資安事件新聞週報 2022/7/18 ~ 2022/7/22

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/7/18 ~ 2022/7/22 1.重大弱點漏洞/後門/Exploit/Zero Day 美報告示警：中國銷往多國一款GPS存在嚴重安全漏洞恐使車輛遭監控劫持 https://www.rti.org.tw/news/view/id/2139186 車輛GPS追蹤器MiCODUS MV720存在重大漏洞，恐讓駭客進行跟蹤或控制車輛 https://reurl.cc/m36Ry1 深圳產GPS存漏洞安裝車輛或被劫持 https://reurl.cc/GEZ5Gy Unpatched GPS Tracker Bugs Could Let Attackers Disrupt Vehicles Remotely https://thehackernews.com/2022/07/unpatched-gps-tracker-bugs-could-let.html 思科資料中心網路管理系統存在漏洞，恐讓攻擊者取得root權限執行命令 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mhcvuln-vpsBPJ9y Juniper 近日發布更新以解決 Contrail Networking 的安全性弱點 https://reurl.cc/KQKlRp https://reurl.cc/eOvyAM Juniper Networks修補網路管理平臺、軟體定義網路系統的重大漏洞 https://thehackernews.com/2022/07/juniper-releases-patches-for-critical.html Juniper Releases Patches for Critical Flaws in Junos OS and Contrail Networking https://thehackernews.com/2022/07/juniper-releases-patches-for-critical.html Security Bulletin: IBM QRadar SIEM is vulnerable to improper certificate validation (CVE-2021-29755) https://reurl.cc/V1pMlQ Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM QRadar SIEM https://reurl.cc/ZbaVvp Security Bulletin: IBM QRadar SIEM is vulnerable to infomation disclosured due to incorrect file permissions (CVE-2022-22424) https://reurl.cc/jGMy21 Security Bulletin: IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-38936) https://reurl.cc/GEZpvp Oracle Critical Patch Update for July 2022 https://reurl.cc/D3nl56 攻擊者透過NFS漏洞，有機會取得SYSTEM權限執行任意程式碼 https://reurl.cc/aG0Z9X 補丁變得更方便！微軟推出Windows Autopatch自動補丁更新服務 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9961 Atlassian修補Confluence寫死帳密的漏洞 https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability https://thehackernews.com/2022/07/atlassian-releases-patch-for-critical.html New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain https://thehackernews.com/2022/07/new-netwrix-auditor-bug-could-let.html 圖片處理工具ImageGear存在漏洞，恐被用於執行程式碼 https://blog.talosintelligence.com/2022/07/accusoft-vuln-spotlight-.html JavaScript網頁應用程式框架Blitz.js存在原型污染漏洞 https://blog.sonarsource.com/blitzjs-prototype-pollution/ 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安印度證券交易所坦承遭到網路攻擊，但聲稱這是「小」事故，且沒有資料遺失 https://reurl.cc/5pkDoR 銀行公會舉辦海外分區經理人、法遵人員暨內稽內控人員研討會 https://wantrich.chinatimes.com/news/20220722900796-420501 金融科技詐騙決勝心防 https://udn.com/news/story/7339/6476276 力推數位身份認證金管會：已輔導16家金融機構22件申請 https://reurl.cc/8p46aM 3.電子支付/行動支付/pay/資安 Google 錢包正式回歸，以 Google Pay 感應付款、可加數位疫苗證明 https://technews.tw/2022/07/21/the-new-google-wallet-is-now-available-to-all-users/ 沒完沒了的PAY！PAY！PAY！為何銀行不賺錢的支付換到零售業卻變香噴噴 https://www.bnext.com.tw/article/70698/why-retail-player-make-everything-in-app-payment-while-consumer-banking-never-care 台行動支付交易量遠高全球平均 https://ctee.com.tw/news/finance/675735.html 聯款通聯手街口支付，助商圈支付數位化，共創數億新商機 https://times.hinet.net/news/24037647 日行動支付方案供應商變身獨角獸 https://money.udn.com/money/story/122236/6433846 一卡通MONEY驚傳大當機！　