###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/6/13 ~ 2022/6/17 1.重大弱點漏洞/後門/Exploit/Zero Day Sophos防火牆3月底的漏洞修補，傳出中國駭客在此之前就已經著手濫用 https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/ 中國駭客攻擊Sophos防火牆漏洞 https://www.ithome.com.tw/news/151493 Chinese Hackers Exploited Sophos Firewall Zero-Day Flaw to Target South Asian Entity https://thehackernews.com/2022/06/chinese-hackers-exploited-sophos.html F5重大資安漏洞已陸續出現嚴重攻擊，請盡快修補及管控 https://www.cc.ntu.edu.tw/chinese/cert/cert20220616.asp Splunk重大漏洞恐被攻擊者用於執行任意程式碼 https://www.securityweek.com/critical-code-execution-vulnerability-patched-splunk-enterprise? Citrix ADM重大漏洞可讓攻擊者重設管理員密碼 https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512 SAP修補嚴重的NetWeaver漏洞 https://onapsis.com/blog/sap-security-patch-day-june-2022-improper-access-control-can-compromise-your-systems 電子郵件系統Zimbra漏洞恐讓攻擊者竊取用戶明文密碼 https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/ 思科修補電子郵件防護系統可被用於繞過身分驗證的漏洞 https://www.bleepingcomputer.com/news/security/cisco-secure-email-bug-can-let-attackers-bypass-authentication/ IE瀏覽器淘汰了！微軟宣佈6/16停止支援 https://times.hinet.net/news/23967750 曾全球市占率第一！微軟今淘汰IE　仍有近3千萬人仍死守 https://www.setn.com/News.aspx?NewsID=1131089 資安業者指控微軟對Azure Synapse Analytics漏洞回應不夠積極 https://www.theregister.com/2022/06/14/security_azure_patch/ 微軟修補MSDT零時差漏洞 https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2022-patch-tuesday-fixes-1-zero-day-55-flaws/ 快更新Windows！微軟終於修復Follina漏洞、阻斷中國駭客攻擊 https://3c.ltn.com.tw/news/49667 俄羅斯駭客Sandworm疑在2個月前開始利用Follina漏洞攻擊烏克蘭 https://cert.gov.ua/article/160530 Microsoft 推出 2022 年 6 月 Patch Tuesday 資安更新包，修復Follina 等 55 個漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9920 Patch Tuesday: Microsoft Issues Fix for Actively Exploited 'Follina' Vulnerability https://thehackernews.com/2022/06/patch-tuesday-microsoft-issues-fix-for.html Technical Details Released for 'SynLapse' RCE Vulnerability Reported in Microsoft Azure https://thehackernews.com/2022/06/technical-details-released-for-synlapse.html Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/6595755?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E Security bulletin: Security Bulletin: IBM Security QRadar Event and Flow Exporter App is vulnerable to using components with known vulnerabilities (CVE-2021-31535, CVE-2020-17541) https://www.ibm.com/support/pages/node/6595743?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E Security bulletin: Security Bulletin: Nanoid as used by IBM QRadar Use Case Manager App is vulnerable to information disclosure (CVE-2021-23566) https://www.ibm.com/support/pages/node/6595741?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E Security bulletin: Security Bulletin: Apache Kafka as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-38153, CVE-2018-17196) https://www.ibm.com/support/pages/node/6595739?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E Security bulletin: Security Bulletin: Pip as used by IBM QRadar Advisor With Watson is vulnerable to multiple vulnerabilities (CVE-2019-20916, CVE-2021-3572, CVE-2018-20225) https://www.ibm.com/support/pages/node/6595273?