###### tags: `資安事件新聞週報` # 資安事件新聞週報 2021/8/9 ~ 2021/8/13 1.重大弱點漏洞/後門/Exploit/Zero Day Pulse Secure VPNs Get New Urgent Update for Poorly Patched Critical Flaw https://thehackernews.com/2021/08/pulse-secure-vpns-get-new-urgent-update.html Ivanti 發布 Pulse Connect Secure 安全更新 https://us-cert.cisa.gov/ncas/current-activity/2021/08/06/ivanti-releases-security-update-pulse-connect-secure https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858 IBM AIX 7.1、7.2 和 VIOS 3.1 版本存在權限驗證弱點 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-29741 近兩年駭客最常利用之29個漏洞資訊與修補方式 https://net.nthu.edu.tw/2009/mailing:announcement:20210811_02 滲透測試工具Cobalt Strike存在DoS漏洞，可以用來遏阻攻擊行動 https://www.ithome.com.tw/news/146069 VMware 發布修補多個產品的安全性弱點 https://us-cert.cisa.gov/ncas/current-activity/2021/08/05/vmware-releases-security-updates-multiple-products https://www.vmware.com/security/advisories/VMSA-2021-0016.html 安全廠商釋出PetitPotam漏洞非官方修補程式 https://www.ithome.com.tw/news/146090 Cisco RV340、RV340W、RV345及RV345P Dual WAN Gigabit VPN路由器存在安全漏洞(CVE-2021-1609與1610) https://net.nthu.edu.tw/2009/mailing:announcement:20210810_02 Cisco 近日發布更新以解決多個產品的安全性弱點 https://us-cert.cisa.gov/ncas/current-activity/2021/08/05/cisco-releases-security-updates https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4 快確認品項！風險極高、37 款 Wi-Fi 分享器爆資安漏洞 https://3c.ltn.com.tw/news/45482 國內網通設備大廠修補無線路由器產品的RCE漏洞 https://www.twcert.org.tw/tw/cp-104-4993-5e1f4-1.html 多廠牌路由器登入驗證跳過漏洞，現已遭大規模用於攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9392 台灣資安專家發表 MS Exchange Server ProxyShell 漏洞報告後，有駭侵者開始攻擊 https://reurl.cc/2rq93m 微軟Windows作業系統存在多個安全漏洞，請儘速確認並進行更新 https://net.nthu.edu.tw/2009/mailing:announcement:20210812_02 微軟Microsoft Exchange Server存在安全漏洞(CVE-2021-31207、34473及34523) https://net.nthu.edu.tw/2009/mailing:announcement:20210811_01 微軟8月Patch Tuesday修補3個零時差漏洞， 包含一新的Print Spooler漏洞 https://www.ithome.com.tw/news/146135 Microsoft Warns of Another Unpatched Windows Print Spooler RCE Vulnerability https://thehackernews.com/2021/08/microsoft-security-bulletin-warns-of.html Microsoft Releases Windows Updates to Patch Actively Exploited Vulnerability https://thehackernews.com/2021/08/microsoft-releases-windows-updates-to.html Intel 已發布安全更新以解決多個產品的弱點 https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/intel-releases-multiple-security-updates https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00479.html Citrix 發布共享文件存儲區域控制器的安全更新 https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/citrix-releases-security-update-sharefile-storage-zones-controller https://support.citrix.com/article/CTX322787 Magento Update Released to Fix Critical Flaws Affecting E-Commerce Sites https://thehackernews.com/2021/08/magento-update-released-fix-critical.html Adobe 已發布安全更新，以解決多個 Adobe 產品中的弱點 https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/adobe-releases-security-updates-multiple-products https://helpx.adobe.com/security/products/connect/apsb21-66.html