轉帳繞圈圈用戶哀號 https://finance.ettoday.net/news/2298481 一卡通MONEY出現異常暫停服務約半小時 https://www.cna.com.tw/news/ahel/202207200256.aspx 金融機構控Apple Pay 2項壟斷罪　獲利至少10億美元 https://www.ettoday.net/news/20220721/2298128.htm 企業電子支付熱迎A2A新時代 https://ctee.com.tw/news/finance/672818.html 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約資安美國再度警告加密貨幣投資者遭到鎖定，駭客佯稱提供錢包應用程式來騙錢 https://www.ic3.gov/Media/News/2022/220718.pdf Premint將賠付340 ETH給受損者，同時收購錢包安全公司Vulcan https://news.cnyes.com/news/id/4918093 PREMINT 被駭：不要點擊任何連結 https://www.headlinetw.com/article/5601.html Meta、微軟都參加了，『元宇宙標準論壇』成立！為什麼要建立標準 https://agirls.aotter.net/post/60978 cBridge上線一周年：跨鏈橋的核心競爭力是什麼 https://news.cnyes.com/news/id/4918847 加密社交交易所BingX 獲歐美4張監管牌照、無資安盜竊事故、錢包零盜失 https://enn.tw/?p=123870 台灣IBM技術長：區塊鏈應用進入「爆發期」 https://ec.ltn.com.tw/article/breakingnews/4000918 防堵加密貨幣洗錢 300位政府官員齊聚燒腦 https://ec.ltn.com.tw/article/breakingnews/3993831 台灣央行數位貨幣進程整理｜CBDC有何效益及風險？試驗進度到哪階段 https://news.cnyes.com/news/id/4915855 就快和紙鈔、硬幣說再見? 央行CBDC數位新台幣亮相 https://money.udn.com/money/story/5613/6470071 新台幣數位化/看起來跟我的行動支付差不多，央行CBDC到底是什麼 https://money.udn.com/money/story/5613/6440907 楊金龍：央行數位貨幣與電子支付是互補關係 https://finance.technews.tw/2022/06/30/cbdc-pay-online/ 數位貨幣時代來臨？央行將推數位新台幣可消費、投資 https://reurl.cc/nO6q32 Crypto.com 即將整合 Google Pay，安卓用戶新增加密貨幣購買支付途徑 https://www.blocktempo.com/crypto-com-to-roll-out-google-pay-integration/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Sophos 發現 BlackCat 使用了新攻擊工具 Brute Ratel https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9965 間諜軟體CloudMensis鎖定Mac電腦而來 https://reurl.cc/0Xg4o6 建材廠商Knauf遭勒索軟體Black Basta攻擊 https://reurl.cc/m36RqG 資安業者Zscaler揭露安卓銀行木馬Joker、Facestealer、Coper透過Google Play市集散布 https://reurl.cc/jGMQq2 美國羅州下水道系統營運業者遭到勒索軟體攻擊 https://reurl.cc/kENML9 Google發現一款偽裝成替烏克蘭發動DDoS攻擊的Android惡意程式 https://times.hinet.net/news/24034852 又有新的勒索軟體以程式語言Rust打造而成，並採用獨特的演算法 https://securelist.com/luna-black-basta-ransomware/106950/ 以Rust撰寫的全新勒索軟體Luna可加密Windows、Linux及ESXi系統 https://times.hinet.net/news/24036962 美國從勒索軟體Maui追回50萬美元加密貨幣 https://reurl.cc/W1aANy 惡意軟體QBot透過HTML檔案散布，並透過處理程序空心化執行來規避偵測 https://www.fortinet.com/blog/threat-research/new-variant-of-qakbot-spread-by-phishing-emails 勒索軟體Redeemer 2.0免費提供駭客使用，得手後作者抽成牟利 https://blog.cyble.com/2022/07/20/redeemer-ransomware-back-action/ 間諜軟體利用Chrome瀏覽器零時差漏洞攻擊中東用戶 https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/ 微軟再度啟用Office封鎖機制，停用從網路下載的巨集 https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-blocking-office-macros-by-default-once-again/ Microsoft Resumes Blocking Office VBA Macros by Default After 'Temporary Pause' https://thehackernews.com/2022/07/microsoft-resumes-blocking-office-vba.html 