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E High-Severity RCE Vulnerability Reported in Popular Fastjson Library https://thehackernews.com/2022/06/high-severity-rce-vulnerability.html 研究人員揭露Intel與AMD處理器的旁路攻擊漏洞 https://times.hinet.net/news/23969647 x86 CPU 最新漏洞，駭客可遠端竊取金鑰，Intel 全部處理器受影響 https://vitomag.com/tech/oyoprq.html 研究人員揭露Intel、AMD處理器旁路攻擊手法Hertzbleed https://www.hertzbleed.com/ New Hertzbleed Side Channel Attack Affects All Modern AMD and Intel CPUs https://thehackernews.com/2022/06/new-hertzbleed-side-channel-attack.html Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens https://thehackernews.com/2022/06/unpatched-travis-ci-api-bug-exposes.html 駭客還在利用3年前的Telerik UI漏洞以植入Cobalt Strike與挖礦軟體 https://www.ithome.com.tw/news/151464 多款瀏覽器外掛程式錢包存在安全性漏洞，目前MetaMask及Phantom已修復 https://www.techbang.com/posts/97208-browser-plugin-wallets WordPress表單外掛程式Ninja Forms漏洞已遭利用 https://www.wordfence.com/blog/2022/06/psa-critical-vulnerability-patched-in-ninja-forms-wordpress-plugin/ Over a Million WordPress Sites Forcibly Updated to Patch a Critical Plugin Vulnerability https://thehackernews.com/2022/06/over-million-wordpress-sites-forcibly.html 研究人員揭露攻擊蘋果M1晶片的手法PACMAN https://pacmanattack.com/ 研究人員發現可擊破M1晶片最後防線、執行程式碼的PACMAN漏洞 https://www.ithome.com.tw/news/151404 不能只看CVSS分數！從商業風險判斷弱點管理的優先程度 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9917 2.銀行/金融/保險/證券/支付系統/金融監理 新聞及資安 NordVPN: 台灣信用卡資料於暗網市場售價是全球平均2倍 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9904 從第一銀行遭駭客入侵盜領案 論述刑法對資安保障 https://twnewshub.com/archives/30752 創業3年獲Gogolook策略投資，日本金融廳、紐約金融署都青睞的鏈奇科技什麼來頭 https://meet.bnext.com.tw/articles/view/49186 第一金強化經營韌性；擬穩健擴張海外業務 https://www.ttv.com.tw/finance/view/062022171131C9E85CFD56344C73A509DABD761CD0A0C470/587 強化資安 元大金五子公司通過個資管理制度驗證 https://money.udn.com/money/story/5613/6386377?from=edn_newestlist_cate_side 元大金旗下5家子公司通過個資管理制度驗證 https://turnnewsapp.com/livenews/finance/A95634002022061415484577 元大金五子公司 通過PIMS驗證 https://wantrich.chinatimes.com/news/20220615900087-420101 完善法令遵循及內控內稽制度　銀行進入全面法令遵循體制 https://news.tvbs.com.tw/money/1817384 精誠資訊「智慧金融軟體學院」開跑 歡迎新鮮人加入 https://www.1111.com.tw/news/jobns/146068 國泰金控公司治理評鑑6度挺進前5% 旗下國泰人壽推業界首創眼睛保險 https://reurl.cc/7DqrEk 職員：銀行系統顯示已發出 OTP或遭駭客刪除 https://reurl.cc/anD9b4 上海解封又一亂象! 不會行動支付、ATM又故障 老年人凌晨兩點就去銀行排隊 https://reurl.cc/p1RgeQ 享受購物更要精打細算 聯卡中心讓分期付款變聰明了 https://reurl.cc/j1e80D 全台首張 萬事達卡推數位優先卡 https://www.chinatimes.com/newspapers/20220613000269-260208?chdtv 淡海輕軌新「發現」　感應信用卡就能入站 https://www.cardu.com.tw/news/detail.php?46379 3.電子支付/行動支付/pay/資安 投資趨勢！ 國泰數位支付服務ETF熱門 https://reurl.cc/VDoEbY 發卡機構首推視障人士「共融卡」　配備凸字壓印、點字助電子支付原文網址: 發卡機構首推視障人士「共融卡」　配備凸字壓印、點字助電子支付 | 香港01 https://www.hk01.com/sns/article/782520 https://reurl.cc/NAorK9 91APP、Atome 拓先買後付市場 https://reurl.cc/zZkena 國泰投信：數位支付服務商機引爆 https://wantrich.chinatimes.com/news/20220615900092-420401 LINE Pay、一卡通分手，誰是贏家 https://www.bnext.com.tw/article/69965/line-pay-ipass-note 南韓廢除硬幣、瑞典無現金社會！法人：全球加速邁向「Pay 經濟」 https://technews.tw/2022/06/14/cashless/ Pay經濟崛起 迎數位支付百兆商機 https://money.udn.com/money/story/5636/6391214 臉書買芒果遭偷設定第三方支付 2小時被盜刷8次共19萬 https://news.pts.org.tw/article/584624 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約 資安 Create NFT Market Place without any libraries like openZeppelin (part 1) https://amirdiafi.medium.com/create-nft-market-place-without-any-libraries-like-openzeppelin-part-1-7c3bbc04c23f 波場聯合儲備宣布已斥資1億USDC購買TRX https://news.cnyes.com/news/id/4892593 比特幣大騙局:竊盜、駭客、投機者，加密貨幣交易所Mt. Gox的腐敗運作與破產真相 https://ebook.hyread.com.tw/bookDetail.jsp?id=294921 安全團隊：BlockSec成功攔截針對FSWAP 的駭客攻擊 https://news.cnyes.com/news/id/4892969 Celsius暫停出金第四日，執行長首度發言狂跳針：感謝最強大的Celsius社群 https://news.cnyes.com/news/id/4893309 Fei Labs：不支持通過 FEI PCV 來償還 Fuse 平台的用戶損失 https://news.cnyes.com/news/id/4893227 三箭資本將超1.4萬枚stETH轉換為約1366萬枚USDT https://news.cnyes.com/news/id/4894154 比特幣重挫！