資安事件新聞週報 2024/6/3 ~ 2024/6/7

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/6/3 ~ 2024/6/7 1.重大弱點漏洞/後門/Exploit/Zero Day 思科修補Webex Meeting零時差漏洞，有資安媒體指出這漏洞被用於攻擊德國政府 https://www.ithome.com.tw/news/163358 資安通報：PHP 遠端程式碼執行 (CVE-2024-4577) - PHP CGI 參數注入弱點 https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability/?fbclid=IwZXh0bgNhZW0CMTAAAR0jOqEaQNsEk-dYy-h3ZQZkBJGPx6tFzPdDOWL11SkERRX9rx2H1NgTSNw_aem_AcbBUGm03CZLaTxT3mYNtxdnlChwOHnk-VKQ26Sb4U5YOqXiulCkme-MLra3dezkmzUCDwSokviim8kv0wFTDBqp CISA警告Linux網路元件Netfilter漏洞出現攻擊行動，要求聯邦機構3週內完成修補 https://www.ithome.com.tw/news/163272 ZDI零日漏洞懸賞計畫負責人剖析垂直產業零時差漏洞管理四類型，更提出GenAI對未來漏洞揭露的影響 https://www.ithome.com.tw/news/162856 IBM QRadar SIEM contains multiple vulnerabilities https://www.ibm.com/support/pages/node/7156667 IBM QRadar SIEM contains multiple kernel vulnerabilities https://www.ibm.com/support/pages/node/7156774 Current top four ASUS gaming boards BIOS all vulnerable to four CVE's circa 2023 https://otx.alienvault.com/pulse/66610a3cbb291e00c1d4f158 CISA將一個影響Linux Kernel的安全漏洞加入已知被利用漏洞目錄 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11101 美國證實7年前Oracle WebLogic Server作業系統命令注入漏洞被用於攻擊行動 https://www.ithome.com.tw/news/163310 Oracle WebLogic Server OS Command Injection Flaw Under Active Attack https://thehackernews.com/2024/06/oracle-weblogic-server-os-command.html Progress修補旗下Telerik報告伺服器身分驗證繞過漏洞 https://www.bleepingcomputer.com/news/security/exploit-for-critical-progress-telerik-auth-bypass-released-patch-now/ Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts https://thehackernews.com/2024/06/telerik-report-server-flaw-could-let.html 2.銀行/金融/保險/證券/金融監理新聞及資安網路釣魚工具包V3B鎖定歐洲國家銀行而來，企圖竊取用戶登入資料及OTP動態密碼 https://www.resecurity.com/blog/article/cybercriminals-attack-banking-customers-in-eu-with-v3b-phishing-kit 永豐金證資安分享通報成效 2023年執行成效證券業暨期貨業冠軍 https://money.udn.com/money/story/5607/8010365 鎖定AI未來趨勢銀行公會率金融科技及資安產業考察團赴美 https://reurl.cc/r9n4l1 金融業數位轉型需求強勁資通搶攻AI雲端資安商機 https://reurl.cc/6veYg5 APT駭客鎖定金融業攻擊調查局與台銀簽屬資安備忘錄 https://udn.com/news/story/7321/8010736 臺銀、調查局簽署國家資通安全聯防與情資分享MOU https://reurl.cc/ezZ757 超過90款惡意程式溜進Google Play，夾雜Anatsa與Coper等金融木馬 https://www.ithome.com.tw/news/163173 富邦金：富邦人壽董事會通過資訊安全長改由黃文解擔任 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=311b5fc5-3312-4377-b21a-9af353911727 國壽資安強力防護，用心守護客戶個資--切勿點選來路不明之簡訊，以免權益受損 https://www.cathaylife.com.tw/cathaylife/news/customer-care/20240607_Protect%20customer%20personal%20information%20diligently 3.信用卡/電子支付/行動支付/pay/支付系統/資安中華郵政推金融數位化今年首季非實體卡交易達1494萬筆 https://ec.ltn.com.tw/article/breakingnews/4697385 內地電子支付懶人包｜WeChat Pay香港/大陸版開通教學一文睇清港陸版分別附達人使用心得 https://reurl.cc/RqQE1n 南大與台灣金融研訓院合辦電子支付講座，提升電子支付安全意識 https://www.cna.com.tw/postwrite/chi/371183 正值午餐時間街口支付「大當機」公司回應了 https://reurl.cc/3XZpLV 北市市場廣設電子支付使用率不佳 https://udn.com/news/story/7323/7990049 香港政府要求所有車隊的士須提供至少兩種電子支付方式 https://reurl.cc/z174be 電子支付大戰！