資安事件新聞週報 2022/5/23 ~ 2022/5/27

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/5/23 ~ 2022/5/27 1.重大弱點漏洞/後門/Exploit/Zero Day Critical 'Pantsdown' BMC Vulnerability Affects QCT Servers Used in Data Centers https://thehackernews.com/2022/05/critical-pantsdown-bmc-vulnerability.html 雲達修補存在3年的伺服器BMC韌體漏洞Pantsdown https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/ Google：Cytrox開採5個零時差漏洞以植入Predator間諜程式 https://www.ithome.com.tw/news/151066 思科修補的IOS XR路由器作業系統軟體零時差漏洞，已出現攻擊行動 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK Zyxel修補防火牆、無線基地臺、AP控制器漏洞 https://www.zyxel.com/tw/zh/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others) https://unit42.paloaltonetworks.com/cve-2022-22954-vmware-vulnerabilities/ Security bulletin: Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities https://www.ibm.com/support/pages/node/6589581?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E Security bulletin: Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/6589583?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E IBM QRadar SIEM and Apache log4j version 1 usage https://www.ibm.com/support/pages/node/6561889?myns=swgother&mynp=OCSSBQAC&mynp=OCSSKMKU&mync=E&cm_sp=swgother-_-OCSSBQAC-OCSSKMKU-_-E Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched https://thehackernews.com/2022/05/tails-os-users-advised-not-to-use-tor.html 「火狐」用戶注意！Firefox 推出緊急更新修漏洞 https://3c.ltn.com.tw/news/49299 Mozilla 修復於 Pwn2Own 大賽中遭發現的 Firefox、Thunderbird 0-day 漏洞 https://www.twcert.org.tw/tw/cp-104-6167-fe6b8-1.html Firefox修補惡意JavaScript執行的重大漏洞（CVE-2022-1802 、CVE-2022-1529） https://www.klcg.gov.tw/tw/education/3522-255498.html 漏洞挖掘競賽Pwn2Own溫哥華賽事落幕，參賽者找出Windows 11、Ubuntu、特斯拉汽車漏洞 https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安台新人壽強化資安獲PIMS認證 https://www.smartcpa.tw/news/content/4BFDA667ED1895CFB24499EEDC0FDE4E 證券商資安作業說明 https://reurl.cc/anx40D 我見我思－防制詐騙應列入金融業ESG重要項目 https://reurl.cc/Yv301O 銀行公會理事長雷仲達呼聲高 https://wantrich.chinatimes.com/news/20220527900030-420101 每天查戶頭也被盜提未接OTP逾萬元被轉走 https://reurl.cc/OAmjv3 金控祭高薪獵人頭高階資安警爆出走潮 https://reurl.cc/vdL621 萬事達卡推臉部辨識付款安全隱憂再成話題 https://reurl.cc/7DV7XD 趁刷卡消費側錄內碼 KTV計時人員涉盜刷 https://reurl.cc/8o90Gy 一機在手輕鬆報稅列舉扣除也適用 https://times.hinet.net/news/23936836 3.電子支付/行動支付/pay/資安 New Unpatched Bug Could Let Attackers Steal Money from PayPal Users https://thehackernews.com/2022/05/paypal-pays-hacker-200000-for.html PayPal漏洞可被駭客用於點擊劫持攻擊，挾持用戶帳號與金錢 https://reurl.cc/ZAN9OW 台灣的支付、銀行APP要我在手機上裝防毒軟體，真有用嗎 https://www.bnext.com.tw/article/69226/appsec-mobile-security-antivirus-cell-phone-ios-android 綠色行動支付好享學元大銀攜一卡通MONEY推無現金校園 https://udn.com/news/story/7239/6342359 LINE Pay App 迎來更新！舊版 5/31 將退場，想用一卡通支付要從 LINE 錢包開啟才行 https://agirls.aotter.net/post/60761 偽卡綁Apple Pay行動支付　至咖啡連鎖門市盜刷換現金 https://www.mirrormedia.mg/story/20220518soc004/ 瑞典人在台見「這現象」直呼落後網嘆：國情不同 https://fnc.ebc.net.tw/fncnews/life/150897 LINE Pay App 1.2.0 更新釋出：優化 3 大付款功能，付款體驗更佳 https://www.kocpc.com.tw/archives/442357 Pi拍錢包推出BNPL服務，最高上限五萬元！看PChome的金融科技野心 https://www.bnext.com.tw/article/69335/pi-bnpl 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約資安重振LUNA幣有望？Terra 2.0 新區塊鏈將上線 https://www.techbang.com/posts/96662-community-passpass-the-new-terra-blockchain-will-go-live-on 虛幣老手錢包被盜、黑客一晚拋售41顆以太幣：千祈唔好做呢個動作！ https://www.edigest.hk/353928/?utm_campaign=ED_ContentCopy&utm_source=Web-inventory&utm_medium=Content-Copy_ED SpaceX 發射首顆加密衛星 Crypto1，Cryptosat 創辦人：駭客很難攻擊 https://technews.tw/2022/05/27/cryptosat-and-spacex-launch-first-encrypted-satellite/ 嚴防駭客！