資安事件新聞週報 2023/10/2 ~ 2023/10/6

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2023/10/2 ~ 2023/10/6 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco發佈 Catalyst SD-WAN Manager 安全更新 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z 思科SD-WAN系統出現漏洞，攻擊者有可能遠端存取伺服器 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z 思科VPN又爆新漏洞！美日聯合警告思科路由器韌體被改寫 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10730 思科網路設備作業系統IOS、IOS XE存在零時差漏洞，已被用於攻擊行動 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-getvpn-rce-g8qR68sx 思科修補Emergency Responder寫死root帳密的漏洞 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9 Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems https://thehackernews.com/2023/10/cisco-releases-urgent-patch-to-fix.html 微軟SharePoint今年上半被挖出身分驗證繞過漏洞，有廠商發展出概念驗證程式，進一步證實可行性 https://starlabs.sg/blog/2023/09-sharepoint-pre-auth-rce-chain/ 微軟修補Edge、Teams、Skype開源程式庫的零時差漏洞 https://msrc.microsoft.com/blog/2023/10/microsofts-response-to-open-source-vulnerabilities-cve-2023-4863-and-cve-2023-5217/ Windows 11佈景主題RCE漏洞ThemeBleed有可能被用於發動RCE攻擊 https://exploits.forsale/themebleed/ Trend Micro 近期發布更新，以解決多個產品的安全性弱點 https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US 趨勢科技Apex One和Worry-Free Business Security第三方防毒解除安裝模組任意代碼執行弱點 https://nvd.nist.gov/vuln/detail/CVE-2023-41179 Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7043471?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7042313?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E They’ve begun: Attacks exploiting vulnerability with maximum 10 severity rating (CVE-2023-40044) https://arstechnica.com/security/2023/10/active-attacks-exploiting-ws_ftp-pose-a-grave-threat-to-the-internet/ Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch https://thehackernews.com/2023/10/warning-pytorch-models-vulnerable-to.html CISA Warns of Active Exploitation of JetBrains and Windows Vulnerabilities https://thehackernews.com/2023/10/cisa-warns-of-active-exploitation-of.html Atlassian修補DevOps協作平臺Confluence漏洞，已出現濫用弱點的攻擊行動 https://jira.atlassian.com/browse/CONFSERVER-92475 Atlassian Confluence Hit by New Actively Exploited Zero-Day – Patch Now https://thehackernews.com/2023/10/atlassian-confluence-hit-by-newly.html 積極被利用的 libwebp關鍵零日漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10731 繼Moveit漏洞！Progress Software再爆WS_FTP漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10732 WS_FTP伺服器存在重大漏洞，攻擊者有可能用來遠端執行任意程式碼 https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 Google Chrome推出Safe Browsing功能並協作AI安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10721 Linux系統出現root權限可能被奪取的漏洞，影響多個分支版本 https://www.bleepingcomputer.com/news/security/new-looney-tunables-linux-bug-gives-root-on-major-distros/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so#potential-impact-of-looney-tunables https://access.redhat.com/security/cve/CVE-2023-4911 https://www.debian.org/security/2023/dsa-5514 https://ubuntu.com/security/notices/USN-6409-1 Supermicro的基板管理控制器漏洞恐導致伺服器遭到RCE攻擊 https://www.securityweek.com/new-supermicro-bmc-vulnerabilities-could-expose-many-servers-to-remote-attacks/ AI模型模組管理工具TorchServe存在漏洞ShellTorch，可被攻擊者用於執行任意程式碼 https://www.oligo.security/blog/shelltorch-torchserve-ssrf-vulnerability-cve-2023-43654 高通發布十月份例行更新，修補GPU、DSP驅動程式的零時差漏洞 https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2023-bulletin.html