###### tags: `資安事件新聞週報` # 資安事件新聞週報 2023/12/18 ~ 2023/12/22 1.重大弱點漏洞/後門/Exploit/Zero Day Fortinet 近日發布多個產品的安全公告 https://www.fortiguard.com/psirt/FG-IR-23-138 巴勒斯坦駭客聲稱對F5 BIG-IP零時差漏洞提出警告，藉此散布資料破壞程式 https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/ http://www.gov.il/he/Departments/publications/reports/alert_1687 https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/ TWCA 聯徵中心安控中介程式 v4.2.3.32存在漏洞，建議請管理者儘速評估更新 https://isms.ccu.edu.tw/p/406-1044-51748,r3349.php?Lang=zh-tw Oracle WebLogic伺服器漏洞遭到駭客組織8220鎖定，用於散布惡意程式 https://www.imperva.com/blog/imperva-detects-undocumented-8220-gang-activities/ 8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware https://thehackernews.com/2023/12/8220-gang-exploiting-oracle-weblogic.html Mozilla發布Firefox 121，修補沙箱逃逸及RCE漏洞 https://www.securityweek.com/mozilla-patches-firefox-vulnerability-allowing-remote-code-execution-sandbox-escape/ 行動裝置管理系統Ivanti Avalanche存在13個重大漏洞 https://www.bleepingcomputer.com/news/security/ivanti-releases-patches-for-13-critical-avalanche-rce-flaws/ 研究人員揭露收信軟體Outlook零點擊漏洞攻擊鏈細節 https://thehackernews.com/2023/12/beware-experts-reveal-new-details-on.html https://www.akamai.com/blog/security-research/chaining-vulnerabilities-to-achieve-rce-part-one https://www.akamai.com/blog/security-research/chaining-vulnerabilities-to-achieve-rce-part-two Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits https://thehackernews.com/2023/12/beware-experts-reveal-new-details-on.html Bug or Feature? Hidden Web Application Vulnerabilities Uncovered https://thehackernews.com/2023/12/bug-or-feature-hidden-web-application.html New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now https://thehackernews.com/2023/12/new-security-vulnerabilities-uncovered.html Google發布Chrome 120更新，修補WebRTC元件零時差漏洞 https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP https://thehackernews.com/2023/12/urgent-new-chrome-zero-day.html IBM QRadar SIEM contains multiple vulnerabilities https://www.ibm.com/support/pages/node/7099297?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E OpenAI修補ChatGPT可能導致資料外洩的弱點，但研究人員認為攻擊者仍有機會繞過 https://www.bleepingcomputer.com/news/security/openai-rolls-out-imperfect-fix-for-chatgpt-data-leak-flaw/ 程式碼版本控制系統Perforce Helix Core存在漏洞，攻擊者有可能用於遠端執行任意程式碼 https://www.microsoft.com/en-us/security/blog/2023/12/15/patching-perforce-perforations-critical-rce-vulnerability-discovered-in-perforce-helix-core-server/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 2023年十大新興行動銀行惡意軟體 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10864 全球逾1,800個行動應用程式遭銀行木馬鎖定 https://www.zimperium.com/resources/zimperiums-2023-mobile-banking-heists-report-finds-29-malware-families-targeted-1800-banking-apps-across-61-countries-in-the-last-year/ 網站注入攻擊鎖定40家銀行、逾5萬民眾帳號資料 https://securityintelligence.com/posts/web-injections-back-on-rise-banks-affected-danabot-malware/ 3,500 Arrested in Global Operation HAECHI-IV Targeting Financial Criminals https://thehackernews.com/2023/12/3500-arrested-in-global-operation.html Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication https://thehackernews.com/2023/12/new-chameleon-android-banking-trojan.