沒有富爸爸的悠遊付，如何走出自己的路 https://reurl.cc/lQM40v 第三方支付淪詐騙溫床檢察官直指這條法規是大漏洞 https://reurl.cc/dnvlVq 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安資安大神開起小銀行　Xrex拿到新加坡執照，用區塊鏈抗黑市 https://www.cw.com.tw/article/5130531 Customers Bank近期關閉部分加密貨幣對沖基金的帳戶 https://news.cnyes.com/news/id/5592997 鏈上數據分析公司：比特幣、以太坊價格反彈遠未結束 https://hk.investing.com/news/economic-indicators/article-547132 專訪Nubit創始人：如何打造比特幣生態第一個DA層 https://news.cnyes.com/news/id/5592987 羅賓漢砸2億美元收購加密貨幣交易所Bitstamp 與幣安、Coinbase較勁 https://reurl.cc/va84qA 加密上市潮來了！Yat siu：多家企業明後年IPO，Kraken、Circle、Chia等積極籌備中 https://www.blocktempo.com/crypto-currency-ipo-wave-in-2025-or-2026/ 又轟幣圈充斥詐欺、操縱！美國 SEC 主席：以太幣現貨 ETF 還要再等等 https://blockcast.it/2024/06/06/sec-chair-gary-gensler-raises-concerns-over-lack-of-disclosure-in-token-market-and-criticizes-crypto-exchanges/ Telegram發表虛擬貨幣Stars https://www.ithome.com.tw/news/163357 美國加密貨幣倡導組織成員數突破百萬，拜登否決引發關注 https://buzzorange.com/techorange/2024/06/06/crypto-lobbyist-group-member-exceed-1mln-after-bidens-veto/ 將恢復幣安加密貨幣支付服務！來看萬事達卡最近在加密領域的積極行動 https://reurl.cc/XG9NlD 幣安帳戶百萬鎂突然「灰飛煙滅」！是幣安還是用戶有問題？事件整理一次看 https://news.cnyes.com/news/id/5586462 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 美國聯邦調查局取得逾7千個勒索軟體LockBit解密金鑰 https://www.ithome.com.tw/news/163355 老牌筆電廠藍天電腦傳出遭駭，勒索軟體駭客RansomHub聲稱竊得200 GB資料 https://www.ithome.com.tw/news/163347 烏克蘭揭露針對鎖定武裝部隊的攻擊行動提出警告，駭客濫用檔案同步工具SyncThing竊取資料 https://www.ithome.com.tw/news/163350 開源網頁應用程式框架ThinkPHP已知漏洞遭到利用，中國駭客將其用於部署名為Dama的Web Shell https://www.ithome.com.tw/news/163360 殭屍網路Muhstik利用Apache RocketMQ弱點擴大DDoS攻擊規模 https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/ 冒牌PyPI套件Crytic-Compilers鎖定開發人員，意圖散布竊資軟體Lumma Stealer https://www.sonatype.com/blog/crytic-compilers-typosquats-known-crypto-library-drops-windows-trojan 為迴避偵測，駭客濫用加殼軟體BoxedApp包裝惡意程式的情況日益頻繁 https://research.checkpoint.com/2024/inside-the-box-malwares-new-playground/ 美國教育機構遭到勒索軟體Fog鎖定，攻擊者藉由外流的VPN帳密入侵網路環境 http://arcticwolf.com/resources/blog/lost-in-the-fog-a-new-ransomware-threat/ 英國倫敦醫院因服務供應商遭網路攻擊而中斷部分服務，資安專家指控是俄羅斯勒索軟體駭客組織Qilin所為 https://www.ithome.com.tw/news/163329 研究人員針對新興勒索軟體駭客組織RansomHub進行調查，對方買下勒索軟體Knight原始碼打造作案工具 https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware 惡意軟體DarkGate濫用AutoHotkey重新打造，加入更多規避技術 https://www.trellix.com/blogs/research/darkgate-again-but-improved/ 俄羅斯駭客FlyingYeti利用WinRAR漏洞對烏克蘭發動網釣攻擊，目的是散布惡意程式CookBox並控制受害電腦 https://www.ithome.com.tw/news/163316 VMware虛擬化平臺遭到勒索軟體TargetCompany鎖定 https://www.trendmicro.com/en_us/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html 北韓駭客組織Andariel鎖定虛擬化平臺VMware Horizon的Log4Shell漏洞下手，意圖散布後門程式Dora RAT https://www.ithome.com.tw/news/163295 駭客藉由Excel巨集進行多階段惡意軟體攻擊，針對烏克蘭電腦植入Cobalt Strike https://www.fortinet.com/blog/threat-research/menace-unleashed-excel-file-deploys-cobalt-strike-at-ukraine 俄羅斯電力公司、IT業者、政府機關遭到木馬程式Decoy Dog攻擊 https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/hellhounds-operation-lahat-part-2/ 澳洲礦業公司Northern Minerals傳出遭到勒索軟體「變臉」攻擊 https://www.bleepingcomputer.com/news/security/australian-mining-company-discloses-breach-after-bianlian-leaks-data/ 自動化流程處理工具Gulp.js用戶遭到鎖定，駭客上傳NPM套件散布惡意程式 https://www.ithome.com.tw/news/163294 歐洲各地遭到俄羅斯駭客APT28鎖定，利用惡意程式HeadLace發動攻擊 https://www.recordedfuture.com/grus-bluedelta-targets-key-networks-in-europe-with-multi-phase-espionage-camp 竊資軟體Lumma Stealer、BitRAT透過冒牌瀏覽器更新網站散布 