tags: 資安事件新聞週報

資安事件新聞週報 2022/8/1 ~ 2022/8/5

1.重大弱點漏洞/後門/Exploit/Zero Day
VMware 發布多項安全更新
https://www.vmware.com/security/advisories/VMSA-2022-0021.html

VMware Releases Patches for Several New Flaws Affecting Multiple Products
https://thehackernews.com/2022/08/vmware-releases-patches-for-several-new.html

VMware多項產品存在身分驗證繞過漏洞，恐被攻擊者用來取得管理員權限
https://reurl.cc/YXjXgO

思科修補小型企業VPN路由器重大漏洞
https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-remote-code-execution-bug-in-vpn-routers/

Cisco Business Routers Found Vulnerable to Critical Remote Hacking Flaws
https://thehackernews.com/2022/08/cisco-business-routers-found-vulnerable.html

29款居易路由器存在重大漏洞，攻擊者可用來接管設備
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html

Critical RCE Bug Could Let Hackers Remotely Take Over DrayTek Vigor Routers
https://thehackernews.com/2022/08/critical-rce-bug-could-let-hackers.html

Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage
https://thehackernews.com/2022/08/hackers-exploited-atlassian-confluence.html

New 'ParseThru' Parameter Smuggling Vulnerability Affects Golang-based Applications
https://thehackernews.com/2022/08/new-parsethru-parameter-smuggling.html

CISA警告Confluence漏洞已被駭客鎖定利用
https://www.cisa.gov/uscert/ncas/current-activity/2022/07/29/cisa-adds-one-known-exploited-vulnerability-catalog

CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks
https://thehackernews.com/2022/07/cisa-warns-of-atlassian-confluence-hard.html

Claroty警告 FileWave MDM 漏洞可能影響多個組織
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9980

Google Cloud中的XSS漏洞，可能導致Google Play帳戶遭劫持
https://reurl.cc/yMeM2l

Emergency Alert System Flaws Could Let Attackers Transmit Fake Messages
https://thehackernews.com/2022/08/emergency-alert-system-flaws-could-let.html

美國緊急警報系統存在重大漏洞，恐被攻擊者用於在電視與廣播傳送假警報
https://content.govdelivery.com/accounts/USDHSFEMA/bulletins/3263326

WordPress外掛程式Download Manager存在任意檔案刪除漏洞，波及10萬個網站
https://www.wordfence.com/blog/2022/08/high-severity-vulnerability-patched-in-download-manager-plugin

沛盛資訊 OMICARD EDM行銷發送系統 - SQL Injection
https://www.twcert.org.tw/tw/cp-132-6372-f61bc-1.html

WPS Office出現OLE物件處理漏洞，PPS、PPSX簡報檔案恐被用於攻擊
https://tw.wpsoffice.com/article/571

Google修補安卓重大漏洞CVE-2022-20345，若不修補有可能讓攻擊者透過藍牙發動RCE攻擊
https://source.android.com/security/bulletin/2022-08-01

Google發布Chrome 104，共修補27個漏洞
https://www.securityweek.com/google-paid-out-90000-vulnerabilities-patched-chrome-104

研究人員揭露Go語言的ParseThru漏洞，恐波及此程式語言開發的應用程式
https://www.oxeye.io/blog/golang-parameter-smuggling-attack

GitHub持續交付與整合服務存在漏洞，恐被用於取得GitHub儲存庫存取權限
https://medium.com/tinder/exploiting-github-actions-on-open-source-projects-5d93936d189f

Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
https://www.exploit-db.com/exploits/50998

2.銀行/金融/保險/證券/支付系統/金融監理 新聞及資安
Robin Banks向駭客出售網釣工具包，鎖定美、英、澳銀行用戶
https://www.ironnet.com/blog/robin-banks-a-new-phishing-as-a-service-platform

裴洛西訪台拉高兩岸緊張 金融業獲情資要加強資安監控
https://udn.com/news/story/7239/6511106

金融業近一年重大資安事件全都露 保險業掛零表現最優
https://udn.com/news/story/7239/6495984

公銀擴編資安部門 民銀強化對內資安防護
https://ec.ltn.com.tw/article/paper/1531804

3.電子支付/行動支付/pay/資安
行動支付服務業者Wiseasy遭駭，14萬付款用戶資料外洩
https://techcrunch.com/2022/08/01/wiseasy-android-payment-passwords/

