資安事件新聞週報 2022/10/31 ~ 2022/11/04

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/10/31 ~ 2022/11/04 1.重大弱點漏洞/後門/Exploit/Zero Day Juniper Networks修補網路設備的PHP存檔反序列化漏洞，恐被用於RCE攻擊 https://thehackernews.com/2022/10/high-severity-flaws-in-juniper-junos-os.html Apache XML Graphics Batik http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-42890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41704 apache flume http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-42468 Dell PowerScale OneFS http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-34439 f5 nginx http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3638 microsoft azure_command-line_interface http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39327 微軟針對開源軟體套件管理系統Vcpkg用戶提供OpenSSL修補指南 https://www.ithome.com.tw/news/154001 Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software https://thehackernews.com/2022/11/multiple-vulnerabilities-reported-in.html OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities https://thehackernews.com/2022/11/just-in-openssl-releases-patch-for-2.html 開源加密程式庫OpenSSL釋出3.0.7版，修補2個高風險漏洞 https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/ Researchers Disclose Details of Critical 'CosMiss' RCE Flaw Affecting Azure Cosmos DB https://thehackernews.com/2022/11/researchers-disclose-details-of.html Last Years Open Source - Tomorrow's Vulnerabilities https://thehackernews.com/2022/11/last-years-open-source-tomorrows.html Critical RCE Vulnerability Reported in ConnectWise Server Backup Solution https://thehackernews.com/2022/11/critical-rce-vulnerability-reported-in.html Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability https://thehackernews.com/2022/10/unofficial-patch-released-for-new.html GitHub Repojacking Bug Could've Allowed Attackers to Takeover Other Users' Repositories https://thehackernews.com/2022/10/github-repojacking-bug-couldve-allowed.html High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices https://thehackernews.com/2022/10/high-severity-flaws-in-juniper-junos-os.html IT基礎設施監控系統Checkmk存在重大漏洞 https://blog.sonarsource.com/checkmk-rce-chain-1/ Azure Cosmos資料庫被發現存在身分驗證漏洞，可被用於發動RCE攻擊 https://orca.security/resources/blog/cosmiss-vulnerability-azure-cosmos-db/ GitHub出現嚴重漏洞，攻擊者可透過重新命名挾持儲存庫 https://checkmarx.com/blog/attacking-the-software-supply-chain-with-a-simple-rename/ Google針對Chrome 107修補零時差漏洞CVE-2022-3723 https://www.bleepingcomputer.com/news/security/google-fixes-seventh-chrome-zero-day-exploited-in-attacks-this-year/ 備份解決方案業者ConnectWise修補重大漏洞，近5千臺伺服器恐受影響 https://www.bleepingcomputer.com/news/security/connectwise-fixes-rce-bug-exposing-thousands-of-servers-to-attacks/ 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安 OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa https://thehackernews.com/2022/11/researchers-detail-opera1er-apt-attacks.html These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets https://thehackernews.com/2022/10/these-dropper-apps-on-play-store.html 18家印度銀行客戶遭安卓惡意軟體Drinik盯上，假冒當地稅務機關進行網釣攻擊 https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/ 銀行開個資外洩大門？