資安事件新聞週報 2023/5/29 ~ 2023/6/2

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2023/5/29 ~ 2023/6/2 1.重大弱點漏洞/後門/Exploit/Zero Day 逾360款技嘉主機板更新機制存在弱點，恐被植入惡意UEFI程式、發動供應鏈攻擊 https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/ 安全廠商偵測到逾200款技嘉產品有類似後門程式下載活動 https://www.ithome.com.tw/news/157146 資安問題可放心！技嘉最新版本BIOS及加強驗證可強化系統安全 https://stock.pchome.com.tw/report/cat0/20230602/168570050954.html Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices https://thehackernews.com/2023/05/critical-firmware-vulnerability-in.html 蘋果Mac電腦出現漏洞Migraine，可被攻擊者繞過SIP防護機制 https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/ Google宣布加碼Chrome沙箱逃逸漏洞懸賞獎金 https://www.bleepingcomputer.com/news/google/google-triples-rewards-for-chrome-sandbox-escape-chain-exploits/ PDF程式庫ReportLab出現RCE漏洞 https://github.com/c53elyas/CVE-2023-33733 Google發布Chrome 114，修補18個漏洞 https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html 印表機管理系統PrinterLogic存在漏洞，可被用於繞過身分驗證、SQL注入、XSS攻擊 https://seclists.org/fulldisclosure/2023/May/16 應用程式框架Expo出現能劫持帳號的OAuth重大漏洞 https://www.ithome.com.tw/news/157063 Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking https://thehackernews.com/2023/05/critical-oauth-vulnerability-in-expo.html Barracuda郵件安全閘道傳出零時差漏洞攻擊，且在半年前就發生 https://www.barracuda.com/company/legal/esg-vulnerability Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances https://thehackernews.com/2023/05/barracuda-warns-of-zero-day-exploited.html Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months https://thehackernews.com/2023/05/alert-hackers-exploit-barracuda-email.html GCP的資料庫代管服務CloudSQL出現嚴重漏洞，恐曝露機密資料 https://www.dig.security/post/gcp-cloudsql-vulnerability-leads-to-internal-container-access-and-data-exposure Implementing Risk-Based Vulnerability Discovery and Remediation https://thehackernews.com/2023/05/implementing-risk-based-vulnerability.html Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass https://thehackernews.com/2023/05/microsoft-details-critical-apple-macos.html WordPress安全外掛程式Jetpack存在嚴重漏洞，攻擊者可用於操弄網站上的檔案 https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/ WordPress安全外掛程式Jetpack存在嚴重漏洞，攻擊者可用於操弄網站上的檔案 https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/ WordPress表單外掛程式Gravity Forms存在PHP物件注入漏洞 https://patchstack.com/articles/unauthenticated-php-object-injection-in-gravity-forms-plugin/ Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites https://thehackernews.com/2023/06/urgent-wordpress-update-fixes-critical.html MFT檔案傳輸系統MOVEit Transfer出現零時差漏洞攻擊，逾2,500臺伺服器恐成為目標 https://www.bleepingcomputer.com/news/security/new-moveit-transfer-zero-day-mass-exploited-in-data-theft-attacks/ MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited https://thehackernews.com/2023/06/moveit-transfer-under-attack-zero-day.html PowerBPM存在漏洞 (CVE-2023-25780)) https://www2.nchu.edu.tw/news-detail/id/55668 Zyxel 防火牆存在高風險漏洞(CVE-2023-28771)，目前已有Exploit Code，建議盡速進行修補作業 https://www.fisac.tw/STIX_CASE/QueryStixCase/Detail?Uno=9rUPM6iG6zM3gxMY7rhGs4QNkKPR1KoqAr8IPoB3r90__e_ Apache RocketMQ远程代码执行漏洞（CVE-2023-33246） https://www.seebug.org/vuldb/ssvid-99694 Openfind Mail2000 - XSS (Reflected Cross-site scripting) https://www.twcert.org.tw/tw/cp-132-7158-751a6-1.html 2.