員工密碼外洩！全球約 14 萬台信用卡支付終端遭駭客入侵
https://technews.tw/2022/08/04/hackers-stole-passwords-for-accessing-140000-payment-terminals/

數位支付公司管理後台遭駭客入侵，平台方資安觀念薄弱恐陷危機
https://www.bnext.com.tw/article/71007/wiseasy-hacked

詐騙新招 電子支付轉帳騙錢民眾3招自保
https://udn.com/news/story/7320/6489111

電子支付應用普及 一卡通籲慎防詐騙
https://reurl.cc/MNkXzn

儲值卡先記名免風險　掛失3小時餘額返還
https://www.cardu.com.tw/news/detail.php?46778

4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約 資安
跨鏈協定Nomad遭入侵，1.9億美元加密貨幣慘遭清空
https://web3isgoinggreat.com/?id=nomad-bridge-exploit

Solana 錢包被盜事故：Slope 洩漏私鑰成「攻擊破口」
https://blockcast.it/2022/08/04/solana-wallet-provider-slope-identified-as-the-source-of-a-hack/

加密貨幣Solana生態系逾500萬美金資產遭清空！疑Slope錢包「助記詞」洩漏
https://www.bnext.com.tw/article/71056/solana-slope-hack-safety

區塊鏈平臺Solana遭到攻擊，近8千個錢包遇害
https://www.bleepingcomputer.com/news/security/thousands-of-solana-wallets-drained-in-attack-using-unknown-exploit/

本周被駭客攻擊的加密項目Nomad和Slope曾獲Circle投資
https://news.cnyes.com/news/id/4926498

Chainalysis：跨鏈橋漏洞已成為DeFi最大安全風險
https://www.ithome.com.tw/news/152325

Connext：用戶未直接受到Nomad駭客攻擊影響
https://news.cnyes.com/news/id/4924697

ZB熱錢包或遭駭客攻擊，拋售Token後獲利2224 ETH，約合368萬美元
https://news.cnyes.com/news/id/4925357

報告：今年以來跨鏈橋駭客事件被盜資金總額達20億美元
https://news.cnyes.com/news/id/4925677

Defi、NFT投資者必學工具》瀏覽器擴充 Revoke — 撤銷可疑合約授權、釣魚網站警示
https://www.blocktempo.com/revoke-cash-launches-browser-plugin/

駭客攻擊?無法出金? ASJ Forex Global疑似捲款潛逃
https://www.fx110.com.tw/special/9169

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
德國半導體製造商Semikron遭LV勒索軟體攻擊
https://reurl.cc/Qb6bMo

歐洲大型能源業者Encevo遭到勒索軟體BlackCat攻擊
https://www.darkreading.com/risk/european-energy-supplier-encevo-breached-in-attack

澳洲男子開發間諜軟體Imminent Monitor提供給家暴者
https://www.afp.gov.au/news-media/media-releases/afp-charges-man-creating-global-spyware-tool

駭客組織Evil Corp疑似利用惡意軟體Raspberry Robin發動攻擊
https://reurl.cc/V151k6

駭客利用臉書廣告「推廣」於Google Play市集上架的惡意軟體
https://reurl.cc/kELE2x

出現鎖定竊取Discord Token與金融資料的惡意NPM套件
https://securelist.com/lofylife-malicious-npm-packages/107014/

歐洲ENISA發布勒索軟體研究報告，分析過去一年623起事件外洩136TB資料，並指出這只是冰山一角
https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-ransomware-attacks

近期最常見的勒索軟體為BlackHat與Lockbit 2.0
https://reurl.cc/MNkNqn

趨勢科技揭露惡意droppers攻擊活動DawDropper散布金融木馬
https://reurl.cc/oQxQll

非駭客那麼簡單！資安專家：企業潛藏木馬程式　應該嚴罰
https://www.nownews.com/news/5893394

十大知名勒索病毒
https://blog.trendmicro.com.tw/?p=72601

殭屍網路RapperBot鎖定Linux主機而來，透過暴力破解入侵受害電腦
https://www.fortinet.com/blog/threat-research/rapperbot-malware-discovery

阿拉伯聯合大公國零售業者Spinneys證實7月中旬遭勒索軟體攻擊，客戶資料外洩
https://securereading.com/uae-spinneys-customer-data-leak/

駭客複製逾3.5萬個GitHub儲存庫，意圖散布惡意軟體
https://reurl.cc/RXbOOx

俄羅斯航空公司遭到Woody RAT惡意軟體攻擊
https://blog.malwarebytes.com/threat-intelligence/2022/08/woody-rat-a-new-feature-rich-malware-spotted-in-the-wild/