金管會將審視信用卡定型化契約 https://reurl.cc/X5WlER 富邦證完備資安機制奪金獎 https://ctee.com.tw/news/finance/748295.html 台新金攜調查局聯防資安 https://money.udn.com/money/story/5613/6732154?from=edn_subcatelist_cate 凱基期前後台資安風控領先同業 https://ctee.com.tw/news/futures/748124.html 南山首重保戶資安獲殊榮 https://reurl.cc/7jr3db 個資外洩銀行是幫兇？金管會將徹查3家業者 https://www.cardu.com.tw/news/detail.php?47459 想要簡單！國泰世華CUBE App速上手 https://times.hinet.net/news/24230554 國際金融科技落地高雄！國泰金控、AWS、高市府強強聯手，Fintech 浪潮如何結合港都發展 https://buzzorange.com/techorange/2022/11/02/aws-fintech-cathay-collaboration/ 富邦人壽獲工商時報數位金融獎-「數位資訊安全獎」、「數位創新獎」雙項肯定 https://reurl.cc/kqZLnb 美銀去年支付網路勒索金10億美元創歷史新高 https://reurl.cc/x1GEN4 金融資安實境演練　成大與永豐產學攜手強化資安人才培育 https://news-secr.ncku.edu.tw/p/405-1037-246337,c5934.php?Lang=zh-tw 第一銀行榮獲數位金融獎「數位資訊安全優質獎」 https://www.firstbank.com.tw/sites/fcb/zh_TW/1565696274859 銀行業搶國旅卡發行權 https://ctee.com.tw/news/finance/748217.html 金融科技展「元宇宙分行」超夯！　一文抓住公民營金控亮點 https://finance.ettoday.net/news/2368431#ixzz7jgPL0KJ9 3.電子支付/行動支付/pay/資安虛擬健保卡申請一次看！未來將納入手機錢包、串接街口、LINE Pay https://technews.tw/2022/11/01/virtual-health-card/ 將來銀行與全聯深化合作每7名存戶有就1人綁定全支付 https://reurl.cc/eWEmp7 中國信託以多元整合支付工具，助力中小商戶掌握每一筆交易商機 https://www.bnext.com.tw/article/72270/ctbcbank10.1 台新手機收款找發現　全支付綁帳戶有將來 https://www.cardu.com.tw/news/detail.php?47446 1857萬人使用電子支付，1-8月交易金額656億 https://money.udn.com/money/story/5613/6732695 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Deribit 熱錢包被盜！損失 2,800 萬美元、用戶資金不受影響 https://blockcast.it/2022/11/02/deribit-lost-28-million-in-a-hot-wallet-hack/ OKX CEO：將監控轉移進交易所的Deribit被盜資金 https://news.cnyes.com/news/id/4995492 去中心化 — 為交易取回私隱及話事權 https://www.edigest.hk/373067/?utm_campaign=ED_ContentCopy&utm_source=Web-inventory&utm_medium=Content-Copy_ED 區分中心化和去中心化，認識去中心化應用和好處 https://reurl.cc/YdOjjX 區塊鏈中隱藏的資安危機 https://www.owlting.com/news/articles/203581 ApeCoin DAO投票通過質押系統相關漏洞賞金計劃及特別委員會成員提名和選舉程序 https://news.cnyes.com/news/id/4996625 在中東地區使用加密貨幣進行數位支付的情況正在增加 https://www.trademag.org.tw/page/newsid1/?id=7871144&iz=6 BNB Chain 上pGALA合約遭到攻擊，導致GALA短時下跌超20% https://news.cnyes.com/news/id/4997639 慢霧：pGALA合約駭客已獲利430萬美元 https://news.cnyes.com/news/id/4998021 pNetwork擬重部署 pGALA、協同白帽至舊合約增發10億鎂；社群懼駭GALA暴跌33% https://www.blocktempo.com/gala-plunge-30-after-crypto-hack-fears/ 復盤pNetwork駭客攻擊事件，疑似自導自演 https://news.cnyes.com/news/id/4999021 Tangem Wallet：適合新手的 NFC 卡片冷錢包 https://reurl.cc/KXArXy 萬字詳解DeSci生態的現狀與發展 https://news.cnyes.com/news/id/4996233 CZ：Binance正在考慮收購銀行 https://news.cnyes.com/news/id/4996049 幣安趙長鵬：考慮收購銀行！