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安 聖誕節將至，駭客組織Storm-0539的禮物卡詐騙攻擊行動升溫 https://twitter.com/MsftSecIntel/status/1735351713907773711 Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds https://thehackernews.com/2023/12/microsoft-warns-of-storm-0539-rising.html 綁定信用卡過兩關 凱基行動支付防詐再升級 https://www.chinatimes.com/realtimenews/20231219002041-260410?chdtv Google 錢包可以在沒有網路連接的情況下使用嗎 https://www.kocpc.com.tw/archives/526227 憂歐盟反壟斷制裁 傳蘋果同意讓競爭對手使用行動支付系統 https://reurl.cc/54l78z 中國非銀行支付易成犯罪溫床 2024實施新監管 https://reurl.cc/g47gQX 電子支付百萬通路整合新變革 https://www.ithome.com.tw/article/160329 北韓推行電子支付 南韓：藉此管控市場現金 https://wantrich.chinatimes.com/news/20231221901159-420201 【跨境輕鬆Pay】電子支付跨境使用 https://reurl.cc/4jRkX2 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Crypto Hardware Wallet Ledger's Supply Chain Breach Results in $600,000 Theft https://thehackernews.com/2023/12/crypto-hardware-wallet-ledgers-supply.html Four U.S. Nationals Charged in $80 Million Pig Butchering Crypto Scam https://thehackernews.com/2023/12/four-us-nationals-charged-in-80-million.html IOSCO 建議確定 DeFi 協議的領導者以加強監管 https://portalcripto.com.br/zh-TW/iosco%E5%BB%BA%E8%AD%B0%E7%A2%BA%E5%AE%9Adefi%E5%8D%94%E8%AD%B0%E4%B8%AD%E7%9A%84%E9%A0%98%E5%B0%8E%E8%80%85%E4%BB%A5%E6%9B%B4%E5%A5%BD%E5%9C%B0%E7%9B%A3%E7%AE%A1/ Cyvers Alerts：疑似白帽駭客攻擊Pine Protocol，已索取20枚ETH的賞金 https://news.cnyes.com/news/id/5418177 Curve Finance：關於Vyper安全事件資金恢復的投票結果已被執行，涵蓋所有受影響用戶 https://www.panewslab.com/zh_hk/sqarticledetails/rape2staFt.html UniSat Wallet的推特帳號疑似被駭客攻擊，請勿進行交互 https://www.panewslab.com/zh_hk/sqarticledetails/2b7bo72jFt.html 惡意軟體NKAbuse濫用區塊鏈隱匿攻擊行動 https://securelist.com/unveiling-nkabuse/111512/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 「伏特颱風」又來? 新殭屍網路鎖定邊緣設備為攻擊鋪路 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10859 伊朗駭客APT33鎖定國防產業，散布惡意程式FalseFont https://twitter.com/MsftSecIntel/status/1737895715911700830 雲端服務供應商Westpole傳出遭到勒索軟體LockBit攻擊，波及義大利政府機關部分服務運作 https://www.repubblica.it/tecnologia/2023/12/18/news/attacco_hacker_pubblica_amministrazione-421688193/ Sony旗下遊戲開發商Insomniac Games遭勒索軟體Rhysida攻擊，即將推出的遊戲金鋼狼資料外流 https://www.theverge.com/2023/12/19/24007570/insomniac-games-hack-wolverine-x-men-ryhsida https://www.cyberdaily.au/culture/9931-spider-man-2-developer-insomniac-games-hit-by-rhysida-ransomware-attack https://www.cyberdaily.au/culture/9959-snikt-rhysida-dumps-more-than-a-terabyte-of-insomniac-games-internal-data Go語言竊資軟體JaskaGO鎖定Mac、Windows電腦而來 https://cybersecurity.att.com/blogs/labs-research/behind-the-scenes-jaskagos-coordinated-strike-on-macos-and-windows Operation Blacksmith: Lazarus Targets Organizations Worldwide Using Novel Telegram-Based Malware Written in DLang https://community.riskiq.com/article/04580784 I think I found something over here boys and girls https://otx.alienvault.com/pulse/657f6b309e6f9a7090ebdab 竊資軟體RedLine、Vidar鎖定旅館而來 https://news.sophos.com/en-us/2023/12/19/inhospitality-malspam-campaign-targets-hotel-industry/ 超過300個企業組織遭到勒索軟體Play攻擊 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a 竊資軟體MetaStealer透過惡意廣告散布 https://www.malwarebytes.com/blog/threat-intelligence/2023/12/new-metastealer-malvertising-campaigns Malvertisers zoom in on cryptocurrencies and initial access https://www.malwarebytes.com/blog/threat-intelligence/2023/12/malvertisers-zoom-in-on-cryptocurrencies-and-initial-access StopRansomware: Play Ransomware https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a PikaBot distributed via malicious search ads https://www.malwarebytes.com/blog/threat-intelligence/2023/12/pikabot-distributed-via-malicious-ads?