###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/3/25 ~ 2024/3/29 1.重大弱點漏洞/後門/Exploit/Zero Day Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect 中國駭客組織UNC5174鎖定BIG-IP、Confluence、ScreenConnect漏洞發動攻擊 https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect 中國國家級駭客組織UNC5174利用ScreenConnect、F5 BIG-IP漏洞鎖定國防及政府單位 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11004 FortiClient EMS存在危急漏洞，且已被用於攻擊行動 https://www.scmagazine.com/news/fortinet-forticlient-ems-sql-injection-flaw-exploited-in-the-wild 美國呼籲科技業者清查軟體的SQL注入漏洞 https://www.cisa.gov/resources-tools/resources/secure-design-alert-eliminating-sql-injection-vulnerabilities-software CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products https://thehackernews.com/2024/03/cisa-alerts-on-active-exploitation-of.html 蘋果 M 系晶片新安全漏洞 駭客或能從 CPU 緩存偷取敏感數據 https://reurl.cc/zlV1xe 蘋果M系列處理器存在微架構旁路弱點GoFetch，恐被用於竊取加密演算法金鑰 https://www.ithome.com.tw/news/161909 New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys https://thehackernews.com/2024/03/new-gofetch-vulnerability-in-apple-m.html 思科針對啟用VPN功能的防火牆用戶提出警告，疑與殭屍網路攻擊有關 https://www.bleepingcomputer.com/news/security/cisco-warns-of-password-spraying-attacks-targeting-vpn-services/ 可引發工作階段劫持、底層執行遠端程式碼！AWS修補嚴重漏洞FlowFixation https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11007 微軟Edge瀏覽器存在漏洞，攻擊者有可能暗中植入惡意延伸套件 https://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca CISA警告SharePoint的程式碼注入漏洞CVE-2023-24955已被用於攻擊行動 https://www.cisa.gov/news-events/alerts/2024/03/26/cisa-adds-one-known-exploited-vulnerability-catalog Splunk修補旗下產品的高風險漏洞 https://www.securityweek.com/splunk-patches-vulnerabilities-in-enterprise-product/ AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking https://thehackernews.com/2024/03/aws-patches-critical-flowfixation-bug.html 微軟三月例行更新導致Windows Server當機，22日發布緊急更新 https://ithome.com.tw/news/161931 https://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-domain-controller-crashes-reboots/ https://support.microsoft.com/en-us/topic/march-22-2024-kb5037422-os-build-20348-2342-out-of-band-e8f5bf56-c7cb-4051-bd5c-cc35963b18f3 https://support.microsoft.com/en-us/topic/march-22-2024-kb5037423-os-build-14393-6799-out-of-band-1775cda2-4bb6-43a9-9fd4-ddc3528d3408 https://support.microsoft.com/en-us/topic/kb5037426-update-to-address-a-known-issue-that-affects-lsass-in-windows-server-2012-r2-eda1002a-4b4d-4c99-8383-b0e2bab5c1d0 Windows 10 KB5035941 update released with lock screen widgets https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5035941-update-released-with-lock-screen-widgets/ Windows 11 KB5035942 update enables Moment 5 features for everyone https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5035942-update-enables-moment-5-features-for-everyone/ CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability https://thehackernews.com/2024/03/cisa-warns-hackers-actively-attacking.html OMICARD EDM行銷發送系統 v6.0.1.5存在漏洞，建議請管理者儘速評估更新 https://www.klcg.gov.tw/tw/education/3522-280410.html Mozilla修補Pwn2Own揭露的Firefox零時差漏洞 https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/ Mozilla發布Firefox 124.0.1、115.9.1，修補Pwn2Own揭露的零時差漏洞 https://www.bleepingcomputer.com/news/security/mozilla-fixes-two-firefox-zero-day-bugs-exploited-at-pwn2own/ AMD Zen處理器恐面臨ZenHammer記憶體攻擊的風險 https://comsec.ethz.ch/research/dram/zenhammer/ 搭載AMD Zen 2、Zen 3處理器的電腦恐面臨ZenHammer記憶體攻擊風險 https://www.securityweek.com/zenhammer-attack-targets-dram-on-systems-with-amd-cpus/ Security bulletin: Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (CVE-2024-28784) https://www.ibm.com/support/pages/node/7145260 New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs https://thehackernews.com/2024/03/new-zenhammer-attack-bypasses-rowhammer.html Security bulletin: Security Bulletin: IBM QRadar SIEM is vulnerable to command injection and cross-site scripting (CVE-2023-50961, CVE-2023-50960) https://www.ibm.com/support/pages/node/7145262 Security bulletin: Security Bulletin: IBM QRadar SIEM is vulnerable to AJP Smuggling (CVE-2022-26377) https://www.ibm.com/support/pages/node/7145265 Security bulletin: Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities https://www.ibm.com/support/pages/node/7145367 Hackers exploit Ray framework flaw to breach servers, hijack resources https://reurl.cc/YVgrKD CVE-2024-1086 https://github.com/notselwyn/cve-2024-1086 CVE-2023-42931: macOS Flaw Exposed Systems to Easy Privilege Escalation – Patch Now! https://securityonline.info/cve-2023-42931-macos-flaw-exposed-systems-to-easy-privilege-escalation-patch-now/ LoadMaster Security Vulnerability CVE-2024-1212 https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212 報告：零日漏洞利用率激增，商業間諜軟體是主要利用者 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11009 Google修補Pwn2Own揭露的Chrome零時差漏洞 https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html Google報告指去年第三方元件零時差漏洞攻擊增加，鎖定企業軟硬體創新高 https://www.ithome.com.tw/news/162014 人工智慧框架Ray漏洞遭到鎖定，攻擊者挾持運算能力挖礦、竊取機敏資料 https://www.bleepingcomputer.com/news/security/hackers-exploit-ray-framework-flaw-to-breach-servers-hijack-resources/ New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking https://thehackernews.com/2024/03/new-linux-bug-could-lead-to-user.html 2.