資安業者揭露勒索軟體Conti破壞哥斯大黎加政府的經過 https://www.advintel.io/post/anatomy-of-attack-truth-behind-the-costa-rica-government-ransomware-5-day-intrusion LockBit 3.0 Update | Unpicking the Ransomware's Latest Anti-Analysis and Evasion Techniques https://reurl.cc/XVDRr3 Alibaba OSS Buckets Compromised to Distribute Malicious Shell Scripts via Steganography https://reurl.cc/LMjlzK Ongoing Roaming Mantis smishing campaign targeting France https://blog.sekoia.io/ongoing-roaming-mantis-smishing-campaign-targeting-france/ Cyber National Mission Force discloses IOCs from Ukrainian networks https://reurl.cc/9po3NO EvilNum Targets Cryptocurrency, Forex, Commodities https://reurl.cc/lekyrQ 惡意軟體Lightning Framework鎖定Linux主機而來，恐被用來部署後門程式與Rootkit https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/ Lightning Framework: New Undetected “Swiss Army Knife” Linux Malware https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/ I see what you did there: A look at the CloudMensis macOS spyware https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/ Cloaked Ursa (APT29) Hackers Use Trusted Online Storage Services https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/ Stealthy OpenDocument Malware Deployed Against Latin American Hotels https://threatresearch.ext.hp.com/stealthy-opendocument-malware-targets-latin-american-hotels/ 駭客組織8220已控制逾3萬臺雲端伺服器組成殭屍網路 https://reurl.cc/xQxvme From the Front Lines | 8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts https://reurl.cc/xQxvme GeckoSpy: Pegasus Spyware Used Against Thailand’s Pro-Democracy Movement https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/ Digium Phones Under Attack: Insight Into the Web Shell Implant https://unit42.paloaltonetworks.com/digium-phones-web-shell/ Distribution of AppleSeed to specific military base maintenance companies https://asec.ahnlab.com/ko/36918/ Hackers Target Ukrainian Software Company Using GoMet Backdoor https://thehackernews.com/2022/07/hackers-target-ukrainian-software.html Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms https://thehackernews.com/2022/07/hackers-use-evilnum-malware-to-target.html FBI Seizes $500,000 Ransomware Payments and Crypto from North Korean Hackers https://thehackernews.com/2022/07/fbi-seizes-500000-ransomware-payments.html New Rust-based Ransomware Family Targets Windows, Linux, and ESXi Systems https://thehackernews.com/2022/07/new-rust-based-ransomware-family.html This Cloud Botnet Has Hijacked 30,000 Systems to Mine Cryptocurrencies https://thehackernews.com/2022/07/this-cloud-botnet-has-hijacked-30000.html Experts Uncover New CloudMensis Spyware Targeting Apple macOS Users https://thehackernews.com/2022/07/experts-uncover-new-cloudmensis-spyware.html Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware https://thehackernews.com/2022/07/several-new-play-store-apps-spotted.html Distribution of AppleSeed to specific military base maintenance companies https://asec.ahnlab.com/ko/36918/ Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists https://thehackernews.com/2022/07/candiru-spyware-caught-exploiting.