薩爾瓦多一夕蒸發16億　總統透露還要繼續買 https://news.tvbs.com.tw/world/1822161 「這群人」與幣安合作推NFT，作品經典元素、內容、台詞以盲盒出售 https://www.bnext.com.tw/article/69957/tgop-binance-nft Meta Quest 2 適用的 Horizon Home 虛擬實境社群服務將於下週推出 擴展元宇宙應用發展 https://www.cool3c.com/article/178421 華碩雲端總經理吳漢章：相信台灣第一個元宇宙醫院很快就會誕生 https://news.sina.com.tw/article/20220613/42013766.html Coinbase 宣布將裁員超過 1000 人！加密冬天真的來了 https://buzzorange.com/techorange/2022/06/15/cryptocurrency-bear-coinbase/ Optimism駭客已歸還1700萬枚OP https://news.cnyes.com/news/id/4890007 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 18款 Windows 防毒軟體大PK！8款掃毒防護獲評為最佳 https://3c.ltn.com.tw/news/49549 Qbot 惡意軟體現正利用 Windows MSDT 0-day 漏洞發動釣魚攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9908 勒索軟體BlackCat透過ProxyLogon漏洞入侵受害組織 https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/ 勒索軟體BlackCat架設個資外洩查詢網站，疑透過員工向受害組織施壓 https://www.bleepingcomputer.com/news/security/ransomware-gang-creates-site-for-employees-to-search-for-their-stolen-data/ 行動裝置後門程式SeaFlower竊取加密貨幣錢包的通關密語 https://blog.confiant.com/how-seaflower-%E8%97%8F%E6%B5%B7%E8%8A%B1-installs-backdoors-in-ios-android-web3-wallets-to-steal-your-seed-phrase-d25f0ccdffce Atlassian Confluence重大漏洞也被勒索軟體駭客利用 https://www.bleepingcomputer.com/news/security/confluence-servers-hacked-to-deploy-avoslocker-cerber2021-ransomware/ 伊朗駭客利用DNS後門程式對能源組織下手 https://www.zscaler.com/blogs/security-research/lyceum-net-dns-backdoor 駭客組織Black Basta鎖定虛擬化平臺發展勒索軟體、攻擊者利用微軟Office重大漏洞對烏克蘭下手 https://reurl.cc/Erv2dK 中國駭客組織散布WinDealer惡意軟體有新手法，已具旁觀者攻擊手法能力 https://reurl.cc/0peDA6 非洲最大連鎖超市Shoprite遭勒索軟體RansomHouse攻擊 https://times.hinet.net/news/23971812 安卓用戶快刪這5款APP！木馬病毒入侵照片編輯軟體「個資盜光光」，200萬名用戶恐受害 https://www.storm.mg/lifestyle/4383846 P2P殭屍網路Panchan鎖定教育單位的Linux伺服器而來 https://www.akamai.com/blog/security/new-p2p-botnet-panchan 駭客組織8220也利用Atlassian Confluence伺服器挖礦 https://blog.checkpoint.com/2022/06/09/crypto-miners-leveraging-atlassian-zero-day-vulnerability/ Cerber2021 Ransomware Back in Action https://blog.cyble.com/2022/06/17/cerber2021-ransomware-back-in-action Panchan’s Mining Rig: New Golang Peer-to-Peer Botnet Says “Hi!” https://www.akamai.com/blog/security/new-p2p-botnet-panchan Analysis of a secret theft attack against multiple institutions in South Korea https://www-freebuf-com.translate.goog/articles/paper/329379.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=zh-TW F5 Labs Investigates MaliBot https://www.f5.com/labs/articles/threat-intelligence/f5-labs-investigates-malibot GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool https://unit42.paloaltonetworks.com/pingpull-gallium/ Telerik UI exploitation leads to cryptominer, Cobalt Strike infections https://news.sophos.com/en-us/2022/06/15/telerik-ui-exploitation-leads-to-cryptominer-cobalt-strike-infections/ https://github.com/sophoslabs/IoCs/blob/master/Troj-Miner-AED.csv Linux蠕蟲程式Syslogk於受害主機載入後門程式 https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/ Linux Threat Hunting: Syslogk a kernel rootkit found under development in the wild https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/ New Syslogk Linux Rootkit Lets Attackers Remotely Command It Using "Magic Packets" https://thehackernews.com/2022/06/new-syslogk-linux-rootkit-lets.html Malware Android Software Spread by Sidewinder (APT-Q-39) Using Google Play https://mp-weixin-qq-com.translate.goog/s/LaWE4R24D7og-d7sWvsGyg?