資安事件新聞週報 2022/2/14 ~ 2022/2/18

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/2/14 ~ 2022/2/18 1.重大弱點漏洞/後門/Exploit/Zero Day Log4j2 In The Wild | Iranian-Aligned Threat Actor TunnelVision Actively Exploiting VMware Horizon https://reurl.cc/mGpaEW 又是鎖定Log4Shell漏洞，對VMware遠距工作平臺的攻擊行動，這次動手的是伊朗駭客TunnelVision https://reurl.cc/mGpaEW 針對可被攻擊者用於規避掃描的弱點，微軟疑似悄悄修補了Windows防毒軟體 https://reurl.cc/g0r9LR 微軟修補了讓駭客繞過Defender掃瞄的漏洞 https://www.ithome.com.tw/news/149373 Microsoft 推出 2022 年 2 月 Patch Tuesday 資安修補包 https://blog.twnic.tw/2022/02/15/21865/ 微軟Windows作業系統存在多個安全漏洞 https://ic.cgu.edu.tw/p/16-1016-86908.php?Lang=zh-tw 非關聯式資料庫Apache Cassandra出現RCE漏洞 https://reurl.cc/zMQ0x0 High-Severity RCE Security Bug Reported in Apache Cassandra Database Software https://thehackernews.com/2022/02/high-severity-rce-security-bug-reported.html 電商平臺Magento再傳重大漏洞，且已出現攻擊行動 https://reurl.cc/9OWM2j Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released https://thehackernews.com/2022/02/critical-magento-0-day-vulnerability.html Google Chrome 緊急修復一個已遭濫用於攻擊的 0-day 漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9726 Google緊急修補已遭開採的Chrome弱點 https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html VMware 發布多個產品的安全更新 https://reurl.cc/pWp77x VMware虛擬化平臺存在漏洞，可被惡意軟體用於逃脫VM並攻擊主機 https://www.vmware.com/security/advisories/VMSA-2022-0004.html VMware Issues Security Patches for High-Severity Flaws Affecting Multiple Products https://thehackernews.com/2022/02/vmware-issues-security-patches-for-high.html NOD32 Antivirus 存在權限許可和連接控制問題弱點 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-37852 Radareorg Radare2 中存在資源管理錯誤弱點 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-0139 SAP多個產品存在環境問題弱點 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22532 美國要求聯邦機構於2週內修補Safari重大漏洞 https://reurl.cc/oevOxq Apple 已修復 Safari 的網站歷史資料洩露 IndexedDB 隱私漏洞 https://blog.twnic.tw/2022/02/14/21845/ Security Bulletin: Polkit as used by IBM® QRadar SIEM is vulnerable to privilege escalation (CVE-2021-4034) https://www.ibm.com/support/pages/node/6557426?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E Security Bulletin: OpenSSL as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-3712) https://www.ibm.com/support/pages/node/6557430?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager https://thehackernews.com/2022/02/new-linux-privilege-escalation-flaw.html 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安台新金:台新金控代子公司台新銀行公告設置資安長 https://news.cnyes.com/news/id/4815816 開發金:中華開發金控代子公司凱基證券公告資安長就任 https://news.cnyes.com/news/id/4816590 第一金證新設資安長到任強化交易安全 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=b1bd812e-bedd-4929-a64a-e79e5093c1d1 〈玉山金法說〉科技聯隊六巨頭亮相領軍1300位人才拚數位轉型 https://news.cnyes.com/news/id/4814493 玉山銀組「科技聯隊」！科技長張智星：加密貨幣投機成分高、NFT像藝術品交易 https://www.bnext.com.tw/article/67688/e.sun-bank-2022 中華電轉投資將來銀行 3月開張 https://times.hinet.net/news/23757648 櫃買中心提醒各證券商強化資安作為 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9724 證券商資安長設置情形 https://dsp.twse.com.tw/page/security.html 集保結算所以大數據為根本，推動視訊輔助股東會平台多項數位創新 https://fnc.ebc.net.tw/fncnews/headline/146772 Spanish Police Arrest SIM Swappers Who Stole Money from Victims Bank Accounts https://thehackernews.com/2022/02/spanish-police-arrest-sim-swappers-who.html 俄烏恐開戰！