###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/7/1 ~ 2024/7/5 1.重大弱點漏洞/後門/Exploit/Zero Day 思科針對網路設備作業系統NX-OS零時差漏洞提出警告，中國駭客Velvet Ant將其用於散布惡意軟體 https://www.ithome.com.tw/news/163736 CVE-2024-20399 https://nvd.nist.gov/vuln/detail/CVE-2024-20399 思科針對網路設備作業系統NX-OS零時差漏洞提出警告，中國駭客Velvet Ant將其用於散布惡意軟體 https://www.ithome.com.tw/news/163736 Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware https://thehackernews.com/2024/07/chinese-hackers-exploiting-cisco.html China-Nexus Threat Group ‘Velvet Ant’ Exploits Cisco Zero-Day (CVE-2024-20399) to Compromise Nexus Switch Devices – Advisory for Mitigation and Response https://www.sygnia.co/threat-reports-and-advisories/china-nexus-threat-group-velvet-ant-exploits-cisco-0-day/ Cisco NX-OS Software CLI Command Injection Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices https://thehackernews.com/2024/06/china-linked-hackers-infiltrate-east.html OpenSSH嚴重漏洞「regreSSHion」現身：恐使百萬伺服器面臨遠端操控威脅 https://www.techbang.com/posts/116561-opensshregresshion 開源加密程式庫OpenSSH存在RCE漏洞regreSSHion，攻擊者有機會藉此在Linux作業系統取得root權限 https://www.ithome.com.tw/news/163737 New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems https://thehackernews.com/2024/07/new-openssh-vulnerability-could-lead-to.html https://www.openssh.com/releasenotes.html https://security-tracker.debian.org/tracker/CVE-2024-6387 https://www.securityweek.com/millions-of-openssh-servers-potentially-vulnerable-to-remote-regresshion-attack/ https://thehackernews.com/2024/07/new-openssh-vulnerability-could-lead-to.html https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://www.computing.co.uk/news/4329906/critical-vulnerability-openssh-uncovered-affects-linux-systems https://unsafe.sh/go-248104.html https://github.com/openssh/openssh-portable/commit/81c1099d22b81ebfd20a334ce986c4f753b0db29 https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html https://www.openwall.com/lists/oss-security/2024/07/01/1 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://github.com/openssh/openssh-portable/commit/752250caabda3dd24635503c4cd689b32a650794 https://ubuntu.com/security/notices/USN-6859-1 Splunk Enterprise存在多個高風險弱點 https://nvd.nist.gov/vuln/detail/CVE-2024-36997 https://advisory.splunk.com/advisories/SVD-2024-0717 https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c https://nvd.nist.gov/vuln/detail/CVE-2024-36991 https://advisory.splunk.com/advisories/SVD-2024-0711 https://research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa https://nvd.nist.gov/vuln/detail/CVE-2024-36984 https://advisory.splunk.com/advisories/SVD-2024-0704 https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae https://nvd.nist.gov/vuln/detail/CVE-2024-36982 https://advisory.splunk.com/advisories/SVD-2024-0702 https://nvd.nist.gov/vuln/detail/CVE-2024-36983 https://advisory.splunk.com/advisories/SVD-2024-0703 https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae https://nvd.nist.gov/vuln/detail/CVE-2024-36985 https://advisory.splunk.com/advisories/SVD-2024-0705 https://research.splunk.com/application/8598f9de-bba8-42a4-8ef0-12e1adda4131 https://nvd.nist.gov/vuln/detail/CVE-2024-36989 https://advisory.splunk.com/advisories/SVD-2024-0709 https://research.splunk.com/application/4b7f368f-4322-47f8-8363-2c466f0b7030 Splunk修補旗下產品的高風險漏洞 https://www.securityweek.com/splunk-patches-high-severity-vulnerabilities-in-enterprise-product/ Apache Kafka存在高風險弱點CVE-2024-32030 https://nvd.nist.gov/vuln/detail/CVE-2024-32030 https://github.com/provectus/kafka-ui/commit/83b5a60cc08501b570a0c4d0b4cdfceb1b88d6b7#diff-37e769f4709c1e78c076a5949bbce7d 36 https://github.com/provectus/kafka-ui/pull/4427 https://securitylab.github.com/advisories/GHSL-2023-229_GHSL-2023-230_kafka-ui/ Magento / Adobe Commerce CVE-2024-34102 https://github.com/bigb0x/CVE-2024-34102 駭客組織8220鎖定Oracle WebLogic伺服器已知漏洞而來，透過PowerShell指令碼散布挖礦軟體 https://www.trendmicro.com/en_us/research/24/f/water-sigbin-xmrig.html 8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining https://thehackernews.com/2024/06/8220-gang-exploits-oracle-weblogic.html Windows 上的 Wi-Fi 漏洞可能允許駭客遠端接管電腦 https://www.kocpc.com.tw/archives/552617 Windows Error Reporting Service存在高風險安全漏洞(CVE-2024-26169) https://tp2rc.tanet.edu.tw/node/859 Microsoft resumes the rollout of botched KB5039302 Windows 11 update