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en Exposing HelloXD Ransomware and x4k https://unit42.paloaltonetworks.com/helloxd-ransomware/ 微軟：勒索軟體駭客經常以盜來的憑證或Exchange漏洞入侵組織 https://www.ithome.com.tw/news/151425 BlackCat Ransomware Gang Targeting Unpatched Microsoft Exchange Servers https://thehackernews.com/2022/06/blackcat-ransomware-gang-targeting.html A Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage https://thehackernews.com/2022/06/a-microsoft-office-365-feature-could.html MaliBot: A New Android Banking Trojan Spotted in the Wild https://thehackernews.com/2022/06/malibot-new-android-banking-trojan.html Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers https://thehackernews.com/2022/06/panchan-new-golang-based-peer-to-peer.html Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware https://thehackernews.com/2022/06/researchers-detail-purecrypter-loader.html 中國駭客組織Gallium開始利用新的PingPull木馬 https://www.ithome.com.tw/news/151426 中國駭客Gallium利用木馬程式PingPull攻擊電信業者、金融與政府單位 https://unit42.paloaltonetworks.com/pingpull-gallium/ Chinese 'Gallium' Hackers Using New PingPull Malware in Cyberespionage Attacks https://thehackernews.com/2022/06/chinese-gallium-hackers-using-new.html Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses https://thehackernews.com/2022/06/researchers-disclose-rooting-backdoor.html 勒索軟體Hello XD不只加密電腦檔案，還會植入後門 https://unit42.paloaltonetworks.com/helloxd-ransomware/ HelloXD Ransomware Installing Backdoor on Targeted Windows and Linux Systems https://thehackernews.com/2022/06/hello-xd-ransomware-installing-backdoor.html 美國紐澤西州學校因遭勒索軟體攻擊取消期末考 https://therecord.media/new-jersey-school-district-forced-to-cancel-final-exams-amid-ransomware-recovery-effort/ Researchers Uncover 'Hermit' Android Spyware Used in Kazakhstan, Syria, and Italy https://thehackernews.com/2022/06/researchers-uncover-hermit-android.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 通行密鑰 Passkeys是什麼？Apple為何要推無密碼登錄技術 https://mrmad.com.tw/apple-passkeys Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users https://thehackernews.com/2022/06/chinese-hackers-distribute-backdoored.html 點擊 App 太慢了！Google 官方推薦 5 款超實用 Android 「桌面小工具」 https://3c.ltn.com.tw/news/49669 精誠攜手互動資通跨入EIM企業即時通訊協作市場 提升營運績效 http://www.ctimes.com.tw/DispNews-tw.asp?O=HK66F9BYCE0SAA00NC 多人會議同時講話也不怕聽不清！微軟如何靠 AI 技術打造更好的通話體驗 https://buzzorange.com/techorange/2022/06/15/microsoft-teams-ai/ iOS 16和Android 13的更新，到底將為你的手機帶來什麼改變 https://www.techbang.com/posts/97042-ios16-android13 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 網絡安全專家：小心被駭 別用公共Wi-Fi付賬 https://reurl.cc/Lmo0Oy 資安規範建立是場公司營運大挑戰，領導者沒有時間慢慢熬了 https://buzzorange.com/techorange/2022/06/13/2022-data-security-management/ IT 部門為何變成財務黑洞？