SpaceX發射首顆加密貨幣衛星Crypto1 https://times.hinet.net/news/23937298 元宇宙與NFT大勢來襲淺析NFT交易風險與糾紛 https://reurl.cc/9Gn4qa 無聊猿應用爭議｜新加坡男子為借貸上法院、演員Seth Green使用版權拍節目後被盜 https://news.cnyes.com/news/id/4879661 錢包被盜了該怎麼辦 https://vocus.cc/article/6289a1a0fd89780001d45fdc Beeple推特賬號攻擊者竊取43.8萬美元的加密貨幣和NFT https://news.cnyes.com/news/id/4877197 DeFi駭客識別與激勵協議Lossless將於5月26日部署至Avalanche https://news.cnyes.com/news/id/4878196?exp=a BTC&ETH因為資金問題繼續與納指偏離流通量枯竭繼續加重 https://reurl.cc/rDY6o4 在一次駭客攻擊中29個Moonbirds NFT被盜，損失達150萬美元 https://news.cnyes.com/news/id/4878428 沒有結局的故事，MetaMask用戶遇駭損失41顆以太幣，苦思仍不知被駭原因 https://www.abmedia.io/20220526-metamask-wallets-got-hacked-and-drained Lunaray安全團隊正式推出安全賞金服務 https://news.cnyes.com/news/id/4877710 Pizza Hut必勝客聯名設計CoolWallet Pro冷錢包組合開箱動手玩 https://zeekmagazine.com/archives/173053 三箭資本地址轉出13,435枚ETH至Bitmex https://news.cnyes.com/news/id/4879719 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Sysrv-K 殭屍網路以 Windows、Linux 為目標 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9866 全球勒索軟體攻擊年增14%！ Check Point Software推全新反勒索軟體中心 https://reurl.cc/g2YDEV 攻擊者以提供Windows 11更新的名義散布竊密軟體Vidar https://www.zscaler.com/blogs/security-research/vidar-distributed-through-backdoored-windows-11-downloads-and-abusing 印度廉價航空SpiceJet遭勒索軟體攻擊，導致航班延誤起飛 https://www.bleepingcomputer.com/news/security/spicejet-airline-passengers-stranded-after-ransomware-attack/ 史上「最奇耙」勒索軟體現蹤！開條件「解3任務」取代贖金才解鎖文件 https://3c.ltn.com.tw/news/49327 劫富濟貧？以慈善之名道德勒索被攻擊者？勒索軟體GoodWill要求受害者向貧民捐輸，以換取解密金鑰 https://cloudsek.com/threatintelligence/goodwill-ransomware-forces-victims-to-donate-to-the-poor-and-provides-financial-assistance-to-patients-in-need/ 電腦中毒了怎麼辦?有何症狀?如何預防? https://blog.trendmicro.com.tw/?p=72258 Linux勒索軟體Cheerscrypt鎖定VMware ESXi而來 https://www.trendmicro.com/en_us/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html 後門程式BPFDoor利用Solaris漏洞取得root權限 https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/ Conti關門大吉、化身成數個新勒索軟體 https://www.ithome.com.tw/news/151058 勒索軟體Conti停止營運，駭客成立多個組織，另起爐灶 https://www.advintel.io/post/discontinued-the-end-of-conti-s-brand-marks-new-chapter-for-cybercrime-landscape 研究人員警告小心夾帶惡意Word檔的PDF https://www.ithome.com.tw/news/151069 攻擊者利用PDF檔案散布惡意程式Snake Keylogger https://threatresearch.ext.hp.com/pdf-malware-is-not-yet-dead/ TeamT5於亞洲黑帽安全大會發布最新研究 https://www.techbang.com/posts/96365-teamt5-releases-latest-research-at-black-hat-asia 臺灣資安業者TeamT5於黑帽大會上揭露新的中國木馬程式 https://www.blackhat.com/asia-22/briefings/schedule/#the-next-gen-plugxshadowpad-a-dive-into-the-emerging-china-nexus-modular-trojan-pangolinrat-25950 惡意PyPI套件pymafka對Windows、macOS、Linux電腦下手 https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux 網路間諜公司在2021年利用5個零時差漏洞對安卓手機植入惡意軟體 https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/ 別以為概念性驗證程式不會對電腦造成危害！有駭客用來散布惡意軟體 https://blog.cyble.com/2022/05/20/malware-campaign-targets-infosec-community-threat-actor-uses-fake-proof-of-concept-to-deliver-cobalt-strike-beacon/ 駭客釋出惡意Windows概念性驗證攻擊程式，企圖感染資安社群 https://www.ithome.com.tw/news/151093 俄羅斯駭客Sandworm利用惡意軟體Arguepatch變種，投放作案工具 https://www.welivesecurity.com/2022/05/20/sandworm-ukraine-new-version-arguepatch-malware-loader/ 鎖定Linux主機的殭屍網路病毒Mirai變種顯著增加 https://www.crowdstrike.com/blog/linux-mirai-malware-double-on-stronger-chips/ Android 系統曝零日漏洞遭駭利用散播惡意間諜軟體！