資安事件新聞週報 2022/5/16 ~ 2022/5/20

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/5/16 ~ 2022/5/20 1.重大弱點漏洞/後門/Exploit/Zero Day Oracle Security Alert for CVE-2022-21500 https://www.oracle.com/security-alerts/alert-cve-2022-21500.html SonicWall修補SSL VPN設備的高風險漏洞 https://www.sonicwall.com/support/knowledge-base/security-notice-sma-1000-series-unauthenticated-access-control-bypass/220510172939820/ Microsoft 推出 2022 年 5 月 Patch Tuesday 資安更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9861 微軟發佈5月份安全性公告 https://msrc.microsoft.com/update-guide/deployments 三個月前修補的SharePoint漏洞被研究人員繞過，微軟再度進行修補 https://starlabs.sg/blog/2022/05/new-wine-in-old-bottle-microsoft-sharepoint-post-auth-deserialization-rce-cve-2022-29108/ Windows Local Security Authority(LSA) 存在高風險漏洞(CVE-2022-26925) https://www.klcg.gov.tw/tw/education/3522-255125.html Adobe 已發布安全更新，以解決多個 Adobe 產品中的弱點 https://www.cisa.gov/uscert/ncas/current-activity/2022/05/12/adobe-releases-security-updates-multiple-products High-Severity Bug Reported in Google's OAuth Client Library for Java https://thehackernews.com/2022/05/high-severity-bug-reported-in-googles.html VMware Releases Patches for New Vulnerabilities Affecting Multiple Products https://thehackernews.com/2022/05/vmware-releases-patches-for-new.html VMware修補旗下產品的身分驗證繞過漏洞，美國要求公部門限期完成修補 https://www.bleepingcomputer.com/news/security/vmware-patches-critical-auth-bypass-flaw-in-multiple-products/ WordPress外掛程式Tatsu Builder漏洞遭到鎖定，出現近6百萬次攻擊 https://www.wordfence.com/blog/2022/05/millions-of-attacks-target-tatsu-builder-plugin/ WordPress外掛程式JupiterX、Junipter存在重大漏洞，恐被駭客用來接管網站 https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes/ 黑客覆寫靭體！超過 200 款型號出事！ HP 推出 BIOS 更新籲用戶立即安裝 https://www.pcmarket.com.hk/bios-security-vulnerabilities-has-been-founded-in-over-200-models-hp-pc/ 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安駭客利用惡意PHP程式碼截取網站的信用卡資料 https://www.zdnet.com/article/fbi-hackers-used-malicious-php-code-to-grab-credit-card-data/ Cyber Actors Scrape Credit Card Data from US Business' Online Checkout Page and Maintain Persistence by Injecting Malicious PHP Code https://www.ic3.gov/Media/News/2022/220516.pdf 遭批遇到富邦就轉彎金管會：兩年開罰富邦金逾3000萬元 https://news.cnyes.com/news/id/4874704?exp=a 不怕保單之亂！　染疫警專案申請理賠「備妥個人文件即可」 https://www.mirrormedia.mg/story/20220518soc003/ 微笑揮手就能結帳？Mastercard 卡「生物辨識支付」便利性挑戰隱私權 https://www.inside.com.tw/article/27713-mastercard-biometric-payment 萬事達卡推臉部辨識付款安全隱憂再成爭議 https://reurl.cc/QLRzz2 台銀「三駕馬車」戰略發威前4月稅前淨利54億元 https://www.cna.com.tw/news/afe/202205200157.aspx 法規雖逐步鬆綁仍較他國嚴謹　海外經驗可作為參考案例開放上雲引躍躍欲試　人才法遵成金融業挑戰 https://www.netadmin.com.tw/netadmin/zh-tw/trend/0918A23BDC774E8A91614D2F3F5FEB57 第一金台灣核心戰略建設基金熱募 https://wantrich.chinatimes.com/news/20220517900116-420101 將來銀行帳務系統出包　發3700筆錯誤簡訊給客戶 https://tw.appledaily.com/property/20220520/N46SPH4DJND33GDILX2VPJLLYQ/ 信用卡也能享有跨行交易免手續費優惠 https://www.cardu.com.tw/message/detail.php?46959 富邦媒砸3.75億元參與LINE BANK私募案 https://udn.com/news/story/7241/6328181?from=udn-catelistnews_ch2 北富銀參與LINE Bank減增資，持股比重增至27.18% https://reurl.cc/b2VM2o 3.電子支付/行動支付/pay/資安美國行動支付，為什麼不如中國普遍 https://www.cw.com.tw/article/5121132 偽卡綁Apple Pay行動支付至咖啡連鎖門市盜刷換現金 https://reurl.cc/XjGolR Google 錢包和 Google Pay 有什麼區別 https://reurl.cc/NAQ3Z9 碰一下就付款，蘋果訪客中心開始接受 Tap To Pay https://technews.tw/2022/05/17/tap-to-pay/ 不打補貼戰降虧損！