Looney Tunables漏洞恐讓攻擊者取得root權限，影響多個版本Linux電腦 https://www.bleepingcomputer.com/news/security/new-looney-tunables-linux-bug-gives-root-on-major-distros/ 資料處理軟體OpenRefine存在Zip Slip漏洞，攻擊者有可能藉此執行任意程式碼 https://www.sonarsource.com/blog/openrefine-zip-slip/ 資料整合及自動化工具Apache NiFi漏洞出現概念性驗證攻擊程式碼 https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/ 5年前的JBoss RichFaces漏洞被用於攻擊行動 https://www.securityweek.com/cisa-warns-of-old-jboss-richfaces-vulnerability-being-exploited-in-attacks/ 逾3百萬臺Exim郵件伺服器曝露在尚未修復的零時差漏洞 https://www.zerodayinitiative.com/advisories/ZDI-23-1469/ https://www.bleepingcomputer.com/news/security/millions-of-exim-mail-servers-exposed-to-zero-day-rce-attacks/ 2.銀行/金融/保險/證券/金融監理新聞及資安逾50家越南銀行用戶遭安卓金融木馬GoldDigger鎖定 https://www.group-ib.com/blog/golddigger-fraud-matrix/ GoldDigger Android Trojan Targets Banking Apps in Asia Pacific Countries https://thehackernews.com/2023/10/golddigger-android-trojan-targets.html 兆豐金創公股之先與調查局簽署「國家資安聯防MOU」 https://reurl.cc/karELL 兆豐金資安聯防大升級 https://money.udn.com/money/story/5613/7482152 法務部調查局與兆豐金融控股股份有限公司簽署國家資通安全聯防與情資分享合作備忘錄 https://www.mjib.gov.tw/news/Details/1/918 3.信用卡/電子支付/行動支付/pay/支付系統/資安 Silent Skimmer: A Year-Long Web Skimming Campaign Targeting Online Payment Businesses https://thehackernews.com/2023/10/silent-skimmer-year-long-web-skimming.html 孫正義下個金雞母、街口前進日本也靠它！5年變日本行動支付龍頭，PayPay怎麼做到 https://reurl.cc/GK4Eby 最速日本街頭實測！街口即日起支援日本 PayPay QR code 支付 https://www.inside.com.tw/article/32971-jkopay-japan-paypay 人行副行長：陸行動支付普及率達86％居全球第一 https://www.chinatimes.com/realtimenews/20231001001382-260409?chdtv 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安一家美國鄉村銀行的倒閉實錄：加密開始在銀行業「殺豬」 https://www.blocktempo.com/a-12-million-request-to-cover-a-crypto-scam-sank-a-bank-ceo/ ZachXBT：駭客用SIM卡交換攻擊friend.tech，獲234枚ETH https://reurl.cc/a4LGr7 用戶資金恐將遭受損失！Stars Arena存在嚴重漏洞 https://news.knowing.asia/news/98bfbe1c-e2ed-4490-8cbd-123bbf3a60c4 一年內利用跨鏈交易洗錢的非法加密資產規模達到創紀錄的70億美元 https://news.cnyes.com/news/id/5340620?exp=a FTX 前高管爆料：公司曾收到百萬美元空投卻渾然不知，駭客大概率是內部員工 https://zombit.info/former-ftx-executive-once-found-millions-of-dollars-of-airdrops-that-the-exchange-didnt-know-about/ 被 FTX 駭客用來兌換 5.6 萬枚 ETH！THORSwap 不忍了：暫停交易 https://blockcast.it/2023/10/06/thorswap-pauses-platform-after-series-of-ftx-hack-linked-funds-passed-through/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 電信業者Lyca Mobile傳出遭到勒索軟體攻擊 https://www.bleepingcomputer.com/news/security/lyca-mobile-investigates-customer-data-leak-after-cyberattack/ 大樓自動化管理業者Johnson Controls遭到勒索軟體攻擊 https://www.bleepingcomputer.com/news/security/building-automation-giant-johnson-controls-hit-by-ransomware-attack/ https://twitter.com/MalGamy12/status/1706989619818954837 https://otp.tools.investis.com/clients/us/johnson_controls/SEC/sec-show.aspx?Type=html&FilingId=16953602&CIK=0000833444&Index=10000 https://edition.cnn.com/2023/09/28/politics/dhs-investigating-ransomware-attack/index.html QBot攻擊者鎖定義大利用戶，散布勒索軟體Cyclops及Remcos RAT https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/ CI/CD系統TeamCity重大漏洞傳出已被勒索軟體駭客用於攻擊行動 https://www.bleepingcomputer.com/news/security/ransomware-gangs-now-exploiting-critical-teamcity-rce-flaw/ 研究人員揭露以Node.js打造的惡意軟體Lu0Bot https://any.run/cybersecurity-blog/lu0bot-analysis/ 駭客利用數百個Python套件散布竊資軟體，7.5萬名開發者上當 