資安事件新聞週報 2022/7/11 ~ 2022/7/15

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/7/11 ~ 2022/7/15 1.重大弱點漏洞/後門/Exploit/Zero Day VMware針對去年11月揭露的vCenter漏洞，在8個月後才為部分版本提供更新程式 https://www.bleepingcomputer.com/news/security/vmware-patches-vcenter-server-flaw-disclosed-in-november/ 微軟修補VM災害復原服務Azure Site Recovery逾30個漏洞 https://www.bleepingcomputer.com/news/security/microsoft-fixes-dozens-of-azure-site-recovery-privilege-escalation-bugs/ 微軟發布7月份例行修補公告，揭露84個漏洞的緩解方法 https://www.ithome.com.tw/news/151918 Microsoft 發布 2022 年 7 月的安全更新 https://msrc.microsoft.com/update-guide/deployments 微軟預告明年1月將對Windows 8.1終止支援，用戶開機就會看到全螢幕警示訊息 https://www.bleepingcomputer.com/news/microsoft/windows-81-now-shows-full-screen-end-of-support-warnings/ Microsoft Details App Sandbox Escape Bug Impacting Apple iOS, iPadOS, macOS Devices https://thehackernews.com/2022/07/microsoft-details-app-sandbox-escape.html 微軟Windows Autopatch服務正式上線 https://www.ithome.com.tw/news/151895 Microsoft Windows Autopatch is Now Generally Available for Enterprise Systems https://thehackernews.com/2022/07/microsoft-windows-autopatch-is-now.html Citrix 發布 Hypervisor 的安全更新 https://support.citrix.com/article/CTX461397/citrix-hypervisor-security-bulletin-for-cve202223816-and-cve202223825 Adobe 已發布安全更新，以解決多個 Adobe 產品中的弱點 https://www.cisa.gov/uscert/ncas/current-activity/2022/07/12/adobe-releases-security-updates-multiple-products Security bulletin: Security Bulletin: IBM QRadar SIEM is vulnerable to denial of service attack due to CVE-2021-39041 https://reurl.cc/RrAeGz Cisco 近日發布更新以解決多個產品的安全性弱點 https://www.cisa.gov/uscert/ncas/current-activity/2022/07/07/cisco-releases-security-updates-multiple-products CODESYS Gateway http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-31802 IBM Cognos Analytics http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-38945 OpenSSL 近日發布更新，以解決OpenSSL的安全性弱點 https://www.cisa.gov/uscert/ncas/current-activity/2022/07/06/openssl-releases-security-update New 'Retbleed' Speculative Execution Attack Affects AMD and Intel CPUs https://thehackernews.com/2022/07/new-retbleed-speculative-execution.html 聯想筆電再曝資安漏洞！涵蓋ThinkBook、Yoga 系列逾70多款機型受影響 https://3c.ltn.com.tw/news/50141 New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models https://thehackernews.com/2022/07/new-uefi-firmware-vulnerabilities.html PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects https://thehackernews.com/2022/07/pypi-repository-makes-2af-security.html 美國要求聯邦機構限期修補CSRSS零時差漏洞 https://www.cisa.gov/uscert/ncas/current-activity/2022/07/12/cisa-adds-one-known-exploited-vulnerability-catalog Java專案有2%存在Log4Shell漏洞 https://snyk.io/reports/open-source-security/ Intel與AMD處理器存在Retbleed漏洞 https://comsec.ethz.ch/research/microarch/retbleed/ 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安為鼓勵企業強化資安防禦，臺灣企業資安投資抵稅正式上路 https://www.ithome.com.tw/news/151873 提升資訊揭露品質櫃買中心修正3規章 https://ec.ltn.com.tw/article/breakingnews/3990571 金融法制暨犯罪防制中心今辦研討會　審檢警調業界探討跨國網路犯罪 https://www.ctwant.com/article/195025 勤業眾信攜手政大發布「2022台灣金融科技趨勢展望」 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&id=0000639626_QI15AN6X3XV8SL5KJZVDF 從共享到平台 FinTech資安是關鍵 https://wantrich.chinatimes.com/news/20220707900690-420501 為什麼長輩對信用卡超反感？