資安事件新聞週報 2021/7/26 ~ 2021/7/30
1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 發布Intersight Virtual Appliance 軟體安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/07/22/cisco-releases-security-updates
國內網路産品製造大廠修復路由器密碼硬編寫暨多個RCE嚴重漏洞
https://www.twcert.org.tw/tw/cp-104-4945-a841f-1.html
Oracle 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/oracle-releases-july-2021-critical-patch-update
FortiClient for Mac 6.4.3 及以下版本 CVE-2021-26089
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-26089
FortiMail 6.4.0 到 6.4.4 和 6.2.0 到 6.2.7
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-24020
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-24007
Citrix Application Delivery Controller、Citrix Gateway 和 Citrix SD-WAN WANOP Edition 的安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/citrix-releases-security-updates
D-LINK DIR-3040 1.13B03
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-21820
Kaseya VSA
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-30118
微軟七月 Patch Tuesday 資安修補包,修復 117 個漏洞,包括 9 個 0-day 漏洞
https://blog.twnic.tw/2021/07/30/19459/
Windows 11 推出第一個 Beta 版,持續改善穩定性並修除 Bug
https://www.kocpc.com.tw/archives/395979
Windows 10驚傳一般使用者也能讀取SAM組態檔的弱點
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934
Microsoft Windows Defender
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-34464
Microsoft Exchange Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-31206
Adobe 已發布安全更新,以解決多個 Adobe 產品中的弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/adobe-releases-security-updates-multiple-products
Apple 修復已遭大規模濫用的 iPhone、Mac 0-day 漏洞
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9367
Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices
https://thehackernews.com/2021/07/apple-releases-urgent-0-day-bug-patch.html
New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email
https://thehackernews.com/2021/07/new-bug-could-let-attackers-hijack.html
Several Bugs Found in 3 Open-Source Software Used by Several Businesses
https://thehackernews.com/2021/07/several-bugs-found-in-3-open-source.html
Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code
https://thehackernews.com/2021/07/wake-up-identify-api-vulnerabilities.html
How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability
https://thehackernews.com/2021/07/how-to-mitigate-microsoft-windows-10-11.html
2.銀行/金融/保險/證券/支付系統/ 新聞及資安
全球人壽推遠距投保 資安零死角
https://stock.pchome.com.tw/report/cat0/20210729/162756897035.html
國泰金推「CaaS平台」 5數位場景搶異業商機
https://finance.ettoday.net/news/2043420
國泰人壽導入金控戰情室文化,逾300人居家辦公團隊如何打造一站式遠距投保平臺
https://www.ithome.com.tw/news/145916
國泰金跨業合作 攻金融數位
https://ctee.com.tw/news/finance/495588.html
CaaS生態圈整合國泰金 聯卡中心手機變刷卡機
https://www.cardu.com.tw/news/detail.php?43881
保險業接軌IFRS17衝擊大!總成本達百億元 2大重點攸關轉型成敗
https://finance.ettoday.net/news/2044094
中國北京順義迎全國首家外商獨資保險資管公司開業 首都金融開放持續領跑
http://bj.people.com.cn/BIG5/n2/2021/0731/c82839-34846563.html
國銀數位存款帳戶 掀起風潮
