資安事件新聞週報 2021/8/2 ~ 2021/8/6

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2021/8/2 ~ 2021/8/6 1.重大弱點漏洞/後門/Exploit/Zero Day Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass) https://research.nccgroup.com/2021/08/05/technical-advisory-pulse-connect-secure-rce-via-uncontrolled-archive-extraction-cve-2021-22937-patch-bypass/ CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344 CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344 CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344 推動國內產品漏洞修補，TWCERT/CC已指派近200個CVE漏洞，近期發布品質並獲評雙最高等級 https://www.ithome.com.tw/news/146035 美、英、澳聯手公布2020年最常被利用的CVE漏洞 https://www.ithome.com.tw/news/146015 思科修補VPN設備漏洞 https://www.ithome.com.tw/news/146036 VMware Issues Patches to Fix Critical Bugs Affecting Multiple Products https://thehackernews.com/2021/08/vmware-issues-patches-to-fix-critical.html New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits https://thehackernews.com/2021/08/new-apt-hacking-group-targets-microsoft.html PyPI Python Package Repository Patches Critical Supply Chain Flaw https://thehackernews.com/2021/08/pypi-python-package-repository-patches.html 報告：Exchange Server Proxylogon漏洞可能2017年就被駭 https://pse.is/3fgvah 微軟WINDOWS伺服器存在PETITPOTAM漏洞，允許攻擊者控制整個AD網域，請儘速確認並進行防護補強 https://www.isda.org.tw/2021/07/31/730768d4f5deffc2ba6e073303fd956a/ 微軟安全警告：出現鎖定 Office 365 用戶且「比以往更狡滑」的新網路釣魚攻擊 https://technews.tw/2021/08/04/new-phishing-attack-sneakier-microsoft-warns/ 微軟Windows伺服器存在PetitPotam漏洞 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9370 資安專家再次發現 Windows Print Server 嚴重漏洞，任何人均可輕易取得系統權限 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9379 Salesforce Release Updates — A Cautionary Tale for Security Teams https://thehackernews.com/2021/08/salesforce-release-updates-cautionary.html Cisco Issues Critical Security Patches to Fix Small Business VPN Router Bugs https://thehackernews.com/2021/08/cisco-issues-critical-security-patches.html 中興保全Dr.ID 門禁考勤系統 - Path Traversal https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html 一宇數位科技 Orca HCM - Unrestricted Upload of File with Dangerous Type https://www.twcert.org.tw/tw/cp-132-4923-d68e6-1.html CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic Learning System https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25 CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic Learning System https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25 New Amazon Kindle Bug Could've Let Attackers Hijack Your eBook Reader https://thehackernews.com/2021/08/new-amazon-kindle-bug-couldve-let.html D-Link DIR-3040設備韌體存在多個安全漏洞(CVE-2021-21816~21820) https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1167 2.