資安事件新聞週報 2022/6/6 ~ 2022/6/10

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/6/6 ~ 2022/6/10 1.重大弱點漏洞/後門/Exploit/Zero Day 已修補的SAP商用軟體漏洞遭到濫用 https://onapsis.com/blog/three-actively-exploited-sap-vulnerabilities-identified-onapsis-research-labs Even the Most Advanced Threats Rely on Unpatched Systems https://thehackernews.com/2022/06/even-most-advanced-threats-rely-on.html Windows又有新零時差漏洞DogWalk https://times.hinet.net/news/23959255 研究人員揭露另一個MSDT零時差漏洞DogWalk https://twitter.com/j00sean/status/1533889445027536899 繼 Follina 之後，又出現另一個微軟 MSDT 零時差漏洞「DogWalk」 https://technews.tw/2022/06/10/dogwalk-another-microsoft-ignored-msdt-vulnerability-like-follina-gets-unofficial-patch/ 有人利用微軟Office的MSHTML、MSDT重大漏洞，在烏克蘭散布Cobalt Strike https://cert.gov.ua/article/40559 MSDT零時差漏洞再度遭到利用，TA570用於散布惡意軟體QBot https://www.bleepingcomputer.com/news/security/qbot-malware-now-uses-windows-msdt-zero-day-in-phishing-attacks/ Researchers Warn of Unpatched "DogWalk" Microsoft Windows Vulnerability https://thehackernews.com/2022/06/researchers-warn-of-unpatched-dogwalk.html Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices https://thehackernews.com/2022/06/unpatched-critical-flaws-disclosed-in-u.html CISA Warned About Critical Vulnerabilities in Illumina's DNA Sequencing Devices https://thehackernews.com/2022/06/cisa-warned-about-critical.html Security bulletin: Security Bulletin: Apache Commons as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2021-35515, CVE-2021-35516, CVE-2021-36090, CVE-2021-35517) https://reurl.cc/8oOMN7 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安金融業是烏克蘭現代化的成敗關鍵 https://news.cnyes.com/news/id/4886569 強化資安彰銀加入F-ISAC會員 https://reurl.cc/8oOMMM 天天與駭客諜對諜，他靠「孫子兵法」守護銀行資產 https://money.udn.com/money/story/5613/6350661 純網銀出新招樂天銀行行動支付回饋2% https://www.epochtimes.com/b5/22/6/10/n13756739.htm 3.電子支付/行動支付/pay/資安 LINE Pay 服務新推「信用卡」平台，輕鬆比較 LINE Points、現金回饋 https://technews.tw/2022/06/07/add-credit-cards-to-line-pay/ LINE Pay新功能上線回饋超多網嗨翻 https://reurl.cc/b2y8Ky 網好奇「還有人沒用過行動支付的嗎？」回應超兩極 https://reurl.cc/Eral5v 交通違規線上申辦及行動支付安全省時方便 https://reurl.cc/QLOAKq 疫情刺激國人行動支付使用率逾75％ https://ec.ltn.com.tw/article/breakingnews/3950809 「現金v.s.數位支付」哪種最常用？超過千萬人有戶頭口碑第一名是它 https://reurl.cc/moN5KW 電子支付使用南北大不同便民優先！專家建議整合系統 https://reurl.cc/g2Ey5R 梅驊出任街口電子支付新任董事長 https://www.inside.com.tw/article/27855-jkos-new-chairman 第三方支付淪詐騙漏洞籲標註警語 https://reurl.cc/3oZEV9 國泰全球數位支付ETF 搶占Pay經濟 https://reurl.cc/VDqOVA 央行預告修正「電子支付機構管理條例」 https://reurl.cc/n1Rd81 第三方支付有漏洞一組OTP密碼竟盜刷8次 https://reurl.cc/vd8OZL 網購芒果遇詐騙女申請第三方支付遭盜刷19萬 https://reurl.cc/j1OZnZ 蘋果瘋先買後付／央行教戰BNPL　示警潛在風險 https://finance.ettoday.net/news/2267338 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約資安標普發布穩定幣監督報告：未來有望成為「加密貨幣」與「法定貨幣」價值穩定的重要工具 https://www.thenewslens.com/article/167842 The ultimate NFT guide https://medium.com/learn-bitcoin-blockchain/blockchain-project-report-6407b22bbfc3 Researchers Detail How Cyber Criminals Targeting Cryptocurrency Users https://thehackernews.com/2022/06/researchers-detail-how-cyber-criminals.html DeFi駭客識別協議Lossless Protocol上線Fantom https://news.cnyes.com/news/id/4888402 Optimism駭客通過鏈上消息表示將歸還1800萬枚OP https://news.cnyes.com/news/id/4889811 1年創下15億筆交易，成為以太坊最大勁敵！