資安事件新聞週報 2023/1/16 ~ 2023/1/20

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2023/1/16 ~ 2023/1/20 1.重大弱點漏洞/後門/Exploit/Zero Day SEV400271510 - Oracle Critical Patch Update for January 2023 https://www.oracle.com/security-alerts/cpujan2023.html Oracle發布2023年第一季例行修補 https://www.oracle.com/security-alerts/cpujan2023.html?source=:em:gbc:ie:cpo:::RC_WWMK210714P00017:SEV400271504&elq_mid=236902&sh=15222217222121092202163608262403&cmid=WWMK210714P00017C0001 網路監控系統Cacti漏洞遭到鎖定，駭客用來植入惡意軟體 https://www.bleepingcomputer.com/news/security/hackers-exploit-cacti-critical-bug-to-install-malware-open-reverse-shells/ Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability https://thehackernews.com/2023/01/cacti-servers-under-attack-as-majority.html Cisco 近日發布更新以緩解多款路由器的安全性弱點 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5 Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business Routers https://thehackernews.com/2023/01/cisco-issues-warning-for-unpatched.html Fortinet說明VPN漏洞被濫用攻擊政府單位 https://www.ithome.com.tw/news/155174 FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations https://thehackernews.com/2023/01/fortios-flaw-exploited-as-zero-day-in.html 研究人員發布Zoho重大漏洞的概念性攻擊程式 https://www.bleepingcomputer.com/news/security/researchers-to-release-poc-exploit-for-critical-zoho-rce-bug-patch-now/ Zoho ManageEngine PoC Exploit to be Released Soon - Patch Before It's Too Late! https://thehackernews.com/2023/01/zoho-manageengine-poc-exploit-to-be.html Git修補重大RCE漏洞 https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/ Git Users Urged to Update Software to Prevent Remote Code Execution Attacks https://thehackernews.com/2023/01/git-users-urged-to-update-software-to.html Exchange Server 2013支援期還剩不到90天 https://www.ithome.com.tw/news/155144 Microsoft Azure Services Flaws Could've Exposed Cloud Resources to Unauthorized Access https://thehackernews.com/2023/01/microsoft-azure-services-flaws-couldve.html Microsoft 推出 2023 年 1 月資安更新包 Patch Tuesday，共修復 98 個漏洞，其中有 1 個 0-day 漏洞 https://www.twcert.org.tw/tw/cp-104-6873-65ce6-1.html 研究人員公布Azure服務出現的4個伺服器端請求偽造漏洞細節 https://www.securitynewspaper.com/2023/01/17/four-server-side-request-forgery-ssrf-vulnerabilities-impacting-different-azure-services/ New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks https://thehackernews.com/2023/01/new-microsoft-azure-vulnerability.html 聯想、微軟和三星設備注意！高通公告22個Snapdragon 相關安全漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10288 CentOS主機網頁管理介面元件CWP已於10月修補的漏洞，已出現攻擊行動 https://www.bleepingcomputer.com/news/security/hackers-exploit-control-web-panel-flaw-to-open-reverse-shells/ CentOS主機網頁管理介面元件CWP漏洞已被用於攻擊行動 https://www.bleepingcomputer.com/news/security/hackers-exploit-control-web-panel-flaw-to-open-reverse-shells/ 客戶關係管理平臺SugarCRM重大漏洞已被用於攻擊行動 https://arstechnica.com/information-technology/2023/01/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit/ 微星疑似在韌體更新的過程中調整UEFI安全開機設定而曝險，影響近300款主機板 https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/ Chrome瀏覽器漏洞SymStealer恐導致機敏資料曝險 https://www.imperva.com/blog/google-chrome-symstealer-vulnerability/ WordPress網站的會員管理、數位檔案銷售、市調問卷外掛程式存在重大漏洞 https://www.tenable.com/security/research/tra-2023-2 中國駭客最常利用之20個漏洞資訊與修補方式 https://dnsh.ylc.edu.tw/News_Content.aspx?n=85660&s=167914 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安春節連假金管會要保險業強化資安防止駭客入侵 https://reurl.cc/NGvr0e 春節連假金管會緊盯保險業防駭、服務不中斷 https://ctee.com.tw/livenews/aj/ctee/a95645002023011814520066 玉山以敏捷、智能、安全三大支柱，架構未來10年科技應用藍圖 https://www.bnext.com.tw/article/73629/esunbank_tech 轉帳不見了？