銀行/金融/保險/證券/金融監理 新聞及資安 金融業永續報告書趨勢分析：聚焦資安與風險管理 https://www.quickseek.com.tw/public_industry/552 群益期貨通過ISO新版驗證 https://www.tssdnews.com.tw/?FID=64&CID=730395 CHAVECLOAK肆虐巴西各大銀行　隱身監控竊取用戶資訊 新型木馬病毒鎖定金融業　攻擊手法複雜刁鑽難防 https://www.netadmin.com.tw/netadmin/zh-tw/trend/65B59AB522AB45A1AEA10C59D85045C4 個資外洩銀行是幫兇？金管會將徹查3家業者 https://www.cardu.com.tw/news/detail.php?47459 遠東科大要改名中信科技大學！聚焦實用人才　強調「入學即就業」 https://tw.nextapple.com/life/20240326/FAD55F07D4A7F1E841AA8BB8607C7B07 強化金融同業情資分享提升資安韌性 全國農業金庫蟬聯F-ISAC會員情資分享表現特優機構 https://money.udn.com/money/story/6722/7859108?from=edn_newestlist_cate_side 翁浩正：金融資安應轉守為攻 https://www.wealth.com.tw/articles/684db376-f99d-4eee-9337-781959c84620 瑞興銀行通過ISO27001：2022 接軌國際資安與標準 https://money.udn.com/money/story/5636/7859689 人行迎新女副行長 「70後」陶玲出任 多次強調金融穩定 https://www.chinatimes.com/realtimenews/20240327003567-260409?chdtv 微軟Microsoft Copilot Studio 與 Azure OpenAI助力中華開發金控，加速AI發展，打造即戰力 https://www.businessweekly.com.tw/business/indep/1004303 銀行協理控出席協調會被「軟禁」　林岱樺還原始末嗆子虛烏有 https://www.ftvnews.com.tw/news/detail/2024328P14M1 立院財政委員考察櫃買中心 資安恐衝擊金融市場 https://udn.com/news/story/7239/7861635 衣索比亞銀行系統出包 民眾存款暴增搶領數億元 https://news.pts.org.tw/article/687643 華南永昌證券員工透過Line洩露客戶下單資料，遭停職1個月，公司被罰30萬 https://finance.ettoday.net/news/2708466 越南證券商遭受網路攻擊，被迫暫停交易 https://www.darkreading.com/cyberattacks-data-breaches/vietnam-securities-broker-suffered-cyberattack-that-suspended-trading Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice https://thehackernews.com/2024/03/alert-new-phishing-attack-delivers.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安 方便使用/不設實名制屬最大優勢 https://www.tkww.hk/epaper/view/newsDetail/1772333663107813376.html 八達通最新「全國通」3.26登場！一文睇清購買地點、增值/使用方法、 「深港一卡通」分別 網民評價：實體卡不合時宜 https://reurl.cc/D4zpY5 防詐九招 生物辨識驗身份 行動支付再升級 重塑堅固金融防火牆 https://wantrich.chinatimes.com/news/20240323900154-420501 全盈支付「金流帶碳流」　攜手13產業、5領域減碳換獎勵 https://tw.nextapple.com/finance/20240326/7D7C4C7640E3112D3255AE7F807038EF 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 AirDAO更新駭客攻擊狀況：總共約4161萬枚AMB代幣和126.5枚ETH被盜，社群資金安全 https://www.panews.io/zh_hk/sqarticledetails/a612qpepFt.html AirDAO發布聲明：獨立駭客攻擊僅影響特定流動性池，社區資金安全無憂 https://news.cnyes.com/news/id/5500253 Super Sushi Samurai 上線不到一周遭攻擊，幣價慘跌 100% https://blockcast.it/2024/03/22/super-sushi-samurai-hacked-for-4-6-million-by-white-hat-hacker/ 過去24小時全網合約爆倉2.23億美元，其中多單爆倉1.64億美元 https://www.panewslab.com/zh_hk/sqarticledetails/j44ib8jtFt.html 新一輪加密貨幣駭客攻擊，2024 年令人震驚的案例 https://mpost.io/zh-TW/the-new-wave-of-cryptocurrency-hacks-shocking-cases-of-2024/ 以太坊創辦人布特林訪台！　戴宮廟帽.競選背心接地氣 https://news.cts.com.tw/cts/general/202403/202403232302115.html#google_vignette 洛杉磯警方追回被盜的價值690萬美元比特幣礦機，嫌犯已被拘留 https://www.panewslab.com/zh_hk/sqarticledetails/h2d6s918Ft.html 昨日比特幣現貨ETF淨流出5,160萬美元，貝萊德ETF淨流入僅1,889萬美元續創新低 https://www.panewslab.com/zh_hk/sqarticledetails/hefpjjsyFt.html 北韓透過龍捲風現金向貝萊德發送加密貨幣 https://portalcripto.com.br/zh-TW/%E5%8C%97%E9%9F%93%E9%80%8F%E9%81%8E%E9%BE%8D%E6%8D%B2%E9%A2%A8%E7%8F%BE%E9%87%91%E5%90%91%E9%BB%91%E7%9F%B3%E7%99%BC%E9%80%81%E5%8A%A0%E5%AF%86%E8%B2%A8%E5%B9%A3/ CNBC：Anthropic將出售FTX持有的公司股份，但沙烏地阿拉伯買家已被排除 https://www.panewslab.com/zh_hk/sqarticledetails/gk926ntbFt.html 比特幣大騙局：竊盜、駭客、投機者，加密貨幣交易所Mt. Gox的腐敗運作與破產真相 https://www.books.com.tw/booksComment/getCommemt/0010924768 幣圈鬼故事！$SSS 遊戲幣 1 秒暴跌 99%，「這件事」讓 480 萬瞬間歸零 https://www.binance.com/zh-TC/square/post/5735897754866 Super Sushi Samurai：攻擊事件已解決，SSS v2池將恢復至駭客攻擊前的資金量 https://news.cnyes.com/news/id/5501495 一聰明投資者10天前用1.5枚SOL換取930萬枚BAG，目前已獲利25萬美元 https://news.cnyes.com/news/id/5501496 鏈游The Beacon將於四月發布新任務，參與者可獲得項目生態代幣 https://news.cnyes.com/news/id/5501494 華爾街分析師：逢低買入比特幣機會來了，BTC關鍵支撐位在哪 https://www.blocktempo.com/when-can-bitcoin-hit-the-bottom/ 虛擬貨幣成詐團新歡 法務部推修法：幣商也要負刑責 https://news.ltn.com.tw/news/society/paper/1636922 U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions https://thehackernews.com/2024/03/us-sanctions-3-cryptocurrency-exchanges.html Super Sushi Samurai：攻擊事件已解決，SSS v2池將恢復至駭客攻擊前的資金量 https://m.cnyes.com/news/id/5501495 速覽ETHGlobal Farcaster Frames駭客松10個獲勝項目 https://news.cnyes.com/news/id/5502602 盤點四款Solana TG交易Bot，Meme愛好者的必備利器 https://news.cnyes.com/news/id/5502722 派盾：駭客詐騙集團Pink Drainer已將總計1,200萬枚DAI質押到Spark中 https://www.panewslab.com/zh_hk/sqarticledetails/vbz4du2rFt.html 慢霧：Munchables某開發者係北韓駭客，其在獲得團隊信任後發動攻擊 https://www.panewslab.com/zh_hk/sqarticledetails/iio4xa9vFt.html 涉比特幣洗錢800億 英國華裔餐館工暴發變富婆 https://news.ltn.com.tw/news/world/breakingnews/4620763 比特幣擺脫近來頹勢 下一歷史新高價是83,000美元 https://news.cnyes.com/news/id/5504623 KuCoin遭美司法部、CFTC起訴》指控原因、官方與社群反應、資金擠兌、未來會如何 https://www.blocktempo.com/kucoin-and-its-founder-charged-by-u-s-prosecutors/ 生態專案遭駭 6 千萬鎂！Blast 面臨「權力下放」抉擇：回滾交易還是放任駭客 https://zombit.info/web3-gaming-platform-munchables-loses-62-5-million-in-exploit/ Sceopscan：監控Munchables駭客相關幣安存款地址 https://www.panewslab.com/zh_hk/sqarticledetails/mbrqp6p5Ft.html Sceopscan：已監測到Munchables駭客的Binance存款地址 https://news.cnyes.com/news/id/5505435 慢霧餘弦：Munchables某開發者系朝鮮駭客，其在獲得團隊信任後發起攻擊 https://m.cnyes.com/news/id/5504941 Blast優勝項目「Munchables」遭駭！