為何大家都用BSC轉帳？專家說給你聽 https://www.storm.mg/article/4370931 駭客利用 Osmosis 交易所漏洞竊取超 500 萬美元 https://www.btcc.com/zh-TW/coin-news/events/osmosis-exchange-hacked 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 駭客藉由各種假冒的破解軟體遞送惡意程式，以竊取機密資訊及加密貨幣 https://www.ithome.com.tw/news/151377 多個殭屍網路加入利用Atlassian Confluence漏洞的行列 https://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/ 勒索軟體Cuba採取雙重勒索策略，要求受害者3天內進行談判 https://www.trendmicro.com/en_us/research/22/f/cuba-ransomware-group-s-new-variant-found-using-optimized-infect.html 最怕碰上勒索病毒「賠了夫人又折兵」！該怎麼徹底防範 https://www.bnext.com.tw/article/69877/hacker-virus--jie-kao 駭客組織Black Basta發展Linux版勒索軟體，鎖定VMware ESXi而來 https://www.bleepingcomputer.com/news/security/linux-version-of-black-basta-ransomware-targets-vmware-esxi-servers/ TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt) https://isc.sans.edu/diary/rss/28728 Qbot 惡意軟體現正利用 Windows MSDT 0-day 漏洞發動釣魚攻擊 https://www.twcert.org.tw/tw/cp-104-6204-0bc04-1.html 攻擊者透過Office檔案屬性投放惡意軟體SVCReady，進一步在受害電腦部署竊密程式RedLine https://threatresearch.ext.hp.com/svcready-a-new-loader-reveals-itself/ 搜尋引擎搜出假冒網站廣告！ OBS Project 指下載軟件可能含有惡意軟件 https://www.pcmarket.com.hk/fake-obs-studio-website-ad-found-in-search-engine/ 近期LockBit 2.0危害全球加劇，全球1到4月超過300名受害者，近期臺廠也傳接連遇害 https://www.ithome.com.tw/tech/151368 殭屍網路病毒XLoader隱匿C2伺服器難以追蹤 https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can/ 勒索軟體WannaFriendMe要求受害者從線上遊戲Roblox市集購買解密金鑰 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ 義大利巴勒莫市營運中斷疑勒索軟體Vice Society所為 https://www.bleepingcomputer.com/news/security/vice-society-ransomware-claims-attack-on-italian-city-of-palermo/ 惡意軟體Symbiote濫用BPF元件隱匿攻擊意圖 https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat https://www.intezer.com/blog/research/new-linux-threat-symbiote/ Symbiote: A Stealthy Linux Malware Targeting Latin American Financial Sector https://thehackernews.com/2022/06/symbiote-stealthy-linux-malware.html Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years https://reurl.cc/VDqvyn Shining the Light on Black Basta https://research.nccgroup.com/2022/06/06/shining-the-light-on-black-basta/ MakeMoney malvertising campaign adds fake update template https://blog.malwarebytes.com/threat-intelligence/2022/06/makemoney-malvertising-campaign-adds-fake-update-template/ Gamaredon activity - Second Quarter 2022 https://twitter.com/500mk500/status/1534799900147339267 https://twitter.com/500mk500/status/1534804600246648832 Bumblebee Loader on The Rise https://blog.cyble.com/2022/06/07/bumblebee-loader-on-the-rise/ Attackers Exploit MSDT Follina Bug to Drop RAT, Infostealer https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/follina-msdt-exploit-malware Kinsing & Dark.IoT botnet among threats targeting CVE-2022-26134 https://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/ FakeCrack: Crypto stealing campaign spread via fake cracked software https://blog.avast.com/fakecrack-campaign CVE-2022-26134 Threat Brief: Atlassian Confluence RCE Vulnerability https://unit42.paloaltonetworks.com/cve-2022-26134-atlassian-code-execution-vulnerability/ Operation Tejas: A dying elephant curled up in the Kunlun Mountains https://mp.weixin.qq.com/s/8j_rHA7gdMxY1_X8alj8Zg From the Front Lines | Another Rebrand? Mindware and SFile Ransomware Technical Breakdown https://www.sentinelone.com/blog/from-the-front-lines-another-rebrand-mindware-and-sfile-ransomware-technical-breakdown/ Closing the Door: DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme https://www.trendmicro.com/en_us/research/22/f/closing-the-door-deadbolt-ransomware-locks-out-vendors-with-mult.html Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration https://thedfirreport.com/2022/06/06/will-the-real-msiexec-please-stand-up-exploit-leads-to-data-exfiltration/ Spam Email Containing a Very Large ISO file https://isc.sans.edu/diary/rss/28712 Outbreak of Follina in Australia https://decoded.avast.io/threatintel/outbreak-of-follina-in-australia/ Cyber attack on state organizations of Ukraine using the malicious program Cobalt Strike Beacon and exploits to vulnerabilities CVE-2021-40444 and CVE-2022-30190 https://cert.gov.ua/article/40559 殭屍網路Emotet企圖竊取Chrome用戶的信用卡資料 https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-credit-cards-from-google-chrome-users/ New Emotet Variant Stealing Users' Credit Card Information from Google Chrome https://thehackernews.com/2022/06/new-emotet-variant-stealing-users.html Evil Corp Cybercrime Group Shifts to LockBit Ransomware to Evade Sanctions https://thehackernews.com/2022/06/evil-corp-cybercrime-group-shifts-to.html Researchers Warn of Spam Campaign Targeting Victims with SVCReady Malware https://thehackernews.com/2022/06/researchers-warn-of-spam-campaign.html 10 Most Prolific Banking Trojans Targeting Hundreds of Financial Apps with Over a Billion Users https://thehackernews.com/2022/06/10-most-prolific-banking-trojans.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊疑網購年貨下載APP遭駭商人欲24次盜提3小時虧10萬 https://reurl.cc/9GQNvY 10 Things To Do Instead of Scrolling Through Your Smartphone https://medium.com/personal-growth-lab/10-things-to-do-instead-of-scrolling-through-your-smartphone-df9a17f1c7db Apple's New Feature Will Install Security Updates Automatically Without Full OS Update https://thehackernews.com/2022/06/apples-new-feature-will-install.html Apple 於 2021 年拒絕近 16 萬種可能有資安疑慮的 App 上架 https://www.twcert.org.tw/tw/cp-104-6196-065a5-1.html 手機資安合格？