網友一面倒：去問喬治和瑪莉 https://reurl.cc/d2RQqk 國稅局線上帳戶讓納稅人輕鬆查看稅務資訊 https://www.epochtimes.com/b5/22/7/14/n13781120.htm 3.電子支付/行動支付/pay/資安一次搞懂各種數位支付概念，別再將「行動支付、電子支付、第三方支付」混為一談 https://www.thenewslens.com/article/167954 企業電子支付熱迎A2A新時代 https://ctee.com.tw/news/finance/672818.html 安裝公測前你要知　銀行、電子支付 App iOS 16 兼容度快速測試 https://www.pcmarket.com.hk/ios-16-mobile-banking-payment-app-compatibility-test/ 蘋果再下一城 Adyen商家可開始使用Tap to Pay https://news.cnyes.com/news/id/4912773 OwlTing Group與Circle合作以支持跨境支付服務 https://news.cnyes.com/news/id/4915141 中國國家主席習近平召開深改會強化大型支付平台監管 https://reurl.cc/e3qMQM 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約資安 CypherD Wallet Integration & 200,000 $QUICK Airdrop https://medium.com/@quickswap-layer2/cypherd-wallet-integration-200-000-quick-airdrop-9585e11f2c63 3 Best Cryptocurrency to Buy Today and Hodl for the Long Run https://medium.com/coinmonks/3-best-cryptocurrency-to-buy-today-and-hodl-for-the-long-run-aa0a880f099 全球熊市，它反迎兆元商機！揭密打造加密幣金庫的台灣人 https://www.businessweekly.com.tw/magazine/Article_mag_page.aspx?id=7006217 一名法國男子因涉嫌史上最慘烈的網路攻擊事件，將遭到日本警方逮捕 https://www.thenewslens.com/article/169179 Velodrome將向veVELO持有者發放75萬枚OP獎勵 https://news.cnyes.com/news/id/4914686 駭客假冒大型去中心化交易所Uniswap的名義發動網釣攻擊，得手逾800萬美元 https://blog.checkpoint.com/2022/07/12/8-million-dollars-stolen-in-a-uniswap-phishing-attack/ 奧丁丁推B2B穩定幣跨境支付區塊鏈實現數秒到帳 https://ec.ltn.com.tw/article/breakingnews/3992246 Harmony：將在兩周內與社區討論Horizon駭客事件的恢復計劃 https://news.cnyes.com/news/id/4915427 LINE完成千萬美元策略投資推NFT交易平台 https://ec.ltn.com.tw/article/breakingnews/3990880 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 新興 0mega 勒索軟體針對企業進行雙重勒索攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9958 雲端挖礦攻擊鎖定軟體開發自動化服務GitHub Actions下手 https://reurl.cc/d2R1W2 Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs https://thehackernews.com/2022/07/cloud-based-cryptocurrency-miners.html 勒索軟體BlackCat打造受害者資料庫Alphv Collections https://blog.cyble.com/2022/07/06/alphv-ransomware-expands-its-arsenal-of-extortion-techniques/ 勒索軟體HavanaCrypt濫用開源密碼管理器來加密檔案 https://www.trendmicro.com/en_us/research/22/g/brand-new-havanacrypt-ransomware-poses-as-google-software-update.html 繼勒索軟體駭客BlackCat建立受害者資料庫，LockBit也跟進 https://www.bleepingcomputer.com/news/security/ransomware-gang-now-lets-you-search-their-stolen-data 勒索軟體LockBit停用防毒和EDR，並透過檔案共享軟體外洩受害組織資料 https://www.cybereason.com/blog/threat-analysis-report-lockbit-2.0-all-paths-lead-to-ransom 勒索軟體Lilith進行雙重勒索，終止瀏覽器、收信軟體運作再進行加密 https://blog.cyble.com/2022/07/12/new-ransomware-groups-on-the-rise/ 惡意程式碼恐藉由macOS漏洞繞過應用程式沙箱防護機制 https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/ 逾7成教育機構無法防堵勒索軟體攻擊 https://news.sophos.com/en-us/2022/07/12/the-state-of-ransomware-in-education-2022/ 蠕蟲程式Raspberry Robin濫用Windows Installer與威聯通設備發動攻擊 https://www.cybereason.com/blog/threat-alert-raspberry-robin-worm-abuses-windows-installer-and-qnap-devices QNAP 提醒針對使用者密碼強度不足的裝置發動之 Checkmate 勒贖攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9957 Android惡意軟體爆出新招，會在受害者不知情的情況下幫忙「訂閱」付費服務 https://www.techbang.com/posts/97649-there-is-android-malware-that-has-been-found-to-pay-for-a 危險至極！