###### tags: `資安事件新聞週報` # 資安事件新聞週報 2023/12/04 ~ 2023/12/08 1.重大弱點漏洞/後門/Exploit/Zero Day Arcserve統一資料防護系統UDP存在重大漏洞，研究人員公布概念性驗證程式 https://www.tenable.com/security/research/tra-2023-37 2萬臺生命週期結束的Exchange伺服器仍在運作 https://www.bleepingcomputer.com/news/security/over-20-000-vulnerable-microsoft-exchange-servers-exposed-to-attacks/ Google 近日發布 Chrome 的安全公告 https://www.twcert.org.tw/tw/cp-104-7561-c0ae1-1.html Google發布Chrome 120，修補10個漏洞 https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html Apple與部分Linux作業系統尚未修補已公開的藍牙鍵盤注入漏洞 https://www.ithome.com.tw/news/160236 FLASH: QRadar: Upgrade path information for the transition to Red Hat Enterprise 8 (2023.12.05) https://www.ibm.com/support/pages/node/7051316?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers https://thehackernews.com/2023/12/hackers-exploited-coldfusion.html Adobe ColdFusion重大漏洞已被用於攻擊美國政府機關 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a 15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack https://thehackernews.com/2023/12/15000-go-module-repositories-on-github.html Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability https://thehackernews.com/2023/12/microsoft-warns-of-kremlin-backed-apt28.html Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution https://thehackernews.com/2023/12/atlassian-releases-critical-software.html Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defense' https://thehackernews.com/2023/12/hacking-human-mind-exploiting.html WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability https://thehackernews.com/2023/12/wordpress-releases-update-642-to.html Atlassian修補DevOps協作平臺、缺陷跟蹤管理系統等多項產品的重大漏洞 https://www.bleepingcomputer.com/news/security/nissan-is-investigating-cyberattack-and-potential-data-breach/ 倒數2年Windows 10生命週期將要結束，微軟公布付費延伸安全更新方案 https://www.ithome.com.tw/news/160188 2.銀行/金融/保險/證券/金融監理 新聞及資安 美國金融科技業者Tipalti傳出遭到勒索軟體駭客組織BlackCat攻擊，外流256 GB資料 https://www.bleepingcomputer.com/news/security/tipalti-investigates-claims-of-data-stolen-in-ransomware-attack/ 公股行庫資安 加強區域聯防 https://reurl.cc/Y0LlOD 鄭文燦：台灣的金融科技需要往前走 https://reurl.cc/K3Z6An 金融業上雲明年助攻 安碁資訊明年續挑戰雙位數成長 https://reurl.cc/Doa1g5 金融業上雲、AI商機看俏 宏碁、安碁續受惠 https://ec.ltn.com.tw/article/breakingnews/4510517 台美聯防「金融金鐘罩」：具備防災思維是必要的，尤其是對當今的金融業而言 https://www.thenewslens.com/article/192896 3.信用卡/電子支付/行動支付/pay/支付系統/資安 逾60個美國信用合作社所使用的雲端服務平臺遭到勒索軟體攻擊，駭客利用CitrixBleed漏洞入侵而得逞 https://doublepulsar.com/what-it-means-citrixbleed-ransom-group-woes-grow-as-over-60-credit-unions-hospitals-47766a091d4f 柯市府蹉跎8年？ 北捷「多元支付」竟是向站員買代幣 https://reurl.cc/QZ0pjZ 防行動支付綁卡盜刷 金管會出招 https://wantrich.chinatimes.com/news/20231202900208-420501 綁卡支付安全有解方 遭詐騙說出來防上當 https://reurl.cc/z60yMQ 電支場域消費互通明年Q2全面上線 5家海外都能「嗶」 https://www.epochtimes.com/b5/23/12/8/n14132682.htm 電支業者跨境支付掀熱潮 5家電支機構獲金管會核准、1家申請中 https://udn.com/news/story/7239/7625845 12.4起遊泰可用轉數快FPS付款！邊間銀行可以用？每日使用限額幾多？