美國銀行與Zelle用戶大吐苦水 https://www.worldjournal.com/wj/story/121469/6923687 駭客行為將增加線上承保之風險 https://nb.aotter.net/post/63c791fbc713f330b57da414 總統要求強化金融韌性金管會「金融資安行動方案」加嚴 https://udn.com/news/story/7239/6868985 金管會落實防範金融詐騙確保金融服務穩定順暢 https://reurl.cc/RO50Dr 金管會除夕扮神秘客抽查全台9 縣市ATM　「全數合格」 https://finance.ettoday.net/news/2427296 公股銀年後搶徵才！2023年將釋出3500職缺 https://reurl.cc/zr3eX7 2023年民法成年年齡下修，18歲成人申請哪些信用卡比較容易 https://www.storm.mg/article/4700059 印度向IMF提供融資擔保助斯里蘭卡度難關 https://reurl.cc/EXxnLa 3.電子支付/行動支付/pay/資安醫療繳費啟動行動支付醫指付結盟新增 iPASS MONEY https://times.hinet.net/news/24363490 新春發紅包時髦又簡便手機門號就是銀行帳號 https://reurl.cc/mZ8LNA 不只健保資料庫專家：電子支付恐是下個未爆彈 https://www.epochtimes.com/b5/23/1/18/n13910102.htm Votee：港超過四成Z世代會通過電子支付平台派發紅包 https://hk.epochtimes.com/news/2023-01-20/73331255 全台首家電子支付買基金！鼓勵小資族穩健投資 https://reurl.cc/6LoaYV 香港本地電子支付系統公司Yedpay進軍東盟 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000654901_M97L5T3KLQ2LM52IL02K2 你的6千元，在電支業者眼中不只是6千元？解析消費券背後的商戰邏輯 https://www.bnext.com.tw/article/73722/6000-wen-bn 好方便！街口支付日本也能用，最高享11%回饋！ https://www.cardu.com.tw/mpay/detail.php?40468 跨境Trip攻略｜一App在手玩盡中港澳　搭車消費全電子支付極方便 https://www.hk01.com/article/855816?utm_source=01articlecopy&utm_medium=referral 打造全新金融生態圈：什麼是支付即服務（PaaS） https://www.thenewslens.com/article/177565 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Web3青年儲備幹部實習計畫！14周菁英體驗，區塊鏈愛好者協會歡迎大學新血 https://www.blocktempo.com/web3-youth-management-associate-internship-program/ 加密貨幣平台FTX破產！創辦人偷追蹤這個帳號　網笑：進軍AV市場賺錢 https://www.setn.com/News.aspx?NewsID=1242323 10萬個金鑰外洩. 虛擬貨幣又出事立委要求建制度 https://enn.tw/?p=358550 火必：幾個因異常行為被凍結的帳戶存在老鼠交易 https://news.cnyes.com/news/id/5068695 傳聞是真的 FTX證實破產後駭客偷走126億資產 https://reurl.cc/mZ8LzM 幣安從北韓駭客手中搶回 250 萬美元贓款 https://technews.tw/2023/01/19/binance-vs-lazarus/ 大型加密貨幣交易所封鎖 Lazarus 駭客組織帳戶 https://unwire.pro/2023/01/19/lazarus/blockchain/crytocurrency/ PeckShield：某駭客通過網路釣魚盜取價值110萬美元的加密貨幣 https://news.cnyes.com/news/id/5067107 香港加密貨幣公司替駭客洗錢7億俄籍創辦人在邁阿密落網 https://www.worldjournal.com/wj/story/121618/6922130 NFT交易大幅萎縮，是跌落神壇？還是正在轉變 https://www.thenewslens.com/article/179933 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Trojan Puzzle 攻擊 AI 程式碼編寫輔助系統，訓練產生惡意程式碼 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10294 Avast宣布已打造出「變臉」勒索軟體解密工具 https://www.ithome.com.tw/news/155191 惡意軟體Batloader利用混淆的JavaScript指令碼發動攻擊 https://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html 木馬程式StrRAT與Ratty濫用多屬性檔案發動攻擊 https://www.deepinstinct.com/blog/malicious-jars-and-polyglot-files-who-do-you-think-you-jar 船隻管理系統ShipManager遭勒索軟體攻擊，恐波及上千艘船運作 https://www.bankinfosecurity.com/ransomware-attack-affects-1000-vessels-worldwide-a-20939 竊密程式Rhadamanthys透過Google廣告散布 https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/ 