銀行/金融/保險/證券/金融監理新聞及資安美國醫療保險業者MCNA傳出遭勒索軟體LockBit攻擊，890萬人資料外洩 https://securityaffairs.com/146804/data-breach/mcna-data-breach.html 元大金精準識詐年逾4000萬次宣導　攜手刑事局資安聯防 https://www.mirrormedia.mg/story/20230530soc007/ 考量生成式AI導入風險永豐金端出2大禁用措施 https://www.cna.com.tw/news/afe/202306010391.aspx 銀行自律上路防堵供應鏈資安出包 https://reurl.cc/aVNqa7 3.信用卡/電子支付/行動支付/pay/支付系統/資安台人短期赴陸「支付難」　國台辦：將製作懶人包小視頻加大宣傳力度 https://www.ettoday.net/news/20230531/2510067.htm 美國監管機構警告儲存在行動支付應用程序上的錢可能不受FDIC保險 https://news.cnyes.com/news/id/5200465?exp=a 不只地鐵，「刷掌支付」進入校園！微信擴大佈局、開啟支付新戰場，支付寶緊張了 https://today.line.me/tw/v2/article/RByykem 綠界科技力推整合支付「TWQR」共用QR Code https://wantrich.chinatimes.com/news/20230531900982-420101 綠界攜手歐付寶搶攻支付商機 https://udn.com/news/story/7239/7203587 歐付寶開通繳費服 https://wantrich.chinatimes.com/news/20230531900353-420101 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets https://thehackernews.com/2023/05/new-stealthy-bandit-stealer-targeting.html Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining https://thehackernews.com/2023/05/cybercriminals-targeting-apache-nifi.html 資料流系統Apache NiFi遭到鎖定，被用於挖礦 https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900 竊資軟體Bandit鎖定瀏覽器及加密貨幣錢包而來 https://www.trendmicro.com/en_us/research/23/e/new-info-stealer-bandit-stealer-targets-browsers-wallets.html Orbiter Finance：Discord被駭客攻擊，請勿點擊任何鏈接 https://news.cnyes.com/news/id/5199759?exp=a 【加密貨幣懶人包】《虛擬資產交易平台指引》6月起生效 7 個投資加密貨幣你要知的事 https://reurl.cc/XElq1j 受駭客事件影響，LSD協議unshETH協議Token USH下跌超20% https://news.cnyes.com/news/id/5199185 Jimbos Protocol：已與美國土安全部等司法機構合作追捕駭客攻擊者 https://news.cnyes.com/news/id/5198970 LSD協議unshETH的合約部署私鑰被泄露，已緊急暫停提款並聯繫駭客 https://news.cnyes.com/news/id/5199187 如何利用部署地址發現鑽石專案 https://www.blocktempo.com/how-to-reach-new-projects-using-address/ 交易所資安大神、白帽駭客都在做什麼？XREX資安長教你如何避免被駭 https://web3plus.bnext.com.tw/article/938 unshETH：駭客已決定歸還合約所有權，若在6月3日未歸還剩餘資金將採取執法行動 https://news.cnyes.com/news/id/5201529?exp=a CertiK：5月份的加密詐騙和漏洞利用造成6000萬美元的損失 https://news.cnyes.com/news/id/5200107 批美國加密幣監管模糊不清！Coinbase CEO：中國成最大受益者 https://blockcast.it/2023/05/31/china-to-gain-most-from-restrictive-us-crypto-regulations-brian-armstrong-said/ 趨勢科技與SecuX合作推出聯名冷錢包　強化防偽、防詐的能力 https://finance.ettoday.net/news/2509877 監管合規帶動Web3雲上資安！