NCC抽測僅i12過初測 https://times.hinet.net/news/23957446 手機資安抽測15款全過關 NCC今年擬擴大規模 https://reurl.cc/VDqOnn NCC抽測15款手機資安　不只中國廠牌、4大暢銷品牌都靠「補考」過關 https://tw.appledaily.com/life/20220608/5Z2A3HMP7RE6ZM7XQJTRABVGO4/ 中國紫光展銳晶片存在重大漏洞，全球一成手機用戶曝險 https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/ 手機上網、內建App如何防範個資遭外洩？NCC 傳授「三不五要」撇步 https://3c.ltn.com.tw/news/49526 蘋果iOS 16偷學對手？外媒點名iPhone這些新功能安卓早就有 https://3c.ltn.com.tw/news/49541 HTC手機新品6月底發表將與VIVERSE元宇宙平台整合 https://www.sogi.com.tw/articles/htc_viverse_smartphone/6258022 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力調查：企業遭網攻中斷營運平均損失逾8千萬 https://ec.ltn.com.tw/article/breakingnews/3956404 網路環境危機四伏！全球 6 成企業自認資安存在盲點 https://buzzorange.com/techorange/2022/06/08/cyber-security-trend/ 趨勢科技：可視性與控管上的漏洞正在侵蝕企業資安 https://technews.tw/2022/06/08/security-2/ 新型態資安攻防戰開打，面對 APT 攻擊該如何主動防禦 https://buzzorange.com/techorange/2022/06/09/teamt5-cyber-security/ 數位攻擊難控管全球企業憂影響資安風險 https://turnnewsapp.com/livenews/tech/A07657002022060910104803 港媒《傳真社》宣布停止運作　上月才遭駭客入侵 https://www.ettoday.net/news/20220610/2270243.htm FBI、NSA警告：北京支持的駭客攻擊全球電信公司 https://reurl.cc/OAe3Mv 美國公布中國駭客攻擊電信業者與ISP所使用的連網設備漏洞 https://www.cisa.gov/uscert/ncas/alerts/aa22-158a 美國國務卿布林肯宣布成立的「國務院中國組」是什麼樣的團隊？能否有效應對中國挑戰 https://www.storm.mg/article/4373450?page=1 歐盟網路安全演練本月登場，聚焦醫療領域 https://www.ithome.com.tw/news/151346 烏軍活用民間無人機能量強化戰力 https://www.upmedia.mg/news_info.php?Type=2&SerialNo=146375 中國駭客組織Aoqin Dragon鎖定東南亞與澳洲而來 https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/ 【兩岸論壇】中共「帶路建設」助長組織犯罪 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1505246&type=forum Hacking Scenarios: How Hackers Choose Their Victims https://thehackernews.com/2022/06/hacking-scenarios-how-hackers-choose.html A Decade-Long Chinese Espionage Campaign Targets Southeast Asia and Australia https://thehackernews.com/2022/06/a-decade-long-chinese-espionage.html U.S. Agencies Warn About Chinese Hackers Targeting Telecoms and Network Service Providers https://thehackernews.com/2022/06/us-agencies-warn-about-chinese-hackers.html FBI Seizes 'SSNDOB' ID Theft Service for Selling Personal Info of 24 Million People https://thehackernews.com/2022/06/fbi-seizes-ssndob-id-theft-service-for.html 資安工程師(台南科工廠) https://www.104.com.tw/job/7kv9h?jobsource=m104 電動車系統資安工程師-E131 https://www.104.com.tw/job/7nryn 資安網管工程師/助理工程師 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=12752&HIRE_ID=11238121 網路資安工程師 https://www.104.com.tw/job/7nsfc 台灣資安人才現缺口！DEVCORE 擴大開啟資安人才培育計畫 https://www.techbang.com/posts/96818-devcore-expands-information-security-talent-cultivation-program 職場金飯碗/十大新興工作讓你未來20年職涯不被淘汰 https://money.udn.com/money/story/122329/6377766 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全機靈女森耍詐諞集團10分鐘　大嬸爆氣跳針吼：快關閉 https://www.setn.com/News.aspx?NewsID=1128376 遇投資詐騙報警又陷「局中局」4人見46萬飛了超崩潰 https://www.chinatimes.com/realtimenews/20220610002497-260402?chdtv 假冒電子錢包職員套資料　過百人受害失近$150萬　警拘10男女原文網址: 假冒電子錢包職員套資料　過百人受害失近$150萬　警拘10男女 | 香港01 https://www.hk01.com/sns/article/780222 https://reurl.cc/b2y8mo 又見求職詐騙！