資安事件新聞週報 2022/6/27 ~ 2022/7/1

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/6/27 ~ 2022/7/1 1.重大弱點漏洞/後門/Exploit/Zero Day Zimbra網頁郵件伺服器的UnRAR元件漏洞恐被駭客用於攻擊 https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/ New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers https://thehackernews.com/2022/06/new-unrar-vulnerability-could-let.html New 'FabricScape' Bug in Microsoft Azure Service Fabric Impacts Linux Workloads https://thehackernews.com/2022/06/new-fabricscape-bug-in-microsoft-azure.html 美國警告駭客利用PwnKit漏洞發動攻擊，要求聯邦機構限期修補 https://www.cisa.gov/uscert/ncas/current-activity/2022/06/27/cisa-adds-eight-known-exploited-vulnerabilities-catalog CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild https://thehackernews.com/2022/06/cisa-warns-of-active-exploitation-of.html 研究人員揭露OpenSSL的漏洞，恐導致記憶體損壞 https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/ OpenSSL to Release Security Patch for Remote Memory Corruption Vulnerability https://thehackernews.com/2022/06/openssh-to-release-security-patch-for.html Citrix 發布 Hypervisor 的安全更新 https://support.citrix.com/article/CTX460064/citrix-hypervisor-security-update 甲骨文花了6個月修補Fusion Middleware的重大漏洞 https://peterjson.medium.com/miracle-one-vulnerability-to-rule-them-all-c3aed9edeea2 Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950) (2022.06.24) https://www.ibm.com/support/pages/node/6598419?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E 微軟Edge瀏覽器的WebView2應用程式可被用於繞過MFA https://mrd0x.com/attacking-with-webview2-applications/ 微軟Azure Service Fabric漏洞可導致駭客接管叢集 https://www.ithome.com.tw/news/151683 FabricScape容器逃逸漏洞恐讓攻擊者能讓駭客挾持Azure Service Fabric管理的Linux叢集 https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/ 網路安全業務異軍突起，微軟修復漏洞的速度卻變慢了 https://news.knowing.asia/news/1a07674b-3283-424f-868c-7e3db02b035f Mozilla發布Firefox 102，修補19個漏洞，並新增去除URL追蹤參數的功能 https://www.ithome.com.tw/news/151662 Google修補Chrome懸吊標記漏洞 https://portswigger.net/daily-swig/chromium-browsers-vulnerable-to-dangling-markup-injection Brocade軟體漏洞恐波及儲存區域網路解決方案 https://www.securityweek.com/brocade-vulnerabilities-could-impact-storage-solutions-several-major-companies 美國針對25種最嚴重的漏洞提出警告 https://www.cisa.gov/uscert/ncas/current-activity/2022/06/28/2022-cwe-top-25-most-dangerous-software-weaknesses 美國資安主管機關指出 36 種顯著漏洞正遭大規模濫用於攻擊，建議用戶應立即修補 https://blog.twnic.tw/2022/06/28/23513/ 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安期交所網站遭假冒騙開戶　投資人委託下單需找期貨商 https://tw.appledaily.com/property/20220701/F7703F294663117D01894A6ADB 美西銀行的實體ATM遭駭客安裝側錄裝置 https://www.ithome.com.tw/news/151653 金融資安思維應轉守為攻 https://reurl.cc/9G86y8 股市 App 斷網各說各話，中華電、台灣大發聲明互槓 https://technews.tw/2022/06/30/cht-taiwan-mobile/ 券商下單異常中華電、台固有話要說 https://www.chinatimes.com/realtimenews/20220629005653-260410?chdtv 防網路交易逃漏稅財部：明年起銀行提報高頻交易帳戶 http://www.ksnews.com.tw/index.php/news/contents_page/0001623134 數位金融競爭趨白熱化純網銀推高回饋搶客 https://udn.com/news/story/7239/6430358 3.電子支付/行動支付/pay/資安奧丁丁集團攜手道瓊全球風險資料庫落實國際合法合規標準 https://news.sina.com.tw/article/20220701/42129692.html 「新不總意味著好！」為什麼其他國家已經開始行動支付，德國民眾才剛習慣刷卡消費 https://crossing.cw.com.tw/article/16420 疫情推升無接觸需求街口支付新增連結台銀帳戶 https://reurl.cc/LmGa23 NewTaiPAY新北行動支付五股市場首試辦商家折抵消費享多元優惠 https://reurl.cc/QLQY2Z 紙鈔在手「咖實在」信用卡、行動支付難取代 https://reurl.cc/OAWY6D 一次搞懂各種數位支付概念，別再將「行動支付、電子支付、第三方支付」混為一談 https://www.thenewslens.com/article/167954 數位支付里程碑網家首推先買後付 https://reurl.cc/YvzYml 串接 BNPL、無卡分期、行動支付服務！