資安事件新聞週報 2022/4/4 ~ 2022/4/8

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/4/4 ~ 2022/4/8 1.重大弱點漏洞/後門/Exploit/Zero Day Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave More Routers https://thehackernews.com/2022/04/beastmode-ddos-botnet-exploiting-new.html CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability https://thehackernews.com/2022/04/cisa-warns-of-active-exploitation-of.html Spring Core出現零時差遠端程式攻擊弱點 https://tanzu.vmware.com/security/cve-2022-22950 https://tanzu.vmware.com/security/cve-2022-22963 https://thehackernews.com/2022/03/unpatched-java-spring-framework-0-day.html?fbclid=IwAR2Fg7nYqASDEY1QJXVDn1OqzqqQvVeI_wxCTGlQ6m9mtH2XiDGGy4Vsdew&m=1 Java開發框架再傳Spring4Shell漏洞是否會引發更大的資安風暴 https://reurl.cc/jkxQ62 駭客企圖開採微軟雲端服務上的SpringShell漏洞 https://www.ithome.com.tw/news/150275 有16%的企業組織面臨針對SpringShell漏洞的嘗試性攻擊 https://blog.checkpoint.com/2022/04/05/16-of-organizations-worldwide-impacted-by-spring4shell-zero-day-vulnerability-exploitation-attempts-since-outbreak/ Sophos Firewall v18.5 MR3 (含)之前版本存在驗證弱點。該弱點允許遠端攻擊者藉由用戶名稱和 Webadmin 中繞過身份驗證。 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-1040 Sonicwall 產品 SonicOS 存在阻斷服務弱點。該弱點允許攻擊者藉由 HTTP 請求的基於堆棧的緩衝區溢出，導致服務阻斷情況或執行任意程式碼。 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22274 程式碼代管平臺GitLab出現重大漏洞，攻擊者可用於接管帳號 https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/ 趨勢科技修補資安防護主控臺Apex Central的RCE漏洞 https://success.trendmicro.com/dcx/s/solution/000290678 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安 FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks https://thehackernews.com/2022/04/fin7-hackers-leveraging-password-reuse.html Ukrainian FIN7 Hacker Gets 5-Year Sentence in the United States https://thehackernews.com/2022/04/ukrainian-fin7-hacker-gets-5-year.html 三無印度銀行中門大開損失百萬盧比 https://www.wepro180.com/bank220408/ 安聯集團將進軍純網路產險　鎖定電信、電商結盟合作 https://www.ftvnews.com.tw/news/detail/2022408W0138 3.電子支付/行動支付/pay/資安美國行動支付Cash資料外洩，820萬用戶受到影響 https://techcrunch.com/2022/04/05/block-cash-app-data-breach/ 英國連鎖零售商The Works遭到網路攻擊，支付系統受到波及 https://otp.tools.investis.com/clients/uk/the_works_stores_ltd/rns/regulatory-story.aspx?cid=2405&newsid=1570877 印度台商推出電子支付鑰匙圈 https://reurl.cc/qOyG8D 歐付寶成首家電子支付繳稅系統 https://reurl.cc/Go7nrd 涉嫌非法使用電子支付APP的2名中國人在日被捕 https://zh.cn.nikkei.com/politicsaeconomy/politicsasociety/48125-2022-03-31-16-18-17.html 印度最大行動支付Paytm 誇口明年Q3前打平 https://reurl.cc/OpdYqA 華為殺入行動支付微信、支付寶迎新勁敵 https://ctee.com.tw/news/china/621355.html 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約資安 This Coin Will Recover All Your Losses https://medium.com/@jessicadoosan09/this-coin-will-recover-all-your-losses-4a328bdd2580 臉書幣復活？Meta 傳要發全新虛擬貨幣，內部稱 Zuck Bucks – INSIDE https://reurl.cc/Opd5Nv 近700萬美元被黑的Ronin資金被發送到Tornado Cash https://news.cnyes.com/news/id/4846694?exp=a Change the Code, Not the Climate！環團要求變更比特幣挖礦方式 https://www.inside.com.tw/article/27244-bitcoin-changethecode-greenpeaceusa 最近NFT詐騙及駭客事件頻傳，新手該注意甚麼 https://www.potatomedia.co/post/9b5c84c6-150d-4ad5-85c1-e94e8d892d5f 攻擊Ronin的駭客向新地址轉入超過2000枚以太坊，並向Tornado Cash轉入1000枚以太坊 https://news.cnyes.com/news/id/4848122?exp=a 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 忽必烈控館長「派人鬧場逼退費」！電腦疑遭植木馬閉館3天 https://www.setn.com/News.aspx?NewsID=1094736 來自俄羅斯的新型惡意間諜程式現蹤！