###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/5/13 ~ 2024/5/17 1.重大弱點漏洞/後門/Exploit/Zero Day F5 BIG-IP Next Central Manager API (URI) 中存在安全性弱點 https://my.f5.com/manage/s/article/K000138733 https://www.cve.org/CVERecord?id=CVE-2024-26026 https://my.f5.com/manage/s/article/K000138732 https://www.cve.org/CVERecord?id=CVE-2024-21793 Citrix針對PuTTY用戶端元件漏洞提出警告，攻擊者有可能竊取虛擬化平臺的SSH金鑰 https://www.bleepingcomputer.com/news/security/citrix-warns-admins-to-manually-mitigate-putty-ssh-client-bug/ HP Aruba Networking修補路由器重大漏洞 https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt 微軟發佈5月份安全性公告 https://www.cisa.gov/news-events/alerts/2024/05/14/microsoft-releases-may-2024-security-updates https://msrc.microsoft.com/update-guide/releaseNote/2024-May 微軟發布5月份例行更新，修補3個零時差漏洞 https://www.ithome.com.tw/news/162875 Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days https://thehackernews.com/2024/05/microsoft-patches-61-flaws-including.html VMware修補單機PC虛擬化軟體的高風險漏洞 https://www.ithome.com.tw/news/162952 VMware修補虛擬化平臺在Pwn2Own 2024揭露的高風險漏洞 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 VMware Patches Severe Security Flaws in Workstation and Fusion Products https://thehackernews.com/2024/05/vmware-patches-severe-security-flaws-in.html 開源網路效能及配置管理框架Cacti存在重大漏洞，若不修補有可能被攻擊者用於執行任意程式碼 https://www.ithome.com.tw/news/162876 SAP修補CX Commerce、NetWeaver重大漏洞 https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-cx-commerce-netweaver/ Google修補Chrome漏洞CVE-2024-4761，與上一個零時差漏洞僅相隔不到一週 https://www.ithome.com.tw/news/162872 Chrome瀏覽器揭露與修補零時差漏洞CVE-2024-4671，Google證實漏洞濫用活動已經廣泛存在 https://www.ithome.com.tw/news/162822 Google發布Chrome 125新版，一週內修補3個零時差漏洞受到關注 https://www.ithome.com.tw/news/162904 Google 近日發布 Chrome 的安全公告 https://www.ithome.com.tw/news/162822 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-4671 Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability https://thehackernews.com/2024/05/google-patches-yet-another-actively.html Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability https://thehackernews.com/2024/05/chrome-zero-day-alert-update-your.html User Behavior Analytics application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7150844 The IBM QRadar SIEM Amazon Web Services protocol is vulnerable to a denial of service (CVE-2021-22569 ,CVE-2022-3171, CVE-2022-3509) https://www.ibm.com/support/pages/node/7150846 Security Bulletin: IBM QRadar SIEM is not vulnerable to CVE-2023-51767 https://www.ibm.com/support/pages/node/7152474 An IBM QRadar SIEM ArielRESTAPI protocol is vulnerable to Improper Validation (177835) https://www.ibm.com/support/pages/node/7152261 An IBM QRadar SIEM JDBC protocol is vulnerable to SQL injection (CVE-2024-1597) https://www.ibm.com/support/pages/node/7152260 An IBM QRadar SIEM SNMP protocol is vulnerable to a denial of service, SQL injection and could allow a remote attacker to execute arbitrary code on the system. https://www.ibm.com/support/pages/node/7152257 IBM QRadar SIEM protocols are vulnerable to information exposure and denial of service (CVE-2023-31582, CVE-2023-51775) https://www.ibm.com/support/pages/node/7152258 Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries https://thehackernews.com/2024/05/severe-vulnerabilities-in-cinterion.html Adobe Acrobat和Reader發布安全更新 https://helpx.adobe.com/security/products/acrobat/apsb24-29.html Adobe發布5月例行更新，修補PDF編輯工具、檢視器重大漏洞 https://www.securityweek.com/adobe-patches-critical-flaws-in-reader-acrobat/ Adobe發布5月例行更新，修補PDF編輯工具、檢視器，以及FrameMaker、Animate等多項應用程式漏洞 https://www.ithome.com.tw/news/162898 Intel發布5月例新更新，修補逾90個漏洞 https://www.securityweek.com/intel-publishes-41-security-advisories-for-over-90-vulnerabilities/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT https://thehackernews.com/2024/05/fin7-hacker-group-leverages-malicious.html 駭客組織FIN7透過惡意廣告散布木馬程式NetSupport RAT https://www.esentire.com/blog/fin7-uses-trusted-brands-and-sponsored-google-ads-to-distribute-msix-payloads 桑坦德銀行傳出資料外洩，影響智利、西班牙、烏拉圭客戶，起因是第三方供應商遭駭 https://www.santander.com/content/dam/santander-com/en/stories/contenido-stories/2024/statement.pdf 澳洲融資業者Firstmac資料外洩，傳出勒索軟體駭客組織Embargo對其出手 https://www.bleepingcomputer.com/news/security/largest-non-bank-lender-in-australia-warns-of-a-data-breach/ 初始入侵管道掮客IntelBroker聲稱竊得匯豐、巴克萊銀行資料庫、原始碼等敏感資料 https://www.hackread.com/intelbroker-hacker-hsbc-barclays-data-breach/ 5成企業大舉推動資安轉型，政府和金融業最積極 https://www.ithome.com.tw/article/162791 3.信用卡/電子支付/行動支付/pay/支付系統/資安 百貨公司APP綁卡遭盜刷 金管會要出招了 https://udn.com/news/story/7239/7969213 日本行動支付「PayPay」故障 年輕人崩潰：什麼都不能買 https://reurl.cc/YEEbl4 日本行動支付PayPay突大當機！ 網哀號：吃午餐沒帶錢包外出 https://ec.ltn.com.tw/article/breakingnews/4673372 第三方支付升格電支　候選名單增至7家業者 https://www.cardu.com.tw/news/detail.php?51634 iPASS MONEY怎麼儲值？操作設定一次看懂 https://today.line.me/tw/v2/article/QwL2Vj0 「TWQR」韓國購物超便利！ 加碼20%現金回饋優惠到年底 https://reurl.cc/Vzzg6N 全聯「全支付」才上線2年，就穩坐電子支付第三大 https://www.businessweekly.com.tw/business/blog/3015613 電子支付平台也缺人！北市開破千職缺　快遞員薪水開出64K https://tw.nextapple.com/life/20240512/4E671B2EF7DE9724AE791A9F7E637241 香港金管局明日公布擴大數字人民幣在港跨境試點詳情 https://hk.on.cc/hk/bkn/cnt/finance/20240516/bkn-20240516203044474-0516_00842_001.html 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 加密貨幣業者遭到北韓駭客鎖定，對方企圖植入惡意程式Durian https://thehackernews.com/2024/05/north-korean-hackers-deploy-new-golang.html 詐團與律師會計師聯手 北檢：涉虛擬幣洗錢逾千萬 https://udn.com/news/story/7321/7960293 帥網公要她投資虛擬幣　花蓮女領130萬面交...警搜圖拆穿騙局 https://www.ettoday.net/news/20240513/2737681.htm OKX 在澳洲推出虛擬貨幣交易所，提供現貨及衍生品交易 https://www.blocktempo.com/okx-launched-spot-and-derivatives-trading-in-australia/ 冥鈔當真鈔騙走百萬泰達幣 三男子被捕 https://hk.epochtimes.com/news/2024-05-15/65306667#google_vignette 假招人真騙投資虛擬貨幣 護理師等10人遭詐8百萬 https://udn.com/news/story/7315/7965813 BTC Asia大會話題探討：比特幣上到底要不要恢復OP_CAT https://m.cnyes.com/news/id/5565336 美厭女網紅泰特放棄法定貨幣 擬砸32億買比特幣 https://ec.ltn.com.tw/article/breakingnews/4674840 拜登下令關閉一家中國比特幣礦場，靠近美空軍基地 https://cn.nytimes.com/usa/20240514/bitcoin-mine-biden-ban/zh-hant/ 比特幣「大翻身」飆破 6.6 萬美元！