立陶宛通知國內銀行　準備好因應網攻和斷電 https://www.setn.com/News.aspx?NewsID=1072550 3.電子支付/行動支付/pay/資安台灣第三方支付「紅綠藍」三足鼎立，綠界科技物流＋金流策略成功，預計3/15掛牌上櫃、承銷價760元 https://www.thenewslens.com/article/162915 LINE Pay 獨立 App 2/15 釋出新版，未納入一卡通 MONEY 服務 https://technews.tw/2022/02/10/to-update-new-line-app-since-february-15/ 與一卡通合約明年到期！LINE Pay 好友轉帳有可能取消 https://agirls.aotter.net/post/60440 一卡通Money將打造獨立APP！LINE Pay大改版後，雙方如何受影響 https://www.bnext.com.tw/article/67692/new-line-pay-app LINE好友轉帳明年2月恐終止一卡通年底前上架獨立APP https://udn.com/news/story/7086/6100106 誰能實現一個電支App一路用到底就能稱王生態圈成電子支付指標 https://reurl.cc/2Da5ja 全家向金管會申請電子支付執照全聯最慢3月底前要提出 https://udn.com/news/story/7239/6089419 悠遊付會員竄升第三　全盈支付已申請執照 https://www.cardu.com.tw/news/detail.php?45402 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約資安火幣交易所安全嗎？PTT 網友評價彙整與分析 https://applealmond.com/posts/133098 駭客洗劫難追回買加密貨幣前要先懂資安風險 https://vip.udn.com/vip/story/121938/6103782 68%的美國人意識到加密貨幣所涉及的風險 https://news.cnyes.com/news/id/4816242 加密資產不是避風港，NFT 首次被查封 https://finance.technews.tw/2022/02/18/hmrc-nft/ 美國司法部任命國家加密貨幣執法團隊負責人 https://reurl.cc/6EGWqM AscendEX安全事件涉事駭客已經開始洗錢 https://amp-news.cnyes.com/news/id/4816448 數據：有4068個 "犯罪巨鯨「持有價值250億美元的加密貨幣 https://news.cnyes.com/news/id/4815483 Filecoin與Polygon達成合作擬共同發展NFT與元宇宙項目 https://news.cnyes.com/news/id/4815147?exp=a 249款假虛擬貨幣錢包應用程式模仿MetaMask、imToken、Bitpie和Trust Wallet，共盜取超過430萬美元 https://blog.trendmicro.com.tw/?p=71214 央行數位貨幣場景試驗預計9月完成國內銀行備戰接招 https://www.rti.org.tw/news/view/id/2124620 比特幣為何迷人，投資者不畏高風險也要買？教父級科技大神分析「加密貨幣」運作原理 https://www.businessweekly.com.tw/management/blog/3009091 大頭相放NFT更吸引首次約會用比特幣付款有第二次約會機會大增 https://reurl.cc/Wkbp3y NFT項目AOTAVERSE回應攻擊：賠償用戶損失，開售順延兩天 https://news.cnyes.com/news/id/4814638 IRA Financial的加密退休帳戶上周被駭客攻擊，損失高達3600萬美元 https://news.cnyes.com/news/id/4814444?exp=a 搶搭元宇宙商機，供應鏈資安跟上了嗎？資料加密大解析 https://marketing.ares.com.tw/newsletter/2022-02-financial-reporting/metaverse-file-encryption 數字人民幣冬奧大成功！VISA獨占36年被打破 https://reurl.cc/jk6by2 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 「它們回來了！」FBI警告資安危機連政府機關都被攻擊 https://www.chinatimes.com/realtimenews/20220217005255-260412?chdtv 美國FBI發布勒索軟體BlackByte入侵指標，已有3種領域的關鍵基礎設施實體受害 https://www.ic3.gov/Media/News/2022/220211.pdf 新興「勒索軟體組織」重出江湖！FBI建議用6招防範電腦遭駭 https://3c.ltn.com.tw/news/47719 日本警告惡意軟體Emotet於2月初攻擊行動升溫 https://www.jpcert.or.jp/at/2022/at220006.html 惡意軟體Emotet透過以密碼保護的ZIP檔案散布 https://unit42.paloaltonetworks.com/new-emotet-infection-method/ 惡意軟體TrickBot攻擊60家知名企業的顧客 https://reurl.cc/Np23Ve TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020 https://thehackernews.com/2022/02/trickbot-malware-targeted-customers-of.html 駭客溜進Microsoft Teams會議以大量散布木馬程式 https://www.ithome.com.tw/news/149442 駭客透過Teams討論群組散布惡意程式，恐能對數百萬人下手 https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations 駭客利用惡意軟體Squirrelwaffle與Exchange重大漏洞，進行金融詐欺攻擊 https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/ 駭客以NFT為誘餌，散布木馬程式BitRAT https://www.fortinet.com/blog/threat-research/nft-lure-used-to-distribute-bitrat 惡意軟體MyloBot捲土重來，採用極為迂迴的方法規避偵測 