###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/1/15 ~ 2024/1/19 1.重大弱點漏洞/後門/Exploit/Zero Day Citrix NetScaler設備管理介面存在零時差漏洞，逾1,500臺系統曝險 https://www.bleepingcomputer.com/news/security/citrix-warns-of-new-netscaler-zero-days-exploited-in-attacks/ https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549 https://dashboard.shadowserver.org/statistics/iot-devices/time-series/?date_range=7&vendor=citrix&model=netscaler+management+interface&group_by=geo&style=stacked 針對5月丹麥能源業者遭到兆勤防火牆漏洞攻擊，有研究人員找到新的證據，認為是大規模漏洞攻擊的一部分 https://www.forescout.com/blog/analysis-of-energy-sector-cyberattacks-in-denmark-and-ukraine/ Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now https://thehackernews.com/2024/01/alert-over-178000-sonicwall-firewalls.html 逾17萬臺SonicWall防火牆容易受到DoS及RCE攻擊 https://bishopfox.com/blog/its-2024-and-over-178-000-sonicwall-firewalls-are-publicly-exploitable Ivanti上週公布的SSL VPN零時差漏洞遭到大規模利用 https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/ Ivanti Connect Secure VPN Exploitation: New Observations https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/ https://github.com/volexity/threat-intel/blob/main/2024/2024-01-18%20Ivanti%20Connect%20Secure%20pt3/indicators/iocs.csv 美國CISA示警Microsoft SharePoint 的關鍵漏洞已被積極利用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10901 Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families https://thehackernews.com/2024/01/nation-state-actors-weaponize-ivanti.html Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP! https://thehackernews.com/2024/01/citrix-vmware-and-atlassian-hit-with.html Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day Oracle Critical Patch Update for January 2024 https://www.oracle.com/security-alerts/cpujan2024.html Apache ActiveMQ Vulnerability Leads to Stealthy Godzilla Webshell https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/apache-activemq-vulnerability-leads-to-stealthy-godzilla-webshell/ FLASH: Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities (2024.01.17) https://www.ibm.com/support/pages/node/7108657?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E Cisco 近日發布更新以解決 Cisco Unity Connection 的安全性弱點 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-unauth-afu-FROYsCsD Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches https://thehackernews.com/2024/01/critical-rce-vulnerability-uncovered-in.html Juniper 針對 Junos OS 和 Junos OS Evolved 中的弱點安全報告 https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-jflow-scenario-continuous-route-churn-will-cause-a-memory-leak-and-eventually-an-rpd-crash-CVE-2024-21611?language=en_US Fortinet 發布 FortiOS 和 FortiProxy 安全更新 https://www.fortiguard.com/psirt/FG-IR-23-315 微軟發布多個產品的安全性更新公告 https://msrc.microsoft.com/update-guide/releaseNote/2024-Jan CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html https://documents.trendmicro.com/images/TEx/20240111-cve-2023%E2%80%9336025-phemedrone-iocs8L7B0q0.txt Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability https://thehackernews.com/2024/01/balada-injector-infects-over-7100.html WordPress寄信外掛程式POST SMTP Mailer存在漏洞，攻擊者有可能用於挾持網站 https://www.bleepingcomputer.com/news/security/over-150k-wordpress-sites-at-takeover-risk-via-vulnerable-plugin/ https://www.wordfence.com/blog/2024/01/type-juggling-leads-to-two-vulnerabilities-in-post-smtp-mailer-wordpress-plugin/ https://www.bleepingcomputer.com/news/security/over-150k-wordpress-sites-at-takeover-risk-via-vulnerable-plugin/ AI Engine 外掛程式存在漏洞！ 