1.重大弱點漏洞/後門/Exploit/Zero Day VMware網路分析工具重大漏洞已出現攻擊行動 https://www.bleepingcomputer.com/news/security/vmware-warns-of-critical-vrealize-flaw-exploited-in-attacks/ Alert! Hackers Exploiting Critical Vulnerability in VMware's Aria Operations Networks https://thehackernews.com/2023/06/alert-hackers-exploiting-critical.html Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway https://thehackernews.com/2023/06/chinese-unc4841-group-exploits-zero-day.html 旗下擁有小紅傘、諾頓等防毒品牌的廠商Gen Digital，傳出遭遇MOVEit Transfer零時差漏洞攻擊 https://www.securityweek.com/norton-parent-says-employee-data-stolen-in-moveit-ransomware-attack/ 微軟Azure AD出現能被用於帳號挾持的漏洞nOAuth https://www.descope.com/blog/post/noauth Critical 'nOAuth' Flaw in Microsoft Azure AD Enabled Complete Account Takeover https://thehackernews.com/2023/06/critical-noauth-flaw-in-microsoft-azure.html 針對尚未修補重大漏洞的設備，硬碟製造商Western Digital封鎖存取雲端服務的功能 https://www.securityweek.com/western-digital-blocks-unpatched-devices-from-cloud-services/ Azure Bastion、Container Registry出現XSS漏洞 https://orca.security/resources/blog/examining-two-xss-vulnerabilities-in-azure-services 2.銀行/金融/保險/證券/金融監理 新聞及資安 Lazarus Threat Group Exploiting Vulnerability of Korean Finance Security Solution https://asec.ahnlab.com/en/54195/ 俄羅斯駭客Killnet企圖對西方金融體系發動攻擊 https://www.darkreading.com/risk/killnet-threatens-imminent-swift-world-banking-attacks 銀行打詐 APP防護再進化 https://ctee.com.tw/news/finance/885967.html 公股銀行防駭演練及強化資訊安全 https://reurl.cc/p6rOdZ 每10萬人擁169台ATM 電子支付使用率95.5% https://reurl.cc/2Lzp06 3.信用卡/電子支付/行動支付/pay/支付系統/資安 萬事達卡攜手支付寶 助力入境大陸國際遊客暢享行動支付 https://wantrich.chinatimes.com/news/20230621900511-420501 數位帳戶、電子支付大成長 https://ctee.com.tw/news/finance/887273.html 歐買尬旗下綠界/歐付寶 聯手推廣支付服務 https://today.line.me/tw/v2/article/pen1J9l 上海銀行加入Apple Pay　早鳥綁卡享滿千送百 https://www.cardu.com.tw/news/detail.php?49113 檢察官痛罵台灣電子支付詐騙多：為何不學加密交易所「拿身分證拍照」 https://www.blocktempo.com/electronic-payment-in-taiwan-kyc-problem/ 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Pudgy Penguins聯創Cole推特賬號已恢復，此前6月5日被入侵並發布虛假資訊 https://news.cnyes.com/news/id/5219275?exp=a Bitcoin Magazine譴責推特拒絕為遭駭客攻擊的編輯帳戶提供支持 https://news.cnyes.com/news/id/5219315 駭客竊取價值數百萬美元的NFT並用贓款在Roblox消費 https://news.cnyes.com/news/id/5219336 誰是 ZachXBT ？鏈上偵探大戰鏈上巨鯨「麻吉大哥」 https://reurl.cc/r5rm21 真正的Web3世代？OpenSea研究爆：95% NFT釣魚攻擊由「未成年駭客」發起 https://www.blocktempo.com/school-kids-phishing-millions-in-nfts/ 22億加密資產被騙走，攻擊者95%來自高中生！詐騙服務「NFT Drainer」是什麼 https://www.bnext.com.tw/article/75743/phishing-frenzy-school-kids-are-stealing-millions-of-dollars-of-nfts-to-buy-roblox-skins-20230620141846-2eqs6nkp MistTrack：朝鮮駭客正清洗Atomic Wallet攻擊事件相關資金 https://news.cnyes.com/news/id/5222150?exp=a Candy Collective項目Discord服務器的驗證程序遭到駭客入侵 https://news.cnyes.com/news/id/5222466?exp=a 朝鮮駭客近兩日向THORChain轉移503.08枚ETH並換成BTC https://news.cnyes.com/news/id/5222039 法院裁定加密貨幣借貸不受最高利率限制！韓國近期加密立法一次看 https://news.knowing.asia/news/8e224b4a-7a03-4630-89b3-a081f67bef6a 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Ransom.MSIL.EGOGEN.THEBBBC 勒索病毒 https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.msil.egogen.thebbbc?