資安事件新聞週報 2022/3/7 ~ 2022/3/11

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/3/7 ~ 2022/3/11 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco 近日發布更新以解決多個產品的安全性弱點 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-JLh9TxBp Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products https://thehackernews.com/2022/03/critical-patches-issued-for-cisco.html Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart-UPS Devices https://thehackernews.com/2022/03/critical-bugs-could-let-attackers.html TP-Link無線路由器RCE漏洞的攻擊程式已遭公開，建議用戶立即進行更新 https://www.twcert.org.tw/tw/cp-104-5815-b7721-1.html 駭客透過VoIP系統漏洞放大流量發動DDoS攻擊，新手法可將流量放大近43億倍 https://www.akamai.com/blog/security/phone-home-ddos-attack-vector Amazon Echo 驚現「自駭」漏洞！駭客讓智慧音箱對自己下惡意指令 https://technews.tw/2022/03/10/novel-attack-turns-amazon-devices-against-themselves/ Critical "Access:7" Supply Chain Vulnerabilities Impact ATMs, Medical and IoT Devices https://thehackernews.com/2022/03/critical-access7-supply-chain.html Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses https://thehackernews.com/2022/03/critical-rce-bugs-found-in-pascom-cloud.html The Continuing Threat of Unpatched Security Vulnerabilities https://thehackernews.com/2022/03/the-continuing-threat-of-unpatched.html New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances https://thehackernews.com/2022/03/new-security-vulnerability-affects.html 微軟發佈3月份安全性公告 https://www.cisa.gov/uscert/ncas/current-activity/2022/03/08/microsoft-releases-march-2022-security-updates IBM QRadar SIEM and Apache log4j version 1 usage https://www.ibm.com/support/pages/node/6561889?myns=swgother&mynp=OCSSBQAC&mynp=OCSSKMKU&mync=E&cm_sp=swgother-_-OCSSBQAC-OCSSKMKU-_-E QRadar: After an upgrade the Admin tab repeatedly displays, "A new version of the event collection service is available for upgrade." https://www.ibm.com/support/pages/node/6555146?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E 2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP https://thehackernews.com/2022/03/2-new-mozilla-firefox-0-day-bugs-under.html New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container https://thehackernews.com/2022/03/new-linux-kernel-cgroups-vulnerability.html 三大廠牌處理器出現新的推測執行漏洞 https://www.bleepingcomputer.com/news/security/intel-amd-arm-warn-of-new-speculative-execution-cpu-bugs/ 近3成WordPress外掛程式存在重大漏洞，卻沒有相關修補程式可用 https://patchstack.com/whitepaper/the-state-of-wordpress-security-in-2021 McAfee(R) Safe Connect VPN - Unquoted Service Path Elevation Of Privilege https://www.exploit-db.com/exploits/50814 Webmin 1.984 - Remote Code Execution (Authenticated) https://www.exploit-db.com/exploits/50809 Malwarebytes 4.5 - Unquoted Service Path https://www.exploit-db.com/exploits/50806 Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (XSS) https://www.exploit-db.com/exploits/50797 