損失6,250萬鎂，分析師：北韓駭客潛入團隊… https://www.blocktempo.com/blast-chains-munchables-project-was-exposed-to-a-hacker-incident/ Munchables駭客向Orbiter Finance發送3枚ETH進行測試 https://news.cnyes.com/news/id/5505226 Web3遊戲平台遭黑客入侵 被竊近5億元以太幣 北韓開發者被指是「兇手」 https://reurl.cc/rrm1L1 Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining https://thehackernews.com/2024/03/critical-unpatched-ray-ai-platform.html 全球領先交易平台CoinW和公認反洗錢師協會共築安全之網，聯合舉辦防制洗錢與打擊資恐專班 https://today.line.me/tw/v2/article/9mRLnBE 涉違《反洗錢法》! 未進行客戶驗證 庫幣與華裔創始人遭美起訴 https://reurl.cc/K4mb1n Owlto Finance復盤Munchables駭客事件：協助Pacman和ZachXBT確保Blast鏈資金安全 https://news.cnyes.com/news/id/5506185 Grayscale 認為以太幣現貨 ETF 會成功在 5 月上市 https://news.owlting.com/articles/648649 美司法部、 CFTC 聯手出擊！控告 KuCoin 違反銀行保密法、無照經營 https://blockcast.it/2024/03/27/kucoin-criminally-charged-by-us-doj-for-violating-bank-secrecy-act/ ACE向法院聲請稱「凱基銀行資金進出受阻、無法發員工薪水」，執行長選任臨時管理人遭駁回 https://www.blocktempo.com/ace-interim-managers-request-was-rejected/ NFPrompt因安全問題將進行代幣置換以棄用舊NFP代幣，快照將於今日18:00進行 https://www.panewslab.com/zh_hk/sqarticledetails/b11y07usFt.html 曝光北韓駭客錢包地址！美 FBI 示警：持有 1,580 枚比特幣，可能會套現 https://www.binance.com/bg/square/post/1016880 BTC減半將至，盤點5大專案生態佈局：Merlin、Stacks、B²、BounceBit.. https://www.blocktempo.com/halving-is-coming-five-major-projects-btc-ecosystem-will-take-advantage-of/ 涉嫌以加密貨幣助哈瑪斯募款 網媒遭英美制裁 https://news.ltn.com.tw/news/world/breakingnews/4622479 150億鎂比特幣、以太坊選擇權週五到期，小心波動 https://www.blocktempo.com/bitcoin-and-ethereum-15-billion-options-expire-on-friday/ Prisma Finance 遭受攻擊，資安專家評論：Restaking 爆了一個，損失超過一千萬鎂 https://abmedia.io/prisma-finance-been-exploited 數據：加密產業在今年Q1因駭客攻擊和詐騙損失了3.36億美元 https://www.panewslab.com/zh_hk/sqarticledetails/90i1n9j5Ft.html Owlto Finance復盤Munchables駭客事件：第一時間協助Pacman和ZachXBT確保Blast鏈資金安全 https://news.cnyes.com/news/id/5506180 去中心化AI數據網路Port3 Network將上線Solana https://news.cnyes.com/news/id/5506179 NFPrompt：將進行代幣置換啟用新NFP代幣，快照於今日18:00進行 https://news.cnyes.com/news/id/5506992 派盾：針對Prisma的攻擊仍在進行中，損失擴大至1160萬美元 https://news.cnyes.com/news/id/5507829 動視暴雪正在調查一項針對玩家包括竊取加密錢包的駭客活動 https://news.cnyes.com/news/id/5507997 Prisma Finance 合約已關閉，團隊：請用戶取消相關授權 https://abmedia.io/prisma-finance-asks-users-to-revoke-approvement 穩定幣專案Midas完成875萬美元種子輪融資 https://www.panewslab.com/zh_hk/sqarticledetails/t6qleh7uFt.html 卑詩追查破產加密幣公司 溫哥華保險箱搜出金條珠寶 https://reurl.cc/lgGd3d 加密貨幣交易平臺FTX創辦人SBF因詐欺被判刑25年 https://www.ithome.com.tw/news/162034 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Google人工智慧搜尋建議內容疑遭SEO中毒，參雜惡意網站連結 https://www.bleepingcomputer.com/news/google/googles-new-ai-search-results-promotes-sites-pushing-malware-scams/ 惡意程式BunnyLoader 3.0被用於竊取受害電腦資料，並散布其他惡意軟體 https://unit42.paloaltonetworks.com/analysis-of-bunnyloader-malware/ 北韓駭客組織Kimsuky利用CHM檔案散布惡意程式 https://www.rapid7.com/blog/post/2024/03/20/the-updated-apt-playbook-tales-from-the-kimsuky-threat-actor-group/ 德國政黨團體遭到俄羅斯駭客APT29鎖定，散布惡意軟體WineLoader https://www.mandiant.com/resources/blog/apt29-wineloader-german-political-parties 數款安卓惡意程式鎖定土耳其、俄羅斯，以及東南亞用戶而來 https://securelist.com/crimeware-report-android-malware/112121/ 伊朗駭客組織假借徵才名義散布後門程式FalseFont https://unit42.paloaltonetworks.com/curious-serpens-falsefont-backdoor/ 竊資軟體StrelaStealer透網路釣魚攻擊歐洲、美國超過一百個組織 https://unit42.paloaltonetworks.com/strelastealer-campaign/ 木馬程式DinodasRAT鎖定Linux主機而來，攻擊範圍涵蓋臺灣、中國、土耳其 https://securelist.com/dinodasrat-linux-implant/112284/ PUA：Win32/Softcnapp 惡意病毒 https://malwarefixes.com/threats/puawin32-softcnapp/ VMware ESXi伺服器遭勒索軟體Agenda鎖定 https://www.trendmicro.com/en_us/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html 惡意軟體Sign1鎖定WordPress網站而來，逾3.9萬個網站受害 https://blog.sucuri.net/2024/03/sign1-malware-analysis-campaign-history-indicators-of-compromise.html 駭客佯裝印度空軍做為幌子，對國防及能源單位散布惡意程式 https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign 為因應惡意軟體攻擊，PyPI套件庫再傳暫停用戶註冊、成立新專案 https://www.bleepingcomputer.com/news/security/pypi-suspends-new-user-registration-to-block-malware-campaign/ 竊資軟體HackBrowersData鎖定印度政府機關、能源業者而來 https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties https://thehackernews.com/2024/03/russian-hackers-use-wineloader-malware.html New Go loader pushes Rhadamanthys stealer https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties https://thehackernews.com/2024/03/russian-hackers-use-wineloader-malware.html The ghost of TellYouThePass lingers https://cert.360.cn/report/detail?id=65fceeb4c09f255b91b17f11 TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service https://reurl.cc/v0YjzL TheMoon惡意軟體變種肆虐！ 超過 6千台ASUS 路由器已被感染 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11008 殭屍網路TheMoon攻佔廠商不再提供支援的網路設備，短短72小時綁架逾6千臺華碩路由器 https://blog.lumen.com/the-darkside-of-themoon/ Google: Spyware vendors behind 50% of zero-days exploited in 2023 https://www.bleepingcomputer.com/news/security/google-spyware-vendors-behind-50-percent-of-zero-days-exploited-in-2023/ PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers https://thehackernews.com/2024/03/pypi-halts-sign-ups-amid-surge-of.html Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries https://thehackernews.com/2024/03/linux-version-of-dinodasrat-spotted-in.