除了工程師不善溝通，還有這些問題要面對 https://www.managertoday.com.tw/columns/view/65312 公有雲業者仍在客戶VM下暗中安裝軟體 https://times.hinet.net/news/23967517 任天堂駭客團夥策劃者：他賺了幾十億 我偷點又何妨 https://reurl.cc/QLo7K9 46% 資深高階資安人員因駭侵防範壓力大增而萌生辭意 https://www.twcert.org.tw/tw/cp-104-6223-bc820-1.html 臺資安業者揭露國內AD防護現況，盤點AD攻擊路徑與管理者帳號是當務之急 https://www.ithome.com.tw/news/151458 Smilodon駭客組織鎖定WordPress網站發動側錄攻擊 https://blog.sucuri.net/2022/06/smilodon-credit-card-skimming-malware-shifts-to-wordpress.html 捲土重來的 AlphaBay，將再次稱霸暗網市場 https://www.inside.com.tw/article/28035-alphabay-is-taking-over-the-dark-web-again 電商業者的人財兩失殺手：彈出式廣告劫持 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9912 美國網安公司：中國駭客攻擊澳洲與東南亞達10年 https://udn.com/news/story/7331/6386546?from=udn-catebreaknews_ch2 中國傲琴龍 駭攻亞太國家10年 https://news.ltn.com.tw/news/world/paper/1523092 中共駭客攻擊以色列、伊朗、沙烏地阿拉伯以獲取商業和技術機密 https://gnews.org/post/p1463054 中國電商公司兩名員工離職報復公司：將所有商品改為一折 https://www.techbang.com/posts/97110-the-change-of-goods-to-a-one-fold-discount-led-to-a-loss-of 香港傳真社停運涉國安否 創辦人：沒資料 聲明稱財政穩健 未交代停運原因 https://reurl.cc/6ZRaRd 駭客洩露新疆集中營內的大量檔 https://gnews.org/post/p2599493 俄羅斯駭客Sandworm疑在2個月前開始利用Follina漏洞攻擊烏克蘭 https://cert.gov.ua/article/160530 美警示中國駭客攻擊電信業態勢，16個網路設備已知漏洞最常被鎖定 https://www.ithome.com.tw/tech/151476 美國網路「觸角」伸向俄烏戰場或導致俄烏衝突升級和擴大 https://reurl.cc/6ZRy15 美國情報機構加強鎖定中國 華裔擔憂遭殃 https://udn.com/news/story/6809/6393280 美國情報總監辦公室：情報收集聚焦中國而不是華裔或亞裔美國人 https://www.voacantonese.com/a/spy-agencies-focus-on-china-could-snare-chinese-americans-20220615/6618662.html 大規模HTTPS流量DDoS攻擊鎖定Cloudflare免費用戶下手 https://blog.cloudflare.com/26m-rps-ddos/ Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second https://thehackernews.com/2022/06/cloudflare-saw-record-breaking-ddos.html 資通訊人才先卡位，中華電今年釋出近千職缺需求 https://technews.tw/2022/06/17/cht-3/ 中華電衝刺5G創新應用　釋近千名基層ICT職缺 https://www.ftvnews.com.tw/news/detail/2022617W0087 5L新光人壽-資訊安全管理師(有相關經驗、證照者從優核敘) https://www.skfh.com.tw/hr/job_detail.aspx?id=20489 Java Engineer https://hunter.104.com.tw/en/job/FG00005641 資安技術顧問助理_台北 https://www.104.com.tw/job/7nvua 資安產品經理 https://www.104.com.tw/job/7nvjb REQ_2204632 AW0130資安技術工程師 https://www.104.com.tw/jobs/apply/analysis/7l7qk?channel=104rpt&jobsource=apply_analyze 未來十年，這 30 個高薪職位最缺工！根據美國勞工局預測 https://www.managertoday.com.tw/articles/view/65256 資安助理顧問 https://www.104.com.tw/job/7iyxw?jobsource=jolist_c_date 資安鑑識支援工程師-ACSI https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E9%91%91%E8%AD%98%E6%94%AF%E6%8F%B4%E5%B7%A5%E7%A8%8B%E5%B8%AB-acsi-at-acer-3124895080/?originalSubdomain=tw 技術副理-ACSI https://www.linkedin.com/jobs/view/%E6%8A%80%E8%A1%93%E5%89%AF%E7%90%86-acsi-at-acer-3124888995/?originalSubdomain=tw 資安管理師 https://www.104.com.tw/job/7nydp 資訊安全工程師 https://www.104.com.tw/job/7o047 【資訊】雲端資安工程師 https://www.yourator.co/companies/cathaybk/jobs/24754 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 地下市場最常見 10 大「外洩密碼」別再用！免費工具 1 秒就破解 https://3c.ltn.com.tw/news/49664 別再用這10組密碼！駭客用免費工具秒破解　加「1符號」提高安全度 https://www.ftvnews.com.tw/news/detail/2022616W0158 免費VPN服務疑資料庫配置不當，曝露2,500萬筆記錄 https://cybernews.com/security/25-million-free-vpn-user-records-exposed/ 【部分錯誤】網傳「BT網站能夠免費下載電影、軟體、電玩，十年前因沒有金錢交易，純自己觀賞，上傳下載的人都不違法，現在這個下載方式被改變，會自動上傳，變成犯法」 https://tfc-taiwan.org.tw/articles/7679 【基輔連線】用真實來打這場俄國資訊戰 烏克蘭查核組織《Vox Check》 https://tfc-taiwan.org.tw/articles/7674 疫情宅家上網釀個資破口　狂接投資詐騙電話...刑大曝3招防詐 https://www.ettoday.net/news/20220613/2271885.htm 資安零信任 防詐先查證 https://times.hinet.net/news/23965247 Messenger 點擊網址詐騙達高峰！