https://www.neowin.net/news/microsoft-resumes-the-rollout-of-botched-kb5039302-windows-11-update/ Windows 10明年終止支援，資安業者推漏洞修補服務，費用僅微軟ESU的1/4 https://www.ithome.com.tw/news/163795 針對微軟今年1月遭遇俄羅斯駭客APT29攻擊的資安事故，多個美國政府機關組織傳出獲報要進行弱點修補、密碼更新 https://www.ithome.com.tw/news/163794 GitLab存在重大漏洞，攻擊者可冒用任意用戶身分執行Pipeline工作流程 https://www.ithome.com.tw/news/163728 GitLab CE/EE存在多個高風險弱點 https://nvd.nist.gov/vuln/detail/CVE-2024-5655 https://hackerone.com/reports/2536320 https://gitlab.com/gitlab-org/gitlab/-/issues/465862 https://nvd.nist.gov/vuln/detail/CVE-2024-6323 https://gitlab.com/gitlab-org/gitlab/-/issues/457912 https://nvd.nist.gov/vuln/detail/CVE-2024-4901 https://hackerone.com/reports/2500163 https://gitlab.com/gitlab-org/gitlab/-/issues/461773 GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others https://thehackernews.com/2024/06/gitlab-releases-patch-for-critical-cicd.html CVE-2024-28995: SolarWinds Serv-U Path/Directory Traversal Vulnerability Exploited in the Wild https://www.tenable.com/blog/cve-2024-28995-solarwinds-serv-u-path-directory-traversal-vulnerability-exploited-in-the-wild VMware vCenter Server存在高風險安全漏洞(CVE-2024-37079與CVE-2024-37080) https://ic.cgu.edu.tw/p/16-1016-112896.php?Lang=zh-tw Dell iDRAC9存在高風險弱點CVE-2024-25943 https://nvd.nist.gov/vuln/detail/CVE-2024-25943 https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability IBM InfoSphere Information Server存在高風險弱點CVE-2024-28798 https://nvd.nist.gov/vuln/detail/CVE-2024-28798 https://exchange.xforce.ibmcloud.com/vulnerabilities/287172 https://www.ibm.com/support/pages/node/7158439 CISA針對地理位置資訊伺服器GeoServer、Linux核心、郵件伺服器Roundcube遭到利用的漏洞提出警告 https://www.cisa.gov/news-events/alerts/2024/06/26/cisa-adds-three-known-exploited-vulnerabilities-catalog Dev rejects CVE severity, makes his GitHub repo read-only https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/amp/ Juniper Networks 發布了一個Junos OS：SRX 系列的安全更新 https://supportportal.juniper.net/s/article/2024-07-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-Specific-valid-traffic-leads-to-a-PFE-crash-CVE-2024-21586?language=en_US Juniper Networks Releases Critical Security Update for Routers https://thehackernews.com/2024/07/juniper-networks-releases-critical.html Juniper releases out-of-cycle fix for max severity auth bypass flaw https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/juniper-releases-out-of-cycle-fix-for-max-severity-auth-bypass-flaw/amp/ Juniper Networks緊急修補重大層級身分驗證繞過漏洞CVE-2024-2973 http://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973 Juniper Networks Session Smart Router 存在高風險弱點CVE-2024-2973 https://nvd.nist.gov/vuln/detail/cve-2024-2973 https://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973?language=en_US Zyxel NAS存在多個高風險弱點 https://nvd.nist.gov/vuln/detail/CVE-2024-29972 https://nvd.nist.gov/vuln/detail/CVE-2024-29973 https://nvd.nist.gov/vuln/detail/CVE-2024-29974 https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024 MongoDB存在高風險弱點CVE-2024-6376 https://nvd.nist.gov/vuln/detail/CVE-2024-6376 https://jira.mongodb.org/browse/COMPASS-7496 新型態Intel處理器漏洞Indirector恐曝露敏感資料 https://thehackernews.com/2024/07/new-intel-cpu-vulnerability-indirector.html New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data https://thehackernews.com/2024/07/new-intel-cpu-vulnerability-indirector.html Twilio修補外洩Authy帳戶資料的安全漏洞 https://www.ithome.com.tw/news/163769 存在已知漏洞的HFS檔案伺服器遭到鎖定，攻擊者試圖植入惡意程式或將其用於挖礦 https://www.ithome.com.tw/news/163797 2.銀行/金融/保險/證券/金融監理 新聞及資安 券商與看盤軟體App合作 資安疑慮引金管會注意 https://reurl.cc/ZeL4oQ 第一金證金融資安情資分享 獲特優 https://www.ctee.com.tw/news/20240702700195-439901 中國工商銀行的美國子公司遭到駭客攻擊後 無奈之下用U盤處理交易 https://reurl.cc/Wx9pD7 金融科技時代下的荒野大鏢客 https://ec.ltn.com.tw/article/breakingnews/4721991 金融業上雲鬆綁　資安迎利多 https://finance.ettoday.net/news/2770691 證交所辦理「證券商資安防護申報專區」及反詐騙宣導說明會 https://www.ctee.com.tw/news/20240703701839-430201 越南線上交易「刷臉」門檻7月生效 專家示警1事不妙 https://www.chinatimes.com/amp/realtimenews/20240704005264-260408 研究人員針對鎖定拉丁美洲的金融木馬Mekotio提出警告，相關攻擊行動大幅增加 https://www.ithome.com.tw/news/163798 Mekotio Banking Trojan Threatens Financial Systems in Latin America https://www.trendmicro.com/en_us/research/24/g/mekotio-banking-trojan.html https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/g/mekotio/mekotio-banking-trojan-threatens-financial-systems-in-latin-america.txt 3.