&web_view=true Cobalt Strike Indicators of Compromise (IOC) Feed - PrecisionSec - Tacking 2023 https://precisionsec.com/threat-intelligence-feeds/cobaltstrike/ CALISTO doxxing: Sekoia.io findings concurs to Reuters’ investigation on FSB-related Andrey Korinets https://blog.sekoia.io/calisto-doxxing-sekoia-io-findings-concurs-to-reuters-investigation-on-fsb-related-andrey-korinets/ New MetaStealer malvertising campaigns https://www.malwarebytes.com/blog/threat-intelligence/2023/12/new-metastealer-malvertising-campaigns New Malvertising Campaign Distributing PikaBot Disguised as Popular Software https://thehackernews.com/2023/12/new-malvertising-campaign-distributing.html New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks https://thehackernews.com/2023/12/new-kv-botnet-targeting-cisco-draytek.html QakBot Malware Resurfaces with New Tactics, Targeting the Hospitality Industry https://thehackernews.com/2023/12/qakbot-malware-resurfaces-with-new.html Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide https://thehackernews.com/2023/12/double-extortion-play-ransomware.html New Go-Based JaskaGO Malware Targeting Windows and macOS Systems https://thehackernews.com/2023/12/new-go-based-jaskago-malware-targeting.html 威聯通網路視訊監控系統VioStor遭遇殭屍網路InfectedSlurs零時差漏洞攻擊 https://www.bleepingcomputer.com/news/security/qnap-viostor-nvr-vulnerability-actively-exploited-by-malware-botnet/ https://www.akamai.com/blog/security-research/qnap-viostor-zero-day-vulnerability-spreading-mirai-patched https://www.qnap.com/zh-tw/security-advisory/qsa-23-48 惡意程式QBot捲土重來，駭客假借美國國稅局的名義散布 https://twitter.com/MsftSecIntel/status/1735856754427047985 美國宣布破獲勒索軟體BlackCat的網站，但功敗垂成，駭客似乎奪回控制權 https://www.bleepingcomputer.com/news/security/fbi-disrupts-blackcat-ransomware-operation-creates-decryption-tool/ https://www.bleepingcomputer.com/news/security/alphv-ransomware-site-outage-rumored-to-be-caused-by-law-enforcement/ https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant https://www.documentcloud.org/documents/24231386-blackcat-alphv-search-warrant https://twitter.com/vxunderground/status/1737167608997097839 FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool https://thehackernews.com/2023/12/fbi-takes-down-blackcat-ransomware.html Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware https://thehackernews.com/2023/12/hackers-exploiting-old-ms-excel.html UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware https://thehackernews.com/2023/12/uac-0099-using-winrar-exploit-to-target.html Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector https://thehackernews.com/2023/12/microsoft-warns-of-new-falsefont.html Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware https://thehackernews.com/2023/12/multi-million-dollar-predator-spyware.html New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide https://thehackernews.com/2023/12/new-javascript-malware-targeted-50000.