分析師看好挑戰新高、上攻 8.4 萬 https://blockcast.it/2024/05/16/price-breakout-opens-the-way-for-btc-to-rally-84000-analyst-said/ Base：在線駭客馬拉松獎金總額為200枚ETH https://m.cnyes.com/news/id/5565899 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Windows遠端協助工具「快速助手」遭到濫用，駭客從事勒索軟體Black Basta攻擊行動 https://www.ithome.com.tw/news/162907 歐洲外交機關遭俄羅斯駭客Turla鎖定，植入後門程式LunarWeb、LunarMail https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/ 殭屍網路Ebury從2009年出現，迄今已感染40萬臺Linux主機 https://www.ithome.com.tw/news/162878 波蘭針對俄羅斯駭客APT28的惡意軟體攻擊提出警告，對方濫用雲端測試服務Mocky、Webhook，企圖迴避偵測 https://www.ithome.com.tw/news/162859 攻擊者藉由PyPI套件散布滲透測試框架Sliver，意圖在Mac電腦植入後門 https://blog.phylum.io/malicious-go-binary-delivered-via-steganography-in-pypi/ 美國針對勒索軟體駭客Black Basta攻擊行動升溫提出警告，起因疑為醫療系統Ascension遭遇攻擊，導致部分治療出現中斷 https://www.ithome.com.tw/news/162833 去年彩卷業者Ohio Lottery遭遇勒索軟體攻擊，影響逾53萬人 https://www.bleepingcomputer.com/news/security/ohio-lottery-ransomware-attack-impacts-over-538-000-individuals/ Mallox ranomware affiliate leverages PureCrypter in MS-SQL exploitation campaigns https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/ Ongoing Malvertising Campaign leads to Ransomware https://www.rapid7.com/blog/post/2024/05/13/ongoing-malvertising-campaign-leads-to-ransomware/ Ebury is alive but unseen: 400k Linux servers compromised for cryptotheft and financial gain https://www.welivesecurity.com/en/eset-research/ebury-alive-unseen-400k-linux-servers-compromised-cryptotheft-financial-gain/ Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign https://thehackernews.com/2024/05/kremlin-backed-apt28-targets-polish.html North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms https://thehackernews.com/2024/05/north-korean-hackers-deploy-new-golang.html Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia https://thehackernews.com/2024/05/black-basta-ransomware-strikes-500.html Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo https://thehackernews.com/2024/05/malicious-python-package-hides-sliver.html Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code https://thehackernews.com/2024/05/critical-flaws-in-cacti-framework-could.html Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years https://thehackernews.com/2024/05/ebury-botnet-malware-compromises-400000.html Cybercriminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks https://thehackernews.com/2024/05/cybercriminals-exploiting-microsofts.html North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign https://thehackernews.com/2024/05/north-korean-hackers-exploit-facebook.html China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT https://thehackernews.com/2024/05/china-linked-hackers-adopt-two-stage.html Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks https://thehackernews.com/2024/05/kimsuky-apt-deploying-linux-backdoor.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 蘋果針對舊版iOS、iPadOS、macOS作業系統，修補3月公布的零時差漏洞CVE-2024-23296 https://www.ithome.com.tw/news/162851 蘋果為新款iOS裝置加入眼球追蹤、防動暈及音樂觸覺等輔助功能 https://www.ithome.com.tw/news/162909 Android新增失竊偵測、防護功能 https://www.ithome.com.tw/news/162906 Google Android 15 Beta 2上線，新增隱私空間、遠端與AI防盜功能 https://www.4gamers.com.tw/news/detail/64615/google-android-15-beta-2-released Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials https://thehackernews.com/2024/05/malicious-android-apps-pose-as-google.html Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices https://thehackernews.com/2024/05/apple-and-google-launch-cross-platform.html Google Launches AI-Powered Theft and Data Protection Features for Android Devices https://thehackernews.com/2024/05/google-adds-ai-powered-theft-protection.html Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps https://thehackernews.com/2024/05/android-15-introduces-new-features-to.