銀行/金融/保險/證券/支付系統/ 新聞及資安上半年駭客攻擊台灣高出全球3倍　銀行業最危險 https://finance.ettoday.net/news/2048707 玉山金總資產突破3兆元 https://ctee.com.tw/news/finance/498254.html WFH成常態？金融高層：依客層策略不同大戶就愛面對面 https://udn.com/news/story/7239/5650940 開放銀行-開放API平台 TSP業者資訊揭露專區 https://www.fisc.com.tw/TSP/ 數位金融轉型浪潮台中銀組織改造迎戰 https://pse.is/3ma4du 台中銀組織改造新設數金部迎戰金融科技 https://news.cnyes.com/news/id/4692156 台中銀行拚數位轉型　增設2部門玩創意 https://tw.appledaily.com/property/20210802/TSZAZDE4IFDGRFXWKKTK3WOX5I/ 銀行搶才！台中銀新設數金部　華銀月薪上看75K https://finance.ettoday.net/news/2046667 找對人推動〉一銀外聘資安專家，數位超車靠「三化」 https://www.gvm.com.tw/article/81221 金融機構不只要抗疫更要防堵資安威脅 https://www.chinatimes.com/opinion/20210728000089-262113?chdtv 3.電子支付/行動支付/pay/資安增資案到期恐來不及審蝦皮拿電支執照機率渺茫 https://udn.com/news/story/7239/5653873 倒數8天蝦皮拿電支執照恐落空 https://ctee.com.tw/news/tech/498614.html 反對蝦皮擴展電子支付　經民連：讓其掌握物流、金流將釀台灣金融危機 https://www.storm.mg/article/3859367?page=1 高嘉瑜質疑蝦皮支付涉及中資借殼　電子支付執照恐飛了 https://tw.appledaily.com/property/20210806/WU5GJXNLKRHD5DNYCFPJE46J74/ 你敢用蝦皮Pay嗎？民團揭中資藏鏡人籲快斬增資案 https://newtalk.tw/news/view/2021-08-03/614485 中共被指透過騰訊和蝦皮滲透台灣金流、物流和個資 https://technews.tw/2021/08/04/tencent-shopee-in-taiwan/ 金融生活場景有賴電子支付 https://udn.com/news/story/7340/5643299 APP逐一綁定帳戶太複雜中信銀首推「錢包綁定」管理行動支付 https://ec.ltn.com.tw/article/breakingnews/3627133 行動支付市場兵家必爭 https://udn.com/news/story/7239/5653833 uTagGO奪FCA最佳產品創新獎推停車行動支付服務 https://money.udn.com/money/story/5617/5635502 ETC推停車行動支付流程快如簡訊實聯制 https://www.epochtimes.com/b5/21/7/29/n13124746.htm 立委籲發數位振興券藉以推廣行動支付 https://pse.is/3kqt53 最高15%回饋！「LINE Pay星巴克隨行卡」超萌登場 https://money.udn.com/money/story/5617/5646454 電子支付新突破　與金融機構接軌不再卡卡 https://www.nownews.com/news/5347015 WeChat Pay HK助長者了解電子支付致力推動香港普惠金融發展 https://times.hinet.net/topic/23443931 攜手全家做電支，玉山金用「互補策略」補上拼圖！如何跨領域誕生新玩法 https://www.bnext.com.tw/article/64314/familymart-esun-digital-payment-strategy 電子支付業務風波不斷 PayPal遭SEC、美消保局調查 https://news.cnyes.com/news/id/4690394 不完美的支付系統，才是最完美——談談現金與電支的平衡 https://pse.is/3mhxpn 4.加密貨幣/挖礦/區塊鍊/智能合約資安冷錢包結合實名制交易，他幫客戶守護200億美元資產 https://www.bnext.com.tw/article/64219/cold-wallet-coolbitx-2021 DeFi再傳閃電貸攻擊！ Popsicle和Wault遭駭「損失超過2,000萬美元」 https://www.blocktempo.com/popsicle-and-wault-hack-20-million/ 加密貨幣在台灣很熱嗎？2大加密貨幣交易所第一手觀察 https://www.bnext.com.tw/article/64180/crypto-exchange 比特幣價格波動大　央行：密碼通貨不是通貨、穩定幣也不穩定 https://finance.ettoday.net/news/2047104 DeFi是什麼？為何又叫「虛擬的華爾街」？一文看它如何顛覆金融服務 https://www.bnext.com.tw/article/64212/defi 加密指數協議Levyathan官方：攻擊造成近150萬美元損失，準備要求Certik進行部分賠償 https://news.cnyes.com/news/id/4693263 區塊鏈安全100問 | 第五篇：駭客透過這些方法盜取數字資產，看看你是否中招 https://www.daytime.cool/tech/7226726.html 庫幣科技推出CoolWallet Signing全新技術 https://money.udn.com/money/story/10860/5644933 行動支付巨頭Square從比特幣中「掘金」：Q2比特幣貢獻了較同期200%成長 https://news.knowing.asia/news/bb97eaff-a065-4294-b0ee-34d1b7a39a85 中國人行：數位人民幣將會與實體貨幣、電子支付共存！