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 北科大首創簡化5G雙向系統 助力高清影音串流 https://news.cts.com.tw/cna/life/202312/202312212266484.html#google_vignette 近日SIM卡交換攻擊激增，Manifold Trading、Rug Radio等創始人X帳戶接連被盜 https://news.cnyes.com/news/id/5417966 Google應用Sanitizer提升安卓裝置行動通訊基頻安全性 https://security.googleblog.com/2023/12/hardening-cellular-basebands-in-android.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 2024 年資安的最大隱憂？看駭客在暗網討論的 5 大主題就知道了 https://today.line.me/tw/v2/article/1DOrvo8 科技、全球政經局勢交互作用　資安局勢再添變數 https://www.eettaiwan.com/20231222nt21-cyber-security-2024/ 駭客濫用程式碼管理平臺GitHub存放惡意程式的情況增加 https://www.reversinglabs.com/blog/malware-leveraging-public-infrastructure-like-github-on-the-rise 服裝品牌Supreme、Timberland、The North Face的母公司VF遭遇資安事故，營運被迫中斷 https://www.bleepingcomputer.com/news/security/vans-and-north-face-owner-vf-corp-hit-by-ransomware-attack/ 伊朗駭客MuddyWater利用C2基礎設施架構MuddyC2Go對電信業者發動攻擊 https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms 伊朗近7成加油站遭到癱瘓，傳出是以色列駭客組織所為 https://securityaffairs.com/156065/hacktivism/pro-israel-predatory-sparrow-iran-fuel-stations.html https://t.me/GonjeshkeDarandeOfficial/3 https://t.me/GonjeshkeDarandeOfficial/4 https://t.me/GonjeshkeDarandeOfficial/12 http://www.aljazeera.com/news/2023/12/18/iran-says-cyberattack-disrupts-petrol-stations-across-country CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats https://thehackernews.com/2023/12/cisa-urges-manufacturers-eliminate.html China's MIIT Introduces Color-Coded Action Plan for Data Security Incidents https://thehackernews.com/2023/12/chinas-miit-introduces-color-coded.html Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms Operation HamsaUpdate: A Sophisticated Campaign Delivering Wipers Puts Israeli Infrastructure at Risk https://intezer.com/blog/research/stealth-wiper-israeli-infrastructure/ Modus operandi UAC-0177 (JokerDPR) on the example of one of the cyber attacks https://cert.gov.ua/article/6276799 Iranian Hackers Using MuddyC2Go in Telecom Espionage Attacks Across Africa https://thehackernews.com/2023/12/iranian-hackers-using-muddyc2go-in-new.html German Authorities Dismantle Dark Web Hub 'Kingdom Market' in Global Operation https://thehackernews.com/2023/12/german-authorities-dismantle-dark-web.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 港Carousell個資外洩 私隱公署：犯下根本性失誤 https://www.epochtimes.com/b5/23/12/21/n14141413.htm FIDO 認證是什麼？全球企業爭相採用，再也不怕忘記密碼 https://vocus.cc/article/6582927afd89780001df3b69 Gamereactor 應該如何應對 Insomniac 洩漏 https://www.gamereactor.cn/how-should-gamereactor-respond-to-the-insomniac-leak-677993/ 最無恥的詐騙犯！她拐不成竟暴怒 駭客出手教訓秒求饒 https://news.ebc.net.tw/news/world/397245 某錢包駭客利用與Google搜尋和X廣告上釣魚鏈接獲利5800萬美元 https://news.cnyes.com/news/id/5417188 小心Google廣告「釣魚攻擊」！超六萬人上當遭竊6000萬美元 https://www.blocktempo.com/wallet-drainers-stole-more-than-60-million-from-users-in-9-months/ Dcard 保護會員個資 = 包庇犯罪？