加密貨幣與傳統金融界線為何變模糊 https://www.bnext.com.tw/article/72431/cz-goals-1104 區塊鏈中隱藏的資安危機 https://www.owlting.com/news/articles/203581 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 密碼管理器KeePass、SolarWinds網路效能監控工具、Veeam備份軟體成木馬程式RomCom冒用對象 https://www.bleepingcomputer.com/news/security/romcom-rat-malware-campaign-impersonates-keepass-solarwinds-npm-veeam/ 勒索軟體Black Basta疑與駭客組織FIN7有關，駭客使用專屬工具以規避EDR偵測 https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/ 德國馬牌輪胎集團傳出遭到勒索軟體LcokBit攻擊，駭客以公布外洩資料為恐嚇手段，企圖逼付贖金 https://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-attack-on-continental-automotive-giant/ 數十款Python套件暗藏資訊竊取程式 https://times.hinet.net/news/24233194 近30個PyPI套件被用於散布W4SP竊密軟體 https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack 法國國防安全科技集團Thales疑似遭勒索軟體LockBit 3.0攻擊，對方揚言11月7日將公布部分竊得資料 https://securityaffairs.co/wordpress/137955/cyber-crime/lockbit-3-0-thales.html 國防設備供應商Hensoldt法國子公司疑遭勒索軟體Snatch入侵，並公布部分竊得資料 https://cybernews.com/news/hensoldt-defense-contractor-ransomware/ 殭屍網路Emotet攻擊活動再度出現，利用回覆郵件來散布惡意Excel檔案 https://www.bleepingcomputer.com/news/security/emotet-botnet-starts-blasting-malware-again-after-5-month-break/ 數百個美國新聞網站遭到供應鏈攻擊，被用於散布惡意軟體SocGholish https://www.bleepingcomputer.com/news/security/hundreds-of-us-news-sites-push-malware-in-supply-chain-attack/ 間諜軟體SandStrike假借提供VPN的名義，攻擊特定宗教人士的安卓裝置 https://www.kaspersky.com/about/press-releases/2022_new-sandstrike-spyware-targets-android-users-with-booby-trapped-vpn-application 勒索軟體閰羅王背後的駭客組織很可能就是REvil https://www.itpro.co.uk/security/ransomware/369435/yanluowang-ransomware-leaks-suggest-pseudo-chinese-persona-revil-links 中國駭客APT10鎖定日本組織，以提供防毒軟體名義散布惡意軟體Lodeinfo https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-ii/107745/ 惡意軟體假借開源圖片編輯工具GIMP名義，透過Google廣告散布 https://www.bleepingcomputer.com/news/security/google-ad-for-gimporg-served-info-stealing-malware-via-lookalike-site/ 資料破壞軟體Azov Ransomware抗議西方國家對抗俄羅斯不力，扯謊宣稱自己是特定資安研究員與資安新聞媒體，意圖栽贓陷害 https://www.bleepingcomputer.com/news/security/new-azov-data-wiper-tries-to-frame-researchers-and-bleepingcomputer/ 美國舉行第二屆跨國反勒索軟體合作會議，今年共有37國、13企業參與 https://www.nextgov.com/emerging-tech/2022/10/white-house-kicks-second-international-counter-ransomware-initiative-summit/379113/ 美國白宮召開國際會議，共同對抗勒贖攻擊 https://www.twcert.org.tw/tw/cp-104-6676-bb7e9-1.html DDoS殭屍網路Fodcha捲土重來，攻擊規模達到Tbps等級，基礎設施變得更加隱密 https://blog.netlab.360.com/ddosmonster_the_return_of__fodcha_cn/ 北韓駭客Kimsuky鎖定南韓安卓用戶散布惡意軟體 https://medium.com/s2wblog/unveil-the-evolution-of-kimsuky-targeting-android-devices-with-newly-discovered-mobile-malware-280dae5a650f IIS伺服器竟被轉為駭客C2中繼伺服器！駭客組織UNC3524透過IIS伺服器事件記錄機制遙控惡意軟體 https://www.peoplenews.tw/articles/5f8b568f47 駭客組織藉由蠕蟲程式Raspberry Robin來植入勒索軟體Clop https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/ 惡意程式下載器被上架到Google Play市集，用來散布金融木馬 https://www.threatfabric.com/blogs/the-attack-of-the-droppers 美去年下半通報793起勒贖軟體攻擊 3/4與俄有關 https://news.ltn.com.tw/news/world/breakingnews/4110026 Researchers Detail New Malware Campaign Targeting Indian Government Employees https://thehackernews.com/2022/11/researchers-detail-new-malware-campaign.html RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom https://blogs.blackberry.com/en/2022/11/romcom-spoofing-solarwinds-keepass https://blogs.blackberry.com/en/2022/10/unattributed-romcom-threat-actor-spoofing-popular-apps-now-hits-ukrainian-militaries