數百萬用戶FB 帳密遭盜洩個資 https://3c.ltn.com.tw/news/49590 網購芒果遭假小編騙個資 盜刷19萬 https://news.ebc.net.tw/news/society/321873 網路購物平台易淪洩漏個資管道 刑大提醒慎選投資標的 https://www.chinatimes.com/realtimenews/20220613002038-260402?chdtv 真有老大哥在背後監視我們？專家破解 21 個關於國家資料隱私的傳言 https://buzzorange.com/techorange/2022/06/16/hoozbook-i-have-nothing-to-hide/ 個資外洩名人經驗慘 專家：送修前鎖硬碟｜#鏡新聞 https://reurl.cc/vdxq8l 軟體開發測試平臺Travis CI恐曝露數千個GitHub、AWS、Docker憑證 https://blog.aquasec.com/travis-ci-security 投資詐騙局中局 中市4被害人遭扒2次皮 https://reurl.cc/GxYmYW 被騙金錢能追回？網紅親砸12萬為粉絲買教訓　直呼：別再2次上當 https://www.ftvnews.com.tw/news/detail/2022611W0128 E.研究報告/工具 python駭客攻防入門下載-Python鍵盤鉤取的自我理解 https://tw.pythontechworld.com/article/detail/ZeAw4IpJ7SM8 123個hacker必備的Python工具 https://tw.pythontechworld.com/article/detail/eidD1gnQHN3I 網路資安溯源 (cyber attribution),只是單純找出幕後駭客而已嗎 https://blog.trendmicro.com.tw/?p=72744 假投資詐騙橫行 北市警提醒注意網路安全 https://udn.com/news/story/7320/6384973 開源工具減輕維運負擔　從頭示範如何安裝、設定及使用 Icinga2自動監控　隨時掌控系統網路服務 https://www.netadmin.com.tw/netadmin/zh-tw/technology/8B9958055B1E4BC7BE5ED3EACD383D10 The Latest .NET 7 Features Will Change the Way You Code https://medium.com/dotnetsafer/the-latest-net-7-features-will-change-the-way-you-code-b62b2611b910 Security Notice: Extension Disk Encryption Issue https://medium.com/metamask/security-notice-extension-disk-encryption-issue-d437d4250863 Going Behind the Scenes of Foursquare’s Places API https://medium.com/foursquare-direct/going-behind-the-scenes-of-foursquares-places-api-bed74f8f1d14 What is LaMDA and What Does it Want https://cajundiscordian.medium.com/what-is-lamda-and-what-does-it-want-688632134489 Stop using Alpine Docker images https://medium.com/inside-sumup/stop-using-alpine-docker-images-fbf122c63010 Automatic Feature Selection in python https://danilzherebtsov.medium.com/automatic-feature-selection-in-python-f72ec69215fe How I Found a company’s internal S3 Bucket with 41k Files https://infosecwriteups.com/how-i-found-a-companys-internal-s3-bucket-with-41k-files-94b453e588b5 The Do’s and Don’ts of Try-Catch in JavaScript https://javascript.plainenglish.io/the-dos-and-don-ts-of-try-catch-in-javascript-75c4e8c82200 Advanced Interactive Dashboard in Python https://medium.com/@jairotunior/advanced-interactive-dashboards-in-python-cc2927dcde07 Difference Between Agent-Based and Network-Based Internal Vulnerability Scanning https://thehackernews.com/2022/06/difference-between-agent-based-and.html Quick and Simple: BPFDoor Explained https://thehackernews.com/2022/06/quick-and-simple-bpfdoor-explained.html Reimagine Hybrid Work: Same CyberSec in Office and at Home https://thehackernews.com/2022/06/reimagine-hybrid-work-same-cybersec-in.html F.商業 趨勢科技：石油及天然氣產業遭受工業設備網路攻擊損失最嚴重 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9907 攻擊停留時間平均超過10天！IAB「隱形」入侵讓多個攻擊者可能鎖定同一目標 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9909 Fortinet 發布新產品 FortiNDR，以人工智慧偵測並回應威脅攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9903 Check Point Harmony Mobile 4.0整合三星安全平台 Samsung Knox https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9905 NetApp 簡化混合雲操作，因應勒索軟體威脅，協助加速 VMware 工作負載上雲 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9906 傳聞美國國防承包商L3Harris有意買下以色列駭客公司NSO Group https://times.hinet.net/news/23969443 全球企業憂心數位受攻擊面控管問題將影響資安風險 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000637455_WVW5RLEV4MW0J66UI9MY3 再創佳績！