企業該怎麼佈局 https://web3plus.bnext.com.tw/article/949 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 惡意軟體Horabot挾持Gmail、Outlook電子郵件信箱 https://blog.talosintelligence.com/new-horabot-targets-americas/ 惡意軟體QBot濫用住家IP位址設置短期C2，行蹤更加難以捉摸 https://blog.lumen.com/qakbot-retool-reinfect-recycle/ 無檔案木馬程式SeroXen鎖定遊戲玩家而來 https://cybersecurity.att.com/blogs/labs-research/seroxen-rat-for-sale 烏克蘭能源與水資源組織遭後門程式RomCom攻擊 https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html 印度安卓用戶遭到木馬程式DogeRAT鎖定，假借付費版App的名義散布 https://cloudsek.com/blog/dogerat-the-android-malware-campaign-targeting-users-across-multiple-industries 北韓駭客APT37濫用OneDrive散布木馬程式RokRAT https://threatmon.io/reverse-engineering-rokrat-a-closer-look-at-apt37s-onedrive-based-attack-vector/ 為迴避偵測，惡意PyPI套件導入Python組譯的程式碼檔案 https://www.reversinglabs.com/blog/when-python-bytecode-bites-back-who-checks-the-contents-of-compiled-python-files 間諜軟體Pegasus鎖定納戈爾諾卡拉巴赫戰爭而來，攻擊亞美尼亞人士 https://citizenlab.ca/2023/05/cr1-armenia-pegasus/ 跨國IT承包業者ABB證實遭到勒索軟體攻擊 https://www.bleepingcomputer.com/news/security/us-govt-contractor-abb-confirms-ransomware-attack-data-theft/ 駭客可假裝在瀏覽器視窗「顯示」壓縮檔內容，引誘受害者下載惡意軟體 https://mrd0x.com/browser-in-the-browser-phishing-attack/ 美國喬治亞洲奧古斯塔市傳出遭勒索軟體BlackByte攻擊 https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-claims-city-of-augusta-cyberattack/ People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a Buhti: New Ransomware Operation Relies on Repurposed Payloads https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices https://unit42.paloaltonetworks.com/mirai-variant-iz1h9/ Operation Magalenha | Long-Running Campaign Pursues Portuguese Credentials and PII https://www.sentinelone.com/labs/operation-magalenha-long-running-campaign-pursues-portuguese-credentials-and-pii/ Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware https://blog.talosintelligence.com/mercenary-intellexa-predator/ https://github.com/Cisco-Talos/IOCs/tree/main/2023/05 Predator Android Spyware: Researchers Uncover New Data Theft Capabilities https://thehackernews.com/2023/05/predator-android-spyware-researchers.html Terminator antivirus killer is a vulnerable Windows driver in disguise https://www.bleepingcomputer.com/news/security/terminator-antivirus-killer-is-a-vulnerable-windows-driver-in-disguise/ 日本Linux路由器設備遭到木馬程式GobRAT鎖定 https://blogs.jpcert.or.jp/en/2023/05/gobrat.html New GobRAT Remote Access Trojan Targeting Linux Routers in Japan https://thehackernews.com/2023/05/new-gobrat-remote-access-trojan.html Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users https://thehackernews.com/2023/05/sneaky-dogerat-trojan-poses-as-popular.html 加殼工具AceCryptor在2年內被用於逾24萬起惡意軟體攻擊行動 https://www.welivesecurity.com/2023/05/25/shedding-light-acecryptor-operation/ AceCryptor: Cybercriminals' Powerful Weapon, Detected in 240K+ Attacks https://thehackernews.com/2023/05/acecryptor-cybercriminals-powerful.html Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks https://thehackernews.com/2023/05/dark-pink-apt-group-leverages.html RomCom RAT Using Deceptive Web of Rogue Software Sites for Covert Attacks https://thehackernews.com/2023/05/romcom-rat-using-deceptive-web-of-rogue.html 勒索軟體BlackCat出現新變種，更偏重規避偵測能力 