https://www.esentire.com/blog/fake-browser-updates-delivering-bitrat-and-lumma-stealer 駭客發起Cloud#Reverser攻擊行動，濫用雲端服務及Unicode字元散布惡意軟體 https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ 駭客上架惡意Google廣告，鎖定新興瀏覽器Arc的Windows版用戶散布竊資軟體 https://www.threatdown.com/blog/threat-actors-ride-the-hype-for-newly-released-arc-browser/ 卡巴斯基釋出免費的KVRT for Linux病毒掃描及清除工具 https://www.ithome.com.tw/news/163267 Malicious Python Script with a "Best Before" Date | Cobalt Strike Beacon https://otx.alienvault.com/pulse/6661ad07d5f96feb47551045 Unaccounted for Node and Rust libs on disk https://otx.alienvault.com/pulse/665e3cc8e5f574c0359ee961 Snowflake Detecting and Preventing Unauthorized User Access https://otx.alienvault.com/pulse/665dc419143fc480538b5d72 In memory DROVORUB yara hits https://otx.alienvault.com/pulse/665bcae6505c21c208cc81a2 system.img - Unidentified Android Ext4 filesystem pulled from my machine https://otx.alienvault.com/pulse/6659ea571eab262a3942e77c GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns https://otx.alienvault.com/pulse/6659dbeaf7587848d15e6900 Chat Messenger voting topics - a new way to steal accounts is gaining momentum https://otx.alienvault.com/pulse/6659cf808759ddd64747d2d6 Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting https://thehackernews.com/2024/05/russian-hackers-target-europe-with.html Andariel Hackers Target South Korean Institutes with New Dora RAT Malware https://thehackernews.com/2024/06/andariel-hackers-target-south-korean.html Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware https://thehackernews.com/2024/06/beware-fake-browser-updates-deliver.html Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine https://thehackernews.com/2024/06/hackers-use-ms-excel-macro-to-launch.html DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users https://thehackernews.com/2024/06/researchers-uncover-rat-dropping-npm.html Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide https://thehackernews.com/2024/06/rebranded-knight-ransomware-targeting.html Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan https://thehackernews.com/2024/06/russian-power-companies-it-firms-and.html Hackers Exploit Legitimate Packer Software to Spread Malware Undetected https://thehackernews.com/2024/06/hackers-exploit-legitimate-packer.html FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims https://thehackernews.com/2024/06/fbi-distributes-7000-lockbit-ransomware.html SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign https://thehackernews.com/2024/06/spectr-malware-targets-ukraine-defense.html Commando Cat Cryptojacking Attacks Target Misconfigured Docker Instances https://thehackernews.com/2024/06/commando-cat-cryptojacking-attacks.html Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks https://thehackernews.com/2024/06/muhstik-botnet-exploiting-apache.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs https://thehackernews.com/2024/06/celebrity-tiktok-accounts-compromised.html 憂機密外洩！