https://checkmarx.com/blog/the-evolutionary-tale-of-a-persistent-python-threat/ 德國旅館集團Motel One傳出遭勒索軟體BlackCat攻擊 https://securityaffairs.com/151732/cyber-crime/alphv-ransomware-motel-one.html 駭客透過惡意NPM套件散布rootkit程式r77 https://www.reversinglabs.com/blog/r77-rootkit-typosquatting-npm-threat-research 駭客假借供收信軟體Thunderbird散布勒索軟體 https://blog.thunderbird.net/2023/10/ransomware-alert-are-you-using-a-trusted-version-of-thunderbird/ 勒索軟體攻擊出現更嚴峻的態勢，駭客在2天內發動雙重加密攻擊 https://www.ic3.gov/Media/News/2023/230928.pdf 北韓駭客Lazarus鎖定航太產業散布惡意程式LightlessCan https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/ 新型態Mirai殭屍網路變種HailBot、KiraiBot、CatDDoS攻擊行動升溫 https://nsfocusglobal.com/mirai-botnets-new-wave-hailbot-kiraibot-catddos-and-their-fierce-onslaught/ Mirai Botnet new campaign https://nsfocusglobal.com/mirai-botnets-new-wave-hailbot-kiraibot-catddos-and-their-fierce-onslaught/ Ave Maria campaign targeting r/cybersecurity users on Reddit. https://chris.partridge.tech/2023/malware-targeting-cybersecurity-subreddit/ The art of manipulation: fraudsters steal money with remote administration software for mobile devices https://news.drweb.com/show/?i=14755&lng=en&c=5 Attacks on Southeast Asian Government Have Links to Alloy Taurus https://unit42.paloaltonetworks.com/alloy-taurus-targets-se-asian-government/ Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/ FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies https://thehackernews.com/2023/09/fbi-warns-of-rising-trend-of-dual.html 惡意軟體載入工具ASMCrypt埋藏在PNG圖檔，並透過惡意DLL程式庫載入記憶體執行 https://securelist.com/crimeware-report-asmcrypt-loader-lumma-stealer-zanubis-banker/110512/ Cybercriminals Using New ASMCrypt Malware Loader to Fly Under the Radar https://thehackernews.com/2023/09/cybercriminals-using-new-asmcrypt.html Microsoft's AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites https://thehackernews.com/2023/09/microsofts-ai-powered-bing-chat-ads-may.html OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code https://thehackernews.com/2023/10/openrefines-zip-slip-vulnerability.html BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground https://thehackernews.com/2023/10/bunnyloader-new-malware-as-service.html Zanubis Android Banking Trojan Poses as Peruvian Government App to Target Users https://thehackernews.com/2023/10/zanubis-android-banking-trojan-poses-as.html Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack https://thehackernews.com/2023/10/rogue-npm-package-deploys-open-source.html Analysis and Config Extraction of Lu0Bot, a Node.js Malware with Considerable Capabilities https://thehackernews.com/2023/10/analysis-and-config-extraction-of.html Guyana Governmental Entity Hit by DinodasRAT in Cyber Espionage Attack https://thehackernews.com/2023/10/guyana-governmental-entity-hit-by.html QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks https://thehackernews.com/2023/10/qakbot-threat-actors-still-in-action.html 駭客假借提供密碼管理軟體Bitwarden，散布惡意軟體ZenRAT https://www.proofpoint.com/us/blog/threat-insight/zenrat-malware-brings-more-chaos-calm B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Post-Quantum Cryptography: Finally Real in Consumer Apps https://thehackernews.com/2023/09/post-quantum-cryptography-finally-real.html Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw https://thehackernews.com/2023/10/apple-rolls-out-security-patches-for.html Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware https://thehackernews.com/2023/10/researchers-link-dragonegg-android.html 通訊軟體 Signal 推出可對抗量子電腦運算的端對端加密演算法 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10727 中國駭客APT41開始對安卓行動裝置下手，利用惡意軟體DragonEgg、WyrmSpy犯案 https://www.threatfabric.com/blogs/lightspy-mapt-mobile-payment-system-attack 蘋果發布iOS 17.0.3、iPadOS 17.0.3，修補已遭到利用的零時差漏洞 https://www.bleepingcomputer.com/news/apple/apple-emergency-update-fixes-new-zero-day-used-to-hack-iphones/ Google發布安卓系統10月例行更新，修補已被用於攻擊行動的零時差漏洞 https://source.android.com/docs/security/bulletin/2023-10-01 應付 TikTok 和潛在威脅，美商務部長支持立法解決 https://finance.technews.tw/2023/10/06/gina-raimondo-support-law-tiktok/ LightSpy iPhone 間諜軟體：與 APT41 駭客有關 https://reurl.cc/6Q702r 萬物齊漲，現在連 WhatsApp 零日漏洞價格都要漲 https://technews.tw/2023/10/06/whatsapp-zero-days/ Telegram以微信為師擬轉型萬用軟體引資安爭議 https://news.pts.org.tw/article/660565 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力流通經營者高峰論壇／台灣駭客協會理事長翁浩正：防禦思維強化資安 https://www.sinotrade.com.tw/richclub/news/651d932c271c1d59456ae121 第五輪ATT&CK評估計畫結果出爐，本次以善於潛伏的俄羅斯駭客Turla為攻擊假想目標 https://www.ithome.com.tw/news/159067 美高梅9月遭網絡攻擊，但拒向駭客支付贖金 https://reurl.cc/RyWX1g 由於駭客嚴重依賴洩漏的 SQL 伺服器，Azure 雲端虛擬機面臨安全風險 https://windows.atsit.in/bc/18305/ 駭客入侵微軟SQL Server資料庫系統，目標是Azure雲端環境的虛擬機器 https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/ Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance https://thehackernews.com/2023/10/microsoft-warns-of-cyber-attacks.html LUCR-3: Scattered Spider Getting SaaS-y in the Cloud https://thehackernews.com/2023/10/lucr-3-scattered-spider-getting-saas-y.html 韓造船廠近日遭到北韓網路駭客攻擊 https://reurl.cc/QZebdZ 南美洲國家蓋亞那政府機關遭到惡意程式DinodasRAT攻擊 https://www.welivesecurity.com/en/eset-research/operation-jacana-spying-guyana-entity/ 東南亞政府機關遭到駭客組織中國駭客Mustang Panda、Alloy Taurus、Gelsemium鎖定 https://thehackernews.com/2023/09/new-report-uncovers-three-distinct.html https://unit42.paloaltonetworks.com/stately-taurus-attacks-se-asian-government/ https://unit42.paloaltonetworks.com/alloy-taurus-targets-se-asian-government/ https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ TA866 威胁组织以鞑靼语用户为目标进行攻击 https://www.4hou.com/posts/3rPM 中國駭客組織APT27針對中東電信業者、亞洲政府實體散布後門程式SysUpdate https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/budworm-tool-update-telecoms-govt 中國駭客組織UNC4841攻擊目標從政府機關擴及民生關鍵基礎設施 https://www.ithome.com.tw/news/159116 中國駭客假借台積電的名義對半導體產業散布Cobalt Strike https://blog.eclecticiq.com/chinese-state-sponsored-cyber-espionage-activity-targeting-semiconductor-industry-in-east-asia Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike https://thehackernews.com/2023/10/chinese-hackers-target-semiconductor.html 伊朗駭客組織APT34利用惡意軟體Menorah發動攻擊 https://www.trendmicro.com/en_us/research/23/i/apt34-deploys-phishing-attack-with-new-malware.html Iranian APT Group OilRig Using New Menorah Malware for Covert Operations https://thehackernews.com/2023/09/iranian-apt-group-oilrig-using-new.html Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm https://thehackernews.com/2023/09/lazarus-group-impersonates-recruiter.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全限時一百天！