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安財長：公股行庫全力支援受俄烏戰爭影響企業 https://turnnewsapp.com/livenews/finance/A95620002022031020155649 銀行業提防兩大新風險 https://udn.com/news/story/7338/6156147 台數位金融蓬勃發展資安人才搶手 https://www.epochtimes.com/b5/22/3/8/n13630992.htm 將來銀行備戰329開業　帳號自由選搶先預訂 https://www.cardu.com.tw/news/detail.php?45579 玉山金多元領域招募菁英 https://reurl.cc/nEb5rd 玉山金今年將徵才600人 https://money.udn.com/money/story/5613/6145078?from=edn_subcatelist_cate 元大金徵才！首招投資研究MA 接軌國際金融市場 https://udn.com/news/story/7239/6142255 迎數位金融浪潮金融業招攬多元領域人才 https://ctee.com.tw/news/finance/604989.html 中信金首創多語系人才交流！　泰國、印尼國籍諮詢踴躍 https://finance.ettoday.net/news/2202123 總經理集體出動！9大金控徵才條件一次看　百萬年薪不是夢 https://www.setn.com/News.aspx?NewsID=1080564 3.電子支付/行動支付/pay/資安行動支付盛行 LINE Pay愛心捐款逾4億元 https://www.chinatimes.com/realtimenews/20220310001962-260410?chdtv 一卡通Money、街口、悠遊付…8家電子支付！儲值、轉帳、提領手續費多少 https://www.cardu.com.tw/mpay/detail.php?38340 新版LINE Pay App怎麼用？和一卡通Money怎麼區分 https://reurl.cc/OpakQg 一卡通與LINE Bank聯手合作啟動國內首次純網銀與電支帳戶連結 https://www.chinatimes.com/realtimenews/20220311004800-260410?chdtv 全支付電支執照准了！9月1日前須開業 https://ctee.com.tw/wealth/fintech/602407.html 全家拿下電子支付執照！成全台第一間零售通路結合金融產業的電子支付 https://www.inside.com.tw/article/26820-familymart-epay 支付戰純網銀參一腳 https://udn.com/news/story/7239/6133108 一卡通Money捐款助烏克蘭轉帳免手續費 https://reurl.cc/Qjl6O0 「全支付」取得電子支付營業執照全聯PX Pay升級「全支付」電支登場 https://news.sina.com.tw/article/20220303/41309548.html Steam 俄羅斯無法使用電子支付用戶無法購買任何遊戲 https://unwire.hk/2022/03/08/russiasteam/game-channel/ PayPal擴大制裁停止在俄羅斯提供服務 https://ec.ltn.com.tw/article/breakingnews/3849713 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約資安破獲史上最高額比特幣洗錢案美國追回逾36億美元 https://www.chinatimes.com/realtimenews/20220311000013-260408?chdtv 地緣衝突和通脹高漲之下，加密貨幣的又一個牛市在醞釀 https://hk.investing.com/analysis/article-100084 BNB Chain宣布舉辦駭客馬拉松提供1000萬美元獎金和種子資金 https://news.cnyes.com/news/id/4827275 派盾：攻擊Fantasm Finance駭客使用Tornado.cash混幣1,007 ETH https://news.cnyes.com/news/id/4828605 美加速草擬加密貨幣法規、發行數位美元阻止俄國逃避經濟制裁 https://times.hinet.net/news/23795861 俄羅斯提議禁止使用和開採加密貨幣 https://blog.twnic.tw/2022/03/07/21829/ BaconProtocol遭受駭客攻擊損失100萬美元 https://news.cnyes.com/news/id/4824695 虛擬貨幣洗錢列非常高風險 https://reurl.cc/EpNZQK 全球首台NFT自動販賣機設立紐約華爾街！用信用卡即可進行交易 https://newtalk.tw/news/view/2022-03-07/719781 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 資料破壞軟體RURansom鎖定俄羅斯實體下手 https://www.trendmicro.com/en_us/research/22/c/new-ruransom-wiper-targets-russia.html 勒索軟體Ragnar Locker鎖定52個美國關鍵基礎設施實體下手 https://www.documentcloud.org/documents/21397387-ragnarlocker-ransomware-indicators-of-compromise NVIDIA外流「程式碼簽章」遭駭客利用將惡意軟體偽裝成官方驅動程式 https://www.cool3c.com/article/174071 KPMG：企業遭網攻勒索軟體最常見 https://readers.ctee.com.tw/cm/20220310/a11aa11/1173584/share Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups https://blog.talosintelligence.com/2022/03/iranian-supergroup-muddywater.html Conti Ransomware | CISA