Google發出警告 https://3c.ltn.com.tw/news/49283 New malware Campaign delivers Android RAT https://blog.cyble.com/2022/05/26/new-malware-campaign-delivers-android-rat Grandoreiro Banking Malware Resurfaces for Tax Season https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/grandoreiro-banking-malware-resurfaces-for-tax-season/ SocGholish Campaigns and Initial Access Kit https://medium.com/walmartglobaltech/socgholish-campaigns-and-initial-access-kit-4c4283fea8ee Use of Obfuscated Beacons in ‘pymafka’ Supply Chain Attack Signals a New Trend in macOS Attack TTPs https://www.sentinelone.com/labs/use-of-obfuscated-beacons-in-pymafka-supply-chain-attack-signals-a-new-trend-in-macos-attack-ttps/ Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/ Emotet Botnet Rises Again https://www.bitsight.com/blog/emotet-botnet-rises-again https://github.com/bitsight-research/threat_research/blob/main/emotet/emotet.csv ERMAC Back In Action https://reurl.cc/n1YDoe PDF Malware Is Not Yet Dead https://threatresearch.ext.hp.com/pdf-malware-is-not-yet-dead/ TURLA’s new phishing-based reconnaissance campaign in Eastern Europe https://blog.sekoia.io/turla-new-phishing-campaign-eastern-europe/ New Nokoyawa Variant Catching Up to Peers with Blatant Code Reuse https://www.fortinet.com/blog/threat-research/nokoyawa-variant-catching-up ctx Python Library Updated with "Extra" Features https://isc.sans.edu/diary/rss/28678 Yashma Ransomware, Tracing the Chaos Family Tree https://blogs.blackberry.com/en/2022/05/yashma-ransomware-tracing-the-chaos-family-tree Spoofed Saudi Purchase Order Drops GuLoader https://www.fortinet.com/blog/threat-research/spoofed-saudi-purchase-order-drops-guloader Experts Warn of Rise in ChromeLoader Malware Hijacking Users' Browsers https://thehackernews.com/2022/05/experts-warn-of-rise-in-chromeloader.html Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities https://thehackernews.com/2022/05/hackers-increasingly-using-browser.html Researchers Find New Malware Attacks Targeting Russian Government Entities https://thehackernews.com/2022/05/researchers-find-new-malware-attacks.html New Chaos Ransomware Builder Variant "Yashma" Discovered in the Wild https://thehackernews.com/2022/05/new-chaos-ransomware-builder-variant.html Conti Ransomware Operation Shut Down After Splitting into Smaller Groups https://thehackernews.com/2022/05/conti-ransomware-gang-shut-down-after.html Microsoft Warns of Web Skimmers Mimicking Google Analytics and Meta Pixel Code https://thehackernews.com/2022/05/microsoft-warns-of-web-skimmers.html Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns https://thehackernews.com/2022/05/fronton-russian-iot-botnet-designed-to.html Researchers Find Backdoor in School Management Plugin for WordPress https://thehackernews.com/2022/05/researchers-find-backdoor-in-school.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊美國新法擬讓iPhone開放「側載」！蘋果反彈：恐危害隱私 https://reurl.cc/p1Y6V4 知道你在哪，讓我心安還是更不安？使用定位app的台灣年輕人 https://theinitium.com/article/20220526-taiwan-zenly/ Zoom修補可讓攻擊者任意傳送訊息的漏洞 https://www.ithome.com.tw/news/151131 資安疑慮美參議員擬法案禁止蘋果等應用程式接受數位人民幣支付 https://ec.ltn.com.tw/article/breakingnews/3941174 高通8+ Gen 1問世　這些手機將搭載、特色搶先看 https://www.setn.com/News.aspx?NewsID=1119780 引進低軌衛星服務中華電：2023年有希望 https://newtalk.tw/news/view/2022-05-27/761774 「電信平民化」立意甚佳　資訊安全防護萬不可輕忽製造業自建5G專網　小心資安風險隨之而來 https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/1FE918FBE28845ADAEBE9F6F1154B867 手機鍵盤「預測字詞」功能完美重現助記詞，資安從業者籲清除緩存、關閉預測功能 https://news.cnyes.com/news/id/4877354 駭客利用零日漏洞攻擊安卓用戶　Google示警注意「短網址」 https://www.ettoday.net/news/20220524/2258163.htm 專偷帳密個資！Facestealer 惡意軟體挾著 200 款 App 再度圍攻 Google Play Store https://technews.tw/2022/05/22/delete-these-android-apps-before-they-steal-your-facebook-password-and-crypto/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 SpaceX星鏈全球用戶突破40萬擬擴展服務｜財經100秒 https://reurl.cc/e3kDRQ WEF聚焦綠能.