_ga=2.35440865.13420002.1687140086-95149639.1544509404 針對SaaS應用程式的自動化勒索軟體攻擊出現 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10510&mod=1 竊資軟體WASP透過PyPI套件散布 https://blog.virustotal.com/2023/06/inside-of-wasps-nest-deep-dive-into.html 美國 CISA 指出：LockBit 勒贖軟體在美國發動 1,700 起攻擊，共勒贖 9,100 萬美元 https://www.twcert.org.tw/tw/cp-104-7197-6a8f2-1.html 駭客組織Diicot鎖定使用SSH進行遠端管理的伺服器，目的是散布挖礦軟體 https://www.cadosecurity.com/tracking-diicot-an-emerging-romanian-threat-actor/ 用戶刪除的AWS S3儲存桶成駭客溫床？資安業者發現有非法人士占用，恐被用於散布惡意軟體 https://checkmarx.com/blog/hijacking-s3-buckets-new-attack-technique-exploited-in-the-wild-by-supply-chain-attackers/ 俄羅斯電玩社群遭到勒索軟體駭客鎖定 https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ 勒索軟體Rhysida聲稱從智利軍隊竊得內部資料，疑有士兵涉案 https://www.cronup.com/ejercito-de-chile-es-atacado-por-la-nueva-banda-de-ransomware-rhysida/ https://www.latercera.com/la-tercera-pm/noticia/hacker-marcial-pdi-detiene-a-cabo-del-ejercito-por-ciberataque-a-las-redes-internas-de-la-institucion-castrense/P6ZP6WUFSNEZ5CIMR7K7DXCIMA/ 竊資軟體Mystic攻擊升溫，針對40個瀏覽器、70個擴充套件而來 https://www.zscaler.com/blogs/security-research/mystic-stealer https://www.cyfirma.com/outofband/mystic-stealer-evolving-stealth-malware/ 惡意程式JokerSpy鎖定macOS而來 https://www.bitdefender.com/blog/labs/fragments-of-cross-platform-backdoor-hint-at-larger-mac-os-attack/ 美國得梅因學區證實遭到勒索軟體攻擊 https://www.dmschools.org/news_release/dmps-notifies-individuals-of-data-security-incident/ 房地產公司Onix遭到勒索軟體攻擊，逾30萬人個資外洩 https://www.onixgroup.com/wp-content/uploads/2023/05/Onix-Notice-of-Data-Security-Incident.pdf 木馬程式DcRAT透過OnlyFans網站散布 https://www.esentire.com/blog/onlydcratfans-malware-distributed-using-explicit-lures-of-onlyfans-pages-and-other-adult-content Analysis of Ransomware With BAT File Extension Attacking MS-SQL Servers (Mallox) https://asec.ahnlab.com/en/54704/ Kimsuky Distributing CHM Malware Under Various Subjects https://asec.ahnlab.com/en/54678/ RedEyes Group Wiretapping Individuals (APT37) https://asec.ahnlab.com/en/54349/ Hackers Use Weaponized PDF Files to Attack Organizations https://cybersecuritynews.com/hackers-use-weaponized-pdf-files-to-attack-organizations/ Terminator EDR Killer (Spyboy) | Detecting and Preventing a Windows BYOVD Attack https://reurl.cc/o7rn5M TP-Link路由器重大漏洞遭殭屍網路Condi鎖定 https://www.fortinet.com/blog/threat-research/condi-ddos-botnet-spreads-via-tp-links-cve-2023-1389 Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389 https://www.fortinet.com/blog/threat-research/condi-ddos-botnet-spreads-via-tp-links-cve-2023-1389 New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks https://thehackernews.com/2023/06/new-condi-malware-hijacking-tp-link-wi.html Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/ Dissecting TriangleDB, a Triangulation spyware implant https://securelist.com/triangledb-triangulation-implant/110050/ Analyzing a YouTube Sponsorship Phishing Mail and Malware Targeting Content Creators https://isc.sans.edu/diary/rss/29966 Graphican: Flea Uses New Backdoor in Attacks Targeting Foreign Ministries https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/flea-backdoor-microsoft-graph-apt15 Dark web forum whac-a-mole