信用卡/電子支付/行動支付/pay/支付系統/資安 信用卡遭綁線上支付盜刷10多萬　銀行：有通過OTP驗證須繳納 https://www.ftvnews.com.tw/news/detail/2024630F06M1 民眾被盜刷10幾萬要買單! 銀行:有走完正常綁卡程序 https://today.line.me/tw/v2/article/PG17kWr 悠遊卡公司例行性資訊設備擴充或調整維護通知 https://www.easycard.com.tw/new?cls=2&id=1719296819 街口可掃TWQR了！650萬用戶即日起「跨平台支付」　還可綁定信用卡 https://finance.ettoday.net/news/2768519 香港深水埗餐廳用電子支付額外收費惹熱議 網民反建議可咁做！ 原來八達通公司有咁嘅規例 https://reurl.cc/Ze68Wp 金管會電子支付三大鬆綁Q4上路　開放電支可綁定這三大平台 https://tw.nextapple.com/finance/20240628/52FCA944B0CEF580FEE5A139F77534AB Meta's 'Pay or Consent' Approach Faces E.U. Competition Rules Scrutiny https://thehackernews.com/2024/07/metas-pay-or-consent-approach-faces-eu.html 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 鏈游工作室Farcana：某個FAR錢包遭駭客攻擊，所有CEX存款都將被凍結 https://news.cnyes.com/news/id/5611504 鏈游工作室Farcana錢包遭遇攻擊 https://news.cnyes.com/news/id/5611499 Mt. Gox 下月起償還 14 萬枚 BTC！比特幣聞訊「退守 6.1 萬美元」關卡 https://blockcast.it/2024/06/24/mt-gox-to-begin-repayments-in-july-btc-slides-under-62k/ 日本DMM交易所遭駭，那Binance、Bitcoin、Ftrade安全嗎 https://home.gamer.com.tw/artwork.php?sn=5956104 0x2E9開頭巨鯨11小時前從OKX交易所提取總計2410個MKR https://www.panewslab.com/zh_hk/sqarticledetails/o6wrxajdFt.html 從比特幣看資金動能，挖礦熱潮再起加重電力需求: 台達電、康舒、台積電、中興電、亞力 https://news.cnyes.com/news/id/5619062 用LINE就可查錢包交易所！XREX推反詐錢包查詢工具，下一階段目標是什麼 https://web3plus.bnext.com.tw/article/2746 如何緝捕色情偷拍網站不法金流？區塊鏈金融犯罪調查師陳梅慧：區塊鏈本質就是反洗錢，公開透明特性容易追蹤犯罪 https://tfc-taiwan.org.tw/articles/10750 蘋果 AppStore 上的假加密錢包耗盡了用戶的錢 https://reurl.cc/MOKMrm 法官駁回了 SEC 關於 BNB 銷售構成證券分配的主張 https://reurl.cc/9vmbM8 Beosin：2024年上半年Web3領域因駭客攻擊等造成的總損失達15.4億美元 https://www.panewslab.com/zh_hk/sqarticledetails/sos5gp71Ft.html 價值超1.2億美元的代幣將在本周解鎖，其中SUI解鎖約5070萬美元 https://news.cnyes.com/news/id/5620717 高利率被動收入安全嗎？ 綠葉收益來源、優缺點完整介紹 https://www.blocktempo.com/what-is-the-lending-function-of-bitfinex-background-introduction-advantages-and-disadvantages-security-current-issues-all-sorted-out/ 2024年上半年Web3領域因駭客攻擊等造成的總損失達到了15.4億美元 https://news.cnyes.com/news/id/5620578 簡單回顧「交易所一哥」Mt. Gox興衰史：三載輝煌與十年贖罪 https://www.panewslab.com/zh_hk/articledetails/v7b40mclFt.html Polkadot上半年財務報告：支出達8,700萬美元，金庫約有兩年資金儲備 https://www.panewslab.com/zh_hk/sqarticledetails/gtbh9s8bFt.html Coinbase賺很大！美司法部支付3200萬美元，委託其提供比特幣託管與交易服務 https://www.blocktempo.com/us-marshals-service-choose-coinbase-to-safeguard-trade-its-large-cap-crypto-assets/ 保險平台 Athena Ins 推出針對 DeFi 的去中心化保險 https://news.cnyes.com/news/id/5623104 Base鏈上Gas總消耗量接近1.5萬枚ETH，用戶位址數突破1500萬 https://www.panewslab.com/zh_hk/sqarticledetails/2a1ygi4sFt.html 華爾街大多頭Tom Lee：仍看好比特幣今年衝上15萬鎂，BTC每年漲幅多集中在10天內 https://www.blocktempo.com/tom-lee-says-btc-will-have-pretty-sharp-rebound/ OKX 歐易交易所評價、安全嗎？16 種投資工具大解密，輕鬆上手一鍵賺幣 https://womany.net/articles/33151/amp Bankless：繼ZKsync和Blast空投後，這四個頭部L2值得關注 https://www.odaily.news/zhtw/post/5196494 派盾：2024年上半年，加密領域200多起重大駭客攻擊導致約15.6億美元損失 https://news.cnyes.com/news/id/5624439 Bittensor：PyPi軟體包漏洞引發駭客攻擊，正與交易平台合作追回資金 https://news.knowing.asia/news/66f440ed-ff45-4322-9a43-245fde264e90 自動交易機器人真能賺錢？Bump豪砸700萬元實測，差點爆倉賠光光 https://www.blocktempo.com/can-automated-trading-robots-really-make-money/ 比特幣摔至兩個月來新低 專家估回測51,000美元 https://www.moneydj.com/funddj/ya/yp050000.djhtm?a=5de966b0-0815-4dbf-895a-d8412ed43975 比特幣跌至兩個月低點 失守5.9萬美元關卡 https://reurl.cc/MOleoK Mt. Gox 錢包轉移 27 億美元 BTC！比特幣續跌摜破 5.6 萬美元 https://blockcast.it/2024/07/05/bitcoin-dips-below-57000-as-mt-gox-starts-moving-btc-from-its-cold-storage/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 癱瘓CDK Global系統的兇手為BlackSuit勒索軟體，提出高達數千萬美元的贖金要求 https://www.ithome.com.tw/news/163608 勒索軟體駭客組織RansomHub鎖定多種平臺發動攻擊，VMware虛擬化平臺是他們的新興標的 https://www.ithome.com.tw/news/163627 勒索軟體傷錢又傷神 衝擊企業資安和員工心情 https://www.technice.com.tw/techmanage/infosecurity/120883/ 南韓電信商KT被控在用戶電腦植入惡意程式，該公司宣稱是為了限制檔案分享流量 https://www.ithome.com.tw/news/163713 查看軟體開發人員職缺資訊要小心！研究人員揭露間諜軟體MerkSpy攻擊行動，駭客散播可濫用已知MSHTML漏洞Word檔作為網路釣魚誘餌 https://www.ithome.com.tw/news/163723 智慧電視會被駭客攻擊或感染病毒嗎 https://www.kocpc.com.tw/archives/553852 新木馬病毒肆虐！