https://helpx.adobe.com/security/products/magento/apsb21-64.html Huawei 智慧型手機存在輸入驗證弱點 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-22444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-22387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-22388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-22389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-22390 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-22438 果子云數位科技 飛果出勤打卡系統 - Use of Incorrectly-Resolved Name or Reference-2 https://www.twcert.org.tw/tw/cp-132-4990-0c75d-1.html 2.銀行/金融/保險/證券/支付系統/ 新聞及資安 百萬信用卡資料於駭客論壇流竄，原因是為了宣傳黑市，臺灣有345張卡片受影響 https://www.ithome.com.tw/news/146163 ATM插側錄器／專家︰成功機率極低 https://news.ltn.com.tw/news/society/paper/1466117 提款機插側錄器疑竊帳密 基隆警鎖定2外籍男涉案 https://www.cna.com.tw/news/firstnews/202108110104.aspx 強化金融風險控管 跨境產學合作當道 https://turnnewsapp.com/livenews/life/A83205002021081211273239 疫情加劇網路攻擊，綠界科技稱已啟動聯防機制，顧客權益不受影響 https://reurl.cc/W39mW5 中國信託創股利通知e化 拚3年內8成客戶採用 https://news.cnyes.com/news/id/4698893 金融資安行動方案 https://reurl.cc/ze9aQ7 網家投資易安網 進軍數位保險 https://wantrich.chinatimes.com/news/20210813S436278 PChome投資保險公司，一鍵購買疫苗險！如何在「勿擾模式」下切中用戶要害 https://www.bnext.com.tw/article/64462/pchome-financial-ecosystem 持股佔七成！PChome 策略投資保險科技新創「易安網」，結合 Pi 錢包、電商拓支付生態 https://www.inside.com.tw/article/24487-pchome-and-pi-and-einsure 金融業大徵才 科技人最吃香 https://www.chinatimes.com/newspapers/20210808001151-260202?chdtv 3.電子支付/行動支付/pay/資安 蝦皮申請電子支付 經民連警告：資安疑慮應駁回 https://reurl.cc/eEY2Q7 蝦皮搶攻電子支付 民團憂中資影響台灣 https://www.ntdtv.com/b5/2021/08/09/a103186187.html 中共擬透過蝦皮支付監控臺人 https://reurl.cc/a9yY7G 未取得電子支付執照 蝦皮：誠懇接受、用戶權益不受影響 https://www.chinatimes.com/realtimenews/20210813004855-260410?chdtv 蝦皮支付喊卡，金管會廢除電支業務許可！電商巨頭未來如何解決金流問題 https://www.bnext.com.tw/article/64501/shopee-digital-payment 街口胡亦嘉恐踩金管會新規 5年不得回鍋電子支付業 https://www.cna.com.tw/news/firstnews/202108110296.aspx 金管會正式廢止許可 蝦皮支付連第3方支付都不能做 https://udn.com/news/story/7239/5672342 電子支付免逐一綁定 銀行首推一站式錢包綁定功能 https://udn.com/news/story/7239/5650018 電支電票共用平台「一嗶搞定」！　新《電子支付機構管理條例》更便利 https://finance.ettoday.net/news/2038405 東方電子支付惡意扣款 一填銀行卡就強扣 https://news.sina.com.tw/article/20210813/39572656.html 全球日均逾2萬次電子付款失敗　造成1185億美元經濟損失 https://reurl.cc/VEVxoN 歐買尬轉型有成 歐付寶電子支付明年H1公開發行 https://ec.ltn.com.tw/article/breakingnews/3632779 越南VNLife憑行動支付、旅遊、新零售業務，成越南第二大獨角獸 https://www.chinatimes.com/realtimenews/20210813000004-260412?chdtv 中國人行：數位人民幣將會與實體貨幣、電子支付共存！試辦交易已累積逾7千萬筆 https://www.bnext.com.tw/article/63980/china-digital-currency-and-traditional-currency 疫情帶動嗶經濟 六成消費者使用三種以上行動支付 https://udn.com/news/story/7239/5664077 永豐建構零現金校園　成大導入行動支付 https://www.cardu.com.tw/news/detail.php?43975 概念股夯什麼？從零開始的IT圖鑑：電子貨幣、行動支付、虛擬貨幣、區塊鏈，一次看懂 https://www.thenewslens.com/article/154582 行動支付業者 Square 收購澳洲金融新創 Afterpay 搶攻無信用卡先買後付消費市場 https://www.cool3c.com/article/163703 PayPal旗下行動支付公司Venmo推出加密返現工具 https://news.cnyes.com/news/id/4700249 Klarna 帶起歐洲「先買後付」新浪潮，為什麼不怕新客沒信用 https://buzzorange.com/techorange/2021/08/13/klarna-bnpl-credit-card/ 安全晶片/平台實現當前及未來支付型態 https://www.eettaiwan.com/20210720nt32-mobile-payment/ 雷蛇變魯蛇？