「Pi 拍錢包｜慢點付」亮相 https://n.yam.com/Article/20220627876308 南韓廢除硬幣、瑞典無現金社會！法人：全球加速邁向「Pay 經濟」 https://finance.technews.tw/2022/06/14/cashless/ 聯卡中心分期交易支援行動支付 https://wantrich.chinatimes.com/news/20220622900148-420501 韓國監管機構已對該國電子支付企業加密貨幣持有情況進行全面調查 https://news.cnyes.com/news/id/4883516 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約資安 Does CBD Actually Do Anything https://noradz.medium.com/does-cbd-actually-do-anything-efb9288f96bd Why the crypto wallet will soon be a thing of the past https://danajwright.medium.com/why-the-crypto-wallet-will-soon-be-a-thing-of-the-past-4c4167dc214a Cryptocurrency Is in a Death Spiral. What the Hell Is Going On https://entrepreneurshandbook.co/cryptocurrency-is-in-a-death-spiral-what-the-hell-is-going-on-7c3a5c5f399e 駭客受託破解上億「比特錢包」辛苦打開後結局卻意想不到 https://udn.com/news/story/122837/6420217 跨鏈橋又被駭客攻破了，損失 1 億美元 https://news.sina.com.tw/article/20220628/42106838.html Horizon跨鏈橋攻擊者地址剛剛轉移18036枚ETH https://news.cnyes.com/news/id/4902079?exp=a Nickydooodles.eth遭駭客攻擊，17枚ETH和Doodles等NFT藏品被竊 https://news.cnyes.com/news/id/4902768 「匿名者」表示對LUNA幣崩盤管定了，指控創始人權道亨在崩盤前竊取數十億美元 https://www.techbang.com/posts/97489-anonymous-denounced-the-luna-founders-accusing-them-of 比特幣、以太幣慘摔，曝露三大脆弱　加密貨幣還有未來 https://www.cw.com.tw/article/5121748 央行揭秘NFT 2／作品碎片化衝擊金融秩序　只有28.5%買家會獲利 https://www.ctwant.com/article/191689 區塊鏈瘋潮下的陷阱　NFT詐騙大破解 https://www.mirrormedia.mg/premium/20220622fin001 暴富傳說vs.新鮮韭菜　入圈NFT全攻略 https://www.mirrormedia.mg/premium/20220622fin002 Axie Infinity側鏈Ronin經歷駭客事件後，官方跨鏈橋今恢復存提 https://abmedia.io/20220628-axie-infinity-ronin-reopen 新型態虛擬貨幣詐欺案崛起　DeFi虛擬幣銀行詐騙一年超過3千億臺幣 https://www.cmmedia.com.tw/home/articles/34737 加密貨幣崩跌！北韓竟是潛在受害者　恐影響軍武研發 https://news.tvbs.com.tw/world/1833070 核武資金沒了？加密貨幣崩跌燒進北韓 https://ctee.com.tw/news/global/668929.html 網攻養核武朝鮮是30億元加密貨幣竊案元凶 https://www.secretchina.com/news/b5/2022/07/01/1010530.html PeckShield：2022年上半年駭客利用DeFi相關漏洞竊取的資金達18.8億美元 https://news.cnyes.com/news/id/4905454 安全團隊：元宇宙項目Quint近日遭駭客攻擊，損失13萬美元 https://news.cnyes.com/news/id/4905536 「加密貨幣女王」詐騙破千億 FBI列十大通緝要犯 https://reurl.cc/o1GVnD 央行首度展示數位新台幣實驗成果 3原則續推下階段進程 https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000638837_BHN7GWYV4A63RW6REY6IK 去中心化區塊鏈，正面臨「中心化」危機 https://technews.tw/2022/06/30/blockchain-decentralize-or-not/ CBDC 央行祭五大政策 https://ctee.com.tw/news/finance/669206.html 我國推「數位新台幣」　央行總裁曝2年內、3工程是關鍵 https://finance.ettoday.net/news/2283154 楊金龍：推動CBDC要完成三大工程 https://ctee.com.tw/news/exchange/668894.html FBI參與調查Harmony跨鏈橋駭客攻擊事件 https://news.cnyes.com/news/id/4901527 Polygon安全研究員：駭客或通過入侵Horizon bridge熱錢包服務器完成多簽程序 https://amp-news.cnyes.com/news/id/4900956 不是互相替代！楊金龍：央行數位貨幣與電子支付是「互補」關係 https://www.inside.com.tw/article/28149-taiwan-cbdc-e-payment 加速金融數位化央行計畫推出「數位新台幣」 https://reurl.cc/q5eGXy 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 資安研究人員警告應小心夾帶惡意Word檔案之PDF檔 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9934 豐田旗下的TB Kawashima疑遭勒索軟體LockBit攻擊 https://www.bleepingcomputer.com/news/security/automotive-fabric-supplier-tb-kawashima-announces-cyberattack/ 勒索軟體LockBit寄送網站圖片著作權宣告信進行釣魚攻擊 https://asec.ahnlab.com/en/35822/ 勒索軟體LockBit推出3.0版，駭客也興起漏洞懸賞專案 https://twitter.com/vxunderground/status/1541156954214727685 