偷聽Android用戶手機、竊個資 https://3c.ltn.com.tw/news/48408 勒索軟體事件激增最新調查：企業高層對網路安全仍缺乏認識 https://cnews.com.tw/124220406a01/ 中國駭客APT10透過影音播放軟體VLC Player側載惡意程式 https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks 挖礦軟體罪犯目標轉向雲端 https://www.ithome.com.tw/news/150332 美國迅速移除惡意軟體！防止俄羅斯網路攻擊 https://times.hinet.net/news/23849982 美俄網戰先交火！美司法部爆秘密刪除俄羅斯惡意軟體擋下網攻 https://www.rti.org.tw/news/view/id/2129373 美先發制人瓦解俄軍駭客殭屍網路 https://news.ltn.com.tw/news/world/breakingnews/3886007 惡意軟體Denonia鎖定無伺服器運算服務AWS Lambda下手，植入XMRig變種挖礦軟體 https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/ 駭客利用惡意網頁導向服務Parrot TDS感染逾1.6萬個網站，目的是散布惡意軟體 https://decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millions/ 木馬程式Borat具備竊密、DDoS攻擊能力，並讓駭客能用於部署勒索軟體 https://blog.cyble.com/2022/03/31/deep-dive-analysis-borat-rat/ 全球2千萬工程師的救星！美國資安獨角獸Snyk找出安全漏洞，靠的是「惡意病毒」 https://meet.bnext.com.tw/articles/view/48920? Conti攻擊多點開花，Panasonic、Konica Minolta、福特等公司遭駭洩露資料 https://www.ithome.com.tw/news/150302 Detecting EnemyBot – Securonix Initial Coverage Advisory https://www.securonix.com/blog/detecting-the-enemybot-botnet-advisory Exposing the Iranian EvilNominatus Ransomware https://www.clearskysec.com/wp-content/uploads/2022/04/EvilNominatus_Ransomware_7.4.22.pdf Google is on guard: sharks shall not pass https://research.checkpoint.com/2022/google-is-on-guard-sharks-shall-not-pass/ Parrot TDS takes over web servers and threatens millions https://decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millions/ Cyber attack of UAC-0010 group (Armageddon) on state organizations of Ukraine https://cert.gov.ua/article/39386 Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group https://otx.alienvault.com/pulse/624ff0af271429d152b5a27e Adversarial Threat Report - April 2022 https://about.fb.com/wp-content/uploads/2022/04/Meta-Quarterly-Adversarial-Threat-Report_Q1-2022.pdf Cado Discovers Denonia: The First Malware Specifically Targeting Lambda - Cado Security | Cloud Investigation https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/ Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique https://blog.malwarebytes.com/threat-intelligence/2022/04/colibri-loader-combines-task-scheduler-and-powershell-in-clever-persistence-technique/ FFDroider Stealer Targeting Social Media platform Zscaler https://www.zscaler.com/blogs/security-research/ffdroider-stealer-targeting-social-media-platform-users Fake E-shops on the prowl for banking credentials using Android malware https://www.welivesecurity.com/2022/04/06/fake-eshops-prowl-banking-credentials-android-malware/ Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials The Latest Remcos RAT Driven By Phishing Campaign https://www.fortinet.com/blog/threat-research/latest-remcos-rat-phishing Windows MetaStealer Malware Report https://isc.sans.edu/diary/rss/28522 Peace through Pegasus: Jordanian Human Rights Defenders and Journalists Hacked with Pegasus Spyware https://citizenlab.ca/2022/04/peace-through-pegasus-jordanian-human-rights-defenders-and-journalists-hacked-with-pegasus-spyware/ Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7 https://www.mandiant.com/resources/evolution-of-fin7 CaddyWiper Analysis: New Malware Attacking Ukraine https://blog.morphisec.com/caddywiper-analysis-new-malware-attacking-ukraine State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage https://research.checkpoint.com/2022/state-sponsored-attack-groups-capitalise-on-russia-ukraine-war-for-cyber-espionage/ Complete dissection of an APK with a suspicious C2 Server https://lab52.io/blog/complete-dissection-of-an-apk-with-a-suspicious-c2-server/ Scammers are Exploiting Ukraine Donations https://www.mcafee.com/blogs/other-blogs/mcafee-labs/scammers-are-exploiting-ukraine-donations/ Cyber attack by UAC-0010 (Armageddon) on state institutions of the European Union https://otx.alienvault.com/pulse/624c210d91980fdfba0319a7 Malicious Word Documents Using MS Media Player (Impersonating AhnLab) https://asec.ahnlab.com/en/33477/ Elephant Framework Delivered in Phishing Attacks Against Ukrainian Orgs https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/ Fresh TOTOLINK Vulnerabilities Picked Up by Beastmode Mirai Campaign https://www.fortinet.com/blog/threat-research/totolink-vulnerabilities-beastmode-mirai-campaign SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps https://thehackernews.com/2022/04/sharkbot-banking-trojan-resurfaces-on.html Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems https://thehackernews.com/2022/04/researchers-uncover-how-colibri-malware.html FBI Shut Down Russia-linked "Cyclops Blink" Botnet That Infected Thousands of Devices https://thehackernews.com/2022/04/fbi-shut-down-russia-linked-cyclops.html U.S. Treasury Department Sanctions Russia-based Hydra Darknet Marketplace https://thehackernews.com/2022/04/us-treasury-department-sanctions-russia.html Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin https://thehackernews.com/2022/04/germany-shuts-down-russian-hydra.html Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers https://thehackernews.com/2022/04/researchers-uncover-new-android-spyware.html Multiple Hacker Groups Capitalizing on Ukraine Conflict for Distributing Malware https://thehackernews.com/2022/04/multiple-hacker-groups-capitalizing-on.html Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums https://thehackernews.com/2022/04/experts-shed-light-on-blackguard.html Stolen Images Campaign Ends in Conti Ransomware https://thedfirreport.com/2022/04/04/stolen-images-campaign-ends-in-conti-ransomware/ New Octo Banking Trojan Spreading via Fake Apps on Google Play Store https://thehackernews.com/2022/04/new-octo-banking-trojan-spreading-via.html First Malware Targeting AWS Lambda Serverless Platform Discovered https://thehackernews.com/2022/04/first-malware-targeting-aws-lambda.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Hackers Distributing Fake Shopping Apps to Steal Banking Data of Malaysian Users https://thehackernews.com/2022/04/hackers-distributing-fake-shopping-apps.html Ukraine Warns of Cyber attack Aiming to Hack Users' Telegram Messenger Accounts https://thehackernews.com/2022/04/ukraine-warns-of-cyber-attack-aiming-to.html Block Admits Data Breach Involving Cash App Data Accessed by Former Employee https://thehackernews.com/2022/04/block-admits-data-breach-involving-cash.html 微軟成立新的Android部門，打算讓Windows與Android之間的流暢度比擬macOS與iOS https://times.hinet.net/news/23842662 小心病毒搬光你的錢？快檢視手機中毒的「7大」症狀 https://3c.ltn.com.tw/news/48410 趕快更新軟體！三星 Android 手機爆資安漏洞「可能被駭客接管」 https://3c.ltn.com.tw/news/48431 致命漏洞快更新！安卓「這4種」手機遭入侵銀行APP危險 https://reurl.cc/EpkgDn Android手機爆資安漏洞！