試辦交易已累積逾7千萬筆 https://www.bnext.com.tw/article/63980/china-digital-currency-and-traditional-currency 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC LockBit 勒索軟體現可利用群組原則，自動加密 Windows 網域下所有電腦 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9371 PDF藏病毒北韓網攻南韓政府機構 https://pse.is/3lq7b3 東奧熱逾萬筆相關惡意連結流竄 https://turnnewsapp.com/livenews/tech/A06659002021080312520090 假冒LINE貼圖、偽線上直播也蹭「奧運」熱！惡意連結攔截一週逾萬筆 https://3c.ltn.com.tw/news/45393 美國科技巨擘與政府合作對抗勒索軟體 https://www.chinatimes.com/realtimenews/20210806000852-260410?chdtv 亞企面對勒索軟體傾向花錢消災 IDC：強化資安更實際 https://wantrich.chinatimes.com/news/20210803S425255 IDC：亞太區企業願支付勒索軟體贖金比例增 https://money.udn.com/money/story/10860/5647325 勒索軟體猖獗卻難繩之以法 https://www.worldjournal.com/wj/story/121210/5633752 勒索病毒預期將持續肆虐　遠距辦公漏洞不可不防 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=1&cat=10&id=0000616119_p5521tmk0nw0vllrls3ux BazarCall to Conti Ransomware via Trickbot and Cobalt Strike https://thedfirreport.com/2021/08/01/bazarcall-to-conti-ransomware-via-trickbot-and-cobalt-strike/ “Beijing One Pass” Employee Benefits Software Exhibits Spyware Characteristics https://go.recordedfuture.com/hubfs/reports/cta-2021-0729.pdf https://www.recordedfuture.com/beijing-one-pass-benefits-software-spyware/ Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers https://www.riskiq.com/blog/external-threat-management/apt29-bear-tracks/ A Deep-dive Analysis of a New Wiper Malware Disguised as Tokyo Olympics Document https://blog.cyble.com/2021/08/02/a-deep-dive-analysis-of-a-new-wiper-malware-disguised-as-tokyo-olympics-document/ Cobalt Strike indicators Q3 2021 https://twitter.com/mojoesec/status/1421198691742986243 https://twitter.com/Max_Mal_/status/1421575697022300165 https://twitter.com/500mk500/status/1421739726453751812 https://twitter.com/mojoesec/status/1422278693792227333 https://twitter.com/mojoesec/status/1422278692760428549 DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos https://www.cybereason.com/blog/deadringer-exposing-chinese-threat-actors-targeting-major-telcos#iocs APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt31-new-attacks/ Quasar RAT indicators https://pastebin.com/ptk9Z0xD https://twitter.com/JAMESWT_MHT/status/1422813422828331009 SideCopy APT indicators 5/8/2021 https://twitter.com/ShadowChasing1/status/1422914152381616134 https://twitter.com/c3rb3ru5d3d53c/status/1422982036365750275 Possible attacks on Pakistan's NCGSA, MOITT, MOD, NSCP and SCO https://mp.weixin.qq.com/s/yrDzybPVTbu_9SrZPlSNKA New variants of TeamTNT packaged bash scripts https://blog.netlab.360.com/wei-xie-kuai-xun-teamtntxin-huo-dong-tong-guo-gan-ran-wang-ye-wen-jian-ti-gao-chuan-bo-neng-li/ BlackMatter