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 中國“手機農場”大量控制手機主機板提供非法服務 https://reurl.cc/N4Wov9 iOS 17.4.1 正式版更新改進了什麼？5 大重點細節深度解析 https://mrmad.com.tw/new-ios-1741-releases 蘋果發布iOS 17.4.1、macOS Sonoma 14.4.1，修補AV1影音解碼器漏洞 https://www.securityweek.com/apple-patches-code-execution-vulnerability-in-ios-macos/ 蘋果防堵聲音指紋辨識用戶身分的措施遭到破解 https://www.ithome.com.tw/news/161711 傳iPhone可能在中國使用百度AI聊天機器人 https://www.ithome.com.tw/news/161945 Apple 日誌 app 會向他人分享位置與姓名？官方：僅影響建議功能優先順序 https://today.line.me/tw/v2/article/NvEwg0k 蘋果用戶快更新！官方公布2大安全漏洞　恐讓駭客入侵後台 https://news.tvbs.com.tw/tech/2436281 想讓 Apple Watch 相容 Android？技術可能不太容易 https://technews.tw/2024/03/25/apple-watch-android/ iPhone被「重設密碼通知」轟炸？　專家警告：駭客新手法 https://today.line.me/tw/v2/article/GgpmOGZ iPhone用戶當心！Apple帳號「這一設定」竟淪網路釣魚 駭客新手法曝光 https://tech.udn.com/tech/story/123151/7858861 iPhone用戶遭到網釣攻擊套件Darcula鎖定，藉由iMessage散布釣魚簡訊 https://www.netcraft.com/blog/darcula-smishing-attacks-target-usps-and-global-postal-services/ 大型Discord機器人社群遭受供應鏈攻擊 http://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/ 免費VPN 恐讓安卓手機成駭客幫兇！28款惡意 App 被Google強制下架 https://3c.ltn.com.tw/news/57548 中華電信、遠傳、台灣大將在6/30前關閉3G網路，手機不支援VoLTE將無法通話 https://www.ithome.com.tw/news/162033 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 培育優秀女性科技人才 國科會「2024 GiCS尋找資安女婕思」即日啟動 https://udn.com/news/story/6871/7847169 忽略資安，分紅直接砍半！人資的資安不是科技，而是「人性」 https://www.cheers.com.tw/talent/article.action?id=5103040 DEVCORE資安研討會登場，揭露最新攻擊技術手法與企業資安破口 https://www.ithome.com.tw/news/161917 聚焦攻擊技術核心，DEVCORE持續活絡台灣資安社群交流 https://money.udn.com/money/story/5635/7854654 吳淡如爆日本羽田機場「百台電腦當機」　現場畫面超震撼 https://news.housefun.com.tw/news/article/147328417435.html 台網攻事件每秒1.5萬次 業者組台灣資安大聯盟強化防禦力 https://www.ctee.com.tw/news/20240328700923-431401 新 DoS 攻擊手法「Loop DoS」，恐讓 30 萬台主機暴露風險下 https://www.inside.com.tw/article/34570-loop-dos 提高TLS安全! 微軟將淘汰Windows系統1024位元RSA金鑰 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10997 【因應10大不當配置：藍隊篇】面對常見錯誤配置引發的資安風險，網路防守者有因應之道可參考 https://www.ithome.com.tw/news/159280 前美情報人員受雇替阿聯當駭客 3人罰近5千萬 https://today.line.me/tw/v2/article/oMLqlo 巴黎奧運資安商源訊虧損甚鉅 矢言確保賽事不受影響 https://www.cna.com.tw/news/aopl/202403260449.aspx 對岸加入戰局、駭客竊密毀人設！ 陳明通談林智堅論文門始末 https://news.ltn.com.tw/news/politics/breakingnews/4618010 美起訴7名與中國當局相關駭客 全球數千人受害 https://www.cna.com.tw/news/aopl/202403260020.aspx 英國、紐西蘭指控中國惡意網攻破壞民主，英副首相宣布制裁2人1實體並召見大使 https://www.thenewslens.com/article/200669 新西蘭稱中國“國家支持”的黑客組織侵入了其議會的網絡 https://www.voacantonese.com/a/nz-govt-says-chinese-state-sponsored-group-hacked-parliament-20240325/7543056.html 美英相繼宣佈制裁及刑事訴訟 遏制中國網路威脅 https://www.rti.org.tw/news/view/id/2200165 中國政府以資安為由，要求特定單位機構使用PC設備避免使用Intel、AMD處理器 https://reurl.cc/zl3Emy 中共被曝網攻英議會 英副相將宣布調查結果 https://hk.epochtimes.com/news/2024-03-24/28847854#google_vignette 美起訴中國駭客　處於被網攻最前線的臺灣如何應對 https://www.taiwanjustice.net/?p=381331#google_vignette 英副首相將宣布：中共是網攻英國的幕後黑手 https://www.ntdtv.com.tw/b5/20240325/video/386787.html 美英聯手抓中共駭客 英相：中共是劃時代挑戰 https://www.ntdtv.com.tw/b5/20240326/video/386864.html 遭美英紐指控發動網攻 中國使館發聲明反擊 https://www.rti.org.tw/news/view/id/2200224 美英紐控陸 大規模網攻 https://udn.com/news/story/6809/7858273 英美制裁中共網攻 分析：西方忍無可忍 https://reurl.cc/OGlAW7 英國控北京「惡意網路攻擊」！制裁2人1實體　Politico：英外相尷尬了 https://www.ctwant.com/article/326224 CNN:美國將公布竊取美企情資的中國駭客姓名與照片 https://www.worldjournal.com/wj/story/121468/7855827 APT31團伙全球作案 七名中共黑客被美起訴 https://www.epochtimes.com/b5/24/3/25/n14210678.htm 美司法部起訴中國駭客組織「APT31」7名成員，網攻寄出逾一萬封惡意郵件、全球數千人受害 https://www.thenewslens.com/article/200672 時機敏感！美英制裁中國駭客組織APT31 專家：可能與TikTok有關 https://news.ltn.com.tw/news/world/breakingnews/4620749 美國制裁與中國駭客組織APT31有關的武漢曉睿智科技 https://www.justice.gov/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived Finland confirms APT31 hackers behind 2021 parliament breach https://reurl.cc/lgmjxA Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack https://thehackernews.com/2024/03/finland-blames-chinese-hacking-group.html 遭中國大規模網攻14年 美英同步祭制裁、美起訴7駭客懸賞千萬美元 https://reurl.cc/RW5gq6 菲律賓召見中國外交官員抗議攻擊行為 防長嗆聲中國不敢尋求國際仲裁 https://www.voacantonese.com/a/7541293.html 紐西蘭：「國家支持」中國駭客入侵政府電腦系統 https://www.rti.org.tw/news/view/id/2200181 新西蘭議員和議會系統遭到中國駭客攻擊 https://www.epochtimes.com/b5/24/3/28/n14212585.htm 美英指曾遭中國駭客組織攻擊 加拿大聲稱也是目標 https://reurl.cc/aLoqj3 英國、芬蘭、紐西蘭、澳洲指控中國政府指使駭客組織攻擊民主國家政府單位 https://www.ithome.com.tw/news/161948 https://www.gov.uk/government/news/uk-holds-china-state-affiliated-organisations-and-individuals-responsible-for-malicious-cyber-activity https://poliisi.fi/en/-/investigation-into-hacking-of-parliament-s-information-systems-has-been-ongoing https://www.beehive.govt.nz/release/parliamentary-network-breached-prc https://www.foreignminister.gov.au/minister/penny-wong/media-release/cyber-targeting-uk-democratic-institutions https://www.afr.com/technology/leaked-documents-reveal-australia-targeted-by-chinese-hackers-20240325-p5ff4h 美英紐聯手！控大陸支持駭客幕後操刀 針對民主體制發動網路攻擊 https://udn.com/news/story/6809/7857114?from=udn-catelistnews_ch2 全球抗議香港23條生效 籲各國加碼制裁 https://news.ltn.com.tw/news/world/paper/1637418 有竊取加拿大機密之嫌 退役解放軍為何還獲准移民加國 https://reurl.cc/WR6gRZ 荷蘭總理呂特面告習近平 中國網路間諜令人關切 https://www.cna.com.tw/news/aopl/202403280004.aspx 與習近平北京會談 荷蘭總理提出網路間諜問題 https://www.rti.org.tw/news/view/id/2200419 五眼曝光反擊中共駭客 中共黨魁見美企 用毛鄧兩手？