###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/09/09 ~ 2024/09/13 1.重大弱點漏洞/後門/Exploit/Zero Day SonicWall防火牆重大漏洞危機升溫，傳出已被用於散布勒索軟體 https://www.ithome.com.tw/news/164950 SonicWall針對防火牆重大漏洞提出警告，已出現疑似遭到利用的跡象 https://www.ithome.com.tw/news/164920 SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation https://thehackernews.com/2024/09/sonicwall-urges-users-to-patch-critical.html Palo Alto Networks針對旗下產品發布更新，修補防火牆作業系統高風險 https://www.securityweek.com/palo-alto-networks-patches-dozens-of-vulnerabilities/ 思科修補網路設備作業系統IOS XR高風險漏洞 https://www.securityweek.com/cisco-patches-high-severity-vulnerabilities-in-network-operating-system/ 微軟發佈9月份安全性公告 https://www.cisa.gov/news-events/alerts/2024/09/10/microsoft-releases-september-2024-security-updates https://msrc.microsoft.com/update-guide/releaseNote/2024-Sep 微軟發布9月例行更新，修補4個已被用於攻擊行動的零時差漏洞 https://www.ithome.com.tw/news/164959 Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws https://thehackernews.com/2024/09/microsoft-issues-patches-for-79-flaws.html Cisco 發布 Smart Licensing Utility 安全性更新 https://www.ithome.com.tw/news/164861 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw Cisco Smart Licensing Utility https://nvd.nist.gov/vuln/detail/CVE-2024-20439 https://nvd.nist.gov/vuln/detail/CVE-2024-20440 Citrix 發佈 Windows 的 Citrix Workspace 應用程式的安全性更新 https://nvd.nist.gov/vuln/detail/CVE-2024-7890 https://nvd.nist.gov/vuln/detail/CVE-2024-7889 https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US https://www.cisa.gov/news-events/alerts/2024/09/10/citrix-releases-security-updates-citrix-workspace-app-windows Zyxel 近日發布 無線基地台和資安路由器的安全性更新 https://www.zyxel.com/tw/zh/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024 Zyxel VMG8825-T50K https://nvd.nist.gov/vuln/detail/CVE-2024-5412 Zyxel ATP、USG FLEX、USG FLEX 50(W)、USG20(W)-VPN https://nvd.nist.gov/vuln/detail/CVE-2024-42057 https://nvd.nist.gov/vuln/detail/CVE-2024-42058 https://nvd.nist.gov/vuln/detail/CVE-2024-42059 https://nvd.nist.gov/vuln/detail/CVE-2024-42060 https://nvd.nist.gov/vuln/detail/CVE-2024-7203 Zyxel NWA1123ACv3 https://nvd.nist.gov/vuln/detail/CVE-2024-7261 Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress https://thehackernews.com/2024/09/critical-security-flaw-found-in.html Apache基金會修補ERP系統OFBiz重大風險漏洞 https://www.ithome.com.tw/news/164943 Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution https://thehackernews.com/2024/09/apache-ofbiz-update-fixes-high-severity.html Apache OFBiz https://nvd.nist.gov/vuln/detail/CVE-2024-45507 https://nvd.nist.gov/vuln/detail/CVE-2024-45195 Veeam修補旗下產品18個漏洞，包括遠端執行程式碼重大漏洞 https://www.ithome.com.tw/news/164972 Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues https://thehackernews.com/2024/09/veeam-releases-security-updates-to-fix.html Progress旗下兩款產品傳出有資安漏洞 https://nvd.nist.gov/vuln/detail/CVE-2024-6670 https://nvd.nist.gov/vuln/detail/CVE-2024-6671 Progress針對應用程式交付系統LoadMaster重大漏洞發布緊急修補程式 https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591 Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor https://thehackernews.com/2024/09/progress-software-issues-patch-for.html Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw https://thehackernews.com/2024/09/progress-whatsup-gold-exploited-just.html New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers https://thehackernews.com/2024/09/new-pixhell-attack-exploits-screen.html New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks https://thehackernews.com/2024/09/new-rambo-attack-uses-ram-radio-signals.html Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments