資安事件新聞週報 2022/8/22 ~ 2022/8/26

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/8/22 ~ 2022/8/26 1.重大弱點漏洞/後門/Exploit/Zero Day 美國警告Palo Alto Networks防火牆重大漏洞已被用於攻擊行動 https://www.bleepingcomputer.com/news/security/cisa-is-warning-of-high-severity-pan-os-ddos-flaw-used-in-attacks/ CISA Warns of Active Exploitation of Palo Alto Networks' PAN-OS Vulnerability https://thehackernews.com/2022/08/cisa-warns-of-active-exploitation-of.html 思科修補網頁安全防護系統的高風險漏洞CVE-2022-20871 https://www.securityweek.com/cisco-squashes-high-severity-bug-web-protection-solution Cisco 發布 Secure Web Appliance 的安全性弱點 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH RTLS Systems Found Vulnerable to MiTM Attacks and Location Tampering https://thehackernews.com/2022/08/rtls-systems-found-vulnerable-to-mitm.html 跨平臺應用程式框架Electron存在漏洞，恐波及18個熱門應用程式 https://i.blackhat.com/USA-22/Thursday/US-22-Purani-ElectroVolt-Pwning-Popular-Desktop-Apps.pdf GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software https://thehackernews.com/2022/08/gitlab-issues-patch-for-critical-flaw.html GitLab修補重大漏洞CVE-2022-2884 https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/#Remote%20Command%20Execution%20via%20Github%20import ChromeOS的記憶體中斷漏洞恐導致阻斷服務攻擊 https://www.microsoft.com/security/blog/2022/08/19/uncovering-a-chromeos-remote-memory-corruption-vulnerability/ SAP重大漏洞CVE-2022-22536已出現攻擊行動 https://www.securityweek.com/sap-vulnerability-exploited-attacks-after-details-disclosed-hacker-conferences IBM修補訊息中繼佇列系統MQ高風險漏洞 https://www.securityweek.com/ibm-patches-severe-vulnerabilities-mq-messaging-middleware "As Nasty as Dirty Pipe" — 8 Year Old Linux Kernel Vulnerability Uncovered https://thehackernews.com/2022/08/as-nasty-as-dirty-pipe-8-year-old-linux.html Security bulletin: Security Bulletin: IBM QRadar SIEM includes components with multiple known vulnerabilities https://www.ibm.com/support/pages/node/6614725?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安【數位金融免密碼】蘋果、谷歌力推無密碼化　金融業身分辨識藏金脈 https://www.mirrormedia.mg/story/20220823ind001/ 消費型態變下半年刷卡權益看這裡 https://reurl.cc/bEDQEv 新壽資安長換將盧麒堯接任 https://wantrich.chinatimes.com/news/20220826900775-420101 元大金控資安長異動 https://reurl.cc/7p7Gjd 3.電子支付/行動支付/pay/資安金流服務平台遭攻擊藍新：已陸續恢復中 https://reurl.cc/7p7arN 新光人壽：「新光金控Digital Day」寫下轉型新扉頁「趨勢、科技、體驗」三招賦能員工掌握致勝關鍵 https://www.rmim.com.tw/news-detail-37963 全聯全支付9/1上線　支援帳戶信用卡綁定 https://www.cardu.com.tw/news/detail.php?46922 土地銀行加入「全支付」上線首波連結帳戶服務 https://udn.com/news/story/7239/6563839 林敏雄期望「全支付」做台灣支付領頭羊，透露估年燒 5 億、5 年打平 https://technews.tw/2022/08/25/the-electronic-payment-institutions-pxpay-plus/ 800萬會員全聯PX Pay新面貌升級全支付10萬個據點可用 https://www.cool3c.com/article/181748 華航新增行動支付選項 LINE Pay也行得通 https://www.cna.com.tw/news/ahel/202208160204.aspx 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安半年被盜 20 億美金，駭客與監管都盯上了 Web3 https://vitomag.com/tech/ekvmc.html 比特幣ATM零時差漏洞已遭到駭客利用，臺灣可能也有人受害 https://www.bleepingcomputer.com/news/security/hackers-steal-crypto-from-bitcoin-atms-by-exploiting-zero-day-bug/ Hackers Stole Crypto from Bitcoin ATMs by Exploiting Zero-Day Vulnerability https://thehackernews.com/2022/08/hackers-stole-crypto-from-bitcoin-atms.html 比特幣全部被盜走！