惡意PyPI套件攻擊行動Lolipop散布竊密軟體 https://www.fortinet.com/blog/threat-research/supply-chain-attack-using-identical-pypi-packages-colorslib-httpslib-libhttps 德國大學遭到勒索軟體Vice Society洩露資料 https://www.bleepingcomputer.com/news/security/vice-society-ransomware-leaks-university-of-duisburg-essen-s-data/ 白牌安卓電視盒被植入惡意程式CopyCat https://www.bleepingcomputer.com/news/security/android-tv-box-on-amazon-came-pre-installed-with-malware/ 駭侵者利用 Google 搜尋關鍵字廣告「推廣」內含惡意軟體的下載網站 https://www.twcert.org.tw/tw/cp-104-6883-ce1fb-1.html Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security Incident https://thehackernews.com/2023/01/malware-attack-on-circleci-engineers.html Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar https://thehackernews.com/2023/01/cybercriminals-using-polyglot-files-in.html Raccoon and Vidar Stealers Spreading via Massive Network of Fake Cracked Software https://thehackernews.com/2023/01/raccoon-and-vidar-stealers-spreading.html 資安專家：GitHub Codespaces可輕鬆傳播惡意軟體 https://www.technice.com.tw/outbound/news/34628/ Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware https://thehackernews.com/2023/01/hackers-can-abuse-legitimate-github.html Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems https://thehackernews.com/2023/01/researchers-uncover-3-pypi-packages.html 伊朗間諜軟體EyeSpy假借VPN軟體散布 https://www.bitdefender.com/blog/labs/eyespy-iranian-spyware-delivered-in-vpn-installers/ Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks https://thehackernews.com/2023/01/iranian-government-entities-under.html QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature https://blog.eclecticiq.com/qakbot-malware-used-unpatched-vulnerability-to-bypass-windows-os-security-feature https://www.eclecticiq.com/hubfs/_blogs/corporate-blog/2023/command-control-qakbot.txt Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware https://isc.sans.edu/diary/rss/29448 Malware Disguised as a Manuscript Solicitation Letter (Targeting Security-Related Workers) https://asec.ahnlab.com/en/45658/ Kasablanka Group Probably Conducted Campaigns Targeting Russia https://ti.qianxin.com/blog/articles/Kasablanka-Group-Probably-Conducted-Compaigns-Targeting-Russia/ Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks https://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html Chinese Playful Taurus Activity in Iran https://unit42.paloaltonetworks.com/playful-taurus/ Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures https://reurl.cc/6LoaVV https://www.trendmicro.com/en_us/research/23/a/earth-bogle-campaigns-target-middle-east-with-geopolitical-lures.html DNS changer in malicious mobile app used by Roaming Mantis https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464/ Gigabud RAT: New Android RAT Masquerading as Government Agencies https://blog.cyble.com/2023/01/19/gigabud-rat-new-android-rat-masquerading-as-government-agencies/ Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner https://raw.githubusercontent.com/CronUp/Malware-IOCs/main/2023-01-17_Arechclient2_GoogleAds https://www.bleepingcomputer.com/news/security/hackers-push-malware-via-google-search-ads-for-vlc-7-zip-ccleaner/ Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa https://thehackernews.com/2023/01/earth-bogle-campaign-unleashes-njrat.html Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks https://thehackernews.com/2023/01/iranian-government-entities-under.html Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware https://thehackernews.com/2023/01/new-chinese-malware-spotted-exploiting.