2021年有67起美國各級學校的勒索軟體攻擊，有954所受害 https://www.comparitech.com/blog/information-security/school-ransomware-attacks/ 勒索軟體Conti關閉公布受害者資料的網站 https://www.bleepingcomputer.com/news/security/conti-ransomware-finally-shuts-down-data-leak-negotiation-sites/ 勒索軟體Vice Society聲稱攻陷了奧地利醫學院 https://www.bleepingcomputer.com/news/security/vice-society-claims-ransomware-attack-on-med-university-of-innsbruck/ 北京稱美「酸狐狸」木馬攻擊全世界這2編號專門針對中國、俄羅斯 https://times.hinet.net/news/23994776 安卓銀行木馬Revive疑似透過攔截簡訊來繞過雙因素驗證 https://www.cleafy.com/cleafy-labs/revive-from-spyware-to-android-banking-trojan 北韓駭客Lazarus利用Quantum惡意軟體發動攻擊 https://blog.cyble.com/2022/06/22/quantum-software-lnk-file-based-builders-growing-in-popularity/ 大型連鎖超市Walmart傳出遭到勒索軟體Yanluowang攻擊，但該公司予以否認 https://www.bleepingcomputer.com/news/security/walmart-denies-being-hit-by-yanluowang-ransomware-attack/ 駭客利用Word檔案投放勒索軟體AstraLocker 2.0 https://blog.reversinglabs.com/blog/smash-and-grab-astralocker-2-pushes-ransomware-direct-from-office-docs 竊密軟體XFiles加入利用Follina漏洞的能力 https://www.bleepingcomputer.com/news/security/xfiles-info-stealing-malware-adds-support-for-follina-delivery/ 大型出版業者Macmillan疑遭勒索軟體攻擊，被迫關閉系統 https://www.bleepingcomputer.com/news/security/macmillan-shuts-down-systems-after-likely-ransomware-attack/ 加拿大NetWalker勒索軟體駭客在美國法庭認罪 https://news.cnyes.com/news/id/4904330 VMware 的 Log4Shell 漏洞,造成資料外洩與勒索病毒感染 https://blog.trendmicro.com.tw/?p=73097 南韓政府提供Hive勒索軟體解密金鑰 https://times.hinet.net/news/23999430 最容易被勒索病毒盯上的四種目標 https://blog.trendmicro.com.tw/?p=71482 針對學校發動的勒索軟體攻擊呈現下滑趨勢 https://www.ithome.com.tw/news/151623 惡意軟體的七大惡意行為 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9935 未授權軟體可能藏有惡意程式碼! 合規授權有利提升企業生產力 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9937 勒索軟件贖金迫近百萬美元　每三至四個鐘新增一名受害者 https://www.pcmarket.com.hk/ransomware-ransom-approaching-millions-of-dollars/ 中國駭客集團以勒索軟體攻擊來掩飾間諜行動 https://times.hinet.net/news/23987564 英國14歲駭客製造計算機病毒，使全球數百家金融機構崩潰 https://www.jasve.com/zh-tw/guoji/f6dba445d5f205e963bacc77e939fad9.html Revive: from spyware to android banking trojan https://www.cleafy.com/cleafy-labs/revive-from-spyware-to-android-banking-trojan YTStealer Malware: “YouTube Cookies!” https://www.intezer.com/blog/research/ytstealer-malware-youtube-cookies/ https://github.com/intezer/community-intellignce/blob/master/YTStealer_hashes.txt New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators https://thehackernews.com/2022/06/new-ytstealer-malware-aims-to-hijack.html OPERATION DARKCASINO: IN-DEPTH ANALYSIS OF RECENT ATTACKS BY APT GROUP EVILNUM http://blog.nsfocus.net/darkcasino-apt-evilnum/ Ransomware: MedusaLocker https://www.cisa.gov/uscert/ncas/alerts/aa22-181a Bahamut Android Malware returns with New Spying Capabilities https://blog.cyble.com/2022/06/29/bahamut-android-malware-returns-with-new-spying-capabilities Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit https://otx.alienvault.com/pulse/62bdd2563351c47da5562b26 PennyWise Stealer: An Evasive Infostealer leveraging YouTube to infect users https://blog.cyble.com/2022/06/30/infostealer/ Flubot: the evolution of a notorious Android Banking Malware https://blog.fox-it.com/2022/06/29/flubot-the-evolution-of-a-notorious-android-banking-malware/ The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact https://securelist.com/the-sessionmanager-iis-backdoor/106868/ Malicious IPv4/domain/URL intrusion domain request 21 & 22, web-attack and redirection 63 https://otx.alienvault.com/pulse/62bd9228385a8e4b0a353f42 木馬程式ZuoRAT鎖定SOHO族的家用路由器 https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/ ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/ Smash-and-grab: AstraLocker 2.0 pushes ransomware direct from Office docs https://blog.reversinglabs.com/blog/smash-and-grab-astralocker-2-pushes-ransomware-direct-from-office-docs GlowSand https://inquest.net/blog/2022/06/27/glowsand Raccoon Stealer v2 - Part 1: The return of the dead https://blog.sekoia.io/raccoon-stealer-v2-part-1-the-return-of-the-dead/ Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bumblebee-loader-cybercrime New Info-stealer Disguised as Crack Being Distributed https://asec.ahnlab.com/en/35981/ 駭客鎖定全球政府與NGO，攻擊Exchange Server並植入後門 https://www.kaspersky.com/about/press-releases/2022_kaspersky-discovers-poorly-detected-backdoor-targeting-governments-and-ngos-around-the-globe 駭客組織利用後門程式ShadowPad與Exchange漏洞攻擊大樓管理系統 https://usa.kaspersky.com/about/press-releases/2022_apt-uses-shadowpad-backdoor-and-ms-exchange-vulnerability-to-attack-building-automation-systems Attacks on industrial control systems using ShadowPad https://ics-cert.kaspersky.com/publications/reports/2022/06/27/attacks-on-industrial-control-systems-using-shadowpad/ APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor https://thehackernews.com/2022/06/apt-hackers-targeting-industrial.html Evilnum APT returns with updated TTPs and New Targets https://www.zscaler.com/blogs/security-research/return-evilnum-apt-updated-ttps-and-new-targets BRONZE STARLIGHT Ransomware Operations Use HUI Loader https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader Cyberattack against Ukrainian telecommunications operators using DarkCrystal RAT malware https://cert.gov.ua/article/405538 Ex-Canadian Government Employee Pleads Guilty Over NetWalker Ransomware Attacks https://thehackernews.com/2022/06/ex-canadian-government-employee-pleads.html New Android Banking Trojan 'Revive' Targeting Users of Spanish Financial Services https://thehackernews.com/2022/06/new-android-banking-trojan-revive.html Cybersecurity Experts Warn of Emerging Threat of "Black Basta" Ransomware https://thehackernews.com/2022/06/cybersecurity-experts-warn-of-emerging.html Researchers Warn of 'Matanbuchus' Malware Campaign Dropping Cobalt Strike Beacons https://thehackernews.com/2022/06/researchers-warn-of-matanbuchus-malware.html Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack https://thehackernews.com/2022/06/hackers-exploit-mitel-voip-zero-day-bug.html Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware https://thehackernews.com/2022/06/google-says-isps-helped-attackers.html 惡意Python套件竊取用戶的AWS帳密 https://blog.sonatype.com/python-packages-upload-your-aws-keys-env-vars-secrets-to-web Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys https://thehackernews.com/2022/06/multiple-backdoored-python-libraries.html State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks https://thehackernews.com/2022/06/state-backed-hackers-using-ransomware.html? B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 U.S. FCC Commissioner Asks Apple and Google to Remove TikTok from App Stores https://thehackernews.com/2022/06/us-fcc-commissioner-asks-apple-and.html Overview of Top Mobile Security Threats in 2022 https://thehackernews.com/2022/06/overview-of-top-mobile-security-threats.html 給安卓粉的趣味驚喜！