蓋亞資訊連續兩年獲頒IMPERVA年度全球傑出業務獎 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=16&id=0000637350_4ZY2P27C6QP8K3LOHOK6M 軟體供應鏈必學資安課題，如何拉近開發與資安的距離 https://buzzorange.com/techorange/2022/06/17/gss-checkmarx/ 趨勢科技推出TMMNS方案 落實5G專網點對點聯合防禦 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=13&cat=80&id=0000637288_3IN1N2B890QFYU7E51B6E F5發表NGINX for Microsoft Azure提供安全高效能的應用交付 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9914 A10 Networks資安系統降低DDoS攻擊 https://www.mem.com.tw/a10-networks%E8%B3%87%E5%AE%89%E7%B3%BB%E7%B5%B1%E9%99%8D%E4%BD%8E/ 平衡才是王道！後疫時代下企業關注資安防禦和商業敏捷性的平衡 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9918 美國Fintech業者併購臺灣資安新創Cybavo https://www.ithome.com.tw/news/151406 微軟併購外國網路威脅情資業者Miburo https://blogs.microsoft.com/blog/2022/06/14/microsoft-to-acquire-miburo/ 宏碁集團也搶儲能商機 旗下智頻、展碁國際聯手布局 https://news.cnyes.com/news/id/4890167?exp=a 魚與熊掌可兼得！AWS 助資安長打造可兼顧企業效率的資安架構 https://buzzorange.com/techorange/2022/06/13/aws-cso/ 趨勢科技最新研究顯示：可視性與控管上的漏洞正在侵蝕企業資安 https://www.techbang.com/posts/96980-trendmicro-research-reveals-struggle-control-cyber-risks Google Cloud計算出π小數點位後第100兆位數，再次打破世界紀錄 https://www.ithome.com.tw/news/151400 Google、SAP 都有！為員工爭取幸福的 CHO，為何在近年格外重要 https://www.managertoday.com.tw/articles/view/65257 G.政府 員工罵恩爸「塔綠班」 新北市府封網禁上PTT https://www.youtube.com/watch?v=V3dqDl5EYf0 網紅四叉貓指新北封PTT 市府：正常網管作為 https://newtalk.tw/news/view/2022-06-13/769764 口罩國家隊疑遭網軍攻擊　她被控操控「24帳號」誹謗結果出爐 https://www.ettoday.net/news/20220616/2274244.htm 學習歷程檔案遺失「虛擲8千萬公帑」　監察院糾正國教署：要究責 https://www.ettoday.net/news/20220617/2274889.htm 台北通取得ISO 27701認證 首創三項資安及個資保護認證市政APP https://doit.gov.taipei/News_Content.aspx?n=4B2B1AB4B23E7EA8&sms=72544237BBE4C5F6&s=9E612EF2ACE463DD 林佳龍提北市政見「元宇宙、NFT入列」　4年投100億拚觀光 https://www.mirrormedia.mg/story/20220613edi016/ 設置智慧與綠能產業服務共創基地　桃市府攜手北科大簽署MOU https://reurl.cc/p1RgKd H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 智慧監控效益不打折 威剛工控「軟硬兼施」為場域安全把關 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=16&id=0000637276_LT11N4AK8DCPEW5WWKIX7 豐田遭「羅賓漢」網路攻擊 汽車生產受影響 https://ec.ltn.com.tw/article/breakingnews/3960957 豐田車廂感知系統運用毫米波雷達偵測車內生物 https://www.digitimes.com.tw/iot/article.asp?cat=158&id=0000637241_GRX12UAF5O01MZ0MTMZUX DEKRA德凱攜手趨勢科技子公司VicOne打造車用資安認證整合服務 https://zeekmagazine.com/archives/174999 工業設備網路攻擊造成企業數百萬美元損失 https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=16&id=0000637456_43258QSJ4ESBBK74V4RVX TXOne EdgeIPS Pro 216 為中小型製造業確保營運安全不中斷 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/27BAD4503BFD47C59CBD5A76BB339241 趨勢旗下VicOne、德凱 推車用資安認證 https://wantrich.chinatimes.com/amp/news/20220617900037-420501 催生超低功耗邊緣AI應用　tinyML賦予MCU產業新契機 https://www.eettaiwan.com/20220617nt31-tinyml-gives-mcu-industry-new-opportunities/ 法國FIC論壇示警：產業OT資安遠遠落後於資訊科技 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=4b8db8dc-f3f9-4c7d-85f5-352848748a79 意法/AWS合作開發IoT AWS雲端連接方案 https://www.mem.com.tw/%E6%84%8F%E6%B3%95-aws%E5%90%88%E4%BD%9C%E9%96%8B%E7%99%BCiot-aws%E9%9B%B2%E7%AB%AF%E9%80%A3%E6%8E%A5%E6%96%B9%E6%A1%88/ 台日工控資安交流 捷而思分享身份認證再進化 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000636966_VLIL0J0K5AKD6M7C42OB0 製造業做淨零，只能手抄機台數據、再鍵入電腦？