https://securityintelligence.com/posts/blackcat-ransomware-levels-up-stealth-speed-exfiltration/ Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics https://thehackernews.com/2023/06/improved-blackcat-ransomware-strikes.html N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT https://thehackernews.com/2023/06/n-korean-scarcruft-hackers-exploit.html Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks https://thehackernews.com/2023/06/active-mirai-botnet-variant-exploiting.html Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering https://thehackernews.com/2023/06/camaro-dragon-strikes-with-new-tinynote.html 惡意軟體QBot濫用Windows內建的WordPad應用程式側載執行 https://www.bleepingcomputer.com/news/security/qbot-malware-abuses-windows-wordpad-exe-to-infect-devices/ Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks https://thehackernews.com/2023/06/evasive-qbot-malware-leverages-short.html New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware https://thehackernews.com/2023/06/new-zero-click-hack-targets-ios-users.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 5 Must-Know Facts about 5G Network Security and Its Cloud Benefits https://thehackernews.com/2023/05/5-must-know-facts-about-5g-network.html 惡意程式鎖定iPhone用戶，濫用iMessage發動攻擊 https://securelist.com/operation-triangulation/109842/ 安卓惡意程式SpinOk透過遊戲App散布，被下載逾4億次 https://news.drweb.com/show/?i=14705 安卓間諜軟體Predator鎖定媒體、政治人物、Meta高階主管而來 http://blog.talosintelligence.com/mercenary-intellexa-predator/ 快刪！101款APP會竊個資　4.2億人已下載「完整名單一次看」 https://www.setn.com/News.aspx?NewsID=1303177 內含間諜軟體 SpinOK 的 Android App 在 Google Play 中下載超過 4 億次 https://www.twcert.org.tw/tw/cp-104-7156-f0aab-1.html 俄控美用iPhone監控外交官蘋果否認 https://udn.com/news/story/6809/7207823 資安公司卡巴斯基：數十名員工手機遭美駭入 https://today.line.me/tw/v2/article/608vo6j C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力資安人才需求大，內訓與自動化成關鍵 https://ithome.com.tw/news/156872 臺灣現有資安人力吃緊，2023年預期還要再找近8成人力 https://www.ithome.com.tw/news/157152 全球最大BT盜版網站RARBG宣布關站　原因令人意外　微博一片哀號 https://www.hk01.com/article/904122?utm_source=01articlecopy&utm_medium=referral 從竊幣到散播假消息國家部隊幹這種事 https://ec.ltn.com.tw/article/breakingnews/4319662 研究人員警告兆勤防火牆漏洞出現大量攻擊行動 https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-zyxel-firewall-flaw-in-ongoing-attacks/ 日本在G7高峰會承諾將協助開發中國家改善資安 https://www.jica.go.jp/english/news/field/2023/20230518_21.html 圖靈驗證CAPTCHA出現真人與機器人協作的服務，恐被濫用 https://www.trendmicro.com/en_us/research/23/e/abusing-web-services-using-automated-captcha-breaking-services-and-residential-proxies.html 駭客在俄文駭客論壇兜售能繞過防毒軟體的作案工具Terminator https://www.bleepingcomputer.com/news/security/terminator-antivirus-killer-is-a-vulnerable-windows-driver-in-disguise/ 駭客組織Dark Pink鎖定亞太與歐洲的組織發動攻擊 https://www.group-ib.com/blog/dark-pink-episode-2/ 朝鮮發射偵查衛星，出現事故墜落黃海 https://zh.cn.nikkei.com/politicsaeconomy/politicsasociety/52551-2023-05-31-14-43-35.html 俄烏衝突兼具傳統與現代資安較勁網路戰各自展開 https://www.youtube.com/watch?v=Wkdf8rayX0U 