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 TikTok Fined $5.4 Million by French Regulator for Violating Cookie Laws https://thehackernews.com/2023/01/tiktok-fined-54-million-by-french.html A Secure User Authentication Method – Planning is More Important than Ever https://thehackernews.com/2023/01/a-secure-user-authentication-method.html New Backdoor Created Using Leaked CIA's Hive Malware Discovered in the Wild https://thehackernews.com/2023/01/new-backdoor-created-using-leaked-cias.html WhatsApp Hit with €5.5 Million Fine for Violating Data Protection Laws https://thehackernews.com/2023/01/whatsapp-hit-with-55-million-fine-for.html Android Users Beware: New Hook Malware with RAT Capabilities Emerges https://thehackernews.com/2023/01/android-users-beware-new-hook-malware.html 10 Fantastic iPhone Apps — Jan 2023 https://medium.com/macoclock/10-fantastic-iphone-apps-jan-2023-4fae68cb0bc0 借「變臉」App盜用身分行騙　專家提6大資安建議 https://reurl.cc/EXxnZn APP廣告也能蓋台？全球1100萬台設備受害　駭客鑽漏洞每日投放120億則廣告獲利 https://www.ctwant.com/article/234407 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 15個假白帽駭客「懶得Coding」用ChatGPT寫漏洞報告，遭Immunefi永久封殺 https://www.blocktempo.com/immunefi-banned-15-chatgpt-generated-bug-reports/ 針對遭駭事故，CircleCI公布調查結果 https://www.bleepingcomputer.com/news/security/circlecis-hack-caused-by-malware-stealing-engineers-2fa-backed-session/ NortonLifeLock防毒軟體的密碼管理器元件遭駭客鎖定，進行帳號填充攻擊 https://www.bleepingcomputer.com/news/security/nortonlifelock-warns-that-hackers-breached-password-manager-accounts/ Norton Password Manager被駭客入侵超過92萬個帳號成為目標 https://reurl.cc/Wq63yL 美國國防部啟動五角大廈漏洞懸賞計畫3.0，聚焦設施管理系統 https://www.securityweek.com/hack-pentagon-30-bug-bounty-program-focus-facility-control-systems 抗俄威脅北歐將制定共同網安戰略 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1560844&type=international 烏克蘭稱去年遭2000多次網路駭客攻擊　官員：都是俄羅斯所為 https://www.setn.com/News.aspx?NewsID=1241372 過去5年任港澳工作組組長，韓正料將出任中國國家副主席 https://www.thenewslens.com/article/179991 中國AI計畫未受法治規範 FBI局長深刻關切 https://www.rti.org.tw/news/view/id/2156891 中共AI計畫未受約束美表憂心 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1561337 歐盟反壟斷監管機構加強對微軟的審查 https://blog.twnic.tw/2023/01/18/25413/ Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware https://thehackernews.com/2023/01/beware-tainted-vpns-being-used-to.html Bitzlato Crypto Exchange Founder Arrested for Aiding Cybercriminals https://thehackernews.com/2023/01/bitzlato-crypto-exchange-founder.html 【AI研發團隊】雲端資安工程師(台中) https://www.104.com.tw/job/7vjnm?jobsource=googlejobs Security Engineering Intern, Cymetrics https://www.yourator.co/companies/OneDegree/jobs/28118 資安經理(ID: 570588 ) https://www.104.com.tw/job/7vji1?jobsource=googlejobs 資安管理工程師 https://www.104.com.tw/job/7vj53?jobsource=googlejobs 