5萬個 WordPress 網站可能遭受遠端攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10895 程式碼儲存庫GitLab存在零點擊帳號劫持漏洞，攻擊過程無須使用者互動就能進行 https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591 https://dashboard.shadowserver.org/statistics/iot-devices/time-series/?date_range=7&vendor=juniper&model=web+device+manager&group_by=geo&style=stacked https://dashboard.shadowserver.org/statistics/iot-devices/tree/?day=2023-08-28&vendor=juniper&model=web+device+manager&geo=all&data_set=count&scale=log Urgent: GitLab Releases Patch for Critical Vulnerabilities - Update ASAP https://thehackernews.com/2024/01/urgent-gitlab-releases-patch-for.html Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows https://thehackernews.com/2024/01/opera-myflaw-bug-could-let-hackers-run.html GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials https://thehackernews.com/2024/01/github-rotates-keys-after-high-severity.html Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability https://thehackernews.com/2024/01/zero-day-alert-update-chrome-now-to-fix.html 研究人員揭露PixieFail弱點，恐影響企業主機的PXE網路開機功能 https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft https://thehackernews.com/2024/01/pixiefail-uefi-flaws-expose-millions-of.html U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability https://thehackernews.com/2024/01/us-cybersecurity-agency-warns-of.html 研究人員公布9個UEFI安全漏洞，波及微軟、AMI與Arm等業者 https://www.ithome.com.tw/news/160908 蘋果、AMD、高通GPU存在名為LeftoverLocals的弱點，有可能洩露AI相關資料 http://blog.trailofbits.com/2024/01/16/leftoverlocals-listening-to-llm-responses-through-leaked-gpu-local-memory/ 研究人員揭露PixieFail弱點，恐影響企業主機的PXE網路開機功能 https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html VMware修補雲端基礎架構自動化平臺Aria Automation重大漏洞 https://www.vmware.com/security/advisories/VMSA-2024-0001.html DevOps協作平臺Atlassian Confluence存在重大漏洞，攻擊者無須通過身分驗證就能發動RCE攻擊 https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html Google修補2024年Chrome第1個零時差漏洞 https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html 微軟SharePoint權限提升漏洞CVE-2023-29357已被用於攻擊行動 https://www.cisa.gov/news-events/alerts/2024/01/10/cisa-adds-one-known-exploited-vulnerability-catalog Opera瀏覽器檔案共用功能My Flow存在漏洞，可被用於執行作業系統底層任意檔案 https://labs.guard.io/myflaw-cross-platform-0-day-rce-vulnerability-discovered-in-operas-browser-099361a808ab 2.銀行/金融/保險/證券/金融監理 新聞及資安 國泰金控以保險雲中臺打造產品工廠，商品上線數位通路時程縮短至兩天內 https://www.ithome.com.tw/news/160927 OneDegree Global: 將提高攻擊者成本作為資安主要戰略，聚焦三大策略 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10905 金管會盯銀行春節資安 https://money.udn.com/money/story/5613/7705320 F5：金融3.0 即將上路，API 盤點六大機制保護安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10882 3.信用卡/電子支付/行動支付/pay/支付系統/資安 歐盟委員會徵求反饋 了解蘋果是否開放競爭對手行動支付科技 https://news.cnyes.com/news/id/5434341 行動支付鹹水雞顧客遭控「假明細」騙餐 https://reurl.cc/2zzgpX 去年120萬港澳人士內地消費快捷電子支付金額逾48億增長逾1.12倍 https://www.tkww.hk/a/202401/16/AP65a678c4e4b05c88581d6ffa.html 內地支付方式一文睇！