https://blog.talosintelligence.com/threat-source-newsletter-april-13-2023/ OnlyDcRatFans: Malware Distributed Using Explicit Lures of OnlyFans Pages and Other Adult Content https://reurl.cc/r5rmrk RecordBreaker Infostealer Disguised as a .NET Installer https://asec.ahnlab.com/en/54658/ DoNot APT Elevates its Tactics by Deploying Malicious Android Apps on Google Play Store https://reurl.cc/113d3W 殭屍網路Tsunami鎖定SSH伺服器而來 https://asec.ahnlab.com/en/54647/ Tsunami DDoS Malware Distributed to Linux SSH Servers https://asec.ahnlab.com/en/54647/ 惡意軟體ChromeLoader假借提供盜版影音、遊戲散布 https://www.bleepingcomputer.com/news/security/new-shampoo-chromeloader-malware-pushed-via-fake-warez-sites/ Shampoo: A New ChromeLoader Campaign https://threatresearch.ext.hp.com/shampoo-a-new-chromeloader-campaign/ 中國駭客利用惡意軟體ChamelDoH攻擊Linux系統 https://stairwell.com/news/chamelgang-and-chameldoh-a-dns-over-https-implant/ ChamelGang and ChamelDoH: A DNS-over-HTTPS implant https://stairwell.com/news/chamelgang-and-chameldoh-a-dns-over-https-implant/ Formbook from Possible ModiLoader (DBatLoader) https://isc.sans.edu/diary/rss/29958 Mystic Stealer – Evolving “stealth” Malware https://www.cyfirma.com/outofband/mystic-stealer-evolving-stealth-malware/ New Malware Campaign Targets LetsVPN Users https://blog.cyble.com/2023/06/16/new-malware-campaign-targets-letsvpn-users/ Fake security researchers push malware files on GitHub https://www.malwarebytes.com/blog/news/2023/06/fake-security-researchers-push-malware-files-on-github Warning: Malware Disguised as a Security Update Installer Being Distributed https://asec.ahnlab.com/en/54375/ llll https://otx.alienvault.com/pulse/64905f22484197e240e3cd07 From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet https://thehackernews.com/2023/06/from-cryptojacking-to-ddos-attacks.html ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC https://thehackernews.com/2023/06/chameldoh-new-linux-backdoor-utilizing.html 20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona https://thehackernews.com/2023/06/20-year-old-russian-lockbit-ransomware.html Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack https://thehackernews.com/2023/06/third-flaw-uncovered-in-moveit-transfer.html Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency https://thehackernews.com/2023/06/ransomware-hackers-and-scammers.html 竊資軟體Vidar輪替後端的基礎設施，攻擊行動更為隱匿 https://www.team-cymru.com/post/darth-vidar-the-aesir-strike-back Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities https://thehackernews.com/2023/06/vidar-malware-using-new-tactics-to.html 竊資軟體RDStealer透過遠端桌面流出受害電腦資料 https://www.bitdefender.com/blog/businessinsights/unpacking-rdstealer-an-exfiltration-malware-targeting-rdp-workloads/ Experts Uncover Year-Long Cyber Attack on IT Firm Utilizing Custom Malware RDStealer https://thehackernews.com/2023/06/experts-uncover-year-long-cyber-attack.html New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions https://thehackernews.com/2023/06/new-mystic-stealer-malware-targets-40.