勒索軟體SolidBit鎖定電玩玩家與社群網站用戶而來
https://www.trendmicro.com/en_us/research/22/h/solidbit-ransomware-enters-the-raas-scene-and-takes-aim-at-gamer.html

駭客以提供加密貨幣錢包軟體的名義散布惡意軟體Mars Stealer
https://blog.cyble.com/2022/08/02/fake-atomic-wallet-website-distributing-mars-stealer/

輕鬆規避 Gmail 密碼與雙因素認證，北韓惡意軟體能看光你所有信件
https://technews.tw/2022/08/05/malware-bypasses-gmail-passwords-and-2fa-to-read-all-your-emails/

Likely Iranian Threat Actor Conducts Politically Motivated
Disruptive Activity Against Albanian Government Organizations
https://reurl.cc/5p2pEn

So RapperBot, What Ya Bruting For
https://www.fortinet.com/blog/threat-research/rapperbot-malware-discovery

The DGA family Orchard continues to change
https://blog.netlab.360.com/orchard-dga/

Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware
https://unit42.paloaltonetworks.com/bumblebee-malware-projector-libra/

Fake Atomic Wallet Website Distributing Mars Stealer
https://blog.cyble.com/2022/08/02/fake-atomic-wallet-website-distributing-mars-stealer/

Woody RAT: A new feature-rich malware spotted in the wild
https://reurl.cc/pMxM4b

Large-Scale AiTM Attack targeting enterprise users of Microsoft email services
https://reurl.cc/W1X17y
https://github.com/threatlabz/iocs/blob/main/aitm_phishing/iocs.txt

Comprehensive Threat Intelligence: Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html

SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant
https://reurl.cc/MNkNV4

Raccoon Stealer v2: The Latest Generation of the Raccoon Family
https://www.zscaler.com/blogs/security-research/raccoon-stealer-v2-latest-generation-raccoon-family
https://pastebin.com/RD0HRVw3

Stealthy Nation-State BPFDoor
https://reurl.cc/3Y5YWM

Threat analysis: Follina exploit fuels 'live-off-the-land' attacks
https://blog.reversinglabs.com/blog/threat-analysis-follina-exploit-powers-live-off-the-land-attacks

Analysis of Malicious Android Software Spread by Sidewinder (APT-Q-39) Using Google Play
https://ti.qianxin.com/blog/articles/analysis-of-malware-android-software-spread-by-sidewinder-using-google-play/

New HiddenAds malware affects 1M+ users and hides on the Google Play Store
https://reurl.cc/kELE2x

New Woody RAT Malware Being Used to Target Russian Organizations
https://thehackernews.com/2022/08/new-woody-rat-malware-being-used-to.html

VirusTotal Reveals Most Impersonated Software in Malware Attacks
https://thehackernews.com/2022/08/virustotal-reveals-most-impersonated.html

What is ransomware and how can you defend your business from it
https://thehackernews.com/2022/08/what-is-ransomware-how-to-defend-your.html

勒索軟體LockBit透過微軟防毒軟體側載Cobalt Strike
https://reurl.cc/eOmORR

LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload
https://thehackernews.com/2022/08/lockbit-ransomware-abuses-windows.html

Australian Hacker Charged with Creating, Selling Spyware to Cyber Criminals
https://thehackernews.com/2022/07/australian-hacker-charged-with-creating.html

Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers
https://thehackernews.com/2022/07/gootkit-loader-resurfaces-with-updated.html

北韓駭客Kimsuky利用惡意瀏覽器擴充套件，讀取受害者的Gmail、AOL電子郵件信箱
https://reurl.cc/xQEQyE

North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts
https://thehackernews.com/2022/07/north-korean-hackers-using-malicious.html

Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware
https://thehackernews.com/2022/07/over-dozen-android-apps-on-google-play.html

A Growing Number of Malware Attacks Leveraging Dark Utilities 'C2-as-a-Service'
https://thehackernews.com/2022/08/a-growing-number-of-malware-attacks.html

B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys
https://thehackernews.com/2022/08/researchers-discover-nearly-3200-mobile.html

3,200款行動裝置App恐洩露推特的API金鑰
https://reurl.cc/Qb6br0

因應手機送修安全，三星將推「維修模式」安全性功能
https://www.ithome.com.tw/news/152220

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
台積電推動「營業秘密註冊制度同學會」，鼓勵中小企業及早建立，金融、旅遊、餐飲也應採用
https://www.appledaily.com.tw/property/20220801/FEF6E86970F847E3941970388B