虛擬貨幣ATM遭駭客入侵　台灣有18台服役中 https://finance.ettoday.net/news/2323033 加密貨幣交易所形式？虛擬貨幣交易所2022排行！（附交易平台注意事項） https://reurl.cc/NR4Wnn eNaira使用者高達20萬人 https://www.trade.gov.tw/Pages/Detail.aspx?nodeID=45&pid=748895 Fei Protocol 的大敗局：含金湯匙出生到因合併走向落幕 https://blockcast.it/2022/08/26/top-decentralized-stablecoin-fei-shutting-down/ 夏日慶之冷錢包巡禮：Web3 資安徵文比賽 https://reurl.cc/aGLO0G 該如何理解「元宇宙商機」 https://www.digitimes.com.tw/col/article.asp?id=6635 Web3 生態系與應用實例共創工作坊 – 產業生態系 https://blog.twnic.tw/2022/08/23/24188/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 勒索軟體BianLian以Go語言開發而成，1個多月已有9個組織受害 https://reurl.cc/kEr6yG 多明尼加共和國遭勒索軟體Quantum攻擊，索討65萬美元贖金 https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/ 水上及冰上摩托車Sea-Doo、Ski-Doo製造商遭駭，勒索軟體RansomEXX聲稱是他們所為 https://www.bleepingcomputer.com/news/security/ransomexx-claims-ransomware-attack-on-sea-doo-ski-doo-maker/ 醫療計費管理系統業者Practice Resources遭勒索軟體攻擊，94萬病人資料外洩 https://www.scmagazine.com/analysis/ransomware/ransomware-attack-on-billing-vendor-leads-to-data-theft-for-942k-patients 醫療保健服務業者Lamoille Health Partners證實遭勒索軟體攻擊 https://www.jdsupra.com/legalnews/lamoille-health-partners-experiences-3009135/ 微軟指出，8成勒索軟體攻擊事故與軟體、裝置的配置不當有關 https://www.microsoft.com/security/blog/2022/08/22/cyber-signals-defend-against-the-new-ransomware-landscape/ 伊朗駭客APT35利用惡意軟體Hyperscraper下載受害者的電子郵件 https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/ 希臘天然氣業者DESFA遭到勒索軟體Ragnar Locker攻擊，外洩360 GB資料 https://www.desfa.gr/en/press-center/press-releases/anakoinwsh 法國大型醫院疑遭勒索軟體LockBit攻擊，索討千萬美元贖金 https://www.bleepingcomputer.com/news/security/french-hospital-hit-by-10m-ransomware-attack-sends-patients-elsewhere/ 35個安卓惡意廣告軟體透過Google Play散布 https://www.bitdefender.com/blog/labs/real-time-behavior-based-detection-on-android-reveal-dozens-of-malicious-apps-on-google-play-store/ 惡意軟體Escanor同時鎖定PC和手機下手，攔截OTP動態密碼資訊攻擊網銀用戶 https://resecurity.com/blog/article/escanor-malware-delivered-in-weaponized-microsoft-office-documents 逾200個NPM及PyPI套件被用於挖礦攻擊 https://blog.sonatype.com/more-than-200-cryptominers-flood-npm-and-pypi-registry 資安廠商發現 Python 官方程式庫 PyPI 內含多種惡意軟體套件 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10031 PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks https://thehackernews.com/2022/08/pypi-repository-warns-python-project.html 勒索軟體LockBit聲稱反遭資安業者Entrust癱瘓網站 https://www.bleepingcomputer.com/news/security/lockbit-ransomware-blames-entrust-for-ddos-attacks-on-leak-sites/ 金融木馬Grandoreiro鎖定西班牙、墨西哥製造業而來 https://www.zscaler.com/blogs/security-research/grandoreiro-banking-trojan-new-ttps-targeting-various-industry-verticals 駭客組織TA558鎖定旅行社、飯店散布木馬程式 https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel 惡意網站以DDoS防護網頁騙取使用者輸入驗證碼，實際上卻是下載執行內藏惡意軟體的映像檔 https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html 美國惠特沃斯大學疑遭勒索軟體LockBit攻擊，預計8月底能復原運作 https://www.govtech.com/education/higher-ed/whitworth-university-still-recovering-from-ransomware-attack 勒索病毒猖獗半年增一倍 https://ctee.com.tw/news/tech/704760.html 勒索病毒數量年增一倍「勒索軟體即服務」成暗網新經濟 https://turnnewsapp.com/livenews/tech/A06659002022082515562806 「勒索軟體」買賣出租成新商業模式！