資安事件新聞週報 2022/4/25 ~ 2022/4/29

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/4/25 ~ 2022/4/29 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco 近日發布更新以解決多個產品的安全性弱點 https://tools.cisco.com/security/center/publicationListing.x 惡意軟體檢測平臺VirusTotal出現RCE漏洞 https://www.cysrc.com/blog/virus-total-blog/ 仍有大量用戶使用存在Log4Shell漏洞的Log4j https://www.rezilion.com/log4shell-4-months-later/ 又有駭客鎖定4月初VMware公布身分驗證系統的漏洞，發動惡意軟體攻擊 https://blog.morphisec.com/vmware-identity-manager-attack-backdoor Iranian Hackers Exploiting VMware RCE Bug to Deploy 'Core Impact' Backdoor https://thehackernews.com/2022/04/iranian-hackers-exploiting-vmware-rce.html Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers https://thehackernews.com/2022/04/microsoft-azure-vulnerability-exposes.html 威聯通呼籲用戶停用AFP通訊協定，避免NAS遭到Netatalk元件的漏洞波及 https://www.qnap.com/zh-tw/security-advisory/qsa-22-12 Linux弱點Nimbuspwn可被攻擊者用於提升權限 https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ Security Bulletin: IBM QRadar SIEM is vulnerable to using components with Known Vulnerabilities https://www.ibm.com/support/pages/node/6574787?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-22345, CVE-2020-8022, CVE-2021-33813, CVE-2020-9488) https://www.ibm.com/support/pages/node/6574453?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM QRadar SIEM (CVE-2021-22543, CVE-2021-3653, CVE-2021-3656, CVE-2021-37576) https://www.ibm.com/support/pages/node/6576215?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E Everything you need to know to create a Vulnerability Assessment Report https://thehackernews.com/2022/04/everything-you-need-to-know-to-create.html NPM弱點可讓駭客為套件任意新增維護者，嫁禍他人 https://blog.aquasec.com/npm-package-planting NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages https://thehackernews.com/2022/04/npm-bug-allowed-attackers-to-distribute.html Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability https://thehackernews.com/2022/04/atlassian-drops-patches-for-critical.html 7-Zip 被爆零日漏洞，攻擊者可提權並執行程式碼 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9819 Drupal 近日發布更新以解決產品的安全性弱點 https://www.drupal.org/sa-core-2022-009 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安台灣的銀行業務效率超低？BBC專文探討：彷彿回到1980年代 https://times.hinet.net/news/23882201 不是專業證照｜金融業徵才　這張最重要 https://www.appledaily.com.tw/gadget/20220429/Z5LDRNGTZVFA3FBYDQUTVZWQ5M/ 金融業求才若渴會外語、懂資安最吃香 https://www.epochtimes.com/b5/22/4/29/n13723513.htm 手機報稅2.0，掃臉、按指紋就能直接報稅！金融業都導入的FIDO是什麼 https://www.bnext.com.tw/article/68897/cathay-holdings-fido 金管會開放證券期貨業資料共享首案採核准制 https://www.cna.com.tw/news/afe/202204280388.aspx 架設10G高速光纖網路彰銀建置自動化攻擊防護系統 https://reurl.cc/k1L25x 3.電子支付/行動支付/pay/資安手機報稅刷哪張卡，哪種Pay最划算？電支、銀行優惠懶人包來了 https://www.bnext.com.tw/article/68839/file-taxes-discount 有圖！13個App、3行動支付可手機繳稅　郵局要繞道台灣Pay https://finance.ettoday.net/news/2232729 全盈支付一上線就有1萬家店！全家如何說服玉山、網家、全聯結盟 https://www.cw.com.tw/article/5120942?template=transformers 非現金交易行動支付占45％最高 https://ec.ltn.com.tw/article/paper/1510830 蘋果涉壟斷歐盟再提訴訟 https://reurl.cc/6ZDML5 電子支付、禁入醫院外送國家隊將成軍 https://reurl.cc/Xjlg5a 防疫減少現金交易議員：推電子支付 https://reurl.cc/M0kgXm 3家第三方支付快被金管會納管！　