韓國警察如何打擊散播私密影像的網路犯罪者 https://www.upmedia.mg/news_info.php?Type=5&SerialNo=184032 Sony 確認遭黑客入侵近 7,000 人數據外洩 https://unwire.pro/2023/10/06/sony-3/security/ Sony證實資料外洩，起因是遭遇MOVEit Transfer零時差漏洞攻擊 https://apps.web.maine.gov/online/aeviewer/ME/40/8b595be6-d1d7-47df-84d5-05738edd84f9.shtml https://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/ https://www.hackread.com/sony-data-breach-moveit-vulnerability-us/ 求職網站Indeed被EvilProxy網釣攻擊濫用，鎖定Microsoft 365用戶而來 https://www.menlosecurity.com/blog/evilproxy-phishing-attack-strikes-indeed/ EvilProxy Phishing Attack Strikes Indeed https://www.menlosecurity.com/blog/evilproxy-phishing-attack-strikes-indeed/ 釣魚簡訊攻擊Smishing Triad範圍延伸到阿拉伯聯合大公國 https://www.resecurity.com/blog/article/Smishing-Triad-Impersonates-Emirates-Post-Target-UAE-Citizens 5月爆發的微軟郵件系統弱點事故，目前已知導致6萬封美國國務院郵件外洩 https://www.reuters.com/world/us/chinese-hackers-stole-60000-emails-us-state-department-microsoft-hack-senate-2023-09-27/ Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions https://thehackernews.com/2023/10/looney-tunables-new-linux-flaw-enables.html Over 3 Dozen Data-Stealing Malicious npm Packages Found Targeting Developers https://thehackernews.com/2023/10/over-3-dozen-data-stealing-malicious.html 惡意網路廣告氾濫，人工智慧聊天機器人Bing Chat未設防，恐將淪為幫凶 http://malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot 加拿大廉價航空Canadian Flair Airlines傳出資料外洩 https://cybernews.com/security/canadian-flair-airlines-user-data-leak/ 特斯拉第三方行車記錄應用程式TeslaMate配置錯誤，恐導致車主資料曝光 https://www.redinent.com/global/risks-of-user-misconfiguration-in-tesla-car-security/ 防詐預警、買賣安心　產官民聯手反詐騙 https://n.yam.com/Article/20231005737687 資安專家警告：不要在社群媒體上發佈「登機證」的照片！最嚴重的後果將導致身份被盜用 https://www.vogue.com.tw/article/why-you-should-never-post-a-picture-of-your-boarding-pass-on-social-media 遠傳「國際來話語音警示服務」上線，繼「專屬短碼簡訊」後再度出手打擊詐騙 https://www.techbang.com/posts/110006-protecting-users-is-the-most-powerful-far-eastone E.研究報告/工具零信任防護範圍不包括使用相同雲服務的用戶？Cloudflare安全控制功能傳出其他用戶可繞過防護的爭議 https://certitude.consulting/blog/en/using-cloudflare-to-bypass-cloudflare/ Lin bay好油自導自演案的「跳板VPN」是什麼？裝了就能躲避檢警追查嗎 https://www.thenewslens.com/article/192786 分析新BBTok 恶意银行软件变体的服务器端组件 https://www.4hou.com/posts/xzw9 HTTPSnoop 恶意软件针对Cisco Talos进行渗透 https://www.4hou.com/posts/vxrm New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks https://thehackernews.com/2023/09/new-critical-security-flaws-expose-exim.html APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries https://thehackernews.com/2023/10/apis-unveiling-silent-killer-of-cyber.html API Security Trends 2023 – Have Organizations Improved their Security Posture https://thehackernews.com/2023/10/api-security-trends-2023-have.html Protecting your IT infrastructure with Security Configuration Assessment (SCA) https://thehackernews.com/2023/10/protecting-your-it-infrastructure-with.html Researcher Reveals New Techniques to Bypass Cloudflare's Firewall and DDoS Protection https://thehackernews.com/2023/10/researcher-reveal-new-technique-to.html Wing Disrupts the Market by Introducing Affordable SaaS Security https://thehackernews.com/2023/10/wing-disrupts-market-by-introducing.html New OS Tool Tells You Who Has Access to What Data https://thehackernews.com/2023/10/new-os-tool-tells-you-who-has-access-to.html Online Master of Science in Law Program Cybersecurity Law A graduate degree for working professionals https://www.law.umaryland.edu/academics/ms-in-law-program/landing-pages/cybersecurity-hacker-news/?