歐付寶結盟綠界整合支付版圖，下步搶攻移工商機 https://www.bnext.com.tw/article/69248/opay-2022 小米為日本當地電子票卡需求，在日本提供具備 FeliCa 的 Redmi Note 11 Pro 5G https://reurl.cc/7D0OeD 遠東有錢卡收攤不玩　10月底終止走入歷史 https://www.cardu.com.tw/news/detail.php?46139 網購數位科技調查　消費者最重視電子支付 https://www.eettaiwan.com/20220517nt21-online-shopping/ 英國政府計劃將穩定幣納入電子支付監管範圍 https://news.cnyes.com/news/id/4873238 你支持不用鈔票更方便嗎？全球現金戰爭開打：那些率先走向無現金交易的國家，後來呢 https://www.businesstoday.com.tw/article/category/183017/post/202205040077/ 第二階段消費券　改寫本地電子支付版圖 https://www.pcmarket.com.hk/2nd-phase-consumption-voucher-will-rewriting-the-local-electronic-payment-landscape/ 歐付寶擬串連綠界科技收款店家 https://reurl.cc/n1Nk16 電支去年無人獲利　又有新兵殺進搶市 https://www.wealth.com.tw/articles/af1b47f4-b7e9-4547-a60a-e2878fded3d3 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約資安 Create NFT Market Place without any libraries like openZeppelin (part 1) https://amirdiafi.medium.com/create-nft-market-place-without-any-libraries-like-openzeppelin-part-1-7c3bbc04c23f 虛擬貨幣是什麼？加密貨幣有哪些？加密貨幣種類、特色、風險 https://reurl.cc/x9anG4 習酒發布NFT數字藏品 https://news.cnyes.com/news/id/4875740 BTC拉升後部分高位套牢籌碼離場 ETH匯率處於較低水平 – 2022.5.20 https://reurl.cc/k1OD93 500億美元的一堂課　從UST崩盤看穩定幣的三道防線 https://www.cw.com.tw/article/5121284 LINE推出DOSI Wallet 攻全球市場NFT交易平台、註冊流程更簡化 https://udn.com/news/story/122837/6320207?from=udn-catelistnews_ch2 用社群帳號就能註冊！LINE 推「DOSI Wallet」錢包搶攻NFT商機 https://3c.ltn.com.tw/news/49179 數碼港元│零售央行數碼貨幣與現有電子支付方式有何分別 https://reurl.cc/55ve5v 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 鎖定macOS的惡意軟體UpdateAgent出現變種，被用來投放更多惡意程式 https://www.jamf.com/blog/updateagent-adapts-again/ 製作勒索軟體Jigsaw、Thanos的駭客被起底 https://www.justice.gov/usao-edny/pr/hacker-and-ransomware-designer-charged-use-and-sale-ransomware-and-profit-sharing Conti勒索軟體威脅推翻哥斯大黎加政府 https://www.ithome.com.tw/news/150993 知名勒索軟體Jigsaw、Thanos作者竟是55歲心臟科醫生，客服有口碑堪稱勒索界「絕命毒師」 https://www.techbang.com/posts/96375-in-addition-to-treating-patients-55-year-old-cardiologists 中國駭客鎖定俄羅斯航太產業下手，植入多種惡意軟體 https://www.bleepingcomputer.com/news/security/chinese-space-pirates-are-hacking-russian-aerospace-firms/ 日經新聞遭到勒索軟體攻擊 https://asia.nikkei.com/Announcements/Nikkei-unit-in-Singapore-hit-by-ransomware 鎖定Linux主機的殭屍網路XorDDoS近半年攻擊次數增2.5倍 https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/ 勒索軟體Chaos破壞受害電腦檔案，並表達力挺俄羅斯的訴求 https://www.fortinet.com/blog/threat-research/chaos-ransomware-variant-sides-with-russia 航空液壓設備製造商傳出遭勒索軟體Conti攻擊 https://www.bleepingcomputer.com/news/security/engineering-firm-parker-discloses-data-breach-after-ransomware-attack/ 威聯通針對近期出現的勒索軟體DeadBolt攻擊行動提出警告 https://www.qnap.com/zh-tw/security-news/2022/%E7%AB%8B%E5%8D%B3%E6%8E%A1%E5%8F%96%E8%B3%87%E5%AE%89%E9%98%B2%E8%AD%B7%E8%A1%8C%E5%8B%95%E6%9B%B4%E6%96%B0-qts-%E8%87%B3%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC 駭客一口氣散布3種無檔案惡意軟體，意圖竊取受害電腦資料 https://www.fortinet.com/blog/threat-research/phishing-campaign-delivering-fileless-malware 變種Facestealer竊密程式鎖定手機用戶，截取臉書帳密或假藉挖礦服務洗劫加密貨幣錢包 https://trendmicro.com/en_us/research/22/e/fake-mobile-apps-steal-facebook-credentials--crypto-related-keys.html 駭客利用Windows事件記錄機制埋藏惡意軟體行蹤 https://securelist.com/a-new-secret-stash-for-fileless-malware/106393/ Why Remediation Alone Is Not Enough When Infected by Malware https://asec.ahnlab.com/en/34549/ Vidar distributed through backdoored Windows 11 downloads and abusing Telegram https://www.zscaler.com/blogs/security-research/vidar-distributed-through-backdoored-windows-11-downloads-and-abusing Dridex Infection Chain Case Studies https://unit42.paloaltonetworks.com/excel-add-ins-dridex-infection-chain/ https://github.com/pan-unit42/iocs/blob/master/Dridex%20Infection%20Chain%20Case%20Studies CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware https://www.sentinelone.com/labs/cratedepression-rust-supply-chain-attack-infects-cloud-ci-pipelines-with-go-malware/ Twisted Panda: Chinese APT espionage operation against Russian’s state-owned defense institutes https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/ Bumblebee Malware from TransferXL URLs https://isc.sans.edu/diary/rss/28664 Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control https://www.cisa.gov/uscert/ncas/alerts/aa22-138b Info-stealer Campaign targets German Car Dealerships and Manufacturers - Check Point Software https://blog.checkpoint.com/2022/05/10/a-german-car-attack-on-german-vehicle-businesses/ Briefing on the latest APT-C-24 Rattlesnake attack activity https://mp-weixin-qq-com.translate.goog/s/qsGxZIiTsuI7o-_XmiHLHg?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en SYK Crypter Distributing Malware Families Via Discord https://blog.morphisec.com/syk-crypter-discord Falcon OverWatch Detects Novel IceApple Post-Exploitation Framework https://www.crowdstrike.com/wp-content/uploads/2022/05/crowdstrike-iceapple-a-novel-internet-information-services-post-exploitation-framework.pdf https://www.crowdstrike.com/blog/falcon-overwatch-detects-iceapple-framework/ https://therecord.media/iceapple-post-exploitation-malware-microsoft-crowdstrike/ Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/ Operation RestyLink: APT campaign targeting Japanese companies https://insight-jp.nttsecurity.com/post/102hojk/operation-restylink-apt-campaign-targeting-japanese-companies Network Footprints of Gamaredon Group https://blogs.cisco.com/security/network-footprints-of-gamaredon-group Space Pirates: analyzing the tools and connections of a new hacker group https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/space-pirates-tools-and-connections/ Emotet Summary: November 2021 Through January 2022 https://unit42.paloaltonetworks.com/emotet-malware-summary-epoch-4-5/ How to Protect Your Data When Ransomware Strikes https://thehackernews.com/2022/05/how-to-protect-your-data-when.html UpdateAgent Returns with New macOS Malware Dropper Written in Swift https://thehackernews.com/2022/05/updateagent-returns-with-new-macos.html U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware https://thehackernews.com/2022/05/us-charges-venezuelan-doctor-for-using.html New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners https://thehackernews.com/2022/05/new-sysrv-botnet-variant-hijacking.html Researchers Warn of "Eternity Project" Malware Service Being Sold via Telegram https://thehackernews.com/2022/05/researchers-warn-of-eternity-project.html New Saitama backdoor Targeted Official from Jordan's Foreign Ministry https://thehackernews.com/2022/05/new-saitama-backdoor-targeted-official.html Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks https://thehackernews.com/2022/05/iranian-hackers-leveraging-bitlocker.html Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices https://thehackernews.com/2022/05/microsoft-warns-rise-in-xorddos-malware.html Cytrox's Predator Spyware Targeted Android Users with Zero-Day Exploits https://thehackernews.com/2022/05/cytroxs-predator-spyware-target-android.html Hackers Exploiting VMware Horizon to Target South Korea with NukeSped Backdoor https://thehackernews.com/2022/05/hackers-exploiting-vmware-horizon-to.html Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware https://thehackernews.com/2022/05/hackers-trick-users-with-fake-windows.