https://blog.minerva-labs.com/mylobot-2022-so-many-evasive-techniques-just-to-send-extortion-emails 勒索軟體Black Cat攻擊機場地勤服務業者Swissport，聲稱竊得1.6 TB資料 https://www.bleepingcomputer.com/news/security/blackcat-alphv-claims-swissport-ransomware-attack-leaks-data/ 駭客組織TA2541鎖定交通與國防產業下手，散布木馬程式 https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight 運動用品業者美津濃傳出將延遲出貨，原因疑似是遭到勒索軟體攻擊 https://www.bleepingcomputer.com/news/security/sports-brand-mizuno-hit-with-ransomware-attack-delaying-orders/ 歐洲大型汽車經銷商成為Hive勒索軟體的受害者 https://www.zdnet.com/article/europes-biggest-car-dealer-hit-with-ransomware-attack/ 勒索軟體Vice Society攻擊派遣人力業者Parasol Group，竊得資料疑似於暗網公開 https://www.theregister.com/2022/02/11/optionis_stolen_data/ 勒索軟體不法所得 74%流向俄羅斯 https://udn.com/news/story/6812/6099947 利用Office文件針對Windows Rgsvr32公用程式攻擊大量增加 https://www.ithome.com.tw/news/149351 駭客利用Regsvr32元件於受害電腦載入Qbot、Lokibot等惡意軟體 https://www.uptycs.com/blog/attackers-increasingly-adopting-regsvr32-utility-execution-via-office-documents 美式足球隊遭BlackByte勒索軟體攻擊 https://therecord.media/san-francisco-49ers-confirm-ransomware-attack/ Cyber attack of UAC-0056 group on state organizations of Ukraine using malicious programs SaintBot and OutSteel (CERT-UA # 3799) https://cert.gov.ua/article/18419 New Emotet Infection Method https://unit42.paloaltonetworks.com/new-emotet-infection-method/ Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months https://www.fortinet.com/blog/threat-research/guard-your-drive-from-driveguard 木馬程式ShadowPad疑似與中國人民解放軍有關 https://www.secureworks.com/research/shadowpad-malware-analysis Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA https://thehackernews.com/2022/02/researchers-link-shadowpad-malware.html ShadowPad Malware Analysis | Secureworks https://www.secureworks.com/research/shadowpad-malware-analysis Charting TA2541's Flight https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight +380-GlowSpark https://inquest.net/blog/2022/02/10/380-glowspark NFT Lure Used to Distribute BitRAT https://www.fortinet.com/blog/threat-research/nft-lure-used-to-distribute-bitrat Attackers Disguise RedLine Stealer as a Windows 11 Upgrade https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/ Researchers Warn of a New Golang-based Botnet Under Continuous Development https://thehackernews.com/2022/02/researchers-warn-of-new-golang-based.html EU Data Protection Watchdog Calls for Ban on Pegasus-like Commercial Spyware https://thehackernews.com/2022/02/eu-data-protection-watchdog-calls-for.html New MyloBot Malware Variant Sends Sextortion Emails Demanding $2,732 in Bitcoin https://thehackernews.com/2022/02/new-mylobot-malware-variant-sends.html FritzFrog P2P Botnet Attacking Healthcare, Education and Government Sectors https://thehackernews.com/2022/02/fritzfrog-p2p-botnet-attacking.html PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans https://thehackernews.com/2022/02/pseudomanuscrypt-malware-spreading-same.html Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware https://thehackernews.com/2022/02/iranian-hackers-targeting-vmware.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊獲蘋果、Meta青睞！Email提醒工具FollowUpThen好用在哪？