Fodcha Is Coming Back, Raising A Wave of Ransom DDoS https://blog.netlab.360.com/fodcha-is-coming-back-with-rddos/ Banking Trojan Techniques: Financially Motivated Malware https://unit42.paloaltonetworks.com/banking-trojan-techniques/ Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT https://thehackernews.com/2022/11/hackers-using-rogue-versions-of-keepass.html Inside Raccoon Stealer V2 https://thehackernews.com/2022/11/inside-raccoon-stealer-v2.html Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware https://thehackernews.com/2022/11/chinese-hackers-using-new-stealthy.html Fodcha DDoS Botnet Resurfaces with New Capabilities https://thehackernews.com/2022/10/fodcha-ddos-botnet-resurfaces-with-new.html 製造業的勒索軟體支付費用是所有行業最高，平均破200萬美元 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10147 Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers https://thehackernews.com/2022/11/researchers-find-links-bw-black-basta.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊惡意安卓App上架Google Play市集，已被下載逾百萬次 https://www.malwarebytes.com/blog/news/2022/11/malware-on-the-google-play-store-leads-to-harmful-phishing-sites These Android Apps with a Million Play Store Installations Redirect Users to Malicious Sites https://thehackernews.com/2022/11/these-android-apps-with-million-play.html Experts Warn of SandStrike Android Spyware Infecting Devices via Malicious VPN App https://thehackernews.com/2022/11/experts-warn-of-sandstrike-android.html 三星應用程式市集漏洞恐被用於安裝惡意程式 https://ssd-disclosure.com/ssd-advisory-galaxy-store-applications-installation-launching-without-user-interaction/ 三星Galaxy Store App漏洞能讓用戶手機被安裝惡意程式 https://times.hinet.net/news/24230266 Samsung Galaxy Store Bug Could've Let Hackers Secretly Install Apps on Targeted Devices https://thehackernews.com/2022/10/samsung-galaxy-store-bug-couldve-let.html 惡意安卓App上架Google Play市集，已被下載逾百萬次 https://www.malwarebytes.com/blog/news/2022/11/malware-on-the-google-play-store-leads-to-harmful-phishing-sites 蘋果對新舊版系統平臺漏洞修補並未採取對等重視態度，並對此提出解釋 https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/ 蘋果成立全新安全研究網站，公布新的裝置研究專案 https://www.ithome.com.tw/news/153919 蘋果表明只對最新版作業系統修補所有漏洞 https://www.ithome.com.tw/news/153911 憂TikTok用戶資料直通北京　美FCC資深委員要求政府禁用 https://www.upmedia.mg/news_info.php?Type=3&SerialNo=157985 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 LycoReco咖啡廳推特遭駭客入侵 https://www.ptt.cc/bbs/C_Chat/M.1667379060.A.EC5.html 淚灑網課...多次遭駭客入侵言語侮辱陸女師課後猝死家中 https://reurl.cc/KXArxp 美國新聞業遭遇大規模供應鏈攻擊：數百家報紙網站被植入後門 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10163 微軟為驗證碼產生器加入防範多因素驗證疲勞的功能 https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/advanced-microsoft-authenticator-security-features-are-now/ba-p/2365673 南韓高官手機遭北韓駭客攻擊 https://www.ptt.cc/bbs/IA/M.1460903640.A.FE2.html 歐洲最大銅製品工廠 Aurubis 遭駭，IT 系統下線以防損害擴大 https://www.twcert.org.tw/tw/cp-104-6674-f46bc-1.html 波蘭衛生部為醫院網路安全投入超過 2.6 億波幣資金 https://www.trade.gov.tw/Pages/Detail.aspx?nodeID=45&pid=752344 