39億支安卓手機中鏢 三星、小米成重災區 https://reurl.cc/ZexYyQ 新型木馬「Rafel RAT」嚴重肆虐　三星、小米、ViVo、華為全遭殃 https://www.ctwant.com/article/347223/ 南韓電信公司以惡意程式感染自家用戶，受害人數達 60 萬 https://netmag.tw/2024/07/03/korean-telecom-infects-600000-users 韓國ERP系統的更新伺服器遭到供應鏈攻擊，北韓駭客Andariel藉此散布惡意程式 https://www.ithome.com.tw/news/163784 勒索軟體駭客組織Volcano Demon使用惡意程式LukaLocker加密檔案，並藉由撥打電話向受害組織勒索 https://www.halcyon.ai/blog/halcyon-identifies-new-ransomware-operator-volcano-demon-serving-up-lukalocker 惡意程式FakeBat藉由偷渡式下載植入受害電腦 https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/ 研究人員針對間諜軟體攻擊行動提出警告，對方假借提供安卓應用程式散布惡意軟體CapraRAT https://www.ithome.com.tw/news/163764 印度軟體開發業者遭遇供應鏈攻擊，旗下產品安裝檔被植入竊資軟體 https://www.ithome.com.tw/news/163760 駭客冒充以色列政府機關及企業組織，意圖散布惡意程式GrassHopper https://harfanglab.io/en/insidethelab/supposed-grasshopper-operators-impersonate-israeli-gov-private-companies-deploy-open-source-malware/ 歐美執法單位拿下近600臺用於網路犯罪的Cobalt Strike伺服器 https://www.ithome.com.tw/news/163768 木馬程式Orcinius透過假造的VBA程式碼進行散布 https://www.ithome.com.tw/news/163762 北韓駭客組織Kimsuky散布惡意Chrome延伸套件TransLatext，針對韓國學術機構竊取帳密資料 https://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia 印尼臨時國家資料中心遭到網路攻擊，傳出是勒索軟體駭客組織Brain Cipher所為 https://www.bleepingcomputer.com/news/security/meet-brain-cipher-the-new-ransomware-behind-indonesia-data-center-attack/ 印度軟體開發業者遭遇供應鏈攻擊，旗下產品安裝檔被植入竊資軟體 https://www.rapid7.com/blog/post/2024/06/27/supply-chain-compromise-leads-to-trojanized-installers-for-notezilla-recentx-copywhiz/ 駭客組織Unfurling Hemlock在受害電腦投放多種惡意程式進行轟炸 https://outpost24.com/blog/unfurling-hemlock-cluster-bomb-campaign/ 資安業者SentinelOne發布3年追蹤APT駭客組織的調查，證實勒索軟體具備分散注意力的效果 https://www.ithome.com.tw/news/163807 TeslaCrypt 4.0: Bigger, Badder and Unbreakable https://www.infosecurity-magazine.com/news/teslacrypt-40-bigger-badder/ Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads https://thehackernews.com/2024/06/rust-based-p2pinfect-botnet-evolves.html 冒牌IT技術支援網站假借提供PowerShell指令碼「解決」Windows更新錯誤，意圖散布竊資軟體Vidar Stealer https://www.ithome.com.tw/news/163741 冒牌IT技術支援網站假借提供PowerShell指令碼「修補」Windows臭蟲，並透過YouTube頻道散布 https://www.esentire.com/blog/fake-it-support-website-leading-to-vidar-infection Fake IT support sites push malicious PowerShell scripts as Windows fixes https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/fake-it-support-sites-push-malicious-powershell-scripts-as-windows-fixes/amp/ Indian Software Firm's Products Hacked to Spread Data-Stealing Malware https://thehackernews.com/2024/07/indian-software-firms-products-hacked.html Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware Tool https://thehackernews.com/2024/07/microsoft-mshtml-flaw-exploited-to.html FakeBat Loader Malware Spreads Widely Through Drive-by Download Attacks https://thehackernews.com/2024/07/fakebat-loader-malware-spreads-widely.html South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware https://thehackernews.com/2024/07/south-korean-erp-vendors-server-hacked.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 iOS 18「密碼」 App 的 6 個功能特色 https://applefans.today/2024-ios-18-password-app-features/#google_vignette AirPods安全漏洞恐遭駭客入侵竊聽 蘋果急呼籲：快更新 https://reurl.cc/XGKAaR 3G網路關閉 NCC提醒民眾檢視手機功能 https://www.tssdnews.com.tw/?FID=13&CID=748440#google_vignette 手機用戶如「楚門的世界」　上網隱私赤裸裸被當商品販售 https://rwnews.tw/article.php?news=16121 300萬iOS App驚傳「安全性漏洞」！個資、信用卡恐遭駭客竊取 https://www.ettoday.net/news/20240703/2769938.htm 熱門相依管理工具CocoaPods存在漏洞，恐波及數百萬個macOS與iOS程式 https://www.ithome.com.tw/news/163758 開原碼軟體 CocoaPods 驚爆漏洞 所有 iOS 與 Mac 用戶將陷於供應鏈攻擊風險 https://netmag.tw/2024/07/05/cocoapods-vulnerability-threatens-ios-and-mac-users Google發布7月份安卓例行更新，修補25個安全弱點 https://source.android.com/docs/security/bulletin/2024-07-01 300 萬個 iOS / macOS 熱門 App 受害！CocoaPods 重大漏洞引發供應鏈攻擊 https://technews.tw/2024/07/03/critical-flaws-in-cocoapods-expose-ios-and-macos-apps-to-supply-chain-attacks/ 300萬iOS App驚傳「安全性漏洞」！駭客恐輕鬆竊個資、信用卡 https://www.setn.com/News.aspx?NewsID=1493447&utm_campaign=viewallnews&p=0 三星用戶快更新！Android系統有安全漏洞 恐盜個資、控制手機操作 https://tech.udn.com/tech/story/123151/8073583?from=udn_ch1024_menu_v2_main_index Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability https://www.mobile-hacker.com/2024/06/17/exfiltrate-sensitive-user-data-from-apps-on-android-12-and-13-using-cve-2024-0044-vulnerability/?fbclid=IwZXh0bgNhZW0CMTEAAR2aiRKEtAPdP63VbtP19VKlaJ-AqpaSuGKjZuLnTZR34TxAo-WM-KHCIc4_aem_XUP9fLxcRwg7Vu1Hw6c9QQ#google_vignette Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks https://thehackernews.com/2024/07/critical-flaws-in-cocoapods-expose-ios.html CapraRAT Spyware Disguised as Popular Apps Threatens Android Users https://thehackernews.com/2024/07/caprarat-spyware-disguised-as-popular.html Samas Ransom CnC Beacon | Ransomware - Targets iPhone User/s https://otx.alienvault.com/pulse/6682f76d3fd0e477ba909de7 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 驊訊：公司部份資訊系統遭受駭客網路攻擊事件之說明 https://today.line.me/tw/v2/article/PG1D5rV 三總內湖院區網路當機 掛號、看診一度停擺 https://reurl.cc/RqZNgD OpenAI 被爆去年遭駭客入侵！