資安事件新聞週報 2024/08/19 ~ 2024/08/23

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/08/19 ~ 2024/08/23 1.重大弱點漏洞/後門/Exploit/Zero Day 中國駭客Velvet Ant濫用思科交換器零時差漏洞，目的是隱匿攻擊蹤跡 https://www.ithome.com.tw/news/164654 Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control https://thehackernews.com/2024/08/chinese-hackers-exploit-zero-day-cisco.html F5修補BIG-IP、Nginx Plus高風險漏洞 https://www.securityweek.com/f5-patches-high-severity-vulnerabilities-in-big-ip-nginx-plus/ F5 BIG-IP CVE-2024-39778 https://nvd.nist.gov/vuln/detail/CVE-2024-39778 F5 BIG-IP CVE-2024-41727 https://nvd.nist.gov/vuln/detail/CVE-2024-41727 F5 BIG-IP Next Central Manager CVE-2024-39809 https://nvd.nist.gov/vuln/detail/CVE-2024-39809 F5 NGINX Plus CVE-2024-39792 https://nvd.nist.gov/vuln/detail/CVE-2024-39792 SAP 嚴重漏洞允許遠端攻擊者繞過身份驗證 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11180 數千個Oracle雲端ERP系統NetSuite組態配置不當，曝露客戶敏感資料 https://www.ithome.com.tw/news/164604 臺灣有大學遭到PHP漏洞攻擊，駭客在受害主機植入後門程式 https://www.ithome.com.tw/news/164597 微軟 SmartScreen繞過漏洞自3月起遭濫用並成為零日漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11192 Microsoft: August updates cause Windows Server boot issues, freezes https://www.bleepingcomputer.com/news/microsoft/microsoft-august-updates-cause-windows-server-boot-issues-freezes/ Microsoft confirms August updates break Linux boot in dual-boot systems https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-august-updates-break-linux-boot-in-dual-boot-systems/ Microsoft Patches Zero-Day Flaw Exploited by North Korea's Lazarus Group https://thehackernews.com/2024/08/microsoft-patches-zero-day-flaw.html Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information https://thehackernews.com/2024/08/thousands-of-oracle-netsuite-sites-at.html CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks https://thehackernews.com/2024/08/cisa-warns-of-critical-jenkins.html Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild https://www.linkedin.com/pulse/google-fixes-high-severity-chrome-flaw-actively-exploited-j9ngf/ IBM QRadar SIEM contains multiple vulnerabilities https://www.ibm.com/support/pages/node/7166204 IBM QRadar DNS Analyzer app is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7166213 Dell 發布 Dell Power Manager 安全性更新 https://www.dell.com/support/kbdoc/zh-tw/000227010/dsa-2024-323 北韓駭客Lazarus利用驅動程式零時差漏洞提權，並透過惡意程式匿蹤 https://www.ithome.com.tw/news/164574 Google釋出Chrome 128，修補已遭攻擊的V8零時差漏洞 https://www.ithome.com.tw/news/164616 Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild https://thehackernews.com/2024/08/google-fixes-high-severity-chrome-flaw.html WordPress網站加速外掛LiteSpeed Cache存在重大漏洞，恐導致數百萬網站曝險 https://patchstack.com/articles/critical-privilege-escalation-in-litespeed-cache-plugin-affecting-5-million-sites 供用戶贊助經營者的WordPress外掛程式GiveWP存在重大漏洞，10萬網站逾半數曝險 https://www.ithome.com.tw/news/164601 GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk https://thehackernews.com/2024/08/givewp-wordpress-plugin-vulnerability.html Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access https://thehackernews.com/2024/08/critical-flaw-in-wordpress-litespeed.html GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges https://thehackernews.com/2024/08/github-patches-critical-security-flaw.html 