去年代收付款日均額超過10億 https://finance.ettoday.net/news/2233406 日本Uber Eats攜手樂天將可使用樂天Pay電子支付服務 https://news.cnyes.com/news/id/4854994 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約資安 Critical Bug in Everscale Wallet Could've Let Attackers Steal Cryptocurrencies https://thehackernews.com/2022/04/critical-bug-in-everscale-wallet.html 幣託交易所追求永續用戶資產與個資安全為先 https://news.cnyes.com/news/id/4860601 跨國元宇宙智庫成立期盼就科技治理規範凝聚國際共識 https://times.hinet.net/news/23888166 資安廠商發現漏洞後，Everscale 區塊鏈關閉其 web 版加密貨幣錢包 https://reurl.cc/A7RYxY 無聊猿猴IG帳號遭駭，駭客盜走粉絲近3百萬美元的NFT https://www.ithome.com.tw/news/150623 Coinbase印度擴展受阻盧比電子支付被國家機器終止 https://reurl.cc/k1L2qG 電子支付最後一哩路央行數位貨幣見雛形 https://vip.udn.com/vip/story/121938/6262361 如何替加密貨幣訂出價值 https://www.ithome.com.tw/article/150702 DEUS Finance 遭攻擊、駭客竊走 1340 萬美元，代幣暴跌13% https://www.blocktempo.com/derivatives-platform-deus-finance-exploited-for-13m/ 加密貨幣背後的故事系列 https://vocus.cc/article/626a9cc6fd89780001835e49 帶動NFT熱潮再起，STEPN跑步賺幣，跑1天賺千元 https://www.gvm.com.tw/article/89419 以太坊共識層存款合約地址ETH餘額突破1200萬枚，已超當前ETH總量的 10% https://news.cnyes.com/news/id/4861341 NFT遊戲183億加密貨幣失竊　FBI控北韓駭客犯案 https://news.tvbs.com.tw/world/1774272 史上最大加密幣竊盜案之一：北韓駭客盜走6億美元，投資人學到什麼教訓 https://www.storm.mg/lifestyle/4307830?page=1 Parity多簽錢包部分2017年被盜資金被轉入Tornado Cash https://news.cnyes.com/news/id/4861947 派盾：DEUS Finance遭到攻擊，駭客獲利約1340萬美元 https://news.cnyes.com/news/id/4860497 Sky Mavis：長期目標是將網路驗證節點數量增加至超過 100 個 https://news.cnyes.com/news/id/4860349 「神鬼駭客」史諾登親自證實！他曾協助創建隱私幣 Zcash https://blockcast.it/2022/04/28/edward-snowden-played-a-secret-role-in-the-creation-of-zcash/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 駭客利用IE漏洞投放竊密軟體RedLine https://www.bitdefender.com/blog/labs/redline-stealer-resurfaces-in-fresh-rig-exploit-kit-campaign/ 俄羅斯駭客鎖定電信業者散布惡意軟體DarkWatchman https://securityintelligence.com/posts/hive00117-fileless-malware-delivery-eastern-europe/ 勒索軟體Onyx鎖定大型檔案進行破壞 https://www.bleepingcomputer.com/news/security/psa-onyx-ransomware-destroys-large-files-instead-of-encrypting-them/ 勒索軟體Black Basta很有可能是Conti另起爐灶 https://www.bleepingcomputer.com/news/security/new-black-basta-ransomware-springs-into-action-with-a-dozen-breaches/ 研究人員揭露Conti新的惡意軟體Bumblebee https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming 美國牙醫協會遭到勒索軟體Black Basta攻擊 https://www.bleepingcomputer.com/news/security/american-dental-association-hit-by-new-black-basta-ransomware/ 北韓駭客利用惡意軟體Goldbackdoor攻擊記者 https://stairwell.com/news/threat-research-the-ink-stained-trail-of-goldbackdoor/ AWS雲端服務的Log4Shell漏洞曾出現修補不全的狀況、勒索軟體REvil疑死灰復燃 https://reurl.cc/413723 擴散速度超快的「量子」勒索軟體不用4小時就感染全網域 https://reurl.cc/NAZd19 An Overview of the Increasing Wiper Malware Threat https://www.fortinet.com/blog/threat-research/the-increasing-wiper-malware-threat LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility https://reurl.cc/RrbmLe Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage This isn't Optimus Prime's Bumblebee but it's Still Transforming https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/alerts/aa22-057a Qakbot