資安事件新聞週報 2023/6/19 ~ 2023/6/23

1.重大弱點漏洞/後門/Exploit/Zero Day VMware網路分析工具重大漏洞已出現攻擊行動 https://www.bleepingcomputer.com/news/security/vmware-warns-of-critical-vrealize-flaw-exploited-in-attacks/ Alert! Hackers Exploiting Critical Vulnerability in VMware's Aria Operations Networks https://thehackernews.com/2023/06/alert-hackers-exploiting-critical.html Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway https://thehackernews.com/2023/06/chinese-unc4841-group-exploits-zero-day.html 旗下擁有小紅傘、諾頓等防毒品牌的廠商Gen Digital，傳出遭遇MOVEit Transfer零時差漏洞攻擊 https://www.securityweek.com/norton-parent-says-employee-data-stolen-in-moveit-ransomware-attack/ 微軟Azure AD出現能被用於帳號挾持的漏洞nOAuth https://www.descope.com/blog/post/noauth Critical 'nOAuth' Flaw in Microsoft Azure AD Enabled Complete Account Takeover https://thehackernews.com/2023/06/critical-noauth-flaw-in-microsoft-azure.html 針對尚未修補重大漏洞的設備，硬碟製造商Western Digital封鎖存取雲端服務的功能 https://www.securityweek.com/western-digital-blocks-unpatched-devices-from-cloud-services/ Azure Bastion、Container Registry出現XSS漏洞 https://orca.security/resources/blog/examining-two-xss-vulnerabilities-in-azure-services 2.銀行/金融/保險/證券/金融監理新聞及資安 Lazarus Threat Group Exploiting Vulnerability of Korean Finance Security Solution https://asec.ahnlab.com/en/54195/ 俄羅斯駭客Killnet企圖對西方金融體系發動攻擊 https://www.darkreading.com/risk/killnet-threatens-imminent-swift-world-banking-attacks 銀行打詐 APP防護再進化 https://ctee.com.tw/news/finance/885967.html 公股銀行防駭演練及強化資訊安全 https://reurl.cc/p6rOdZ 每10萬人擁169台ATM 電子支付使用率95.5% https://reurl.cc/2Lzp06 3.信用卡/電子支付/行動支付/pay/支付系統/資安萬事達卡攜手支付寶助力入境大陸國際遊客暢享行動支付 https://wantrich.chinatimes.com/news/20230621900511-420501 數位帳戶、電子支付大成長 https://ctee.com.tw/news/finance/887273.html 歐買尬旗下綠界/歐付寶聯手推廣支付服務 https://today.line.me/tw/v2/article/pen1J9l 上海銀行加入Apple Pay　早鳥綁卡享滿千送百 https://www.cardu.com.tw/news/detail.php?49113 檢察官痛罵台灣電子支付詐騙多：為何不學加密交易所「拿身分證拍照」 https://www.blocktempo.com/electronic-payment-in-taiwan-kyc-problem/ 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Pudgy Penguins聯創Cole推特賬號已恢復，此前6月5日被入侵並發布虛假資訊 https://news.cnyes.com/news/id/5219275?exp=a Bitcoin Magazine譴責推特拒絕為遭駭客攻擊的編輯帳戶提供支持 https://news.cnyes.com/news/id/5219315 駭客竊取價值數百萬美元的NFT並用贓款在Roblox消費 https://news.cnyes.com/news/id/5219336 誰是 ZachXBT ？鏈上偵探大戰鏈上巨鯨「麻吉大哥」 https://reurl.cc/r5rm21 真正的Web3世代？OpenSea研究爆：95% NFT釣魚攻擊由「未成年駭客」發起 https://www.blocktempo.com/school-kids-phishing-millions-in-nfts/ 22億加密資產被騙走，攻擊者95%來自高中生！詐騙服務「NFT Drainer」是什麼 https://www.bnext.com.tw/article/75743/phishing-frenzy-school-kids-are-stealing-millions-of-dollars-of-nfts-to-buy-roblox-skins-20230620141846-2eqs6nkp MistTrack：朝鮮駭客正清洗Atomic Wallet攻擊事件相關資金 https://news.cnyes.com/news/id/5222150?exp=a Candy Collective項目Discord服務器的驗證程序遭到駭客入侵 https://news.cnyes.com/news/id/5222466?exp=a 朝鮮駭客近兩日向THORChain轉移503.08枚ETH並換成BTC https://news.cnyes.com/news/id/5222039 法院裁定加密貨幣借貸不受最高利率限制！韓國近期加密立法一次看 https://news.knowing.asia/news/8e224b4a-7a03-4630-89b3-a081f67bef6a 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Ransom.MSIL.EGOGEN.THEBBBC 勒索病毒 https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.msil.egogen.thebbbc?