匯率、手續費又點計 https://reurl.cc/5OegGn 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Founder of Bitzlato Cryptocurrency Exchange Pleads Guilty in Money-Laundering Scheme https://thehackernews.com/2023/12/founder-of-bitzlato-cryptocurrency.html 摩根大通執行長戴蒙批評加密貨幣 欲關閉整個行業 https://www.edigest.hk/1216535/?utm_campaign=ED_ContentCopy&utm_source=Web-inventory&utm_medium=Content-Copy_ED Robinhood在歐盟推出加密貨幣交易服務 https://news.cnyes.com/news/id/5402827 知情人士：Tribe DAO被盜資金索賠的FEI賠償已到賬 https://news.cnyes.com/news/id/5402077 KyberSwap攻擊者轉移3000枚WETH，價值約670萬美元 https://www.panewslab.com/zh_hk/sqarticledetails/8u779wymFt.html 英國法院規定Craig Wright旗下公司Tulip Trading需在駭客案中證明其比特幣所有權 https://news.cnyes.com/news/id/5403096 Ordinals銘文難逃滅亡？十個問答全面了解比特幣NFT未來命運 https://www.blocktempo.com/would-inscriptions-extinct-10-tips-help-you-decide-where-to-go-with-inscription/ 區塊鏈專欄｜如何使用冷錢包保護您的加密貨幣之旅 https://reurl.cc/4WE5e2 聯盟鏈落地應用顯現！台灣區塊鏈愛好者協會分享資料信任成果 https://infosecu.technews.tw/2023/12/07/web3-application/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 你不能不認識的勒索病毒 https://www.mobile01.com/topicdetail.php?f=508&t=6885672 業務流程服務供應商HTC Global Services傳出遭到勒索軟體BlackCat攻擊 https://www.bleepingcomputer.com/news/security/htc-global-services-confirms-cyberattack-after-data-leaked-online/ 駭客假冒WordPress名義寄送資安公告，意圖推送後門程式 https://www.bleepingcomputer.com/news/security/fake-wordpress-security-advisory-pushes-backdoor-plugin/ https://patchstack.com/articles/fake-cve-phishing-campaign-tricks-wordpress-users-to-install-malware/ https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/ 駭客組織DanaBot透過惡意廣告散布勒索軟體Cactus https://twitter.com/MsftSecIntel/status/1730383711437283757 VMware虛擬化平臺遭到勒索軟體Qilin鎖定 https://www.bleepingcomputer.com/news/security/linux-version-of-qilin-ransomware-focuses-on-vmware-esxi/ 美國、中東、非洲企業組織遭到後門程式Agent Raccoon鎖定 http://unit42.paloaltonetworks.com/new-toolset-targets-middle-east-africa-usa/ 資料分析系統Qlik Sense重大漏洞被用於攻擊行動，駭客發動勒索軟體Cactus攻擊 http://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/ 勒索軟體駭客Black Basta敲詐逾1億美元贖金 https://www.bleepingcomputer.com/news/security/black-basta-ransomware-made-over-100-million-from-extortion/ https://www.elliptic.co/blog/black-basta-ransomware-victims-have-paid-over-100-million https://www.corvusinsurance.com/blog/black-basta-ransomware-has-extracted-over-100-million-from-its-victims 惡意軟體Gh0st RAT變種鎖定韓國、烏茲別克而來 https://blog.talosintelligence.com/new-sugargh0st-rat/ New BlueNoroff loader for macOS https://securelist.com/bluenoroff-new-macos-malware/111290/ Analysis of a new macOS Trojan-Proxy https://securelist.com/trojan-proxy-for-macos/111325/ Black Basta ransomware victims have paid over $100 million https://www.elliptic.co/blog/black-basta-ransomware-victims-have-paid-over-100-million SQL Brute Force Leads to BlueSky Ransomware https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/ DanaBot Triage https://research.openanalysis.net/danabot/loader/delphi/2023/12/04/danabot.html AsyncRAT Distributed via WSF Script https://asec.ahnlab.com/en/59573/ Blog Curse of the Krasue: New Linux Remote Access Trojan targets Thailand https://www.group-ib.com/blog/krasue-rat/ Getting gooey with GULOADER: deobfuscating the downloader https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader?ultron=esl:_threat_research%2Bvulnerability_updates&blade=twitter&hulk=social&utm_content=12012808815&linkId=253407809 Russian Hacker Vladimir Dunaev Pleads Guilty for Creating TrickBot Malware https://thehackernews.com/2023/12/russian-hacker-vladimir-dunaev.html Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats https://thehackernews.com/2023/12/qakbot-takedown-aftermath-mitigations.html Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan https://thehackernews.com/2023/12/chinese-hackers-using-sugargh0st-rat-to.html LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks https://thehackernews.com/2023/12/logofail-uefi-vulnerabilities-expose.html Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware https://thehackernews.com/2023/12/microsoft-warns-of-malvertising-scheme.html New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand https://thehackernews.com/2023/12/new-stealthy-krasue-linux-trojan.html Ransomware-as-a-Service: The Growing Threat You Can't Ignore https://thehackernews.com/2023/12/ransomware-as-service-growing-threat.html Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software https://thehackernews.com/2023/12/mac-users-beware-new-trojan-proxy.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Meta將開始全面加密Facebook和Instagram上的資訊 https://reurl.cc/Ojd7nv 法米：WhatsApp盜號趨增 臉書須停推不法廣告 https://reurl.cc/RyAnmg 研究人員揭露針對iPhone的新型態攻擊手法，假借啟動封閉模式降低用戶戒心 https://www.jamf.com/blog/fake-lockdown-mode/ 安卓惡意軟體SpyLoan假借提供個人貸款吸金，被從Google Play市集下載逾1,200萬次 http://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/ 為強化Android虛擬化支援與安全性，Google推出AVF工具包簡化隔離應用開發 https://android-developers.googleblog.com/2023/12/virtual-machines-as-core-android-primitive.html Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/ New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia https://thehackernews.com/2023/12/new-fjordphantom-android-malware.html WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password https://thehackernews.com/2023/12/whatsapps-new-secret-code-feature-lets.html Warning for iPhone Users: Experts Warn of Sneaky Fake Lockdown Mode Attack https://thehackernews.com/2023/12/warning-for-iphone-users-experts-warn.html New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices https://thehackernews.com/2023/12/new-bluetooth-flaw-let-hackers-take.html Governments May Spy on You by Requesting Push Notifications from Apple and Google https://thehackernews.com/2023/12/governments-may-spy-on-you-by.html Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger https://thehackernews.com/2023/12/meta-launches-default-end-to-end.html 安卓惡意程式FjordPhantom濫用虛擬化功能，在容器環境執行惡意程式碼迴避偵測 https://promon.co/security-news/fjordphantom-android-malware/ Google發布12月安卓更新，修補可被用於發動RCE攻擊的零時差漏洞 https://www.bleepingcomputer.com/news/security/december-android-updates-fix-critical-zero-click-rce-flaw/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 