加密.資安分析台自保關鍵 https://reurl.cc/9Gn49a 她用膠帶封電腦鏡頭保隱私一票網友認同「防駭客遠端操控」 https://udn.com/news/story/7086/6339698 零時差漏洞遭濫用數量再創新高，Mandiant認為間諜駭客、中國最常這麼做 https://reurl.cc/OAmjzX 111 家公司年底前要有CISO、資安部門！除了懂技術，資安人才需要什麼本事 https://today.line.me/tw/v2/article/9mDOomK 微博微信強制標註IP屬地意外催生灰色產業 https://reurl.cc/6ZqQNd 駭客入侵智慧農業勒索高額贖金 https://news.pchome.com.tw/living/awakening/20220522/index-16532049409819943009.html 俄羅斯駭客Killnet攻擊義大利政府多個機關的網站 https://www.infosecurity-magazine.com/news/pro-russian-hackers-italy/ 俄羅斯駭客Turla對愛沙尼亞、奧地利進行偵察 https://blog.sekoia.io/turla-new-phishing-campaign-eastern-europe/ 加拿大數家醫院數據庫遭駭客入侵 https://gnews.org/zh-hant/2609299/ 中資收購英最大晶片廠「心好累」！英政府出大絕：交易完成一年可回溯取消 https://technews.tw/2022/05/26/nexperia-newport-wafer-fab/ 這公司有做戰機雷達系統！中資收購英最大晶片廠英政府：將展開國安調查 https://newtalk.tw/news/view/2022-05-26/760739 軍工產業神祕面紗5》伊諾瓦加密晶片技術被相中意外成了美軍祕密夥伴 https://www.wealth.com.tw/articles/570d9e5c-e038-4114-8373-2e4b7c0cdfda 「提升整體作戰優勢」五角大廈攜手商用衛星公司強化情蒐 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1504304&type=vision 新成立中資公司購入安225機殘骸購買瓦良格號航母情境翻版 https://reurl.cc/NAxy9m 美國務院澄清拜登「保衛台灣」言論：台灣感謝美方重申承諾，中國舉行軍演警告美台 https://www.storm.mg/article/4351209 令人震驚檔德人權專家:撕開了北京宣傳的外衣 https://www.secretchina.com/news/b5/2022/05/27/1007498.html 駭客侵入中國政府內網，竊取「新疆警方檔案」！大量「再教育營」細節流出，學者研判「習近平知情且直接介入」 https://toutiaoqushi.com/archives/115948 新疆警察｢不需教師爺頤指氣使｣中國急安排習近平與聯合國專員對話 https://newtalk.tw/news/view/2022-05-26/760688 黑客成功解密中共反人類罪證 5000像照片流出 https://lihkg.com/thread/3016235/page/1 「新疆警察檔案」揭露維吾爾集中營的恐怖：留鬍子會被關、逃跑的人可以開槍打死 https://www.thenewslens.com/article/167308 海量新疆警局文件被駭陳全國下槍決令 https://www.secretchina.com/news/b5/2022/05/25/1007370.html 習下令打壓新疆維族殘暴鐵證被駭出 https://news.ltn.com.tw/news/world/paper/1519405 一名駭客潛入新疆再教育營，揭露真實情況：反抗者可擊斃 https://news.discuss.com.hk/viewthread.php?tid=30594364 中方駁新疆警察文件「造謠說謊」外媒事實查核打臉了 https://news.ltn.com.tw/news/world/breakingnews/3941014 【拍案驚奇】想多幹幾年這麼難習麻煩不斷 https://www.epochtimes.com/b5/22/5/25/n13745170.htm 新疆警察檔案外洩震驚世界德總理：不該忽視中國迫害人權 https://news.ltn.com.tw/news/world/breakingnews/3940592 中國軍事學者指俄國出兵理由站不住腳微信速刪 https://money.udn.com/money/story/5603/6332375 笑裡藏刀中共駭客利用俄烏戰爭對俄下手 https://reurl.cc/6ZqQ7M 美國司法部表明不會控訴研究資安技術與漏洞的白帽駭客行為 https://reurl.cc/e3kdXb 外國網路攻擊日增！普丁：強化俄 IT 資安，將降低使用他國軟硬設備 https://www.inside.com.tw/article/27770-putin-warns-cyber-aggression-against-russia-promises-security-shakeup 北韓駭客隱瞞身分求職，美國政府警告僱主或需面臨法律制裁 https://technews.tw/2022/05/24/u-s-warns-against-inadvertently-hiring-north-korean-it-workers/ 北韓駭客曝光！靠1招偷遍全球機密全被拿去做這件事 https://wantrich.chinatimes.com/news/20220524900362-420101 美、南韓合作對抗北韓網路攻擊 https://times.hinet.net/topic/23930775 中國駭客間諜全球入侵 http://www.ksnews.com.tw/index.php/news/contents_page/0001608766 提防中國剽竊！日本要求大學加強對留學生背景審查 https://news.ltn.com.tw/news/world/breakingnews/3936835 歐洲第二版資安指令NIS 2即將發布，更多重要中大型產業納入規範 https://www.ithome.com.tw/news/151044 Chinese "Twisted Panda" Hackers Caught Spying on Russian Defense Institutes https://thehackernews.com/2022/05/chinese-twisted-panda-hackers-caught.html 資安產品FAE工程師 https://www.104.com.tw/job/7lc5v?jobsource=job_same_b 【運維】資訊安全工程師 https://www.104.com.tw/job/7lna1?jobsource=jolist_a_relevance 資安工程師 https://www.104.com.tw/job/7naxx 資安主管(內湖) https://www.104.com.tw/job/7n8bo 醫療資訊室(資訊組)院聘資訊工程師(資安) https://www.1111.com.tw/job/98791075/ 資訊安全工程師 https://www.linkedin.com/jobs/view/%E8%B3%87%E8%A8%8A%E5%AE%89%E5%85%A8%E5%B7%A5%E7%A8%8B%E5%B8%AB-at-%E9%9B%84%E7%8D%85%E8%B3%87%E8%A8%8A%E7%A7%91%E6%8A%80%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8-3085773477/?originalSubdomain=tw 