美報告：中國擴大投入蒐集開源情報了解美軍涉台防衛資訊 https://def.ltn.com.tw/article/breakingnews/4321452 美媒：中國間諜疑扮遊客探軍情近年多次圖闖阿拉斯加美軍基地 https://www.cna.com.tw/news/aopl/202306010182.aspx 中共黑客攻擊關島專家：對美超限戰之一 https://www.epochtimes.com/b5/23/5/31/n14007253.htm 疑有政府撐腰　神祕駭客組織「深粉紅」專攻東協政府網站 https://today.line.me/tw/v2/article/Yaeer8p 反擊北韓發射間諜衛星南韓制裁北韓駭客團體Kimsuky https://reurl.cc/YejE7o 美國立法者提出法案以應對中國對台灣的網路威脅 https://blog.twnic.tw/2023/06/02/26805/ 19项网络安全国家标准获批发布 https://www.aqniu.com/industry/96603.html New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force https://thehackernews.com/2023/05/new-bruteprint-attack-lets-attackers.html Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities https://thehackernews.com/2023/05/beware-of-ghost-sites-silent-threat.html North Korea's Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks https://thehackernews.com/2023/06/north-koreas-kimsuky-group-mimics-key.html Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin https://thehackernews.com/2023/06/unmasking-xe-group-experts-reveal.html Security Engineer (資安工程師) in undefined at Logicalis https://reurl.cc/EoZjpk 資安工程師 https://www.104.com.tw/job/7ypcf?jobsource=m104 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全新型「線上檔案封存」釣魚工具可濫用ZIP 域名傳播惡意軟體 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10494 Don't Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims https://thehackernews.com/2023/05/dont-click-that-zip-file-phishers.html Severe Flaw in Google Cloud's Cloud SQL Service Exposed Confidential Data https://thehackernews.com/2023/05/severe-flaw-in-google-clouds-cloud-sql.html 豐田汽車再度揭露雲端配置不當的情況 https://global.toyota/en/newsroom/corporate/39241625.html 允許員工擅自存取Ring用戶監視影片，Amazon面臨3千萬美元罰款 https://www.bleepingcomputer.com/news/technology/amazon-faces-30-million-fine-over-ring-alexa-privacy-violations/ FTC與亞馬遜Ring門鈴部門就涉嫌侵犯用戶私隱達成和解 https://reurl.cc/mDvr8A 瑞士房仲業務Neho因網站配置不當，公開可接管內部系統的帳密資料 https://cybernews.com/security/neho-real-estate-agency-data-leak/ 假借員工申請旅遊休假的通知網路釣魚出現，鎖定人資單位而來 https://cofense.com/blog/summer-time-scams-the-return-of-vacation-request-phishing-emails/ 假借旅遊休假名義的網路釣魚、BEC詐騙出現 https://cofense.com/blog/summer-time-scams-the-return-of-vacation-request-phishing-emails/ 有人向德國媒體洩露特斯拉內部資料，自動駕駛Autopilot的投訴資料因此曝光 https://www.handelsblatt.com/unternehmen/industrie/tesla-files-was-sie-ueber-die-recherchen-zu-den-geheimen-tesla-files-wissen-muessen/29167070.html 駭客挾持Microsoft 365帳號並濫用RPMSG附件竊密 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/microsoft-encrypted-restricted-permission-messages-deliver-phishing/ 針對資料外洩事件，YouBike擬賠償受害者每人500元騎乘券 https://www.youbike.com.tw/region/main/news/service/647050e001f02c629b73bb65/ 加 LINE、裝 APP 就能使用 CHATGPT AI？小心個資外洩遭詐騙集團側錄 https://www.vedfolnir.com/chatgpt-ai-line-app-scam-58862.html 詐團就像跟蹤狂！個資外洩恐讓你的消費行為都被掌握了 https://reurl.cc/ZWj9K6 別被騙！