_m=3n.009a.3167.kl0ao0dcsu.25mk F.商業 GitHub's Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack https://thehackernews.com/2023/10/githubs-secret-scanning-feature-now.html GitHub改良程式碼機密資訊的掃描功能 https://github.blog/2023-10-04-introducing-secret-scanning-validity-checks-for-major-cloud-services/ AWS揭露內部威脅獵捕系統MadBot https://aws.amazon.com/tw/blogs/security/how-aws-threat-intelligence-deters-threat-actors/ 偲倢科技將 NVIDIA 技術資源與自家軟體專業結合，推出 SOP 化、模組化解決方案 https://buzzorange.com/techorange/2023/10/05/ai-nvidia-sop/ G.政府電子簽章法修法重點有二；有望防堵跨境偽冒 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10724 資安即國安台灣國安不算安 https://reurl.cc/m0roWl 112年雙十國慶期間資安警戒防護專案 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1620126&type=military https://www.ydn.com.tw/news/newsInsidePage?chapterID=1620363 行政院拍板：房東租金補貼資訊不可做為查稅依據 https://reurl.cc/2EzmMv 興大攜瑞思資訊培育印尼、大馬資安國際人才 https://www.chinatimes.com/newspapers/20231006000302-260206?chdtv H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安繼SEMI E187，台積電列資安四大面向入採購規格 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10725 中研院正式開源釋出繁中優化的Llama 2大型語言模型，正式採用Apache2.0釋出 https://www.ithome.com.tw/news/159166 BlackBerry將物聯網及網路安全業務拆分為兩家公司 https://www.ithome.com.tw/news/159155 https://www.blackberry.com/us/en/company/newsroom/press-releases/2023/blackberry-provides-project-imperium-update-and-announces-intention-to-separate-business-units https://seekingalpha.com/article/4639246-blackberry-stock-overpriced-spin-off-uncertainty Arm修補已遭利用的Mali顯示晶片漏洞 https://www.bleepingcomputer.com/news/security/arm-warns-of-mali-gpu-flaws-likely-exploited-in-targeted-attacks/ Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation https://thehackernews.com/2023/10/arm-issues-patch-for-mali-gpu-kernel.html Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation https://thehackernews.com/2023/10/qualcomm-releases-patch-for-3-new-zero.html Supermicro's BMC Firmware Found Vulnerable to Multiple Critical Vulnerabilities https://thehackernews.com/2023/10/supermicros-bmc-firmware-found.html AI資安恐衍生國安問題！美國國家安全局設立人工智慧安全中心 https://www.defense.gov/News/News-Stories/Article/Article/3541838/ai-security-center-to-open-at-national-security-agency/ 洛克威爾自動化發布最新工業資安報告 https://www.2cm.com.tw/2cm/zh-tw/news/3D14DB3021814399885853AAA8834DE8?type=-1 Moxa工業安全路由器率先取得IEC 62443-4-2認證 https://reurl.cc/L64MjK TXOne實現跨域AIoT資安防護　首推SageOne平台整合全系列產品 https://www.ctimes.com.tw/DispNews-tw.asp?O=HK7A64Z5LQ4SAA00NM Your printer is not your printer ! - Hacking Printers at Pwn2Own Part I https://devco.re/blog/2023/10/05/your-printer-is-not-your-printer-hacking-printers-pwn2own-part1/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 6.近期資安活動及研討會國家高速網路與計算中心雲端平台 - 奇靈雲用戶教育訓練 2023/10/12 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4062&from_course_list_url=course_index Hou.Sec.Con 2023/10/12 ~ 2023/10/13 https://web.cvent.com/event/76d46ccb-fe00-4fe5-ba46-e4a77c807f21/summary Taipei DevOps User Group Launch Event, supported by Wankuma Alliance 2023/10/13 https://www.meetup.com/taipei-devops-user-group/events/295716641/ 資安五四三 2023/10/13 https://csa.kktix.cc/events/202310-543 Taipei DevOps User Group Launch Event 2023/10/13 https://www.meetup.com/taipei-devops-user-group/events/295716641/ 《歐立威科技 2023 研討會》10/13 | 【線上】Vault 進階實戰工作坊：零信任安全策略&資料保護 2023/10/13 