ransomware indicators https://twitter.com/Arkbird_SOLG/status/1421984944792944643 https://github.com/StrangerealIntel/DailyIOC/blob/master/2021-08-01/Blackmatter/RAN_BlackMatter_Aug_2021_1.yara DOUBLE DRAGON APT indicators https://content.fireeye.com/apt41-jp/rpt-apt41-jp Critical Infrastructure Organizations in South East Asia Targeted in Espionage Campaign https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/critical-infrastructure-south-east-asia-espionage Solarmarker InfoStealer Malware Once Again Making its Way Into the Wild https://thehackernews.com/2021/08/solarmarker-infostealer-malware-once.html Experts Uncover Several C&C Servers Linked to WellMess Malware https://thehackernews.com/2021/07/experts-uncover-several-c-servers.html Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus https://thehackernews.com/2021/08/russian-federal-agencies-were-attacked.html New Chinese Spyware Being Used in Widespread Cyber Espionage Attacks https://thehackernews.com/2021/08/new-chinese-spyware-being-used-in.html A Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware Service https://thehackernews.com/2021/08/a-wide-range-of-cyber-attacks.html Several Malware Families Targeting IIS Web Servers With Malicious Modules https://thehackernews.com/2021/08/several-malware-families-targeting-iis.html India's Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks https://thehackernews.com/2021/08/indias-koo-twitter-like-service-found.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊怕怕！以色列間諜軟體鎖定攻擊iPhone 沒點連結也會被惡意入侵 https://www.chinatimes.com/realtimenews/20210805004244-260412?chdtv 將強化資安措施隱私訴訟和解 Zoom付8,500萬美元 https://wantrich.chinatimes.com/news/20210803S424938 和臉書、LinkedIn共享用戶個資！Zoom賠24億換和解 https://newtalk.tw/news/view/2021-08-02/614125 蘋果將讓iPhone偵測兒童色情照片挑起隱私辯論 https://news.cnyes.com/news/id/4695982 iPhone隱藏我的電子郵件怎麼用？教你用iOS15產生拋棄式Email https://mrmad.com.tw/how-to-hide-my-email-on-iphone-and-ipad 華郵：如何隨身攜帶疫苗接種紀錄智慧型手機選擇多 https://www.worldjournal.com/wj/story/121469/5650990 國軍手機的中國App https://talk.ltn.com.tw/article/paper/1464910 繼以色列 NSO Pegasus 全球監控惡行，又出現會入侵 WhatsApp 等加密 App 的 Paragon https://technews.tw/2021/08/03/whatsapp-facebook-gmail-users-israeli-surveillance-startup-paragon-hack-encrypted-apps/ 法國在3名記者手機上發現間諜程式Pegasus入侵跡象 https://www.ithome.com.tw/news/145990 中華電信攜手是方電訊推出「是方i健康」APP https://times.hinet.net/news/23438131 強化通訊軟體Line安全性建議 https://www.tcrc.edu.tw/new/new-list/line-3 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 2376 技嘉公告本公司遭受駭客攻擊 https://www.ptt.cc/bbs/Stock/M.1628238780.A.39C.html 技嘉伺服器遭駭客針對網路攻擊　公司：已通報執法單位、強化資安防禦 https://finance.ettoday.net/news/2049903 技嘉遭駭客攻擊！