###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/6/10 ~ 2024/6/14 1.重大弱點漏洞/後門/Exploit/Zero Day 荷蘭指出中國駭客鎖定全球Fortinet防火牆漏洞從事的網路間諜活動受害規模擴大，逾2萬臺防火牆遭到破壞 https://www.ncsc.nl/actueel/nieuws/2024/juni/10/aanhoudende-statelijke-cyberspionagecampagne-via-kwetsbare-edge-devices 中國駭客鎖定Fortinet防火牆漏洞從事的網路間諜活動受害規模擴大，全球逾2萬臺防火牆遭到滲透 https://www.ithome.com.tw/news/163443 China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally https://thehackernews.com/2024/06/china-backed-hackers-exploit-fortinet.html https://www.ncsc.nl/actueel/nieuws/2024/juni/10/aanhoudende-statelijke-cyberspionagecampagne-via-kwetsbare-edge-devices https://thehackernews.com/2024/02/chinese-hackers-exploited-fortigate.html https://thehackernews.com/2022/12/fortinet-warns-of-active-exploitation.html Fortinet FortiOS存在高風險弱點CVE-2024-23110 https://nvd.nist.gov/vuln/detail/CVE-2024-23110 https://www.fortiguard.com/psirt/FG-IR-23-460 https://www.tenable.com/cve/CVE-2024-23110 https://www.securityweek.com/fortinet-patches-code-execution-vulnerability-in-fortios/ https://cybersecuritynews.com/fortios-vulnerability-unauthorized-commands/#google_vignette 網路安全設備Fortinet FortiWebManager存在多個高風險弱點(CVE-2024-23667、CVE-2024-23670) https://nvd.nist.gov/vuln/detail/CVE-2024-23667 https://nvd.nist.gov/vuln/detail/CVE-2024-23670 https://fortiguard.fortinet.com/psirt/FG-IR-23-222 https://www.tenable.com/cve/CVE-2024-23667 https://www.tenable.com/cve/CVE-2024-23670 Fortinet修補防火牆作業系統高風險層級的程式碼執行漏洞 https://securityaffairs.com/164494/security/fortios-high-severity-code-execution-flaws.html 網路設備A10 Thunder ADC存在多個高風險弱點(CVE-2024-30369、CVE-2024-30368) https://nvd.nist.gov/vuln/detail/CVE-2024-30369 https://nvd.nist.gov/vuln/detail/CVE-2024-30368 https://www.zerodayinitiative.com/advisories/ZDI-24-525/ https://www.zerodayinitiative.com/advisories/ZDI-24-524/ https://www.tenable.com/cve/CVE-2024-30368 https://www.tenable.com/cve/CVE-2024-30369 SolarWinds Serv-U存在高風險弱點CVE-2024-28995 https://nvd.nist.gov/vuln/detail/CVE-2024-28995 https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28995 蘋果發布作業系統更新，首度修補Vision Pro獨有的虛擬實境運算漏洞 https://www.securityweek.com/apple-patches-vision-pro-vulnerability-used-in-first-ever-spatial-computing-hack/ Apache RocketMQ已知弱點遭濫用，殭屍網路Muhstik藉此綁架未修補漏洞的分散式訊息串流系統，擴大DDoS攻擊規模 https://www.ithome.com.tw/news/163395 Zyxel 警告其停產NAS 產品存在嚴重安全漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11105 Tinyproxy 漏洞影響全世界約 50,000 台電腦 https://www.twcert.org.tw/tw/cp-104-7823-2ba91-1.html Check Point Security Gateway零日漏洞PoC代碼已公開 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11103 勒索軟體駭客TellYouThePass鎖定近期公布的PHP重大漏洞 https://www.ithome.com.tw/news/163417 Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shells https://www.bleepingcomputer.com/news/security/hackers-exploit-2018-thinkphp-flaws-to-install-dama-web-shells/ PHP 存在遠端程式碼執行漏洞(CVE-2024-4577)，官方緊急發布修補版本 https://www.twcert.org.tw/tw/cp-104-7850-1c63f-1.html 開發者注意！程式語言 PHP 發布最新安全更新，修補重大 RCE 漏洞 https://www.techbang.com/posts/115995-php-rce 加密勒索病毒攻擊有PHP RCE漏洞之網站 https://www.cc.ntu.edu.tw/chinese/spotlight/2024/a113007.asp POC for CVE-2024-4577 (PHP Remote Code Execution via allow_url_include and auto_prepend_file) https://github.com/11whoami99/CVE-2024-4577 Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware https://www.imperva.com/blog/update-cve-2024-4577-quickly-weaponized-to-distribute-tellyouthepass-ransomware/ New PHP Vulnerability Exposes Windows Servers to Remote Code Execution https://thehackernews.com/2024/06/new-php-vulnerability-exposes-windows.html The Truth About Container Vulnerabilities: What Every Developer Needs to Know https://www.linkedin.com/pulse/truth-container-vulnerabilities-what-every-developer-needs-mcrwc/ Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger https://gbhackers-com.cdn.ampproject.org/c/s/gbhackers.com/hackers-exploiting-ms-office/amp/ 研究人員揭露Veeam剛修補的重大漏洞技術細節與利用方式 https://www.ithome.com.tw/news/163447 Exploit for Veeam Recovery Orchestrator auth bypass available, patch now https://www.bleepingcomputer.com/news/security/exploit-for-veeam-recovery-orchestrator-auth-bypass-available-patch-now/ 0-day Vulnerability In 10,000 Web Apps Exploited Using XSS Payloads https://gbhackers-com.cdn.ampproject.org/c/s/gbhackers.com/0day-vulnerability-xss-payloads/amp/ LastPass Chrome外掛更新出包引發服務中斷，用戶被鎖大半天 https://www.ithome.com.tw/news/163382 密碼管理解決方案LastPass傳出服務中斷，起因是瀏覽器外掛更新出錯釀禍 https://www.ithome.com.tw/news/163382 LastPass says 12-hour outage caused by bad Chrome extension update https://www.bleepingcomputer.com/news/security/lastpass-says-12-hour-outage-caused-by-bad-chrome-extension-update/ GOOGLE CHROME與MICROSOFT EDGE瀏覽器存在安全漏洞，請儘速確認並進行更新 https://newsletter.cc.nthu.edu.tw/nthu-list/index.php/zh/listid-26/mailid-655-google-chrome-microsoft-edge Chrome 126、Firefox 127正式推出，修補多項高風險記憶體資安漏洞 https://www.securityweek.com/chrome-126-firefox-127-patch-high-severity-vulnerabilities/ 勒索軟體駭客Black Basta利用Windows零時差漏洞提升權限 https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day 微軟發布6月例行更新，修補已被公布細節的DNSSEC零時差漏洞 https://www.ithome.com.tw/news/163421 https://msrc.microsoft.com/update-guide/releaseNote/2024-Jun https://www.cisa.gov/news-events/alerts/2024/06/11/microsoft-releases-june-2024-security-updates Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability https://thehackernews.com/2024/06/microsoft-issues-patches-for-51-flaws.html 整合開發環境IntelliJ存在重大漏洞，恐曝露GitHub存取憑證 https://www.ithome.com.tw/news/163424 SAP修補Financial Consolidation、NetWeaver高風險漏洞 https://www.securityweek.com/sap-patches-high-severity-vulnerabilities-in-financial-consolidation-netweaver/ 開源機器學習程式庫PyTorch存在重大漏洞，恐導致敏感的AI資料遭竊 https://www.securityweek.com/critical-pytorch-vulnerability-can-lead-to-sensitive-ai-data-theft/ Adobe修補內容管理平臺Experience Manager、電商網站平臺Magento漏洞 https://www.ithome.com.tw/news/163422 甲骨文抓Java盜版擴大稽核對象 https://www.ithome.com.tw/news/163415 研究人員揭露Veeam剛修補的重大漏洞技術細節與利用方式 https://www.ithome.com.tw/news/163447 開源機器學習框架PyTorch存在重大漏洞，恐導致敏感的AI資料遭竊 https://www.ithome.com.tw/news/163436 2.銀行/金融/保險/證券/金融監理 新聞及資安 鎖定AI未來趨勢 銀行公會率金融科技及資安產業考察團赴美 https://reurl.cc/0vyA1A 金融業數位轉型需求強勁 資通搶攻AI雲端資安商機 https://www.moneyweekly.com.tw/ArticleData/Info/%E7%90%86%E8%B2%A1%E5%91%A8%E5%88%8A/145365 下個金融盛世的密碼：賴總統新內閣就位，金融政策三基石二應用 https://www.thenewslens.com/article/203624 資策會促進個資保護與國際接軌 協助集保結算所獲全臺首家CBPR驗證企業 https://www.cna.com.tw/postwrite/chi/373577 網路釣魚工具包V3B鎖定歐洲國家銀行而來，企圖竊取用戶登入資料及OTP https://www.ithome.com.tw/news/163378 North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics https://thehackernews.com/2024/06/north-korean-hackers-target-brazilian.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安 上海實體卡 助入境人士移動支付 https://udn.com/news/story/7333/7976753 金管會出招堵App綁卡盜刷 將比照三大行動支付商模式 https://money.udn.com/money/story/5613/7969437 借鑑大陸行動支付 開啟新想像 https://www.chinatimes.com/newspapers/20240609000557-260301?chdtv 蘇建榮觀點：資安是總體金融穩定的戰略關鍵 https://www.storm.mg/article/5145803 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Orbit Chain駭客近1小時內將4000枚ETH轉入一新地址，並通過Tornado Cash完成洗錢 https://news.cnyes.com/news/id/5593379 Orbit Chain駭客過去10小時轉移1.29萬枚ETH https://news.cnyes.com/news/id/5593504 Mt.Gox 案件重演？DMM 交易所為何被盜？駭客可能用了「這手法」 https://www.cryptocity.tw/recent-japanese-crypto-heist-reveals-hackers-newest-scams OKX 用戶陷恐慌！異常歸集花 5.3 BTC、用戶資產連續被盜，OKX 官方：查明真相中，別慌 https://abmedia.io/okx-recent-fud-on-security OKX連爆「用戶遭駭盜幣」損失已破100萬鎂，官方回應：調查結果將第一時間公布 https://www.blocktempo.com/okx-exchange-reports-consecutive-incidents-of-users-assets-being-stolen-by-hackers/ 駭客 15 分鐘捲走 500 萬人民幣：OKX 交易所安全漏洞引發用戶恐慌 https://abmedia.io/okx-hack-incident 5百萬人民幣15分鐘內全盜光！OKX用戶遭駭客盜幣，Web3用戶如何自保 https://web3plus.bnext.com.tw/article/2694? Cyvers Alerts：Loopring智能錢包攻擊者已將被盜資產兌換成以太坊，價值超500萬美元 https://news.cnyes.com/news/id/5593583 Loopring：部分智能錢包遭漏洞攻擊，正與執法部門和安全團隊合作追查攻擊者 https://news.cnyes.com/news/id/5593581 Loopring：用戶需警惕欺詐者利用駭客事件行騙 https://news.cnyes.com/news/id/5593912 曾自詡「最安全」！Loopring 智能錢包遇駭，用戶合計損失 5 百萬美元 https://blockcast.it/2024/06/10/loopring-users-suffer-5-million-hack-after-guardian-service-compromised/ Loopring 遭遇 500 萬美元駭客攻擊，Guardian 雙重身份驗證服務被破壞 https://abmedia.io/loopring-5mln-hack Cyvers聯創：UwU攻擊仍在進行，駭客已將不同資產轉換為ETH https://news.cnyes.com/news/id/5593928 ZKX提醒用戶在6月17日快照前申領所有ZKX代幣，包括交易獎勵等 https://www.panewslab.com/zh_hk/sqarticledetails/mhm9ik47Ft.html 借貸協議UwU Lend疑似遭遇攻擊，監測到大額資金異常流出 https://news.cnyes.com/news/id/5593927 Cyvers聯創：UwU攻擊仍在進行，駭客已將不同資產轉換為ETH https://news.cnyes.com/news/id/5593928 工作一個月，躺平一年？五月駭客攻擊激增 6 倍多，市場損失近 6 億鎂 https://www.binance.com/zh-TC/square/post/9273911653162 OKX 提幣白名單「出現不明地址」，徐明星：若 OKX 造成之損失願全額負責 https://www.blocktempo.com/okx-usdt-trc-20-whitelist-has-problem/ OKX Star：駭客團伙誘導受害人此事件是OKX監守自盜，OKX不推卸責任但也不接受威脅 https://news.cnyes.com/news/id/5598966 幣商小心！金管會「虛擬資產管理專法」今年底草案出爐 https://www.sinotrade.com.tw/richclub/news/66686672016bc52735d7ed47 DMM Bitcoin駭客已將2.8枚BTC轉移到新地址 https://news.cnyes.com/news/id/5594848 以「上帝」之名發幣行騙！那些顛覆想像的幣圈詐騙故事 https://www.youtube.com/watch?v=j6gQ_lp9eK4 Core：正在啟動BTCfi夏季駭客馬拉松 https://news.cnyes.com/news/id/5596207 新加坡做市商QuantMatter存於OKX的1160萬美元被盜，自稱有離線谷歌驗證 https://news.cnyes.com/news/id/5598459 開通身份驗證器救你一命！ 