Android 13 內建「隱藏版」彩蛋被外媒搶先曝光 https://3c.ltn.com.tw/news/49864 騰訊坦承用於登入即時通訊軟體QQ的QR Code遭駭 https://www.theregister.com/2022/06/28/tencent_qq_qr_code_attack/ 女子手機下載應用程式 2戶頭2小時被盜 https://reurl.cc/Kbgdg9 駭侵者使用惡意聊天機器人，竊取用戶的 Facebook 粉絲專頁登入資訊 https://www.twcert.org.tw/tw/cp-104-6254-f31da-1.html 詐騙簡訊盜帳戶！刑事局點2款APP、工具「防詐神器」 https://reurl.cc/RrMY8g C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力如何判斷 Steam 帳戶是否遭到駭客入侵？已經被入侵了該怎麼辦？要怎麼預防帳號被盜 https://www.kocpc.com.tw/archives/447411 逾9萬個K8s實體曝露在網際網路，恐成為駭客下手的目標 https://blog.cyble.com/2022/06/27/exposed-kubernetes-clusters/ 全新 HCC 安全運營中心盛大開幕模擬抗擊駭客入侵，一流設施培訓網絡安全人才 https://scdaily.com/post/39656 黎巴嫩駭客Polonium濫用OneDrive服務，遭微軟封鎖 https://reurl.cc/VDVY05 駭客組織8220利用Atlassian Confluence漏洞進行挖礦攻擊 https://twitter.com/MsftSecIntel/status/1542281805549764608 駭客組織Evilnum鎖定從事移民業務的組織 https://www.zscaler.com/blogs/security-research/return-evilnum-apt-updated-ttps-and-new-targets AMD遭到駭客攻擊，RansomHouse勒索組織聲稱竊取了450gb的數據 https://www.xfastest.com/thread-263730-1-1.html 駭客宣稱取得450 GB的AMD資料，AMD展開調查 https://www.ithome.com.tw/news/151664 駭客組織RansomHouse宣稱從AMD竊得450 GB內部資料 https://restoreprivacy.com/ransomhouse-group-amd-advanced-micro-devices/ 安全團隊：Voltz Labs的Discord服務器遭駭客入侵並發布釣魚鏈接 https://news.cnyes.com/news/id/4903612 伊朗鋼鐵公司遭到網路攻擊被迫停止生產 https://www.securityweek.com/cyberattack-forces-iran-steel-company-halt-production 烏克蘭自開戰以來遭到近800次網路攻擊 https://cip.gov.ua/en/news/chotiri-misyaci-viini-statistika-kiberatak 挪威遭到網路攻擊，疑親俄羅斯駭客所為 https://www.cnbc.com/2022/06/30/cyberattack-hits-norway-pro-russian-hacker-group-suspected.html 美國針對網路安全事故推出311專線 https://www.cisa.gov/news/2022/06/22/readout-cisas-third-cybersecurity-advisory-committee-meeting 美國NIST發布新版macOS資安指引 https://www.securityweek.com/nist-releases-new-macos-security-guidance-organizations 美資安公司：親中網絡鎖定西方採礦公司 https://today.line.me/tw/v2/article/mWrNp6Z 俄國黑客曾非法入侵電子裝置　多國聯手瓦解 https://reurl.cc/k1AMpn 間諜軟體成了以色列的外交利器 https://www.upmedia.mg/news_info.php?Type=2&SerialNo=148008 報復加里寧格勒被封鎖俄駭客對立陶宛發動網攻 http://www.ksnews.com.tw/index.php/news/contents_page/0001622775 中國製產品恐成駭客跳板? 網路駭客攻擊力道持續強化政府資安遭攻擊竟高達696件委外廠商恐也成為攻擊目標 https://www.youtube.com/watch?v=jzFoQbVHyDk 中國駭客鎖定北美、澳洲稀土金屬業者，發起Dragonbridge攻擊行動 https://www.mandiant.com/resources/dragonbridge-targets-rare-earths-mining-companies 中國要與黑客帝國說不，講再見 https://reurl.cc/55nDnM 中國大陸發布首個原創電腦系統「開放麒麟」　央視：國外系統有資安隱患 https://www.ettoday.net/news/20220630/2283829.htm 2018年中國駭客對美國攻擊行為之觀察 https://indsr.org.tw/respublicationcon?uid=12&resid=689&pid=2041 中國大學生被吸收成為間諜　渾然不知日後可能衝擊 https://www.taisounds.com/Global/Top-News/China/uid5739535259 英媒：陸誘大學畢業生從事網路諜報不告知工作性質 https://udn.com/news/story/7331/6427858?from=udn-ch1_breaknews-1-0-news 中國「假帳號」好囂張！