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 iPhone關機也沒用！駭客一樣能藉低功耗模式入侵手機 https://3c.ltn.com.tw/news/49162 iPhone關機也被駭！有心人士竟藉「內建這模式」入侵手機 https://reurl.cc/9Gv25x 研究人員發現可濫用iPhone低耗電模式的漏洞 https://arxiv.org/pdf/2205.06114.pdf 修補 iPhone 近30個資安漏洞！蘋果釋出 iOS 15.5 更新 https://3c.ltn.com.tw/news/49153 預防惡意攻擊！蘋果和Google急刪150萬個2年未更新App https://newtalk.tw/news/view/2022-05-18/756572 3款APP有毒！一掃QR Code就被駭存款直接被偷光 https://news.ebc.net.tw/news/living/317972 惡意App盜銀行帳密　日常健身、掃QR Code就被駭 https://www.ettoday.net/news/20220518/2253666.htm 安卓用戶快刪除！7款App 暗藏變種版惡意間諜軟體「偷」手機個資 https://3c.ltn.com.tw/news/49161 快檢查手機！這6款App竊你個資 https://reurl.cc/b2V03y 手機續航測試出爐　這款入門新機續航超卓越 https://www.ettoday.net/news/20220519/2254476.htm 惡意App盜銀行帳密　日常健身、掃QR Code就被駭 https://www.ettoday.net/news/20220518/2253666.htm?from=rss 這款APP快刪除！入侵帳戶秒扣3000元荷包恐全空 https://news.ebc.net.tw/news/living/318129 訊診看病需求暴增醫聯網開發「視訊診療系統」協助抗疫 https://udn.com/news/story/7240/6326127?from=udn-ch1_breaknews-1-cate6-news 社交軟體看病好方便？醫聯網：恐有資安風險 https://reurl.cc/ErjEVv iOS 15.6 beta 1 更新釋出！又帶來哪些新功能 https://mrmad.com.tw/apple-ios-15-6-beta-1-releases 加拿大跟進盟邦 5G網路將禁用華為、中興通訊設備 https://times.hinet.net/news/23924457 Twitter員工遭偷拍！內幕消息外洩，員工反對馬斯克收購，稱他患有亞斯伯格症 https://news.cnyes.com/news/id/4875298 遠傳5G遠距診療取得美國HIPAA認證，強化資安接軌國際 https://reurl.cc/9Gv2dj Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys https://www.trendmicro.com/en_us/research/22/e/fake-mobile-apps-steal-facebook-credentials--crypto-related-keys.html How to make Android Studio look Awesome https://blog.protein.tech/how-to-make-android-studio-look-awesome-ee19e3719a59 Over 200 Apps on Play Store Caught Spying on Android Users Using Facestealer https://thehackernews.com/2022/05/over-200-apps-on-play-store-caught.html Researchers Find Potential Way to Run Malware on iPhone Even When it's OFF https://thehackernews.com/2022/05/researchers-find-way-to-run-malware-on.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力臺灣積極發展資安職務地圖，促進產官學溝通對焦，新興資安產業版首登場 https://www.ithome.com.tw/news/151029 全球企業資安人才狂缺！哪些國際專業證照可以讓你身價狂飆 https://buzzorange.com/techorange/2022/05/20/isaca-certificate/ 挖礦攻擊對 DevOps 團隊的衝擊 https://blog.trendmicro.com.tw/?p=72313 多國警告 MSP 面臨網路安全威脅 https://technews.tw/2022/05/18/government-agencies-warn-of-increase-in-cyberattacks-targeting-msps/ 駭客也分黑白機器人帳號目的是什麼網路安全工程師解惑網友疑問 https://reurl.cc/A7jodp Axie Infinity、Moonbirds、RTFKT …多個項目 Discord 遭駭客攻擊 https://www.blocktempo.com/several-nft-discords-were-compromised-including-axie-moonbirds-rtfkt/ 北韓駭客潛伏國際為發展核武籌資 https://anntw.com/articles/20220518-bJsG 北韓派出數千名IT開發者潛伏於全球企業以替北韓政府賺錢 https://www.ithome.com.tw/news/150980 北韓IT人士埋伏全球企業，協助駭客進行網路攻擊 https://home.treasury.gov/system/files/126/20220516_dprk_it_worker_advisory.pdf 北韓駭客Lazarus鎖定南韓組織的VMware遠距工作平臺Log4Shell漏洞下手 https://asec.ahnlab.com/en/34461/ 4中國特工1美公民涉情蒐鎖定中國異議與民運人士 https://www.cna.com.tw/news/aopl/202205190055.aspx 中國數位絲路若建成...商業、情報，連印度發電廠都可能受控制 https://www.businessweekly.com.tw/international/blog/3009795 報告稱中國駭客試圖竊取俄羅斯國防數據 https://cn.nytimes.com/china/20220520/china-hackers-russia/zh-hant/ 中國駭客間諜全球入侵下手對象包括盟友俄羅斯 https://www.cna.com.tw/news/acn/202205200200.aspx 中共靠攏侵烏俄國中東歐對中關係重新省思 https://reurl.cc/o1RWG3 美司法部正式承諾不控告從事安全研究的白帽駭客 https://www.ithome.com.tw/news/151026 美國將把白帽駭客行為除罪化確保資安技術成長 https://www.cool3c.com/article/177504 瑞典和芬蘭提高網絡攻擊警戒級別，擔心因申請加入北約遭到報復 https://reurl.cc/d2n6q8 義大利國家網路安全局：將運用AI及新型軟體抵制網路犯罪 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=dc398ba0-0e3e-42a6-bd0a-3c68060ff0b4 