Razer Pay電子錢包中止新加坡服務 https://www.chinatimes.com/realtimenews/20210812002199-260412?chdtv 4.加密貨幣/挖礦/區塊鍊/智能合約 資安 穩定幣USDC發行商Circle宣布將朝向正式銀行邁進 https://www.ithome.com.tw/news/146192 Hackers Steal Over $600 Million Worth of Cryptocurrencies from Poly Network https://thehackernews.com/2021/08/hacker-steal-over-600-million-worth-of.html 落漆！史上最大加密幣竊案6億美元　駭客無法銷贓又退回 https://today.line.me/tw/v2/article/x0eOv8 英雄？大反派？Poly駭客已還 2.6億美元 https://www.ptt.cc/bbs/DigiCurrency/M.1628756488.A.35A.html 全球去中心化金融領域最大規模竊案 駭客盜走6億美元加密幣 https://eteacher.edu.tw/ReadNews.aspx?id=4569 駭客返還28953枚ETH至Poly Network提供的多簽地址 https://news.cnyes.com/news/id/4702870?exp=a DAO Maker：駭客竊取700萬美元，總共5251名用戶受影響 https://news.cnyes.com/news/id/4702824 跨鏈加密貨幣交易平台 Poly Network遭駭，被竊資金高達 6.11 億美元 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9395 Neko Network攻擊報告發布：損失400萬美元，駭客已歸還180萬美元 https://news.cnyes.com/news/id/4703747?exp=a 史上最大加密貨幣竊案 駭客說只為「好玩」 https://turnnewsapp.com/livenews/global/A97604002021081222173027 上任不到4個月 幣安美國CEO宣佈辭職 https://ec.ltn.com.tw/article/breakingnews/3630401 駭客：已決定歸還資產，不再創建DAO組織 https://news.cnyes.com/news/id/4700500 駭客竊取25億加密貨幣 或DeFi領域史上最大盜竊行動 https://reurl.cc/2rq9Ln Duet Protocol核心成員：已接近掌握駭客的身份資訊，警告其歸還資金 https://news.cnyes.com/news/id/4698017 中國數位人民幣冬奧上路　美3議員呼籲抵制：小心被監視 https://www.setn.com/News.aspx?NewsID=979547 執行長為比特幣多頭總司令 Square打造比特幣硬體錢包 https://reurl.cc/kZAe9G 加密貨幣託管商 CYBAVO 完成 400 萬美元融資 佈局國際市場 https://money.udn.com/money/story/5635/5662962 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 大型IT顧問公司Accenture遭LockBit勒索軟體攻擊，強調已復原受害系統，但尚未證實是否支付贖金 https://www.ithome.com.tw/news/146157 數千 Facebook 帳號資訊遭全新 Android FlyTrap 惡意軟體竊取 https://www.twcert.org.tw/tw/cp-104-5003-d6b79-1.html 別以為M1加持Mac就不會中毒，駭客已將Windows的惡意軟體「移植」到M1 macOS平台上 https://www.techbang.com/posts/88132-hackers-have-crafted-malware-for-apples-m1-macos-platform 駭客正在敲門！84%企業機構 過去一年曾遭勒索病毒威脅 https://udn.com/news/story/7240/5660657 植入硬體木馬　後量子加密IC有效偵測駭客攻擊 https://www.edntaiwan.com/20210809nt01-a-post-quantum-chip-with-hardware-trojans/ Prometheus勒索軟體受害者能自救了！臺資安業者奧義智慧成功破解並提供解密工具 https://www.ithome.com.tw/news/146136 eCh0raix勒索軟體鎖定威聯通與群暉NAS發動攻擊，25萬臺設備恐成目標 https://www.ithome.com.tw/news/146141 Prometheus TDS https://blog.group-ib.com/prometheus-tds Anatomy of native IIS malware https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Anatomy-Of-Native-Iis-Malware-wp.pdf https://www.welivesecurity.com/2021/08/06/iistealer-server-side-threat-ecommerce-transactions/ https://www.welivesecurity.com/2021/08/09/iispy-complex-server-side-backdoor-antiforensic-features/ https://www.welivesecurity.com/2021/08/11/iiserpent-malware-driven-seo-fraud-service/ Praying Mantis dissecting an advanced memory-resident attack https://f.hubspotusercontent30.net/hubfs/8776530/TG1021%20-%20Praying%20Mantis%20Threat%20Actor.pdf