美國為軟體供應商提出供應鏈安全指南 https://www.bleepingcomputer.com/news/security/nsa-shares-supply-chain-security-tips-for-software-suppliers/ 德國銅供應商Aurubis遭到網路攻擊，被迫關閉IT系統 https://www.bleepingcomputer.com/news/security/largest-eu-copper-producer-aurubis-suffers-cyberattack-it-outage/ 智利大型天文臺ALMA遭到網路攻擊，被迫停止營運 https://www.bleepingcomputer.com/news/security/alma-observatory-shuts-down-operations-due-to-a-cyberattack/ 非洲企業遭駭客組織Opera1er入侵，盜走1,100萬美元 https://www.group-ib.com/resources/threat-research/opera1er.html 美國財政部傳出遭親俄駭客組織Killnet攻擊 https://www.reuters.com/world/us-treasury-targeted-by-russian-hacker-group-last-month-official-2022-11-01/ 國安威脅抽象美各州與鄉鎮仍在買中國資訊設備 https://udn.com/news/story/6813/6735936 抽象國安威脅不敵現實俗擱大碗美國地方機構仍大買中國大陸資訊設備 https://reurl.cc/nZo5E1 新加坡採用新技術使監管機構與私營部門合作，保護用戶免受駭客攻擊 https://news.cnyes.com/news/id/4998300 Researchers Uncover Stealthy Techniques Used by Cranefly Espionage Hackers https://thehackernews.com/2022/10/researchers-uncover-stealthy-techniques.html 【徵才/實習】中國信託商業銀行 2023資訊科技企業實習計畫 https://im100.chihlee.edu.tw/p/406-1037-97510,r110.php 資安工程師(台中南屯區) https://www.104.com.tw/job/7sucf D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全年初虛擬實境業者愛實境營業秘密外洩案宣告偵破，確定是前技術長竊取關鍵技術，帶槍投靠光禾感知 https://www.cna.com.tw/news/asoc/202211030336.aspx 駭客組織Crimson Kingsnake假冒法律事務所發動BEC攻擊 https://abnormalsecurity.com/blog/crimson-kingsnake-bec-group-attacks 電信業者Vodafone義大利分公司傳出資料外洩，起因是經銷商遭駭 https://www.bleepingcomputer.com/news/security/vodafone-italy-discloses-data-breach-after-reseller-hacked/ 網站分析引擎Urlscan的API曝露敏感資料 https://positive.security/blog/urlscan-data-leaks 線上影音平臺Amazon Prime伺服器未受保護，曝露用戶觀看習慣 https://www.hackread.com/amazon-prime-video-viewing-habits 陸軍將考題放上網路，疑將自主研發武器「蜂眼雷達」參數外洩 https://www.chinatimes.com/realtimenews/20221101002651-260407 澳洲國防部人員疑似即時通訊內容外洩，暴露的對話記錄多達數萬筆，起因是承包商遭到網路攻擊 https://www.theguardian.com/technology/2022/oct/31/cyber-attack-on-australian-defence-contractor-may-have-exposed-private-communications-between-adf-members 紐西蘭航空遭到帳號填充攻擊，疑部分旅客帳號被挾持 https://www.stuff.co.nz/business/130310228/air-nz-faces-cyber-breach-multiple-accounts-compromised 570組網路存取帳密流入黑市兜售，總價達400萬美元 https://ke-la.com/wp-content/uploads/2022/10/KELA-RESEARCH_Ransomware-Victims-and-Network-Access-Sales-in-Q3-2022.pdf 美國教育業者Chegg近年外洩4次用戶資料，FTC強制要求加強資料保護 https://www.ftc.gov/news-events/news/press-releases/2022/10/ftc-brings-action-against-ed-tech-provider-chegg-careless-security-exposed-personal-data-millions AWS EC2工作負載遭到鎖定，駭客企圖竊取相關憑證 https://www.trendmicro.com/en_us/research/22/j/threat-actors-target-aws-ec2-workloads-to-steal-credentials.html 針對駭客兜售全臺戶政資料，內政部、數發部否認戶政系統遭駭 https://news.pts.org.tw/article/606929 New TikTok Privacy Policy Confirms Chinese Staff Can Access European Users' Data https://thehackernews.com/2022/11/new-tiktok-privacy-policy-confirms.html 雲端檔案存取服務業者Dropbox傳出130個GitHub儲存庫外洩事故，起因是員工遭到網釣攻擊 https://dropbox.tech/security/a-recent-phishing-campaign-targeting-dropbox Dropbox Breach: Hackers Unauthorizedly