https://reurl.cc/vqbzvj
擔心網路駭客勒索現在可買保險自保!以色列保險科技新創成獨角獸
https://www.chinatimes.com/realtimenews/20210731000015-260412?chdtv
壽險業試辦遠距投保 金管會視情形研議常態化
https://udn.com/news/story/7239/5631894
疫情效應 數位帳戶年增七成
https://money.udn.com/money/story/5613/5632009
金融機構不只要抗疫 更要防堵資安威脅
https://view.ctee.com.tw/monetary/31117.html
這類公司易成網路勒贖肥羊 想買資安險恐四處碰壁
https://money.udn.com/money/story/121854/5632710
金融科技創新園區首推「數位沙盒遠距eKYC實證專區」
https://money.udn.com/money/story/5613/5633610
「視訊投保」有望成投保新常態! 金管會研擬共同規範
https://finance.ettoday.net/news/2041838
國發基金系統遭中國駭客入侵
https://www.ithome.com.tw/news/145904
銀行的資安犯罪《禍駭:網路犯罪世界的第一手紀實》書摘(2)
https://www.storm.mg/article/3804297?page=1
聯卡中心紓困店家 不縮手
https://udn.com/news/story/7239/5639828
Deep dive into a FIN8 attack
https://businessinsights.bitdefender.com/deep-dive-into-a-fin8-attack-a-forensic-investigation
3.電子支付/行動支付/pay/資安
一場洪災 讓依賴行動支付的中國人傻眼了
https://reurl.cc/mLbONA
立委籲發數位振興券 藉以推廣行動支付
https://reurl.cc/yEb8l8
刷手機輕鬆搭車!客運9月起推行動支付 公車明年加入
https://news.ltn.com.tw/news/life/breakingnews/3610349
電支電票共用平台「一嗶搞定」! 新《電子支付機構管理條例》更便利
https://finance.ettoday.net/news/2038405
電子支付業務風波不斷 PayPal遭SEC、美消保局調查
https://news.cnyes.com/news/id/4690394
香港$5000消費券首輪週日發放 電子支付平台:有方法防止套現
https://unwire.hk/2021/07/30/siufaikuen/fun-tech/
香港首輪2千元消費券明天派發 有餐飲集團增設八達通支付
https://reurl.cc/83AaLR
香港18歲以上 普發1.8萬元電子消費券
https://reurl.cc/LbxOL7
台專家:依賴電子支付 無法應變極端氣候
https://www.epochtimes.com/b5/21/7/28/n13121728.htm
蝦皮增資 台民團籲投審會駁回
https://www.epochtimes.com/b5/21/7/29/n13124393.htm
4.加密貨幣/挖礦/區塊鍊/智能合約 資安
烏克蘭央行正式獲准發行數字貨幣
https://news.cnyes.com/news/id/4691395
德國將允許特定機構基金持有最多20%加密貨幣
https://reurl.cc/XWr8yj
美擬對加密貨幣交易課稅 為基建法案籌財源
https://news.cnyes.com/news/id/4690396
疫後虛幣大爆發!加密貨幣煉金,虛擬資產變財富實境
https://www.gvm.com.tw/article/81327
芬蘭海關尋求加密貨幣經紀商幫助其出售扣押的比特幣
https://news.cnyes.com/news/id/4690380
最大加密貨幣交易所幣安創辦人將卸任,尋求更懂法規的新任執行長
https://finance.technews.tw/2021/07/28/binance-seek-new-ceo-for-better-regulation/
PayPal將推出擁有加密貨幣功能的超級應用錢包
https://news.cnyes.com/news/id/4689446
支付巨頭 PayPal 將推出支持加密貨幣功能的錢包應用,計劃未來幾個月在美國全面推廣
https://news.cnyes.com/news/id/4689727
加密貨幣 北京可能禁止持有
https://udn.com/news/story/7333/5629397
比特幣還能買嗎?給新手的加密貨幣投資指南
https://reurl.cc/yEb80y
亞馬遜有意加密貨幣 但否認年底前接受比特幣付款
https://www.cna.com.tw/news/aopl/202107270108.aspx
LTN經濟通》穩定幣爆發式成長 成加密貨幣主流
https://ec.ltn.com.tw/article/breakingnews/3616690
加密貨幣投資安全關鍵六問!幣安平台踢鐵板 投資人好像走鋼索
https://www.wealth.com.tw/home/articles/32791
加密貨幣交易量雪崩 專家揭恐還有拋售潮
https://ctee.com.tw/news/global/488308.html
比特幣遲早歸零!專家:加密貨幣是現代史上最大集體妄想
https://ec.ltn.com.tw/article/breakingnews/3612484
富國銀行已開始向高淨值客戶提供加密貨幣敞口
https://news.cnyes.com/news/id/4691500
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
Sophos 發現鎖定 Discord 聊天平台的惡意軟體
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=12&aid=9359
中國駭客組織濫用Proxylogon漏洞,在Exchange伺服器植入木馬程式Thor
https://www.ithome.com.tw/news/145927
SentinelLabs在伊朗火車系統攻擊事件中,發現前所未見的資料抹除程式
https://www.ithome.com.tw/news/145956
No More Ransom專案5年來已協助勒索軟體受害者省下10億歐元的成本