加密貨幣交易所防盜關鍵，2FA 設定教學 https://cryptowesearch.com/blog/all/what-is-crypto-exchange-2fa-authenticator ZachXBT：駭客冒充a16z合夥人進行釣魚詐騙 https://www.panewslab.com/zh_hk/sqarticledetails/r7qbiegwFt.html 報告：自2011年以來價值近190億美元的加密貨幣被盜 https://news.cnyes.com/news/id/5597380 組態配置不當的Kubernetes叢集遭到鎖定，駭客將其用於挖掘加密貨幣Dero https://www.wiz.io/blog/dero-cryptojacking-campaign-adapts-to-evade-detection 一週兩度遇駭！UwU Lend借貸協議遭疑Rugpull，Aave創辦人：遠離不成熟的協議和無能團隊 https://www.blocktempo.com/uwu-lend-was-hit-again-by-the-same-attacker-and-lost-3-7-million/ 臺灣虛擬通貨公會正式成立：幣託鄭光泰出任理事長、XREX蕭滙宗副理事長，制定《自律規範》為首要任務 https://www.blocktempo.com/taiwan-virtual-currency-association-was-officially-established/ 臺灣虛擬通貨公會正式成立！下一步是訂定自律規範，落實產業分類分級管理機制 https://www.ithome.com.tw/news/163468 全鏈協議Holograph遭駭！多鑄造10億枚$HLG，幣價暴跌70%，疑內鬼所為 https://www.blocktempo.com/hackers-mint-1-billion-hlg-causing-price-to-plummet/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 針對 AI 語音生成工具的新型惡意程式 Gipy https://www.twcert.org.tw/tw/cp-104-7846-e9178-1.html 拆解最新系列攻擊手法　找出算法種子逆向破解可還原 勒索軟體翻船沒藏好金鑰　慘遭加密竟有機會救回 https://www.netadmin.com.tw/netadmin/zh-tw/technology/A524B19B2EFE451482C40961B76A208D 勒索軟體攻擊盯上GitHub用戶儲存庫！駭客冒充GitHub資安團隊發起Gitloker行動 https://www.ithome.com.tw/news/163396 竊資軟體Lumma Stealer、BitRAT透過冒牌瀏覽器更新網站散布 https://www.ithome.com.tw/news/163379 惡意程式載入工具PhantomLoader冒充中國防毒軟體元件，被用於散布惡意軟體SSLoad https://intezer.com/blog/research/ssload-technical-malware-analysis/ 近日Windows作業系統因安裝PHP套件導致系統出現漏洞遭到入侵並勒索一事，請盡速詳閱說明 https://cnc.ntut.edu.tw/p/404-1004-137768.php?Lang=zh-tw 醫療保健產業成勒索軟體攻擊目標，白宮攜手微軟、Google向美國偏遠醫院提供網路安全服務 https://www.thenewslens.com/article/203790 英國7醫院遭駭客攻擊勒索 罕見邀台灣列席會議分享經驗 https://www.youtube.com/watch?v=9aOWqvnBElE 以儲存為中心的勒索軟體防護架構開始完整成形 https://www.ithome.com.tw/news/163120 研究人員針對新興勒索軟體駭客組織RansomHub進行調查，對方利用ZeroLogon入侵受害組織 https://www.ithome.com.tw/news/163376 冒牌PyPI套件Crytic-Compilers鎖定開發人員，意圖散布竊資軟體Lumma Stealer https://www.sonatype.com/blog/crytic-compilers-typosquats-known-crypto-library-drops-windows-trojan 駭客鎖定WordPress網站下手，目的是要脅瀏覽網站的使用者瀏覽器過舊，藉此散布惡意程式 https://blog.sucuri.net/2024/06/hundreds-sites-targeted-by-fake-chrome-update-pop-ups.html 駭客藉由Excel巨集進行多階段惡意軟體攻擊，針對烏克蘭電腦植入Cobalt Strike https://www.ithome.com.tw/news/163380 有人假借提供網路工具Advanced IP Scanner，目的是散布Cobalt Strike充當後門 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/fake-advanced-ip-scanner-installer-delivers-dangerous-cobaltstrike-backdoor/ Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware https://thehackernews.com/2024/06/cybercriminals-employ-phantomloader-to.html Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups https://thehackernews.com/2024/06/ukraine-police-arrest-suspect-linked-to.html PingRAT https://github.com/umutcamliyurt/PingRAT LightSpy Spyware's macOS Variant Found with Advanced Surveillance Capabilities https://thehackernews.com/2024/06/lightspy-spywares-macos-variant-found.html FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims https://thehackernews.com/2024/06/fbi-distributes-7000-lockbit-ransomware.html Beware of Fake Google Chrome Update Pop-Ups that Installs Malware https://cybersecuritynews.com/fake-chrome-update-pop-ups/#google_vignette Beware of Fake KMSPico Activators that Deliver Vidar Stealer Malware https://gbhackers.com/beware-of-fake-kmspico-activator/#google_vignette Malicious VSCode extensions with millions of installs discovered https://www.bleepingcomputer.com/news/security/malicious-visual-studio-code-extensions-with-millions-of-installs-discovered/#google_vignette SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign https://thehackernews.com/2024/06/spectr-malware-targets-ukraine-defense.html China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics https://thehackernews.com/2024/06/china-linked-valleyrat-malware.html More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack https://thehackernews.com/2024/06/moreeggs-malware-disguised-as-resumes.html Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw https://thehackernews.com/2024/06/black-basta-ransomware-may-have.html More DROVORUB - THOR-LITE scan filtered to show the processes hitting as malicious or suspicious https://otx.alienvault.com/pulse/6669b3872f841e97f437f7bc Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS https://thehackernews.com/2024/06/pakistan-linked-malware-campaign.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 美國國家安全局建議每週關機一次以利手機資安 https://www.cool3c.com/article/217768 盜版加密軟體猖獗：小心 App Store 隱藏的危險陷阱 https://www.blocktempo.com/the-hidden-trap-of-the-app-store-exposing-fake-cryptocurrency-software/ 如何知道iPhone被駭？11個檢查方法和4招防駭技巧大公開 https://mrmad.com.tw/how-to-know-iphone-is-hacked#google_vignette 不走低價、挑戰電信三雄，這家「個資守門人」兩原因攻台 https://infosecu.technews.tw/2024/06/10/story-of-cape/ 蘋果全球開發者大會WWDC凌晨登場　6大AI新亮點看過來 https://today.line.me/tw/v2/article/kEMZQ30 免擔心手機秘密被看光！