https://www.accupass.com/event/2309130552361111434529?utm_source=web&utm_medium=search_result_%E8%B3%87%E5%AE%89&utm_campaign=accu_e_ 國家高速網路與計算中心平行計算程式設計基礎課程 2023/10/17 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4033&from_course_list_url=homepage Elixir Taiwan monthly meetup 2023/10/17 https://www.meetup.com/elixirtw-taipei/events/296057946/ 數位轉型-看見台灣數位競爭力國際論壇暨成果發表會 2023/10/17 https://www.accupass.com/event/2309130748501529132371?utm_source=web&utm_medium=search_result_%E8%B3%87%E5%AE%89&utm_campaign=accu_e_ 台灣網路講堂「探索未來世代的網路隱私治理框架」座談會 2023/10/18 https://www.twsig.tw/20231018/ 國家高速網路與計算中心三維空間資訊共構教育訓練 2023/10/18 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4065&from_course_list_url=course_index 國家高速網路與計算中心資料聯盟技術教育訓練 2023/10/18 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4066&from_course_list_url=course_index Microsoft 365線上研討會：智能運營與資安的完美結合 2023/10/19 https://www.systexsoftware.com.tw/News/Content/14563 網路自由小聚 [10月] ：數位韌性 Digital Resilience 2023/10/19 https://ocftw.kktix.cc/events/internetfreedom-october2023 【強化DevOps開發流程安全】說明會報名 2023/10/19 https://www.accupass.com/event/2309080142511166709262?utm_source=web&utm_medium=search_result_%E8%B3%87%E5%AE%89&utm_campaign=accu_e_ 國家高速網路與計算中心 ANSYS LS-DYNA基礎訓練課程 2023/10/20 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4029&from_course_list_url=course_index OCF 培訓活動: 如何建立安全的網路架構 II 2023/10/21 https://ocftw.kktix.cc/events/ocftot2023 After WordCamp：你參加 WordCamp Taiwan 2023了嗎？ - 彰化小聚#34 2023/10/21 https://www.meetup.com/changhua-wordpress-meetup-group/events/296254308/ AI/Machine Learning Trivia Night! 2023/10/24 https://www.meetup.com/taipei_langchain/events/296326252/ Drupal 台北小聚 - 聊天、喝飲料、吃Pizza @聖誕老人國際股份有限公司 2023/10/25 https://www.meetup.com/drupal-mentoring-taipei/events/296351711/ (ISC)2 SECURITY CONGRESS LEAD WITH CONFINDENCE 2023/10/25 ~ 2023/10/27 https://www.isc2.org/Congress-2023 旅遊服務銜接 AIGC 的各種坑 2023/10/30 https://www.meetup.com/rladies-taipei/events/296239571/ OpenText 當AI遇見資安零信任浪潮下產業新競局 - MetaAge 邁達特 2023/11/2 https://www.metaage.com.tw/events/283 ISC2 Taipei Chapter 2023年度會員大會暨「信任始於安全」研討會 2023/11/4 https://isc2taipei.kktix.cc/events/nosecuritynotrust 2023金融資安論壇-金融上雲迎風挑戰資安布局 2023/11/7 https://www.accupass.com/event/2309260331486394385550?utm_source=web&utm_medium=search_result_%E8%B3%87%E5%AE%89&utm_campaign=accu_e_ Web應用滲透測試 2023/11/9 ~ 2023/11/10 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=631 MOPCON 2023 2023/11/11 ~ 2023/11/12 https://mopcon.kktix.cc/events/2023-students https://mopcon.kktix.cc/events/mopcon-2023 【亞洲最具指標供應鏈高峰會】Supply Chain Summit 2023 2023/11/14 ~ 2023/11/15 https://www.accupass.com/event/2307070154211343470512 國泰天職學X職游｜How IT Works SMART 2023/11/18 https://www.accupass.com/event/2309190510226744374250?utm_source=web&utm_medium=search_result_%E8%B3%87%E5%AE%89&utm_campaign=accu_e_ 2023 台灣智動化檢測驗證聯盟大會暨工業安全規範研討會 2023/11/22 https://www.accupass.com/event/2309200309193935682920?utm_source=web&utm_medium=search_result_%E8%B3%87%E5%AE%89&utm_campaign=accu_e_ High Velocity ITSM Taipei 2023/11/25 https://www.meetup.com/taipei-atlassian-community-events/events/295913312/ Jamf Nation Live Taipei 2023 2023/12/19 https://jamf.kktix.cc/events/jamfnation2023 【Monosparta】②⓪②④ 第一梯次軟體開發實戰訓練營➠線上說明會 2024/1/17 https://trunk-studio.kktix.cc/events/monosparta-202401