前員工質疑資安力不足，恐讓中國竊取資料 https://www.inside.com.tw/article/35511-open-ai-security-breach OpenAI 內部對話外洩，駭客入侵竊取 AI 技術機密 https://buzzorange.com/techorange/2024/07/05/openais-intetrnal-ai-details-stolen-in-2023-breach/ 資安分析師供不應求 備好技能成搶手人才 https://www.technice.com.tw/techmanage/infosecurity/121708/ 怎麼是簡體中文？　互動機台遭疑「資安問題」 https://today.line.me/tw/v2/article/DRQXQqp 港專系統2月被黑客入侵勒索 受影響人數增至逾8100人 https://www.881903.com/news/local/2531729 音效晶片供應商驊訊傳出部分資訊系統遭到網路攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=174218&SPOKE_DATE=20240703&COMPANY_ID=6237 歐洲最大雲端服務供應商揭露自身面臨的大規模DDoS攻擊，這些惡意流量竟源自近十萬臺MikroTik路由器 https://www.ithome.com.tw/news/163775 TeamViewer疑遭俄羅斯駭客駭入，但強調產品未受影響 https://www.ithome.com.tw/news/163714 TeamViewer Detects Security Breach in Corporate IT Environment https://thehackernews.com/2024/06/teamviewer-detects-security-breach-in.html 2024臺灣AD防護現況大公開，兩家本土資安業者持續示警，呼籲企業重視多種管理設定不當引發的風險 https://www.ithome.com.tw/news/163711 台積電供應商資安研討會 近500間供應商響應 https://today.line.me/tw/v2/article/qoJ9mYy 果核分享資安菜鳥到資深的經驗歷程，並深度剖析詐騙犯罪新趨勢 https://www.ithome.com.tw/pr/163625 資安威脅增 5月事件通報數創近2年新高 https://www.rti.org.tw/news/view/id/2211231 以色列企業組織成駭客利用滲透測試框架Donut、Sliver下手的目標 https://harfanglab.io/en/insidethelab/supposed-grasshopper-operators-impersonate-israeli-gov-private-companies-deploy-open-source-malware/ Polyfill供應鏈攻擊事故受害規模擴大，對方同時運用至少8個網域，至少有30萬個網站受害 https://www.ithome.com.tw/news/163742 針對俄羅斯駭客APT29入侵微軟內部郵件系統的事故，該公司警告恐有更多用戶受到波及 https://www.ithome.com.tw/news/163735 Niconico遭駭後...母公司角川集團開安顧問職缺惹議 網疑：薪水少個0 https://game.udn.com/game/amp/story/122089/8063191 全球掀不見血戰爭 6網攻腳本解密中國駭客 https://vip.udn.com/vip/story/122607/8050350 KADOKAWA 公開抗議網路爆料 批評刊登駭客威脅是「助長犯罪」 https://gnn.gamer.com.tw/detail.php?sn=269816 香港機場航班手寫白板事件 當局稱非駭客入侵 https://www.rti.org.tw/news/view/id/2210609 南韓國情院警告韓國民 赴中用「VPN」恐遭公安單方面搜查手機、筆電 https://reurl.cc/Gj25WG 駭客攻破 Cisco 和 Fortinet 防火牆！卻是美國政府的密謀 https://www.cyberhunter.com.tw/cisco-fortinet-firewall-equationgroup-nsa/ 資安公司：中國資助駭客團體加強攻擊台灣多個組織 https://www.rti.org.tw/news/view/id/2210651 史無前例規模！疑中共支持駭客組織　猛攻台灣光電、人臉辨識公司 https://tw.nextapple.com/international/20240624/EC17E2C83528D2F7771CDFA5E998B46F 「不流血戰爭」 大規模網攻威脅巴黎奧運 駭客攻擊將比東京奧運增8-12倍 https://reurl.cc/ZeL4Xp 紐時：中國網軍新策略 攻擊旅美異見作家子女 https://www.cna.com.tw/news/aopl/202406270270.aspx 中共信息部隊偷師美軍 專家：落後至少10年 https://www.epochtimes.com/b5/24/6/29/n14280445.htm 陸版間諜家家酒？矽谷加大員工安全審查 防範陸滲透竊密 https://www.chinatimes.com/realtimenews/20240701001508-260409?ctrack=pc_main_rtime_p01&chdtv 中國大陸國安部：網友社交平台發文　竟無意間為間諜衛星「指了路」 https://www.ettoday.net/news/20240630/2767762.htm 強化網安聯防 防堵中共駭客網攻 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1690341 中國網攻新戰略 私營公司成秘密武器 https://news.ltn.com.tw/news/world/breakingnews/4722404 駭客從歐洲中國發動攻擊 對準全球企業政府 https://reurl.cc/kOAGXG 中國監管網暴新規8月實施　加強管理網路直播等 https://www.ettoday.net/news/20240701/2768619.htm 中國駭客計畫規模龐大 FBI：已超越所有對手總和 https://reurl.cc/OMWxVr 挪威逮為中共情蒐男子 擋下北京覬覦的北極圈小島 https://m.secretchina.com/news/b5/2024/07/04/1064810.html 日防衛省首份AI運用方針 列7 領域 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1689644 澳洲逮捕對航班旅客進行名為Evil Twin的Wi-Fi無線網路攻擊的嫌犯 https://www.bleepingcomputer.com/news/security/australian-charged-for-evil-twin-wifi-attack-on-plane/ 加拿大路由器製造商客戶窗口傳出遭駭，填寫表單的用戶被要求強制更新Metamask加密貨幣錢包帳號 https://www.bleepingcomputer.com/news/security/router-makers-support-portal-hacked-replies-with-metamask-phishing/ Google to Begin Blocking Entrust Certificates in Chrome This November 2024 https://hacknews.tech/google-to-begin-blocking-entrust-certificates-in-chrome-this-november-2024 Chinese Cyberspies Employ Ransomware in Attacks for Diversion https://www.bleepingcomputer.com/news/security/chinese-cyberspies-employ-ransomware-in-attacks-for-diversion/ Chinese State Actors Use Ransomware to Conceal Real Intent https://www.infosecurity-magazine.com/news/chinese-state-ransomware-conceal/ TeamViewer Credits Network Segmentation for Rebuffing APT29 Attack https://www.darkreading.com/cyberattacks-data-breaches/teamviewer-network-segmentation-apt29-attack Microsoft maintains AI services in Hong Kong, as OpenAI curbs API access from China https://www.scmp.com/tech/big-tech/article/3268233/microsoft-maintains-ai-services-hong-kong-openai-curbs-api-access-china?fbclid=IwZXh0bgNhZW0CMTEAAR3N7cUwHGlalrdpqByZcvWym04YoI3qsoj1UQKJcQlI8MGjrtwbgldFTKQ_aem_aubQGDMQ_JrwbmH7_TnShw