2步驟讓行程不漏接 https://www.bnext.com.tw/article/67703/followupthen FBI警告！掃QR Code也會出事駭客1手法秒控制銀行帳戶 https://reurl.cc/Op6d93 Google 要為 Android 用戶打造隱私沙盒！廣告商該何去何從 https://buzzorange.com/techorange/2022/02/18/google-andriod-privacy-sandbox/ Google Bringing Privacy Sandbox to Android to Limit Sharing of User Data https://thehackernews.com/2022/02/google-bringing-privacy-sandbox-to.html Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw https://thehackernews.com/2022/02/apple-releases-ios-ipados-macos-updates.html iPhone WiFi隱私權警告要怎麼解決？教你10招技巧快速修正 https://mrmad.com.tw/how-fix-iphone-wifi-privacy-warning 手機資安僅iPhone過關不合格8成是大陸品牌 https://reurl.cc/Rj2AAZ 蘋果釋出iOS 15.3.1更新！修復點字顯示器異常錯誤 https://www.sogi.com.tw/articles/apple_ios_15/6257432 蘋果WebKit漏洞也波及iPhone及iPad上的Chrome與Firefox等瀏覽器 https://www.ithome.com.tw/news/149361 macOS版Zoom驚傳臭蟲，會議結束後仍占用麥克風，恐影響用戶隱私 https://www.theverge.com/2022/2/12/22930588/zoom-update-psa-macos-monterey-mic-indicator-light-bug 比利時示警：勿用華為和小米手機資訊恐送中 https://ec.ltn.com.tw/article/breakingnews/3829768 比利時官員警告：使用中國手機恐將用戶數據送至中國 https://technews.tw/2022/02/15/huawei-xiaomi-china/ 用LINE罵主管被已讀她按到致命刪除鍵神人教這招挽回 https://www.chinatimes.com/realtimenews/20220214004908-260405?chdtv 印度再封殺中國App！資安屢爆爭議北京「冬奧通」也遭疑恐有安全漏洞 https://www.youtube.com/watch?v=LPwCIFgO0RM 安全疑慮大！日本代表團長：返國後徹底刪除北京冬奧App https://www.setn.com/News.aspx?NewsID=1071036 手機借駭客冒名向foodpanda詐訂尿布男子下場慘了 https://www.chinatimes.com/realtimenews/20220214001107-260402?chdtv 保障國民隱私資安　印度再禁逾54款中國app上架 https://reurl.cc/2Da5Ya C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力過半企業砸大錢買資安設備，專家示警：高層資安管理參與不足才是危機 https://www.bnext.com.tw/article/67693/trendmicro-report 別只是花錢消災，企業內部資安整合成降低被駭風險關鍵 https://finance.technews.tw/2022/02/15/it-enterprise/ 服務及資安設備需求殷切電腦程式設計業營業額遞新猷 https://www.chinatimes.com/realtimenews/20220218001619-260410?chdtv 紅十字會遭駭調查結果出爐，疑似是國家級駭客鎖定Zoho密碼自助管理平臺漏洞下手 https://www.icrc.org/en/document/icrc-cyber-attack-analysis 傻眼！碩士班考試前一天地點反覆改　台北大學：疑有駭客入侵 https://tw.appledaily.com/life/20220213/2IDK4JQ7CFC7VACGBFLY6HCW44/ 烏克蘭遭遇當地歷來最大型 DDoS 攻擊 https://unwire.pro/2022/02/17/ddos-2/security/ 烏克蘭國防部與2家國營銀行，驚傳遭到DDoS攻擊 https://reurl.cc/g0r99R 才剛喊完撤軍！烏克蘭遭俄駭客網攻 https://reurl.cc/pWp74Z 烏克蘭政府網站疑遭俄羅斯網攻莫斯科否認 https://udn.com/news/story/122663/6102966 法國稱｢俄軍數量仍一樣｣愛沙尼亞情報機構：俄恐發動有限軍事攻擊 https://times.hinet.net/news/23761481 美國指控俄羅斯攻擊國防產業，竊取軍事機密 https://www.cisa.gov/uscert/ncas/alerts/aa22-047a 監測川普網路資料？柯林頓斥：塑造假醜聞 https://www.worldjournal.com/wj/story/121172/6104801 新「水門事件」曝光！希拉里僱駭客入侵川普大廈和白宮伺服器，恐面臨刑事指控 https://vitomag.com/society/tzzrw.html 隱形的間諜活動外媒披露陸駭客如何竊取F-35關鍵科技 https://www.chinatimes.com/realtimenews/20220216002107-260417?chdtv 找駭客「偷蔡英文病歷」！前國會助理淪共諜遭判刑定讞 https://today.line.me/tw/v2/article/Gg01VEY 學者：中共網路輿論戰多借力使力利用台灣多元言論進行分化 https://www.rti.org.tw/news/view/id/2124677 受到來自中共國的網路攻擊 https://gnews.org/zh-hant/2000601/ 駭客組織疑似串通印度政府，攻擊人權鬥士和律師的電腦，企圖找出定罪的依據 https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/ 英國外交部年初曾因嚴重網路攻擊要求支援 https://technews.tw/2022/02/14/uk-foreign-office-hit-by-cyber-attack/ 美國指俄羅斯涉嫌資助駭客，攻擊美國國防承包商竊取武器技術 https://reurl.cc/veEyGa Getting Your SOC 2 Compliance as a SaaS Company https://thehackernews.com/2022/02/getting-your-soc-2-compliance-as-saas.html