_ga=2.35440865.13420002.1687140086-95149639.1544509404 針對SaaS應用程式的自動化勒索軟體攻擊出現 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10510&mod=1 竊資軟體WASP透過PyPI套件散布 https://blog.virustotal.com/2023/06/inside-of-wasps-nest-deep-dive-into.html 美國 CISA 指出：LockBit 勒贖軟體在美國發動 1,700 起攻擊，共勒贖 9,100 萬美元 https://www.twcert.org.tw/tw/cp-104-7197-6a8f2-1.html 駭客組織Diicot鎖定使用SSH進行遠端管理的伺服器，目的是散布挖礦軟體 https://www.cadosecurity.com/tracking-diicot-an-emerging-romanian-threat-actor/ 用戶刪除的AWS S3儲存桶成駭客溫床？資安業者發現有非法人士占用，恐被用於散布惡意軟體 https://checkmarx.com/blog/hijacking-s3-buckets-new-attack-technique-exploited-in-the-wild-by-supply-chain-attackers/ 俄羅斯電玩社群遭到勒索軟體駭客鎖定 https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ 勒索軟體Rhysida聲稱從智利軍隊竊得內部資料，疑有士兵涉案 https://www.cronup.com/ejercito-de-chile-es-atacado-por-la-nueva-banda-de-ransomware-rhysida/ https://www.latercera.com/la-tercera-pm/noticia/hacker-marcial-pdi-detiene-a-cabo-del-ejercito-por-ciberataque-a-las-redes-internas-de-la-institucion-castrense/P6ZP6WUFSNEZ5CIMR7K7DXCIMA/ 竊資軟體Mystic攻擊升溫，針對40個瀏覽器、70個擴充套件而來 https://www.zscaler.com/blogs/security-research/mystic-stealer https://www.cyfirma.com/outofband/mystic-stealer-evolving-stealth-malware/ 惡意程式JokerSpy鎖定macOS而來 https://www.bitdefender.com/blog/labs/fragments-of-cross-platform-backdoor-hint-at-larger-mac-os-attack/ 美國得梅因學區證實遭到勒索軟體攻擊 https://www.dmschools.org/news_release/dmps-notifies-individuals-of-data-security-incident/ 房地產公司Onix遭到勒索軟體攻擊，逾30萬人個資外洩 https://www.onixgroup.com/wp-content/uploads/2023/05/Onix-Notice-of-Data-Security-Incident.pdf 木馬程式DcRAT透過OnlyFans網站散布 https://www.esentire.com/blog/onlydcratfans-malware-distributed-using-explicit-lures-of-onlyfans-pages-and-other-adult-content Analysis of Ransomware With BAT File Extension Attacking MS-SQL Servers (Mallox) https://asec.ahnlab.com/en/54704/ Kimsuky Distributing CHM Malware Under Various Subjects https://asec.ahnlab.com/en/54678/ RedEyes Group Wiretapping Individuals (APT37) https://asec.ahnlab.com/en/54349/ Hackers Use Weaponized PDF Files to Attack Organizations https://cybersecuritynews.com/hackers-use-weaponized-pdf-files-to-attack-organizations/ Terminator EDR Killer (Spyboy) | Detecting and Preventing a Windows BYOVD Attack https://reurl.cc/o7rn5M TP-Link路由器重大漏洞遭殭屍網路Condi鎖定 https://www.fortinet.com/blog/threat-research/condi-ddos-botnet-spreads-via-tp-links-cve-2023-1389 Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389 https://www.fortinet.com/blog/threat-research/condi-ddos-botnet-spreads-via-tp-links-cve-2023-1389 New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks https://thehackernews.com/2023/06/new-condi-malware-hijacking-tp-link-wi.html Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/ Dissecting TriangleDB, a Triangulation spyware implant https://securelist.com/triangledb-triangulation-implant/110050/ Analyzing a YouTube Sponsorship Phishing Mail and Malware Targeting Content Creators https://isc.sans.edu/diary/rss/29966 Graphican: Flea Uses New Backdoor in Attacks Targeting Foreign Ministries https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/flea-backdoor-microsoft-graph-apt15 Dark