Accessed 130 GitHub Source Code Repositories https://thehackernews.com/2022/11/dropbox-breach-hackers-unauthorizedly.html Twilio Reveals Another Breach from the Same Hackers Behind the August Hack https://thehackernews.com/2022/10/twilio-reveals-another-breach-from-same.html 線上購物要小心　調查：貨運業者DHL最常被冒用 https://www.ettoday.net/news/20221103/2372015.htm#ixzz7jgGM8Isz 藏匿於破解軟體中的NullMixer會竊取使用者的支付資訊 https://reurl.cc/91r5pn 美國期中選舉倒數專家憂TikTok假消息滿天飛 https://www.cna.com.tw/news/aopl/202211040237.aspx 國立教育廣播電臺【新聞真假掰】中國「天眼」滲透臺灣！「貼牌」陸製監視器遍布台灣街頭，隱私全都露？新科技越炫越好「賣」 https://tfc-taiwan.org.tw/articles/8395 網傳圖卡「馬政府執政8年負債累累，蔡政府幫忙還債，年年有盈餘」 https://tfc-taiwan.org.tw/articles/8389 E.研究報告/工具從防火牆到零信任：防火牆防不住了！數位信任架構為何成為新世代資安關鍵字 https://buzzorange.com/techorange/2022/11/04/cyber-security-2/ 資安的零信任觀念如何應用在現實環境中 https://www.ycrc.edu.tw/note_file/%E8%B3%87%E5%AE%89%E7%9A%84%E9%9B%B6%E4%BF%A1%E4%BB%BB%E8%A7%80%E5%BF%B5%E5%A6%82%E4%BD%95%E6%87%89%E7%94%A8%E5%9C%A8%E7%8F%BE%E5%AF%A6%E7%92%B0%E5%A2%83%E4%B8%AD.pdf Why Identity & Access Management Governance is a Core Part of Your SaaS Security https://thehackernews.com/2022/11/why-identity-access-management.html Tips for Choosing a Pentesting Company https://thehackernews.com/2022/10/tips-for-choosing-pentesting-company.html Cloud Security Made Simple in New Guidebook For Lean Teams https://thehackernews.com/2022/10/cloud-security-made-simple-in-new.html How to Create a Telegram Bot Using Python — Making $300 Per Month https://medium.com/illumination/how-to-create-a-telegram-bot-using-python-making-300-per-month-cf80d0693bb5 F.商業多家市場研究公司指出，未來十年工業資安防護市場將大幅成長 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10148 生物辨識將可能成為元宇宙的資安罩門 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10146 Check Point Quantum Titan 以人工智慧驅動地端、雲端及物聯網進階威脅防禦 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10145 微軟 Hackathon 2022 激盪創新應用，賦能產業數位轉型 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10150 Acronis 任命璩偉擔任大中華區總經理 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10151 SaaS應用安全業者Valence Security完成2,500萬美元的A輪增資 https://www.ithome.com.tw/news/153920 從「駭客肥羊」走向資安公司！果核數位打造App防護服務，帶台灣打世界盃 https://meet.bnext.com.tw/articles/view/49670? 睽違9年ISO27001轉版，保華資安首曝光轉版重點，這些禁忌不要犯! https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10157 G.政府 Google首邀媒體談分潤立委：平臺應派決策層級出席 https://reurl.cc/eWEmEb 工研院剖析智慧工廠零信任策略，提出多層次防護構想 https://times.hinet.net/news/24232765 虛擬幣洗錢跳板犯罪盛行　政院挹8.4億給警政署培訓科技刑警 https://www.ettoday.net/news/20221103/2372472.htm#ixzz7jgIN2HI4 警政署因應科技犯罪 5年將花8億多充實警察機關科技裝備、培訓人才 https://news.ltn.com.tw/news/society/breakingnews/4111270 IPAC訪團拜會數位部唐鳳分享台灣防疫協作經驗 https://udn.com/news/story/7238/6734861?from=udn-ch1_breaknews-1-cate6-news 美FCC委員將與台官員會談聚焦5G與資安等議題 https://www.chinatimes.com/realtimenews/20221103001333-260408?chdtv 唐鳳部長接見「對華政策跨國議會聯盟」　分享我國協作防疫經驗 https://moda.gov.tw/press/press-releases/2981 中鋼公司與法務部調查局簽署「資通安全聯防、營業秘密保護與情資分享」合作備忘錄 https://n.yam.com/Article/20221103922514 唐鳳出席歐盟未來網際網路宣言高階會議分享公益創新經驗 