Latest Dridex IOCs https://gist.github.com/silence-is-best/5ad67a155c221d95a1aa19c272c73478 https://twitter.com/James_inthe_box/status/1424734595245740033 APT attack using PDF documents https://asec.ahnlab.com/ko/26183/ Hunting for the sky-CNC (APT-C-48) https://mp.weixin.qq.com/s/dMFyLxsErYUZX7BQyBL9YQ UNC215: Spotlight on a Chinese Espionage Campaign in Israel https://www.fireeye.com/blog/threat-research/2021/08/unc215-chinese-espionage-campaign-in-israel.html New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices https://unit42.paloaltonetworks.com/ech0raix-ransomware-soho/ Vultur, with a V for VNC https://www.threatfabric.com/blogs/vultur-v-for-vnc.html Ficker Infostealer Malware https://blogs.blackberry.com/en/2021/08/threat-thursday-ficker-infostealer-malware Aggah Using Compromised Websites to Target Industry Across Asia, Including Taiwan Manufacturing Industry https://www.anomali.com/blog/aggah-using-compromised-websites-to-target-businesses-across-asia-including-taiwan-manufacturing-industry REvix - Pinchy Spider Linux Variant REvil https://otx.alienvault.com/pulse/6115d6ab092a2ec4d63d63ee?utm_medium=InProduct&utm_content=Email Affiliates Unlocked: Gangs Switch Between Different Ransomware Families https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-trends-lockbit-sodinokibi ReverseRat reemerges with a (Night)Fury New Campaign and New Developments https://blog.lumen.com/reverserat-reemerges-with-a-nightfury-new-campaign-and-new-developments-same-familiar-side-actor/ Bahamut's cyber espionage campaign in Kashmir https://mp.weixin.qq.com/s/oD1VQZBxgjL3rNeN72MJqg Massive New AdLoad Campaign Goes Entirely Undetected By Apple's XProtect https://labs.sentinelone.com/massive-new-adload-campaign-goes-entirely-undetected-by-apples-xprotect/ FlyTrap Android Malware Compromises Thousands of Facebook Accounts https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts/ Trash Panda as a Service: Raccoon Stealer steals cookies, cryptocoins, and more https://news.sophos.com/en-us/2021/08/03/trash-panda-as-a-service-raccoon-stealer-steals-cookies-cryptocoins-and-more/ Cinobi Banking Trojan Targets Users of Cryptocurrency Exchanges with New Malvertising Campaign https://www.trendmicro.com/en_us/research/21/h/cinobi-banking-trojan-targets-users-of-cryptocurrency-exchanges-.html?&web_view=true https://www.trendmicro.com/content/dam/trendmicro/global/en/research/21/h/cinobi-banking-trojan-targets-users-of-cryptocurrency-exchanges-with-new-malvertising-campaign/IOCs-Cinobi%20Banking%20Trojan%20Targets%20Cryptocurrency%20Exchange%20Users%20via%20Malvertising.txt TA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike https://isc.sans.edu/diary/rss/27738 IT Giant Accenture Hit by LockBit Ransomware; Hackers Threaten to Leak Data https://thehackernews.com/2021/08/it-giant-accenture-hit-by-lockbit.html Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic https://thehackernews.com/2021/08/bugs-in-managed-dns-services-cloud-let.html Beware! New Android Malware Hacks Thousands of Facebook Accounts https://thehackernews.com/2021/08/beware-new-android-malware-hacks.html Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities https://thehackernews.com/2021/08/ransomware-gangs-exploiting-windows.html Experts Shed Light On New Russian Malware-as-a-Service Written in Rust https://thehackernews.com/2021/08/experts-shed-light-on-new-russian.html Pakistan’s cyber-attack malware mutates, adopts nefarious new capabilities https://www.indiatoday.in/india/story/pakistan-s-cyber-attack-malware-mutates-adopts-nefarious-new-capabilities-1839772-2021-08-12 B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Apple to Scan Every Device for Child Abuse Content — But Experts Fear for Privacy https://thehackernews.com/2021/08/apple-to-scan-every-device-for-child.html 偵測iPhone、雲端防兒童色情 傳蘋果員工也反彈 https://news.ltn.com.tw/news/world/breakingnews/3636976 Telegram被用在雲端Windows Server發動挖礦攻擊 https://www.ithome.com.tw/news/146137 如何防止LINE駭客入侵？教你3招快速檢查LINE安全性設定 https://mrmad.com.tw/how-to-prevent-line-hacking 美國干預巴西5G　渲染華為威脅　中國：真正威脅是美國 https://reurl.cc/R0MVWg 紐約市疫苗App 漏洞百出易造假 https://www.worldjournal.com/wj/story/121385/5657131 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 小心 QNAP Qlocker 事件重演 !!!! Synology 發預警!! 提防 StealthWorker 攻擊 https://reurl.cc/j80Eyp 避免Synology NAS產品遭駭客攻擊，建議用戶強化帳號與密碼安全設定 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=9384 臉書以網頁抓取罪名關閉NYU研究團隊帳號，Mozilla批評臉書的指控子虛無有 https://www.ithome.com.tw/news/146063 從石油管線到醫院都被入侵， 駭客已成全球數位經濟大威脅 https://today.line.me/tw/v2/article/knVXVo 駭客集團靠一個美女健身教練假帳號，佈局數月騙到了國防承包商員工帳號 https://www.techbang.com/posts/88850-zian-detailed-how-the-hacking-group-tricked-defense-contractor 超猖狂！繼宏碁、鴻海、仁寶後 駭客攻擊技嘉伺服器 https://udn.com/news/story/7240/5655818?from=udn-ch1_breaknews-1-cate6-news 技嘉遭駭客攻擊，威脅洩漏INTEL AMD機密 https://disp.cc/amp/128-dX57 技嘉證實遭駭客攻擊 生產銷售營運未受影響 https://ec.ltn.com.tw/article/breakingnews/3630010 技嘉遭駭客攻擊！勒贖信曝光竊走112GB機密，業界籲：被駭並不丟臉 https://today.line.me/tw/v2/article/n7eVpK 評近40國譴責中共發動惡意網路攻擊 https://talk.ltn.com.tw/article/paper/1465702 中國推數據安全管理 醫療健康業將有監管方案 https://www.cna.com.tw/news/acn/202108110333.aspx 中企「塗鴉智能」被指涉收集數據 美媒稱恐危國安 https://udn.com/news/story/6809/5655384?from=udn-catebreaknews_ch2 美企掀撤資大陸潮 美聯社點出6重要關鍵 https://ctee.com.tw/news/global/499390.html 美國政府借力Google、微軟、AWS、資安公司推動網路防禦計畫 https://www.ithome.com.tw/news/146060 全面防堵勒索軟體 美國網安局與科技巨頭組防禦組織 https://reurl.cc/j80E81 中共駭客被揭偽裝伊朗人 襲擊以色列政府機構 https://reurl.cc/KAgW0y 中國武漢P4實驗室消失數據庫找到了！ 美情報機構抓出22,000個基因藍圖 https://newtalk.tw/news/view/2021-08-11/619135 有望解開新冠起源謎團？