現代戰爭瞬息萬變 強化國家防衛韌性 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1635635&type=international 為了使用AI工具，高達八成開發人員無視公司資安政策 https://snyk.io/reports/ai-code-security/ 中國對台灣網路攻擊大幅增加 Google警告：駭客手法難追蹤 https://reurl.cc/v6r34j 美商谷歌於西班牙馬拉加設立網路安全中心 https://www.ttv.com.tw/finance/view/?i=122023081205DA97EDE2CBBF4068B1C024ACC97F0A3346F7&from=587#google_vignette 美國佛州水務局證實遭遇網路攻擊，疑為國家級駭客所為 https://therecord.media/florida-water-agency-ransomware-cisa-warning-utilities https://therecord.media/florida-water-agency-ransomware-cisa-warning-utilities https://therecord.media/north-texas-water-utility-cyberattack https://edition.cnn.com/2023/12/01/politics/us-water-utilities-hack/index.html 英國斥俄情報機構入侵官員電子郵件 https://reurl.cc/edqvoK 英外交部指控　俄國政府駭客攻擊公眾人物至少8年 https://today.line.me/tw/v2/article/MLvpnjD 網攻現在進行式！英國揭遭俄情報機關長期駭客攻擊亂政 https://news.ltn.com.tw/news/world/breakingnews/4514226 英國控俄羅斯網路間諜活動干預民主 召見俄大使 https://www.cna.com.tw/news/aopl/202312070378.aspx Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts https://thehackernews.com/2023/12/alert-threat-actors-can-leverage-aws.html Sierra:21 - Flaws in Sierra Wireless Routers Expose Critical Sectors to Cyber Attacks https://thehackernews.com/2023/12/sierra21-flaws-in-sierra-wireless.html Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks https://thehackernews.com/2023/12/discover-how-gcore-thwarted-powerful.html 美國航太組織遭到駭客組織AeroBlade鎖定 https://blogs.blackberry.com/en/2023/11/aeroblade-on-the-hunt-targeting-us-aerospace-industry New Threat Actor 'AeroBlade' Emerges in Espionage Attack on U.S. Aerospace https://thehackernews.com/2023/12/new-threat-actor-aeroblade-emerges-in.html Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S. https://thehackernews.com/2023/12/agent-racoon-backdoor-targets.html New Tool Set Found Used Against Middle East, Africa and the US https://unit42.paloaltonetworks.com/new-toolset-targets-middle-east-africa-usa/ New Tool Set Found Used Against Organizations in the Middle East, Africa and the US https://unit42.paloaltonetworks.com/new-toolset-targets-middle-east-africa-usa/#post-131403-_v8176g40kstn 資安工程師 https://cd.nccu.edu.tw/job/view/2649 策略數位服務有限公司 資安助理顧問 https://job.taiwanjobs.gov.tw/internet/index/JobDetail.aspx?R2=11&EMPLOYER_ID=2465065&HIRE_ID=12336831 電算中心誠徵資訊安全管理師 https://www.nccu.edu.tw/p/406-1000-15664,r40.php?Lang=zh-tw D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 網傳情治機關監聽資料外洩 蔡碧仲：有簡體字 假的 https://www.chinatimes.com/realtimenews/20231207002863-260407?chdtv 立院副院長遭監聽?網傳"情治單位監聽名單" https://reurl.cc/v6r3RN 暗網售政要名單稱遭監聽 台調查局：境外認知戰 https://www.ntdtv.com.tw/b5/20231207/video/379446.html 網傳監聽名單真假交雜　法界認有國安及資安危機 https://www.mirrormedia.mg/story/20231207inv011 網傳政府監控國人資料 林右昌：認知作戰三真七假 https://www.epochtimes.com/b5/23/12/7/n14131787.htm 傳暗網販售偵控數據！三單位澄清「明顯為認知作戰」…相關人士指：過去就有類似操作 https://www.fountmedia.io/article/179391 認定「境外勢力認知作戰」 暗網販售監聽資料 北檢今分案 https://www.chinatimes.com/realtimenews/20231207001511-260402?chdtv 監聽資料外洩？