資安事件新聞週報 2022/9/5 ~ 2022/9/8

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/9/5 ~ 2022/9/8 1.重大弱點漏洞/後門/Exploit/Zero Day Chrome剪貼薄功能存在漏洞，恐被用於竊密 https://www.ithome.com.tw/news/152831 Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html Zyxel修補NAS設備的重大RCE漏洞 https://www.bleepingcomputer.com/news/security/zyxel-releases-new-nas-firmware-to-fix-critical-rce-vulnerability/ 思科路由器存在身分驗證旁路漏洞，但該廠商表示已超出支援期限而不予修補 https://www.bleepingcomputer.com/news/security/cisco-won-t-fix-authentication-bypass-zero-day-in-eol-routers/ NPM套件csurf存在跨站偽造請求漏洞 https://fortbridge.co.uk/research/a-csrf-vulnerability-in-the-popular-csurf-package/ 研究人員揭露WatchGuard防火牆數個漏洞 https://www.ambionics.io/blog/hacking-watchguard-firewalls HP修補個人電腦技術支援軟體的DLL挾持漏洞 https://www.bleepingcomputer.com/news/security/hp-fixes-severe-bug-in-pre-installed-support-assistant-tool/ Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass https://www.exploit-db.com/exploits/51006 PAN-OS 10.0 - Remote Code Execution (RCE) (Authenticated) https://www.exploit-db.com/exploits/51005 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安 Authorities Shut Down WT1SHOP Site for Selling Stolen Credentials and Credit Cards https://thehackernews.com/2022/09/authorities-shut-down-wt1shop-site-for.html Financial Freedom For Lazy People: 10 Simple Steps https://medium.com/@eitan_levy101/financial-freedom-for-lazy-people-10-simple-steps-5aa2e4df1146 2022 DATE SUMMIT 引領數位金融、Web3、元宇宙、電商4大夯議題 https://www.storm.mg/localarticle/4509254 保險局開出11張罰單、共810萬元因這些事踩金管會紅線 https://wantrich.chinatimes.com/news/20220908900506-420101 金融業年賺近兆元還不夠　5款台灣人最愛行動支付強拉業績 https://finance.ettoday.net/news/2331743 3.電子支付/行動支付/pay/資安新玩家強攻！全支付搶先推出電支買基金，如何讓用戶「買菜兼投資」 https://www.bnext.com.tw/article/71612/pxpayplus-fundswap 電子支付買基金試辦首例全支付與好好證券合作 https://udn.com/news/story/7239/6593241 全支付飆速衝會員數　改寫最快破百萬紀錄 https://www.cardu.com.tw/news/detail.php?47033 一探電子錢包迅速發展的東南亞 https://vocus.cc/article/6318691efd89780001c0eee4 電子支付使用率已近7成金管會鬆綁店家身分確認機制 https://news.cnyes.com/news/id/4945062 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Earn Passive Income with Binance https://wire.insiderfinance.io/earn-passive-income-with-the-binance-ccf4f527c0fc NFT Utility Classification — current and prospective trends https://medium.com/blockchain-biz/nft-utility-classification-current-and-prospective-trends-3fe0b0c5b43a 雪崩 Nereus Finance 遭閃電貸攻擊，駭客零成本洗出 37 萬枚 USDC https://www.surviews.com/post/4725.html ETHW：拒絕將合約凍結代碼合併到主代碼庫，不會以任何方式限制ETHW合約池 https://news.cnyes.com/news/id/4948432 驚！美國知名喜劇演員119顆以太幣被盜損失568萬元 https://news.ltn.com.tw/news/world/breakingnews/4049139 FBI 警告散戶進行 DeFi 投資前應充分了解風險 https://unwire.pro/2022/09/05/fbi-defi/blockchain/ 阿根廷公司Action Point開發白標解決方案，為傳統ATM機提供加密貨幣服務 https://news.cnyes.com/news/id/4946334 安全團隊：MonoX攻擊者將約1300枚ETH轉入TornadoCash https://news.cnyes.com/news/id/4946645 9月29日起，幣安將自動把USDC等穩定幣轉成BUSD https://times.hinet.net/news/24121773 Acala公布 aUSD 駭客事件完整報告｜281個地址涉案，剩餘 5200 萬枚未銷毀 https://www.agoscan.com/post/3189.html 七成失竊加密資產流入！