資安事件新聞週報 2021/5/3 ~ 2021/5/7

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2021/5/3 ~ 2021/5/7 1.重大弱點漏洞/後門/Exploit/Zero Day Pulse Connect Secure 9.0R3 / 9.1R1 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-22893 Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol https://labs.sentinelone.com/relaying-potatoes-dce-rpc-ntlm-relay-eop/ https://github.com/antonioCoco/RemotePotato0 PULSE SECURE設備存在安全漏洞(CVE-2021-22893~22894與CVE-2021-22899~22900)，允許攻擊者遠端執行任意程式碼，請儘速確認並進行更新 https://www.isda.org.tw/2021/05/05/9b3d7c9821f97596a142e527c0b6a914/ 多個駭客組織鎖定美國國防產業與全球政府機關之Pulse Connect Secure VPN裝置漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9213 Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks https://thehackernews.com/2021/04/hackers-exploit-sonicwall-zero-day-bug.html VMware vRealize Business for Cloud 遠程代碼執行漏洞（CVE-2021-21984） https://s.tencent.com/research/bsafe/1306.html Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack https://thehackernews.com/2021/05/critical-patch-out-for-month-old-pulse.html BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide https://thehackernews.com/2021/05/bios-privesc-bug-affects-hundreds-of.html Apple 修復 macOS 一個可跳過系統安全檢查，且已遭大規模濫用的 0-day 漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=12&aid=9199 watchOS 7.4.1 更新推出：修正 WebKit 漏洞，建議所有使用者安裝 https://aplus425.com/posts/3336 Cisco 近日發布更新以解決多個產品的安全性弱點 https://us-cert.cisa.gov/ncas/current-activity/2021/04/29/cisco-releases-security-updates-multiple-products Critical Flaws Hit Cisco SD-WAN vManage and HyperFlex Software https://thehackernews.com/2021/05/critical-flaws-hit-cisco-sd-wan-vmanage.html CVE-2021-1520 : Cisco RV34X Series – Privilege Escalation in vpnTimer https://www.iot-inspector.com/blog/advisory-cisco-rv34x-series-privilege-escalation-vpntimer/ New Qualcomm Chip Bug Could Let Hackers Spy On Android Devices https://thehackernews.com/2021/05/new-qualcomm-chip-bug-could-let-hackers.html New Spectre Flaws in Intel and AMD CPUs Affect Billions of Computers https://thehackernews.com/2021/05/new-spectre-flaws-in-intel-and-amd-cpus.html VMware Security Advisory VMSA-2021-0007 https://www.vmware.com/security/advisories/VMSA-2021-0007.html Cisco Security Advisories May 5 2021 https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2021%2F05%2F05&firstPublishedEndDate=2021%2F05%2F05&limit=50 ALERT — New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking https://thehackernews.com/2021/05/alert-new-21nails-exim-bugs-expose.html Multiple Vulnerabilities in Exim Disclosed https://www.exim.org/static/doc/security/CVE-2020-qualys/ https://www.qualys.com/2021/05/04/21nails/21nails.txt Xen Security Advisory XSA-370 https://xenbits.xen.org/xsa/advisory-370.html IBM QRadar SIEM Security Bulletins - May 2021 https://www.ibm.com/support/pages/node/6449662 https://www.ibm.com/support/pages/node/6449664 https://www.ibm.com/support/pages/node/6449668 https://www.ibm.com/support/pages/node/6449672 https://www.ibm.com/support/pages/node/6449674 https://www.ibm.com/support/pages/node/6449678 https://www.ibm.com/support/pages/node/6449682 https://www.ibm.com/support/pages/node/6449690 IBM Spectrum Protect Client 版本 8.1.0.0到 8.1.11.0 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-20532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-29672 2漏洞恐遭駭客利用！