手機支付有優勢？刷掌、刷臉支付有缺點 https://reurl.cc/dLL5R6 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services https://thehackernews.com/2024/01/29-year-old-ukrainian-cryptojacking.html Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks https://thehackernews.com/2024/01/cryptominers-targeting-misconfigured.html Bitfinex CTO：駭客試圖利用150億美元的XRP進行「部分支付漏洞」攻擊但未成功 https://www.panewslab.com/zh_hk/sqarticledetails/50dnfpz0Ft.html 韓國金融監管機構考慮對加密貨幣混幣器實施監管 https://news.cnyes.com/news/id/5431414 Curve團隊建議提供約604萬枚veCRV以補償JPEG'd DAO於7月因駭客攻擊造成的損失 https://news.cnyes.com/news/id/5431146 Solana 駭客：複雜的騙局竊取了數百萬加密資產 https://portalcripto.com.br/zh-TW/solana-%E9%A7%AD%E5%AE%A2%E8%A4%87%E9%9B%9C%E7%9A%84%E9%A8%99%E5%B1%80%E7%AB%8A%E5%8F%96%E4%BA%86%E6%95%B8%E7%99%BE%E8%90%AC%E5%8A%A0%E5%AF%86%E8%B3%87%E7%94%A2/ 因應 Orbit Bridge 被駭，南韓監管將著手打擊混幣器的非法使用 https://abmedia.io/korea-to-monitor-vasp-mixer-tx Coinbase獨佔8家比特幣現貨ETF託管，若「被駭」會發生什麼災難 https://www.blocktempo.com/will-coinbase-compensate-if-bitcoins-held-by-bitcoin-spot-etfs-are-stolen/ 三年內兩度被攻擊、8億損失自己吞！營運長回首關鍵24小時，逆境如何讓Kronos更強大 https://web3plus.bnext.com.tw/article/2141? BasketDAO合約被駭客入侵，損失超10萬美元 https://news.cnyes.com/news/id/5433177 Socket駭客已將盜取的USDC和USDT兌換成1137枚ETH，約合291萬美元 https://www.panewslab.com/zh_hk/sqarticledetails/2w3d66c6Ft.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 韓國城市的政府伺服器「感染加密挖礦惡意軟體」 https://news.knowing.asia/news/e26f90fa-bb2a-4b03-965f-7b1cff9c8ee5 駭客假冒加密貨幣交易所Coinbase，散布惡意程式Inferno Drainer https://www.group-ib.com/blog/inferno-drainer/ 遠端桌面軟體TeamViewer遭濫用，駭客對受害電腦植入勒索軟體 https://www.huntress.com/blog/ransomware-deployment-attempts-via-teamviewer 惡意程式Balada Injector鎖定外掛程式Popup Builder漏洞，感染逾7千個WordPress網站 https://www.bleepingcomputer.com/news/security/new-balada-injector-campaign-infects-6-700-wordpress-sites/ https://blog.sucuri.net/2024/01/thousands-of-sites-with-popup-builder-compromised-by-balada-injector.html https://wpscan.com/blog/stored-xss-fixed-in-popup-builder-4-2-3/ https://infosec.exchange/@rmceoin/111665788958104483 Mirai變種殭屍網路NoaBot針對SSH伺服器而來，將其用於挖礦 https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining 伊朗駭客Charming Kitten鎖定歐美研究構散布惡意程式MediaPl https://www.microsoft.com/en-us/security/blog/2024/01/17/new-ttps-observed-in-mint-sandstorm-campaign-targeting-high-profile-individuals-at-universities-and-research-orgs/ Linux惡意軟體DreamBus鎖定Metabase、Apache RocketMQ等應用系統而來 https://www.zscaler.com/blogs/security-research/dreambus-unleashes-metabase-mayhem-new-exploit-module 竊資軟體鎖定Mac電腦而來，繞過作業系統的防護機制XProtect https://www.sentinelone.com/blog/the-many-faces-of-undetected-macos-infostealers-keysteal-atomic-cherrypie-continue-to-adapt/ 惡意軟體Phemedrone Stealer透過Windows已知漏洞散布 https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html WorkersDevBackdoor Delivered via Malvertising https://www.esentire.com/blog/workersdevbackdoor-delivered-via-malvertising 3 Ransomware Group Newcomers to Watch in 2024 https://thehackernews.com/2024/01/3-ransomware-group-newcomers-to-watch.html Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families