勒贖信曝光竊走112GB機密，業界籲：被駭並不丟臉 https://www.bnext.com.tw/article/64359/gigabyte-hack-2021 小心間諜就在你手邊 https://udn.com/news/story/7339/5643236?from=udn-catelistnews_ch2 不下指令，員工也能自動自發？LINE 台灣靠 2 種獎勵，讓團隊動起來 https://www.managertoday.com.tw/articles/view/63498 【資安人才大聲公】資安工作最大成就感，7位前輩這樣說 https://www.ithome.com.tw/news/145982 資安委外提升企業資安防護　強化遠端工作安全 http://www.taiwanhot.net/?p=953513 再傳捷報！臺灣資安公司戴夫寇爾研究員二度獲得資安屆奧斯卡獎Pwnie Awards最佳伺服器漏洞獎 https://www.ithome.com.tw/news/146039 秘書、助理需留意的3種網路威脅 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=9363 蘋果不忍了！發律師函追查外流設備與機密嚇壞中國爆料客 https://newtalk.tw/news/view/2021-08-02/614012 48個組織要求FTC禁止企業監控行為，點名Amazon Ring、Alexa https://www.ithome.com.tw/news/145970 《Minecraft》駭客肆虐「2B2T」伺服器3年用漏洞追蹤玩家破壞上萬座基地 https://game.udn.com/game/story/122089/5652876 中國駭客過去4年來至少入侵5家東南亞地區大型電信業者 https://www.ithome.com.tw/news/146008 網絡安全研究人員：中國政府支持的駭客組織危害到電信公司 https://pse.is/3ln3dv 駭客攻擊導致義大利拉齊奧地區的COVID-19接種預約系統被關閉 https://pse.is/3htjk6 油輪無端遭攻擊以色列先指控伊朗 https://news.sina.com.tw/article/20210801/39428026.html 新冠病毒溯源！CNN驚爆美情報機構　攔獲武漢實驗室基因數據 https://www.bcc.com.tw/newsView.6861431 美國司法部證實：俄駭客曾入侵聯邦檢察官電郵 https://udn.com/news/story/6809/5642118?from=udn-catelistnews_ch2 SolarWinds網攻美聯邦檢察官也受「駭」 https://pse.is/3lqrhg 美參議院公布政府資安體檢報告：8個聯邦機構中僅國土安全部合格 https://www.ithome.com.tw/news/146006 「規模極端龐大」　澳洲通訊局長：中國國家級駭客策動攻擊澳洲事態嚴重 https://pse.is/3mh3nj 為中國提供情報的德國「雙面諜」妻子遭爆出也當「線人」數十年 https://times.hinet.net/news/23440008 南韓官員頻遭網路威脅、攻擊疑北韓駭客組織發起 https://news.ltn.com.tw/news/world/breakingnews/3625798 PwnedPiper PTS Security Flaws Threaten 80% of Hospitals in the U.S. https://thehackernews.com/2021/08/pwnedpiper-pts-security-flaws-threaten.html Chinese Hackers Target Major Southeast Asian Telecom Companies https://thehackernews.com/2021/08/chinese-hackers-target-major-southeast.html 資安維運工程師 https://www.cakeresume.com/companies/facebook-space20technology/jobs/information-security-maintenance-engineer-a36f0f?locale=ko SOC服務系統工程師(專案) https://www.104.com.tw/job/7b2mv 資安威脅與調查分析工程師(工作地點:台中) https://www.104.com.tw/job/7ceej 院本部資訊中心儲備員三級約用管理師(資安品質組)(資訊中心職缺僅可擇一職缺性質報名) https://www.104.com.tw/job/7cds7 資安技術工程師 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=396344&HIRE_ID=10576727 資安工程師 https://pse.is/3luvjr 資安駐點人員_台北市(信義區、大安區)、新北市(板橋、汐止) https://www.518.com.tw/job-L18W25.html 資安工程師 (資訊部) https://www.518.com.tw/job-yw9wg4.html 【資安所】系統開發工讀生 https://www.104.com.tw/job/7b4ch 資安健檢助理工程師 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?R2=5&EMPLOYER_ID=528812&HIRE_ID=10575855 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全利用國內各大電信業者在線上申辦時的身分查核不足，犯嫌結合冒領門號、小額付款與自動扣繳取財，上百人受害 https://www.ithome.com.tw/news/145976 副總統、周杰倫都來過餐飲店總經理臉書被盜：私密資料險外流 https://news.ltn.com.tw/news/society/breakingnews/3627803 微軟揭露BazaCall網路釣魚攻擊細節，分析迴避偵測的多種手法 https://www.ithome.com.tw/news/146037 如果覺得自己的帳號遭到駭客入侵，或遭到別人盜用了，該怎麼處理 https://www.samsung.com/tw/shop-faq/samsung-account/i-think-my-account-has-been-hacked-or-used-by-someone-else-what-do-i-do/ 詐騙新手法！