4系統藏「不明代號」　網銀戶頭恐被盜光 https://www.ettoday.net/news/20220406/2224005.htm Google 將多款內藏收集個人資料 SDK Android 軟件下架 https://www.pcmarket.com.hk/google-takes-down-several-android-apps-embedded-personal-data-collection-sdk/ 11款APP快刪！官方證實「恐盜銀行帳密」 6000萬用戶崩潰 https://fnc.ebc.net.tw/fncnews/tech/148913 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力電子郵件行銷公司MailChimp遭駭，牽連加密貨幣業者 https://times.hinet.net/news/23843823 最新資料刪除軟體導致Viasat歐洲通訊衛星斷線 https://www.ithome.com.tw/news/150255 Google Analytics遭網釣駭客用來改善攻擊成效，但同樣也可用來追蹤網釣活動 https://reurl.cc/pW7aDr 美國CISA成立「Shields Up」網站列出可行的重點資安指引 https://www.ithome.com.tw/news/150239 美國國務院宣布設立「網路空間暨數位政策局」，將數位安全列入外交政策 https://www.inside.com.tw/article/27287-cdp-cyberattack-blinken 日本通訊行業龍頭將結束與卡巴斯基的合作關係 https://news.cnyes.com/news/id/4848754 擔憂安保風險日本NTT集團將停用俄卡巴斯基軟體 https://udn.com/news/story/122699/6224792?from=udn-catebreaknews_ch2 網路間諜行動Bearded Barbie鎖定以色列官員而來 https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials 微軟接管俄羅斯駭客Fancy Bear用於攻擊烏克蘭的網域名稱 https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/ 烏克蘭危機：最新的網路攻擊「雨刷」 https://blog.twnic.tw/2022/04/07/22645/ 歐盟擬透過數位服務法向大型網路平台徵收「保護費」 https://ec.ltn.com.tw/article/breakingnews/3884068 中資收購英國晶片廠懸而未決就業國安短中期考慮成焦點 https://www.voacantonese.com/a/6518240.html 英媒指中國開戰前網攻烏克蘭中方：一派胡言 https://money.udn.com/money/amp/story/5599/6214981 被控烏俄開戰前網攻烏克蘭軍事及核子設施中國：一派胡言不足為信 https://newtalk.tw/news/view/2022-04-04/734297 中方支持駭客襲擊印度電力設施？陸外交部：潑中方髒水 https://www.chinatimes.com/realtimenews/20220407004253-260409?chdtv 紐時點出「普丁開戰」真正原因　無法忍受烏克蘭1件事 https://www.ettoday.net/news/20220404/2222614.htm 戰情早被看光？匿名者：成功駭取12萬名俄軍個資 https://news.ltn.com.tw/news/world/breakingnews/3882627 俄政府最大喉舌被「匿名者」洩露近百萬封電郵 https://www.secretchina.com/news/b5/2022/04/08/1002883.html 美、德攜手破獲俄超大暗網 Hydra Market，沒收 543 枚比特幣 https://technews.tw/2022/04/06/worlds-biggest-darknet-marketplace-russia-linked-hydra-market-seized-and-shut-down/ Meta制止俄駭客美司法部制裁俄寡頭及網絡犯罪 https://www.soundofhope.org/post/610190?lang=b5 俄羅斯盜烏軍臉書發投降文！Meta公布駭客入侵手段 https://reurl.cc/qOyGdD 加拿大冀提升數位防禦，推出免費中小企業網路安全認證服務 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=0c747a5e-6fd5-4ed1-9fee-2be212d2b0c7 Hamas-linked Hackers Targeting High-Ranking Israelis Using 'Catfish' Lures https://thehackernews.com/2022/04/hamas-linked-hackers-targeting-high.html Researchers Trace Widespread Espionage Attacks Back to Chinese 'Cicada' Hackers https://thehackernews.com/2022/04/researchers-trace-widespread-espionage.html Brokenwire Hack Could Let Remote Attackers Disrupt Charging for Electric Vehicles https://thehackernews.com/2022/04/brokenwire-hack-could-let-remote.html Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine https://thehackernews.com/2022/04/microsoft-obtains-court-order-to-take.html Hamas-linked Hackers Targeting High-Ranking Israelis Using 'Catfish' Lures https://thehackernews.com/2022/04/hamas-linked-hackers-targeting-high.html 短期駐點資訊安全人員 https://www.104.com.tw/job/7kdk6 網管工程師 https://www.104.com.tw/job/7lbf5 【集團】資安網管工程師 https://www.104.com.tw/job/7kwc1?jobsource=jolist_d_relevance 網路管理資安工程師 https://www.518.com.tw/job-yMAjvv.html 中華資安國際行政助理 https://worknowapp.com/jobs/a9717268-4db0-4090-9263-6b7b5ef8de4e 資安工程師 https://www.518.com.tw/job-G7o0p6.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams https://thehackernews.com/2022/04/hackers-breach-mailchimp-email.html 防個資被盜律師：社安、信用卡號勿同時給他人 https://www.worldjournal.com/wj/story/121360/6212357 你儲值出錯！