美國出重手禁止　「龍捲風現金」怎麼洗錢 https://www.cw.com.tw/article/5122685 「比特幣挖礦有助解決能源危機」Arcane 報告：可平衡再生電網、回收廢熱當暖氣 https://www.blocktempo.com/btc-mining-could-solve-energy-crysis-of-the-wolrd/ 用 Web 3.0 防駭客？元宇宙基礎的 Web3 還有甚麼創新應用 https://www.inside.com.tw/article/28842-web3-opportunities 范一飛：實現數字人民幣體系與傳統電子支付工具互聯互通 https://news.cnyes.com/news/id/4948797 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 殭屍網路MooBot鎖定D-Link路由器而來 https://unit42.paloaltonetworks.com/moobot-d-link-devices/ 美國洛杉磯學區LAUSD遭勒索軟體攻擊 https://achieve.lausd.net/site/default.aspx?PageType=3&DomainID=4&ModuleInstanceID=4466&ViewID=6446EE88-D30C-497E-9316-3F8874B3E108&RenderLoc=0&FlexDataID=122768&PageID=1 駭客偏好以電玩遊戲Minecraft、Roblox埋藏惡意軟體 https://securelist.com/gaming-related-cyberthreats-2021-2022/107346/ 跨國飯店集團IHG傳出遭勒索軟體LockBit攻擊 https://www.bleepingcomputer.com/news/security/intercontinental-hotels-group-cyberattack-disrupts-booking-systems/ 勒索軟體DeadBolt再度攻擊威聯通NAS，原因是相片管理套件漏洞的遭到利用 https://www.qnap.com/zh-tw/security-news/2022/%E8%AB%8B%E7%AB%8B%E5%8D%B3%E6%9B%B4%E6%96%B0-photo-station-%E8%87%B3%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC 木馬程式CodeRAT鎖定使用特定語系的開發者，軟體與攻擊者之間透過即時通訊軟體的API傳遞命令 https://www.safebreach.com/resources/blog/remote-access-trojan-coderat/ 法國服裝業者Damart遭勒索軟體Hive攻擊 https://www.bleepingcomputer.com/news/security/damart-clothing-store-hit-by-hive-ransomware-2-million-demanded/ 美式足球隊2月遭勒索軟體BlackByte攻擊調查結果出爐，逾2萬人個資外洩 https://www.bleepingcomputer.com/news/security/san-francisco-49ers-blackbyte-ransomware-gang-stole-info-of-20k-people/ 鎖定Linux作業系統的惡意軟體攻擊呈現顯著增加的情況 https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/defending-the-expanding-attack-surface-trend-micro-2022-midyear-cybersecurity-report 勒索軟體BianLian透過Exchange伺服器、SonicWall的VPN入侵受害組織 https://redacted.com/blog/bianlian-ransomware-gang-gives-it-a-go/ 智利證實政府機關遭勒索軟體攻擊，部分服務被迫中斷 https://www.csirt.gob.cl/noticias/alerta-de-seguridad-cibernetica-incidente-en-servicio-publico/ 蒙特內哥羅遭勒索軟體攻擊攻擊，美國出手協助 https://www.ithome.com.tw/news/152864 Linux惡意軟體Shikitega以多階段部署的方式來規避偵測 https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linux 北韓駭客Lazarus利用MagicRAT木馬發動攻擊 https://blog.talosintelligence.com/2022/09/lazarus-magicrat.html 出現新的勒索軟體Play針對拉丁美洲而來，濫用AdFind刺探受害組織AD環境 https://www.trendmicro.com/en_us/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html 駭客偏好以電玩遊戲Minecraft、Roblox埋藏惡意軟體 https://securelist.com/gaming-related-cyberthreats-2021-2022/107346/ 2022年8月勒索病毒態勢分析 https://cert.360.cn/report/detail?id=df153a66d2d46f82eb2cfd8ab3a8ab68 俄國最大叫車軟體遭駭，造成鬧區交通大亂 https://www.ithome.com.tw/news/152880 APT42: Crooked Charms, Cons and Compromises https://www.mandiant.com/resources/reports/apt42-spear-phishing-and-surveillance Mirai Variant MooBot Targeting D-Link Devices https://unit42.paloaltonetworks.com/moobot-d-link-devices/ #StopRansomware: Vice Society https://www.cisa.gov/uscert/ncas/alerts/aa22-249a Raspberry Robin and Dridex: Two Birds of a Feather https://securityintelligence.com/posts/raspberry-robin-worm-dridex-malware/ EvilProxy Phishing-as-a-Service with MFA Bypass Emerged in Dark Web https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web Worok: The big picture https://www.welivesecurity.com/2022/09/06/worok-big-picture/ SafeBreach Uncovers New Remote Access Trojan (RAT) https://www.safebreach.com/resources/blog/remote-access-trojan-coderat New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices https://thehackernews.com/2022/09/new-stealthy-shikitega-malware.html North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns https://thehackernews.com/2022/09/north-korean-hackers-spotted-using-new.html Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities https://thehackernews.com/2022/09/mirai-variant-moobot-botnet-exploiting.html TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks https://thehackernews.com/2022/09/ta505-hackers-using-teslagun-panel-to.html Researchers Find New Android Spyware Campaign Targeting Uyghur Community https://thehackernews.com/2022/09/researchers-find-new-android-spyware.html QNAP Warns of New DeadBolt Ransomware Attacks Exploiting Photo Station Flaw https://thehackernews.com/2022/09/qnap-warns-of-new-deadbolt-ransomware.html Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus https://thehackernews.com/2022/09/ransomware-attackers-abuse-genshin.html Fake Antivirus and Cleaner Apps Caught Installing SharkBot Android Banking Trojan https://thehackernews.com/2022/09/fake-antivirus-and-cleaner-apps-caught.html Prynt Stealer Contains a Backdoor to Steal Victims' Data Stolen by Other Cybercriminals https://thehackernews.com/2022/09/prynt-stealer-contains-backdoor-to.html Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group https://thehackernews.com/2022/09/microsoft-warns-of-ransomware-attacks.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊全球下載逾百萬次！讓手機狂跳全版廣告的惡意App被資安業者揪出 https://3c.ltn.com.tw/news/50816 Google Pixel 7系列手機、Pixel Watch手錶10月初發表 https://www.sogi.com.tw/articles/google_pixel_7_pro/6258552 手機越來越快沒電？常當機可以重開機嗎？iPhone的4大疑難雜症告訴你怎麼解 https://lohas.edh.tw/article/30769 首款支援衛星SOS緊急服務的iPhone 14問世 https://www.ithome.com.tw/news/152946 iOS 16、watchOS 9將在9/12釋出 https://www.ithome.com.tw/news/152942 歐盟計畫規範手機維修與系統安全更新，至少要維持 5 年之久 https://www.kocpc.com.tw/archives/457907 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力資安長聯誼會成立強化資安防護 https://reurl.cc/vWKkdj 中華軟協「資安長聯誼會」打造產業攜手資安聯防，厚植企業資安軟實力 https://times.hinet.net/news/24125963 不用對岸3C產品就沒資安問題嗎 https://www.kmdn.gov.tw/1117/1271/1276/546733 網路遊戲Neopets遭駭調查結果出爐，攻擊者入侵IT系統時間長達一年半 https://www.neopets.com/account/breachnotice20220829.phtml 簡訊驗證碼都在網購平台買得到認證機制形同虛設 https://www.cool3c.com/article/182101 烏克蘭出新招！以「正妹」假帳號誘使受騙上鉤他坦言：俄軍只想色色 https://reurl.cc/NRNG35 騙砲救國！