出現 50 款主流防毒產品都偵測不到的全新惡意軟體 https://reurl.cc/q5yGVR APT-C-26 (Lazarus) Analysis Report on E-commerce Attack Activities https://mp.weixin.qq.com/s/USitU4jAg9y2XkQxbwcAPQ Tracking the Operators of the Newly Emerged BlueSky Ransomware https://otx.alienvault.com/pulse/62d116147eec234c857938be Targeted Attack on Government Agencies https://reurl.cc/9GM3YX Climbing Mount Everest: Black-Byte Bytes Back https://research.nccgroup.com/2022/07/13/climbing-mount-everest-black-byte-bytes-back/ Analysis of the attack activities of the Mahacao group against Pakistan https://reurl.cc/NA3l85 Pakistani Hackers Targeting Indian Students in Latest Malware Campaign https://thehackernews.com/2022/07/pakistani-hackers-targeting-indian.html A Hit is made: Suspected India-based Sidewinder APT successfully cyber attacks Pakistan military focused targets https://reurl.cc/moayOY An Analysis of Infrastructure linked to the Hagga Threat Actor https://team-cymru.com/blog/2022/07/12/an-analysis-of-infrastructure-linked-to-the-hagga-threat-actor/ SELECT XMRig FROM SQLServer https://thedfirreport.com/2022/07/11/select-xmrig-from-sqlserver/ ChromeLoader: New Stubborn Malware Campaign https://unit42.paloaltonetworks.com/chromeloader-malware/ From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/ Rise in Qakbot Attacks Traced to Evolving Threat Techniques https://www.zscaler.com/blogs/security-research/rise-qakbot-attacks-traced-evolving-threat-techniques BlackByte - Security News https://www.trendmicro.com/vinfo/my/security/news/ransomware-spotlight/ransomware-spotlight-blackbyte ABCsoup: The Malicious Adware Extension with 350 Variants https://blog.zimperium.com/abc-soup-the-malicious-adware-extension-with-350-variants/ Hackers Exploiting Follina Bug to Deploy Rozena Backdoor https://thehackernews.com/2022/07/hackers-exploiting-follina-bug-to.html Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets https://thehackernews.com/2022/07/researchers-detail-techniques-lockbit.html TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine https://thehackernews.com/2022/07/trickbot-malware-shifted-its-focus-on.html North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware https://thehackernews.com/2022/07/north-korean-hackers-targeting-small.html Mantis Botnet Behind the Largest HTTPS DDoS Attack Targeting Cloudflare Customers https://thehackernews.com/2022/07/mantis-botnet-behind-largest-https-ddos.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 5G面臨「網路切片攻擊」重大威脅 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9956 蘋果iPhone成攻擊目標台天才駭客：找iOS漏洞領200萬美元 https://reurl.cc/g29emN 1元買4百萬特斯拉！台灣「天才駭客」出手攻iOS：領6千萬 https://reurl.cc/rDp38r 病毒透過 Safari 入侵 iPhone？答案是會的 https://technews.tw/2022/07/14/safari-iphone/ 研究人員揭露安卓惡意軟體Autolycos，超過1年仍有部分有害的App尚未下架 https://twitter.com/IngraoMaxime/status/1547164768401858560 中國駭客開發者成功讓一加 6T小米 8 刷上 WIN11 ARM 系統 https://vovo.cool/art/348758.html 各品牌下半年推出新手機三星蘋果谷歌不落人後 https://reurl.cc/Wrj0aZ 血氧 App 怎麼量？