2022/03/ginzo-free-malware 兩勒索軟件組織發動今年首季逾半攻擊 https://www.wepro180.com/ransomware220422/ Kaspersky report on Emotet modules and recent attacks https://securelist.com/emotet-modules-and-recent-attacks/106290/ Tough Times for Ukrainian Honeypot https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/tough-times-for-ukrainian-honeypot/ Lazarus Targets Chemical Sector https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical Zloader 2: The Silent Night https://decoded.avast.io/vladimirmartyanov/zloader-the-silent-night/ https://blogs.microsoft.com/on-the-issues/2022/04/13/zloader-botnet-disrupted-malware-ukraine/ https://www.welivesecurity.com/2022/04/13/eset-takes-part-global-operation-disrupt-zloader-botnets/ "Haskers Gang" Introduces New ZingoStealer https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html Cyberattack on state organizations of Ukraine using the malicious program IcedID https://cert.gov.ua/article/39609 Eagle Monitor RAT https://blog.cyble.com/2022/04/18/under-the-lens-eagle-monitor-rat/ Peering into A PYSA Ransomware Attack https://www.sentinelone.com/blog/from-the-front-lines-peering-into-a-pysa-ransomware-attack/ TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies https://www.cisa.gov/uscert/ncas/alerts/aa22-108a A new type of malware from the Lazarus attack group that exploits the INITECH process https://asec.ahnlab.com/ko/33706/ Malware Campaigns Targeting African Banking Sector https://threatresearch.ext.hp.com/malware-campaigns-targeting-african-banking-sector/ Nobelium - Israeli Embassy Maldoc https://inquest.net/blog/2022/04/18/nobelium-israeli-embassy-maldoc Public Cloud Cybersecurity Threat Intelligence (202203) https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/ An Investigation of the BlackCat Ransomware https://reurl.cc/rD80yk https://www.trendmicro.com/en_us/research/22/d/an-investigation-of-the-blackcat-ransomware.html "aa" distribution Qakbot (Qbot) infection with DarkVNC traffic https://isc.sans.edu/diary/rss/28568 New BotenaGo Variant Discovered https://www.nozominetworks.com/blog/new-botenago-variant-discovered-by-nozomi-networks-labs/ Information Stealer Targets Crypto Wallets Via Fake Windows 11 Update https://cloudsek.com/whitepapers_reports/information-stealer-targets-crypto-wallets-via-fake-windows-11-update/ Cyberattack on state organizations of Ukraine using the topic "Azovstal" and the malicious program Cobalt Strike Beacon https://www.circl.lu/doc/misp/feed-osint/1b2b6e15-3655-4648-afcb-c93214187736.json Prynt Stealer Spotted In the Wild https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/ Warez users fell for Certishell https://decoded.avast.io/danielbenes/warez-users-fell-for-certishell/ https://github.com/avast/ioc/blob/master/Certishell/samples.sha256 https://github.com/avast/ioc/blob/master/Certishell/samples.sha1 https://github.com/avast/ioc/blob/master/Certishell/network.txt Nokoyawa Ransomware | New Karma/Nemty Variant Wears Thin Disguise https://www.sentinelone.com/labs/nokoyawa-ransomware-new-karma-nemty-variant-wears-thin-disguise/ The ink-stained trail of GOLDBACKDOOR https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report_-The-ink-stained-trail-of-GOLDBACKDOOR.pdf Hive Ransomware Analysis