https://www.ithome.com.tw/news/145887
Wiper luring the Olympic Game
https://www.mbsd.jp/research/20210721/blog/
Kimsuky's secret stealing activities in the first half of 2021
https://mp.weixin.qq.com/s/og8mfnqoKZsHlOJdIDKYgQ
FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data
https://blogs.quickheal.com/formbook-malware-returns-new-variant-uses-steganography-and-in-memory-loading-of-multiple-stages-to-steal-data/
XLoader, a macOS Malware-as-a-Service Info Stealer and Keylogger
https://www.sentinelone.com/blog/detecting-xloader-a-macos-malware-as-a-service-info-stealer-and-keylogger/
https://research.checkpoint.com/2021/time-proven-tricks-in-a-new-environment-the-macos-evolution-of-formbook/
THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group
https://unit42.paloaltonetworks.com/thor-plugx-variant/
Trickbot gtag rob112 spread through emails
https://twitter.com/Unit42_Intel/status/1420035517668806672
https://github.com/pan-unit42/tweets/blob/master/2021-07-26-Trickbot-gtag-rob112.txt
LemonDuck and LemonCat, modern mining malware infrastructure
https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/
https://github.com/craiu/iocs/blob/main/lemonduck/hashes.txt
Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems
https://thehackernews.com/2021/07/microsoft-warns-of-lemonduck-malware.html
2021 Ransomware Families
https://unit42.paloaltonetworks.com/ransomware-families/
MeteorExpress, Mysterious Wiper Paralyzes Iranian Trains with Epic Troll
https://labs.sentinelone.com/meteorexpress-mysterious-wiper-paralyzes-iranian-trains-with-epic-troll/
https://github.com/SentineLabs/meteor-express/blob/main/apt_ZZ_MeteorExpress_Hashes.txt
TA456 Targets Defense Contractor with Alluring Social Media Persona
https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media
Oscorp evolves into UBEL: an Android malware spreading across the globe
https://www.cleafy.com/cleafy-labs/ubel-oscorp-evolution
Crimea manifesto deploys VBA Rat using double attack vectors
https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/
Experts Uncover Several C&C Servers Linked to WellMess Malware
https://thehackernews.com/2021/07/experts-uncover-several-c-servers.html
A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System
https://thehackernews.com/2021/07/a-new-wiper-malware-was-behind-recent.html
Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers
https://thehackernews.com/2021/07/phony-call-centers-tricking-users-into.html
New Ransomware Gangs — Haron and BlackMatter — Emerge on Cybercrime Forums
https://thehackernews.com/2021/07/new-ransomware-gangs-haron-and.html
New Android Malware Uses VNC to Spy and Steal Passwords from Victims
https://thehackernews.com/2021/07/new-android-malware-uses-vnc-to-spy-and.html
Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs
https://thehackernews.com/2021/07/hackers-exploit-microsoft-browser-bug.html