https://thehackernews.com/2024/01/nation-state-actors-weaponize-ivanti.html Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion https://thehackernews.com/2024/01/medusa-ransomware-on-rise-from-data.html A Victim of Mallox Ransomware https://www.truesec.com/hub/blog/a-victim-of-mallox-ransomware-how-truesec-csirt-fought-back 殭屍網路Androxgh0st竊取AWS及微軟帳密 https://www.bleepingcomputer.com/news/security/fbi-androxgh0st-malware-botnet-steals-aws-microsoft-credentials/ Known Indicators of Compromise Associated with Androxgh0st Malware https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-016a Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims https://thehackernews.com/2024/01/inferno-malware-masqueraded-as-coinbase.html This Free Discovery Tool Finds and Mitigates AI-SaaS Risks https://thehackernews.com/2024/01/combating-ip-leaks-into-ai-applications.html Npm Trojan Bypasses UAC, Installs AnyDesk with "Oscompatible" Package https://thehackernews.com/2024/01/npm-trojan-bypasses-uac-installs.html New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic https://thehackernews.com/2024/01/new-docker-malware-steals-cpu-for.html Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware https://thehackernews.com/2024/01/russian-coldriver-hackers-expand-beyond.html 殭屍網路Androxgh0st鎖定PHPUnit、Laravel、Apache HTTP伺服器弱點，竊取AWS及微軟帳密 https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-016a 竊資軟體Azorult捲土重來，透過冒充PDF文件的捷徑檔案散布 https://cyble.com/blog/sneaky-azorult-back-in-action-and-goes-undetected/ B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone https://thehackernews.com/2024/01/new-ishutdown-method-exposes-hidden.html MFA Spamming and Fatigue: When Security Measures Go Wrong https://thehackernews.com/2024/01/mfa-spamming-and-fatigue-when-security.html 中國防堵 AirDrop 點對點通訊 聲稱破解加密可得知用戶身分 https://netmag.tw/2024/01/16/china-claims-to-crack-apple-airdrop-encryption-to-track-user-identity C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 非營利組織Water for People遭勒索軟體Medusa攻擊 https://therecord.media/water-for-people-medusa-ransomware 英國美妝業者Lush遭遇網路攻擊 https://therecord.media/british-cosmetics-lush-cyberattack 資安量能不足　白帽駭客認為多家公司早就被駭 https://www.merit-times.com/NewsPage.aspx?unid=874924 Hadoop與Flink遭到鎖定，駭客針對不當配置下手，執行任意程式碼 https://blog.aquasec.com/threat-alert-apache-applications-targeted-by-stealthy-attacker KKday 後台系統遭駭 472 次！Klook 高薪挖角對手經理，盜取營運策略遭起訴 https://www.managertoday.com.tw/articles/view/68018?utm_source=copyshare 旅遊業者KKday前員工帶槍投靠新東家，竟是藉由沒有修改密碼的帳號存取後臺 https://tw.nextapple.com/local/20240117/C0733ECAB34F4AAD1A3FF4ECF0CF4FA1 https://news.ltn.com.tw/news/society/breakingnews/4554650 https://www.chinatimes.com/realtimenews/20240117001501-260402 北韓駭客正洗錢！利用東南亞犯罪網絡　聯合國公開調查報告 https://www.nownews.com/news/6346637 四大攻擊類型並存！美國NIST 示警軟體設計快速導入AI可能產生的安全和隱私風險 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10892 上市半導體大廠遭駭客入侵 官網被挾持 嗆聲「公布機密」 https://www.chinatimes.com/realtimenews/20240116003087-260410?ctrack=pc_main_rtime_p03&chdtv 遭駭客入侵 京鼎：全面掃描檢測 以日常備份復原運作 https://www.fountmedia.io/article/182572 京鼎遭駭客入侵挾持官網 公司：已可復原運作無重大影響 https://www.inside.com.tw/article/33938-foxsemicon-hacker 京鼎遭駭客入侵 金管會：證交所將提醒檢視資安 https://reurl.cc/YVV6QL 京鼎遭駭客入侵 分析：應優先強化攻擊前期防護 https://www.cna.com.tw/news/ait/202401160307.aspx 京鼎遭駭客入侵！