使用Azure Registry Container for Microsoft Defender進行專案資安修補，以CVE-2024-0057為例 https://blog.kkbruce.net/2024/08/azure-registry-container-for-microsoft-defender-fix-dotnet-issue.html M365應用程式macOS版存在共通漏洞，攻擊者有機會藉此繞過系統權限 https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/ 微軟Copilot Studio存在SSRF漏洞，攻擊者有機會存取內部敏感資料 https://www.ithome.com.tw/news/164626 Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data https://thehackernews.com/2024/08/microsoft-patches-critical-copilot.html Azure Kubernetes Services有漏洞，攻擊者可藉由TLS引導攻擊提權 https://www.ithome.com.tw/news/164619 SolarWinds修補服務臺系統重大層級漏洞 https://www.ithome.com.tw/news/164495 SolarWinds發布服務臺系統WHD更新，修補寫死密碼漏洞 https://www.ithome.com.tw/news/164652 SolarWinds fixes hardcoded credentials flaw in Web Help Desk https://www.bleepingcomputer.com/news/security/solarwinds-fixes-hardcoded-credentials-flaw-in-web-help-desk/ Google宣布8月底終止抓漏獎勵計畫，理由是安卓應用程式漏洞減少 https://www.ithome.com.tw/news/164559 AMD擴大Sinkclose漏洞修復範圍，Ryzen 3000系列處理器也將獲得修補程式 https://www.xfastest.com/thread-291301-1-1.html K8s外部存取控制器Ingress-nginx存在身分驗證繞過漏洞 https://www.armosec.io/blog/cve-2024-7646-ingress-nginx-annotation-validation-bypass/ 應用程式存取控制框架Spring Security存在漏洞，恐導致未經授權存取 https://spring.io/security/cve-2024-38810 2.銀行/金融/保險/證券/金融監理新聞及資安金管會發布「金融業導入零信任架構參考指引」，鼓勵深化資安防護 https://www.webcomm.com.tw/blog/news_zta/ 第一份金融上雲操作書來了！銀行公會發布「金融機構運用雲端服務實務手冊」 https://www.ithome.com.tw/news/164533 「金融行動身分識別標準化機制」簡稱自即日起更改為「金融Fast-ID」 https://reurl.cc/pv1K2x 雲動力資訊攜手台灣大型大金融集團雲端AI數位化 https://www.digitalwall.com/scripts/displaypr.asp?UID=91571#google_vignette Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group https://thehackernews.com/2024/08/researchers-uncover-new-infrastructure.html Czech Mobile Users Targeted in New Banking Credential Theft Scheme https://thehackernews.com/2024/08/czech-mobile-users-targeted-in-new.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安 Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure https://www.cloudsek.com/blog/major-payment-disruption-ransomware-strikes-indian-banking-infrastructure 有望整合全台電子支付系統QR code 電支跨機構共同平台「TWQR」是什麼 https://news.pts.org.tw/article/710615 TWQR九大支付到齊　悠遊付簡單付9月開通 https://www.cardu.com.tw/news/detail.php?53266 自iOS 18.1起，蘋果將開放第三方行動支付使用NFC https://www.ithome.com.tw/news/164494 安卓惡意軟體NGate濫用NFC晶片竊取信用卡資料 https://www.bleepingcomputer.com/news/security/new-ngate-android-malware-uses-nfc-chip-to-steal-credit-card-data/ NGate Android malware relays NFC traffic to steal cash https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/ 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 WazirX：用戶帳戶餘額已恢復，已撤銷7月18日停止提款後的所有交易 https://news.cnyes.com/news/id/5685798 Airbnb 禁止挖礦！加密貨幣礦工租屋三周電費 1500 美元，房東只能新增規範 https://www.inside.com.tw/article/35933-airbnb-bans-crypto-mining 打造數位信任生態圈！台灣「第二屆 Web3 資安暨信任論壇」攜手共建產業新樣貌 https://news.owlting.com/articles/782498 德國聯邦資訊安全辦公室建議使用硬體錢包應對加密貨幣盜竊風險 https://news.cnyes.com/news/id/5687219 加密貨幣公司 Unicoin 遭駭客攻擊，員工被封鎖 https://www.php.cn/zh-tw/faq/1796571747.html#google_vignette Google Play上架詐騙加密錢包！美國媽媽痛失500萬鎂怒告谷歌 https://www.blocktempo.com/google-sued-for-allowing-malicious-crypto-wallets-on-google-play/ 一名被詐騙的加密貨幣用戶向Google提起 5 萬美元訴訟 https://cryptodnes.bg/zh-TW/izmamen-kripto-potrebitel-podade-iska-sreshtu-google-stoinost-5-%E8%90%AC%E7%BE%8E%E5%85%83/ 加密智庫Coin Center再次贏得起訴美國財政部和美國國稅局的權利 https://www.panewslab.com/zh_hk/sqarticledetails/616z957tFt.html 加密防駭必看守則！