微軟：帳號密碼已不夠用 https://www.ctwant.com/article/203005 電玩遊戲原神的防作弊元件被勒索軟體駭客用於停用防毒軟體 https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html 勒索軟體Agenda鎖定亞洲與非洲組織而來 https://www.trendmicro.com/en_us/research/22/h/new-golang-ransomware-agenda-customizes-attacks.html 廣告軟體Internet Download Manager假冒下載軟體的Chrome擴充套件，超過20萬人上當 https://www.bleepingcomputer.com/news/security/fake-chrome-extension-internet-download-manager-has-200-000-installs/ Fortinet 2022 上半年資安報告：變種勒索病毒翻倍、端點設備仍是攻擊重點 https://reurl.cc/QbeM1o 微軟 Cyber Signals 研究：勒索軟體經濟快速崛起演變為新商業模式 https://news.microsoft.com/zh-tw/cyber-signals-raas/ 微軟 Cyber Signals 研究：勒索軟體經濟快速崛起演變為新商業模式 https://news.microsoft.com/zh-tw/cyber-signals-raas/ Bitdefender 公佈 35 款下載超過 200 萬次的惡意 Apps 名單 https://www.newmobilelife.com/2022/08/24/bitdefender-35-malware-apps-report/ BlueSky Ransomware. AD Lateral Movement, Evasion and Fast Encryption Put Threat on the Radar https://reurl.cc/pMrGya MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations https://reurl.cc/9p7lrn Roasting 0ktapus: The phishing campaign going after Okta identity credentials https://blog.group-ib.com/0ktapus BleachGap ransomware revamped https://labs.k7computing.com/index.php/bleachgap-revamped/ QBOT Malware Analysis https://www.elastic.co/security-labs/qbot-malware-analysis A Tale of PivNoxy and Chinoxy Puppeteer https://www.fortinet.com/blog/threat-research/pivnoxy-and-chinoxy-puppeteer-analysis Kimsuky’s GoldDragon cluster and its C2 operations https://securelist.com/kimsukys-golddragon-cluster-and-its-c2-operations/107258/ Bumblebee Loader - The High Road to Enterprise Domain Control https://reurl.cc/jG3ADn Monster Libra (TA551/Shathak) infects with IcedID (Bokbot) and pushes Cobalt Strike & DarkVNC https://isc.sans.edu/diary/rss/28974 New Iranian APT data extraction tool https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/ APT41 World Tour 2021 on a tight schedule https://blog.group-ib.com/apt41-world-tour-2021 DarkTortilla Malware Analysis https://www.secureworks.com/research/darktortilla-malware-analysis XCSSET Malware Update | macOS Threat Actors Prepare for Life Without Python https://reurl.cc/MN4e43 Brazil malspam pushes Astaroth (Guildma) malware https://isc.sans.edu/diary/rss/28962 Back in Black: Unlocking a LockBit 3.0 Ransomware Attack https://research.nccgroup.com/2022/08/19/back-in-black-unlocking-a-lockbit-3-0-ransomware-attack/ Grandoreiro Banking Trojan with New TTPs https://reurl.cc/gM4dG7 Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers https://thehackernews.com/2022/08/microsoft-uncovers-new-post-compromise.html Crypto Miners Using Tox P2P Messenger as Command and Control Server https://thehackernews.com/2022/08/crypto-miners-using-tox-p2p-messenger.html The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware https://thehackernews.com/2022/08/the-rise-of-data-exfiltration-and-why.html Hackers Using Fake DDoS Protection Pages to Distribute Malware https://thehackernews.com/2022/08/hackers-using-fake-ddos-protection.html Meet Borat RAT, a New Unique Triple Threat https://thehackernews.com/2022/08/meet-borat-rat-new-unique-triple-threat.html DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities https://thehackernews.com/2022/08/donot-team-hackers-updated-its-malware.html Researchers Detail Evasive DarkTortilla Crypter Used to Deliver Malware https://thehackernews.com/2022/08/researchers-detail-evasive-darktortilla.