https://www.cisa.gov/uscert/ncas/alerts/aa21-265a Lazyscripter’s scripts: double compromise in a single obfuscation https://lab52.io/blog/very-very-lazy-lazyscripters-scripts-double-compromise-in-a-single-obfuscation/ Nvidia leak - abused certificate for signing malicious code and tools such as mimikatz https://twitter.com/cyb3rops/status/1499514240008437762 PROPHET SPIDER Exploits Citrix ShareFile https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/ 中國駭客APT41利用網頁應用系統的零時差漏洞，攻擊美國州政府 https://www.mandiant.com/resources/apt41-us-state-governments Chinese APT41 Hackers Broke into at Least 6 U.S. State Governments: Mandiant https://thehackernews.com/2022/03/chinese-apt41-hackers-broke-into-at.html A Summary of APT41 Targeting U.S. State Governments https://www.mandiant.com/resources/apt41-us-state-governments The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european MS Office Files Involved Again in Recent Emotet Trojan Campaign https://www.fortinet.com/blog/threat-research/ms-office-files-involved-in-emotet-trojan-campaign-pt-one Fake Purchase Order Used to Deliver Agent Tesla https://www.fortinet.com/blog/threat-research/fake-purchase-order-used-to-deliver-agent-tesla SharkBot Banking Malware Spreading via Fake Android Antivirus App on Google Play Store https://thehackernews.com/2022/03/sharkbot-banking-malware-spreading-via.html Cyberattack on the state authorities of Ukraine using the malicious program Cobalt Strike Beacon https://cert.gov.ua/article/37704 B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Both Sides in Russia-Ukraine War Heavily Using Telegram for Disinformation and Hacktivism https://thehackernews.com/2022/03/both-sides-in-russia-ukraine-war.html 路透：TikTok與甲骨文接近就美國用戶資料儲存達成協議 https://news.cnyes.com/news/id/4830218 三星證實Galaxy原始碼遭竊籲用戶啟用雙重認證 https://www.mypeoplevol.com/Article/18135 Google Play驚見4款「入侵網銀」App　有下載的快移除 https://www.ctwant.com/article/171569 SIGNAL創辦人警告用TELEGRAM存資安風險 https://www.isda.org.tw/2022/03/05/dad0487bad728eea166aab47e5e187c6/ Apple公司寫信向國會議員解釋"側載"是一種惡意軟件的危險 https://reurl.cc/GoqbGZ 掃實聯制竟有木馬病毒　資安公司警告：這款萬人下載APP有狀況 https://www.ctwant.com/article/171052 SIM卡漏洞遭SimJacker入侵！駭客發送簡訊即可監控掌握手機　10億用戶面臨威脅 https://www.bg3.co/a/simqia-lou-dong-zao-simjackerru-qin-hai-ke-fa-song-jian-xun-ji-ke-jian-kong-zhang-wo-shou-ji-10yi-yong-hu-mian-lin-wei-xie.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力隱私計算網路Oasis開啟為期8周的駭客松活動 https://news.cnyes.com/news/id/4829919?exp=a 資料中心四大關鍵技術報告節能效率／混和架構／資訊安全／人工智慧 https://wantrich.chinatimes.com/news/20220306900027-420301 科技經濟戰台灣別輸了 https://udn.com/news/story/7315/6143600 照片型社群軟體很可怕？家長免驚，安全4步驟引導孩子上網 https://isafe.moe.edu.tw/article/2524?user_type=3&topic=9 報告指近一成 IT 資安事件原因為外接儲存裝置 https://technews.tw/2022/03/10/top-attack-vectors-january-2022/ Nvidia、電子五哥遭駭客下毒手，問題不在預算不足！