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 印度駭客DoNot透過惡意安卓App從事間諜行動 https://www.cyfirma.com/outofband/donot-apt-elevates-its-tactics-by-deploying-malicious-android-apps-on-google-play-store/ Google Play 被揪出2款App 暗藏惡意間諜竊個資！來自印度駭客組織 https://3c.ltn.com.tw/news/53799 Rogue Android Apps Target Pakistani Individuals in Sophisticated Espionage Campaign https://thehackernews.com/2023/06/rogue-android-apps-target-pakistani.html Google Play又出現惡意App　取得位置、盜取聯絡人資料 https://www.ettoday.net/news/20230620/2524304.htm 中國購物App「拼多多」爆紅！CNN揭露資安疑慮 恐惡意竊資 https://reurl.cc/AA4QQY C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 上市上櫃公司資通安全管控指引實戰懶人包 https://techops.digiwin.com/security-regulation_lazyguide/ 駭客利用ChatGPT和Google Bard　挑起複雜電子郵件攻擊 https://www.technice.com.tw/cloudtech/infosecurity/56965/ 微軟將 Azure、Outlook 和 OneDrive 中斷歸咎於大規模 DDoS 攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10511&mod=1 抓到了 微軟遇駭遭持續攻擊一周 「匿名蘇丹」幹的 https://www.worldjournal.com/wj/story/121172/7245358 美國伊利諾伊州聖瑪格莉特醫院 因駭客攻擊落得慘澹關門 成首例 https://www.worldjournal.com/wj/story/121172/7245359 亞通遭駭客網路攻擊 對營運尚無重大影響 https://reurl.cc/jD3NYq 環天科部分資訊系統遭受駭客網路攻擊，受影響之系統陸續恢復運作 https://www.moneylink.com.tw/RealtimeNews/NewsContent.aspx?SN=1933607002&PU=0009 駭客威脅要發布 Reddit 資料，除非撤回 API 收費計畫 https://reurl.cc/RzWpln 駭客已計劃發布竊取來的 Reddit「有趣的機密資料」資料 https://reurl.cc/DA4RkN 俄羅斯駭客APT28鎖定烏克蘭政府機關的郵件伺服器下手 https://www.bleepingcomputer.com/news/security/russian-apt28-hackers-breach-ukrainian-govt-email-servers/ CBS「60分鐘」：中國對台灣掀起無硝煙網攻 https://www.cna.com.tw/news/aipl/202306190212.aspx 彭博社曝華為內鬼內幕 為61億合約派間諜偷情報 https://m.secretchina.com/news/b5/2023/06/18/1038500.html 美资安公司:黑客替北京网攻全球政商机构 https://info.51.ca/articles/1219048 黑客組織攻擊外國政府 疑與中共有關 https://www.epochtimes.com/b5/23/6/21/n14020587.htm 美資安外交官：中國正把竊取智慧財產手法應用在AI、先進技術上 https://news.cnyes.com/news/id/5224724 大規模網攻：MOVEit零日漏洞危機擴大，美國近百個政府單位、企業遭勒索 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10519&mod=1 歐盟禁「中」通資設備 確保網路安全 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1594238&type=international 美國強制政府單位採用零信任架構以縮小攻擊面 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10520&mod=1 解讀美國全新資安戰略 https://view.ctee.com.tw/technology/50635.html 美國對於捉拿勒索軟體駭客Clop，祭出千萬美元尋求線民提供資料 https://twitter.com/RFJ_USA/status/1669740545403437056 美國CISA、NSA提供伺服器基板管理控制器（BMC）的安全強化指南 https://www.infosecurity-magazine.com/news/cisa-nsa-controller-hardening-guide/ 英國宣布擴大金援 協助烏克蘭加強網路防禦能力 https://news.cts.com.tw/cna/international/202306/202306182192297.html 中東及非洲政府機關遭到國家級駭客組織鎖定 https://www.paloaltonetworks.com/blog/security-operations/through-the-cortex-xdr-lens-uncovering-a-new-activity-group-targeting-governments-in-the-middle-east-and-africa/ State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments https://thehackernews.com/2023/06/state-backed-hackers-employ-advanced.html Uncovering a New Activity Group Targeting Governments in the Middle East and Africa https://reurl.cc/WGR5Re Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor https://thehackernews.com/2023/06/chinese-hacker-group-flea-targets.html Tracking Diicot: an emerging Romanian threat actor https://www.cadosecurity.com/tracking-diicot-an-emerging-romanian-threat-actor/ 