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 中共特工滲透／海外520活動 慎防國安漏洞 https://talk.ltn.com.tw/article/paper/1646175 臺灣後量子資安產業聯盟正式成立，凝聚產官學研能量，加速相關產業發展 https://www.ithome.com.tw/news/162922 澳洲電子處方箋業者MediSecure遭遇供應鏈攻擊，駭客加密檔案導致網站服務與電話中斷 https://www.bleepingcomputer.com/news/security/medisecure-e-script-firm-hit-by-large-scale-ransomware-data-breach/ 資安業者Zscaler傳出遭駭，該公司發布聲明否認，但承認有個無客戶資料的測試環境暴露在網際網路上 https://www.ithome.com.tw/news/162839 數百個英國新聞網站遭自稱來自俄羅斯的駭客破壞 https://therecord.media/newsquest-media-group-british-newspaper-websites-defaced 歐洲刑警組織證實入口網站遭駭，對方聲稱竊得內部機密文件 https://www.ithome.com.tw/news/162835 歐洲刑警組織證實入口網站遭駭，對方聲稱竊得員工資訊、原始碼、內部機密文件 https://www.ithome.com.tw/news/162835 臺灣飽受中國駭客網路攻擊，Google在臺揭露最新一波輿論影響行動，目的是干擾臺灣總統大選 https://www.ithome.com.tw/news/162870 美國揭露機器人電話駭客組織Royal Tiger https://www.bleepingcomputer.com/news/security/fcc-reveals-royal-tiger-its-first-tagged-robocall-threat-actor/ 美國聯邦通訊委員會揭露機器人電話駭客組織Royal Tiger，意圖打擊當地報稅季語音網釣氾濫的現象 https://www.ithome.com.tw/news/162910 Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines https://thehackernews.com/2024/05/researchers-uncover-11-security-flaws.html FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity https://thehackernews.com/2024/05/fbi-seizes-breachforums-again-urges.html 資訊安全處-銀行資安專家 https://www.104.com.tw/job/87tuf?jobsource=n104bank2 資訊安全人員 https://www.104.com.tw/job/75fy2?jobsource=n104bank2 資訊安全處/資訊安全處組長 https://www.104.com.tw/job/8bngm?jobsource=n104bank2 資訊安全工程師 https://www.104.com.tw/job/8714y?jobsource=n104bank2 資訊安全科資安管理專員 https://www.104.com.tw/job/5k18l?jobsource=n104bank2 資訊安全合規審查人員 https://www.104.com.tw/job/7jjn1?jobsource=n104bank2 資訊安全技術管理師 https://www.104.com.tw/job/7g1j4?jobsource=n104bank2 資訊安全主管 https://www.104.com.tw/job/859sa?jobsource=n104bank2 資訊安全管理師 https://www.104.com.tw/job/7fzb1?jobsource=n104bank2 研究員（資訊管理或資訊安全專長） https://www.104.com.tw/job/8bn7c?jobsource=n104bank2 資訊安全顧問 https://www.104.com.tw/job/7hysk?jobsource=n104bank2 資訊安全管理人員(資訊安全部) https://www.104.com.tw/job/7ryjz?jobsource=n104bank2 (兼職) ISO/IEC 27001 資訊安全管理系統主導稽核員 https://www.104.com.tw/job/81254?jobsource=n104bank2 資訊安全管理稽核員/客戶經理Information Security (ISO 27001) Auditor https://www.104.com.tw/job/kyb5?jobsource=n104bank2 資訊部門-資訊安全防禦專家 https://www.104.com.tw/job/7bxt2?jobsource=n104bank2 資訊安全管理人員(資訊部) https://www.104.com.tw/job/6xzmh?jobsource=n104bank2 資訊安全管理人員(資訊部) https://www.104.com.tw/job/88x1q?jobsource=n104bank2 資訊部-資訊安全管理師 https://www.104.com.tw/job/8bmmg?jobsource=n104bank2 資訊安全管理師 https://www.104.com.tw/job/7g1jp?jobsource=n104bank2 資訊安全管理部-資安治理人員 https://www.104.com.tw/job/7uwyd?jobsource=n104bank2 資安人員 