UBEL is the New Oscorp — Android Credential Stealing Malware Active in the Wild
https://thehackernews.com/2021/07/ubel-is-new-oscorp-android-credential.html
Hackers Turning to 'Exotic' Programming Languages for Malware Development
https://thehackernews.com/2021/07/hackers-turning-to-exotic-programming.html
Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software
https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html
APT Hackers Distributed Android Trojan via Syrian e-Government Portal
https://thehackernews.com/2021/07/apt-hackers-distributed-android-trojan.html
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
強化通訊軟體Line安全性建議
https://www.ntus.edu.tw/cht/index.php?code=list&flag=detail&ids=81&article_id=24395
手機遭駭 政府三不管
https://www.chinatimes.com/opinion/20210730004149-262104?chdtv
LINE 遭駭客入侵、立刻檢查2項設定!Letter Sealing、自動加好友
https://kikinote.net/160571
台灣百名政要 LINE 驚傳遭入侵!快檢查 2 項設定堵住破口
https://3c.ltn.com.tw/news/45332
讓台灣百名政要「LINE個資」淪陷!三招避免手機被「飛馬」入侵
https://3c.ltn.com.tw/news/45335
手機防駭客入侵 國安局建議:每周關機1次
https://reurl.cc/a9bYq4
美政要傳授:挫敗頂級手機黑客 只需簡單兩步
https://www.ntdtv.com/b5/2021/07/28/a103176667.html
手機警告「被不明來源入侵攻擊」 網曝真相:點了才出事
https://news.tvbs.com.tw/life/1555804
別怕實聯個資外洩!疫調輔助平台1周上線 讓民眾「反向追蹤」誰查你
https://tw.appledaily.com/life/20210727/2SZ4TP55URB4FIPQVERS3AZMDA/
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件
不只加速轉型,CIO更要面對新常態2大考驗
https://www.ithome.com.tw/news/145819
秘書、助理需留意的3種網路威脅
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9363
天才駭客張啟元後來怎麼了
https://pttgopolitics.com/gossiping/M.1627571976.A.548.html
我第一次聽到駭客入侵帳號是為了發奧運文的
https://forum.gamer.com.tw/C.php?bsn=60076&snA=6493402&tnum=6
林昀儒爭銅落敗!粉絲團貼文出包 立委撇蹭錯喊冤「駭客入侵」
https://tw.appledaily.com/sports/20210731/7Y7IIM3Q6RBLLBAUVSIXZ3EDVY/
林昀儒爭銅牌失利卻祝賀摘銅 張廖萬堅喊冤質疑遭「駭客入侵」
https://www.chinatimes.com/realtimenews/20210731003211-260407?chdtv
Barracuda找出被駭客認定的「容易中招的網民」
https://reurl.cc/gWbA6L
「想哭」攻擊《禍駭:網路犯罪世界的第一手紀實》
https://www.storm.mg/article/3804597
Google 準備刪除休眠開發者帳號與沒有更新的停滯應用程式
https://www.kocpc.com.tw/archives/395767
第三次世界大戰將在網路爆發 CNN披露台灣如何厲兵秣馬
https://www.chinatimes.com/realtimenews/20210728002234-260408?ctrack=mo_main_rtime_p01&chdtv
【來自網路世界的第三次世界大戰!】台灣資安專家警告:當心半導體產業成為目標
https://buzzorange.com/2021/07/28/china-hacker-2/
美國FBI警訊:提防駭客對東京奧運發動攻擊
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=9354
使用受害電腦現成的合法工具,掩蓋攻擊行動
https://www.ithome.com.tw/news/145950
國家級駭客策動攻擊 澳洲通訊局長:中國已越界
https://www.cna.com.tw/news/aopl/202107300132.aspx
以色列政府開始調查境內駭客公司NSO Group的行為
https://www.ithome.com.tw/news/145929
美專家:中國武攻台灣 恐需動員200萬軍力
https://www.secretchina.com/news/b5/2021/07/29/979484.html
美國國防部靠「自駭」來化解美軍的 AI弱點
https://www.inside.com.tw/article/24342-the-pentagon-is-bolstering-its-ai-systems-by-hacking-itself
美國總統拜登首次對情報部門講話 首要關切中共威脅
https://reurl.cc/O0aNM7
公開譴責中國駭客作亂 美中網路戰開打
https://www.ftvnews.com.tw/news/detail/2021729W0236
警告中俄!拜登:駭客攻擊會導致真槍實彈
https://ptthito.com/ia/m-1627430043-a-749/
中國大陸工信部與12家網企座談 要求資安責任
https://turnnewsapp.com/livenews/china/A09622002021073016354629