烏克蘭組織「駭你媽」色誘襲敵創辦人：俄軍只想做愛 https://newtalk.tw/news/view/2022-09-06/813020 烏克蘭假正妹出招俄軍慘被餵炸彈大餐 https://www.chinatimes.com/realtimenews/20220906001504-260417?chdtv 駭客組織Worok鎖定亞洲、非洲知名企業發動攻擊 https://www.welivesecurity.com/2022/09/06/worok-big-picture/ 日本多個政府網站疑遭親俄駭客網攻官房長官：暫無信息外洩 https://news.ltn.com.tw/news/world/breakingnews/4051337 日本政府網站傳出遭俄羅斯駭客組織Killnet攻擊而癱瘓 https://english.kyodonews.net/news/2022/09/b0209467f263-japan-govt-website-hit-by-cyberattack-pro-russia-group-claims-role.html 駭客大膽宣布"兇手是我"! 親俄駭客對日本宣戰! 23個日政府網站連遭癱瘓不滿俄羅斯遭制裁 https://www.youtube.com/watch?v=rNSmkqxiHjg 遭指控出動「網軍」竊取政府機密　伊朗莫名被斷交 https://news.tvbs.com.tw/world/1900558 阿爾巴尼亞遭到伊朗網路攻擊，宣布與伊朗斷交 https://www.kryeministria.al/en/newsroom/videomesazh-i-kryeministrit-edi-rama/ 阿爾巴尼亞控伊朗網攻宣布斷交要外交官限時離境 https://money.udn.com/money/story/5599/6596543 阿爾巴尼亞宣布與伊朗斷交 https://times.hinet.net/news/24125823 阿爾巴尼亞控伊朗網攻宣布斷交限人員24小時離境專家曝 : 美國在後面撐腰 https://newtalk.tw/news/view/2022-09-08/813890 西北工業大學遭駭北京指控美國安局 https://reader.turnnewsapp.com/cn/20220906/B12AAA1/Q05fMjAyMjA5MDZfQUExXzU1/share 中國西北工業大學遭網路攻擊，北京：美國國家安全局幹的 https://www.storm.mg/article/4509518?page=1 中國指控美國網攻西北工業大學美國反指西北工業大學是竊密慣犯 https://reurl.cc/QbVW80 重點國防院校遭網攻竊密中國：兇手是美國 https://www.1111.com.tw/news/jobns/147556 中國指控美國國家安全局對當地大學發動大規模網路攻擊 https://www.securityweek.com/china-accuses-us-tens-thousands-cyberattacks 中共盜竊全球科技難獲各國信任 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1530761 訓練AI 中國河南食用油騙取人臉識別數據 https://www.rti.org.tw/news/view/id/2143650 這才是真正的網軍進攻！　駭客組織聯手IT部隊造成莫斯科大塞車 https://cars.tvbs.com.tw/car-news/75079 烏克蘭再度破獲俄羅斯設置的機器人農場 https://ssu.gov.ua/en/novyny/sbu-zablokuvala-shche-dvi-botofermy-yaki-rozghanialy-destruktyvnyi-kontent-v-ukraini 這辦公室什麼來頭? 美國安局TAO曝光專對他國進行大規模網路攻擊 https://newtalk.tw/news/view/2022-09-06/812855 North Korean Lazarus Hackers Targeting Energy Providers Around the World https://thehackernews.com/2022/09/north-korean-lazarus-hackers-targeting.html Chinese Hackers Target Government Officials in Europe, South America, and Middle East https://thehackernews.com/2022/09/hackers-repeatedly-targeting-financial.html 資安管理師 https://www.104.com.tw/job/7c0oh?jobsource=jolist_a_relevance DeFi 資安研究員 https://glints.com/vn/en/opportunities/jobs/defi-%E8%B3%87%E5%AE%89%E7%A0%94%E7%A9%B6%E5%93%A1/b22f5d53-16cf-4371-a6f6-8ae562852b7f 111年度法務部調查局(資安工作站)甄選公告 https://www.taisugar.com.tw/KOB/News_detail.aspx?n=11666&p=112&s=11186 資安管理師 (Information Security Officer)_資訊安全部 https://www.104.com.tw/job/72y3d?jobsource=jolist_a_relevance 資安經理 (金控龍頭) https://www.linkedin.com/jobs/view/3251357878/ D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security https://thehackernews.com/2022/09/new-evilproxy-phishing-service-allowing.html Samsung Admits Data Breach that Exposed Details of Some U.S. Customers https://thehackernews.com/2022/09/samsung-admits-data-breach-that-exposed.html JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users https://thehackernews.com/2022/09/juiceledger-hackers-behind-recent.html 頻頻遭駭？