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts https://thehackernews.com/2022/08/researchers-find-counterfeit-phones.html 複製SIM卡　新興攻擊手法要提防 https://www.pcmarket.com.hk/sim_copy_security/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 HITCON PEACE 2022提供多項資安技術入門、交流與求職活動 https://www.ithome.com.tw/news/152612 HITCON 2022展現駭客社群文化及能量，強化資安聯防 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10029 HITCON PEACE 2022 串聯產官學交流強化資安韌性勤業眾信透析打造「數位信任」生態系的八大關鍵 https://n.yam.com/Article/20220824850224 HITCON 2022破千名海內外資安專家齊聚，同場飆技術一舉大展駭客文化 https://www.techbang.com/posts/99311-hitcon-2022-broke-thousands-of-domestic-and-foreign-security 網路間諜公司NSO Group執行長下臺，並將裁員百人 https://www.theguardian.com/world/2022/aug/22/nso-group-ceo-shalev-hulio-step-down-israel-pegasus-spyware 數位威脅升溫亞太區2022資安投資將逾310億美元 https://reurl.cc/GE48Vd 有越來越多駭客使用開源滲透測試工具Sliver來取代Cobalt Strike https://www.microsoft.com/security/blog/2022/08/24/looking-for-the-sliver-lining-hunting-for-emerging-command-and-control-frameworks/ Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework https://thehackernews.com/2022/08/cybercrime-groups-increasingly-adopting.html 凡運算皆能駭…從核電廠到販賣機都能上演資安戰 https://vip.udn.com/vip/story/121938/6563777 Hackers Breach LastPass Developer System to Steal Source Code https://thehackernews.com/2022/08/hackers-breach-lastpass-developer.html 最大密碼管理公司之一 LastPass 近日被駭，原始碼與專利技術直接被竊取 https://www.kocpc.com.tw/archives/456551 密碼管理解決方案業者LastPass遭駭，程式碼外洩 https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/ 「思科被駭」凸顯社交工程攻擊的危險性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10023 因應心理戰　加強資安常識 https://epaper.ntpc.edu.tw/index/EpaSubShow.aspx?CDE=EPS202208171502461UG&e=EPA202208151513314YW Tornado更新｜情資報告稱被捕開發者曾受僱於俄羅斯聯邦安全局合作企業 https://abmedia.io/20220826-tornado-cash-dev-worked-for-company-linked-to-fsb 駭客竊取歐洲軍事武器檔案還拍賣至論壇包含俄烏戰爭「武器藍圖」 https://newtalk.tw/news/view/2022-08-26/807647 俄羅斯駭客APT29濫用Azure服務攻擊Microsoft 365用戶 https://www.mandiant.com/resources/blog/apt29-continues-targeting-microsoft 俄羅斯駭客APT29利用惡意軟體MagicWeb攻擊受害組織的ADFS伺服器 https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/ 駭客偏好挾持記事本程式來進行挖礦 https://www.microsoft.com/security/blog/2022/08/18/hardware-based-threat-defense-against-increasingly-complex-cryptojackers/ 網路戰爭無國界，以俄烏網路戰為鏡提升全民資安防護意識 https://www.bnext.com.tw/article/71389/hacker%EF%BC%8Dinformation-security-mstic 華爾街日報：台灣對抗中國資訊戰漸受歐美關注 https://www.ettoday.net/news/20220826/2324833.htm 中國資訊系統「俗擱大碗」暗藏網攻危機認知戰全網開打 https://www.peoplenews.tw/articles/4bcea68f34 中國軍校網站遭駭，部分圖片被換成民主才能戰勝獨裁的訊息 https://securityaffairs.co/wordpress/134719/security/linux-dirtycred-flaw.html 烏克蘭駭客針對俄羅斯控制的克里米亞發動認知戰，入侵電視臺播放澤倫斯基演講 https://twitter.com/i_army_org/status/1560932630597599232 衛報：俄計畫核電廠斷電恐釀災難性故障 