iOS 18傳新增APP上鎖功能 https://reurl.cc/WxMQ1O 飛航模式「藍牙」卻莫名被開啟？安全局建議「9招避免手機遭駭」關機次數也會影響 https://reurl.cc/xa4MvV 躲貓貓！您的手機螢幕是否遭到鏡像並窺探您的隱私 https://buzzorange.com/techorange/2024/06/12/phonescreen-privacy/ Google針對旗下Pixel手機發布6月份資安公告，權限提升漏洞已被用於攻擊行動 https://www.ithome.com.tw/news/163437 Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day https://thehackernews.com/2024/06/google-warns-of-pixel-firmware-security.html 逾2千元童智慧錶2個月就故障 家長：上課狂響 https://reurl.cc/3X9qGj Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware https://thehackernews.com/2024/06/arid-viper-launches-mobile-espionage.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 法遵議題是驅動臺灣資安產業發展關鍵 https://www.ithome.com.tw/article/163113 從重視網路安全到企業安全，為資安創業提供有利條件 https://www.ithome.com.tw/article/163114 企業自信心帶動資安轉型意願，識別力信心最低成短板 https://www.ithome.com.tw/article/163449 微軟總裁眾院作證 議員憂其在華業務引風險 https://www.epochtimes.com/b5/24/6/13/n14269825.htm 美國務院6萬封電郵遭中國駭客竊取　微軟CEO作證中俄網攻強大上報 https://m.match.net.tw/pc/news/international/20240614/7998165 環球晶美國密蘇里廠遭駭 https://www.sinotrade.com.tw/richclub/news/666b2c9a016bc527352c8e35 部分資訊系統昨晚遭駭 環球晶公告：營運影響尚在釐清中 https://udn.com/news/story/7240/8029041 環球晶遭駭客攻擊！部分廠區產線受影響　將以庫存出貨因應 https://ctinews.com/news/items/KwnKGgz0nY 環球晶：公司發生網路資安事件 https://today.line.me/tw/v2/article/2DWmMne 環球晶遭駭客攻擊 部分廠區產線受影響 https://reurl.cc/2YVRG9 資安與營業秘密管理思維不同，法院實務認定亦有差距 https://www.cna.com.tw/postwrite/chi/373578 用臺灣人才、資金和產品，找出可複製的新創成功模式 https://www.ithome.com.tw/article/163212 社群發展要有意識進行傳承，更應提供舞臺並讓參與者有收穫 https://www.ithome.com.tw/article/163137 資安長如何為公司創造更多資安紅利 https://www.ctee.com.tw/news/20240611700086-439901 企業重視資安的文化，不能只靠資安事件來驅動 https://www.ithome.com.tw/article/163112 臺灣資安超前部署 https://www.ithome.com.tw/voice/163374 供應鏈攻擊風險上升 危及數位生態系統 https://www.technice.com.tw/techmanage/infosecurity/116783/ 中國駭客組織SecShow在全球進行大規模DNS探測行動 https://blogs.infoblox.com/threat-intelligence/what-a-show-an-amplified-internet-scale-dns-probing-operation/ FCC宣布升級資訊安全 控「中」竊取美用戶資訊 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1682856 2024年台美國防產業論壇舉行 聚焦無人載具及AI情報科技 https://reurl.cc/RqQ5Wg 台東「船遊網」訂票系統遭駭 今採人工引導應變 https://www.youtube.com/watch?v=Gsb0VbdnFzU 打回石器時代！ 訂票.取票只能電話或現場購買 https://www.youtube.com/watch?v=6UVk4W3gJLg 訂船網遭駭「勒索700萬」　端午離島船班恐受影響 https://www.youtube.com/watch?v=Ao_W-vwY0Fg&sttick=0 業界大咖示警：AI 為駭客帶來超能力，資安極重要 https://technews.tw/2024/06/06/ai-gives-hackers-superpowers/ 遭大規模網攻 日角川集團niconico等網站暫停服務 https://www.rti.org.tw/news/view/id/2208992 日本影音共享平臺Niconico傳出遭到網路攻擊，被迫暫停相關服務 https://blog.nicovideo.jp/niconews/225099.html 日本最大影音網站NICONICO遭駭　負責人爆料「現在還在被攻擊」 https://www.ctwant.com/article/342433 說明藍天部份網路系統受駭客攻擊 https://reurl.cc/kOQ6Db 烏克蘭和平峰會前夕 主辦國瑞士官網被駭 https://reurl.cc/AjadrZ 烏克蘭峰會主辦國遭駭 瑞士：政府網站僅輕微當機 https://news.pchome.com.tw/internation/cna/20240613/index-17182832274361018011.html 母湯喔！基隆祖孫館粉專驚見2張比基尼辣妹清涼照 https://news.ltn.com.tw/news/Keelung/breakingnews/4699266 涉跨國網路犯罪 22名中國公民在贊比亞判刑 https://www.sinchew.com.my/news/20240608/international/5667677?variant=zh-hant 澳洲要求中資減持稀土公司股份　次日駭客發動攻擊 https://today.line.me/tw/v2/article/aGjeGM2 中共網路滲透手段多變 慎防危及基礎建設 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1683441&type=international 不務正業？陸國安部：大學生為賺錢當間諜 還上演主動投案 https://www.chinatimes.com/realtimenews/20240611001151-260409 荷蘭情報機構：中國黑客入侵全球網絡　西方敏感機構成攻擊目標 https://www.hk01.com/article/1027925?utm_source=01articlecopy&utm_medium=referral 荷蘭軍情局：中國網路間諜活動猖獗　攻擊歐美先進產業 https://www.upmedia.mg/news_info.php?Type=3&SerialNo=203753 Sophos揭露《紅宮行動》報告：中國國家支持的駭客組織鎖定東南亞政府機構 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11109 友邦帛琉指控中方駭客攻擊後　中國反擊發布旅遊警示 https://www.taisounds.com/news/content/84/130656 帛琉指控中方網攻 中國發旅遊警示籲謹慎前往 https://www.cna.com.tw/news/acn/202406130229.aspx 駭客入侵英國國防部 疑與承包商有關 https://www.cio.com.tw/hackers-hack-into-british-defense-department-suspected-of-being-contractors/ PandaBuy pays ransom to hacker only to get extorted again https://www.bleepingcomputer.com/news/security/pandabuy-pays-ransom-to-hacker-only-to-get-extorted-again/ DDoS attacks target EU political parties as elections begin https://www.bleepingcomputer.com/news/security/ddos-attacks-target-eu-political-parties-as-elections-begin/ Google Takes Down Influence Campaigns Tied to China, Indonesia, and Russia https://thehackernews.com/2024/06/google-takes-down-influence-campaigns.html Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus https://thehackernews.com/2024/06/sticky-werewolf-expands-cyber-attack.html UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion 數發部辦跨域數位人才博覽會 20企業釋出1800職缺 https://www.cna.com.tw/news/afe/202406070320.aspx 跨域數位人才博覽會 20企業釋出1800職缺 https://www.rti.org.tw/news/view/id/2208879 