Observed IOC - 2022-04-27 https://otx.alienvault.com/pulse/6269a15092a9c062b1c1f3f2 APT attack on a telecommunications company in Kazakhstan https://st.drweb.com/static/new-www/news/2022/march/telecom_research_en.pdf The ink-stained trail of GOLDBACKDOOR https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf Quantum Ransomware https://thedfirreport.com/2022/04/25/quantum-ransomware/ Comprehensive Threat Intelligence: TeamTNT targeting AWS, Alibaba https://blog.talosintelligence.com/2022/04/teamtnt-targeting-aws-alibaba.html Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild https://thehackernews.com/2022/04/cybercriminals-using-new-malware-loader.html New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer https://thehackernews.com/2022/04/new-rig-exploit-kit-campaign-infecting.html Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware https://thehackernews.com/2022/04/chinese-hackers-targeting-russian.html Emotet Testing New Delivery Ideas After Microsoft Disables VBA Macros by Default https://thehackernews.com/2022/04/emotet-testing-new-delivery-ideas-after.html Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak https://thehackernews.com/2022/04/gold-ulrick-hackers-still-in-action.html North Korean Hackers Target Journalists with GOLDBACKDOOR Malware https://thehackernews.com/2022/04/north-korean-hackers-target-journalists.html New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices https://thehackernews.com/2022/04/new-botenago-malware-variant-targeting.html FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide https://thehackernews.com/2022/04/fbi-warns-of-blackcat-ransomware-that.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Twitter's New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal https://thehackernews.com/2022/04/twitters-new-owner-elon-musk-wants-dms.html Google's New Safety Section Shows What Data Android Apps Collect About Users https://thehackernews.com/2022/04/googles-new-safety-section-shows-what.html 蘋果被App開發商爆料！強迫30天內更新App否則永久下架 https://times.hinet.net/news/23881507 IG用戶注意！出現這2情況恐有重大危機 https://reurl.cc/DyZE7d 夏威夷航空宣布成為第一家採用Starlink衛星連網服務的航空業者 https://mashdigi.com/hawaiian-airlines-to-offer-free-high-speed-starlink-internet-connectivity-on-transpacific-fleet/ 高通、聯發科音訊解碼器有漏洞！　Android手機沒更新恐被駭 https://www.ettoday.net/news/20220428/2240064.htm Check Point Research：全球三分之二 Android 使用者恐面臨隱私洩露風險 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9839 Apple 自助維修計劃正式在美國上線 https://hypebeast.com/zh/2022/4/apple-launches-diy-device-repair-service C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力日神社推「IT界專屬護身符」保佑電腦遠離中毒hang機惡運 https://reurl.cc/e3mAKm 駭客戳破謊言，大疆承認旗下產品資料傳輸沒加密 https://technews.tw/2022/04/29/dji-admitted-its-drones-are-not-encrypted/ 上市櫃公司年報揭露資安作為，已有台積電、京城銀十多家企業公布 https://www.ithome.com.tw/news/150630 北市線上教學平臺酷課雲遭DDoS攻擊而停擺 https://tw.appledaily.com/life/20220426/KVUUKSFXO5AN5G7OQNCJAMVHQA/ 駭客發動大規模的HTTPS加密流量DDoS攻擊 https://blog.cloudflare.com/15m-rps-ddos-attack/ 全球約六分之一組織成為SpringShell攻擊目標 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9834 台灣資安主管聯盟正式成軍產官學研界齊讚聲 https://udn.com/news/amp/story/7239/6276321 台灣資安主管聯盟成軍盼縮小4萬人才缺口 https://reurl.cc/Lm7qEX 台灣資安主管聯盟成立 3年強化企業防護架構 https://ec.ltn.com.tw/article/breakingnews/3908938 因應資安成公司治理重要指標，14家上市櫃公司共同發起「臺灣資安主管聯盟」 https://www.youtube.com/watch?v=1Kyr-wyPyuU 糗了！