解析駭客 2 大常用手法，教你保護資產 https://www.cryptocity.tw/news/must-know-rules-for-crypto-hack-protection 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 專攻端點偵測與回應！新型勒索軟體惡意程式現身且已有變體 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11190 MSIL.NEGASTEAL.RJANLJ 木馬病毒 https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojanspy.msil.negasteal.rjanlj 5億用戶小心！解壓縮WinRAR假網址僅差一字母、下載恐中木馬病毒 https://3c.ltn.com.tw/news/59234 駭客組織UAC-0020以被帶到俄羅斯的戰俘為誘餌，散布惡意軟體 https://cert.gov.ua/article/6280422 惡意程式UULoader被用來散布Gh0st RAT、Mimikatz https://cyberint.com/blog/research/meet-uuloader-an-emerging-and-evasive-malicious-installer/ 惡意程式TodoSwift鎖定macOS用戶，駭客宣稱提供比特幣與PDF應用程式散布 https://www.kandji.io/blog/todoswift-disguises-malware-download-behind-bitcoin-pdf 安全機制繞過漏洞Copy2Pwn成形，已用於散布惡意程式DarkGate https://www.ithome.com.tw/news/164582 駭客透過惡意廣告冒充數十種Google產品，意圖對Windows、macOS用戶發動技術支援詐騙 https://www.malwarebytes.com/blog/scams/2024/08/dozens-of-google-products-targeted-by-scammers-via-malicious-search-ads 勒索軟體Qilin改變攻擊標的，竊取Chrome帳密資料 https://news.sophos.com/en-us/2024/08/22/qilin-ransomware-caught-stealing-credentials-stored-in-google-chrome/ 駭客在GitHub架設冒牌WinRAR網站，意圖散布惡意程式 https://www.ithome.com.tw/news/164527 Noodle RAT：重新檢視中國駭客集團使用的新後門程式 https://www.trendmicro.com/zh_tw/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html FBI查封勒索軟體Dispossessor基礎設施 https://www.ithome.com.tw/news/164530 北韓駭客在網路攻擊使用木馬程式MoonPeak https://blog.talosintelligence.com/moonpeak-malware-infrastructure-north-korea/ North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign https://thehackernews.com/2024/08/north-korean-hackers-deploy-new.html Exploring the D3F@ck Malware-as-a-Service Loader https://www.esentire.com/blog/exploring-the-d3f-ck-malware-as-a-service-loader The Abuse of ITarian RMM by Dolphin Loader https://russianpanda.com/The-Abuse-of-ITarian-RMM-by-Dolphin-Loader Ailurophile: G DATA has sighted a new info stealer in the wild https://www.gdatasoftware.com/blog/2024/08/38005-ailurophile-infostealer Disrupting a covert Iranian influence operation https://openai.com/index/disrupting-a-covert-iranian-influence-operation/ PrestaShop GTAG Websocket Skimmer https://blog.sucuri.net/2024/08/prestashop-gtag-websocket-skimmer.html Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware https://thehackernews.com/2024/08/russian-hackers-using-fake-brand-sites.html Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor https://thehackernews.com/2024/08/hackers-exploit-php-vulnerability-to.html Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware https://thehackernews.com/2024/08/iranian-cyber-group-ta453-targets.html New macOS Malware TodoSwift Linked to North Korean Hacking Groups https://thehackernews.com/2024/08/new-macos-malware-todoswift-linked-to.html 惡意程式PG_Mem鎖定PostgreSQL資料庫而來，意圖將其用於挖礦 https://www.aquasec.com/blog/pg_mem-a-malware-hidden-in-the-postgres-processes/ New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining https://thehackernews.com/2024/08/new-malware-pgmem-targets-postgresql.html 資安研究人員示警FakeBat惡意軟體活躍度升高，探測受害電腦環境散布竊資軟體 