調查局駁為認知作戰　藍委不埋單：絕非賴給「阿中的陰謀」就結束 https://www.storm.mg/article/4940978 暗網兜售監聽資料 國民黨團：怕國人得知非法監聽 https://udn.com/news/story/6656/7627276 監控資料外流！王鴻薇爆：遭揭露的執行監聽人員　確實在相關單位 https://www.nownews.com/news/6317786 SOCSO網疑被駭個資外洩 JPDP：調查中 https://reurl.cc/v6r3Oo 23andMe基因檢測遭駭 數百萬個資失竊 https://reurl.cc/RyAngg 日本汽車製造商Nissan調查澳洲、紐西蘭資料外洩的事故 https://www.bleepingcomputer.com/news/security/nissan-is-investigating-cyberattack-and-potential-data-breach/ 接棒緬北詐騙？ 杜拜被曝也有「四大園區」 300多中國人在「辛勤工作」 https://today.line.me/tw/v2/article/YaOPgxQ 五眼聯盟指控俄羅斯駭客Star Blizzard於全球展開網釣攻擊，兩名嫌犯遭美國起訴 https://www.ithome.com.tw/news/160227 https://www.ncsc.gov.uk/news/star-blizzard-continues-spear-phishing-campaigns https://www.justice.gov/opa/pr/two-russian-nationals-working-russias-federal-security-service-charged-global-computer https://home.treasury.gov/news/press-releases/jy1962 人工智慧開源社群平臺Hugging Face 存在API漏洞，導致微軟、Meta、Google等企業持有的逾1500個Token外洩 https://www.lasso.security/blog/1500-huggingface-api-tokens-were-exposed-leaving-millions-of-meta-llama-bloom-and-pythia-users-for-supply-chain-attacks PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/ 俄羅斯駭客APT28利用Outlook零時差漏洞發動攻擊，主要目標是北約組織會員國 https://unit42.paloaltonetworks.com/russian-apt-fighting-ursa-exploits-cve-2023-233397/ Fighting Ursa Aka APT28: Illuminating a Covert Campaign https://unit42.paloaltonetworks.com/russian-apt-fighting-ursa-exploits-cve-2023-233397/ 網路基礎設施監控業者New Relic遭遇網路攻擊，駭客透過社交工程手法竊得員工帳密得逞 https://www.securityweek.com/new-relic-says-hackers-accessed-internal-environment-using-stolen-credentials/ 駭客假借提供操作手冊的名義，對訂房網站Booking.com的用戶散布竊資軟體Vidar https://www.secureworks.com/blog/vidar-infostealer-steals-booking-com-credentials-in-fraud-scam 竊資軟體Lumma假借寄送發票的名義散布，為迴避偵測，駭客故意將使用者導向不存在的網頁，目的是要他們點選另一個惡意網址 https://perception-point.io/blog/behind-the-attack-lumma-malware/ 不在少數！Okta 遭駭事件擴大影響全部客戶 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10836 Microsoft Warns of COLDRIVER's Evolving Evasion and Credential-Stealing Tactics https://thehackernews.com/2023/12/microsoft-warns-of-coldrivers-evolving.html Google、蘋果證實多國政府向其調閱行動裝置應用程式推播資料 https://www.ithome.com.tw/news/160209 https://www.wyden.senate.gov/imo/media/doc/wyden_smartphone_push_notification_surveillance_letter.pdf https://techcrunch.com/2023/12/06/us-senator-warns-governments-spying-apple-google-smartphone-users-via-push-notifications/ AWS安全存取服務STS有可能被濫用，攻擊者藉此冒充使用者身分 https://redcanary.com/blog/aws-sts/ 國際犬類繁殖組織WALA伺服器不設防，曝露25 GB資料 https://www.websiteplanet.com/news/wala-breach-report/ E.研究報告/工具 如何攻擊 LLM (ChatGPT) https://vocus.cc/article/65715fa2fd89780001fc7967 勒索軟體狩獵團:一群無名駭客如何拯救數位時代的資安危機 https://ebook.hyread.com.tw/bookDetail.jsp?id=359118 研究人員揭露LogoFAIL漏洞，藉由電腦UEFI開機的商標圖片解析元件執行惡意酬載 https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html 全球數百萬台電腦可能因LogoFAIL漏洞繞過安全啟動 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10842 新型態攻擊手法Slam鎖定AMD處理器而來，即將問世的Intel、Arm處理器也可能曝險 https://www.bleepingcomputer.com/news/security/new-slam-attack-steals-sensitive-data-from-amd-future-intel-cpus/ AeroBlade on the Hunt Targeting the U.S. Aerospace Industry https://blogs.blackberry.com/en/2023/11/aeroblade-on-the-hunt-targeting-us-aerospace-industry P2Pinfect - New Variant Targets MIPS Devices https://www.cadosecurity.com/p2pinfect-new-variant-targets-mips-devices/ TA422’s Dedicated Exploitation Loop—the Same Week After Week https://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-week IT threat evolution Q3 2023 https://securelist.com/it-threat-evolution-q3-2023-non-mobile-statistics/111228/ Incident Response in Cybersecurity https://www.threatlocker.com/why-threatlocker/incident-response Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk https://thehackernews.com/2023/12/make-fresh-start-for-2024-clean-out.html New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks https://thehackernews.com/2023/12/new-bluffs-bluetooth-attack-expose.html Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk https://thehackernews.com/2023/12/make-fresh-start-for-2024-clean-out.html Scaling Security Operations with Automation https://thehackernews.com/2023/12/scaling-security-operations-with.html Building a Robust Threat Intelligence with Wazuh https://thehackernews.com/2023/12/building-robust-threat-intelligence.html F.商業 Veeam針對Microsoft 365推出兩項備份方案組合 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10830 Generative AI Security: Preventing Microsoft Copilot Data Exposure https://thehackernews.com/2023/12/generative-ai-security-preventing.html 思科推出Cisco AI Assistant安全助理，可智慧設立防火牆規則防止駭客攻擊 https://news.knowing.asia/news/b989baef-bafd-45e2-a082-2c2b388daafc 思科推出人工智慧產品組合重新定義網路安全防禦 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10847 受反間諜法影響！美國資安大廠「趨勢科技」研發中心撤離中國 https://finance.technews.tw/2023/12/08/antivirus-software/ Meta 推出 Purple Llama 實現安全及負責任的 AI 開發 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/840012CA664143928524C2ADCA4A4621 戴爾科技看生成式AI：網路安全的新盟友與新挑戰 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10831 趨勢科技取得「AWS平台整合能力」頭銜，簡化並加速雲端成功 https://www.digitalwall.com/scripts/displaypr.asp?UID=89928 G.政府 數產署舉辦「2023 CyberDay 資安產業日」，打造南臺灣資安聚落 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10833 廉政署：依法蒐報妨礙選舉情資及維安 無監控候選人 https://www.rti.org.tw/news/view/id/2189140 助台灣個資保護接軌國際 資策會邀美日專家交流CBPR https://ec.ltn.com.tw/article/breakingnews/4514080 為中小企業、非營利組織資安紮根，資安院推動「NICS臺灣資安計畫」 https://www.ithome.com.tw/news/160192 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a 零信任時代－製造業的OT與IT資安關鍵策略和最佳實踐 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10840 合勤科技修補完成 NAS、防火牆和 AP中的 15 個漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10835 Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks https://thehackernews.com/2023/12/qualcomm-releases-details-on-chip.html 神經網路協助確保連網車輛的安全性 https://www.eettaiwan.com/20231207nt31-neural-networks-can-help-keep-connected-vehicles-secure/ 製程設備Web化狀態感知 https://www.itri.org.tw/ListStyle.aspx?DisplayStyle=01_content&SiteID=1&MmmID=1220671723542215626&MGID=711043615112102363 