台灣資安主管聯盟成立大會視訊斷線唐鳳笑回這也算資安 https://ec.ltn.com.tw/article/breakingnews/3908781 中共滲透東南亞和在美間諜活動同期被示警 https://www.epochtimes.com/b5/22/4/27/n13721723.htm 90後女生自述: 傳播翻牆了解的真相遭中共威脅恐嚇 https://www.soundofhope.org/post/616246?lang=b5 戰爭未必有煙硝味…你手中的貨幣可能是他國的武器　若中國人行這樣做，恐成台灣威脅 https://www.businesstoday.com.tw/article/category/183025/post/202204280033/ 德國多家風力發電廠遭到網路攻擊，疑與俄羅斯駭客有關 https://www.ithome.com.tw/news/150625 情報單位、谷歌發警告：美遭惡劣網攻中國威脅最大 https://www.worldjournal.com/wj/story/121186/6276511 美國懸賞千萬美元追捕Sandworm駭客 https://www.ithome.com.tw/news/150654 美國務院懸賞千萬美金抓捕六名俄羅斯駭客 https://www.soundofhope.org/post/615892?lang=b5 中國駭客Mustang Panda鎖定俄羅斯政府官員發動網釣攻擊 https://www.secureworks.com/blog/bronze-president-targets-russian-speakers-with-updated-plugx 駭客近半年來針對印度石油公司攻擊逾36萬次 https://www.livemint.com/technology/cyberattacks-rise-at-oil-firms-as-hackers-step-up-their-game-11650649127129.html 普丁把烏克蘭當成網攻的遊樂場？地緣政治資訊實戰 https://gvlf.gvm.com.tw/article/89393 俄大量網攻擾亂烏政軍經體系 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1500107 自俄烏開戰以來，至少有6個俄羅斯駭客集團針對烏克蘭發動逾200次攻擊 https://www.ithome.com.tw/news/150664 從烏克蘭戰爭開戰至今，俄羅斯駭客已攻擊烏克蘭237次 https://blogs.microsoft.com/on-the-issues/2022/04/27/hybrid-war-ukraine-russia-cyberattacks/ 微軟報告：俄羅斯武攻、網攻齊下烏克蘭防禦力超預期 https://udn.com/news/story/122663/6276513?from=udn-catelistnews_ch2 WordPress網站再度成為駭客攻擊烏克蘭的工具，被用於感染用戶電腦發動DDoS攻擊 https://www.bleepingcomputer.com/news/security/ukraine-targeted-by-ddos-attacks-from-compromised-wordpress-sites/ 涉為北韓竊情報南韓1名現役軍人與1名商人落網 https://www.cna.com.tw/news/aopl/202204290200.aspx 兩名韓國公民因幫助間諜獲取軍事機密而被指控 https://news.cnyes.com/news/id/4861619 南韓斬首部隊向北韓駭客洩密！收受巨額虛擬貨幣　駭取軍事情報 https://www.ettoday.net/news/20220430/2241056.htm T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code https://thehackernews.com/2022/04/t-mobile-admits-lapsus-hackers-gained.html Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System https://thehackernews.com/2022/04/microsoft-discovers-new-privilege.html Microsoft Documents Over 200 Cyberattacks by Russia Against Ukraine https://thehackernews.com/2022/04/microsoft-documents-over-200.html Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group https://thehackernews.com/2022/04/experts-detail-3-hacking-teams-working.html Indian Govt Orders Organizations to Report Security Breaches Within 6 Hours to CERT-In https://thehackernews.com/2022/04/indian-govt-orders-organisations-to.html U.S. Offers $10 Million Bounty for Information on 6 Russian Military Hackers https://thehackernews.com/2022/04/us-offers-10-million-bounty-for.html 資安工程師 https://www.104.com.tw/job/7m7x7 【Architect】Linux資安研發工程師 https://www.cakeresume.com/companies/teamt5-org-tw/jobs/dcf3c5?locale=zh-TW 資安工程師 https://hunter.104.com.tw/zh-cn/job/FG00005249 資安經理/副理 (跨國金控) https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E7%B6%93%E7%90%86-%E5%89%AF%E7%90%86-%E8%B7%A8%E5%9C%8B%E9%87%91%E6%8E%A7-at-michael-page-3035616932/?originalSubdomain=tw 資安實習工程師 https://www.104.com.tw/job/7m9wu 資安工程師(駐點基隆) https://www.104.com.tw/job/7mcik 資安開發工程師-ACSI https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E9%96%8B%E7%99%BC%E5%B7%A5%E7%A8%8B%E5%B8%AB-acsi-at-acer-3050940666/?originalSubdomain=tw 資安服務工程師_某知名公司 (3005192) https://headhunt.com.tw/Pages/job-description.aspx?id=3005192 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全駭客冒充執法官員竊取數據誘騙勒索！眾多科技巨頭受害 https://times.hinet.net/news/23884072 網傳網址「蔡英文的最新投資讓專家們感到敬畏，也讓大銀行產生恐慌」、「儘管不知道麥克風已經打開，但她的言論震驚了世界」 https://tfc-taiwan.org.tw/articles/7271 想刪除網路「隱私資訊」怎辦？Google：2條件優先 https://news.ebc.net.tw/news/living/314792 維護用戶隱私！Google宣布：允許刪除個人敏感資訊 https://times.hinet.net/news/23886314 駭侵團體宣稱駭入可口可樂，竊得大量機敏資訊 https://www.twcert.org.tw/tw/cp-104-6078-825c8-1.html 駭客組織聲稱入侵可口可樂，竊得161 GB資料 https://www.bleepingcomputer.com/news/security/coca-cola-investigates-hackers-claims-of-breach-and-data-theft/ 北投麗禧酒店疑客戶個資外洩　買溫泉券竟被詐騙歹徒盯上成肥羊 https://beanfun.com/articles/detail/1518936108895834112?country=tw&site=446 在咖啡廳工作也會被竊取資料？公共 Wi-Fi 釀資安風險，用關鍵步驟加值個資保護層 https://buzzorange.com/techorange/2022/04/27/wife-infor/ 美國法官下令，Uber提交2016年數據洩露事件相關記錄 https://news.knowing.asia/news/4600ba2f-15e1-4267-b4f3-b37491b5a71e 網路釣魚假冒 Facebook 攻擊手法翻新！防範臉書帳密遭盜用3招破解 https://3c.ltn.com.tw/news/48835 復仇者聯盟臥底阻詐騙香港仙股投資群組藏陷阱 https://times.hinet.net/news/23889203 E.研究報告/工具所有人的零信任：實用指南 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9835 既有法遵面臨挑戰雲世代資安長如何應對 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=80&id=0000634213_DSW3A9HZ0TK4SM4Q3M2OK 傳統網路顯露疲態 SDN開啟下世代網路新革命 https://reurl.cc/A7RYmp 資安學習路上-怎麼開始的 https://www.potatomedia.co/post/68fa09d2-6a9f-411a-88ad-3b2a33771b33 資安長 (CISO) 該擔心的不只資料外洩或勒索病毒, 別忽略「礦坑的金絲雀」-加密貨幣挖礦 https://blog.trendmicro.com.tw/?p=71910 為何資安與 DevOps 的協作如此重要 http://www.omniwaresoft.com.tw/product-news/elastic-news/how-to-build-collaboration-across-security-and-devops/ Shiro550反序列化漏洞分析 https://mp.weixin.qq.com/s?__biz=Mzg2NjU0MjA0Ng==&mid=2247485888&idx=1&sn=71385d297e97bf118f50334664be9f31 滲透測試｜記一次bypass拿下主機過程 https://mp.weixin.qq.com/s?__biz=MzkwMDMxMzIzNA==&mid=2247488932&idx=1&sn=281c267970f5c0bceaefc111827827ed Surfshark 提供 12 個方法加強資安防止智慧型電視不被駭客入侵，或者被監視 https://iqmore.tw/surfshark-smart-tv-vpn-news The 6 Cybersecurity Certifications You Must know About https://blog.magda-on-cyber.com/the-5-cybersecurity-certifications-you-must-know-about-ebd4c37b02b7 Top 15 IT Certifications in 2022 https://arctutorials.medium.com/top-15-it-certifications-in-2022-97a1538f7c81 20 Linux commands that every Computer Science Engineer must know https://medium.com/@SingaramPalaniappan/20-linux-commands-that-every-computer-science-engineer-must-know-dc022674e0ee 10 Hardest Python Questions https://medium.com/@saint_sdmn/10-hardest-python-questions-98986c8cd309 Bypassing Login Page in 2 Mins https://aravind07.medium.com/bypassing-login-page-in-2-mins-5b773d46f4d Remove the if-else hell https://medium.com/javarevisited/remove-the-if-else-hell-java-7927194bd2e