Chinese Hackers Implant PlugX Variant on Compromised MS Exchange Servers
https://thehackernews.com/2021/07/chinese-hackers-implant-plugx-variant.html
Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees
https://thehackernews.com/2021/07/hackers-posed-as-aerobics-instructors.html
New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains
https://thehackernews.com/2021/07/new-petitpotam-ntlm-relay-attack-lets.html
Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims
https://thehackernews.com/2021/07/kaseya-gets-universal-decryptor-to-help.html
資安專案管理人員
https://www.518.com.tw/job-y3qWq5.html
資安維運工程師(高雄)
https://www.104.com.tw/job/7c53r
海外資安管理人員
https://www.104.com.tw/job/7c4jx
資安駐點工程師(台中霧峰)-無經驗可
https://www.104.com.tw/job/7c457
資安管理工程師(台灣山葉機車關係企業)
https://www.518.com.tw/job-yOZ5JE.html
資安管理師
https://www.1111.com.tw/job/97484269/
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌
風靡一時的 Clubhouse 爆出資安危機 38億組電話號碼流入暗網
https://reurl.cc/pgbNYQ
臉書將以 AI 蒐集未成年個資,嚴格審查謊報年齡註冊問題
https://www.inside.com.tw/article/24333-facebook-and-instagram-update-policy-in-order-to-protect-teen-safety
中國籍配偶散布淡大情侶、老師確診等謠言 遭調查局法辦
https://news.ltn.com.tw/news/society/breakingnews/3616909
比起假新聞,浸泡在「歐威爾式」言論環境對真相才是更大傷害
https://www.thenewslens.com/article/154310
韓擬立假新聞法 爭下月通過
https://reurl.cc/eEb2bR
假新聞和新冠病毒一樣,無法消滅只能共存
https://reurl.cc/Q9lql0
專訪劉致昕《真相製造》:假新聞的仇恨操弄可以化解嗎
https://global.udn.com/global_vision/story/8664/5611597
破碎的自由…港記協反訂立「假新聞法」
https://udn.com/news/story/7331/5604845
BBC籲中國停止騷擾外國記者 趙立堅竟批散布假新聞
https://news.ltn.com.tw/news/world/breakingnews/3621111
印度媒體炮製假新聞攻擊中國舉重 WADA:一無所知
https://news.sina.com.tw/article/20210731/39418756.html
網路詐騙、不雅照恐嚇 班森賀華人頻受害
https://www.worldjournal.com/wj/story/121390/5640369
相信愛情7旬老婦掉入網路詐騙 家屬來信感謝警即時攔阻
https://tyenews.com/2021/07/135608/
交友、網購、投資網頁都有可能是詐騙!安裝一個功能,幫你秒篩檢可疑網址
https://www.storm.mg/lifestyle/3823123
台中女差點當上陳其邁兒媳!超爆笑網路詐騙 高市府回應了
https://www.chinatimes.com/realtimenews/20210718002136-260402?chdtv
愛情來了?網路詐騙交友買3萬點數 可跟台灣辣妹見面
https://www.chinatimes.com/realtimenews/20210720002468-260402?chdtv
網路假交友真詐騙 崙背警即時成功攔詐
https://reurl.cc/qgbRqR
瞎爆!網路購物超取詐騙多 包裹出現「這3字」千萬別拿
https://news.housefun.com.tw/news/article/119852305452.html
郭婞淳「婞念」T恤照遭盜 詐騙網站買1送1優惠拐粉絲上當
https://www.chinatimes.com/realtimenews/20210731002099-260402?chdtv
電信詐騙網路賭博大要案驚現高學歷犯罪
https://news.sina.com.tw/article/20210728/39362402.html
不請自來包裹藏危機 貨到付款詐騙新手法
https://www.cardu.com.tw/news/detail.php?43887
詐騙新招! 網購手機"調虎離山"詐領
https://news.cts.com.tw/cts/society/202107/202107312051356.html
Best Practices to Thwart Business Email Compromise (BEC) Attacks
https://thehackernews.com/2021/07/best-practices-to-thwart-business-email_29.html
Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring
https://thehackernews.com/2021/07/dutch-police-arrest-two-hackers-tied-to.html
Bank of New Zealand response to the data breach
https://www.rbnz.govt.nz/our-response-to-data-breach