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Hackers Targeting VoIP Servers By Exploiting Digium Phone Software https://thehackernews.com/2022/07/hackers-targeting-voip-servers-by.html Russian Hackers Tricked Ukrainians with Fake "DoS Android Apps to Target Russia" https://thehackernews.com/2022/07/russian-hackers-tricked-ukrainians-with.html Google 帳號、YouTube 頻道遭到駭客入侵盜用後還原救回全記錄 https://mnya.tw/cc/word/1844.html 手機門號被盜狠騙10萬！神人一看猛揪「這原因」小心了 https://news.tvbs.com.tw/life/1854004 俄羅斯駭客Turla以提供DDoS攻擊工具為由，對親烏克蘭人士的安卓手機下手 https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/ 泰國民主運動參與者的iPhone手機遭植入間諜軟體Pegasus https://reurl.cc/Qbn59b 下載量破300萬次！Google Play藏8款惡意APP 駭客恐竊光你荷包 https://reurl.cc/KQKdQp Google Play 中藏有三種惡意 Android 軟體，下載次數達 30 萬次 https://www.twcert.org.tw/tw/cp-104-6316-e4dec-1.html 小心iPhone潛伏84個流氓Apps 每年呃過億美元！Apple一個原因懶理原文網址: 小心iPhone潛伏84個流氓Apps 每年呃過億美元！Apple一個原因懶理 | 香港01 https://www.hk01.com/sns/article/795002 https://reurl.cc/Qbn5Go 台灣爆災情！視訊軟體Teams不能用微軟搶修中 https://news.ebc.net.tw/news/living/327642 TikTok 將美國用戶資料移至Oracle平台 https://blog.twnic.tw/2022/07/22/23665/ 國安威脅！美國民調：6成受訪者支持APP商店「下架TikTok」 https://newtalk.tw/news/view/2022-07-22/789485 Google Bringing the Android App Permissions Section Back to the Play Store https://thehackernews.com/2022/07/google-bringing-android-app-permissions.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力群創光電加入FIRST國際資安應變組織，成國內高科技製造業首例 https://www.ithome.com.tw/news/152011 上櫃生技醫療永昕生物醫藥遭遇資安事件，部分資通訊系統受影響 https://www.ithome.com.tw/news/152030 台灣虎航遭受駭客網路攻擊事件 https://reurl.cc/V1p0Yy 傳遭駭客勒索台灣虎航：已備案及啟動防禦機制 https://udn.com/news/story/7241/6481271 虎航遭駭客網路攻擊！　公司：旅客資料無外洩 https://finance.ettoday.net/news/2300208 台灣虎航遭駭客攻擊營運暫無重大影響 https://wantrich.chinatimes.com/news/20220722900716-420101 以色列衛生局遭伊朗駭客組織Altahrea Team攻擊，起因疑與軍事行動有關 https://reurl.cc/LMj5b9 針對俄羅斯頻繁對歐洲國家發動DDoS攻擊，歐盟予以譴責，並呼籲成員國要強化網路韌性 https://reurl.cc/Qbn530 俄羅斯駭客APT29濫用檔案共享服務Dropbox、Google Drive來規避偵測 https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/ 美國挫敗北韓針對醫院的勒索病毒攻擊行動 https://reurl.cc/3Yr61R 北韓駭客入侵美醫院勒索、中國洗錢者協力，FBI挫敗惡行追回近50萬美元贖金 https://reurl.cc/pMn95a 比利時指責中國從事“惡意網絡活動” https://www.voacantonese.com/a/belgium-accuse-china-of-cyber-attacks-20220720/6667227.html 比利時指中國駭客影響國安北京：沒提協查要求 https://reurl.cc/KQKd6e 比利時稱遭「中國駭客」攻擊中外交部：沒有事實依據 https://www.worldjournal.com/wj/story/121339/6475575 比利時指控駭客危害國安中國外交部跳腳：無事實依據 https://news.ltn.com.tw/news/world/breakingnews/3998550 掃蕩"內鬼"! 