https://www.varonis.com/blog/hive-ransomware-analysis Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-intense-campaign-ukraine https://github.com/Symantec/threathunters/blob/main/Shuckworm/host https://github.com/Symantec/threathunters/blob/main/Shuckworm/network Hackers Sneak 'More_Eggs' Malware Into Resumes Sent to Corporate Hiring Managers https://thehackernews.com/2022/04/hackers-sneak-moreeggs-malware-into.html Researchers Share In-Depth Analysis of PYSA Ransomware Group https://thehackernews.com/2022/04/researchers-share-in-depth-analysis-of.html New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar https://thehackernews.com/2022/04/new-solarmarker-malware-variant-using.html New Hacking Campaign Targeting Ukrainian Government with IcedID Malware https://thehackernews.com/2022/04/new-hacking-campaign-targeting.html Hackers Sneak 'More_Eggs' Malware Into Resumes Sent to Corporate Hiring Managers https://thehackernews.com/2022/04/hackers-sneak-moreeggs-malware-into.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 iPhone 網路不穩怎麼辦？10招解決網路變慢和上網不穩問題 https://mrmad.com.tw/iphone-network-instability-how-to-solve Mac電腦的App Store市集出現騙錢軟體，不訂閱就無法關閉應用程式 https://reurl.cc/NA6OG5 「零點擊攻擊」讓手機躺著也中槍？還能成為全球各國大生意 https://www.bnext.com.tw/article/68371/dos-zero-click-attack 不受限制的信息平台：俄烏戰爭中的Telegram https://cn.nytimes.com/world/20220419/russian-propaganda-telegram-ukraine/zh-hant/ 蘋果開發新款HomePod！將與Apple TV和FaceTime相機結合 https://times.hinet.net/news/23868322 高通、聯發科晶片爆最新漏洞！主流 Android 手機幾乎全中標 https://3c.ltn.com.tw/news/48723 蘋果老舊 ALAC 格式有漏洞，卻危及高通、聯發科晶片手機 https://technews.tw/2022/04/22/apple-alac-qualcomm-mediatek/ 高通與聯發科手機處理器晶片使用存在漏洞的聲音解碼器，恐波及三分之二安卓用戶 https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/ 手機密碼「全面消失」！安卓1功能爆入侵危機　專家給答案 https://news.tvbs.com.tw/life/1773192 歐盟進一步推動以USB-C作為統一充電規格，預計2026年以前確定無線充電技術通用性 https://mashdigi.com/common-charger-meps-agree-on-proposal-to-reduce-electronic-waste/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力黑帽公布2022年黑帽亞洲混合大會的主題演講貴賓名單 http://www.businesswirechina.com/hk/news/50257.html 「攻擊就是最好的防守！」拿下資安界奧斯卡獎的戴夫寇爾，如何解密網路戰爭背後的資安挑戰 https://buzzorange.com/techorange/2022/04/19/ppodcast-devcore-cyber-warfare/ 76%台灣企業認為：未來12月內會被駭客攻擊得逞 https://udn.com/news/story/7240/6251055?from=udn-catelistnews_ch2 Trend Micro趨勢科技公布網路資安風險指標：台灣超過3/4企業機構認為自己在2022年有可能遭駭客入侵 https://zeekmagazine.com/archives/170223 呼籲企業應採用公開標準進行第三方網路資安風險量化評估 https://news.ebc.net.tw/news/living/313587 鼎峰亞太集團呼籲公開標準進行第三方網路資安風險量化評估 https://money.udn.com/money/story/5635/6258432 遙距工作依賴雲端應用資安風險靠SASE把關 https://www.18hall.com/sase/ 疫情蔓延企業數位化轉型 DDoS資安威脅引起重視 https://www.storm.mg/localarticle/4295663 當心！駭客攻擊手法再創新　音訊檔「WAV」成犯罪工具 http://n.yam.com/Article/20220419863490 Okta公布Lapsus$駭客事件調查結果：只被駭了25分鐘 https://www.ithome.com.tw/news/150561 FBI警告：北韓駭客以拉撒路（Lazarus）為首，恐大量針對加密公司攻擊 https://www.horizonnextsumari.com/article/3815 慢霧：注意防範APT組織Lazarus Group駭客攻擊 https://news.cnyes.com/news/id/4855524?exp=a 美國揭露北韓駭客Lazarus攻擊區塊鏈業者手法 https://www.ithome.com.tw/news/150497 公民實驗室示警英政府內部網路疑遭飛馬入侵 https://www.cna.com.tw/news/aopl/202204190278.aspx 駭客用盜來的OAuth權杖存取GitHub的私有儲存庫 https://www.ithome.com.tw/news/150462 攻擊者利用遭竊的OAuth憑證入侵NPM等數十個組織的GitHub https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/ 親俄羅斯駭客集團 Conti 遭報復！