資安解決方案架構師(Pre-sales) https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E8%A7%A3%E6%B1%BA%E6%96%B9%E6%A1%88%E6%9E%B6%E6%A7%8B%E5%B8%AB-pre-sales-at-adecco-3639867546/?originalSubdomain=tw 軟體開發工程師(資安暨網路事業處) https://www.104.com.tw/job/2n1cr?jobsource=google_job 網路工程師 - Network Engineer https://www.104.com.tw/job/6hsgy?jobsource=hotjob_chr 【STAFF】MIS 資訊管理師 (新竹)(資安相關)_無經驗可 https://www.104.com.tw/job/775tr?jobsource=jolist_b_relevance 資訊安全工程師 https://www.104.com.tw/job/6ndq1?jobsource=jolist_b_relevance 資安工程師(合規與技術檢測) https://www.104.com.tw/job/7wx4j?jobsource=jolist_b_relevance 資安顧問/工程師 Security Consultant /Security Presales https://www.104.com.tw/job/7i2vq?jobsource=jolist_b_relevance 資深資訊安全工程師 ( 正式; 待優; 台北所) https://www.104.com.tw/job/7p34j?jobsource=jolist_b_relevance 【資訊專業】資安工程師 https://www.104.com.tw/job/6swph?jobsource=jolist_b_relevance (SOC)資安監控中心資安工程師 https://www.104.com.tw/job/70hww?jobsource=jolist_b_relevance 資訊安全合規審查人員 https://www.104.com.tw/job/7jjn1?jobsource=jolist_b_relevance 資安工程師 https://www.104.com.tw/job/77uw6?jobsource=jolist_b_relevance 【資訊板塊】雲端資安工程師 https://www.104.com.tw/job/7hkcv?jobsource=jolist_b_relevance 【資訊】資安管理人員 https://www.104.com.tw/job/69jq5?jobsource=jolist_b_relevance 【資安所】網路資安分析師 https://www.104.com.tw/job/80oat?jobsource=jolist_b_relevance 資安工程師 https://www.104.com.tw/job/5u8ui?jobsource=jolist_b_relevance 網路資安工程師_12030 https://www.104.com.tw/job/7reg8?jobsource=jolist_b_relevance 資安工程師(桃園市)-集團擴大徵才 https://www.104.com.tw/job/7wfzw?jobsource=m104 資安研發工程師(RD) https://www.104.com.tw/job/80s7m 資安工程師 https://www.104.com.tw/job/7xfdb?jobsource=job_same_b 網路資安工程師 https://www.104.com.tw/job/7ifkz?jobsource=jolist_b_relevance 資訊_資訊安全管理師(技術) https://www.104.com.tw/job/7o6qd?jobsource=jolist_b_relevance 【振宇五金】網路資安工程師 https://www.104.com.tw/job/7x2gu?jobsource=jolist_b_relevance 資安工程師 https://www.104.com.tw/job/7wxef?jobsource=jolist_b_relevance 台中網路資安工程師 https://www.104.com.tw/job/7r5tp?jobsource=jolist_b_relevance 駐點資安工程師(台中) https://www.104.com.tw/job/7hya9?jobsource=jolist_b_relevance 資訊部門-資訊安全防禦專家 https://www.104.com.tw/job/7bxt2?jobsource=jolist_b_relevance D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 美國路易斯安那州、奧勒岡州證實遭到MOVEit Transfer零時差漏洞攻擊，超過350萬民眾個茲可能外洩 https://www.bleepingcomputer.com/news/security/millions-of-oregon-louisiana-state-ids-stolen-in-moveit-breach/ ASEC Weekly Phishing Email Threat Trends (June 4th 2023 – June 10th, 2023) https://asec.ahnlab.com/en/54662/ Xneelo Users Targeted in a Multi-stage Phishing Attack https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/ 10萬臺電腦遭竊資軟體入侵，ChatGPT帳密資料流入暗網 https://www.group-ib.com/media-center/press-releases/stealers-chatgpt-credentials/ Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces https://thehackernews.com/2023/06/over-100000-stolen-chatgpt-account.html 社群網站Reddit於2月傳出資料外洩，背後疑勒索軟體BlackCat所為 https://www.bleepingcomputer.com/news/security/reddit-hackers-threaten-to-leak-data-stolen-in-february-breach/ 駭客利用可繞過雙因素驗證的工具，每月散布百萬則網釣訊息 https://www.proofpoint.com/uk/resources/threat-reports/human-factor 假借記者採訪名義與幣圈人士互動、實為網釣攻擊！