資訊安全分析師(初/中/高)級 Security Analyst (T1/T2/T3) https://www.104.com.tw/job/79u7l?jobsource=jolist_c_date 【諮詢服務】資安架構/技術顧問 - Staff Level https://www.104.com.tw/job/7n6wp 資安工程師（台南） https://www.yourator.co/companies/freedom/jobs/24279 PChome 釋出上百職缺，招聘 3 大核心領域 AI 專才 https://technews.tw/2022/05/23/pchome-2022-recruitment-plan/ 中華電信大招募集團徵才逾2,000人 https://money.udn.com/money/story/5612/6345968?from=edn_newest_index D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 FTC控Twitter以誤導資訊取得用戶電話號碼最終結果出爐 https://udn.com/news/story/7086/6343555 中國駭客發起多次釣魚郵件攻擊，意圖對俄羅斯散布木馬程式 https://blog.malwarebytes.com/malwarebytes-news/2022/05/unknown-apt-group-has-targeted-russia-repeatedly-since-ukraine-invasion/ 心血險付諸流水！頻道遭盜深夜放送「吸金詐片」　他自嘲：好險粉絲少 https://www.ftvnews.com.tw/news/detail/2022527W0204 熊熊10年臉書帳號被盜！怒譙駭客：真的有病 https://today.line.me/tw/v2/article/ZaEPME7 美國通用汽車顧客發生個人資料遭竊事件，約 5,000 人個資外洩 https://www.twcert.org.tw/tw/cp-104-6168-59e74-1.html 美高梅度假村外洩1.4億筆資料出現在Telegram頻道供人下載 https://www.vpnmentor.com/blog/mgm-leaked-on-telegram/ 【錯誤】網傳「美海軍研究所雜誌《議事錄》5月刊載一篇文章，作者鼓吹大陸收台時，美軍應當對台灣進行轟炸、破壞！讓大陸花錢重建。台灣媒體徹底封鎖這新聞」 https://tfc-taiwan.org.tw/articles/7588 【錯誤】網傳新聞影片「日本的核廢水要運到台灣來，民進黨官員說可以喝，這是什麼政府」 https://tfc-taiwan.org.tw/articles/7583 一支手機偷走我的人生｜電信商變詐騙破口！全球每年恐被偷走1.4兆 https://www.businessweekly.com.tw/focus/indep/6007336 數字藝術家Beeple推特帳戶疑似遭遇駭客攻擊，置頂釣魚鏈接 https://news.cnyes.com/news/id/4876980 Apple、Google 和 Microsoft 聯手擴大支援無密碼登入，打造更安全的網路世界 https://reurl.cc/p1Y56x 通訊部週日也上班？曾繁翀機警揭詐騙電話 https://reurl.cc/QLaZg0 俄烏戰爭也可騙？假警政署長簽名英文公文　詐3500英鎊 https://www.setn.com/News.aspx?NewsID=1119447 清境民宿旅客個資遭盜　資安專家接到詐騙電話 https://reurl.cc/loY78A 小心DeepFake詐騙！加密貨幣平台冒名馬斯克進行宣傳 https://times.hinet.net/news/23931066 Interpol Arrests Leader of SilverTerrier Cybercrime Gang Behind BEC Attacks https://thehackernews.com/2022/05/interpol-arrest-leader-of-silverterrier.html How Secrets Lurking in Source Code Lead to Major Breaches https://thehackernews.com/2022/05/how-secrets-lurking-in-source-code-lead.html Learn How Hackers Can Hijack Your Online Accounts Even Before You Create Them https://thehackernews.com/2022/05/learn-how-hackers-can-hijack-your.html SIM-based Authentication Aims to Transform Device Binding Security to End Phishing https://thehackernews.com/2022/05/sim-based-authentication-aims-to.html E.研究報告/工具 CVE-2022-26923：Active Directory網域權限提升漏洞修補分析 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9870 Sophos 揭密流動性挖礦 CryptoCrime 的手法 https://www.docutek.com.tw/newsDetail.php?id=460 用K8s解決維運負擔 https://www.netadmin.com.tw/netadmin/zh-tw/market/99E5FDED4C274E4EBAE14E568E50D055 CentOS7.6下快速部署k8s https://pccicblog.wordpress.com/2022/05/27/centos7-6%E4%B8%8B%E5%BF%AB%E9%80%9F%E9%83%A8%E7%BD%B2k8s/ Lapsus$ 教會我的兩件事 https://hennge.com/tw/blog/two-lessons-lapsus$-taught-us.html John the Ripper (JTR) 密碼暴力破解工具 https://hackercat.org/hacker-tools/john-the-ripper Python駭客攻防（十三）構建SSH殭屍網路 https://tw.pythontechworld.com/article/detail/s47CXgBXi2Zd 掌握數據等同掌控未來？解構數據時代關鍵職位，資料科學家、分析師成未來趨勢！ https://buzzorange.com/techorange/2022/05/23/become-a-data-scientist/ 資安學習路上-滲透測試實務2 https://ithelp.ithome.com.tw/articles/10285284?sc=rss.qu 資安學習路上-滲透測試實務3 https://www.potatomedia.co/post/8494b9fa-56a9-47d0-818b-81f9bd0b147a Kali Linux 升級跟版本確認 https://amingosec.blog/kali-linux-upgrade-and-check-version/ An overview of Threat Intelligence in Cybersecurity https://4noobies.medium.com/an-overview-of-threat-intelligence-in-cybersecurity-f48ecf37c323 Flutter best practices for Improve Performance https://inficial.medium.com/flutter-best-practices-for-improve-performance-7e21e14efebb Edge Computing Security: Device Attestation Through A Certificate Hierarchy Approach https://medium.com/the-edge-of-things/edge-computing-security-device-attestation-through-a-certificate-hierarchy-approach-b7a5846c7d80 Developing a Money-Making Telegram Bot on Python. Part 1 https://medium.com/codex/developing-a-money-making-telegram-bot-on-python-pt-1-a19fae54d3f How to make real money with Python and YouTube https://medium.com/geekculture/how-to-make-real-money-with-python-and-youtube-494bb34ca9ac rajini++: The Superstar Programming Language https://towardsdatascience.com/rajini-the-superstar-programming-language-db5187f2cc71 Configuring Elasticsearch Cross Cluster Search(CCS) https://medium.com/orion-innovation-turkey/elasticsearch-cross-cluster-search-ba75825332b0 Hacking Smart Contracts: Beginners Guide https://learn.block6.tech/hacking-smart-contracts-beginners-guide-9c84e9de7194 5 Cool Python 3.10 Features https://medium.com/@gilharomri/5-cool-python-3-10-features-c0003d8fb218 The Email Scam That Nearly Worked On Me https://clivethompson.medium.com/the-email-scam-that-nearly-worked-on-me-ade645bd90bc Web3 learning platforms — Earn While You Learn https://medium.com/@itsrakesh/web3-learning-platforms-earn-while-you-learn-b158d1ca3115 How I became a Web3 dev in just 7 days and got my first 8000$ Web3 contract https://blog.cryptostars.is/how-i-became-a-web3-dev-in-just-7-days-and-got-my-first-8000-web3-contract-8f554bcb5352 Chat App System Design https://medium.com/@BalajiSA/whatsapp-system-design-3d8566bb2e6c Kotlin — Delegate Properties to Validate Value of Your Class https://randy-arba.medium.com/kotlin-delegate-properties-to-validate-value-of-your-class-431ab976b787 How Your Metamask Got Hacked (Probably) https://medium.com/coinmonks/how-your-metamask-got-hacked-probably-795abca4534a How Object Recognition Is Revolutionizing the CCTV Camera industry https://medium.com/visionary-hub/how-object-recognition-is-revolutionizing-the-cctv-camera-industry-250ade3659f7 $1000: How I could have Hack any account and become a billionaire overnight👑Top Crypto-Trading Platform https://infosecwriteups.com/1000-how-i-could-have-hack-any-account-and-become-a-billionaire-overnight-top-crypto-trading-ff0e25b6013c SQL Injection in Harvard’s Subdomain https://medium.com/pentesternepal/sql-injection-in-harvards-subdomain-c3148f8be156 Mobile App Development Frameworks For 2022 https://medium.com/@salmaali2515/mobile-app-development-frameworks-for-2022-5b7b6469f3b5 10 Python Automation Scripts for Your Daily Problems https://python.plainenglish.io/10-python-automation-scripts-for-your-daily-problems-aefb502969e2 The Added Dangers Privileged Accounts Pose to Your Active Directory https://thehackernews.com/2022/05/the-added-dangers-privileged-accounts.html Malware Analysis: Trickbot https://thehackernews.com/2022/05/malware-analysis-trickbot.html F.商業 Palo Alto Networks呼籲採用零信任、零例外 ZTNA 2.0 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9864 芬-安全企業版發佈全新品牌 WithSecure 「唯思安全」 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9873 突圍雲地資安風險，AWS提三大混合雲防護關鍵 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9863 震撼彈！