5招防止帳號被盜 https://www.secretchina.com/news/b5/2022/09/08/1015692.html 假冒衛福部通知補助女子誤信網銀遭駭險遭詐幸警及時協助攔阻 https://n.yam.com/Article/20220908441555 抖音、微信資料庫流入駭客論壇，曝露逾20億筆記錄 https://www.bleepingcomputer.com/news/security/tiktok-denies-security-breach-after-hackers-leak-user-data-source-code/ 網釣攻擊相關工具也能租用！有人提供網釣攻擊套件租用服務EvilProxy，當中的工具包能繞過知名服務的雙因素驗證 https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web 義大利再生能源業者GSE遭到BlackCat攻擊，外洩700 GB資料 https://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-attack-on-italian-energy-agency/ 上千個iOS、Android應用程式曝露系統服務者的AWS帳密 https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-supply-chain-aws 算準許多人想當網紅，駭客以藍勾勾驗證為誘餌，鎖定Instagram用戶發動網釣攻擊 https://www.vadesecure.com/en/blog/instagram-phishing-campaign-hackers-exploit-social-verification 俄羅斯串流影音平臺證實資料外洩，750萬用戶受到波及 https://www.bleepingcomputer.com/news/security/russian-streaming-platform-confirms-data-breach-affecting-75m-users/ Samsung 承認 7 月發生入侵事件導致客戶資料被盜 https://unwire.pro/2022/09/08/samsung-says-customer-data-stolen-in-july-data-breach/security/ 「守誓者」名單外洩含數百民選官軍人警察 https://reurl.cc/7pbRyy 登山用品業者The North Face遭帳號填充攻擊，波及20萬用戶 https://www.documentcloud.org/documents/22275912-consumer-notification-template-vans_northface_combined-2022?responsive=1&title=1 知名旅遊業者遭駭竊密調查局揪出跳槽員工涉案 https://www.cna.com.tw/news/asoc/202209080223.aspx 知名旅遊業者遭駭侵竊密調查局偵辦查獲離職跳槽員工涉案 https://www.mjib.gov.tw/news/Details/1/799 KKday員工涉竊密跳槽Klook 　檢調搜索3人交保 https://www.setn.com/News.aspx?NewsID=1174726 旅遊平台KKday商業機密遭竊檢調約談5人 https://news.cts.com.tw/cts/society/202209/202209082091492.html TikTok重大漏洞！微軟：15億安卓版用戶個資恐被看光 https://newtalk.tw/news/view/2022-09-06/812666 駭客聲稱獲取用戶數據！TikTok 官方否認遭入侵 https://technews.tw/2022/09/06/tiktok-denies-being-hacked/ 網傳簡訊「【健保署】您的健保卡已失效。如何更新？直接點擊網址進行升級健保卡」 https://tfc-taiwan.org.tw/articles/8121 烏克蘭駭客再度利用假帳號來騙個資 https://ptthito.com/military/m-1662439667-a-c9a/ 元大投顧副董胡睿涵屢遭冒名籲投資人認明臉書藍勾勾 https://udn.com/news/story/7239/6574053 E.研究報告/工具十大開源軟體安全測試工具 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10054 資安廠商發現利用時間相關性取得網域名稱的攻擊方法 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10053 3個安全開發框架幫助企業強化資安基礎，長期遵循更可以提升開發效率 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10048 改善軟體供應鏈的網路資安 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10063 資安廠商發現利用時間相關性取得網域名稱的攻擊方法 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10053 零信任架構當紅　身分管理已成企業資安最小單位 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat2=16&id=0000644153_GXM05V8A6N4HNA26NH5U1&cf=A21 「漏洞」到底是什麼？到底怎麼入侵？