韓國擬禁止攜iPhone入軍事建築 https://reurl.cc/xak4EN Google收購能在ChromeOS執行Windows App的工具業者Cameyo https://www.ithome.com.tw/news/163331 RAD用HTML 5讓App通吃iOS和Android https://ithome.com.tw/news/76074 傳 iPhone、iPad 和 Mac 將迎來專屬的密碼管理 app，挑戰 1Password、LastPass https://reurl.cc/nNR4E2 別再用iPhone備忘錄記密碼了！傳蘋果iOS 18推全新「密碼」APP https://tech.udn.com/tech/story/123154/8016330 Windows 將開放直接複製 Android 照片內文字的便利功能 https://www.kocpc.com.tw/archives/548803 Android用家小心！新木馬病毒假扮Google Play更新　7國用家中伏 https://www.hk01.com/article/1025315?utm_source=01articlecopy&utm_medium=referral C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力離職協理「挖秘道」竊雲端　調查局資安站助受害業者解套逮4嫌 https://www.ettoday.net/news/20240606/2753567.htm 三大 AI 工具同時當機！服務中斷引關注 https://buzzorange.com/techorange/2024/06/05/ai-chatgpt-claude-and-perplexity-went-down-at-the-same-time/ 兩個俄羅斯駭客組織聯手，企圖抹黑即將舉行的巴黎奧運 https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/MTAC_Report_Russian_Influence_and_Paris_2024.pdf 防詐公司Gogolook發布資安事件重訊，網站部分服務遭非法存取 https://www.ithome.com.tw/news/163304 針對5月中旬遭遇網路攻擊，美國無線電中繼聯盟ARRL指控是惡意的國際網路組織所為 https://www.bleepingcomputer.com/news/security/american-radio-relay-league-says-it-was-hacked-by-an-international-cyber-group/ Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI https://thehackernews.com/2024/06/hackers-target-python-developers-with.html 多個中國駭客組織狼狽為奸，鎖定東南亞政府機關從事網路間諜活動 https://www.ithome.com.tw/news/163333 Chinese State-Backed Cyber Espionage Targets Southeast Asian Government https://thehackernews.com/2024/06/chinese-state-backed-cyber-espionage.html Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government https://news.sophos.com/en-us/2024/06/05/operation-crimson-palace-sophos-threat-hunting-unveils-multiple-clusters-of-chinese-state-sponsored-activity-targeting-southeast-asia/ 資安網管工程師 https://www.104.com.tw/job/8crjt?jobsource=google MIS網管工程師 https://www.104.com.tw/job/7dmtg?jobsource=google 國外專案經理 https://www.104.com.tw/job/8crqb?jobsource=google T3-資安稽核工程師 https://www.1111.com.tw/job/130270386/ 竹科資安門禁安檢員 https://www.104.com.tw/job/8ct1s?jobsource=google D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全老牌紡織廠靠生成式AI強化資安，將社交工程演練平臺化、AI化 https://www.ithome.com.tw/news/163348 歐洲多國遭到俄羅斯駭客APT28鎖定，利用惡意程式HeadLace、釣魚網頁發動攻擊 https://www.ithome.com.tw/news/163338 抖音傳出企業與名人帳號遭到接管的情況，駭客藉由私訊功能的零時差漏洞得逞 https://www.ithome.com.tw/news/163340 臺灣邦交國帛琉遭駭，2萬份政府文件流入暗網，疑為中國政府意圖孤立臺灣 https://www.ithome.com.tw/news/163301 俄羅斯、中國、伊朗、以色列駭客濫用OpenAI的生成式AI技術，意圖操縱全球輿論 https://www.ithome.com.tw/news/163297 3.6億帳密資料驚傳外洩，駭客疑似利用竊資軟體取得，並透過Telegram頻道兜售 https://www.ithome.com.tw/news/163293 今年2月藥品採購及分銷業者Cencora遭到網路攻擊，11家製藥廠證實資料外洩 https://www.bleepingcomputer.com/news/security/cencora-data-breach-exposes-us-patient-info-from-11-drug-companies/ 處方藥管理服務業者Sav-Rx證實去年10月遭遇資安事故，逾280萬人資料恐外流 https://www.bleepingcomputer.com/news/security/sav-rx-discloses-data-breach-impacting-28-million-americans/ 醫療保健服務供應商CentroMed證實資料外洩，40萬病人受到波及 https://centromedsa.com/wp-content/uploads/2024/05/CentroMed-HIPAA-Substitute-Website-Notice-5.17.24-ENGLISH.pdf 針對去年9月遭遇勒索軟體攻擊，加州學校管理員協會ACSA證實約5.5萬人資料外洩 https://www.securityweek.com/55000-impacted-by-cyberattack-on-california-school-association/ 華邦電：公司因合作廠商遭駭，疑似資料外洩事件之說明 https://today.line.me/tw/v2/article/EXJjNMY 