網假冒外送平台收會費盜個資 https://www.ftvnews.com.tw/video/detail/Let42lmX8sI 限12種犯罪才能調個資臉書有安全盲點 https://reurl.cc/vd8O81 看中遲遲未修復的微軟「Follina」漏洞，國家贊助駭客鎖定歐美政府機構發動釣魚攻擊 https://technews.tw/2022/06/09/state-backed-hackers-exploit-microsoft-follina-bug-to-target-entities-in-europe-and-u-s/ 網傳影片「總統先生你好！烏克蘭百姓對總統“澤連斯基”確有一番特別感情、為他著想、百姓勸降：你打不過他們的，投降吧，不要反抗了......！澤連斯基！我考慮下」 https://tfc-taiwan.org.tw/articles/7652 資安專家發現透過 Facebook Messenger 進行的大型釣魚攻擊活動 https://www.twcert.org.tw/tw/cp-104-6206-75457-1.html 老招數假親友真詐騙龜山行員警方合力阻詐 https://www.epochtimes.com/b5/22/6/9/n13755508.htm 詐騙被害人不限學經歷　中研院副院長、政務委員都上當 https://www.ctwant.com/article/187118 迪卡儂被駭客入侵 https://ptthito.com/gossiping/m-1654427949-a-e8d/ Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html E.研究報告/工具企業資安不容百密一疏！如何串連資料保護與資訊安全，杜絕駭客攻擊、啟動全面防護策略 https://buzzorange.com/techorange/2022/06/10/acronis/ $1000: How I could have Hack any account and become a billionaire overnight👑Top Crypto-Trading Platform https://infosecwriteups.com/1000-how-i-could-have-hack-any-account-and-become-a-billionaire-overnight-top-crypto-trading-ff0e25b6013c 5 Advanced JavaScript concepts that will make you a better developer https://levelup.gitconnected.com/5-advanced-javascript-concepts-that-will-make-you-a-better-developer-5d04292107a1 Software Architecture & System Design: I wish I had known about this earlier… https://medium.com/@olgamitroshyna/software-architecture-i-wish-i-had-known-about-this-earlier-4df43eae57db (Free) 6 Cyber Security Certification 2022. https://medium.com/technology-hits/free-cyber-security-certifications-2022-75f13432cbff Feature that are accepted for PHP 8.2 https://medium.com/@parvej.code/feature-that-are-accepted-for-php-8-2-f01722b5a658 Hibernate vs JPA vs Spring Data JPA https://blog.devgenius.io/hibernate-vs-jpa-vs-spring-data-jpa-ff4485aaa780 Multi-factor Authentication In-The-Wild bypass methods https://medium.com/proferosec-osm/multi-factor-authentication-in-the-wild-bypass-methods-689f53f0b62b What I learned from reading 126* Information Disclosure Writeups https://medium.com/@Sm9l/what-i-learnt-from-reading-126-information-disclosure-writeups-d896c5d5a2a4 DON’T sell your old laptops https://ethr.me/dont-sell-your-old-laptops-2589fc97277e Best DevOps tool in Demand 2022 https://blog.devgenius.io/best-devops-tool-in-demand-2022-6e902b64c434 Why Vim is better than VSCode https://sean-warman.medium.com/why-vim-is-better-than-vscode-d09e2355eb37 How I “HACKED” my college site https://a-rshukla.medium.com/how-i-hacked-my-college-site-5b759bbb04dc Researchers Disclose Critical Flaws in Industrial Access Control System from Carrier https://thehackernews.com/2022/06/researchers-disclose-critical-flaws-in.html Be Proactive! Shift Security Validation Left https://thehackernews.com/2022/06/be-proactive-shift-security-validation.html F.