摩斯個資洩「消費隔日詐騙集團就有資料」　女慘遭騙30萬 https://news.tvbs.com.tw/life/1757656 誠品網路書店再爆個資外洩　民眾接一通電話後慘噴10多萬 https://www.appledaily.com.tw/property/20220404/HMU4XIER3FCZTBJABCPUQTVVCA/ Discord上包括無聊猿猴在內的多個NFT專案遭駭客入侵並廣播詐騙訊息 https://www.ithome.com.tw/news/150257 黃明志60億點擊YouTube帳號遭駭玻璃心等MV全消失 https://www.rti.org.tw/news/view/id/2129144 一頁式詐騙又來！謊稱蔡宏圖投資加密貨幣致富 https://www.ftvnews.com.tw/news/detail/2022405F04M1 資安專家6招防魚叉式釣魚攻擊 https://reurl.cc/yQ2Dol 驚！最新網購詐騙手法　你銀行存款會「一次被領光光」 https://www.setn.com/News.aspx?NewsID=1096539 遭投資群組拐走150萬她怒控165專線沒用害賣屋還債 https://reurl.cc/e6qG07 雀巢公司數據泄露凸顯與戰爭相關的駭客活動風險 https://reurl.cc/8WQ6rd E.研究報告/工具 Golang — 1 Minute guide to Useful Tips and Libraries in 2022 https://blog.canopas.com/1-min-guide-to-golang-development-best-practices-in-2022-b50d846fd6c Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022 https://thehackernews.com/2022/04/into-breach-breaking-down-3-saas-app.html Is API Security on Your Radar https://thehackernews.com/2022/04/is-api-security-on-your-radar.html MITRE ATT&CK第四輪評估計畫結果出爐 https://attackevals.mitre-engenuity.org/enterprise/participants/?adversaries=wizard-spider-sandworm 電磁紀錄怎麼刑事扣押 https://www.ettoday.net/news/20220407/2223595.htm 資料外洩警示! 剖析2022Q1的 3個 SaaS App攻擊事件 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9803 F.商業微軟推資安規格Office 365 Government Secret 政府處理數位文件更安全 https://m.333dushi.com/post/96935.html 傳歐盟反托拉斯主管機關盯上微軟雲端業務 https://www.ithome.com.tw/news/150265 OPSWAT 為關鍵基礎設施推出資安行動實驗室 https://www.docutek.com.tw/newsDetail.php?id=443 IBM 推出 z16 新一代大型主機系統，具備量子加密技術防止資安風險 https://technews.tw/2022/04/07/ibm-unveils-z16-next-generation-mainframe-system/ G.政府數發部將掛牌朝野立委盼成為數位科技領頭羊 https://www.cna.com.tw/news/aipl/202204030170.aspx 中共侵台手段盡出！蔡英文示警：加強防範「裡應外合」 https://www.setn.com/News.aspx?NewsID=1096117 羅智強發起徵「百萬TikTok粉絲」活動！劉仕傑示警：輕忽中共資訊戰 https://www.ftvnews.com.tw/news/detail/2022407W0190 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安程式語言Go以5招式防禦軟體供應鏈攻擊 https://www.ithome.com.tw/news/150235 椰棗、友嘉聯手強化工控資安防護 https://readers.ctee.com.tw/cm/20220407/a25ab1/1178126/share DLink DAP-1360 F1硬體版本<=v6.10中的“webupg”二進製文件裡，攻擊者在“name=deleteFile”參數為“name=deleteFile”的情況下，經過授權後，攻擊者可以使用“file”參數執行任意系統命令。 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-44127 D-Link 產品 DIR-820L 1.05B03 版本存在 RCE 弱點。該弱點藉由 /lan.asp 的名稱參數可能導致遠端執行任意程式碼。 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-26258 NETGEAR 產品設備 R8500 1.0.2.158 版本組件 (.cgi) 的 sysNewPasswd 和 sysConfirmPasswd 參數存在遠端執行程式碼弱點。該弱點允許攻擊者由 shell 元字符執行任意命令。 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-27945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-27946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-27947 Totolink 產品 T10 V2 韌體版本 V4.1.8cu.5207_B20210320 存在緩衝區溢出弱點。該弱點可能在 HTTP 請求過程中處理 http_request_parse 函數的主機資訊造成 Buffer Overflow 情況。 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-43636 ASUS RT-AC86U - Heap-based buffer overflow https://www.twcert.org.tw/tw/cp-132-5793-4f9d3-1.html I.教育訓練中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班：全面招生中 https://www.cs.nycu.edu.tw/announcements/detail/8778 2022「證券期貨資訊安全實務養成課程」即日起開始報名 https://www.sfi.org.tw/news/news-7/3589 網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works) https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html 【資安管理國際證照懶人包】學習心得、考試要點一次整理！