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1528234&type=universal 資安威脅迫在眉睫，美國防部要在五年內全面零信任架構化 https://technews.tw/2022/08/26/the-pantegon-aimed-to-transform-into-zta-before-2027/ 華郵：前任安全長舉報推特對主管機關隱瞞資安疏失 https://www.worldjournal.com/wj/story/121468/6559187 推特前資安主管爆料前東家誤導美國聯邦主管機關 https://udn.com/news/story/6811/6559204?from=udn-ch1_breaknews-1-cate5-news U.S. Government Spending Billions on Cybersecurity https://thehackernews.com/2022/08/us-government-spending-billions-on.html Researchers Uncover Kimusky Infra Targeting South Korean Politicians and Diplomats https://thehackernews.com/2022/08/researchers-uncover-kimusky-infra.html Suspected Iranian Hackers Targeted Several Israeli Organizations for Espionage https://thehackernews.com/2022/08/suspected-iranian-hackers-targeted.html Cybercrime Group TA558 Targeting Hospitality, Hotel, and Travel Organizations https://thehackernews.com/2022/08/cybercrime-group-ta558-targeting.html 每秒4600萬次! Google阻止目前最大規模DDoS 攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10032 Google Cloud Blocks Record DDoS attack of 46 Million Requests Per Second https://thehackernews.com/2022/08/google-cloud-blocks-record-ddos-attack.html 資安人才難找！企業搶才開出畢業生年薪近80萬 https://ec.ltn.com.tw/article/breakingnews/4035497 PwC：4成美國企業視資安為嚴重風險，38%嘆人才難尋 https://reurl.cc/4pjKyR [9/20~22 資安大會] 展場工讀生 https://www.cakeresume.com/companies/teamt5-org-tw/jobs/543899?locale=zh-TW 9月短期工讀 https://www.104.com.tw/job/7irbi?jobsource=jolist_a_relevance D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全串流影音平臺Plex資料外洩，曝露用戶的密碼資料 https://arstechnica.com/information-technology/2022/08/plex-imposes-password-reset-after-hackers-steal-data-for-15-million-users/ 超過 1,500 萬名 Plex 串流平台用戶資料遭竊，但因密碼有雜湊保護，Plex 老神在在 https://technews.tw/2022/08/26/plex-imposes-password-reset-after-hackers-steal-data/ 駭客組織KaraKurt聲稱握有美國德州McKinney醫院360 GB資料，並打算在暗網出售 https://www.scmagazine.com/brief/ransomware/karakurt-threatens-leak-of-data-stolen-from-texas-hospital 美國醫療保健供應商Novant Health病人資料外洩，起因是網站廣告成效追蹤器組態配置不當 https://www.novanthealth.org/home/privacy-statement/pixel.aspx 代理伺服器恐被濫用於帳號填充攻擊 https://www.ic3.gov/Media/News/2022/220818.pdf 謝忻哭了！大量裸照外流檢方簽結原因曝光「查無駭客」 https://www.chinatimes.com/realtimenews/20220826002101-260402?ctrack=pc_main_recmd_p02&chdtv 韓男演員IG被盜「出現老鼠」駭客大膽威脅下個目標張員瑛 https://reurl.cc/yMYqOl WHO is Next！李到晛SNS帳號已回歸正常！駭客囂張追加預告入侵藝人目標名單 https://www.koreastardaily.com/tc/news/143030 基金會網站捐款系統疑遭駭！黃越綏揭露「詐騙手法」急示警：請勿受騙 https://www.ftvnews.com.tw/news/detail/2022825W0281 駭客鎖定Gmail企業用戶發動AiTM網釣攻擊 https://www.zscaler.com/blogs/security-research/aitm-phishing-attack-targeting-enterprise-users-gmail PyPI套件開發者遭到釣魚郵件攻擊，駭客脅迫重新「驗證」套件，否則將其下架 https://www.bleepingcomputer.com/news/security/pypi-packages-hijacked-after-developers-fall-for-phishing-emails/ Twilio、Cloudflare員工遭網釣攻擊的事故，疑與鎖定Okta用戶的大規模攻擊行動有關 https://blog.group-ib.com/0ktapus 濫用SaaS雲端服務的網釣攻擊一年內爆增11倍 https://unit42.paloaltonetworks.com/platform-abuse-phishing/ 駭客鎖定Microsoft 365用戶發動AiTM攻擊，以DocuSign郵件的名義規避資安防護系統檢測 https://reurl.cc/MN4ejm Researchers Warn of AiTM Attack Targeting Google G-Suite Enterprise Users https://thehackernews.com/2022/08/researchers-warn-of-aitm-attack.html 駭客濫用客戶意見反映系統Dynamics 365 Customer Voice及線上傳真服務eFax，對微軟用戶發動網釣攻擊 https://cofense.com/blog/compromised-microsoft-dynamic-365-customer-voice-account-used-for-phishing-attack 留意投資詐騙的六個起手式！