Israeli Entities Targeted by Cyberattack Using Donut and Sliver Frameworks https://thehackernews.com/2024/07/israeli-entities-targeted-by.html Global Police Operation Shuts Down 600 Cybercrime Servers Linked to Cobalt Strike https://thehackernews.com/2024/07/global-police-operation-shuts-down-600.html 雲端資安維運工程師 https://www.104.com.tw/job/8882z?jobsource=google 資安檢測工程師 https://www.104.com.tw/job/8dggd?jobsource=google 台北-資安分析工程師（組長） https://www.104.com.tw/job/8dhbi?jobsource=google 113年度法務部調查局資安工作站高級資安分析師 2名、資安分析師1名甄選公告 https://www.mjib.gov.tw/news/Details/2/1013 暖暖 資安專員(相關經驗者薪資可議) https://www.104.com.tw/job/8apnq?jobsource=google 資安開發工程師-ACSI https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E9%96%8B%E7%99%BC%E5%B7%A5%E7%A8%8B%E5%B8%AB-acsi-at-acer-3960173132/?originalSubdomain=tw 雲端資安實習生(台中)-AEB https://www.linkedin.com/jobs/view/%E9%9B%B2%E7%AB%AF%E8%B3%87%E5%AE%89%E5%AF%A6%E7%BF%92%E7%94%9F-%E5%8F%B0%E4%B8%AD-aeb-at-acer-3960167575/?originalSubdomain=tw 資安駐點工程師-ACSI https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E9%A7%90%E9%BB%9E%E5%B7%A5%E7%A8%8B%E5%B8%AB-acsi-at-acer-3960172148/?originalSubdomain=tw 資訊工程師(新竹) https://www.104.com.tw/job/8dlfc?jobsource=google 【資訊科技】資安技術人員(內稽內控) https://www.1111.com.tw/job/98820223/ 《實習》資訊安全處-資安實習生 https://bankrecruit.sinopac.com/jobDetail/?jobId=JOB0000416 【總公司】資訊副理/經理 https://www.104.com.tw/job/87up5?jobsource=google 台北-資安分析師 https://www.104.com.tw/job/8dhbi?jobsource=google 自衛隊新增新類別資安自衛官＝明年起設置、防衛省人才新戰略 https://www.nippon.com/hk/news/yjj2024070200457/ 資安稽核管理師 https://job.taiwanjobs.gov.tw/internet/index/JobDetail.aspx?R2=11&EMPLOYER_ID=821951&HIRE_ID=12876495 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 溫泉露營地訂房網站個資外洩 消費者遭詐28萬提告 https://www.chinatimes.com/amp/realtimenews/20240628002645-260402 注意！詐騙新三寶「萌娃、寵物、幫投票」，遠傳：LINE上設陷阱 竟用廣告3B原理 https://www.techbang.com/posts/115403-note-scam-the-new-three-treasures-cute-babies-pets-and-help 公共Wi-Fi 免費無線網路暗藏個資外洩危機！掌握4招確保上網安全 https://3c.ltn.com.tw/news/58649 駭客怎樣駭入Facebook私人賬戶的多種方法 https://vocus.cc/article/66782eb9fd897800016cb8f6 【如何防範詐騙郵件】小心陌生Mail、釣魚信件讓企業損失百萬 https://techops.digiwin.com/what-is-phishing-email-bec/ 從傳統釣魚到進階手法，企業如何應對新型郵件攻擊 https://www.openfind.com.tw/taiwan/news_detail.php?news_id=10339 青鳥傳詐騙 網紅現身社運不單純 https://www.pinview.com.tw/News/28478.html 「寄生帳號」盜臉書！駭客轉手賣出　1組帳號輕鬆賺破萬 https://www.setn.com/News.aspx?NewsID=1491970 駭客「寄生帳號」盜臉書　賣出賺破萬 https://www.mirrormedia.mg/external/setn_1491970 網絡釣魚攻擊嚴重　HKCERT 用 AI 偵測網址及自動清理 https://www.pcmarket.com.hk/hkcert-uses-ai-automatically-clean-phishing-attacks/#google_vignette 高雄兵馬俑特展涉統戰 互動軟體恐洩人臉生物特徵 https://reurl.cc/jWKa0y 高雄科工館兵馬俑展 議員張博洋曝拍人臉遊戲恐爆「資安疑慮」 https://news.ltn.com.tw/news/politics/breakingnews/4721793 高雄兵馬俑展也淪為統戰媒介！　基進黨警告：人臉拍照有資安疑慮 https://today.line.me/tw/v2/article/Gg6mZXP 兵馬俑展「用中國軟體」爆資安疑慮 科工館緊急回應 https://udn.com/news/story/6656/8066604 高雄兵馬俑展資安疑慮涉統戰？　沈伯洋揭2關鍵 https://www.ettoday.net/news/20240701/2768677.htm 國家級駭客近3個月發動大規模網釣攻擊行動，對方鎖定超過十種類型產業的高階主管為主要目標，超過4萬人受害 https://www.ithome.com.tw/news/163727 新竹女遭愛情騙子詐3百萬　報案揪中國男反被嗆「抓不到」 https://www.setn.com/News.aspx?NewsID=1491971 俄駭客「午夜暴雪」再出手」！ 微軟信箱被駭：對客戶變臉詐騙 https://blog.udn.com/2c726d35/180767516 微軟擴大警告俄羅斯駭客事件的可能受害用戶 https://www.ithome.com.tw/news/163735 女保全為3萬賣帳戶「害人被騙2400萬」 法院要她全賠 https://news.ttv.com.tw/news/11307010014100N/amp 從傳統釣魚到進階手法，企業如何應對新型郵件攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11123 照亮暗網：保護您的資料和聲譽 https://teamt5.org/tw/posts/shining-a-light-on-the-dark-web-protecting-your-data-and-reputation/ 匈牙利的線上詐騙如何在短短六個月內下降 30% https://dailynewshungary.com/zh-TW/how-online-fraud-in-hungary-dropped-by-30-in-just-six-months-video/ 角川集團遭駭客綁架勒索贖金　1.5TB數據含創作者、員工個資外洩 https://game.ettoday.net/article/2769121.htm 以太坊基金會電子郵件被黑，駭客推廣Lido質押釣魚騙局 https://news.cnyes.com/news/id/5623255 一級方程式賽車的主管機關FIA驚傳資料外洩，駭客藉由網釣攻擊取得電子郵件帳號的存取權限 https://www.ithome.com.tw/news/163781 6月下旬推出的macOS版ChatGPT應用程式傳出以明文存放對話內容，恐曝露用戶隱私 https://www.ithome.com.tw/news/163782 保德信金融集團證實今年2月的資料外洩事故波及逾250萬人，傳出是勒索軟體駭客組織BlackCat所為 https://www.bleepingcomputer.com/news/security/prudential-financial-now-says-25-million-impacted-by-data-breach/ 三竹資訊將併簡訊王！ 