會有資安疑慮嗎 https://pansci.asia/archives/323219 資安風險、距離短藍芽難用不得不用 https://udn.com/news/story/7240/6454902?from=udn-ch1_breaknews-1-cate6-news iOS 16「安全回應與系統檔案」是什麼？自動化安全修補 https://mrmad.com.tw/ios-install-security-responses-system-files 街口支付通訊軟體 Jello 7 月下旬關閉服務曾是創辦人胡亦嘉得意產品 https://www.cool3c.com/article/179936 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力辦公室軟體WPS Office傳出審核中國用戶檔案內容惹議 http://www.itxinwen.com/soft/20220711/96492.html 萬代南夢宮確認他們的伺服器已經被駭客入侵正在調查損失 https://reurl.cc/DyaKvR 萬代南夢宮證實亞洲區遭駭，玩具買家資料恐洩漏 https://www.4gamers.com.tw/news/detail/54168/bandai-namco-confirms-reports-it-was-hacked 萬代南夢宮對外公告亞洲地區遭到駭客　影響範圍可能包含玩具業務相關的客戶資料 https://www.toy-people.com/?p=72992 電玩遊戲開發商萬代南夢宮傳出遭勒索軟體BlackCat攻擊 https://www.bleepingcomputer.com/news/security/bandai-namco-confirms-hack-after-alphv-ransomware-data-leak-threat/ Bandai承認日本以外的亞洲地區內部系統受到駭客入侵 https://lihkg.com/thread/3074527/page/1 駭客組織Luna Moth假借提供軟體訂閱服務的名義，入侵受害組織 https://blog.sygnia.co/luna-moth-false-subscription-scams AI Labs：PTT攻擊最激烈時段是下午2點疫情記者會 https://ec.ltn.com.tw/article/breakingnews/3989765 臺灣密碼學系統「Rainbow」晉級後量子密碼標準化決賽 https://pansci.asia/archives/197204 美國國會網站遭親俄駭客組織攻擊，系統短暫癱瘓 https://www.jasve.com/zh-tw/cntechs/6ea7aaafea521076d4977daa51e5fed7.html 專門銷售山寨版思科網路設備的美國男子被捕 https://www.ithome.com.tw/news/151878 懷恨洩頂級駭客工具給維基解密美中情局前員工遭定罪 https://reurl.cc/VDK0Vb 洩駭客工具給維基解密前中情局程式設計師定罪 https://udn.com/news/story/6809/6460159 Former CIA Engineer Convicted of Leaking 'Vault 7' Hacking Secrets to WikiLeaks https://thehackernews.com/2022/07/former-cia-engineer-convicted-of.html 英國資安人員面臨工作壓力，恐出現離職潮 https://www.bridewellconsulting.com/cyber-security-in-cni-organisations-2022 揭秘最大網路駭客組織——北韓駭客「39 號室」 https://www.btcc.com/zh-TW/coin-news/events/north-korean-hacker-room-39 立陶宛能源業者Ignitis遭到俄羅斯駭客DDoS攻擊 https://www.bankinfosecurity.com/lithuanian-energy-firm-experiences-ddos-a-19555 在「監控之國」，中國民眾正變得愈發警惕 https://cn.nytimes.com/china/20220715/china-data-privacy/zh-hant/ 切割中國，TikTok就能從資安疑雲中漂白 https://www.cw.com.tw/article/5121922 捷克國家網路資訊安全局預料，捷克擔任歐盟輪值主席國期間遭受網路攻擊情形將增加 https://www.trademag.org.tw/page/newsid1/?id=7864969&iz=6 美國網路「觸角」伸向世界每個角落或威脅全球網路安全 https://reurl.cc/6ZWKZb 以色列新創推小白工程師的「職前訓練平台」，模擬真實環境無痕上工 https://meet.bnext.com.tw/articles/view/49231 State-Backed Hackers Targeting Journalists in Widespread Espionage Campaigns https://thehackernews.com/2022/07/state-backed-hackers-targeting.html Researchers Warn of Raspberry Robin's Worm Targeting Windows Users https://thehackernews.com/2022/07/researchers-warn-of-raspberry-robins.html 暫時撤銷後，微軟承諾會封鎖 VBA 巨集 https://technews.tw/2022/07/13/microsoft-rolls-back-blocking-office-vba-macros-by-default/ 針對重新預設啟用Office巨集的配置，微軟表示只是暫時調整 https://www.bleepingcomputer.com/news/microsoft/microsoft-says-decision-to-unblock-office-macros-is-temporary/ Microsoft Temporarily Rolls Back Plan to Block Office VBA Macros by Default https://thehackernews.com/2022/07/microsoft-quietly-rolls-back-plan-to.html Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign https://thehackernews.com/2022/07/experts-uncover-350-browser-extension.html