烏克蘭總統澤倫斯基再開除國安高官 https://news.cts.com.tw/cts/general/202207/202207202086344.html 罪行影響人命可囚終身香港法改會倡增例管5網絡罪 https://reurl.cc/kENM1K 中國國家主席習近平訪新疆三大秘密目的最兇負能量聚集 https://www.secretchina.com/news/b5/2022/07/20/1012240.html 中國甘肅省公安機關嚴打“駭客”犯罪成效顯著 http://big5.news.cn/gate/big5/gs.news.cn/news/2022-07/21/c_1128849606.htm 英軍情六處：中國超越反恐已成首要情報目標 https://news.sina.com.tw/article/20220722/42245550.html 奈及利亞網路監管機構發布草案以規範Google、Facebook、TikTok 等 https://blog.twnic.tw/2022/07/21/23677/ 美調查華為或從飛彈發射井獲取敏感信息 https://reurl.cc/ZbaZgV Google Removes "App Permissions" List from Play Store for New "Data Safety" Section https://thehackernews.com/2022/07/google-removes-app-permissions-list.html 資安工程師(內湖/南科) https://www.104.com.tw/job/7p2fq 資安管理工程師 https://www.yourator.co/companies/FargloryLife/jobs/25269 資安顧問Security Consultant https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E9%A1%A7%E5%95%8Fsecurity-consultant-at-%E6%95%B8%E8%81%AF%E8%B3%87%E5%AE%89-3174961879/?originalSubdomain=tw 資安顧問-ACSI https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E9%A1%A7%E5%95%8F-acsi-at-acer-3179841911/?originalSubdomain=tw 資安工程師-ACSI https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E5%B7%A5%E7%A8%8B%E5%B8%AB-acsi-at-acer-3179842890/?originalSubdomain=tw 資安系統工程師(高雄)-B24B https://www.104.com.tw/job/7pee7 最高薪15萬元北市青銀就博會逾7000職缺開高薪搶人才 https://udn.com/news/story/7269/6480979?from=udn-ch1_breaknews-1-cate9-news D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全從女明星被網路交友詐騙案中，學到網路交友三不政策(#16) https://vocus.cc/article/62d76b81fd89780001688454 丫頭「第一次抓到現行犯」發文怒罵：已訴諸法律 https://news.ebc.net.tw/news/entertainment/327517 遊戲業者Roblox內部資料遭到公開，起因是駭客索討贖金不成 https://reurl.cc/jGMQ7y 中國政府要求阿里巴巴高層調查10億個資外洩事故 https://reurl.cc/vW3p1a 臺灣iPhone外殼供應商可成科技的營業秘密被外洩，偵察終結14名員工遭起訴 https://reurl.cc/MN16Zn 立陶宛廣告網站遭受網路攻擊，客戶資料恐外洩 https://reurl.cc/MN16kX 「有急事找你」詐騙簡訊刪到煩死　NCC教口訣，但他一開口卻讓「小姐們」嚇到落跑 https://www.businesstoday.com.tw/article/category/183027/post/202207200065/ 雞排妹許藍方高嘉瑜都受害！網紅小玉偷臉賣A片判決出爐　119罪可易科罰金198萬 https://www.appledaily.com.tw/local/20220721/D2253A979155A92784EC5C52C6 滴滴因違法蒐集資訊及「嚴重影響國家安全的數據處理活動」被罰 80.26 億人民幣 https://chinese.engadget.com/china-fines-didi-more-than-8-billion-yuan-for-breaking-data-security-laws-071051203.html 外洩資料不只用來勒索，也成攻擊情報共享利器，多個駭客組織著手打造受害者資料搜尋資料庫 https://www.ithome.com.tw/news/152041 LinkedIn是今年第2季駭客偏好用於網釣攻擊的品牌 https://reurl.cc/rRd3rO 駭客濫用Google關鍵字廣告，謊稱受害電腦中毒來進行詐騙 https://reurl.cc/W1aAxD 虛擬竉物網站Neopets資料外洩，6,900萬用戶與原始碼遭竊 https://reurl.cc/m36RM7 駭客鎖定美國線上訂餐平臺，竊得逾5萬張金融卡資料 https://www.recordedfuture.com/amid-rising-magecart-attacks-online-ordering-platforms 網釣簡訊攻擊Roaming Mantis鎖定法國發動攻擊 https://blog.sekoia.io/ongoing-roaming-mantis-smishing-campaign-targeting-france/ 江蘇大媽「智破」詐騙電話通話4小時因一個步驟玩殘騙徒 https://www.edigest.hk/366135/?utm_campaign=ED_ContentCopy&utm_source=Web-inventory&utm_medium=Content-Copy_ED Neopets爆數據洩露事故洩6900萬會員個人資料 https://www.wepro180.com/neopets220722/ 專家：設密碼犯這6個最大錯誤駭客會偷笑 https://www.epochtimes.com/b5/22/7/22/n13786734.htm 網傳簡訊搭配連結「【宜家餘額提醒】尾號8436用戶，您累計26999分於7月30日全部清零....」 