近2千人遇害、損失300萬美元 https://drops.scamsniffer.io/post/pink-drainer-steals-3m-from-multiple-hack-events-including-openai-cto-orbiter-finance/ 音樂串流服務Spotify違反GDPR判罰500萬歐元 https://www.imy.se/en/news/administrative-fee-against-spotify/ 侯友宜台大開講「報名個資」外洩！學生怒：遭貼標籤肉搜 https://www.setn.com/News.aspx?NewsID=1311072 强化感知阻断，加快响应处置，提高防范意识——浅议高校钓鱼邮件应对策略 https://www.aqniu.com/learn/97111.html E.研究報告/工具 研究人員揭露鎖定WordPress網站的Balada Injector攻擊行動 https://cybernews.com/security/wordpress-malware-epidemic-balada-injector/ 弱點掃描工具大解密！免費工具推薦與優缺點比較 https://www.pcschool.com.tw/blog/it/vulnerability-assessment-tool FAIR定量風險分析模型實用性高受重視，量化資安風險有助溝通風險問題、確定資安投資 https://www.ithome.com.tw/news/157441 如何快速学习网络安全知识 https://www.aqniu.com/vendor/97136.html 《软件成分分析（SCA）技术应用指南》报告发布 https://www.aqniu.com/vendor/97124.html 基于云的恶意软件传播：GuLoader的技术迭代过程 https://www.4hou.com/posts/yAXg CVE-2022-42475-FortiGate-SSLVPN 堆溢出漏洞分析 https://paper.seebug.org/2082/ Activities in the Cybercrime Underground Require a New Approach to Cybersecurity https://thehackernews.com/2023/06/activities-in-cybercrime-underground.html Introducing AI-guided Remediation for IaC Security / KICS https://thehackernews.com/2023/06/introducing-ai-guided-remediation-for.html SaaS in the Real World: How Global Food Chains Can Secure Their Digital Dish https://thehackernews.com/2023/06/saas-in-real-world-how-global-food.html Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems https://thehackernews.com/2023/06/researchers-discover-new-sophisticated.html Startup Security Tactics: Friction Surveys https://thehackernews.com/2023/06/startup-security-tactics-friction.html F.商業 借鏡遊戲產業策略，逐步建構企業資安韌性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10512&mod=1 戴爾科技集團推出Project Fort Zero推動安全性轉型 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10514&mod=1 思科以生成式人工智慧締造更強大的安全防護 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10515&mod=1 掌握國際市場最新威脅態勢　增進緩解數位營運風險能力 DDoS攻擊手法再進化　分散式佈建過濾展優勢 https://www.netadmin.com.tw/netadmin/zh-tw/trend/5186A35C065C46808E574906B99EF88C 資料外洩警訊：採用零信任架構，台灣企業的最佳選擇 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?CnlID=14&cat=50&id=0000666287_KTZ31UJC7LEA088112C15 全景軟體助力日本製造業應對網路安全挑戰 https://n.yam.com/Article/20230619326332 防金融詐騙 台專家促加強防詐教育 https://www.epochtimes.com/b5/23/6/18/n14018288.htm Google 將出售 Google Domains 給 Squarespace https://www.inside.com.tw/article/31950-google-unexpectedly-sells-its-domain-hosting-business-to-squarespace G.政府 新北市政府在報告資安改善計畫的內容中透露資安態勢，每個月遭遇逾8千萬次資安攻擊 https://tw.nextapple.com/life/20230619/3A04619BC5D2F4A97287DB36DDBC850B 新北1年半駭客網路攻擊逾14億次 研考會：15次輕微侵入 https://reurl.cc/lDgqW6 駭客攻擊新北市府 17個月逾14億次 https://udn.com/news/story/7323/7246729 網路部隊的人才管理與發展 https://talk.ltn.com.tw/article/paper/1589266 李喜明：國軍網軍應師法以國8200部隊 https://today.line.me/tw/v2/article/penPDJe 總統接見第3屆尋找資安女婕思前三名獲獎隊伍 https://www.nstc.gov.tw/folksonomy/detail/1f914283-82bb-4508-a867-4aa4917e55ec?l=CH&utm_source=rss 蔡英文：資安即國安 加強防護邁向數位國家 https://news.ltn.com.tw/news/politics/breakingnews/4339772 邁向數位國家 總統：持續加強資安防護韌性 https://www.rti.org.tw/news/view/id/2171298 資安國安 沒有更好只有更壞 https://reurl.cc/OvGl97 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 華碩修補近20款路由器重大漏洞 