｜矢板明夫｜新聞大破解 https://www.youtube.com/watch?v=vabFMPSbWKk 中國駭客組織攻擊東南亞國家聯盟成員及附屬組織 https://unit42.paloaltonetworks.com/chinese-apts-target-asean-entities/ 勒索軟體駭客組織INC Ransom聲稱入侵蘇格蘭國家醫療服務體系，竊得3 TB資料 https://www.bleepingcomputer.com/news/security/inc-ransom-threatens-to-leak-3tb-of-nhs-scotland-stolen-data/ 與Sandworm有關的俄羅斯駭客團體傳出攻擊烏克蘭網路服務供應商 https://therecord.media/ukraine-isps-attacks-solntsepek-sandworm-gru https://t.me/solntsepekZ/1481 https://cert.gov.ua/article/6123309 https://www.triangulum.ua/contacts https://www.facebook.com/kimltd/posts/pfbid03QZycg5jfwGuGKgndeAzEPrABDcHFRp9B5gpsoMm7cHVV5hPWeDZ2UiFhK6TvJGYl?__cft__[0]=AZVLTcvM5rv4ilOSLdulTTY4ae_ShiO5tm29d62aw_-LuqaBWxIjghkGhqA7an58jUdLNJI6ah0Ia2CTG_cWORByUkW8l0dXs9dlmbfyymxhQR5be5usRw51zwDUzDpQSXwogKa6ux1FbQrP3LAi-08osbYY3dxJ9_bGTXtizThbZccLG_ux3_gdvEve03a_1Nc&__tn__=%2CO%2CP-R https://www.facebook.com/misto.tv/posts/pfbid02QLf4nWa6vhRE3Zkf3tYrLQ5HTYhznnmod6MiHCjix63TcPiTVJgxgch3R2fPxNhFl?__cft__[0]=AZU9COTeiDEGbT1gho8DuYSxOzdaFic1pam3bwjZHAQ9VT4rmsF4MCqNrISjDLVbSUaPil_LVG-tIr7Ju-tyXHzLmAshcO5kz7sIeLtrL9aAtlFFl-S6O1QKpAGRI7T1VAKIgO8RN6XD3leqmhXz62Z7jHSlxFE492ECeDgGEcxBSA&__tn__=%2CO%2CP-R https://www.sentinelone.com/labs/acidpour-new-embedded-wiper-variant-of-acidrain-appears-in-ukraine/ N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattack https://thehackernews.com/2024/03/n-korea-linked-kimsuky-shifts-to.html Sketchy NuGet Package Likely Linked to Industrial Espionage Targets Developers https://thehackernews.com/2024/03/malicious-nuget-package-linked-to.html Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks https://thehackernews.com/2024/03/iran-linked-muddywater-deploys-atera.html German Police Seize 'Nemesis Market' in Major International Darknet Raid https://thehackernews.com/2024/03/german-police-seize-nemesis-market-in.html Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others https://thehackernews.com/2024/03/hackers-hijack-github-accounts-in.html US, UK accuse China of cyberespionage that hit millions of people https://www.reuters.com/technology/cybersecurity/us-sanctions-chinese-cyberespionage-firm-saying-it-hacked-us-energy-industry-2024-03-25/ Chinese Hackers Charged in Decade-Long Global Spying Rampage https://www.wired.com/story/china-apt31-us-uk-hacking-espionage-charges-sanctions/ Chinese Hackers Attacking Southeast Asian Nations With Malware Packages https://gbhackers-com.cdn.ampproject.org/c/s/gbhackers.com/chinese-apt-hackers-attacking/amp/ U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation https://thehackernews.com/2024/03/us-charges-7-chinese-nationals-in-major.html Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries https://thehackernews.com/2024/03/two-chinese-apt-groups-ramp-up-cyber.html Crafting Shields: Defending Minecraft Servers Against DDoS Attacks https://thehackernews.com/2024/03/crafting-shields-defending-minecraft.html 資安業務管理師 https://www.104.com.tw/job/7l2js?jobsource=n104bank2 資訊安全管理資深專員 https://www.104.com.tw/job/89qt9 會計師事務所徵才出招！　KPMG宣布7月新鮮人起薪4萬 https://finance.ettoday.net/news/2706330 若要應徵非資安的工程師考取資安證照是否有幫助 https://giver.104.com.tw/question/1ef85182-761e-4c6a-86f5-ef6599576d01 資安工程師 https://www.104.com.tw/job/847xu?jobsource=joblist_morej 資訊安全顧問師 https://job.taiwanjobs.gov.tw/internet/index/JobDetail.aspx?R2=11&EMPLOYER_ID=2374573&HIRE_ID=12655603 資訊安全高級工程師 https://www.104.com.tw/job/88qra?jobsource=n104bank2 資訊處-資安維運工程師 https://www.104.com.tw/job/83pho?jobsource=keyword2Keyword 資訊-資安管理工程師 https://www.104.com.tw/job/7oip0?jobsource=google_event 資安PreSales (售前規劃)-3WS213 https://www.104.com.tw/job/84q4g?jobsource=n104bank2 彰銀招募55名MA 試用期滿薪55K https://www.1111.com.tw/news/jobns/155487 資安主管 https://www.104.com.tw/job/81lgn 【資安】資訊專員 https://www.104.com.tw/job/8a4nj?jobsource=googlejobs 資安工程師 https://www.1111.com.tw/job/98857462/?agent=mobile%5Fzone%5Fsalary 資安工程師 https://www.104.com.tw/job/86oy3?jobsource=jlisthotkeywords 資訊安全工程師 https://temp.imc.com.tw/job/viewJob/IMC817570K47 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 事實查核報告#2923 網傳「2024年台灣免費植牙計畫」 https://today.line.me/tw/v2/article/LX7YeR2 New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S. https://thehackernews.com/2024/03/new-strelastealer-phishing-attacks-hit.html 都是民眾血汗錢 檢調打詐查扣贓破70億元 https://www.chinatimes.com/realtimenews/20240323003260-260410?ctrack=pc_main_rtime_p01&chdtv 知名外媒 Cointelegraph 的 X 驚傳遭駭！分享多檔花式假空投、釣魚地址 https://www.blocktempo.com/hackers-take-over-cointelegraph-x-account/ 愛情騙子！大同警方阻詐 幫女子護住400萬元 https://reurl.cc/bDvorv 華航再遭駭！上百萬筆客戶個資流出 全被放上暗網出售 https://money.udn.com/money/story/5648/7857497 華航資安再亮紅燈！上百萬筆個資外洩 囂張駭客放暗網出售 https://reurl.cc/rry2LN 華航外洩資料再傳出現暗網，該公司表示是前次事故的舊資料 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=2&SPOKE_TIME=223130&SPOKE_DATE=20240326&COMPANY_ID=2610 華航：針對駭客於暗網放出會員資料之說明 https://www.moneydj.com/KMDJ/News/NewsViewer.aspx?a=18bca6ce-168c-4135-aa95-6ee091f4b229 華航上百萬筆客戶個資再傳外洩？