CNN：美國獲取武漢病毒實驗室大量基因數據，情報機構試圖破譯 https://www.storm.mg/article/3863458 聯合國報告 北韓仍持續發展核武飛彈計畫 https://www.rti.org.tw/news/view/id/2107754 俄國最囂張的駭客BlackMatter：沒犯案前先接受資安公司專訪透露犯案細節、還說要建立勒索生態圈 https://www.techbang.com/posts/89060-blackmatter-ransomware-darkside-revil 加拿大政府提案立法管控網路通訊服務平台上之有害內容 https://www.isda.org.tw/2021/08/06/a813249df048ac4c19a7ea18c21cd050/ Hackers Spotted Using Morse Code in Phishing Attacks to Evade Detection https://thehackernews.com/2021/08/hackers-spotted-using-morse-code-in.html Experts Believe Chinese Hackers Are Behind Several Attacks Targeting Israel https://thehackernews.com/2021/08/experts-believe-chinese-hackers-are.html Hackers Exploiting New Auth Bypass Bug Affecting Millions of Arcadyan Routers https://thehackernews.com/2021/08/hackers-exploiting-new-auth-bypass-bug.html Hackers Actively Searching for Unpatched Microsoft Exchange Servers https://thehackernews.com/2021/08/hackers-actively-searching-for.html Users Can Be Just As Dangerous As Hackers https://thehackernews.com/2021/08/users-can-be-just-as-dangerous-as.html Hacker Dubbed 'Mr White Hat' to Return Entire Stolen Crypto Fortune https://www.securityweek.com/hacker-dubbed-mr-white-hat-return-entire-stolen-crypto-fortune?utm_medium=feed Voltage Glitching Attack on AMD Chips Poses Risk to Cloud Environments https://cybersecdn.com/index.php/2021/08/13/voltage-glitching-attack-on-amd-chips-poses-risk-to-cloud-environments/ 歡迎資安人才主動投遞(資安技術或資安治理或資安顧問) https://www.104.com.tw/job/7chb2 資安系統工程師 https://www.104.com.tw/job/7ci3i 資安駐點人員（正職）(上班地點：臺北市) https://www.104.com.tw/job/7cm3c 資安技術顧問-中芯 https://www.104.com.tw/job/7clyw 網路暨資安管理工程師 https://www.104.com.tw/job/7c4yx 【資訊專才】網路暨資安規劃師 https://www.104.com.tw/job/7clcb D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 釣魚郵件攻擊出現新手法，駭客採用摩斯編碼、ASCII等多種編碼來混淆附件內容 https://www.ithome.com.tw/news/146181 疑港中人士幕後操控 駭慈善社團、詐捐款人 騙財逾千萬 https://news.ltn.com.tw/news/society/paper/1466415 詐團駭24家慈善社團網頁 有捐款人被詐高達57萬 https://news.ltn.com.tw/news/society/breakingnews/3637056 傳Amazon考慮監視客服員工打字以防止客戶個資外洩 https://www.ithome.com.tw/news/146187 抓到了! 大量入侵社群媒體 中國串350個假帳號同步進行大外宣 https://newtalk.tw/news/view/2021-08-06/616492 工程師偷推看心儀女性個資，祖克柏也沒在管！Facebook為何一步步變成社群毒藥 https://www.bnext.com.tw/article/64418/facebook-mark-zuckerberg-lose-trust- 財富500強埃森哲遭比特幣勒索軟體攻擊，數據已在暗網泄露 https://news.cnyes.com/news/id/4701656 反盧卡申科駭客組織稱獲取到了白俄羅斯高級官員的個人數據 https://reurl.cc/dGZ3yy 東奧詐騙成新犯罪話題！詐騙貼圖、偽線上直播，惡意連結一周逾萬筆 https://www.techbang.com/posts/88865-more-than-10000-olympic-related-malicious-transactions-in-week 近日有偽裝計網中心之Email詐騙釣魚信件，敬請使用者注意防範 https://cc.ncku.edu.tw/p/404-1002-216335.php?Lang=zh-tw E.研究報告/工具 Akamai：關於DDoS防護的9大迷思 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=12&aid=9377 美國資安業者SentinelLabs揭露新資料抹除程式Meteor https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=9381 讓專業的來: 因應勒索軟體侵襲策略 feat. Jack https://player.soundon.fm/p/8fdc3e51-8bfb-4bfa-9c65-8ea2ce5a6eb7/episodes/637ffdaa-e5f2-422e-b5b7-56b416f1250b How Companies Can Protect Themselves from Password Spraying Attacks https://thehackernews.com/2021/08/how-companies-can-protect-themselves.html New sophisticated RAT in town: FatalRat analysis