一起來看看吧 https://www.technice.com.tw/opinion/17472/ “第三方” —企業遭遇網絡攻擊的一大路徑 https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247504897&idx=3&sn=57ee2cd74fc30e4b4dc79f93b36cb3a5 360首次發布國家級黑客組織能力像限圖為國家打造數字空間“預警機” https://www.4hou.com/posts/AOoz VMware 系列產品之身份驗證繞過和JDBC 注入漏洞分析 https://paper.seebug.org/1962/ 簡單釣魚文件製作——Word郵件與CSV注入 https://www.secpulse.com/archives/187000.html 驗證碼識別插件對登錄頁面進行爆破 https://www.secpulse.com/archives/186973.html Integrating Live Patching in SecDevOps Workflows https://thehackernews.com/2022/09/integrating-live-patching-in-secdevops.html The Ultimate Security Blind Spot You Don't Know You Have https://thehackernews.com/2022/09/the-ultimate-security-blind-spot-you.html How to study Cyber Security on your own for free https://medium.com/@kashishcharaya/how-to-study-cyber-security-on-your-own-for-free-a4f894dad919 Getting better at bug bounty / hacking https://medium.com/@toxglot/getting-better-at-bug-bounty-hacking-984b7fc62082 Backend Basics: RESTful API (API, REST, Methods, JSON, Examples) https://medium.com/altogic/backend-basics-restful-api-api-rest-methods-json-examples-429744ba0831 10 Python Scripts for Automating Your Daily Problems https://python.plainenglish.io/10-python-scripts-for-automating-your-daily-problems-91df7fedebab How to upgrade/force upgrade React Native app https://appupgrade.medium.com/how-to-upgrade-force-upgrade-react-native-app-a989426c5b91 F.商業 4 Key Takeaways from "XDR is the Perfect Solution for SMEs" webinar https://thehackernews.com/2022/09/4-key-takeaways-from-xdr-is-perfect.html VMware推出一系列多雲網路與安全方案 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10051 Radware在台設立新雲端安全中心 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10046 微軟台灣總經理卞志祥以五大數位關鍵領航，賦能產業迎向後疫情時代 https://www.techbang.com/posts/99678-general-manager-of-microsoft-taiwan-sean-pien-shares-digital 聯強新客戶挹注 8月營收續創同期新高 https://www.cna.com.tw/news/afe/202209060343.aspx 關鍵基礎建設成戰爭標靶　Palo Alto Networks揭資安部署重點 https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&cat3=41&id=0000644042_JBX1NISJ3UWU0W3RK293C G.政府北市府報廢電腦、手機　曝資安漏洞 https://news.housefun.com.tw/news/article/206899348034.html 北市府資安曝漏洞議員：報廢公務電腦手機資料可復原 https://udn.com/news/story/7323/6595696?from=udn-ch1_breaknews-1-cate3-news 多元宇宙科是什麼？唐鳳用「攜碼」比喻 https://ec.ltn.com.tw/article/breakingnews/4052196 勞動部勞動力發展署中彰投分署111年度產業人才投資計畫「資安關鍵實務基礎班」，歡迎同仁報名參加 https://www.mcvs.tp.edu.tw/content?a=T0RESU9EWXhOakF3TnpBPXlFVE55WWpOeDRrVGludGVseQ==&c=T0RESU1qazNNVFl4TlRVPTNnak01SWpOeElrVGludGVseQ==&cat=T0RESU16Y3dOekU0TURnPTVjek01SWpOeFExUWludGVseQ== 釐清用人疑慮數發部長唐鳳：司署長都是常任文官 https://www.rti.org.tw/news/view/id/2143946 政院網攻演練因應中國網攻強化相關部會資安補漏 https://news.ltn.com.tw/news/politics/breakingnews/4049177 數位發展部掛牌，定位不明、約聘人才難續留？政策成效先打問號 https://www.businessweekly.com.tw/focus/blog/3010595 行政院科技會報移撥國科會資安處升格「資安署」 https://news.ltn.com.tw/news/politics/breakingnews/4049810 嘉縣消防局119報案線路故障民眾緊急事故改撥110 https://udn.com/news/amp/story/7326/6591307 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安關鍵基礎設施現代化急需資安轉型 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10052 充電站也可能是破口！趨勢科技VicOne攜台達電助電動車產業供應鏈合規 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10047 趨勢科技車用資安新公司VicOne攜手台達電子，為電動車充電基礎設施提供強大資安防禦 https://www.techbang.com/posts/99493-trend-micros-new-company-vicone-has-partnered-with-delta 電源OT系統成駭客新目標 https://www.netadmin.com.tw/netadmin/zh-tw/market/4FFB7D71F87840FB823DECEF020C833A 協助醫院數位轉型！