https://tfc-taiwan.org.tw/articles/7853 抖音熱衷蒐集資訊侵犯資訊安全 https://news.sina.com.tw/article/20220720/42235518.html 個資外洩！專家籲5種照片別PO社群 https://times.hinet.net/news/24034139 詐騙集團？只能靠公民素養來治 https://www.moneydj.com/kmdj/editorial/editorialviewer.aspx?a=877ce456-8756-4a9f-94b7-e5ba812e9067 Roaming Mantis 惡意軟體針對多國跨平台行動裝置用戶發動釣魚攻擊 https://www.twcert.org.tw/tw/cp-104-6314-e7d8a-1.html 上萬公民團體血淚資安事件：NGO 該從哪些小地方著手，維護個案、員工和親友安全？ https://rightplus.org/2022/07/21/security/ 陳子玄信用卡被盜刷　專員：網購卡號外洩 https://www.ctwant.com/article/196464 群益金鼎證營業員攔截百萬詐騙案 https://www.chinatimes.com/newspapers/20220722000407-260203?chdtv 簡訊「您的貨運單號是70****76，請透過以下連結查詢」 https://tfc-taiwan.org.tw/articles/7922 詐騙新招電子支付轉帳盜刷簡訊驗證勿交他人 https://www.chinatimes.com/realtimenews/20220626002165-260402?chdtv 烏克蘭廣播集團TAVR Media遭駭客攻擊，以播放澤倫斯基狀況危急的不實消息 https://times.hinet.net/news/24037987 Ukrainian Radio Stations Hacked to Broadcast Fake News About Zelenskyy's Health https://thehackernews.com/2022/07/ukrainian-radio-stations-hacked-to.html Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities https://www.mandiant.com/resources/spear-phish-ukrainian-entities E.研究報告/工具優化IT監控造就營運韌性 https://www.netadmin.com.tw/netadmin/zh-tw/market/122F9F12125F4F37BEDB367F85055586 Java 11: Eight Features You Must Know and Examples https://medium.com/@techisbeautiful/new-features-you-must-know-in-java-11-and-examples-3fda2ad26def 7 Productivity tools every DevOps Engineer needs to consider https://medium.com/@joelbelton/7-productivity-tools-every-devops-engineer-needs-to-consider-76b21e671558 Pure CSS Scrolling Indicator Effect https://medium.com/@rocchokcoco/pure-css-scrolling-indicator-effect-8a70a89bed19 Cleaner Python Code with Partials https://medium.com/@bubbapora_76246/cleaner-python-code-with-partials-fef04d347390 NodeJS 18 is HERE! 3 Features that will blow your mind https://medium.com/@Luna-Rojas/nodejs-18-is-here-3-features-that-will-blow-your-mind-7c2b86e1d13 4 Automation Projects in Python You Can Finish in a Weekend https://medium.com/geekculture/4-automation-projects-in-python-you-can-finish-in-a-weekend-edd2b389c8e5 Javascript: Overcoming tutorial hell, my story https://medium.com/@acheinue/javascript-overcoming-tutorial-hell-my-story-139b930d5df7 (EDA)Exploratory Data Analysis Project using Python https://medium.com/@lamsampathkumar0/eda-exploratory-data-analysis-project-using-python-de90cbf4e128 5 Hacking Gadgets everyone should be aware of in 2022 https://medium.com/@sudra_shyam/5-hacking-gadgets-everyone-should-be-aware-of-in-2022-96ba461b1d8c The Latest Angular 14 Features Will Change the Way You Code https://medium.com/@Luna-Rojas/the-latest-angular-14-features-will-change-the-way-you-code-460aa21d68c7 