蘋果 iOS 14.5.1 更新釋出 https://www.jyes.com.tw/news.php?act=view&id=1621 隱藏於 Dell 電腦 12 年的安全漏洞被發現　影響超過 1 億台 PC https://www.newmobilelife.com/2021/05/05/dell-firmware-bug-fix-dsa-2021-088/ Apple Security Updates May 3 2021 - Exploitation in the Wild Reported https://support.apple.com/kb/HT201222 https://support.apple.com/en-us/HT212335 https://support.apple.com/en-us/HT212336 https://support.apple.com/en-us/HT212339 https://support.apple.com/en-us/HT212341 Apple Releases Urgent Security Patches For Zero‑Day Bugs Under Active Attacks https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html 已經有駭客入侵！Apple推出iOS 14.5.1更新版本，修正Safari的安全性漏洞問題 https://reurl.cc/xgRYAb 蘋果修補4個已遭開採的WebKit漏洞 https://www.ithome.com.tw/news/144180 Samba 存在安全性弱點 https://us-cert.cisa.gov/ncas/current-activity/2021/04/30/samba-releases-security-updates A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks https://thehackernews.com/2021/04/a-new-php-composer-bug-could-enable.html 微軟將從七月起徹底移除 Windows 10 系統自帶的 Adobe Flash Player https://reurl.cc/8ykry4 微軟相關系統的重要資訊安全訊息公告 https://it.nycu.edu.tw/news/6613/ 2.銀行/金融/保險/證券/支付系統/ 新聞及資安手機報稅「三免」超方便　掌握「三要」防駭客 https://www.cardu.com.tw/news/detail.php?43248 中華電：4月台灣DDoS攻擊月增近4倍金融保險業居冠 https://www.cna.com.tw/news/afe/202105070081.aspx 配偶合併報稅可否用手機？財政部解答網友4大疑問 https://www.cna.com.tw/news/firstnews/202105075013.aspx 台灣2021銀行論壇》國泰金控總經理李長庚：跨機構資安應分級認證 https://ec.ltn.com.tw/article/paper/1447128 超好玩華銀首創結合遊戲銀行APP https://times.hinet.net/news/23318541 金融資安行動方案發布9個月，金管會一次揭露最新執行成果與更多規畫細節 https://www.ithome.com.tw/news/144233 手機報稅免插卡、速度快！這「六種情況」不適用 https://reurl.cc/4yxkqV 手機報稅要防駭 KPMG提醒三免三要 https://money.udn.com/money/story/11994/5429472 駭客蠢蠢欲動，首次手機報稅小心主動獵殺、請君入甕攻擊 https://technews.tw/2021/05/03/kpmg-tax/ 加拿大卑詩學生貸款網站遭攻擊 https://www.epochtimes.com/b5/21/5/4/n12922976.htm 純網銀如何防範網路金融犯罪？樂天銀行總經理佐伯和彥揭露2大原則 https://www.ithome.com.tw/news/144184 IFRS 17發出限時令！產險數位轉型一次到位即刻啟動 https://udn.com/news/story/7238/5416070 Experian exposes credit scores through unprotected API https://siliconangle.com/2021/05/02/experian-exposes-credit-scores-unprotected-api/ 3.電子支付/行動支付/pay/資安美國紐約街泊支付軟體ParkMobile被駭2100萬用戶個資外洩 https://www.worldjournal.com/wj/story/121381/5432085 超過一半台灣人在用，電支市場有這兩大觀察！街口、Line Pay各自贏在哪 https://www.bnext.com.tw/article/62735/digital-payment-2021-march LINE Pay擴大燒錢、街口踩住煞車，台灣行動支付大戰下一步怎麼走 https://www.bnext.com.tw/article/62673/line-pay-jkos 用電子支付買罐飲料，財政部竟要索取所有個資隱私，合理嗎 https://www.inside.com.tw/article/23428-e-pay-data 市場規劃防疫動線電子支付減少接觸 https://reurl.cc/9ZldNO 靠60人IT團隊衝刺業務擴張，電子支付龍頭揭平臺化秘訣 https://www.ithome.com.tw/people/143882 日本大臣指鈔票恐致接觸感染籲用電子支付防疫 https://www.cna.com.tw/news/aopl/202105040224.aspx 星、泰電子支付平台連結用手機號碼可跨境轉帳 https://www.cna.com.tw/news/aopl/202104290200.aspx 閃退、掃不到…他批行動支付「排隊元凶」網：是人的問題 https://udn.com/news/story/7239/5420578 胡亦嘉爆粗話槓金管會嗆街口支付絕不改名 https://reurl.cc/ZQmR3l 4.