研華攜手微軟全球首發「智慧病房」上雲 https://technews.tw/2022/09/06/itelemed/ 恩智浦推出新款安全元件未來智慧車鑰匙可分別用於不同車輛、當作行動錢包使用 https://www.cool3c.com/article/182180 Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) - Remote Code Execution https://www.exploit-db.com/exploits/50987 I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 我國網路資安狂被駭監委申請自動調查 https://www.chinatimes.com/realtimenews/20220810003152-260407?chdtv 6.近期資安活動及研討會 Capture the Flag 101 Workshop 2022/9/14 https://go.snyk.io/capture-the-flag-101-workshop.html Taipei dbt Meetup #6 (online 👨‍💻)2022/9/14 https://www.meetup.com/taipei-dbt-meetup/events/287873509/ Quarterly Professional Networking Event (Q3) 2022/9/15 https://www.meetup.com/taiwan-digital-drinks/events/287479309/ DevOpsDays Taipei 2022 2022/9/15 ~ 2022/9/16 https://devopsdays.tw/ 【ACAD安碁學苑】滲透測試實務課程 2022/9/16 ~ 2022/9/30 https://www.accupass.com/event/2208120632081721449360 線上資安專題講座-金融資安政策與人才培育 2022/9/17 https://isipevent.kktix.cc/events/e58d0573-copy-6 【SP-ISAC會員廠商限定】資安中階課程-手把手帶你玩網頁滲透－實體課程 2022/9/19 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4006&from_course_list_url=homepage 臺灣資安大會_ISIP校友活動 2022/9/20 https://isipevent.kktix.cc/events/52fe828d-copy-1 2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22 https://jamf.kktix.cc/events/cybersec2022jamf CISCO 資安講堂 2022/9/23 https://www.accupass.com/event/2208311218281666263594 2022玉山 · 安碁資訊資安論壇【企業營運制勝關鍵，資安治理創價佈局】 2022/9/27 https://www.accupass.com/event/2208180737041036993111 TWIGF 2022 網路韌性的挑戰與契機：地緣政治、WEB 3.0 與中介者治理 2022/9/27 https://www.twcert.org.tw/tw/cp-105-6487-f6953-1.html 關鍵基礎設施實作課程(含攻防演練實作) 2022/9/27 https://www.acw.org.tw/News/Detail.aspx?id=3229 網路韌性的挑戰與契機：地緣政治、WEB 3.0 與中介者治理 2022 TWIGF 年會 2022/9/27 ~ 2022/9/28 https://cs.ezmail.com.tw/news/read/id/bh6311606baa4e4 《歐立威科技 2022 研討會》|Elastic Security : 監測 x 告警，揪出潛在威脅 2022/9/29 https://www.accupass.com/event/2208310346161209105423 讀書會 Testing Swift (by Paul Hudson) 2022/9/30 https://www.meetup.com/taipei-swift-language-meetup-group/events/287393562/ OCF 培訓活動: 如何建立安全的網路架構 2022/10/1 https://ocftw.kktix.cc/events/ocftot2022 MOPCON 2022 2022/10/15 ~ 2022/10/16 https://mopcon.org/ 金融資安案例研習 2022/10/17 https://www.sitca.org.tw/OPF/B0000/PPT049_2022_01.asp Kubernetes Summit 2022 2022/10/18 ~ 2022/10/19 https://k8s.ithome.com.tw/ 資訊安全與人工智慧實作 2022/10/28 https://www.cisanet.org.tw/Course/Detail/2867 資訊安全發展趨勢| 數位社會與資訊安全 - 董監事系列認證課程 2022/11/5 https://www.accupass.com/event/2208120843261385349231 行動應用APP 安全檢測（APK/IPA）2022-11-18 09:00 ~ 2022-11-18 12:00 https://www.cisanet.org.tw/Course/Detail/2865 ICS 2022 WORKSHOP PROGRAM -「Ubiquitous Cybersecurity and Forensics」 2022/12/15 ~ 2022/12/17 https://ics2022.esam.io/ TANET 2022 WORKSHOP PROGRAM -「第二屆數位鑑識、醫療私密與網駭安全」 2022/12/15 ~ 2022/12/17 https://tanet2022.esam.io/