OpenAI技術長推特被盜，12.6萬追蹤者見「釣魚連結」騙發幣 https://www.blocktempo.com/cto-of-openai-got-hacked/ 使用民網即時通訊軟體慎防隱私外洩 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1590508 門諾公益捐款網站資安公告 https://public.mch.org.tw/index.php?action=news_in&id=709 包含 478,000 名 RaidForums 成员的数据库在线泄露 https://www.anquanke.com/post/id/289030 抖音敏感"財務資料"竟存在中國？富比世示警"存在資安疑慮" 抖音宣稱耗460億保護美國用戶個資卻沒兌現律師：稅務紀錄超敏感 https://www.youtube.com/watch?v=87XrNn6b1wA TikTok執行長說謊？　被揭機敏個資「放中國」 https://news.cts.com.tw/cts/general/202306/202306022186027.html E.研究報告/工具研究人員揭露Hot Pixels攻擊手法，藉由偵測Arm處理器與GPU的溫度、功率變化，竊取瀏覽器資料 https://arxiv.org/abs/2305.12784 研究人員公布鎖定ReportLab的概念性驗證攻擊程式 https://www.ithome.com.tw/news/157151 亞馬遜一份員工教戰手冊外流，揭示它在生成式 AI 大戰把誰當對手 https://buzzorange.com/techorange/2023/06/01/amazon-generative-ai-sales-playbook/ 间谍软件之争：Paragon Solutions VS NSO Group https://www.anquanke.com/post/id/289045 卡巴斯基报告称，人为错误助长了工业 APT 攻击 https://www.anquanke.com/post/id/289049 新型挖矿恶意软件Minas的分析 https://www.4hou.com/posts/1p60 离职员工带来的网络安全风险及安全建议 https://www.4hou.com/posts/8zM2 加密视角下的威胁情报能力建设与提升 https://www.aqniu.com/vendor/96649.html 3 Challenges in Building a Continuous Threat Exposure Management (CTEM) Program and How to Beat Them https://thehackernews.com/2023/05/3-challenges-in-building-continuous.html PyPI Implements Mandatory Two-Factor Authentication for Project Owners https://thehackernews.com/2023/05/pypi-implements-mandatory-two-factor.html 6 Steps to Effectively Threat Hunting: Safeguard Critical Assets and Fight Cybercrime https://thehackernews.com/2023/05/6-steps-to-effective-threat-hunting.html CAPTCHA-Breaking Services with Human Solvers Helping Cybercriminals Defeat Security https://thehackernews.com/2023/05/captcha-breaking-services-with-human.html How Wazuh Improves IT Hygiene for Cyber Security Resilience https://thehackernews.com/2023/06/how-wazuh-improves-it-hygiene-for-cyber.html The Importance of Managing Your Data Security Posture https://thehackernews.com/2023/06/the-importance-of-managing-your-data.html F.商業防範網路勒索攻擊，卡巴斯基倡議資安透明化 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10485 Axiado推出由AI驅動的安全處理器樣本 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10493 WithSecure唯思安全VM漏洞管理解決方案 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10486 資安新創OneDegree與微軟聯手，打造AI資安助理Cymetrics Copilot https://cymetrics.io/en-us/latest/all/onedegree-global-and-microsoft-join-forces-to-drive-insurtech-and-cybersecurity-innovations-with-azure-openai Google Cloud用戶可使用免費ACME API，自動獲取和更新受信任的TLS憑證 https://www.ithome.com.tw/news/157104 PyPI強制所有的套件開發者採用雙因素驗證 https://www.ithome.com.tw/news/157088 開發營運新動能信驊鎖定智慧工廠、伺服器資安防護 https://ec.ltn.com.tw/article/breakingnews/4319289 SGS 協助宏碁完成EN 303 645物聯網安全測試，超前佈署歐盟無線射頻法規資安要求 https://www.sgs.com.tw/news-media-resources-content/page/1?id=681 資安需求夯安碁資訊營運續衝 https://ctee.com.tw/news/tech/874514.html G.政府經濟部預告零售業個資保護規範，需專責管理 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10488 國內5G專頻專網管理辦法正式上路，6/5受理申請 https://www.ithome.com.tw/news/157175 處罰民間企業個資保護缺失首例！