偽裝在地人煽動反美加稀土礦場 https://news.ltn.com.tw/news/world/breakingnews/3976426 二十大臨近中國嚴控網路：要求業者嚴格檢查使用者真實身份、學術平台「知網」再遭網安審查 https://www.thenewslens.com/article/168937 中國國防部：美國是名副其實的駭客帝國、竊聽帝國、竊密帝國 http://big5.news.cn/gate/big5/www.news.cn/politics/2022-06/30/c_1128793509.htm 美國對國家級駭客因應與其意涵 https://indsr.org.tw/focus?typeid=16&uid=11&pid=47 平戰結合的以色列網路作戰部隊 https://indsr.org.tw/respublicationcon?uid=13&resid=13&pid=1524&typeid=3 朝鮮駭客組織Lazarus Group可能是對Harmony Bridge攻擊的幕後黑手 https://news.cnyes.com/news/id/4904416 Harmony將駭客賞金提升至1000萬美元，並聯合執法部門進行全球追查 https://news.cnyes.com/news/id/4904502 North Korean Hackers Suspected to be Behind $100M Horizon Bridge Hack https://thehackernews.com/2022/06/north-korean-hackers-suspected-to-be.html 資訊安全治理工程師 https://www.104.com.tw/job/7okxa 裕隆集團關係企業-資安管理工程師-依學經歷核敘 https://www.104.com.tw/job/7okf1?jobsource=jolist_b_date 資安人才(PM、Preslaes) https://hunter.104.com.tw/en/job/DE02005713 抗通膨！台灣大起薪調漲7%召人才　年薪達18個月 https://finance.ettoday.net/news/2284197 非主管職平均年薪161.2萬　元大金啟動萬人海選徵才計畫 https://www.appledaily.com.tw/property/20220630/AA1CAA2F9AD206488199614F5D 資安工程師 https://reurl.cc/ZAx4nM 資安工程師/資深工程師（APP安全方向） https://www.cakeresume.com/companies/1111-corp-73206122-prevo-1-c4/jobs/35e620 工程資訊部．資安主管 https://www.104.com.tw/job/7odt4 中華電招考延長至7/5　穩定薪優求職首選 https://www.1111.com.tw/news/jobns/146278 資安分析師/資安主管 https://www.104.com.tw/job/7o70a 資訊處-資安暨網通服務組系統工程師 https://www.104.com.tw/job/7oigt D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 What Are Shadow IDs, and How Are They Crucial in 2022 https://thehackernews.com/2022/06/what-are-shadow-ids-and-how-are-they.html Italy Data Protection Authority Warns Websites Against Use of Google Analytics https://thehackernews.com/2022/06/italy-data-protection-authority-warns.html 交友軟體找肥羊！雇辣妹談「類戀愛」　詐團海削純情男近億元 https://tw.appledaily.com/local/20220701/D8650F944B7A735BDB5D3D8D30 日本承包商員工隨意將尼崎市46萬民眾個資存放在隨身碟，隨身碟遺失才東窗事發 https://reurl.cc/LmGaDL 詐騙集團新手法：網購芒果被騙個資綁卡盜刷19萬，金管會提醒留意「1元試刷簡訊」 https://www.thenewslens.com/article/168983 假芒果賣家騙OTP碼被害人2hr遭盜刷19萬 https://reurl.cc/3oVKK0 「刷卡1元」簡訊要當心！網購盜刷新手法出現…連刷8筆才被發現…如何判定是綁卡還是真消費 https://www.businesstoday.com.tw/article/category/183027/post/202206290007/ NFT市集OpenSea的服務供應商員工濫用權限，該市集用戶的電子郵件信箱外洩 https://opensea.io/blog/safety-security/important-update-on-email-vendor-security-incident/ Opensea用戶的電子郵件外洩了，小心網釣攻擊 https://times.hinet.net/news/23998764 小學生自學程式長大卻盜賣個資 https://reurl.cc/8om6E7 5億攝像頭和DNA資料庫中共監視你 https://www.ntdtv.com.tw/b5/20220625/video/333022.html 假郵局詐個資!瑞士籍烘焙師拍片教你阻詐 https://www.youtube.com/watch?v=StTu-3z0-ew 【謠言風向球】小心「有毒」的食安假訊息 https://tfc-taiwan.org.tw/articles/7752 遭駭！蘭城晶英訂房資料被盜民眾揪詐騙破綻 https://reurl.cc/0pNKd9 E.研究報告/工具 ASCII碼編造句化為雜訊圖　影像重疊偽裝解碼取出訊息視覺安全結合偽裝機制　重要密文無懼攔截放心傳送 https://www.netadmin.com.tw/netadmin/zh-tw/technology/82503A28CBB84F2E808BCC2ACAD6F7F7 "BT"下載模式改變?涉違法? 專家分析風險 https://reurl.cc/3oVK49 7 Productivity tools every DevOps Engineer needs to consider https://medium.com/@joelbelton/7-productivity-tools-every-devops-engineer-needs-to-consider-76b21e671558 Top 6 PHP Framework to use in 2022 | Optymize https://medium.com/@saniaansar2000/top-6-php-framework-to-use-in-2022-optymize-fd8b93af3dda Dear developers, thank you for Github Copilot. Also, you’re fired. https://medium.com/data-driven-fiction/dear-developers-thank-you-for-github-copilot-also-youre-fired-c73b65e3565f Things to avoid while writing Java https://medium.com/@b.stoilov/things-to-avoid-while-writing-java-cd078e5aa61c Multi-factor Authentication In-The-Wild bypass methods