https://thehackernews.com/2024/09/mustang-panda-deploys-advanced-malware.html 資料圖像化系統Kibana存在重大漏洞，可被用於執行任意程式碼 https://www.ithome.com.tw/news/164951 FreeBSD得到近70萬歐元挹注，將用於強化安全功能、減少技術債 https://freebsdfoundation.org/blog/sovereign-tech-fund-to-invest-e686400-in-freebsd-infrastructure-modernization/ IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7168115 Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities https://thehackernews.com/2024/09/ivanti-releases-urgent-security-updates.html WordPress網站加速外掛LiteSpeed Cache再傳漏洞，6百萬網站曝露於遭到挾持的風險 https://www.ithome.com.tw/news/164965 Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401 https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401 GitLab修補重大層級的管道執行漏洞 https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/ GitLab warns of critical pipeline execution vulnerability https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-pipeline-execution-vulnerability/amp/ Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution https://thehackernews.com/2024/09/urgent-gitlab-patches-critical-flaw.html Critical Vulnerabilities in JPEG 2000 Library Let Attackers Execute Remote Code https://gbhackers-com.cdn.ampproject.org/c/s/gbhackers.com/vulnerabilities-in-jpeg-2000-library/amp/ Google發布Chrome 128更新，修補Skia元件高風險漏洞 https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html 2.銀行/金融/保險/證券/金融監理 新聞及資安 中租、兆豐、彰銀接連發布重訊揭露遭DDoS攻擊，還有臺灣多個政府機關也是目標 https://www.ithome.com.tw/news/164999 證交所、金融機構遭網攻當機 金管會：非交易系統出問題 https://news.cnyes.com/news/id/5716434 官網當機 證交所：與交易系統無關已恢復正常 https://www.cna.com.tw/news/afe/202409120227.aspx 網站遭駭客攻擊！證交所官網「國外IP」查詢量暴增　約平日3至4倍 https://www.nownews.com/news/6523892 俄國駭客組織攻擊台灣金融機構 他們曾在俄烏戰爭初期攻擊烏克蘭網路 https://www.cmmedia.com.tw/home/articles/49369 金融業首家！國泰金獲金管會核准啟動數據上雲 https://news.cnyes.com/news/id/5716080 中小銀行風險暴露 中共惶恐加速其合併重組 https://www.epochtimes.com/b5/24/9/11/n14328631.htm 中國投資銀行遭大整肅 高管被拘員工護照被扣 https://www.ntdtv.com/b5/2024/09/12/a103912836.html Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command https://documents.trendmicro.com/images/TEx/Mekotio-and-BBTok-IOCsktvYaQ0.txt TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud https://thehackernews.com/2024/09/trickmo-android-trojan-exploits.html New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram https://thehackernews.com/2024/09/new-android-malware-ajinabanker-steals.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安 支付各方加強互聯互通 共譜高效包容“協奏曲” http://big5.news.cn/gate/big5/www.xinhuanet.com/fortune/20240913/2332850a62dd4503b15800ba211322b0/c.html TWQR到底是什麼？支援哪些電子支付及使用方法一次看懂 https://www.sogi.com.tw/articles/twqr/6262808 數位支付3大類比一比 1分鐘看懂使用方式 https://www.cna.com.tw/news/ahel/202407200016.aspx 付款閘道服務供應商Slim CD資料外洩，170萬人信用卡及個資曝光 https://www.bleepingcomputer.com/news/security/payment-gateway-data-breach-affects-17-million-credit-card-owners/ Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals https://securityaffairs.com/168229/data-breach/slim-cd-disclosed-a-data-breach.html 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 區塊鏈是未來的趨勢 ?《Read Write Own》揭露網際網路的脈絡與歷史 https://meet.eslite.com/tw/tc/article/202408230002 中國央行上海總部：依託區塊鏈技術探索跨境匯款繳稅業務新模式 https://news.knowing.asia/news/277dc061-bfa9-48bb-adb1-8f05ce3174a3 韓國區塊鏈週洞察： Presto Labs 與 Flipster 推動全球交易新格局 https://www.blocktempo.com/kbw-insights-presto-labs-and-flipster-drive-new-global-trading-landscape/ 柯文哲曾曝想用「區塊鏈」管帳　傳檢廉追「冷錢包」虛擬幣金流 https://www.setn.com/News.aspx?NewsID=1529082 區塊鏈不是法外之地 更不是犯罪分子避風港！ 