資安風波 醫療產業損失慘重
https://www.1111.com.tw/news/jobns/146867

大規模微軟電子郵件信箱服務攻擊再度鎖定企業而來
https://reurl.cc/kELqlL

駭客從哪攻？「系統更新、維修」最易「駭」
https://news.ebc.net.tw/news/world/330690

駭客發動攻擊的C2中繼站也可以用租的！研究人員揭露Dark Utilities中繼站租賃服務
https://blog.talosintelligence.com/2022/08/dark-utilities.html

20220803 台灣各個單位遭駭狀況整理
https://g0v.hackmd.io/@billy3321/HyQnxODp5

資安專家：中網路攻擊能力提升　美各單位都可能被駭
https://www.mnews.tw/story/20220804iot18001

7-11櫃臺後方數位看板的內容遭置換，刑事局調查指出是遭駭客入侵
https://www.ithome.com.tw/news/152269

今日上午7-11櫃臺後方數位看板螢幕紛紛關閉，小七表示廠商受不明來源干擾播放訊息
https://www.ithome.com.tw/news/152269

超商、台鐵被駭！中國軟體藏危機　資安專家：易成攻擊跳板
https://www.setn.com/News.aspx?NewsID=1156861

裴洛西訪台引發資訊戰！超商、台鐵看板驚見「老巫婆竄訪台灣」字眼　警方初判駭客入侵偵辦中
https://www.fountmedia.io/article/159456

第一批砲彈在網路發射！從俄烏戰爭借鏡，台灣如何對抗無形資訊戰
https://www.bnext.com.tw/article/71053/cloud-big-tech-ukraine

小駭客洪水式攻擊 正規網軍還未上陣
https://reurl.cc/NRZGbx

台灣多處網站遭駭　駭客組織APT27「自稱是主謀」40秒影片曝光
https://www.ettoday.net/news/20220805/2309902.htm

駭客聲稱對台發動特別網路行動 高調自稱APT 27
https://ec.ltn.com.tw/article/breakingnews/4014114

針對中國駭客鎖定UEFI韌體的惡意攻擊行動，華碩提出進一步說明
https://www.ithome.com.tw/news/152121#CosmicStrand

中國駭客開發新的攻擊框架Manjusaka
https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html

美國法院系統的重大網路安全漏洞曝光
https://www.ithome.com.tw/news/152218

德國工商協會DIHK疑遭大規模網路攻擊，被迫關閉所有IT系統、郵件伺服器、電話
https://www.bleepingcomputer.com/news/security/german-chambers-of-industry-and-commerce-hit-by-massive-cyberattack/

烏克蘭破獲俄羅斯在基輔架設的機器人農場
https://ssu.gov.ua/en/novyny/sbu-likviduvala-milionnu-botofermu-yaka-rozkhytuvala-obstanovku-v-ukraini-na-zamovlennia-odniiei-z-politsyl-video

Researchers Warns of Large-Scale AiTM Attacks Targeting Enterprise Users
https://thehackernews.com/2022/08/researchers-warns-of-large-scale-aitm.html

Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers
https://thehackernews.com/2022/07/microsoft-links-raspberry-robin-usb.html

紅隊研究暨研發工程師
https://www.104.com.tw/job/7kn54

【網管/資安 儲備人員】( 無經驗可) 1110706
https://www.104.com.tw/job/7orve

111年度法務部調查局(資安工作站)高級資安分析師2名、資安分析師7名甄選公告
https://www.osa.nchu.edu.tw/osa/cdc/sys/modules/tadnews/pda.php?op=news&nsn=8291

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
歐洲導彈製造商MBDA證實資料外洩
https://reurl.cc/Qb6bMo

有駭客聲稱入侵歐洲導彈製造商MBDA並竊取60 GB機敏資料
https://securityaffairs.co/wordpress/133881/data-breach/mbda-alleged-data-breach.html

遠通電收警告當心冒名釣魚簡訊後，再呼籲慎防假冒eTag通知的釣魚郵件
https://reurl.cc/LM7MRx

Stop Putting Your Accounts At Risk, and Start Using a Password Manager
https://thehackernews.com/2022/07/stop-putting-your-accounts-at-risk-and.html