Say goodbye to Let’s Encrypt, welcome Google-managed SSL certificates https://xbery.medium.com/say-goodbye-to-lets-encrypt-welcome-google-managed-ssl-certificates-4d92831750e1 Comments: How Google Developers write their comments https://paigeshin1991.medium.com/comments-how-google-developers-write-their-comments-5443657ecc4b From File Upload to Command Injection to AWS compromise https://systemweakness.com/from-file-upload-to-command-injection-to-aws-compromise-e937271bff2e BITB (browser in the browser)Attack https://infosecwriteups.com/bitb-browser-in-the-browser-attack-e2008c405701 8 Visual Studio Code extensions: I’m in Love with https://medium.com/codex/8-visual-studio-code-extensions-im-in-love-with-4d07786801cc Dependency Inversion Principle: How Google Developers write code https://paigeshin1991.medium.com/dependency-inversion-principle-how-google-developers-write-code-f6cbd3b530a6 How I Got an Interview with Microsoft https://medium.com/@gertrude.kaneah.abagale/how-i-got-an-interview-with-microsoft-ccd6d37a3d87 My Raspberry Pi + ESP32 drone (or my first steps into robotics) https://medium.com/@tohntobshi/my-raspberry-pi-esp32-drone-or-my-first-steps-into-robotics-64c7e35b4777 Microservices Design Patterns https://learncsdesign.medium.com/microservices-design-patterns-91fe56a33a47 7 (Extreme) Performance Tips in JavaScript https://towardsdev.com/7-extreme-performance-tips-in-javascript-1544b3a9d03d How to Create One-Page Reports With Python https://python.plainenglish.io/one-page-reports-with-python-adf58432ae46 Becoming a “real” data analyst https://towardsdatascience.com/becoming-a-real-data-analyst-dcaf5f48bc34 3 Web Observers Every Web Developer Should Know https://levelup.gitconnected.com/3-web-observers-every-web-developer-should-know-c2f65302b5df I Switched Password Managers and It Changed Everything https://medium.com/macoclock/i-switched-password-managers-and-it-changed-everything-9b0417fe64a Git commands nobody has told you https://bootcamp.uxdesign.cc/git-commands-nobody-has-told-you-cd7025bea8db Valuable GitHub Repositories for Beginner Developer’s https://vatsalchauhan.medium.com/valuable-github-repositories-for-beginner-developers-f59d2a453902 Automate WhatsApp Messages with Python in 3 Steps https://towardsdatascience.com/automate-whatsapp-messages-with-python-in-3-steps-d64cf0de4539 F.商業 Palo Alto Networks 深度剖析2022 年勒索軟體威脅趨勢 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9829 F5：台灣對IT/OT、零信任和威脅情報技術整合最感興趣 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9826 Menlo雲端安全防護平台確保行動辦公安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9832 偉康科技擴張數位身份SaaS市場版圖，助NPO整合平台建構資安防禦網 https://www.techbang.com/posts/95796-webcomm-successfully-expands-the-digital-identity-saas-market 中華電信前進Secutech 2022 打造跨域智慧安全平台 https://udn.com/news/story/7240/6268740 東捷提供整合管理平台為製造業打造靈活供應鏈生態系 https://udn.com/news/story/7240/6268643 應用程式更易招入侵 Synopsys三招「源頭保護」免程式被黑客控制 https://www.wepro180.com/synopsys220331/ SailPoint：做好身分帳號管理才能做好企業資安 https://today.line.me/tw/v2/article/eLaXgPO 逾9成資安破口來自身分！