https://medium.com/proferosec-osm/multi-factor-authentication-in-the-wild-bypass-methods-689f53f0b62b How to access the Dark Web https://medium.com/@StarDust770/how-to-access-the-dark-web-straightforward-guide-37415cc5b299 Mistakes I made when I started Nodejs + MongoDb https://medium.com/@shriharimohan/%EF%B8%8F-mistakes-i-made-when-i-started-nodejs-mongodb-350e73c24b3a Follina — a Microsoft Office code execution vulnerability https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e What is Shadow IT and why is it so risky https://thehackernews.com/2022/06/what-is-shadow-it-and-why-is-it-so-risky.html 最擔心資料暴露！更完善的資安防護帶動企業 5G 專網部署 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9930 F.商業從Tenable 收購 Bit Discovery 看外部攻擊面管理與可視性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9929 資安弱點管理領導品牌 Tenable，成功收購對外部攻擊面管理領導品牌 Bit Discovery https://www.owlting.com/news/articles/118722 不必通過 VPN 伺服器！NordVPN推出 Meshnet新功能 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9923 奧義智慧攜手戴夫寇爾推出創新資安服務 https://ctee.com.tw/industrynews/technology/668234.html CloudFlare 大當機，Mlytics 『融合 CDN』助國內知名電商 2 分鐘迅速恢復營運 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9933 Google Hangouts將於今年11月正式關閉 https://times.hinet.net/news/23992403 衡崴科技正式代理TeamT5 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9936 邊緣交換器融合 NDR　區網就地升級資安防禦 QNAP 主動防禦快篩設備　即時阻止勒索病毒橫向擴散 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/9D08B931E5A84B9B9FC5A1159FF32EAF 以色列SOSA協助7家臺灣新創，拓展美國市場商機 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=908ac366-166c-4d1e-a13f-6e967460247c 金山軟件著重私有化部署，擅於賦能第三方系統、開創無限應用價值 https://www.ithome.com.tw/pr/151344 精誠攻企業即時通訊協作市場 https://reurl.cc/k1AnXK 資安紅藍隊聯手挖掘AD駭攻途徑 https://today.line.me/tw/v2/article/ZaZGxRX 最強勒索軟件防衛術 Veeam聯乘NetApp安全備份方案 https://www.pcmarket.com.hk/microware_veeam_netapp/ G.政府數位發展部令人期待　四大面向待解決 https://forum.ettoday.net/news/2282429?redirect=1 期待數發部建立沙盒文化 https://money.udn.com/money/story/5629/6419649?from=edn_subcatelist_cate 政院專案檢視36個關鍵基礎設施》吳澤成：防操作疏失將常態巡檢 https://news.ltn.com.tw/news/politics/paper/1525175 資安攻擊公務機關去年通報696件 https://news.ltn.com.tw/news/politics/paper/1525521 金管會人事異動張子敏調任證期局副局長 https://ec.ltn.com.tw/article/breakingnews/3973695 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Critical Security Flaws Identified in CODESYS ICS Automation Software https://thehackernews.com/2022/06/critical-security-flaws-identified-in.html 「萬物相連皆安全」的身份認證資安，確實把關企業大門 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9928 保衛OT營運安全　睿控網安奪SC Awards兩大獎 https://digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000638659_NMT77TJY4KRXCWLECGPVJ Upstream Security：隨車聯網普及資安威脅逐漸顯現 https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000638445_W2Q31JAX55BR8G41ZLEDQ 以色列新創Claroty談工控製造業應提升資安韌性 https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000638790_FQF8DN1V8BEEDG1EBX2V3 工控資安認證守護產線利器 https://money.udn.com/money/story/122331/6427869?from=edn_off_index 工業4.0打開OT破口資安風險更甚以往 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=10&id=0000638875_34L7VKYM8KGFT745TKG5S 應對5G閘道器儲存中的安全挑戰 https://reurl.cc/ZAx41g Upstream Security：隨車聯網普及資安威脅逐漸顯現 https://digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=220&id=0000638445_w2q31jax55br8g41zledq 實踐工業4.0虛實融合願景 AI、IoT缺一不可 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=16&id=0000638650_5S85C70Q6H72IJL3KRSIV 捷而思提出「萬物相連皆安全」的身份認證資安 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000638433_FV151YUW2IGIFH43EP2DP I.