台科大、資安院共育高階資安人才 https://reurl.cc/WxV68L 資訊部 商業分析師 Functional Business Analyst https://www.104.com.tw/job/7wt18?jobsource=hotjob_chr 【德商銀行】Senior IT Security and Control Specialist_10EE https://www.104.com.tw/job/8bx21?jobsource=cmw_redirect IT System Engineer https://www.104.com.tw/job/7ne8p?jobsource=cmw_redirect IT Officer https://www.104.com.tw/job/8artv?jobsource=cmw_redirect IT Administrator https://www.104.com.tw/job/89qre?jobsource=cmw_redirect Information Security Engineer https://www.104.com.tw/job/7qcwi?jobsource=cmw_redirect IT Manager(出差/外派美國) https://www.104.com.tw/job/8b04c?jobsource=cmw_redirect IT專案副理 https://www.104.com.tw/job/7z85x?jobsource=cmw_redirect IT/ MIS Manager https://www.104.com.tw/job/7z892?jobsource=cmw_redirect IT Administrator (MIS / Network Engineer) https://www.104.com.tw/job/8ca7x?jobsource=cmw_redirect IT Support Specialist 資訊支援工程師 https://www.104.com.tw/job/8cs67?jobsource=cmw_redirect IT Network Engineer - Taipei (Req: 16148) https://www.104.com.tw/job/8bppf?jobsource=cmw_redirect 資深IT工程師 https://www.104.com.tw/job/7yna6?jobsource=cmw_redirect 網管資安工程師 https://job.taiwanjobs.gov.tw/internet/index/JobDetail.aspx?R2=11&EMPLOYER_ID=1114108&HIRE_ID=12824991 資安處資安工程師 https://www.104.com.tw/job/88x33 資安工程師【網安系統-新竹】 https://job.taiwanjobs.gov.tw/internet/index/JobDetail.aspx?R2=11&EMPLOYER_ID=56990&HIRE_ID=12812571 資訊處-資安工程師 (Security Engineer) 兼MIS專員 https://www.104.com.tw/job/8cwvd?jobsource=google 資安人員 https://www.104.com.tw/job/8cwhv?jobsource=google 【資安所】行政工讀生 https://www.104.com.tw/job/8bzwl?jobsource=google 前端工程師 https://www.104.com.tw/job/87uwm?jobsource=google 資訊安全工程師 https://www.104.com.tw/job/8d10m?jobsource=google 資安工程師 https://www.104.com.tw/job/5wav0?jobsource=google 網路安全助理(工讀生) https://www.104.com.tw/job/8d24r?jobsource=google D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 GitHub憑證外洩致270GB資料被公布網上 https://www.ithome.com.tw/news/163383 破解創意私房非法金流推手！區塊鏈金融犯罪調查師，抗衡詐騙集團怎麼做 https://www.bnext.com.tw/article/79289/blockchain-scam 拍賣行遇駭客 外洩8000港客資料佳士得：已主動通報包括FBI等監管機構 https://reurl.cc/KevGZj 對外提供「去識別」電信資料是消費者「同意」還是「被同意」 https://www.twreporter.org/a/opinion-telecommunication-information-privacy 假訊息-福建幫台胞核退報銷我國健保費？ 健保署澄清 https://www.merit-times.com/newslistdetail_tw_1.php?id=52777 假訊息-網傳文章「陳建仁透露，加密貨幣致富機密細節」 https://tfc-taiwan.org.tw/articles/10703 中國警破賣個資集團　涉額逾500萬人民幣 https://hk.on.cc/hk/bkn/cnt/cnnews/20240609/bkn-20240609193326507-0609_00952_001.html 網爆「臉書6月後不能用」多支影片瘋傳 查核中心揭真相 https://reurl.cc/QRGjK2 童玩節7月6日登場 民眾上網購票驚見「他人個資」 https://reurl.cc/kO3qpq 台灣駭客威脅 亞太之冠 社交工程攻擊 釣你上鉤 https://www.youtube.com/watch?v=Fw1w6sq20Z4 我國知名資訊業者遭竊取營業秘密調查局呼籲提升資安防護 https://www.mjib.gov.tw/news/Details/1/1003 資訊業者遭離職員工雲端竊密 調查局約談4人送辦 https://www.cna.com.tw/news/asoc/202406060378.aspx 馬斯克可能將禁止使用Apple產品？因害怕AI帶來的個資風險 https://cars.tvbs.com.tw/car-news/197371 加拿大和英國調查23andME基因檢測公司個資洩漏事件 https://www.trade.gov.tw/Pages/Detail.aspx?nodeID=45&pid=785248 消防員洩個資涉貪 新北：強化救護系統資安保密 https://reurl.cc/EjLlpn 名人、專家帶領你財富自由？當心投資型詐騙 https://news.pts.org.tw/article/699454 女網民臉書被駭客入侵 登入全是越南文 https://reurl.cc/ez7lGQ 未察覺供應商郵址有異 老闆大意轉賬257萬令吉 https://reurl.cc/70LQ45 華邦電發布重訊說明疑似發生資料外洩，起因是合作廠商遭駭 https://www.ithome.com.tw/news/163394 夏季公路旅行登場 通行費詐騙跟著來 https://www.worldjournal.com/wj/story/122983/8024245?from=wj_breaknews_index Proofpoint關閉垃圾郵件寄送者黑名單服務SORBS https://www.ithome.com.tw/news/163393 30秒破解你的密碼！那麼容易？常見組合 你的密碼有上榜嗎 https://reurl.cc/z1EAlV 要關WiFi睡覺？能殺死植物的實驗震驚科學界？缺乏研究論證 https://reurl.cc/yLGkAl 選前「虎尾設導彈基地」假訊息來自中國！國安局：介選愈來愈細緻 https://www.setn.com/News.aspx?NewsID=1482928 中國對虎尾大量發送假簡訊　沈伯洋：蒐集台人個資國安局應關注 https://news.owlting.com/articles/722211 不要慌張 數位資料外洩立刻這麼做 https://www.technice.com.tw/techmanage/infosecurity/118023/ 百萬豪宅被「1萬元」賤賣 假賣家在Zillow放釣餌 https://www.worldjournal.com/wj/story/121468/8027419 資安業者Cylance傳出資料外洩，起因是第三方平臺遭駭 https://www.bleepingcomputer.com/news/security/cylance-confirms-data-breach-linked-to-third-party-platform/ 研究人員上傳Visual Studio Code佈景主題擴充套件調查市集安全，結果有超過100家企業組織上當 https://medium.com/@amitassaraf/3-6-uncovering-design-flaws-in-the-visual-studio-code-marketplace-ea1d8e8b0171 UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign https://thehackernews.com/2024/06/snowflake-breach-exposes-165-customers.html Lessons from the Ticketmaster-Snowflake Breach https://thehackernews.com/2024/06/lessons-from-ticketmaster-snowflake.html New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers https://thehackernews.com/2024/06/new-phishing-campaign-deploys.html Phishing emails abuse Windows search protocol to push malicious scripts https://www.bleepingcomputer.com/news/security/phishing-emails-abuse-windows-search-protocol-to-push-malicious-scripts/ 紐約時報270 GB資料流入地下論壇4chan，起因疑為GitHub帳密資料外洩 https://www.ithome.com.tw/news/163383 New York Times source code stolen using exposed GitHub token https://www.bleepingcomputer.com/news/security/new-york-times-source-code-stolen-using-exposed-github-token/ ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws https://thehackernews.com/2024/06/zkteco-biometric-system-found.html E.