SailPoint用AI提高身分安全管理，瞄準金融、供應鏈需求 https://www.bnext.com.tw/article/68854/sailpoint-iam 領先全球！Fortinet 連續 9 年居全球資安設備出貨量之冠 https://www.thehubnews.net/archives/96856 安碁資訊獨董提名李紀珠 https://www.sinotrade.com.tw/richclub/news/62697d995e4b846361c7ae19 趨勢科技整合產業技術推出Trend Micro One網路資安平台 https://www.techbang.com/posts/95865-trend-micro-launches-trend-micro-one-platform CyberArk調查報告指出暴漲的數位身分導致「資安債」持續擴大 http://www.compotechasia.com/a/press/2022/0428/51060.html Nozomi Networks成為CISA首家資安合作夥伴 https://ctee.com.tw/industrynews/technology/635734.html 漏洞管理解決方案業者Tenable買下外部攻擊面管理廠商Bit Discovery https://www.tenable.com/press-releases/Tenable-Agrees-To-Acquire-Bit-Discovery Radware 推出Terabit 等級 DDoS 緩解平台: DefensePro 800 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9838 中華電信佳績頻傳再度蟬聯臺灣證券交易所公司治理評鑑Top 5% https://times.hinet.net/news/23887634 耀睿引進中華電信核心網路率台灣O-RAN生態系邁大步 https://www.moneyweekly.com.tw/ArticleData/Info/Article/80590 訊連加入FIDO聯盟強化生物辨識技術 https://wantrich.chinatimes.com/news/20220428900778-420101 微軟測試將 VPN 安全網路深度導入 Edge 瀏覽器 https://www.kocpc.com.tw/archives/438184 G.政府華視「共軍開戰」出包案　調查局「災防法」報北檢指揮偵辦 https://www.setn.com/News.aspx?NewsID=1106410 掰了實聯制！防疫邁入下一階段　蔡英文：展現台灣堅強韌性 https://www.setn.com/News.aspx?NewsID=1107457 簡訊實聯制取消台中副市長、經發局長竟未用社交距離APP https://newtalk.tw/news/view/2022-04-28/746514 社交距離APP 議場備詢官員僅1/3下載 https://news.ltn.com.tw/news/life/paper/1514428 劉櫂豪要求NCC嚴懲華視重大疏失重視假訊息防範加強無人機連網資安 https://www.ly.gov.tw/Pages/Detail.aspx?nodeid=38917&pid=219145 資通安全網路月報(111年3月) https://nicst.ey.gov.tw/Page/8770AD7511CB8DC9/86891dc5-377f-4aad-ac4c-20a5eaa101ee 府遭駭變偽文件照劇本走　但時間序難辨真假分不清 https://rwnews.tw/Article/Detail/3481 終結總統府駭客電郵風暴　北檢「查無入侵來源」低調簽結 https://rwnews.tw/Article/Detail/3479 蔡英文連任就職前夕驚魂　連三封電郵挑動綠營內鬥敏感神經 https://rwnews.tw/Article/Detail/3480 新北線上疫調驚見正妹照？　衛生局：惡意轉傳重罰 https://www.ftvnews.com.tw/news/detail/2022429S08M1 快篩實名系統異常！單號今賣出3092份　陳時中：不會要求退貨 https://www.upmedia.mg/news_info.php?Type=24&SerialNo=143636 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安奧義智慧聯手菱鏡，共建車聯網資安生態系 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9831 Arm全方位物聯網解方亮相　加速產品開發流程 https://www.mem.com.tw/arti.php?sn=2204270007 Arm發表Cortex-M85微處理器，強化物聯網全面解決方案提升產品研發效率 https://www.techbang.com/posts/95883-arm-cortex-m85 車聯網興起但消費者付費意願低 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=220&id=0000634238_3TH3FAG02KYM5C97B17CX Alert (AA22-103A) APT Cyber Tools Targeting ICS/SCADA Devices https://www.cisa.gov/uscert/ncas/alerts/aa22-103a I.教育訓練中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班：全面招生中 https://www.cs.nycu.edu.tw/announcements/detail/8778 2022「證券期貨資訊安全實務養成課程」即日起開始報名 https://www.sfi.org.tw/news/news-7/3589 網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works) https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html 【資安管理國際證照懶人包】學習心得、考試要點一次整理！