State-Backed Hackers Targeting Journalists in Widespread Espionage Campaigns https://thehackernews.com/2022/07/state-backed-hackers-targeting.html 資安網管工程師/助理工程師 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?R2=11&EMPLOYER_ID=12752&HIRE_ID=11238183 資安駐點工程師-ACSI https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E9%A7%90%E9%BB%9E%E5%B7%A5%E7%A8%8B%E5%B8%AB-acsi-at-acer-3163787062/?originalSubdomain=tw 資訊安全工程師(工作地點 : 林口) https://www.104.com.tw/job/7oxrp Presales Consultant https://www.linkedin.com/jobs/view/presales-consultant-at-freedom-systems-inc-3160453826/?originalSubdomain=tw icash資安管理經理 https://www.104.com.tw/job/7p1gw 資訊安全/資安講師(網際網路伺服安全) https://www.104.com.tw/job/7p1tb 資安網管工程師／助理工程師 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=12752&HIRE_ID=11313829 AD10407 資安管理師 https://www.linkedin.com/jobs/view/ad10407-%E8%B3%87%E5%AE%89%E7%AE%A1%E7%90%86%E5%B8%AB-at-asus-3164063058/?originalSubdomain=tw 技術副理-ACSI https://www.linkedin.com/jobs/view/%E6%8A%80%E8%A1%93%E5%89%AF%E7%90%86-acsi-at-acer-3169599279/ D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 RFA：上海數據庫外洩案至少含55位美國人個資 https://www.rti.org.tw/news/view/id/2138536 繞過雙重身份驗證、盜帳密還「敲詐」！微軟揭大規模網路釣魚詐騙新手法 https://3c.ltn.com.tw/news/50124 駭客假冒資安業者進行網釣詐騙 https://www.ithome.com.tw/news/151942 漫畫閱讀程式Mangatoon外洩2,300萬用戶資訊 https://www.ithome.com.tw/news/151880 澳洲 Deakin 大學遭駭客襲擊，數萬學生資料洩露 https://vitomag.com/education/ubbvd.html Office 365用戶遭到大規模網釣攻擊鎖定，駭客繞過雙因素驗證機制，但目的是將電子郵件信箱拿來發動BEC攻擊 https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/ 歐洲央行主席遭到釣魚簡訊攻擊，攻擊者佯稱是德國前總理對其下手 https://www.ithome.com.tw/news/151921 全球最大「外遇網站」公布偷情排行！　前年台北、去年新竹、今年冠軍又換人 https://www.mirrormedia.mg/premium/20220714soc005 阿里巴巴主管傳因「10億人個資外洩」遭調查中概股挫跌 https://news.cnyes.com/news/id/4915265 阿里午後續挫4%　傳阿里雲高層遭上海當局約談、涉警方數據庫洩露事件 https://reurl.cc/p179Ol 不只股票詐騙簡訊暴量！唐綺陽曝「取貨通知更多」…網速教1絕招 https://star.ettoday.net/news/2295212 中研院士：安倍過世後網路假訊息製造台日矛盾我應強化心防 https://www.rti.org.tw/news/view/id/2138229 學者：中共憂台灣建立心防強化輸入反美日言論 https://reurl.cc/ErkV2R 中國網路言論生態學者：逆向民族主義現象值得觀察 https://news.sina.com.tw/article/20220711/42181748.html 杜奕瑾：臉書最常下架涉及中國的政治性言論資訊戰爭早已開打 https://pourquoi.tw/2022/07/12/taiwan-news2022071222/ 愛買 Amazon 嗎？資安公司：Prime Day 還未起跑、釣魚詐欺已多 37% https://www.inside.com.tw/article/28246-amazonprimeday-checkpoint-fishing 社群行銷工具強杜奕瑾：一旦用在政治就是認知操作 https://www.rti.org.tw/news/view/id/2138329 杜奕瑾：社交媒體行銷強用在政治就是認知作戰 https://www.cna.com.tw/news/aipl/202207120119.aspx 臉書貼文什麼詞最易被審查？杜奕瑾：AI揪出是「中國」 https://ec.ltn.com.tw/article/breakingnews/3989767 國際資訊戰猖獗事實審查也不可信 https://anntw.com/articles/20220712-8xMy Gogolook擴大布局泰國市場攜手最大電信集團攻防詐業務 https://news.cnyes.com/news/id/4912276 健保個資蒐集使用應以法為度 https://talk.ltn.com.tw/article/paper/1528219 網路詐騙手法層出不窮許采蓁促高市府關注資安及詐騙問題 https://www.cdns.com.tw/articles/621506 宜家餘額提醒簡訊？累計分數清零？兌換商品優惠？當心不明連結！典型一頁式詐騙 https://www.mygopen.com/2022/07/ikea-msg.html 「百靈果」臉書粉專被盜！