烏籍研究員洩出大量內部對話、原始碼、營運資料 https://www.blocktempo.com/russian-ransomware-group-conti-hurt-by-leaks/ 羞辱普丁匿名者公佈俄國特務名單並攻擊石油相關產業 https://newtalk.tw/news/view/2022-04-19/741858 烏克蘭組網軍施壓跨國企業撤出俄國 https://ec.ltn.com.tw/article/breakingnews/3899680 聲援烏克蘭的神秘駭客組織將推 GameFi？一款離線也獲取收益的區塊鏈資安概念遊戲 https://www.blocktempo.com/anonverse-gamefi-crypto-war-v/ 俄烏苦戰敲響警鐘！日媒指陸被迫改攻台劇本　擴大核武力 https://news.tvbs.com.tw/politics/1770960 對抗飛彈最佳武器就是科技！31歲烏克蘭部長率百人躲地窖打「第一次世界網路大戰」 https://udn.com/news/story/122663/6256349 俄媒意外曝光！俄國防部公布俄軍死傷網驚和烏克蘭戰報相符 https://news.ltn.com.tw/news/world/breakingnews/3902495 微軟Windows 再次受到中國Hafnium組織攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9808 美國政府表示朝鮮支持的駭客組織以加密和區塊鏈公司為攻擊目標 https://news.cnyes.com/news/id/4855435 英相官邸遭「間諜軟體」入侵、外交部也被駭阿聯疑策畫 https://www.worldjournal.com/wj/story/121257/6252905 北約在俄烏戰爭背景下舉行「鎖盾」網絡安全演習 https://reurl.cc/yrgWW2 Experts Uncover Spyware Attacks Against Catalan Politicians and Activists https://thehackernews.com/2022/04/experts-uncover-spyware-attacks-against.html FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies https://thehackernews.com/2022/04/fbi-us-treasury-and-cisa-warns-of-north.html 資安管理師 https://www.cakeresume.com/companies/presco-ws/jobs/information-security-manager?locale=fr 資安鑑識分析師 https://www.104.com.tw/job/5xtj0?jobsource=cs_custlist 網路資安解決方案工程師 https://www.104.com.tw/job/6hygw?jobsource=cs_custlist 資深網路資安解決方案工程師 https://www.104.com.tw/job/6hyog?jobsource=cs_custlist 資安檢測工程師 https://www.104.com.tw/job/64myq?jobsource=cs_custlist ICS工控資安工程師 (工業控制系統) https://www.104.com.tw/job/6j369?jobsource=cs_custlist 資安事件調查員 https://www.104.com.tw/job/6j3cl?jobsource=cs_custlist 資深網路安全工程師 https://www.104.com.tw/job/5xo6u?jobsource=cs_custlist ICS工控資安工程師(資訊/資安) https://www.104.com.tw/job/6ne28?jobsource=cs_custlist 資安系統工程師 https://www.104.com.tw/job/7m18m D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Okta Says Security Breach by Lapsus$ Hackers Impacted Only Two of Its Customers https://thehackernews.com/2022/04/okta-says-security-breach-by-lapsus.html 蘆竹傳「假警察、真碰瓷」團伙犯案警關切原Po竟刪文 https://udn.com/news/amp/story/7320/6246848 公衛資安遭駭入？超過百萬個資被詐騙集團所接收 https://reurl.cc/QL3Nb0 美國警告鎖定T-Mobile用戶來的簡訊網釣攻擊 https://www.cyber.nj.gov/alerts-advisories/new-smishing-campaign-targets-t-mobile-customers 美國警告鎖定行動支付的網釣簡訊攻擊 https://www.ic3.gov/Media/Y2022/PSA220414 肉票變綁匪!不肖兒詐48萬贖金露餡母崩潰 https://news.cts.com.tw/cts/society/202204/202204182077649.html 華人失業金遭盜刷紐約布魯克林再爆多案 https://www.worldjournal.com/wj/story/121381/6249485 大馬才子來台收入歸零 4月初帳號還被盜 https://www.epochtimes.com/b5/22/4/19/n13715265.htm 強制全民參與研究，個資法默許－健保資料庫釋憲在即 https://www.civilmedia.tw/archives/110271 他回撥「蘋果來電」慘了！才2秒鐘　1900萬加密貨幣全被偷光 https://www.ettoday.net/news/20220421/2234959.htm 蘋果用戶提供驗證碼竟損失1900萬？資安專家揭網路詐騙新招 https://news.ltn.com.tw/news/world/breakingnews/3901639 嚴防認知作戰威脅強化全民媒體識讀 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1498675&type=forum Whoscall警告假冒虛擬貨幣交易所釣魚簡訊連日來達上百封，成最新詐騙手法 https://www.techbang.com/posts/95784-attention-investors-phishing-newsletters-on-virtual-currency 多名網友PTT帳號被盜，疑似採用與其他網站服務相同的密碼，或使用不安全連線所致 https://www.facebook.com/PttTW/posts/10158226494581364 E.研究報告/工具防駭客的基本認知 : 備份與還原 https://tech-blog.cymetrics.io/posts/nick/backup/ VPN在安全領域的使用優勢 https://qooah.com/2022/04/19/advantages-of-vpn-in-the-field-of-security/ 免費的最貴？！