數位部針對蝦皮、誠品個資外洩事故開罰 https://moda.gov.tw/ADI/news/latest-news/5273 誠品個資外洩不只數發部罰10萬櫃買中心也開鍘了 https://wantrich.chinatimes.com/news/20230531901205-420101 民眾抱怨房貸戶支持專案網頁連不進去營建署：瞬間湧入2萬筆資料 https://ec.ltn.com.tw/article/breakingnews/4320007 投資詐騙頻傳，立院修法通過網路投資廣告實名制、平台負賠償責任 https://technews.tw/2023/05/31/anti-fraud/ 數位部率團會晤美NIST代表交流資安防護機制 https://www.cna.com.tw/news/afe/202306010366.aspx 台美安全官員在美會晤交流供應鏈資安規範 https://ec.ltn.com.tw/article/breakingnews/4320657 唐鳳會見吐瓦魯訪團分享台灣數位政府經驗 https://www.rti.org.tw/news/view/id/2169672 陳建仁：組改新機關員額以最小規模規劃 https://www.rti.org.tw/news/view/id/2169568 數位外交里程碑數位部資安院與立陶宛簽MOU https://ec.ltn.com.tw/article/breakingnews/4320601 「保護關鍵基礎設施加重刑責」三讀通過！破壞醫療實體或資通系統恐重罰1億元處無期徒刑 https://newtalk.tw/news/view/2023-05-31/873726 治安、資安執政失能時力促補足人力 https://www.epochtimes.com/b5/23/6/2/n14008903.htm H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安新OT惡意軟體COSMICENERGY直衝電網而來 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10495 COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises https://www.mandiant.com/resources/blog/cosmicenergy-ot-malware-russian-response New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids https://thehackernews.com/2023/05/new-cosmicenergy-malware-exploits-ics.html OT安全管理趨勢：交棒資安長，強化資安治理成熟度 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10490 研究人員從Sonos One智慧音箱挖掘重大漏洞，可透過root權限執行任意程式碼 https://thehackernews.com/2023/05/hackers-win-105000-for-reporting.html Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers https://thehackernews.com/2023/05/hackers-win-105000-for-reporting.html Moxa修補網路安全管理系統MXsecurity漏洞 https://www.securityweek.com/moxa-patches-mxsecurity-vulnerabilities-that-could-be-exploited-in-ot-attacks/ 荷蘭許多太陽能板變流器易受駭客入侵 https://www.trade.gov.tw/Pages/Detail.aspx?nodeID=45&pid=762813 75% OT企業組織過去12個月內曾遭駭客入侵 https://www.eettaiwan.com/20230601nt22-state-of-operational-technology-and-cybersecurity-report/ AIXS攜手防護網路安全 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000664603_UBU5WC8511035O2NYO05A 工業 5.0 蓄勢待發，製造業借助 AI 邁向智慧工廠新時代！掌握資安思維是關鍵 https://hennge.com/tw/blog/ai-accelerates-manufacturing-with-smart-factory.html I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 6.近期資安活動及研討會 𝑭𝑰𝑹𝑴𝑨𝑿𝑬 futures $SUI, $DOGE, $BTC, $ SHIB, $P2023/6/3 https://www.meetup.com/ximen-altcoin-news/events/293816528/ Just a chat - with no Expectations 2023/6/3 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/293525927/ Hugging Face :Question Answering 2023/6/6 https://www.meetup.com/tensorflow-user-group-taipei/events/290714892/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會淡水 2023/6/8 https://www.meetup.com/hackingthursday/events/293631935/ 金融與支付業務上雲新挑戰 2023/6/9 https://www.accupass.com/event/2305170545479722231720 KaLUG 2306 聚會 - 新世代開源 VPN 伺服器 wireguard 2023/6/10 https://kalug.kktix.cc/events/2306 Drupal Mentoring Taipei - Meet and Code 2023/6/10 