教你自救處理四步驟 https://www.mygopen.com/2022/08/investment-scam.html 紓困詐騙簡訊千萬別點專家：有行動支付要更小心 https://reurl.cc/0X9AXl Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations https://thehackernews.com/2022/08/okta-hackers-behind-twilio-and.html New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data https://thehackernews.com/2022/08/new-air-gap-attack-uses-mems-gyroscope.html Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts https://thehackernews.com/2022/08/google-uncovers-tool-used-by-iranian.html Palo Alto Networks : 近70%網安事件皆為網路釣魚和軟體漏洞引起 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10030 國安危機！前資安長扎特科爆內幕：推特收取中國資金提供用戶個資 https://reurl.cc/D340NO 網傳「國泰金融疫情補助貸款中心.....8月正式開啟台灣公民憑本人身分證即可獲取10到300萬新台幣的貸款額度...」 https://tfc-taiwan.org.tw/articles/8063 假媒體、假紀錄片、假電子書席捲全球：中共假訊息宣傳戰迅速國際化 https://opinion.udn.com/opinion/story/120611/6563753 E.研究報告/工具 6個方法保障電腦安全，防止駭客入侵！（黑客） https://adersaytech.com/tech-event/6-tips-to-prevent-being-hacked.html 研究人員揭露Linux核心漏洞DirtyCred https://securityaffairs.co/wordpress/134719/security/linux-dirtycred-flaw.html 如何確認您的電腦設備可能被駭客入侵 https://reurl.cc/GE41Qp 化危機為新商模，從被動防護技術到主動情資聯防 https://www.openfind.com.tw/taiwan/markettrend_detail.php?news_id=24801 Mac XProtect 是什麼？是否足以保證你的Mac安全 https://blog.trendmicro.com.tw/?p=73718 WAF 是什麼 https://host.com.tw/waf 什麼是VPN？四大功用時刻報你知 https://market.ltn.com.tw/article/12991 完善零信任架構須賴智慧化身分治理混合辦公成形　身分認證為基礎 https://www.netadmin.com.tw/netadmin/zh-tw/market/E3E2738A897D4B54ABC4F5DCE726D9EC 資安服務團隊補強企業人力缺口　攻防演練縮短技能落差共通方法論精準評估風險　MITRE Engage誘敵反制 https://www.netadmin.com.tw/netadmin/zh-tw/trend/25B75A8C585C4D8486B09F0C6BF6EB97 Guide: How Service Providers can Deliver vCISO Services at Scale https://thehackernews.com/2022/08/guide-how-service-providers-can-deliver.html 主動攻擊者利用竊來的工作階段 Cookie 繞過多因素驗證 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10027 資安疑慮、雲地資料轉移不再是難題！報告：近 7 成企業認為混合雲是企業上雲最終型態 https://buzzorange.com/techorange/2022/08/24/netapp-cloud/ Diagrams as Code in Python https://towardsdatascience.com/diagrams-as-code-python-d9cbaa959ed5 My top 10 Linux commands for debugging server issue https://needablackcoffee.medium.com/my-top-10-linux-commands-for-debugging-server-issue-d8b179249779 Don’t use Apply in Python, there are better alternatives! https://towardsdatascience.com/dont-use-apply-in-python-there-are-better-alternatives-dc6364968f44 Data Cleaning and Preparation With SQL https://medium.com/@kelechiogbogu/data-cleaning-and-preparation-with-sql-f5f7e539808 Is FastAPI going to replace Django (Comparison of Github Stars and Stack Overflow Survey) https://gustavwillig.medium.com/is-fastapi-going-to-replace-django-comparison-of-github-stars-and-stack-overflow-survey-980dc6329bbe Nginx Load balancing vs PM2 Cluster based on Node.js Project in Docker https://myas92.medium.com/nginx-load-balancing-vs-pm2-cluster-based-on-node-js-project-in-docker-7537aa68949f What Is Ad Hoc Analytics, and Why Should You Care https://towardsdatascience.com/what-is-ad-hoc-analytics-and-why-should-you-care-d59a45d466fe 41 Dot Net (.NET) Framework Interview Questions and Answers https://itcertifications.medium.com/41-dot-net-net-framework-interview-questions-and-answers-a87ff466fca5 F.