一次駭客勒索 反促成同業整合 https://money.udn.com/money/story/5612/8072569 Authy 2FA應用程序泄露可能被用於短信釣魚的電話號碼 https://news.cnyes.com/news/id/5624763 研究人員解析竊資軟體偷到的資料，找到3千名涉及兒童性虐待人士的資料 https://www.recordedfuture.com/caught-in-the-net-using-infostealer-logs-to-unmask-csam-consumers 角川集團個資外洩之亂延燒，部分受害 Vtuber 出奇招應對 https://today.line.me/tw/v2/article/oq2YlPo Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights https://thehackernews.com/2024/07/australian-man-charged-for-fake-wi-fi.html Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data https://thehackernews.com/2024/06/kimsuky-using-translatext-chrome.html Brazil Halts Meta's AI Data Processing Amid Privacy Concerns https://thehackernews.com/2024/07/brazil-halts-metas-ai-data-processing.html Twilio's Authy App Breach Exposes Millions of Phone Numbers https://thehackernews.com/2024/07/twilios-authy-app-breach-exposes.html E.研究報告/工具 採用 OPNsense 開源防火牆打造橫跨 IT/OT 的堅強防護 https://www.slideshare.net/slideshow/opnsense-it-ot/269904978 研究人員揭露生成式AI越獄手法Skeleton Key https://www.microsoft.com/en-us/security/blog/2024/06/26/mitigating-skeleton-key-a-new-type-of-generative-ai-jailbreak-technique/ How MFA Failures are Fueling a 500% Surge in Ransomware Losses https://thehackernews.com/2024/07/how-mfa-failures-are-fueling-500-surge.html Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors https://thehackernews.com/2024/06/combatting-evolving-saas-kill-chain-how.html New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities https://thehackernews.com/2024/06/new-snailload-attack-exploits-network.html Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment https://thehackernews.com/2024/06/researchers-warn-of-flaws-in-widely.html The Secrets of Hidden AI Training on Your Data https://thehackernews.com/2024/06/the-secrets-of-hidden-ai-training-on.html Qtip: Connect Windows Azure VM to Azure SQL DB using Managed Identity https://reurl.cc/5v9Rlq Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework https://github.com/CICADA8-Research/RemoteKrbRelay End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities https://thehackernews.com/2024/07/end-to-end-secrets-security-making-plan.html The Emerging Role of AI in Open-Source Intelligence https://thehackernews.com/2024/07/the-emerging-role-of-ai-in-open-source.html F.商業 敦陽科技推新世代MDR服務 六大特色助企業強化端點防護力 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11125 定承資訊成為Stratus台灣代理商 聯手推動系統零中斷解決方案 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000695727_I9485E0M1EIFKE8COUQ8K 強化SASE資安防護力，思科跨入SSE安全存取應用 https://www.ithome.com.tw/review/160782 Google 推出 Project Naptime：利用大型語言模型進行自動化漏洞研究 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11121 Akamai 加倍投資 API 安全性，完成收購 Noname Security https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11126 Sophos調查顯示 76%公司增強網路安全防禦以符合網路保險要求 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11124 領先業界揭露全球60%漏洞！ 趨勢科技助企業防止資料外洩、降低財物損失 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11122 敦陽科技推新世代MDR服務 六大特色助企業強化端點防護力 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11125 NetApp混合雲驅動資料革命 發掘企業營運潛力 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000696181_DUB2ABQK7SBLQG25VUDLZ 混合型企業面臨的四大挑戰！Check Point為各大「資安長」提出因應之道 https://reurl.cc/9vK0A8 Proton發表全程加密的文件編輯服務Docs in Proton Drive https://www.ithome.com.tw/news/163806 G.政府 欣桃天然氣導入VMware解決方案推數位化轉型，提升服務效率、實現永續目標 https://reurl.cc/9vmDLV 精進全方位偵蒐技能　調查局辦無人機偵蒐大賽獲好評 https://www.ftnn.com.tw/news/258214 常看A片恐洩政治立場 沈伯洋：網路心理測驗也有風險 https://reurl.cc/Gj2zMx 沈伯洋「A片監控說」惹議　蔣萬安露靦腆笑：我第一次聽到這說法 https://www.ettoday.net/news/20240701/2768215.htm 綠委沈伯洋示警翻牆看A片「被中國掌握」？資安專家：扯太遠 https://www.worldjournal.com/wj/story/121218/8065090 沈伯洋稱翻牆看A片可監控政治立場？ 資安專家：扯太遠了 https://udn.com/news/story/6656/8065069 推動零信任架構加速資安轉型，臺北市府今年內釋出AI使用規範 https://www.ithome.com.tw/news/163669 調查局揭中共8滲透樣態 假合作真控制挖角台科技人才 https://www.epochtimes.com/b5/24/7/3/n14282956.htm 調查局分析8類中共滲透樣態 湄洲媽祖廟成手段之一 https://www.cna.com.tw/news/aipl/202407030159.aspx 駭客集團鎖定我國家關鍵設施攻擊 調查局、可寧衛簽署MOU https://news.ltn.com.tw/news/politics/breakingnews/4725114 資安通報創新高、變嚴重 政府防駭速度卻跟不上 公部門缺近七百資安人力 為何只招六人 https://www.businesstoday.com.tw/article/category/183027/post/202407030035/ 中國駭客「紅色茱麗葉」攻台 資安署證實有機關遭網攻 https://ec.ltn.com.tw/article/breakingnews/4725314 行政院宣布通過資安法修正草案，納管機關若遭遇重大資安事故須配合調查，若不配合最高可罰百萬 https://www.ithome.com.tw/news/163804 政院提修法資安稽核範圍納總統府與5院 4大重點一次看 https://www.cna.com.tw/news/aipl/202407040201.aspx 政院修資安法 不配合調查可罰百萬 https://udn.com/news/story/6656/8074641 資安法修正案 納管特定非公務機關 資安事件拒查 