博通以610億美元收購雲端運算業者VMware，創晶片業最大的購併案 https://www.bnext.com.tw/article/69500/broadcom-to-accquire-vmware-comfirmed-2022 微軟放緩部分招聘，因經濟不確定性增加 https://reurl.cc/o1Y73Q 看好台灣AI技術日本DDS宣布與奧義智慧合作 https://ctee.com.tw/industrynews/technology/649407.html 臺灣AI技術成資安險利器日本Digital Data Solution與奧義智慧展開策略合作 https://turnnewsapp.com/livenews/tech/A07657002022052610171349 中華資安國際獲首屆Best Choice Award資安服務獎 https://www.taiwannews.com.tw/ch/news/4551485 Adobe 剖析 CIO 如何透過「超級自動化」增強體驗 https://technews.tw/2022/05/26/adobe-cio/ 智慧客服委外廠商程曦資訊今登戰略新板 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=d20ab4b1-2d40-4769-8165-371e11c84316 精誠資訊：今年聚焦自有雲應用生態平台 https://news.cnyes.com/news/id/4879606 聯電新加坡新廠動工 30年土地租金約9.54億元 https://www.1111.com.tw/news/jobns/145763 中華資安國際榮獲CIO Taiwan「傑出品牌」獎 https://www.chtsecurity.com/news/5cf5489e-77fa-4c40-bbff-803d0e749522 已知漏洞才是遭駭大宗，【TOPIA漏洞管理解決方案】協助企業有效率修補漏洞，阻止可能的資安攻擊 https://reurl.cc/M0zy7m 安碁搶當政府資安守門人　施宣輝邀李紀珠當獨董 https://www.mirrormedia.mg/story/20220527fin005/ 遠程工作資安風險增 NordVPN 保障企業數據安全 https://www.businessweekly.com.tw/business/indep/1002408 芬-安全企業版發佈全新品牌WithSecure 並以「唯思安全」為品牌中文命名 http://n.yam.com/Article/20220522300124 VMware Carbon Black _害怕勒索病毒？眾多駭客攻擊手法如何防禦？端點安全沒有Total Solution https://www.sysage.com.tw/news/products/339 基於Snapdragon XR2平台，Qualcomm推出更輕薄的擴增實境裝置參考設計 https://mashdigi.com/qualcomm-introduces-thinner-augmented-reality-device-reference-design-based-on-snapdragon-xr2-platform/ 助企業24小時抓網路害蟲！美國資安公司Arctic Wolf Networks估值飆破1263億 https://today.line.me/tw/v2/article/eLV76MO G.政府調查局清流雙月刊NO.37節錄(期別111年1月)：生活中的資安 https://www.mjib.gov.tw/eBooks/eBooks_Detail?CID=3&BookID=2065 國家資通安全科技中心公有財產管理使用收益辦法 https://law.moj.gov.tw/LawClass/LawAll.aspx?pcode=H0160062&kw=%E5%85%AC%E6%9C%89%E8%B2%A1%E7%94%A2 誰任數發部長？行政院：還未確定 https://reurl.cc/yrA7Va 郭耀煌准辭回校任教政院：暫無內閣異動規劃 https://www.rti.org.tw/news/view/id/2134041 郭耀煌月底歸建成功大學政委人事將全面規畫 https://www.cna.com.tw/news/aipl/202205260249.aspx 數據應用研發中心啟用運用5G發展三網 https://www.epochtimes.com/b5/22/5/26/n13745877.htm NCC擴大列管！OTT專法草案出爐 Netflix、Line TV也在內 https://news.ebc.net.tw/news/living/319250 資安人才招募困難立委促法務部研議提升專業加給 https://www.rti.org.tw/news/view/id/2133669 網路犯罪日趨嚴重立委促增加資安人員人才誘因 https://www.chinatimes.com/realtimenews/20220523002463-260407?chdtv 學者：政府資安外部稽核權力應交由監察院行使 https://www.cna.com.tw/news/aipl/202205230103.aspx 台學者：防侵害數位人權資安稽核應由監院執行 https://www.epochtimes.com/b5/22/5/23/n13743647.htm 國安法重罰重大軍品採購不法行為學者：產生嚇阻力 https://news.ltn.com.tw/news/politics/paper/1518469 唐鳳出手更新居隔單系統　侯友宜：終於看到中央有動作 https://news.housefun.com.tw/news/article/171588335809.html 李德財：俄烏戰爭烏克蘭的作為值得台灣借鏡 https://www.wealth.com.tw/articles/a6307acc-4015-4b18-81fa-098ff6a05bcf 最高檢查賄中心今掛牌嚴查虛擬貨幣、遊戲點數、行動支付賄選 https://reurl.cc/NAx4ak H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room https://thehackernews.com/2022/05/lumos-system-can-find-hidden-cameras.html IT 與 OT 資安的融合挑戰 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9871 智慧醫材的網路安全風險評估8大重點 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9867 AI數據分析改寫維運監控 https://www.netadmin.com.tw/netadmin/zh-tw/market/26FB9DE5B65544D0A9368DAAFB411D30 物聯網與工控設備資料自動化處理平臺OAS重大漏洞恐造成資訊洩露、服務停擺 https://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-platform.html Silicon Labs實現物聯網人工智慧邊緣應用 https://www.ctimes.com.tw/DispNews/tw/%E8%97%8D%E7%89%99/Silicon-Labs/%E8%97%8D%E8%8A%BD/BlueTooth/2205251817AZ.shtml 瞄準資訊安全大趨勢打造工廠製造業數位轉型新場景 https://reurl.cc/x936Z5 車用資訊娛樂系統元件恐成駭客遠端鎖定目標 https://www.sinotrade.com.tw/richclub/news/628f3a8d30569fe1ee86baea 半導體業成勒索病毒頭號目標！做好快照加備份降低停機損失 https://www.inside.com.tw/article/27757-ransom-ware 以邊緣AI實現低成本IoT終端節點 https://www.eettaiwan.com/20220523ta71-artificial-intelligence-on-the-edge/ 運用微分段、虛擬補丁及白名單管控捍衛工控環境零信任資安 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=16&id=0000635865_FHO7IJY97W1IQJ4BDAKGK 迎向AI產業化浪潮資安與資料運用成為當前兩大課題 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=41&id=0000635905_D3ELM41BLS31S369IOQLT 全球供應鏈波動大，新創公司用AI預測風險，降低時局干擾搶商機 https://reurl.cc/Lmn6ox 2022年人工智慧五大趨勢　HPC/自動化/醫療帶旺AI https://www.mem.com.tw/2022%E5%B9%B4%E4%BA%BA%E5%B7%A5%E6%99%BA%E6%85%A7%E4%BA%94%E5%A4%A7%E8%B6%A8%E5%8B%A2%E3%80%80hpc-%E8%87%AA%E5%8B%95%E5%8C%96-%E9%86%AB%E7%99%82%E5%B8%B6%E6%97%BAai/ I.