研究人員揭露駭客利用雲端儲存服務作為中介，進行簡訊釣魚攻擊 https://www.ithome.com.tw/news/163178 微軟預告Azure將於7月強制啟動多因素驗證 https://www.ithome.com.tw/news/162962 女子險遭交友詐騙　成功警阻詐免遭騙 https://newstaiwan.net/2024/06/05/189522/ Hugging Face證實機器學習模型平臺被駭，緊急呼籲用戶重設憑證 https://www.ithome.com.tw/news/163261 AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform https://thehackernews.com/2024/06/ai-company-hugging-face-notifies-users.html Snowflake Warns: Targeted Credential Theft Campaign Hits Cloud Customers https://thehackernews.com/2024/06/snowflake-warns-targeted-credential.html Google Maps Timeline Data to be Stored Locally on Your Device for Privacy https://thehackernews.com/2024/06/google-maps-timeline-data-to-be-stored.html E.研究報告/工具實戰威脅狩獵所面臨的挑戰 https://teamt5.org/tw/posts/challenges-of-threat-hunting/ 研究人員揭露Commando Cat攻擊行動，駭客鎖定錯誤配置的Docker容器並用來挖礦 https://www.trendmicro.com/en_us/research/24/f/commando-cat-a-novel-cryptojacking-attack-.html 資安典範正轉移，接下來10年臺灣資安產業應積極擁抱AI新科技 https://www.ithome.com.tw/news/162869 Beyond Threat Detection – A Race to Digital Security https://thehackernews.com/2024/05/beyond-threat-detection-race-to-digital.html The Next Generation of RBI (Remote Browser Isolation) https://thehackernews.com/2024/06/the-next-generation-of-rbi-remote.html Third-Party Cyber Attacks: The Threat No One Sees Coming – Here's How to Stop Them https://thehackernews.com/2024/06/third-party-cyber-attacks-threat-no-one.html Prevent Account Takeover with Better Password Security https://thehackernews.com/2024/06/prevent-account-takeover-with-better.html Cyber Landscape is Evolving - So Should Your SCA https://thehackernews.com/2024/06/cyber-landscape-is-evolving-so-should.html The AI Debate: Google's Guidelines, Meta's GDPR Dispute, Microsoft's Recall Backlash https://thehackernews.com/2024/06/the-ai-debate-googles-guidelines-metas.html F.商業網路安全技能短缺成為託管服務提供商及其客戶的最大風險 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11099 AI應用與PC市場雙成長，因應資安防護需要創新不間斷 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11097 Palo Alto Networks 推出精準 AI解決方案，強化企業對抗 AI 攻擊的能力 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11098 趨勢科技在Computex展出整合Nvidia相關技術的AI資安解決方案Trend Vision One SPC https://www.ithome.com.tw/news/163343 趨勢科技守護全球AI驅動私有資料中心 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11102 資安巨擘 CrowdStrike 來了，對抗網路安全的救星 https://magnifier.cmoney.tw/crwd_fy25q1/ 雲端資安服務商 CrowdStrike 財報財測優，盤後大漲 https://finance.technews.tw/2024/06/05/crowdstrike-financial-report-for-the-first-quarter-of-fiscal-year-2025/ OpenAI, Meta, and TikTok Crack Down on Covert Influence Campaigns, Some AI-Powered https://thehackernews.com/2024/05/openai-meta-tiktok-disrupt-multiple-ai.html SASE Threat Report: 8 Key Findings for Enterprise Security https://thehackernews.com/2024/06/sase-threat-report-8-key-findings-for.html Unpacking 2024's SaaS Threat Predictions https://thehackernews.com/2024/06/unpacking-2024s-saas-threat-predictions.html G.政府上市公司資安事件揭露範圍擴大，現在不論是否涉及核心、機密都要發布重訊 https://www.ithome.com.tw/news/163229 顧部長視導資通電軍指揮部　重申「資安即國安」 https://mna.gpwb.gov.tw/news/detail/?UserKey=41332d48-29fa-4f23-b2fe-38eb66de2b74 數位身分證暫不重啟劉世芳首度表態：貿然啟動資安問題很大 https://reurl.cc/AjzLO8 支持數位身分證重啟？