一個聰明的新方法 https://www.businessweekly.com.tw/carbon-reduction/blog/3009982 華碩建構OT資安工控，鞏固智慧製造防護網 https://www.techbang.com/posts/96972-asus-builds-ot-information-security-industrial-control I.教育訓練 物聯網時代的15堂資安基礎必修課 (Practical Iot Hacking: The Definitive Guide to Attacking the Internet of Things) https://www.tenlong.com.tw/products/9786263241756?list_name=p-r-zh_tw 中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班：全面招生中 https://www.cs.nycu.edu.tw/announcements/detail/8778 2022「證券期貨資訊安全實務養成課程」即日起開始報名 https://www.sfi.org.tw/news/news-7/3589 網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works) https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html 【資安管理國際證照懶人包】學習心得、考試要點一次整理！2022 轉職夢幻工作看這篇 https://buzzorange.com/techorange/2021/12/30/isaca/ CISSP考試心得 – Benson https://reurl.cc/GbWvxd CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 110年新進人員「校園資訊安全講座」教材 https://cc.nccu.edu.tw/p/406-1001-740,r18.php 【訓練教材D】資訊安全技術教育訓練教材 https://iscb.nchu.edu.tw/2019/07/d.html 109資通安全管理法數位教育訓練 https://reurl.cc/ARlmqp 110-1初級資訊安全工程師-資訊安全管理概論 https://yamol.tw/exam.php?id=104050 中大信息工程學系 栽培資訊科技領導人才 https://reurl.cc/ARZKDK 伊雲谷、中山大學產學合作 累積雲端資安人才能量 https://ctee.com.tw/industrynews/technology/587459.html SANS Cyber Aces Online Tutorials https://tutorials.cyberaces.org/tutorials.html Free Online Cybersecurity Courses (MOOCs) https://www.cyberdegrees.org/resources/free-online-courses/ Develop Your Cybersecurity Skills https://www.cybrary.it/catalog/cybersecurity/ Mobile App Security https://www.cybrary.it/course/mobile-app-security/ Introduction to Cybersecurity https://reurl.cc/bnaj6d How to Tackle SaaS Security Misconfigurations https://thehackernews.com/2021/11/how-to-tackle-saas-security.html How to Build a Security Awareness Training Program that Yields Measurable Results https://thehackernews.com/2021/11/how-to-build-security-awareness.html Common Attacks https://choson.lifenet.com.tw/?p=1174 資安學習路上-滲透測試實務4 https://www.potatomedia.co/post/4191e744-64f3-4d33-af69-e3591adc2ed0 6.近期資安活動及研討會 科技力x內容力 5G Craft 菁英挑戰賽號召各路英雄 2022/6/15 https://tomorrowsci.com/technology/20225g0526/ 經濟部工業局沙崙資安服務基地 - 智慧製造的痛-駭客攻擊與勒索軟體威脅 2022/6/16 https://www.cisanet.org.tw/Course/Detail/2836 【滲透與入侵 - 供應鏈資安威脅】資安跨域交流活動 2022/6/20 https://www.tca.org.tw/exhibit_info1.php?n=1716 經濟部工業局沙崙資安服務基地 - 日誌大數據分析實戰 2022/6/23 https://bit.ly/3sJWjmp 資安沙龍-「把科技力量化為智慧製造供應鏈安全的靠山」 2022/6/27 http://www.twcloud.org.tw/xmevent/cont?xsmsid=0I194031315298462880&sid=0M167435346971609077 資訊安全管理(週日班) 2022/7/3 ~ 2022/8/28 https://mymcu.mcu.edu.tw/zh-hant/product/e022205151 工控資安環境認知課程 2022/7/5 https://www.acw.org.tw/News/Detail.aspx?id=3228 創科資訊②⓪②②軟體開發實戰訓練營➠線上實習說明會 2022/7/6 https://trunk-studio.kktix.cc/events/monosparta-code-camp-2022-9 關鍵基礎設施實作課程(含攻防演練實作) 2022/7/11 https://www.acw.org.tw/News/Detail.aspx?id=3229 工控資安環境認知課程 2022/7/12 https://www.acw.org.tw/News/Detail.aspx?id=3228 風險導向資安稽核 2022/7/20 https://www.cisanet.org.tw/Course/Detail/2756 關鍵基礎設施實作課程(含攻防演練實作) 2022/7/25 https://www.acw.org.tw/News/Detail.aspx?id=3229 關鍵基礎設施實作課程(含攻防演練實作) 2022/8/1 https://www.acw.org.tw/News/Detail.aspx?id=3229 HITCON PEACE 2022 台灣駭客年會 2022/8/19 ~ 2022/8/20 https://hitcon.kktix.cc/events/hitcon-peace-2022 2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22 https://jamf.kktix.cc/events/cybersec2022jamf 關鍵基礎設施實作課程(含攻防演練實作) 2022/9/27 https://www.acw.org.tw/News/Detail.aspx?id=3229