https://www.104.com.tw/job/5f21g?jobsource=n104bank2 資安維運工程師 https://www.104.com.tw/job/7o8cc?jobsource=n104bank2 資訊-資安/IT服務工程師(高雄路竹科學園區/海外地區)#新廠擴編徵才 https://www.104.com.tw/job/83uc8?jobsource=googlejobs D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 芬蘭首都赫爾辛基市教育部門傳出資料外洩，未經授權人士利用已知漏洞得到網路磁碟存取權限 https://www.ithome.com.tw/news/162854 韓國法院傳出大量民眾個資遭北韓駭客竊取，但大多數遭竊資料沒有留底，而難以確認受影響範圍 https://www.ithome.com.tw/news/162834 針對Dell資料外洩事故，駭客宣稱濫用合作夥伴入口網站API得逞 https://www.ithome.com.tw/news/162825 Google Cloud誤刪澳洲大型用戶雲端基礎架構，導致用戶資料遺失與服務中斷 https://www.ithome.com.tw/news/162849 故宮數位圖檔外洩疑雲調查結果出爐，證實問題出在承辦人員不該將高階圖檔上傳至可提供對外服務的伺服器 https://www.ithome.com.tw/news/162837 雲端專案管理平臺Monday.com特定共享功能遭到濫用，攻擊者用於網路釣魚攻擊 https://www.bleepingcomputer.com/news/security/mondaycom-removes-share-update-feature-abused-for-phishing-attacks/ 針對去年密西西比州醫療保健系統Singing River Health System遭遇勒索軟體攻擊，調查發現資料外洩範圍擴大，近90萬人受影響 https://www.securityweek.com/900k-impacted-by-data-breach-at-mississippi-healthcare-provider/ 日本汽車大廠日產北美分公司去年遭駭，逾5.3萬歷任員工資料外洩 https://www.bleepingcomputer.com/news/security/nissan-north-america-data-breach-impacts-over-53-000-employees/ 別再設這組數字！人們最愛4字密碼是「它」 0000僅排第三 https://reurl.cc/LWlbvL 中共懲戒 5 名嘴 林楚茵：傳遞對台有管轄權的錯假訊息 https://news.owlting.com/articles/696794 Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls https://thehackernews.com/2024/05/ongoing-campaign-bombarded-enterprises.html Dutch Court Sentences Tornado Cash Co-Founder to 5 Years in Prison for Money Laundering https://thehackernews.com/2024/05/dutch-court-sentences-tornado-cash-co.html E.研究報告/工具 DNS隧道遭到濫用，駭客用來進行網路掃描、追蹤攻擊目標 https://unit42.paloaltonetworks.com/three-dns-tunneling-campaigns/ New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs https://thehackernews.com/2024/05/new-xm-cyber-research-80-of-exposures.html Leveraging DNS Tunneling for Tracking and Scanning https://unit42.paloaltonetworks.com/three-dns-tunneling-campaigns/ What's the Right EDR for You https://thehackernews.com/2024/05/whats-right-edr-for-you.html Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models https://thehackernews.com/2024/05/researchers-uncover-llmjacking-scheme.html New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation https://thehackernews.com/2024/05/new-tunnelvision-attack-allows.html Why You Should Consider Leveraging Your Python Skills to Code Securely on Blockchain https://thehackernews.com/videos/2024/05/why-you-should-consider-leveraging-your.html 6 Mistakes Organizations Make When Deploying Advanced Authentication https://thehackernews.com/2024/05/6-mistakes-organizations-make-when.html MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices https://thehackernews.com/2024/05/mitre-unveils-emb3d-threat-modeling.html Why You Should Consider Leveraging Your Python Skills to Code Securely on Blockchain https://thehackernews.com/videos/2024/05/why-you-should-consider-leveraging-your.html The 2024 Browser Security Report Uncovers How Every Web Session Could be a Security Minefield https://thehackernews.com/2024/05/the-2024-browser-security-report.html (Cyber) Risk = Probability of Occurrence x Damage https://thehackernews.com/2024/05/get-cyber-resilient-with-cvss.html It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure https://thehackernews.com/2024/05/its-time-to-master-lift-shift-migrating.html GitHub Abuse Flaw Shows Why We Can't Shrug Off Abuse Vulnerabilities in Security https://thehackernews.com/expert-insights/2024/05/github-abuse-flaw-shows-why-we-cant.html F.