專家：資安不能疊床架屋 https://www.bnext.com.tw/article/68053/check-point--security-trend 駭入三星、Nvidia的駭客要利誘微軟、蘋果等公司員工協助內應 https://www.ithome.com.tw/news/149841 沒有牆的廠房資安如何保平安 https://udn.com/news/story/11726/6152404 東映動畫遭駭客惡意入侵　《數碼寶貝：幽靈遊戲》《ONE PIECE》等多部動畫皆受影響 https://www.toy-people.com/?p=69830 俄羅斯政府網站遭駭，疑似遭供應鏈攻擊 https://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack/ 若俄軍持續進攻烏克蘭政府將研擬轉移機密數據至他國 https://news.ltn.com.tw/news/world/breakingnews/3854626 資安公司：中國駭客發動攻擊　美至少6州政府受害 https://tw.appledaily.com/international/20220309/KUTTIHPR6FE7ZLSIFU3HJWVOA4/ 肆無忌憚中共駭客入侵美國6州府系統 https://www.youtube.com/watch?v=95gltBFsQOg 美多家政府機構遭駭客攻擊？陸外交部：賊喊捉賊 https://m.match.net.tw/pc/news/international/20220309/6424677 華為暗助普丁欲建監控和人臉識別系統 https://reurl.cc/Opakb9 傳共機失事／國安局為越南記者爆料背書？張競：孤證風險高 https://cnews.com.tw/174220311a01/ 沈舟：俄軍遭遇高科技對手中共傻眼 https://www.epochtimes.com/b5/22/3/10/n13635530.htm 俄羅斯入侵烏克蘭掀「史上最大網軍戰」　專家警告失控後果 https://www.setn.com/News.aspx?NewsID=1081835 匿名者駭入俄羅斯串流與電視台，播放烏克蘭戰場畫面 https://technews.tw/2022/03/07/anonymous-hack-russia-tv/ 「烏克蘭版唐鳳」31歲副總理靠手機護國號召駭客抗俄 https://udn.com/news/story/122663/6144938 逾40萬名自願者加入烏駭客團隊對俄發起網攻 https://www.merit-times.com/NewsPage.aspx?unid=758021 烏克蘭IT軍團、無人機打響現代AI戰爭 https://reurl.cc/Qjl6a9 全球善款湧向烏克蘭，外加15億鉅額加密貨幣，虛擬戰場意外開啟 https://www.gvm.com.tw/article/87718 CISA與FBI警告加強防範資料抹除攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9747 Hackers Abuse Mitel Devices to Amplify DDoS Attacks by 4 Billion Times https://thehackernews.com/2022/03/hackers-abuse-mitel-devices-to-amplify.html Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html Security Engineer (資安產品工程師) https://www.1111.com.tw/job/98688477/ 聯華電子-資安門禁安檢員(週休二日、見紅休) https://www.518.com.tw/job-GonqXX.html 資訊部-網管工程師(海外儲備幹部) https://www.104.com.tw/job/7ehcg?jobsource=jolist_c_date Product Manager(WISE-PaaS AI ,內湖瑞光路) https://tw.talent.com/view?id=668ba61756e7 資訊安全工程師(HS220310009) https://www.104.com.tw/job/7k7f6 中華資安國際行政助理 https://worknowapp.com/jobs/a34d86c8-30d8-46b9-8aa9-b92a75b2d382 網路資安工程師 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?R2=6&EMPLOYER_ID=905564&HIRE_ID=11026685 徵才訊息---資訊應用管理師 https://www.cs.nycu.edu.tw/announcements/detail/8798 資安工作5年成長1.5倍！上市櫃編制人力、資安新鮮人成搶手貨 https://www.bnext.com.tw/article/68027/information-security-fresh-crew 防駭客、會抓鬼！資安人才夯　求職網統計：平均月薪53K、職缺增1.5倍 https://tw.appledaily.com/life/20220309/HDUXHN7HE5BTFHQRHDETZUZNX4/ 精誠今年將擴大招募逾千人 https://ctee.com.tw/news/tech/605326.html 宏碁集團擴大徵才精誠資訊擬招募千人 https://newtalk.tw/news/view/2022-03-04/718819 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks https://thehackernews.com/2022/03/google-russian-hackers-target.html Ukrainian CERT Warns Citizens of Phishing Attacks Using Compromised Accounts https://thehackernews.com/2022/03/ukrainian-cert-warns-citizens-of.html Samsung Confirms Data Breach After Hackers Leak Galaxy Source Code https://thehackernews.com/2022/03/samsung-confirms-data-breach-after.html 中國駭客APT31針對美國政府相關的Gmail帳號發動網釣攻擊 https://twitter.com/ShaneHuntley/status/1501224764530069504 歐洲議會指中、俄操控訊息肯定台灣抗假訊息成果 https://news.pts.org.tw/article/571169 本土劇女星內衣露出照遭盜用！　