駭客架設1.1萬個投資詐騙網站，針對歐洲用戶而來
https://blog.group-ib.com/investment-scams-europe

資安業者披露鎖定歐洲用戶的上萬個投資詐騙網站
https://www.ithome.com.tw/news/152226

新型態的網路釣魚
https://blog.twnic.tw/2022/08/03/23726/

麥迪安調查報告：72個假新聞網站以11種語言為中國宣傳
https://www.worldjournal.com/wj/story/121468/6513817

網路流傳解放軍擊落我國戰機的消息，遭國防部駁斥
https://news.ttv.com.tw/news/11108040001500W

臉書將以 AI 蒐集未成年個資，嚴格審查謊報年齡註冊問題
https://www.inside.com.tw/article/24333-facebook-and-instagram-update-policy-in-order-to-protect-teen-safety

NIST、CISA改良身分與存取管理指南，已接近完成階段
https://www.nextgov.com/cybersecurity/2022/08/nist-cisa-finalizing-guidance-identity-and-access-management-post-solarwinds/375279/

E.研究報告/工具
攻擊面管理：2022年何以成主流
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9983

混合雲架構應重新考慮舊式防火牆 vs 軟體式網路區隔
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9985

LINE X Intertrust 資安高峰會：你聽過白箱加密、FIDO 認證嗎？圖靈獎得主親臨做科普
https://www.inside.com.tw/article/9342-line-and-intertrust-security-summit

Three Common Mistakes That May Sabotage Your Security Training
https://thehackernews.com/2022/08/three-common-mistakes-that-may-sabotage.html

Top 10 most rated OSINT Tools on Github
https://medium.com/@CyberGuyknows/top-10-most-rated-osint-tools-on-github-ec77995b8604

What is OSINT? Part 1
https://mvaibhavm09.medium.com/what-is-osint-part-1-ae53c72c2d98

How to Become an OSINT Master: Tips, Tricks, and Tools — Part 2
https://mvaibhavm09.medium.com/how-to-become-an-osint-master-tips-tricks-and-tools-part-2-f8e89c2bddfd

Don’t use Apply in Python, there are better alternatives!
https://towardsdatascience.com/dont-use-apply-in-python-there-are-better-alternatives-dc6364968f44

Extensions used by Hackers
https://medium.com/@iabhipathak/extensions-used-by-hackers-bfdcfa793af2

CI/CD pipeline for React Native apps
https://medium.com/@paramsingh_66174/ci-cd-pipeline-for-react-native-apps-98246237e29d

My top 10 Linux commands for debugging server issue
https://needablackcoffee.medium.com/my-top-10-linux-commands-for-debugging-server-issue-d8b179249779

I'm Building a Self-Destructing USB Drive.
https://machinehum.medium.com/im-building-a-self-destructing-usb-drive-e423b8b7c9f

Resolving Availability vs. Security, a Constant Conflict in IT
https://thehackernews.com/2022/08/resolving-availability-vs-security.html

Who Has Control: The SaaS App Admin Paradox
https://thehackernews.com/2022/08/who-has-control-saas-app-admin-paradox.html

F.商業
IBM發表2022年企業資料外洩成本報告，6成企業在資料外洩後以提高產品價格來轉嫁損失
https://reurl.cc/ERZRxa

為強化智慧合約的開發安全，臺灣區塊鏈新創Xrex開源相關資安工具
https://reurl.cc/MNkNpm

卡巴斯基揭露2022第二季APT攻擊趨勢報告
https://securelist.com/apt-trends-report-q2-2022/106995/

中華資安國際 搶進智慧城市及物聯網資安市場
https://udn.com/news/story/7240/6509499?from=udn-ch1_breaknews-1-cate6-news

Cymetrics評鑑 台灣線上教育平台業者資安曝險
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=140&id=0000641347_AZ44GW1E3IGO0B86DJ4V3

英國同意NortonLifeLock併購Avast
https://www.gov.uk/government/news/cma-provisionally-clears-nortonlifelock-avast-merger

G.政府
總統府網站遭DDoS攻擊，疑與美國眾議院議長裴洛西訪臺有關
https://reurl.cc/KQrQGe

總統府官網「遭陸癱瘓」 資安專家估:民間攻擊
https://www.youtube.com/watch?v=4ngzjBgMX5Q

臺鐵新左營車站電子看板疑遭駭客入侵，出現簡體中文恐嚇訊息
https://reurl.cc/GEbE1D

新左營站螢幕牆遭駭 NCC調查：使用中國軟體
https://www.epochtimes.com/b5/22/8/3/n13794535.htm

裴洛西訪台資安攻擊頻傳 唐鳳：單日攻擊流量為過去23倍
https://reurl.cc/YXjXZo

從總統府、小7到台鐵都被駭！裴洛西訪台掀起資安戰，已被掌握漏洞
https://www.bnext.com.tw/article/71033/cyber-attack-pelosi-ddos