Mind the Gap – How to Ensure Your Vulnerability Detection Methods are up to Scratch https://thehackernews.com/2022/07/mind-gap-how-to-ensure-your.html Goodbye Node JS https://medium.com/@appiahyoofi/goodbye-node-js-9e2f71f5e430 The New Weak Link in SaaS Security: Devices https://thehackernews.com/2022/07/the-new-weak-link-in-saas-security.html Dealing With Alert Overload? There's a Guide For That https://thehackernews.com/2022/07/dealing-with-alert-overload-theres.html Security Experts Warn of Two Primary Client-Side Risks Associated with Data Exfiltration and Loss https://thehackernews.com/2022/07/security-experts-warn-of-two-primary.html 研究人員揭露可透過SATA排線外洩資料的手法 https://arxiv.org/pdf/2207.07413.pdf New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals https://thehackernews.com/2022/07/new-air-gap-attack-uses-sata-cable-as.html 5 Key Things We Learned from CISOs of Smaller Enterprises Survey https://thehackernews.com/2022/07/5-key-things-we-learned-from-cisos-of.html New Cache Side Channel Attack Can De-Anonymize Targeted Online Users https://thehackernews.com/2022/07/new-cache-side-channel-attack-can-de.html An Easier Way to Keep Old Python Code Healthy and Secure https://thehackernews.com/2022/07/an-easier-way-to-keep-old-python-code.html F.商業疫情受惠！全球身分識別與存取管理(IAM)市場五年內將成長62% https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9963 敦新科技成為 TeamT5 代理商，提供企業資安佈局策略 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9964 Jamf 再次被IDC MarketScape評為「Apple 設備的全球統一端點管理軟體 2022 供應商評估」領導者 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9966 Fortinet：93%的OT企業組織過去12個月曾被入侵 https://www.ctimes.com.tw/DispNews-tw.asp?O=HK67KBEEVXCSAA00NK 伊雲谷正式加入雲端安全聯盟 https://wantrich.chinatimes.com/news/20220721900201-420101 依循國際規範實踐零信任控管　QR Code掃描便於登入本土研發無密碼登入服務　支援FIDO標準數位身分 https://www.netadmin.com.tw/netadmin/zh-tw/trend/4CA202040E4F41E289488701FF7B4F60 中華資安客戶橫跨各產業 https://reurl.cc/eOvGAR 鞏固資安問題三點皆不可少 https://www.1111.com.tw/news/jobns/146650 G.政府政府機關6月遭Emotet殭屍網路攻擊增加 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9968 我國將智慧監控醫院、故宮博物院列為關鍵基礎設施 https://news.ltn.com.tw/news/politics/paper/1529049 資通安全網路月報(111年6月) https://nicst.ey.gov.tw/Page/8770AD7511CB8DC9/9f3cc52f-cc2b-4bce-9088-5181fb306f87 財團法人台灣網路資訊中心公布2022年《台灣網路報告》 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9973 資通系統籌獲各階段資安強化措施 https://nicst.ey.gov.tw/Page/7CBD7E79D558D47C/b280a801-9bad-411f-97a5-54b23b1fe462 科技部將轉型為國科會最快下週三掛牌運作 https://reurl.cc/9po69X H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems https://thehackernews.com/2022/07/hackers-distributing-password-cracking.html 駭侵者透過 Sality 惡意軟體，破解多廠牌工控設備的登入密碼 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9967 西門子修補PCB印刷電路版電路配置檢視設備的漏洞 https://reurl.cc/YX74jo Elastix網路電話系統遭到鎖定，被駭客植入Web Shell https://unit42.paloaltonetworks.com/digium-phones-web-shell/ 特斯拉安全問題亮紅燈？　