加密貨幣/挖礦/區塊鍊/智能合約資安兩岸微流行／區塊鏈養豬機器人巡檢 https://udn.com/news/story/7332/5429120 BSC首現閃電貸攻擊／技術解析 Spartan Protocol 遭駭手法，造成 3 千萬美元損失 https://www.blocktempo.com/the-first-flash-loan-attack-occured-on-binance-smart-chain/ 虛擬貨幣成贖金新寵　歐洲央行籲必須全球監管 https://www.ctwant.com/article/115533 以太幣價格創新高引發挖礦熱潮外媒示警：顯卡短缺恐加劇 https://www.chinatimes.com/realtimenews/20210504006208-260410?chdtv 行政院內互踢皮球2年半　7大部會無人想管虛幣交易 https://www.ctwant.com/article/115534 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 勒索軟體猖獗，美國發起打擊勒索軟體任務小組 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9214 卡巴斯基發現疑似CIA工具 https://www.ithome.com.tw/news/144154 SonicWall SSL VPN設備漏洞被用於勒索軟體攻擊 https://www.ithome.com.tw/news/144166 New Chinese Malware Targeted Russia's Largest Nuclear Submarine Designer https://thehackernews.com/2021/05/new-chinese-malware-targeted-russias.html DC Metro Police Hit With Ransomware Attack https://www.infosecurity-magazine.com/news/ransomware-group-dc-cops-informant/ https://www.infosecurity-magazine.com/news/global-government-outsourcer-serco/ https://www.infosecurity-magazine.com/news/cyberattack-on-nba-team/ Ousaban (Javali) Brazilian Banking Trojan Now Steals Credentials from Popular Regional Email Services https://www.welivesecurity.com/2021/05/05/ousaban-private-photo-collection-hidden-cabinet/ https://seguranca-informatica.pt/latin-american-javali-trojan-weaponizing-avira-antivirus-legitimate-injector-to-implant-malware/#.YJQlvGZKjUI UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html Sysrv-Hello Cryptominer Botnet Expands its Infrastructure https://www.lacework.com/sysrv-hello-expands-infrastructure/ New Pingback Malware Using ICMP Tunneling to Evade C&C Detection https://thehackernews.com/2021/05/new-pingback-malware-using-icmp.html A Rust-based Buer Malware Variant Has Been Spotted in the Wild https://thehackernews.com/2021/05/a-new-buer-malware-variant-has-been.html Sophos : 亞太區平均勒索軟體復原成本一年暴增兩倍，且付錢無法了事 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=9197 求救 !!! QNAP-TS253B 受到駭客攻擊,NAS 被安裝了勒索軟件 https://forum.hkgolden.com/thread/7406124/page/1 New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations https://thehackernews.com/2021/05/new-stealthy-rootkit-infiltrated.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊高通 5G 晶片遭爆有安全漏洞！近 3 成手機 Android 恐有竊聽風險 https://3c.ltn.com.tw/news/44249 高通數據機晶片被曝嚴重安全漏洞，駭客可讀取大多Android用戶的簡訊以及語音通話 https://www.techbang.com/posts/86544-qualcomm-baseband-exposes-serious-security-vulnerabilities 禍從口出？聲音社交Clubhouse 爆紅背後的法律問題 https://udn.com/news/story/6877/5440281 駭客盛典「天府杯」陰謀：中國入侵 iPhone 祕密監控維吾爾族 https://technews.tw/2021/05/07/how-china-turned-a-prize-winning-iphone-hack-against-the-uyghurs/ 陸官方證實33款知名App存在資安疑慮百度、騰訊全上榜了 https://udn.com/news/story/11017/5439059 你中招沒？