研究報告/工具 里斯本夜車的 Estefania https://taronews.tw/2024/06/08/986063/ 強化軟體開發生命週期管理　保障數位經濟營運免遭攻擊 安全機制融入DevOps　依OWASP阻API漏洞 https://www.netadmin.com.tw/netadmin/zh-tw/trend/3799D890D07548828FAA290F4C34985A#google_vignette 生成式AI黑客松競賽得主「好想做資安」推出資安對話機器人 助使用者即時回應駭客攻擊 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?CnlID=13&id=694438 「硬體金鑰＋生物辨識」更安全，資安新創關楗拿下最困難的銀行、軍方客戶 https://meet.bnext.com.tw/articles/view/51395? CSRF (Cross Site Request Forgery / 跨站請求偽造) https://reurl.cc/qV2kxg Ultimate Cyber Hygiene Guide: Learn How to Simplify Your Security Efforts https://thehackernews.com/2024/06/ultimate-cyber-hygiene-guide-learn-how.html GhostRace: CVE-2024-2193 https://www.vusec.net/projects/ghostrace/ How to configure IPsec on GRE Dynamic Virtual-Template interface https://mpls.internetworks.in/2024/04/how-to-configure-ipsec-on-gre-dynamic.html?m=1 Malware and cryptography 28: RC4 payload encryption. Simple Nim example. https://cocomelonc.github.io/malware/2024/06/01/malware-cryptography-28.html Kerberos AV/EDR Bypass https://medium.com/@matanb707/kerberos-av-edr-bypass-abc415cd15df Excel File Unleashes Sophisticated Cobalt Strike Cyberattack https://securityonline.info/excel-file-unleashes-sophisticated-cobalt-strike-cyberattack/ on video Op-Amps - Using Operational Amplifiers https://www.electrician-1.com/2023/10/on-video-op-amps-using-operational_20.html#google_vignette OPSEC-Tradecraft https://github.com/WesleyWong420/OPSEC-Tradecraft Cybersecurity CPEs: Unraveling the What, Why & How https://thehackernews.com/2024/06/cybersecurity-cpes-unraveling-what-why.html Top 10 Critical Pentest Findings 2024: What You Need to Know https://thehackernews.com/2024/06/top-10-critical-pentest-findings-2024.html Survey Reveals Compliance Professionals Seek Quality, Efficiency, Trust & Partnership https://thehackernews.com/expert-insights/2024/06/survey-reveals-compliance-professionals.html The Democratization of Cyberattacks: How Billions of Unskilled Would-be Hackers Can Now Attack Your Organization https://thehackernews.com/expert-insights/2024/06/the-democratization-of-cyberattacks-how.html Why SaaS Security is Suddenly Hot: Racing to Defend and Comply https://thehackernews.com/2024/06/why-saas-security-is-suddenly-hot.html Why Regulated Industries are Turning to Military-Grade Cyber Defenses https://thehackernews.com/2024/06/why-regulated-industries-are-turning-to.html 研究人員揭露針對機器學習模型而來的攻擊手法Sleepy Pickle https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/ New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models https://thehackernews.com/2024/06/new-attack-technique-sleepy-pickle.html F.商業 精誠資訊攜手臺灣證券交易所提供ESG資訊整合服務 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&cat=50&id=0000693702_PI56VZB01OMAJ21WI0GHP 新AI功能將大量身分相關資料轉化為可行動的洞察資訊，讓企業維護資安更迅速有效 CyberArk 推出 CORA AI 強化身分安全平台 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/9A935FF9E4ED4BCE9A12A0DA377C7191#google_vignette 趨勢科技針對Lunar Lake處理器發表專為 AI PC 設計的資安解決方案，善用48 TOPS 算力保護電子郵件安全 https://www.techbang.com/posts/115955-trend-micro-unveils-the-worlds-first-information-security Synology ActiveProtect 再定義企業資料保護，以卓越效能、極簡管理全方位提升營運韌性 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?CnlID=13&cat=990&id=0000694317_TJM45XHD0FUN698R072YS AWS雲端安全會議強調資安文化，揭露多項幕後資安利器 https://www.ithome.com.tw/news/163423 AWS 宣布在台灣推出基礎設施區域 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?CnlID=13&id=694510 安全防身術，Secorion 透視金融業潛在網路威脅 https://reurl.cc/oRA0vQ 利用AI應對AI資安風險：透過HPE Aruba Networking全新AI網路安全和觀測性工具抵禦新興GenAI安全威脅 https://tnews.cc/022/newscon587560.htm#google_vignette 微服務架構成數位化應用主流　API安全與控管需求看漲 分析程式碼行為模式　杜絕影子API潛藏風險 https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/E7D0842C77054C2D94464DC0820CA3CD 為平息外界的隱私疑慮，微軟宣布預設關閉AI筆電的Recall功能 https://www.ithome.com.tw/news/163381 Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns https://thehackernews.com/2024/06/microsoft-revamps-controversial-ai.html Microsoft Delays AI-Powered Recall Feature for Copilot+ PCs Amid Security Concerns https://thehackernews.com/2024/06/microsoft-delays-ai-powered-recall.html The AI Debate: Google's Guidelines, Meta's GDPR Dispute, Microsoft's Recall Backlash https://thehackernews.com/2024/06/the-ai-debate-googles-guidelines-metas.html