Reserve Bank of New Zealand Incident Assessment
https://www.rbnz.govt.nz/-/media/ReserveBank/Files/data-breach/kpmg-incident-assessment.pdf
E.研究報告/工具
讓企業陷入風險的五大ACTIVE DIRECTORY 設定錯誤
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9353
#32 / S2EP007 / 主題:政府請做好簡訊實聯制與疫苗平台的資安工作 (1100718-社會事正經撩-第32集)
https://open.firstory.me/story/ckrq6wtnd735y0910qoemg961
讓專業的來: AppleJeus惡意程式分享 Feat.王仁甫
https://player.soundon.fm/p/8fdc3e51-8bfb-4bfa-9c65-8ea2ce5a6eb7/episodes/74827719-752a-4573-805a-f640ee2225ed
EP2-駭客攻擊這麼狠,企業你準備好了嗎?(資安系列1)
https://podcasts.apple.com/podcast/id1570591707?i=1000530121965
Several Malicious Typosquatted Python Libraries Found On PyPI Repository
https://thehackernews.com/2021/07/several-malicious-typosquatted-python.html
BIMI: A Visual Take on Email Authentication and Security
https://thehackernews.com/2021/07/bimi-visual-take-on-email.html
ProtOSINT - Python script that helps you investigate Protonmail accounts and ProtonVPN IP addresses
https://hakin9.org/protosint-python-script-that-helps-you-investigate-protonmail-accounts-and-protonvpn-ip-addresses/
Windows 10 now lets you install WSL with a single command
https://cybersecdn.com/index.php/2021/07/31/windows-10-now-lets-you-install-wsl-with-a-single-command/
「IE」の脆弱性を利用した新たなサイバー攻撃が見つかる ソーシャルエンジニアリングとの併用も確認
https://www.itmedia.co.jp/enterprise/articles/2107/30/news132.html#utm_term=share_sp
bilalmerokhel / bugbounty
https://github.com/bilalmerokhel/bugbounty/blob/main/HTTP-Headers-And-Tricks
LightMe - HTTP Server Serving Obfuscated Powershell Scripts/Payloads
https://www.kitploit.com/2021/07/lightme-http-server-serving-obfuscated.html
CVE-2021-3490 – Pwning Linux kernel eBPF on Ubuntu machines
https://securityaffairs.co/wordpress/120688/hacking/cve-2021-3490-linux-kernel-bug.html
The Incredible Rise of North Korea’s Hacking Army
https://www.newyorker.com/magazine/2021/04/26/the-incredible-rise-of-north-koreas-hacking-army
F.商業
碩天科技通過 CREST滲透測試 強化PowerPanel Cloud 雲服務的資安信心
https://www.onwardsecurity.com/laboratory/item/57
精誠雲服務平台Q3上線 估營收占比上看2成
https://money.udn.com/money/story/5613/5636605
Sophos強化資安 推網路攻擊模擬及培訓方案
https://reurl.cc/j84Evm
奧義智慧居家辦公專案 AI即時資安防護
https://money.udn.com/money/story/5640/5634367
蓋亞資訊成功防禦Tb級惡意流量DDoS攻擊
https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=50&id=0000615770_YWP6UJZA8ZNCBRL4TGWCK
迎接混合工作模式時代!惠普收購遠端訪問軟體商Teradici
https://news.cnyes.com/news/id/4688553
熵碼科技助聯網裝置符合最新FIDO標準 滿足資安需求
https://udn.com/news/story/7240/5633697
Openfind 攜手中華電信提供 S/MIME 電子郵件簽章服務,疫情下守護企業資安
https://www.openfind.com.tw/taiwan/news_detail.php?news_id=10286
G.政府
針對政府機關發動的「此類型」攻擊佔今年第一季70%
https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9350
資策會研發工控資安的防疫利器-ICTD 參加國際評測MITRE ATT&CK for ICS 表現亮眼
https://www.iii.org.tw/Press/NewsDtl.aspx?nsp_sqno=2362&fm_sqno=14
國考因應疫情 考選部次長建議8項數位轉型
https://www.cna.com.tw/news/aipl/202107300093.aspx
傳政要LINE遭駭 資安專家提醒2招自保
https://reurl.cc/kZbe79
台灣百名政要通訊軟件遭攻擊 專家:資安人才嚴重不足