百度騰訊等33款App違法收集個資 https://www.secretchina.com/news/b5/2021/05/07/971006.html 「滴滴出行」來台被控引入中資女負責人一審判無罪 https://news.ltn.com.tw/news/society/breakingnews/3523203 中毒？iPhone妹好奇「點IG精選動態」下秒手機當掉崩潰 https://news.ebc.net.tw/news/living/259330 還敢用手機看謎片？當心裝置恐遭駭　個資外流還可能電話費暴漲 https://cnews.com.tw/134210503a03/ 6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS https://thehackernews.com/2021/05/6-unpatched-flaws-disclosed-in-remote.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件尋找資安女婕思嘉義女中奪全國亞軍 https://news.ltn.com.tw/news/life/breakingnews/3522001 企業採用5G專網就安全了嗎？專家告訴你哪裡不夠安全 https://times.hinet.net/news/23320019 資安「完美風暴」只會更多！台灣護國群山有4成待改進 https://finance.ettoday.net/news/1974064 豪撒2800萬想賺45億　國際駭客組織強攻護國神山群 https://www.ctwant.com/article/115531 駭客企業化時代來臨！政府、業界該如何協作，打造台灣「資安護國神山」 https://buzzorange.com/techorange/2021/05/04/taiwan-data-security-industry-development/ 多功能型SRE化身內部信心來源，天天成為開發團隊後盾 https://www.ithome.com.tw/news/144122 靠AIoT和5G邁向智慧校園，逢甲還要用雲端彈性化IT架構 https://www.ithome.com.tw/people/144118 F5: 超過2/3的API安全事件歸因於API端點不完整的身分認證和授權 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9202 虛擬修補為資安團隊爭取更多時間評估漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=9198 你找漏洞他勒贖　駭客分組夾殺展開「世上最瘋狂攻擊組織」 https://today.line.me/tw/v2/article/Je5L1q 幫派販毒開「西藥房」、「機房」撈金 https://udn.com/news/story/122146/5427440?from=udn-catebreaknews_ch2 是德科技推安全報告點名網路安全三大致命問題 https://turnnewsapp.com/livenews/tech/A05622002021050713255713 因應重大網攻發生頻率增加，專家建議資安曝險評估每一周至少要做一次 https://www.ithome.com.tw/news/144192 香港醫管局稱過去5年內部電郵系統受網絡電郵攻擊增逾一倍 https://reurl.cc/v5My5e 美國上市櫃公司投保資安險比例達8成以上 https://www.chinatimes.com/realtimenews/20210506001960-260410?chdtv 美國亞歷桑納州選票稽查被爆選票、筆電無人看管 https://www.worldjournal.com/wj/story/121172/5440667 美國防部：止戰重於參戰與中衝突不可取 https://www.chinatimes.com/newspapers/20210502000053-260303?chdtv 瑞典國防企業SAAB成為駭客及商業間諜的目標 https://reurl.cc/xgRYgz 比利時多個公部門遭到大規模 DDoS 攻陷 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9212 記者墳場! 葉門內戰6年逾300名記者喪生新聞自由度倒數 https://newtalk.tw/news/view/2021-05-07/570625 疑似中國駭客網釣滲透俄羅斯潛艇設計系統 https://www.ithome.com.tw/news/144165 中共盜竊技術自取其禍 https://hk.epochtimes.com/news/2021-05-02/87055747 NSA, FBI, DHS expose Russian intelligence hacking tradecraft https://www.cyberscoop.com/nsa-fbi-dhs-russian-hacking-svr-solarwinds-apt29-cozy-bear/ New Study Warns of Security Threats Linked to Recycled Phone Numbers https://thehackernews.com/2021/05/new-study-warns-of-security-threats.html Cost of Account Unlocks, and Password Resets Add Up https://thehackernews.com/2021/04/cost-of-account-unlocks-and-password.html 『竹南廠』資安工程師 http://www.104.com.tw/jb/104i/job/view?j=6wntn D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞 Whoscall Watchmen系統一小時內預警金融電訊詐騙 https://times.hinet.net/news/23314031 網路詐騙橫行，趨勢科技示警母親節三大騙局 https://ccc.technews.tw/2021/05/05/trend-micro-mothers-day-defraud/ 個資大外洩民眾缺乏求償意識資安險通報理賠不到10件 https://www.chinatimes.com/realtimenews/20210506001753-260410?chdtv 10 個最容易被冒用的品牌揭曉！