web forum whac-a-mole https://blog.talosintelligence.com/threat-source-newsletter-april-13-2023/ OnlyDcRatFans: Malware Distributed Using Explicit Lures of OnlyFans Pages and Other Adult Content https://reurl.cc/r5rmrk RecordBreaker Infostealer Disguised as a .NET Installer https://asec.ahnlab.com/en/54658/ DoNot APT Elevates its Tactics by Deploying Malicious Android Apps on Google Play Store https://reurl.cc/113d3W 殭屍網路Tsunami鎖定SSH伺服器而來 https://asec.ahnlab.com/en/54647/ Tsunami DDoS Malware Distributed to Linux SSH Servers https://asec.ahnlab.com/en/54647/ 惡意軟體ChromeLoader假借提供盜版影音、遊戲散布 https://www.bleepingcomputer.com/news/security/new-shampoo-chromeloader-malware-pushed-via-fake-warez-sites/ Shampoo: A New ChromeLoader Campaign https://threatresearch.ext.hp.com/shampoo-a-new-chromeloader-campaign/ 中國駭客利用惡意軟體ChamelDoH攻擊Linux系統 https://stairwell.com/news/chamelgang-and-chameldoh-a-dns-over-https-implant/ ChamelGang and ChamelDoH: A DNS-over-HTTPS implant https://stairwell.com/news/chamelgang-and-chameldoh-a-dns-over-https-implant/ Formbook from Possible ModiLoader (DBatLoader) https://isc.sans.edu/diary/rss/29958 Mystic Stealer – Evolving “stealth” Malware https://www.cyfirma.com/outofband/mystic-stealer-evolving-stealth-malware/ New Malware Campaign Targets LetsVPN Users https://blog.cyble.com/2023/06/16/new-malware-campaign-targets-letsvpn-users/ Fake security researchers push malware files on GitHub https://www.malwarebytes.com/blog/news/2023/06/fake-security-researchers-push-malware-files-on-github Warning: Malware Disguised as a Security Update Installer Being Distributed https://asec.ahnlab.com/en/54375/ llll https://otx.alienvault.com/pulse/64905f22484197e240e3cd07 From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet https://thehackernews.com/2023/06/from-cryptojacking-to-ddos-attacks.html ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC https://thehackernews.com/2023/06/chameldoh-new-linux-backdoor-utilizing.html 20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona https://thehackernews.com/2023/06/20-year-old-russian-lockbit-ransomware.html Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack https://thehackernews.com/2023/06/third-flaw-uncovered-in-moveit-transfer.html Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency https://thehackernews.com/2023/06/ransomware-hackers-and-scammers.html 竊資軟體Vidar輪替後端的基礎設施，攻擊行動更為隱匿 https://www.team-cymru.com/post/darth-vidar-the-aesir-strike-back Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities https://thehackernews.com/2023/06/vidar-malware-using-new-tactics-to.html 竊資軟體RDStealer透過遠端桌面流出受害電腦資料 https://www.bitdefender.com/blog/businessinsights/unpacking-rdstealer-an-exfiltration-malware-targeting-rdp-workloads/ Experts Uncover Year-Long Cyber Attack on IT Firm Utilizing Custom Malware RDStealer https://thehackernews.com/2023/06/experts-uncover-year-long-cyber-attack.html New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions https://thehackernews.com/2023/06/new-mystic-stealer-malware-targets-40.