IEC62443標準制定者ISA國際自動化協會成立臺灣分會 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10846 FY112「IoT 物聯網設備共通資安指引」 https://www.acw.org.tw/News/Detail.aspx?id=3351 MIPS架構IoT設備遭殭屍網路P2Pinfect鎖定 https://www.cadosecurity.com/p2pinfect-new-variant-targets-mips-devices/ New P2PInfect Botnet MIPS Variant Targeting Routers and IoT Devices https://thehackernews.com/2023/12/new-p2pinfect-botnet-mips-variant.html 台達電旗下大樓自動化業者Loytec控制設備存在漏洞 https://www.securityweek.com/unpatched-loytec-building-automation-flaws-disclosed-2-years-after-discovery/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 6.近期資安活動及研討會 WordPress 親子小聚 - 彰化小聚#36 2023/12/10 https://www.meetup.com/changhua-wordpress-meetup-group/events/297436537/ 【安碁學苑】資安職能養成-滲透測試實務課程(含Lab實作) 2023/12/4 ~ 2023/12/18 https://www.accupass.com/event/2311270636182570082000 【 2023/12 】WordPress 台北小聚 - 尾牙又來囉 @ 資策會Living Lab+ 2023/12/11 https://www.meetup.com/taipei-wordpress/events/297535721/ 2023物流與供應鏈資安研討會 2023/12/12 https://www.accupass.com/event/2311290320541942390236 Elixir Taiwan monthly meetup 2023/12/12 https://www.meetup.com/elixirtw-taipei/events/297356423/ 【安碁學苑】金融業資料保護與隱私課程 2023/12/13 https://www.accupass.com/event/2311271112392102674730 《歐立威科技 2023 研討會》12/13 | Elastic APM x AIOps- 強化應用程式效能監控與維運 2023/12/13 https://www.accupass.com/event/2311200958105751274460 拒當受「駭」者！有資安韌性，讓你不怕打 PADDA 2023/12/13 https://metashield.kktix.cc/events/5867ed48 從沙崙資安基地眺望 2024 資安未來研討會 2023/12/15 https://nds.kktix.cc/events/hackermeetup2023 智慧製造產業跨域資安人力高峰論壇 2023/12/15 https://isipevent.kktix.cc/events/f2ce8bcc-copy-4 【資安線上研討會】化被動為主動：資安自動化協作 2023/12/15 https://www.accupass.com/event/2311240306125372701580 滲透測試簡介與實務 2023/12/15 https://web.tabf.org.tw/page/407020/course12.htm Python爬蟲實戰工作坊 2023/12/16 https://www.meetup.com/pyladiestw/events/297519292/ 線上資安專題講座-管窺資訊安全產品研發與人力需求 2023/12/16 https://isipevent.kktix.cc/events/098efec3-copy-1 跟著 AI 叮叮噹！ 2023/12/18 https://www.meetup.com/rladies-taipei/events/297305466/ User Research Taipei: AI and UR 2023/12/19 https://www.meetup.com/taipei-user-research-meetup-group/events/297555022/ Jamf Nation Live Taipei 2023 2023/12/19 https://jamf.kktix.cc/events/jamfnation2023 Taipei dbt Meetup #18 (in-person 👫 & online 👨‍💻)2023/12/20 https://www.meetup.com/taipei-dbt-meetup/events/297459596/ 政府 VS 數位平台 VS 公民：誰才是平台個資保護的真心人 2023/12/21 https://ocftw.kktix.cc/events/internetfreedom-december2023 國家高速網路與計算中心教育訓練 結合AI機器學習及CAE模擬之不確定性分析– SmartUQ實作案例分享 2023/12/22 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4079&from_course_list_url=course_index 駭客奪旗攻防演練-金融資安人才養成專班 2023/12/22、27、28、29 https://web.tabf.org.tw/page/ctf/ 2023 ISA Taiwan Section 國際自動化協會台灣分會成立大會2023/12/23 https://isatw.kktix.cc/events/d469c85a 【Monosparta ②⓪②④ 第一梯次 軟體開發實戰訓練營➠線上說明會 2024/1/17 https://trunk-studio.kktix.cc/events/monosparta-202401 第七屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會 2024/2/6 https://www.accupass.com/event/2311160625102022535520