小心一封 email 就把你的個資全洩漏 https://www.managertoday.com.tw/articles/view/62904 尚不為外界所知的全新駭侵組織發動新一波全球性釣魚攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9207 如何查詢您的資料是否已在網路上外洩 https://blog.twnic.tw/2021/05/06/18063/ 隱私意識抬頭！Google 跟進蘋果要求開發者揭露應用程式個資取用範圍 https://www.inside.com.tw/article/23429-new-safety-section-in-google-play 你的密碼一招打天下？為加強資安防護，Google 將強制採用雙重認證登入 https://www.inside.com.tw/article/23433-google-will-soon-make-two-factor-authentication-mandatory Google 帳號未來將自動啟動兩階段認證（如果符合條件的話） https://www.kocpc.com.tw/archives/382463 5月報稅季駭客活躍期資安專家：留意2大詐騙手法 https://www.chinatimes.com/realtimenews/20210501001365-260410?chdtv 來台隔離慘遭駭客詐騙！黃秋生喊靠北怒斥「王X蛋」 https://stars.udn.com/star/story/10091/5429839 誆誤買破萬餐券！？她使「十萬個為什麼」逼退詐騙集團 https://reurl.cc/Dv0N7m Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys https://thehackernews.com/2021/05/over-40-apps-with-more-than-100-million.html Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach https://thehackernews.com/2021/04/passwordstate-warns-of-ongoing-phishing.html E.研究報告 Google Apps Script 操作試算表資料庫防駭技巧﹍防止程式碼注入攻擊 https://www.wfublog.com/2021/05/google-apps-script-sheet-js-injection-protection.html Operation Muzabi: Phishing Target Reconnaissance and Attack Resource Analysis https://boho.or.kr/filedownload.do?attach_file_seq=2695&attach_file_id=EpF2695.pdf UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html The UNC2529 Triple Double: A Trifecta Phishing Campaign https://www.fireeye.com/blog/threat-research/2021/05/unc2529-triple-double-trifecta-phishing-campaign.html F.商業採用零信任安全的 Aruba ESP整合式基礎架構平台建構生態圈，超過150多種資安解決方案加入 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=9194 Check Point Harmony Endpoint 100%成功偵測MITRE ATT&CK攻擊手法 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9209 趨勢科技發表次世代ICS端點防護解決方案 https://www.techbang.com/posts/86451-trend-micro-releases-next-generation-ics-endpoint-protection 中華電攜手子公司中華資安國際，響應政府資安即國安2.0戰略 https://reurl.cc/jqAX8m 中菲行強化資安系統獲英國BSI認證 https://www.chinatimes.com/realtimenews/20210505001807-260410?chdtv 精誠首季獲利創同期新高展望未來營運樂觀 https://money.udn.com/money/story/5710/5436114 臺灣資安大會　精誠展示五大資安方案 https://ctee.com.tw/industrynews/technology/456146.html 涉資安風險騰訊與美磋商盼維持遊戲開發商持股 https://udn.com/news/story/7331/5437544 女星投身網路資安業　新加坡妙賺「疫外之財」 https://www.mirrormedia.mg/story/20210506ent008/ 思科Duo無密碼身份驗證提供更強的安全保護 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9211 強調安全節能自動化　通過NVIDIA認證新款PowerEdge　強打AI數據分析 https://www.netadmin.com.tw/netadmin/zh-tw/market/350F6C90C3DA4DBFA7A8658C4B520C47 遠傳攜數聯資安展出四大防護應用 https://money.udn.com/money/story/5612/5430198?from=edn_catenewest_story ZUSO 如梭世代組第一個專為企業安全量身打造的紅隊 https://money.udn.com/money/story/10860/5430671 奧義智慧揪5家技術夥伴推普惠資安願景 https://ec.ltn.com.tw/article/breakingnews/3521130 CYBERSEC 2021 奧義智慧以VR 虛擬實境大秀資安戰情室 https://ctee.com.tw/industrynews/technology/455050.html Gogolook 與奧義智慧聯手，Whoscall Watchmen 企業偽冒預警系統登場 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9190 G.