2022 轉職夢幻工作看這篇 https://buzzorange.com/techorange/2021/12/30/isaca/ CISSP考試心得 – Benson https://reurl.cc/GbWvxd CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 110年新進人員「校園資訊安全講座」教材 https://cc.nccu.edu.tw/p/406-1001-740,r18.php 【訓練教材D】資訊安全技術教育訓練教材 https://iscb.nchu.edu.tw/2019/07/d.html 109資通安全管理法數位教育訓練 https://reurl.cc/ARlmqp 110-1初級資訊安全工程師-資訊安全管理概論 https://yamol.tw/exam.php?id=104050 中大信息工程學系栽培資訊科技領導人才 https://reurl.cc/ARZKDK 伊雲谷、中山大學產學合作累積雲端資安人才能量 https://ctee.com.tw/industrynews/technology/587459.html SANS Cyber Aces Online Tutorials https://tutorials.cyberaces.org/tutorials.html Free Online Cybersecurity Courses (MOOCs) https://www.cyberdegrees.org/resources/free-online-courses/ Develop Your Cybersecurity Skills https://www.cybrary.it/catalog/cybersecurity/ Mobile App Security https://www.cybrary.it/course/mobile-app-security/ Introduction to Cybersecurity https://reurl.cc/bnaj6d How to Tackle SaaS Security Misconfigurations https://thehackernews.com/2021/11/how-to-tackle-saas-security.html How to Build a Security Awareness Training Program that Yields Measurable Results https://thehackernews.com/2021/11/how-to-build-security-awareness.html Common Attacks https://choson.lifenet.com.tw/?p=1174 6.近期資安活動及研討會 Just a chat - with no Expectations 2022/4/9 https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/284734457/ Coffee & Code 2022/4/10 https://www.meetup.com/Innovate-Taiwan/events/284921441/ 2022 數位轉型論壇(二) 無懼威脅的天堂--後疫情時代的資訊安全 2022/4/12 https://www.cisanet.org.tw/Services/MemberActivityServiceDetail/685 從Python到TensorFlow線上讀書會-Python基礎導讀(4) -第四章用 if 來選擇 2022/4/12 https://www.meetup.com/TensorFlow-User-Group-Taipei/events/284265342/ SyntaxError 2022/4/13 https://www.meetup.com/pythonhug/events/284820898/ 中部場-公部門如何揪出潛伏資安威脅研討會（限政府機關報名）2022/4/13 https://www.cisanet.org.tw/Course/Detail/2783 只要有心，人人都能成為雲端人才！AWSome Day線上雲端培訓日 2022/4/14 https://lihi1.com/FE09M AIAA講座【台北場】：資安思維 X 政府應用AI案例 X 數位轉型 2022/4/16 https://www.accupass.com/event/2203031213512786993470 SP-ISAC【資安專題講座】網站安全面面觀 2022/04/19 https://reurl.cc/6EWjRM 網站應用程式安全 2022/04/19 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19881 SDN x Cloud Native Meetup #47 2022/4/19 https://www.meetup.com/CloudNative-Taiwan/events/284821277/ Quarterly Professional Networking Event 2022/4/21 https://www.meetup.com/taiwan-digital-drinks/events/284733775/ 2022 美台金融資安論壇數位轉型下的資安再造 2022/04/21 ~ 2022/04/22 https://event.netmag.tw/202204ait/ 南部場-公部門如何揪出潛伏資安威脅研討會（限政府機關報名） 2022/4/21 https://www.cisanet.org.tw/Course/Detail/2784 Python 數據分析一日工作坊 - 電商、Airbnb分析實戰 2022/4/23 https://www.meetup.com/PyLadiesTW/events/284972118/ 區塊鏈與智慧資安女力論壇 2022/4/24 https://isipevent.kktix.cc/events/e58d0573 SEMI E187設備資安標準導入與實務研討會 2022/4/29 https://www.semi.org/zh/cybersecurity-standards-seminar 「資安鑑識課程-系列Ⅰ初級課程：資安科技基礎養成：滑鼠鍵盤敲起來【從密碼到資安】」線上研習 2022/4/29 https://docs.google.com/forms/d/1yS8JontNqGinMYUOaYj9aQ-Ov92yda7eFldgjotOAUs K12的科技教育-除了程式還可以教什麼 2022/5/9 https://www.meetup.com/rladies-taipei/events/284421238/ 元智資工高中生短期資訊課程-微插電資安體驗工作坊 2022/5/14 https://cse-yzu.kktix.cc/events/yzcs7 資安政策法規標準 2022/5/25 ~ 2022/5/26 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X19873 駭客奪旗攻防演練：金融資安人才養成專班(第1期) 2022/04/28~2022/06/09 https://www.tabf.org.tw/CourseDetail.aspx?PID=487750 國家高速網路與計算中心教育訓練「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=homepage 風險導向資安稽核 2022/7/20 https://www.cisanet.org.tw/Course/Detail/2756