假冒公益弱勢團體致電騙捐款人按ATM匯款 https://udn.com/news/story/7315/5652885?from=udn-catelistnews_ch2 詐騙集團駭入網捐平台盜刷　受害公益團體遍全台 https://www.4gtv.tv/article/2021080506000030 迦南身障養護院捐款系統商遭駭客攻擊捐款者小心上當 https://udn.com/news/story/7320/5652880 無良! 詐騙集團駭捐款平台竊資盜刷公益團體陷寒冬 https://pse.is/3lclqa 差點被騙150萬！他揭「2關鍵」教訓 https://pse.is/3j42lh 研究：超過350個假帳號網絡推廣親中宣傳 https://www.cna.com.tw/news/ait/202108050235.aspx 防堵網頁資料抓取，臉書關閉研究政治廣告的學術計畫帳號 https://www.ithome.com.tw/news/146042 網路攻擊風險大增，80% 企業未來一年可能發生客戶資料外洩 https://technews.tw/2021/08/04/cyber-risk-index/ 對「再發振興券」的看法網路投票問卷？確實為TVBS進行的民調表單 https://www.mygopen.com/p/tvbs.html 奧運相關惡意連結一周逾萬筆，假貼圖攻佔詐騙冠軍 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9372 小心戴資穎、麟洋配竊個資！上萬筆詐騙貼圖趁奧運熱潮四處流竄 https://technews.tw/2021/08/02/trendmicro-olympics/ 假貼圖別下載！詐騙集團「蹭奧運」詐財　專家急曝4手法 https://www.nownews.com/news/5344319 詐騙搶搭奧運熱　不只貼圖還假冒戴資穎遭狹持簡訊詐騙 https://tw.appledaily.com/gadget/20210803/QSBX2APYCJHLPDL6Q7BYY3EXVM/ E.研究報告/工具 Ep 07: 神秘正義駭客用 GIF 梗圖就阻止了殭屍網路？資安研究員面對的電車難題 https://pse.is/3mf6fx ep5 駭客十分鐘駭進FBI偷取資料是如何辦到的 https://www.mymusic.net.tw/podcast/episode/2092979?source=CHANNEL_PAGE 美國NSA與CISA發布《Kubernetes強化指南》 https://www.ithome.com.tw/news/146041 Black Hat USA 2021 Recap https://cybersecdn.com/index.php/2021/08/06/black-hat-usa-2021-recap/ BlackHat 2021 - Crashing Your Way to Medium IL - Exploiting the PDB Parser for Privilege Escalation https://pse.is/3hssmn Exploiting Errors in Windows Error Reporting - BlueHatIL 2020 https://pse.is/3lath2 Leveraging CVE-2015-7545 for ASLR Bypass & RCE - HITB 2016 AMS https://pse.is/3mg6ah DEFCONConference https://www.youtube.com/channel/UC6Om9kAkl32dWlDSNlDS9Iw?app=desktop Reverse Shell Generator by Ryan Montgomery https://hakin9.org/reverse-shell-generator-by-ryan-montgomery/ HPE iLO 5 security Go home cryptoprocessor, you’re drunk! https://airbus-seclab.github.io/ilo/BHUSA2021-Slides-hpe_ilo_5_security_go_home_cryptoprocessor_youre_drunk-gazet_perigaud_czarny.pdf Uchihash - A Small Utility To Deal With Malware Embedded Hashes https://www.kitploit.com/2021/08/uchihash-small-utility-to-deal-with.html F.商業登入帳號不再想破頭！Google 新技術打算「消滅密碼」 https://3c.ltn.com.tw/news/45427 能自動回應的資安協作應變系統SOAR 是降低駭侵攻擊損害的解答 https://www.issdu.com.tw/perspective_detail.php?id=32 Check Point Software 年中資安報告：三重勒索、供應鏈攻擊及遠端網路攻擊較去年同期增加 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9373 中華電信攜手思科推進台灣5G開放架構網路產業鏈 https://money.udn.com/money/story/5612/5650325 中華電、思科簽MOU 打造5G O-RAN SA測試平台 https://www.cna.com.tw/news/ait/202108040314.aspx 瑞祺電看好網通需求，設新總部添後市動能 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=705a4b15-b7ed-4c55-b325-b41c1b7cfad2 力挺企業轉型，中華電信引領雲網優勢榮獲 2021 AWS Rising Star及AWS IoT Partner兩項殊榮 https://times.hinet.net/news/23441203 精誠上半年EPS 3.39元擬發行30億元無擔保公司債 https://money.udn.com/money/story/5613/5650505 IT需求趨勢不減零壹科技H2持續樂觀 https://ec.ltn.com.tw/article/breakingnews/3627520 宏碁多引擎發動！