資安工程師(產品合規性評估)_台達研究院(台北) https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E5%B7%A5%E7%A8%8B%E5%B8%AB-%E7%94%A2%E5%93%81%E5%90%88%E8%A6%8F%E6%80%A7%E8%A9%95%E4%BC%B0-%E5%8F%B0%E9%81%94%E7%A0%94%E7%A9%B6%E9%99%A2-%E5%8F%B0%E5%8C%97-at-delta-electronics-3437825895/?originalSubdomain=tw 資安工程師(產品合規性評估)_台達研究院(台北) https://www.104.com.tw/job/7vjxp?jobsource=googlejobs 資安行政人員(資訊營運部) https://tw.indeed.com/viewjob?jk=a7681bb2c7ff7463 資安威脅與獵捕(副)分析員 https://www.104.com.tw/job/7vkcq?jobsource=googlejobs FM23002-資安工程師 Information Security Engineer https://www.104.com.tw/job/7vkmn?jobsource=googlejobs 專案管理師助理(工讀/實習) https://www.104.com.tw/job/7rduq?jobsource=googlejobs 【研發替代役】資安分析師/資安工程師 https://www.104.com.tw/job/7vl21?jobsource=googlejobs D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全華航遭駭客攻擊，賴清德、張忠謀、林志玲等會員個資外洩 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10297 60位臺灣名人華航會員資料疑流入駭客論壇，華航表示與資料庫不盡相符 https://www.ithome.com.tw/news/155167 國內媒體資料疑外洩　駭客稱掌握825筆個資 https://www.youtube.com/watch?v=Le_UafwrJHU 華航個資外洩案估2種可能！傳接董座　王國材這樣說 https://rwnews.tw/article.php?news=6778 華航傳遭駭個資外流　王國材曝2種可能：調查中 https://news.housefun.com.tw/news/article/142685363181.html Mailchimp Suffers Another Security Breach Compromising Some Customers' Information https://thehackernews.com/2023/01/mailchimp-suffers-another-security.html 印度人力銀行Rocket資料庫配置不當，曝露近千萬求職者與員工的資料 https://cybernews.com/security/hr-platform-data-leak/ 日產汽車北美分公司資料外洩，起因是外部供應商資料庫配置不當 http://www.documentcloud.org/documents/23573442-a_nmac_ah877_v02-002?responsive=1&title=1 俄羅斯人遭到鎖定，駭客假借提供動員名單進行網釣攻擊 https://therecord.media/hackers-use-fear-of-mobilization-to-target-russians-with-phishing-attacks/ 丹麥手機用戶遭到釣魚簡訊鎖定，駭客聲稱訂閱服務到期行騙 https://heimdalsecurity.com/blog/danish-danskespil-dk-smishing/ 雲端資安業者Datadog金鑰因CircleCI遭駭而曝光 http://docs.datadoghq.com/agent/faq/circleci-incident-impact-on-datadog-agent/ 加拿大酒品零售商LCBO網站遭駭，駭客側錄信用卡資料 https://www.bleepingcomputer.com/news/security/canadas-largest-alcohol-retailers-site-hacked-to-steal-credit-cards/ 駭客論壇疑出現臺灣軍情機構資料，10 GB要價15萬美元 https://www.setn.com/News.aspx?NewsID=1240362 https://news.ltn.com.tw/news/politics/breakingnews/4186250 10G要價15萬美元網站驚見駭客兜售我「機密情資」 https://reurl.cc/qZ7gaN 針對法律和零售業的「回撥網釣」活動 https://blog.twnic.tw/2023/01/19/25417/ 2022 年透過 Telegram 機器人進行釣魚攻擊案例，大增 800% https://www.twcert.org.tw/tw/cp-104-6877-b1d34-1.html 網傳連結「7-11分店開業促銷禮品！」 https://tfc-taiwan.org.tw/articles/8718 最高行即時通知裁判結果　檢警憂詐騙集團搭便車 https://www.ctwant.com/article/234189 經濟部下架螺螄粉遭操作杜奕瑾：集體帳號帶風向 https://reurl.cc/58jr3v 陸10億人陷資安危機？駭客稱從上海警數據庫竊個資　售20萬美元 https://www.pttweb.cc/bbs/Gossiping/M.1674124863.A.91B T-Mobile又遭駭！3,700萬客戶個資遭駭客竊取 https://www.ithome.com.tw/news/155230 個資外洩！美「第3大電信」遭駭　估3700萬用戶受害 https://news.tvbs.com.tw/world/2023173 90歲婆婆被騙棺財本輕生　曾遇電騙苦主受訪自白﹕別再說受害人蠢 https://www.hk01.com/article/854873?utm_source=01articlecopy&utm_medium=referral E.