https://www.meetup.com/drupal-mentoring-taipei/events/293076527/ 大型語言模型時代下，建置解決方案該有的姿勢/知識 (Building solutions with LLMs) 2023/6/12 https://www.meetup.com/rladies-taipei/events/293170581/ 資安分析新手村：掌握網路封包分析技術（線上課程） 2023/6/13 https://forms.gle/msePzws5GtcDunrc7 SyntaxError 2023/6/14 https://www.meetup.com/pythonhug/events/293758083/ 資安分析新手村：掌握網路封包分析技術（實體課程）2023/6/14 https://forms.gle/mtpZNPCpTVyv97Dr9 台灣專場「Microsoft Build Taiwan」 2023/6/15 https://mktoevents.com/microsoft+event/400676/157-gqe-382?wt.mc_id=AID3059306_QSG_PD_EML_644332 Putting Privacy at the Forefront in Automotive 2023/6/16 https://www.meetup.com/automotive-security-research-group-taipei-asrg-%E8%87%BA%E5%8C%97/events/293824870/ 思科雲端攻防戰_企業資安人才計畫全面啟動 2023/6/16 https://www.accupass.com/event/2305051229145163809640 2023 Empowering Yourself, Empowering Others Series: 調出跨文化故事力 2023/6/20 https://www.meetup.com/women-who-code-taipei/events/293462074/ Taipei dbt Meetup #12 (in-person 👫 & online 👨‍💻) 2023/6/21 https://www.meetup.com/taipei-dbt-meetup/events/293758471/ 黑客視角：網站漏洞挖掘與防禦 ( 線上課程) 2023/6/27 https://forms.gle/JpThJxMgxZd3uNh39 黑客視角：網站漏洞挖掘與防禦 ( 實體課程) 2023/6/28 https://forms.gle/qQAqx8KZzzntSyLd9 SaaS軟體PM-技術實戰班｜AWS雲端架構設計｜軟體資安｜AWS實作Lab｜模擬試題 2023/6/30 https://www.accupass.com/event/2305310854254976071070 SGS汽車供應鏈發展新趨勢研討會電動車產業關鍵佈局迎向智慧安全新未來 2023/7/4 https://www.accupass.com/event/2304250153518811535560 2023-零信任存取 - APPLE資安研討會 2023/7/5 https://2023gettechnology.kktix.cc/events/48f91757 台灣駭客年會 HITCON Training 2023 2023/7/12 ~ 2023/7/15 https://hitcon.kktix.cc/events/hitcon-training-2023 大數據分析進階班 2023/7/27 ~ 2023/7/28 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=600 【舒虎教育】《區塊鏈初階課程》平日班 2023/7/27 ~ 2023/7/28 https://www.accupass.com/event/2305280843071623542481 【舒虎教育】《區塊鏈初階課程》假日班 2023/7/29 ~ 2023/7/30 https://www.accupass.com/event/2305280843202058678448 COSCUP 2023 2023/07/29 ~ 2023/07/30 https://coscup.org/2023/zh-TW/landing InfoSec Taiwan 2023 國際資安大會 2023/8/1 ~ 2023/8/3 https://csa.kktix.cc/events/infosectaiwan2023 大數據分析進階班 2023/8/10 ~ 2023/8/11 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=611 DEF CON 32 2023/8/10 ~ 2023/8/13 https://defcon.org/index.html AIoT應用實作研習班 2023/8/16 ~ 2023/8/17 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=601 HITCON CMT 2023 2023/08/18 ~ 2023/08/19 https://hitcon.org/2023/CMT/ 大數據分析進階班 (台中) 2023/8/21 ~ 2023/8/22 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=612 AIoT應用實作研習班 (台中) 2023/8/23 ~ 2023/8/24 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=604 PyCon TW 2023 2023/9/2 ~ 2023/9/3 https://tw.pycon.org/2023/zh-hant/registration/tickets Web應用滲透測試 2023/9/7 ~ 2023/9/8 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=631 Hou.Sec.Con 2023/10/12 ~ 2023/10/13 https://web.cvent.com/event/76d46ccb-fe00-4fe5-ba46-e4a77c807f21/summary (ISC)2 SECURITY CONGRESS LEAD WITH CONFINDENCE 2023/10/25 ~ 2023/10/27 https://www.isc2.org/Congress-2023