看幣安菁英調查團隊如何用區塊鏈打擊非法金融 https://www.businesstoday.com.tw/article/category/183017/post/202409120032/ 山寨幣要噴了？Bitfinex：反轉跡象初現，未來數月表現或優於比特幣 https://www.blocktempo.com/bitcoin-could-soon-hit-six-figures/ 8處比特幣礦場不斷電挖礦 竊電夫妻被判2年沒收6000萬 https://www.chinatimes.com/realtimenews/20240913002252-260402?chdtv 押注比特幣將迎「大行情」！礦工競爭激烈、挖礦難度創新高 https://blockcast.it/2024/09/12/bitcoin-mining-difficulty-hits-record-while-miners-speculating-on-a-s-bitcoin-rally/ 投資加密貨幣安全嗎？如何降低風險 https://www.ctee.com.tw/news/20240911701644-431201 投資加密貨幣安全嗎？風險評估與安全策略指南 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000702441_E6J5YYZY3GHML02F5FNFS Beware of Malicious Chrome Extension Draining Crypto Wallets https://www.linkedin.com/pulse/beware-malicious-chrome-extension-draining-crypto-wallets-gafwf/?trackingId=G0C0poUFW7dgU32c2ahn4g%3D%3D 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 最新Linux 版本Cicada勒索軟體 鎖定 VMware ESXi 伺服器 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11227 「佛地魔」惡意程式假冒全球各地稅務機關發動攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11222 殭屍網路Quad7鎖定兆勤VPN設備、Ruckus無線路由器而來 https://blog.sekoia.io/a-glimpse-into-the-quad7-operators-next-moves-and-associated-botnets/ 商業間諜軟體Predator傳出捲土重來 https://www.recordedfuture.com/research/predator-spyware-infrastructure-returns-following-exposure-sanctions 中國駭客Earth Preta透過蠕蟲程式Hiupan散布惡意軟體PubLoad https://www.trendmicro.com/en_us/research/24/i/earth-preta-new-malware-and-strategies.html 卡巴斯基惡意程式移除工具TDSSKiller遭濫用，勒索軟體駭客RansomHub用來關閉安全防護機制 https://www.ithome.com.tw/news/164960 駭客組織CosmicBeetle發動勒索軟體攻擊，鎖定中小型企業而來 https://www.ithome.com.tw/news/164990 Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack https://thehackernews.com/2024/09/iranian-cyber-group-oilrig-targets.html Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances https://thehackernews.com/2024/09/quad7-botnet-expands-to-target-soho.html Earth Preta Evolves its Attacks with New Malware and Strategies https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/i/earth-preta-evolves-its-attacks-with-new-malware-and-strategies/IOC%20List%20-%20Earth%20Preta%20Evolves%20its%20Attacks%20with%20New%20Malware%20and%20Strategies.txt https://otx.alienvault.com/pulse/66e0b2d9658625d27ce577e2 Chinese hackers use new data theft malware in govt attacks https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-data-theft-malware-in-govt-attacks/ APT Lazarus: Eager Crypto Beavers, Video calls and Games https://www.group-ib.com/blog/apt-lazarus-python-scripts/ EXPOSED: OnlyFans Hack Gone Wrong - How Cyber Criminals Turn into Victims Overnight https://otx.alienvault.com/pulse/66dacf5908285fb712140ae3 GeoServer重大漏洞已被用於攻擊行動，駭客散布後門及殭屍網路病毒 https://www.ithome.com.tw/news/164930 GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware https://thehackernews.com/2024/09/geoserver-vulnerability-targeted-by.html GitHub Actions可被用於冒充網域名稱攻擊，開發人員若未仔細檢查，恐散布惡意程式碼 https://www.ithome.com.tw/news/164916 GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code https://thehackernews.com/2024/09/github-actions-vulnerable-to.html New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys https://thehackernews.com/2024/09/new-android-spyagent-malware-uses-ocr.html Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT https://thehackernews.com/2024/09/blind-eagle-targets-colombian-insurance.html Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments https://thehackernews.com/2024/09/mustang-panda-deploys-advanced-malware.html Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware https://thehackernews.com/2024/09/developers-beware-lazarus-group-uses.html CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub https://thehackernews.com/2024/09/cosmicbeetle-deploys-custom-scransom.html New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency https://thehackernews.com/2024/09/new-linux-malware-campaign-exploits.