教育訓練 CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 6.近期資安活動及研討會線上資安專題講座-疫後數位轉型資安防護隨行 2022/7/2 https://isipevent.kktix.cc/events/e58d0573-copy-2 Just a chat - with no Expectations 2022/7/2 https://www.meetup.com/taipei-暗号通貨-cryptocurrency-meetup/events/286522303/ 資訊安全管理(週日班) 2022/7/3 ~ 2022/8/28 https://mymcu.mcu.edu.tw/zh-hant/product/e022205151 沙崙資安基地7月份線上免費資安課程多的是你不知道的事(Part I ) 2022/7/7（四）13:30-16:30 https://bit.ly/3n6WB3A 工控資安環境認知課程 2022/7/5 https://www.acw.org.tw/News/Detail.aspx?id=3228 Android Code Club(Taipei) 2022/7/6 https://www.meetup.com/taiwan-android-developer-study-group/events/286606809/ 創科資訊②⓪②②軟體開發實戰訓練營➠線上實習說明會 2022/7/6 https://trunk-studio.kktix.cc/events/monosparta-code-camp-2022-9 元宇宙商機背後的黑洞 - 資安 x 隱私 x 虛擬犯罪 2022/7/7 https://www.accupass.com/event/2206020944257097239240 中華電信學院 CCNA 網通資安實戰營(線上) 十三天班 2022/7/8 ~ 2022/8/3 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=515 關鍵基礎設施實作課程(含攻防演練實作) 2022/7/11 https://www.acw.org.tw/News/Detail.aspx?id=3229 工控資安環境認知課程 2022/7/12 https://www.acw.org.tw/News/Detail.aspx?id=3228 JMUG - Jamf 資安召集令 (IDC 2022 No1.) 2022/7/14 https://jamf.kktix.cc/events/jmug2022july 中華電信學院委外廠商安全程式碼撰寫基礎測驗班 111年度第3梯次 2022/7/15 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=486 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=487 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=488 中華電信學院創客智慧應用研習營-自走車動手玩一天班 2022/7/19 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=510 中華電信學院 5G企業專網技術與應用實務班 2022/7/19 ~ 2022/7/20 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=504 中華電信學院創客智慧應用研習營-3D列印與雷射雕刻初體驗一天班 2022/7/20 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=511 中華電信學院 Python人工智慧科學營四天班 2022/7/19 ~ 2022/7/22 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=507 風險導向資安稽核 2022/7/20 https://www.cisanet.org.tw/Course/Detail/2756 沙崙資安基地7月份線上免費資安課程多的是你不知道的事(Part II) 2022/7/21（四）13:30-16:30 https://bit.ly/3HIQdZQ 中華電信學院數位金融團隊共識營(線上) 二天班 2022/7/21 ~ 2022/7/22 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=508 台灣駭客年會 HITCON Summer Training 2022 2022/7/24 ~ 2022/7/26 https://hitcon.kktix.cc/events/hitcon-summer-training-2022-paid https://hitcon.kktix.cc/events/hitcon-summer-training-2022 關鍵基礎設施實作課程(含攻防演練實作) 2022/7/25 https://www.acw.org.tw/News/Detail.aspx?id=3229 中華電信學院智慧科技新生活夏令營四天班 2022/7/26 ~ 2022/7/29 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=512 中華電信學院 5G智慧生活與無人機操控及應用三天班 2022/7/25 ~ 2022/7/27 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=506 中華電信學院資安實作挑戰營二天班 2022/7/27 ~ 2022/7/28 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=509 物聯網資安立法搶攻歐美供應鏈市場線上研討會 2022/7/27 (三) 14:00 ~ 15:30 https://www.onwardsecurity.com/news/item/147 關鍵基礎設施實作課程(含攻防演練實作) 2022/8/1 https://www.acw.org.tw/News/Detail.aspx?id=3229 HITCON PEACE 2022 台灣駭客年會 2022/8/19 ~ 2022/8/20 https://hitcon.kktix.cc/events/hitcon-peace-2022 2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22 https://jamf.kktix.cc/events/cybersec2022jamf 關鍵基礎設施實作課程(含攻防演練實作) 2022/9/27 https://www.acw.org.tw/News/Detail.aspx?id=3229 行動應用APP 安全檢測（APK/IPA）2022-11-18 09:00 ~ 2022-11-18 12:00 https://www.cisanet.org.tw/Course/Detail/2865