https://cybersecurity.att.com/blogs/labs-research/new-sophisticated-rat-in-town-fatalrat-analysis Put in one bug and pop out more:An effective way of bug hunting in Chrome https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Leecraso-Put-In-One-Bug-And-Pop-Out-More-An-Effective-Way-Of-Bug-Hunting-In-Chrome.pdf BlackHat 2021 - Crashing Your Way to Medium IL - Exploiting the PDB Parser for Privilege Escalation https://github.com/galdeleon/Conferences Vice Society Leverages PrintNightmare In Ransomware Attacks https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html Go-Shellcode - A Repository Of Windows Shellcode Runners And Supporting Utilities https://www.kitploit.com/2021/08/go-shellcode-repository-of-windows.html Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising https://www.trendmicro.com/en_us/research/21/h/cinobi-banking-trojan-targets-users-of-cryptocurrency-exchanges-.html?utm_medium=smk F.商業 Check Point Software 年中資安報告：三重勒索、供應鏈攻擊及遠端網路攻擊較去年同期增加 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9373 考慮EDR端點安全防護需求時的要點 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9382 Sophos 收購 Refactr 以利用安全協調自動化和回應功能 https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=9376 戴夫寇爾獲資安界奧斯卡 Pwnie Awards 最佳伺服器漏洞獎 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9374 中華資安國際IoT檢測 打造智慧城市防護網 https://ctee.com.tw/industrynews/technology/502093.html 資安防火牆／原生安全策略 建構資訊防護網 https://money.udn.com/money/story/8944/5670319?from=edn_catenewest_story Zyxel成為台灣首家獲得CNA成員資格之上市公司 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000615912_2E98USBC2IIAA91QI5BSW 阻程式暴力登入抓掃　保會員體驗抗詐欺 網站電商防駭侵　AI揪惡意爬蟲 https://www.netadmin.com.tw/netadmin/zh-tw/market/ECD656D8C1AF4DC08C1702C61EEE781A 微軟準備於桌面版Edge實驗「超強安全模式」，關閉JIT https://ithome.com.tw/news/146067 安碁董事長施宣輝分享疫後新常態　入手特斯拉Model 3一句話形容 https://www.mirrormedia.mg/story/20210806fin006/ 雲端中心的自動化趨勢：導入機器人維護系統，讓員工遠端管理機房 https://buzzorange.com/techorange/2021/08/10/data-center-automation/ G.政府 提升資安聯防 桃捷攜手調查局簽署資安聯防MOU https://reurl.cc/nog3zv 數位身分證｜人權團體憂資安疑慮　要求訂專法！讓人民可以自行選擇 https://tw.appledaily.com/politics/20210813/IEWB6FWFTBHJJBXFNRDSLZMQ6A/ 北榮AI中心啟用 推動醫療人工智慧 https://reurl.cc/W39mLk 北市府X國研院國網中心 簽署「2nd Taipei合作備忘錄」實現市政服務不中斷 https://times.hinet.net/news/23451666 李德財：防疫新常態下的資安防護啟示 https://www.wealth.com.tw/home/articles/33285 五倍券確定實體、數位版都有！行政院發言人3個論點解釋「為何不發現金？」 https://www.bnext.com.tw/article/64457/5000-promotion-coupon-2021 就是不發現金！五倍券擬「先出數位版」 商家怨：非人人都有電子支付 https://reurl.cc/eEY2gm 薪資差民間一大截 官署難覓資安人才 https://news.ltn.com.tw/news/politics/paper/1465717 三成五資安人力配置不足 公務機關恐難擋中國網攻 https://news.ltn.com.tw/news/politics/paper/1465715 科技偵查法疊床架屋反而淪為個資破口？立委籲設專責監理機關保障民眾個資 https://reurl.cc/VEVxzZ 衛福部另推疫苗證明「保障隱私」 健保署強調：很重視資安 https://news.ltn.com.tw/news/life/breakingnews/3634155 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識 相關資安 A Critical Random Number Generator Flaw Affects Billions of IoT Devices https://thehackernews.com/2021/08/a-critical-random-number-generator-flaw.html 破壞性惡意軟體大流行　工控系統恐成企業弱點 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=1&id=0000616982_KHH8AOIQ9SI20C1233RVQ 工業物聯網伴隨資安隱憂　強化營運科技安全為關鍵 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000616256_fvn1z4l867tonz5g4mn3k IoT and its Current Issues of Safety by Arthur Rowley https://hakin9.org/iot-and-its-current-issues-of-safety/ I.