商業 Surfshark VPN 實用功能：保障隱私安全、解鎖裝置限制、PS4/PS5 遊戲必備 https://mrmad.com.tw/surfshark-vpn-news 資服廠前線救援營運進補 https://wantrich.chinatimes.com/news/20220826900033-420101 捷而思PDFSign電子合約上區塊鏈之整合應用 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000643103_WBC0V6JQ1M9BJ62XQFC6Z 中華電信運用5G萬物聯網新科技　助力港灣城市前瞻發展大躍進 https://www.taiwannews.com.tw/ch/news/4637768 聚上雲獲Delinea代理資格四大資安方案搶市 https://wantrich.chinatimes.com/news/20220826900511-420101 邁達特攜手Delinea 資安佈局再進化 https://ec.ltn.com.tw/article/breakingnews/4038253 Sophos : 亞太區企業提升「威脅捕獵」相關的資安投資 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10036 Red Hat推出全新跨混合雲平台　助企業推動 IT 標準化　簡化自資料中心、邊緣至多個公有雲的應用程式開發與管理 https://www.limedia.tw/tech/30917/ SHOPLINE領先業界合作Gogolook Watchmen商譽保護服務 https://money.udn.com/money/story/10860/6562256?from=edn_subcatelist_cate Cloud AI - WAF 亞太第一智能 WAF，高階抵禦最新攻擊，網站資安防禦即時升級 https://host.com.tw/%E6%9C%80%E6%96%B0%E6%B6%88%E6%81%AF/waf%E9%98%B2%E7%81%AB%E7%89%86 G.政府總統親臨台灣駭客年會HITCON PEACE 2022，強調產官學界應攜手駭客社群，強化國家整體資安韌性 https://www.ithome.com.tw/news/152603 防中國網攻專家：政府應協助強化中小企業資安 https://times.hinet.net/news/24101937 便利商店看板被駭「裴洛西滾出台灣」資安專家王仁甫：中共利用中小企業攻擊臺灣基礎建設 https://watchout.tw/reports/ssGZrPLQYKCcixUfgiCC 數位發展部明掛牌　張其祿點出3大「拆彈」作業：唐鳳扛責沒蜜月期 https://www.storm.mg/article/4490693 專訪台灣首任數位發展部長唐鳳：「腦波控制」不是我的業務 https://www.cw.com.tw/article/5122570 數位發展部「剎車轉油門」！約聘300人會不會太多 https://www.gvm.com.tw/article/93496 串聯公私協作、集結眾人智慧數發部扮「馬達」驅動打造全民數位韌性首任部長唐鳳出招 https://www.businesstoday.com.tw/article/category/183027/post/202208240023/ 因應政府組織改造，資安事件通報作業如何調整 https://www.dgpa.gov.tw/mp/info?mid=384&uid=304&pid=9868 112學年度起，培育資安人才之技專校院升學進路管道方式將略作調整。 https://www.akhs.ntpc.edu.tw/p/406-1000-5434,r43.php 2023年底上千家上市櫃聘資安長，數位發展部管理新課題 https://money.udn.com/money/story/7307/6566868 落實資安檢測嚴防網攻威脅 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1527688&type=universal 資訊科技實現偏鄉溫馨接送　跨領域法規限制仍待解決長照派車服務迎數位轉型　系統滿足需求卻恐違法 https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/2A459673EE664E198C45F8DBA0276FB4 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安逾8萬臺海康威視IP攝影機曝露於重大漏洞風險 https://www.cyfirma.com/hikvision-surveillance-cameras-vulnerabilities/ 暴露在駭客接管風險中！超過 8 萬台海康威視設備未修補安全漏洞 https://www.inside.com.tw/article/28724-over-80000-unpatched-hikvision-cameras-exposed-takeover Amazon修補智慧連網裝置Ring的漏洞，恐被用於截取錄影內容 https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/ New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings https://thehackernews.com/2022/08/new-amazon-ring-vulnerability-could.html 研究人員透過程式化邏輯控制器來攻擊OT網路 https://claroty.com/team82/research/evil-plc-attack-using-a-controller-as-predator-rather-than-prey 研究人員揭露從網路連接埠指示燈洩露資料的攻擊手法EtherLED https://arxiv.org/pdf/2208.09975.pdf 用於工控設備USB隨身碟上出現的惡意軟體，逾8成會破壞ICS系統 https://www.honeywellforge.ai/content/dam/forge/en/documents/cybersecurity/Industrial-Cybersecurity-USB-Threat-Report-2022.pdf