Cyber Landscape is Evolving - So Should Your SCA https://thehackernews.com/2024/06/cyber-landscape-is-evolving-so-should.html 中華資安報捷 奪5A級評價績 http://www.money568.com.tw/News/newspaper_everyday_point.asp?new_num=409366 雲端AI錢潮湧起 CSP代理商吃紅 https://www.ctee.com.tw/news/20240610700031-439901 中華資安國際 CypherCom 端對端加密通訊系統榮獲2024 COMPUTEX Best Choice Award 金獎最高榮譽 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11107 南亞與中華電信等合作 取得資安標準國際認證 https://www.cna.com.tw/news/afe/202406120122.aspx 趨勢科技發表世界首款專為消費性AI PC設計的資安解決方案 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11106 CyberArk 推出 CORA AI強化身分安全平台 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11104 蘋果AI出招！注重隱私的「Apple Intelligence」五大重點一次看 https://reurl.cc/mM45r7 Apple Launches Private Cloud Compute for Privacy-Centric AI Processing https://thehackernews.com/2024/06/apple-integrates-openais-chatgpt-into.html 安碁資訊 攻企業上雲服務市場 https://www.ctee.com.tw/news/20240611700133-439901 How Cynet Makes MSPs Rich & Their Clients Secure https://thehackernews.com/2024/06/how-cynet-makes-msps-rich-their-clients.html GenAI模型建構維運助手　自然語言詢問降低學習門檻 安全左移至開發階段　全面控管API潛在風險 https://www.netadmin.com.tw/netadmin/zh-tw/trend/4E3F278C711D4DC3B0D7426881F1660E#google_vignette 趨勢科技推出具解密功能的Inline NDR https://www.ithome.com.tw/pr/163428 G.政府 政府資服採購指引上路 資訊業者與政府如何達平衡 https://www.cio.com.tw/how-does-the-government-strike-a-balance-between-the-information-industry-and-the-government/ 政府採購案所涉無人機申請排除資安檢測適用情形一覽表 https://reurl.cc/z173Dy 檢送數位發展部就工程會「投標須知範本」第16點無人機條款之「無人機資安檢測需求」附表，訂定排除資安檢測適用之審查原則。 https://purchase.yunlin.gov.tw/News_Content.aspx?n=842&s=468095 資策會促進個資保護與國際接軌 協助集保結算所獲全臺首家CBPR驗證企業 http://compotech.com.tw/a/press/2024/0607/57870.html 英國智庫皇家國際事務研究所舉辦2024年網路安全會議，邀請數位發展部分享臺灣防禦策略 https://news.pts.org.tw/article/699798 資源資安資通三位一體　數發部長黃彥男：讓AI成為下一個護國神山 https://www.1111.com.tw/news/jobns/156463 駐以色列代表接受專訪 籲數位團結、強化應對認知戰 https://www.rti.org.tw/news/view/id/2208906 顧部長籲退將勿受中共誘惑 洩漏個資 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1682984 內政部長：數位身分證資安問題大 須審慎評估 https://news.pchome.com.tw/living/pinview/20240609/index-71789831874922317009.html 打詐拚通保法過關　民間司改會批「以偵查監控」基層檢調反擊 https://today.line.me/tw/v2/article/9m98z9m 國安局：集會活動數據蒐集 非通保法核准事項 https://reurl.cc/8vO1pj 國安局澄清 不會以手機訊號搜集群眾資訊 https://www.taiwannews.com.tw/zh/news/5886741 調查局切割王義川！再曝通信紀錄調取方法 https://reurl.cc/3Xp3pX 國安局長被看光光震驚情治圈　新調查局長出手弄瞎中國安控雙雄 https://www.storm.mg/article/5143836 目前檢修中！官網遭境外勢力入侵？　調查局：線路故障 https://www.setn.com/News.aspx?NewsID=1481798 官網當機遭駭？ 調查局：線路故障非駭客或境外勢力入侵 https://news.ltn.com.tw/news/society/breakingnews/4700180 頻考察不辦事 數發部在忙什麼 https://reurl.cc/Zeq3Gg 數發部淪8趴部 首年經費執行墊底 https://reurl.cc/MOL5kX 113年6月份重要活動資安警戒防護專案 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1683639 防長：黃埔校慶防駭 軍方啟動資安警戒專案 https://udn.com/news/story/10930/8024574?from=udn-catelistnews_ch2 為確保資通安全 國防部進行資安警戒防護專案 https://www.cna.com.tw/news/aipl/202406110131.aspx 確保資通安全 國防部今起全天候即時監控資安事件 https://udn.com/news/story/10930/8023013 軍方啟動10天資安警戒專案　8大措施全天候資安即時監控 https://www.ettoday.net/news/20240611/2756003.htm 國研院和捷克合作成立先進晶片設計中心　加深臺捷互惠雙贏關係 https://news.owlting.com/articles/721620 群創攜手法務部調查局 提升數位安全韌性 https://www.sinotrade.com.tw/richclub/news/666c14a2016bc52735cacb73 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 為何一般駭客和國家級駭客，都把遭入侵的路由器當成網路攻防焦點 https://www.trendmicro.com/zh_tw/research/24/e/router-roulette.html VicOne攜手ASRG發布AutoVulnDB，樹立汽車網路安全新標準 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11110 OT原生引擎　偵測與回應異常通訊 專抗工控風險　CPS防護有一套 https://www.netadmin.com.tw/netadmin/zh-tw/market/F5EE843455F944C3809E1A87B1B85654#google_vignette 西門子、施耐德電機、Aveva針對工控與OT系統漏洞提出警告 https://www.securityweek.com/ics-patch-tuesday-advisories-published-by-siemens-schneider-electric-aveva-cisa/ CISA Releases Four Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2024/06/06/cisa-releases-four-industrial-control-systems-advisories Johnson Controls Software House iStar Pro Door Controller https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04 Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-03 Emerson Ovation https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-02 Emerson PACSystem and Fanuc https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-01 ICS ADVISORY | ICSA-24-156-01 https://www.cisa.gov/news-events/alerts/2024/06/04/cisa-releases-four-industrial-control-systems-advisories Uniview NVR301-04S2-P4 https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01 Snowflake Recommends Customers Take Steps to Prevent Unauthorized Access https://www.cisa.gov/news-events/alerts/2024/06/03/snowflake-recommends-customers-take-steps-prevent-unauthorized-access CISA Adds One Known Exploited Vulnerability to Catalog https://www.cisa.gov/news-events/alerts/2024/06/03/cisa-adds-one-known-exploited-vulnerability-catalog Arm針對顯示晶片Mali GPU核心驅動程式漏洞提出警告，指出已被用於攻擊行動 https://www.bleepingcomputer.com/news/security/arm-warns-of-actively-exploited-flaw-in-mali-gpu-kernel-drivers/ Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers https://thehackernews.com/2024/06/arm-warns-of-actively-exploited-zero.html I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 6.