可罰100萬 https://www.ctee.com.tw/news/20240705700117-439901 強化資安管理政院大修法 公務機關、竹科、台電等須設資安長 https://udn.com/news/story/7243/8074697 黃國昌續追光電標案，質疑軍方用華為路由器；軍備局證實，將懲罰廠商 https://www.thenewslens.com/article/204841 軍備局證實陸軍營區使用華為路由器　將懲罰廠商 https://rwnews.tw/article.php?news=16201 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 台灣無人機戰略　面臨供應鏈挑戰 https://hk.crntt.com/doc/1600/2/2/2/160022238.html?coluid=7&kindid=0&docid=160022238&mdate=0624105325 研究人員針對西門子修補的SICAM設備漏洞提出警告，若不修補有可能被用於針對能源產業攻擊 https://www.nycu.edu.tw/it/ch/app/data/view?module=nycu0129&id=4054&serno=e0fe8ad7-cc0f-437b-bd55-e39873c0efc5 今年初公布的D-Link無線路由器DIR-859重大層級資訊洩漏漏洞傳出遭到利用，駭客用來收集裝置的帳密資訊 http://www.greynoise.io/blog/perma-vuln-d-link-dir-859-cve-2024-0769 Rockwell Automation旗下人機介面系統PanelView Plus存在重大漏洞，攻擊者能藉由上傳惡意DLL發動RCE攻擊 https://thecyberexpress.com/microsoft-rce-dos-exploits-found-in-rockwell/ Mirai-like Botnet Targets Zyxel NAS Devices in Europe for DDoS Attacks https://hackread.com/mirai-botnet-zyxel-nas-devices-europe-ddos-attacks/ Fortinet調查：OT系統網路攻擊持續增加 縮短回復時間成關鍵 https://www.ctimes.com.tw/DispNews/tw/%E8%B3%87%E5%AE%89/OT/Fortinet/2407021530BI.shtml Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus https://thehackernews.com/2024/07/microsoft-uncovers-critical-flaws-in.html I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 ISO 27001：2022資訊安全管理系統主導稽核員訓練 2024/7/8 ~ 2024/7/12 https://www.accupass.com/event/2403090707238144555890 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/7/9 https://www.meetup.com/taiwan-code-camp/events/301731506/ 國家高速網路與計算中心 教育訓練 ABAQUS基礎訓練課程 2024/7/9 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4099&from_course_list_url=homepage 思科中小企業資安防護座談會 2024/7/10 https://www.accupass.com/event/2405310744321719028648 InfoSec Taiwan 2024 國際資安組織大會 2024/7/9 ~ 2024/7/11 https://csa.kktix.cc/events/infosectaiwan2024 Taipei dbt Meetup #25 for all folks working with data! (Hybrid 👫 + 🧑‍💻)2024/7/11 https://www.meetup.com/taipei-dbt-meetup/events/301357571/ Airflow Taiwan User Meetup #15 feats Taipei dbt 2024/7/11 https://www.meetup.com/taipei-py/events/301356454/ .NET / Java 安全程式開發達人集訓班 2024/7/11 ~ 2024/7/12 https://www.accupass.com/event/2405280149081202805431 CraftCon Taiwan 奧義 AI 資安年會 2024/7/12 https://www.accupass.com/event/2404221057531664149101 電子資訊交換標準共識座談會 2024/7/16 https://www.accupass.com/event/2406241046006788745940 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/7/16 https://www.meetup.com/taiwan-code-camp/events/301873079/ Elastic Stack (ELK) 智能平台：從高效能 AI 搜索到全面監控與安全防護 2024/7/17 https://www.accupass.com/event/2406180701341855640550 【第1期】2024企業資訊安全基礎課程 2024/7/17 https://www.accupass.com/event/2402020448251773447860 資訊安全系列課程 2024/7/17 - 2024/11/9 https://www.accupass.com/event/2404290752591014846953 台灣駭客年會 HITCON Training 2024 2024/7/17-2024/7/20 https://hitcon.kktix.cc/events/hitcon-training-2024 電子簽章（名）法人金融應用法規與實務研討會 2024/7/19 https://www.accupass.com/event/2406240243517254896540 Taoyuan WordPress Café 桃園咖啡小聚 #38 2024/7/20 https://www.meetup.com/taoyuan-wordpress-meetup/events/301729248/ 微軟MVP - 關於生成式AI的兩三事 2024/7/22 https://www.meetup.com/rladies-taipei/events/301812934/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/7/23 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygckbfc/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/7/24 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702433/ 國家高速網路與計算中心 教育訓練 NVIDIA GPU 計算 2024/7/24 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4094&from_course_list_url=homepage 國際自動化協會臺灣分會：資安驗證與場域評估專業聚會 2024/7/25 https://isatw.kktix.cc/events/isa-2024q3-isasecure-1 HITCON Cyber Range 2024 企業藍隊競賽 2024/7/26 ~ 2024/10/30 https://hitcon.kktix.cc/events/hitcon-cyberrange-2024 【安碁學苑】資安職能培訓｜系統網路安全管理師 2024/7/27 ~ 2024/8/24 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-4 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/7/30 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygckbnc/ FinTech Summer CAMP 2024/8/5 ~ 2024/8/9 https://isipevent.kktix.cc/events/f2ce8bcc-copy-6 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/8/28 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702435/ 第二屆台南Web3產業國際博覽會 TAINAN WEB3 INTERNATIONAL FAIR 2024/10/18 https://www.accupass.com/event/2406150525111725753130 HITCON Enterprise 2024 台灣駭客年會 2024/10/30 https://hitcon.kktix.cc/events/hitcon-ent-2024