商業 Google保護軟體供應鏈、倡議零信任並改善安全性作業 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9890 Palo Alto Networks：零信任加 SASE助金融機構面對資安挑戰 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9887 Sophos最新行業調查報告《2022 年醫療保健行業勒索軟體現況》 2021 年勒索軟體對醫療機構的攻擊增加94% https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9892 Check Point Software推出反勒索軟體中心 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000636810_TCX7KJ9Z296G75L0WF729 是方兩路並進邁向東亞數位匯流中心 https://wantrich.chinatimes.com/news/20220608900054-420301 Fortinet 新產品 FortiNDR 以人工智慧偵測並回應威脅攻擊 https://ctee.com.tw/industrynews/automation/656491.html 攜手三竹資訊東聯化學引進CoLine南北跨區協作效率增 https://www.1111.com.tw/news/jobns/145967 以Trend Micro One全方位網路資安平台為中樞強化資安風險應變治理 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&cat=50&id=0000636934_LQYLV4A521OMB45TFJTV0 Hewlett Packard Enterprise為中華開發金控提供雲端轉型建議 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9902 思科打造Cisco Security Cloud開放的安全雲端平台 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9901 突破網路限制、保障線上安全 NordVPN 6大特點介紹 https://www.storm.mg/stylish/4370374 A10 Networks：零信任、雲端和遠距工作加速企業數位化 https://n.yam.com/Article/20220610561486 DOE與Dragos多重合作推出關鍵基礎設施資安集體防禦平台 https://iknow.stpi.narl.org.tw/Post/Read.aspx?PostID=19242 Mlytics推Origin Shield解決方案保障客戶雲端資產 https://turnnewsapp.com/livenews/finance/@@www.chinatimes.com--realtimenews--20220605000947-260410 G.政府金管會通過修正草案，上市櫃企業設立資安長成為當務之急 https://news.sina.com.tw/article/20220610/42004328.html 新北被爆「演給恩恩爸看」資安專家痛批：離譜劇本！ https://news.ltn.com.tw/news/society/breakingnews/3953132 換發身分證拒載父母姓名獲部分勝訴內政部：將提上訴 https://www.youtube.com/watch?v=MNcc3RA6rOY 台灣身分證「雙親+配偶欄」　外國人：揭露過多資訊 https://www.setn.com/News.aspx?NewsID=1128578 國海院與內政部地政司攜手合作加速完備我國海域基礎調查 https://times.hinet.net/news/23960371 宣戰選舉假訊息調查局資安站首派秘書、17人異動 https://news.ltn.com.tw/news/society/breakingnews/3956343 疾管署出包！全台竟「22815人」染疫亡莊人祥急回 https://reurl.cc/55EWy7 前幕僚揭11組IP疑北市養網軍資訊局：北市僅用4組 https://www.cna.com.tw/news/aloc/202206050135.aspx 柯文哲前幕僚指北市府11組IP疑養網軍　資訊局：錯誤訊息 https://www.ftvnews.com.tw/news/detail/2022605W0156 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 TXOne Networks 發表全新EdgeIPS Pro 216 聚焦中小型製造業 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9885 戴爾科技集團擴展多雲體驗，橫跨Cyber Recovery、數據分析及合作夥伴生態系 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9893 VMware 協助全球雲端服務廠商滿足客戶的主權雲服務需求 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9895 New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing https://thehackernews.com/2022/06/new-privacy-framework-for-iot-devices.html 宇瞻、華碩雲端合推工控資安方案封裝廠測試過關 http://www.ksnews.com.tw/index.php/news/contents_page/0001614817 新工作型態興旺資安產業 ——兼論工業電腦廠廣積 https://www.businesstoday.com.tw/article/category/183025/post/202206080043/ 華碩建構OT資安工控鞏固智慧製造防護網 https://stock.pchome.com.tw/news/cat8/20220607/65460613034607224003.html 物聯網所面臨的資安威脅 https://blog.twnic.tw/2022/06/10/23311/ I.