急出面求刪：會讓人家斷章取義 https://star.ettoday.net/news/2205495?redirect=1 裸照外流抓不到駭客「只有內部人員」　謝忻曝心境：沮喪佔據生活 https://star.ettoday.net/news/2204721 NVIDIA 遭駭客最後通牒：開源GPU驅動程式，否則公佈機密資料 https://vitomag.com/tech/whohk.html Nvidia遭駭客勒索100萬美元否則出售GPU LHR算力解鎖技術 https://netmag.tw/2022/03/04/nvidia-was-blackmailed-for-1-million-or-sold-gpu-lhr-to-unlock-technology 高達 190 GB 數據外洩！駭客攻擊三星，Galaxy 原始碼也外流 https://www.inside.com.tw/article/26948-hackers-stole-samsungs-galaxy-source-code NVIDIA遭駭客入侵7萬多員工密碼遭洩露，還「順便」駭了三星釋出190GB機密資料 https://www.techbang.com/posts/94635-more-than-70000-nvidia-employee-passwords-were-leaked-the 三星電子遭駭客攻擊，未造成用戶資料外洩 https://srtechmedia.com/news/68de6502-6f91-49e8-9d2f-7ecab9038f88 千騙萬騙離不開ATM｜樹林警助民保住90萬存款 http://n.yam.com/Article/20220309995533 俄烏戰爭假消息多史丹福學者教7點辨識 https://www.worldjournal.com/wj/story/121519/6151643 俄烏及台海情勢羅致政：台灣社會需慎防假訊息 https://cnews.com.tw/%E4%BF%84%E7%83%8F%E5%8F%8A%E5%8F%B0%E6%B5%B7%E6%83%85%E5%8B%A2%E5%BA%A7%E8%AB%87%E6%9C%83-%E7%BE%85%E8%87%B4%E6%94%BF%EF%BC%9A%E5%8F%B0%E7%81%A3%E7%A4%BE%E6%9C%83%E9%9C%80%E6%85%8E%E9%98%B2%E5%81%87/ [NFT詐騙] 假MetaversePRO網站 https://blog.trendmicro.com.tw/?p=71519 虛擬投資　「詐翻」老少 https://news.housefun.com.tw/news/article/202531327350.html 遠傳friDay購物平台疑個資外洩　詐騙連分期付款都清楚 https://tw.appledaily.com/property/20220305/TJQ7DCVC2REKPNWTNGKX4B567Q/ 花式Office漏洞及社交工程激增　「信賴」須重新定義郵件資安攻擊板塊位移　物流詐騙信隨疫情增25倍 https://www.netadmin.com.tw/netadmin/zh-tw/trend/0F45CFDD9DDC40E598067616356FA51F 多組駭侵者假借金援烏克蘭為由，設立加密貨幣詐騙捐款專戶 https://www.twcert.org.tw/tw/cp-104-5813-c2793-1.html E.研究報告/工具當資安標準遇到管理 https://www.semi.org/zh/technology_and_trends/cybersecurity_standards 老舊系統不是IT問題，而是資安折舊問題 https://www.semi.org/zh/business_and_markets/cybersecurity/legacy_software 如何取回管理權　避免再次「被駭」 https://www.mnews.tw/story/20220307rep002 資安鬼故事之Reverse shell https://forum.gamer.com.tw/C.php?bsn=60030&snA=597736 能將 DDoS 封包放大 65 倍的全新攻擊手法橫空出世！任何新手都能輕鬆癱瘓目標 https://technews.tw/2022/03/06/hackers-begin-weaponizing-tcp-middlebox-reflection-for-amplified-ddos-attacks/ API Architecture - Performance Best Practices for REST APIs https://abdulrwahab.medium.com/api-architecture-performance-best-practices-for-rest-apis-1d4a5922dae1 Binary Tree Pre Order Traversal using Tail Recursion https://medium.com/@dhruvikasharma20/binary-tree-preorder-traversal-using-tail-recursion-37390dc410b9 Using Node.js for Backend Web Development in 2022 https://medium.com/geekculture/using-node-js-for-backend-web-development-in-2022-f2917c6c0a87 How I built my tech startup as a solo developer https://medium.com/dreamwod-tech/how-i-built-my-tech-startup-as-a-solo-developer-45390f460002 How I created a Trojan Malware — Ethical Hacking https://infosecwriteups.com/how-i-created-a-trojan-malware-ethical-hacking-82239a6b64c6 Becoming an SDET / QA Automation Test Engineer Road Map Step By Step in 2022 https://thetestlead.medium.com/becoming-an-sdet-qa-automation-test-engineer-road-map-step-by-step-in-2022-9f75cc03007c Android Development Trends for 2022 https://betterprogramming.pub/android-development-trends-for-2022-51734382bce1 How to Exploit Current Events for Clicks https://davidbclear.medium.com/how-to-exploit-current-events-for-clicks-bec33c246e74 6 steps to set up linux server with Nginx Docker & SSL https://towardsdev.com/6-steps-to-set-up-linux-server-with-nginx-docker-ssl-ef501860610b The Incident Response Plan - Preparing for a Rainy Day https://thehackernews.com/2021/06/the-incident-response-plan-preparing.html Understanding How Hackers Recon https://thehackernews.com/2022/03/understanding-how-hackers-recon.html Researchers Demonstrate New Side-Channel Attack on Homomorphic Encryption https://thehackernews.com/2022/03/researchers-demonstrate-new-side.html F.商業 Google Buys Cybersecurity Firm Mandiant for $5.4 Billion https://thehackernews.com/2022/03/google-buys-cybersecurity-firm-mandiant.html Google砸1530億收購 Mandiant！　添網路安全生力軍 https://finance.ettoday.net/news/2205628?from=amp_newslist FedEx、博通都愛用！Okta 如何協助企業打造「去中心化」身份管理 https://www.inside.com.tw/article/26968-odin-info 鎖定關鍵任務　搭載DFMD表現更佳 Pure推旗艦儲存　效能安全兼顧 https://www.netadmin.com.tw/netadmin/zh-tw/market/ACE23C88204E43D79F8F8B4DBECB5ED8 Check Point Software 揭密企業如何應戰複雜資安威脅情勢 https://reurl.cc/DdMgWO 迎接後疫情的資料儲存、資安商機！Synology擴充20%人力：從台灣出發打世界盃 https://www.bnext.com.tw/article/68049/synology-2022 合勤投控以駭客為師，將資安轉化成企業競爭優勢 https://times.hinet.net/news/23792807 聯達資訊成為中華資安國際「SecuTex」台灣代理商 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9752 中租迪和實現安全的數位轉型之旅，資安防護網扮演幕後功臣 https://news.sina.com.tw/article/20220309/41348572.html F5 Distributed Cloud Services 強化數位世界保護 https://reurl.cc/EpNZoR Fortinet發布新世代防火牆FortiGate 3000F，助企業建立混合式資安架構 https://www.techbang.com/posts/94587-fortinet-announces-next-gen-firewall-fortigate-3000f G.政府港務公司依循資安法擴大推動資安提供更安全航運服務 https://reurl.cc/g0bW97 資策會與奧勒岡台灣工商會簽訂MOU 加強國際產業技術趨勢交流合作 https://news.sina.com.tw/article/20220310/41355874.html 烏俄戰爭顯示政府強化資安防護網的重要　台南政風處舉專業研習會 https://www.ettoday.net/news/20220311/2206049.htm 台美簽署69.9億軍購合約新型野戰資訊通信系統2024運交台灣 https://news.ltn.com.tw/news/politics/breakingnews/3856089 衛服部將推資療資安聯防機制擬納入醫院評鑑制度中 https://ibmi.taiwan-healthcare.org/zh//email.php?REFDOCID=0qexf0ecg3k504oi 調查局動員百人偵辦陸企違法挖角人才案 https://reurl.cc/Y95jXD TWCERT/CC 2022年2月資安電子報 https://epaper.twcert.org.tw/2022_02/ 唐鳳接任數位發展部召集人！掌管電信、資安，新設部門是什麼一次看懂 https://today.line.me/tw/v2/article/GgOM6rZ 中山大學「國際金融研究學院」揭牌陳其邁偕同蔡總統啟動儀式 https://news.sina.com.tw/article/20220304/41319932.html H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Bureau Veritas取得IECEE認可IEC 62443標準資安檢測實驗室資格 https://reurl.cc/bkbXME 捷而思透析車聯網資安為當務之急需要提前部署 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=35&id=0000630299_EFG1ILK1LX1AY88B4NST9 瀚錸科技代理Remote.It為工控設備提供安全遠程連線管理服務 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&cat=60&id=0000630256_3YR1NR2E62MCAM5RU8J0E I.