Moses Staff Hackers Targeting Israeli Organizations for Cyber Espionage https://thehackernews.com/2022/02/moses-staff-hackers-targeting-israeli.html Experts Warn of Hacking Group Targeting Aviation and Defense Sectors https://thehackernews.com/2022/02/experts-warn-of-hacking-group-targeting.html Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers https://thehackernews.com/2022/02/hackers-planted-fake-digital-evidence.html 【資訊安全處/資安部資安技術課】課長/副理 https://www.104.com.tw/job/7j767 資安顧問 https://hunter.104.com.tw/zh-tw/job/DE02004819 【中山區】高級資安工程師 https://www.104.com.tw/job/7j2g6 集保結算所史上最大規模徵才培力青年推升永續 https://www.taiwannews.com.tw/ch/news/4443997 集保結算所擴大徵才開出資安金融數位等職缺 http://www.ksnews.com.tw/index.php/news/contents_page/0001572384 資安工程師 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?R2=11&EMPLOYER_ID=150030&HIRE_ID=10893063 中華電信再創高峰　1月份營收174.2億　永續新佈局招募人才 https://www.1111.com.tw/news/jobns/144100 MIS資訊主管/資深網管工程師 https://www.104.com.tw/job/7iw0w?jobsource=hotjob_chr 資安專案主管(K0600) https://www.104.com.tw/job/5f795?jobsource=hotjob_chr 資安檢測工程師 https://www.104.com.tw/job/70fzv?jobsource=jolist_a_relevance 資安鑑識工程師 https://www.104.com.tw/job/6isjn?jobsource=jolist_a_relevance 資安專案經理/Project Manager https://www.104.com.tw/job/2w0gs?jobsource=jolist_a_relevance 資安技術顧問(Presales) https://www.104.com.tw/job/6kyxs?jobsource=jolist_a_relevance 政府機關駐點資安工程師(長期約聘/正職) https://www.104.com.tw/job/2w4t5?jobsource=jolist_a_relevance 資安檢測工程師 https://www.104.com.tw/job/64myq?jobsource=jolist_a_relevance (SOC)一線資安監控工程師(長期約聘，表現優良轉正職) https://www.104.com.tw/job/3iqxk?jobsource=jolist_a_relevance 資安鑑識分析師 https://www.104.com.tw/job/5xtj0?jobsource=jolist_a_relevance 行動App威脅獵捕分析師 https://www.cakeresume.com/companies/cyfoundry/jobs/mobile-app-threat-hunting-analyst 財金資訊股份有限公司 111 年資訊、稽核暨文書人員 https://reurl.cc/6EGAgr 財金資訊股份有限公司 111 年資安人員 https://reurl.cc/44l2R3 資安工程師 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=19929&HIRE_ID=10983503 產品支援工程師(Support Engineer/熟資安產品佳) https://www.cakeresume.com/companies/teamt5-org-tw/jobs/489be8?locale=id 富邦證券-資安治理專業人員 https://www.104.com.tw/job/7iqc0 專案與資安業務專員 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?R2=5&EMPLOYER_ID=93184&HIRE_ID=10996045 A02資安專案主管 https://www.104.com.tw/job/7jbt2 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Observed phishing indicators https://otx.alienvault.com/pulse/620e20141e013849fc00b614 美國芝加哥地區醫院遭到網路攻擊，11.6萬病人資料外洩 https://www.scmagazine.com/analysis/breach/south-shore-hospital-network-hack-impacts-data-of-116k-patients 香港海逸飯店驚傳資料外洩，逾120萬住客受到影響 https://www.scmp.com/news/hong-kong/law-and-crime/article/3166739/cyberattack-harbour-plaza-hotels-hong-kong-exposes 5成民眾「自我感覺良好」有3類人被認為最常放消息 https://www.rti.org.tw/news/view/id/2124911 投資詐騙層出不窮金管會：1至2月中旬檢舉案達60件 https://ec.ltn.com.tw/article/breakingnews/3833433 Facebook Agrees to Pay $90 Million to Settle Decade-Old Privacy Violation Case https://thehackernews.com/2022/02/facebook-agrees-to-pay-90-million-to.html Puma 因 Kronos人資管理系統遭勒贖攻擊，近半員工機敏資料外洩 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=12&aid=9707 France Rules That Using Google Analytics Violates GDPR Data Protection Law https://thehackernews.com/2022/02/france-rules-that-using-google.html 臺灣隱形眼鏡製造商晶碩製程機密遭前員工竊取，險外流中國 https://tw.appledaily.com/local/20220207/3TAFE6E2CRFQDNI7PGXKLKDINQ/ 晶碩爆發內鬼帶槍投靠，機密技術險流入紅色供應鏈！