專家示警：業者應加強資安控管 https://infosecu.technews.tw/2024/03/27/cymetrics/ 會員資料又遭駭客「暗網兜售」 華航依法通報：都是舊資料 https://reurl.cc/L4ygzx 再傳駭客外洩個資 華航：為去年1月同起事件 https://money.udn.com/money/story/5612/7857757?from=edn_newest_index 中國推"抖音直播帶貨培訓營"統戰台青 專家:小心是詐騙 https://today.line.me/tw/v2/article/wJBymnw 新型態網路釣魚工具包Tycoon 2FA鎖定微軟365、Google用戶，並能繞過雙因素驗證 https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/ 美國報稅季來臨，駭客假借提供表單從事網路釣魚 https://www.microsoft.com/en-us/security/blog/2024/03/20/microsoft-threat-intelligence-unveils-targets-and-innovative-tactics-amidst-tax-season/ 【詐騙】網傳「白沙屯媽祖遶境LINE貼圖免費下載」 https://tfc-taiwan.org.tw/articles/10417 英國4000萬選民資料遭駭 副首相陶敦擬公開點名中國涉入 https://www.cna.com.tw/news/aopl/202403250017.aspx 注意！FTX、BlockFi債權人「電郵釣魚攻擊」猖獗，已竊700萬鎂加密貨幣、NFT https://www.blocktempo.com/email-phishing-scam-targeting-ftx-creditors/ 套用介面樣板冒充各大網站　二維碼釣魚法Quishing掩藏網址 揭密社交工程攻擊工具　Zphisher一秒造假登入頁 https://www.netadmin.com.tw/netadmin/zh-tw/technology/4D541B09E6854E09889EA8B08251CDDF 孫翠鳳突發「緊急公告」　明華園粉專遭不明人士駭入消失！粉絲心急 https://www.setn.com/News.aspx?NewsID=1443421 大齡女子急匯400萬 助前男友投資房產！警苦勸終阻詐 https://www.chinatimes.com/realtimenews/20240325001160-260402?chdtv 駭客繞道而行 側通道攻擊可竊取用戶聊天記錄 https://www.technice.com.tw/techmanage/infosecurity/102746/ 北韓駭客大搞網路釣魚　完美復刻南韓最大入口網站Naver https://www.ftnn.com.tw/news/15071#google_vignette 班森賀華女電郵遇駭個資外洩 遭盜刷逾3000元 https://www.worldjournal.com/wj/story/121381/7858645?from=wj_catelistnews_index 新型態網路釣魚工具包Tycoon 2FA被用於竊取微軟365、Google帳號，並能繞過雙因素驗證 https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/ 一度謠言滿天飛　英情報驚揭「這國」有組織散佈假新聞 https://www.hk01.com/article/1004655?utm_source=01articlecopy&utm_medium=referral 法詐騙集團竊個資 情蒐設備來自陸企 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1663470&type=universal 法國破獲龐大簡訊詐騙案，上萬民眾電話號碼遭竊，背後是由中國軍火商供應間諜設備 https://www.thenewslens.com/article/200824 陸社群媒體藏風險 淪中共認知作戰溫床 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1663469&type=universal Key Lesson from Microsoft's Password Spray Hack: Secure Every Account https://thehackernews.com/2024/03/key-lesson-from-microsofts-password.html New Darcula phishing service targets iPhone users via iMessage https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/new-darcula-phishing-service-targets-iphone-users-via-imessage/amp/ E.研究報告/工具 RPA 就像一個常駐電腦的虛擬助理！導入三大成效：消弭流程斷點、降低人為疏失、提高員工生產力 https://buzzorange.com/techorange/2024/03/22/robotic-process-automation/ 2024年生成式AI趨勢與挑戰 https://udn.com/news/story/6871/7847096 2024年企業資安發展之兩大趨勢 https://udn.com/news/story/6871/7847258 CVE-2023-29300: Adobe ColdFusion 漏洞 https://teamt5.org/tw/posts/alerts-of-exploiting-adobe-cold-fusion-cve-2023-29300/ Gartner：未來兩年資安策略應納入8大前提 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11000 著眼資安治理！NIST網路安全框架2.0版如何提升SaaS安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11003 趨勢科技：台灣需留意Earth Estries駭客組織，鎖定政府機關與科技業 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11001 新研究發現 GenAI 是製造商的首要技術投資，而有 94% 的製造商預期會維持或擴充人員編制 https://www.businesswirechina.com/hk/news/56388.html KnowBe4的最新報告發現北美組織的安全文化發展動力強勁 https://www.businesswirechina.com/hk/news/56391.html API驅動全球大部分網路流量　駭客趁虛而入 https://www.technice.com.tw/techmanage/infosecurity/103434/ 網路攻擊威脅升高 思科：台灣僅8%企業做好資安準備 https://money.udn.com/money/story/5613/7862199 什麼是CTEM 威脅暴露管理 #shorts #資安 #CTEM https://www.youtube.com/watch?v=VOzQjJk9lq8 IRAN-LINKED APT TA450 EMBEDS MALICIOUS LINKS IN PDF ATTACHMENTS https://securityaffairs.com/161042/apt/iran-ta450-rmm-atera.html TA450 Hackers Uses Embedded Links in PDF Attachments to Attack Windows https://cybersecuritynews.com/embedded-links-in-pdf-attachments/#google_vignette Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques https://pwning.tech/nftables/ Configure your Red Team Operations Infrastructure #2 https://joasantonio108.medium.com/configure-your-red-team-operations-infrastructure-2-2947b654efad A Syscall Journey in the Windows Kernel https://alice.climent-pommeret.red/posts/a-syscall-journey-in-the-windows-kernel/ Local Privilege Escalating my way to root through Apple macOS filesystems https://www.alter-solutions.fr/blog/local-privilege-escalating-my-way-to-root-throught-apple-macos-filesystems What Is the Difference Between CHKDSK, SFC, and DISM in Windows https://www.makeuseof.com/difference-between-chkdsk-sfc-and-dism-in-windows-10/ PCIe Part 2 - All About Memory: MMIO, DMA, TLPs, and more https://ctf.re/kernel/pcie/tutorial/dma/mmio/tlp/2024/03/26/pcie-part-2/ BestEdrOfTheMarket - Little AV/EDR Bypassing Lab For Training And Learning Purposes https://www.kitploit.com/2023/12/bestedrofthemarket-little-avedr.html SASE Solutions Fall Short Without Enterprise Browser Extensions, New Report Reveals https://thehackernews.com/2024/03/sase-solutions-fall-short-without.html TVBS數據架構大解密 (2) — 現代數據棧(Modern Data Stack) https://medium.com/dbt-local-taiwan/tvbs-modern-data-stack-2-5cecaa4b5d89 PwC：85%台灣企業領袖擔心生成式AI資安風險 https://www.moneydj.com/funddj/ya/yp050000.djhtm?a={BC0B61E7-DDA5-448B-89DC-80DAEE7C3A50} Reconstructing PowerShell scripts from multiple Windows event logs https://news.sophos.com/en-us/2022/03/29/reconstructing-powershell-scripts-from-multiple-windows-event-logs/ Malware Development Essentials Part 1 https://smukx.medium.com/malware-development-essentials-part-1-5f4626652ed9 The Golden Age of Automated Penetration Testing is Here https://thehackernews.com/2024/03/the-golden-age-of-automated-penetration.html How to manage OAuth risks at scale with Nudge Security https://www.nudgesecurity.com/post/how-to-manage-oauth-risks-at-scale-with-nudge-security F.