研究報告/工具 6 Types of Risk Assessment Methodologies + How to Choose https://thehackernews.com/2023/01/6-types-of-risk-assessment.html New Research Delves into the World of Malicious LNK Files and Hackers Behind Them https://thehackernews.com/2023/01/new-research-delves-into-world-of.html 研究發現大型語言模型促進輿論操縱，假消息將更多更具說服力 https://www.ithome.com.tw/news/155179 研究人員揭露濫用雲端IDE服務GitHub Codespaces，散布惡意軟體的手法 https://www.trendmicro.com/en_us/research/23/a/abusing-github-codespaces-for-malware-delivery.html 資安專家警告：駭客已經盯上 ChatGPT，連不會 coding 的壞傢伙都能用它發動網路攻擊 https://buzzorange.com/techorange/2023/01/18/chatgpt-and-hackers/ 資訊安全導論台科資管系吳宗成 https://hackmd.io/@yukilolz/B1EtmKris 82%資安事件都跟人為有關，企業怎麼做「身分安全」？四大步驟一次看 https://www.bnext.com.tw/article/73833/identity-safety-security F.商業認清5大網安迷思，有效採取零信任 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10293 思科創新IT賦能台灣企業加速轉型，打造資安韌性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10296 來毅數位科技完成政府零信任網路身分鑑別功能驗證 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10287 Akamai：從2022年技術趨勢中，洞見2023年安全應對策略 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10290 4 Places to Supercharge Your SOC with Automation https://thehackernews.com/2023/01/4-places-to-supercharge-your-soc-with.html Guide: How MSSPs and vCISOs can extend their services into compliance readiness without increasing cost https://thehackernews.com/2023/01/guide-how-mssps-and-vcisos-can-extend.html SailPoint買下身分驗證生命週期及風險管理業者SecZetta https://www.sailpoint.com/press-releases/sailpoint-acquires-seczetta/ 資安漏洞9成以上專注軟體　SGS：智慧醫療資安硬體改善更迫切 https://www.digitimes.com.tw/iot/article.asp?id=0000655238_RXT3FD2M2HY9HT9BDRAEU 2023年及未來六大安全趨勢 https://www.eettaiwan.com/20230117nt21-6-trends-of-2023-and-future/ 金融雲趨勢論壇》企業永續之路，政策與科技轉型如何配套帶動轉型新浪潮 https://news.microsoft.com/zh-tw/microsoft-fsi-2/ 手機交易資安新紀元　創宇通訊首創導入全球第一的資料抹除軟體Blancco https://n.yam.com/Article/20230117909528 臺灣組織遭網攻次數年增1成 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1560512&type=universal 兩道資安關鍵防線遠離遠距辦公資安風險 https://techops.digiwin.com/activity_20230223/ 你的裝置上網安全嗎？NordVPN 洞悉六大常見數位風險保障使用者個資安全 https://techsaydigi.com/2023/01/69091.html 臺灣資安新創蓬勃發展吸引國際企業投資 https://ieknet.iek.org.tw/iekrpt/rpt_more.aspx?actiontype=rpt&indu_idno=6&domain=100&rpt_idno=933375505 Zoom宣布在台成立雲端資料中心通過台灣行動資安規範 https://wantrich.chinatimes.com/news/20230119900487-420501 紅隊演練專家模擬駭客攻擊找出企業資安風險 https://reurl.cc/lZmRp9 駭客精神有點龜毛？資安專家：挑戰自己找不同解法 https://reurl.cc/zr3eo6 G.政府政府內控機制失靈！　台灣恐陷「資安危機」 https://www.youtube.com/watch?v=AeLjXFCuj3o 政府內控機制失靈！台灣恐陷「資安危機」 https://reurl.cc/6Loayk 資安院30日揭牌強化資安防護作為 https://www.rti.org.tw/news/view/id/2156655 資安院30日揭牌四年績效指標出爐 https://wantrich.chinatimes.com/news/20230118900053-420301 健保署前主秘涉盜賣國安個資李伯璋：查無下載紀錄但不排除有「高手」 https://udn.com/news/story/7321/6916434 涉盜賣國安個資！葉逢明未依規定報備赴中　政風癱瘓 https://www.setn.com/News.aspx?NewsID=1241002 健保資料外洩李忠憲：若是數位身分證恐加速被統一 https://reurl.cc/EXxnnA 健保署3大面向強化資安 https://news.ltn.com.tw/news/politics/paper/1563236 資安漏洞頻傳立委要求數位部檢討政府資安體質 https://udn.com/news/story/6656/6919248 資安頻出包自己人也動怒綠委批數發部像外包單位 https://reurl.cc/QWr9ep 資安漏洞頻傳綠委要求數位部「不能只是技術外包單位」 https://reurl.cc/106YeX 綠委砲轟資安漏洞沒人管「數位部不是技術外包單位」 https://udn.com/news/story/6656/6919547 健保署高官涉盜賣個資赴陸　綠委齊怒：政府內控失靈 https://www.ettoday.net/news/20230118/2425427.htm 健保署前主秘涉竊個資13年立委批政府資安不堪一擊 https://news.pts.org.tw/article/619402 重大資安漏洞沒人管？