一文解讀台廠強勢製造力 https://www.bnext.com.tw/article/67721/pegavision-production-cne 克羅埃西亞電信業者傳出資料外洩，20萬用戶恐受波及 https://www.bleepingcomputer.com/news/security/croatian-phone-carrier-data-breach-impacts-200-000-clients/ Meta又被告！德州控FB臉部辨識系統侵犯隱私 https://reurl.cc/9OWgrY 北市府抽獎網站疑出現後臺使用者管理介面，參加者個資恐外洩 https://www.ftvnews.com.tw/news/detail/2022211S07M1 新州防疫二維碼數據泄露 50萬個機構被公開 https://www.epochtimes.com/b5/22/2/14/n13576930.htm Microsoft Warns of 'Ice Phishing' Threat on Web3 and Decentralized Networks https://thehackernews.com/2022/02/microsoft-warns-of-ice-phishing-threat.html 中國擁百萬個資平台今起赴海外上市前須審查 https://www.worldjournal.com/wj/story/121474/6098941 駭客搭訕套路大公開，趨勢科技教你避開情人節詐騙地雷 https://reurl.cc/k7pGaG 柯文哲兒子網購書籍遭騙15萬　逮7嫌最小僅12歲！1人竟輕生亡 https://www.appledaily.com.tw/local/20220215/5QF3YUB5S5CEXLUJF3VOV3POO4/ 小心 Instagram、Reddit、Grindr、Cash App 及 PayPal 上的「乾爹」詐騙 https://blog.trendmicro.com.tw/?p=71057 火辣姐姐誘網愛！他遭側錄恐嚇10萬竟回「你外流吧」　騙徒瞬間呆愣 https://tw.appledaily.com/local/20220219/CX4EVKIVMJDZ3JOQFN3FBJ4KAE/ E.研究報告/工具萬用字元 SSL/TLS 憑證為什麼不安全 https://blog.darkthread.net/blog/wildcard-tls-cert-risk/ This New Tool Can Retrieve Pixelated Text from Redacted Documents https://thehackernews.com/2022/02/this-new-tool-can-retrieve-pixelated.html COVID Does Not Spread to Computers https://thehackernews.com/2022/02/covid-does-not-spread-to-computers.html 美國兩黨議員合推NUDGE法案擬要求演算法透明化 https://tfc-taiwan.org.tw/articles/6938 商用SSL資安憑證廠牌該如何挑選，以動物園主機賣的幾個來舉例。不是免費SSL憑證喔。 https://reurl.cc/3jkG80 你的網路不是你的網路，你該改用 VPN 上網的三個理由 https://technews.tw/2022/02/17/3-reasons-for-using-surfshark-vpn/ 4 Cloud Data Security Best Practices All Businesses Should Follow Today https://thehackernews.com/2022/02/4-cloud-data-security-best-practices.html Python Basics for Hackers, Part 1: Getting Started with Python https://www.hackers-arise.com/post/2018/01/08/python-scripting-for-hackers-part-1-getting-started STATIC TAINT ANALYSIS USING BINARY NINJA: A CASE STUDY OF MYSQL CLUSTER VULNERABILITIES https://www.zerodayinitiative.com/blog/2022/2/14/static-taint-analysis-using-binary-ninja-a-case-study-of-mysql-cluster-vulnerabilities Hadoop 3.2.2 Installation Guide for Windows 10 https://medium.com/@pedro.a.hdez.a/hadoop-3-2-2-installation-guide-for-windows-10-454f5b5c22d3 紅隊體系化學習路徑（附學習思維導圖） https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247502745&idx=1&sn=0c0f52442fc09485045c04d3c91e848f F.商業紅帽擴展Kubernetes平台新增含軟體定義儲存的資料服務 https://reurl.cc/Np23le BlackBerry預料今年中小企每天被hack次數逾11次元宇宙讓舊招數重新普及 https://reurl.cc/k7pm83 Check Point Software: 2022 年應注意軟體供應鏈攻擊狂潮 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9705 SafeDNS: Cloud-based Internet Security and Web Filtering Solution for MSPs https://thehackernews.com/2022/02/safedns-cloud-based-internet-security.html 2022年VMware預測5大趨勢：雲、安全、應用、企業區塊鏈 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=9713 思科擬開價200億美元買下大數據分析業者Splunk https://www.wsj.com/articles/cisco-made-20-billion-plus-takeover-offer-for-splunk-11644622277 