證交所親赴公司　資安查核「要求做3事」 https://www.setn.com/news.aspx?newsid=1414729 京鼎遭駭客攻擊，證交所：已派員前往查核 https://infosecu.technews.tw/2024/01/17/foxsemicon-hack/ 不只京鼎！PCB廠恩德也遭駭客攻擊　公司證實：啟動防禦機制 https://news.tvbs.com.tw/life/2370444 印刷電路板業者恩德證實部分資訊系統遭遇網路攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=161057&SPOKE_DATE=20240117&COMPANY_ID=1528 瑞士政府稱多個網站遭俄羅斯駭客攻擊 對其接待澤連斯基進行報復 https://reurl.cc/VNNXo5 駭客組織Anonymous Sudan聲稱攻擊倫敦網際網路交換中心得逞 https://www.hackread.com/anonymous-sudan-london-internet-exchange-attack/ 立陶宛網站遭到俄羅斯駭客NoName攻擊，起因是該國聲援烏克蘭 https://thecyberexpress.com/cyberattack-on-lithuania-websites/ 「伏特颱風」強度再增加! 近一個月系統性攻擊美、英、澳關鍵基礎設施 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10900 老舊思科路由器遭中國駭客組織Volt Typhoon鎖定，被用於部署殭屍網路基礎設施 https://resources.securityscorecard.com/research/volt-typhoon Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days https://resources.securityscorecard.com/research/volt-typhoon Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War Experts https://thehackernews.com/2024/01/iranian-hackers-masquerades-as.html From Russia With Code: Disarming Atomic Stealer https://russianpanda.com/2024/01/15/Atomic-Stealer-AMOS/ https://github.com/RussianPanda95/Yara-Rules/blob/main/AtomicStealer/Atomic_Stealer.yar Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box https://blog.xlab.qianxin.com/bigpanzi-exposed-hidden-cyber-threat-behind-your-stb/ DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023 https://thehackernews.com/2024/01/ddos-attacks-on-environmental-services.html New Findings Challenge Attribution in Denmark's Energy Sector Cyberattacks https://thehackernews.com/2024/01/new-findings-challenge-attribution-in.html Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware https://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware/ D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 印度網際網路服務供應商Hathway資料外洩，駭客架設搜尋引擎供受害客戶確認，藉此向該ISP施壓 https://www.hackread.com/indian-isp-hathway-data-breach-user-data-kyc-leak/ Security Brief: TA866 Returns with a Large Email Campaign https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta866-returns-large-email-campaign Surfing the Tidal Waves of HR-Themed Spam Emails https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/surfing-the-tidal-waves-of-hr-themed-spam-emails/ Financial Fraud APK Campaign https://unit42.paloaltonetworks.com/malicious-apks-steal-pii-from-chinese-users/ Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer https://thehackernews.com/2024/01/hackers-weaponize-windows-flaw-to.html Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials https://thehackernews.com/2024/01/feds-warn-of-androxgh0st-botnet.html Preventing Data Loss: Backup and Recovery Strategies for Exchange Server Administrators https://thehackernews.com/2024/01/preventing-data-loss-backup-and.html 94％企業在2023年遭遇網路釣魚攻擊 https://pages.egress.com/whitepaper-email-risk-report-01-24.html E.