台商刺探法輪功情資二審無罪最高法院發回更審 https://reurl.cc/x9anRN 歐洲推出第二版網路暨資訊系統安全指令，將擴大適用範圍 https://digital-strategy.ec.europa.eu/en/library/proposal-directive-measures-high-common-level-cybersecurity-across-union Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang https://thehackernews.com/2022/05/researchers-expose-inner-working-of.html U.S. Warns Against North Korean Hackers Posing as IT Freelancers https://thehackernews.com/2022/05/us-warns-against-north-korean-hackers.html Europe Agrees to Adopt New NIS2 Directive Aimed at Hardening Cybersecurity https://thehackernews.com/2022/05/europe-agrees-to-adopt-new-nis2.html Ukrainian Hacker Jailed for 4-Years in U.S. for Selling Access to Hacked Servers https://thehackernews.com/2022/05/ukrainian-hacker-jailed-for-4-years-in.html Researchers Uncover Rust Supply-Chain Attack Targeting Cloud CI Pipelines https://thehackernews.com/2022/05/researchers-uncover-rust-supply-chain.html 軟體開發工程師 https://www.104.com.tw/job/7muzf 國網中心/網路與資安組/學研總中心規劃推動計畫/專案管理計畫人員/1人(111_06_2) https://www.104.com.tw/job/7n1q8 【視訊面試】資安工程師 --接受無經驗,但想往資安發展,有完整培訓 https://www.104.com.tw/job/7mw8c?jobsource=jolist_c_date 資訊部-資安工程師 https://job.taiwanjobs.gov.tw/internet/jobwanted/JobDetail.aspx?R2=15&EMPLOYER_ID=446216&HIRE_ID=11174009 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Interactive Phishing: Using Chatbot-like Web Applications to Harvest Information https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/interactive-phishing-using-chatbot-like-web-applications-to-harvest-information/ 金融大老籲與司法界多交流　刑事局建議做好風險評估避免被駭被騙 https://www.ctwant.com/article/184048 怕出門染疫...民眾網路交易遭騙損荷包！「這些手法」要當心 https://news.housefun.com.tw/news/article/111660335556.html 疫情期間聯卡中心提醒留意網路詐欺或手機簡訊釣魚 https://www.chinatimes.com/realtimenews/20220518005239-260410?chdtv 網購刷卡詐騙多聯卡中心提醒遇可疑主動向銀行查證 https://money.udn.com/money/story/5613/6323474 釣魚網站騙信用卡資料　盜刷星巴克點數洗錢1年賺近千萬元 https://news.sina.com.tw/article/20220518/41861670.html 駭客利用客服機器人進行網路釣魚，竊取信用卡資料 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/interactive-phishing-using-chatbot-like-web-applications-to-harvest-information/ 主播簡立喆超崩潰臉書遭駭信用卡又被盜刷 https://ent.ltn.com.tw/news/breakingnews/3932719 全球網絡詐騙行業今年首季有增長趨勢 https://unwire.pro/2022/05/20/arkose-labs/security/ 手機報稅小心個資外洩陷阱！趨勢科技教你 3 招防止駭客攻擊 https://www.techbang.com/posts/96118-mobile-phone-tax-filing-beware-of-personal-leakage-traps-trend 【錯誤】網傳網站「填寫相關問題抽10,000超市禮券..」 https://tfc-taiwan.org.tw/articles/7509 假冒加密貨幣交易所　HKCERT 提醒市民小心短訊釣魚攻擊 https://www.pcmarket.com.hk/phishing-attack-on-fake-cryptocurrency-exchange-sms/ 馬來西亞超過2千萬國民個資外洩，賣家大膽公開內政部長身分證 https://www.thenewslens.com/article/167095 稱台灣原創卻放中國盜錄片 TV Pay被起訴 https://www.epochtimes.com/b5/22/5/17/n13739289.htm 買清冠遇詐騙！　誆贈兩劑快篩　新手媽遭騙1萬 https://www.ftvnews.com.tw/news/detail/2022517N06M1 E.研究報告/工具 TeamT5 發布模組化後門程式 Pangolin8RAT 與關聯駭客團體研究 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9857 零信任資安模型與 DevOps 整合的 5 大元素 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9862 第3屆ICANN APAC-TWNIC合作交流論壇引領探索網路本質，實現全球公共利益 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9856 ICANN 開發用於監控及打擊惡意網路行為的工具 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9860 網站追蹤器元件可能會在用戶送出前截取輸入表單的資料 https://homes.esat.kuleuven.be/~asenol/leaky-forms/ 巴哈駭客教你如何不因為違反兒少保護被水桶 https://forum.gamer.com.tw/C.php?bsn=60076&snA=7097054 駭客使用sqlps公用程式鎖定攻擊SQL Server https://www.ithome.com.tw/news/150991 如果猴子拿到打字機：從柏拉圖談到《駭客任務》的小說創作心法 https://reurl.cc/ErjEmR 你的按鍵被監控了嗎?什麼是鍵盤側錄器（keylogger）? 