VPN的安全危機 https://player.soundon.fm/p/8fdc3e51-8bfb-4bfa-9c65-8ea2ce5a6eb7/episodes/0912e433-7c6f-4414-9797-d19270e3c790 Automate Alert Triage and Response Tasks with Intezer EDR Connect https://www.intezer.com/blog/incident-response/alert-triage-edr-integrations/?utm_medium=email&utm_source=hs_email Why WAF and Firewall Solutions Will Not Help Against Third-Party Website Attacks https://www.reflectiz.com/blog/why-your-web-application-firewall-waf-will-not-help-against-third-party-website-attacks/?utm_medium=paved GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens https://thehackernews.com/2022/04/github-notifies-victims-whose-private.html Benchmarking Linux Security – Latest Research Findings https://thehackernews.com/2022/04/benchmarking-linux-security-latest.html Gatekeepers in Machine Learning https://themeansquare.medium.com/gatekeepers-in-machine-learning-98375d1d6e90 How I’m using Machine Learning to Trade in the Stock Market https://medium.com/analytics-vidhya/how-im-using-machine-learning-to-trade-in-the-stock-market-3ba981a2ffc2 Advanced exploratory data analysis (EDA) with Python https://medium.com/epfl-extension-school/advanced-exploratory-data-analysis-eda-with-python-536fa83c578a How to convert TensorFlow model and run it with OpenVINO™ Toolkit https://medium.com/openvino-toolkit/how-to-convert-tensorflow-model-and-run-it-with-openvino-toolkit-519e4277ccdb Blockchain layers (L0, L1, L2, L3) in a Diagram https://medium.com/@nick.5montana/blockchain-layers-l0-l1-l2-l3-in-a-diagram-569162398db Say goodbye to Let’s Encrypt, welcome Google-managed SSL certificates https://xbery.medium.com/say-goodbye-to-lets-encrypt-welcome-google-managed-ssl-certificates-4d92831750e1 F.商業 FortiOS 7.2 新增超過 300 項功能，保護分散式基礎架構 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9811 Westcon-Comstor和 Broadcom 宣佈簽屬專屬 Symantec 銷售代理協議 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9810 思科：台灣企業平均花費200萬美元在隱私保護 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9815 台灣微軟藉 Azure HPC 助攻，加速鴻海人工智慧研究成果 https://technews.tw/2022/04/19/cooperation-between-microsoft-taiwan-and-hon-hai-in-artificial-intelligence/ 新職缺顯示亞馬遜也計畫投入結合擴增實境、混合實境的元宇宙佈局 https://mashdigi.com/amazon-is-working-on-a-mysterious-ar-smart-home-product-according-to-job-listings/ 資安威脅政府單位首當其衝，Openfind 提供縱深防禦方案 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9822 Palo Alto Networks 深度剖析2022 年勒索軟體威脅趨勢 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9829 偉康科技推雲端身分認證服務以高規架構堅實資安防護網 http://n.yam.com/Article/20220422518121 偉康科技數位身份SaaS 助NPO建構主動資安防禦網 https://money.udn.com/money/story/11799/6258236 G.政府華視新聞誤播台海戰爭快訊緊急道歉召開自律委員會懲處 https://www.cna.com.tw/news/ahel/202204200044.aspx 誤報共軍襲台　鄭麗文：蔡政府先錄好，打算選前大賣芒果乾 https://www.storm.mg/article/4296731 調查局追華視誤植「導彈攻台」假訊息！2導播招：單純失誤 https://www.setn.com/News.aspx?NewsID=1103451 華視誤報「兩岸開戰」！調查局約談2導播　失誤原因曝光 https://tw.appledaily.com/life/20220421/D6RI26V6BRFOBGJQJSUZ6COV34/ 華視誤播「新北市遭共軍導彈擊中」調查局通知導播、字幕人員說明 https://newtalk.tw/news/view/2022-04-21/742683 華視導彈烏龍內幕曝光調查局資安站第一時間趕抵查境外勢力 https://wantrich.chinatimes.com/news/20220421900356-420501 華視「導彈攻台」烏龍法務部說話了！