https://udn.com/news/story/6656/5639460
政府高層LINE驚傳遭入侵!吳釗燮、唐鳳投書外媒呼籲「團結對抗網安威脅」
https://www.fountmedia.io/article/123667
德媒:台灣百名政要通訊軟件遭攻擊凸顯台資安隱憂
https://www.ntdtv.com/b5/2021/07/30/a103178538.html
LINE 驚傳遭到駭客入侵,府院高層等 100 多人帳號被鎖定
https://today.line.me/tw/v2/article/PRVzE0
蔡英文核心圈防駭路數解密 駭客入侵LINE也拿不到重要情資
https://www.storm.mg/article/3843872
傳朝野百餘名政要LINE遭駭 綠營:通訊分流提升安全
https://money.udn.com/money/story/5648/5633545?from=edn_breaknewstab_index
政要LINE遭駭 民進黨高層:早已使用不同通訊軟體保持分流
https://news.ltn.com.tw/news/politics/breakingnews/3619113
我國政要高層Line遭駭客入侵執法單位已著手調查
https://pourquoi.tw/2021/07/29/taiwan-news-20210729-2/
上百名府院與軍方高層政要LINE疑似遭駭 國安會介入調查
https://www.chinatimes.com/realtimenews/20210728001954-260412?chdtv
台灣百餘政要LINE遭駭 日本政府:國內未傳災情
https://udn.com/news/story/6809/5636556
內神通外鬼?! 台灣上百位政要「LINE紀錄」遭駭客入侵
https://reurl.cc/VEZxYY
上百名政要被駭客攻擊 民進黨團:恐涉及間諜組織
https://udn.com/news/story/6656/5632872?from=udn-ch1_breaknews-1-cate1-news
柯文哲LINE也出狀況 「只能收不能發」
https://www.ettoday.net/news/20210728/2042197.htm?from=amp_newslist
柯文哲自爆 LINE 帳號「故障災況」!直言:都假設全天下看得到
https://3c.ltn.com.tw/news/45342
政要LINE遭駭 人事總處︰資安考量用Juiker聯繫公務
https://news.ltn.com.tw/news/politics/breakingnews/3619389
傳百餘名政要LINE遭駭 立委要求NCC及法務部嚴查
https://money.udn.com/money/story/7307/5633234?from=edn_breaknewstab_index
金防部小兵把營區內清水溝片PO上抖音 遭陸軍以違反資安規定懲處
https://tw.appledaily.com/politics/20210728/4MAZBCLBIJBBNKDOMINQKK44RQ/
境外勢力滲透嚴重 調查局公開徵求國安微電影拍攝
https://udn.com/news/story/7321/5639501
針對有關盤點大陸廠牌資通訊產品(含軟體、硬體及服務)汰換與經費爭取,請詳如說明
https://cnc.ntut.edu.tw/p/404-1004-110610.php?Lang=zh-tw
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識 相關資安
Fortinet:惡意軟體與釣魚郵件攻擊幅度大增,OT業者資安挑戰加劇
https://www.techbang.com/posts/88747-fortinet-releases-2021-state-of-operational-technology-and
通訊架構/資訊安全雙管齊下 無人工廠運行IIoT自主防疫
https://www.2cm.com.tw/2cm/zh-tw/market/A401D4DAE5244DA48D08E636D3463761
Understanding and Minimizing HMI/SCADA System Security Gaps
https://www.automation.com/en-us/articles/july-2021/minimizing-hmi-scada-system-security-gaps
Industrial Networks Exposed Through Cloud-Based Operational Tech
https://threatpost.com/industrial-networks-exposed-cloud-operational-tech/168024/
President Biden Issues National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems
https://www.jdsupra.com/legalnews/president-biden-issues-national-3901424/
The Next Disruptive ICS Attack: 3 Likely Sources for Major Disruptions
https://securityboulevard.com/2021/07/the-next-disruptive-ics-attack-3-likely-sources-for-major-disruptions/
ICS Advisory (ICSA-21-210-01) Hitachi ABB Power Grids eSOMS
https://us-cert.cisa.gov/ics/advisories/icsa-21-210-01
ICS Advisory (ICSA-21-210-02) Wibu-Systems CodeMeter Runtime
https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02
ICS Advisory (ICSA-21-049-02) Mitsubishi Electric FA engineering software products (Update B)
https://us-cert.cisa.gov/ics/advisories/icsa-21-049-02
ICS Advisory (ICSA-21-208-02) Mitsubishi Electric GOT2000 series and GT SoftGOT2000