2022 轉職夢幻工作看這篇 https://buzzorange.com/techorange/2021/12/30/isaca/ CISSP考試心得 – Benson https://reurl.cc/GbWvxd CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 110年新進人員「校園資訊安全講座」教材 https://cc.nccu.edu.tw/p/406-1001-740,r18.php 【訓練教材D】資訊安全技術教育訓練教材 https://iscb.nchu.edu.tw/2019/07/d.html 109資通安全管理法數位教育訓練 https://reurl.cc/ARlmqp 110-1初級資訊安全工程師-資訊安全管理概論 https://yamol.tw/exam.php?id=104050 中大信息工程學系栽培資訊科技領導人才 https://reurl.cc/ARZKDK 伊雲谷、中山大學產學合作累積雲端資安人才能量 https://ctee.com.tw/industrynews/technology/587459.html SANS Cyber Aces Online Tutorials https://tutorials.cyberaces.org/tutorials.html Free Online Cybersecurity Courses (MOOCs) https://www.cyberdegrees.org/resources/free-online-courses/ Develop Your Cybersecurity Skills https://www.cybrary.it/catalog/cybersecurity/ Mobile App Security https://www.cybrary.it/course/mobile-app-security/ Introduction to Cybersecurity https://reurl.cc/bnaj6d How to Tackle SaaS Security Misconfigurations https://thehackernews.com/2021/11/how-to-tackle-saas-security.html How to Build a Security Awareness Training Program that Yields Measurable Results https://thehackernews.com/2021/11/how-to-build-security-awareness.html Common Attacks https://choson.lifenet.com.tw/?p=1174 6.近期資安活動及研討會從Python到TensorFlow線上讀書會-Python基礎導讀(7) -第七章 tuple與串列 2022/5/3 https://www.meetup.com/TensorFlow-User-Group-Taipei/events/284265348/ 資安社 - 大學之道: 新興資安威脅下的主動出擊-淺談 Honeynet 誘捕技術 2022/5/4 https://nsysuisc.kktix.cc/events/20220504 Android Code Club(Taipei) 2022/5/4 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/285269125/ SyntaxError 2022/5/4 https://www.meetup.com/pythonhug/events/285269148/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會淡水 2022/5/5 https://www.meetup.com/hackingthursday/events/285290707/ 【資安系列講座】去中心化神話也暗藏危機? 區塊鏈安全線上講座 2022/5/7 https://hackersir.kktix.cc/events/20220507blockchain Scala Taiwan Mokumoku #15 2022/5/7 https://www.meetup.com/Scala-Taiwan-Meetup/events/285310131/ Just a chat - with no Expectations 2022/5/7 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/285326731/ Empowering Yourself, Empowering Others | 一場蛻變的旅程 | Part 1 2022/5/8 https://www.meetup.com/Women-Who-Code-Taipei/events/285321784/ K12的科技教育-除了程式還可以教什麼 2022/5/9 https://www.meetup.com/rladies-taipei/events/284421238/ 資安社 - 大學之道: 數位時代的資安素養入門-認識資安搶旗賽、參賽經驗分享 2022/5/11 https://nsysuisc.kktix.cc/events/20220511ctf 沙崙資安基地線上免費資安課程個人資料盤點暨風險評鑑實務 2022/5/12 https://bit.ly/3kcdoRg Taipei Creative Coders Meetup #17 2022/5/13 https://www.meetup.com/tpecreativecoders/events/285540074/ 元智資工高中生短期資訊課程-微插電資安體驗工作坊 2022/5/14 https://cse-yzu.kktix.cc/events/yzcs7 沙崙資安基地線上免費資安課程多的是你不知道的事-揭秘OSINT 2022/5/24 https://bit.ly/3vDkjYO 釣魚釣魚釣到你_白帽駭客教你如何利用人性弱點突破防禦 2022/5/25 http://www.cs.thu.edu.tw/web/news/detail.php?id=4129 資安政策法規標準 2022/5/25 ~ 2022/5/26 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19873 國家高速網路與計算中心教育訓練「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=course_index 資訊安全系列課程系列九：機器學習與資安異常診斷實務(第1期) 2022/6/7 https://www.tabf.org.tw/CourseDetail.aspx?PID=487302 駭客奪旗攻防演練：金融資安人才養成專班(第1期) 2022/04/28~2022/06/09 https://www.tabf.org.tw/CourseDetail.aspx?PID=487750 國家高速網路與計算中心教育訓練「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=homepage 風險導向資安稽核 2022/7/20 https://www.cisanet.org.tw/Course/Detail/2756 2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22 https://jamf.kktix.cc/events/cybersec2022jamf