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 藍牙技術聯盟發佈全新安全精準測距功能 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11228 蘋果發表iPhone 16系列及可當助聽器使用的AirPods Pro https://www.ithome.com.tw/news/164939 Apple Intelligence下個月將登上iPhone、iPad及Mac，明年支援中文 https://www.ithome.com.tw/news/164941 Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity https://thehackernews.com/2024/09/paul-durov-criticizes-outdated-laws.html Meta fixes easily bypassed WhatsApp ‘View Once’ privacy feature https://www.bleepingcomputer.com/news/security/meta-fixes-easily-bypassed-whatsapp-view-once-privacy-feature/ Taiwan telecom companies to send test disaster alert Wednesday https://www.taiwannews.com.tw/news/5933856 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 【CrowdStrike更新釀災】0719全球IT大當機回顧 https://www.ithome.com.tw/article/164883 親俄駭客「攻擊台灣」背景曝光！台企頻遭打擊　台積電曾損失25億 https://www.ettoday.net/news/20240913/2816093.htm 駭客鎖定臺灣無人機製造商發起Operation WordDrone攻擊行動 https://www.acronis.com/en-us/cyber-protection-center/posts/operation-worddrone-drone-manufacturers-are-being-targeted-in-taiwan/ 賴總統提「璦琿條約」說 情資：親俄駭客對台發動報復性網攻 https://ec.ltn.com.tw/article/breakingnews/4795728 臺灣複合螺絲及螺栓製造商世鎧遭遇網路攻擊，部分系統被加密 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=2&SPOKE_TIME=165214&SPOKE_DATE=20240909&COMPANY_ID=2063 經營暗網市集WWH Club的俄羅斯和哈薩克人遭到起訴 https://www.justice.gov/usao-mdfl/pr/russian-and-kazakhstani-men-indicted-running-dark-web-criminal-marketplaces-forums-and 微軟免費開發工具遭中國駭客Stately Taurus濫用，企圖滲透東南亞政府機關竊取機密 https://www.ithome.com.tw/news/164963 北韓駭客Kimsuky使用相同的手段攻擊俄羅斯、韓國 https://www.genians.co.kr/blog/threat_intelligence/konni_universe 英國逮捕對倫敦交通局發動網路攻擊的嫌犯 https://hackread.com/nca-arrests-walsall-teenager-tfl-cyber-attack/ 美國推新計畫改善邊界閘道協定安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11230 U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks https://thehackernews.com/2024/09/us-offers-10-million-for-info-on.html 中國駭客TIDrone鎖定臺灣衛星及軍事工業而來 https://www.ithome.com.tw/news/164935 TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign https://thehackernews.com/2024/09/tidrone-espionage-group-targets-taiwan.html FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals https://thehackernews.com/2024/09/fbi-cracks-down-on-dark-web-marketplace.html Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East https://thehackernews.com/2024/09/chinese-speaking-hacker-group-targets.html Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks https://thehackernews.com/2024/09/chinese-hackers-exploit-visual-studio.html 針對三組中國駭客鎖定東南亞發動的攻擊行動，駭客趨於傾向利用公開工具隱匿行蹤 https://www.ithome.com.tw/news/164962 Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia https://thehackernews.com/2024/09/experts-identify-3-chinese-linked.html Russian Military Cyber Actors Target US and Global Critical Infrastructure https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a 北韓駭客想從加密貨幣業者竊取資產，鎖定求職者企圖散布兩種惡意軟體 https://www.ithome.com.tw/news/164919 North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams https://thehackernews.com/2024/09/north-korean-threat-actors-deploy.html DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe https://thehackernews.com/2024/09/dragonrank-black-hat-seo-campaign.html Recent Chinese Spy Cases in Taiwan: Knowns, Unknowns, and Implications