https://us-cert.cisa.gov/ics/advisories/icsa-21-208-02
ICS Advisory (ICSA-21-208-04) LCDS LAquis SCADA
https://us-cert.cisa.gov/ics/advisories/icsa-21-208-04
I.教育訓練
NAS 全攻略:不懂如何做 NAS 保安 ? 你的 NAS 保安主管 Security Counselor,為你檢查安全設定
https://hk.xfastest.com/125079/qnap-nas-security-counselor/
Cybrary: Free Cybersecurity Training and Career Development
https://www.cybrary.it/
Free Online Cybersecurity Courses (MOOCs)
https://www.cyberdegrees.org/resources/free-online-courses/
6.近期資安活動及研討會
2021農業開放資料論壇 8/1
https://www.accupass.com/event/2107140612063453095840
Water Cooler Conversation #28 by #TechLearnEng 8/3
https://www.meetup.com/tech-learn-en/events/279587758
BUiLT Paid into Tech 8/4
https://www.meetup.com/blacks-united-in-leading-technology-greater-china/events/279619371
搶攻 LINE OA 跨境招生潮 / 課程代號 LA3 8/10
https://www.accupass.com/event/2103310827012203476660
中華電信學院 創客智慧應用研習班 第三梯 8/10 ~ 8/11
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=349
PH Tech Community Leads Meetup #52: Phone me A Code - Game Night 8/13
https://www.meetup.com/Philippine-Tech-Community-Leaders/events/279778390
【創客小聚】物聯日常的崛起,Chatbot x IoT一網打盡! 8/14
https://www.accupass.com/event/2104231345071268826835
【Arm DevTalks 2021】當MCU遇上AI:Embedded ML大有可為 8/14
https://www.accupass.com/event/2107291203058890029980
第六屆臺灣好厲駭徵選活動 8 月 16 日(一)中午 12 點截止
https://isip.moe.edu.tw/wordpress/?p=2201
解鎖MarTech關鍵戰略 8/18
https://www.accupass.com/event/2107280956181066268985
中華電信學院 物聯網實作研習班 (3天班)第9梯 8/18 ~ 8/20
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=353
2021兒童邏輯程式營│不插電程式× Dash機器人 8/23 ~ 8/27
https://www.accupass.com/event/2104200927355518736600
【數位同步】資安事件處理與數位鑑識實務 8/23 ~ 8/24
https://college.itri.org.tw/course/all-events/A5D5BF91-59FC-40D5-BE97-B7FE58AD612E.html
聊天機器人開發-你的口袋電影百科 8/25
https://www.accupass.com/event/2107300457311258309333
學生計算機年會 SITCON 2021 9/4
https://sitcon.org/2021/
一日資訊人體驗 / 程式驅動 「資安工程師職涯體驗工作坊」 9/11
https://www.accupass.com/event/2103311106541674023956
中華電信學院 自主式移動機器人ROS開發實戰班 09/22、09/23、10/07、10/08
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=318
Golang Taipei Gathering #58 9/28
https://www.meetup.com/golang-taipei-meetup/events/277604159/
Cyber Defense Summit 2021 Oct. 4-7, 2021
https://summit.fireeye.com/
中華電信學院 委外廠商安全程式碼撰寫基礎測驗班 10/12
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=424
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=425
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=426
中華電信學院 樹莓派學開車,手把手實做人工智慧自駕車 板橋第四梯 10/21 ~ 10/22
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=317
2021 MOPCON 行動科技年會 10/23 ~ 10/24
https://www.accupass.com/event/2107211505081465802842
HITCON 2021 台灣駭客年會 11/26 ~ 11/27
https://kktix.com/events/hitcon-2021/
中華電信學院 委外廠商安全程式碼撰寫基礎測驗班 12/14
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=427
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=428
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=429
沒有留言:
張貼留言