政府企業遭駭客攻擊不再沒轍　政院將訂出快速通報機制 https://tw.appledaily.com/politics/20210505/A3A36MURMFGVLDRNQXVPP2VIFM/ 政院上修台灣資安產值 2025年可達800億 https://news.ltn.com.tw/news/politics/breakingnews/3522080 國發會：未來四年政府、民間投入83億元發展資安產業 https://www.chinatimes.com/realtimenews/20210505006222-260410?chdtv 總統宣示成立資安署網羅200資安高手 https://reurl.cc/2bnxbE 台中市警局成立「無人機隊」12台無人機　維安新利器 https://www.ftvnews.com.tw/news/detail/2021507C03M1 IT大臣唐鳳從立法院「跨足」到錄音室！為閃靈首開金口挑戰「說唱」台語 https://www.ftvnews.com.tw/news/detail/2021506W0269 AIT：美臺資安合作步伐一致，蔡英文：臺灣資安已是國際品牌 https://reurl.cc/V39GRZ 總統：打造世界級資安產業鏈 https://www.sinotrade.com.tw/richclub/news/609192aa63c4118638b3523c 台總統宣布2.0戰略將成立資安署 AIT處長出席相挺 https://reurl.cc/l01E46 立院初審通過成立數位發展部 https://www.chinatimes.com/realtimenews/20210505006262-260410?chdtv 先有個資保護專責機關，才有健全的數位發展 https://www.coolloud.org.tw/node/95651 智慧城市落漆！北市府7成APP下架 2100萬元建置費打水漂 https://news.ltn.com.tw/news/politics/breakingnews/3523356 北市府7成APP遭下架建置費達2173萬 https://news.ltn.com.tw/news/life/paper/1447245 劉櫂豪要求NCC 強化資安作為 https://news.ltn.com.tw/news/politics/paper/1447257 【開放外聘200人？】對「數位部」相關草案的幾點看法 https://tw.appledaily.com/forum/20210507/XLVWSNYRVNAMPCRJGW37ZI5JDM/ 台南市長黃偉哲呼應數位發展部落地台南前瞻數位國家發展 https://times.hinet.net/news/23320716 立院初審通過成立數位發展部 NCC擬新設網際網路事務處 https://cnews.com.tw/134210507a04/ 科技部資安暨智慧科技研發大樓開幕啟用 https://money.udn.com/money/story/10860/5416809 經濟部工業局推動資安產業自主能量臺灣資安館展現產業真實力 https://money.udn.com/money/story/11799/5431995 謝繼茂:中華電信動用500人力投入協助政府科技防疫 https://www.chinatimes.com/realtimenews/20210504000818-260410?chdtv 超扯法官！開庭狂遲到　要書記官「唬爛電腦有問題」被罰俸63萬 https://tw.appledaily.com/local/20210507/TFYBNE3JDNEHJKBD6NFK6724GQ/ H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車相關資安 ICS-CERT Advisories May 04 2021 https://us-cert.cisa.gov/ics/advisories/icsa-21-124-01 https://us-cert.cisa.gov/ics/advisories/icsa-21-124-02 數位轉型驅動台灣智慧製造面向資安新挑戰 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9201 捷而思提供IT/OT資安三要素: 機密性、完整性與可用性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9191 專為工業環境設計，趨勢科技發表原生OT端點防護TXOne StellarProtect https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9205 駭客攻擊愈加猖獗，趨勢呼籲製造業三步驟擴大資安戰備範圍 https://technews.tw/2021/05/03/it-ot/ 全面提升資安等級　研華推私有雲工業物聯網解決方案 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000609612_6sv7edqv054pli3mgp8cz 強化ICS工控網路安全 ShareTech推出專屬防護設備 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000608887_2ax9jtqu78nm9887fnv3n 安全女力成立專為數十億 IoT 裝置提供安全防護的新創公司 https://technews.tw/2021/05/04/thistle-startup-secure-billions-of-iot-devices/ 【有恆為 AI 成功之本】在 HR e 化中做到 AIoT 數位轉型的震旦雲 https://www.inside.com.tw/article/23313-aurora-ehr Microsoft Finds 'BadAlloc' Flaws Affecting Wide-Range of IoT and OT Devices https://thehackernews.com/2021/04/microsoft-finds-badalloc-flaws.html I.