近期資安活動及研討會 Just a chat - with no Expectations 2024/6/15 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/301253254/ WordPress Taoyuan 午茶小聚 Linner Meetup #37 2024/6/15 https://www.meetup.com/taoyuan-wordpress-meetup/events/301012751/ AIoT智慧物聯網邊緣運算與資安實戰 2024/6/16 https://www.accupass.com/event/2404120334053507827320 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/6/18 https://www.meetup.com/taiwan-code-camp/events/301314042/ Improving Your API Security Posture With GraphQL Protection And API Policy 2024/6/18 https://www.meetup.com/api-security-group-in-taipei/events/301214669/? 高雄 Rails Meetup 2024/6/19 https://www.meetup.com/rails-taiwan/events/301337672/ SyntaxError 2024/6/19 https://www.meetup.com/pythonhug/events/301337487/ Taipei dbt Meetup #24 for all folks working with data! (Hybrid 👫 + 🧑‍💻)2024/6/19 https://www.meetup.com/taipei-dbt-meetup/events/300586249/ 國家高速網路與計算中心 教育訓練 NVIDIA 大語言應用 2024/6/19 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4093&from_course_list_url=homepage HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/6/20 https://www.meetup.com/hackingthursday/events/301359329/ Just a chat - with no Expectations 2024/6/22 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcjbdc/ AI 無法無天？沒法度可管？真人現身說法 2024/6/23 https://www.accupass.com/event/2405140314463639696970 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/6/25 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcjbhc/ 高雄 Rails Meetup 2024/6/26 https://www.meetup.com/rails-taiwan/events/qxfvjkygcjbjc/ SyntaxError 2024/6/26 https://www.meetup.com/pythonhug/events/pqnsctygcjbjc/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/6/26 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702428/ 數據掌權時代 解鎖資料解決方案的完整攻略 2024/6/26 https://www.accupass.com/event/2405251051471673260983 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/6/27 https://www.meetup.com/hackingthursday/events/psspctygcjbkc/ AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 https://www.accupass.com/event/2401100729511706489107 市場趨勢--不怕被AI取代，企業資安關鍵人才剖析 2024/6/27 https://www.accupass.com/event/2405230228276957814350 AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 ~ 2024/8/9 https://www.accupass.com/event/2401100729511706489107 永續轉型：綠色供應鏈x資訊安全x多元共融 2024/6/28 https://smeoda.kktix.cc/events/2024-1 Just a chat - with no Expectations 2024/6/29 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcjbmc/ 高雄 Rails Meetup 2024/7/3 https://www.meetup.com/rails-taiwan/events/qxfvjkygckbfb/ SyntaxError 2024/7/3 https://www.meetup.com/pythonhug/events/pqnsctygckbfb/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/7/4 https://www.meetup.com/hackingthursday/events/psspctygckbgb/ 國家高速網路與計算中心 教育訓練 RSC The Merck Index資料庫中文線上 2024/7/4 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4105&from_course_list_url=homepage ISO 27001：2022資訊安全管理系統主導稽核員訓練 2024/7/8 ~ 2024/7/12 https://www.accupass.com/event/2403090707238144555890 國家高速網路與計算中心 教育訓練 ABAQUS基礎訓練課程 2024/7/9 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4099&from_course_list_url=homepage InfoSec Taiwan 2024 國際資安組織大會 2024/7/9 ~ 2024/7/11 https://csa.kktix.cc/events/infosectaiwan2024 .NET / Java 安全程式開發達人集訓班 2024/7/11 ~ 2024/7/12 https://www.accupass.com/event/2405280149081202805431 CraftCon Taiwan 奧義 AI 資安年會 2024/7/12 https://www.accupass.com/event/2404221057531664149101 【第1期】2024企業資訊安全基礎課程 2024/7/17 https://www.accupass.com/event/2402020448251773447860 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/7/24 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702433/ 國家高速網路與計算中心 教育訓練 NVIDIA GPU 計算 2024/7/24 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4094&from_course_list_url=homepage HITCON Cyber Range 2024 企業藍隊競賽 2024/7/26 ~ 2024/10/30 https://hitcon.kktix.cc/events/hitcon-cyberrange-2024 【安碁學苑】資安職能培訓｜系統網路安全管理師 2024/7/27 ~ 2024/8/24 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-4 FinTech Summer CAMP 2024/8/5 ~ 2024/8/9 https://isipevent.kktix.cc/events/f2ce8bcc-copy-6 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/8/28 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702435/