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊印度駭客DoNot透過惡意安卓App從事間諜行動 https://www.cyfirma.com/outofband/donot-apt-elevates-its-tactics-by-deploying-malicious-android-apps-on-google-play-store/ Google Play 被揪出2款App 暗藏惡意間諜竊個資！來自印度駭客組織 https://3c.ltn.com.tw/news/53799 Rogue Android Apps Target Pakistani Individuals in Sophisticated Espionage Campaign https://thehackernews.com/2023/06/rogue-android-apps-target-pakistani.html Google Play又出現惡意App　取得位置、盜取聯絡人資料 https://www.ettoday.net/news/20230620/2524304.htm 中國購物App「拼多多」爆紅！CNN揭露資安疑慮恐惡意竊資 https://reurl.cc/AA4QQY C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力上市上櫃公司資通安全管控指引實戰懶人包 https://techops.digiwin.com/security-regulation_lazyguide/ 駭客利用ChatGPT和Google Bard　挑起複雜電子郵件攻擊 https://www.technice.com.tw/cloudtech/infosecurity/56965/ 微軟將 Azure、Outlook 和 OneDrive 中斷歸咎於大規模 DDoS 攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10511&mod=1 抓到了微軟遇駭遭持續攻擊一周「匿名蘇丹」幹的 https://www.worldjournal.com/wj/story/121172/7245358 美國伊利諾伊州聖瑪格莉特醫院因駭客攻擊落得慘澹關門成首例 https://www.worldjournal.com/wj/story/121172/7245359 亞通遭駭客網路攻擊對營運尚無重大影響 https://reurl.cc/jD3NYq 環天科部分資訊系統遭受駭客網路攻擊，受影響之系統陸續恢復運作 https://www.moneylink.com.tw/RealtimeNews/NewsContent.aspx?SN=1933607002&PU=0009 駭客威脅要發布 Reddit 資料，除非撤回 API 收費計畫 https://reurl.cc/RzWpln 駭客已計劃發布竊取來的 Reddit「有趣的機密資料」資料 https://reurl.cc/DA4RkN 俄羅斯駭客APT28鎖定烏克蘭政府機關的郵件伺服器下手 https://www.bleepingcomputer.com/news/security/russian-apt28-hackers-breach-ukrainian-govt-email-servers/ CBS「60分鐘」：中國對台灣掀起無硝煙網攻 https://www.cna.com.tw/news/aipl/202306190212.aspx 彭博社曝華為內鬼內幕為61億合約派間諜偷情報 https://m.secretchina.com/news/b5/2023/06/18/1038500.html 美资安公司:黑客替北京网攻全球政商机构 https://info.51.ca/articles/1219048 黑客組織攻擊外國政府疑與中共有關 https://www.epochtimes.com/b5/23/6/21/n14020587.htm 美資安外交官：中國正把竊取智慧財產手法應用在AI、先進技術上 https://news.cnyes.com/news/id/5224724 大規模網攻：MOVEit零日漏洞危機擴大，美國近百個政府單位、企業遭勒索 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10519&mod=1 歐盟禁「中」通資設備確保網路安全 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1594238&type=international 美國強制政府單位採用零信任架構以縮小攻擊面 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10520&mod=1 解讀美國全新資安戰略 https://view.ctee.com.tw/technology/50635.html 美國對於捉拿勒索軟體駭客Clop，祭出千萬美元尋求線民提供資料 https://twitter.com/RFJ_USA/status/1669740545403437056 美國CISA、NSA提供伺服器基板管理控制器（BMC）的安全強化指南 https://www.infosecurity-magazine.com/news/cisa-nsa-controller-hardening-guide/ 英國宣布擴大金援協助烏克蘭加強網路防禦能力 https://news.cts.com.tw/cna/international/202306/202306182192297.html 中東及非洲政府機關遭到國家級駭客組織鎖定 https://www.paloaltonetworks.com/blog/security-operations/through-the-cortex-xdr-lens-uncovering-a-new-activity-group-targeting-governments-in-the-middle-east-and-africa/ State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments https://thehackernews.com/2023/06/state-backed-hackers-employ-advanced.html Uncovering a New Activity Group Targeting Governments in the Middle East and Africa https://reurl.cc/WGR5Re Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor https://thehackernews.com/2023/06/chinese-hacker-group-flea-targets.html Tracking Diicot: an emerging Romanian threat actor https://www.cadosecurity.com/tracking-diicot-an-emerging-romanian-threat-actor/ 