商業 提供3種預設組態，IBM大型主機系統推出更多入門款式 https://www.ithome.com.tw/review/161911 數位轉型夯 這四家資服股獲利年增雙位數賺飽飽 https://www.ctee.com.tw/news/20240324700040-439901 計價模式曝光！微軟即將推出AI安全助理 Copilot for Security https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11005 OneDegree Global推出人工智慧風險評估服務 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11002 黃承彬接掌 Veeam 台灣總座，以 AI、資安、BaaS／DRaaS 強攻企業市場 https://www.cio.com.tw/huang-chengbin-takes-over-veeam-taiwans-overall-base-with-ai-ahn-and-baas-draas-attacking-the-enterprise-market/ 掌握API資安的主動權，為未來的數位世界保駕護航 https://www.twister5.com.tw/2024/03/27/%E6%8E%8C%E6%8F%A1api%E8%B3%87%E5%AE%89%E7%9A%84%E4%B8%BB%E5%8B%95%E6%AC%8A%EF%BC%8C%E7%82%BA%E6%9C%AA%E4%BE%86%E7%9A%84%E6%95%B8%E4%BD%8D%E4%B8%96%E7%95%8C%E4%BF%9D%E9%A7%95%E8%AD%B7%E8%88%AA/ Crafting Shields: Defending Minecraft Servers Against DDoS Attacks https://thehackernews.com/2024/03/crafting-shields-defending-minecraft.html Amazon 亞馬遜追加 27.5 億美元投資 AI 新創 Anthropic https://buzzorange.com/techorange/2024/03/28/amazon-invests-an-additional-2-75-billion-in-ai-startup-anthropic/ Cisco 思科最新調查：僅 8% 台灣企業已為瞬息萬變的資安威脅做好準備 https://buzzorange.com/techorange/2024/03/28/only-8-of-taiwanese-companies-are-prepared-for-rapidly-changing-security-threats/ NEITHNET 全象限威脅獵捕，助企業抵禦勒索攻擊 https://www.unixecure.com/tw/news_new?urlQuery=ZmEyZDE5YzRjOTNkNGI3OWNhNGJlMjQ5YjFkN2M0OTI= 中保科：智慧城市、智慧系統、資安治理 成2024三大營運動能 https://www.chinatimes.com/realtimenews/20240328005256-260410?chdtv G.政府 續推數位身分證？陳建仁：待個資保護委員會討論 https://www.epochtimes.com/b5/24/3/22/n14208505.htm 2024核設施資安事件應變技術交流訓練 https://reurl.cc/OGOM99 強化電商資安 數位部：助88家業者評級與紅隊演練 https://udn.com/news/story/7238/7851433 法務部調查局與臺中榮民總醫院簽署 國家資通安全聯防與情資分享合作備忘錄 https://www.mjib.gov.tw/news/Details/1/981 大陸製無人機馬達售價曝光 徐巧芯：行政院態度是這樣 https://reurl.cc/zlVo9V 蔡下賴上 另一個撈錢國家隊誕生 https://udn.com/news/story/11091/7851541 裁資通電軍怎防範網攻 https://udn.com/news/story/7339/7851897 數位部出席布拉格資安會議，分享臺灣通訊韌性應變經驗 https://moda.gov.tw/press/press-releases/11744 個資會公聽會 職掌個資法政策擬訂 https://www.epochtimes.com/b5/24/3/25/n14210541.htm 立院召開個資會籌設公聽會 學者籲設為獨立二級機關 https://news.ltn.com.tw/news/politics/breakingnews/4618728 蔣萬安喊解除「柯文哲費率合約」　黃珊珊：恐釀資安空窗期 https://news.tvbs.com.tw/politics/2434958 數位部：短網址服務未遭破解 111號碼不會被仿冒 https://www.fountmedia.io/article/215141 數發部推「111」防詐簡訊碼 立委質疑恐遭詐團破解 https://news.pts.org.tw/article/687094 數位身分證卡關　為何推不動？專家指出這一點 https://today.line.me/tw/v2/article/5yRNXjV 中榮與調查局簽署MOU 啟動資通安全聯防 https://enn.tw/504298/ 柯建銘：民進黨團國會改革版本將定案 擬增資安長 https://www.cna.com.tw/news/aipl/202403260156.aspx 電子簽章法修法應用 唐鳳：與文化部討論防黃牛票 https://anntw.com/articles/20240325-9Hlz EDR 連通測試通過名單(更新至 113.03.14) https://download.nics.nat.gov.tw/UploadFile/edr/EDR%E9%80%A3%E9%80%9A%E6%B8%AC%E8%A9%A6%E9%80%9A%E9%81%8E%E6%B8%85%E5%96%AE_1130314.pdf 善用AI技術打造數位化政府 強化臺灣國際舞臺競爭力 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&id=0000687332_1VC2XD0U4ZUUR61MQNABQ&cat=50 部分中小學殭屍網路攻擊事件頻傳！監院請教育部督同所屬改進 https://reurl.cc/rryj2N 全面部署非同步衛星 數位部增網路頻寬 https://anntw.com/articles/20240327-uPij 數位部提3大策略 通傳關鍵基礎設施強化資安防護 https://www.cna.com.tw/news/afe/202403270145.aspx 數位部祭3大策略確保通訊韌性 太平島4月底測試中軌衛星連線 https://www.chinatimes.com/amp/realtimenews/20240327004350-260407 確保緊急情況能通訊！唐鳳揭數位部推動成果 https://www.chinatimes.com/realtimenews/20240327003233-260407?ctrack=pc_main_rtime_p06&chdtv 數位部推3策略強化我國通訊網路韌性 確保緊急情況時全民通訊權益 https://reurl.cc/aLonK4 關務署辦理個人資料安全維護管理宣導，籲請業者強化個資防護措施 https://reurl.cc/M4a46K 海關檢查報關行資安比率提高到10％ 逾百家受檢 https://reurl.cc/YV2Gzx 網購遭外洩個資 關務署將啟動報關行資安檢查 https://reurl.cc/N4V6vn 台灣資安大聯盟攜手促進資安產業發展 三黨團皆表示支持 https://reurl.cc/OGlG5R 預防軍品廠商含中製零件及洩密 軍安總隊成立安全查核工作站 https://news.ltn.com.tw/news/politics/breakingnews/4621492 賴清德參訪「走著瞧」資安公司　籲助政府打詐「不成功絕不停止」 https://www.ftvnews.com.tw/news/detail/2024328W0229 參訪Gogolook　副總統感謝Gogolook運用科技協助政府打詐　為防詐及資安做出具體貢獻 https://www.president.gov.tw/News/28287 新版「電子簽章法」 明訂「數位簽章」效力並與國際接軌 https://www.rti.org.tw/news/view/id/2200534 資安即國安！關鍵基礎設施資安人才及技術培育基地 成大揭牌 https://news.ltn.com.tw/news/life/breakingnews/4623888 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 物聯網及嵌入式裝置作業系統Zephyr OS存在漏洞，有可能被用於DoS攻擊或IP位址詐欺 https://reurl.cc/mrVrRW 研究人員揭露電子門鎖漏洞Unsaflok，影響1.3萬家旅館、300萬把門鎖 https://ithome.com.tw/news/161930 超過300萬個dormakaba電子鎖有被解鎖之虞 https://www.ithome.com.tw/news/161930 歹徒免碰車就能馬上偷！VicOne在車用資安找商機，小新創怎麼打進百年車廠 https://www.bnext.com.tw/article/78660/vicone-startup-automotive-cybersecurity-from-trend-mirco 首屆 IOT Data Hackathon 匯聚人才、實踐創新意念 https://news.owlting.com/articles/646627 IoT Dark Nexus + Mirai BotNet - Enom | TELNET Root HELP! RETALIATION HAS OCCURRED https://www.trendmicro.com/en_us/research/21/l/the-evolution-of-iot-linux-malware-based-on-mitre-att&ck-ttps.html https://otx.alienvault.com/otxapi/indicators/file/screenshot/0cbc40baea499758a01ad897cfc6beb54dc1cbbad56eedcf5197f42a141c0188 https://otx.alienvault.com/indicator/file/0cbc40baea499758a01ad897cfc6beb54dc1cbbad56eedcf5197f42a141c0188 門禁系統如何踏出資安標準合規的第一步 https://www.asmag.com.tw/showpost/12881.aspx CamRaptor – a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials https://hakin9.org/camraptor-a-tool-that-exploits-several-vulnerabilities-in-popular-dvr-cameras/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 6.