教育訓練 How Should the Service Desk Reset Passwords https://thehackernews.com/2021/05/how-should-service-desk-reset-passwords.html 應用程式開發安全(PDF) https://drive.google.com/open?id=1ALZxB3leysWqdbRYa0sI4gmnc11Sx9b8 網路安全管理(PDF) https://drive.google.com/open?id=1z10O4-Wo9HPfPXhH8kYyOMo201pP7qcI 實體安全與資安管理(PDF) https://drive.google.com/open?id=1OYFLHKPGFm9MWI-LBcEERCgXXVf-WAAM 惡意程式防護介紹(PDF) https://drive.google.com/open?id=1NAlRvwBjTqieakNa2eHRTyx2w80DxWpS 資安事件回應(PDF) https://drive.google.com/open?id=1-0KzuXQMHcJPflTqjTZ41M0mXucjUwqh 弱點管理與主機強固(PDF) https://drive.google.com/open?id=1DCQF74rRmy4P5ruoqOij-S95FqcUUy-V 社交工程&資訊安全教育訓練 https://bulletin.dyu.edu.tw/file/A0282/49880.pdf J.人工智慧/AI/ML/人臉辨識 ICC數位經濟委員會專家分享資安及AI成果 https://money.udn.com/money/story/5635/5441729 首度整合 AI 加速架構，英特爾第三代 Xeon 同時滿足效能與資安要求 https://buzzorange.com/techorange/2021/04/26/3rd-gen-xeon-processor/ 花蓮慈濟用一支App整合兩大醫院核心系統，更導入醫療專用AI框架Clara判讀PACS影像 https://www.ithome.com.tw/news/144151 6.近期資安活動及研討會塔羅牌與 UX 的火花 5/8 https://www.meetup.com/GDGTaipei/events/277707447/ 從Python到TensorFlow線上讀書會-二部曲(11) -決策樹 5/11 https://www.meetup.com/TensorFlow-User-Group-Taipei/events/274981288/ 【Flutter Night】0512 https://www.meetup.com/Flutter-Taipei/events/277647481/ SDN x Cloud Native Meetup #38 5/13 https://www.meetup.com/CloudNative-Taiwan/events/277643179/ OWASP Taiwan Meetup (May) 5/18 https://www.meetup.com/Taipei-OWASP-Meetup-Group/events/277773931/ 國家高速網路與計算中心教育訓練課程 TWCC容器運算服務實作基礎課程 5/19 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3951&from_course_list_url=homepage Why Self-Organization Matters For Scrum Teams 5/20 https://www.meetup.com/the-liberators-network-taiwan-user-group-taipei-taiwan/events/276003653/ 國家高速網路與計算中心教育訓練課程 TWCC HPC高速運算服務實作基礎課程 5/20 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3952&from_course_list_url=homepage 國家高速網路與計算中心教育訓練課程 TWCC 虛擬運算服務實作基礎課程 5/20 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3953&from_course_list_url=homepage 國家高速網路與計算中心教育訓練課程【資安專題講座】資安管理策略與威脅趨勢探討 5/20 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3949&from_course_list_url=homepage 國家高速網路與計算中心教育訓練「大數據程式開發平台(VM版本)」建置與開發實務課程 5/21 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3945&from_course_list_url=course_index 揭開數位面紗數據治理的挑戰座談 5/25 https://ctee.com.tw/industrynews/socialwelfare/456306.html 學生計算機年會 SITCON 2021 5/29 https://sitcon.org/2021/ TensorFlow Everywhere | From 0 to 1 6/10 https://www.meetup.com/TensorFlow-User-Group-Taipei/events/277170902/ 2021製造業資安論壇 6/10 https://docs.google.com/forms/d/e/1FAIpQLSeJEpc_ePmJGx2RO6hlSJQnmsFTzBT-2zkzjcnPHbdYS2UAhQ/viewform 行動應用APP安全檢測與實務(可抵內稽) 6/11 https://www.caa.org.tw/coursedetail-3515.html Maximize the Output, or Optimize the Outcome 6/24 https://www.meetup.com/the-liberators-network-taiwan-user-group-taipei-taiwan/events/276003947/ 【白帽駭客工坊】2021資安實務培訓課程 6/25 https://pttcareer.com/tech_job/M.1620115144.A.C05.html 國家高速網路與計算中心教育訓練【資安進階課程】實體滲透與手法研究 6/29 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3950&from_course_list_url=homepage Cyber Security Global Summit 21 6/29 ~ 6/30 https://cs.geekle.us/?utm_content=INFO_SEC_TIER2 元智資工夏令營-由programming邁入AI大數據與資安世界 7/15 ~ 7/17 https://cse-yzu.kktix.cc/events/yzcsapcs5 Cyber Defense Summit 2021 Oct. 4-7, 2021 https://summit.fireeye.com/