資安解決方案架構師(Pre-sales) https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E8%A7%A3%E6%B1%BA%E6%96%B9%E6%A1%88%E6%9E%B6%E6%A7%8B%E5%B8%AB-pre-sales-at-adecco-3639867546/?originalSubdomain=tw 軟體開發工程師(資安暨網路事業處) https://www.104.com.tw/job/2n1cr?jobsource=google_job 網路工程師 - Network Engineer https://www.104.com.tw/job/6hsgy?jobsource=hotjob_chr 【STAFF】MIS 資訊管理師 (新竹)(資安相關)_無經驗可 https://www.104.com.tw/job/775tr?jobsource=jolist_b_relevance 資訊安全工程師 https://www.104.com.tw/job/6ndq1?jobsource=jolist_b_relevance 資安工程師(合規與技術檢測) https://www.104.com.tw/job/7wx4j?jobsource=jolist_b_relevance 資安顧問/工程師 Security Consultant /Security Presales https://www.104.com.tw/job/7i2vq?jobsource=jolist_b_relevance 資深資訊安全工程師 ( 正式; 待優; 台北所) https://www.104.com.tw/job/7p34j?jobsource=jolist_b_relevance 【資訊專業】資安工程師 https://www.104.com.tw/job/6swph?jobsource=jolist_b_relevance (SOC)資安監控中心資安工程師 https://www.104.com.tw/job/70hww?jobsource=jolist_b_relevance 資訊安全合規審查人員 https://www.104.com.tw/job/7jjn1?jobsource=jolist_b_relevance 資安工程師 https://www.104.com.tw/job/77uw6?jobsource=jolist_b_relevance 【資訊板塊】雲端資安工程師 https://www.104.com.tw/job/7hkcv?jobsource=jolist_b_relevance 【資訊】資安管理人員 https://www.104.com.tw/job/69jq5?jobsource=jolist_b_relevance 【資安所】網路資安分析師 https://www.104.com.tw/job/80oat?jobsource=jolist_b_relevance 資安工程師 https://www.104.com.tw/job/5u8ui?jobsource=jolist_b_relevance 網路資安工程師_12030 https://www.104.com.tw/job/7reg8?jobsource=jolist_b_relevance 資安工程師(桃園市)-集團擴大徵才 https://www.104.com.tw/job/7wfzw?jobsource=m104 資安研發工程師(RD) https://www.104.com.tw/job/80s7m 資安工程師 https://www.104.com.tw/job/7xfdb?jobsource=job_same_b 網路資安工程師 https://www.104.com.tw/job/7ifkz?jobsource=jolist_b_relevance 資訊_資訊安全管理師(技術) https://www.104.com.tw/job/7o6qd?jobsource=jolist_b_relevance 【振宇五金】網路資安工程師 https://www.104.com.tw/job/7x2gu?jobsource=jolist_b_relevance 資安工程師 https://www.104.com.tw/job/7wxef?jobsource=jolist_b_relevance 台中網路資安工程師 https://www.104.com.tw/job/7r5tp?jobsource=jolist_b_relevance 駐點資安工程師(台中) https://www.104.com.tw/job/7hya9?jobsource=jolist_b_relevance 資訊部門-資訊安全防禦專家 https://www.104.com.tw/job/7bxt2?jobsource=jolist_b_relevance D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全美國路易斯安那州、奧勒岡州證實遭到MOVEit Transfer零時差漏洞攻擊，超過350萬民眾個茲可能外洩 https://www.bleepingcomputer.com/news/security/millions-of-oregon-louisiana-state-ids-stolen-in-moveit-breach/ ASEC Weekly Phishing Email Threat Trends (June 4th 2023 – June 10th, 2023) https://asec.ahnlab.com/en/54662/ Xneelo Users Targeted in a Multi-stage Phishing Attack https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/ 10萬臺電腦遭竊資軟體入侵，ChatGPT帳密資料流入暗網 https://www.group-ib.com/media-center/press-releases/stealers-chatgpt-credentials/ Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces https://thehackernews.com/2023/06/over-100000-stolen-chatgpt-account.html 社群網站Reddit於2月傳出資料外洩，背後疑勒索軟體BlackCat所為 https://www.bleepingcomputer.com/news/security/reddit-hackers-threaten-to-leak-data-stolen-in-february-breach/ 駭客利用可繞過雙因素驗證的工具，每月散布百萬則網釣訊息 https://www.proofpoint.com/uk/resources/threat-reports/human-factor 假借記者採訪名義與幣圈人士互動、實為網釣攻擊！