劉世芳：恐造成更大詐騙來源 https://www.chinatimes.com/amp/realtimenews/20240605003047-260407 臺科大與資安院簽約合作開設資安長推廣教育班共同培育高階資安人才 https://www.ntust.edu.tw/p/406-1000-125944,r167.php?Lang=zh-tw 郭智輝自訂KPI 穩固AI關鍵地位 https://m.cnyes.com/news/print/5586959 王義川事件 NCC要求三立說明若違規可罰200萬 https://www.worldjournal.com/wj/amp/story/121218/8013494 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安邁向AIoT應用時代，臺灣硬體安全發展成商機 https://www.ithome.com.tw/news/163311 美國網路寬頻業者Cox修補數據機授權繞過漏洞，若不處理攻擊者可用於挖掘用戶個資 https://www.ithome.com.tw/news/163315 Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S. https://thehackernews.com/2024/05/mysterious-cyber-attack-takes-down.html Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices https://thehackernews.com/2024/05/microsoft-warns-of-surge-in-cyber.html Researcher Uncovers Flaws in Cox Modems, Potentially Impacting Millions https://thehackernews.com/2024/06/researcher-uncovers-flaws-in-cox-modems.html 兆勤針對生命週期已經結束的NAS設備發布緊急更新，修補重大層級漏洞 https://www.ithome.com.tw/news/163308 Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models https://thehackernews.com/2024/06/zyxel-releases-patches-for-firmware.html I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 6.近期資安活動及研討會老朋友，三年了！ - WordPress 台中小聚 #25 2024/6/8 https://www.meetup.com/taichung-wordpress-meetup/events/301177363 Just a chat - with no Expectations 2024/6/8 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/301114364/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/6/11 https://www.meetup.com/taiwan-code-camp/events/301173252/ SyntaxError 2024/6/12 https://www.meetup.com/pythonhug/events/301195397/ 高雄 Rails Meetup 2024/6/12 https://www.meetup.com/rails-taiwan/events/301195646/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會淡水 2024/6/13 https://www.meetup.com/hackingthursday/events/301215829/ AI前哨助手：使用Local LLM輔助日常開發原碼檢測工作坊 2024/6/14 https://acsiacad.kktix.cc/events/securecodews 邁入AI新境界 Copilot for Microsoft 365 技巧攻略與數據安全實踐 2024/6/14 https://www.accupass.com/event/2405251012141511840161 2024 第三屆安全達人養成計劃 2024/6/14 https://www.accupass.com/event/2405100449202104766405 Just a chat - with no Expectations 2024/6/15 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/301253254/ WordPress Taoyuan 午茶小聚 Linner Meetup #37 2024/6/15 https://www.meetup.com/taoyuan-wordpress-meetup/events/301012751/ AIoT智慧物聯網邊緣運算與資安實戰 2024/6/16 https://www.accupass.com/event/2404120334053507827320 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/6/18 https://www.meetup.com/taiwan-code-camp/events/301314042/ Improving Your API Security Posture With GraphQL Protection And API Policy 2024/6/18 https://www.meetup.com/api-security-group-in-taipei/events/301214669/? 高雄 Rails Meetup 2024/6/19 https://www.meetup.com/rails-taiwan/events/301337672/ SyntaxError 2024/6/19 https://www.meetup.com/pythonhug/events/301337487/ Taipei dbt Meetup #24 for all folks working with data! (Hybrid 👫 + 🧑‍💻)2024/6/19 https://www.meetup.com/taipei-dbt-meetup/events/300586249/ 國家高速網路與計算中心教育訓練 NVIDIA 大語言應用 2024/6/19 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4093&from_course_list_url=homepage HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會淡水 2024/6/20 https://www.meetup.com/hackingthursday/events/301359329/ Just a chat - with no Expectations 2024/6/22 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcjbdc/ AI 無法無天？