TXOne Networks於台北自動化大展實機演繹廠務端OT攻防現況 https://www.techbang.com/posts/99326-txone-networks-interprets-current-situation-of-ot-offense-and 自駕巴士成功導入車用資安系統，勤崴國際與趨勢科技車用資安VicOne合作實證 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10019 趨勢科技與Schneider結盟加速實現工業物聯網防護 https://reurl.cc/yMYdy6 Trend Micro趨勢科技與Schneider Electric結盟加速實現IIoT工業物聯網防護 https://zeekmagazine.com/archives/180852 睿控網安台北自動化大展演繹廠務監控資安攻防 https://reurl.cc/4pjKyR 恩智浦運用後量子加密技術，推下一代資安標準 https://technews.tw/2022/08/23/post-quantum-cryptography/ RP2040微控制器土砲資安鎖，EncroPi可即時加密文件確保資訊不外流 https://www.techbang.com/posts/99283-rp2040-microcontrolle-encropi 半導體E187資安標準的下一步：供應鏈資安健檢 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=16&id=0000643186_C872A3XG7S682J7DO2UTJ&cf=A21 睿控網安參與自動化展實機演繹駭客攻防情境 https://www.ttv.com.tw/finance/view/08202224165631171772C74F4FCAAF160EDFAD6A05511153/587 I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 我國網路資安狂被駭監委申請自動調查 https://www.chinatimes.com/realtimenews/20220810003152-260407?chdtv 6.近期資安活動及研討會【創客小聚】影像辨識 x MQTT，趣玩 AIoT 2022/8/27 https://www.accupass.com/event/2207211250569268478070 資策會舉辦「2022第一屆資安新秀大賽」（報名至111年8月28日止） https://www.csie.ntnu.edu.tw/index.php/2022/08/11/2022-08-11/ 自拜登數位資產政策，一探臺灣數位金融之機會與挑戰 2022/8/29 https://reurl.cc/m33d2A Microsoft 安全性虛擬培訓日：安全性、合規性和身分識別基礎知識 2022/8/29 ~ 2022/8/30 https://mktoevents.com/Microsoft+Event/354526/157-GQE-382?wt.mc_id=AID3053062_QSG_EML_605550&wt.mc_id=AID3052916_EML_8087805 Microsoft Azure 虛擬培訓日：雲端原生應用程式 2022/8/29 ~ 2022/8/30 https://mktoevents.com/Microsoft+Event/352885/157-GQE-382?wt.mc_id=AID3052230_QSG_EML_604768&wt.mc_id=AID3052916_EML_8087805 Microsoft 365 虛擬培訓日：管理您的前線工作團隊 2022/8/31 https://mktoevents.com/Microsoft+Event/354545/157-GQE-382?wt.mc_id=AID3052915_QSG_EML_605590&wt.mc_id=AID3052916_EML_8087805 2022國泰金控技術年會－DeFi開源創世紀 2022/9/1 https://edm.bnext.com.tw/2022cathaycon/ 遠距辦公資安趨勢｜以零信任安全模型迎接後疫情時代 2022/9/2 https://www.accupass.com/event/2207290127311257987165 PyCon APAC 2022 2022/9/3 ~ 2022/9/4 https://tw.pycon.org/2022/zh-hant Quarterly Professional Networking Event (Q3) 2022/9/15 https://www.meetup.com/taiwan-digital-drinks/events/287479309/ DevOpsDays Taipei 2022 2022/9/15 ~ 2022/9/16 https://devopsdays.tw/ 2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22 https://jamf.kktix.cc/events/cybersec2022jamf 關鍵基礎設施實作課程(含攻防演練實作) 2022/9/27 https://www.acw.org.tw/News/Detail.aspx?id=3229 OCF 培訓活動: 如何建立安全的網路架構 2022/10/1 https://ocftw.kktix.cc/events/ocftot2022 MOPCON 2022 2022/10/15 ~ 2022/10/16 https://mopcon.org/ 金融資安案例研習 2022/10/17 https://www.sitca.org.tw/OPF/B0000/PPT049_2022_01.asp Kubernetes Summit 2022 2022/10/18 ~ 2022/10/19 https://k8s.ithome.com.tw/ 資訊安全與人工智慧實作 2022/10/28 https://www.cisanet.org.tw/Course/Detail/2867 行動應用APP 安全檢測（APK/IPA）2022-11-18 09:00 ~ 2022-11-18 12:00 https://www.cisanet.org.tw/Course/Detail/2865 ICS 2022 WORKSHOP PROGRAM -「Ubiquitous Cybersecurity and Forensics」 2022/12/15 ~ 2022/12/17 https://ics2022.esam.io/ TANET 2022 WORKSHOP PROGRAM -「第二屆數位鑑識、醫療私密與網駭安全」 2022/12/15 ~ 2022/12/17 https://tanet2022.esam.io/