研究報告/工具 Docker主機遭到鎖定，被用於挖礦及盜賣流量牟利 https://www.cadosecurity.com/containerised-clicks-malicious-use-of-9hits-on-vulnerable-docker-hosts/ New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs https://www.microsoft.com/en-us/security/blog/2024/01/17/new-ttps-observed-in-mint-sandstorm-campaign-targeting-high-profile-individuals-at-universities-and-research-orgs/ Rimasuta New Variant Switches to ChaCha20 Encryption Algorithm https://blog.xlab.qianxin.com/rimasuta-new-variant-switches-to-chacha20-encryption-en/ Fortinet 詳細揭露駭客組織利用YouTube散播Lumma變種攻擊手法 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10898 安永：68%執行長認為生成式AI不確定性 帶來運用上挑戰 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10894 Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO https://thehackernews.com/2024/01/applying-tyson-principle-to.html The Many Faces of Undetected macOS InfoStealers | KeySteal, Atomic and CherryPie Continue to Adapt https://www.sentinelone.com/blog/the-many-faces-of-undetected-macos-infostealers-keysteal-atomic-cherrypie-continue-to-adapt/ Analysis of the Pure Malware Family: Unique and Growing Threat https://any.run/cybersecurity-blog/pure-malware-family-analysis/ Detailed Analysis of DarkGate; Investigating new top-trend backdoor malware https://medium.com/s2wblog/detailed-analysis-of-darkgate-investigating-new-top-trend-backdoor-malware-0545ecf5f606 Burnout: Inferno Drainer’s multimillion-dollar scam scheme detailed https://otx.alienvault.com/pulse/65a90b0cfd7d892f1197f724 Case Study: The Cookie Privacy Monster in Big Global Retail https://thehackernews.com/2024/01/case-study-cookie-privacy-monster-in.html 機器學習框架PyTorch存在軟體供應鏈弱點，攻擊者可鎖定CI/CD流程下手 https://johnstawinski.com/2024/01/11/playing-with-fire-how-we-executed-a-critical-supply-chain-attack-on-pytorch/#identifying-the-vulnerability TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks https://thehackernews.com/2024/01/tensorflow-cicd-flaw-exposed-supply.html Fortinet 詳細揭露駭客組織利用YouTube散播Lumma變種攻擊手法 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10898 Google揭露俄羅斯駭客ColdRiver的最新戰術，以PDF檔遞送後門程式 https://www.ithome.com.tw/news/160928 「潛伏AI間諜」系統知道如何找到繞過檢查的方法，包括竊取數據、破壞系統或傳播惡意軟體 https://www.techbang.com/posts/112493-ai-spy-systems 機器學習框架TensorFlow存在CI/CD缺陷，恐被用於供應鏈攻擊 https://www.praetorian.com/blog/tensorflow-supply-chain-compromise-via-self-hosted-runner-attack/ GitHub針對12月揭露的高風險漏洞輪調金鑰 https://thehackernews.com/2024/01/github-rotates-keys-after-high-severity.html https://github.blog/2024-01-16-rotating-credentials-for-github-com-and-new-ghes-patches/ https://docs.github.com/en/enterprise-server@3.11/admin/release-notes AI模型有可能躲過相關資安訓練，埋藏欺騙性的後門 https://www.ithome.com.tw/news/160838 竊資軟體鎖定Mac電腦而來，繞過作業系統的防護機制XProtect來迴避偵測 https://www.ithome.com.tw/news/160906#:~:text=%E7%AB%8A%E8%B3%87%E8%BB%9F%E9%AB%94%E9%8E%96%E5%AE%9AMac%E9%9B%BB%E8%85%A6%E8%80%8C%E4%BE%86%EF%BC%8C%E7%B9%9E%E9%81%8E%E4%BD%9C%E6%A5%AD%E7%B3%BB%E7%B5%B1%E7%9A%84%E9%98%B2%E8%AD%B7%E6%A9%9F%E5%88%B6XProtect%E4%BE%86%E8%BF%B4%E9%81%BF%E5%81%B5%E6%B8%AC F.商業 HPE 即將完成收購Juniper Networks 連接AI原生和雲端原生世界 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10897 亞利安科技攜手PacketX重塑網路安全防禦對策 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10896 Google雲端成為 Flare 網路驗證者，FLR 上漲超 18% https://portalcripto.com.br/zh-TW/google-cloud-se-torna-validador-da-flare-network/#google_vignette NetApp 從網路韌性出發，有效對抗頑強勒索攻擊 https://www.cio.com.tw/netapp-is-resilient-from-network-resilience-against-tenacious-extortion-attacks/ G.