主持人凱莉曝真相網：亂連真的會出事 https://times.hinet.net/news/24019825 U.S. FTC Vows to Crack Down on illegal Use and Sharing of Citizens' Sensitive Data https://thehackernews.com/2022/07/us-ftc-vows-to-crack-down-on-illegal.html Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations https://thehackernews.com/2022/07/microsoft-warns-of-large-scale-aitm.html TikTok Postpones Privacy Policy Update in Europe After Italy Warns of GDPR Breach https://thehackernews.com/2022/07/tiktok-postpones-privacy-policy-update.html Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity https://thehackernews.com/2022/07/hackers-used-fake-job-offer-to-hack-and.html E.研究報告/工具電子郵件仍是首要攻擊途徑，相關威脅年暴增 101% https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9952 《李忠憲專欄》資訊安全是國家安全嗎 https://taronews.tw/2022/07/13/845754/ 2022年Thales資料威脅研究報告揭露驚人真相遠端辦公應對勒索威脅　駕馭資料安全成當務之急 https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/3FC3D310788B4571AD26D231ABBF2817 實現數位轉型之途身分認證與資安監控阻斷淪為肉票風險利鎖 https://www.trademag.org.tw/page/itemsd/?id=7864638&no=21 企業大幅提升資安能量！現在除了紅藍隊之外，還有紫隊 https://buzzorange.com/techorange/2022/07/14/red-blue-purple-teams/ 資安威脅加劇，政府與企業往往需要藉由白帽駭客協助，找出軟體的資安漏洞 https://reurl.cc/41E6xV 技術筆記 | 為何 Linkenin會成為詐騙溫床？區塊鏈遊戲王者 (Axie Infinity) 的一堂價值6億美金的資安課程 https://reurl.cc/55eKkM 資安與隱私信賴下的電商客戶關係管理 https://www.mypeoplevol.com/Article/27078 資安專家：台灣需要建立強大的「心防」 https://m.secretchina.com/news/b5/2022/07/11/1011456.html USB4技術規格與應用設計完全剖析 https://www.mem.com.tw/video/usb4%E6%8A%80%E8%A1%93%E8%A6%8F%E6%A0%BC%E8%88%87%E6%87%89%E7%94%A8%E8%A8%AD%E8%A8%88%E5%AE%8C%E5%85%A8%E5%89%96%E6%9E%90-%E5%A8%81%E9%8B%92%E9%9B%BB%E5%AD%90/ 上市櫃企業紛招聘專責高管　只憑傳統資安難創造差異價值兼顧產品安全才叫資安長　高階人才職涯攻頂有道 https://www.netadmin.com.tw/netadmin/zh-tw/trend/702A31F16A1948FDBE2C125A352ECDE9 麥肯錫：科技人不只喊缺，7 領域技術差距愈來愈大！企業該如何留才 https://www.managertoday.com.tw/articles/view/65254 S2 EP65／【總編輯會客室】數位轉型「資安」要隨行！資訊戰下台灣可以怎麼做 https://open.firstory.me/story/cl5hmg4q601n401s0ha8fcahp 資安筆記02- PE檔案映射 https://home.gamer.com.tw/creationDetail.php?sn=5507357 資安最前線》無密碼的數位世代，行嗎 https://www.gvm.com.tw/article/91855 信用卡被盜刷？！問題到底出在哪 https://player.soundon.fm/p/8fdc3e51-8bfb-4bfa-9c65-8ea2ce5a6eb7/episodes/1819acb9-42ed-4fa9-9779-caf35cbb1c9d 以「Crypto-Monetized Web」加密貨幣為營利基礎的網路,潛藏著什麼樣的危險 https://blog.trendmicro.com.tw/?p=73356 Hibernate vs JPA vs Spring Data JPA https://blog.devgenius.io/hibernate-vs-jpa-vs-spring-data-jpa-ff4485aaa780 Lock Screen Bypass Exploit of Android Devices (CVE-2022–20006) https://medium.com/maverislabs/lock-screen-bypass-exploit-of-android-devices-cve-2022-20006-604958fcee3a My top 10 Tips for developing Algorithmic Trading Strategies https://medium.com/@chris_42047/my-top-10-tips-for-developing-algorithmic-trading-strategies-756febaadedd TikTok: Trojan Stallion https://medium.com/@profgalloway/tiktok-trojan-stallion-64169f194d87 A Simple Formula for Getting Your IT Security Budget Approved https://thehackernews.com/2022/07/a-simple-formula-for-getting-your-it.html 5 Questions You Need to Ask About Your Firewall Security https://thehackernews.com/2022/07/5-questions-you-need-to-ask-about-your.html Avoiding Death by a Thousand Scripts: Using Automated Content Security Policies https://thehackernews.com/2022/07/avoiding-death-by-thousand-scripts.html What It Takes to Tackle Your SaaS Security https://thehackernews.com/2022/07/what-it-takes-to-tackle-your-saas.html Why Developers Hate Changing Language Versions https://thehackernews.com/2022/07/why-developers-hate-changing-language.html F.