鍵盤側錄器進入電腦的四個管道 https://blog.trendmicro.com.tw/?p=71541 CVE-2022-26923：Active Directory網域權限提升漏洞修補分析 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9870 Excel 刪除重覆值或取得唯一值 https://amingosec.blog/excel-remove-duplicates/ 介接專攻中日韓語系引擎　行欄位面向高效資料庫索引 MySQL外掛Mroonga　全文檢索搜尋中文更有力 https://www.netadmin.com.tw/netadmin/zh-tw/technology/A383340B3A934B92938826D76380D9AE 【反面教材】解構勒索集團LAPSUS$入侵事件科技巨企網絡安全超脆弱 https://www.wepro180.com/lapsus220523/ 無線滲透–wifiphisher之wifi釣魚獲取wifi密碼 https://reurl.cc/9Gv2Mj Mirantis OpenStack 9.0 在 VirtualBox上的部署安装 https://reurl.cc/RrqA6e Can analyzing javascript files lead to remote code execution https://melotover.medium.com/can-analyzing-javascript-files-lead-to-remote-code-execution-f24112f1aa1f What’s new in Flutter 3.0, let’s discuss the top 10 new things https://shirsh94.medium.com/whats-new-in-flutter-3-0-let-s-discuss-the-top-10-new-things-839aba69929b Build Your first CI/CD Pipeline in Azure DevOps https://qatechtalks.medium.com/build-your-first-ci-cd-pipeline-in-azure-devops-5bd3408f36ff 2022 Custom VSCode Setup https://medium.com/@crstnmac/2022-custom-vscode-setup-b72b10ef1e0a Reset the Password for Vulnerability https://medium.com/@sathvika03/reset-the-password-for-vulnerability-b0805f7adf9c An overview of Threat Intelligence in Cybersecurity https://4noobies.medium.com/an-overview-of-threat-intelligence-in-cybersecurity-f48ecf37c323 Why the Raspberry Pi should be your next home server https://medium.com/the-pi-project/why-the-raspberry-pi-should-be-your-next-home-server-e901e796e7a6 12 Awesome Linux Commands && Utilities https://medium.com/codex/12-awesome-linux-commands-utilities-49ab56588a84 How to make real money with Python and YouTube https://medium.com/geekculture/how-to-make-real-money-with-python-and-youtube-494bb34ca9ac How I managed to take over any account visits my profile with Stored XSS https://0xmahmoudjo0.medium.com/how-i-managed-to-take-over-any-account-visits-my-profile-with-stored-xss-6b378d33e90f 7 Best GitHub Repositories to Learn Any Programming Language https://javascript.plainenglish.io/7-best-github-repositories-to-learn-any-programming-language-5843e5a3c8d8 My Mac OS essential tools list at work https://medium.com/@spawnrider/my-mac-os-essential-tools-list-at-work-391792dfcd1d 90 % of Javascript Developer fail to answer these code snippets (Asked in Interview) Part-1 https://vineetmishrahbk.medium.com/90-of-javascript-developer-fail-to-answer-these-code-snippets-asked-in-interview-436e00ec1287 How I became a Web3 dev in just 7 days and got my first 8000$ Web3 contract https://blog.cryptostars.is/how-i-became-a-web3-dev-in-just-7-days-and-got-my-first-8000-web3-contract-8f554bcb5352 Hacking Smart Contracts: Beginners Guide https://learn.block6.tech/hacking-smart-contracts-beginners-guide-9c84e9de7194 7 Key Findings from the 2022 SaaS Security Survey Report https://thehackernews.com/2022/05/7-key-findings-from-2022-saas-security.html Web Trackers Caught Intercepting Online Forms Even Before Users Hit Submit https://thehackernews.com/2022/05/web-trackers-caught-intercepting-online.html Hackers Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility https://thehackernews.com/2022/05/hackers-gain-fileless-persistence-on.html Are You Investing in Securing Your Data in the Cloud https://thehackernews.com/2022/05/are-you-investing-in-securing-your-data.html Fake Clickjacking Bug Bounty Reports: The Key Facts https://thehackernews.com/2022/05/fake-clickjacking-bug-bounty-reports.html Google Created 'Open Source Maintenance Crew' to Help Secure Critical Projects https://thehackernews.com/2022/05/google-created-open-source-maintenance.html 2022 Cybersecurity Skills Gap https://www.fortinet.com/content/dam/fortinet/assets/reports/report-2022-skills-gap-survey.pdf F.