近期資安活動及研討會 無人機資安風險與企業資安人力部署的困境 2024/3/30 https://forms.gle/7Q2DXtsziCt7kQqz8 Find a Cofounder, Help or Join a Tech Startup 2024/3/30 https://www.meetup.com/startup-oasis-taipei/events/299624607/ Job for AI 探索未來：工作與人工智慧的交匯 2024/3/30 https://www.meetup.com/women-who-code-taipei/events/299565370/ Jira Asset功能拆解＋客戶實作&評價分享 2024/3/30 https://www.meetup.com/taipei-atlassian-community-events/events/299886814/ Just a chat - with no Expectations 2024/3/30 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/299708508/ Hiking with Tech Entrepreneurs 2024/3/30 https://www.meetup.com/%D0%B3%D1%80%D1%83%D0%BF%D0%BF%D0%B0-meetup-%D0%BF%D0%BE-%D1%82%D0%B5%D0%BC%D0%B5-%D0%BE%D1%82%D0%B4%D1%8B%D1%85-%D0%B2-%D0%B2%D1%8B%D1%85%D0%BE%D0%B4%D0%BD%D1%8B%D0%B5-taipei/events/299947243/ Coffee & Code 2024/3/30 https://www.meetup.com/innovate-taiwan/events/299831419/ Secure Code Warrior 線上學資安 - April 2024/4/1 https://www.accupass.com/event/2403250331191212148665 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/4/2 https://www.meetup.com/taiwan-code-camp/events/299767598/ SyntaxError 2024/4/3 https://www.meetup.com/pythonhug/events/299789548/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/4/4 https://www.meetup.com/hackingthursday/events/299810512/ Just a chat - with no Expectations 2024/4/6 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/299846641/ 中區(實體)--校園資安作業與外部審查實務 2024/4/8 https://tp2rc.tanet.edu.tw/node/790 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/4/9 https://www.meetup.com/taiwan-code-camp/events/299906888/ 珈特科技 x Jamf：金融端點資安新紀元 2024/4/9 https://2023gettechnology.kktix.cc/events/financial-endpoint SyntaxError 2024/4/10 https://www.meetup.com/pythonhug/events/299928328/ 防駭侵資安講座 立即報名就抽千元7-11禮卷 2024/4/10 https://pumonetwork.kktix.cc/events/169a30ce 身分識別與存取控制防護實務 https://www.twcert.org.tw/tw/cp-105-7702-54eaf-1.html X-Range 演訓聯盟服務方案說明會 2024/4/11 https://csa.kktix.cc/events/ecc HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/4/11 https://www.meetup.com/hackingthursday/events/299949180/ Taipei DevOps User Group 7th Event, supported by Wankuma Alliance 2024/4/12 https://www.meetup.com/taipei-devops-user-group/events/299332370/ 資安稽核實務 2024/4/11-2024/4/12 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X22536 Just a chat - with no Expectations 2024/4/13 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/299985415/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/4/16 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcgbvb/ SyntaxError 2024/4/17 https://www.meetup.com/pythonhug/events/pqnsctygcgbwb/ 【安碁學苑】上市上櫃公司資安主題課程 2024/4/18 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-5 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/4/18 https://www.meetup.com/hackingthursday/events/psspctygcgbxb/ 資安技術實作坊：滲透測試 2024/4/19 https://www.accupass.com/event/2403260547255414967380 Just a chat - with no Expectations 2024/4/20 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcgbbc/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/4/23 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcgbfc/ SyntaxError 2024/4/24 https://www.meetup.com/pythonhug/events/pqnsctygcgbgc/ 「強韌數位公民力量：從防禦到行動」雙報告發表沙龍 2024/4/24 "Strengthening Digital Civic Space in East Asia: From Defense to Action" Dual Report Release Seminar https://ocftw.kktix.cc/events/drights2 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/4/24 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702416/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/4/25 https://www.meetup.com/hackingthursday/events/psspctygcgbhc/ iPAS-「初級」資訊安全工程師-能力研習衝刺班 2024/4/27、5/4 https://www.twcert.org.tw/tw/cp-105-7703-b5976-1.html 【安碁學苑】資安職能培訓｜資訊安全工程師 2024/5/4 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-3 Just a chat - with no Expectations 2024/4/27 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcgbkc/ 「工業自動化控制系統-資安指引」說明會 2024/5/10 https://www.tairoa.org.tw/column/bnGenerator.aspx?Language=zh-TW&CategoryId=5&ColumnId=13731 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/5/22 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702425/ 【安碁學苑】資安職能培訓｜系統網路安全管理師 2024/5/24 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-4 2024離島盃資安競賽 2024/5/25 https://shieldx.kktix.cc/events/outlying 資通安全概論--中區--考前複習班 2024/6/4 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X22767 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/6/26 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702428/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/7/24 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702433/ AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 ~ 2024/8/9 https://www.accupass.com/event/2401100729511706489107 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/8/28 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702435/