社群平台的千古難題，看 Meta 最新里程碑怎麼解 https://buzzorange.com/techorange/2023/12/22/meta-to-start-fully-encrypting-messages-on-facebook-and-instagram/ 女誤信「穩賺不賠」投資 遭詐2074萬報警逮車手 https://news.ebc.net.tw/news/society/397427 佯稱用戶侵犯著作權的網釣攻擊行動再度出現，這次目標是Instagram的備用雙因素驗證碼 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/instagram-phishing-targets-backup-codes/ 美國電信服務供應商Xfinity證實遭遇CitrixBleed漏洞攻擊 https://www.businesswire.com/news/home/20231218979935/en/Notice-To-Customers-of-Data-Security-Incident/ 美國電信服務供應商Xfinity資料外洩，近3,600萬名用戶個資曝光 https://apps.web.maine.gov/online/aeviewer/ME/40/49e711c6-e27c-4340-867c-9a529ab3ca2c.shtml 金門租車業者金豐租車傳出資料外洩，呼籲客戶防範詐騙 https://www.kmdn.gov.tw/1117/1271/1272/562001 https://www.facebook.com/kmfun.tw/posts/338947135535287 https://kmfun.tw/?route=information/page&news_id=11 WordPress網站代管服務Kinsta提出警告，有人透過Google廣告發動攻擊，企圖竊取帳密資料 https://www.bleepingcomputer.com/news/security/wordpress-hosting-service-kinsta-targeted-by-google-phishing-ads/ 美國CISA呼籲設備製造商捨棄預設密碼的配置 https://www.cisa.gov/news-events/alerts/2023/12/15/cisa-secure-design-alert-urges-manufacturers-eliminate-default-passwords Brute force attack against user credentials https://otx.alienvault.com/pulse/658156326094d7caceadb513 Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript Can Steal Your Secrets https://unit42.paloaltonetworks.com/malicious-javascript-steals-sensitive-data/ BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates https://www.proofpoint.com/us/blog/threat-insight/battleroyal-darkgate-cluster-spreads-email-and-fake-browser-updates 資料庫系統開發商MongoDB傳出遭到網路攻擊，客戶資料外洩 https://thehackernews.com/2023/12/mongodb-suffers-security-breach.html https://twitter.com/vxunderground/status/1736134217321370109 https://www.mongodb.com/alerts MongoDB Suffers Security Breach, Exposing Customer Data https://thehackernews.com/2023/12/mongodb-suffers-security-breach.html 中國駭客Smishing Triad鎖定阿拉伯聯合大公國，發送手機簡訊或iMessage從事網路釣魚攻擊 https://www.resecurity.com/blog/article/cybercriminals-impersonate-uae-federal-authority-for-identity-and-citizenship-on-the-peak-of-holidays-season Alert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave https://thehackernews.com/2023/12/alert-chinese-hackers-pose-as-uae.html Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices https://thehackernews.com/2023/12/cost-of-data-breach-report-2023.html E.研究報告/工具 研究人員揭露SSH連線攻擊手法Terrapin，有可能影響資料傳輸安全 https://www.ithome.com.tw/news/160452 Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains https://unit42.paloaltonetworks.com/detecting-malicious-stockpiled-domains/ Unmasking the Dark Side of Low-Code/No-Code Applications https://thehackernews.com/2023/12/unmasking-dark-side-of-low-codeno-code.html Are We Ready to Give Up on Security Awareness Training https://thehackernews.com/2023/12/are-we-ready-to-give-up-on-security.html Top 7 Trends Shaping SaaS Security in 2024 https://thehackernews.com/2023/12/top-7-trends-shaping-saas-security-in.html Product Explained: Memcyco's Real-Time Defense Against Website Spoofing https://thehackernews.com/2023/12/product-explained-memcycos-real-time.html Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts https://thehackernews.com/2023/12/hackers-abusing-github-to-evade.html Remote Encryption Attacks Surge: How One Vulnerable Device Can Spell Disaster https://thehackernews.com/2023/12/remote-encryption-attacks-surge-how-one.html Product Explained: Memcyco's Real-Time Defense Against Website Spoofing https://thehackernews.com/2023/12/product-explained-memcycos-real-time.html F.