教育訓練 你離駭客只差一個Kali--虛擬機器安裝Kali Linux https://iasui.com/sports/353688.html 企業資安線上系列講座－零時差攻擊與勒索軟體的連結 https://www.netadmin.com.tw/netadmin/zh-tw/video/390FA566CB5B41FBB88AA3A0420B4584 Why Is There A Surge In Ransomware Attacks https://thehackernews.com/2021/08/why-is-there-surge-in-ransomware-attacks.html 6.近期資安活動及研討會 第六屆臺灣好厲駭徵選活動 8 月 16 日(一)中午 12 點截止 https://isip.moe.edu.tw/wordpress/?p=2201 解鎖MarTech關鍵戰略 8/18 https://www.accupass.com/event/2107280956181066268985 中華電信學院 物聯網實作研習班 (3天班)第9梯 8/18 ~ 8/20 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=353 2021兒童邏輯程式營│不插電程式× Dash機器人 8/23 ~ 8/27 https://www.accupass.com/event/2104200927355518736600 【數位同步】資安事件處理與數位鑑識實務 8/23 ~ 8/24 https://college.itri.org.tw/course/all-events/A5D5BF91-59FC-40D5-BE97-B7FE58AD612E.html 生醫軟性感測貼片技術發展及資安研討會 8/25 https://sensors-ic.nctu.edu.tw/fppgsensorpatch/seminar.html 聊天機器人開發－你的口袋電影百科 8/25 https://www.accupass.com/event/2107300457311258309333 2021國泰金控技術年會-跨界雲端新常態 8/26 https://www.accupass.com/event/2107221002434542934180 歐盟資安法案及資安認證架構線上研討會 9/1 https://www.taics.org.tw/RecentACTForm.aspx?ACTCat_id=1&ACT_id=13166 SP-ISAC 資安沙龍 9/3 https://www.sipa.gov.tw/home.jsp?mserno=201001210001&serno=201001210002&menudata=ChineseMenu&contlink=ap/information_1_view.jsp&dataserno=202108110004 學生計算機年會 SITCON 2021 9/4 https://sitcon.org/2021/ 一日資訊人體驗 / 程式驅動 「資安工程師職涯體驗工作坊」 9/11 https://www.accupass.com/event/2103311106541674023956 中華電信學院 自主式移動機器人ROS開發實戰班 09/22、09/23、10/07、10/08 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=318 2021 Code for Gender 性別駭客松 9/26 https://codeforgender.com/events/202109 Golang Taipei Gathering #58 9/28 https://www.meetup.com/golang-taipei-meetup/events/277604159/ Cyber Defense Summit 2021 Oct. 4-7, 2021 https://summit.fireeye.com/ 中華電信學院 委外廠商安全程式碼撰寫基礎測驗班 10/12 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=424 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=425 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=426 中華電信學院 樹莓派學開車，手把手實做人工智慧自駕車 板橋第四梯 10/21 ~ 10/22 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=317 2021 MOPCON 行動科技年會 10/23 ~ 10/24 https://www.accupass.com/event/2107211505081465802842 【資安學院】資安事故處理實務 10/27 https://www.cisanet.org.tw/News/activity_more?id=MjY0NA== 【資安學院】國際資安標準與攻擊趨勢分享 11/10 https://www.cisanet.org.tw/News/activity_more?id=MjY3OA== HITCON 2021 台灣駭客年會 11/26 ~ 11/27 https://kktix.com/events/hitcon-2021/ 中華電信學院 委外廠商安全程式碼撰寫基礎測驗班 12/14 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=427 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=428 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=429