涉國安偵辦中 https://www.chinatimes.com/realtimenews/20220421002721-260407?chdtv H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安五眼聯盟警告俄羅斯駭客集團針對全球重大基礎設施展開報復性攻擊 https://www.ithome.com.tw/news/150539 美國CISA發布AA22-103A警報：關鍵基礎設施及製造業提防PLC被 Pipedream攻陷 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9813 疑報復經濟制裁，俄羅斯駭客鎖定全球關鍵基礎設施展開網路攻擊 https://www.cisa.gov/uscert/ncas/alerts/aa22-110a 保障IoT節點安全性的「硬」方法 https://www.eettaiwan.com/20220419nt31-securing-the-iot-technical-approaches-to-defend-and-protect-iot-nodes/ 居家安裝室內監控鏡頭小心家人影像駭客看光光 https://www.worldjournal.com/wj/story/121473/6252077 這款居家監控鏡頭有漏洞駭客全看光專家：軟體須定期更新 https://reurl.cc/WrLzzy 車用資安防衛戰開打！法遵尚且不足台廠仍需努力 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=220&id=0000633036_7W61SE4K2S6TIX7WB9EPJ 奧義智慧攜手菱鏡共建車聯網資安生態系 https://ctee.com.tw/industrynews/technology/631175.html ASUS RT-AX88U - Format String https://www.twcert.org.tw/tw/cp-132-6043-0f72c-1.html I.教育訓練中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班：全面招生中 https://www.cs.nycu.edu.tw/announcements/detail/8778 2022「證券期貨資訊安全實務養成課程」即日起開始報名 https://www.sfi.org.tw/news/news-7/3589 網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works) https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html 【資安管理國際證照懶人包】學習心得、考試要點一次整理！2022 轉職夢幻工作看這篇 https://buzzorange.com/techorange/2021/12/30/isaca/ CISSP考試心得 – Benson https://reurl.cc/GbWvxd CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 110年新進人員「校園資訊安全講座」教材 https://cc.nccu.edu.tw/p/406-1001-740,r18.php 【訓練教材D】資訊安全技術教育訓練教材 https://iscb.nchu.edu.tw/2019/07/d.html 109資通安全管理法數位教育訓練 https://reurl.cc/ARlmqp 110-1初級資訊安全工程師-資訊安全管理概論 https://yamol.tw/exam.php?id=104050 中大信息工程學系栽培資訊科技領導人才 https://reurl.cc/ARZKDK 伊雲谷、中山大學產學合作累積雲端資安人才能量 https://ctee.com.tw/industrynews/technology/587459.html SANS Cyber Aces Online Tutorials https://tutorials.cyberaces.org/tutorials.html Free Online Cybersecurity Courses (MOOCs) https://www.cyberdegrees.org/resources/free-online-courses/ Develop Your Cybersecurity Skills https://www.cybrary.it/catalog/cybersecurity/ Mobile App Security https://www.cybrary.it/course/mobile-app-security/ Introduction to Cybersecurity https://reurl.cc/bnaj6d How to Tackle SaaS Security Misconfigurations https://thehackernews.com/2021/11/how-to-tackle-saas-security.html How to Build a Security Awareness Training Program that Yields Measurable Results https://thehackernews.com/2021/11/how-to-build-security-awareness.html Common Attacks https://choson.lifenet.com.tw/?p=1174 6.近期資安活動及研討會 Python 數據分析一日工作坊 - 電商、Airbnb分析實戰 2022/4/23 https://www.meetup.com/PyLadiesTW/events/284972118/ 區塊鏈與智慧資安女力論壇 2022/4/24 https://isipevent.kktix.cc/events/e58d0573 沙崙資安基地線上免費課程：【資產盤點暨風險評鑑實務】 2022/04/26 https://bit.ly/3KmFTqW 資通安全電腦稽核-防火牆管理查核實例演練~稽核最佳實務演練 2022/04/28 https://www.acl.com.tw/news/news_display.php?id=1802 SEMI E187設備資安標準導入與實務研討會 2022/4/29 https://www.semi.org/zh/cybersecurity-standards-seminar 「資安鑑識課程-系列Ⅰ初級課程：資安科技基礎養成：滑鼠鍵盤敲起來【從密碼到資安】」線上研習 2022/4/29 https://docs.google.com/forms/d/1yS8JontNqGinMYUOaYj9aQ-Ov92yda7eFldgjotOAUs K12的科技教育-除了程式還可以教什麼 2022/5/9 https://www.meetup.com/rladies-taipei/events/284421238/ 元智資工高中生短期資訊課程-微插電資安體驗工作坊 2022/5/14 https://cse-yzu.kktix.cc/events/yzcs7 資安政策法規標準 2022/5/25 ~ 2022/5/26 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19873 資訊安全系列課程系列九：機器學習與資安異常診斷實務(第1期) 2022/6/7 https://www.tabf.org.tw/CourseDetail.aspx?PID=487302 駭客奪旗攻防演練：金融資安人才養成專班(第1期) 2022/04/28~2022/06/09 https://www.tabf.org.tw/CourseDetail.aspx?PID=487750 國家高速網路與計算中心教育訓練「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=homepage 風險導向資安稽核 2022/7/20 https://www.cisanet.org.tw/Course/Detail/2756