商業 HiTRUST 獨家專利防詐技術 躍上國際舞台 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10800 戴爾科技集團技術長John Roese： 5年之後任何IT架構都會採取零信任 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10858 Palo Alto Networks 發布 Code to Cloud 程式碼至雲端智慧整合功能 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10857 Fortinet 推人工智慧資安助理Fortinet Advisor 加速資安調查和緩解措施 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10856 Google's New Tracking Protection in Chrome Blocks Third-Party Cookies https://thehackernews.com/2023/12/googles-new-tracking-protection-in.html 零信任架構的 5 大盲點 ─ 企業須留意的安全缺口 https://news.owlting.com/articles/559514 為強化公有雲產品線安全，思科買下雲端資安新創Isovalent https://investor.cisco.com/news/news-details/2023/Cisco-to-Acquire-Isovalent-to-Define-the-Future-of-Multicloud-Networking-and-Security/default.aspx 身分驗證解決方案業者Okta買下以色列資安新創Spera Security https://www.ithome.com.tw/news/160450 https://www.okta.com/blog/2023/12/okta-acquisition-advances-identity-powered-security/ https://www.calcalistech.com/ctechnews/article/bjhjagkda G.政府 台灣資安主管聯盟簽署偵防互助MOU落實資安聯防 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10855 縣警局廉政會報 通過強化資安通報機制等4項提案 https://www.kmdn.gov.tw/1117/1271/1272/562139/ 新竹3月嬰遭燒燙傷 扯出立委候選人為「衛福部監管雲預算」互槓 https://news.ltn.com.tw/news/politics/breakingnews/4527935 藍委反托嬰「監管雲」預算 綠委籲不要當門神立委 https://udn.com/news/amp/story/6656/7655953 柯文哲稱一年預算200億賣麵線 數位部：盼候選人科學查證理性評論 https://newtalk.tw/news/view/2023-12-21/899445 數位部再次澄清年度預算沒有200億 盼候選人先科學查證再理性評論 https://today.line.me/tw/v2/article/vXoGxBl 境外勢力介入台灣大選 調查局曝光四大手法 https://www.epochtimes.com/b5/23/12/21/n14140719.htm 金管會推動上市櫃公司設立資安長，第二階段還有186家未完成 https://reurl.cc/D49WRN 金管會：上市櫃公司注意資安人力之設置期限 https://today.line.me/tw/v2/article/DR5kORW 100餘家上市櫃注意 今年底前應完成配置資安人力 https://money.udn.com/money/story/5613/7654034 臺灣自來水與調查局簽署資安聯防MOU https://www.water.gov.tw/ch/Subject/Detail/84565?nodeId=711 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 華鼎電通 EasyLog Web+ 數位電話錄音系統發現漏洞，建議請管理者儘速評估更新 https://isms.ccu.edu.tw/p/406-1044-51737,r3349.php?Lang=zh-tw ACER網通設備成功取得SGS物聯網資安標章 https://money.udn.com/money/story/11799/7643817 TXOne Networks OT資安防護方案　榮獲台積電肯定 https://www.ctimes.com.tw/DispNews-tw.asp?O=HK7CM864YMGSAA00NT 車商和一級供應商為連網汽車保護資料安全 https://www.ctimes.com.tw/DispArt-tw.asp?O=HK7CMA2KE2WARASTD3 針對關鍵基礎設施的嵌入式裝置安全，MITRE揭露威脅模型EMB3D https://www.securityweek.com/mitre-unveils-emb3d-threat-model-for-embedded-devices-used-in-critical-infrastructure/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 6.近期資安活動及研討會 駭客奪旗攻防演練-金融資安人才養成專班 2023/12/27、28、29 https://web.tabf.org.tw/page/ctf/ 2023 ISA Taiwan Section 國際自動化協會台灣分會成立大會2023/12/23 https://isatw.kktix.cc/events/d469c85a 【Monosparta ②⓪②④ 第一梯次 軟體開發實戰訓練營➠線上說明會 2024/1/17 https://trunk-studio.kktix.cc/events/monosparta-202401 第七屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會 2024/2/6 https://www.accupass.com/event/2311160625102022535520