綠委：成立數發部和資安署目的是什麼 https://reurl.cc/pZlg5a 個資頻外洩綠委促數發部聯手檢調檢討政府資安體質 https://reurl.cc/06AjZl 網頁遭置換緊急應變措施 https://www.cc.ntu.edu.tw/chinese/spotlight/2023/a111037.asp 做好保密與資安工作　守護縣民個資 https://w3.matsu-news.gov.tw/news/article/207006 健保署前主秘涉洩個資綠委籲數位部提強化國家資安戰略計畫 https://www.rti.org.tw/news/view/id/2156715 盤點公部門8起個資外洩案綠委齊轟：數發部不能消極坐視 https://news.ltn.com.tw/news/politics/breakingnews/4188767 個資頻外洩立委要求數發部檢視資安 https://reurl.cc/Z1KG9l 健保署前主秘涉盜賣健保個資　蘇貞昌：相關官員若違法亂紀應依法嚴辦 https://www.setn.com/News.aspx?NewsID=1241370 健保署前主秘竊高層、情治人員個資　蘇貞昌：有違法就嚴辦 https://www.ettoday.net/news/20230118/2425844.htm 涉洩漏情治人員個資案前健保署主秘10萬元交保 https://www.rti.org.tw/news/view/id/2156777 112年度「衛生福利部所屬醫療機構導入主動式資安防護擴展計畫」補(捐)助科技發展計畫徵求說明書及契約書 https://www.mohw.gov.tw/cp-18-73314-1.html 從健保署到華航資安事件蔡政府拉前朝下水能解決問題 https://vip.udn.com/vip/story/122366/6919850 國慶煙火「無人機國家隊」遭爆用中國零件　NCC認未經申請開罰60萬 https://www.upmedia.mg/news_info.php?Type=24&SerialNo=164338 健保署強化資安防護！祭出4項策略：職員權限最小化原則 https://www.nownews.com/news/6033153 健保科長6天調13萬筆個資！健保署曝原因　「業務最小化」重置調閱權限 https://www.ettoday.net/news/20230119/2426300.htm?redirect=1 資安漏洞頻傳無人管？立委批國安保密失敗、情報失靈 https://udn.com/news/story/6656/6919384 健保署稱無證據顯示個資外洩涉案者為公務調檔未攜出 https://news.pts.org.tw/article/619600 健保署人員疑盜賣個資至中國？內部調查：無攜出紀錄、外洩疑慮 https://www.taiwannews.com.tw/ch/news/4785898 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安駭客組織GhostSec聲稱對於工控系統進行勒索軟體攻擊，理由是抗議俄羅斯發動戰爭 https://www.securityweek.com/cybersecurity-experts-cast-doubt-hackers-ics-ransomware-claims 美國針對Sewio、InHand Networks、西門子等廠牌的工控系統重大漏洞提出警告 https://thehackernews.com/2023/01/cisa-warns-for-flaws-affecting.html CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers https://thehackernews.com/2023/01/cisa-warns-for-flaws-affecting.html CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems https://thehackernews.com/2023/01/cisa-warns-of-flaws-in-siemens-ge.html Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers https://thehackernews.com/2023/01/critical-security-vulnerabilities.html TP-Link、Netcomm路由器存在重大漏洞，恐被用於RCE攻擊 https://thehackernews.com/2023/01/critical-security-vulnerabilities.html 超過 4000 台未更新的 Sophos 防火牆裝置，仍含有遠端執行任意程式碼漏洞 CVE-2022-3236 https://www.twcert.org.tw/tw/cp-104-6881-dff76-1.html 數千臺Sophos防火牆曝險，原因是系統版本過舊而無法升級、修補漏洞 https://vulncheck.com/blog/sophos-cve-2022-3236 Arm打造多項獨門武器扮演汽車產業大轉型最佳夥伴 https://www.eettaiwan.com/20230118nt41-arm-ee-awards-asia/ 汽車越先進偷車越容易　VicOne為汽車加裝資安防護罩 https://www.mirrormedia.mg/story/20230104ind004/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 6.近期資安活動及研討會 tinyML Talks by Manuele Rusci from KU Leuven 2023/1/27 https://www.meetup.com/tinyml-enabling-low-power-ml-at-the-edge-taipei-taiwan/events/290860749/ Airflow Taiwan User Meetup 2023/2/2 https://www.meetup.com/taipei-py/events/290566341/ 金融資安研習營 2023/2/9 ~ 2023/2/10 https://fisw.ccisa.org.tw/ Hugging Face : Image Classification 2023/2/21 https://www.meetup.com/tensorflow-user-group-taipei/events/290714239/ 淺談總經數據與金融市場應用 2023/2/27 https://www.meetup.com/rladies-taipei/events/290280800/ DEVCORE Conference 2023 2023/3/10 ~ 2023/3/11 https://devcore.kktix.cc/events/devcoreconf2023 iPAS中級資訊安全人員訓練班 2023/5/4 ~ 2023/6/1 https://edu.tcfst.org.tw/web/tw/class/show.asp?courseidori=12C013