裴洛西訪台頻傳駭客攻擊，NCC：資安事件 1 小時內通報
https://technews.tw/2022/08/03/pelosi-hacker-attack-ncc/

國防部官網遭駭！綠委：台灣要好 資安要顧好
https://newtalk.tw/news/view/2022-08-04/796082

境外網攻 政院資安處24小時巡檢部會官網加強防護
https://www.rti.org.tw/news/view/id/2140560

台灣每天被境外網攻3000萬次！ 總統府官網一度停擺　什麼是DDoS攻擊？ 為何資安就是國安
https://www.businesstoday.com.tw/article/category/183027/post/202208030051/

誰是資安專責機構
http://hi-on.org/article-single.php?At=58&An=199126

國防部：國軍資安防護管理中心持續加強監控　維護整體資訊安全
https://www.ydn.com.tw/news/newsInsidePage?chapterID=1523094&type=highlight

因應近日政經情勢 政院：公私協力共同合作 防止外力不當侵擾 確保政府及社會運作如常
https://www.ey.gov.tw/Page/9277F759E41CCD91/7b9ee9dd-0283-4800-91ef-2781b2ba0e27

境外勢力網攻流量暴增23倍　行政院證實：鎖定總統府、國防部、外交部
https://www.ettoday.net/news/20220804/2308959.htm

行政院政務委員唐鳳表示，8月3日攻擊流量逾15 TB、最高流量為過往的23倍
https://news.ttv.com.tw/news/11108030005000W

共軍軍演前夕官網遭駭　國防部：加強資安聯防維護安全
https://www.nownews.com/news/5893154

因應中國威脅 蘇貞昌召開因應會議、提5指示
https://news.pts.org.tw/article/593443

軍演＋制裁 府院總動員備戰
https://ctee.com.tw/news/policy/691045.html

國防部：網站遭受阻斷服務攻擊　加強監控進行資安聯防
https://mna.gpwb.gov.tw/news/detail/?UserKey=8926400f-3a39-4703-981b-2419878b32d9

政院證實總統府、國防部、外交部遭網攻　羅秉成：未發生資安危害
https://www.ftvnews.com.tw/news/detail/2022804W0156

政院證實總統府、外交部與國防部遭資安攻擊 各部會網站24小時戒備
https://news.ltn.com.tw/news/politics/breakingnews/4014241

官網遭攻擊癱瘓　外交部：IP來自中國、俄羅斯
https://www.wealth.com.tw/articles/e07b544d-d24f-4918-9b3e-805845fb165d

國防部官網3日遭駭 服務中斷已恢復正常
https://ctee.com.tw/news/china/691203.html

國防部、外交部網站8月5日凌晨再度癱瘓
https://www.ettoday.net/news/20220805/2309470.htm

「老巫婆竄訪台灣」攻陷南投竹山看板　疑用大陸軟體引駭客
https://www.setn.com/News.aspx?NewsID=1156044

桃園機場網站疑遭到網路攻擊陸續出現服務中斷的情形
https://money.udn.com/money/story/10511/6511538

桃機疑遭駭　桃機公司：官網恢復內網及APP正常
https://www.setn.com/News.aspx?NewsID=1156525

畫面一片白！桃機官網遭駭客密集攻擊　緊急增新防護系統防禦
https://www.ettoday.net/news/20220804/2308824.htm

避免駭客攻擊 高雄小港機場部分時段關閉電子看板
https://taronews.tw/2022/08/04/851259/

驚！台電3日資安攻擊高達490萬次 超越6、7月總和
https://ec.ltn.com.tw/article/breakingnews/4014438

無煙硝戰爭已開打，行政院展開24小時網路海巡
https://www.cmmedia.com.tw/home/articles/35374

裴洛西訪台，總統府官網流量大爆衝！DDoS 可「事先預防」，台灣資安何時才能真正升級
https://buzzorange.com/techorange/2022/08/04/ddos-tw/