商業 Noname Security成立台灣辦事處擴展亞太市場 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9859 Google推出經過安全驗證的開源軟體套件 https://cloud.google.com/blog/products/identity-security/introducing-assured-open-source-software-service 駭客猖獗網安股夯 Palo Alto盤後噴10% 同業跟漲 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=789c444f-77d8-4a85-b480-29f6c039595f 芬-安全企業版發佈全新品牌WithSecure™ 並以「唯思安全」為品牌中文命名 WithSecure™象徵「Co-security協同安全」的理念，共創可信賴的數位安全社會 https://times.hinet.net/topic/23925044 Fortinet 資安能力報告：八成企業因資安知識不足導致安全威脅 http://n.yam.com/Article/20220518741552 資安鬧人才荒、公司技術不足！Fortinet：8成企業遭受資安威脅 https://www.bnext.com.tw/article/69257/cybersecurity-fortinet-report 華邦電推進45奈米Nor flash製程開發資安產品需求看好 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=c5c74867-8480-4226-9fac-10c95ad688bb 微軟加碼在台投資透過首座微軟雲端資料中心加速培育數位轉型人才 https://www.managertoday.com.tw/articles/view/65106 微軟與財團法人電信技術中心雙管齊下推動5G專網資安 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=41&id=0000635152_Z6628WXK4EO1583WIFEJB 精誠(6214)旗下恆逸成台灣首家Aruba國際認證授權教育訓練中心 https://fnc.ebc.net.tw/fncnews/content/150641 恆逸成為首家台灣Aruba國際認證授權教育訓練中心 https://www.storm.mg/stylish/4341920 中華電信500M以上客戶淨增3成 WiFi全屋通淨增台數55％ https://turnnewsapp.com/livenews/finance/A79860002022051816345041 逸盈科技成為 Noname Security 臺灣授權代理商 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/906C2FDE919A47FCA15D60F741822220 AI、HPC、資安將成COMPUTEX數位轉型解決方案熱門項目 https://wantrich.chinatimes.com/news/20220519900420-420501 全面升級！MailGates 6.0 高效抵禦社交工程、BEC、APT 攻擊守護企業資安 https://www.openfind.com.tw/taiwan/news_detail.php?news_id=10317 Palo Alto Networks呼籲網安產業採用零信任、零例外ZTNA 2.0 https://news.sina.com.tw/article/20220519/41866934.html 中華電信連續兩年取得Azure Expert MSP最高階專業認證 https://times.hinet.net/news/23923260 Sophos 2022年勒索軟體現況報告揭露勒索軟體攻擊 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&cat=60&id=0000635343_4J44YW4V39A5GP4LJP2KT Sophos 揭密流動性挖礦 CryptoCrime 的手法 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9869 中華資安國際：結合滲透測試、紅隊演練服務，提高資安防線的強韌度 https://www.owlting.com/news/articles/97832 最先進的防護與效能，以滿足5G、邊緣運算與持續增加頻寬的規定。Radware 推出 Terabit 等級 DDoS 緩解平台 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/3E323235C03C4949B03651321676B887 Superhub x VMware助各類企業打造Work Smarter雲端方案 https://www.wepro180.com/superhub_vmware_220505/ G.政府「單一性別做決策會產生盲點」國防院學者杜貞儀：國安領域也需男女平等參與 https://watchout.tw/reports/5EhBdt76F2Ko2LW6JHb9 資策會大改組織架構，宣示轉型為第三方協力機構 https://technews.tw/2022/05/19/organizational-adjustment-of-the-iii/ 資策會設2大研究院拚薪資看齊國際 https://wantrich.chinatimes.com/news/20220520900048-420501 資安螺絲鬆了？　「台灣好玩卡」官網驚見五星旗 https://www.ftvnews.com.tw/news/detail/2022519P12M1 台波舉行經貿諮商會議　簽署三份合作備忘錄達成共識 https://beanfun.com/articles/detail/1526507736206938112?country=tw&site=1 台波蘭簽訂三大合作備忘錄　聚焦半導體、電動車盼台商投資 https://finance.ettoday.net/news/2253224 我布建低軌衛星專家示警與國際接軌問題 https://www.rti.org.tw/news/view/id/2133114 低軌通訊衛星技術、人才與資安不可缺 https://reurl.cc/GxjWzv H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability https://thehackernews.com/2022/05/zyxel-releases-patch-for-critical.html 駭客可遠端解鎖特斯拉還開走！研究員推估：至少 200 萬輛受威脅 https://auto.ltn.com.tw/news/20340/3 手機鑰匙很方便，駭客偷車更easy ! 來看如何在10 秒內開走一輛Tesla Model Y https://reurl.cc/55vYOy 藍牙 LE 被發現有資安問題，恐衝擊包括家用與車用的智慧門鎖 https://www.cool3c.com/article/177395 SEMI E187 訂下半導體資安標準，為何這可能是台灣半導體設備商競爭力突破點 https://buzzorange.com/techorange/2022/05/18/semi-e187/ 電動車轉型腳步跟不上歐洲車廠！