教育訓練中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班：全面招生中 https://www.cs.nycu.edu.tw/announcements/detail/8778 2022「證券期貨資訊安全實務養成課程」即日起開始報名 https://www.sfi.org.tw/news/news-7/3589 網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works) https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html 【資安管理國際證照懶人包】學習心得、考試要點一次整理！2022 轉職夢幻工作看這篇 https://buzzorange.com/techorange/2021/12/30/isaca/ CISSP考試心得 – Benson https://reurl.cc/GbWvxd CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 110年新進人員「校園資訊安全講座」教材 https://cc.nccu.edu.tw/p/406-1001-740,r18.php 【訓練教材D】資訊安全技術教育訓練教材 https://iscb.nchu.edu.tw/2019/07/d.html 109資通安全管理法數位教育訓練 https://reurl.cc/ARlmqp 110-1初級資訊安全工程師-資訊安全管理概論 https://yamol.tw/exam.php?id=104050 中大信息工程學系栽培資訊科技領導人才 https://reurl.cc/ARZKDK 伊雲谷、中山大學產學合作累積雲端資安人才能量 https://ctee.com.tw/industrynews/technology/587459.html SANS Cyber Aces Online Tutorials https://tutorials.cyberaces.org/tutorials.html Free Online Cybersecurity Courses (MOOCs) https://www.cyberdegrees.org/resources/free-online-courses/ Develop Your Cybersecurity Skills https://www.cybrary.it/catalog/cybersecurity/ Mobile App Security https://www.cybrary.it/course/mobile-app-security/ Introduction to Cybersecurity https://reurl.cc/bnaj6d How to Tackle SaaS Security Misconfigurations https://thehackernews.com/2021/11/how-to-tackle-saas-security.html How to Build a Security Awareness Training Program that Yields Measurable Results https://thehackernews.com/2021/11/how-to-build-security-awareness.html Common Attacks https://choson.lifenet.com.tw/?p=1174 6.近期資安活動及研討會 2022嘉藥反毒與資安機器人競賽 2022/3/12 https://reurl.cc/9OO7kj Scala Taiwan #39 - 用Scala寫基因體醫學 2022/3/15 https://www.meetup.com/Scala-Taiwan-Meetup/events/284242666/ Flutter Festival Taipei 2022/3/16 https://www.meetup.com/Flutter-Taipei/events/283785315/ 【Drupal台北小聚】預防網路駭客攻擊，如何選擇一個安全又穩定的網站CMS系統 2022/03/18 https://www.accupass.com/event/2203041031371662916900 國家高速網路與計算中心教育訓練「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/3/18 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3972&from_course_list_url=homepage OSCP 高階滲透測試精進班 2022-02-12~2022-03-20 https://college.itri.org.tw/course/all-events/35FC13F1-05A3-44CF-85B1-2D01B6F92632.html 資安新知科技研習課程-「資安鑑識課程-系列Ⅰ初級課程：LINE 社交平台資安機制：雲端 LINE Chatting 機器人系統」2022/3/25 https://docs.google.com/forms/d/1pjgu56Qqxuo9-eQTndqLzK2oZuzAWnv3v78VvuipDwA/viewform?edit_requested=true 中部場-公部門如何揪出潛伏資安威脅研討會（限政府機關報名）2022/4/13 https://www.cisanet.org.tw/Course/Detail/2783 南部場-公部門如何揪出潛伏資安威脅研討會（限政府機關報名） 2022/4/21 https://www.cisanet.org.tw/Course/Detail/2784 國家高速網路與計算中心教育訓練「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=homepage 風險導向資安稽核 2022/7/20 https://www.cisanet.org.tw/Course/Detail/2756