政府 調查局新任副局長2+1！增「科技」領域　主秘兼資安長吳富梅升任 https://www.ettoday.net/news/20240115/2664629.htm 臺灣也要推Digital Wallet，數位部明年將推數位皮夾，可望整合自然人憑證、駕照等證件 https://www.ithome.com.tw/news/160933 台灣大選前「網路攻擊」數量暴增3370％　美專家：與中國有關 https://www.ettoday.net/news/20240115/2664755.htm 網攻不斷！大選前「駭客」入侵頻繁　資安院戒備 https://www.setn.com/news.aspx?newsid=1415754 駭客？台中市府官網進不去　數位局致歉解釋了 https://tw.nextapple.com/politics/20240116/23E6A86D847A86332C1CA23F57C67836 台中市府官網「轉圈圈」疑遭駭？數位局長親解謎：資料庫更新 https://reurl.cc/099OQM 國科會：資安威脅日益嚴峻 持續公私協力精進聯防 https://www.cna.com.tw/news/afe/202401170301.aspx 上市櫃科技公司遭駭 資安署：疑點擊釣魚連結｜20240118 公視晚間新聞 https://www.youtube.com/watch?v=yvs2yr8Povc 上市櫃公司陸續遭駭 數位部為何示警社交工程欺騙 https://news.pts.org.tw/article/677146 LINE台灣用戶資料百筆外洩 數位部：已完成行政調查 https://www.cna.com.tw/news/afe/202401180275.aspx 抵禦網路癱瘓攻擊! 資安實兵"紅藍隊演練"攻守交戰 網路防衛戰! 中共61726部隊對決"台駭客部隊" https://www.youtube.com/watch?v=QzHtjgJs3mw H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 逾17萬臺安卓智慧電視、電視盒感染殭屍網路病毒，從事攻擊的駭客組織Bigpanzi背後可能有企業在撐腰 https://blog.xlab.qianxin.com/bigpanzi-exposed-hidden-cyber-threat-behind-your-stb/ 17萬臺安卓電視盒感染殭屍網路病毒Bigpanzi https://blog.xlab.qianxin.com/bigpanzi-exposed-hidden-cyber-threat-behind-your-stb/ Mirai Zombie Network Variant "Aquabot" Analysis https://www.antiy.cn/research/notice&report/research_report/Aquabot.html Bosch恆溫器存在漏洞，有可能被用於部署惡意軟體 https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-bosch-bcc100-thermostat/ High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners https://thehackernews.com/2024/01/high-severity-flaws-uncovered-in-bosch.html PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions https://thehackernews.com/2024/01/pax-pos-terminal-flaw-could-allow.html PAX執行安卓作業系統的PoS機臺存在漏洞，攻擊者有可能竄改交易金額及其他資料 https://cert.pl/en/posts/2024/01/CVE-2023-4818/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 6.近期資安活動及研討會 2024 Global NF Conference 2024/1/20 ~ 2024/1/25 https://www.ctf.org/events/2024-joint-global-nf-conference# 獲利究竟被誰偷走了－Excel樞紐分析編製各式報表與查核 2024/1/24 https://www.caa.org.tw/coursedetail-36599.html Cyber Range in 2024 2024/1/24 ~ 2024/1/25 https://www.wwt.com/event/64e4ebafc176b30347f0568a SyntaxError 2024/1/24 https://www.meetup.com/pythonhug/events/pqnsctygccbgc/ SANS Cyber Threat Intelligence Summit & Training 2024 2024/1/29 - 2024/2/5 https://www.sans.org/cyber-security-training-events/cyber-threat-intelligence-summit-2024/ SyntaxError 2024/1/31 https://www.meetup.com/pythonhug/events/pqnsctygccbpc/ 第七屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會 2024/2/6 https://www.accupass.com/event/2311160625102022535520 資安五四三 2024/2/21 https://csa.kktix.cc/events/202402-543 2024資安365年會 2024/2/22 https://www.informationsecurity.com.tw/seminar/2024_TPinfosecurity365/register.aspx 【安碁學苑】IPAS 資訊安全工程師中級證照培訓班 2024/2/20-2024/2/3/5 https://www.accupass.com/event/2312151022301066488466 資安事件調查與實務分析 2024/3/6（三） https://docs.google.com/forms/d/1bO_IhZ9gxZ-nFNGVva7ZfRWyX5B3n-sKEdW6nkPtj50/edit 黑客視角：網站漏洞挖掘與防禦 2024/3/20 https://docs.google.com/forms/d/1OGcXzbo2vG9_DU5oQ9DCAF2zWJtewqrd4OM28zdatw4/edit