https://www.ithome.com.tw/news/164651 B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊安卓版Chrome將在共享螢幕時隱藏敏感資訊 https://www.ithome.com.tw/news/164595 Google Pixel驚傳內建第三方元件，其弱點恐讓攻擊者控制手機 https://www.ithome.com.tw/news/164552 Google Pixel 手機發現資安漏洞，Palantir 全面禁用 https://ccc.technews.tw/2024/08/17/iverify-found-security-vulnerability-on-all-pixel-phones-from-2017/ Android 15新功能「防盜偵測」　可離線鎖死手機無法再次使用「巴西優先測試中」 https://www.ctwant.com/article/356916/ 協作平臺Slack遭揭露AI功能有漏洞，可能導致私人頻道機密資料外流 https://www.ithome.com.tw/news/164648 小紅書TikTok在台灣4：資安風險就是國安風險，國防院學者示警中國APP入侵 https://www.thenewslens.com/article/206951 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 HITCON Community 2024在今明兩天舉行 https://hitcon.org/2024/CMT/agenda/ 生成式AI崛起，大小企業都要做的關鍵決定：你要把資安交給誰保護 https://www.businessweekly.com.tw/management/blog/3016469 中國實體透過AWS等雲端服務獲取美高階晶片、AI https://ec.ltn.com.tw/article/breakingnews/4777735 PTT驚傳被駭資安專家：外洩資料皆為公開資訊 https://ec.ltn.com.tw/article/breakingnews/4777282 中國大陸河北青年用路由器廣播反共已失聯數日 https://www.epochtimes.com/b5/24/8/17/n14313098.htm 花180萬找網軍攻擊吳秉叡新北市議長蔣根煌之子蔣欣璋起訴 https://www.chinatimes.com/realtimenews/20240816001366-260402?chdtv 看到OS更新畫面請確認真假，駭客組織Mad Liberator藉此隱匿資料竊取行為 https://www.ithome.com.tw/news/164572 美國 NIST 發布後量子加密標準抵擋量子運算攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11191 IBM 研發的算法成為全球第一套後量子密碼學標準 https://www.bo6s.com.tw/blank.php?rkey=20240815XG84832&filter=17184 中國大陸國家安全部曝資安風險：境外駭客侵入系統監控海域 https://www.chinatimes.com/realtimenews/20240822002352-260409?chdtv 以色列、亞塞拜然外交官遭鎖定，攻擊者意圖散布惡意程式ABCloader https://nsfocusglobal.com/new-apt-group-actor240524-a-closer-look-at-its-cyber-tactics-against-azerbaijan-and-israel/ 伊朗駭客企圖濫用ChatGPT左右美國總統大選 https://www.ithome.com.tw/news/164546 OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda https://thehackernews.com/2024/08/openai-blocks-iranian-influence.html Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web https://thehackernews.com/2024/08/russian-hacker-jailed-3-years-for.html North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign https://thehackernews.com/2024/08/north-korean-hackers-deploy-new.html 網管系統工程師 https://www.104.com.tw/job/8g7y1?jobsource=google D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全中國對臺認知作戰升級，盜取飛官社群網站帳號抵毀國軍 https://www.mjib.gov.tw/news/Details/1/1026 中國對臺認知作戰升級，盜取飛官、航空公司員工的社群網站帳號抵毀國軍 https://www.ithome.com.tw/news/164657 攻擊者利用Google產品假冒網站詐騙Windows和Mac用戶 https://www.ithome.com.tw/news/164607 注意！文件共享服務遭釣魚攻擊暴增350% https://www.technice.com.tw/techmanage/infosecurity/130889/ 用AWS應用程式負載平衡系統驗證身分，恐面臨ALBeast攻擊 https://www.ithome.com.tw/news/164613 俄羅斯駭客瞄準世界各地的克里姆林宮批評者，揭露激進的網路釣魚活動 https://www.enigmasoftware.com/zh-hant/russian-hackers-target-kremlin-critics-worldwide-exposing-aggressive-phishing-campaign/ 豐田美國分公司遭駭客公布個資與機敏資料 https://www.ithome.com.tw/news/164561 PTT驚傳遭駭客入侵！