勤業眾信資安科技暨鑑識分析中心再進化 https://money.udn.com/money/story/11799/6101320?from=edn_newestlist_cate_side 勤業眾信資安科技暨鑑識分析中心再進化提供ETSI EN 303 645認證服務助企業邁向國際 https://times.hinet.net/news/23756587 資安時代來臨勤業眾信搶商機 https://www.chinatimes.com/realtimenews/20220214004659-260410?chdtv 資安廠商 ESET 發表 2021 資安威脅報告 https://www.twcert.org.tw/tw/cp-104-5722-143d3-1.html 中華電信聯手 Palo Alto Networks，加速企業導入雲安全服務 https://technews.tw/2022/02/16/hicloud-palo-alto-networks/ 三大事業群齊發衝營運今年尚不推低軌道衛星服務 https://news.cnyes.com/news/id/4813826 Palo Alto Networks推出深度學習PAN-OS 10.2 Nebula https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9721 全景軟體助企業資安防護 https://reurl.cc/Rj2aOr 兼具隱私與數據價值去識別技術共創民眾與企業雙贏 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&cat=60&id=0000629376_L6V2X3IL8U7S6156K5N10 EndBlock推出全新的MDR服務平台 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=140&id=0000628455_HEM3ULMF67DSHL4VN65MD 台灣大哥大聘蔡祈岩擔任副總經理暨資訊長！曾任星展科技長、還是熱門遊戲開發者 https://www.bnext.com.tw/article/67673/taiwan-mobile-new-cio G.政府政院修法防核心關鍵技術外流　違者最高判12年徒刑 https://news.tvbs.com.tw/politics/1718129 高雄無人機表演連中南海都敲碗期待 https://www.storm.mg/article/4198031 「警界孔子」高哲翰認同蘇揆結合各部會齊心合力改善新型態科技犯罪 https://www.peopo.org/news/572711 調查局人事異動 11名新任副處長名單出爐 https://www.cna.com.tw/news/asoc/202202180263.aspx 政府強化資安阻禦中國網攻資安破口疑在台灣內部 https://living.taronews.tw/2022/02/14/812147/ H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 D-Link 設備 DI-7200GV2.E1 v21.04.09E1 被發現在函數 proxy_client.asp 中包含命令注入弱點 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46228 D-Link 設備 D-Link DIR-823-Pro v1.0.2 被發現在函數 SetStationSettings 中包含命令注入弱點 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46454 D-Link DIR-878 存在操作系統命令注入弱點 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-44880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-44882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-45998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-44881 Totolink 產品 A720R v4.1.5cu.470_B20200911 被發現在函數 setNoticeCfg 中存在堆記憶體溢出弱點 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-44246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-44247 Schneider Electric Easergy P3 存在緩衝區錯誤弱點 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22725 Schneider Electric Easergy P5 V01.401.101 (含)之前韌體版本存在緩衝區錯誤弱點 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22723 Schneider Electric Easergy 2020 (含)之前版本存在身分驗證弱點 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22727 Synology 產品 DiskStation Manager (DSM) 7.0.1-42218-2 (含)之前版本存在 SQL 注入弱點 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-43925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-43926 針對部分已終止支援的NAS設備，威聯通將提供重大安全更新至10月 https://reurl.cc/bkdM1y Jaguar Land Rover 與 NVIDIA 聯手　開發 AI 自動駕駛 + 2025年推出新車 https://unwire.hk/2022/02/17/jaguar-land-rover/fun-tech/ Critical Security Flaws Reported in Moxa MXview Network Management Software https://thehackernews.com/2022/02/critical-security-flaws-reported-in.html IT與OT加速匯流工業聯網資安威脅與日俱增 https://reurl.cc/9OWMaV 進入工廠資安領域，工控資安基本通識 http://ai-robot-stsp.tw/news/news_detail/641 眾至資訊OTS系列強化工業資安防護打造智造聯網安全 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000629114_uzs2ni3h0qyw2i5dlctca 臺廠工業級網管軟體存在重大漏洞，恐被攻擊者用於執行任意程式碼 https://www.claroty.com/2022/02/10/blog-research-securing-network-management-systems-moxa-mxview/ Google全託管機器學習平臺Vertex AI新功能，供用戶在本地端執行程式碼除錯 https://www.ithome.com.tw/news/149330 I.