商業 Palo Alto Networks將收購IBM QRadar SaaS資產，與IBM建立廣泛的合作關係 https://www.ithome.com.tw/news/162914 SIEM解決方案供應商LogRhythm、Exabeam宣布合併 https://www.ithome.com.tw/news/162936 VMware開放個人免費使用Workstation Pro與Fusion Pro https://www.ithome.com.tw/news/162908 Akamai將以4.5億美元併購API資安業者Noname https://www.ithome.com.tw/news/162771 數聯資安：AI助攻，自動化資安聯防決策效率提升90% https://www.eettaiwan.com/express/issdu-cybersec-ai-20240516/ 奧義智慧與NTT-AT合作 共築臺日數位安全生態圈 https://www.ctimes.com.tw/DispNews-tw.asp?O=HK85GAJ3D82SAA00NG 中華電資安輸出海外 進軍美洲、東南亞 https://udn.com/news/story/7240/7968897 中華電信攜手勤業眾信與資安院 共同探討韌性政府：建構上雲策略與資安防護 https://www.cht.com.tw/home/cht/messages/2024/0516-1800 G.政府 賴清德準總統公開承諾，新政府仍將繼續支持資安產業發展 https://www.ithome.com.tw/news/162873 蔡英文總統連續6年親臨臺灣資安大會，臺灣資安產值去年突破740億元 https://www.ithome.com.tw/news/162862 台灣推動“資安即國安”戰略美台聯手“數位團結” https://www.voacantonese.com/a/taiwan-s-cybersecurity-conference-20240516/7614445.html 參觀資安大會有感 蕭美琴：讓台灣新創產業上架世界 https://reurl.cc/nNv56D 行政院通過打詐專法，Google、Meta等網路廣告平臺未盡防詐義務最高開罰2,500萬元，嚴重者可限制流量或阻擋連結 https://www.ithome.com.tw/news/162783 台灣520就職典禮在即　網路侵擾案件與年初相比增加約150萬次 https://www.taiwannews.com.tw/zh/news/5688122 數位部成立後量子資安產業聯盟 3主軸推動業務 https://www.fountmedia.io/article/223786 淡水馬偕攜手新北市調處　簽署資安聯防合作備忘錄 https://www.ettoday.net/news/20240516/2740235.htm 新世代打擊詐欺策略行動綱領1.5版 https://www.ey.gov.tw/Page/5A8A0CB5B41DA11E/d6bb7d87-3e54-44ca-a4ad-3f11d329338d H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 研究人員揭露GE HealthCare超音波醫療設備漏洞，並指出能被用於部署惡意程式、搜刮病人檢查結果 https://www.ithome.com.tw/news/162951 西門子、三菱電機、江森自控、Rockwell發布5月份工控系統資安公告 https://www.securityweek.com/ics-patch-tuesday-advisories-published-by-siemens-rockwell-mitsubishi-electric/ 研究人員公布D-Link EXO AX4800路由器零時差漏洞的概念性驗證程式碼 https://ssd-disclosure.com/ssd-advisory-d-link-dir-x4860-security-vulnerabilities/ Cinterion工控數據機存在漏洞，攻擊者有機會透過簡訊執行任意程式碼 https://usa.kaspersky.com/about/press-releases/2024_kaspersky-identifies-significant-security-risks-in-widely-used-cinterion-modems CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now https://thehackernews.com/2024/05/cisa-warns-of-actively-exploited-d-link.html New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks https://thehackernews.com/2024/05/new-wi-fi-vulnerability-enabling.html I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 6.近期資安活動及研討會 Just a chat - with no Expectations 2024/5/18 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/300693121/ The 3rd Ann! WordPress Taoyuan 午茶/晚餐小聚三週年！ Linner Meetup #36 2024/5/18 https://www.meetup.com/taoyuan-wordpress-meetup/events/300449447/ 【補助課程諮詢】AIoT智慧物聯網邊緣運算與資安實戰 2024/5/19 https://www.accupass.com/event/2404120334053507827320 Taipei dbt Meetup #24 for all folks working with data! (Hybrid 👫 + 🧑‍💻) 2024/5/19 https://www.meetup.com/taipei-dbt-meetup/events/300586249/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/5/21 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygchbcc/ 掌握雲端安全 整合AI創新趨勢 - 提升企業資安 全方位高效防護策略 2024/5/22 https://www.accupass.com/event/2404240613046556674540 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/5/22 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702425/ 國家高速網路與計算中心 教育訓練 NVIDIA 物理模擬計算 2024/5/22 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4091&from_course_list_url=homepage HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/5/23 https://www.meetup.com/hackingthursday/events/psspctygchbfc/ 資安長零信任的第一堂課（五月場）2024/5/23 https://jamf.kktix.cc/events/applexjamf-2 【安碁學苑】資安職能培訓｜系統網路安全管理師 2024/5/24 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-4 2024離島盃資安競賽 2024/5/25 https://shieldx.kktix.cc/events/outlying 【資安工作坊】數位鑑識工作坊：數位劍士 - 快...還要更快 2024/5/25 https://hackersir.kktix.cc/events/forensics-240525 Just a chat - with no Expectations 2024/5/25 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygchbhc/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/5/28 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygchblc/ Learning Reimagined: AI in Action 2024/5/30 https://www.meetup.com/taipei-education-technology-meetup-group/events/300695401/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/5/30 https://www.meetup.com/hackingthursday/events/psspctygchbnc/ FineEvent 2024台灣帆軟用戶大會【數智．新趨勢】 2024/5/31 https://www.accupass.com/event/2404100159056749078620 資通安全概論--中區--考前複習班 2024/6/4 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X22767 國家高速網路與計算中心 教育訓練 粒子式電漿電磁模擬軟體VSim進階課程 2024/6/6 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4104&from_course_list_url=homepage 國家高速網路與計算中心 教育訓練 NVIDIA 大語言應用 2024/6/19 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4093&from_course_list_url=homepage Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/6/26 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702428/ AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 https://www.accupass.com/event/2401100729511706489107 國家高速網路與計算中心 教育訓練 RSC The Merck Index資料庫中文線上 2024/7/4 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4105&from_course_list_url=homepage 國家高速網路與計算中心 教育訓練 ABAQUS基礎訓練課程 2024/7/9 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4099&from_course_list_url=homepage InfoSec Taiwan 2024 國際資安組織大會 2024/7/9 https://csa.kktix.cc/events/infosectaiwan2024 CraftCon Taiwan 奧義 AI 資安年會 2024/7/12 https://www.accupass.com/event/2404221057531664149101 【第1期】2024企業資訊安全基礎課程 2024/7/17 https://www.accupass.com/event/2402020448251773447860 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/7/24 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702433/ 國家高速網路與計算中心 教育訓練 NVIDIA GPU 計算 2024/7/24 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4094&from_course_list_url=homepage AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 ~ 2024/8/9 https://www.accupass.com/event/2401100729511706489107 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/8/28 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702435/