國際駭客聲稱取得資料庫紀錄鄉民個資目前暫未流出 https://udn.com/news/story/7240/8179051 PTT驚傳遭到入侵，駭客聲稱取得3.5萬筆資料 https://udn.com/news/story/7240/8179051 航班追蹤平臺FlightAware證實外洩用戶資料 https://www.ithome.com.tw/news/164565 黑客竊取個資所有美國人的社安號恐已外流 https://www.ntdtv.com/b5/2024/08/17/a103906139.html 11萬網域不當設定，招致憑證遭竊及駭客勒索 https://www.ithome.com.tw/news/164545 投資詐欺最容易上當　揭曉詐騙慣用四種手法 https://dailyview.tw/popular/detail/27207 多起詐騙冒名慈濟藥師警籲當心 https://www.kmdn.gov.tw/1117/1271/1272/569535/ 數千個Oracle雲端ERP系統NetSuite組態配置不當，曝露客戶敏感資料 https://appomni.com/blog/oracle-netsuite-data-exposure-analysis/ 竊資軟體Banshee Stealer鎖定Mac電腦而來，企圖從超過100種瀏覽器延伸套件竊取帳密資料 https://www.elastic.co/security-labs/beyond-the-wail 駭客組織Mad Liberator利用假的視窗更新畫面隱匿竊取資料的行為 https://news.sophos.com/en-us/2024/08/13/dont-get-mad-get-wise/ 俄羅斯駭客冒充知名品牌散布竊資軟體DanaBot、StealC https://securelist.com/tusk-infostealers-campaign/113367/ 知名資訊安全意識培訓公司 KnowBe4 於第二季度發布最新釣魚測試結果 https://www.ithome.com.tw/pr/164537 駭客運用Xeon Sender Tool鎖定雲端服務API下手，發動大規模釣魚簡訊攻擊 https://www.sentinelone.com/labs/xeon-sender-sms-spam-shipping-multi-tool-targeting-saas-credentials/ Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks https://thehackernews.com/2024/08/xeon-sender-tool-exploits-cloud-apis.html Ongoing Social Engineering Campaign Refreshes Payloads https://www.rapid7.com/blog/post/2024/08/12/ongoing-social-engineering-campaign-refreshes-payloads/ CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait https://thehackernews.com/2024/08/cert-ua-warns-of-new-vermin-linked.html Styx Stealer Creator's OPSEC Fail Leaks Client List and Profit Details https://thehackernews.com/2024/08/styx-stealer-creators-opsec-fail-leaks.html E.研究報告/工具 pfSense 安裝與基本設定教學 https://www.sakamoto.blog/pfsense-setup/ 研究人員揭露TLS引導攻擊手法，可針對Azure Kubernetes叢集下手 https://cloud.google.com/blog/topics/threat-intelligence/escalating-privileges-azure-kubernetes-services/ Introducing TAXII 2.1 and a fond farewell to the TAXII 2.0 Server https://medium.com/mitre-attack/introducing-taxii-2-1-and-a-fond-farewell-to-taxii-2-0-d9fca6ce4c58 How to Automate the Hardest Parts of Employee Offboarding https://thehackernews.com/2023/11/how-to-automate-hardest-parts-of.html Attackers Exploit Public .env Files to Breach Cloud Accounts in Extortion Campaign https://thehackernews.com/2024/08/attackers-exploit-public-env-files-to.html Anatomy of an Attack https://thehackernews.com/2024/08/anatomy-of-attack.html Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters https://thehackernews.com/2024/08/researchers-uncover-tls-bootstrap.html Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America https://thehackernews.com/2024/08/blind-eagle-hackers-exploit-spear.html Double Trouble: Latrodectus And ACR Stealer Observed Spreading Via Google Authenticator Phishing Site https://cyble.com/blog/double-trouble-latrodectus-and-acr-stealer-observed-spreading-via-google-authenticator-phishing-site/ Detecting AWS Account Compromise: Key Indicators in CloudTrail Logs for Stolen API Keys https://thehackernews.com/2024/08/detecting-aws-account-compromise-key.html The Facts About Continuous Penetration Testing and Why It's Important https://thehackernews.com/2024/08/the-facts-about-continuous-penetration.html It's Time To Untangle the SaaS Ball of Yarn https://thehackernews.com/2024/08/its-time-to-untangle-saas-ball-of-yarn.html 研究人員揭露安全機制繞過漏洞零時差漏洞Copy2Pwn細節 https://www.zerodayinitiative.com/blog/2024/8/14/cve-2024-38213-copy2pwn-exploit-evades-windows-web-protections Automation to assess the state of your M365 tenant against CISA's baselines https://github.com/cisagov/ScubaGear F.