教育訓練網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works) https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html 【資安管理國際證照懶人包】學習心得、考試要點一次整理！2022 轉職夢幻工作看這篇 https://buzzorange.com/techorange/2021/12/30/isaca/ CISSP考試心得 – Benson https://reurl.cc/GbWvxd CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 110年新進人員「校園資訊安全講座」教材 https://cc.nccu.edu.tw/p/406-1001-740,r18.php 【訓練教材D】資訊安全技術教育訓練教材 https://iscb.nchu.edu.tw/2019/07/d.html 109資通安全管理法數位教育訓練 https://reurl.cc/ARlmqp 110-1初級資訊安全工程師-資訊安全管理概論 https://yamol.tw/exam.php?id=104050 中大信息工程學系栽培資訊科技領導人才 https://reurl.cc/ARZKDK 伊雲谷、中山大學產學合作累積雲端資安人才能量 https://ctee.com.tw/industrynews/technology/587459.html SANS Cyber Aces Online Tutorials https://tutorials.cyberaces.org/tutorials.html Free Online Cybersecurity Courses (MOOCs) https://www.cyberdegrees.org/resources/free-online-courses/ Develop Your Cybersecurity Skills https://www.cybrary.it/catalog/cybersecurity/ Mobile App Security https://www.cybrary.it/course/mobile-app-security/ Introduction to Cybersecurity https://reurl.cc/bnaj6d How to Tackle SaaS Security Misconfigurations https://thehackernews.com/2021/11/how-to-tackle-saas-security.html How to Build a Security Awareness Training Program that Yields Measurable Results https://thehackernews.com/2021/11/how-to-build-security-awareness.html Common Attacks https://choson.lifenet.com.tw/?p=1174 6.近期資安活動及研討會 Android Code Club(Taipei) 2022/2/23 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/283676461/ 台科大資訊安全研究社勒索軟體分析與逆向工程實務 2022/2/23 https://docs.google.com/forms/d/e/1FAIpQLSfEwnIQJ_ofXBUBZcUTGrBP5CZJQT27IUXWuCRrskvXtp1KpA/viewform SyntaxError 2022/2/23 https://www.meetup.com/pythonhug/events/283676488/ HackingThursday 黑客星期四 - Week meetup Taipei 固定聚會台北 2022/2/24 https://www.meetup.com/hackingthursday/events/283709899/ SDN x Cloud Native Meetup #45 2022/2/25 https://www.meetup.com/CloudNative-Taiwan/events/284093238/ 讀書會第三梯次申請（二月底截止）與 Solidity 子社團成立說明 2022/2/25 https://www.meetup.com/Taipei-Blockchain/events/283959317/ 資安新知科技研習課程-「資安鑑識課程-系列Ⅰ初級課程：資訊戰 & 資安攻防探究、操作與平臺」2022/2/25 https://docs.google.com/forms/d/1xcjbWS5S8zubz1NeGWAgCuq1VZ7RK7Whg356jIBuagM/viewform?edit_requested=true 資安新知科技研習課程-「資安鑑識課程-系列Ⅰ初級課程：元宇宙時代：資安時代發行虛擬貨幣與NFT 2022/3/4 https://docs.google.com/forms/d/1xTUMHW1yF6nIH7YsQVTpZXXMrn0wD9lovoqbmXHfBT4/viewform?edit_requested=true 科技、媒體、組織聯手共同防制不實訊息論壇 2022/3/11 https://acfd2019.kktix.cc/events/831e3194-copy-2 2022嘉藥反毒與資安機器人競賽 2022/3/12 https://reurl.cc/9OO7kj Flutter Festival Taipei 2022/3/16 https://www.meetup.com/Flutter-Taipei/events/283785315/ 國家高速網路與計算中心教育訓練「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/3/18 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3972&from_course_list_url=homepage OSCP 高階滲透測試精進班 2022-02-12~2022-03-20 https://college.itri.org.tw/course/all-events/35FC13F1-05A3-44CF-85B1-2D01B6F92632.html 風險導向資安稽核 2022/7/20 https://www.cisanet.org.tw/Course/Detail/2756