毛利率奔12%新高，上半年成績盤點這3隻小金虎最優 https://www.bnext.com.tw/article/64323/acer-2021-q2 Openfind 攜手中華電信提供 S/MIME 電子郵件簽章服務 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9369 G.政府非法機上盒猖獗立委促加強查緝趕走盜版 https://www.cna.com.tw/news/aipl/202108040129.aspx 視訊搭配虛擬健保卡落實真正遠距醫療 https://www.healthnews.com.tw/news/article/50904 外交部長吳釗燮爆因「沒秒回訊拔官」對話曝官員嚇歪帶手機洗澡 https://pse.is/3m55j8 五倍券除了紙本及數位券以外　不妨這樣發 https://tw.appledaily.com/forum/20210805/KGNK2S37TJH3LI7PUOE7LI5BLM/ 柯P談五倍券應走電子支付 https://pse.is/3lbcua 應疫情減少民眾等待與接觸時間　桃市推稅務「電子簽名無紙化系統」　 http://www.taiwanhot.net/?p=954279 強化國安修法綠委：下會期力推 https://news.ltn.com.tw/news/politics/paper/1464544 110年第2季資通安全技術報告ー開放下載 https://pse.is/3lxuu7 110年第2季更新之資通安全專業證照清單 https://nicst.ey.gov.tw/Page/D94EC6EDE9B10E15/3386e586-1930-4f48-9b5e-1c9f256b7549 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識相關資安汽車廠商三大問如何解決車用電子系統安全隱患 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=35&id=0000616236_6LD3GK5V2QRTB77070WWV Fortinet : 惡意軟體與釣魚郵件攻擊幅度大增，OT業者資安挑戰加劇 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=12&aid=9362 美媒：塗鴉智能恐成新的中國威脅 https://news.ltn.com.tw/news/world/paper/1465051 擁抱5G/雲端商機伴隨風險　聯網汽車迎戰資安威脅 https://www.2cm.com.tw/2cm/zh-tw/recommend/997495BA59AD4C7392439D2D44706651 AIoT原生SSD助智慧邊緣全面落地 https://www.eettaiwan.com/20210804np22/ 臉書研發AR/VR虛擬實境技術，5年內從社群轉型為虛擬共生企業 https://pse.is/3kfdbg T防護技術整合OT領域知識　打造工業場域專用安全機制提高工控系統資安韌性　為轉型奠定可靠基礎 https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/41DA4C2FA1A94F5DB8AF87AA593C5AC6 Moxa新款工業安全路由器上陣，內建10個GbE埠與防火牆 https://www.ithome.com.tw/review/145949 北美8成主要醫院所安裝的氣動輸送系統含有9個安全漏洞 https://times.hinet.net/news/23440899 拜登簽署備忘錄規範工業控制系統網路安全防禦機制 https://news.sina.com.tw/article/20210803/39452934.html 勤業眾信發布生醫暨人工智慧調查白皮書，提四運用建議 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=c03a3ea2-7b62-4118-ab86-9badc229ef2b Critical Flaws Affect Embedded TCP/IP Stack Widely Used in Industrial Control Devices https://thehackernews.com/2021/08/critical-flaws-affect-embedded-tcpip.html Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks https://thehackernews.com/2021/08/unpatched-security-flaws-expose.html I.教育訓練從美國一宗刑事恐嚇案件，淺談資安基本常識 https://pse.is/3lvd83 TDOH 功德駭客教你打 https://hackmd.io/@HackerSir/activity/https%3A%2F%2Fhackmd.io%2F%40HackerSir%2Ftdoh_1128_note 110年新進人員「校園資訊安全講座」教材 https://cc.nccu.edu.tw/p/404-1001-740.php?Lang=zh-tw iPAS◆資訊安全規劃實務◆中級測驗題庫彙編 https://pse.is/3lfzvb 金大資安研究表現傑出榮登國際頂級學術期刊 https://times.hinet.net/news/23439299 一堂課教你找到可疑封包，抓出公司資安漏洞 https://ithome.com.tw/pr/145971 6.