英國智庫：倒數三名全是日本品牌 https://auto.ltn.com.tw/news/20324/3 網絡安全專家發現特斯拉無鑰匙系統可被攻破部分功能可被強制控制 https://reurl.cc/q5VQGE 憂台海危機造成半導體斷鏈，傳美日將深化先進半導體合作研發與製造、防止中國竊密 https://www.thenewslens.com/article/166929 防半導體供應斷鏈美歐將設早期預警系統 https://www.worldjournal.com/wj/story/121209/6317647 I.教育訓練物聯網時代的15堂資安基礎必修課 (Practical Iot Hacking: The Definitive Guide to Attacking the Internet of Things) https://www.tenlong.com.tw/products/9786263241756?list_name=p-r-zh_tw 中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班：全面招生中 https://www.cs.nycu.edu.tw/announcements/detail/8778 2022「證券期貨資訊安全實務養成課程」即日起開始報名 https://www.sfi.org.tw/news/news-7/3589 網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works) https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html 【資安管理國際證照懶人包】學習心得、考試要點一次整理！2022 轉職夢幻工作看這篇 https://buzzorange.com/techorange/2021/12/30/isaca/ CISSP考試心得 – Benson https://reurl.cc/GbWvxd CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 110年新進人員「校園資訊安全講座」教材 https://cc.nccu.edu.tw/p/406-1001-740,r18.php 【訓練教材D】資訊安全技術教育訓練教材 https://iscb.nchu.edu.tw/2019/07/d.html 109資通安全管理法數位教育訓練 https://reurl.cc/ARlmqp 110-1初級資訊安全工程師-資訊安全管理概論 https://yamol.tw/exam.php?id=104050 中大信息工程學系栽培資訊科技領導人才 https://reurl.cc/ARZKDK 伊雲谷、中山大學產學合作累積雲端資安人才能量 https://ctee.com.tw/industrynews/technology/587459.html SANS Cyber Aces Online Tutorials https://tutorials.cyberaces.org/tutorials.html Free Online Cybersecurity Courses (MOOCs) https://www.cyberdegrees.org/resources/free-online-courses/ Develop Your Cybersecurity Skills https://www.cybrary.it/catalog/cybersecurity/ Mobile App Security https://www.cybrary.it/course/mobile-app-security/ Introduction to Cybersecurity https://reurl.cc/bnaj6d How to Tackle SaaS Security Misconfigurations https://thehackernews.com/2021/11/how-to-tackle-saas-security.html How to Build a Security Awareness Training Program that Yields Measurable Results https://thehackernews.com/2021/11/how-to-build-security-awareness.html Common Attacks https://choson.lifenet.com.tw/?p=1174 6.近期資安活動及研討會駭客奪旗攻防演練：金融資安人才養成專班(第1期) 2022/04/28~2022/06/09 https://www.tabf.org.tw/CourseDetail.aspx?PID=487750 沙崙資安基地線上免費資安課程多的是你不知道的事-揭秘OSINT 2022/5/24 https://bit.ly/3vDkjYO 釣魚釣魚釣到你_白帽駭客教你如何利用人性弱點突破防禦 2022/5/25 http://www.cs.thu.edu.tw/web/news/detail.php?id=4129 資安政策法規標準 2022/5/25 ~ 2022/5/26 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19873 「零信任資安時代下的機會與挑戰」論壇(線上) 2022/5/26 https://seminars.tca.org.tw/D15t00933.aspx 從 ISO 合規看企業設備資安管理 - 線上研討會 2022/5/26 https://jamf.kktix.cc/events/jamfnation-compliance-webinar 國家高速網路與計算中心教育訓練「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=course_index 【公益資訊安全講座】－【非營利組織的個資與資安防護觀念建立】 2022/06/01 https://taiwanngo.tw/Post/81845 HITCON FreeTalk 2022 - 烏俄網路戰 & CTF 經驗分享 2022/6/6 https://hitcon.kktix.cc/events/hitcon-freetalk-2022 資訊安全系列課程系列九：機器學習與資安異常診斷實務(第1期) 2022/6/7 https://www.tabf.org.tw/CourseDetail.aspx?PID=487302 醫療資安女力論壇 2022/6/11 https://isipevent.kktix.cc/events/e58d0573-copy-1 資訊安全管理(週日班) 2022/7/3 ~ 2022/8/28 https://mymcu.mcu.edu.tw/zh-hant/product/e022205151 創科資訊②⓪②②軟體開發實戰訓練營➠線上實習說明會 2022/7/6 https://trunk-studio.kktix.cc/events/monosparta-code-camp-2022-9 風險導向資安稽核 2022/7/20 https://www.cisanet.org.tw/Course/Detail/2756 HITCON PEACE 2022 台灣駭客年會 2022/8/19 ~ 2022/8/20 https://hitcon.kktix.cc/events/hitcon-peace-2022 2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22 https://jamf.kktix.cc/events/cybersec2022jamf