https://globaltaiwan.org/2024/09/recent-chinese-spy-cases-in-taiwan/ 19 Websites Identified as Part of an Iranian Global Influence Operation https://otx.alienvault.com/pulse/66e2a42fb2ec3be10a95080b D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 駭客組織APT-C-36冒充稅務機關，鎖定哥倫比亞保險業者發動網釣攻擊 https://www.ithome.com.tw/news/164947 人工智慧醫療保健業者Confidant Health伺服器配置錯誤，曝露5.3 TB健康記錄 https://hackread.com/ai-firm-misconfigured-server-exposed-mental-health-data/ Fortinet遭大規模資料洩漏 亞太區客戶受影響 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11246 車輛租賃業者Avis遭到入侵，部分客戶資訊外流 https://www.bleepingcomputer.com/news/security/car-rental-giant-avis-discloses-data-breach-impacting-customers/ 有人公布法國IT顧問業者Capgemini公司檔案、程式碼、客戶資料 https://www.ithome.com.tw/news/165004 Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches https://thehackernews.com/2024/09/shining-light-on-shadow-apps-invisible.html Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe https://thehackernews.com/2024/09/irelands-watchdog-launches-inquiry-into.html WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers https://thehackernews.com/2024/09/wordpress-mandates-two-factor.html Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft https://thehackernews.com/2024/09/say-goodbye-to-phishing-must-haves-to.html E.研究報告/工具 研究人員揭露能繞過ProxyNotShell修補程式碼的攻擊手法 https://www.zerodayinitiative.com/blog/2024/9/4/exploiting-exchange-powershell-after-proxynotshell-part-1-multivaluedproperty 螢幕的聲音也能被用來竊取機密！研究人員揭露PixHell攻擊手法 https://thehackernews.com/2024/09/new-pixhell-attack-exploits-screen.html The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025 https://thehackernews.com/2024/09/the-state-of-virtual-ciso-report.html Why Is It So Challenging to Go Passwordless https://thehackernews.com/2024/09/why-is-it-so-challenging-to-go.html How Confident Are You That Your Critical SaaS Applications Are Secure https://thehackernews.com/expert-insights/2024/09/how-confident-are-you-that-your.html Top 3 Threat Report Insights for Q2 2024 https://thehackernews.com/2024/09/top-3-threat-report-insights-for-q2-2024.html F.商業 漢昕科技2024 Solution Day：資安自動化的重要性及其實踐策略 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11231 智慧資安科技與日本IWI正式簽約 攜手共建跨國資安協防新格局 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11223 萬事達卡宣布以26.5億美元買下資安業者Recorded Future https://www.ithome.com.tw/news/165010 強化軟體供應鏈安全，JFrog推出Runtime即時安全監控解決方案 https://www.ithome.com.tw/news/164973 Achieving Data Resilience in Microsoft 365 https://thehackernews.com/expert-insights/2024/09/achieving-data-resilience-in-microsoft.html Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free https://thehackernews.com/2024/09/wing-security-saas-pulse-continuous.html FinTech, Healthcare & SaaS Need Non-Human Identity Management More Than Ever Before https://thehackernews.com/expert-insights/2024/09/fintech-healthcare-saas-need-non-human.html One More Tool Will Do It? Reflecting on the CrowdStrike Fallout https://thehackernews.com/2024/09/one-more-tool-will-do-it-reflecting-on.html Privileged Identity Management (PIM): For Many, a False Sense of Security https://thehackernews.com/expert-insights/2024/09/privileged-identity-management-pim-for.html Privileged Identity Management (PIM): For Many, a False Sense of Security https://thehackernews.com/expert-insights/2024/09/privileged-identity-management-pim-for.html G.政府 川普指控中國晶片來自台灣！李忠憲憂蔡政府資安、國安失策代價高 https://newtalk.tw/news/view/2024-09-12/936082 親俄駭客鎖定網攻台灣　資安署：已啟動聯防體系應變 https://www.upmedia.mg/news_info.php?Type=24&SerialNo=211522 親俄駭客網攻台灣 資安署罕見發聲：已啟動聯防體系 https://ec.ltn.com.tw/article/breakingnews/4799175 親俄駭客盯上台灣！　