近期資安活動及研討會搶攻 LINE OA 跨境招生潮 / 課程代號 LA3 8/10 https://www.accupass.com/event/2103310827012203476660 中華電信學院創客智慧應用研習班第三梯 8/10 ~ 8/11 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=349 DevDays Asia 亞太技術年會 8/11 ~ 8/13 https://event.ithome.com.tw/live/devdays/index.html PH Tech Community Leads Meetup #52: Phone me A Code - Game Night 8/13 https://www.meetup.com/Philippine-Tech-Community-Leaders/events/279778390 香港VXCON 2020 / 21 8/14 https://www.vxcon.hk/ 【創客小聚】物聯日常的崛起，Chatbot x IoT一網打盡！ 8/14 https://www.accupass.com/event/2104231345071268826835 【Arm DevTalks 2021】當MCU遇上AI：Embedded ML大有可為 8/14 https://www.accupass.com/event/2107291203058890029980 第六屆臺灣好厲駭徵選活動 8 月 16 日(一)中午 12 點截止 https://isip.moe.edu.tw/wordpress/?p=2201 解鎖MarTech關鍵戰略 8/18 https://www.accupass.com/event/2107280956181066268985 中華電信學院物聯網實作研習班 (3天班)第9梯 8/18 ~ 8/20 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=353 2021兒童邏輯程式營│不插電程式× Dash機器人 8/23 ~ 8/27 https://www.accupass.com/event/2104200927355518736600 【數位同步】資安事件處理與數位鑑識實務 8/23 ~ 8/24 https://college.itri.org.tw/course/all-events/A5D5BF91-59FC-40D5-BE97-B7FE58AD612E.html 生醫軟性感測貼片技術發展及資安研討會 8/25 https://sensors-ic.nctu.edu.tw/fppgsensorpatch/seminar.html 聊天機器人開發－你的口袋電影百科 8/25 https://www.accupass.com/event/2107300457311258309333 2021國泰金控技術年會-跨界雲端新常態 8/26 https://www.accupass.com/event/2107221002434542934180 學生計算機年會 SITCON 2021 9/4 https://sitcon.org/2021/ 一日資訊人體驗 / 程式驅動「資安工程師職涯體驗工作坊」 9/11 https://www.accupass.com/event/2103311106541674023956 中華電信學院自主式移動機器人ROS開發實戰班 09/22、09/23、10/07、10/08 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=318 2021 Code for Gender 性別駭客松 9/26 https://codeforgender.com/events/202109 Golang Taipei Gathering #58 9/28 https://www.meetup.com/golang-taipei-meetup/events/277604159/ Cyber Defense Summit 2021 Oct. 4-7, 2021 https://summit.fireeye.com/ 中華電信學院委外廠商安全程式碼撰寫基礎測驗班 10/12 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=424 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=425 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=426 中華電信學院樹莓派學開車，手把手實做人工智慧自駕車板橋第四梯 10/21 ~ 10/22 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=317 2021 MOPCON 行動科技年會 10/23 ~ 10/24 https://www.accupass.com/event/2107211505081465802842 【資安學院】資安事故處理實務 10/27 https://www.cisanet.org.tw/News/activity_more?id=MjY0NA== 【資安學院】國際資安標準與攻擊趨勢分享 11/10 https://www.cisanet.org.tw/News/activity_more?id=MjY3OA== HITCON 2021 台灣駭客年會 11/26 ~ 11/27 https://kktix.com/events/hitcon-2021/ 中華電信學院委外廠商安全程式碼撰寫基礎測驗班 12/14 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=427 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=428 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=429