近2千人遇害、損失300萬美元 https://drops.scamsniffer.io/post/pink-drainer-steals-3m-from-multiple-hack-events-including-openai-cto-orbiter-finance/ 音樂串流服務Spotify違反GDPR判罰500萬歐元 https://www.imy.se/en/news/administrative-fee-against-spotify/ 侯友宜台大開講「報名個資」外洩！學生怒：遭貼標籤肉搜 https://www.setn.com/News.aspx?NewsID=1311072 强化感知阻断，加快响应处置，提高防范意识——浅议高校钓鱼邮件应对策略 https://www.aqniu.com/learn/97111.html E.研究報告/工具研究人員揭露鎖定WordPress網站的Balada Injector攻擊行動 https://cybernews.com/security/wordpress-malware-epidemic-balada-injector/ 弱點掃描工具大解密！免費工具推薦與優缺點比較 https://www.pcschool.com.tw/blog/it/vulnerability-assessment-tool FAIR定量風險分析模型實用性高受重視，量化資安風險有助溝通風險問題、確定資安投資 https://www.ithome.com.tw/news/157441 如何快速学习网络安全知识 https://www.aqniu.com/vendor/97136.html 《软件成分分析（SCA）技术应用指南》报告发布 https://www.aqniu.com/vendor/97124.html 基于云的恶意软件传播：GuLoader的技术迭代过程 https://www.4hou.com/posts/yAXg CVE-2022-42475-FortiGate-SSLVPN 堆溢出漏洞分析 https://paper.seebug.org/2082/ Activities in the Cybercrime Underground Require a New Approach to Cybersecurity https://thehackernews.com/2023/06/activities-in-cybercrime-underground.html Introducing AI-guided Remediation for IaC Security / KICS https://thehackernews.com/2023/06/introducing-ai-guided-remediation-for.html SaaS in the Real World: How Global Food Chains Can Secure Their Digital Dish https://thehackernews.com/2023/06/saas-in-real-world-how-global-food.html Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems https://thehackernews.com/2023/06/researchers-discover-new-sophisticated.html Startup Security Tactics: Friction Surveys https://thehackernews.com/2023/06/startup-security-tactics-friction.html F.商業借鏡遊戲產業策略，逐步建構企業資安韌性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10512&mod=1 戴爾科技集團推出Project Fort Zero推動安全性轉型 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10514&mod=1 思科以生成式人工智慧締造更強大的安全防護 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10515&mod=1 掌握國際市場最新威脅態勢　增進緩解數位營運風險能力 DDoS攻擊手法再進化　分散式佈建過濾展優勢 https://www.netadmin.com.tw/netadmin/zh-tw/trend/5186A35C065C46808E574906B99EF88C 資料外洩警訊：採用零信任架構，台灣企業的最佳選擇 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?CnlID=14&cat=50&id=0000666287_KTZ31UJC7LEA088112C15 全景軟體助力日本製造業應對網路安全挑戰 https://n.yam.com/Article/20230619326332 防金融詐騙台專家促加強防詐教育 https://www.epochtimes.com/b5/23/6/18/n14018288.htm Google 將出售 Google Domains 給 Squarespace https://www.inside.com.tw/article/31950-google-unexpectedly-sells-its-domain-hosting-business-to-squarespace G.政府新北市政府在報告資安改善計畫的內容中透露資安態勢，每個月遭遇逾8千萬次資安攻擊 https://tw.nextapple.com/life/20230619/3A04619BC5D2F4A97287DB36DDBC850B 新北1年半駭客網路攻擊逾14億次研考會：15次輕微侵入 https://reurl.cc/lDgqW6 駭客攻擊新北市府 17個月逾14億次 https://udn.com/news/story/7323/7246729 網路部隊的人才管理與發展 https://talk.ltn.com.tw/article/paper/1589266 李喜明：國軍網軍應師法以國8200部隊 https://today.line.me/tw/v2/article/penPDJe 總統接見第3屆尋找資安女婕思前三名獲獎隊伍 https://www.nstc.gov.tw/folksonomy/detail/1f914283-82bb-4508-a867-4aa4917e55ec?l=CH&utm_source=rss 蔡英文：資安即國安加強防護邁向數位國家 https://news.ltn.com.tw/news/politics/breakingnews/4339772 邁向數位國家總統：持續加強資安防護韌性 https://www.rti.org.tw/news/view/id/2171298 資安國安沒有更好只有更壞 https://reurl.cc/OvGl97 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安華碩修補近20款路由器重大漏洞 