行政院：資安署密切掌握、協助機關加強應變 https://www.ettoday.net/news/20240913/2816438.htm 台資安署：DDoS侵擾 續監控加強防護 https://www.ntdtv.com.tw/b5/20240913/video/398486.html H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 TXOne Networks籲半導體業強化資產生命週期防護 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11226 智慧資安科技代理OT資安領先品牌Claroty 攜手邁入工控、醫療資安防護新紀元 https://www.cio.com.tw/smart-it-antech-agent-ot-resources-leading-brand-claroty-join-hands-into-industrial-control-medical-security-protection-for-the-new-era/ 西門子工控研討會 揭密資安防護攻略 https://money.udn.com/money/story/5639/8172218 駭客鎖定半導體鏈 半導體強化資產生命週期防護 OT營運環境更為要 https://reurl.cc/lyY5KY I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Just a chat - with no Expectations 2024/9/14 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/303033211/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/9/17 https://www.meetup.com/taiwan-code-camp/events/303093426/ SyntaxError 2024/9/18 https://www.meetup.com/pythonhug/events/303113974/ 資安長零信任的第一堂課（九月場） 2024/9/19 https://jamf.kktix.cc/events/applexjamf-sep HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/9/19 https://www.meetup.com/hackingthursday/events/303134460/ 線上職能講座｜安碁學苑「資安專門職能：資訊安全工程師」 2024/9/19 https://acsiacad.kktix.cc/events/webinar919 【2024/09】WordPress 彩虹小聚 @言文字 2024/9/19 https://www.meetup.com/taipei-wordpress/events/303071742/ 法律科技新視野 — 高效營運與資安合規雙贏策略 2024/9/19 https://www.accupass.com/event/2408270143151973484167 【實體活動】結合智能與自動化，創造 IT 維運管理新篇章！Red Hat 與 Atlassian 的強強整合運用 2024/9/20 https://www.meetup.com/taipei-atlassian-community-events/events/302995998/ HITCON 社群活動 - HITCON CTF 揭秘 2024/9/21 https://hitcon.kktix.cc/events/discoverctf240921 Just a chat - with no Expectations 2024/9/21 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcmbcc/ Taoyuan WordPress Café 桃園咖啡小聚 #40 2024/9/21 https://www.meetup.com/taoyuan-wordpress-meetup/events/303111843/ Cloud Collaboration Era: Atlassian Cloud Platform Best Practices Sharing Session 2024/9/21 https://www.meetup.com/hang-zhou-atlassian-community-events/events/302573284/ 【安碁學苑】資安技術人才培育計畫｜資安新手實戰培訓第二梯次開跑 2024/9/23 https://acsiacad.kktix.cc/events/a2f3d0ef Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/9/24 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcmbgc/ IT x CT x OT Cybersecurity全方位資安聯防生態系論壇 2024/9/25 https://www.accupass.com/event/2408120640402164854890 SyntaxError 2024/9/25 https://www.meetup.com/pythonhug/events/pqnsctygcmbhc/ Taiwan Digital Night #202409 2024/9/25 https://www.meetup.com/taiwan-digital-nomads-hub-%E5%8F%B0%E7%81%A3%E6%95%B8%E4%BD%8D%E9%81%8A%E7%89%A7%E8%80%85%E7%A4%BE%E7%BE%A4/events/302696281/ SECURITY SUMMIT 2024 多層次企業資安防護 2024/9/25 ~ 2024/9/26 https://www.digitimes.com.tw/seminar/securitySummit/index.html HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/9/26 https://www.meetup.com/hackingthursday/events/psspctygcmbjc/ AI 世代下的雲端資安攻防戰：遷移與防禦新航道 2024/9/26 https://www.accupass.com/event/2408270307021284798836 Just a chat - with no Expectations 2024/9/28 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcmblc/ 資訊安全系列課程 2024/9/30 https://www.accupass.com/event/2407011640161317038989 資訊安全系列課程 2024/10/12 https://www.accupass.com/event/2407011633417884074930 第二屆台南Web3產業國際博覽會 TAINAN WEB3 INTERNATIONAL FAIR 2024/10/18 https://www.accupass.com/event/2406150525111725753130 HITCON Enterprise 2024 台灣駭客年會 2024/10/30 https://hitcon.kktix.cc/events/hitcon-ent-2024 Threat Analyst Summit 2024 威脅分析師高峰會 2024/12/11 ~ 2024/12/12 https://teamt5tw.kktix.cc/events/tas2024