台灣國防部官網遭攻擊經流量清洗及阻擋後已恢復連線
https://www.quamnet.com/post/6G7k7PlpL9dIcATue8Wax

中國發動資安作戰？總統府.國防部網站遭攻擊
https://globalnewstv.com.tw/202208/190620/

高雄市環保局飲用水網站被置換五星旗
https://www.appledaily.com.tw/local/20220805/7E2B03436F2DFA70229602A114

又是駭客攻擊？監理系統全台大當機半小時　公路總局調查出爐
https://www.ettoday.net/news/20220804/2309076.htm

唐鳳任數位發展部首位部長，將面臨哪些挑戰
https://www.bnext.com.tw/article/70303/digital-dv

唐鳳出任數位發展部部長！不兼任政委　缺額待定
https://www.wealth.com.tw/articles/d1782036-c1ed-4767-80ac-63daabf2ea4b

政府網站屢遭駭，唐鳳照升官？行政院：機密未被竊不影響運作
https://www.storm.mg/article/4458853

數位發展部27日掛牌 資安防護能量有望擴增
https://www.cna.com.tw/news/aipl/202208050329.aspx

憂資安！數發部恐換湯不換藥？政院：留才培養是重中之重
https://www.nownews.com/news/5895122

全台網路資安攻擊事件頻傳，TWNIC 調查：IP 來源美中皆有
https://technews.tw/2022/08/05/twnic-security/

臺灣網路資訊中心指出8月2日至3日的攻擊流量占整體75%
https://blog.twnic.tw/2022/08/04/24037/

內政部證實 網站上午曾遭境外IP阻斷式服務攻擊
https://www.rti.org.tw/news/view/id/2140735

警政系統當機排除攻擊 徐國勇：責成警政署強化資安
https://www.chinatimes.com/realtimenews/20220805003169-260407?chdtv

警察相關勤務系統於8月4日晚間無法使用，疑為網路連線設備故障造成
https://www.npa.gov.tw/ch/app/news/view?module=headnews&id=2136&serno=0f76d9d9-c017-427d-be86-defbff5058a9

排除大陸攻台資訊戰！全國警政系統大當機 警政署急追：無個資外洩疑慮
https://reurl.cc/oQxZ7q

8月4日上午司法院法學資料檢索系統停擺，疑為程式漏洞所致，初步排除外部攻擊
https://udn.com/news/story/7321/6511147

網攻激增 TWNIC提4大資安建議
http://www.ksnews.com.tw/index.php/news/contents_page/0001637149

H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices
https://thehackernews.com/2022/07/dahua-ip-camera-vulnerability-could-let.html

大華IP視訊鏡頭存在漏洞，恐遭攻擊者挾持
https://reurl.cc/KQrQ7e

CISA 發布五個影響工業控制系統漏洞資安警訊
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9988

工控物聯網創新整合服務　推動安全機制融入新興場域 產業法規遵循需求增　資安服務落實持續改善
https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/F9593F5C6D5345D8A9A87AF24DACC845

工控資安的風險管理，製造業數位轉型階段的必須作為
https://www.digiknow.com.tw/knowledge/62ec7a25c333a

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) - Remote Code Execution
https://www.exploit-db.com/exploits/50987

I.教育訓練
iPAS資訊安全工程師中級筆記
https://hackmd.io/@Not/iPASInformationSecuritySpecialist

iPas資安工程師證照考前研習
https://reurl.cc/GEbA3p

Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！
https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/

全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口
https://reurl.cc/m39MDj

CISSP考試心得
https://reurl.cc/KbY83j

CISSP考試心得 – Benson
https://reurl.cc/GbWvxd

目標導向-20天光速考過CISSP
https://reurl.cc/2Zq6zn

CISSP證照考試實戰心得 第一章：初期準備工作
https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat

CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/

EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8

CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh

深度解析 CPENT 考試心得、以及與 OSCP 的比較
https://reurl.cc/41eL8v

EC-Council CPENT v1 滲透測試認證 – 內容及心得分享
https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review

[備考心得]CompTIA Security+ (SY0–601) 上篇
https://reurl.cc/M053DK

[備考心得]CompTIA Security+ (SY0–601) 下篇
https://reurl.cc/M053Gv

不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書）
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html

Learn NIST Inside Out With 21 Hours of Training @ 86% OFF
https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html

駭客與國家: 網路攻擊與地緣政治新常態
The hacker and the state: cyber attacks and the new normal of geopolitic
https://reurl.cc/D3nKKj