商業中華資安連獲五年5A評鑑預計於8/20登錄興櫃 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11176 網創資訊推企業AI知識管理系統，主打開放式串接、企業級資安、低導入門檻 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11184 Palo Alto Networks 推出 Secure AI by Design 產品組合 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11179 Windows 11 24H2預設啟用BitLocker裝置加密 https://www.ithome.com.tw/news/164491 趨勢科技用AI幫助計算風險損失金額，並能預測攻擊路徑 https://www.ithome.com.tw/news/164497 金融、公部門製造業大力投資 https://money.udn.com/money/story/8888/8168485?from=edn_hotestlist_storybottom 中華資安股票掛牌！空降董座坐擁4000萬股票「運用決定權」　工會質疑自肥 https://new7.storm.mg/article/5225972 G.政府打造安全的數位未來！台灣數位信任協會正式成立 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11183 調查局43人異動名單出爐　查辦柯文哲、王牌交易所詐騙案全升官 https://www.upmedia.mg/news_info.php?Type=24&SerialNo=209093 資安院首度移師中部協力培訓製造業資安長 https://www.chinatimes.com/realtimenews/20240816004261-260410?ctrack=mo_main_rtime_p02&chdtv 資安是發展AI基石黃彥男：年底前公布AI風險分級框架 https://www.ctee.com.tw/news/20240819701283-430104 數發部長黃彥男：政府建構安全可信的AI未來 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1701526&type=highlight MyData平臺累積資料下載次數達183萬次，數位部正與地方政府聯手改善服務體驗 https://www.ithome.com.tw/news/164667 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安美國半導體製造商Microchip傳出遭遇網路攻擊，工廠產能降低 https://www.bleepingcomputer.com/news/security/microchip-technology-discloses-cyberattack-impacting-operations/ 美國會議員敦促調查TP-Link：擔憂中國黑客網路攻擊 https://uanalyze.com.tw/articles/183526028 軍無人機疑用「陸晶片」　國防部：屬驗證階段 https://today.line.me/tw/v2/article/9mPyx9E 揭起重機資安疑慮立委籲補助排除陸黨政軍企業 https://reurl.cc/xv1VRb Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide https://thehackernews.com/2024/08/hardware-backdoor-discovered-in-rfid.html I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Just a chat - with no Expectations 2024/8/24 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygclbgc/ 《報導者》的AI初體驗：我們如何建置立委發言監測儀表板 2024/8/26 https://www.meetup.com/rladies-taipei/events/302047204/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/8/27 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygclbkc/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/8/28 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702435/ SyntaxError 2024/8/28 https://www.meetup.com/pythonhug/events/pqnsctygclblc/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會淡水 2024/8/29 https://www.meetup.com/hackingthursday/events/psspctygclbmc/ 資安職能培訓｜安全程式開發管理師 2024/8/31 ~ 2024/10/5 https://acsiacad.kktix.cc/events/308914 Just a chat - with no Expectations 2024/8/31 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygclbpc/ 第九屆《WHATs NEXT》未來科技產業高峰會 2024/9/3 https://www.accupass.com/event/2406060317121880421709 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/9/3 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcmbfb/ SyntaxError 2024/9/4 https://www.meetup.com/pythonhug/events/pqnsctygcmbgb/ 資安長零信任的第一堂課（九月場） 2024/9/19 https://jamf.kktix.cc/events/applexjamf-sep 資訊安全系列課程 2024/9/30 https://www.accupass.com/event/2407011640161317038989 資訊安全系列課程 2024/10/12 https://www.accupass.com/event/2407011633417884074930 第二屆台南Web3產業國際博覽會 TAINAN WEB3 INTERNATIONAL FAIR 2024/10/18 https://www.accupass.com/event/2406150525111725753130 HITCON Enterprise 2024 台灣駭客年會 2024/10/30 https://hitcon.kktix.cc/events/hitcon-ent-2024 Threat Analyst Summit 2024 威脅分析師高峰會 2024/12/11 ~ 2024/12/12 https://teamt5tw.kktix.cc/events/tas2024