https://ctee.com.tw/livenews/gj/ctee/a11608002022110310362881 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 dlink dir-816_firmware http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-42998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-43000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-43001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-43002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-43003 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-42999 tenda ax1803_firmware http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40875 70%以上網攻始於端點設備！大世科整合端點安全防護讓混合工作模式下更安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10139 物聯網時代的15堂資安基礎必修課 https://www.bookwalker.com.tw/product/150964 Your OT Is No Longer Isolated: Act Fast to Protect It https://thehackernews.com/2022/11/your-ot-is-no-longer-isolated-act-fast.html CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software https://thehackernews.com/2022/11/cisa-warns-of-critical-vulnerabilities.html I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 我國網路資安狂被駭監委申請自動調查 https://www.chinatimes.com/realtimenews/20220810003152-260407?chdtv 6.近期資安活動及研討會 Just a chat - with no Expectations 2022/11/5 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/289145290/ 資訊安全發展趨勢| 數位社會與資訊安全 - 董監事系列認證課程 2022/11/5 https://www.accupass.com/event/2208120843261385349231 【智慧金融之法律衝擊】2022第五屆人工智慧與法律國際學術研討會一場AI與法律的國際思辨 2022/11/6 https://www.accupass.com/event/2208200841451255423351 Python 考照班 Week10 + Hugging Face-Summarization + layers.Conv2dTranspose 2022/11/8 https://www.meetup.com/tensorflow-user-group-taipei/events/288305052/ 【物聯網智造基地】主題課程-資通訊產品申請安規認證眉角 2022/11/9 https://www.accupass.com/event/2210190835404365866590 【資安講堂】『資安？知安！』系列研討會 2022/11/10 ~ 2022/11/24 https://www.accupass.com/event/2210250909372099074796 醫療產業跨域資安人力高峰論壇 2022/11/11 https://isipevent.kktix.cc/events/f2ce8bcc-copy-1 TWCERT/CC 2022 台灣資安通報年會 2022/11/15 https://twcert.informationsecurity.com.tw/2022_annual_meeting.htm 微軟 DevDays Asia 2022 亞太技術年會 2022/11/15 ~ 2022/11/17 https://news.microsoft.com/zh-tw/devdays-asia-2022/ 【資安系列講座】資訊系統漏洞經驗談 2022/11/16 https://hackersir.kktix.cc/events/20221116-vulnerability 【2022 BSI 國際永續標準管理年會】國際標準×永續金融共構ESG生態系 2022/11/17 https://www.accupass.com/event/2209140617181466847268 行動應用APP 安全檢測（APK/IPA）2022-11-18 09:00 ~ 2022-11-18 12:00 https://www.cisanet.org.tw/Course/Detail/2865 【資安講堂】雲端攻防戰！企業資安人才計劃全面啟動 2022/11/18 https://www.accupass.com/event/2210180843504199134720 Taipei dbt Meetup #7 (in-person 👫 & online 👨‍💻)2022/11/19 https://www.meetup.com/taipei-dbt-meetup/events/288207892/ 物聯網安全高峰論壇 2022/12/6 https://www.mem.com.tw/event/web%20test/index.html ICS 2022 WORKSHOP PROGRAM -「Ubiquitous Cybersecurity and Forensics」 2022/12/15 ~ 2022/12/17 https://ics2022.esam.io/ 一日駭客x網路弱點滲透 2022/12/17 https://www.accupass.com/event/2210270652481821159224 TANET 2022 WORKSHOP PROGRAM -「第二屆數位鑑識、醫療私密與網駭安全」 2022/12/15 ~ 2022/12/17 https://tanet2022.esam.io/