沒法度可管？真人現身說法 2024/6/23 https://www.accupass.com/event/2405140314463639696970 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/6/25 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcjbhc/ 高雄 Rails Meetup 2024/6/26 https://www.meetup.com/rails-taiwan/events/qxfvjkygcjbjc/ SyntaxError 2024/6/26 https://www.meetup.com/pythonhug/events/pqnsctygcjbjc/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/6/26 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702428/ 數據掌權時代解鎖資料解決方案的完整攻略 2024/6/26 https://www.accupass.com/event/2405251051471673260983 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會淡水 2024/6/27 https://www.meetup.com/hackingthursday/events/psspctygcjbkc/ AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 https://www.accupass.com/event/2401100729511706489107 市場趨勢--不怕被AI取代，企業資安關鍵人才剖析 2024/6/27 https://www.accupass.com/event/2405230228276957814350 AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 ~ 2024/8/9 https://www.accupass.com/event/2401100729511706489107 永續轉型：綠色供應鏈x資訊安全x多元共融 2024/6/28 https://smeoda.kktix.cc/events/2024-1 Just a chat - with no Expectations 2024/6/29 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcjbmc/ 高雄 Rails Meetup 2024/7/3 https://www.meetup.com/rails-taiwan/events/qxfvjkygckbfb/ SyntaxError 2024/7/3 https://www.meetup.com/pythonhug/events/pqnsctygckbfb/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會淡水 2024/7/4 https://www.meetup.com/hackingthursday/events/psspctygckbgb/ 國家高速網路與計算中心教育訓練 RSC The Merck Index資料庫中文線上 2024/7/4 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4105&from_course_list_url=homepage ISO 27001：2022資訊安全管理系統主導稽核員訓練 2024/7/8 ~ 2024/7/12 https://www.accupass.com/event/2403090707238144555890 國家高速網路與計算中心教育訓練 ABAQUS基礎訓練課程 2024/7/9 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4099&from_course_list_url=homepage InfoSec Taiwan 2024 國際資安組織大會 2024/7/9 ~ 2024/7/11 https://csa.kktix.cc/events/infosectaiwan2024 .NET / Java 安全程式開發達人集訓班 2024/7/11 ~ 2024/7/12 https://www.accupass.com/event/2405280149081202805431 CraftCon Taiwan 奧義 AI 資安年會 2024/7/12 https://www.accupass.com/event/2404221057531664149101 【第1期】2024企業資訊安全基礎課程 2024/7/17 https://www.accupass.com/event/2402020448251773447860 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/7/24 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702433/ 國家高速網路與計算中心教育訓練 NVIDIA GPU 計算 2024/7/24 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4094&from_course_list_url=homepage HITCON Cyber Range 2024 企業藍隊競賽 2024/7/26 ~ 2024/10/30 https://hitcon.kktix.cc/events/hitcon-cyberrange-2024 【安碁學苑】資安職能培訓｜系統網路安全管理師 2024/7/27 ~ 2024/8/24 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-4 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/8/28 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702435/