https://www.bleepingcomputer.com/news/security/asus-urges-customers-to-patch-critical-router-vulnerabilities/ ASUS Releases Patches to Fix Critical Security Bugs Impacting Multiple Router Models https://thehackernews.com/2023/06/asus-releases-patches-to-fix-critical.html Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products https://thehackernews.com/2023/06/researchers-expose-new-severe-flaws-in.html 兆勤修補NAS重大漏洞 https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products Zyxel Releases Urgent Security Updates for Critical Vulnerability in NAS Devices https://thehackernews.com/2023/06/zyxel-releases-urgent-security-updates.html 研究人員揭露施耐德電機、Wago設備的漏洞 https://www.forescout.com/blog/ot-icefall-ot-security-design-and-patching/ 駭客發現特斯拉內建有「Elon Mode」：可以讓嘮叨的特斯拉「閉嘴」，雙手放開方向盤也不會被警告 https://www.techbang.com/posts/107345-hackers-discovered-that-tesla-has-built-in-elon-mode-you-can I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 6.近期資安活動及研討會 從「會動就好」到「持續營運」 2023/6/24 https://www.accupass.com/event/2305270631121994465958 Raspberry Pi 樹莓派社群聚會 #38 2023/6/26 https://raspberrypi-tw-bdfa45.kktix.cc/events/meetup38 「以小博大：透過工具及社群提升公民數位韌性」座談會 2023/6/27 https://www.twsig.tw/20230627/ 黑客視角：網站漏洞挖掘與防禦 ( 線上課程) 2023/6/27 https://forms.gle/JpThJxMgxZd3uNh39 黑客視角：網站漏洞挖掘與防禦 ( 實體課程) 2023/6/28 https://forms.gle/qQAqx8KZzzntSyLd9 SaaS軟體PM-技術實戰班｜AWS雲端架構設計｜軟體資安｜AWS實作Lab｜模擬試題 2023/6/30 https://www.accupass.com/event/2305310854254976071070 SGS汽車供應鏈發展新趨勢 研討會 電動車產業關鍵佈局 迎向智慧 安全新未來 2023/7/4 https://www.accupass.com/event/2304250153518811535560 網路自由小聚 [7月] ：數位人權國際會議 會後分享會 2023/7/4 https://ocftw.kktix.cc/events/internetfreedom-july 2023-零信任存取 - APPLE資安研討會 2023/7/5 https://2023gettechnology.kktix.cc/events/48f91757 台灣駭客年會 HITCON Training 2023 2023/7/12 ~ 2023/7/15 https://hitcon.kktix.cc/events/hitcon-training-2023 大數據分析進階班 2023/7/27 ~ 2023/7/28 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=600 【舒虎教育】《區塊鏈初階課程》平日班 2023/7/27 ~ 2023/7/28 https://www.accupass.com/event/2305280843071623542481 【舒虎教育】《區塊鏈初階課程》假日班 2023/7/29 ~ 2023/7/30 https://www.accupass.com/event/2305280843202058678448 COSCUP 2023 2023/07/29 ~ 2023/07/30 https://coscup.org/2023/zh-TW/landing InfoSec Taiwan 2023 國際資安大會 2023/8/1 ~ 2023/8/3 https://csa.kktix.cc/events/infosectaiwan2023 大數據分析進階班 2023/8/10 ~ 2023/8/11 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=611 DEF CON 32 2023/8/10 ~ 2023/8/13 https://defcon.org/index.html AIoT應用實作研習班 2023/8/16 ~ 2023/8/17 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=601 HITCON CMT 2023 2023/08/18 ~ 2023/08/19 https://hitcon.org/2023/CMT/ 大數據分析進階班 (台中) 2023/8/21 ~ 2023/8/22 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=612 AIoT應用實作研習班 (台中) 2023/8/23 ~ 2023/8/24 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=604 PyCon TW 2023 2023/9/2 ~ 2023/9/3 https://tw.pycon.org/2023/zh-hant/registration/tickets Web應用滲透測試 2023/9/7 ~ 2023/9/8 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=631 Hou.Sec.Con 2023/10/12 ~ 2023/10/13 https://web.cvent.com/event/76d46ccb-fe00-4fe5-ba46-e4a77c807f21/summary (ISC)2 SECURITY CONGRESS LEAD WITH CONFINDENCE 2023/10/25 ~ 2023/10/27 https://www.isc2.org/Congress-2023