商業超過50%亞太製造業計畫採用雲技術管理網安風險 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9953 Progress最新版Flowmon 突破多雲監控與威脅偵測功能的極限 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9955 聯網世界需要的安全存取 – Microsoft Entra https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9949 Nutanix 助國票期貨強化交易穩定與安全性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9951 可把沒用手機變網路攝影機的阿福管家　推出首台硬體攝影機 https://www.setn.com/News.aspx?NewsID=1145380 資安業者Thales買下身分暨存取管理業者OneWelcome https://cpl.thalesgroup.com/about-us/newsroom/thales-acquires-ciam-leader-onewelcome Fortinet Accelerate 2022網路安全大會：安全與網路應雙管齊下、OT與IT融合需分段進行 https://www.techbang.com/posts/97756-fortinet-accelerate-2022-cybersecurity-conference-security-and 2022 BC資安獎：引進中華資安國際的SOC服務彌補資安人才不足缺口 http://www.twiota.org/eventDetails.aspx?id=e72c10d9-b8eb-41b4-aba6-9b2a6b712a7d 奧義智慧拓日本資安防護商機 https://money.udn.com/money/story/5640/6447559?from=edn_subcatelist_cate 敦新科技成為 TeamT5 代理商，提供企業有效的資安佈局策略 https://www.dawningtech.com.tw/web/news/news_in.jsp?np_no=NP1657530504238 奧義智慧與戴夫寇爾合作推出創新的資安服務 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=140&id=0000639492_EPM37N8ILFMLUN1PHZ0E7 15 分鐘找出漏洞！Cymetrics 資安評估平台助企業隨時掌握風險 https://reurl.cc/8oQDpy 因應遠距辦公需求採買遠端系統，檢視這七項指標，避免走入產品「包套」誤區 https://www.techbang.com/posts/97797-purchase-a-remote-system-in-response-to-the-needs-of-a-remote 全新TrustCSITM EDR端點偵測與回應服務讓資安威脅無所遁形 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=16&id=0000639460_XQV536QX53WMA215HWWV0 企業現在可以從單一控制平台實現多雲生態系統的統一監控並改善全面安全狀態 Progress Flowmon 突破多雲監控與威脅偵測功能的極限 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/703CD7B5D31C4FCDBF656462B6802149 雲、網業者開啟深度合作，搶5G邊緣應用商機 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=ca65b2a9-8823-41c9-b0ab-8e5d5d16d2ce G.政府如果資安戰開打臺灣有能力反擊嗎？一窺ACW SOUTH沙崙資安服務基地的祕密訓練術 https://www.thenewslens.com/article/169629 首支類衛星載具火箭升空　總統挺太空科技：帶台灣飛向宇宙 https://www.setn.com/News.aspx?NewsID=1143337 數位部主要任務掃除數位經濟障礙建立韌性資安 https://newtalk.tw/news/view/2022-07-09/783181 資安即國安2.0戰略新設資通安全署 https://reurl.cc/7DOKd9 偷查職棒啦啦隊員個資警記過 https://udn.com/news/story/7321/6451218?from=udn-catebreaknews_ch2 男警爆偷查職棒啦啦隊個資窺25女孩所長一起罰 https://news.ltn.com.tw/news/society/paper/1527966 警政署︰防濫查個資資安稽核把關 https://news.ltn.com.tw/news/society/paper/1527968 建構港口資安聯防機制臺灣港務公司與法務部調查局簽署MOU https://reurl.cc/ErkVp0 因應敵情威脅萬安45號演習首度實施仿真疏散 https://reurl.cc/OAdYGr 打擊網路犯罪重視民眾權益落實偵查方向 https://market.ltn.com.tw/article/12776 區塊科技與法務部共創區塊鏈司法應用里程碑 https://ctee.com.tw/industrynews/technology/678271.html 「司法聯盟鏈」北桃中將試辦數位證據驗證僅數秒 https://www.epochtimes.com/b5/22/7/13/n13780120.htm H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安駭客攻擊頻傳，如何保障汽車網路安全？—滿足ISO/SAE21434所需的安全快閃記憶體 https://www.winbond.com/hq/support/online-learning/articles-item/achieving-iso-sae21434-cyber-security-using-secure-flash.html?