駭客成功透過遙控開啟充電孔 https://cars.tvbs.com.tw/car-news/65107 萬物智聯新時代打造安全智慧工業物聯 https://reurl.cc/V1p0N5 OT網路安全部署的實用建議— 縱深防禦與零信任架構 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9972 TISAX 可信任資訊安全評鑑交換車載資安要求 http://www.asia-learning.com/course/itemlist/104273 I.教育訓練 Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj 6.近期資安活動及研討會台灣駭客年會 HITCON Summer Training 2022 2022/7/24 ~ 2022/7/26 https://hitcon.kktix.cc/events/hitcon-summer-training-2022-paid https://hitcon.kktix.cc/events/hitcon-summer-training-2022 關鍵基礎設施實作課程(含攻防演練實作) 2022/7/25 https://www.acw.org.tw/News/Detail.aspx?id=3229 中華電信學院 5G智慧生活與無人機操控及應用三天班 2022/7/25 ~ 2022/7/27 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=506 中華電信學院智慧科技新生活夏令營四天班 2022/7/26 ~ 2022/7/29 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=512 台灣網路講堂：網路治理的地緣政治：邁向「數位冷戰」或「數位合作」？ 2022/7/27 https://blog.twnic.tw/2022/07/20/23785/ 資產不洩密電商資安論壇 2022/7/27 https://www.ptt.cc/bbs/toberich/M.1657177501.A.2BB.html 中華電信學院資安實作挑戰營二天班 2022/7/27 ~ 2022/7/28 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=509 物聯網資安立法搶攻歐美供應鏈市場線上研討會 2022/7/27 (三) 14:00 ~ 15:30 https://www.onwardsecurity.com/news/item/147 「中科園區創新技術論壇-半導體、智慧製造、資安、淨零碳排、電動車領域」 2022/7/29 https://www2.nchu.edu.tw/news-detail/id/53670 COSCUP x KCD 2022 Taiwan 2022/7/30 ~ 2022/7/31 https://coscup.org/2022/zh-TW/ 關鍵基礎設施實作課程(含攻防演練實作) 2022/8/1 https://www.acw.org.tw/News/Detail.aspx?id=3229 資安管理(ISO27001)與資安保險(ISO27102)之整合應用與發展趨勢 8/4 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X20262 【資安演訓實作課程】智慧製造攻防演練課程 2022/8/5 https://www.accupass.com/event/2207130617395907703790 111年下半年資安職能訓練－【第58班次】網路架構與部署安全 2022/8/8 ~ 2022/8/10 https://cee.ksu.edu.tw/CourseInfo.aspx?id=2473 政府資訊委外安全（資安專業課程訓練） 2022/8/11 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X20275 【資安演訓實作課程】IoT資安檢測實務 2022/8/16 https://www.accupass.com/event/2207210707117495644880 資安檢測實務 2022/8/17 http://www.asia-learning.com/course/itemlist/104256 資安策略規劃（資安專業課程訓練） 2022/8/18 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X20278 HITCON PEACE 2022 台灣駭客年會 2022/8/19 ~ 2022/8/20 https://hitcon.kktix.cc/events/hitcon-peace-2022 NISRA Enlightened 2022 2022/8/22 ~ 2022/8/26 https://nisra.kktix.cc/events/2022enlightened PyCon APAC 2022 2022/9/3 ~ 2022/9/4 https://tw.pycon.org/2022/zh-hant 2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22 https://jamf.kktix.cc/events/cybersec2022jamf 關鍵基礎設施實作課程(含攻防演練實作) 2022/9/27 https://www.acw.org.tw/News/Detail.aspx?id=3229 Kubernetes Summit 2022 2022/10/18 ~ 2022/10/19 https://k8s.ithome.com.tw/ 資訊安全與人工智慧實作 2022/10/28 https://www.cisanet.org.tw/Course/Detail/2867 行動應用APP 安全檢測（APK/IPA）2022-11-18 09:00 ~ 2022-11-18 12:00 https://www.cisanet.org.tw/Course/Detail/2865