6.近期資安活動及研討會
Just a chat - with no Expectations 2022/8/6
https://www.meetup.com/taipei-暗号通貨-cryptocurrency-meetup/events/287240531/

線上資安專題講座-生活中的資安：從新聞看資安學資安 2022/8/6
https://isipevent.kktix.cc/events/e58d0573-copy-4

從資安與品牌保護的戰略角度解析企業域名管理之重要性 2022/8/9
https://nii-icann.kktix.cc/events/ipdn-0809

111年下半年資安職能訓練－【第58班次】網路架構與部署安全 2022/8/8 ~ 2022/8/10
https://cee.ksu.edu.tw/CourseInfo.aspx?id=2473

2022 HITCON 資安職涯－線上論壇⎜Yourator 數位職涯博覽會 2022/8/10
https://www.accupass.com/event/2207271116014385674970

政府資訊委外安全（資安專業課程訓練） 2022/8/11
https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X20275

2022年SMB資安攻防演練&競賽 2022/8/12
https://www.accupass.com/event/2208030752306227439960

中華電信學院 委外廠商安全程式碼撰寫基礎訓練班 2022/8/12
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=524

【資安演訓實作課程】IoT資安檢測實務 2022/8/16
https://www.accupass.com/event/2207210707117495644880

Taipei dbt Meetup #5 (in-person👫 & online 👨‍💻)2022/8/17
https://www.meetup.com/taipei-dbt-meetup/events/287305953/

資安檢測實務 2022/8/17
http://www.asia-learning.com/course/itemlist/104256

資安策略規劃（資安專業課程訓練） 2022/8/18
https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X20278

物聯網資安研討會暨場域參訪 2022/8/18
https://www.accupass.com/event/2207210724541325124050

國家高速網路與計算中心教育訓練 「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/8/19
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4001&from_course_list_url=homepage

HITCON PEACE 2022 台灣駭客年會 2022/8/19 ~ 2022/8/20
https://hitcon.kktix.cc/events/hitcon-peace-2022

GO! Jira Community Taipei Meetup Aug 2022/8/20
https://www.meetup.com/taipei-atlassian-community-events/events/287421661/

資通安全成熟度合規(CMMC)研討會 2022/8/23
https://www.accupass.com/event/2207220933091173574427

【資安演訓實作課程】太陽光電系統資安風險評估機制之建立與應用 2022/8/25
https://www.accupass.com/event/2207211030451484008829

迎戰駭客威脅，建構製造業資安防禦網 2022/8/25
https://www.accupass.com/event/2207130547201900731660

NISRA Enlightened 2022 2022/8/22 ~ 2022/8/26
https://nisra.kktix.cc/events/2022enlightened

讀書會 The Software Craftsman ( by Sandro Mancuso) 2022/8/26
https://www.meetup.com/taipei-swift-language-meetup-group/events/287393101/

體驗高效雲端作業環境！Chrome x Google Workspace 辦公攻略 2022/8/26
https://www.accupass.com/event/2207150626088107856280

【創客小聚】影像辨識 x MQTT，趣玩 AIoT 2022/8/27
https://www.accupass.com/event/2207211250569268478070

遠距辦公資安趨勢｜以零信任安全模型迎接後疫情時代 2022/9/2
https://www.accupass.com/event/2207290127311257987165

PyCon APAC 2022 2022/9/3 ~ 2022/9/4
https://tw.pycon.org/2022/zh-hant

Quarterly Professional Networking Event (Q3) 2022/9/15
https://www.meetup.com/taiwan-digital-drinks/events/287479309/

DevOpsDays Taipei 2022 2022/9/15 ~ 2022/9/16
https://devopsdays.tw/

2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22
https://jamf.kktix.cc/events/cybersec2022jamf

關鍵基礎設施實作課程(含攻防演練實作) 2022/9/27
https://www.acw.org.tw/News/Detail.aspx?id=3229

OCF 培訓活動: 如何建立安全的網路架構 2022/10/1
https://ocftw.kktix.cc/events/ocftot2022

MOPCON 2022 2022/10/15 ~ 2022/10/16
https://mopcon.org/

Kubernetes Summit 2022 2022/10/18 ~ 2022/10/19
https://k8s.ithome.com.tw/

資訊安全與人工智慧實作 2022/10/28
https://www.cisanet.org.tw/Course/Detail/2867

行動應用APP 安全檢測（APK/IPA）2022-11-18 09:00 ~ 2022-11-18 12:00
https://www.cisanet.org.tw/Course/Detail/2865