教育訓練物聯網時代的15堂資安基礎必修課 (Practical Iot Hacking: The Definitive Guide to Attacking the Internet of Things) https://www.tenlong.com.tw/products/9786263241756?list_name=p-r-zh_tw 中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班：全面招生中 https://www.cs.nycu.edu.tw/announcements/detail/8778 2022「證券期貨資訊安全實務養成課程」即日起開始報名 https://www.sfi.org.tw/news/news-7/3589 網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works) https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html 【資安管理國際證照懶人包】學習心得、考試要點一次整理！2022 轉職夢幻工作看這篇 https://buzzorange.com/techorange/2021/12/30/isaca/ CISSP考試心得 – Benson https://reurl.cc/GbWvxd CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 110年新進人員「校園資訊安全講座」教材 https://cc.nccu.edu.tw/p/406-1001-740,r18.php 【訓練教材D】資訊安全技術教育訓練教材 https://iscb.nchu.edu.tw/2019/07/d.html 109資通安全管理法數位教育訓練 https://reurl.cc/ARlmqp 110-1初級資訊安全工程師-資訊安全管理概論 https://yamol.tw/exam.php?id=104050 中大信息工程學系栽培資訊科技領導人才 https://reurl.cc/ARZKDK 伊雲谷、中山大學產學合作累積雲端資安人才能量 https://ctee.com.tw/industrynews/technology/587459.html SANS Cyber Aces Online Tutorials https://tutorials.cyberaces.org/tutorials.html Free Online Cybersecurity Courses (MOOCs) https://www.cyberdegrees.org/resources/free-online-courses/ Develop Your Cybersecurity Skills https://www.cybrary.it/catalog/cybersecurity/ Mobile App Security https://www.cybrary.it/course/mobile-app-security/ Introduction to Cybersecurity https://reurl.cc/bnaj6d How to Tackle SaaS Security Misconfigurations https://thehackernews.com/2021/11/how-to-tackle-saas-security.html How to Build a Security Awareness Training Program that Yields Measurable Results https://thehackernews.com/2021/11/how-to-build-security-awareness.html Common Attacks https://choson.lifenet.com.tw/?p=1174 資安學習路上-滲透測試實務4 https://www.potatomedia.co/post/4191e744-64f3-4d33-af69-e3591adc2ed0 6.近期資安活動及研討會醫療資安女力論壇 2022/6/11 https://isipevent.kktix.cc/events/e58d0573-copy-1 科技力x內容力 5G Craft 菁英挑戰賽號召各路英雄 2022/6/15 https://tomorrowsci.com/technology/20225g0526/ 經濟部工業局沙崙資安服務基地 - 智慧製造的痛-駭客攻擊與勒索軟體威脅 2022/6/16 https://www.cisanet.org.tw/Course/Detail/2836 【滲透與入侵 - 供應鏈資安威脅】資安跨域交流活動 2022/6/20 https://www.tca.org.tw/exhibit_info1.php?n=1716 經濟部工業局沙崙資安服務基地 - 日誌大數據分析實戰 2022/6/23 https://bit.ly/3sJWjmp 資訊安全管理(週日班) 2022/7/3 ~ 2022/8/28 https://mymcu.mcu.edu.tw/zh-hant/product/e022205151 創科資訊②⓪②②軟體開發實戰訓練營➠線上實習說明會 2022/7/6 https://trunk-studio.kktix.cc/events/monosparta-code-camp-2022-9 風險導向資安稽核 2022/7/20 https://www.cisanet.org.tw/Course/Detail/2756 HITCON PEACE 2022 台灣駭客年會 2022/8/19 ~ 2022/8/20 https://hitcon.kktix.cc/events/hitcon-peace-2022 2022 CYBERSEC 資安大會 Jamf 攤位講座 2022/9/20 ~ 2022/9/22 https://jamf.kktix.cc/events/cybersec2022jamf