https://www.bleepingcomputer.com/news/security/asus-urges-customers-to-patch-critical-router-vulnerabilities/ ASUS Releases Patches to Fix Critical Security Bugs Impacting Multiple Router Models https://thehackernews.com/2023/06/asus-releases-patches-to-fix-critical.html Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products https://thehackernews.com/2023/06/researchers-expose-new-severe-flaws-in.html 兆勤修補NAS重大漏洞 https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products Zyxel Releases Urgent Security Updates for Critical Vulnerability in NAS Devices https://thehackernews.com/2023/06/zyxel-releases-urgent-security-updates.html 研究人員揭露施耐德電機、Wago設備的漏洞 https://www.forescout.com/blog/ot-icefall-ot-security-design-and-patching/ 駭客發現特斯拉內建有「Elon Mode」：可以讓嘮叨的特斯拉「閉嘴」，雙手放開方向盤也不會被警告 https://www.techbang.com/posts/107345-hackers-discovered-that-tesla-has-built-in-elon-mode-you-can I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 6.近期資安活動及研討會從「會動就好」到「持續營運」 2023/6/24 https://www.accupass.com/event/2305270631121994465958 Raspberry Pi 樹莓派社群聚會 #38 2023/6/26 https://raspberrypi-tw-bdfa45.kktix.cc/events/meetup38 「以小博大：透過工具及社群提升公民數位韌性」座談會 2023/6/27 https://www.twsig.tw/20230627/ 黑客視角：網站漏洞挖掘與防禦 ( 線上課程) 2023/6/27 https://forms.gle/JpThJxMgxZd3uNh39 黑客視角：網站漏洞挖掘與防禦 ( 實體課程) 2023/6/28 https://forms.gle/qQAqx8KZzzntSyLd9 SaaS軟體PM-技術實戰班｜AWS雲端架構設計｜軟體資安｜AWS實作Lab｜模擬試題 2023/6/30 https://www.accupass.com/event/2305310854254976071070 SGS汽車供應鏈發展新趨勢研討會電動車產業關鍵佈局迎向智慧安全新未來 2023/7/4 https://www.accupass.com/event/2304250153518811535560 網路自由小聚 [7月] ：數位人權國際會議會後分享會 2023/7/4 https://ocftw.kktix.cc/events/internetfreedom-july 2023-零信任存取 - APPLE資安研討會 2023/7/5 https://2023gettechnology.kktix.cc/events/48f91757 台灣駭客年會 HITCON Training 2023 2023/7/12 ~ 2023/7/15 https://hitcon.kktix.cc/events/hitcon-training-2023 大數據分析進階班 2023/7/27 ~ 2023/7/28 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=600 【舒虎教育】《區塊鏈初階課程》平日班 2023/7/27 ~ 2023/7/28 https://www.accupass.com/event/2305280843071623542481 【舒虎教育】《區塊鏈初階課程》假日班 2023/7/29 ~ 2023/7/30 https://www.accupass.com/event/2305280843202058678448 COSCUP 2023 2023/07/29 ~ 2023/07/30 https://coscup.org/2023/zh-TW/landing InfoSec Taiwan 2023 國際資安大會 2023/8/1 ~ 2023/8/3 https://csa.kktix.cc/events/infosectaiwan2023 大數據分析進階班 2023/8/10 ~ 2023/8/11 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=611 DEF CON 32 2023/8/10 ~ 2023/8/13 https://defcon.org/index.html AIoT應用實作研習班 2023/8/16 ~ 2023/8/17 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=601 HITCON CMT 2023 2023/08/18 ~ 2023/08/19 https://hitcon.org/2023/CMT/ 大數據分析進階班 (台中) 2023/8/21 ~ 2023/8/22 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=612 AIoT應用實作研習班 (台中) 2023/8/23 ~ 2023/8/24 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=604 PyCon TW 2023 2023/9/2 ~ 2023/9/3 https://tw.pycon.org/2023/zh-hant/registration/tickets Web應用滲透測試 2023/9/7 ~ 2023/9/8 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=631 Hou.Sec.Con 2023/10/12 ~ 2023/10/13 https://web.cvent.com/event/76d46ccb-fe00-4fe5-ba46-e4a77c807f21/summary (ISC)2 SECURITY CONGRESS LEAD WITH CONFINDENCE 2023/10/25 ~ 2023/10/27 https://www.isc2.org/Congress-2023