教育訓練物聯網時代的15堂資安基礎必修課 (Practical Iot Hacking: The Definitive Guide to Attacking the Internet of Things) https://www.tenlong.com.tw/products/9786263241756?list_name=p-r-zh_tw 中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班：全面招生中 https://www.cs.nycu.edu.tw/announcements/detail/8778 2022「證券期貨資訊安全實務養成課程」即日起開始報名 https://www.sfi.org.tw/news/news-7/3589 網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works) https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html 【資安管理國際證照懶人包】學習心得、考試要點一次整理！2022 轉職夢幻工作看這篇 https://buzzorange.com/techorange/2021/12/30/isaca/ CISSP考試心得 – Benson https://reurl.cc/GbWvxd CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 110年新進人員「校園資訊安全講座」教材 https://cc.nccu.edu.tw/p/406-1001-740,r18.php 【訓練教材D】資訊安全技術教育訓練教材 https://iscb.nchu.edu.tw/2019/07/d.html 109資通安全管理法數位教育訓練 https://reurl.cc/ARlmqp 110-1初級資訊安全工程師-資訊安全管理概論 https://yamol.tw/exam.php?id=104050 中大信息工程學系栽培資訊科技領導人才 https://reurl.cc/ARZKDK 伊雲谷、中山大學產學合作累積雲端資安人才能量 https://ctee.com.tw/industrynews/technology/587459.html SANS Cyber Aces Online Tutorials https://tutorials.cyberaces.org/tutorials.html Free Online Cybersecurity Courses (MOOCs) https://www.cyberdegrees.org/resources/free-online-courses/ Develop Your Cybersecurity Skills https://www.cybrary.it/catalog/cybersecurity/ Mobile App Security https://www.cybrary.it/course/mobile-app-security/ Introduction to Cybersecurity https://reurl.cc/bnaj6d How to Tackle SaaS Security Misconfigurations https://thehackernews.com/2021/11/how-to-tackle-saas-security.html How to Build a Security Awareness Training Program that Yields Measurable Results https://thehackernews.com/2021/11/how-to-build-security-awareness.html Common Attacks https://choson.lifenet.com.tw/?p=1174 資安學習路上-滲透測試實務4 https://www.potatomedia.co/post/4191e744-64f3-4d33-af69-e3591adc2ed0 6.近期資安活動及研討會駭客奪旗攻防演練：金融資安人才養成專班(第1期) 2022/04/28~2022/06/09 https://www.tabf.org.tw/CourseDetail.aspx?PID=487750 【公益資訊安全講座】－【非營利組織的個資與資安防護觀念建立】 2022/06/01 https://taiwanngo.tw/Post/81845 經濟部工業局沙崙資安服務基地 - 零信任(Zero Trust)-從意識到行動的資安防護變革 2022/6/2 https://www.accupass.com/event/2205240207565477386890 HITCON FreeTalk 2022 - 烏俄網路戰 & CTF 經驗分享 2022/6/6 https://hitcon.kktix.cc/events/hitcon-freetalk-2022 經濟部工業局沙崙資安服務基地 - 手把手帶你玩資安攻防 2022/6/9 https://bit.ly/38t2aWp 經濟部工業局沙崙資安服務基地 - 新世代資安防禦-網路威脅與防禦趨勢 2022/6/9 https://www.accupass.com/event/2205240207565477386890 資訊安全系列課程系列九：機器學習與資安異常診斷實務(第1期) 2022/6/7 https://www.tabf.org.tw/CourseDetail.aspx?PID=487302 醫療資安女力論壇 2022/6/11 https://isipevent.kktix.cc/events/e58d0573-copy-1 科技力x內容力 5G Craft 菁英挑戰賽號召各路英雄 2022/6/15 https://tomorrowsci.com/technology/20225g0526/ 經濟部工業局沙崙資安服務基地 - 智慧製造的痛-駭客攻擊與勒索軟體威脅 2022/6/16 https://www.cisanet.org.tw/Course/Detail/2836 經濟部工業局沙崙資安服務基地 - 日誌大數據分析實戰 2022/6/23 https://bit.ly/3sJWjmp 資訊安全管理(週日班) 2022/7/3 ~ 2022/8/28 https://mymcu.mcu.edu.tw/zh-hant/product/e022205151 創科資訊②⓪②②軟體開發實戰訓練營➠線上實習說明會 2022/7/6 https://trunk-studio.kktix.cc/events/monosparta-code-camp-2022-9 風險導向資安稽核 2022/7/20 https://www.cisanet.org.tw/Course/Detail/2756 HITCON PEACE 2022 台灣駭客年會 2022/8/19 ~ 2022/8/20 https://hitcon.kktix.cc/events/hitcon-peace-2022 2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22 https://jamf.kktix.cc/events/cybersec2022jamf