__locale=zh_TW 特斯拉新功能「翻車」，NFC鑰匙卡方便了車主也方便了偷車賊 https://www.techbang.com/posts/97041-teslas-new-feature-rollover-convenient-for-car-owners-and 研究人員揭露能遠端打開Honda汽車的Rolling-PWN漏洞 https://rollingpwn.github.io/rolling-pwn/ 安全與網路應雙管齊下　OT 與 IT 融合需分段進行 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/61A8BD1AA43B4DE3B93637EAE5842BFE 職人開箱：趨勢老將扛VicOne CEO闢車用資安新局 https://www.eettaiwan.com/20220712-trendmicro-vicone-new-subsidiary/ I.教育訓練 Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 6.近期資安活動及研討會中華電信學院創客智慧應用研習營-自走車動手玩一天班 2022/7/19 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=510 中華電信學院 5G企業專網技術與應用實務班 2022/7/19 ~ 2022/7/20 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=504 中華電信學院創客智慧應用研習營-3D列印與雷射雕刻初體驗一天班 2022/7/20 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=511 【Asus Cloud 線上技術練工坊】7月場：工控資安健診打造OT防護罩 2022/7/21 https://www.asuscloud.com/20220706/14099/ 中華電信學院 Python人工智慧科學營四天班 2022/7/19 ~ 2022/7/22 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=507 風險導向資安稽核 2022/7/20 https://www.cisanet.org.tw/Course/Detail/2756 沙崙資安基地7月份線上免費資安課程多的是你不知道的事(Part II) 2022/7/21（四）13:30-16:30 https://bit.ly/3HIQdZQ 中華電信學院數位金融團隊共識營(線上) 二天班 2022/7/21 ~ 2022/7/22 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=508 資安新知科技研習課程-「資安鑑識課程-系列Ⅰ初級課程：網駭，鑑識工具操作與證據追蹤分 202227/22 https://docs.google.com/forms/d/1DK3WZWPqKS16M-occKgWO17fJlHIl33Z2YJ6QGRmRgs/viewform?edit_requested=true 台灣駭客年會 HITCON Summer Training 2022 2022/7/24 ~ 2022/7/26 https://hitcon.kktix.cc/events/hitcon-summer-training-2022-paid https://hitcon.kktix.cc/events/hitcon-summer-training-2022 關鍵基礎設施實作課程(含攻防演練實作) 2022/7/25 https://www.acw.org.tw/News/Detail.aspx?id=3229 中華電信學院 5G智慧生活與無人機操控及應用三天班 2022/7/25 ~ 2022/7/27 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=506 中華電信學院智慧科技新生活夏令營四天班 2022/7/26 ~ 2022/7/29 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=512 資產不洩密電商資安論壇 2022/7/27 https://www.ptt.cc/bbs/toberich/M.1657177501.A.2BB.html 中華電信學院資安實作挑戰營二天班 2022/7/27 ~ 2022/7/28 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=509 物聯網資安立法搶攻歐美供應鏈市場線上研討會 2022/7/27 (三) 14:00 ~ 15:30 https://www.onwardsecurity.com/news/item/147 關鍵基礎設施實作課程(含攻防演練實作) 2022/8/1 https://www.acw.org.tw/News/Detail.aspx?id=3229 資安管理(ISO27001)與資安保險(ISO27102)之整合應用與發展趨勢 8/4 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X20262 【資安演訓實作課程】智慧製造攻防演練課程 2022/8/5 https://www.accupass.com/event/2207130617395907703790 111年下半年資安職能訓練－【第58班次】網路架構與部署安全 2022/8/8 ~ 2022/8/10 https://cee.ksu.edu.tw/CourseInfo.aspx?id=2473 政府資訊委外安全（資安專業課程訓練） 2022/8/11 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X20275 資安檢測實務 2022/8/17 http://www.asia-learning.com/course/itemlist/104256 資安策略規劃（資安專業課程訓練） 2022/8/18 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X20278 HITCON PEACE 2022 台灣駭客年會 2022/8/19 ~ 2022/8/20 https://hitcon.kktix.cc/events/hitcon-peace-2022 2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22 https://jamf.kktix.cc/events/cybersec2022jamf 關鍵基礎設施實作課程(含攻防演練實作) 2022/9/27 https://www.acw.org.tw/News/Detail.aspx?id=3229 資訊安全與人工智慧實作 2022/10/28 https://www.cisanet.org.tw/Course/Detail/2867 行動應用APP 安全檢測（APK/IPA）2022-11-18 09:00 ~ 2022-11-18 12:00 https://www.cisanet.org.tw/Course/Detail/2865